From 42d740eb7e18cf93adbefe930700e4a86851b111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=A0pa=C4=8Dek?= Date: Tue, 5 Nov 2024 04:23:11 +0100 Subject: [PATCH] Update OpenPGP.js to 6.0.0 https://github.com/openpgpjs/openpgpjs/releases/tag/v6.0.0 --- app/node_modules/.package-lock.json | 50 +- app/node_modules/asn1.js/.eslintrc.js | 27 - app/node_modules/asn1.js/LICENSE | 21 - app/node_modules/asn1.js/README.md | 100 - app/node_modules/asn1.js/lib/asn1.js | 11 - app/node_modules/asn1.js/lib/asn1/api.js | 57 - .../asn1.js/lib/asn1/base/buffer.js | 153 - .../asn1.js/lib/asn1/base/index.js | 8 - .../asn1.js/lib/asn1/base/node.js | 638 - .../asn1.js/lib/asn1/base/reporter.js | 123 - .../asn1.js/lib/asn1/constants/der.js | 58 - .../asn1.js/lib/asn1/constants/index.js | 21 - .../asn1.js/lib/asn1/decoders/der.js | 335 - .../asn1.js/lib/asn1/decoders/index.js | 6 - .../asn1.js/lib/asn1/decoders/pem.js | 51 - .../asn1.js/lib/asn1/encoders/der.js | 295 - .../asn1.js/lib/asn1/encoders/index.js | 6 - .../asn1.js/lib/asn1/encoders/pem.js | 23 - app/node_modules/asn1.js/package.json | 36 - app/node_modules/bn.js/LICENSE | 19 - app/node_modules/bn.js/README.md | 200 - app/node_modules/bn.js/lib/bn.js | 3446 - app/node_modules/bn.js/package.json | 36 - app/node_modules/inherits/LICENSE | 16 - app/node_modules/inherits/README.md | 42 - app/node_modules/inherits/inherits.js | 9 - app/node_modules/inherits/inherits_browser.js | 27 - app/node_modules/inherits/package.json | 29 - app/node_modules/minimalistic-assert/LICENSE | 13 - app/node_modules/minimalistic-assert/index.js | 11 - .../minimalistic-assert/package.json | 19 - .../minimalistic-assert/readme.md | 4 - app/node_modules/openpgp/README.md | 108 +- .../openpgp/dist/lightweight/argon2id.min.mjs | 3 + .../dist/lightweight/argon2id.min.mjs.map | 1 + .../openpgp/dist/lightweight/argon2id.mjs | 683 + .../dist/lightweight/bn.interface.min.mjs | 3 - .../dist/lightweight/bn.interface.min.mjs.map | 1 - .../openpgp/dist/lightweight/bn.interface.mjs | 340 - .../openpgp/dist/lightweight/bn.min.mjs | 3 - .../openpgp/dist/lightweight/bn.min.mjs.map | 1 - .../openpgp/dist/lightweight/bn.mjs | 3434 - .../openpgp/dist/lightweight/elliptic.min.mjs | 3 - .../dist/lightweight/elliptic.min.mjs.map | 1 - .../openpgp/dist/lightweight/elliptic.mjs | 4313 -- .../dist/lightweight/legacy_ciphers.min.mjs | 3 + .../lightweight/legacy_ciphers.min.mjs.map | 1 + .../dist/lightweight/legacy_ciphers.mjs | 1784 + .../dist/lightweight/noble_curves.min.mjs | 14 + .../dist/lightweight/noble_curves.min.mjs.map | 1 + .../openpgp/dist/lightweight/noble_curves.mjs | 2994 + .../dist/lightweight/noble_hashes.min.mjs | 3 + .../dist/lightweight/noble_hashes.min.mjs.map | 1 + .../openpgp/dist/lightweight/noble_hashes.mjs | 207 + .../openpgp/dist/lightweight/openpgp.min.mjs | 5 +- .../dist/lightweight/openpgp.min.mjs.map | 2 +- .../openpgp/dist/lightweight/openpgp.mjs | 33423 +++----- .../dist/lightweight/ponyfill.es6.min.mjs | 3 - .../dist/lightweight/ponyfill.es6.min.mjs.map | 1 - .../openpgp/dist/lightweight/ponyfill.es6.mjs | 3831 - .../dist/lightweight/seek-bzip.min.mjs | 3 + .../dist/lightweight/seek-bzip.min.mjs.map | 1 + .../openpgp/dist/lightweight/seek-bzip.mjs | 866 + .../openpgp/dist/lightweight/sha3.min.mjs | 4 + .../openpgp/dist/lightweight/sha3.min.mjs.map | 1 + .../openpgp/dist/lightweight/sha3.mjs | 830 + .../lightweight/web-streams-adapter.min.mjs | 17 - .../web-streams-adapter.min.mjs.map | 1 - .../dist/lightweight/web-streams-adapter.mjs | 561 - .../openpgp/dist/node/openpgp.cjs | 28651 +++++++ app/node_modules/openpgp/dist/node/openpgp.js | 44142 ----------- .../openpgp/dist/node/openpgp.min.cjs | 16 + .../openpgp/dist/node/openpgp.min.cjs.map | 1 + .../openpgp/dist/node/openpgp.min.js | 17 - .../openpgp/dist/node/openpgp.min.js.map | 1 - .../openpgp/dist/node/openpgp.min.mjs | 31 +- .../openpgp/dist/node/openpgp.min.mjs.map | 2 +- .../openpgp/dist/node/openpgp.mjs | 63854 ++++++---------- app/node_modules/openpgp/dist/openpgp.js | 63639 ++++++--------- app/node_modules/openpgp/dist/openpgp.min.js | 31 +- .../openpgp/dist/openpgp.min.js.map | 2 +- app/node_modules/openpgp/dist/openpgp.min.mjs | 31 +- .../openpgp/dist/openpgp.min.mjs.map | 2 +- app/node_modules/openpgp/dist/openpgp.mjs | 63628 ++++++--------- .../openpgp/lightweight/package.json | 2 +- app/node_modules/openpgp/openpgp.d.ts | 253 +- app/node_modules/openpgp/package.json | 125 +- app/node_modules/safer-buffer/LICENSE | 21 - .../safer-buffer/Porting-Buffer.md | 268 - app/node_modules/safer-buffer/Readme.md | 156 - app/node_modules/safer-buffer/dangerous.js | 58 - app/node_modules/safer-buffer/package.json | 34 - app/node_modules/safer-buffer/safer.js | 77 - app/node_modules/safer-buffer/tests.js | 406 - app/package-lock.json | 52 +- app/package.json | 2 +- 96 files changed, 120236 insertions(+), 204607 deletions(-) delete mode 100644 app/node_modules/asn1.js/.eslintrc.js delete mode 100644 app/node_modules/asn1.js/LICENSE delete mode 100644 app/node_modules/asn1.js/README.md delete mode 100644 app/node_modules/asn1.js/lib/asn1.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/api.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/base/buffer.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/base/index.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/base/node.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/base/reporter.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/constants/der.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/constants/index.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/decoders/der.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/decoders/index.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/decoders/pem.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/encoders/der.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/encoders/index.js delete mode 100644 app/node_modules/asn1.js/lib/asn1/encoders/pem.js delete mode 100644 app/node_modules/asn1.js/package.json delete mode 100644 app/node_modules/bn.js/LICENSE delete mode 100644 app/node_modules/bn.js/README.md delete mode 100644 app/node_modules/bn.js/lib/bn.js delete mode 100644 app/node_modules/bn.js/package.json delete mode 100644 app/node_modules/inherits/LICENSE delete mode 100644 app/node_modules/inherits/README.md delete mode 100644 app/node_modules/inherits/inherits.js delete mode 100644 app/node_modules/inherits/inherits_browser.js delete mode 100644 app/node_modules/inherits/package.json delete mode 100644 app/node_modules/minimalistic-assert/LICENSE delete mode 100644 app/node_modules/minimalistic-assert/index.js delete mode 100644 app/node_modules/minimalistic-assert/package.json delete mode 100644 app/node_modules/minimalistic-assert/readme.md create mode 100644 app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/argon2id.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs.map delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.interface.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.min.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.min.mjs.map delete mode 100644 app/node_modules/openpgp/dist/lightweight/bn.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/elliptic.min.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/elliptic.min.mjs.map delete mode 100644 app/node_modules/openpgp/dist/lightweight/elliptic.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/legacy_ciphers.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/legacy_ciphers.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/legacy_ciphers.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_curves.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/noble_hashes.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs.map delete mode 100644 app/node_modules/openpgp/dist/lightweight/ponyfill.es6.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/seek-bzip.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/sha3.min.mjs create mode 100644 app/node_modules/openpgp/dist/lightweight/sha3.min.mjs.map create mode 100644 app/node_modules/openpgp/dist/lightweight/sha3.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs delete mode 100644 app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs.map delete mode 100644 app/node_modules/openpgp/dist/lightweight/web-streams-adapter.mjs create mode 100644 app/node_modules/openpgp/dist/node/openpgp.cjs delete mode 100644 app/node_modules/openpgp/dist/node/openpgp.js create mode 100644 app/node_modules/openpgp/dist/node/openpgp.min.cjs create mode 100644 app/node_modules/openpgp/dist/node/openpgp.min.cjs.map delete mode 100644 app/node_modules/openpgp/dist/node/openpgp.min.js delete mode 100644 app/node_modules/openpgp/dist/node/openpgp.min.js.map delete mode 100644 app/node_modules/safer-buffer/LICENSE delete mode 100644 app/node_modules/safer-buffer/Porting-Buffer.md delete mode 100644 app/node_modules/safer-buffer/Readme.md delete mode 100644 app/node_modules/safer-buffer/dangerous.js delete mode 100644 app/node_modules/safer-buffer/package.json delete mode 100644 app/node_modules/safer-buffer/safer.js delete mode 100644 app/node_modules/safer-buffer/tests.js diff --git a/app/node_modules/.package-lock.json b/app/node_modules/.package-lock.json index fa37d66f7..166724919 100644 --- a/app/node_modules/.package-lock.json +++ b/app/node_modules/.package-lock.json @@ -1,61 +1,23 @@ { - "name": "site", + "name": "app", + "version": "1.0.0", "lockfileVersion": 3, "requires": true, "packages": { - "node_modules/asn1.js": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", - "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", - "license": "MIT", - "dependencies": { - "bn.js": "^4.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" - } - }, - "node_modules/bn.js": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", - "license": "MIT" - }, "node_modules/humbleicons": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/humbleicons/-/humbleicons-1.10.0.tgz", "integrity": "sha512-+9kIQEa5+aJz+0Aw5gm2hShu59ov9gzT1+x0MZGsDdSlsMeabZ91VBav/zogHA6DywvUDUvXRLn0FOeTnfHyeQ==", "license": "MIT" }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "license": "ISC" - }, - "node_modules/minimalistic-assert": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", - "license": "ISC" - }, "node_modules/openpgp": { - "version": "5.11.2", - "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.11.2.tgz", - "integrity": "sha512-f8dJFVLwdkvPvW3VPFs6q9Vs2+HNhdvwls7a/MIFcQUB+XiQzRe7alfa3RtwfGJU7oUDDMAWPZ0nYsHa23Az+A==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-6.0.0.tgz", + "integrity": "sha512-8YMuhOV6bP8+J4bCHltvRwol1sBJhxAcJXvwEKpcK65lKpQ0VUbymQR/EuGrzxYnatNSyMyrMgip4j/F0vhZvg==", "license": "LGPL-3.0+", - "dependencies": { - "asn1.js": "^5.0.0" - }, "engines": { - "node": ">= 8.0.0" + "node": ">= 18.0.0" } - }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "license": "MIT" } } } diff --git a/app/node_modules/asn1.js/.eslintrc.js b/app/node_modules/asn1.js/.eslintrc.js deleted file mode 100644 index 6b5dc4460..000000000 --- a/app/node_modules/asn1.js/.eslintrc.js +++ /dev/null @@ -1,27 +0,0 @@ -module.exports = { - 'env': { - 'browser': false, - 'commonjs': true, - 'es6': true, - 'node': true - }, - 'extends': 'eslint:recommended', - 'rules': { - 'indent': [ - 'error', - 2 - ], - 'linebreak-style': [ - 'error', - 'unix' - ], - 'quotes': [ - 'error', - 'single' - ], - 'semi': [ - 'error', - 'always' - ] - } -}; diff --git a/app/node_modules/asn1.js/LICENSE b/app/node_modules/asn1.js/LICENSE deleted file mode 100644 index caaf4f211..000000000 --- a/app/node_modules/asn1.js/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2017 Fedor Indutny - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/app/node_modules/asn1.js/README.md b/app/node_modules/asn1.js/README.md deleted file mode 100644 index 9f04af7e7..000000000 --- a/app/node_modules/asn1.js/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# ASN1.js - -ASN.1 DER Encoder/Decoder and DSL. - -## Example - -Define model: - -```javascript -var asn = require('asn1.js'); - -var Human = asn.define('Human', function() { - this.seq().obj( - this.key('firstName').octstr(), - this.key('lastName').octstr(), - this.key('age').int(), - this.key('gender').enum({ 0: 'male', 1: 'female' }), - this.key('bio').seqof(Bio) - ); -}); - -var Bio = asn.define('Bio', function() { - this.seq().obj( - this.key('time').gentime(), - this.key('description').octstr() - ); -}); -``` - -Encode data: - -```javascript -var output = Human.encode({ - firstName: 'Thomas', - lastName: 'Anderson', - age: 28, - gender: 'male', - bio: [ - { - time: +new Date('31 March 1999'), - description: 'freedom of mind' - } - ] -}, 'der'); -``` - -Decode data: - -```javascript -var human = Human.decode(output, 'der'); -console.log(human); -/* -{ firstName: , - lastName: , - age: 28, - gender: 'male', - bio: - [ { time: 922820400000, - description: } ] } -*/ -``` - -### Partial decode - -Its possible to parse data without stopping on first error. In order to do it, -you should call: - -```javascript -var human = Human.decode(output, 'der', { partial: true }); -console.log(human); -/* -{ result: { ... }, - errors: [ ... ] } -*/ -``` - -#### LICENSE - -This software is licensed under the MIT License. - -Copyright Fedor Indutny, 2017. - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the -following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/app/node_modules/asn1.js/lib/asn1.js b/app/node_modules/asn1.js/lib/asn1.js deleted file mode 100644 index c7d70b8e3..000000000 --- a/app/node_modules/asn1.js/lib/asn1.js +++ /dev/null @@ -1,11 +0,0 @@ -'use strict'; - -const asn1 = exports; - -asn1.bignum = require('bn.js'); - -asn1.define = require('./asn1/api').define; -asn1.base = require('./asn1/base'); -asn1.constants = require('./asn1/constants'); -asn1.decoders = require('./asn1/decoders'); -asn1.encoders = require('./asn1/encoders'); diff --git a/app/node_modules/asn1.js/lib/asn1/api.js b/app/node_modules/asn1.js/lib/asn1/api.js deleted file mode 100644 index 61e3eb270..000000000 --- a/app/node_modules/asn1.js/lib/asn1/api.js +++ /dev/null @@ -1,57 +0,0 @@ -'use strict'; - -const encoders = require('./encoders'); -const decoders = require('./decoders'); -const inherits = require('inherits'); - -const api = exports; - -api.define = function define(name, body) { - return new Entity(name, body); -}; - -function Entity(name, body) { - this.name = name; - this.body = body; - - this.decoders = {}; - this.encoders = {}; -} - -Entity.prototype._createNamed = function createNamed(Base) { - const name = this.name; - - function Generated(entity) { - this._initNamed(entity, name); - } - inherits(Generated, Base); - Generated.prototype._initNamed = function _initNamed(entity, name) { - Base.call(this, entity, name); - }; - - return new Generated(this); -}; - -Entity.prototype._getDecoder = function _getDecoder(enc) { - enc = enc || 'der'; - // Lazily create decoder - if (!this.decoders.hasOwnProperty(enc)) - this.decoders[enc] = this._createNamed(decoders[enc]); - return this.decoders[enc]; -}; - -Entity.prototype.decode = function decode(data, enc, options) { - return this._getDecoder(enc).decode(data, options); -}; - -Entity.prototype._getEncoder = function _getEncoder(enc) { - enc = enc || 'der'; - // Lazily create encoder - if (!this.encoders.hasOwnProperty(enc)) - this.encoders[enc] = this._createNamed(encoders[enc]); - return this.encoders[enc]; -}; - -Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) { - return this._getEncoder(enc).encode(data, reporter); -}; diff --git a/app/node_modules/asn1.js/lib/asn1/base/buffer.js b/app/node_modules/asn1.js/lib/asn1/base/buffer.js deleted file mode 100644 index bb5bc06e5..000000000 --- a/app/node_modules/asn1.js/lib/asn1/base/buffer.js +++ /dev/null @@ -1,153 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); -const Reporter = require('../base/reporter').Reporter; -const Buffer = require('safer-buffer').Buffer; - -function DecoderBuffer(base, options) { - Reporter.call(this, options); - if (!Buffer.isBuffer(base)) { - this.error('Input not Buffer'); - return; - } - - this.base = base; - this.offset = 0; - this.length = base.length; -} -inherits(DecoderBuffer, Reporter); -exports.DecoderBuffer = DecoderBuffer; - -DecoderBuffer.isDecoderBuffer = function isDecoderBuffer(data) { - if (data instanceof DecoderBuffer) { - return true; - } - - // Or accept compatible API - const isCompatible = typeof data === 'object' && - Buffer.isBuffer(data.base) && - data.constructor.name === 'DecoderBuffer' && - typeof data.offset === 'number' && - typeof data.length === 'number' && - typeof data.save === 'function' && - typeof data.restore === 'function' && - typeof data.isEmpty === 'function' && - typeof data.readUInt8 === 'function' && - typeof data.skip === 'function' && - typeof data.raw === 'function'; - - return isCompatible; -}; - -DecoderBuffer.prototype.save = function save() { - return { offset: this.offset, reporter: Reporter.prototype.save.call(this) }; -}; - -DecoderBuffer.prototype.restore = function restore(save) { - // Return skipped data - const res = new DecoderBuffer(this.base); - res.offset = save.offset; - res.length = this.offset; - - this.offset = save.offset; - Reporter.prototype.restore.call(this, save.reporter); - - return res; -}; - -DecoderBuffer.prototype.isEmpty = function isEmpty() { - return this.offset === this.length; -}; - -DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) { - if (this.offset + 1 <= this.length) - return this.base.readUInt8(this.offset++, true); - else - return this.error(fail || 'DecoderBuffer overrun'); -}; - -DecoderBuffer.prototype.skip = function skip(bytes, fail) { - if (!(this.offset + bytes <= this.length)) - return this.error(fail || 'DecoderBuffer overrun'); - - const res = new DecoderBuffer(this.base); - - // Share reporter state - res._reporterState = this._reporterState; - - res.offset = this.offset; - res.length = this.offset + bytes; - this.offset += bytes; - return res; -}; - -DecoderBuffer.prototype.raw = function raw(save) { - return this.base.slice(save ? save.offset : this.offset, this.length); -}; - -function EncoderBuffer(value, reporter) { - if (Array.isArray(value)) { - this.length = 0; - this.value = value.map(function(item) { - if (!EncoderBuffer.isEncoderBuffer(item)) - item = new EncoderBuffer(item, reporter); - this.length += item.length; - return item; - }, this); - } else if (typeof value === 'number') { - if (!(0 <= value && value <= 0xff)) - return reporter.error('non-byte EncoderBuffer value'); - this.value = value; - this.length = 1; - } else if (typeof value === 'string') { - this.value = value; - this.length = Buffer.byteLength(value); - } else if (Buffer.isBuffer(value)) { - this.value = value; - this.length = value.length; - } else { - return reporter.error('Unsupported type: ' + typeof value); - } -} -exports.EncoderBuffer = EncoderBuffer; - -EncoderBuffer.isEncoderBuffer = function isEncoderBuffer(data) { - if (data instanceof EncoderBuffer) { - return true; - } - - // Or accept compatible API - const isCompatible = typeof data === 'object' && - data.constructor.name === 'EncoderBuffer' && - typeof data.length === 'number' && - typeof data.join === 'function'; - - return isCompatible; -}; - -EncoderBuffer.prototype.join = function join(out, offset) { - if (!out) - out = Buffer.alloc(this.length); - if (!offset) - offset = 0; - - if (this.length === 0) - return out; - - if (Array.isArray(this.value)) { - this.value.forEach(function(item) { - item.join(out, offset); - offset += item.length; - }); - } else { - if (typeof this.value === 'number') - out[offset] = this.value; - else if (typeof this.value === 'string') - out.write(this.value, offset); - else if (Buffer.isBuffer(this.value)) - this.value.copy(out, offset); - offset += this.length; - } - - return out; -}; diff --git a/app/node_modules/asn1.js/lib/asn1/base/index.js b/app/node_modules/asn1.js/lib/asn1/base/index.js deleted file mode 100644 index 8b92f206a..000000000 --- a/app/node_modules/asn1.js/lib/asn1/base/index.js +++ /dev/null @@ -1,8 +0,0 @@ -'use strict'; - -const base = exports; - -base.Reporter = require('./reporter').Reporter; -base.DecoderBuffer = require('./buffer').DecoderBuffer; -base.EncoderBuffer = require('./buffer').EncoderBuffer; -base.Node = require('./node'); diff --git a/app/node_modules/asn1.js/lib/asn1/base/node.js b/app/node_modules/asn1.js/lib/asn1/base/node.js deleted file mode 100644 index d676d2137..000000000 --- a/app/node_modules/asn1.js/lib/asn1/base/node.js +++ /dev/null @@ -1,638 +0,0 @@ -'use strict'; - -const Reporter = require('../base/reporter').Reporter; -const EncoderBuffer = require('../base/buffer').EncoderBuffer; -const DecoderBuffer = require('../base/buffer').DecoderBuffer; -const assert = require('minimalistic-assert'); - -// Supported tags -const tags = [ - 'seq', 'seqof', 'set', 'setof', 'objid', 'bool', - 'gentime', 'utctime', 'null_', 'enum', 'int', 'objDesc', - 'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str', - 'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr' -]; - -// Public methods list -const methods = [ - 'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice', - 'any', 'contains' -].concat(tags); - -// Overrided methods list -const overrided = [ - '_peekTag', '_decodeTag', '_use', - '_decodeStr', '_decodeObjid', '_decodeTime', - '_decodeNull', '_decodeInt', '_decodeBool', '_decodeList', - - '_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime', - '_encodeNull', '_encodeInt', '_encodeBool' -]; - -function Node(enc, parent, name) { - const state = {}; - this._baseState = state; - - state.name = name; - state.enc = enc; - - state.parent = parent || null; - state.children = null; - - // State - state.tag = null; - state.args = null; - state.reverseArgs = null; - state.choice = null; - state.optional = false; - state.any = false; - state.obj = false; - state.use = null; - state.useDecoder = null; - state.key = null; - state['default'] = null; - state.explicit = null; - state.implicit = null; - state.contains = null; - - // Should create new instance on each method - if (!state.parent) { - state.children = []; - this._wrap(); - } -} -module.exports = Node; - -const stateProps = [ - 'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice', - 'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit', - 'implicit', 'contains' -]; - -Node.prototype.clone = function clone() { - const state = this._baseState; - const cstate = {}; - stateProps.forEach(function(prop) { - cstate[prop] = state[prop]; - }); - const res = new this.constructor(cstate.parent); - res._baseState = cstate; - return res; -}; - -Node.prototype._wrap = function wrap() { - const state = this._baseState; - methods.forEach(function(method) { - this[method] = function _wrappedMethod() { - const clone = new this.constructor(this); - state.children.push(clone); - return clone[method].apply(clone, arguments); - }; - }, this); -}; - -Node.prototype._init = function init(body) { - const state = this._baseState; - - assert(state.parent === null); - body.call(this); - - // Filter children - state.children = state.children.filter(function(child) { - return child._baseState.parent === this; - }, this); - assert.equal(state.children.length, 1, 'Root node can have only one child'); -}; - -Node.prototype._useArgs = function useArgs(args) { - const state = this._baseState; - - // Filter children and args - const children = args.filter(function(arg) { - return arg instanceof this.constructor; - }, this); - args = args.filter(function(arg) { - return !(arg instanceof this.constructor); - }, this); - - if (children.length !== 0) { - assert(state.children === null); - state.children = children; - - // Replace parent to maintain backward link - children.forEach(function(child) { - child._baseState.parent = this; - }, this); - } - if (args.length !== 0) { - assert(state.args === null); - state.args = args; - state.reverseArgs = args.map(function(arg) { - if (typeof arg !== 'object' || arg.constructor !== Object) - return arg; - - const res = {}; - Object.keys(arg).forEach(function(key) { - if (key == (key | 0)) - key |= 0; - const value = arg[key]; - res[value] = key; - }); - return res; - }); - } -}; - -// -// Overrided methods -// - -overrided.forEach(function(method) { - Node.prototype[method] = function _overrided() { - const state = this._baseState; - throw new Error(method + ' not implemented for encoding: ' + state.enc); - }; -}); - -// -// Public methods -// - -tags.forEach(function(tag) { - Node.prototype[tag] = function _tagMethod() { - const state = this._baseState; - const args = Array.prototype.slice.call(arguments); - - assert(state.tag === null); - state.tag = tag; - - this._useArgs(args); - - return this; - }; -}); - -Node.prototype.use = function use(item) { - assert(item); - const state = this._baseState; - - assert(state.use === null); - state.use = item; - - return this; -}; - -Node.prototype.optional = function optional() { - const state = this._baseState; - - state.optional = true; - - return this; -}; - -Node.prototype.def = function def(val) { - const state = this._baseState; - - assert(state['default'] === null); - state['default'] = val; - state.optional = true; - - return this; -}; - -Node.prototype.explicit = function explicit(num) { - const state = this._baseState; - - assert(state.explicit === null && state.implicit === null); - state.explicit = num; - - return this; -}; - -Node.prototype.implicit = function implicit(num) { - const state = this._baseState; - - assert(state.explicit === null && state.implicit === null); - state.implicit = num; - - return this; -}; - -Node.prototype.obj = function obj() { - const state = this._baseState; - const args = Array.prototype.slice.call(arguments); - - state.obj = true; - - if (args.length !== 0) - this._useArgs(args); - - return this; -}; - -Node.prototype.key = function key(newKey) { - const state = this._baseState; - - assert(state.key === null); - state.key = newKey; - - return this; -}; - -Node.prototype.any = function any() { - const state = this._baseState; - - state.any = true; - - return this; -}; - -Node.prototype.choice = function choice(obj) { - const state = this._baseState; - - assert(state.choice === null); - state.choice = obj; - this._useArgs(Object.keys(obj).map(function(key) { - return obj[key]; - })); - - return this; -}; - -Node.prototype.contains = function contains(item) { - const state = this._baseState; - - assert(state.use === null); - state.contains = item; - - return this; -}; - -// -// Decoding -// - -Node.prototype._decode = function decode(input, options) { - const state = this._baseState; - - // Decode root node - if (state.parent === null) - return input.wrapResult(state.children[0]._decode(input, options)); - - let result = state['default']; - let present = true; - - let prevKey = null; - if (state.key !== null) - prevKey = input.enterKey(state.key); - - // Check if tag is there - if (state.optional) { - let tag = null; - if (state.explicit !== null) - tag = state.explicit; - else if (state.implicit !== null) - tag = state.implicit; - else if (state.tag !== null) - tag = state.tag; - - if (tag === null && !state.any) { - // Trial and Error - const save = input.save(); - try { - if (state.choice === null) - this._decodeGeneric(state.tag, input, options); - else - this._decodeChoice(input, options); - present = true; - } catch (e) { - present = false; - } - input.restore(save); - } else { - present = this._peekTag(input, tag, state.any); - - if (input.isError(present)) - return present; - } - } - - // Push object on stack - let prevObj; - if (state.obj && present) - prevObj = input.enterObject(); - - if (present) { - // Unwrap explicit values - if (state.explicit !== null) { - const explicit = this._decodeTag(input, state.explicit); - if (input.isError(explicit)) - return explicit; - input = explicit; - } - - const start = input.offset; - - // Unwrap implicit and normal values - if (state.use === null && state.choice === null) { - let save; - if (state.any) - save = input.save(); - const body = this._decodeTag( - input, - state.implicit !== null ? state.implicit : state.tag, - state.any - ); - if (input.isError(body)) - return body; - - if (state.any) - result = input.raw(save); - else - input = body; - } - - if (options && options.track && state.tag !== null) - options.track(input.path(), start, input.length, 'tagged'); - - if (options && options.track && state.tag !== null) - options.track(input.path(), input.offset, input.length, 'content'); - - // Select proper method for tag - if (state.any) { - // no-op - } else if (state.choice === null) { - result = this._decodeGeneric(state.tag, input, options); - } else { - result = this._decodeChoice(input, options); - } - - if (input.isError(result)) - return result; - - // Decode children - if (!state.any && state.choice === null && state.children !== null) { - state.children.forEach(function decodeChildren(child) { - // NOTE: We are ignoring errors here, to let parser continue with other - // parts of encoded data - child._decode(input, options); - }); - } - - // Decode contained/encoded by schema, only in bit or octet strings - if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) { - const data = new DecoderBuffer(result); - result = this._getUse(state.contains, input._reporterState.obj) - ._decode(data, options); - } - } - - // Pop object - if (state.obj && present) - result = input.leaveObject(prevObj); - - // Set key - if (state.key !== null && (result !== null || present === true)) - input.leaveKey(prevKey, state.key, result); - else if (prevKey !== null) - input.exitKey(prevKey); - - return result; -}; - -Node.prototype._decodeGeneric = function decodeGeneric(tag, input, options) { - const state = this._baseState; - - if (tag === 'seq' || tag === 'set') - return null; - if (tag === 'seqof' || tag === 'setof') - return this._decodeList(input, tag, state.args[0], options); - else if (/str$/.test(tag)) - return this._decodeStr(input, tag, options); - else if (tag === 'objid' && state.args) - return this._decodeObjid(input, state.args[0], state.args[1], options); - else if (tag === 'objid') - return this._decodeObjid(input, null, null, options); - else if (tag === 'gentime' || tag === 'utctime') - return this._decodeTime(input, tag, options); - else if (tag === 'null_') - return this._decodeNull(input, options); - else if (tag === 'bool') - return this._decodeBool(input, options); - else if (tag === 'objDesc') - return this._decodeStr(input, tag, options); - else if (tag === 'int' || tag === 'enum') - return this._decodeInt(input, state.args && state.args[0], options); - - if (state.use !== null) { - return this._getUse(state.use, input._reporterState.obj) - ._decode(input, options); - } else { - return input.error('unknown tag: ' + tag); - } -}; - -Node.prototype._getUse = function _getUse(entity, obj) { - - const state = this._baseState; - // Create altered use decoder if implicit is set - state.useDecoder = this._use(entity, obj); - assert(state.useDecoder._baseState.parent === null); - state.useDecoder = state.useDecoder._baseState.children[0]; - if (state.implicit !== state.useDecoder._baseState.implicit) { - state.useDecoder = state.useDecoder.clone(); - state.useDecoder._baseState.implicit = state.implicit; - } - return state.useDecoder; -}; - -Node.prototype._decodeChoice = function decodeChoice(input, options) { - const state = this._baseState; - let result = null; - let match = false; - - Object.keys(state.choice).some(function(key) { - const save = input.save(); - const node = state.choice[key]; - try { - const value = node._decode(input, options); - if (input.isError(value)) - return false; - - result = { type: key, value: value }; - match = true; - } catch (e) { - input.restore(save); - return false; - } - return true; - }, this); - - if (!match) - return input.error('Choice not matched'); - - return result; -}; - -// -// Encoding -// - -Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) { - return new EncoderBuffer(data, this.reporter); -}; - -Node.prototype._encode = function encode(data, reporter, parent) { - const state = this._baseState; - if (state['default'] !== null && state['default'] === data) - return; - - const result = this._encodeValue(data, reporter, parent); - if (result === undefined) - return; - - if (this._skipDefault(result, reporter, parent)) - return; - - return result; -}; - -Node.prototype._encodeValue = function encode(data, reporter, parent) { - const state = this._baseState; - - // Decode root node - if (state.parent === null) - return state.children[0]._encode(data, reporter || new Reporter()); - - let result = null; - - // Set reporter to share it with a child class - this.reporter = reporter; - - // Check if data is there - if (state.optional && data === undefined) { - if (state['default'] !== null) - data = state['default']; - else - return; - } - - // Encode children first - let content = null; - let primitive = false; - if (state.any) { - // Anything that was given is translated to buffer - result = this._createEncoderBuffer(data); - } else if (state.choice) { - result = this._encodeChoice(data, reporter); - } else if (state.contains) { - content = this._getUse(state.contains, parent)._encode(data, reporter); - primitive = true; - } else if (state.children) { - content = state.children.map(function(child) { - if (child._baseState.tag === 'null_') - return child._encode(null, reporter, data); - - if (child._baseState.key === null) - return reporter.error('Child should have a key'); - const prevKey = reporter.enterKey(child._baseState.key); - - if (typeof data !== 'object') - return reporter.error('Child expected, but input is not object'); - - const res = child._encode(data[child._baseState.key], reporter, data); - reporter.leaveKey(prevKey); - - return res; - }, this).filter(function(child) { - return child; - }); - content = this._createEncoderBuffer(content); - } else { - if (state.tag === 'seqof' || state.tag === 'setof') { - // TODO(indutny): this should be thrown on DSL level - if (!(state.args && state.args.length === 1)) - return reporter.error('Too many args for : ' + state.tag); - - if (!Array.isArray(data)) - return reporter.error('seqof/setof, but data is not Array'); - - const child = this.clone(); - child._baseState.implicit = null; - content = this._createEncoderBuffer(data.map(function(item) { - const state = this._baseState; - - return this._getUse(state.args[0], data)._encode(item, reporter); - }, child)); - } else if (state.use !== null) { - result = this._getUse(state.use, parent)._encode(data, reporter); - } else { - content = this._encodePrimitive(state.tag, data); - primitive = true; - } - } - - // Encode data itself - if (!state.any && state.choice === null) { - const tag = state.implicit !== null ? state.implicit : state.tag; - const cls = state.implicit === null ? 'universal' : 'context'; - - if (tag === null) { - if (state.use === null) - reporter.error('Tag could be omitted only for .use()'); - } else { - if (state.use === null) - result = this._encodeComposite(tag, primitive, cls, content); - } - } - - // Wrap in explicit - if (state.explicit !== null) - result = this._encodeComposite(state.explicit, false, 'context', result); - - return result; -}; - -Node.prototype._encodeChoice = function encodeChoice(data, reporter) { - const state = this._baseState; - - const node = state.choice[data.type]; - if (!node) { - assert( - false, - data.type + ' not found in ' + - JSON.stringify(Object.keys(state.choice))); - } - return node._encode(data.value, reporter); -}; - -Node.prototype._encodePrimitive = function encodePrimitive(tag, data) { - const state = this._baseState; - - if (/str$/.test(tag)) - return this._encodeStr(data, tag); - else if (tag === 'objid' && state.args) - return this._encodeObjid(data, state.reverseArgs[0], state.args[1]); - else if (tag === 'objid') - return this._encodeObjid(data, null, null); - else if (tag === 'gentime' || tag === 'utctime') - return this._encodeTime(data, tag); - else if (tag === 'null_') - return this._encodeNull(); - else if (tag === 'int' || tag === 'enum') - return this._encodeInt(data, state.args && state.reverseArgs[0]); - else if (tag === 'bool') - return this._encodeBool(data); - else if (tag === 'objDesc') - return this._encodeStr(data, tag); - else - throw new Error('Unsupported tag: ' + tag); -}; - -Node.prototype._isNumstr = function isNumstr(str) { - return /^[0-9 ]*$/.test(str); -}; - -Node.prototype._isPrintstr = function isPrintstr(str) { - return /^[A-Za-z0-9 '()+,-./:=?]*$/.test(str); -}; diff --git a/app/node_modules/asn1.js/lib/asn1/base/reporter.js b/app/node_modules/asn1.js/lib/asn1/base/reporter.js deleted file mode 100644 index d05fe12f3..000000000 --- a/app/node_modules/asn1.js/lib/asn1/base/reporter.js +++ /dev/null @@ -1,123 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); - -function Reporter(options) { - this._reporterState = { - obj: null, - path: [], - options: options || {}, - errors: [] - }; -} -exports.Reporter = Reporter; - -Reporter.prototype.isError = function isError(obj) { - return obj instanceof ReporterError; -}; - -Reporter.prototype.save = function save() { - const state = this._reporterState; - - return { obj: state.obj, pathLen: state.path.length }; -}; - -Reporter.prototype.restore = function restore(data) { - const state = this._reporterState; - - state.obj = data.obj; - state.path = state.path.slice(0, data.pathLen); -}; - -Reporter.prototype.enterKey = function enterKey(key) { - return this._reporterState.path.push(key); -}; - -Reporter.prototype.exitKey = function exitKey(index) { - const state = this._reporterState; - - state.path = state.path.slice(0, index - 1); -}; - -Reporter.prototype.leaveKey = function leaveKey(index, key, value) { - const state = this._reporterState; - - this.exitKey(index); - if (state.obj !== null) - state.obj[key] = value; -}; - -Reporter.prototype.path = function path() { - return this._reporterState.path.join('/'); -}; - -Reporter.prototype.enterObject = function enterObject() { - const state = this._reporterState; - - const prev = state.obj; - state.obj = {}; - return prev; -}; - -Reporter.prototype.leaveObject = function leaveObject(prev) { - const state = this._reporterState; - - const now = state.obj; - state.obj = prev; - return now; -}; - -Reporter.prototype.error = function error(msg) { - let err; - const state = this._reporterState; - - const inherited = msg instanceof ReporterError; - if (inherited) { - err = msg; - } else { - err = new ReporterError(state.path.map(function(elem) { - return '[' + JSON.stringify(elem) + ']'; - }).join(''), msg.message || msg, msg.stack); - } - - if (!state.options.partial) - throw err; - - if (!inherited) - state.errors.push(err); - - return err; -}; - -Reporter.prototype.wrapResult = function wrapResult(result) { - const state = this._reporterState; - if (!state.options.partial) - return result; - - return { - result: this.isError(result) ? null : result, - errors: state.errors - }; -}; - -function ReporterError(path, msg) { - this.path = path; - this.rethrow(msg); -} -inherits(ReporterError, Error); - -ReporterError.prototype.rethrow = function rethrow(msg) { - this.message = msg + ' at: ' + (this.path || '(shallow)'); - if (Error.captureStackTrace) - Error.captureStackTrace(this, ReporterError); - - if (!this.stack) { - try { - // IE only adds stack when thrown - throw new Error(this.message); - } catch (e) { - this.stack = e.stack; - } - } - return this; -}; diff --git a/app/node_modules/asn1.js/lib/asn1/constants/der.js b/app/node_modules/asn1.js/lib/asn1/constants/der.js deleted file mode 100644 index 2b678aaf3..000000000 --- a/app/node_modules/asn1.js/lib/asn1/constants/der.js +++ /dev/null @@ -1,58 +0,0 @@ -'use strict'; - -// Helper -function reverse(map) { - const res = {}; - - Object.keys(map).forEach(function(key) { - // Convert key to integer if it is stringified - if ((key | 0) == key) - key = key | 0; - - const value = map[key]; - res[value] = key; - }); - - return res; -} - -exports.tagClass = { - 0: 'universal', - 1: 'application', - 2: 'context', - 3: 'private' -}; -exports.tagClassByName = reverse(exports.tagClass); - -exports.tag = { - 0x00: 'end', - 0x01: 'bool', - 0x02: 'int', - 0x03: 'bitstr', - 0x04: 'octstr', - 0x05: 'null_', - 0x06: 'objid', - 0x07: 'objDesc', - 0x08: 'external', - 0x09: 'real', - 0x0a: 'enum', - 0x0b: 'embed', - 0x0c: 'utf8str', - 0x0d: 'relativeOid', - 0x10: 'seq', - 0x11: 'set', - 0x12: 'numstr', - 0x13: 'printstr', - 0x14: 't61str', - 0x15: 'videostr', - 0x16: 'ia5str', - 0x17: 'utctime', - 0x18: 'gentime', - 0x19: 'graphstr', - 0x1a: 'iso646str', - 0x1b: 'genstr', - 0x1c: 'unistr', - 0x1d: 'charstr', - 0x1e: 'bmpstr' -}; -exports.tagByName = reverse(exports.tag); diff --git a/app/node_modules/asn1.js/lib/asn1/constants/index.js b/app/node_modules/asn1.js/lib/asn1/constants/index.js deleted file mode 100644 index 632cf3de5..000000000 --- a/app/node_modules/asn1.js/lib/asn1/constants/index.js +++ /dev/null @@ -1,21 +0,0 @@ -'use strict'; - -const constants = exports; - -// Helper -constants._reverse = function reverse(map) { - const res = {}; - - Object.keys(map).forEach(function(key) { - // Convert key to integer if it is stringified - if ((key | 0) == key) - key = key | 0; - - const value = map[key]; - res[value] = key; - }); - - return res; -}; - -constants.der = require('./der'); diff --git a/app/node_modules/asn1.js/lib/asn1/decoders/der.js b/app/node_modules/asn1.js/lib/asn1/decoders/der.js deleted file mode 100644 index c5b0515b7..000000000 --- a/app/node_modules/asn1.js/lib/asn1/decoders/der.js +++ /dev/null @@ -1,335 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); - -const bignum = require('bn.js'); -const DecoderBuffer = require('../base/buffer').DecoderBuffer; -const Node = require('../base/node'); - -// Import DER constants -const der = require('../constants/der'); - -function DERDecoder(entity) { - this.enc = 'der'; - this.name = entity.name; - this.entity = entity; - - // Construct base tree - this.tree = new DERNode(); - this.tree._init(entity.body); -} -module.exports = DERDecoder; - -DERDecoder.prototype.decode = function decode(data, options) { - if (!DecoderBuffer.isDecoderBuffer(data)) { - data = new DecoderBuffer(data, options); - } - - return this.tree._decode(data, options); -}; - -// Tree methods - -function DERNode(parent) { - Node.call(this, 'der', parent); -} -inherits(DERNode, Node); - -DERNode.prototype._peekTag = function peekTag(buffer, tag, any) { - if (buffer.isEmpty()) - return false; - - const state = buffer.save(); - const decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"'); - if (buffer.isError(decodedTag)) - return decodedTag; - - buffer.restore(state); - - return decodedTag.tag === tag || decodedTag.tagStr === tag || - (decodedTag.tagStr + 'of') === tag || any; -}; - -DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) { - const decodedTag = derDecodeTag(buffer, - 'Failed to decode tag of "' + tag + '"'); - if (buffer.isError(decodedTag)) - return decodedTag; - - let len = derDecodeLen(buffer, - decodedTag.primitive, - 'Failed to get length of "' + tag + '"'); - - // Failure - if (buffer.isError(len)) - return len; - - if (!any && - decodedTag.tag !== tag && - decodedTag.tagStr !== tag && - decodedTag.tagStr + 'of' !== tag) { - return buffer.error('Failed to match tag: "' + tag + '"'); - } - - if (decodedTag.primitive || len !== null) - return buffer.skip(len, 'Failed to match body of: "' + tag + '"'); - - // Indefinite length... find END tag - const state = buffer.save(); - const res = this._skipUntilEnd( - buffer, - 'Failed to skip indefinite length body: "' + this.tag + '"'); - if (buffer.isError(res)) - return res; - - len = buffer.offset - state.offset; - buffer.restore(state); - return buffer.skip(len, 'Failed to match body of: "' + tag + '"'); -}; - -DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) { - for (;;) { - const tag = derDecodeTag(buffer, fail); - if (buffer.isError(tag)) - return tag; - const len = derDecodeLen(buffer, tag.primitive, fail); - if (buffer.isError(len)) - return len; - - let res; - if (tag.primitive || len !== null) - res = buffer.skip(len); - else - res = this._skipUntilEnd(buffer, fail); - - // Failure - if (buffer.isError(res)) - return res; - - if (tag.tagStr === 'end') - break; - } -}; - -DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder, - options) { - const result = []; - while (!buffer.isEmpty()) { - const possibleEnd = this._peekTag(buffer, 'end'); - if (buffer.isError(possibleEnd)) - return possibleEnd; - - const res = decoder.decode(buffer, 'der', options); - if (buffer.isError(res) && possibleEnd) - break; - result.push(res); - } - return result; -}; - -DERNode.prototype._decodeStr = function decodeStr(buffer, tag) { - if (tag === 'bitstr') { - const unused = buffer.readUInt8(); - if (buffer.isError(unused)) - return unused; - return { unused: unused, data: buffer.raw() }; - } else if (tag === 'bmpstr') { - const raw = buffer.raw(); - if (raw.length % 2 === 1) - return buffer.error('Decoding of string type: bmpstr length mismatch'); - - let str = ''; - for (let i = 0; i < raw.length / 2; i++) { - str += String.fromCharCode(raw.readUInt16BE(i * 2)); - } - return str; - } else if (tag === 'numstr') { - const numstr = buffer.raw().toString('ascii'); - if (!this._isNumstr(numstr)) { - return buffer.error('Decoding of string type: ' + - 'numstr unsupported characters'); - } - return numstr; - } else if (tag === 'octstr') { - return buffer.raw(); - } else if (tag === 'objDesc') { - return buffer.raw(); - } else if (tag === 'printstr') { - const printstr = buffer.raw().toString('ascii'); - if (!this._isPrintstr(printstr)) { - return buffer.error('Decoding of string type: ' + - 'printstr unsupported characters'); - } - return printstr; - } else if (/str$/.test(tag)) { - return buffer.raw().toString(); - } else { - return buffer.error('Decoding of string type: ' + tag + ' unsupported'); - } -}; - -DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) { - let result; - const identifiers = []; - let ident = 0; - let subident = 0; - while (!buffer.isEmpty()) { - subident = buffer.readUInt8(); - ident <<= 7; - ident |= subident & 0x7f; - if ((subident & 0x80) === 0) { - identifiers.push(ident); - ident = 0; - } - } - if (subident & 0x80) - identifiers.push(ident); - - const first = (identifiers[0] / 40) | 0; - const second = identifiers[0] % 40; - - if (relative) - result = identifiers; - else - result = [first, second].concat(identifiers.slice(1)); - - if (values) { - let tmp = values[result.join(' ')]; - if (tmp === undefined) - tmp = values[result.join('.')]; - if (tmp !== undefined) - result = tmp; - } - - return result; -}; - -DERNode.prototype._decodeTime = function decodeTime(buffer, tag) { - const str = buffer.raw().toString(); - - let year; - let mon; - let day; - let hour; - let min; - let sec; - if (tag === 'gentime') { - year = str.slice(0, 4) | 0; - mon = str.slice(4, 6) | 0; - day = str.slice(6, 8) | 0; - hour = str.slice(8, 10) | 0; - min = str.slice(10, 12) | 0; - sec = str.slice(12, 14) | 0; - } else if (tag === 'utctime') { - year = str.slice(0, 2) | 0; - mon = str.slice(2, 4) | 0; - day = str.slice(4, 6) | 0; - hour = str.slice(6, 8) | 0; - min = str.slice(8, 10) | 0; - sec = str.slice(10, 12) | 0; - if (year < 70) - year = 2000 + year; - else - year = 1900 + year; - } else { - return buffer.error('Decoding ' + tag + ' time is not supported yet'); - } - - return Date.UTC(year, mon - 1, day, hour, min, sec, 0); -}; - -DERNode.prototype._decodeNull = function decodeNull() { - return null; -}; - -DERNode.prototype._decodeBool = function decodeBool(buffer) { - const res = buffer.readUInt8(); - if (buffer.isError(res)) - return res; - else - return res !== 0; -}; - -DERNode.prototype._decodeInt = function decodeInt(buffer, values) { - // Bigint, return as it is (assume big endian) - const raw = buffer.raw(); - let res = new bignum(raw); - - if (values) - res = values[res.toString(10)] || res; - - return res; -}; - -DERNode.prototype._use = function use(entity, obj) { - if (typeof entity === 'function') - entity = entity(obj); - return entity._getDecoder('der').tree; -}; - -// Utility methods - -function derDecodeTag(buf, fail) { - let tag = buf.readUInt8(fail); - if (buf.isError(tag)) - return tag; - - const cls = der.tagClass[tag >> 6]; - const primitive = (tag & 0x20) === 0; - - // Multi-octet tag - load - if ((tag & 0x1f) === 0x1f) { - let oct = tag; - tag = 0; - while ((oct & 0x80) === 0x80) { - oct = buf.readUInt8(fail); - if (buf.isError(oct)) - return oct; - - tag <<= 7; - tag |= oct & 0x7f; - } - } else { - tag &= 0x1f; - } - const tagStr = der.tag[tag]; - - return { - cls: cls, - primitive: primitive, - tag: tag, - tagStr: tagStr - }; -} - -function derDecodeLen(buf, primitive, fail) { - let len = buf.readUInt8(fail); - if (buf.isError(len)) - return len; - - // Indefinite form - if (!primitive && len === 0x80) - return null; - - // Definite form - if ((len & 0x80) === 0) { - // Short form - return len; - } - - // Long form - const num = len & 0x7f; - if (num > 4) - return buf.error('length octect is too long'); - - len = 0; - for (let i = 0; i < num; i++) { - len <<= 8; - const j = buf.readUInt8(fail); - if (buf.isError(j)) - return j; - len |= j; - } - - return len; -} diff --git a/app/node_modules/asn1.js/lib/asn1/decoders/index.js b/app/node_modules/asn1.js/lib/asn1/decoders/index.js deleted file mode 100644 index 14fb05aea..000000000 --- a/app/node_modules/asn1.js/lib/asn1/decoders/index.js +++ /dev/null @@ -1,6 +0,0 @@ -'use strict'; - -const decoders = exports; - -decoders.der = require('./der'); -decoders.pem = require('./pem'); diff --git a/app/node_modules/asn1.js/lib/asn1/decoders/pem.js b/app/node_modules/asn1.js/lib/asn1/decoders/pem.js deleted file mode 100644 index 2b050ef6d..000000000 --- a/app/node_modules/asn1.js/lib/asn1/decoders/pem.js +++ /dev/null @@ -1,51 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); -const Buffer = require('safer-buffer').Buffer; - -const DERDecoder = require('./der'); - -function PEMDecoder(entity) { - DERDecoder.call(this, entity); - this.enc = 'pem'; -} -inherits(PEMDecoder, DERDecoder); -module.exports = PEMDecoder; - -PEMDecoder.prototype.decode = function decode(data, options) { - const lines = data.toString().split(/[\r\n]+/g); - - const label = options.label.toUpperCase(); - - const re = /^-----(BEGIN|END) ([^-]+)-----$/; - let start = -1; - let end = -1; - for (let i = 0; i < lines.length; i++) { - const match = lines[i].match(re); - if (match === null) - continue; - - if (match[2] !== label) - continue; - - if (start === -1) { - if (match[1] !== 'BEGIN') - break; - start = i; - } else { - if (match[1] !== 'END') - break; - end = i; - break; - } - } - if (start === -1 || end === -1) - throw new Error('PEM section not found for: ' + label); - - const base64 = lines.slice(start + 1, end).join(''); - // Remove excessive symbols - base64.replace(/[^a-z0-9+/=]+/gi, ''); - - const input = Buffer.from(base64, 'base64'); - return DERDecoder.prototype.decode.call(this, input, options); -}; diff --git a/app/node_modules/asn1.js/lib/asn1/encoders/der.js b/app/node_modules/asn1.js/lib/asn1/encoders/der.js deleted file mode 100644 index 55eb43591..000000000 --- a/app/node_modules/asn1.js/lib/asn1/encoders/der.js +++ /dev/null @@ -1,295 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); -const Buffer = require('safer-buffer').Buffer; -const Node = require('../base/node'); - -// Import DER constants -const der = require('../constants/der'); - -function DEREncoder(entity) { - this.enc = 'der'; - this.name = entity.name; - this.entity = entity; - - // Construct base tree - this.tree = new DERNode(); - this.tree._init(entity.body); -} -module.exports = DEREncoder; - -DEREncoder.prototype.encode = function encode(data, reporter) { - return this.tree._encode(data, reporter).join(); -}; - -// Tree methods - -function DERNode(parent) { - Node.call(this, 'der', parent); -} -inherits(DERNode, Node); - -DERNode.prototype._encodeComposite = function encodeComposite(tag, - primitive, - cls, - content) { - const encodedTag = encodeTag(tag, primitive, cls, this.reporter); - - // Short form - if (content.length < 0x80) { - const header = Buffer.alloc(2); - header[0] = encodedTag; - header[1] = content.length; - return this._createEncoderBuffer([ header, content ]); - } - - // Long form - // Count octets required to store length - let lenOctets = 1; - for (let i = content.length; i >= 0x100; i >>= 8) - lenOctets++; - - const header = Buffer.alloc(1 + 1 + lenOctets); - header[0] = encodedTag; - header[1] = 0x80 | lenOctets; - - for (let i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8) - header[i] = j & 0xff; - - return this._createEncoderBuffer([ header, content ]); -}; - -DERNode.prototype._encodeStr = function encodeStr(str, tag) { - if (tag === 'bitstr') { - return this._createEncoderBuffer([ str.unused | 0, str.data ]); - } else if (tag === 'bmpstr') { - const buf = Buffer.alloc(str.length * 2); - for (let i = 0; i < str.length; i++) { - buf.writeUInt16BE(str.charCodeAt(i), i * 2); - } - return this._createEncoderBuffer(buf); - } else if (tag === 'numstr') { - if (!this._isNumstr(str)) { - return this.reporter.error('Encoding of string type: numstr supports ' + - 'only digits and space'); - } - return this._createEncoderBuffer(str); - } else if (tag === 'printstr') { - if (!this._isPrintstr(str)) { - return this.reporter.error('Encoding of string type: printstr supports ' + - 'only latin upper and lower case letters, ' + - 'digits, space, apostrophe, left and rigth ' + - 'parenthesis, plus sign, comma, hyphen, ' + - 'dot, slash, colon, equal sign, ' + - 'question mark'); - } - return this._createEncoderBuffer(str); - } else if (/str$/.test(tag)) { - return this._createEncoderBuffer(str); - } else if (tag === 'objDesc') { - return this._createEncoderBuffer(str); - } else { - return this.reporter.error('Encoding of string type: ' + tag + - ' unsupported'); - } -}; - -DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) { - if (typeof id === 'string') { - if (!values) - return this.reporter.error('string objid given, but no values map found'); - if (!values.hasOwnProperty(id)) - return this.reporter.error('objid not found in values map'); - id = values[id].split(/[\s.]+/g); - for (let i = 0; i < id.length; i++) - id[i] |= 0; - } else if (Array.isArray(id)) { - id = id.slice(); - for (let i = 0; i < id.length; i++) - id[i] |= 0; - } - - if (!Array.isArray(id)) { - return this.reporter.error('objid() should be either array or string, ' + - 'got: ' + JSON.stringify(id)); - } - - if (!relative) { - if (id[1] >= 40) - return this.reporter.error('Second objid identifier OOB'); - id.splice(0, 2, id[0] * 40 + id[1]); - } - - // Count number of octets - let size = 0; - for (let i = 0; i < id.length; i++) { - let ident = id[i]; - for (size++; ident >= 0x80; ident >>= 7) - size++; - } - - const objid = Buffer.alloc(size); - let offset = objid.length - 1; - for (let i = id.length - 1; i >= 0; i--) { - let ident = id[i]; - objid[offset--] = ident & 0x7f; - while ((ident >>= 7) > 0) - objid[offset--] = 0x80 | (ident & 0x7f); - } - - return this._createEncoderBuffer(objid); -}; - -function two(num) { - if (num < 10) - return '0' + num; - else - return num; -} - -DERNode.prototype._encodeTime = function encodeTime(time, tag) { - let str; - const date = new Date(time); - - if (tag === 'gentime') { - str = [ - two(date.getUTCFullYear()), - two(date.getUTCMonth() + 1), - two(date.getUTCDate()), - two(date.getUTCHours()), - two(date.getUTCMinutes()), - two(date.getUTCSeconds()), - 'Z' - ].join(''); - } else if (tag === 'utctime') { - str = [ - two(date.getUTCFullYear() % 100), - two(date.getUTCMonth() + 1), - two(date.getUTCDate()), - two(date.getUTCHours()), - two(date.getUTCMinutes()), - two(date.getUTCSeconds()), - 'Z' - ].join(''); - } else { - this.reporter.error('Encoding ' + tag + ' time is not supported yet'); - } - - return this._encodeStr(str, 'octstr'); -}; - -DERNode.prototype._encodeNull = function encodeNull() { - return this._createEncoderBuffer(''); -}; - -DERNode.prototype._encodeInt = function encodeInt(num, values) { - if (typeof num === 'string') { - if (!values) - return this.reporter.error('String int or enum given, but no values map'); - if (!values.hasOwnProperty(num)) { - return this.reporter.error('Values map doesn\'t contain: ' + - JSON.stringify(num)); - } - num = values[num]; - } - - // Bignum, assume big endian - if (typeof num !== 'number' && !Buffer.isBuffer(num)) { - const numArray = num.toArray(); - if (!num.sign && numArray[0] & 0x80) { - numArray.unshift(0); - } - num = Buffer.from(numArray); - } - - if (Buffer.isBuffer(num)) { - let size = num.length; - if (num.length === 0) - size++; - - const out = Buffer.alloc(size); - num.copy(out); - if (num.length === 0) - out[0] = 0; - return this._createEncoderBuffer(out); - } - - if (num < 0x80) - return this._createEncoderBuffer(num); - - if (num < 0x100) - return this._createEncoderBuffer([0, num]); - - let size = 1; - for (let i = num; i >= 0x100; i >>= 8) - size++; - - const out = new Array(size); - for (let i = out.length - 1; i >= 0; i--) { - out[i] = num & 0xff; - num >>= 8; - } - if(out[0] & 0x80) { - out.unshift(0); - } - - return this._createEncoderBuffer(Buffer.from(out)); -}; - -DERNode.prototype._encodeBool = function encodeBool(value) { - return this._createEncoderBuffer(value ? 0xff : 0); -}; - -DERNode.prototype._use = function use(entity, obj) { - if (typeof entity === 'function') - entity = entity(obj); - return entity._getEncoder('der').tree; -}; - -DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) { - const state = this._baseState; - let i; - if (state['default'] === null) - return false; - - const data = dataBuffer.join(); - if (state.defaultBuffer === undefined) - state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join(); - - if (data.length !== state.defaultBuffer.length) - return false; - - for (i=0; i < data.length; i++) - if (data[i] !== state.defaultBuffer[i]) - return false; - - return true; -}; - -// Utility methods - -function encodeTag(tag, primitive, cls, reporter) { - let res; - - if (tag === 'seqof') - tag = 'seq'; - else if (tag === 'setof') - tag = 'set'; - - if (der.tagByName.hasOwnProperty(tag)) - res = der.tagByName[tag]; - else if (typeof tag === 'number' && (tag | 0) === tag) - res = tag; - else - return reporter.error('Unknown tag: ' + tag); - - if (res >= 0x1f) - return reporter.error('Multi-octet tag encoding unsupported'); - - if (!primitive) - res |= 0x20; - - res |= (der.tagClassByName[cls || 'universal'] << 6); - - return res; -} diff --git a/app/node_modules/asn1.js/lib/asn1/encoders/index.js b/app/node_modules/asn1.js/lib/asn1/encoders/index.js deleted file mode 100644 index bb8ea34d5..000000000 --- a/app/node_modules/asn1.js/lib/asn1/encoders/index.js +++ /dev/null @@ -1,6 +0,0 @@ -'use strict'; - -const encoders = exports; - -encoders.der = require('./der'); -encoders.pem = require('./pem'); diff --git a/app/node_modules/asn1.js/lib/asn1/encoders/pem.js b/app/node_modules/asn1.js/lib/asn1/encoders/pem.js deleted file mode 100644 index 77fbdb47b..000000000 --- a/app/node_modules/asn1.js/lib/asn1/encoders/pem.js +++ /dev/null @@ -1,23 +0,0 @@ -'use strict'; - -const inherits = require('inherits'); - -const DEREncoder = require('./der'); - -function PEMEncoder(entity) { - DEREncoder.call(this, entity); - this.enc = 'pem'; -} -inherits(PEMEncoder, DEREncoder); -module.exports = PEMEncoder; - -PEMEncoder.prototype.encode = function encode(data, options) { - const buf = DEREncoder.prototype.encode.call(this, data); - - const p = buf.toString('base64'); - const out = [ '-----BEGIN ' + options.label + '-----' ]; - for (let i = 0; i < p.length; i += 64) - out.push(p.slice(i, i + 64)); - out.push('-----END ' + options.label + '-----'); - return out.join('\n'); -}; diff --git a/app/node_modules/asn1.js/package.json b/app/node_modules/asn1.js/package.json deleted file mode 100644 index 7b7d0530e..000000000 --- a/app/node_modules/asn1.js/package.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "name": "asn1.js", - "version": "5.4.1", - "description": "ASN.1 encoder and decoder", - "main": "lib/asn1.js", - "scripts": { - "lint-2560": "eslint --fix rfc/2560/*.js rfc/2560/test/*.js", - "lint-5280": "eslint --fix rfc/5280/*.js rfc/5280/test/*.js", - "lint": "eslint --fix lib/*.js lib/**/*.js lib/**/**/*.js && npm run lint-2560 && npm run lint-5280", - "test": "mocha --reporter spec test/*-test.js && cd rfc/2560 && npm i && npm test && cd ../../rfc/5280 && npm i && npm test && cd ../../ && npm run lint" - }, - "repository": { - "type": "git", - "url": "git@github.com:indutny/asn1.js" - }, - "keywords": [ - "asn.1", - "der" - ], - "author": "Fedor Indutny", - "license": "MIT", - "bugs": { - "url": "https://github.com/indutny/asn1.js/issues" - }, - "homepage": "https://github.com/indutny/asn1.js", - "devDependencies": { - "eslint": "^4.10.0", - "mocha": "^7.0.0" - }, - "dependencies": { - "bn.js": "^4.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" - } -} diff --git a/app/node_modules/bn.js/LICENSE b/app/node_modules/bn.js/LICENSE deleted file mode 100644 index c328f0401..000000000 --- a/app/node_modules/bn.js/LICENSE +++ /dev/null @@ -1,19 +0,0 @@ -Copyright Fedor Indutny, 2015. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/app/node_modules/bn.js/README.md b/app/node_modules/bn.js/README.md deleted file mode 100644 index aecc3ba0f..000000000 --- a/app/node_modules/bn.js/README.md +++ /dev/null @@ -1,200 +0,0 @@ -# bn.js - -> BigNum in pure javascript - -[![Build Status](https://secure.travis-ci.org/indutny/bn.js.png)](http://travis-ci.org/indutny/bn.js) - -## Install -`npm install --save bn.js` - -## Usage - -```js -const BN = require('bn.js'); - -var a = new BN('dead', 16); -var b = new BN('101010', 2); - -var res = a.add(b); -console.log(res.toString(10)); // 57047 -``` - -**Note**: decimals are not supported in this library. - -## Notation - -### Prefixes - -There are several prefixes to instructions that affect the way the work. Here -is the list of them in the order of appearance in the function name: - -* `i` - perform operation in-place, storing the result in the host object (on - which the method was invoked). Might be used to avoid number allocation costs -* `u` - unsigned, ignore the sign of operands when performing operation, or - always return positive value. Second case applies to reduction operations - like `mod()`. In such cases if the result will be negative - modulo will be - added to the result to make it positive - -### Postfixes - -The only available postfix at the moment is: - -* `n` - which means that the argument of the function must be a plain JavaScript - Number. Decimals are not supported. - -### Examples - -* `a.iadd(b)` - perform addition on `a` and `b`, storing the result in `a` -* `a.umod(b)` - reduce `a` modulo `b`, returning positive value -* `a.iushln(13)` - shift bits of `a` left by 13 - -## Instructions - -Prefixes/postfixes are put in parens at the of the line. `endian` - could be -either `le` (little-endian) or `be` (big-endian). - -### Utilities - -* `a.clone()` - clone number -* `a.toString(base, length)` - convert to base-string and pad with zeroes -* `a.toNumber()` - convert to Javascript Number (limited to 53 bits) -* `a.toJSON()` - convert to JSON compatible hex string (alias of `toString(16)`) -* `a.toArray(endian, length)` - convert to byte `Array`, and optionally zero - pad to length, throwing if already exceeding -* `a.toArrayLike(type, endian, length)` - convert to an instance of `type`, - which must behave like an `Array` -* `a.toBuffer(endian, length)` - convert to Node.js Buffer (if available). For - compatibility with browserify and similar tools, use this instead: - `a.toArrayLike(Buffer, endian, length)` -* `a.bitLength()` - get number of bits occupied -* `a.zeroBits()` - return number of less-significant consequent zero bits - (example: `1010000` has 4 zero bits) -* `a.byteLength()` - return number of bytes occupied -* `a.isNeg()` - true if the number is negative -* `a.isEven()` - no comments -* `a.isOdd()` - no comments -* `a.isZero()` - no comments -* `a.cmp(b)` - compare numbers and return `-1` (a `<` b), `0` (a `==` b), or `1` (a `>` b) - depending on the comparison result (`ucmp`, `cmpn`) -* `a.lt(b)` - `a` less than `b` (`n`) -* `a.lte(b)` - `a` less than or equals `b` (`n`) -* `a.gt(b)` - `a` greater than `b` (`n`) -* `a.gte(b)` - `a` greater than or equals `b` (`n`) -* `a.eq(b)` - `a` equals `b` (`n`) -* `a.toTwos(width)` - convert to two's complement representation, where `width` is bit width -* `a.fromTwos(width)` - convert from two's complement representation, where `width` is the bit width -* `BN.isBN(object)` - returns true if the supplied `object` is a BN.js instance - -### Arithmetics - -* `a.neg()` - negate sign (`i`) -* `a.abs()` - absolute value (`i`) -* `a.add(b)` - addition (`i`, `n`, `in`) -* `a.sub(b)` - subtraction (`i`, `n`, `in`) -* `a.mul(b)` - multiply (`i`, `n`, `in`) -* `a.sqr()` - square (`i`) -* `a.pow(b)` - raise `a` to the power of `b` -* `a.div(b)` - divide (`divn`, `idivn`) -* `a.mod(b)` - reduct (`u`, `n`) (but no `umodn`) -* `a.divRound(b)` - rounded division - -### Bit operations - -* `a.or(b)` - or (`i`, `u`, `iu`) -* `a.and(b)` - and (`i`, `u`, `iu`, `andln`) (NOTE: `andln` is going to be replaced - with `andn` in future) -* `a.xor(b)` - xor (`i`, `u`, `iu`) -* `a.setn(b)` - set specified bit to `1` -* `a.shln(b)` - shift left (`i`, `u`, `iu`) -* `a.shrn(b)` - shift right (`i`, `u`, `iu`) -* `a.testn(b)` - test if specified bit is set -* `a.maskn(b)` - clear bits with indexes higher or equal to `b` (`i`) -* `a.bincn(b)` - add `1 << b` to the number -* `a.notn(w)` - not (for the width specified by `w`) (`i`) - -### Reduction - -* `a.gcd(b)` - GCD -* `a.egcd(b)` - Extended GCD results (`{ a: ..., b: ..., gcd: ... }`) -* `a.invm(b)` - inverse `a` modulo `b` - -## Fast reduction - -When doing lots of reductions using the same modulo, it might be beneficial to -use some tricks: like [Montgomery multiplication][0], or using special algorithm -for [Mersenne Prime][1]. - -### Reduction context - -To enable this tricks one should create a reduction context: - -```js -var red = BN.red(num); -``` -where `num` is just a BN instance. - -Or: - -```js -var red = BN.red(primeName); -``` - -Where `primeName` is either of these [Mersenne Primes][1]: - -* `'k256'` -* `'p224'` -* `'p192'` -* `'p25519'` - -Or: - -```js -var red = BN.mont(num); -``` - -To reduce numbers with [Montgomery trick][0]. `.mont()` is generally faster than -`.red(num)`, but slower than `BN.red(primeName)`. - -### Converting numbers - -Before performing anything in reduction context - numbers should be converted -to it. Usually, this means that one should: - -* Convert inputs to reducted ones -* Operate on them in reduction context -* Convert outputs back from the reduction context - -Here is how one may convert numbers to `red`: - -```js -var redA = a.toRed(red); -``` -Where `red` is a reduction context created using instructions above - -Here is how to convert them back: - -```js -var a = redA.fromRed(); -``` - -### Red instructions - -Most of the instructions from the very start of this readme have their -counterparts in red context: - -* `a.redAdd(b)`, `a.redIAdd(b)` -* `a.redSub(b)`, `a.redISub(b)` -* `a.redShl(num)` -* `a.redMul(b)`, `a.redIMul(b)` -* `a.redSqr()`, `a.redISqr()` -* `a.redSqrt()` - square root modulo reduction context's prime -* `a.redInvm()` - modular inverse of the number -* `a.redNeg()` -* `a.redPow(b)` - modular exponentiation - -## LICENSE - -This software is licensed under the MIT License. - -[0]: https://en.wikipedia.org/wiki/Montgomery_modular_multiplication -[1]: https://en.wikipedia.org/wiki/Mersenne_prime diff --git a/app/node_modules/bn.js/lib/bn.js b/app/node_modules/bn.js/lib/bn.js deleted file mode 100644 index 3a4371ea2..000000000 --- a/app/node_modules/bn.js/lib/bn.js +++ /dev/null @@ -1,3446 +0,0 @@ -(function (module, exports) { - 'use strict'; - - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); - } - - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - } - - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; - } - - this.negative = 0; - this.words = null; - this.length = 0; - - // Reduction context - this.red = null; - - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; - } - - this._init(number || 0, base || 10, endian || 'be'); - } - } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; - } - - BN.BN = BN; - BN.wordSize = 26; - - var Buffer; - try { - if (typeof window !== 'undefined' && typeof window.Buffer !== 'undefined') { - Buffer = window.Buffer; - } else { - Buffer = require('buffer').Buffer; - } - } catch (e) { - } - - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; - - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; - - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); - } - - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } - - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - this.negative = 1; - } - - if (start < number.length) { - if (base === 16) { - this._parseHex(number, start, endian); - } else { - this._parseBase(number, base, start); - if (endian === 'le') { - this._initArray(this.toArray(), base, endian); - } - } - } - }; - - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } - - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } - return this.strip(); - }; - - function parseHex4Bits (string, index) { - var c = string.charCodeAt(index); - // 'A' - 'F' - if (c >= 65 && c <= 70) { - return c - 55; - // 'a' - 'f' - } else if (c >= 97 && c <= 102) { - return c - 87; - // '0' - '9' - } else { - return (c - 48) & 0xf; - } - } - - function parseHexByte (string, lowerBound, index) { - var r = parseHex4Bits(string, index); - if (index - 1 >= lowerBound) { - r |= parseHex4Bits(string, index - 1) << 4; - } - return r; - } - - BN.prototype._parseHex = function _parseHex (number, start, endian) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - // 24-bits chunks - var off = 0; - var j = 0; - - var w; - if (endian === 'be') { - for (i = number.length - 1; i >= start; i -= 2) { - w = parseHexByte(number, start, i) << off; - this.words[j] |= w & 0x3ffffff; - if (off >= 18) { - off -= 18; - j += 1; - this.words[j] |= w >>> 26; - } else { - off += 8; - } - } - } else { - var parseLength = number.length - start; - for (i = parseLength % 2 === 0 ? start + 1 : start; i < number.length; i += 2) { - w = parseHexByte(number, start, i) << off; - this.words[j] |= w & 0x3ffffff; - if (off >= 18) { - off -= 18; - j += 1; - this.words[j] |= w >>> 26; - } else { - off += 8; - } - } - } - - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; - - // '0' - '9' - } else { - r += c; - } - } - return r; - } - - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; - } - limbLen--; - limbPow = (limbPow / base) | 0; - - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; - - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); - - for (i = 0; i < mod; i++) { - pow *= base; - } - - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - - this.strip(); - }; - - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; - } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; - } - return this; - }; - - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; - } - return this._normSign(); - }; - - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; - } - return this; - }; - - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; - - /* - - var zeros = []; - var groupSizes = []; - var groupBases = []; - - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; - } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } - - */ - - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; - - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; - - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; - - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; - } - } - if (this.isZero()) { - out = '0' + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - assert(false, 'Base should be between 2 and 36'); - }; - - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; - - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; - - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; - - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; - - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[i] = b; - } - - for (; i < reqLength; i++) { - res[i] = 0; - } - } - - return res; - }; - - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; - } - if (t >= 0x8) { - r += 4; - t >>>= 4; - } - if (t >= 0x02) { - r += 2; - t >>>= 2; - } - return r + t; - }; - } - - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; - - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; - } - if ((t & 0x1) === 0) { - r++; - } - return r; - }; - - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; - - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; - } - - return w; - } - - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; - - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; - } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); - } - return this.clone(); - }; - - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); - } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; - - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; - } - - return this; - }; - - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; - } - - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; - } - - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; - - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; - } - - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; - - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; - - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; - - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; - } - - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; - } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); - } - - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); - } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - return this; - }; - - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; - } - - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; - - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } - - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = Math.max(this.length, i); - - if (a !== this) { - this.negative = 1; - } - - return this.strip(); - }; - - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; - - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; - } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; - } - - return out.strip(); - } - - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); - } - - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; - } - - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; - - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; - } - - return rb; - }; - - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; - } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; - - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; - - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; - - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; - } - } - } - } - }; - - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; - } - - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; - - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; - - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; - - t = iws[i]; - - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; - } - }; - - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; - - ws[i] = w & 0x3ffffff; - - if (w < 0x4000000) { - carry = 0; - } else { - carry = w / 0x4000000 | 0; - } - } - - return ws; - }; - - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; - } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; - } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; - } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; - } - - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; - - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; - - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; - - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; - - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); - - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; - } - - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; - - res = res.mul(q); - } - } - - return res; - }; - - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); - } - - if (carry) { - this.words[i] = carry; - this.length++; - } - } - - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } - - for (i = 0; i < s; i++) { - this.words[i] = 0; - } - - this.length += s; - } - - return this.strip(); - }; - - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; - - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; - } - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; - } - - if (s === 0) { - // No-op, we should not move anything at all - } else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; - } - - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; - } - - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; - } - - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } - - return this.strip(); - }; - - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; - - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; - - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; - - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; - - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; - - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; - - // Check bit and return - var w = this.words[s]; - - return !!(w & q); - }; - - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - - assert(this.negative === 0, 'imaskn works only with positive numbers'); - - if (this.length <= s) { - return this; - } - - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); - - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } - - return this.strip(); - }; - - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; - - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } - - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; - } - - // Add without checks - return this._iaddn(num); - }; - - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; - - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } - } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); - - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; - } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } - } - - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; - - return this; - }; - - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; - - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; - - this._expand(len); - - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; - } - - if (carry === 0) return this.strip(); - - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; - } - this.negative = 1; - - return this.strip(); - }; - - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; - - var a = this.clone(); - var b = num; - - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; - } - - // Initialize quotient - var m = a.length - b.length; - var q; - - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; - } - } - - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; - } - } - - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); - - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); - - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } - } - if (q) { - q.words[j] = qj; - } - } - if (q) { - q.strip(); - } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); - } - - return { - div: q || null, - mod: a - }; - }; - - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); - - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; - } - - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } - - return { - div: div, - mod: mod - }; - } - - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - return { - div: div, - mod: res.mod - }; - } - - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } - - return { - div: res.div, - mod: mod - }; - } - - // Both numbers are positive at this point - - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } - - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; - } - - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; - } - - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; - } - - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; - - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); - - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; - - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; - - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; - - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; - } - - return acc; - }; - - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); - - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; - } - - return this.strip(); - }; - - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; - - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var x = this; - var y = p.clone(); - - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); - } - - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); - - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); - - var g = 0; - - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; - } - - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } - - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); - } - - C.iushrn(1); - D.iushrn(1); - } - } - - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } - } - - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; - - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var a = this; - var b = p.clone(); - - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); - } - - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } - - x1.iushrn(1); - } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); - } - - x2.iushrn(1); - } - } - - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); - } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; - } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); - } - - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } - - a.isub(b); - } while (true); - - return b.iushln(shift); - }; - - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; - - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; - - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; - - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; - - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; - } - - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; - - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; - - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; - - this.strip(); - - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } - - assert(num <= 0x3ffffff, 'Number is too big'); - - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; - } - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; - - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } - break; - } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; - - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; - - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; - - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; - - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; - - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; - - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; - - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; - - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; - - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; - - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; - return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; - - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; - - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; - - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; - - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; - - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; - - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; - - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; - - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; - - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; - - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; - - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; - - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); - }; - - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; - - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; - - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); - - this.tmp = this._tmp(); - } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - if (r.strip !== undefined) { - // r is BN v4 instance - r.strip(); - } else { - // r is BN v5 instance - r._strip(); - } - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); - } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; - - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } - } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); - } - inherits(P224, MPrime); - - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); - } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); - } - inherits(P25519, MPrime); - - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; - - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; - - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - - return prime; - }; - - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; - } - } - - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; - - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; - - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; - - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } - - return this.m.sub(a)._forceRed(this); - }; - - Red.prototype.add = function add (a, b) { - this._verify2(a, b); - - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); - - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; - - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); - - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; - - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; - - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; - - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); - - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); - - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } - - return r; - }; - - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; - - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); - - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } - - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } - - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } - - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } - - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; - - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } - - return res; - }; - - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); - - return r === num ? r.clone() : r; - }; - - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; - - // - // Montgomery method engine - // - - BN.mont = function mont (num) { - return new Mont(num); - }; - - function Mont (m) { - Red.call(this, m); - - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } - - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); - - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); - } - inherits(Mont, Red); - - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; - - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; - - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); - - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; -})(typeof module === 'undefined' || module, this); diff --git a/app/node_modules/bn.js/package.json b/app/node_modules/bn.js/package.json deleted file mode 100644 index 098b805f9..000000000 --- a/app/node_modules/bn.js/package.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "name": "bn.js", - "version": "4.12.0", - "description": "Big number implementation in pure javascript", - "main": "lib/bn.js", - "scripts": { - "lint": "semistandard", - "unit": "mocha --reporter=spec test/*-test.js", - "test": "npm run lint && npm run unit" - }, - "repository": { - "type": "git", - "url": "git@github.com:indutny/bn.js" - }, - "keywords": [ - "BN", - "BigNum", - "Big number", - "Modulo", - "Montgomery" - ], - "author": "Fedor Indutny ", - "license": "MIT", - "bugs": { - "url": "https://github.com/indutny/bn.js/issues" - }, - "homepage": "https://github.com/indutny/bn.js", - "browser": { - "buffer": false - }, - "devDependencies": { - "istanbul": "^0.3.5", - "mocha": "^2.1.0", - "semistandard": "^7.0.4" - } -} diff --git a/app/node_modules/inherits/LICENSE b/app/node_modules/inherits/LICENSE deleted file mode 100644 index dea3013d6..000000000 --- a/app/node_modules/inherits/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -The ISC License - -Copyright (c) Isaac Z. Schlueter - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - diff --git a/app/node_modules/inherits/README.md b/app/node_modules/inherits/README.md deleted file mode 100644 index b1c566585..000000000 --- a/app/node_modules/inherits/README.md +++ /dev/null @@ -1,42 +0,0 @@ -Browser-friendly inheritance fully compatible with standard node.js -[inherits](http://nodejs.org/api/util.html#util_util_inherits_constructor_superconstructor). - -This package exports standard `inherits` from node.js `util` module in -node environment, but also provides alternative browser-friendly -implementation through [browser -field](https://gist.github.com/shtylman/4339901). Alternative -implementation is a literal copy of standard one located in standalone -module to avoid requiring of `util`. It also has a shim for old -browsers with no `Object.create` support. - -While keeping you sure you are using standard `inherits` -implementation in node.js environment, it allows bundlers such as -[browserify](https://github.com/substack/node-browserify) to not -include full `util` package to your client code if all you need is -just `inherits` function. It worth, because browser shim for `util` -package is large and `inherits` is often the single function you need -from it. - -It's recommended to use this package instead of -`require('util').inherits` for any code that has chances to be used -not only in node.js but in browser too. - -## usage - -```js -var inherits = require('inherits'); -// then use exactly as the standard one -``` - -## note on version ~1.0 - -Version ~1.0 had completely different motivation and is not compatible -neither with 2.0 nor with standard node.js `inherits`. - -If you are using version ~1.0 and planning to switch to ~2.0, be -careful: - -* new version uses `super_` instead of `super` for referencing - superclass -* new version overwrites current prototype while old one preserves any - existing fields on it diff --git a/app/node_modules/inherits/inherits.js b/app/node_modules/inherits/inherits.js deleted file mode 100644 index f71f2d932..000000000 --- a/app/node_modules/inherits/inherits.js +++ /dev/null @@ -1,9 +0,0 @@ -try { - var util = require('util'); - /* istanbul ignore next */ - if (typeof util.inherits !== 'function') throw ''; - module.exports = util.inherits; -} catch (e) { - /* istanbul ignore next */ - module.exports = require('./inherits_browser.js'); -} diff --git a/app/node_modules/inherits/inherits_browser.js b/app/node_modules/inherits/inherits_browser.js deleted file mode 100644 index 86bbb3dc2..000000000 --- a/app/node_modules/inherits/inherits_browser.js +++ /dev/null @@ -1,27 +0,0 @@ -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - if (superCtor) { - ctor.super_ = superCtor - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }) - } - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - if (superCtor) { - ctor.super_ = superCtor - var TempCtor = function () {} - TempCtor.prototype = superCtor.prototype - ctor.prototype = new TempCtor() - ctor.prototype.constructor = ctor - } - } -} diff --git a/app/node_modules/inherits/package.json b/app/node_modules/inherits/package.json deleted file mode 100644 index 37b4366b8..000000000 --- a/app/node_modules/inherits/package.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "name": "inherits", - "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", - "version": "2.0.4", - "keywords": [ - "inheritance", - "class", - "klass", - "oop", - "object-oriented", - "inherits", - "browser", - "browserify" - ], - "main": "./inherits.js", - "browser": "./inherits_browser.js", - "repository": "git://github.com/isaacs/inherits", - "license": "ISC", - "scripts": { - "test": "tap" - }, - "devDependencies": { - "tap": "^14.2.4" - }, - "files": [ - "inherits.js", - "inherits_browser.js" - ] -} diff --git a/app/node_modules/minimalistic-assert/LICENSE b/app/node_modules/minimalistic-assert/LICENSE deleted file mode 100644 index adca66b32..000000000 --- a/app/node_modules/minimalistic-assert/LICENSE +++ /dev/null @@ -1,13 +0,0 @@ -Copyright 2015 Calvin Metcalf - -Permission to use, copy, modify, and/or distribute this software for any purpose -with or without fee is hereby granted, provided that the above copyright notice -and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. \ No newline at end of file diff --git a/app/node_modules/minimalistic-assert/index.js b/app/node_modules/minimalistic-assert/index.js deleted file mode 100644 index 70b4ea5bb..000000000 --- a/app/node_modules/minimalistic-assert/index.js +++ /dev/null @@ -1,11 +0,0 @@ -module.exports = assert; - -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} - -assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); -}; diff --git a/app/node_modules/minimalistic-assert/package.json b/app/node_modules/minimalistic-assert/package.json deleted file mode 100644 index f8de10d9d..000000000 --- a/app/node_modules/minimalistic-assert/package.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "minimalistic-assert", - "version": "1.0.1", - "description": "minimalistic-assert ===", - "main": "index.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "repository": { - "type": "git", - "url": "https://github.com/calvinmetcalf/minimalistic-assert.git" - }, - "author": "", - "license": "ISC", - "bugs": { - "url": "https://github.com/calvinmetcalf/minimalistic-assert/issues" - }, - "homepage": "https://github.com/calvinmetcalf/minimalistic-assert" -} diff --git a/app/node_modules/minimalistic-assert/readme.md b/app/node_modules/minimalistic-assert/readme.md deleted file mode 100644 index 2ca0d256e..000000000 --- a/app/node_modules/minimalistic-assert/readme.md +++ /dev/null @@ -1,4 +0,0 @@ -minimalistic-assert -=== - -very minimalistic assert module. diff --git a/app/node_modules/openpgp/README.md b/app/node_modules/openpgp/README.md index 1f719ee4e..955300a4f 100644 --- a/app/node_modules/openpgp/README.md +++ b/app/node_modules/openpgp/README.md @@ -1,7 +1,7 @@ -OpenPGP.js [![BrowserStack Status](https://automate.browserstack.com/badge.svg?badge_key=N1l2eHFOanVBMU9wYWxJM3ZnWERnc1lidkt5UkRqa3BralV3SWVhOGpGTT0tLVljSjE4Z3dzVmdiQjl6RWgxb2c3T2c9PQ==--5864052cd523f751b6b907d547ac9c4c5f88c8a3)](https://automate.browserstack.com/public-build/N1l2eHFOanVBMU9wYWxJM3ZnWERnc1lidkt5UkRqa3BralV3SWVhOGpGTT0tLVljSjE4Z3dzVmdiQjl6RWgxb2c3T2c9PQ==--5864052cd523f751b6b907d547ac9c4c5f88c8a3) [![Join the chat on Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/openpgpjs/openpgpjs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +OpenPGP.js [![Join the chat on Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/openpgpjs/openpgpjs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) ========== -[OpenPGP.js](https://openpgpjs.org/) is a JavaScript implementation of the OpenPGP protocol. It implements [RFC4880](https://tools.ietf.org/html/rfc4880) and parts of [RFC4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10). +[OpenPGP.js](https://openpgpjs.org/) is a JavaScript implementation of the OpenPGP protocol. It implements [RFC 9580](https://datatracker.ietf.org/doc/rfc9580/) (superseding [RFC 4880](https://tools.ietf.org/html/rfc4880) and [RFC 4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10)). **Table of Contents** @@ -33,61 +33,62 @@ OpenPGP.js [![BrowserStack Status](https://automate.browserstack.com/badge.svg?b ### Platform Support -* The `dist/openpgp.min.js` bundle works well with recent versions of Chrome, Firefox, Safari and Edge. +* The `dist/openpgp.min.js` (or `.mjs`) bundle works with recent versions of Chrome, Firefox, Edge and Safari 14+. -* The `dist/node/openpgp.min.js` bundle works well in Node.js. It is used by default when you `require('openpgp')` in Node.js. +* The `dist/node/openpgp.min.mjs` (or `.cjs`) bundle works in Node.js v18+: it is used by default when you `import ... from 'openpgp'` (or `require('openpgp')`, respectively). + +* Support for the [Web Cryptography API](https://w3c.github.io/webcrypto/)'s `SubtleCrypto` is required. + * In browsers, `SubtleCrypto` is only available in [secure contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts). + * In supported versions of Node.js, `SubtleCrypto` is always available. + +* Support for the [Web Streams API](https://streams.spec.whatwg.org/) is required. + * In browsers: the latest versions of Chrome, Firefox, Edge and Safari support Streams, including `TransformStream`s. + These are needed if you use the library with stream inputs. + In previous versions of OpenPGP.js, Web Streams were automatically polyfilled by the library, + but from v6 this task is left up to the library user, due to the more extensive browser support, and the + polyfilling side-effects. If you're working with [older browsers versions which do not implement e.g. TransformStreams](https://developer.mozilla.org/en-US/docs/Web/API/TransformStream#browser_compatibility), you can manually + load the [Web Streams polyfill](https://github.com/MattiasBuelens/web-streams-polyfills). + Please note that when you load the polyfills, the global `ReadableStream` property (if it exists) gets overwritten with the polyfill version. + In some edge cases, you might need to use the native + `ReadableStream` (for example when using it to create a `Response` + object), in which case you should store a reference to it before loading + the polyfills. There is also the [web-streams-adapter](https://github.com/MattiasBuelens/web-streams-adapter) + library to convert back and forth between them. + * In Node.js: OpenPGP.js v6 no longer supports native Node `Readable` streams in inputs, and instead expects (and outputs) [Node's Web Streams](https://nodejs.org/api/webstreams.html#class-readablestream). [Node v17+ includes utilities to convert from and to Web Streams](https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options). -* Currently, Chrome, Safari and Edge have partial implementations of the -[Streams specification](https://streams.spec.whatwg.org/), and Firefox -has a partial implementation behind feature flags. Chrome is the only -browser that implements `TransformStream`s, which we need, so we include -a [polyfill](https://github.com/MattiasBuelens/web-streams-polyfill) for -all other browsers. Please note that in those browsers, the global -`ReadableStream` property gets overwritten with the polyfill version if -it exists. In some edge cases, you might need to use the native -`ReadableStream` (for example when using it to create a `Response` -object), in which case you should store a reference to it before loading -OpenPGP.js. There is also the -[web-streams-adapter](https://github.com/MattiasBuelens/web-streams-adapter) -library to convert back and forth between them. ### Performance -* Version 3.0.0 of the library introduces support for public-key cryptography using [elliptic curves](https://wiki.gnupg.org/ECC). We use native implementations on browsers and Node.js when available. Elliptic curve cryptography provides stronger security per bits of key, which allows for much faster operations. Currently the following curves are supported: +* Version 3.0.0 of the library introduced support for public-key cryptography using [elliptic curves](https://wiki.gnupg.org/ECC). We use native implementations on browsers and Node.js when available. Compared to RSA, elliptic curve cryptography provides stronger security per bits of key, which allows for much faster operations. Currently the following curves are supported: | Curve | Encryption | Signature | NodeCrypto | WebCrypto | Constant-Time | |:---------------:|:----------:|:---------:|:----------:|:---------:|:-----------------:| - | curve25519 | ECDH | N/A | No | No | Algorithmically** | - | ed25519 | N/A | EdDSA | No | No | Algorithmically** | - | p256 | ECDH | ECDSA | Yes* | Yes* | If native*** | - | p384 | ECDH | ECDSA | Yes* | Yes* | If native*** | - | p521 | ECDH | ECDSA | Yes* | Yes* | If native*** | - | brainpoolP256r1 | ECDH | ECDSA | Yes* | No | If native*** | - | brainpoolP384r1 | ECDH | ECDSA | Yes* | No | If native*** | - | brainpoolP512r1 | ECDH | ECDSA | Yes* | No | If native*** | - | secp256k1 | ECDH | ECDSA | Yes* | No | If native*** | + | curve25519 | ECDH | N/A | No | No | Algorithmically | + | ed25519 | N/A | EdDSA | No | Yes* | If native** | + | nistP256 | ECDH | ECDSA | Yes* | Yes* | If native** | + | nistP384 | ECDH | ECDSA | Yes* | Yes* | If native** | + | nistP521 | ECDH | ECDSA | Yes* | Yes* | If native** | + | brainpoolP256r1 | ECDH | ECDSA | Yes* | No | If native** | + | brainpoolP384r1 | ECDH | ECDSA | Yes* | No | If native** | + | brainpoolP512r1 | ECDH | ECDSA | Yes* | No | If native** | + | secp256k1 | ECDH | ECDSA | Yes* | No | If native** | \* when available - \** the curve25519 and ed25519 implementations are algorithmically constant-time, but may not be constant-time after optimizations of the JavaScript compiler - \*** these curves are only constant-time if the underlying native implementation is available and constant-time - -* Version 2.x of the library has been built from the ground up with Uint8Arrays. This allows for much better performance and memory usage than strings. + \** these curves are only constant-time if the underlying native implementation is available and constant-time -* If the user's browser supports [native WebCrypto](https://caniuse.com/#feat=cryptography) via the `window.crypto.subtle` API, this will be used. Under Node.js the native [crypto module](https://nodejs.org/api/crypto.html#crypto_crypto) is used. +* The platform's [native Web Crypto API](https://w3c.github.io/webcrypto/) is used for performance. On Node.js the native [crypto module](https://nodejs.org/api/crypto.html#crypto_crypto) is also used, in cases where it offers additional functionality. -* The library implements the [RFC4880bis proposal](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10) for authenticated encryption using native AES-EAX, OCB, or GCM. This makes symmetric encryption up to 30x faster on supported platforms. Since the specification has not been finalized and other OpenPGP implementations haven't adopted it yet, the feature is currently behind a flag. **Note: activating this setting can break compatibility with other OpenPGP implementations, and also with future versions of OpenPGP.js. Don't use it with messages you want to store on disk or in a database.** You can enable it by setting `openpgp.config.aeadProtect = true`. +* The library implements authenticated encryption (AEAD) as per [RFC 9580](https://datatracker.ietf.org/doc/rfc9580/) using AES-GCM, OCB, or EAX. This makes symmetric encryption faster on platforms with native implementations. However, since the specification is very recent and other OpenPGP implementations are in the process of adopting it, the feature is currently behind a flag. **Note: activating this setting can break compatibility with other OpenPGP implementations which have yet to implement the feature.** You can enable it by setting `openpgp.config.aeadProtect = true`. + Note that this setting has a different effect from the one in OpenPGP.js v5, which implemented support for a provisional version of AEAD from [RFC 4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10), which was modified in RFC 9580. You can change the AEAD mode by setting one of the following options: ``` - openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.eax // Default, native - openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.ocb // Non-native - openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM // **Non-standard**, fastest + openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.gcm; // Default, native in WebCrypto and Node.js + openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.ocb; // Non-native, but supported across RFC 9580 implementations + openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.eax; // Native in Node.js ``` -* For environments that don't provide native crypto, the library falls back to [asm.js](https://caniuse.com/#feat=asmjs) implementations of AES, SHA-1, and SHA-256. - - ### Getting started #### Node.js @@ -98,16 +99,15 @@ Install OpenPGP.js using npm and save it in your dependencies: npm install --save openpgp ``` -And import it as a CommonJS module: - +And import it as an ES module, from a .mjs file: ```js -const openpgp = require('openpgp'); +import * as openpgp from 'openpgp'; ``` -Or as an ES6 module, from an .mjs file: +Or as a CommonJS module: ```js -import * as openpgp from 'openpgp'; +const openpgp = require('openpgp'); ``` #### Deno (experimental) @@ -174,17 +174,17 @@ To offload cryptographic operations off the main thread, you can implement a Web #### TypeScript -Since TS is not fully integrated in the library, TS-only dependencies are currently listed as `devDependencies`, so to compile the project you’ll need to add `@openpgp/web-stream-tools` manually (NB: only versions below v0.12 are compatible with OpenPGP.js v5): +Since TS is not fully integrated in the library, TS-only dependencies are currently listed as `devDependencies`, so to compile the project you’ll need to add `@openpgp/web-stream-tools` manually: ```sh -npm install --save-dev @openpgp/web-stream-tools@0.0.11-patch-0 +npm install --save-dev @openpgp/web-stream-tools ``` If you notice missing or incorrect type definitions, feel free to open a PR. ### Examples -Here are some examples of how to use OpenPGP.js v5. For more elaborate examples and working code, please check out the [public API unit tests](https://github.com/openpgpjs/openpgpjs/blob/main/test/general/openpgp.js). If you're upgrading from v4 it might help to check out the [changelog](https://github.com/openpgpjs/openpgpjs/wiki/V5-Changelog) and [documentation](https://github.com/openpgpjs/openpgpjs#documentation). +Here are some examples of how to use OpenPGP.js v6. For more elaborate examples and working code, please check out the [public API unit tests](https://github.com/openpgpjs/openpgpjs/blob/main/test/general/openpgp.js). If you're upgrading from v4 it might help to check out the [changelog](https://github.com/openpgpjs/openpgpjs/wiki/v6-Changelog) and [documentation](https://github.com/openpgpjs/openpgpjs#documentation). #### Encrypt and decrypt *Uint8Array* data with a password @@ -389,14 +389,8 @@ Where the value can be any of: })(); ``` -For more information on using ReadableStreams, see [the MDN Documentation on the -Streams API](https://developer.mozilla.org/en-US/docs/Web/API/Streams_API). - -You can also pass a [Node.js `Readable` -stream](https://nodejs.org/api/stream.html#stream_class_stream_readable), in -which case OpenPGP.js will return a Node.js `Readable` stream as well, which you -can `.pipe()` to a `Writable` stream, for example. - +For more information on using ReadableStreams (both in browsers and Node.js), see [the MDN Documentation on the +Streams API](https://developer.mozilla.org/en-US/docs/Web/API/Streams_API) . #### Streaming encrypt and decrypt *String* data with PGP keys @@ -453,7 +447,7 @@ can `.pipe()` to a `Writable` stream, for example. ECC keys (smaller and faster to generate): -Possible values for `curve` are: `curve25519`, `ed25519`, `p256`, `p384`, `p521`, +Possible values for `curve` are: `curve25519`, `ed25519`, `nistP256`, `nistP384`, `nistP521`, `brainpoolP256r1`, `brainpoolP384r1`, `brainpoolP512r1`, and `secp256k1`. Note that both the `curve25519` and `ed25519` options generate a primary key for signing using Ed25519 and a subkey for encryption using Curve25519. @@ -670,7 +664,7 @@ To create your own build of the library, just run the following command after cl npm install && npm test -For debugging browser errors, you can run `npm start` and open [`http://localhost:8080/test/unittests.html`](http://localhost:8080/test/unittests.html) in a browser, or run the following command: +For debugging browser errors, run the following command: npm run browsertest diff --git a/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs b/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs new file mode 100644 index 000000000..278134f88 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs @@ -0,0 +1,3 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const A="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function I(A,I,g,B){A[I]+=g[B],A[I+1]+=g[B+1]+(A[I]>>24^e<<8,A[C+1]=e>>>24^i<<8,I(A,B,A,C),I(A,B,g,t),i=A[E]^A[B],e=A[E+1]^A[B+1],A[E]=i>>>16^e<<16,A[E+1]=e>>>16^i<<16,I(A,Q,A,E),i=A[C]^A[Q],e=A[C+1]^A[Q+1],A[C]=e>>>31^i<<1,A[C+1]=i>>>31^e<<1}const C=new Uint32Array([4089235720,1779033703,2227873595,3144134277,4271175723,1013904242,1595750129,2773480762,2917565137,1359893119,725511199,2600822924,4215389547,528734635,327033209,1541459225]),Q=new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3].map((A=>2*A)));function E(A,I){const g=new Uint32Array(32),E=new Uint32Array(A.b.buffer,A.b.byteOffset,32);for(let I=0;I<16;I++)g[I]=A.h[I],g[I+16]=C[I];g[24]^=A.t0[0],g[25]^=A.t0[1];const w=I?4294967295:0;g[28]^=w,g[29]^=w;for(let A=0;A<12;A++){const I=A<<4;B(g,E,0,8,16,24,Q[I+0],Q[I+1]),B(g,E,2,10,18,26,Q[I+2],Q[I+3]),B(g,E,4,12,20,28,Q[I+4],Q[I+5]),B(g,E,6,14,22,30,Q[I+6],Q[I+7]),B(g,E,0,10,20,30,Q[I+8],Q[I+9]),B(g,E,2,12,22,24,Q[I+10],Q[I+11]),B(g,E,4,14,16,26,Q[I+12],Q[I+13]),B(g,E,6,8,18,28,Q[I+14],Q[I+15])}for(let I=0;I<16;I++)A.h[I]^=g[I]^g[I+16]}class w{constructor(A,I,g,B){const Q=new Uint8Array(64);this.S={b:new Uint8Array(e),h:new Uint32Array(i/4),t0:new Uint32Array(2),c:0,outlen:A},Q[0]=A,I&&(Q[1]=I.length),Q[2]=1,Q[3]=1,g&&Q.set(g,32),B&&Q.set(B,48);const E=new Uint32Array(Q.buffer,Q.byteOffset,Q.length/Uint32Array.BYTES_PER_ELEMENT);for(let A=0;A<16;A++)this.S.h[A]=C[A]^E[A];if(I){const A=new Uint8Array(e);A.set(I),this.update(A)}}update(A){if(!(A instanceof Uint8Array))throw Error("Input must be Uint8Array or Buffer");let I=0;for(;I>2]>>8*(3&A);return this.S.h=null,I.buffer}}function t(A,I,g,B){if(A>i)throw Error(`outlen must be at most ${i} (given: ${A})`);return new w(A,I,g,B)}const i=64,e=128,n=2,D=19,s=4294967295,f=4,r=4294967295,o=8,c=4294967295,S=8,y=4294967295,a=4294967295,h=32,M=1024,U=64,R=205===new Uint8Array(new Uint16Array([43981]).buffer)[0];function N(A,I,g){return A[g+0]=I,A[g+1]=I>>8,A[g+2]=I>>16,A[g+3]=I>>24,A}function k(A,I,g){if(I>Number.MAX_SAFE_INTEGER)throw Error("LE64: large numbers unsupported");let B=I;for(let I=g;I{if(IB)throw Error(`${A} size should be between ${g} and ${B} bytes`)};if(A!==n||I!==D)throw Error("Unsupported type or version");return e("password",B,S,c),e("salt",C,o,r),e("tag",g,f,s),e("memory",t,8*w,y),Q&&e("associated data",Q,0,a),E&&e("secret",E,0,h),{type:A,version:I,tagLength:g,password:B,salt:C,ad:Q,secret:E,lanes:w,memorySize:t,passes:i}}({type:n,version:D,...A}),{G:C,G2:Q,xor:E,getLZ:w}=g.exports,i={},e={};e.G=C,e.G2=Q,e.XOR=E;const k=4*B.lanes*Math.floor(B.memorySize/(4*B.lanes)),F=k*M+10*J;if(I.buffer.byteLength{g.set(A,B),B+=A.length})),g}(C));const Q=I.digest();return new Uint8Array(Q)}(B),P=k/B.lanes,x=Array(B.lanes).fill(null).map((()=>Array(P))),m=(A,I)=>(x[A][I]=v.subarray(A*P*1024+1024*I,A*P*1024+1024*I+M),x[A][I]);for(let A=0;A0?x[C][t-1]:x[C][P-1],e=g?E.next().value:i;w(p.byteOffset,e.byteOffset,C,B.lanes,A,I,Q,4,O);const n=p[0],D=p[1];0===A&&m(C,t),G(d,i,x[n][D],A>0?b:x[C][t]),A>0&&l(d,x[C][t],b,x[C][t])}}}const V=x[0][P-1];for(let A=1;AK(A,{instance:B.instance,memory:g})}function b(I,g,B,C){var Q=null,E=A.atob(B),w=E.length;Q=new Uint8Array(new ArrayBuffer(w));for(var t=0;td((A=>b(0,0,"AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL",A)),(A=>b(0,0,"AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==",A)));export{v as default}; +//# sourceMappingURL=argon2id.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs.map new file mode 100644 index 000000000..eb96a3170 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/argon2id.min.mjs.map @@ -0,0 +1 @@ +{"version":3,"file":"argon2id.min.mjs","sources":["../../node_modules/argon2id/lib/blake2b.js","../../node_modules/argon2id/lib/argon2id.js","../../node_modules/argon2id/lib/setup.js","../../node_modules/argon2id/index.js"],"sourcesContent":["// Adapted from the reference implementation in RFC7693\n// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes\n\n// Uint64 values are represented using two Uint32s, stored as little endian\n// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays\n// need to be manually handled\n\n// 64-bit unsigned addition (little endian, in place)\n// Sets a[i,i+1] += b[j,j+1]\n// `a` and `b` must be Uint32Array(2)\nfunction ADD64 (a, i, b, j) {\n a[i] += b[j];\n a[i+1] += b[j+1] + (a[i] < b[j]); // add carry\n}\n\n// Increment 64-bit little-endian unsigned value by `c` (in place)\n// `a` must be Uint32Array(2)\nfunction INC64 (a, c) {\n a[0] += c;\n a[1] += (a[0] < c);\n}\n\n// G Mixing function\n// The ROTRs are inlined for speed\nfunction G (v, m, a, b, c, d, ix, iy) {\n ADD64(v, a, v, b) // v[a,a+1] += v[b,b+1]\n ADD64(v, a, m, ix) // v[a, a+1] += x ... x0\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits\n let xor0 = v[d] ^ v[a]\n let xor1 = v[d + 1] ^ v[a + 1]\n v[d] = xor1\n v[d + 1] = xor0\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor0 >>> 24) ^ (xor1 << 8)\n v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8)\n\n ADD64(v, a, v, b)\n ADD64(v, a, m, iy)\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits\n xor0 = v[d] ^ v[a]\n xor1 = v[d + 1] ^ v[a + 1]\n v[d] = (xor0 >>> 16) ^ (xor1 << 16)\n v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16)\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor1 >>> 31) ^ (xor0 << 1)\n v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1)\n}\n\n// Initialization Vector\nconst BLAKE2B_IV32 = new Uint32Array([\n 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,\n 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,\n 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,\n 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19\n])\n\n// These are offsets into a Uint64 buffer.\n// Multiply them all by 2 to make them offsets into a Uint32 buffer\nconst SIGMA = new Uint8Array([\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,\n 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,\n 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,\n 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,\n 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,\n 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,\n 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,\n 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,\n 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3\n].map(x => x * 2))\n\n// Compression function. 'last' flag indicates last block.\n// Note: we're representing 16 uint64s as 32 uint32s\nfunction compress(S, last) {\n const v = new Uint32Array(32)\n const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32)\n\n // init work variables\n for (let i = 0; i < 16; i++) {\n v[i] = S.h[i]\n v[i + 16] = BLAKE2B_IV32[i]\n }\n\n // low 64 bits of offset\n v[24] ^= S.t0[0]\n v[25] ^= S.t0[1]\n // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1\n\n // if last block\n const f0 = last ? 0xFFFFFFFF : 0;\n v[28] ^= f0;\n v[29] ^= f0;\n\n // twelve rounds of mixing\n for (let i = 0; i < 12; i++) {\n // ROUND(r)\n const i16 = i << 4;\n G(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1])\n G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3])\n G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5])\n G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7])\n G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9])\n G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11])\n G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13])\n G(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15])\n }\n\n for (let i = 0; i < 16; i++) {\n S.h[i] ^= v[i] ^ v[i + 16]\n }\n}\n\n// Creates a BLAKE2b hashing context\n// Requires an output length between 1 and 64 bytes\n// Takes an optional Uint8Array key\nclass Blake2b {\n constructor(outlen, key, salt, personal) {\n const params = new Uint8Array(64)\n // 0: outlen, keylen, fanout, depth\n // 4: leaf length, sequential mode\n // 8: node offset\n // 12: node offset\n // 16: node depth, inner length, rfu\n // 20: rfu\n // 24: rfu\n // 28: rfu\n // 32: salt\n // 36: salt\n // 40: salt\n // 44: salt\n // 48: personal\n // 52: personal\n // 56: personal\n // 60: personal\n\n // init internal state\n this.S = {\n b: new Uint8Array(BLOCKBYTES),\n h: new Uint32Array(OUTBYTES_MAX / 4),\n t0: new Uint32Array(2), // input counter `t`, lower 64-bits only\n c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`\n outlen // output length in bytes\n }\n\n // init parameter block\n params[0] = outlen\n if (key) params[1] = key.length\n params[2] = 1 // fanout\n params[3] = 1 // depth\n if (salt) params.set(salt, 32)\n if (personal) params.set(personal, 48)\n const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);\n\n // initialize hash state\n for (let i = 0; i < 16; i++) {\n this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];\n }\n\n // key the hash, if applicable\n if (key) {\n const block = new Uint8Array(BLOCKBYTES)\n block.set(key)\n this.update(block)\n }\n }\n\n // Updates a BLAKE2b streaming hash\n // Requires Uint8Array (byte array)\n update(input) {\n if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')\n // for (let i = 0; i < input.length; i++) {\n // if (this.S.c === BLOCKBYTES) { // buffer full\n // INC64(this.S.t0, this.S.c) // add counters\n // compress(this.S, false)\n // this.S.c = 0 // empty buffer\n // }\n // this.S.b[this.S.c++] = input[i]\n // }\n let i = 0\n while(i < input.length) {\n if (this.S.c === BLOCKBYTES) { // buffer full\n INC64(this.S.t0, this.S.c) // add counters\n compress(this.S, false)\n this.S.c = 0 // empty buffer\n }\n let left = BLOCKBYTES - this.S.c\n this.S.b.set(input.subarray(i, i + left), this.S.c) // end index can be out of bounds\n const fill = Math.min(left, input.length - i)\n this.S.c += fill\n i += fill\n }\n return this\n }\n\n /**\n * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one\n * @param {Uint8Array} [prealloc] - optional preallocated buffer\n * @returns {ArrayBuffer} message digest\n */\n digest(prealloc) {\n INC64(this.S.t0, this.S.c) // mark last block offset\n\n // final block, padded\n this.S.b.fill(0, this.S.c);\n this.S.c = BLOCKBYTES;\n compress(this.S, true)\n\n const out = prealloc || new Uint8Array(this.S.outlen);\n for (let i = 0; i < this.S.outlen; i++) {\n // must be loaded individually since default Uint32 endianness is platform dependant\n out[i] = this.S.h[i >> 2] >> (8 * (i & 3))\n }\n this.S.h = null; // prevent calling `update` after `digest`\n return out.buffer;\n }\n}\n\n\nexport default function createHash(outlen, key, salt, personal) {\n if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)\n if (key) {\n if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')\n if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)\n }\n if (salt) {\n if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')\n if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)\n }\n if (personal) {\n if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')\n if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)\n }\n\n return new Blake2b(outlen, key, salt, personal)\n}\n\nconst OUTBYTES_MAX = 64;\nconst KEYBYTES_MAX = 64;\nconst SALTBYTES = 16;\nconst PERSONALBYTES = 16;\nconst BLOCKBYTES = 128;\n\n","import blake2b from \"./blake2b.js\"\nconst TYPE = 2; // Argon2id\nconst VERSION = 0x13;\nconst TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MIN = 8;\nconst passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst passwordBYTES_MIN = 8;\nconst MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)\nconst SECRETBYTES_MAX = 32; // key (optional)\n\nconst ARGON2_BLOCK_SIZE = 1024;\nconst ARGON2_PREHASH_DIGEST_LENGTH = 64;\n\nconst isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;\n\n// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])\nfunction LE32(buf, n, i) {\n buf[i+0] = n;\n buf[i+1] = n >> 8;\n buf[i+2] = n >> 16;\n buf[i+3] = n >> 24;\n return buf;\n}\n\n/**\n * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])\n * @param {Uint8Array} buf\n * @param {Number} n\n * @param {Number} i\n */\nfunction LE64(buf, n, i) {\n if (n > Number.MAX_SAFE_INTEGER) throw new Error(\"LE64: large numbers unsupported\");\n // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations\n // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)\n // so we manually extract each byte\n let remainder = n;\n for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER\n buf[offset] = remainder; // implicit & 0xff\n remainder = (remainder - buf[offset]) / 256;\n }\n return buf;\n}\n\n/**\n * Variable-Length Hash Function H'\n * @param {Number} outlen - T\n * @param {Uint8Array} X - value to hash\n * @param {Uint8Array} res - output buffer, of length `outlength` or larger\n */\nfunction H_(outlen, X, res) {\n const V = new Uint8Array(64); // no need to keep around all V_i\n\n const V1_in = new Uint8Array(4 + X.length);\n LE32(V1_in, outlen, 0);\n V1_in.set(X, 4);\n if (outlen <= 64) {\n // H'^T(A) = H^T(LE32(T)||A)\n blake2b(outlen).update(V1_in).digest(res);\n return res\n }\n\n const r = Math.ceil(outlen / 32) - 2;\n\n // Let V_i be a 64-byte block and W_i be its first 32 bytes.\n // V_1 = H^(64)(LE32(T)||A)\n // V_2 = H^(64)(V_1)\n // ...\n // V_r = H^(64)(V_{r-1})\n // V_{r+1} = H^(T-32*r)(V_{r})\n // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}\n for (let i = 0; i < r; i++) {\n blake2b(64).update(i === 0 ? V1_in : V).digest(V);\n // store W_i in result buffer already\n res.set(V.subarray(0, 32), i*32)\n }\n // V_{r+1}\n const V_r1 = new Uint8Array(blake2b(outlen - 32*r).update(V).digest());\n res.set(V_r1, r*32);\n\n return res;\n}\n\n// compute buf = xs ^ ys\nfunction XOR(wasmContext, buf, xs, ys) {\n wasmContext.fn.XOR(\n buf.byteOffset,\n xs.byteOffset,\n ys.byteOffset,\n );\n return buf\n}\n\n/**\n * @param {Uint8Array} X (read-only)\n * @param {Uint8Array} Y (read-only)\n * @param {Uint8Array} R - output buffer\n * @returns\n */\nfunction G(wasmContext, X, Y, R) {\n wasmContext.fn.G(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\nfunction G2(wasmContext, X, Y, R) {\n wasmContext.fn.G2(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\n// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.\nfunction* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {\n // For each segment, we do the following. First, we compute the value Z as:\n // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )\n wasmContext.refs.prngTmp.fill(0);\n const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);\n LE64(Z, pass, 0);\n LE64(Z, lane, 8);\n LE64(Z, slice, 16);\n LE64(Z, m_, 24);\n LE64(Z, totalPasses, 32);\n LE64(Z, TYPE, 40);\n\n // Then we compute q/(128*SL) 1024-byte values\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),\n // ...,\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),\n for(let i = 1; i <= segmentLength; i++) {\n // tmp.set(Z); // no need to re-copy\n LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed\n const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );\n\n // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2\n // NB: the first generated pair must be used for the first block of the segment, and so on.\n // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.\n for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {\n yield g2.subarray(k, k+8);\n }\n }\n return [];\n}\n\nfunction validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {\n const assertLength = (name, value, min, max) => {\n if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }\n }\n\n if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version');\n assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);\n assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);\n assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);\n assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);\n // optional fields\n ad && assertLength('associated data', ad, 0, ADBYTES_MAX);\n secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);\n\n return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };\n}\n\nconst KB = 1024;\nconst WASM_PAGE_SIZE = 64 * KB;\n\nexport default function argon2id(params, { memory, instance: wasmInstance }) {\n if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system\n\n const ctx = validateParams({ type: TYPE, version: VERSION, ...params });\n\n const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;\n const wasmRefs = {};\n const wasmFn = {};\n wasmFn.G = wasmG;\n wasmFn.G2 = wasmG2;\n wasmFn.XOR = wasmXOR;\n\n // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.\n const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));\n const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references\n if (memory.buffer.byteLength < requiredMemory) {\n const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE)\n // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.\n // Otherwise, the operation fails, and the original memory can still be used.\n memory.grow(missing)\n }\n\n let offset = 0;\n // Init wasm memory needed in other functions\n wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;\n wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;\n wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;\n wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;\n // Init wasm memory needed locally\n const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;\n const wasmContext = { fn: wasmFn, refs: wasmRefs };\n const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;\n const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);\n const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);\n\n // 1. Establish H_0\n const H0 = getH0(ctx);\n\n // 2. Allocate the memory as m' 1024-byte blocks\n // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.\n const q = m_ / ctx.lanes;\n const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));\n const initBlock = (i, j) => {\n B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);\n return B[i][j];\n }\n\n for (let i = 0; i < ctx.lanes; i++) {\n // const LEi = LE0; // since p = 1 for us\n const tmp = new Uint8Array(H0.length + 8);\n // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p\n // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))\n tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));\n // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p\n // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))\n LE32(tmp, 1, H0.length);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));\n }\n\n // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2\n // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes\n // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.\n const SL = 4; // vertical slices\n const segmentLength = q / SL;\n for (let pass = 0; pass < ctx.passes; pass++) {\n // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel\n for (let sl = 0; sl < SL; sl++) {\n const isDataIndependent = pass === 0 && sl <= 1;\n for (let i = 0; i < ctx.lanes; i++) { // lane\n // On the first slice of the first pass, blocks 0 and 1 are already filled\n let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;\n // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)\n const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;\n for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {\n const j = sl * segmentLength + segmentOffset;\n const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]\n\n // we can assume the PRNG is never done\n const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength)\n const l = lz[0]; const z = lz[1];\n // for (let i = 0; i < p; i++ )\n // B[i][j] = G(B[i][j-1], B[l][z])\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n if (pass === 0) initBlock(i, j);\n G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);\n\n // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one\n if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j])\n }\n }\n }\n }\n\n // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:\n // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]\n const C = B[0][q-1];\n for(let i = 1; i < ctx.lanes; i++) {\n XOR(wasmContext, C, C, B[i][q-1])\n }\n\n const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));\n // clear memory since the module might be cached\n allocatedMemory.fill(0) // clear sensitive contents\n memory.grow(0) // allow deallocation\n // 8. The output tag is computed as H'^T(C).\n return tag;\n\n}\n\nfunction getH0(ctx) {\n const H = blake2b(ARGON2_PREHASH_DIGEST_LENGTH);\n const ZERO32 = new Uint8Array(4);\n const params = new Uint8Array(24);\n LE32(params, ctx.lanes, 0);\n LE32(params, ctx.tagLength, 4);\n LE32(params, ctx.memorySize, 8);\n LE32(params, ctx.passes, 12);\n LE32(params, ctx.version, 16);\n LE32(params, ctx.type, 20);\n\n const toHash = [params];\n if (ctx.password) {\n toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0))\n toHash.push(ctx.password)\n } else {\n toHash.push(ZERO32) // context.password.length\n }\n\n if (ctx.salt) {\n toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0))\n toHash.push(ctx.salt)\n } else {\n toHash.push(ZERO32) // context.salt.length\n }\n\n if (ctx.secret) {\n toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0))\n toHash.push(ctx.secret)\n // todo clear secret?\n } else {\n toHash.push(ZERO32) // context.secret.length\n }\n\n if (ctx.ad) {\n toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0))\n toHash.push(ctx.ad)\n } else {\n toHash.push(ZERO32) // context.ad.length\n }\n H.update(concatArrays(toHash))\n\n const outputBuffer = H.digest();\n return new Uint8Array(outputBuffer);\n}\n\nfunction concatArrays(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!(arrays[i] instanceof Uint8Array)) {\n throw new Error('concatArrays: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach((element) => {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n","import argon2id from \"./argon2id.js\";\n\nlet isSIMDSupported;\nasync function wasmLoader(memory, getSIMD, getNonSIMD) {\n const importObject = { env: { memory } };\n if (isSIMDSupported === undefined) {\n try {\n const loaded = await getSIMD(importObject);\n isSIMDSupported = true;\n return loaded;\n } catch(e) {\n isSIMDSupported = false;\n }\n }\n\n const loader = isSIMDSupported ? getSIMD : getNonSIMD;\n return loader(importObject);\n}\n\nexport default async function setupWasm(getSIMD, getNonSIMD) {\n const memory = new WebAssembly.Memory({\n // in pages of 64KiB each\n // these values need to be compatible with those declared when building in `build-wasm`\n initial: 1040, // 65MB\n maximum: 65536, // 4GB\n });\n const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);\n\n /**\n * Argon2id hash function\n * @callback computeHash\n * @param {Object} params\n * @param {Uint8Array} params.password - password\n * @param {Uint8Array} params.salt - salt\n * @param {Integer} params.parallelism\n * @param {Integer} params.passes\n * @param {Integer} params.memorySize - in kibibytes\n * @param {Integer} params.tagLength - output tag length\n * @param {Uint8Array} [params.ad] - associated data (optional)\n * @param {Uint8Array} [params.secret] - secret data (optional)\n * @return {Uint8Array} argon2id hash\n */\n const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });\n\n return computeHash;\n}\n","import setupWasm from './lib/setup.js';\nimport wasmSIMD from './dist/simd.wasm';\nimport wasmNonSIMD from './dist/no-simd.wasm';\n\nconst loadWasm = async () => setupWasm(\n (instanceObject) => wasmSIMD(instanceObject),\n (instanceObject) => wasmNonSIMD(instanceObject),\n);\n\nexport default loadWasm;\n"],"names":["ADD64","a","i","b","j","INC64","c","G","v","m","d","ix","iy","xor0","xor1","BLAKE2B_IV32","Uint32Array","SIGMA","Uint8Array","map","x","compress","S","last","buffer","byteOffset","h","t0","f0","i16","Blake2b","constructor","outlen","key","salt","personal","params","this","BLOCKBYTES","OUTBYTES_MAX","length","set","params32","BYTES_PER_ELEMENT","block","update","input","Error","left","subarray","fill","Math","min","digest","prealloc","out","createHash","TYPE","VERSION","TAGBYTES_MAX","TAGBYTES_MIN","SALTBYTES_MAX","SALTBYTES_MIN","passwordBYTES_MAX","passwordBYTES_MIN","MEMBYTES_MAX","ADBYTES_MAX","SECRETBYTES_MAX","ARGON2_BLOCK_SIZE","ARGON2_PREHASH_DIGEST_LENGTH","isLittleEndian","Uint16Array","LE32","buf","n","LE64","Number","MAX_SAFE_INTEGER","remainder","offset","H_","X","res","V","V1_in","blake2b","r","ceil","V_r1","XOR","wasmContext","xs","ys","fn","Y","R","refs","gZ","G2","makePRNG","pass","lane","slice","m_","totalPasses","segmentLength","segmentOffset","prngTmp","Z","g2","ZERO1024","prngR","k","KB","WASM_PAGE_SIZE","argon2id","memory","instance","wasmInstance","ctx","type","version","tagLength","password","ad","secret","parallelism","memorySize","passes","assertLength","name","value","max","lanes","validateParams","wasmG","wasmG2","xor","wasmXOR","getLZ","wasmLZ","exports","wasmRefs","wasmFn","floor","requiredMemory","byteLength","missing","grow","lz","newBlock","blockMemory","allocatedMemory","H0","H","ZERO32","toHash","push","arrays","totalLength","result","pos","forEach","element","concatArrays","outputBuffer","getH0","q","B","Array","initBlock","tmp","sl","isDataIndependent","PRNG","prevBlock","J1J2","next","l","z","C","tag","isSIMDSupported","async","setupWasm","getSIMD","getNonSIMD","WebAssembly","Memory","initial","maximum","wasmModule","importObject","env","undefined","loaded","e","wasmLoader","loadWasm","instanceObject"],"mappings":";6GAUA,SAASA,EAAOC,EAAGC,EAAGC,EAAGC,GACvBH,EAAEC,IAAMC,EAAEC,GACVH,EAAEC,EAAE,IAAMC,EAAEC,EAAE,IAAMH,EAAEC,GAAKC,EAAEC,GAC/B,CAIA,SAASC,EAAOJ,EAAGK,GACjBL,EAAE,IAAMK,EACRL,EAAE,IAAOA,EAAE,GAAKK,CAClB,CAIA,SAASC,EAAGC,EAAGC,EAAGR,EAAGE,EAAGG,EAAGI,EAAGC,EAAIC,GAChCZ,EAAMQ,EAAGP,EAAGO,EAAGL,GACfH,EAAMQ,EAAGP,EAAGQ,EAAGE,GAGf,IAAIE,EAAOL,EAAEE,GAAKF,EAAEP,GAChBa,EAAON,EAAEE,EAAI,GAAKF,EAAEP,EAAI,GAC5BO,EAAEE,GAAKI,EACPN,EAAEE,EAAI,GAAKG,EAEXb,EAAMQ,EAAGF,EAAGE,EAAGE,GAGfG,EAAOL,EAAEL,GAAKK,EAAEF,GAChBQ,EAAON,EAAEL,EAAI,GAAKK,EAAEF,EAAI,GACxBE,EAAEL,GAAMU,IAAS,GAAOC,GAAQ,EAChCN,EAAEL,EAAI,GAAMW,IAAS,GAAOD,GAAQ,EAEpCb,EAAMQ,EAAGP,EAAGO,EAAGL,GACfH,EAAMQ,EAAGP,EAAGQ,EAAGG,GAGfC,EAAOL,EAAEE,GAAKF,EAAEP,GAChBa,EAAON,EAAEE,EAAI,GAAKF,EAAEP,EAAI,GACxBO,EAAEE,GAAMG,IAAS,GAAOC,GAAQ,GAChCN,EAAEE,EAAI,GAAMI,IAAS,GAAOD,GAAQ,GAEpCb,EAAMQ,EAAGF,EAAGE,EAAGE,GAGfG,EAAOL,EAAEL,GAAKK,EAAEF,GAChBQ,EAAON,EAAEL,EAAI,GAAKK,EAAEF,EAAI,GACxBE,EAAEL,GAAMW,IAAS,GAAOD,GAAQ,EAChCL,EAAEL,EAAI,GAAMU,IAAS,GAAOC,GAAQ,CACtC,CAGA,MAAMC,EAAe,IAAIC,YAAY,CACnC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,WAAY,UAAY,UAAY,aAKhCC,EAAQ,IAAIC,WAAW,CAC3B,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EACnD,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EACnD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAClD,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GACnDC,KAAIC,GAAS,EAAJA,KAIX,SAASC,EAASC,EAAGC,GACnB,MAAMf,EAAI,IAAIQ,YAAY,IACpBP,EAAI,IAAIO,YAAYM,EAAEnB,EAAEqB,OAAQF,EAAEnB,EAAEsB,WAAY,IAGtD,IAAK,IAAIvB,EAAI,EAAGA,EAAI,GAAIA,IACtBM,EAAEN,GAAKoB,EAAEI,EAAExB,GACXM,EAAEN,EAAI,IAAMa,EAAab,GAI3BM,EAAE,KAAOc,EAAEK,GAAG,GACdnB,EAAE,KAAOc,EAAEK,GAAG,GAId,MAAMC,EAAKL,EAAO,WAAa,EAC/Bf,EAAE,KAAOoB,EACTpB,EAAE,KAAOoB,EAGT,IAAK,IAAI1B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAE3B,MAAM2B,EAAM3B,GAAK,EACjBK,EAAEC,EAAGC,EAAG,EAAG,EAAG,GAAI,GAAKQ,EAAMY,EAAM,GAAIZ,EAAMY,EAAM,IACnDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,GAAIZ,EAAMY,EAAM,IACnDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,GAAIZ,EAAMY,EAAM,IACnDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,GAAIZ,EAAMY,EAAM,IACnDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,GAAIZ,EAAMY,EAAM,IACnDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,IAAKZ,EAAMY,EAAM,KACpDtB,EAAEC,EAAGC,EAAG,EAAG,GAAI,GAAI,GAAIQ,EAAMY,EAAM,IAAKZ,EAAMY,EAAM,KACpDtB,EAAEC,EAAGC,EAAG,EAAG,EAAG,GAAI,GAAKQ,EAAMY,EAAM,IAAKZ,EAAMY,EAAM,IACxD,CAEE,IAAK,IAAI3B,EAAI,EAAGA,EAAI,GAAIA,IACtBoB,EAAEI,EAAExB,IAAMM,EAAEN,GAAKM,EAAEN,EAAI,GAE3B,CAKA,MAAM4B,EACJ,WAAAC,CAAYC,EAAQC,EAAKC,EAAMC,GAC7B,MAAMC,EAAS,IAAIlB,WAAW,IAmB9BmB,KAAKf,EAAI,CACPnB,EAAG,IAAIe,WAAWoB,GAClBZ,EAAG,IAAIV,YAAYuB,EAAe,GAClCZ,GAAI,IAAIX,YAAY,GACpBV,EAAG,EACH0B,UAIFI,EAAO,GAAKJ,EACRC,IAAKG,EAAO,GAAKH,EAAIO,QACzBJ,EAAO,GAAK,EACZA,EAAO,GAAK,EACRF,GAAME,EAAOK,IAAIP,EAAM,IACvBC,GAAUC,EAAOK,IAAIN,EAAU,IACnC,MAAMO,EAAW,IAAI1B,YAAYoB,EAAOZ,OAAQY,EAAOX,WAAYW,EAAOI,OAASxB,YAAY2B,mBAG/F,IAAK,IAAIzC,EAAI,EAAGA,EAAI,GAAIA,IACtBmC,KAAKf,EAAEI,EAAExB,GAAKa,EAAab,GAAKwC,EAASxC,GAI3C,GAAI+B,EAAK,CACP,MAAMW,EAAQ,IAAI1B,WAAWoB,GAC7BM,EAAMH,IAAIR,GACVI,KAAKQ,OAAOD,EAClB,CACA,CAIE,MAAAC,CAAOC,GACL,KAAMA,aAAiB5B,YAAa,MAAU6B,MAAM,sCASpD,IAAI7C,EAAI,EACR,KAAMA,EAAI4C,EAAMN,QAAQ,CAClBH,KAAKf,EAAEhB,IAAMgC,IACfjC,EAAMgC,KAAKf,EAAEK,GAAIU,KAAKf,EAAEhB,GACxBe,EAASgB,KAAKf,GAAG,GACjBe,KAAKf,EAAEhB,EAAI,GAEb,IAAI0C,EAAOV,EAAaD,KAAKf,EAAEhB,EAC/B+B,KAAKf,EAAEnB,EAAEsC,IAAIK,EAAMG,SAAS/C,EAAGA,EAAI8C,GAAOX,KAAKf,EAAEhB,GACjD,MAAM4C,EAAOC,KAAKC,IAAIJ,EAAMF,EAAMN,OAAStC,GAC3CmC,KAAKf,EAAEhB,GAAK4C,EACZhD,GAAKgD,CACX,CACI,OAAOb,IACX,CAOE,MAAAgB,CAAOC,GACLjD,EAAMgC,KAAKf,EAAEK,GAAIU,KAAKf,EAAEhB,GAGxB+B,KAAKf,EAAEnB,EAAE+C,KAAK,EAAGb,KAAKf,EAAEhB,GACxB+B,KAAKf,EAAEhB,EAAIgC,EACXjB,EAASgB,KAAKf,GAAG,GAEjB,MAAMiC,EAAMD,GAAY,IAAIpC,WAAWmB,KAAKf,EAAEU,QAC9C,IAAK,IAAI9B,EAAI,EAAGA,EAAImC,KAAKf,EAAEU,OAAQ9B,IAEjCqD,EAAIrD,GAAKmC,KAAKf,EAAEI,EAAExB,GAAK,IAAO,GAAS,EAAJA,GAGrC,OADAmC,KAAKf,EAAEI,EAAI,KACJ6B,EAAI/B,MACf,EAIe,SAASgC,EAAWxB,EAAQC,EAAKC,EAAMC,GACpD,GAAIH,EAASO,EAAc,MAAUQ,MAAM,0BAA0BR,aAAwBP,MAc7F,OAAO,IAAIF,EAAQE,EAAQC,EAAKC,EAAMC,EACxC,CAEA,MAAMI,EAAe,GAIfD,EAAa,IC7PbmB,EAAO,EACPC,EAAU,GACVC,EAAe,WACfC,EAAe,EACfC,EAAgB,WAChBC,EAAgB,EAChBC,EAAoB,WACpBC,EAAoB,EACpBC,EAAe,WACfC,EAAc,WACdC,EAAkB,GAElBC,EAAoB,KACpBC,EAA+B,GAE/BC,EAAyE,MAAxD,IAAIpD,WAAW,IAAIqD,YAAY,CAAC,QAAS/C,QAAQ,GAGxE,SAASgD,EAAKC,EAAKC,EAAGxE,GAKpB,OAJAuE,EAAIvE,EAAE,GAAKwE,EACXD,EAAIvE,EAAE,GAAKwE,GAAM,EACjBD,EAAIvE,EAAE,GAAKwE,GAAK,GAChBD,EAAIvE,EAAE,GAAKwE,GAAK,GACTD,CACT,CAQA,SAASE,EAAKF,EAAKC,EAAGxE,GACpB,GAAIwE,EAAIE,OAAOC,iBAAkB,MAAU9B,MAAM,mCAIjD,IAAI+B,EAAYJ,EAChB,IAAK,IAAIK,EAAS7E,EAAG6E,EAAS7E,EAAE,EAAG6E,IACjCN,EAAIM,GAAUD,EACdA,GAAaA,EAAYL,EAAIM,IAAW,IAE1C,OAAON,CACT,CAQA,SAASO,EAAGhD,EAAQiD,EAAGC,GACrB,MAAMC,EAAI,IAAIjE,WAAW,IAEnBkE,EAAQ,IAAIlE,WAAW,EAAI+D,EAAEzC,QAGnC,GAFAgC,EAAKY,EAAOpD,EAAQ,GACpBoD,EAAM3C,IAAIwC,EAAG,GACTjD,GAAU,GAGZ,OADAqD,EAAQrD,GAAQa,OAAOuC,GAAO/B,OAAO6B,GAC9BA,EAGT,MAAMI,EAAInC,KAAKoC,KAAKvD,EAAS,IAAM,EASnC,IAAK,IAAI9B,EAAI,EAAGA,EAAIoF,EAAGpF,IACrBmF,EAAQ,IAAIxC,OAAa,IAAN3C,EAAUkF,EAAQD,GAAG9B,OAAO8B,GAE/CD,EAAIzC,IAAI0C,EAAElC,SAAS,EAAG,IAAO,GAAF/C,GAG7B,MAAMsF,EAAO,IAAItE,WAAWmE,EAAQrD,EAAS,GAAGsD,GAAGzC,OAAOsC,GAAG9B,UAG7D,OAFA6B,EAAIzC,IAAI+C,EAAQ,GAAFF,GAEPJ,CACT,CAGA,SAASO,EAAIC,EAAajB,EAAKkB,EAAIC,GAMjC,OALAF,EAAYG,GAAGJ,IACbhB,EAAIhD,WACJkE,EAAGlE,WACHmE,EAAGnE,YAEEgD,CACT,CAQA,SAASlE,EAAEmF,EAAaT,EAAGa,EAAGC,GAO5B,OANAL,EAAYG,GAAGtF,EACb0E,EAAExD,WACFqE,EAAErE,WACFsE,EAAEtE,WACFiE,EAAYM,KAAKC,GAAGxE,YAEfsE,CACT,CAEA,SAASG,EAAGR,EAAaT,EAAGa,EAAGC,GAO7B,OANAL,EAAYG,GAAGK,GACbjB,EAAExD,WACFqE,EAAErE,WACFsE,EAAEtE,WACFiE,EAAYM,KAAKC,GAAGxE,YAEfsE,CACT,CAGA,SAAUI,EAAST,EAAaU,EAAMC,EAAMC,EAAOC,EAAIC,EAAaC,EAAeC,GAGjFhB,EAAYM,KAAKW,QAAQzD,KAAK,GAC9B,MAAM0D,EAAIlB,EAAYM,KAAKW,QAAQ1D,SAAS,EAAG,IAC/C0B,EAAKiC,EAAGR,EAAM,GACdzB,EAAKiC,EAAGP,EAAM,GACd1B,EAAKiC,EAAGN,EAAO,IACf3B,EAAKiC,EAAGL,EAAI,IACZ5B,EAAKiC,EAAGJ,EAAa,IACrB7B,EAAKiC,EAAGnD,EAAM,IAQd,IAAI,IAAIvD,EAAI,EAAGA,GAAKuG,EAAevG,IAAK,CAEtCyE,EAAKe,EAAYM,KAAKW,QAASzG,EAAG0G,EAAEpE,QACpC,MAAMqE,EAAKX,EAAGR,EAAaA,EAAYM,KAAKc,SAAUpB,EAAYM,KAAKW,QAASjB,EAAYM,KAAKe,OAKjG,IAAI,IAAIC,EAAU,IAAN9G,EAAwB,EAAdwG,EAAkB,EAAGM,EAAIH,EAAGrE,OAAQwE,GAAK,QACtDH,EAAG5D,SAAS+D,EAAGA,EAAE,EAE9B,CACE,MAAO,EACT,CAmBA,MAAMC,EAAK,KACLC,EAAiB,GAAKD,EAEb,SAASE,EAAS/E,GAAQgF,OAAEA,EAAQC,SAAUC,IAC3D,IAAKhD,EAAgB,MAAUvB,MAAM,kCAErC,MAAMwE,EAvBR,UAAwBC,KAAEA,EAAIC,QAAEA,EAAOC,UAAEA,EAASC,SAAEA,EAAQzF,KAAEA,EAAI0F,GAAEA,EAAEC,OAAEA,EAAMC,YAAEA,EAAWC,WAAEA,EAAUC,OAAEA,IACvG,MAAMC,EAAe,CAACC,EAAMC,EAAO/E,EAAKgF,KACtC,GAAID,EAAQ/E,GAAO+E,EAAQC,EAAO,MAAUrF,MAAM,GAAGmF,4BAA+B9E,SAAWgF,UAAa,EAG9G,GAAIZ,IAAS/D,GAAQgE,IAAY/D,EAAS,MAAUX,MAAM,+BAS1D,OARAkF,EAAa,WAAYN,EAAU3D,EAAmBD,GACtDkE,EAAa,OAAQ/F,EAAM4B,EAAeD,GAC1CoE,EAAa,MAAOP,EAAW9D,EAAcD,GAC7CsE,EAAa,SAAUF,EAAY,EAAED,EAAa7D,GAElD2D,GAAMK,EAAa,kBAAmBL,EAAI,EAAG1D,GAC7C2D,GAAUI,EAAa,SAAUJ,EAAQ,EAAG1D,GAErC,CAAEqD,OAAMC,UAASC,YAAWC,WAAUzF,OAAM0F,KAAIC,SAAQQ,MAAOP,EAAaC,aAAYC,SACjG,CAQcM,CAAe,CAAEd,KAAM/D,EAAMgE,QAAS/D,KAAYtB,KAEtD7B,EAAEgI,EAAOrC,GAAGsC,EAAQC,IAAIC,EAASC,MAAMC,GAAWtB,EAAauB,QACjEC,EAAW,CAAE,EACbC,EAAS,CAAE,EACjBA,EAAOxI,EAAIgI,EACXQ,EAAO7C,GAAKsC,EACZO,EAAOtD,IAAMiD,EAGb,MAAMnC,EAAK,EAAIgB,EAAIc,MAAQlF,KAAK6F,MAAMzB,EAAIQ,YAAc,EAAIR,EAAIc,QAC1DY,EAAiB1C,EAAKnC,EAAoB,GAAK6C,EACrD,GAAIG,EAAO5F,OAAO0H,WAAaD,EAAgB,CAC7C,MAAME,EAAUhG,KAAKoC,MAAM0D,EAAiB7B,EAAO5F,OAAO0H,YAAchC,GAGxEE,EAAOgC,KAAKD,EAChB,CAEE,IAAIpE,EAAS,EAEb+D,EAAS7C,GAAK,IAAI/E,WAAWkG,EAAO5F,OAAQuD,EAAQX,GAAoBW,GAAS+D,EAAS7C,GAAGzD,OAC7FsG,EAAS/B,MAAQ,IAAI7F,WAAWkG,EAAO5F,OAAQuD,EAAQX,GAAoBW,GAAQ+D,EAAS/B,MAAMvE,OAClGsG,EAASnC,QAAU,IAAIzF,WAAWkG,EAAO5F,OAAQuD,EAAQX,GAAoBW,GAAQ+D,EAASnC,QAAQnE,OACtGsG,EAAShC,SAAW,IAAI5F,WAAWkG,EAAO5F,OAAQuD,EAAQ,MAAOA,GAAQ+D,EAAShC,SAAStE,OAE3F,MAAM6G,EAAK,IAAIrI,YAAYoG,EAAO5F,OAAQuD,EAAQ,GAAIA,GAAQsE,EAAG7G,OAASxB,YAAY2B,kBACtF,MAAM+C,EAAc,CAAEG,GAAIkD,EAAQ/C,KAAM8C,GAClCQ,EAAW,IAAIpI,WAAWkG,EAAO5F,OAAQuD,EAAQX,GAAoBW,GAAQuE,EAAS9G,OAC5F,MAAM+G,EAAc,IAAIrI,WAAWkG,EAAO5F,OAAQuD,EAAQwC,EAAIQ,WAAa3D,GACrEoF,EAAkB,IAAItI,WAAWkG,EAAO5F,OAAQ,EAAGuD,GAGnD0E,EA4ER,SAAelC,GACb,MAAMmC,EAAIrE,EAAQhB,GACZsF,EAAS,IAAIzI,WAAW,GACxBkB,EAAS,IAAIlB,WAAW,IAC9BsD,EAAKpC,EAAQmF,EAAIc,MAAO,GACxB7D,EAAKpC,EAAQmF,EAAIG,UAAW,GAC5BlD,EAAKpC,EAAQmF,EAAIQ,WAAY,GAC7BvD,EAAKpC,EAAQmF,EAAIS,OAAQ,IACzBxD,EAAKpC,EAAQmF,EAAIE,QAAS,IAC1BjD,EAAKpC,EAAQmF,EAAIC,KAAM,IAEvB,MAAMoC,EAAS,CAACxH,GACZmF,EAAII,UACNiC,EAAOC,KAAKrF,EAAK,IAAItD,WAAW,GAAIqG,EAAII,SAASnF,OAAQ,IACzDoH,EAAOC,KAAKtC,EAAII,WAEhBiC,EAAOC,KAAKF,GAGVpC,EAAIrF,MACN0H,EAAOC,KAAKrF,EAAK,IAAItD,WAAW,GAAIqG,EAAIrF,KAAKM,OAAQ,IACrDoH,EAAOC,KAAKtC,EAAIrF,OAEhB0H,EAAOC,KAAKF,GAGVpC,EAAIM,QACN+B,EAAOC,KAAKrF,EAAK,IAAItD,WAAW,GAAIqG,EAAIM,OAAOrF,OAAQ,IACvDoH,EAAOC,KAAKtC,EAAIM,SAGhB+B,EAAOC,KAAKF,GAGVpC,EAAIK,IACNgC,EAAOC,KAAKrF,EAAK,IAAItD,WAAW,GAAIqG,EAAIK,GAAGpF,OAAQ,IACnDoH,EAAOC,KAAKtC,EAAIK,KAEhBgC,EAAOC,KAAKF,GAEdD,EAAE7G,OAMJ,SAAsBiH,GACpB,GAAsB,IAAlBA,EAAOtH,OAAc,OAAOsH,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAI7J,EAAI,EAAGA,EAAI4J,EAAOtH,OAAQtC,IAAK,CACpC,KAAM4J,EAAO5J,aAAcgB,YACvB,MAAU6B,MAAM,0DAGpBgH,GAAeD,EAAO5J,GAAGsC,MAC/B,CAEE,MAAMwH,EAAS,IAAI9I,WAAW6I,GAC9B,IAAIE,EAAM,EAMV,OALAH,EAAOI,SAASC,IACZH,EAAOvH,IAAI0H,EAASF,GACpBA,GAAOE,EAAQ3H,MAAM,IAGlBwH,CACT,CA1BWI,CAAaR,IAEtB,MAAMS,EAAeX,EAAErG,SACvB,OAAO,IAAInC,WAAWmJ,EACxB,CAxHaC,CAAM/C,GAIXgD,EAAIhE,EAAKgB,EAAIc,MACbmC,EAAQC,MAAMlD,EAAIc,OAAOnF,KAAK,MAAM/B,KAAI,IAAUsJ,MAAMF,KACxDG,EAAY,CAACxK,EAAGE,KACpBoK,EAAEtK,GAAGE,GAAKmJ,EAAYtG,SAAS/C,EAAEqK,EAAE,KAAS,KAAFnK,EAASF,EAAEqK,EAAE,KAAS,KAAFnK,EAAUgE,GACjEoG,EAAEtK,GAAGE,IAGd,IAAK,IAAIF,EAAI,EAAGA,EAAIqH,EAAIc,MAAOnI,IAAK,CAElC,MAAMyK,EAAM,IAAIzJ,WAAWuI,EAAGjH,OAAS,GAGvCmI,EAAIlI,IAAIgH,GAAKjF,EAAKmG,EAAK,EAAGlB,EAAGjH,QAASgC,EAAKmG,EAAKzK,EAAGuJ,EAAGjH,OAAS,GAC/DwC,EAAGZ,EAAmBuG,EAAKD,EAAUxK,EAAG,IAGxCsE,EAAKmG,EAAK,EAAGlB,EAAGjH,QAChBwC,EAAGZ,EAAmBuG,EAAKD,EAAUxK,EAAG,GAC5C,CAKE,MACMuG,EAAgB8D,EADX,EAEX,IAAK,IAAInE,EAAO,EAAGA,EAAOmB,EAAIS,OAAQ5B,IAEpC,IAAK,IAAIwE,EAAK,EAAGA,EAJR,EAIiBA,IAAM,CAC9B,MAAMC,EAA6B,IAATzE,GAAcwE,GAAM,EAC9C,IAAK,IAAI1K,EAAI,EAAGA,EAAIqH,EAAIc,MAAOnI,IAAK,CAElC,IAAIwG,EAAuB,IAAPkE,GAAqB,IAATxE,EAAa,EAAI,EAEjD,MAAM0E,EAAOD,EAAoB1E,EAAST,EAAaU,EAAMlG,EAAG0K,EAAIrE,EAAIgB,EAAIS,OAAQvB,EAAeC,GAAiB,KACpH,KAAoBA,EAAgBD,EAAeC,IAAiB,CAClE,MAAMtG,EAAIwK,EAAKnE,EAAgBC,EACzBqE,EAAY3K,EAAI,EAAIoK,EAAEtK,GAAGE,EAAE,GAAKoK,EAAEtK,GAAGqK,EAAE,GAGvCS,EAAOH,EAAoBC,EAAKG,OAAO9C,MAAQ4C,EAErDnC,EAAOS,EAAG5H,WAAYuJ,EAAKvJ,WAAYvB,EAAGqH,EAAIc,MAAOjC,EAAMwE,EAAIlE,EAlB5D,EAkB+ED,GAClF,MAAMyE,EAAI7B,EAAG,GAAU8B,EAAI9B,EAAG,GAIjB,IAATjD,GAAYsE,EAAUxK,EAAGE,GAC7BG,EAAEmF,EAAaqF,EAAWP,EAAEU,GAAGC,GAAI/E,EAAO,EAAIkD,EAAWkB,EAAEtK,GAAGE,IAG1DgG,EAAO,GAAGX,EAAIC,EAAa8E,EAAEtK,GAAGE,GAAIkJ,EAAUkB,EAAEtK,GAAGE,GACjE,CACA,CACA,CAKE,MAAMgL,EAAIZ,EAAE,GAAGD,EAAE,GACjB,IAAI,IAAIrK,EAAI,EAAGA,EAAIqH,EAAIc,MAAOnI,IAC5BuF,EAAIC,EAAa0F,EAAGA,EAAGZ,EAAEtK,GAAGqK,EAAE,IAGhC,MAAMc,EAAMrG,EAAGuC,EAAIG,UAAW0D,EAAG,IAAIlK,WAAWqG,EAAIG,YAKpD,OAHA8B,EAAgBtG,KAAK,GACrBkE,EAAOgC,KAAK,GAELiC,CAET,CC3RA,IAAIC,EAiBWC,eAAeC,EAAUC,EAASC,GAC/C,MAAMtE,EAAS,IAAIuE,YAAYC,OAAO,CAGpCC,QAAS,KACTC,QAAS,QAELC,QAvBRR,eAA0BnE,EAAQqE,EAASC,GACzC,MAAMM,EAAe,CAAEC,IAAK,CAAE7E,WAC9B,QAAwB8E,IAApBZ,EACF,IACE,MAAMa,QAAeV,EAAQO,GAE7B,OADAV,GAAkB,EACXa,CACR,CAAC,MAAMC,GACNd,GAAkB,CACxB,CAIE,OADeA,EAAkBG,EAAUC,GAC7BM,EAChB,CAS2BK,CAAWjF,EAAQqE,EAASC,GAkBrD,OAFqBtJ,GAAW+E,EAAS/E,EAAQ,CAAEiF,SAAU0E,EAAW1E,SAAUD,UAGpF,yOCzCK,MAACkF,EAAWf,SAAYC,GAC1Be,4wLAA4BA,KAC5BA,wyJAA+BA","x_google_ignoreList":[0,1,2,3]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/argon2id.mjs b/app/node_modules/openpgp/dist/lightweight/argon2id.mjs new file mode 100644 index 000000000..392aeccc6 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/argon2id.mjs @@ -0,0 +1,683 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +// Adapted from the reference implementation in RFC7693 +// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes + +// Uint64 values are represented using two Uint32s, stored as little endian +// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays +// need to be manually handled + +// 64-bit unsigned addition (little endian, in place) +// Sets a[i,i+1] += b[j,j+1] +// `a` and `b` must be Uint32Array(2) +function ADD64 (a, i, b, j) { + a[i] += b[j]; + a[i+1] += b[j+1] + (a[i] < b[j]); // add carry +} + +// Increment 64-bit little-endian unsigned value by `c` (in place) +// `a` must be Uint32Array(2) +function INC64 (a, c) { + a[0] += c; + a[1] += (a[0] < c); +} + +// G Mixing function +// The ROTRs are inlined for speed +function G$1 (v, m, a, b, c, d, ix, iy) { + ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1] + ADD64(v, a, m, ix); // v[a, a+1] += x ... x0 + + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits + let xor0 = v[d] ^ v[a]; + let xor1 = v[d + 1] ^ v[a + 1]; + v[d] = xor1; + v[d + 1] = xor0; + + ADD64(v, c, v, d); + + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor0 >>> 24) ^ (xor1 << 8); + v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8); + + ADD64(v, a, v, b); + ADD64(v, a, m, iy); + + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits + xor0 = v[d] ^ v[a]; + xor1 = v[d + 1] ^ v[a + 1]; + v[d] = (xor0 >>> 16) ^ (xor1 << 16); + v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16); + + ADD64(v, c, v, d); + + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor1 >>> 31) ^ (xor0 << 1); + v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1); +} + +// Initialization Vector +const BLAKE2B_IV32 = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 +]); + +// These are offsets into a Uint64 buffer. +// Multiply them all by 2 to make them offsets into a Uint32 buffer +const SIGMA = new Uint8Array([ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 +].map(x => x * 2)); + +// Compression function. 'last' flag indicates last block. +// Note: we're representing 16 uint64s as 32 uint32s +function compress(S, last) { + const v = new Uint32Array(32); + const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32); + + // init work variables + for (let i = 0; i < 16; i++) { + v[i] = S.h[i]; + v[i + 16] = BLAKE2B_IV32[i]; + } + + // low 64 bits of offset + v[24] ^= S.t0[0]; + v[25] ^= S.t0[1]; + // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1 + + // if last block + const f0 = last ? 0xFFFFFFFF : 0; + v[28] ^= f0; + v[29] ^= f0; + + // twelve rounds of mixing + for (let i = 0; i < 12; i++) { + // ROUND(r) + const i16 = i << 4; + G$1(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1]); + G$1(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]); + G$1(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]); + G$1(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]); + G$1(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]); + G$1(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]); + G$1(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]); + G$1(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15]); + } + + for (let i = 0; i < 16; i++) { + S.h[i] ^= v[i] ^ v[i + 16]; + } +} + +// Creates a BLAKE2b hashing context +// Requires an output length between 1 and 64 bytes +// Takes an optional Uint8Array key +class Blake2b { + constructor(outlen, key, salt, personal) { + const params = new Uint8Array(64); + // 0: outlen, keylen, fanout, depth + // 4: leaf length, sequential mode + // 8: node offset + // 12: node offset + // 16: node depth, inner length, rfu + // 20: rfu + // 24: rfu + // 28: rfu + // 32: salt + // 36: salt + // 40: salt + // 44: salt + // 48: personal + // 52: personal + // 56: personal + // 60: personal + + // init internal state + this.S = { + b: new Uint8Array(BLOCKBYTES), + h: new Uint32Array(OUTBYTES_MAX / 4), + t0: new Uint32Array(2), // input counter `t`, lower 64-bits only + c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES` + outlen // output length in bytes + }; + + // init parameter block + params[0] = outlen; + if (key) params[1] = key.length; + params[2] = 1; // fanout + params[3] = 1; // depth + if (salt) params.set(salt, 32); + if (personal) params.set(personal, 48); + const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT); + + // initialize hash state + for (let i = 0; i < 16; i++) { + this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i]; + } + + // key the hash, if applicable + if (key) { + const block = new Uint8Array(BLOCKBYTES); + block.set(key); + this.update(block); + } + } + + // Updates a BLAKE2b streaming hash + // Requires Uint8Array (byte array) + update(input) { + if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer') + // for (let i = 0; i < input.length; i++) { + // if (this.S.c === BLOCKBYTES) { // buffer full + // INC64(this.S.t0, this.S.c) // add counters + // compress(this.S, false) + // this.S.c = 0 // empty buffer + // } + // this.S.b[this.S.c++] = input[i] + // } + let i = 0; + while(i < input.length) { + if (this.S.c === BLOCKBYTES) { // buffer full + INC64(this.S.t0, this.S.c); // add counters + compress(this.S, false); + this.S.c = 0; // empty buffer + } + let left = BLOCKBYTES - this.S.c; + this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds + const fill = Math.min(left, input.length - i); + this.S.c += fill; + i += fill; + } + return this + } + + /** + * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one + * @param {Uint8Array} [prealloc] - optional preallocated buffer + * @returns {ArrayBuffer} message digest + */ + digest(prealloc) { + INC64(this.S.t0, this.S.c); // mark last block offset + + // final block, padded + this.S.b.fill(0, this.S.c); + this.S.c = BLOCKBYTES; + compress(this.S, true); + + const out = prealloc || new Uint8Array(this.S.outlen); + for (let i = 0; i < this.S.outlen; i++) { + // must be loaded individually since default Uint32 endianness is platform dependant + out[i] = this.S.h[i >> 2] >> (8 * (i & 3)); + } + this.S.h = null; // prevent calling `update` after `digest` + return out.buffer; + } +} + + +function createHash(outlen, key, salt, personal) { + if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`) + + return new Blake2b(outlen, key, salt, personal) +} + +const OUTBYTES_MAX = 64; +const BLOCKBYTES = 128; + +const TYPE = 2; // Argon2id +const VERSION = 0x13; +const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1; +const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const SALTBYTES_MIN = 8; +const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const passwordBYTES_MIN = 8; +const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional) +const SECRETBYTES_MAX = 32; // key (optional) + +const ARGON2_BLOCK_SIZE = 1024; +const ARGON2_PREHASH_DIGEST_LENGTH = 64; + +const isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd; + +// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3]) +function LE32(buf, n, i) { + buf[i+0] = n; + buf[i+1] = n >> 8; + buf[i+2] = n >> 16; + buf[i+3] = n >> 24; + return buf; +} + +/** + * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7]) + * @param {Uint8Array} buf + * @param {Number} n + * @param {Number} i + */ +function LE64(buf, n, i) { + if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported"); + // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations + // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps) + // so we manually extract each byte + let remainder = n; + for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER + buf[offset] = remainder; // implicit & 0xff + remainder = (remainder - buf[offset]) / 256; + } + return buf; +} + +/** + * Variable-Length Hash Function H' + * @param {Number} outlen - T + * @param {Uint8Array} X - value to hash + * @param {Uint8Array} res - output buffer, of length `outlength` or larger + */ +function H_(outlen, X, res) { + const V = new Uint8Array(64); // no need to keep around all V_i + + const V1_in = new Uint8Array(4 + X.length); + LE32(V1_in, outlen, 0); + V1_in.set(X, 4); + if (outlen <= 64) { + // H'^T(A) = H^T(LE32(T)||A) + createHash(outlen).update(V1_in).digest(res); + return res + } + + const r = Math.ceil(outlen / 32) - 2; + + // Let V_i be a 64-byte block and W_i be its first 32 bytes. + // V_1 = H^(64)(LE32(T)||A) + // V_2 = H^(64)(V_1) + // ... + // V_r = H^(64)(V_{r-1}) + // V_{r+1} = H^(T-32*r)(V_{r}) + // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1} + for (let i = 0; i < r; i++) { + createHash(64).update(i === 0 ? V1_in : V).digest(V); + // store W_i in result buffer already + res.set(V.subarray(0, 32), i*32); + } + // V_{r+1} + const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest()); + res.set(V_r1, r*32); + + return res; +} + +// compute buf = xs ^ ys +function XOR(wasmContext, buf, xs, ys) { + wasmContext.fn.XOR( + buf.byteOffset, + xs.byteOffset, + ys.byteOffset, + ); + return buf +} + +/** + * @param {Uint8Array} X (read-only) + * @param {Uint8Array} Y (read-only) + * @param {Uint8Array} R - output buffer + * @returns + */ +function G(wasmContext, X, Y, R) { + wasmContext.fn.G( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +function G2(wasmContext, X, Y, R) { + wasmContext.fn.G2( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values. +function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) { + // For each segment, we do the following. First, we compute the value Z as: + // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) ) + wasmContext.refs.prngTmp.fill(0); + const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8); + LE64(Z, pass, 0); + LE64(Z, lane, 8); + LE64(Z, slice, 16); + LE64(Z, m_, 24); + LE64(Z, totalPasses, 32); + LE64(Z, TYPE, 40); + + // Then we compute q/(128*SL) 1024-byte values + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ), + // ..., + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )), + for(let i = 1; i <= segmentLength; i++) { + // tmp.set(Z); // no need to re-copy + LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed + const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR ); + + // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2 + // NB: the first generated pair must be used for the first block of the segment, and so on. + // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset. + for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) { + yield g2.subarray(k, k+8); + } + } + return []; +} + +function validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) { + const assertLength = (name, value, min, max) => { + if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); } + }; + + if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version'); + assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX); + assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX); + assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX); + assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX); + // optional fields + ad && assertLength('associated data', ad, 0, ADBYTES_MAX); + secret && assertLength('secret', secret, 0, SECRETBYTES_MAX); + + return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes }; +} + +const KB = 1024; +const WASM_PAGE_SIZE = 64 * KB; + +function argon2id(params, { memory, instance: wasmInstance }) { + if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system + + const ctx = validateParams({ type: TYPE, version: VERSION, ...params }); + + const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports; + const wasmRefs = {}; + const wasmFn = {}; + wasmFn.G = wasmG; + wasmFn.G2 = wasmG2; + wasmFn.XOR = wasmXOR; + + // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p. + const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes)); + const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references + if (memory.buffer.byteLength < requiredMemory) { + const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE); + // If enough memory is available, the `memory.buffer` is internally detached and the reference updated. + // Otherwise, the operation fails, and the original memory can still be used. + memory.grow(missing); + } + + let offset = 0; + // Init wasm memory needed in other functions + wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length; + wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length; + wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length; + wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length; + // Init wasm memory needed locally + const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT; + const wasmContext = { fn: wasmFn, refs: wasmRefs }; + const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length; + const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE); + const allocatedMemory = new Uint8Array(memory.buffer, 0, offset); + + // 1. Establish H_0 + const H0 = getH0(ctx); + + // 2. Allocate the memory as m' 1024-byte blocks + // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns. + const q = m_ / ctx.lanes; + const B = new Array(ctx.lanes).fill(null).map(() => new Array(q)); + const initBlock = (i, j) => { + B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE); + return B[i][j]; + }; + + for (let i = 0; i < ctx.lanes; i++) { + // const LEi = LE0; // since p = 1 for us + const tmp = new Uint8Array(H0.length + 8); + // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p + // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i)) + tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0)); + // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p + // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i)) + LE32(tmp, 1, H0.length); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1)); + } + + // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2 + // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes + // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc. + const SL = 4; // vertical slices + const segmentLength = q / SL; + for (let pass = 0; pass < ctx.passes; pass++) { + // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel + for (let sl = 0; sl < SL; sl++) { + const isDataIndependent = pass === 0 && sl <= 1; + for (let i = 0; i < ctx.lanes; i++) { // lane + // On the first slice of the first pass, blocks 0 and 1 are already filled + let segmentOffset = sl === 0 && pass === 0 ? 2 : 0; + // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory) + const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null; + for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) { + const j = sl * segmentLength + segmentOffset; + const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q] + + // we can assume the PRNG is never done + const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength); + const l = lz[0]; const z = lz[1]; + // for (let i = 0; i < p; i++ ) + // B[i][j] = G(B[i][j-1], B[l][z]) + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + if (pass === 0) initBlock(i, j); + G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]); + + // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one + if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]); + } + } + } + } + + // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column: + // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1] + const C = B[0][q-1]; + for(let i = 1; i < ctx.lanes; i++) { + XOR(wasmContext, C, C, B[i][q-1]); + } + + const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength)); + // clear memory since the module might be cached + allocatedMemory.fill(0); // clear sensitive contents + memory.grow(0); // allow deallocation + // 8. The output tag is computed as H'^T(C). + return tag; + +} + +function getH0(ctx) { + const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH); + const ZERO32 = new Uint8Array(4); + const params = new Uint8Array(24); + LE32(params, ctx.lanes, 0); + LE32(params, ctx.tagLength, 4); + LE32(params, ctx.memorySize, 8); + LE32(params, ctx.passes, 12); + LE32(params, ctx.version, 16); + LE32(params, ctx.type, 20); + + const toHash = [params]; + if (ctx.password) { + toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0)); + toHash.push(ctx.password); + } else { + toHash.push(ZERO32); // context.password.length + } + + if (ctx.salt) { + toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0)); + toHash.push(ctx.salt); + } else { + toHash.push(ZERO32); // context.salt.length + } + + if (ctx.secret) { + toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0)); + toHash.push(ctx.secret); + // todo clear secret? + } else { + toHash.push(ZERO32); // context.secret.length + } + + if (ctx.ad) { + toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0)); + toHash.push(ctx.ad); + } else { + toHash.push(ZERO32); // context.ad.length + } + H.update(concatArrays(toHash)); + + const outputBuffer = H.digest(); + return new Uint8Array(outputBuffer); +} + +function concatArrays(arrays) { + if (arrays.length === 1) return arrays[0]; + + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!(arrays[i] instanceof Uint8Array)) { + throw new Error('concatArrays: Data must be in the form of a Uint8Array'); + } + + totalLength += arrays[i].length; + } + + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach((element) => { + result.set(element, pos); + pos += element.length; + }); + + return result; +} + +let isSIMDSupported; +async function wasmLoader(memory, getSIMD, getNonSIMD) { + const importObject = { env: { memory } }; + if (isSIMDSupported === undefined) { + try { + const loaded = await getSIMD(importObject); + isSIMDSupported = true; + return loaded; + } catch(e) { + isSIMDSupported = false; + } + } + + const loader = isSIMDSupported ? getSIMD : getNonSIMD; + return loader(importObject); +} + +async function setupWasm(getSIMD, getNonSIMD) { + const memory = new WebAssembly.Memory({ + // in pages of 64KiB each + // these values need to be compatible with those declared when building in `build-wasm` + initial: 1040, // 65MB + maximum: 65536, // 4GB + }); + const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD); + + /** + * Argon2id hash function + * @callback computeHash + * @param {Object} params + * @param {Uint8Array} params.password - password + * @param {Uint8Array} params.salt - salt + * @param {Integer} params.parallelism + * @param {Integer} params.passes + * @param {Integer} params.memorySize - in kibibytes + * @param {Integer} params.tagLength - output tag length + * @param {Uint8Array} [params.ad] - associated data (optional) + * @param {Uint8Array} [params.secret] - secret data (optional) + * @return {Uint8Array} argon2id hash + */ + const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory }); + + return computeHash; +} + +function _loadWasmModule (sync, filepath, src, imports) { + function _instantiateOrCompile(source, imports, stream) { + var instantiateFunc = WebAssembly.instantiate; + var compileFunc = WebAssembly.compile; + + if (imports) { + return instantiateFunc(source, imports) + } else { + return compileFunc(source) + } + } + + +var buf = null; + + +var raw = globalThis.atob(src); +var rawLength = raw.length; +buf = new Uint8Array(new ArrayBuffer(rawLength)); +for(var i = 0; i < rawLength; i++) { + buf[i] = raw.charCodeAt(i); +} + + + + { + return _instantiateOrCompile(buf, imports) + } +} + +function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)} + +function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)} + +const loadWasm = async () => setupWasm( + (instanceObject) => wasmSIMD(instanceObject), + (instanceObject) => wasmNonSIMD(instanceObject), +); + +export { loadWasm as default }; diff --git a/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs b/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs deleted file mode 100644 index ded8ad20f..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs +++ /dev/null @@ -1,3 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import e from"./bn.min.mjs";import"./openpgp.min.mjs";class t{constructor(t){if(void 0===t)throw Error("Invalid BigInteger input");this.value=new e(t)}clone(){const e=new t(null);return this.value.copy(e.value),e}iinc(){return this.value.iadd(new e(1)),this}inc(){return this.clone().iinc()}idec(){return this.value.isub(new e(1)),this}dec(){return this.clone().idec()}iadd(e){return this.value.iadd(e.value),this}add(e){return this.clone().iadd(e)}isub(e){return this.value.isub(e.value),this}sub(e){return this.clone().isub(e)}imul(e){return this.value.imul(e.value),this}mul(e){return this.clone().imul(e)}imod(e){return this.value=this.value.umod(e.value),this}mod(e){return this.clone().imod(e)}modExp(t,i){const r=i.isEven()?e.red(i.value):e.mont(i.value),u=this.clone();return u.value=u.value.toRed(r).redPow(t.value).fromRed(),u}modInv(e){if(!this.gcd(e).isOne())throw Error("Inverse does not exist");return new t(this.value.invm(e.value))}gcd(e){return new t(this.value.gcd(e.value))}ileftShift(e){return this.value.ishln(e.value.toNumber()),this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value.ishrn(e.value.toNumber()),this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value.eq(e.value)}lt(e){return this.value.lt(e.value)}lte(e){return this.value.lte(e.value)}gt(e){return this.value.gt(e.value)}gte(e){return this.value.gte(e.value)}isZero(){return this.value.isZero()}isOne(){return this.value.eq(new e(1))}isNegative(){return this.value.isNeg()}isEven(){return this.value.isEven()}abs(){const e=this.clone();return e.value=e.value.abs(),e}toString(){return this.value.toString()}toNumber(){return this.value.toNumber()}getBit(e){return this.value.testn(e)?1:0}bitLength(){return this.value.bitLength()}byteLength(){return this.value.byteLength()}toUint8Array(e="be",t){return this.value.toArrayLike(Uint8Array,e,t)}}export default t; -//# sourceMappingURL=bn.interface.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs.map deleted file mode 100644 index 3f6b23580..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.interface.min.mjs.map +++ /dev/null @@ -1 +0,0 @@ -{"version":3,"file":"bn.interface.min.mjs","sources":["../../src/biginteger/bn.interface.js"],"sourcesContent":["import BN from 'bn.js';\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * Wrapper of bn.js library (wwww.github.com/indutny/bn.js)\n * @module biginteger/bn\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n this.value = new BN(n);\n }\n\n clone() {\n const clone = new BigInteger(null);\n this.value.copy(clone.value);\n return clone;\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value.iadd(new BN(1));\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value.isub(new BN(1));\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value.iadd(x.value);\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value.isub(x.value);\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value.imul(x.value);\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value = this.value.umod(m.value);\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation\n * Much faster than this.exp(e).mod(n)\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n // We use either Montgomery or normal reduction context\n // Montgomery requires coprime n and R (montogmery multiplier)\n // bn.js picks R as power of 2, so n must be odd\n const nred = n.isEven() ? BN.red(n.value) : BN.mont(n.value);\n const x = this.clone();\n x.value = x.value.toRed(nred).redPow(e.value).fromRed();\n return x;\n }\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n // invm returns a wrong result if the inverse does not exist\n if (!this.gcd(n).isOne()) {\n throw new Error('Inverse does not exist');\n }\n return new BigInteger(this.value.invm(n.value));\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} n - Operand\n * @returns {BigInteger} gcd\n */\n gcd(n) {\n return new BigInteger(this.value.gcd(n.value));\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value.ishln(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value.ishrn(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value.eq(x.value);\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value.lt(x.value);\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value.lte(x.value);\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value.gt(x.value);\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value.gte(x.value);\n }\n\n isZero() {\n return this.value.isZero();\n }\n\n isOne() {\n return this.value.eq(new BN(1));\n }\n\n isNegative() {\n return this.value.isNeg();\n }\n\n isEven() {\n return this.value.isEven();\n }\n\n abs() {\n const res = this.clone();\n res.value = res.value.abs();\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n return this.value.toNumber();\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n return this.value.testn(i) ? 1 : 0;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n return this.value.bitLength();\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n return this.value.byteLength();\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n return this.value.toArrayLike(Uint8Array, endian, length);\n }\n}\n"],"names":["BigInteger","constructor","n","undefined","Error","this","value","BN","clone","copy","iinc","iadd","inc","idec","isub","dec","x","add","sub","imul","mul","imod","m","umod","mod","modExp","e","nred","isEven","red","mont","toRed","redPow","fromRed","modInv","gcd","isOne","invm","ileftShift","ishln","toNumber","leftShift","irightShift","ishrn","rightShift","equal","eq","lt","lte","gt","gte","isZero","isNegative","isNeg","abs","res","toString","getBit","i","testn","bitLength","byteLength","toUint8Array","endian","length","toArrayLike","Uint8Array"],"mappings":";yJAae,MAAMA,EAMnBC,YAAYC,GACV,QAAUC,IAAND,EACF,MAAUE,MAAM,4BAGlBC,KAAKC,MAAQ,IAAIC,EAAGL,GAGtBM,QACE,MAAMA,EAAQ,IAAIR,EAAW,MAE7B,OADAK,KAAKC,MAAMG,KAAKD,EAAMF,OACfE,EAMTE,OAEE,OADAL,KAAKC,MAAMK,KAAK,IAAIJ,EAAG,IAChBF,KAOTO,MACE,OAAOP,KAAKG,QAAQE,OAMtBG,OAEE,OADAR,KAAKC,MAAMQ,KAAK,IAAIP,EAAG,IAChBF,KAOTU,MACE,OAAOV,KAAKG,QAAQK,OAQtBF,KAAKK,GAEH,OADAX,KAAKC,MAAMK,KAAKK,EAAEV,OACXD,KAQTY,IAAID,GACF,OAAOX,KAAKG,QAAQG,KAAKK,GAO3BF,KAAKE,GAEH,OADAX,KAAKC,MAAMQ,KAAKE,EAAEV,OACXD,KAQTa,IAAIF,GACF,OAAOX,KAAKG,QAAQM,KAAKE,GAO3BG,KAAKH,GAEH,OADAX,KAAKC,MAAMa,KAAKH,EAAEV,OACXD,KAQTe,IAAIJ,GACF,OAAOX,KAAKG,QAAQW,KAAKH,GAO3BK,KAAKC,GAEH,OADAjB,KAAKC,MAAQD,KAAKC,MAAMiB,KAAKD,EAAEhB,OACxBD,KAQTmB,IAAIF,GACF,OAAOjB,KAAKG,QAAQa,KAAKC,GAU3BG,OAAOC,EAAGxB,GAIR,MAAMyB,EAAOzB,EAAE0B,SAAWrB,EAAGsB,IAAI3B,EAAEI,OAASC,EAAGuB,KAAK5B,EAAEI,OAChDU,EAAIX,KAAKG,QAEf,OADAQ,EAAEV,MAAQU,EAAEV,MAAMyB,MAAMJ,GAAMK,OAAON,EAAEpB,OAAO2B,UACvCjB,EAUTkB,OAAOhC,GAEL,IAAKG,KAAK8B,IAAIjC,GAAGkC,QACf,MAAUhC,MAAM,0BAElB,OAAO,IAAIJ,EAAWK,KAAKC,MAAM+B,KAAKnC,EAAEI,QAQ1C6B,IAAIjC,GACF,OAAO,IAAIF,EAAWK,KAAKC,MAAM6B,IAAIjC,EAAEI,QAOzCgC,WAAWtB,GAET,OADAX,KAAKC,MAAMiC,MAAMvB,EAAEV,MAAMkC,YAClBnC,KAQToC,UAAUzB,GACR,OAAOX,KAAKG,QAAQ8B,WAAWtB,GAOjC0B,YAAY1B,GAEV,OADAX,KAAKC,MAAMqC,MAAM3B,EAAEV,MAAMkC,YAClBnC,KAQTuC,WAAW5B,GACT,OAAOX,KAAKG,QAAQkC,YAAY1B,GAQlC6B,MAAM7B,GACJ,OAAOX,KAAKC,MAAMwC,GAAG9B,EAAEV,OAQzByC,GAAG/B,GACD,OAAOX,KAAKC,MAAMyC,GAAG/B,EAAEV,OAQzB0C,IAAIhC,GACF,OAAOX,KAAKC,MAAM0C,IAAIhC,EAAEV,OAQ1B2C,GAAGjC,GACD,OAAOX,KAAKC,MAAM2C,GAAGjC,EAAEV,OAQzB4C,IAAIlC,GACF,OAAOX,KAAKC,MAAM4C,IAAIlC,EAAEV,OAG1B6C,SACE,OAAO9C,KAAKC,MAAM6C,SAGpBf,QACE,OAAO/B,KAAKC,MAAMwC,GAAG,IAAIvC,EAAG,IAG9B6C,aACE,OAAO/C,KAAKC,MAAM+C,QAGpBzB,SACE,OAAOvB,KAAKC,MAAMsB,SAGpB0B,MACE,MAAMC,EAAMlD,KAAKG,QAEjB,OADA+C,EAAIjD,MAAQiD,EAAIjD,MAAMgD,MACfC,EAOTC,WACE,OAAOnD,KAAKC,MAAMkD,WAQpBhB,WACE,OAAOnC,KAAKC,MAAMkC,WAQpBiB,OAAOC,GACL,OAAOrD,KAAKC,MAAMqD,MAAMD,GAAK,EAAI,EAOnCE,YACE,OAAOvD,KAAKC,MAAMsD,YAOpBC,aACE,OAAOxD,KAAKC,MAAMuD,aASpBC,aAAaC,EAAS,KAAMC,GAC1B,OAAO3D,KAAKC,MAAM2D,YAAYC,WAAYH,EAAQC"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/bn.interface.mjs b/app/node_modules/openpgp/dist/lightweight/bn.interface.mjs deleted file mode 100644 index 6fe2f8534..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.interface.mjs +++ /dev/null @@ -1,340 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -import bn from './bn.mjs'; -import './openpgp.mjs'; - -/** - * @fileoverview - * BigInteger implementation of basic operations - * Wrapper of bn.js library (wwww.github.com/indutny/bn.js) - * @module biginteger/bn - * @private - */ - -/** - * @private - */ -class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - - this.value = new bn(n); - } - - clone() { - const clone = new BigInteger(null); - this.value.copy(clone.value); - return clone; - } - - /** - * BigInteger increment in place - */ - iinc() { - this.value.iadd(new bn(1)); - return this; - } - - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - - /** - * BigInteger decrement in place - */ - idec() { - this.value.isub(new bn(1)); - return this; - } - - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } - - - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value.iadd(x.value); - return this; - } - - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } - - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value.isub(x.value); - return this; - } - - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } - - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value.imul(x.value); - return this; - } - - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); - } - - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value = this.value.umod(m.value); - return this; - } - - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } - - /** - * Compute modular exponentiation - * Much faster than this.exp(e).mod(n) - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - // We use either Montgomery or normal reduction context - // Montgomery requires coprime n and R (montogmery multiplier) - // bn.js picks R as power of 2, so n must be odd - const nred = n.isEven() ? bn.red(n.value) : bn.mont(n.value); - const x = this.clone(); - x.value = x.value.toRed(nred).redPow(e.value).fromRed(); - return x; - } - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - // invm returns a wrong result if the inverse does not exist - if (!this.gcd(n).isOne()) { - throw new Error('Inverse does not exist'); - } - return new BigInteger(this.value.invm(n.value)); - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} n - Operand - * @returns {BigInteger} gcd - */ - gcd(n) { - return new BigInteger(this.value.gcd(n.value)); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value.ishln(x.value.toNumber()); - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value.ishrn(x.value.toNumber()); - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value.eq(x.value); - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value.lt(x.value); - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value.lte(x.value); - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value.gt(x.value); - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value.gte(x.value); - } - - isZero() { - return this.value.isZero(); - } - - isOne() { - return this.value.eq(new bn(1)); - } - - isNegative() { - return this.value.isNeg(); - } - - isEven() { - return this.value.isEven(); - } - - abs() { - const res = this.clone(); - res.value = res.value.abs(); - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - return this.value.toNumber(); - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - return this.value.testn(i) ? 1 : 0; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - return this.value.bitLength(); - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - return this.value.byteLength(); - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - return this.value.toArrayLike(Uint8Array, endian, length); - } -} - -export default BigInteger; diff --git a/app/node_modules/openpgp/dist/lightweight/bn.min.mjs b/app/node_modules/openpgp/dist/lightweight/bn.min.mjs deleted file mode 100644 index 64f86c3e3..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.min.mjs +++ /dev/null @@ -1,3 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{c as t,a as i}from"./openpgp.min.mjs";var r=t((function(t){!function(t,i){function r(t,i){if(!t)throw Error(i||"Assertion failed")}function h(t,i){t.super_=i;var r=function(){};r.prototype=i.prototype,t.prototype=new r,t.prototype.constructor=t}function n(t,i,r){if(n.isBN(t))return t;this.negative=0,this.words=null,this.length=0,this.red=null,null!==t&&("le"!==i&&"be"!==i||(r=i,i=10),this._init(t||0,i||10,r||"be"))}var e;"object"==typeof t?t.exports=n:i.BN=n,n.BN=n,n.wordSize=26;try{e=void 0}catch(t){}function o(t,i,r){for(var h=0,n=Math.min(t.length,r),e=i;e=49&&o<=54?o-49+10:o>=17&&o<=22?o-17+10:15&o}return h}function s(t,i,r,h){for(var n=0,e=Math.min(t.length,r),o=i;o=49?s-49+10:s>=17?s-17+10:s}return n}n.isBN=function(t){return t instanceof n||null!==t&&"object"==typeof t&&t.constructor.wordSize===n.wordSize&&Array.isArray(t.words)},n.max=function(t,i){return t.cmp(i)>0?t:i},n.min=function(t,i){return t.cmp(i)<0?t:i},n.prototype._init=function(t,i,h){if("number"==typeof t)return this._initNumber(t,i,h);if("object"==typeof t)return this._initArray(t,i,h);"hex"===i&&(i=16),r(i===(0|i)&&i>=2&&i<=36);var n=0;"-"===(t=t.toString().replace(/\s+/g,""))[0]&&n++,16===i?this._parseHex(t,n):this._parseBase(t,i,n),"-"===t[0]&&(this.negative=1),this.strip(),"le"===h&&this._initArray(this.toArray(),i,h)},n.prototype._initNumber=function(t,i,h){t<0&&(this.negative=1,t=-t),t<67108864?(this.words=[67108863&t],this.length=1):t<4503599627370496?(this.words=[67108863&t,t/67108864&67108863],this.length=2):(r(t<9007199254740992),this.words=[67108863&t,t/67108864&67108863,1],this.length=3),"le"===h&&this._initArray(this.toArray(),i,h)},n.prototype._initArray=function(t,i,h){if(r("number"==typeof t.length),t.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(t.length/3),this.words=Array(this.length);for(var n=0;n=0;n-=3)o=t[n]|t[n-1]<<8|t[n-2]<<16,this.words[e]|=o<>>26-s&67108863,(s+=24)>=26&&(s-=26,e++);else if("le"===h)for(n=0,e=0;n>>26-s&67108863,(s+=24)>=26&&(s-=26,e++);return this.strip()},n.prototype._parseHex=function(t,i){this.length=Math.ceil((t.length-i)/6),this.words=Array(this.length);for(var r=0;r=i;r-=6)n=o(t,r,r+6),this.words[h]|=n<>>26-e&4194303,(e+=24)>=26&&(e-=26,h++);r+6!==i&&(n=o(t,i,r+6),this.words[h]|=n<>>26-e&4194303),this.strip()},n.prototype._parseBase=function(t,i,r){this.words=[0],this.length=1;for(var h=0,n=1;n<=67108863;n*=i)h++;h--,n=n/i|0;for(var e=t.length-r,o=e%h,u=Math.min(e,e-o)+r,a=0,l=r;l1&&0===this.words[this.length-1];)this.length--;return this._normSign()},n.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},n.prototype.inspect=function(){return(this.red?""};var u=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],a=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],l=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function m(t,i,r){r.negative=i.negative^t.negative;var h=t.length+i.length|0;r.length=h,h=h-1|0;var n=0|t.words[0],e=0|i.words[0],o=n*e,s=67108863&o,u=o/67108864|0;r.words[0]=s;for(var a=1;a>>26,m=67108863&u,f=Math.min(a,i.length-1),d=Math.max(0,a-t.length+1);d<=f;d++){var p=a-d|0;l+=(o=(n=0|t.words[p])*(e=0|i.words[d])+m)/67108864|0,m=67108863&o}r.words[a]=0|m,u=0|l}return 0!==u?r.words[a]=0|u:r.length--,r.strip()}n.prototype.toString=function(t,i){var h;if(i=0|i||1,16===(t=t||10)||"hex"===t){h="";for(var n=0,e=0,o=0;o>>24-n&16777215)||o!==this.length-1?u[6-m.length]+m+h:m+h,(n+=2)>=26&&(n-=26,o--)}for(0!==e&&(h=e.toString(16)+h);h.length%i!=0;)h="0"+h;return 0!==this.negative&&(h="-"+h),h}if(t===(0|t)&&t>=2&&t<=36){var f=a[t],d=l[t];h="";var p=this.clone();for(p.negative=0;!p.isZero();){var M=p.modn(d).toString(t);h=(p=p.idivn(d)).isZero()?M+h:u[f-M.length]+M+h}for(this.isZero()&&(h="0"+h);h.length%i!=0;)h="0"+h;return 0!==this.negative&&(h="-"+h),h}r(!1,"Base should be between 2 and 36")},n.prototype.toNumber=function(){var t=this.words[0];return 2===this.length?t+=67108864*this.words[1]:3===this.length&&1===this.words[2]?t+=4503599627370496+67108864*this.words[1]:this.length>2&&r(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-t:t},n.prototype.toJSON=function(){return this.toString(16)},n.prototype.toBuffer=function(t,i){return r(void 0!==e),this.toArrayLike(e,t,i)},n.prototype.toArray=function(t,i){return this.toArrayLike(Array,t,i)},n.prototype.toArrayLike=function(t,i,h){var n=this.byteLength(),e=h||Math.max(1,n);r(n<=e,"byte array longer than desired length"),r(e>0,"Requested array length <= 0"),this.strip();var o,s,u="le"===i,a=new t(e),l=this.clone();if(u){for(s=0;!l.isZero();s++)o=l.andln(255),l.iushrn(8),a[s]=o;for(;s=4096&&(r+=13,i>>>=13),i>=64&&(r+=7,i>>>=7),i>=8&&(r+=4,i>>>=4),i>=2&&(r+=2,i>>>=2),r+i},n.prototype._zeroBits=function(t){if(0===t)return 26;var i=t,r=0;return 0==(8191&i)&&(r+=13,i>>>=13),0==(127&i)&&(r+=7,i>>>=7),0==(15&i)&&(r+=4,i>>>=4),0==(3&i)&&(r+=2,i>>>=2),0==(1&i)&&r++,r},n.prototype.bitLength=function(){var t=this.words[this.length-1],i=this._countBits(t);return 26*(this.length-1)+i},n.prototype.zeroBits=function(){if(this.isZero())return 0;for(var t=0,i=0;it.length?this.clone().ior(t):t.clone().ior(this)},n.prototype.uor=function(t){return this.length>t.length?this.clone().iuor(t):t.clone().iuor(this)},n.prototype.iuand=function(t){var i;i=this.length>t.length?t:this;for(var r=0;rt.length?this.clone().iand(t):t.clone().iand(this)},n.prototype.uand=function(t){return this.length>t.length?this.clone().iuand(t):t.clone().iuand(this)},n.prototype.iuxor=function(t){var i,r;this.length>t.length?(i=this,r=t):(i=t,r=this);for(var h=0;ht.length?this.clone().ixor(t):t.clone().ixor(this)},n.prototype.uxor=function(t){return this.length>t.length?this.clone().iuxor(t):t.clone().iuxor(this)},n.prototype.inotn=function(t){r("number"==typeof t&&t>=0);var i=0|Math.ceil(t/26),h=t%26;this._expand(i),h>0&&i--;for(var n=0;n0&&(this.words[n]=~this.words[n]&67108863>>26-h),this.strip()},n.prototype.notn=function(t){return this.clone().inotn(t)},n.prototype.setn=function(t,i){r("number"==typeof t&&t>=0);var h=t/26|0,n=t%26;return this._expand(h+1),this.words[h]=i?this.words[h]|1<t.length?(r=this,h=t):(r=t,h=this);for(var n=0,e=0;e>>26;for(;0!==n&&e>>26;if(this.length=r.length,0!==n)this.words[this.length]=n,this.length++;else if(r!==this)for(;et.length?this.clone().iadd(t):t.clone().iadd(this)},n.prototype.isub=function(t){if(0!==t.negative){t.negative=0;var i=this.iadd(t);return t.negative=1,i._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(t),this.negative=1,this._normSign();var r,h,n=this.cmp(t);if(0===n)return this.negative=0,this.length=1,this.words[0]=0,this;n>0?(r=this,h=t):(r=t,h=this);for(var e=0,o=0;o>26,this.words[o]=67108863&i;for(;0!==e&&o>26,this.words[o]=67108863&i;if(0===e&&o>>13,d=0|o[1],p=8191&d,M=d>>>13,v=0|o[2],g=8191&v,c=v>>>13,w=0|o[3],y=8191&w,b=w>>>13,_=0|o[4],k=8191&_,A=_>>>13,x=0|o[5],S=8191&x,Z=x>>>13,R=0|o[6],q=8191&R,B=R>>>13,N=0|o[7],L=8191&N,I=N>>>13,z=0|o[8],E=8191&z,T=z>>>13,O=0|o[9],j=8191&O,K=O>>>13,P=0|s[0],F=8191&P,C=P>>>13,D=0|s[1],H=8191&D,J=D>>>13,U=0|s[2],G=8191&U,Q=U>>>13,V=0|s[3],W=8191&V,X=V>>>13,Y=0|s[4],$=8191&Y,tt=Y>>>13,it=0|s[5],rt=8191&it,ht=it>>>13,nt=0|s[6],et=8191&nt,ot=nt>>>13,st=0|s[7],ut=8191&st,at=st>>>13,lt=0|s[8],mt=8191<,ft=lt>>>13,dt=0|s[9],pt=8191&dt,Mt=dt>>>13;r.negative=t.negative^i.negative,r.length=19;var vt=(a+(h=Math.imul(m,F))|0)+((8191&(n=(n=Math.imul(m,C))+Math.imul(f,F)|0))<<13)|0;a=((e=Math.imul(f,C))+(n>>>13)|0)+(vt>>>26)|0,vt&=67108863,h=Math.imul(p,F),n=(n=Math.imul(p,C))+Math.imul(M,F)|0,e=Math.imul(M,C);var gt=(a+(h=h+Math.imul(m,H)|0)|0)+((8191&(n=(n=n+Math.imul(m,J)|0)+Math.imul(f,H)|0))<<13)|0;a=((e=e+Math.imul(f,J)|0)+(n>>>13)|0)+(gt>>>26)|0,gt&=67108863,h=Math.imul(g,F),n=(n=Math.imul(g,C))+Math.imul(c,F)|0,e=Math.imul(c,C),h=h+Math.imul(p,H)|0,n=(n=n+Math.imul(p,J)|0)+Math.imul(M,H)|0,e=e+Math.imul(M,J)|0;var ct=(a+(h=h+Math.imul(m,G)|0)|0)+((8191&(n=(n=n+Math.imul(m,Q)|0)+Math.imul(f,G)|0))<<13)|0;a=((e=e+Math.imul(f,Q)|0)+(n>>>13)|0)+(ct>>>26)|0,ct&=67108863,h=Math.imul(y,F),n=(n=Math.imul(y,C))+Math.imul(b,F)|0,e=Math.imul(b,C),h=h+Math.imul(g,H)|0,n=(n=n+Math.imul(g,J)|0)+Math.imul(c,H)|0,e=e+Math.imul(c,J)|0,h=h+Math.imul(p,G)|0,n=(n=n+Math.imul(p,Q)|0)+Math.imul(M,G)|0,e=e+Math.imul(M,Q)|0;var wt=(a+(h=h+Math.imul(m,W)|0)|0)+((8191&(n=(n=n+Math.imul(m,X)|0)+Math.imul(f,W)|0))<<13)|0;a=((e=e+Math.imul(f,X)|0)+(n>>>13)|0)+(wt>>>26)|0,wt&=67108863,h=Math.imul(k,F),n=(n=Math.imul(k,C))+Math.imul(A,F)|0,e=Math.imul(A,C),h=h+Math.imul(y,H)|0,n=(n=n+Math.imul(y,J)|0)+Math.imul(b,H)|0,e=e+Math.imul(b,J)|0,h=h+Math.imul(g,G)|0,n=(n=n+Math.imul(g,Q)|0)+Math.imul(c,G)|0,e=e+Math.imul(c,Q)|0,h=h+Math.imul(p,W)|0,n=(n=n+Math.imul(p,X)|0)+Math.imul(M,W)|0,e=e+Math.imul(M,X)|0;var yt=(a+(h=h+Math.imul(m,$)|0)|0)+((8191&(n=(n=n+Math.imul(m,tt)|0)+Math.imul(f,$)|0))<<13)|0;a=((e=e+Math.imul(f,tt)|0)+(n>>>13)|0)+(yt>>>26)|0,yt&=67108863,h=Math.imul(S,F),n=(n=Math.imul(S,C))+Math.imul(Z,F)|0,e=Math.imul(Z,C),h=h+Math.imul(k,H)|0,n=(n=n+Math.imul(k,J)|0)+Math.imul(A,H)|0,e=e+Math.imul(A,J)|0,h=h+Math.imul(y,G)|0,n=(n=n+Math.imul(y,Q)|0)+Math.imul(b,G)|0,e=e+Math.imul(b,Q)|0,h=h+Math.imul(g,W)|0,n=(n=n+Math.imul(g,X)|0)+Math.imul(c,W)|0,e=e+Math.imul(c,X)|0,h=h+Math.imul(p,$)|0,n=(n=n+Math.imul(p,tt)|0)+Math.imul(M,$)|0,e=e+Math.imul(M,tt)|0;var bt=(a+(h=h+Math.imul(m,rt)|0)|0)+((8191&(n=(n=n+Math.imul(m,ht)|0)+Math.imul(f,rt)|0))<<13)|0;a=((e=e+Math.imul(f,ht)|0)+(n>>>13)|0)+(bt>>>26)|0,bt&=67108863,h=Math.imul(q,F),n=(n=Math.imul(q,C))+Math.imul(B,F)|0,e=Math.imul(B,C),h=h+Math.imul(S,H)|0,n=(n=n+Math.imul(S,J)|0)+Math.imul(Z,H)|0,e=e+Math.imul(Z,J)|0,h=h+Math.imul(k,G)|0,n=(n=n+Math.imul(k,Q)|0)+Math.imul(A,G)|0,e=e+Math.imul(A,Q)|0,h=h+Math.imul(y,W)|0,n=(n=n+Math.imul(y,X)|0)+Math.imul(b,W)|0,e=e+Math.imul(b,X)|0,h=h+Math.imul(g,$)|0,n=(n=n+Math.imul(g,tt)|0)+Math.imul(c,$)|0,e=e+Math.imul(c,tt)|0,h=h+Math.imul(p,rt)|0,n=(n=n+Math.imul(p,ht)|0)+Math.imul(M,rt)|0,e=e+Math.imul(M,ht)|0;var _t=(a+(h=h+Math.imul(m,et)|0)|0)+((8191&(n=(n=n+Math.imul(m,ot)|0)+Math.imul(f,et)|0))<<13)|0;a=((e=e+Math.imul(f,ot)|0)+(n>>>13)|0)+(_t>>>26)|0,_t&=67108863,h=Math.imul(L,F),n=(n=Math.imul(L,C))+Math.imul(I,F)|0,e=Math.imul(I,C),h=h+Math.imul(q,H)|0,n=(n=n+Math.imul(q,J)|0)+Math.imul(B,H)|0,e=e+Math.imul(B,J)|0,h=h+Math.imul(S,G)|0,n=(n=n+Math.imul(S,Q)|0)+Math.imul(Z,G)|0,e=e+Math.imul(Z,Q)|0,h=h+Math.imul(k,W)|0,n=(n=n+Math.imul(k,X)|0)+Math.imul(A,W)|0,e=e+Math.imul(A,X)|0,h=h+Math.imul(y,$)|0,n=(n=n+Math.imul(y,tt)|0)+Math.imul(b,$)|0,e=e+Math.imul(b,tt)|0,h=h+Math.imul(g,rt)|0,n=(n=n+Math.imul(g,ht)|0)+Math.imul(c,rt)|0,e=e+Math.imul(c,ht)|0,h=h+Math.imul(p,et)|0,n=(n=n+Math.imul(p,ot)|0)+Math.imul(M,et)|0,e=e+Math.imul(M,ot)|0;var kt=(a+(h=h+Math.imul(m,ut)|0)|0)+((8191&(n=(n=n+Math.imul(m,at)|0)+Math.imul(f,ut)|0))<<13)|0;a=((e=e+Math.imul(f,at)|0)+(n>>>13)|0)+(kt>>>26)|0,kt&=67108863,h=Math.imul(E,F),n=(n=Math.imul(E,C))+Math.imul(T,F)|0,e=Math.imul(T,C),h=h+Math.imul(L,H)|0,n=(n=n+Math.imul(L,J)|0)+Math.imul(I,H)|0,e=e+Math.imul(I,J)|0,h=h+Math.imul(q,G)|0,n=(n=n+Math.imul(q,Q)|0)+Math.imul(B,G)|0,e=e+Math.imul(B,Q)|0,h=h+Math.imul(S,W)|0,n=(n=n+Math.imul(S,X)|0)+Math.imul(Z,W)|0,e=e+Math.imul(Z,X)|0,h=h+Math.imul(k,$)|0,n=(n=n+Math.imul(k,tt)|0)+Math.imul(A,$)|0,e=e+Math.imul(A,tt)|0,h=h+Math.imul(y,rt)|0,n=(n=n+Math.imul(y,ht)|0)+Math.imul(b,rt)|0,e=e+Math.imul(b,ht)|0,h=h+Math.imul(g,et)|0,n=(n=n+Math.imul(g,ot)|0)+Math.imul(c,et)|0,e=e+Math.imul(c,ot)|0,h=h+Math.imul(p,ut)|0,n=(n=n+Math.imul(p,at)|0)+Math.imul(M,ut)|0,e=e+Math.imul(M,at)|0;var At=(a+(h=h+Math.imul(m,mt)|0)|0)+((8191&(n=(n=n+Math.imul(m,ft)|0)+Math.imul(f,mt)|0))<<13)|0;a=((e=e+Math.imul(f,ft)|0)+(n>>>13)|0)+(At>>>26)|0,At&=67108863,h=Math.imul(j,F),n=(n=Math.imul(j,C))+Math.imul(K,F)|0,e=Math.imul(K,C),h=h+Math.imul(E,H)|0,n=(n=n+Math.imul(E,J)|0)+Math.imul(T,H)|0,e=e+Math.imul(T,J)|0,h=h+Math.imul(L,G)|0,n=(n=n+Math.imul(L,Q)|0)+Math.imul(I,G)|0,e=e+Math.imul(I,Q)|0,h=h+Math.imul(q,W)|0,n=(n=n+Math.imul(q,X)|0)+Math.imul(B,W)|0,e=e+Math.imul(B,X)|0,h=h+Math.imul(S,$)|0,n=(n=n+Math.imul(S,tt)|0)+Math.imul(Z,$)|0,e=e+Math.imul(Z,tt)|0,h=h+Math.imul(k,rt)|0,n=(n=n+Math.imul(k,ht)|0)+Math.imul(A,rt)|0,e=e+Math.imul(A,ht)|0,h=h+Math.imul(y,et)|0,n=(n=n+Math.imul(y,ot)|0)+Math.imul(b,et)|0,e=e+Math.imul(b,ot)|0,h=h+Math.imul(g,ut)|0,n=(n=n+Math.imul(g,at)|0)+Math.imul(c,ut)|0,e=e+Math.imul(c,at)|0,h=h+Math.imul(p,mt)|0,n=(n=n+Math.imul(p,ft)|0)+Math.imul(M,mt)|0,e=e+Math.imul(M,ft)|0;var xt=(a+(h=h+Math.imul(m,pt)|0)|0)+((8191&(n=(n=n+Math.imul(m,Mt)|0)+Math.imul(f,pt)|0))<<13)|0;a=((e=e+Math.imul(f,Mt)|0)+(n>>>13)|0)+(xt>>>26)|0,xt&=67108863,h=Math.imul(j,H),n=(n=Math.imul(j,J))+Math.imul(K,H)|0,e=Math.imul(K,J),h=h+Math.imul(E,G)|0,n=(n=n+Math.imul(E,Q)|0)+Math.imul(T,G)|0,e=e+Math.imul(T,Q)|0,h=h+Math.imul(L,W)|0,n=(n=n+Math.imul(L,X)|0)+Math.imul(I,W)|0,e=e+Math.imul(I,X)|0,h=h+Math.imul(q,$)|0,n=(n=n+Math.imul(q,tt)|0)+Math.imul(B,$)|0,e=e+Math.imul(B,tt)|0,h=h+Math.imul(S,rt)|0,n=(n=n+Math.imul(S,ht)|0)+Math.imul(Z,rt)|0,e=e+Math.imul(Z,ht)|0,h=h+Math.imul(k,et)|0,n=(n=n+Math.imul(k,ot)|0)+Math.imul(A,et)|0,e=e+Math.imul(A,ot)|0,h=h+Math.imul(y,ut)|0,n=(n=n+Math.imul(y,at)|0)+Math.imul(b,ut)|0,e=e+Math.imul(b,at)|0,h=h+Math.imul(g,mt)|0,n=(n=n+Math.imul(g,ft)|0)+Math.imul(c,mt)|0,e=e+Math.imul(c,ft)|0;var St=(a+(h=h+Math.imul(p,pt)|0)|0)+((8191&(n=(n=n+Math.imul(p,Mt)|0)+Math.imul(M,pt)|0))<<13)|0;a=((e=e+Math.imul(M,Mt)|0)+(n>>>13)|0)+(St>>>26)|0,St&=67108863,h=Math.imul(j,G),n=(n=Math.imul(j,Q))+Math.imul(K,G)|0,e=Math.imul(K,Q),h=h+Math.imul(E,W)|0,n=(n=n+Math.imul(E,X)|0)+Math.imul(T,W)|0,e=e+Math.imul(T,X)|0,h=h+Math.imul(L,$)|0,n=(n=n+Math.imul(L,tt)|0)+Math.imul(I,$)|0,e=e+Math.imul(I,tt)|0,h=h+Math.imul(q,rt)|0,n=(n=n+Math.imul(q,ht)|0)+Math.imul(B,rt)|0,e=e+Math.imul(B,ht)|0,h=h+Math.imul(S,et)|0,n=(n=n+Math.imul(S,ot)|0)+Math.imul(Z,et)|0,e=e+Math.imul(Z,ot)|0,h=h+Math.imul(k,ut)|0,n=(n=n+Math.imul(k,at)|0)+Math.imul(A,ut)|0,e=e+Math.imul(A,at)|0,h=h+Math.imul(y,mt)|0,n=(n=n+Math.imul(y,ft)|0)+Math.imul(b,mt)|0,e=e+Math.imul(b,ft)|0;var Zt=(a+(h=h+Math.imul(g,pt)|0)|0)+((8191&(n=(n=n+Math.imul(g,Mt)|0)+Math.imul(c,pt)|0))<<13)|0;a=((e=e+Math.imul(c,Mt)|0)+(n>>>13)|0)+(Zt>>>26)|0,Zt&=67108863,h=Math.imul(j,W),n=(n=Math.imul(j,X))+Math.imul(K,W)|0,e=Math.imul(K,X),h=h+Math.imul(E,$)|0,n=(n=n+Math.imul(E,tt)|0)+Math.imul(T,$)|0,e=e+Math.imul(T,tt)|0,h=h+Math.imul(L,rt)|0,n=(n=n+Math.imul(L,ht)|0)+Math.imul(I,rt)|0,e=e+Math.imul(I,ht)|0,h=h+Math.imul(q,et)|0,n=(n=n+Math.imul(q,ot)|0)+Math.imul(B,et)|0,e=e+Math.imul(B,ot)|0,h=h+Math.imul(S,ut)|0,n=(n=n+Math.imul(S,at)|0)+Math.imul(Z,ut)|0,e=e+Math.imul(Z,at)|0,h=h+Math.imul(k,mt)|0,n=(n=n+Math.imul(k,ft)|0)+Math.imul(A,mt)|0,e=e+Math.imul(A,ft)|0;var Rt=(a+(h=h+Math.imul(y,pt)|0)|0)+((8191&(n=(n=n+Math.imul(y,Mt)|0)+Math.imul(b,pt)|0))<<13)|0;a=((e=e+Math.imul(b,Mt)|0)+(n>>>13)|0)+(Rt>>>26)|0,Rt&=67108863,h=Math.imul(j,$),n=(n=Math.imul(j,tt))+Math.imul(K,$)|0,e=Math.imul(K,tt),h=h+Math.imul(E,rt)|0,n=(n=n+Math.imul(E,ht)|0)+Math.imul(T,rt)|0,e=e+Math.imul(T,ht)|0,h=h+Math.imul(L,et)|0,n=(n=n+Math.imul(L,ot)|0)+Math.imul(I,et)|0,e=e+Math.imul(I,ot)|0,h=h+Math.imul(q,ut)|0,n=(n=n+Math.imul(q,at)|0)+Math.imul(B,ut)|0,e=e+Math.imul(B,at)|0,h=h+Math.imul(S,mt)|0,n=(n=n+Math.imul(S,ft)|0)+Math.imul(Z,mt)|0,e=e+Math.imul(Z,ft)|0;var qt=(a+(h=h+Math.imul(k,pt)|0)|0)+((8191&(n=(n=n+Math.imul(k,Mt)|0)+Math.imul(A,pt)|0))<<13)|0;a=((e=e+Math.imul(A,Mt)|0)+(n>>>13)|0)+(qt>>>26)|0,qt&=67108863,h=Math.imul(j,rt),n=(n=Math.imul(j,ht))+Math.imul(K,rt)|0,e=Math.imul(K,ht),h=h+Math.imul(E,et)|0,n=(n=n+Math.imul(E,ot)|0)+Math.imul(T,et)|0,e=e+Math.imul(T,ot)|0,h=h+Math.imul(L,ut)|0,n=(n=n+Math.imul(L,at)|0)+Math.imul(I,ut)|0,e=e+Math.imul(I,at)|0,h=h+Math.imul(q,mt)|0,n=(n=n+Math.imul(q,ft)|0)+Math.imul(B,mt)|0,e=e+Math.imul(B,ft)|0;var Bt=(a+(h=h+Math.imul(S,pt)|0)|0)+((8191&(n=(n=n+Math.imul(S,Mt)|0)+Math.imul(Z,pt)|0))<<13)|0;a=((e=e+Math.imul(Z,Mt)|0)+(n>>>13)|0)+(Bt>>>26)|0,Bt&=67108863,h=Math.imul(j,et),n=(n=Math.imul(j,ot))+Math.imul(K,et)|0,e=Math.imul(K,ot),h=h+Math.imul(E,ut)|0,n=(n=n+Math.imul(E,at)|0)+Math.imul(T,ut)|0,e=e+Math.imul(T,at)|0,h=h+Math.imul(L,mt)|0,n=(n=n+Math.imul(L,ft)|0)+Math.imul(I,mt)|0,e=e+Math.imul(I,ft)|0;var Nt=(a+(h=h+Math.imul(q,pt)|0)|0)+((8191&(n=(n=n+Math.imul(q,Mt)|0)+Math.imul(B,pt)|0))<<13)|0;a=((e=e+Math.imul(B,Mt)|0)+(n>>>13)|0)+(Nt>>>26)|0,Nt&=67108863,h=Math.imul(j,ut),n=(n=Math.imul(j,at))+Math.imul(K,ut)|0,e=Math.imul(K,at),h=h+Math.imul(E,mt)|0,n=(n=n+Math.imul(E,ft)|0)+Math.imul(T,mt)|0,e=e+Math.imul(T,ft)|0;var Lt=(a+(h=h+Math.imul(L,pt)|0)|0)+((8191&(n=(n=n+Math.imul(L,Mt)|0)+Math.imul(I,pt)|0))<<13)|0;a=((e=e+Math.imul(I,Mt)|0)+(n>>>13)|0)+(Lt>>>26)|0,Lt&=67108863,h=Math.imul(j,mt),n=(n=Math.imul(j,ft))+Math.imul(K,mt)|0,e=Math.imul(K,ft);var It=(a+(h=h+Math.imul(E,pt)|0)|0)+((8191&(n=(n=n+Math.imul(E,Mt)|0)+Math.imul(T,pt)|0))<<13)|0;a=((e=e+Math.imul(T,Mt)|0)+(n>>>13)|0)+(It>>>26)|0,It&=67108863;var zt=(a+(h=Math.imul(j,pt))|0)+((8191&(n=(n=Math.imul(j,Mt))+Math.imul(K,pt)|0))<<13)|0;return a=((e=Math.imul(K,Mt))+(n>>>13)|0)+(zt>>>26)|0,zt&=67108863,u[0]=vt,u[1]=gt,u[2]=ct,u[3]=wt,u[4]=yt,u[5]=bt,u[6]=_t,u[7]=kt,u[8]=At,u[9]=xt,u[10]=St,u[11]=Zt,u[12]=Rt,u[13]=qt,u[14]=Bt,u[15]=Nt,u[16]=Lt,u[17]=It,u[18]=zt,0!==a&&(u[19]=a,r.length++),r};function d(t,i,r){return(new p).mulp(t,i,r)}function p(t,i){this.x=t,this.y=i}Math.imul||(f=m),n.prototype.mulTo=function(t,i){var r,h=this.length+t.length;return r=10===this.length&&10===t.length?f(this,t,i):h<63?m(this,t,i):h<1024?function(t,i,r){r.negative=i.negative^t.negative,r.length=t.length+i.length;for(var h=0,n=0,e=0;e>>26)|0)>>>26,o&=67108863}r.words[e]=s,h=o,o=n}return 0!==h?r.words[e]=h:r.length--,r.strip()}(this,t,i):d(this,t,i),r},p.prototype.makeRBT=function(t){for(var i=Array(t),r=n.prototype._countBits(t)-1,h=0;h>=1;return h},p.prototype.permute=function(t,i,r,h,n,e){for(var o=0;o>>=1)n++;return 1<>>=13,h[2*o+1]=8191&e,e>>>=13;for(o=2*i;o>=26,i+=n/67108864|0,i+=e>>>26,this.words[h]=67108863&e}return 0!==i&&(this.words[h]=i,this.length++),this},n.prototype.muln=function(t){return this.clone().imuln(t)},n.prototype.sqr=function(){return this.mul(this)},n.prototype.isqr=function(){return this.imul(this.clone())},n.prototype.pow=function(t){var i=function(t){for(var i=Array(t.bitLength()),r=0;r>>n}return i}(t);if(0===i.length)return new n(1);for(var r=this,h=0;h=0);var i,h=t%26,n=(t-h)/26,e=67108863>>>26-h<<26-h;if(0!==h){var o=0;for(i=0;i>>26-h}o&&(this.words[i]=o,this.length++)}if(0!==n){for(i=this.length-1;i>=0;i--)this.words[i+n]=this.words[i];for(i=0;i=0),n=i?(i-i%26)/26:0;var e=t%26,o=Math.min((t-e)/26,this.length),s=67108863^67108863>>>e<o)for(this.length-=o,a=0;a=0&&(0!==l||a>=n);a--){var m=0|this.words[a];this.words[a]=l<<26-e|m>>>e,l=m&s}return u&&0!==l&&(u.words[u.length++]=l),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},n.prototype.ishrn=function(t,i,h){return r(0===this.negative),this.iushrn(t,i,h)},n.prototype.shln=function(t){return this.clone().ishln(t)},n.prototype.ushln=function(t){return this.clone().iushln(t)},n.prototype.shrn=function(t){return this.clone().ishrn(t)},n.prototype.ushrn=function(t){return this.clone().iushrn(t)},n.prototype.testn=function(t){r("number"==typeof t&&t>=0);var i=t%26,h=(t-i)/26,n=1<=0);var i=t%26,h=(t-i)/26;if(r(0===this.negative,"imaskn works only with positive numbers"),this.length<=h)return this;if(0!==i&&h++,this.length=Math.min(h,this.length),0!==i){var n=67108863^67108863>>>i<=67108864;i++)this.words[i]-=67108864,i===this.length-1?this.words[i+1]=1:this.words[i+1]++;return this.length=Math.max(this.length,i+1),this},n.prototype.isubn=function(t){if(r("number"==typeof t),r(t<67108864),t<0)return this.iaddn(-t);if(0!==this.negative)return this.negative=0,this.iaddn(t),this.negative=1,this;if(this.words[0]-=t,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var i=0;i>26)-(u/67108864|0),this.words[n+h]=67108863&e}for(;n>26,this.words[n+h]=67108863&e;if(0===s)return this.strip();for(r(-1===s),s=0,n=0;n>26,this.words[n]=67108863&e;return this.negative=1,this.strip()},n.prototype._wordDiv=function(t,i){var r=(this.length,t.length),h=this.clone(),e=t,o=0|e.words[e.length-1];0!==(r=26-this._countBits(o))&&(e=e.ushln(r),h.iushln(r),o=0|e.words[e.length-1]);var s,u=h.length-e.length;if("mod"!==i){(s=new n(null)).length=u+1,s.words=Array(s.length);for(var a=0;a=0;m--){var f=67108864*(0|h.words[e.length+m])+(0|h.words[e.length+m-1]);for(f=Math.min(f/o|0,67108863),h._ishlnsubmul(e,f,m);0!==h.negative;)f--,h.negative=0,h._ishlnsubmul(e,1,m),h.isZero()||(h.negative^=1);s&&(s.words[m]=f)}return s&&s.strip(),h.strip(),"div"!==i&&0!==r&&h.iushrn(r),{div:s||null,mod:h}},n.prototype.divmod=function(t,i,h){return r(!t.isZero()),this.isZero()?{div:new n(0),mod:new n(0)}:0!==this.negative&&0===t.negative?(s=this.neg().divmod(t,i),"mod"!==i&&(e=s.div.neg()),"div"!==i&&(o=s.mod.neg(),h&&0!==o.negative&&o.iadd(t)),{div:e,mod:o}):0===this.negative&&0!==t.negative?(s=this.divmod(t.neg(),i),"mod"!==i&&(e=s.div.neg()),{div:e,mod:s.mod}):0!=(this.negative&t.negative)?(s=this.neg().divmod(t.neg(),i),"div"!==i&&(o=s.mod.neg(),h&&0!==o.negative&&o.isub(t)),{div:s.div,mod:o}):t.length>this.length||this.cmp(t)<0?{div:new n(0),mod:this}:1===t.length?"div"===i?{div:this.divn(t.words[0]),mod:null}:"mod"===i?{div:null,mod:new n(this.modn(t.words[0]))}:{div:this.divn(t.words[0]),mod:new n(this.modn(t.words[0]))}:this._wordDiv(t,i);var e,o,s},n.prototype.div=function(t){return this.divmod(t,"div",!1).div},n.prototype.mod=function(t){return this.divmod(t,"mod",!1).mod},n.prototype.umod=function(t){return this.divmod(t,"mod",!0).mod},n.prototype.divRound=function(t){var i=this.divmod(t);if(i.mod.isZero())return i.div;var r=0!==i.div.negative?i.mod.isub(t):i.mod,h=t.ushrn(1),n=t.andln(1),e=r.cmp(h);return e<0||1===n&&0===e?i.div:0!==i.div.negative?i.div.isubn(1):i.div.iaddn(1)},n.prototype.modn=function(t){r(t<=67108863);for(var i=(1<<26)%t,h=0,n=this.length-1;n>=0;n--)h=(i*h+(0|this.words[n]))%t;return h},n.prototype.idivn=function(t){r(t<=67108863);for(var i=0,h=this.length-1;h>=0;h--){var n=(0|this.words[h])+67108864*i;this.words[h]=n/t|0,i=n%t}return this.strip()},n.prototype.divn=function(t){return this.clone().idivn(t)},n.prototype.egcd=function(t){r(0===t.negative),r(!t.isZero());var i=this,h=t.clone();i=0!==i.negative?i.umod(t):i.clone();for(var e=new n(1),o=new n(0),s=new n(0),u=new n(1),a=0;i.isEven()&&h.isEven();)i.iushrn(1),h.iushrn(1),++a;for(var l=h.clone(),m=i.clone();!i.isZero();){for(var f=0,d=1;0==(i.words[0]&d)&&f<26;++f,d<<=1);if(f>0)for(i.iushrn(f);f-- >0;)(e.isOdd()||o.isOdd())&&(e.iadd(l),o.isub(m)),e.iushrn(1),o.iushrn(1);for(var p=0,M=1;0==(h.words[0]&M)&&p<26;++p,M<<=1);if(p>0)for(h.iushrn(p);p-- >0;)(s.isOdd()||u.isOdd())&&(s.iadd(l),u.isub(m)),s.iushrn(1),u.iushrn(1);i.cmp(h)>=0?(i.isub(h),e.isub(s),o.isub(u)):(h.isub(i),s.isub(e),u.isub(o))}return{a:s,b:u,gcd:h.iushln(a)}},n.prototype._invmp=function(t){r(0===t.negative),r(!t.isZero());var i=this,h=t.clone();i=0!==i.negative?i.umod(t):i.clone();for(var e,o=new n(1),s=new n(0),u=h.clone();i.cmpn(1)>0&&h.cmpn(1)>0;){for(var a=0,l=1;0==(i.words[0]&l)&&a<26;++a,l<<=1);if(a>0)for(i.iushrn(a);a-- >0;)o.isOdd()&&o.iadd(u),o.iushrn(1);for(var m=0,f=1;0==(h.words[0]&f)&&m<26;++m,f<<=1);if(m>0)for(h.iushrn(m);m-- >0;)s.isOdd()&&s.iadd(u),s.iushrn(1);i.cmp(h)>=0?(i.isub(h),o.isub(s)):(h.isub(i),s.isub(o))}return(e=0===i.cmpn(1)?o:s).cmpn(0)<0&&e.iadd(t),e},n.prototype.gcd=function(t){if(this.isZero())return t.abs();if(t.isZero())return this.abs();var i=this.clone(),r=t.clone();i.negative=0,r.negative=0;for(var h=0;i.isEven()&&r.isEven();h++)i.iushrn(1),r.iushrn(1);for(;;){for(;i.isEven();)i.iushrn(1);for(;r.isEven();)r.iushrn(1);var n=i.cmp(r);if(n<0){var e=i;i=r,r=e}else if(0===n||0===r.cmpn(1))break;i.isub(r)}return r.iushln(h)},n.prototype.invm=function(t){return this.egcd(t).a.umod(t)},n.prototype.isEven=function(){return 0==(1&this.words[0])},n.prototype.isOdd=function(){return 1==(1&this.words[0])},n.prototype.andln=function(t){return this.words[0]&t},n.prototype.bincn=function(t){r("number"==typeof t);var i=t%26,h=(t-i)/26,n=1<>>26,s&=67108863,this.words[o]=s}return 0!==e&&(this.words[o]=e,this.length++),this},n.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},n.prototype.cmpn=function(t){var i,h=t<0;if(0!==this.negative&&!h)return-1;if(0===this.negative&&h)return 1;if(this.strip(),this.length>1)i=1;else{h&&(t=-t),r(t<=67108863,"Number is too big");var n=0|this.words[0];i=n===t?0:nt.length)return 1;if(this.length=0;r--){var h=0|this.words[r],n=0|t.words[r];if(h!==n){hn&&(i=1);break}}return i},n.prototype.gtn=function(t){return 1===this.cmpn(t)},n.prototype.gt=function(t){return 1===this.cmp(t)},n.prototype.gten=function(t){return this.cmpn(t)>=0},n.prototype.gte=function(t){return this.cmp(t)>=0},n.prototype.ltn=function(t){return-1===this.cmpn(t)},n.prototype.lt=function(t){return-1===this.cmp(t)},n.prototype.lten=function(t){return this.cmpn(t)<=0},n.prototype.lte=function(t){return this.cmp(t)<=0},n.prototype.eqn=function(t){return 0===this.cmpn(t)},n.prototype.eq=function(t){return 0===this.cmp(t)},n.red=function(t){return new b(t)},n.prototype.toRed=function(t){return r(!this.red,"Already a number in reduction context"),r(0===this.negative,"red works only with positives"),t.convertTo(this)._forceRed(t)},n.prototype.fromRed=function(){return r(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},n.prototype._forceRed=function(t){return this.red=t,this},n.prototype.forceRed=function(t){return r(!this.red,"Already a number in reduction context"),this._forceRed(t)},n.prototype.redAdd=function(t){return r(this.red,"redAdd works only with red numbers"),this.red.add(this,t)},n.prototype.redIAdd=function(t){return r(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,t)},n.prototype.redSub=function(t){return r(this.red,"redSub works only with red numbers"),this.red.sub(this,t)},n.prototype.redISub=function(t){return r(this.red,"redISub works only with red numbers"),this.red.isub(this,t)},n.prototype.redShl=function(t){return r(this.red,"redShl works only with red numbers"),this.red.shl(this,t)},n.prototype.redMul=function(t){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,t),this.red.mul(this,t)},n.prototype.redIMul=function(t){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,t),this.red.imul(this,t)},n.prototype.redSqr=function(){return r(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},n.prototype.redISqr=function(){return r(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},n.prototype.redSqrt=function(){return r(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},n.prototype.redInvm=function(){return r(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},n.prototype.redNeg=function(){return r(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},n.prototype.redPow=function(t){return r(this.red&&!t.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,t)};var M={k256:null,p224:null,p192:null,p25519:null};function v(t,i){this.name=t,this.p=new n(i,16),this.n=this.p.bitLength(),this.k=new n(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function g(){v.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function c(){v.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function w(){v.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function y(){v.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function b(t){if("string"==typeof t){var i=n._prime(t);this.m=i.p,this.prime=i}else r(t.gtn(1),"modulus must be greater than 1"),this.m=t,this.prime=null}function _(t){b.call(this,t),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new n(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}v.prototype._tmp=function(){var t=new n(null);return t.words=Array(Math.ceil(this.n/13)),t},v.prototype.ireduce=function(t){var i,r=t;do{this.split(r,this.tmp),i=(r=(r=this.imulK(r)).iadd(this.tmp)).bitLength()}while(i>this.n);var h=i0?r.isub(this.p):r.strip(),r},v.prototype.split=function(t,i){t.iushrn(this.n,0,i)},v.prototype.imulK=function(t){return t.imul(this.k)},h(g,v),g.prototype.split=function(t,i){for(var r=4194303,h=Math.min(t.length,9),n=0;n>>22,e=o}e>>>=22,t.words[n-10]=e,0===e&&t.length>10?t.length-=10:t.length-=9},g.prototype.imulK=function(t){t.words[t.length]=0,t.words[t.length+1]=0,t.length+=2;for(var i=0,r=0;r>>=26,t.words[r]=n,i=h}return 0!==i&&(t.words[t.length++]=i),t},n._prime=function(t){if(M[t])return M[t];var i;if("k256"===t)i=new g;else if("p224"===t)i=new c;else if("p192"===t)i=new w;else{if("p25519"!==t)throw Error("Unknown prime "+t);i=new y}return M[t]=i,i},b.prototype._verify1=function(t){r(0===t.negative,"red works only with positives"),r(t.red,"red works only with red numbers")},b.prototype._verify2=function(t,i){r(0==(t.negative|i.negative),"red works only with positives"),r(t.red&&t.red===i.red,"red works only with red numbers")},b.prototype.imod=function(t){return this.prime?this.prime.ireduce(t)._forceRed(this):t.umod(this.m)._forceRed(this)},b.prototype.neg=function(t){return t.isZero()?t.clone():this.m.sub(t)._forceRed(this)},b.prototype.add=function(t,i){this._verify2(t,i);var r=t.add(i);return r.cmp(this.m)>=0&&r.isub(this.m),r._forceRed(this)},b.prototype.iadd=function(t,i){this._verify2(t,i);var r=t.iadd(i);return r.cmp(this.m)>=0&&r.isub(this.m),r},b.prototype.sub=function(t,i){this._verify2(t,i);var r=t.sub(i);return r.cmpn(0)<0&&r.iadd(this.m),r._forceRed(this)},b.prototype.isub=function(t,i){this._verify2(t,i);var r=t.isub(i);return r.cmpn(0)<0&&r.iadd(this.m),r},b.prototype.shl=function(t,i){return this._verify1(t),this.imod(t.ushln(i))},b.prototype.imul=function(t,i){return this._verify2(t,i),this.imod(t.imul(i))},b.prototype.mul=function(t,i){return this._verify2(t,i),this.imod(t.mul(i))},b.prototype.isqr=function(t){return this.imul(t,t.clone())},b.prototype.sqr=function(t){return this.mul(t,t)},b.prototype.sqrt=function(t){if(t.isZero())return t.clone();var i=this.m.andln(3);if(r(i%2==1),3===i){var h=this.m.add(new n(1)).iushrn(2);return this.pow(t,h)}for(var e=this.m.subn(1),o=0;!e.isZero()&&0===e.andln(1);)o++,e.iushrn(1);r(!e.isZero());var s=new n(1).toRed(this),u=s.redNeg(),a=this.m.subn(1).iushrn(1),l=this.m.bitLength();for(l=new n(2*l*l).toRed(this);0!==this.pow(l,a).cmp(u);)l.redIAdd(u);for(var m=this.pow(l,e),f=this.pow(t,e.addn(1).iushrn(1)),d=this.pow(t,e),p=o;0!==d.cmp(s);){for(var M=d,v=0;0!==M.cmp(s);v++)M=M.redSqr();r(v=0;h--){for(var a=i.words[h],l=u-1;l>=0;l--){var m=a>>l&1;e!==r[0]&&(e=this.sqr(e)),0!==m||0!==o?(o<<=1,o|=m,(4===++s||0===h&&0===l)&&(e=this.mul(e,r[o]),s=0,o=0)):s=0}u=26}return e},b.prototype.convertTo=function(t){var i=t.umod(this.m);return i===t?i.clone():i},b.prototype.convertFrom=function(t){var i=t.clone();return i.red=null,i},n.mont=function(t){return new _(t)},h(_,b),_.prototype.convertTo=function(t){return this.imod(t.ushln(this.shift))},_.prototype.convertFrom=function(t){var i=this.imod(t.mul(this.rinv));return i.red=null,i},_.prototype.imul=function(t,i){if(t.isZero()||i.isZero())return t.words[0]=0,t.length=1,t;var r=t.imul(i),h=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(h).iushrn(this.shift),e=n;return n.cmp(this.m)>=0?e=n.isub(this.m):n.cmpn(0)<0&&(e=n.iadd(this.m)),e._forceRed(this)},_.prototype.mul=function(t,i){if(t.isZero()||i.isZero())return new n(0)._forceRed(this);var r=t.mul(i),h=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),e=r.isub(h).iushrn(this.shift),o=e;return e.cmp(this.m)>=0?o=e.isub(this.m):e.cmpn(0)<0&&(o=e.iadd(this.m)),o._forceRed(this)},_.prototype.invm=function(t){return this.imod(t._invmp(this.m).mul(this.r2))._forceRed(this)}}(t,i)}));export default r;export{r as __moduleExports}; -//# sourceMappingURL=bn.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/bn.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/bn.min.mjs.map deleted file mode 100644 index 631314774..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.min.mjs.map +++ /dev/null @@ -1 +0,0 @@ -{"version":3,"file":"bn.min.mjs","sources":["../../node_modules/bn.js/lib/bn.js"],"sourcesContent":["(function (module, exports) {\n 'use strict';\n\n // Utils\n function assert (val, msg) {\n if (!val) throw new Error(msg || 'Assertion failed');\n }\n\n // Could use `inherits` module, but don't want to move from single file\n // architecture yet.\n function inherits (ctor, superCtor) {\n ctor.super_ = superCtor;\n var TempCtor = function () {};\n TempCtor.prototype = superCtor.prototype;\n ctor.prototype = new TempCtor();\n ctor.prototype.constructor = ctor;\n }\n\n // BN\n\n function BN (number, base, endian) {\n if (BN.isBN(number)) {\n return number;\n }\n\n this.negative = 0;\n this.words = null;\n this.length = 0;\n\n // Reduction context\n this.red = null;\n\n if (number !== null) {\n if (base === 'le' || base === 'be') {\n endian = base;\n base = 10;\n }\n\n this._init(number || 0, base || 10, endian || 'be');\n }\n }\n if (typeof module === 'object') {\n module.exports = BN;\n } else {\n exports.BN = BN;\n }\n\n BN.BN = BN;\n BN.wordSize = 26;\n\n var Buffer;\n try {\n Buffer = require('buffer').Buffer;\n } catch (e) {\n }\n\n BN.isBN = function isBN (num) {\n if (num instanceof BN) {\n return true;\n }\n\n return num !== null && typeof num === 'object' &&\n num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);\n };\n\n BN.max = function max (left, right) {\n if (left.cmp(right) > 0) return left;\n return right;\n };\n\n BN.min = function min (left, right) {\n if (left.cmp(right) < 0) return left;\n return right;\n };\n\n BN.prototype._init = function init (number, base, endian) {\n if (typeof number === 'number') {\n return this._initNumber(number, base, endian);\n }\n\n if (typeof number === 'object') {\n return this._initArray(number, base, endian);\n }\n\n if (base === 'hex') {\n base = 16;\n }\n assert(base === (base | 0) && base >= 2 && base <= 36);\n\n number = number.toString().replace(/\\s+/g, '');\n var start = 0;\n if (number[0] === '-') {\n start++;\n }\n\n if (base === 16) {\n this._parseHex(number, start);\n } else {\n this._parseBase(number, base, start);\n }\n\n if (number[0] === '-') {\n this.negative = 1;\n }\n\n this.strip();\n\n if (endian !== 'le') return;\n\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initNumber = function _initNumber (number, base, endian) {\n if (number < 0) {\n this.negative = 1;\n number = -number;\n }\n if (number < 0x4000000) {\n this.words = [ number & 0x3ffffff ];\n this.length = 1;\n } else if (number < 0x10000000000000) {\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff\n ];\n this.length = 2;\n } else {\n assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff,\n 1\n ];\n this.length = 3;\n }\n\n if (endian !== 'le') return;\n\n // Reverse the bytes\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initArray = function _initArray (number, base, endian) {\n // Perhaps a Uint8Array\n assert(typeof number.length === 'number');\n if (number.length <= 0) {\n this.words = [ 0 ];\n this.length = 1;\n return this;\n }\n\n this.length = Math.ceil(number.length / 3);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n var off = 0;\n if (endian === 'be') {\n for (i = number.length - 1, j = 0; i >= 0; i -= 3) {\n w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n } else if (endian === 'le') {\n for (i = 0, j = 0; i < number.length; i += 3) {\n w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n }\n return this.strip();\n };\n\n function parseHex (str, start, end) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r <<= 4;\n\n // 'a' - 'f'\n if (c >= 49 && c <= 54) {\n r |= c - 49 + 0xa;\n\n // 'A' - 'F'\n } else if (c >= 17 && c <= 22) {\n r |= c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r |= c & 0xf;\n }\n }\n return r;\n }\n\n BN.prototype._parseHex = function _parseHex (number, start) {\n // Create possibly bigger array to ensure that it fits the number\n this.length = Math.ceil((number.length - start) / 6);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n // Scan 24-bit chunks and add them to the number\n var off = 0;\n for (i = number.length - 6, j = 0; i >= start; i -= 6) {\n w = parseHex(number, i, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n if (i + 6 !== start) {\n w = parseHex(number, start, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n }\n this.strip();\n };\n\n function parseBase (str, start, end, mul) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r *= mul;\n\n // 'a'\n if (c >= 49) {\n r += c - 49 + 0xa;\n\n // 'A'\n } else if (c >= 17) {\n r += c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r += c;\n }\n }\n return r;\n }\n\n BN.prototype._parseBase = function _parseBase (number, base, start) {\n // Initialize as zero\n this.words = [ 0 ];\n this.length = 1;\n\n // Find length of limb in base\n for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {\n limbLen++;\n }\n limbLen--;\n limbPow = (limbPow / base) | 0;\n\n var total = number.length - start;\n var mod = total % limbLen;\n var end = Math.min(total, total - mod) + start;\n\n var word = 0;\n for (var i = start; i < end; i += limbLen) {\n word = parseBase(number, i, i + limbLen, base);\n\n this.imuln(limbPow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n\n if (mod !== 0) {\n var pow = 1;\n word = parseBase(number, i, number.length, base);\n\n for (i = 0; i < mod; i++) {\n pow *= base;\n }\n\n this.imuln(pow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n };\n\n BN.prototype.copy = function copy (dest) {\n dest.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n dest.words[i] = this.words[i];\n }\n dest.length = this.length;\n dest.negative = this.negative;\n dest.red = this.red;\n };\n\n BN.prototype.clone = function clone () {\n var r = new BN(null);\n this.copy(r);\n return r;\n };\n\n BN.prototype._expand = function _expand (size) {\n while (this.length < size) {\n this.words[this.length++] = 0;\n }\n return this;\n };\n\n // Remove leading `0` from `this`\n BN.prototype.strip = function strip () {\n while (this.length > 1 && this.words[this.length - 1] === 0) {\n this.length--;\n }\n return this._normSign();\n };\n\n BN.prototype._normSign = function _normSign () {\n // -0 = 0\n if (this.length === 1 && this.words[0] === 0) {\n this.negative = 0;\n }\n return this;\n };\n\n BN.prototype.inspect = function inspect () {\n return (this.red ? '';\n };\n\n /*\n\n var zeros = [];\n var groupSizes = [];\n var groupBases = [];\n\n var s = '';\n var i = -1;\n while (++i < BN.wordSize) {\n zeros[i] = s;\n s += '0';\n }\n groupSizes[0] = 0;\n groupSizes[1] = 0;\n groupBases[0] = 0;\n groupBases[1] = 0;\n var base = 2 - 1;\n while (++base < 36 + 1) {\n var groupSize = 0;\n var groupBase = 1;\n while (groupBase < (1 << BN.wordSize) / base) {\n groupBase *= base;\n groupSize += 1;\n }\n groupSizes[base] = groupSize;\n groupBases[base] = groupBase;\n }\n\n */\n\n var zeros = [\n '',\n '0',\n '00',\n '000',\n '0000',\n '00000',\n '000000',\n '0000000',\n '00000000',\n '000000000',\n '0000000000',\n '00000000000',\n '000000000000',\n '0000000000000',\n '00000000000000',\n '000000000000000',\n '0000000000000000',\n '00000000000000000',\n '000000000000000000',\n '0000000000000000000',\n '00000000000000000000',\n '000000000000000000000',\n '0000000000000000000000',\n '00000000000000000000000',\n '000000000000000000000000',\n '0000000000000000000000000'\n ];\n\n var groupSizes = [\n 0, 0,\n 25, 16, 12, 11, 10, 9, 8,\n 8, 7, 7, 7, 7, 6, 6,\n 6, 6, 6, 6, 6, 5, 5,\n 5, 5, 5, 5, 5, 5, 5,\n 5, 5, 5, 5, 5, 5, 5\n ];\n\n var groupBases = [\n 0, 0,\n 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,\n 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,\n 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,\n 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,\n 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176\n ];\n\n BN.prototype.toString = function toString (base, padding) {\n base = base || 10;\n padding = padding | 0 || 1;\n\n var out;\n if (base === 16 || base === 'hex') {\n out = '';\n var off = 0;\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = this.words[i];\n var word = (((w << off) | carry) & 0xffffff).toString(16);\n carry = (w >>> (24 - off)) & 0xffffff;\n if (carry !== 0 || i !== this.length - 1) {\n out = zeros[6 - word.length] + word + out;\n } else {\n out = word + out;\n }\n off += 2;\n if (off >= 26) {\n off -= 26;\n i--;\n }\n }\n if (carry !== 0) {\n out = carry.toString(16) + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n if (base === (base | 0) && base >= 2 && base <= 36) {\n // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));\n var groupSize = groupSizes[base];\n // var groupBase = Math.pow(base, groupSize);\n var groupBase = groupBases[base];\n out = '';\n var c = this.clone();\n c.negative = 0;\n while (!c.isZero()) {\n var r = c.modn(groupBase).toString(base);\n c = c.idivn(groupBase);\n\n if (!c.isZero()) {\n out = zeros[groupSize - r.length] + r + out;\n } else {\n out = r + out;\n }\n }\n if (this.isZero()) {\n out = '0' + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n assert(false, 'Base should be between 2 and 36');\n };\n\n BN.prototype.toNumber = function toNumber () {\n var ret = this.words[0];\n if (this.length === 2) {\n ret += this.words[1] * 0x4000000;\n } else if (this.length === 3 && this.words[2] === 0x01) {\n // NOTE: at this stage it is known that the top bit is set\n ret += 0x10000000000000 + (this.words[1] * 0x4000000);\n } else if (this.length > 2) {\n assert(false, 'Number can only safely store up to 53 bits');\n }\n return (this.negative !== 0) ? -ret : ret;\n };\n\n BN.prototype.toJSON = function toJSON () {\n return this.toString(16);\n };\n\n BN.prototype.toBuffer = function toBuffer (endian, length) {\n assert(typeof Buffer !== 'undefined');\n return this.toArrayLike(Buffer, endian, length);\n };\n\n BN.prototype.toArray = function toArray (endian, length) {\n return this.toArrayLike(Array, endian, length);\n };\n\n BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {\n var byteLength = this.byteLength();\n var reqLength = length || Math.max(1, byteLength);\n assert(byteLength <= reqLength, 'byte array longer than desired length');\n assert(reqLength > 0, 'Requested array length <= 0');\n\n this.strip();\n var littleEndian = endian === 'le';\n var res = new ArrayType(reqLength);\n\n var b, i;\n var q = this.clone();\n if (!littleEndian) {\n // Assume big-endian\n for (i = 0; i < reqLength - byteLength; i++) {\n res[i] = 0;\n }\n\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[reqLength - i - 1] = b;\n }\n } else {\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[i] = b;\n }\n\n for (; i < reqLength; i++) {\n res[i] = 0;\n }\n }\n\n return res;\n };\n\n if (Math.clz32) {\n BN.prototype._countBits = function _countBits (w) {\n return 32 - Math.clz32(w);\n };\n } else {\n BN.prototype._countBits = function _countBits (w) {\n var t = w;\n var r = 0;\n if (t >= 0x1000) {\n r += 13;\n t >>>= 13;\n }\n if (t >= 0x40) {\n r += 7;\n t >>>= 7;\n }\n if (t >= 0x8) {\n r += 4;\n t >>>= 4;\n }\n if (t >= 0x02) {\n r += 2;\n t >>>= 2;\n }\n return r + t;\n };\n }\n\n BN.prototype._zeroBits = function _zeroBits (w) {\n // Short-cut\n if (w === 0) return 26;\n\n var t = w;\n var r = 0;\n if ((t & 0x1fff) === 0) {\n r += 13;\n t >>>= 13;\n }\n if ((t & 0x7f) === 0) {\n r += 7;\n t >>>= 7;\n }\n if ((t & 0xf) === 0) {\n r += 4;\n t >>>= 4;\n }\n if ((t & 0x3) === 0) {\n r += 2;\n t >>>= 2;\n }\n if ((t & 0x1) === 0) {\n r++;\n }\n return r;\n };\n\n // Return number of used bits in a BN\n BN.prototype.bitLength = function bitLength () {\n var w = this.words[this.length - 1];\n var hi = this._countBits(w);\n return (this.length - 1) * 26 + hi;\n };\n\n function toBitArray (num) {\n var w = new Array(num.bitLength());\n\n for (var bit = 0; bit < w.length; bit++) {\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;\n }\n\n return w;\n }\n\n // Number of trailing zero bits\n BN.prototype.zeroBits = function zeroBits () {\n if (this.isZero()) return 0;\n\n var r = 0;\n for (var i = 0; i < this.length; i++) {\n var b = this._zeroBits(this.words[i]);\n r += b;\n if (b !== 26) break;\n }\n return r;\n };\n\n BN.prototype.byteLength = function byteLength () {\n return Math.ceil(this.bitLength() / 8);\n };\n\n BN.prototype.toTwos = function toTwos (width) {\n if (this.negative !== 0) {\n return this.abs().inotn(width).iaddn(1);\n }\n return this.clone();\n };\n\n BN.prototype.fromTwos = function fromTwos (width) {\n if (this.testn(width - 1)) {\n return this.notn(width).iaddn(1).ineg();\n }\n return this.clone();\n };\n\n BN.prototype.isNeg = function isNeg () {\n return this.negative !== 0;\n };\n\n // Return negative clone of `this`\n BN.prototype.neg = function neg () {\n return this.clone().ineg();\n };\n\n BN.prototype.ineg = function ineg () {\n if (!this.isZero()) {\n this.negative ^= 1;\n }\n\n return this;\n };\n\n // Or `num` with `this` in-place\n BN.prototype.iuor = function iuor (num) {\n while (this.length < num.length) {\n this.words[this.length++] = 0;\n }\n\n for (var i = 0; i < num.length; i++) {\n this.words[i] = this.words[i] | num.words[i];\n }\n\n return this.strip();\n };\n\n BN.prototype.ior = function ior (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuor(num);\n };\n\n // Or `num` with `this`\n BN.prototype.or = function or (num) {\n if (this.length > num.length) return this.clone().ior(num);\n return num.clone().ior(this);\n };\n\n BN.prototype.uor = function uor (num) {\n if (this.length > num.length) return this.clone().iuor(num);\n return num.clone().iuor(this);\n };\n\n // And `num` with `this` in-place\n BN.prototype.iuand = function iuand (num) {\n // b = min-length(num, this)\n var b;\n if (this.length > num.length) {\n b = num;\n } else {\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = this.words[i] & num.words[i];\n }\n\n this.length = b.length;\n\n return this.strip();\n };\n\n BN.prototype.iand = function iand (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuand(num);\n };\n\n // And `num` with `this`\n BN.prototype.and = function and (num) {\n if (this.length > num.length) return this.clone().iand(num);\n return num.clone().iand(this);\n };\n\n BN.prototype.uand = function uand (num) {\n if (this.length > num.length) return this.clone().iuand(num);\n return num.clone().iuand(this);\n };\n\n // Xor `num` with `this` in-place\n BN.prototype.iuxor = function iuxor (num) {\n // a.length > b.length\n var a;\n var b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = a.words[i] ^ b.words[i];\n }\n\n if (this !== a) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = a.length;\n\n return this.strip();\n };\n\n BN.prototype.ixor = function ixor (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuxor(num);\n };\n\n // Xor `num` with `this`\n BN.prototype.xor = function xor (num) {\n if (this.length > num.length) return this.clone().ixor(num);\n return num.clone().ixor(this);\n };\n\n BN.prototype.uxor = function uxor (num) {\n if (this.length > num.length) return this.clone().iuxor(num);\n return num.clone().iuxor(this);\n };\n\n // Not ``this`` with ``width`` bitwidth\n BN.prototype.inotn = function inotn (width) {\n assert(typeof width === 'number' && width >= 0);\n\n var bytesNeeded = Math.ceil(width / 26) | 0;\n var bitsLeft = width % 26;\n\n // Extend the buffer with leading zeroes\n this._expand(bytesNeeded);\n\n if (bitsLeft > 0) {\n bytesNeeded--;\n }\n\n // Handle complete words\n for (var i = 0; i < bytesNeeded; i++) {\n this.words[i] = ~this.words[i] & 0x3ffffff;\n }\n\n // Handle the residue\n if (bitsLeft > 0) {\n this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));\n }\n\n // And remove leading zeroes\n return this.strip();\n };\n\n BN.prototype.notn = function notn (width) {\n return this.clone().inotn(width);\n };\n\n // Set `bit` of `this`\n BN.prototype.setn = function setn (bit, val) {\n assert(typeof bit === 'number' && bit >= 0);\n\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n this._expand(off + 1);\n\n if (val) {\n this.words[off] = this.words[off] | (1 << wbit);\n } else {\n this.words[off] = this.words[off] & ~(1 << wbit);\n }\n\n return this.strip();\n };\n\n // Add `num` to `this` in-place\n BN.prototype.iadd = function iadd (num) {\n var r;\n\n // negative + positive\n if (this.negative !== 0 && num.negative === 0) {\n this.negative = 0;\n r = this.isub(num);\n this.negative ^= 1;\n return this._normSign();\n\n // positive + negative\n } else if (this.negative === 0 && num.negative !== 0) {\n num.negative = 0;\n r = this.isub(num);\n num.negative = 1;\n return r._normSign();\n }\n\n // a.length > b.length\n var a, b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) + (b.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n\n this.length = a.length;\n if (carry !== 0) {\n this.words[this.length] = carry;\n this.length++;\n // Copy the rest of the words\n } else if (a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n return this;\n };\n\n // Add `num` to `this`\n BN.prototype.add = function add (num) {\n var res;\n if (num.negative !== 0 && this.negative === 0) {\n num.negative = 0;\n res = this.sub(num);\n num.negative ^= 1;\n return res;\n } else if (num.negative === 0 && this.negative !== 0) {\n this.negative = 0;\n res = num.sub(this);\n this.negative = 1;\n return res;\n }\n\n if (this.length > num.length) return this.clone().iadd(num);\n\n return num.clone().iadd(this);\n };\n\n // Subtract `num` from `this` in-place\n BN.prototype.isub = function isub (num) {\n // this - (-num) = this + num\n if (num.negative !== 0) {\n num.negative = 0;\n var r = this.iadd(num);\n num.negative = 1;\n return r._normSign();\n\n // -this - num = -(this + num)\n } else if (this.negative !== 0) {\n this.negative = 0;\n this.iadd(num);\n this.negative = 1;\n return this._normSign();\n }\n\n // At this point both numbers are positive\n var cmp = this.cmp(num);\n\n // Optimization - zeroify\n if (cmp === 0) {\n this.negative = 0;\n this.length = 1;\n this.words[0] = 0;\n return this;\n }\n\n // a > b\n var a, b;\n if (cmp > 0) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) - (b.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n\n // Copy rest of the words\n if (carry === 0 && i < a.length && a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = Math.max(this.length, i);\n\n if (a !== this) {\n this.negative = 1;\n }\n\n return this.strip();\n };\n\n // Subtract `num` from `this`\n BN.prototype.sub = function sub (num) {\n return this.clone().isub(num);\n };\n\n function smallMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n var len = (self.length + num.length) | 0;\n out.length = len;\n len = (len - 1) | 0;\n\n // Peel one iteration (compiler can't do it, because of code complexity)\n var a = self.words[0] | 0;\n var b = num.words[0] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n var carry = (r / 0x4000000) | 0;\n out.words[0] = lo;\n\n for (var k = 1; k < len; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = carry >>> 26;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = (k - j) | 0;\n a = self.words[i] | 0;\n b = num.words[j] | 0;\n r = a * b + rword;\n ncarry += (r / 0x4000000) | 0;\n rword = r & 0x3ffffff;\n }\n out.words[k] = rword | 0;\n carry = ncarry | 0;\n }\n if (carry !== 0) {\n out.words[k] = carry | 0;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n // TODO(indutny): it may be reasonable to omit it for users who don't need\n // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit\n // multiplication (like elliptic secp256k1).\n var comb10MulTo = function comb10MulTo (self, num, out) {\n var a = self.words;\n var b = num.words;\n var o = out.words;\n var c = 0;\n var lo;\n var mid;\n var hi;\n var a0 = a[0] | 0;\n var al0 = a0 & 0x1fff;\n var ah0 = a0 >>> 13;\n var a1 = a[1] | 0;\n var al1 = a1 & 0x1fff;\n var ah1 = a1 >>> 13;\n var a2 = a[2] | 0;\n var al2 = a2 & 0x1fff;\n var ah2 = a2 >>> 13;\n var a3 = a[3] | 0;\n var al3 = a3 & 0x1fff;\n var ah3 = a3 >>> 13;\n var a4 = a[4] | 0;\n var al4 = a4 & 0x1fff;\n var ah4 = a4 >>> 13;\n var a5 = a[5] | 0;\n var al5 = a5 & 0x1fff;\n var ah5 = a5 >>> 13;\n var a6 = a[6] | 0;\n var al6 = a6 & 0x1fff;\n var ah6 = a6 >>> 13;\n var a7 = a[7] | 0;\n var al7 = a7 & 0x1fff;\n var ah7 = a7 >>> 13;\n var a8 = a[8] | 0;\n var al8 = a8 & 0x1fff;\n var ah8 = a8 >>> 13;\n var a9 = a[9] | 0;\n var al9 = a9 & 0x1fff;\n var ah9 = a9 >>> 13;\n var b0 = b[0] | 0;\n var bl0 = b0 & 0x1fff;\n var bh0 = b0 >>> 13;\n var b1 = b[1] | 0;\n var bl1 = b1 & 0x1fff;\n var bh1 = b1 >>> 13;\n var b2 = b[2] | 0;\n var bl2 = b2 & 0x1fff;\n var bh2 = b2 >>> 13;\n var b3 = b[3] | 0;\n var bl3 = b3 & 0x1fff;\n var bh3 = b3 >>> 13;\n var b4 = b[4] | 0;\n var bl4 = b4 & 0x1fff;\n var bh4 = b4 >>> 13;\n var b5 = b[5] | 0;\n var bl5 = b5 & 0x1fff;\n var bh5 = b5 >>> 13;\n var b6 = b[6] | 0;\n var bl6 = b6 & 0x1fff;\n var bh6 = b6 >>> 13;\n var b7 = b[7] | 0;\n var bl7 = b7 & 0x1fff;\n var bh7 = b7 >>> 13;\n var b8 = b[8] | 0;\n var bl8 = b8 & 0x1fff;\n var bh8 = b8 >>> 13;\n var b9 = b[9] | 0;\n var bl9 = b9 & 0x1fff;\n var bh9 = b9 >>> 13;\n\n out.negative = self.negative ^ num.negative;\n out.length = 19;\n /* k = 0 */\n lo = Math.imul(al0, bl0);\n mid = Math.imul(al0, bh0);\n mid = (mid + Math.imul(ah0, bl0)) | 0;\n hi = Math.imul(ah0, bh0);\n var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;\n w0 &= 0x3ffffff;\n /* k = 1 */\n lo = Math.imul(al1, bl0);\n mid = Math.imul(al1, bh0);\n mid = (mid + Math.imul(ah1, bl0)) | 0;\n hi = Math.imul(ah1, bh0);\n lo = (lo + Math.imul(al0, bl1)) | 0;\n mid = (mid + Math.imul(al0, bh1)) | 0;\n mid = (mid + Math.imul(ah0, bl1)) | 0;\n hi = (hi + Math.imul(ah0, bh1)) | 0;\n var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;\n w1 &= 0x3ffffff;\n /* k = 2 */\n lo = Math.imul(al2, bl0);\n mid = Math.imul(al2, bh0);\n mid = (mid + Math.imul(ah2, bl0)) | 0;\n hi = Math.imul(ah2, bh0);\n lo = (lo + Math.imul(al1, bl1)) | 0;\n mid = (mid + Math.imul(al1, bh1)) | 0;\n mid = (mid + Math.imul(ah1, bl1)) | 0;\n hi = (hi + Math.imul(ah1, bh1)) | 0;\n lo = (lo + Math.imul(al0, bl2)) | 0;\n mid = (mid + Math.imul(al0, bh2)) | 0;\n mid = (mid + Math.imul(ah0, bl2)) | 0;\n hi = (hi + Math.imul(ah0, bh2)) | 0;\n var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;\n w2 &= 0x3ffffff;\n /* k = 3 */\n lo = Math.imul(al3, bl0);\n mid = Math.imul(al3, bh0);\n mid = (mid + Math.imul(ah3, bl0)) | 0;\n hi = Math.imul(ah3, bh0);\n lo = (lo + Math.imul(al2, bl1)) | 0;\n mid = (mid + Math.imul(al2, bh1)) | 0;\n mid = (mid + Math.imul(ah2, bl1)) | 0;\n hi = (hi + Math.imul(ah2, bh1)) | 0;\n lo = (lo + Math.imul(al1, bl2)) | 0;\n mid = (mid + Math.imul(al1, bh2)) | 0;\n mid = (mid + Math.imul(ah1, bl2)) | 0;\n hi = (hi + Math.imul(ah1, bh2)) | 0;\n lo = (lo + Math.imul(al0, bl3)) | 0;\n mid = (mid + Math.imul(al0, bh3)) | 0;\n mid = (mid + Math.imul(ah0, bl3)) | 0;\n hi = (hi + Math.imul(ah0, bh3)) | 0;\n var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;\n w3 &= 0x3ffffff;\n /* k = 4 */\n lo = Math.imul(al4, bl0);\n mid = Math.imul(al4, bh0);\n mid = (mid + Math.imul(ah4, bl0)) | 0;\n hi = Math.imul(ah4, bh0);\n lo = (lo + Math.imul(al3, bl1)) | 0;\n mid = (mid + Math.imul(al3, bh1)) | 0;\n mid = (mid + Math.imul(ah3, bl1)) | 0;\n hi = (hi + Math.imul(ah3, bh1)) | 0;\n lo = (lo + Math.imul(al2, bl2)) | 0;\n mid = (mid + Math.imul(al2, bh2)) | 0;\n mid = (mid + Math.imul(ah2, bl2)) | 0;\n hi = (hi + Math.imul(ah2, bh2)) | 0;\n lo = (lo + Math.imul(al1, bl3)) | 0;\n mid = (mid + Math.imul(al1, bh3)) | 0;\n mid = (mid + Math.imul(ah1, bl3)) | 0;\n hi = (hi + Math.imul(ah1, bh3)) | 0;\n lo = (lo + Math.imul(al0, bl4)) | 0;\n mid = (mid + Math.imul(al0, bh4)) | 0;\n mid = (mid + Math.imul(ah0, bl4)) | 0;\n hi = (hi + Math.imul(ah0, bh4)) | 0;\n var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;\n w4 &= 0x3ffffff;\n /* k = 5 */\n lo = Math.imul(al5, bl0);\n mid = Math.imul(al5, bh0);\n mid = (mid + Math.imul(ah5, bl0)) | 0;\n hi = Math.imul(ah5, bh0);\n lo = (lo + Math.imul(al4, bl1)) | 0;\n mid = (mid + Math.imul(al4, bh1)) | 0;\n mid = (mid + Math.imul(ah4, bl1)) | 0;\n hi = (hi + Math.imul(ah4, bh1)) | 0;\n lo = (lo + Math.imul(al3, bl2)) | 0;\n mid = (mid + Math.imul(al3, bh2)) | 0;\n mid = (mid + Math.imul(ah3, bl2)) | 0;\n hi = (hi + Math.imul(ah3, bh2)) | 0;\n lo = (lo + Math.imul(al2, bl3)) | 0;\n mid = (mid + Math.imul(al2, bh3)) | 0;\n mid = (mid + Math.imul(ah2, bl3)) | 0;\n hi = (hi + Math.imul(ah2, bh3)) | 0;\n lo = (lo + Math.imul(al1, bl4)) | 0;\n mid = (mid + Math.imul(al1, bh4)) | 0;\n mid = (mid + Math.imul(ah1, bl4)) | 0;\n hi = (hi + Math.imul(ah1, bh4)) | 0;\n lo = (lo + Math.imul(al0, bl5)) | 0;\n mid = (mid + Math.imul(al0, bh5)) | 0;\n mid = (mid + Math.imul(ah0, bl5)) | 0;\n hi = (hi + Math.imul(ah0, bh5)) | 0;\n var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;\n w5 &= 0x3ffffff;\n /* k = 6 */\n lo = Math.imul(al6, bl0);\n mid = Math.imul(al6, bh0);\n mid = (mid + Math.imul(ah6, bl0)) | 0;\n hi = Math.imul(ah6, bh0);\n lo = (lo + Math.imul(al5, bl1)) | 0;\n mid = (mid + Math.imul(al5, bh1)) | 0;\n mid = (mid + Math.imul(ah5, bl1)) | 0;\n hi = (hi + Math.imul(ah5, bh1)) | 0;\n lo = (lo + Math.imul(al4, bl2)) | 0;\n mid = (mid + Math.imul(al4, bh2)) | 0;\n mid = (mid + Math.imul(ah4, bl2)) | 0;\n hi = (hi + Math.imul(ah4, bh2)) | 0;\n lo = (lo + Math.imul(al3, bl3)) | 0;\n mid = (mid + Math.imul(al3, bh3)) | 0;\n mid = (mid + Math.imul(ah3, bl3)) | 0;\n hi = (hi + Math.imul(ah3, bh3)) | 0;\n lo = (lo + Math.imul(al2, bl4)) | 0;\n mid = (mid + Math.imul(al2, bh4)) | 0;\n mid = (mid + Math.imul(ah2, bl4)) | 0;\n hi = (hi + Math.imul(ah2, bh4)) | 0;\n lo = (lo + Math.imul(al1, bl5)) | 0;\n mid = (mid + Math.imul(al1, bh5)) | 0;\n mid = (mid + Math.imul(ah1, bl5)) | 0;\n hi = (hi + Math.imul(ah1, bh5)) | 0;\n lo = (lo + Math.imul(al0, bl6)) | 0;\n mid = (mid + Math.imul(al0, bh6)) | 0;\n mid = (mid + Math.imul(ah0, bl6)) | 0;\n hi = (hi + Math.imul(ah0, bh6)) | 0;\n var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;\n w6 &= 0x3ffffff;\n /* k = 7 */\n lo = Math.imul(al7, bl0);\n mid = Math.imul(al7, bh0);\n mid = (mid + Math.imul(ah7, bl0)) | 0;\n hi = Math.imul(ah7, bh0);\n lo = (lo + Math.imul(al6, bl1)) | 0;\n mid = (mid + Math.imul(al6, bh1)) | 0;\n mid = (mid + Math.imul(ah6, bl1)) | 0;\n hi = (hi + Math.imul(ah6, bh1)) | 0;\n lo = (lo + Math.imul(al5, bl2)) | 0;\n mid = (mid + Math.imul(al5, bh2)) | 0;\n mid = (mid + Math.imul(ah5, bl2)) | 0;\n hi = (hi + Math.imul(ah5, bh2)) | 0;\n lo = (lo + Math.imul(al4, bl3)) | 0;\n mid = (mid + Math.imul(al4, bh3)) | 0;\n mid = (mid + Math.imul(ah4, bl3)) | 0;\n hi = (hi + Math.imul(ah4, bh3)) | 0;\n lo = (lo + Math.imul(al3, bl4)) | 0;\n mid = (mid + Math.imul(al3, bh4)) | 0;\n mid = (mid + Math.imul(ah3, bl4)) | 0;\n hi = (hi + Math.imul(ah3, bh4)) | 0;\n lo = (lo + Math.imul(al2, bl5)) | 0;\n mid = (mid + Math.imul(al2, bh5)) | 0;\n mid = (mid + Math.imul(ah2, bl5)) | 0;\n hi = (hi + Math.imul(ah2, bh5)) | 0;\n lo = (lo + Math.imul(al1, bl6)) | 0;\n mid = (mid + Math.imul(al1, bh6)) | 0;\n mid = (mid + Math.imul(ah1, bl6)) | 0;\n hi = (hi + Math.imul(ah1, bh6)) | 0;\n lo = (lo + Math.imul(al0, bl7)) | 0;\n mid = (mid + Math.imul(al0, bh7)) | 0;\n mid = (mid + Math.imul(ah0, bl7)) | 0;\n hi = (hi + Math.imul(ah0, bh7)) | 0;\n var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;\n w7 &= 0x3ffffff;\n /* k = 8 */\n lo = Math.imul(al8, bl0);\n mid = Math.imul(al8, bh0);\n mid = (mid + Math.imul(ah8, bl0)) | 0;\n hi = Math.imul(ah8, bh0);\n lo = (lo + Math.imul(al7, bl1)) | 0;\n mid = (mid + Math.imul(al7, bh1)) | 0;\n mid = (mid + Math.imul(ah7, bl1)) | 0;\n hi = (hi + Math.imul(ah7, bh1)) | 0;\n lo = (lo + Math.imul(al6, bl2)) | 0;\n mid = (mid + Math.imul(al6, bh2)) | 0;\n mid = (mid + Math.imul(ah6, bl2)) | 0;\n hi = (hi + Math.imul(ah6, bh2)) | 0;\n lo = (lo + Math.imul(al5, bl3)) | 0;\n mid = (mid + Math.imul(al5, bh3)) | 0;\n mid = (mid + Math.imul(ah5, bl3)) | 0;\n hi = (hi + Math.imul(ah5, bh3)) | 0;\n lo = (lo + Math.imul(al4, bl4)) | 0;\n mid = (mid + Math.imul(al4, bh4)) | 0;\n mid = (mid + Math.imul(ah4, bl4)) | 0;\n hi = (hi + Math.imul(ah4, bh4)) | 0;\n lo = (lo + Math.imul(al3, bl5)) | 0;\n mid = (mid + Math.imul(al3, bh5)) | 0;\n mid = (mid + Math.imul(ah3, bl5)) | 0;\n hi = (hi + Math.imul(ah3, bh5)) | 0;\n lo = (lo + Math.imul(al2, bl6)) | 0;\n mid = (mid + Math.imul(al2, bh6)) | 0;\n mid = (mid + Math.imul(ah2, bl6)) | 0;\n hi = (hi + Math.imul(ah2, bh6)) | 0;\n lo = (lo + Math.imul(al1, bl7)) | 0;\n mid = (mid + Math.imul(al1, bh7)) | 0;\n mid = (mid + Math.imul(ah1, bl7)) | 0;\n hi = (hi + Math.imul(ah1, bh7)) | 0;\n lo = (lo + Math.imul(al0, bl8)) | 0;\n mid = (mid + Math.imul(al0, bh8)) | 0;\n mid = (mid + Math.imul(ah0, bl8)) | 0;\n hi = (hi + Math.imul(ah0, bh8)) | 0;\n var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;\n w8 &= 0x3ffffff;\n /* k = 9 */\n lo = Math.imul(al9, bl0);\n mid = Math.imul(al9, bh0);\n mid = (mid + Math.imul(ah9, bl0)) | 0;\n hi = Math.imul(ah9, bh0);\n lo = (lo + Math.imul(al8, bl1)) | 0;\n mid = (mid + Math.imul(al8, bh1)) | 0;\n mid = (mid + Math.imul(ah8, bl1)) | 0;\n hi = (hi + Math.imul(ah8, bh1)) | 0;\n lo = (lo + Math.imul(al7, bl2)) | 0;\n mid = (mid + Math.imul(al7, bh2)) | 0;\n mid = (mid + Math.imul(ah7, bl2)) | 0;\n hi = (hi + Math.imul(ah7, bh2)) | 0;\n lo = (lo + Math.imul(al6, bl3)) | 0;\n mid = (mid + Math.imul(al6, bh3)) | 0;\n mid = (mid + Math.imul(ah6, bl3)) | 0;\n hi = (hi + Math.imul(ah6, bh3)) | 0;\n lo = (lo + Math.imul(al5, bl4)) | 0;\n mid = (mid + Math.imul(al5, bh4)) | 0;\n mid = (mid + Math.imul(ah5, bl4)) | 0;\n hi = (hi + Math.imul(ah5, bh4)) | 0;\n lo = (lo + Math.imul(al4, bl5)) | 0;\n mid = (mid + Math.imul(al4, bh5)) | 0;\n mid = (mid + Math.imul(ah4, bl5)) | 0;\n hi = (hi + Math.imul(ah4, bh5)) | 0;\n lo = (lo + Math.imul(al3, bl6)) | 0;\n mid = (mid + Math.imul(al3, bh6)) | 0;\n mid = (mid + Math.imul(ah3, bl6)) | 0;\n hi = (hi + Math.imul(ah3, bh6)) | 0;\n lo = (lo + Math.imul(al2, bl7)) | 0;\n mid = (mid + Math.imul(al2, bh7)) | 0;\n mid = (mid + Math.imul(ah2, bl7)) | 0;\n hi = (hi + Math.imul(ah2, bh7)) | 0;\n lo = (lo + Math.imul(al1, bl8)) | 0;\n mid = (mid + Math.imul(al1, bh8)) | 0;\n mid = (mid + Math.imul(ah1, bl8)) | 0;\n hi = (hi + Math.imul(ah1, bh8)) | 0;\n lo = (lo + Math.imul(al0, bl9)) | 0;\n mid = (mid + Math.imul(al0, bh9)) | 0;\n mid = (mid + Math.imul(ah0, bl9)) | 0;\n hi = (hi + Math.imul(ah0, bh9)) | 0;\n var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;\n w9 &= 0x3ffffff;\n /* k = 10 */\n lo = Math.imul(al9, bl1);\n mid = Math.imul(al9, bh1);\n mid = (mid + Math.imul(ah9, bl1)) | 0;\n hi = Math.imul(ah9, bh1);\n lo = (lo + Math.imul(al8, bl2)) | 0;\n mid = (mid + Math.imul(al8, bh2)) | 0;\n mid = (mid + Math.imul(ah8, bl2)) | 0;\n hi = (hi + Math.imul(ah8, bh2)) | 0;\n lo = (lo + Math.imul(al7, bl3)) | 0;\n mid = (mid + Math.imul(al7, bh3)) | 0;\n mid = (mid + Math.imul(ah7, bl3)) | 0;\n hi = (hi + Math.imul(ah7, bh3)) | 0;\n lo = (lo + Math.imul(al6, bl4)) | 0;\n mid = (mid + Math.imul(al6, bh4)) | 0;\n mid = (mid + Math.imul(ah6, bl4)) | 0;\n hi = (hi + Math.imul(ah6, bh4)) | 0;\n lo = (lo + Math.imul(al5, bl5)) | 0;\n mid = (mid + Math.imul(al5, bh5)) | 0;\n mid = (mid + Math.imul(ah5, bl5)) | 0;\n hi = (hi + Math.imul(ah5, bh5)) | 0;\n lo = (lo + Math.imul(al4, bl6)) | 0;\n mid = (mid + Math.imul(al4, bh6)) | 0;\n mid = (mid + Math.imul(ah4, bl6)) | 0;\n hi = (hi + Math.imul(ah4, bh6)) | 0;\n lo = (lo + Math.imul(al3, bl7)) | 0;\n mid = (mid + Math.imul(al3, bh7)) | 0;\n mid = (mid + Math.imul(ah3, bl7)) | 0;\n hi = (hi + Math.imul(ah3, bh7)) | 0;\n lo = (lo + Math.imul(al2, bl8)) | 0;\n mid = (mid + Math.imul(al2, bh8)) | 0;\n mid = (mid + Math.imul(ah2, bl8)) | 0;\n hi = (hi + Math.imul(ah2, bh8)) | 0;\n lo = (lo + Math.imul(al1, bl9)) | 0;\n mid = (mid + Math.imul(al1, bh9)) | 0;\n mid = (mid + Math.imul(ah1, bl9)) | 0;\n hi = (hi + Math.imul(ah1, bh9)) | 0;\n var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;\n w10 &= 0x3ffffff;\n /* k = 11 */\n lo = Math.imul(al9, bl2);\n mid = Math.imul(al9, bh2);\n mid = (mid + Math.imul(ah9, bl2)) | 0;\n hi = Math.imul(ah9, bh2);\n lo = (lo + Math.imul(al8, bl3)) | 0;\n mid = (mid + Math.imul(al8, bh3)) | 0;\n mid = (mid + Math.imul(ah8, bl3)) | 0;\n hi = (hi + Math.imul(ah8, bh3)) | 0;\n lo = (lo + Math.imul(al7, bl4)) | 0;\n mid = (mid + Math.imul(al7, bh4)) | 0;\n mid = (mid + Math.imul(ah7, bl4)) | 0;\n hi = (hi + Math.imul(ah7, bh4)) | 0;\n lo = (lo + Math.imul(al6, bl5)) | 0;\n mid = (mid + Math.imul(al6, bh5)) | 0;\n mid = (mid + Math.imul(ah6, bl5)) | 0;\n hi = (hi + Math.imul(ah6, bh5)) | 0;\n lo = (lo + Math.imul(al5, bl6)) | 0;\n mid = (mid + Math.imul(al5, bh6)) | 0;\n mid = (mid + Math.imul(ah5, bl6)) | 0;\n hi = (hi + Math.imul(ah5, bh6)) | 0;\n lo = (lo + Math.imul(al4, bl7)) | 0;\n mid = (mid + Math.imul(al4, bh7)) | 0;\n mid = (mid + Math.imul(ah4, bl7)) | 0;\n hi = (hi + Math.imul(ah4, bh7)) | 0;\n lo = (lo + Math.imul(al3, bl8)) | 0;\n mid = (mid + Math.imul(al3, bh8)) | 0;\n mid = (mid + Math.imul(ah3, bl8)) | 0;\n hi = (hi + Math.imul(ah3, bh8)) | 0;\n lo = (lo + Math.imul(al2, bl9)) | 0;\n mid = (mid + Math.imul(al2, bh9)) | 0;\n mid = (mid + Math.imul(ah2, bl9)) | 0;\n hi = (hi + Math.imul(ah2, bh9)) | 0;\n var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;\n w11 &= 0x3ffffff;\n /* k = 12 */\n lo = Math.imul(al9, bl3);\n mid = Math.imul(al9, bh3);\n mid = (mid + Math.imul(ah9, bl3)) | 0;\n hi = Math.imul(ah9, bh3);\n lo = (lo + Math.imul(al8, bl4)) | 0;\n mid = (mid + Math.imul(al8, bh4)) | 0;\n mid = (mid + Math.imul(ah8, bl4)) | 0;\n hi = (hi + Math.imul(ah8, bh4)) | 0;\n lo = (lo + Math.imul(al7, bl5)) | 0;\n mid = (mid + Math.imul(al7, bh5)) | 0;\n mid = (mid + Math.imul(ah7, bl5)) | 0;\n hi = (hi + Math.imul(ah7, bh5)) | 0;\n lo = (lo + Math.imul(al6, bl6)) | 0;\n mid = (mid + Math.imul(al6, bh6)) | 0;\n mid = (mid + Math.imul(ah6, bl6)) | 0;\n hi = (hi + Math.imul(ah6, bh6)) | 0;\n lo = (lo + Math.imul(al5, bl7)) | 0;\n mid = (mid + Math.imul(al5, bh7)) | 0;\n mid = (mid + Math.imul(ah5, bl7)) | 0;\n hi = (hi + Math.imul(ah5, bh7)) | 0;\n lo = (lo + Math.imul(al4, bl8)) | 0;\n mid = (mid + Math.imul(al4, bh8)) | 0;\n mid = (mid + Math.imul(ah4, bl8)) | 0;\n hi = (hi + Math.imul(ah4, bh8)) | 0;\n lo = (lo + Math.imul(al3, bl9)) | 0;\n mid = (mid + Math.imul(al3, bh9)) | 0;\n mid = (mid + Math.imul(ah3, bl9)) | 0;\n hi = (hi + Math.imul(ah3, bh9)) | 0;\n var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;\n w12 &= 0x3ffffff;\n /* k = 13 */\n lo = Math.imul(al9, bl4);\n mid = Math.imul(al9, bh4);\n mid = (mid + Math.imul(ah9, bl4)) | 0;\n hi = Math.imul(ah9, bh4);\n lo = (lo + Math.imul(al8, bl5)) | 0;\n mid = (mid + Math.imul(al8, bh5)) | 0;\n mid = (mid + Math.imul(ah8, bl5)) | 0;\n hi = (hi + Math.imul(ah8, bh5)) | 0;\n lo = (lo + Math.imul(al7, bl6)) | 0;\n mid = (mid + Math.imul(al7, bh6)) | 0;\n mid = (mid + Math.imul(ah7, bl6)) | 0;\n hi = (hi + Math.imul(ah7, bh6)) | 0;\n lo = (lo + Math.imul(al6, bl7)) | 0;\n mid = (mid + Math.imul(al6, bh7)) | 0;\n mid = (mid + Math.imul(ah6, bl7)) | 0;\n hi = (hi + Math.imul(ah6, bh7)) | 0;\n lo = (lo + Math.imul(al5, bl8)) | 0;\n mid = (mid + Math.imul(al5, bh8)) | 0;\n mid = (mid + Math.imul(ah5, bl8)) | 0;\n hi = (hi + Math.imul(ah5, bh8)) | 0;\n lo = (lo + Math.imul(al4, bl9)) | 0;\n mid = (mid + Math.imul(al4, bh9)) | 0;\n mid = (mid + Math.imul(ah4, bl9)) | 0;\n hi = (hi + Math.imul(ah4, bh9)) | 0;\n var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;\n w13 &= 0x3ffffff;\n /* k = 14 */\n lo = Math.imul(al9, bl5);\n mid = Math.imul(al9, bh5);\n mid = (mid + Math.imul(ah9, bl5)) | 0;\n hi = Math.imul(ah9, bh5);\n lo = (lo + Math.imul(al8, bl6)) | 0;\n mid = (mid + Math.imul(al8, bh6)) | 0;\n mid = (mid + Math.imul(ah8, bl6)) | 0;\n hi = (hi + Math.imul(ah8, bh6)) | 0;\n lo = (lo + Math.imul(al7, bl7)) | 0;\n mid = (mid + Math.imul(al7, bh7)) | 0;\n mid = (mid + Math.imul(ah7, bl7)) | 0;\n hi = (hi + Math.imul(ah7, bh7)) | 0;\n lo = (lo + Math.imul(al6, bl8)) | 0;\n mid = (mid + Math.imul(al6, bh8)) | 0;\n mid = (mid + Math.imul(ah6, bl8)) | 0;\n hi = (hi + Math.imul(ah6, bh8)) | 0;\n lo = (lo + Math.imul(al5, bl9)) | 0;\n mid = (mid + Math.imul(al5, bh9)) | 0;\n mid = (mid + Math.imul(ah5, bl9)) | 0;\n hi = (hi + Math.imul(ah5, bh9)) | 0;\n var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;\n w14 &= 0x3ffffff;\n /* k = 15 */\n lo = Math.imul(al9, bl6);\n mid = Math.imul(al9, bh6);\n mid = (mid + Math.imul(ah9, bl6)) | 0;\n hi = Math.imul(ah9, bh6);\n lo = (lo + Math.imul(al8, bl7)) | 0;\n mid = (mid + Math.imul(al8, bh7)) | 0;\n mid = (mid + Math.imul(ah8, bl7)) | 0;\n hi = (hi + Math.imul(ah8, bh7)) | 0;\n lo = (lo + Math.imul(al7, bl8)) | 0;\n mid = (mid + Math.imul(al7, bh8)) | 0;\n mid = (mid + Math.imul(ah7, bl8)) | 0;\n hi = (hi + Math.imul(ah7, bh8)) | 0;\n lo = (lo + Math.imul(al6, bl9)) | 0;\n mid = (mid + Math.imul(al6, bh9)) | 0;\n mid = (mid + Math.imul(ah6, bl9)) | 0;\n hi = (hi + Math.imul(ah6, bh9)) | 0;\n var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;\n w15 &= 0x3ffffff;\n /* k = 16 */\n lo = Math.imul(al9, bl7);\n mid = Math.imul(al9, bh7);\n mid = (mid + Math.imul(ah9, bl7)) | 0;\n hi = Math.imul(ah9, bh7);\n lo = (lo + Math.imul(al8, bl8)) | 0;\n mid = (mid + Math.imul(al8, bh8)) | 0;\n mid = (mid + Math.imul(ah8, bl8)) | 0;\n hi = (hi + Math.imul(ah8, bh8)) | 0;\n lo = (lo + Math.imul(al7, bl9)) | 0;\n mid = (mid + Math.imul(al7, bh9)) | 0;\n mid = (mid + Math.imul(ah7, bl9)) | 0;\n hi = (hi + Math.imul(ah7, bh9)) | 0;\n var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;\n w16 &= 0x3ffffff;\n /* k = 17 */\n lo = Math.imul(al9, bl8);\n mid = Math.imul(al9, bh8);\n mid = (mid + Math.imul(ah9, bl8)) | 0;\n hi = Math.imul(ah9, bh8);\n lo = (lo + Math.imul(al8, bl9)) | 0;\n mid = (mid + Math.imul(al8, bh9)) | 0;\n mid = (mid + Math.imul(ah8, bl9)) | 0;\n hi = (hi + Math.imul(ah8, bh9)) | 0;\n var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;\n w17 &= 0x3ffffff;\n /* k = 18 */\n lo = Math.imul(al9, bl9);\n mid = Math.imul(al9, bh9);\n mid = (mid + Math.imul(ah9, bl9)) | 0;\n hi = Math.imul(ah9, bh9);\n var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;\n w18 &= 0x3ffffff;\n o[0] = w0;\n o[1] = w1;\n o[2] = w2;\n o[3] = w3;\n o[4] = w4;\n o[5] = w5;\n o[6] = w6;\n o[7] = w7;\n o[8] = w8;\n o[9] = w9;\n o[10] = w10;\n o[11] = w11;\n o[12] = w12;\n o[13] = w13;\n o[14] = w14;\n o[15] = w15;\n o[16] = w16;\n o[17] = w17;\n o[18] = w18;\n if (c !== 0) {\n o[19] = c;\n out.length++;\n }\n return out;\n };\n\n // Polyfill comb\n if (!Math.imul) {\n comb10MulTo = smallMulTo;\n }\n\n function bigMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n out.length = self.length + num.length;\n\n var carry = 0;\n var hncarry = 0;\n for (var k = 0; k < out.length - 1; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = hncarry;\n hncarry = 0;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = k - j;\n var a = self.words[i] | 0;\n var b = num.words[j] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;\n lo = (lo + rword) | 0;\n rword = lo & 0x3ffffff;\n ncarry = (ncarry + (lo >>> 26)) | 0;\n\n hncarry += ncarry >>> 26;\n ncarry &= 0x3ffffff;\n }\n out.words[k] = rword;\n carry = ncarry;\n ncarry = hncarry;\n }\n if (carry !== 0) {\n out.words[k] = carry;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n function jumboMulTo (self, num, out) {\n var fftm = new FFTM();\n return fftm.mulp(self, num, out);\n }\n\n BN.prototype.mulTo = function mulTo (num, out) {\n var res;\n var len = this.length + num.length;\n if (this.length === 10 && num.length === 10) {\n res = comb10MulTo(this, num, out);\n } else if (len < 63) {\n res = smallMulTo(this, num, out);\n } else if (len < 1024) {\n res = bigMulTo(this, num, out);\n } else {\n res = jumboMulTo(this, num, out);\n }\n\n return res;\n };\n\n // Cooley-Tukey algorithm for FFT\n // slightly revisited to rely on looping instead of recursion\n\n function FFTM (x, y) {\n this.x = x;\n this.y = y;\n }\n\n FFTM.prototype.makeRBT = function makeRBT (N) {\n var t = new Array(N);\n var l = BN.prototype._countBits(N) - 1;\n for (var i = 0; i < N; i++) {\n t[i] = this.revBin(i, l, N);\n }\n\n return t;\n };\n\n // Returns binary-reversed representation of `x`\n FFTM.prototype.revBin = function revBin (x, l, N) {\n if (x === 0 || x === N - 1) return x;\n\n var rb = 0;\n for (var i = 0; i < l; i++) {\n rb |= (x & 1) << (l - i - 1);\n x >>= 1;\n }\n\n return rb;\n };\n\n // Performs \"tweedling\" phase, therefore 'emulating'\n // behaviour of the recursive algorithm\n FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {\n for (var i = 0; i < N; i++) {\n rtws[i] = rws[rbt[i]];\n itws[i] = iws[rbt[i]];\n }\n };\n\n FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {\n this.permute(rbt, rws, iws, rtws, itws, N);\n\n for (var s = 1; s < N; s <<= 1) {\n var l = s << 1;\n\n var rtwdf = Math.cos(2 * Math.PI / l);\n var itwdf = Math.sin(2 * Math.PI / l);\n\n for (var p = 0; p < N; p += l) {\n var rtwdf_ = rtwdf;\n var itwdf_ = itwdf;\n\n for (var j = 0; j < s; j++) {\n var re = rtws[p + j];\n var ie = itws[p + j];\n\n var ro = rtws[p + j + s];\n var io = itws[p + j + s];\n\n var rx = rtwdf_ * ro - itwdf_ * io;\n\n io = rtwdf_ * io + itwdf_ * ro;\n ro = rx;\n\n rtws[p + j] = re + ro;\n itws[p + j] = ie + io;\n\n rtws[p + j + s] = re - ro;\n itws[p + j + s] = ie - io;\n\n /* jshint maxdepth : false */\n if (j !== l) {\n rx = rtwdf * rtwdf_ - itwdf * itwdf_;\n\n itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;\n rtwdf_ = rx;\n }\n }\n }\n }\n };\n\n FFTM.prototype.guessLen13b = function guessLen13b (n, m) {\n var N = Math.max(m, n) | 1;\n var odd = N & 1;\n var i = 0;\n for (N = N / 2 | 0; N; N = N >>> 1) {\n i++;\n }\n\n return 1 << i + 1 + odd;\n };\n\n FFTM.prototype.conjugate = function conjugate (rws, iws, N) {\n if (N <= 1) return;\n\n for (var i = 0; i < N / 2; i++) {\n var t = rws[i];\n\n rws[i] = rws[N - i - 1];\n rws[N - i - 1] = t;\n\n t = iws[i];\n\n iws[i] = -iws[N - i - 1];\n iws[N - i - 1] = -t;\n }\n };\n\n FFTM.prototype.normalize13b = function normalize13b (ws, N) {\n var carry = 0;\n for (var i = 0; i < N / 2; i++) {\n var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +\n Math.round(ws[2 * i] / N) +\n carry;\n\n ws[i] = w & 0x3ffffff;\n\n if (w < 0x4000000) {\n carry = 0;\n } else {\n carry = w / 0x4000000 | 0;\n }\n }\n\n return ws;\n };\n\n FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {\n var carry = 0;\n for (var i = 0; i < len; i++) {\n carry = carry + (ws[i] | 0);\n\n rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;\n rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;\n }\n\n // Pad with zeroes\n for (i = 2 * len; i < N; ++i) {\n rws[i] = 0;\n }\n\n assert(carry === 0);\n assert((carry & ~0x1fff) === 0);\n };\n\n FFTM.prototype.stub = function stub (N) {\n var ph = new Array(N);\n for (var i = 0; i < N; i++) {\n ph[i] = 0;\n }\n\n return ph;\n };\n\n FFTM.prototype.mulp = function mulp (x, y, out) {\n var N = 2 * this.guessLen13b(x.length, y.length);\n\n var rbt = this.makeRBT(N);\n\n var _ = this.stub(N);\n\n var rws = new Array(N);\n var rwst = new Array(N);\n var iwst = new Array(N);\n\n var nrws = new Array(N);\n var nrwst = new Array(N);\n var niwst = new Array(N);\n\n var rmws = out.words;\n rmws.length = N;\n\n this.convert13b(x.words, x.length, rws, N);\n this.convert13b(y.words, y.length, nrws, N);\n\n this.transform(rws, _, rwst, iwst, N, rbt);\n this.transform(nrws, _, nrwst, niwst, N, rbt);\n\n for (var i = 0; i < N; i++) {\n var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];\n iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];\n rwst[i] = rx;\n }\n\n this.conjugate(rwst, iwst, N);\n this.transform(rwst, iwst, rmws, _, N, rbt);\n this.conjugate(rmws, _, N);\n this.normalize13b(rmws, N);\n\n out.negative = x.negative ^ y.negative;\n out.length = x.length + y.length;\n return out.strip();\n };\n\n // Multiply `this` by `num`\n BN.prototype.mul = function mul (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return this.mulTo(num, out);\n };\n\n // Multiply employing FFT\n BN.prototype.mulf = function mulf (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return jumboMulTo(this, num, out);\n };\n\n // In-place Multiplication\n BN.prototype.imul = function imul (num) {\n return this.clone().mulTo(num, this);\n };\n\n BN.prototype.imuln = function imuln (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n\n // Carry\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = (this.words[i] | 0) * num;\n var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);\n carry >>= 26;\n carry += (w / 0x4000000) | 0;\n // NOTE: lo is 27bit maximum\n carry += lo >>> 26;\n this.words[i] = lo & 0x3ffffff;\n }\n\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n\n return this;\n };\n\n BN.prototype.muln = function muln (num) {\n return this.clone().imuln(num);\n };\n\n // `this` * `this`\n BN.prototype.sqr = function sqr () {\n return this.mul(this);\n };\n\n // `this` * `this` in-place\n BN.prototype.isqr = function isqr () {\n return this.imul(this.clone());\n };\n\n // Math.pow(`this`, `num`)\n BN.prototype.pow = function pow (num) {\n var w = toBitArray(num);\n if (w.length === 0) return new BN(1);\n\n // Skip leading zeroes\n var res = this;\n for (var i = 0; i < w.length; i++, res = res.sqr()) {\n if (w[i] !== 0) break;\n }\n\n if (++i < w.length) {\n for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {\n if (w[i] === 0) continue;\n\n res = res.mul(q);\n }\n }\n\n return res;\n };\n\n // Shift-left in-place\n BN.prototype.iushln = function iushln (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);\n var i;\n\n if (r !== 0) {\n var carry = 0;\n\n for (i = 0; i < this.length; i++) {\n var newCarry = this.words[i] & carryMask;\n var c = ((this.words[i] | 0) - newCarry) << r;\n this.words[i] = c | carry;\n carry = newCarry >>> (26 - r);\n }\n\n if (carry) {\n this.words[i] = carry;\n this.length++;\n }\n }\n\n if (s !== 0) {\n for (i = this.length - 1; i >= 0; i--) {\n this.words[i + s] = this.words[i];\n }\n\n for (i = 0; i < s; i++) {\n this.words[i] = 0;\n }\n\n this.length += s;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishln = function ishln (bits) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushln(bits);\n };\n\n // Shift-right in-place\n // NOTE: `hint` is a lowest bit before trailing zeroes\n // NOTE: if `extended` is present - it will be filled with destroyed bits\n BN.prototype.iushrn = function iushrn (bits, hint, extended) {\n assert(typeof bits === 'number' && bits >= 0);\n var h;\n if (hint) {\n h = (hint - (hint % 26)) / 26;\n } else {\n h = 0;\n }\n\n var r = bits % 26;\n var s = Math.min((bits - r) / 26, this.length);\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n var maskedWords = extended;\n\n h -= s;\n h = Math.max(0, h);\n\n // Extended mode, copy masked part\n if (maskedWords) {\n for (var i = 0; i < s; i++) {\n maskedWords.words[i] = this.words[i];\n }\n maskedWords.length = s;\n }\n\n if (s === 0) {\n // No-op, we should not move anything at all\n } else if (this.length > s) {\n this.length -= s;\n for (i = 0; i < this.length; i++) {\n this.words[i] = this.words[i + s];\n }\n } else {\n this.words[0] = 0;\n this.length = 1;\n }\n\n var carry = 0;\n for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {\n var word = this.words[i] | 0;\n this.words[i] = (carry << (26 - r)) | (word >>> r);\n carry = word & mask;\n }\n\n // Push carried bits as a mask\n if (maskedWords && carry !== 0) {\n maskedWords.words[maskedWords.length++] = carry;\n }\n\n if (this.length === 0) {\n this.words[0] = 0;\n this.length = 1;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishrn = function ishrn (bits, hint, extended) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushrn(bits, hint, extended);\n };\n\n // Shift-left\n BN.prototype.shln = function shln (bits) {\n return this.clone().ishln(bits);\n };\n\n BN.prototype.ushln = function ushln (bits) {\n return this.clone().iushln(bits);\n };\n\n // Shift-right\n BN.prototype.shrn = function shrn (bits) {\n return this.clone().ishrn(bits);\n };\n\n BN.prototype.ushrn = function ushrn (bits) {\n return this.clone().iushrn(bits);\n };\n\n // Test if n bit is set\n BN.prototype.testn = function testn (bit) {\n assert(typeof bit === 'number' && bit >= 0);\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) return false;\n\n // Check bit and return\n var w = this.words[s];\n\n return !!(w & q);\n };\n\n // Return only lowers bits of number (in-place)\n BN.prototype.imaskn = function imaskn (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n\n assert(this.negative === 0, 'imaskn works only with positive numbers');\n\n if (this.length <= s) {\n return this;\n }\n\n if (r !== 0) {\n s++;\n }\n this.length = Math.min(s, this.length);\n\n if (r !== 0) {\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n this.words[this.length - 1] &= mask;\n }\n\n return this.strip();\n };\n\n // Return only lowers bits of number\n BN.prototype.maskn = function maskn (bits) {\n return this.clone().imaskn(bits);\n };\n\n // Add plain number `num` to `this`\n BN.prototype.iaddn = function iaddn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.isubn(-num);\n\n // Possible sign change\n if (this.negative !== 0) {\n if (this.length === 1 && (this.words[0] | 0) < num) {\n this.words[0] = num - (this.words[0] | 0);\n this.negative = 0;\n return this;\n }\n\n this.negative = 0;\n this.isubn(num);\n this.negative = 1;\n return this;\n }\n\n // Add without checks\n return this._iaddn(num);\n };\n\n BN.prototype._iaddn = function _iaddn (num) {\n this.words[0] += num;\n\n // Carry\n for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {\n this.words[i] -= 0x4000000;\n if (i === this.length - 1) {\n this.words[i + 1] = 1;\n } else {\n this.words[i + 1]++;\n }\n }\n this.length = Math.max(this.length, i + 1);\n\n return this;\n };\n\n // Subtract plain number `num` from `this`\n BN.prototype.isubn = function isubn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.iaddn(-num);\n\n if (this.negative !== 0) {\n this.negative = 0;\n this.iaddn(num);\n this.negative = 1;\n return this;\n }\n\n this.words[0] -= num;\n\n if (this.length === 1 && this.words[0] < 0) {\n this.words[0] = -this.words[0];\n this.negative = 1;\n } else {\n // Carry\n for (var i = 0; i < this.length && this.words[i] < 0; i++) {\n this.words[i] += 0x4000000;\n this.words[i + 1] -= 1;\n }\n }\n\n return this.strip();\n };\n\n BN.prototype.addn = function addn (num) {\n return this.clone().iaddn(num);\n };\n\n BN.prototype.subn = function subn (num) {\n return this.clone().isubn(num);\n };\n\n BN.prototype.iabs = function iabs () {\n this.negative = 0;\n\n return this;\n };\n\n BN.prototype.abs = function abs () {\n return this.clone().iabs();\n };\n\n BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {\n var len = num.length + shift;\n var i;\n\n this._expand(len);\n\n var w;\n var carry = 0;\n for (i = 0; i < num.length; i++) {\n w = (this.words[i + shift] | 0) + carry;\n var right = (num.words[i] | 0) * mul;\n w -= right & 0x3ffffff;\n carry = (w >> 26) - ((right / 0x4000000) | 0);\n this.words[i + shift] = w & 0x3ffffff;\n }\n for (; i < this.length - shift; i++) {\n w = (this.words[i + shift] | 0) + carry;\n carry = w >> 26;\n this.words[i + shift] = w & 0x3ffffff;\n }\n\n if (carry === 0) return this.strip();\n\n // Subtraction overflow\n assert(carry === -1);\n carry = 0;\n for (i = 0; i < this.length; i++) {\n w = -(this.words[i] | 0) + carry;\n carry = w >> 26;\n this.words[i] = w & 0x3ffffff;\n }\n this.negative = 1;\n\n return this.strip();\n };\n\n BN.prototype._wordDiv = function _wordDiv (num, mode) {\n var shift = this.length - num.length;\n\n var a = this.clone();\n var b = num;\n\n // Normalize\n var bhi = b.words[b.length - 1] | 0;\n var bhiBits = this._countBits(bhi);\n shift = 26 - bhiBits;\n if (shift !== 0) {\n b = b.ushln(shift);\n a.iushln(shift);\n bhi = b.words[b.length - 1] | 0;\n }\n\n // Initialize quotient\n var m = a.length - b.length;\n var q;\n\n if (mode !== 'mod') {\n q = new BN(null);\n q.length = m + 1;\n q.words = new Array(q.length);\n for (var i = 0; i < q.length; i++) {\n q.words[i] = 0;\n }\n }\n\n var diff = a.clone()._ishlnsubmul(b, 1, m);\n if (diff.negative === 0) {\n a = diff;\n if (q) {\n q.words[m] = 1;\n }\n }\n\n for (var j = m - 1; j >= 0; j--) {\n var qj = (a.words[b.length + j] | 0) * 0x4000000 +\n (a.words[b.length + j - 1] | 0);\n\n // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max\n // (0x7ffffff)\n qj = Math.min((qj / bhi) | 0, 0x3ffffff);\n\n a._ishlnsubmul(b, qj, j);\n while (a.negative !== 0) {\n qj--;\n a.negative = 0;\n a._ishlnsubmul(b, 1, j);\n if (!a.isZero()) {\n a.negative ^= 1;\n }\n }\n if (q) {\n q.words[j] = qj;\n }\n }\n if (q) {\n q.strip();\n }\n a.strip();\n\n // Denormalize\n if (mode !== 'div' && shift !== 0) {\n a.iushrn(shift);\n }\n\n return {\n div: q || null,\n mod: a\n };\n };\n\n // NOTE: 1) `mode` can be set to `mod` to request mod only,\n // to `div` to request div only, or be absent to\n // request both div & mod\n // 2) `positive` is true if unsigned mod is requested\n BN.prototype.divmod = function divmod (num, mode, positive) {\n assert(!num.isZero());\n\n if (this.isZero()) {\n return {\n div: new BN(0),\n mod: new BN(0)\n };\n }\n\n var div, mod, res;\n if (this.negative !== 0 && num.negative === 0) {\n res = this.neg().divmod(num, mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.iadd(num);\n }\n }\n\n return {\n div: div,\n mod: mod\n };\n }\n\n if (this.negative === 0 && num.negative !== 0) {\n res = this.divmod(num.neg(), mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n return {\n div: div,\n mod: res.mod\n };\n }\n\n if ((this.negative & num.negative) !== 0) {\n res = this.neg().divmod(num.neg(), mode);\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.isub(num);\n }\n }\n\n return {\n div: res.div,\n mod: mod\n };\n }\n\n // Both numbers are positive at this point\n\n // Strip both numbers to approximate shift value\n if (num.length > this.length || this.cmp(num) < 0) {\n return {\n div: new BN(0),\n mod: this\n };\n }\n\n // Very short reduction\n if (num.length === 1) {\n if (mode === 'div') {\n return {\n div: this.divn(num.words[0]),\n mod: null\n };\n }\n\n if (mode === 'mod') {\n return {\n div: null,\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return {\n div: this.divn(num.words[0]),\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return this._wordDiv(num, mode);\n };\n\n // Find `this` / `num`\n BN.prototype.div = function div (num) {\n return this.divmod(num, 'div', false).div;\n };\n\n // Find `this` % `num`\n BN.prototype.mod = function mod (num) {\n return this.divmod(num, 'mod', false).mod;\n };\n\n BN.prototype.umod = function umod (num) {\n return this.divmod(num, 'mod', true).mod;\n };\n\n // Find Round(`this` / `num`)\n BN.prototype.divRound = function divRound (num) {\n var dm = this.divmod(num);\n\n // Fast case - exact division\n if (dm.mod.isZero()) return dm.div;\n\n var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;\n\n var half = num.ushrn(1);\n var r2 = num.andln(1);\n var cmp = mod.cmp(half);\n\n // Round down\n if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;\n\n // Round up\n return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);\n };\n\n BN.prototype.modn = function modn (num) {\n assert(num <= 0x3ffffff);\n var p = (1 << 26) % num;\n\n var acc = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n acc = (p * acc + (this.words[i] | 0)) % num;\n }\n\n return acc;\n };\n\n // In-place division by number\n BN.prototype.idivn = function idivn (num) {\n assert(num <= 0x3ffffff);\n\n var carry = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var w = (this.words[i] | 0) + carry * 0x4000000;\n this.words[i] = (w / num) | 0;\n carry = w % num;\n }\n\n return this.strip();\n };\n\n BN.prototype.divn = function divn (num) {\n return this.clone().idivn(num);\n };\n\n BN.prototype.egcd = function egcd (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var x = this;\n var y = p.clone();\n\n if (x.negative !== 0) {\n x = x.umod(p);\n } else {\n x = x.clone();\n }\n\n // A * x + B * y = x\n var A = new BN(1);\n var B = new BN(0);\n\n // C * x + D * y = y\n var C = new BN(0);\n var D = new BN(1);\n\n var g = 0;\n\n while (x.isEven() && y.isEven()) {\n x.iushrn(1);\n y.iushrn(1);\n ++g;\n }\n\n var yp = y.clone();\n var xp = x.clone();\n\n while (!x.isZero()) {\n for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n x.iushrn(i);\n while (i-- > 0) {\n if (A.isOdd() || B.isOdd()) {\n A.iadd(yp);\n B.isub(xp);\n }\n\n A.iushrn(1);\n B.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n y.iushrn(j);\n while (j-- > 0) {\n if (C.isOdd() || D.isOdd()) {\n C.iadd(yp);\n D.isub(xp);\n }\n\n C.iushrn(1);\n D.iushrn(1);\n }\n }\n\n if (x.cmp(y) >= 0) {\n x.isub(y);\n A.isub(C);\n B.isub(D);\n } else {\n y.isub(x);\n C.isub(A);\n D.isub(B);\n }\n }\n\n return {\n a: C,\n b: D,\n gcd: y.iushln(g)\n };\n };\n\n // This is reduced incarnation of the binary EEA\n // above, designated to invert members of the\n // _prime_ fields F(p) at a maximal speed\n BN.prototype._invmp = function _invmp (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var a = this;\n var b = p.clone();\n\n if (a.negative !== 0) {\n a = a.umod(p);\n } else {\n a = a.clone();\n }\n\n var x1 = new BN(1);\n var x2 = new BN(0);\n\n var delta = b.clone();\n\n while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {\n for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n a.iushrn(i);\n while (i-- > 0) {\n if (x1.isOdd()) {\n x1.iadd(delta);\n }\n\n x1.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n b.iushrn(j);\n while (j-- > 0) {\n if (x2.isOdd()) {\n x2.iadd(delta);\n }\n\n x2.iushrn(1);\n }\n }\n\n if (a.cmp(b) >= 0) {\n a.isub(b);\n x1.isub(x2);\n } else {\n b.isub(a);\n x2.isub(x1);\n }\n }\n\n var res;\n if (a.cmpn(1) === 0) {\n res = x1;\n } else {\n res = x2;\n }\n\n if (res.cmpn(0) < 0) {\n res.iadd(p);\n }\n\n return res;\n };\n\n BN.prototype.gcd = function gcd (num) {\n if (this.isZero()) return num.abs();\n if (num.isZero()) return this.abs();\n\n var a = this.clone();\n var b = num.clone();\n a.negative = 0;\n b.negative = 0;\n\n // Remove common factor of two\n for (var shift = 0; a.isEven() && b.isEven(); shift++) {\n a.iushrn(1);\n b.iushrn(1);\n }\n\n do {\n while (a.isEven()) {\n a.iushrn(1);\n }\n while (b.isEven()) {\n b.iushrn(1);\n }\n\n var r = a.cmp(b);\n if (r < 0) {\n // Swap `a` and `b` to make `a` always bigger than `b`\n var t = a;\n a = b;\n b = t;\n } else if (r === 0 || b.cmpn(1) === 0) {\n break;\n }\n\n a.isub(b);\n } while (true);\n\n return b.iushln(shift);\n };\n\n // Invert number in the field F(num)\n BN.prototype.invm = function invm (num) {\n return this.egcd(num).a.umod(num);\n };\n\n BN.prototype.isEven = function isEven () {\n return (this.words[0] & 1) === 0;\n };\n\n BN.prototype.isOdd = function isOdd () {\n return (this.words[0] & 1) === 1;\n };\n\n // And first word and num\n BN.prototype.andln = function andln (num) {\n return this.words[0] & num;\n };\n\n // Increment at the bit position in-line\n BN.prototype.bincn = function bincn (bit) {\n assert(typeof bit === 'number');\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) {\n this._expand(s + 1);\n this.words[s] |= q;\n return this;\n }\n\n // Add bit and propagate, if needed\n var carry = q;\n for (var i = s; carry !== 0 && i < this.length; i++) {\n var w = this.words[i] | 0;\n w += carry;\n carry = w >>> 26;\n w &= 0x3ffffff;\n this.words[i] = w;\n }\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n return this;\n };\n\n BN.prototype.isZero = function isZero () {\n return this.length === 1 && this.words[0] === 0;\n };\n\n BN.prototype.cmpn = function cmpn (num) {\n var negative = num < 0;\n\n if (this.negative !== 0 && !negative) return -1;\n if (this.negative === 0 && negative) return 1;\n\n this.strip();\n\n var res;\n if (this.length > 1) {\n res = 1;\n } else {\n if (negative) {\n num = -num;\n }\n\n assert(num <= 0x3ffffff, 'Number is too big');\n\n var w = this.words[0] | 0;\n res = w === num ? 0 : w < num ? -1 : 1;\n }\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Compare two numbers and return:\n // 1 - if `this` > `num`\n // 0 - if `this` == `num`\n // -1 - if `this` < `num`\n BN.prototype.cmp = function cmp (num) {\n if (this.negative !== 0 && num.negative === 0) return -1;\n if (this.negative === 0 && num.negative !== 0) return 1;\n\n var res = this.ucmp(num);\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Unsigned comparison\n BN.prototype.ucmp = function ucmp (num) {\n // At this point both numbers have the same sign\n if (this.length > num.length) return 1;\n if (this.length < num.length) return -1;\n\n var res = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var a = this.words[i] | 0;\n var b = num.words[i] | 0;\n\n if (a === b) continue;\n if (a < b) {\n res = -1;\n } else if (a > b) {\n res = 1;\n }\n break;\n }\n return res;\n };\n\n BN.prototype.gtn = function gtn (num) {\n return this.cmpn(num) === 1;\n };\n\n BN.prototype.gt = function gt (num) {\n return this.cmp(num) === 1;\n };\n\n BN.prototype.gten = function gten (num) {\n return this.cmpn(num) >= 0;\n };\n\n BN.prototype.gte = function gte (num) {\n return this.cmp(num) >= 0;\n };\n\n BN.prototype.ltn = function ltn (num) {\n return this.cmpn(num) === -1;\n };\n\n BN.prototype.lt = function lt (num) {\n return this.cmp(num) === -1;\n };\n\n BN.prototype.lten = function lten (num) {\n return this.cmpn(num) <= 0;\n };\n\n BN.prototype.lte = function lte (num) {\n return this.cmp(num) <= 0;\n };\n\n BN.prototype.eqn = function eqn (num) {\n return this.cmpn(num) === 0;\n };\n\n BN.prototype.eq = function eq (num) {\n return this.cmp(num) === 0;\n };\n\n //\n // A reduce context, could be using montgomery or something better, depending\n // on the `m` itself.\n //\n BN.red = function red (num) {\n return new Red(num);\n };\n\n BN.prototype.toRed = function toRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n assert(this.negative === 0, 'red works only with positives');\n return ctx.convertTo(this)._forceRed(ctx);\n };\n\n BN.prototype.fromRed = function fromRed () {\n assert(this.red, 'fromRed works only with numbers in reduction context');\n return this.red.convertFrom(this);\n };\n\n BN.prototype._forceRed = function _forceRed (ctx) {\n this.red = ctx;\n return this;\n };\n\n BN.prototype.forceRed = function forceRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n return this._forceRed(ctx);\n };\n\n BN.prototype.redAdd = function redAdd (num) {\n assert(this.red, 'redAdd works only with red numbers');\n return this.red.add(this, num);\n };\n\n BN.prototype.redIAdd = function redIAdd (num) {\n assert(this.red, 'redIAdd works only with red numbers');\n return this.red.iadd(this, num);\n };\n\n BN.prototype.redSub = function redSub (num) {\n assert(this.red, 'redSub works only with red numbers');\n return this.red.sub(this, num);\n };\n\n BN.prototype.redISub = function redISub (num) {\n assert(this.red, 'redISub works only with red numbers');\n return this.red.isub(this, num);\n };\n\n BN.prototype.redShl = function redShl (num) {\n assert(this.red, 'redShl works only with red numbers');\n return this.red.shl(this, num);\n };\n\n BN.prototype.redMul = function redMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.mul(this, num);\n };\n\n BN.prototype.redIMul = function redIMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.imul(this, num);\n };\n\n BN.prototype.redSqr = function redSqr () {\n assert(this.red, 'redSqr works only with red numbers');\n this.red._verify1(this);\n return this.red.sqr(this);\n };\n\n BN.prototype.redISqr = function redISqr () {\n assert(this.red, 'redISqr works only with red numbers');\n this.red._verify1(this);\n return this.red.isqr(this);\n };\n\n // Square root over p\n BN.prototype.redSqrt = function redSqrt () {\n assert(this.red, 'redSqrt works only with red numbers');\n this.red._verify1(this);\n return this.red.sqrt(this);\n };\n\n BN.prototype.redInvm = function redInvm () {\n assert(this.red, 'redInvm works only with red numbers');\n this.red._verify1(this);\n return this.red.invm(this);\n };\n\n // Return negative clone of `this` % `red modulo`\n BN.prototype.redNeg = function redNeg () {\n assert(this.red, 'redNeg works only with red numbers');\n this.red._verify1(this);\n return this.red.neg(this);\n };\n\n BN.prototype.redPow = function redPow (num) {\n assert(this.red && !num.red, 'redPow(normalNum)');\n this.red._verify1(this);\n return this.red.pow(this, num);\n };\n\n // Prime numbers with efficient reduction\n var primes = {\n k256: null,\n p224: null,\n p192: null,\n p25519: null\n };\n\n // Pseudo-Mersenne prime\n function MPrime (name, p) {\n // P = 2 ^ N - K\n this.name = name;\n this.p = new BN(p, 16);\n this.n = this.p.bitLength();\n this.k = new BN(1).iushln(this.n).isub(this.p);\n\n this.tmp = this._tmp();\n }\n\n MPrime.prototype._tmp = function _tmp () {\n var tmp = new BN(null);\n tmp.words = new Array(Math.ceil(this.n / 13));\n return tmp;\n };\n\n MPrime.prototype.ireduce = function ireduce (num) {\n // Assumes that `num` is less than `P^2`\n // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)\n var r = num;\n var rlen;\n\n do {\n this.split(r, this.tmp);\n r = this.imulK(r);\n r = r.iadd(this.tmp);\n rlen = r.bitLength();\n } while (rlen > this.n);\n\n var cmp = rlen < this.n ? -1 : r.ucmp(this.p);\n if (cmp === 0) {\n r.words[0] = 0;\n r.length = 1;\n } else if (cmp > 0) {\n r.isub(this.p);\n } else {\n r.strip();\n }\n\n return r;\n };\n\n MPrime.prototype.split = function split (input, out) {\n input.iushrn(this.n, 0, out);\n };\n\n MPrime.prototype.imulK = function imulK (num) {\n return num.imul(this.k);\n };\n\n function K256 () {\n MPrime.call(\n this,\n 'k256',\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');\n }\n inherits(K256, MPrime);\n\n K256.prototype.split = function split (input, output) {\n // 256 = 9 * 26 + 22\n var mask = 0x3fffff;\n\n var outLen = Math.min(input.length, 9);\n for (var i = 0; i < outLen; i++) {\n output.words[i] = input.words[i];\n }\n output.length = outLen;\n\n if (input.length <= 9) {\n input.words[0] = 0;\n input.length = 1;\n return;\n }\n\n // Shift by 9 limbs\n var prev = input.words[9];\n output.words[output.length++] = prev & mask;\n\n for (i = 10; i < input.length; i++) {\n var next = input.words[i] | 0;\n input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);\n prev = next;\n }\n prev >>>= 22;\n input.words[i - 10] = prev;\n if (prev === 0 && input.length > 10) {\n input.length -= 10;\n } else {\n input.length -= 9;\n }\n };\n\n K256.prototype.imulK = function imulK (num) {\n // K = 0x1000003d1 = [ 0x40, 0x3d1 ]\n num.words[num.length] = 0;\n num.words[num.length + 1] = 0;\n num.length += 2;\n\n // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390\n var lo = 0;\n for (var i = 0; i < num.length; i++) {\n var w = num.words[i] | 0;\n lo += w * 0x3d1;\n num.words[i] = lo & 0x3ffffff;\n lo = w * 0x40 + ((lo / 0x4000000) | 0);\n }\n\n // Fast length reduction\n if (num.words[num.length - 1] === 0) {\n num.length--;\n if (num.words[num.length - 1] === 0) {\n num.length--;\n }\n }\n return num;\n };\n\n function P224 () {\n MPrime.call(\n this,\n 'p224',\n 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');\n }\n inherits(P224, MPrime);\n\n function P192 () {\n MPrime.call(\n this,\n 'p192',\n 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');\n }\n inherits(P192, MPrime);\n\n function P25519 () {\n // 2 ^ 255 - 19\n MPrime.call(\n this,\n '25519',\n '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');\n }\n inherits(P25519, MPrime);\n\n P25519.prototype.imulK = function imulK (num) {\n // K = 0x13\n var carry = 0;\n for (var i = 0; i < num.length; i++) {\n var hi = (num.words[i] | 0) * 0x13 + carry;\n var lo = hi & 0x3ffffff;\n hi >>>= 26;\n\n num.words[i] = lo;\n carry = hi;\n }\n if (carry !== 0) {\n num.words[num.length++] = carry;\n }\n return num;\n };\n\n // Exported mostly for testing purposes, use plain name instead\n BN._prime = function prime (name) {\n // Cached version of prime\n if (primes[name]) return primes[name];\n\n var prime;\n if (name === 'k256') {\n prime = new K256();\n } else if (name === 'p224') {\n prime = new P224();\n } else if (name === 'p192') {\n prime = new P192();\n } else if (name === 'p25519') {\n prime = new P25519();\n } else {\n throw new Error('Unknown prime ' + name);\n }\n primes[name] = prime;\n\n return prime;\n };\n\n //\n // Base reduction engine\n //\n function Red (m) {\n if (typeof m === 'string') {\n var prime = BN._prime(m);\n this.m = prime.p;\n this.prime = prime;\n } else {\n assert(m.gtn(1), 'modulus must be greater than 1');\n this.m = m;\n this.prime = null;\n }\n }\n\n Red.prototype._verify1 = function _verify1 (a) {\n assert(a.negative === 0, 'red works only with positives');\n assert(a.red, 'red works only with red numbers');\n };\n\n Red.prototype._verify2 = function _verify2 (a, b) {\n assert((a.negative | b.negative) === 0, 'red works only with positives');\n assert(a.red && a.red === b.red,\n 'red works only with red numbers');\n };\n\n Red.prototype.imod = function imod (a) {\n if (this.prime) return this.prime.ireduce(a)._forceRed(this);\n return a.umod(this.m)._forceRed(this);\n };\n\n Red.prototype.neg = function neg (a) {\n if (a.isZero()) {\n return a.clone();\n }\n\n return this.m.sub(a)._forceRed(this);\n };\n\n Red.prototype.add = function add (a, b) {\n this._verify2(a, b);\n\n var res = a.add(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.iadd = function iadd (a, b) {\n this._verify2(a, b);\n\n var res = a.iadd(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res;\n };\n\n Red.prototype.sub = function sub (a, b) {\n this._verify2(a, b);\n\n var res = a.sub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.isub = function isub (a, b) {\n this._verify2(a, b);\n\n var res = a.isub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res;\n };\n\n Red.prototype.shl = function shl (a, num) {\n this._verify1(a);\n return this.imod(a.ushln(num));\n };\n\n Red.prototype.imul = function imul (a, b) {\n this._verify2(a, b);\n return this.imod(a.imul(b));\n };\n\n Red.prototype.mul = function mul (a, b) {\n this._verify2(a, b);\n return this.imod(a.mul(b));\n };\n\n Red.prototype.isqr = function isqr (a) {\n return this.imul(a, a.clone());\n };\n\n Red.prototype.sqr = function sqr (a) {\n return this.mul(a, a);\n };\n\n Red.prototype.sqrt = function sqrt (a) {\n if (a.isZero()) return a.clone();\n\n var mod3 = this.m.andln(3);\n assert(mod3 % 2 === 1);\n\n // Fast case\n if (mod3 === 3) {\n var pow = this.m.add(new BN(1)).iushrn(2);\n return this.pow(a, pow);\n }\n\n // Tonelli-Shanks algorithm (Totally unoptimized and slow)\n //\n // Find Q and S, that Q * 2 ^ S = (P - 1)\n var q = this.m.subn(1);\n var s = 0;\n while (!q.isZero() && q.andln(1) === 0) {\n s++;\n q.iushrn(1);\n }\n assert(!q.isZero());\n\n var one = new BN(1).toRed(this);\n var nOne = one.redNeg();\n\n // Find quadratic non-residue\n // NOTE: Max is such because of generalized Riemann hypothesis.\n var lpow = this.m.subn(1).iushrn(1);\n var z = this.m.bitLength();\n z = new BN(2 * z * z).toRed(this);\n\n while (this.pow(z, lpow).cmp(nOne) !== 0) {\n z.redIAdd(nOne);\n }\n\n var c = this.pow(z, q);\n var r = this.pow(a, q.addn(1).iushrn(1));\n var t = this.pow(a, q);\n var m = s;\n while (t.cmp(one) !== 0) {\n var tmp = t;\n for (var i = 0; tmp.cmp(one) !== 0; i++) {\n tmp = tmp.redSqr();\n }\n assert(i < m);\n var b = this.pow(c, new BN(1).iushln(m - i - 1));\n\n r = r.redMul(b);\n c = b.redSqr();\n t = t.redMul(c);\n m = i;\n }\n\n return r;\n };\n\n Red.prototype.invm = function invm (a) {\n var inv = a._invmp(this.m);\n if (inv.negative !== 0) {\n inv.negative = 0;\n return this.imod(inv).redNeg();\n } else {\n return this.imod(inv);\n }\n };\n\n Red.prototype.pow = function pow (a, num) {\n if (num.isZero()) return new BN(1).toRed(this);\n if (num.cmpn(1) === 0) return a.clone();\n\n var windowSize = 4;\n var wnd = new Array(1 << windowSize);\n wnd[0] = new BN(1).toRed(this);\n wnd[1] = a;\n for (var i = 2; i < wnd.length; i++) {\n wnd[i] = this.mul(wnd[i - 1], a);\n }\n\n var res = wnd[0];\n var current = 0;\n var currentLen = 0;\n var start = num.bitLength() % 26;\n if (start === 0) {\n start = 26;\n }\n\n for (i = num.length - 1; i >= 0; i--) {\n var word = num.words[i];\n for (var j = start - 1; j >= 0; j--) {\n var bit = (word >> j) & 1;\n if (res !== wnd[0]) {\n res = this.sqr(res);\n }\n\n if (bit === 0 && current === 0) {\n currentLen = 0;\n continue;\n }\n\n current <<= 1;\n current |= bit;\n currentLen++;\n if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;\n\n res = this.mul(res, wnd[current]);\n currentLen = 0;\n current = 0;\n }\n start = 26;\n }\n\n return res;\n };\n\n Red.prototype.convertTo = function convertTo (num) {\n var r = num.umod(this.m);\n\n return r === num ? r.clone() : r;\n };\n\n Red.prototype.convertFrom = function convertFrom (num) {\n var res = num.clone();\n res.red = null;\n return res;\n };\n\n //\n // Montgomery method engine\n //\n\n BN.mont = function mont (num) {\n return new Mont(num);\n };\n\n function Mont (m) {\n Red.call(this, m);\n\n this.shift = this.m.bitLength();\n if (this.shift % 26 !== 0) {\n this.shift += 26 - (this.shift % 26);\n }\n\n this.r = new BN(1).iushln(this.shift);\n this.r2 = this.imod(this.r.sqr());\n this.rinv = this.r._invmp(this.m);\n\n this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);\n this.minv = this.minv.umod(this.r);\n this.minv = this.r.sub(this.minv);\n }\n inherits(Mont, Red);\n\n Mont.prototype.convertTo = function convertTo (num) {\n return this.imod(num.ushln(this.shift));\n };\n\n Mont.prototype.convertFrom = function convertFrom (num) {\n var r = this.imod(num.mul(this.rinv));\n r.red = null;\n return r;\n };\n\n Mont.prototype.imul = function imul (a, b) {\n if (a.isZero() || b.isZero()) {\n a.words[0] = 0;\n a.length = 1;\n return a;\n }\n\n var t = a.imul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.mul = function mul (a, b) {\n if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);\n\n var t = a.mul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.invm = function invm (a) {\n // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R\n var res = this.imod(a._invmp(this.m).mul(this.r2));\n return res._forceRed(this);\n };\n})(typeof module === 'undefined' || module, this);\n"],"names":["module","exports","assert","val","msg","Error","inherits","ctor","superCtor","super_","TempCtor","prototype","constructor","BN","number","base","endian","isBN","this","negative","words","length","red","_init","Buffer","wordSize","e","parseHex","str","start","end","r","len","Math","min","i","c","charCodeAt","parseBase","mul","num","Array","isArray","max","left","right","cmp","_initNumber","_initArray","toString","replace","_parseHex","_parseBase","strip","toArray","ceil","j","w","off","limbLen","limbPow","total","mod","word","imuln","_iaddn","pow","copy","dest","clone","_expand","size","_normSign","inspect","zeros","groupSizes","groupBases","smallMulTo","self","out","a","b","lo","carry","k","ncarry","rword","maxJ","padding","groupSize","groupBase","isZero","modn","idivn","toNumber","ret","toJSON","toBuffer","toArrayLike","ArrayType","byteLength","reqLength","littleEndian","res","q","andln","iushrn","_countBits","clz32","t","_zeroBits","bitLength","hi","zeroBits","toTwos","width","abs","inotn","iaddn","fromTwos","testn","notn","ineg","isNeg","neg","iuor","ior","or","uor","iuand","iand","and","uand","iuxor","ixor","xor","uxor","bytesNeeded","bitsLeft","setn","bit","wbit","iadd","isub","add","sub","comb10MulTo","mid","o","a0","al0","ah0","a1","al1","ah1","a2","al2","ah2","a3","al3","ah3","a4","al4","ah4","a5","al5","ah5","a6","al6","ah6","a7","al7","ah7","a8","al8","ah8","a9","al9","ah9","b0","bl0","bh0","b1","bl1","bh1","b2","bl2","bh2","b3","bl3","bh3","b4","bl4","bh4","b5","bl5","bh5","b6","bl6","bh6","b7","bl7","bh7","b8","bl8","bh8","b9","bl9","bh9","w0","imul","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","jumboMulTo","FFTM","mulp","x","y","mulTo","hncarry","bigMulTo","makeRBT","N","l","revBin","rb","permute","rbt","rws","iws","rtws","itws","transform","s","rtwdf","cos","PI","itwdf","sin","p","rtwdf_","itwdf_","re","ie","ro","io","rx","guessLen13b","n","m","odd","conjugate","normalize13b","ws","round","convert13b","stub","ph","_","rwst","iwst","nrws","nrwst","niwst","rmws","mulf","muln","sqr","isqr","toBitArray","iushln","bits","carryMask","newCarry","ishln","hint","extended","h","mask","maskedWords","ishrn","shln","ushln","shrn","ushrn","imaskn","maskn","isubn","addn","subn","iabs","_ishlnsubmul","shift","_wordDiv","mode","bhi","diff","qj","div","divmod","positive","divn","umod","divRound","dm","half","r2","acc","egcd","A","B","C","D","g","isEven","yp","xp","im","isOdd","jm","gcd","_invmp","x1","x2","delta","cmpn","invm","bincn","ucmp","gtn","gt","gten","gte","ltn","lt","lten","lte","eqn","eq","Red","toRed","ctx","convertTo","_forceRed","fromRed","convertFrom","forceRed","redAdd","redIAdd","redSub","redISub","redShl","shl","redMul","_verify2","redIMul","redSqr","_verify1","redISqr","redSqrt","sqrt","redInvm","redNeg","redPow","primes","k256","p224","p192","p25519","MPrime","name","tmp","_tmp","K256","call","P224","P192","P25519","prime","_prime","Mont","imod","rinv","minv","ireduce","rlen","split","imulK","input","output","outLen","prev","next","mod3","one","nOne","lpow","z","inv","wnd","current","currentLen","mont","u"],"mappings":";sKAAA,SAAWA,EAAQC,GAIjB,SAASC,EAAQC,EAAKC,GACpB,IAAKD,EAAK,MAAUE,MAAMD,GAAO,oBAKnC,SAASE,EAAUC,EAAMC,GACvBD,EAAKE,OAASD,EACd,IAAIE,EAAW,aACfA,EAASC,UAAYH,EAAUG,UAC/BJ,EAAKI,UAAY,IAAID,EACrBH,EAAKI,UAAUC,YAAcL,EAK/B,SAASM,EAAIC,EAAQC,EAAMC,GACzB,GAAIH,EAAGI,KAAKH,GACV,OAAOA,EAGTI,KAAKC,SAAW,EAChBD,KAAKE,MAAQ,KACbF,KAAKG,OAAS,EAGdH,KAAKI,IAAM,KAEI,OAAXR,IACW,OAATC,GAA0B,OAATA,IACnBC,EAASD,EACTA,EAAO,IAGTG,KAAKK,MAAMT,GAAU,EAAGC,GAAQ,GAAIC,GAAU,OAYlD,IAAIQ,EATkB,iBAAXxB,EACTA,EAAOC,QAAUY,EAEjBZ,EAAQY,GAAKA,EAGfA,EAAGA,GAAKA,EACRA,EAAGY,SAAW,GAGd,IACED,OAAS,EACT,MAAOE,IAoIT,SAASC,EAAUC,EAAKC,EAAOC,GAG7B,IAFA,IAAIC,EAAI,EACJC,EAAMC,KAAKC,IAAIN,EAAIP,OAAQS,GACtBK,EAAIN,EAAOM,EAAIH,EAAKG,IAAK,CAChC,IAAIC,EAAIR,EAAIS,WAAWF,GAAK,GAE5BJ,IAAM,EAIJA,GADEK,GAAK,IAAMA,GAAK,GACbA,EAAI,GAAK,GAGLA,GAAK,IAAMA,GAAK,GACpBA,EAAI,GAAK,GAIL,GAAJA,EAGT,OAAOL,EAiCT,SAASO,EAAWV,EAAKC,EAAOC,EAAKS,GAGnC,IAFA,IAAIR,EAAI,EACJC,EAAMC,KAAKC,IAAIN,EAAIP,OAAQS,GACtBK,EAAIN,EAAOM,EAAIH,EAAKG,IAAK,CAChC,IAAIC,EAAIR,EAAIS,WAAWF,GAAK,GAE5BJ,GAAKQ,EAIHR,GADEK,GAAK,GACFA,EAAI,GAAK,GAGLA,GAAK,GACTA,EAAI,GAAK,GAITA,EAGT,OAAOL,EA5MTlB,EAAGI,KAAO,SAAeuB,GACvB,OAAIA,aAAe3B,GAIJ,OAAR2B,GAA+B,iBAARA,GAC5BA,EAAI5B,YAAYa,WAAaZ,EAAGY,UAAYgB,MAAMC,QAAQF,EAAIpB,QAGlEP,EAAG8B,IAAM,SAAcC,EAAMC,GAC3B,OAAID,EAAKE,IAAID,GAAS,EAAUD,EACzBC,GAGThC,EAAGqB,IAAM,SAAcU,EAAMC,GAC3B,OAAID,EAAKE,IAAID,GAAS,EAAUD,EACzBC,GAGThC,EAAGF,UAAUY,MAAQ,SAAeT,EAAQC,EAAMC,GAChD,GAAsB,iBAAXF,EACT,OAAOI,KAAK6B,YAAYjC,EAAQC,EAAMC,GAGxC,GAAsB,iBAAXF,EACT,OAAOI,KAAK8B,WAAWlC,EAAQC,EAAMC,GAG1B,QAATD,IACFA,EAAO,IAETb,EAAOa,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,IAGnD,IAAIc,EAAQ,EACM,OAFlBf,EAASA,EAAOmC,WAAWC,QAAQ,OAAQ,KAEhC,IACTrB,IAGW,KAATd,EACFG,KAAKiC,UAAUrC,EAAQe,GAEvBX,KAAKkC,WAAWtC,EAAQC,EAAMc,GAGd,MAAdf,EAAO,KACTI,KAAKC,SAAW,GAGlBD,KAAKmC,QAEU,OAAXrC,GAEJE,KAAK8B,WAAW9B,KAAKoC,UAAWvC,EAAMC,IAGxCH,EAAGF,UAAUoC,YAAc,SAAsBjC,EAAQC,EAAMC,GACzDF,EAAS,IACXI,KAAKC,SAAW,EAChBL,GAAUA,GAERA,EAAS,UACXI,KAAKE,MAAQ,CAAW,SAATN,GACfI,KAAKG,OAAS,GACLP,EAAS,kBAClBI,KAAKE,MAAQ,CACF,SAATN,EACCA,EAAS,SAAa,UAEzBI,KAAKG,OAAS,IAEdnB,EAAOY,EAAS,kBAChBI,KAAKE,MAAQ,CACF,SAATN,EACCA,EAAS,SAAa,SACvB,GAEFI,KAAKG,OAAS,GAGD,OAAXL,GAGJE,KAAK8B,WAAW9B,KAAKoC,UAAWvC,EAAMC,IAGxCH,EAAGF,UAAUqC,WAAa,SAAqBlC,EAAQC,EAAMC,GAG3D,GADAd,EAAgC,iBAAlBY,EAAOO,QACjBP,EAAOO,QAAU,EAGnB,OAFAH,KAAKE,MAAQ,CAAE,GACfF,KAAKG,OAAS,EACPH,KAGTA,KAAKG,OAASY,KAAKsB,KAAKzC,EAAOO,OAAS,GACxCH,KAAKE,MAAYqB,MAAMvB,KAAKG,QAC5B,IAAK,IAAIc,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAC/BjB,KAAKE,MAAMe,GAAK,EAGlB,IAAIqB,EAAGC,EACHC,EAAM,EACV,GAAe,OAAX1C,EACF,IAAKmB,EAAIrB,EAAOO,OAAS,EAAGmC,EAAI,EAAGrB,GAAK,EAAGA,GAAK,EAC9CsB,EAAI3C,EAAOqB,GAAMrB,EAAOqB,EAAI,IAAM,EAAMrB,EAAOqB,EAAI,IAAM,GACzDjB,KAAKE,MAAMoC,IAAOC,GAAKC,EAAO,SAC9BxC,KAAKE,MAAMoC,EAAI,GAAMC,IAAO,GAAKC,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPF,UAGC,GAAe,OAAXxC,EACT,IAAKmB,EAAI,EAAGqB,EAAI,EAAGrB,EAAIrB,EAAOO,OAAQc,GAAK,EACzCsB,EAAI3C,EAAOqB,GAAMrB,EAAOqB,EAAI,IAAM,EAAMrB,EAAOqB,EAAI,IAAM,GACzDjB,KAAKE,MAAMoC,IAAOC,GAAKC,EAAO,SAC9BxC,KAAKE,MAAMoC,EAAI,GAAMC,IAAO,GAAKC,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPF,KAIN,OAAOtC,KAAKmC,SA2BdxC,EAAGF,UAAUwC,UAAY,SAAoBrC,EAAQe,GAEnDX,KAAKG,OAASY,KAAKsB,MAAMzC,EAAOO,OAASQ,GAAS,GAClDX,KAAKE,MAAYqB,MAAMvB,KAAKG,QAC5B,IAAK,IAAIc,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAC/BjB,KAAKE,MAAMe,GAAK,EAGlB,IAAIqB,EAAGC,EAEHC,EAAM,EACV,IAAKvB,EAAIrB,EAAOO,OAAS,EAAGmC,EAAI,EAAGrB,GAAKN,EAAOM,GAAK,EAClDsB,EAAI9B,EAASb,EAAQqB,EAAGA,EAAI,GAC5BjB,KAAKE,MAAMoC,IAAOC,GAAKC,EAAO,SAE9BxC,KAAKE,MAAMoC,EAAI,IAAMC,IAAO,GAAKC,EAAO,SACxCA,GAAO,KACI,KACTA,GAAO,GACPF,KAGArB,EAAI,IAAMN,IACZ4B,EAAI9B,EAASb,EAAQe,EAAOM,EAAI,GAChCjB,KAAKE,MAAMoC,IAAOC,GAAKC,EAAO,SAC9BxC,KAAKE,MAAMoC,EAAI,IAAMC,IAAO,GAAKC,EAAO,SAE1CxC,KAAKmC,SA2BPxC,EAAGF,UAAUyC,WAAa,SAAqBtC,EAAQC,EAAMc,GAE3DX,KAAKE,MAAQ,CAAE,GACfF,KAAKG,OAAS,EAGd,IAAK,IAAIsC,EAAU,EAAGC,EAAU,EAAGA,GAAW,SAAWA,GAAW7C,EAClE4C,IAEFA,IACAC,EAAWA,EAAU7C,EAAQ,EAO7B,IALA,IAAI8C,EAAQ/C,EAAOO,OAASQ,EACxBiC,EAAMD,EAAQF,EACd7B,EAAMG,KAAKC,IAAI2B,EAAOA,EAAQC,GAAOjC,EAErCkC,EAAO,EACF5B,EAAIN,EAAOM,EAAIL,EAAKK,GAAKwB,EAChCI,EAAOzB,EAAUxB,EAAQqB,EAAGA,EAAIwB,EAAS5C,GAEzCG,KAAK8C,MAAMJ,GACP1C,KAAKE,MAAM,GAAK2C,EAAO,SACzB7C,KAAKE,MAAM,IAAM2C,EAEjB7C,KAAK+C,OAAOF,GAIhB,GAAY,IAARD,EAAW,CACb,IAAII,EAAM,EAGV,IAFAH,EAAOzB,EAAUxB,EAAQqB,EAAGrB,EAAOO,OAAQN,GAEtCoB,EAAI,EAAGA,EAAI2B,EAAK3B,IACnB+B,GAAOnD,EAGTG,KAAK8C,MAAME,GACPhD,KAAKE,MAAM,GAAK2C,EAAO,SACzB7C,KAAKE,MAAM,IAAM2C,EAEjB7C,KAAK+C,OAAOF,KAKlBlD,EAAGF,UAAUwD,KAAO,SAAeC,GACjCA,EAAKhD,MAAYqB,MAAMvB,KAAKG,QAC5B,IAAK,IAAIc,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAC/BiC,EAAKhD,MAAMe,GAAKjB,KAAKE,MAAMe,GAE7BiC,EAAK/C,OAASH,KAAKG,OACnB+C,EAAKjD,SAAWD,KAAKC,SACrBiD,EAAK9C,IAAMJ,KAAKI,KAGlBT,EAAGF,UAAU0D,MAAQ,WACnB,IAAItC,EAAI,IAAIlB,EAAG,MAEf,OADAK,KAAKiD,KAAKpC,GACHA,GAGTlB,EAAGF,UAAU2D,QAAU,SAAkBC,GACvC,KAAOrD,KAAKG,OAASkD,GACnBrD,KAAKE,MAAMF,KAAKG,UAAY,EAE9B,OAAOH,MAITL,EAAGF,UAAU0C,MAAQ,WACnB,KAAOnC,KAAKG,OAAS,GAAqC,IAAhCH,KAAKE,MAAMF,KAAKG,OAAS,IACjDH,KAAKG,SAEP,OAAOH,KAAKsD,aAGd3D,EAAGF,UAAU6D,UAAY,WAKvB,OAHoB,IAAhBtD,KAAKG,QAAkC,IAAlBH,KAAKE,MAAM,KAClCF,KAAKC,SAAW,GAEXD,MAGTL,EAAGF,UAAU8D,QAAU,WACrB,OAAQvD,KAAKI,IAAM,UAAY,SAAWJ,KAAK+B,SAAS,IAAM,KAiChE,IAAIyB,EAAQ,CACV,GACA,IACA,KACA,MACA,OACA,QACA,SACA,UACA,WACA,YACA,aACA,cACA,eACA,gBACA,iBACA,kBACA,mBACA,oBACA,qBACA,sBACA,uBACA,wBACA,yBACA,0BACA,2BACA,6BAGEC,EAAa,CACf,EAAG,EACH,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EACvB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAGhBC,EAAa,CACf,EAAG,EACH,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAC5D,SAAU,IAAU,SAAU,SAAU,SAAU,QAAS,SAC3D,SAAU,SAAU,SAAU,SAAU,KAAU,QAAS,QAC3D,QAAS,QAAS,QAAS,SAAU,SAAU,SAAU,SACzD,MAAU,SAAU,SAAU,SAAU,SAAU,SAAU,UAsjB9D,SAASC,EAAYC,EAAMtC,EAAKuC,GAC9BA,EAAI5D,SAAWqB,EAAIrB,SAAW2D,EAAK3D,SACnC,IAAIa,EAAO8C,EAAKzD,OAASmB,EAAInB,OAAU,EACvC0D,EAAI1D,OAASW,EACbA,EAAOA,EAAM,EAAK,EAGlB,IAAIgD,EAAoB,EAAhBF,EAAK1D,MAAM,GACf6D,EAAmB,EAAfzC,EAAIpB,MAAM,GACdW,EAAIiD,EAAIC,EAERC,EAAS,SAAJnD,EACLoD,EAASpD,EAAI,SAAa,EAC9BgD,EAAI3D,MAAM,GAAK8D,EAEf,IAAK,IAAIE,EAAI,EAAGA,EAAIpD,EAAKoD,IAAK,CAM5B,IAHA,IAAIC,EAASF,IAAU,GACnBG,EAAgB,SAARH,EACRI,EAAOtD,KAAKC,IAAIkD,EAAG5C,EAAInB,OAAS,GAC3BmC,EAAIvB,KAAKU,IAAI,EAAGyC,EAAIN,EAAKzD,OAAS,GAAImC,GAAK+B,EAAM/B,IAAK,CAC7D,IAAIrB,EAAKiD,EAAI5B,EAAK,EAIlB6B,IADAtD,GAFAiD,EAAoB,EAAhBF,EAAK1D,MAAMe,KACf8C,EAAmB,EAAfzC,EAAIpB,MAAMoC,IACF8B,GACG,SAAa,EAC5BA,EAAY,SAAJvD,EAEVgD,EAAI3D,MAAMgE,GAAa,EAARE,EACfH,EAAiB,EAATE,EAQV,OANc,IAAVF,EACFJ,EAAI3D,MAAMgE,GAAa,EAARD,EAEfJ,EAAI1D,SAGC0D,EAAI1B,QAzlBbxC,EAAGF,UAAUsC,SAAW,SAAmBlC,EAAMyE,GAI/C,IAAIT,EACJ,GAHAS,EAAoB,EAAVA,GAAe,EAGZ,MAJbzE,EAAOA,GAAQ,KAIa,QAATA,EAAgB,CACjCgE,EAAM,GAGN,IAFA,IAAIrB,EAAM,EACNyB,EAAQ,EACHhD,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAAK,CACpC,IAAIsB,EAAIvC,KAAKE,MAAMe,GACf4B,GAA+B,UAArBN,GAAKC,EAAOyB,IAAmBlC,SAAS,IAGpD8B,EADY,KADdI,EAAS1B,IAAO,GAAKC,EAAQ,WACVvB,IAAMjB,KAAKG,OAAS,EAC/BqD,EAAM,EAAIX,EAAK1C,QAAU0C,EAAOgB,EAEhChB,EAAOgB,GAEfrB,GAAO,IACI,KACTA,GAAO,GACPvB,KAMJ,IAHc,IAAVgD,IACFJ,EAAMI,EAAMlC,SAAS,IAAM8B,GAEtBA,EAAI1D,OAASmE,GAAY,GAC9BT,EAAM,IAAMA,EAKd,OAHsB,IAAlB7D,KAAKC,WACP4D,EAAM,IAAMA,GAEPA,EAGT,GAAIhE,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,GAAI,CAElD,IAAI0E,EAAYd,EAAW5D,GAEvB2E,EAAYd,EAAW7D,GAC3BgE,EAAM,GACN,IAAI3C,EAAIlB,KAAKmD,QAEb,IADAjC,EAAEjB,SAAW,GACLiB,EAAEuD,UAAU,CAClB,IAAI5D,EAAIK,EAAEwD,KAAKF,GAAWzC,SAASlC,GAMjCgE,GALF3C,EAAIA,EAAEyD,MAAMH,IAELC,SAGC5D,EAAIgD,EAFJL,EAAMe,EAAY1D,EAAEV,QAAUU,EAAIgD,EAQ5C,IAHI7D,KAAKyE,WACPZ,EAAM,IAAMA,GAEPA,EAAI1D,OAASmE,GAAY,GAC9BT,EAAM,IAAMA,EAKd,OAHsB,IAAlB7D,KAAKC,WACP4D,EAAM,IAAMA,GAEPA,EAGT7E,GAAO,EAAO,oCAGhBW,EAAGF,UAAUmF,SAAW,WACtB,IAAIC,EAAM7E,KAAKE,MAAM,GASrB,OARoB,IAAhBF,KAAKG,OACP0E,GAAuB,SAAhB7E,KAAKE,MAAM,GACO,IAAhBF,KAAKG,QAAkC,IAAlBH,KAAKE,MAAM,GAEzC2E,GAAO,iBAAoC,SAAhB7E,KAAKE,MAAM,GAC7BF,KAAKG,OAAS,GACvBnB,GAAO,EAAO,8CAEU,IAAlBgB,KAAKC,UAAmB4E,EAAMA,GAGxClF,EAAGF,UAAUqF,OAAS,WACpB,OAAO9E,KAAK+B,SAAS,KAGvBpC,EAAGF,UAAUsF,SAAW,SAAmBjF,EAAQK,GAEjD,OADAnB,OAAyB,IAAXsB,GACPN,KAAKgF,YAAY1E,EAAQR,EAAQK,IAG1CR,EAAGF,UAAU2C,QAAU,SAAkBtC,EAAQK,GAC/C,OAAOH,KAAKgF,YAAYzD,MAAOzB,EAAQK,IAGzCR,EAAGF,UAAUuF,YAAc,SAAsBC,EAAWnF,EAAQK,GAClE,IAAI+E,EAAalF,KAAKkF,aAClBC,EAAYhF,GAAUY,KAAKU,IAAI,EAAGyD,GACtClG,EAAOkG,GAAcC,EAAW,yCAChCnG,EAAOmG,EAAY,EAAG,+BAEtBnF,KAAKmC,QACL,IAGI4B,EAAG9C,EAHHmE,EAA0B,OAAXtF,EACfuF,EAAM,IAAIJ,EAAUE,GAGpBG,EAAItF,KAAKmD,QACb,GAAKiC,EAYE,CACL,IAAKnE,EAAI,GAAIqE,EAAEb,SAAUxD,IACvB8C,EAAIuB,EAAEC,MAAM,KACZD,EAAEE,OAAO,GAETH,EAAIpE,GAAK8C,EAGX,KAAO9C,EAAIkE,EAAWlE,IACpBoE,EAAIpE,GAAK,MArBM,CAEjB,IAAKA,EAAI,EAAGA,EAAIkE,EAAYD,EAAYjE,IACtCoE,EAAIpE,GAAK,EAGX,IAAKA,EAAI,GAAIqE,EAAEb,SAAUxD,IACvB8C,EAAIuB,EAAEC,MAAM,KACZD,EAAEE,OAAO,GAETH,EAAIF,EAAYlE,EAAI,GAAK8C,EAe7B,OAAOsB,GAIP1F,EAAGF,UAAUgG,WADX1E,KAAK2E,MACmB,SAAqBnD,GAC7C,OAAO,GAAKxB,KAAK2E,MAAMnD,IAGC,SAAqBA,GAC7C,IAAIoD,EAAIpD,EACJ1B,EAAI,EAiBR,OAhBI8E,GAAK,OACP9E,GAAK,GACL8E,KAAO,IAELA,GAAK,KACP9E,GAAK,EACL8E,KAAO,GAELA,GAAK,IACP9E,GAAK,EACL8E,KAAO,GAELA,GAAK,IACP9E,GAAK,EACL8E,KAAO,GAEF9E,EAAI8E,GAIfhG,EAAGF,UAAUmG,UAAY,SAAoBrD,GAE3C,GAAU,IAANA,EAAS,OAAO,GAEpB,IAAIoD,EAAIpD,EACJ1B,EAAI,EAoBR,OAnBqB,IAAZ,KAAJ8E,KACH9E,GAAK,GACL8E,KAAO,IAEU,IAAV,IAAJA,KACH9E,GAAK,EACL8E,KAAO,GAES,IAAT,GAAJA,KACH9E,GAAK,EACL8E,KAAO,GAES,IAAT,EAAJA,KACH9E,GAAK,EACL8E,KAAO,GAES,IAAT,EAAJA,IACH9E,IAEKA,GAITlB,EAAGF,UAAUoG,UAAY,WACvB,IAAItD,EAAIvC,KAAKE,MAAMF,KAAKG,OAAS,GAC7B2F,EAAK9F,KAAKyF,WAAWlD,GACzB,OAA2B,IAAnBvC,KAAKG,OAAS,GAAU2F,GAiBlCnG,EAAGF,UAAUsG,SAAW,WACtB,GAAI/F,KAAKyE,SAAU,OAAO,EAG1B,IADA,IAAI5D,EAAI,EACCI,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAAK,CACpC,IAAI8C,EAAI/D,KAAK4F,UAAU5F,KAAKE,MAAMe,IAElC,GADAJ,GAAKkD,EACK,KAANA,EAAU,MAEhB,OAAOlD,GAGTlB,EAAGF,UAAUyF,WAAa,WACxB,OAAOnE,KAAKsB,KAAKrC,KAAK6F,YAAc,IAGtClG,EAAGF,UAAUuG,OAAS,SAAiBC,GACrC,OAAsB,IAAlBjG,KAAKC,SACAD,KAAKkG,MAAMC,MAAMF,GAAOG,MAAM,GAEhCpG,KAAKmD,SAGdxD,EAAGF,UAAU4G,SAAW,SAAmBJ,GACzC,OAAIjG,KAAKsG,MAAML,EAAQ,GACdjG,KAAKuG,KAAKN,GAAOG,MAAM,GAAGI,OAE5BxG,KAAKmD,SAGdxD,EAAGF,UAAUgH,MAAQ,WACnB,OAAyB,IAAlBzG,KAAKC,UAIdN,EAAGF,UAAUiH,IAAM,WACjB,OAAO1G,KAAKmD,QAAQqD,QAGtB7G,EAAGF,UAAU+G,KAAO,WAKlB,OAJKxG,KAAKyE,WACRzE,KAAKC,UAAY,GAGZD,MAITL,EAAGF,UAAUkH,KAAO,SAAerF,GACjC,KAAOtB,KAAKG,OAASmB,EAAInB,QACvBH,KAAKE,MAAMF,KAAKG,UAAY,EAG9B,IAAK,IAAIc,EAAI,EAAGA,EAAIK,EAAInB,OAAQc,IAC9BjB,KAAKE,MAAMe,GAAKjB,KAAKE,MAAMe,GAAKK,EAAIpB,MAAMe,GAG5C,OAAOjB,KAAKmC,SAGdxC,EAAGF,UAAUmH,IAAM,SAActF,GAE/B,OADAtC,EAA0C,IAAlCgB,KAAKC,SAAWqB,EAAIrB,WACrBD,KAAK2G,KAAKrF,IAInB3B,EAAGF,UAAUoH,GAAK,SAAavF,GAC7B,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQyD,IAAItF,GAC/CA,EAAI6B,QAAQyD,IAAI5G,OAGzBL,EAAGF,UAAUqH,IAAM,SAAcxF,GAC/B,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQwD,KAAKrF,GAChDA,EAAI6B,QAAQwD,KAAK3G,OAI1BL,EAAGF,UAAUsH,MAAQ,SAAgBzF,GAEnC,IAAIyC,EAEFA,EADE/D,KAAKG,OAASmB,EAAInB,OAChBmB,EAEAtB,KAGN,IAAK,IAAIiB,EAAI,EAAGA,EAAI8C,EAAE5D,OAAQc,IAC5BjB,KAAKE,MAAMe,GAAKjB,KAAKE,MAAMe,GAAKK,EAAIpB,MAAMe,GAK5C,OAFAjB,KAAKG,OAAS4D,EAAE5D,OAETH,KAAKmC,SAGdxC,EAAGF,UAAUuH,KAAO,SAAe1F,GAEjC,OADAtC,EAA0C,IAAlCgB,KAAKC,SAAWqB,EAAIrB,WACrBD,KAAK+G,MAAMzF,IAIpB3B,EAAGF,UAAUwH,IAAM,SAAc3F,GAC/B,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQ6D,KAAK1F,GAChDA,EAAI6B,QAAQ6D,KAAKhH,OAG1BL,EAAGF,UAAUyH,KAAO,SAAe5F,GACjC,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQ4D,MAAMzF,GACjDA,EAAI6B,QAAQ4D,MAAM/G,OAI3BL,EAAGF,UAAU0H,MAAQ,SAAgB7F,GAEnC,IAAIwC,EACAC,EACA/D,KAAKG,OAASmB,EAAInB,QACpB2D,EAAI9D,KACJ+D,EAAIzC,IAEJwC,EAAIxC,EACJyC,EAAI/D,MAGN,IAAK,IAAIiB,EAAI,EAAGA,EAAI8C,EAAE5D,OAAQc,IAC5BjB,KAAKE,MAAMe,GAAK6C,EAAE5D,MAAMe,GAAK8C,EAAE7D,MAAMe,GAGvC,GAAIjB,OAAS8D,EACX,KAAO7C,EAAI6C,EAAE3D,OAAQc,IACnBjB,KAAKE,MAAMe,GAAK6C,EAAE5D,MAAMe,GAM5B,OAFAjB,KAAKG,OAAS2D,EAAE3D,OAETH,KAAKmC,SAGdxC,EAAGF,UAAU2H,KAAO,SAAe9F,GAEjC,OADAtC,EAA0C,IAAlCgB,KAAKC,SAAWqB,EAAIrB,WACrBD,KAAKmH,MAAM7F,IAIpB3B,EAAGF,UAAU4H,IAAM,SAAc/F,GAC/B,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQiE,KAAK9F,GAChDA,EAAI6B,QAAQiE,KAAKpH,OAG1BL,EAAGF,UAAU6H,KAAO,SAAehG,GACjC,OAAItB,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQgE,MAAM7F,GACjDA,EAAI6B,QAAQgE,MAAMnH,OAI3BL,EAAGF,UAAU0G,MAAQ,SAAgBF,GACnCjH,EAAwB,iBAAViH,GAAsBA,GAAS,GAE7C,IAAIsB,EAAsC,EAAxBxG,KAAKsB,KAAK4D,EAAQ,IAChCuB,EAAWvB,EAAQ,GAGvBjG,KAAKoD,QAAQmE,GAETC,EAAW,GACbD,IAIF,IAAK,IAAItG,EAAI,EAAGA,EAAIsG,EAAatG,IAC/BjB,KAAKE,MAAMe,GAAsB,UAAhBjB,KAAKE,MAAMe,GAS9B,OALIuG,EAAW,IACbxH,KAAKE,MAAMe,IAAMjB,KAAKE,MAAMe,GAAM,UAAc,GAAKuG,GAIhDxH,KAAKmC,SAGdxC,EAAGF,UAAU8G,KAAO,SAAeN,GACjC,OAAOjG,KAAKmD,QAAQgD,MAAMF,IAI5BtG,EAAGF,UAAUgI,KAAO,SAAeC,EAAKzI,GACtCD,EAAsB,iBAAR0I,GAAoBA,GAAO,GAEzC,IAAIlF,EAAOkF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAUjB,OARA1H,KAAKoD,QAAQZ,EAAM,GAGjBxC,KAAKE,MAAMsC,GADTvD,EACgBe,KAAKE,MAAMsC,GAAQ,GAAKmF,EAExB3H,KAAKE,MAAMsC,KAAS,GAAKmF,GAGtC3H,KAAKmC,SAIdxC,EAAGF,UAAUmI,KAAO,SAAetG,GACjC,IAAIT,EAkBAiD,EAAGC,EAfP,GAAsB,IAAlB/D,KAAKC,UAAmC,IAAjBqB,EAAIrB,SAI7B,OAHAD,KAAKC,SAAW,EAChBY,EAAIb,KAAK6H,KAAKvG,GACdtB,KAAKC,UAAY,EACVD,KAAKsD,YAGP,GAAsB,IAAlBtD,KAAKC,UAAmC,IAAjBqB,EAAIrB,SAIpC,OAHAqB,EAAIrB,SAAW,EACfY,EAAIb,KAAK6H,KAAKvG,GACdA,EAAIrB,SAAW,EACRY,EAAEyC,YAKPtD,KAAKG,OAASmB,EAAInB,QACpB2D,EAAI9D,KACJ+D,EAAIzC,IAEJwC,EAAIxC,EACJyC,EAAI/D,MAIN,IADA,IAAIiE,EAAQ,EACHhD,EAAI,EAAGA,EAAI8C,EAAE5D,OAAQc,IAC5BJ,GAAkB,EAAbiD,EAAE5D,MAAMe,KAAwB,EAAb8C,EAAE7D,MAAMe,IAAUgD,EAC1CjE,KAAKE,MAAMe,GAAS,SAAJJ,EAChBoD,EAAQpD,IAAM,GAEhB,KAAiB,IAAVoD,GAAehD,EAAI6C,EAAE3D,OAAQc,IAClCJ,GAAkB,EAAbiD,EAAE5D,MAAMe,IAAUgD,EACvBjE,KAAKE,MAAMe,GAAS,SAAJJ,EAChBoD,EAAQpD,IAAM,GAIhB,GADAb,KAAKG,OAAS2D,EAAE3D,OACF,IAAV8D,EACFjE,KAAKE,MAAMF,KAAKG,QAAU8D,EAC1BjE,KAAKG,cAEA,GAAI2D,IAAM9D,KACf,KAAOiB,EAAI6C,EAAE3D,OAAQc,IACnBjB,KAAKE,MAAMe,GAAK6C,EAAE5D,MAAMe,GAI5B,OAAOjB,MAITL,EAAGF,UAAUqI,IAAM,SAAcxG,GAC/B,IAAI+D,EACJ,OAAqB,IAAjB/D,EAAIrB,UAAoC,IAAlBD,KAAKC,UAC7BqB,EAAIrB,SAAW,EACfoF,EAAMrF,KAAK+H,IAAIzG,GACfA,EAAIrB,UAAY,EACToF,GACmB,IAAjB/D,EAAIrB,UAAoC,IAAlBD,KAAKC,UACpCD,KAAKC,SAAW,EAChBoF,EAAM/D,EAAIyG,IAAI/H,MACdA,KAAKC,SAAW,EACToF,GAGLrF,KAAKG,OAASmB,EAAInB,OAAeH,KAAKmD,QAAQyE,KAAKtG,GAEhDA,EAAI6B,QAAQyE,KAAK5H,OAI1BL,EAAGF,UAAUoI,KAAO,SAAevG,GAEjC,GAAqB,IAAjBA,EAAIrB,SAAgB,CACtBqB,EAAIrB,SAAW,EACf,IAAIY,EAAIb,KAAK4H,KAAKtG,GAElB,OADAA,EAAIrB,SAAW,EACRY,EAAEyC,YAGJ,GAAsB,IAAlBtD,KAAKC,SAId,OAHAD,KAAKC,SAAW,EAChBD,KAAK4H,KAAKtG,GACVtB,KAAKC,SAAW,EACTD,KAAKsD,YAId,IAWIQ,EAAGC,EAXHnC,EAAM5B,KAAK4B,IAAIN,GAGnB,GAAY,IAARM,EAIF,OAHA5B,KAAKC,SAAW,EAChBD,KAAKG,OAAS,EACdH,KAAKE,MAAM,GAAK,EACTF,KAKL4B,EAAM,GACRkC,EAAI9D,KACJ+D,EAAIzC,IAEJwC,EAAIxC,EACJyC,EAAI/D,MAIN,IADA,IAAIiE,EAAQ,EACHhD,EAAI,EAAGA,EAAI8C,EAAE5D,OAAQc,IAE5BgD,GADApD,GAAkB,EAAbiD,EAAE5D,MAAMe,KAAwB,EAAb8C,EAAE7D,MAAMe,IAAUgD,IAC7B,GACbjE,KAAKE,MAAMe,GAAS,SAAJJ,EAElB,KAAiB,IAAVoD,GAAehD,EAAI6C,EAAE3D,OAAQc,IAElCgD,GADApD,GAAkB,EAAbiD,EAAE5D,MAAMe,IAAUgD,IACV,GACbjE,KAAKE,MAAMe,GAAS,SAAJJ,EAIlB,GAAc,IAAVoD,GAAehD,EAAI6C,EAAE3D,QAAU2D,IAAM9D,KACvC,KAAOiB,EAAI6C,EAAE3D,OAAQc,IACnBjB,KAAKE,MAAMe,GAAK6C,EAAE5D,MAAMe,GAU5B,OANAjB,KAAKG,OAASY,KAAKU,IAAIzB,KAAKG,OAAQc,GAEhC6C,IAAM9D,OACRA,KAAKC,SAAW,GAGXD,KAAKmC,SAIdxC,EAAGF,UAAUsI,IAAM,SAAczG,GAC/B,OAAOtB,KAAKmD,QAAQ0E,KAAKvG,IA+C3B,IAAI0G,EAAc,SAAsBpE,EAAMtC,EAAKuC,GACjD,IAIIG,EACAiE,EACAnC,EANAhC,EAAIF,EAAK1D,MACT6D,EAAIzC,EAAIpB,MACRgI,EAAIrE,EAAI3D,MACRgB,EAAI,EAIJiH,EAAY,EAAPrE,EAAE,GACPsE,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPxE,EAAE,GACPyE,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP3E,EAAE,GACP4E,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP9E,EAAE,GACP+E,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPjF,EAAE,GACPkF,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPpF,EAAE,GACPqF,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPvF,EAAE,GACPwF,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP1F,EAAE,GACP2F,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP7F,EAAE,GACP8F,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPhG,EAAE,GACPiG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPlG,EAAE,GACPmG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPrG,EAAE,GACPsG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPxG,EAAE,GACPyG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP3G,EAAE,GACP4G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP9G,EAAE,GACP+G,EAAW,KAALD,EACNE,GAAMF,IAAO,GACbG,GAAY,EAAPjH,EAAE,GACPkH,GAAW,KAALD,GACNE,GAAMF,KAAO,GACbG,GAAY,EAAPpH,EAAE,GACPqH,GAAW,KAALD,GACNE,GAAMF,KAAO,GACbG,GAAY,EAAPvH,EAAE,GACPwH,GAAW,KAALD,GACNE,GAAMF,KAAO,GACbG,GAAY,EAAP1H,EAAE,GACP2H,GAAW,KAALD,GACNE,GAAMF,KAAO,GACbG,GAAY,EAAP7H,EAAE,GACP8H,GAAW,KAALD,GACNE,GAAMF,KAAO,GAEjB/H,EAAI5D,SAAW2D,EAAK3D,SAAWqB,EAAIrB,SACnC4D,EAAI1D,OAAS,GAMb,IAAI4L,IAAQ7K,GAJZ8C,EAAKjD,KAAKiL,KAAK5D,EAAK8B,IAIE,KAAa,MAFnCjC,GADAA,EAAMlH,KAAKiL,KAAK5D,EAAK+B,IACRpJ,KAAKiL,KAAK3D,EAAK6B,GAAQ,KAEU,IAAO,EACrDhJ,IAFA4E,EAAK/E,KAAKiL,KAAK3D,EAAK8B,KAEPlC,IAAQ,IAAO,IAAM8D,KAAO,IAAO,EAChDA,IAAM,SAEN/H,EAAKjD,KAAKiL,KAAKzD,EAAK2B,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKzD,EAAK4B,IACRpJ,KAAKiL,KAAKxD,EAAK0B,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKxD,EAAK2B,GAKpB,IAAI8B,IAAQ/K,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKiC,GAAQ,GAIZ,KAAa,MAFnCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKkC,GAAQ,GACvBvJ,KAAKiL,KAAK3D,EAAKgC,GAAQ,KAEU,IAAO,EACrDnJ,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKiC,GAAQ,IAErBrC,IAAQ,IAAO,IAAMgE,KAAO,IAAO,EAChDA,IAAM,SAENjI,EAAKjD,KAAKiL,KAAKtD,EAAKwB,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKtD,EAAKyB,IACRpJ,KAAKiL,KAAKrD,EAAKuB,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKrD,EAAKwB,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAK8B,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAK+B,GAAQ,GACvBvJ,KAAKiL,KAAKxD,EAAK6B,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAK8B,GAAQ,EAKlC,IAAI4B,IAAQhL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKoC,GAAQ,GAIZ,KAAa,MAFnCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKqC,GAAQ,GACvB1J,KAAKiL,KAAK3D,EAAKmC,GAAQ,KAEU,IAAO,EACrDtJ,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKoC,GAAQ,IAErBxC,IAAQ,IAAO,IAAMiE,KAAO,IAAO,EAChDA,IAAM,SAENlI,EAAKjD,KAAKiL,KAAKnD,EAAKqB,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKnD,EAAKsB,IACRpJ,KAAKiL,KAAKlD,EAAKoB,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKlD,EAAKqB,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAK2B,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAK4B,GAAQ,GACvBvJ,KAAKiL,KAAKrD,EAAK0B,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAK2B,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKiC,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKkC,GAAQ,GACvB1J,KAAKiL,KAAKxD,EAAKgC,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKiC,GAAQ,EAKlC,IAAI0B,IAAQjL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKuC,GAAQ,GAIZ,KAAa,MAFnC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKwC,GAAQ,GACvB7J,KAAKiL,KAAK3D,EAAKsC,GAAQ,KAEU,IAAO,EACrDzJ,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKuC,GAAQ,IAErB3C,IAAQ,IAAO,IAAMkE,KAAO,IAAO,EAChDA,IAAM,SAENnI,EAAKjD,KAAKiL,KAAKhD,EAAKkB,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKhD,EAAKmB,IACRpJ,KAAKiL,KAAK/C,EAAKiB,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAK/C,EAAKkB,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAKwB,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAKyB,GAAQ,GACvBvJ,KAAKiL,KAAKlD,EAAKuB,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAKwB,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAK8B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAK+B,GAAQ,GACvB1J,KAAKiL,KAAKrD,EAAK6B,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAK8B,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKoC,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKqC,GAAQ,GACvB7J,KAAKiL,KAAKxD,EAAKmC,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKoC,GAAQ,EAKlC,IAAIwB,IAAQlL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAK0C,GAAQ,GAIZ,KAAa,MAFnC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAK2C,IAAQ,GACvBhK,KAAKiL,KAAK3D,EAAKyC,GAAQ,KAEU,IAAO,EACrD5J,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAK0C,IAAQ,IAErB9C,IAAQ,IAAO,IAAMmE,KAAO,IAAO,EAChDA,IAAM,SAENpI,EAAKjD,KAAKiL,KAAK7C,EAAKe,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAK7C,EAAKgB,IACRpJ,KAAKiL,KAAK5C,EAAKc,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAK5C,EAAKe,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAKqB,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAKsB,GAAQ,GACvBvJ,KAAKiL,KAAK/C,EAAKoB,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAKqB,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAK2B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAK4B,GAAQ,GACvB1J,KAAKiL,KAAKlD,EAAK0B,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAK2B,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAKiC,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAKkC,GAAQ,GACvB7J,KAAKiL,KAAKrD,EAAKgC,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAKiC,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKuC,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKwC,IAAQ,GACvBhK,KAAKiL,KAAKxD,EAAKsC,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKuC,IAAQ,EAKlC,IAAIsB,IAAQnL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAK6C,IAAQ,GAIZ,KAAa,MAFnChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAK8C,IAAQ,GACvBnK,KAAKiL,KAAK3D,EAAK4C,IAAQ,KAEU,IAAO,EACrD/J,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAK6C,IAAQ,IAErBjD,IAAQ,IAAO,IAAMoE,KAAO,IAAO,EAChDA,IAAM,SAENrI,EAAKjD,KAAKiL,KAAK1C,EAAKY,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAK1C,EAAKa,IACRpJ,KAAKiL,KAAKzC,EAAKW,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKzC,EAAKY,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKkB,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKmB,GAAQ,GACvBvJ,KAAKiL,KAAK5C,EAAKiB,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKkB,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAKwB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAKyB,GAAQ,GACvB1J,KAAKiL,KAAK/C,EAAKuB,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAKwB,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAK8B,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAK+B,GAAQ,GACvB7J,KAAKiL,KAAKlD,EAAK6B,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAK8B,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAKoC,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAKqC,IAAQ,GACvBhK,KAAKiL,KAAKrD,EAAKmC,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAKoC,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAK0C,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAK2C,IAAQ,GACvBnK,KAAKiL,KAAKxD,EAAKyC,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAK0C,IAAQ,EAKlC,IAAIoB,IAAQpL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKgD,IAAQ,GAIZ,KAAa,MAFnCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKiD,IAAQ,GACvBtK,KAAKiL,KAAK3D,EAAK+C,IAAQ,KAEU,IAAO,EACrDlK,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKgD,IAAQ,IAErBpD,IAAQ,IAAO,IAAMqE,KAAO,IAAO,EAChDA,IAAM,SAENtI,EAAKjD,KAAKiL,KAAKvC,EAAKS,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKvC,EAAKU,IACRpJ,KAAKiL,KAAKtC,EAAKQ,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKtC,EAAKS,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKe,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKgB,GAAQ,GACvBvJ,KAAKiL,KAAKzC,EAAKc,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKe,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKqB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKsB,GAAQ,GACvB1J,KAAKiL,KAAK5C,EAAKoB,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKqB,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAK2B,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAK4B,GAAQ,GACvB7J,KAAKiL,KAAK/C,EAAK0B,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAK2B,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAKiC,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAKkC,IAAQ,GACvBhK,KAAKiL,KAAKlD,EAAKgC,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAKiC,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAKuC,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAKwC,IAAQ,GACvBnK,KAAKiL,KAAKrD,EAAKsC,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAKuC,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAK6C,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAK8C,IAAQ,GACvBtK,KAAKiL,KAAKxD,EAAK4C,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAK6C,IAAQ,EAKlC,IAAIkB,IAAQrL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKmD,IAAQ,GAIZ,KAAa,MAFnCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKoD,IAAQ,GACvBzK,KAAKiL,KAAK3D,EAAKkD,IAAQ,KAEU,IAAO,EACrDrK,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKmD,IAAQ,IAErBvD,IAAQ,IAAO,IAAMsE,KAAO,IAAO,EAChDA,IAAM,SAENvI,EAAKjD,KAAKiL,KAAKpC,EAAKM,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKpC,EAAKO,IACRpJ,KAAKiL,KAAKnC,EAAKK,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKnC,EAAKM,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKY,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKa,GAAQ,GACvBvJ,KAAKiL,KAAKtC,EAAKW,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKY,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKkB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKmB,GAAQ,GACvB1J,KAAKiL,KAAKzC,EAAKiB,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKkB,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKwB,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKyB,GAAQ,GACvB7J,KAAKiL,KAAK5C,EAAKuB,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKwB,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAK8B,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAK+B,IAAQ,GACvBhK,KAAKiL,KAAK/C,EAAK6B,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAK8B,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAKoC,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAKqC,IAAQ,GACvBnK,KAAKiL,KAAKlD,EAAKmC,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAKoC,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAK0C,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAK2C,IAAQ,GACvBtK,KAAKiL,KAAKrD,EAAKyC,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAK0C,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKgD,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKiD,IAAQ,GACvBzK,KAAKiL,KAAKxD,EAAK+C,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKgD,IAAQ,EAKlC,IAAIgB,IAAQtL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKsD,IAAQ,GAIZ,KAAa,MAFnCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAKuD,IAAQ,GACvB5K,KAAKiL,KAAK3D,EAAKqD,IAAQ,KAEU,IAAO,EACrDxK,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKsD,IAAQ,IAErB1D,IAAQ,IAAO,IAAMuE,KAAO,IAAO,EAChDA,IAAM,SAENxI,EAAKjD,KAAKiL,KAAKjC,EAAKG,GAEpBjC,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKI,IACRpJ,KAAKiL,KAAKhC,EAAKE,GAAQ,EACpCpE,EAAK/E,KAAKiL,KAAKhC,EAAKG,GACpBnG,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKS,GAAQ,EAElCpC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKU,GAAQ,GACvBvJ,KAAKiL,KAAKnC,EAAKQ,GAAQ,EACpCvE,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKS,GAAQ,EAClCtG,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKe,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKgB,GAAQ,GACvB1J,KAAKiL,KAAKtC,EAAKc,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKe,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKqB,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKsB,GAAQ,GACvB7J,KAAKiL,KAAKzC,EAAKoB,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKqB,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAK2B,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAK4B,IAAQ,GACvBhK,KAAKiL,KAAK5C,EAAK0B,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAK2B,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAKiC,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAKkC,IAAQ,GACvBnK,KAAKiL,KAAK/C,EAAKgC,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAKiC,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAKuC,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAKwC,IAAQ,GACvBtK,KAAKiL,KAAKlD,EAAKsC,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAKuC,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAK6C,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAK8C,IAAQ,GACvBzK,KAAKiL,KAAKrD,EAAK4C,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAK6C,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKmD,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKoD,IAAQ,GACvB5K,KAAKiL,KAAKxD,EAAKkD,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKmD,IAAQ,EAKlC,IAAIc,IAAQvL,GAJZ8C,EAAMA,EAAKjD,KAAKiL,KAAK5D,EAAKyD,IAAQ,GAIZ,KAAa,MAFnC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK5D,EAAK0D,IAAQ,GACvB/K,KAAKiL,KAAK3D,EAAKwD,IAAQ,KAEU,IAAO,EACrD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK3D,EAAKyD,IAAQ,IAErB7D,IAAQ,IAAO,IAAMwE,KAAO,IAAO,EAChDA,IAAM,SAENzI,EAAKjD,KAAKiL,KAAKjC,EAAKM,GAEpBpC,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKO,IACRvJ,KAAKiL,KAAKhC,EAAKK,GAAQ,EACpCvE,EAAK/E,KAAKiL,KAAKhC,EAAKM,GACpBtG,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKY,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKa,GAAQ,GACvB1J,KAAKiL,KAAKnC,EAAKW,GAAQ,EACpC1E,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKY,GAAQ,EAClCzG,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKkB,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKmB,GAAQ,GACvB7J,KAAKiL,KAAKtC,EAAKiB,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKkB,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKwB,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKyB,IAAQ,GACvBhK,KAAKiL,KAAKzC,EAAKuB,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKwB,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAK8B,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAK+B,IAAQ,GACvBnK,KAAKiL,KAAK5C,EAAK6B,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAK8B,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAKoC,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAKqC,IAAQ,GACvBtK,KAAKiL,KAAK/C,EAAKmC,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAKoC,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAK0C,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAK2C,IAAQ,GACvBzK,KAAKiL,KAAKlD,EAAKyC,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAK0C,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAKgD,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAKiD,IAAQ,GACvB5K,KAAKiL,KAAKrD,EAAK+C,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAKgD,IAAQ,EAKlC,IAAIe,IAASxL,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKzD,EAAKsD,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKzD,EAAKuD,IAAQ,GACvB/K,KAAKiL,KAAKxD,EAAKqD,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKxD,EAAKsD,IAAQ,IAErB7D,IAAQ,IAAO,IAAMyE,KAAQ,IAAO,EACjDA,IAAO,SAEP1I,EAAKjD,KAAKiL,KAAKjC,EAAKS,GAEpBvC,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKU,IACR1J,KAAKiL,KAAKhC,EAAKQ,GAAQ,EACpC1E,EAAK/E,KAAKiL,KAAKhC,EAAKS,GACpBzG,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKe,GAAQ,EAElC1C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKgB,GAAQ,GACvB7J,KAAKiL,KAAKnC,EAAKc,GAAQ,EACpC7E,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKe,GAAQ,EAClC5G,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKqB,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKsB,IAAQ,GACvBhK,KAAKiL,KAAKtC,EAAKoB,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKqB,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAK2B,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAK4B,IAAQ,GACvBnK,KAAKiL,KAAKzC,EAAK0B,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAK2B,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKiC,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKkC,IAAQ,GACvBtK,KAAKiL,KAAK5C,EAAKgC,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKiC,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAKuC,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAKwC,IAAQ,GACvBzK,KAAKiL,KAAK/C,EAAKsC,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAKuC,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAK6C,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAK8C,IAAQ,GACvB5K,KAAKiL,KAAKlD,EAAK4C,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAK6C,IAAQ,EAKlC,IAAIgB,IAASzL,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKtD,EAAKmD,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKtD,EAAKoD,IAAQ,GACvB/K,KAAKiL,KAAKrD,EAAKkD,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKrD,EAAKmD,IAAQ,IAErB7D,IAAQ,IAAO,IAAM0E,KAAQ,IAAO,EACjDA,IAAO,SAEP3I,EAAKjD,KAAKiL,KAAKjC,EAAKY,GAEpB1C,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKa,IACR7J,KAAKiL,KAAKhC,EAAKW,GAAQ,EACpC7E,EAAK/E,KAAKiL,KAAKhC,EAAKY,GACpB5G,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKkB,GAAQ,EAElC7C,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKmB,IAAQ,GACvBhK,KAAKiL,KAAKnC,EAAKiB,GAAQ,EACpChF,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKkB,IAAQ,EAClC/G,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKwB,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKyB,IAAQ,GACvBnK,KAAKiL,KAAKtC,EAAKuB,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKwB,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAK8B,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAK+B,IAAQ,GACvBtK,KAAKiL,KAAKzC,EAAK6B,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAK8B,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKoC,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKqC,IAAQ,GACvBzK,KAAKiL,KAAK5C,EAAKmC,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKoC,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAK0C,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAK2C,IAAQ,GACvB5K,KAAKiL,KAAK/C,EAAKyC,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAK0C,IAAQ,EAKlC,IAAIiB,IAAS1L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKnD,EAAKgD,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKnD,EAAKiD,IAAQ,GACvB/K,KAAKiL,KAAKlD,EAAK+C,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKlD,EAAKgD,IAAQ,IAErB7D,IAAQ,IAAO,IAAM2E,KAAQ,IAAO,EACjDA,IAAO,SAEP5I,EAAKjD,KAAKiL,KAAKjC,EAAKe,GAEpB7C,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKgB,KACRhK,KAAKiL,KAAKhC,EAAKc,GAAQ,EACpChF,EAAK/E,KAAKiL,KAAKhC,EAAKe,IACpB/G,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKqB,IAAQ,EAElChD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKsB,IAAQ,GACvBnK,KAAKiL,KAAKnC,EAAKoB,IAAQ,EACpCnF,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKqB,IAAQ,EAClClH,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAK2B,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAK4B,IAAQ,GACvBtK,KAAKiL,KAAKtC,EAAK0B,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAK2B,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKiC,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKkC,IAAQ,GACvBzK,KAAKiL,KAAKzC,EAAKgC,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKiC,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAKuC,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAKwC,IAAQ,GACvB5K,KAAKiL,KAAK5C,EAAKsC,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAKuC,IAAQ,EAKlC,IAAIkB,IAAS3L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKhD,EAAK6C,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKhD,EAAK8C,IAAQ,GACvB/K,KAAKiL,KAAK/C,EAAK4C,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK/C,EAAK6C,IAAQ,IAErB7D,IAAQ,IAAO,IAAM4E,KAAQ,IAAO,EACjDA,IAAO,SAEP7I,EAAKjD,KAAKiL,KAAKjC,EAAKkB,IAEpBhD,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKmB,KACRnK,KAAKiL,KAAKhC,EAAKiB,IAAQ,EACpCnF,EAAK/E,KAAKiL,KAAKhC,EAAKkB,IACpBlH,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKwB,IAAQ,EAElCnD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKyB,IAAQ,GACvBtK,KAAKiL,KAAKnC,EAAKuB,IAAQ,EACpCtF,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKwB,IAAQ,EAClCrH,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAK8B,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAK+B,IAAQ,GACvBzK,KAAKiL,KAAKtC,EAAK6B,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAK8B,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKoC,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKqC,IAAQ,GACvB5K,KAAKiL,KAAKzC,EAAKmC,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKoC,IAAQ,EAKlC,IAAImB,IAAS5L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAK7C,EAAK0C,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK7C,EAAK2C,IAAQ,GACvB/K,KAAKiL,KAAK5C,EAAKyC,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAK5C,EAAK0C,IAAQ,IAErB7D,IAAQ,IAAO,IAAM6E,KAAQ,IAAO,EACjDA,IAAO,SAEP9I,EAAKjD,KAAKiL,KAAKjC,EAAKqB,IAEpBnD,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKsB,KACRtK,KAAKiL,KAAKhC,EAAKoB,IAAQ,EACpCtF,EAAK/E,KAAKiL,KAAKhC,EAAKqB,IACpBrH,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAK2B,IAAQ,EAElCtD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAK4B,IAAQ,GACvBzK,KAAKiL,KAAKnC,EAAK0B,IAAQ,EACpCzF,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAK2B,IAAQ,EAClCxH,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKiC,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKkC,IAAQ,GACvB5K,KAAKiL,KAAKtC,EAAKgC,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKiC,IAAQ,EAKlC,IAAIoB,IAAS7L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAK1C,EAAKuC,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAK1C,EAAKwC,IAAQ,GACvB/K,KAAKiL,KAAKzC,EAAKsC,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKzC,EAAKuC,IAAQ,IAErB7D,IAAQ,IAAO,IAAM8E,KAAQ,IAAO,EACjDA,IAAO,SAEP/I,EAAKjD,KAAKiL,KAAKjC,EAAKwB,IAEpBtD,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAKyB,KACRzK,KAAKiL,KAAKhC,EAAKuB,IAAQ,EACpCzF,EAAK/E,KAAKiL,KAAKhC,EAAKwB,IACpBxH,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAK8B,IAAQ,EAElCzD,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAK+B,IAAQ,GACvB5K,KAAKiL,KAAKnC,EAAK6B,IAAQ,EACpC5F,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAK8B,IAAQ,EAKlC,IAAIqB,IAAS9L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKvC,EAAKoC,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKvC,EAAKqC,IAAQ,GACvB/K,KAAKiL,KAAKtC,EAAKmC,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKtC,EAAKoC,IAAQ,IAErB7D,IAAQ,IAAO,IAAM+E,KAAQ,IAAO,EACjDA,IAAO,SAEPhJ,EAAKjD,KAAKiL,KAAKjC,EAAK2B,IAEpBzD,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAK4B,KACR5K,KAAKiL,KAAKhC,EAAK0B,IAAQ,EACpC5F,EAAK/E,KAAKiL,KAAKhC,EAAK2B,IAKpB,IAAIsB,IAAS/L,GAJb8C,EAAMA,EAAKjD,KAAKiL,KAAKpC,EAAKiC,IAAQ,GAIX,KAAa,MAFpC5D,GADAA,EAAOA,EAAMlH,KAAKiL,KAAKpC,EAAKkC,IAAQ,GACvB/K,KAAKiL,KAAKnC,EAAKgC,IAAQ,KAEW,IAAO,EACtD3K,IAFA4E,EAAMA,EAAK/E,KAAKiL,KAAKnC,EAAKiC,IAAQ,IAErB7D,IAAQ,IAAO,IAAMgF,KAAQ,IAAO,EACjDA,IAAO,SAMP,IAAIC,IAAShM,GAJb8C,EAAKjD,KAAKiL,KAAKjC,EAAK8B,KAIG,KAAa,MAFpC5D,GADAA,EAAMlH,KAAKiL,KAAKjC,EAAK+B,KACR/K,KAAKiL,KAAKhC,EAAK6B,IAAQ,KAEW,IAAO,EA0BtD,OAzBA3K,IAFA4E,EAAK/E,KAAKiL,KAAKhC,EAAK8B,MAEP7D,IAAQ,IAAO,IAAMiF,KAAQ,IAAO,EACjDA,IAAO,SACPhF,EAAE,GAAK6D,GACP7D,EAAE,GAAK+D,GACP/D,EAAE,GAAKgE,GACPhE,EAAE,GAAKiE,GACPjE,EAAE,GAAKkE,GACPlE,EAAE,GAAKmE,GACPnE,EAAE,GAAKoE,GACPpE,EAAE,GAAKqE,GACPrE,EAAE,GAAKsE,GACPtE,EAAE,GAAKuE,GACPvE,EAAE,IAAMwE,GACRxE,EAAE,IAAMyE,GACRzE,EAAE,IAAM0E,GACR1E,EAAE,IAAM2E,GACR3E,EAAE,IAAM4E,GACR5E,EAAE,IAAM6E,GACR7E,EAAE,IAAM8E,GACR9E,EAAE,IAAM+E,GACR/E,EAAE,IAAMgF,GACE,IAANhM,IACFgH,EAAE,IAAMhH,EACR2C,EAAI1D,UAEC0D,GAiDT,SAASsJ,EAAYvJ,EAAMtC,EAAKuC,GAE9B,OADW,IAAIuJ,GACHC,KAAKzJ,EAAMtC,EAAKuC,GAsB9B,SAASuJ,EAAME,EAAGC,GAChBvN,KAAKsN,EAAIA,EACTtN,KAAKuN,EAAIA,EAvENxM,KAAKiL,OACRhE,EAAcrE,GAiDhBhE,EAAGF,UAAU+N,MAAQ,SAAgBlM,EAAKuC,GACxC,IAAIwB,EACAvE,EAAMd,KAAKG,OAASmB,EAAInB,OAW5B,OATEkF,EADkB,KAAhBrF,KAAKG,QAAgC,KAAfmB,EAAInB,OACtB6H,EAAYhI,KAAMsB,EAAKuC,GACpB/C,EAAM,GACT6C,EAAW3D,KAAMsB,EAAKuC,GACnB/C,EAAM,KArDnB,SAAmB8C,EAAMtC,EAAKuC,GAC5BA,EAAI5D,SAAWqB,EAAIrB,SAAW2D,EAAK3D,SACnC4D,EAAI1D,OAASyD,EAAKzD,OAASmB,EAAInB,OAI/B,IAFA,IAAI8D,EAAQ,EACRwJ,EAAU,EACLvJ,EAAI,EAAGA,EAAIL,EAAI1D,OAAS,EAAG+D,IAAK,CAGvC,IAAIC,EAASsJ,EACbA,EAAU,EAGV,IAFA,IAAIrJ,EAAgB,SAARH,EACRI,EAAOtD,KAAKC,IAAIkD,EAAG5C,EAAInB,OAAS,GAC3BmC,EAAIvB,KAAKU,IAAI,EAAGyC,EAAIN,EAAKzD,OAAS,GAAImC,GAAK+B,EAAM/B,IAAK,CAC7D,IAAIrB,EAAIiD,EAAI5B,EAGRzB,GAFoB,EAAhB+C,EAAK1D,MAAMe,KACI,EAAfK,EAAIpB,MAAMoC,IAGd0B,EAAS,SAAJnD,EAGTuD,EAAa,UADbJ,EAAMA,EAAKI,EAAS,GAIpBqJ,IAFAtJ,GAHAA,EAAUA,GAAWtD,EAAI,SAAa,GAAM,IAGxBmD,IAAO,IAAO,KAEZ,GACtBG,GAAU,SAEZN,EAAI3D,MAAMgE,GAAKE,EACfH,EAAQE,EACRA,EAASsJ,EAQX,OANc,IAAVxJ,EACFJ,EAAI3D,MAAMgE,GAAKD,EAEfJ,EAAI1D,SAGC0D,EAAI1B,QAgBHuL,CAAS1N,KAAMsB,EAAKuC,GAEpBsJ,EAAWnN,KAAMsB,EAAKuC,GAGvBwB,GAWT+H,EAAK3N,UAAUkO,QAAU,SAAkBC,GAGzC,IAFA,IAAIjI,EAAQpE,MAAMqM,GACdC,EAAIlO,EAAGF,UAAUgG,WAAWmI,GAAK,EAC5B3M,EAAI,EAAGA,EAAI2M,EAAG3M,IACrB0E,EAAE1E,GAAKjB,KAAK8N,OAAO7M,EAAG4M,EAAGD,GAG3B,OAAOjI,GAITyH,EAAK3N,UAAUqO,OAAS,SAAiBR,EAAGO,EAAGD,GAC7C,GAAU,IAANN,GAAWA,IAAMM,EAAI,EAAG,OAAON,EAGnC,IADA,IAAIS,EAAK,EACA9M,EAAI,EAAGA,EAAI4M,EAAG5M,IACrB8M,IAAW,EAAJT,IAAWO,EAAI5M,EAAI,EAC1BqM,IAAM,EAGR,OAAOS,GAKTX,EAAK3N,UAAUuO,QAAU,SAAkBC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMT,GACpE,IAAK,IAAI3M,EAAI,EAAGA,EAAI2M,EAAG3M,IACrBmN,EAAKnN,GAAKiN,EAAID,EAAIhN,IAClBoN,EAAKpN,GAAKkN,EAAIF,EAAIhN,KAItBmM,EAAK3N,UAAU6O,UAAY,SAAoBJ,EAAKC,EAAKC,EAAMC,EAAMT,EAAGK,GACtEjO,KAAKgO,QAAQC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMT,GAExC,IAAK,IAAIW,EAAI,EAAGA,EAAIX,EAAGW,IAAM,EAM3B,IALA,IAAIV,EAAIU,GAAK,EAETC,EAAQzN,KAAK0N,IAAI,EAAI1N,KAAK2N,GAAKb,GAC/Bc,EAAQ5N,KAAK6N,IAAI,EAAI7N,KAAK2N,GAAKb,GAE1BgB,EAAI,EAAGA,EAAIjB,EAAGiB,GAAKhB,EAI1B,IAHA,IAAIiB,EAASN,EACTO,EAASJ,EAEJrM,EAAI,EAAGA,EAAIiM,EAAGjM,IAAK,CAC1B,IAAI0M,EAAKZ,EAAKS,EAAIvM,GACd2M,EAAKZ,EAAKQ,EAAIvM,GAEd4M,EAAKd,EAAKS,EAAIvM,EAAIiM,GAClBY,EAAKd,EAAKQ,EAAIvM,EAAIiM,GAElBa,EAAKN,EAASI,EAAKH,EAASI,EAEhCA,EAAKL,EAASK,EAAKJ,EAASG,EAC5BA,EAAKE,EAELhB,EAAKS,EAAIvM,GAAK0M,EAAKE,EACnBb,EAAKQ,EAAIvM,GAAK2M,EAAKE,EAEnBf,EAAKS,EAAIvM,EAAIiM,GAAKS,EAAKE,EACvBb,EAAKQ,EAAIvM,EAAIiM,GAAKU,EAAKE,EAGnB7M,IAAMuL,IACRuB,EAAKZ,EAAQM,EAASH,EAAQI,EAE9BA,EAASP,EAAQO,EAASJ,EAAQG,EAClCA,EAASM,KAOnBhC,EAAK3N,UAAU4P,YAAc,SAAsBC,EAAGC,GACpD,IAAI3B,EAAqB,EAAjB7M,KAAKU,IAAI8N,EAAGD,GAChBE,EAAU,EAAJ5B,EACN3M,EAAI,EACR,IAAK2M,EAAIA,EAAI,EAAI,EAAGA,EAAGA,KAAU,EAC/B3M,IAGF,OAAO,GAAKA,EAAI,EAAIuO,GAGtBpC,EAAK3N,UAAUgQ,UAAY,SAAoBvB,EAAKC,EAAKP,GACvD,KAAIA,GAAK,GAET,IAAK,IAAI3M,EAAI,EAAGA,EAAI2M,EAAI,EAAG3M,IAAK,CAC9B,IAAI0E,EAAIuI,EAAIjN,GAEZiN,EAAIjN,GAAKiN,EAAIN,EAAI3M,EAAI,GACrBiN,EAAIN,EAAI3M,EAAI,GAAK0E,EAEjBA,EAAIwI,EAAIlN,GAERkN,EAAIlN,IAAMkN,EAAIP,EAAI3M,EAAI,GACtBkN,EAAIP,EAAI3M,EAAI,IAAM0E,IAItByH,EAAK3N,UAAUiQ,aAAe,SAAuBC,EAAI/B,GAEvD,IADA,IAAI3J,EAAQ,EACHhD,EAAI,EAAGA,EAAI2M,EAAI,EAAG3M,IAAK,CAC9B,IAAIsB,EAAoC,KAAhCxB,KAAK6O,MAAMD,EAAG,EAAI1O,EAAI,GAAK2M,GACjC7M,KAAK6O,MAAMD,EAAG,EAAI1O,GAAK2M,GACvB3J,EAEF0L,EAAG1O,GAAS,SAAJsB,EAGN0B,EADE1B,EAAI,SACE,EAEAA,EAAI,SAAY,EAI5B,OAAOoN,GAGTvC,EAAK3N,UAAUoQ,WAAa,SAAqBF,EAAI7O,EAAKoN,EAAKN,GAE7D,IADA,IAAI3J,EAAQ,EACHhD,EAAI,EAAGA,EAAIH,EAAKG,IACvBgD,GAAyB,EAAR0L,EAAG1O,GAEpBiN,EAAI,EAAIjN,GAAa,KAARgD,EAAgBA,KAAkB,GAC/CiK,EAAI,EAAIjN,EAAI,GAAa,KAARgD,EAAgBA,KAAkB,GAIrD,IAAKhD,EAAI,EAAIH,EAAKG,EAAI2M,IAAK3M,EACzBiN,EAAIjN,GAAK,EAGXjC,EAAiB,IAAViF,GACPjF,EAA6B,KAAb,KAARiF,KAGVmJ,EAAK3N,UAAUqQ,KAAO,SAAelC,GAEnC,IADA,IAAImC,EAASxO,MAAMqM,GACV3M,EAAI,EAAGA,EAAI2M,EAAG3M,IACrB8O,EAAG9O,GAAK,EAGV,OAAO8O,GAGT3C,EAAK3N,UAAU4N,KAAO,SAAeC,EAAGC,EAAG1J,GACzC,IAAI+J,EAAI,EAAI5N,KAAKqP,YAAY/B,EAAEnN,OAAQoN,EAAEpN,QAErC8N,EAAMjO,KAAK2N,QAAQC,GAEnBoC,EAAIhQ,KAAK8P,KAAKlC,GAEdM,EAAU3M,MAAMqM,GAChBqC,EAAW1O,MAAMqM,GACjBsC,EAAW3O,MAAMqM,GAEjBuC,EAAW5O,MAAMqM,GACjBwC,EAAY7O,MAAMqM,GAClByC,EAAY9O,MAAMqM,GAElB0C,EAAOzM,EAAI3D,MACfoQ,EAAKnQ,OAASyN,EAEd5N,KAAK6P,WAAWvC,EAAEpN,MAAOoN,EAAEnN,OAAQ+N,EAAKN,GACxC5N,KAAK6P,WAAWtC,EAAErN,MAAOqN,EAAEpN,OAAQgQ,EAAMvC,GAEzC5N,KAAKsO,UAAUJ,EAAK8B,EAAGC,EAAMC,EAAMtC,EAAGK,GACtCjO,KAAKsO,UAAU6B,EAAMH,EAAGI,EAAOC,EAAOzC,EAAGK,GAEzC,IAAK,IAAIhN,EAAI,EAAGA,EAAI2M,EAAG3M,IAAK,CAC1B,IAAImO,EAAKa,EAAKhP,GAAKmP,EAAMnP,GAAKiP,EAAKjP,GAAKoP,EAAMpP,GAC9CiP,EAAKjP,GAAKgP,EAAKhP,GAAKoP,EAAMpP,GAAKiP,EAAKjP,GAAKmP,EAAMnP,GAC/CgP,EAAKhP,GAAKmO,EAUZ,OAPApP,KAAKyP,UAAUQ,EAAMC,EAAMtC,GAC3B5N,KAAKsO,UAAU2B,EAAMC,EAAMI,EAAMN,EAAGpC,EAAGK,GACvCjO,KAAKyP,UAAUa,EAAMN,EAAGpC,GACxB5N,KAAK0P,aAAaY,EAAM1C,GAExB/J,EAAI5D,SAAWqN,EAAErN,SAAWsN,EAAEtN,SAC9B4D,EAAI1D,OAASmN,EAAEnN,OAASoN,EAAEpN,OACnB0D,EAAI1B,SAIbxC,EAAGF,UAAU4B,IAAM,SAAcC,GAC/B,IAAIuC,EAAM,IAAIlE,EAAG,MAEjB,OADAkE,EAAI3D,MAAYqB,MAAMvB,KAAKG,OAASmB,EAAInB,QACjCH,KAAKwN,MAAMlM,EAAKuC,IAIzBlE,EAAGF,UAAU8Q,KAAO,SAAejP,GACjC,IAAIuC,EAAM,IAAIlE,EAAG,MAEjB,OADAkE,EAAI3D,MAAYqB,MAAMvB,KAAKG,OAASmB,EAAInB,QACjCgN,EAAWnN,KAAMsB,EAAKuC,IAI/BlE,EAAGF,UAAUuM,KAAO,SAAe1K,GACjC,OAAOtB,KAAKmD,QAAQqK,MAAMlM,EAAKtB,OAGjCL,EAAGF,UAAUqD,MAAQ,SAAgBxB,GACnCtC,EAAsB,iBAARsC,GACdtC,EAAOsC,EAAM,UAIb,IADA,IAAI2C,EAAQ,EACHhD,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAAK,CACpC,IAAIsB,GAAqB,EAAhBvC,KAAKE,MAAMe,IAAUK,EAC1B0C,GAAU,SAAJzB,IAA0B,SAAR0B,GAC5BA,IAAU,GACVA,GAAU1B,EAAI,SAAa,EAE3B0B,GAASD,IAAO,GAChBhE,KAAKE,MAAMe,GAAU,SAAL+C,EAQlB,OALc,IAAVC,IACFjE,KAAKE,MAAMe,GAAKgD,EAChBjE,KAAKG,UAGAH,MAGTL,EAAGF,UAAU+Q,KAAO,SAAelP,GACjC,OAAOtB,KAAKmD,QAAQL,MAAMxB,IAI5B3B,EAAGF,UAAUgR,IAAM,WACjB,OAAOzQ,KAAKqB,IAAIrB,OAIlBL,EAAGF,UAAUiR,KAAO,WAClB,OAAO1Q,KAAKgM,KAAKhM,KAAKmD,UAIxBxD,EAAGF,UAAUuD,IAAM,SAAc1B,GAC/B,IAAIiB,EAxxCN,SAAqBjB,GAGnB,IAFA,IAAIiB,EAAQhB,MAAMD,EAAIuE,aAEb6B,EAAM,EAAGA,EAAMnF,EAAEpC,OAAQuH,IAAO,CACvC,IAAIlF,EAAOkF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAEjBnF,EAAEmF,IAAQpG,EAAIpB,MAAMsC,GAAQ,GAAKmF,KAAWA,EAG9C,OAAOpF,EA8wCCoO,CAAWrP,GACnB,GAAiB,IAAbiB,EAAEpC,OAAc,OAAO,IAAIR,EAAG,GAIlC,IADA,IAAI0F,EAAMrF,KACDiB,EAAI,EAAGA,EAAIsB,EAAEpC,QACP,IAAToC,EAAEtB,GADsBA,IAAKoE,EAAMA,EAAIoL,OAI7C,KAAMxP,EAAIsB,EAAEpC,OACV,IAAK,IAAImF,EAAID,EAAIoL,MAAOxP,EAAIsB,EAAEpC,OAAQc,IAAKqE,EAAIA,EAAEmL,MAClC,IAATlO,EAAEtB,KAENoE,EAAMA,EAAIhE,IAAIiE,IAIlB,OAAOD,GAIT1F,EAAGF,UAAUmR,OAAS,SAAiBC,GACrC7R,EAAuB,iBAAT6R,GAAqBA,GAAQ,GAC3C,IAGI5P,EAHAJ,EAAIgQ,EAAO,GACXtC,GAAKsC,EAAOhQ,GAAK,GACjBiQ,EAAa,WAAe,GAAKjQ,GAAQ,GAAKA,EAGlD,GAAU,IAANA,EAAS,CACX,IAAIoD,EAAQ,EAEZ,IAAKhD,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAAK,CAChC,IAAI8P,EAAW/Q,KAAKE,MAAMe,GAAK6P,EAC3B5P,GAAsB,EAAhBlB,KAAKE,MAAMe,IAAU8P,GAAalQ,EAC5Cb,KAAKE,MAAMe,GAAKC,EAAI+C,EACpBA,EAAQ8M,IAAc,GAAKlQ,EAGzBoD,IACFjE,KAAKE,MAAMe,GAAKgD,EAChBjE,KAAKG,UAIT,GAAU,IAANoO,EAAS,CACX,IAAKtN,EAAIjB,KAAKG,OAAS,EAAGc,GAAK,EAAGA,IAChCjB,KAAKE,MAAMe,EAAIsN,GAAKvO,KAAKE,MAAMe,GAGjC,IAAKA,EAAI,EAAGA,EAAIsN,EAAGtN,IACjBjB,KAAKE,MAAMe,GAAK,EAGlBjB,KAAKG,QAAUoO,EAGjB,OAAOvO,KAAKmC,SAGdxC,EAAGF,UAAUuR,MAAQ,SAAgBH,GAGnC,OADA7R,EAAyB,IAAlBgB,KAAKC,UACLD,KAAK4Q,OAAOC,IAMrBlR,EAAGF,UAAU+F,OAAS,SAAiBqL,EAAMI,EAAMC,GAEjD,IAAIC,EADJnS,EAAuB,iBAAT6R,GAAqBA,GAAQ,GAGzCM,EADEF,GACGA,EAAQA,EAAO,IAAO,GAEvB,EAGN,IAAIpQ,EAAIgQ,EAAO,GACXtC,EAAIxN,KAAKC,KAAK6P,EAAOhQ,GAAK,GAAIb,KAAKG,QACnCiR,EAAO,SAAc,WAAcvQ,GAAMA,EACzCwQ,EAAcH,EAMlB,GAHAC,EAAIpQ,KAAKU,IAAI,EADb0P,GAAK5C,GAID8C,EAAa,CACf,IAAK,IAAIpQ,EAAI,EAAGA,EAAIsN,EAAGtN,IACrBoQ,EAAYnR,MAAMe,GAAKjB,KAAKE,MAAMe,GAEpCoQ,EAAYlR,OAASoO,EAGvB,GAAU,IAANA,QAEG,GAAIvO,KAAKG,OAASoO,EAEvB,IADAvO,KAAKG,QAAUoO,EACVtN,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAC3BjB,KAAKE,MAAMe,GAAKjB,KAAKE,MAAMe,EAAIsN,QAGjCvO,KAAKE,MAAM,GAAK,EAChBF,KAAKG,OAAS,EAGhB,IAAI8D,EAAQ,EACZ,IAAKhD,EAAIjB,KAAKG,OAAS,EAAGc,GAAK,IAAgB,IAAVgD,GAAehD,GAAKkQ,GAAIlQ,IAAK,CAChE,IAAI4B,EAAuB,EAAhB7C,KAAKE,MAAMe,GACtBjB,KAAKE,MAAMe,GAAMgD,GAAU,GAAKpD,EAAOgC,IAAShC,EAChDoD,EAAQpB,EAAOuO,EAajB,OATIC,GAAyB,IAAVpN,IACjBoN,EAAYnR,MAAMmR,EAAYlR,UAAY8D,GAGxB,IAAhBjE,KAAKG,SACPH,KAAKE,MAAM,GAAK,EAChBF,KAAKG,OAAS,GAGTH,KAAKmC,SAGdxC,EAAGF,UAAU6R,MAAQ,SAAgBT,EAAMI,EAAMC,GAG/C,OADAlS,EAAyB,IAAlBgB,KAAKC,UACLD,KAAKwF,OAAOqL,EAAMI,EAAMC,IAIjCvR,EAAGF,UAAU8R,KAAO,SAAeV,GACjC,OAAO7Q,KAAKmD,QAAQ6N,MAAMH,IAG5BlR,EAAGF,UAAU+R,MAAQ,SAAgBX,GACnC,OAAO7Q,KAAKmD,QAAQyN,OAAOC,IAI7BlR,EAAGF,UAAUgS,KAAO,SAAeZ,GACjC,OAAO7Q,KAAKmD,QAAQmO,MAAMT,IAG5BlR,EAAGF,UAAUiS,MAAQ,SAAgBb,GACnC,OAAO7Q,KAAKmD,QAAQqC,OAAOqL,IAI7BlR,EAAGF,UAAU6G,MAAQ,SAAgBoB,GACnC1I,EAAsB,iBAAR0I,GAAoBA,GAAO,GACzC,IAAI7G,EAAI6G,EAAM,GACV6G,GAAK7G,EAAM7G,GAAK,GAChByE,EAAI,GAAKzE,EAGb,QAAIb,KAAKG,QAAUoO,OAGXvO,KAAKE,MAAMqO,GAELjJ,IAIhB3F,EAAGF,UAAUkS,OAAS,SAAiBd,GACrC7R,EAAuB,iBAAT6R,GAAqBA,GAAQ,GAC3C,IAAIhQ,EAAIgQ,EAAO,GACXtC,GAAKsC,EAAOhQ,GAAK,GAIrB,GAFA7B,EAAyB,IAAlBgB,KAAKC,SAAgB,2CAExBD,KAAKG,QAAUoO,EACjB,OAAOvO,KAQT,GALU,IAANa,GACF0N,IAEFvO,KAAKG,OAASY,KAAKC,IAAIuN,EAAGvO,KAAKG,QAErB,IAANU,EAAS,CACX,IAAIuQ,EAAO,SAAc,WAAcvQ,GAAMA,EAC7Cb,KAAKE,MAAMF,KAAKG,OAAS,IAAMiR,EAGjC,OAAOpR,KAAKmC,SAIdxC,EAAGF,UAAUmS,MAAQ,SAAgBf,GACnC,OAAO7Q,KAAKmD,QAAQwO,OAAOd,IAI7BlR,EAAGF,UAAU2G,MAAQ,SAAgB9E,GAGnC,OAFAtC,EAAsB,iBAARsC,GACdtC,EAAOsC,EAAM,UACTA,EAAM,EAAUtB,KAAK6R,OAAOvQ,GAGV,IAAlBtB,KAAKC,SACa,IAAhBD,KAAKG,SAAiC,EAAhBH,KAAKE,MAAM,IAAUoB,GAC7CtB,KAAKE,MAAM,GAAKoB,GAAuB,EAAhBtB,KAAKE,MAAM,IAClCF,KAAKC,SAAW,EACTD,OAGTA,KAAKC,SAAW,EAChBD,KAAK6R,MAAMvQ,GACXtB,KAAKC,SAAW,EACTD,MAIFA,KAAK+C,OAAOzB,IAGrB3B,EAAGF,UAAUsD,OAAS,SAAiBzB,GACrCtB,KAAKE,MAAM,IAAMoB,EAGjB,IAAK,IAAIL,EAAI,EAAGA,EAAIjB,KAAKG,QAAUH,KAAKE,MAAMe,IAAM,SAAWA,IAC7DjB,KAAKE,MAAMe,IAAM,SACbA,IAAMjB,KAAKG,OAAS,EACtBH,KAAKE,MAAMe,EAAI,GAAK,EAEpBjB,KAAKE,MAAMe,EAAI,KAKnB,OAFAjB,KAAKG,OAASY,KAAKU,IAAIzB,KAAKG,OAAQc,EAAI,GAEjCjB,MAITL,EAAGF,UAAUoS,MAAQ,SAAgBvQ,GAGnC,GAFAtC,EAAsB,iBAARsC,GACdtC,EAAOsC,EAAM,UACTA,EAAM,EAAG,OAAOtB,KAAKoG,OAAO9E,GAEhC,GAAsB,IAAlBtB,KAAKC,SAIP,OAHAD,KAAKC,SAAW,EAChBD,KAAKoG,MAAM9E,GACXtB,KAAKC,SAAW,EACTD,KAKT,GAFAA,KAAKE,MAAM,IAAMoB,EAEG,IAAhBtB,KAAKG,QAAgBH,KAAKE,MAAM,GAAK,EACvCF,KAAKE,MAAM,IAAMF,KAAKE,MAAM,GAC5BF,KAAKC,SAAW,OAGhB,IAAK,IAAIgB,EAAI,EAAGA,EAAIjB,KAAKG,QAAUH,KAAKE,MAAMe,GAAK,EAAGA,IACpDjB,KAAKE,MAAMe,IAAM,SACjBjB,KAAKE,MAAMe,EAAI,IAAM,EAIzB,OAAOjB,KAAKmC,SAGdxC,EAAGF,UAAUqS,KAAO,SAAexQ,GACjC,OAAOtB,KAAKmD,QAAQiD,MAAM9E,IAG5B3B,EAAGF,UAAUsS,KAAO,SAAezQ,GACjC,OAAOtB,KAAKmD,QAAQ0O,MAAMvQ,IAG5B3B,EAAGF,UAAUuS,KAAO,WAGlB,OAFAhS,KAAKC,SAAW,EAETD,MAGTL,EAAGF,UAAUyG,IAAM,WACjB,OAAOlG,KAAKmD,QAAQ6O,QAGtBrS,EAAGF,UAAUwS,aAAe,SAAuB3Q,EAAKD,EAAK6Q,GAC3D,IACIjR,EAIAsB,EALAzB,EAAMQ,EAAInB,OAAS+R,EAGvBlS,KAAKoD,QAAQtC,GAGb,IAAImD,EAAQ,EACZ,IAAKhD,EAAI,EAAGA,EAAIK,EAAInB,OAAQc,IAAK,CAC/BsB,GAA6B,EAAxBvC,KAAKE,MAAMe,EAAIiR,IAAcjO,EAClC,IAAItC,GAAwB,EAAfL,EAAIpB,MAAMe,IAAUI,EAEjC4C,IADA1B,GAAa,SAARZ,IACS,KAAQA,EAAQ,SAAa,GAC3C3B,KAAKE,MAAMe,EAAIiR,GAAa,SAAJ3P,EAE1B,KAAOtB,EAAIjB,KAAKG,OAAS+R,EAAOjR,IAE9BgD,GADA1B,GAA6B,EAAxBvC,KAAKE,MAAMe,EAAIiR,IAAcjO,IACrB,GACbjE,KAAKE,MAAMe,EAAIiR,GAAa,SAAJ3P,EAG1B,GAAc,IAAV0B,EAAa,OAAOjE,KAAKmC,QAK7B,IAFAnD,GAAkB,IAAXiF,GACPA,EAAQ,EACHhD,EAAI,EAAGA,EAAIjB,KAAKG,OAAQc,IAE3BgD,GADA1B,IAAsB,EAAhBvC,KAAKE,MAAMe,IAAUgD,IACd,GACbjE,KAAKE,MAAMe,GAAS,SAAJsB,EAIlB,OAFAvC,KAAKC,SAAW,EAETD,KAAKmC,SAGdxC,EAAGF,UAAU0S,SAAW,SAAmB7Q,EAAK8Q,GAC9C,IAAIF,GAAQlS,KAAKG,OAASmB,EAAInB,QAE1B2D,EAAI9D,KAAKmD,QACTY,EAAIzC,EAGJ+Q,EAA8B,EAAxBtO,EAAE7D,MAAM6D,EAAE5D,OAAS,GAGf,KADd+R,EAAQ,GADMlS,KAAKyF,WAAW4M,MAG5BtO,EAAIA,EAAEyN,MAAMU,GACZpO,EAAE8M,OAAOsB,GACTG,EAA8B,EAAxBtO,EAAE7D,MAAM6D,EAAE5D,OAAS,IAI3B,IACImF,EADAiK,EAAIzL,EAAE3D,OAAS4D,EAAE5D,OAGrB,GAAa,QAATiS,EAAgB,EAClB9M,EAAI,IAAI3F,EAAG,OACTQ,OAASoP,EAAI,EACfjK,EAAEpF,MAAYqB,MAAM+D,EAAEnF,QACtB,IAAK,IAAIc,EAAI,EAAGA,EAAIqE,EAAEnF,OAAQc,IAC5BqE,EAAEpF,MAAMe,GAAK,EAIjB,IAAIqR,EAAOxO,EAAEX,QAAQ8O,aAAalO,EAAG,EAAGwL,GAClB,IAAlB+C,EAAKrS,WACP6D,EAAIwO,EACAhN,IACFA,EAAEpF,MAAMqP,GAAK,IAIjB,IAAK,IAAIjN,EAAIiN,EAAI,EAAGjN,GAAK,EAAGA,IAAK,CAC/B,IAAIiQ,EAAmC,UAAL,EAAxBzO,EAAE5D,MAAM6D,EAAE5D,OAASmC,KACE,EAA5BwB,EAAE5D,MAAM6D,EAAE5D,OAASmC,EAAI,IAO1B,IAHAiQ,EAAKxR,KAAKC,IAAKuR,EAAKF,EAAO,EAAG,UAE9BvO,EAAEmO,aAAalO,EAAGwO,EAAIjQ,GACA,IAAfwB,EAAE7D,UACPsS,IACAzO,EAAE7D,SAAW,EACb6D,EAAEmO,aAAalO,EAAG,EAAGzB,GAChBwB,EAAEW,WACLX,EAAE7D,UAAY,GAGdqF,IACFA,EAAEpF,MAAMoC,GAAKiQ,GAajB,OAVIjN,GACFA,EAAEnD,QAEJ2B,EAAE3B,QAGW,QAATiQ,GAA4B,IAAVF,GACpBpO,EAAE0B,OAAO0M,GAGJ,CACLM,IAAKlN,GAAK,KACV1C,IAAKkB,IAQTnE,EAAGF,UAAUgT,OAAS,SAAiBnR,EAAK8Q,EAAMM,GAGhD,OAFA1T,GAAQsC,EAAImD,UAERzE,KAAKyE,SACA,CACL+N,IAAK,IAAI7S,EAAG,GACZiD,IAAK,IAAIjD,EAAG,IAKM,IAAlBK,KAAKC,UAAmC,IAAjBqB,EAAIrB,UAC7BoF,EAAMrF,KAAK0G,MAAM+L,OAAOnR,EAAK8Q,GAEhB,QAATA,IACFI,EAAMnN,EAAImN,IAAI9L,OAGH,QAAT0L,IACFxP,EAAMyC,EAAIzC,IAAI8D,MACVgM,GAA6B,IAAjB9P,EAAI3C,UAClB2C,EAAIgF,KAAKtG,IAIN,CACLkR,IAAKA,EACL5P,IAAKA,IAIa,IAAlB5C,KAAKC,UAAmC,IAAjBqB,EAAIrB,UAC7BoF,EAAMrF,KAAKyS,OAAOnR,EAAIoF,MAAO0L,GAEhB,QAATA,IACFI,EAAMnN,EAAImN,IAAI9L,OAGT,CACL8L,IAAKA,EACL5P,IAAKyC,EAAIzC,MAI0B,IAAlC5C,KAAKC,SAAWqB,EAAIrB,WACvBoF,EAAMrF,KAAK0G,MAAM+L,OAAOnR,EAAIoF,MAAO0L,GAEtB,QAATA,IACFxP,EAAMyC,EAAIzC,IAAI8D,MACVgM,GAA6B,IAAjB9P,EAAI3C,UAClB2C,EAAIiF,KAAKvG,IAIN,CACLkR,IAAKnN,EAAImN,IACT5P,IAAKA,IAOLtB,EAAInB,OAASH,KAAKG,QAAUH,KAAK4B,IAAIN,GAAO,EACvC,CACLkR,IAAK,IAAI7S,EAAG,GACZiD,IAAK5C,MAKU,IAAfsB,EAAInB,OACO,QAATiS,EACK,CACLI,IAAKxS,KAAK2S,KAAKrR,EAAIpB,MAAM,IACzB0C,IAAK,MAII,QAATwP,EACK,CACLI,IAAK,KACL5P,IAAK,IAAIjD,EAAGK,KAAK0E,KAAKpD,EAAIpB,MAAM,MAI7B,CACLsS,IAAKxS,KAAK2S,KAAKrR,EAAIpB,MAAM,IACzB0C,IAAK,IAAIjD,EAAGK,KAAK0E,KAAKpD,EAAIpB,MAAM,MAI7BF,KAAKmS,SAAS7Q,EAAK8Q,GAlF1B,IAAII,EAAK5P,EAAKyC,GAsFhB1F,EAAGF,UAAU+S,IAAM,SAAclR,GAC/B,OAAOtB,KAAKyS,OAAOnR,EAAK,OAAO,GAAOkR,KAIxC7S,EAAGF,UAAUmD,IAAM,SAActB,GAC/B,OAAOtB,KAAKyS,OAAOnR,EAAK,OAAO,GAAOsB,KAGxCjD,EAAGF,UAAUmT,KAAO,SAAetR,GACjC,OAAOtB,KAAKyS,OAAOnR,EAAK,OAAO,GAAMsB,KAIvCjD,EAAGF,UAAUoT,SAAW,SAAmBvR,GACzC,IAAIwR,EAAK9S,KAAKyS,OAAOnR,GAGrB,GAAIwR,EAAGlQ,IAAI6B,SAAU,OAAOqO,EAAGN,IAE/B,IAAI5P,EAA0B,IAApBkQ,EAAGN,IAAIvS,SAAiB6S,EAAGlQ,IAAIiF,KAAKvG,GAAOwR,EAAGlQ,IAEpDmQ,EAAOzR,EAAIoQ,MAAM,GACjBsB,EAAK1R,EAAIiE,MAAM,GACf3D,EAAMgB,EAAIhB,IAAImR,GAGlB,OAAInR,EAAM,GAAY,IAAPoR,GAAoB,IAARpR,EAAkBkR,EAAGN,IAGrB,IAApBM,EAAGN,IAAIvS,SAAiB6S,EAAGN,IAAIX,MAAM,GAAKiB,EAAGN,IAAIpM,MAAM,IAGhEzG,EAAGF,UAAUiF,KAAO,SAAepD,GACjCtC,EAAOsC,GAAO,UAId,IAHA,IAAIuN,GAAK,GAAK,IAAMvN,EAEhB2R,EAAM,EACDhS,EAAIjB,KAAKG,OAAS,EAAGc,GAAK,EAAGA,IACpCgS,GAAOpE,EAAIoE,GAAuB,EAAhBjT,KAAKE,MAAMe,KAAWK,EAG1C,OAAO2R,GAITtT,EAAGF,UAAUkF,MAAQ,SAAgBrD,GACnCtC,EAAOsC,GAAO,UAGd,IADA,IAAI2C,EAAQ,EACHhD,EAAIjB,KAAKG,OAAS,EAAGc,GAAK,EAAGA,IAAK,CACzC,IAAIsB,GAAqB,EAAhBvC,KAAKE,MAAMe,IAAkB,SAARgD,EAC9BjE,KAAKE,MAAMe,GAAMsB,EAAIjB,EAAO,EAC5B2C,EAAQ1B,EAAIjB,EAGd,OAAOtB,KAAKmC,SAGdxC,EAAGF,UAAUkT,KAAO,SAAerR,GACjC,OAAOtB,KAAKmD,QAAQwB,MAAMrD,IAG5B3B,EAAGF,UAAUyT,KAAO,SAAerE,GACjC7P,EAAsB,IAAf6P,EAAE5O,UACTjB,GAAQ6P,EAAEpK,UAEV,IAAI6I,EAAItN,KACJuN,EAAIsB,EAAE1L,QAGRmK,EADiB,IAAfA,EAAErN,SACAqN,EAAEsF,KAAK/D,GAEPvB,EAAEnK,QAaR,IATA,IAAIgQ,EAAI,IAAIxT,EAAG,GACXyT,EAAI,IAAIzT,EAAG,GAGX0T,EAAI,IAAI1T,EAAG,GACX2T,EAAI,IAAI3T,EAAG,GAEX4T,EAAI,EAEDjG,EAAEkG,UAAYjG,EAAEiG,UACrBlG,EAAE9H,OAAO,GACT+H,EAAE/H,OAAO,KACP+N,EAMJ,IAHA,IAAIE,EAAKlG,EAAEpK,QACPuQ,EAAKpG,EAAEnK,SAEHmK,EAAE7I,UAAU,CAClB,IAAK,IAAIxD,EAAI,EAAG0S,EAAK,EAAyB,IAArBrG,EAAEpN,MAAM,GAAKyT,IAAa1S,EAAI,KAAMA,EAAG0S,IAAO,GACvE,GAAI1S,EAAI,EAEN,IADAqM,EAAE9H,OAAOvE,GACFA,KAAM,IACPkS,EAAES,SAAWR,EAAEQ,WACjBT,EAAEvL,KAAK6L,GACPL,EAAEvL,KAAK6L,IAGTP,EAAE3N,OAAO,GACT4N,EAAE5N,OAAO,GAIb,IAAK,IAAIlD,EAAI,EAAGuR,EAAK,EAAyB,IAArBtG,EAAErN,MAAM,GAAK2T,IAAavR,EAAI,KAAMA,EAAGuR,IAAO,GACvE,GAAIvR,EAAI,EAEN,IADAiL,EAAE/H,OAAOlD,GACFA,KAAM,IACP+Q,EAAEO,SAAWN,EAAEM,WACjBP,EAAEzL,KAAK6L,GACPH,EAAEzL,KAAK6L,IAGTL,EAAE7N,OAAO,GACT8N,EAAE9N,OAAO,GAIT8H,EAAE1L,IAAI2L,IAAM,GACdD,EAAEzF,KAAK0F,GACP4F,EAAEtL,KAAKwL,GACPD,EAAEvL,KAAKyL,KAEP/F,EAAE1F,KAAKyF,GACP+F,EAAExL,KAAKsL,GACPG,EAAEzL,KAAKuL,IAIX,MAAO,CACLtP,EAAGuP,EACHtP,EAAGuP,EACHQ,IAAKvG,EAAEqD,OAAO2C,KAOlB5T,EAAGF,UAAUsU,OAAS,SAAiBlF,GACrC7P,EAAsB,IAAf6P,EAAE5O,UACTjB,GAAQ6P,EAAEpK,UAEV,IAAIX,EAAI9D,KACJ+D,EAAI8K,EAAE1L,QAGRW,EADiB,IAAfA,EAAE7D,SACA6D,EAAE8O,KAAK/D,GAEP/K,EAAEX,QAQR,IALA,IAuCIkC,EAvCA2O,EAAK,IAAIrU,EAAG,GACZsU,EAAK,IAAItU,EAAG,GAEZuU,EAAQnQ,EAAEZ,QAEPW,EAAEqQ,KAAK,GAAK,GAAKpQ,EAAEoQ,KAAK,GAAK,GAAG,CACrC,IAAK,IAAIlT,EAAI,EAAG0S,EAAK,EAAyB,IAArB7P,EAAE5D,MAAM,GAAKyT,IAAa1S,EAAI,KAAMA,EAAG0S,IAAO,GACvE,GAAI1S,EAAI,EAEN,IADA6C,EAAE0B,OAAOvE,GACFA,KAAM,GACP+S,EAAGJ,SACLI,EAAGpM,KAAKsM,GAGVF,EAAGxO,OAAO,GAId,IAAK,IAAIlD,EAAI,EAAGuR,EAAK,EAAyB,IAArB9P,EAAE7D,MAAM,GAAK2T,IAAavR,EAAI,KAAMA,EAAGuR,IAAO,GACvE,GAAIvR,EAAI,EAEN,IADAyB,EAAEyB,OAAOlD,GACFA,KAAM,GACP2R,EAAGL,SACLK,EAAGrM,KAAKsM,GAGVD,EAAGzO,OAAO,GAIV1B,EAAElC,IAAImC,IAAM,GACdD,EAAE+D,KAAK9D,GACPiQ,EAAGnM,KAAKoM,KAERlQ,EAAE8D,KAAK/D,GACPmQ,EAAGpM,KAAKmM,IAeZ,OATE3O,EADgB,IAAdvB,EAAEqQ,KAAK,GACHH,EAEAC,GAGAE,KAAK,GAAK,GAChB9O,EAAIuC,KAAKiH,GAGJxJ,GAGT1F,EAAGF,UAAUqU,IAAM,SAAcxS,GAC/B,GAAItB,KAAKyE,SAAU,OAAOnD,EAAI4E,MAC9B,GAAI5E,EAAImD,SAAU,OAAOzE,KAAKkG,MAE9B,IAAIpC,EAAI9D,KAAKmD,QACTY,EAAIzC,EAAI6B,QACZW,EAAE7D,SAAW,EACb8D,EAAE9D,SAAW,EAGb,IAAK,IAAIiS,EAAQ,EAAGpO,EAAE0P,UAAYzP,EAAEyP,SAAUtB,IAC5CpO,EAAE0B,OAAO,GACTzB,EAAEyB,OAAO,GAGX,OAAG,CACD,KAAO1B,EAAE0P,UACP1P,EAAE0B,OAAO,GAEX,KAAOzB,EAAEyP,UACPzP,EAAEyB,OAAO,GAGX,IAAI3E,EAAIiD,EAAElC,IAAImC,GACd,GAAIlD,EAAI,EAAG,CAET,IAAI8E,EAAI7B,EACRA,EAAIC,EACJA,EAAI4B,OACC,GAAU,IAAN9E,GAAyB,IAAdkD,EAAEoQ,KAAK,GAC3B,MAGFrQ,EAAE+D,KAAK9D,GAGT,OAAOA,EAAE6M,OAAOsB,IAIlBvS,EAAGF,UAAU2U,KAAO,SAAe9S,GACjC,OAAOtB,KAAKkT,KAAK5R,GAAKwC,EAAE8O,KAAKtR,IAG/B3B,EAAGF,UAAU+T,OAAS,WACpB,OAA+B,IAAP,EAAhBxT,KAAKE,MAAM,KAGrBP,EAAGF,UAAUmU,MAAQ,WACnB,OAA+B,IAAP,EAAhB5T,KAAKE,MAAM,KAIrBP,EAAGF,UAAU8F,MAAQ,SAAgBjE,GACnC,OAAOtB,KAAKE,MAAM,GAAKoB,GAIzB3B,EAAGF,UAAU4U,MAAQ,SAAgB3M,GACnC1I,EAAsB,iBAAR0I,GACd,IAAI7G,EAAI6G,EAAM,GACV6G,GAAK7G,EAAM7G,GAAK,GAChByE,EAAI,GAAKzE,EAGb,GAAIb,KAAKG,QAAUoO,EAGjB,OAFAvO,KAAKoD,QAAQmL,EAAI,GACjBvO,KAAKE,MAAMqO,IAAMjJ,EACVtF,KAKT,IADA,IAAIiE,EAAQqB,EACHrE,EAAIsN,EAAa,IAAVtK,GAAehD,EAAIjB,KAAKG,OAAQc,IAAK,CACnD,IAAIsB,EAAoB,EAAhBvC,KAAKE,MAAMe,GAEnBgD,GADA1B,GAAK0B,KACS,GACd1B,GAAK,SACLvC,KAAKE,MAAMe,GAAKsB,EAMlB,OAJc,IAAV0B,IACFjE,KAAKE,MAAMe,GAAKgD,EAChBjE,KAAKG,UAEAH,MAGTL,EAAGF,UAAUgF,OAAS,WACpB,OAAuB,IAAhBzE,KAAKG,QAAkC,IAAlBH,KAAKE,MAAM,IAGzCP,EAAGF,UAAU0U,KAAO,SAAe7S,GACjC,IAOI+D,EAPApF,EAAWqB,EAAM,EAErB,GAAsB,IAAlBtB,KAAKC,WAAmBA,EAAU,OAAQ,EAC9C,GAAsB,IAAlBD,KAAKC,UAAkBA,EAAU,OAAO,EAK5C,GAHAD,KAAKmC,QAGDnC,KAAKG,OAAS,EAChBkF,EAAM,MACD,CACDpF,IACFqB,GAAOA,GAGTtC,EAAOsC,GAAO,SAAW,qBAEzB,IAAIiB,EAAoB,EAAhBvC,KAAKE,MAAM,GACnBmF,EAAM9C,IAAMjB,EAAM,EAAIiB,EAAIjB,GAAO,EAAI,EAEvC,OAAsB,IAAlBtB,KAAKC,SAA8B,GAANoF,EAC1BA,GAOT1F,EAAGF,UAAUmC,IAAM,SAAcN,GAC/B,GAAsB,IAAlBtB,KAAKC,UAAmC,IAAjBqB,EAAIrB,SAAgB,OAAQ,EACvD,GAAsB,IAAlBD,KAAKC,UAAmC,IAAjBqB,EAAIrB,SAAgB,OAAO,EAEtD,IAAIoF,EAAMrF,KAAKsU,KAAKhT,GACpB,OAAsB,IAAlBtB,KAAKC,SAA8B,GAANoF,EAC1BA,GAIT1F,EAAGF,UAAU6U,KAAO,SAAehT,GAEjC,GAAItB,KAAKG,OAASmB,EAAInB,OAAQ,OAAO,EACrC,GAAIH,KAAKG,OAASmB,EAAInB,OAAQ,OAAQ,EAGtC,IADA,IAAIkF,EAAM,EACDpE,EAAIjB,KAAKG,OAAS,EAAGc,GAAK,EAAGA,IAAK,CACzC,IAAI6C,EAAoB,EAAhB9D,KAAKE,MAAMe,GACf8C,EAAmB,EAAfzC,EAAIpB,MAAMe,GAElB,GAAI6C,IAAMC,EAAV,CACID,EAAIC,EACNsB,GAAO,EACEvB,EAAIC,IACbsB,EAAM,GAER,OAEF,OAAOA,GAGT1F,EAAGF,UAAU8U,IAAM,SAAcjT,GAC/B,OAA0B,IAAnBtB,KAAKmU,KAAK7S,IAGnB3B,EAAGF,UAAU+U,GAAK,SAAalT,GAC7B,OAAyB,IAAlBtB,KAAK4B,IAAIN,IAGlB3B,EAAGF,UAAUgV,KAAO,SAAenT,GACjC,OAAOtB,KAAKmU,KAAK7S,IAAQ,GAG3B3B,EAAGF,UAAUiV,IAAM,SAAcpT,GAC/B,OAAOtB,KAAK4B,IAAIN,IAAQ,GAG1B3B,EAAGF,UAAUkV,IAAM,SAAcrT,GAC/B,OAA2B,IAApBtB,KAAKmU,KAAK7S,IAGnB3B,EAAGF,UAAUmV,GAAK,SAAatT,GAC7B,OAA0B,IAAnBtB,KAAK4B,IAAIN,IAGlB3B,EAAGF,UAAUoV,KAAO,SAAevT,GACjC,OAAOtB,KAAKmU,KAAK7S,IAAQ,GAG3B3B,EAAGF,UAAUqV,IAAM,SAAcxT,GAC/B,OAAOtB,KAAK4B,IAAIN,IAAQ,GAG1B3B,EAAGF,UAAUsV,IAAM,SAAczT,GAC/B,OAA0B,IAAnBtB,KAAKmU,KAAK7S,IAGnB3B,EAAGF,UAAUuV,GAAK,SAAa1T,GAC7B,OAAyB,IAAlBtB,KAAK4B,IAAIN,IAOlB3B,EAAGS,IAAM,SAAckB,GACrB,OAAO,IAAI2T,EAAI3T,IAGjB3B,EAAGF,UAAUyV,MAAQ,SAAgBC,GAGnC,OAFAnW,GAAQgB,KAAKI,IAAK,yCAClBpB,EAAyB,IAAlBgB,KAAKC,SAAgB,iCACrBkV,EAAIC,UAAUpV,MAAMqV,UAAUF,IAGvCxV,EAAGF,UAAU6V,QAAU,WAErB,OADAtW,EAAOgB,KAAKI,IAAK,wDACVJ,KAAKI,IAAImV,YAAYvV,OAG9BL,EAAGF,UAAU4V,UAAY,SAAoBF,GAE3C,OADAnV,KAAKI,IAAM+U,EACJnV,MAGTL,EAAGF,UAAU+V,SAAW,SAAmBL,GAEzC,OADAnW,GAAQgB,KAAKI,IAAK,yCACXJ,KAAKqV,UAAUF,IAGxBxV,EAAGF,UAAUgW,OAAS,SAAiBnU,GAErC,OADAtC,EAAOgB,KAAKI,IAAK,sCACVJ,KAAKI,IAAI0H,IAAI9H,KAAMsB,IAG5B3B,EAAGF,UAAUiW,QAAU,SAAkBpU,GAEvC,OADAtC,EAAOgB,KAAKI,IAAK,uCACVJ,KAAKI,IAAIwH,KAAK5H,KAAMsB,IAG7B3B,EAAGF,UAAUkW,OAAS,SAAiBrU,GAErC,OADAtC,EAAOgB,KAAKI,IAAK,sCACVJ,KAAKI,IAAI2H,IAAI/H,KAAMsB,IAG5B3B,EAAGF,UAAUmW,QAAU,SAAkBtU,GAEvC,OADAtC,EAAOgB,KAAKI,IAAK,uCACVJ,KAAKI,IAAIyH,KAAK7H,KAAMsB,IAG7B3B,EAAGF,UAAUoW,OAAS,SAAiBvU,GAErC,OADAtC,EAAOgB,KAAKI,IAAK,sCACVJ,KAAKI,IAAI0V,IAAI9V,KAAMsB,IAG5B3B,EAAGF,UAAUsW,OAAS,SAAiBzU,GAGrC,OAFAtC,EAAOgB,KAAKI,IAAK,sCACjBJ,KAAKI,IAAI4V,SAAShW,KAAMsB,GACjBtB,KAAKI,IAAIiB,IAAIrB,KAAMsB,IAG5B3B,EAAGF,UAAUwW,QAAU,SAAkB3U,GAGvC,OAFAtC,EAAOgB,KAAKI,IAAK,sCACjBJ,KAAKI,IAAI4V,SAAShW,KAAMsB,GACjBtB,KAAKI,IAAI4L,KAAKhM,KAAMsB,IAG7B3B,EAAGF,UAAUyW,OAAS,WAGpB,OAFAlX,EAAOgB,KAAKI,IAAK,sCACjBJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAIqQ,IAAIzQ,OAGtBL,EAAGF,UAAU2W,QAAU,WAGrB,OAFApX,EAAOgB,KAAKI,IAAK,uCACjBJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAIsQ,KAAK1Q,OAIvBL,EAAGF,UAAU4W,QAAU,WAGrB,OAFArX,EAAOgB,KAAKI,IAAK,uCACjBJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAIkW,KAAKtW,OAGvBL,EAAGF,UAAU8W,QAAU,WAGrB,OAFAvX,EAAOgB,KAAKI,IAAK,uCACjBJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAIgU,KAAKpU,OAIvBL,EAAGF,UAAU+W,OAAS,WAGpB,OAFAxX,EAAOgB,KAAKI,IAAK,sCACjBJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAIsG,IAAI1G,OAGtBL,EAAGF,UAAUgX,OAAS,SAAiBnV,GAGrC,OAFAtC,EAAOgB,KAAKI,MAAQkB,EAAIlB,IAAK,qBAC7BJ,KAAKI,IAAI+V,SAASnW,MACXA,KAAKI,IAAI4C,IAAIhD,KAAMsB,IAI5B,IAAIoV,EAAS,CACXC,KAAM,KACNC,KAAM,KACNC,KAAM,KACNC,OAAQ,MAIV,SAASC,EAAQC,EAAMnI,GAErB7O,KAAKgX,KAAOA,EACZhX,KAAK6O,EAAI,IAAIlP,EAAGkP,EAAG,IACnB7O,KAAKsP,EAAItP,KAAK6O,EAAEhJ,YAChB7F,KAAKkE,EAAI,IAAIvE,EAAG,GAAGiR,OAAO5Q,KAAKsP,GAAGzH,KAAK7H,KAAK6O,GAE5C7O,KAAKiX,IAAMjX,KAAKkX,OA2ClB,SAASC,IACPJ,EAAOK,KACLpX,KACA,OACA,2EA+DJ,SAASqX,IACPN,EAAOK,KACLpX,KACA,OACA,kEAIJ,SAASsX,IACPP,EAAOK,KACLpX,KACA,OACA,yDAIJ,SAASuX,IAEPR,EAAOK,KACLpX,KACA,QACA,uEA8CJ,SAASiV,EAAK1F,GACZ,GAAiB,iBAANA,EAAgB,CACzB,IAAIiI,EAAQ7X,EAAG8X,OAAOlI,GACtBvP,KAAKuP,EAAIiI,EAAM3I,EACf7O,KAAKwX,MAAQA,OAEbxY,EAAOuQ,EAAEgF,IAAI,GAAI,kCACjBvU,KAAKuP,EAAIA,EACTvP,KAAKwX,MAAQ,KAkOjB,SAASE,EAAMnI,GACb0F,EAAImC,KAAKpX,KAAMuP,GAEfvP,KAAKkS,MAAQlS,KAAKuP,EAAE1J,YAChB7F,KAAKkS,MAAQ,IAAO,IACtBlS,KAAKkS,OAAS,GAAMlS,KAAKkS,MAAQ,IAGnClS,KAAKa,EAAI,IAAIlB,EAAG,GAAGiR,OAAO5Q,KAAKkS,OAC/BlS,KAAKgT,GAAKhT,KAAK2X,KAAK3X,KAAKa,EAAE4P,OAC3BzQ,KAAK4X,KAAO5X,KAAKa,EAAEkT,OAAO/T,KAAKuP,GAE/BvP,KAAK6X,KAAO7X,KAAK4X,KAAKvW,IAAIrB,KAAKa,GAAGgR,MAAM,GAAGW,IAAIxS,KAAKuP,GACpDvP,KAAK6X,KAAO7X,KAAK6X,KAAKjF,KAAK5S,KAAKa,GAChCb,KAAK6X,KAAO7X,KAAKa,EAAEkH,IAAI/H,KAAK6X,MAta9Bd,EAAOtX,UAAUyX,KAAO,WACtB,IAAID,EAAM,IAAItX,EAAG,MAEjB,OADAsX,EAAI/W,MAAYqB,MAAMR,KAAKsB,KAAKrC,KAAKsP,EAAI,KAClC2H,GAGTF,EAAOtX,UAAUqY,QAAU,SAAkBxW,GAG3C,IACIyW,EADAlX,EAAIS,EAGR,GACEtB,KAAKgY,MAAMnX,EAAGb,KAAKiX,KAGnBc,GADAlX,GADAA,EAAIb,KAAKiY,MAAMpX,IACT+G,KAAK5H,KAAKiX,MACPpR,kBACFkS,EAAO/X,KAAKsP,GAErB,IAAI1N,EAAMmW,EAAO/X,KAAKsP,GAAK,EAAIzO,EAAEyT,KAAKtU,KAAK6O,GAU3C,OATY,IAARjN,GACFf,EAAEX,MAAM,GAAK,EACbW,EAAEV,OAAS,GACFyB,EAAM,EACff,EAAEgH,KAAK7H,KAAK6O,GAEZhO,EAAEsB,QAGGtB,GAGTkW,EAAOtX,UAAUuY,MAAQ,SAAgBE,EAAOrU,GAC9CqU,EAAM1S,OAAOxF,KAAKsP,EAAG,EAAGzL,IAG1BkT,EAAOtX,UAAUwY,MAAQ,SAAgB3W,GACvC,OAAOA,EAAI0K,KAAKhM,KAAKkE,IASvB9E,EAAS+X,EAAMJ,GAEfI,EAAK1X,UAAUuY,MAAQ,SAAgBE,EAAOC,GAK5C,IAHA,IAAI/G,EAAO,QAEPgH,EAASrX,KAAKC,IAAIkX,EAAM/X,OAAQ,GAC3Bc,EAAI,EAAGA,EAAImX,EAAQnX,IAC1BkX,EAAOjY,MAAMe,GAAKiX,EAAMhY,MAAMe,GAIhC,GAFAkX,EAAOhY,OAASiY,EAEZF,EAAM/X,QAAU,EAGlB,OAFA+X,EAAMhY,MAAM,GAAK,OACjBgY,EAAM/X,OAAS,GAKjB,IAAIkY,EAAOH,EAAMhY,MAAM,GAGvB,IAFAiY,EAAOjY,MAAMiY,EAAOhY,UAAYkY,EAAOjH,EAElCnQ,EAAI,GAAIA,EAAIiX,EAAM/X,OAAQc,IAAK,CAClC,IAAIqX,EAAwB,EAAjBJ,EAAMhY,MAAMe,GACvBiX,EAAMhY,MAAMe,EAAI,KAAQqX,EAAOlH,IAAS,EAAMiH,IAAS,GACvDA,EAAOC,EAETD,KAAU,GACVH,EAAMhY,MAAMe,EAAI,IAAMoX,EACT,IAATA,GAAcH,EAAM/X,OAAS,GAC/B+X,EAAM/X,QAAU,GAEhB+X,EAAM/X,QAAU,GAIpBgX,EAAK1X,UAAUwY,MAAQ,SAAgB3W,GAErCA,EAAIpB,MAAMoB,EAAInB,QAAU,EACxBmB,EAAIpB,MAAMoB,EAAInB,OAAS,GAAK,EAC5BmB,EAAInB,QAAU,EAId,IADA,IAAI6D,EAAK,EACA/C,EAAI,EAAGA,EAAIK,EAAInB,OAAQc,IAAK,CACnC,IAAIsB,EAAmB,EAAfjB,EAAIpB,MAAMe,GAClB+C,GAAU,IAAJzB,EACNjB,EAAIpB,MAAMe,GAAU,SAAL+C,EACfA,EAAS,GAAJzB,GAAayB,EAAK,SAAa,GAUtC,OANkC,IAA9B1C,EAAIpB,MAAMoB,EAAInB,OAAS,KACzBmB,EAAInB,SAC8B,IAA9BmB,EAAIpB,MAAMoB,EAAInB,OAAS,IACzBmB,EAAInB,UAGDmB,GASTlC,EAASiY,EAAMN,GAQf3X,EAASkY,EAAMP,GASf3X,EAASmY,EAAQR,GAEjBQ,EAAO9X,UAAUwY,MAAQ,SAAgB3W,GAGvC,IADA,IAAI2C,EAAQ,EACHhD,EAAI,EAAGA,EAAIK,EAAInB,OAAQc,IAAK,CACnC,IAAI6E,EAA0B,IAAL,EAAfxE,EAAIpB,MAAMe,IAAiBgD,EACjCD,EAAU,SAAL8B,EACTA,KAAQ,GAERxE,EAAIpB,MAAMe,GAAK+C,EACfC,EAAQ6B,EAKV,OAHc,IAAV7B,IACF3C,EAAIpB,MAAMoB,EAAInB,UAAY8D,GAErB3C,GAIT3B,EAAG8X,OAAS,SAAgBT,GAE1B,GAAIN,EAAOM,GAAO,OAAON,EAAOM,GAEhC,IAAIQ,EACJ,GAAa,SAATR,EACFQ,EAAQ,IAAIL,OACP,GAAa,SAATH,EACTQ,EAAQ,IAAIH,OACP,GAAa,SAATL,EACTQ,EAAQ,IAAIF,MACP,IAAa,WAATN,EAGT,MAAU7X,MAAM,iBAAmB6X,GAFnCQ,EAAQ,IAAID,EAMd,OAFAb,EAAOM,GAAQQ,EAERA,GAkBTvC,EAAIxV,UAAU0W,SAAW,SAAmBrS,GAC1C9E,EAAsB,IAAf8E,EAAE7D,SAAgB,iCACzBjB,EAAO8E,EAAE1D,IAAK,oCAGhB6U,EAAIxV,UAAUuW,SAAW,SAAmBlS,EAAGC,GAC7C/E,EAAqC,IAA7B8E,EAAE7D,SAAW8D,EAAE9D,UAAiB,iCACxCjB,EAAO8E,EAAE1D,KAAO0D,EAAE1D,MAAQ2D,EAAE3D,IAC1B,oCAGJ6U,EAAIxV,UAAUkY,KAAO,SAAe7T,GAClC,OAAI9D,KAAKwX,MAAcxX,KAAKwX,MAAMM,QAAQhU,GAAGuR,UAAUrV,MAChD8D,EAAE8O,KAAK5S,KAAKuP,GAAG8F,UAAUrV,OAGlCiV,EAAIxV,UAAUiH,IAAM,SAAc5C,GAChC,OAAIA,EAAEW,SACGX,EAAEX,QAGJnD,KAAKuP,EAAExH,IAAIjE,GAAGuR,UAAUrV,OAGjCiV,EAAIxV,UAAUqI,IAAM,SAAchE,EAAGC,GACnC/D,KAAKgW,SAASlS,EAAGC,GAEjB,IAAIsB,EAAMvB,EAAEgE,IAAI/D,GAIhB,OAHIsB,EAAIzD,IAAI5B,KAAKuP,IAAM,GACrBlK,EAAIwC,KAAK7H,KAAKuP,GAETlK,EAAIgQ,UAAUrV,OAGvBiV,EAAIxV,UAAUmI,KAAO,SAAe9D,EAAGC,GACrC/D,KAAKgW,SAASlS,EAAGC,GAEjB,IAAIsB,EAAMvB,EAAE8D,KAAK7D,GAIjB,OAHIsB,EAAIzD,IAAI5B,KAAKuP,IAAM,GACrBlK,EAAIwC,KAAK7H,KAAKuP,GAETlK,GAGT4P,EAAIxV,UAAUsI,IAAM,SAAcjE,EAAGC,GACnC/D,KAAKgW,SAASlS,EAAGC,GAEjB,IAAIsB,EAAMvB,EAAEiE,IAAIhE,GAIhB,OAHIsB,EAAI8O,KAAK,GAAK,GAChB9O,EAAIuC,KAAK5H,KAAKuP,GAETlK,EAAIgQ,UAAUrV,OAGvBiV,EAAIxV,UAAUoI,KAAO,SAAe/D,EAAGC,GACrC/D,KAAKgW,SAASlS,EAAGC,GAEjB,IAAIsB,EAAMvB,EAAE+D,KAAK9D,GAIjB,OAHIsB,EAAI8O,KAAK,GAAK,GAChB9O,EAAIuC,KAAK5H,KAAKuP,GAETlK,GAGT4P,EAAIxV,UAAUqW,IAAM,SAAchS,EAAGxC,GAEnC,OADAtB,KAAKmW,SAASrS,GACP9D,KAAK2X,KAAK7T,EAAE0N,MAAMlQ,KAG3B2T,EAAIxV,UAAUuM,KAAO,SAAelI,EAAGC,GAErC,OADA/D,KAAKgW,SAASlS,EAAGC,GACV/D,KAAK2X,KAAK7T,EAAEkI,KAAKjI,KAG1BkR,EAAIxV,UAAU4B,IAAM,SAAcyC,EAAGC,GAEnC,OADA/D,KAAKgW,SAASlS,EAAGC,GACV/D,KAAK2X,KAAK7T,EAAEzC,IAAI0C,KAGzBkR,EAAIxV,UAAUiR,KAAO,SAAe5M,GAClC,OAAO9D,KAAKgM,KAAKlI,EAAGA,EAAEX,UAGxB8R,EAAIxV,UAAUgR,IAAM,SAAc3M,GAChC,OAAO9D,KAAKqB,IAAIyC,EAAGA,IAGrBmR,EAAIxV,UAAU6W,KAAO,SAAexS,GAClC,GAAIA,EAAEW,SAAU,OAAOX,EAAEX,QAEzB,IAAIoV,EAAOvY,KAAKuP,EAAEhK,MAAM,GAIxB,GAHAvG,EAAOuZ,EAAO,GAAM,GAGP,IAATA,EAAY,CACd,IAAIvV,EAAMhD,KAAKuP,EAAEzH,IAAI,IAAInI,EAAG,IAAI6F,OAAO,GACvC,OAAOxF,KAAKgD,IAAIc,EAAGd,GAQrB,IAFA,IAAIsC,EAAItF,KAAKuP,EAAEwC,KAAK,GAChBxD,EAAI,GACAjJ,EAAEb,UAA2B,IAAfa,EAAEC,MAAM,IAC5BgJ,IACAjJ,EAAEE,OAAO,GAEXxG,GAAQsG,EAAEb,UAEV,IAAI+T,EAAM,IAAI7Y,EAAG,GAAGuV,MAAMlV,MACtByY,EAAOD,EAAIhC,SAIXkC,EAAO1Y,KAAKuP,EAAEwC,KAAK,GAAGvM,OAAO,GAC7BmT,EAAI3Y,KAAKuP,EAAE1J,YAGf,IAFA8S,EAAI,IAAIhZ,EAAG,EAAIgZ,EAAIA,GAAGzD,MAAMlV,MAEW,IAAhCA,KAAKgD,IAAI2V,EAAGD,GAAM9W,IAAI6W,IAC3BE,EAAEjD,QAAQ+C,GAOZ,IAJA,IAAIvX,EAAIlB,KAAKgD,IAAI2V,EAAGrT,GAChBzE,EAAIb,KAAKgD,IAAIc,EAAGwB,EAAEwM,KAAK,GAAGtM,OAAO,IACjCG,EAAI3F,KAAKgD,IAAIc,EAAGwB,GAChBiK,EAAIhB,EACc,IAAf5I,EAAE/D,IAAI4W,IAAY,CAEvB,IADA,IAAIvB,EAAMtR,EACD1E,EAAI,EAAoB,IAAjBgW,EAAIrV,IAAI4W,GAAYvX,IAClCgW,EAAMA,EAAIf,SAEZlX,EAAOiC,EAAIsO,GACX,IAAIxL,EAAI/D,KAAKgD,IAAI9B,EAAG,IAAIvB,EAAG,GAAGiR,OAAOrB,EAAItO,EAAI,IAE7CJ,EAAIA,EAAEkV,OAAOhS,GACb7C,EAAI6C,EAAEmS,SACNvQ,EAAIA,EAAEoQ,OAAO7U,GACbqO,EAAItO,EAGN,OAAOJ,GAGToU,EAAIxV,UAAU2U,KAAO,SAAetQ,GAClC,IAAI8U,EAAM9U,EAAEiQ,OAAO/T,KAAKuP,GACxB,OAAqB,IAAjBqJ,EAAI3Y,UACN2Y,EAAI3Y,SAAW,EACRD,KAAK2X,KAAKiB,GAAKpC,UAEfxW,KAAK2X,KAAKiB,IAIrB3D,EAAIxV,UAAUuD,IAAM,SAAcc,EAAGxC,GACnC,GAAIA,EAAImD,SAAU,OAAO,IAAI9E,EAAG,GAAGuV,MAAMlV,MACzC,GAAoB,IAAhBsB,EAAI6S,KAAK,GAAU,OAAOrQ,EAAEX,QAEhC,IACI0V,EAAUtX,MAAM,IACpBsX,EAAI,GAAK,IAAIlZ,EAAG,GAAGuV,MAAMlV,MACzB6Y,EAAI,GAAK/U,EACT,IAAK,IAAI7C,EAAI,EAAGA,EAAI4X,EAAI1Y,OAAQc,IAC9B4X,EAAI5X,GAAKjB,KAAKqB,IAAIwX,EAAI5X,EAAI,GAAI6C,GAGhC,IAAIuB,EAAMwT,EAAI,GACVC,EAAU,EACVC,EAAa,EACbpY,EAAQW,EAAIuE,YAAc,GAK9B,IAJc,IAAVlF,IACFA,EAAQ,IAGLM,EAAIK,EAAInB,OAAS,EAAGc,GAAK,EAAGA,IAAK,CAEpC,IADA,IAAI4B,EAAOvB,EAAIpB,MAAMe,GACZqB,EAAI3B,EAAQ,EAAG2B,GAAK,EAAGA,IAAK,CACnC,IAAIoF,EAAO7E,GAAQP,EAAK,EACpB+C,IAAQwT,EAAI,KACdxT,EAAMrF,KAAKyQ,IAAIpL,IAGL,IAARqC,GAAyB,IAAZoR,GAKjBA,IAAY,EACZA,GAAWpR,GA9BE,MA+BbqR,GACwC,IAAN9X,GAAiB,IAANqB,KAE7C+C,EAAMrF,KAAKqB,IAAIgE,EAAKwT,EAAIC,IACxBC,EAAa,EACbD,EAAU,IAXRC,EAAa,EAajBpY,EAAQ,GAGV,OAAO0E,GAGT4P,EAAIxV,UAAU2V,UAAY,SAAoB9T,GAC5C,IAAIT,EAAIS,EAAIsR,KAAK5S,KAAKuP,GAEtB,OAAO1O,IAAMS,EAAMT,EAAEsC,QAAUtC,GAGjCoU,EAAIxV,UAAU8V,YAAc,SAAsBjU,GAChD,IAAI+D,EAAM/D,EAAI6B,QAEd,OADAkC,EAAIjF,IAAM,KACHiF,GAOT1F,EAAGqZ,KAAO,SAAe1X,GACvB,OAAO,IAAIoW,EAAKpW,IAmBlBlC,EAASsY,EAAMzC,GAEfyC,EAAKjY,UAAU2V,UAAY,SAAoB9T,GAC7C,OAAOtB,KAAK2X,KAAKrW,EAAIkQ,MAAMxR,KAAKkS,SAGlCwF,EAAKjY,UAAU8V,YAAc,SAAsBjU,GACjD,IAAIT,EAAIb,KAAK2X,KAAKrW,EAAID,IAAIrB,KAAK4X,OAE/B,OADA/W,EAAET,IAAM,KACDS,GAGT6W,EAAKjY,UAAUuM,KAAO,SAAelI,EAAGC,GACtC,GAAID,EAAEW,UAAYV,EAAEU,SAGlB,OAFAX,EAAE5D,MAAM,GAAK,EACb4D,EAAE3D,OAAS,EACJ2D,EAGT,IAAI6B,EAAI7B,EAAEkI,KAAKjI,GACX7C,EAAIyE,EAAEiM,MAAM5R,KAAKkS,OAAO7Q,IAAIrB,KAAK6X,MAAMlG,OAAO3R,KAAKkS,OAAO7Q,IAAIrB,KAAKuP,GACnE0J,EAAItT,EAAEkC,KAAK3G,GAAGsE,OAAOxF,KAAKkS,OAC1B7M,EAAM4T,EAQV,OANIA,EAAErX,IAAI5B,KAAKuP,IAAM,EACnBlK,EAAM4T,EAAEpR,KAAK7H,KAAKuP,GACT0J,EAAE9E,KAAK,GAAK,IACrB9O,EAAM4T,EAAErR,KAAK5H,KAAKuP,IAGblK,EAAIgQ,UAAUrV,OAGvB0X,EAAKjY,UAAU4B,IAAM,SAAcyC,EAAGC,GACpC,GAAID,EAAEW,UAAYV,EAAEU,SAAU,OAAO,IAAI9E,EAAG,GAAG0V,UAAUrV,MAEzD,IAAI2F,EAAI7B,EAAEzC,IAAI0C,GACV7C,EAAIyE,EAAEiM,MAAM5R,KAAKkS,OAAO7Q,IAAIrB,KAAK6X,MAAMlG,OAAO3R,KAAKkS,OAAO7Q,IAAIrB,KAAKuP,GACnE0J,EAAItT,EAAEkC,KAAK3G,GAAGsE,OAAOxF,KAAKkS,OAC1B7M,EAAM4T,EAOV,OANIA,EAAErX,IAAI5B,KAAKuP,IAAM,EACnBlK,EAAM4T,EAAEpR,KAAK7H,KAAKuP,GACT0J,EAAE9E,KAAK,GAAK,IACrB9O,EAAM4T,EAAErR,KAAK5H,KAAKuP,IAGblK,EAAIgQ,UAAUrV,OAGvB0X,EAAKjY,UAAU2U,KAAO,SAAetQ,GAGnC,OADU9D,KAAK2X,KAAK7T,EAAEiQ,OAAO/T,KAAKuP,GAAGlO,IAAIrB,KAAKgT,KACnCqC,UAAUrV,MAExB,CAl2GD,CAk2GoClB,EAAQkB"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/bn.mjs b/app/node_modules/openpgp/dist/lightweight/bn.mjs deleted file mode 100644 index afb79f3db..000000000 --- a/app/node_modules/openpgp/dist/lightweight/bn.mjs +++ /dev/null @@ -1,3434 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -import { c as createCommonjsModule, a as commonjsGlobal } from './openpgp.mjs'; - -var bn = createCommonjsModule(function (module) { -(function (module, exports) { - - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); - } - - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - } - - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; - } - - this.negative = 0; - this.words = null; - this.length = 0; - - // Reduction context - this.red = null; - - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; - } - - this._init(number || 0, base || 10, endian || 'be'); - } - } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; - } - - BN.BN = BN; - BN.wordSize = 26; - - var Buffer; - try { - Buffer = void('buffer').Buffer; - } catch (e) { - } - - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; - - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; - - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); - } - - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } - - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - } - - if (base === 16) { - this._parseHex(number, start); - } else { - this._parseBase(number, base, start); - } - - if (number[0] === '-') { - this.negative = 1; - } - - this.strip(); - - if (endian !== 'le') return; - - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } - - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } - return this.strip(); - }; - - function parseHex (str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r <<= 4; - - // 'a' - 'f' - if (c >= 49 && c <= 54) { - r |= c - 49 + 0xa; - - // 'A' - 'F' - } else if (c >= 17 && c <= 22) { - r |= c - 17 + 0xa; - - // '0' - '9' - } else { - r |= c & 0xf; - } - } - return r; - } - - BN.prototype._parseHex = function _parseHex (number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (i = number.length - 6, j = 0; i >= start; i -= 6) { - w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - if (i + 6 !== start) { - w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - } - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; - - // '0' - '9' - } else { - r += c; - } - } - return r; - } - - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; - } - limbLen--; - limbPow = (limbPow / base) | 0; - - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; - - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); - - for (i = 0; i < mod; i++) { - pow *= base; - } - - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - }; - - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; - } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; - } - return this; - }; - - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; - } - return this._normSign(); - }; - - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; - } - return this; - }; - - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; - - /* - - var zeros = []; - var groupSizes = []; - var groupBases = []; - - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; - } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } - - */ - - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; - - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; - - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; - - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; - } - } - if (this.isZero()) { - out = '0' + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - assert(false, 'Base should be between 2 and 36'); - }; - - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; - - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; - - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; - - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; - - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[i] = b; - } - - for (; i < reqLength; i++) { - res[i] = 0; - } - } - - return res; - }; - - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; - } - if (t >= 0x8) { - r += 4; - t >>>= 4; - } - if (t >= 0x02) { - r += 2; - t >>>= 2; - } - return r + t; - }; - } - - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; - - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; - } - if ((t & 0x1) === 0) { - r++; - } - return r; - }; - - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; - - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; - } - - return w; - } - - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; - - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; - } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); - } - return this.clone(); - }; - - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); - } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; - - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; - } - - return this; - }; - - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; - } - - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; - } - - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; - - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; - } - - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; - - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; - - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; - - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; - } - - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; - } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); - } - - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); - } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - return this; - }; - - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; - } - - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; - - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } - - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = Math.max(this.length, i); - - if (a !== this) { - this.negative = 1; - } - - return this.strip(); - }; - - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; - - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; - } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; - } - - return out.strip(); - } - - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); - } - - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; - } - - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; - - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; - } - - return rb; - }; - - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; - } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; - - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; - - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; - - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; - } - } - } - } - }; - - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; - } - - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; - - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; - - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; - - t = iws[i]; - - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; - } - }; - - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; - - ws[i] = w & 0x3ffffff; - - if (w < 0x4000000) { - carry = 0; - } else { - carry = w / 0x4000000 | 0; - } - } - - return ws; - }; - - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; - } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; - } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; - } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; - } - - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; - - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; - - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; - - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; - - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); - - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; - } - - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; - - res = res.mul(q); - } - } - - return res; - }; - - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); - } - - if (carry) { - this.words[i] = carry; - this.length++; - } - } - - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } - - for (i = 0; i < s; i++) { - this.words[i] = 0; - } - - this.length += s; - } - - return this.strip(); - }; - - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; - - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; - } - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; - } - - if (s === 0) ; else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; - } - - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; - } - - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; - } - - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } - - return this.strip(); - }; - - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; - - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; - - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; - - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; - - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; - - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; - - // Check bit and return - var w = this.words[s]; - - return !!(w & q); - }; - - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - - assert(this.negative === 0, 'imaskn works only with positive numbers'); - - if (this.length <= s) { - return this; - } - - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); - - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } - - return this.strip(); - }; - - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; - - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } - - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; - } - - // Add without checks - return this._iaddn(num); - }; - - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; - - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } - } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); - - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; - } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } - } - - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; - - return this; - }; - - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; - - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; - - this._expand(len); - - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; - } - - if (carry === 0) return this.strip(); - - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; - } - this.negative = 1; - - return this.strip(); - }; - - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; - - var a = this.clone(); - var b = num; - - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; - } - - // Initialize quotient - var m = a.length - b.length; - var q; - - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; - } - } - - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; - } - } - - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); - - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); - - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } - } - if (q) { - q.words[j] = qj; - } - } - if (q) { - q.strip(); - } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); - } - - return { - div: q || null, - mod: a - }; - }; - - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); - - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; - } - - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } - - return { - div: div, - mod: mod - }; - } - - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - return { - div: div, - mod: res.mod - }; - } - - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } - - return { - div: res.div, - mod: mod - }; - } - - // Both numbers are positive at this point - - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } - - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; - } - - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; - } - - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; - } - - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; - - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); - - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; - - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; - - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; - - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; - } - - return acc; - }; - - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); - - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; - } - - return this.strip(); - }; - - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; - - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var x = this; - var y = p.clone(); - - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); - } - - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); - - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); - - var g = 0; - - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; - } - - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } - - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); - } - - C.iushrn(1); - D.iushrn(1); - } - } - - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } - } - - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; - - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var a = this; - var b = p.clone(); - - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); - } - - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } - - x1.iushrn(1); - } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); - } - - x2.iushrn(1); - } - } - - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); - } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; - } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); - } - - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } - - a.isub(b); - } while (true); - - return b.iushln(shift); - }; - - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; - - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; - - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; - - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; - - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; - } - - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; - - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; - - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; - - this.strip(); - - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } - - assert(num <= 0x3ffffff, 'Number is too big'); - - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; - } - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; - - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } - break; - } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; - - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; - - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; - - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; - - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; - - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; - - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; - - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; - - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; - - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; - - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; - return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; - - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; - - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; - - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; - - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; - - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; - - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; - - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; - - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; - - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; - - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; - - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; - - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); - }; - - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; - - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; - - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); - - this.tmp = this._tmp(); - } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); - } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; - - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } - } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); - } - inherits(P224, MPrime); - - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); - } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); - } - inherits(P25519, MPrime); - - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; - - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; - - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - - return prime; - }; - - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; - } - } - - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; - - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; - - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; - - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } - - return this.m.sub(a)._forceRed(this); - }; - - Red.prototype.add = function add (a, b) { - this._verify2(a, b); - - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); - - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; - - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); - - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; - - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; - - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; - - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); - - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); - - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } - - return r; - }; - - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; - - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); - - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } - - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } - - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } - - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } - - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; - - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } - - return res; - }; - - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); - - return r === num ? r.clone() : r; - }; - - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; - - // - // Montgomery method engine - // - - BN.mont = function mont (num) { - return new Mont(num); - }; - - function Mont (m) { - Red.call(this, m); - - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } - - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); - - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); - } - inherits(Mont, Red); - - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; - - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; - - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); - - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; -})(module, commonjsGlobal); -}); - -export default bn; -export { bn as __moduleExports }; diff --git a/app/node_modules/openpgp/dist/lightweight/elliptic.min.mjs b/app/node_modules/openpgp/dist/lightweight/elliptic.min.mjs deleted file mode 100644 index 3a3ae755c..000000000 --- a/app/node_modules/openpgp/dist/lightweight/elliptic.min.mjs +++ /dev/null @@ -1,3 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{c as e,m as f,i as d,u as t,b as a,d as c,_ as r,e as b,f as i,g as n,r as s}from"./openpgp.min.mjs";import o from"./bn.min.mjs";var h,u=e((function(e,f){var d=f;function t(e){return 1===e.length?"0"+e:e}function a(e){for(var f="",d=0;d>8,r=255&a;c?d.push(c,r):d.push(r)}return d},d.zero2=t,d.toHex=a,d.encode=function(e,f){return"hex"===f?a(e):e}})),p=e((function(e,d){var t=d;t.assert=f,t.toArray=u.toArray,t.zero2=u.zero2,t.toHex=u.toHex,t.encode=u.encode,t.getNAF=function(e,f){for(var d=[],t=1<=0;){var c;if(a.isOdd()){var r=a.andln(t-1);c=r>(t>>1)-1?(t>>1)-r:r,a.isubn(c)}else c=0;d.push(c);for(var b=0!==a.cmpn(0)&&0===a.andln(t-1)?f+1:1,i=1;i0||f.cmpn(-a)>0;){var c,r,b,i=e.andln(3)+t&3,n=f.andln(3)+a&3;if(3===i&&(i=-1),3===n&&(n=-1),0==(1&i))c=0;else c=3!==(b=e.andln(7)+t&7)&&5!==b||2!==n?i:-i;if(d[0].push(c),0==(1&n))r=0;else r=3!==(b=f.andln(7)+a&7)&&5!==b||2!==i?n:-n;d[1].push(r),2*t===c+1&&(t=1-t),2*a===r+1&&(a=1-a),e.iushrn(1),f.iushrn(1)}return d},t.cachedProperty=function(e,f,d){var t="_"+f;e.prototype[f]=function(){return void 0!==this[t]?this[t]:this[t]=d.call(this)}},t.parseBytes=function(e){return"string"==typeof e?t.toArray(e,"hex"):e},t.intFromLE=function(e){return new o(e,"hex","le")}})),l=function(e){return h||(h=new y(null)),h.generate(e)};function y(e){this.rand=e}var v=y;if(y.prototype.generate=function(e){return this._rand(e)},y.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var f=new Uint8Array(e),d=0;d0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}var I=w;function E(e,f){this.curve=e,this.type=f,this.precomputed=null}w.prototype.point=function(){throw Error("Not implemented")},w.prototype.validate=function(){throw Error("Not implemented")},w.prototype._fixedNafMul=function(e,f){S(e.precomputed);var d=e._getDoubles(),t=A(f,1),a=(1<=r;f--)b=(b<<1)+t[f];c.push(b)}for(var i=this.jpoint(null,null,null),n=this.jpoint(null,null,null),s=a;s>0;s--){for(r=0;r=0;b--){for(f=0;b>=0&&0===c[b];b--)f++;if(b>=0&&f++,r=r.dblp(f),b<0)break;var i=c[b];S(0!==i),r="affine"===e.type?i>0?r.mixedAdd(a[i-1>>1]):r.mixedAdd(a[-i-1>>1].neg()):i>0?r.add(a[i-1>>1]):r.add(a[-i-1>>1].neg())}return"affine"===e.type?r.toP():r},w.prototype._wnafMulAdd=function(e,f,d,t,a){for(var c=this._wnafT1,r=this._wnafT2,b=this._wnafT3,i=0,n=0;n=1;n-=2){var o=n-1,h=n;if(1===c[o]&&1===c[h]){var u=[f[o],null,null,f[h]];0===f[o].y.cmp(f[h].y)?(u[1]=f[o].add(f[h]),u[2]=f[o].toJ().mixedAdd(f[h].neg())):0===f[o].y.cmp(f[h].y.redNeg())?(u[1]=f[o].toJ().mixedAdd(f[h]),u[2]=f[o].add(f[h].neg())):(u[1]=f[o].toJ().mixedAdd(f[h]),u[2]=f[o].toJ().mixedAdd(f[h].neg()));var p=[-3,-1,-5,-7,0,7,5,1,3],l=g(d[o],d[h]);i=Math.max(l[0].length,i),b[o]=Array(i),b[h]=Array(i);for(var y=0;y=0;n--){for(var I=0;n>=0;){var E=!0;for(y=0;y=0&&I++,S=S.dblp(I),n<0)break;for(y=0;y0?x=r[y][M-1>>1]:M<0&&(x=r[y][-M-1>>1].neg()),S="affine"===x.type?S.mixedAdd(x):S.add(x))}}for(n=0;n=Math.ceil((e.bitLength()+1)/f.step)},E.prototype._getDoubles=function(e,f){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var d=[this],t=this,a=0;a=0&&(c=f,r=d),t.negative&&(t=t.neg(),a=a.neg()),c.negative&&(c=c.neg(),r=r.neg()),[{a:t,b:a},{a:c,b:r}]},M.prototype._endoSplit=function(e){var f=this.endo.basis,d=f[0],t=f[1],a=t.b.mul(e).divRound(this.n),c=d.b.neg().mul(e).divRound(this.n),r=a.mul(d.a),b=c.mul(t.a),i=a.mul(d.b),n=c.mul(t.b);return{k1:e.sub(r).sub(b),k2:i.add(n).neg()}},M.prototype.pointFromX=function(e,f){(e=new o(e,16)).red||(e=e.toRed(this.red));var d=e.redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),t=d.redSqrt();if(0!==t.redSqr().redSub(d).cmp(this.zero))throw Error("invalid point");var a=t.fromRed().isOdd();return(f&&!a||!f&&a)&&(t=t.redNeg()),this.point(e,t)},M.prototype.validate=function(e){if(e.inf)return!0;var f=e.x,d=e.y,t=this.a.redMul(f),a=f.redSqr().redMul(f).redIAdd(t).redIAdd(this.b);return 0===d.redSqr().redISub(a).cmpn(0)},M.prototype._endoWnafMulAdd=function(e,f,d){for(var t=this._endoWnafT1,a=this._endoWnafT2,c=0;c":""},C.prototype.isInfinity=function(){return this.inf},C.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var f=this.y.redSub(e.y);0!==f.cmpn(0)&&(f=f.redMul(this.x.redSub(e.x).redInvm()));var d=f.redSqr().redISub(this.x).redISub(e.x),t=f.redMul(this.x.redSub(d)).redISub(this.y);return this.curve.point(d,t)},C.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var f=this.curve.a,d=this.x.redSqr(),t=e.redInvm(),a=d.redAdd(d).redIAdd(d).redIAdd(f).redMul(t),c=a.redSqr().redISub(this.x.redAdd(this.x)),r=a.redMul(this.x.redSub(c)).redISub(this.y);return this.curve.point(c,r)},C.prototype.getX=function(){return this.x.fromRed()},C.prototype.getY=function(){return this.y.fromRed()},C.prototype.mul=function(e){return e=new o(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},C.prototype.mulAdd=function(e,f,d){var t=[this,f],a=[e,d];return this.curve.endo?this.curve._endoWnafMulAdd(t,a):this.curve._wnafMulAdd(1,t,a,2)},C.prototype.jmulAdd=function(e,f,d){var t=[this,f],a=[e,d];return this.curve.endo?this.curve._endoWnafMulAdd(t,a,!0):this.curve._wnafMulAdd(1,t,a,2,!0)},C.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},C.prototype.neg=function(e){if(this.inf)return this;var f=this.curve.point(this.x,this.y.redNeg());if(e&&this.precomputed){var d=this.precomputed,t=function(e){return e.neg()};f.precomputed={naf:d.naf&&{wnd:d.naf.wnd,points:d.naf.points.map(t)},doubles:d.doubles&&{step:d.doubles.step,points:d.doubles.points.map(t)}}}return f},C.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},d(_,I.BasePoint),M.prototype.jpoint=function(e,f,d){return new _(this,e,f,d)},_.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),f=e.redSqr(),d=this.x.redMul(f),t=this.y.redMul(f).redMul(e);return this.curve.point(d,t)},_.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},_.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var f=e.z.redSqr(),d=this.z.redSqr(),t=this.x.redMul(f),a=e.x.redMul(d),c=this.y.redMul(f.redMul(e.z)),r=e.y.redMul(d.redMul(this.z)),b=t.redSub(a),i=c.redSub(r);if(0===b.cmpn(0))return 0!==i.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var n=b.redSqr(),s=n.redMul(b),o=t.redMul(n),h=i.redSqr().redIAdd(s).redISub(o).redISub(o),u=i.redMul(o.redISub(h)).redISub(c.redMul(s)),p=this.z.redMul(e.z).redMul(b);return this.curve.jpoint(h,u,p)},_.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var f=this.z.redSqr(),d=this.x,t=e.x.redMul(f),a=this.y,c=e.y.redMul(f).redMul(this.z),r=d.redSub(t),b=a.redSub(c);if(0===r.cmpn(0))return 0!==b.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var i=r.redSqr(),n=i.redMul(r),s=d.redMul(i),o=b.redSqr().redIAdd(n).redISub(s).redISub(s),h=b.redMul(s.redISub(o)).redISub(a.redMul(n)),u=this.z.redMul(r);return this.curve.jpoint(o,h,u)},_.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var f=this,d=0;d=0)return!1;if(d.redIAdd(a),0===this.x.cmp(d))return!0}},_.prototype.inspect=function(){return this.isInfinity()?"":""},_.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},d(D,I);var F=D;function z(e,f,d){I.BasePoint.call(this,e,"projective"),null===f&&null===d?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new o(f,16),this.z=new o(d,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}D.prototype.validate=function(e){var f=e.normalize().x,d=f.redSqr(),t=d.redMul(f).redAdd(d.redMul(this.a)).redAdd(f);return 0===t.redSqrt().redSqr().cmp(t)},d(z,I.BasePoint),D.prototype.decodePoint=function(e,f){if(33===(e=p.toArray(e,f)).length&&64===e[0]&&(e=e.slice(1,33).reverse()),32!==e.length)throw Error("Unknown point compression format");return this.point(e,1)},D.prototype.point=function(e,f){return new z(this,e,f)},D.prototype.pointFromJSON=function(e){return z.fromJSON(this,e)},z.prototype.precompute=function(){},z.prototype._encode=function(e){var f=this.curve.p.byteLength();return e?[64].concat(this.getX().toArray("le",f)):this.getX().toArray("be",f)},z.fromJSON=function(e,f){return new z(e,f[0],f[1]||e.one)},z.prototype.inspect=function(){return this.isInfinity()?"":""},z.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},z.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),f=this.x.redSub(this.z).redSqr(),d=e.redSub(f),t=e.redMul(f),a=d.redMul(f.redAdd(this.curve.a24.redMul(d)));return this.curve.point(t,a)},z.prototype.add=function(){throw Error("Not supported on Montgomery curve")},z.prototype.diffAdd=function(e,f){var d=this.x.redAdd(this.z),t=this.x.redSub(this.z),a=e.x.redAdd(e.z),c=e.x.redSub(e.z).redMul(d),r=a.redMul(t),b=f.z.redMul(c.redAdd(r).redSqr()),i=f.x.redMul(c.redISub(r).redSqr());return this.curve.point(b,i)},z.prototype.mul=function(e){for(var f=(e=new o(e,16)).clone(),d=this,t=this.curve.point(null,null),a=[];0!==f.cmpn(0);f.iushrn(1))a.push(f.andln(1));for(var c=a.length-1;c>=0;c--)0===a[c]?(d=d.diffAdd(t,this),t=t.dbl()):(t=d.diffAdd(t,this),d=d.dbl());return t},z.prototype.mulAdd=function(){throw Error("Not supported on Montgomery curve")},z.prototype.jumlAdd=function(){throw Error("Not supported on Montgomery curve")},z.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},z.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},z.prototype.getX=function(){return this.normalize(),this.x.fromRed()};var q=p.assert;function R(e){this.twisted=1!=(0|e.a),this.mOneA=this.twisted&&-1==(0|e.a),this.extended=this.mOneA,I.call(this,"edwards",e),this.a=new o(e.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new o(e.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new o(e.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),q(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|e.c)}d(R,I);var P=R;function N(e,f,d,t,a){I.BasePoint.call(this,e,"projective"),null===f&&null===d&&null===t?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new o(f,16),this.y=new o(d,16),this.z=t?new o(t,16):this.curve.one,this.t=a&&new o(a,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}R.prototype._mulA=function(e){return this.mOneA?e.redNeg():this.a.redMul(e)},R.prototype._mulC=function(e){return this.oneC?e:this.c.redMul(e)},R.prototype.jpoint=function(e,f,d,t){return this.point(e,f,d,t)},R.prototype.pointFromX=function(e,f){(e=new o(e,16)).red||(e=e.toRed(this.red));var d=e.redSqr(),t=this.c2.redSub(this.a.redMul(d)),a=this.one.redSub(this.c2.redMul(this.d).redMul(d)),c=t.redMul(a.redInvm()),r=c.redSqrt();if(0!==r.redSqr().redSub(c).cmp(this.zero))throw Error("invalid point");var b=r.fromRed().isOdd();return(f&&!b||!f&&b)&&(r=r.redNeg()),this.point(e,r)},R.prototype.pointFromY=function(e,f){(e=new o(e,16)).red||(e=e.toRed(this.red));var d=e.redSqr(),t=d.redSub(this.c2),a=d.redMul(this.d).redMul(this.c2).redSub(this.a),c=t.redMul(a.redInvm());if(0===c.cmp(this.zero)){if(f)throw Error("invalid point");return this.point(this.zero,e)}var r=c.redSqrt();if(0!==r.redSqr().redSub(c).cmp(this.zero))throw Error("invalid point");return r.fromRed().isOdd()!==f&&(r=r.redNeg()),this.point(r,e)},R.prototype.validate=function(e){if(e.isInfinity())return!0;e.normalize();var f=e.x.redSqr(),d=e.y.redSqr(),t=f.redMul(this.a).redAdd(d),a=this.c2.redMul(this.one.redAdd(this.d.redMul(f).redMul(d)));return 0===t.cmp(a)},d(N,I.BasePoint),R.prototype.pointFromJSON=function(e){return N.fromJSON(this,e)},R.prototype.point=function(e,f,d,t){return new N(this,e,f,d,t)},N.fromJSON=function(e,f){return new N(e,f[0],f[1],f[2])},N.prototype.inspect=function(){return this.isInfinity()?"":""},N.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},N.prototype._extDbl=function(){var e=this.x.redSqr(),f=this.y.redSqr(),d=this.z.redSqr();d=d.redIAdd(d);var t=this.curve._mulA(e),a=this.x.redAdd(this.y).redSqr().redISub(e).redISub(f),c=t.redAdd(f),r=c.redSub(d),b=t.redSub(f),i=a.redMul(r),n=c.redMul(b),s=a.redMul(b),o=r.redMul(c);return this.curve.point(i,n,o,s)},N.prototype._projDbl=function(){var e,f,d,t=this.x.redAdd(this.y).redSqr(),a=this.x.redSqr(),c=this.y.redSqr();if(this.curve.twisted){var r=(n=this.curve._mulA(a)).redAdd(c);if(this.zOne)e=t.redSub(a).redSub(c).redMul(r.redSub(this.curve.two)),f=r.redMul(n.redSub(c)),d=r.redSqr().redSub(r).redSub(r);else{var b=this.z.redSqr(),i=r.redSub(b).redISub(b);e=t.redSub(a).redISub(c).redMul(i),f=r.redMul(n.redSub(c)),d=r.redMul(i)}}else{var n=a.redAdd(c);b=this.curve._mulC(this.z).redSqr(),i=n.redSub(b).redSub(b);e=this.curve._mulC(t.redISub(n)).redMul(i),f=this.curve._mulC(n).redMul(a.redISub(c)),d=n.redMul(i)}return this.curve.point(e,f,d)},N.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},N.prototype._extAdd=function(e){var f=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),d=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),t=this.t.redMul(this.curve.dd).redMul(e.t),a=this.z.redMul(e.z.redAdd(e.z)),c=d.redSub(f),r=a.redSub(t),b=a.redAdd(t),i=d.redAdd(f),n=c.redMul(r),s=b.redMul(i),o=c.redMul(i),h=r.redMul(b);return this.curve.point(n,s,h,o)},N.prototype._projAdd=function(e){var f,d,t=this.z.redMul(e.z),a=t.redSqr(),c=this.x.redMul(e.x),r=this.y.redMul(e.y),b=this.curve.d.redMul(c).redMul(r),i=a.redSub(b),n=a.redAdd(b),s=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(c).redISub(r),o=t.redMul(i).redMul(s);return this.curve.twisted?(f=t.redMul(n).redMul(r.redSub(this.curve._mulA(c))),d=i.redMul(n)):(f=t.redMul(n).redMul(r.redSub(c)),d=this.curve._mulC(i).redMul(n)),this.curve.point(o,f,d)},N.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},N.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},N.prototype.mulAdd=function(e,f,d){return this.curve._wnafMulAdd(1,[this,f],[e,d],2,!1)},N.prototype.jmulAdd=function(e,f,d){return this.curve._wnafMulAdd(1,[this,f],[e,d],2,!0)},N.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},N.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},N.prototype.getX=function(){return this.normalize(),this.x.fromRed()},N.prototype.getY=function(){return this.normalize(),this.y.fromRed()},N.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},N.prototype.eqXToP=function(e){var f=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(f))return!0;for(var d=e.clone(),t=this.curve.redN.redMul(this.z);;){if(d.iadd(this.curve.n),d.cmp(this.curve.p)>=0)return!1;if(f.redIAdd(t),0===this.x.cmp(f))return!0}},N.prototype.toP=N.prototype.normalize,N.prototype.mixedAdd=N.prototype.add;var k=e((function(e,f){var d=f;d.base=I,d.short=B,d.mont=F,d.edwards=P})),j=t.rotl32,O=t.sum32,L=t.sum32_5,T=a.ft_1,J=c.BlockHash,X=[1518500249,1859775393,2400959708,3395469782];function V(){if(!(this instanceof V))return new V;J.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=Array(80)}t.inherits(V,J);var K=V;V.blockSize=512,V.outSize=160,V.hmacStrength=80,V.padLength=64,V.prototype._update=function(e,f){for(var d=this.W,t=0;t<16;t++)d[t]=e[f+t];for(;tthis.blockSize&&(e=(new this.Hash).update(e).digest()),f(e.length<=this.blockSize);for(var d=e.length;d=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(d,t,a)}var $=Z;Z.prototype._init=function(e,f,d){var t=e.concat(f).concat(d);this.K=Array(this.outLen/8),this.V=Array(this.outLen/8);for(var a=0;a=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(t||[])),this._reseed=1},Z.prototype.generate=function(e,f,d,t){if(this._reseed>this.reseedInterval)throw Error("Reseed is required");"string"!=typeof f&&(t=d,d=f,f=null),d&&(d=u.toArray(d,t||"hex"),this._update(d));for(var a=[];a.length"};var te=p.assert;function ae(e,f){if(e instanceof ae)return e;this._importDER(e,f)||(te(e.r&&e.s,"Signature without r or s"),this.r=new o(e.r,16),this.s=new o(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}var ce=ae;function re(){this.place=0}function be(e,f){var d=e[f.place++];if(!(128&d))return d;for(var t=15&d,a=0,c=0,r=f.place;c>>3);for(e.push(128|d);--d;)e.push(f>>>(d<<3)&255);e.push(f)}}ae.prototype._importDER=function(e,f){e=p.toArray(e,f);var d=new re;if(48!==e[d.place++])return!1;if(be(e,d)+d.place!==e.length)return!1;if(2!==e[d.place++])return!1;var t=be(e,d),a=e.slice(d.place,t+d.place);if(d.place+=t,2!==e[d.place++])return!1;var c=be(e,d);if(e.length!==c+d.place)return!1;var r=e.slice(d.place,c+d.place);return 0===a[0]&&128&a[1]&&(a=a.slice(1)),0===r[0]&&128&r[1]&&(r=r.slice(1)),this.r=new o(a),this.s=new o(r),this.recoveryParam=null,!0},ae.prototype.toDER=function(e){var f=this.r.toArray(),d=this.s.toArray();for(128&f[0]&&(f=[0].concat(f)),128&d[0]&&(d=[0].concat(d)),f=ie(f),d=ie(d);!(d[0]||128&d[1]);)d=d.slice(1);var t=[2];ne(t,f.length),(t=t.concat(f)).push(2),ne(t,d.length);var a=t.concat(d),c=[48];return ne(c,a.length),c=c.concat(a),p.encode(c,e)};var se=p.assert;function oe(e){if(!(this instanceof oe))return new oe(e);"string"==typeof e&&(se(Q.hasOwnProperty(e),"Unknown curve "+e),e=Q[e]),e instanceof Q.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}var he=oe;oe.prototype.keyPair=function(e){return new de(this,e)},oe.prototype.keyFromPrivate=function(e,f){return de.fromPrivate(this,e,f)},oe.prototype.keyFromPublic=function(e,f){return de.fromPublic(this,e,f)},oe.prototype.genKeyPair=function(e){e||(e={});var f=new $({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||l(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()});if("mont"===this.curve.type){var d=new o(f.generate(32));return this.keyFromPrivate(d)}for(var t=this.n.byteLength(),a=this.n.sub(new o(2));;){if(!((d=new o(f.generate(t))).cmp(a)>0))return d.iaddn(1),this.keyFromPrivate(d)}},oe.prototype._truncateToN=function(e,f,d){var t=(d=d||8*e.byteLength())-this.n.bitLength();return t>0&&(e=e.ushrn(t)),!f&&e.cmp(this.n)>=0?e.sub(this.n):e},oe.prototype.truncateMsg=function(e){var f;return e instanceof Uint8Array?(f=8*e.byteLength,e=this._truncateToN(new o(e,16),!1,f)):"string"==typeof e?(f=4*e.length,e=this._truncateToN(new o(e,16),!1,f)):e=this._truncateToN(new o(e,16)),e},oe.prototype.sign=function(e,f,d,t){"object"==typeof d&&(t=d,d=null),t||(t={}),f=this.keyFromPrivate(f,d),e=this.truncateMsg(e);for(var a=this.n.byteLength(),c=f.getPrivate().toArray("be",a),r=e.toArray("be",a),b=new $({hash:this.hash,entropy:c,nonce:r,pers:t.pers,persEnc:t.persEnc||"utf8"}),i=this.n.sub(new o(1)),n=0;;n++){var s=t.k?t.k(n):new o(b.generate(this.n.byteLength()));if(!((s=this._truncateToN(s,!0)).cmpn(1)<=0||s.cmp(i)>=0)){var h=this.g.mul(s);if(!h.isInfinity()){var u=h.getX(),p=u.umod(this.n);if(0!==p.cmpn(0)){var l=s.invm(this.n).mul(p.mul(f.getPrivate()).iadd(e));if(0!==(l=l.umod(this.n)).cmpn(0)){var y=(h.getY().isOdd()?1:0)|(0!==u.cmp(p)?2:0);return t.canonical&&l.cmp(this.nh)>0&&(l=this.n.sub(l),y^=1),new ce({r:p,s:l,recoveryParam:y})}}}}}},oe.prototype.verify=function(e,f,d,t){return d=this.keyFromPublic(d,t),f=new ce(f,"hex"),this._verify(this.truncateMsg(e),f,d)||this._verify(this._truncateToN(new o(e,16)),f,d)},oe.prototype._verify=function(e,f,d){var t=f.r,a=f.s;if(t.cmpn(1)<0||t.cmp(this.n)>=0)return!1;if(a.cmpn(1)<0||a.cmp(this.n)>=0)return!1;var c,r=a.invm(this.n),b=r.mul(e).umod(this.n),i=r.mul(t).umod(this.n);return this.curve._maxwellTrick?!(c=this.g.jmulAdd(b,d.getPublic(),i)).isInfinity()&&c.eqXToP(t):!(c=this.g.mulAdd(b,d.getPublic(),i)).isInfinity()&&0===c.getX().umod(this.n).cmp(t)},oe.prototype.recoverPubKey=function(e,f,d,t){se((3&d)===d,"The recovery param is more than two bits"),f=new ce(f,t);var a=this.n,c=new o(e),r=f.r,b=f.s,i=1&d,n=d>>1;if(r.cmp(this.curve.p.umod(this.curve.n))>=0&&n)throw Error("Unable to find sencond key candinate");r=n?this.curve.pointFromX(r.add(this.curve.n),i):this.curve.pointFromX(r,i);var s=f.r.invm(a),h=a.sub(c).mul(s).umod(a),u=b.mul(s).umod(a);return this.g.mulAdd(h,r,u)},oe.prototype.getKeyRecoveryParam=function(e,f,d,t){if(null!==(f=new ce(f,t)).recoveryParam)return f.recoveryParam;for(var a=0;a<4;a++){var c;try{c=this.recoverPubKey(e,f,a)}catch(e){continue}if(c.eq(d))return a}throw Error("Unable to find valid recovery factor")};var ue=p.assert,pe=p.parseBytes,le=p.cachedProperty;function ye(e,f){if(this.eddsa=e,f.hasOwnProperty("secret")&&(this._secret=pe(f.secret)),e.isPoint(f.pub))this._pub=f.pub;else if(this._pubBytes=pe(f.pub),this._pubBytes&&33===this._pubBytes.length&&64===this._pubBytes[0]&&(this._pubBytes=this._pubBytes.slice(1,33)),this._pubBytes&&32!==this._pubBytes.length)throw Error("Unknown point compression format")}ye.fromPublic=function(e,f){return f instanceof ye?f:new ye(e,{pub:f})},ye.fromSecret=function(e,f){return f instanceof ye?f:new ye(e,{secret:f})},ye.prototype.secret=function(){return this._secret},le(ye,"pubBytes",(function(){return this.eddsa.encodePoint(this.pub())})),le(ye,"pub",(function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())})),le(ye,"privBytes",(function(){var e=this.eddsa,f=this.hash(),d=e.encodingLength-1,t=f.slice(0,e.encodingLength);return t[0]&=248,t[d]&=127,t[d]|=64,t})),le(ye,"priv",(function(){return this.eddsa.decodeInt(this.privBytes())})),le(ye,"hash",(function(){return this.eddsa.hash().update(this.secret()).digest()})),le(ye,"messagePrefix",(function(){return this.hash().slice(this.eddsa.encodingLength)})),ye.prototype.sign=function(e){return ue(this._secret,"KeyPair can only verify"),this.eddsa.sign(e,this)},ye.prototype.verify=function(e,f){return this.eddsa.verify(e,f,this)},ye.prototype.getSecret=function(e){return ue(this._secret,"KeyPair is public only"),p.encode(this.secret(),e)},ye.prototype.getPublic=function(e,f){return p.encode((f?[64]:[]).concat(this.pubBytes()),e)};var ve=ye,me=p.assert,Ae=p.cachedProperty,ge=p.parseBytes;function Se(e,f){this.eddsa=e,"object"!=typeof f&&(f=ge(f)),Array.isArray(f)&&(f={R:f.slice(0,e.encodingLength),S:f.slice(e.encodingLength)}),me(f.R&&f.S,"Signature without R or S"),e.isPoint(f.R)&&(this._R=f.R),f.S instanceof o&&(this._S=f.S),this._Rencoded=Array.isArray(f.R)?f.R:f.Rencoded,this._Sencoded=Array.isArray(f.S)?f.S:f.Sencoded}Ae(Se,"S",(function(){return this.eddsa.decodeInt(this.Sencoded())})),Ae(Se,"R",(function(){return this.eddsa.decodePoint(this.Rencoded())})),Ae(Se,"Rencoded",(function(){return this.eddsa.encodePoint(this.R())})),Ae(Se,"Sencoded",(function(){return this.eddsa.encodeInt(this.S())})),Se.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},Se.prototype.toHex=function(){return p.encode(this.toBytes(),"hex").toUpperCase()};var we=Se,Ie=p.assert,Ee=p.parseBytes;function xe(e){if(Ie("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof xe))return new xe(e);e=Q[e].curve;this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=Y.sha512}var Me=xe;xe.prototype.sign=function(e,f){e=Ee(e);var d=this.keyFromSecret(f),t=this.hashInt(d.messagePrefix(),e),a=this.g.mul(t),c=this.encodePoint(a),r=this.hashInt(c,d.pubBytes(),e).mul(d.priv()),b=t.add(r).umod(this.curve.n);return this.makeSignature({R:a,S:b,Rencoded:c})},xe.prototype.verify=function(e,f,d){e=Ee(e),f=this.makeSignature(f);var t=this.keyFromPublic(d),a=this.hashInt(f.Rencoded(),t.pubBytes(),e),c=this.g.mul(f.S());return f.R().add(t.pub().mul(a)).eq(c)},xe.prototype.hashInt=function(){for(var e=this.hash(),f=0;f> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n }\n return res;\n}\nutils.toArray = toArray;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nutils.zero2 = zero2;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nutils.toHex = toHex;\n\nutils.encode = function encode(arr, enc) {\n if (enc === 'hex')\n return toHex(arr);\n else\n return arr;\n};\n","'use strict';\n\nvar utils = exports;\nvar BN = require('bn.js');\nvar minAssert = require('minimalistic-assert');\nvar minUtils = require('minimalistic-crypto-utils');\n\nutils.assert = minAssert;\nutils.toArray = minUtils.toArray;\nutils.zero2 = minUtils.zero2;\nutils.toHex = minUtils.toHex;\nutils.encode = minUtils.encode;\n\n// Represent num in a w-NAF form\nfunction getNAF(num, w) {\n var naf = [];\n var ws = 1 << (w + 1);\n var k = num.clone();\n while (k.cmpn(1) >= 0) {\n var z;\n if (k.isOdd()) {\n var mod = k.andln(ws - 1);\n if (mod > (ws >> 1) - 1)\n z = (ws >> 1) - mod;\n else\n z = mod;\n k.isubn(z);\n } else {\n z = 0;\n }\n naf.push(z);\n\n // Optimization, shift by word if possible\n var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;\n for (var i = 1; i < shift; i++)\n naf.push(0);\n k.iushrn(shift);\n }\n\n return naf;\n}\nutils.getNAF = getNAF;\n\n// Represent k1, k2 in a Joint Sparse Form\nfunction getJSF(k1, k2) {\n var jsf = [\n [],\n []\n ];\n\n k1 = k1.clone();\n k2 = k2.clone();\n var d1 = 0;\n var d2 = 0;\n while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {\n\n // First phase\n var m14 = (k1.andln(3) + d1) & 3;\n var m24 = (k2.andln(3) + d2) & 3;\n if (m14 === 3)\n m14 = -1;\n if (m24 === 3)\n m24 = -1;\n var u1;\n if ((m14 & 1) === 0) {\n u1 = 0;\n } else {\n var m8 = (k1.andln(7) + d1) & 7;\n if ((m8 === 3 || m8 === 5) && m24 === 2)\n u1 = -m14;\n else\n u1 = m14;\n }\n jsf[0].push(u1);\n\n var u2;\n if ((m24 & 1) === 0) {\n u2 = 0;\n } else {\n var m8 = (k2.andln(7) + d2) & 7;\n if ((m8 === 3 || m8 === 5) && m14 === 2)\n u2 = -m24;\n else\n u2 = m24;\n }\n jsf[1].push(u2);\n\n // Second phase\n if (2 * d1 === u1 + 1)\n d1 = 1 - d1;\n if (2 * d2 === u2 + 1)\n d2 = 1 - d2;\n k1.iushrn(1);\n k2.iushrn(1);\n }\n\n return jsf;\n}\nutils.getJSF = getJSF;\n\nfunction cachedProperty(obj, name, computer) {\n var key = '_' + name;\n obj.prototype[name] = function cachedProperty() {\n return this[key] !== undefined ? this[key] :\n this[key] = computer.call(this);\n };\n}\nutils.cachedProperty = cachedProperty;\n\nfunction parseBytes(bytes) {\n return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :\n bytes;\n}\nutils.parseBytes = parseBytes;\n\nfunction intFromLE(bytes) {\n return new BN(bytes, 'hex', 'le');\n}\nutils.intFromLE = intFromLE;\n\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar getNAF = utils.getNAF;\nvar getJSF = utils.getJSF;\nvar assert = utils.assert;\n\nfunction BaseCurve(type, conf) {\n this.type = type;\n this.p = new BN(conf.p, 16);\n\n // Use Montgomery, when there is no fast reduction for the prime\n this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);\n\n // Useful for many curves\n this.zero = new BN(0).toRed(this.red);\n this.one = new BN(1).toRed(this.red);\n this.two = new BN(2).toRed(this.red);\n\n // Curve configuration, optional\n this.n = conf.n && new BN(conf.n, 16);\n this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);\n\n // Temporary arrays\n this._wnafT1 = new Array(4);\n this._wnafT2 = new Array(4);\n this._wnafT3 = new Array(4);\n this._wnafT4 = new Array(4);\n\n // Generalized Greg Maxwell's trick\n var adjustCount = this.n && this.p.div(this.n);\n if (!adjustCount || adjustCount.cmpn(100) > 0) {\n this.redN = null;\n } else {\n this._maxwellTrick = true;\n this.redN = this.n.toRed(this.red);\n }\n}\nmodule.exports = BaseCurve;\n\nBaseCurve.prototype.point = function point() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype.validate = function validate() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {\n assert(p.precomputed);\n var doubles = p._getDoubles();\n\n var naf = getNAF(k, 1);\n var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);\n I /= 3;\n\n // Translate into more windowed form\n var repr = [];\n for (var j = 0; j < naf.length; j += doubles.step) {\n var nafW = 0;\n for (var k = j + doubles.step - 1; k >= j; k--)\n nafW = (nafW << 1) + naf[k];\n repr.push(nafW);\n }\n\n var a = this.jpoint(null, null, null);\n var b = this.jpoint(null, null, null);\n for (var i = I; i > 0; i--) {\n for (var j = 0; j < repr.length; j++) {\n var nafW = repr[j];\n if (nafW === i)\n b = b.mixedAdd(doubles.points[j]);\n else if (nafW === -i)\n b = b.mixedAdd(doubles.points[j].neg());\n }\n a = a.add(b);\n }\n return a.toP();\n};\n\nBaseCurve.prototype._wnafMul = function _wnafMul(p, k) {\n var w = 4;\n\n // Precompute window\n var nafPoints = p._getNAFPoints(w);\n w = nafPoints.wnd;\n var wnd = nafPoints.points;\n\n // Get NAF form\n var naf = getNAF(k, w);\n\n // Add `this`*(N+1) for every w-NAF index\n var acc = this.jpoint(null, null, null);\n for (var i = naf.length - 1; i >= 0; i--) {\n // Count zeroes\n for (var k = 0; i >= 0 && naf[i] === 0; i--)\n k++;\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n\n if (i < 0)\n break;\n var z = naf[i];\n assert(z !== 0);\n if (p.type === 'affine') {\n // J +- P\n if (z > 0)\n acc = acc.mixedAdd(wnd[(z - 1) >> 1]);\n else\n acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());\n } else {\n // J +- J\n if (z > 0)\n acc = acc.add(wnd[(z - 1) >> 1]);\n else\n acc = acc.add(wnd[(-z - 1) >> 1].neg());\n }\n }\n return p.type === 'affine' ? acc.toP() : acc;\n};\n\nBaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,\n points,\n coeffs,\n len,\n jacobianResult) {\n var wndWidth = this._wnafT1;\n var wnd = this._wnafT2;\n var naf = this._wnafT3;\n\n // Fill all arrays\n var max = 0;\n for (var i = 0; i < len; i++) {\n var p = points[i];\n var nafPoints = p._getNAFPoints(defW);\n wndWidth[i] = nafPoints.wnd;\n wnd[i] = nafPoints.points;\n }\n\n // Comb small window NAFs\n for (var i = len - 1; i >= 1; i -= 2) {\n var a = i - 1;\n var b = i;\n if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {\n naf[a] = getNAF(coeffs[a], wndWidth[a]);\n naf[b] = getNAF(coeffs[b], wndWidth[b]);\n max = Math.max(naf[a].length, max);\n max = Math.max(naf[b].length, max);\n continue;\n }\n\n var comb = [\n points[a], /* 1 */\n null, /* 3 */\n null, /* 5 */\n points[b] /* 7 */\n ];\n\n // Try to avoid Projective points, if possible\n if (points[a].y.cmp(points[b].y) === 0) {\n comb[1] = points[a].add(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].add(points[b].neg());\n } else {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n }\n\n var index = [\n -3, /* -1 -1 */\n -1, /* -1 0 */\n -5, /* -1 1 */\n -7, /* 0 -1 */\n 0, /* 0 0 */\n 7, /* 0 1 */\n 5, /* 1 -1 */\n 1, /* 1 0 */\n 3 /* 1 1 */\n ];\n\n var jsf = getJSF(coeffs[a], coeffs[b]);\n max = Math.max(jsf[0].length, max);\n naf[a] = new Array(max);\n naf[b] = new Array(max);\n for (var j = 0; j < max; j++) {\n var ja = jsf[0][j] | 0;\n var jb = jsf[1][j] | 0;\n\n naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];\n naf[b][j] = 0;\n wnd[a] = comb;\n }\n }\n\n var acc = this.jpoint(null, null, null);\n var tmp = this._wnafT4;\n for (var i = max; i >= 0; i--) {\n var k = 0;\n\n while (i >= 0) {\n var zero = true;\n for (var j = 0; j < len; j++) {\n tmp[j] = naf[j][i] | 0;\n if (tmp[j] !== 0)\n zero = false;\n }\n if (!zero)\n break;\n k++;\n i--;\n }\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n if (i < 0)\n break;\n\n for (var j = 0; j < len; j++) {\n var z = tmp[j];\n var p;\n if (z === 0)\n continue;\n else if (z > 0)\n p = wnd[j][(z - 1) >> 1];\n else if (z < 0)\n p = wnd[j][(-z - 1) >> 1].neg();\n\n if (p.type === 'affine')\n acc = acc.mixedAdd(p);\n else\n acc = acc.add(p);\n }\n }\n // Zeroify references\n for (var i = 0; i < len; i++)\n wnd[i] = null;\n\n if (jacobianResult)\n return acc;\n else\n return acc.toP();\n};\n\nfunction BasePoint(curve, type) {\n this.curve = curve;\n this.type = type;\n this.precomputed = null;\n}\nBaseCurve.BasePoint = BasePoint;\n\nBasePoint.prototype.eq = function eq(/*other*/) {\n throw new Error('Not implemented');\n};\n\nBasePoint.prototype.validate = function validate() {\n return this.curve.validate(this);\n};\n\nBaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n bytes = utils.toArray(bytes, enc);\n\n var len = this.p.byteLength();\n\n // uncompressed, hybrid-odd, hybrid-even\n if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&\n bytes.length - 1 === 2 * len) {\n if (bytes[0] === 0x06)\n assert(bytes[bytes.length - 1] % 2 === 0);\n else if (bytes[0] === 0x07)\n assert(bytes[bytes.length - 1] % 2 === 1);\n\n var res = this.point(bytes.slice(1, 1 + len),\n bytes.slice(1 + len, 1 + 2 * len));\n\n return res;\n } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&\n bytes.length - 1 === len) {\n return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);\n }\n throw new Error('Unknown point format');\n};\n\nBasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {\n return this.encode(enc, true);\n};\n\nBasePoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n var x = this.getX().toArray('be', len);\n\n if (compact)\n return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);\n\n return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;\n};\n\nBasePoint.prototype.encode = function encode(enc, compact) {\n return utils.encode(this._encode(compact), enc);\n};\n\nBasePoint.prototype.precompute = function precompute(power) {\n if (this.precomputed)\n return this;\n\n var precomputed = {\n doubles: null,\n naf: null,\n beta: null\n };\n precomputed.naf = this._getNAFPoints(8);\n precomputed.doubles = this._getDoubles(4, power);\n precomputed.beta = this._getBeta();\n this.precomputed = precomputed;\n\n return this;\n};\n\nBasePoint.prototype._hasDoubles = function _hasDoubles(k) {\n if (!this.precomputed)\n return false;\n\n var doubles = this.precomputed.doubles;\n if (!doubles)\n return false;\n\n return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);\n};\n\nBasePoint.prototype._getDoubles = function _getDoubles(step, power) {\n if (this.precomputed && this.precomputed.doubles)\n return this.precomputed.doubles;\n\n var doubles = [ this ];\n var acc = this;\n for (var i = 0; i < power; i += step) {\n for (var j = 0; j < step; j++)\n acc = acc.dbl();\n doubles.push(acc);\n }\n return {\n step: step,\n points: doubles\n };\n};\n\nBasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {\n if (this.precomputed && this.precomputed.naf)\n return this.precomputed.naf;\n\n var res = [ this ];\n var max = (1 << wnd) - 1;\n var dbl = max === 1 ? null : this.dbl();\n for (var i = 1; i < max; i++)\n res[i] = res[i - 1].add(dbl);\n return {\n wnd: wnd,\n points: res\n };\n};\n\nBasePoint.prototype._getBeta = function _getBeta() {\n return null;\n};\n\nBasePoint.prototype.dblp = function dblp(k) {\n var r = this;\n for (var i = 0; i < k; i++)\n r = r.dbl();\n return r;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction ShortCurve(conf) {\n Base.call(this, 'short', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.tinv = this.two.redInvm();\n\n this.zeroA = this.a.fromRed().cmpn(0) === 0;\n this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;\n\n // If the curve is endomorphic, precalculate beta and lambda\n this.endo = this._getEndomorphism(conf);\n this._endoWnafT1 = new Array(4);\n this._endoWnafT2 = new Array(4);\n}\ninherits(ShortCurve, Base);\nmodule.exports = ShortCurve;\n\nShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {\n // No efficient endomorphism\n if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)\n return;\n\n // Compute beta and lambda, that lambda * P = (beta * Px; Py)\n var beta;\n var lambda;\n if (conf.beta) {\n beta = new BN(conf.beta, 16).toRed(this.red);\n } else {\n var betas = this._getEndoRoots(this.p);\n // Choose the smallest beta\n beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];\n beta = beta.toRed(this.red);\n }\n if (conf.lambda) {\n lambda = new BN(conf.lambda, 16);\n } else {\n // Choose the lambda that is matching selected beta\n var lambdas = this._getEndoRoots(this.n);\n if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {\n lambda = lambdas[0];\n } else {\n lambda = lambdas[1];\n assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);\n }\n }\n\n // Get basis vectors, used for balanced length-two representation\n var basis;\n if (conf.basis) {\n basis = conf.basis.map(function(vec) {\n return {\n a: new BN(vec.a, 16),\n b: new BN(vec.b, 16)\n };\n });\n } else {\n basis = this._getEndoBasis(lambda);\n }\n\n return {\n beta: beta,\n lambda: lambda,\n basis: basis\n };\n};\n\nShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {\n // Find roots of for x^2 + x + 1 in F\n // Root = (-1 +- Sqrt(-3)) / 2\n //\n var red = num === this.p ? this.red : BN.mont(num);\n var tinv = new BN(2).toRed(red).redInvm();\n var ntinv = tinv.redNeg();\n\n var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);\n\n var l1 = ntinv.redAdd(s).fromRed();\n var l2 = ntinv.redSub(s).fromRed();\n return [ l1, l2 ];\n};\n\nShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {\n // aprxSqrt >= sqrt(this.n)\n var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));\n\n // 3.74\n // Run EGCD, until r(L + 1) < aprxSqrt\n var u = lambda;\n var v = this.n.clone();\n var x1 = new BN(1);\n var y1 = new BN(0);\n var x2 = new BN(0);\n var y2 = new BN(1);\n\n // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)\n var a0;\n var b0;\n // First vector\n var a1;\n var b1;\n // Second vector\n var a2;\n var b2;\n\n var prevR;\n var i = 0;\n var r;\n var x;\n while (u.cmpn(0) !== 0) {\n var q = v.div(u);\n r = v.sub(q.mul(u));\n x = x2.sub(q.mul(x1));\n var y = y2.sub(q.mul(y1));\n\n if (!a1 && r.cmp(aprxSqrt) < 0) {\n a0 = prevR.neg();\n b0 = x1;\n a1 = r.neg();\n b1 = x;\n } else if (a1 && ++i === 2) {\n break;\n }\n prevR = r;\n\n v = u;\n u = r;\n x2 = x1;\n x1 = x;\n y2 = y1;\n y1 = y;\n }\n a2 = r.neg();\n b2 = x;\n\n var len1 = a1.sqr().add(b1.sqr());\n var len2 = a2.sqr().add(b2.sqr());\n if (len2.cmp(len1) >= 0) {\n a2 = a0;\n b2 = b0;\n }\n\n // Normalize signs\n if (a1.negative) {\n a1 = a1.neg();\n b1 = b1.neg();\n }\n if (a2.negative) {\n a2 = a2.neg();\n b2 = b2.neg();\n }\n\n return [\n { a: a1, b: b1 },\n { a: a2, b: b2 }\n ];\n};\n\nShortCurve.prototype._endoSplit = function _endoSplit(k) {\n var basis = this.endo.basis;\n var v1 = basis[0];\n var v2 = basis[1];\n\n var c1 = v2.b.mul(k).divRound(this.n);\n var c2 = v1.b.neg().mul(k).divRound(this.n);\n\n var p1 = c1.mul(v1.a);\n var p2 = c2.mul(v2.a);\n var q1 = c1.mul(v1.b);\n var q2 = c2.mul(v2.b);\n\n // Calculate answer\n var k1 = k.sub(p1).sub(p2);\n var k2 = q1.add(q2).neg();\n return { k1: k1, k2: k2 };\n};\n\nShortCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n // XXX Is there any way to tell if the number is odd without converting it\n // to non-red form?\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nShortCurve.prototype.validate = function validate(point) {\n if (point.inf)\n return true;\n\n var x = point.x;\n var y = point.y;\n\n var ax = this.a.redMul(x);\n var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);\n return y.redSqr().redISub(rhs).cmpn(0) === 0;\n};\n\nShortCurve.prototype._endoWnafMulAdd =\n function _endoWnafMulAdd(points, coeffs, jacobianResult) {\n var npoints = this._endoWnafT1;\n var ncoeffs = this._endoWnafT2;\n for (var i = 0; i < points.length; i++) {\n var split = this._endoSplit(coeffs[i]);\n var p = points[i];\n var beta = p._getBeta();\n\n if (split.k1.negative) {\n split.k1.ineg();\n p = p.neg(true);\n }\n if (split.k2.negative) {\n split.k2.ineg();\n beta = beta.neg(true);\n }\n\n npoints[i * 2] = p;\n npoints[i * 2 + 1] = beta;\n ncoeffs[i * 2] = split.k1;\n ncoeffs[i * 2 + 1] = split.k2;\n }\n var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);\n\n // Clean-up references to points and coefficients\n for (var j = 0; j < i * 2; j++) {\n npoints[j] = null;\n ncoeffs[j] = null;\n }\n return res;\n};\n\nfunction Point(curve, x, y, isRed) {\n Base.BasePoint.call(this, curve, 'affine');\n if (x === null && y === null) {\n this.x = null;\n this.y = null;\n this.inf = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n // Force redgomery representation when loading from JSON\n if (isRed) {\n this.x.forceRed(this.curve.red);\n this.y.forceRed(this.curve.red);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n this.inf = false;\n }\n}\ninherits(Point, Base.BasePoint);\n\nShortCurve.prototype.point = function point(x, y, isRed) {\n return new Point(this, x, y, isRed);\n};\n\nShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {\n return Point.fromJSON(this, obj, red);\n};\n\nPoint.prototype._getBeta = function _getBeta() {\n if (!this.curve.endo)\n return;\n\n var pre = this.precomputed;\n if (pre && pre.beta)\n return pre.beta;\n\n var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);\n if (pre) {\n var curve = this.curve;\n var endoMul = function(p) {\n return curve.point(p.x.redMul(curve.endo.beta), p.y);\n };\n pre.beta = beta;\n beta.precomputed = {\n beta: null,\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(endoMul)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(endoMul)\n }\n };\n }\n return beta;\n};\n\nPoint.prototype.toJSON = function toJSON() {\n if (!this.precomputed)\n return [ this.x, this.y ];\n\n return [ this.x, this.y, this.precomputed && {\n doubles: this.precomputed.doubles && {\n step: this.precomputed.doubles.step,\n points: this.precomputed.doubles.points.slice(1)\n },\n naf: this.precomputed.naf && {\n wnd: this.precomputed.naf.wnd,\n points: this.precomputed.naf.points.slice(1)\n }\n } ];\n};\n\nPoint.fromJSON = function fromJSON(curve, obj, red) {\n if (typeof obj === 'string')\n obj = JSON.parse(obj);\n var res = curve.point(obj[0], obj[1], red);\n if (!obj[2])\n return res;\n\n function obj2point(obj) {\n return curve.point(obj[0], obj[1], red);\n }\n\n var pre = obj[2];\n res.precomputed = {\n beta: null,\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: [ res ].concat(pre.doubles.points.map(obj2point))\n },\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: [ res ].concat(pre.naf.points.map(obj2point))\n }\n };\n return res;\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n return this.inf;\n};\n\nPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.inf)\n return p;\n\n // P + O = P\n if (p.inf)\n return this;\n\n // P + P = 2P\n if (this.eq(p))\n return this.dbl();\n\n // P + (-P) = O\n if (this.neg().eq(p))\n return this.curve.point(null, null);\n\n // P + Q = O\n if (this.x.cmp(p.x) === 0)\n return this.curve.point(null, null);\n\n var c = this.y.redSub(p.y);\n if (c.cmpn(0) !== 0)\n c = c.redMul(this.x.redSub(p.x).redInvm());\n var nx = c.redSqr().redISub(this.x).redISub(p.x);\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.inf)\n return this;\n\n // 2P = O\n var ys1 = this.y.redAdd(this.y);\n if (ys1.cmpn(0) === 0)\n return this.curve.point(null, null);\n\n var a = this.curve.a;\n\n var x2 = this.x.redSqr();\n var dyinv = ys1.redInvm();\n var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);\n\n var nx = c.redSqr().redISub(this.x.redAdd(this.x));\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.getX = function getX() {\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n return this.y.fromRed();\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n if (this.isInfinity())\n return this;\n else if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else if (this.curve.endo)\n return this.curve._endoWnafMulAdd([ this ], [ k ]);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs, true);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2, true);\n};\n\nPoint.prototype.eq = function eq(p) {\n return this === p ||\n this.inf === p.inf &&\n (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);\n};\n\nPoint.prototype.neg = function neg(_precompute) {\n if (this.inf)\n return this;\n\n var res = this.curve.point(this.x, this.y.redNeg());\n if (_precompute && this.precomputed) {\n var pre = this.precomputed;\n var negate = function(p) {\n return p.neg();\n };\n res.precomputed = {\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(negate)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(negate)\n }\n };\n }\n return res;\n};\n\nPoint.prototype.toJ = function toJ() {\n if (this.inf)\n return this.curve.jpoint(null, null, null);\n\n var res = this.curve.jpoint(this.x, this.y, this.curve.one);\n return res;\n};\n\nfunction JPoint(curve, x, y, z) {\n Base.BasePoint.call(this, curve, 'jacobian');\n if (x === null && y === null && z === null) {\n this.x = this.curve.one;\n this.y = this.curve.one;\n this.z = new BN(0);\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = new BN(z, 16);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n\n this.zOne = this.z === this.curve.one;\n}\ninherits(JPoint, Base.BasePoint);\n\nShortCurve.prototype.jpoint = function jpoint(x, y, z) {\n return new JPoint(this, x, y, z);\n};\n\nJPoint.prototype.toP = function toP() {\n if (this.isInfinity())\n return this.curve.point(null, null);\n\n var zinv = this.z.redInvm();\n var zinv2 = zinv.redSqr();\n var ax = this.x.redMul(zinv2);\n var ay = this.y.redMul(zinv2).redMul(zinv);\n\n return this.curve.point(ax, ay);\n};\n\nJPoint.prototype.neg = function neg() {\n return this.curve.jpoint(this.x, this.y.redNeg(), this.z);\n};\n\nJPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.isInfinity())\n return p;\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 12M + 4S + 7A\n var pz2 = p.z.redSqr();\n var z2 = this.z.redSqr();\n var u1 = this.x.redMul(pz2);\n var u2 = p.x.redMul(z2);\n var s1 = this.y.redMul(pz2.redMul(p.z));\n var s2 = p.y.redMul(z2.redMul(this.z));\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(p.z).redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mixedAdd = function mixedAdd(p) {\n // O + P = P\n if (this.isInfinity())\n return p.toJ();\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 8M + 3S + 7A\n var z2 = this.z.redSqr();\n var u1 = this.x;\n var u2 = p.x.redMul(z2);\n var s1 = this.y;\n var s2 = p.y.redMul(z2).redMul(this.z);\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.dblp = function dblp(pow) {\n if (pow === 0)\n return this;\n if (this.isInfinity())\n return this;\n if (!pow)\n return this.dbl();\n\n if (this.curve.zeroA || this.curve.threeA) {\n var r = this;\n for (var i = 0; i < pow; i++)\n r = r.dbl();\n return r;\n }\n\n // 1M + 2S + 1A + N * (4S + 5M + 8A)\n // N = 1 => 6M + 6S + 9A\n var a = this.curve.a;\n var tinv = this.curve.tinv;\n\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n // Reuse results\n var jyd = jy.redAdd(jy);\n for (var i = 0; i < pow; i++) {\n var jx2 = jx.redSqr();\n var jyd2 = jyd.redSqr();\n var jyd4 = jyd2.redSqr();\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var t1 = jx.redMul(jyd2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n var dny = c.redMul(t2);\n dny = dny.redIAdd(dny).redISub(jyd4);\n var nz = jyd.redMul(jz);\n if (i + 1 < pow)\n jz4 = jz4.redMul(jyd4);\n\n jx = nx;\n jz = nz;\n jyd = dny;\n }\n\n return this.curve.jpoint(jx, jyd.redMul(tinv), jz);\n};\n\nJPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n if (this.curve.zeroA)\n return this._zeroDbl();\n else if (this.curve.threeA)\n return this._threeDbl();\n else\n return this._dbl();\n};\n\nJPoint.prototype._zeroDbl = function _zeroDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 14A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // T = M ^ 2 - 2*S\n var t = m.redSqr().redISub(s).redISub(s);\n\n // 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2*Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-dbl-2009-l\n // 2M + 5S + 13A\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = B^2\n var c = b.redSqr();\n // D = 2 * ((X1 + B)^2 - A - C)\n var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);\n d = d.redIAdd(d);\n // E = 3 * A\n var e = a.redAdd(a).redIAdd(a);\n // F = E^2\n var f = e.redSqr();\n\n // 8 * C\n var c8 = c.redIAdd(c);\n c8 = c8.redIAdd(c8);\n c8 = c8.redIAdd(c8);\n\n // X3 = F - 2 * D\n nx = f.redISub(d).redISub(d);\n // Y3 = E * (D - X3) - 8 * C\n ny = e.redMul(d.redISub(nx)).redISub(c8);\n // Z3 = 2 * Y1 * Z1\n nz = this.y.redMul(this.z);\n nz = nz.redIAdd(nz);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._threeDbl = function _threeDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 15A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a\n var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);\n // T = M^2 - 2 * S\n var t = m.redSqr().redISub(s).redISub(s);\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2 * Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b\n // 3M + 5S\n\n // delta = Z1^2\n var delta = this.z.redSqr();\n // gamma = Y1^2\n var gamma = this.y.redSqr();\n // beta = X1 * gamma\n var beta = this.x.redMul(gamma);\n // alpha = 3 * (X1 - delta) * (X1 + delta)\n var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));\n alpha = alpha.redAdd(alpha).redIAdd(alpha);\n // X3 = alpha^2 - 8 * beta\n var beta4 = beta.redIAdd(beta);\n beta4 = beta4.redIAdd(beta4);\n var beta8 = beta4.redAdd(beta4);\n nx = alpha.redSqr().redISub(beta8);\n // Z3 = (Y1 + Z1)^2 - gamma - delta\n nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);\n // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2\n var ggamma8 = gamma.redSqr();\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._dbl = function _dbl() {\n var a = this.curve.a;\n\n // 4M + 6S + 10A\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n var jx2 = jx.redSqr();\n var jy2 = jy.redSqr();\n\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var jxd4 = jx.redAdd(jx);\n jxd4 = jxd4.redIAdd(jxd4);\n var t1 = jxd4.redMul(jy2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n\n var jyd8 = jy2.redSqr();\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n var ny = c.redMul(t2).redISub(jyd8);\n var nz = jy.redAdd(jy).redMul(jz);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.trpl = function trpl() {\n if (!this.curve.zeroA)\n return this.dbl().add(this);\n\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl\n // 5M + 10S + ...\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // ZZ = Z1^2\n var zz = this.z.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // M = 3 * XX + a * ZZ2; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // MM = M^2\n var mm = m.redSqr();\n // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM\n var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n e = e.redIAdd(e);\n e = e.redAdd(e).redIAdd(e);\n e = e.redISub(mm);\n // EE = E^2\n var ee = e.redSqr();\n // T = 16*YYYY\n var t = yyyy.redIAdd(yyyy);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n // U = (M + E)^2 - MM - EE - T\n var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);\n // X3 = 4 * (X1 * EE - 4 * YY * U)\n var yyu4 = yy.redMul(u);\n yyu4 = yyu4.redIAdd(yyu4);\n yyu4 = yyu4.redIAdd(yyu4);\n var nx = this.x.redMul(ee).redISub(yyu4);\n nx = nx.redIAdd(nx);\n nx = nx.redIAdd(nx);\n // Y3 = 8 * Y1 * (U * (T - U) - E * EE)\n var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n // Z3 = (Z1 + E)^2 - ZZ - EE\n var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mul = function mul(k, kbase) {\n k = new BN(k, kbase);\n\n return this.curve._wnafMul(this, k);\n};\n\nJPoint.prototype.eq = function eq(p) {\n if (p.type === 'affine')\n return this.eq(p.toJ());\n\n if (this === p)\n return true;\n\n // x1 * z2^2 == x2 * z1^2\n var z2 = this.z.redSqr();\n var pz2 = p.z.redSqr();\n if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)\n return false;\n\n // y1 * z2^3 == y2 * z1^3\n var z3 = z2.redMul(this.z);\n var pz3 = pz2.redMul(p.z);\n return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;\n};\n\nJPoint.prototype.eqXToP = function eqXToP(x) {\n var zs = this.z.redSqr();\n var rx = x.toRed(this.curve.red).redMul(zs);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(zs);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\nJPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nJPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar utils = require('../utils');\n\nfunction MontCurve(conf) {\n Base.call(this, 'mont', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.i4 = new BN(4).toRed(this.red).redInvm();\n this.two = new BN(2).toRed(this.red);\n // Note: this implementation is according to the original paper\n // by P. Montgomery, NOT the one by D. J. Bernstein.\n this.a24 = this.i4.redMul(this.a.redAdd(this.two));\n}\ninherits(MontCurve, Base);\nmodule.exports = MontCurve;\n\nMontCurve.prototype.validate = function validate(point) {\n var x = point.normalize().x;\n var x2 = x.redSqr();\n var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);\n var y = rhs.redSqrt();\n\n return y.redSqr().cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, z) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && z === null) {\n this.x = this.curve.one;\n this.z = this.curve.zero;\n } else {\n this.x = new BN(x, 16);\n this.z = new BN(z, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n }\n}\ninherits(Point, Base.BasePoint);\n\nMontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n var bytes = utils.toArray(bytes, enc);\n\n // TODO Curve448\n // Montgomery curve points must be represented in the compressed format\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (bytes.length === 33 && bytes[0] === 0x40)\n bytes = bytes.slice(1, 33).reverse(); // point must be little-endian\n if (bytes.length !== 32)\n throw new Error('Unknown point compression format');\n return this.point(bytes, 1);\n};\n\nMontCurve.prototype.point = function point(x, z) {\n return new Point(this, x, z);\n};\n\nMontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nPoint.prototype.precompute = function precompute() {\n // No-op\n};\n\nPoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n\n // Note: the output should always be little-endian\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (compact) {\n return [ 0x40 ].concat(this.getX().toArray('le', len));\n } else {\n return this.getX().toArray('be', len);\n }\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1] || curve.one);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n\nPoint.prototype.dbl = function dbl() {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3\n // 2M + 2S + 4A\n\n // A = X1 + Z1\n var a = this.x.redAdd(this.z);\n // AA = A^2\n var aa = a.redSqr();\n // B = X1 - Z1\n var b = this.x.redSub(this.z);\n // BB = B^2\n var bb = b.redSqr();\n // C = AA - BB\n var c = aa.redSub(bb);\n // X3 = AA * BB\n var nx = aa.redMul(bb);\n // Z3 = C * (BB + A24 * C)\n var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.add = function add() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.diffAdd = function diffAdd(p, diff) {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3\n // 4M + 2S + 6A\n\n // A = X2 + Z2\n var a = this.x.redAdd(this.z);\n // B = X2 - Z2\n var b = this.x.redSub(this.z);\n // C = X3 + Z3\n var c = p.x.redAdd(p.z);\n // D = X3 - Z3\n var d = p.x.redSub(p.z);\n // DA = D * A\n var da = d.redMul(a);\n // CB = C * B\n var cb = c.redMul(b);\n // X5 = Z1 * (DA + CB)^2\n var nx = diff.z.redMul(da.redAdd(cb).redSqr());\n // Z5 = X1 * (DA - CB)^2\n var nz = diff.x.redMul(da.redISub(cb).redSqr());\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n\n var t = k.clone();\n var a = this; // (N / 2) * Q + Q\n var b = this.curve.point(null, null); // (N / 2) * Q\n var c = this; // Q\n\n for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))\n bits.push(t.andln(1));\n\n for (var i = bits.length - 1; i >= 0; i--) {\n if (bits[i] === 0) {\n // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q\n a = a.diffAdd(b, c);\n // N * Q = 2 * ((N / 2) * Q + Q))\n b = b.dbl();\n } else {\n // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)\n b = a.diffAdd(b, c);\n // N * Q + Q = 2 * ((N / 2) * Q + Q)\n a = a.dbl();\n }\n }\n return b;\n};\n\nPoint.prototype.mulAdd = function mulAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.jumlAdd = function jumlAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.eq = function eq(other) {\n return this.getX().cmp(other.getX()) === 0;\n};\n\nPoint.prototype.normalize = function normalize() {\n this.x = this.x.redMul(this.z.redInvm());\n this.z = this.curve.one;\n return this;\n};\n\nPoint.prototype.getX = function getX() {\n // Normalize coordinates\n this.normalize();\n\n return this.x.fromRed();\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction EdwardsCurve(conf) {\n // NOTE: Important as we are creating point in Base.call()\n this.twisted = (conf.a | 0) !== 1;\n this.mOneA = this.twisted && (conf.a | 0) === -1;\n this.extended = this.mOneA;\n\n Base.call(this, 'edwards', conf);\n\n this.a = new BN(conf.a, 16).umod(this.red.m);\n this.a = this.a.toRed(this.red);\n this.c = new BN(conf.c, 16).toRed(this.red);\n this.c2 = this.c.redSqr();\n this.d = new BN(conf.d, 16).toRed(this.red);\n this.dd = this.d.redAdd(this.d);\n\n assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);\n this.oneC = (conf.c | 0) === 1;\n}\ninherits(EdwardsCurve, Base);\nmodule.exports = EdwardsCurve;\n\nEdwardsCurve.prototype._mulA = function _mulA(num) {\n if (this.mOneA)\n return num.redNeg();\n else\n return this.a.redMul(num);\n};\n\nEdwardsCurve.prototype._mulC = function _mulC(num) {\n if (this.oneC)\n return num;\n else\n return this.c.redMul(num);\n};\n\n// Just for compatibility with Short curve\nEdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {\n return this.point(x, y, z, t);\n};\n\nEdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var x2 = x.redSqr();\n var rhs = this.c2.redSub(this.a.redMul(x2));\n var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));\n\n var y2 = rhs.redMul(lhs.redInvm());\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {\n y = new BN(y, 16);\n if (!y.red)\n y = y.toRed(this.red);\n\n // x^2 = (y^2 - c^2) / (c^2 d y^2 - a)\n var y2 = y.redSqr();\n var lhs = y2.redSub(this.c2);\n var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a);\n var x2 = lhs.redMul(rhs.redInvm());\n\n if (x2.cmp(this.zero) === 0) {\n if (odd)\n throw new Error('invalid point');\n else\n return this.point(this.zero, y);\n }\n\n var x = x2.redSqrt();\n if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n if (x.fromRed().isOdd() !== odd)\n x = x.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.validate = function validate(point) {\n if (point.isInfinity())\n return true;\n\n // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)\n point.normalize();\n\n var x2 = point.x.redSqr();\n var y2 = point.y.redSqr();\n var lhs = x2.redMul(this.a).redAdd(y2);\n var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));\n\n return lhs.cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, y, z, t) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && y === null && z === null) {\n this.x = this.curve.zero;\n this.y = this.curve.one;\n this.z = this.curve.one;\n this.t = this.curve.zero;\n this.zOne = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = z ? new BN(z, 16) : this.curve.one;\n this.t = t && new BN(t, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n if (this.t && !this.t.red)\n this.t = this.t.toRed(this.curve.red);\n this.zOne = this.z === this.curve.one;\n\n // Use extended coordinates\n if (this.curve.extended && !this.t) {\n this.t = this.x.redMul(this.y);\n if (!this.zOne)\n this.t = this.t.redMul(this.z.redInvm());\n }\n }\n}\ninherits(Point, Base.BasePoint);\n\nEdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nEdwardsCurve.prototype.point = function point(x, y, z, t) {\n return new Point(this, x, y, z, t);\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1], obj[2]);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.x.cmpn(0) === 0 &&\n (this.y.cmp(this.z) === 0 ||\n (this.zOne && this.y.cmp(this.curve.c) === 0));\n};\n\nPoint.prototype._extDbl = function _extDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #doubling-dbl-2008-hwcd\n // 4M + 4S\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = 2 * Z1^2\n var c = this.z.redSqr();\n c = c.redIAdd(c);\n // D = a * A\n var d = this.curve._mulA(a);\n // E = (X1 + Y1)^2 - A - B\n var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);\n // G = D + B\n var g = d.redAdd(b);\n // F = G - C\n var f = g.redSub(c);\n // H = D - B\n var h = d.redSub(b);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projDbl = function _projDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #doubling-dbl-2008-bbjlp\n // #doubling-dbl-2007-bl\n // and others\n // Generally 3M + 4S or 2M + 4S\n\n // B = (X1 + Y1)^2\n var b = this.x.redAdd(this.y).redSqr();\n // C = X1^2\n var c = this.x.redSqr();\n // D = Y1^2\n var d = this.y.redSqr();\n\n var nx;\n var ny;\n var nz;\n if (this.curve.twisted) {\n // E = a * C\n var e = this.curve._mulA(c);\n // F = E + D\n var f = e.redAdd(d);\n if (this.zOne) {\n // X3 = (B - C - D) * (F - 2)\n nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F^2 - 2 * F\n nz = f.redSqr().redSub(f).redSub(f);\n } else {\n // H = Z1^2\n var h = this.z.redSqr();\n // J = F - 2 * H\n var j = f.redSub(h).redISub(h);\n // X3 = (B-C-D)*J\n nx = b.redSub(c).redISub(d).redMul(j);\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F * J\n nz = f.redMul(j);\n }\n } else {\n // E = C + D\n var e = c.redAdd(d);\n // H = (c * Z1)^2\n var h = this.curve._mulC(this.z).redSqr();\n // J = E - 2 * H\n var j = e.redSub(h).redSub(h);\n // X3 = c * (B - E) * J\n nx = this.curve._mulC(b.redISub(e)).redMul(j);\n // Y3 = c * E * (C - D)\n ny = this.curve._mulC(e).redMul(c.redISub(d));\n // Z3 = E * J\n nz = e.redMul(j);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n // Double in extended coordinates\n if (this.curve.extended)\n return this._extDbl();\n else\n return this._projDbl();\n};\n\nPoint.prototype._extAdd = function _extAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #addition-add-2008-hwcd-3\n // 8M\n\n // A = (Y1 - X1) * (Y2 - X2)\n var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));\n // B = (Y1 + X1) * (Y2 + X2)\n var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));\n // C = T1 * k * T2\n var c = this.t.redMul(this.curve.dd).redMul(p.t);\n // D = Z1 * 2 * Z2\n var d = this.z.redMul(p.z.redAdd(p.z));\n // E = B - A\n var e = b.redSub(a);\n // F = D - C\n var f = d.redSub(c);\n // G = D + C\n var g = d.redAdd(c);\n // H = B + A\n var h = b.redAdd(a);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projAdd = function _projAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #addition-add-2008-bbjlp\n // #addition-add-2007-bl\n // 10M + 1S\n\n // A = Z1 * Z2\n var a = this.z.redMul(p.z);\n // B = A^2\n var b = a.redSqr();\n // C = X1 * X2\n var c = this.x.redMul(p.x);\n // D = Y1 * Y2\n var d = this.y.redMul(p.y);\n // E = d * C * D\n var e = this.curve.d.redMul(c).redMul(d);\n // F = B - E\n var f = b.redSub(e);\n // G = B + E\n var g = b.redAdd(e);\n // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)\n var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);\n var nx = a.redMul(f).redMul(tmp);\n var ny;\n var nz;\n if (this.curve.twisted) {\n // Y3 = A * G * (D - a * C)\n ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));\n // Z3 = F * G\n nz = f.redMul(g);\n } else {\n // Y3 = A * G * (D - C)\n ny = a.redMul(g).redMul(d.redSub(c));\n // Z3 = c * F * G\n nz = this.curve._mulC(f).redMul(g);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.add = function add(p) {\n if (this.isInfinity())\n return p;\n if (p.isInfinity())\n return this;\n\n if (this.curve.extended)\n return this._extAdd(p);\n else\n return this._projAdd(p);\n};\n\nPoint.prototype.mul = function mul(k) {\n if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);\n};\n\nPoint.prototype.normalize = function normalize() {\n if (this.zOne)\n return this;\n\n // Normalize coordinates\n var zi = this.z.redInvm();\n this.x = this.x.redMul(zi);\n this.y = this.y.redMul(zi);\n if (this.t)\n this.t = this.t.redMul(zi);\n this.z = this.curve.one;\n this.zOne = true;\n return this;\n};\n\nPoint.prototype.neg = function neg() {\n return this.curve.point(this.x.redNeg(),\n this.y,\n this.z,\n this.t && this.t.redNeg());\n};\n\nPoint.prototype.getX = function getX() {\n this.normalize();\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n this.normalize();\n return this.y.fromRed();\n};\n\nPoint.prototype.eq = function eq(other) {\n return this === other ||\n this.getX().cmp(other.getX()) === 0 &&\n this.getY().cmp(other.getY()) === 0;\n};\n\nPoint.prototype.eqXToP = function eqXToP(x) {\n var rx = x.toRed(this.curve.red).redMul(this.z);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(this.z);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\n// Compatibility with BaseCurve\nPoint.prototype.toP = Point.prototype.normalize;\nPoint.prototype.mixedAdd = Point.prototype.add;\n","'use strict';\n\nvar curve = exports;\n\ncurve.base = require('./base');\ncurve.short = require('./short');\ncurve.mont = require('./mont');\ncurve.edwards = require('./edwards');\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_5 = utils.sum32_5;\nvar ft_1 = shaCommon.ft_1;\nvar BlockHash = common.BlockHash;\n\nvar sha1_K = [\n 0x5A827999, 0x6ED9EBA1,\n 0x8F1BBCDC, 0xCA62C1D6\n];\n\nfunction SHA1() {\n if (!(this instanceof SHA1))\n return new SHA1();\n\n BlockHash.call(this);\n this.h = [\n 0x67452301, 0xefcdab89, 0x98badcfe,\n 0x10325476, 0xc3d2e1f0 ];\n this.W = new Array(80);\n}\n\nutils.inherits(SHA1, BlockHash);\nmodule.exports = SHA1;\n\nSHA1.blockSize = 512;\nSHA1.outSize = 160;\nSHA1.hmacStrength = 80;\nSHA1.padLength = 64;\n\nSHA1.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n\n for(; i < W.length; i++)\n W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n\n for (i = 0; i < W.length; i++) {\n var s = ~~(i / 20);\n var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);\n e = d;\n d = c;\n c = rotl32(b, 30);\n b = a;\n a = t;\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n};\n\nSHA1.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nexports.sha1 = require('./sha/1');\nexports.sha224 = require('./sha/224');\nexports.sha256 = require('./sha/256');\nexports.sha384 = require('./sha/384');\nexports.sha512 = require('./sha/512');\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction Hmac(hash, key, enc) {\n if (!(this instanceof Hmac))\n return new Hmac(hash, key, enc);\n this.Hash = hash;\n this.blockSize = hash.blockSize / 8;\n this.outSize = hash.outSize / 8;\n this.inner = null;\n this.outer = null;\n\n this._init(utils.toArray(key, enc));\n}\nmodule.exports = Hmac;\n\nHmac.prototype._init = function init(key) {\n // Shorten key, if needed\n if (key.length > this.blockSize)\n key = new this.Hash().update(key).digest();\n assert(key.length <= this.blockSize);\n\n // Add padding to key\n for (var i = key.length; i < this.blockSize; i++)\n key.push(0);\n\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x36;\n this.inner = new this.Hash().update(key);\n\n // 0x36 ^ 0x5c = 0x6a\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x6a;\n this.outer = new this.Hash().update(key);\n};\n\nHmac.prototype.update = function update(msg, enc) {\n this.inner.update(msg, enc);\n return this;\n};\n\nHmac.prototype.digest = function digest(enc) {\n this.outer.update(this.inner.digest());\n return this.outer.digest(enc);\n};\n","var hash = exports;\n\nhash.utils = require('./hash/utils');\nhash.common = require('./hash/common');\nhash.sha = require('./hash/sha');\nhash.ripemd = require('./hash/ripemd');\nhash.hmac = require('./hash/hmac');\n\n// Proxy hash functions to the main object\nhash.sha1 = hash.sha.sha1;\nhash.sha256 = hash.sha.sha256;\nhash.sha224 = hash.sha.sha224;\nhash.sha384 = hash.sha.sha384;\nhash.sha512 = hash.sha.sha512;\nhash.ripemd160 = hash.ripemd.ripemd160;\n","module.exports = {\n doubles: {\n step: 4,\n points: [\n [\n 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',\n 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'\n ],\n [\n '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',\n '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'\n ],\n [\n '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',\n 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'\n ],\n [\n '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',\n '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'\n ],\n [\n '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',\n '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'\n ],\n [\n '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',\n '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'\n ],\n [\n 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',\n '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'\n ],\n [\n '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',\n 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'\n ],\n [\n 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',\n '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'\n ],\n [\n 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',\n 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'\n ],\n [\n 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',\n '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'\n ],\n [\n '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',\n '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'\n ],\n [\n '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',\n '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'\n ],\n [\n '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',\n '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'\n ],\n [\n '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',\n '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'\n ],\n [\n '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',\n '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'\n ],\n [\n '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',\n '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'\n ],\n [\n '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',\n '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'\n ],\n [\n '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',\n 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'\n ],\n [\n 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',\n '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'\n ],\n [\n 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',\n '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'\n ],\n [\n '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',\n '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'\n ],\n [\n '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',\n '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'\n ],\n [\n 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',\n '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'\n ],\n [\n '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',\n 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'\n ],\n [\n 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',\n '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'\n ],\n [\n 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',\n 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'\n ],\n [\n 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',\n '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'\n ],\n [\n 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',\n 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'\n ],\n [\n 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',\n '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'\n ],\n [\n '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',\n 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'\n ],\n [\n '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',\n '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'\n ],\n [\n 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',\n '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'\n ],\n [\n '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',\n 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'\n ],\n [\n 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',\n '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'\n ],\n [\n 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',\n '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'\n ],\n [\n 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',\n 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'\n ],\n [\n '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',\n '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'\n ],\n [\n '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',\n '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'\n ],\n [\n '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',\n 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'\n ],\n [\n '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',\n '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'\n ],\n [\n 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',\n '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'\n ],\n [\n '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',\n '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'\n ],\n [\n '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',\n 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'\n ],\n [\n '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',\n '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'\n ],\n [\n 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',\n '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'\n ],\n [\n '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',\n 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'\n ],\n [\n 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',\n 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'\n ],\n [\n 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',\n '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'\n ],\n [\n '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',\n 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'\n ],\n [\n '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',\n 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'\n ],\n [\n 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',\n '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'\n ],\n [\n 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',\n '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'\n ],\n [\n 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',\n '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'\n ],\n [\n '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',\n 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'\n ],\n [\n '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',\n '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'\n ],\n [\n 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',\n 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'\n ],\n [\n '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',\n 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'\n ],\n [\n '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',\n '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'\n ],\n [\n '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',\n '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'\n ],\n [\n 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',\n 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'\n ],\n [\n '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',\n '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'\n ],\n [\n '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',\n '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'\n ],\n [\n 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',\n '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'\n ],\n [\n 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',\n 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'\n ]\n ]\n },\n naf: {\n wnd: 7,\n points: [\n [\n 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',\n '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'\n ],\n [\n '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',\n 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'\n ],\n [\n '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',\n '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'\n ],\n [\n 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',\n 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'\n ],\n [\n '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',\n 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'\n ],\n [\n 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',\n 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'\n ],\n [\n 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',\n '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'\n ],\n [\n 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',\n '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'\n ],\n [\n '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',\n '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'\n ],\n [\n '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',\n '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'\n ],\n [\n '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',\n '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'\n ],\n [\n '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',\n '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'\n ],\n [\n 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',\n 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'\n ],\n [\n 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',\n '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'\n ],\n [\n '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',\n 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'\n ],\n [\n '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',\n 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'\n ],\n [\n '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',\n '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'\n ],\n [\n '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',\n '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'\n ],\n [\n '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',\n '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'\n ],\n [\n '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',\n 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'\n ],\n [\n 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',\n 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'\n ],\n [\n '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',\n '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'\n ],\n [\n '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',\n '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'\n ],\n [\n 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',\n 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'\n ],\n [\n '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',\n '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'\n ],\n [\n 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',\n 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'\n ],\n [\n 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',\n 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'\n ],\n [\n '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',\n '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'\n ],\n [\n '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',\n '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'\n ],\n [\n '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',\n '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'\n ],\n [\n 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',\n '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'\n ],\n [\n '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',\n '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'\n ],\n [\n 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',\n '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'\n ],\n [\n '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',\n 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'\n ],\n [\n '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',\n 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'\n ],\n [\n 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',\n 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'\n ],\n [\n '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',\n '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'\n ],\n [\n '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',\n 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'\n ],\n [\n 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',\n 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'\n ],\n [\n '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',\n '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'\n ],\n [\n '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',\n 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'\n ],\n [\n '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',\n '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'\n ],\n [\n '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',\n 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'\n ],\n [\n 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',\n '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'\n ],\n [\n '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',\n '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'\n ],\n [\n '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',\n 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'\n ],\n [\n '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',\n 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'\n ],\n [\n 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',\n 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'\n ],\n [\n 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',\n 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'\n ],\n [\n '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',\n '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'\n ],\n [\n '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',\n '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'\n ],\n [\n 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',\n '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'\n ],\n [\n 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',\n 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'\n ],\n [\n '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',\n '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'\n ],\n [\n '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',\n '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'\n ],\n [\n 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',\n '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'\n ],\n [\n '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',\n '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'\n ],\n [\n 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',\n 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'\n ],\n [\n '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',\n 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'\n ],\n [\n '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',\n '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'\n ],\n [\n 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',\n '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'\n ],\n [\n 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',\n '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'\n ],\n [\n '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',\n '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'\n ],\n [\n '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',\n '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'\n ],\n [\n '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',\n 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'\n ],\n [\n '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',\n 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'\n ],\n [\n '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',\n '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'\n ],\n [\n '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',\n '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'\n ],\n [\n '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',\n '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'\n ],\n [\n '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',\n 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'\n ],\n [\n 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',\n 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'\n ],\n [\n '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',\n 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'\n ],\n [\n 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',\n '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'\n ],\n [\n 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',\n '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'\n ],\n [\n 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',\n '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'\n ],\n [\n 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',\n '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'\n ],\n [\n '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',\n 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'\n ],\n [\n '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',\n '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'\n ],\n [\n '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',\n 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'\n ],\n [\n 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',\n 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'\n ],\n [\n 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',\n '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'\n ],\n [\n 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',\n 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'\n ],\n [\n 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',\n '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'\n ],\n [\n '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',\n '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'\n ],\n [\n 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',\n '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'\n ],\n [\n 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',\n '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'\n ],\n [\n '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',\n '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'\n ],\n [\n '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',\n 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'\n ],\n [\n 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',\n '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'\n ],\n [\n 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',\n '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'\n ],\n [\n 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',\n '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'\n ],\n [\n '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',\n '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'\n ],\n [\n 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',\n 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'\n ],\n [\n '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',\n 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'\n ],\n [\n 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',\n 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'\n ],\n [\n 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',\n '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'\n ],\n [\n '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',\n 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'\n ],\n [\n 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',\n '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'\n ],\n [\n 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',\n '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'\n ],\n [\n 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',\n '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'\n ],\n [\n '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',\n 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'\n ],\n [\n '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',\n 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'\n ],\n [\n 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',\n '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'\n ],\n [\n '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',\n 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'\n ],\n [\n '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',\n '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'\n ],\n [\n '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',\n 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'\n ],\n [\n 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',\n 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'\n ],\n [\n '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',\n 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'\n ],\n [\n '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',\n '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'\n ],\n [\n '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',\n 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'\n ],\n [\n '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',\n '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'\n ],\n [\n 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',\n 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'\n ],\n [\n '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',\n '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'\n ],\n [\n 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',\n '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'\n ],\n [\n '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',\n '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'\n ],\n [\n 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',\n 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'\n ],\n [\n 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',\n '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'\n ],\n [\n 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',\n 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'\n ],\n [\n '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',\n 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'\n ],\n [\n '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',\n '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'\n ],\n [\n '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',\n 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'\n ],\n [\n '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',\n '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'\n ],\n [\n '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',\n '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'\n ],\n [\n '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',\n 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'\n ],\n [\n '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',\n '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'\n ],\n [\n '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',\n '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'\n ],\n [\n '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',\n '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'\n ]\n ]\n }\n};\n","'use strict';\n\nvar curves = exports;\n\nvar hash = require('hash.js');\nvar curve = require('./curve');\nvar utils = require('./utils');\n\nvar assert = utils.assert;\n\nfunction PresetCurve(options) {\n if (options.type === 'short')\n this.curve = new curve.short(options);\n else if (options.type === 'edwards')\n this.curve = new curve.edwards(options);\n else if (options.type === 'mont')\n this.curve = new curve.mont(options);\n else throw new Error('Unknown curve type.');\n this.g = this.curve.g;\n this.n = this.curve.n;\n this.hash = options.hash;\n\n assert(this.g.validate(), 'Invalid curve');\n assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O');\n}\ncurves.PresetCurve = PresetCurve;\n\nfunction defineCurve(name, options) {\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n get: function() {\n var curve = new PresetCurve(options);\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n value: curve\n });\n return curve;\n }\n });\n}\n\ndefineCurve('p192', {\n type: 'short',\n prime: 'p192',\n p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',\n b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',\n n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',\n hash: hash.sha256,\n gRed: false,\n g: [\n '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',\n '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'\n ]\n});\n\ndefineCurve('p224', {\n type: 'short',\n prime: 'p224',\n p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',\n b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',\n n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',\n hash: hash.sha256,\n gRed: false,\n g: [\n 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',\n 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'\n ]\n});\n\ndefineCurve('p256', {\n type: 'short',\n prime: null,\n p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',\n a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',\n b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',\n n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',\n hash: hash.sha256,\n gRed: false,\n g: [\n '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',\n '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'\n ]\n});\n\ndefineCurve('p384', {\n type: 'short',\n prime: null,\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 ffffffff',\n a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 fffffffc',\n b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +\n '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',\n n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +\n 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',\n hash: hash.sha384,\n gRed: false,\n g: [\n 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +\n '5502f25d bf55296c 3a545e38 72760ab7',\n '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +\n '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'\n ]\n});\n\ndefineCurve('p521', {\n type: 'short',\n prime: null,\n p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff',\n a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff fffffffc',\n b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +\n '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +\n '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',\n n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +\n 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',\n hash: hash.sha512,\n gRed: false,\n g: [\n '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +\n '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +\n 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',\n '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +\n '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +\n '3fad0761 353c7086 a272c240 88be9476 9fd16650'\n ]\n});\n\n// https://tools.ietf.org/html/rfc7748#section-4.1\ndefineCurve('curve25519', {\n type: 'mont',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '76d06',\n b: '1',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '9'\n ]\n});\n\ndefineCurve('ed25519', {\n type: 'edwards',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '-1',\n c: '1',\n // -121665 * (121666^(-1)) (mod P)\n d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',\n // 4/5\n '6666666666666666666666666666666666666666666666666666666666666658'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.4\ndefineCurve('brainpoolP256r1', {\n type: 'short',\n prime: null,\n p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377',\n a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9',\n b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6',\n n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7',\n hash: hash.sha256, // or 384, or 512\n gRed: false,\n g: [\n '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262',\n '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.6\ndefineCurve('brainpoolP384r1', {\n type: 'short',\n prime: null,\n p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' +\n 'ACD3A729 901D1A71 87470013 3107EC53',\n a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' +\n '8AA5814A 503AD4EB 04A8C7DD 22CE2826',\n b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' +\n '7CB43902 95DBC994 3AB78696 FA504C11',\n n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' +\n 'CF3AB6AF 6B7FC310 3B883202 E9046565',\n hash: hash.sha384, // or 512\n gRed: false,\n g: [\n '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' +\n 'E8E826E03436D646AAEF87B2E247D4AF1E',\n '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' +\n '280E4646217791811142820341263C5315'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.7\ndefineCurve('brainpoolP512r1', {\n type: 'short',\n prime: null,\n p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' +\n '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3',\n a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' +\n '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA',\n b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' +\n '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723',\n n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' +\n '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069',\n hash: hash.sha512,\n gRed: false,\n g: [\n '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' +\n '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822',\n '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' +\n '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892'\n ]\n});\n\n// https://en.bitcoin.it/wiki/Secp256k1\nvar pre;\ntry {\n pre = require('./precomputed/secp256k1');\n} catch (e) {\n pre = undefined;\n}\n\ndefineCurve('secp256k1', {\n type: 'short',\n prime: 'k256',\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',\n a: '0',\n b: '7',\n n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',\n h: '1',\n hash: hash.sha256,\n\n // Precomputed endomorphism\n beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',\n lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',\n basis: [\n {\n a: '3086d221a7d46bcde86c90e49284eb15',\n b: '-e4437ed6010e88286f547fa90abfe4c3'\n },\n {\n a: '114ca50f7a8e2f3f657c1108d9d44cfd8',\n b: '3086d221a7d46bcde86c90e49284eb15'\n }\n ],\n\n gRed: false,\n g: [\n '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',\n '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',\n pre\n ]\n});\n","'use strict';\n\nvar hash = require('hash.js');\nvar utils = require('minimalistic-crypto-utils');\nvar assert = require('minimalistic-assert');\n\nfunction HmacDRBG(options) {\n if (!(this instanceof HmacDRBG))\n return new HmacDRBG(options);\n this.hash = options.hash;\n this.predResist = !!options.predResist;\n\n this.outLen = this.hash.outSize;\n this.minEntropy = options.minEntropy || this.hash.hmacStrength;\n\n this._reseed = null;\n this.reseedInterval = null;\n this.K = null;\n this.V = null;\n\n var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');\n var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');\n var pers = utils.toArray(options.pers, options.persEnc || 'hex');\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n this._init(entropy, nonce, pers);\n}\nmodule.exports = HmacDRBG;\n\nHmacDRBG.prototype._init = function init(entropy, nonce, pers) {\n var seed = entropy.concat(nonce).concat(pers);\n\n this.K = new Array(this.outLen / 8);\n this.V = new Array(this.outLen / 8);\n for (var i = 0; i < this.V.length; i++) {\n this.K[i] = 0x00;\n this.V[i] = 0x01;\n }\n\n this._update(seed);\n this._reseed = 1;\n this.reseedInterval = 0x1000000000000; // 2^48\n};\n\nHmacDRBG.prototype._hmac = function hmac() {\n return new hash.hmac(this.hash, this.K);\n};\n\nHmacDRBG.prototype._update = function update(seed) {\n var kmac = this._hmac()\n .update(this.V)\n .update([ 0x00 ]);\n if (seed)\n kmac = kmac.update(seed);\n this.K = kmac.digest();\n this.V = this._hmac().update(this.V).digest();\n if (!seed)\n return;\n\n this.K = this._hmac()\n .update(this.V)\n .update([ 0x01 ])\n .update(seed)\n .digest();\n this.V = this._hmac().update(this.V).digest();\n};\n\nHmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {\n // Optional entropy enc\n if (typeof entropyEnc !== 'string') {\n addEnc = add;\n add = entropyEnc;\n entropyEnc = null;\n }\n\n entropy = utils.toArray(entropy, entropyEnc);\n add = utils.toArray(add, addEnc);\n\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n\n this._update(entropy.concat(add || []));\n this._reseed = 1;\n};\n\nHmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {\n if (this._reseed > this.reseedInterval)\n throw new Error('Reseed is required');\n\n // Optional encoding\n if (typeof enc !== 'string') {\n addEnc = add;\n add = enc;\n enc = null;\n }\n\n // Optional additional data\n if (add) {\n add = utils.toArray(add, addEnc || 'hex');\n this._update(add);\n }\n\n var temp = [];\n while (temp.length < len) {\n this.V = this._hmac().update(this.V).digest();\n temp = temp.concat(this.V);\n }\n\n var res = temp.slice(0, len);\n this._update(add);\n this._reseed++;\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction KeyPair(ec, options) {\n this.ec = ec;\n this.priv = null;\n this.pub = null;\n\n // KeyPair(ec, { priv: ..., pub: ... })\n if (options.priv)\n this._importPrivate(options.priv, options.privEnc);\n if (options.pub)\n this._importPublic(options.pub, options.pubEnc);\n}\nmodule.exports = KeyPair;\n\nKeyPair.fromPublic = function fromPublic(ec, pub, enc) {\n if (pub instanceof KeyPair)\n return pub;\n\n return new KeyPair(ec, {\n pub: pub,\n pubEnc: enc\n });\n};\n\nKeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {\n if (priv instanceof KeyPair)\n return priv;\n\n return new KeyPair(ec, {\n priv: priv,\n privEnc: enc\n });\n};\n\n// TODO: should not validate for X25519\nKeyPair.prototype.validate = function validate() {\n var pub = this.getPublic();\n\n if (pub.isInfinity())\n return { result: false, reason: 'Invalid public key' };\n if (!pub.validate())\n return { result: false, reason: 'Public key is not a point' };\n if (!pub.mul(this.ec.curve.n).isInfinity())\n return { result: false, reason: 'Public key * N != O' };\n\n return { result: true, reason: null };\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n if (!this.pub)\n this.pub = this.ec.g.mul(this.priv);\n\n if (!enc)\n return this.pub;\n\n return this.pub.encode(enc, compact);\n};\n\nKeyPair.prototype.getPrivate = function getPrivate(enc) {\n if (enc === 'hex')\n return this.priv.toString(16, 2);\n else\n return this.priv;\n};\n\nKeyPair.prototype._importPrivate = function _importPrivate(key, enc) {\n this.priv = new BN(key, enc || 16);\n\n // For Curve25519/Curve448 we have a specific procedure.\n // TODO Curve448\n if (this.ec.curve.type === 'mont') {\n var one = this.ec.curve.one;\n var mask = one.ushln(255 - 3).sub(one).ushln(3);\n this.priv = this.priv.or(one.ushln(255 - 1));\n this.priv = this.priv.and(mask);\n } else\n // Ensure that the priv won't be bigger than n, otherwise we may fail\n // in fixed multiplication method\n this.priv = this.priv.umod(this.ec.curve.n);\n};\n\nKeyPair.prototype._importPublic = function _importPublic(key, enc) {\n if (key.x || key.y) {\n // Montgomery points only have an `x` coordinate.\n // Weierstrass/Edwards points on the other hand have both `x` and\n // `y` coordinates.\n if (this.ec.curve.type === 'mont') {\n assert(key.x, 'Need x coordinate');\n } else if (this.ec.curve.type === 'short' ||\n this.ec.curve.type === 'edwards') {\n assert(key.x && key.y, 'Need both x and y coordinate');\n }\n this.pub = this.ec.curve.point(key.x, key.y);\n return;\n }\n this.pub = this.ec.curve.decodePoint(key, enc);\n};\n\n// ECDH\nKeyPair.prototype.derive = function derive(pub) {\n return pub.mul(this.priv).getX();\n};\n\n// ECDSA\nKeyPair.prototype.sign = function sign(msg, enc, options) {\n return this.ec.sign(msg, this, enc, options);\n};\n\nKeyPair.prototype.verify = function verify(msg, signature) {\n return this.ec.verify(msg, signature, this);\n};\n\nKeyPair.prototype.inspect = function inspect() {\n return '';\n};\n","'use strict';\n\nvar BN = require('bn.js');\n\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction Signature(options, enc) {\n if (options instanceof Signature)\n return options;\n\n if (this._importDER(options, enc))\n return;\n\n assert(options.r && options.s, 'Signature without r or s');\n this.r = new BN(options.r, 16);\n this.s = new BN(options.s, 16);\n if (options.recoveryParam === undefined)\n this.recoveryParam = null;\n else\n this.recoveryParam = options.recoveryParam;\n}\nmodule.exports = Signature;\n\nfunction Position() {\n this.place = 0;\n}\n\nfunction getLength(buf, p) {\n var initial = buf[p.place++];\n if (!(initial & 0x80)) {\n return initial;\n }\n var octetLen = initial & 0xf;\n var val = 0;\n for (var i = 0, off = p.place; i < octetLen; i++, off++) {\n val <<= 8;\n val |= buf[off];\n }\n p.place = off;\n return val;\n}\n\nfunction rmPadding(buf) {\n var i = 0;\n var len = buf.length - 1;\n while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {\n i++;\n }\n if (i === 0) {\n return buf;\n }\n return buf.slice(i);\n}\n\nSignature.prototype._importDER = function _importDER(data, enc) {\n data = utils.toArray(data, enc);\n var p = new Position();\n if (data[p.place++] !== 0x30) {\n return false;\n }\n var len = getLength(data, p);\n if ((len + p.place) !== data.length) {\n return false;\n }\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var rlen = getLength(data, p);\n var r = data.slice(p.place, rlen + p.place);\n p.place += rlen;\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var slen = getLength(data, p);\n if (data.length !== slen + p.place) {\n return false;\n }\n var s = data.slice(p.place, slen + p.place);\n if (r[0] === 0 && (r[1] & 0x80)) {\n r = r.slice(1);\n }\n if (s[0] === 0 && (s[1] & 0x80)) {\n s = s.slice(1);\n }\n\n this.r = new BN(r);\n this.s = new BN(s);\n this.recoveryParam = null;\n\n return true;\n};\n\nfunction constructLength(arr, len) {\n if (len < 0x80) {\n arr.push(len);\n return;\n }\n var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);\n arr.push(octets | 0x80);\n while (--octets) {\n arr.push((len >>> (octets << 3)) & 0xff);\n }\n arr.push(len);\n}\n\nSignature.prototype.toDER = function toDER(enc) {\n var r = this.r.toArray();\n var s = this.s.toArray();\n\n // Pad values\n if (r[0] & 0x80)\n r = [ 0 ].concat(r);\n // Pad values\n if (s[0] & 0x80)\n s = [ 0 ].concat(s);\n\n r = rmPadding(r);\n s = rmPadding(s);\n\n while (!s[0] && !(s[1] & 0x80)) {\n s = s.slice(1);\n }\n var arr = [ 0x02 ];\n constructLength(arr, r.length);\n arr = arr.concat(r);\n arr.push(0x02);\n constructLength(arr, s.length);\n var backHalf = arr.concat(s);\n var res = [ 0x30 ];\n constructLength(res, backHalf.length);\n res = res.concat(backHalf);\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar HmacDRBG = require('hmac-drbg');\nvar utils = require('../utils');\nvar curves = require('../curves');\nvar rand = require('brorand');\nvar assert = utils.assert;\n\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EC(options) {\n if (!(this instanceof EC))\n return new EC(options);\n\n // Shortcut `elliptic.ec(curve-name)`\n if (typeof options === 'string') {\n assert(curves.hasOwnProperty(options), 'Unknown curve ' + options);\n\n options = curves[options];\n }\n\n // Shortcut for `elliptic.ec(elliptic.curves.curveName)`\n if (options instanceof curves.PresetCurve)\n options = { curve: options };\n\n this.curve = options.curve.curve;\n this.n = this.curve.n;\n this.nh = this.n.ushrn(1);\n this.g = this.curve.g;\n\n // Point on curve\n this.g = options.curve.g;\n this.g.precompute(options.curve.n.bitLength() + 1);\n\n // Hash function for DRBG\n this.hash = options.hash || options.curve.hash;\n}\nmodule.exports = EC;\n\nEC.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {\n return KeyPair.fromPrivate(this, priv, enc);\n};\n\nEC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {\n return KeyPair.fromPublic(this, pub, enc);\n};\n\nEC.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.n.toArray()\n });\n\n // Key generation for curve25519 is simpler\n if (this.curve.type === 'mont') {\n var priv = new BN(drbg.generate(32));\n return this.keyFromPrivate(priv);\n }\n\n var bytes = this.n.byteLength();\n var ns2 = this.n.sub(new BN(2));\n do {\n var priv = new BN(drbg.generate(bytes));\n if (priv.cmp(ns2) > 0)\n continue;\n\n priv.iaddn(1);\n return this.keyFromPrivate(priv);\n } while (true);\n};\n\nEC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) {\n bitSize = bitSize || msg.byteLength() * 8;\n var delta = bitSize - this.n.bitLength();\n if (delta > 0)\n msg = msg.ushrn(delta);\n if (!truncOnly && msg.cmp(this.n) >= 0)\n return msg.sub(this.n);\n else\n return msg;\n};\n\nEC.prototype.truncateMsg = function truncateMSG(msg) {\n // Bit size is only determined correctly for Uint8Arrays and hex strings\n var bitSize;\n if (msg instanceof Uint8Array) {\n bitSize = msg.byteLength * 8;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else if (typeof msg === 'string') {\n bitSize = msg.length * 4;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else {\n msg = this._truncateToN(new BN(msg, 16));\n }\n return msg;\n}\n\nEC.prototype.sign = function sign(msg, key, enc, options) {\n if (typeof enc === 'object') {\n options = enc;\n enc = null;\n }\n if (!options)\n options = {};\n\n key = this.keyFromPrivate(key, enc);\n msg = this.truncateMsg(msg);\n\n // Zero-extend key to provide enough entropy\n var bytes = this.n.byteLength();\n var bkey = key.getPrivate().toArray('be', bytes);\n\n // Zero-extend nonce to have the same byte size as N\n var nonce = msg.toArray('be', bytes);\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n entropy: bkey,\n nonce: nonce,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8'\n });\n\n // Number of bytes to generate\n var ns1 = this.n.sub(new BN(1));\n\n for (var iter = 0; true; iter++) {\n var k = options.k ?\n options.k(iter) :\n new BN(drbg.generate(this.n.byteLength()));\n k = this._truncateToN(k, true);\n if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)\n continue;\n\n var kp = this.g.mul(k);\n if (kp.isInfinity())\n continue;\n\n var kpX = kp.getX();\n var r = kpX.umod(this.n);\n if (r.cmpn(0) === 0)\n continue;\n\n var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));\n s = s.umod(this.n);\n if (s.cmpn(0) === 0)\n continue;\n\n var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |\n (kpX.cmp(r) !== 0 ? 2 : 0);\n\n // Use complement of `s`, if it is > `n / 2`\n if (options.canonical && s.cmp(this.nh) > 0) {\n s = this.n.sub(s);\n recoveryParam ^= 1;\n }\n\n return new Signature({ r: r, s: s, recoveryParam: recoveryParam });\n }\n};\n\nEC.prototype.verify = function verify(msg, signature, key, enc) {\n key = this.keyFromPublic(key, enc);\n signature = new Signature(signature, 'hex');\n // Fallback to the old code\n var ret = this._verify(this.truncateMsg(msg), signature, key) ||\n this._verify(this._truncateToN(new BN(msg, 16)), signature, key);\n return ret;\n};\n\nEC.prototype._verify = function _verify(msg, signature, key) {\n // Perform primitive values validation\n var r = signature.r;\n var s = signature.s;\n if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)\n return false;\n if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)\n return false;\n\n // Validate signature\n var sinv = s.invm(this.n);\n var u1 = sinv.mul(msg).umod(this.n);\n var u2 = sinv.mul(r).umod(this.n);\n\n if (!this.curve._maxwellTrick) {\n var p = this.g.mulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n return p.getX().umod(this.n).cmp(r) === 0;\n }\n\n // NOTE: Greg Maxwell's trick, inspired by:\n // https://git.io/vad3K\n\n var p = this.g.jmulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n // Compare `p.x` of Jacobian point with `r`,\n // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the\n // inverse of `p.z^2`\n return p.eqXToP(r);\n};\n\nEC.prototype.recoverPubKey = function(msg, signature, j, enc) {\n assert((3 & j) === j, 'The recovery param is more than two bits');\n signature = new Signature(signature, enc);\n\n var n = this.n;\n var e = new BN(msg);\n var r = signature.r;\n var s = signature.s;\n\n // A set LSB signifies that the y-coordinate is odd\n var isYOdd = j & 1;\n var isSecondKey = j >> 1;\n if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)\n throw new Error('Unable to find sencond key candinate');\n\n // 1.1. Let x = r + jn.\n if (isSecondKey)\n r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);\n else\n r = this.curve.pointFromX(r, isYOdd);\n\n var rInv = signature.r.invm(n);\n var s1 = n.sub(e).mul(rInv).umod(n);\n var s2 = s.mul(rInv).umod(n);\n\n // 1.6.1 Compute Q = r^-1 (sR - eG)\n // Q = r^-1 (sR + -eG)\n return this.g.mulAdd(s1, r, s2);\n};\n\nEC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {\n signature = new Signature(signature, enc);\n if (signature.recoveryParam !== null)\n return signature.recoveryParam;\n\n for (var i = 0; i < 4; i++) {\n var Qprime;\n try {\n Qprime = this.recoverPubKey(e, signature, i);\n } catch (e) {\n continue;\n }\n\n if (Qprime.eq(Q))\n return i;\n }\n throw new Error('Unable to find valid recovery factor');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar cachedProperty = utils.cachedProperty;\n\n/**\n* @param {EDDSA} eddsa - instance\n* @param {Object} params - public/private key parameters\n*\n* @param {Array} [params.secret] - secret seed bytes\n* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)\n* @param {Array} [params.pub] - public key point encoded as bytes\n*\n*/\nfunction KeyPair(eddsa, params) {\n this.eddsa = eddsa;\n if (params.hasOwnProperty('secret'))\n this._secret = parseBytes(params.secret);\n if (eddsa.isPoint(params.pub))\n this._pub = params.pub;\n else {\n this._pubBytes = parseBytes(params.pub);\n if (this._pubBytes && this._pubBytes.length === 33 &&\n this._pubBytes[0] === 0x40)\n this._pubBytes = this._pubBytes.slice(1, 33);\n if (this._pubBytes && this._pubBytes.length !== 32)\n throw new Error('Unknown point compression format');\n }\n}\n\nKeyPair.fromPublic = function fromPublic(eddsa, pub) {\n if (pub instanceof KeyPair)\n return pub;\n return new KeyPair(eddsa, { pub: pub });\n};\n\nKeyPair.fromSecret = function fromSecret(eddsa, secret) {\n if (secret instanceof KeyPair)\n return secret;\n return new KeyPair(eddsa, { secret: secret });\n};\n\nKeyPair.prototype.secret = function secret() {\n return this._secret;\n};\n\ncachedProperty(KeyPair, 'pubBytes', function pubBytes() {\n return this.eddsa.encodePoint(this.pub());\n});\n\ncachedProperty(KeyPair, 'pub', function pub() {\n if (this._pubBytes)\n return this.eddsa.decodePoint(this._pubBytes);\n return this.eddsa.g.mul(this.priv());\n});\n\ncachedProperty(KeyPair, 'privBytes', function privBytes() {\n var eddsa = this.eddsa;\n var hash = this.hash();\n var lastIx = eddsa.encodingLength - 1;\n\n // https://tools.ietf.org/html/rfc8032#section-5.1.5\n var a = hash.slice(0, eddsa.encodingLength);\n a[0] &= 248;\n a[lastIx] &= 127;\n a[lastIx] |= 64;\n\n return a;\n});\n\ncachedProperty(KeyPair, 'priv', function priv() {\n return this.eddsa.decodeInt(this.privBytes());\n});\n\ncachedProperty(KeyPair, 'hash', function hash() {\n return this.eddsa.hash().update(this.secret()).digest();\n});\n\ncachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {\n return this.hash().slice(this.eddsa.encodingLength);\n});\n\nKeyPair.prototype.sign = function sign(message) {\n assert(this._secret, 'KeyPair can only verify');\n return this.eddsa.sign(message, this);\n};\n\nKeyPair.prototype.verify = function verify(message, sig) {\n return this.eddsa.verify(message, sig, this);\n};\n\nKeyPair.prototype.getSecret = function getSecret(enc) {\n assert(this._secret, 'KeyPair is public only');\n return utils.encode(this.secret(), enc);\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n return utils.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc);\n};\n\nmodule.exports = KeyPair;\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar cachedProperty = utils.cachedProperty;\nvar parseBytes = utils.parseBytes;\n\n/**\n* @param {EDDSA} eddsa - eddsa instance\n* @param {Array|Object} sig -\n* @param {Array|Point} [sig.R] - R point as Point or bytes\n* @param {Array|bn} [sig.S] - S scalar as bn or bytes\n* @param {Array} [sig.Rencoded] - R point encoded\n* @param {Array} [sig.Sencoded] - S scalar encoded\n*/\nfunction Signature(eddsa, sig) {\n this.eddsa = eddsa;\n\n if (typeof sig !== 'object')\n sig = parseBytes(sig);\n\n if (Array.isArray(sig)) {\n sig = {\n R: sig.slice(0, eddsa.encodingLength),\n S: sig.slice(eddsa.encodingLength)\n };\n }\n\n assert(sig.R && sig.S, 'Signature without R or S');\n\n if (eddsa.isPoint(sig.R))\n this._R = sig.R;\n if (sig.S instanceof BN)\n this._S = sig.S;\n\n this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;\n this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;\n}\n\ncachedProperty(Signature, 'S', function S() {\n return this.eddsa.decodeInt(this.Sencoded());\n});\n\ncachedProperty(Signature, 'R', function R() {\n return this.eddsa.decodePoint(this.Rencoded());\n});\n\ncachedProperty(Signature, 'Rencoded', function Rencoded() {\n return this.eddsa.encodePoint(this.R());\n});\n\ncachedProperty(Signature, 'Sencoded', function Sencoded() {\n return this.eddsa.encodeInt(this.S());\n});\n\nSignature.prototype.toBytes = function toBytes() {\n return this.Rencoded().concat(this.Sencoded());\n};\n\nSignature.prototype.toHex = function toHex() {\n return utils.encode(this.toBytes(), 'hex').toUpperCase();\n};\n\nmodule.exports = Signature;\n","'use strict';\n\nvar hash = require('hash.js');\nvar HmacDRBG = require('hmac-drbg');\nvar rand = require('brorand');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n if (!(this instanceof EDDSA))\n return new EDDSA(curve);\n\n var curve = curves[curve].curve;\n this.curve = curve;\n this.g = curve.g;\n this.g.precompute(curve.n.bitLength() + 1);\n\n this.pointClass = curve.point().constructor;\n this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n message = parseBytes(message);\n var key = this.keyFromSecret(secret);\n var r = this.hashInt(key.messagePrefix(), message);\n var R = this.g.mul(r);\n var Rencoded = this.encodePoint(R);\n var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n .mul(key.priv());\n var S = r.add(s_).umod(this.curve.n);\n return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n message = parseBytes(message);\n sig = this.makeSignature(sig);\n var key = this.keyFromPublic(pub);\n var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n var SG = this.g.mul(sig.S());\n var RplusAh = sig.R().add(key.pub().mul(h));\n return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n var hash = this.hash();\n for (var i = 0; i < arguments.length; i++)\n hash.update(arguments[i]);\n return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.curve.n.toArray()\n });\n\n return this.keyFromSecret(drbg.generate(32));\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n if (sig instanceof Signature)\n return sig;\n return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n var enc = point.getY().toArray('le', this.encodingLength);\n enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n bytes = utils.parseBytes(bytes);\n\n var lastIx = bytes.length - 1;\n var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n var y = utils.intFromLE(normed);\n return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n return val instanceof this.pointClass;\n};\n","'use strict';\n\nvar elliptic = exports;\n\nelliptic.utils = require('./elliptic/utils');\nelliptic.rand = require('brorand');\nelliptic.curve = require('./elliptic/curve');\nelliptic.curves = require('./elliptic/curves');\n\n// Protocols\nelliptic.ec = require('./elliptic/ec');\nelliptic.eddsa = require('./elliptic/eddsa');\n"],"names":["r","utils","exports","zero2","word","length","toHex","msg","res","i","toString","toArray","enc","Array","isArray","slice","replace","push","parseInt","c","charCodeAt","hi","lo","encode","arr","assert","minAssert","minUtils","getNAF","num","w","naf","ws","k","clone","cmpn","z","isOdd","mod","andln","isubn","shift","iushrn","getJSF","k1","k2","jsf","d1","d2","u1","u2","m8","m14","m24","cachedProperty","obj","name","computer","key","prototype","undefined","this","call","parseBytes","bytes","intFromLE","BN","len","Rand","generate","rand","_rand","n","getBytes","Uint8Array","getByte","self","crypto","getRandomValues","msCrypto","window","Error","randomBytes","e","BaseCurve","type","conf","p","red","prime","mont","zero","toRed","one","two","g","pointFromJSON","gRed","_wnafT1","_wnafT2","_wnafT3","_wnafT4","adjustCount","div","redN","_maxwellTrick","BasePoint","curve","precomputed","point","validate","_fixedNafMul","doubles","_getDoubles","I","step","repr","j","nafW","a","jpoint","b","mixedAdd","points","neg","add","toP","_wnafMul","nafPoints","_getNAFPoints","wnd","acc","dblp","_wnafMulAdd","defW","coeffs","jacobianResult","wndWidth","max","comb","y","cmp","toJ","redNeg","index","Math","ja","jb","tmp","eq","decodePoint","byteLength","pointFromX","encodeCompressed","_encode","compact","x","getX","getY","isEven","concat","precompute","power","beta","_getBeta","_hasDoubles","ceil","bitLength","dbl","ShortCurve","Base","tinv","redInvm","zeroA","fromRed","threeA","sub","endo","_getEndomorphism","_endoWnafT1","_endoWnafT2","inherits","Point","isRed","inf","forceRed","JPoint","zOne","MontCurve","i4","a24","redMul","redAdd","modn","lambda","betas","_getEndoRoots","lambdas","mul","basis","map","vec","_getEndoBasis","ntinv","s","redSqrt","redSub","a0","b0","a1","b1","a2","b2","prevR","aprxSqrt","ushrn","floor","u","v","x1","y1","x2","y2","q","len1","sqr","negative","_endoSplit","v1","v2","c1","divRound","c2","p1","p2","q1","q2","odd","redSqr","redIAdd","ax","rhs","redISub","_endoWnafMulAdd","npoints","ncoeffs","split","ineg","fromJSON","pre","endoMul","toJSON","JSON","parse","obj2point","inspect","isInfinity","nx","ny","ys1","dyinv","mulAdd","jmulAdd","_precompute","negate","zinv","zinv2","ay","pz2","z2","s1","s2","h","h2","h3","nz","pow","jx","jy","jz","jz4","jyd","jx2","jyd2","jyd4","t1","t2","dny","_zeroDbl","_threeDbl","_dbl","xx","yy","yyyy","m","t","yyyy8","d","f","c8","delta","gamma","alpha","beta4","beta8","ggamma8","jy2","jxd4","jyd8","trpl","zz","mm","ee","yyu4","kbase","z3","pz3","eqXToP","zs","rx","xc","iadd","normalize","reverse","aa","bb","diffAdd","diff","da","cb","bits","jumlAdd","other","EdwardsCurve","twisted","mOneA","extended","umod","dd","oneC","_mulA","_mulC","lhs","pointFromY","_extDbl","nt","_projDbl","_extAdd","_projAdd","zi","base","require$$0","short","require$$1","require$$2","edwards","require$$3","rotl32","sum32","sum32_5","ft_1","shaCommon","BlockHash","common","sha1_K","SHA1","W","blockSize","outSize","hmacStrength","padLength","_update","start","_digest","toHex32","split32","require$$4","Hmac","hash","Hash","inner","outer","_init","update","digest","sha","ripemd","hmac","sha1","sha256","sha224","sha384","sha512","ripemd160","curves","PresetCurve","options","defineCurve","Object","defineProperty","configurable","enumerable","get","value","cofactor","HmacDRBG","predResist","outLen","minEntropy","_reseed","reseedInterval","K","V","entropy","entropyEnc","nonce","nonceEnc","pers","persEnc","seed","_hmac","kmac","reseed","addEnc","temp","KeyPair","ec","priv","pub","_importPrivate","privEnc","_importPublic","pubEnc","fromPublic","fromPrivate","getPublic","result","reason","getPrivate","mask","ushln","or","and","derive","sign","verify","signature","Signature","_importDER","recoveryParam","Position","place","getLength","buf","initial","octetLen","val","off","rmPadding","constructLength","octets","log","LN2","data","rlen","slen","toDER","backHalf","EC","hasOwnProperty","nh","keyPair","keyFromPrivate","keyFromPublic","genKeyPair","drbg","ns2","iaddn","_truncateToN","truncOnly","bitSize","truncateMsg","bkey","ns1","iter","kp","kpX","invm","canonical","_verify","sinv","recoverPubKey","isYOdd","isSecondKey","rInv","getKeyRecoveryParam","Q","Qprime","eddsa","params","_secret","secret","isPoint","_pub","_pubBytes","fromSecret","encodePoint","lastIx","encodingLength","decodeInt","privBytes","message","sig","getSecret","pubBytes","R","S","_R","_S","_Rencoded","Rencoded","_Sencoded","Sencoded","encodeInt","toBytes","toUpperCase","EDDSA","pointClass","constructor","keyFromSecret","hashInt","messagePrefix","s_","makeSignature","SG","arguments","normed","xIsOdd","elliptic","require$$5"],"mappings":";+OAAIA,qBCEJ,IAAIC,EAAQC,EAkCZ,SAASC,EAAMC,GACb,OAAoB,IAAhBA,EAAKC,OACA,IAAMD,EAENA,CACX,CAGA,SAASE,EAAMC,GAEb,IADA,IAAIC,EAAM,GACDC,EAAI,EAAGA,EAAIF,EAAIF,OAAQI,IAC9BD,GAAOL,EAAMI,EAAIE,GAAGC,SAAS,KAC/B,OAAOF,CACT,CAfAP,EAAMU,QA9BN,SAAiBJ,EAAKK,GACpB,GAAIC,MAAMC,QAAQP,GAChB,OAAOA,EAAIQ,QACb,IAAKR,EACH,MAAO,GACT,IAAIC,EAAM,GACV,GAAmB,iBAARD,EAAkB,CAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAIF,EAAIF,OAAQI,IAC9BD,EAAIC,GAAc,EAATF,EAAIE,GACf,OAAOD,EAET,GAAY,QAARI,EAAe,EACjBL,EAAMA,EAAIS,QAAQ,eAAgB,KAC1BX,OAAS,GAAM,IACrBE,EAAM,IAAMA,GACd,IAASE,EAAI,EAAGA,EAAIF,EAAIF,OAAQI,GAAK,EACnCD,EAAIS,KAAKC,SAASX,EAAIE,GAAKF,EAAIE,EAAI,GAAI,UAEzC,IAASA,EAAI,EAAGA,EAAIF,EAAIF,OAAQI,IAAK,CACnC,IAAIU,EAAIZ,EAAIa,WAAWX,GACnBY,EAAKF,GAAK,EACVG,EAAS,IAAJH,EACLE,EACFb,EAAIS,KAAKI,EAAIC,GAEbd,EAAIS,KAAKK,GAGf,OAAOd,CACT,EASAP,EAAME,MAAQA,EAQdF,EAAMK,MAAQA,EAEdL,EAAMsB,OAAS,SAAgBC,EAAKZ,GAClC,MAAY,QAARA,EACKN,EAAMkB,GAENA,CACX,wBCvDA,IAAIvB,EAAQC,EAKZD,EAAMwB,OAASC,EACfzB,EAAMU,QAAUgB,EAAShB,QACzBV,EAAME,MAAQwB,EAASxB,MACvBF,EAAMK,MAAQqB,EAASrB,MACvBL,EAAMsB,OAASI,EAASJ,OA8BxBtB,EAAM2B,OA3BN,SAAgBC,EAAKC,GAInB,IAHA,IAAIC,EAAM,GACNC,EAAK,GAAMF,EAAI,EACfG,EAAIJ,EAAIK,QACLD,EAAEE,KAAK,IAAM,GAAG,CACrB,IAAIC,EACJ,GAAIH,EAAEI,QAAS,CACb,IAAIC,EAAML,EAAEM,MAAMP,EAAK,GAErBI,EADEE,GAAON,GAAM,GAAK,GACfA,GAAM,GAAKM,EAEZA,EACNL,EAAEO,MAAMJ,QAERA,EAAI,EAENL,EAAId,KAAKmB,GAIT,IADA,IAAIK,EAAuB,IAAdR,EAAEE,KAAK,IAAgC,IAApBF,EAAEM,MAAMP,EAAK,GAAaF,EAAI,EAAK,EAC1DrB,EAAI,EAAGA,EAAIgC,EAAOhC,IACzBsB,EAAId,KAAK,GACXgB,EAAES,OAAOD,GAGX,OAAOV,CACT,EA0DA9B,EAAM0C,OAtDN,SAAgBC,EAAIC,GAClB,IAAIC,EAAM,CACR,GACA,IAGFF,EAAKA,EAAGV,QACRW,EAAKA,EAAGX,QAGR,IAFA,IAAIa,EAAK,EACLC,EAAK,EACFJ,EAAGT,MAAMY,GAAM,GAAKF,EAAGV,MAAMa,GAAM,GAAG,CAG3C,IAMIC,EAYAC,EAIEC,EAtBFC,EAAOR,EAAGL,MAAM,GAAKQ,EAAM,EAC3BM,EAAOR,EAAGN,MAAM,GAAKS,EAAM,EAM/B,GALY,IAARI,IACFA,GAAO,GACG,IAARC,IACFA,GAAO,GAES,IAAP,EAAND,GACHH,EAAK,OAMHA,EAHU,KADRE,EAAMP,EAAGL,MAAM,GAAKQ,EAAM,IACN,IAAPI,GAAqB,IAARE,EAGvBD,GAFCA,EAOV,GAHAN,EAAI,GAAG7B,KAAKgC,GAGM,IAAP,EAANI,GACHH,EAAK,OAMHA,EAHU,KADRC,EAAMN,EAAGN,MAAM,GAAKS,EAAM,IACN,IAAPG,GAAqB,IAARC,EAGvBC,GAFCA,EAIVP,EAAI,GAAG7B,KAAKiC,GAGR,EAAIH,IAAOE,EAAK,IAClBF,EAAK,EAAIA,GACP,EAAIC,IAAOE,EAAK,IAClBF,EAAK,EAAIA,GACXJ,EAAGF,OAAO,GACVG,EAAGH,OAAO,GAGZ,OAAOI,CACT,EAUA7C,EAAMqD,eAPN,SAAwBC,EAAKC,EAAMC,GACjC,IAAIC,EAAM,IAAMF,EAChBD,EAAII,UAAUH,GAAQ,WACpB,YAAqBI,IAAdC,KAAKH,GAAqBG,KAAKH,GAC/BG,KAAKH,GAAOD,EAASK,KAAKD,MAErC,EAOA5D,EAAM8D,WAJN,SAAoBC,GAClB,MAAwB,iBAAVA,EAAqB/D,EAAMU,QAAQqD,EAAO,OACrBA,CACrC,EAMA/D,EAAMgE,UAHN,SAAmBD,GACjB,OAAO,IAAIE,EAAGF,EAAO,MAAO,KAC9B,OFnHiB,SAAcG,GAI7B,OAHKnE,IACHA,EAAI,IAAIoE,EAAK,OAERpE,EAAEqE,SAASF,EACpB,EAEA,SAASC,EAAKE,GACZT,KAAKS,KAAOA,CACd,CACA,MAAsBF,EAiBtB,GAfAA,EAAKT,UAAUU,SAAW,SAAkBF,GAC1C,OAAON,KAAKU,MAAMJ,EACpB,EAGAC,EAAKT,UAAUY,MAAQ,SAAeC,GACpC,GAAIX,KAAKS,KAAKG,SACZ,OAAOZ,KAAKS,KAAKG,SAASD,GAG5B,IADA,IAAIhE,EAAM,IAAIkE,WAAWF,GAChB/D,EAAI,EAAGA,EAAID,EAAIH,OAAQI,IAC9BD,EAAIC,GAAKoD,KAAKS,KAAKK,UACrB,OAAOnE,CACT,EAEoB,iBAAToE,KACLA,KAAKC,QAAUD,KAAKC,OAAOC,gBAE7BV,EAAKT,UAAUY,MAAQ,SAAeC,GACpC,IAAIhD,EAAM,IAAIkD,WAAWF,GAEzB,OADAI,KAAKC,OAAOC,gBAAgBtD,GACrBA,GAEAoD,KAAKG,UAAYH,KAAKG,SAASD,gBAExCV,EAAKT,UAAUY,MAAQ,SAAeC,GACpC,IAAIhD,EAAM,IAAIkD,WAAWF,GAEzB,OADAI,KAAKG,SAASD,gBAAgBtD,GACvBA,GAIkB,iBAAXwD,SAEhBZ,EAAKT,UAAUY,MAAQ,WACrB,MAAUU,MAAM,8BAKpB,IACE,IAAIJ,OAAS,EACb,GAAkC,mBAAvBA,EAAOK,YAChB,MAAUD,MAAM,iBAElBb,EAAKT,UAAUY,MAAQ,SAAeC,GACpC,OAAOK,EAAOK,YAAYV,IAE5B,MAAOW,aG1DX,IAAIvD,EAAS3B,EAAM2B,OACfe,EAAS1C,EAAM0C,OACflB,EAASxB,EAAMwB,OAEnB,SAAS2D,EAAUC,EAAMC,GACvBzB,KAAKwB,KAAOA,EACZxB,KAAK0B,EAAI,IAAIrB,EAAGoB,EAAKC,EAAG,IAGxB1B,KAAK2B,IAAMF,EAAKG,MAAQvB,EAAGsB,IAAIF,EAAKG,OAASvB,EAAGwB,KAAK7B,KAAK0B,GAG1D1B,KAAK8B,KAAO,IAAIzB,EAAG,GAAG0B,MAAM/B,KAAK2B,KACjC3B,KAAKgC,IAAM,IAAI3B,EAAG,GAAG0B,MAAM/B,KAAK2B,KAChC3B,KAAKiC,IAAM,IAAI5B,EAAG,GAAG0B,MAAM/B,KAAK2B,KAGhC3B,KAAKW,EAAIc,EAAKd,GAAK,IAAIN,EAAGoB,EAAKd,EAAG,IAClCX,KAAKkC,EAAIT,EAAKS,GAAKlC,KAAKmC,cAAcV,EAAKS,EAAGT,EAAKW,MAGnDpC,KAAKqC,eACLrC,KAAKsC,eACLtC,KAAKuC,eACLvC,KAAKwC,eAGL,IAAIC,EAAczC,KAAKW,GAAKX,KAAK0B,EAAEgB,IAAI1C,KAAKW,IACvC8B,GAAeA,EAAYnE,KAAK,KAAO,EAC1C0B,KAAK2C,KAAO,MAEZ3C,KAAK4C,eAAgB,EACrB5C,KAAK2C,KAAO3C,KAAKW,EAAEoB,MAAM/B,KAAK2B,KAElC,CACA,MAAiBJ,EAgNjB,SAASsB,EAAUC,EAAOtB,GACxBxB,KAAK8C,MAAQA,EACb9C,KAAKwB,KAAOA,EACZxB,KAAK+C,YAAc,IACrB,CAlNAxB,EAAUzB,UAAUkD,MAAQ,WAC1B,MAAU5B,MAAM,kBAClB,EAEAG,EAAUzB,UAAUmD,SAAW,WAC7B,MAAU7B,MAAM,kBAClB,EAEAG,EAAUzB,UAAUoD,aAAe,SAAsBxB,EAAGtD,GAC1DR,EAAO8D,EAAEqB,aACT,IAAII,EAAUzB,EAAE0B,cAEZlF,EAAMH,EAAOK,EAAG,GAChBiF,GAAK,GAAMF,EAAQG,KAAO,IAAOH,EAAQG,KAAO,GAAM,EAAI,EAAI,GAClED,GAAK,EAIL,IADA,IAAIE,EAAO,GACFC,EAAI,EAAGA,EAAItF,EAAI1B,OAAQgH,GAAKL,EAAQG,KAAM,CACjD,IAAIG,EAAO,EACX,IAASrF,EAAIoF,EAAIL,EAAQG,KAAO,EAAGlF,GAAKoF,EAAGpF,IACzCqF,GAAQA,GAAQ,GAAKvF,EAAIE,GAC3BmF,EAAKnG,KAAKqG,GAKZ,IAFA,IAAIC,EAAI1D,KAAK2D,OAAO,KAAM,KAAM,MAC5BC,EAAI5D,KAAK2D,OAAO,KAAM,KAAM,MACvB/G,EAAIyG,EAAGzG,EAAI,EAAGA,IAAK,CAC1B,IAAS4G,EAAI,EAAGA,EAAID,EAAK/G,OAAQgH,IAAK,EAChCC,EAAOF,EAAKC,MACH5G,EACXgH,EAAIA,EAAEC,SAASV,EAAQW,OAAON,IACvBC,KAAU7G,IACjBgH,EAAIA,EAAEC,SAASV,EAAQW,OAAON,GAAGO,QAErCL,EAAIA,EAAEM,IAAIJ,GAEZ,OAAOF,EAAEO,KACX,EAEA1C,EAAUzB,UAAUoE,SAAW,SAAkBxC,EAAGtD,GAClD,IAAIH,EAAI,EAGJkG,EAAYzC,EAAE0C,cAAcnG,GAChCA,EAAIkG,EAAUE,IAQd,IAPA,IAAIA,EAAMF,EAAUL,OAGhB5F,EAAMH,EAAOK,EAAGH,GAGhBqG,EAAMtE,KAAK2D,OAAO,KAAM,KAAM,MACzB/G,EAAIsB,EAAI1B,OAAS,EAAGI,GAAK,EAAGA,IAAK,CAExC,IAASwB,EAAI,EAAGxB,GAAK,GAAgB,IAAXsB,EAAItB,GAAUA,IACtCwB,IAKF,GAJIxB,GAAK,GACPwB,IACFkG,EAAMA,EAAIC,KAAKnG,GAEXxB,EAAI,EACN,MACF,IAAI2B,EAAIL,EAAItB,GACZgB,EAAa,IAANW,GAIH+F,EAHW,WAAX5C,EAAEF,KAEAjD,EAAI,EACA+F,EAAIT,SAASQ,EAAK9F,EAAI,GAAM,IAE5B+F,EAAIT,SAASQ,GAAM9F,EAAI,GAAM,GAAGwF,OAGpCxF,EAAI,EACA+F,EAAIN,IAAIK,EAAK9F,EAAI,GAAM,IAEvB+F,EAAIN,IAAIK,GAAM9F,EAAI,GAAM,GAAGwF,OAGvC,MAAkB,WAAXrC,EAAEF,KAAoB8C,EAAIL,MAAQK,CAC3C,EAEA/C,EAAUzB,UAAU0E,YAAc,SAAqBC,EACAX,EACAY,EACApE,EACAqE,GAOrD,IANA,IAAIC,EAAW5E,KAAKqC,QAChBgC,EAAMrE,KAAKsC,QACXpE,EAAM8B,KAAKuC,QAGXsC,EAAM,EACDjI,EAAI,EAAGA,EAAI0D,EAAK1D,IAAK,CAC5B,IACIuH,GADAzC,EAAIoC,EAAOlH,IACGwH,cAAcK,GAChCG,EAAShI,GAAKuH,EAAUE,IACxBA,EAAIzH,GAAKuH,EAAUL,OAIrB,IAASlH,EAAI0D,EAAM,EAAG1D,GAAK,EAAGA,GAAK,EAAG,CACpC,IAAI8G,EAAI9G,EAAI,EACRgH,EAAIhH,EACR,GAAoB,IAAhBgI,EAASlB,IAA4B,IAAhBkB,EAAShB,GAAlC,CAQA,IAAIkB,EAAO,CACThB,EAAOJ,GACP,KACA,KACAI,EAAOF,IAI4B,IAAjCE,EAAOJ,GAAGqB,EAAEC,IAAIlB,EAAOF,GAAGmB,IAC5BD,EAAK,GAAKhB,EAAOJ,GAAGM,IAAIF,EAAOF,IAC/BkB,EAAK,GAAKhB,EAAOJ,GAAGuB,MAAMpB,SAASC,EAAOF,GAAGG,QACM,IAA1CD,EAAOJ,GAAGqB,EAAEC,IAAIlB,EAAOF,GAAGmB,EAAEG,WACrCJ,EAAK,GAAKhB,EAAOJ,GAAGuB,MAAMpB,SAASC,EAAOF,IAC1CkB,EAAK,GAAKhB,EAAOJ,GAAGM,IAAIF,EAAOF,GAAGG,SAElCe,EAAK,GAAKhB,EAAOJ,GAAGuB,MAAMpB,SAASC,EAAOF,IAC1CkB,EAAK,GAAKhB,EAAOJ,GAAGuB,MAAMpB,SAASC,EAAOF,GAAGG,QAG/C,IAAIoB,EAAQ,EACT,GACA,GACA,GACA,EACD,EACA,EACA,EACA,EACA,GAGElG,EAAMH,EAAO4F,EAAOhB,GAAIgB,EAAOd,IACnCiB,EAAMO,KAAKP,IAAI5F,EAAI,GAAGzC,OAAQqI,GAC9B3G,EAAIwF,GAAS1G,MAAM6H,GACnB3G,EAAI0F,GAAS5G,MAAM6H,GACnB,IAAK,IAAIrB,EAAI,EAAGA,EAAIqB,EAAKrB,IAAK,CAC5B,IAAI6B,EAAiB,EAAZpG,EAAI,GAAGuE,GACZ8B,EAAiB,EAAZrG,EAAI,GAAGuE,GAEhBtF,EAAIwF,GAAGF,GAAK2B,EAAiB,GAAVE,EAAK,IAAUC,EAAK,IACvCpH,EAAI0F,GAAGJ,GAAK,EACZa,EAAIX,GAAKoB,QAhDT5G,EAAIwF,GAAK3F,EAAO2G,EAAOhB,GAAIkB,EAASlB,IACpCxF,EAAI0F,GAAK7F,EAAO2G,EAAOd,GAAIgB,EAAShB,IACpCiB,EAAMO,KAAKP,IAAI3G,EAAIwF,GAAGlH,OAAQqI,GAC9BA,EAAMO,KAAKP,IAAI3G,EAAI0F,GAAGpH,OAAQqI,GAiDlC,IAAIP,EAAMtE,KAAK2D,OAAO,KAAM,KAAM,MAC9B4B,EAAMvF,KAAKwC,QACf,IAAS5F,EAAIiI,EAAKjI,GAAK,EAAGA,IAAK,CAG7B,IAFA,IAAIwB,EAAI,EAEDxB,GAAK,GAAG,CACb,IAAIkF,GAAO,EACX,IAAS0B,EAAI,EAAGA,EAAIlD,EAAKkD,IACvB+B,EAAI/B,GAAiB,EAAZtF,EAAIsF,GAAG5G,GACD,IAAX2I,EAAI/B,KACN1B,GAAO,GAEX,IAAKA,EACH,MACF1D,IACAxB,IAKF,GAHIA,GAAK,GACPwB,IACFkG,EAAMA,EAAIC,KAAKnG,GACXxB,EAAI,EACN,MAEF,IAAS4G,EAAI,EAAGA,EAAIlD,EAAKkD,IAAK,CAC5B,IACI9B,EADAnD,EAAIgH,EAAI/B,GAEF,IAANjF,IAEKA,EAAI,EACXmD,EAAI2C,EAAIb,GAAIjF,EAAI,GAAM,GACfA,EAAI,IACXmD,EAAI2C,EAAIb,IAAKjF,EAAI,GAAM,GAAGwF,OAG1BO,EADa,WAAX5C,EAAEF,KACE8C,EAAIT,SAASnC,GAEb4C,EAAIN,IAAItC,KAIpB,IAAS9E,EAAI,EAAGA,EAAI0D,EAAK1D,IACvByH,EAAIzH,GAAK,KAEX,OAAI+H,EACKL,EAEAA,EAAIL,KACf,EAOA1C,EAAUsB,UAAYA,EAEtBA,EAAU/C,UAAU0F,GAAK,WACvB,MAAUpE,MAAM,kBAClB,EAEAyB,EAAU/C,UAAUmD,SAAW,WAC7B,OAAOjD,KAAK8C,MAAMG,SAASjD,KAC7B,EAEAuB,EAAUzB,UAAU2F,YAAc,SAAqBtF,EAAOpD,GAC5DoD,EAAQ/D,EAAMU,QAAQqD,EAAOpD,GAE7B,IAAIuD,EAAMN,KAAK0B,EAAEgE,aAGjB,IAAkB,IAAbvF,EAAM,IAA4B,IAAbA,EAAM,IAA4B,IAAbA,EAAM,KACjDA,EAAM3D,OAAS,GAAM,EAAI8D,EAS3B,OARiB,IAAbH,EAAM,GACRvC,EAAOuC,EAAMA,EAAM3D,OAAS,GAAK,GAAM,GACnB,IAAb2D,EAAM,IACbvC,EAAOuC,EAAMA,EAAM3D,OAAS,GAAK,GAAM,GAE9BwD,KAAKgD,MAAM7C,EAAMjD,MAAM,EAAG,EAAIoD,GACnBH,EAAMjD,MAAM,EAAIoD,EAAK,EAAI,EAAIA,IAG9C,IAAkB,IAAbH,EAAM,IAA4B,IAAbA,EAAM,KAC3BA,EAAM3D,OAAS,IAAM8D,EAC/B,OAAON,KAAK2F,WAAWxF,EAAMjD,MAAM,EAAG,EAAIoD,GAAmB,IAAbH,EAAM,IAExD,MAAUiB,MAAM,uBAClB,EAEAyB,EAAU/C,UAAU8F,iBAAmB,SAA0B7I,GAC/D,OAAOiD,KAAKtC,OAAOX,GAAK,EAC1B,EAEA8F,EAAU/C,UAAU+F,QAAU,SAAiBC,GAC7C,IAAIxF,EAAMN,KAAK8C,MAAMpB,EAAEgE,aACnBK,EAAI/F,KAAKgG,OAAOlJ,QAAQ,KAAMwD,GAElC,OAAIwF,EACK,CAAE9F,KAAKiG,OAAOC,SAAW,EAAO,GAAOC,OAAOJ,GAEhD,CAAE,GAAOI,OAAOJ,EAAG/F,KAAKiG,OAAOnJ,QAAQ,KAAMwD,GACtD,EAEAuC,EAAU/C,UAAUpC,OAAS,SAAgBX,EAAK+I,GAChD,OAAO1J,EAAMsB,OAAOsC,KAAK6F,QAAQC,GAAU/I,EAC7C,EAEA8F,EAAU/C,UAAUsG,WAAa,SAAoBC,GACnD,GAAIrG,KAAK+C,YACP,OAAO/C,KAET,IAAI+C,EAAc,CAChBI,QAAS,KACTjF,IAAK,KACLoI,KAAM,MAOR,OALAvD,EAAY7E,IAAM8B,KAAKoE,cAAc,GACrCrB,EAAYI,QAAUnD,KAAKoD,YAAY,EAAGiD,GAC1CtD,EAAYuD,KAAOtG,KAAKuG,WACxBvG,KAAK+C,YAAcA,EAEZ/C,IACT,EAEA6C,EAAU/C,UAAU0G,YAAc,SAAqBpI,GACrD,IAAK4B,KAAK+C,YACR,OAAO,EAET,IAAII,EAAUnD,KAAK+C,YAAYI,QAC/B,QAAKA,GAGEA,EAAQW,OAAOtH,QAAU4I,KAAKqB,MAAMrI,EAAEsI,YAAc,GAAKvD,EAAQG,KAC1E,EAEAT,EAAU/C,UAAUsD,YAAc,SAAqBE,EAAM+C,GAC3D,GAAIrG,KAAK+C,aAAe/C,KAAK+C,YAAYI,QACvC,OAAOnD,KAAK+C,YAAYI,QAI1B,IAFA,IAAIA,EAAU,CAAEnD,MACZsE,EAAMtE,KACDpD,EAAI,EAAGA,EAAIyJ,EAAOzJ,GAAK0G,EAAM,CACpC,IAAK,IAAIE,EAAI,EAAGA,EAAIF,EAAME,IACxBc,EAAMA,EAAIqC,MACZxD,EAAQ/F,KAAKkH,GAEf,MAAO,CACLhB,KAAMA,EACNQ,OAAQX,EAEZ,EAEAN,EAAU/C,UAAUsE,cAAgB,SAAuBC,GACzD,GAAIrE,KAAK+C,aAAe/C,KAAK+C,YAAY7E,IACvC,OAAO8B,KAAK+C,YAAY7E,IAK1B,IAHA,IAAIvB,EAAM,CAAEqD,MACR6E,GAAO,GAAKR,GAAO,EACnBsC,EAAc,IAAR9B,EAAY,KAAO7E,KAAK2G,MACzB/J,EAAI,EAAGA,EAAIiI,EAAKjI,IACvBD,EAAIC,GAAKD,EAAIC,EAAI,GAAGoH,IAAI2C,GAC1B,MAAO,CACLtC,IAAKA,EACLP,OAAQnH,EAEZ,EAEAkG,EAAU/C,UAAUyG,SAAW,WAC7B,OAAO,IACT,EAEA1D,EAAU/C,UAAUyE,KAAO,SAAcnG,GAEvC,IADA,IAAIjC,EAAI6D,KACCpD,EAAI,EAAGA,EAAIwB,EAAGxB,IACrBT,EAAIA,EAAEwK,MACR,OAAOxK,CACT,EC9WA,IAAIyB,EAASxB,EAAMwB,OAEnB,SAASgJ,EAAWnF,GAClBoF,EAAK5G,KAAKD,KAAM,QAASyB,GAEzBzB,KAAK0D,EAAI,IAAIrD,EAAGoB,EAAKiC,EAAG,IAAI3B,MAAM/B,KAAK2B,KACvC3B,KAAK4D,EAAI,IAAIvD,EAAGoB,EAAKmC,EAAG,IAAI7B,MAAM/B,KAAK2B,KACvC3B,KAAK8G,KAAO9G,KAAKiC,IAAI8E,UAErB/G,KAAKgH,MAAqC,IAA7BhH,KAAK0D,EAAEuD,UAAU3I,KAAK,GACnC0B,KAAKkH,OAAmD,IAA1ClH,KAAK0D,EAAEuD,UAAUE,IAAInH,KAAK0B,GAAGpD,MAAM,GAGjD0B,KAAKoH,KAAOpH,KAAKqH,iBAAiB5F,GAClCzB,KAAKsH,mBACLtH,KAAKuH,kBACP,CACAC,EAASZ,EAAYC,GACrB,MAAiBD,EAiOjB,SAASa,EAAM3E,EAAOiD,EAAGhB,EAAG2C,GAC1Bb,EAAKhE,UAAU5C,KAAKD,KAAM8C,EAAO,UACvB,OAANiD,GAAoB,OAANhB,GAChB/E,KAAK+F,EAAI,KACT/F,KAAK+E,EAAI,KACT/E,KAAK2H,KAAM,IAEX3H,KAAK+F,EAAI,IAAI1F,EAAG0F,EAAG,IACnB/F,KAAK+E,EAAI,IAAI1E,EAAG0E,EAAG,IAEf2C,IACF1H,KAAK+F,EAAE6B,SAAS5H,KAAK8C,MAAMnB,KAC3B3B,KAAK+E,EAAE6C,SAAS5H,KAAK8C,MAAMnB,MAExB3B,KAAK+F,EAAEpE,MACV3B,KAAK+F,EAAI/F,KAAK+F,EAAEhE,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAK+E,EAAEpD,MACV3B,KAAK+E,EAAI/E,KAAK+E,EAAEhD,MAAM/B,KAAK8C,MAAMnB,MACnC3B,KAAK2H,KAAM,EAEf,CA2NA,SAASE,EAAO/E,EAAOiD,EAAGhB,EAAGxG,GAC3BsI,EAAKhE,UAAU5C,KAAKD,KAAM8C,EAAO,YACvB,OAANiD,GAAoB,OAANhB,GAAoB,OAANxG,GAC9ByB,KAAK+F,EAAI/F,KAAK8C,MAAMd,IACpBhC,KAAK+E,EAAI/E,KAAK8C,MAAMd,IACpBhC,KAAKzB,EAAI,IAAI8B,EAAG,KAEhBL,KAAK+F,EAAI,IAAI1F,EAAG0F,EAAG,IACnB/F,KAAK+E,EAAI,IAAI1E,EAAG0E,EAAG,IACnB/E,KAAKzB,EAAI,IAAI8B,EAAG9B,EAAG,KAEhByB,KAAK+F,EAAEpE,MACV3B,KAAK+F,EAAI/F,KAAK+F,EAAEhE,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAK+E,EAAEpD,MACV3B,KAAK+E,EAAI/E,KAAK+E,EAAEhD,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAKzB,EAAEoD,MACV3B,KAAKzB,EAAIyB,KAAKzB,EAAEwD,MAAM/B,KAAK8C,MAAMnB,MAEnC3B,KAAK8H,KAAO9H,KAAKzB,IAAMyB,KAAK8C,MAAMd,GACpC,CCpfA,SAAS+F,EAAUtG,GACjBoF,EAAK5G,KAAKD,KAAM,OAAQyB,GAExBzB,KAAK0D,EAAI,IAAIrD,EAAGoB,EAAKiC,EAAG,IAAI3B,MAAM/B,KAAK2B,KACvC3B,KAAK4D,EAAI,IAAIvD,EAAGoB,EAAKmC,EAAG,IAAI7B,MAAM/B,KAAK2B,KACvC3B,KAAKgI,GAAK,IAAI3H,EAAG,GAAG0B,MAAM/B,KAAK2B,KAAKoF,UACpC/G,KAAKiC,IAAM,IAAI5B,EAAG,GAAG0B,MAAM/B,KAAK2B,KAGhC3B,KAAKiI,IAAMjI,KAAKgI,GAAGE,OAAOlI,KAAK0D,EAAEyE,OAAOnI,KAAKiC,KAC/C,CDSA2E,EAAW9G,UAAUuH,iBAAmB,SAA0B5F,GAEhE,GAAKzB,KAAKgH,OAAUhH,KAAKkC,GAAMlC,KAAKW,GAAwB,IAAnBX,KAAK0B,EAAE0G,KAAK,GAArD,CAIA,IAAI9B,EACA+B,EACJ,GAAI5G,EAAK6E,KACPA,EAAO,IAAIjG,EAAGoB,EAAK6E,KAAM,IAAIvE,MAAM/B,KAAK2B,SACnC,CACL,IAAI2G,EAAQtI,KAAKuI,cAAcvI,KAAK0B,GAGpC4E,GADAA,EAAOgC,EAAM,GAAGtD,IAAIsD,EAAM,IAAM,EAAIA,EAAM,GAAKA,EAAM,IACzCvG,MAAM/B,KAAK2B,KAEzB,GAAIF,EAAK4G,OACPA,EAAS,IAAIhI,EAAGoB,EAAK4G,OAAQ,QACxB,CAEL,IAAIG,EAAUxI,KAAKuI,cAAcvI,KAAKW,GACsB,IAAxDX,KAAKkC,EAAEuG,IAAID,EAAQ,IAAIzC,EAAEf,IAAIhF,KAAKkC,EAAE6D,EAAEmC,OAAO5B,IAC/C+B,EAASG,EAAQ,IAEjBH,EAASG,EAAQ,GACjB5K,EAA2D,IAApDoC,KAAKkC,EAAEuG,IAAIJ,GAAQtC,EAAEf,IAAIhF,KAAKkC,EAAE6D,EAAEmC,OAAO5B,MAiBpD,MAAO,CACLA,KAAMA,EACN+B,OAAQA,EACRK,MAdEjH,EAAKiH,MACCjH,EAAKiH,MAAMC,KAAI,SAASC,GAC9B,MAAO,CACLlF,EAAG,IAAIrD,EAAGuI,EAAIlF,EAAG,IACjBE,EAAG,IAAIvD,EAAGuI,EAAIhF,EAAG,QAIb5D,KAAK6I,cAAcR,IAQ/B,EAEAzB,EAAW9G,UAAUyI,cAAgB,SAAuBvK,GAI1D,IAAI2D,EAAM3D,IAAQgC,KAAK0B,EAAI1B,KAAK2B,IAAMtB,EAAGwB,KAAK7D,GAC1C8I,EAAO,IAAIzG,EAAG,GAAG0B,MAAMJ,GAAKoF,UAC5B+B,EAAQhC,EAAK5B,SAEb6D,EAAI,IAAI1I,EAAG,GAAG0B,MAAMJ,GAAKuD,SAAS8D,UAAUd,OAAOpB,GAIvD,MAAO,CAFEgC,EAAMX,OAAOY,GAAG9B,UAChB6B,EAAMG,OAAOF,GAAG9B,UAE3B,EAEAL,EAAW9G,UAAU+I,cAAgB,SAAuBR,GA2B1D,IAzBA,IAYIa,EACAC,EAEAC,EACAC,EAEAC,EACAC,EAEAC,EAEArN,EACA4J,EAxBA0D,EAAWzJ,KAAKW,EAAE+I,MAAMtE,KAAKuE,MAAM3J,KAAKW,EAAE+F,YAAc,IAIxDkD,EAAIvB,EACJwB,EAAI7J,KAAKW,EAAEtC,QACXyL,EAAK,IAAIzJ,EAAG,GACZ0J,EAAK,IAAI1J,EAAG,GACZ2J,EAAK,IAAI3J,EAAG,GACZ4J,EAAK,IAAI5J,EAAG,GAaZzD,EAAI,EAGa,IAAdgN,EAAEtL,KAAK,IAAU,CACtB,IAAI4L,EAAIL,EAAEnH,IAAIkH,GACdzN,EAAI0N,EAAE1C,IAAI+C,EAAEzB,IAAImB,IAChB7D,EAAIiE,EAAG7C,IAAI+C,EAAEzB,IAAIqB,IACjB,IAAI/E,EAAIkF,EAAG9C,IAAI+C,EAAEzB,IAAIsB,IAErB,IAAKX,GAAMjN,EAAE6I,IAAIyE,GAAY,EAC3BP,EAAKM,EAAMzF,MACXoF,EAAKW,EACLV,EAAKjN,EAAE4H,MACPsF,EAAKtD,OACA,GAAIqD,GAAc,KAANxM,EACjB,MAEF4M,EAAQrN,EAER0N,EAAID,EACJA,EAAIzN,EACJ6N,EAAKF,EACLA,EAAK/D,EACLkE,EAAKF,EACLA,EAAKhF,EAEPuE,EAAKnN,EAAE4H,MACPwF,EAAKxD,EAEL,IAAIoE,EAAOf,EAAGgB,MAAMpG,IAAIqF,EAAGe,OAiB3B,OAhBWd,EAAGc,MAAMpG,IAAIuF,EAAGa,OAClBpF,IAAImF,IAAS,IACpBb,EAAKJ,EACLK,EAAKJ,GAIHC,EAAGiB,WACLjB,EAAKA,EAAGrF,MACRsF,EAAKA,EAAGtF,OAENuF,EAAGe,WACLf,EAAKA,EAAGvF,MACRwF,EAAKA,EAAGxF,OAGH,CACL,CAAEL,EAAG0F,EAAIxF,EAAGyF,GACZ,CAAE3F,EAAG4F,EAAI1F,EAAG2F,GAEhB,EAEA3C,EAAW9G,UAAUwK,WAAa,SAAoBlM,GACpD,IAAIsK,EAAQ1I,KAAKoH,KAAKsB,MAClB6B,EAAK7B,EAAM,GACX8B,EAAK9B,EAAM,GAEX+B,EAAKD,EAAG5G,EAAE6E,IAAIrK,GAAGsM,SAAS1K,KAAKW,GAC/BgK,EAAKJ,EAAG3G,EAAEG,MAAM0E,IAAIrK,GAAGsM,SAAS1K,KAAKW,GAErCiK,EAAKH,EAAGhC,IAAI8B,EAAG7G,GACfmH,EAAKF,EAAGlC,IAAI+B,EAAG9G,GACfoH,EAAKL,EAAGhC,IAAI8B,EAAG3G,GACfmH,EAAKJ,EAAGlC,IAAI+B,EAAG5G,GAKnB,MAAO,CAAE7E,GAFAX,EAAE+I,IAAIyD,GAAIzD,IAAI0D,GAEN7L,GADR8L,EAAG9G,IAAI+G,GAAIhH,MAEtB,EAEA6C,EAAW9G,UAAU6F,WAAa,SAAoBI,EAAGiF,IACvDjF,EAAI,IAAI1F,EAAG0F,EAAG,KACPpE,MACLoE,EAAIA,EAAEhE,MAAM/B,KAAK2B,MAEnB,IAAIsI,EAAKlE,EAAEkF,SAAS/C,OAAOnC,GAAGmF,QAAQnF,EAAEmC,OAAOlI,KAAK0D,IAAIwH,QAAQlL,KAAK4D,GACjEmB,EAAIkF,EAAGjB,UACX,GAA6C,IAAzCjE,EAAEkG,SAAShC,OAAOgB,GAAIjF,IAAIhF,KAAK8B,MACjC,MAAUV,MAAM,iBAIlB,IAAI5C,EAAQuG,EAAEkC,UAAUzI,QAIxB,OAHIwM,IAAQxM,IAAUwM,GAAOxM,KAC3BuG,EAAIA,EAAEG,UAEDlF,KAAKgD,MAAM+C,EAAGhB,EACvB,EAEA6B,EAAW9G,UAAUmD,SAAW,SAAkBD,GAChD,GAAIA,EAAM2E,IACR,OAAO,EAET,IAAI5B,EAAI/C,EAAM+C,EACVhB,EAAI/B,EAAM+B,EAEVoG,EAAKnL,KAAK0D,EAAEwE,OAAOnC,GACnBqF,EAAMrF,EAAEkF,SAAS/C,OAAOnC,GAAGmF,QAAQC,GAAID,QAAQlL,KAAK4D,GACxD,OAA2C,IAApCmB,EAAEkG,SAASI,QAAQD,GAAK9M,KAAK,EACtC,EAEAsI,EAAW9G,UAAUwL,gBACjB,SAAyBxH,EAAQY,EAAQC,GAG3C,IAFA,IAAI4G,EAAUvL,KAAKsH,YACfkE,EAAUxL,KAAKuH,YACV3K,EAAI,EAAGA,EAAIkH,EAAOtH,OAAQI,IAAK,CACtC,IAAI6O,EAAQzL,KAAKsK,WAAW5F,EAAO9H,IAC/B8E,EAAIoC,EAAOlH,GACX0J,EAAO5E,EAAE6E,WAETkF,EAAM1M,GAAGsL,WACXoB,EAAM1M,GAAG2M,OACThK,EAAIA,EAAEqC,KAAI,IAER0H,EAAMzM,GAAGqL,WACXoB,EAAMzM,GAAG0M,OACTpF,EAAOA,EAAKvC,KAAI,IAGlBwH,EAAY,EAAJ3O,GAAS8E,EACjB6J,EAAY,EAAJ3O,EAAQ,GAAK0J,EACrBkF,EAAY,EAAJ5O,GAAS6O,EAAM1M,GACvByM,EAAY,EAAJ5O,EAAQ,GAAK6O,EAAMzM,GAK7B,IAHA,IAAIrC,EAAMqD,KAAKwE,YAAY,EAAG+G,EAASC,EAAa,EAAJ5O,EAAO+H,GAG9CnB,EAAI,EAAGA,EAAQ,EAAJ5G,EAAO4G,IACzB+H,EAAQ/H,GAAK,KACbgI,EAAQhI,GAAK,KAEf,OAAO7G,CACT,EAuBA6K,EAASC,EAAOZ,EAAKhE,WAErB+D,EAAW9G,UAAUkD,MAAQ,SAAe+C,EAAGhB,EAAG2C,GAChD,OAAO,IAAID,EAAMzH,KAAM+F,EAAGhB,EAAG2C,EAC/B,EAEAd,EAAW9G,UAAUqC,cAAgB,SAAuBzC,EAAKiC,GAC/D,OAAO8F,EAAMkE,SAAS3L,KAAMN,EAAKiC,EACnC,EAEA8F,EAAM3H,UAAUyG,SAAW,WACzB,GAAKvG,KAAK8C,MAAMsE,KAAhB,CAGA,IAAIwE,EAAM5L,KAAK+C,YACf,GAAI6I,GAAOA,EAAItF,KACb,OAAOsF,EAAItF,KAEb,IAAIA,EAAOtG,KAAK8C,MAAME,MAAMhD,KAAK+F,EAAEmC,OAAOlI,KAAK8C,MAAMsE,KAAKd,MAAOtG,KAAK+E,GACtE,GAAI6G,EAAK,CACP,IAAI9I,EAAQ9C,KAAK8C,MACb+I,EAAU,SAASnK,GACrB,OAAOoB,EAAME,MAAMtB,EAAEqE,EAAEmC,OAAOpF,EAAMsE,KAAKd,MAAO5E,EAAEqD,IAEpD6G,EAAItF,KAAOA,EACXA,EAAKvD,YAAc,CACjBuD,KAAM,KACNpI,IAAK0N,EAAI1N,KAAO,CACdmG,IAAKuH,EAAI1N,IAAImG,IACbP,OAAQ8H,EAAI1N,IAAI4F,OAAO6E,IAAIkD,IAE7B1I,QAASyI,EAAIzI,SAAW,CACtBG,KAAMsI,EAAIzI,QAAQG,KAClBQ,OAAQ8H,EAAIzI,QAAQW,OAAO6E,IAAIkD,KAIrC,OAAOvF,EACT,EAEAmB,EAAM3H,UAAUgM,OAAS,WACvB,OAAK9L,KAAK+C,YAGH,CAAE/C,KAAK+F,EAAG/F,KAAK+E,EAAG/E,KAAK+C,aAAe,CAC3CI,QAASnD,KAAK+C,YAAYI,SAAW,CACnCG,KAAMtD,KAAK+C,YAAYI,QAAQG,KAC/BQ,OAAQ9D,KAAK+C,YAAYI,QAAQW,OAAO5G,MAAM,IAEhDgB,IAAK8B,KAAK+C,YAAY7E,KAAO,CAC3BmG,IAAKrE,KAAK+C,YAAY7E,IAAImG,IAC1BP,OAAQ9D,KAAK+C,YAAY7E,IAAI4F,OAAO5G,MAAM,MATrC,CAAE8C,KAAK+F,EAAG/F,KAAK+E,EAY1B,EAEA0C,EAAMkE,SAAW,SAAkB7I,EAAOpD,EAAKiC,GAC1B,iBAARjC,IACTA,EAAMqM,KAAKC,MAAMtM,IACnB,IAAI/C,EAAMmG,EAAME,MAAMtD,EAAI,GAAIA,EAAI,GAAIiC,GACtC,IAAKjC,EAAI,GACP,OAAO/C,EAET,SAASsP,EAAUvM,GACjB,OAAOoD,EAAME,MAAMtD,EAAI,GAAIA,EAAI,GAAIiC,GAGrC,IAAIiK,EAAMlM,EAAI,GAYd,OAXA/C,EAAIoG,YAAc,CAChBuD,KAAM,KACNnD,QAASyI,EAAIzI,SAAW,CACtBG,KAAMsI,EAAIzI,QAAQG,KAClBQ,OAAQ,CAAEnH,GAAMwJ,OAAOyF,EAAIzI,QAAQW,OAAO6E,IAAIsD,KAEhD/N,IAAK0N,EAAI1N,KAAO,CACdmG,IAAKuH,EAAI1N,IAAImG,IACbP,OAAQ,CAAEnH,GAAMwJ,OAAOyF,EAAI1N,IAAI4F,OAAO6E,IAAIsD,MAGvCtP,CACT,EAEA8K,EAAM3H,UAAUoM,QAAU,WACxB,OAAIlM,KAAKmM,aACA,sBACF,gBAAkBnM,KAAK+F,EAAEkB,UAAUpK,SAAS,GAAI,GACnD,OAASmD,KAAK+E,EAAEkC,UAAUpK,SAAS,GAAI,GAAK,GAClD,EAEA4K,EAAM3H,UAAUqM,WAAa,WAC3B,OAAOnM,KAAK2H,GACd,EAEAF,EAAM3H,UAAUkE,IAAM,SAAatC,GAEjC,GAAI1B,KAAK2H,IACP,OAAOjG,EAGT,GAAIA,EAAEiG,IACJ,OAAO3H,KAGT,GAAIA,KAAKwF,GAAG9D,GACV,OAAO1B,KAAK2G,MAGd,GAAI3G,KAAK+D,MAAMyB,GAAG9D,GAChB,OAAO1B,KAAK8C,MAAME,MAAM,KAAM,MAGhC,GAAwB,IAApBhD,KAAK+F,EAAEf,IAAItD,EAAEqE,GACf,OAAO/F,KAAK8C,MAAME,MAAM,KAAM,MAEhC,IAAI1F,EAAI0C,KAAK+E,EAAEkE,OAAOvH,EAAEqD,GACN,IAAdzH,EAAEgB,KAAK,KACThB,EAAIA,EAAE4K,OAAOlI,KAAK+F,EAAEkD,OAAOvH,EAAEqE,GAAGgB,YAClC,IAAIqF,EAAK9O,EAAE2N,SAASI,QAAQrL,KAAK+F,GAAGsF,QAAQ3J,EAAEqE,GAC1CsG,EAAK/O,EAAE4K,OAAOlI,KAAK+F,EAAEkD,OAAOmD,IAAKf,QAAQrL,KAAK+E,GAClD,OAAO/E,KAAK8C,MAAME,MAAMoJ,EAAIC,EAC9B,EAEA5E,EAAM3H,UAAU6G,IAAM,WACpB,GAAI3G,KAAK2H,IACP,OAAO3H,KAGT,IAAIsM,EAAMtM,KAAK+E,EAAEoD,OAAOnI,KAAK+E,GAC7B,GAAoB,IAAhBuH,EAAIhO,KAAK,GACX,OAAO0B,KAAK8C,MAAME,MAAM,KAAM,MAEhC,IAAIU,EAAI1D,KAAK8C,MAAMY,EAEfsG,EAAKhK,KAAK+F,EAAEkF,SACZsB,EAAQD,EAAIvF,UACZzJ,EAAI0M,EAAG7B,OAAO6B,GAAIkB,QAAQlB,GAAIkB,QAAQxH,GAAGwE,OAAOqE,GAEhDH,EAAK9O,EAAE2N,SAASI,QAAQrL,KAAK+F,EAAEoC,OAAOnI,KAAK+F,IAC3CsG,EAAK/O,EAAE4K,OAAOlI,KAAK+F,EAAEkD,OAAOmD,IAAKf,QAAQrL,KAAK+E,GAClD,OAAO/E,KAAK8C,MAAME,MAAMoJ,EAAIC,EAC9B,EAEA5E,EAAM3H,UAAUkG,KAAO,WACrB,OAAOhG,KAAK+F,EAAEkB,SAChB,EAEAQ,EAAM3H,UAAUmG,KAAO,WACrB,OAAOjG,KAAK+E,EAAEkC,SAChB,EAEAQ,EAAM3H,UAAU2I,IAAM,SAAarK,GAEjC,OADAA,EAAI,IAAIiC,EAAGjC,EAAG,IACV4B,KAAKmM,aACAnM,KACAA,KAAKwG,YAAYpI,GACjB4B,KAAK8C,MAAMI,aAAalD,KAAM5B,GAC9B4B,KAAK8C,MAAMsE,KACXpH,KAAK8C,MAAMwI,gBAAgB,CAAEtL,MAAQ,CAAE5B,IAEvC4B,KAAK8C,MAAMoB,SAASlE,KAAM5B,EACrC,EAEAqJ,EAAM3H,UAAU0M,OAAS,SAAgBzN,EAAI8L,EAAI7L,GAC/C,IAAI8E,EAAS,CAAE9D,KAAM6K,GACjBnG,EAAS,CAAE3F,EAAIC,GACnB,OAAIgB,KAAK8C,MAAMsE,KACNpH,KAAK8C,MAAMwI,gBAAgBxH,EAAQY,GAEnC1E,KAAK8C,MAAM0B,YAAY,EAAGV,EAAQY,EAAQ,EACrD,EAEA+C,EAAM3H,UAAU2M,QAAU,SAAiB1N,EAAI8L,EAAI7L,GACjD,IAAI8E,EAAS,CAAE9D,KAAM6K,GACjBnG,EAAS,CAAE3F,EAAIC,GACnB,OAAIgB,KAAK8C,MAAMsE,KACNpH,KAAK8C,MAAMwI,gBAAgBxH,EAAQY,GAAQ,GAE3C1E,KAAK8C,MAAM0B,YAAY,EAAGV,EAAQY,EAAQ,GAAG,EACxD,EAEA+C,EAAM3H,UAAU0F,GAAK,SAAY9D,GAC/B,OAAO1B,OAAS0B,GACT1B,KAAK2H,MAAQjG,EAAEiG,MACV3H,KAAK2H,KAA2B,IAApB3H,KAAK+F,EAAEf,IAAItD,EAAEqE,IAAgC,IAApB/F,KAAK+E,EAAEC,IAAItD,EAAEqD,GAChE,EAEA0C,EAAM3H,UAAUiE,IAAM,SAAa2I,GACjC,GAAI1M,KAAK2H,IACP,OAAO3H,KAET,IAAIrD,EAAMqD,KAAK8C,MAAME,MAAMhD,KAAK+F,EAAG/F,KAAK+E,EAAEG,UAC1C,GAAIwH,GAAe1M,KAAK+C,YAAa,CACnC,IAAI6I,EAAM5L,KAAK+C,YACX4J,EAAS,SAASjL,GACpB,OAAOA,EAAEqC,OAEXpH,EAAIoG,YAAc,CAChB7E,IAAK0N,EAAI1N,KAAO,CACdmG,IAAKuH,EAAI1N,IAAImG,IACbP,OAAQ8H,EAAI1N,IAAI4F,OAAO6E,IAAIgE,IAE7BxJ,QAASyI,EAAIzI,SAAW,CACtBG,KAAMsI,EAAIzI,QAAQG,KAClBQ,OAAQ8H,EAAIzI,QAAQW,OAAO6E,IAAIgE,KAIrC,OAAOhQ,CACT,EAEA8K,EAAM3H,UAAUmF,IAAM,WACpB,OAAIjF,KAAK2H,IACA3H,KAAK8C,MAAMa,OAAO,KAAM,KAAM,MAE7B3D,KAAK8C,MAAMa,OAAO3D,KAAK+F,EAAG/F,KAAK+E,EAAG/E,KAAK8C,MAAMd,IAEzD,EAsBAwF,EAASK,EAAQhB,EAAKhE,WAEtB+D,EAAW9G,UAAU6D,OAAS,SAAgBoC,EAAGhB,EAAGxG,GAClD,OAAO,IAAIsJ,EAAO7H,KAAM+F,EAAGhB,EAAGxG,EAChC,EAEAsJ,EAAO/H,UAAUmE,IAAM,WACrB,GAAIjE,KAAKmM,aACP,OAAOnM,KAAK8C,MAAME,MAAM,KAAM,MAEhC,IAAI4J,EAAO5M,KAAKzB,EAAEwI,UACd8F,EAAQD,EAAK3B,SACbE,EAAKnL,KAAK+F,EAAEmC,OAAO2E,GACnBC,EAAK9M,KAAK+E,EAAEmD,OAAO2E,GAAO3E,OAAO0E,GAErC,OAAO5M,KAAK8C,MAAME,MAAMmI,EAAI2B,EAC9B,EAEAjF,EAAO/H,UAAUiE,IAAM,WACrB,OAAO/D,KAAK8C,MAAMa,OAAO3D,KAAK+F,EAAG/F,KAAK+E,EAAEG,SAAUlF,KAAKzB,EACzD,EAEAsJ,EAAO/H,UAAUkE,IAAM,SAAatC,GAElC,GAAI1B,KAAKmM,aACP,OAAOzK,EAGT,GAAIA,EAAEyK,aACJ,OAAOnM,KAGT,IAAI+M,EAAMrL,EAAEnD,EAAE0M,SACV+B,EAAKhN,KAAKzB,EAAE0M,SACZ7L,EAAKY,KAAK+F,EAAEmC,OAAO6E,GACnB1N,EAAKqC,EAAEqE,EAAEmC,OAAO8E,GAChBC,EAAKjN,KAAK+E,EAAEmD,OAAO6E,EAAI7E,OAAOxG,EAAEnD,IAChC2O,EAAKxL,EAAEqD,EAAEmD,OAAO8E,EAAG9E,OAAOlI,KAAKzB,IAE/B4O,EAAI/N,EAAG6J,OAAO5J,GACdlD,EAAI8Q,EAAGhE,OAAOiE,GAClB,GAAkB,IAAdC,EAAE7O,KAAK,GACT,OAAkB,IAAdnC,EAAEmC,KAAK,GACF0B,KAAK8C,MAAMa,OAAO,KAAM,KAAM,MAE9B3D,KAAK2G,MAGhB,IAAIyG,EAAKD,EAAElC,SACPoC,EAAKD,EAAGlF,OAAOiF,GACftD,EAAIzK,EAAG8I,OAAOkF,GAEdhB,EAAKjQ,EAAE8O,SAASC,QAAQmC,GAAIhC,QAAQxB,GAAGwB,QAAQxB,GAC/CwC,EAAKlQ,EAAE+L,OAAO2B,EAAEwB,QAAQe,IAAKf,QAAQ4B,EAAG/E,OAAOmF,IAC/CC,EAAKtN,KAAKzB,EAAE2J,OAAOxG,EAAEnD,GAAG2J,OAAOiF,GAEnC,OAAOnN,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAU+D,SAAW,SAAkBnC,GAE5C,GAAI1B,KAAKmM,aACP,OAAOzK,EAAEuD,MAGX,GAAIvD,EAAEyK,aACJ,OAAOnM,KAGT,IAAIgN,EAAKhN,KAAKzB,EAAE0M,SACZ7L,EAAKY,KAAK+F,EACV1G,EAAKqC,EAAEqE,EAAEmC,OAAO8E,GAChBC,EAAKjN,KAAK+E,EACVmI,EAAKxL,EAAEqD,EAAEmD,OAAO8E,GAAI9E,OAAOlI,KAAKzB,GAEhC4O,EAAI/N,EAAG6J,OAAO5J,GACdlD,EAAI8Q,EAAGhE,OAAOiE,GAClB,GAAkB,IAAdC,EAAE7O,KAAK,GACT,OAAkB,IAAdnC,EAAEmC,KAAK,GACF0B,KAAK8C,MAAMa,OAAO,KAAM,KAAM,MAE9B3D,KAAK2G,MAGhB,IAAIyG,EAAKD,EAAElC,SACPoC,EAAKD,EAAGlF,OAAOiF,GACftD,EAAIzK,EAAG8I,OAAOkF,GAEdhB,EAAKjQ,EAAE8O,SAASC,QAAQmC,GAAIhC,QAAQxB,GAAGwB,QAAQxB,GAC/CwC,EAAKlQ,EAAE+L,OAAO2B,EAAEwB,QAAQe,IAAKf,QAAQ4B,EAAG/E,OAAOmF,IAC/CC,EAAKtN,KAAKzB,EAAE2J,OAAOiF,GAEvB,OAAOnN,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAUyE,KAAO,SAAcgJ,GACpC,GAAY,IAARA,EACF,OAAOvN,KACT,GAAIA,KAAKmM,aACP,OAAOnM,KACT,IAAKuN,EACH,OAAOvN,KAAK2G,MAEd,GAAI3G,KAAK8C,MAAMkE,OAAShH,KAAK8C,MAAMoE,OAAQ,CAEzC,IADA,IAAI/K,EAAI6D,KACCpD,EAAI,EAAGA,EAAI2Q,EAAK3Q,IACvBT,EAAIA,EAAEwK,MACR,OAAOxK,EAKT,IAAIuH,EAAI1D,KAAK8C,MAAMY,EACfoD,EAAO9G,KAAK8C,MAAMgE,KAElB0G,EAAKxN,KAAK+F,EACV0H,EAAKzN,KAAK+E,EACV2I,EAAK1N,KAAKzB,EACVoP,EAAMD,EAAGzC,SAASA,SAGlB2C,EAAMH,EAAGtF,OAAOsF,GACpB,IAAS7Q,EAAI,EAAGA,EAAI2Q,EAAK3Q,IAAK,CAC5B,IAAIiR,EAAML,EAAGvC,SACT6C,EAAOF,EAAI3C,SACX8C,EAAOD,EAAK7C,SACZ3N,EAAIuQ,EAAI1F,OAAO0F,GAAK3C,QAAQ2C,GAAK3C,QAAQxH,EAAEwE,OAAOyF,IAElDK,EAAKR,EAAGtF,OAAO4F,GACf1B,EAAK9O,EAAE2N,SAASI,QAAQ2C,EAAG7F,OAAO6F,IAClCC,EAAKD,EAAG3C,QAAQe,GAChB8B,EAAM5Q,EAAE4K,OAAO+F,GACnBC,EAAMA,EAAIhD,QAAQgD,GAAK7C,QAAQ0C,GAC/B,IAAIT,EAAKM,EAAI1F,OAAOwF,GAChB9Q,EAAI,EAAI2Q,IACVI,EAAMA,EAAIzF,OAAO6F,IAEnBP,EAAKpB,EACLsB,EAAKJ,EACLM,EAAMM,EAGR,OAAOlO,KAAK8C,MAAMa,OAAO6J,EAAII,EAAI1F,OAAOpB,GAAO4G,EACjD,EAEA7F,EAAO/H,UAAU6G,IAAM,WACrB,OAAI3G,KAAKmM,aACAnM,KAELA,KAAK8C,MAAMkE,MACNhH,KAAKmO,WACLnO,KAAK8C,MAAMoE,OACXlH,KAAKoO,YAELpO,KAAKqO,MAChB,EAEAxG,EAAO/H,UAAUqO,SAAW,WAC1B,IAAI/B,EACAC,EACAiB,EAEJ,GAAItN,KAAK8H,KAAM,CAMb,IAAIwG,EAAKtO,KAAK+F,EAAEkF,SAEZsD,EAAKvO,KAAK+E,EAAEkG,SAEZuD,EAAOD,EAAGtD,SAEVlC,EAAI/I,KAAK+F,EAAEoC,OAAOoG,GAAItD,SAASI,QAAQiD,GAAIjD,QAAQmD,GACvDzF,EAAIA,EAAEmC,QAAQnC,GAEd,IAAI0F,EAAIH,EAAGnG,OAAOmG,GAAIpD,QAAQoD,GAE1BI,EAAID,EAAExD,SAASI,QAAQtC,GAAGsC,QAAQtC,GAGlC4F,EAAQH,EAAKtD,QAAQsD,GAEzBG,GADAA,EAAQA,EAAMzD,QAAQyD,IACRzD,QAAQyD,GAGtBvC,EAAKsC,EAELrC,EAAKoC,EAAEvG,OAAOa,EAAEsC,QAAQqD,IAAIrD,QAAQsD,GAEpCrB,EAAKtN,KAAK+E,EAAEoD,OAAOnI,KAAK+E,OACnB,CAML,IAAIrB,EAAI1D,KAAK+F,EAAEkF,SAEXrH,EAAI5D,KAAK+E,EAAEkG,SAEX3N,EAAIsG,EAAEqH,SAEN2D,EAAI5O,KAAK+F,EAAEoC,OAAOvE,GAAGqH,SAASI,QAAQ3H,GAAG2H,QAAQ/N,GACrDsR,EAAIA,EAAE1D,QAAQ0D,GAEd,IAAItN,EAAIoC,EAAEyE,OAAOzE,GAAGwH,QAAQxH,GAExBmL,EAAIvN,EAAE2J,SAGN6D,EAAKxR,EAAE4N,QAAQ5N,GAEnBwR,GADAA,EAAKA,EAAG5D,QAAQ4D,IACR5D,QAAQ4D,GAGhB1C,EAAKyC,EAAExD,QAAQuD,GAAGvD,QAAQuD,GAE1BvC,EAAK/K,EAAE4G,OAAO0G,EAAEvD,QAAQe,IAAKf,QAAQyD,GAGrCxB,GADAA,EAAKtN,KAAK+E,EAAEmD,OAAOlI,KAAKzB,IAChB2M,QAAQoC,GAGlB,OAAOtN,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAUsO,UAAY,WAC3B,IAAIhC,EACAC,EACAiB,EAEJ,GAAItN,KAAK8H,KAAM,CAMb,IAAIwG,EAAKtO,KAAK+F,EAAEkF,SAEZsD,EAAKvO,KAAK+E,EAAEkG,SAEZuD,EAAOD,EAAGtD,SAEVlC,EAAI/I,KAAK+F,EAAEoC,OAAOoG,GAAItD,SAASI,QAAQiD,GAAIjD,QAAQmD,GACvDzF,EAAIA,EAAEmC,QAAQnC,GAEd,IAAI0F,EAAIH,EAAGnG,OAAOmG,GAAIpD,QAAQoD,GAAIpD,QAAQlL,KAAK8C,MAAMY,GAEjDgL,EAAID,EAAExD,SAASI,QAAQtC,GAAGsC,QAAQtC,GAEtCqD,EAAKsC,EAEL,IAAIC,EAAQH,EAAKtD,QAAQsD,GAEzBG,GADAA,EAAQA,EAAMzD,QAAQyD,IACRzD,QAAQyD,GACtBtC,EAAKoC,EAAEvG,OAAOa,EAAEsC,QAAQqD,IAAIrD,QAAQsD,GAEpCrB,EAAKtN,KAAK+E,EAAEoD,OAAOnI,KAAK+E,OACnB,CAKL,IAAIgK,EAAQ/O,KAAKzB,EAAE0M,SAEf+D,EAAQhP,KAAK+E,EAAEkG,SAEf3E,EAAOtG,KAAK+F,EAAEmC,OAAO8G,GAErBC,EAAQjP,KAAK+F,EAAEkD,OAAO8F,GAAO7G,OAAOlI,KAAK+F,EAAEoC,OAAO4G,IACtDE,EAAQA,EAAM9G,OAAO8G,GAAO/D,QAAQ+D,GAEpC,IAAIC,EAAQ5I,EAAK4E,QAAQ5E,GAErB6I,GADJD,EAAQA,EAAMhE,QAAQgE,IACJ/G,OAAO+G,GACzB9C,EAAK6C,EAAMhE,SAASI,QAAQ8D,GAE5B7B,EAAKtN,KAAK+E,EAAEoD,OAAOnI,KAAKzB,GAAG0M,SAASI,QAAQ2D,GAAO3D,QAAQ0D,GAE3D,IAAIK,EAAUJ,EAAM/D,SAGpBmE,GADAA,GADAA,EAAUA,EAAQlE,QAAQkE,IACRlE,QAAQkE,IACRlE,QAAQkE,GAC1B/C,EAAK4C,EAAM/G,OAAOgH,EAAM7D,QAAQe,IAAKf,QAAQ+D,GAG/C,OAAOpP,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAUuO,KAAO,WACtB,IAAI3K,EAAI1D,KAAK8C,MAAMY,EAGf8J,EAAKxN,KAAK+F,EACV0H,EAAKzN,KAAK+E,EACV2I,EAAK1N,KAAKzB,EACVoP,EAAMD,EAAGzC,SAASA,SAElB4C,EAAML,EAAGvC,SACToE,EAAM5B,EAAGxC,SAET3N,EAAIuQ,EAAI1F,OAAO0F,GAAK3C,QAAQ2C,GAAK3C,QAAQxH,EAAEwE,OAAOyF,IAElD2B,EAAO9B,EAAGrF,OAAOqF,GAEjBQ,GADJsB,EAAOA,EAAKpE,QAAQoE,IACNpH,OAAOmH,GACjBjD,EAAK9O,EAAE2N,SAASI,QAAQ2C,EAAG7F,OAAO6F,IAClCC,EAAKD,EAAG3C,QAAQe,GAEhBmD,EAAOF,EAAIpE,SAGfsE,GADAA,GADAA,EAAOA,EAAKrE,QAAQqE,IACRrE,QAAQqE,IACRrE,QAAQqE,GACpB,IAAIlD,EAAK/O,EAAE4K,OAAO+F,GAAI5C,QAAQkE,GAC1BjC,EAAKG,EAAGtF,OAAOsF,GAAIvF,OAAOwF,GAE9B,OAAO1N,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAU0P,KAAO,WACtB,IAAKxP,KAAK8C,MAAMkE,MACd,OAAOhH,KAAK2G,MAAM3C,IAAIhE,MAMxB,IAAIsO,EAAKtO,KAAK+F,EAAEkF,SAEZsD,EAAKvO,KAAK+E,EAAEkG,SAEZwE,EAAKzP,KAAKzB,EAAE0M,SAEZuD,EAAOD,EAAGtD,SAEVwD,EAAIH,EAAGnG,OAAOmG,GAAIpD,QAAQoD,GAE1BoB,EAAKjB,EAAExD,SAEP3J,EAAItB,KAAK+F,EAAEoC,OAAOoG,GAAItD,SAASI,QAAQiD,GAAIjD,QAAQmD,GAKnDmB,GAFJrO,GADAA,GADAA,EAAIA,EAAE4J,QAAQ5J,IACR6G,OAAO7G,GAAG4J,QAAQ5J,IAClB+J,QAAQqE,IAEHzE,SAEPyD,EAAIF,EAAKtD,QAAQsD,GAGrBE,GADAA,GADAA,EAAIA,EAAExD,QAAQwD,IACRxD,QAAQwD,IACRxD,QAAQwD,GAEd,IAAI9E,EAAI6E,EAAEvD,QAAQ5J,GAAG2J,SAASI,QAAQqE,GAAIrE,QAAQsE,GAAItE,QAAQqD,GAE1DkB,EAAOrB,EAAGrG,OAAO0B,GAErBgG,GADAA,EAAOA,EAAK1E,QAAQ0E,IACR1E,QAAQ0E,GACpB,IAAIxD,EAAKpM,KAAK+F,EAAEmC,OAAOyH,GAAItE,QAAQuE,GAEnCxD,GADAA,EAAKA,EAAGlB,QAAQkB,IACRlB,QAAQkB,GAEhB,IAAIC,EAAKrM,KAAK+E,EAAEmD,OAAO0B,EAAE1B,OAAOwG,EAAErD,QAAQzB,IAAIyB,QAAQ/J,EAAE4G,OAAOyH,KAG/DtD,GADAA,GADAA,EAAKA,EAAGnB,QAAQmB,IACRnB,QAAQmB,IACRnB,QAAQmB,GAEhB,IAAIiB,EAAKtN,KAAKzB,EAAE4J,OAAO7G,GAAG2J,SAASI,QAAQoE,GAAIpE,QAAQsE,GAEvD,OAAO3P,KAAK8C,MAAMa,OAAOyI,EAAIC,EAAIiB,EACnC,EAEAzF,EAAO/H,UAAU2I,IAAM,SAAarK,EAAGyR,GAGrC,OAFAzR,EAAI,IAAIiC,EAAGjC,EAAGyR,GAEP7P,KAAK8C,MAAMoB,SAASlE,KAAM5B,EACnC,EAEAyJ,EAAO/H,UAAU0F,GAAK,SAAY9D,GAChC,GAAe,WAAXA,EAAEF,KACJ,OAAOxB,KAAKwF,GAAG9D,EAAEuD,OAEnB,GAAIjF,OAAS0B,EACX,OAAO,EAGT,IAAIsL,EAAKhN,KAAKzB,EAAE0M,SACZ8B,EAAMrL,EAAEnD,EAAE0M,SACd,GAA2D,IAAvDjL,KAAK+F,EAAEmC,OAAO6E,GAAK1B,QAAQ3J,EAAEqE,EAAEmC,OAAO8E,IAAK1O,KAAK,GAClD,OAAO,EAGT,IAAIwR,EAAK9C,EAAG9E,OAAOlI,KAAKzB,GACpBwR,EAAMhD,EAAI7E,OAAOxG,EAAEnD,GACvB,OAA8D,IAAvDyB,KAAK+E,EAAEmD,OAAO6H,GAAK1E,QAAQ3J,EAAEqD,EAAEmD,OAAO4H,IAAKxR,KAAK,EACzD,EAEAuJ,EAAO/H,UAAUkQ,OAAS,SAAgBjK,GACxC,IAAIkK,EAAKjQ,KAAKzB,EAAE0M,SACZiF,EAAKnK,EAAEhE,MAAM/B,KAAK8C,MAAMnB,KAAKuG,OAAO+H,GACxC,GAAuB,IAAnBjQ,KAAK+F,EAAEf,IAAIkL,GACb,OAAO,EAIT,IAFA,IAAIC,EAAKpK,EAAE1H,QACPqQ,EAAI1O,KAAK8C,MAAMH,KAAKuF,OAAO+H,KACtB,CAEP,GADAE,EAAGC,KAAKpQ,KAAK8C,MAAMnC,GACfwP,EAAGnL,IAAIhF,KAAK8C,MAAMpB,IAAM,EAC1B,OAAO,EAGT,GADAwO,EAAGhF,QAAQwD,GACY,IAAnB1O,KAAK+F,EAAEf,IAAIkL,GACb,OAAO,EAEb,EAEArI,EAAO/H,UAAUoM,QAAU,WACzB,OAAIlM,KAAKmM,aACA,uBACF,iBAAmBnM,KAAK+F,EAAElJ,SAAS,GAAI,GAC1C,OAASmD,KAAK+E,EAAElI,SAAS,GAAI,GAC7B,OAASmD,KAAKzB,EAAE1B,SAAS,GAAI,GAAK,GACxC,EAEAgL,EAAO/H,UAAUqM,WAAa,WAE5B,OAA0B,IAAnBnM,KAAKzB,EAAED,KAAK,EACrB,ECr5BAkJ,EAASO,EAAWlB,GACpB,MAAiBkB,EAWjB,SAASN,EAAM3E,EAAOiD,EAAGxH,GACvBsI,EAAKhE,UAAU5C,KAAKD,KAAM8C,EAAO,cACvB,OAANiD,GAAoB,OAANxH,GAChByB,KAAK+F,EAAI/F,KAAK8C,MAAMd,IACpBhC,KAAKzB,EAAIyB,KAAK8C,MAAMhB,OAEpB9B,KAAK+F,EAAI,IAAI1F,EAAG0F,EAAG,IACnB/F,KAAKzB,EAAI,IAAI8B,EAAG9B,EAAG,IACdyB,KAAK+F,EAAEpE,MACV3B,KAAK+F,EAAI/F,KAAK+F,EAAEhE,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAKzB,EAAEoD,MACV3B,KAAKzB,EAAIyB,KAAKzB,EAAEwD,MAAM/B,KAAK8C,MAAMnB,MAEvC,CAtBAoG,EAAUjI,UAAUmD,SAAW,SAAkBD,GAC/C,IAAI+C,EAAI/C,EAAMqN,YAAYtK,EACtBiE,EAAKjE,EAAEkF,SACPG,EAAMpB,EAAG9B,OAAOnC,GAAGoC,OAAO6B,EAAG9B,OAAOlI,KAAK0D,IAAIyE,OAAOpC,GAGxD,OAA+B,IAFvBqF,EAAIpC,UAEHiC,SAASjG,IAAIoG,EACxB,EAgBA5D,EAASC,EAAOZ,EAAKhE,WAErBkF,EAAUjI,UAAU2F,YAAc,SAAqBtF,EAAOpD,GAQ5D,GAFqB,MALjBoD,EAAQ/D,EAAMU,QAAQqD,EAAOpD,IAKvBP,QAA8B,KAAb2D,EAAM,KAC/BA,EAAQA,EAAMjD,MAAM,EAAG,IAAIoT,WACR,KAAjBnQ,EAAM3D,OACR,MAAU4E,MAAM,oCAClB,OAAOpB,KAAKgD,MAAM7C,EAAO,EAC3B,EAEA4H,EAAUjI,UAAUkD,MAAQ,SAAe+C,EAAGxH,GAC5C,OAAO,IAAIkJ,EAAMzH,KAAM+F,EAAGxH,EAC5B,EAEAwJ,EAAUjI,UAAUqC,cAAgB,SAAuBzC,GACzD,OAAO+H,EAAMkE,SAAS3L,KAAMN,EAC9B,EAEA+H,EAAM3H,UAAUsG,WAAa,WAE7B,EAEAqB,EAAM3H,UAAU+F,QAAU,SAAiBC,GACzC,IAAIxF,EAAMN,KAAK8C,MAAMpB,EAAEgE,aAIvB,OAAII,EACK,CAAE,IAAOK,OAAOnG,KAAKgG,OAAOlJ,QAAQ,KAAMwD,IAE1CN,KAAKgG,OAAOlJ,QAAQ,KAAMwD,EAErC,EAEAmH,EAAMkE,SAAW,SAAkB7I,EAAOpD,GACxC,OAAO,IAAI+H,EAAM3E,EAAOpD,EAAI,GAAIA,EAAI,IAAMoD,EAAMd,IAClD,EAEAyF,EAAM3H,UAAUoM,QAAU,WACxB,OAAIlM,KAAKmM,aACA,sBACF,gBAAkBnM,KAAK+F,EAAEkB,UAAUpK,SAAS,GAAI,GACnD,OAASmD,KAAKzB,EAAE0I,UAAUpK,SAAS,GAAI,GAAK,GAClD,EAEA4K,EAAM3H,UAAUqM,WAAa,WAE3B,OAA0B,IAAnBnM,KAAKzB,EAAED,KAAK,EACrB,EAEAmJ,EAAM3H,UAAU6G,IAAM,WAKpB,IAEI4J,EAFIvQ,KAAK+F,EAAEoC,OAAOnI,KAAKzB,GAEhB0M,SAIPuF,EAFIxQ,KAAK+F,EAAEkD,OAAOjJ,KAAKzB,GAEhB0M,SAEP3N,EAAIiT,EAAGtH,OAAOuH,GAEdpE,EAAKmE,EAAGrI,OAAOsI,GAEflD,EAAKhQ,EAAE4K,OAAOsI,EAAGrI,OAAOnI,KAAK8C,MAAMmF,IAAIC,OAAO5K,KAClD,OAAO0C,KAAK8C,MAAME,MAAMoJ,EAAIkB,EAC9B,EAEA7F,EAAM3H,UAAUkE,IAAM,WACpB,MAAU5C,MAAM,oCAClB,EAEAqG,EAAM3H,UAAU2Q,QAAU,SAAiB/O,EAAGgP,GAK5C,IAAIhN,EAAI1D,KAAK+F,EAAEoC,OAAOnI,KAAKzB,GAEvBqF,EAAI5D,KAAK+F,EAAEkD,OAAOjJ,KAAKzB,GAEvBjB,EAAIoE,EAAEqE,EAAEoC,OAAOzG,EAAEnD,GAIjBoS,EAFIjP,EAAEqE,EAAEkD,OAAOvH,EAAEnD,GAEV2J,OAAOxE,GAEdkN,EAAKtT,EAAE4K,OAAOtE,GAEdwI,EAAKsE,EAAKnS,EAAE2J,OAAOyI,EAAGxI,OAAOyI,GAAI3F,UAEjCqC,EAAKoD,EAAK3K,EAAEmC,OAAOyI,EAAGtF,QAAQuF,GAAI3F,UACtC,OAAOjL,KAAK8C,MAAME,MAAMoJ,EAAIkB,EAC9B,EAEA7F,EAAM3H,UAAU2I,IAAM,SAAarK,GAQjC,IALA,IAAIsQ,GAFJtQ,EAAI,IAAIiC,EAAGjC,EAAG,KAEJC,QACNqF,EAAI1D,KACJ4D,EAAI5D,KAAK8C,MAAME,MAAM,KAAM,MAGtB6N,EAAO,GAAkB,IAAdnC,EAAEpQ,KAAK,GAAUoQ,EAAE7P,OAAO,GAC5CgS,EAAKzT,KAAKsR,EAAEhQ,MAAM,IAEpB,IAAK,IAAI9B,EAAIiU,EAAKrU,OAAS,EAAGI,GAAK,EAAGA,IACpB,IAAZiU,EAAKjU,IAEP8G,EAAIA,EAAE+M,QAAQ7M,EARV5D,MAUJ4D,EAAIA,EAAE+C,QAGN/C,EAAIF,EAAE+M,QAAQ7M,EAbV5D,MAeJ0D,EAAIA,EAAEiD,OAGV,OAAO/C,CACT,EAEA6D,EAAM3H,UAAU0M,OAAS,WACvB,MAAUpL,MAAM,oCAClB,EAEAqG,EAAM3H,UAAUgR,QAAU,WACxB,MAAU1P,MAAM,oCAClB,EAEAqG,EAAM3H,UAAU0F,GAAK,SAAYuL,GAC/B,OAAyC,IAAlC/Q,KAAKgG,OAAOhB,IAAI+L,EAAM/K,OAC/B,EAEAyB,EAAM3H,UAAUuQ,UAAY,WAG1B,OAFArQ,KAAK+F,EAAI/F,KAAK+F,EAAEmC,OAAOlI,KAAKzB,EAAEwI,WAC9B/G,KAAKzB,EAAIyB,KAAK8C,MAAMd,IACbhC,IACT,EAEAyH,EAAM3H,UAAUkG,KAAO,WAIrB,OAFAhG,KAAKqQ,YAEErQ,KAAK+F,EAAEkB,SAChB,EC/LA,IAAIrJ,EAASxB,EAAMwB,OAEnB,SAASoT,EAAavP,GAEpBzB,KAAKiR,QAA2B,IAAP,EAATxP,EAAKiC,GACrB1D,KAAKkR,MAAQlR,KAAKiR,UAA6B,IAAR,EAATxP,EAAKiC,GACnC1D,KAAKmR,SAAWnR,KAAKkR,MAErBrK,EAAK5G,KAAKD,KAAM,UAAWyB,GAE3BzB,KAAK0D,EAAI,IAAIrD,EAAGoB,EAAKiC,EAAG,IAAI0N,KAAKpR,KAAK2B,IAAI8M,GAC1CzO,KAAK0D,EAAI1D,KAAK0D,EAAE3B,MAAM/B,KAAK2B,KAC3B3B,KAAK1C,EAAI,IAAI+C,EAAGoB,EAAKnE,EAAG,IAAIyE,MAAM/B,KAAK2B,KACvC3B,KAAK2K,GAAK3K,KAAK1C,EAAE2N,SACjBjL,KAAK4O,EAAI,IAAIvO,EAAGoB,EAAKmN,EAAG,IAAI7M,MAAM/B,KAAK2B,KACvC3B,KAAKqR,GAAKrR,KAAK4O,EAAEzG,OAAOnI,KAAK4O,GAE7BhR,GAAQoC,KAAKiR,SAAwC,IAA7BjR,KAAK1C,EAAE2J,UAAU3I,KAAK,IAC9C0B,KAAKsR,KAAwB,IAAP,EAAT7P,EAAKnE,EACpB,CACAkK,EAASwJ,EAAcnK,GACvB,MAAiBmK,EAqFjB,SAASvJ,EAAM3E,EAAOiD,EAAGhB,EAAGxG,EAAGmQ,GAC7B7H,EAAKhE,UAAU5C,KAAKD,KAAM8C,EAAO,cACvB,OAANiD,GAAoB,OAANhB,GAAoB,OAANxG,GAC9ByB,KAAK+F,EAAI/F,KAAK8C,MAAMhB,KACpB9B,KAAK+E,EAAI/E,KAAK8C,MAAMd,IACpBhC,KAAKzB,EAAIyB,KAAK8C,MAAMd,IACpBhC,KAAK0O,EAAI1O,KAAK8C,MAAMhB,KACpB9B,KAAK8H,MAAO,IAEZ9H,KAAK+F,EAAI,IAAI1F,EAAG0F,EAAG,IACnB/F,KAAK+E,EAAI,IAAI1E,EAAG0E,EAAG,IACnB/E,KAAKzB,EAAIA,EAAI,IAAI8B,EAAG9B,EAAG,IAAMyB,KAAK8C,MAAMd,IACxChC,KAAK0O,EAAIA,GAAK,IAAIrO,EAAGqO,EAAG,IACnB1O,KAAK+F,EAAEpE,MACV3B,KAAK+F,EAAI/F,KAAK+F,EAAEhE,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAK+E,EAAEpD,MACV3B,KAAK+E,EAAI/E,KAAK+E,EAAEhD,MAAM/B,KAAK8C,MAAMnB,MAC9B3B,KAAKzB,EAAEoD,MACV3B,KAAKzB,EAAIyB,KAAKzB,EAAEwD,MAAM/B,KAAK8C,MAAMnB,MAC/B3B,KAAK0O,IAAM1O,KAAK0O,EAAE/M,MACpB3B,KAAK0O,EAAI1O,KAAK0O,EAAE3M,MAAM/B,KAAK8C,MAAMnB,MACnC3B,KAAK8H,KAAO9H,KAAKzB,IAAMyB,KAAK8C,MAAMd,IAG9BhC,KAAK8C,MAAMqO,WAAanR,KAAK0O,IAC/B1O,KAAK0O,EAAI1O,KAAK+F,EAAEmC,OAAOlI,KAAK+E,GACvB/E,KAAK8H,OACR9H,KAAK0O,EAAI1O,KAAK0O,EAAExG,OAAOlI,KAAKzB,EAAEwI,aAGtC,CAjHAiK,EAAalR,UAAUyR,MAAQ,SAAevT,GAC5C,OAAIgC,KAAKkR,MACAlT,EAAIkH,SAEJlF,KAAK0D,EAAEwE,OAAOlK,EACzB,EAEAgT,EAAalR,UAAU0R,MAAQ,SAAexT,GAC5C,OAAIgC,KAAKsR,KACAtT,EAEAgC,KAAK1C,EAAE4K,OAAOlK,EACzB,EAGAgT,EAAalR,UAAU6D,OAAS,SAAgBoC,EAAGhB,EAAGxG,EAAGmQ,GACvD,OAAO1O,KAAKgD,MAAM+C,EAAGhB,EAAGxG,EAAGmQ,EAC7B,EAEAsC,EAAalR,UAAU6F,WAAa,SAAoBI,EAAGiF,IACzDjF,EAAI,IAAI1F,EAAG0F,EAAG,KACPpE,MACLoE,EAAIA,EAAEhE,MAAM/B,KAAK2B,MAEnB,IAAIqI,EAAKjE,EAAEkF,SACPG,EAAMpL,KAAK2K,GAAG1B,OAAOjJ,KAAK0D,EAAEwE,OAAO8B,IACnCyH,EAAMzR,KAAKgC,IAAIiH,OAAOjJ,KAAK2K,GAAGzC,OAAOlI,KAAK4O,GAAG1G,OAAO8B,IAEpDC,EAAKmB,EAAIlD,OAAOuJ,EAAI1K,WACpBhC,EAAIkF,EAAGjB,UACX,GAA6C,IAAzCjE,EAAEkG,SAAShC,OAAOgB,GAAIjF,IAAIhF,KAAK8B,MACjC,MAAUV,MAAM,iBAElB,IAAI5C,EAAQuG,EAAEkC,UAAUzI,QAIxB,OAHIwM,IAAQxM,IAAUwM,GAAOxM,KAC3BuG,EAAIA,EAAEG,UAEDlF,KAAKgD,MAAM+C,EAAGhB,EACvB,EAEAiM,EAAalR,UAAU4R,WAAa,SAAoB3M,EAAGiG,IACzDjG,EAAI,IAAI1E,EAAG0E,EAAG,KACPpD,MACLoD,EAAIA,EAAEhD,MAAM/B,KAAK2B,MAGnB,IAAIsI,EAAKlF,EAAEkG,SACPwG,EAAMxH,EAAGhB,OAAOjJ,KAAK2K,IACrBS,EAAMnB,EAAG/B,OAAOlI,KAAK4O,GAAG1G,OAAOlI,KAAK2K,IAAI1B,OAAOjJ,KAAK0D,GACpDsG,EAAKyH,EAAIvJ,OAAOkD,EAAIrE,WAExB,GAA0B,IAAtBiD,EAAGhF,IAAIhF,KAAK8B,MAAa,CAC3B,GAAIkJ,EACF,MAAU5J,MAAM,iBAEhB,OAAOpB,KAAKgD,MAAMhD,KAAK8B,KAAMiD,GAGjC,IAAIgB,EAAIiE,EAAGhB,UACX,GAA6C,IAAzCjD,EAAEkF,SAAShC,OAAOe,GAAIhF,IAAIhF,KAAK8B,MACjC,MAAUV,MAAM,iBAKlB,OAHI2E,EAAEkB,UAAUzI,UAAYwM,IAC1BjF,EAAIA,EAAEb,UAEDlF,KAAKgD,MAAM+C,EAAGhB,EACvB,EAEAiM,EAAalR,UAAUmD,SAAW,SAAkBD,GAClD,GAAIA,EAAMmJ,aACR,OAAO,EAGTnJ,EAAMqN,YAEN,IAAIrG,EAAKhH,EAAM+C,EAAEkF,SACbhB,EAAKjH,EAAM+B,EAAEkG,SACbwG,EAAMzH,EAAG9B,OAAOlI,KAAK0D,GAAGyE,OAAO8B,GAC/BmB,EAAMpL,KAAK2K,GAAGzC,OAAOlI,KAAKgC,IAAImG,OAAOnI,KAAK4O,EAAE1G,OAAO8B,GAAI9B,OAAO+B,KAElE,OAAwB,IAAjBwH,EAAIzM,IAAIoG,EACjB,EAiCA5D,EAASC,EAAOZ,EAAKhE,WAErBmO,EAAalR,UAAUqC,cAAgB,SAAuBzC,GAC5D,OAAO+H,EAAMkE,SAAS3L,KAAMN,EAC9B,EAEAsR,EAAalR,UAAUkD,MAAQ,SAAe+C,EAAGhB,EAAGxG,EAAGmQ,GACrD,OAAO,IAAIjH,EAAMzH,KAAM+F,EAAGhB,EAAGxG,EAAGmQ,EAClC,EAEAjH,EAAMkE,SAAW,SAAkB7I,EAAOpD,GACxC,OAAO,IAAI+H,EAAM3E,EAAOpD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAC9C,EAEA+H,EAAM3H,UAAUoM,QAAU,WACxB,OAAIlM,KAAKmM,aACA,sBACF,gBAAkBnM,KAAK+F,EAAEkB,UAAUpK,SAAS,GAAI,GACnD,OAASmD,KAAK+E,EAAEkC,UAAUpK,SAAS,GAAI,GACvC,OAASmD,KAAKzB,EAAE0I,UAAUpK,SAAS,GAAI,GAAK,GAClD,EAEA4K,EAAM3H,UAAUqM,WAAa,WAE3B,OAA0B,IAAnBnM,KAAK+F,EAAEzH,KAAK,KACO,IAAvB0B,KAAK+E,EAAEC,IAAIhF,KAAKzB,IAChByB,KAAK8H,MAAqC,IAA7B9H,KAAK+E,EAAEC,IAAIhF,KAAK8C,MAAMxF,GACxC,EAEAmK,EAAM3H,UAAU6R,QAAU,WAMxB,IAAIjO,EAAI1D,KAAK+F,EAAEkF,SAEXrH,EAAI5D,KAAK+E,EAAEkG,SAEX3N,EAAI0C,KAAKzB,EAAE0M,SACf3N,EAAIA,EAAE4N,QAAQ5N,GAEd,IAAIsR,EAAI5O,KAAK8C,MAAMyO,MAAM7N,GAErBpC,EAAItB,KAAK+F,EAAEoC,OAAOnI,KAAK+E,GAAGkG,SAASI,QAAQ3H,GAAG2H,QAAQzH,GAEtD1B,EAAI0M,EAAEzG,OAAOvE,GAEbiL,EAAI3M,EAAE+G,OAAO3L,GAEb6P,EAAIyB,EAAE3F,OAAOrF,GAEbwI,EAAK9K,EAAE4G,OAAO2G,GAEdxC,EAAKnK,EAAEgG,OAAOiF,GAEdyE,EAAKtQ,EAAE4G,OAAOiF,GAEdG,EAAKuB,EAAE3G,OAAOhG,GAClB,OAAOlC,KAAK8C,MAAME,MAAMoJ,EAAIC,EAAIiB,EAAIsE,EACtC,EAEAnK,EAAM3H,UAAU+R,SAAW,WAQzB,IAMIzF,EACAC,EACAiB,EARA1J,EAAI5D,KAAK+F,EAAEoC,OAAOnI,KAAK+E,GAAGkG,SAE1B3N,EAAI0C,KAAK+F,EAAEkF,SAEX2D,EAAI5O,KAAK+E,EAAEkG,SAKf,GAAIjL,KAAK8C,MAAMmO,QAAS,CAEtB,IAEIpC,GAFAvN,EAAItB,KAAK8C,MAAMyO,MAAMjU,IAEf6K,OAAOyG,GACjB,GAAI5O,KAAK8H,KAEPsE,EAAKxI,EAAEqF,OAAO3L,GAAG2L,OAAO2F,GAAG1G,OAAO2G,EAAE5F,OAAOjJ,KAAK8C,MAAMb,MAEtDoK,EAAKwC,EAAE3G,OAAO5G,EAAE2H,OAAO2F,IAEvBtB,EAAKuB,EAAE5D,SAAShC,OAAO4F,GAAG5F,OAAO4F,OAC5B,CAEL,IAAI1B,EAAInN,KAAKzB,EAAE0M,SAEXzH,EAAIqL,EAAE5F,OAAOkE,GAAG9B,QAAQ8B,GAE5Bf,EAAKxI,EAAEqF,OAAO3L,GAAG+N,QAAQuD,GAAG1G,OAAO1E,GAEnC6I,EAAKwC,EAAE3G,OAAO5G,EAAE2H,OAAO2F,IAEvBtB,EAAKuB,EAAE3G,OAAO1E,QAEX,CAEL,IAAIlC,EAAIhE,EAAE6K,OAAOyG,GAEbzB,EAAInN,KAAK8C,MAAM0O,MAAMxR,KAAKzB,GAAG0M,SAE7BzH,EAAIlC,EAAE2H,OAAOkE,GAAGlE,OAAOkE,GAE3Bf,EAAKpM,KAAK8C,MAAM0O,MAAM5N,EAAEyH,QAAQ/J,IAAI4G,OAAO1E,GAE3C6I,EAAKrM,KAAK8C,MAAM0O,MAAMlQ,GAAG4G,OAAO5K,EAAE+N,QAAQuD,IAE1CtB,EAAKhM,EAAE4G,OAAO1E,GAEhB,OAAOxD,KAAK8C,MAAME,MAAMoJ,EAAIC,EAAIiB,EAClC,EAEA7F,EAAM3H,UAAU6G,IAAM,WACpB,OAAI3G,KAAKmM,aACAnM,KAGLA,KAAK8C,MAAMqO,SACNnR,KAAK2R,UAEL3R,KAAK6R,UAChB,EAEApK,EAAM3H,UAAUgS,QAAU,SAAiBpQ,GAMzC,IAAIgC,EAAI1D,KAAK+E,EAAEkE,OAAOjJ,KAAK+F,GAAGmC,OAAOxG,EAAEqD,EAAEkE,OAAOvH,EAAEqE,IAE9CnC,EAAI5D,KAAK+E,EAAEoD,OAAOnI,KAAK+F,GAAGmC,OAAOxG,EAAEqD,EAAEoD,OAAOzG,EAAEqE,IAE9CzI,EAAI0C,KAAK0O,EAAExG,OAAOlI,KAAK8C,MAAMuO,IAAInJ,OAAOxG,EAAEgN,GAE1CE,EAAI5O,KAAKzB,EAAE2J,OAAOxG,EAAEnD,EAAE4J,OAAOzG,EAAEnD,IAE/B+C,EAAIsC,EAAEqF,OAAOvF,GAEbmL,EAAID,EAAE3F,OAAO3L,GAEb4E,EAAI0M,EAAEzG,OAAO7K,GAEb6P,EAAIvJ,EAAEuE,OAAOzE,GAEb0I,EAAK9K,EAAE4G,OAAO2G,GAEdxC,EAAKnK,EAAEgG,OAAOiF,GAEdyE,EAAKtQ,EAAE4G,OAAOiF,GAEdG,EAAKuB,EAAE3G,OAAOhG,GAClB,OAAOlC,KAAK8C,MAAME,MAAMoJ,EAAIC,EAAIiB,EAAIsE,EACtC,EAEAnK,EAAM3H,UAAUiS,SAAW,SAAkBrQ,GAO3C,IAgBI2K,EACAiB,EAjBA5J,EAAI1D,KAAKzB,EAAE2J,OAAOxG,EAAEnD,GAEpBqF,EAAIF,EAAEuH,SAEN3N,EAAI0C,KAAK+F,EAAEmC,OAAOxG,EAAEqE,GAEpB6I,EAAI5O,KAAK+E,EAAEmD,OAAOxG,EAAEqD,GAEpBzD,EAAItB,KAAK8C,MAAM8L,EAAE1G,OAAO5K,GAAG4K,OAAO0G,GAElCC,EAAIjL,EAAEqF,OAAO3H,GAEbY,EAAI0B,EAAEuE,OAAO7G,GAEbiE,EAAMvF,KAAK+F,EAAEoC,OAAOnI,KAAK+E,GAAGmD,OAAOxG,EAAEqE,EAAEoC,OAAOzG,EAAEqD,IAAIsG,QAAQ/N,GAAG+N,QAAQuD,GACvExC,EAAK1I,EAAEwE,OAAO2G,GAAG3G,OAAO3C,GAc5B,OAXIvF,KAAK8C,MAAMmO,SAEb5E,EAAK3I,EAAEwE,OAAOhG,GAAGgG,OAAO0G,EAAE3F,OAAOjJ,KAAK8C,MAAMyO,MAAMjU,KAElDgQ,EAAKuB,EAAE3G,OAAOhG,KAGdmK,EAAK3I,EAAEwE,OAAOhG,GAAGgG,OAAO0G,EAAE3F,OAAO3L,IAEjCgQ,EAAKtN,KAAK8C,MAAM0O,MAAM3C,GAAG3G,OAAOhG,IAE3BlC,KAAK8C,MAAME,MAAMoJ,EAAIC,EAAIiB,EAClC,EAEA7F,EAAM3H,UAAUkE,IAAM,SAAatC,GACjC,OAAI1B,KAAKmM,aACAzK,EACLA,EAAEyK,aACGnM,KAELA,KAAK8C,MAAMqO,SACNnR,KAAK8R,QAAQpQ,GAEb1B,KAAK+R,SAASrQ,EACzB,EAEA+F,EAAM3H,UAAU2I,IAAM,SAAarK,GACjC,OAAI4B,KAAKwG,YAAYpI,GACZ4B,KAAK8C,MAAMI,aAAalD,KAAM5B,GAE9B4B,KAAK8C,MAAMoB,SAASlE,KAAM5B,EACrC,EAEAqJ,EAAM3H,UAAU0M,OAAS,SAAgBzN,EAAI2C,EAAG1C,GAC9C,OAAOgB,KAAK8C,MAAM0B,YAAY,EAAG,CAAExE,KAAM0B,GAAK,CAAE3C,EAAIC,GAAM,GAAG,EAC/D,EAEAyI,EAAM3H,UAAU2M,QAAU,SAAiB1N,EAAI2C,EAAG1C,GAChD,OAAOgB,KAAK8C,MAAM0B,YAAY,EAAG,CAAExE,KAAM0B,GAAK,CAAE3C,EAAIC,GAAM,GAAG,EAC/D,EAEAyI,EAAM3H,UAAUuQ,UAAY,WAC1B,GAAIrQ,KAAK8H,KACP,OAAO9H,KAGT,IAAIgS,EAAKhS,KAAKzB,EAAEwI,UAOhB,OANA/G,KAAK+F,EAAI/F,KAAK+F,EAAEmC,OAAO8J,GACvBhS,KAAK+E,EAAI/E,KAAK+E,EAAEmD,OAAO8J,GACnBhS,KAAK0O,IACP1O,KAAK0O,EAAI1O,KAAK0O,EAAExG,OAAO8J,IACzBhS,KAAKzB,EAAIyB,KAAK8C,MAAMd,IACpBhC,KAAK8H,MAAO,EACL9H,IACT,EAEAyH,EAAM3H,UAAUiE,IAAM,WACpB,OAAO/D,KAAK8C,MAAME,MAAMhD,KAAK+F,EAAEb,SACPlF,KAAK+E,EACL/E,KAAKzB,EACLyB,KAAK0O,GAAK1O,KAAK0O,EAAExJ,SAC3C,EAEAuC,EAAM3H,UAAUkG,KAAO,WAErB,OADAhG,KAAKqQ,YACErQ,KAAK+F,EAAEkB,SAChB,EAEAQ,EAAM3H,UAAUmG,KAAO,WAErB,OADAjG,KAAKqQ,YACErQ,KAAK+E,EAAEkC,SAChB,EAEAQ,EAAM3H,UAAU0F,GAAK,SAAYuL,GAC/B,OAAO/Q,OAAS+Q,GACyB,IAAlC/Q,KAAKgG,OAAOhB,IAAI+L,EAAM/K,SACY,IAAlChG,KAAKiG,OAAOjB,IAAI+L,EAAM9K,OAC/B,EAEAwB,EAAM3H,UAAUkQ,OAAS,SAAgBjK,GACvC,IAAImK,EAAKnK,EAAEhE,MAAM/B,KAAK8C,MAAMnB,KAAKuG,OAAOlI,KAAKzB,GAC7C,GAAuB,IAAnByB,KAAK+F,EAAEf,IAAIkL,GACb,OAAO,EAIT,IAFA,IAAIC,EAAKpK,EAAE1H,QACPqQ,EAAI1O,KAAK8C,MAAMH,KAAKuF,OAAOlI,KAAKzB,KAC3B,CAEP,GADA4R,EAAGC,KAAKpQ,KAAK8C,MAAMnC,GACfwP,EAAGnL,IAAIhF,KAAK8C,MAAMpB,IAAM,EAC1B,OAAO,EAGT,GADAwO,EAAGhF,QAAQwD,GACY,IAAnB1O,KAAK+F,EAAEf,IAAIkL,GACb,OAAO,EAEb,EAGAzI,EAAM3H,UAAUmE,IAAMwD,EAAM3H,UAAUuQ,UACtC5I,EAAM3H,UAAU+D,SAAW4D,EAAM3H,UAAUkE,2BC7a3C,IAAIlB,EAAQzG,EAEZyG,EAAMmP,KAAOC,EACbpP,EAAMqP,MAAQC,EACdtP,EAAMjB,KAAOwQ,EACbvP,EAAMwP,QAAUC,KCDZC,EAASpW,EAAMoW,OACfC,EAAQrW,EAAMqW,MACdC,EAAUtW,EAAMsW,QAChBC,EAAOC,EAAUD,KACjBE,EAAYC,EAAOD,UAEnBE,EAAS,CACX,WAAY,WACZ,WAAY,YAGd,SAASC,IACP,KAAMhT,gBAAgBgT,GACpB,OAAO,IAAIA,EAEbH,EAAU5S,KAAKD,MACfA,KAAKmN,EAAI,CACP,WAAY,WAAY,WACxB,UAAY,YACdnN,KAAKiT,EAAQjW,MAAM,GACrB,CAEAZ,EAAMoL,SAASwL,EAAMH,GACrB,MAAiBG,EAEjBA,EAAKE,UAAY,IACjBF,EAAKG,QAAU,IACfH,EAAKI,aAAe,GACpBJ,EAAKK,UAAY,GAEjBL,EAAKlT,UAAUwT,QAAU,SAAiB5W,EAAK6W,GAG7C,IAFA,IAAIN,EAAIjT,KAAKiT,EAEJrW,EAAI,EAAGA,EAAI,GAAIA,IACtBqW,EAAErW,GAAKF,EAAI6W,EAAQ3W,GAErB,KAAMA,EAAIqW,EAAEzW,OAAQI,IAClBqW,EAAErW,GAAK4V,EAAOS,EAAErW,EAAI,GAAKqW,EAAErW,EAAI,GAAKqW,EAAErW,EAAI,IAAMqW,EAAErW,EAAI,IAAK,GAE7D,IAAI8G,EAAI1D,KAAKmN,EAAE,GACXvJ,EAAI5D,KAAKmN,EAAE,GACX7P,EAAI0C,KAAKmN,EAAE,GACXyB,EAAI5O,KAAKmN,EAAE,GACX7L,EAAItB,KAAKmN,EAAE,GAEf,IAAKvQ,EAAI,EAAGA,EAAIqW,EAAEzW,OAAQI,IAAK,CAC7B,IAAImM,KAAOnM,EAAI,IACX8R,EAAIgE,EAAQF,EAAO9O,EAAG,GAAIiP,EAAK5J,EAAGnF,EAAGtG,EAAGsR,GAAItN,EAAG2R,EAAErW,GAAImW,EAAOhK,IAChEzH,EAAIsN,EACJA,EAAItR,EACJA,EAAIkV,EAAO5O,EAAG,IACdA,EAAIF,EACJA,EAAIgL,EAGN1O,KAAKmN,EAAE,GAAKsF,EAAMzS,KAAKmN,EAAE,GAAIzJ,GAC7B1D,KAAKmN,EAAE,GAAKsF,EAAMzS,KAAKmN,EAAE,GAAIvJ,GAC7B5D,KAAKmN,EAAE,GAAKsF,EAAMzS,KAAKmN,EAAE,GAAI7P,GAC7B0C,KAAKmN,EAAE,GAAKsF,EAAMzS,KAAKmN,EAAE,GAAIyB,GAC7B5O,KAAKmN,EAAE,GAAKsF,EAAMzS,KAAKmN,EAAE,GAAI7L,EAC/B,EAEA0R,EAAKlT,UAAU0T,QAAU,SAAgBzW,GACvC,MAAY,QAARA,EACKX,EAAMqX,QAAQzT,KAAKmN,EAAG,OAEtB/Q,EAAMsX,QAAQ1T,KAAKmN,EAAG,MACjC,ECvEA,YAAe+E,SACEE,SACAC,SACAE,SACAoB,GCDjB,SAASC,EAAKC,EAAMhU,EAAK9C,GACvB,KAAMiD,gBAAgB4T,GACpB,OAAO,IAAIA,EAAKC,EAAMhU,EAAK9C,GAC7BiD,KAAK8T,KAAOD,EACZ7T,KAAKkT,UAAYW,EAAKX,UAAY,EAClClT,KAAKmT,QAAUU,EAAKV,QAAU,EAC9BnT,KAAK+T,MAAQ,KACb/T,KAAKgU,MAAQ,KAEbhU,KAAKiU,MAAM7X,EAAMU,QAAQ+C,EAAK9C,GAChC,CACA,MAAiB6W,EAEjBA,EAAK9T,UAAUmU,MAAQ,SAAcpU,GAE/BA,EAAIrD,OAASwD,KAAKkT,YACpBrT,GAAM,IAAIG,KAAK8T,MAAOI,OAAOrU,GAAKsU,UACpCvW,EAAOiC,EAAIrD,QAAUwD,KAAKkT,WAG1B,IAAK,IAAItW,EAAIiD,EAAIrD,OAAQI,EAAIoD,KAAKkT,UAAWtW,IAC3CiD,EAAIzC,KAAK,GAEX,IAAKR,EAAI,EAAGA,EAAIiD,EAAIrD,OAAQI,IAC1BiD,EAAIjD,IAAM,GAIZ,IAHAoD,KAAK+T,OAAQ,IAAI/T,KAAK8T,MAAOI,OAAOrU,GAG/BjD,EAAI,EAAGA,EAAIiD,EAAIrD,OAAQI,IAC1BiD,EAAIjD,IAAM,IACZoD,KAAKgU,OAAQ,IAAIhU,KAAK8T,MAAOI,OAAOrU,EACtC,EAEA+T,EAAK9T,UAAUoU,OAAS,SAAgBxX,EAAKK,GAE3C,OADAiD,KAAK+T,MAAMG,OAAOxX,EAAKK,GAChBiD,IACT,EAEA4T,EAAK9T,UAAUqU,OAAS,SAAgBpX,GAEtC,OADAiD,KAAKgU,MAAME,OAAOlU,KAAK+T,MAAMI,UACtBnU,KAAKgU,MAAMG,OAAOpX,EAC3B,yBC9CA,IAAI8W,EAAOxX,EAEXwX,EAAKzX,MAAQ8V,EACb2B,EAAKf,OAASV,EACdyB,EAAKO,IAAM/B,EACXwB,EAAKQ,OAAS9B,EACdsB,EAAKS,KAAOX,EAGZE,EAAKU,KAAOV,EAAKO,IAAIG,KACrBV,EAAKW,OAASX,EAAKO,IAAII,OACvBX,EAAKY,OAASZ,EAAKO,IAAIK,OACvBZ,EAAKa,OAASb,EAAKO,IAAIM,OACvBb,EAAKc,OAASd,EAAKO,IAAIO,OACvBd,EAAKe,UAAYf,EAAKQ,OAAOO,eCdZ,CACfzR,QAAS,CACPG,KAAM,EACNQ,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,kEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,sEAIN5F,IAAK,CACHmG,IAAK,EACLP,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,iEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,0FCrwBR,IAsOI8H,EAtOAiJ,EAASxY,EAMTuB,EAASxB,EAAMwB,OAEnB,SAASkX,EAAYC,GACnB,GAAqB,UAAjBA,EAAQvT,KACVxB,KAAK8C,MAAQ,IAAIA,EAAMqP,MAAM4C,QAC1B,GAAqB,YAAjBA,EAAQvT,KACfxB,KAAK8C,MAAQ,IAAIA,EAAMwP,QAAQyC,OAC5B,IAAqB,SAAjBA,EAAQvT,KAEZ,MAAUJ,MAAM,uBADnBpB,KAAK8C,MAAQ,IAAIA,EAAMjB,KAAKkT,EACa,CAC3C/U,KAAKkC,EAAIlC,KAAK8C,MAAMZ,EACpBlC,KAAKW,EAAIX,KAAK8C,MAAMnC,EACpBX,KAAK6T,KAAOkB,EAAQlB,KAEpBjW,EAAOoC,KAAKkC,EAAEe,WAAY,iBAC1BrF,EAAOoC,KAAKkC,EAAEuG,IAAIzI,KAAKW,GAAGwL,aAAc,0BAC1C,CAGA,SAAS6I,EAAYrV,EAAMoV,GACzBE,OAAOC,eAAeL,EAAQlV,EAAM,CAClCwV,cAAc,EACdC,YAAY,EACZC,IAAK,WACH,IAAIvS,EAAQ,IAAIgS,EAAYC,GAM5B,OALAE,OAAOC,eAAeL,EAAQlV,EAAM,CAClCwV,cAAc,EACdC,YAAY,EACZE,MAAOxS,IAEFA,IAGb,CAhBA+R,EAAOC,YAAcA,EAkBrBE,EAAY,OAAQ,CAClBxT,KAAM,QACNI,MAAO,OACPF,EAAG,wDACHgC,EAAG,wDACHE,EAAG,wDACHjD,EAAG,wDACHkT,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,wDACA,2DAIJ8S,EAAY,OAAQ,CAClBxT,KAAM,QACNI,MAAO,OACPF,EAAG,iEACHgC,EAAG,iEACHE,EAAG,iEACHjD,EAAG,iEACHkT,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,iEACA,oEAIJ8S,EAAY,OAAQ,CAClBxT,KAAM,QACNI,MAAO,KACPF,EAAG,0EACHgC,EAAG,0EACHE,EAAG,0EACHjD,EAAG,0EACHkT,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,0EACA,6EAIJ8S,EAAY,OAAQ,CAClBxT,KAAM,QACNI,MAAO,KACPF,EAAG,8GAEHgC,EAAG,8GAEHE,EAAG,8GAEHjD,EAAG,8GAEHkT,KAAMA,EAAKa,OACXtS,MAAM,EACNF,EAAG,CACD,8GAEA,iHAKJ8S,EAAY,OAAQ,CAClBxT,KAAM,QACNI,MAAO,KACPF,EAAG,2JAGHgC,EAAG,2JAGHE,EAAG,2JAGHjD,EAAG,2JAGHkT,KAAMA,EAAKc,OACXvS,MAAM,EACNF,EAAG,CACD,2JAGA,8JAOJ8S,EAAY,aAAc,CACxBxT,KAAM,OACNI,MAAO,SACPF,EAAG,sEACHgC,EAAG,QACHE,EAAG,IACHjD,EAAG,sEACH4U,SAAU,IACV1B,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,OAIJ8S,EAAY,UAAW,CACrBxT,KAAM,UACNI,MAAO,SACPF,EAAG,sEACHgC,EAAG,KACHpG,EAAG,IAEHsR,EAAG,sEACHjO,EAAG,sEACH4U,SAAU,IACV1B,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,mEAEA,sEAKJ8S,EAAY,kBAAmB,CAC7BxT,KAAM,QACNI,MAAO,KACPF,EAAG,0EACHgC,EAAG,0EACHE,EAAG,0EACHjD,EAAG,0EACHkT,KAAMA,EAAKW,OACXpS,MAAM,EACNF,EAAG,CACD,mEACA,sEAKJ8S,EAAY,kBAAmB,CAC7BxT,KAAM,QACNI,MAAO,KACPF,EAAG,6GAEHgC,EAAG,6GAEHE,EAAG,6GAEHjD,EAAG,6GAEHkT,KAAMA,EAAKa,OACXtS,MAAM,EACNF,EAAG,CACD,mGAEA,sGAMJ8S,EAAY,kBAAmB,CAC7BxT,KAAM,QACNI,MAAO,KACPF,EAAG,iJAEHgC,EAAG,iJAEHE,EAAG,iJAEHjD,EAAG,iJAEHkT,KAAMA,EAAKc,OACXvS,MAAM,EACNF,EAAG,CACD,mIAEA,sIAOJ,IACE0J,EAAMsG,CACR,CAAE,MAAO5Q,GACPsK,OAAM7L,CACR,CAEAiV,EAAY,YAAa,CACvBxT,KAAM,QACNI,MAAO,OACPF,EAAG,0EACHgC,EAAG,IACHE,EAAG,IACHjD,EAAG,0EACHwM,EAAG,IACH0G,KAAMA,EAAKW,OAGXlO,KAAM,mEACN+B,OAAQ,mEACRK,MAAO,CACL,CACEhF,EAAG,mCACHE,EAAG,qCAEL,CACEF,EAAG,oCACHE,EAAG,qCAIPxB,MAAM,EACNF,EAAG,CACD,mEACA,mEACA0J,QCrQJ,SAAS4J,EAAST,GAChB,KAAM/U,gBAAgBwV,GACpB,OAAO,IAAIA,EAAST,GACtB/U,KAAK6T,KAAOkB,EAAQlB,KACpB7T,KAAKyV,aAAeV,EAAQU,WAE5BzV,KAAK0V,OAAS1V,KAAK6T,KAAKV,QACxBnT,KAAK2V,WAAaZ,EAAQY,YAAc3V,KAAK6T,KAAKT,aAElDpT,KAAK4V,QAAU,KACf5V,KAAK6V,eAAiB,KACtB7V,KAAK8V,EAAI,KACT9V,KAAK+V,EAAI,KAET,IAAIC,EAAU5Z,EAAMU,QAAQiY,EAAQiB,QAASjB,EAAQkB,YAAc,OAC/DC,EAAQ9Z,EAAMU,QAAQiY,EAAQmB,MAAOnB,EAAQoB,UAAY,OACzDC,EAAOha,EAAMU,QAAQiY,EAAQqB,KAAMrB,EAAQsB,SAAW,OAC1DzY,EAAOoY,EAAQxZ,QAAWwD,KAAK2V,WAAa,EACrC,mCAAqC3V,KAAK2V,WAAa,SAC9D3V,KAAKiU,MAAM+B,EAASE,EAAOE,EAC7B,CACA,MAAiBZ,EAEjBA,EAAS1V,UAAUmU,MAAQ,SAAc+B,EAASE,EAAOE,GACvD,IAAIE,EAAON,EAAQ7P,OAAO+P,GAAO/P,OAAOiQ,GAExCpW,KAAK8V,EAAQ9Y,MAAMgD,KAAK0V,OAAS,GACjC1V,KAAK+V,EAAQ/Y,MAAMgD,KAAK0V,OAAS,GACjC,IAAK,IAAI9Y,EAAI,EAAGA,EAAIoD,KAAK+V,EAAEvZ,OAAQI,IACjCoD,KAAK8V,EAAElZ,GAAK,EACZoD,KAAK+V,EAAEnZ,GAAK,EAGdoD,KAAKsT,QAAQgD,GACbtW,KAAK4V,QAAU,EACf5V,KAAK6V,eAAiB,eACxB,EAEAL,EAAS1V,UAAUyW,MAAQ,WACzB,OAAO,IAAI1C,EAAKS,KAAKtU,KAAK6T,KAAM7T,KAAK8V,EACvC,EAEAN,EAAS1V,UAAUwT,QAAU,SAAgBgD,GAC3C,IAAIE,EAAOxW,KAAKuW,QACArC,OAAOlU,KAAK+V,GACZ7B,OAAO,CAAE,IACrBoC,IACFE,EAAOA,EAAKtC,OAAOoC,IACrBtW,KAAK8V,EAAIU,EAAKrC,SACdnU,KAAK+V,EAAI/V,KAAKuW,QAAQrC,OAAOlU,KAAK+V,GAAG5B,SAChCmC,IAGLtW,KAAK8V,EAAI9V,KAAKuW,QACArC,OAAOlU,KAAK+V,GACZ7B,OAAO,CAAE,IACTA,OAAOoC,GACPnC,SACdnU,KAAK+V,EAAI/V,KAAKuW,QAAQrC,OAAOlU,KAAK+V,GAAG5B,SACvC,EAEAqB,EAAS1V,UAAU2W,OAAS,SAAgBT,EAASC,EAAYjS,EAAK0S,GAE1C,iBAAfT,IACTS,EAAS1S,EACTA,EAAMiS,EACNA,EAAa,MAGfD,EAAU5Z,EAAMU,QAAQkZ,EAASC,GACjCjS,EAAM5H,EAAMU,QAAQkH,EAAK0S,GAEzB9Y,EAAOoY,EAAQxZ,QAAWwD,KAAK2V,WAAa,EACrC,mCAAqC3V,KAAK2V,WAAa,SAE9D3V,KAAKsT,QAAQ0C,EAAQ7P,OAAOnC,GAAO,KACnChE,KAAK4V,QAAU,CACjB,EAEAJ,EAAS1V,UAAUU,SAAW,SAAkBF,EAAKvD,EAAKiH,EAAK0S,GAC7D,GAAI1W,KAAK4V,QAAU5V,KAAK6V,eACtB,MAAUzU,MAAM,sBAGC,iBAARrE,IACT2Z,EAAS1S,EACTA,EAAMjH,EACNA,EAAM,MAIJiH,IACFA,EAAM5H,EAAMU,QAAQkH,EAAK0S,GAAU,OACnC1W,KAAKsT,QAAQtP,IAIf,IADA,IAAI2S,EAAO,GACJA,EAAKna,OAAS8D,GACnBN,KAAK+V,EAAI/V,KAAKuW,QAAQrC,OAAOlU,KAAK+V,GAAG5B,SACrCwC,EAAOA,EAAKxQ,OAAOnG,KAAK+V,GAG1B,IAAIpZ,EAAMga,EAAKzZ,MAAM,EAAGoD,GAGxB,OAFAN,KAAKsT,QAAQtP,GACbhE,KAAK4V,UACExZ,EAAMsB,OAAOf,EAAKI,EAC3B,EC5GA,IAAIa,GAASxB,EAAMwB,OAEnB,SAASgZ,GAAQC,EAAI9B,GACnB/U,KAAK6W,GAAKA,EACV7W,KAAK8W,KAAO,KACZ9W,KAAK+W,IAAM,KAGPhC,EAAQ+B,MACV9W,KAAKgX,eAAejC,EAAQ+B,KAAM/B,EAAQkC,SACxClC,EAAQgC,KACV/W,KAAKkX,cAAcnC,EAAQgC,IAAKhC,EAAQoC,OAC5C,CACA,OAAiBP,GAEjBA,GAAQQ,WAAa,SAAoBP,EAAIE,EAAKha,GAChD,OAAIga,aAAeH,GACVG,EAEF,IAAIH,GAAQC,EAAI,CACrBE,IAAKA,EACLI,OAAQpa,GAEZ,EAEA6Z,GAAQS,YAAc,SAAqBR,EAAIC,EAAM/Z,GACnD,OAAI+Z,aAAgBF,GACXE,EAEF,IAAIF,GAAQC,EAAI,CACrBC,KAAMA,EACNG,QAASla,GAEb,EAGA6Z,GAAQ9W,UAAUmD,SAAW,WAC3B,IAAI8T,EAAM/W,KAAKsX,YAEf,OAAIP,EAAI5K,aACC,CAAEoL,QAAQ,EAAOC,OAAQ,sBAC7BT,EAAI9T,WAEJ8T,EAAItO,IAAIzI,KAAK6W,GAAG/T,MAAMnC,GAAGwL,aAGvB,CAAEoL,QAAQ,EAAMC,OAAQ,MAFtB,CAAED,QAAQ,EAAOC,OAAQ,uBAFzB,CAAED,QAAQ,EAAOC,OAAQ,4BAKpC,EAEAZ,GAAQ9W,UAAUwX,UAAY,SAAmBva,EAAK+I,GAIpD,OAHK9F,KAAK+W,MACR/W,KAAK+W,IAAM/W,KAAK6W,GAAG3U,EAAEuG,IAAIzI,KAAK8W,OAE3B/Z,EAGEiD,KAAK+W,IAAIrZ,OAAOX,EAAK+I,GAFnB9F,KAAK+W,GAGhB,EAEAH,GAAQ9W,UAAU2X,WAAa,SAAoB1a,GACjD,MAAY,QAARA,EACKiD,KAAK8W,KAAKja,SAAS,GAAI,GAEvBmD,KAAK8W,IAChB,EAEAF,GAAQ9W,UAAUkX,eAAiB,SAAwBnX,EAAK9C,GAK9D,GAJAiD,KAAK8W,KAAO,IAAIzW,EAAGR,EAAK9C,GAAO,IAIJ,SAAvBiD,KAAK6W,GAAG/T,MAAMtB,KAAiB,CACjC,IAAIQ,EAAMhC,KAAK6W,GAAG/T,MAAMd,IACpB0V,EAAO1V,EAAI2V,MAAM,KAASxQ,IAAInF,GAAK2V,MAAM,GAC7C3X,KAAK8W,KAAO9W,KAAK8W,KAAKc,GAAG5V,EAAI2V,MAAM,MACnC3X,KAAK8W,KAAO9W,KAAK8W,KAAKe,IAAIH,QAI1B1X,KAAK8W,KAAO9W,KAAK8W,KAAK1F,KAAKpR,KAAK6W,GAAG/T,MAAMnC,EAC7C,EAEAiW,GAAQ9W,UAAUoX,cAAgB,SAAuBrX,EAAK9C,GAC5D,GAAI8C,EAAIkG,GAAKlG,EAAIkF,EAWf,MAP2B,SAAvB/E,KAAK6W,GAAG/T,MAAMtB,KAChB5D,GAAOiC,EAAIkG,EAAG,qBACkB,UAAvB/F,KAAK6W,GAAG/T,MAAMtB,MACS,YAAvBxB,KAAK6W,GAAG/T,MAAMtB,MACvB5D,GAAOiC,EAAIkG,GAAKlG,EAAIkF,EAAG,qCAEzB/E,KAAK+W,IAAM/W,KAAK6W,GAAG/T,MAAME,MAAMnD,EAAIkG,EAAGlG,EAAIkF,IAG5C/E,KAAK+W,IAAM/W,KAAK6W,GAAG/T,MAAM2C,YAAY5F,EAAK9C,EAC5C,EAGA6Z,GAAQ9W,UAAUgY,OAAS,SAAgBf,GACzC,OAAOA,EAAItO,IAAIzI,KAAK8W,MAAM9Q,MAC5B,EAGA4Q,GAAQ9W,UAAUiY,KAAO,SAAcrb,EAAKK,EAAKgY,GAC/C,OAAO/U,KAAK6W,GAAGkB,KAAKrb,EAAKsD,KAAMjD,EAAKgY,EACtC,EAEA6B,GAAQ9W,UAAUkY,OAAS,SAAgBtb,EAAKub,GAC9C,OAAOjY,KAAK6W,GAAGmB,OAAOtb,EAAKub,EAAWjY,KACxC,EAEA4W,GAAQ9W,UAAUoM,QAAU,WAC1B,MAAO,eAAiBlM,KAAK8W,MAAQ9W,KAAK8W,KAAKja,SAAS,GAAI,IACrD,UAAYmD,KAAK+W,KAAO/W,KAAK+W,IAAI7K,WAAa,IACvD,ECnHA,IAAItO,GAASxB,EAAMwB,OAEnB,SAASsa,GAAUnD,EAAShY,GAC1B,GAAIgY,aAAmBmD,GACrB,OAAOnD,EAEL/U,KAAKmY,WAAWpD,EAAShY,KAG7Ba,GAAOmX,EAAQ5Y,GAAK4Y,EAAQhM,EAAG,4BAC/B/I,KAAK7D,EAAI,IAAIkE,EAAG0U,EAAQ5Y,EAAG,IAC3B6D,KAAK+I,EAAI,IAAI1I,EAAG0U,EAAQhM,EAAG,SACGhJ,IAA1BgV,EAAQqD,cACVpY,KAAKoY,cAAgB,KAErBpY,KAAKoY,cAAgBrD,EAAQqD,cACjC,CACA,OAAiBF,GAEjB,SAASG,KACPrY,KAAKsY,MAAQ,CACf,CAEA,SAASC,GAAUC,EAAK9W,GACtB,IAAI+W,EAAUD,EAAI9W,EAAE4W,SACpB,KAAgB,IAAVG,GACJ,OAAOA,EAIT,IAFA,IAAIC,EAAqB,GAAVD,EACXE,EAAM,EACD/b,EAAI,EAAGgc,EAAMlX,EAAE4W,MAAO1b,EAAI8b,EAAU9b,IAAKgc,IAChDD,IAAQ,EACRA,GAAOH,EAAII,GAGb,OADAlX,EAAE4W,MAAQM,EACHD,CACT,CAEA,SAASE,GAAUL,GAGjB,IAFA,IAAI5b,EAAI,EACJ0D,EAAMkY,EAAIhc,OAAS,GACfgc,EAAI5b,MAAqB,IAAb4b,EAAI5b,EAAI,KAAcA,EAAI0D,GAC5C1D,IAEF,OAAU,IAANA,EACK4b,EAEFA,EAAItb,MAAMN,EACnB,CAwCA,SAASkc,GAAgBnb,EAAK2C,GAC5B,GAAIA,EAAM,IACR3C,EAAIP,KAAKkD,OADX,CAIA,IAAIyY,EAAS,GAAK3T,KAAK4T,IAAI1Y,GAAO8E,KAAK6T,MAAQ,GAE/C,IADAtb,EAAIP,KAAc,IAAT2b,KACAA,GACPpb,EAAIP,KAAMkD,KAASyY,GAAU,GAAM,KAErCpb,EAAIP,KAAKkD,GACX,CAjDA4X,GAAUpY,UAAUqY,WAAa,SAAoBe,EAAMnc,GACzDmc,EAAO9c,EAAMU,QAAQoc,EAAMnc,GAC3B,IAAI2E,EAAI,IAAI2W,GACZ,GAAwB,KAApBa,EAAKxX,EAAE4W,SACT,OAAO,EAGT,GADUC,GAAUW,EAAMxX,GACfA,EAAE4W,QAAWY,EAAK1c,OAC3B,OAAO,EAET,GAAwB,IAApB0c,EAAKxX,EAAE4W,SACT,OAAO,EAET,IAAIa,EAAOZ,GAAUW,EAAMxX,GACvBvF,EAAI+c,EAAKhc,MAAMwE,EAAE4W,MAAOa,EAAOzX,EAAE4W,OAErC,GADA5W,EAAE4W,OAASa,EACa,IAApBD,EAAKxX,EAAE4W,SACT,OAAO,EAET,IAAIc,EAAOb,GAAUW,EAAMxX,GAC3B,GAAIwX,EAAK1c,SAAW4c,EAAO1X,EAAE4W,MAC3B,OAAO,EAET,IAAIvP,EAAImQ,EAAKhc,MAAMwE,EAAE4W,MAAOc,EAAO1X,EAAE4W,OAYrC,OAXa,IAATnc,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEe,MAAM,IAED,IAAT6L,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAE7L,MAAM,IAGd8C,KAAK7D,EAAI,IAAIkE,EAAGlE,GAChB6D,KAAK+I,EAAI,IAAI1I,EAAG0I,GAChB/I,KAAKoY,cAAgB,MAEd,CACT,EAeAF,GAAUpY,UAAUuZ,MAAQ,SAAetc,GACzC,IAAIZ,EAAI6D,KAAK7D,EAAEW,UACXiM,EAAI/I,KAAK+I,EAAEjM,UAYf,IATW,IAAPX,EAAE,KACJA,EAAI,CAAE,GAAIgK,OAAOhK,IAER,IAAP4M,EAAE,KACJA,EAAI,CAAE,GAAI5C,OAAO4C,IAEnB5M,EAAI0c,GAAU1c,GACd4M,EAAI8P,GAAU9P,KAENA,EAAE,IAAe,IAAPA,EAAE,KAClBA,EAAIA,EAAE7L,MAAM,GAEd,IAAIS,EAAM,CAAE,GACZmb,GAAgBnb,EAAKxB,EAAEK,SACvBmB,EAAMA,EAAIwI,OAAOhK,IACbiB,KAAK,GACT0b,GAAgBnb,EAAKoL,EAAEvM,QACvB,IAAI8c,EAAW3b,EAAIwI,OAAO4C,GACtBpM,EAAM,CAAE,IAGZ,OAFAmc,GAAgBnc,EAAK2c,EAAS9c,QAC9BG,EAAMA,EAAIwJ,OAAOmT,GACVld,EAAMsB,OAAOf,EAAKI,EAC3B,EC9HA,IAAIa,GAASxB,EAAMwB,OAKnB,SAAS2b,GAAGxE,GACV,KAAM/U,gBAAgBuZ,IACpB,OAAO,IAAIA,GAAGxE,GAGO,iBAAZA,IACTnX,GAAOiX,EAAO2E,eAAezE,GAAU,iBAAmBA,GAE1DA,EAAUF,EAAOE,IAIfA,aAAmBF,EAAOC,cAC5BC,EAAU,CAAEjS,MAAOiS,IAErB/U,KAAK8C,MAAQiS,EAAQjS,MAAMA,MAC3B9C,KAAKW,EAAIX,KAAK8C,MAAMnC,EACpBX,KAAKyZ,GAAKzZ,KAAKW,EAAE+I,MAAM,GACvB1J,KAAKkC,EAAIlC,KAAK8C,MAAMZ,EAGpBlC,KAAKkC,EAAI6S,EAAQjS,MAAMZ,EACvBlC,KAAKkC,EAAEkE,WAAW2O,EAAQjS,MAAMnC,EAAE+F,YAAc,GAGhD1G,KAAK6T,KAAOkB,EAAQlB,MAAQkB,EAAQjS,MAAM+Q,IAC5C,CACA,OAAiB0F,GAEjBA,GAAGzZ,UAAU4Z,QAAU,SAAiB3E,GACtC,OAAO,IAAI6B,GAAQ5W,KAAM+U,EAC3B,EAEAwE,GAAGzZ,UAAU6Z,eAAiB,SAAwB7C,EAAM/Z,GAC1D,OAAO6Z,GAAQS,YAAYrX,KAAM8W,EAAM/Z,EACzC,EAEAwc,GAAGzZ,UAAU8Z,cAAgB,SAAuB7C,EAAKha,GACvD,OAAO6Z,GAAQQ,WAAWpX,KAAM+W,EAAKha,EACvC,EAEAwc,GAAGzZ,UAAU+Z,WAAa,SAAoB9E,GACvCA,IACHA,EAAU,IAGZ,IAAI+E,EAAO,IAAItE,EAAS,CACtB3B,KAAM7T,KAAK6T,KACXuC,KAAMrB,EAAQqB,KACdC,QAAStB,EAAQsB,SAAW,OAC5BL,QAASjB,EAAQiB,SAAWvV,EAAKT,KAAK6T,KAAKT,cAC3C6C,WAAYlB,EAAQiB,SAAWjB,EAAQkB,YAAc,OACrDC,MAAOlW,KAAKW,EAAE7D,YAIhB,GAAwB,SAApBkD,KAAK8C,MAAMtB,KAAiB,CAC9B,IAAIsV,EAAO,IAAIzW,EAAGyZ,EAAKtZ,SAAS,KAChC,OAAOR,KAAK2Z,eAAe7C,GAK7B,IAFA,IAAI3W,EAAQH,KAAKW,EAAE+E,aACfqU,EAAM/Z,KAAKW,EAAEwG,IAAI,IAAI9G,EAAG,MACzB,CAED,MADIyW,EAAO,IAAIzW,EAAGyZ,EAAKtZ,SAASL,KACvB6E,IAAI+U,GAAO,GAIpB,OADAjD,EAAKkD,MAAM,GACJha,KAAK2Z,eAAe7C,GAE/B,EAEAyC,GAAGzZ,UAAUma,aAAe,SAAqBvd,EAAKwd,EAAWC,GAE/D,IAAIpL,GADJoL,EAAUA,GAA8B,EAAnBzd,EAAIgJ,cACH1F,KAAKW,EAAE+F,YAG7B,OAFIqI,EAAQ,IACVrS,EAAMA,EAAIgN,MAAMqF,KACbmL,GAAaxd,EAAIsI,IAAIhF,KAAKW,IAAM,EAC5BjE,EAAIyK,IAAInH,KAAKW,GAEbjE,CACX,EAEA6c,GAAGzZ,UAAUsa,YAAe,SAAqB1d,GAE/C,IAAIyd,EAUJ,OATIzd,aAAemE,YACjBsZ,EAA2B,EAAjBzd,EAAIgJ,WACdhJ,EAAMsD,KAAKia,aAAa,IAAI5Z,EAAG3D,EAAK,KAAK,EAAOyd,IACxB,iBAARzd,GAChByd,EAAuB,EAAbzd,EAAIF,OACdE,EAAMsD,KAAKia,aAAa,IAAI5Z,EAAG3D,EAAK,KAAK,EAAOyd,IAEhDzd,EAAMsD,KAAKia,aAAa,IAAI5Z,EAAG3D,EAAK,KAE/BA,CACT,EAEA6c,GAAGzZ,UAAUiY,KAAO,SAAcrb,EAAKmD,EAAK9C,EAAKgY,GAC5B,iBAARhY,IACTgY,EAAUhY,EACVA,EAAM,MAEHgY,IACHA,EAAU,IAEZlV,EAAMG,KAAK2Z,eAAe9Z,EAAK9C,GAC/BL,EAAMsD,KAAKoa,YAAY1d,GAqBvB,IAlBA,IAAIyD,EAAQH,KAAKW,EAAE+E,aACf2U,EAAOxa,EAAI4X,aAAa3a,QAAQ,KAAMqD,GAGtC+V,EAAQxZ,EAAII,QAAQ,KAAMqD,GAG1B2Z,EAAO,IAAItE,EAAS,CACtB3B,KAAM7T,KAAK6T,KACXmC,QAASqE,EACTnE,MAAOA,EACPE,KAAMrB,EAAQqB,KACdC,QAAStB,EAAQsB,SAAW,SAI1BiE,EAAMta,KAAKW,EAAEwG,IAAI,IAAI9G,EAAG,IAEnBka,EAAO,GAASA,IAAQ,CAC/B,IAAInc,EAAI2W,EAAQ3W,EACZ2W,EAAQ3W,EAAEmc,GACV,IAAIla,EAAGyZ,EAAKtZ,SAASR,KAAKW,EAAE+E,eAEhC,MADAtH,EAAI4B,KAAKia,aAAa7b,GAAG,IACnBE,KAAK,IAAM,GAAKF,EAAE4G,IAAIsV,IAAQ,GAApC,CAGA,IAAIE,EAAKxa,KAAKkC,EAAEuG,IAAIrK,GACpB,IAAIoc,EAAGrO,aAAP,CAGA,IAAIsO,EAAMD,EAAGxU,OACT7J,EAAIse,EAAIrJ,KAAKpR,KAAKW,GACtB,GAAkB,IAAdxE,EAAEmC,KAAK,GAAX,CAGA,IAAIyK,EAAI3K,EAAEsc,KAAK1a,KAAKW,GAAG8H,IAAItM,EAAEsM,IAAI5I,EAAI4X,cAAcrH,KAAK1T,IAExD,GAAkB,KADlBqM,EAAIA,EAAEqI,KAAKpR,KAAKW,IACVrC,KAAK,GAAX,CAGA,IAAI8Z,GAAiBoC,EAAGvU,OAAOzH,QAAU,EAAI,IACT,IAAfic,EAAIzV,IAAI7I,GAAW,EAAI,GAQ5C,OALI4Y,EAAQ4F,WAAa5R,EAAE/D,IAAIhF,KAAKyZ,IAAM,IACxC1Q,EAAI/I,KAAKW,EAAEwG,IAAI4B,GACfqP,GAAiB,GAGZ,IAAIF,GAAU,CAAE/b,EAAGA,EAAG4M,EAAGA,EAAGqP,cAAeA,QAEtD,EAEAmB,GAAGzZ,UAAUkY,OAAS,SAAgBtb,EAAKub,EAAWpY,EAAK9C,GAMzD,OALA8C,EAAMG,KAAK4Z,cAAc/Z,EAAK9C,GAC9Bkb,EAAY,IAAIC,GAAUD,EAAW,OAE3BjY,KAAK4a,QAAQ5a,KAAKoa,YAAY1d,GAAMub,EAAWpY,IACzDG,KAAK4a,QAAQ5a,KAAKia,aAAa,IAAI5Z,EAAG3D,EAAK,KAAMub,EAAWpY,EAE9D,EAEA0Z,GAAGzZ,UAAU8a,QAAU,SAAiBle,EAAKub,EAAWpY,GAEtD,IAAI1D,EAAI8b,EAAU9b,EACd4M,EAAIkP,EAAUlP,EAClB,GAAI5M,EAAEmC,KAAK,GAAK,GAAKnC,EAAE6I,IAAIhF,KAAKW,IAAM,EACpC,OAAO,EACT,GAAIoI,EAAEzK,KAAK,GAAK,GAAKyK,EAAE/D,IAAIhF,KAAKW,IAAM,EACpC,OAAO,EAGT,IAeIe,EAfAmZ,EAAO9R,EAAE2R,KAAK1a,KAAKW,GACnBvB,EAAKyb,EAAKpS,IAAI/L,GAAK0U,KAAKpR,KAAKW,GAC7BtB,EAAKwb,EAAKpS,IAAItM,GAAGiV,KAAKpR,KAAKW,GAE/B,OAAKX,KAAK8C,MAAMF,gBAWZlB,EAAI1B,KAAKkC,EAAEuK,QAAQrN,EAAIS,EAAIyX,YAAajY,IACtC8M,cAMCzK,EAAEsO,OAAO7T,KAjBVuF,EAAI1B,KAAKkC,EAAEsK,OAAOpN,EAAIS,EAAIyX,YAAajY,IACrC8M,cAGkC,IAAjCzK,EAAEsE,OAAOoL,KAAKpR,KAAKW,GAAGqE,IAAI7I,EAcrC,EAEAod,GAAGzZ,UAAUgb,cAAgB,SAASpe,EAAKub,EAAWzU,EAAGzG,GACvDa,IAAQ,EAAI4F,KAAOA,EAAG,4CACtByU,EAAY,IAAIC,GAAUD,EAAWlb,GAErC,IAAI4D,EAAIX,KAAKW,EACTW,EAAI,IAAIjB,EAAG3D,GACXP,EAAI8b,EAAU9b,EACd4M,EAAIkP,EAAUlP,EAGdgS,EAAa,EAAJvX,EACTwX,EAAcxX,GAAK,EACvB,GAAIrH,EAAE6I,IAAIhF,KAAK8C,MAAMpB,EAAE0P,KAAKpR,KAAK8C,MAAMnC,KAAO,GAAKqa,EACjD,MAAU5Z,MAAM,wCAIhBjF,EADE6e,EACEhb,KAAK8C,MAAM6C,WAAWxJ,EAAE6H,IAAIhE,KAAK8C,MAAMnC,GAAIoa,GAE3C/a,KAAK8C,MAAM6C,WAAWxJ,EAAG4e,GAE/B,IAAIE,EAAOhD,EAAU9b,EAAEue,KAAK/Z,GACxBsM,EAAKtM,EAAEwG,IAAI7F,GAAGmH,IAAIwS,GAAM7J,KAAKzQ,GAC7BuM,EAAKnE,EAAEN,IAAIwS,GAAM7J,KAAKzQ,GAI1B,OAAOX,KAAKkC,EAAEsK,OAAOS,EAAI9Q,EAAG+Q,EAC9B,EAEAqM,GAAGzZ,UAAUob,oBAAsB,SAAS5Z,EAAG2W,EAAWkD,EAAGpe,GAE3D,GAAgC,QADhCkb,EAAY,IAAIC,GAAUD,EAAWlb,IACvBqb,cACZ,OAAOH,EAAUG,cAEnB,IAAK,IAAIxb,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAC1B,IAAIwe,EACJ,IACEA,EAASpb,KAAK8a,cAAcxZ,EAAG2W,EAAWrb,GAC1C,MAAO0E,GACP,SAGF,GAAI8Z,EAAO5V,GAAG2V,GACZ,OAAOve,EAEX,MAAUwE,MAAM,uCAClB,ECxQA,IAAIxD,GAASxB,EAAMwB,OACfsC,GAAa9D,EAAM8D,WACnBT,GAAiBrD,EAAMqD,eAW3B,SAASmX,GAAQyE,EAAOC,GAItB,GAHAtb,KAAKqb,MAAQA,EACTC,EAAO9B,eAAe,YACxBxZ,KAAKub,QAAUrb,GAAWob,EAAOE,SAC/BH,EAAMI,QAAQH,EAAOvE,KACvB/W,KAAK0b,KAAOJ,EAAOvE,SAMnB,GAJA/W,KAAK2b,UAAYzb,GAAWob,EAAOvE,KAC/B/W,KAAK2b,WAAuC,KAA1B3b,KAAK2b,UAAUnf,QACX,KAAtBwD,KAAK2b,UAAU,KACjB3b,KAAK2b,UAAY3b,KAAK2b,UAAUze,MAAM,EAAG,KACvC8C,KAAK2b,WAAuC,KAA1B3b,KAAK2b,UAAUnf,OACnC,MAAU4E,MAAM,mCAEtB,CAEAwV,GAAQQ,WAAa,SAAoBiE,EAAOtE,GAC9C,OAAIA,aAAeH,GACVG,EACF,IAAIH,GAAQyE,EAAO,CAAEtE,IAAKA,GACnC,EAEAH,GAAQgF,WAAa,SAAoBP,EAAOG,GAC9C,OAAIA,aAAkB5E,GACb4E,EACF,IAAI5E,GAAQyE,EAAO,CAAEG,OAAQA,GACtC,EAEA5E,GAAQ9W,UAAU0b,OAAS,WACzB,OAAOxb,KAAKub,OACd,EAEA9b,GAAemX,GAAS,YAAY,WAClC,OAAO5W,KAAKqb,MAAMQ,YAAY7b,KAAK+W,MACrC,IAEAtX,GAAemX,GAAS,OAAO,WAC7B,OAAI5W,KAAK2b,UACA3b,KAAKqb,MAAM5V,YAAYzF,KAAK2b,WAC9B3b,KAAKqb,MAAMnZ,EAAEuG,IAAIzI,KAAK8W,OAC/B,IAEArX,GAAemX,GAAS,aAAa,WACnC,IAAIyE,EAAQrb,KAAKqb,MACbxH,EAAO7T,KAAK6T,OACZiI,EAAST,EAAMU,eAAiB,EAGhCrY,EAAImQ,EAAK3W,MAAM,EAAGme,EAAMU,gBAK5B,OAJArY,EAAE,IAAM,IACRA,EAAEoY,IAAW,IACbpY,EAAEoY,IAAW,GAENpY,CACT,IAEAjE,GAAemX,GAAS,QAAQ,WAC9B,OAAO5W,KAAKqb,MAAMW,UAAUhc,KAAKic,YACnC,IAEAxc,GAAemX,GAAS,QAAQ,WAC9B,OAAO5W,KAAKqb,MAAMxH,OAAOK,OAAOlU,KAAKwb,UAAUrH,QACjD,IAEA1U,GAAemX,GAAS,iBAAiB,WACvC,OAAO5W,KAAK6T,OAAO3W,MAAM8C,KAAKqb,MAAMU,eACtC,IAEAnF,GAAQ9W,UAAUiY,KAAO,SAAcmE,GAErC,OADAte,GAAOoC,KAAKub,QAAS,2BACdvb,KAAKqb,MAAMtD,KAAKmE,EAASlc,KAClC,EAEA4W,GAAQ9W,UAAUkY,OAAS,SAAgBkE,EAASC,GAClD,OAAOnc,KAAKqb,MAAMrD,OAAOkE,EAASC,EAAKnc,KACzC,EAEA4W,GAAQ9W,UAAUsc,UAAY,SAAmBrf,GAE/C,OADAa,GAAOoC,KAAKub,QAAS,0BACdnf,EAAMsB,OAAOsC,KAAKwb,SAAUze,EACrC,EAEA6Z,GAAQ9W,UAAUwX,UAAY,SAAmBva,EAAK+I,GACpD,OAAO1J,EAAMsB,QAAQoI,EAAU,CAAE,IAAS,IAAIK,OAAOnG,KAAKqc,YAAatf,EACzE,EAEA,OAAiB6Z,GClGbhZ,GAASxB,EAAMwB,OACf6B,GAAiBrD,EAAMqD,eACvBS,GAAa9D,EAAM8D,WAUvB,SAASgY,GAAUmD,EAAOc,GACxBnc,KAAKqb,MAAQA,EAEM,iBAARc,IACTA,EAAMjc,GAAWic,IAEfnf,MAAMC,QAAQkf,KAChBA,EAAM,CACJG,EAAGH,EAAIjf,MAAM,EAAGme,EAAMU,gBACtBQ,EAAGJ,EAAIjf,MAAMme,EAAMU,kBAIvBne,GAAOue,EAAIG,GAAKH,EAAII,EAAG,4BAEnBlB,EAAMI,QAAQU,EAAIG,KACpBtc,KAAKwc,GAAKL,EAAIG,GACZH,EAAII,aAAalc,IACnBL,KAAKyc,GAAKN,EAAII,GAEhBvc,KAAK0c,UAAY1f,MAAMC,QAAQkf,EAAIG,GAAKH,EAAIG,EAAIH,EAAIQ,SACpD3c,KAAK4c,UAAY5f,MAAMC,QAAQkf,EAAII,GAAKJ,EAAII,EAAIJ,EAAIU,QACtD,CAEApd,GAAeyY,GAAW,KAAK,WAC7B,OAAOlY,KAAKqb,MAAMW,UAAUhc,KAAK6c,WACnC,IAEApd,GAAeyY,GAAW,KAAK,WAC7B,OAAOlY,KAAKqb,MAAM5V,YAAYzF,KAAK2c,WACrC,IAEAld,GAAeyY,GAAW,YAAY,WACpC,OAAOlY,KAAKqb,MAAMQ,YAAY7b,KAAKsc,IACrC,IAEA7c,GAAeyY,GAAW,YAAY,WACpC,OAAOlY,KAAKqb,MAAMyB,UAAU9c,KAAKuc,IACnC,IAEArE,GAAUpY,UAAUid,QAAU,WAC5B,OAAO/c,KAAK2c,WAAWxW,OAAOnG,KAAK6c,WACrC,EAEA3E,GAAUpY,UAAUrD,MAAQ,WAC1B,OAAOL,EAAMsB,OAAOsC,KAAK+c,UAAW,OAAOC,aAC7C,EAEA,OAAiB9E,GCzDbta,GAASxB,EAAMwB,OACfsC,GAAa9D,EAAM8D,WAIvB,SAAS+c,GAAMna,GAGb,GAFAlF,GAAiB,YAAVkF,EAAqB,qCAEtB9C,gBAAgBid,IACpB,OAAO,IAAIA,GAAMna,GAEfA,EAAQ+R,EAAO/R,GAAOA,MAC1B9C,KAAK8C,MAAQA,EACb9C,KAAKkC,EAAIY,EAAMZ,EACflC,KAAKkC,EAAEkE,WAAWtD,EAAMnC,EAAE+F,YAAc,GAExC1G,KAAKkd,WAAapa,EAAME,QAAQma,YAChCnd,KAAK+b,eAAiB3W,KAAKqB,KAAK3D,EAAMnC,EAAE+F,YAAc,GACtD1G,KAAK6T,KAAOA,EAAKc,MACnB,CAEA,OAAiBsI,GAOjBA,GAAMnd,UAAUiY,KAAO,SAAcmE,EAASV,GAC5CU,EAAUhc,GAAWgc,GACrB,IAAIrc,EAAMG,KAAKod,cAAc5B,GACzBrf,EAAI6D,KAAKqd,QAAQxd,EAAIyd,gBAAiBpB,GACtCI,EAAItc,KAAKkC,EAAEuG,IAAItM,GACfwgB,EAAW3c,KAAK6b,YAAYS,GAC5BiB,EAAKvd,KAAKqd,QAAQV,EAAU9c,EAAIwc,WAAYH,GAClCzT,IAAI5I,EAAIiX,QAClByF,EAAIpgB,EAAE6H,IAAIuZ,GAAInM,KAAKpR,KAAK8C,MAAMnC,GAClC,OAAOX,KAAKwd,cAAc,CAAElB,EAAGA,EAAGC,EAAGA,EAAGI,SAAUA,GACpD,EAQAM,GAAMnd,UAAUkY,OAAS,SAAgBkE,EAASC,EAAKpF,GACrDmF,EAAUhc,GAAWgc,GACrBC,EAAMnc,KAAKwd,cAAcrB,GACzB,IAAItc,EAAMG,KAAK4Z,cAAc7C,GACzB5J,EAAInN,KAAKqd,QAAQlB,EAAIQ,WAAY9c,EAAIwc,WAAYH,GACjDuB,EAAKzd,KAAKkC,EAAEuG,IAAI0T,EAAII,KAExB,OADcJ,EAAIG,IAAItY,IAAInE,EAAIkX,MAAMtO,IAAI0E,IACzB3H,GAAGiY,EACpB,EAEAR,GAAMnd,UAAUud,QAAU,WAExB,IADA,IAAIxJ,EAAO7T,KAAK6T,OACPjX,EAAI,EAAGA,EAAI8gB,UAAUlhB,OAAQI,IACpCiX,EAAKK,OAAOwJ,UAAU9gB,IACxB,OAAOR,EAAMgE,UAAUyT,EAAKM,UAAU/C,KAAKpR,KAAK8C,MAAMnC,EACxD,EAEAsc,GAAMnd,UAAU4Z,QAAU,SAAiB3E,GACzC,OAAO,IAAI6B,GAAQ5W,KAAM+U,EAC3B,EAEAkI,GAAMnd,UAAU8Z,cAAgB,SAAuB7C,GACrD,OAAOH,GAAQQ,WAAWpX,KAAM+W,EAClC,EAEAkG,GAAMnd,UAAUsd,cAAgB,SAAuB5B,GACrD,OAAO5E,GAAQgF,WAAW5b,KAAMwb,EAClC,EAEAyB,GAAMnd,UAAU+Z,WAAa,SAAoB9E,GAC1CA,IACHA,EAAU,IAGZ,IAAI+E,EAAO,IAAItE,EAAS,CACtB3B,KAAM7T,KAAK6T,KACXuC,KAAMrB,EAAQqB,KACdC,QAAStB,EAAQsB,SAAW,OAC5BL,QAASjB,EAAQiB,SAAWvV,EAAKT,KAAK6T,KAAKT,cAC3C6C,WAAYlB,EAAQiB,SAAWjB,EAAQkB,YAAc,OACrDC,MAAOlW,KAAK8C,MAAMnC,EAAE7D,YAGtB,OAAOkD,KAAKod,cAActD,EAAKtZ,SAAS,IAC1C,EAEAyc,GAAMnd,UAAU0d,cAAgB,SAAuBrB,GACrD,OAAIA,aAAejE,GACViE,EACF,IAAIjE,GAAUlY,KAAMmc,EAC7B,EAUAc,GAAMnd,UAAU+b,YAAc,SAAqB7Y,GACjD,IAAIjG,EAAMiG,EAAMiD,OAAOnJ,QAAQ,KAAMkD,KAAK+b,gBAE1C,OADAhf,EAAIiD,KAAK+b,eAAiB,IAAM/Y,EAAMgD,OAAOxH,QAAU,IAAO,EACvDzB,CACT,EAEAkgB,GAAMnd,UAAU2F,YAAc,SAAqBtF,GAGjD,IAAI2b,GAFJ3b,EAAQ/D,EAAM8D,WAAWC,IAEN3D,OAAS,EACxBmhB,EAASxd,EAAMjD,MAAM,EAAG4e,GAAQ3V,QAAuB,IAAhBhG,EAAM2b,IAC7C8B,EAAoC,IAAV,IAAhBzd,EAAM2b,IAEhB/W,EAAI3I,EAAMgE,UAAUud,GACxB,OAAO3d,KAAK8C,MAAM4O,WAAW3M,EAAG6Y,EAClC,EAEAX,GAAMnd,UAAUgd,UAAY,SAAmB9e,GAC7C,OAAOA,EAAIlB,QAAQ,KAAMkD,KAAK+b,eAChC,EAEAkB,GAAMnd,UAAUkc,UAAY,SAAmB7b,GAC7C,OAAO/D,EAAMgE,UAAUD,EACzB,EAEA8c,GAAMnd,UAAU2b,QAAU,SAAiB9C,GACzC,OAAOA,aAAe3Y,KAAKkd,UAC7B,0BC1IA,IAAIW,EAAWxhB,EAEfwhB,EAASzhB,MAAQ8V,EACjB2L,EAASpd,KAAO2R,EAChByL,EAAS/a,MAAQuP,EACjBwL,EAAShJ,OAAStC,EAGlBsL,EAAShH,GAAKlD,GACdkK,EAASxC,MAAQyC"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/elliptic.mjs b/app/node_modules/openpgp/dist/lightweight/elliptic.mjs deleted file mode 100644 index 1bcd8eb8d..000000000 --- a/app/node_modules/openpgp/dist/lightweight/elliptic.mjs +++ /dev/null @@ -1,4313 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -import { c as createCommonjsModule, m as minimalisticAssert, i as inherits_browser, u as utils, b as common, d as common$1, _ as _224, e as _256, f as _384, g as _512, r as ripemd } from './openpgp.mjs'; -import bn from './bn.mjs'; - -var utils_1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - return res; - } - if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } else { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } - return res; -} -utils.toArray = toArray; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -utils.zero2 = zero2; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -utils.toHex = toHex; - -utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; -}; -}); - -var utils_1$1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - - - - -utils.assert = minimalisticAssert; -utils.toArray = utils_1.toArray; -utils.zero2 = utils_1.zero2; -utils.toHex = utils_1.toHex; -utils.encode = utils_1.encode; - -// Represent num in a w-NAF form -function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; - } - naf.push(z); - - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.iushrn(shift); - } - - return naf; -} -utils.getNAF = getNAF; - -// Represent k1, k2 in a Joint Sparse Form -function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; - } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; - } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.iushrn(1); - k2.iushrn(1); - } - - return jsf; -} -utils.getJSF = getJSF; - -function cachedProperty(obj, name, computer) { - var key = '_' + name; - obj.prototype[name] = function cachedProperty() { - return this[key] !== undefined ? this[key] : - this[key] = computer.call(this); - }; -} -utils.cachedProperty = cachedProperty; - -function parseBytes(bytes) { - return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') : - bytes; -} -utils.parseBytes = parseBytes; - -function intFromLE(bytes) { - return new bn(bytes, 'hex', 'le'); -} -utils.intFromLE = intFromLE; -}); - -var r; - -var brorand = function rand(len) { - if (!r) - r = new Rand(null); - - return r.generate(len); -}; - -function Rand(rand) { - this.rand = rand; -} -var Rand_1 = Rand; - -Rand.prototype.generate = function generate(len) { - return this._rand(len); -}; - -// Emulate crypto API using randy -Rand.prototype._rand = function _rand(n) { - if (this.rand.getBytes) - return this.rand.getBytes(n); - - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; -}; - -if (typeof self === 'object') { - if (self.crypto && self.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.crypto.getRandomValues(arr); - return arr; - }; - } else if (self.msCrypto && self.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.msCrypto.getRandomValues(arr); - return arr; - }; - - // Safari's WebWorkers do not have `crypto` - } else if (typeof window === 'object') { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; - } -} else { - // Node.js or Web worker with no crypto support - try { - var crypto = void('crypto'); - if (typeof crypto.randomBytes !== 'function') - throw new Error('Not supported'); - - Rand.prototype._rand = function _rand(n) { - return crypto.randomBytes(n); - }; - } catch (e) { - } -} -brorand.Rand = Rand_1; - -var getNAF = utils_1$1.getNAF; -var getJSF = utils_1$1.getJSF; -var assert = utils_1$1.assert; - -function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); - - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); - - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); - - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); - - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); - - // Generalized Greg Maxwell's trick - var adjustCount = this.n && this.p.div(this.n); - if (!adjustCount || adjustCount.cmpn(100) > 0) { - this.redN = null; - } else { - this._maxwellTrick = true; - this.redN = this.n.toRed(this.red); - } -} -var base = BaseCurve; - -BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); -}; - -BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); -}; - -BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - assert(p.precomputed); - var doubles = p._getDoubles(); - - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; - - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); - } - - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); - } - a = a.add(b); - } - return a.toP(); -}; - -BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; - - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; - - // Get NAF form - var naf = getNAF(k, w); - - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); - - if (i < 0) - break; - var z = naf[i]; - assert(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } - } - return p.type === 'affine' ? acc.toP() : acc; -}; - -BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len, - jacobianResult) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; - - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; - } - - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; - } - - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; - - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } - - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; - - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; - - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } - } - - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; - - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; - - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); - - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); - } - } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - - if (jacobianResult) - return acc; - else - return acc.toP(); -}; - -function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; -} -BaseCurve.BasePoint = BasePoint; - -BasePoint.prototype.eq = function eq(/*other*/) { - throw new Error('Not implemented'); -}; - -BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); -}; - -BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - bytes = utils_1$1.toArray(bytes, enc); - - var len = this.p.byteLength(); - - // uncompressed, hybrid-odd, hybrid-even - if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) && - bytes.length - 1 === 2 * len) { - if (bytes[0] === 0x06) - assert(bytes[bytes.length - 1] % 2 === 0); - else if (bytes[0] === 0x07) - assert(bytes[bytes.length - 1] % 2 === 1); - - var res = this.point(bytes.slice(1, 1 + len), - bytes.slice(1 + len, 1 + 2 * len)); - - return res; - } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) && - bytes.length - 1 === len) { - return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03); - } - throw new Error('Unknown point format'); -}; - -BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) { - return this.encode(enc, true); -}; - -BasePoint.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - var x = this.getX().toArray('be', len); - - if (compact) - return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); - - return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; -}; - -BasePoint.prototype.encode = function encode(enc, compact) { - return utils_1$1.encode(this._encode(compact), enc); -}; - -BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; - - var precomputed = { - doubles: null, - naf: null, - beta: null - }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; - - return this; -}; - -BasePoint.prototype._hasDoubles = function _hasDoubles(k) { - if (!this.precomputed) - return false; - - var doubles = this.precomputed.doubles; - if (!doubles) - return false; - - return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); -}; - -BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; - - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; -}; - -BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; - - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; -}; - -BasePoint.prototype._getBeta = function _getBeta() { - return null; -}; - -BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; -}; - -var assert$1 = utils_1$1.assert; - -function ShortCurve(conf) { - base.call(this, 'short', conf); - - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); - - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; - - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); -} -inherits_browser(ShortCurve, base); -var short_1 = ShortCurve; - -ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; - - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; - } else { - lambda = lambdas[1]; - assert$1(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); - } - } - - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); - } else { - basis = this._getEndoBasis(lambda); - } - - return { - beta: beta, - lambda: lambda, - basis: basis - }; -}; - -ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); - - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; -}; - -ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2)); - - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); - - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; - - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); - - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; - } - prevR = r; - - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; - } - a2 = r.neg(); - b2 = x; - - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; - } - - // Normalize signs - if (a1.negative) { - a1 = a1.neg(); - b1 = b1.neg(); - } - if (a2.negative) { - a2 = a2.neg(); - b2 = b2.neg(); - } - - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; -}; - -ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); - - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; -}; - -ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; - -ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; - - var x = point.x; - var y = point.y; - - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; -}; - -ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs, jacobianResult) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); - - if (split.k1.negative) { - split.k1.ineg(); - p = p.neg(true); - } - if (split.k2.negative) { - split.k2.ineg(); - beta = beta.neg(true); - } - - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); - - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; - } - return res; -}; - -function Point(curve, x, y, isRed) { - base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); - } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; - } -} -inherits_browser(Point, base.BasePoint); - -ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); -}; - -ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); -}; - -Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; - - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; - - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; -}; - -Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; - - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; -}; - -Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; - - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); - } - - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) - } - }; - return res; -}; - -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point.prototype.isInfinity = function isInfinity() { - return this.inf; -}; - -Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; - - // P + O = P - if (p.inf) - return this; - - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); - - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); - - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; - -Point.prototype.dbl = function dbl() { - if (this.inf) - return this; - - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - - var a = this.curve.a; - - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; - -Point.prototype.getX = function getX() { - return this.x.fromRed(); -}; - -Point.prototype.getY = function getY() { - return this.y.fromRed(); -}; - -Point.prototype.mul = function mul(k) { - k = new bn(k, 16); - if (this.isInfinity()) - return this; - else if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); -}; - -Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); -}; - -Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs, true); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2, true); -}; - -Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); -}; - -Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; - - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) - } - }; - } - return res; -}; - -Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); - - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; -}; - -function JPoint(curve, x, y, z) { - base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); - } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - - this.zOne = this.z === this.curve.one; -} -inherits_browser(JPoint, base.BasePoint); - -ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); -}; - -JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); - - return this.curve.point(ax, ay); -}; - -JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); -}; - -JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; - - // P + O = P - if (p.isInfinity()) - return this; - - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } - - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); - - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); - - // P + O = P - if (p.isInfinity()) - return this; - - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } - - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); - - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); - - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; - } - - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; - - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); - - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); - - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); - - jx = nx; - jz = nz; - jyd = dny; - } - - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); -}; - -JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); -}; - -JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); - - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); - - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); - - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; - - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); - - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); - - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); - - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); - - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); - - return this.curve._wnafMul(this, k); -}; - -JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); - - if (this === p) - return true; - - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; - - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; -}; - -JPoint.prototype.eqXToP = function eqXToP(x) { - var zs = this.z.redSqr(); - var rx = x.toRed(this.curve.red).redMul(zs); - if (this.x.cmp(rx) === 0) - return true; - - var xc = x.clone(); - var t = this.curve.redN.redMul(zs); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; - - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; - -JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; - -function MontCurve(conf) { - base.call(this, 'mont', conf); - - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - // Note: this implementation is according to the original paper - // by P. Montgomery, NOT the one by D. J. Bernstein. - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); -} -inherits_browser(MontCurve, base); -var mont = MontCurve; - -MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); - - return y.redSqr().cmp(rhs) === 0; -}; - -function Point$1(curve, x, z) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } -} -inherits_browser(Point$1, base.BasePoint); - -MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - var bytes = utils_1$1.toArray(bytes, enc); - - // TODO Curve448 - // Montgomery curve points must be represented in the compressed format - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (bytes.length === 33 && bytes[0] === 0x40) - bytes = bytes.slice(1, 33).reverse(); // point must be little-endian - if (bytes.length !== 32) - throw new Error('Unknown point compression format'); - return this.point(bytes, 1); -}; - -MontCurve.prototype.point = function point(x, z) { - return new Point$1(this, x, z); -}; - -MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$1.fromJSON(this, obj); -}; - -Point$1.prototype.precompute = function precompute() { - // No-op -}; - -Point$1.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - - // Note: the output should always be little-endian - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (compact) { - return [ 0x40 ].concat(this.getX().toArray('le', len)); - } else { - return this.getX().toArray('be', len); - } -}; - -Point$1.fromJSON = function fromJSON(curve, obj) { - return new Point$1(curve, obj[0], obj[1] || curve.one); -}; - -Point$1.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point$1.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; - -Point$1.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A - - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); -}; - -Point$1.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A - - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); -}; - -Point$1.prototype.mul = function mul(k) { - k = new bn(k, 16); - - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q - - for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1)) - bits.push(t.andln(1)); - - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); - } - } - return b; -}; - -Point$1.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.jumlAdd = function jumlAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.eq = function eq(other) { - return this.getX().cmp(other.getX()) === 0; -}; - -Point$1.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; -}; - -Point$1.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); - - return this.x.fromRed(); -}; - -var assert$2 = utils_1$1.assert; - -function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - - base.call(this, 'edwards', conf); - - this.a = new bn(conf.a, 16).umod(this.red.m); - this.a = this.a.toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); - - assert$2(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; -} -inherits_browser(EdwardsCurve, base); -var edwards = EdwardsCurve; - -EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); -}; - -EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); -}; - -// Just for compatibility with Short curve -EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); -}; - -EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); - - var y2 = rhs.redMul(lhs.redInvm()); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; - -EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) { - y = new bn(y, 16); - if (!y.red) - y = y.toRed(this.red); - - // x^2 = (y^2 - c^2) / (c^2 d y^2 - a) - var y2 = y.redSqr(); - var lhs = y2.redSub(this.c2); - var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a); - var x2 = lhs.redMul(rhs.redInvm()); - - if (x2.cmp(this.zero) === 0) { - if (odd) - throw new Error('invalid point'); - else - return this.point(this.zero, y); - } - - var x = x2.redSqrt(); - if (x.redSqr().redSub(x2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - if (x.fromRed().isOdd() !== odd) - x = x.redNeg(); - - return this.point(x, y); -}; - -EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; - - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); - - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - - return lhs.cmp(rhs) === 0; -}; - -function Point$2(curve, x, y, z, t) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; - - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } -} -inherits_browser(Point$2, base.BasePoint); - -EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$2.fromJSON(this, obj); -}; - -EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point$2(this, x, y, z, t); -}; - -Point$2.fromJSON = function fromJSON(curve, obj) { - return new Point$2(curve, obj[0], obj[1], obj[2]); -}; - -Point$2.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point$2.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - (this.y.cmp(this.z) === 0 || - (this.zOne && this.y.cmp(this.curve.c) === 0)); -}; - -Point$2.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S - - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); - - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); - } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.z).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); -}; - -Point$2.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M - - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; - - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); -}; - -Point$2.prototype.mul = function mul(k) { - if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); -}; - -Point$2.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false); -}; - -Point$2.prototype.jmulAdd = function jmulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true); -}; - -Point$2.prototype.normalize = function normalize() { - if (this.zOne) - return this; - - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; -}; - -Point$2.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); -}; - -Point$2.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); -}; - -Point$2.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); -}; - -Point$2.prototype.eq = function eq(other) { - return this === other || - this.getX().cmp(other.getX()) === 0 && - this.getY().cmp(other.getY()) === 0; -}; - -Point$2.prototype.eqXToP = function eqXToP(x) { - var rx = x.toRed(this.curve.red).redMul(this.z); - if (this.x.cmp(rx) === 0) - return true; - - var xc = x.clone(); - var t = this.curve.redN.redMul(this.z); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; - - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; - -// Compatibility with BaseCurve -Point$2.prototype.toP = Point$2.prototype.normalize; -Point$2.prototype.mixedAdd = Point$2.prototype.add; - -var curve_1 = createCommonjsModule(function (module, exports) { - -var curve = exports; - -curve.base = base; -curve.short = short_1; -curve.mont = mont; -curve.edwards = edwards; -}); - -var rotl32 = utils.rotl32; -var sum32 = utils.sum32; -var sum32_5 = utils.sum32_5; -var ft_1 = common.ft_1; -var BlockHash = common$1.BlockHash; - -var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 -]; - -function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); - - BlockHash.call(this); - this.h = [ - 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); -} - -utils.inherits(SHA1, BlockHash); -var _1 = SHA1; - -SHA1.blockSize = 512; -SHA1.outSize = 160; -SHA1.hmacStrength = 80; -SHA1.padLength = 64; - -SHA1.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - - for(; i < W.length; i++) - W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - - for (i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32(b, 30); - b = a; - a = t; - } - - this.h[0] = sum32(this.h[0], a); - this.h[1] = sum32(this.h[1], b); - this.h[2] = sum32(this.h[2], c); - this.h[3] = sum32(this.h[3], d); - this.h[4] = sum32(this.h[4], e); -}; - -SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -var sha1 = _1; -var sha224 = _224; -var sha256 = _256; -var sha384 = _384; -var sha512 = _512; - -var sha = { - sha1: sha1, - sha224: sha224, - sha256: sha256, - sha384: sha384, - sha512: sha512 -}; - -function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; - - this._init(utils.toArray(key, enc)); -} -var hmac = Hmac; - -Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - minimalisticAssert(key.length <= this.blockSize); - - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); - - for (i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); - - // 0x36 ^ 0x5c = 0x6a - for (i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); -}; - -Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); - return this; -}; - -Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); -}; - -var hash_1 = createCommonjsModule(function (module, exports) { -var hash = exports; - -hash.utils = utils; -hash.common = common$1; -hash.sha = sha; -hash.ripemd = ripemd; -hash.hmac = hmac; - -// Proxy hash functions to the main object -hash.sha1 = hash.sha.sha1; -hash.sha256 = hash.sha.sha256; -hash.sha224 = hash.sha.sha224; -hash.sha384 = hash.sha.sha384; -hash.sha512 = hash.sha.sha512; -hash.ripemd160 = hash.ripemd.ripemd160; -}); - -var secp256k1 = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] - } -}; - -var curves_1 = createCommonjsModule(function (module, exports) { - -var curves = exports; - - - - - -var assert = utils_1$1.assert; - -function PresetCurve(options) { - if (options.type === 'short') - this.curve = new curve_1.short(options); - else if (options.type === 'edwards') - this.curve = new curve_1.edwards(options); - else if (options.type === 'mont') - this.curve = new curve_1.mont(options); - else throw new Error('Unknown curve type.'); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; - - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O'); -} -curves.PresetCurve = PresetCurve; - -function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } - }); -} - -defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash_1.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] -}); - -defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash_1.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] -}); - -defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash_1.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] -}); - -defineCurve('p384', { - type: 'short', - prime: null, - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 ffffffff', - a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 fffffffc', - b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' + - '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef', - n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' + - 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973', - hash: hash_1.sha384, - gRed: false, - g: [ - 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' + - '5502f25d bf55296c 3a545e38 72760ab7', - '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' + - '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f' - ] -}); - -defineCurve('p521', { - type: 'short', - prime: null, - p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff', - a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff fffffffc', - b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' + - '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' + - '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00', - n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' + - 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409', - hash: hash_1.sha512, - gRed: false, - g: [ - '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' + - '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' + - 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66', - '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' + - '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' + - '3fad0761 353c7086 a272c240 88be9476 9fd16650' - ] -}); - -// https://tools.ietf.org/html/rfc7748#section-4.1 -defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '1', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '9' - ] -}); - -defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.4 -defineCurve('brainpoolP256r1', { - type: 'short', - prime: null, - p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377', - a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9', - b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6', - n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7', - hash: hash_1.sha256, // or 384, or 512 - gRed: false, - g: [ - '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', - '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.6 -defineCurve('brainpoolP384r1', { - type: 'short', - prime: null, - p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' + - 'ACD3A729 901D1A71 87470013 3107EC53', - a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' + - '8AA5814A 503AD4EB 04A8C7DD 22CE2826', - b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' + - '7CB43902 95DBC994 3AB78696 FA504C11', - n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' + - 'CF3AB6AF 6B7FC310 3B883202 E9046565', - hash: hash_1.sha384, // or 512 - gRed: false, - g: [ - '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' + - 'E8E826E03436D646AAEF87B2E247D4AF1E', - '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' + - '280E4646217791811142820341263C5315' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.7 -defineCurve('brainpoolP512r1', { - type: 'short', - prime: null, - p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' + - '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3', - a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' + - '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA', - b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' + - '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723', - n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' + - '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069', - hash: hash_1.sha512, - gRed: false, - g: [ - '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' + - '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', - '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' + - '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892' - ] -}); - -// https://en.bitcoin.it/wiki/Secp256k1 -var pre; -try { - pre = secp256k1; -} catch (e) { - pre = undefined; -} - -defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash_1.sha256, - - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' - } - ], - - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] -}); -}); - -function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; - - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; - - this._reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; - - var entropy = utils_1.toArray(options.entropy, options.entropyEnc || 'hex'); - var nonce = utils_1.toArray(options.nonce, options.nonceEnc || 'hex'); - var pers = utils_1.toArray(options.pers, options.persEnc || 'hex'); - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); -} -var hmacDrbg = HmacDRBG; - -HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); - - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; - } - - this._update(seed); - this._reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 -}; - -HmacDRBG.prototype._hmac = function hmac() { - return new hash_1.hmac(this.hash, this.K); -}; - -HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; - - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); -}; - -HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; - } - - entropy = utils_1.toArray(entropy, entropyEnc); - add = utils_1.toArray(add, addEnc); - - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - - this._update(entropy.concat(add || [])); - this._reseed = 1; -}; - -HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this._reseed > this.reseedInterval) - throw new Error('Reseed is required'); - - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; - } - - // Optional additional data - if (add) { - add = utils_1.toArray(add, addEnc || 'hex'); - this._update(add); - } - - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); - } - - var res = temp.slice(0, len); - this._update(add); - this._reseed++; - return utils_1.encode(res, enc); -}; - -var assert$3 = utils_1$1.assert; - -function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; - - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); -} -var key = KeyPair; - -KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; - - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); -}; - -KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; - - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); -}; - -// TODO: should not validate for X25519 -KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); - - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; - - return { result: true, reason: null }; -}; - -KeyPair.prototype.getPublic = function getPublic(enc, compact) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); - - if (!enc) - return this.pub; - - return this.pub.encode(enc, compact); -}; - -KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; -}; - -KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // For Curve25519/Curve448 we have a specific procedure. - // TODO Curve448 - if (this.ec.curve.type === 'mont') { - var one = this.ec.curve.one; - var mask = one.ushln(255 - 3).sub(one).ushln(3); - this.priv = this.priv.or(one.ushln(255 - 1)); - this.priv = this.priv.and(mask); - } else - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.umod(this.ec.curve.n); -}; - -KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - // Montgomery points only have an `x` coordinate. - // Weierstrass/Edwards points on the other hand have both `x` and - // `y` coordinates. - if (this.ec.curve.type === 'mont') { - assert$3(key.x, 'Need x coordinate'); - } else if (this.ec.curve.type === 'short' || - this.ec.curve.type === 'edwards') { - assert$3(key.x && key.y, 'Need both x and y coordinate'); - } - this.pub = this.ec.curve.point(key.x, key.y); - return; - } - this.pub = this.ec.curve.decodePoint(key, enc); -}; - -// ECDH -KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); -}; - -// ECDSA -KeyPair.prototype.sign = function sign(msg, enc, options) { - return this.ec.sign(msg, this, enc, options); -}; - -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); -}; - -KeyPair.prototype.inspect = function inspect() { - return ''; -}; - -var assert$4 = utils_1$1.assert; - -function Signature(options, enc) { - if (options instanceof Signature) - return options; - - if (this._importDER(options, enc)) - return; - - assert$4(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); - if (options.recoveryParam === undefined) - this.recoveryParam = null; - else - this.recoveryParam = options.recoveryParam; -} -var signature = Signature; - -function Position() { - this.place = 0; -} - -function getLength(buf, p) { - var initial = buf[p.place++]; - if (!(initial & 0x80)) { - return initial; - } - var octetLen = initial & 0xf; - var val = 0; - for (var i = 0, off = p.place; i < octetLen; i++, off++) { - val <<= 8; - val |= buf[off]; - } - p.place = off; - return val; -} - -function rmPadding(buf) { - var i = 0; - var len = buf.length - 1; - while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) { - i++; - } - if (i === 0) { - return buf; - } - return buf.slice(i); -} - -Signature.prototype._importDER = function _importDER(data, enc) { - data = utils_1$1.toArray(data, enc); - var p = new Position(); - if (data[p.place++] !== 0x30) { - return false; - } - var len = getLength(data, p); - if ((len + p.place) !== data.length) { - return false; - } - if (data[p.place++] !== 0x02) { - return false; - } - var rlen = getLength(data, p); - var r = data.slice(p.place, rlen + p.place); - p.place += rlen; - if (data[p.place++] !== 0x02) { - return false; - } - var slen = getLength(data, p); - if (data.length !== slen + p.place) { - return false; - } - var s = data.slice(p.place, slen + p.place); - if (r[0] === 0 && (r[1] & 0x80)) { - r = r.slice(1); - } - if (s[0] === 0 && (s[1] & 0x80)) { - s = s.slice(1); - } - - this.r = new bn(r); - this.s = new bn(s); - this.recoveryParam = null; - - return true; -}; - -function constructLength(arr, len) { - if (len < 0x80) { - arr.push(len); - return; - } - var octets = 1 + (Math.log(len) / Math.LN2 >>> 3); - arr.push(octets | 0x80); - while (--octets) { - arr.push((len >>> (octets << 3)) & 0xff); - } - arr.push(len); -} - -Signature.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); - - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); - - r = rmPadding(r); - s = rmPadding(s); - - while (!s[0] && !(s[1] & 0x80)) { - s = s.slice(1); - } - var arr = [ 0x02 ]; - constructLength(arr, r.length); - arr = arr.concat(r); - arr.push(0x02); - constructLength(arr, s.length); - var backHalf = arr.concat(s); - var res = [ 0x30 ]; - constructLength(res, backHalf.length); - res = res.concat(backHalf); - return utils_1$1.encode(res, enc); -}; - -var assert$5 = utils_1$1.assert; - - - - -function EC(options) { - if (!(this instanceof EC)) - return new EC(options); - - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert$5(curves_1.hasOwnProperty(options), 'Unknown curve ' + options); - - options = curves_1[options]; - } - - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof curves_1.PresetCurve) - options = { curve: options }; - - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.ushrn(1); - this.g = this.curve.g; - - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); - - // Hash function for DRBG - this.hash = options.hash || options.curve.hash; -} -var ec = EC; - -EC.prototype.keyPair = function keyPair(options) { - return new key(this, options); -}; - -EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return key.fromPrivate(this, priv, enc); -}; - -EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return key.fromPublic(this, pub, enc); -}; - -EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.n.toArray() - }); - - // Key generation for curve25519 is simpler - if (this.curve.type === 'mont') { - var priv = new bn(drbg.generate(32)); - return this.keyFromPrivate(priv); - } - - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; - - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); -}; - -EC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) { - bitSize = bitSize || msg.byteLength() * 8; - var delta = bitSize - this.n.bitLength(); - if (delta > 0) - msg = msg.ushrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; -}; - -EC.prototype.truncateMsg = function truncateMSG(msg) { - // Bit size is only determined correctly for Uint8Arrays and hex strings - var bitSize; - if (msg instanceof Uint8Array) { - bitSize = msg.byteLength * 8; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else if (typeof msg === 'string') { - bitSize = msg.length * 4; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else { - msg = this._truncateToN(new bn(msg, 16)); - } - return msg; -}; - -EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this.truncateMsg(msg); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray('be', bytes); - - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray('be', bytes); - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - entropy: bkey, - nonce: nonce, - pers: options.pers, - persEnc: options.persEnc || 'utf8' - }); - - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); - - for (var iter = 0; true; iter++) { - var k = options.k ? - options.k(iter) : - new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; - - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; - - var kpX = kp.getX(); - var r = kpX.umod(this.n); - if (r.cmpn(0) === 0) - continue; - - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); - s = s.umod(this.n); - if (s.cmpn(0) === 0) - continue; - - var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | - (kpX.cmp(r) !== 0 ? 2 : 0); - - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) { - s = this.n.sub(s); - recoveryParam ^= 1; - } - - return new signature({ r: r, s: s, recoveryParam: recoveryParam }); - } -}; - -EC.prototype.verify = function verify(msg, signature$1, key, enc) { - key = this.keyFromPublic(key, enc); - signature$1 = new signature(signature$1, 'hex'); - // Fallback to the old code - var ret = this._verify(this.truncateMsg(msg), signature$1, key) || - this._verify(this._truncateToN(new bn(msg, 16)), signature$1, key); - return ret; -}; - -EC.prototype._verify = function _verify(msg, signature, key) { - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; - - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).umod(this.n); - var u2 = sinv.mul(r).umod(this.n); - - if (!this.curve._maxwellTrick) { - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - return p.getX().umod(this.n).cmp(r) === 0; - } - - // NOTE: Greg Maxwell's trick, inspired by: - // https://git.io/vad3K - - var p = this.g.jmulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - // Compare `p.x` of Jacobian point with `r`, - // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the - // inverse of `p.z^2` - return p.eqXToP(r); -}; - -EC.prototype.recoverPubKey = function(msg, signature$1, j, enc) { - assert$5((3 & j) === j, 'The recovery param is more than two bits'); - signature$1 = new signature(signature$1, enc); - - var n = this.n; - var e = new bn(msg); - var r = signature$1.r; - var s = signature$1.s; - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = j & 1; - var isSecondKey = j >> 1; - if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) - throw new Error('Unable to find sencond key candinate'); - - // 1.1. Let x = r + jn. - if (isSecondKey) - r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); - else - r = this.curve.pointFromX(r, isYOdd); - - var rInv = signature$1.r.invm(n); - var s1 = n.sub(e).mul(rInv).umod(n); - var s2 = s.mul(rInv).umod(n); - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - return this.g.mulAdd(s1, r, s2); -}; - -EC.prototype.getKeyRecoveryParam = function(e, signature$1, Q, enc) { - signature$1 = new signature(signature$1, enc); - if (signature$1.recoveryParam !== null) - return signature$1.recoveryParam; - - for (var i = 0; i < 4; i++) { - var Qprime; - try { - Qprime = this.recoverPubKey(e, signature$1, i); - } catch (e) { - continue; - } - - if (Qprime.eq(Q)) - return i; - } - throw new Error('Unable to find valid recovery factor'); -}; - -var assert$6 = utils_1$1.assert; -var parseBytes = utils_1$1.parseBytes; -var cachedProperty = utils_1$1.cachedProperty; - -/** -* @param {EDDSA} eddsa - instance -* @param {Object} params - public/private key parameters -* -* @param {Array} [params.secret] - secret seed bytes -* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms) -* @param {Array} [params.pub] - public key point encoded as bytes -* -*/ -function KeyPair$1(eddsa, params) { - this.eddsa = eddsa; - if (params.hasOwnProperty('secret')) - this._secret = parseBytes(params.secret); - if (eddsa.isPoint(params.pub)) - this._pub = params.pub; - else { - this._pubBytes = parseBytes(params.pub); - if (this._pubBytes && this._pubBytes.length === 33 && - this._pubBytes[0] === 0x40) - this._pubBytes = this._pubBytes.slice(1, 33); - if (this._pubBytes && this._pubBytes.length !== 32) - throw new Error('Unknown point compression format'); - } -} - -KeyPair$1.fromPublic = function fromPublic(eddsa, pub) { - if (pub instanceof KeyPair$1) - return pub; - return new KeyPair$1(eddsa, { pub: pub }); -}; - -KeyPair$1.fromSecret = function fromSecret(eddsa, secret) { - if (secret instanceof KeyPair$1) - return secret; - return new KeyPair$1(eddsa, { secret: secret }); -}; - -KeyPair$1.prototype.secret = function secret() { - return this._secret; -}; - -cachedProperty(KeyPair$1, 'pubBytes', function pubBytes() { - return this.eddsa.encodePoint(this.pub()); -}); - -cachedProperty(KeyPair$1, 'pub', function pub() { - if (this._pubBytes) - return this.eddsa.decodePoint(this._pubBytes); - return this.eddsa.g.mul(this.priv()); -}); - -cachedProperty(KeyPair$1, 'privBytes', function privBytes() { - var eddsa = this.eddsa; - var hash = this.hash(); - var lastIx = eddsa.encodingLength - 1; - - // https://tools.ietf.org/html/rfc8032#section-5.1.5 - var a = hash.slice(0, eddsa.encodingLength); - a[0] &= 248; - a[lastIx] &= 127; - a[lastIx] |= 64; - - return a; -}); - -cachedProperty(KeyPair$1, 'priv', function priv() { - return this.eddsa.decodeInt(this.privBytes()); -}); - -cachedProperty(KeyPair$1, 'hash', function hash() { - return this.eddsa.hash().update(this.secret()).digest(); -}); - -cachedProperty(KeyPair$1, 'messagePrefix', function messagePrefix() { - return this.hash().slice(this.eddsa.encodingLength); -}); - -KeyPair$1.prototype.sign = function sign(message) { - assert$6(this._secret, 'KeyPair can only verify'); - return this.eddsa.sign(message, this); -}; - -KeyPair$1.prototype.verify = function verify(message, sig) { - return this.eddsa.verify(message, sig, this); -}; - -KeyPair$1.prototype.getSecret = function getSecret(enc) { - assert$6(this._secret, 'KeyPair is public only'); - return utils_1$1.encode(this.secret(), enc); -}; - -KeyPair$1.prototype.getPublic = function getPublic(enc, compact) { - return utils_1$1.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc); -}; - -var key$1 = KeyPair$1; - -var assert$7 = utils_1$1.assert; -var cachedProperty$1 = utils_1$1.cachedProperty; -var parseBytes$1 = utils_1$1.parseBytes; - -/** -* @param {EDDSA} eddsa - eddsa instance -* @param {Array|Object} sig - -* @param {Array|Point} [sig.R] - R point as Point or bytes -* @param {Array|bn} [sig.S] - S scalar as bn or bytes -* @param {Array} [sig.Rencoded] - R point encoded -* @param {Array} [sig.Sencoded] - S scalar encoded -*/ -function Signature$1(eddsa, sig) { - this.eddsa = eddsa; - - if (typeof sig !== 'object') - sig = parseBytes$1(sig); - - if (Array.isArray(sig)) { - sig = { - R: sig.slice(0, eddsa.encodingLength), - S: sig.slice(eddsa.encodingLength) - }; - } - - assert$7(sig.R && sig.S, 'Signature without R or S'); - - if (eddsa.isPoint(sig.R)) - this._R = sig.R; - if (sig.S instanceof bn) - this._S = sig.S; - - this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded; - this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded; -} - -cachedProperty$1(Signature$1, 'S', function S() { - return this.eddsa.decodeInt(this.Sencoded()); -}); - -cachedProperty$1(Signature$1, 'R', function R() { - return this.eddsa.decodePoint(this.Rencoded()); -}); - -cachedProperty$1(Signature$1, 'Rencoded', function Rencoded() { - return this.eddsa.encodePoint(this.R()); -}); - -cachedProperty$1(Signature$1, 'Sencoded', function Sencoded() { - return this.eddsa.encodeInt(this.S()); -}); - -Signature$1.prototype.toBytes = function toBytes() { - return this.Rencoded().concat(this.Sencoded()); -}; - -Signature$1.prototype.toHex = function toHex() { - return utils_1$1.encode(this.toBytes(), 'hex').toUpperCase(); -}; - -var signature$1 = Signature$1; - -var assert$8 = utils_1$1.assert; -var parseBytes$2 = utils_1$1.parseBytes; - - - -function EDDSA(curve) { - assert$8(curve === 'ed25519', 'only tested with ed25519 so far'); - - if (!(this instanceof EDDSA)) - return new EDDSA(curve); - - var curve = curves_1[curve].curve; - this.curve = curve; - this.g = curve.g; - this.g.precompute(curve.n.bitLength() + 1); - - this.pointClass = curve.point().constructor; - this.encodingLength = Math.ceil(curve.n.bitLength() / 8); - this.hash = hash_1.sha512; -} - -var eddsa = EDDSA; - -/** -* @param {Array|String} message - message bytes -* @param {Array|String|KeyPair} secret - secret bytes or a keypair -* @returns {Signature} - signature -*/ -EDDSA.prototype.sign = function sign(message, secret) { - message = parseBytes$2(message); - var key = this.keyFromSecret(secret); - var r = this.hashInt(key.messagePrefix(), message); - var R = this.g.mul(r); - var Rencoded = this.encodePoint(R); - var s_ = this.hashInt(Rencoded, key.pubBytes(), message) - .mul(key.priv()); - var S = r.add(s_).umod(this.curve.n); - return this.makeSignature({ R: R, S: S, Rencoded: Rencoded }); -}; - -/** -* @param {Array} message - message bytes -* @param {Array|String|Signature} sig - sig bytes -* @param {Array|String|Point|KeyPair} pub - public key -* @returns {Boolean} - true if public key matches sig of message -*/ -EDDSA.prototype.verify = function verify(message, sig, pub) { - message = parseBytes$2(message); - sig = this.makeSignature(sig); - var key = this.keyFromPublic(pub); - var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message); - var SG = this.g.mul(sig.S()); - var RplusAh = sig.R().add(key.pub().mul(h)); - return RplusAh.eq(SG); -}; - -EDDSA.prototype.hashInt = function hashInt() { - var hash = this.hash(); - for (var i = 0; i < arguments.length; i++) - hash.update(arguments[i]); - return utils_1$1.intFromLE(hash.digest()).umod(this.curve.n); -}; - -EDDSA.prototype.keyPair = function keyPair(options) { - return new key$1(this, options); -}; - -EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) { - return key$1.fromPublic(this, pub); -}; - -EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) { - return key$1.fromSecret(this, secret); -}; - -EDDSA.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.curve.n.toArray() - }); - - return this.keyFromSecret(drbg.generate(32)); -}; - -EDDSA.prototype.makeSignature = function makeSignature(sig) { - if (sig instanceof signature$1) - return sig; - return new signature$1(this, sig); -}; - -/** -* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2 -* -* EDDSA defines methods for encoding and decoding points and integers. These are -* helper convenience methods, that pass along to utility functions implied -* parameters. -* -*/ -EDDSA.prototype.encodePoint = function encodePoint(point) { - var enc = point.getY().toArray('le', this.encodingLength); - enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0; - return enc; -}; - -EDDSA.prototype.decodePoint = function decodePoint(bytes) { - bytes = utils_1$1.parseBytes(bytes); - - var lastIx = bytes.length - 1; - var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80); - var xIsOdd = (bytes[lastIx] & 0x80) !== 0; - - var y = utils_1$1.intFromLE(normed); - return this.curve.pointFromY(y, xIsOdd); -}; - -EDDSA.prototype.encodeInt = function encodeInt(num) { - return num.toArray('le', this.encodingLength); -}; - -EDDSA.prototype.decodeInt = function decodeInt(bytes) { - return utils_1$1.intFromLE(bytes); -}; - -EDDSA.prototype.isPoint = function isPoint(val) { - return val instanceof this.pointClass; -}; - -var elliptic_1 = createCommonjsModule(function (module, exports) { - -var elliptic = exports; - -elliptic.utils = utils_1$1; -elliptic.rand = brorand; -elliptic.curve = curve_1; -elliptic.curves = curves_1; - -// Protocols -elliptic.ec = ec; -elliptic.eddsa = eddsa; -}); - -export default elliptic_1; -export { elliptic_1 as __moduleExports }; diff --git a/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.min.mjs b/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.min.mjs new file mode 100644 index 000000000..e2dccbe09 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.min.mjs @@ -0,0 +1,3 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{enums as t}from"./openpgp.min.mjs";function i(t,i,e,n,s,o){const r=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],h=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],a=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],f=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],u=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],y=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,k,g,m,S,b,z,d,w,A,B=0,N=i.length;const _=32===t.length?3:9;d=3===_?e?[0,32,2]:[30,-2,-2]:e?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],e&&(i=function(t){const i=8-t.length%8;let e;if(!(i<8)){if(8===i)return t;throw Error("des: invalid padding")}e=0;const n=new Uint8Array(t.length+i);for(let i=0;i>>4^z),z^=g,b^=g<<4,g=65535&(b>>>16^z),z^=g,b^=g<<16,g=858993459&(z>>>2^b),b^=g,z^=g<<2,g=16711935&(z>>>8^b),b^=g,z^=g<<8,g=1431655765&(b>>>1^z),z^=g,b^=g<<1,b=b<<1|b>>>31,z=z<<1|z>>>31,k=0;k<_;k+=3){for(w=d[k+1],A=d[k+2],p=d[k];p!==w;p+=A)m=z^t[p],S=(z>>>4|z<<28)^t[p+1],g=b,b=z,z=g^(h[m>>>24&63]|a[m>>>16&63]|l[m>>>8&63]|y[63&m]|r[S>>>24&63]|c[S>>>16&63]|f[S>>>8&63]|u[63&S]);g=b,b=z,z=g}b=b>>>1|b<<31,z=z>>>1|z<<31,g=1431655765&(b>>>1^z),z^=g,b^=g<<1,g=16711935&(z>>>8^b),b^=g,z^=g<<8,g=858993459&(z>>>2^b),b^=g,z^=g<<2,g=65535&(b>>>16^z),z^=g,b^=g<<16,g=252645135&(b>>>4^z),z^=g,b^=g<<4,x[E++]=b>>>24,x[E++]=b>>>16&255,x[E++]=b>>>8&255,x[E++]=255&b,x[E++]=z>>>24,x[E++]=z>>>16&255,x[E++]=z>>>8&255,x[E++]=255&z}return e||(x=function(t){let i,e=null;if(i=0,!e){for(e=1;t[t.length-e]===i;)e++;e--}return t.subarray(0,t.length-e)}(x)),x}function e(t){const i=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],e=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],s=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],o=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],r=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],h=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],a=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],f=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],u=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],y=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],k=t.length>8?3:1,g=Array(32*k),m=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let S,b,z,d=0,w=0;for(let A=0;A>>4^A),A^=z,k^=z<<4,z=65535&(A>>>-16^k),k^=z,A^=z<<-16,z=858993459&(k>>>2^A),A^=z,k^=z<<2,z=65535&(A>>>-16^k),k^=z,A^=z<<-16,z=1431655765&(k>>>1^A),A^=z,k^=z<<1,z=16711935&(A>>>8^k),k^=z,A^=z<<8,z=1431655765&(k>>>1^A),A^=z,k^=z<<1,z=k<<8|A>>>20&240,k=A<<24|A<<8&16711680|A>>>8&65280|A>>>24&240,A=z;for(let t=0;t<16;t++)m[t]?(k=k<<2|k>>>26,A=A<<2|A>>>26):(k=k<<1|k>>>27,A=A<<1|A>>>27),k&=-15,A&=-15,S=i[k>>>28]|e[k>>>24&15]|n[k>>>20&15]|s[k>>>16&15]|o[k>>>12&15]|r[k>>>8&15]|h[k>>>4&15],b=c[A>>>28]|a[A>>>24&15]|f[A>>>20&15]|l[A>>>16&15]|u[A>>>12&15]|y[A>>>8&15]|p[A>>>4&15],z=65535&(b>>>16^S),g[w++]=S^z,g[w++]=b^z<<16}return g}function n(t){this.key=[];for(let i=0;i<3;i++)this.key.push(new Uint8Array(t.subarray(8*i,8*i+8)));this.encrypt=function(t){return i(e(this.key[2]),i(e(this.key[1]),i(e(this.key[0]),t,!0),!1),!0)}}function s(){this.BlockSize=8,this.KeySize=16,this.setKey=function(t){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),t.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(t),!0},this.reset=function(){for(let t=0;t<16;t++)this.masking[t]=0,this.rotate[t]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(t){const i=Array(t.length);for(let o=0;o>>24&255,i[o+1]=c>>>16&255,i[o+2]=c>>>8&255,i[o+3]=255&c,i[o+4]=h>>>24&255,i[o+5]=h>>>16&255,i[o+6]=h>>>8&255,i[o+7]=255&h}return i},this.decrypt=function(t){const i=Array(t.length);for(let o=0;o>>24&255,i[o+1]=c>>>16&255,i[o+2]=c>>>8&255,i[o+3]=255&c,i[o+4]=h>>>24&255,i[o+5]=h>>16&255,i[o+6]=h>>8&255,i[o+7]=255&h}return i};const t=[,,,,];t[0]=[,,,,],t[0][0]=[4,0,13,15,12,14,8],t[0][1]=[5,2,16,18,17,19,10],t[0][2]=[6,3,23,22,21,20,9],t[0][3]=[7,1,26,25,27,24,11],t[1]=[,,,,],t[1][0]=[0,6,21,23,20,22,16],t[1][1]=[1,4,0,2,1,3,18],t[1][2]=[2,5,7,6,5,4,17],t[1][3]=[3,7,10,9,11,8,19],t[2]=[,,,,],t[2][0]=[4,0,13,15,12,14,8],t[2][1]=[5,2,16,18,17,19,10],t[2][2]=[6,3,23,22,21,20,9],t[2][3]=[7,1,26,25,27,24,11],t[3]=[,,,,],t[3][0]=[0,6,21,23,20,22,16],t[3][1]=[1,4,0,2,1,3,18],t[3][2]=[2,5,7,6,5,4,17],t[3][3]=[3,7,10,9,11,8,19];const i=[,,,,];function e(t,i,e){const n=i+t,s=n<>>32-e;return(o[0][s>>>24]^o[1][s>>>16&255])-o[2][s>>>8&255]+o[3][255&s]}function n(t,i,e){const n=i^t,s=n<>>32-e;return o[0][s>>>24]-o[1][s>>>16&255]+o[2][s>>>8&255]^o[3][255&s]}function s(t,i,e){const n=i-t,s=n<>>32-e;return(o[0][s>>>24]+o[1][s>>>16&255]^o[2][s>>>8&255])-o[3][255&s]}i[0]=[,,,,],i[0][0]=[24,25,23,22,18],i[0][1]=[26,27,21,20,22],i[0][2]=[28,29,19,18,25],i[0][3]=[30,31,17,16,28],i[1]=[,,,,],i[1][0]=[3,2,12,13,8],i[1][1]=[1,0,14,15,13],i[1][2]=[7,6,8,9,3],i[1][3]=[5,4,10,11,7],i[2]=[,,,,],i[2][0]=[19,18,28,29,25],i[2][1]=[17,16,30,31,28],i[2][2]=[23,22,24,25,18],i[2][3]=[21,20,26,27,22],i[3]=[,,,,],i[3][0]=[8,9,7,6,3],i[3][1]=[10,11,5,4,7],i[3][2]=[12,13,3,2,8],i[3][3]=[14,15,1,0,13],this.keySchedule=function(e){const n=[,,,,,,,,],s=Array(32);let r;for(let t=0;t<4;t++)r=4*t,n[t]=e[r]<<24|e[r+1]<<16|e[r+2]<<8|e[r+3];const h=[6,7,4,5];let c,a=0;for(let e=0;e<2;e++)for(let e=0;e<4;e++){for(r=0;r<4;r++){const i=t[e][r];c=n[i[1]],c^=o[4][n[i[2]>>>2]>>>24-8*(3&i[2])&255],c^=o[5][n[i[3]>>>2]>>>24-8*(3&i[3])&255],c^=o[6][n[i[4]>>>2]>>>24-8*(3&i[4])&255],c^=o[7][n[i[5]>>>2]>>>24-8*(3&i[5])&255],c^=o[h[r]][n[i[6]>>>2]>>>24-8*(3&i[6])&255],n[i[0]]=c}for(r=0;r<4;r++){const t=i[e][r];c=o[4][n[t[0]>>>2]>>>24-8*(3&t[0])&255],c^=o[5][n[t[1]>>>2]>>>24-8*(3&t[1])&255],c^=o[6][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=o[7][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=o[4+r][n[t[4]>>>2]>>>24-8*(3&t[4])&255],s[a]=c,a++}}for(let t=0;t<16;t++)this.masking[t]=s[t],this.rotate[t]=31&s[16+t]};const o=[,,,,,,,,];o[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],o[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],o[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],o[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],o[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],o[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],o[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],o[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function o(t){this.cast5=new s,this.cast5.setKey(t),this.encrypt=function(t){return this.cast5.encrypt(t)}}n.keySize=n.prototype.keySize=24,n.blockSize=n.prototype.blockSize=8,o.blockSize=o.prototype.blockSize=8,o.keySize=o.prototype.keySize=16;const r=4294967295;function h(t,i){return(t<>>32-i)&r}function c(t,i){return t[i]|t[i+1]<<8|t[i+2]<<16|t[i+3]<<24}function a(t,i,e){t.splice(i,4,255&e,e>>>8&255,e>>>16&255,e>>>24&255)}function f(t,i){return t>>>8*i&255}function l(t){this.tf=function(){let t=null,i=null,e=-1,n=[],s=[[],[],[],[]];function o(t){return s[0][f(t,0)]^s[1][f(t,1)]^s[2][f(t,2)]^s[3][f(t,3)]}function l(t){return s[0][f(t,3)]^s[1][f(t,0)]^s[2][f(t,1)]^s[3][f(t,2)]}function u(t,i){let e=o(i[0]),s=l(i[1]);i[2]=h(i[2]^e+s+n[4*t+8]&r,31),i[3]=h(i[3],1)^e+2*s+n[4*t+9]&r,e=o(i[2]),s=l(i[3]),i[0]=h(i[0]^e+s+n[4*t+10]&r,31),i[1]=h(i[1],1)^e+2*s+n[4*t+11]&r}function y(t,i){let e=o(i[0]),s=l(i[1]);i[2]=h(i[2],1)^e+s+n[4*t+10]&r,i[3]=h(i[3]^e+2*s+n[4*t+11]&r,31),e=o(i[2]),s=l(i[3]),i[0]=h(i[0],1)^e+s+n[4*t+8]&r,i[1]=h(i[1]^e+2*s+n[4*t+9]&r,31)}return{name:"twofish",blocksize:16,open:function(i){let e,o,a,l,u;t=i;const y=[],p=[],k=[];let g;const m=[];let S,b,z;const d=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],A=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],B=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],N=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],_=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],x=[[],[]],E=[[],[],[],[]];function K(t){return t^t>>2^[0,90,180,238][3&t]}function O(t){return t^t>>1^t>>2^[0,238,180,90][3&t]}function C(t,i){let e,n,s;for(e=0;e<8;e++)n=i>>>24,i=i<<8&r|t>>>24,t=t<<8&r,s=n<<1,128&n&&(s^=333),i^=n^s<<16,s^=n>>>1,1&n&&(s^=166),i^=s<<24|s<<8;return i}function I(t,i){const e=i>>4,n=15&i,s=d[t][e^n],o=w[t][N[n]^_[e]];return B[t][N[o]^_[s]]<<4|A[t][s^o]}function L(t,i){let e=f(t,0),n=f(t,1),s=f(t,2),o=f(t,3);switch(g){case 4:e=x[1][e]^f(i[3],0),n=x[0][n]^f(i[3],1),s=x[0][s]^f(i[3],2),o=x[1][o]^f(i[3],3);case 3:e=x[1][e]^f(i[2],0),n=x[1][n]^f(i[2],1),s=x[0][s]^f(i[2],2),o=x[0][o]^f(i[2],3);case 2:e=x[0][x[0][e]^f(i[1],0)]^f(i[0],0),n=x[0][x[1][n]^f(i[1],1)]^f(i[0],1),s=x[1][x[0][s]^f(i[1],2)]^f(i[0],2),o=x[1][x[1][o]^f(i[1],3)]^f(i[0],3)}return E[0][e]^E[1][n]^E[2][s]^E[3][o]}for(t=t.slice(0,32),e=t.length;16!==e&&24!==e&&32!==e;)t[e++]=0;for(e=0;e>2]=c(t,e);for(e=0;e<256;e++)x[0][e]=I(0,e),x[1][e]=I(1,e);for(e=0;e<256;e++)S=x[1][e],b=K(S),z=O(S),E[0][e]=S+(b<<8)+(z<<16)+(z<<24),E[2][e]=b+(z<<8)+(S<<16)+(z<<24),S=x[0][e],b=K(S),z=O(S),E[1][e]=z+(z<<8)+(b<<16)+(S<<24),E[3][e]=b+(S<<8)+(z<<16)+(b<<24);for(g=k.length/2,e=0;e=0;t--)y(t,o);a(i,e,o[2]^n[0]),a(i,e+4,o[3]^n[1]),a(i,e+8,o[0]^n[2]),a(i,e+12,o[1]^n[3]),e+=16},finalize:function(){return i}}}(),this.tf.open(Array.from(t),0),this.encrypt=function(t){return this.tf.encrypt(Array.from(t),0)}}function u(){}function y(t){this.bf=new u,this.bf.init(t),this.encrypt=function(t){return this.bf.encryptBlock(t)}}l.keySize=l.prototype.keySize=32,l.blockSize=l.prototype.blockSize=16,u.prototype.BLOCKSIZE=8,u.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],u.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],u.prototype.NN=16,u.prototype._clean=function(t){if(t<0){t=(2147483647&t)+2147483648}return t},u.prototype._F=function(t){let i;const e=255&t,n=255&(t>>>=8),s=255&(t>>>=8),o=255&(t>>>=8);return i=this.sboxes[0][o]+this.sboxes[1][s],i^=this.sboxes[2][n],i+=this.sboxes[3][e],i},u.prototype._encryptBlock=function(t){let i,e=t[0],n=t[1];for(i=0;i>>24-8*i&255,s[i+n]=e[1]>>>24-8*i&255;return s},u.prototype._decryptBlock=function(t){let i,e=t[0],n=t[1];for(i=this.NN+1;i>1;--i){e^=this.parray[i],n=this._F(e)^n;const t=e;e=n,n=t}e^=this.parray[1],n^=this.parray[0],t[0]=this._clean(n),t[1]=this._clean(e)},u.prototype.init=function(t){let i,e=0;for(this.parray=[],i=0;i=t.length&&(e=0);this.parray[i]=this.PARRAY[i]^n}for(this.sboxes=[],i=0;i<4;++i)for(this.sboxes[i]=[],e=0;e<256;++e)this.sboxes[i][e]=this.SBOXES[i][e];const n=[0,0];for(i=0;i>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * This file is needed to dynamic import the legacy ciphers.\n * Separate dynamic imports are not convenient as they result in multiple chunks.\n */\n\nimport { TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TwoFish from './twofish';\nimport BlowFish from './blowfish';\nimport enums from '../../enums';\n\nexport const legacyCiphers = new Map([\n [enums.symmetric.tripledes, TripleDES],\n [enums.symmetric.cast5, CAST5],\n [enums.symmetric.blowfish, BlowFish],\n [enums.symmetric.twofish, TwoFish]\n]);\n"],"names":["des","keys","message","encrypt","mode","iv","padding","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","i","j","temp","right1","right2","left","right","looping","endloop","loopinc","m","len","length","iterations","padLength","pad","Error","paddedMessage","Uint8Array","desAddPadding","result","k","subarray","desRemovePadding","desCreateKeys","key","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","Array","shifts","lefttemp","righttemp","n","TripleDES","this","push","block","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","reset","keySchedule","getBlockSize","src","dst","t","l","r","f1","f2","f3","decrypt","scheduleA","scheduleB","d","I","sBox","inn","x","w","ki","half","round","a","b","CAST5","cast5","keySize","prototype","blockSize","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","name","blocksize","open","c","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","q","ffm5b","ffmEf","mdsRem","p","u","qp","hFun","slice","close","data","offset","finalize","createTwofish","from","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","tmp","vector","off","ret","_decryptBlock","jj","kk","legacyCiphers","Map","enums","symmetric","tripledes","blowfish","BlowFish","twofish","TwoFish"],"mappings":";6IAuBA,SAASA,EAAIC,EAAMC,EAASC,EAASC,EAAMC,EAAIC,GAE7C,MAAMC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAKAC,EACAC,EAdAC,EAAI,EAeJC,EAAMxB,EAAQyB,OAGlB,MAAMC,EAA6B,KAAhB3B,EAAK0B,OAAgB,EAAI,EAE1CL,EADiB,IAAfM,EACQzB,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFD,EAqQJ,SAAuBA,GACrB,MAAM2B,EAAY,EAAK3B,EAAQyB,OAAS,EAExC,IAAIG,EAKG,KAAiBD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAO3B,EAEP,MAAU6B,MAAM,uBACpB,CALID,EAAM,EAOR,MAAME,EAAgB,IAAIC,WAAW/B,EAAQyB,OAASE,GACtD,IAAK,IAAId,EAAI,EAAGA,EAAIb,EAAQyB,OAAQZ,IAClCiB,EAAcjB,GAAKb,EAAQa,GAE7B,IAAK,IAAIC,EAAI,EAAGA,EAAIa,EAAWb,IAC7BgB,EAAc9B,EAAQyB,OAASX,GAAKc,EAGtC,OAAOE,CACT,CA9RcE,CAAchC,GACxBwB,EAAMxB,EAAQyB,QAIhB,IAAIQ,EAAS,IAAIF,WAAWP,GACxBU,EAAI,EASR,KAAOX,EAAIC,GAAK,CAsCd,IArCAN,EAAQlB,EAAQuB,MAAQ,GAAOvB,EAAQuB,MAAQ,GAAOvB,EAAQuB,MAAQ,EAAKvB,EAAQuB,KACnFJ,EAASnB,EAAQuB,MAAQ,GAAOvB,EAAQuB,MAAQ,GAAOvB,EAAQuB,MAAQ,EAAKvB,EAAQuB,KAgBpFR,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BL,EAAI,EAAGA,EAAIY,EAAYZ,GAAK,EAAG,CAIlC,IAHAO,EAAUD,EAAQN,EAAI,GACtBQ,EAAUF,EAAQN,EAAI,GAEjBD,EAAIO,EAAQN,GAAID,IAAMQ,EAASR,GAAKS,EACvCN,EAASG,EAAQpB,EAAKc,GACtBI,GAAWE,IAAU,EAAMA,GAAS,IAAOpB,EAAKc,EAAI,GAEpDE,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IACvG,EAAK,IAAQJ,EAAqB,GAATI,GAAiBX,EAAaY,IAAW,GAAM,IAAQV,EAAaU,IAAW,GACxG,IAAQR,EAAaQ,IAAW,EAAK,IAAQN,EAAqB,GAATM,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,CACT,CAGDG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAajBkB,EAAOC,KAAQhB,IAAS,GACxBe,EAAOC,KAAShB,IAAS,GAAM,IAC/Be,EAAOC,KAAShB,IAAS,EAAK,IAC9Be,EAAOC,KAAe,IAAPhB,EACfe,EAAOC,KAAQf,IAAU,GACzBc,EAAOC,KAASf,IAAU,GAAM,IAChCc,EAAOC,KAASf,IAAU,EAAK,IAC/Bc,EAAOC,KAAgB,IAARf,CAChB,CAOD,OAJKlB,IACHgC,EA4KJ,SAA0BjC,GACxB,IACI4B,EADAD,EAAY,KAYhB,GALEC,EAAM,GAKHD,EAAW,CAEd,IADAA,EAAY,EACL3B,EAAQA,EAAQyB,OAASE,KAAeC,GAC7CD,IAEFA,GACJ,CAEE,OAAO3B,EAAQmC,SAAS,EAAGnC,EAAQyB,OAASE,EAC9C,CAlMaS,CAAiBH,IAGrBA,CACT,CAOA,SAASI,EAAcC,GAErB,MAAMC,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnG1B,EAAaY,EAAIb,OAAS,EAAI,EAAI,EAElC1B,EAAWsD,MAAM,GAAK3B,GAEtB4B,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAzC,EAFAQ,EAAI,EACJkC,EAAI,EAGR,IAAK,IAAI3C,EAAI,EAAGA,EAAIY,EAAYZ,IAAK,CACnC,IAAII,EAAQoB,EAAIf,MAAQ,GAAOe,EAAIf,MAAQ,GAAOe,EAAIf,MAAQ,EAAKe,EAAIf,KACnEJ,EAASmB,EAAIf,MAAQ,GAAOe,EAAIf,MAAQ,GAAOe,EAAIf,MAAQ,EAAKe,EAAIf,KAExER,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAIF,EAAI,EAAGA,EAAIyC,GAAezC,IAE7ByC,EAAOzC,IACTK,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMVoC,EAAWhB,EAAUrB,IAAS,IAAMsB,EAAWtB,IAAS,GAAM,IAAOuB,EAAWvB,IAAS,GAAM,IAAOwB,EACpGxB,IAAS,GAAM,IAAOyB,EAAWzB,IAAS,GAAM,IAAO0B,EAAW1B,IAAS,EAAK,IAAO2B,EAAW3B,IAAS,EAC3G,IACFsC,EAAYV,EAAU3B,IAAU,IAAM4B,EAAW5B,IAAU,GAAM,IAAO6B,EAAW7B,IAAU,GAAM,IACjG8B,EAAY9B,IAAU,GAAM,IAAO+B,EAAY/B,IAAU,GAAM,IAAOgC,EAAYhC,IAAU,EAAK,IACjGiC,EAAYjC,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCyC,IAAc,GAAMD,GAC7BxD,EAAK0D,KAAOF,EAAWxC,EACvBhB,EAAK0D,KAAOD,EAAazC,GAAQ,EAEpC,CAED,OAAOhB,CACT,CAwDO,SAAS2D,EAAUpB,GACxBqB,KAAKrB,IAAM,GAEX,IAAK,IAAIzB,EAAI,EAAGA,EAAI,EAAGA,IACrB8C,KAAKrB,IAAIsB,KAAK,IAAI7B,WAAWO,EAAIH,SAAa,EAAJtB,EAAY,EAAJA,EAAS,KAG7D8C,KAAK1D,QAAU,SAAS4D,GACtB,OAAO/D,EACLuC,EAAcsB,KAAKrB,IAAI,IACvBxC,EACEuC,EAAcsB,KAAKrB,IAAI,IACvBxC,EACEuC,EAAcsB,KAAKrB,IAAI,IACvBuB,GAAO,IAET,IACC,EAEN,CACH,CCtbA,SAASC,IACPH,KAAKI,UAAY,EACjBJ,KAAKK,QAAU,GAEfL,KAAKM,OAAS,SAAS3B,GAMrB,GALAqB,KAAKO,QAAcb,MAAM,IACzBM,KAAKQ,OAAad,MAAM,IAExBM,KAAKS,QAED9B,EAAIb,SAAWkC,KAAKK,QAGtB,MAAUnC,MAAM,mCAElB,OAJE8B,KAAKU,YAAY/B,IAIZ,CACR,EAEDqB,KAAKS,MAAQ,WACX,IAAK,IAAIvD,EAAI,EAAGA,EAAI,GAAIA,IACtB8C,KAAKO,QAAQrD,GAAK,EAClB8C,KAAKQ,OAAOtD,GAAK,CAEpB,EAED8C,KAAKW,aAAe,WAClB,OAAOX,KAAKI,SACb,EAEDJ,KAAK1D,QAAU,SAASsE,GACtB,MAAMC,EAAUnB,MAAMkB,EAAI9C,QAE1B,IAAK,IAAIZ,EAAI,EAAGA,EAAI0D,EAAI9C,OAAQZ,GAAK,EAAG,CACtC,IAEI4D,EAFAC,EAAKH,EAAI1D,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,EAAK0D,EAAI1D,EAAI,GACtE8D,EAAKJ,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,EAAK0D,EAAI1D,EAAI,GAG9E4D,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EAEJD,EAAI3D,GAAM8D,IAAM,GAAM,IACtBH,EAAI3D,EAAI,GAAM8D,IAAM,GAAM,IAC1BH,EAAI3D,EAAI,GAAM8D,IAAM,EAAK,IACzBH,EAAI3D,EAAI,GAAS,IAAJ8D,EACbH,EAAI3D,EAAI,GAAM6D,IAAM,GAAM,IAC1BF,EAAI3D,EAAI,GAAM6D,IAAM,GAAM,IAC1BF,EAAI3D,EAAI,GAAM6D,IAAM,EAAK,IACzBF,EAAI3D,EAAI,GAAS,IAAJ6D,CACnB,CAEI,OAAOF,CACR,EAEDb,KAAKoB,QAAU,SAASR,GACtB,MAAMC,EAAUnB,MAAMkB,EAAI9C,QAE1B,IAAK,IAAIZ,EAAI,EAAGA,EAAI0D,EAAI9C,OAAQZ,GAAK,EAAG,CACtC,IAEI4D,EAFAC,EAAKH,EAAI1D,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,EAAK0D,EAAI1D,EAAI,GACtE8D,EAAKJ,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,GAAO0D,EAAI1D,EAAI,IAAM,EAAK0D,EAAI1D,EAAI,GAG9E4D,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,IAAKP,KAAKQ,OAAO,KAC5CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EAEJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAII,EAAGH,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIG,EAAGF,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EACJA,EAAIE,EACJA,EAAID,EAAIE,EAAGD,EAAGhB,KAAKO,QAAQ,GAAIP,KAAKQ,OAAO,IAC3CO,EAAID,EAEJD,EAAI3D,GAAM8D,IAAM,GAAM,IACtBH,EAAI3D,EAAI,GAAM8D,IAAM,GAAM,IAC1BH,EAAI3D,EAAI,GAAM8D,IAAM,EAAK,IACzBH,EAAI3D,EAAI,GAAS,IAAJ8D,EACbH,EAAI3D,EAAI,GAAM6D,IAAM,GAAM,IAC1BF,EAAI3D,EAAI,GAAM6D,GAAK,GAAM,IACzBF,EAAI3D,EAAI,GAAM6D,GAAK,EAAK,IACxBF,EAAI3D,EAAI,GAAS,IAAJ6D,CACnB,CAEI,OAAOF,CACR,EACD,MAAMQ,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASL,EAAGM,EAAG3D,EAAGoD,GAChB,MAAMF,EAAIlD,EAAI2D,EACRC,EAAKV,GAAKE,EAAMF,IAAO,GAAKE,EAClC,OAASS,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,EAClG,CAEE,SAASN,EAAGK,EAAG3D,EAAGoD,GAChB,MAAMF,EAAIlD,EAAI2D,EACRC,EAAKV,GAAKE,EAAMF,IAAO,GAAKE,EAClC,OAASS,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,EAClG,CAEE,SAASL,EAAGI,EAAG3D,EAAGoD,GAChB,MAAMF,EAAIlD,EAAI2D,EACRC,EAAKV,GAAKE,EAAMF,IAAO,GAAKE,EAClC,OAASS,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,EAClG,CA9FEF,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnCtB,KAAKU,YAAc,SAASgB,GAC1B,MAAMZ,aACAvC,EAAQmB,MAAM,IAEpB,IAAIvC,EAEJ,IAAK,IAAID,EAAI,EAAGA,EAAI,EAAGA,IACrBC,EAAQ,EAAJD,EACJ4D,EAAE5D,GAAMwE,EAAIvE,IAAM,GAAOuE,EAAIvE,EAAI,IAAM,GAAOuE,EAAIvE,EAAI,IAAM,EAAKuE,EAAIvE,EAAI,GAG3E,MAAMwE,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIC,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK5E,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM6E,EAAIX,EAAUU,GAAO5E,GAC3ByE,EAAId,EAAEkB,EAAE,IAERJ,GAAKH,EAAK,GAAIX,EAAEkB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDJ,GAAKH,EAAK,GAAIX,EAAEkB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDJ,GAAKH,EAAK,GAAIX,EAAEkB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDJ,GAAKH,EAAK,GAAIX,EAAEkB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDJ,GAAKH,EAAKE,EAAExE,IAAK2D,EAAEkB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5DlB,EAAEkB,EAAE,IAAMJ,CACpB,CAEQ,IAAKzE,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM8E,EAAIX,EAAUS,GAAO5E,GAC3ByE,EAAIH,EAAK,GAAIX,EAAEmB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDL,GAAKH,EAAK,GAAIX,EAAEmB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDL,GAAKH,EAAK,GAAIX,EAAEmB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDL,GAAKH,EAAK,GAAIX,EAAEmB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDL,GAAKH,EAAK,EAAItE,GAAI2D,EAAEmB,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7D1D,EAAEsD,GAAMD,EACRC,GACV,CACA,CAGI,IAAK,IAAI3E,EAAI,EAAGA,EAAI,GAAIA,IACtB8C,KAAKO,QAAQrD,GAAKqB,EAAErB,GACpB8C,KAAKQ,OAAOtD,GAAiB,GAAZqB,EAAE,GAAKrB,EAE3B,EAsBD,MAAMuE,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASS,EAAMvD,GACbqB,KAAKmC,MAAQ,IAAIhC,EACjBH,KAAKmC,MAAM7B,OAAO3B,GAElBqB,KAAK1D,QAAU,SAAS4D,GACtB,OAAOF,KAAKmC,MAAM7F,QAAQ4D,EAC3B,CACH,CDpJAH,EAAUqC,QAAUrC,EAAUsC,UAAUD,QAAU,GAClDrC,EAAUuC,UAAYvC,EAAUsC,UAAUC,UAAY,ECqJtDJ,EAAMI,UAAYJ,EAAMG,UAAUC,UAAY,EAC9CJ,EAAME,QAAUF,EAAMG,UAAUD,QAAU,GCpkB1C,MAAMG,EAAS,WAEf,SAASC,EAAKZ,EAAG9B,GACf,OAAQ8B,GAAK9B,EAAI8B,IAAO,GAAK9B,GAAMyC,CACrC,CAEA,SAASE,EAAKT,EAAG9E,GACf,OAAO8E,EAAE9E,GAAK8E,EAAE9E,EAAI,IAAM,EAAI8E,EAAE9E,EAAI,IAAM,GAAK8E,EAAE9E,EAAI,IAAM,EAC7D,CAEA,SAASwF,EAAKV,EAAG9E,EAAG0E,GAClBI,EAAEW,OAAOzF,EAAG,EAAO,IAAJ0E,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASgB,EAAKjB,EAAG7B,GACf,OAAQ6B,IAAW,EAAJ7B,EAAU,GAC3B,CAkSA,SAAS+C,EAAGlE,GACVqB,KAAK8C,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMzB,GACb,OAAOwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,GAC7F,CAEE,SAAS0B,EAAM1B,GACb,OAAOwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,IAAMwB,EAAK,GAAGP,EAAKjB,EAAG,GAC7F,CAEE,SAAS2B,EAAQtC,EAAGuC,GAClB,IAAIvB,EAAIoB,EAAMG,EAAI,IACdtB,EAAIoB,EAAME,EAAI,IAClBA,EAAI,GAAKf,EAAKe,EAAI,GAAMvB,EAAIC,EAAIiB,EAAO,EAAIlC,EAAI,GAAMuB,EAAQ,IAC7DgB,EAAI,GAAKf,EAAKe,EAAI,GAAI,GAAMvB,EAAI,EAAIC,EAAIiB,EAAO,EAAIlC,EAAI,GAAMuB,EAC7DP,EAAIoB,EAAMG,EAAI,IACdtB,EAAIoB,EAAME,EAAI,IACdA,EAAI,GAAKf,EAAKe,EAAI,GAAMvB,EAAIC,EAAIiB,EAAO,EAAIlC,EAAI,IAAOuB,EAAQ,IAC9DgB,EAAI,GAAKf,EAAKe,EAAI,GAAI,GAAMvB,EAAI,EAAIC,EAAIiB,EAAO,EAAIlC,EAAI,IAAOuB,CAClE,CAEE,SAASiB,EAAQtG,EAAGqG,GAClB,IAAIvB,EAAIoB,EAAMG,EAAI,IACdtB,EAAIoB,EAAME,EAAI,IAClBA,EAAI,GAAKf,EAAKe,EAAI,GAAI,GAAMvB,EAAIC,EAAIiB,EAAO,EAAIhG,EAAI,IAAOqF,EAC1DgB,EAAI,GAAKf,EAAKe,EAAI,GAAMvB,EAAI,EAAIC,EAAIiB,EAAO,EAAIhG,EAAI,IAAOqF,EAAQ,IAClEP,EAAIoB,EAAMG,EAAI,IACdtB,EAAIoB,EAAME,EAAI,IACdA,EAAI,GAAKf,EAAKe,EAAI,GAAI,GAAMvB,EAAIC,EAAIiB,EAAO,EAAIhG,EAAI,GAAMqF,EACzDgB,EAAI,GAAKf,EAAKe,EAAI,GAAMvB,EAAI,EAAIC,EAAIiB,EAAO,EAAIhG,EAAI,GAAMqF,EAAQ,GACrE,CAqDE,MAAO,CACLkB,KAAM,UACNC,UAAW,GACXC,KAhQF,SAAiBhF,GAEf,IAAIzB,EACA8E,EACAC,EACA2B,EACArC,EALJwB,EAAWpE,EAMX,MAAMkF,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DC,EAAI,CACR,GACA,IAEI/G,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASgH,EAAMjD,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,EAC9C,CAEI,SAASkD,EAAMlD,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,EACzD,CAEI,SAASmD,EAAOC,EAAGJ,GACjB,IAAIzH,EACA4D,EACAkE,EACJ,IAAK9H,EAAI,EAAGA,EAAI,EAAGA,IACjB4D,EAAI6D,IAAM,GACVA,EAAMA,GAAK,EAAKpC,EAAUwC,IAAM,GAChCA,EAAKA,GAAK,EAAKxC,EACfyC,EAAIlE,GAAK,EACD,IAAJA,IACFkE,GAAK,KAEPL,GAAK7D,EAAKkE,GAAK,GACfA,GAAKlE,IAAM,EACH,EAAJA,IACFkE,GAAK,KAEPL,GAAKK,GAAK,GAAKA,GAAK,EAEtB,OAAOL,CACb,CAEI,SAASM,EAAGnF,EAAG6B,GACb,MAAMK,EAAIL,GAAK,EACTM,EAAQ,GAAJN,EACJiC,EAAIS,EAAGvE,GAAGkC,EAAIC,GACdV,EAAI+C,EAAGxE,GAAG2E,EAAKxC,GAAKyC,EAAK1C,IAC/B,OAAOwC,EAAG1E,GAAG2E,EAAKlD,GAAKmD,EAAKd,KAAO,EAAIW,EAAGzE,GAAG8D,EAAIrC,EACvD,CAEI,SAAS2D,EAAKvD,EAAGhD,GACf,IAAIqD,EAAIY,EAAKjB,EAAG,GACZM,EAAIW,EAAKjB,EAAG,GACZiC,EAAIhB,EAAKjB,EAAG,GACZJ,EAAIqB,EAAKjB,EAAG,GAChB,OAAQqC,GACN,KAAK,EACHhC,EAAI2C,EAAE,GAAG3C,GAAKY,EAAKjE,EAAI,GAAI,GAC3BsD,EAAI0C,EAAE,GAAG1C,GAAKW,EAAKjE,EAAI,GAAI,GAC3BiF,EAAIe,EAAE,GAAGf,GAAKhB,EAAKjE,EAAI,GAAI,GAC3B4C,EAAIoD,EAAE,GAAGpD,GAAKqB,EAAKjE,EAAI,GAAI,GAC7B,KAAK,EACHqD,EAAI2C,EAAE,GAAG3C,GAAKY,EAAKjE,EAAI,GAAI,GAC3BsD,EAAI0C,EAAE,GAAG1C,GAAKW,EAAKjE,EAAI,GAAI,GAC3BiF,EAAIe,EAAE,GAAGf,GAAKhB,EAAKjE,EAAI,GAAI,GAC3B4C,EAAIoD,EAAE,GAAGpD,GAAKqB,EAAKjE,EAAI,GAAI,GAC7B,KAAK,EACHqD,EAAI2C,EAAE,GAAGA,EAAE,GAAG3C,GAAKY,EAAKjE,EAAI,GAAI,IAAMiE,EAAKjE,EAAI,GAAI,GACnDsD,EAAI0C,EAAE,GAAGA,EAAE,GAAG1C,GAAKW,EAAKjE,EAAI,GAAI,IAAMiE,EAAKjE,EAAI,GAAI,GACnDiF,EAAIe,EAAE,GAAGA,EAAE,GAAGf,GAAKhB,EAAKjE,EAAI,GAAI,IAAMiE,EAAKjE,EAAI,GAAI,GACnD4C,EAAIoD,EAAE,GAAGA,EAAE,GAAGpD,GAAKqB,EAAKjE,EAAI,GAAI,IAAMiE,EAAKjE,EAAI,GAAI,GAEvD,OAAOf,EAAE,GAAGoE,GAAKpE,EAAE,GAAGqE,GAAKrE,EAAE,GAAGgG,GAAKhG,EAAE,GAAG2D,EAChD,CAII,IAFAwB,EAAWA,EAASoC,MAAM,EAAG,IAC7BjI,EAAI6F,EAASjF,OACA,KAANZ,GAAkB,KAANA,GAAkB,KAANA,GAC7B6F,EAAS7F,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAI6F,EAASjF,OAAQZ,GAAK,EACpC6G,EAAM7G,GAAK,GAAKuF,EAAKM,EAAU7F,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnByH,EAAE,GAAGzH,GAAK+H,EAAG,EAAG/H,GAChByH,EAAE,GAAGzH,GAAK+H,EAAG,EAAG/H,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBgH,EAAMS,EAAE,GAAGzH,GACXiH,EAAMS,EAAMV,GACZE,EAAMS,EAAMX,GACZtG,EAAE,GAAGV,GAAKgH,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnDxG,EAAE,GAAGV,GAAKiH,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAMS,EAAE,GAAGzH,GACXiH,EAAMS,EAAMV,GACZE,EAAMS,EAAMX,GACZtG,EAAE,GAAGV,GAAKkH,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnDtG,EAAE,GAAGV,GAAKiH,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAMjG,OAAS,EACjBZ,EAAI,EAAGA,EAAI8G,EAAM9G,IACpB8E,EAAI+B,EAAM7G,EAAIA,GACd2G,EAAM3G,GAAK8E,EACXC,EAAI8B,EAAM7G,EAAIA,EAAI,GAClB4G,EAAM5G,GAAK+E,EACXgC,EAAKD,EAAO9G,EAAI,GAAK4H,EAAO9C,EAAGC,GAEjC,IAAK/E,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvB8E,EAAI,SAAY9E,EAChB+E,EAAID,EAAI,SACRA,EAAIkD,EAAKlD,EAAG6B,GACZ5B,EAAIO,EAAK0C,EAAKjD,EAAG6B,GAAQ,GACzBZ,EAAOhG,GAAM8E,EAAIC,EAAKM,EACtBW,EAAOhG,EAAI,GAAKsF,EAAKR,EAAI,EAAIC,EAAG,GAElC,IAAK/E,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADA8E,EAAIC,EAAI2B,EAAIrC,EAAIrE,EACR8G,GACN,KAAK,EACHhC,EAAI2C,EAAE,GAAG3C,GAAKY,EAAKqB,EAAK,GAAI,GAC5BhC,EAAI0C,EAAE,GAAG1C,GAAKW,EAAKqB,EAAK,GAAI,GAC5BL,EAAIe,EAAE,GAAGf,GAAKhB,EAAKqB,EAAK,GAAI,GAC5B1C,EAAIoD,EAAE,GAAGpD,GAAKqB,EAAKqB,EAAK,GAAI,GAC9B,KAAK,EACHjC,EAAI2C,EAAE,GAAG3C,GAAKY,EAAKqB,EAAK,GAAI,GAC5BhC,EAAI0C,EAAE,GAAG1C,GAAKW,EAAKqB,EAAK,GAAI,GAC5BL,EAAIe,EAAE,GAAGf,GAAKhB,EAAKqB,EAAK,GAAI,GAC5B1C,EAAIoD,EAAE,GAAGpD,GAAKqB,EAAKqB,EAAK,GAAI,GAC9B,KAAK,EACHd,EAAK,GAAGjG,GAAKU,EAAE,GAAG+G,EAAE,GAAGA,EAAE,GAAG3C,GAAKY,EAAKqB,EAAK,GAAI,IAAMrB,EAAKqB,EAAK,GAAI,IACnEd,EAAK,GAAGjG,GAAKU,EAAE,GAAG+G,EAAE,GAAGA,EAAE,GAAG1C,GAAKW,EAAKqB,EAAK,GAAI,IAAMrB,EAAKqB,EAAK,GAAI,IACnEd,EAAK,GAAGjG,GAAKU,EAAE,GAAG+G,EAAE,GAAGA,EAAE,GAAGf,GAAKhB,EAAKqB,EAAK,GAAI,IAAMrB,EAAKqB,EAAK,GAAI,IACnEd,EAAK,GAAGjG,GAAKU,EAAE,GAAG+G,EAAE,GAAGA,EAAE,GAAGpD,GAAKqB,EAAKqB,EAAK,GAAI,IAAMrB,EAAKqB,EAAK,GAAI,IAG7E,EAuFImB,MAvDF,WACElC,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,GAEN,EAgDI7G,QA9CF,SAAoB+I,EAAMC,GACxBtC,EAAYqC,EACZpC,EAAaqC,EACb,MAAM/B,EAAM,CAACd,EAAKO,EAAWC,GAAcC,EAAO,GAChDT,EAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,EAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,EAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAI/F,EAAI,EAAGA,EAAI,EAAGA,IACrBmG,EAAQnG,EAAGoG,GAOb,OALAb,EAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,EAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,EAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,EAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,CACX,EA+BI5B,QA7BF,SAAoBiE,EAAMC,GACxBtC,EAAYqC,EACZpC,EAAaqC,EACb,MAAM/B,EAAM,CAACd,EAAKO,EAAWC,GAAcC,EAAO,GAChDT,EAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,EAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,EAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAI/F,EAAI,EAAGA,GAAK,EAAGA,IACtBqG,EAAQrG,EAAGoG,GAEbb,EAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,EAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,EAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,EAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,EAClB,EAgBIsC,SAZF,WACE,OAAOvC,CACX,EAYA,CAKYwC,GACVxF,KAAK8C,GAAGa,KAAKjE,MAAM+F,KAAK9G,GAAM,GAE9BqB,KAAK1D,QAAU,SAAS4D,GACtB,OAAOF,KAAK8C,GAAGxG,QAAQoD,MAAM+F,KAAKvF,GAAQ,EAC3C,CACH,CCxUA,SAASwF,IAAW,CAqXpB,SAASC,EAAGhH,GACVqB,KAAK4F,GAAK,IAAIF,EACd1F,KAAK4F,GAAGC,KAAKlH,GAEbqB,KAAK1D,QAAU,SAAS4D,GACtB,OAAOF,KAAK4F,GAAGE,aAAa5F,EAC7B,CACH,CDlDA2C,EAAGT,QAAUS,EAAGR,UAAUD,QAAU,GACpCS,EAAGP,UAAYO,EAAGR,UAAUC,UAAY,GCrUxCoD,EAASrD,UAAU0D,UAAY,EAK/BL,EAASrD,UAAU2D,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,EAASrD,UAAU4D,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,EAASrD,UAAU6D,GAAK,GASxBR,EAASrD,UAAU8D,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,UACd,CACE,OAAOA,CACT,EAKAV,EAASrD,UAAUgE,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAKtG,KAAK2G,OAAO,GAAGD,GAAM1G,KAAK2G,OAAO,GAAGF,GACzCH,GAAMtG,KAAK2G,OAAO,GAAGH,GACrBF,GAAMtG,KAAK2G,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,EAASrD,UAAUuE,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAK9G,KAAKkG,KAAMY,EAAI,CAC/BC,GAAS/G,KAAKiH,OAAOH,GACrBE,EAAQhH,KAAKqG,GAAGU,GAASC,EAEzB,MAAME,EAAMH,EACZA,EAAQC,EACRA,EAAQE,CACZ,CAEEH,GAAS/G,KAAKiH,OAAOjH,KAAKkG,GAAK,GAC/Bc,GAAShH,KAAKiH,OAAOjH,KAAKkG,GAAK,GAE/BW,EAAK,GAAK7G,KAAKmG,OAAOa,GACtBH,EAAK,GAAK7G,KAAKmG,OAAOY,EACxB,EAWArB,EAASrD,UAAUyD,aAAe,SAASqB,GACzC,IAAIL,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXO,EAAMpH,KAAK+F,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAK9G,KAAK+F,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBM,EAAOL,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBM,EAAOL,EAAKM,GAG1CpH,KAAK4G,cAAcC,GAEnB,MAAMQ,EAAM,GACZ,IAAKP,EAAK,EAAGA,EAAK9G,KAAK+F,UAAY,IAAKe,EACtCO,EAAIP,EAAK,GAAOD,EAAK,KAAQ,GAAK,EAAC,EAAY,IAC/CQ,EAAIP,EAAKM,GAASP,EAAK,KAAQ,GAAK,EAAC,EAAY,IAKnD,OAAOQ,CACT,EAMA3B,EAASrD,UAAUiF,cAAgB,SAAST,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK9G,KAAKkG,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAAS/G,KAAKiH,OAAOH,GACrBE,EAAQhH,KAAKqG,GAAGU,GAASC,EAEzB,MAAME,EAAMH,EACZA,EAAQC,EACRA,EAAQE,CACZ,CAEEH,GAAS/G,KAAKiH,OAAO,GACrBD,GAAShH,KAAKiH,OAAO,GAErBJ,EAAK,GAAK7G,KAAKmG,OAAOa,GACtBH,EAAK,GAAK7G,KAAKmG,OAAOY,EACxB,EAMArB,EAASrD,UAAUwD,KAAO,SAASlH,GACjC,IAAImI,EACAS,EAAK,EAGT,IADAvH,KAAKiH,OAAS,GACTH,EAAK,EAAGA,EAAK9G,KAAKkG,GAAK,IAAKY,EAAI,CACnC,IAAIzB,EAAO,EACX,IAAK,IAAImC,EAAK,EAAGA,EAAK,IAAKA,EACzBnC,EAAQA,GAAQ,EAAgB,IAAV1G,EAAI4I,KACpBA,GAAM5I,EAAIb,SACdyJ,EAAK,GAGTvH,KAAKiH,OAAOH,GAAM9G,KAAKiG,OAAOa,GAAMzB,CACxC,CAGE,IADArF,KAAK2G,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADA9G,KAAK2G,OAAOG,GAAM,GACbS,EAAK,EAAGA,EAAK,MAAOA,EACvBvH,KAAK2G,OAAOG,GAAIS,GAAMvH,KAAKgG,OAAOc,GAAIS,GAI1C,MAAMV,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAK9G,KAAKkG,GAAK,EAAGY,GAAM,EACnC9G,KAAK4G,cAAcC,GACnB7G,KAAKiH,OAAOH,EAAK,GAAKD,EAAK,GAC3B7G,KAAKiH,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKS,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BvH,KAAK4G,cAAcC,GACnB7G,KAAK2G,OAAOG,GAAIS,EAAK,GAAKV,EAAK,GAC/B7G,KAAK2G,OAAOG,GAAIS,EAAK,GAAKV,EAAK,EAGrC,EAYAlB,EAAGvD,QAAUuD,EAAGtD,UAAUD,QAAU,GACpCuD,EAAGrD,UAAYqD,EAAGtD,UAAUC,UAAY,EChY5B,MAACmF,EAAgB,IAAIC,IAAI,CACnC,CAACC,EAAMC,UAAUC,UAAW9H,GAC5B,CAAC4H,EAAMC,UAAUzF,MAAOD,GACxB,CAACyF,EAAMC,UAAUE,SAAUC,GAC3B,CAACJ,EAAMC,UAAUI,QAASC"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.mjs b/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.mjs new file mode 100644 index 000000000..c77388b30 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/legacy_ciphers.mjs @@ -0,0 +1,1784 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +import { enums } from './openpgp.mjs'; + +//Paul Tero, July 2001 +//http://www.tero.co.uk/des/ +// +//Optimised for performance with large blocks by Michael Hayworth, November 2001 +//http://www.netdealing.com +// +// Modified by Recurity Labs GmbH + +//THIS SOFTWARE IS PROVIDED "AS IS" AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. + +//des +//this takes the key, the message, and whether to encrypt or decrypt + +function des(keys, message, encrypt, mode, iv, padding) { + //declaring this locally speeds things up a bit + const spfunction1 = [ + 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, + 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, + 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, + 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, + 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, + 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 + ]; + const spfunction2 = [ + -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, + -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, + -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, + -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, + -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, + 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, + -0x7fef7fe0, 0x108000 + ]; + const spfunction3 = [ + 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, + 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, + 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, + 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, + 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, + 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 + ]; + const spfunction4 = [ + 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, + 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, + 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, + 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, + 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 + ]; + const spfunction5 = [ + 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, + 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, + 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, + 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, + 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, + 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, + 0x40080000, 0x2080100, 0x40000100 + ]; + const spfunction6 = [ + 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, + 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, + 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, + 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, + 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, + 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 + ]; + const spfunction7 = [ + 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, + 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, + 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, + 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, + 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, + 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 + ]; + const spfunction8 = [ + 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, + 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, + 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, + 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, + 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 + ]; + + //create the 16 or 48 subkeys we will need + let m = 0; + let i; + let j; + let temp; + let right1; + let right2; + let left; + let right; + let looping; + let endloop; + let loopinc; + let len = message.length; + + //set up the loops for single and triple des + const iterations = keys.length === 32 ? 3 : 9; //single or triple des + if (iterations === 3) { + looping = encrypt ? [0, 32, 2] : [30, -2, -2]; + } else { + looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; + } + + //pad the message depending on the padding parameter + //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt + if (encrypt) { + message = desAddPadding(message); + len = message.length; + } + + //store the result here + let result = new Uint8Array(len); + let k = 0; + + //loop through each 64 bit chunk of the message + while (m < len) { + left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + + //first each 64 but chunk of the message must be permuted according to IP + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + + left = ((left << 1) | (left >>> 31)); + right = ((right << 1) | (right >>> 31)); + + //do this either 1 or 3 times for each chunk of the message + for (j = 0; j < iterations; j += 3) { + endloop = looping[j + 1]; + loopinc = looping[j + 2]; + //now go through and perform the encryption or decryption + for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency + right1 = right ^ keys[i]; + right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; + //the result is attained by passing these bytes through the S selection functions + temp = left; + left = right; + right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> + 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & + 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); + } + temp = left; + left = right; + right = temp; //unreverse left and right + } //for either 1 or 3 iterations + + //move then each one bit to the right + left = ((left >>> 1) | (left << 31)); + right = ((right >>> 1) | (right << 31)); + + //now perform IP-1, which is IP in the opposite direction + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + + result[k++] = (left >>> 24); + result[k++] = ((left >>> 16) & 0xff); + result[k++] = ((left >>> 8) & 0xff); + result[k++] = (left & 0xff); + result[k++] = (right >>> 24); + result[k++] = ((right >>> 16) & 0xff); + result[k++] = ((right >>> 8) & 0xff); + result[k++] = (right & 0xff); + } //for every 8 characters, or 64 bits in the message + + //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt + if (!encrypt) { + result = desRemovePadding(result); + } + + return result; +} //end of des + + +//desCreateKeys +//this takes as input a 64 bit key (even though only 56 bits are used) +//as an array of 2 integers, and returns 16 48 bit keys + +function desCreateKeys(key) { + //declaring this locally speeds things up a bit + const pc2bytes0 = [ + 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, + 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 + ]; + const pc2bytes1 = [ + 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, + 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 + ]; + const pc2bytes2 = [ + 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, + 0x1000000, 0x1000008, 0x1000800, 0x1000808 + ]; + const pc2bytes3 = [ + 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, + 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 + ]; + const pc2bytes4 = [ + 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, + 0x41000, 0x1010, 0x41010 + ]; + const pc2bytes5 = [ + 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, + 0x2000000, 0x2000400, 0x2000020, 0x2000420 + ]; + const pc2bytes6 = [ + 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, + 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 + ]; + const pc2bytes7 = [ + 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, + 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 + ]; + const pc2bytes8 = [ + 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, + 0x2000002, 0x2040002, 0x2000002, 0x2040002 + ]; + const pc2bytes9 = [ + 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, + 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 + ]; + const pc2bytes10 = [ + 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, + 0x102000, 0x102020, 0x102000, 0x102020 + ]; + const pc2bytes11 = [ + 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, + 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 + ]; + const pc2bytes12 = [ + 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, + 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 + ]; + const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; + + //how many iterations (1 for des, 3 for triple des) + const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys + //stores the return keys + const keys = new Array(32 * iterations); + //now define the left shifts which need to be done + const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + //other variables + let lefttemp; + let righttemp; + let m = 0; + let n = 0; + let temp; + + for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations + let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 2) ^ right) & 0x33333333; + right ^= temp; + left ^= (temp << 2); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + + //the right side needs to be shifted and to get the last four bits of the left side + temp = (left << 8) | ((right >>> 20) & 0x000000f0); + //left needs to be put upside down + left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); + right = temp; + + //now go through and perform these shifts on the left and right keys + for (let i = 0; i < shifts.length; i++) { + //shift the keys either one or two bits to the left + if (shifts[i]) { + left = (left << 2) | (left >>> 26); + right = (right << 2) | (right >>> 26); + } else { + left = (left << 1) | (left >>> 27); + right = (right << 1) | (right >>> 27); + } + left &= -0xf; + right &= -0xf; + + //now apply PC-2, in such a way that E is easier when encrypting or decrypting + //this conversion will look like PC-2 except only the last 6 bits of each byte are used + //rather than 48 consecutive bits and the order of lines will be according to + //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 + lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( + left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & + 0xf]; + righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | + pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | + pc2bytes13[(right >>> 4) & 0xf]; + temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; + keys[n++] = lefttemp ^ temp; + keys[n++] = righttemp ^ (temp << 16); + } + } //for each iterations + //return the keys we've created + return keys; +} //end of desCreateKeys + + +function desAddPadding(message, padding) { + const padLength = 8 - (message.length % 8); + + let pad; + if ((padLength < 8)) { //pad the message out with null bytes + pad = 0; + } else if (padLength === 8) { + return message; + } else { + throw new Error('des: invalid padding'); + } + + const paddedMessage = new Uint8Array(message.length + padLength); + for (let i = 0; i < message.length; i++) { + paddedMessage[i] = message[i]; + } + for (let j = 0; j < padLength; j++) { + paddedMessage[message.length + j] = pad; + } + + return paddedMessage; +} + +function desRemovePadding(message, padding) { + let padLength = null; + let pad; + { // null padding + pad = 0; + } + + if (!padLength) { + padLength = 1; + while (message[message.length - padLength] === pad) { + padLength++; + } + padLength--; + } + + return message.subarray(0, message.length - padLength); +} + +// added by Recurity Labs + +function TripleDES(key) { + this.key = []; + + for (let i = 0; i < 3; i++) { + this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); + } + + this.encrypt = function(block) { + return des( + desCreateKeys(this.key[2]), + des( + desCreateKeys(this.key[1]), + des( + desCreateKeys(this.key[0]), + block, true, 0, null, null + ), + false, 0, null, null + ), true); + }; +} + +TripleDES.keySize = TripleDES.prototype.keySize = 24; +TripleDES.blockSize = TripleDES.prototype.blockSize = 8; + +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Copyright 2010 pjacobs@xeekr.com . All rights reserved. + +// Modified by Recurity Labs GmbH + +// fixed/modified by Herbert Hanewinkel, www.haneWIN.de +// check www.haneWIN.de for the latest version + +// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. +// CAST-128 is a common OpenPGP cipher. + + +// CAST5 constructor + +function OpenPGPSymEncCAST5() { + this.BlockSize = 8; + this.KeySize = 16; + + this.setKey = function(key) { + this.masking = new Array(16); + this.rotate = new Array(16); + + this.reset(); + + if (key.length === this.KeySize) { + this.keySchedule(key); + } else { + throw new Error('CAST-128: keys must be 16 bytes'); + } + return true; + }; + + this.reset = function() { + for (let i = 0; i < 16; i++) { + this.masking[i] = 0; + this.rotate[i] = 0; + } + }; + + this.getBlockSize = function() { + return this.BlockSize; + }; + + this.encrypt = function(src) { + const dst = new Array(src.length); + + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; + + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >>> 16) & 255; + dst[i + 6] = (l >>> 8) & 255; + dst[i + 7] = l & 255; + } + + return dst; + }; + + this.decrypt = function(src) { + const dst = new Array(src.length); + + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; + + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >> 16) & 255; + dst[i + 6] = (l >> 8) & 255; + dst[i + 7] = l & 255; + } + + return dst; + }; + const scheduleA = new Array(4); + + scheduleA[0] = new Array(4); + scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; + scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + + scheduleA[1] = new Array(4); + scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + + scheduleA[2] = new Array(4); + scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; + scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + + + scheduleA[3] = new Array(4); + scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + + const scheduleB = new Array(4); + + scheduleB[0] = new Array(4); + scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; + scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; + scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; + scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; + + scheduleB[1] = new Array(4); + scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; + scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; + scheduleB[1][2] = [7, 6, 8, 9, 3]; + scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; + + + scheduleB[2] = new Array(4); + scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; + scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; + scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; + scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; + + + scheduleB[3] = new Array(4); + scheduleB[3][0] = [8, 9, 7, 6, 3]; + scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; + scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; + scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; + + // changed 'in' to 'inn' (in javascript 'in' is a reserved word) + this.keySchedule = function(inn) { + const t = new Array(8); + const k = new Array(32); + + let j; + + for (let i = 0; i < 4; i++) { + j = i * 4; + t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + } + + const x = [6, 7, 4, 5]; + let ki = 0; + let w; + + for (let half = 0; half < 2; half++) { + for (let round = 0; round < 4; round++) { + for (j = 0; j < 4; j++) { + const a = scheduleA[round][j]; + w = t[a[1]]; + + w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; + w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; + w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; + w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; + w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; + t[a[0]] = w; + } + + for (j = 0; j < 4; j++) { + const b = scheduleB[round][j]; + w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; + + w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; + w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; + w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; + w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; + k[ki] = w; + ki++; + } + } + } + + for (let i = 0; i < 16; i++) { + this.masking[i] = k[i]; + this.rotate[i] = k[16 + i] & 0x1f; + } + }; + + // These are the three 'f' functions. See RFC 2144, section 2.2. + + function f1(d, m, r) { + const t = m + d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; + } + + function f2(d, m, r) { + const t = m ^ d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; + } + + function f3(d, m, r) { + const t = m - d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; + } + + const sBox = new Array(8); + sBox[0] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf + ]; + + sBox[1] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 + ]; + + sBox[2] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 + ]; + + sBox[3] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 + ]; + + sBox[4] = [ + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 + ]; + + sBox[5] = [ + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f + ]; + + sBox[6] = [ + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 + ]; + + sBox[7] = [ + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e + ]; +} + +function CAST5(key) { + this.cast5 = new OpenPGPSymEncCAST5(); + this.cast5.setKey(key); + + this.encrypt = function(block) { + return this.cast5.encrypt(block); + }; +} + +CAST5.blockSize = CAST5.prototype.blockSize = 8; +CAST5.keySize = CAST5.prototype.keySize = 16; + +/* eslint-disable no-mixed-operators, no-fallthrough */ + + +/* Modified by Recurity Labs GmbH + * + * Cipher.js + * A block-cipher algorithm implementation on JavaScript + * See Cipher.readme.txt for further information. + * + * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] + * This script file is distributed under the LGPL + * + * ACKNOWLEDGMENT + * + * The main subroutines are written by Michiel van Everdingen. + * + * Michiel van Everdingen + * http://home.versatel.nl/MAvanEverdingen/index.html + * + * All rights for these routines are reserved to Michiel van Everdingen. + * + */ + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//Math +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +const MAXINT = 0xFFFFFFFF; + +function rotw(w, n) { + return (w << n | w >>> (32 - n)) & MAXINT; +} + +function getW(a, i) { + return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +} + +function setW(a, i, w) { + a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +} + +function getB(x, n) { + return (x >>> (n * 8)) & 0xFF; +} + +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// Twofish +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +function createTwofish() { + // + let keyBytes = null; + let dataBytes = null; + let dataOffset = -1; + // var dataLength = -1; + // var idx2 = -1; + // + + let tfsKey = []; + let tfsM = [ + [], + [], + [], + [] + ]; + + function tfsInit(key) { + keyBytes = key; + let i; + let a; + let b; + let c; + let d; + const meKey = []; + const moKey = []; + const inKey = []; + let kLen; + const sKey = []; + let f01; + let f5b; + let fef; + + const q0 = [ + [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], + [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] + ]; + const q1 = [ + [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], + [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] + ]; + const q2 = [ + [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], + [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] + ]; + const q3 = [ + [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], + [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] + ]; + const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; + const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; + const q = [ + [], + [] + ]; + const m = [ + [], + [], + [], + [] + ]; + + function ffm5b(x) { + return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + } + + function ffmEf(x) { + return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + } + + function mdsRem(p, q) { + let i; + let t; + let u; + for (i = 0; i < 8; i++) { + t = q >>> 24; + q = ((q << 8) & MAXINT) | p >>> 24; + p = (p << 8) & MAXINT; + u = t << 1; + if (t & 128) { + u ^= 333; + } + q ^= t ^ (u << 16); + u ^= t >>> 1; + if (t & 1) { + u ^= 166; + } + q ^= u << 24 | u << 8; + } + return q; + } + + function qp(n, x) { + const a = x >> 4; + const b = x & 15; + const c = q0[n][a ^ b]; + const d = q1[n][ror4[b] ^ ashx[a]]; + return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; + } + + function hFun(x, key) { + let a = getB(x, 0); + let b = getB(x, 1); + let c = getB(x, 2); + let d = getB(x, 3); + switch (kLen) { + case 4: + a = q[1][a] ^ getB(key[3], 0); + b = q[0][b] ^ getB(key[3], 1); + c = q[0][c] ^ getB(key[3], 2); + d = q[1][d] ^ getB(key[3], 3); + case 3: + a = q[1][a] ^ getB(key[2], 0); + b = q[1][b] ^ getB(key[2], 1); + c = q[0][c] ^ getB(key[2], 2); + d = q[0][d] ^ getB(key[2], 3); + case 2: + a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); + b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); + c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); + d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); + } + return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; + } + + keyBytes = keyBytes.slice(0, 32); + i = keyBytes.length; + while (i !== 16 && i !== 24 && i !== 32) { + keyBytes[i++] = 0; + } + + for (i = 0; i < keyBytes.length; i += 4) { + inKey[i >> 2] = getW(keyBytes, i); + } + for (i = 0; i < 256; i++) { + q[0][i] = qp(0, i); + q[1][i] = qp(1, i); + } + for (i = 0; i < 256; i++) { + f01 = q[1][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); + m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); + f01 = q[0][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); + m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); + } + + kLen = inKey.length / 2; + for (i = 0; i < kLen; i++) { + a = inKey[i + i]; + meKey[i] = a; + b = inKey[i + i + 1]; + moKey[i] = b; + sKey[kLen - i - 1] = mdsRem(a, b); + } + for (i = 0; i < 40; i += 2) { + a = 0x1010101 * i; + b = a + 0x1010101; + a = hFun(a, meKey); + b = rotw(hFun(b, moKey), 8); + tfsKey[i] = (a + b) & MAXINT; + tfsKey[i + 1] = rotw(a + 2 * b, 9); + } + for (i = 0; i < 256; i++) { + a = b = c = d = i; + switch (kLen) { + case 4: + a = q[1][a] ^ getB(sKey[3], 0); + b = q[0][b] ^ getB(sKey[3], 1); + c = q[0][c] ^ getB(sKey[3], 2); + d = q[1][d] ^ getB(sKey[3], 3); + case 3: + a = q[1][a] ^ getB(sKey[2], 0); + b = q[1][b] ^ getB(sKey[2], 1); + c = q[0][c] ^ getB(sKey[2], 2); + d = q[0][d] ^ getB(sKey[2], 3); + case 2: + tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; + tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; + tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; + tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + } + } + } + + function tfsG0(x) { + return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; + } + + function tfsG1(x) { + return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; + } + + function tfsFrnd(r, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); + blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); + blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + } + + function tfsIrnd(i, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; + blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; + blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + } + + function tfsClose() { + tfsKey = []; + tfsM = [ + [], + [], + [], + [] + ]; + } + + function tfsEncrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], + getW(dataBytes, dataOffset + 4) ^ tfsKey[1], + getW(dataBytes, dataOffset + 8) ^ tfsKey[2], + getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; + for (let j = 0; j < 8; j++) { + tfsFrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); + dataOffset += 16; + return dataBytes; + } + + function tfsDecrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], + getW(dataBytes, dataOffset + 4) ^ tfsKey[5], + getW(dataBytes, dataOffset + 8) ^ tfsKey[6], + getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; + for (let j = 7; j >= 0; j--) { + tfsIrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); + dataOffset += 16; + } + + // added by Recurity Labs + + function tfsFinal() { + return dataBytes; + } + + return { + name: 'twofish', + blocksize: 128 / 8, + open: tfsInit, + close: tfsClose, + encrypt: tfsEncrypt, + decrypt: tfsDecrypt, + // added by Recurity Labs + finalize: tfsFinal + }; +} + +// added by Recurity Labs + +function TF(key) { + this.tf = createTwofish(); + this.tf.open(Array.from(key), 0); + + this.encrypt = function(block) { + return this.tf.encrypt(Array.from(block), 0); + }; +} + +TF.keySize = TF.prototype.keySize = 32; +TF.blockSize = TF.prototype.blockSize = 16; + +/* Modified by Recurity Labs GmbH + * + * Originally written by nklein software (nklein.com) + */ + +/* + * Javascript implementation based on Bruce Schneier's reference implementation. + * + * + * The constructor doesn't do much of anything. It's just here + * so we can start defining properties and methods and such. + */ +function Blowfish() {} + +/* + * Declare the block size so that protocols know what size + * Initialization Vector (IV) they will need. + */ +Blowfish.prototype.BLOCKSIZE = 8; + +/* + * These are the default SBOXES. + */ +Blowfish.prototype.SBOXES = [ + [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + ], + [ + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + ], + [ + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + ], + [ + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ] +]; + +//* +//* This is the default PARRAY +//* +Blowfish.prototype.PARRAY = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b +]; + +//* +//* This is the number of rounds the cipher will go +//* +Blowfish.prototype.NN = 16; + +//* +//* This function is needed to get rid of problems +//* with the high-bit getting set. If we don't do +//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not +//* equal to ( bb & 0x00FFFFFFFF ) even when they +//* agree bit-for-bit for the first 32 bits. +//* +Blowfish.prototype._clean = function(xx) { + if (xx < 0) { + const yy = xx & 0x7FFFFFFF; + xx = yy + 0x80000000; + } + return xx; +}; + +//* +//* This is the mixing function that uses the sboxes +//* +Blowfish.prototype._F = function(xx) { + let yy; + + const dd = xx & 0x00FF; + xx >>>= 8; + const cc = xx & 0x00FF; + xx >>>= 8; + const bb = xx & 0x00FF; + xx >>>= 8; + const aa = xx & 0x00FF; + + yy = this.sboxes[0][aa] + this.sboxes[1][bb]; + yy ^= this.sboxes[2][cc]; + yy += this.sboxes[3][dd]; + + return yy; +}; + +//* +//* This method takes an array with two values, left and right +//* and does NN rounds of Blowfish on them. +//* +Blowfish.prototype._encryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; + + let ii; + + for (ii = 0; ii < this.NN; ++ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; + + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } + + dataL ^= this.parray[this.NN + 0]; + dataR ^= this.parray[this.NN + 1]; + + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); +}; + +//* +//* This method takes a vector of numbers and turns them +//* into long words so that they can be processed by the +//* real algorithm. +//* +//* Maybe I should make the real algorithm above take a vector +//* instead. That will involve more looping, but it won't require +//* the F() method to deconstruct the vector. +//* +Blowfish.prototype.encryptBlock = function(vector) { + let ii; + const vals = [0, 0]; + const off = this.BLOCKSIZE / 2; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); + vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); + } + + this._encryptBlock(vals); + + const ret = []; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); + ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); + // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); + // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + } + + return ret; +}; + +//* +//* This method takes an array with two values, left and right +//* and undoes NN rounds of Blowfish on them. +//* +Blowfish.prototype._decryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; + + let ii; + + for (ii = this.NN + 1; ii > 1; --ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; + + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } + + dataL ^= this.parray[1]; + dataR ^= this.parray[0]; + + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); +}; + +//* +//* This method takes a key array and initializes the +//* sboxes and parray for this encryption. +//* +Blowfish.prototype.init = function(key) { + let ii; + let jj = 0; + + this.parray = []; + for (ii = 0; ii < this.NN + 2; ++ii) { + let data = 0x00000000; + for (let kk = 0; kk < 4; ++kk) { + data = (data << 8) | (key[jj] & 0x00FF); + if (++jj >= key.length) { + jj = 0; + } + } + this.parray[ii] = this.PARRAY[ii] ^ data; + } + + this.sboxes = []; + for (ii = 0; ii < 4; ++ii) { + this.sboxes[ii] = []; + for (jj = 0; jj < 256; ++jj) { + this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + } + } + + const vals = [0x00000000, 0x00000000]; + + for (ii = 0; ii < this.NN + 2; ii += 2) { + this._encryptBlock(vals); + this.parray[ii + 0] = vals[0]; + this.parray[ii + 1] = vals[1]; + } + + for (ii = 0; ii < 4; ++ii) { + for (jj = 0; jj < 256; jj += 2) { + this._encryptBlock(vals); + this.sboxes[ii][jj + 0] = vals[0]; + this.sboxes[ii][jj + 1] = vals[1]; + } + } +}; + +// added by Recurity Labs +function BF(key) { + this.bf = new Blowfish(); + this.bf.init(key); + + this.encrypt = function(block) { + return this.bf.encryptBlock(block); + }; +} + +BF.keySize = BF.prototype.keySize = 16; +BF.blockSize = BF.prototype.blockSize = 8; + +/** + * This file is needed to dynamic import the legacy ciphers. + * Separate dynamic imports are not convenient as they result in multiple chunks. + */ + + +const legacyCiphers = new Map([ + [enums.symmetric.tripledes, TripleDES], + [enums.symmetric.cast5, CAST5], + [enums.symmetric.blowfish, BF], + [enums.symmetric.twofish, TF] +]); + +export { legacyCiphers }; diff --git a/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs b/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs new file mode 100644 index 000000000..182bff42b --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs @@ -0,0 +1,14 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{H as t,h as e,t as n,e as r,b as f,c as o,r as i,s,a,d as c,w as d,u,f as l}from"./sha3.min.mjs";class h extends t{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,e(t);const f=n(r);if(this.iHash=t.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const o=this.blockLen,i=new Uint8Array(o);i.set(f.length>o?t.create().update(f).digest():f);for(let t=0;tnew h(t,e).update(n).digest();g.create=(t,e)=>new h(t,e) +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const b=/* @__PURE__ */BigInt(0),y=/* @__PURE__ */BigInt(1),p=/* @__PURE__ */BigInt(2);function m(t){return t instanceof Uint8Array||null!=t&&"object"==typeof t&&"Uint8Array"===t.constructor.name}function w(t){if(!m(t))throw Error("Uint8Array expected")}function B(t,e){if("boolean"!=typeof e)throw Error(`${t} must be valid boolean, got "${e}".`)}const E=/* @__PURE__ */Array.from({length:256},((t,e)=>e.toString(16).padStart(2,"0")));function x(t){w(t);let e="";for(let n=0;n=S._0&&t<=S._9?t-S._0:t>=S._A&&t<=S._F?t-(S._A-10):t>=S._a&&t<=S._f?t-(S._a-10):void 0}function O(t){if("string"!=typeof t)throw Error("hex string expected, got "+typeof t);const e=t.length,n=e/2;if(e%2)throw Error("padded hex string expected, got unpadded hex of length "+e);const r=new Uint8Array(n);for(let e=0,f=0;e"bigint"==typeof t&&b<=t;function T(t,e,n){return H(t)&&H(e)&&H(n)&&e<=t&&tb;t>>=y,e+=1);return e}const $=t=>(p<new Uint8Array(t),k=t=>Uint8Array.from(t);function G(t,e,n){if("number"!=typeof t||t<2)throw Error("hashLen must be a number");if("number"!=typeof e||e<2)throw Error("qByteLen must be a number");if("function"!=typeof n)throw Error("hmacFn must be a function");let r=_(t),f=_(t),o=0;const i=()=>{r.fill(1),f.fill(0),o=0},s=(...t)=>n(f,r,...t),a=(t=_())=>{f=s(k([0]),t),r=s(),0!==t.length&&(f=s(k([1]),t),r=s())},c=()=>{if(o++>=1e3)throw Error("drbg: tried 1000 values");let t=0;const n=[];for(;t{let n;for(i(),a(t);!(n=e(c()));)a();return i(),n}}const U={bigint:t=>"bigint"==typeof t,function:t=>"function"==typeof t,boolean:t=>"boolean"==typeof t,string:t=>"string"==typeof t,stringOrUint8Array:t=>"string"==typeof t||m(t),isSafeInteger:t=>Number.isSafeInteger(t),array:t=>Array.isArray(t),field:(t,e)=>e.Fp.isValid(t),hash:t=>"function"==typeof t&&Number.isSafeInteger(t.outputLen)};function j(t,e,n={}){const r=(e,n,r)=>{const f=U[n];if("function"!=typeof f)throw Error(`Invalid validator "${n}", expected function`);const o=t[e];if(!(r&&void 0===o||f(o,t)))throw Error(`Invalid param ${e+""}=${o} (${typeof o}), expected ${n}`)};for(const[t,n]of Object.entries(e))r(t,n,!1);for(const[t,e]of Object.entries(n))r(t,e,!0);return t}function C(t){const e=new WeakMap;return(n,...r)=>{const f=e.get(n);if(void 0!==f)return f;const o=t(n,...r);return e.set(n,o),o}}var V=/*#__PURE__*/Object.freeze({__proto__:null,aInRange:F,abool:B,abytes:w,bitGet:function(t,e){return t>>BigInt(e)&y},bitLen:Z,bitMask:$,bitSet:function(t,e,n){return t|(n?y:b)<{throw Error("not implemented")},numberToBytesBE:z,numberToBytesLE:P,numberToHexUnpadded:I,numberToVarBytesBE:function(t){return O(I(t))},utf8ToBytes:function(t){if("string"!=typeof t)throw Error("utf8ToBytes expected string, got "+typeof t);return new Uint8Array((new TextEncoder).encode(t))},validateObject:j}); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const K=BigInt(0),Y=BigInt(1),M=BigInt(2),W=BigInt(3),D=BigInt(4),J=BigInt(5),Q=BigInt(8);function X(t,e){const n=t%e;return n>=K?n:e+n}function tt(t,e,n){if(n<=K||e 0");if(n===Y)return K;let r=Y;for(;e>K;)e&Y&&(r=r*t%n),t=t*t%n,e>>=Y;return r}function et(t,e,n){let r=t;for(;e-- >K;)r*=r,r%=n;return r}function nt(t,e){if(t===K||e<=K)throw Error(`invert: expected positive integers, got n=${t} mod=${e}`);let n=X(t,e),r=e,f=K,o=Y;for(;n!==K;){const t=r%n,e=f-o*(r/n);r=n,n=t,f=o,o=e}if(r!==Y)throw Error("invert: does not exist");return X(f,e)}function rt(t){if(t%D===W){const e=(t+Y)/D;return function(t,n){const r=t.pow(n,e);if(!t.eql(t.sqr(r),n))throw Error("Cannot find square root");return r}}if(t%Q===J){const e=(t-J)/Q;return function(t,n){const r=t.mul(n,M),f=t.pow(r,e),o=t.mul(n,f),i=t.mul(t.mul(o,M),f),s=t.mul(o,t.sub(i,t.ONE));if(!t.eql(t.sqr(s),n))throw Error("Cannot find square root");return s}}return function(t){const e=(t-Y)/M;let n,r,f;for(n=t-Y,r=0;n%M===K;n/=M,r++);for(f=M;f 0, got "+t);const{nBitLength:f,nByteLength:o}=ot(t,e);if(o>2048)throw Error("Field lengths over 2048 bytes are not supported");const i=rt(t),s=Object.freeze({ORDER:t,BITS:f,BYTES:o,MASK:$(f),ZERO:K,ONE:Y,create:e=>X(e,t),isValid:e=>{if("bigint"!=typeof e)throw Error("Invalid field element: expected bigint, got "+typeof e);return K<=e&&et===K,isOdd:t=>(t&Y)===Y,neg:e=>X(-e,t),eql:(t,e)=>t===e,sqr:e=>X(e*e,t),add:(e,n)=>X(e+n,t),sub:(e,n)=>X(e-n,t),mul:(e,n)=>X(e*n,t),pow:(t,e)=>function(t,e,n){if(n 0");if(n===K)return t.ONE;if(n===Y)return e;let r=t.ONE,f=e;for(;n>K;)n&Y&&(r=t.mul(r,f)),f=t.sqr(f),n>>=Y;return r}(s,t,e),div:(e,n)=>X(e*nt(n,t),t),sqrN:t=>t*t,addN:(t,e)=>t+e,subN:(t,e)=>t-e,mulN:(t,e)=>t*e,inv:e=>nt(e,t),sqrt:r.sqrt||(t=>i(s,t)),invertBatch:t=>function(t,e){const n=Array(e.length),r=e.reduce(((e,r,f)=>t.is0(r)?e:(n[f]=e,t.mul(e,r))),t.ONE),f=t.inv(r);return e.reduceRight(((e,r,f)=>t.is0(r)?e:(n[f]=t.mul(e,n[f]),t.mul(e,r))),f),n}(s,t),cmov:(t,e,n)=>n?e:t,toBytes:t=>n?P(t,o):z(t,o),fromBytes:t=>{if(t.length!==o)throw Error(`Fp.fromBytes: expected ${o}, got ${t.length}`);return n?q(t):R(t)}});return Object.freeze(s)}function st(t){if("bigint"!=typeof t)throw Error("field order must be bigint");const e=t.toString(2).length;return Math.ceil(e/8)}function at(t){const e=st(t);return e+Math.ceil(e/2)} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const ct=BigInt(0),dt=BigInt(1),ut=new WeakMap,lt=new WeakMap;function ht(t,e){const n=(t,e)=>{const n=e.negate();return t?n:e},r=t=>{if(!Number.isSafeInteger(t)||t<=0||t>e)throw Error(`Wrong window size=${t}, should be [1..${e}]`)},f=t=>{r(t);return{windows:Math.ceil(e/t)+1,windowSize:2**(t-1)}};return{constTimeNegate:n,unsafeLadder(e,n){let r=t.ZERO,f=e;for(;n>ct;)n&dt&&(r=r.add(f)),f=f.double(),n>>=dt;return r},precomputeWindow(t,e){const{windows:n,windowSize:r}=f(e),o=[];let i=t,s=i;for(let t=0;t>=l,f>s&&(f-=u,o+=dt);const i=e,h=e+Math.abs(f)-1,g=t%2!=0,b=f<0;0===f?c=c.add(n(g,r[i])):a=a.add(n(b,r[h]))}return{p:a,f:c}},wNAFCached(t,e,n){const r=lt.get(t)||1;let f=ut.get(t);return f||(f=this.precomputeWindow(t,r),1!==r&&ut.set(t,n(f))),this.wNAF(r,f,e)},setWindowSize(t,e){r(e),lt.set(t,e),ut.delete(t)}}}function gt(t,e,n,r){if(!Array.isArray(n)||!Array.isArray(r)||r.length!==n.length)throw Error("arrays of points and scalars must have equal length");r.forEach(((t,n)=>{if(!e.isValid(t))throw Error("wrong scalar at index "+n)})),n.forEach(((e,n)=>{if(!(e instanceof t))throw Error("wrong point at index "+n)}));const f=Z(BigInt(n.length)),o=f>12?f-3:f>4?f-2:f?2:1,i=(1<=0;e-=o){s.fill(t.ZERO);for(let t=0;t>BigInt(e)&BigInt(i));s[o]=s[o].add(n[t])}let f=t.ZERO;for(let e=s.length-1,n=t.ZERO;e>0;e--)n=n.add(s[e]),f=f.add(n);if(c=c.add(f),0!==e)for(let t=0;t(t[e]="function",t)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"})),j(t,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...ot(t.n,t.nBitLength),...t,p:t.Fp.ORDER})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function yt(t){void 0!==t.lowS&&B("lowS",t.lowS),void 0!==t.prehash&&B("prehash",t.prehash)}const{bytesToNumberBE:pt,hexToBytes:mt}=V,wt={Err:class extends Error{constructor(t=""){super(t)}},_tlv:{encode:(t,e)=>{const{Err:n}=wt;if(t<0||t>256)throw new n("tlv.encode: wrong tag");if(1&e.length)throw new n("tlv.encode: unpadded data");const r=e.length/2,f=I(r);if(f.length/2&128)throw new n("tlv.encode: long form length too big");const o=r>127?I(f.length/2|128):"";return`${I(t)}${o}${f}${e}`},decode(t,e){const{Err:n}=wt;let r=0;if(t<0||t>256)throw new n("tlv.encode: wrong tag");if(e.length<2||e[r++]!==t)throw new n("tlv.decode: wrong tlv");const f=e[r++];let o=0;if(!!(128&f)){const t=127&f;if(!t)throw new n("tlv.decode(long): indefinite length not supported");if(t>4)throw new n("tlv.decode(long): byte length is too big");const i=e.subarray(r,r+t);if(i.length!==t)throw new n("tlv.decode: length bytes not complete");if(0===i[0])throw new n("tlv.decode(long): zero leftmost byte");for(const t of i)o=o<<8|t;if(r+=t,o<128)throw new n("tlv.decode(long): not minimal encoding")}else o=f;const i=e.subarray(r,r+o);if(i.length!==o)throw new n("tlv.decode: wrong value length");return{v:i,l:e.subarray(r+o)}}},_int:{encode(t){const{Err:e}=wt;if(t{const f=e.toAffine();return N(Uint8Array.from([4]),n.toBytes(f.x),n.toBytes(f.y))}),o=e.fromBytes||(t=>{const e=t.subarray(1);return{x:n.fromBytes(e.subarray(0,n.BYTES)),y:n.fromBytes(e.subarray(n.BYTES,2*n.BYTES))}});function i(t){const{a:r,b:f}=e,o=n.sqr(t),i=n.mul(o,t);return n.add(n.add(i,n.mul(t,r)),f)}if(!n.eql(n.sqr(e.Gy),i(e.Gx)))throw Error("bad generator point: equation left != right");function s(t){const{allowedPrivateKeyLengths:n,nByteLength:r,wrapPrivateKey:f,n:o}=e;if(n&&"bigint"!=typeof t){if(m(t)&&(t=x(t)),"string"!=typeof t||!n.includes(t.length))throw Error("Invalid key");t=t.padStart(2*r,"0")}let i;try{i="bigint"==typeof t?t:R(L("private key",t,r))}catch(e){throw Error(`private key must be ${r} bytes, hex or bigint, not ${typeof t}`)}return f&&(i=X(i,o)),F("private key",i,Et,o),i}function a(t){if(!(t instanceof u))throw Error("ProjectivePoint expected")}const c=C(((t,e)=>{const{px:r,py:f,pz:o}=t;if(n.eql(o,n.ONE))return{x:r,y:f};const i=t.is0();null==e&&(e=i?n.ONE:n.inv(o));const s=n.mul(r,e),a=n.mul(f,e),c=n.mul(o,e);if(i)return{x:n.ZERO,y:n.ZERO};if(!n.eql(c,n.ONE))throw Error("invZ was invalid");return{x:s,y:a}})),d=C((t=>{if(t.is0()){if(e.allowInfinityPoint&&!n.is0(t.py))return;throw Error("bad point: ZERO")}const{x:r,y:f}=t.toAffine();if(!n.isValid(r)||!n.isValid(f))throw Error("bad point: x or y not FE");const o=n.sqr(f),s=i(r);if(!n.eql(o,s))throw Error("bad point: equation left != right");if(!t.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));class u{constructor(t,e,r){if(this.px=t,this.py=e,this.pz=r,null==t||!n.isValid(t))throw Error("x required");if(null==e||!n.isValid(e))throw Error("y required");if(null==r||!n.isValid(r))throw Error("z required");Object.freeze(this)}static fromAffine(t){const{x:e,y:r}=t||{};if(!t||!n.isValid(e)||!n.isValid(r))throw Error("invalid affine point");if(t instanceof u)throw Error("projective point not allowed");const f=t=>n.eql(t,n.ZERO);return f(e)&&f(r)?u.ZERO:new u(e,r,n.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(t){const e=n.invertBatch(t.map((t=>t.pz)));return t.map(((t,n)=>t.toAffine(e[n]))).map(u.fromAffine)}static fromHex(t){const e=u.fromAffine(o(L("pointHex",t)));return e.assertValidity(),e}static fromPrivateKey(t){return u.BASE.multiply(s(t))}static msm(t,e){return gt(u,r,t,e)}_setWindowSize(t){h.setWindowSize(this,t)}assertValidity(){d(this)}hasEvenY(){const{y:t}=this.toAffine();if(n.isOdd)return!n.isOdd(t);throw Error("Field doesn't support isOdd")}equals(t){a(t);const{px:e,py:r,pz:f}=this,{px:o,py:i,pz:s}=t,c=n.eql(n.mul(e,s),n.mul(o,f)),d=n.eql(n.mul(r,s),n.mul(i,f));return c&&d}negate(){return new u(this.px,n.neg(this.py),this.pz)}double(){const{a:t,b:r}=e,f=n.mul(r,xt),{px:o,py:i,pz:s}=this;let a=n.ZERO,c=n.ZERO,d=n.ZERO,l=n.mul(o,o),h=n.mul(i,i),g=n.mul(s,s),b=n.mul(o,i);return b=n.add(b,b),d=n.mul(o,s),d=n.add(d,d),a=n.mul(t,d),c=n.mul(f,g),c=n.add(a,c),a=n.sub(h,c),c=n.add(h,c),c=n.mul(a,c),a=n.mul(b,a),d=n.mul(f,d),g=n.mul(t,g),b=n.sub(l,g),b=n.mul(t,b),b=n.add(b,d),d=n.add(l,l),l=n.add(d,l),l=n.add(l,g),l=n.mul(l,b),c=n.add(c,l),g=n.mul(i,s),g=n.add(g,g),l=n.mul(g,b),a=n.sub(a,l),d=n.mul(g,h),d=n.add(d,d),d=n.add(d,d),new u(a,c,d)}add(t){a(t);const{px:r,py:f,pz:o}=this,{px:i,py:s,pz:c}=t;let d=n.ZERO,l=n.ZERO,h=n.ZERO;const g=e.a,b=n.mul(e.b,xt);let y=n.mul(r,i),p=n.mul(f,s),m=n.mul(o,c),w=n.add(r,f),B=n.add(i,s);w=n.mul(w,B),B=n.add(y,p),w=n.sub(w,B),B=n.add(r,o);let E=n.add(i,c);return B=n.mul(B,E),E=n.add(y,m),B=n.sub(B,E),E=n.add(f,o),d=n.add(s,c),E=n.mul(E,d),d=n.add(p,m),E=n.sub(E,d),h=n.mul(g,B),d=n.mul(b,m),h=n.add(d,h),d=n.sub(p,h),h=n.add(p,h),l=n.mul(d,h),p=n.add(y,y),p=n.add(p,y),m=n.mul(g,m),B=n.mul(b,B),p=n.add(p,m),m=n.sub(y,m),m=n.mul(g,m),B=n.add(B,m),y=n.mul(p,B),l=n.add(l,y),y=n.mul(E,B),d=n.mul(w,d),d=n.sub(d,y),y=n.mul(w,p),h=n.mul(E,h),h=n.add(h,y),new u(d,l,h)}subtract(t){return this.add(t.negate())}is0(){return this.equals(u.ZERO)}wNAF(t){return h.wNAFCached(this,t,u.normalizeZ)}multiplyUnsafe(t){F("scalar",t,Bt,e.n);const r=u.ZERO;if(t===Bt)return r;if(t===Et)return this;const{endo:f}=e;if(!f)return h.unsafeLadder(this,t);let{k1neg:o,k1:i,k2neg:s,k2:a}=f.splitScalar(t),c=r,d=r,l=this;for(;i>Bt||a>Bt;)i&Et&&(c=c.add(l)),a&Et&&(d=d.add(l)),l=l.double(),i>>=Et,a>>=Et;return o&&(c=c.negate()),s&&(d=d.negate()),d=new u(n.mul(d.px,f.beta),d.py,d.pz),c.add(d)}multiply(t){const{endo:r,n:f}=e;let o,i;if(F("scalar",t,Et,f),r){const{k1neg:e,k1:f,k2neg:s,k2:a}=r.splitScalar(t);let{p:c,f:d}=this.wNAF(f),{p:l,f:g}=this.wNAF(a);c=h.constTimeNegate(e,c),l=h.constTimeNegate(s,l),l=new u(n.mul(l.px,r.beta),l.py,l.pz),o=c.add(l),i=d.add(g)}else{const{p:e,f:n}=this.wNAF(t);o=e,i=n}return u.normalizeZ([o,i])[0]}multiplyAndAddUnsafe(t,e,n){const r=u.BASE,f=(t,e)=>e!==Bt&&e!==Et&&t.equals(r)?t.multiply(e):t.multiplyUnsafe(e),o=f(this,e).add(f(t,n));return o.is0()?void 0:o}toAffine(t){return c(this,t)}isTorsionFree(){const{h:t,isTorsionFree:n}=e;if(t===Et)return!0;if(n)return n(u,this);throw Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:t,clearCofactor:n}=e;return t===Et?this:n?n(u,this):this.multiplyUnsafe(e.h)}toRawBytes(t=!0){return B("isCompressed",t),this.assertValidity(),f(u,this,t)}toHex(t=!0){return B("isCompressed",t),x(this.toRawBytes(t))}}u.BASE=new u(e.Gx,e.Gy,n.ONE),u.ZERO=new u(n.ZERO,n.ONE,n.ZERO);const l=e.nBitLength,h=ht(u,e.endo?Math.ceil(l/2):l);return{CURVE:e,ProjectivePoint:u,normPrivateKeyToScalar:s,weierstrassEquation:i,isWithinCurveOrder:function(t){return T(t,Et,e.n)}}}function vt(t){const e=function(t){const e=bt(t);return j(e,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...e})}(t),{Fp:n,n:r}=e,f=n.BYTES+1,o=2*n.BYTES+1;function i(t){return X(t,r)}function s(t){return nt(t,r)}const{ProjectivePoint:a,normPrivateKeyToScalar:c,weierstrassEquation:d,isWithinCurveOrder:u}=It({...e,toBytes(t,e,r){const f=e.toAffine(),o=n.toBytes(f.x),i=N;return B("isCompressed",r),r?i(Uint8Array.from([e.hasEvenY()?2:3]),o):i(Uint8Array.from([4]),o,n.toBytes(f.y))},fromBytes(t){const e=t.length,r=t[0],i=t.subarray(1);if(e!==f||2!==r&&3!==r){if(e===o&&4===r){return{x:n.fromBytes(i.subarray(0,n.BYTES)),y:n.fromBytes(i.subarray(n.BYTES,2*n.BYTES))}}throw Error(`Point of length ${e} was invalid. Expected ${f} compressed bytes or ${o} uncompressed bytes`)}{const t=R(i);if(!T(t,Et,n.ORDER))throw Error("Point is not on curve");const e=d(t);let f;try{f=n.sqrt(e)}catch(t){const e=t instanceof Error?": "+t.message:"";throw Error("Point is not on curve"+e)}return!(1&~r)!==((f&Et)===Et)&&(f=n.neg(f)),{x:t,y:f}}}}),l=t=>x(z(t,e.nByteLength));function h(t){return t>r>>Et}const g=(t,e,n)=>R(t.slice(e,n));class b{constructor(t,e,n){this.r=t,this.s=e,this.recovery=n,this.assertValidity()}static fromCompact(t){const n=e.nByteLength;return t=L("compactSignature",t,2*n),new b(g(t,0,n),g(t,n,2*n))}static fromDER(t){const{r:e,s:n}=wt.toSig(L("DER",t));return new b(e,n)}assertValidity(){F("r",this.r,Et,r),F("s",this.s,Et,r)}addRecoveryBit(t){return new b(this.r,this.s,t)}recoverPublicKey(t){const{r,s:f,recovery:o}=this,c=E(L("msgHash",t));if(null==o||![0,1,2,3].includes(o))throw Error("recovery id invalid");const d=2===o||3===o?r+e.n:r;if(d>=n.ORDER)throw Error("recovery id 2 or 3 invalid");const u=1&o?"03":"02",h=a.fromHex(u+l(d)),g=s(d),b=i(-c*g),y=i(f*g),p=a.BASE.multiplyAndAddUnsafe(h,b,y);if(!p)throw Error("point at infinify");return p.assertValidity(),p}hasHighS(){return h(this.s)}normalizeS(){return this.hasHighS()?new b(this.r,i(-this.s),this.recovery):this}toDERRawBytes(){return O(this.toDERHex())}toDERHex(){return wt.hexFromSig({r:this.r,s:this.s})}toCompactRawBytes(){return O(this.toCompactHex())}toCompactHex(){return l(this.r)+l(this.s)}}const y={isValidPrivateKey(t){try{return c(t),!0}catch(t){return!1}},normPrivateKeyToScalar:c,randomPrivateKey:()=>{const t=at(e.n);return function(t,e,n=!1){const r=t.length,f=st(e),o=at(e);if(r<16||r1024)throw Error(`expected ${o}-1024 bytes of input, got ${r}`);const i=X(n?R(t):q(t),e-Y)+Y;return n?P(i,f):z(i,f)}(e.randomBytes(t),e.n)},precompute:(t=8,e=a.BASE)=>(e._setWindowSize(t),e.multiply(BigInt(3)),e)};function p(t){const e=m(t),n="string"==typeof t,r=(e||n)&&t.length;return e?r===f||r===o:n?r===2*f||r===2*o:t instanceof a}const w=e.bits2int||function(t){const n=R(t),r=8*t.length-e.nBitLength;return r>0?n>>BigInt(r):n},E=e.bits2int_modN||function(t){return i(w(t))},I=$(e.nBitLength);function v(t){return F("num < 2^"+e.nBitLength,t,Bt,I),z(t,e.nByteLength)}function S(t,r,f=A){if(["recovered","canonical"].some((t=>t in f)))throw Error("sign() legacy options not supported");const{hash:o,randomBytes:d}=e;let{lowS:l,prehash:g,extraEntropy:y}=f;null==l&&(l=!0),t=L("msgHash",t),yt(f),g&&(t=L("prehashed msgHash",o(t)));const p=E(t),m=c(r),B=[v(m),v(p)];if(null!=y&&!1!==y){const t=!0===y?d(n.BYTES):y;B.push(L("extraEntropy",t))}const x=N(...B),I=p;return{seed:x,k2sig:function(t){const e=w(t);if(!u(e))return;const n=s(e),r=a.BASE.multiply(e).toAffine(),f=i(r.x);if(f===Bt)return;const o=i(n*i(I+f*m));if(o===Bt)return;let c=(r.x===f?0:2)|Number(r.y&Et),d=o;return l&&h(o)&&(d=function(t){return h(t)?i(-t):t}(o),c^=1),new b(f,d,c)}}}const A={lowS:e.lowS,prehash:!1},H={lowS:e.lowS,prehash:!1};return a.BASE._setWindowSize(8),{CURVE:e,getPublicKey:function(t,e=!0){return a.fromPrivateKey(t).toRawBytes(e)},getSharedSecret:function(t,e,n=!0){if(p(t))throw Error("first arg must be private key");if(!p(e))throw Error("second arg must be public key");return a.fromHex(e).multiply(c(t)).toRawBytes(n)},sign:function(t,n,r=A){const{seed:f,k2sig:o}=S(t,n,r),i=e;return G(i.hash.outputLen,i.nByteLength,i.hmac)(f,o)},verify:function(t,n,r,f=H){const o=t;if(n=L("msgHash",n),r=L("publicKey",r),"strict"in f)throw Error("options.strict was renamed to lowS");yt(f);const{lowS:c,prehash:d}=f;let u,l;try{if("string"==typeof o||m(o))try{u=b.fromDER(o)}catch(t){if(!(t instanceof wt.Err))throw t;u=b.fromCompact(o)}else{if("object"!=typeof o||"bigint"!=typeof o.r||"bigint"!=typeof o.s)throw Error("PARSE");{const{r:t,s:e}=o;u=new b(t,e)}}l=a.fromHex(r)}catch(t){if("PARSE"===t.message)throw Error("signature must be Signature instance, Uint8Array or hex string");return!1}if(c&&u.hasHighS())return!1;d&&(n=e.hash(n));const{r:h,s:g}=u,y=E(n),p=s(g),w=i(y*p),B=i(h*p),x=a.BASE.multiplyAndAddUnsafe(l,w,B)?.toAffine();return!!x&&i(x.x)===h},ProjectivePoint:a,Signature:b,utils:y}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function St(t){return{hash:t,hmac:(e,...n)=>g(t,e,o(...n)),randomBytes:i}}function At(t,e){const n=e=>vt({...t,...St(e)});return Object.freeze({...n(e),create:n})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */BigInt(4);const Ot=it(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff")),Rt=At({a:Ot.create(BigInt("-3")),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Fp:Ot,n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),h:BigInt(1),lowS:!1},s),qt=it(BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff")),zt=At({a:qt.create(BigInt("-3")),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Fp:qt,n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),h:BigInt(1),lowS:!1},a),Pt=it(BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")),Lt={a:Pt.create(BigInt("-3")),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Fp:Pt,n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"),h:BigInt(1)},Nt=At({a:Lt.a,b:Lt.b,Fp:Pt,n:Lt.n,Gx:Lt.Gx,Gy:Lt.Gy,h:Lt.h,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},c),Ht=BigInt(0),Tt=BigInt(1),Ft=BigInt(2),Zt=BigInt(8),$t={zip215:!0};function _t(t){const e=function(t){const e=bt(t);return j(t,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...e})}(t),{Fp:n,n:r,prehash:f,hash:o,randomBytes:i,nByteLength:s,h:a}=e,c=Ft<{try{return{isValid:!0,value:n.sqrt(t*n.inv(e))}}catch(t){return{isValid:!1,value:Ht}}}),h=e.adjustScalarBytes||(t=>t),g=e.domain||((t,e,n)=>{if(B("phflag",n),e.length||n)throw Error("Contexts/pre-hash are not supported");return t});function b(t,e){F("coordinate "+t,e,Ht,c)}function y(t){if(!(t instanceof w))throw Error("ExtendedPoint expected")}const p=C(((t,e)=>{const{ex:r,ey:f,ez:o}=t,i=t.is0();null==e&&(e=i?Zt:n.inv(o));const s=d(r*e),a=d(f*e),c=d(o*e);if(i)return{x:Ht,y:Tt};if(c!==Tt)throw Error("invZ was invalid");return{x:s,y:a}})),m=C((t=>{const{a:n,d:r}=e;if(t.is0())throw Error("bad point: ZERO");const{ex:f,ey:o,ez:i,et:s}=t,a=d(f*f),c=d(o*o),u=d(i*i),l=d(u*u),h=d(a*n);if(d(u*d(h+c))!==d(l+d(r*d(a*c))))throw Error("bad point: equation left != right (1)");if(d(f*o)!==d(i*s))throw Error("bad point: equation left != right (2)");return!0}));class w{constructor(t,e,n,r){this.ex=t,this.ey=e,this.ez=n,this.et=r,b("x",t),b("y",e),b("z",n),b("t",r),Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(t){if(t instanceof w)throw Error("extended point not allowed");const{x:e,y:n}=t||{};return b("x",e),b("y",n),new w(e,n,Tt,d(e*n))}static normalizeZ(t){const e=n.invertBatch(t.map((t=>t.ez)));return t.map(((t,n)=>t.toAffine(e[n]))).map(w.fromAffine)}static msm(t,e){return gt(w,u,t,e)}_setWindowSize(t){v.setWindowSize(this,t)}assertValidity(){m(this)}equals(t){y(t);const{ex:e,ey:n,ez:r}=this,{ex:f,ey:o,ez:i}=t,s=d(e*i),a=d(f*r),c=d(n*i),u=d(o*r);return s===a&&c===u}is0(){return this.equals(w.ZERO)}negate(){return new w(d(-this.ex),this.ey,this.ez,d(-this.et))}double(){const{a:t}=e,{ex:n,ey:r,ez:f}=this,o=d(n*n),i=d(r*r),s=d(Ft*d(f*f)),a=d(t*o),c=n+r,u=d(d(c*c)-o-i),l=a+i,h=l-s,g=a-i,b=d(u*h),y=d(l*g),p=d(u*g),m=d(h*l);return new w(b,y,m,p)}add(t){y(t);const{a:n,d:r}=e,{ex:f,ey:o,ez:i,et:s}=this,{ex:a,ey:c,ez:u,et:l}=t;if(n===BigInt(-1)){const t=d((o-f)*(c+a)),e=d((o+f)*(c-a)),n=d(e-t);if(n===Ht)return this.double();const r=d(i*Ft*l),h=d(s*Ft*u),g=h+r,b=e+t,y=h-r,p=d(g*n),m=d(b*y),B=d(g*y),E=d(n*b);return new w(p,m,E,B)}const h=d(f*a),g=d(o*c),b=d(s*r*l),p=d(i*u),m=d((f+o)*(a+c)-h-g),B=p-b,E=p+b,x=d(g-n*h),I=d(m*B),v=d(E*x),S=d(m*x),A=d(B*E);return new w(I,v,A,S)}subtract(t){return this.add(t.negate())}wNAF(t){return v.wNAFCached(this,t,w.normalizeZ)}multiply(t){const e=t;F("scalar",e,Tt,r);const{p:n,f}=this.wNAF(e);return w.normalizeZ([n,f])[0]}multiplyUnsafe(t){const e=t;return F("scalar",e,Ht,r),e===Ht?I:this.equals(I)||e===Tt?this:this.equals(E)?this.wNAF(e).p:v.unsafeLadder(this,e)}isSmallOrder(){return this.multiplyUnsafe(a).is0()}isTorsionFree(){return v.unsafeLadder(this,r).is0()}toAffine(t){return p(this,t)}clearCofactor(){const{h:t}=e;return t===Tt?this:this.multiplyUnsafe(t)}static fromHex(t,r=!1){const{d:f,a:o}=e,i=n.BYTES;t=L("pointHex",t,i),B("zip215",r);const s=t.slice(),a=t[i-1];s[i-1]=-129&a;const u=q(s),h=r?c:n.ORDER;F("pointHex.y",u,Ht,h);const g=d(u*u),b=d(g-Tt),y=d(f*g-o);let{isValid:p,value:m}=l(b,y);if(!p)throw Error("Point.fromHex: invalid y coordinate");const E=(m&Tt)===Tt,x=!!(128&a);if(!r&&m===Ht&&x)throw Error("Point.fromHex: x=0 and x_0=1");return x!==E&&(m=d(-m)),w.fromAffine({x:m,y:u})}static fromPrivateKey(t){return O(t).point}toRawBytes(){const{x:t,y:e}=this.toAffine(),r=P(e,n.BYTES);return r[r.length-1]|=t&Tt?128:0,r}toHex(){return x(this.toRawBytes())}}w.BASE=new w(e.Gx,e.Gy,Tt,d(e.Gx*e.Gy)),w.ZERO=new w(Ht,Tt,Tt,Ht);const{BASE:E,ZERO:I}=w,v=ht(w,8*s);function S(t){return X(t,r)}function A(t){return S(q(t))}function O(t){const e=s;t=L("private key",t,e);const n=L("hashed private key",o(t),2*e),r=h(n.slice(0,e)),f=n.slice(e,2*e),i=A(r),a=E.multiply(i),c=a.toRawBytes();return{head:r,prefix:f,scalar:i,point:a,pointBytes:c}}function R(t=new Uint8Array,...e){const n=N(...e);return A(o(g(n,L("context",t),!!f)))}const z=$t;E._setWindowSize(8);return{CURVE:e,getPublicKey:function(t){return O(t).pointBytes},sign:function(t,e,o={}){t=L("message",t),f&&(t=f(t));const{prefix:i,scalar:a,pointBytes:c}=O(e),d=R(o.context,i,t),u=E.multiply(d).toRawBytes(),l=S(d+R(o.context,u,c,t)*a);return F("signature.s",l,Ht,r),L("result",N(u,P(l,n.BYTES)),2*s)},verify:function(t,e,r,o=z){const{context:i,zip215:s}=o,a=n.BYTES;t=L("signature",t,2*a),e=L("message",e),void 0!==s&&B("zip215",s),f&&(e=f(e));const c=q(t.slice(a,2*a));let d,u,l;try{d=w.fromHex(r,s),u=w.fromHex(t.slice(0,a),s),l=E.multiplyUnsafe(c)}catch(t){return!1}if(!s&&d.isSmallOrder())return!1;const h=R(i,u.toRawBytes(),d.toRawBytes(),e);return u.add(d.multiplyUnsafe(h)).subtract(l).clearCofactor().equals(w.ZERO)},ExtendedPoint:w,utils:{getExtendedPublicKey:O,randomPrivateKey:()=>i(n.BYTES),precompute:(t=8,e=w.BASE)=>(e._setWindowSize(t),e.multiply(BigInt(3)),e)}}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const kt=BigInt(0),Gt=BigInt(1);function Ut(t){const e=(j(n=t,{a:"bigint"},{montgomeryBits:"isSafeInteger",nByteLength:"isSafeInteger",adjustScalarBytes:"function",domain:"function",powPminus2:"function",Gu:"bigint"}),Object.freeze({...n}));var n;const{P:r}=e,f=t=>X(t,r),o=e.montgomeryBits,i=Math.ceil(o/8),s=e.nByteLength,a=e.adjustScalarBytes||(t=>t),c=e.powPminus2||(t=>tt(t,r-BigInt(2),r));function d(t,e,n){const r=f(t*(e-n));return[e=f(e-r),n=f(n+r)]}const u=(e.a-BigInt(2))/BigInt(4);function l(t){return P(f(t),i)}function h(t,e){const n=function(t){const e=L("u coordinate",t,i);return 32===s&&(e[31]&=127),q(e)}(e),h=function(t){const e=L("scalar",t),n=e.length;if(n!==i&&n!==s)throw Error(`Expected ${i} or ${s} bytes, got ${n}`);return q(a(e))}(t),g=function(t,e){F("u",t,kt,r),F("scalar",e,kt,r);const n=e,i=t;let s,a=Gt,l=kt,h=t,g=Gt,b=kt;for(let t=BigInt(o-1);t>=kt;t--){const e=n>>t≫b^=e,s=d(b,a,h),a=s[0],h=s[1],s=d(b,l,g),l=s[0],g=s[1],b=e;const r=a+l,o=f(r*r),c=a-l,y=f(c*c),p=o-y,m=h+g,w=f((h-g)*r),B=f(m*c),E=w+B,x=w-B;h=f(E*E),g=f(i*f(x*x)),a=f(o*y),l=f(p*(o+f(u*p)))}s=d(b,a,h),a=s[0],h=s[1],s=d(b,l,g),l=s[0],g=s[1];const y=c(l);return f(a*y)}(n,h);if(g===kt)throw Error("Invalid private or public key received");return l(g)}const g=l(e.Gu);function b(t){return h(t,g)}return{scalarMult:h,scalarMultBase:b,getSharedSecret:(t,e)=>h(t,e),getPublicKey:t=>b(t),utils:{randomPrivateKey:()=>e.randomBytes(e.nByteLength)},GuBytes:g}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const jt=d((()=>l.create({dkLen:114}))),Ct=(d((()=>l.create({dkLen:64}))),BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439")),Vt=BigInt(1),Kt=BigInt(2),Yt=BigInt(3);BigInt(4);const Mt=BigInt(11),Wt=BigInt(22),Dt=BigInt(44),Jt=BigInt(88),Qt=BigInt(223);function Xt(t){const e=Ct,n=t*t*t%e,r=n*n*t%e,f=et(r,Yt,e)*r%e,o=et(f,Yt,e)*r%e,i=et(o,Kt,e)*n%e,s=et(i,Mt,e)*i%e,a=et(s,Wt,e)*s%e,c=et(a,Dt,e)*a%e,d=et(c,Jt,e)*c%e,u=et(d,Dt,e)*a%e,l=et(u,Kt,e)*n%e,h=et(l,Vt,e)*t%e;return et(h,Qt,e)*l%e}function te(t){return t[0]&=252,t[55]|=128,t[56]=0,t}const ee=it(Ct,456,!0),ne={a:BigInt(1),d:BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358"),Fp:ee,n:BigInt("181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779"),nBitLength:456,h:BigInt(4),Gx:BigInt("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710"),Gy:BigInt("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660"),hash:jt,randomBytes:i,adjustScalarBytes:te,domain:(t,e,n)=>{if(e.length>255)throw Error("Context is too big: "+e.length);return o(u("SigEd448"),new Uint8Array([n?1:0,e.length]),e,t)},uvRatio:function(t,e){const n=Ct,r=X(t*t*e,n),f=X(r*t,n),o=X(f*r*e,n),i=X(f*Xt(o),n),s=X(i*i,n);return{isValid:X(s*e,n)===t,value:i}}},re=/* @__PURE__ */_t(ne),fe=/* @__PURE__ */(()=>Ut({a:BigInt(156326),montgomeryBits:448,nByteLength:56,P:Ct,Gu:BigInt(5),powPminus2:t=>{const e=Ct;return X(et(Xt(t),BigInt(2),e)*t,e)},adjustScalarBytes:te,randomBytes:i}))();ee.ORDER,BigInt(3),BigInt(4),BigInt(156326),BigInt("39082"),BigInt("78163"),BigInt("98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214"),BigInt("315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716"),BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const oe=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),ie=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),se=BigInt(1),ae=BigInt(2),ce=(t,e)=>(t+e/ae)/e;const de=it(oe,void 0,void 0,{sqrt:function(t){const e=oe,n=BigInt(3),r=BigInt(6),f=BigInt(11),o=BigInt(22),i=BigInt(23),s=BigInt(44),a=BigInt(88),c=t*t*t%e,d=c*c*t%e,u=et(d,n,e)*d%e,l=et(u,n,e)*d%e,h=et(l,ae,e)*c%e,g=et(h,f,e)*h%e,b=et(g,o,e)*g%e,y=et(b,s,e)*b%e,p=et(y,a,e)*y%e,m=et(p,s,e)*b%e,w=et(m,n,e)*d%e,B=et(w,i,e)*g%e,E=et(B,r,e)*c%e,x=et(E,ae,e);if(!de.eql(de.sqr(x),t))throw Error("Cannot find square root");return x}}),ue=At({a:BigInt(0),b:BigInt(7),Fp:de,n:ie,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:t=>{const e=ie,n=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),r=-se*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),f=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),o=n,i=BigInt("0x100000000000000000000000000000000"),s=ce(o*t,e),a=ce(-r*t,e);let c=X(t-s*n-a*f,e),d=X(-s*r-a*o,e);const u=c>i,l=d>i;if(u&&(c=e-c),l&&(d=e-d),c>i||d>i)throw Error("splitScalar: Endomorphism failed, k="+t);return{k1neg:u,k1:c,k2neg:l,k2:d}}}},s);BigInt(0),ue.ProjectivePoint;const le=it(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),he=At({a:le.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:le,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},s),ge=it(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),be=At({a:ge.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:ge,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},a),ye=it(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),pe=At({a:ye.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:ye,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},c),me=new Map(Object.entries({nistP256:Rt,nistP384:zt,nistP521:Nt,brainpoolP256r1:he,brainpoolP384r1:be,brainpoolP512r1:pe,secp256k1:ue,x448:fe,ed448:re}));export{me as nobleCurves}; +//# sourceMappingURL=noble_curves.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs.map new file mode 100644 index 000000000..c7d845370 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_curves.min.mjs.map @@ -0,0 +1 @@ +{"version":3,"file":"noble_curves.min.mjs","sources":["../../node_modules/@noble/hashes/esm/hmac.js","../../node_modules/@noble/curves/esm/abstract/utils.js","../../node_modules/@noble/curves/esm/abstract/modular.js","../../node_modules/@noble/curves/esm/abstract/curve.js","../../node_modules/@noble/curves/esm/abstract/weierstrass.js","../../node_modules/@noble/curves/esm/_shortw_utils.js","../../node_modules/@noble/curves/esm/p256.js","../../node_modules/@noble/curves/esm/p384.js","../../node_modules/@noble/curves/esm/p521.js","../../node_modules/@noble/curves/esm/abstract/edwards.js","../../node_modules/@noble/curves/esm/abstract/montgomery.js","../../node_modules/@noble/curves/esm/ed448.js","../../node_modules/@noble/curves/esm/secp256k1.js","../../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP256r1.ts","../../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP384r1.ts","../../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP512r1.ts","../../src/crypto/public_key/elliptic/noble_curves.js"],"sourcesContent":["import { hash as assertHash, bytes as assertBytes, exists as assertExists } from './_assert.js';\nimport { Hash, toBytes } from './utils.js';\n// HMAC (RFC 2104)\nexport class HMAC extends Hash {\n constructor(hash, _key) {\n super();\n this.finished = false;\n this.destroyed = false;\n assertHash(hash);\n const key = toBytes(_key);\n this.iHash = hash.create();\n if (typeof this.iHash.update !== 'function')\n throw new Error('Expected instance of class which extends utils.Hash');\n this.blockLen = this.iHash.blockLen;\n this.outputLen = this.iHash.outputLen;\n const blockLen = this.blockLen;\n const pad = new Uint8Array(blockLen);\n // blockLen can be bigger than outputLen\n pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36;\n this.iHash.update(pad);\n // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone\n this.oHash = hash.create();\n // Undo internal XOR && apply outer XOR\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36 ^ 0x5c;\n this.oHash.update(pad);\n pad.fill(0);\n }\n update(buf) {\n assertExists(this);\n this.iHash.update(buf);\n return this;\n }\n digestInto(out) {\n assertExists(this);\n assertBytes(out, this.outputLen);\n this.finished = true;\n this.iHash.digestInto(out);\n this.oHash.update(out);\n this.oHash.digestInto(out);\n this.destroy();\n }\n digest() {\n const out = new Uint8Array(this.oHash.outputLen);\n this.digestInto(out);\n return out;\n }\n _cloneInto(to) {\n // Create new instance without calling constructor since key already in state and we don't know it.\n to || (to = Object.create(Object.getPrototypeOf(this), {}));\n const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;\n to = to;\n to.finished = finished;\n to.destroyed = destroyed;\n to.blockLen = blockLen;\n to.outputLen = outputLen;\n to.oHash = oHash._cloneInto(to.oHash);\n to.iHash = iHash._cloneInto(to.iHash);\n return to;\n }\n destroy() {\n this.destroyed = true;\n this.oHash.destroy();\n this.iHash.destroy();\n }\n}\n/**\n * HMAC: RFC2104 message authentication code.\n * @param hash - function that would be used e.g. sha256\n * @param key - message key\n * @param message - message data\n * @example\n * import { hmac } from '@noble/hashes/hmac';\n * import { sha256 } from '@noble/hashes/sha2';\n * const mac1 = hmac(sha256, 'key', 'message');\n */\nexport const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();\nhmac.create = (hash, key) => new HMAC(hash, key);\n//# sourceMappingURL=hmac.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// 100 lines of code in the file are duplicated from noble-hashes (utils).\n// This is OK: `abstract` directory does not use noble-hashes.\n// User may opt-in into using different hashing library. This way, noble-hashes\n// won't be included into their bundle.\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nexport function abytes(item) {\n if (!isBytes(item))\n throw new Error('Uint8Array expected');\n}\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(`${title} must be valid boolean, got \"${value}\".`);\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? `0${hex}` : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes(bytes);\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'private key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes(hex);\n }\n catch (e) {\n throw new Error(`${title} must be valid hex string, got \"${hex}\". Cause: ${e}`);\n }\n }\n else if (isBytes(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(`${title} must be hex string or Uint8Array`);\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);\n return res;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;\n// DRBG\nconst u8n = (data) => new Uint8Array(data); // creates Uint8Array\nconst u8fr = (arr) => Uint8Array.from(arr); // another shortcut\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n()) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error(`Invalid validator \"${type}\", expected function`);\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Utilities for modular arithmetics and finite fields\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js';\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);\n// prettier-ignore\nconst _9n = BigInt(9), _16n = BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/**\n * Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n */\n// TODO: use field version && remove\nexport function pow(num, power, modulo) {\n if (modulo <= _0n || power < _0n)\n throw new Error('Expected power/modulo > 0');\n if (modulo === _1n)\n return _0n;\n let res = _1n;\n while (power > _0n) {\n if (power & _1n)\n res = (res * num) % modulo;\n num = (num * num) % modulo;\n power >>= _1n;\n }\n return res;\n}\n// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res *= res;\n res %= modulo;\n }\n return res;\n}\n// Inverses number over modulo\nexport function invert(number, modulo) {\n if (number === _0n || modulo <= _0n) {\n throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);\n }\n // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u * q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n/**\n * Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * Will start an infinite loop if field order P is not prime.\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n */\nexport function tonelliShanks(P) {\n // Legendre constant: used to calculate Legendre symbol (a | p),\n // which denotes the value of a^((p-1)/2) (mod p).\n // (a | p) ≡ 1 if a is a square (mod p)\n // (a | p) ≡ -1 if a is not a square (mod p)\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreC = (P - _1n) / _2n;\n let Q, S, Z;\n // Step 1: By factoring out powers of 2 from p - 1,\n // find q and s such that p - 1 = q*(2^s) with q odd\n for (Q = P - _1n, S = 0; Q % _2n === _0n; Q /= _2n, S++)\n ;\n // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq\n for (Z = _2n; Z < P && pow(Z, legendreC, P) !== P - _1n; Z++)\n ;\n // Fast-path\n if (S === 1) {\n const p1div4 = (P + _1n) / _4n;\n return function tonelliFast(Fp, n) {\n const root = Fp.pow(n, p1div4);\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Slow-path\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1\n if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))\n throw new Error('Cannot find square root');\n let r = S;\n // TODO: will fail at Fp2/etc\n let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b\n let x = Fp.pow(n, Q1div2); // first guess at the square root\n let b = Fp.pow(n, Q); // first guess at the fudge factor\n while (!Fp.eql(b, Fp.ONE)) {\n if (Fp.eql(b, Fp.ZERO))\n return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0)\n // Find m such b^(2^m)==1\n let m = 1;\n for (let t2 = Fp.sqr(b); m < r; m++) {\n if (Fp.eql(t2, Fp.ONE))\n break;\n t2 = Fp.sqr(t2); // t2 *= t2\n }\n // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow\n const ge = Fp.pow(g, _1n << BigInt(r - m - 1)); // ge = 2^(r-m-1)\n g = Fp.sqr(ge); // g = ge * ge\n x = Fp.mul(x, ge); // x *= ge\n b = Fp.mul(b, g); // b *= g\n r = m;\n }\n return x;\n };\n}\nexport function FpSqrt(P) {\n // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.\n // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n // P ≡ 3 (mod 4)\n // √n = n^((P+1)/4)\n if (P % _4n === _3n) {\n // Not all roots possible!\n // const ORDER =\n // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn;\n // const NUM = 72057594037927816n;\n const p1div4 = (P + _1n) / _4n;\n return function sqrt3mod4(Fp, n) {\n const root = Fp.pow(n, p1div4);\n // Throw if root**2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10)\n if (P % _8n === _5n) {\n const c1 = (P - _5n) / _8n;\n return function sqrt5mod8(Fp, n) {\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, c1);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // P ≡ 9 (mod 16)\n if (P % _16n === _9n) {\n // NOTE: tonelli is too slow for bls-Fp2 calculations even on start\n // Means we cannot use sqrt for constants at all!\n //\n // const c1 = Fp.sqrt(Fp.negate(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n // const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n // const c3 = Fp.sqrt(Fp.negate(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n // const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n // sqrt = (x) => {\n // let tv1 = Fp.pow(x, c4); // 1. tv1 = x^c4\n // let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n // const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n // let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n // const e1 = Fp.equals(Fp.square(tv2), x); // 5. e1 = (tv2^2) == x\n // const e2 = Fp.equals(Fp.square(tv3), x); // 6. e2 = (tv3^2) == x\n // tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n // tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n // const e3 = Fp.equals(Fp.square(tv2), x); // 9. e3 = (tv2^2) == x\n // return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n // }\n }\n // Other cases: Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/**\n * Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n */\nexport function FpPow(f, num, power) {\n // Should have same speed as pow for bigints\n // TODO: benchmark!\n if (power < _0n)\n throw new Error('Expected power > 0');\n if (power === _0n)\n return f.ONE;\n if (power === _1n)\n return num;\n let p = f.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = f.mul(p, d);\n d = f.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/**\n * Efficiently invert an array of Field elements.\n * `inv(0)` will return `undefined` here: make sure to throw an error.\n */\nexport function FpInvertBatch(f, nums) {\n const tmp = new Array(nums.length);\n // Walk from first to last, multiply them by each other MOD p\n const lastMultiplied = nums.reduce((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = acc;\n return f.mul(acc, num);\n }, f.ONE);\n // Invert last element\n const inverted = f.inv(lastMultiplied);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = f.mul(acc, tmp[i]);\n return f.mul(acc, num);\n }, inverted);\n return tmp;\n}\nexport function FpDiv(f, lhs, rhs) {\n return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));\n}\nexport function FpLegendre(order) {\n // (a | p) ≡ 1 if a is a square (mod p), quadratic residue\n // (a | p) ≡ -1 if a is not a square (mod p), quadratic non residue\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreConst = (order - _1n) / _2n; // Integer arithmetic\n return (f, x) => f.pow(x, legendreConst);\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(f) {\n const legendre = FpLegendre(f.ORDER);\n return (x) => {\n const p = legendre(f, x);\n return f.eql(p, f.ZERO) || f.eql(p, f.ONE);\n };\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/**\n * Initializes a finite field over prime. **Non-primes are not supported.**\n * Do not init in loop: slow. Very fragile: always run a benchmark on a change.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * NOTE: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n */\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('Field lengths over 2048 bytes are not supported');\n const sqrtP = FpSqrt(ORDER);\n const f = Object.freeze({\n ORDER,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num * num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt || ((n) => sqrtP(f, n)),\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // TODO: do we really need constant cmov?\n // We don't have const-time bigints anyway, so probably will be not very useful\n cmov: (a, b, c) => (c ? b : a),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use mapKeyToField instead\n */\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 || hashLen < minLen || hashLen > 1024)\n throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/**\n * Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n */\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/**\n * Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n */\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 || len < minLen || len > 1024)\n throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);\n const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Abelian group utilities\nimport { validateField, nLength } from './modular.js';\nimport { validateObject, bitLen } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)\n// Elliptic curve multiplication of Point by scalar. Fragile.\n// Scalars should always be less than curve order: this should be checked inside of a curve itself.\n// Creates precomputation tables for fast multiplication:\n// - private scalar is split by fixed size windows of W bits\n// - every window point is collected from window's table & added to accumulator\n// - since windows are different, same point inside tables won't be accessed more than once per calc\n// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n// - +1 window is neccessary for wNAF\n// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow\n// windows to be in different memory locations\nexport function wNAF(c, bits) {\n const constTimeNegate = (condition, item) => {\n const neg = item.negate();\n return condition ? neg : item;\n };\n const validateW = (W) => {\n if (!Number.isSafeInteger(W) || W <= 0 || W > bits)\n throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);\n };\n const opts = (W) => {\n validateW(W);\n const windows = Math.ceil(bits / W) + 1; // +1, because\n const windowSize = 2 ** (W - 1); // -1 because we skip zero\n return { windows, windowSize };\n };\n return {\n constTimeNegate,\n // non-const time multiplication ladder\n unsafeLadder(elm, n) {\n let p = c.ZERO;\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /**\n * Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @returns precomputed point tables flattened to a single array\n */\n precomputeWindow(elm, W) {\n const { windows, windowSize } = opts(W);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // =1, because we skip zero\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /**\n * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n */\n wNAF(W, precomputes, n) {\n // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise\n // But need to carefully remove other checks before wNAF. ORDER == bits here\n const { windows, windowSize } = opts(W);\n let p = c.ZERO;\n let f = c.BASE;\n const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.\n const maxNumber = 2 ** W;\n const shiftBy = BigInt(W);\n for (let window = 0; window < windows; window++) {\n const offset = window * windowSize;\n // Extract W bits.\n let wbits = Number(n & mask);\n // Shift number by W bits.\n n >>= shiftBy;\n // If the bits are bigger than max size, we'll split those.\n // +224 => 256 - 32\n if (wbits > windowSize) {\n wbits -= maxNumber;\n n += _1n;\n }\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 ** W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n // Check if we're onto Zero point.\n // Add random point inside current window to f.\n const offset1 = offset;\n const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero\n const cond1 = window % 2 !== 0;\n const cond2 = wbits < 0;\n if (wbits === 0) {\n // The most important part for const-time getPublicKey\n f = f.add(constTimeNegate(cond1, precomputes[offset1]));\n }\n else {\n p = p.add(constTimeNegate(cond2, precomputes[offset2]));\n }\n }\n // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ()\n // Even if the variable is still unused, there are some checks which will\n // throw an exception, so compiler needs to prove they won't happen, which is hard.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n wNAFCached(P, n, transform) {\n const W = pointWindowSizes.get(P) || 1;\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return this.wNAF(W, comp, n);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/**\n * Pippenger algorithm for multi-scalar multiplication (MSM).\n * MSM is basically (Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster with precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param field field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n */\nexport function pippenger(c, field, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)\n throw new Error('arrays of points and scalars must have equal length');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error(`wrong scalar at index ${i}`);\n });\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error(`wrong point at index ${i}`);\n });\n const wbits = bitLen(BigInt(points.length));\n const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits\n const MASK = (1 << windowSize) - 1;\n const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array\n const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;\n let sum = c.ZERO;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(c.ZERO);\n for (let j = 0; j < scalars.length; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = c.ZERO; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Short Weierstrass curve. The formula is: y² = x³ + ax + b\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport * as mod from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\nfunction validateSigVerOpts(opts) {\n if (opts.lowS !== undefined)\n abool('lowS', opts.lowS);\n if (opts.prehash !== undefined)\n abool('prehash', opts.prehash);\n}\nfunction validatePointOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n a: 'field',\n b: 'field',\n }, {\n allowedPrivateKeyLengths: 'array',\n wrapPrivateKey: 'boolean',\n isTorsionFree: 'function',\n clearCofactor: 'function',\n allowInfinityPoint: 'boolean',\n fromBytes: 'function',\n toBytes: 'function',\n });\n const { endo, Fp, a } = opts;\n if (endo) {\n if (!Fp.eql(a, Fp.ZERO)) {\n throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');\n }\n if (typeof endo !== 'object' ||\n typeof endo.beta !== 'bigint' ||\n typeof endo.splitScalar !== 'function') {\n throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');\n }\n }\n return Object.freeze({ ...opts });\n}\nconst { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;\n/**\n * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:\n *\n * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]\n *\n * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html\n */\nexport const DER = {\n // asn.1 DER encoding utils\n Err: class DERErr extends Error {\n constructor(m = '') {\n super(m);\n }\n },\n // Basic building block is TLV (Tag-Length-Value)\n _tlv: {\n encode: (tag, data) => {\n const { Err: E } = DER;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length & 1)\n throw new E('tlv.encode: unpadded data');\n const dataLen = data.length / 2;\n const len = ut.numberToHexUnpadded(dataLen);\n if ((len.length / 2) & 128)\n throw new E('tlv.encode: long form length too big');\n // length of length with long form flag\n const lenLen = dataLen > 127 ? ut.numberToHexUnpadded((len.length / 2) | 128) : '';\n return `${ut.numberToHexUnpadded(tag)}${lenLen}${len}${data}`;\n },\n // v - value, l - left bytes (unparsed)\n decode(tag, data) {\n const { Err: E } = DER;\n let pos = 0;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length < 2 || data[pos++] !== tag)\n throw new E('tlv.decode: wrong tlv');\n const first = data[pos++];\n const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form\n let length = 0;\n if (!isLong)\n length = first;\n else {\n // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]\n const lenLen = first & 127;\n if (!lenLen)\n throw new E('tlv.decode(long): indefinite length not supported');\n if (lenLen > 4)\n throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js\n const lengthBytes = data.subarray(pos, pos + lenLen);\n if (lengthBytes.length !== lenLen)\n throw new E('tlv.decode: length bytes not complete');\n if (lengthBytes[0] === 0)\n throw new E('tlv.decode(long): zero leftmost byte');\n for (const b of lengthBytes)\n length = (length << 8) | b;\n pos += lenLen;\n if (length < 128)\n throw new E('tlv.decode(long): not minimal encoding');\n }\n const v = data.subarray(pos, pos + length);\n if (v.length !== length)\n throw new E('tlv.decode: wrong value length');\n return { v, l: data.subarray(pos + length) };\n },\n },\n // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,\n // since we always use positive integers here. It must always be empty:\n // - add zero byte if exists\n // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)\n _int: {\n encode(num) {\n const { Err: E } = DER;\n if (num < _0n)\n throw new E('integer: negative integers are not allowed');\n let hex = ut.numberToHexUnpadded(num);\n // Pad with zero byte if negative flag is present\n if (Number.parseInt(hex[0], 16) & 0b1000)\n hex = '00' + hex;\n if (hex.length & 1)\n throw new E('unexpected assertion');\n return hex;\n },\n decode(data) {\n const { Err: E } = DER;\n if (data[0] & 128)\n throw new E('Invalid signature integer: negative');\n if (data[0] === 0x00 && !(data[1] & 128))\n throw new E('Invalid signature integer: unnecessary leading zero');\n return b2n(data);\n },\n },\n toSig(hex) {\n // parse DER signature\n const { Err: E, _int: int, _tlv: tlv } = DER;\n const data = typeof hex === 'string' ? h2b(hex) : hex;\n ut.abytes(data);\n const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);\n if (seqLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);\n const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);\n if (sLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n return { r: int.decode(rBytes), s: int.decode(sBytes) };\n },\n hexFromSig(sig) {\n const { _tlv: tlv, _int: int } = DER;\n const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;\n return tlv.encode(0x30, seq);\n },\n};\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4);\nexport function weierstrassPoints(opts) {\n const CURVE = validatePointOpts(opts);\n const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ\n const Fn = mod.Field(CURVE.n, CURVE.nBitLength);\n const toBytes = CURVE.toBytes ||\n ((_c, point, _isCompressed) => {\n const a = point.toAffine();\n return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));\n });\n const fromBytes = CURVE.fromBytes ||\n ((bytes) => {\n // const head = bytes[0];\n const tail = bytes.subarray(1);\n // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n });\n /**\n * y² = x³ + ax + b: Short weierstrass curve formula\n * @returns y²\n */\n function weierstrassEquation(x) {\n const { a, b } = CURVE;\n const x2 = Fp.sqr(x); // x * x\n const x3 = Fp.mul(x2, x); // x2 * x\n return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b\n }\n // Validate whether the passed curve params are valid.\n // We check if curve equation works for generator point.\n // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381.\n // ProjectivePoint class has not been initialized yet.\n if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))\n throw new Error('bad generator point: equation left != right');\n // Valid group elements reside in range 1..n-1\n function isWithinCurveOrder(num) {\n return ut.inRange(num, _1n, CURVE.n);\n }\n // Validates if priv key is valid and converts it to bigint.\n // Supports options allowedPrivateKeyLengths and wrapPrivateKey.\n function normPrivateKeyToScalar(key) {\n const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;\n if (lengths && typeof key !== 'bigint') {\n if (ut.isBytes(key))\n key = ut.bytesToHex(key);\n // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes\n if (typeof key !== 'string' || !lengths.includes(key.length))\n throw new Error('Invalid key');\n key = key.padStart(nByteLength * 2, '0');\n }\n let num;\n try {\n num =\n typeof key === 'bigint'\n ? key\n : ut.bytesToNumberBE(ensureBytes('private key', key, nByteLength));\n }\n catch (error) {\n throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);\n }\n if (wrapPrivateKey)\n num = mod.mod(num, N); // disabled by default, enabled for BLS\n ut.aInRange('private key', num, _1n, N); // num in range [1..N-1]\n return num;\n }\n function assertPrjPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ProjectivePoint expected');\n }\n // Memoized toAffine / validity check. They are heavy. Points are immutable.\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n const toAffineMemo = memoized((p, iz) => {\n const { px: x, py: y, pz: z } = p;\n // Fast-path for normalized points\n if (Fp.eql(z, Fp.ONE))\n return { x, y };\n const is0 = p.is0();\n // If invZ was 0, we return zero point. However we still want to execute\n // all operations, so we replace invZ with a random number, 1.\n if (iz == null)\n iz = is0 ? Fp.ONE : Fp.inv(z);\n const ax = Fp.mul(x, iz);\n const ay = Fp.mul(y, iz);\n const zz = Fp.mul(z, iz);\n if (is0)\n return { x: Fp.ZERO, y: Fp.ZERO };\n if (!Fp.eql(zz, Fp.ONE))\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n // NOTE: on exception this will crash 'cached' and no value will be set.\n // Otherwise true will be return\n const assertValidMemo = memoized((p) => {\n if (p.is0()) {\n // (0, 1, 0) aka ZERO is invalid in most contexts.\n // In BLS, ZERO can be serialized, so we allow it.\n // (0, 0, 0) is wrong representation of ZERO and is always invalid.\n if (CURVE.allowInfinityPoint && !Fp.is0(p.py))\n return;\n throw new Error('bad point: ZERO');\n }\n // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`\n const { x, y } = p.toAffine();\n // Check if x, y are valid field elements\n if (!Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('bad point: x or y not FE');\n const left = Fp.sqr(y); // y²\n const right = weierstrassEquation(x); // x³ + ax + b\n if (!Fp.eql(left, right))\n throw new Error('bad point: equation left != right');\n if (!p.isTorsionFree())\n throw new Error('bad point: not in prime-order subgroup');\n return true;\n });\n /**\n * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)\n * Default Point works in 2d / affine coordinates: (x, y)\n * We're doing calculations in projective, because its operations don't require costly inversion.\n */\n class Point {\n constructor(px, py, pz) {\n this.px = px;\n this.py = py;\n this.pz = pz;\n if (px == null || !Fp.isValid(px))\n throw new Error('x required');\n if (py == null || !Fp.isValid(py))\n throw new Error('y required');\n if (pz == null || !Fp.isValid(pz))\n throw new Error('z required');\n Object.freeze(this);\n }\n // Does not validate if the point is on-curve.\n // Use fromHex instead, or call assertValidity() later.\n static fromAffine(p) {\n const { x, y } = p || {};\n if (!p || !Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('invalid affine point');\n if (p instanceof Point)\n throw new Error('projective point not allowed');\n const is0 = (i) => Fp.eql(i, Fp.ZERO);\n // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)\n if (is0(x) && is0(y))\n return Point.ZERO;\n return new Point(x, y, Fp.ONE);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n /**\n * Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n */\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.pz));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n /**\n * Converts hash string or Uint8Array to Point.\n * @param hex short/long ECDSA hex\n */\n static fromHex(hex) {\n const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));\n P.assertValidity();\n return P;\n }\n // Multiplies generator point by privateKey.\n static fromPrivateKey(privateKey) {\n return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // A point on curve is valid if it conforms to equation.\n assertValidity() {\n assertValidMemo(this);\n }\n hasEvenY() {\n const { y } = this.toAffine();\n if (Fp.isOdd)\n return !Fp.isOdd(y);\n throw new Error(\"Field doesn't support isOdd\");\n }\n /**\n * Compare one point to another.\n */\n equals(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));\n const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));\n return U1 && U2;\n }\n /**\n * Flips point to one corresponding to (x, -y) in Affine coordinates.\n */\n negate() {\n return new Point(this.px, Fp.neg(this.py), this.pz);\n }\n // Renes-Costello-Batina exception-free doubling formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 3\n // Cost: 8M + 3S + 3*a + 2*b3 + 15add.\n double() {\n const { a, b } = CURVE;\n const b3 = Fp.mul(b, _3n);\n const { px: X1, py: Y1, pz: Z1 } = this;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n let t0 = Fp.mul(X1, X1); // step 1\n let t1 = Fp.mul(Y1, Y1);\n let t2 = Fp.mul(Z1, Z1);\n let t3 = Fp.mul(X1, Y1);\n t3 = Fp.add(t3, t3); // step 5\n Z3 = Fp.mul(X1, Z1);\n Z3 = Fp.add(Z3, Z3);\n X3 = Fp.mul(a, Z3);\n Y3 = Fp.mul(b3, t2);\n Y3 = Fp.add(X3, Y3); // step 10\n X3 = Fp.sub(t1, Y3);\n Y3 = Fp.add(t1, Y3);\n Y3 = Fp.mul(X3, Y3);\n X3 = Fp.mul(t3, X3);\n Z3 = Fp.mul(b3, Z3); // step 15\n t2 = Fp.mul(a, t2);\n t3 = Fp.sub(t0, t2);\n t3 = Fp.mul(a, t3);\n t3 = Fp.add(t3, Z3);\n Z3 = Fp.add(t0, t0); // step 20\n t0 = Fp.add(Z3, t0);\n t0 = Fp.add(t0, t2);\n t0 = Fp.mul(t0, t3);\n Y3 = Fp.add(Y3, t0);\n t2 = Fp.mul(Y1, Z1); // step 25\n t2 = Fp.add(t2, t2);\n t0 = Fp.mul(t2, t3);\n X3 = Fp.sub(X3, t0);\n Z3 = Fp.mul(t2, t1);\n Z3 = Fp.add(Z3, Z3); // step 30\n Z3 = Fp.add(Z3, Z3);\n return new Point(X3, Y3, Z3);\n }\n // Renes-Costello-Batina exception-free addition formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 1\n // Cost: 12M + 0S + 3*a + 3*b3 + 23add.\n add(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n const a = CURVE.a;\n const b3 = Fp.mul(CURVE.b, _3n);\n let t0 = Fp.mul(X1, X2); // step 1\n let t1 = Fp.mul(Y1, Y2);\n let t2 = Fp.mul(Z1, Z2);\n let t3 = Fp.add(X1, Y1);\n let t4 = Fp.add(X2, Y2); // step 5\n t3 = Fp.mul(t3, t4);\n t4 = Fp.add(t0, t1);\n t3 = Fp.sub(t3, t4);\n t4 = Fp.add(X1, Z1);\n let t5 = Fp.add(X2, Z2); // step 10\n t4 = Fp.mul(t4, t5);\n t5 = Fp.add(t0, t2);\n t4 = Fp.sub(t4, t5);\n t5 = Fp.add(Y1, Z1);\n X3 = Fp.add(Y2, Z2); // step 15\n t5 = Fp.mul(t5, X3);\n X3 = Fp.add(t1, t2);\n t5 = Fp.sub(t5, X3);\n Z3 = Fp.mul(a, t4);\n X3 = Fp.mul(b3, t2); // step 20\n Z3 = Fp.add(X3, Z3);\n X3 = Fp.sub(t1, Z3);\n Z3 = Fp.add(t1, Z3);\n Y3 = Fp.mul(X3, Z3);\n t1 = Fp.add(t0, t0); // step 25\n t1 = Fp.add(t1, t0);\n t2 = Fp.mul(a, t2);\n t4 = Fp.mul(b3, t4);\n t1 = Fp.add(t1, t2);\n t2 = Fp.sub(t0, t2); // step 30\n t2 = Fp.mul(a, t2);\n t4 = Fp.add(t4, t2);\n t0 = Fp.mul(t1, t4);\n Y3 = Fp.add(Y3, t0);\n t0 = Fp.mul(t5, t4); // step 35\n X3 = Fp.mul(t3, X3);\n X3 = Fp.sub(X3, t0);\n t0 = Fp.mul(t3, t1);\n Z3 = Fp.mul(t5, Z3);\n Z3 = Fp.add(Z3, t0); // step 40\n return new Point(X3, Y3, Z3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n /**\n * Non-constant-time multiplication. Uses double-and-add algorithm.\n * It's faster, but should only be used when you don't care about\n * an exposed private key e.g. sig verification, which works over *public* keys.\n */\n multiplyUnsafe(sc) {\n ut.aInRange('scalar', sc, _0n, CURVE.n);\n const I = Point.ZERO;\n if (sc === _0n)\n return I;\n if (sc === _1n)\n return this;\n const { endo } = CURVE;\n if (!endo)\n return wnaf.unsafeLadder(this, sc);\n // Apply endomorphism\n let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);\n let k1p = I;\n let k2p = I;\n let d = this;\n while (k1 > _0n || k2 > _0n) {\n if (k1 & _1n)\n k1p = k1p.add(d);\n if (k2 & _1n)\n k2p = k2p.add(d);\n d = d.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n if (k1neg)\n k1p = k1p.negate();\n if (k2neg)\n k2p = k2p.negate();\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n return k1p.add(k2p);\n }\n /**\n * Constant time multiplication.\n * Uses wNAF method. Windowed method may be 10% faster,\n * but takes 2x longer to generate and consumes 2x memory.\n * Uses precomputes when available.\n * Uses endomorphism for Koblitz curves.\n * @param scalar by which the point would be multiplied\n * @returns New point\n */\n multiply(scalar) {\n const { endo, n: N } = CURVE;\n ut.aInRange('scalar', scalar, _1n, N);\n let point, fake; // Fake point is used to const-time mult\n if (endo) {\n const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);\n let { p: k1p, f: f1p } = this.wNAF(k1);\n let { p: k2p, f: f2p } = this.wNAF(k2);\n k1p = wnaf.constTimeNegate(k1neg, k1p);\n k2p = wnaf.constTimeNegate(k2neg, k2p);\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n point = k1p.add(k2p);\n fake = f1p.add(f2p);\n }\n else {\n const { p, f } = this.wNAF(scalar);\n point = p;\n fake = f;\n }\n // Normalize `z` for both points, but return only real one\n return Point.normalizeZ([point, fake])[0];\n }\n /**\n * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.\n * Not using Strauss-Shamir trick: precomputation tables are faster.\n * The trick could be useful if both P and Q are not G (not in our case).\n * @returns non-zero affine point\n */\n multiplyAndAddUnsafe(Q, a, b) {\n const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes\n const mul = (P, a // Select faster multiply() method\n ) => (a === _0n || a === _1n || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));\n const sum = mul(this, a).add(mul(Q, b));\n return sum.is0() ? undefined : sum;\n }\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n isTorsionFree() {\n const { h: cofactor, isTorsionFree } = CURVE;\n if (cofactor === _1n)\n return true; // No subgroups, always torsion-free\n if (isTorsionFree)\n return isTorsionFree(Point, this);\n throw new Error('isTorsionFree() has not been declared for the elliptic curve');\n }\n clearCofactor() {\n const { h: cofactor, clearCofactor } = CURVE;\n if (cofactor === _1n)\n return this; // Fast-path\n if (clearCofactor)\n return clearCofactor(Point, this);\n return this.multiplyUnsafe(CURVE.h);\n }\n toRawBytes(isCompressed = true) {\n abool('isCompressed', isCompressed);\n this.assertValidity();\n return toBytes(Point, this, isCompressed);\n }\n toHex(isCompressed = true) {\n abool('isCompressed', isCompressed);\n return ut.bytesToHex(this.toRawBytes(isCompressed));\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);\n Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO);\n const _bits = CURVE.nBitLength;\n const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits);\n // Validate if generator point is on curve\n return {\n CURVE,\n ProjectivePoint: Point,\n normPrivateKeyToScalar,\n weierstrassEquation,\n isWithinCurveOrder,\n };\n}\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n hash: 'hash',\n hmac: 'function',\n randomBytes: 'function',\n }, {\n bits2int: 'function',\n bits2int_modN: 'function',\n lowS: 'boolean',\n });\n return Object.freeze({ lowS: true, ...opts });\n}\n/**\n * Creates short weierstrass curve and ECDSA signature methods for it.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, b, p, n, Gx, Gy\n * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })\n */\nexport function weierstrass(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER } = CURVE;\n const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32\n const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32\n function modN(a) {\n return mod.mod(a, CURVE_ORDER);\n }\n function invN(a) {\n return mod.invert(a, CURVE_ORDER);\n }\n const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({\n ...CURVE,\n toBytes(_c, point, isCompressed) {\n const a = point.toAffine();\n const x = Fp.toBytes(a.x);\n const cat = ut.concatBytes;\n abool('isCompressed', isCompressed);\n if (isCompressed) {\n return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);\n }\n else {\n return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));\n }\n },\n fromBytes(bytes) {\n const len = bytes.length;\n const head = bytes[0];\n const tail = bytes.subarray(1);\n // this.assertValidity() is done inside of fromHex\n if (len === compressedLen && (head === 0x02 || head === 0x03)) {\n const x = ut.bytesToNumberBE(tail);\n if (!ut.inRange(x, _1n, Fp.ORDER))\n throw new Error('Point is not on curve');\n const y2 = weierstrassEquation(x); // y² = x³ + ax + b\n let y;\n try {\n y = Fp.sqrt(y2); // y = y² ^ (p+1)/4\n }\n catch (sqrtError) {\n const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';\n throw new Error('Point is not on curve' + suffix);\n }\n const isYOdd = (y & _1n) === _1n;\n // ECDSA\n const isHeadOdd = (head & 1) === 1;\n if (isHeadOdd !== isYOdd)\n y = Fp.neg(y);\n return { x, y };\n }\n else if (len === uncompressedLen && head === 0x04) {\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n }\n else {\n throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);\n }\n },\n });\n const numToNByteStr = (num) => ut.bytesToHex(ut.numberToBytesBE(num, CURVE.nByteLength));\n function isBiggerThanHalfOrder(number) {\n const HALF = CURVE_ORDER >> _1n;\n return number > HALF;\n }\n function normalizeS(s) {\n return isBiggerThanHalfOrder(s) ? modN(-s) : s;\n }\n // slice bytes num\n const slcNum = (b, from, to) => ut.bytesToNumberBE(b.slice(from, to));\n /**\n * ECDSA signature with its (r, s) properties. Supports DER & compact representations.\n */\n class Signature {\n constructor(r, s, recovery) {\n this.r = r;\n this.s = s;\n this.recovery = recovery;\n this.assertValidity();\n }\n // pair (bytes of r, bytes of s)\n static fromCompact(hex) {\n const l = CURVE.nByteLength;\n hex = ensureBytes('compactSignature', hex, l * 2);\n return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));\n }\n // DER encoded ECDSA signature\n // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script\n static fromDER(hex) {\n const { r, s } = DER.toSig(ensureBytes('DER', hex));\n return new Signature(r, s);\n }\n assertValidity() {\n ut.aInRange('r', this.r, _1n, CURVE_ORDER); // r in [1..N]\n ut.aInRange('s', this.s, _1n, CURVE_ORDER); // s in [1..N]\n }\n addRecoveryBit(recovery) {\n return new Signature(this.r, this.s, recovery);\n }\n recoverPublicKey(msgHash) {\n const { r, s, recovery: rec } = this;\n const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash\n if (rec == null || ![0, 1, 2, 3].includes(rec))\n throw new Error('recovery id invalid');\n const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;\n if (radj >= Fp.ORDER)\n throw new Error('recovery id 2 or 3 invalid');\n const prefix = (rec & 1) === 0 ? '02' : '03';\n const R = Point.fromHex(prefix + numToNByteStr(radj));\n const ir = invN(radj); // r^-1\n const u1 = modN(-h * ir); // -hr^-1\n const u2 = modN(s * ir); // sr^-1\n const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n if (!Q)\n throw new Error('point at infinify'); // unsafe is fine: no priv data leaked\n Q.assertValidity();\n return Q;\n }\n // Signatures should be low-s, to prevent malleability.\n hasHighS() {\n return isBiggerThanHalfOrder(this.s);\n }\n normalizeS() {\n return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;\n }\n // DER-encoded\n toDERRawBytes() {\n return ut.hexToBytes(this.toDERHex());\n }\n toDERHex() {\n return DER.hexFromSig({ r: this.r, s: this.s });\n }\n // padded bytes of r, then padded bytes of s\n toCompactRawBytes() {\n return ut.hexToBytes(this.toCompactHex());\n }\n toCompactHex() {\n return numToNByteStr(this.r) + numToNByteStr(this.s);\n }\n }\n const utils = {\n isValidPrivateKey(privateKey) {\n try {\n normPrivateKeyToScalar(privateKey);\n return true;\n }\n catch (error) {\n return false;\n }\n },\n normPrivateKeyToScalar: normPrivateKeyToScalar,\n /**\n * Produces cryptographically secure private key from random of size\n * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.\n */\n randomPrivateKey: () => {\n const length = mod.getMinHashLength(CURVE.n);\n return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);\n },\n /**\n * Creates precompute table for an arbitrary EC point. Makes point \"cached\".\n * Allows to massively speed-up `point.multiply(scalar)`.\n * @returns cached point\n * @example\n * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));\n * fast.multiply(privKey); // much faster ECDH now\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here\n return point;\n },\n };\n /**\n * Computes public key for a private key. Checks for validity of the private key.\n * @param privateKey private key\n * @param isCompressed whether to return compact (default), or full key\n * @returns Public key, full when isCompressed=false; short when isCompressed=true\n */\n function getPublicKey(privateKey, isCompressed = true) {\n return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);\n }\n /**\n * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.\n */\n function isProbPub(item) {\n const arr = ut.isBytes(item);\n const str = typeof item === 'string';\n const len = (arr || str) && item.length;\n if (arr)\n return len === compressedLen || len === uncompressedLen;\n if (str)\n return len === 2 * compressedLen || len === 2 * uncompressedLen;\n if (item instanceof Point)\n return true;\n return false;\n }\n /**\n * ECDH (Elliptic Curve Diffie Hellman).\n * Computes shared public key from private key and public key.\n * Checks: 1) private key validity 2) shared key is on-curve.\n * Does NOT hash the result.\n * @param privateA private key\n * @param publicB different public key\n * @param isCompressed whether to return compact (default), or full key\n * @returns shared public key\n */\n function getSharedSecret(privateA, publicB, isCompressed = true) {\n if (isProbPub(privateA))\n throw new Error('first arg must be private key');\n if (!isProbPub(publicB))\n throw new Error('second arg must be public key');\n const b = Point.fromHex(publicB); // check for being on-curve\n return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);\n }\n // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.\n // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.\n // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.\n // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors\n const bits2int = CURVE.bits2int ||\n function (bytes) {\n // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)\n // for some cases, since bytes.length * 8 is not actual bitLength.\n const num = ut.bytesToNumberBE(bytes); // check for == u8 done here\n const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits\n return delta > 0 ? num >> BigInt(delta) : num;\n };\n const bits2int_modN = CURVE.bits2int_modN ||\n function (bytes) {\n return modN(bits2int(bytes)); // can't use bytesToNumberBE here\n };\n // NOTE: pads output with zero as per spec\n const ORDER_MASK = ut.bitMask(CURVE.nBitLength);\n /**\n * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.\n */\n function int2octets(num) {\n ut.aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);\n // works with order, can have different size than numToField!\n return ut.numberToBytesBE(num, CURVE.nByteLength);\n }\n // Steps A, D of RFC6979 3.2\n // Creates RFC6979 seed; converts msg/privKey to numbers.\n // Used only in sign, not in verify.\n // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.\n // Also it can be bigger for P224 + SHA256\n function prepSig(msgHash, privateKey, opts = defaultSigOpts) {\n if (['recovered', 'canonical'].some((k) => k in opts))\n throw new Error('sign() legacy options not supported');\n const { hash, randomBytes } = CURVE;\n let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default\n if (lowS == null)\n lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash\n msgHash = ensureBytes('msgHash', msgHash);\n validateSigVerOpts(opts);\n if (prehash)\n msgHash = ensureBytes('prehashed msgHash', hash(msgHash));\n // We can't later call bits2octets, since nested bits2int is broken for curves\n // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.\n // const bits2octets = (bits) => int2octets(bits2int_modN(bits))\n const h1int = bits2int_modN(msgHash);\n const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint\n const seedArgs = [int2octets(d), int2octets(h1int)];\n // extraEntropy. RFC6979 3.6: additional k' (optional).\n if (ent != null && ent !== false) {\n // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is\n seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes\n }\n const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2\n const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!\n // Converts signature params into point w r/s, checks result for validity.\n function k2sig(kBytes) {\n // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n const k = bits2int(kBytes); // Cannot use fields methods, since it is group element\n if (!isWithinCurveOrder(k))\n return; // Important: all mod() calls here must be done over N\n const ik = invN(k); // k^-1 mod n\n const q = Point.BASE.multiply(k).toAffine(); // q = Gk\n const r = modN(q.x); // r = q.x mod n\n if (r === _0n)\n return;\n // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to\n // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:\n // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT\n const s = modN(ik * modN(m + r * d)); // Not using blinding here\n if (s === _0n)\n return;\n let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)\n let normS = s;\n if (lowS && isBiggerThanHalfOrder(s)) {\n normS = normalizeS(s); // if lowS was passed, ensure s is always\n recovery ^= 1; // // in the bottom half of N\n }\n return new Signature(r, normS, recovery); // use normS, not s\n }\n return { seed, k2sig };\n }\n const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };\n const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };\n /**\n * Signs message hash with a private key.\n * ```\n * sign(m, d, k) where\n * (x, y) = G × k\n * r = x mod n\n * s = (m + dr)/k mod n\n * ```\n * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.\n * @param privKey private key\n * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.\n * @returns signature with recovery param\n */\n function sign(msgHash, privKey, opts = defaultSigOpts) {\n const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.\n const C = CURVE;\n const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);\n return drbg(seed, k2sig); // Steps B, C, D, E, F, G\n }\n // Enable precomputes. Slows down first publicKey computation by 20ms.\n Point.BASE._setWindowSize(8);\n // utils.precompute(8, ProjectivePoint.BASE)\n /**\n * Verifies a signature against message hash and public key.\n * Rejects lowS signatures by default: to override,\n * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf:\n *\n * ```\n * verify(r, s, h, P) where\n * U1 = hs^-1 mod n\n * U2 = rs^-1 mod n\n * R = U1⋅G - U2⋅P\n * mod(R.x, n) == r\n * ```\n */\n function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {\n const sg = signature;\n msgHash = ensureBytes('msgHash', msgHash);\n publicKey = ensureBytes('publicKey', publicKey);\n if ('strict' in opts)\n throw new Error('options.strict was renamed to lowS');\n validateSigVerOpts(opts);\n const { lowS, prehash } = opts;\n let _sig = undefined;\n let P;\n try {\n if (typeof sg === 'string' || ut.isBytes(sg)) {\n // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).\n // Since DER can also be 2*nByteLength bytes, we check for it first.\n try {\n _sig = Signature.fromDER(sg);\n }\n catch (derError) {\n if (!(derError instanceof DER.Err))\n throw derError;\n _sig = Signature.fromCompact(sg);\n }\n }\n else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {\n const { r, s } = sg;\n _sig = new Signature(r, s);\n }\n else {\n throw new Error('PARSE');\n }\n P = Point.fromHex(publicKey);\n }\n catch (error) {\n if (error.message === 'PARSE')\n throw new Error(`signature must be Signature instance, Uint8Array or hex string`);\n return false;\n }\n if (lowS && _sig.hasHighS())\n return false;\n if (prehash)\n msgHash = CURVE.hash(msgHash);\n const { r, s } = _sig;\n const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element\n const is = invN(s); // s^-1\n const u1 = modN(h * is); // u1 = hs^-1 mod n\n const u2 = modN(r * is); // u2 = rs^-1 mod n\n const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P\n if (!R)\n return false;\n const v = modN(R.x);\n return v === r;\n }\n return {\n CURVE,\n getPublicKey,\n getSharedSecret,\n sign,\n verify,\n ProjectivePoint: Point,\n Signature,\n utils,\n };\n}\n/**\n * Implementation of the Shallue and van de Woestijne method for any weierstrass curve.\n * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.\n * b = True and y = sqrt(u / v) if (u / v) is square in F, and\n * b = False and y = sqrt(Z * (u / v)) otherwise.\n * @param Fp\n * @param Z\n * @returns\n */\nexport function SWUFpSqrtRatio(Fp, Z) {\n // Generic implementation\n const q = Fp.ORDER;\n let l = _0n;\n for (let o = q - _1n; o % _2n === _0n; o /= _2n)\n l += _1n;\n const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.\n // We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.\n // 2n ** c1 == 2n << (c1-1)\n const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);\n const _2n_pow_c1 = _2n_pow_c1_1 * _2n;\n const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic\n const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic\n const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic\n const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic\n const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2\n const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)\n let sqrtRatio = (u, v) => {\n let tv1 = c6; // 1. tv1 = c6\n let tv2 = Fp.pow(v, c4); // 2. tv2 = v^c4\n let tv3 = Fp.sqr(tv2); // 3. tv3 = tv2^2\n tv3 = Fp.mul(tv3, v); // 4. tv3 = tv3 * v\n let tv5 = Fp.mul(u, tv3); // 5. tv5 = u * tv3\n tv5 = Fp.pow(tv5, c3); // 6. tv5 = tv5^c3\n tv5 = Fp.mul(tv5, tv2); // 7. tv5 = tv5 * tv2\n tv2 = Fp.mul(tv5, v); // 8. tv2 = tv5 * v\n tv3 = Fp.mul(tv5, u); // 9. tv3 = tv5 * u\n let tv4 = Fp.mul(tv3, tv2); // 10. tv4 = tv3 * tv2\n tv5 = Fp.pow(tv4, c5); // 11. tv5 = tv4^c5\n let isQR = Fp.eql(tv5, Fp.ONE); // 12. isQR = tv5 == 1\n tv2 = Fp.mul(tv3, c7); // 13. tv2 = tv3 * c7\n tv5 = Fp.mul(tv4, tv1); // 14. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, isQR); // 15. tv3 = CMOV(tv2, tv3, isQR)\n tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)\n // 17. for i in (c1, c1 - 1, ..., 2):\n for (let i = c1; i > _1n; i--) {\n let tv5 = i - _2n; // 18. tv5 = i - 2\n tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5\n let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5\n const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1\n tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1\n tv1 = Fp.mul(tv1, tv1); // 23. tv1 = tv1 * tv1\n tvv5 = Fp.mul(tv4, tv1); // 24. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, e1); // 25. tv3 = CMOV(tv2, tv3, e1)\n tv4 = Fp.cmov(tvv5, tv4, e1); // 26. tv4 = CMOV(tv5, tv4, e1)\n }\n return { isValid: isQR, value: tv3 };\n };\n if (Fp.ORDER % _4n === _3n) {\n // sqrt_ratio_3mod4(u, v)\n const c1 = (Fp.ORDER - _3n) / _4n; // 1. c1 = (q - 3) / 4 # Integer arithmetic\n const c2 = Fp.sqrt(Fp.neg(Z)); // 2. c2 = sqrt(-Z)\n sqrtRatio = (u, v) => {\n let tv1 = Fp.sqr(v); // 1. tv1 = v^2\n const tv2 = Fp.mul(u, v); // 2. tv2 = u * v\n tv1 = Fp.mul(tv1, tv2); // 3. tv1 = tv1 * tv2\n let y1 = Fp.pow(tv1, c1); // 4. y1 = tv1^c1\n y1 = Fp.mul(y1, tv2); // 5. y1 = y1 * tv2\n const y2 = Fp.mul(y1, c2); // 6. y2 = y1 * c2\n const tv3 = Fp.mul(Fp.sqr(y1), v); // 7. tv3 = y1^2; 8. tv3 = tv3 * v\n const isQR = Fp.eql(tv3, u); // 9. isQR = tv3 == u\n let y = Fp.cmov(y2, y1, isQR); // 10. y = CMOV(y2, y1, isQR)\n return { isValid: isQR, value: y }; // 11. return (isQR, y) isQR ? y : y*c2\n };\n }\n // No curves uses that\n // if (Fp.ORDER % _8n === _5n) // sqrt_ratio_5mod8\n return sqrtRatio;\n}\n/**\n * Simplified Shallue-van de Woestijne-Ulas Method\n * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2\n */\nexport function mapToCurveSimpleSWU(Fp, opts) {\n mod.validateField(Fp);\n if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))\n throw new Error('mapToCurveSimpleSWU: invalid opts');\n const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);\n if (!Fp.isOdd)\n throw new Error('Fp.isOdd is not implemented!');\n // Input: u, an element of F.\n // Output: (x, y), a point on E.\n return (u) => {\n // prettier-ignore\n let tv1, tv2, tv3, tv4, tv5, tv6, x, y;\n tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, opts.Z); // 2. tv1 = Z * tv1\n tv2 = Fp.sqr(tv1); // 3. tv2 = tv1^2\n tv2 = Fp.add(tv2, tv1); // 4. tv2 = tv2 + tv1\n tv3 = Fp.add(tv2, Fp.ONE); // 5. tv3 = tv2 + 1\n tv3 = Fp.mul(tv3, opts.B); // 6. tv3 = B * tv3\n tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO)); // 7. tv4 = CMOV(Z, -tv2, tv2 != 0)\n tv4 = Fp.mul(tv4, opts.A); // 8. tv4 = A * tv4\n tv2 = Fp.sqr(tv3); // 9. tv2 = tv3^2\n tv6 = Fp.sqr(tv4); // 10. tv6 = tv4^2\n tv5 = Fp.mul(tv6, opts.A); // 11. tv5 = A * tv6\n tv2 = Fp.add(tv2, tv5); // 12. tv2 = tv2 + tv5\n tv2 = Fp.mul(tv2, tv3); // 13. tv2 = tv2 * tv3\n tv6 = Fp.mul(tv6, tv4); // 14. tv6 = tv6 * tv4\n tv5 = Fp.mul(tv6, opts.B); // 15. tv5 = B * tv6\n tv2 = Fp.add(tv2, tv5); // 16. tv2 = tv2 + tv5\n x = Fp.mul(tv1, tv3); // 17. x = tv1 * tv3\n const { isValid, value } = sqrtRatio(tv2, tv6); // 18. (is_gx1_square, y1) = sqrt_ratio(tv2, tv6)\n y = Fp.mul(tv1, u); // 19. y = tv1 * u -> Z * u^3 * y1\n y = Fp.mul(y, value); // 20. y = y * y1\n x = Fp.cmov(x, tv3, isValid); // 21. x = CMOV(x, tv3, is_gx1_square)\n y = Fp.cmov(y, value, isValid); // 22. y = CMOV(y, y1, is_gx1_square)\n const e1 = Fp.isOdd(u) === Fp.isOdd(y); // 23. e1 = sgn0(u) == sgn0(y)\n y = Fp.cmov(Fp.neg(y), y, e1); // 24. y = CMOV(-y, y, e1)\n x = Fp.div(x, tv4); // 25. x = x / tv4\n return { x, y };\n };\n}\n//# sourceMappingURL=weierstrass.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { hmac } from '@noble/hashes/hmac';\nimport { concatBytes, randomBytes } from '@noble/hashes/utils';\nimport { weierstrass } from './abstract/weierstrass.js';\n// connects noble-curves to noble-hashes\nexport function getHash(hash) {\n return {\n hash,\n hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),\n randomBytes,\n };\n}\nexport function createCurve(curveDef, defHash) {\n const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });\n return Object.freeze({ ...create(defHash), create });\n}\n//# sourceMappingURL=_shortw_utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp256r1 aka p256\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256\nconst Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));\nconst CURVE_A = Fp.create(BigInt('-3'));\nconst CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');\n// prettier-ignore\nexport const p256 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n\n // Curve order, total count of valid points in the field\n n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),\n Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),\n h: BigInt(1),\n lowS: false,\n}, sha256);\nexport const secp256r1 = p256;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-10')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P256_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p256.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha384 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp384r1 aka p384\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');\nconst Fp = Field(P);\nconst CURVE_A = Fp.create(BigInt('-3'));\n// prettier-ignore\nconst CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');\n// prettier-ignore\nexport const p384 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n\n // Curve order, total count of valid points in the field.\n n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),\n // Base (generator) point (x, y)\n Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),\n Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),\n h: BigInt(1),\n lowS: false,\n}, sha384);\nexport const secp384r1 = p384;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-12')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P384_XMD:SHA-384_SSWU_RO_',\n encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 192,\n expand: 'xmd',\n hash: sha384,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p384.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha512 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp521r1 aka p521\n// Note that it's 521, which differs from 512 of its hash function.\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst Fp = Field(P);\nconst CURVE = {\n a: Fp.create(BigInt('-3')),\n b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),\n Fp,\n n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),\n Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),\n Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),\n h: BigInt(1),\n};\n// prettier-ignore\nexport const p521 = createCurve({\n a: CURVE.a, // Equation params: a, b\n b: CURVE.b,\n Fp, // Field: 2n**521n - 1n\n // Curve order, total count of valid points in the field\n n: CURVE.n,\n Gx: CURVE.Gx, // Base point (x, y) aka generator point\n Gy: CURVE.Gy,\n h: CURVE.h,\n lowS: false,\n allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b\n}, sha512);\nexport const secp521r1 = p521;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE.a,\n B: CURVE.b,\n Z: Fp.create(BigInt('-4')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P521_XMD:SHA-512_SSWU_RO_',\n encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 256,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p521.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport { mod, Field } from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/**\n * Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n */\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n const MASK = _2n << (BigInt(nByteLength * 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio ||\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP\n const domain = CURVE.domain ||\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length || phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n) {\n ut.aInRange('coordinate ' + title, n, _0n, MASK);\n }\n function assertPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T\n const XY = modP(X * Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez);\n aCoordinate('t', et);\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p || {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n assertPoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1*a + 6add + 1*2.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12\n const D = modP(a * A); // D = a*A\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1*a + 1*d + 7add.\n add(other) {\n assertPoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n // Faster algo for adding 2 Extended Points when curve's a=-1.\n // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4\n // Cost: 8M + 8add + 2*2.\n // Note: It does not check whether the `other` point is valid.\n if (a === BigInt(-1)) {\n const A = modP((Y1 - X1) * (Y2 + X2));\n const B = modP((Y1 + X1) * (Y2 - X2));\n const F = modP(B - A);\n if (F === _0n)\n return this.double(); // Same point. Tests say it doesn't affect timing\n const C = modP(Z1 * _2n * T2);\n const D = modP(T1 * _2n * Z2);\n const E = D + C;\n const G = B + A;\n const H = D - C;\n const X3 = modP(E * F);\n const Y3 = modP(G * H);\n const T3 = modP(E * H);\n const Z3 = modP(F * G);\n return new Point(X3, Y3, Z3, T3);\n }\n const A = modP(X1 * X2); // A = X1*X2\n const B = modP(Y1 * Y2); // B = Y1*Y2\n const C = modP(T1 * d * T2); // C = T1*d*T2\n const D = modP(Z1 * Z2); // D = Z1*Z2\n const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a * A); // H = B-a*A\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n multiplyUnsafe(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.equals(I) || n === _1n)\n return this;\n if (this.equals(G))\n return this.wNAF(n).p;\n return wnaf.unsafeLadder(this, n);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = ut.bytesToNumberLE(normed);\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n ut.aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n return getExtendedPublicKey(privKey).point;\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(ut.bytesToNumberLE(hash));\n }\n /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */\n function getExtendedPublicKey(key) {\n const len = nByteLength;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) || msgs)) mod N\n function hashDomainToScalar(context = new Uint8Array(), ...msgs) {\n const msg = ut.concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 */\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)\n const s = modN(r + k * scalar); // S = (r + k * s) mod L\n ut.aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, nByteLength * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));\n // zip215: true is good for consensus-critical apps and allows points < 2^256\n // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p\n let A, R, SB;\n try {\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /**\n * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { mod, pow } from './modular.js';\nimport { aInRange, bytesToNumberLE, ensureBytes, numberToBytesLE, validateObject, } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction validateOpts(curve) {\n validateObject(curve, {\n a: 'bigint',\n }, {\n montgomeryBits: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n adjustScalarBytes: 'function',\n domain: 'function',\n powPminus2: 'function',\n Gu: 'bigint',\n });\n // Set defaults\n return Object.freeze({ ...curve });\n}\n// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748)\n// Uses only one coordinate instead of two\nexport function montgomery(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { P } = CURVE;\n const modP = (n) => mod(n, P);\n const montgomeryBits = CURVE.montgomeryBits;\n const montgomeryBytes = Math.ceil(montgomeryBits / 8);\n const fieldLen = CURVE.nByteLength;\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes);\n const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P));\n // cswap from RFC7748. But it is not from RFC7748!\n /*\n cswap(swap, x_2, x_3):\n dummy = mask(swap) AND (x_2 XOR x_3)\n x_2 = x_2 XOR dummy\n x_3 = x_3 XOR dummy\n Return (x_2, x_3)\n Where mask(swap) is the all-1 or all-0 word of the same length as x_2\n and x_3, computed, e.g., as mask(swap) = 0 - swap.\n */\n function cswap(swap, x_2, x_3) {\n const dummy = modP(swap * (x_2 - x_3));\n x_2 = modP(x_2 - dummy);\n x_3 = modP(x_3 + dummy);\n return [x_2, x_3];\n }\n // x25519 from 4\n // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519\n const a24 = (CURVE.a - BigInt(2)) / BigInt(4);\n /**\n *\n * @param pointU u coordinate (x) on Montgomery Curve 25519\n * @param scalar by which the point would be multiplied\n * @returns new Point on Montgomery curve\n */\n function montgomeryLadder(u, scalar) {\n aInRange('u', u, _0n, P);\n aInRange('scalar', scalar, _0n, P);\n // Section 5: Implementations MUST accept non-canonical values and process them as\n // if they had been reduced modulo the field prime.\n const k = scalar;\n const x_1 = u;\n let x_2 = _1n;\n let z_2 = _0n;\n let x_3 = u;\n let z_3 = _1n;\n let swap = _0n;\n let sw;\n for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {\n const k_t = (k >> t) & _1n;\n swap ^= k_t;\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n swap = k_t;\n const A = x_2 + z_2;\n const AA = modP(A * A);\n const B = x_2 - z_2;\n const BB = modP(B * B);\n const E = AA - BB;\n const C = x_3 + z_3;\n const D = x_3 - z_3;\n const DA = modP(D * A);\n const CB = modP(C * B);\n const dacb = DA + CB;\n const da_cb = DA - CB;\n x_3 = modP(dacb * dacb);\n z_3 = modP(x_1 * modP(da_cb * da_cb));\n x_2 = modP(AA * BB);\n z_2 = modP(E * (AA + modP(a24 * E)));\n }\n // (x_2, x_3) = cswap(swap, x_2, x_3)\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n // (z_2, z_3) = cswap(swap, z_2, z_3)\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n // z_2^(p - 2)\n const z2 = powPminus2(z_2);\n // Return x_2 * (z_2^(p - 2))\n return modP(x_2 * z2);\n }\n function encodeUCoordinate(u) {\n return numberToBytesLE(modP(u), montgomeryBytes);\n }\n function decodeUCoordinate(uEnc) {\n // Section 5: When receiving such an array, implementations of X25519\n // MUST mask the most significant bit in the final byte.\n const u = ensureBytes('u coordinate', uEnc, montgomeryBytes);\n if (fieldLen === 32)\n u[31] &= 127; // 0b0111_1111\n return bytesToNumberLE(u);\n }\n function decodeScalar(n) {\n const bytes = ensureBytes('scalar', n);\n const len = bytes.length;\n if (len !== montgomeryBytes && len !== fieldLen)\n throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`);\n return bytesToNumberLE(adjustScalarBytes(bytes));\n }\n function scalarMult(scalar, u) {\n const pointU = decodeUCoordinate(u);\n const _scalar = decodeScalar(scalar);\n const pu = montgomeryLadder(pointU, _scalar);\n // The result was not contributory\n // https://cr.yp.to/ecdh.html#validate\n if (pu === _0n)\n throw new Error('Invalid private or public key received');\n return encodeUCoordinate(pu);\n }\n // Computes public key from private. By doing scalar multiplication of base point.\n const GuBytes = encodeUCoordinate(CURVE.Gu);\n function scalarMultBase(scalar) {\n return scalarMult(scalar, GuBytes);\n }\n return {\n scalarMult,\n scalarMultBase,\n getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),\n getPublicKey: (privateKey) => scalarMultBase(privateKey),\n utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },\n GuBytes: GuBytes,\n };\n}\n//# sourceMappingURL=montgomery.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3';\nimport { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';\nimport { twistedEdwards } from './abstract/edwards.js';\nimport { createHasher, expand_message_xof } from './abstract/hash-to-curve.js';\nimport { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js';\nimport { montgomery } from './abstract/montgomery.js';\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js';\n/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n */\nconst shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));\nconst ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448P;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most\n // significant bit of the last byte to 1.\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448P;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\nconst Fp = Field(ed448P, 456, true);\nconst ED448_DEF = {\n // Param: a\n a: BigInt(1),\n // -39081. Negative number is P - number\n d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),\n // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n\n Fp,\n // Subgroup order: how many points curve has;\n // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\n n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n nBitLength: 456,\n // Cofactor\n h: BigInt(4),\n // Base point (x, y) aka generator point\n Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),\n Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),\n // SHAKE256(dom4(phflag,context)||x, 114)\n hash: shake256_114,\n randomBytes,\n adjustScalarBytes,\n // dom4\n domain: (data, ctx, phflag) => {\n if (ctx.length > 255)\n throw new Error(`Context is too big: ${ctx.length}`);\n return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n },\n uvRatio,\n};\nexport const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF);\n// NOTE: there is no ed448ctx, since ed448 supports ctx by default\nexport const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 });\nexport const x448 = /* @__PURE__ */ (() => montgomery({\n a: BigInt(156326),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n montgomeryBits: 448,\n nByteLength: 56,\n P: ed448P,\n Gu: BigInt(5),\n powPminus2: (x) => {\n const P = ed448P;\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, BigInt(2), P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/**\n * Converts edwards448 public key to x448 public key. Uses formula:\n * * `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`\n * * `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`\n * @example\n * const aPub = ed448.getPublicKey(utils.randomPrivateKey());\n * x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))\n */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = Fp.invertBatch([xEd, yEd]); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\nconst htf = /* @__PURE__ */ (() => createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\nfunction assertDcfPoint(other) {\n if (!(other instanceof DcfPoint))\n throw new Error('DecafPoint expected');\n}\n// 1-d\nconst ONE_MINUS_D = BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_448B = BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes448ToNumberLE = (bytes) => ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);\n// Computes Elligator map for Decaf\n// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/**\n * Each ed448/ExtendedPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448\n */\nclass DcfPoint {\n // Private property to discourage combining ExtendedPoint + DecafPoint\n // Always use Decaf encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));\n }\n /**\n * Takes uniform output of 112-byte hash function like shake256 and converts it to `DecafPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * **Note:** this is one-way map, there is no conversion from point to hash.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\n * @param hex 112-byte output of a hash function\n */\n static hashToCurve(hex) {\n hex = ensureBytes('decafHash', hex, 112);\n const r1 = bytes448ToNumberLE(hex.slice(0, 56));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = bytes448ToNumberLE(hex.slice(56, 112));\n const R2 = calcElligatorDecafMap(r2);\n return new DcfPoint(R1.add(R2));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-decode-2\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n hex = ensureBytes('decafHex', hex, 56);\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';\n const s = bytes448ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 56), hex) || isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error(emsg);\n return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));\n }\n /**\n * Encodes decaf point to Uint8Array.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-encode-2\n */\n toRawBytes() {\n let { ex: x, ey: _y, ez: z, et: t } = this.ep;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const u1 = mod(mod(x + t) * mod(x - t)); // 1\n const x2 = mod(x * x);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * z - t); // 4\n let s = mod(ONE_MINUS_D * invsqrt * x * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 56);\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n // Compare one point to another.\n // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-equals-2\n equals(other) {\n assertDcfPoint(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed448.CURVE.Fp.create;\n // (x1 * y2 == y1 * x2)\n return mod(X1 * Y2) === mod(Y1 * X2);\n }\n add(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new DcfPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new DcfPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new DcfPoint(this.ep.double());\n }\n negate() {\n return new DcfPoint(this.ep.negate());\n }\n}\nexport const DecafPoint = /* @__PURE__ */ (() => {\n // decaf448 base point is ed448 base x 2\n // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699\n if (!DcfPoint.BASE)\n DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);\n if (!DcfPoint.ZERO)\n DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);\n return DcfPoint;\n})();\n// Hashing to decaf448. https://www.rfc-editor.org/rfc/rfc9380#appendix-C\nexport const hashToDecaf448 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xof(msg, DST, 112, 224, shake256);\n const P = DcfPoint.hashToCurve(uniform_bytes);\n return P;\n};\nexport const hash_to_decaf448 = hashToDecaf448; // legacy\n//# sourceMappingURL=ed448.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher, isogenyMap } from './abstract/hash-to-curve.js';\nimport { Field, mod, pow2 } from './abstract/modular.js';\nimport { inRange, aInRange, bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE, } from './abstract/utils.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\nconst secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');\nconst secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst divNearest = (a, b) => (a + b / _2n) / b;\n/**\n * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.\n * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]\n */\nfunction sqrtMod(y) {\n const P = secp256k1P;\n // prettier-ignore\n const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);\n // prettier-ignore\n const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);\n const b2 = (y * y * y) % P; // x^3, 11\n const b3 = (b2 * b2 * y) % P; // x^7\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b223 = (pow2(b220, _3n, P) * b3) % P;\n const t1 = (pow2(b223, _23n, P) * b22) % P;\n const t2 = (pow2(t1, _6n, P) * b2) % P;\n const root = pow2(t2, _2n, P);\n if (!Fp.eql(Fp.sqr(root), y))\n throw new Error('Cannot find square root');\n return root;\n}\nconst Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });\n/**\n * secp256k1 short weierstrass curve and ECDSA signatures over it.\n */\nexport const secp256k1 = createCurve({\n a: BigInt(0), // equation params: a, b\n b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975\n Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n\n n: secp256k1N, // Curve order, total count of valid points in the field\n // Base point (x, y) aka generator point\n Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),\n Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),\n h: BigInt(1), // Cofactor\n lowS: true, // Allow only low-S signatures by default in sign() and verify()\n /**\n * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.\n * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.\n * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.\n * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066\n */\n endo: {\n beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),\n splitScalar: (k) => {\n const n = secp256k1N;\n const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');\n const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');\n const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');\n const b2 = a1;\n const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)\n const c1 = divNearest(b2 * k, n);\n const c2 = divNearest(-b1 * k, n);\n let k1 = mod(k - c1 * a1 - c2 * a2, n);\n let k2 = mod(-c1 * b1 - c2 * b2, n);\n const k1neg = k1 > POW_2_128;\n const k2neg = k2 > POW_2_128;\n if (k1neg)\n k1 = n - k1;\n if (k2neg)\n k2 = n - k2;\n if (k1 > POW_2_128 || k2 > POW_2_128) {\n throw new Error('splitScalar: Endomorphism failed, k=' + k);\n }\n return { k1neg, k1, k2neg, k2 };\n },\n },\n}, sha256);\n// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.\n// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki\nconst _0n = BigInt(0);\n/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */\nconst TAGGED_HASH_PREFIXES = {};\nfunction taggedHash(tag, ...messages) {\n let tagP = TAGGED_HASH_PREFIXES[tag];\n if (tagP === undefined) {\n const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));\n tagP = concatBytes(tagH, tagH);\n TAGGED_HASH_PREFIXES[tag] = tagP;\n }\n return sha256(concatBytes(tagP, ...messages));\n}\n// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03\nconst pointToBytes = (point) => point.toRawBytes(true).slice(1);\nconst numTo32b = (n) => numberToBytesBE(n, 32);\nconst modP = (x) => mod(x, secp256k1P);\nconst modN = (x) => mod(x, secp256k1N);\nconst Point = secp256k1.ProjectivePoint;\nconst GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);\n// Calculate point, scalar and bytes\nfunction schnorrGetExtPubKey(priv) {\n let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey\n let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside\n const scalar = p.hasEvenY() ? d_ : modN(-d_);\n return { scalar: scalar, bytes: pointToBytes(p) };\n}\n/**\n * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.\n * @returns valid point checked for being on-curve\n */\nfunction lift_x(x) {\n aInRange('x', x, _1n, secp256k1P); // Fail if x ≥ p.\n const xx = modP(x * x);\n const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.\n let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.\n if (y % _2n !== _0n)\n y = modP(-y); // Return the unique point P such that x(P) = x and\n const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.\n p.assertValidity();\n return p;\n}\nconst num = bytesToNumberBE;\n/**\n * Create tagged hash, convert it to bigint, reduce modulo-n.\n */\nfunction challenge(...args) {\n return modN(num(taggedHash('BIP0340/challenge', ...args)));\n}\n/**\n * Schnorr public key is just `x` coordinate of Point as per BIP340.\n */\nfunction schnorrGetPublicKey(privateKey) {\n return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)\n}\n/**\n * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.\n * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.\n */\nfunction schnorrSign(message, privateKey, auxRand = randomBytes(32)) {\n const m = ensureBytes('message', message);\n const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder\n const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array\n const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)\n const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)\n const k_ = modN(num(rand)); // Let k' = int(rand) mod n\n if (k_ === _0n)\n throw new Error('sign failed: k is zero'); // Fail if k' = 0.\n const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.\n const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.\n const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).\n sig.set(rx, 0);\n sig.set(numTo32b(modN(k + e * d)), 32);\n // If Verify(bytes(P), m, sig) (see below) returns failure, abort\n if (!schnorrVerify(sig, m, px))\n throw new Error('sign: Invalid signature produced');\n return sig;\n}\n/**\n * Verifies Schnorr signature.\n * Will swallow errors & return false except for initial type validation of arguments.\n */\nfunction schnorrVerify(signature, message, publicKey) {\n const sig = ensureBytes('signature', signature, 64);\n const m = ensureBytes('message', message);\n const pub = ensureBytes('publicKey', publicKey, 32);\n try {\n const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails\n const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.\n if (!inRange(r, _1n, secp256k1P))\n return false;\n const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.\n if (!inRange(s, _1n, secp256k1N))\n return false;\n const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n\n const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P\n if (!R || !R.hasEvenY() || R.toAffine().x !== r)\n return false; // -eP == (n-e)P\n return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.\n }\n catch (error) {\n return false;\n }\n}\n/**\n * Schnorr signatures over secp256k1.\n */\nexport const schnorr = /* @__PURE__ */ (() => ({\n getPublicKey: schnorrGetPublicKey,\n sign: schnorrSign,\n verify: schnorrVerify,\n utils: {\n randomPrivateKey: secp256k1.utils.randomPrivateKey,\n lift_x,\n pointToBytes,\n numberToBytesBE,\n bytesToNumberBE,\n taggedHash,\n mod,\n },\n}))();\nconst isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [\n // xNum\n [\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',\n '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',\n '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',\n ],\n // xDen\n [\n '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',\n '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n // yNum\n [\n '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',\n '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',\n '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',\n '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',\n ],\n // yDen\n [\n '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',\n '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',\n '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n].map((i) => i.map((j) => BigInt(j)))))();\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),\n B: BigInt('1771'),\n Z: Fp.create(BigInt('-11')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {\n const { x, y } = mapSWU(Fp.create(scalars[0]));\n return isoMap(x, y);\n}, {\n DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=secp256k1.js.map","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'));\nconst CURVE_A = Fp.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'));\nconst CURVE_B = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6');\n\n// prettier-ignore\nexport const brainpoolP256r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),\n Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),\n h: BigInt(1),\n lowS: false\n} as const, sha256);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha384 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'));\nconst CURVE_A = Fp.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'));\nconst CURVE_B = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11');\n\n// prettier-ignore\nexport const brainpoolP384r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),\n Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),\n h: BigInt(1),\n lowS: false\n} as const, sha384);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha512 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'));\nconst CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'));\nconst CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723');\n\n// prettier-ignore\nexport const brainpoolP512r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),\n Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),\n h: BigInt(1),\n lowS: false\n} as const, sha512);\n","/**\n * This file is needed to dynamic import the noble-curves.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { p256 as nistP256 } from '@noble/curves/p256';\nimport { p384 as nistP384 } from '@noble/curves/p384';\nimport { p521 as nistP521 } from '@noble/curves/p521';\nimport { x448, ed448 } from '@noble/curves/ed448';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { brainpoolP256r1 } from './brainpool/brainpoolP256r1';\nimport { brainpoolP384r1 } from './brainpool/brainpoolP384r1';\nimport { brainpoolP512r1 } from './brainpool/brainpoolP512r1';\n\nexport const nobleCurves = new Map(Object.entries({\n nistP256,\n nistP384,\n nistP521,\n brainpoolP256r1,\n brainpoolP384r1,\n brainpoolP512r1,\n secp256k1,\n x448,\n ed448\n}));\n\n"],"names":["HMAC","Hash","constructor","hash","_key","super","this","finished","destroyed","assertHash","key","toBytes","iHash","create","update","Error","blockLen","outputLen","pad","Uint8Array","set","length","digest","i","oHash","fill","buf","assertExists","digestInto","out","assertBytes","destroy","_cloneInto","to","Object","getPrototypeOf","hmac","message","_0n","BigInt","_1n","_2n","isBytes","a","name","abytes","item","abool","title","value","hexes","Array","from","_","toString","padStart","bytesToHex","bytes","hex","numberToHexUnpadded","num","hexToNumber","asciis","_0","_9","_A","_F","_a","_f","asciiToBase16","char","hexToBytes","hl","al","array","ai","hi","n1","charCodeAt","n2","undefined","bytesToNumberBE","bytesToNumberLE","reverse","numberToBytesBE","n","len","numberToBytesLE","ensureBytes","expectedLength","res","e","concatBytes","arrays","sum","isPosBig","inRange","min","max","aInRange","bitLen","bitMask","u8n","data","u8fr","arr","createHmacDrbg","hashLen","qByteLen","hmacFn","v","k","reset","h","b","reseed","seed","gen","sl","slice","push","pred","validatorFns","bigint","val","function","boolean","string","stringOrUint8Array","isSafeInteger","Number","isArray","field","object","Fp","isValid","validateObject","validators","optValidators","checkField","fieldName","type","isOptional","checkVal","String","entries","memoized","fn","map","WeakMap","arg","args","get","computed","pos","diff","str","TextEncoder","encode","_3n","_4n","_5n","_8n","mod","result","pow","power","modulo","pow2","x","invert","number","u","r","m","FpSqrt","P","p1div4","root","eql","sqr","c1","mul","nv","sub","ONE","legendreC","Q","S","Z","Q1div2","neg","g","ZERO","t2","ge","tonelliShanks","FIELD_FIELDS","nLength","nBitLength","_nBitLength","nByteLength","Math","ceil","Field","ORDER","isLE","redef","BITS","BYTES","sqrtP","f","freeze","MASK","is0","isOdd","lhs","rhs","add","p","d","FpPow","div","sqrN","addN","subN","mulN","inv","sqrt","invertBatch","lst","nums","tmp","lastMultiplied","reduce","acc","inverted","reduceRight","FpInvertBatch","cmov","c","fromBytes","getFieldBytesLength","fieldOrder","bitLength","getMinHashLength","pointPrecomputes","pointWindowSizes","wNAF","bits","constTimeNegate","condition","negate","validateW","W","opts","windows","windowSize","unsafeLadder","elm","double","precomputeWindow","points","base","window","precomputes","BASE","mask","maxNumber","shiftBy","offset","wbits","offset1","offset2","abs","cond1","cond2","wNAFCached","transform","comp","setWindowSize","delete","pippenger","scalars","forEach","s","buckets","lastBits","floor","j","scalar","resI","sumI","validateBasic","curve","Gx","Gy","validateSigVerOpts","lowS","prehash","b2n","h2b","ut","DER","Err","_tlv","tag","E","dataLen","ut.numberToHexUnpadded","lenLen","decode","first","lengthBytes","subarray","l","_int","parseInt","toSig","int","tlv","ut.abytes","seqBytes","seqLeftBytes","rBytes","rLeftBytes","sBytes","sLeftBytes","hexFromSig","sig","seq","weierstrassPoints","CURVE","ut.validateObject","allowedPrivateKeyLengths","wrapPrivateKey","isTorsionFree","clearCofactor","allowInfinityPoint","endo","beta","splitScalar","validatePointOpts","Fn","mod.Field","_c","point","_isCompressed","toAffine","ut.concatBytes","y","tail","weierstrassEquation","x2","x3","normPrivateKeyToScalar","lengths","N","ut.isBytes","ut.bytesToHex","includes","ut.bytesToNumberBE","error","mod.mod","ut.aInRange","assertPrjPoint","other","Point","toAffineMemo","iz","px","py","pz","z","ax","ay","zz","assertValidMemo","left","right","fromAffine","normalizeZ","toInv","fromHex","assertValidity","fromPrivateKey","privateKey","multiply","msm","_setWindowSize","wnaf","hasEvenY","equals","X1","Y1","Z1","X2","Y2","Z2","U1","U2","b3","X3","Y3","Z3","t0","t1","t3","t4","t5","subtract","multiplyUnsafe","sc","I","k1neg","k1","k2neg","k2","k1p","k2p","fake","f1p","f2p","multiplyAndAddUnsafe","G","cofactor","toRawBytes","isCompressed","toHex","_bits","ProjectivePoint","isWithinCurveOrder","ut.inRange","weierstrass","curveDef","randomBytes","bits2int","bits2int_modN","validateOpts","CURVE_ORDER","compressedLen","uncompressedLen","modN","invN","mod.invert","cat","head","y2","sqrtError","suffix","numToNByteStr","ut.numberToBytesBE","isBiggerThanHalfOrder","slcNum","Signature","recovery","fromCompact","fromDER","addRecoveryBit","recoverPublicKey","msgHash","rec","radj","prefix","R","ir","u1","u2","hasHighS","normalizeS","toDERRawBytes","ut.hexToBytes","toDERHex","toCompactRawBytes","toCompactHex","utils","isValidPrivateKey","randomPrivateKey","mod.getMinHashLength","fieldLen","minLen","reduced","mod.mapHashToField","precompute","isProbPub","delta","ORDER_MASK","ut.bitMask","int2octets","prepSig","defaultSigOpts","some","extraEntropy","ent","h1int","seedArgs","k2sig","kBytes","ik","q","normS","defaultVerOpts","getPublicKey","getSharedSecret","privateA","publicB","sign","privKey","C","ut.createHmacDrbg","drbg","verify","signature","publicKey","sg","_sig","derError","is","getHash","msgs","createCurve","defHash","p256","sha256","p384","sha384","p521","sha512","VERIFY_DEFAULT","zip215","twistedEdwards","adjustScalarBytes","domain","uvRatio","mapToCurve","cHash","modP","ctx","phflag","aCoordinate","assertPoint","ex","ey","ez","X","Y","et","T","Z4","aX2","X1Z2","X2Z1","Y1Z2","Y2Z1","A","B","D","x1y1","F","H","T3","T1","T2","isSmallOrder","normed","lastByte","ut.bytesToNumberLE","isXOdd","isLastByteOdd","getExtendedPublicKey","ut.numberToBytesLE","modN_LE","hashed","pointBytes","hashDomainToScalar","context","msg","verifyOpts","options","SB","ExtendedPoint","montgomery","montgomeryBits","powPminus2","Gu","montgomeryBytes","cswap","swap","x_2","x_3","dummy","a24","encodeUCoordinate","scalarMult","pointU","uEnc","decodeUCoordinate","_scalar","decodeScalar","pu","x_1","sw","z_2","z_3","t","k_t","AA","BB","DA","CB","dacb","da_cb","z2","montgomeryLadder","GuBytes","scalarMultBase","shake256_114","wrapConstructor","shake256","dkLen","ed448P","_11n","_22n","_44n","_88n","_223n","ed448_pow_Pminus3div4","b2","b6","b9","b11","b22","b44","b88","b176","b220","b222","b223","ED448_DEF","utf8ToBytes","u2v","u3v","u5v3","ed448","x448","secp256k1P","secp256k1N","divNearest","_6n","_23n","secp256k1","a1","b1","a2","POW_2_128","c2","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","nobleCurves","Map","nistP256","nistP384","nistP521"],"mappings":";2MAGO,MAAMA,UAAaC,EACtB,WAAAC,CAAYC,EAAMC,GACdC,QACAC,KAAKC,UAAW,EAChBD,KAAKE,WAAY,EACjBC,EAAWN,GACX,MAAMO,EAAMC,EAAQP,GAEpB,GADAE,KAAKM,MAAQT,EAAKU,SACe,mBAAtBP,KAAKM,MAAME,OAClB,MAAUC,MAAM,uDACpBT,KAAKU,SAAWV,KAAKM,MAAMI,SAC3BV,KAAKW,UAAYX,KAAKM,MAAMK,UAC5B,MAAMD,EAAWV,KAAKU,SAChBE,EAAM,IAAIC,WAAWH,GAE3BE,EAAIE,IAAIV,EAAIW,OAASL,EAAWb,EAAKU,SAASC,OAAOJ,GAAKY,SAAWZ,GACrE,IAAK,IAAIa,EAAI,EAAGA,EAAIL,EAAIG,OAAQE,IAC5BL,EAAIK,IAAM,GACdjB,KAAKM,MAAME,OAAOI,GAElBZ,KAAKkB,MAAQrB,EAAKU,SAElB,IAAK,IAAIU,EAAI,EAAGA,EAAIL,EAAIG,OAAQE,IAC5BL,EAAIK,IAAM,IACdjB,KAAKkB,MAAMV,OAAOI,GAClBA,EAAIO,KAAK,EACjB,CACI,MAAAX,CAAOY,GAGH,OAFAC,EAAarB,MACbA,KAAKM,MAAME,OAAOY,GACXpB,IACf,CACI,UAAAsB,CAAWC,GACPF,EAAarB,MACbwB,EAAYD,EAAKvB,KAAKW,WACtBX,KAAKC,UAAW,EAChBD,KAAKM,MAAMgB,WAAWC,GACtBvB,KAAKkB,MAAMV,OAAOe,GAClBvB,KAAKkB,MAAMI,WAAWC,GACtBvB,KAAKyB,SACb,CACI,MAAAT,GACI,MAAMO,EAAM,IAAIV,WAAWb,KAAKkB,MAAMP,WAEtC,OADAX,KAAKsB,WAAWC,GACTA,CACf,CACI,UAAAG,CAAWC,GAEPA,IAAOA,EAAKC,OAAOrB,OAAOqB,OAAOC,eAAe7B,MAAO,CAAA,IACvD,MAAMkB,MAAEA,EAAKZ,MAAEA,EAAKL,SAAEA,EAAQC,UAAEA,EAASQ,SAAEA,EAAQC,UAAEA,GAAcX,KAQnE,OANA2B,EAAG1B,SAAWA,EACd0B,EAAGzB,UAAYA,EACfyB,EAAGjB,SAAWA,EACdiB,EAAGhB,UAAYA,EACfgB,EAAGT,MAAQA,EAAMQ,WAAWC,EAAGT,OAC/BS,EAAGrB,MAAQA,EAAMoB,WAAWC,EAAGrB,OACxBqB,CACf,CACI,OAAAF,GACIzB,KAAKE,WAAY,EACjBF,KAAKkB,MAAMO,UACXzB,KAAKM,MAAMmB,SACnB,EAYO,MAAMK,EAAO,CAACjC,EAAMO,EAAK2B,IAAY,IAAIrC,EAAKG,EAAMO,GAAKI,OAAOuB,GAASf,SAChFc,EAAKvB,OAAS,CAACV,EAAMO,IAAQ,IAAIV,EAAKG,EAAMO;uEC1E5C,MAAM4B,iBAAsBC,OAAO,GAC7BC,iBAAsBD,OAAO,GAC7BE,iBAAsBF,OAAO,GAC5B,SAASG,EAAQC,GACpB,OAAQA,aAAaxB,YACX,MAALwB,GAA0B,iBAANA,GAAyC,eAAvBA,EAAEzC,YAAY0C,IAC7D,CACO,SAASC,EAAOC,GACnB,IAAKJ,EAAQI,GACT,MAAU/B,MAAM,sBACxB,CACO,SAASgC,EAAMC,EAAOC,GACzB,GAAqB,kBAAVA,EACP,MAAUlC,MAAM,GAAGiC,iCAAqCC,MAChE,CAEA,MAAMC,iBAAwBC,MAAMC,KAAK,CAAE/B,OAAQ,MAAO,CAACgC,EAAG9B,IAAMA,EAAE+B,SAAS,IAAIC,SAAS,EAAG,OAIxF,SAASC,EAAWC,GACvBZ,EAAOY,GAEP,IAAIC,EAAM,GACV,IAAK,IAAInC,EAAI,EAAGA,EAAIkC,EAAMpC,OAAQE,IAC9BmC,GAAOR,EAAMO,EAAMlC,IAEvB,OAAOmC,CACX,CACO,SAASC,EAAoBC,GAChC,MAAMF,EAAME,EAAIN,SAAS,IACzB,OAAoB,EAAbI,EAAIrC,OAAa,IAAIqC,EAAQA,CACxC,CACO,SAASG,EAAYH,GACxB,GAAmB,iBAARA,EACP,MAAU3C,MAAM,mCAAqC2C,GAEzD,OAAOnB,OAAe,KAARmB,EAAa,IAAM,KAAKA,EAC1C,CAEA,MAAMI,EAAS,CAAEC,GAAI,GAAIC,GAAI,GAAIC,GAAI,GAAIC,GAAI,GAAIC,GAAI,GAAIC,GAAI,KAC7D,SAASC,EAAcC,GACnB,OAAIA,GAAQR,EAAOC,IAAMO,GAAQR,EAAOE,GAC7BM,EAAOR,EAAOC,GACrBO,GAAQR,EAAOG,IAAMK,GAAQR,EAAOI,GAC7BI,GAAQR,EAAOG,GAAK,IAC3BK,GAAQR,EAAOK,IAAMG,GAAQR,EAAOM,GAC7BE,GAAQR,EAAOK,GAAK,SAD/B,CAGJ,CAIO,SAASI,EAAWb,GACvB,GAAmB,iBAARA,EACP,MAAU3C,MAAM,mCAAqC2C,GACzD,MAAMc,EAAKd,EAAIrC,OACToD,EAAKD,EAAK,EAChB,GAAIA,EAAK,EACL,MAAUzD,MAAM,0DAA4DyD,GAChF,MAAME,EAAQ,IAAIvD,WAAWsD,GAC7B,IAAK,IAAIE,EAAK,EAAGC,EAAK,EAAGD,EAAKF,EAAIE,IAAMC,GAAM,EAAG,CAC7C,MAAMC,EAAKR,EAAcX,EAAIoB,WAAWF,IAClCG,EAAKV,EAAcX,EAAIoB,WAAWF,EAAK,IAC7C,QAAWI,IAAPH,QAA2BG,IAAPD,EAAkB,CACtC,MAAMT,EAAOZ,EAAIkB,GAAMlB,EAAIkB,EAAK,GAChC,MAAU7D,MAAM,+CAAiDuD,EAAO,cAAgBM,EACpG,CACQF,EAAMC,GAAW,GAALE,EAAUE,CAC9B,CACI,OAAOL,CACX,CAEO,SAASO,EAAgBxB,GAC5B,OAAOI,EAAYL,EAAWC,GAClC,CACO,SAASyB,EAAgBzB,GAE5B,OADAZ,EAAOY,GACAI,EAAYL,EAAWrC,WAAWiC,KAAKK,GAAO0B,WACzD,CACO,SAASC,EAAgBC,EAAGC,GAC/B,OAAOf,EAAWc,EAAE/B,SAAS,IAAIC,SAAe,EAAN+B,EAAS,KACvD,CACO,SAASC,EAAgBF,EAAGC,GAC/B,OAAOF,EAAgBC,EAAGC,GAAKH,SACnC,CAcO,SAASK,EAAYxC,EAAOU,EAAK+B,GACpC,IAAIC,EACJ,GAAmB,iBAARhC,EACP,IACIgC,EAAMnB,EAAWb,EAC7B,CACQ,MAAOiC,GACH,MAAU5E,MAAM,GAAGiC,oCAAwCU,cAAgBiC,IACvF,KAES,KAAIjD,EAAQgB,GAMb,MAAU3C,MAASiC,EAAH,qCAHhB0C,EAAMvE,WAAWiC,KAAKM,EAI9B,CACI,MAAM4B,EAAMI,EAAIrE,OAChB,GAA8B,iBAAnBoE,GAA+BH,IAAQG,EAC9C,MAAU1E,MAAM,GAAGiC,cAAkByC,gBAA6BH,KACtE,OAAOI,CACX,CAIO,SAASE,KAAeC,GAC3B,IAAIC,EAAM,EACV,IAAK,IAAIvE,EAAI,EAAGA,EAAIsE,EAAOxE,OAAQE,IAAK,CACpC,MAAMoB,EAAIkD,EAAOtE,GACjBsB,EAAOF,GACPmD,GAAOnD,EAAEtB,MACjB,CACI,MAAMqE,EAAM,IAAIvE,WAAW2E,GAC3B,IAAK,IAAIvE,EAAI,EAAGL,EAAM,EAAGK,EAAIsE,EAAOxE,OAAQE,IAAK,CAC7C,MAAMoB,EAAIkD,EAAOtE,GACjBmE,EAAItE,IAAIuB,EAAGzB,GACXA,GAAOyB,EAAEtB,MACjB,CACI,OAAOqE,CACX,CAmBA,MAAMK,EAAYV,GAAmB,iBAANA,GAAkB/C,GAAO+C,EACjD,SAASW,EAAQX,EAAGY,EAAKC,GAC5B,OAAOH,EAASV,IAAMU,EAASE,IAAQF,EAASG,IAAQD,GAAOZ,GAAKA,EAAIa,CAC5E,CAMO,SAASC,EAASnD,EAAOqC,EAAGY,EAAKC,GAMpC,IAAKF,EAAQX,EAAGY,EAAKC,GACjB,MAAUnF,MAAM,kBAAkBiC,MAAUiD,YAAcC,iBAAmBb,KAAKA,IAC1F,CAMO,SAASe,EAAOf,GACnB,IAAIC,EACJ,IAAKA,EAAM,EAAGD,EAAI/C,EAAK+C,IAAM7C,EAAK8C,GAAO,GAEzC,OAAOA,CACX,CAmBO,MAAMe,EAAWhB,IAAO5C,GAAOF,OAAO8C,EAAI,IAAM7C,EAEjD8D,EAAOC,GAAS,IAAIpF,WAAWoF,GAC/BC,EAAQC,GAAQtF,WAAWiC,KAAKqD,GAQ/B,SAASC,EAAeC,EAASC,EAAUC,GAC9C,GAAuB,iBAAZF,GAAwBA,EAAU,EACzC,MAAU5F,MAAM,4BACpB,GAAwB,iBAAb6F,GAAyBA,EAAW,EAC3C,MAAU7F,MAAM,6BACpB,GAAsB,mBAAX8F,EACP,MAAU9F,MAAM,6BAEpB,IAAI+F,EAAIR,EAAIK,GACRI,EAAIT,EAAIK,GACRpF,EAAI,EACR,MAAMyF,EAAQ,KACVF,EAAErF,KAAK,GACPsF,EAAEtF,KAAK,GACPF,EAAI,CAAC,EAEH0F,EAAI,IAAIC,IAAML,EAAOE,EAAGD,KAAMI,GAC9BC,EAAS,CAACC,EAAOd,OAEnBS,EAAIE,EAAET,EAAK,CAAC,IAAQY,GACpBN,EAAIG,IACgB,IAAhBG,EAAK/F,SAET0F,EAAIE,EAAET,EAAK,CAAC,IAAQY,GACpBN,EAAIG,IAAG,EAELI,EAAM,KAER,GAAI9F,KAAO,IACP,MAAUR,MAAM,2BACpB,IAAIuE,EAAM,EACV,MAAMzD,EAAM,GACZ,KAAOyD,EAAMsB,GAAU,CACnBE,EAAIG,IACJ,MAAMK,EAAKR,EAAES,QACb1F,EAAI2F,KAAKF,GACThC,GAAOwB,EAAEzF,MACrB,CACQ,OAAOuE,KAAe/D,EAAI,EAW9B,MATiB,CAACuF,EAAMK,KAGpB,IAAI/B,EACJ,IAHAsB,IACAG,EAAOC,KAEE1B,EAAM+B,EAAKJ,OAChBF,IAEJ,OADAH,IACOtB,CAAG,CAGlB,CAEA,MAAMgC,EAAe,CACjBC,OAASC,GAAuB,iBAARA,EACxBC,SAAWD,GAAuB,mBAARA,EAC1BE,QAAUF,GAAuB,kBAARA,EACzBG,OAASH,GAAuB,iBAARA,EACxBI,mBAAqBJ,GAAuB,iBAARA,GAAoBlF,EAAQkF,GAChEK,cAAgBL,GAAQM,OAAOD,cAAcL,GAC7ClD,MAAQkD,GAAQzE,MAAMgF,QAAQP,GAC9BQ,MAAO,CAACR,EAAKS,IAAWA,EAAOC,GAAGC,QAAQX,GAC1CzH,KAAOyH,GAAuB,mBAARA,GAAsBM,OAAOD,cAAcL,EAAI3G,YAGlE,SAASuH,EAAeH,EAAQI,EAAYC,EAAgB,CAAA,GAC/D,MAAMC,EAAa,CAACC,EAAWC,EAAMC,KACjC,MAAMC,EAAWrB,EAAamB,GAC9B,GAAwB,mBAAbE,EACP,MAAUhI,MAAM,sBAAsB8H,yBAC1C,MAAMjB,EAAMS,EAAOO,GACnB,KAAIE,QAAsB9D,IAAR4C,GAEbmB,EAASnB,EAAKS,IACf,MAAUtH,MAAM,iBAAwB6H,EAAPI,MAAqBpB,aAAeA,gBAAkBiB,IACnG,EAEI,IAAK,MAAOD,EAAWC,KAAS3G,OAAO+G,QAAQR,GAC3CE,EAAWC,EAAWC,GAAM,GAChC,IAAK,MAAOD,EAAWC,KAAS3G,OAAO+G,QAAQP,GAC3CC,EAAWC,EAAWC,GAAM,GAChC,OAAOR,CACX,CAmBO,SAASa,EAASC,GACrB,MAAMC,EAAM,IAAIC,QAChB,MAAO,CAACC,KAAQC,KACZ,MAAM3B,EAAMwB,EAAII,IAAIF,GACpB,QAAYtE,IAAR4C,EACA,OAAOA,EACX,MAAM6B,EAAWN,EAAGG,KAAQC,GAE5B,OADAH,EAAIhI,IAAIkI,EAAKG,GACNA,CAAQ,CAEvB,qFAtIO,SAAgBpE,EAAGqE,GACtB,OAAQrE,GAAK9C,OAAOmH,GAAQlH,CAChC,4BAIO,SAAgB6C,EAAGqE,EAAKzG,GAC3B,OAAOoC,GAAMpC,EAAQT,EAAMF,IAAQC,OAAOmH,EAC9C,2GA3DO,SAAoB/G,EAAGuE,GAC1B,GAAIvE,EAAEtB,SAAW6F,EAAE7F,OACf,OAAO,EACX,IAAIsI,EAAO,EACX,IAAK,IAAIpI,EAAI,EAAGA,EAAIoB,EAAEtB,OAAQE,IAC1BoI,GAAQhH,EAAEpB,GAAK2F,EAAE3F,GACrB,OAAgB,IAAToI,CACX,2EAiK8B,KAC1B,MAAU5I,MAAM,kBAAkB,+EA/N/B,SAA4BsE,GAC/B,OAAOd,EAAWZ,EAAoB0B,GAC1C,cA+DO,SAAqBuE,GACxB,GAAmB,iBAARA,EACP,MAAU7I,MAAM,2CAA2C6I,GAC/D,OAAO,IAAIzI,YAAW,IAAI0I,aAAcC,OAAOF,GACnD;sEC7JA,MAAMtH,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAIE,EAAMF,OAAO,GAAIwH,EAAMxH,OAAO,GAEhEyH,EAAMzH,OAAO,GAAI0H,EAAM1H,OAAO,GAAI2H,EAAM3H,OAAO,GAI9C,SAAS4H,EAAIxH,EAAGuE,GACnB,MAAMkD,EAASzH,EAAIuE,EACnB,OAAOkD,GAAU9H,EAAM8H,EAASlD,EAAIkD,CACxC,CAQO,SAASC,GAAIzG,EAAK0G,EAAOC,GAC5B,GAAIA,GAAUjI,GAAOgI,EAAQhI,EACzB,MAAUvB,MAAM,6BACpB,GAAIwJ,IAAW/H,EACX,OAAOF,EACX,IAAIoD,EAAMlD,EACV,KAAO8H,EAAQhI,GACPgI,EAAQ9H,IACRkD,EAAOA,EAAM9B,EAAO2G,GACxB3G,EAAOA,EAAMA,EAAO2G,EACpBD,IAAU9H,EAEd,OAAOkD,CACX,CAEO,SAAS8E,GAAKC,EAAGH,EAAOC,GAC3B,IAAI7E,EAAM+E,EACV,KAAOH,KAAUhI,GACboD,GAAOA,EACPA,GAAO6E,EAEX,OAAO7E,CACX,CAEO,SAASgF,GAAOC,EAAQJ,GAC3B,GAAII,IAAWrI,GAAOiI,GAAUjI,EAC5B,MAAUvB,MAAM,6CAA6C4J,SAAcJ,KAI/E,IAAI5H,EAAIwH,EAAIQ,EAAQJ,GAChBrD,EAAIqD,EAEJE,EAAInI,EAAcsI,EAAIpI,EAC1B,KAAOG,IAAML,GAAK,CAEd,MACMuI,EAAI3D,EAAIvE,EACRmI,EAAIL,EAAIG,GAFJ1D,EAAIvE,GAKduE,EAAIvE,EAAGA,EAAIkI,EAAGJ,EAAIG,EAAUA,EAAIE,CACxC,CAEI,GADY5D,IACA1E,EACR,MAAUzB,MAAM,0BACpB,OAAOoJ,EAAIM,EAAGF,EAClB,CAiEO,SAASQ,GAAOC,GAKnB,GAAIA,EAAIhB,IAAQD,EAAK,CAKjB,MAAMkB,GAAUD,EAAIxI,GAAOwH,EAC3B,OAAO,SAAmB1B,EAAIjD,GAC1B,MAAM6F,EAAO5C,EAAG+B,IAAIhF,EAAG4F,GAEvB,IAAK3C,EAAG6C,IAAI7C,EAAG8C,IAAIF,GAAO7F,GACtB,MAAUtE,MAAM,2BACpB,OAAOmK,CACV,CACT,CAEI,GAAIF,EAAId,IAAQD,EAAK,CACjB,MAAMoB,GAAML,EAAIf,GAAOC,EACvB,OAAO,SAAmB5B,EAAIjD,GAC1B,MAAMN,EAAKuD,EAAGgD,IAAIjG,EAAG5C,GACfqE,EAAIwB,EAAG+B,IAAItF,EAAIsG,GACfE,EAAKjD,EAAGgD,IAAIjG,EAAGyB,GACfvF,EAAI+G,EAAGgD,IAAIhD,EAAGgD,IAAIC,EAAI9I,GAAMqE,GAC5BoE,EAAO5C,EAAGgD,IAAIC,EAAIjD,EAAGkD,IAAIjK,EAAG+G,EAAGmD,MACrC,IAAKnD,EAAG6C,IAAI7C,EAAG8C,IAAIF,GAAO7F,GACtB,MAAUtE,MAAM,2BACpB,OAAOmK,CACV,CACT,CAwBI,OAhHG,SAAuBF,GAM1B,MAAMU,GAAaV,EAAIxI,GAAOC,EAC9B,IAAIkJ,EAAGC,EAAGC,EAGV,IAAKF,EAAIX,EAAIxI,EAAKoJ,EAAI,EAAGD,EAAIlJ,IAAQH,EAAKqJ,GAAKlJ,EAAKmJ,KAGpD,IAAKC,EAAIpJ,EAAKoJ,EAAIb,GAAKX,GAAIwB,EAAGH,EAAWV,KAAOA,EAAIxI,EAAKqJ,KAGzD,GAAU,IAAND,EAAS,CACT,MAAMX,GAAUD,EAAIxI,GAAOwH,EAC3B,OAAO,SAAqB1B,EAAIjD,GAC5B,MAAM6F,EAAO5C,EAAG+B,IAAIhF,EAAG4F,GACvB,IAAK3C,EAAG6C,IAAI7C,EAAG8C,IAAIF,GAAO7F,GACtB,MAAUtE,MAAM,2BACpB,OAAOmK,CACV,CACT,CAEI,MAAMY,GAAUH,EAAInJ,GAAOC,EAC3B,OAAO,SAAqB6F,EAAIjD,GAE5B,GAAIiD,EAAG+B,IAAIhF,EAAGqG,KAAepD,EAAGyD,IAAIzD,EAAGmD,KACnC,MAAU1K,MAAM,2BACpB,IAAI8J,EAAIe,EAEJI,EAAI1D,EAAG+B,IAAI/B,EAAGgD,IAAIhD,EAAGmD,IAAKI,GAAIF,GAC9BlB,EAAInC,EAAG+B,IAAIhF,EAAGyG,GACd5E,EAAIoB,EAAG+B,IAAIhF,EAAGsG,GAClB,MAAQrD,EAAG6C,IAAIjE,EAAGoB,EAAGmD,MAAM,CACvB,GAAInD,EAAG6C,IAAIjE,EAAGoB,EAAG2D,MACb,OAAO3D,EAAG2D,KAEd,IAAInB,EAAI,EACR,IAAK,IAAIoB,EAAK5D,EAAG8C,IAAIlE,GAAI4D,EAAID,IACrBvC,EAAG6C,IAAIe,EAAI5D,EAAGmD,KADUX,IAG5BoB,EAAK5D,EAAG8C,IAAIc,GAGhB,MAAMC,EAAK7D,EAAG+B,IAAI2B,EAAGxJ,GAAOD,OAAOsI,EAAIC,EAAI,IAC3CkB,EAAI1D,EAAG8C,IAAIe,GACX1B,EAAInC,EAAGgD,IAAIb,EAAG0B,GACdjF,EAAIoB,EAAGgD,IAAIpE,EAAG8E,GACdnB,EAAIC,CAChB,CACQ,OAAOL,CACV,CACL,CAyDW2B,CAAcpB,EACzB,CAtLYzI,OAAO,GAAWA,OAAO,IA0LrC,MAAM8J,GAAe,CACjB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAkFrB,SAASC,GAAQjH,EAAGkH,GAEvB,MAAMC,OAA6BxH,IAAfuH,EAA2BA,EAAalH,EAAE/B,SAAS,GAAGjC,OAE1E,MAAO,CAAEkL,WAAYC,EAAaC,YADdC,KAAKC,KAAKH,EAAc,GAEhD,CAgBO,SAASI,GAAMC,EAAOzG,EAAQ0G,GAAO,EAAOC,EAAQ,IACvD,GAAIF,GAASvK,EACT,MAAUvB,MAAM,iCAAiC8L,GACrD,MAAQN,WAAYS,EAAMP,YAAaQ,GAAUX,GAAQO,EAAOzG,GAChE,GAAI6G,EAAQ,KACR,MAAUlM,MAAM,mDACpB,MAAMmM,EAAQnC,GAAO8B,GACfM,EAAIjL,OAAOkL,OAAO,CACpBP,QACAG,OACAC,QACAI,KAAMhH,EAAQ2G,GACdf,KAAM3J,EACNmJ,IAAKjJ,EACL3B,OAAS+C,GAAQuG,EAAIvG,EAAKiJ,GAC1BtE,QAAU3E,IACN,GAAmB,iBAARA,EACP,MAAU7C,MAAM,sDAAsD6C,GAC1E,OAAOtB,GAAOsB,GAAOA,EAAMiJ,CAAK,EAEpCS,IAAM1J,GAAQA,IAAQtB,EACtBiL,MAAQ3J,IAASA,EAAMpB,KAASA,EAChCuJ,IAAMnI,GAAQuG,GAAKvG,EAAKiJ,GACxB1B,IAAK,CAACqC,EAAKC,IAAQD,IAAQC,EAC3BrC,IAAMxH,GAAQuG,EAAIvG,EAAMA,EAAKiJ,GAC7Ba,IAAK,CAACF,EAAKC,IAAQtD,EAAIqD,EAAMC,EAAKZ,GAClCrB,IAAK,CAACgC,EAAKC,IAAQtD,EAAIqD,EAAMC,EAAKZ,GAClCvB,IAAK,CAACkC,EAAKC,IAAQtD,EAAIqD,EAAMC,EAAKZ,GAClCxC,IAAK,CAACzG,EAAK0G,IA/GZ,SAAe6C,EAAGvJ,EAAK0G,GAG1B,GAAIA,EAAQhI,EACR,MAAUvB,MAAM,sBACpB,GAAIuJ,IAAUhI,EACV,OAAO6K,EAAE1B,IACb,GAAInB,IAAU9H,EACV,OAAOoB,EACX,IAAI+J,EAAIR,EAAE1B,IACNmC,EAAIhK,EACR,KAAO0G,EAAQhI,GACPgI,EAAQ9H,IACRmL,EAAIR,EAAE7B,IAAIqC,EAAGC,IACjBA,EAAIT,EAAE/B,IAAIwC,GACVtD,IAAU9H,EAEd,OAAOmL,CACX,CA6F6BE,CAAMV,EAAGvJ,EAAK0G,GACnCwD,IAAK,CAACN,EAAKC,IAAQtD,EAAIqD,EAAM9C,GAAO+C,EAAKZ,GAAQA,GAEjDkB,KAAOnK,GAAQA,EAAMA,EACrBoK,KAAM,CAACR,EAAKC,IAAQD,EAAMC,EAC1BQ,KAAM,CAACT,EAAKC,IAAQD,EAAMC,EAC1BS,KAAM,CAACV,EAAKC,IAAQD,EAAMC,EAC1BU,IAAMvK,GAAQ8G,GAAO9G,EAAKiJ,GAC1BuB,KAAMrB,EAAMqB,MAAS,CAAC/I,GAAM6H,EAAMC,EAAG9H,IACrCgJ,YAAcC,GAjGf,SAAuBnB,EAAGoB,GAC7B,MAAMC,EAAUrL,MAAMoL,EAAKlN,QAErBoN,EAAiBF,EAAKG,QAAO,CAACC,EAAK/K,EAAKrC,IACtC4L,EAAEG,IAAI1J,GACC+K,GACXH,EAAIjN,GAAKoN,EACFxB,EAAE7B,IAAIqD,EAAK/K,KACnBuJ,EAAE1B,KAECmD,EAAWzB,EAAEgB,IAAIM,GAQvB,OANAF,EAAKM,aAAY,CAACF,EAAK/K,EAAKrC,IACpB4L,EAAEG,IAAI1J,GACC+K,GACXH,EAAIjN,GAAK4L,EAAE7B,IAAIqD,EAAKH,EAAIjN,IACjB4L,EAAE7B,IAAIqD,EAAK/K,KACnBgL,GACIJ,CACX,CA8E8BM,CAAc3B,EAAGmB,GAGvCS,KAAM,CAACpM,EAAGuE,EAAG8H,IAAOA,EAAI9H,EAAIvE,EAC5BhC,QAAUiD,GAASkJ,EAAOvH,EAAgB3B,EAAKqJ,GAAS7H,EAAgBxB,EAAKqJ,GAC7EgC,UAAYxL,IACR,GAAIA,EAAMpC,SAAW4L,EACjB,MAAUlM,MAAM,0BAA0BkM,UAAcxJ,EAAMpC,UAClE,OAAOyL,EAAO5H,EAAgBzB,GAASwB,EAAgBxB,EAAM,IAGrE,OAAOvB,OAAOkL,OAAOD,EACzB,CAkCO,SAAS+B,GAAoBC,GAChC,GAA0B,iBAAfA,EACP,MAAUpO,MAAM,8BACpB,MAAMqO,EAAYD,EAAW7L,SAAS,GAAGjC,OACzC,OAAOqL,KAAKC,KAAKyC,EAAY,EACjC,CAQO,SAASC,GAAiBF,GAC7B,MAAM9N,EAAS6N,GAAoBC,GACnC,OAAO9N,EAASqL,KAAKC,KAAKtL,EAAS,EACvC;;AC3YA,MAAMiB,GAAMC,OAAO,GACbC,GAAMD,OAAO,GAGb+M,GAAmB,IAAIjG,QACvBkG,GAAmB,IAAIlG,QAYtB,SAASmG,GAAKR,EAAGS,GACpB,MAAMC,EAAkB,CAACC,EAAW7M,KAChC,MAAMiJ,EAAMjJ,EAAK8M,SACjB,OAAOD,EAAY5D,EAAMjJ,CAAI,EAE3B+M,EAAaC,IACf,IAAK5H,OAAOD,cAAc6H,IAAMA,GAAK,GAAKA,EAAIL,EAC1C,MAAU1O,MAAM,qBAAqB+O,oBAAoBL,KAAQ,EAEnEM,EAAQD,IACVD,EAAUC,GAGV,MAAO,CAAEE,QAFOtD,KAAKC,KAAK8C,EAAOK,GAAK,EAEpBG,WADC,IAAMH,EAAI,GACC,EAElC,MAAO,CACHJ,kBAEA,YAAAQ,CAAaC,EAAK9K,GACd,IAAIsI,EAAIqB,EAAE/C,KACN2B,EAAIuC,EACR,KAAO9K,EAAI/C,IACH+C,EAAI7C,KACJmL,EAAIA,EAAED,IAAIE,IACdA,EAAIA,EAAEwC,SACN/K,IAAM7C,GAEV,OAAOmL,CACV,EAWD,gBAAA0C,CAAiBF,EAAKL,GAClB,MAAME,QAAEA,EAAOC,WAAEA,GAAeF,EAAKD,GAC/BQ,EAAS,GACf,IAAI3C,EAAIwC,EACJI,EAAO5C,EACX,IAAK,IAAI6C,EAAS,EAAGA,EAASR,EAASQ,IAAU,CAC7CD,EAAO5C,EACP2C,EAAO9I,KAAK+I,GAEZ,IAAK,IAAIhP,EAAI,EAAGA,EAAI0O,EAAY1O,IAC5BgP,EAAOA,EAAK7C,IAAIC,GAChB2C,EAAO9I,KAAK+I,GAEhB5C,EAAI4C,EAAKH,QACzB,CACY,OAAOE,CACV,EAQD,IAAAd,CAAKM,EAAGW,EAAapL,GAGjB,MAAM2K,QAAEA,EAAOC,WAAEA,GAAeF,EAAKD,GACrC,IAAInC,EAAIqB,EAAE/C,KACNkB,EAAI6B,EAAE0B,KACV,MAAMC,EAAOpO,OAAO,GAAKuN,EAAI,GACvBc,EAAY,GAAKd,EACjBe,EAAUtO,OAAOuN,GACvB,IAAK,IAAIU,EAAS,EAAGA,EAASR,EAASQ,IAAU,CAC7C,MAAMM,EAASN,EAASP,EAExB,IAAIc,EAAQ7I,OAAO7C,EAAIsL,GAEvBtL,IAAMwL,EAGFE,EAAQd,IACRc,GAASH,EACTvL,GAAK7C,IAST,MAAMwO,EAAUF,EACVG,EAAUH,EAASpE,KAAKwE,IAAIH,GAAS,EACrCI,EAAQX,EAAS,GAAM,EACvBY,EAAQL,EAAQ,EACR,IAAVA,EAEA5D,EAAIA,EAAEO,IAAIgC,EAAgByB,EAAOV,EAAYO,KAG7CrD,EAAIA,EAAED,IAAIgC,EAAgB0B,EAAOX,EAAYQ,IAEjE,CAMY,MAAO,CAAEtD,IAAGR,IACf,EACD,UAAAkE,CAAWrG,EAAG3F,EAAGiM,GACb,MAAMxB,EAAIP,GAAiB/F,IAAIwB,IAAM,EAErC,IAAIuG,EAAOjC,GAAiB9F,IAAIwB,GAMhC,OALKuG,IACDA,EAAOjR,KAAK+P,iBAAiBrF,EAAG8E,GACtB,IAANA,GACAR,GAAiBlO,IAAI4J,EAAGsG,EAAUC,KAEnCjR,KAAKkP,KAAKM,EAAGyB,EAAMlM,EAC7B,EAID,aAAAmM,CAAcxG,EAAG8E,GACbD,EAAUC,GACVP,GAAiBnO,IAAI4J,EAAG8E,GACxBR,GAAiBmC,OAAOzG,EAC3B,EAET,CAYO,SAAS0G,GAAU1C,EAAG5G,EAAOkI,EAAQqB,GAOxC,IAAKxO,MAAMgF,QAAQmI,KAAYnN,MAAMgF,QAAQwJ,IAAYA,EAAQtQ,SAAWiP,EAAOjP,OAC/E,MAAUN,MAAM,uDACpB4Q,EAAQC,SAAQ,CAACC,EAAGtQ,KAChB,IAAK6G,EAAMG,QAAQsJ,GACf,MAAU9Q,MAAM,yBAAyBQ,EAAI,IAErD+O,EAAOsB,SAAQ,CAACjE,EAAGpM,KACf,KAAMoM,aAAaqB,GACf,MAAUjO,MAAM,wBAAwBQ,EAAI,IAEpD,MAAMwP,EAAQ3K,EAAO7D,OAAO+N,EAAOjP,SAC7B4O,EAAac,EAAQ,GAAKA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAI,EAC1E1D,GAAQ,GAAK4C,GAAc,EAC3B6B,EAAc3O,MAAMkK,EAAO,GAAG5L,KAAKuN,EAAE/C,MACrC8F,EAAWrF,KAAKsF,OAAO5J,EAAM4E,KAAO,GAAKiD,GAAcA,EAC7D,IAAInK,EAAMkJ,EAAE/C,KACZ,IAAK,IAAI1K,EAAIwQ,EAAUxQ,GAAK,EAAGA,GAAK0O,EAAY,CAC5C6B,EAAQrQ,KAAKuN,EAAE/C,MACf,IAAK,IAAIgG,EAAI,EAAGA,EAAIN,EAAQtQ,OAAQ4Q,IAAK,CACrC,MAAMC,EAASP,EAAQM,GACjBlB,EAAQ7I,OAAQgK,GAAU3P,OAAOhB,GAAMgB,OAAO8K,IACpDyE,EAAQf,GAASe,EAAQf,GAAOrD,IAAI4C,EAAO2B,GACvD,CACQ,IAAIE,EAAOnD,EAAE/C,KAEb,IAAK,IAAIgG,EAAIH,EAAQzQ,OAAS,EAAG+Q,EAAOpD,EAAE/C,KAAMgG,EAAI,EAAGA,IACnDG,EAAOA,EAAK1E,IAAIoE,EAAQG,IACxBE,EAAOA,EAAKzE,IAAI0E,GAGpB,GADAtM,EAAMA,EAAI4H,IAAIyE,GACJ,IAAN5Q,EACA,IAAK,IAAI0Q,EAAI,EAAGA,EAAIhC,EAAYgC,IAC5BnM,EAAMA,EAAIsK,QAC1B,CACI,OAAOtK,CACX,CACO,SAASuM,GAAcC,GAY1B,ODRO9J,ECHO8J,EAAMhK,GDDP+D,GAAaqC,QAAO,CAACtF,EAAKxB,KACnCwB,EAAIxB,GAAO,WACJwB,IARK,CACZyD,MAAO,SACPQ,KAAM,SACNJ,MAAO,gBACPD,KAAM,mBCIVxE,EAAe8J,EAAO,CAClBjN,EAAG,SACH4B,EAAG,SACHsL,GAAI,QACJC,GAAI,SACL,CACCjG,WAAY,gBACZE,YAAa,kBAGVvK,OAAOkL,OAAO,IACdd,GAAQgG,EAAMjN,EAAGiN,EAAM/F,eACvB+F,EACE3E,EAAG2E,EAAMhK,GAAGuE,OAEzB;sECzNA,SAAS4F,GAAmB1C,QACN/K,IAAd+K,EAAK2C,MACL3P,EAAM,OAAQgN,EAAK2C,WACF1N,IAAjB+K,EAAK4C,SACL5P,EAAM,UAAWgN,EAAK4C,QAC9B,CA4BA,MAAQ1N,gBAAiB2N,GAAKrO,WAAYsO,IAAQC,EAQrCC,GAAM,CAEfC,IAAK,cAAqBjS,MACtB,WAAAb,CAAY4K,EAAI,IACZzK,MAAMyK,EAClB,GAGImI,KAAM,CACFnJ,OAAQ,CAACoJ,EAAK3M,KACV,MAAQyM,IAAKG,GAAMJ,GACnB,GAAIG,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIC,EAAE,yBAChB,GAAkB,EAAd5M,EAAKlF,OACL,MAAM,IAAI8R,EAAE,6BAChB,MAAMC,EAAU7M,EAAKlF,OAAS,EACxBiE,EAAM+N,EAAuBD,GACnC,GAAK9N,EAAIjE,OAAS,EAAK,IACnB,MAAM,IAAI8R,EAAE,wCAEhB,MAAMG,EAASF,EAAU,IAAMC,EAAwB/N,EAAIjE,OAAS,EAAK,KAAO,GAChF,MAAO,GAAGgS,EAAuBH,KAAOI,IAAShO,IAAMiB,GAAM,EAGjE,MAAAgN,CAAOL,EAAK3M,GACR,MAAQyM,IAAKG,GAAMJ,GACnB,IAAIrJ,EAAM,EACV,GAAIwJ,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIC,EAAE,yBAChB,GAAI5M,EAAKlF,OAAS,GAAKkF,EAAKmD,OAAWwJ,EACnC,MAAM,IAAIC,EAAE,yBAChB,MAAMK,EAAQjN,EAAKmD,KAEnB,IAAIrI,EAAS,EACb,MAF0B,IAARmS,GAIb,CAED,MAAMF,EAAiB,IAARE,EACf,IAAKF,EACD,MAAM,IAAIH,EAAE,qDAChB,GAAIG,EAAS,EACT,MAAM,IAAIH,EAAE,4CAChB,MAAMM,EAAclN,EAAKmN,SAAShK,EAAKA,EAAM4J,GAC7C,GAAIG,EAAYpS,SAAWiS,EACvB,MAAM,IAAIH,EAAE,yCAChB,GAAuB,IAAnBM,EAAY,GACZ,MAAM,IAAIN,EAAE,wCAChB,IAAK,MAAMjM,KAAKuM,EACZpS,EAAUA,GAAU,EAAK6F,EAE7B,GADAwC,GAAO4J,EACHjS,EAAS,IACT,MAAM,IAAI8R,EAAE,yCAChC,MAlBgB9R,EAASmS,EAmBb,MAAM1M,EAAIP,EAAKmN,SAAShK,EAAKA,EAAMrI,GACnC,GAAIyF,EAAEzF,SAAWA,EACb,MAAM,IAAI8R,EAAE,kCAChB,MAAO,CAAErM,IAAG6M,EAAGpN,EAAKmN,SAAShK,EAAMrI,GACtC,GAMLuS,KAAM,CACF,MAAA9J,CAAOlG,GACH,MAAQoP,IAAKG,GAAMJ,GACnB,GAAInP,EAAMtB,GACN,MAAM,IAAI6Q,EAAE,8CAChB,IAAIzP,EAAM2P,EAAuBzP,GAIjC,GAFkC,EAA9BsE,OAAO2L,SAASnQ,EAAI,GAAI,MACxBA,EAAM,KAAOA,GACA,EAAbA,EAAIrC,OACJ,MAAM,IAAI8R,EAAE,wBAChB,OAAOzP,CACV,EACD,MAAA6P,CAAOhN,GACH,MAAQyM,IAAKG,GAAMJ,GACnB,GAAc,IAAVxM,EAAK,GACL,MAAM,IAAI4M,EAAE,uCAChB,GAAgB,IAAZ5M,EAAK,MAA2B,IAAVA,EAAK,IAC3B,MAAM,IAAI4M,EAAE,uDAChB,OAAOP,GAAIrM,EACd,GAEL,KAAAuN,CAAMpQ,GAEF,MAAQsP,IAAKG,EAAGS,KAAMG,EAAKd,KAAMe,GAAQjB,GACnCxM,EAAsB,iBAAR7C,EAAmBmP,GAAInP,GAAOA,EAClDuQ,EAAU1N,GACV,MAAQO,EAAGoN,EAAUP,EAAGQ,GAAiBH,EAAIT,OAAO,GAAMhN,GAC1D,GAAI4N,EAAa9S,OACb,MAAM,IAAI8R,EAAE,+CAChB,MAAQrM,EAAGsN,EAAQT,EAAGU,GAAeL,EAAIT,OAAO,EAAMW,IAC9CpN,EAAGwN,EAAQX,EAAGY,GAAeP,EAAIT,OAAO,EAAMc,GACtD,GAAIE,EAAWlT,OACX,MAAM,IAAI8R,EAAE,+CAChB,MAAO,CAAEtI,EAAGkJ,EAAIR,OAAOa,GAASvC,EAAGkC,EAAIR,OAAOe,GACjD,EACD,UAAAE,CAAWC,GACP,MAAQxB,KAAMe,EAAKJ,KAAMG,GAAQhB,GAC3B2B,EAAM,GAAGV,EAAIlK,OAAO,EAAMiK,EAAIjK,OAAO2K,EAAI5J,MAAMmJ,EAAIlK,OAAO,EAAMiK,EAAIjK,OAAO2K,EAAI5C,MACrF,OAAOmC,EAAIlK,OAAO,GAAM4K,EAC3B,GAICpS,GAAMC,OAAO,GAAIC,GAAMD,OAAO,GAAUA,OAAO,GAAG,MAACwH,GAAMxH,OAAO,GAC/D,SAASoS,GAAkB5E,GAC9B,MAAM6E,EAjJV,SAA2BtC,GACvB,MAAMvC,EAAOsC,GAAcC,GAC3BuC,EAAkB9E,EAAM,CACpBpN,EAAG,QACHuE,EAAG,SACJ,CACC4N,yBAA0B,QAC1BC,eAAgB,UAChBC,cAAe,WACfC,cAAe,WACfC,mBAAoB,UACpBjG,UAAW,WACXtO,QAAS,aAEb,MAAMwU,KAAEA,EAAI7M,GAAEA,EAAE3F,EAAEA,GAAMoN,EACxB,GAAIoF,EAAM,CACN,IAAK7M,EAAG6C,IAAIxI,EAAG2F,EAAG2D,MACd,MAAUlL,MAAM,qEAEpB,GAAoB,iBAAToU,GACc,iBAAdA,EAAKC,MACgB,mBAArBD,EAAKE,YACZ,MAAUtU,MAAM,oEAE5B,CACI,OAAOmB,OAAOkL,OAAO,IAAK2C,GAC9B,CAuHkBuF,CAAkBvF,IAC1BzH,GAAEA,GAAOsM,EACTW,EAAKC,GAAUZ,EAAMvP,EAAGuP,EAAMrI,YAC9B5L,EAAUiU,EAAMjU,SAC1B,EAAU8U,EAAIC,EAAOC,KACT,MAAMhT,EAAI+S,EAAME,WAChB,OAAOC,EAAe1U,WAAWiC,KAAK,CAAC,IAAQkF,EAAG3H,QAAQgC,EAAE8H,GAAInC,EAAG3H,QAAQgC,EAAEmT,GAChF,GACC7G,EAAY2F,EAAM3F,WACnB,CAACxL,IAEE,MAAMsS,EAAOtS,EAAMiQ,SAAS,GAI5B,MAAO,CAAEjJ,EAFCnC,EAAG2G,UAAU8G,EAAKrC,SAAS,EAAGpL,EAAG2E,QAE/B6I,EADFxN,EAAG2G,UAAU8G,EAAKrC,SAASpL,EAAG2E,MAAO,EAAI3E,EAAG2E,QAEzD,GAKL,SAAS+I,EAAoBvL,GACzB,MAAM9H,EAAEA,EAACuE,EAAEA,GAAM0N,EACXqB,EAAK3N,EAAG8C,IAAIX,GACZyL,EAAK5N,EAAGgD,IAAI2K,EAAIxL,GACtB,OAAOnC,EAAGoF,IAAIpF,EAAGoF,IAAIwI,EAAI5N,EAAGgD,IAAIb,EAAG9H,IAAKuE,EAChD,CAKI,IAAKoB,EAAG6C,IAAI7C,EAAG8C,IAAIwJ,EAAMpC,IAAKwD,EAAoBpB,EAAMrC,KACpD,MAAUxR,MAAM,+CAOpB,SAASoV,EAAuBzV,GAC5B,MAAQoU,yBAA0BsB,EAAO3J,YAAEA,EAAWsI,eAAEA,EAAgB1P,EAAGgR,GAAMzB,EACjF,GAAIwB,GAA0B,iBAAR1V,EAAkB,CAIpC,GAHI4V,EAAW5V,KACXA,EAAM6V,EAAc7V,IAEL,iBAARA,IAAqB0V,EAAQI,SAAS9V,EAAIW,QACjD,MAAUN,MAAM,eACpBL,EAAMA,EAAI6C,SAAuB,EAAdkJ,EAAiB,IAChD,CACQ,IAAI7I,EACJ,IACIA,EACmB,iBAARlD,EACDA,EACA+V,EAAmBjR,EAAY,cAAe9E,EAAK+L,GACzE,CACQ,MAAOiK,GACH,MAAU3V,MAAM,uBAAuB0L,sCAAgD/L,IACnG,CAIQ,OAHIqU,IACAnR,EAAM+S,EAAQ/S,EAAKyS,IACvBO,EAAY,cAAehT,EAAKpB,GAAK6T,GAC9BzS,CACf,CACI,SAASiT,EAAeC,GACpB,KAAMA,aAAiBC,GACnB,MAAUhW,MAAM,2BAC5B,CAKI,MAAMiW,EAAe9N,GAAS,CAACyE,EAAGsJ,KAC9B,MAAQC,GAAIzM,EAAG0M,GAAIrB,EAAGsB,GAAIC,GAAM1J,EAEhC,GAAIrF,EAAG6C,IAAIkM,EAAG/O,EAAGmD,KACb,MAAO,CAAEhB,IAAGqL,KAChB,MAAMxI,EAAMK,EAAEL,MAGJ,MAAN2J,IACAA,EAAK3J,EAAMhF,EAAGmD,IAAMnD,EAAG6F,IAAIkJ,IAC/B,MAAMC,EAAKhP,EAAGgD,IAAIb,EAAGwM,GACfM,EAAKjP,EAAGgD,IAAIwK,EAAGmB,GACfO,EAAKlP,EAAGgD,IAAI+L,EAAGJ,GACrB,GAAI3J,EACA,MAAO,CAAE7C,EAAGnC,EAAG2D,KAAM6J,EAAGxN,EAAG2D,MAC/B,IAAK3D,EAAG6C,IAAIqM,EAAIlP,EAAGmD,KACf,MAAU1K,MAAM,oBACpB,MAAO,CAAE0J,EAAG6M,EAAIxB,EAAGyB,EAAI,IAIrBE,EAAkBvO,GAAUyE,IAC9B,GAAIA,EAAEL,MAAO,CAIT,GAAIsH,EAAMM,qBAAuB5M,EAAGgF,IAAIK,EAAEwJ,IACtC,OACJ,MAAUpW,MAAM,kBAC5B,CAEQ,MAAM0J,EAAEA,EAACqL,EAAEA,GAAMnI,EAAEiI,WAEnB,IAAKtN,EAAGC,QAAQkC,KAAOnC,EAAGC,QAAQuN,GAC9B,MAAU/U,MAAM,4BACpB,MAAM2W,EAAOpP,EAAG8C,IAAI0K,GACd6B,EAAQ3B,EAAoBvL,GAClC,IAAKnC,EAAG6C,IAAIuM,EAAMC,GACd,MAAU5W,MAAM,qCACpB,IAAK4M,EAAEqH,gBACH,MAAUjU,MAAM,0CACpB,OAAO,CAAI,IAOf,MAAMgW,EACF,WAAA7W,CAAYgX,EAAIC,EAAIC,GAIhB,GAHA9W,KAAK4W,GAAKA,EACV5W,KAAK6W,GAAKA,EACV7W,KAAK8W,GAAKA,EACA,MAANF,IAAe5O,EAAGC,QAAQ2O,GAC1B,MAAUnW,MAAM,cACpB,GAAU,MAANoW,IAAe7O,EAAGC,QAAQ4O,GAC1B,MAAUpW,MAAM,cACpB,GAAU,MAANqW,IAAe9O,EAAGC,QAAQ6O,GAC1B,MAAUrW,MAAM,cACpBmB,OAAOkL,OAAO9M,KAC1B,CAGQ,iBAAOsX,CAAWjK,GACd,MAAMlD,EAAEA,EAACqL,EAAEA,GAAMnI,GAAK,CAAE,EACxB,IAAKA,IAAMrF,EAAGC,QAAQkC,KAAOnC,EAAGC,QAAQuN,GACpC,MAAU/U,MAAM,wBACpB,GAAI4M,aAAaoJ,EACb,MAAUhW,MAAM,gCACpB,MAAMuM,EAAO/L,GAAM+G,EAAG6C,IAAI5J,EAAG+G,EAAG2D,MAEhC,OAAIqB,EAAI7C,IAAM6C,EAAIwI,GACPiB,EAAM9K,KACV,IAAI8K,EAAMtM,EAAGqL,EAAGxN,EAAGmD,IACtC,CACQ,KAAIhB,GACA,OAAOnK,KAAKsV,WAAWnL,CACnC,CACQ,KAAIqL,GACA,OAAOxV,KAAKsV,WAAWE,CACnC,CAOQ,iBAAO+B,CAAWvH,GACd,MAAMwH,EAAQxP,EAAG+F,YAAYiC,EAAOlH,KAAKuE,GAAMA,EAAEyJ,MACjD,OAAO9G,EAAOlH,KAAI,CAACuE,EAAGpM,IAAMoM,EAAEiI,SAASkC,EAAMvW,MAAK6H,IAAI2N,EAAMa,WACxE,CAKQ,cAAOG,CAAQrU,GACX,MAAMsH,EAAI+L,EAAMa,WAAW3I,EAAUzJ,EAAY,WAAY9B,KAE7D,OADAsH,EAAEgN,iBACKhN,CACnB,CAEQ,qBAAOiN,CAAeC,GAClB,OAAOnB,EAAMrG,KAAKyH,SAAShC,EAAuB+B,GAC9D,CAEQ,UAAOE,CAAI9H,EAAQqB,GACf,OAAOD,GAAUqF,EAAOxB,EAAIjF,EAAQqB,EAChD,CAEQ,cAAA0G,CAAepI,GACXqI,EAAK9G,cAAclR,KAAM2P,EACrC,CAEQ,cAAA+H,GACIP,EAAgBnX,KAC5B,CACQ,QAAAiY,GACI,MAAMzC,EAAEA,GAAMxV,KAAKsV,WACnB,GAAItN,EAAGiF,MACH,OAAQjF,EAAGiF,MAAMuI,GACrB,MAAU/U,MAAM,8BAC5B,CAIQ,MAAAyX,CAAO1B,GACHD,EAAeC,GACf,MAAQI,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAOrY,MAC3B4W,GAAI0B,EAAIzB,GAAI0B,EAAIzB,GAAI0B,GAAOhC,EAC7BiC,EAAKzQ,EAAG6C,IAAI7C,EAAGgD,IAAImN,EAAIK,GAAKxQ,EAAGgD,IAAIsN,EAAID,IACvCK,EAAK1Q,EAAG6C,IAAI7C,EAAGgD,IAAIoN,EAAII,GAAKxQ,EAAGgD,IAAIuN,EAAIF,IAC7C,OAAOI,GAAMC,CACzB,CAIQ,MAAApJ,GACI,OAAO,IAAImH,EAAMzW,KAAK4W,GAAI5O,EAAGyD,IAAIzL,KAAK6W,IAAK7W,KAAK8W,GAC5D,CAKQ,MAAAhH,GACI,MAAMzN,EAAEA,EAACuE,EAAEA,GAAM0N,EACXqE,EAAK3Q,EAAGgD,IAAIpE,EAAG6C,KACbmN,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAOrY,KACnC,IAAI4Y,EAAK5Q,EAAG2D,KAAMkN,EAAK7Q,EAAG2D,KAAMmN,EAAK9Q,EAAG2D,KACpCoN,EAAK/Q,EAAGgD,IAAImN,EAAIA,GAChBa,EAAKhR,EAAGgD,IAAIoN,EAAIA,GAChBxM,EAAK5D,EAAGgD,IAAIqN,EAAIA,GAChBY,EAAKjR,EAAGgD,IAAImN,EAAIC,GA4BpB,OA3BAa,EAAKjR,EAAGoF,IAAI6L,EAAIA,GAChBH,EAAK9Q,EAAGgD,IAAImN,EAAIE,GAChBS,EAAK9Q,EAAGoF,IAAI0L,EAAIA,GAChBF,EAAK5Q,EAAGgD,IAAI3I,EAAGyW,GACfD,EAAK7Q,EAAGgD,IAAI2N,EAAI/M,GAChBiN,EAAK7Q,EAAGoF,IAAIwL,EAAIC,GAChBD,EAAK5Q,EAAGkD,IAAI8N,EAAIH,GAChBA,EAAK7Q,EAAGoF,IAAI4L,EAAIH,GAChBA,EAAK7Q,EAAGgD,IAAI4N,EAAIC,GAChBD,EAAK5Q,EAAGgD,IAAIiO,EAAIL,GAChBE,EAAK9Q,EAAGgD,IAAI2N,EAAIG,GAChBlN,EAAK5D,EAAGgD,IAAI3I,EAAGuJ,GACfqN,EAAKjR,EAAGkD,IAAI6N,EAAInN,GAChBqN,EAAKjR,EAAGgD,IAAI3I,EAAG4W,GACfA,EAAKjR,EAAGoF,IAAI6L,EAAIH,GAChBA,EAAK9Q,EAAGoF,IAAI2L,EAAIA,GAChBA,EAAK/Q,EAAGoF,IAAI0L,EAAIC,GAChBA,EAAK/Q,EAAGoF,IAAI2L,EAAInN,GAChBmN,EAAK/Q,EAAGgD,IAAI+N,EAAIE,GAChBJ,EAAK7Q,EAAGoF,IAAIyL,EAAIE,GAChBnN,EAAK5D,EAAGgD,IAAIoN,EAAIC,GAChBzM,EAAK5D,EAAGoF,IAAIxB,EAAIA,GAChBmN,EAAK/Q,EAAGgD,IAAIY,EAAIqN,GAChBL,EAAK5Q,EAAGkD,IAAI0N,EAAIG,GAChBD,EAAK9Q,EAAGgD,IAAIY,EAAIoN,GAChBF,EAAK9Q,EAAGoF,IAAI0L,EAAIA,GAChBA,EAAK9Q,EAAGoF,IAAI0L,EAAIA,GACT,IAAIrC,EAAMmC,EAAIC,EAAIC,EACrC,CAKQ,GAAA1L,CAAIoJ,GACAD,EAAeC,GACf,MAAQI,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAOrY,MAC3B4W,GAAI0B,EAAIzB,GAAI0B,EAAIzB,GAAI0B,GAAOhC,EACnC,IAAIoC,EAAK5Q,EAAG2D,KAAMkN,EAAK7Q,EAAG2D,KAAMmN,EAAK9Q,EAAG2D,KACxC,MAAMtJ,EAAIiS,EAAMjS,EACVsW,EAAK3Q,EAAGgD,IAAIsJ,EAAM1N,EAAG6C,IAC3B,IAAIsP,EAAK/Q,EAAGgD,IAAImN,EAAIG,GAChBU,EAAKhR,EAAGgD,IAAIoN,EAAIG,GAChB3M,EAAK5D,EAAGgD,IAAIqN,EAAIG,GAChBS,EAAKjR,EAAGoF,IAAI+K,EAAIC,GAChBc,EAAKlR,EAAGoF,IAAIkL,EAAIC,GACpBU,EAAKjR,EAAGgD,IAAIiO,EAAIC,GAChBA,EAAKlR,EAAGoF,IAAI2L,EAAIC,GAChBC,EAAKjR,EAAGkD,IAAI+N,EAAIC,GAChBA,EAAKlR,EAAGoF,IAAI+K,EAAIE,GAChB,IAAIc,EAAKnR,EAAGoF,IAAIkL,EAAIE,GA+BpB,OA9BAU,EAAKlR,EAAGgD,IAAIkO,EAAIC,GAChBA,EAAKnR,EAAGoF,IAAI2L,EAAInN,GAChBsN,EAAKlR,EAAGkD,IAAIgO,EAAIC,GAChBA,EAAKnR,EAAGoF,IAAIgL,EAAIC,GAChBO,EAAK5Q,EAAGoF,IAAImL,EAAIC,GAChBW,EAAKnR,EAAGgD,IAAImO,EAAIP,GAChBA,EAAK5Q,EAAGoF,IAAI4L,EAAIpN,GAChBuN,EAAKnR,EAAGkD,IAAIiO,EAAIP,GAChBE,EAAK9Q,EAAGgD,IAAI3I,EAAG6W,GACfN,EAAK5Q,EAAGgD,IAAI2N,EAAI/M,GAChBkN,EAAK9Q,EAAGoF,IAAIwL,EAAIE,GAChBF,EAAK5Q,EAAGkD,IAAI8N,EAAIF,GAChBA,EAAK9Q,EAAGoF,IAAI4L,EAAIF,GAChBD,EAAK7Q,EAAGgD,IAAI4N,EAAIE,GAChBE,EAAKhR,EAAGoF,IAAI2L,EAAIA,GAChBC,EAAKhR,EAAGoF,IAAI4L,EAAID,GAChBnN,EAAK5D,EAAGgD,IAAI3I,EAAGuJ,GACfsN,EAAKlR,EAAGgD,IAAI2N,EAAIO,GAChBF,EAAKhR,EAAGoF,IAAI4L,EAAIpN,GAChBA,EAAK5D,EAAGkD,IAAI6N,EAAInN,GAChBA,EAAK5D,EAAGgD,IAAI3I,EAAGuJ,GACfsN,EAAKlR,EAAGoF,IAAI8L,EAAItN,GAChBmN,EAAK/Q,EAAGgD,IAAIgO,EAAIE,GAChBL,EAAK7Q,EAAGoF,IAAIyL,EAAIE,GAChBA,EAAK/Q,EAAGgD,IAAImO,EAAID,GAChBN,EAAK5Q,EAAGgD,IAAIiO,EAAIL,GAChBA,EAAK5Q,EAAGkD,IAAI0N,EAAIG,GAChBA,EAAK/Q,EAAGgD,IAAIiO,EAAID,GAChBF,EAAK9Q,EAAGgD,IAAImO,EAAIL,GAChBA,EAAK9Q,EAAGoF,IAAI0L,EAAIC,GACT,IAAItC,EAAMmC,EAAIC,EAAIC,EACrC,CACQ,QAAAM,CAAS5C,GACL,OAAOxW,KAAKoN,IAAIoJ,EAAMlH,SAClC,CACQ,GAAAtC,GACI,OAAOhN,KAAKkY,OAAOzB,EAAM9K,KACrC,CACQ,IAAAuD,CAAKnK,GACD,OAAOiT,EAAKjH,WAAW/Q,KAAM+E,EAAG0R,EAAMc,WAClD,CAMQ,cAAA8B,CAAeC,GACXhD,EAAY,SAAUgD,EAAItX,GAAKsS,EAAMvP,GACrC,MAAMwU,EAAI9C,EAAM9K,KAChB,GAAI2N,IAAOtX,GACP,OAAOuX,EACX,GAAID,IAAOpX,GACP,OAAOlC,KACX,MAAM6U,KAAEA,GAASP,EACjB,IAAKO,EACD,OAAOmD,EAAKpI,aAAa5P,KAAMsZ,GAEnC,IAAIE,MAAEA,EAAKC,GAAEA,EAAEC,MAAEA,EAAKC,GAAEA,GAAO9E,EAAKE,YAAYuE,GAC5CM,EAAML,EACNM,EAAMN,EACNjM,EAAItN,KACR,KAAOyZ,EAAKzX,IAAO2X,EAAK3X,IAChByX,EAAKvX,KACL0X,EAAMA,EAAIxM,IAAIE,IACdqM,EAAKzX,KACL2X,EAAMA,EAAIzM,IAAIE,IAClBA,EAAIA,EAAEwC,SACN2J,IAAOvX,GACPyX,IAAOzX,GAOX,OALIsX,IACAI,EAAMA,EAAItK,UACVoK,IACAG,EAAMA,EAAIvK,UACduK,EAAM,IAAIpD,EAAMzO,EAAGgD,IAAI6O,EAAIjD,GAAI/B,EAAKC,MAAO+E,EAAIhD,GAAIgD,EAAI/C,IAChD8C,EAAIxM,IAAIyM,EAC3B,CAUQ,QAAAhC,CAASjG,GACL,MAAMiD,KAAEA,EAAM9P,EAAGgR,GAAMzB,EAEvB,IAAIc,EAAO0E,EACX,GAFAxD,EAAY,SAAU1E,EAAQ1P,GAAK6T,GAE/BlB,EAAM,CACN,MAAM2E,MAAEA,EAAKC,GAAEA,EAAEC,MAAEA,EAAKC,GAAEA,GAAO9E,EAAKE,YAAYnD,GAClD,IAAMvE,EAAGuM,EAAK/M,EAAGkN,GAAQ/Z,KAAKkP,KAAKuK,IAC7BpM,EAAGwM,EAAKhN,EAAGmN,GAAQha,KAAKkP,KAAKyK,GACnCC,EAAM5B,EAAK5I,gBAAgBoK,EAAOI,GAClCC,EAAM7B,EAAK5I,gBAAgBsK,EAAOG,GAClCA,EAAM,IAAIpD,EAAMzO,EAAGgD,IAAI6O,EAAIjD,GAAI/B,EAAKC,MAAO+E,EAAIhD,GAAIgD,EAAI/C,IACvD1B,EAAQwE,EAAIxM,IAAIyM,GAChBC,EAAOC,EAAI3M,IAAI4M,EAC/B,KACiB,CACD,MAAM3M,EAAEA,EAACR,EAAEA,GAAM7M,KAAKkP,KAAK0C,GAC3BwD,EAAQ/H,EACRyM,EAAOjN,CACvB,CAEY,OAAO4J,EAAMc,WAAW,CAACnC,EAAO0E,IAAO,EACnD,CAOQ,oBAAAG,CAAqB5O,EAAGhJ,EAAGuE,GACvB,MAAMsT,EAAIzD,EAAMrG,KACVpF,EAAM,CAACN,EAAGrI,IACVA,IAAML,IAAOK,IAAMH,IAAQwI,EAAEwN,OAAOgC,GAA2BxP,EAAEmN,SAASxV,GAAjCqI,EAAE2O,eAAehX,GAC1DmD,EAAMwF,EAAIhL,KAAMqC,GAAG+K,IAAIpC,EAAIK,EAAGzE,IACpC,OAAOpB,EAAIwH,WAAQtI,EAAYc,CAC3C,CAIQ,QAAA8P,CAASqB,GACL,OAAOD,EAAa1W,KAAM2W,EACtC,CACQ,aAAAjC,GACI,MAAQ/N,EAAGwT,EAAQzF,cAAEA,GAAkBJ,EACvC,GAAI6F,IAAajY,GACb,OAAO,EACX,GAAIwS,EACA,OAAOA,EAAc+B,EAAOzW,MAChC,MAAUS,MAAM,+DAC5B,CACQ,aAAAkU,GACI,MAAQhO,EAAGwT,EAAQxF,cAAEA,GAAkBL,EACvC,OAAI6F,IAAajY,GACNlC,KACP2U,EACOA,EAAc8B,EAAOzW,MACzBA,KAAKqZ,eAAe/E,EAAM3N,EAC7C,CACQ,UAAAyT,CAAWC,GAAe,GAGtB,OAFA5X,EAAM,eAAgB4X,GACtBra,KAAK0X,iBACErX,EAAQoW,EAAOzW,KAAMqa,EACxC,CACQ,KAAAC,CAAMD,GAAe,GAEjB,OADA5X,EAAM,eAAgB4X,GACfpE,EAAcjW,KAAKoa,WAAWC,GACjD,EAEI5D,EAAMrG,KAAO,IAAIqG,EAAMnC,EAAMrC,GAAIqC,EAAMpC,GAAIlK,EAAGmD,KAC9CsL,EAAM9K,KAAO,IAAI8K,EAAMzO,EAAG2D,KAAM3D,EAAGmD,IAAKnD,EAAG2D,MAC3C,MAAM4O,EAAQjG,EAAMrI,WACd+L,EAAO9I,GAAKuH,EAAOnC,EAAMO,KAAOzI,KAAKC,KAAKkO,EAAQ,GAAKA,GAE7D,MAAO,CACHjG,QACAkG,gBAAiB/D,EACjBZ,yBACAH,sBACA+E,mBAnZJ,SAA4BnX,GACxB,OAAOoX,EAAWpX,EAAKpB,GAAKoS,EAAMvP,EAC1C,EAmZA,CAqBO,SAAS4V,GAAYC,GACxB,MAAMtG,EArBV,SAAsBtC,GAClB,MAAMvC,EAAOsC,GAAcC,GAU3B,OATAuC,EAAkB9E,EAAM,CACpB5P,KAAM,OACNiC,KAAM,WACN+Y,YAAa,YACd,CACCC,SAAU,WACVC,cAAe,WACf3I,KAAM,YAEHxQ,OAAOkL,OAAO,CAAEsF,MAAM,KAAS3C,GAC1C,CASkBuL,CAAaJ,IACrB5S,GAAEA,EAAIjD,EAAGkW,GAAgB3G,EACzB4G,EAAgBlT,EAAG2E,MAAQ,EAC3BwO,EAAkB,EAAInT,EAAG2E,MAAQ,EACvC,SAASyO,EAAK/Y,GACV,OAAOgU,EAAQhU,EAAG4Y,EAC1B,CACI,SAASI,EAAKhZ,GACV,OAAOiZ,GAAWjZ,EAAG4Y,EAC7B,CACI,MAAQT,gBAAiB/D,EAAKZ,uBAAEA,EAAsBH,oBAAEA,EAAmB+E,mBAAEA,GAAwBpG,GAAkB,IAChHC,EACH,OAAAjU,CAAQ8U,EAAIC,EAAOiF,GACf,MAAMhY,EAAI+S,EAAME,WACVnL,EAAInC,EAAG3H,QAAQgC,EAAE8H,GACjBoR,EAAMhG,EAEZ,OADA9S,EAAM,eAAgB4X,GAClBA,EACOkB,EAAI1a,WAAWiC,KAAK,CAACsS,EAAM6C,WAAa,EAAO,IAAQ9N,GAGvDoR,EAAI1a,WAAWiC,KAAK,CAAC,IAAQqH,EAAGnC,EAAG3H,QAAQgC,EAAEmT,GAE3D,EACD,SAAA7G,CAAUxL,GACN,MAAM6B,EAAM7B,EAAMpC,OACZya,EAAOrY,EAAM,GACbsS,EAAOtS,EAAMiQ,SAAS,GAE5B,GAAIpO,IAAQkW,GAA2B,IAATM,GAA0B,IAATA,EAoB1C,IAAIxW,IAAQmW,GAA4B,IAATK,EAAe,CAG/C,MAAO,CAAErR,EAFCnC,EAAG2G,UAAU8G,EAAKrC,SAAS,EAAGpL,EAAG2E,QAE/B6I,EADFxN,EAAG2G,UAAU8G,EAAKrC,SAASpL,EAAG2E,MAAO,EAAI3E,EAAG2E,QAEtE,CAEgB,MAAUlM,MAAM,mBAAmBuE,2BAA6BkW,yBAAqCC,uBACrH,CA3B2E,CAC3D,MAAMhR,EAAIgM,EAAmBV,GAC7B,IAAKiF,EAAWvQ,EAAGjI,GAAK8F,EAAGuE,OACvB,MAAU9L,MAAM,yBACpB,MAAMgb,EAAK/F,EAAoBvL,GAC/B,IAAIqL,EACJ,IACIA,EAAIxN,EAAG8F,KAAK2N,EAChC,CACgB,MAAOC,GACH,MAAMC,EAASD,aAAqBjb,MAAQ,KAAOib,EAAU3Z,QAAU,GACvE,MAAUtB,MAAM,wBAA0Bkb,EAC9D,CAMgB,QAHiC,GAAdH,OAFHhG,EAAItT,MAASA,MAIzBsT,EAAIxN,EAAGyD,IAAI+J,IACR,CAAErL,IAAGqL,IAC5B,CASS,IAECoG,EAAiBtY,GAAQ2S,EAAc4F,EAAmBvY,EAAKgR,EAAMnI,cAC3E,SAAS2P,EAAsBzR,GAE3B,OAAOA,EADM4Q,GAAe/Y,EAEpC,CAKI,MAAM6Z,EAAS,CAACnV,EAAG9D,EAAMnB,IAAOwU,EAAmBvP,EAAEK,MAAMnE,EAAMnB,IAIjE,MAAMqa,EACF,WAAApc,CAAY2K,EAAGgH,EAAG0K,GACdjc,KAAKuK,EAAIA,EACTvK,KAAKuR,EAAIA,EACTvR,KAAKic,SAAWA,EAChBjc,KAAK0X,gBACjB,CAEQ,kBAAOwE,CAAY9Y,GACf,MAAMiQ,EAAIiB,EAAMnI,YAEhB,OADA/I,EAAM8B,EAAY,mBAAoB9B,EAAS,EAAJiQ,GACpC,IAAI2I,EAAUD,EAAO3Y,EAAK,EAAGiQ,GAAI0I,EAAO3Y,EAAKiQ,EAAG,EAAIA,GACvE,CAGQ,cAAO8I,CAAQ/Y,GACX,MAAMmH,EAAEA,EAACgH,EAAEA,GAAMkB,GAAIe,MAAMtO,EAAY,MAAO9B,IAC9C,OAAO,IAAI4Y,EAAUzR,EAAGgH,EACpC,CACQ,cAAAmG,GACIpB,EAAY,IAAKtW,KAAKuK,EAAGrI,GAAK+Y,GAC9B3E,EAAY,IAAKtW,KAAKuR,EAAGrP,GAAK+Y,EAC1C,CACQ,cAAAmB,CAAeH,GACX,OAAO,IAAID,EAAUhc,KAAKuK,EAAGvK,KAAKuR,EAAG0K,EACjD,CACQ,gBAAAI,CAAiBC,GACb,MAAM/R,EAAGgH,EAAEA,EAAG0K,SAAUM,GAAQvc,KAC1B2G,EAAIoU,EAAc7V,EAAY,UAAWoX,IAC/C,GAAW,MAAPC,IAAgB,CAAC,EAAG,EAAG,EAAG,GAAGrG,SAASqG,GACtC,MAAU9b,MAAM,uBACpB,MAAM+b,EAAe,IAARD,GAAqB,IAARA,EAAYhS,EAAI+J,EAAMvP,EAAIwF,EACpD,GAAIiS,GAAQxU,EAAGuE,MACX,MAAU9L,MAAM,8BACpB,MAAMgc,EAAgB,EAANF,EAAwB,KAAP,KAC3BG,EAAIjG,EAAMgB,QAAQgF,EAASb,EAAcY,IACzCG,EAAKtB,EAAKmB,GACVI,EAAKxB,GAAMzU,EAAIgW,GACfE,EAAKzB,EAAK7J,EAAIoL,GACdtR,EAAIoL,EAAMrG,KAAK6J,qBAAqByC,EAAGE,EAAIC,GACjD,IAAKxR,EACD,MAAU5K,MAAM,qBAEpB,OADA4K,EAAEqM,iBACKrM,CACnB,CAEQ,QAAAyR,GACI,OAAOhB,EAAsB9b,KAAKuR,EAC9C,CACQ,UAAAwL,GACI,OAAO/c,KAAK8c,WAAa,IAAId,EAAUhc,KAAKuK,EAAG6Q,GAAMpb,KAAKuR,GAAIvR,KAAKic,UAAYjc,IAC3F,CAEQ,aAAAgd,GACI,OAAOC,EAAcjd,KAAKkd,WACtC,CACQ,QAAAA,GACI,OAAOzK,GAAIyB,WAAW,CAAE3J,EAAGvK,KAAKuK,EAAGgH,EAAGvR,KAAKuR,GACvD,CAEQ,iBAAA4L,GACI,OAAOF,EAAcjd,KAAKod,eACtC,CACQ,YAAAA,GACI,OAAOxB,EAAc5b,KAAKuK,GAAKqR,EAAc5b,KAAKuR,EAC9D,EAEI,MAAM8L,EAAQ,CACV,iBAAAC,CAAkB1F,GACd,IAEI,OADA/B,EAAuB+B,IAChB,CACvB,CACY,MAAOxB,GACH,OAAO,CACvB,CACS,EACDP,uBAAwBA,EAKxB0H,iBAAkB,KACd,MAAMxc,EAASyc,GAAqBlJ,EAAMvP,GAC1C,OFzWL,SAAwB3E,EAAKyO,EAAYrC,GAAO,GACnD,MAAMxH,EAAM5E,EAAIW,OACV0c,EAAW7O,GAAoBC,GAC/B6O,EAAS3O,GAAiBF,GAEhC,GAAI7J,EAAM,IAAMA,EAAM0Y,GAAU1Y,EAAM,KAClC,MAAUvE,MAAM,YAAYid,8BAAmC1Y,KACnE,MAEM2Y,EAAU9T,EAFJ2C,EAAO7H,EAAgBvE,GAAOwE,EAAgBxE,GAEjCyO,EAAa3M,GAAOA,EAC7C,OAAOsK,EAAOvH,EAAgB0Y,EAASF,GAAY3Y,EAAgB6Y,EAASF,EAChF,CE8VmBG,CAAmBtJ,EAAMuG,YAAY9Z,GAASuT,EAAMvP,EAAE,EAUjE8Y,WAAU,CAAClO,EAAa,EAAGyF,EAAQqB,EAAMrG,QACrCgF,EAAM2C,eAAepI,GACrByF,EAAMyC,SAAS5V,OAAO,IACfmT,IAef,SAAS0I,EAAUtb,GACf,MAAM2D,EAAM6P,EAAWxT,GACjB8G,EAAsB,iBAAT9G,EACbwC,GAAOmB,GAAOmD,IAAQ9G,EAAKzB,OACjC,OAAIoF,EACOnB,IAAQkW,GAAiBlW,IAAQmW,EACxC7R,EACOtE,IAAQ,EAAIkW,GAAiBlW,IAAQ,EAAImW,EAChD3Y,aAAgBiU,CAG5B,CAuBI,MAAMqE,EAAWxG,EAAMwG,UACnB,SAAU3X,GAGN,MAAMG,EAAM6S,EAAmBhT,GACzB4a,EAAuB,EAAf5a,EAAMpC,OAAauT,EAAMrI,WACvC,OAAO8R,EAAQ,EAAIza,GAAOrB,OAAO8b,GAASza,CAC7C,EACCyX,EAAgBzG,EAAMyG,eACxB,SAAU5X,GACN,OAAOiY,EAAKN,EAAS3X,GACxB,EAEC6a,EAAaC,EAAW3J,EAAMrI,YAIpC,SAASiS,EAAW5a,GAGhB,OAFAgT,EAAY,WAAWhC,EAAMrI,WAAc3I,EAAKtB,GAAKgc,GAE9CnC,EAAmBvY,EAAKgR,EAAMnI,YAC7C,CAMI,SAASgS,EAAQ7B,EAAS1E,EAAYnI,EAAO2O,GACzC,GAAI,CAAC,YAAa,aAAaC,MAAM5X,GAAMA,KAAKgJ,IAC5C,MAAUhP,MAAM,uCACpB,MAAMZ,KAAEA,EAAIgb,YAAEA,GAAgBvG,EAC9B,IAAIlC,KAAEA,EAAIC,QAAEA,EAASiM,aAAcC,GAAQ9O,EAC/B,MAAR2C,IACAA,GAAO,GACXkK,EAAUpX,EAAY,UAAWoX,GACjCnK,GAAmB1C,GACf4C,IACAiK,EAAUpX,EAAY,oBAAqBrF,EAAKyc,KAIpD,MAAMkC,EAAQzD,EAAcuB,GACtBhP,EAAIuI,EAAuB+B,GAC3B6G,EAAW,CAACP,EAAW5Q,GAAI4Q,EAAWM,IAE5C,GAAW,MAAPD,IAAuB,IAARA,EAAe,CAE9B,MAAMlZ,GAAY,IAARkZ,EAAe1D,EAAY7S,EAAG2E,OAAS4R,EACjDE,EAASvX,KAAKhC,EAAY,eAAgBG,GACtD,CACQ,MAAMyB,EAAOyO,KAAkBkJ,GACzBjU,EAAIgU,EA0BV,MAAO,CAAE1X,OAAM4X,MAxBf,SAAeC,GAEX,MAAMlY,EAAIqU,EAAS6D,GACnB,IAAKlE,EAAmBhU,GACpB,OACJ,MAAMmY,EAAKvD,EAAK5U,GACVoY,EAAIpI,EAAMrG,KAAKyH,SAASpR,GAAG6O,WAC3B/K,EAAI6Q,EAAKyD,EAAE1U,GACjB,GAAII,IAAMvI,GACN,OAIJ,MAAMuP,EAAI6J,EAAKwD,EAAKxD,EAAK5Q,EAAID,EAAI+C,IACjC,GAAIiE,IAAMvP,GACN,OACJ,IAAIia,GAAY4C,EAAE1U,IAAMI,EAAI,EAAI,GAAK3C,OAAOiX,EAAErJ,EAAItT,IAC9C4c,EAAQvN,EAKZ,OAJIa,GAAQ0J,EAAsBvK,KAC9BuN,EAlOZ,SAAoBvN,GAChB,OAAOuK,EAAsBvK,GAAK6J,GAAM7J,GAAKA,CACrD,CAgOwBwL,CAAWxL,GACnB0K,GAAY,GAET,IAAID,EAAUzR,EAAGuU,EAAO7C,EAC3C,EAEA,CACI,MAAMmC,EAAiB,CAAEhM,KAAMkC,EAAMlC,KAAMC,SAAS,GAC9C0M,EAAiB,CAAE3M,KAAMkC,EAAMlC,KAAMC,SAAS,GAwFpD,OAnEAoE,EAAMrG,KAAK2H,eAAe,GAmEnB,CACHzD,QACA0K,aAlNJ,SAAsBpH,EAAYyC,GAAe,GAC7C,OAAO5D,EAAMkB,eAAeC,GAAYwC,WAAWC,EAC3D,EAiNQ4E,gBAvLJ,SAAyBC,EAAUC,EAAS9E,GAAe,GACvD,GAAIyD,EAAUoB,GACV,MAAUze,MAAM,iCACpB,IAAKqd,EAAUqB,GACX,MAAU1e,MAAM,iCAEpB,OADUgW,EAAMgB,QAAQ0H,GACftH,SAAShC,EAAuBqJ,IAAW9E,WAAWC,EACvE,EAiLQ+E,KA9EJ,SAAc9C,EAAS+C,EAAS5P,EAAO2O,GACnC,MAAMtX,KAAEA,EAAI4X,MAAEA,GAAUP,EAAQ7B,EAAS+C,EAAS5P,GAC5C6P,EAAIhL,EAEV,OADaiL,EAAkBD,EAAEzf,KAAKc,UAAW2e,EAAEnT,YAAamT,EAAExd,KAC3D0d,CAAK1Y,EAAM4X,EAC1B,EA0EQe,OAzDJ,SAAgBC,EAAWpD,EAASqD,EAAWlQ,EAAOsP,GAClD,MAAMa,EAAKF,EAGX,GAFApD,EAAUpX,EAAY,UAAWoX,GACjCqD,EAAYza,EAAY,YAAaya,GACjC,WAAYlQ,EACZ,MAAUhP,MAAM,sCACpB0R,GAAmB1C,GACnB,MAAM2C,KAAEA,EAAIC,QAAEA,GAAY5C,EAC1B,IAAIoQ,EACAnV,EACJ,IACI,GAAkB,iBAAPkV,GAAmB5J,EAAW4J,GAGrC,IACIC,EAAO7D,EAAUG,QAAQyD,EAC7C,CACgB,MAAOE,GACH,KAAMA,aAAoBrN,GAAIC,KAC1B,MAAMoN,EACVD,EAAO7D,EAAUE,YAAY0D,EACjD,KAEiB,IAAkB,iBAAPA,GAAmC,iBAATA,EAAGrV,GAAkC,iBAATqV,EAAGrO,EAKrE,MAAU9Q,MAAM,SALqE,CACrF,MAAM8J,EAAEA,EAACgH,EAAEA,GAAMqO,EACjBC,EAAO,IAAI7D,EAAUzR,EAAGgH,EACxC,CAGA,CACY7G,EAAI+L,EAAMgB,QAAQkI,EAC9B,CACQ,MAAOvJ,GACH,GAAsB,UAAlBA,EAAMrU,QACN,MAAUtB,MAAM,kEACpB,OAAO,CACnB,CACQ,GAAI2R,GAAQyN,EAAK/C,WACb,OAAO,EACPzK,IACAiK,EAAUhI,EAAMzU,KAAKyc,IACzB,MAAM/R,EAAEA,EAACgH,EAAEA,GAAMsO,EACXlZ,EAAIoU,EAAcuB,GAClByD,EAAK1E,EAAK9J,GACVqL,EAAKxB,EAAKzU,EAAIoZ,GACdlD,EAAKzB,EAAK7Q,EAAIwV,GACdrD,EAAIjG,EAAMrG,KAAK6J,qBAAqBvP,EAAGkS,EAAIC,IAAKvH,WACtD,QAAKoH,GAEKtB,EAAKsB,EAAEvS,KACJI,CACrB,EAOQiQ,gBAAiB/D,EACjBuF,YACAqB,QAER;sECj/BO,SAAS2C,GAAQngB,GACpB,MAAO,CACHA,OACAiC,KAAM,CAAC1B,KAAQ6f,IAASne,EAAKjC,EAAMO,EAAKkF,KAAe2a,IACvDpF,cAER,CACO,SAASqF,GAAYtF,EAAUuF,GAClC,MAAM5f,EAAUV,GAAS8a,GAAY,IAAKC,KAAaoF,GAAQngB,KAC/D,OAAO+B,OAAOkL,OAAO,IAAKvM,EAAO4f,GAAU5f,UAC/C;sED4IgF0B,OAAO,GEnJvF,MAAM+F,GAAKsE,GAAMrK,OAAO,uEAIXme,GAAOF,GAAY,CAC5B7d,EAJY2F,GAAGzH,OAAO0B,OAAO,OAK7B2E,EAJY3E,OAAO,sEAKvB+F,GAAIA,GAEAjD,EAAG9C,OAAO,sEAEVgQ,GAAIhQ,OAAO,sEACXiQ,GAAIjQ,OAAO,sEACX0E,EAAG1E,OAAO,GACVmQ,MAAM,GACPiO,GCZGrY,GAAKsE,GADDrK,OAAO,uGAMJqe,GAAOJ,GAAY,CAC5B7d,EALY2F,GAAGzH,OAAO0B,OAAO,OAM7B2E,EAJY3E,OAAO,sGAKvB+F,GAAIA,GAEAjD,EAAG9C,OAAO,sGAEVgQ,GAAIhQ,OAAO,sGACXiQ,GAAIjQ,OAAO,sGACX0E,EAAG1E,OAAO,GACVmQ,MAAM,GACPmO,GCfGvY,GAAKsE,GADDrK,OAAO,0IAEXqS,GAAQ,CACVjS,EAAG2F,GAAGzH,OAAO0B,OAAO,OACpB2E,EAAG3E,OAAO,0IACd+F,GAAIA,GACAjD,EAAG9C,OAAO,0IACVgQ,GAAIhQ,OAAO,0IACXiQ,GAAIjQ,OAAO,0IACX0E,EAAG1E,OAAO,IAGDue,GAAON,GAAY,CAC5B7d,EAAGiS,GAAMjS,EACTuE,EAAG0N,GAAM1N,EACboB,GAAIA,GAEAjD,EAAGuP,GAAMvP,EACTkN,GAAIqC,GAAMrC,GACVC,GAAIoC,GAAMpC,GACVvL,EAAG2N,GAAM3N,EACTyL,MAAM,EACNoC,yBAA0B,CAAC,IAAK,IAAK,MACtCiM,GC1BGze,GAAMC,OAAO,GAAIC,GAAMD,OAAO,GAAIE,GAAMF,OAAO,GAAI2H,GAAM3H,OAAO,GAEhEye,GAAiB,CAAEC,QAAQ,GAwB1B,SAASC,GAAehG,GAC3B,MAAMtG,EAxBV,SAAsBtC,GAClB,MAAMvC,EAAOsC,GAAcC,GAa3B,OAZAuC,EAAkBvC,EAAO,CACrBnS,KAAM,WACNwC,EAAG,SACHiL,EAAG,SACHuN,YAAa,YACd,CACCgG,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAGTpf,OAAOkL,OAAO,IAAK2C,GAC9B,CASkBuL,CAAaJ,IACrB5S,GAAEA,EAAIjD,EAAGkW,EAAa5I,QAASA,EAASxS,KAAMohB,EAAKpG,YAAEA,EAAW1O,YAAEA,EAAaxF,EAAGwT,GAAc7F,EAChGvH,EAAO5K,IAAQF,OAAqB,EAAdkK,GAAmBjK,GACzCgf,EAAOlZ,EAAGzH,OACV0U,EAAK3I,GAAMgI,EAAMvP,EAAGuP,EAAMrI,YAE1B8U,EAAUzM,EAAMyM,SAC1B,EAAUzW,EAAG9D,KACD,IACI,MAAO,CAAEyB,SAAS,EAAMtF,MAAOqF,EAAG8F,KAAKxD,EAAItC,EAAG6F,IAAIrH,IAClE,CACY,MAAOnB,GACH,MAAO,CAAE4C,SAAS,EAAOtF,MAAOX,GAChD,CACS,GACC6e,EAAoBvM,EAAMuM,mBAAsB,CAAC1d,GAAUA,GAC3D2d,EAASxM,EAAMwM,QACzB,EAAU7a,EAAMkb,EAAKC,KAET,GADA3e,EAAM,SAAU2e,GACZD,EAAIpgB,QAAUqgB,EACd,MAAU3gB,MAAM,uCACpB,OAAOwF,CACV,GAGL,SAASob,EAAY3e,EAAOqC,GACxBuR,EAAY,cAAgB5T,EAAOqC,EAAG/C,GAAK+K,EACnD,CACI,SAASuU,EAAY9K,GACjB,KAAMA,aAAiBC,GACnB,MAAUhW,MAAM,yBAC5B,CAGI,MAAMiW,EAAe9N,GAAS,CAACyE,EAAGsJ,KAC9B,MAAQ4K,GAAIpX,EAAGqX,GAAIhM,EAAGiM,GAAI1K,GAAM1J,EAC1BL,EAAMK,EAAEL,MACJ,MAAN2J,IACAA,EAAK3J,EAAMpD,GAAM5B,EAAG6F,IAAIkJ,IAC5B,MAAMC,EAAKkK,EAAK/W,EAAIwM,GACdM,EAAKiK,EAAK1L,EAAImB,GACdO,EAAKgK,EAAKnK,EAAIJ,GACpB,GAAI3J,EACA,MAAO,CAAE7C,EAAGnI,GAAKwT,EAAGtT,IACxB,GAAIgV,IAAOhV,GACP,MAAUzB,MAAM,oBACpB,MAAO,CAAE0J,EAAG6M,EAAIxB,EAAGyB,EAAI,IAErBE,EAAkBvO,GAAUyE,IAC9B,MAAMhL,EAAEA,EAACiL,EAAEA,GAAMgH,EACjB,GAAIjH,EAAEL,MACF,MAAUvM,MAAM,mBAGpB,MAAQ8gB,GAAIG,EAAGF,GAAIG,EAAGF,GAAIlW,EAAGqW,GAAIC,GAAMxU,EACjCiL,EAAK4I,EAAKQ,EAAIA,GACdnJ,EAAK2I,EAAKS,EAAIA,GACdnJ,EAAK0I,EAAK3V,EAAIA,GACduW,EAAKZ,EAAK1I,EAAKA,GACfuJ,EAAMb,EAAK5I,EAAKjW,GAGtB,GAFa6e,EAAK1I,EAAK0I,EAAKa,EAAMxJ,MACpB2I,EAAKY,EAAKZ,EAAK5T,EAAI4T,EAAK5I,EAAKC,KAEvC,MAAU9X,MAAM,yCAIpB,GAFWygB,EAAKQ,EAAIC,KACTT,EAAK3V,EAAIsW,GAEhB,MAAUphB,MAAM,yCACpB,OAAO,CAAI,IAIf,MAAMgW,EACF,WAAA7W,CAAY2hB,EAAIC,EAAIC,EAAIG,GACpB5hB,KAAKuhB,GAAKA,EACVvhB,KAAKwhB,GAAKA,EACVxhB,KAAKyhB,GAAKA,EACVzhB,KAAK4hB,GAAKA,EACVP,EAAY,IAAKE,GACjBF,EAAY,IAAKG,GACjBH,EAAY,IAAKI,GACjBJ,EAAY,IAAKO,GACjBhgB,OAAOkL,OAAO9M,KAC1B,CACQ,KAAImK,GACA,OAAOnK,KAAKsV,WAAWnL,CACnC,CACQ,KAAIqL,GACA,OAAOxV,KAAKsV,WAAWE,CACnC,CACQ,iBAAO8B,CAAWjK,GACd,GAAIA,aAAaoJ,EACb,MAAUhW,MAAM,8BACpB,MAAM0J,EAAEA,EAACqL,EAAEA,GAAMnI,GAAK,CAAE,EAGxB,OAFAgU,EAAY,IAAKlX,GACjBkX,EAAY,IAAK7L,GACV,IAAIiB,EAAMtM,EAAGqL,EAAGtT,GAAKgf,EAAK/W,EAAIqL,GACjD,CACQ,iBAAO+B,CAAWvH,GACd,MAAMwH,EAAQxP,EAAG+F,YAAYiC,EAAOlH,KAAKuE,GAAMA,EAAEoU,MACjD,OAAOzR,EAAOlH,KAAI,CAACuE,EAAGpM,IAAMoM,EAAEiI,SAASkC,EAAMvW,MAAK6H,IAAI2N,EAAMa,WACxE,CAEQ,UAAOQ,CAAI9H,EAAQqB,GACf,OAAOD,GAAUqF,EAAOxB,EAAIjF,EAAQqB,EAChD,CAEQ,cAAA0G,CAAepI,GACXqI,EAAK9G,cAAclR,KAAM2P,EACrC,CAGQ,cAAA+H,GACIP,EAAgBnX,KAC5B,CAEQ,MAAAkY,CAAO1B,GACH8K,EAAY9K,GACZ,MAAQ+K,GAAIpJ,EAAIqJ,GAAIpJ,EAAIqJ,GAAIpJ,GAAOrY,MAC3BuhB,GAAIjJ,EAAIkJ,GAAIjJ,EAAIkJ,GAAIjJ,GAAOhC,EAC7BwL,EAAOd,EAAK/I,EAAKK,GACjByJ,EAAOf,EAAK5I,EAAKD,GACjB6J,EAAOhB,EAAK9I,EAAKI,GACjB2J,EAAOjB,EAAK3I,EAAKF,GACvB,OAAO2J,IAASC,GAAQC,IAASC,CAC7C,CACQ,GAAAnV,GACI,OAAOhN,KAAKkY,OAAOzB,EAAM9K,KACrC,CACQ,MAAA2D,GAEI,OAAO,IAAImH,EAAMyK,GAAMlhB,KAAKuhB,IAAKvhB,KAAKwhB,GAAIxhB,KAAKyhB,GAAIP,GAAMlhB,KAAK4hB,IAC1E,CAIQ,MAAA9R,GACI,MAAMzN,EAAEA,GAAMiS,GACNiN,GAAIpJ,EAAIqJ,GAAIpJ,EAAIqJ,GAAIpJ,GAAOrY,KAC7BoiB,EAAIlB,EAAK/I,EAAKA,GACdkK,EAAInB,EAAK9I,EAAKA,GACdkH,EAAI4B,EAAK/e,GAAM+e,EAAK7I,EAAKA,IACzBiK,EAAIpB,EAAK7e,EAAI+f,GACbG,EAAOpK,EAAKC,EACZvF,EAAIqO,EAAKA,EAAKqB,EAAOA,GAAQH,EAAIC,GACjCnI,EAAIoI,EAAID,EACRG,EAAItI,EAAIoF,EACRmD,EAAIH,EAAID,EACRzJ,EAAKsI,EAAKrO,EAAI2P,GACd3J,EAAKqI,EAAKhH,EAAIuI,GACdC,EAAKxB,EAAKrO,EAAI4P,GACd3J,EAAKoI,EAAKsB,EAAItI,GACpB,OAAO,IAAIzD,EAAMmC,EAAIC,EAAIC,EAAI4J,EACzC,CAIQ,GAAAtV,CAAIoJ,GACA8K,EAAY9K,GACZ,MAAMnU,EAAEA,EAACiL,EAAEA,GAAMgH,GACTiN,GAAIpJ,EAAIqJ,GAAIpJ,EAAIqJ,GAAIpJ,EAAIuJ,GAAIe,GAAO3iB,MACnCuhB,GAAIjJ,EAAIkJ,GAAIjJ,EAAIkJ,GAAIjJ,EAAIoJ,GAAIgB,GAAOpM,EAK3C,GAAInU,IAAMJ,QAAQ,GAAI,CAClB,MAAMmgB,EAAIlB,GAAM9I,EAAKD,IAAOI,EAAKD,IAC3B+J,EAAInB,GAAM9I,EAAKD,IAAOI,EAAKD,IAC3BkK,EAAItB,EAAKmB,EAAID,GACnB,GAAII,IAAMxgB,GACN,OAAOhC,KAAK8P,SAChB,MAAMwP,EAAI4B,EAAK7I,EAAKlW,GAAMygB,GACpBN,EAAIpB,EAAKyB,EAAKxgB,GAAMqW,GACpB3F,EAAIyP,EAAIhD,EACRpF,EAAImI,EAAID,EACRK,EAAIH,EAAIhD,EACR1G,EAAKsI,EAAKrO,EAAI2P,GACd3J,EAAKqI,EAAKhH,EAAIuI,GACdC,EAAKxB,EAAKrO,EAAI4P,GACd3J,EAAKoI,EAAKsB,EAAItI,GACpB,OAAO,IAAIzD,EAAMmC,EAAIC,EAAIC,EAAI4J,EAC7C,CACY,MAAMN,EAAIlB,EAAK/I,EAAKG,GACd+J,EAAInB,EAAK9I,EAAKG,GACd+G,EAAI4B,EAAKyB,EAAKrV,EAAIsV,GAClBN,EAAIpB,EAAK7I,EAAKG,GACd3F,EAAIqO,GAAM/I,EAAKC,IAAOE,EAAKC,GAAM6J,EAAIC,GACrCG,EAAIF,EAAIhD,EACRpF,EAAIoI,EAAIhD,EACRmD,EAAIvB,EAAKmB,EAAIhgB,EAAI+f,GACjBxJ,EAAKsI,EAAKrO,EAAI2P,GACd3J,EAAKqI,EAAKhH,EAAIuI,GACdC,EAAKxB,EAAKrO,EAAI4P,GACd3J,EAAKoI,EAAKsB,EAAItI,GACpB,OAAO,IAAIzD,EAAMmC,EAAIC,EAAIC,EAAI4J,EACzC,CACQ,QAAAtJ,CAAS5C,GACL,OAAOxW,KAAKoN,IAAIoJ,EAAMlH,SAClC,CACQ,IAAAJ,CAAKnK,GACD,OAAOiT,EAAKjH,WAAW/Q,KAAM+E,EAAG0R,EAAMc,WAClD,CAEQ,QAAAM,CAASjG,GACL,MAAM7M,EAAI6M,EACV0E,EAAY,SAAUvR,EAAG7C,GAAK+Y,GAC9B,MAAM5N,EAAEA,EAACR,GAAQ7M,KAAKkP,KAAKnK,GAC3B,OAAO0R,EAAMc,WAAW,CAAClK,EAAGR,IAAI,EAC5C,CAKQ,cAAAwM,CAAezH,GACX,MAAM7M,EAAI6M,EAEV,OADA0E,EAAY,SAAUvR,EAAG/C,GAAKiZ,GAC1BlW,IAAM/C,GACCuX,EACPvZ,KAAKkY,OAAOqB,IAAMxU,IAAM7C,GACjBlC,KACPA,KAAKkY,OAAOgC,GACLla,KAAKkP,KAAKnK,GAAGsI,EACjB2K,EAAKpI,aAAa5P,KAAM+E,EAC3C,CAKQ,YAAA8d,GACI,OAAO7iB,KAAKqZ,eAAec,GAAUnN,KACjD,CAGQ,aAAA0H,GACI,OAAOsD,EAAKpI,aAAa5P,KAAMib,GAAajO,KACxD,CAGQ,QAAAsI,CAASqB,GACL,OAAOD,EAAa1W,KAAM2W,EACtC,CACQ,aAAAhC,GACI,MAAQhO,EAAGwT,GAAa7F,EACxB,OAAI6F,IAAajY,GACNlC,KACJA,KAAKqZ,eAAec,EACvC,CAGQ,cAAO1C,CAAQrU,EAAKud,GAAS,GACzB,MAAMrT,EAAEA,EAACjL,EAAEA,GAAMiS,EACXtP,EAAMgD,EAAG2E,MACfvJ,EAAM8B,EAAY,WAAY9B,EAAK4B,GACnCvC,EAAM,SAAUke,GAChB,MAAMmC,EAAS1f,EAAI6D,QACb8b,EAAW3f,EAAI4B,EAAM,GAC3B8d,EAAO9d,EAAM,IAAgB,IAAX+d,EAClB,MAAMvN,EAAIwN,EAAmBF,GAIvBld,EAAM+a,EAAS5T,EAAO/E,EAAGuE,MAC/B+J,EAAY,aAAcd,EAAGxT,GAAK4D,GAGlC,MAAM6V,EAAKyF,EAAK1L,EAAIA,GACdlL,EAAI4W,EAAKzF,EAAKvZ,IACdsE,EAAI0a,EAAK5T,EAAImO,EAAKpZ,GACxB,IAAI4F,QAAEA,EAAStF,MAAOwH,GAAM4W,EAAQzW,EAAG9D,GACvC,IAAKyB,EACD,MAAUxH,MAAM,uCACpB,MAAMwiB,GAAU9Y,EAAIjI,MAASA,GACvBghB,KAA4B,IAAXH,GACvB,IAAKpC,GAAUxW,IAAMnI,IAAOkhB,EAExB,MAAUziB,MAAM,gCAGpB,OAFIyiB,IAAkBD,IAClB9Y,EAAI+W,GAAM/W,IACPsM,EAAMa,WAAW,CAAEnN,IAAGqL,KACzC,CACQ,qBAAOmC,CAAe0H,GAClB,OAAO8D,EAAqB9D,GAASjK,KACjD,CACQ,UAAAgF,GACI,MAAMjQ,EAAEA,EAACqL,EAAEA,GAAMxV,KAAKsV,WAChBnS,EAAQigB,EAAmB5N,EAAGxN,EAAG2E,OAEvC,OADAxJ,EAAMA,EAAMpC,OAAS,IAAMoJ,EAAIjI,GAAM,IAAO,EACrCiB,CACnB,CACQ,KAAAmX,GACI,OAAOrE,EAAcjW,KAAKoa,aACtC,EAEI3D,EAAMrG,KAAO,IAAIqG,EAAMnC,EAAMrC,GAAIqC,EAAMpC,GAAIhQ,GAAKgf,EAAK5M,EAAMrC,GAAKqC,EAAMpC,KACtEuE,EAAM9K,KAAO,IAAI8K,EAAMzU,GAAKE,GAAKA,GAAKF,IACtC,MAAQoO,KAAM8J,EAAGvO,KAAM4N,GAAM9C,EACvBuB,EAAO9I,GAAKuH,EAAqB,EAAdtK,GACzB,SAASiP,EAAK/Y,GACV,OAAOwH,EAAIxH,EAAG4Y,EACtB,CAEI,SAASoI,EAAQxjB,GACb,OAAOub,EAAK4H,EAAmBnjB,GACvC,CAEI,SAASsjB,EAAqB/iB,GAC1B,MAAM4E,EAAMmH,EACZ/L,EAAM8E,EAAY,cAAe9E,EAAK4E,GAGtC,MAAMse,EAASpe,EAAY,qBAAsB+b,EAAM7gB,GAAM,EAAI4E,GAC3DwW,EAAOqF,EAAkByC,EAAOrc,MAAM,EAAGjC,IACzCyX,EAAS6G,EAAOrc,MAAMjC,EAAK,EAAIA,GAC/B4M,EAASyR,EAAQ7H,GACjBpG,EAAQ8E,EAAErC,SAASjG,GACnB2R,EAAanO,EAAMgF,aACzB,MAAO,CAAEoB,OAAMiB,SAAQ7K,SAAQwD,QAAOmO,aAC9C,CAMI,SAASC,EAAmBC,EAAU,IAAI5iB,cAAiBof,GACvD,MAAMyD,EAAMnO,KAAkB0K,GAC9B,OAAOoD,EAAQpC,EAAMH,EAAO4C,EAAKxe,EAAY,UAAWue,KAAYpR,IAC5E,CAeI,MAAMsR,EAAajD,GA6BnBxG,EAAEnC,eAAe,GAiBjB,MAAO,CACHzD,QACA0K,aAtEJ,SAAsBK,GAClB,OAAO8D,EAAqB9D,GAASkE,UAC7C,EAqEQnE,KA9DJ,SAAcsE,EAAKrE,EAASuE,EAAU,CAAA,GAClCF,EAAMxe,EAAY,UAAWwe,GACzBrR,IACAqR,EAAMrR,EAAQqR,IAClB,MAAMjH,OAAEA,EAAM7K,OAAEA,EAAM2R,WAAEA,GAAeJ,EAAqB9D,GACtD9U,EAAIiZ,EAAmBI,EAAQH,QAAShH,EAAQiH,GAChDhH,EAAIxC,EAAErC,SAAStN,GAAG6P,aAElB7I,EAAI6J,EAAK7Q,EADLiZ,EAAmBI,EAAQH,QAAS/G,EAAG6G,EAAYG,GACtC9R,GAGvB,OAFA0E,EAAY,cAAe/E,EAAGvP,GAAKiZ,GAE5B/V,EAAY,SADPqQ,EAAemH,EAAG0G,EAAmB7R,EAAGvJ,EAAG2E,QACP,EAAdR,EAC1C,EAmDQsT,OAjDJ,SAAgBtL,EAAKuP,EAAK/D,EAAWiE,EAAUD,GAC3C,MAAMF,QAAEA,EAAO9C,OAAEA,GAAWiD,EACtB5e,EAAMgD,EAAG2E,MACfwH,EAAMjP,EAAY,YAAaiP,EAAK,EAAInP,GACxC0e,EAAMxe,EAAY,UAAWwe,QACdhf,IAAXic,GACAle,EAAM,SAAUke,GAChBtO,IACAqR,EAAMrR,EAAQqR,IAClB,MAAMnS,EAAIyR,EAAmB7O,EAAIlN,MAAMjC,EAAK,EAAIA,IAGhD,IAAIod,EAAG1F,EAAGmH,EACV,IACIzB,EAAI3L,EAAMgB,QAAQkI,EAAWgB,GAC7BjE,EAAIjG,EAAMgB,QAAQtD,EAAIlN,MAAM,EAAGjC,GAAM2b,GACrCkD,EAAK3J,EAAEb,eAAe9H,EAClC,CACQ,MAAO6E,GACH,OAAO,CACnB,CACQ,IAAKuK,GAAUyB,EAAES,eACb,OAAO,EACX,MAAMpc,EAAI+c,EAAmBC,EAAS/G,EAAEtC,aAAcgI,EAAEhI,aAAcsJ,GAGtE,OAFYhH,EAAEtP,IAAIgV,EAAE/I,eAAe5S,IAExB2S,SAASyK,GAAIlP,gBAAgBuD,OAAOzB,EAAM9K,KAC7D,EAuBQmY,cAAerN,EACf4G,MAtBU,CACV8F,uBAEA5F,iBAAkB,IAAM1C,EAAY7S,EAAG2E,OAOvCkR,WAAU,CAAClO,EAAa,EAAGyF,EAAQqB,EAAMrG,QACrCgF,EAAM2C,eAAepI,GACrByF,EAAMyC,SAAS5V,OAAO,IACfmT,IAWnB;sEC7aA,MAAMpT,GAAMC,OAAO,GACbC,GAAMD,OAAO,GAiBZ,SAAS8hB,GAAWnJ,GACvB,MAAMtG,GAhBNpM,EADkB8J,EAiBS4I,EAhBL,CAClBvY,EAAG,UACJ,CACC2hB,eAAgB,gBAChB7X,YAAa,gBACb0U,kBAAmB,WACnBC,OAAQ,WACRmD,WAAY,WACZC,GAAI,WAGDtiB,OAAOkL,OAAO,IAAKkF,KAZ9B,IAAsBA,EAkBlB,MAAMtH,EAAEA,GAAM4J,EACR4M,EAAQnc,GAAM8E,EAAI9E,EAAG2F,GACrBsZ,EAAiB1P,EAAM0P,eACvBG,EAAkB/X,KAAKC,KAAK2X,EAAiB,GAC7CvG,EAAWnJ,EAAMnI,YACjB0U,EAAoBvM,EAAMuM,mBAAiB,CAAM1d,GAAUA,GAC3D8gB,EAAa3P,EAAM2P,YAAU,CAAM9Z,GAAMJ,GAAII,EAAGO,EAAIzI,OAAO,GAAIyI,IAWrE,SAAS0Z,EAAMC,EAAMC,EAAKC,GACtB,MAAMC,EAAQtD,EAAKmD,GAAQC,EAAMC,IAGjC,MAAO,CAFPD,EAAMpD,EAAKoD,EAAME,GACjBD,EAAMrD,EAAKqD,EAAMC,GAEzB,CAGI,MAAMC,GAAOnQ,EAAMjS,EAAIJ,OAAO,IAAMA,OAAO,GA2D3C,SAASyiB,EAAkBpa,GACvB,OAAOrF,EAAgBic,EAAK5W,GAAI6Z,EACxC,CAgBI,SAASQ,EAAW/S,EAAQtH,GACxB,MAAMsa,EAhBV,SAA2BC,GAGvB,MAAMva,EAAIpF,EAAY,eAAgB2f,EAAMV,GAG5C,OAFiB,KAAb1G,IACAnT,EAAE,KAAO,KACN1F,EAAgB0F,EAC/B,CASuBwa,CAAkBxa,GAC3Bya,EATV,SAAsBhgB,GAClB,MAAM5B,EAAQ+B,EAAY,SAAUH,GAC9BC,EAAM7B,EAAMpC,OAClB,GAAIiE,IAAQmf,GAAmBnf,IAAQyY,EACnC,MAAUhd,MAAM,YAAY0jB,QAAsB1G,gBAAuBzY,KAC7E,OAAOJ,EAAgBic,EAAkB1d,GACjD,CAGwB6hB,CAAapT,GACvBqT,EAzEV,SAA0B3a,EAAGsH,GACzB/L,EAAS,IAAKyE,EAAGtI,GAAK0I,GACtB7E,EAAS,SAAU+L,EAAQ5P,GAAK0I,GAGhC,MAAMjE,EAAImL,EACJsT,EAAM5a,EACZ,IAKI6a,EALAb,EAAMpiB,GACNkjB,EAAMpjB,GACNuiB,EAAMja,EACN+a,EAAMnjB,GACNmiB,EAAOriB,GAEX,IAAK,IAAIsjB,EAAIrjB,OAAO+hB,EAAiB,GAAIsB,GAAKtjB,GAAKsjB,IAAK,CACpD,MAAMC,EAAO9e,GAAK6e,EAAKpjB,GACvBmiB,GAAQkB,EACRJ,EAAKf,EAAMC,EAAMC,EAAKC,GACtBD,EAAMa,EAAG,GACTZ,EAAMY,EAAG,GACTA,EAAKf,EAAMC,EAAMe,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GACTd,EAAOkB,EACP,MAAMnD,EAAIkC,EAAMc,EACVI,EAAKtE,EAAKkB,EAAIA,GACdC,EAAIiC,EAAMc,EACVK,EAAKvE,EAAKmB,EAAIA,GACdxP,EAAI2S,EAAKC,EACTnG,EAAIiF,EAAMc,EAEVK,EAAKxE,GADDqD,EAAMc,GACIjD,GACduD,EAAKzE,EAAK5B,EAAI+C,GACduD,EAAOF,EAAKC,EACZE,EAAQH,EAAKC,EACnBpB,EAAMrD,EAAK0E,EAAOA,GAClBP,EAAMnE,EAAKgE,EAAMhE,EAAK2E,EAAQA,IAC9BvB,EAAMpD,EAAKsE,EAAKC,GAChBL,EAAMlE,EAAKrO,GAAK2S,EAAKtE,EAAKuD,EAAM5R,IAC5C,CAEQsS,EAAKf,EAAMC,EAAMC,EAAKC,GACtBD,EAAMa,EAAG,GACTZ,EAAMY,EAAG,GAETA,EAAKf,EAAMC,EAAMe,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GAET,MAAMW,EAAK7B,EAAWmB,GAEtB,OAAOlE,EAAKoD,EAAMwB,EAC1B,CAsBmBC,CAAiBnB,EAAQG,GAGpC,GAAIE,IAAOjjB,GACP,MAAUvB,MAAM,0CACpB,OAAOikB,EAAkBO,EACjC,CAEI,MAAMe,EAAUtB,EAAkBpQ,EAAM4P,IACxC,SAAS+B,EAAerU,GACpB,OAAO+S,EAAW/S,EAAQoU,EAClC,CACI,MAAO,CACHrB,aACAsB,iBACAhH,gBAAiB,CAACrH,EAAY+H,IAAcgF,EAAW/M,EAAY+H,GACnEX,aAAepH,GAAeqO,EAAerO,GAC7CyF,MAAO,CAAEE,iBAAkB,IAAMjJ,EAAMuG,YAAYvG,EAAMnI,cACzD6Z,QAASA,EAEjB;sECrIA,MAAME,GAAeC,GAAgB,IAAMC,EAAS7lB,OAAO,CAAE8lB,MAAO,QAE9DC,IADcH,GAAgB,IAAMC,EAAS7lB,OAAO,CAAE8lB,MAAO,OACpDpkB,OAAO,4IAEhBC,GAAMD,OAAO,GAAIE,GAAMF,OAAO,GAAIwH,GAAMxH,OAAO,GAAUA,OAAO,GAAI,MAAAskB,GAAOtkB,OAAO,IAElFukB,GAAOvkB,OAAO,IAAKwkB,GAAOxkB,OAAO,IAAKykB,GAAOzkB,OAAO,IAAK0kB,GAAQ1kB,OAAO,KAI9E,SAAS2kB,GAAsBzc,GAC3B,MAAMO,EAAI4b,GACJO,EAAM1c,EAAIA,EAAIA,EAAKO,EACnBiO,EAAMkO,EAAKA,EAAK1c,EAAKO,EACrBoc,EAAM5c,GAAKyO,EAAIlP,GAAKiB,GAAKiO,EAAMjO,EAC/Bqc,EAAM7c,GAAK4c,EAAIrd,GAAKiB,GAAKiO,EAAMjO,EAC/Bsc,EAAO9c,GAAK6c,EAAI5kB,GAAKuI,GAAKmc,EAAMnc,EAChCuc,EAAO/c,GAAK8c,EAAKT,GAAM7b,GAAKsc,EAAOtc,EACnCwc,EAAOhd,GAAK+c,EAAKT,GAAM9b,GAAKuc,EAAOvc,EACnCyc,EAAOjd,GAAKgd,EAAKT,GAAM/b,GAAKwc,EAAOxc,EACnC0c,EAAQld,GAAKid,EAAKT,GAAMhc,GAAKyc,EAAOzc,EACpC2c,EAAQnd,GAAKkd,EAAMX,GAAM/b,GAAKwc,EAAOxc,EACrC4c,EAAQpd,GAAKmd,EAAMllB,GAAKuI,GAAKmc,EAAMnc,EACnC6c,EAAQrd,GAAKod,EAAMplB,GAAKwI,GAAKP,EAAKO,EACxC,OAAQR,GAAKqd,EAAMZ,GAAOjc,GAAK4c,EAAQ5c,CAC3C,CACA,SAASmW,GAAkB1d,GAQvB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,IAAM,EACLA,CACX,CAsBA,MAAM6E,GAAKsE,GAAMga,GAAQ,KAAK,GACxBkB,GAAY,CAEdnlB,EAAGJ,OAAO,GAEVqL,EAAGrL,OAAO,2IAEd+F,GAAIA,GAGAjD,EAAG9C,OAAO,2IAEVgK,WAAY,IAEZtF,EAAG1E,OAAO,GAEVgQ,GAAIhQ,OAAO,2IACXiQ,GAAIjQ,OAAO,2IAEXpC,KAAMqmB,GACNrL,cACAgG,qBAEAC,OAAQ,CAAC7a,EAAMkb,EAAKC,KAChB,GAAID,EAAIpgB,OAAS,IACb,MAAUN,MAAM,uBAAuB0gB,EAAIpgB,QAC/C,OAAOuE,EAAYmiB,EAAY,YAAa,IAAI5mB,WAAW,CAACugB,EAAS,EAAI,EAAGD,EAAIpgB,SAAUogB,EAAKlb,EAAK,EAExG8a,QA/CJ,SAAiBzW,EAAG9D,GAChB,MAAMkE,EAAI4b,GAOJoB,EAAM7d,EAAIS,EAAIA,EAAI9D,EAAGkE,GACrBid,EAAM9d,EAAI6d,EAAMpd,EAAGI,GACnBkd,EAAO/d,EAAI8d,EAAMD,EAAMlhB,EAAGkE,GAE1BP,EAAIN,EAAI8d,EADDf,GAAsBgB,GACTld,GAEpBiL,EAAK9L,EAAIM,EAAIA,EAAGO,GAGtB,MAAO,CAAEzC,QAAS4B,EAAI8L,EAAKnP,EAAGkE,KAAOJ,EAAG3H,MAAOwH,EACnD,GA+Ba0d,kBAAwBjH,GAAe4G,IAGvCM,kBAAuB,KAAO/D,GAAW,CAClD1hB,EAAGJ,OAAO,QAEV+hB,eAAgB,IAChB7X,YAAa,GACbzB,EAAG4b,GACHpC,GAAIjiB,OAAO,GACXgiB,WAAa9Z,IACT,MAAMO,EAAI4b,GAGV,OAAOzc,EADSK,GADI0c,GAAsBzc,GACRlI,OAAO,GAAIyI,GACxBP,EAAGO,EAAE,EAE9BmW,qBACAhG,gBAdgC,GAgCnB7S,GAAGuE,MAAQtK,OAAO,GAAMA,OAAO,GACjCA,OAAO,QAuFFA,OAAO,SAEHA,OAAO,SAEVA,OAAO,0IAEJA,OAAO,2IAGdA,OAAO;;AClOxB,MAAM8lB,GAAa9lB,OAAO,sEACpB+lB,GAAa/lB,OAAO,sEACpBC,GAAMD,OAAO,GACbE,GAAMF,OAAO,GACbgmB,GAAa,CAAC5lB,EAAGuE,KAAOvE,EAAIuE,EAAIzE,IAAOyE,EA6B7C,MAAMoB,GAAKsE,GAAMyb,QAAYrjB,OAAWA,EAAW,CAAEoJ,KAxBrD,SAAiB0H,GACb,MAAM9K,EAAIqd,GAEJte,EAAMxH,OAAO,GAAIimB,EAAMjmB,OAAO,GAAIskB,EAAOtkB,OAAO,IAAKukB,EAAOvkB,OAAO,IAEnEkmB,EAAOlmB,OAAO,IAAKwkB,EAAOxkB,OAAO,IAAKykB,EAAOzkB,OAAO,IACpD4kB,EAAMrR,EAAIA,EAAIA,EAAK9K,EACnBiO,EAAMkO,EAAKA,EAAKrR,EAAK9K,EACrBoc,EAAM5c,GAAKyO,EAAIlP,EAAKiB,GAAKiO,EAAMjO,EAC/Bqc,EAAM7c,GAAK4c,EAAIrd,EAAKiB,GAAKiO,EAAMjO,EAC/Bsc,EAAO9c,GAAK6c,EAAI5kB,GAAKuI,GAAKmc,EAAMnc,EAChCuc,EAAO/c,GAAK8c,EAAKT,EAAM7b,GAAKsc,EAAOtc,EACnCwc,EAAOhd,GAAK+c,EAAKT,EAAM9b,GAAKuc,EAAOvc,EACnCyc,EAAOjd,GAAKgd,EAAKT,EAAM/b,GAAKwc,EAAOxc,EACnC0c,EAAQld,GAAKid,EAAKT,EAAMhc,GAAKyc,EAAOzc,EACpC2c,EAAQnd,GAAKkd,EAAMX,EAAM/b,GAAKwc,EAAOxc,EACrC6c,EAAQrd,GAAKmd,EAAM5d,EAAKiB,GAAKiO,EAAMjO,EACnCsO,EAAM9O,GAAKqd,EAAMY,EAAMzd,GAAKuc,EAAOvc,EACnCkB,EAAM1B,GAAK8O,EAAIkP,EAAKxd,GAAKmc,EAAMnc,EAC/BE,EAAOV,GAAK0B,EAAIzJ,GAAKuI,GAC3B,IAAK1C,GAAG6C,IAAI7C,GAAG8C,IAAIF,GAAO4K,GACtB,MAAU/U,MAAM,2BACpB,OAAOmK,CACX,IAKawd,GAAYlI,GAAY,CACjC7d,EAAGJ,OAAO,GACV2E,EAAG3E,OAAO,GACd+F,GAAIA,GACAjD,EAAGijB,GAEH/V,GAAIhQ,OAAO,iFACXiQ,GAAIjQ,OAAO,iFACX0E,EAAG1E,OAAO,GACVmQ,MAAM,EAONyC,KAAM,CACFC,KAAM7S,OAAO,sEACb8S,YAActO,IACV,MAAM1B,EAAIijB,GACJK,EAAKpmB,OAAO,sCACZqmB,GAAMpmB,GAAMD,OAAO,sCACnBsmB,EAAKtmB,OAAO,uCACZ4kB,EAAKwB,EACLG,EAAYvmB,OAAO,uCACnB8I,EAAKkd,GAAWpB,EAAKpgB,EAAG1B,GACxB0jB,EAAKR,IAAYK,EAAK7hB,EAAG1B,GAC/B,IAAI0U,EAAK5P,EAAIpD,EAAIsE,EAAKsd,EAAKI,EAAKF,EAAIxjB,GAChC4U,EAAK9P,GAAKkB,EAAKud,EAAKG,EAAK5B,EAAI9hB,GACjC,MAAMyU,EAAQC,EAAK+O,EACb9O,EAAQC,EAAK6O,EAKnB,GAJIhP,IACAC,EAAK1U,EAAI0U,GACTC,IACAC,EAAK5U,EAAI4U,GACTF,EAAK+O,GAAa7O,EAAK6O,EACvB,MAAU/nB,MAAM,uCAAyCgG,GAE7D,MAAO,CAAE+S,QAAOC,KAAIC,QAAOC,KAAI,IAGxC0G,GAGSpe,OAAO,GAiBLmmB,GAAU5N,gBCnGxB,MAAMxS,GAAKsE,GAAMrK,OAAO,uEAKXymB,GAAkBxI,GAAY,CACzC7d,EALc2F,GAAGzH,OAAO0B,OAAO,uEAM/B2E,EALc3E,OAAO,yEAMrB+F,GAEAjD,EAAG9C,OAAO,sEAEVgQ,GAAIhQ,OAAO,sEACXiQ,GAAIjQ,OAAO,sEACX0E,EAAG1E,OAAO,GACVmQ,MAAM,GACIiO,GChBNrY,GAAKsE,GAAMrK,OAAO,uGAKX0mB,GAAkBzI,GAAY,CACzC7d,EALc2F,GAAGzH,OAAO0B,OAAO,uGAM/B2E,EALc3E,OAAO,yGAMrB+F,GAEAjD,EAAG9C,OAAO,sGAEVgQ,GAAIhQ,OAAO,sGACXiQ,GAAIjQ,OAAO,sGACX0E,EAAG1E,OAAO,GACVmQ,MAAM,GACImO,GChBNvY,GAAKsE,GAAMrK,OAAO,uIAKX2mB,GAAkB1I,GAAY,CACzC7d,EALc2F,GAAGzH,OAAO0B,OAAO,uIAM/B2E,EALc3E,OAAO,sIAMrB+F,MAEAjD,EAAG9C,OAAO,sIAEVgQ,GAAIhQ,OAAO,sIACXiQ,GAAIjQ,OAAO,sIACX0E,EAAG1E,OAAO,GACVmQ,MAAM,GACIqO,GCRCoI,GAAc,IAAIC,IAAIlnB,OAAO+G,QAAQ,CAClDogB,SAAEA,GACFC,SAAEA,GACFC,SAAEA,GACAP,mBACAC,mBACAC,mBACAR,aACAN,QACAD","x_google_ignoreList":[0,1,2,3,4,5,6,7,8,9,10,11,12]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/noble_curves.mjs b/app/node_modules/openpgp/dist/lightweight/noble_curves.mjs new file mode 100644 index 000000000..e54561c75 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_curves.mjs @@ -0,0 +1,2994 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +import { H as Hash, h as hash, t as toBytes, e as exists, b as bytes, c as concatBytes$1, r as randomBytes, s as sha256, a as sha384, d as sha512, w as wrapConstructor, u as utf8ToBytes$1, f as shake256 } from './sha3.mjs'; + +// HMAC (RFC 2104) +class HMAC extends Hash { + constructor(hash$1, _key) { + super(); + this.finished = false; + this.destroyed = false; + hash(hash$1); + const key = toBytes(_key); + this.iHash = hash$1.create(); + if (typeof this.iHash.update !== 'function') + throw new Error('Expected instance of class which extends utils.Hash'); + this.blockLen = this.iHash.blockLen; + this.outputLen = this.iHash.outputLen; + const blockLen = this.blockLen; + const pad = new Uint8Array(blockLen); + // blockLen can be bigger than outputLen + pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key); + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36; + this.iHash.update(pad); + // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone + this.oHash = hash$1.create(); + // Undo internal XOR && apply outer XOR + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36 ^ 0x5c; + this.oHash.update(pad); + pad.fill(0); + } + update(buf) { + exists(this); + this.iHash.update(buf); + return this; + } + digestInto(out) { + exists(this); + bytes(out, this.outputLen); + this.finished = true; + this.iHash.digestInto(out); + this.oHash.update(out); + this.oHash.digestInto(out); + this.destroy(); + } + digest() { + const out = new Uint8Array(this.oHash.outputLen); + this.digestInto(out); + return out; + } + _cloneInto(to) { + // Create new instance without calling constructor since key already in state and we don't know it. + to || (to = Object.create(Object.getPrototypeOf(this), {})); + const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this; + to = to; + to.finished = finished; + to.destroyed = destroyed; + to.blockLen = blockLen; + to.outputLen = outputLen; + to.oHash = oHash._cloneInto(to.oHash); + to.iHash = iHash._cloneInto(to.iHash); + return to; + } + destroy() { + this.destroyed = true; + this.oHash.destroy(); + this.iHash.destroy(); + } +} +/** + * HMAC: RFC2104 message authentication code. + * @param hash - function that would be used e.g. sha256 + * @param key - message key + * @param message - message data + * @example + * import { hmac } from '@noble/hashes/hmac'; + * import { sha256 } from '@noble/hashes/sha2'; + * const mac1 = hmac(sha256, 'key', 'message'); + */ +const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); +hmac.create = (hash, key) => new HMAC(hash, key); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// 100 lines of code in the file are duplicated from noble-hashes (utils). +// This is OK: `abstract` directory does not use noble-hashes. +// User may opt-in into using different hashing library. This way, noble-hashes +// won't be included into their bundle. +const _0n$5 = /* @__PURE__ */ BigInt(0); +const _1n$7 = /* @__PURE__ */ BigInt(1); +const _2n$4 = /* @__PURE__ */ BigInt(2); +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function abytes(item) { + if (!isBytes(item)) + throw new Error('Uint8Array expected'); +} +function abool(title, value) { + if (typeof value !== 'boolean') + throw new Error(`${title} must be valid boolean, got "${value}".`); +} +// Array where index 0xf0 (240) is mapped to string 'f0' +const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); +/** + * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123' + */ +function bytesToHex(bytes) { + abytes(bytes); + // pre-caching improves the speed 6x + let hex = ''; + for (let i = 0; i < bytes.length; i++) { + hex += hexes[bytes[i]]; + } + return hex; +} +function numberToHexUnpadded(num) { + const hex = num.toString(16); + return hex.length & 1 ? `0${hex}` : hex; +} +function hexToNumber(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + // Big Endian + return BigInt(hex === '' ? '0' : `0x${hex}`); +} +// We use optimized technique to convert hex string to byte array +const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; +function asciiToBase16(char) { + if (char >= asciis._0 && char <= asciis._9) + return char - asciis._0; + if (char >= asciis._A && char <= asciis._F) + return char - (asciis._A - 10); + if (char >= asciis._a && char <= asciis._f) + return char - (asciis._a - 10); + return; +} +/** + * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23]) + */ +function hexToBytes(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + const hl = hex.length; + const al = hl / 2; + if (hl % 2) + throw new Error('padded hex string expected, got unpadded hex of length ' + hl); + const array = new Uint8Array(al); + for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) { + const n1 = asciiToBase16(hex.charCodeAt(hi)); + const n2 = asciiToBase16(hex.charCodeAt(hi + 1)); + if (n1 === undefined || n2 === undefined) { + const char = hex[hi] + hex[hi + 1]; + throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi); + } + array[ai] = n1 * 16 + n2; + } + return array; +} +// BE: Big Endian, LE: Little Endian +function bytesToNumberBE(bytes) { + return hexToNumber(bytesToHex(bytes)); +} +function bytesToNumberLE(bytes) { + abytes(bytes); + return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse())); +} +function numberToBytesBE(n, len) { + return hexToBytes(n.toString(16).padStart(len * 2, '0')); +} +function numberToBytesLE(n, len) { + return numberToBytesBE(n, len).reverse(); +} +// Unpadded, rarely used +function numberToVarBytesBE(n) { + return hexToBytes(numberToHexUnpadded(n)); +} +/** + * Takes hex string or Uint8Array, converts to Uint8Array. + * Validates output length. + * Will throw error for other types. + * @param title descriptive title for an error e.g. 'private key' + * @param hex hex string or Uint8Array + * @param expectedLength optional, will compare to result array's length + * @returns + */ +function ensureBytes(title, hex, expectedLength) { + let res; + if (typeof hex === 'string') { + try { + res = hexToBytes(hex); + } + catch (e) { + throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`); + } + } + else if (isBytes(hex)) { + // Uint8Array.from() instead of hash.slice() because node.js Buffer + // is instance of Uint8Array, and its slice() creates **mutable** copy + res = Uint8Array.from(hex); + } + else { + throw new Error(`${title} must be hex string or Uint8Array`); + } + const len = res.length; + if (typeof expectedLength === 'number' && len !== expectedLength) + throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`); + return res; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + abytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +// Is positive bigint +const isPosBig = (n) => typeof n === 'bigint' && _0n$5 <= n; +function inRange(n, min, max) { + return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max; +} +/** + * Asserts min <= n < max. NOTE: It's < max and not <= max. + * @example + * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n) + */ +function aInRange(title, n, min, max) { + // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)? + // consider P=256n, min=0n, max=P + // - a for min=0 would require -1: `inRange('x', x, -1n, P)` + // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)` + // - our way is the cleanest: `inRange('x', x, 0n, P) + if (!inRange(n, min, max)) + throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`); +} +// Bit operations +/** + * Calculates amount of bits in a bigint. + * Same as `n.toString(2).length` + */ +function bitLen(n) { + let len; + for (len = 0; n > _0n$5; n >>= _1n$7, len += 1) + ; + return len; +} +/** + * Gets single bit at position. + * NOTE: first bit position is 0 (same as arrays) + * Same as `!!+Array.from(n.toString(2)).reverse()[pos]` + */ +function bitGet(n, pos) { + return (n >> BigInt(pos)) & _1n$7; +} +/** + * Sets single bit at position. + */ +function bitSet(n, pos, value) { + return n | ((value ? _1n$7 : _0n$5) << BigInt(pos)); +} +/** + * Calculate mask for N bits. Not using ** operator with bigints because of old engines. + * Same as BigInt(`0b${Array(i).fill('1').join('')}`) + */ +const bitMask = (n) => (_2n$4 << BigInt(n - 1)) - _1n$7; +// DRBG +const u8n = (data) => new Uint8Array(data); // creates Uint8Array +const u8fr = (arr) => Uint8Array.from(arr); // another shortcut +/** + * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + * @returns function that will call DRBG until 2nd arg returns something meaningful + * @example + * const drbg = createHmacDRBG(32, 32, hmac); + * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined + */ +function createHmacDrbg(hashLen, qByteLen, hmacFn) { + if (typeof hashLen !== 'number' || hashLen < 2) + throw new Error('hashLen must be a number'); + if (typeof qByteLen !== 'number' || qByteLen < 2) + throw new Error('qByteLen must be a number'); + if (typeof hmacFn !== 'function') + throw new Error('hmacFn must be a function'); + // Step B, Step C: set hashLen to 8*ceil(hlen/8) + let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same + let i = 0; // Iterations counter, will throw when over 1000 + const reset = () => { + v.fill(1); + k.fill(0); + i = 0; + }; + const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values) + const reseed = (seed = u8n()) => { + // HMAC-DRBG reseed() function. Steps D-G + k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed) + v = h(); // v = hmac(k || v) + if (seed.length === 0) + return; + k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed) + v = h(); // v = hmac(k || v) + }; + const gen = () => { + // HMAC-DRBG generate() function + if (i++ >= 1000) + throw new Error('drbg: tried 1000 values'); + let len = 0; + const out = []; + while (len < qByteLen) { + v = h(); + const sl = v.slice(); + out.push(sl); + len += v.length; + } + return concatBytes(...out); + }; + const genUntil = (seed, pred) => { + reset(); + reseed(seed); // Steps D-G + let res = undefined; // Step H: grind until k is in [1..n-1] + while (!(res = pred(gen()))) + reseed(); + reset(); + return res; + }; + return genUntil; +} +// Validating curves and fields +const validatorFns = { + bigint: (val) => typeof val === 'bigint', + function: (val) => typeof val === 'function', + boolean: (val) => typeof val === 'boolean', + string: (val) => typeof val === 'string', + stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val), + isSafeInteger: (val) => Number.isSafeInteger(val), + array: (val) => Array.isArray(val), + field: (val, object) => object.Fp.isValid(val), + hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen), +}; +// type Record = { [P in K]: T; } +function validateObject(object, validators, optValidators = {}) { + const checkField = (fieldName, type, isOptional) => { + const checkVal = validatorFns[type]; + if (typeof checkVal !== 'function') + throw new Error(`Invalid validator "${type}", expected function`); + const val = object[fieldName]; + if (isOptional && val === undefined) + return; + if (!checkVal(val, object)) { + throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`); + } + }; + for (const [fieldName, type] of Object.entries(validators)) + checkField(fieldName, type, false); + for (const [fieldName, type] of Object.entries(optValidators)) + checkField(fieldName, type, true); + return object; +} +// validate type tests +// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; +// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok! +// // Should fail type-check +// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' }); +// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' }); +// const z3 = validateObject(o, { test: 'boolean', z: 'bug' }); +// const z4 = validateObject(o, { a: 'boolean', z: 'bug' }); +/** + * throws not implemented error + */ +const notImplemented = () => { + throw new Error('not implemented'); +}; +/** + * Memoizes (caches) computation result. + * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed. + */ +function memoized(fn) { + const map = new WeakMap(); + return (arg, ...args) => { + const val = map.get(arg); + if (val !== undefined) + return val; + const computed = fn(arg, ...args); + map.set(arg, computed); + return computed; + }; +} + +var ut = /*#__PURE__*/Object.freeze({ + __proto__: null, + aInRange: aInRange, + abool: abool, + abytes: abytes, + bitGet: bitGet, + bitLen: bitLen, + bitMask: bitMask, + bitSet: bitSet, + bytesToHex: bytesToHex, + bytesToNumberBE: bytesToNumberBE, + bytesToNumberLE: bytesToNumberLE, + concatBytes: concatBytes, + createHmacDrbg: createHmacDrbg, + ensureBytes: ensureBytes, + equalBytes: equalBytes, + hexToBytes: hexToBytes, + hexToNumber: hexToNumber, + inRange: inRange, + isBytes: isBytes, + memoized: memoized, + notImplemented: notImplemented, + numberToBytesBE: numberToBytesBE, + numberToBytesLE: numberToBytesLE, + numberToHexUnpadded: numberToHexUnpadded, + numberToVarBytesBE: numberToVarBytesBE, + utf8ToBytes: utf8ToBytes, + validateObject: validateObject +}); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Utilities for modular arithmetics and finite fields +// prettier-ignore +const _0n$4 = BigInt(0), _1n$6 = BigInt(1), _2n$3 = BigInt(2), _3n$2 = BigInt(3); +// prettier-ignore +const _4n = BigInt(4), _5n = BigInt(5), _8n$1 = BigInt(8); +// prettier-ignore +BigInt(9); BigInt(16); +// Calculates a modulo b +function mod(a, b) { + const result = a % b; + return result >= _0n$4 ? result : b + result; +} +/** + * Efficiently raise num to power and do modular division. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + * @example + * pow(2n, 6n, 11n) // 64n % 11n == 9n + */ +// TODO: use field version && remove +function pow(num, power, modulo) { + if (modulo <= _0n$4 || power < _0n$4) + throw new Error('Expected power/modulo > 0'); + if (modulo === _1n$6) + return _0n$4; + let res = _1n$6; + while (power > _0n$4) { + if (power & _1n$6) + res = (res * num) % modulo; + num = (num * num) % modulo; + power >>= _1n$6; + } + return res; +} +// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) +function pow2(x, power, modulo) { + let res = x; + while (power-- > _0n$4) { + res *= res; + res %= modulo; + } + return res; +} +// Inverses number over modulo +function invert(number, modulo) { + if (number === _0n$4 || modulo <= _0n$4) { + throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); + } + // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/ + // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower. + let a = mod(number, modulo); + let b = modulo; + // prettier-ignore + let x = _0n$4, u = _1n$6; + while (a !== _0n$4) { + // JIT applies optimization if those two lines follow each other + const q = b / a; + const r = b % a; + const m = x - u * q; + // prettier-ignore + b = a, a = r, x = u, u = m; + } + const gcd = b; + if (gcd !== _1n$6) + throw new Error('invert: does not exist'); + return mod(x, modulo); +} +/** + * Tonelli-Shanks square root search algorithm. + * 1. https://eprint.iacr.org/2012/685.pdf (page 12) + * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks + * Will start an infinite loop if field order P is not prime. + * @param P field order + * @returns function that takes field Fp (created from P) and number n + */ +function tonelliShanks(P) { + // Legendre constant: used to calculate Legendre symbol (a | p), + // which denotes the value of a^((p-1)/2) (mod p). + // (a | p) ≡ 1 if a is a square (mod p) + // (a | p) ≡ -1 if a is not a square (mod p) + // (a | p) ≡ 0 if a ≡ 0 (mod p) + const legendreC = (P - _1n$6) / _2n$3; + let Q, S, Z; + // Step 1: By factoring out powers of 2 from p - 1, + // find q and s such that p - 1 = q*(2^s) with q odd + for (Q = P - _1n$6, S = 0; Q % _2n$3 === _0n$4; Q /= _2n$3, S++) + ; + // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq + for (Z = _2n$3; Z < P && pow(Z, legendreC, P) !== P - _1n$6; Z++) + ; + // Fast-path + if (S === 1) { + const p1div4 = (P + _1n$6) / _4n; + return function tonelliFast(Fp, n) { + const root = Fp.pow(n, p1div4); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Slow-path + const Q1div2 = (Q + _1n$6) / _2n$3; + return function tonelliSlow(Fp, n) { + // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1 + if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) + throw new Error('Cannot find square root'); + let r = S; + // TODO: will fail at Fp2/etc + let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b + let x = Fp.pow(n, Q1div2); // first guess at the square root + let b = Fp.pow(n, Q); // first guess at the fudge factor + while (!Fp.eql(b, Fp.ONE)) { + if (Fp.eql(b, Fp.ZERO)) + return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0) + // Find m such b^(2^m)==1 + let m = 1; + for (let t2 = Fp.sqr(b); m < r; m++) { + if (Fp.eql(t2, Fp.ONE)) + break; + t2 = Fp.sqr(t2); // t2 *= t2 + } + // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow + const ge = Fp.pow(g, _1n$6 << BigInt(r - m - 1)); // ge = 2^(r-m-1) + g = Fp.sqr(ge); // g = ge * ge + x = Fp.mul(x, ge); // x *= ge + b = Fp.mul(b, g); // b *= g + r = m; + } + return x; + }; +} +function FpSqrt(P) { + // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. + // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve). + // P ≡ 3 (mod 4) + // √n = n^((P+1)/4) + if (P % _4n === _3n$2) { + // Not all roots possible! + // const ORDER = + // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn; + // const NUM = 72057594037927816n; + const p1div4 = (P + _1n$6) / _4n; + return function sqrt3mod4(Fp, n) { + const root = Fp.pow(n, p1div4); + // Throw if root**2 != n + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10) + if (P % _8n$1 === _5n) { + const c1 = (P - _5n) / _8n$1; + return function sqrt5mod8(Fp, n) { + const n2 = Fp.mul(n, _2n$3); + const v = Fp.pow(n2, c1); + const nv = Fp.mul(n, v); + const i = Fp.mul(Fp.mul(nv, _2n$3), v); + const root = Fp.mul(nv, Fp.sub(i, Fp.ONE)); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Other cases: Tonelli-Shanks algorithm + return tonelliShanks(P); +} +// prettier-ignore +const FIELD_FIELDS = [ + 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr', + 'eql', 'add', 'sub', 'mul', 'pow', 'div', + 'addN', 'subN', 'mulN', 'sqrN' +]; +function validateField(field) { + const initial = { + ORDER: 'bigint', + MASK: 'bigint', + BYTES: 'isSafeInteger', + BITS: 'isSafeInteger', + }; + const opts = FIELD_FIELDS.reduce((map, val) => { + map[val] = 'function'; + return map; + }, initial); + return validateObject(field, opts); +} +// Generic field functions +/** + * Same as `pow` but for Fp: non-constant-time. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + */ +function FpPow(f, num, power) { + // Should have same speed as pow for bigints + // TODO: benchmark! + if (power < _0n$4) + throw new Error('Expected power > 0'); + if (power === _0n$4) + return f.ONE; + if (power === _1n$6) + return num; + let p = f.ONE; + let d = num; + while (power > _0n$4) { + if (power & _1n$6) + p = f.mul(p, d); + d = f.sqr(d); + power >>= _1n$6; + } + return p; +} +/** + * Efficiently invert an array of Field elements. + * `inv(0)` will return `undefined` here: make sure to throw an error. + */ +function FpInvertBatch(f, nums) { + const tmp = new Array(nums.length); + // Walk from first to last, multiply them by each other MOD p + const lastMultiplied = nums.reduce((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = acc; + return f.mul(acc, num); + }, f.ONE); + // Invert last element + const inverted = f.inv(lastMultiplied); + // Walk from last to first, multiply them by inverted each other MOD p + nums.reduceRight((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = f.mul(acc, tmp[i]); + return f.mul(acc, num); + }, inverted); + return tmp; +} +// CURVE.n lengths +function nLength(n, nBitLength) { + // Bit size, byte size of CURVE.n + const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; + const nByteLength = Math.ceil(_nBitLength / 8); + return { nBitLength: _nBitLength, nByteLength }; +} +/** + * Initializes a finite field over prime. **Non-primes are not supported.** + * Do not init in loop: slow. Very fragile: always run a benchmark on a change. + * Major performance optimizations: + * * a) denormalized operations like mulN instead of mul + * * b) same object shape: never add or remove keys + * * c) Object.freeze + * NOTE: operations don't check 'isValid' for all elements for performance reasons, + * it is caller responsibility to check this. + * This is low-level code, please make sure you know what you doing. + * @param ORDER prime positive bigint + * @param bitLen how many bits the field consumes + * @param isLE (def: false) if encoding / decoding should be in little-endian + * @param redef optional faster redefinitions of sqrt and other methods + */ +function Field(ORDER, bitLen, isLE = false, redef = {}) { + if (ORDER <= _0n$4) + throw new Error(`Expected Field ORDER > 0, got ${ORDER}`); + const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen); + if (BYTES > 2048) + throw new Error('Field lengths over 2048 bytes are not supported'); + const sqrtP = FpSqrt(ORDER); + const f = Object.freeze({ + ORDER, + BITS, + BYTES, + MASK: bitMask(BITS), + ZERO: _0n$4, + ONE: _1n$6, + create: (num) => mod(num, ORDER), + isValid: (num) => { + if (typeof num !== 'bigint') + throw new Error(`Invalid field element: expected bigint, got ${typeof num}`); + return _0n$4 <= num && num < ORDER; // 0 is valid element, but it's not invertible + }, + is0: (num) => num === _0n$4, + isOdd: (num) => (num & _1n$6) === _1n$6, + neg: (num) => mod(-num, ORDER), + eql: (lhs, rhs) => lhs === rhs, + sqr: (num) => mod(num * num, ORDER), + add: (lhs, rhs) => mod(lhs + rhs, ORDER), + sub: (lhs, rhs) => mod(lhs - rhs, ORDER), + mul: (lhs, rhs) => mod(lhs * rhs, ORDER), + pow: (num, power) => FpPow(f, num, power), + div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), + // Same as above, but doesn't normalize + sqrN: (num) => num * num, + addN: (lhs, rhs) => lhs + rhs, + subN: (lhs, rhs) => lhs - rhs, + mulN: (lhs, rhs) => lhs * rhs, + inv: (num) => invert(num, ORDER), + sqrt: redef.sqrt || ((n) => sqrtP(f, n)), + invertBatch: (lst) => FpInvertBatch(f, lst), + // TODO: do we really need constant cmov? + // We don't have const-time bigints anyway, so probably will be not very useful + cmov: (a, b, c) => (c ? b : a), + toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)), + fromBytes: (bytes) => { + if (bytes.length !== BYTES) + throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`); + return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes); + }, + }); + return Object.freeze(f); +} +/** + * Returns total number of bytes consumed by the field element. + * For example, 32 bytes for usual 256-bit weierstrass curve. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of field + */ +function getFieldBytesLength(fieldOrder) { + if (typeof fieldOrder !== 'bigint') + throw new Error('field order must be bigint'); + const bitLength = fieldOrder.toString(2).length; + return Math.ceil(bitLength / 8); +} +/** + * Returns minimal amount of bytes that can be safely reduced + * by field order. + * Should be 2^-128 for 128-bit curve such as P256. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of target hash + */ +function getMinHashLength(fieldOrder) { + const length = getFieldBytesLength(fieldOrder); + return length + Math.ceil(length / 2); +} +/** + * "Constant-time" private key generation utility. + * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF + * and convert them into private scalar, with the modulo bias being negligible. + * Needs at least 48 bytes of input for 32-byte private key. + * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/ + * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final + * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5 + * @param hash hash output from SHA3 or a similar function + * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n) + * @param isLE interpret hash bytes as LE num + * @returns valid private scalar + */ +function mapHashToField(key, fieldOrder, isLE = false) { + const len = key.length; + const fieldLen = getFieldBytesLength(fieldOrder); + const minLen = getMinHashLength(fieldOrder); + // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings. + if (len < 16 || len < minLen || len > 1024) + throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`); + const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key); + // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0 + const reduced = mod(num, fieldOrder - _1n$6) + _1n$6; + return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Abelian group utilities +const _0n$3 = BigInt(0); +const _1n$5 = BigInt(1); +// Since points in different groups cannot be equal (different object constructor), +// we can have single place to store precomputes +const pointPrecomputes = new WeakMap(); +const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside) +// Elliptic curve multiplication of Point by scalar. Fragile. +// Scalars should always be less than curve order: this should be checked inside of a curve itself. +// Creates precomputation tables for fast multiplication: +// - private scalar is split by fixed size windows of W bits +// - every window point is collected from window's table & added to accumulator +// - since windows are different, same point inside tables won't be accessed more than once per calc +// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar) +// - +1 window is neccessary for wNAF +// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication +// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow +// windows to be in different memory locations +function wNAF(c, bits) { + const constTimeNegate = (condition, item) => { + const neg = item.negate(); + return condition ? neg : item; + }; + const validateW = (W) => { + if (!Number.isSafeInteger(W) || W <= 0 || W > bits) + throw new Error(`Wrong window size=${W}, should be [1..${bits}]`); + }; + const opts = (W) => { + validateW(W); + const windows = Math.ceil(bits / W) + 1; // +1, because + const windowSize = 2 ** (W - 1); // -1 because we skip zero + return { windows, windowSize }; + }; + return { + constTimeNegate, + // non-const time multiplication ladder + unsafeLadder(elm, n) { + let p = c.ZERO; + let d = elm; + while (n > _0n$3) { + if (n & _1n$5) + p = p.add(d); + d = d.double(); + n >>= _1n$5; + } + return p; + }, + /** + * Creates a wNAF precomputation window. Used for caching. + * Default window size is set by `utils.precompute()` and is equal to 8. + * Number of precomputed points depends on the curve size: + * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: + * - 𝑊 is the window size + * - 𝑛 is the bitlength of the curve order. + * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. + * @returns precomputed point tables flattened to a single array + */ + precomputeWindow(elm, W) { + const { windows, windowSize } = opts(W); + const points = []; + let p = elm; + let base = p; + for (let window = 0; window < windows; window++) { + base = p; + points.push(base); + // =1, because we skip zero + for (let i = 1; i < windowSize; i++) { + base = base.add(p); + points.push(base); + } + p = base.double(); + } + return points; + }, + /** + * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. + * @param W window size + * @param precomputes precomputed tables + * @param n scalar (we don't check here, but should be less than curve order) + * @returns real and fake (for const-time) points + */ + wNAF(W, precomputes, n) { + // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise + // But need to carefully remove other checks before wNAF. ORDER == bits here + const { windows, windowSize } = opts(W); + let p = c.ZERO; + let f = c.BASE; + const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc. + const maxNumber = 2 ** W; + const shiftBy = BigInt(W); + for (let window = 0; window < windows; window++) { + const offset = window * windowSize; + // Extract W bits. + let wbits = Number(n & mask); + // Shift number by W bits. + n >>= shiftBy; + // If the bits are bigger than max size, we'll split those. + // +224 => 256 - 32 + if (wbits > windowSize) { + wbits -= maxNumber; + n += _1n$5; + } + // This code was first written with assumption that 'f' and 'p' will never be infinity point: + // since each addition is multiplied by 2 ** W, it cannot cancel each other. However, + // there is negate now: it is possible that negated element from low value + // would be the same as high element, which will create carry into next window. + // It's not obvious how this can fail, but still worth investigating later. + // Check if we're onto Zero point. + // Add random point inside current window to f. + const offset1 = offset; + const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero + const cond1 = window % 2 !== 0; + const cond2 = wbits < 0; + if (wbits === 0) { + // The most important part for const-time getPublicKey + f = f.add(constTimeNegate(cond1, precomputes[offset1])); + } + else { + p = p.add(constTimeNegate(cond2, precomputes[offset2])); + } + } + // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ() + // Even if the variable is still unused, there are some checks which will + // throw an exception, so compiler needs to prove they won't happen, which is hard. + // At this point there is a way to F be infinity-point even if p is not, + // which makes it less const-time: around 1 bigint multiply. + return { p, f }; + }, + wNAFCached(P, n, transform) { + const W = pointWindowSizes.get(P) || 1; + // Calculate precomputes on a first run, reuse them after + let comp = pointPrecomputes.get(P); + if (!comp) { + comp = this.precomputeWindow(P, W); + if (W !== 1) + pointPrecomputes.set(P, transform(comp)); + } + return this.wNAF(W, comp, n); + }, + // We calculate precomputes for elliptic curve point multiplication + // using windowed method. This specifies window size and + // stores precomputed values. Usually only base point would be precomputed. + setWindowSize(P, W) { + validateW(W); + pointWindowSizes.set(P, W); + pointPrecomputes.delete(P); + }, + }; +} +/** + * Pippenger algorithm for multi-scalar multiplication (MSM). + * MSM is basically (Pa + Qb + Rc + ...). + * 30x faster vs naive addition on L=4096, 10x faster with precomputes. + * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL. + * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0. + * @param c Curve Point constructor + * @param field field over CURVE.N - important that it's not over CURVE.P + * @param points array of L curve points + * @param scalars array of L scalars (aka private keys / bigints) + */ +function pippenger(c, field, points, scalars) { + // If we split scalars by some window (let's say 8 bits), every chunk will only + // take 256 buckets even if there are 4096 scalars, also re-uses double. + // TODO: + // - https://eprint.iacr.org/2024/750.pdf + // - https://tches.iacr.org/index.php/TCHES/article/view/10287 + // 0 is accepted in scalars + if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length) + throw new Error('arrays of points and scalars must have equal length'); + scalars.forEach((s, i) => { + if (!field.isValid(s)) + throw new Error(`wrong scalar at index ${i}`); + }); + points.forEach((p, i) => { + if (!(p instanceof c)) + throw new Error(`wrong point at index ${i}`); + }); + const wbits = bitLen(BigInt(points.length)); + const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits + const MASK = (1 << windowSize) - 1; + const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array + const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize; + let sum = c.ZERO; + for (let i = lastBits; i >= 0; i -= windowSize) { + buckets.fill(c.ZERO); + for (let j = 0; j < scalars.length; j++) { + const scalar = scalars[j]; + const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK)); + buckets[wbits] = buckets[wbits].add(points[j]); + } + let resI = c.ZERO; // not using this will do small speed-up, but will lose ct + // Skip first bucket, because it is zero + for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) { + sumI = sumI.add(buckets[j]); + resI = resI.add(sumI); + } + sum = sum.add(resI); + if (i !== 0) + for (let j = 0; j < windowSize; j++) + sum = sum.double(); + } + return sum; +} +function validateBasic(curve) { + validateField(curve.Fp); + validateObject(curve, { + n: 'bigint', + h: 'bigint', + Gx: 'field', + Gy: 'field', + }, { + nBitLength: 'isSafeInteger', + nByteLength: 'isSafeInteger', + }); + // Set defaults + return Object.freeze({ + ...nLength(curve.n, curve.nBitLength), + ...curve, + ...{ p: curve.Fp.ORDER }, + }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Short Weierstrass curve. The formula is: y² = x³ + ax + b +function validateSigVerOpts(opts) { + if (opts.lowS !== undefined) + abool('lowS', opts.lowS); + if (opts.prehash !== undefined) + abool('prehash', opts.prehash); +} +function validatePointOpts(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + a: 'field', + b: 'field', + }, { + allowedPrivateKeyLengths: 'array', + wrapPrivateKey: 'boolean', + isTorsionFree: 'function', + clearCofactor: 'function', + allowInfinityPoint: 'boolean', + fromBytes: 'function', + toBytes: 'function', + }); + const { endo, Fp, a } = opts; + if (endo) { + if (!Fp.eql(a, Fp.ZERO)) { + throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0'); + } + if (typeof endo !== 'object' || + typeof endo.beta !== 'bigint' || + typeof endo.splitScalar !== 'function') { + throw new Error('Expected endomorphism with beta: bigint and splitScalar: function'); + } + } + return Object.freeze({ ...opts }); +} +const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut; +/** + * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format: + * + * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S] + * + * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html + */ +const DER = { + // asn.1 DER encoding utils + Err: class DERErr extends Error { + constructor(m = '') { + super(m); + } + }, + // Basic building block is TLV (Tag-Length-Value) + _tlv: { + encode: (tag, data) => { + const { Err: E } = DER; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length & 1) + throw new E('tlv.encode: unpadded data'); + const dataLen = data.length / 2; + const len = numberToHexUnpadded(dataLen); + if ((len.length / 2) & 128) + throw new E('tlv.encode: long form length too big'); + // length of length with long form flag + const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : ''; + return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`; + }, + // v - value, l - left bytes (unparsed) + decode(tag, data) { + const { Err: E } = DER; + let pos = 0; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length < 2 || data[pos++] !== tag) + throw new E('tlv.decode: wrong tlv'); + const first = data[pos++]; + const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form + let length = 0; + if (!isLong) + length = first; + else { + // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)] + const lenLen = first & 127; + if (!lenLen) + throw new E('tlv.decode(long): indefinite length not supported'); + if (lenLen > 4) + throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js + const lengthBytes = data.subarray(pos, pos + lenLen); + if (lengthBytes.length !== lenLen) + throw new E('tlv.decode: length bytes not complete'); + if (lengthBytes[0] === 0) + throw new E('tlv.decode(long): zero leftmost byte'); + for (const b of lengthBytes) + length = (length << 8) | b; + pos += lenLen; + if (length < 128) + throw new E('tlv.decode(long): not minimal encoding'); + } + const v = data.subarray(pos, pos + length); + if (v.length !== length) + throw new E('tlv.decode: wrong value length'); + return { v, l: data.subarray(pos + length) }; + }, + }, + // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, + // since we always use positive integers here. It must always be empty: + // - add zero byte if exists + // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) + _int: { + encode(num) { + const { Err: E } = DER; + if (num < _0n$2) + throw new E('integer: negative integers are not allowed'); + let hex = numberToHexUnpadded(num); + // Pad with zero byte if negative flag is present + if (Number.parseInt(hex[0], 16) & 0b1000) + hex = '00' + hex; + if (hex.length & 1) + throw new E('unexpected assertion'); + return hex; + }, + decode(data) { + const { Err: E } = DER; + if (data[0] & 128) + throw new E('Invalid signature integer: negative'); + if (data[0] === 0x00 && !(data[1] & 128)) + throw new E('Invalid signature integer: unnecessary leading zero'); + return b2n(data); + }, + }, + toSig(hex) { + // parse DER signature + const { Err: E, _int: int, _tlv: tlv } = DER; + const data = typeof hex === 'string' ? h2b(hex) : hex; + abytes(data); + const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data); + if (seqLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes); + const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes); + if (sLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + return { r: int.decode(rBytes), s: int.decode(sBytes) }; + }, + hexFromSig(sig) { + const { _tlv: tlv, _int: int } = DER; + const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`; + return tlv.encode(0x30, seq); + }, +}; +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$2 = BigInt(0), _1n$4 = BigInt(1); BigInt(2); const _3n$1 = BigInt(3); BigInt(4); +function weierstrassPoints(opts) { + const CURVE = validatePointOpts(opts); + const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ + const Fn = Field(CURVE.n, CURVE.nBitLength); + const toBytes = CURVE.toBytes || + ((_c, point, _isCompressed) => { + const a = point.toAffine(); + return concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y)); + }); + const fromBytes = CURVE.fromBytes || + ((bytes) => { + // const head = bytes[0]; + const tail = bytes.subarray(1); + // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported'); + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + }); + /** + * y² = x³ + ax + b: Short weierstrass curve formula + * @returns y² + */ + function weierstrassEquation(x) { + const { a, b } = CURVE; + const x2 = Fp.sqr(x); // x * x + const x3 = Fp.mul(x2, x); // x2 * x + return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b + } + // Validate whether the passed curve params are valid. + // We check if curve equation works for generator point. + // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381. + // ProjectivePoint class has not been initialized yet. + if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx))) + throw new Error('bad generator point: equation left != right'); + // Valid group elements reside in range 1..n-1 + function isWithinCurveOrder(num) { + return inRange(num, _1n$4, CURVE.n); + } + // Validates if priv key is valid and converts it to bigint. + // Supports options allowedPrivateKeyLengths and wrapPrivateKey. + function normPrivateKeyToScalar(key) { + const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE; + if (lengths && typeof key !== 'bigint') { + if (isBytes(key)) + key = bytesToHex(key); + // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes + if (typeof key !== 'string' || !lengths.includes(key.length)) + throw new Error('Invalid key'); + key = key.padStart(nByteLength * 2, '0'); + } + let num; + try { + num = + typeof key === 'bigint' + ? key + : bytesToNumberBE(ensureBytes('private key', key, nByteLength)); + } + catch (error) { + throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`); + } + if (wrapPrivateKey) + num = mod(num, N); // disabled by default, enabled for BLS + aInRange('private key', num, _1n$4, N); // num in range [1..N-1] + return num; + } + function assertPrjPoint(other) { + if (!(other instanceof Point)) + throw new Error('ProjectivePoint expected'); + } + // Memoized toAffine / validity check. They are heavy. Points are immutable. + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + const toAffineMemo = memoized((p, iz) => { + const { px: x, py: y, pz: z } = p; + // Fast-path for normalized points + if (Fp.eql(z, Fp.ONE)) + return { x, y }; + const is0 = p.is0(); + // If invZ was 0, we return zero point. However we still want to execute + // all operations, so we replace invZ with a random number, 1. + if (iz == null) + iz = is0 ? Fp.ONE : Fp.inv(z); + const ax = Fp.mul(x, iz); + const ay = Fp.mul(y, iz); + const zz = Fp.mul(z, iz); + if (is0) + return { x: Fp.ZERO, y: Fp.ZERO }; + if (!Fp.eql(zz, Fp.ONE)) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + // NOTE: on exception this will crash 'cached' and no value will be set. + // Otherwise true will be return + const assertValidMemo = memoized((p) => { + if (p.is0()) { + // (0, 1, 0) aka ZERO is invalid in most contexts. + // In BLS, ZERO can be serialized, so we allow it. + // (0, 0, 0) is wrong representation of ZERO and is always invalid. + if (CURVE.allowInfinityPoint && !Fp.is0(p.py)) + return; + throw new Error('bad point: ZERO'); + } + // Some 3rd-party test vectors require different wording between here & `fromCompressedHex` + const { x, y } = p.toAffine(); + // Check if x, y are valid field elements + if (!Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('bad point: x or y not FE'); + const left = Fp.sqr(y); // y² + const right = weierstrassEquation(x); // x³ + ax + b + if (!Fp.eql(left, right)) + throw new Error('bad point: equation left != right'); + if (!p.isTorsionFree()) + throw new Error('bad point: not in prime-order subgroup'); + return true; + }); + /** + * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z) + * Default Point works in 2d / affine coordinates: (x, y) + * We're doing calculations in projective, because its operations don't require costly inversion. + */ + class Point { + constructor(px, py, pz) { + this.px = px; + this.py = py; + this.pz = pz; + if (px == null || !Fp.isValid(px)) + throw new Error('x required'); + if (py == null || !Fp.isValid(py)) + throw new Error('y required'); + if (pz == null || !Fp.isValid(pz)) + throw new Error('z required'); + Object.freeze(this); + } + // Does not validate if the point is on-curve. + // Use fromHex instead, or call assertValidity() later. + static fromAffine(p) { + const { x, y } = p || {}; + if (!p || !Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('invalid affine point'); + if (p instanceof Point) + throw new Error('projective point not allowed'); + const is0 = (i) => Fp.eql(i, Fp.ZERO); + // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0) + if (is0(x) && is0(y)) + return Point.ZERO; + return new Point(x, y, Fp.ONE); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + /** + * Takes a bunch of Projective Points but executes only one + * inversion on all of them. Inversion is very slow operation, + * so this improves performance massively. + * Optimization: converts a list of projective points to a list of identical points with Z=1. + */ + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.pz)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + /** + * Converts hash string or Uint8Array to Point. + * @param hex short/long ECDSA hex + */ + static fromHex(hex) { + const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex))); + P.assertValidity(); + return P; + } + // Multiplies generator point by privateKey. + static fromPrivateKey(privateKey) { + return Point.BASE.multiply(normPrivateKeyToScalar(privateKey)); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // A point on curve is valid if it conforms to equation. + assertValidity() { + assertValidMemo(this); + } + hasEvenY() { + const { y } = this.toAffine(); + if (Fp.isOdd) + return !Fp.isOdd(y); + throw new Error("Field doesn't support isOdd"); + } + /** + * Compare one point to another. + */ + equals(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1)); + const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1)); + return U1 && U2; + } + /** + * Flips point to one corresponding to (x, -y) in Affine coordinates. + */ + negate() { + return new Point(this.px, Fp.neg(this.py), this.pz); + } + // Renes-Costello-Batina exception-free doubling formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 3 + // Cost: 8M + 3S + 3*a + 2*b3 + 15add. + double() { + const { a, b } = CURVE; + const b3 = Fp.mul(b, _3n$1); + const { px: X1, py: Y1, pz: Z1 } = this; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + let t0 = Fp.mul(X1, X1); // step 1 + let t1 = Fp.mul(Y1, Y1); + let t2 = Fp.mul(Z1, Z1); + let t3 = Fp.mul(X1, Y1); + t3 = Fp.add(t3, t3); // step 5 + Z3 = Fp.mul(X1, Z1); + Z3 = Fp.add(Z3, Z3); + X3 = Fp.mul(a, Z3); + Y3 = Fp.mul(b3, t2); + Y3 = Fp.add(X3, Y3); // step 10 + X3 = Fp.sub(t1, Y3); + Y3 = Fp.add(t1, Y3); + Y3 = Fp.mul(X3, Y3); + X3 = Fp.mul(t3, X3); + Z3 = Fp.mul(b3, Z3); // step 15 + t2 = Fp.mul(a, t2); + t3 = Fp.sub(t0, t2); + t3 = Fp.mul(a, t3); + t3 = Fp.add(t3, Z3); + Z3 = Fp.add(t0, t0); // step 20 + t0 = Fp.add(Z3, t0); + t0 = Fp.add(t0, t2); + t0 = Fp.mul(t0, t3); + Y3 = Fp.add(Y3, t0); + t2 = Fp.mul(Y1, Z1); // step 25 + t2 = Fp.add(t2, t2); + t0 = Fp.mul(t2, t3); + X3 = Fp.sub(X3, t0); + Z3 = Fp.mul(t2, t1); + Z3 = Fp.add(Z3, Z3); // step 30 + Z3 = Fp.add(Z3, Z3); + return new Point(X3, Y3, Z3); + } + // Renes-Costello-Batina exception-free addition formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 1 + // Cost: 12M + 0S + 3*a + 3*b3 + 23add. + add(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + const a = CURVE.a; + const b3 = Fp.mul(CURVE.b, _3n$1); + let t0 = Fp.mul(X1, X2); // step 1 + let t1 = Fp.mul(Y1, Y2); + let t2 = Fp.mul(Z1, Z2); + let t3 = Fp.add(X1, Y1); + let t4 = Fp.add(X2, Y2); // step 5 + t3 = Fp.mul(t3, t4); + t4 = Fp.add(t0, t1); + t3 = Fp.sub(t3, t4); + t4 = Fp.add(X1, Z1); + let t5 = Fp.add(X2, Z2); // step 10 + t4 = Fp.mul(t4, t5); + t5 = Fp.add(t0, t2); + t4 = Fp.sub(t4, t5); + t5 = Fp.add(Y1, Z1); + X3 = Fp.add(Y2, Z2); // step 15 + t5 = Fp.mul(t5, X3); + X3 = Fp.add(t1, t2); + t5 = Fp.sub(t5, X3); + Z3 = Fp.mul(a, t4); + X3 = Fp.mul(b3, t2); // step 20 + Z3 = Fp.add(X3, Z3); + X3 = Fp.sub(t1, Z3); + Z3 = Fp.add(t1, Z3); + Y3 = Fp.mul(X3, Z3); + t1 = Fp.add(t0, t0); // step 25 + t1 = Fp.add(t1, t0); + t2 = Fp.mul(a, t2); + t4 = Fp.mul(b3, t4); + t1 = Fp.add(t1, t2); + t2 = Fp.sub(t0, t2); // step 30 + t2 = Fp.mul(a, t2); + t4 = Fp.add(t4, t2); + t0 = Fp.mul(t1, t4); + Y3 = Fp.add(Y3, t0); + t0 = Fp.mul(t5, t4); // step 35 + X3 = Fp.mul(t3, X3); + X3 = Fp.sub(X3, t0); + t0 = Fp.mul(t3, t1); + Z3 = Fp.mul(t5, Z3); + Z3 = Fp.add(Z3, t0); // step 40 + return new Point(X3, Y3, Z3); + } + subtract(other) { + return this.add(other.negate()); + } + is0() { + return this.equals(Point.ZERO); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + /** + * Non-constant-time multiplication. Uses double-and-add algorithm. + * It's faster, but should only be used when you don't care about + * an exposed private key e.g. sig verification, which works over *public* keys. + */ + multiplyUnsafe(sc) { + aInRange('scalar', sc, _0n$2, CURVE.n); + const I = Point.ZERO; + if (sc === _0n$2) + return I; + if (sc === _1n$4) + return this; + const { endo } = CURVE; + if (!endo) + return wnaf.unsafeLadder(this, sc); + // Apply endomorphism + let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc); + let k1p = I; + let k2p = I; + let d = this; + while (k1 > _0n$2 || k2 > _0n$2) { + if (k1 & _1n$4) + k1p = k1p.add(d); + if (k2 & _1n$4) + k2p = k2p.add(d); + d = d.double(); + k1 >>= _1n$4; + k2 >>= _1n$4; + } + if (k1neg) + k1p = k1p.negate(); + if (k2neg) + k2p = k2p.negate(); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + return k1p.add(k2p); + } + /** + * Constant time multiplication. + * Uses wNAF method. Windowed method may be 10% faster, + * but takes 2x longer to generate and consumes 2x memory. + * Uses precomputes when available. + * Uses endomorphism for Koblitz curves. + * @param scalar by which the point would be multiplied + * @returns New point + */ + multiply(scalar) { + const { endo, n: N } = CURVE; + aInRange('scalar', scalar, _1n$4, N); + let point, fake; // Fake point is used to const-time mult + if (endo) { + const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar); + let { p: k1p, f: f1p } = this.wNAF(k1); + let { p: k2p, f: f2p } = this.wNAF(k2); + k1p = wnaf.constTimeNegate(k1neg, k1p); + k2p = wnaf.constTimeNegate(k2neg, k2p); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + point = k1p.add(k2p); + fake = f1p.add(f2p); + } + else { + const { p, f } = this.wNAF(scalar); + point = p; + fake = f; + } + // Normalize `z` for both points, but return only real one + return Point.normalizeZ([point, fake])[0]; + } + /** + * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly. + * Not using Strauss-Shamir trick: precomputation tables are faster. + * The trick could be useful if both P and Q are not G (not in our case). + * @returns non-zero affine point + */ + multiplyAndAddUnsafe(Q, a, b) { + const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes + const mul = (P, a // Select faster multiply() method + ) => (a === _0n$2 || a === _1n$4 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a)); + const sum = mul(this, a).add(mul(Q, b)); + return sum.is0() ? undefined : sum; + } + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + toAffine(iz) { + return toAffineMemo(this, iz); + } + isTorsionFree() { + const { h: cofactor, isTorsionFree } = CURVE; + if (cofactor === _1n$4) + return true; // No subgroups, always torsion-free + if (isTorsionFree) + return isTorsionFree(Point, this); + throw new Error('isTorsionFree() has not been declared for the elliptic curve'); + } + clearCofactor() { + const { h: cofactor, clearCofactor } = CURVE; + if (cofactor === _1n$4) + return this; // Fast-path + if (clearCofactor) + return clearCofactor(Point, this); + return this.multiplyUnsafe(CURVE.h); + } + toRawBytes(isCompressed = true) { + abool('isCompressed', isCompressed); + this.assertValidity(); + return toBytes(Point, this, isCompressed); + } + toHex(isCompressed = true) { + abool('isCompressed', isCompressed); + return bytesToHex(this.toRawBytes(isCompressed)); + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); + Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); + const _bits = CURVE.nBitLength; + const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); + // Validate if generator point is on curve + return { + CURVE, + ProjectivePoint: Point, + normPrivateKeyToScalar, + weierstrassEquation, + isWithinCurveOrder, + }; +} +function validateOpts$2(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + hash: 'hash', + hmac: 'function', + randomBytes: 'function', + }, { + bits2int: 'function', + bits2int_modN: 'function', + lowS: 'boolean', + }); + return Object.freeze({ lowS: true, ...opts }); +} +/** + * Creates short weierstrass curve and ECDSA signature methods for it. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, b, p, n, Gx, Gy + * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n }) + */ +function weierstrass(curveDef) { + const CURVE = validateOpts$2(curveDef); + const { Fp, n: CURVE_ORDER } = CURVE; + const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32 + const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32 + function modN(a) { + return mod(a, CURVE_ORDER); + } + function invN(a) { + return invert(a, CURVE_ORDER); + } + const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({ + ...CURVE, + toBytes(_c, point, isCompressed) { + const a = point.toAffine(); + const x = Fp.toBytes(a.x); + const cat = concatBytes; + abool('isCompressed', isCompressed); + if (isCompressed) { + return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x); + } + else { + return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y)); + } + }, + fromBytes(bytes) { + const len = bytes.length; + const head = bytes[0]; + const tail = bytes.subarray(1); + // this.assertValidity() is done inside of fromHex + if (len === compressedLen && (head === 0x02 || head === 0x03)) { + const x = bytesToNumberBE(tail); + if (!inRange(x, _1n$4, Fp.ORDER)) + throw new Error('Point is not on curve'); + const y2 = weierstrassEquation(x); // y² = x³ + ax + b + let y; + try { + y = Fp.sqrt(y2); // y = y² ^ (p+1)/4 + } + catch (sqrtError) { + const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : ''; + throw new Error('Point is not on curve' + suffix); + } + const isYOdd = (y & _1n$4) === _1n$4; + // ECDSA + const isHeadOdd = (head & 1) === 1; + if (isHeadOdd !== isYOdd) + y = Fp.neg(y); + return { x, y }; + } + else if (len === uncompressedLen && head === 0x04) { + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + } + else { + throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`); + } + }, + }); + const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength)); + function isBiggerThanHalfOrder(number) { + const HALF = CURVE_ORDER >> _1n$4; + return number > HALF; + } + function normalizeS(s) { + return isBiggerThanHalfOrder(s) ? modN(-s) : s; + } + // slice bytes num + const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to)); + /** + * ECDSA signature with its (r, s) properties. Supports DER & compact representations. + */ + class Signature { + constructor(r, s, recovery) { + this.r = r; + this.s = s; + this.recovery = recovery; + this.assertValidity(); + } + // pair (bytes of r, bytes of s) + static fromCompact(hex) { + const l = CURVE.nByteLength; + hex = ensureBytes('compactSignature', hex, l * 2); + return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l)); + } + // DER encoded ECDSA signature + // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script + static fromDER(hex) { + const { r, s } = DER.toSig(ensureBytes('DER', hex)); + return new Signature(r, s); + } + assertValidity() { + aInRange('r', this.r, _1n$4, CURVE_ORDER); // r in [1..N] + aInRange('s', this.s, _1n$4, CURVE_ORDER); // s in [1..N] + } + addRecoveryBit(recovery) { + return new Signature(this.r, this.s, recovery); + } + recoverPublicKey(msgHash) { + const { r, s, recovery: rec } = this; + const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash + if (rec == null || ![0, 1, 2, 3].includes(rec)) + throw new Error('recovery id invalid'); + const radj = rec === 2 || rec === 3 ? r + CURVE.n : r; + if (radj >= Fp.ORDER) + throw new Error('recovery id 2 or 3 invalid'); + const prefix = (rec & 1) === 0 ? '02' : '03'; + const R = Point.fromHex(prefix + numToNByteStr(radj)); + const ir = invN(radj); // r^-1 + const u1 = modN(-h * ir); // -hr^-1 + const u2 = modN(s * ir); // sr^-1 + const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1) + if (!Q) + throw new Error('point at infinify'); // unsafe is fine: no priv data leaked + Q.assertValidity(); + return Q; + } + // Signatures should be low-s, to prevent malleability. + hasHighS() { + return isBiggerThanHalfOrder(this.s); + } + normalizeS() { + return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this; + } + // DER-encoded + toDERRawBytes() { + return hexToBytes(this.toDERHex()); + } + toDERHex() { + return DER.hexFromSig({ r: this.r, s: this.s }); + } + // padded bytes of r, then padded bytes of s + toCompactRawBytes() { + return hexToBytes(this.toCompactHex()); + } + toCompactHex() { + return numToNByteStr(this.r) + numToNByteStr(this.s); + } + } + const utils = { + isValidPrivateKey(privateKey) { + try { + normPrivateKeyToScalar(privateKey); + return true; + } + catch (error) { + return false; + } + }, + normPrivateKeyToScalar: normPrivateKeyToScalar, + /** + * Produces cryptographically secure private key from random of size + * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible. + */ + randomPrivateKey: () => { + const length = getMinHashLength(CURVE.n); + return mapHashToField(CURVE.randomBytes(length), CURVE.n); + }, + /** + * Creates precompute table for an arbitrary EC point. Makes point "cached". + * Allows to massively speed-up `point.multiply(scalar)`. + * @returns cached point + * @example + * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey)); + * fast.multiply(privKey); // much faster ECDH now + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here + return point; + }, + }; + /** + * Computes public key for a private key. Checks for validity of the private key. + * @param privateKey private key + * @param isCompressed whether to return compact (default), or full key + * @returns Public key, full when isCompressed=false; short when isCompressed=true + */ + function getPublicKey(privateKey, isCompressed = true) { + return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed); + } + /** + * Quick and dirty check for item being public key. Does not validate hex, or being on-curve. + */ + function isProbPub(item) { + const arr = isBytes(item); + const str = typeof item === 'string'; + const len = (arr || str) && item.length; + if (arr) + return len === compressedLen || len === uncompressedLen; + if (str) + return len === 2 * compressedLen || len === 2 * uncompressedLen; + if (item instanceof Point) + return true; + return false; + } + /** + * ECDH (Elliptic Curve Diffie Hellman). + * Computes shared public key from private key and public key. + * Checks: 1) private key validity 2) shared key is on-curve. + * Does NOT hash the result. + * @param privateA private key + * @param publicB different public key + * @param isCompressed whether to return compact (default), or full key + * @returns shared public key + */ + function getSharedSecret(privateA, publicB, isCompressed = true) { + if (isProbPub(privateA)) + throw new Error('first arg must be private key'); + if (!isProbPub(publicB)) + throw new Error('second arg must be public key'); + const b = Point.fromHex(publicB); // check for being on-curve + return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed); + } + // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets. + // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int. + // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same. + // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors + const bits2int = CURVE.bits2int || + function (bytes) { + // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m) + // for some cases, since bytes.length * 8 is not actual bitLength. + const num = bytesToNumberBE(bytes); // check for == u8 done here + const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits + return delta > 0 ? num >> BigInt(delta) : num; + }; + const bits2int_modN = CURVE.bits2int_modN || + function (bytes) { + return modN(bits2int(bytes)); // can't use bytesToNumberBE here + }; + // NOTE: pads output with zero as per spec + const ORDER_MASK = bitMask(CURVE.nBitLength); + /** + * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`. + */ + function int2octets(num) { + aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n$2, ORDER_MASK); + // works with order, can have different size than numToField! + return numberToBytesBE(num, CURVE.nByteLength); + } + // Steps A, D of RFC6979 3.2 + // Creates RFC6979 seed; converts msg/privKey to numbers. + // Used only in sign, not in verify. + // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521. + // Also it can be bigger for P224 + SHA256 + function prepSig(msgHash, privateKey, opts = defaultSigOpts) { + if (['recovered', 'canonical'].some((k) => k in opts)) + throw new Error('sign() legacy options not supported'); + const { hash, randomBytes } = CURVE; + let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default + if (lowS == null) + lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash + msgHash = ensureBytes('msgHash', msgHash); + validateSigVerOpts(opts); + if (prehash) + msgHash = ensureBytes('prehashed msgHash', hash(msgHash)); + // We can't later call bits2octets, since nested bits2int is broken for curves + // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call. + // const bits2octets = (bits) => int2octets(bits2int_modN(bits)) + const h1int = bits2int_modN(msgHash); + const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint + const seedArgs = [int2octets(d), int2octets(h1int)]; + // extraEntropy. RFC6979 3.6: additional k' (optional). + if (ent != null && ent !== false) { + // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') + const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is + seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes + } + const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2 + const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash! + // Converts signature params into point w r/s, checks result for validity. + function k2sig(kBytes) { + // RFC 6979 Section 3.2, step 3: k = bits2int(T) + const k = bits2int(kBytes); // Cannot use fields methods, since it is group element + if (!isWithinCurveOrder(k)) + return; // Important: all mod() calls here must be done over N + const ik = invN(k); // k^-1 mod n + const q = Point.BASE.multiply(k).toAffine(); // q = Gk + const r = modN(q.x); // r = q.x mod n + if (r === _0n$2) + return; + // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to + // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it: + // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT + const s = modN(ik * modN(m + r * d)); // Not using blinding here + if (s === _0n$2) + return; + let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$4); // recovery bit (2 or 3, when q.x > n) + let normS = s; + if (lowS && isBiggerThanHalfOrder(s)) { + normS = normalizeS(s); // if lowS was passed, ensure s is always + recovery ^= 1; // // in the bottom half of N + } + return new Signature(r, normS, recovery); // use normS, not s + } + return { seed, k2sig }; + } + const defaultSigOpts = { lowS: CURVE.lowS, prehash: false }; + const defaultVerOpts = { lowS: CURVE.lowS, prehash: false }; + /** + * Signs message hash with a private key. + * ``` + * sign(m, d, k) where + * (x, y) = G × k + * r = x mod n + * s = (m + dr)/k mod n + * ``` + * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`. + * @param privKey private key + * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg. + * @returns signature with recovery param + */ + function sign(msgHash, privKey, opts = defaultSigOpts) { + const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2. + const C = CURVE; + const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac); + return drbg(seed, k2sig); // Steps B, C, D, E, F, G + } + // Enable precomputes. Slows down first publicKey computation by 20ms. + Point.BASE._setWindowSize(8); + // utils.precompute(8, ProjectivePoint.BASE) + /** + * Verifies a signature against message hash and public key. + * Rejects lowS signatures by default: to override, + * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf: + * + * ``` + * verify(r, s, h, P) where + * U1 = hs^-1 mod n + * U2 = rs^-1 mod n + * R = U1⋅G - U2⋅P + * mod(R.x, n) == r + * ``` + */ + function verify(signature, msgHash, publicKey, opts = defaultVerOpts) { + const sg = signature; + msgHash = ensureBytes('msgHash', msgHash); + publicKey = ensureBytes('publicKey', publicKey); + if ('strict' in opts) + throw new Error('options.strict was renamed to lowS'); + validateSigVerOpts(opts); + const { lowS, prehash } = opts; + let _sig = undefined; + let P; + try { + if (typeof sg === 'string' || isBytes(sg)) { + // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). + // Since DER can also be 2*nByteLength bytes, we check for it first. + try { + _sig = Signature.fromDER(sg); + } + catch (derError) { + if (!(derError instanceof DER.Err)) + throw derError; + _sig = Signature.fromCompact(sg); + } + } + else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') { + const { r, s } = sg; + _sig = new Signature(r, s); + } + else { + throw new Error('PARSE'); + } + P = Point.fromHex(publicKey); + } + catch (error) { + if (error.message === 'PARSE') + throw new Error(`signature must be Signature instance, Uint8Array or hex string`); + return false; + } + if (lowS && _sig.hasHighS()) + return false; + if (prehash) + msgHash = CURVE.hash(msgHash); + const { r, s } = _sig; + const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element + const is = invN(s); // s^-1 + const u1 = modN(h * is); // u1 = hs^-1 mod n + const u2 = modN(r * is); // u2 = rs^-1 mod n + const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P + if (!R) + return false; + const v = modN(R.x); + return v === r; + } + return { + CURVE, + getPublicKey, + getSharedSecret, + sign, + verify, + ProjectivePoint: Point, + Signature, + utils, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// connects noble-curves to noble-hashes +function getHash(hash) { + return { + hash, + hmac: (key, ...msgs) => hmac(hash, key, concatBytes$1(...msgs)), + randomBytes, + }; +} +function createCurve(curveDef, defHash) { + const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); + return Object.freeze({ ...create(defHash), create }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp256r1 aka p256 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 +const Fp$7 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')); +const CURVE_A$4 = Fp$7.create(BigInt('-3')); +const CURVE_B$4 = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'); +// prettier-ignore +const p256 = createCurve({ + a: CURVE_A$4, // Equation params: a, b + b: CURVE_B$4, + Fp: Fp$7, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n + // Curve order, total count of valid points in the field + n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'), + // Base (generator) point (x, y) + Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'), + Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'), + h: BigInt(1), + lowS: false, +}, sha256); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp384r1 aka p384 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 +// Field over which we'll do calculations. +// prettier-ignore +const P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'); +const Fp$6 = Field(P$1); +const CURVE_A$3 = Fp$6.create(BigInt('-3')); +// prettier-ignore +const CURVE_B$3 = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'); +// prettier-ignore +const p384 = createCurve({ + a: CURVE_A$3, // Equation params: a, b + b: CURVE_B$3, + Fp: Fp$6, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n + // Curve order, total count of valid points in the field. + n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'), + // Base (generator) point (x, y) + Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'), + Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'), + h: BigInt(1), + lowS: false, +}, sha384); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp521r1 aka p521 +// Note that it's 521, which differs from 512 of its hash function. +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521 +// Field over which we'll do calculations. +// prettier-ignore +const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); +const Fp$5 = Field(P); +const CURVE = { + a: Fp$5.create(BigInt('-3')), + b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'), + Fp: Fp$5, + n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'), + Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'), + Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'), + h: BigInt(1), +}; +// prettier-ignore +const p521 = createCurve({ + a: CURVE.a, // Equation params: a, b + b: CURVE.b, + Fp: Fp$5, // Field: 2n**521n - 1n + // Curve order, total count of valid points in the field + n: CURVE.n, + Gx: CURVE.Gx, // Base point (x, y) aka generator point + Gy: CURVE.Gy, + h: CURVE.h, + lowS: false, + allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b +}, sha512); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n = BigInt(8); +// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex: +const VERIFY_DEFAULT = { zip215: true }; +function validateOpts$1(curve) { + const opts = validateBasic(curve); + validateObject(curve, { + hash: 'function', + a: 'bigint', + d: 'bigint', + randomBytes: 'function', + }, { + adjustScalarBytes: 'function', + domain: 'function', + uvRatio: 'function', + mapToCurve: 'function', + }); + // Set defaults + return Object.freeze({ ...opts }); +} +/** + * Creates Twisted Edwards curve with EdDSA signatures. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h + * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h }) + */ +function twistedEdwards(curveDef) { + const CURVE = validateOpts$1(curveDef); + const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE; + const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3); + const modP = Fp.create; // Function overrides + const Fn = Field(CURVE.n, CURVE.nBitLength); + // sqrt(u/v) + const uvRatio = CURVE.uvRatio || + ((u, v) => { + try { + return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) }; + } + catch (e) { + return { isValid: false, value: _0n$1 }; + } + }); + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP + const domain = CURVE.domain || + ((data, ctx, phflag) => { + abool('phflag', phflag); + if (ctx.length || phflag) + throw new Error('Contexts/pre-hash are not supported'); + return data; + }); // NOOP + // 0 <= n < MASK + // Coordinates larger than Fp.ORDER are allowed for zip215 + function aCoordinate(title, n) { + aInRange('coordinate ' + title, n, _0n$1, MASK); + } + function assertPoint(other) { + if (!(other instanceof Point)) + throw new Error('ExtendedPoint expected'); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + const toAffineMemo = memoized((p, iz) => { + const { ex: x, ey: y, ez: z } = p; + const is0 = p.is0(); + if (iz == null) + iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily + const ax = modP(x * iz); + const ay = modP(y * iz); + const zz = modP(z * iz); + if (is0) + return { x: _0n$1, y: _1n$3 }; + if (zz !== _1n$3) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + const assertValidMemo = memoized((p) => { + const { a, d } = CURVE; + if (p.is0()) + throw new Error('bad point: ZERO'); // TODO: optimize, with vars below? + // Equation in affine coordinates: ax² + y² = 1 + dx²y² + // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y² + const { ex: X, ey: Y, ez: Z, et: T } = p; + const X2 = modP(X * X); // X² + const Y2 = modP(Y * Y); // Y² + const Z2 = modP(Z * Z); // Z² + const Z4 = modP(Z2 * Z2); // Z⁴ + const aX2 = modP(X2 * a); // aX² + const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z² + const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y² + if (left !== right) + throw new Error('bad point: equation left != right (1)'); + // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T + const XY = modP(X * Y); + const ZT = modP(Z * T); + if (XY !== ZT) + throw new Error('bad point: equation left != right (2)'); + return true; + }); + // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy). + // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates + class Point { + constructor(ex, ey, ez, et) { + this.ex = ex; + this.ey = ey; + this.ez = ez; + this.et = et; + aCoordinate('x', ex); + aCoordinate('y', ey); + aCoordinate('z', ez); + aCoordinate('t', et); + Object.freeze(this); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + static fromAffine(p) { + if (p instanceof Point) + throw new Error('extended point not allowed'); + const { x, y } = p || {}; + aCoordinate('x', x); + aCoordinate('y', y); + return new Point(x, y, _1n$3, modP(x * y)); + } + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.ez)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // Not required for fromHex(), which always creates valid points. + // Could be useful for fromAffine(). + assertValidity() { + assertValidMemo(this); + } + // Compare one point to another. + equals(other) { + assertPoint(other); + const { ex: X1, ey: Y1, ez: Z1 } = this; + const { ex: X2, ey: Y2, ez: Z2 } = other; + const X1Z2 = modP(X1 * Z2); + const X2Z1 = modP(X2 * Z1); + const Y1Z2 = modP(Y1 * Z2); + const Y2Z1 = modP(Y2 * Z1); + return X1Z2 === X2Z1 && Y1Z2 === Y2Z1; + } + is0() { + return this.equals(Point.ZERO); + } + negate() { + // Flips point sign to a negative one (-x, y in affine coords) + return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et)); + } + // Fast algo for doubling Extended Point. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd + // Cost: 4M + 4S + 1*a + 6add + 1*2. + double() { + const { a } = CURVE; + const { ex: X1, ey: Y1, ez: Z1 } = this; + const A = modP(X1 * X1); // A = X12 + const B = modP(Y1 * Y1); // B = Y12 + const C = modP(_2n$2 * modP(Z1 * Z1)); // C = 2*Z12 + const D = modP(a * A); // D = a*A + const x1y1 = X1 + Y1; + const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B + const G = D + B; // G = D+B + const F = G - C; // F = G-C + const H = D - B; // H = D-B + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + // Fast algo for adding 2 Extended Points. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd + // Cost: 9M + 1*a + 1*d + 7add. + add(other) { + assertPoint(other); + const { a, d } = CURVE; + const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this; + const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other; + // Faster algo for adding 2 Extended Points when curve's a=-1. + // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4 + // Cost: 8M + 8add + 2*2. + // Note: It does not check whether the `other` point is valid. + if (a === BigInt(-1)) { + const A = modP((Y1 - X1) * (Y2 + X2)); + const B = modP((Y1 + X1) * (Y2 - X2)); + const F = modP(B - A); + if (F === _0n$1) + return this.double(); // Same point. Tests say it doesn't affect timing + const C = modP(Z1 * _2n$2 * T2); + const D = modP(T1 * _2n$2 * Z2); + const E = D + C; + const G = B + A; + const H = D - C; + const X3 = modP(E * F); + const Y3 = modP(G * H); + const T3 = modP(E * H); + const Z3 = modP(F * G); + return new Point(X3, Y3, Z3, T3); + } + const A = modP(X1 * X2); // A = X1*X2 + const B = modP(Y1 * Y2); // B = Y1*Y2 + const C = modP(T1 * d * T2); // C = T1*d*T2 + const D = modP(Z1 * Z2); // D = Z1*Z2 + const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B + const F = D - C; // F = D-C + const G = D + C; // G = D+C + const H = modP(B - a * A); // H = B-a*A + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + subtract(other) { + return this.add(other.negate()); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + // Constant-time multiplication. + multiply(scalar) { + const n = scalar; + aInRange('scalar', n, _1n$3, CURVE_ORDER); // 1 <= scalar < L + const { p, f } = this.wNAF(n); + return Point.normalizeZ([p, f])[0]; + } + // Non-constant-time multiplication. Uses double-and-add algorithm. + // It's faster, but should only be used when you don't care about + // an exposed private key e.g. sig verification. + // Does NOT allow scalars higher than CURVE.n. + multiplyUnsafe(scalar) { + const n = scalar; + aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L + if (n === _0n$1) + return I; + if (this.equals(I) || n === _1n$3) + return this; + if (this.equals(G)) + return this.wNAF(n).p; + return wnaf.unsafeLadder(this, n); + } + // Checks if point is of small order. + // If you add something to small order point, you will have "dirty" + // point with torsion component. + // Multiplies point by cofactor and checks if the result is 0. + isSmallOrder() { + return this.multiplyUnsafe(cofactor).is0(); + } + // Multiplies point by curve order and checks if the result is 0. + // Returns `false` is the point is dirty. + isTorsionFree() { + return wnaf.unsafeLadder(this, CURVE_ORDER).is0(); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + toAffine(iz) { + return toAffineMemo(this, iz); + } + clearCofactor() { + const { h: cofactor } = CURVE; + if (cofactor === _1n$3) + return this; + return this.multiplyUnsafe(cofactor); + } + // Converts hash string or Uint8Array to Point. + // Uses algo from RFC8032 5.1.3. + static fromHex(hex, zip215 = false) { + const { d, a } = CURVE; + const len = Fp.BYTES; + hex = ensureBytes('pointHex', hex, len); // copy hex to a new array + abool('zip215', zip215); + const normed = hex.slice(); // copy again, we'll manipulate it + const lastByte = hex[len - 1]; // select last byte + normed[len - 1] = lastByte & ~0x80; // clear last bit + const y = bytesToNumberLE(normed); + // RFC8032 prohibits >= p, but ZIP215 doesn't + // zip215=true: 0 <= y < MASK (2^256 for ed25519) + // zip215=false: 0 <= y < P (2^255-19 for ed25519) + const max = zip215 ? MASK : Fp.ORDER; + aInRange('pointHex.y', y, _0n$1, max); + // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case: + // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a) + const y2 = modP(y * y); // denominator is always non-0 mod p. + const u = modP(y2 - _1n$3); // u = y² - 1 + const v = modP(d * y2 - a); // v = d y² + 1. + let { isValid, value: x } = uvRatio(u, v); // √(u/v) + if (!isValid) + throw new Error('Point.fromHex: invalid y coordinate'); + const isXOdd = (x & _1n$3) === _1n$3; // There are 2 square roots. Use x_0 bit to select proper + const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit + if (!zip215 && x === _0n$1 && isLastByteOdd) + // if x=0 and x_0 = 1, fail + throw new Error('Point.fromHex: x=0 and x_0=1'); + if (isLastByteOdd !== isXOdd) + x = modP(-x); // if x_0 != x mod 2, set x = p-x + return Point.fromAffine({ x, y }); + } + static fromPrivateKey(privKey) { + return getExtendedPublicKey(privKey).point; + } + toRawBytes() { + const { x, y } = this.toAffine(); + const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y) + bytes[bytes.length - 1] |= x & _1n$3 ? 0x80 : 0; // when compressing, it's enough to store y + return bytes; // and use the last byte to encode sign of x + } + toHex() { + return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string. + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n$3, modP(CURVE.Gx * CURVE.Gy)); + Point.ZERO = new Point(_0n$1, _1n$3, _1n$3, _0n$1); // 0, 1, 1, 0 + const { BASE: G, ZERO: I } = Point; + const wnaf = wNAF(Point, nByteLength * 8); + function modN(a) { + return mod(a, CURVE_ORDER); + } + // Little-endian SHA512 with modulo n + function modN_LE(hash) { + return modN(bytesToNumberLE(hash)); + } + /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */ + function getExtendedPublicKey(key) { + const len = nByteLength; + key = ensureBytes('private key', key, len); + // Hash private key with curve's hash function to produce uniformingly random input + // Check byte lengths: ensure(64, h(ensure(32, key))) + const hashed = ensureBytes('hashed private key', cHash(key), 2 * len); + const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE + const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6) + const scalar = modN_LE(head); // The actual private scalar + const point = G.multiply(scalar); // Point on Edwards curve aka public key + const pointBytes = point.toRawBytes(); // Uint8Array representation + return { head, prefix, scalar, point, pointBytes }; + } + // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared + function getPublicKey(privKey) { + return getExtendedPublicKey(privKey).pointBytes; + } + // int('LE', SHA512(dom2(F, C) || msgs)) mod N + function hashDomainToScalar(context = new Uint8Array(), ...msgs) { + const msg = concatBytes(...msgs); + return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash))); + } + /** Signs message with privateKey. RFC8032 5.1.6 */ + function sign(msg, privKey, options = {}) { + msg = ensureBytes('message', msg); + if (prehash) + msg = prehash(msg); // for ed25519ph etc. + const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey); + const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M) + const R = G.multiply(r).toRawBytes(); // R = rG + const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M) + const s = modN(r + k * scalar); // S = (r + k * s) mod L + aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l + const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES)); + return ensureBytes('result', res, nByteLength * 2); // 64-byte signature + } + const verifyOpts = VERIFY_DEFAULT; + function verify(sig, msg, publicKey, options = verifyOpts) { + const { context, zip215 } = options; + const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7. + sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked. + msg = ensureBytes('message', msg); + if (zip215 !== undefined) + abool('zip215', zip215); + if (prehash) + msg = prehash(msg); // for ed25519ph, etc + const s = bytesToNumberLE(sig.slice(len, 2 * len)); + // zip215: true is good for consensus-critical apps and allows points < 2^256 + // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p + let A, R, SB; + try { + A = Point.fromHex(publicKey, zip215); + R = Point.fromHex(sig.slice(0, len), zip215); + SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside + } + catch (error) { + return false; + } + if (!zip215 && A.isSmallOrder()) + return false; + const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); + const RkA = R.add(A.multiplyUnsafe(k)); + // [8][S]B = [8]R + [8][k]A' + return RkA.subtract(SB).clearCofactor().equals(Point.ZERO); + } + G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms. + const utils = { + getExtendedPublicKey, + // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1. + randomPrivateKey: () => randomBytes(Fp.BYTES), + /** + * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT + * values. This slows down first getPublicKey() by milliseconds (see Speed section), + * but allows to speed-up subsequent getPublicKey() calls up to 20x. + * @param windowSize 2, 4, 8, 16 + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); + return point; + }, + }; + return { + CURVE, + getPublicKey, + sign, + verify, + ExtendedPoint: Point, + utils, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const _0n = BigInt(0); +const _1n$2 = BigInt(1); +function validateOpts(curve) { + validateObject(curve, { + a: 'bigint', + }, { + montgomeryBits: 'isSafeInteger', + nByteLength: 'isSafeInteger', + adjustScalarBytes: 'function', + domain: 'function', + powPminus2: 'function', + Gu: 'bigint', + }); + // Set defaults + return Object.freeze({ ...curve }); +} +// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748) +// Uses only one coordinate instead of two +function montgomery(curveDef) { + const CURVE = validateOpts(curveDef); + const { P } = CURVE; + const modP = (n) => mod(n, P); + const montgomeryBits = CURVE.montgomeryBits; + const montgomeryBytes = Math.ceil(montgomeryBits / 8); + const fieldLen = CURVE.nByteLength; + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); + const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P)); + // cswap from RFC7748. But it is not from RFC7748! + /* + cswap(swap, x_2, x_3): + dummy = mask(swap) AND (x_2 XOR x_3) + x_2 = x_2 XOR dummy + x_3 = x_3 XOR dummy + Return (x_2, x_3) + Where mask(swap) is the all-1 or all-0 word of the same length as x_2 + and x_3, computed, e.g., as mask(swap) = 0 - swap. + */ + function cswap(swap, x_2, x_3) { + const dummy = modP(swap * (x_2 - x_3)); + x_2 = modP(x_2 - dummy); + x_3 = modP(x_3 + dummy); + return [x_2, x_3]; + } + // x25519 from 4 + // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 + const a24 = (CURVE.a - BigInt(2)) / BigInt(4); + /** + * + * @param pointU u coordinate (x) on Montgomery Curve 25519 + * @param scalar by which the point would be multiplied + * @returns new Point on Montgomery curve + */ + function montgomeryLadder(u, scalar) { + aInRange('u', u, _0n, P); + aInRange('scalar', scalar, _0n, P); + // Section 5: Implementations MUST accept non-canonical values and process them as + // if they had been reduced modulo the field prime. + const k = scalar; + const x_1 = u; + let x_2 = _1n$2; + let z_2 = _0n; + let x_3 = u; + let z_3 = _1n$2; + let swap = _0n; + let sw; + for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) { + const k_t = (k >> t) & _1n$2; + swap ^= k_t; + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + swap = k_t; + const A = x_2 + z_2; + const AA = modP(A * A); + const B = x_2 - z_2; + const BB = modP(B * B); + const E = AA - BB; + const C = x_3 + z_3; + const D = x_3 - z_3; + const DA = modP(D * A); + const CB = modP(C * B); + const dacb = DA + CB; + const da_cb = DA - CB; + x_3 = modP(dacb * dacb); + z_3 = modP(x_1 * modP(da_cb * da_cb)); + x_2 = modP(AA * BB); + z_2 = modP(E * (AA + modP(a24 * E))); + } + // (x_2, x_3) = cswap(swap, x_2, x_3) + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + // (z_2, z_3) = cswap(swap, z_2, z_3) + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + // z_2^(p - 2) + const z2 = powPminus2(z_2); + // Return x_2 * (z_2^(p - 2)) + return modP(x_2 * z2); + } + function encodeUCoordinate(u) { + return numberToBytesLE(modP(u), montgomeryBytes); + } + function decodeUCoordinate(uEnc) { + // Section 5: When receiving such an array, implementations of X25519 + // MUST mask the most significant bit in the final byte. + const u = ensureBytes('u coordinate', uEnc, montgomeryBytes); + if (fieldLen === 32) + u[31] &= 127; // 0b0111_1111 + return bytesToNumberLE(u); + } + function decodeScalar(n) { + const bytes = ensureBytes('scalar', n); + const len = bytes.length; + if (len !== montgomeryBytes && len !== fieldLen) + throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`); + return bytesToNumberLE(adjustScalarBytes(bytes)); + } + function scalarMult(scalar, u) { + const pointU = decodeUCoordinate(u); + const _scalar = decodeScalar(scalar); + const pu = montgomeryLadder(pointU, _scalar); + // The result was not contributory + // https://cr.yp.to/ecdh.html#validate + if (pu === _0n) + throw new Error('Invalid private or public key received'); + return encodeUCoordinate(pu); + } + // Computes public key from private. By doing scalar multiplication of base point. + const GuBytes = encodeUCoordinate(CURVE.Gu); + function scalarMultBase(scalar) { + return scalarMult(scalar, GuBytes); + } + return { + scalarMult, + scalarMultBase, + getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey), + getPublicKey: (privateKey) => scalarMultBase(privateKey), + utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) }, + GuBytes: GuBytes, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +/** + * Edwards448 (not Ed448-Goldilocks) curve with following addons: + * - X448 ECDH + * - Decaf cofactor elimination + * - Elligator hash-to-group / point indistinguishability + * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2 + */ +const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); +const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); +const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); +// prettier-ignore +const _1n$1 = BigInt(1), _2n$1 = BigInt(2), _3n = BigInt(3); BigInt(4); const _11n = BigInt(11); +// prettier-ignore +const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223); +// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. +// Used for efficient square root calculation. +// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1] +function ed448_pow_Pminus3div4(x) { + const P = ed448P; + const b2 = (x * x * x) % P; + const b3 = (b2 * b2 * x) % P; + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n$1, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b222 = (pow2(b220, _2n$1, P) * b2) % P; + const b223 = (pow2(b222, _1n$1, P) * x) % P; + return (pow2(b223, _223n, P) * b222) % P; +} +function adjustScalarBytes(bytes) { + // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most + // significant bit of the last byte to 1. + bytes[0] &= 252; // 0b11111100 + // and the most significant bit of the last byte to 1. + bytes[55] |= 128; // 0b10000000 + // NOTE: is is NOOP for 56 bytes scalars (X25519/X448) + bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits) + return bytes; +} +// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. +// Uses algo from RFC8032 5.1.3. +function uvRatio(u, v) { + const P = ed448P; + // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3 + // To compute the square root of (u/v), the first step is to compute the + // candidate root x = (u/v)^((p+1)/4). This can be done using the + // following trick, to use a single modular powering for both the + // inversion of v and the square root: + // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p) + const u2v = mod(u * u * v, P); // u²v + const u3v = mod(u2v * u, P); // u³v + const u5v3 = mod(u3v * u2v * v, P); // u⁵v³ + const root = ed448_pow_Pminus3div4(u5v3); + const x = mod(u3v * root, P); + // Verify that root is exists + const x2 = mod(x * x, P); // x² + // If vx² = u, the recovered x-coordinate is x. Otherwise, no + // square root exists, and the decoding fails. + return { isValid: mod(x2 * v, P) === u, value: x }; +} +const Fp$4 = Field(ed448P, 456, true); +const ED448_DEF = { + // Param: a + a: BigInt(1), + // -39081. Negative number is P - number + d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'), + // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n + Fp: Fp$4, + // Subgroup order: how many points curve has; + // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n + n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + nBitLength: 456, + // Cofactor + h: BigInt(4), + // Base point (x, y) aka generator point + Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'), + Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'), + // SHAKE256(dom4(phflag,context)||x, 114) + hash: shake256_114, + randomBytes, + adjustScalarBytes, + // dom4 + domain: (data, ctx, phflag) => { + if (ctx.length > 255) + throw new Error(`Context is too big: ${ctx.length}`); + return concatBytes$1(utf8ToBytes$1('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); + }, + uvRatio, +}; +const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF); +// NOTE: there is no ed448ctx, since ed448 supports ctx by default +/* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 }); +const x448 = /* @__PURE__ */ (() => montgomery({ + a: BigInt(156326), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + montgomeryBits: 448, + nByteLength: 56, + P: ed448P, + Gu: BigInt(5), + powPminus2: (x) => { + const P = ed448P; + const Pminus3div4 = ed448_pow_Pminus3div4(x); + const Pminus3 = pow2(Pminus3div4, BigInt(2), P); + return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 + }, + adjustScalarBytes, + randomBytes, +}))(); +// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version +// Hash To Curve Elligator2 Map +(Fp$4.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic +BigInt(156326); +// 1-d +BigInt('39082'); +// 1-2d +BigInt('78163'); +// √(-d) +BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214'); +// 1 / √(-d) +BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716'); +BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); +const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); +const _1n = BigInt(1); +const _2n = BigInt(2); +const divNearest = (a, b) => (a + b / _2n) / b; +/** + * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit. + * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00] + */ +function sqrtMod(y) { + const P = secp256k1P; + // prettier-ignore + const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22); + // prettier-ignore + const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88); + const b2 = (y * y * y) % P; // x^3, 11 + const b3 = (b2 * b2 * y) % P; // x^7 + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b223 = (pow2(b220, _3n, P) * b3) % P; + const t1 = (pow2(b223, _23n, P) * b22) % P; + const t2 = (pow2(t1, _6n, P) * b2) % P; + const root = pow2(t2, _2n, P); + if (!Fp$3.eql(Fp$3.sqr(root), y)) + throw new Error('Cannot find square root'); + return root; +} +const Fp$3 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod }); +/** + * secp256k1 short weierstrass curve and ECDSA signatures over it. + */ +const secp256k1 = createCurve({ + a: BigInt(0), // equation params: a, b + b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 + Fp: Fp$3, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n + n: secp256k1N, // Curve order, total count of valid points in the field + // Base point (x, y) aka generator point + Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'), + Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'), + h: BigInt(1), // Cofactor + lowS: true, // Allow only low-S signatures by default in sign() and verify() + /** + * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism. + * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%. + * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit. + * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066 + */ + endo: { + beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'), + splitScalar: (k) => { + const n = secp256k1N; + const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15'); + const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'); + const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'); + const b2 = a1; + const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16) + const c1 = divNearest(b2 * k, n); + const c2 = divNearest(-b1 * k, n); + let k1 = mod(k - c1 * a1 - c2 * a2, n); + let k2 = mod(-c1 * b1 - c2 * b2, n); + const k1neg = k1 > POW_2_128; + const k2neg = k2 > POW_2_128; + if (k1neg) + k1 = n - k1; + if (k2neg) + k2 = n - k2; + if (k1 > POW_2_128 || k2 > POW_2_128) { + throw new Error('splitScalar: Endomorphism failed, k=' + k); + } + return { k1neg, k1, k2neg, k2 }; + }, + }, +}, sha256); +// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code. +// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki +BigInt(0); +secp256k1.ProjectivePoint; + +// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4 +// eslint-disable-next-line new-cap +const Fp$2 = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377')); +const CURVE_A$2 = Fp$2.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9')); +const CURVE_B$2 = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'); +// prettier-ignore +const brainpoolP256r1 = createCurve({ + a: CURVE_A$2, // Equation params: a, b + b: CURVE_B$2, + Fp: Fp$2, + // Curve order (q), total count of valid points in the field + n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'), + // Base (generator) point (x, y) + Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'), + Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'), + h: BigInt(1), + lowS: false +}, sha256); + +// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6 +// eslint-disable-next-line new-cap +const Fp$1 = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53')); +const CURVE_A$1 = Fp$1.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826')); +const CURVE_B$1 = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'); +// prettier-ignore +const brainpoolP384r1 = createCurve({ + a: CURVE_A$1, // Equation params: a, b + b: CURVE_B$1, + Fp: Fp$1, + // Curve order (q), total count of valid points in the field + n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'), + // Base (generator) point (x, y) + Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'), + Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'), + h: BigInt(1), + lowS: false +}, sha384); + +// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7 +// eslint-disable-next-line new-cap +const Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3')); +const CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca')); +const CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'); +// prettier-ignore +const brainpoolP512r1 = createCurve({ + a: CURVE_A, // Equation params: a, b + b: CURVE_B, + Fp, + // Curve order (q), total count of valid points in the field + n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'), + // Base (generator) point (x, y) + Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'), + Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'), + h: BigInt(1), + lowS: false +}, sha512); + +/** + * This file is needed to dynamic import the noble-curves. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleCurves = new Map(Object.entries({ + nistP256: p256, + nistP384: p384, + nistP521: p521, + brainpoolP256r1, + brainpoolP384r1, + brainpoolP512r1, + secp256k1, + x448, + ed448 +})); + +export { nobleCurves }; diff --git a/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs b/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs new file mode 100644 index 000000000..6f929bb9a --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs @@ -0,0 +1,3 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{w as t,g as s,i as h,C as i,M as e,j as n,s as r,a,d as o,k as l,l as f}from"./sha3.min.mjs";const c=/* @__PURE__ */new Uint32Array([1732584193,4023233417,2562383102,271733878,3285377520]),p=/* @__PURE__ */new Uint32Array(80);class d extends s{constructor(){super(64,20,8,!1),this.A=0|c[0],this.B=0|c[1],this.C=0|c[2],this.D=0|c[3],this.E=0|c[4]}get(){const{A:t,B:s,C:h,D:i,E:e}=this;return[t,s,h,i,e]}set(t,s,h,i,e){this.A=0|t,this.B=0|s,this.C=0|h,this.D=0|i,this.E=0|e}process(t,s){for(let h=0;h<16;h++,s+=4)p[h]=t.getUint32(s,!1);for(let t=16;t<80;t++)p[t]=h(p[t-3]^p[t-8]^p[t-14]^p[t-16],1);let{A:n,B:r,C:a,D:o,E:l}=this;for(let t=0;t<80;t++){let s,f;t<20?(s=i(r,a,o),f=1518500249):t<40?(s=r^a^o,f=1859775393):t<60?(s=e(r,a,o),f=2400959708):(s=r^a^o,f=3395469782);const c=h(n,5)+s+l+f+p[t]|0;l=o,o=a,a=h(r,30),r=n,n=c}n=n+this.A|0,r=r+this.B|0,a=a+this.C|0,o=o+this.D|0,l=l+this.E|0,this.set(n,r,a,o,l)}roundClean(){p.fill(0)}destroy(){this.set(0,0,0,0,0),this.buffer.fill(0)}}const u=/* @__PURE__ */t((()=>new d)),w=/* @__PURE__ */new Uint8Array([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),y=/* @__PURE__ */new Uint8Array(Array(16).fill(0).map(((t,s)=>s)));let A=[y],m=[/* @__PURE__ */y.map((t=>(9*t+5)%16))];for(let t=0;t<4;t++)for(let s of[A,m])s.push(s[t].map((t=>w[t])));const U=/* @__PURE__ */[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map((t=>new Uint8Array(t))),C=/* @__PURE__ */A.map(((t,s)=>t.map((t=>U[s][t])))),g=/* @__PURE__ */m.map(((t,s)=>t.map((t=>U[s][t])))),b=/* @__PURE__ */new Uint32Array([0,1518500249,1859775393,2400959708,2840853838]),B=/* @__PURE__ */new Uint32Array([1352829926,1548603684,1836072691,2053994217,0]);function D(t,s,h,i){return 0===t?s^h^i:1===t?s&h|~s&i:2===t?(s|~h)^i:3===t?s&i|h&~i:s^(h|~i)}const E=/* @__PURE__ */new Uint32Array(16);class j extends s{constructor(){super(64,20,8,!0),this.h0=1732584193,this.h1=-271733879,this.h2=-1732584194,this.h3=271733878,this.h4=-1009589776}get(){const{h0:t,h1:s,h2:h,h3:i,h4:e}=this;return[t,s,h,i,e]}set(t,s,h,i,e){this.h0=0|t,this.h1=0|s,this.h2=0|h,this.h3=0|i,this.h4=0|e}process(t,s){for(let h=0;h<16;h++,s+=4)E[h]=t.getUint32(s,!0);let i=0|this.h0,e=i,n=0|this.h1,r=n,a=0|this.h2,o=a,l=0|this.h3,f=l,c=0|this.h4,p=c;for(let t=0;t<5;t++){const s=4-t,d=b[t],u=B[t],w=A[t],y=m[t],U=C[t],j=g[t];for(let s=0;s<16;s++){const e=h(i+D(t,n,a,l)+E[w[s]]+d,U[s])+c|0;i=c,c=l,l=0|h(a,10),a=n,n=e}for(let t=0;t<16;t++){const i=h(e+D(s,r,o,f)+E[y[t]]+u,j[t])+p|0;e=p,p=f,f=0|h(o,10),o=r,r=i}}this.set(this.h1+a+f|0,this.h2+l+p|0,this.h3+c+e|0,this.h4+i+r|0,this.h0+n+o|0)}roundClean(){E.fill(0)}destroy(){this.destroyed=!0,this.buffer.fill(0),this.set(0,0,0,0,0)}}const x=new Map(Object.entries({sha1:u,sha224:n,sha256:r,sha384:a,sha512:o,sha3_256:l,sha3_512:f,ripemd160:/* @__PURE__ */t((()=>new j))}));export{x as nobleHashes}; +//# sourceMappingURL=noble_hashes.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs.map new file mode 100644 index 000000000..5cdc9c985 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_hashes.min.mjs.map @@ -0,0 +1 @@ +{"version":3,"file":"noble_hashes.min.mjs","sources":["../../node_modules/@noble/hashes/esm/sha1.js","../../node_modules/@noble/hashes/esm/ripemd160.js","../../src/crypto/hash/noble_hashes.js"],"sourcesContent":["import { HashMD, Chi, Maj } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms.\n// Initial state\nconst SHA1_IV = /* @__PURE__ */ new Uint32Array([\n 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA1_W = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA1 extends HashMD {\n constructor() {\n super(64, 20, 8, false);\n this.A = SHA1_IV[0] | 0;\n this.B = SHA1_IV[1] | 0;\n this.C = SHA1_IV[2] | 0;\n this.D = SHA1_IV[3] | 0;\n this.E = SHA1_IV[4] | 0;\n }\n get() {\n const { A, B, C, D, E } = this;\n return [A, B, C, D, E];\n }\n set(A, B, C, D, E) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n SHA1_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 80; i++)\n SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);\n // Compression function main loop, 80 rounds\n let { A, B, C, D, E } = this;\n for (let i = 0; i < 80; i++) {\n let F, K;\n if (i < 20) {\n F = Chi(B, C, D);\n K = 0x5a827999;\n }\n else if (i < 40) {\n F = B ^ C ^ D;\n K = 0x6ed9eba1;\n }\n else if (i < 60) {\n F = Maj(B, C, D);\n K = 0x8f1bbcdc;\n }\n else {\n F = B ^ C ^ D;\n K = 0xca62c1d6;\n }\n const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0;\n E = D;\n D = C;\n C = rotl(B, 30);\n B = A;\n A = T;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n this.set(A, B, C, D, E);\n }\n roundClean() {\n SHA1_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n/**\n * SHA1 (RFC 3174) hash function.\n * It was cryptographically broken: prefer newer algorithms.\n * @param message - data that would be hashed\n */\nexport const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1());\n//# sourceMappingURL=sha1.js.map","import { HashMD } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf\nconst Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);\nconst Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));\nconst Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16);\nlet idxL = [Id];\nlet idxR = [Pi];\nfor (let i = 0; i < 4; i++)\n for (let j of [idxL, idxR])\n j.push(j[i].map((k) => Rho[k]));\nconst shifts = /* @__PURE__ */ [\n [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],\n [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],\n [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],\n [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],\n [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],\n].map((i) => new Uint8Array(i));\nconst shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst Kl = /* @__PURE__ */ new Uint32Array([\n 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e,\n]);\nconst Kr = /* @__PURE__ */ new Uint32Array([\n 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000,\n]);\n// It's called f() in spec.\nfunction f(group, x, y, z) {\n if (group === 0)\n return x ^ y ^ z;\n else if (group === 1)\n return (x & y) | (~x & z);\n else if (group === 2)\n return (x | ~y) ^ z;\n else if (group === 3)\n return (x & z) | (y & ~z);\n else\n return x ^ (y | ~z);\n}\n// Temporary buffer, not used to store anything between runs\nconst R_BUF = /* @__PURE__ */ new Uint32Array(16);\nexport class RIPEMD160 extends HashMD {\n constructor() {\n super(64, 20, 8, true);\n this.h0 = 0x67452301 | 0;\n this.h1 = 0xefcdab89 | 0;\n this.h2 = 0x98badcfe | 0;\n this.h3 = 0x10325476 | 0;\n this.h4 = 0xc3d2e1f0 | 0;\n }\n get() {\n const { h0, h1, h2, h3, h4 } = this;\n return [h0, h1, h2, h3, h4];\n }\n set(h0, h1, h2, h3, h4) {\n this.h0 = h0 | 0;\n this.h1 = h1 | 0;\n this.h2 = h2 | 0;\n this.h3 = h3 | 0;\n this.h4 = h4 | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n R_BUF[i] = view.getUint32(offset, true);\n // prettier-ignore\n let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;\n // Instead of iterating 0 to 80, we split it into 5 groups\n // And use the groups in constants, functions, etc. Much simpler\n for (let group = 0; group < 5; group++) {\n const rGroup = 4 - group;\n const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore\n const rl = idxL[group], rr = idxR[group]; // prettier-ignore\n const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore\n for (let i = 0; i < 16; i++) {\n const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0;\n al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore\n }\n // 2 loops are 10% faster\n for (let i = 0; i < 16; i++) {\n const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0;\n ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore\n }\n }\n // Add the compressed chunk to the current hash value\n this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);\n }\n roundClean() {\n R_BUF.fill(0);\n }\n destroy() {\n this.destroyed = true;\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0);\n }\n}\n/**\n * RIPEMD-160 - a hash function from 1990s.\n * @param message - msg that would be hashed\n */\nexport const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160());\n//# sourceMappingURL=ripemd160.js.map","/**\n * This file is needed to dynamic import the noble-hashes.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { sha1 } from '@noble/hashes/sha1';\nimport { sha224, sha256 } from '@noble/hashes/sha256';\nimport { sha384, sha512 } from '@noble/hashes/sha512';\nimport { sha3_256, sha3_512 } from '@noble/hashes/sha3';\nimport { ripemd160 } from '@noble/hashes/ripemd160';\n\nexport const nobleHashes = new Map(Object.entries({\n sha1,\n sha224,\n sha256,\n sha384,\n sha512,\n sha3_256,\n sha3_512,\n ripemd160\n}));\n"],"names":["SHA1_IV","Uint32Array","SHA1_W","SHA1","HashMD","constructor","super","this","A","B","C","D","E","get","set","process","view","offset","i","getUint32","rotl","F","K","Chi","Maj","T","roundClean","fill","destroy","buffer","sha1","wrapConstructor","Rho","Uint8Array","Id","Array","map","_","idxL","idxR","j","push","k","shifts","shiftsL","idx","shiftsR","Kl","Kr","f","group","x","y","z","R_BUF","RIPEMD160","h0","h1","h2","h3","h4","al","ar","bl","br","cl","cr","dl","dr","el","er","rGroup","hbl","hbr","rl","rr","sl","sr","tl","tr","destroyed","nobleHashes","Map","Object","entries","sha224","sha256","sha384","sha512","sha3_256","sha3_512","ripemd160"],"mappings":";uMAIA,MAAMA,iBAA0B,IAAIC,YAAY,CAC5C,WAAY,WAAY,WAAY,UAAY,aAI9CC,iBAAyB,IAAID,YAAY,IACxC,MAAME,UAAaC,EACtB,WAAAC,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBC,KAAKC,EAAiB,EAAbR,EAAQ,GACjBO,KAAKE,EAAiB,EAAbT,EAAQ,GACjBO,KAAKG,EAAiB,EAAbV,EAAQ,GACjBO,KAAKI,EAAiB,EAAbX,EAAQ,GACjBO,KAAKK,EAAiB,EAAbZ,EAAQ,EACzB,CACI,GAAAa,GACI,MAAML,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAML,KAC1B,MAAO,CAACC,EAAGC,EAAGC,EAAGC,EAAGC,EAC5B,CACI,GAAAE,CAAIN,EAAGC,EAAGC,EAAGC,EAAGC,GACZL,KAAKC,EAAQ,EAAJA,EACTD,KAAKE,EAAQ,EAAJA,EACTF,KAAKG,EAAQ,EAAJA,EACTH,KAAKI,EAAQ,EAAJA,EACTJ,KAAKK,EAAQ,EAAJA,CACjB,CACI,OAAAG,CAAQC,EAAMC,GACV,IAAK,IAAIC,EAAI,EAAGA,EAAI,GAAIA,IAAKD,GAAU,EACnCf,EAAOgB,GAAKF,EAAKG,UAAUF,GAAQ,GACvC,IAAK,IAAIC,EAAI,GAAIA,EAAI,GAAIA,IACrBhB,EAAOgB,GAAKE,EAAKlB,EAAOgB,EAAI,GAAKhB,EAAOgB,EAAI,GAAKhB,EAAOgB,EAAI,IAAMhB,EAAOgB,EAAI,IAAK,GAEtF,IAAIV,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAML,KACxB,IAAK,IAAIW,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,IAAIG,EAAGC,EACHJ,EAAI,IACJG,EAAIE,EAAId,EAAGC,EAAGC,GACdW,EAAI,YAECJ,EAAI,IACTG,EAAIZ,EAAIC,EAAIC,EACZW,EAAI,YAECJ,EAAI,IACTG,EAAIG,EAAIf,EAAGC,EAAGC,GACdW,EAAI,aAGJD,EAAIZ,EAAIC,EAAIC,EACZW,EAAI,YAER,MAAMG,EAAKL,EAAKZ,EAAG,GAAKa,EAAIT,EAAIU,EAAIpB,EAAOgB,GAAM,EACjDN,EAAID,EACJA,EAAID,EACJA,EAAIU,EAAKX,EAAG,IACZA,EAAID,EACJA,EAAIiB,CAChB,CAEQjB,EAAKA,EAAID,KAAKC,EAAK,EACnBC,EAAKA,EAAIF,KAAKE,EAAK,EACnBC,EAAKA,EAAIH,KAAKG,EAAK,EACnBC,EAAKA,EAAIJ,KAAKI,EAAK,EACnBC,EAAKA,EAAIL,KAAKK,EAAK,EACnBL,KAAKO,IAAIN,EAAGC,EAAGC,EAAGC,EAAGC,EAC7B,CACI,UAAAc,GACIxB,EAAOyB,KAAK,EACpB,CACI,OAAAC,GACIrB,KAAKO,IAAI,EAAG,EAAG,EAAG,EAAG,GACrBP,KAAKsB,OAAOF,KAAK,EACzB,EAOO,MAAMG,iBAAuBC,GAAgB,IAAM,IAAI5B,IC/ExD6B,iBAAsB,IAAIC,WAAW,CAAC,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IACzFC,iBAAqB,IAAID,WAAeE,MAAM,IAAIR,KAAK,GAAGS,KAAI,CAACC,EAAGnB,IAAMA,KAE9E,IAAIoB,EAAO,CAACJ,GACRK,EAAO,gBAFgBL,EAAGE,KAAKlB,IAAO,EAAIA,EAAI,GAAK,MAGvD,IAAK,IAAIA,EAAI,EAAGA,EAAI,EAAGA,IACnB,IAAK,IAAIsB,IAAK,CAACF,EAAMC,GACjBC,EAAEC,KAAKD,EAAEtB,GAAGkB,KAAKM,GAAMV,EAAIU,MACnC,MAAMC,iBAAyB,CAC3B,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,IACxDP,KAAKlB,GAAM,IAAIe,WAAWf,KACtB0B,iBAA0BN,EAAKF,KAAI,CAACS,EAAK3B,IAAM2B,EAAIT,KAAKI,GAAMG,EAAOzB,GAAGsB,OACxEM,iBAA0BP,EAAKH,KAAI,CAACS,EAAK3B,IAAM2B,EAAIT,KAAKI,GAAMG,EAAOzB,GAAGsB,OACxEO,iBAAqB,IAAI9C,YAAY,CACvC,EAAY,WAAY,WAAY,WAAY,aAE9C+C,iBAAqB,IAAI/C,YAAY,CACvC,WAAY,WAAY,WAAY,WAAY,IAGpD,SAASgD,EAAEC,EAAOC,EAAGC,EAAGC,GACpB,OAAc,IAAVH,EACOC,EAAIC,EAAIC,EACA,IAAVH,EACGC,EAAIC,GAAOD,EAAIE,EACR,IAAVH,GACGC,GAAKC,GAAKC,EACH,IAAVH,EACGC,EAAIE,EAAMD,GAAKC,EAEhBF,GAAKC,GAAKC,EACzB,CAEA,MAAMC,iBAAwB,IAAIrD,YAAY,IACvC,MAAMsD,UAAkBnD,EAC3B,WAAAC,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBC,KAAKiD,GAAK,WACVjD,KAAKkD,IAAK,UACVlD,KAAKmD,IAAK,WACVnD,KAAKoD,GAAK,UACVpD,KAAKqD,IAAK,UAClB,CACI,GAAA/C,GACI,MAAM2C,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOrD,KAC/B,MAAO,CAACiD,EAAIC,EAAIC,EAAIC,EAAIC,EAChC,CACI,GAAA9C,CAAI0C,EAAIC,EAAIC,EAAIC,EAAIC,GAChBrD,KAAKiD,GAAU,EAALA,EACVjD,KAAKkD,GAAU,EAALA,EACVlD,KAAKmD,GAAU,EAALA,EACVnD,KAAKoD,GAAU,EAALA,EACVpD,KAAKqD,GAAU,EAALA,CAClB,CACI,OAAA7C,CAAQC,EAAMC,GACV,IAAK,IAAIC,EAAI,EAAGA,EAAI,GAAIA,IAAKD,GAAU,EACnCqC,EAAMpC,GAAKF,EAAKG,UAAUF,GAAQ,GAEtC,IAAI4C,EAAe,EAAVtD,KAAKiD,GAAQM,EAAKD,EAAIE,EAAe,EAAVxD,KAAKkD,GAAQO,EAAKD,EAAIE,EAAe,EAAV1D,KAAKmD,GAAQQ,EAAKD,EAAIE,EAAe,EAAV5D,KAAKoD,GAAQS,EAAKD,EAAIE,EAAe,EAAV9D,KAAKqD,GAAQU,EAAKD,EAGvI,IAAK,IAAInB,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACpC,MAAMqB,EAAS,EAAIrB,EACbsB,EAAMzB,EAAGG,GAAQuB,EAAMzB,EAAGE,GAC1BwB,EAAKpC,EAAKY,GAAQyB,EAAKpC,EAAKW,GAC5B0B,EAAKhC,EAAQM,GAAQ2B,EAAK/B,EAAQI,GACxC,IAAK,IAAIhC,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM4D,EAAM1D,EAAKyC,EAAKZ,EAAEC,EAAOa,EAAIE,EAAIE,GAAMb,EAAMoB,EAAGxD,IAAMsD,EAAKI,EAAG1D,IAAMmD,EAAM,EAChFR,EAAKQ,EAAIA,EAAKF,EAAIA,EAAoB,EAAf/C,EAAK6C,EAAI,IAASA,EAAKF,EAAIA,EAAKe,CACvE,CAEY,IAAK,IAAI5D,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM6D,EAAM3D,EAAK0C,EAAKb,EAAEsB,EAAQP,EAAIE,EAAIE,GAAMd,EAAMqB,EAAGzD,IAAMuD,EAAKI,EAAG3D,IAAMoD,EAAM,EACjFR,EAAKQ,EAAIA,EAAKF,EAAIA,EAAoB,EAAfhD,EAAK8C,EAAI,IAASA,EAAKF,EAAIA,EAAKe,CACvE,CACA,CAEQxE,KAAKO,IAAKP,KAAKkD,GAAKQ,EAAKG,EAAM,EAAI7D,KAAKmD,GAAKS,EAAKG,EAAM,EAAI/D,KAAKoD,GAAKU,EAAKP,EAAM,EAAIvD,KAAKqD,GAAKC,EAAKG,EAAM,EAAIzD,KAAKiD,GAAKO,EAAKG,EAAM,EAC3I,CACI,UAAAxC,GACI4B,EAAM3B,KAAK,EACnB,CACI,OAAAC,GACIrB,KAAKyE,WAAY,EACjBzE,KAAKsB,OAAOF,KAAK,GACjBpB,KAAKO,IAAI,EAAG,EAAG,EAAG,EAAG,EAC7B,EAMO,MCxFMmE,EAAc,IAAIC,IAAIC,OAAOC,QAAQ,CAChDtD,OACAuD,SACAC,SACAC,SACAC,SACAC,WACAC,WACAC,yBDgFuC5D,GAAgB,IAAM,IAAIwB","x_google_ignoreList":[0,1]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/noble_hashes.mjs b/app/node_modules/openpgp/dist/lightweight/noble_hashes.mjs new file mode 100644 index 000000000..c9060f8cb --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/noble_hashes.mjs @@ -0,0 +1,207 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +import { w as wrapConstructor, g as HashMD, i as rotl, C as Chi, M as Maj, j as sha224, s as sha256, a as sha384, d as sha512, k as sha3_256, l as sha3_512 } from './sha3.mjs'; + +// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms. +// Initial state +const SHA1_IV = /* @__PURE__ */ new Uint32Array([ + 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0, +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA1_W = /* @__PURE__ */ new Uint32Array(80); +class SHA1 extends HashMD { + constructor() { + super(64, 20, 8, false); + this.A = SHA1_IV[0] | 0; + this.B = SHA1_IV[1] | 0; + this.C = SHA1_IV[2] | 0; + this.D = SHA1_IV[3] | 0; + this.E = SHA1_IV[4] | 0; + } + get() { + const { A, B, C, D, E } = this; + return [A, B, C, D, E]; + } + set(A, B, C, D, E) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + SHA1_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 80; i++) + SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1); + // Compression function main loop, 80 rounds + let { A, B, C, D, E } = this; + for (let i = 0; i < 80; i++) { + let F, K; + if (i < 20) { + F = Chi(B, C, D); + K = 0x5a827999; + } + else if (i < 40) { + F = B ^ C ^ D; + K = 0x6ed9eba1; + } + else if (i < 60) { + F = Maj(B, C, D); + K = 0x8f1bbcdc; + } + else { + F = B ^ C ^ D; + K = 0xca62c1d6; + } + const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0; + E = D; + D = C; + C = rotl(B, 30); + B = A; + A = T; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + this.set(A, B, C, D, E); + } + roundClean() { + SHA1_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +/** + * SHA1 (RFC 3174) hash function. + * It was cryptographically broken: prefer newer algorithms. + * @param message - data that would be hashed + */ +const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1()); + +// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html +// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf +const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]); +const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i)); +const Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16); +let idxL = [Id]; +let idxR = [Pi]; +for (let i = 0; i < 4; i++) + for (let j of [idxL, idxR]) + j.push(j[i].map((k) => Rho[k])); +const shifts = /* @__PURE__ */ [ + [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], + [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7], + [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9], + [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6], + [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5], +].map((i) => new Uint8Array(i)); +const shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j])); +const shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j])); +const Kl = /* @__PURE__ */ new Uint32Array([ + 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e, +]); +const Kr = /* @__PURE__ */ new Uint32Array([ + 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000, +]); +// It's called f() in spec. +function f(group, x, y, z) { + if (group === 0) + return x ^ y ^ z; + else if (group === 1) + return (x & y) | (~x & z); + else if (group === 2) + return (x | ~y) ^ z; + else if (group === 3) + return (x & z) | (y & ~z); + else + return x ^ (y | ~z); +} +// Temporary buffer, not used to store anything between runs +const R_BUF = /* @__PURE__ */ new Uint32Array(16); +class RIPEMD160 extends HashMD { + constructor() { + super(64, 20, 8, true); + this.h0 = 0x67452301 | 0; + this.h1 = 0xefcdab89 | 0; + this.h2 = 0x98badcfe | 0; + this.h3 = 0x10325476 | 0; + this.h4 = 0xc3d2e1f0 | 0; + } + get() { + const { h0, h1, h2, h3, h4 } = this; + return [h0, h1, h2, h3, h4]; + } + set(h0, h1, h2, h3, h4) { + this.h0 = h0 | 0; + this.h1 = h1 | 0; + this.h2 = h2 | 0; + this.h3 = h3 | 0; + this.h4 = h4 | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + R_BUF[i] = view.getUint32(offset, true); + // prettier-ignore + let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el; + // Instead of iterating 0 to 80, we split it into 5 groups + // And use the groups in constants, functions, etc. Much simpler + for (let group = 0; group < 5; group++) { + const rGroup = 4 - group; + const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore + const rl = idxL[group], rr = idxR[group]; // prettier-ignore + const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore + for (let i = 0; i < 16; i++) { + const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0; + al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore + } + // 2 loops are 10% faster + for (let i = 0; i < 16; i++) { + const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0; + ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore + } + } + // Add the compressed chunk to the current hash value + this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0); + } + roundClean() { + R_BUF.fill(0); + } + destroy() { + this.destroyed = true; + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0); + } +} +/** + * RIPEMD-160 - a hash function from 1990s. + * @param message - msg that would be hashed + */ +const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160()); + +/** + * This file is needed to dynamic import the noble-hashes. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleHashes = new Map(Object.entries({ + sha1, + sha224, + sha256, + sha384, + sha512, + sha3_256, + sha3_512, + ripemd160 +})); + +export { nobleHashes }; diff --git a/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs b/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs index 15b0809e1..4d39a8d9e 100644 --- a/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs +++ b/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs @@ -1,3 +1,4 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),n=Symbol("doneWritingReject"),i=Symbol("readingIndex");class a extends Array{constructor(){super(),this[t]=new Promise(((e,t)=>{this[r]=e,this[n]=t})),this[t].catch((()=>{}))}}function s(e){return e&&e.getReader&&Array.isArray(e)}function o(e){if(!s(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}a.prototype.getReader=function(){return void 0===this[i]&&(this[i]=0),{read:async()=>(await this[t],this[i]===this.length?{value:void 0,done:!0}:{value:this[this[i]++],done:!1})}},a.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[i]));return this.length=0,r},a.prototype.clone=function(){const e=new a;return e[t]=this[t].then((()=>{e.push(...this)})),e},o.prototype.write=async function(e){this.stream.push(e)},o.prototype.close=async function(){this.stream[r]()},o.prototype.abort=async function(e){return this.stream[n](e),e},o.prototype.releaseLock=function(){};const c="object"==typeof e.process&&"object"==typeof e.process.versions,h=c&&void 0;function u(t){return s(t)?"array":e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t)?"web":A&&A.prototype.isPrototypeOf(t)?"ponyfill":h&&h.prototype.isPrototypeOf(t)?"node":!(!t||!t.getReader)&&"web-like"}function l(e){return Uint8Array.prototype.isPrototypeOf(e)}function y(e){if(1===e.length)return e[0];let t=0;for(let r=0;r{t||(d.isBuffer(n)&&(n=new Uint8Array(n.buffer,n.byteOffset,n.byteLength)),r.enqueue(n),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends p{constructor(e,t){super(t),this._reader=D(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t))break}}catch(e){this.destroy(e)}}async _destroy(e,t){this._reader.cancel(e).then(t,t)}}g=function(t,r){return new e(t,r)}}const m=new WeakSet,w=Symbol("externalBuffer");function b(e){if(this.stream=e,e[w]&&(this[w]=e[w].slice()),s(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=async()=>{})}let t=u(e);if("node"===t&&(e=f(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||m.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{m.add(e)}catch(e){}}}b.prototype.read=async function(){if(this[w]&&this[w].length){return{done:!1,value:this[w].shift()}}return this._read()},b.prototype.releaseLock=function(){this[w]&&(this.stream[w]=this[w]),this._releaseLock()},b.prototype.cancel=function(e){return this._cancel(e)},b.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?U(t):void 0;const i=n.indexOf("\n")+1;i&&(e=U(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},b.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(F(t,1)),r},b.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?U(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=U(t);return this.unshift(F(r,e)),F(r,0,e)}}},b.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},b.prototype.unshift=function(...e){this[w]||(this[w]=[]),1===e.length&&l(e[0])&&this[w].length&&e[0].length&&this[w][0].byteOffset>=e[0].length?this[w][0]=new Uint8Array(this[w][0].buffer,this[w][0].byteOffset-e[0].length,this[w][0].byteLength+e[0].length):this[w].unshift(...e.filter((e=>e&&e.length)))},b.prototype.readToEnd=async function(e=U){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};let k,v,{ReadableStream:A,WritableStream:_,TransformStream:E}=e;async function S(){if(E)return;const[t,r]=await Promise.all([import("./ponyfill.es6.min.mjs"),import("./web-streams-adapter.min.mjs")]);({ReadableStream:A,WritableStream:_,TransformStream:E}=t);const{createReadableStreamWrapper:n}=r;e.ReadableStream&&A!==e.ReadableStream&&(k=n(A),v=n(e.ReadableStream))}const K=c&&void 0;function x(e){let t=u(e);return"node"===t?f(e):"web"===t&&k?k(e):t?e:new A({start(t){t.enqueue(e),t.close()}})}function P(e){if(u(e))return e;const t=new a;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function U(e){return e.some((e=>u(e)&&!s(e)))?function(e){e=e.map(x);const t=B((async function(e){await Promise.all(n.map((t=>j(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>R(n,((n,a)=>(r=r.then((()=>I(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>s(e)))?function(e){const t=new a;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>I(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):K&&K.isBuffer(e[0])?K.concat(e):y(e)}function D(e){return new b(e)}function C(e){return new o(e)}async function I(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(u(e)&&!s(e)){e=x(e);try{if(e[w]){const r=C(t);for(let t=0;t{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function z(e,t=(()=>{}),r=(()=>{})){if(s(e)){const n=new a;return(async()=>{const i=C(n);try{const n=await H(e),a=t(n),s=r();let o;o=void 0!==a&&void 0!==s?U([a,s]):void 0!==a?a:s,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(u(e))return T(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?U([n,i]):void 0!==n?n:i}function R(e,t){if(u(e)&&!s(e)){let r;const n=new E({start(e){r=e}}),i=I(e,n.writable),a=B((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,a.writable),a.readable}e=P(e);const r=new a;return t(e,r),r}function M(e,t){let r;const n=R(e,((e,i)=>{const a=D(e);a.remainder=()=>(a.releaseLock(),I(e,i),n),r=t(a)}));return r}function L(e){if(s(e))return e.clone();if(u(e)){const t=function(e){if(s(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(u(e)){const t=x(e).tee();return t[0][w]=t[1][w]=e[w],t}return[F(e),F(e)]}(e);return O(e,t[0]),t[1]}return F(e)}function N(e){return s(e)?L(e):u(e)?new A({start(t){const r=R(e,(async(e,r)=>{const n=D(e),i=C(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));O(e,r)}}):F(e)}function O(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function F(e,t=0,r=1/0){if(s(e))throw Error("Not implemented");if(u(e)){if(t>=0&&r>=0){let n=0;return T(e,{transform(e,i){n=t&&i.enqueue(F(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return z(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>F(U(n),t,r)))}if(0===t&&r<0){let n;return z(e,(e=>{const i=n?U([n,e]):e;if(i.length>=-r)return n=F(i,r),F(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),q((async()=>F(await H(e),t,r)))}return e[w]&&(e=U(e[w].concat([e]))),!l(e)||K&&K.isBuffer(e)?e.slice(t,r):(r===1/0&&(r=e.length),e.subarray(t,r))}async function H(e,t=U){return s(e)?e.readToEnd(t):u(e)?D(e).readToEnd(t):e}async function j(e,t){if(u(e)){if(e.cancel)return e.cancel(t);if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function q(e){const t=new a;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}class G{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");if(e instanceof Uint8Array){const t=e,r=Array(t.length);for(let e=0;eBigInt(0);){const e=r&BigInt(1);r>>=BigInt(1);const a=i*n%t.value;i=e?a:i,n=n*n%t.value}return new G(i)}modInv(e){const{gcd:t,x:r}=this._egcd(e);if(!t.isOne())throw Error("Inverse does not exist");return r.add(e).mod(e)}_egcd(e){let t=BigInt(0),r=BigInt(1),n=BigInt(1),i=BigInt(0),a=this.value;for(e=e.value;e!==BigInt(0);){const s=a/e;let o=t;t=n-s*t,n=o,o=r,r=i-s*r,i=o,o=e,e=a%e,a=o}return{x:new G(n),y:new G(i),gcd:new G(a)}}gcd(e){let t=this.value;for(e=e.value;e!==BigInt(0);){const r=e;e=t%e,t=r}return new G(t)}ileftShift(e){return this.value<<=e.value,this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value>>=e.value,this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value===e.value}lt(e){return this.valuee.value}gte(e){return this.value>=e.value}isZero(){return this.value===BigInt(0)}isOne(){return this.value===BigInt(1)}isNegative(){return this.valueNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return e}getBit(e){return(this.value>>BigInt(e)&BigInt(1))===BigInt(0)?0:1}bitLength(){const e=new G(0),t=new G(1),r=new G(-1),n=this.isNegative()?r:e;let i=1;const a=this.clone();for(;!a.irightShift(t).equal(n);)i++;return i}byteLength(){const e=new G(0),t=new G(-1),r=this.isNegative()?t:e,n=new G(8);let i=1;const a=this.clone();for(;!a.irightShift(n).equal(r);)i++;return i}toUint8Array(e="be",t){let r=this.value.toString(16);r.length%2==1&&(r="0"+r);const n=r.length/2,i=new Uint8Array(t||n),a=t?t-n:0;let s=0;for(;s"undefined"!=typeof BigInt;const W=Symbol("byValue");var $={curve:{p256:"p256","P-256":"p256",secp256r1:"p256",prime256v1:"p256","1.2.840.10045.3.1.7":"p256","2a8648ce3d030107":"p256","2A8648CE3D030107":"p256",p384:"p384","P-384":"p384",secp384r1:"p384","1.3.132.0.34":"p384","2b81040022":"p384","2B81040022":"p384",p521:"p521","P-521":"p521",secp521r1:"p521","1.3.132.0.35":"p521","2b81040023":"p521","2B81040023":"p521",secp256k1:"secp256k1","1.3.132.0.10":"secp256k1","2b8104000a":"secp256k1","2B8104000A":"secp256k1",ed25519Legacy:"ed25519",ED25519:"ed25519",ed25519:"ed25519",Ed25519:"ed25519","1.3.6.1.4.1.11591.15.1":"ed25519","2b06010401da470f01":"ed25519","2B06010401DA470F01":"ed25519",curve25519Legacy:"curve25519",X25519:"curve25519",cv25519:"curve25519",curve25519:"curve25519",Curve25519:"curve25519","1.3.6.1.4.1.3029.1.5.1":"curve25519","2b060104019755010501":"curve25519","2B060104019755010501":"curve25519",brainpoolP256r1:"brainpoolP256r1","1.3.36.3.3.2.8.1.1.7":"brainpoolP256r1","2b2403030208010107":"brainpoolP256r1","2B2403030208010107":"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1","1.3.36.3.3.2.8.1.1.11":"brainpoolP384r1","2b240303020801010b":"brainpoolP384r1","2B240303020801010B":"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1","1.3.36.3.3.2.8.1.1.13":"brainpoolP512r1","2b240303020801010d":"brainpoolP512r1","2B240303020801010D":"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,ed25519Legacy:22,eddsa:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{plaintext:0,idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuer:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[W]||(e[W]=[],Object.entries(e).forEach((([t,r])=>{e[W][r]=t}))),void 0!==e[W][t])return e[W][t];throw Error("Invalid enum value.")}};const Z=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),X={isString:function(e){return"string"==typeof e||e instanceof String},isArray:function(e){return e instanceof Array},isUint8Array:l,isStream:u,readNumber:function(e){let t=0;for(let r=0;r>8*(t-n-1)&255;return r},readDate:function(e){const t=X.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return X.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return e.subarray(2,2+t)},leftPad(e,t){const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=X.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return X.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t=[],r=e.length;let n,i=0;for(;i{if(!X.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return z(e,r,(()=>r(new Uint8Array,!0)))},concat:U,concatUint8Array:y,equalsUint8Array:function(e,t){if(!X.isUint8Array(e)||!X.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){return void 0!==e&&e.crypto&&e.crypto.subtle},getBigInteger:async function(){if(V())return G;{const{default:e}=await import("./bn.interface.min.mjs");return e}},getNodeCrypto:function(){},getNodeZlib:function(){},getNodeBuffer:function(){return{}.Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return(void 0).cpus().length},isEmailAddress:function(e){if(!X.isString(e))return!1;return/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/.test(e)},canonicalizeEOL:function(e){let t=!1;return z(e,(e=>{let r;t&&(e=X.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let a=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return z(e,(e=>{let r;13===(e=t&&10!==e[0]?X.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let a=0;for(let n=0;n{t=X.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,a=Y(t.subarray(0,i));for(let e=0;et.length?Y(t)+"\n":""))}function te(e){let t="";return z(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const a=J(t.substr(0,i));return t=t.substr(i),a}),(()=>J(t)))}function re(e){return te(e.replace(/-/g,"+").replace(/_/g,"/"))}function ne(e,t){let r=ee(e).replace(/[\r\n]/g,"");return t&&(r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,"")),r}Q?(Y=e=>Q.from(e).toString("base64"),J=e=>{const t=Q.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(Y=e=>btoa(X.uint8ArrayToString(e)),J=e=>X.stringToUint8Array(atob(e)));var ie={preferredHashAlgorithm:$.hash.sha256,preferredSymmetricAlgorithm:$.symmetric.aes256,preferredCompressionAlgorithm:$.compression.uncompressed,deflateLevel:6,aeadProtect:!1,preferredAEADAlgorithm:$.aead.eax,aeadChunkSizeByte:12,v5Keys:!1,s2kIterationCountByte:224,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,checksumRequired:!1,minRSABits:2047,passwordCollisionCheck:!1,revocationsExpire:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([$.symmetric.aes128,$.symmetric.aes192,$.symmetric.aes256]),minBytesForWebCrypto:1e3,ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 5.11.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],useIndutnyElliptic:!0,rejectHashAlgorithms:new Set([$.hash.md5,$.hash.ripemd]),rejectMessageHashAlgorithms:new Set([$.hash.md5,$.hash.ripemd,$.hash.sha1]),rejectPublicKeyAlgorithms:new Set([$.publicKey.elgamal,$.publicKey.dsa]),rejectCurves:new Set([$.curve.secp256k1])};function ae(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?$.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?$.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?$.armor.signed:/MESSAGE/.test(t[1])?$.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?$.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?$.armor.privateKey:/SIGNATURE/.test(t[1])?$.armor.signature:void 0}function se(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function oe(e){return ee(function(e){let t=13501623;return z(e,(e=>{const r=he?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^ce[1][t>>16&255]^ce[2][t>>8&255]^ce[3][t>>0&255];for(let n=4*r;n>8^ce[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e))}const ce=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(0!=(8388608&t)?8801531:0);ce[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)ce[1][e]=ce[0][e]>>8^ce[0][255&ce[0][e]];for(let e=0;e<=255;e++)ce[2][e]=ce[1][e]>>8^ce[0][255&ce[1][e]];for(let e=0;e<=255;e++)ce[3][e]=ce[2][e]>>8^ce[0][255&ce[2][e]];const he=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function ue(e){for(let t=0;t=0&&n!==e.length-1&&(t=e.slice(0,n),r=e.slice(n+1).substr(0,4)),{body:t,checksum:r}}function ye(e,t=ie){return new Promise((async(r,n)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const o=[];let c,h,u,l=o,y=[],d=te(R(e,(async(e,t)=>{const p=D(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=X.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(c)h||2!==s||(i.test(e)?(y=y.join("\r\n"),h=!0,ue(l),l=[],c=!1):y.push(e.replace(/^- /,"")));else if(i.test(e)&&n(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(ue(l),c=!0,h||2!==s){r({text:y,data:d,headers:o,type:s});break}}else l.push(e);else i.test(e)&&(s=ae(e))}}catch(e){return void n(e)}const f=C(t);try{for(;;){await f.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=X.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const n=le(t[0].slice(0,-1));u=n.checksum,await f.write(n.body);break}await f.write(r)}await f.ready,await f.close()}catch(e){await f.abort(e)}})));d=R(d,(async(e,r)=>{const n=H(oe(N(e)));n.catch((()=>{})),await I(e,r,{preventClose:!0});const i=C(r);try{const e=(await n).replace("\n","");if(u!==e&&(u||t.checksumRequired))throw Error("Ascii armor integrity check failed");await i.ready,await i.close()}catch(e){await i.abort(e)}}))}catch(e){n(e)}})).then((async e=>(s(e.data)&&(e.data=await H(e.data)),e)))}function de(e,t,r,n,i,a=ie){let s,o;e===$.armor.signed&&(s=t.text,o=t.hash,t=t.data);const c=N(t),h=[];switch(e){case $.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case $.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case $.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push("Hash: "+o+"\n\n"),h.push(s.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP SIGNATURE-----\n");break;case $.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP MESSAGE-----\n");break;case $.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case $.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case $.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(se(i,a)),h.push(ee(t)),h.push("=",oe(c)),h.push("-----END PGP SIGNATURE-----\n")}return X.concat(h)}class pe{constructor(){this.bytes=""}read(e){return this.bytes=X.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return X.stringToUint8Array(this.bytes)}toHex(){return X.uint8ArrayToHex(X.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new pe;return t.read(X.hexToUint8Array(e)),t}static wildcard(){const e=new pe;return e.read(new Uint8Array(8)),e}}var fe=function(){var e,t,r=!1;function n(r,n){var i=e[(t[r]+t[n])%255];return 0!==r&&0!==n||(i=0),i}var i,a,s,o,c=!1;function h(){function h(r){var n,i,a;for(i=a=function(r){var n=e[255-t[r]];return 0===r&&(n=0),n}(r),n=0;n<4;n++)a^=i=255&(i<<1|i>>>7);return a^=99}r||function(){e=[],t=[];var n,i,a=1;for(n=0;n<255;n++)e[n]=a,i=128&a,a<<=1,a&=255,128===i&&(a^=27),a^=e[n],t[e[n]]=n;e[255]=e[0],t[0]=0,r=!0}(),i=[],a=[],s=[[],[],[],[]],o=[[],[],[],[]];for(var u=0;u<256;u++){var l=h(u);i[u]=l,a[l]=u,s[0][u]=n(2,l)<<24|l<<16|l<<8|n(3,l),o[0][l]=n(14,u)<<24|n(9,u)<<16|n(13,u)<<8|n(11,u);for(var y=1;y<4;y++)s[y][u]=s[y-1][u]>>>8|s[y-1][u]<<24,o[y][l]=o[y-1][l]>>>8|o[y-1][l]<<24}c=!0}var u=function(e,t){c||h();var r=new Uint32Array(t);r.set(i,512),r.set(a,768);for(var n=0;n<4;n++)r.set(s[n],4096+1024*n>>2),r.set(o[n],8192+1024*n>>2);var u=function(e,t,r){"use asm";var n=0,i=0,a=0,s=0,o=0,c=0,h=0,u=0,l=0,y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0,k=0,v=0,A=0,_=0;var E=new e.Uint32Array(r),S=new e.Uint8Array(r);function K(e,t,r,o,c,h,u,l){e=e|0;t=t|0;r=r|0;o=o|0;c=c|0;h=h|0;u=u|0;l=l|0;var y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0;y=r|0x400,d=r|0x800,p=r|0xc00;c=c^E[(e|0)>>2],h=h^E[(e|4)>>2],u=u^E[(e|8)>>2],l=l^E[(e|12)>>2];for(b=16;(b|0)<=o<<4;b=b+16|0){f=E[(r|c>>22&1020)>>2]^E[(y|h>>14&1020)>>2]^E[(d|u>>6&1020)>>2]^E[(p|l<<2&1020)>>2]^E[(e|b|0)>>2],g=E[(r|h>>22&1020)>>2]^E[(y|u>>14&1020)>>2]^E[(d|l>>6&1020)>>2]^E[(p|c<<2&1020)>>2]^E[(e|b|4)>>2],m=E[(r|u>>22&1020)>>2]^E[(y|l>>14&1020)>>2]^E[(d|c>>6&1020)>>2]^E[(p|h<<2&1020)>>2]^E[(e|b|8)>>2],w=E[(r|l>>22&1020)>>2]^E[(y|c>>14&1020)>>2]^E[(d|h>>6&1020)>>2]^E[(p|u<<2&1020)>>2]^E[(e|b|12)>>2];c=f,h=g,u=m,l=w}n=E[(t|c>>22&1020)>>2]<<24^E[(t|h>>14&1020)>>2]<<16^E[(t|u>>6&1020)>>2]<<8^E[(t|l<<2&1020)>>2]^E[(e|b|0)>>2],i=E[(t|h>>22&1020)>>2]<<24^E[(t|u>>14&1020)>>2]<<16^E[(t|l>>6&1020)>>2]<<8^E[(t|c<<2&1020)>>2]^E[(e|b|4)>>2],a=E[(t|u>>22&1020)>>2]<<24^E[(t|l>>14&1020)>>2]<<16^E[(t|c>>6&1020)>>2]<<8^E[(t|h<<2&1020)>>2]^E[(e|b|8)>>2],s=E[(t|l>>22&1020)>>2]<<24^E[(t|c>>14&1020)>>2]<<16^E[(t|h>>6&1020)>>2]<<8^E[(t|u<<2&1020)>>2]^E[(e|b|12)>>2]}function x(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;K(0x0000,0x0800,0x1000,_,e,t,r,n)}function P(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;var a=0;K(0x0400,0x0c00,0x2000,_,e,n,r,t);a=i,i=s,s=a}function U(e,t,r,l){e=e|0;t=t|0;r=r|0;l=l|0;K(0x0000,0x0800,0x1000,_,o^e,c^t,h^r,u^l);o=n,c=i,h=a,u=s}function D(e,t,r,l){e=e|0;t=t|0;r=r|0;l=l|0;var y=0;K(0x0400,0x0c00,0x2000,_,e,l,r,t);y=i,i=s,s=y;n=n^o,i=i^c,a=a^h,s=s^u;o=e,c=t,h=r,u=l}function C(e,t,r,l){e=e|0;t=t|0;r=r|0;l=l|0;K(0x0000,0x0800,0x1000,_,o,c,h,u);o=n=n^e,c=i=i^t,h=a=a^r,u=s=s^l}function I(e,t,r,l){e=e|0;t=t|0;r=r|0;l=l|0;K(0x0000,0x0800,0x1000,_,o,c,h,u);n=n^e,i=i^t,a=a^r,s=s^l;o=e,c=t,h=r,u=l}function T(e,t,r,l){e=e|0;t=t|0;r=r|0;l=l|0;K(0x0000,0x0800,0x1000,_,o,c,h,u);o=n,c=i,h=a,u=s;n=n^e,i=i^t,a=a^r,s=s^l}function B(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;K(0x0000,0x0800,0x1000,_,l,y,d,p);p=~w&p|w&p+1;d=~m&d|m&d+((p|0)==0);y=~g&y|g&y+((d|0)==0);l=~f&l|f&l+((y|0)==0);n=n^e;i=i^t;a=a^r;s=s^o}function z(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;var i=0,a=0,s=0,l=0,y=0,d=0,p=0,f=0,g=0,m=0;e=e^o,t=t^c,r=r^h,n=n^u;i=b|0,a=k|0,s=v|0,l=A|0;for(;(g|0)<128;g=g+1|0){if(i>>>31){y=y^e,d=d^t,p=p^r,f=f^n}i=i<<1|a>>>31,a=a<<1|s>>>31,s=s<<1|l>>>31,l=l<<1;m=n&1;n=n>>>1|r<<31,r=r>>>1|t<<31,t=t>>>1|e<<31,e=e>>>1;if(m)e=e^0xe1000000}o=y,c=d,h=p,u=f}function R(e){e=e|0;_=e}function M(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;n=e,i=t,a=r,s=o}function L(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;o=e,c=t,h=r,u=n}function N(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;l=e,y=t,d=r,p=n}function O(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;f=e,g=t,m=r,w=n}function F(e,t,r,n){e=e|0;t=t|0;r=r|0;n=n|0;p=~w&p|w&n,d=~m&d|m&r,y=~g&y|g&t,l=~f&l|f&e}function H(e){e=e|0;if(e&15)return-1;S[e|0]=n>>>24,S[e|1]=n>>>16&255,S[e|2]=n>>>8&255,S[e|3]=n&255,S[e|4]=i>>>24,S[e|5]=i>>>16&255,S[e|6]=i>>>8&255,S[e|7]=i&255,S[e|8]=a>>>24,S[e|9]=a>>>16&255,S[e|10]=a>>>8&255,S[e|11]=a&255,S[e|12]=s>>>24,S[e|13]=s>>>16&255,S[e|14]=s>>>8&255,S[e|15]=s&255;return 16}function j(e){e=e|0;if(e&15)return-1;S[e|0]=o>>>24,S[e|1]=o>>>16&255,S[e|2]=o>>>8&255,S[e|3]=o&255,S[e|4]=c>>>24,S[e|5]=c>>>16&255,S[e|6]=c>>>8&255,S[e|7]=c&255,S[e|8]=h>>>24,S[e|9]=h>>>16&255,S[e|10]=h>>>8&255,S[e|11]=h&255,S[e|12]=u>>>24,S[e|13]=u>>>16&255,S[e|14]=u>>>8&255,S[e|15]=u&255;return 16}function q(){x(0,0,0,0);b=n,k=i,v=a,A=s}function G(e,t,r){e=e|0;t=t|0;r=r|0;var o=0;if(t&15)return-1;while((r|0)>=16){W[e&7](S[t|0]<<24|S[t|1]<<16|S[t|2]<<8|S[t|3],S[t|4]<<24|S[t|5]<<16|S[t|6]<<8|S[t|7],S[t|8]<<24|S[t|9]<<16|S[t|10]<<8|S[t|11],S[t|12]<<24|S[t|13]<<16|S[t|14]<<8|S[t|15]);S[t|0]=n>>>24,S[t|1]=n>>>16&255,S[t|2]=n>>>8&255,S[t|3]=n&255,S[t|4]=i>>>24,S[t|5]=i>>>16&255,S[t|6]=i>>>8&255,S[t|7]=i&255,S[t|8]=a>>>24,S[t|9]=a>>>16&255,S[t|10]=a>>>8&255,S[t|11]=a&255,S[t|12]=s>>>24,S[t|13]=s>>>16&255,S[t|14]=s>>>8&255,S[t|15]=s&255;o=o+16|0,t=t+16|0,r=r-16|0}return o|0}function V(e,t,r){e=e|0;t=t|0;r=r|0;var n=0;if(t&15)return-1;while((r|0)>=16){$[e&1](S[t|0]<<24|S[t|1]<<16|S[t|2]<<8|S[t|3],S[t|4]<<24|S[t|5]<<16|S[t|6]<<8|S[t|7],S[t|8]<<24|S[t|9]<<16|S[t|10]<<8|S[t|11],S[t|12]<<24|S[t|13]<<16|S[t|14]<<8|S[t|15]);n=n+16|0,t=t+16|0,r=r-16|0}return n|0}var W=[x,P,U,D,C,I,T,B];var $=[U,z];return{set_rounds:R,set_state:M,set_iv:L,set_nonce:N,set_mask:O,set_counter:F,get_state:H,get_iv:j,gcm_init:q,cipher:G,mac:V}}({Uint8Array,Uint32Array},e,t);return u.set_key=function(e,t,n,a,s,c,h,l,y){var d=r.subarray(0,60),p=r.subarray(256,316);d.set([t,n,a,s,c,h,l,y]);for(var f=e,g=1;f<4*e+28;f++){var m=d[f-1];(f%e==0||8===e&&f%e==4)&&(m=i[m>>>24]<<24^i[m>>>16&255]<<16^i[m>>>8&255]<<8^i[255&m]),f%e==0&&(m=m<<8^m>>>24^g<<24,g=g<<1^(128&g?27:0)),d[f]=d[f-e]^m}for(var w=0;w=f-4?m:o[0][i[m>>>24]]^o[1][i[m>>>16&255]]^o[2][i[m>>>8&255]]^o[3][i[255&m]]}u.set_rounds(e+5)},u};return u.ENC={ECB:0,CBC:2,CFB:4,OFB:6,CTR:7},u.DEC={ECB:1,CBC:3,CFB:5,OFB:6,CTR:7},u.MAC={CBC:0,GCM:1},u.HEAP_DATA=16384,u}();function ge(e){return e instanceof Uint8Array}function me(e,t){const r=e?e.byteLength:t||65536;if(4095&r||r<=0)throw Error("heap size must be a positive integer and a multiple of 4096");return e=e||new Uint8Array(new ArrayBuffer(r))}function we(e,t,r,n,i){const a=e.length-t,s=ae+t.length),0),r=new Uint8Array(t);let n=0;for(let t=0;t>2,i.getUint32(0),i.getUint32(4),i.getUint32(8),i.getUint32(12),n>16?i.getUint32(16):0,n>16?i.getUint32(20):0,n>24?i.getUint32(24):0,n>24?i.getUint32(28):0),void 0!==t){if(16!==t.length)throw new ve("illegal iv size");let e=new DataView(t.buffer,t.byteOffset,t.byteLength);r.set_iv(e.getUint32(0),e.getUint32(4),e.getUint32(8),e.getUint32(12))}else r.set_iv(0,0,0,0)}AES_Encrypt_process(e){if(!ge(e))throw new TypeError("data isn't of expected type");let{heap:t,asm:r}=this.acquire_asm(),n=fe.ENC[this.mode],i=fe.HEAP_DATA,a=this.pos,s=this.len,o=0,c=e.length||0,h=0,u=0,l=new Uint8Array(s+c&-16);for(;c>0;)u=we(t,a+s,e,o,c),s+=u,o+=u,c-=u,u=r.cipher(n,i+a,s),u&&l.set(t.subarray(a,a+u),h),h+=u,u0;)y=we(t,a+s,e,o,c),s+=y,o+=y,c-=y,y=r.cipher(n,i+a,s-(c?0:l)),y&&d.set(t.subarray(a,a+y),h),h+=y,y0){if(a%16){if(this.hasOwnProperty("padding"))throw new ve("data length must be a multiple of the block size");a+=16-a%16}if(t.cipher(r,n+i,a),this.hasOwnProperty("padding")&&this.padding){let t=e[i+s-1];if(t<1||t>16||t>s)throw new Ae("bad padding");let r=0;for(let n=t;n>1;n--)r|=t^e[i+s-n];if(r)throw new Ae("bad padding");s-=t}}const o=new Uint8Array(s);return s>0&&o.set(e.subarray(i,i+s)),this.pos=0,this.len=0,this.release_asm(),o}}class Ke{static encrypt(e,t,r=!1){return new Ke(t,r).encrypt(e)}static decrypt(e,t,r=!1){return new Ke(t,r).decrypt(e)}constructor(e,t=!1,r){this.aes=r||new Se(e,void 0,t,"ECB")}encrypt(e){return be(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return be(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}function xe(e){const t=function(e){const t=new Ke(e);this.encrypt=function(e){return t.encrypt(e)},this.decrypt=function(e){return t.decrypt(e)}};return t.blockSize=t.prototype.blockSize=16,t.keySize=t.prototype.keySize=e/8,t}function Pe(e,t,r,n,i,a){const s=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],h=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],u=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],y=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],d=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,f,g,m,w,b,k,v,A,_,E,S,K,x,P=0,U=t.length;const D=32===e.length?3:9;v=3===D?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e,t){const r=8-e.length%8;let n;if(2===t&&r<8)n=32;else if(1===t)n=r;else{if(t||!(r<8)){if(8===r)return e;throw Error("des: invalid padding")}n=0}const i=new Uint8Array(e.length+r);for(let t=0;t>>4^k),k^=g,b^=g<<4,g=65535&(b>>>16^k),k^=g,b^=g<<16,g=858993459&(k>>>2^b),b^=g,k^=g<<2,g=16711935&(k>>>8^b),b^=g,k^=g<<8,g=1431655765&(b>>>1^k),k^=g,b^=g<<1,b=b<<1|b>>>31,k=k<<1|k>>>31,f=0;f>>4|k<<28)^e[p+1],g=b,b=k,k=g^(o[m>>>24&63]|h[m>>>16&63]|l[m>>>8&63]|d[63&m]|s[w>>>24&63]|c[w>>>16&63]|u[w>>>8&63]|y[63&w]);g=b,b=k,k=g}b=b>>>1|b<<31,k=k>>>1|k<<31,g=1431655765&(b>>>1^k),k^=g,b^=g<<1,g=16711935&(k>>>8^b),b^=g,k^=g<<8,g=858993459&(k>>>2^b),b^=g,k^=g<<2,g=65535&(b>>>16^k),k^=g,b^=g<<16,g=252645135&(b>>>4^k),k^=g,b^=g<<4,1===n&&(r?(A=b,E=k):(b^=_,k^=S)),C[I++]=b>>>24,C[I++]=b>>>16&255,C[I++]=b>>>8&255,C[I++]=255&b,C[I++]=k>>>24,C[I++]=k>>>16&255,C[I++]=k>>>8&255,C[I++]=255&k}return r||(C=function(e,t){let r,n=null;if(2===t)r=32;else if(1===t)n=e[e.length-1];else{if(t)throw Error("des: invalid padding");r=0}if(!n){for(n=1;e[e.length-n]===r;)n++;n--}return e.subarray(0,e.length-n)}(C,a)),C}function Ue(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],i=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],a=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],s=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],h=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],u=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],y=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],d=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],f=e.length>8?3:1,g=Array(32*f),m=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let w,b,k,v=0,A=0;for(let _=0;_>>4^_),_^=k,f^=k<<4,k=65535&(_>>>-16^f),f^=k,_^=k<<-16,k=858993459&(f>>>2^_),_^=k,f^=k<<2,k=65535&(_>>>-16^f),f^=k,_^=k<<-16,k=1431655765&(f>>>1^_),_^=k,f^=k<<1,k=16711935&(_>>>8^f),f^=k,_^=k<<8,k=1431655765&(f>>>1^_),_^=k,f^=k<<1,k=f<<8|_>>>20&240,f=_<<24|_<<8&16711680|_>>>8&65280|_>>>24&240,_=k;for(let e=0;e<16;e++)m[e]?(f=f<<2|f>>>26,_=_<<2|_>>>26):(f=f<<1|f>>>27,_=_<<1|_>>>27),f&=-15,_&=-15,w=t[f>>>28]|r[f>>>24&15]|n[f>>>20&15]|i[f>>>16&15]|a[f>>>12&15]|s[f>>>8&15]|o[f>>>4&15],b=c[_>>>28]|h[_>>>24&15]|u[_>>>20&15]|l[_>>>16&15]|y[_>>>12&15]|d[_>>>8&15]|p[_>>>4&15],k=65535&(b>>>16^w),g[A++]=w^k,g[A++]=b^k<<16}return g}function De(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Pe(Ue(this.key[2]),Pe(Ue(this.key[1]),Pe(Ue(this.key[0]),e,!0,0,null,null),!1,0,null,null),!0,0,null,null)}}function Ce(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>>16&255,t[a+6]=o>>>8&255,t[a+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>16&255,t[a+6]=o>>8&255,t[a+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const n=t+e,i=n<>>32-r;return(a[0][i>>>24]^a[1][i>>>16&255])-a[2][i>>>8&255]+a[3][255&i]}function n(e,t,r){const n=t^e,i=n<>>32-r;return a[0][i>>>24]-a[1][i>>>16&255]+a[2][i>>>8&255]^a[3][255&i]}function i(e,t,r){const n=t-e,i=n<>>32-r;return(a[0][i>>>24]+a[1][i>>>16&255]^a[2][i>>>8&255])-a[3][255&i]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const n=[,,,,,,,,],i=Array(32);let s;for(let e=0;e<4;e++)s=4*e,n[e]=r[s]<<24|r[s+1]<<16|r[s+2]<<8|r[s+3];const o=[6,7,4,5];let c,h=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(s=0;s<4;s++){const t=e[r][s];c=n[t[1]],c^=a[4][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=a[5][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=a[6][n[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=a[7][n[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=a[o[s]][n[t[6]>>>2]>>>24-8*(3&t[6])&255],n[t[0]]=c}for(s=0;s<4;s++){const e=t[r][s];c=a[4][n[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=a[5][n[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=a[6][n[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=a[7][n[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=a[4+s][n[e[4]>>>2]>>>24-8*(3&e[4])&255],i[h]=c,h++}}for(let e=0;e<16;e++)this.masking[e]=i[e],this.rotate[e]=31&i[16+e]};const a=[,,,,,,,,];a[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],a[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],a[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],a[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],a[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],a[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],a[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],a[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Ie(e){this.cast5=new Ce,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}De.keySize=De.prototype.keySize=24,De.blockSize=De.prototype.blockSize=8,Ie.blockSize=Ie.prototype.blockSize=8,Ie.keySize=Ie.prototype.keySize=16;const Te=4294967295;function Be(e,t){return(e<>>32-t)&Te}function ze(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function Re(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function Me(e,t){return e>>>8*t&255}function Le(e){this.tf=function(){let e=null,t=null,r=-1,n=[],i=[[],[],[],[]];function a(e){return i[0][Me(e,0)]^i[1][Me(e,1)]^i[2][Me(e,2)]^i[3][Me(e,3)]}function s(e){return i[0][Me(e,3)]^i[1][Me(e,0)]^i[2][Me(e,1)]^i[3][Me(e,2)]}function o(e,t){let r=a(t[0]),i=s(t[1]);t[2]=Be(t[2]^r+i+n[4*e+8]&Te,31),t[3]=Be(t[3],1)^r+2*i+n[4*e+9]&Te,r=a(t[2]),i=s(t[3]),t[0]=Be(t[0]^r+i+n[4*e+10]&Te,31),t[1]=Be(t[1],1)^r+2*i+n[4*e+11]&Te}function c(e,t){let r=a(t[0]),i=s(t[1]);t[2]=Be(t[2],1)^r+i+n[4*e+10]&Te,t[3]=Be(t[3]^r+2*i+n[4*e+11]&Te,31),r=a(t[2]),i=s(t[3]),t[0]=Be(t[0],1)^r+i+n[4*e+8]&Te,t[1]=Be(t[1]^r+2*i+n[4*e+9]&Te,31)}return{name:"twofish",blocksize:16,open:function(t){let r,a,s,o,c;e=t;const h=[],u=[],l=[];let y;const d=[];let p,f,g;const m=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],b=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],k=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],v=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],A=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],_=[[],[]],E=[[],[],[],[]];function S(e){return e^e>>2^[0,90,180,238][3&e]}function K(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function x(e,t){let r,n,i;for(r=0;r<8;r++)n=t>>>24,t=t<<8&Te|e>>>24,e=e<<8&Te,i=n<<1,128&n&&(i^=333),t^=n^i<<16,i^=n>>>1,1&n&&(i^=166),t^=i<<24|i<<8;return t}function P(e,t){const r=t>>4,n=15&t,i=m[e][r^n],a=w[e][v[n]^A[r]];return k[e][v[a]^A[i]]<<4|b[e][i^a]}function U(e,t){let r=Me(e,0),n=Me(e,1),i=Me(e,2),a=Me(e,3);switch(y){case 4:r=_[1][r]^Me(t[3],0),n=_[0][n]^Me(t[3],1),i=_[0][i]^Me(t[3],2),a=_[1][a]^Me(t[3],3);case 3:r=_[1][r]^Me(t[2],0),n=_[1][n]^Me(t[2],1),i=_[0][i]^Me(t[2],2),a=_[0][a]^Me(t[2],3);case 2:r=_[0][_[0][r]^Me(t[1],0)]^Me(t[0],0),n=_[0][_[1][n]^Me(t[1],1)]^Me(t[0],1),i=_[1][_[0][i]^Me(t[1],2)]^Me(t[0],2),a=_[1][_[1][a]^Me(t[1],3)]^Me(t[0],3)}return E[0][r]^E[1][n]^E[2][i]^E[3][a]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=ze(e,r);for(r=0;r<256;r++)_[0][r]=P(0,r),_[1][r]=P(1,r);for(r=0;r<256;r++)p=_[1][r],f=S(p),g=K(p),E[0][r]=p+(f<<8)+(g<<16)+(g<<24),E[2][r]=f+(g<<8)+(p<<16)+(g<<24),p=_[0][r],f=S(p),g=K(p),E[1][r]=g+(g<<8)+(f<<16)+(p<<24),E[3][r]=f+(p<<8)+(g<<16)+(f<<24);for(y=l.length/2,r=0;r=0;e--)c(e,a);Re(t,r,a[2]^n[0]),Re(t,r+4,a[3]^n[1]),Re(t,r+8,a[0]^n[2]),Re(t,r+12,a[1]^n[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Ne(){}function Oe(e){this.bf=new Ne,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}Le.keySize=Le.prototype.keySize=32,Le.blockSize=Le.prototype.blockSize=16,Ne.prototype.BLOCKSIZE=8,Ne.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Ne.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Ne.prototype.NN=16,Ne.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Ne.prototype._F=function(e){let t;const r=255&e,n=255&(e>>>=8),i=255&(e>>>=8),a=255&(e>>>=8);return t=this.sboxes[0][a]+this.sboxes[1][i],t^=this.sboxes[2][n],t+=this.sboxes[3][r],t},Ne.prototype._encryptBlock=function(e){let t,r=e[0],n=e[1];for(t=0;t>>24-8*t&255,i[t+n]=r[1]>>>24-8*t&255;return i},Ne.prototype._decryptBlock=function(e){let t,r=e[0],n=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],n=this._F(r)^n;const e=r;r=n,n=e}r^=this.parray[1],n^=this.parray[0],e[0]=this._clean(n),e[1]=this._clean(r)},Ne.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^n}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const n=[0,0];for(t=0;t>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=t+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=r+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=c+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=h+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=u+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=l+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=y+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=d+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=p+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=f+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=g+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=m+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=w+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=b+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;x=k+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=w^d^r^e;P=K<<1|K>>>31;x=P+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=b^p^c^t;U=K<<1|K>>>31;x=U+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=k^f^h^r;D=K<<1|K>>>31;x=D+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=P^g^u^c;C=K<<1|K>>>31;x=C+(v<<5|v>>>27)+S+(A&_|~A&E)+0x5a827999|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=U^m^l^h;I=K<<1|K>>>31;x=I+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=D^w^y^u;T=K<<1|K>>>31;x=T+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=C^b^d^l;B=K<<1|K>>>31;x=B+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=I^k^p^y;z=K<<1|K>>>31;x=z+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=T^P^f^d;R=K<<1|K>>>31;x=R+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=B^U^g^p;M=K<<1|K>>>31;x=M+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=z^D^m^f;L=K<<1|K>>>31;x=L+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=R^C^w^g;N=K<<1|K>>>31;x=N+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=M^I^b^m;O=K<<1|K>>>31;x=O+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=L^T^k^w;F=K<<1|K>>>31;x=F+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=N^B^P^b;H=K<<1|K>>>31;x=H+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=O^z^U^k;j=K<<1|K>>>31;x=j+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=F^R^D^P;q=K<<1|K>>>31;x=q+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=H^M^C^U;G=K<<1|K>>>31;x=G+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=j^L^I^D;V=K<<1|K>>>31;x=V+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=q^N^T^C;W=K<<1|K>>>31;x=W+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=G^O^B^I;$=K<<1|K>>>31;x=$+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=V^F^z^T;Z=K<<1|K>>>31;x=Z+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=W^H^R^B;X=K<<1|K>>>31;x=X+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=$^j^M^z;Q=K<<1|K>>>31;x=Q+(v<<5|v>>>27)+S+(A^_^E)+0x6ed9eba1|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Z^q^L^R;Y=K<<1|K>>>31;x=Y+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=X^G^N^M;J=K<<1|K>>>31;x=J+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Q^V^O^L;ee=K<<1|K>>>31;x=ee+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Y^W^F^N;te=K<<1|K>>>31;x=te+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=J^$^H^O;re=K<<1|K>>>31;x=re+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ee^Z^j^F;ne=K<<1|K>>>31;x=ne+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=te^X^q^H;ie=K<<1|K>>>31;x=ie+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=re^Q^G^j;ae=K<<1|K>>>31;x=ae+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ne^Y^V^q;se=K<<1|K>>>31;x=se+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ie^J^W^G;oe=K<<1|K>>>31;x=oe+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ae^ee^$^V;ce=K<<1|K>>>31;x=ce+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=se^te^Z^W;he=K<<1|K>>>31;x=he+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=oe^re^X^$;ue=K<<1|K>>>31;x=ue+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ce^ne^Q^Z;le=K<<1|K>>>31;x=le+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=he^ie^Y^X;ye=K<<1|K>>>31;x=ye+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ue^ae^J^Q;de=K<<1|K>>>31;x=de+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=le^se^ee^Y;pe=K<<1|K>>>31;x=pe+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ye^oe^te^J;fe=K<<1|K>>>31;x=fe+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=de^ce^re^ee;ge=K<<1|K>>>31;x=ge+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=pe^he^ne^te;me=K<<1|K>>>31;x=me+(v<<5|v>>>27)+S+(A&_|A&E|_&E)-0x70e44324|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=fe^ue^ie^re;we=K<<1|K>>>31;x=we+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ge^le^ae^ne;be=K<<1|K>>>31;x=be+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=me^ye^se^ie;ke=K<<1|K>>>31;x=ke+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=we^de^oe^ae;ve=K<<1|K>>>31;x=ve+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=be^pe^ce^se;Ae=K<<1|K>>>31;x=Ae+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ke^fe^he^oe;_e=K<<1|K>>>31;x=_e+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=ve^ge^ue^ce;Ee=K<<1|K>>>31;x=Ee+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ae^me^le^he;Se=K<<1|K>>>31;x=Se+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=_e^we^ye^ue;Ke=K<<1|K>>>31;x=Ke+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ee^be^de^le;xe=K<<1|K>>>31;x=xe+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Se^ke^pe^ye;Pe=K<<1|K>>>31;x=Pe+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ke^ve^fe^de;Ue=K<<1|K>>>31;x=Ue+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=xe^Ae^ge^pe;De=K<<1|K>>>31;x=De+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Pe^_e^me^fe;Ce=K<<1|K>>>31;x=Ce+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ue^Ee^we^ge;Ie=K<<1|K>>>31;x=Ie+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=De^Se^be^me;Te=K<<1|K>>>31;x=Te+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ce^Ke^ke^we;Be=K<<1|K>>>31;x=Be+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Ie^xe^ve^be;ze=K<<1|K>>>31;x=ze+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Te^Pe^Ae^ke;Re=K<<1|K>>>31;x=Re+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;K=Be^Ue^_e^ve;Me=K<<1|K>>>31;x=Me+(v<<5|v>>>27)+S+(A^_^E)-0x359d3e2a|0;S=E;E=_;_=A<<30|A>>>2;A=v;v=x;n=n+v|0;i=i+A|0;a=a+_|0;s=s+E|0;o=o+S|0}function A(e){e=e|0;v(k[e|0]<<24|k[e|1]<<16|k[e|2]<<8|k[e|3],k[e|4]<<24|k[e|5]<<16|k[e|6]<<8|k[e|7],k[e|8]<<24|k[e|9]<<16|k[e|10]<<8|k[e|11],k[e|12]<<24|k[e|13]<<16|k[e|14]<<8|k[e|15],k[e|16]<<24|k[e|17]<<16|k[e|18]<<8|k[e|19],k[e|20]<<24|k[e|21]<<16|k[e|22]<<8|k[e|23],k[e|24]<<24|k[e|25]<<16|k[e|26]<<8|k[e|27],k[e|28]<<24|k[e|29]<<16|k[e|30]<<8|k[e|31],k[e|32]<<24|k[e|33]<<16|k[e|34]<<8|k[e|35],k[e|36]<<24|k[e|37]<<16|k[e|38]<<8|k[e|39],k[e|40]<<24|k[e|41]<<16|k[e|42]<<8|k[e|43],k[e|44]<<24|k[e|45]<<16|k[e|46]<<8|k[e|47],k[e|48]<<24|k[e|49]<<16|k[e|50]<<8|k[e|51],k[e|52]<<24|k[e|53]<<16|k[e|54]<<8|k[e|55],k[e|56]<<24|k[e|57]<<16|k[e|58]<<8|k[e|59],k[e|60]<<24|k[e|61]<<16|k[e|62]<<8|k[e|63])}function _(e){e=e|0;k[e|0]=n>>>24;k[e|1]=n>>>16&255;k[e|2]=n>>>8&255;k[e|3]=n&255;k[e|4]=i>>>24;k[e|5]=i>>>16&255;k[e|6]=i>>>8&255;k[e|7]=i&255;k[e|8]=a>>>24;k[e|9]=a>>>16&255;k[e|10]=a>>>8&255;k[e|11]=a&255;k[e|12]=s>>>24;k[e|13]=s>>>16&255;k[e|14]=s>>>8&255;k[e|15]=s&255;k[e|16]=o>>>24;k[e|17]=o>>>16&255;k[e|18]=o>>>8&255;k[e|19]=o&255}function E(){n=0x67452301;i=0xefcdab89;a=0x98badcfe;s=0x10325476;o=0xc3d2e1f0;c=h=0}function S(e,t,r,u,l,y,d){e=e|0;t=t|0;r=r|0;u=u|0;l=l|0;y=y|0;d=d|0;n=e;i=t;a=r;s=u;o=l;c=y;h=d}function K(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){A(e);e=e+64|0;t=t-64|0;r=r+64|0}c=c+r|0;if(c>>>0>>0)h=h+1|0;return r|0}function x(e,t,r){e=e|0;t=t|0;r=r|0;var n=0,i=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){n=K(e,t)|0;if((n|0)==-1)return-1;e=e+n|0;t=t-n|0}n=n+t|0;c=c+t|0;if(c>>>0>>0)h=h+1|0;k[e|t]=0x80;if((t|0)>=56){for(i=t+1|0;(i|0)<64;i=i+1|0)k[e|i]=0x00;A(e);t=0;k[e|0]=0}for(i=t+1|0;(i|0)<59;i=i+1|0)k[e|i]=0;k[e|56]=h>>>21&255;k[e|57]=h>>>13&255;k[e|58]=h>>>5&255;k[e|59]=h<<3&255|c>>>29;k[e|60]=c>>>21&255;k[e|61]=c>>>13&255;k[e|62]=c>>>5&255;k[e|63]=c<<3&255;A(e);if(~r)_(r);return n|0}function P(){n=u;i=l;a=y;s=d;o=p;c=64;h=0}function U(){n=f;i=g;a=m;s=w;o=b;c=64;h=0}function D(e,t,r,k,A,_,S,K,x,P,U,D,C,I,T,B){e=e|0;t=t|0;r=r|0;k=k|0;A=A|0;_=_|0;S=S|0;K=K|0;x=x|0;P=P|0;U=U|0;D=D|0;C=C|0;I=I|0;T=T|0;B=B|0;E();v(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,k^0x5c5c5c5c,A^0x5c5c5c5c,_^0x5c5c5c5c,S^0x5c5c5c5c,K^0x5c5c5c5c,x^0x5c5c5c5c,P^0x5c5c5c5c,U^0x5c5c5c5c,D^0x5c5c5c5c,C^0x5c5c5c5c,I^0x5c5c5c5c,T^0x5c5c5c5c,B^0x5c5c5c5c);f=n;g=i;m=a;w=s;b=o;E();v(e^0x36363636,t^0x36363636,r^0x36363636,k^0x36363636,A^0x36363636,_^0x36363636,S^0x36363636,K^0x36363636,x^0x36363636,P^0x36363636,U^0x36363636,D^0x36363636,C^0x36363636,I^0x36363636,T^0x36363636,B^0x36363636);u=n;l=i;y=a;d=s;p=o;c=64;h=0}function C(e,t,r){e=e|0;t=t|0;r=r|0;var c=0,h=0,u=0,l=0,y=0,d=0;if(e&63)return-1;if(~r)if(r&31)return-1;d=x(e,t,-1)|0;c=n,h=i,u=a,l=s,y=o;U();v(c,h,u,l,y,0x80000000,0,0,0,0,0,0,0,0,0,672);if(~r)_(r);return d|0}function I(e,t,r,c,h){e=e|0;t=t|0;r=r|0;c=c|0;h=h|0;var u=0,l=0,y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0;if(e&63)return-1;if(~h)if(h&31)return-1;k[e+t|0]=r>>>24;k[e+t+1|0]=r>>>16&255;k[e+t+2|0]=r>>>8&255;k[e+t+3|0]=r&255;C(e,t+4|0,-1)|0;u=f=n,l=g=i,y=m=a,d=w=s,p=b=o;c=c-1|0;while((c|0)>0){P();v(f,g,m,w,b,0x80000000,0,0,0,0,0,0,0,0,0,672);f=n,g=i,m=a,w=s,b=o;U();v(f,g,m,w,b,0x80000000,0,0,0,0,0,0,0,0,0,672);f=n,g=i,m=a,w=s,b=o;u=u^n;l=l^i;y=y^a;d=d^s;p=p^o;c=c-1|0}n=u;i=l;a=y;s=d;o=p;if(~h)_(h);return 0}return{reset:E,init:S,process:K,finish:x,hmac_reset:P,hmac_init:D,hmac_finish:C,pbkdf2_generate_block:I}};class Ve{constructor(){this.pos=0,this.len=0}reset(){const{asm:e}=this.acquire_asm();return this.result=null,this.pos=0,this.len=0,e.reset(),this}process(e){if(null!==this.result)throw new ke("state must be reset before processing new data");const{asm:t,heap:r}=this.acquire_asm();let n=this.pos,i=this.len,a=0,s=e.length,o=0;for(;s>0;)o=we(r,n+i,e,a,s),i+=o,a+=o,s-=o,o=t.process(n,i),n+=o,i-=o,i||(n=0);return this.pos=n,this.len=i,this}finish(){if(null!==this.result)throw new ke("state must be reset before processing new data");const{asm:e,heap:t}=this.acquire_asm();return e.finish(this.pos,this.len,0),this.result=new Uint8Array(this.HASH_SIZE),this.result.set(t.subarray(0,this.HASH_SIZE)),this.pos=0,this.len=0,this.release_asm(),this}}const We=[],$e=[];class Ze extends Ve{constructor(){super(),this.NAME="sha1",this.BLOCK_SIZE=64,this.HASH_SIZE=20,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=We.pop()||me(),this.asm=$e.pop()||Ge({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(We.push(this.heap),$e.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new Ze).process(e).finish().result}}Ze.NAME="sha1",Ze.heap_pool=[],Ze.asm_pool=[],Ze.asm_function=Ge;const Xe=[],Qe=[];class Ye extends Ve{constructor(){super(),this.NAME="sha256",this.BLOCK_SIZE=64,this.HASH_SIZE=32,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=Xe.pop()||me(),this.asm=Qe.pop()||function(e,t,r){"use asm";var n=0,i=0,a=0,s=0,o=0,c=0,h=0,u=0,l=0,y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0,k=0,v=0,A=0,_=0,E=0,S=0,K=0,x=0,P=0,U=new e.Uint8Array(r);function D(e,t,r,l,y,d,p,f,g,m,w,b,k,v,A,_){e=e|0;t=t|0;r=r|0;l=l|0;y=y|0;d=d|0;p=p|0;f=f|0;g=g|0;m=m|0;w=w|0;b=b|0;k=k|0;v=v|0;A=A|0;_=_|0;var E=0,S=0,K=0,x=0,P=0,U=0,D=0,C=0;E=n;S=i;K=a;x=s;P=o;U=c;D=h;C=u;C=e+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0x428a2f98|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=t+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0x71374491|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;U=r+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0xb5c0fbcf|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;P=l+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0xe9b5dba5|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;x=y+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x3956c25b|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;K=d+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0x59f111f1|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;S=p+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x923f82a4|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;E=f+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0xab1c5ed5|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=g+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0xd807aa98|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=m+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0x12835b01|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;U=w+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0x243185be|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;P=b+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0x550c7dc3|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;x=k+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x72be5d74|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;K=v+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0x80deb1fe|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;S=A+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x9bdc06a7|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;E=_+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0xc19bf174|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+e+m|0;C=e+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0xe49b69c1|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+t+w|0;D=t+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0xefbe4786|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;r=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+b|0;U=r+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0x0fc19dc6|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;l=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+l+k|0;P=l+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0x240ca1cc|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;y=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+y+v|0;x=y+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x2de92c6f|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;d=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+d+A|0;K=d+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0x4a7484aa|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+p+_|0;S=p+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x5cb0a9dc|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+f+e|0;E=f+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0x76f988da|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+g+t|0;C=g+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0x983e5152|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+m+r|0;D=m+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0xa831c66d|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+l|0;U=w+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0xb00327c8|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;b=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+b+y|0;P=b+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0xbf597fc7|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;k=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+k+d|0;x=k+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0xc6e00bf3|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;v=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+v+p|0;K=v+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0xd5a79147|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;A=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+A+f|0;S=A+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x06ca6351|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;_=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+_+g|0;E=_+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0x14292967|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+e+m|0;C=e+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0x27b70a85|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+t+w|0;D=t+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0x2e1b2138|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;r=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+b|0;U=r+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0x4d2c6dfc|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;l=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+l+k|0;P=l+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0x53380d13|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;y=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+y+v|0;x=y+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x650a7354|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;d=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+d+A|0;K=d+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0x766a0abb|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+p+_|0;S=p+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x81c2c92e|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+f+e|0;E=f+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0x92722c85|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+g+t|0;C=g+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0xa2bfe8a1|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+m+r|0;D=m+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0xa81a664b|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+l|0;U=w+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0xc24b8b70|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;b=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+b+y|0;P=b+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0xc76c51a3|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;k=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+k+d|0;x=k+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0xd192e819|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;v=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+v+p|0;K=v+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0xd6990624|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;A=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+A+f|0;S=A+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0xf40e3585|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;_=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+_+g|0;E=_+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0x106aa070|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+e+m|0;C=e+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0x19a4c116|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+t+w|0;D=t+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0x1e376c08|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;r=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+b|0;U=r+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0x2748774c|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;l=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+l+k|0;P=l+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0x34b0bcb5|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;y=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+y+v|0;x=y+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x391c0cb3|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;d=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+d+A|0;K=d+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0x4ed8aa4a|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+p+_|0;S=p+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0x5b9cca4f|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+f+e|0;E=f+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0x682e6ff3|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+g+t|0;C=g+C+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(D^P&(U^D))+0x748f82ee|0;x=x+C|0;C=C+(E&S^K&(E^S))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+m+r|0;D=m+D+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(U^x&(P^U))+0x78a5636f|0;K=K+D|0;D=D+(C&E^S&(C^E))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+l|0;U=w+U+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(P^K&(x^P))+0x84c87814|0;S=S+U|0;U=U+(D&C^E&(D^C))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;b=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+b+y|0;P=b+P+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(x^S&(K^x))+0x8cc70208|0;E=E+P|0;P=P+(U&D^C&(U^D))+(U>>>2^U>>>13^U>>>22^U<<30^U<<19^U<<10)|0;k=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+k+d|0;x=k+x+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(K^E&(S^K))+0x90befffa|0;C=C+x|0;x=x+(P&U^D&(P^U))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;v=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+v+p|0;K=v+K+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(E^S))+0xa4506ceb|0;D=D+K|0;K=K+(x&P^U&(x^P))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;A=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+A+f|0;S=A+S+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(C^E))+0xbef9a3f7|0;U=U+S|0;S=S+(K&x^P&(K^x))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;_=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+_+g|0;E=_+E+(U>>>6^U>>>11^U>>>25^U<<26^U<<21^U<<7)+(C^U&(D^C))+0xc67178f2|0;P=P+E|0;E=E+(S&K^x&(S^K))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;n=n+E|0;i=i+S|0;a=a+K|0;s=s+x|0;o=o+P|0;c=c+U|0;h=h+D|0;u=u+C|0}function C(e){e=e|0;D(U[e|0]<<24|U[e|1]<<16|U[e|2]<<8|U[e|3],U[e|4]<<24|U[e|5]<<16|U[e|6]<<8|U[e|7],U[e|8]<<24|U[e|9]<<16|U[e|10]<<8|U[e|11],U[e|12]<<24|U[e|13]<<16|U[e|14]<<8|U[e|15],U[e|16]<<24|U[e|17]<<16|U[e|18]<<8|U[e|19],U[e|20]<<24|U[e|21]<<16|U[e|22]<<8|U[e|23],U[e|24]<<24|U[e|25]<<16|U[e|26]<<8|U[e|27],U[e|28]<<24|U[e|29]<<16|U[e|30]<<8|U[e|31],U[e|32]<<24|U[e|33]<<16|U[e|34]<<8|U[e|35],U[e|36]<<24|U[e|37]<<16|U[e|38]<<8|U[e|39],U[e|40]<<24|U[e|41]<<16|U[e|42]<<8|U[e|43],U[e|44]<<24|U[e|45]<<16|U[e|46]<<8|U[e|47],U[e|48]<<24|U[e|49]<<16|U[e|50]<<8|U[e|51],U[e|52]<<24|U[e|53]<<16|U[e|54]<<8|U[e|55],U[e|56]<<24|U[e|57]<<16|U[e|58]<<8|U[e|59],U[e|60]<<24|U[e|61]<<16|U[e|62]<<8|U[e|63])}function I(e){e=e|0;U[e|0]=n>>>24;U[e|1]=n>>>16&255;U[e|2]=n>>>8&255;U[e|3]=n&255;U[e|4]=i>>>24;U[e|5]=i>>>16&255;U[e|6]=i>>>8&255;U[e|7]=i&255;U[e|8]=a>>>24;U[e|9]=a>>>16&255;U[e|10]=a>>>8&255;U[e|11]=a&255;U[e|12]=s>>>24;U[e|13]=s>>>16&255;U[e|14]=s>>>8&255;U[e|15]=s&255;U[e|16]=o>>>24;U[e|17]=o>>>16&255;U[e|18]=o>>>8&255;U[e|19]=o&255;U[e|20]=c>>>24;U[e|21]=c>>>16&255;U[e|22]=c>>>8&255;U[e|23]=c&255;U[e|24]=h>>>24;U[e|25]=h>>>16&255;U[e|26]=h>>>8&255;U[e|27]=h&255;U[e|28]=u>>>24;U[e|29]=u>>>16&255;U[e|30]=u>>>8&255;U[e|31]=u&255}function T(){n=0x6a09e667;i=0xbb67ae85;a=0x3c6ef372;s=0xa54ff53a;o=0x510e527f;c=0x9b05688c;h=0x1f83d9ab;u=0x5be0cd19;l=y=0}function B(e,t,r,d,p,f,g,m,w,b){e=e|0;t=t|0;r=r|0;d=d|0;p=p|0;f=f|0;g=g|0;m=m|0;w=w|0;b=b|0;n=e;i=t;a=r;s=d;o=p;c=f;h=g;u=m;l=w;y=b}function z(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){C(e);e=e+64|0;t=t-64|0;r=r+64|0}l=l+r|0;if(l>>>0>>0)y=y+1|0;return r|0}function R(e,t,r){e=e|0;t=t|0;r=r|0;var n=0,i=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){n=z(e,t)|0;if((n|0)==-1)return-1;e=e+n|0;t=t-n|0}n=n+t|0;l=l+t|0;if(l>>>0>>0)y=y+1|0;U[e|t]=0x80;if((t|0)>=56){for(i=t+1|0;(i|0)<64;i=i+1|0)U[e|i]=0x00;C(e);t=0;U[e|0]=0}for(i=t+1|0;(i|0)<59;i=i+1|0)U[e|i]=0;U[e|56]=y>>>21&255;U[e|57]=y>>>13&255;U[e|58]=y>>>5&255;U[e|59]=y<<3&255|l>>>29;U[e|60]=l>>>21&255;U[e|61]=l>>>13&255;U[e|62]=l>>>5&255;U[e|63]=l<<3&255;C(e);if(~r)I(r);return n|0}function M(){n=d;i=p;a=f;s=g;o=m;c=w;h=b;u=k;l=64;y=0}function L(){n=v;i=A;a=_;s=E;o=S;c=K;h=x;u=P;l=64;y=0}function N(e,t,r,U,C,I,B,z,R,M,L,N,O,F,H,j){e=e|0;t=t|0;r=r|0;U=U|0;C=C|0;I=I|0;B=B|0;z=z|0;R=R|0;M=M|0;L=L|0;N=N|0;O=O|0;F=F|0;H=H|0;j=j|0;T();D(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,U^0x5c5c5c5c,C^0x5c5c5c5c,I^0x5c5c5c5c,B^0x5c5c5c5c,z^0x5c5c5c5c,R^0x5c5c5c5c,M^0x5c5c5c5c,L^0x5c5c5c5c,N^0x5c5c5c5c,O^0x5c5c5c5c,F^0x5c5c5c5c,H^0x5c5c5c5c,j^0x5c5c5c5c);v=n;A=i;_=a;E=s;S=o;K=c;x=h;P=u;T();D(e^0x36363636,t^0x36363636,r^0x36363636,U^0x36363636,C^0x36363636,I^0x36363636,B^0x36363636,z^0x36363636,R^0x36363636,M^0x36363636,L^0x36363636,N^0x36363636,O^0x36363636,F^0x36363636,H^0x36363636,j^0x36363636);d=n;p=i;f=a;g=s;m=o;w=c;b=h;k=u;l=64;y=0}function O(e,t,r){e=e|0;t=t|0;r=r|0;var l=0,y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0;if(e&63)return-1;if(~r)if(r&31)return-1;b=R(e,t,-1)|0;l=n,y=i,d=a,p=s,f=o,g=c,m=h,w=u;L();D(l,y,d,p,f,g,m,w,0x80000000,0,0,0,0,0,0,768);if(~r)I(r);return b|0}function F(e,t,r,l,y){e=e|0;t=t|0;r=r|0;l=l|0;y=y|0;var d=0,p=0,f=0,g=0,m=0,w=0,b=0,k=0,v=0,A=0,_=0,E=0,S=0,K=0,x=0,P=0;if(e&63)return-1;if(~y)if(y&31)return-1;U[e+t|0]=r>>>24;U[e+t+1|0]=r>>>16&255;U[e+t+2|0]=r>>>8&255;U[e+t+3|0]=r&255;O(e,t+4|0,-1)|0;d=v=n,p=A=i,f=_=a,g=E=s,m=S=o,w=K=c,b=x=h,k=P=u;l=l-1|0;while((l|0)>0){M();D(v,A,_,E,S,K,x,P,0x80000000,0,0,0,0,0,0,768);v=n,A=i,_=a,E=s,S=o,K=c,x=h,P=u;L();D(v,A,_,E,S,K,x,P,0x80000000,0,0,0,0,0,0,768);v=n,A=i,_=a,E=s,S=o,K=c,x=h,P=u;d=d^n;p=p^i;f=f^a;g=g^s;m=m^o;w=w^c;b=b^h;k=k^u;l=l-1|0}n=d;i=p;a=f;s=g;o=m;c=w;h=b;u=k;if(~y)I(y);return 0}return{reset:T,init:B,process:z,finish:R,hmac_reset:M,hmac_init:N,hmac_finish:O,pbkdf2_generate_block:F}}({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(Xe.push(this.heap),Qe.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new Ye).process(e).finish().result}}Ye.NAME="sha256";var Je=et;function et(e,t){if(!e)throw Error(t||"Assertion failed")}et.equal=function(e,t,r){if(e!=t)throw Error(r||"Assertion failed: "+e+" != "+t)};var tt=void 0!==e?e:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function rt(e,t){return e(t={exports:{}},t.exports),t.exports}function nt(){throw Error("Dynamic requires are not currently supported by @rollup/plugin-commonjs")}var it=rt((function(e){e.exports="function"==typeof Object.create?function(e,t){e.super_=t,e.prototype=Object.create(t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}})}:function(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}}));var at=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var r=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),n=0;n>8,s=255&i;a?r.push(a,s):r.push(s)}else for(n=0;n>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}var ct=function(e,t){for(var r="",n=0;n>>0}return a};var yt=function(e,t){for(var r=Array(4*e.length),n=0,i=0;n>>24,r[i+1]=a>>>16&255,r[i+2]=a>>>8&255,r[i+3]=255&a):(r[i+3]=a>>>24,r[i+2]=a>>>16&255,r[i+1]=a>>>8&255,r[i]=255&a)}return r};var dt={inherits:it,toArray:at,toHex:st,htonl:ot,toHex32:ct,zero2:ht,zero8:ut,join32:lt,split32:yt,rotr32:function(e,t){return e>>>t|e<<32-t},rotl32:function(e,t){return e<>>32-t},sum32:function(e,t){return e+t>>>0},sum32_3:function(e,t,r){return e+t+r>>>0},sum32_4:function(e,t,r,n){return e+t+r+n>>>0},sum32_5:function(e,t,r,n,i){return e+t+r+n+i>>>0},sum64:function(e,t,r,n){var i=e[t],a=n+e[t+1]>>>0,s=(a>>0,e[t+1]=a},sum64_hi:function(e,t,r,n){return(t+n>>>0>>0},sum64_lo:function(e,t,r,n){return t+n>>>0},sum64_4_hi:function(e,t,r,n,i,a,s,o){var c=0,h=t;return c+=(h=h+n>>>0)>>0)>>0)>>0},sum64_4_lo:function(e,t,r,n,i,a,s,o){return t+n+a+o>>>0},sum64_5_hi:function(e,t,r,n,i,a,s,o,c,h){var u=0,l=t;return u+=(l=l+n>>>0)>>0)>>0)>>0)>>0},sum64_5_lo:function(e,t,r,n,i,a,s,o,c,h){return t+n+a+o+h>>>0},rotr64_hi:function(e,t,r){return(t<<32-r|e>>>r)>>>0},rotr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0},shr64_hi:function(e,t,r){return e>>>r},shr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0}};function pt(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}var ft=pt;pt.prototype.update=function(e,t){if(e=dt.toArray(e,t),this.pending?this.pending=this.pending.concat(e):this.pending=e,this.pendingTotal+=e.length,this.pending.length>=this._delta8){var r=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-r,e.length),0===this.pending.length&&(this.pending=null),e=dt.join32(e,0,e.length-r,this.endian);for(var n=0;n>>24&255,n[i++]=e>>>16&255,n[i++]=e>>>8&255,n[i++]=255&e}else for(n[i++]=255&e,n[i++]=e>>>8&255,n[i++]=e>>>16&255,n[i++]=e>>>24&255,n[i++]=0,n[i++]=0,n[i++]=0,n[i++]=0,a=8;a>>3},g1_256:function(e){return mt(e,17)^mt(e,19)^e>>>10}},_t=dt.sum32,Et=dt.sum32_4,St=dt.sum32_5,Kt=At.ch32,xt=At.maj32,Pt=At.s0_256,Ut=At.s1_256,Dt=At.g0_256,Ct=At.g1_256,It=gt.BlockHash,Tt=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function Bt(){if(!(this instanceof Bt))return new Bt;It.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=Tt,this.W=Array(64)}dt.inherits(Bt,It);var zt=Bt;function Rt(){if(!(this instanceof Rt))return new Rt;zt.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}Bt.blockSize=512,Bt.outSize=256,Bt.hmacStrength=192,Bt.padLength=64,Bt.prototype._update=function(e,t){for(var r=this.W,n=0;n<16;n++)r[n]=e[t+n];for(;n>>32-i,r)}function Dr(e,t,r,n,i,a,s){return Ur(t&r|~t&n,e,t,i,a,s)}function Cr(e,t,r,n,i,a,s){return Ur(t&n|r&~n,e,t,i,a,s)}function Ir(e,t,r,n,i,a,s){return Ur(t^r^n,e,t,i,a,s)}function Tr(e,t,r,n,i,a,s){return Ur(r^(t|~n),e,t,i,a,s)}function Br(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const zr="0123456789abcdef".split("");function Rr(e){let t="",r=0;for(;r<4;r++)t+=zr[e>>8*r+4&15]+zr[e>>8*r&15];return t}function Mr(e,t){return e+t&4294967295}const Lr=X.getWebCrypto(),Nr=X.getNodeCrypto(),Or=Nr&&Nr.getHashes();function Fr(e){if(Nr&&Or.includes(e))return async function(t){const r=Nr.createHash(e);return z(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Hr(e,t){return async function(r,n=ie){if(s(r)&&(r=await H(r)),!X.isStream(r)&&Lr&&t&&r.length>=n.minBytesForWebCrypto)return new Uint8Array(await Lr.digest(t,r));const i=e();return z(r,(e=>{i.update(e)}),(()=>new Uint8Array(i.digest())))}}function jr(e,t){return async function(r,n=ie){if(s(r)&&(r=await H(r)),X.isStream(r)){const t=new e;return z(r,(e=>{t.process(e)}),(()=>t.finish().result))}return Lr&&t&&r.length>=n.minBytesForWebCrypto?new Uint8Array(await Lr.digest(t,r)):e.bytes(r)}}const qr={md5:Fr("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let n;for(n=64;n<=e.length;n+=64)Pr(r,Br(e.substring(n-64,n)));e=e.substring(n-64);const i=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(n=0;n>2]|=e.charCodeAt(n)<<(n%4<<3);if(i[n>>2]|=128<<(n%4<<3),n>55)for(Pr(r,i),n=0;n<16;n++)i[n]=0;return i[14]=8*t,Pr(r,i),r}(X.uint8ArrayToString(e));return X.hexToUint8Array(function(e){for(let t=0;tnew Uint8Array(a.update(e))))}(e,t,r,n);if(X.isAES(e))return function(e,t,r,n,i){if(X.getWebCrypto()&&24!==t.length&&!X.isStream(r)&&r.length>=3e3*i.minBytesForWebCrypto)return async function(e,t,r,n){const i="AES-CBC",a=await $r.importKey("raw",t,{name:i},!1,["encrypt"]),{blockSize:s}=Wr(e),o=X.concatUint8Array([new Uint8Array(s),r]),c=new Uint8Array(await $r.encrypt({name:i,iv:n},a,o)).subarray(0,r.length);return function(e,t){for(let r=0;ra.aes.AES_Encrypt_process(e)),(()=>a.aes.AES_Encrypt_finish()))}(e,t,r,n,i);const s=new(Wr(e))(t),o=s.blockSize,c=n.slice();let h=new Uint8Array;const u=e=>{e&&(h=X.concatUint8Array([h,e]));const t=new Uint8Array(h.length);let r,n=0;for(;e?h.length>=o:h.length;){const e=s.encrypt(c);for(r=0;rnew Uint8Array(a.update(e))))}(e,t,r,n);if(X.isAES(e))return function(e,t,r,n){if(X.isStream(r)){const e=new Vr(t,n);return z(r,(t=>e.aes.AES_Decrypt_process(t)),(()=>e.aes.AES_Decrypt_finish()))}return Vr.decrypt(r,t,n)}(0,t,r,n);const a=new(Wr(e))(t),s=a.blockSize;let o=n,c=new Uint8Array;const h=e=>{e&&(c=X.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r48)throw new ve("illegal counter size");let e=Math.pow(2,r)-1;n.set_mask(0,0,e/4294967296|0,0|e)}else r=48,n.set_mask(0,0,65535,4294967295);if(void 0===e)throw Error("nonce is required");{let t=e.length;if(!t||t>16)throw new ve("illegal nonce size");let r=new DataView(new ArrayBuffer(16));new Uint8Array(r.buffer).set(e),n.set_nonce(r.getUint32(0),r.getUint32(4),r.getUint32(8),r.getUint32(12))}if(void 0!==t){if(t<0||t>=Math.pow(2,r))throw new ve("illegal counter value");n.set_counter(0,0,t/4294967296|0,0|t)}}}class en{static encrypt(e,t,r=!0,n){return new en(t,n,r).encrypt(e)}static decrypt(e,t,r=!0,n){return new en(t,n,r).decrypt(e)}constructor(e,t,r=!0,n){this.aes=n||new Se(e,t,r,"CBC")}encrypt(e){return be(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return be(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}const tn=X.getWebCrypto(),rn=X.getNodeCrypto(),nn=16;function an(e,t){const r=e.length-nn;for(let n=0;n>3),17+(h>>3)),8-(7&h)).subarray(1),d=new Uint8Array(kn),p=new Uint8Array(t.length+An);let f,g=0;for(f=0;f16)throw new ve("illegal tagSize value");const o=t.length||0,c=new Uint8Array(16);12!==o?(this._gcm_mac_process(t),s[0]=0,s[1]=0,s[2]=0,s[3]=0,s[4]=0,s[5]=0,s[6]=0,s[7]=0,s[8]=0,s[9]=0,s[10]=0,s[11]=o>>>29,s[12]=o>>>21&255,s[13]=o>>>13&255,s[14]=o>>>5&255,s[15]=o<<3&255,a.mac(fe.MAC.GCM,fe.HEAP_DATA,16),a.get_iv(fe.HEAP_DATA),a.set_iv(0,0,0,0),c.set(s.subarray(0,16))):(c.set(t),c[15]=1);const h=new DataView(c.buffer);if(this.gamma0=h.getUint32(12),a.set_nonce(h.getUint32(0),h.getUint32(4),h.getUint32(8),0),a.set_mask(0,0,0,4294967295),void 0!==r){if(r.length>Un)throw new ve("illegal adata length");r.length?(this.adata=r,this._gcm_mac_process(r)):this.adata=void 0}else this.adata=void 0;if(this.counter<1||this.counter>4294967295)throw new RangeError("counter must be a positive 32-bit integer");a.set_counter(0,0,0,this.gamma0+this.counter|0)}static encrypt(e,t,r,n,i){return new Dn(t,r,n,i).encrypt(e)}static decrypt(e,t,r,n,i){return new Dn(t,r,n,i).decrypt(e)}encrypt(e){return this.AES_GCM_encrypt(e)}decrypt(e){return this.AES_GCM_decrypt(e)}AES_GCM_Encrypt_process(e){let t=0,r=e.length||0,{asm:n,heap:i}=this.aes.acquire_asm(),a=this.counter,s=this.aes.pos,o=this.aes.len,c=0,h=o+r&-16,u=0;if((a-1<<4)+o+r>Un)throw new RangeError("counter overflow");const l=new Uint8Array(h);for(;r>0;)u=we(i,s+o,e,t,r),o+=u,t+=u,r-=u,u=n.cipher(fe.ENC.CTR,fe.HEAP_DATA+s,o),u=n.mac(fe.MAC.GCM,fe.HEAP_DATA+s,u),u&&l.set(i.subarray(s,s+u),c),a+=u>>>4,c+=u,u>>29,t[4]=h>>>21,t[5]=h>>>13&255,t[6]=h>>>5&255,t[7]=h<<3&255,t[8]=t[9]=t[10]=0,t[11]=u>>>29,t[12]=u>>>21&255,t[13]=u>>>13&255,t[14]=u>>>5&255,t[15]=u<<3&255,e.mac(fe.MAC.GCM,fe.HEAP_DATA,16),e.get_iv(fe.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(fe.ENC.CTR,fe.HEAP_DATA,16),o.set(t.subarray(0,n),s),this.counter=1,this.aes.pos=0,this.aes.len=0,o}AES_GCM_Decrypt_process(e){let t=0,r=e.length||0,{asm:n,heap:i}=this.aes.acquire_asm(),a=this.counter,s=this.tagSize,o=this.aes.pos,c=this.aes.len,h=0,u=c+r>s?c+r-s&-16:0,l=c+r-u,y=0;if((a-1<<4)+c+r>Un)throw new RangeError("counter overflow");const d=new Uint8Array(u);for(;r>l;)y=we(i,o+c,e,t,r-l),c+=y,t+=y,r-=y,y=n.mac(fe.MAC.GCM,fe.HEAP_DATA+o,y),y=n.cipher(fe.DEC.CTR,fe.HEAP_DATA+o,y),y&&d.set(i.subarray(o,o+y),h),a+=y>>>4,h+=y,o=0,c=0;return r>0&&(c+=we(i,0,e,t,r)),this.counter=a,this.aes.pos=o,this.aes.len=c,d}AES_GCM_Decrypt_finish(){let{asm:e,heap:t}=this.aes.acquire_asm(),r=this.tagSize,n=this.adata,i=this.counter,a=this.aes.pos,s=this.aes.len,o=s-r;if(s>>29,t[4]=l>>>21,t[5]=l>>>13&255,t[6]=l>>>5&255,t[7]=l<<3&255,t[8]=t[9]=t[10]=0,t[11]=y>>>29,t[12]=y>>>21&255,t[13]=y>>>13&255,t[14]=y>>>5&255,t[15]=y<<3&255,e.mac(fe.MAC.GCM,fe.HEAP_DATA,16),e.get_iv(fe.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(fe.ENC.CTR,fe.HEAP_DATA,16);let d=0;for(let e=0;e0;){for(a=we(r,0,e,n,i),n+=a,i-=a;15&a;)r[a++]=0;t.mac(fe.MAC.GCM,fe.HEAP_DATA,a)}}}const Cn=X.getWebCrypto(),In=X.getNodeCrypto(),Tn=X.getNodeBuffer(),Bn=16,zn="AES-GCM";async function Rn(e,t){if(e!==$.symmetric.aes128&&e!==$.symmetric.aes192&&e!==$.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(X.getNodeCrypto())return{encrypt:async function(e,r,n=new Uint8Array){const i=new In.createCipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n);const a=Tn.concat([i.update(e),i.final(),i.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,n=new Uint8Array){const i=new In.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n),i.setAuthTag(e.slice(e.length-Bn,e.length));const a=Tn.concat([i.update(e.slice(0,e.length-Bn)),i.final()]);return new Uint8Array(a)}};if(X.getWebCrypto()&&24!==t.length){const e=await Cn.importKey("raw",t,{name:zn},!1,["encrypt","decrypt"]);return{encrypt:async function(r,n,i=new Uint8Array){if(!r.length)return Dn.encrypt(r,t,n,i);const a=await Cn.encrypt({name:zn,iv:n,additionalData:i,tagLength:8*Bn},e,r);return new Uint8Array(a)},decrypt:async function(r,n,i=new Uint8Array){if(r.length===Bn)return Dn.decrypt(r,t,n,i);const a=await Cn.decrypt({name:zn,iv:n,additionalData:i,tagLength:8*Bn},e,r);return new Uint8Array(a)}}}return{encrypt:async function(e,r,n){return Dn.encrypt(e,t,r,n)},decrypt:async function(e,r,n){return Dn.decrypt(e,t,r,n)}}}Rn.getNonce=function(e,t){const r=e.slice();for(let e=0;e>>8)-1}(e,t,r,n,32)}function d(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function p(e){var t,r,n=1;for(t=0;t<16;t++)r=e[t]+n+65535,n=Math.floor(r/65536),e[t]=r-65536*n;e[0]+=n-1+37*(n-1)}function f(e,t,r){for(var n,i=~(r-1),a=0;a<16;a++)n=i&(e[a]^t[a]),e[a]^=n,t[a]^=n}function g(e,r){var n,i,a,s=t(),o=t();for(n=0;n<16;n++)o[n]=r[n];for(p(o),p(o),p(o),i=0;i<2;i++){for(s[0]=o[0]-65517,n=1;n<15;n++)s[n]=o[n]-65535-(s[n-1]>>16&1),s[n-1]&=65535;s[15]=o[15]-32767-(s[14]>>16&1),a=s[15]>>16&1,s[14]&=65535,f(o,s,1-a)}for(n=0;n<16;n++)e[2*n]=255&o[n],e[2*n+1]=o[n]>>8}function m(e,t){var r=new Uint8Array(32),n=new Uint8Array(32);return g(r,e),g(n,t),y(r,0,n,0)}function w(e){var t=new Uint8Array(32);return g(t,e),1&t[0]}function b(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function k(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]+r[n]}function v(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]-r[n]}function A(e,t,r){var n,i,a=0,s=0,o=0,c=0,h=0,u=0,l=0,y=0,d=0,p=0,f=0,g=0,m=0,w=0,b=0,k=0,v=0,A=0,_=0,E=0,S=0,K=0,x=0,P=0,U=0,D=0,C=0,I=0,T=0,B=0,z=0,R=r[0],M=r[1],L=r[2],N=r[3],O=r[4],F=r[5],H=r[6],j=r[7],q=r[8],G=r[9],V=r[10],W=r[11],$=r[12],Z=r[13],X=r[14],Q=r[15];a+=(n=t[0])*R,s+=n*M,o+=n*L,c+=n*N,h+=n*O,u+=n*F,l+=n*H,y+=n*j,d+=n*q,p+=n*G,f+=n*V,g+=n*W,m+=n*$,w+=n*Z,b+=n*X,k+=n*Q,s+=(n=t[1])*R,o+=n*M,c+=n*L,h+=n*N,u+=n*O,l+=n*F,y+=n*H,d+=n*j,p+=n*q,f+=n*G,g+=n*V,m+=n*W,w+=n*$,b+=n*Z,k+=n*X,v+=n*Q,o+=(n=t[2])*R,c+=n*M,h+=n*L,u+=n*N,l+=n*O,y+=n*F,d+=n*H,p+=n*j,f+=n*q,g+=n*G,m+=n*V,w+=n*W,b+=n*$,k+=n*Z,v+=n*X,A+=n*Q,c+=(n=t[3])*R,h+=n*M,u+=n*L,l+=n*N,y+=n*O,d+=n*F,p+=n*H,f+=n*j,g+=n*q,m+=n*G,w+=n*V,b+=n*W,k+=n*$,v+=n*Z,A+=n*X,_+=n*Q,h+=(n=t[4])*R,u+=n*M,l+=n*L,y+=n*N,d+=n*O,p+=n*F,f+=n*H,g+=n*j,m+=n*q,w+=n*G,b+=n*V,k+=n*W,v+=n*$,A+=n*Z,_+=n*X,E+=n*Q,u+=(n=t[5])*R,l+=n*M,y+=n*L,d+=n*N,p+=n*O,f+=n*F,g+=n*H,m+=n*j,w+=n*q,b+=n*G,k+=n*V,v+=n*W,A+=n*$,_+=n*Z,E+=n*X,S+=n*Q,l+=(n=t[6])*R,y+=n*M,d+=n*L,p+=n*N,f+=n*O,g+=n*F,m+=n*H,w+=n*j,b+=n*q,k+=n*G,v+=n*V,A+=n*W,_+=n*$,E+=n*Z,S+=n*X,K+=n*Q,y+=(n=t[7])*R,d+=n*M,p+=n*L,f+=n*N,g+=n*O,m+=n*F,w+=n*H,b+=n*j,k+=n*q,v+=n*G,A+=n*V,_+=n*W,E+=n*$,S+=n*Z,K+=n*X,x+=n*Q,d+=(n=t[8])*R,p+=n*M,f+=n*L,g+=n*N,m+=n*O,w+=n*F,b+=n*H,k+=n*j,v+=n*q,A+=n*G,_+=n*V,E+=n*W,S+=n*$,K+=n*Z,x+=n*X,P+=n*Q,p+=(n=t[9])*R,f+=n*M,g+=n*L,m+=n*N,w+=n*O,b+=n*F,k+=n*H,v+=n*j,A+=n*q,_+=n*G,E+=n*V,S+=n*W,K+=n*$,x+=n*Z,P+=n*X,U+=n*Q,f+=(n=t[10])*R,g+=n*M,m+=n*L,w+=n*N,b+=n*O,k+=n*F,v+=n*H,A+=n*j,_+=n*q,E+=n*G,S+=n*V,K+=n*W,x+=n*$,P+=n*Z,U+=n*X,D+=n*Q,g+=(n=t[11])*R,m+=n*M,w+=n*L,b+=n*N,k+=n*O,v+=n*F,A+=n*H,_+=n*j,E+=n*q,S+=n*G,K+=n*V,x+=n*W,P+=n*$,U+=n*Z,D+=n*X,C+=n*Q,m+=(n=t[12])*R,w+=n*M,b+=n*L,k+=n*N,v+=n*O,A+=n*F,_+=n*H,E+=n*j,S+=n*q,K+=n*G,x+=n*V,P+=n*W,U+=n*$,D+=n*Z,C+=n*X,I+=n*Q,w+=(n=t[13])*R,b+=n*M,k+=n*L,v+=n*N,A+=n*O,_+=n*F,E+=n*H,S+=n*j,K+=n*q,x+=n*G,P+=n*V,U+=n*W,D+=n*$,C+=n*Z,I+=n*X,T+=n*Q,b+=(n=t[14])*R,k+=n*M,v+=n*L,A+=n*N,_+=n*O,E+=n*F,S+=n*H,K+=n*j,x+=n*q,P+=n*G,U+=n*V,D+=n*W,C+=n*$,I+=n*Z,T+=n*X,B+=n*Q,k+=(n=t[15])*R,s+=38*(A+=n*L),o+=38*(_+=n*N),c+=38*(E+=n*O),h+=38*(S+=n*F),u+=38*(K+=n*H),l+=38*(x+=n*j),y+=38*(P+=n*q),d+=38*(U+=n*G),p+=38*(D+=n*V),f+=38*(C+=n*W),g+=38*(I+=n*$),m+=38*(T+=n*Z),w+=38*(B+=n*X),b+=38*(z+=n*Q),a=(n=(a+=38*(v+=n*M))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),s=(n=s+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),k=(n=k+i+65535)-65536*(i=Math.floor(n/65536)),a=(n=(a+=i-1+37*(i-1))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),s=(n=s+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),k=(n=k+i+65535)-65536*(i=Math.floor(n/65536)),a+=i-1+37*(i-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=h,e[5]=u,e[6]=l,e[7]=y,e[8]=d,e[9]=p,e[10]=f,e[11]=g,e[12]=m,e[13]=w,e[14]=b,e[15]=k}function _(e,t){A(e,t,t)}function E(e,r){var n,i=t();for(n=0;n<16;n++)i[n]=r[n];for(n=253;n>=0;n--)_(i,i),2!==n&&4!==n&&A(i,i,r);for(n=0;n<16;n++)e[n]=i[n]}function S(e,r,n){var i,a,o=new Uint8Array(32),c=new Float64Array(80),h=t(),u=t(),l=t(),y=t(),d=t(),p=t();for(a=0;a<31;a++)o[a]=r[a];for(o[31]=127&r[31]|64,o[0]&=248,b(c,n),a=0;a<16;a++)u[a]=c[a],y[a]=h[a]=l[a]=0;for(h[0]=y[0]=1,a=254;a>=0;--a)f(h,u,i=o[a>>>3]>>>(7&a)&1),f(l,y,i),k(d,h,l),v(h,h,l),k(l,u,y),v(u,u,y),_(y,d),_(p,h),A(h,l,h),A(l,u,d),k(d,h,l),v(h,h,l),_(u,h),v(l,y,p),A(h,l,s),k(h,h,y),A(l,l,h),A(h,y,p),A(y,u,c),_(u,d),f(h,u,i),f(l,y,i);for(a=0;a<16;a++)c[a+16]=h[a],c[a+32]=l[a],c[a+48]=u[a],c[a+64]=y[a];var m=c.subarray(32),w=c.subarray(16);return E(m,m),A(w,w,m),g(e,w),0}function K(e,t){return S(e,t,n)}function x(e,r){var n=t(),i=t(),a=t(),s=t(),o=t(),h=t(),u=t(),l=t(),y=t();v(n,e[1],e[0]),v(y,r[1],r[0]),A(n,n,y),k(i,e[0],e[1]),k(y,r[0],r[1]),A(i,i,y),A(a,e[3],r[3]),A(a,a,c),A(s,e[2],r[2]),k(s,s,s),v(o,i,n),v(h,s,a),k(u,s,a),k(l,i,n),A(e[0],o,h),A(e[1],l,u),A(e[2],u,h),A(e[3],o,l)}function P(e,t,r){var n;for(n=0;n<4;n++)f(e[n],t[n],r)}function U(e,r){var n=t(),i=t(),a=t();E(a,r[2]),A(n,r[0],a),A(i,r[1],a),g(e,i),e[31]^=w(n)<<7}function D(e,t,r){var n,s;for(d(e[0],i),d(e[1],a),d(e[2],a),d(e[3],i),s=255;s>=0;--s)P(e,t,n=r[s/8|0]>>(7&s)&1),x(t,e),x(e,e),P(e,t,n)}function C(e,r){var n=[t(),t(),t(),t()];d(n[0],h),d(n[1],u),d(n[2],a),A(n[3],h,u),D(e,n,r)}function I(n,i,a){var s,o,c=[t(),t(),t(),t()];for(a||r(i,32),(s=e.hash(i.subarray(0,32)))[0]&=248,s[31]&=127,s[31]|=64,C(c,s),U(n,c),o=0;o<32;o++)i[o+32]=n[o];return 0}var T=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function B(e,t){var r,n,i,a;for(n=63;n>=32;--n){for(r=0,i=n-32,a=n-12;i>4)*T[i],r=t[i]>>8,t[i]&=255;for(i=0;i<32;i++)t[i]-=r*T[i];for(n=0;n<32;n++)t[n+1]+=t[n]>>8,e[n]=255&t[n]}function z(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;B(e,r)}function R(e,r){var n=t(),s=t(),c=t(),h=t(),u=t(),y=t(),p=t();return d(e[2],a),b(e[1],r),_(c,e[1]),A(h,c,o),v(c,c,e[2]),k(h,e[2],h),_(u,h),_(y,u),A(p,y,u),A(n,p,c),A(n,n,h),function(e,r){var n,i=t();for(n=0;n<16;n++)i[n]=r[n];for(n=250;n>=0;n--)_(i,i),1!==n&&A(i,i,r);for(n=0;n<16;n++)e[n]=i[n]}(n,n),A(n,n,c),A(n,n,h),A(n,n,h),A(e[0],n,h),_(s,e[0]),A(s,s,h),m(s,c)&&A(e[0],e[0],l),_(s,e[0]),A(s,s,h),m(s,c)?-1:(w(e[0])===r[31]>>7&&v(e[0],i,e[0]),A(e[3],e[0],e[1]),0)}var M=64;function L(){for(var e=0;e=0},e.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return I(e,t),{publicKey:e,secretKey:t}},e.sign.keyPair.fromSecretKey=function(e){if(L(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;re&&(c.imod(a.leftShift(i)).iadd(a),h=c.mod(s).toNumber())}while(!await qn(c,t,r));return c}async function qn(e,t,r){return!(t&&!e.dec().gcd(t).isOne())&&(!!await async function(e){const t=await X.getBigInteger();return Gn.every((r=>0!==e.mod(new t(r))))}(e)&&(!!await async function(e,t){const r=await X.getBigInteger();return t=t||new r(2),t.modExp(e.dec(),e).isOne()}(e)&&!!await async function(e,t,r){const n=await X.getBigInteger(),i=e.bitLength();t||(t=Math.max(1,i/48|0));const a=e.dec();let s=0;for(;!a.getBit(s);)s++;const o=e.rightShift(new n(s));for(;t>0;t--){let t,i=(r?r():await Fn(new n(2),a)).modExp(o,e);if(!i.isOne()&&!i.equal(a)){for(t=1;tt-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!n;if(t)return X.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}async function Zn(e,t,r){let n;if(t.length!==Gr.getHashByteLength(e))throw Error("Invalid hash length");const i=new Uint8Array(Vn[e].length);for(n=0;n{Yn.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(ei.decode(i,"der"))}))}));return{n:n.modulus.toArrayLike(Uint8Array),e:n.publicExponent.toArrayLike(Uint8Array),d:n.privateExponent.toArrayLike(Uint8Array),p:n.prime2.toArrayLike(Uint8Array),q:n.prime1.toArrayLike(Uint8Array),u:n.coefficient.toArrayLike(Uint8Array)}}let r,n,i;do{n=await jn(e-(e>>1),t,40),r=await jn(e>>1,t,40),i=r.mul(n)}while(i.bitLength()!==e);const a=r.dec().imul(n.dec());return n.lt(r)&&([r,n]=[n,r]),{n:i.toUint8Array(),e:t.toUint8Array(),d:t.modInv(a).toUint8Array(),p:r.toUint8Array(),q:n.toUint8Array(),u:r.modInv(n).toUint8Array()}},validateParams:async function(e,t,r,n,i,a){const s=await X.getBigInteger();if(e=new s(e),n=new s(n),i=new s(i),!n.mul(i).equal(e))return!1;const o=new s(2);if(a=new s(a),!n.mul(a).mod(i).isOne())return!1;t=new s(t),r=new s(r);const c=new s(Math.floor(e.bitLength()/3)),h=await Fn(o,o.leftShift(c)),u=h.mul(r).mul(t);return!(!u.mod(n.dec()).equal(h)||!u.mod(i.dec()).equal(h))}});var ni=/*#__PURE__*/Object.freeze({__proto__:null,encrypt:async function(e,t,r,n){const i=await X.getBigInteger();t=new i(t),r=new i(r),n=new i(n);const a=new i(Wn(e,t.byteLength())),s=await Fn(new i(1),t.dec());return{c1:r.modExp(s,t).toUint8Array(),c2:n.modExp(s,t).imul(a).imod(t).toUint8Array()}},decrypt:async function(e,t,r,n,i){const a=await X.getBigInteger();return e=new a(e),t=new a(t),r=new a(r),n=new a(n),$n(e.modExp(n,r).modInv(r).imul(t).imod(r).toUint8Array("be",r.byteLength()),i)},validateParams:async function(e,t,r,n){const i=await X.getBigInteger();e=new i(e),t=new i(t),r=new i(r);const a=new i(1);if(t.lte(a)||t.gte(e))return!1;const s=new i(e.bitLength()),o=new i(1023);if(s.lt(o))return!1;if(!t.modExp(e.dec(),e).isOne())return!1;let c=t;const h=new i(1),u=new i(2).leftShift(new i(17));for(;h.lt(u);){if(c=c.mul(t).imod(e),c.isOne())return!1;h.iinc()}n=new i(n);const l=new i(2),y=await Fn(l.leftShift(s.dec()),l.leftShift(s)),d=e.dec().imul(y).iadd(n);return!!r.equal(t.modExp(d,e))}});class ii{constructor(e){if(e instanceof ii)this.oid=e.oid;else if(X.isArray(e)||X.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return X.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return X.uint8ArrayToHex(this.oid)}getName(){const e=this.toHex();if($.curve[e])return $.write($.curve,e);throw Error("Unknown curve object identifier.")}}function ai(e,t){return e.keyPair({priv:t})}function si(e,t){const r=e.keyPair({pub:t});if(!0!==r.validate().result)throw Error("Invalid elliptic public key");return r}async function oi(e){if(!ie.useIndutnyElliptic)throw Error("This curve is only supported in the full build of OpenPGP.js");const{default:t}=await import("./elliptic.min.mjs");return new t.ec(e)}function ci(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=X.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function hi(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):X.concatUint8Array([new Uint8Array([255]),X.writeNumber(e,4)])}function ui(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function li(e){return new Uint8Array([192|e])}function yi(e,t){return X.concatUint8Array([li(e),hi(t)])}function di(e){return[$.packet.literalData,$.packet.compressedData,$.packet.symmetricallyEncryptedData,$.packet.symEncryptedIntegrityProtectedData,$.packet.aeadEncryptedData].includes(e)}async function pi(e,t){const r=D(e);let n,i;try{const s=await r.peekBytes(2);if(!s||s.length<2||0==(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const o=await r.readByte();let c,h,u=-1,l=-1;l=0,0!=(64&o)&&(l=1),l?u=63&o:(u=(63&o)>>2,h=3&o);const y=di(u);let d,p=null;if(y){if("array"===X.isStream(e)){const e=new a;n=C(e),p=e}else{const e=new E;n=C(e.writable),p=e.readable}i=t({tag:u,packet:p})}else p=[];do{if(l){const e=await r.readByte();if(d=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),d=!0,!y)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(h){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){n&&await n.ready;const{done:t,value:i}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const a=c===1/0?i:i.subarray(0,c-e);if(n?await n.write(a):p.push(a),e+=i.length,e>=c){r.unshift(i.subarray(c-e+i.length));break}}}}while(d);const f=await r.peekBytes(y?1/0:2);return n?(await n.ready,await n.close()):(p=X.concatUint8Array(p),await t({tag:u,packet:p})),!f||!f.length}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i,r.releaseLock()}}class fi extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,fi),this.name="UnsupportedError"}}class gi{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}const mi=X.getWebCrypto(),wi=X.getNodeCrypto(),bi={p256:"P-256",p384:"P-384",p521:"P-521"},ki=wi?wi.getCurves():[],vi=wi?{secp256k1:ki.includes("secp256k1")?"secp256k1":void 0,p256:ki.includes("prime256v1")?"prime256v1":void 0,p384:ki.includes("secp384r1")?"secp384r1":void 0,p521:ki.includes("secp521r1")?"secp521r1":void 0,ed25519:ki.includes("ED25519")?"ED25519":void 0,curve25519:ki.includes("X25519")?"X25519":void 0,brainpoolP256r1:ki.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,brainpoolP384r1:ki.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,brainpoolP512r1:ki.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Ai={p256:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:vi.p256,web:bi.p256,payloadSize:32,sharedSize:256},p384:{oid:[6,5,43,129,4,0,34],keyType:$.publicKey.ecdsa,hash:$.hash.sha384,cipher:$.symmetric.aes192,node:vi.p384,web:bi.p384,payloadSize:48,sharedSize:384},p521:{oid:[6,5,43,129,4,0,35],keyType:$.publicKey.ecdsa,hash:$.hash.sha512,cipher:$.symmetric.aes256,node:vi.p521,web:bi.p521,payloadSize:66,sharedSize:528},secp256k1:{oid:[6,5,43,129,4,0,10],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:vi.secp256k1,payloadSize:32},ed25519:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:$.publicKey.eddsaLegacy,hash:$.hash.sha512,node:!1,payloadSize:32},curve25519:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:$.publicKey.ecdh,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:!1,payloadSize:32},brainpoolP256r1:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:vi.brainpoolP256r1,payloadSize:32},brainpoolP384r1:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:$.publicKey.ecdsa,hash:$.hash.sha384,cipher:$.symmetric.aes192,node:vi.brainpoolP384r1,payloadSize:48},brainpoolP512r1:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:$.publicKey.ecdsa,hash:$.hash.sha512,cipher:$.symmetric.aes256,node:vi.brainpoolP512r1,payloadSize:64}};class _i{constructor(e,t){try{(X.isArray(e)||X.isUint8Array(e))&&(e=new ii(e)),e instanceof ii&&(e=e.getName()),this.name=$.write($.curve,e)}catch(e){throw new fi("Unknown curve")}t=t||Ai[this.name],this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node&&Ai[this.name],this.web=t.web&&Ai[this.name],this.payloadSize=t.payloadSize,this.web&&X.getWebCrypto()?this.type="web":this.node&&X.getNodeCrypto()?this.type="node":"curve25519"===this.name?this.type="curve25519":"ed25519"===this.name&&(this.type="ed25519")}async genKeyPair(){let e;switch(this.type){case"web":try{return await async function(e){const t=await mi.generateKey({name:"ECDSA",namedCurve:bi[e]},!0,["sign","verify"]),r=await mi.exportKey("jwk",t.privateKey),n=await mi.exportKey("jwk",t.publicKey);return{publicKey:Si(n),privateKey:re(r.d)}}(this.name)}catch(e){X.printDebugError("Browser did not support generating ec key "+e.message);break}case"node":return async function(e){const t=wi.createECDH(vi[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519":{const t=On(32);t[0]=127&t[0]|64,t[31]&=248;const r=t.slice().reverse();e=Ln.box.keyPair.fromSecretKey(r);return{publicKey:X.concatUint8Array([new Uint8Array([64]),e.publicKey]),privateKey:t}}case"ed25519":{const e=On(32),t=Ln.sign.keyPair.fromSeed(e);return{publicKey:X.concatUint8Array([new Uint8Array([64]),t.publicKey]),privateKey:e}}}const t=await oi(this.name);return e=await t.genKeyPair({entropy:X.uint8ArrayToString(On(32))}),{publicKey:new Uint8Array(e.getPublic("array",!1)),privateKey:e.getPrivate().toArrayLike(Uint8Array)}}}async function Ei(e,t,r,n){const i={p256:!0,p384:!0,p521:!0,secp256k1:!0,curve25519:e===$.publicKey.ecdh,brainpoolP256r1:!0,brainpoolP384r1:!0,brainpoolP512r1:!0},a=t.getName();if(!i[a])return!1;if("curve25519"===a){n=n.slice().reverse();const{publicKey:e}=Ln.box.keyPair.fromSecretKey(n);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!X.equalsUint8Array(t,r)}const s=await oi(a);try{r=si(s,r).getPublic()}catch(e){return!1}return!!ai(s,n).getPublic().eq(r)}function Si(e){const t=re(e.x),r=re(e.y),n=new Uint8Array(t.length+r.length+1);return n[0]=4,n.set(t,1),n.set(r,t.length+1),n}function Ki(e,t,r){const n=e,i=r.slice(1,n+1),a=r.slice(n+1,2*n+1);return{kty:"EC",crv:t,x:ne(i,!0),y:ne(a,!0),ext:!0}}function xi(e,t,r,n){const i=Ki(e,t,r);return i.d=ne(n,!0),i}const Pi=X.getWebCrypto(),Ui=X.getNodeCrypto();async function Di(e,t,r,n,i,a){const s=new _i(e);if(r&&!X.isStream(r)){const e={publicKey:n,privateKey:i};switch(s.type){case"web":try{return await async function(e,t,r,n){const i=e.payloadSize,a=xi(e.payloadSize,bi[e.name],n.publicKey,n.privateKey),s=await Pi.importKey("jwk",a,{name:"ECDSA",namedCurve:bi[e.name],hash:{name:$.read($.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Pi.sign({name:"ECDSA",namedCurve:bi[e.name],hash:{name:$.read($.webHash,t)}},s,r));return{r:o.slice(0,i),s:o.slice(i,i<<1)}}(s,t,r,e)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;X.printDebugError("Browser did not support signing: "+e.message)}break;case"node":{const n=await async function(e,t,r,n){const i=Ui.createSign($.read($.hash,t));i.write(r),i.end();const a=Bi.encode({version:1,parameters:e.oid,privateKey:Array.from(n.privateKey),publicKey:{unused:0,data:Array.from(n.publicKey)}},"pem",{label:"EC PRIVATE KEY"});return Ti.decode(i.sign(a),"der")}(s,t,r,e);return{r:n.r.toArrayLike(Uint8Array),s:n.s.toArrayLike(Uint8Array)}}}}return async function(e,t,r){const n=await oi(e.name),i=ai(n,r),a=i.sign(t);return{r:a.r.toArrayLike(Uint8Array),s:a.s.toArrayLike(Uint8Array)}}(s,a,i)}async function Ci(e,t,r,n,i,a){const s=new _i(e);if(n&&!X.isStream(n))switch(s.type){case"web":try{return await async function(e,t,{r,s:n},i,a){const s=Ki(e.payloadSize,bi[e.name],a),o=await Pi.importKey("jwk",s,{name:"ECDSA",namedCurve:bi[e.name],hash:{name:$.read($.webHash,e.hash)}},!1,["verify"]),c=X.concatUint8Array([r,n]).buffer;return Pi.verify({name:"ECDSA",namedCurve:bi[e.name],hash:{name:$.read($.webHash,t)}},o,c,i)}(s,t,r,n,i)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;X.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":return async function(e,t,{r,s:n},i,a){const{default:s}=await import("./bn.min.mjs"),o=Ui.createVerify($.read($.hash,t));o.write(i),o.end();const c=Ri.encode({algorithm:{algorithm:[1,2,840,10045,2,1],parameters:e.oid},subjectPublicKey:{unused:0,data:Array.from(a)}},"pem",{label:"PUBLIC KEY"}),h=Ti.encode({r:new s(r),s:new s(n)},"der");try{return o.verify(c,h)}catch(e){return!1}}(s,t,r,n,i)}return async function(e,t,r,n){const i=await oi(e.name),a=si(i,n);return a.verify(r,t)}(s,r,void 0===t?n:a,i)}const Ii=void 0,Ti=Ui?Ii.define("ECDSASignature",(function(){this.seq().obj(this.key("r").int(),this.key("s").int())})):void 0,Bi=Ui?Ii.define("ECPrivateKey",(function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").explicit(0).optional().any(),this.key("publicKey").explicit(1).optional().bitstr())})):void 0,zi=Ui?Ii.define("AlgorithmIdentifier",(function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional().any())})):void 0,Ri=Ui?Ii.define("SubjectPublicKeyInfo",(function(){this.seq().obj(this.key("algorithm").use(zi),this.key("subjectPublicKey").bitstr())})):void 0;var Mi=/*#__PURE__*/Object.freeze({__proto__:null,sign:Di,verify:Ci,validateParams:async function(e,t,r){const n=new _i(e);if(n.keyType!==$.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=On(8),i=$.hash.sha256,a=await Gr.digest(i,n);try{const s=await Di(e,i,n,t,r,a);return await Ci(e,i,s,n,t,a)}catch(e){return!1}}default:return Ei($.publicKey.ecdsa,e,t,r)}}});Ln.hash=e=>new Uint8Array(Yt().update(e).digest());var Li=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,a){if(Gr.getHashByteLength(t)new Uint8Array(Yt().update(e).digest());var Oi=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===$.publicKey.ed25519){const e=On(32),{publicKey:t}=Ln.sign.keyPair.fromSeed(e);return{A:t,seed:e}}throw Error("Unsupported EdDSA algorithm")},sign:async function(e,t,r,n,i,a){if(Gr.getHashByteLength(t)=0;--e)for(let t=o-1;t>=0;--t)c[1]=o*e+(t+1),h[0]=a[0]^c[0],h[1]=a[1]^c[1],h[2]=s[2*t],h[3]=s[2*t+1],h=ji(r.decrypt(qi(h))),a=h.subarray(0,2),s[2*t]=h[2],s[2*t+1]=h[3];if(a[0]===n[0]&&a[1]===n[1])return qi(s);throw Error("Key Data Integrity failed")}function ji(e){const{length:t}=e,r=function(e){if(X.isString(e)){const{length:t}=e,r=new ArrayBuffer(t),n=new Uint8Array(r);for(let r=0;r0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(X.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var $i=/*#__PURE__*/Object.freeze({__proto__:null,encode:Vi,decode:Wi});const Zi=X.getWebCrypto(),Xi=X.getNodeCrypto();function Qi(e,t,r,n){return X.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),X.stringToUint8Array("Anonymous Sender "),n.subarray(0,20)])}async function Yi(e,t,r,n,i=!1,a=!1){let s;if(i){for(s=0;s=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Gr.digest(e,X.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function Ji(e,t){switch(e.type){case"curve25519":{const r=On(32),{secretKey:n,sharedKey:i}=await ea(e,t,null,r);let{publicKey:a}=Ln.box.keyPair.fromSecretKey(n);return a=X.concatUint8Array([new Uint8Array([64]),a]),{publicKey:a,sharedKey:i}}case"web":if(e.web&&X.getWebCrypto())try{return await async function(e,t){const r=Ki(e.payloadSize,e.web.web,t);let n=Zi.generateKey({name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]),i=Zi.importKey("jwk",r,{name:"ECDH",namedCurve:e.web.web},!1,[]);[n,i]=await Promise.all([n,i]);let a=Zi.deriveBits({name:"ECDH",namedCurve:e.web.web,public:i},n.privateKey,e.web.sharedSize),s=Zi.exportKey("jwk",n.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(Si(s));return{publicKey:c,sharedKey:o}}(e,t)}catch(e){X.printDebugError(e)}break;case"node":return async function(e,t){const r=Xi.createECDH(e.node.node);r.generateKeys();const n=new Uint8Array(r.computeSecret(t)),i=new Uint8Array(r.getPublicKey());return{publicKey:i,sharedKey:n}}(e,t)}return async function(e,t){const r=await oi(e.name),n=await e.genKeyPair();t=si(r,t);const i=ai(r,n.privateKey),a=n.publicKey,s=i.derive(t.getPublic()),o=r.curve.p.byteLength(),c=s.toArrayLike(Uint8Array,"be",o);return{publicKey:a,sharedKey:c}}(e,t)}async function ea(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519":{const e=n.slice().reverse();return{secretKey:e,sharedKey:Ln.scalarMult(e,t.subarray(1))}}case"web":if(e.web&&X.getWebCrypto())try{return await async function(e,t,r,n){const i=xi(e.payloadSize,e.web.web,r,n);let a=Zi.importKey("jwk",i,{name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]);const s=Ki(e.payloadSize,e.web.web,t);let o=Zi.importKey("jwk",s,{name:"ECDH",namedCurve:e.web.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=Zi.deriveBits({name:"ECDH",namedCurve:e.web.web,public:o},a,e.web.sharedSize),h=Zi.exportKey("jwk",a);[c,h]=await Promise.all([c,h]);const u=new Uint8Array(c);return{secretKey:re(h.d),sharedKey:u}}(e,t,r,n)}catch(e){X.printDebugError(e)}break;case"node":return async function(e,t,r){const n=Xi.createECDH(e.node.node);n.setPrivateKey(r);const i=new Uint8Array(n.computeSecret(t));return{secretKey:new Uint8Array(n.getPrivateKey()),sharedKey:i}}(e,t,n)}return async function(e,t,r){const n=await oi(e.name);t=si(n,t),r=ai(n,r);const i=new Uint8Array(r.getPrivate()),a=r.derive(t.getPublic()),s=n.curve.p.byteLength(),o=a.toArrayLike(Uint8Array,"be",s);return{secretKey:i,sharedKey:o}}(e,t,n)}var ta=/*#__PURE__*/Object.freeze({__proto__:null,validateParams:async function(e,t,r){return Ei($.publicKey.ecdh,e,t,r)},encrypt:async function(e,t,r,n,i){const a=Vi(r),s=new _i(e),{publicKey:o,sharedKey:c}=await Ji(s,n),h=Qi($.publicKey.ecdh,e,t,i),{keySize:u}=Wr(t.cipher);return{publicKey:o,wrappedKey:Fi(await Yi(t.hash,c,u,h),a)}},decrypt:async function(e,t,r,n,i,a,s){const o=new _i(e),{sharedKey:c}=await ea(o,r,i,a),h=Qi($.publicKey.ecdh,e,t,s),{keySize:u}=Wr(t.cipher);let l;for(let e=0;e<3;e++)try{return Wi(Hi(await Yi(t.hash,c,u,h,1===e,2===e),n))}catch(e){l=e}throw l}});const ra=X.getWebCrypto(),na=X.getNodeCrypto(),ia=na&&na.webcrypto&&na.webcrypto.subtle;async function aa(e,t,r,n,i){const a=$.read($.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");if(ra||ia){const e=ra||ia,s=await e.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await e.deriveBits({name:"HKDF",hash:a,salt:r,info:n},s,8*i);return new Uint8Array(o)}if(na){const a=$.read($.hash,e),s=(e,t)=>na.createHmac(a,e).update(t).digest(),o=s(r,t),c=o.length,h=Math.ceil(i/c),u=new Uint8Array(h*c),l=new Uint8Array(c+n.length+1);l.set(n,c);for(let e=0;e0?l:l.subarray(c));l.set(t,0),u.set(t,e*c)}return u.subarray(0,i)}throw Error("No HKDF implementation available")}const sa={x25519:X.encodeUTF8("OpenPGP X25519")};var oa=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===$.publicKey.x25519){const e=On(32),{publicKey:t}=Ln.box.keyPair.fromSecretKey(e);return{A:t,k:e}}throw Error("Unsupported ECDH algorithm")},validateParams:async function(e,t,r){if(e===$.publicKey.x25519){const{publicKey:e}=Ln.box.keyPair.fromSecretKey(r);return X.equalsUint8Array(t,e)}return!1},encrypt:async function(e,t,r){if(e===$.publicKey.x25519){const e=On(32),n=Ln.scalarMult(e,r),{publicKey:i}=Ln.box.keyPair.fromSecretKey(e),a=X.concatUint8Array([i,r,n]),{keySize:s}=Wr($.symmetric.aes128);return{ephemeralPublicKey:i,wrappedKey:Fi(await aa($.hash.sha256,a,new Uint8Array,sa.x25519,s),t)}}throw Error("Unsupported ECDH algorithm")},decrypt:async function(e,t,r,n,i){if(e===$.publicKey.x25519){const e=Ln.scalarMult(i,t),a=X.concatUint8Array([t,n,e]),{keySize:s}=Wr($.symmetric.aes128);return Hi(await aa($.hash.sha256,a,new Uint8Array,sa.x25519,s),r)}throw Error("Unsupported ECDH algorithm")}}),ca=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:_i,ecdh:ta,ecdhX:oa,ecdsa:Mi,eddsaLegacy:Li,eddsa:Oi,generate:async function(e){const t=await X.getBigInteger();e=new _i(e);const r=await e.genKeyPair(),n=new t(r.publicKey).toUint8Array(),i=new t(r.privateKey).toUint8Array("be",e.payloadSize);return{oid:e.oid,Q:n,secret:i,hash:e.hash,cipher:e.cipher}},getPreferredHashAlgo:function(e){return Ai[$.write($.curve,e.toHex())].hash}});var ha=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,a){const s=await X.getBigInteger(),o=new s(1);let c,h,u,l;n=new s(n),i=new s(i),r=new s(r),a=new s(a),r=r.mod(n),a=a.mod(i);const y=new s(t.subarray(0,i.byteLength())).mod(i);for(;;){if(c=await Fn(o,i),h=r.modExp(c,n).imod(i),h.isZero())continue;const e=a.mul(h).imod(i);if(l=y.add(e).imod(i),u=c.modInv(i).imul(l).imod(i),!u.isZero())break}return{r:h.toUint8Array("be",i.byteLength()),s:u.toUint8Array("be",i.byteLength())}},verify:async function(e,t,r,n,i,a,s,o){const c=await X.getBigInteger(),h=new c(0);if(t=new c(t),r=new c(r),a=new c(a),s=new c(s),i=new c(i),o=new c(o),t.lte(h)||t.gte(s)||r.lte(h)||r.gte(s))return X.printDebug("invalid DSA Signature"),!1;const u=new c(n.subarray(0,s.byteLength())).imod(s),l=r.modInv(s);if(l.isZero())return X.printDebug("invalid DSA Signature"),!1;i=i.mod(a),o=o.mod(a);const y=u.mul(l).imod(s),d=t.mul(l).imod(s),p=i.modExp(y,a),f=o.modExp(d,a);return p.mul(f).imod(a).imod(s).equal(t)},validateParams:async function(e,t,r,n,i){const a=await X.getBigInteger();e=new a(e),t=new a(t),r=new a(r),n=new a(n);const s=new a(1);if(r.lte(s)||r.gte(e))return!1;if(!e.dec().mod(t).isZero())return!1;if(!r.modExp(t,e).isOne())return!1;const o=new a(t.bitLength()),c=new a(150);if(o.lt(c)||!await qn(t,null,32))return!1;i=new a(i);const h=new a(2),u=await Fn(h.leftShift(o.dec()),h.leftShift(o)),l=t.mul(u).add(i);return!!n.equal(r.modExp(l,e))}}),ua={rsa:ri,elgamal:ni,elliptic:ca,dsa:ha,nacl:Ln};var la=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:return{s:X.readMPI(t.subarray(r))};case $.publicKey.dsa:case $.publicKey.ecdsa:{const e=X.readMPI(t.subarray(r));r+=e.length+2;return{r:e,s:X.readMPI(t.subarray(r))}}case $.publicKey.eddsaLegacy:{let e=X.readMPI(t.subarray(r));r+=e.length+2,e=X.leftPad(e,32);let n=X.readMPI(t.subarray(r));return n=X.leftPad(n,32),{r:e,s:n}}case $.publicKey.ed25519:{const e=t.subarray(r,r+64);return r+=e.length,{RS:e}}default:throw new fi("Unknown signature algorithm.")}},verify:async function(e,t,r,n,i,a){switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:{const{n:e,e:s}=n,o=X.leftPad(r.s,e.length);return ua.rsa.verify(t,i,o,e,s,a)}case $.publicKey.dsa:{const{g:e,p:i,q:s,y:o}=n,{r:c,s:h}=r;return ua.dsa.verify(t,c,h,a,e,i,s,o)}case $.publicKey.ecdsa:{const{oid:e,Q:s}=n,o=new ua.elliptic.CurveWithOID(e).payloadSize,c=X.leftPad(r.r,o),h=X.leftPad(r.s,o);return ua.elliptic.ecdsa.verify(e,t,{r:c,s:h},i,s,a)}case $.publicKey.eddsaLegacy:{const{oid:e,Q:s}=n;return ua.elliptic.eddsaLegacy.verify(e,t,r,i,s,a)}case $.publicKey.ed25519:{const{A:s}=n;return ua.elliptic.eddsa.verify(e,t,r,i,s,a)}default:throw Error("Unknown signature algorithm.")}},sign:async function(e,t,r,n,i,a){if(!r||!n)throw Error("Missing key parameters");switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:h,u}=n;return{s:await ua.rsa.sign(t,i,e,s,o,c,h,u,a)}}case $.publicKey.dsa:{const{g:e,p:i,q:s}=r,{x:o}=n;return ua.dsa.sign(t,a,e,i,s,o)}case $.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case $.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=n;return ua.elliptic.ecdsa.sign(e,t,i,s,o,a)}case $.publicKey.eddsaLegacy:{const{oid:e,Q:s}=r,{seed:o}=n;return ua.elliptic.eddsaLegacy.sign(e,t,i,s,o,a)}case $.publicKey.ed25519:{const{A:s}=r,{seed:o}=n;return ua.elliptic.eddsa.sign(e,t,i,s,o,a)}default:throw Error("Unknown signature algorithm.")}}});class ya{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return X.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class da{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new fi("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class pa{static fromObject({wrappedKey:e,algorithm:t}){const r=new pa;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=e.subarray(t,t+r),t+=r}write(){return X.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function fa(e){try{e.getName()}catch(e){throw new fi("Unknown curve OID")}}var ga=/*#__PURE__*/Object.freeze({__proto__:null,publicKeyEncrypt:async function(e,t,r,n,i){switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await ua.rsa.encrypt(n,e,t)}}case $.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return ua.elgamal.encrypt(n,e,t,i)}case $.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:a}=r,{publicKey:s,wrappedKey:o}=await ua.elliptic.ecdh.encrypt(e,a,n,t,i);return{V:s,C:new ya(o)}}case $.publicKey.x25519:{if(!X.isAES(t))throw Error("X25519 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:a,wrappedKey:s}=await ua.elliptic.ecdhX.encrypt(e,n,i);return{ephemeralPublicKey:a,C:pa.fromObject({algorithm:t,wrappedKey:s})}}default:return[]}},publicKeyDecrypt:async function(e,t,r,n,i,a){switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:s}=t,{d:o,p:c,q:h,u}=r;return ua.rsa.decrypt(e,i,s,o,c,h,u,a)}case $.publicKey.elgamal:{const{c1:e,c2:i}=n,s=t.p,o=r.x;return ua.elgamal.decrypt(e,i,s,o,a)}case $.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:h}=n;return ua.elliptic.ecdh.decrypt(e,s,c,h.data,a,o,i)}case $.publicKey.x25519:{const{A:i}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=n;if(!X.isAES(o.algorithm))throw Error("AES session key expected");return ua.elliptic.ecdhX.decrypt(e,s,o.wrappedKey,i,a)}default:throw Error("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const n=X.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case $.publicKey.dsa:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const n=X.readMPI(t.subarray(r));r+=n.length+2;const i=X.readMPI(t.subarray(r));r+=i.length+2;const a=X.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:a}}}case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const n=X.readMPI(t.subarray(r));r+=n.length+2;const i=X.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case $.publicKey.ecdsa:{const e=new ii;r+=e.read(t),fa(e);const n=X.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case $.publicKey.eddsaLegacy:{const e=new ii;r+=e.read(t),fa(e);let n=X.readMPI(t.subarray(r));return r+=n.length+2,n=X.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case $.publicKey.ecdh:{const e=new ii;r+=e.read(t),fa(e);const n=X.readMPI(t.subarray(r));r+=n.length+2;const i=new da;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case $.publicKey.ed25519:case $.publicKey.x25519:{const e=t.subarray(r,r+32);return r+=e.length,{read:r,publicParams:{A:e}}}default:throw new fi("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let n=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const e=X.readMPI(t.subarray(n));n+=e.length+2;const r=X.readMPI(t.subarray(n));n+=r.length+2;const i=X.readMPI(t.subarray(n));n+=i.length+2;const a=X.readMPI(t.subarray(n));return n+=a.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:a}}}case $.publicKey.dsa:case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case $.publicKey.ecdsa:case $.publicKey.ecdh:{const e=new _i(r.oid);let i=X.readMPI(t.subarray(n));return n+=i.length+2,i=X.leftPad(i,e.payloadSize),{read:n,privateParams:{d:i}}}case $.publicKey.eddsaLegacy:{const e=new _i(r.oid);let i=X.readMPI(t.subarray(n));return n+=i.length+2,i=X.leftPad(i,e.payloadSize),{read:n,privateParams:{seed:i}}}case $.publicKey.ed25519:{const e=t.subarray(n,n+32);return n+=e.length,{read:n,privateParams:{seed:e}}}case $.publicKey.x25519:{const e=t.subarray(n,n+32);return n+=e.length,{read:n,privateParams:{k:e}}}default:throw new fi("Unknown public key encryption algorithm.")}},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:return{c:X.readMPI(t.subarray(r))};case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:X.readMPI(t.subarray(r))}}case $.publicKey.ecdh:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const n=new ya;return n.read(t.subarray(r)),{V:e,C:n}}case $.publicKey.x25519:{const e=t.subarray(r,r+32);r+=e.length;const n=new pa;return n.read(t.subarray(r)),{ephemeralPublicKey:e,C:n}}default:throw new fi("Unknown public key encryption algorithm.")}},serializeParams:function(e,t){const r=new Set([$.publicKey.ed25519,$.publicKey.x25519]),n=Object.keys(t).map((n=>{const i=t[n];return X.isUint8Array(i)?r.has(e)?i:X.uint8ArrayToMPI(i):i.write()}));return X.concatUint8Array(n)},generateParams:function(e,t,r){switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:return ua.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:a})=>({privateParams:{d:r,p:n,q:i,u:a},publicParams:{n:e,e:t}})));case $.publicKey.ecdsa:return ua.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new ii(e),Q:t}})));case $.publicKey.eddsaLegacy:return ua.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new ii(e),Q:t}})));case $.publicKey.ecdh:return ua.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new ii(e),Q:t,kdfParams:new da({hash:n,cipher:i})}})));case $.publicKey.ed25519:return ua.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case $.publicKey.x25519:return ua.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case $.publicKey.dsa:case $.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:a,q:s,u:o}=r;return ua.rsa.validateParams(e,n,i,a,s,o)}case $.publicKey.dsa:{const{p:e,q:n,g:i,y:a}=t,{x:s}=r;return ua.dsa.validateParams(e,n,i,a,s)}case $.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:a}=r;return ua.elgamal.validateParams(e,n,i,a)}case $.publicKey.ecdsa:case $.publicKey.ecdh:{const n=ua.elliptic[$.read($.publicKey,e)],{oid:i,Q:a}=t,{d:s}=r;return n.validateParams(i,a,s)}case $.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return ua.elliptic.eddsaLegacy.validateParams(n,e,i)}case $.publicKey.ed25519:{const{A:n}=t,{seed:i}=r;return ua.elliptic.eddsa.validateParams(e,n,i)}case $.publicKey.x25519:{const{A:n}=t,{k:i}=r;return ua.elliptic.ecdhX.validateParams(e,n,i)}default:throw Error("Unknown public key algorithm.")}},getPrefixRandom:async function(e){const{blockSize:t}=Wr(e),r=await On(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return X.concat([r,n])},generateSessionKey:function(e){const{keySize:t}=Wr(e);return On(t)},getAEADMode:function(e){const t=$.read($.aead,e);return Mn[t]},getCipher:Wr,getPreferredCurveHashAlgo:function(e,t){switch(e){case $.publicKey.ecdsa:case $.publicKey.eddsaLegacy:return ua.elliptic.getPreferredHashAlgo(t);case $.publicKey.ed25519:return ua.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}}});const ma={cipher:qe,hash:Gr,mode:Mn,publicKey:ua,signature:la,random:Hn,pkcs1:Xn,pkcs5:$i,aesKW:Gi};Object.assign(ma,ga);var wa="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function ba(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)}const ka={arraySet:function(e,t,r,n,i){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+n),i);else for(let a=0;a=0;)e[t]=0}const Xa=0,Qa=1,Ya=2,Ja=29,es=256,ts=es+1+Ja,rs=30,ns=19,is=2*ts+1,as=15,ss=16,os=7,cs=256,hs=16,us=17,ls=18,ys=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],ds=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],ps=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],fs=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],gs=Array(2*(ts+2));Za(gs);const ms=Array(2*rs);Za(ms);const ws=Array(512);Za(ws);const bs=Array(256);Za(bs);const ks=Array(Ja);Za(ks);const vs=Array(rs);function As(e,t,r,n,i){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=n,this.max_length=i,this.has_stree=e&&e.length}let _s,Es,Ss;function Ks(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function xs(e){return e<256?ws[e]:ws[256+(e>>>7)]}function Ps(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function Us(e,t,r){e.bi_valid>ss-r?(e.bi_buf|=t<>ss-e.bi_valid,e.bi_valid+=r-ss):(e.bi_buf|=t<>>=1,r<<=1}while(--t>0);return r>>>1}function Is(e,t,r){const n=Array(as+1);let i,a,s=0;for(i=1;i<=as;i++)n[i]=s=s+r[i-1]<<1;for(a=0;a<=t;a++){const t=e[2*a+1];0!==t&&(e[2*a]=Cs(n[t]++,t))}}function Ts(e){let t;for(t=0;t8?Ps(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function zs(e,t,r,n){const i=2*t,a=2*r;return e[i]>1;s>=1;s--)Rs(e,r,s);c=a;do{s=e.heap[1],e.heap[1]=e.heap[e.heap_len--],Rs(e,r,1),o=e.heap[1],e.heap[--e.heap_max]=s,e.heap[--e.heap_max]=o,r[2*c]=r[2*s]+r[2*o],e.depth[c]=(e.depth[s]>=e.depth[o]?e.depth[s]:e.depth[o])+1,r[2*s+1]=r[2*o+1]=c,e.heap[1]=c++,Rs(e,r,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){const r=t.dyn_tree,n=t.max_code,i=t.stat_desc.static_tree,a=t.stat_desc.has_stree,s=t.stat_desc.extra_bits,o=t.stat_desc.extra_base,c=t.stat_desc.max_length;let h,u,l,y,d,p,f=0;for(y=0;y<=as;y++)e.bl_count[y]=0;for(r[2*e.heap[e.heap_max]+1]=0,h=e.heap_max+1;hc&&(y=c,f++),r[2*u+1]=y,u>n||(e.bl_count[y]++,d=0,u>=o&&(d=s[u-o]),p=r[2*u],e.opt_len+=p*(y+d),a&&(e.static_len+=p*(i[2*u+1]+d)));if(0!==f){do{for(y=c-1;0===e.bl_count[y];)y--;e.bl_count[y]--,e.bl_count[y+1]+=2,e.bl_count[c]--,f-=2}while(f>0);for(y=c;0!==y;y--)for(u=e.bl_count[y];0!==u;)l=e.heap[--h],l>n||(r[2*l+1]!==y&&(e.opt_len+=(y-r[2*l+1])*r[2*l],r[2*l+1]=y),u--)}}(e,t),Is(r,h,e.bl_count)}function Ns(e,t,r){let n,i,a=-1,s=t[1],o=0,c=7,h=4;for(0===s&&(c=138,h=3),t[2*(r+1)+1]=65535,n=0;n<=r;n++)i=s,s=t[2*(n+1)+1],++o>=7;n=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}function Gs(e,t,r,n){let i,a,s=0;e.level>0?(e.strm.data_type===Wa&&(e.strm.data_type=function(e){let t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return Ga;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return Va;for(t=32;t=3&&0===e.bl_tree[2*fs[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),i=e.opt_len+3+7>>>3,a=e.static_len+3+7>>>3,a<=i&&(i=a)):i=a=r+5,r+4<=i&&-1!==t?js(e,t,r,n):e.strategy===qa||a===i?(Us(e,(Qa<<1)+(n?1:0),3),Ms(e,gs,ms)):(Us(e,(Ya<<1)+(n?1:0),3),function(e,t,r,n){let i;for(Us(e,t-257,5),Us(e,r-1,5),Us(e,n-4,4),i=0;i>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(bs[r]+es+1)]++,e.dyn_dtree[2*xs(t)]++),e.last_lit===e.lit_bufsize-1}function Ws(e,t,r,n){let i=65535&e|0,a=e>>>16&65535|0,s=0;for(;0!==r;){s=r>2e3?2e3:r,r-=s;do{i=i+t[n++]|0,a=a+i|0}while(--s);i%=65521,a%=65521}return i|a<<16|0}const $s=function(){let e;const t=[];for(let r=0;r<256;r++){e=r;for(let t=0;t<8;t++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();function Zs(e,t,r,n){const i=$s,a=n+r;e^=-1;for(let r=n;r>>8^i[255&(e^t[r])];return-1^e}var Xs={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"};const Qs=9,Ys=3,Js=258,eo=Js+Ys+1,to=32,ro=42,no=69,io=73,ao=91,so=103,oo=113,co=666,ho=1,uo=2,lo=3,yo=4,po=3;function fo(e,t){return e.msg=Xs[t],t}function go(e){return(e<<1)-(e>4?9:0)}function mo(e){let t=e.length;for(;--t>=0;)e[t]=0}function wo(e){const t=e.state;let r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(Ka(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function bo(e,t){Gs(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,wo(e.strm)}function ko(e,t){e.pending_buf[e.pending++]=t}function vo(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function Ao(e,t,r,n){let i=e.avail_in;return i>n&&(i=n),0===i?0:(e.avail_in-=i,Ka(t,e.input,e.next_in,i,r),1===e.state.wrap?e.adler=Ws(e.adler,t,i,r):2===e.state.wrap&&(e.adler=Zs(e.adler,t,i,r)),e.next_in+=i,e.total_in+=i,i)}function _o(e,t){let r,n,i=e.max_chain_length,a=e.strstart,s=e.prev_length,o=e.nice_match;const c=e.strstart>e.w_size-eo?e.strstart-(e.w_size-eo):0,h=e.window,u=e.w_mask,l=e.prev,y=e.strstart+Js;let d=h[a+s-1],p=h[a+s];e.prev_length>=e.good_match&&(i>>=2),o>e.lookahead&&(o=e.lookahead);do{if(r=t,h[r+s]===p&&h[r+s-1]===d&&h[r]===h[a]&&h[++r]===h[a+1]){a+=2,r++;do{}while(h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&h[++a]===h[++r]&&as){if(e.match_start=t,s=n,n>=o)break;d=h[a+s-1],p=h[a+s]}}}while((t=l[t&u])>c&&0!=--i);return s<=e.lookahead?s:e.lookahead}function Eo(e){const t=e.w_size;let r,n,i,a,s;do{if(a=e.window_size-e.lookahead-e.strstart,e.strstart>=t+(t-eo)){Ka(e.window,e.window,t,t,0),e.match_start-=t,e.strstart-=t,e.block_start-=t,n=e.hash_size,r=n;do{i=e.head[--r],e.head[r]=i>=t?i-t:0}while(--n);n=t,r=n;do{i=e.prev[--r],e.prev[r]=i>=t?i-t:0}while(--n);a+=t}if(0===e.strm.avail_in)break;if(n=Ao(e.strm,e.window,e.strstart+e.lookahead,a),e.lookahead+=n,e.lookahead+e.insert>=Ys)for(s=e.strstart-e.insert,e.ins_h=e.window[s],e.ins_h=(e.ins_h<=Ys&&(e.ins_h=(e.ins_h<=Ys)if(n=Vs(e,e.strstart-e.match_start,e.match_length-Ys),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=Ys){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<=Ys&&(e.ins_h=(e.ins_h<4096)&&(e.match_length=Ys-1)),e.prev_length>=Ys&&e.match_length<=e.prev_length){i=e.strstart+e.lookahead-Ys,n=Vs(e,e.strstart-1-e.prev_match,e.prev_length-Ys),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=i&&(e.ins_h=(e.ins_h<e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(Eo(e),0===e.lookahead&&t===xa)return ho;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;const n=e.block_start+r;if((0===e.strstart||e.strstart>=n)&&(e.lookahead=e.strstart-n,e.strstart=n,bo(e,!1),0===e.strm.avail_out))return ho;if(e.strstart-e.block_start>=e.w_size-eo&&(bo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ca?(bo(e,!0),0===e.strm.avail_out?lo:yo):(e.strstart>e.block_start&&(bo(e,!1),e.strm.avail_out),ho)})),new xo(4,4,8,4,So),new xo(4,5,16,8,So),new xo(4,6,32,32,So),new xo(4,4,16,16,Ko),new xo(8,16,32,32,Ko),new xo(8,16,128,128,Ko),new xo(8,32,128,256,Ko),new xo(32,128,258,1024,Ko),new xo(32,258,258,4096,Ko)];class Uo{constructor(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=$a,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new _a(1146),this.dyn_dtree=new _a(122),this.bl_tree=new _a(78),mo(this.dyn_ltree),mo(this.dyn_dtree),mo(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new _a(16),this.heap=new _a(573),mo(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new _a(573),mo(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}}function Do(e){const t=function(e){let t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=Wa,t=e.state,t.pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?ro:oo,e.adler=2===t.wrap?0:1,t.last_flush=xa,Hs(t),Ba):fo(e,Ma)}(e);return t===Ba&&function(e){e.window_size=2*e.w_size,mo(e.head),e.max_lazy_match=Po[e.level].max_lazy,e.good_match=Po[e.level].good_length,e.nice_match=Po[e.level].nice_length,e.max_chain_length=Po[e.level].max_chain,e.strstart=0,e.block_start=0,e.lookahead=0,e.insert=0,e.match_length=e.prev_length=Ys-1,e.match_available=0,e.ins_h=0}(e.state),t}function Co(e,t){let r,n,i,a;if(!e||!e.state||t>Ia||t<0)return e?fo(e,Ma):Ma;if(n=e.state,!e.output||!e.input&&0!==e.avail_in||n.status===co&&t!==Ca)return fo(e,0===e.avail_out?Na:Ma);if(n.strm=e,r=n.last_flush,n.last_flush=t,n.status===ro)if(2===n.wrap)e.adler=0,ko(n,31),ko(n,139),ko(n,8),n.gzhead?(ko(n,(n.gzhead.text?1:0)+(n.gzhead.hcrc?2:0)+(n.gzhead.extra?4:0)+(n.gzhead.name?8:0)+(n.gzhead.comment?16:0)),ko(n,255&n.gzhead.time),ko(n,n.gzhead.time>>8&255),ko(n,n.gzhead.time>>16&255),ko(n,n.gzhead.time>>24&255),ko(n,9===n.level?2:n.strategy>=Ha||n.level<2?4:0),ko(n,255&n.gzhead.os),n.gzhead.extra&&n.gzhead.extra.length&&(ko(n,255&n.gzhead.extra.length),ko(n,n.gzhead.extra.length>>8&255)),n.gzhead.hcrc&&(e.adler=Zs(e.adler,n.pending_buf,n.pending,0)),n.gzindex=0,n.status=no):(ko(n,0),ko(n,0),ko(n,0),ko(n,0),ko(n,0),ko(n,9===n.level?2:n.strategy>=Ha||n.level<2?4:0),ko(n,po),n.status=oo);else{let t=$a+(n.w_bits-8<<4)<<8,r=-1;r=n.strategy>=Ha||n.level<2?0:n.level<6?1:6===n.level?2:3,t|=r<<6,0!==n.strstart&&(t|=to),t+=31-t%31,n.status=oo,vo(n,t),0!==n.strstart&&(vo(n,e.adler>>>16),vo(n,65535&e.adler)),e.adler=1}if(n.status===no)if(n.gzhead.extra){for(i=n.pending;n.gzindex<(65535&n.gzhead.extra.length)&&(n.pending!==n.pending_buf_size||(n.gzhead.hcrc&&n.pending>i&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),wo(e),i=n.pending,n.pending!==n.pending_buf_size));)ko(n,255&n.gzhead.extra[n.gzindex]),n.gzindex++;n.gzhead.hcrc&&n.pending>i&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),n.gzindex===n.gzhead.extra.length&&(n.gzindex=0,n.status=io)}else n.status=io;if(n.status===io)if(n.gzhead.name){i=n.pending;do{if(n.pending===n.pending_buf_size&&(n.gzhead.hcrc&&n.pending>i&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),wo(e),i=n.pending,n.pending===n.pending_buf_size)){a=1;break}a=n.gzindexi&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),0===a&&(n.gzindex=0,n.status=ao)}else n.status=ao;if(n.status===ao)if(n.gzhead.comment){i=n.pending;do{if(n.pending===n.pending_buf_size&&(n.gzhead.hcrc&&n.pending>i&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),wo(e),i=n.pending,n.pending===n.pending_buf_size)){a=1;break}a=n.gzindexi&&(e.adler=Zs(e.adler,n.pending_buf,n.pending-i,i)),0===a&&(n.status=so)}else n.status=so;if(n.status===so&&(n.gzhead.hcrc?(n.pending+2>n.pending_buf_size&&wo(e),n.pending+2<=n.pending_buf_size&&(ko(n,255&e.adler),ko(n,e.adler>>8&255),e.adler=0,n.status=oo)):n.status=oo),0!==n.pending){if(wo(e),0===e.avail_out)return n.last_flush=-1,Ba}else if(0===e.avail_in&&go(t)<=go(r)&&t!==Ca)return fo(e,Na);if(n.status===co&&0!==e.avail_in)return fo(e,Na);if(0!==e.avail_in||0!==n.lookahead||t!==xa&&n.status!==co){var s=n.strategy===Ha?function(e,t){let r;for(;;){if(0===e.lookahead&&(Eo(e),0===e.lookahead)){if(t===xa)return ho;break}if(e.match_length=0,r=Vs(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(bo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ca?(bo(e,!0),0===e.strm.avail_out?lo:yo):e.last_lit&&(bo(e,!1),0===e.strm.avail_out)?ho:uo}(n,t):n.strategy===ja?function(e,t){let r,n,i,a;const s=e.window;for(;;){if(e.lookahead<=Js){if(Eo(e),e.lookahead<=Js&&t===xa)return ho;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=Ys&&e.strstart>0&&(i=e.strstart-1,n=s[i],n===s[++i]&&n===s[++i]&&n===s[++i])){a=e.strstart+Js;do{}while(n===s[++i]&&n===s[++i]&&n===s[++i]&&n===s[++i]&&n===s[++i]&&n===s[++i]&&n===s[++i]&&n===s[++i]&&ie.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=Ys?(r=Vs(e,1,e.match_length-Ys),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=Vs(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(bo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ca?(bo(e,!0),0===e.strm.avail_out?lo:yo):e.last_lit&&(bo(e,!1),0===e.strm.avail_out)?ho:uo}(n,t):Po[n.level].func(n,t);if(s!==lo&&s!==yo||(n.status=co),s===ho||s===lo)return 0===e.avail_out&&(n.last_flush=-1),Ba;if(s===uo&&(t===Pa?qs(n):t!==Ia&&(js(n,0,0,!1),t===Da&&(mo(n.head),0===n.lookahead&&(n.strstart=0,n.block_start=0,n.insert=0))),wo(e),0===e.avail_out))return n.last_flush=-1,Ba}return t!==Ca?Ba:n.wrap<=0?za:(2===n.wrap?(ko(n,255&e.adler),ko(n,e.adler>>8&255),ko(n,e.adler>>16&255),ko(n,e.adler>>24&255),ko(n,255&e.total_in),ko(n,e.total_in>>8&255),ko(n,e.total_in>>16&255),ko(n,e.total_in>>24&255)):(vo(n,e.adler>>>16),vo(n,65535&e.adler)),wo(e),n.wrap>0&&(n.wrap=-n.wrap),0!==n.pending?Ba:za)}try{String.fromCharCode.call(null,0)}catch(e){}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){}const Io=new Aa(256);for(let e=0;e<256;e++)Io[e]=e>=252?6:e>=248?5:e>=240?4:e>=224?3:e>=192?2:1;function To(e){let t,r,n,i,a=0;const s=e.length;for(n=0;n>>6,o[i++]=128|63&t):t<65536?(o[i++]=224|t>>>12,o[i++]=128|t>>>6&63,o[i++]=128|63&t):(o[i++]=240|t>>>18,o[i++]=128|t>>>12&63,o[i++]=128|t>>>6&63,o[i++]=128|63&t);return o}Io[254]=Io[254]=1;class Bo{constructor(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}}class zo{constructor(e){this.options={level:Oa,method:$a,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,...e||{}};const t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Bo,this.strm.avail_out=0;var r,n,i=function(e,t,r,n,i,a){if(!e)return Ma;let s=1;if(t===Oa&&(t=6),n<0?(s=0,n=-n):n>15&&(s=2,n-=16),i<1||i>Qs||r!==$a||n<8||n>15||t<0||t>9||a<0||a>qa)return fo(e,Ma);8===n&&(n=9);const o=new Uo;return e.state=o,o.strm=e,o.wrap=s,o.gzhead=null,o.w_bits=n,o.w_size=1<=r.w_size&&(0===a&&(mo(r.head),r.strstart=0,r.block_start=0,r.insert=0),h=new Aa(r.w_size),Ka(h,t,u-r.w_size,r.w_size,0),t=h,u=r.w_size),s=e.avail_in,o=e.next_in,c=e.input,e.avail_in=u,e.next_in=0,e.input=t,Eo(r);r.lookahead>=Ys;){n=r.strstart,i=r.lookahead-(Ys-1);do{r.ins_h=(r.ins_h<0||0===r.avail_out)&&i!==za);return a===Ca?(i=function(e){let t;return e&&e.state?(t=e.state.status,t!==ro&&t!==no&&t!==io&&t!==ao&&t!==so&&t!==oo&&t!==co?fo(e,Ma):(e.state=null,t===oo?fo(e,La):Ba)):Ma}(this.strm),this.onEnd(i),this.ended=!0,i===Ba):a!==Ua||(this.onEnd(Ba),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ba&&(this.result=Sa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}const Ro=30,Mo=12;function Lo(e,t){let r,n,i,a,s,o,c,h,u,l;const y=e.state;r=e.next_in;const d=e.input,p=r+(e.avail_in-5);n=e.next_out;const f=e.output,g=n-(t-e.avail_out),m=n+(e.avail_out-257),w=y.dmax,b=y.wsize,k=y.whave,v=y.wnext,A=y.window;i=y.hold,a=y.bits;const _=y.lencode,E=y.distcode,S=(1<>>24,i>>>=o,a-=o,o=s>>>16&255,0===o)f[n++]=65535&s;else{if(!(16&o)){if(0==(64&o)){s=_[(65535&s)+(i&(1<>>=o,a-=o),a<15&&(i+=d[r++]<>>24,i>>>=o,a-=o,o=s>>>16&255,!(16&o)){if(0==(64&o)){s=E[(65535&s)+(i&(1<w){e.msg="invalid distance too far back",y.mode=Ro;break e}if(i>>>=o,a-=o,o=n-g,h>o){if(o=h-o,o>k&&y.sane){e.msg="invalid distance too far back",y.mode=Ro;break e}if(u=0,l=A,0===v){if(u+=b-o,o2;)f[n++]=l[u++],f[n++]=l[u++],f[n++]=l[u++],c-=3;c&&(f[n++]=l[u++],c>1&&(f[n++]=l[u++]))}else{u=n-h;do{f[n++]=f[u++],f[n++]=f[u++],f[n++]=f[u++],c-=3}while(c>2);c&&(f[n++]=f[u++],c>1&&(f[n++]=f[u++]))}break}}break}}while(r>3,r-=c,a-=c<<3,i&=(1<=1&&0===K[m];m--);if(w>m&&(w=m),0===m)return i[a++]=20971520,i[a++]=20971520,o.bits=1,0;for(g=1;g0&&(e===Ho||1!==m))return-1;for(x[1]=0,p=1;pOo||e===qo&&A>Fo)return 1;for(;;){P=p-k,s[f]d?(U=C[I+s[f]],D=E[S+s[f]]):(U=96,D=0),h=1<>k)+u]=P<<24|U<<16|D|0}while(0!==u);for(h=1<>=1;if(0!==h?(_&=h-1,_+=h):_=0,f++,0==--K[p]){if(p===m)break;p=t[r+s[f]]}if(p>w&&(_&T)!==l){for(0===k&&(k=w),y+=g,b=p-k,v=1<Oo||e===qo&&A>Fo)return 1;l=_&T,i[l]=w<<24|b<<16|y-a|0}}return 0!==_&&(i[y+_]=p-k<<24|64<<16|0),o.bits=w,0}const Xo=0,Qo=1,Yo=2,Jo=1,ec=2,tc=3,rc=4,nc=5,ic=6,ac=7,sc=8,oc=9,cc=10,hc=11,uc=12,lc=13,yc=14,dc=15,pc=16,fc=17,gc=18,mc=19,wc=20,bc=21,kc=22,vc=23,Ac=24,_c=25,Ec=26,Sc=27,Kc=28,xc=29,Pc=30,Uc=852,Dc=592;function Cc(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}class Ic{constructor(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new _a(320),this.work=new _a(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}}function Tc(e){let t;return e&&e.state?(t=e.state,t.wsize=0,t.whave=0,t.wnext=0,function(e){let t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=Jo,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new Ea(Uc),t.distcode=t.distdyn=new Ea(Dc),t.sane=1,t.back=-1,Ba):Ma}(e)):Ma}function Bc(e,t){let r,n;return e?(n=new Ic,e.state=n,n.window=null,r=function(e,t){let r,n;return e&&e.state?(n=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?Ma:(null!==n.window&&n.wbits!==t&&(n.window=null),n.wrap=r,n.wbits=t,Tc(e))):Ma}(e,t),r!==Ba&&(e.state=null),r):Ma}let zc,Rc,Mc=!0;function Lc(e){if(Mc){let t;for(zc=new Ea(512),Rc=new Ea(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(Zo(Qo,e.lens,0,288,zc,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;Zo(Yo,e.lens,0,32,Rc,0,e.work,{bits:5}),Mc=!1}e.lencode=zc,e.lenbits=9,e.distcode=Rc,e.distbits=5}function Nc(e,t,r,n){let i;const a=e.state;return null===a.window&&(a.wsize=1<=a.wsize?(Ka(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):(i=a.wsize-a.wnext,i>n&&(i=n),Ka(a.window,t,r-n,i,a.wnext),(n-=i)?(Ka(a.window,t,r-n,n,0),a.wnext=n,a.whave=a.wsize):(a.wnext+=i,a.wnext===a.wsize&&(a.wnext=0),a.whave>>8&255,r.check=Zs(r.check,x,2,0),h=0,u=0,r.mode=ec;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&h)<<8)+(h>>8))%31){e.msg="incorrect header check",r.mode=Pc;break}if((15&h)!==$a){e.msg="unknown compression method",r.mode=Pc;break}if(h>>>=4,u-=4,A=8+(15&h),0===r.wbits)r.wbits=A;else if(A>r.wbits){e.msg="invalid window size",r.mode=Pc;break}r.dmax=1<>8&1),512&r.flags&&(x[0]=255&h,x[1]=h>>>8&255,r.check=Zs(r.check,x,2,0)),h=0,u=0,r.mode=tc;case tc:for(;u<32;){if(0===o)break e;o--,h+=n[a++]<>>8&255,x[2]=h>>>16&255,x[3]=h>>>24&255,r.check=Zs(r.check,x,4,0)),h=0,u=0,r.mode=rc;case rc:for(;u<16;){if(0===o)break e;o--,h+=n[a++]<>8),512&r.flags&&(x[0]=255&h,x[1]=h>>>8&255,r.check=Zs(r.check,x,2,0)),h=0,u=0,r.mode=nc;case nc:if(1024&r.flags){for(;u<16;){if(0===o)break e;o--,h+=n[a++]<>>8&255,r.check=Zs(r.check,x,2,0)),h=0,u=0}else r.head&&(r.head.extra=null);r.mode=ic;case ic:if(1024&r.flags&&(d=r.length,d>o&&(d=o),d&&(r.head&&(A=r.head.extra_len-r.length,r.head.extra||(r.head.extra=Array(r.head.extra_len)),Ka(r.head.extra,n,a,d,A)),512&r.flags&&(r.check=Zs(r.check,n,d,a)),o-=d,a+=d,r.length-=d),r.length))break e;r.length=0,r.mode=ac;case ac:if(2048&r.flags){if(0===o)break e;d=0;do{A=n[a+d++],r.head&&A&&r.length<65536&&(r.head.name+=String.fromCharCode(A))}while(A&&d>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=uc;break;case cc:for(;u<32;){if(0===o)break e;o--,h+=n[a++]<>>=7&u,u-=7&u,r.mode=Sc;break}for(;u<3;){if(0===o)break e;o--,h+=n[a++]<>>=1,u-=1,3&h){case 0:r.mode=yc;break;case 1:if(Lc(r),r.mode=wc,t===Ta){h>>>=2,u-=2;break e}break;case 2:r.mode=fc;break;case 3:e.msg="invalid block type",r.mode=Pc}h>>>=2,u-=2;break;case yc:for(h>>>=7&u,u-=7&u;u<32;){if(0===o)break e;o--,h+=n[a++]<>>16^65535)){e.msg="invalid stored block lengths",r.mode=Pc;break}if(r.length=65535&h,h=0,u=0,r.mode=dc,t===Ta)break e;case dc:r.mode=pc;case pc:if(d=r.length,d){if(d>o&&(d=o),d>c&&(d=c),0===d)break e;Ka(i,n,a,d,s),o-=d,a+=d,c-=d,s+=d,r.length-=d;break}r.mode=uc;break;case fc:for(;u<14;){if(0===o)break e;o--,h+=n[a++]<>>=5,u-=5,r.ndist=1+(31&h),h>>>=5,u-=5,r.ncode=4+(15&h),h>>>=4,u-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=Pc;break}r.have=0,r.mode=gc;case gc:for(;r.have>>=3,u-=3}for(;r.have<19;)r.lens[P[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,E={bits:r.lenbits},_=Zo(Xo,r.lens,0,19,r.lencode,0,r.work,E),r.lenbits=E.bits,_){e.msg="invalid code lengths set",r.mode=Pc;break}r.have=0,r.mode=mc;case mc:for(;r.have>>24,m=K>>>16&255,w=65535&K,!(g<=u);){if(0===o)break e;o--,h+=n[a++]<>>=g,u-=g,r.lens[r.have++]=w;else{if(16===w){for(S=g+2;u>>=g,u-=g,0===r.have){e.msg="invalid bit length repeat",r.mode=Pc;break}A=r.lens[r.have-1],d=3+(3&h),h>>>=2,u-=2}else if(17===w){for(S=g+3;u>>=g,u-=g,A=0,d=3+(7&h),h>>>=3,u-=3}else{for(S=g+7;u>>=g,u-=g,A=0,d=11+(127&h),h>>>=7,u-=7}if(r.have+d>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=Pc;break}for(;d--;)r.lens[r.have++]=A}}if(r.mode===Pc)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=Pc;break}if(r.lenbits=9,E={bits:r.lenbits},_=Zo(Qo,r.lens,0,r.nlen,r.lencode,0,r.work,E),r.lenbits=E.bits,_){e.msg="invalid literal/lengths set",r.mode=Pc;break}if(r.distbits=6,r.distcode=r.distdyn,E={bits:r.distbits},_=Zo(Yo,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,E),r.distbits=E.bits,_){e.msg="invalid distances set",r.mode=Pc;break}if(r.mode=wc,t===Ta)break e;case wc:r.mode=bc;case bc:if(o>=6&&c>=258){e.next_out=s,e.avail_out=c,e.next_in=a,e.avail_in=o,r.hold=h,r.bits=u,Lo(e,y),s=e.next_out,i=e.output,c=e.avail_out,a=e.next_in,n=e.input,o=e.avail_in,h=r.hold,u=r.bits,r.mode===uc&&(r.back=-1);break}for(r.back=0;K=r.lencode[h&(1<>>24,m=K>>>16&255,w=65535&K,!(g<=u);){if(0===o)break e;o--,h+=n[a++]<>b)],g=K>>>24,m=K>>>16&255,w=65535&K,!(b+g<=u);){if(0===o)break e;o--,h+=n[a++]<>>=b,u-=b,r.back+=b}if(h>>>=g,u-=g,r.back+=g,r.length=w,0===m){r.mode=Ec;break}if(32&m){r.back=-1,r.mode=uc;break}if(64&m){e.msg="invalid literal/length code",r.mode=Pc;break}r.extra=15&m,r.mode=kc;case kc:if(r.extra){for(S=r.extra;u>>=r.extra,u-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=vc;case vc:for(;K=r.distcode[h&(1<>>24,m=K>>>16&255,w=65535&K,!(g<=u);){if(0===o)break e;o--,h+=n[a++]<>b)],g=K>>>24,m=K>>>16&255,w=65535&K,!(b+g<=u);){if(0===o)break e;o--,h+=n[a++]<>>=b,u-=b,r.back+=b}if(h>>>=g,u-=g,r.back+=g,64&m){e.msg="invalid distance code",r.mode=Pc;break}r.offset=w,r.extra=15&m,r.mode=Ac;case Ac:if(r.extra){for(S=r.extra;u>>=r.extra,u-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=Pc;break}r.mode=_c;case _c:if(0===c)break e;if(d=y-c,r.offset>d){if(d=r.offset-d,d>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=Pc;break}d>r.wnext?(d-=r.wnext,p=r.wsize-d):p=r.wnext-d,d>r.length&&(d=r.length),f=r.window}else f=i,p=s-r.offset,d=r.length;d>c&&(d=c),c-=d,r.length-=d;do{i[s++]=f[p++]}while(--d);0===r.length&&(r.mode=bc);break;case Ec:if(0===c)break e;i[s++]=r.length,c--,r.mode=bc;break;case Sc:if(r.wrap){for(;u<32;){if(0===o)break e;o--,h|=n[a++]<=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Bo,this.strm.avail_out=0;let r=Bc(this.strm,t.windowBits);if(r!==Ba)throw Error(Xs[r]);if(this.header=new Hc,function(e,t){let r;e&&e.state&&(r=e.state,0==(2&r.wrap)||(r.head=t,t.done=!1))}(this.strm,this.header),t.dictionary&&("string"==typeof t.dictionary?t.dictionary=To(t.dictionary):t.dictionary instanceof ArrayBuffer&&(t.dictionary=new Uint8Array(t.dictionary)),t.raw&&(r=Fc(this.strm,t.dictionary),r!==Ba)))throw Error(Xs[r])}push(e,t){const{strm:r,options:{chunkSize:n,dictionary:i}}=this;let a,s,o=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?Ca:xa,"string"==typeof e?r.input=function(e){const t=new Aa(e.length);for(let r=0,n=t.length;r0||0===r.avail_out)&&a!==za);return a===za&&(s=Ca),s===Ca?(a=function(e){if(!e||!e.state)return Ma;const t=e.state;return t.window&&(t.window=null),e.state=null,Ba}(this.strm),this.onEnd(a),this.ended=!0,a===Ba):s!==Ua||(this.onEnd(Ba),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ba&&(this.result=Sa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}var qc=[0,1,3,7,15,31,63,127,255],Gc=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};Gc.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},Gc.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=qc[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var n=r-e;t|=(this.curByte&qc[e]<>n,this.bitOffset+=e,e=0}}return t},Gc.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},Gc.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var Vc=Gc,Wc=function(){};Wc.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},Wc.prototype.read=function(e,t,r){for(var n=0;n>>0},this.updateCRC=function(t){e=e<<8^$c[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^$c[255&(e>>>24^t)]}}),Qc=function(e,t){var r,n=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=n,n},Yc={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},Jc={};Jc[Yc.LAST_BLOCK]="Bad file checksum",Jc[Yc.NOT_BZIP_DATA]="Not bzip data",Jc[Yc.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",Jc[Yc.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",Jc[Yc.DATA_ERROR]="Data error",Jc[Yc.OUT_OF_MEMORY]="Out of memory",Jc[Yc.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var eh=function(e,t){var r=Jc[e]||"unknown error";t&&(r+=": "+t);var n=new TypeError(r);throw n.errorCode=e,n},th=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};th.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Xc,!0):(this.writeCount=-1,!1)},th.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||eh(Yc.NOT_BZIP_DATA,"bad magic");var n=r[3]-48;(n<1||n>9)&&eh(Yc.NOT_BZIP_DATA,"level out of range"),this.reader=new Vc(e),this.dbufSize=1e5*n,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},th.prototype._get_next_block=function(){var e,t,r,n=this.reader,i=n.pi();if("177245385090"===i)return!1;"314159265359"!==i&&eh(Yc.NOT_BZIP_DATA),this.targetBlockCRC=n.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,n.read(1)&&eh(Yc.OBSOLETE_INPUT);var a=n.read(24);a>this.dbufSize&&eh(Yc.DATA_ERROR,"initial position out of bounds");var s=n.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(s&1<<15-e){var h=16*e;for(r=n.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=h+t)}var u=n.read(3);(u<2||u>6)&&eh(Yc.DATA_ERROR);var l=n.read(15);0===l&&eh(Yc.DATA_ERROR);var y=new Uint8Array(256);for(e=0;e=u&&eh(Yc.DATA_ERROR);d[e]=Qc(y,t)}var p,f=c+2,g=[];for(t=0;t20)&&eh(Yc.DATA_ERROR),n.read(1);)n.read(1)?s--:s++;b[e]=s}for(m=w=b[0],e=1;ew?w=b[e]:b[e]=l&&eh(Yc.DATA_ERROR),p=g[d[K++]]),e=p.minLen,t=n.read(e);e>p.maxLen&&eh(Yc.DATA_ERROR),!(t<=p.limit[e]);e++)t=t<<1|n.read(1);((t-=p.base[e])<0||t>=258)&&eh(Yc.DATA_ERROR);var P=p.permute[t];if(0!==P&&1!==P){if(E)for(E=0,S+s>this.dbufSize&&eh(Yc.DATA_ERROR),A[_=o[y[0]]]+=s;s--;)x[S++]=_;if(P>c)break;S>=this.dbufSize&&eh(Yc.DATA_ERROR),A[_=o[_=Qc(y,e=P-1)]]++,x[S++]=_}else E||(E=1,s=0),s+=0===P?E:2*E,E<<=1}for((a<0||a>=S)&&eh(Yc.DATA_ERROR),t=0,e=0;e<256;e++)r=t+A[e],A[e]=t,t=r;for(e=0;e>=8,C=-1),this.writePos=U,this.writeCurrent=D,this.writeCount=S,this.writeRun=C,!0},th.prototype._read_bunzip=function(e,t){var r,n,i;if(this.writeCount<0)return 0;var a=this.dbuf,s=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var h=this.writeRun;c;){for(c--,n=o,o=255&(s=a[s]),s>>=8,3==h++?(r=o,i=n,o=-1):(r=1,i=o),this.blockCRC.updateCRCRun(i,r);r--;)this.outputStream.writeByte(i),this.nextoutput++;o!=n&&(h=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&eh(Yc.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var rh=function(e){if("readByte"in e)return e;var t=new Zc;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},nh=function(e){var t=new Zc,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var ih=function(e,t,r){for(var n=rh(e),i=nh(t),a=new th(n,i);!("eof"in n)||!n.eof();)if(a._init_block())a._read_bunzip();else{var s=a.reader.read(32)>>>0;if(s!==a.streamCRC&&eh(Yc.DATA_ERROR,"Bad stream CRC (got "+a.streamCRC.toString(16)+" expected "+s.toString(16)+")"),!r||!("eof"in n)||n.eof())break;a._start_bunzip(n,i)}if("getBuffer"in i)return i.getBuffer()};class ah{static get tag(){return $.packet.literalData}constructor(e=new Date){this.format=$.literal.utf8,this.date=X.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=$.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||X.isStream(this.text))&&(this.text=X.decodeUTF8(X.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=X.canonicalizeEOL(X.encodeUTF8(this.text))),e?N(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await M(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=X.decodeUTF8(await e.readBytes(r)),this.date=X.readDate(await e.readBytes(4));let n=e.remainder();s(n)&&(n=await H(n)),this.setBytes(n,t)}))}writeHeader(){const e=X.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=X.writeDate(this.date);return X.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return X.concat([e,t])}}const sh=Symbol("verified"),oh=new Set([$.signatureSubpacket.issuer,$.signatureSubpacket.issuerFingerprint,$.signatureSubpacket.embeddedSignature]);class ch{static get tag(){return $.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.signedHashValue=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new pe,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.revoked=null,this[sh]=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version)throw new fi(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[t++],this.publicKeyAlgorithm=e[t++],this.hashAlgorithm=e[t++],t+=this.readSubPackets(e.subarray(t,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");this.signatureData=e.subarray(0,t),t+=this.readSubPackets(e.subarray(t,e.length),!1),this.signedHashValue=e.subarray(t,t+2),t+=2,this.params=ma.signature.parseSignatureParams(this.publicKeyAlgorithm,e.subarray(t,e.length))}writeParams(){return this.params instanceof Promise?q((async()=>ma.serializeParams(this.publicKeyAlgorithm,await this.params))):ma.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),e.push(this.writeParams()),X.concat(e)}async sign(e,t,r=new Date,n=!1){5===e.version?this.version=5:this.version=4;const i=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];this.created=X.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID(),i.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=X.concat(i);const a=this.toHash(this.signatureType,t,n),s=await this.hash(this.signatureType,t,a,n);this.signedHashValue=F(L(s),0,2);const o=async()=>ma.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await H(s));X.isStream(s)?this.params=o():(this.params=await o(),this[sh]=!0)}writeHashedSubPackets(){const e=$.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(hh(e.signatureCreationTime,!0,X.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(hh(e.signatureExpirationTime,!0,X.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(hh(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(hh(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(hh(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(hh(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(hh(e.keyExpirationTime,!0,X.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(hh(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=X.concat([r,this.revocationKeyFingerprint]),t.push(hh(e.revocationKey,!1,r))),this.issuerKeyID.isNull()||5===this.issuerKeyVersion||t.push(hh(e.issuer,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=X.encodeUTF8(n);r.push(X.writeNumber(o.length,2)),r.push(X.writeNumber(i.length,2)),r.push(o),r.push(i),r=X.concat(r),t.push(hh(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(hh(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(hh(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.keyServerPreferences)),t.push(hh(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(hh(e.preferredKeyServer,!1,X.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(hh(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(hh(e.policyURI,!1,X.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.keyFlags)),t.push(hh(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(hh(e.signersUserID,!1,X.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=X.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(hh(e.reasonForRevocation,!0,r))),null!==this.features&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.features)),t.push(hh(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(X.stringToUint8Array(this.signatureTargetHash)),r=X.concat(r),t.push(hh(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(hh(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=X.concat(r),t.push(hh(e.issuerFingerprint,5===this.version,r))),null!==this.preferredAEADAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(hh(e.preferredAEADAlgorithms,!1,r)));const n=X.concat(t),i=X.writeNumber(n.length,2);return X.concat([i,n])}writeUnhashedSubPackets(){const e=[];this.unhashedSubpackets.forEach((t=>{e.push(hi(t.length)),e.push(t)}));const t=X.concat(e),r=X.writeNumber(t.length,2);return X.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(t||(this.unhashedSubpackets.push(e.subarray(r,e.length)),oh.has(i)))switch(r++,i){case $.signatureSubpacket.signatureCreationTime:this.created=X.readDate(e.subarray(r,e.length));break;case $.signatureSubpacket.signatureExpirationTime:{const t=X.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case $.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case $.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case $.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case $.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case $.signatureSubpacket.keyExpirationTime:{const t=X.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case $.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case $.signatureSubpacket.issuer:this.issuerKeyID.read(e.subarray(r,e.length));break;case $.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=X.readNumber(e.subarray(r,r+2));r+=2;const a=X.readNumber(e.subarray(r,r+2));r+=2;const s=X.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:n}),t&&(this.notations[s]=X.decodeUTF8(o));break}case $.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case $.signatureSubpacket.policyURI:this.policyURI=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.signersUserID:this.signersUserID=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=ma.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=X.uint8ArrayToString(e.subarray(r,r+t));break}case $.signatureSubpacket.embeddedSignature:this.embeddedSignature=new ch,this.embeddedSignature.read(e.subarray(r,e.length));break;case $.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),5===this.issuerKeyVersion?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case $.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;default:{const e=Error("Unknown signature subpacket type "+i);if(n)throw e;X.printDebug(e)}}}readSubPackets(e,t=!0,r){const n=X.readNumber(e.subarray(0,2));let i=2;for(;i<2+n;){const n=ci(e.subarray(i,e.length));i+=n.offset,this.readSubPacket(e.subarray(i,i+n.len),t,r),i+=n.len}return i}toSign(e,t){const r=$.signature;switch(e){case r.binary:return null!==t.text?X.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return X.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,n;if(t.userID)n=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");n=209,e=t.userAttribute}const i=e.write();return X.concat([this.toSign(r.key,t),new Uint8Array([n]),X.writeNumber(i.length,4),i])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return X.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return z(L(this.signatureData),(e=>{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==$.signature.binary&&this.signatureType!==$.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(X.writeNumber(r,4)),X.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return X.concat([n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){return r||(r=this.toHash(e,t,n)),ma.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,a=ie){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===$.signature.binary||t===$.signature.text;if(!(this[sh]&&!s)){let n,a;if(this.hashed?a=await this.hashed:(n=this.toHash(t,r,i),a=await this.hash(t,r,n)),a=await H(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[sh]=await ma.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,n,a),!this[sh])throw Error("Signature verification failed")}const o=X.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+$.read($.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[$.signature.binary,$.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+$.read($.hash,this.hashAlgorithm).toUpperCase());if(this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=X.normalizeDate(e);return null!==t&&!(this.created<=t&&tch.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==$.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function lh(e,t){if(!t[e]){let t;try{t=$.read($.packet,e)}catch(t){throw new fi("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}uh.prototype.hash=ch.prototype.hash,uh.prototype.toHash=ch.prototype.toHash,uh.prototype.toSign=ch.prototype.toSign;class yh extends Array{static async fromBinary(e,t,r=ie){const n=new yh;return await n.read(e,t,r),n}async read(e,t,r=ie){r.additionalAllowedPackets.length&&(t={...t,...X.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=R(e,(async(e,n)=>{const i=C(n);try{for(;;){await i.ready;if(await pi(e,(async e=>{try{if(e.tag===$.packet.marker||e.tag===$.packet.trust)return;const n=lh(e.tag,t);n.packets=new yh,n.fromStream=X.isStream(e.packet),await n.read(e.packet,r),await i.write(n)}catch(t){const n=!r.ignoreUnsupportedPackets&&t instanceof fi,a=!(r.ignoreMalformedPackets||t instanceof fi);if(n||a||di(e.tag))await i.abort(t);else{const t=new gi(e.tag,e.packet);await i.write(t)}X.printDebugError(t)}})))return await i.ready,void await i.close()}}catch(e){await i.abort(e)}}));const n=D(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||di(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),i+=e.length,i>=a){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=X.concat([ui(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>X.concat([hi(i)].concat(t)))))}else{if(X.isStream(n)){let t=0;e.push(z(L(n),(e=>{t+=e.length}),(()=>yi(r,t))))}else e.push(yi(r,n.length));e.push(n)}}return X.concat(e)}filterByTag(...e){const t=new yh,r=e=>t=>e===t;for(let n=0;nt.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),X.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=ie){const t=$.read($.compression,this.algorithm),r=vh[t];if(!r)throw Error(t+" decompression not supported");this.packets=await yh.fromBinary(r(this.compressed),dh,e)}compress(){const e=$.read($.compression,this.algorithm),t=kh[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write(),this.deflateLevel)}}const fh=X.getNodeZlib();function gh(e){return e}function mh(e,t,r={}){return function(n){return!X.isStream(n)||s(n)?q((()=>H(n).then((t=>new Promise(((n,i)=>{e(t,r,((e,t)=>{if(e)return i(e);n(t)}))})))))):f(g(n).pipe(t(r)))}}function wh(e,t={}){return function(r){const n=new e(t);return z(r,(e=>{if(e.length)return n.push(e,Ua),n.result}),(()=>{if(e===zo)return n.push([],Ca),n.result}))}}function bh(e){return function(t){return q((async()=>e(await H(t))))}}const kh=fh?{zip:/*#__PURE__*/(e,t)=>mh(fh.deflateRaw,fh.createDeflateRaw,{level:t})(e),zlib:/*#__PURE__*/(e,t)=>mh(fh.deflate,fh.createDeflate,{level:t})(e)}:{zip:/*#__PURE__*/(e,t)=>wh(zo,{raw:!0,level:t})(e),zlib:/*#__PURE__*/(e,t)=>wh(zo,{level:t})(e)},vh=fh?{uncompressed:gh,zip:/*#__PURE__*/mh(fh.inflateRaw,fh.createInflateRaw),zlib:/*#__PURE__*/mh(fh.inflate,fh.createInflate),bzip2:/*#__PURE__*/bh(ih)}:{uncompressed:gh,zip:/*#__PURE__*/wh(jc,{raw:!0}),zlib:/*#__PURE__*/wh(jc),bzip2:/*#__PURE__*/bh(ih)},Ah=/*#__PURE__*/X.constructAllowedPackets([ah,ph,uh,ch]);class _h{static get tag(){return $.packet.symEncryptedIntegrityProtectedData}constructor(){this.version=1,this.encrypted=null,this.packets=null}async read(e){await M(e,(async e=>{const t=await e.readByte();if(1!==t)throw new fi(`Version ${t} of the SEIP packet is unsupported.`);this.encrypted=e.remainder()}))}write(){return X.concat([new Uint8Array([1]),this.encrypted])}async encrypt(e,t,r=ie){const{blockSize:n}=ma.getCipher(e);let i=this.packets.write();s(i)&&(i=await H(i));const a=await ma.getPrefixRandom(e),o=new Uint8Array([211,20]),c=X.concat([a,i,o]),h=await ma.hash.sha1(N(c)),u=X.concat([c,h]);return this.encrypted=await ma.mode.cfb.encrypt(e,t,u,new Uint8Array(n),r),!0}async decrypt(e,t,r=ie){const{blockSize:n}=ma.getCipher(e);let i=L(this.encrypted);s(i)&&(i=await H(i));const a=await ma.mode.cfb.decrypt(e,t,i,new Uint8Array(n)),o=F(N(a),-20),c=F(a,0,-20),h=Promise.all([H(await ma.hash.sha1(N(c))),H(o)]).then((([e,t])=>{if(!X.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=F(c,n+2);let l=F(u,0,-2);return l=U([l,q((()=>h))]),X.isStream(i)&&r.allowUnauthenticatedStream||(l=await H(l)),this.packets=await yh.fromBinary(l,Ah,r),!0}}const Eh=/*#__PURE__*/X.constructAllowedPackets([ah,ph,uh,ch]);class Sh{static get tag(){return $.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=$.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await M(e,(async e=>{const t=await e.readByte();if(1!==t)throw new fi(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=ma.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return X.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=ie){this.packets=await yh.fromBinary(await this.crypt("decrypt",t,L(this.encrypted)),Eh,r)}async encrypt(e,t,r=ie){this.cipherAlgorithm=e;const{ivLength:n}=ma.getAEADMode(this.aeadAlgorithm);this.iv=ma.random.getRandomBytes(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await this.crypt("encrypt",t,i)}async crypt(e,t,r){const n=ma.getAEADMode(this.aeadAlgorithm),i=await n(this.cipherAlgorithm,t),a="decrypt"===e?n.tagLength:0,s="encrypt"===e?n.tagLength:0,o=2**(this.chunkSizeByte+6)+a,c=new ArrayBuffer(21),h=new Uint8Array(c,0,13),u=new Uint8Array(c),l=new DataView(c),y=new Uint8Array(c,5,8);h.set([192|Sh.tag,this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte],0);let d=0,p=Promise.resolve(),f=0,g=0;const m=this.iv;return R(r,(async(t,r)=>{if("array"!==X.isStream(t)){const e=new E({},{highWaterMark:X.getHardwareConcurrency()*2**(this.chunkSizeByte+6),size:e=>e.length});I(e.readable,r),r=e.writable}const c=D(t),w=C(r);try{for(;;){let t=await c.readBytes(o+a)||new Uint8Array;const r=t.subarray(t.length-a);let b,k;if(t=t.subarray(0,t.length-a),!d||t.length?(c.unshift(r),b=i[e](t,n.getNonce(m,y),h),g+=t.length-a+s):(l.setInt32(17,f),b=i[e](r,n.getNonce(m,y),u),g+=s,k=!0),f+=t.length-a,p=p.then((()=>b)).then((async e=>{await w.ready,await w.write(e),g-=e.length})).catch((e=>w.abort(e))),(k||g>w.desiredSize)&&await p,k){await w.close();break}l.setInt32(9,++d)}}catch(e){await w.abort(e)}}))}}class Kh{static get tag(){return $.packet.publicKeyEncryptedSessionKey}constructor(){this.version=3,this.publicKeyID=new pe,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}read(e){let t=0;if(this.version=e[t++],3!==this.version)throw new fi(`Version ${this.version} of the PKESK packet is unsupported.`);t+=this.publicKeyID.read(e.subarray(t)),this.publicKeyAlgorithm=e[t++],this.encrypted=ma.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t),this.version),this.publicKeyAlgorithm===$.publicKey.x25519&&(this.sessionKeyAlgorithm=$.write($.symmetric,this.encrypted.C.algorithm))}write(){const e=[new Uint8Array([this.version]),this.publicKeyID.write(),new Uint8Array([this.publicKeyAlgorithm]),ma.serializeParams(this.publicKeyAlgorithm,this.encrypted)];return X.concatUint8Array(e)}async encrypt(e){const t=$.write($.publicKey,this.publicKeyAlgorithm),r=xh(this.version,t,this.sessionKeyAlgorithm,this.sessionKey);this.encrypted=await ma.publicKeyEncrypt(t,this.sessionKeyAlgorithm,e.publicParams,r,e.getFingerprintBytes())}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?xh(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=await ma.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,e.getFingerprintBytes(),r),{sessionKey:i,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.elgamal:case $.publicKey.ecdh:{const e=r.subarray(0,r.length-2),t=r.subarray(r.length-2),i=X.writeChecksum(e.subarray(e.length%8)),a=i[0]===t[0]&i[1]===t[1],s={sessionKeyAlgorithm:e[0],sessionKey:e.subarray(1)};if(n){const e=a&s.sessionKeyAlgorithm===n.sessionKeyAlgorithm&s.sessionKey.length===n.sessionKey.length;return{sessionKey:X.selectUint8Array(e,s.sessionKey,n.sessionKey),sessionKeyAlgorithm:X.selectUint8(e,s.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&$.read($.symmetric,s.sessionKeyAlgorithm))return s;throw Error("Decryption error")}case $.publicKey.x25519:return{sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,n,t);this.publicKeyAlgorithm!==$.publicKey.x25519&&(this.sessionKeyAlgorithm=a),this.sessionKey=i}}function xh(e,t,r,n){switch(t){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.elgamal:case $.publicKey.ecdh:return X.concatUint8Array([new Uint8Array([r]),n,X.writeChecksum(n.subarray(n.length%8))]);case $.publicKey.x25519:return n;default:throw Error("Unsupported public key algorithm")}}class Ph{constructor(e=ie){this.algorithm=$.hash.sha256,this.type="iterated",this.c=e.s2kIterationCountByte,this.salt=null}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;try{this.type=$.read($.s2k,e[t++])}catch(e){throw new fi("Unknown S2K type.")}switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==X.uint8ArrayToString(e.subarray(t,t+3)))throw new fi("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new fi("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new fi("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...X.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([$.write($.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return X.concatUint8Array(e)}async produceKey(e,t){e=X.encodeUTF8(e);const r=[];let n=0,i=0;for(;n{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Mh(e,t,r){const{keySize:n}=ma.getCipher(r);return e.produceKey(t,n)}var Lh=rt((function(e){!function(t){function r(e){function t(){return _e0&&(t.semantic=" "),t}}function g(e,t){return function(){var n,a,o,h,u;for(h=r(),n=s("star"),o=0,u=void 0===t?0:t;null!==(a=e());)o+=1,c(n,a);return o>=u?n:(i(h),null)}}function m(e){return e.charCodeAt(0)>=128}function w(){return o("cr",u("\r")())}function b(){return o("crlf",l(w,A)())}function k(){return o("dquote",u('"')())}function v(){return o("htab",u("\t")())}function A(){return o("lf",u("\n")())}function _(){return o("sp",u(" ")())}function E(){return o("vchar",h((function(t){var r=t.charCodeAt(0),n=33<=r&&r<=126;return e.rfc6532&&(n=n||m(t)),n})))}function S(){return o("wsp",y(_,v)())}function K(){var e=o("quoted-pair",y(l(u("\\"),y(E,S)),ne)());return null===e?null:(e.semantic=e.semantic[1],e)}function x(){return o("fws",y(ae,l(d(l(g(S),p(b))),g(S,1)))())}function P(){return o("ctext",y((function(){return h((function(t){var r=t.charCodeAt(0),n=33<=r&&r<=39||42<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(n=n||m(t)),n}))}),te)())}function U(){return o("ccontent",y(P,K,D)())}function D(){return o("comment",l(u("("),g(l(d(x),U)),d(x),u(")"))())}function C(){return o("cfws",y(l(g(l(d(x),D),1),d(x)),x)())}function I(){return o("atext",h((function(t){var r="a"<=t&&t<="z"||"A"<=t&&t<="Z"||"0"<=t&&t<="9"||["!","#","$","%","&","'","*","+","-","/","=","?","^","_","`","{","|","}","~"].indexOf(t)>=0;return e.rfc6532&&(r=r||m(t)),r})))}function T(){return o("atom",l(f(d(C)),g(I,1),f(d(C)))())}function B(){var e,t;return null===(e=o("dot-atom-text",g(I,1)()))||null!==(t=g(l(u("."),g(I,1)))())&&c(e,t),e}function z(){return o("dot-atom",l(p(d(C)),B,p(d(C)))())}function R(){return o("qtext",y((function(){return h((function(t){var r=t.charCodeAt(0),n=33===r||35<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(n=n||m(t)),n}))}),re)())}function M(){return o("qcontent",y(R,K)())}function L(){return o("quoted-string",l(p(d(C)),p(k),g(l(d(f(x)),M)),d(p(x)),p(k),p(d(C)))())}function N(){return o("word",y(T,L)())}function O(){return o("address",y(F,q)())}function F(){return o("mailbox",y(H,J)())}function H(){return o("name-addr",l(d(G),j)())}function j(){return o("angle-addr",y(l(p(d(C)),u("<"),J,u(">"),p(d(C))),se)())}function q(){return o("group",l(G,u(":"),d($),u(";"),p(d(C)))())}function G(){return o("display-name",(null!==(e=o("phrase",y(ie,g(N,1))()))&&(e.semantic=function(e){return e.replace(/([ \t]|\r\n)+/g," ").replace(/^\s*/,"").replace(/\s*$/,"")}(e.semantic)),e));var e}function V(){return o("mailbox-list",y(l(F,g(l(u(","),F))),he)())}function W(){return o("address-list",y(l(O,g(l(u(","),O))),ue)())}function $(){return o("group-list",y(V,p(C),le)())}function Z(){return o("local-part",y(ye,z,L)())}function X(){return o("dtext",y((function(){return h((function(t){var r=t.charCodeAt(0),n=33<=r&&r<=90||94<=r&&r<=126;return e.rfc6532&&(n=n||m(t)),n}))}),pe)())}function Q(){return o("domain-literal",l(p(d(C)),u("["),g(l(d(x),X)),d(x),u("]"),p(d(C)))())}function Y(){return o("domain",(t=y(de,z,Q)(),e.rejectTLD&&t&&t.semantic&&t.semantic.indexOf(".")<0?null:(t&&(t.semantic=t.semantic.replace(/\s+/g,"")),t)));var t}function J(){return o("addr-spec",l(Z,u("@"),Y)())}function ee(){return e.strict?null:o("obs-NO-WS-CTL",h((function(e){var t=e.charCodeAt(0);return 1<=t&&t<=8||11===t||12===t||14<=t&&t<=31||127===t})))}function te(){return e.strict?null:o("obs-ctext",ee())}function re(){return e.strict?null:o("obs-qtext",ee())}function ne(){return e.strict?null:o("obs-qp",l(u("\\"),y(u("\0"),ee,A,w))())}function ie(){return e.strict?null:e.atInDisplayName?o("obs-phrase",l(N,g(y(N,u("."),u("@"),f(C))))()):o("obs-phrase",l(N,g(y(N,u("."),f(C))))())}function ae(){return e.strict?null:o("obs-FWS",g(l(p(d(b)),S),1)())}function se(){return e.strict?null:o("obs-angle-addr",l(p(d(C)),u("<"),oe,J,u(">"),p(d(C)))())}function oe(){return e.strict?null:o("obs-route",l(ce,u(":"))())}function ce(){return e.strict?null:o("obs-domain-list",l(g(y(p(C),u(","))),u("@"),Y,g(l(u(","),p(d(C)),d(l(u("@"),Y)))))())}function he(){return e.strict?null:o("obs-mbox-list",l(g(l(p(d(C)),u(","))),F,g(l(u(","),d(l(F,p(C))))))())}function ue(){return e.strict?null:o("obs-addr-list",l(g(l(p(d(C)),u(","))),O,g(l(u(","),d(l(O,p(C))))))())}function le(){return e.strict?null:o("obs-group-list",l(g(l(p(d(C)),u(",")),1),p(d(C)))())}function ye(){return e.strict?null:o("obs-local-part",l(N,g(l(u("."),N)))())}function de(){return e.strict?null:o("obs-domain",l(T,g(l(u("."),T)))())}function pe(){return e.strict?null:o("obs-dtext",y(ee,K)())}function fe(e,t){var r,n,i;if(null==t)return null;for(n=[t];n.length>0;){if((i=n.pop()).name===e)return i;for(r=i.children.length-1;r>=0;r-=1)n.push(i.children[r])}return null}function ge(e,t){var r,n,i,a,s;if(null==t)return null;for(n=[t],a=[],s={},r=0;r0;)if((i=n.pop()).name in s)a.push(i);else for(r=i.children.length-1;r>=0;r-=1)n.push(i.children[r]);return a}function me(t){var r,n,i,a,s;if(null===t)return null;for(r=[],n=ge(["group","mailbox"],t),i=0;i1)return null;return t.addresses&&t.addresses[0]}(s):e.simple?s&&s.addresses:s}function we(e){var t,r=fe("display-name",e),n=[],i=ge(["mailbox"],e);for(t=0;t0;)for((i=n.pop()).name===e&&a.push(i),r=i.children.length-1;r>=0;r-=1)n.push(i.children[r]);return a}("cfws",e),i=ge(["comment"],e),a=fe("local-part",r),s=fe("domain",r);return{node:e,parts:{name:t,address:r,local:a,domain:s,comments:n},type:e.name,name:ke(t),address:ke(r),local:ke(a),domain:ke(s),comments:ve(i),groupName:ke(e.groupName)}}function ke(e){return null!=e?e.semantic:null}function ve(e){var t="";if(e)for(var r=0;r`),t.userID=r.join(" "),t}read(e,t=ie){const r=X.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");try{const{name:e,address:t,comments:n}=Lh.parseOneAddress({input:r,atInDisplayName:!0});this.comment=n.replace(/^\(|\)$/g,""),this.name=e,this.email=t}catch(e){}this.userID=r}write(){return X.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Oh extends Rh{static get tag(){return $.packet.secretSubkey}constructor(e=new Date,t=ie){super(e,t)}}class Fh{static get tag(){return $.packet.trust}read(){throw new fi("Trust packets are not supported")}write(){throw new fi("Trust packets are not supported")}}const Hh=/*#__PURE__*/X.constructAllowedPackets([ch]);class jh{constructor(e){this.packets=e||new yh}write(){return this.packets.write()}armor(e=ie){return de($.armor.signature,this.write(),void 0,void 0,void 0,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function qh({armoredSignature:e,binarySignature:t,config:r,...n}){r={...ie,...r};let i=e||t;if(!i)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!X.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!X.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await ye(i,r);if(e!==$.armor.signature)throw Error("Armored text not of type signature");i=t}const s=await yh.fromBinary(i,Hh,r);return new jh(s)}async function Gh(e,t){const r=new Oh(e.date,t);return r.packets=null,r.algorithm=$.write($.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function Vh(e,t){const r=new Rh(e.date,t);return r.packets=null,r.algorithm=$.write($.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Wh(e,t,r,n,i=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,n,i,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw X.wrapError(`Could not find valid ${$.read($.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function $h(e,t,r=new Date){const n=X.normalizeDate(r);if(null!==n){const r=tu(e,t);return!(e.created<=n&&n0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await Yh(i,null,t,a,r.date,void 0,void 0,void 0,n)}async function Xh(e,t,r=new Date,n={},i){let a=i.preferredHashAlgorithm,s=a;if(e){const t=await e.getPrimaryUser(r,n,i);t.selfCertification.preferredHashAlgorithms&&([s]=t.selfCertification.preferredHashAlgorithms,a=ma.hash.getHashByteLength(a)<=ma.hash.getHashByteLength(s)?s:a)}switch(t.algorithm){case $.publicKey.ecdsa:case $.publicKey.eddsaLegacy:case $.publicKey.ed25519:s=ma.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid)}return ma.hash.getHashByteLength(a)<=ma.hash.getHashByteLength(s)?s:a}async function Qh(e,t=[],r=new Date,n=[],i=ie){const a={symmetric:$.symmetric.aes128,aead:$.aead.eax,compression:$.compression.uncompressed}[e],s={symmetric:i.preferredSymmetricAlgorithm,aead:i.preferredAEADAlgorithm,compression:i.preferredCompressionAlgorithm}[e],o={symmetric:"preferredSymmetricAlgorithms",aead:"preferredAEADAlgorithms",compression:"preferredCompressionAlgorithms"}[e];return(await Promise.all(t.map((async function(e,t){const a=(await e.getPrimaryUser(r,n[t],i)).selfCertification[o];return!!a&&a.indexOf(s)>=0})))).every(Boolean)?s:a}async function Yh(e,t,r,n,i,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const h=new ch;return Object.assign(h,n),h.publicKeyAlgorithm=r.algorithm,h.hashAlgorithm=await Xh(t,r,i,a,c),h.rawNotations=s,await h.sign(r,e,i,o),h}async function Jh(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return X.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function eu(e,t,r,n,i,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(n.map((async function(e){try{i&&!e.issuerKeyID.equals(i.issuerKeyID)||(await e.verify(a,t,r,o.revocationsExpire?s:null,!1,o),c.push(e.issuerKeyID))}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function tu(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function ru(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=X.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=$.write($.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==$.curve.ed25519Legacy&&e.curve!==$.curve.curve25519Legacy||(e.curve=e.sign?$.curve.ed25519Legacy:$.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===$.curve.ed25519Legacy?$.publicKey.eddsaLegacy:$.publicKey.ecdsa:e.algorithm=$.publicKey.ecdh;break;case"rsa":e.algorithm=$.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function nu(e,t){const r=e.algorithm;return r!==$.publicKey.rsaEncrypt&&r!==$.publicKey.elgamal&&r!==$.publicKey.ecdh&&r!==$.publicKey.x25519&&(!t.keyFlags||0!=(t.keyFlags[0]&$.keyFlags.signData))}function iu(e,t){const r=e.algorithm;return r!==$.publicKey.dsa&&r!==$.publicKey.rsaSign&&r!==$.publicKey.ecdsa&&r!==$.publicKey.eddsaLegacy&&r!==$.publicKey.ed25519&&(!t.keyFlags||0!=(t.keyFlags[0]&$.keyFlags.encryptCommunication)||0!=(t.keyFlags[0]&$.keyFlags.encryptStorage))}function au(e,t){return!!t.allowInsecureDecryptionWithSigningKeys||(!e.keyFlags||0!=(e.keyFlags[0]&$.keyFlags.encryptCommunication)||0!=(e.keyFlags[0]&$.keyFlags.encryptStorage))}function su(e,t){const r=$.write($.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:case $.publicKey.rsaEncrypt:if(n.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,a.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,$.signature.certGeneric,s,r,void 0,n)}catch(e){throw X.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(n,$.signature.certGeneric,i,e,void 0,t)}catch(e){throw X.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await Jh(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,$.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await Jh(e,this,"otherCertifications",t),await Jh(e,this,"revocationSignatures",t,(function(e){return eu(n,$.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=$.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=ie){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new ou(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await Yh(a,null,e,{signatureType:$.signature.certRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await s.update(this),s}}class cu{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new yh;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new cu(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=ie){const i=this.mainKey.keyPacket;return eu(i,$.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=ie){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await Wh(this.bindingSignatures,r,$.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if($h(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=ie){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await Wh(this.bindingSignatures,r,$.signature.subkeyBinding,n,e,t)}catch(e){return null}const a=tu(this.keyPacket,i),s=i.getExpirationTime();return ai.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,$.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await Jh(e,this,"revocationSignatures",t,(function(e){return eu(n,$.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=$.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=ie){const a={key:e,bind:this.keyPacket},s=new cu(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Yh(a,null,e,{signatureType:$.signature.subkeyRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{cu.prototype[e]=function(){return this.keyPacket[e]()}}));const hu=/*#__PURE__*/X.constructAllowedPackets([ch]),uu=new Set([$.packet.publicKey,$.packet.privateKey]),lu=new Set([$.packet.publicKey,$.packet.privateKey,$.packet.publicSubkey,$.packet.privateSubkey]);class yu{packetListToStructure(e,t=new Set){let r,n,i,a;for(const s of e){if(s instanceof gi){lu.has(s.tag)&&!a&&(a=uu.has(s.tag)?uu:lu);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case $.packet.publicKey:case $.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case $.packet.userID:case $.packet.userAttribute:r=new ou(s,this),this.users.push(r);break;case $.packet.publicSubkey:case $.packet.secretSubkey:r=null,i=new cu(s,this),this.subkeys.push(i);break;case $.packet.signature:switch(s.signatureType){case $.signature.certGeneric:case $.signature.certPersona:case $.signature.certCasual:case $.signature.certPositive:if(!r){X.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(n)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case $.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case $.signature.key:this.directSignatures.push(s);break;case $.signature.subkeyBinding:if(!i){X.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(s);break;case $.signature.keyRevocation:this.revocationSignatures.push(s);break;case $.signature.subkeyRevocation:if(!i){X.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(s)}}}}toPacketList(){const e=new yh;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=ie){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},a=await Wh(r.bindingSignatures,i,$.signature.subkeyBinding,e,t,n);if(!nu(r.keyPacket,a))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await Wh([a.embeddedSignature],r.keyPacket,$.signature.keyBinding,e,t,n),su(r.keyPacket,n),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,n);if((!e||i.getKeyID().equals(e))&&nu(i,a.selfCertification))return su(i,n),this}catch(e){s=e}throw X.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},n=ie){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},a=await Wh(r.bindingSignatures,i,$.signature.subkeyBinding,e,t,n);if(iu(r.keyPacket,a))return su(r.keyPacket,n),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,n);if((!e||i.getKeyID().equals(e))&&iu(i,a.selfCertification))return su(i,n),this}catch(e){s=e}throw X.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,n=ie){return eu(this.keyPacket,$.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=ie){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");const{selfCertification:i}=await this.getPrimaryUser(e,t,r);if($h(n,i,e))throw Error("Primary key is expired");const a=await Wh(this.directSignatures,n,$.signature.key,{key:n},e,r).catch((()=>{}));if(a&&$h(n,a,e))throw Error("Primary key is expired")}async getExpirationTime(e,t=ie){let r;try{const{selfCertification:n}=await this.getPrimaryUser(null,e,t),i=tu(this.keyPacket,n),a=n.getExpirationTime(),s=await Wh(this.directSignatures,this.keyPacket,$.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=tu(this.keyPacket,s);r=Math.min(i,a,e)}else r=ie.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await Jh(e,n,"revocationSignatures",t,(i=>eu(n.keyPacket,$.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await Jh(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=ie){const r={key:this.keyPacket},n=await Wh(this.revocationSignatures,this.keyPacket,$.signature.keyRevocation,r,e,t),i=new yh;return i.push(n),de($.armor.publicKey,i.write(),null,null,"This is a revocation certificate")}async applyRevocationCertificate(e,t=new Date,r=ie){const n=await ye(e,r),i=(await yh.fromBinary(n.data,hu,r)).findPacket($.packet.signature);if(!i||i.signatureType!==$.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,$.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw X.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(i),a}async signPrimaryUser(e,t,r,n=ie){const{index:i,user:a}=await this.getPrimaryUser(t,r,n),s=await a.certify(e,t,n),o=this.clone();return o.users[i]=s,o}async signAllUsers(e,t=new Date,r=ie){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=ie){const i=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,n);return e?await a.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await a.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=ie){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];i.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{yu.prototype[e]=cu.prototype[e]}));class du extends yu{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([$.packet.secretKey,$.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=ie){return de($.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,e)}}class pu extends du{constructor(e){if(super(),this.packetListToStructure(e,new Set([$.packet.publicKey,$.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new yh,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case $.packet.secretKey:{const t=Dh.fromSecretKeyPacket(r);e.push(t);break}case $.packet.secretSubkey:{const t=Bh.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new du(e)}armor(e=ie){return de($.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,e)}async getDecryptionKeys(e,t=new Date,r={},n=ie){const i=this.keyPacket,a=[];for(let r=0;re.isDecrypted()))}async validate(e=ie){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=$.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=ie){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await Yh(i,null,this.keyPacket,{signatureType:$.signature.keyRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),a}async addSubkey(e={}){const t={...ie,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}const s=Nh.fromObject(t),o={};o.userID=s,o.key=e;const c={};c.signatureType=$.signature.certGeneric,c.keyFlags=[$.keyFlags.certifyKeys|$.keyFlags.signData],c.preferredSymmetricAlgorithms=a([$.symmetric.aes256,$.symmetric.aes128,$.symmetric.aes192],n.preferredSymmetricAlgorithm),n.aeadProtect&&(c.preferredAEADAlgorithms=a([$.aead.eax,$.aead.ocb],n.preferredAEADAlgorithm)),c.preferredHashAlgorithms=a([$.hash.sha256,$.hash.sha512],n.preferredHashAlgorithm),c.preferredCompressionAlgorithms=a([$.compression.zlib,$.compression.zip,$.compression.uncompressed],n.preferredCompressionAlgorithm),0===i&&(c.isPrimaryUserID=!0),c.features=[0],c.features[0]|=$.features.modificationDetection,n.aeadProtect&&(c.features[0]|=$.features.aead),n.v5Keys&&(c.features[0]|=$.features.v5Keys),r.keyExpirationTime>0&&(c.keyExpirationTime=r.keyExpirationTime,c.keyNeverExpires=!1);return{userIDPacket:s,signaturePacket:await Yh(o,null,e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const a=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await Zh(t,e,a,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const a={key:e};return i.push(await Yh(a,null,e,{signatureType:$.signature.keyRevocation,reasonForRevocationFlag:$.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new pu(i)}async function wu({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...ie,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!X.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!X.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let a;if(e){const{type:t,data:n}=await ye(e,r);if(t!==$.armor.publicKey&&t!==$.armor.privateKey)throw Error("Armored text not of type key");a=n}else a=t;return gu(await yh.fromBinary(a,fu,r))}async function bu({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...ie,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!X.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!X.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let a;if(e){const{type:t,data:n}=await ye(e,r);if(t!==$.armor.privateKey)throw Error("Armored text not of type private key");a=n}else a=t;const s=await yh.fromBinary(a,fu,r);return new pu(s)}async function ku({armoredKeys:e,binaryKeys:t,config:r,...n}){r={...ie,...r};let i=e||t;if(!i)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!X.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!X.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:n}=await ye(e,r);if(t!==$.armor.publicKey&&t!==$.armor.privateKey)throw Error("Armored text not of type key");i=n}const s=[],o=await yh.fromBinary(i,fu,r),c=o.indexOfTag($.packet.publicKey,$.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag($.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=ie){const a=r||await this.decryptSessionKeys(e,t,n,i),s=this.packets.filterByTag($.packet.symmetricallyEncryptedData,$.packet.symEncryptedIntegrityProtectedData,$.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const o=s[0];let c=null;const h=Promise.all(a.map((async({algorithm:e,data:t})=>{if(!X.isUint8Array(t)||!X.isString(e))throw Error("Invalid session key for decryption.");try{const r=$.write($.symmetric,e);await o.decrypt(r,t,i)}catch(e){X.printDebugError(e),c=e}})));if(j(o.encrypted),o.encrypted=null,await h,!o.packets||!o.packets.length)throw c||Error("Decryption failed.");const u=new Su(o.packets);return o.packets=new yh,u}async decryptSessionKeys(e,t,r=new Date,n=ie){let i,a=[];if(t){const e=this.packets.filterByTag($.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await yh.fromBinary(e.write(),_u,n):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){X.printDebugError(e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag($.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let s=[$.symmetric.aes256,$.symmetric.aes128,$.symmetric.tripledes,$.symmetric.cast5];try{const t=await e.getPrimaryUser(r,void 0,n);t.selfCertification.preferredSymmetricAlgorithms&&(s=s.concat(t.selfCertification.preferredSymmetricAlgorithms))}catch(e){}const o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,n)).map((e=>e.keyPacket));await Promise.all(o.map((async function(e){if(!e||e.isDummy())return;if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(n.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===$.publicKey.rsaEncrypt||t.publicKeyAlgorithm===$.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===$.publicKey.rsaSign||t.publicKeyAlgorithm===$.publicKey.elgamal)){const r=t.write();await Promise.all(Array.from(n.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map((async t=>{const n=new Kh;n.read(r);const s={sessionKeyAlgorithm:t,sessionKey:ma.generateSessionKey(t)};try{await n.decrypt(e,s),a.push(n)}catch(e){X.printDebugError(e),i=e}})))}else try{if(await t.decrypt(e),!s.includes($.write($.symmetric,t.sessionKeyAlgorithm)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){X.printDebugError(e),i=e}})))}))),j(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+X.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:$.read($.symmetric,e.sessionKeyAlgorithm)})))}throw i||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=ie){const i=await Qh("symmetric",e,t,r,n),a=$.read($.symmetric,i),s=n.aeadProtect&&await async function(e,t=new Date,r=[],n=ie){let i=!0;return await Promise.all(e.map((async function(e,a){const s=await e.getPrimaryUser(t,r[a],n);s.selfCertification.features&&s.selfCertification.features[0]&$.features.aead||(i=!1)}))),i}(e,t,r,n)?$.read($.aead,await Qh("aead",e,t,r,n)):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&e.keyPacket.algorithm===$.publicKey.x25519&&!X.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ma.generateSessionKey(i),algorithm:a,aeadAlgorithm:s}}async encrypt(e,t,r,n=!1,i=[],a=new Date,s=[],o=ie){if(r){if(!X.isUint8Array(r.data)||!X.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Su.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Su.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:h,aeadAlgorithm:u}=r,l=await Su.encryptSessionKey(c,h,u,e,t,n,i,a,s,o);let y;u?(y=new Sh,y.aeadAlgorithm=$.write($.aead,u)):y=new _h,y.packets=this.packets;const d=$.write($.symmetric,h);return await y.encrypt(d,c,o),l.packets.push(y),y.packets=new yh,l}static async encryptSessionKey(e,t,r,n,i,a=!1,s=[],o=new Date,c=[],h=ie){const u=new yh,l=$.write($.symmetric,t),y=r&&$.write($.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(s[r],o,c,h),i=new Kh;return i.publicKeyID=a?pe.wildcard():n.getKeyID(),i.publicKeyAlgorithm=n.keyPacket.algorithm,i.sessionKey=e,i.sessionKeyAlgorithm=l,await i.encrypt(n.keyPacket),delete i.sessionKey,i})));u.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,a,s,o){const c=new Uh(h);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,h),h.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(i.map((t=>n(e,l,y,t))));u.push(...a)}return new Su(u)}async sign(e=[],t=null,r=[],n=new Date,i=[],a=[],s=ie){const o=new yh,c=this.packets.findPacket($.packet.literalData);if(!c)throw Error("No literal data packet to sign.");let h,u;const l=null===c.text?$.signature.binary:$.signature.text;if(t)for(u=t.packets.filterByTag($.packet.signature),h=u.length-1;h>=0;h--){const t=u[h],r=new uh;r.signatureType=t.signatureType,r.hashAlgorithm=t.hashAlgorithm,r.publicKeyAlgorithm=t.publicKeyAlgorithm,r.issuerKeyID=t.issuerKeyID,e.length||0!==h||(r.flags=1),o.push(r)}return await Promise.all(Array.from(e).reverse().map((async function(t,a){if(!t.isPrivate())throw Error("Need private key for signing");const o=r[e.length-1-a],c=await t.getSigningKey(o,n,i,s),h=new uh;return h.signatureType=l,h.hashAlgorithm=await Xh(t,c.keyPacket,n,i,s),h.publicKeyAlgorithm=c.keyPacket.algorithm,h.issuerKeyID=c.getKeyID(),a===e.length-1&&(h.flags=1),h}))).then((e=>{e.forEach((e=>o.push(e)))})),o.push(c),o.push(...await Ku(c,e,t,r,n,i,a,!1,s)),new Su(o)}compress(e,t=ie){if(e===$.compression.uncompressed)return this;const r=new ph(t);r.algorithm=e,r.packets=this.packets;const n=new yh;return n.push(r),new Su(n)}async signDetached(e=[],t=null,r=[],n=new Date,i=[],a=[],s=ie){const o=this.packets.findPacket($.packet.literalData);if(!o)throw Error("No literal data packet to sign.");return new jh(await Ku(o,e,t,r,n,i,a,!0,s))}async verify(e,t=new Date,r=ie){const n=this.unwrapCompressed(),i=n.packets.filterByTag($.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");s(n.packets.stream)&&n.packets.push(...await H(n.packets.stream,(e=>e||[])));const a=n.packets.filterByTag($.packet.onePassSignature).reverse(),o=n.packets.filterByTag($.packet.signature);return a.length&&!o.length&&X.isStream(n.packets.stream)&&!s(n.packets.stream)?(await Promise.all(a.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=q((async()=>(await e.correspondingSig).signatureData)),e.hashed=H(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),n.packets.stream=R(n.packets.stream,(async(e,t)=>{const r=D(e),n=C(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await n.abort(e)}})),xu(a,i,e,t,!1,r)):xu(o,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=ie){const i=this.unwrapCompressed().packets.filterByTag($.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return xu(e.packets.filterByTag($.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag($.packet.compressedData);return e.length?new Su(e[0].packets):this}async appendSignature(e,t=ie){await this.packets.read(X.isUint8Array(e)?e:(await ye(e)).data,Eu,t)}write(){return this.packets.write()}armor(e=ie){return de($.armor.message,this.write(),null,null,null,e)}}async function Ku(e,t,r=null,n=[],i=new Date,a=[],s=[],o=!1,c=ie){const h=new yh,u=null===e.text?$.signature.binary:$.signature.text;if(await Promise.all(t.map((async(t,r)=>{const h=a[r];if(!t.isPrivate())throw Error("Need private key for signing");const l=await t.getSigningKey(n[r],i,h,c);return Yh(e,t,l.keyPacket,{signatureType:u},i,h,s,o,c)}))).then((e=>{h.push(...e)})),r){const e=r.packets.filterByTag($.packet.signature);h.push(...e)}return h}async function xu(e,t,r,n=new Date,i=!1,a=ie){return Promise.all(e.filter((function(e){return["text","binary"].includes($.read($.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,a=ie){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof uh?e.correspondingSig:e,h={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),n,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new yh;return e&&t.push(e),new jh(t)})()};return h.signature.catch((()=>{})),h.verified.catch((()=>{})),h}(e,t,r,n,i,a)})))}async function Pu({armoredMessage:e,binaryMessage:t,config:r,...n}){r={...ie,...r};let i=e||t;if(!i)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!X.isString(e)&&!X.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!X.isUint8Array(t)&&!X.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=X.isStream(i);if(s&&(await S(),i=x(i)),e){const{type:e,data:t}=await ye(i,r);if(e!==$.armor.message)throw Error("Armored text not of type message");i=t}const o=await yh.fromBinary(i,Au,r),c=new Su(o);return c.fromStream=s,c}async function Uu({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...a}){let s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!X.isString(e)&&!X.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!X.isUint8Array(t)&&!X.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=X.isStream(s);c&&(await S(),s=x(s));const h=new ah(n);void 0!==e?h.setText(s,$.write($.literal,i)):h.setBytes(s,$.write($.literal,i)),void 0!==r&&h.setFilename(r);const u=new yh;u.push(h);const l=new Su(u);return l.fromStream=c,l}const Du=/*#__PURE__*/X.constructAllowedPackets([ch]);class Cu{constructor(e,t){if(this.text=X.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof jh))throw Error("Invalid signature input");this.signature=t||new jh(new yh)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=null,r=[],n=new Date,i=[],a=[],s=ie){const o=new ah;o.setText(this.text);const c=new jh(await Ku(o,e,t,r,n,i,a,!0,s));return new Cu(this.text,c)}verify(e,t=new Date,r=ie){const n=this.signature.packets.filterByTag($.packet.signature),i=new ah;return i.setText(this.text),xu(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=ie){let t=this.signature.packets.map((function(e){return $.read($.hash,e.hashAlgorithm).toUpperCase()}));t=t.filter((function(e,t,r){return r.indexOf(e)===t}));const r={hash:t.join(),text:this.text,data:this.signature.packets.write()};return de($.armor.signed,r,void 0,void 0,void 0,e)}}async function Iu({cleartextMessage:e,config:t,...r}){if(t={...ie,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!X.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await ye(e);if(i.type!==$.armor.signed)throw Error("No cleartext signed message.");const a=await yh.fromBinary(i.data,Du,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n0)throw Error("Unknown option: "+r.join(", "));return new Cu(e)}async function Bu({userIDs:e=[],passphrase:t,type:r="ecc",rsaBits:n=4096,curve:i="curve25519",keyExpirationTime:a=0,date:s=new Date,subkeys:o=[{}],format:c="armored",config:h,...u}){Xu(h={...ie,...h}),e=Qu(e);const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(0===e.length)throw Error("UserIDs are required for key generation");if("rsa"===r&&nru(e.subkeys[r],e)));let r=[Vh(e,t)];r=r.concat(e.subkeys.map((e=>Gh(e,t))));const n=await Promise.all(r),i=await mu(n[0],n.slice(1),e,t),a=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:a}}(y,h);return e.getKeys().forEach((({keyPacket:e})=>su(e,h))),{privateKey:el(e,c,h),publicKey:el(e.toPublic(),c,h),revocationCertificate:t}}catch(e){throw X.wrapError("Error generating keypair",e)}}async function zu({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:a="armored",config:s,...o}){Xu(s={...ie,...s}),t=Qu(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length)throw Error("UserIDs are required for key reformat");const h={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},a=await Wh(e.bindingSignatures,n,$.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&$.keyFlags.signData}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await mu(n,i,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=X.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(h,s);return{privateKey:el(e,a,s),publicKey:el(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw X.wrapError("Error reformatting keypair",e)}}async function Ru({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:a,...s}){Xu(a={...ie,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,n,a):await e.revoke(r,n,a);return s.isPrivate()?{privateKey:el(s,i,a),publicKey:el(s.toPublic(),i,a)}:{privateKey:null,publicKey:el(s,i,a)}}catch(e){throw X.wrapError("Error revoking key",e)}}async function Mu({privateKey:e,passphrase:t,config:r,...n}){Xu(r={...ie,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=X.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>X.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),X.wrapError("Error decrypting private key",e)}}async function Lu({privateKey:e,passphrase:t,config:r,...n}){Xu(r={...ie,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=X.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),X.wrapError("Error encrypting private key",e)}}async function Nu({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:h=[],date:u=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:d=[],config:p,...f}){if(Xu(p={...ie,...p}),Vu(e),$u(a),t=Qu(t),r=Qu(r),n=Qu(n),c=Qu(c),h=Qu(h),l=Qu(l),y=Qu(y),d=Qu(d),f.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(f.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(f.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==f.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const g=Object.keys(f);if(g.length>0)throw Error("Unknown option: "+g.join(", "));r||(r=[]);const m=e.fromStream;try{if((r.length||s)&&(e=await e.sign(r,s,c,u,l,d,p)),e=e.compress(await Qh("compression",t,u,y,p),p),e=await e.encrypt(t,n,i,o,h,u,y,p),"object"===a)return e;const f="armored"===a;return Yu(f?e.armor(p):e.write(),m,f?"utf8":"binary")}catch(e){throw X.wrapError("Error encrypting message",e)}}async function Ou({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:h,...u}){if(Xu(h={...ie,...h}),Vu(e),i=Qu(i),t=Qu(t),r=Qu(r),n=Qu(n),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(u.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const u=await e.decrypt(t,r,n,c,h);i||(i=[]);const l={};if(l.signatures=o?await u.verifyDetached(o,i,c,h):await u.verify(i,c,h),l.data="binary"===s?u.getLiteralData():u.getText(),l.filename=u.getFilename(),Ju(l,e),a){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=U([l.data,q((async()=>{await X.anyPromise(l.signatures.map((e=>e.verified)))}))])}return l.data=await Yu(l.data,e.fromStream,s),l}catch(e){throw X.wrapError("Error decrypting message",e)}}async function Fu({message:e,signingKeys:t,format:r="armored",detached:n=!1,signingKeyIDs:i=[],date:a=new Date,signingUserIDs:s=[],signatureNotations:o=[],config:c,...h}){if(Xu(c={...ie,...c}),Wu(e),$u(r),t=Qu(t),i=Qu(i),s=Qu(s),o=Qu(o),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==h.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const u=Object.keys(h);if(u.length>0)throw Error("Unknown option: "+u.join(", "));if(e instanceof Cu&&"binary"===r)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Cu&&n)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let h;if(h=n?await e.signDetached(t,void 0,i,a,s,o,c):await e.sign(t,void 0,i,a,s,o,c),"object"===r)return h;const u="armored"===r;return h=u?h.armor(c):h.write(),n&&(h=R(e.packets.write(),(async(e,t)=>{await Promise.all([I(h,t),H(e).catch((()=>{}))])}))),Yu(h,e.fromStream,u?"utf8":"binary")}catch(e){throw X.wrapError("Error signing message",e)}}async function Hu({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:a=new Date,config:s,...o}){if(Xu(s={...ie,...s}),Wu(e),t=Qu(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Cu&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Cu&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,a,s):await e.verify(t,a,s),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&Ju(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=U([o.data,q((async()=>{await X.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Yu(o.data,e.fromStream,n),o}catch(e){throw X.wrapError("Error verifying signed message",e)}}async function ju({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(Xu(n={...ie,...n}),e=Qu(e),r=Qu(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await Su.generateSessionKey(e,t,r,n)}catch(e){throw X.wrapError("Error generating session key",e)}}async function qu({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:h=[],config:u,...l}){if(Xu(u={...ie,...u}),function(e,t){if(!X.isUint8Array(e))throw Error("Parameter ["+(t||"data")+"] must be of type Uint8Array")}(e),function(e,t){if(!X.isString(e))throw Error("Parameter ["+(t||"data")+"] must be of type String")}(t,"algorithm"),$u(a),n=Qu(n),i=Qu(i),o=Qu(o),h=Qu(h),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return el(await Su.encryptSessionKey(e,t,r,n,i,s,o,c,h,u),a,u)}catch(e){throw X.wrapError("Error encrypting session key",e)}}async function Gu({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...a}){if(Xu(i={...ie,...i}),Vu(e),t=Qu(t),r=Qu(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,n,i)}catch(e){throw X.wrapError("Error decrypting session keys",e)}}function Vu(e){if(!(e instanceof Su))throw Error("Parameter [message] needs to be of type Message")}function Wu(e){if(!(e instanceof Cu||e instanceof Su))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function $u(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Zu=Object.keys(ie).length;function Xu(e){const t=Object.keys(e);if(t.length!==Zu)for(const e of t)if(void 0===ie[e])throw Error("Unknown config property: "+e)}function Qu(e){return e&&!X.isArray(e)&&(e=[e]),e}async function Yu(e,t,r="utf8"){const n=X.isStream(e);return"array"===n?H(e):"node"===t?(e=g(e),"binary"!==r&&e.setEncoding(r),e):"web"===t&&"ponyfill"===n?v(e):e}function Ju(e,t){e.data=R(t.packets.stream,(async(t,r)=>{await I(e.data,r,{preventClose:!0});const n=C(r);try{await H(t,(e=>e)),await n.close()}catch(e){await n.abort(e)}}))}function el(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Sh as AEADEncryptedDataPacket,Cu as CleartextMessage,ph as CompressedDataPacket,ah as LiteralDataPacket,Th as MarkerPacket,Su as Message,uh as OnePassSignaturePacket,yh as PacketList,pu as PrivateKey,du as PublicKey,Kh as PublicKeyEncryptedSessionKeyPacket,Dh as PublicKeyPacket,Bh as PublicSubkeyPacket,Rh as SecretKeyPacket,Oh as SecretSubkeyPacket,jh as Signature,ch as SignaturePacket,cu as Subkey,_h as SymEncryptedIntegrityProtectedDataPacket,Uh as SymEncryptedSessionKeyPacket,Ih as SymmetricallyEncryptedDataPacket,Fh as TrustPacket,gi as UnparseablePacket,zh as UserAttributePacket,Nh as UserIDPacket,Mt as _,tt as a,de as armor,At as b,rt as c,ie as config,Tu as createCleartextMessage,Uu as createMessage,gt as d,Ou as decrypt,Mu as decryptKey,Gu as decryptSessionKeys,zt as e,Nu as encrypt,Lu as encryptKey,qu as encryptSessionKey,$ as enums,yr as f,Yt as g,Bu as generateKey,ju as generateSessionKey,it as i,Je as m,xr as r,Iu as readCleartextMessage,wu as readKey,ku as readKeys,Pu as readMessage,bu as readPrivateKey,vu as readPrivateKeys,qh as readSignature,zu as reformatKey,Ru as revokeKey,Fu as sign,dt as u,ye as unarmor,Hu as verify}; +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),n=Symbol("readingIndex");class s extends Array{constructor(){super(),Object.setPrototypeOf(this,s.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function o(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function c(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function u(e){return Uint8Array.prototype.isPrototypeOf(e)}function h(e){if(1===e.length)return e[0];let t=0;for(let r=0;r(await this[t],this[n]===this.length?{value:void 0,done:!0}:{value:this[this[n]++],done:!1})}},s.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[n]));return this.length=0,r},s.prototype.clone=function(){const e=new s;return e[t]=this[t].then((()=>{e.push(...this)})),e},o.prototype.write=async function(e){this.stream.push(e)},o.prototype.close=async function(){this.stream[r]()},o.prototype.abort=async function(e){return this.stream[i](e),e},o.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const y=new WeakSet,l=Symbol("externalBuffer");function p(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(c(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||y.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{y.add(e)}catch(e){}}}function g(e){return c(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(c(e))return e;const t=new s;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function f(e){return e.some((e=>c(e)&&!a(e)))?function(e){e=e.map(g);const t=b((async function(e){await Promise.all(i.map((t=>D(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>v(i,((i,s)=>(r=r.then((()=>m(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new s;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>m(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):h(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(c(e)&&!a(e)){e=g(e);try{if(e[l]){const r=C(t);for(let t=0;t{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function k(e,t=()=>{},r=()=>{}){if(a(e)){const i=new s;return(async()=>{const n=C(i);try{const i=await U(e),s=t(i),a=r();let o;o=void 0!==s&&void 0!==a?f([s,a]):void 0!==s?s:a,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(c(e))return w(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?f([i,n]):void 0!==i?i:n}function v(e,t){if(c(e)&&!a(e)){let r;const i=new TransformStream({start(e){r=e}}),n=m(e,i.writable),s=b((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,s.writable),s.readable}e=d(e);const r=new s;return t(e,r),r}function A(e,t){let r;const i=v(e,((e,n)=>{const s=I(e);s.remainder=()=>(s.releaseLock(),m(e,n),i),r=t(s)}));return r}function K(e){if(a(e))return e.clone();if(c(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(c(e)){const t=g(e).tee();return t[0][l]=t[1][l]=e[l],t}return[P(e),P(e)]}(e);return S(e,t[0]),t[1]}return P(e)}function E(e){return a(e)?K(e):c(e)?new ReadableStream({start(t){const r=v(e,(async(e,r)=>{const i=I(e),n=C(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));S(e,r)}}):P(e)}function S(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function P(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(c(e)){if(t>=0&&r>=0){let i=0;return w(e,{transform(e,n){i=t&&n.enqueue(P(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return k(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>P(f(i),t,r)))}if(0===t&&r<0){let i;return k(e,(e=>{const n=i?f([i,e]):e;if(n.length>=-r)return i=P(n,r),P(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),x((async()=>P(await U(e),t,r)))}return e[l]&&(e=f(e[l].concat([e]))),u(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function U(e,t=f){return a(e)?e.readToEnd(t):c(e)?I(e).readToEnd(t):e}async function D(e,t){if(c(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function x(e){const t=new s;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function I(e){return new p(e)}function C(e){return new o(e)}p.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},p.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},p.prototype.cancel=function(e){return this._cancel(e)},p.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?f(t):void 0;const n=i.indexOf("\n")+1;n&&(e=f(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},p.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(P(t,1)),r},p.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?f(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=f(t);return this.unshift(P(r,e)),P(r,0,e)}}},p.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},p.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&u(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},p.prototype.readToEnd=async function(e=f){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const B=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[B]||(e[B]=[],Object.entries(e).forEach((([t,r])=>{e[B][r]=t}))),void 0!==e[B][t])return e[B][t];throw Error("Invalid enum value.")}},M={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.0.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const L=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:u,isStream:c,getNobleCurve:async(e,t)=>{if(!M.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.lengtht)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return k(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return k(e,r,(()=>r(new Uint8Array,!0)))},concat:f,concatUint8Array:h,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return k(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let s=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return k(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let s=0;for(let i=0;i{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,s=N(t.subarray(0,n));for(let e=0;et.length?N(t)+"\n":""))}function O(e){let t="";return k(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const s=z(t.substr(0,n));return t=t.substr(n),s}),(()=>z(t)))}function H(e){return O(e.replace(/-/g,"+").replace(/_/g,"/"))}function _(e,t){let r=j(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function G(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function q(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function V(e){const t=function(e){let t=13501623;return k(e,(e=>{const r=$?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^W[1][t>>16&255]^W[2][t>>8&255]^W[3][255&t];for(let i=4*r;i>8^W[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return j(t)}R?(N=e=>R.from(e).toString("base64"),z=e=>{const t=R.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(N=e=>btoa(F.uint8ArrayToString(e)),z=e=>F.stringToUint8Array(atob(e)));const W=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);W[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)W[1][e]=W[0][e]>>8^W[0][255&W[0][e]];for(let e=0;e<=255;e++)W[2][e]=W[1][e]>>8^W[0][255&W[1][e]];for(let e=0;e<=255;e++)W[3][e]=W[2][e]>>8^W[0][255&W[2][e]];const $=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Q(e){for(let t=0;t=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function Y(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,n=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,u=a,h=[];const y=O(v(e,(async(e,l)=>{const p=I(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==T.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,Q(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),n.test(e)){if(Q(u),o=!0,c||s!==T.armor.signed){t({text:h,data:y,headers:a,type:s});break}}else u.push(e);else i.test(e)&&(s=G(e))}}catch(e){return void r(e)}const g=C(l);try{for(;;){await g.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const n=X(t[0].slice(0,-1));await g.write(n);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await U(e.data)),e)))}function Z(e,t,r,i,n,s=!1,a=M){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=s&&E(t),h=[];switch(e){case T.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case T.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(q(n,a)),h.push(j(t)),u&&h.push("=",V(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}async function J(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported cipher algorithm");return r}default:throw Error("Unsupported cipher algorithm")}}function ee(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function te(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function re(e){return{keySize:te(e),blockSize:ee(e)}}var ie=/*#__PURE__*/Object.freeze({__proto__:null,getCipherParams:re,getLegacyCipher:J});function ne(e,t){let r=e[0],i=e[1],n=e[2],s=e[3];r=ae(r,i,n,s,t[0],7,-680876936),s=ae(s,r,i,n,t[1],12,-389564586),n=ae(n,s,r,i,t[2],17,606105819),i=ae(i,n,s,r,t[3],22,-1044525330),r=ae(r,i,n,s,t[4],7,-176418897),s=ae(s,r,i,n,t[5],12,1200080426),n=ae(n,s,r,i,t[6],17,-1473231341),i=ae(i,n,s,r,t[7],22,-45705983),r=ae(r,i,n,s,t[8],7,1770035416),s=ae(s,r,i,n,t[9],12,-1958414417),n=ae(n,s,r,i,t[10],17,-42063),i=ae(i,n,s,r,t[11],22,-1990404162),r=ae(r,i,n,s,t[12],7,1804603682),s=ae(s,r,i,n,t[13],12,-40341101),n=ae(n,s,r,i,t[14],17,-1502002290),i=ae(i,n,s,r,t[15],22,1236535329),r=oe(r,i,n,s,t[1],5,-165796510),s=oe(s,r,i,n,t[6],9,-1069501632),n=oe(n,s,r,i,t[11],14,643717713),i=oe(i,n,s,r,t[0],20,-373897302),r=oe(r,i,n,s,t[5],5,-701558691),s=oe(s,r,i,n,t[10],9,38016083),n=oe(n,s,r,i,t[15],14,-660478335),i=oe(i,n,s,r,t[4],20,-405537848),r=oe(r,i,n,s,t[9],5,568446438),s=oe(s,r,i,n,t[14],9,-1019803690),n=oe(n,s,r,i,t[3],14,-187363961),i=oe(i,n,s,r,t[8],20,1163531501),r=oe(r,i,n,s,t[13],5,-1444681467),s=oe(s,r,i,n,t[2],9,-51403784),n=oe(n,s,r,i,t[7],14,1735328473),i=oe(i,n,s,r,t[12],20,-1926607734),r=ce(r,i,n,s,t[5],4,-378558),s=ce(s,r,i,n,t[8],11,-2022574463),n=ce(n,s,r,i,t[11],16,1839030562),i=ce(i,n,s,r,t[14],23,-35309556),r=ce(r,i,n,s,t[1],4,-1530992060),s=ce(s,r,i,n,t[4],11,1272893353),n=ce(n,s,r,i,t[7],16,-155497632),i=ce(i,n,s,r,t[10],23,-1094730640),r=ce(r,i,n,s,t[13],4,681279174),s=ce(s,r,i,n,t[0],11,-358537222),n=ce(n,s,r,i,t[3],16,-722521979),i=ce(i,n,s,r,t[6],23,76029189),r=ce(r,i,n,s,t[9],4,-640364487),s=ce(s,r,i,n,t[12],11,-421815835),n=ce(n,s,r,i,t[15],16,530742520),i=ce(i,n,s,r,t[2],23,-995338651),r=ue(r,i,n,s,t[0],6,-198630844),s=ue(s,r,i,n,t[7],10,1126891415),n=ue(n,s,r,i,t[14],15,-1416354905),i=ue(i,n,s,r,t[5],21,-57434055),r=ue(r,i,n,s,t[12],6,1700485571),s=ue(s,r,i,n,t[3],10,-1894986606),n=ue(n,s,r,i,t[10],15,-1051523),i=ue(i,n,s,r,t[1],21,-2054922799),r=ue(r,i,n,s,t[8],6,1873313359),s=ue(s,r,i,n,t[15],10,-30611744),n=ue(n,s,r,i,t[6],15,-1560198380),i=ue(i,n,s,r,t[13],21,1309151649),r=ue(r,i,n,s,t[4],6,-145523070),s=ue(s,r,i,n,t[11],10,-1120210379),n=ue(n,s,r,i,t[2],15,718787259),i=ue(i,n,s,r,t[9],21,-343485551),e[0]=pe(r,e[0]),e[1]=pe(i,e[1]),e[2]=pe(n,e[2]),e[3]=pe(s,e[3])}function se(e,t,r,i,n,s){return t=pe(pe(t,e),pe(i,s)),pe(t<>>32-n,r)}function ae(e,t,r,i,n,s,a){return se(t&r|~t&i,e,t,n,s,a)}function oe(e,t,r,i,n,s,a){return se(t&i|r&~i,e,t,n,s,a)}function ce(e,t,r,i,n,s,a){return se(t^r^i,e,t,n,s,a)}function ue(e,t,r,i,n,s,a){return se(r^(t|~i),e,t,n,s,a)}function he(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const ye="0123456789abcdef".split("");function le(e){let t="",r=0;for(;r<4;r++)t+=ye[e>>8*r+4&15]+ye[e>>8*r&15];return t}function pe(e,t){return e+t&4294967295}const ge=F.getWebCrypto(),de=F.getNodeCrypto(),fe=de&&de.getHashes();function me(e){if(de&&fe.includes(e))return async function(t){const r=de.createHash(e);return k(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function we(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await U(e)),F.isStream(e)){const t=(await r()).create();return k(e,(e=>{t.update(e)}),(()=>t.digest()))}if(ge&&t)return new Uint8Array(await ge.digest(t,e));return(await r())(e)}}var be={md5:me("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let i;for(i=64;i<=e.length;i+=64)ne(r,he(e.substring(i-64,i)));e=e.substring(i-64);const n=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(i=0;i>2]|=e.charCodeAt(i)<<(i%4<<3);if(n[i>>2]|=128<<(i%4<<3),i>55)for(ne(r,n),i=0;i<16;i++)n[i]=0;return n[14]=8*t,ne(r,n),r}(F.uint8ArrayToString(e));return F.hexToUint8Array(function(e){for(let t=0;t0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Ae(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Ke(e,t){ve(e);const r=t.outputLen;if(e.lengthnew Uint8Array(e.buffer,e.byteOffset,e.byteLength),Se=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),Pe=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function Ue(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!ke(e))throw Error("Uint8Array expected, got "+typeof e);e=Be(e)}return e}function De(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i(Object.assign(t,e),t);function Ie(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const n=BigInt(32),s=BigInt(4294967295),a=Number(r>>n&s),o=Number(r&s);e.setUint32(t+0,a,i),e.setUint32(t+4,o,i)}function Ce(e){return e.byteOffset%4==0}function Be(e){return Uint8Array.from(e)}function Te(...e){for(let t=0;t(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Ne{constructor(e,t){this.blockLen=Me,this.outputLen=Me,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ve(e=Ue(e),16);const r=Pe(e);let i=r.getUint32(0,!1),n=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Re(i),s1:Re(n),s2:Re(s),s3:Re(a)}),({s0:i,s1:n,s2:s,s3:a}={s3:(h=s)<<31|(y=a)>>>1,s2:(u=n)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&y)});var c,u,h,y;const l=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(l))throw Error(`ghash: wrong window size=${l}, should be 2, 4 or 8`);this.W=l;const p=128/l,g=this.windowSize=2**l,d=[];for(let e=0;e>>l-a-1&1))continue;const{s0:c,s1:u,s2:h,s3:y}=o[l*e+a];r^=c,i^=u,n^=h,s^=y}d.push({s0:r,s1:i,s2:n,s3:s})}this.t=d}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:n,t:s,windowSize:a}=this;let o=0,c=0,u=0,h=0;const y=(1<>>8*e&255;for(let e=8/n-1;e>=0;e--){const r=t>>>n*e&y,{s0:i,s1:p,s2:g,s3:d}=s[l*a+r];o^=i,c^=p,u^=g,h^=d,l+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){e=Ue(e),Ae(this);const t=Se(e),r=Math.floor(e.length/Me),i=e.length%Me;for(let e=0;e>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Be(e=Ue(e)));super(r,t),Te(r)}update(e){e=Ue(e),Ae(this);const t=Se(e),r=e.length%Me,i=Math.floor(e.length/Me);for(let e=0;ee(r,t.length).update(Ue(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Oe=je(((e,t)=>new Ne(e,t)));je(((e,t)=>new ze(e,t)));const He=16,_e=new Uint8Array(He),Ge=283;function qe(e){return e<<1^Ge&-(e>>7)}function Ve(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=qe(e);return r}const We=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=qe(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return Te(e),t})(),$e=/* @__PURE__ */We.map(((e,t)=>We.indexOf(t))),Qe=e=>e<<24|e>>>8,Xe=e=>e<<8|e>>>24,Ye=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Ze(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map(Xe),n=i.map(Xe),s=n.map(Xe),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;a[h]=r[t]^i[u],o[h]=n[t]^s[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:n,T3:s,T01:a,T23:o}}const Je=/* @__PURE__ */Ze(We,(e=>Ve(e,3)<<24|e<<16|e<<8|Ve(e,2))),et=/* @__PURE__ */Ze($e,(e=>Ve(e,11)<<24|Ve(e,13)<<16|Ve(e,9)<<8|Ve(e,14))),tt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=qe(r))e[t]=r;return e})();function rt(e){ve(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=Je,i=[];Ce(e)||i.push(e=Be(e));const n=Se(e),s=n.length,a=e=>st(r,e,e,e,e),o=new Uint32Array(t+28);o.set(n);for(let e=s;e6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}return Te(...i),o}function it(e){const t=rt(e),r=t.slice(),i=t.length,{sbox2:n}=Je,{T0:s,T1:a,T2:o,T3:c}=et;for(let e=0;e>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function nt(e,t,r,i,n,s){return e[r<<8&65280|i>>>8&255]^t[n>>>8&65280|s>>>24&255]}function st(e,t,r,i,n){return e[255&t|65280&r]|e[i>>>16&255|n>>>16&65280]<<16}function at(e,t,r,i,n){const{sbox2:s,T01:a,T23:o}=Je;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let s=0;s=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=at(e,a[0],a[1],a[2],a[3]))}const p=He*Math.floor(y.length/4);if(p>>0,o.setUint32(h,l,t),({s0:p,s1:g,s2:d,s3:f}=at(e,a[0],a[1],a[2],a[3]));const m=He*Math.floor(c.length/4);if(mr(e,t),decrypt:(e,t)=>r(e,t)}}));const lt=xe({blockSize:16,nonceLength:16},(function(e,t,r={}){ve(e),ve(t,16);const i=!r.disablePadding;return{encrypt(r,n){const s=rt(e),{b:a,o,out:c}=function(e,t,r){ve(e);let i=e.length;const n=i%He;if(!t&&0!==n)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Ce(e)||(e=Be(e));const s=Se(e);if(t){let e=He-n;e||(e=He),i+=e}const a=ct(i,r);return{b:s,o:Se(a),out:a}}(r,i,n);let u=t;const h=[s];Ce(u)||h.push(u=Be(u));const y=Se(u);let l=y[0],p=y[1],g=y[2],d=y[3],f=0;for(;f+4<=a.length;)l^=a[f+0],p^=a[f+1],g^=a[f+2],d^=a[f+3],({s0:l,s1:p,s2:g,s3:d}=at(s,l,p,g,d)),o[f++]=l,o[f++]=p,o[f++]=g,o[f++]=d;if(i){const e=function(e){const t=new Uint8Array(16),r=Se(t);t.set(e);const i=He-e.length;for(let e=He-i;e16)throw Error("aes/pcks5: wrong padding");const n=e.subarray(0,-i);for(let t=0;tr(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const gt=xe({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(ve(e),ve(t),void 0!==r&&ve(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const i=16;function n(e,t,i){const n=function(e,t,r,i,n){const s=null==n?0:n.length,a=e.create(r,i.length+s);n&&a.update(n),a.update(i);const o=new Uint8Array(16),c=Pe(o);n&&Ie(c,0,BigInt(8*s),t),Ie(c,8,BigInt(8*i.length),t),a.update(o);const u=a.digest();return Te(o),u}(Oe,!1,e,i,r);for(let e=0;e=2**32)throw Error("plaintext should be less than 4gb");const r=rt(e);if(16===t.length)ft(r,t);else{const e=Se(t);let i=e[0],n=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t=2**32)throw Error("ciphertext should be less than 4gb");const r=it(e),i=t.length/8-1;if(1===i)mt(r,t);else{const e=Se(t);let n=e[0],s=e[1];for(let t=0,a=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,a--){s^=Ye(a);const{s0:i,s1:o,s2:c,s3:u}=ot(r,n,s,e[t],e[t+1]);n=i,s=o,e[t]=c,e[t+1]=u}e[0]=n,e[1]=s}r.fill(0)}},bt=new Uint8Array(8).fill(166),kt=xe({blockSize:8},(e=>({encrypt(t){if(ve(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await At.importKey("raw",this.key,r,!1,["encrypt"]);const i=await At.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),s=await this._runCBC(n);return Dt(s,i),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),Dt(i,t),this.prevBlock=i.slice(),this.i=0;const n=e.subarray(r.length);this.nextBlock.set(n,this.i),this.i+=n.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Dt(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Dt(t,e),this.clearSensitiveData(),t}}class Ut{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:n}=re(t);this.key=vt.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=xt(i),this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n}_runCFB(e){const t=xt(e),r=new Uint8Array(e.length),i=xt(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:n,s2:s,s3:a}=vt.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^n,i[e+2]=t[e+2]^s,i[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Dt(e,t){const r=Math.min(e.length,t.length);for(let i=0;inew Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));var It=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,i){const n=T.read(T.symmetric,e);if(Kt&&St[n])return function(e,t,r,i){const n=T.read(T.symmetric,e),s=new Kt.createDecipheriv(St[n],t,i);return k(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const n=new Ut(!1,e,t,i);return k(r,(e=>n.processChunk(e)),(()=>n.finish()))}return pt(t,i).decrypt(r)}(e,t,r,i);const s=new(await J(e))(t),a=s.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;rnew Uint8Array(s.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(At&&await Pt.isSupported(e)){const n=new Pt(e,t,i);return F.isStream(r)?k(r,(e=>n.encryptChunk(e)),(()=>n.finish())):n.encrypt(r)}if(F.isStream(r)){const n=new Ut(!0,e,t,i);return k(r,(e=>n.processChunk(e)),(()=>n.finish()))}return pt(t,i).encrypt(r)}(e,t,r,i);const a=new(await J(e))(t),o=a.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=a.encrypt(c);for(r=0;rn.encrypt(e),a=e=>n.decrypt(e);let o;function c(e,t,r,n){const a=t.length/Xt|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/Xt|0)-1;for(let e=i+1;e<=r;e++)o[e]=F.double(o[e-1]);i=r}(t,n);const c=F.concatUint8Array([tr.subarray(0,15-r.length),rr,r]),u=63&c[15];c[15]&=192;const h=s(c),y=F.concatUint8Array([h,er(h.subarray(0,8),h.subarray(1,9))]),l=F.shiftRight(y.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(Xt),g=new Uint8Array(t.length+Yt);let d,f=0;for(d=0;d{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function gr(e,t){const r=e%t;return ryr;){const e=i&lr;i>>=lr;s=e?s*n%r:s,n=n*n%r}return s}function fr(e){return e>=yr?e:-e}function mr(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),n=BigInt(1),s=BigInt(0),a=fr(e),o=fr(t);const c=eNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function br(e,t){return(e>>BigInt(t)&lr)===yr?0:1}function kr(e){const t=e>=lr)!==t;)r++;return r}function vr(e){const t=e>=r)!==t;)i++;return i}function Ar(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const n=i.length/2,s=new Uint8Array(r||n),a=r?r-n:0;let o=0;for(;oe&&(a=gr(a,n<gr(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return dr(t,e-Ur,e)===Ur}(e)&&!!function(e,t){const r=kr(e);t||(t=Math.max(1,r/48|0));const i=e-Ur;let n=0;for(;!br(i,n);)n++;const s=e>>BigInt(n);for(;t>0;t--){let t,r=dr(Sr(BigInt(2),i),s,e);if(r!==Ur&&r!==i){for(t=1;tBigInt(e)));const Cr=[];function Br(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!i;if(t)return F.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Mr(e,t,r){let i;if(t.length!==be.getHashByteLength(e))throw Error("Invalid hash length");const n=new Uint8Array(Cr[e].length);for(i=0;i=t)throw Error("Data too large.");const c=gr(i,s-Nr),u=gr(i,n-Nr),h=Sr(BigInt(2),t),y=dr(mr(h,t),r,t);e=gr(e*y,t);const l=dr(e,u,n),p=dr(e,c,s),g=gr(a*(p-l),s);let d=g*n+l;return d=gr(d*h,t),Tr(Ar(d,"be",vr(t)),o)}(e,t,r,i,n,s,a,o)},encrypt:async function(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=jr(t,r),n={key:i,format:"jwk",type:"pkcs1",padding:Rr.constants.RSA_PKCS1_PADDING};return new Uint8Array(Rr.publicEncrypt(n,e))}(e,t,r):async function(e,t,r){if(t=pr(t),e=pr(Br(e,vr(t))),r=pr(r),e>=t)throw Error("Message size cannot exceed modulus size");return Ar(dr(e,r,t),"be",vr(t))}(e,t,r)},generate:async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:Ar(t),hash:{name:"SHA-1"}},i=await Fr.generateKey(r,!0,["sign","verify"]);return Or(await Fr.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:wr(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Rr.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(n)}))}));return Or(i,t)}let r,i,n;do{i=Dr(e-(e>>1),t,40),r=Dr(e>>1,t,40),n=r*i}while(kr(n)!==e);const s=(r-Nr)*(i-Nr);return i=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,n,s,a,o){const c=await zr(r,i,n,s,a,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Fr.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Fr.sign("RSASSA-PKCS1-v1_5",h,t))}(T.read(T.webHash,e),t,r,i,n,s,a,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,n,s,a,o){const c=Rr.createSign(T.read(T.hash,e));c.write(t),c.end();const u=await zr(r,i,n,s,a,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,n,s,a,o);return async function(e,t,r,i){t=pr(t);const n=pr(Mr(e,i,vr(t)));return r=pr(r),Ar(dr(n,r,t),"be",vr(t))}(e,r,n,c)},validateParams:async function(e,t,r,i,n,s){if(e=pr(e),(i=pr(i))*(n=pr(n))!==e)return!1;const a=BigInt(2);if(gr(i*(s=pr(s)),n)!==BigInt(1))return!1;t=pr(t),r=pr(r);const o=Sr(a,a<=r)throw Error("Signature size cannot exceed modulus size");const s=Ar(dr(t,i,r),"be",vr(r)),a=Mr(e,n,vr(r));return F.equalsUint8Array(s,a)}(e,r,i,n,s)}});const _r=BigInt(1);var Gr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,i,n){return e=pr(e),t=pr(t),r=pr(r),Tr(Ar(gr(mr(dr(e,i=pr(i),r),r)*t,r),"be",vr(r)),n)},encrypt:async function(e,t,r,i){t=pr(t),r=pr(r),i=pr(i);const n=pr(Br(e,vr(t))),s=Sr(_r,t-_r);return{c1:Ar(dr(r,s,t)),c2:Ar(gr(dr(i,s,t)*n,t))}},validateParams:async function(e,t,r,i){if(e=pr(e),t=pr(t),r=pr(r),t<=_r||t>=e)return!1;const n=BigInt(kr(e));if(n>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=i>>24&255,e[t+5]=i>>16&255,e[t+6]=i>>8&255,e[t+7]=255&i}function si(e,t,r,i){return function(e,t,r,i,n){var s,a=0;for(s=0;s>>8)-1}(e,t,r,i,32)}function ai(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function oi(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function ci(e,t,r){for(var i,n=~(r-1),s=0;s<16;s++)i=n&(e[s]^t[s]),e[s]^=i,t[s]^=i}function ui(e,t){var r,i,n,s=Wr(),a=Wr();for(r=0;r<16;r++)a[r]=t[r];for(oi(a),oi(a),oi(a),i=0;i<2;i++){for(s[0]=a[0]-65517,r=1;r<15;r++)s[r]=a[r]-65535-(s[r-1]>>16&1),s[r-1]&=65535;s[15]=a[15]-32767-(s[14]>>16&1),n=s[15]>>16&1,s[14]&=65535,ci(a,s,1-n)}for(r=0;r<16;r++)e[2*r]=255&a[r],e[2*r+1]=a[r]>>8}function hi(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return ui(r,e),ui(i,t),si(r,0,i,0)}function yi(e){var t=new Uint8Array(32);return ui(t,e),1&t[0]}function li(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function pi(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function gi(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function di(e,t,r){var i,n,s=0,a=0,o=0,c=0,u=0,h=0,y=0,l=0,p=0,g=0,d=0,f=0,m=0,w=0,b=0,k=0,v=0,A=0,K=0,E=0,S=0,P=0,U=0,D=0,x=0,I=0,C=0,B=0,T=0,M=0,L=0,F=r[0],R=r[1],N=r[2],z=r[3],j=r[4],O=r[5],H=r[6],_=r[7],G=r[8],q=r[9],V=r[10],W=r[11],$=r[12],Q=r[13],X=r[14],Y=r[15];s+=(i=t[0])*F,a+=i*R,o+=i*N,c+=i*z,u+=i*j,h+=i*O,y+=i*H,l+=i*_,p+=i*G,g+=i*q,d+=i*V,f+=i*W,m+=i*$,w+=i*Q,b+=i*X,k+=i*Y,a+=(i=t[1])*F,o+=i*R,c+=i*N,u+=i*z,h+=i*j,y+=i*O,l+=i*H,p+=i*_,g+=i*G,d+=i*q,f+=i*V,m+=i*W,w+=i*$,b+=i*Q,k+=i*X,v+=i*Y,o+=(i=t[2])*F,c+=i*R,u+=i*N,h+=i*z,y+=i*j,l+=i*O,p+=i*H,g+=i*_,d+=i*G,f+=i*q,m+=i*V,w+=i*W,b+=i*$,k+=i*Q,v+=i*X,A+=i*Y,c+=(i=t[3])*F,u+=i*R,h+=i*N,y+=i*z,l+=i*j,p+=i*O,g+=i*H,d+=i*_,f+=i*G,m+=i*q,w+=i*V,b+=i*W,k+=i*$,v+=i*Q,A+=i*X,K+=i*Y,u+=(i=t[4])*F,h+=i*R,y+=i*N,l+=i*z,p+=i*j,g+=i*O,d+=i*H,f+=i*_,m+=i*G,w+=i*q,b+=i*V,k+=i*W,v+=i*$,A+=i*Q,K+=i*X,E+=i*Y,h+=(i=t[5])*F,y+=i*R,l+=i*N,p+=i*z,g+=i*j,d+=i*O,f+=i*H,m+=i*_,w+=i*G,b+=i*q,k+=i*V,v+=i*W,A+=i*$,K+=i*Q,E+=i*X,S+=i*Y,y+=(i=t[6])*F,l+=i*R,p+=i*N,g+=i*z,d+=i*j,f+=i*O,m+=i*H,w+=i*_,b+=i*G,k+=i*q,v+=i*V,A+=i*W,K+=i*$,E+=i*Q,S+=i*X,P+=i*Y,l+=(i=t[7])*F,p+=i*R,g+=i*N,d+=i*z,f+=i*j,m+=i*O,w+=i*H,b+=i*_,k+=i*G,v+=i*q,A+=i*V,K+=i*W,E+=i*$,S+=i*Q,P+=i*X,U+=i*Y,p+=(i=t[8])*F,g+=i*R,d+=i*N,f+=i*z,m+=i*j,w+=i*O,b+=i*H,k+=i*_,v+=i*G,A+=i*q,K+=i*V,E+=i*W,S+=i*$,P+=i*Q,U+=i*X,D+=i*Y,g+=(i=t[9])*F,d+=i*R,f+=i*N,m+=i*z,w+=i*j,b+=i*O,k+=i*H,v+=i*_,A+=i*G,K+=i*q,E+=i*V,S+=i*W,P+=i*$,U+=i*Q,D+=i*X,x+=i*Y,d+=(i=t[10])*F,f+=i*R,m+=i*N,w+=i*z,b+=i*j,k+=i*O,v+=i*H,A+=i*_,K+=i*G,E+=i*q,S+=i*V,P+=i*W,U+=i*$,D+=i*Q,x+=i*X,I+=i*Y,f+=(i=t[11])*F,m+=i*R,w+=i*N,b+=i*z,k+=i*j,v+=i*O,A+=i*H,K+=i*_,E+=i*G,S+=i*q,P+=i*V,U+=i*W,D+=i*$,x+=i*Q,I+=i*X,C+=i*Y,m+=(i=t[12])*F,w+=i*R,b+=i*N,k+=i*z,v+=i*j,A+=i*O,K+=i*H,E+=i*_,S+=i*G,P+=i*q,U+=i*V,D+=i*W,x+=i*$,I+=i*Q,C+=i*X,B+=i*Y,w+=(i=t[13])*F,b+=i*R,k+=i*N,v+=i*z,A+=i*j,K+=i*O,E+=i*H,S+=i*_,P+=i*G,U+=i*q,D+=i*V,x+=i*W,I+=i*$,C+=i*Q,B+=i*X,T+=i*Y,b+=(i=t[14])*F,k+=i*R,v+=i*N,A+=i*z,K+=i*j,E+=i*O,S+=i*H,P+=i*_,U+=i*G,D+=i*q,x+=i*V,I+=i*W,C+=i*$,B+=i*Q,T+=i*X,M+=i*Y,k+=(i=t[15])*F,a+=38*(A+=i*N),o+=38*(K+=i*z),c+=38*(E+=i*j),u+=38*(S+=i*O),h+=38*(P+=i*H),y+=38*(U+=i*_),l+=38*(D+=i*G),p+=38*(x+=i*q),g+=38*(I+=i*V),d+=38*(C+=i*W),f+=38*(B+=i*$),m+=38*(T+=i*Q),w+=38*(M+=i*X),b+=38*(L+=i*Y),s=(i=(s+=38*(v+=i*R))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),a=(i=a+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),s=(i=(s+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),a=(i=a+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),s+=n-1+37*(n-1),e[0]=s,e[1]=a,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=y,e[7]=l,e[8]=p,e[9]=g,e[10]=d,e[11]=f,e[12]=m,e[13]=w,e[14]=b,e[15]=k}function fi(e,t){di(e,t,t)}function mi(e,t){var r,i=Wr();for(r=0;r<16;r++)i[r]=t[r];for(r=253;r>=0;r--)fi(i,i),2!==r&&4!==r&&di(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}function wi(e,t,r){var i,n,s=new Uint8Array(32),a=new Float64Array(80),o=Wr(),c=Wr(),u=Wr(),h=Wr(),y=Wr(),l=Wr();for(n=0;n<31;n++)s[n]=t[n];for(s[31]=127&t[31]|64,s[0]&=248,li(a,r),n=0;n<16;n++)c[n]=a[n],h[n]=o[n]=u[n]=0;for(o[0]=h[0]=1,n=254;n>=0;--n)ci(o,c,i=s[n>>>3]>>>(7&n)&1),ci(u,h,i),pi(y,o,u),gi(o,o,u),pi(u,c,h),gi(c,c,h),fi(h,y),fi(l,o),di(o,u,o),di(u,c,y),pi(y,o,u),gi(o,o,u),fi(c,o),gi(u,h,l),di(o,u,Zr),pi(o,o,h),di(u,u,o),di(o,h,l),di(h,c,a),fi(c,y),ci(o,c,i),ci(u,h,i);for(n=0;n<16;n++)a[n+16]=o[n],a[n+32]=u[n],a[n+48]=c[n],a[n+64]=h[n];var p=a.subarray(32),g=a.subarray(16);return mi(p,p),di(g,g,p),ui(e,g),0}function bi(e,t){return wi(e,t,Qr)}var ki=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function vi(e,t,r,i){for(var n,s,a,o,c,u,h,y,l,p,g,d,f,m,w,b,k,v,A,K,E,S,P,U,D,x,I=new Int32Array(16),C=new Int32Array(16),B=e[0],T=e[1],M=e[2],L=e[3],F=e[4],R=e[5],N=e[6],z=e[7],j=t[0],O=t[1],H=t[2],_=t[3],G=t[4],q=t[5],V=t[6],W=t[7],$=0;i>=128;){for(A=0;A<16;A++)K=8*A+$,I[A]=r[K+0]<<24|r[K+1]<<16|r[K+2]<<8|r[K+3],C[A]=r[K+4]<<24|r[K+5]<<16|r[K+6]<<8|r[K+7];for(A=0;A<80;A++)if(n=B,s=T,a=M,o=L,c=F,u=R,h=N,z,l=j,p=O,g=H,d=_,f=G,m=q,w=V,W,P=65535&(S=W),U=S>>>16,D=65535&(E=z),x=E>>>16,P+=65535&(S=(G>>>14|F<<18)^(G>>>18|F<<14)^(F>>>9|G<<23)),U+=S>>>16,D+=65535&(E=(F>>>14|G<<18)^(F>>>18|G<<14)^(G>>>9|F<<23)),x+=E>>>16,P+=65535&(S=G&q^~G&V),U+=S>>>16,D+=65535&(E=F&R^~F&N),x+=E>>>16,E=ki[2*A],P+=65535&(S=ki[2*A+1]),U+=S>>>16,D+=65535&E,x+=E>>>16,E=I[A%16],U+=(S=C[A%16])>>>16,D+=65535&E,x+=E>>>16,D+=(U+=(P+=65535&S)>>>16)>>>16,P=65535&(S=v=65535&P|U<<16),U=S>>>16,D=65535&(E=k=65535&D|(x+=D>>>16)<<16),x=E>>>16,P+=65535&(S=(j>>>28|B<<4)^(B>>>2|j<<30)^(B>>>7|j<<25)),U+=S>>>16,D+=65535&(E=(B>>>28|j<<4)^(j>>>2|B<<30)^(j>>>7|B<<25)),x+=E>>>16,U+=(S=j&O^j&H^O&H)>>>16,D+=65535&(E=B&T^B&M^T&M),x+=E>>>16,y=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,b=65535&P|U<<16,P=65535&(S=d),U=S>>>16,D=65535&(E=o),x=E>>>16,U+=(S=v)>>>16,D+=65535&(E=k),x+=E>>>16,T=n,M=s,L=a,F=o=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,R=c,N=u,z=h,B=y,O=l,H=p,_=g,G=d=65535&P|U<<16,q=f,V=m,W=w,j=b,A%16==15)for(K=0;K<16;K++)E=I[K],P=65535&(S=C[K]),U=S>>>16,D=65535&E,x=E>>>16,E=I[(K+9)%16],P+=65535&(S=C[(K+9)%16]),U+=S>>>16,D+=65535&E,x+=E>>>16,k=I[(K+1)%16],P+=65535&(S=((v=C[(K+1)%16])>>>1|k<<31)^(v>>>8|k<<24)^(v>>>7|k<<25)),U+=S>>>16,D+=65535&(E=(k>>>1|v<<31)^(k>>>8|v<<24)^k>>>7),x+=E>>>16,k=I[(K+14)%16],U+=(S=((v=C[(K+14)%16])>>>19|k<<13)^(k>>>29|v<<3)^(v>>>6|k<<26))>>>16,D+=65535&(E=(k>>>19|v<<13)^(v>>>29|k<<3)^k>>>6),x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,I[K]=65535&D|x<<16,C[K]=65535&P|U<<16;P=65535&(S=j),U=S>>>16,D=65535&(E=B),x=E>>>16,E=e[0],U+=(S=t[0])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[0]=B=65535&D|x<<16,t[0]=j=65535&P|U<<16,P=65535&(S=O),U=S>>>16,D=65535&(E=T),x=E>>>16,E=e[1],U+=(S=t[1])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[1]=T=65535&D|x<<16,t[1]=O=65535&P|U<<16,P=65535&(S=H),U=S>>>16,D=65535&(E=M),x=E>>>16,E=e[2],U+=(S=t[2])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[2]=M=65535&D|x<<16,t[2]=H=65535&P|U<<16,P=65535&(S=_),U=S>>>16,D=65535&(E=L),x=E>>>16,E=e[3],U+=(S=t[3])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[3]=L=65535&D|x<<16,t[3]=_=65535&P|U<<16,P=65535&(S=G),U=S>>>16,D=65535&(E=F),x=E>>>16,E=e[4],U+=(S=t[4])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[4]=F=65535&D|x<<16,t[4]=G=65535&P|U<<16,P=65535&(S=q),U=S>>>16,D=65535&(E=R),x=E>>>16,E=e[5],U+=(S=t[5])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[5]=R=65535&D|x<<16,t[5]=q=65535&P|U<<16,P=65535&(S=V),U=S>>>16,D=65535&(E=N),x=E>>>16,E=e[6],U+=(S=t[6])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[6]=N=65535&D|x<<16,t[6]=V=65535&P|U<<16,P=65535&(S=W),U=S>>>16,D=65535&(E=z),x=E>>>16,E=e[7],U+=(S=t[7])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[7]=z=65535&D|x<<16,t[7]=W=65535&P|U<<16,$+=128,i-=128}return i}function Ai(e,t,r){var i,n=new Int32Array(8),s=new Int32Array(8),a=new Uint8Array(256),o=r;for(n[0]=1779033703,n[1]=3144134277,n[2]=1013904242,n[3]=2773480762,n[4]=1359893119,n[5]=2600822924,n[6]=528734635,n[7]=1541459225,s[0]=4089235720,s[1]=2227873595,s[2]=4271175723,s[3]=1595750129,s[4]=2917565137,s[5]=725511199,s[6]=4215389547,s[7]=327033209,vi(n,s,t,r),r%=128,i=0;i=0;--n)Ei(e,t,i=r[n/8|0]>>(7&n)&1),Ki(t,e),Ki(e,e),Ei(e,t,i)}function Ui(e,t){var r=[Wr(),Wr(),Wr(),Wr()];ai(r[0],ti),ai(r[1],ri),ai(r[2],Yr),di(r[3],ti,ri),Pi(e,r,t)}function Di(e,t,r){var i,n=new Uint8Array(64),s=[Wr(),Wr(),Wr(),Wr()];for(r||$r(t,32),Ai(n,t,32),n[0]&=248,n[31]&=127,n[31]|=64,Ui(s,n),Si(e,s),i=0;i<32;i++)t[i+32]=e[i];return 0}var xi=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Ii(e,t){var r,i,n,s;for(i=63;i>=32;--i){for(r=0,n=i-32,s=i-12;n>4)*xi[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*xi[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function Ci(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Ii(e,r)}function Bi(e,t){var r=Wr(),i=Wr(),n=Wr(),s=Wr(),a=Wr(),o=Wr(),c=Wr();return ai(e[2],Yr),li(e[1],t),fi(n,e[1]),di(s,n,Jr),gi(n,n,e[2]),pi(s,e[2],s),fi(a,s),fi(o,a),di(c,o,a),di(r,c,n),di(r,r,s),function(e,t){var r,i=Wr();for(r=0;r<16;r++)i[r]=t[r];for(r=250;r>=0;r--)fi(i,i),1!==r&&di(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}(r,r),di(r,r,n),di(r,r,s),di(r,r,s),di(e[0],r,s),fi(i,e[0]),di(i,i,s),hi(i,n)&&di(e[0],e[0],ii),fi(i,e[0]),di(i,i,s),hi(i,n)?-1:(yi(e[0])===t[31]>>7&&gi(e[0],Xr,e[0]),di(e[3],e[0],e[1]),0)}var Ti=64;function Mi(){for(var e=0;e=0},Vr.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Di(e,t),{publicKey:e,secretKey:t}},Vr.sign.keyPair.fromSecretKey=function(e){if(Mi(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=Li[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Ri(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ni(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function zi(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function ji(e){return new Uint8Array([192|e])}function Oi(e,t){return F.concatUint8Array([ji(e),Ni(t)])}function Hi(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function _i(e,t){const r=I(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||!(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const o=await r.readByte();let c,u,h=-1,y=-1;y=0,64&o&&(y=1),y?h=63&o:(h=(63&o)>>2,u=3&o);const l=Hi(h);let p,g=null;if(l){if("array"===F.isStream(e)){const e=new s;i=C(e),g=e}else{const e=new TransformStream;i=C(e.writable),g=e.readable}n=t({tag:h,packet:g})}else g=[];do{if(y){const e=await r.readByte();if(p=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),p=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(u){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const s=c===1/0?n:n.subarray(0,c-e);if(i?await i.write(s):g.push(s),e+=n.length,e>=c){r.unshift(n.subarray(c-e+n.length));break}}}}while(p);const d=await r.peekBytes(l?1/0:2);return i?(await i.ready,await i.close()):(g=F.concatUint8Array(g),await t({tag:h,packet:g})),!d||!d.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Gi extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Gi),this.name="UnsupportedError"}}class qi extends Gi{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Gi),this.name="UnknownPacketError"}}class Vi{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function Wi(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(H(i.x)),seed:H(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=Er(Xi(e)),{publicKey:i}=Vr.sign.keyPair.fromSeed(r);return{A:i,seed:r}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function $i(e,t,r,i,n,s){if(be.getHashByteLength(t){if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:_(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},Ji=(e,t,r)=>{if(e===T.publicKey.ed25519){const i=Zi(e,t);return i.d=_(r),i}throw Error("Unsupported EdDSA algorithm")};var en=/*#__PURE__*/Object.freeze({__proto__:null,generate:Wi,getPayloadSize:Xi,getPreferredHashAlgo:Yi,sign:$i,validateParams:async function(e,t,r){switch(e){case T.publicKey.ed25519:{const{publicKey:e}=Vr.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,e)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}},verify:Qi});const tn=F.getWebCrypto();async function rn(e,t,r){const{keySize:i}=re(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await tn.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await tn.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),n=await tn.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(n)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return kt(t).encrypt(r)}async function nn(e,t,r){const{keySize:i}=re(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let n;try{n=await tn.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),kt(t).decrypt(r)}try{const e=await tn.unwrapKey("raw",r,n,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await tn.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}var sn=/*#__PURE__*/Object.freeze({__proto__:null,unwrap:nn,wrap:rn});const an=F.getWebCrypto();async function on(e,t,r,i,n){const s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const a=await an.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await an.deriveBits({name:"HKDF",hash:s,salt:r,info:i},a,8*n);return new Uint8Array(o)}const cn={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function un(e){switch(e){case T.publicKey.x25519:{const e=Er(32),{publicKey:t}=Vr.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}function hn(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function yn(e,t){switch(e){case T.publicKey.x25519:{const r=Er(hn(e)),i=Vr.scalarMult(r,t);pn(i);const{publicKey:n}=Vr.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:n,sharedSecret:i}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),r=e.utils.randomPrivateKey(),i=e.getSharedSecret(r,t);pn(i);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function ln(e,t,r,i){switch(e){case T.publicKey.x25519:{const e=Vr.scalarMult(i,t);return pn(e),e}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(i,t);return pn(e),e}default:throw Error("Unsupported ECDH algorithm")}}function pn(e){let t=0;for(let r=0;r0===s[0]&&Bn(a,r,s.subarray(1),n);if(i&&!F.isStream(i))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:i},n,s){const a=Pn(e.payloadSize,mn[e.name],s),o=await Dn.importKey("jwk",a,{name:"ECDSA",namedCurve:mn[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return Dn.verify({name:"ECDSA",namedCurve:mn[e.name],hash:{name:T.read(T.webHash,t)}},o,c,n)}(a,t,r,i,n);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},n,s){const a=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:bn[e.name],publicKey:o.from(s)}),u=xn.createVerify(T.read(T.hash,t));u.write(n),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(a,t,r,i,n);return e||o()}}return await Bn(a,r,s,n)||o()}async function Bn(e,t,r,i){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var Tn=/*#__PURE__*/Object.freeze({__proto__:null,sign:In,validateParams:async function(e,t,r){const i=new vn(e);if(i.keyType!==T.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=Er(8),n=T.hash.sha256,s=await be.digest(n,i);try{const a=await In(e,n,i,t,r,s);return await Cn(e,n,a,i,t,s)}catch(e){return!1}}default:return An(T.publicKey.ecdsa,e,t,r)}},verify:Cn});var Mn=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,s){if(Kn(new vn(e),i),be.getHashByteLength(t)0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Rn=/*#__PURE__*/Object.freeze({__proto__:null,decode:Fn,encode:Ln});const Nn=F.getWebCrypto(),zn=F.getNodeCrypto();function jn(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),F.stringToUint8Array("Anonymous Sender "),i])}async function On(e,t,r,i,n=!1,s=!1){let a;if(n){for(a=0;a=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await be.digest(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function Hn(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await yn(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=Pn(e.payloadSize,e.web,t);let i=Nn.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=Nn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[i,n]=await Promise.all([i,n]);let s=Nn.deriveBits({name:"ECDH",namedCurve:e.web,public:n},i.privateKey,e.sharedSize),a=Nn.exportKey("jwk",i.publicKey);[s,a]=await Promise.all([s,a]);const o=new Uint8Array(s),c=new Uint8Array(Sn(a,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return F.printDebugError(r),qn(e,t)}break;case"node":return async function(e,t){const r=zn.createECDH(e.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t)),n=new Uint8Array(r.getPublicKey());return{publicKey:n,sharedKey:i}}(e,t);default:return qn(e,t)}}async function _n(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await ln(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const n=Un(e.payloadSize,e.web,r,i);let s=Nn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const a=Pn(e.payloadSize,e.web,t);let o=Nn.importKey("jwk",a,{name:"ECDH",namedCurve:e.web},!0,[]);[s,o]=await Promise.all([s,o]);let c=Nn.deriveBits({name:"ECDH",namedCurve:e.web,public:o},s,e.sharedSize),u=Nn.exportKey("jwk",s);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:H(u.d),sharedKey:h}}(e,t,r,i)}catch(r){return F.printDebugError(r),Gn(e,t,i)}break;case"node":return async function(e,t,r){const i=zn.createECDH(e.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i);default:return Gn(e,t,i)}}async function Gn(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function qn(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:i,privateKey:n}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(n,t).subarray(1)}}var Vn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,i,n,s,a){const o=new vn(e);Kn(o,n),Kn(o,r);const{sharedKey:c}=await _n(o,r,n,s),u=jn(T.publicKey.ecdh,e,t,a),{keySize:h}=re(t.cipher);let y;for(let e=0;e<3;e++)try{const r=await On(t.hash,c,h,u,1===e,2===e);return Fn(await nn(t.cipher,r,i))}catch(e){y=e}throw y},encrypt:async function(e,t,r,i,n){const s=Ln(r),a=new vn(e);Kn(a,i);const{publicKey:o,sharedKey:c}=await Hn(a,i),u=jn(T.publicKey.ecdh,e,t,n),{keySize:h}=re(t.cipher),y=await On(t.hash,c,h,u);return{publicKey:o,wrappedKey:await rn(t.cipher,y,s)}},validateParams:async function(e,t,r){return An(T.publicKey.ecdh,e,t,r)}}),Wn=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:vn,ecdh:Vn,ecdhX:gn,ecdsa:Tn,eddsa:en,eddsaLegacy:Mn,generate:async function(e){const t=new vn(e),{oid:r,hash:i,cipher:n}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:F.leftPad(s.privateKey,t.payloadSize),hash:i,cipher:n}},getPreferredHashAlgo:function(e){return kn[e.getName()].hash}});const $n=BigInt(0),Qn=BigInt(1);var Xn=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,s){const a=BigInt(0);let o,c,u,h;i=pr(i),n=pr(n),r=pr(r),s=pr(s),r=gr(r,i),s=gr(s,n);const y=gr(pr(t.subarray(0,vr(n))),n);for(;;){if(o=Sr(Qn,n),c=gr(dr(r,o,i),n),c===a)continue;const e=gr(s*c,n);if(h=gr(y+e,n),u=gr(mr(o,n)*h,n),u!==a)break}return{r:Ar(c,"be",vr(i)),s:Ar(u,"be",vr(i))}},validateParams:async function(e,t,r,i,n){if(e=pr(e),t=pr(t),r=pr(r),i=pr(i),r<=Qn||r>=e)return!1;if(gr(e-Qn,t)!==$n)return!1;if(dr(r,t,e)!==Qn)return!1;const s=BigInt(kr(t));if(s=a||r<=$n||r>=a)return F.printDebug("invalid DSA Signature"),!1;const c=gr(pr(i.subarray(0,vr(a))),a),u=mr(r,a);if(u===$n)return F.printDebug("invalid DSA Signature"),!1;n=gr(n,s),o=gr(o,s);const h=gr(c*u,a),y=gr(t*u,a);return gr(gr(dr(n,h,s)*dr(o,y,s),s),a)===t}}),Yn={rsa:Hr,elgamal:Gr,elliptic:Wn,dsa:Xn};var Zn=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const i=2*Yn.elliptic.eddsa.getPayloadSize(e),n=F.readExactSubarray(t,r,r+i);return r+=n.length,{read:r,signatureParams:{RS:n}}}default:throw new Gi("Unknown signature algorithm.")}},sign:async function(e,t,r,i,n,s){if(!r||!i)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:u,u:h}=i;return{s:await Yn.rsa.sign(t,n,e,a,o,c,u,h,s)}}case T.publicKey.dsa:{const{g:e,p:n,q:a}=r,{x:o}=i;return Yn.dsa.sign(t,s,e,n,a,o)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=i;return Yn.elliptic.ecdsa.sign(e,t,n,a,o,s)}case T.publicKey.eddsaLegacy:{const{oid:e,Q:a}=r,{seed:o}=i;return Yn.elliptic.eddsaLegacy.sign(e,t,n,a,o,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:a}=r,{seed:o}=i;return Yn.elliptic.eddsa.sign(e,t,n,a,o,s)}default:throw Error("Unknown signature algorithm.")}},verify:async function(e,t,r,i,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=i,o=F.leftPad(r.s,e.length);return Yn.rsa.verify(t,n,o,e,a,s)}case T.publicKey.dsa:{const{g:e,p:n,q:a,y:o}=i,{r:c,s:u}=r;return Yn.dsa.verify(t,c,u,s,e,n,a,o)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Yn.elliptic.CurveWithOID(e).payloadSize,c=F.leftPad(r.r,o),u=F.leftPad(r.s,o);return Yn.elliptic.ecdsa.verify(e,t,{r:c,s:u},n,a,s)}case T.publicKey.eddsaLegacy:{const{oid:e,Q:a}=i,o=new Yn.elliptic.CurveWithOID(e).payloadSize,c=F.leftPad(r.r,o),u=F.leftPad(r.s,o);return Yn.elliptic.eddsaLegacy.verify(e,t,{r:c,s:u},n,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:a}=i;return Yn.elliptic.eddsa.verify(e,t,r,n,a,s)}default:throw Error("Unknown signature algorithm.")}}});class Jn{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class es{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Gi("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class ts{static fromObject({wrappedKey:e,algorithm:t}){const r=new ts;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function rs(e){try{e.getName()}catch(e){throw new Gi("Unknown curve OID")}}function is(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new Yn.elliptic.CurveWithOID(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return Yn.elliptic.eddsa.getPayloadSize(e);case T.publicKey.x25519:case T.publicKey.x448:return Yn.elliptic.ecdhX.getPayloadSize(e);default:throw Error("Unknown elliptic algo")}}var ns=/*#__PURE__*/Object.freeze({__proto__:null,generateParams:function(e,t,r){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return Yn.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:s})=>({privateParams:{d:r,p:i,q:n,u:s},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return Yn.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Fi(e),Q:t}})));case T.publicKey.eddsaLegacy:return Yn.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Fi(e),Q:t}})));case T.publicKey.ecdh:return Yn.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new Fi(e),Q:t,kdfParams:new es({hash:i,cipher:n})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return Yn.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return Yn.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},generateSessionKey:function(e){const{keySize:t}=re(e);return Er(t)},getAEADMode:function(e){const t=T.read(T.aead,e);return hr[t]},getCipherParams:re,getCurvePayloadSize:is,getPreferredCurveHashAlgo:function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return Yn.elliptic.getPreferredHashAlgo(t);case T.publicKey.ed25519:case T.publicKey.ed448:return Yn.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}},getPrefixRandom:async function(e){const{blockSize:t}=re(e),r=await Er(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new Jn;return i.read(t.subarray(r)),{V:e,C:i}}case T.publicKey.x25519:case T.publicKey.x448:{const i=is(e),n=F.readExactSubarray(t,r,r+i);r+=n.length;const s=new ts;return s.read(t.subarray(r)),{ephemeralPublicKey:n,C:s}}default:throw new Gi("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let i=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const n=F.readMPI(t.subarray(i));i+=n.length+2;const s=F.readMPI(t.subarray(i));return i+=s.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:s}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const n=is(e,r.oid);let s=F.readMPI(t.subarray(i));return i+=s.length+2,s=F.leftPad(s,n),{read:i,privateParams:{d:s}}}case T.publicKey.eddsaLegacy:{const n=is(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=F.readMPI(t.subarray(i));return i+=s.length+2,s=F.leftPad(s,n),{read:i,privateParams:{seed:s}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=is(e),n=F.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{seed:n}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=is(e),n=F.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{k:n}}}default:throw new Gi("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=F.readMPI(t.subarray(r));r+=n.length+2;const s=F.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:s}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case T.publicKey.ecdsa:{const e=new Fi;r+=e.read(t),rs(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.eddsaLegacy:{const e=new Fi;if(r+=e.read(t),rs(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.ecdh:{const e=new Fi;r+=e.read(t),rs(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=new es;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const i=F.readExactSubarray(t,r,r+is(e));return r+=i.length,{read:r,publicParams:{A:i}}}default:throw new Gi("Unknown public key encryption algorithm.")}},publicKeyDecrypt:async function(e,t,r,i,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:a}=t,{d:o,p:c,q:u,u:h}=r;return Yn.rsa.decrypt(e,n,a,o,c,u,h,s)}case T.publicKey.elgamal:{const{c1:e,c2:n}=i,a=t.p,o=r.x;return Yn.elgamal.decrypt(e,n,a,o,s)}case T.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:u}=i;return Yn.elliptic.ecdh.decrypt(e,a,c,u.data,s,o,n)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:n}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Yn.elliptic.ecdhX.decrypt(e,a,o.wrappedKey,n,s)}default:throw Error("Unknown public key encryption algorithm.")}},publicKeyEncrypt:async function(e,t,r,i,n){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await Yn.rsa.encrypt(i,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return Yn.elgamal.encrypt(i,e,t,n)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:s}=r,{publicKey:a,wrappedKey:o}=await Yn.elliptic.ecdh.encrypt(e,s,i,t,n);return{V:a,C:new Jn(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:s,wrappedKey:a}=await Yn.elliptic.ecdhX.encrypt(e,i,n);return{ephemeralPublicKey:s,C:ts.fromObject({algorithm:t,wrappedKey:a})}}default:return[]}},serializeParams:function(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448]),i=Object.keys(t).map((i=>{const n=t[i];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(i)},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:s,q:a,u:o}=r;return Yn.rsa.validateParams(e,i,n,s,a,o)}case T.publicKey.dsa:{const{p:e,q:i,g:n,y:s}=t,{x:a}=r;return Yn.dsa.validateParams(e,i,n,s,a)}case T.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:s}=r;return Yn.elgamal.validateParams(e,i,n,s)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=Yn.elliptic[T.read(T.publicKey,e)],{oid:n,Q:s}=t,{d:a}=r;return i.validateParams(n,s,a)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return Yn.elliptic.eddsaLegacy.validateParams(i,e,n)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:i}=t,{seed:n}=r;return Yn.elliptic.eddsa.validateParams(e,i,n)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:n}=r;return Yn.elliptic.ecdhX.validateParams(e,i,n)}default:throw Error("Unknown public key algorithm.")}}});const ss={cipher:ie,hash:be,mode:hr,publicKey:Yn,signature:Zn,random:Pr,pkcs1:Lr,pkcs5:Rn,aesKW:sn};Object.assign(ss,ns);class as extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,as),this.name="Argon2OutOfMemoryError"}}let os,cs;class us{constructor(e=M){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=ss.random.getRandomBytes(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<1048576&&(cs=os(),cs.catch((()=>{}))),n}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new as("Could not allocate required memory for Argon2"):e}}}class hs{constructor(e,t=M){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=ss.random.getRandomBytes(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new Gi("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Gi("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Gi("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,n=0;for(;i>>1|(21845&Ds)<<1;xs=(61680&(xs=(52428&xs)>>>2|(13107&xs)<<2))>>>4|(3855&xs)<<4,Us[Ds]=((65280&xs)>>>8|(255&xs)<<8)>>>1}var Is=function(e,t,r){for(var i=e.length,n=0,s=new ds(t);n>>c]=u}else for(a=new ds(i),n=0;n>>15-e[n]);return a},Cs=new gs(288);for(Ds=0;Ds<144;++Ds)Cs[Ds]=8;for(Ds=144;Ds<256;++Ds)Cs[Ds]=9;for(Ds=256;Ds<280;++Ds)Cs[Ds]=7;for(Ds=280;Ds<288;++Ds)Cs[Ds]=8;var Bs=new gs(32);for(Ds=0;Ds<32;++Ds)Bs[Ds]=5;var Ts=/*#__PURE__*/Is(Cs,9,0),Ms=/*#__PURE__*/Is(Cs,9,1),Ls=/*#__PURE__*/Is(Bs,5,0),Fs=/*#__PURE__*/Is(Bs,5,1),Rs=function(e){for(var t=e[0],r=1;rt&&(t=e[r]);return t},Ns=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},zs=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},js=function(e){return(e+7)/8|0},Os=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var i=new(2==e.BYTES_PER_ELEMENT?ds:4==e.BYTES_PER_ELEMENT?fs:gs)(r-t);return i.set(e.subarray(t,r)),i},Hs=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],_s=function(e,t,r){var i=Error(t||Hs[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,_s),!r)throw i;return i},Gs=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8},qs=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8,e[i+2]|=r>>>16},Vs=function(e,t){for(var r=[],i=0;il&&(l=s[i].s);var p=new ds(l+1),g=Ws(r[h-1],p,0);if(g>t){i=0;var d=0,f=g-t,m=1<t))break;d+=m-(1<>>=f;d>0;){var b=s[i].s;p[b]=0&&d;--i){var k=s[i].s;p[k]==t&&(--p[k],++d)}g=t}return[new gs(p),g]},Ws=function(e,t,r){return-1==e.s?Math.max(Ws(e.l,t,r+1),Ws(e.r,t,r+1)):t[e.s]=r},$s=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new ds(++t),i=0,n=e[0],s=1,a=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==n&&o!=t)++s;else{if(!n&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(n),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(n);s=1,n=e[o]}return[r.subarray(0,i),t]},Qs=function(e,t){for(var r=0,i=0;i>>8,e[n+2]=255^e[n],e[n+3]=255^e[n+1];for(var s=0;s4&&!P[bs[D-1]];--D);var x,I,C,B,T=u+5<<3,M=Qs(n,Cs)+Qs(s,Bs)+a,L=Qs(n,l)+Qs(s,d)+a+14+3*D+Qs(K,P)+(2*K[16]+3*K[17]+7*K[18]);if(T<=M&&T<=L)return Xs(t,h,e.subarray(c,c+u));if(Gs(t,h,1+(L15&&(Gs(t,h,z[E]>>>5&127),h+=z[E]>>>12)}}}else x=Ts,I=Cs,C=Ls,B=Bs;for(E=0;E255){j=i[E]>>>18&31;qs(t,h,x[j+257]),h+=I[j+257],j>7&&(Gs(t,h,i[E]>>>23&31),h+=ms[j]);var O=31&i[E];qs(t,h,C[O]),h+=B[O],O>3&&(qs(t,h,i[E]>>>5&8191),h+=ws[O])}else qs(t,h,x[i[E]]),h+=I[i[E]];return qs(t,h,x[256]),h+I[256]},Zs=/*#__PURE__*/new fs([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),Js=/*#__PURE__*/new gs(0),ea=function(e,t,r,i,n){return function(e,t,r,i,n,s){var a=e.length,o=new gs(i+a+5*(1+Math.ceil(a/7e3))+n),c=o.subarray(i,o.length-n),u=0;if(!t||a<8)for(var h=0;h<=a;h+=65535){var y=h+65535;y>=a&&(c[u>>3]=s),u=Xs(c,u+1,e.subarray(h,y))}else{for(var l=Zs[t-1],p=l>>>13,g=8191&l,d=(1<7e3||P>24576)&&B>423){u=Ys(e,c,0,v,A,K,S,P,D,h-D,u),P=E=S=0,D=h;for(var T=0;T<286;++T)A[T]=0;for(T=0;T<30;++T)K[T]=0}var M=2,L=0,F=g,R=I-C&32767;if(B>2&&x==k(h-R))for(var N=Math.min(p,B)-1,z=Math.min(32767,h),j=Math.min(258,B);R<=z&&--F&&I!=C;){if(e[h+M]==e[h+M-R]){for(var O=0;OM){if(M=O,L=R,O>N)break;var H=Math.min(R,O-2),_=0;for(T=0;T_&&(_=q,C=G)}}}R+=(I=C)-(C=f[I])+32768&32767}if(L){v[P++]=268435456|Ks[M]<<18|Ps[L];var V=31&Ks[M],W=31&Ps[L];S+=ms[V]+ws[W],++A[257+V],++K[W],U=h+M,++E}else v[P++]=e[h],++A[e[h]]}}u=Ys(e,c,s,v,A,K,S,P,D,h-D,u),!s&&7&u&&(u=Xs(c,u+1,Js))}return Os(o,0,i+js(u)+n)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,i,!n)},ta=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(ea(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||_s(5),this.d&&_s(4),this.d=t,this.p(e,t||!1)},e}(),ra=/*#__PURE__*/function(){function e(e){this.s={},this.p=new gs(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||_s(5),this.d&&_s(4);var t=this.p.length,r=new gs(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var i=e.length;if(!i||r&&r.f&&!r.l)return t||new gs(0);var n=!t||r,s=!r||r.i;r||(r={}),t||(t=new gs(3*i));var a=function(e){var r=t.length;if(e>r){var i=new gs(Math.max(2*r,e));i.set(t),t=i}},o=r.f||0,c=r.p||0,u=r.b||0,h=r.l,y=r.d,l=r.m,p=r.n,g=8*i;do{if(!h){o=Ns(e,c,1);var d=Ns(e,c+1,3);if(c+=3,!d){var f=e[(U=js(c)+4)-4]|e[U-3]<<8,m=U+f;if(m>i){s&&_s(0);break}n&&a(u+f),t.set(e.subarray(U,m),u),r.b=u+=f,r.p=c=8*m,r.f=o;continue}if(1==d)h=Ms,y=Fs,l=9,p=5;else if(2==d){var w=Ns(e,c,31)+257,b=Ns(e,c+10,15)+4,k=w+Ns(e,c+5,31)+1;c+=14;for(var v=new gs(k),A=new gs(19),K=0;K>>4)<16)v[K++]=U;else{var x=0,I=0;for(16==U?(I=3+Ns(e,c,3),c+=2,x=v[K-1]):17==U?(I=3+Ns(e,c,7),c+=3):18==U&&(I=11+Ns(e,c,127),c+=7);I--;)v[K++]=x}}var C=v.subarray(0,w),B=v.subarray(w);l=Rs(C),p=Rs(B),h=Is(C,l,1),y=Is(B,p,1)}else _s(1);if(c>g){s&&_s(0);break}}n&&a(u+131072);for(var T=(1<>>4;if((c+=15&x)>g){s&&_s(0);break}if(x||_s(2),F<256)t[u++]=F;else{if(256==F){L=c,h=null;break}var R=F-254;if(F>264){var N=ms[K=F-257];R=Ns(e,c,(1<>>4;if(z||_s(3),c+=15&z,B=Ss[j],j>3&&(N=ws[j],B+=zs(e,c)&(1<g){s&&_s(0);break}n&&a(u+131072);for(var O=u+R;u>16),n=(65535&n)+15*(n>>16)}r=t,i=n},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(i%=65521))<<8|i>>>8}}),this.v=1,ta.call(this,e,t)}return e.prototype.push=function(e,t){ta.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=ea(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=i<<6|(i?32-2*i:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),na=/*#__PURE__*/function(){function e(e){this.v=1,ra.call(this,e)}return e.prototype.push=function(e,t){if(ra.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&_s(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),ra.prototype.c.call(this,t)},e}(),sa="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{sa.decode(Js,{stream:!0}),1}catch(e){}class aa{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?E(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await A(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();a(i)&&(i=await U(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class oa{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new oa;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new oa;return e.read(new Uint8Array(8)),e}}const ca=Symbol("verified"),ua="salt@notations.openpgpjs.org",ha=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class ya{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new oa,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ca]=null}read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Gi("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Gi(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:n,signatureParams:s}=ss.signature.parseSignatureParams(this.publicKeyAlgorithm,i);if(nss.serializeParams(this.publicKeyAlgorithm,await this.params))):ss.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,n){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=pa(this.hashAlgorithm);if(null===this.salt)this.salt=ss.random.getRandomBytes(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(n.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===ua)).length)throw Error("Unexpected existing salt notation");{const e=ss.random.getRandomBytes(pa(this.hashAlgorithm));this.rawNotations.push({name:ua,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(s);const a=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,a,i);this.signedHashValue=P(K(o),0,2);const c=async()=>ss.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await U(o));F.isStream(o)?this.params=c():(this.params=await c(),this[ca]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(la(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(la(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(la(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(la(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(la(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(la(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(la(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(la(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(la(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(la(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(n.length,2)),r.push(o),r.push(n),r=F.concat(r),t.push(la(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(la(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(la(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(la(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(la(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(la(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(la(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(la(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(la(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(la(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(la(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(la(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(la(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(la(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(la(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(la(e.preferredCipherSuites,!1,r)));const i=F.concat(t),n=F.writeNumber(i.length,6===this.version?4:2);return F.concat([n,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>la(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)}),ha.has(n)))switch(n){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.readNumber(e.subarray(r,r+2));r+=2;const a=F.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:i}),t&&(this.notations[a]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=ss.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new ya,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==pa(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),ss.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,s=M){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===T.signature.binary||t===T.signature.text;if(!(this[ca]&&!a)){let i,s;if(this.hashed?s=await this.hashed:(i=this.toHash(t,r,n),s=await this.hash(t,r,i)),s=await U(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[ca]=await ss.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,i,s),!this[ca])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&tya.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function da(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new qi("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ga.prototype.hash=ya.prototype.hash,ga.prototype.toHash=ya.prototype.toHash,ga.prototype.toSign=ya.prototype.toSign;class fa extends Array{static async fromBinary(e,t,r=M){const i=new fa;return await i.read(e,t,r),i}async read(e,t,r=M){r.additionalAllowedPackets.length&&(t={...t,...F.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=v(e,(async(e,i)=>{const n=C(i);try{for(;;){await n.ready;if(await _i(e,(async e=>{try{if(e.tag===T.packet.marker||e.tag===T.packet.trust||e.tag===T.packet.padding)return;const i=da(e.tag,t);i.packets=new fa,i.fromStream=F.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){if(t instanceof qi){if(!(e.tag<=39))return;await n.abort(t)}const i=!r.ignoreUnsupportedPackets&&t instanceof Gi,s=!(r.ignoreMalformedPackets||t instanceof Gi);if(i||s||Hi(e.tag))await n.abort(t);else{const t=new Vi(e.tag,e.packet);await n.write(t)}F.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=I(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||Hi(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),n+=e.length,n>=s){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=F.concat([zi(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ni(n)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(k(K(i),(e=>{t+=e.length}),(()=>Oi(r,t))))}else e.push(Oi(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new fa,r=e=>t=>e===t;for(let i=0;it.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=M){const t=T.read(T.compression,this.algorithm),r=Ka[t];if(!r)throw Error(t+" decompression not supported");this.packets=await fa.fromBinary(await r(this.compressed),ma,e)}compress(){const e=T.read(T.compression,this.algorithm),t=Aa[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ba(e,t){return r=>{if(!F.isStream(r)||a(r))return x((()=>U(r).then((e=>new Promise(((r,i)=>{const n=new t;n.ondata=e=>{r(e)};try{n.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),n=new t;return new ReadableStream({async start(e){for(n.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void n.push(new Uint8Array,!0);t.length&&n.push(t)}}})}}function ka(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return x((async()=>t(await U(e))))}}const va=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Aa={zip:/*#__PURE__*/ba(va("deflate-raw").compressor,ta),zlib:/*#__PURE__*/ba(va("deflate").compressor,ia)},Ka={uncompressed:e=>e,zip:/*#__PURE__*/ba(va("deflate-raw").decompressor,ra),zlib:/*#__PURE__*/ba(va("deflate").decompressor,na),bzip2:/*#__PURE__*/ka()},Ea=/*#__PURE__*/F.constructAllowedPackets([aa,wa,ga,ya]);class Sa{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Sa;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await A(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Gi(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=M){const{blockSize:i,keySize:n}=ss.getCipherParams(e);if(t.length!==n)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await U(s)),2===this.version)this.cipherAlgorithm=e,this.salt=ss.random.getRandomBytes(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Pa(this,"encrypt",t,s);else{const n=await ss.getPrefixRandom(e),a=new Uint8Array([211,20]),o=F.concat([n,s,a]),c=await ss.hash.sha1(E(o)),u=F.concat([o,c]);this.encrypted=await ss.mode.cfb.encrypt(e,t,u,new Uint8Array(i),r)}return!0}async decrypt(e,t,r=M){if(t.length!==ss.getCipherParams(e).keySize)throw Error("Unexpected session key size");let i,n=K(this.encrypted);if(a(n)&&(n=await U(n)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await Pa(this,"decrypt",t,n)}else{const{blockSize:s}=ss.getCipherParams(e),a=await ss.mode.cfb.decrypt(e,t,n,new Uint8Array(s)),o=P(E(a),-20),c=P(a,0,-20),u=Promise.all([U(await ss.hash.sha1(E(c))),U(o)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),h=P(c,s+2);i=P(h,0,-2),i=f([i,x((()=>u))]),F.isStream(n)&&r.allowUnauthenticatedStream||(i=await U(i))}return this.packets=await fa.fromBinary(i,Ea,r),!0}}async function Pa(e,t,r,i){const n=e instanceof Sa&&2===e.version,s=!n&&e.constructor.tag===T.packet.aeadEncryptedData;if(!n&&!s)throw Error("Unexpected packet type");const a=ss.getAEADMode(e.aeadAlgorithm),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=s?8:0,y=new ArrayBuffer(13+h),l=new Uint8Array(y,0,5+h),p=new Uint8Array(y),g=new DataView(y),d=new Uint8Array(y,5,8);l.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,k=Promise.resolve(),A=0,K=0;if(n){const{keySize:t}=ss.getCipherParams(e.cipherAlgorithm),{ivLength:i}=a,n=new Uint8Array(y,0,5),s=await on(T.hash.sha256,r,e.salt,n,t+i);r=s.subarray(0,t),f=s.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await a(e.cipherAlgorithm,r);return v(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const s=I(r),a=C(i);try{for(;;){let e=await s.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,y,m;if(e=e.subarray(0,e.length-o),n)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=d[e]}if(!b||e.length?(s.unshift(r),i=E[t](e,m,l),i.catch((()=>{})),K+=e.length-o+c):(g.setInt32(5+h+4,A),i=E[t](r,m,p),i.catch((()=>{})),K+=c,y=!0),A+=e.length-o,k=k.then((()=>i)).then((async e=>{await a.ready,await a.write(e),K-=e.length})).catch((e=>a.abort(e))),(y||K>a.desiredSize)&&await k,y){await a.close();break}n?w.setInt32(f.length-4,++b):g.setInt32(9,++b)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const Ua=/*#__PURE__*/F.constructAllowedPackets([aa,wa,ga,ya]);class Da{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await A(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Gi(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=ss.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=M){this.packets=await fa.fromBinary(await Pa(this,"decrypt",t,K(this.encrypted)),Ua,r)}async encrypt(e,t,r=M){this.cipherAlgorithm=e;const{ivLength:i}=ss.getAEADMode(this.aeadAlgorithm);this.iv=ss.random.getRandomBytes(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await Pa(this,"encrypt",t,n)}}class xa{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new oa,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:n}){const s=new xa;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?oa.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=i,s.sessionKeyAlgorithm=n,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Gi(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=oa.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=ss.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t)),this.publicKeyAlgorithm===T.publicKey.x25519||this.publicKeyAlgorithm===T.publicKey.x448)if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),ss.serializeParams(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=Ia(this.version,t,r,this.sessionKey);this.encrypted=await ss.publicKeyEncrypt(t,r,e.publicParams,n,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ia(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=await ss.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:{const t=r.subarray(0,r.length-2),n=r.subarray(r.length-2),s=F.writeChecksum(t.subarray(t.length%8)),a=s[0]===n[0]&s[1]===n[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=a&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(a&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,n,t);if(3===this.version){const e=this.publicKeyAlgorithm!==T.publicKey.x25519&&this.publicKeyAlgorithm!==T.publicKey.x448;if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==ss.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ia(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:return i;default:throw Error("Unsupported public key algorithm")}}class Ca{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=M){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Gi(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=ls(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=ss.getAEADMode(this.aeadAlgorithm);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t=5){const e=ss.getAEADMode(this.aeadAlgorithm),r=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await on(T.hash.sha256,n,new Uint8Array,r,i):n,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await ss.mode.cfb.decrypt(t,n,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==ss.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=n}async encrypt(e,t=M){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=ps(t),this.s2k.generateSalt();const{blockSize:i,keySize:n}=ss.getCipherParams(r),s=await this.s2k.produceKey(e,n);if(null===this.sessionKey&&(this.sessionKey=ss.generateSessionKey(this.sessionKeyAlgorithm)),this.version>=5){const e=ss.getAEADMode(this.aeadAlgorithm);this.iv=ss.random.getRandomBytes(e.ivLength);const t=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await on(T.hash.sha256,s,new Uint8Array,t,n):s,a=await e(r,i);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await ss.mode.cfb.encrypt(r,s,e,new Uint8Array(i),t)}}}class Ba{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=M){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ba,{version:r,created:i,algorithm:n,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Gi("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=ss.parsePublicKeyParams(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===T.curve.curve25519Legacy||i.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Gi(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=ss.serializeParams(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new oa,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await ss.hash.sha256(e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await ss.hash.sha1(e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid&&(e.curve=this.publicParams.oid.getName()),e}}Ba.prototype.readPublicKey=Ba.prototype.read,Ba.prototype.writePublicKey=Ba.prototype.write;const Ta=/*#__PURE__*/F.constructAllowedPackets([aa,wa,ga,ya]);class Ma{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=M){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=ss.getCipherParams(e),n=await U(K(this.encrypted)),s=await ss.mode.cfb.decrypt(e,t,n.subarray(i+2),n.subarray(2,i+2));this.packets=await fa.fromBinary(s,Ta,r)}async encrypt(e,t,r=M){const i=this.packets.write(),{blockSize:n}=ss.getCipherParams(e),s=await ss.getPrefixRandom(e),a=await ss.mode.cfb.encrypt(e,t,s,new Uint8Array(n),r),o=await ss.mode.cfb.encrypt(e,t,i,a.subarray(2),r);this.encrypted=F.concat([a,o])}}class La{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Fa extends Ba{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Fa,{version:r,created:i,algorithm:n,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Ra{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function za(e,t,r,i,n,s,a){if("argon2"===t.type&&!n)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=ss.getCipherParams(i),c=await t.produceKey(r,o);if(!n||5===e||a)return c;const u=F.concatUint8Array([s,new Uint8Array([e,i,n])]);return on(T.hash.sha256,c,new Uint8Array,u,o)}class ja{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new ja;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=M){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=/^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/.exec(r);if(null!==i){const{name:e,comment:t,email:r}=i.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Oa extends Na{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=M){super(e,t)}}class Ha{static get tag(){return T.packet.trust}read(){throw new Gi("Trust packets are not supported")}write(){throw new Gi("Trust packets are not supported")}}class _a{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await ss.random.getRandomBytes(e)}}const Ga=/*#__PURE__*/F.constructAllowedPackets([ya]);class qa{constructor(e){this.packets=e||new fa}write(){return this.packets.write()}armor(e=M){const t=this.packets.some((e=>e.constructor.tag===ya.tag&&6!==e.version));return Z(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Va({armoredSignature:e,binarySignature:t,config:r,...i}){r={...M,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await Y(n);if(e!==T.armor.signature)throw Error("Armored text not of type signature");n=t}const a=await fa.fromBinary(n,Ga,r);return new qa(a)}async function Wa(e,t){const r=new Oa(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function $a(e,t){const r=new Na(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Qa(e,t,r,i,n=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,i,n,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Xa(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=to(e,t);return!(e.created<=i&&i0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await Za(n,[],t,s,r.date,void 0,void 0,void 0,i)}async function Za(e,t,r,i,n,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new ya;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await async function(e,t,r=new Date,i=[],n){const s=T.hash.sha256,a=n.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],n)).preferredHashAlgorithms))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===s,h=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>ss.hash.getHashByteLength(e)-ss.hash.getHashByteLength(t)))[0];return ss.hash.getHashByteLength(e)>=ss.hash.getHashByteLength(s)?e:s};if(new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]).has(t.algorithm)){const e=ss.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid),r=u(a),i=ss.hash.getHashByteLength(a)>=ss.hash.getHashByteLength(e);if(r&&i)return a;{const t=h();return ss.hash.getHashByteLength(t)>=ss.hash.getHashByteLength(e)?t:e}}return u(a)?a:h()}(t,r,n,s,c),u.rawNotations=[...a],await u.sign(r,e,n,o,c),u}async function Ja(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function eo(e,t,r,i,n,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!n||e.issuerKeyID.equals(n.issuerKeyID)){const i=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,i?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function to(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function ro(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function io(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function no(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function so(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage));default:return!1}}function ao(e,t){const r=T.write(T.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(i.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,s.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,T.signature.certGeneric,a,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(i,T.signature.certGeneric,n,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await Ja(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,T.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await Ja(e,this,"otherCertifications",t),await Ja(e,this,"revocationSignatures",t,(function(e){return eo(i,T.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=M){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new oo(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await Za(s,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await a.update(this),a}}class co{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new fa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new co(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=M){const n=this.mainKey.keyPacket;return eo(n,T.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=M){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await Qa(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Xa(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=M){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await Qa(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t)}catch(e){return null}const s=to(this.keyPacket,n),a=n.getExpirationTime();return sn.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,T.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await Ja(e,this,"revocationSignatures",t,(function(e){return eo(i,T.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=M){const s={key:e,bind:this.keyPacket},a=new co(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await Za(s,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{co.prototype[e]=function(){return this.keyPacket[e]()}}));const uo=/*#__PURE__*/F.constructAllowedPackets([ya]),ho=new Set([T.packet.publicKey,T.packet.privateKey]),yo=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class lo{packetListToStructure(e,t=new Set){let r,i,n,s;for(const a of e){if(a instanceof Vi){yo.has(a.tag)&&!s&&(s=ho.has(a.tag)?ho:yo);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new oo(a,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,n=new co(a,this),this.subkeys.push(n);break;case T.packet.signature:switch(a.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(i)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case T.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case T.signature.key:this.directSignatures.push(a);break;case T.signature.subkeyBinding:if(!n){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(a);break;case T.signature.keyRevocation:this.revocationSignatures.push(a);break;case T.signature.subkeyRevocation:if(!n){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(a)}}}}toPacketList(){const e=new fa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=M){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{ao(n,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},s=await Qa(r.bindingSignatures,n,T.signature.subkeyBinding,e,t,i);if(!io(r.keyPacket,s,i))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await Qa([s.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,i),ao(r.keyPacket,i),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&io(n,s,i))return ao(n,i),this}catch(e){a=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},i=M){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{ao(n,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},s=await Qa(r.bindingSignatures,n,T.signature.subkeyBinding,e,t,i);if(no(r.keyPacket,s,i))return ao(r.keyPacket,i),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&no(n,s,i))return ao(n,i),this}catch(e){a=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,i=M){return eo(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=M){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Xa(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Qa(this.directSignatures,i,T.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Xa(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=M){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),n=to(this.keyPacket,i),s=i.getExpirationTime(),a=6!==this.keyPacket.version&&await Qa(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=to(this.keyPacket,a);r=Math.min(n,s,e)}else r=ne.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Ja(e,i,"revocationSignatures",t,(n=>eo(i.keyPacket,T.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await Ja(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=M){const r={key:this.keyPacket},i=await Qa(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),n=new fa;n.push(i);const s=6!==this.keyPacket.version;return Z(T.armor.publicKey,n.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=M){const i=await Y(e),n=(await fa.fromBinary(i.data,uo,r)).findPacket(T.packet.signature);if(!n||n.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(n),s}async signPrimaryUser(e,t,r,i=M){const{index:n,user:s}=await this.getPrimaryUser(t,r,i),a=await s.certify(e,t,i),o=this.clone();return o.users[n]=a,o}async signAllUsers(e,t=new Date,r=M){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=M){const n=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,i);return e?await s.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await s.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=M){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];n.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{lo.prototype[e]=co.prototype[e]}));class po extends lo{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=M){const t=6!==this.keyPacket.version;return Z(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class go extends po{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new fa,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case T.packet.secretKey:{const t=Ba.fromSecretKeyPacket(r);e.push(t);break}case T.packet.secretSubkey:{const t=Fa.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new po(e)}armor(e=M){const t=6!==this.keyPacket.version;return Z(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=M){const n=this.keyPacket,s=[];let a=null;for(let r=0;re.isDecrypted()))}async validate(e=M){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=M){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await Za(n,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),s}async addSubkey(e={}){const t={...M,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}function a(){const e={};e.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const t=s([T.symmetric.aes256,T.symmetric.aes128],i.preferredSymmetricAlgorithm);if(e.preferredSymmetricAlgorithms=t,i.aeadProtect){const r=s([T.aead.gcm,T.aead.eax,T.aead.ocb],i.preferredAEADAlgorithm);e.preferredCipherSuites=r.flatMap((e=>t.map((t=>[t,e]))))}return e.preferredHashAlgorithms=s([T.hash.sha256,T.hash.sha512,T.hash.sha3_256,T.hash.sha3_512],i.preferredHashAlgorithm),e.preferredCompressionAlgorithms=s([T.compression.uncompressed,T.compression.zlib,T.compression.zip],i.preferredCompressionAlgorithm),e.features=[0],e.features[0]|=T.features.modificationDetection,i.aeadProtect&&(e.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(e.keyExpirationTime=r.keyExpirationTime,e.keyNeverExpires=!1),e}if(n.push(e),6===e.version){const t={key:e},s=a();s.signatureType=T.signature.key;const o=await Za(t,[],e,s,r.date,void 0,void 0,void 0,i);n.push(o)}await Promise.all(r.userIDs.map((async function(t,n){const s=ja.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=T.signature.certPositive,0===n&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await Za(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const s=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ya(t,e,s,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const o={key:e};return n.push(await Za(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new go(n)}async function bo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...M,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let s;if(e){const{type:t,data:r}=await Y(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await fa.fromBinary(s,fo,r),o=a.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return mo(a.slice(o[0],o[1]))}async function ko({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...M,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let s;if(e){const{type:t,data:r}=await Y(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await fa.fromBinary(s,fo,r),o=a.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await Y(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");n=r}const a=[],o=await fa.fromBinary(n,fo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=M){const s=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,n);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!a.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||T.write(T.symmetric,e);await a.decrypt(r,t,n)}catch(e){F.printDebugError(e),u=e}})));if(D(a.encrypted),a.encrypted=null,await h,!a.packets||!a.packets.length)throw u||Error("Decryption failed.");const y=new Po(a.packets);return a.packets=new fa,y}async decryptSessionKeys(e,t,r,i=new Date,n=M){let s,a=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await fa.fromBinary(e.write(),Eo,n):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){F.printDebugError(e),e instanceof as&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,n)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,n);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(n.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(n.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new xa;r.read(i);const n={sessionKeyAlgorithm:t,sessionKey:ss.generateSessionKey(t)};try{await r.decrypt(e,n),a.push(r)}catch(e){F.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(T.write(T.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){F.printDebugError(e),s=e}})))}))),D(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=M){const{symmetricAlgo:n,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],i=M){const n=await Promise.all(e.map(((e,n)=>e.getPrimarySelfSignature(t,r[n],i))));if(e.length?n.every((e=>e.features&&e.features[0]&T.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(n.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=T.symmetric.aes128,a=i.preferredSymmetricAlgorithm;return{symmetricAlgo:n.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,i),a=T.read(T.symmetric,n),o=s?T.read(T.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ss.generateSessionKey(n),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,n=[],s=new Date,a=[],o=M){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Po.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Po.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,y=await Po.encryptSessionKey(c,u,h,e,t,i,n,s,a,o),l=Sa.fromObject({version:h?2:1,aeadAlgorithm:h?T.write(T.aead,h):null});l.packets=this.packets;const p=T.write(T.symmetric,u);return await l.encrypt(p,c,o),y.packets.push(l),l.packets=new fa,y}static async encryptSessionKey(e,t,r,i,n,s=!1,a=[],o=new Date,c=[],u=M){const h=new fa,y=T.write(T.symmetric,t),l=r&&T.write(T.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(a[r],o,c,u),n=xa.fromObject({version:l?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:y});return await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,s,a,o){const c=new Ca(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(n.map((t=>i(e,y,l,t))));h.push(...s)}return new Po(h)}async sign(e=[],t=[],r=null,i=[],n=new Date,s=[],a=[],o=[],c=M){const u=new fa,h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const y=await Uo(h,e,t,r,i,n,s,a,o,!1,c),l=y.map(((e,t)=>ga.fromSignaturePacket(e,0===t))).reverse();return u.push(...l),u.push(h),u.push(...y),new Po(u)}compress(e,t=M){if(e===T.compression.uncompressed)return this;const r=new wa(t);r.algorithm=e,r.packets=this.packets;const i=new fa;return i.push(r),new Po(i)}async signDetached(e=[],t=[],r=null,i=[],n=[],s=new Date,a=[],o=[],c=M){const u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new qa(await Uo(u,e,t,r,i,n,s,a,o,!0,c))}async verify(e,t=new Date,r=M){const i=this.unwrapCompressed(),n=i.packets.filterByTag(T.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");a(i.packets.stream)&&i.packets.push(...await U(i.packets.stream,(e=>e||[])));const s=i.packets.filterByTag(T.packet.onePassSignature).reverse(),o=i.packets.filterByTag(T.packet.signature);return s.length&&!o.length&&F.isStream(i.packets.stream)&&!a(i.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=x((async()=>(await e.correspondingSig).signatureData)),e.hashed=U(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=v(i.packets.stream,(async(e,t)=>{const r=I(e),i=C(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await i.abort(e)}})),Do(s,n,e,t,!1,r)):Do(o,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=M){const n=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return Do(e.packets.filterByTag(T.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Po(e[0].packets):this}async appendSignature(e,t=M){await this.packets.read(F.isUint8Array(e)?e:(await Y(e)).data,So,t)}write(){return this.packets.write()}armor(e=M){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Sa.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===ya.tag&&6!==e.version));return Z(T.armor.message,this.write(),null,null,null,r,e)}}async function Uo(e,t,r=[],i=null,n=[],s=new Date,a=[],o=[],c=[],u=!1,h=M){const y=new fa,l=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,i)=>{const y=a[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(n[i],s,y,h);return Za(e,r.length?r:[t],p.keyPacket,{signatureType:l},s,o,c,u,h)}))).then((e=>{y.push(...e)})),i){const e=i.packets.filterByTag(T.packet.signature);y.push(...e)}return y}async function Do(e,t,r,i=new Date,n=!1,s=M){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,s=M){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof ga?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),i,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new fa;return e&&t.push(e),new qa(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,s)})))}async function xo({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...M,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));const a=F.isStream(n);if(e){const{type:e,data:t}=await Y(n);if(e!==T.armor.message)throw Error("Armored text not of type message");n=t}const o=await fa.fromBinary(n,Ko,r),c=new Po(o);return c.fromStream=a,c}async function Io({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(a),u=new aa(i);void 0!==e?u.setText(a,T.write(T.literal,n)):u.setBytes(a,T.write(T.literal,n)),void 0!==r&&u.setFilename(r);const h=new fa;h.push(u);const y=new Po(h);return y.fromStream=c,y}const Co=/*#__PURE__*/F.constructAllowedPackets([ya]);class Bo{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof qa))throw Error("Invalid signature input");this.signature=t||new qa(new fa)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],n=new Date,s=[],a=[],o=[],c=M){const u=new aa;u.setText(this.text);const h=new qa(await Uo(u,e,t,r,i,n,s,a,o,!0,c));return new Bo(this.text,h)}verify(e,t=new Date,r=M){const i=this.signature.packets.filterByTag(T.packet.signature),n=new aa;return n.setText(this.text),Do(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=M){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Z(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function To({cleartextMessage:e,config:t,...r}){if(t={...M,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await Y(e);if(n.type!==T.armor.signed)throw Error("No cleartext signed message.");const s=await fa.fromBinary(n.data,Co,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(n.headers,s);const a=new qa(s);return new Bo(n.text,a)}async function Mo({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Bo(e)}async function Lo({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:n=4096,keyExpirationTime:s=0,date:a=new Date,subkeys:o=[{}],format:c="armored",config:u,...h}){Yo(u={...M,...u}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=u.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=Zo(e);const y=Object.keys(h);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(0===e.length&&!u.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&nro(e.subkeys[r],e)));let r=[$a(e,t)];r=r.concat(e.subkeys.map((e=>Wa(e,t))));const i=await Promise.all(r),n=await wo(i[0],i.slice(1),e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s}}(l,u);return e.getKeys().forEach((({keyPacket:e})=>ao(e,u))),{privateKey:tc(e,c,u),publicKey:tc(e.toPublic(),c,u),revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function Fo({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:s="armored",config:a,...o}){Yo(a={...M,...a}),t=Zo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},s=await Qa(e.bindingSignatures,i,T.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&T.keyFlags.signData}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await wo(i,n,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,a);return{privateKey:tc(e,s,a),publicKey:tc(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Ro({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:s,...a}){Yo(s={...M,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,i,s):await e.revoke(r,i,s);return a.isPrivate()?{privateKey:tc(a,n,s),publicKey:tc(a.toPublic(),n,s)}:{privateKey:null,publicKey:tc(a,n,s)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function No({privateKey:e,passphrase:t,config:r,...i}){Yo(r={...M,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=F.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>F.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function zo({privateKey:e,passphrase:t,config:r,...i}){Yo(r={...M,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=F.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function jo({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:y=[],encryptionUserIDs:l=[],signatureNotations:p=[],config:g,...d}){if(Yo(g={...M,...g}),Wo(e),Qo(s),t=Zo(t),r=Zo(r),i=Zo(i),c=Zo(c),u=Zo(u),y=Zo(y),l=Zo(l),p=Zo(p),d.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(d.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==d.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,h,y,u,p,g)),e=e.compress(await async function(e=[],t=new Date,r=[],i=M){const n=T.compression.uncompressed,s=i.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,n){const a=(await e.getPrimarySelfSignature(t,r[n],i)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:n}(t,h,l,g),g),e=await e.encrypt(t,i,n,o,u,h,l,g),"object"===s)return e;const d="armored"===s?e.armor(g):e.write();return await Jo(d)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function Oo({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Yo(u={...M,...u}),Wo(e),n=Zo(n),t=Zo(t),r=Zo(r),i=Zo(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const y=Object.keys(h);if(y.length>0)throw Error("Unknown option: "+y.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const y={};if(y.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),y.data="binary"===a?h.getLiteralData():h.getText(),y.filename=h.getFilename(),ec(y,e),s){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===y.signatures.length)throw Error("Message is not signed");y.data=f([y.data,x((async()=>{await F.anyPromise(y.signatures.map((e=>e.verified)))}))])}return y.data=await Jo(y.data),y}catch(e){throw F.wrapError("Error decrypting message",e)}}async function Ho({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:n=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...y}){if(Yo(h={...M,...h}),$o(e),Qo(i),t=Zo(t),s=Zo(s),o=Zo(o),r=Zo(r),c=Zo(c),u=Zo(u),y.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==y.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const l=Object.keys(y);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(e instanceof Bo&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Bo&&n)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let y;if(y=n?await e.signDetached(t,r,void 0,s,a,o,c,u,h):await e.sign(t,r,void 0,s,a,o,c,u,h),"object"===i)return y;return y="armored"===i?y.armor(h):y.write(),n&&(y=v(e.packets.write(),(async(e,t)=>{await Promise.all([m(y,t),U(e).catch((()=>{}))])}))),await Jo(y)}catch(e){throw F.wrapError("Error signing message",e)}}async function _o({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:s=new Date,config:a,...o}){if(Yo(a={...M,...a}),$o(e),t=Zo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Bo&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Bo&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,s,a):await e.verify(t,s,a),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&ec(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=f([o.data,x((async()=>{await F.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Jo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function Go({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Yo(i={...M,...i}),e=Zo(e),r=Zo(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Po.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function qo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...y}){if(Yo(h={...M,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Qo(s),i=Zo(i),n=Zo(n),o=Zo(o),u=Zo(u),y.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const l=Object.keys(y);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return tc(await Po.encryptSessionKey(e,t,r,i,n,a,o,c,u,h),s,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function Vo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...s}){if(Yo(n={...M,...n}),Wo(e),t=Zo(t),r=Zo(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,n)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function Wo(e){if(!(e instanceof Po))throw Error("Parameter [message] needs to be of type Message")}function $o(e){if(!(e instanceof Bo||e instanceof Po))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Qo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Xo=Object.keys(M).length;function Yo(e){const t=Object.keys(e);if(t.length!==Xo)for(const e of t)if(void 0===M[e])throw Error("Unknown config property: "+e)}function Zo(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Jo(e){return"array"===F.isStream(e)?U(e):e}function ec(e,t){e.data=v(t.packets.stream,(async(t,r)=>{await m(e.data,r,{preventClose:!0});const i=C(r);try{await U(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function tc(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Da as AEADEncryptedDataPacket,Bo as CleartextMessage,wa as CompressedDataPacket,aa as LiteralDataPacket,La as MarkerPacket,Po as Message,ga as OnePassSignaturePacket,fa as PacketList,_a as PaddingPacket,go as PrivateKey,po as PublicKey,xa as PublicKeyEncryptedSessionKeyPacket,Ba as PublicKeyPacket,Fa as PublicSubkeyPacket,Na as SecretKeyPacket,Oa as SecretSubkeyPacket,qa as Signature,ya as SignaturePacket,co as Subkey,Sa as SymEncryptedIntegrityProtectedDataPacket,Ca as SymEncryptedSessionKeyPacket,Ma as SymmetricallyEncryptedDataPacket,Ha as TrustPacket,Vi as UnparseablePacket,Ra as UserAttributePacket,ja as UserIDPacket,Z as armor,M as config,Mo as createCleartextMessage,Io as createMessage,Oo as decrypt,No as decryptKey,Vo as decryptSessionKeys,jo as encrypt,zo as encryptKey,qo as encryptSessionKey,T as enums,Lo as generateKey,Go as generateSessionKey,To as readCleartextMessage,bo as readKey,vo as readKeys,xo as readMessage,ko as readPrivateKey,Ao as readPrivateKeys,Va as readSignature,Fo as reformatKey,Ro as revokeKey,Ho as sign,Y as unarmor,_o as verify}; //# sourceMappingURL=openpgp.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs.map index 9ae210e9f..426a35f1a 100644 --- a/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs.map +++ b/app/node_modules/openpgp/dist/lightweight/openpgp.min.mjs.map @@ -1 +1 @@ -{"version":3,"file":"openpgp.min.mjs","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/node-conversions.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/biginteger/native.interface.js","../../src/biginteger/index.js","../../src/enums.js","../../src/util.js","../../src/encoding/base64.js","../../src/config/config.js","../../src/encoding/armor.js","../../src/type/keyid.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/utils.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/errors.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ecb.js","../../src/crypto/cipher/aes.js","../../src/crypto/cipher/des.js","../../src/crypto/cipher/cast5.js","../../src/crypto/cipher/twofish.js","../../src/crypto/cipher/blowfish.js","../../src/crypto/cipher/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/hash.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.asm.js","../../node_modules/minimalistic-assert/index.js","../../node_modules/inherits/inherits_browser.js","../../node_modules/hash.js/lib/hash/utils.js","../../node_modules/hash.js/lib/hash/common.js","../../node_modules/hash.js/lib/hash/sha/common.js","../../node_modules/hash.js/lib/hash/sha/256.js","../../node_modules/hash.js/lib/hash/sha/224.js","../../node_modules/hash.js/lib/hash/sha/512.js","../../node_modules/hash.js/lib/hash/sha/384.js","../../node_modules/hash.js/lib/hash/ripemd.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cfb.js","../../src/crypto/cipher/getCipher.js","../../src/crypto/mode/cfb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ctr.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cbc.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/gcm.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../node_modules/@openpgp/tweetnacl/nacl-fast-light.js","../../src/crypto/random.js","../../src/crypto/public_key/prime.js","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../src/type/oid.js","../../src/crypto/public_key/elliptic/indutnyKey.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../node_modules/@openpgp/pako/lib/utils/common.js","../../node_modules/@openpgp/pako/lib/zlib/constants.js","../../node_modules/@openpgp/pako/lib/zlib/trees.js","../../node_modules/@openpgp/pako/lib/zlib/adler32.js","../../node_modules/@openpgp/pako/lib/zlib/crc32.js","../../node_modules/@openpgp/pako/lib/zlib/messages.js","../../node_modules/@openpgp/pako/lib/zlib/deflate.js","../../node_modules/@openpgp/pako/lib/utils/strings.js","../../node_modules/@openpgp/pako/lib/zlib/zstream.js","../../node_modules/@openpgp/pako/lib/deflate.js","../../node_modules/@openpgp/pako/lib/zlib/inffast.js","../../node_modules/@openpgp/pako/lib/zlib/inftrees.js","../../node_modules/@openpgp/pako/lib/zlib/inflate.js","../../node_modules/@openpgp/pako/lib/zlib/gzheader.js","../../node_modules/@openpgp/pako/lib/inflate.js","../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js","../../src/packet/literal_data.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/type/s2k.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/marker.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../node_modules/email-addresses/lib/email-addresses.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/packet/trust.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","import * as streams from './streams';\nimport { isArrayStream } from './writer';\n\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n if (streams.ReadableStream && streams.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'ponyfill';\n }\n if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) {\n return 'node';\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isNode } from './util';\nimport * as streams from './streams';\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Web / node stream conversion functions\n * From https://github.com/gwicke/node-web-streams\n */\n\nlet nodeToWeb;\nlet webToNode;\n\nif (NodeReadableStream) {\n\n /**\n * Convert a Node Readable Stream to a Web ReadableStream\n * @param {Readable} nodeStream\n * @returns {ReadableStream}\n */\n nodeToWeb = function(nodeStream) {\n let canceled = false;\n return new streams.ReadableStream({\n start(controller) {\n nodeStream.pause();\n nodeStream.on('data', chunk => {\n if (canceled) {\n return;\n }\n if (NodeBuffer.isBuffer(chunk)) {\n chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength);\n }\n controller.enqueue(chunk);\n nodeStream.pause();\n });\n nodeStream.on('end', () => {\n if (canceled) {\n return;\n }\n controller.close();\n });\n nodeStream.on('error', e => controller.error(e));\n },\n pull() {\n nodeStream.resume();\n },\n cancel(reason) {\n canceled = true;\n nodeStream.destroy(reason);\n }\n });\n };\n\n\n class NodeReadable extends NodeReadableStream {\n constructor(webStream, options) {\n super(options);\n this._reader = streams.getReader(webStream);\n }\n\n async _read(size) {\n try {\n while (true) {\n const { done, value } = await this._reader.read();\n if (done) {\n this.push(null);\n break;\n }\n if (!this.push(value)) {\n break;\n }\n }\n } catch (e) {\n this.destroy(e);\n }\n }\n\n async _destroy(error, callback) {\n this._reader.cancel(error).then(callback, callback);\n }\n }\n\n /**\n * Convert a Web ReadableStream to a Node Readable Stream\n * @param {ReadableStream} webStream\n * @param {Object} options\n * @returns {Readable}\n */\n webToNode = function(webStream, options) {\n return new NodeReadable(webStream, options);\n };\n\n}\n\nexport { nodeToWeb, webToNode };\n","import * as streams from './streams';\nimport { isUint8Array } from './util';\n\nconst doneReadingSet = new WeakSet();\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (streams.isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = async () => {};\n return;\n }\n let streamType = streams.isStream(input);\n if (streamType === 'node') {\n input = streams.nodeToWeb(input);\n }\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array } from './util';\nimport { nodeToWeb, webToNode } from './node-conversions';\nimport { Reader, externalBuffer } from './reader';\nimport { ArrayStream, Writer } from './writer';\n\nlet { ReadableStream, WritableStream, TransformStream } = globalThis;\n\nlet toPonyfillReadable, toNativeReadable;\n\nasync function loadStreamsPonyfill() {\n if (TransformStream) {\n return;\n }\n\n const [ponyfill, adapter] = await Promise.all([\n import('web-streams-polyfill/ponyfill/es6'),\n import('@mattiasbuelens/web-streams-adapter')\n ]);\n\n ({ ReadableStream, WritableStream, TransformStream } = ponyfill);\n\n const { createReadableStreamWrapper } = adapter;\n\n if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) {\n toPonyfillReadable = createReadableStreamWrapper(ReadableStream);\n toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream);\n }\n}\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType === 'node') {\n return nodeToWeb(input);\n }\n if (streamType === 'web' && toPonyfillReadable) {\n return toPonyfillReadable(input);\n }\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert data to ArrayStream\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n if (NodeBuffer && NodeBuffer.isBuffer(list[0])) {\n return NodeBuffer.concat(list);\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n } else {\n lastBytes = returnValue;\n }\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input) && !(NodeBuffer && NodeBuffer.isBuffer(input))) {\n if (end === Infinity) end = input.length;\n return input.subarray(begin, end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n return input.cancel(reason);\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n\nexport { ReadableStream, WritableStream, TransformStream, ArrayStream, loadStreamsPonyfill, isStream, isArrayStream, isUint8Array, toStream, toPonyfillReadable, toNativeReadable, concatUint8Array, concatStream, concat, getReader, getWriter, pipe, transformRaw, transform, transformPair, parse, clone, passiveClone, slice, readToEnd, cancel, fromAsync, nodeToWeb, webToNode };\n","/* eslint-disable new-cap */\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * that wraps the native BigInt library.\n * Operations are not constant time,\n * but we try and limit timing leakage where we can\n * @module biginteger/native\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on null or undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n if (n instanceof Uint8Array) {\n const bytes = n;\n const hex = new Array(bytes.length);\n for (let i = 0; i < bytes.length; i++) {\n const hexByte = bytes[i].toString(16);\n hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte;\n }\n this.value = BigInt('0x0' + hex.join(''));\n } else {\n this.value = BigInt(n);\n }\n }\n\n clone() {\n return new BigInteger(this.value);\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value++;\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value--;\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value += x.value;\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value -= x.value;\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value *= x.value;\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value %= m.value;\n if (this.isNegative()) {\n this.iadd(m);\n }\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation using square and multiply\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n if (n.isZero()) throw Error('Modulo cannot be zero');\n if (n.isOne()) return new BigInteger(0);\n if (e.isNegative()) throw Error('Unsopported negative exponent');\n\n let exp = e.value;\n let x = this.value;\n\n x %= n.value;\n let r = BigInt(1);\n while (exp > BigInt(0)) {\n const lsb = exp & BigInt(1);\n exp >>= BigInt(1); // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n.value;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n.value; // Square\n }\n return new BigInteger(r);\n }\n\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n const { gcd, x } = this._egcd(n);\n if (!gcd.isOne()) {\n throw new Error('Inverse does not exist');\n }\n return x.add(n).mod(n);\n }\n\n /**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b)\n * @param {BigInteger} b - Second operand\n * @returns {{ gcd, x, y: BigInteger }}\n */\n _egcd(b) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n let a = this.value;\n b = b.value;\n\n while (b !== BigInt(0)) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: new BigInteger(xPrev),\n y: new BigInteger(yPrev),\n gcd: new BigInteger(a)\n };\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} b - Operand\n * @returns {BigInteger} gcd\n */\n gcd(b) {\n let a = this.value;\n b = b.value;\n while (b !== BigInt(0)) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return new BigInteger(a);\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value <<= x.value;\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value >>= x.value;\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value === x.value;\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value < x.value;\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value <= x.value;\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value > x.value;\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value >= x.value;\n }\n\n isZero() {\n return this.value === BigInt(0);\n }\n\n isOne() {\n return this.value === BigInt(1);\n }\n\n isNegative() {\n return this.value < BigInt(0);\n }\n\n isEven() {\n return !(this.value & BigInt(1));\n }\n\n abs() {\n const res = this.clone();\n if (this.isNegative()) {\n res.value = -res.value;\n }\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n const number = Number(this.value);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n const bit = (this.value >> BigInt(i)) & BigInt(1);\n return (bit === BigInt(0)) ? 0 : 1;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n const zero = new BigInteger(0);\n const one = new BigInteger(1);\n const negOne = new BigInteger(-1);\n\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = this.isNegative() ? negOne : zero;\n let bitlen = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(one).equal(target)) {\n bitlen++;\n }\n return bitlen;\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n const zero = new BigInteger(0);\n const negOne = new BigInteger(-1);\n\n const target = this.isNegative() ? negOne : zero;\n const eight = new BigInteger(8);\n let len = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(eight).equal(target)) {\n len++;\n }\n return len;\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = this.value.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? (length - rawLength) : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n }\n}\n","import BigInteger from './native.interface';\n\nconst detectBigInt = () => typeof BigInt !== 'undefined';\n\nasync function getBigInteger() {\n if (detectBigInt()) {\n return BigInteger;\n } else {\n const { default: BigInteger } = await import('./bn.interface');\n return BigInteger;\n }\n}\n\nexport { getBigInteger };\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'p256': 'p256',\n 'P-256': 'p256',\n 'secp256r1': 'p256',\n 'prime256v1': 'p256',\n '1.2.840.10045.3.1.7': 'p256',\n '2a8648ce3d030107': 'p256',\n '2A8648CE3D030107': 'p256',\n\n /** NIST P-384 Curve */\n 'p384': 'p384',\n 'P-384': 'p384',\n 'secp384r1': 'p384',\n '1.3.132.0.34': 'p384',\n '2b81040022': 'p384',\n '2B81040022': 'p384',\n\n /** NIST P-521 Curve */\n 'p521': 'p521',\n 'P-521': 'p521',\n 'secp521r1': 'p521',\n '1.3.132.0.35': 'p521',\n '2b81040023': 'p521',\n '2B81040023': 'p521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n '1.3.132.0.10': 'secp256k1',\n '2b8104000a': 'secp256k1',\n '2B8104000A': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519',\n 'ED25519': 'ed25519',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519',\n 'Ed25519': 'ed25519',\n '1.3.6.1.4.1.11591.15.1': 'ed25519',\n '2b06010401da470f01': 'ed25519',\n '2B06010401DA470F01': 'ed25519',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519',\n 'X25519': 'curve25519',\n 'cv25519': 'curve25519',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519',\n 'Curve25519': 'curve25519',\n '1.3.6.1.4.1.3029.1.5.1': 'curve25519',\n '2b060104019755010501': 'curve25519',\n '2B060104019755010501': 'curve25519',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',\n '2b2403030208010107': 'brainpoolP256r1',\n '2B2403030208010107': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',\n '2b240303020801010b': 'brainpoolP384r1',\n '2B240303020801010B': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1',\n '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',\n '2b240303020801010d': 'brainpoolP512r1',\n '2B240303020801010D': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility\n /** @deprecated use `eddsaLegacy` instead */\n ed25519Legacy: 22,\n /** @deprecated use `eddsaLegacy` instead */\n eddsa: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n plaintext: 0,\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuer: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { getBigInteger } from './biginteger';\nimport enums from './enums';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n return bytes.subarray(2, 2 + bytelen);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const r = [];\n const e = bytes.length;\n let c = 0;\n let h;\n while (c < e) {\n h = bytes[c++].toString(16);\n while (h.length < 2) {\n h = '0' + h;\n }\n r.push('' + h);\n }\n return r.join('');\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography api, only the current version of the spec.\n * @returns {Object} The SubtleCrypto api or 'undefined'.\n */\n getWebCrypto: function() {\n return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n },\n\n /**\n * Get BigInteger class\n * It wraps the native BigInt type if it's available\n * Otherwise it relies on bn.js\n * @returns {BigInteger}\n * @async\n */\n getBigInteger,\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return require('crypto');\n },\n\n getNodeZlib: function() {\n return require('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (require('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = require('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^(([^<>()[\\]\\\\.,;:\\s@\"]+(\\.[^<>()[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\\-0-9]+)))$/;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha256,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * @memberof module:config\n * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9\n */\n deflateLevel: 6,\n\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.eax,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use V5 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v5Keys\n */\n v5Keys: false,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:\n * Iteration Count Byte for S2K (String to Key)\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * @memberof module:config\n * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum\n */\n checksumRequired: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * @memberof module:config\n * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored\n */\n revocationsExpire: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n\n /**\n * @memberof module:config\n * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available\n */\n minBytesForWebCrypto: 1000,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * Note: the indutny/elliptic curve library is not designed to be constant time.\n * @memberof module:config\n * @property {Boolean} useIndutnyElliptic\n */\n useIndutnyElliptic: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n } else\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n } else\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n } else\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n } else\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n } else\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n } else\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Splits a message into two parts, the body and the checksum. This is an internal function\n * @param {String} text - OpenPGP armored message part\n * @returns {Object} An object with attribute \"body\" containing the body.\n * and an attribute \"checksum\" containing the checksum.\n * @private\n */\nfunction splitChecksum(text) {\n let body = text;\n let checksum = '';\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n checksum = text.slice(lastEquals + 1).substr(0, 4);\n }\n\n return { body: body, checksum: checksum };\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input, config = defaultConfig) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n let checksum;\n let data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== 2) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === 2) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const split = splitChecksum(parts[0].slice(0, -1));\n checksum = split.checksum;\n await writer.write(split.body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n data = stream.transformPair(data, async (readable, writable) => {\n const checksumVerified = stream.readToEnd(getCheckSum(stream.passiveClone(readable)));\n checksumVerified.catch(() => {});\n await stream.pipe(readable, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n const checksumVerifiedString = (await checksumVerified).replace('\\n', '');\n if (checksum !== checksumVerifiedString && (checksum || config.checksumRequired)) {\n throw new Error('Ascii armor integrity check failed');\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n const bodyClone = stream.passiveClone(body);\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push('Hash: ' + hash + '\\n\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n * @private\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","/**\n * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}.\n * @author Artem S Vybornov \n * @license MIT\n */\nexport var AES_asm = function () {\n \"use strict\";\n\n /**\n * Galois Field stuff init flag\n */\n var ginit_done = false;\n\n /**\n * Galois Field exponentiation and logarithm tables for 3 (the generator)\n */\n var gexp3, glog3;\n\n /**\n * Init Galois Field tables\n */\n function ginit() {\n gexp3 = [],\n glog3 = [];\n\n var a = 1, c, d;\n for (c = 0; c < 255; c++) {\n gexp3[c] = a;\n\n // Multiply by three\n d = a & 0x80, a <<= 1, a &= 255;\n if (d === 0x80) a ^= 0x1b;\n a ^= gexp3[c];\n\n // Set the log table value\n glog3[gexp3[c]] = c;\n }\n gexp3[255] = gexp3[0];\n glog3[0] = 0;\n\n ginit_done = true;\n }\n\n /**\n * Galois Field multiplication\n * @param {number} a\n * @param {number} b\n * @return {number}\n */\n function gmul(a, b) {\n var c = gexp3[(glog3[a] + glog3[b]) % 255];\n if (a === 0 || b === 0) c = 0;\n return c;\n }\n\n /**\n * Galois Field reciprocal\n * @param {number} a\n * @return {number}\n */\n function ginv(a) {\n var i = gexp3[255 - glog3[a]];\n if (a === 0) i = 0;\n return i;\n }\n\n /**\n * AES stuff init flag\n */\n var aes_init_done = false;\n\n /**\n * Encryption, Decryption, S-Box and KeyTransform tables\n *\n * @type {number[]}\n */\n var aes_sbox;\n\n /**\n * @type {number[]}\n */\n var aes_sinv;\n\n /**\n * @type {number[][]}\n */\n var aes_enc;\n\n /**\n * @type {number[][]}\n */\n var aes_dec;\n\n /**\n * Init AES tables\n */\n function aes_init() {\n if (!ginit_done) ginit();\n\n // Calculates AES S-Box value\n function _s(a) {\n var c, s, x;\n s = x = ginv(a);\n for (c = 0; c < 4; c++) {\n s = ((s << 1) | (s >>> 7)) & 255;\n x ^= s;\n }\n x ^= 99;\n return x;\n }\n\n // Tables\n aes_sbox = [],\n aes_sinv = [],\n aes_enc = [[], [], [], []],\n aes_dec = [[], [], [], []];\n\n for (var i = 0; i < 256; i++) {\n var s = _s(i);\n\n // S-Box and its inverse\n aes_sbox[i] = s;\n aes_sinv[s] = i;\n\n // Ecryption and Decryption tables\n aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s);\n aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i);\n // Rotate tables\n for (var t = 1; t < 4; t++) {\n aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24);\n aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24);\n }\n }\n\n aes_init_done = true;\n }\n\n /**\n * Asm.js module constructor.\n *\n *

\n * Heap buffer layout by offset:\n * 

\n   * 0x0000   encryption key schedule\n   * 0x0400   decryption key schedule\n   * 0x0800   sbox\n   * 0x0c00   inv sbox\n   * 0x1000   encryption tables\n   * 0x2000   decryption tables\n   * 0x3000   reserved (future GCM multiplication lookup table)\n   * 0x4000   data\n   *
\n * Don't touch anything before 0x400.\n *

\n *\n * @alias AES_asm\n * @class\n * @param foreign - ignored\n * @param buffer - heap buffer to link with\n */\n var wrapper = function (foreign, buffer) {\n // Init AES stuff for the first time\n if (!aes_init_done) aes_init();\n\n // Fill up AES tables\n var heap = new Uint32Array(buffer);\n heap.set(aes_sbox, 0x0800 >> 2);\n heap.set(aes_sinv, 0x0c00 >> 2);\n for (var i = 0; i < 4; i++) {\n heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2);\n heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2);\n }\n\n /**\n * Calculate AES key schedules.\n * @instance\n * @memberof AES_asm\n * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly)\n * @param {number} k0 - key vector components\n * @param {number} k1 - key vector components\n * @param {number} k2 - key vector components\n * @param {number} k3 - key vector components\n * @param {number} k4 - key vector components\n * @param {number} k5 - key vector components\n * @param {number} k6 - key vector components\n * @param {number} k7 - key vector components\n */\n function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) {\n var ekeys = heap.subarray(0x000, 60),\n dkeys = heap.subarray(0x100, 0x100 + 60);\n\n // Encryption key schedule\n ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]);\n for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) {\n var k = ekeys[i - 1];\n if ((i % ks === 0) || (ks === 8 && i % ks === 4)) {\n k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255];\n }\n if (i % ks === 0) {\n k = (k << 8) ^ (k >>> 24) ^ (rcon << 24);\n rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0);\n }\n ekeys[i] = ekeys[i - ks] ^ k;\n }\n\n // Decryption key schedule\n for (var j = 0; j < i; j += 4) {\n for (var jj = 0; jj < 4; jj++) {\n var k = ekeys[i - (4 + j) + (4 - jj) % 4];\n if (j < 4 || j >= i - 4) {\n dkeys[j + jj] = k;\n } else {\n dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]]\n ^ aes_dec[1][aes_sbox[k >>> 16 & 255]]\n ^ aes_dec[2][aes_sbox[k >>> 8 & 255]]\n ^ aes_dec[3][aes_sbox[k & 255]];\n }\n }\n }\n\n // Set rounds number\n asm.set_rounds(ks + 5);\n }\n\n // create library object with necessary properties\n var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array};\n\n var asm = function (stdlib, foreign, buffer) {\n \"use asm\";\n\n var S0 = 0, S1 = 0, S2 = 0, S3 = 0,\n I0 = 0, I1 = 0, I2 = 0, I3 = 0,\n N0 = 0, N1 = 0, N2 = 0, N3 = 0,\n M0 = 0, M1 = 0, M2 = 0, M3 = 0,\n H0 = 0, H1 = 0, H2 = 0, H3 = 0,\n R = 0;\n\n var HEAP = new stdlib.Uint32Array(buffer),\n DATA = new stdlib.Uint8Array(buffer);\n\n /**\n * AES core\n * @param {number} k - precomputed key schedule offset\n * @param {number} s - precomputed sbox table offset\n * @param {number} t - precomputed round table offset\n * @param {number} r - number of inner rounds to perform\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _core(k, s, t, r, x0, x1, x2, x3) {\n k = k | 0;\n s = s | 0;\n t = t | 0;\n r = r | 0;\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t1 = 0, t2 = 0, t3 = 0,\n y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n i = 0;\n\n t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00;\n\n // round 0\n x0 = x0 ^ HEAP[(k | 0) >> 2],\n x1 = x1 ^ HEAP[(k | 4) >> 2],\n x2 = x2 ^ HEAP[(k | 8) >> 2],\n x3 = x3 ^ HEAP[(k | 12) >> 2];\n\n // round 1..r\n for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) {\n y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n x0 = y0, x1 = y1, x2 = y2, x3 = y3;\n }\n\n // final round\n S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n }\n\n /**\n * ECB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n x0,\n x1,\n x2,\n x3\n );\n }\n\n /**\n * ECB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n }\n\n\n /**\n * CBC mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0 ^ x0,\n I1 ^ x1,\n I2 ^ x2,\n I3 ^ x3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n }\n\n /**\n * CBC mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n\n S0 = S0 ^ I0,\n S1 = S1 ^ I1,\n S2 = S2 ^ I2,\n S3 = S3 ^ I3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * CFB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0 = S0 ^ x0,\n I1 = S1 = S1 ^ x1,\n I2 = S2 = S2 ^ x2,\n I3 = S3 = S3 ^ x3;\n }\n\n\n /**\n * CFB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * OFB mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ofb(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n }\n\n /**\n * CTR mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ctr(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n N0,\n N1,\n N2,\n N3\n );\n\n N3 = (~M3 & N3) | M3 & (N3 + 1);\n N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0));\n N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0));\n N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0));\n\n S0 = S0 ^ x0;\n S1 = S1 ^ x1;\n S2 = S2 ^ x2;\n S3 = S3 ^ x3;\n }\n\n /**\n * GCM mode MAC calculation\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _gcm_mac(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n z0 = 0, z1 = 0, z2 = 0, z3 = 0,\n i = 0, c = 0;\n\n x0 = x0 ^ I0,\n x1 = x1 ^ I1,\n x2 = x2 ^ I2,\n x3 = x3 ^ I3;\n\n y0 = H0 | 0,\n y1 = H1 | 0,\n y2 = H2 | 0,\n y3 = H3 | 0;\n\n for (; (i | 0) < 128; i = (i + 1) | 0) {\n if (y0 >>> 31) {\n z0 = z0 ^ x0,\n z1 = z1 ^ x1,\n z2 = z2 ^ x2,\n z3 = z3 ^ x3;\n }\n\n y0 = (y0 << 1) | (y1 >>> 31),\n y1 = (y1 << 1) | (y2 >>> 31),\n y2 = (y2 << 1) | (y3 >>> 31),\n y3 = (y3 << 1);\n\n c = x3 & 1;\n\n x3 = (x3 >>> 1) | (x2 << 31),\n x2 = (x2 >>> 1) | (x1 << 31),\n x1 = (x1 >>> 1) | (x0 << 31),\n x0 = (x0 >>> 1);\n\n if (c) x0 = x0 ^ 0xe1000000;\n }\n\n I0 = z0,\n I1 = z1,\n I2 = z2,\n I3 = z3;\n }\n\n /**\n * Set the internal rounds number.\n * @instance\n * @memberof AES_asm\n * @param {number} r - number if inner AES rounds\n */\n function set_rounds(r) {\n r = r | 0;\n R = r;\n }\n\n /**\n * Populate the internal state of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} s0 - state vector\n * @param {number} s1 - state vector\n * @param {number} s2 - state vector\n * @param {number} s3 - state vector\n */\n function set_state(s0, s1, s2, s3) {\n s0 = s0 | 0;\n s1 = s1 | 0;\n s2 = s2 | 0;\n s3 = s3 | 0;\n\n S0 = s0,\n S1 = s1,\n S2 = s2,\n S3 = s3;\n }\n\n /**\n * Populate the internal iv of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} i0 - iv vector\n * @param {number} i1 - iv vector\n * @param {number} i2 - iv vector\n * @param {number} i3 - iv vector\n */\n function set_iv(i0, i1, i2, i3) {\n i0 = i0 | 0;\n i1 = i1 | 0;\n i2 = i2 | 0;\n i3 = i3 | 0;\n\n I0 = i0,\n I1 = i1,\n I2 = i2,\n I3 = i3;\n }\n\n /**\n * Set nonce for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} n0 - nonce vector\n * @param {number} n1 - nonce vector\n * @param {number} n2 - nonce vector\n * @param {number} n3 - nonce vector\n */\n function set_nonce(n0, n1, n2, n3) {\n n0 = n0 | 0;\n n1 = n1 | 0;\n n2 = n2 | 0;\n n3 = n3 | 0;\n\n N0 = n0,\n N1 = n1,\n N2 = n2,\n N3 = n3;\n }\n\n /**\n * Set counter mask for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} m0 - counter mask vector\n * @param {number} m1 - counter mask vector\n * @param {number} m2 - counter mask vector\n * @param {number} m3 - counter mask vector\n */\n function set_mask(m0, m1, m2, m3) {\n m0 = m0 | 0;\n m1 = m1 | 0;\n m2 = m2 | 0;\n m3 = m3 | 0;\n\n M0 = m0,\n M1 = m1,\n M2 = m2,\n M3 = m3;\n }\n\n /**\n * Set counter for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} c0 - counter vector\n * @param {number} c1 - counter vector\n * @param {number} c2 - counter vector\n * @param {number} c3 - counter vector\n */\n function set_counter(c0, c1, c2, c3) {\n c0 = c0 | 0;\n c1 = c1 | 0;\n c2 = c2 | 0;\n c3 = c3 | 0;\n\n N3 = (~M3 & N3) | M3 & c3,\n N2 = (~M2 & N2) | M2 & c2,\n N1 = (~M1 & N1) | M1 & c1,\n N0 = (~M0 & N0) | M0 & c0;\n }\n\n /**\n * Store the internal state vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_state(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n return 16;\n }\n\n /**\n * Store the internal iv vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_iv(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = I0 >>> 24,\n DATA[pos | 1] = I0 >>> 16 & 255,\n DATA[pos | 2] = I0 >>> 8 & 255,\n DATA[pos | 3] = I0 & 255,\n DATA[pos | 4] = I1 >>> 24,\n DATA[pos | 5] = I1 >>> 16 & 255,\n DATA[pos | 6] = I1 >>> 8 & 255,\n DATA[pos | 7] = I1 & 255,\n DATA[pos | 8] = I2 >>> 24,\n DATA[pos | 9] = I2 >>> 16 & 255,\n DATA[pos | 10] = I2 >>> 8 & 255,\n DATA[pos | 11] = I2 & 255,\n DATA[pos | 12] = I3 >>> 24,\n DATA[pos | 13] = I3 >>> 16 & 255,\n DATA[pos | 14] = I3 >>> 8 & 255,\n DATA[pos | 15] = I3 & 255;\n\n return 16;\n }\n\n /**\n * GCM initialization.\n * @instance\n * @memberof AES_asm\n */\n function gcm_init() {\n _ecb_enc(0, 0, 0, 0);\n H0 = S0,\n H1 = S1,\n H2 = S2,\n H3 = S3;\n }\n\n /**\n * Perform ciphering operation on the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function cipher(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _cipher_modes[mode & 7](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * Calculates MAC of the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function mac(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _mac_modes[mode & 1](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * AES cipher modes table (virual methods)\n */\n var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr];\n\n /**\n * AES MAC modes table (virual methods)\n */\n var _mac_modes = [_cbc_enc, _gcm_mac];\n\n /**\n * Asm.js module exports\n */\n return {\n set_rounds: set_rounds,\n set_state: set_state,\n set_iv: set_iv,\n set_nonce: set_nonce,\n set_mask: set_mask,\n set_counter: set_counter,\n get_state: get_state,\n get_iv: get_iv,\n gcm_init: gcm_init,\n cipher: cipher,\n mac: mac,\n };\n }(stdlib, foreign, buffer);\n\n asm.set_key = set_key;\n\n return asm;\n };\n\n /**\n * AES enciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.ENC = {\n ECB: 0,\n CBC: 2,\n CFB: 4,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES deciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.DEC = {\n ECB: 1,\n CBC: 3,\n CFB: 5,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES MAC mode constants\n * @enum {number}\n * @const\n */\n wrapper.MAC = {\n CBC: 0,\n GCM: 1,\n };\n\n /**\n * Heap data offset\n * @type {number}\n * @const\n */\n wrapper.HEAP_DATA = 0x4000;\n\n return wrapper;\n}();\n","const local_atob = typeof atob === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'base64').toString('binary') : atob;\nconst local_btoa = typeof btoa === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'binary').toString('base64') : btoa;\nexport function string_to_bytes(str, utf8 = false) {\n var len = str.length, bytes = new Uint8Array(utf8 ? 4 * len : len);\n for (var i = 0, j = 0; i < len; i++) {\n var c = str.charCodeAt(i);\n if (utf8 && 0xd800 <= c && c <= 0xdbff) {\n if (++i >= len)\n throw new Error('Malformed string, low surrogate expected at position ' + i);\n c = ((c ^ 0xd800) << 10) | 0x10000 | (str.charCodeAt(i) ^ 0xdc00);\n }\n else if (!utf8 && c >>> 8) {\n throw new Error('Wide characters are not allowed.');\n }\n if (!utf8 || c <= 0x7f) {\n bytes[j++] = c;\n }\n else if (c <= 0x7ff) {\n bytes[j++] = 0xc0 | (c >> 6);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else if (c <= 0xffff) {\n bytes[j++] = 0xe0 | (c >> 12);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else {\n bytes[j++] = 0xf0 | (c >> 18);\n bytes[j++] = 0x80 | ((c >> 12) & 0x3f);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n }\n return bytes.subarray(0, j);\n}\nexport function hex_to_bytes(str) {\n var len = str.length;\n if (len & 1) {\n str = '0' + str;\n len++;\n }\n var bytes = new Uint8Array(len >> 1);\n for (var i = 0; i < len; i += 2) {\n bytes[i >> 1] = parseInt(str.substr(i, 2), 16);\n }\n return bytes;\n}\nexport function base64_to_bytes(str) {\n return string_to_bytes(local_atob(str));\n}\nexport function bytes_to_string(bytes, utf8 = false) {\n var len = bytes.length, chars = new Array(len);\n for (var i = 0, j = 0; i < len; i++) {\n var b = bytes[i];\n if (!utf8 || b < 128) {\n chars[j++] = b;\n }\n else if (b >= 192 && b < 224 && i + 1 < len) {\n chars[j++] = ((b & 0x1f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 224 && b < 240 && i + 2 < len) {\n chars[j++] = ((b & 0xf) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 240 && b < 248 && i + 3 < len) {\n var c = ((b & 7) << 18) | ((bytes[++i] & 0x3f) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n if (c <= 0xffff) {\n chars[j++] = c;\n }\n else {\n c ^= 0x10000;\n chars[j++] = 0xd800 | (c >> 10);\n chars[j++] = 0xdc00 | (c & 0x3ff);\n }\n }\n else {\n throw new Error('Malformed UTF8 character at byte offset ' + i);\n }\n }\n var str = '', bs = 16384;\n for (var i = 0; i < j; i += bs) {\n str += String.fromCharCode.apply(String, chars.slice(i, i + bs <= j ? i + bs : j));\n }\n return str;\n}\nexport function bytes_to_hex(arr) {\n var str = '';\n for (var i = 0; i < arr.length; i++) {\n var h = (arr[i] & 0xff).toString(16);\n if (h.length < 2)\n str += '0';\n str += h;\n }\n return str;\n}\nexport function bytes_to_base64(arr) {\n return local_btoa(bytes_to_string(arr));\n}\nexport function pow2_ceil(a) {\n a -= 1;\n a |= a >>> 1;\n a |= a >>> 2;\n a |= a >>> 4;\n a |= a >>> 8;\n a |= a >>> 16;\n a += 1;\n return a;\n}\nexport function is_number(a) {\n return typeof a === 'number';\n}\nexport function is_string(a) {\n return typeof a === 'string';\n}\nexport function is_buffer(a) {\n return a instanceof ArrayBuffer;\n}\nexport function is_bytes(a) {\n return a instanceof Uint8Array;\n}\nexport function is_typed_array(a) {\n return (a instanceof Int8Array ||\n a instanceof Uint8Array ||\n a instanceof Int16Array ||\n a instanceof Uint16Array ||\n a instanceof Int32Array ||\n a instanceof Uint32Array ||\n a instanceof Float32Array ||\n a instanceof Float64Array);\n}\nexport function _heap_init(heap, heapSize) {\n const size = heap ? heap.byteLength : heapSize || 65536;\n if (size & 0xfff || size <= 0)\n throw new Error('heap size must be a positive integer and a multiple of 4096');\n heap = heap || new Uint8Array(new ArrayBuffer(size));\n return heap;\n}\nexport function _heap_write(heap, hpos, data, dpos, dlen) {\n const hlen = heap.length - hpos;\n const wlen = hlen < dlen ? hlen : dlen;\n heap.set(data.subarray(dpos, dpos + wlen), hpos);\n return wlen;\n}\nexport function joinBytes(...arg) {\n const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0);\n const ret = new Uint8Array(totalLenght);\n let cursor = 0;\n for (let i = 0; i < arg.length; i++) {\n ret.set(arg[i], cursor);\n cursor += arg[i].length;\n }\n return ret;\n}\n","export class IllegalStateError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalStateError' } });\n }\n}\nexport class IllegalArgumentError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalArgumentError' } });\n }\n}\nexport class SecurityError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'SecurityError' } });\n }\n}\n","import { AES_asm } from './aes.asm';\nimport { _heap_init, _heap_write, is_bytes } from '../other/utils';\nimport { IllegalArgumentError, SecurityError } from '../other/errors';\nconst heap_pool = [];\nconst asm_pool = [];\nexport class AES {\n constructor(key, iv, padding = true, mode, heap, asm) {\n this.pos = 0;\n this.len = 0;\n this.mode = mode;\n // The AES object state\n this.pos = 0;\n this.len = 0;\n this.key = key;\n this.iv = iv;\n this.padding = padding;\n // The AES \"worker\"\n this.acquire_asm(heap, asm);\n }\n acquire_asm(heap, asm) {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA);\n this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer);\n this.reset(this.key, this.iv);\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n reset(key, iv) {\n const { asm } = this.acquire_asm();\n // Key\n const keylen = key.length;\n if (keylen !== 16 && keylen !== 24 && keylen !== 32)\n throw new IllegalArgumentError('illegal key size');\n const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength);\n asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0);\n // IV\n if (iv !== undefined) {\n if (iv.length !== 16)\n throw new IllegalArgumentError('illegal iv size');\n let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12));\n }\n else {\n asm.set_iv(0, 0, 0, 0);\n }\n }\n AES_Encrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n let result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Encrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let plen = 16 - (len % 16);\n let rlen = len;\n if (this.hasOwnProperty('padding')) {\n if (this.padding) {\n for (let p = 0; p < plen; ++p) {\n heap[pos + len + p] = plen;\n }\n len += plen;\n rlen = len;\n }\n else if (len % 16) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n }\n else {\n len += plen;\n }\n const result = new Uint8Array(rlen);\n if (len)\n asm.cipher(amode, hpos + pos, len);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n AES_Decrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let plen = 0;\n let wlen = 0;\n if (this.padding) {\n plen = len + dlen - rlen || 16;\n rlen -= plen;\n }\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0));\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Decrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let rlen = len;\n if (len > 0) {\n if (len % 16) {\n if (this.hasOwnProperty('padding')) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n else {\n len += 16 - (len % 16);\n }\n }\n asm.cipher(amode, hpos + pos, len);\n if (this.hasOwnProperty('padding') && this.padding) {\n let pad = heap[pos + rlen - 1];\n if (pad < 1 || pad > 16 || pad > rlen)\n throw new SecurityError('bad padding');\n let pcheck = 0;\n for (let i = pad; i > 1; i--)\n pcheck |= pad ^ heap[pos + rlen - i];\n if (pcheck)\n throw new SecurityError('bad padding');\n rlen -= pad;\n }\n }\n const result = new Uint8Array(rlen);\n if (rlen > 0) {\n result.set(heap.subarray(pos, pos + rlen));\n }\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_ECB {\n static encrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).encrypt(data);\n }\n static decrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).decrypt(data);\n }\n constructor(key, padding = false, aes) {\n this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import { AES_ECB } from '@openpgp/asmcrypto.js/dist_es8/aes/ecb';\n\n/**\n * Javascript AES implementation.\n * This is used as fallback if the native Crypto APIs are not available.\n */\nfunction aes(length) {\n const C = function(key) {\n const aesECB = new AES_ECB(key);\n\n this.encrypt = function(block) {\n return aesECB.encrypt(block);\n };\n\n this.decrypt = function(block) {\n return aesECB.decrypt(block);\n };\n };\n\n C.blockSize = C.prototype.blockSize = 16;\n C.keySize = C.prototype.keySize = length / 8;\n\n return C;\n}\n\nexport default aes;\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * @fileoverview Symmetric cryptography functions\n * @module crypto/cipher\n * @private\n */\n\nimport aes from './aes';\nimport { DES, TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TF from './twofish';\nimport BF from './blowfish';\n\n/**\n * AES-128 encryption and decryption (ID 7)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes128 = aes(128);\n/**\n * AES-128 Block Cipher (ID 8)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes192 = aes(192);\n/**\n * AES-128 Block Cipher (ID 9)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes256 = aes(256);\n// Not in OpenPGP specifications\nexport const des = DES;\n/**\n * Triple DES Block Cipher (ID 2)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67}\n * @returns {Object}\n */\nexport const tripledes = TripleDES;\n/**\n * CAST-128 Block Cipher (ID 3)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm}\n * @returns {Object}\n */\nexport const cast5 = CAST5;\n/**\n * Twofish Block Cipher (ID 10)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH}\n * @returns {Object}\n */\nexport const twofish = TF;\n/**\n * Blowfish Block Cipher (ID 4)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH}\n * @returns {Object}\n */\nexport const blowfish = BF;\n/**\n * Not implemented\n * @function\n * @throws {Error}\n */\nexport const idea = function() {\n throw new Error('IDEA symmetric-key algorithm not implemented');\n};\n","export var sha1_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0,\n w16 = 0, w17 = 0, w18 = 0, w19 = 0,\n w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0,\n w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0,\n w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0,\n w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0,\n w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0,\n w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n\n // 0\n t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 1\n t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 2\n t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 3\n t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 4\n t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 5\n t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 6\n t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 7\n t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 8\n t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 9\n t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 10\n t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 11\n t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 12\n t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 13\n t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 14\n t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 15\n t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 16\n n = w13 ^ w8 ^ w2 ^ w0;\n w16 = (n << 1) | (n >>> 31);\n t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 17\n n = w14 ^ w9 ^ w3 ^ w1;\n w17 = (n << 1) | (n >>> 31);\n t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 18\n n = w15 ^ w10 ^ w4 ^ w2;\n w18 = (n << 1) | (n >>> 31);\n t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 19\n n = w16 ^ w11 ^ w5 ^ w3;\n w19 = (n << 1) | (n >>> 31);\n t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 20\n n = w17 ^ w12 ^ w6 ^ w4;\n w20 = (n << 1) | (n >>> 31);\n t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 21\n n = w18 ^ w13 ^ w7 ^ w5;\n w21 = (n << 1) | (n >>> 31);\n t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 22\n n = w19 ^ w14 ^ w8 ^ w6;\n w22 = (n << 1) | (n >>> 31);\n t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 23\n n = w20 ^ w15 ^ w9 ^ w7;\n w23 = (n << 1) | (n >>> 31);\n t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 24\n n = w21 ^ w16 ^ w10 ^ w8;\n w24 = (n << 1) | (n >>> 31);\n t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 25\n n = w22 ^ w17 ^ w11 ^ w9;\n w25 = (n << 1) | (n >>> 31);\n t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 26\n n = w23 ^ w18 ^ w12 ^ w10;\n w26 = (n << 1) | (n >>> 31);\n t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 27\n n = w24 ^ w19 ^ w13 ^ w11;\n w27 = (n << 1) | (n >>> 31);\n t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 28\n n = w25 ^ w20 ^ w14 ^ w12;\n w28 = (n << 1) | (n >>> 31);\n t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 29\n n = w26 ^ w21 ^ w15 ^ w13;\n w29 = (n << 1) | (n >>> 31);\n t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 30\n n = w27 ^ w22 ^ w16 ^ w14;\n w30 = (n << 1) | (n >>> 31);\n t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 31\n n = w28 ^ w23 ^ w17 ^ w15;\n w31 = (n << 1) | (n >>> 31);\n t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 32\n n = w29 ^ w24 ^ w18 ^ w16;\n w32 = (n << 1) | (n >>> 31);\n t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 33\n n = w30 ^ w25 ^ w19 ^ w17;\n w33 = (n << 1) | (n >>> 31);\n t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 34\n n = w31 ^ w26 ^ w20 ^ w18;\n w34 = (n << 1) | (n >>> 31);\n t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 35\n n = w32 ^ w27 ^ w21 ^ w19;\n w35 = (n << 1) | (n >>> 31);\n t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 36\n n = w33 ^ w28 ^ w22 ^ w20;\n w36 = (n << 1) | (n >>> 31);\n t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 37\n n = w34 ^ w29 ^ w23 ^ w21;\n w37 = (n << 1) | (n >>> 31);\n t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 38\n n = w35 ^ w30 ^ w24 ^ w22;\n w38 = (n << 1) | (n >>> 31);\n t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 39\n n = w36 ^ w31 ^ w25 ^ w23;\n w39 = (n << 1) | (n >>> 31);\n t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 40\n n = w37 ^ w32 ^ w26 ^ w24;\n w40 = (n << 1) | (n >>> 31);\n t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 41\n n = w38 ^ w33 ^ w27 ^ w25;\n w41 = (n << 1) | (n >>> 31);\n t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 42\n n = w39 ^ w34 ^ w28 ^ w26;\n w42 = (n << 1) | (n >>> 31);\n t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 43\n n = w40 ^ w35 ^ w29 ^ w27;\n w43 = (n << 1) | (n >>> 31);\n t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 44\n n = w41 ^ w36 ^ w30 ^ w28;\n w44 = (n << 1) | (n >>> 31);\n t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 45\n n = w42 ^ w37 ^ w31 ^ w29;\n w45 = (n << 1) | (n >>> 31);\n t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 46\n n = w43 ^ w38 ^ w32 ^ w30;\n w46 = (n << 1) | (n >>> 31);\n t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 47\n n = w44 ^ w39 ^ w33 ^ w31;\n w47 = (n << 1) | (n >>> 31);\n t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 48\n n = w45 ^ w40 ^ w34 ^ w32;\n w48 = (n << 1) | (n >>> 31);\n t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 49\n n = w46 ^ w41 ^ w35 ^ w33;\n w49 = (n << 1) | (n >>> 31);\n t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 50\n n = w47 ^ w42 ^ w36 ^ w34;\n w50 = (n << 1) | (n >>> 31);\n t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 51\n n = w48 ^ w43 ^ w37 ^ w35;\n w51 = (n << 1) | (n >>> 31);\n t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 52\n n = w49 ^ w44 ^ w38 ^ w36;\n w52 = (n << 1) | (n >>> 31);\n t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 53\n n = w50 ^ w45 ^ w39 ^ w37;\n w53 = (n << 1) | (n >>> 31);\n t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 54\n n = w51 ^ w46 ^ w40 ^ w38;\n w54 = (n << 1) | (n >>> 31);\n t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 55\n n = w52 ^ w47 ^ w41 ^ w39;\n w55 = (n << 1) | (n >>> 31);\n t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 56\n n = w53 ^ w48 ^ w42 ^ w40;\n w56 = (n << 1) | (n >>> 31);\n t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 57\n n = w54 ^ w49 ^ w43 ^ w41;\n w57 = (n << 1) | (n >>> 31);\n t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 58\n n = w55 ^ w50 ^ w44 ^ w42;\n w58 = (n << 1) | (n >>> 31);\n t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 59\n n = w56 ^ w51 ^ w45 ^ w43;\n w59 = (n << 1) | (n >>> 31);\n t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 60\n n = w57 ^ w52 ^ w46 ^ w44;\n w60 = (n << 1) | (n >>> 31);\n t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 61\n n = w58 ^ w53 ^ w47 ^ w45;\n w61 = (n << 1) | (n >>> 31);\n t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 62\n n = w59 ^ w54 ^ w48 ^ w46;\n w62 = (n << 1) | (n >>> 31);\n t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 63\n n = w60 ^ w55 ^ w49 ^ w47;\n w63 = (n << 1) | (n >>> 31);\n t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 64\n n = w61 ^ w56 ^ w50 ^ w48;\n w64 = (n << 1) | (n >>> 31);\n t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 65\n n = w62 ^ w57 ^ w51 ^ w49;\n w65 = (n << 1) | (n >>> 31);\n t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 66\n n = w63 ^ w58 ^ w52 ^ w50;\n w66 = (n << 1) | (n >>> 31);\n t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 67\n n = w64 ^ w59 ^ w53 ^ w51;\n w67 = (n << 1) | (n >>> 31);\n t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 68\n n = w65 ^ w60 ^ w54 ^ w52;\n w68 = (n << 1) | (n >>> 31);\n t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 69\n n = w66 ^ w61 ^ w55 ^ w53;\n w69 = (n << 1) | (n >>> 31);\n t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 70\n n = w67 ^ w62 ^ w56 ^ w54;\n w70 = (n << 1) | (n >>> 31);\n t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 71\n n = w68 ^ w63 ^ w57 ^ w55;\n w71 = (n << 1) | (n >>> 31);\n t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 72\n n = w69 ^ w64 ^ w58 ^ w56;\n w72 = (n << 1) | (n >>> 31);\n t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 73\n n = w70 ^ w65 ^ w59 ^ w57;\n w73 = (n << 1) | (n >>> 31);\n t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 74\n n = w71 ^ w66 ^ w60 ^ w58;\n w74 = (n << 1) | (n >>> 31);\n t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 75\n n = w72 ^ w67 ^ w61 ^ w59;\n w75 = (n << 1) | (n >>> 31);\n t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 76\n n = w73 ^ w68 ^ w62 ^ w60;\n w76 = (n << 1) | (n >>> 31);\n t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 77\n n = w74 ^ w69 ^ w63 ^ w61;\n w77 = (n << 1) | (n >>> 31);\n t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 78\n n = w75 ^ w70 ^ w64 ^ w62;\n w78 = (n << 1) | (n >>> 31);\n t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 79\n n = w76 ^ w71 ^ w65 ^ w63;\n w79 = (n << 1) | (n >>> 31);\n t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n }\n\n function reset () {\n H0 = 0x67452301;\n H1 = 0xefcdab89;\n H2 = 0x98badcfe;\n H3 = 0x10325476;\n H4 = 0xc3d2e1f0;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA1\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA1\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA1\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","import { _heap_write } from '../other/utils';\nimport { IllegalStateError } from '../other/errors';\nexport class Hash {\n constructor() {\n this.pos = 0;\n this.len = 0;\n }\n reset() {\n const { asm } = this.acquire_asm();\n this.result = null;\n this.pos = 0;\n this.len = 0;\n asm.reset();\n return this;\n }\n process(data) {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n let hpos = this.pos;\n let hlen = this.len;\n let dpos = 0;\n let dlen = data.length;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen);\n hlen += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.process(hpos, hlen);\n hpos += wlen;\n hlen -= wlen;\n if (!hlen)\n hpos = 0;\n }\n this.pos = hpos;\n this.len = hlen;\n return this;\n }\n finish() {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n asm.finish(this.pos, this.len, 0);\n this.result = new Uint8Array(this.HASH_SIZE);\n this.result.set(heap.subarray(0, this.HASH_SIZE));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return this;\n }\n}\n","import { sha1_asm } from './sha1.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha1_block_size = 64;\nexport const _sha1_hash_size = 20;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha1 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha1';\n this.BLOCK_SIZE = _sha1_block_size;\n this.HASH_SIZE = _sha1_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha1().process(data).finish().result;\n }\n}\nSha1.NAME = 'sha1';\nSha1.heap_pool = [];\nSha1.asm_pool = [];\nSha1.asm_function = sha1_asm;\n","import { sha256_asm } from './sha256.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha256_block_size = 64;\nexport const _sha256_hash_size = 32;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha256 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha256';\n this.BLOCK_SIZE = _sha256_block_size;\n this.HASH_SIZE = _sha256_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha256().process(data).finish().result;\n }\n}\nSha256.NAME = 'sha256';\n","export var sha256_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n f = H5;\n g = H6;\n h = H7;\n \n // 0\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 1\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 2\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 3\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 4\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 5\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 6\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 7\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 8\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 9\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 10\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 11\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 12\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 13\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 14\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 15\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 16\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 17\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 18\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 19\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 20\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 21\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 22\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 23\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 24\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 25\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 26\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 27\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 28\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 29\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 30\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 31\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 32\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 33\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 34\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 35\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 36\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 37\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 38\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 39\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 40\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 41\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 42\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 43\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 44\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 45\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 46\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 47\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 48\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 49\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 50\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 51\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 52\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 53\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 54\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 55\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 56\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 57\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 58\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 59\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 60\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 61\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 62\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 63\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n H5 = ( H5 + f )|0;\n H6 = ( H6 + g )|0;\n H7 = ( H7 + h )|0;\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n HEAP[output|20] = H5>>>24;\n HEAP[output|21] = H5>>>16&255;\n HEAP[output|22] = H5>>>8&255;\n HEAP[output|23] = H5&255;\n HEAP[output|24] = H6>>>24;\n HEAP[output|25] = H6>>>16&255;\n HEAP[output|26] = H6>>>8&255;\n HEAP[output|27] = H6&255;\n HEAP[output|28] = H7>>>24;\n HEAP[output|29] = H7>>>16&255;\n HEAP[output|30] = H7>>>8&255;\n HEAP[output|31] = H7&255;\n }\n\n function reset () {\n H0 = 0x6a09e667;\n H1 = 0xbb67ae85;\n H2 = 0x3c6ef372;\n H3 = 0xa54ff53a;\n H4 = 0x510e527f;\n H5 = 0x9b05688c;\n H6 = 0x1f83d9ab;\n H7 = 0x5be0cd19;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n h5 = h5|0;\n h6 = h6|0;\n h7 = h7|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n H5 = I5;\n H6 = I6;\n H7 = I7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n H5 = O5;\n H6 = O6;\n H7 = O7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n O5 = H5;\n O6 = H6;\n O7 = H7;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n I5 = H5;\n I6 = H6;\n I7 = H7;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n h5 = h5 ^ H5;\n h6 = h6 ^ H6;\n h7 = h7 ^ H7;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA256\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA256\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA256\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","module.exports = assert;\n\nfunction assert(val, msg) {\n if (!val)\n throw new Error(msg || 'Assertion failed');\n}\n\nassert.equal = function assertEqual(l, r, msg) {\n if (l != r)\n throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));\n};\n","if (typeof Object.create === 'function') {\n // implementation from standard node.js 'util' module\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n ctor.prototype = Object.create(superCtor.prototype, {\n constructor: {\n value: ctor,\n enumerable: false,\n writable: true,\n configurable: true\n }\n });\n };\n} else {\n // old school shim for old browsers\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n var TempCtor = function () {}\n TempCtor.prototype = superCtor.prototype\n ctor.prototype = new TempCtor()\n ctor.prototype.constructor = ctor\n }\n}\n","'use strict';\n\nvar assert = require('minimalistic-assert');\nvar inherits = require('inherits');\n\nexports.inherits = inherits;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg === 'string') {\n if (!enc) {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n } else if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n }\n } else {\n for (i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n }\n return res;\n}\nexports.toArray = toArray;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nexports.toHex = toHex;\n\nfunction htonl(w) {\n var res = (w >>> 24) |\n ((w >>> 8) & 0xff00) |\n ((w << 8) & 0xff0000) |\n ((w & 0xff) << 24);\n return res >>> 0;\n}\nexports.htonl = htonl;\n\nfunction toHex32(msg, endian) {\n var res = '';\n for (var i = 0; i < msg.length; i++) {\n var w = msg[i];\n if (endian === 'little')\n w = htonl(w);\n res += zero8(w.toString(16));\n }\n return res;\n}\nexports.toHex32 = toHex32;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nexports.zero2 = zero2;\n\nfunction zero8(word) {\n if (word.length === 7)\n return '0' + word;\n else if (word.length === 6)\n return '00' + word;\n else if (word.length === 5)\n return '000' + word;\n else if (word.length === 4)\n return '0000' + word;\n else if (word.length === 3)\n return '00000' + word;\n else if (word.length === 2)\n return '000000' + word;\n else if (word.length === 1)\n return '0000000' + word;\n else\n return word;\n}\nexports.zero8 = zero8;\n\nfunction join32(msg, start, end, endian) {\n var len = end - start;\n assert(len % 4 === 0);\n var res = new Array(len / 4);\n for (var i = 0, k = start; i < res.length; i++, k += 4) {\n var w;\n if (endian === 'big')\n w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];\n else\n w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];\n res[i] = w >>> 0;\n }\n return res;\n}\nexports.join32 = join32;\n\nfunction split32(msg, endian) {\n var res = new Array(msg.length * 4);\n for (var i = 0, k = 0; i < msg.length; i++, k += 4) {\n var m = msg[i];\n if (endian === 'big') {\n res[k] = m >>> 24;\n res[k + 1] = (m >>> 16) & 0xff;\n res[k + 2] = (m >>> 8) & 0xff;\n res[k + 3] = m & 0xff;\n } else {\n res[k + 3] = m >>> 24;\n res[k + 2] = (m >>> 16) & 0xff;\n res[k + 1] = (m >>> 8) & 0xff;\n res[k] = m & 0xff;\n }\n }\n return res;\n}\nexports.split32 = split32;\n\nfunction rotr32(w, b) {\n return (w >>> b) | (w << (32 - b));\n}\nexports.rotr32 = rotr32;\n\nfunction rotl32(w, b) {\n return (w << b) | (w >>> (32 - b));\n}\nexports.rotl32 = rotl32;\n\nfunction sum32(a, b) {\n return (a + b) >>> 0;\n}\nexports.sum32 = sum32;\n\nfunction sum32_3(a, b, c) {\n return (a + b + c) >>> 0;\n}\nexports.sum32_3 = sum32_3;\n\nfunction sum32_4(a, b, c, d) {\n return (a + b + c + d) >>> 0;\n}\nexports.sum32_4 = sum32_4;\n\nfunction sum32_5(a, b, c, d, e) {\n return (a + b + c + d + e) >>> 0;\n}\nexports.sum32_5 = sum32_5;\n\nfunction sum64(buf, pos, ah, al) {\n var bh = buf[pos];\n var bl = buf[pos + 1];\n\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n buf[pos] = hi >>> 0;\n buf[pos + 1] = lo;\n}\nexports.sum64 = sum64;\n\nfunction sum64_hi(ah, al, bh, bl) {\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n return hi >>> 0;\n}\nexports.sum64_hi = sum64_hi;\n\nfunction sum64_lo(ah, al, bh, bl) {\n var lo = al + bl;\n return lo >>> 0;\n}\nexports.sum64_lo = sum64_lo;\n\nfunction sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n\n var hi = ah + bh + ch + dh + carry;\n return hi >>> 0;\n}\nexports.sum64_4_hi = sum64_4_hi;\n\nfunction sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {\n var lo = al + bl + cl + dl;\n return lo >>> 0;\n}\nexports.sum64_4_lo = sum64_4_lo;\n\nfunction sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n lo = (lo + el) >>> 0;\n carry += lo < el ? 1 : 0;\n\n var hi = ah + bh + ch + dh + eh + carry;\n return hi >>> 0;\n}\nexports.sum64_5_hi = sum64_5_hi;\n\nfunction sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var lo = al + bl + cl + dl + el;\n\n return lo >>> 0;\n}\nexports.sum64_5_lo = sum64_5_lo;\n\nfunction rotr64_hi(ah, al, num) {\n var r = (al << (32 - num)) | (ah >>> num);\n return r >>> 0;\n}\nexports.rotr64_hi = rotr64_hi;\n\nfunction rotr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.rotr64_lo = rotr64_lo;\n\nfunction shr64_hi(ah, al, num) {\n return ah >>> num;\n}\nexports.shr64_hi = shr64_hi;\n\nfunction shr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.shr64_lo = shr64_lo;\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction BlockHash() {\n this.pending = null;\n this.pendingTotal = 0;\n this.blockSize = this.constructor.blockSize;\n this.outSize = this.constructor.outSize;\n this.hmacStrength = this.constructor.hmacStrength;\n this.padLength = this.constructor.padLength / 8;\n this.endian = 'big';\n\n this._delta8 = this.blockSize / 8;\n this._delta32 = this.blockSize / 32;\n}\nexports.BlockHash = BlockHash;\n\nBlockHash.prototype.update = function update(msg, enc) {\n // Convert message to array, pad it, and join into 32bit blocks\n msg = utils.toArray(msg, enc);\n if (!this.pending)\n this.pending = msg;\n else\n this.pending = this.pending.concat(msg);\n this.pendingTotal += msg.length;\n\n // Enough data, try updating\n if (this.pending.length >= this._delta8) {\n msg = this.pending;\n\n // Process pending data in blocks\n var r = msg.length % this._delta8;\n this.pending = msg.slice(msg.length - r, msg.length);\n if (this.pending.length === 0)\n this.pending = null;\n\n msg = utils.join32(msg, 0, msg.length - r, this.endian);\n for (var i = 0; i < msg.length; i += this._delta32)\n this._update(msg, i, i + this._delta32);\n }\n\n return this;\n};\n\nBlockHash.prototype.digest = function digest(enc) {\n this.update(this._pad());\n assert(this.pending === null);\n\n return this._digest(enc);\n};\n\nBlockHash.prototype._pad = function pad() {\n var len = this.pendingTotal;\n var bytes = this._delta8;\n var k = bytes - ((len + this.padLength) % bytes);\n var res = new Array(k + this.padLength);\n res[0] = 0x80;\n for (var i = 1; i < k; i++)\n res[i] = 0;\n\n // Append length\n len <<= 3;\n if (this.endian === 'big') {\n for (var t = 8; t < this.padLength; t++)\n res[i++] = 0;\n\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = len & 0xff;\n } else {\n res[i++] = len & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n\n for (t = 8; t < this.padLength; t++)\n res[i++] = 0;\n }\n\n return res;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar rotr32 = utils.rotr32;\n\nfunction ft_1(s, x, y, z) {\n if (s === 0)\n return ch32(x, y, z);\n if (s === 1 || s === 3)\n return p32(x, y, z);\n if (s === 2)\n return maj32(x, y, z);\n}\nexports.ft_1 = ft_1;\n\nfunction ch32(x, y, z) {\n return (x & y) ^ ((~x) & z);\n}\nexports.ch32 = ch32;\n\nfunction maj32(x, y, z) {\n return (x & y) ^ (x & z) ^ (y & z);\n}\nexports.maj32 = maj32;\n\nfunction p32(x, y, z) {\n return x ^ y ^ z;\n}\nexports.p32 = p32;\n\nfunction s0_256(x) {\n return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);\n}\nexports.s0_256 = s0_256;\n\nfunction s1_256(x) {\n return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);\n}\nexports.s1_256 = s1_256;\n\nfunction g0_256(x) {\n return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);\n}\nexports.g0_256 = g0_256;\n\nfunction g1_256(x) {\n return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);\n}\nexports.g1_256 = g1_256;\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\nvar assert = require('minimalistic-assert');\n\nvar sum32 = utils.sum32;\nvar sum32_4 = utils.sum32_4;\nvar sum32_5 = utils.sum32_5;\nvar ch32 = shaCommon.ch32;\nvar maj32 = shaCommon.maj32;\nvar s0_256 = shaCommon.s0_256;\nvar s1_256 = shaCommon.s1_256;\nvar g0_256 = shaCommon.g0_256;\nvar g1_256 = shaCommon.g1_256;\n\nvar BlockHash = common.BlockHash;\n\nvar sha256_K = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n];\n\nfunction SHA256() {\n if (!(this instanceof SHA256))\n return new SHA256();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\n 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n ];\n this.k = sha256_K;\n this.W = new Array(64);\n}\nutils.inherits(SHA256, BlockHash);\nmodule.exports = SHA256;\n\nSHA256.blockSize = 512;\nSHA256.outSize = 256;\nSHA256.hmacStrength = 192;\nSHA256.padLength = 64;\n\nSHA256.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i++)\n W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n var f = this.h[5];\n var g = this.h[6];\n var h = this.h[7];\n\n assert(this.k.length === W.length);\n for (i = 0; i < W.length; i++) {\n var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);\n var T2 = sum32(s0_256(a), maj32(a, b, c));\n h = g;\n g = f;\n f = e;\n e = sum32(d, T1);\n d = c;\n c = b;\n b = a;\n a = sum32(T1, T2);\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n this.h[5] = sum32(this.h[5], f);\n this.h[6] = sum32(this.h[6], g);\n this.h[7] = sum32(this.h[7], h);\n};\n\nSHA256.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar SHA256 = require('./256');\n\nfunction SHA224() {\n if (!(this instanceof SHA224))\n return new SHA224();\n\n SHA256.call(this);\n this.h = [\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\n 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];\n}\nutils.inherits(SHA224, SHA256);\nmodule.exports = SHA224;\n\nSHA224.blockSize = 512;\nSHA224.outSize = 224;\nSHA224.hmacStrength = 192;\nSHA224.padLength = 64;\n\nSHA224.prototype._digest = function digest(enc) {\n // Just truncate output\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 7), 'big');\n else\n return utils.split32(this.h.slice(0, 7), 'big');\n};\n\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar assert = require('minimalistic-assert');\n\nvar rotr64_hi = utils.rotr64_hi;\nvar rotr64_lo = utils.rotr64_lo;\nvar shr64_hi = utils.shr64_hi;\nvar shr64_lo = utils.shr64_lo;\nvar sum64 = utils.sum64;\nvar sum64_hi = utils.sum64_hi;\nvar sum64_lo = utils.sum64_lo;\nvar sum64_4_hi = utils.sum64_4_hi;\nvar sum64_4_lo = utils.sum64_4_lo;\nvar sum64_5_hi = utils.sum64_5_hi;\nvar sum64_5_lo = utils.sum64_5_lo;\n\nvar BlockHash = common.BlockHash;\n\nvar sha512_K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction SHA512() {\n if (!(this instanceof SHA512))\n return new SHA512();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xf3bcc908,\n 0xbb67ae85, 0x84caa73b,\n 0x3c6ef372, 0xfe94f82b,\n 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1,\n 0x9b05688c, 0x2b3e6c1f,\n 0x1f83d9ab, 0xfb41bd6b,\n 0x5be0cd19, 0x137e2179 ];\n this.k = sha512_K;\n this.W = new Array(160);\n}\nutils.inherits(SHA512, BlockHash);\nmodule.exports = SHA512;\n\nSHA512.blockSize = 1024;\nSHA512.outSize = 512;\nSHA512.hmacStrength = 192;\nSHA512.padLength = 128;\n\nSHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {\n var W = this.W;\n\n // 32 x 32bit words\n for (var i = 0; i < 32; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i += 2) {\n var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2\n var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);\n var c1_hi = W[i - 14]; // i - 7\n var c1_lo = W[i - 13];\n var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15\n var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);\n var c3_hi = W[i - 32]; // i - 16\n var c3_lo = W[i - 31];\n\n W[i] = sum64_4_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n W[i + 1] = sum64_4_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n }\n};\n\nSHA512.prototype._update = function _update(msg, start) {\n this._prepareBlock(msg, start);\n\n var W = this.W;\n\n var ah = this.h[0];\n var al = this.h[1];\n var bh = this.h[2];\n var bl = this.h[3];\n var ch = this.h[4];\n var cl = this.h[5];\n var dh = this.h[6];\n var dl = this.h[7];\n var eh = this.h[8];\n var el = this.h[9];\n var fh = this.h[10];\n var fl = this.h[11];\n var gh = this.h[12];\n var gl = this.h[13];\n var hh = this.h[14];\n var hl = this.h[15];\n\n assert(this.k.length === W.length);\n for (var i = 0; i < W.length; i += 2) {\n var c0_hi = hh;\n var c0_lo = hl;\n var c1_hi = s1_512_hi(eh, el);\n var c1_lo = s1_512_lo(eh, el);\n var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);\n var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);\n var c3_hi = this.k[i];\n var c3_lo = this.k[i + 1];\n var c4_hi = W[i];\n var c4_lo = W[i + 1];\n\n var T1_hi = sum64_5_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n var T1_lo = sum64_5_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n\n c0_hi = s0_512_hi(ah, al);\n c0_lo = s0_512_lo(ah, al);\n c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);\n c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);\n\n var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);\n var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);\n\n hh = gh;\n hl = gl;\n\n gh = fh;\n gl = fl;\n\n fh = eh;\n fl = el;\n\n eh = sum64_hi(dh, dl, T1_hi, T1_lo);\n el = sum64_lo(dl, dl, T1_hi, T1_lo);\n\n dh = ch;\n dl = cl;\n\n ch = bh;\n cl = bl;\n\n bh = ah;\n bl = al;\n\n ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);\n al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);\n }\n\n sum64(this.h, 0, ah, al);\n sum64(this.h, 2, bh, bl);\n sum64(this.h, 4, ch, cl);\n sum64(this.h, 6, dh, dl);\n sum64(this.h, 8, eh, el);\n sum64(this.h, 10, fh, fl);\n sum64(this.h, 12, gh, gl);\n sum64(this.h, 14, hh, hl);\n};\n\nSHA512.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n\nfunction ch64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ ((~xh) & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction ch64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ ((~xl) & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 28);\n var c1_hi = rotr64_hi(xl, xh, 2); // 34\n var c2_hi = rotr64_hi(xl, xh, 7); // 39\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 28);\n var c1_lo = rotr64_lo(xl, xh, 2); // 34\n var c2_lo = rotr64_lo(xl, xh, 7); // 39\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 14);\n var c1_hi = rotr64_hi(xh, xl, 18);\n var c2_hi = rotr64_hi(xl, xh, 9); // 41\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 14);\n var c1_lo = rotr64_lo(xh, xl, 18);\n var c2_lo = rotr64_lo(xl, xh, 9); // 41\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 1);\n var c1_hi = rotr64_hi(xh, xl, 8);\n var c2_hi = shr64_hi(xh, xl, 7);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 1);\n var c1_lo = rotr64_lo(xh, xl, 8);\n var c2_lo = shr64_lo(xh, xl, 7);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 19);\n var c1_hi = rotr64_hi(xl, xh, 29); // 61\n var c2_hi = shr64_hi(xh, xl, 6);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 19);\n var c1_lo = rotr64_lo(xl, xh, 29); // 61\n var c2_lo = shr64_lo(xh, xl, 6);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n","'use strict';\n\nvar utils = require('../utils');\n\nvar SHA512 = require('./512');\n\nfunction SHA384() {\n if (!(this instanceof SHA384))\n return new SHA384();\n\n SHA512.call(this);\n this.h = [\n 0xcbbb9d5d, 0xc1059ed8,\n 0x629a292a, 0x367cd507,\n 0x9159015a, 0x3070dd17,\n 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31,\n 0x8eb44a87, 0x68581511,\n 0xdb0c2e0d, 0x64f98fa7,\n 0x47b5481d, 0xbefa4fa4 ];\n}\nutils.inherits(SHA384, SHA512);\nmodule.exports = SHA384;\n\nSHA384.blockSize = 1024;\nSHA384.outSize = 384;\nSHA384.hmacStrength = 192;\nSHA384.padLength = 128;\n\nSHA384.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 12), 'big');\n else\n return utils.split32(this.h.slice(0, 12), 'big');\n};\n","'use strict';\n\nvar utils = require('./utils');\nvar common = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_3 = utils.sum32_3;\nvar sum32_4 = utils.sum32_4;\nvar BlockHash = common.BlockHash;\n\nfunction RIPEMD160() {\n if (!(this instanceof RIPEMD160))\n return new RIPEMD160();\n\n BlockHash.call(this);\n\n this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];\n this.endian = 'little';\n}\nutils.inherits(RIPEMD160, BlockHash);\nexports.ripemd160 = RIPEMD160;\n\nRIPEMD160.blockSize = 512;\nRIPEMD160.outSize = 160;\nRIPEMD160.hmacStrength = 192;\nRIPEMD160.padLength = 64;\n\nRIPEMD160.prototype._update = function update(msg, start) {\n var A = this.h[0];\n var B = this.h[1];\n var C = this.h[2];\n var D = this.h[3];\n var E = this.h[4];\n var Ah = A;\n var Bh = B;\n var Ch = C;\n var Dh = D;\n var Eh = E;\n for (var j = 0; j < 80; j++) {\n var T = sum32(\n rotl32(\n sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),\n s[j]),\n E);\n A = E;\n E = D;\n D = rotl32(C, 10);\n C = B;\n B = T;\n T = sum32(\n rotl32(\n sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),\n sh[j]),\n Eh);\n Ah = Eh;\n Eh = Dh;\n Dh = rotl32(Ch, 10);\n Ch = Bh;\n Bh = T;\n }\n T = sum32_3(this.h[1], C, Dh);\n this.h[1] = sum32_3(this.h[2], D, Eh);\n this.h[2] = sum32_3(this.h[3], E, Ah);\n this.h[3] = sum32_3(this.h[4], A, Bh);\n this.h[4] = sum32_3(this.h[0], B, Ch);\n this.h[0] = T;\n};\n\nRIPEMD160.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'little');\n else\n return utils.split32(this.h, 'little');\n};\n\nfunction f(j, x, y, z) {\n if (j <= 15)\n return x ^ y ^ z;\n else if (j <= 31)\n return (x & y) | ((~x) & z);\n else if (j <= 47)\n return (x | (~y)) ^ z;\n else if (j <= 63)\n return (x & z) | (y & (~z));\n else\n return x ^ (y | (~z));\n}\n\nfunction K(j) {\n if (j <= 15)\n return 0x00000000;\n else if (j <= 31)\n return 0x5a827999;\n else if (j <= 47)\n return 0x6ed9eba1;\n else if (j <= 63)\n return 0x8f1bbcdc;\n else\n return 0xa953fd4e;\n}\n\nfunction Kh(j) {\n if (j <= 15)\n return 0x50a28be6;\n else if (j <= 31)\n return 0x5c4dd124;\n else if (j <= 47)\n return 0x6d703ef3;\n else if (j <= 63)\n return 0x7a6d76e9;\n else\n return 0x00000000;\n}\n\nvar r = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,\n 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,\n 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,\n 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13\n];\n\nvar rh = [\n 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,\n 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,\n 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,\n 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,\n 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11\n];\n\nvar s = [\n 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,\n 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,\n 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,\n 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,\n 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6\n];\n\nvar sh = [\n 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,\n 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,\n 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,\n 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,\n 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11\n];\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n * @private\n */\n\nimport { Sha1 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1';\nimport { Sha256 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256';\nimport sha224 from 'hash.js/lib/hash/sha/224';\nimport sha384 from 'hash.js/lib/hash/sha/384';\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport { ripemd160 } from 'hash.js/lib/hash/ripemd';\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport defaultConfig from '../../config';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction hashjsHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n }\n const hashInstance = hash();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => new Uint8Array(hashInstance.digest()));\n };\n}\n\nfunction asmcryptoHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hashInstance = new hash();\n return stream.transform(data, value => {\n hashInstance.process(value);\n }, () => hashInstance.finish().result);\n } else if (webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n } else {\n return hash.bytes(data);\n }\n };\n}\n\nconst hashFunctions = {\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'),\n sha224: nodeHash('sha224') || hashjsHash(sha224),\n sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'),\n sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),\n sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.\n ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)\n};\n\nexport default {\n\n /** @see module:md5 */\n md5: hashFunctions.md5,\n /** @see asmCrypto */\n sha1: hashFunctions.sha1,\n /** @see hash.js */\n sha224: hashFunctions.sha224,\n /** @see asmCrypto */\n sha256: hashFunctions.sha256,\n /** @see hash.js */\n sha384: hashFunctions.sha384,\n /** @see asmCrypto */\n sha512: hashFunctions.sha512,\n /** @see hash.js */\n ripemd: hashFunctions.ripemd,\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n default:\n throw new Error('Invalid hash function.');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CFB {\n static encrypt(data, key, iv) {\n return new AES_CFB(key, iv).encrypt(data);\n }\n static decrypt(data, key, iv) {\n return new AES_CFB(key, iv).decrypt(data);\n }\n constructor(key, iv, aes) {\n this.aes = aes ? aes : new AES(key, iv, true, 'CFB');\n delete this.aes.padding;\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import * as cipher from '.';\nimport enums from '../../enums';\n\n/**\n * Get implementation of the given cipher\n * @param {enums.symmetric} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport default function getCipher(algo) {\n const algoName = enums.read(enums.symmetric, algo);\n return cipher[algoName];\n}\n","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n * @private\n */\n\nimport { AES_CFB } from '@openpgp/asmcrypto.js/dist_es8/aes/cfb';\nimport * as stream from '@openpgp/web-stream-tools';\nimport getCipher from '../cipher/getCipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nfunction aesEncrypt(algo, key, pt, iv, config) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support\n !util.isStream(pt) &&\n pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2\n ) { // Web Crypto\n return webEncrypt(algo, key, pt, iv);\n }\n // asm.js fallback\n const cfb = new AES_CFB(key, iv);\n return stream.transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish());\n}\n\nfunction aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new AES_CFB(key, iv);\n return stream.transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish());\n }\n return AES_CFB.decrypt(ct, key, iv);\n}\n\nfunction xorMut(a, b) {\n for (let i = 0; i < a.length; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nasync function webEncrypt(algo, key, pt, iv) {\n const ALGO = 'AES-CBC';\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']);\n const { blockSize } = getCipher(algo);\n const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]);\n const ct = new Uint8Array(await webCrypto.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length);\n xorMut(ct, pt);\n return ct;\n}\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","import { AES } from './aes';\nimport { IllegalArgumentError } from '../other/errors';\nimport { joinBytes } from '../other/utils';\nexport class AES_CTR {\n static encrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n static decrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n constructor(key, nonce, aes) {\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n delete this.aes.padding;\n this.AES_CTR_set_options(nonce);\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n AES_CTR_set_options(nonce, counter, size) {\n let { asm } = this.aes.acquire_asm();\n if (size !== undefined) {\n if (size < 8 || size > 48)\n throw new IllegalArgumentError('illegal counter size');\n let mask = Math.pow(2, size) - 1;\n asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0);\n }\n else {\n size = 48;\n asm.set_mask(0, 0, 0xffff, 0xffffffff);\n }\n if (nonce !== undefined) {\n let len = nonce.length;\n if (!len || len > 16)\n throw new IllegalArgumentError('illegal nonce size');\n let view = new DataView(new ArrayBuffer(16));\n new Uint8Array(view.buffer).set(nonce);\n asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12));\n }\n else {\n throw new Error('nonce is required');\n }\n if (counter !== undefined) {\n if (counter < 0 || counter >= Math.pow(2, size))\n throw new IllegalArgumentError('illegal counter value');\n asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0);\n }\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CBC {\n static encrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).encrypt(data);\n }\n static decrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).decrypt(data);\n }\n constructor(key, iv, padding = true, aes) {\n this.aes = aes ? aes : new AES(key, iv, padding, 'CBC');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n * @private\n */\n\nimport { AES_CBC } from '@openpgp/asmcrypto.js/dist_es8/aes/cbc';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt) {\n return AES_CBC.encrypt(pt, key, false, zeroBlock);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n * @private\n */\n\nimport { AES_CTR } from '@openpgp/asmcrypto.js/dist_es8/aes/ctr';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n ) {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt, iv) {\n return AES_CTR.encrypt(pt, key, iv);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n * @private\n */\n\nimport * as ciphers from '../cipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n\n let maxNtz = 0;\n let encipher;\n let decipher;\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables(cipher, key) {\n const cipherName = enums.read(enums.symmetric, cipher);\n const aes = new ciphers[cipherName](key);\n encipher = aes.encrypt.bind(aes);\n decipher = aes.decrypt.bind(aes);\n\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","import { IllegalArgumentError, IllegalStateError, SecurityError } from '../other/errors';\nimport { _heap_write } from '../other/utils';\nimport { AES } from './aes';\nimport { AES_asm } from './aes.asm';\nconst _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5\nexport class AES_GCM {\n constructor(key, nonce, adata, tagSize = 16, aes) {\n this.tagSize = tagSize;\n this.gamma0 = 0;\n this.counter = 1;\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n let { asm, heap } = this.aes.acquire_asm();\n // Init GCM\n asm.gcm_init();\n // Tag size\n if (this.tagSize < 4 || this.tagSize > 16)\n throw new IllegalArgumentError('illegal tagSize value');\n // Nonce\n const noncelen = nonce.length || 0;\n const noncebuf = new Uint8Array(16);\n if (noncelen !== 12) {\n this._gcm_mac_process(nonce);\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = 0;\n heap[4] = 0;\n heap[5] = 0;\n heap[6] = 0;\n heap[7] = 0;\n heap[8] = 0;\n heap[9] = 0;\n heap[10] = 0;\n heap[11] = noncelen >>> 29;\n heap[12] = (noncelen >>> 21) & 255;\n heap[13] = (noncelen >>> 13) & 255;\n heap[14] = (noncelen >>> 5) & 255;\n heap[15] = (noncelen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_iv(0, 0, 0, 0);\n noncebuf.set(heap.subarray(0, 16));\n }\n else {\n noncebuf.set(nonce);\n noncebuf[15] = 1;\n }\n const nonceview = new DataView(noncebuf.buffer);\n this.gamma0 = nonceview.getUint32(12);\n asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0);\n asm.set_mask(0, 0, 0, 0xffffffff);\n // Associated data\n if (adata !== undefined) {\n if (adata.length > _AES_GCM_data_maxLength)\n throw new IllegalArgumentError('illegal adata length');\n if (adata.length) {\n this.adata = adata;\n this._gcm_mac_process(adata);\n }\n else {\n this.adata = undefined;\n }\n }\n else {\n this.adata = undefined;\n }\n // Counter\n if (this.counter < 1 || this.counter > 0xffffffff)\n throw new RangeError('counter must be a positive 32-bit integer');\n asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0);\n }\n static encrypt(cleartext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext);\n }\n static decrypt(ciphertext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext);\n }\n encrypt(data) {\n return this.AES_GCM_encrypt(data);\n }\n decrypt(data) {\n return this.AES_GCM_decrypt(data);\n }\n AES_GCM_Encrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len);\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Encrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let adata = this.adata;\n let pos = this.aes.pos;\n let len = this.aes.len;\n const result = new Uint8Array(len + tagSize);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16);\n if (len)\n result.set(heap.subarray(pos, pos + len));\n let i = len;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n result.set(heap.subarray(0, tagSize), len);\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_Decrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0;\n let tlen = len + dlen - rlen;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > tlen) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n pos = 0;\n len = 0;\n }\n if (dlen > 0) {\n len += _heap_write(heap, 0, data, dpos, dlen);\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Decrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let tagSize = this.tagSize;\n let adata = this.adata;\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rlen = len - tagSize;\n if (len < tagSize)\n throw new IllegalStateError('authentication tag not found');\n const result = new Uint8Array(rlen);\n const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));\n let i = rlen;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len - tagSize;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n let acheck = 0;\n for (let i = 0; i < tagSize; ++i)\n acheck |= atag[i] ^ heap[i];\n if (acheck)\n throw new SecurityError('data integrity check failed');\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_decrypt(data) {\n const result1 = this.AES_GCM_Decrypt_process(data);\n const result2 = this.AES_GCM_Decrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n AES_GCM_encrypt(data) {\n const result1 = this.AES_GCM_Encrypt_process(data);\n const result2 = this.AES_GCM_Encrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n _gcm_mac_process(data) {\n let { asm, heap } = this.aes.acquire_asm();\n let dpos = 0;\n let dlen = data.length || 0;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, 0, data, dpos, dlen);\n dpos += wlen;\n dlen -= wlen;\n while (wlen & 15)\n heap[wlen++] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen);\n }\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n * @private\n */\n\nimport { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.encrypt(pt, key, iv, adata);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (ct.length === tagLength) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n }\n };\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return AES_GCM.encrypt(pt, key, iv, adata);\n },\n\n decrypt: async function(ct, iv, adata) {\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n * @private\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","/*jshint bitwise: false*/\n\n(function(nacl) {\n'use strict';\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d;\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d, h, r;\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n r = nacl.hash(sm.subarray(32, smlen));\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n h = nacl.hash(sm.subarray(0, smlen));\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h;\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n h = nacl.hash(m.subarray(0, n));\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;\n if (crypto && crypto.getRandomValues) {\n // Browsers.\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n } else if (typeof require !== 'undefined') {\n // Node.js.\n crypto = require('crypto');\n if (crypto && crypto.randomBytes) {\n nacl.setPRNG(function(x, n) {\n var i, v = crypto.randomBytes(n);\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n }\n})();\n\n})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {}));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n * @private\n */\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const buf = new Uint8Array(length);\n if (nodeCrypto) {\n const bytes = nodeCrypto.randomBytes(buf.length);\n buf.set(bytes);\n } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n return buf;\n}\n\n/**\n * Create a secure random BigInteger that is greater than or equal to min and less than max.\n * @param {module:BigInteger} min - Lower bound, included\n * @param {module:BigInteger} max - Upper bound, excluded\n * @returns {Promise} Random BigInteger.\n * @async\n */\nexport async function getRandomBigInteger(min, max) {\n const BigInteger = await util.getBigInteger();\n\n if (max.lt(min)) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max.sub(min);\n const bytes = modulus.byteLength();\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = new BigInteger(await getRandomBytes(bytes + 8));\n return r.mod(modulus).add(min);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\n\n/**\n * Generate a probably prime random number\n * @param {Integer} bits - Bit length of the prime\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns BigInteger\n * @async\n */\nexport async function randomProbablePrime(bits, e, k) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n const min = one.leftShift(new BigInteger(bits - 1));\n const thirty = new BigInteger(30);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n const n = await getRandomBigInteger(min, min.leftShift(one));\n let i = n.mod(thirty).toNumber();\n\n do {\n n.iadd(new BigInteger(adds[i]));\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (n.bitLength() > bits) {\n n.imod(min.leftShift(one)).iadd(min);\n i = n.mod(thirty).toNumber();\n }\n } while (!await isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns {boolean}\n * @async\n */\nexport async function isProbablePrime(n, e, k) {\n if (e && !n.dec().gcd(e).isOne()) {\n return false;\n }\n if (!await divisionTest(n)) {\n return false;\n }\n if (!await fermat(n)) {\n return false;\n }\n if (!await millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} b - Optional Fermat test base\n * @returns {boolean}\n */\nexport async function fermat(n, b) {\n const BigInteger = await util.getBigInteger();\n b = b || new BigInteger(2);\n return b.modExp(n.dec(), n).isOne();\n}\n\nexport async function divisionTest(n) {\n const BigInteger = await util.getBigInteger();\n return smallPrimes.every(m => {\n return n.mod(new BigInteger(m)) !== 0;\n });\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n];\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param {BigInteger} n - Number to test\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @param {Function} rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport async function millerRabin(n, k, rand) {\n const BigInteger = await util.getBigInteger();\n const len = n.bitLength();\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n.dec(); // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!n1.getBit(s)) { s++; }\n const d = n.rightShift(new BigInteger(s));\n\n for (; k > 0; k--) {\n const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);\n\n let x = a.modExp(d, n);\n if (x.isOne() || x.equal(n1)) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = x.mul(x).mod(n);\n\n if (x.isOne()) {\n return false;\n }\n if (x.equal(n1)) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n * @private\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport async function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n * @private\n */\n\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\n/* eslint-disable no-invalid-this */\nconst RSAPrivateKey = nodeCrypto ? asn1.define('RSAPrivateKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('version').int(), // 0\n this.key('modulus').int(), // n\n this.key('publicExponent').int(), // e\n this.key('privateExponent').int(), // d\n this.key('prime1').int(), // p\n this.key('prime2').int(), // q\n this.key('exponent1').int(), // dp\n this.key('exponent2').int(), // dq\n this.key('coefficient').int() // u\n );\n}) : undefined;\n\nconst RSAPublicKey = nodeCrypto ? asn1.define('RSAPubliceKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('modulus').int(), // n\n this.key('publicExponent').int() // e\n );\n}) : undefined;\n/* eslint-enable no-invalid-this */\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n const BigInteger = await util.getBigInteger();\n\n e = new BigInteger(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return {\n n: b64ToUint8Array(jwk.n),\n e: e.toUint8Array(),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n } else if (util.getNodeCrypto() && nodeCrypto.generateKeyPair && RSAPrivateKey) {\n const opts = {\n modulusLength: bits,\n publicExponent: e.toNumber(),\n publicKeyEncoding: { type: 'pkcs1', format: 'der' },\n privateKeyEncoding: { type: 'pkcs1', format: 'der' }\n };\n const prv = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, der) => {\n if (err) {\n reject(err);\n } else {\n resolve(RSAPrivateKey.decode(der, 'der'));\n }\n });\n });\n /**\n * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`.\n * @link https://tools.ietf.org/html/rfc3447#section-3.2\n * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1\n */\n return {\n n: prv.modulus.toArrayLike(Uint8Array),\n e: prv.publicExponent.toArrayLike(Uint8Array),\n d: prv.privateExponent.toArrayLike(Uint8Array),\n // switch p and q\n p: prv.prime2.toArrayLike(Uint8Array),\n q: prv.prime1.toArrayLike(Uint8Array),\n // Since p and q are switched in places, we can keep u as defined by DER\n u: prv.coefficient.toArrayLike(Uint8Array)\n };\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = await randomProbablePrime(bits - (bits >> 1), e, 40);\n p = await randomProbablePrime(bits >> 1, e, 40);\n n = p.mul(q);\n } while (n.bitLength() !== bits);\n\n const phi = p.dec().imul(q.dec());\n\n if (q.lt(p)) {\n [p, q] = [q, p];\n }\n\n return {\n n: n.toUint8Array(),\n e: e.toUint8Array(),\n d: e.modInv(phi).toUint8Array(),\n p: p.toUint8Array(),\n q: q.toUint8Array(),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: p.modInv(q).toUint8Array()\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n p = new BigInteger(p);\n q = new BigInteger(q);\n\n // expect pq = n\n if (!p.mul(q).equal(n)) {\n return false;\n }\n\n const two = new BigInteger(2);\n // expect p*u = 1 mod q\n u = new BigInteger(u);\n if (!p.mul(u).mod(q).isOne()) {\n return false;\n }\n\n e = new BigInteger(e);\n d = new BigInteger(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));\n const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r.mul(d).mul(e);\n\n const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));\n d = new BigInteger(d);\n if (m.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return m.modExp(d, n).toUint8Array('be', n.byteLength());\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPrivateKey.encode(keyObject, 'der');\n return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' }));\n }\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n return new Uint8Array(sign.sign(pem));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n s = new BigInteger(s);\n e = new BigInteger(e);\n if (s.gte(n)) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());\n const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1' };\n } else {\n key = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n }\n try {\n return await verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const { default: BN } = await import('bn.js');\n\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n data = new BigInteger(emeEncode(data, n.byteLength()));\n e = new BigInteger(e);\n if (data.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return data.modExp(e, n).toUint8Array('be', n.byteLength());\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPrivateKey.encode(keyObject, 'der');\n key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n const BigInteger = await util.getBigInteger();\n data = new BigInteger(data);\n n = new BigInteger(n);\n e = new BigInteger(e);\n d = new BigInteger(d);\n p = new BigInteger(p);\n q = new BigInteger(q);\n u = new BigInteger(u);\n if (data.gte(n)) {\n throw new Error('Data too large.');\n }\n const dq = d.mod(q.dec()); // d mod (q-1)\n const dp = d.mod(p.dec()); // d mod (p-1)\n\n const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);\n const blinder = unblinder.modInv(n).modExp(e, n);\n data = data.mul(blinder).mod(n);\n\n\n const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p\n const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q\n const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h.mul(p).add(mp); // result < n due to relations above\n\n result = result.mul(unblinder).mod(n);\n\n\n return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n const pNum = new BigInteger(p);\n const qNum = new BigInteger(q);\n const dNum = new BigInteger(d);\n\n let dq = dNum.mod(qNum.dec()); // d mod (q-1)\n let dp = dNum.mod(pNum.dec()); // d mod (p-1)\n dp = dp.toUint8Array();\n dq = dq.toUint8Array();\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const padded = emeEncode(data, p.byteLength());\n const m = new BigInteger(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = await getRandomBigInteger(new BigInteger(1), p.dec());\n return {\n c1: g.modExp(k, p).toUint8Array(),\n c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n const BigInteger = await util.getBigInteger();\n c1 = new BigInteger(c1);\n c2 = new BigInteger(c2);\n p = new BigInteger(p);\n x = new BigInteger(x);\n\n const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);\n return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = new BigInteger(p.bitLength());\n const n1023 = new BigInteger(1023);\n if (pSize.lt(n1023)) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (!g.modExp(p.dec(), p).isOne()) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n const i = new BigInteger(1);\n const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold\n while (i.lt(threshold)) {\n res = res.mul(g).imod(p);\n if (res.isOne()) {\n return false;\n }\n i.iinc();\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1\n const rqx = p.dec().imul(r).iadd(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n * @private\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {string} String with the canonical name of the curve.\n */\n getName() {\n const hex = this.toHex();\n if (enums.curve[hex]) {\n return enums.write(enums.curve, hex);\n } else {\n throw new Error('Unknown curve object identifier.');\n }\n }\n}\n\nexport default OID;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library\n * @module crypto/public_key/elliptic/indutnyKey\n * @private\n */\n\nimport config from '../../../config';\n\nexport function keyFromPrivate(indutnyCurve, priv) {\n const keyPair = indutnyCurve.keyPair({ priv: priv });\n return keyPair;\n}\n\nexport function keyFromPublic(indutnyCurve, pub) {\n const keyPair = indutnyCurve.keyPair({ pub: pub });\n if (keyPair.validate().result !== true) {\n throw new Error('Invalid elliptic public key');\n }\n return keyPair;\n}\n\nexport async function getIndutnyCurve(name) {\n if (!config.useIndutnyElliptic) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n const { default: elliptic } = await import('@openpgp/elliptic');\n return new elliptic.ec(name);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new stream.TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { getRandomBytes } from '../../random';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport { UnsupportedError } from '../../../packet/packet';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n 'p256': 'P-256',\n 'p384': 'P-384',\n 'p521': 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined,\n brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n p256: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.p256,\n web: webCurves.p256,\n payloadSize: 32,\n sharedSize: 256\n },\n p384: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.p384,\n web: webCurves.p384,\n payloadSize: 48,\n sharedSize: 384\n },\n p521: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.p521,\n web: webCurves.p521,\n payloadSize: 66,\n sharedSize: 528\n },\n secp256k1: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.secp256k1,\n payloadSize: 32\n },\n ed25519: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32\n },\n curve25519: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32\n },\n brainpoolP256r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.brainpoolP256r1,\n payloadSize: 32\n },\n brainpoolP384r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.brainpoolP384r1,\n payloadSize: 48\n },\n brainpoolP512r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.brainpoolP512r1,\n payloadSize: 64\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName, params) {\n try {\n if (util.isArray(oidOrName) ||\n util.isUint8Array(oidOrName)) {\n // by oid byte array\n oidOrName = new OID(oidOrName);\n }\n if (oidOrName instanceof OID) {\n // by curve OID\n oidOrName = oidOrName.getName();\n }\n // by curve name or oid string\n this.name = enums.write(enums.curve, oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n params = params || curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node && curves[this.name];\n this.web = params.web && curves[this.name];\n this.payloadSize = params.payloadSize;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === 'curve25519') {\n this.type = 'curve25519';\n } else if (this.name === 'ed25519') {\n this.type = 'ed25519';\n }\n }\n\n async genKeyPair() {\n let keyPair;\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n break;\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519': {\n const privateKey = getRandomBytes(32);\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const secretKey = privateKey.slice().reverse();\n keyPair = nacl.box.keyPair.fromSecretKey(secretKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n case 'ed25519': {\n const privateKey = getRandomBytes(32);\n const keyPair = nacl.sign.keyPair.fromSeed(privateKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n }\n const indutnyCurve = await getIndutnyCurve(this.name);\n keyPair = await indutnyCurve.genKeyPair({\n entropy: util.uint8ArrayToString(getRandomBytes(32))\n });\n return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) };\n }\n}\n\nasync function generate(curve) {\n const BigInteger = await util.getBigInteger();\n\n curve = new CurveWithOID(curve);\n const keyPair = await curve.genKeyPair();\n const Q = new BigInteger(keyPair.publicKey).toUint8Array();\n const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize);\n return {\n oid: curve.oid,\n Q,\n secret,\n hash: curve.hash,\n cipher: curve.cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[enums.write(enums.curve, oid.toHex())].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n p256: true,\n p384: true,\n p521: true,\n secp256k1: true,\n curve25519: algo === enums.publicKey.ecdh,\n brainpoolP256r1: true,\n brainpoolP384r1: true,\n brainpoolP512r1: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === 'curve25519') {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const curve = await getIndutnyCurve(curveName);\n try {\n // Parse Q and check that it is on the curve but not at infinity\n Q = keyFromPublic(curve, Q).getPublic();\n } catch (validationErrors) {\n return false;\n }\n\n /**\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = keyFromPrivate(curve, d).getPublic();\n if (!dG.eq(Q)) {\n return false;\n }\n\n return true;\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nasync function webGenKeyPair(name) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = 0x04;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n * @private\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams } from './oid_curves';\nimport { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web': {\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n }\n case 'node': {\n const signature = await nodeSign(curve, hashAlgo, message, keyPair);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n }\n }\n }\n return ellipticSign(curve, hashed, privateKey);\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n return await webVerify(curve, hashAlgo, signature, message, publicKey);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node':\n return nodeVerify(curve, hashAlgo, signature, message, publicKey);\n }\n }\n const digest = (typeof hashAlgo === 'undefined') ? message : hashed;\n return ellipticVerify(curve, signature, digest, publicKey);\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\nasync function ellipticSign(curve, hashed, privateKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPrivate(indutnyCurve, privateKey);\n const signature = key.sign(hashed);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n}\n\nasync function ellipticVerify(curve, signature, digest, publicKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPublic(indutnyCurve, publicKey);\n return key.verify(digest, signature);\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, keyPair) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n const key = ECPrivateKey.encode({\n version: 1,\n parameters: curve.oid,\n privateKey: Array.from(keyPair.privateKey),\n publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }\n }, 'pem', {\n label: 'EC PRIVATE KEY'\n });\n\n return ECDSASignature.decode(sign.sign(key), 'der');\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n const key = SubjectPublicKeyInfo.encode({\n algorithm: {\n algorithm: [1, 2, 840, 10045, 2, 1],\n parameters: curve.oid\n },\n subjectPublicKey: { unused: 0, data: Array.from(publicKey) }\n }, 'pem', {\n label: 'PUBLIC KEY'\n });\n const signature = ECDSASignature.encode({\n r: new BN(r), s: new BN(s)\n }, 'der');\n\n try {\n return verify.verify(key, signature);\n } catch (err) {\n return false;\n }\n}\n\n// Originally written by Owen Smith https://github.com/omsmith\n// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/\n\n/* eslint-disable no-invalid-this */\n\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\nconst ECDSASignature = nodeCrypto ?\n asn1.define('ECDSASignature', function() {\n this.seq().obj(\n this.key('r').int(),\n this.key('s').int()\n );\n }) : undefined;\n\nconst ECPrivateKey = nodeCrypto ?\n asn1.define('ECPrivateKey', function() {\n this.seq().obj(\n this.key('version').int(),\n this.key('privateKey').octstr(),\n this.key('parameters').explicit(0).optional().any(),\n this.key('publicKey').explicit(1).optional().bitstr()\n );\n }) : undefined;\n\nconst AlgorithmIdentifier = nodeCrypto ?\n asn1.define('AlgorithmIdentifier', function() {\n this.seq().obj(\n this.key('algorithm').objid(),\n this.key('parameters').optional().any()\n );\n }) : undefined;\n\nconst SubjectPublicKeyInfo = nodeCrypto ?\n asn1.define('SubjectPublicKeyInfo', function() {\n this.seq().obj(\n this.key('algorithm').use(AlgorithmIdentifier),\n this.key('subjectPublicKey').bitstr()\n );\n }) : undefined;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);\n const signature = nacl.sign.detached(hashed, secretKey);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const signature = util.concatUint8Array([r, s]);\n return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== 'ed25519') {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const seed = getRandomBytes(32);\n const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = nacl.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n return nacl.sign.detached.verify(hashed, RS, publicKey);\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: // unsupported\n default:\n return false;\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n * @private\n */\n\nimport * as cipher from './cipher';\nimport util from '../util';\n\n/**\n * AES key wrap\n * @function\n * @param {Uint8Array} key\n * @param {Uint8Array} data\n * @returns {Uint8Array}\n */\nexport function wrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const P = unpack(data);\n let A = IV;\n const R = P;\n const n = P.length / 2;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 0; j <= 5; ++j) {\n for (let i = 0; i < n; ++i) {\n t[1] = n * j + (1 + i);\n // B = A\n B[0] = A[0];\n B[1] = A[1];\n // B = A || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES(K, B)\n B = unpack(aes.encrypt(pack(B)));\n // A = MSB(64, B) ^ t\n A = B.subarray(0, 2);\n A[0] ^= t[0];\n A[1] ^= t[1];\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n return pack(A, R);\n}\n\n/**\n * AES key unwrap\n * @function\n * @param {String} key\n * @param {String} data\n * @returns {Uint8Array}\n * @throws {Error}\n */\nexport function unwrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const C = unpack(data);\n let A = C.subarray(0, 2);\n const R = C.subarray(2);\n const n = C.length / 2 - 1;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 5; j >= 0; --j) {\n for (let i = n - 1; i >= 0; --i) {\n t[1] = n * j + (i + 1);\n // B = A ^ t\n B[0] = A[0] ^ t[0];\n B[1] = A[1] ^ t[1];\n // B = (A ^ t) || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES-1(B)\n B = unpack(aes.decrypt(pack(B)));\n // A = MSB(64, B)\n A = B.subarray(0, 2);\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n if (A[0] === IV[0] && A[1] === IV[1]) {\n return pack(R);\n }\n throw new Error('Key Data Integrity failed');\n}\n\nfunction createArrayBuffer(data) {\n if (util.isString(data)) {\n const { length } = data;\n const buffer = new ArrayBuffer(length);\n const view = new Uint8Array(buffer);\n for (let j = 0; j < length; ++j) {\n view[j] = data.charCodeAt(j);\n }\n return buffer;\n }\n return new Uint8Array(data).buffer;\n}\n\nfunction unpack(data) {\n const { length } = data;\n const buffer = createArrayBuffer(data);\n const view = new DataView(buffer);\n const arr = new Uint32Array(length / 4);\n for (let i = 0; i < length / 4; ++i) {\n arr[i] = view.getUint32(4 * i);\n }\n return arr;\n}\n\nfunction pack() {\n let length = 0;\n for (let k = 0; k < arguments.length; ++k) {\n length += 4 * arguments[k].length;\n }\n const buffer = new ArrayBuffer(length);\n const view = new DataView(buffer);\n let offset = 0;\n for (let i = 0; i < arguments.length; ++i) {\n for (let j = 0; j < arguments[i].length; ++j) {\n view.setUint32(offset + 4 * j, arguments[i][j]);\n }\n offset += 4 * arguments[i].length;\n }\n return new Uint8Array(buffer);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport getCipher from '../../cipher/getCipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint.subarray(0, 20)\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519': {\n const d = getRandomBytes(32);\n const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d);\n let { publicKey } = nacl.box.keyPair.fromSecretKey(secretKey);\n publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n }\n return ellipticPublicEphemeralKey(curve, Q);\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = aesKW.wrap(Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519': {\n const secretKey = d.slice().reverse();\n const sharedKey = nacl.scalarMult(secretKey, V.subarray(1));\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n }\n return ellipticPrivateEphemeralKey(curve, V, d);\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(aesKW.unwrap(Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: sender\n },\n privateKey,\n curve.web.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.web.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPrivateEphemeralKey(curve, V, d) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n V = keyFromPublic(indutnyCurve, V);\n d = keyFromPrivate(indutnyCurve, d);\n const secretKey = new Uint8Array(d.getPrivate());\n const S = d.derive(V.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPublicEphemeralKey(curve, Q) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const v = await curve.genKeyPair();\n Q = keyFromPublic(indutnyCurve, Q);\n const V = keyFromPrivate(indutnyCurve, v.privateKey);\n const publicKey = v.publicKey;\n const S = V.derive(Q.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle;\n\nexport default async function HKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n if (webCrypto || nodeSubtleCrypto) {\n const crypto = webCrypto || nodeSubtleCrypto;\n const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n }\n\n if (nodeCrypto) {\n const hashAlgoName = enums.read(enums.hash, hashAlgo);\n // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869\n\n const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest();\n // Step 1: Extract\n // PRK = HMAC-Hash(salt, IKM)\n const pseudoRandomKey = computeHMAC(salt, inputKey);\n\n const hashLen = pseudoRandomKey.length;\n\n // Step 2: Expand\n // HKDF-Expand(PRK, info, L) -> OKM\n const n = Math.ceil(outLen / hashLen);\n const outputKeyingMaterial = new Uint8Array(n * hashLen);\n\n // HMAC input buffer updated at each iteration\n const roundInput = new Uint8Array(hashLen + info.length + 1);\n // T_i and last byte are updated at each iteration, but `info` remains constant\n roundInput.set(info, hashLen);\n\n for (let i = 0; i < n; i++) {\n // T(0) = empty string (zero length)\n // T(i) = HMAC-Hash(PRK, T(i-1) | info | i)\n roundInput[roundInput.length - 1] = i + 1;\n // t = T(i+1)\n const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen));\n roundInput.set(t, 0);\n\n outputKeyingMaterial.set(t, i * hashLen);\n }\n\n return outputKeyingMaterial.subarray(0, outLen);\n }\n\n throw new Error('No HKDF implementation available');\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport getCipher from '../../cipher/getCipher';\nimport computeHKDF from '../../hkdf';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(32);\n const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA);\n const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = aesKW.wrap(encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n * @private\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n x = new BigInteger(x);\n\n let k;\n let r;\n let s;\n let t;\n g = g.mod(p);\n x = x.mod(q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = await getRandomBigInteger(one, q); // returns in [1, q-1]\n r = g.modExp(k, p).imod(q); // (g**k mod p) mod q\n if (r.isZero()) {\n continue;\n }\n const xr = x.mul(r).imod(q);\n t = h.add(xr).imod(q); // H(m) + x*r mod q\n s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q\n if (s.isZero()) {\n continue;\n }\n break;\n }\n return {\n r: r.toUint8Array('be', q.byteLength()),\n s: s.toUint8Array('be', q.byteLength())\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n const BigInteger = await util.getBigInteger();\n const zero = new BigInteger(0);\n r = new BigInteger(r);\n s = new BigInteger(s);\n\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n if (r.lte(zero) || r.gte(q) ||\n s.lte(zero) || s.gte(q)) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);\n const w = s.modInv(q); // s**-1 mod q\n if (w.isZero()) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = g.mod(p);\n y = y.mod(p);\n const u1 = h.mul(w).imod(q); // H(m) * w mod q\n const u2 = r.mul(w).imod(q); // r * w mod q\n const t1 = g.modExp(u1, p); // g**u1 mod p\n const t2 = y.modExp(u2, p); // y**u2 mod p\n const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q\n return v.equal(r);\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (!p.dec().mod(q).isZero()) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (!g.modExp(q, p).isOne()) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = new BigInteger(q.bitLength());\n const n150 = new BigInteger(150);\n if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q\n const rqx = q.mul(r).add(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa,\n /** @see tweetnacl */\n nacl: nacl\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n * @private\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read));\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { s };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read));\n return { r, s };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n let r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n r = util.leftPad(r, 32);\n let s = util.readMPI(signature.subarray(read));\n s = util.leftPad(s, 32);\n return { r, s };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n case enums.publicKey.ed25519: {\n const RS = signature.subarray(read, read + 64); read += RS.length;\n return { RS };\n }\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n // signature already padded on parsing\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal: {\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n * @private\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n * @private\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport getCipher from './cipher/getCipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { CurveWithOID } from './public_key/elliptic/oid_curves';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519: {\n if (!util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (!util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.x25519: {\n const A = bytes.subarray(read, read + 32); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const curve = new CurveWithOID(publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, curve.payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const curve = new CurveWithOID(publicParams.oid);\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, curve.payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519: {\n const seed = bytes.subarray(read, read + 32); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519: {\n const k = bytes.subarray(read, read + 32); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key.\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519: {\n const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n }\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipher(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipher(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\nexport { getCipher };\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get preferred hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n * @private\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","\n\n\nvar TYPED_OK = typeof Uint8Array !== \"undefined\" &&\n typeof Uint16Array !== \"undefined\" &&\n typeof Int32Array !== \"undefined\";\n\nfunction _has(obj, key) {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function assign(obj /*...args obj, from1, from2, from3, ...*/) {\n var sources = Array.prototype.slice.call(arguments, 1);\n while (sources.length) {\n var source = sources.shift();\n if (!source) {\n continue; \n }\n\n if (typeof source !== \"object\") {\n throw new TypeError(source + \"must be non-object\");\n }\n\n for (var p in source) {\n if (_has(source, p)) {\n obj[p] = source[p];\n }\n }\n }\n\n return obj;\n //return Object.assign(...args);\n}\n\n\n// reduce buffer size, avoiding mem copy\nexport function shrinkBuf(buf, size) {\n if (buf.length === size) {\n return buf; \n }\n if (buf.subarray) {\n return buf.subarray(0, size); \n }\n buf.length = size;\n return buf;\n}\n\n\nconst fnTyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n if (src.subarray && dest.subarray) {\n dest.set(src.subarray(src_offs, src_offs + len), dest_offs);\n return;\n }\n // Fallback to ordinary array\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n let i, l, len, pos, chunk;\n\n // calculate data length\n len = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n len += chunks[i].length;\n }\n\n // join chunks\n const result = new Uint8Array(len);\n pos = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n chunk = chunks[i];\n result.set(chunk, pos);\n pos += chunk.length;\n }\n\n return result;\n }\n};\n\nconst fnUntyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n return [].concat.apply([], chunks);\n }\n};\n\n\n// Enable/Disable typed arrays use, for testing\n//\n\nexport let Buf8 = TYPED_OK ? Uint8Array : Array;\nexport let Buf16 = TYPED_OK ? Uint16Array : Array;\nexport let Buf32 = TYPED_OK ? Int32Array : Array;\nexport let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks;\nexport let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet;\nexport function setTyped(on) {\n if (on) {\n Buf8 = Uint8Array;\n Buf16 = Uint16Array;\n Buf32 = Int32Array;\n ({ flattenChunks, arraySet } = fnTyped);\n } else {\n Buf8 = Array;\n Buf16 = Array;\n Buf32 = Array;\n ({ flattenChunks, arraySet } = fnUntyped);\n }\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* Allowed flush values; see deflate() and inflate() below for details */\nexport const Z_NO_FLUSH = 0;\nexport const Z_PARTIAL_FLUSH = 1;\nexport const Z_SYNC_FLUSH = 2;\nexport const Z_FULL_FLUSH = 3;\nexport const Z_FINISH = 4;\nexport const Z_BLOCK = 5;\nexport const Z_TREES = 6;\n\n/* Return codes for the compression/decompression functions. Negative values\n * are errors, positive values are used for special but normal events.\n */\nexport const Z_OK = 0;\nexport const Z_STREAM_END = 1;\nexport const Z_NEED_DICT = 2;\nexport const Z_ERRNO = -1;\nexport const Z_STREAM_ERROR = -2;\nexport const Z_DATA_ERROR = -3;\n//export const Z_MEM_ERROR = -4;\nexport const Z_BUF_ERROR = -5;\n//export const Z_VERSION_ERROR = -6;\n\n /* compression levels */\nexport const Z_NO_COMPRESSION = 0;\nexport const Z_BEST_SPEED = 1;\nexport const Z_BEST_COMPRESSION = 9;\nexport const Z_DEFAULT_COMPRESSION = -1;\n\n\nexport const Z_FILTERED = 1;\nexport const Z_HUFFMAN_ONLY = 2;\nexport const Z_RLE = 3;\nexport const Z_FIXED = 4;\nexport const Z_DEFAULT_STRATEGY = 0;\n\n/* Possible values of the data_type field (though see inflate()) */\nexport const Z_BINARY = 0;\nexport const Z_TEXT = 1;\n//export const Z_ASCII = 1; // = Z_TEXT (deprecated)\nexport const Z_UNKNOWN = 2;\n\n/* The deflate compression method */\nexport const Z_DEFLATED = 8;\n//export const Z_NULL = null // Use -1 or null inline, depending on var type\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* eslint-disable space-unary-ops */\n\nimport * as utils from \"../utils/common.js\";\nimport {\n Z_FIXED,\n Z_BINARY,\n Z_TEXT,\n Z_UNKNOWN\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nfunction zero(buf) {\n let len = buf.length; while (--len >= 0) {\n buf[len] = 0; \n } \n}\n\n// From zutil.h\n\nconst STORED_BLOCK = 0;\nconst STATIC_TREES = 1;\nconst DYN_TREES = 2;\n/* The three kinds of block type */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\n/* The minimum and maximum match lengths */\n\n// From deflate.h\n/* ===========================================================================\n * Internal compression state.\n */\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\n\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\n\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\n\nconst D_CODES = 30;\n/* number of distance codes */\n\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\n\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\n\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst Buf_size = 16;\n/* size of bit buffer in bi_buf */\n\n\n/* ===========================================================================\n * Constants\n */\n\nconst MAX_BL_BITS = 7;\n/* Bit length codes must not exceed MAX_BL_BITS bits */\n\nconst END_BLOCK = 256;\n/* end of block literal code */\n\nconst REP_3_6 = 16;\n/* repeat previous bit length 3-6 times (2 bits of repeat count) */\n\nconst REPZ_3_10 = 17;\n/* repeat a zero length 3-10 times (3 bits of repeat count) */\n\nconst REPZ_11_138 = 18;\n/* repeat a zero length 11-138 times (7 bits of repeat count) */\n\n/* eslint-disable comma-spacing,array-bracket-spacing */\nconst extra_lbits = /* extra bits for each length code */\n [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0];\n\nconst extra_dbits = /* extra bits for each distance code */\n [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13];\n\nconst extra_blbits = /* extra bits for each bit length code */\n [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7];\n\nconst bl_order =\n [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];\n/* eslint-enable comma-spacing,array-bracket-spacing */\n\n/* The lengths of the bit length codes are sent in order of decreasing\n * probability, to avoid transmitting the lengths for unused bit length codes.\n */\n\n/* ===========================================================================\n * Local data. These are initialized only once.\n */\n\n// We pre-fill arrays with 0 to avoid uninitialized gaps\n\nconst DIST_CODE_LEN = 512; /* see definition of array dist_code below */\n\n// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1\nconst static_ltree = new Array((L_CODES + 2) * 2);\nzero(static_ltree);\n/* The static literal tree. Since the bit lengths are imposed, there is no\n * need for the L_CODES extra codes used during heap construction. However\n * The codes 286 and 287 are needed to build a canonical tree (see _tr_init\n * below).\n */\n\nconst static_dtree = new Array(D_CODES * 2);\nzero(static_dtree);\n/* The static distance tree. (Actually a trivial tree since all codes use\n * 5 bits.)\n */\n\nconst _dist_code = new Array(DIST_CODE_LEN);\nzero(_dist_code);\n/* Distance codes. The first 256 values correspond to the distances\n * 3 .. 258, the last 256 values correspond to the top 8 bits of\n * the 15 bit distances.\n */\n\nconst _length_code = new Array(MAX_MATCH - MIN_MATCH + 1);\nzero(_length_code);\n/* length code for each normalized match length (0 == MIN_MATCH) */\n\nconst base_length = new Array(LENGTH_CODES);\nzero(base_length);\n/* First normalized length for each code (0 = MIN_MATCH) */\n\nconst base_dist = new Array(D_CODES);\nzero(base_dist);\n/* First normalized distance for each code (0 = distance of 1) */\n\n\nfunction StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) {\n\n this.static_tree = static_tree; /* static tree or NULL */\n this.extra_bits = extra_bits; /* extra bits for each code or NULL */\n this.extra_base = extra_base; /* base index for extra_bits */\n this.elems = elems; /* max number of elements in the tree */\n this.max_length = max_length; /* max bit length for the codes */\n\n // show if `static_tree` has data or dummy - needed for monomorphic objects\n this.has_stree = static_tree && static_tree.length;\n}\n\n\nlet static_l_desc;\nlet static_d_desc;\nlet static_bl_desc;\n\n\nfunction TreeDesc(dyn_tree, stat_desc) {\n this.dyn_tree = dyn_tree; /* the dynamic tree */\n this.max_code = 0; /* largest code with non zero frequency */\n this.stat_desc = stat_desc; /* the corresponding static tree */\n}\n\n\n\nfunction d_code(dist) {\n return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)];\n}\n\n\n/* ===========================================================================\n * Output a short LSB first on the stream.\n * IN assertion: there is enough room in pendingBuf.\n */\nfunction put_short(s, w) {\n// put_byte(s, (uch)((w) & 0xff));\n// put_byte(s, (uch)((ush)(w) >> 8));\n s.pending_buf[s.pending++] = w & 0xff;\n s.pending_buf[s.pending++] = w >>> 8 & 0xff;\n}\n\n\n/* ===========================================================================\n * Send a value on a given number of bits.\n * IN assertion: length <= 16 and value fits in length bits.\n */\nfunction send_bits(s, value, length) {\n if (s.bi_valid > Buf_size - length) {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n put_short(s, s.bi_buf);\n s.bi_buf = value >> Buf_size - s.bi_valid;\n s.bi_valid += length - Buf_size;\n } else {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n s.bi_valid += length;\n }\n}\n\n\nfunction send_code(s, c, tree) {\n send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/);\n}\n\n\n/* ===========================================================================\n * Reverse the first len bits of a code, using straightforward code (a faster\n * method would use a table)\n * IN assertion: 1 <= len <= 15\n */\nfunction bi_reverse(code, len) {\n let res = 0;\n do {\n res |= code & 1;\n code >>>= 1;\n res <<= 1;\n } while (--len > 0);\n return res >>> 1;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer, keeping at most 7 bits in it.\n */\nfunction bi_flush(s) {\n if (s.bi_valid === 16) {\n put_short(s, s.bi_buf);\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n } else if (s.bi_valid >= 8) {\n s.pending_buf[s.pending++] = s.bi_buf & 0xff;\n s.bi_buf >>= 8;\n s.bi_valid -= 8;\n }\n}\n\n\n/* ===========================================================================\n * Compute the optimal bit lengths for a tree and update the total bit length\n * for the current block.\n * IN assertion: the fields freq and dad are set, heap[heap_max] and\n * above are the tree nodes sorted by increasing frequency.\n * OUT assertions: the field len is set to the optimal bit length, the\n * array bl_count contains the frequencies for each bit length.\n * The length opt_len is updated; static_len is also updated if stree is\n * not null.\n */\nfunction gen_bitlen(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const max_code = desc.max_code;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const extra = desc.stat_desc.extra_bits;\n const base = desc.stat_desc.extra_base;\n const max_length = desc.stat_desc.max_length;\n let h; /* heap index */\n let n, m; /* iterate over the tree elements */\n let bits; /* bit length */\n let xbits; /* extra bits */\n let f; /* frequency */\n let overflow = 0; /* number of elements with bit length too large */\n\n for (bits = 0; bits <= MAX_BITS; bits++) {\n s.bl_count[bits] = 0;\n }\n\n /* In a first pass, compute the optimal bit lengths (which may\n * overflow in the case of the bit length tree).\n */\n tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */\n\n for (h = s.heap_max + 1; h < HEAP_SIZE; h++) {\n n = s.heap[h];\n bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1;\n if (bits > max_length) {\n bits = max_length;\n overflow++;\n }\n tree[n * 2 + 1]/*.Len*/ = bits;\n /* We overwrite tree[n].Dad which is no longer needed */\n\n if (n > max_code) {\n continue; \n } /* not a leaf node */\n\n s.bl_count[bits]++;\n xbits = 0;\n if (n >= base) {\n xbits = extra[n - base];\n }\n f = tree[n * 2]/*.Freq*/;\n s.opt_len += f * (bits + xbits);\n if (has_stree) {\n s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits);\n }\n }\n if (overflow === 0) {\n return; \n }\n\n // Trace((stderr,\"\\nbit length overflow\\n\"));\n /* This happens for example on obj2 and pic of the Calgary corpus */\n\n /* Find the first bit length which could increase: */\n do {\n bits = max_length - 1;\n while (s.bl_count[bits] === 0) {\n bits--; \n }\n s.bl_count[bits]--; /* move one leaf down the tree */\n s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */\n s.bl_count[max_length]--;\n /* The brother of the overflow item also moves one step up,\n * but this does not affect bl_count[max_length]\n */\n overflow -= 2;\n } while (overflow > 0);\n\n /* Now recompute all bit lengths, scanning in increasing frequency.\n * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all\n * lengths instead of fixing only the wrong ones. This idea is taken\n * from 'ar' written by Haruhiko Okumura.)\n */\n for (bits = max_length; bits !== 0; bits--) {\n n = s.bl_count[bits];\n while (n !== 0) {\n m = s.heap[--h];\n if (m > max_code) {\n continue; \n }\n if (tree[m * 2 + 1]/*.Len*/ !== bits) {\n // Trace((stderr,\"code %d bits %d->%d\\n\", m, tree[m].Len, bits));\n s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/;\n tree[m * 2 + 1]/*.Len*/ = bits;\n }\n n--;\n }\n }\n}\n\n\n/* ===========================================================================\n * Generate the codes for a given tree and bit counts (which need not be\n * optimal).\n * IN assertion: the array bl_count contains the bit length statistics for\n * the given tree and the field len is set for all tree elements.\n * OUT assertion: the field code is set for all tree elements of non\n * zero code length.\n */\nfunction gen_codes(tree, max_code, bl_count)\n// ct_data *tree; /* the tree to decorate */\n// int max_code; /* largest code with non zero frequency */\n// ushf *bl_count; /* number of codes at each bit length */\n{\n const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */\n let code = 0; /* running code value */\n let bits; /* bit index */\n let n; /* code index */\n\n /* The distribution counts are first used to generate the code values\n * without bit reversal.\n */\n for (bits = 1; bits <= MAX_BITS; bits++) {\n next_code[bits] = code = code + bl_count[bits - 1] << 1;\n }\n /* Check that the bit counts in bl_count are consistent. The last code\n * must be all ones.\n */\n //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */\n length = 0;\n for (code = 0; code < LENGTH_CODES - 1; code++) {\n base_length[code] = length;\n for (n = 0; n < 1 << extra_lbits[code]; n++) {\n _length_code[length++] = code;\n }\n }\n //Assert (length == 256, \"tr_static_init: length != 256\");\n /* Note that the length 255 (match length 258) can be represented\n * in two different ways: code 284 + 5 bits or code 285, so we\n * overwrite length_code[255] to use the best encoding:\n */\n _length_code[length - 1] = code;\n\n /* Initialize the mapping dist (0..32K) -> dist code (0..29) */\n dist = 0;\n for (code = 0; code < 16; code++) {\n base_dist[code] = dist;\n for (n = 0; n < 1 << extra_dbits[code]; n++) {\n _dist_code[dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: dist != 256\");\n dist >>= 7; /* from now on, all distances are divided by 128 */\n for (; code < D_CODES; code++) {\n base_dist[code] = dist << 7;\n for (n = 0; n < 1 << extra_dbits[code] - 7; n++) {\n _dist_code[256 + dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: 256+dist != 512\");\n\n /* Construct the codes of the static literal tree */\n for (bits = 0; bits <= MAX_BITS; bits++) {\n bl_count[bits] = 0;\n }\n\n n = 0;\n while (n <= 143) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n while (n <= 255) {\n static_ltree[n * 2 + 1]/*.Len*/ = 9;\n n++;\n bl_count[9]++;\n }\n while (n <= 279) {\n static_ltree[n * 2 + 1]/*.Len*/ = 7;\n n++;\n bl_count[7]++;\n }\n while (n <= 287) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n /* Codes 286 and 287 do not exist, but we must include them in the\n * tree construction to get a canonical Huffman tree (longest code\n * all ones)\n */\n gen_codes(static_ltree, L_CODES + 1, bl_count);\n\n /* The static distance tree is trivial: */\n for (n = 0; n < D_CODES; n++) {\n static_dtree[n * 2 + 1]/*.Len*/ = 5;\n static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5);\n }\n\n // Now data ready and we can init static trees\n static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS);\n static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS);\n static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS);\n\n //static_init_done = true;\n}\n\n\n/* ===========================================================================\n * Initialize a new block.\n */\nfunction init_block(s) {\n let n; /* iterates over tree elements */\n\n /* Initialize the trees. */\n for (n = 0; n < L_CODES; n++) {\n s.dyn_ltree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < D_CODES; n++) {\n s.dyn_dtree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < BL_CODES; n++) {\n s.bl_tree[n * 2]/*.Freq*/ = 0; \n }\n\n s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1;\n s.opt_len = s.static_len = 0;\n s.last_lit = s.matches = 0;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer and align the output on a byte boundary\n */\nfunction bi_windup(s) {\n if (s.bi_valid > 8) {\n put_short(s, s.bi_buf);\n } else if (s.bi_valid > 0) {\n //put_byte(s, (Byte)s->bi_buf);\n s.pending_buf[s.pending++] = s.bi_buf;\n }\n s.bi_buf = 0;\n s.bi_valid = 0;\n}\n\n/* ===========================================================================\n * Copy a stored block, storing first the length and its\n * one's complement if requested.\n */\nfunction copy_block(s, buf, len, header)\n//DeflateState *s;\n//charf *buf; /* the input data */\n//unsigned len; /* its length */\n//int header; /* true if block header must be written */\n{\n bi_windup(s); /* align on byte boundary */\n\n if (header) {\n put_short(s, len);\n put_short(s, ~len);\n }\n // while (len--) {\n // put_byte(s, *buf++);\n // }\n utils.arraySet(s.pending_buf, s.window, buf, len, s.pending);\n s.pending += len;\n}\n\n/* ===========================================================================\n * Compares to subtrees, using the tree depth as tie breaker when\n * the subtrees have equal frequency. This minimizes the worst case length.\n */\nfunction smaller(tree, n, m, depth) {\n const _n2 = n * 2;\n const _m2 = m * 2;\n return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ ||\n tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m];\n}\n\n/* ===========================================================================\n * Restore the heap property by moving down the tree starting at node k,\n * exchanging a node with the smallest of its two sons if necessary, stopping\n * when the heap property is re-established (each father smaller than its\n * two sons).\n */\nfunction pqdownheap(s, tree, k)\n// deflate_state *s;\n// ct_data *tree; /* the tree to restore */\n// int k; /* node to move down */\n{\n const v = s.heap[k];\n let j = k << 1; /* left son of k */\n while (j <= s.heap_len) {\n /* Set j to the smallest of the two sons: */\n if (j < s.heap_len &&\n smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) {\n j++;\n }\n /* Exit if v is smaller than both sons */\n if (smaller(tree, v, s.heap[j], s.depth)) {\n break; \n }\n\n /* Exchange v with the smallest son */\n s.heap[k] = s.heap[j];\n k = j;\n\n /* And continue down the tree, setting j to the left son of k */\n j <<= 1;\n }\n s.heap[k] = v;\n}\n\n\n// inlined manually\n// var SMALLEST = 1;\n\n/* ===========================================================================\n * Send the block data compressed using the given Huffman trees\n */\nfunction compress_block(s, ltree, dtree)\n// deflate_state *s;\n// const ct_data *ltree; /* literal tree */\n// const ct_data *dtree; /* distance tree */\n{\n let dist; /* distance of matched string */\n let lc; /* match length or unmatched char (if dist == 0) */\n let lx = 0; /* running index in l_buf */\n let code; /* the code to send */\n let extra; /* number of extra bits to send */\n\n if (s.last_lit !== 0) {\n do {\n dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1];\n lc = s.pending_buf[s.l_buf + lx];\n lx++;\n\n if (dist === 0) {\n send_code(s, lc, ltree); /* send a literal byte */\n //Tracecv(isgraph(lc), (stderr,\" '%c' \", lc));\n } else {\n /* Here, lc is the match length - MIN_MATCH */\n code = _length_code[lc];\n send_code(s, code + LITERALS + 1, ltree); /* send the length code */\n extra = extra_lbits[code];\n if (extra !== 0) {\n lc -= base_length[code];\n send_bits(s, lc, extra); /* send the extra length bits */\n }\n dist--; /* dist is now the match distance - 1 */\n code = d_code(dist);\n //Assert (code < D_CODES, \"bad d_code\");\n\n send_code(s, code, dtree); /* send the distance code */\n extra = extra_dbits[code];\n if (extra !== 0) {\n dist -= base_dist[code];\n send_bits(s, dist, extra); /* send the extra distance bits */\n }\n } /* literal or match pair ? */\n\n /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */\n //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,\n // \"pendingBuf overflow\");\n\n } while (lx < s.last_lit);\n }\n\n send_code(s, END_BLOCK, ltree);\n}\n\n\n/* ===========================================================================\n * Construct one Huffman tree and assigns the code bit strings and lengths.\n * Update the total bit length for the current block.\n * IN assertion: the field freq is set for all tree elements.\n * OUT assertions: the fields len and code are set to the optimal bit length\n * and corresponding code. The length opt_len is updated; static_len is\n * also updated if stree is not null. The field max_code is set.\n */\nfunction build_tree(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const elems = desc.stat_desc.elems;\n let n, m; /* iterate over heap elements */\n let max_code = -1; /* largest code with non zero frequency */\n let node; /* new node being created */\n\n /* Construct the initial heap, with least frequent element in\n * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].\n * heap[0] is not used.\n */\n s.heap_len = 0;\n s.heap_max = HEAP_SIZE;\n\n for (n = 0; n < elems; n++) {\n if (tree[n * 2]/*.Freq*/ !== 0) {\n s.heap[++s.heap_len] = max_code = n;\n s.depth[n] = 0;\n\n } else {\n tree[n * 2 + 1]/*.Len*/ = 0;\n }\n }\n\n /* The pkzip format requires that at least one distance code exists,\n * and that at least one bit should be sent even if there is only one\n * possible code. So to avoid special checks later on we force at least\n * two codes of non zero frequency.\n */\n while (s.heap_len < 2) {\n node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0;\n tree[node * 2]/*.Freq*/ = 1;\n s.depth[node] = 0;\n s.opt_len--;\n\n if (has_stree) {\n s.static_len -= stree[node * 2 + 1]/*.Len*/;\n }\n /* node is 0 or 1 so it does not have extra bits */\n }\n desc.max_code = max_code;\n\n /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,\n * establish sub-heaps of increasing lengths:\n */\n for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) {\n pqdownheap(s, tree, n); \n }\n\n /* Construct the Huffman tree by repeatedly combining the least two\n * frequent nodes.\n */\n node = elems; /* next internal node of the tree */\n do {\n //pqremove(s, tree, n); /* n = node of least frequency */\n /*** pqremove ***/\n n = s.heap[1/*SMALLEST*/];\n s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--];\n pqdownheap(s, tree, 1/*SMALLEST*/);\n /***/\n\n m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */\n\n s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */\n s.heap[--s.heap_max] = m;\n\n /* Create a new node father of n and m */\n tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/;\n s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1;\n tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node;\n\n /* and insert the new node in the heap */\n s.heap[1/*SMALLEST*/] = node++;\n pqdownheap(s, tree, 1/*SMALLEST*/);\n\n } while (s.heap_len >= 2);\n\n s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/];\n\n /* At this point, the fields freq and dad are set. We can now\n * generate the bit lengths.\n */\n gen_bitlen(s, desc);\n\n /* The field len is now set, we can generate the bit codes */\n gen_codes(tree, max_code, s.bl_count);\n}\n\n\n/* ===========================================================================\n * Scan a literal or distance tree to determine the frequencies of the codes\n * in the bit length tree.\n */\nfunction scan_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n s.bl_tree[curlen * 2]/*.Freq*/ += count;\n\n } else if (curlen !== 0) {\n\n if (curlen !== prevlen) {\n s.bl_tree[curlen * 2]/*.Freq*/++; \n }\n s.bl_tree[REP_3_6 * 2]/*.Freq*/++;\n\n } else if (count <= 10) {\n s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++;\n\n } else {\n s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++;\n }\n\n count = 0;\n prevlen = curlen;\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Send a literal or distance tree in compressed form, using the codes in\n * bl_tree.\n */\nfunction send_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n /* tree[max_code+1].Len = -1; */ /* guard already set */\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n do {\n send_code(s, curlen, s.bl_tree); \n } while (--count !== 0);\n\n } else if (curlen !== 0) {\n if (curlen !== prevlen) {\n send_code(s, curlen, s.bl_tree);\n count--;\n }\n //Assert(count >= 3 && count <= 6, \" 3_6?\");\n send_code(s, REP_3_6, s.bl_tree);\n send_bits(s, count - 3, 2);\n\n } else if (count <= 10) {\n send_code(s, REPZ_3_10, s.bl_tree);\n send_bits(s, count - 3, 3);\n\n } else {\n send_code(s, REPZ_11_138, s.bl_tree);\n send_bits(s, count - 11, 7);\n }\n\n count = 0;\n prevlen = curlen;\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Construct the Huffman tree for the bit lengths and return the index in\n * bl_order of the last bit length code to send.\n */\nfunction build_bl_tree(s) {\n let max_blindex; /* index of last bit length code of non zero freq */\n\n /* Determine the bit length frequencies for literal and distance trees */\n scan_tree(s, s.dyn_ltree, s.l_desc.max_code);\n scan_tree(s, s.dyn_dtree, s.d_desc.max_code);\n\n /* Build the bit length tree: */\n build_tree(s, s.bl_desc);\n /* opt_len now includes the length of the tree representations, except\n * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.\n */\n\n /* Determine the number of bit length codes to send. The pkzip format\n * requires that at least 4 bit length codes be sent. (appnote.txt says\n * 3 but the actual value used is 4.)\n */\n for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) {\n if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) {\n break;\n }\n }\n /* Update opt_len to include the bit length tree and counts */\n s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;\n //Tracev((stderr, \"\\ndyn trees: dyn %ld, stat %ld\",\n // s->opt_len, s->static_len));\n\n return max_blindex;\n}\n\n\n/* ===========================================================================\n * Send the header for a block using dynamic Huffman trees: the counts, the\n * lengths of the bit length codes, the literal tree and the distance tree.\n * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.\n */\nfunction send_all_trees(s, lcodes, dcodes, blcodes)\n// deflate_state *s;\n// int lcodes, dcodes, blcodes; /* number of codes for each tree */\n{\n let rank; /* index in bl_order */\n\n //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, \"not enough codes\");\n //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,\n // \"too many codes\");\n //Tracev((stderr, \"\\nbl counts: \"));\n send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */\n send_bits(s, dcodes - 1, 5);\n send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */\n for (rank = 0; rank < blcodes; rank++) {\n //Tracev((stderr, \"\\nbl code %2d \", bl_order[rank]));\n send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3);\n }\n //Tracev((stderr, \"\\nbl tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */\n //Tracev((stderr, \"\\nlit tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */\n //Tracev((stderr, \"\\ndist tree: sent %ld\", s->bits_sent));\n}\n\n\n/* ===========================================================================\n * Check if the data type is TEXT or BINARY, using the following algorithm:\n * - TEXT if the two conditions below are satisfied:\n * a) There are no non-portable control characters belonging to the\n * \"black list\" (0..6, 14..25, 28..31).\n * b) There is at least one printable character belonging to the\n * \"white list\" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).\n * - BINARY otherwise.\n * - The following partially-portable control characters form a\n * \"gray list\" that is ignored in this detection algorithm:\n * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).\n * IN assertion: the fields Freq of dyn_ltree are set.\n */\nfunction detect_data_type(s) {\n /* black_mask is the bit mask of black-listed bytes\n * set bits 0..6, 14..25, and 28..31\n * 0xf3ffc07f = binary 11110011111111111100000001111111\n */\n let black_mask = 0xf3ffc07f;\n let n;\n\n /* Check for non-textual (\"black-listed\") bytes. */\n for (n = 0; n <= 31; n++, black_mask >>>= 1) {\n if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_BINARY;\n }\n }\n\n /* Check for textual (\"white-listed\") bytes. */\n if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||\n s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n for (n = 32; n < LITERALS; n++) {\n if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n }\n\n /* There are no \"black-listed\" or \"white-listed\" bytes:\n * this stream either is empty or has tolerated (\"gray-listed\") bytes only.\n */\n return Z_BINARY;\n}\n\n\nlet static_init_done = false;\n\n/* ===========================================================================\n * Initialize the tree data structures for a new zlib stream.\n */\nfunction _tr_init(s) {\n\n if (!static_init_done) {\n tr_static_init();\n static_init_done = true;\n }\n\n s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc);\n s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc);\n s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc);\n\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n /* Initialize the first block of the first file: */\n init_block(s);\n}\n\n\n/* ===========================================================================\n * Send a stored block\n */\nfunction _tr_stored_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */\n copy_block(s, buf, stored_len, true); /* with header */\n}\n\n\n/* ===========================================================================\n * Send one empty static block to give enough lookahead for inflate.\n * This takes 10 bits, of which 7 may remain in the bit buffer.\n */\nfunction _tr_align(s) {\n send_bits(s, STATIC_TREES << 1, 3);\n send_code(s, END_BLOCK, static_ltree);\n bi_flush(s);\n}\n\n\n/* ===========================================================================\n * Determine the best encoding for the current block: dynamic trees, static\n * trees or store, and output the encoded block to the zip file.\n */\nfunction _tr_flush_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block, or NULL if too old */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n let opt_lenb, static_lenb; /* opt_len and static_len in bytes */\n let max_blindex = 0; /* index of last bit length code of non zero freq */\n\n /* Build the Huffman trees unless a stored block is forced */\n if (s.level > 0) {\n\n /* Check if the file is binary or text */\n if (s.strm.data_type === Z_UNKNOWN) {\n s.strm.data_type = detect_data_type(s);\n }\n\n /* Construct the literal and distance trees */\n build_tree(s, s.l_desc);\n // Tracev((stderr, \"\\nlit data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n\n build_tree(s, s.d_desc);\n // Tracev((stderr, \"\\ndist data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n /* At this point, opt_len and static_len are the total bit lengths of\n * the compressed block data, excluding the tree representations.\n */\n\n /* Build the bit length tree for the above two trees, and get the index\n * in bl_order of the last bit length code to send.\n */\n max_blindex = build_bl_tree(s);\n\n /* Determine the best encoding. Compute the block lengths in bytes. */\n opt_lenb = s.opt_len + 3 + 7 >>> 3;\n static_lenb = s.static_len + 3 + 7 >>> 3;\n\n // Tracev((stderr, \"\\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u \",\n // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,\n // s->last_lit));\n\n if (static_lenb <= opt_lenb) {\n opt_lenb = static_lenb; \n }\n\n } else {\n // Assert(buf != (char*)0, \"lost buf\");\n opt_lenb = static_lenb = stored_len + 5; /* force a stored block */\n }\n\n if (stored_len + 4 <= opt_lenb && buf !== -1) {\n /* 4: two words for the lengths */\n\n /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.\n * Otherwise we can't have processed more than WSIZE input bytes since\n * the last block flush, because compression would have been\n * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to\n * transform a block into a stored block.\n */\n _tr_stored_block(s, buf, stored_len, last);\n\n } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) {\n\n send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3);\n compress_block(s, static_ltree, static_dtree);\n\n } else {\n send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3);\n send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1);\n compress_block(s, s.dyn_ltree, s.dyn_dtree);\n }\n // Assert (s->compressed_len == s->bits_sent, \"bad compressed size\");\n /* The above check is made mod 2^32, for files larger than 512 MB\n * and uLong implemented on 32 bits.\n */\n init_block(s);\n\n if (last) {\n bi_windup(s);\n }\n // Tracev((stderr,\"\\ncomprlen %lu(%lu) \", s->compressed_len>>3,\n // s->compressed_len-7*last));\n}\n\n/* ===========================================================================\n * Save the match info and tally the frequency counts. Return true if\n * the current block must be flushed.\n */\nfunction _tr_tally(s, dist, lc)\n// deflate_state *s;\n// unsigned dist; /* distance of matched string */\n// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */\n{\n //var out_length, in_length, dcode;\n\n s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff;\n s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff;\n\n s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff;\n s.last_lit++;\n\n if (dist === 0) {\n /* lc is the unmatched char */\n s.dyn_ltree[lc * 2]/*.Freq*/++;\n } else {\n s.matches++;\n /* Here, lc is the match length - MIN_MATCH */\n dist--; /* dist = match distance - 1 */\n //Assert((ush)dist < (ush)MAX_DIST(s) &&\n // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&\n // (ush)d_code(dist) < (ush)D_CODES, \"_tr_tally: bad match\");\n\n s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++;\n s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n\n //#ifdef TRUNCATE_BLOCK\n // /* Try to guess if it is profitable to stop the current block here */\n // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) {\n // /* Compute an upper bound for the compressed length */\n // out_length = s.last_lit*8;\n // in_length = s.strstart - s.block_start;\n //\n // for (dcode = 0; dcode < D_CODES; dcode++) {\n // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]);\n // }\n // out_length >>>= 3;\n // //Tracev((stderr,\"\\nlast_lit %u, in %ld, out ~%ld(%ld%%) \",\n // // s->last_lit, in_length, out_length,\n // // 100L - out_length*100L/in_length));\n // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) {\n // return true;\n // }\n // }\n //#endif\n\n return s.last_lit === s.lit_bufsize - 1;\n /* We avoid equality with lit_bufsize because of wraparound at 64K\n * on 16 bit machines and because stored blocks are restricted to\n * 64K-1 bytes.\n */\n}\n\nexport {\n _tr_init,\n _tr_stored_block,\n _tr_flush_block,\n _tr_tally,\n _tr_align\n};","\n\n// Note: adler32 takes 12% for level 0 and 2% for level 6.\n// It isn't worth it to make additional optimizations as in original.\n// Small size is preferable.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default function adler32(adler, buf, len, pos) {\n let s1 = adler & 0xffff |0,\n s2 = adler >>> 16 & 0xffff |0,\n n = 0;\n\n while (len !== 0) {\n // Set limit ~ twice less than 5552, to keep\n // s2 in 31-bits, because we force signed ints.\n // in other case %= will fail.\n n = len > 2000 ? 2000 : len;\n len -= n;\n\n do {\n s1 = s1 + buf[pos++] |0;\n s2 = s2 + s1 |0;\n } while (--n);\n\n s1 %= 65521;\n s2 %= 65521;\n }\n\n return s1 | s2 << 16 |0;\n}\n","\n\n// Note: we can't get significant speed boost here.\n// So write code to minimize size - no pregenerated tables\n// and array tools dependencies.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// Use ordinary array, since untyped makes no boost here\nfunction makeTable() {\n let c;\n const table = [];\n\n for (let n = 0; n < 256; n++) {\n c = n;\n for (let k = 0; k < 8; k++) {\n c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1;\n }\n table[n] = c;\n }\n\n return table;\n}\n\n// Create table on load. Just 255 signed longs. Not a problem.\nconst crcTable = makeTable();\n\n\nexport default function crc32(crc, buf, len, pos) {\n const t = crcTable,\n end = pos + len;\n\n crc ^= -1;\n\n for (let i = pos; i < end; i++) {\n crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF];\n }\n\n return crc ^ -1; // >>> 0;\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default {\n 2: \"need dictionary\", /* Z_NEED_DICT 2 */\n 1: \"stream end\", /* Z_STREAM_END 1 */\n 0: \"\", /* Z_OK 0 */\n \"-1\": \"file error\", /* Z_ERRNO (-1) */\n \"-2\": \"stream error\", /* Z_STREAM_ERROR (-2) */\n \"-3\": \"data error\", /* Z_DATA_ERROR (-3) */\n \"-4\": \"insufficient memory\", /* Z_MEM_ERROR (-4) */\n \"-5\": \"buffer error\", /* Z_BUF_ERROR (-5) */\n \"-6\": \"incompatible version\" /* Z_VERSION_ERROR (-6) */\n};\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport * as trees from \"./trees.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport msg from \"./messages.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_NO_FLUSH,\n Z_PARTIAL_FLUSH,\n Z_FULL_FLUSH,\n Z_FINISH,\n Z_BLOCK,\n Z_OK,\n Z_STREAM_END,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFAULT_COMPRESSION,\n Z_FILTERED,\n Z_HUFFMAN_ONLY,\n Z_RLE,\n Z_FIXED,\n Z_DEFAULT_STRATEGY,\n Z_UNKNOWN,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nconst MAX_MEM_LEVEL = 9;\n/* Maximum value for memLevel in deflateInit2 */\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_MEM_LEVEL = 8;\n\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\nconst D_CODES = 30;\n/* number of distance codes */\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\nconst MIN_LOOKAHEAD = (MAX_MATCH + MIN_MATCH + 1);\n\nconst PRESET_DICT = 0x20;\n\nconst INIT_STATE = 42;\nconst EXTRA_STATE = 69;\nconst NAME_STATE = 73;\nconst COMMENT_STATE = 91;\nconst HCRC_STATE = 103;\nconst BUSY_STATE = 113;\nconst FINISH_STATE = 666;\n\nconst BS_NEED_MORE = 1; /* block not completed, need more input or more output */\nconst BS_BLOCK_DONE = 2; /* block flush performed */\nconst BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */\nconst BS_FINISH_DONE = 4; /* finish done, accept no more input or output */\n\nconst OS_CODE = 0x03; // Unix :) . Don't detect, use this default.\n\nfunction err(strm, errorCode) {\n strm.msg = msg[errorCode];\n return errorCode;\n}\n\nfunction rank(f) {\n return ((f) << 1) - ((f) > 4 ? 9 : 0);\n}\n\nfunction zero(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } }\n\n\n/* =========================================================================\n * Flush as much pending output as possible. All deflate() output goes\n * through this function so some applications may wish to modify it\n * to avoid allocating a large strm->output buffer and copying into it.\n * (See also read_buf()).\n */\nfunction flush_pending(strm) {\n const s = strm.state;\n\n //_tr_flush_bits(s);\n let len = s.pending;\n if (len > strm.avail_out) {\n len = strm.avail_out;\n }\n if (len === 0) { return; }\n\n utils.arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out);\n strm.next_out += len;\n s.pending_out += len;\n strm.total_out += len;\n strm.avail_out -= len;\n s.pending -= len;\n if (s.pending === 0) {\n s.pending_out = 0;\n }\n}\n\n\nfunction flush_block_only(s, last) {\n trees._tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last);\n s.block_start = s.strstart;\n flush_pending(s.strm);\n}\n\n\nfunction put_byte(s, b) {\n s.pending_buf[s.pending++] = b;\n}\n\n\n/* =========================================================================\n * Put a short in the pending buffer. The 16-bit value is put in MSB order.\n * IN assertion: the stream state is correct and there is enough room in\n * pending_buf.\n */\nfunction putShortMSB(s, b) {\n // put_byte(s, (Byte)(b >> 8));\n // put_byte(s, (Byte)(b & 0xff));\n s.pending_buf[s.pending++] = (b >>> 8) & 0xff;\n s.pending_buf[s.pending++] = b & 0xff;\n}\n\n\n/* ===========================================================================\n * Read a new buffer from the current input stream, update the adler32\n * and total number of bytes read. All deflate() input goes through\n * this function so some applications may wish to modify it to avoid\n * allocating a large strm->input buffer and copying from it.\n * (See also flush_pending()).\n */\nfunction read_buf(strm, buf, start, size) {\n let len = strm.avail_in;\n\n if (len > size) { len = size; }\n if (len === 0) { return 0; }\n\n strm.avail_in -= len;\n\n // zmemcpy(buf, strm->next_in, len);\n utils.arraySet(buf, strm.input, strm.next_in, len, start);\n if (strm.state.wrap === 1) {\n strm.adler = adler32(strm.adler, buf, len, start);\n }\n\n else if (strm.state.wrap === 2) {\n strm.adler = crc32(strm.adler, buf, len, start);\n }\n\n strm.next_in += len;\n strm.total_in += len;\n\n return len;\n}\n\n\n/* ===========================================================================\n * Set match_start to the longest match starting at the given string and\n * return its length. Matches shorter or equal to prev_length are discarded,\n * in which case the result is equal to prev_length and match_start is\n * garbage.\n * IN assertions: cur_match is the head of the hash chain for the current\n * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1\n * OUT assertion: the match length is not greater than s->lookahead.\n */\nfunction longest_match(s, cur_match) {\n let chain_length = s.max_chain_length; /* max hash chain length */\n let scan = s.strstart; /* current string */\n let match; /* matched string */\n let len; /* length of current match */\n let best_len = s.prev_length; /* best match length so far */\n let nice_match = s.nice_match; /* stop if match long enough */\n const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ?\n s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/;\n\n const _win = s.window; // shortcut\n\n const wmask = s.w_mask;\n const prev = s.prev;\n\n /* Stop when cur_match becomes <= limit. To simplify the code,\n * we prevent matches with the string of window index 0.\n */\n\n const strend = s.strstart + MAX_MATCH;\n let scan_end1 = _win[scan + best_len - 1];\n let scan_end = _win[scan + best_len];\n\n /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.\n * It is easy to get rid of this optimization if necessary.\n */\n // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, \"Code too clever\");\n\n /* Do not waste too much time if we already have a good match: */\n if (s.prev_length >= s.good_match) {\n chain_length >>= 2;\n }\n /* Do not look for matches beyond the end of the input. This is necessary\n * to make deflate deterministic.\n */\n if (nice_match > s.lookahead) { nice_match = s.lookahead; }\n\n // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, \"need lookahead\");\n\n do {\n // Assert(cur_match < s->strstart, \"no future\");\n match = cur_match;\n\n /* Skip to next match if the match length cannot increase\n * or if the match length is less than 2. Note that the checks below\n * for insufficient lookahead only occur occasionally for performance\n * reasons. Therefore uninitialized memory will be accessed, and\n * conditional jumps will be made that depend on those values.\n * However the length of the match is limited to the lookahead, so\n * the output of deflate is not affected by the uninitialized values.\n */\n\n if (_win[match + best_len] !== scan_end ||\n _win[match + best_len - 1] !== scan_end1 ||\n _win[match] !== _win[scan] ||\n _win[++match] !== _win[scan + 1]) {\n continue;\n }\n\n /* The check at best_len-1 can be removed because it will be made\n * again later. (This heuristic is not always a win.)\n * It is not necessary to compare scan[2] and match[2] since they\n * are always equal when the other bytes match, given that\n * the hash keys are equal and that HASH_BITS >= 8.\n */\n scan += 2;\n match++;\n // Assert(*scan == *match, \"match[2]?\");\n\n /* We check for insufficient lookahead only every 8th comparison;\n * the 256th check will be made at strstart+258.\n */\n do {\n /*jshint noempty:false*/\n } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n scan < strend);\n\n // Assert(scan <= s->window+(unsigned)(s->window_size-1), \"wild scan\");\n\n len = MAX_MATCH - (strend - scan);\n scan = strend - MAX_MATCH;\n\n if (len > best_len) {\n s.match_start = cur_match;\n best_len = len;\n if (len >= nice_match) {\n break;\n }\n scan_end1 = _win[scan + best_len - 1];\n scan_end = _win[scan + best_len];\n }\n } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0);\n\n if (best_len <= s.lookahead) {\n return best_len;\n }\n return s.lookahead;\n}\n\n\n/* ===========================================================================\n * Fill the window when the lookahead becomes insufficient.\n * Updates strstart and lookahead.\n *\n * IN assertion: lookahead < MIN_LOOKAHEAD\n * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD\n * At least one byte has been read, or avail_in == 0; reads are\n * performed for at least two bytes (required for the zip translate_eol\n * option -- not supported here).\n */\nfunction fill_window(s) {\n const _w_size = s.w_size;\n let p, n, m, more, str;\n\n //Assert(s->lookahead < MIN_LOOKAHEAD, \"already enough lookahead\");\n\n do {\n more = s.window_size - s.lookahead - s.strstart;\n\n // JS ints have 32 bit, block below not needed\n /* Deal with !@#$% 64K limit: */\n //if (sizeof(int) <= 2) {\n // if (more == 0 && s->strstart == 0 && s->lookahead == 0) {\n // more = wsize;\n //\n // } else if (more == (unsigned)(-1)) {\n // /* Very unlikely, but possible on 16 bit machine if\n // * strstart == 0 && lookahead == 1 (input done a byte at time)\n // */\n // more--;\n // }\n //}\n\n\n /* If the window is almost full and there is insufficient lookahead,\n * move the upper half to the lower one to make room in the upper half.\n */\n if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) {\n\n utils.arraySet(s.window, s.window, _w_size, _w_size, 0);\n s.match_start -= _w_size;\n s.strstart -= _w_size;\n /* we now have strstart >= MAX_DIST */\n s.block_start -= _w_size;\n\n /* Slide the hash table (could be avoided with 32 bit values\n at the expense of memory usage). We slide even when level == 0\n to keep the hash table consistent if we switch back to level > 0\n later. (Using level 0 permanently is not an optimal usage of\n zlib, so we don't care about this pathological case.)\n */\n\n n = s.hash_size;\n p = n;\n do {\n m = s.head[--p];\n s.head[p] = (m >= _w_size ? m - _w_size : 0);\n } while (--n);\n\n n = _w_size;\n p = n;\n do {\n m = s.prev[--p];\n s.prev[p] = (m >= _w_size ? m - _w_size : 0);\n /* If n is not on any hash chain, prev[n] is garbage but\n * its value will never be used.\n */\n } while (--n);\n\n more += _w_size;\n }\n if (s.strm.avail_in === 0) {\n break;\n }\n\n /* If there was no sliding:\n * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&\n * more == window_size - lookahead - strstart\n * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)\n * => more >= window_size - 2*WSIZE + 2\n * In the BIG_MEM or MMAP case (not yet supported),\n * window_size == input_size + MIN_LOOKAHEAD &&\n * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.\n * Otherwise, window_size == 2*WSIZE so more >= 2.\n * If there was sliding, more >= WSIZE. So in all cases, more >= 2.\n */\n //Assert(more >= 2, \"more < 2\");\n n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more);\n s.lookahead += n;\n\n /* Initialize the hash value now that we have some input: */\n if (s.lookahead + s.insert >= MIN_MATCH) {\n str = s.strstart - s.insert;\n s.ins_h = s.window[str];\n\n /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask;\n //#if MIN_MATCH != 3\n // Call update_hash() MIN_MATCH-3 more times\n //#endif\n while (s.insert) {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = str;\n str++;\n s.insert--;\n if (s.lookahead + s.insert < MIN_MATCH) {\n break;\n }\n }\n }\n /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,\n * but this is not important since only literal bytes will be emitted.\n */\n\n } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0);\n\n /* If the WIN_INIT bytes after the end of the current data have never been\n * written, then zero those bytes in order to avoid memory check reports of\n * the use of uninitialized (or uninitialised as Julian writes) bytes by\n * the longest match routines. Update the high water mark for the next\n * time through here. WIN_INIT is set to MAX_MATCH since the longest match\n * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.\n */\n // if (s.high_water < s.window_size) {\n // var curr = s.strstart + s.lookahead;\n // var init = 0;\n //\n // if (s.high_water < curr) {\n // /* Previous high water mark below current data -- zero WIN_INIT\n // * bytes or up to end of window, whichever is less.\n // */\n // init = s.window_size - curr;\n // if (init > WIN_INIT)\n // init = WIN_INIT;\n // zmemzero(s->window + curr, (unsigned)init);\n // s->high_water = curr + init;\n // }\n // else if (s->high_water < (ulg)curr + WIN_INIT) {\n // /* High water mark at or above current data, but below current data\n // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up\n // * to end of window, whichever is less.\n // */\n // init = (ulg)curr + WIN_INIT - s->high_water;\n // if (init > s->window_size - s->high_water)\n // init = s->window_size - s->high_water;\n // zmemzero(s->window + s->high_water, (unsigned)init);\n // s->high_water += init;\n // }\n // }\n //\n // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,\n // \"not enough room for search\");\n}\n\n/* ===========================================================================\n * Copy without compression as much as possible from the input stream, return\n * the current block state.\n * This function does not insert new strings in the dictionary since\n * uncompressible data is probably not useful. This function is used\n * only for the level=0 compression option.\n * NOTE: this function should be optimized to avoid extra copying from\n * window to pending_buf.\n */\nfunction deflate_stored(s, flush) {\n /* Stored blocks are limited to 0xffff bytes, pending_buf is limited\n * to pending_buf_size, and each stored block has a 5 byte header:\n */\n let max_block_size = 0xffff;\n\n if (max_block_size > s.pending_buf_size - 5) {\n max_block_size = s.pending_buf_size - 5;\n }\n\n /* Copy as much as possible from input to output: */\n for (; ;) {\n /* Fill the window as much as possible: */\n if (s.lookahead <= 1) {\n\n //Assert(s->strstart < s->w_size+MAX_DIST(s) ||\n // s->block_start >= (long)s->w_size, \"slide too late\");\n // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) ||\n // s.block_start >= s.w_size)) {\n // throw new Error(\"slide too late\");\n // }\n\n fill_window(s);\n if (s.lookahead === 0 && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n\n if (s.lookahead === 0) {\n break;\n }\n /* flush the current block */\n }\n //Assert(s->block_start >= 0L, \"block gone\");\n // if (s.block_start < 0) throw new Error(\"block gone\");\n\n s.strstart += s.lookahead;\n s.lookahead = 0;\n\n /* Emit a stored block if pending_buf will be full: */\n const max_start = s.block_start + max_block_size;\n\n if (s.strstart === 0 || s.strstart >= max_start) {\n /* strstart == 0 is possible when wraparound on 16-bit machine */\n s.lookahead = s.strstart - max_start;\n s.strstart = max_start;\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n\n\n }\n /* Flush if we may have to slide, otherwise block_start may become\n * negative and the data will be gone:\n */\n if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n\n s.insert = 0;\n\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n\n if (s.strstart > s.block_start) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_NEED_MORE;\n}\n\n/* ===========================================================================\n * Compress as much as possible from the input stream, return the current\n * block state.\n * This function does not perform lazy evaluation of matches and inserts\n * new strings in the dictionary only for unmatched strings or for short\n * matches. It is used only for the fast compression options.\n */\nfunction deflate_fast(s, flush) {\n let hash_head; /* head of the hash chain */\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) {\n break; /* flush the current block */\n }\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n * At this point we have always match_length < MIN_MATCH\n */\n if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n }\n if (s.match_length >= MIN_MATCH) {\n // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only\n\n /*** _tr_tally_dist(s, s.strstart - s.match_start,\n s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n\n /* Insert new strings in the hash table only if the match length\n * is not too large. This saves time but degrades compression.\n */\n if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH) {\n s.match_length--; /* string at strstart already in table */\n do {\n s.strstart++;\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n /* strstart never exceeds WSIZE-MAX_MATCH, so there are\n * always MIN_MATCH bytes ahead.\n */\n } while (--s.match_length !== 0);\n s.strstart++;\n } else {\n s.strstart += s.match_length;\n s.match_length = 0;\n s.ins_h = s.window[s.strstart];\n /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask;\n\n //#if MIN_MATCH != 3\n // Call UPDATE_HASH() MIN_MATCH-3 more times\n //#endif\n /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not\n * matter since it will be recomputed at next deflate call.\n */\n }\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s.window[s.strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = ((s.strstart < (MIN_MATCH - 1)) ? s.strstart : MIN_MATCH - 1);\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * Same as above, but achieves better compression. We use a lazy\n * evaluation for matches: a match is finally adopted only if there is\n * no better match at the next window position.\n */\nfunction deflate_slow(s, flush) {\n let hash_head; /* head of hash chain */\n let bflush; /* set if current block must be flushed */\n\n let max_insert;\n\n /* Process the input block. */\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n */\n s.prev_length = s.match_length;\n s.prev_match = s.match_start;\n s.match_length = MIN_MATCH - 1;\n\n if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match &&\n s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n\n if (s.match_length <= 5 &&\n (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH && s.strstart - s.match_start > 4096/*TOO_FAR*/))) {\n\n /* If prev_match is also MIN_MATCH, match_start is garbage\n * but we will ignore the current match anyway.\n */\n s.match_length = MIN_MATCH - 1;\n }\n }\n /* If there was a match at the previous step and the current\n * match is not better, output the previous match:\n */\n if (s.prev_length >= MIN_MATCH && s.match_length <= s.prev_length) {\n max_insert = s.strstart + s.lookahead - MIN_MATCH;\n /* Do not insert strings in hash table beyond this. */\n\n //check_match(s, s.strstart-1, s.prev_match, s.prev_length);\n\n /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match,\n s.prev_length - MIN_MATCH, bflush);***/\n bflush = trees._tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH);\n /* Insert in hash table all strings up to the end of the match.\n * strstart-1 and strstart are already inserted. If there is not\n * enough lookahead, the last two strings are not inserted in\n * the hash table.\n */\n s.lookahead -= s.prev_length - 1;\n s.prev_length -= 2;\n do {\n if (++s.strstart <= max_insert) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n } while (--s.prev_length !== 0);\n s.match_available = 0;\n s.match_length = MIN_MATCH - 1;\n s.strstart++;\n\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n } else if (s.match_available) {\n /* If there was no match at the previous position, output a\n * single literal. If there was a match but the current match\n * is longer, truncate the previous match to a single literal.\n */\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n if (bflush) {\n /*** FLUSH_BLOCK_ONLY(s, 0) ***/\n flush_block_only(s, false);\n /***/\n }\n s.strstart++;\n s.lookahead--;\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n } else {\n /* There is no previous match to compare with, wait for\n * the next step to decide.\n */\n s.match_available = 1;\n s.strstart++;\n s.lookahead--;\n }\n }\n //Assert (flush != Z_NO_FLUSH, \"no flush?\");\n if (s.match_available) {\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n s.match_available = 0;\n }\n s.insert = s.strstart < MIN_MATCH - 1 ? s.strstart : MIN_MATCH - 1;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_BLOCK_DONE;\n}\n\n\n/* ===========================================================================\n * For Z_RLE, simply look for runs of bytes, generate matches only of distance\n * one. Do not maintain a hash table. (It will be regenerated if this run of\n * deflate switches away from Z_RLE.)\n */\nfunction deflate_rle(s, flush) {\n let bflush; /* set if current block must be flushed */\n let prev; /* byte at distance one to match */\n let scan, strend; /* scan goes up to strend for length of run */\n\n const _win = s.window;\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the longest run, plus one for the unrolled loop.\n */\n if (s.lookahead <= MAX_MATCH) {\n fill_window(s);\n if (s.lookahead <= MAX_MATCH && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* See how many times the previous byte repeats */\n s.match_length = 0;\n if (s.lookahead >= MIN_MATCH && s.strstart > 0) {\n scan = s.strstart - 1;\n prev = _win[scan];\n if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) {\n strend = s.strstart + MAX_MATCH;\n do {\n /*jshint noempty:false*/\n } while (prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n scan < strend);\n s.match_length = MAX_MATCH - (strend - scan);\n if (s.match_length > s.lookahead) {\n s.match_length = s.lookahead;\n }\n }\n //Assert(scan <= s->window+(uInt)(s->window_size-1), \"wild scan\");\n }\n\n /* Emit match if have run of MIN_MATCH or longer, else emit literal */\n if (s.match_length >= MIN_MATCH) {\n //check_match(s, s.strstart, s.strstart - 1, s.match_length);\n\n /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, 1, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n s.strstart += s.match_length;\n s.match_length = 0;\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table.\n * (It will be regenerated if this run of deflate switches away from Huffman.)\n */\nfunction deflate_huff(s, flush) {\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we have a literal to write. */\n if (s.lookahead === 0) {\n fill_window(s);\n if (s.lookahead === 0) {\n if (flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n break; /* flush the current block */\n }\n }\n\n /* Output a literal byte */\n s.match_length = 0;\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n s.lookahead--;\n s.strstart++;\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* Values for max_lazy_match, good_match and max_chain_length, depending on\n * the desired pack level (0..9). The values given below have been tuned to\n * exclude worst case performance for pathological files. Better values may be\n * found for specific files.\n */\nclass Config {\n constructor(good_length, max_lazy, nice_length, max_chain, func) {\n this.good_length = good_length;\n this.max_lazy = max_lazy;\n this.nice_length = nice_length;\n this.max_chain = max_chain;\n this.func = func;\n }\n};\n\nconst configuration_table = [\n /* good lazy nice chain */\n new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */\n new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */\n new Config(4, 5, 16, 8, deflate_fast), /* 2 */\n new Config(4, 6, 32, 32, deflate_fast), /* 3 */\n\n new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */\n new Config(8, 16, 32, 32, deflate_slow), /* 5 */\n new Config(8, 16, 128, 128, deflate_slow), /* 6 */\n new Config(8, 32, 128, 256, deflate_slow), /* 7 */\n new Config(32, 128, 258, 1024, deflate_slow), /* 8 */\n new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */\n];\n\n\n/* ===========================================================================\n * Initialize the \"longest match\" routines for a new zlib stream\n */\nfunction lm_init(s) {\n s.window_size = 2 * s.w_size;\n\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n\n /* Set the default configuration parameters:\n */\n s.max_lazy_match = configuration_table[s.level].max_lazy;\n s.good_match = configuration_table[s.level].good_length;\n s.nice_match = configuration_table[s.level].nice_length;\n s.max_chain_length = configuration_table[s.level].max_chain;\n\n s.strstart = 0;\n s.block_start = 0;\n s.lookahead = 0;\n s.insert = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n s.ins_h = 0;\n}\n\nclass DeflateState {\n constructor() {\n this.strm = null; /* pointer back to this zlib stream */\n this.status = 0; /* as the name implies */\n this.pending_buf = null; /* output still pending */\n this.pending_buf_size = 0; /* size of pending_buf */\n this.pending_out = 0; /* next pending byte to output to the stream */\n this.pending = 0; /* nb of bytes in the pending buffer */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.gzhead = null; /* gzip header information to write */\n this.gzindex = 0; /* where in extra, name, or comment */\n this.method = Z_DEFLATED; /* can only be DEFLATED */\n this.last_flush = -1; /* value of flush param for previous deflate call */\n\n this.w_size = 0; /* LZ77 window size (32K by default) */\n this.w_bits = 0; /* log2(w_size) (8..16) */\n this.w_mask = 0; /* w_size - 1 */\n\n this.window = null;\n /* Sliding window. Input bytes are read into the second half of the window,\n * and move to the first half later to keep a dictionary of at least wSize\n * bytes. With this organization, matches are limited to a distance of\n * wSize-MAX_MATCH bytes, but this ensures that IO is always\n * performed with a length multiple of the block size.\n */\n\n this.window_size = 0;\n /* Actual size of window: 2*wSize, except when the user input buffer\n * is directly used as sliding window.\n */\n\n this.prev = null;\n /* Link to older string with same hash index. To limit the size of this\n * array to 64K, this link is maintained only for the last 32K strings.\n * An index in this array is thus a window index modulo 32K.\n */\n\n this.head = null; /* Heads of the hash chains or NIL. */\n\n this.ins_h = 0; /* hash index of string to be inserted */\n this.hash_size = 0; /* number of elements in hash table */\n this.hash_bits = 0; /* log2(hash_size) */\n this.hash_mask = 0; /* hash_size-1 */\n\n this.hash_shift = 0;\n /* Number of bits by which ins_h must be shifted at each input\n * step. It must be such that after MIN_MATCH steps, the oldest\n * byte no longer takes part in the hash key, that is:\n * hash_shift * MIN_MATCH >= hash_bits\n */\n\n this.block_start = 0;\n /* Window position at the beginning of the current output block. Gets\n * negative when the window is moved backwards.\n */\n\n this.match_length = 0; /* length of best match */\n this.prev_match = 0; /* previous match */\n this.match_available = 0; /* set if previous match exists */\n this.strstart = 0; /* start of string to insert */\n this.match_start = 0; /* start of matching string */\n this.lookahead = 0; /* number of valid bytes ahead in window */\n\n this.prev_length = 0;\n /* Length of the best match at previous step. Matches not greater than this\n * are discarded. This is used in the lazy match evaluation.\n */\n\n this.max_chain_length = 0;\n /* To speed up deflation, hash chains are never searched beyond this\n * length. A higher limit improves compression ratio but degrades the\n * speed.\n */\n\n this.max_lazy_match = 0;\n /* Attempt to find a better match only when the current match is strictly\n * smaller than this value. This mechanism is used only for compression\n * levels >= 4.\n */\n // That's alias to max_lazy_match, don't use directly\n //this.max_insert_length = 0;\n /* Insert new strings in the hash table only if the match length is not\n * greater than this length. This saves time but degrades compression.\n * max_insert_length is used only for compression levels <= 3.\n */\n\n this.level = 0; /* compression level (1..9) */\n this.strategy = 0; /* favor or force Huffman coding*/\n\n this.good_match = 0;\n /* Use a faster search when the previous match is longer than this */\n\n this.nice_match = 0; /* Stop searching when current match exceeds this */\n\n /* used by trees.c: */\n\n /* Didn't use ct_data typedef below to suppress compiler warning */\n\n // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */\n // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */\n // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */\n\n // Use flat array of DOUBLE size, with interleaved fata,\n // because JS does not support effective\n this.dyn_ltree = new utils.Buf16(HEAP_SIZE * 2);\n this.dyn_dtree = new utils.Buf16((2 * D_CODES + 1) * 2);\n this.bl_tree = new utils.Buf16((2 * BL_CODES + 1) * 2);\n zero(this.dyn_ltree);\n zero(this.dyn_dtree);\n zero(this.bl_tree);\n\n this.l_desc = null; /* desc. for literal tree */\n this.d_desc = null; /* desc. for distance tree */\n this.bl_desc = null; /* desc. for bit length tree */\n\n //ush bl_count[MAX_BITS+1];\n this.bl_count = new utils.Buf16(MAX_BITS + 1);\n /* number of codes at each bit length for an optimal tree */\n\n //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */\n this.heap = new utils.Buf16(2 * L_CODES + 1); /* heap used to build the Huffman trees */\n zero(this.heap);\n\n this.heap_len = 0; /* number of elements in the heap */\n this.heap_max = 0; /* element of largest frequency */\n /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.\n * The same heap array is used to build all trees.\n */\n\n this.depth = new utils.Buf16(2 * L_CODES + 1); //uch depth[2*L_CODES+1];\n zero(this.depth);\n /* Depth of each subtree used as tie breaker for trees of equal frequency\n */\n\n this.l_buf = 0; /* buffer index for literals or lengths */\n\n this.lit_bufsize = 0;\n /* Size of match buffer for literals/lengths. There are 4 reasons for\n * limiting lit_bufsize to 64K:\n * - frequencies can be kept in 16 bit counters\n * - if compression is not successful for the first block, all input\n * data is still in the window so we can still emit a stored block even\n * when input comes from standard input. (This can also be done for\n * all blocks if lit_bufsize is not greater than 32K.)\n * - if compression is not successful for a file smaller than 64K, we can\n * even emit a stored file instead of a stored block (saving 5 bytes).\n * This is applicable only for zip (not gzip or zlib).\n * - creating new Huffman trees less frequently may not provide fast\n * adaptation to changes in the input data statistics. (Take for\n * example a binary file with poorly compressible code followed by\n * a highly compressible string table.) Smaller buffer sizes give\n * fast adaptation but have of course the overhead of transmitting\n * trees more frequently.\n * - I can't count above 4\n */\n\n this.last_lit = 0; /* running index in l_buf */\n\n this.d_buf = 0;\n /* Buffer index for distances. To simplify the code, d_buf and l_buf have\n * the same number of elements. To use different lengths, an extra flag\n * array would be necessary.\n */\n\n this.opt_len = 0; /* bit length of current block with optimal trees */\n this.static_len = 0; /* bit length of current block with static trees */\n this.matches = 0; /* number of string matches in current block */\n this.insert = 0; /* bytes at end of window left to insert */\n\n\n this.bi_buf = 0;\n /* Output buffer. bits are inserted starting at the bottom (least\n * significant bits).\n */\n this.bi_valid = 0;\n /* Number of valid bits in bi_buf. All bits above the last valid bit\n * are always zero.\n */\n\n // Used for window memory init. We safely ignore it for JS. That makes\n // sense only for pointers and memory check tools.\n //this.high_water = 0;\n /* High water mark offset in window for initialized bytes -- bytes above\n * this are set to zero in order to avoid memory check warnings when\n * longest match routines access bytes past the input. This is then\n * updated to the new high water mark.\n */\n }\n}\n\nfunction deflateResetKeep(strm) {\n let s;\n\n if (!strm || !strm.state) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.total_in = strm.total_out = 0;\n strm.data_type = Z_UNKNOWN;\n\n s = strm.state;\n s.pending = 0;\n s.pending_out = 0;\n\n if (s.wrap < 0) {\n s.wrap = -s.wrap;\n /* was made negative by deflate(..., Z_FINISH); */\n }\n s.status = (s.wrap ? INIT_STATE : BUSY_STATE);\n strm.adler = (s.wrap === 2) ?\n 0 // crc32(0, Z_NULL, 0)\n :\n 1; // adler32(0, Z_NULL, 0)\n s.last_flush = Z_NO_FLUSH;\n trees._tr_init(s);\n return Z_OK;\n}\n\n\nfunction deflateReset(strm) {\n const ret = deflateResetKeep(strm);\n if (ret === Z_OK) {\n lm_init(strm.state);\n }\n return ret;\n}\n\n\nfunction deflateSetHeader(strm, head) {\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; }\n strm.state.gzhead = head;\n return Z_OK;\n}\n\n\nfunction deflateInit2(strm, level, method, windowBits, memLevel, strategy) {\n if (!strm) { // === Z_NULL\n return Z_STREAM_ERROR;\n }\n let wrap = 1;\n\n if (level === Z_DEFAULT_COMPRESSION) {\n level = 6;\n }\n\n if (windowBits < 0) { /* suppress zlib wrapper */\n wrap = 0;\n windowBits = -windowBits;\n }\n\n else if (windowBits > 15) {\n wrap = 2; /* write gzip wrapper instead */\n windowBits -= 16;\n }\n\n\n if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED ||\n windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||\n strategy < 0 || strategy > Z_FIXED) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n\n if (windowBits === 8) {\n windowBits = 9;\n }\n /* until 256-byte window bug fixed */\n\n const s = new DeflateState();\n\n strm.state = s;\n s.strm = strm;\n\n s.wrap = wrap;\n s.gzhead = null;\n s.w_bits = windowBits;\n s.w_size = 1 << s.w_bits;\n s.w_mask = s.w_size - 1;\n\n s.hash_bits = memLevel + 7;\n s.hash_size = 1 << s.hash_bits;\n s.hash_mask = s.hash_size - 1;\n s.hash_shift = ~~((s.hash_bits + MIN_MATCH - 1) / MIN_MATCH);\n s.window = new utils.Buf8(s.w_size * 2);\n s.head = new utils.Buf16(s.hash_size);\n s.prev = new utils.Buf16(s.w_size);\n\n // Don't need mem init magic for JS.\n //s.high_water = 0; /* nothing written to s->window yet */\n\n s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */\n\n s.pending_buf_size = s.lit_bufsize * 4;\n\n //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);\n //s->pending_buf = (uchf *) overlay;\n s.pending_buf = new utils.Buf8(s.pending_buf_size);\n\n // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`)\n //s->d_buf = overlay + s->lit_bufsize/sizeof(ush);\n s.d_buf = 1 * s.lit_bufsize;\n\n //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;\n s.l_buf = (1 + 2) * s.lit_bufsize;\n\n s.level = level;\n s.strategy = strategy;\n s.method = method;\n\n return deflateReset(strm);\n}\n\nfunction deflateInit(strm, level) {\n return deflateInit2(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);\n}\n\n\nfunction deflate(strm, flush) {\n let old_flush, s;\n let beg, val; // for gzip header write only\n\n if (!strm || !strm.state ||\n flush > Z_BLOCK || flush < 0) {\n return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR;\n }\n\n s = strm.state;\n\n if (!strm.output ||\n (!strm.input && strm.avail_in !== 0) ||\n (s.status === FINISH_STATE && flush !== Z_FINISH)) {\n return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR);\n }\n\n s.strm = strm; /* just in case */\n old_flush = s.last_flush;\n s.last_flush = flush;\n\n /* Write the header */\n if (s.status === INIT_STATE) {\n\n if (s.wrap === 2) { // GZIP header\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n put_byte(s, 31);\n put_byte(s, 139);\n put_byte(s, 8);\n if (!s.gzhead) { // s->gzhead == Z_NULL\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, OS_CODE);\n s.status = BUSY_STATE;\n }\n else {\n put_byte(s, (s.gzhead.text ? 1 : 0) +\n (s.gzhead.hcrc ? 2 : 0) +\n (!s.gzhead.extra ? 0 : 4) +\n (!s.gzhead.name ? 0 : 8) +\n (!s.gzhead.comment ? 0 : 16)\n );\n put_byte(s, s.gzhead.time & 0xff);\n put_byte(s, (s.gzhead.time >> 8) & 0xff);\n put_byte(s, (s.gzhead.time >> 16) & 0xff);\n put_byte(s, (s.gzhead.time >> 24) & 0xff);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, s.gzhead.os & 0xff);\n if (s.gzhead.extra && s.gzhead.extra.length) {\n put_byte(s, s.gzhead.extra.length & 0xff);\n put_byte(s, (s.gzhead.extra.length >> 8) & 0xff);\n }\n if (s.gzhead.hcrc) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0);\n }\n s.gzindex = 0;\n s.status = EXTRA_STATE;\n }\n }\n else // DEFLATE header\n {\n let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8;\n let level_flags = -1;\n\n if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) {\n level_flags = 0;\n } else if (s.level < 6) {\n level_flags = 1;\n } else if (s.level === 6) {\n level_flags = 2;\n } else {\n level_flags = 3;\n }\n header |= (level_flags << 6);\n if (s.strstart !== 0) { header |= PRESET_DICT; }\n header += 31 - (header % 31);\n\n s.status = BUSY_STATE;\n putShortMSB(s, header);\n\n /* Save the adler32 of the preset dictionary: */\n if (s.strstart !== 0) {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n strm.adler = 1; // adler32(0L, Z_NULL, 0);\n }\n }\n\n //#ifdef GZIP\n if (s.status === EXTRA_STATE) {\n if (s.gzhead.extra/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n\n while (s.gzindex < (s.gzhead.extra.length & 0xffff)) {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n break;\n }\n }\n put_byte(s, s.gzhead.extra[s.gzindex] & 0xff);\n s.gzindex++;\n }\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (s.gzindex === s.gzhead.extra.length) {\n s.gzindex = 0;\n s.status = NAME_STATE;\n }\n }\n else {\n s.status = NAME_STATE;\n }\n }\n if (s.status === NAME_STATE) {\n if (s.gzhead.name/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.name.length) {\n val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.gzindex = 0;\n s.status = COMMENT_STATE;\n }\n }\n else {\n s.status = COMMENT_STATE;\n }\n }\n if (s.status === COMMENT_STATE) {\n if (s.gzhead.comment/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.comment.length) {\n val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.status = HCRC_STATE;\n }\n }\n else {\n s.status = HCRC_STATE;\n }\n }\n if (s.status === HCRC_STATE) {\n if (s.gzhead.hcrc) {\n if (s.pending + 2 > s.pending_buf_size) {\n flush_pending(strm);\n }\n if (s.pending + 2 <= s.pending_buf_size) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n s.status = BUSY_STATE;\n }\n }\n else {\n s.status = BUSY_STATE;\n }\n }\n //#endif\n\n /* Flush as much pending output as possible */\n if (s.pending !== 0) {\n flush_pending(strm);\n if (strm.avail_out === 0) {\n /* Since avail_out is 0, deflate will be called again with\n * more output space, but possibly with both pending and\n * avail_in equal to zero. There won't be anything to do,\n * but this is not an error situation so make sure we\n * return OK instead of BUF_ERROR at next call of deflate:\n */\n s.last_flush = -1;\n return Z_OK;\n }\n\n /* Make sure there is something to do and avoid duplicate consecutive\n * flushes. For repeated and useless calls with Z_FINISH, we keep\n * returning Z_STREAM_END instead of Z_BUF_ERROR.\n */\n } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) &&\n flush !== Z_FINISH) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* User must not provide more input after the first FINISH: */\n if (s.status === FINISH_STATE && strm.avail_in !== 0) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* Start a new block or continue the current one.\n */\n if (strm.avail_in !== 0 || s.lookahead !== 0 ||\n (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) {\n var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) :\n (s.strategy === Z_RLE ? deflate_rle(s, flush) :\n configuration_table[s.level].func(s, flush));\n\n if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) {\n s.status = FINISH_STATE;\n }\n if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) {\n if (strm.avail_out === 0) {\n s.last_flush = -1;\n /* avoid BUF_ERROR next call, see above */\n }\n return Z_OK;\n /* If flush != Z_NO_FLUSH && avail_out == 0, the next call\n * of deflate should use the same flush parameter to make sure\n * that the flush is complete. So we don't have to output an\n * empty block here, this will be done at next call. This also\n * ensures that for a very small output buffer, we emit at most\n * one empty block.\n */\n }\n if (bstate === BS_BLOCK_DONE) {\n if (flush === Z_PARTIAL_FLUSH) {\n trees._tr_align(s);\n }\n else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */\n\n trees._tr_stored_block(s, 0, 0, false);\n /* For a full flush, this empty block will be recognized\n * as a special marker by inflate_sync().\n */\n if (flush === Z_FULL_FLUSH) {\n /*** CLEAR_HASH(s); ***/ /* forget history */\n zero(s.head); // Fill with NIL (= 0);\n\n if (s.lookahead === 0) {\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n }\n }\n flush_pending(strm);\n if (strm.avail_out === 0) {\n s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */\n return Z_OK;\n }\n }\n }\n //Assert(strm->avail_out > 0, \"bug2\");\n //if (strm.avail_out <= 0) { throw new Error(\"bug2\");}\n\n if (flush !== Z_FINISH) { return Z_OK; }\n if (s.wrap <= 0) { return Z_STREAM_END; }\n\n /* Write the trailer */\n if (s.wrap === 2) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n put_byte(s, (strm.adler >> 16) & 0xff);\n put_byte(s, (strm.adler >> 24) & 0xff);\n put_byte(s, strm.total_in & 0xff);\n put_byte(s, (strm.total_in >> 8) & 0xff);\n put_byte(s, (strm.total_in >> 16) & 0xff);\n put_byte(s, (strm.total_in >> 24) & 0xff);\n }\n else {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n\n flush_pending(strm);\n /* If avail_out is zero, the application will call deflate again\n * to flush the rest.\n */\n if (s.wrap > 0) { s.wrap = -s.wrap; }\n /* write the trailer only once! */\n return s.pending !== 0 ? Z_OK : Z_STREAM_END;\n}\n\nfunction deflateEnd(strm) {\n let status;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n status = strm.state.status;\n if (status !== INIT_STATE &&\n status !== EXTRA_STATE &&\n status !== NAME_STATE &&\n status !== COMMENT_STATE &&\n status !== HCRC_STATE &&\n status !== BUSY_STATE &&\n status !== FINISH_STATE\n ) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.state = null;\n\n return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK;\n}\n\n\n/* =========================================================================\n * Initializes the compression dictionary from the given byte\n * sequence without producing any compressed output.\n */\nfunction deflateSetDictionary(strm, dictionary) {\n let dictLength = dictionary.length;\n\n let s;\n let str, n;\n let wrap;\n let avail;\n let next;\n let input;\n let tmpDict;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n s = strm.state;\n wrap = s.wrap;\n\n if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) {\n return Z_STREAM_ERROR;\n }\n\n /* when using zlib wrappers, compute Adler-32 for provided dictionary */\n if (wrap === 1) {\n /* adler32(strm->adler, dictionary, dictLength); */\n strm.adler = adler32(strm.adler, dictionary, dictLength, 0);\n }\n\n s.wrap = 0; /* avoid computing Adler-32 in read_buf */\n\n /* if dictionary would fill window, just replace the history */\n if (dictLength >= s.w_size) {\n if (wrap === 0) { /* already empty otherwise */\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n /* use the tail */\n // dictionary = dictionary.slice(dictLength - s.w_size);\n tmpDict = new utils.Buf8(s.w_size);\n utils.arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0);\n dictionary = tmpDict;\n dictLength = s.w_size;\n }\n /* insert dictionary into window and hash */\n avail = strm.avail_in;\n next = strm.next_in;\n input = strm.input;\n strm.avail_in = dictLength;\n strm.next_in = 0;\n strm.input = dictionary;\n fill_window(s);\n while (s.lookahead >= MIN_MATCH) {\n str = s.strstart;\n n = s.lookahead - (MIN_MATCH - 1);\n do {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n\n s.head[s.ins_h] = str;\n str++;\n } while (--n);\n s.strstart = str;\n s.lookahead = MIN_MATCH - 1;\n fill_window(s);\n }\n s.strstart += s.lookahead;\n s.block_start = s.strstart;\n s.insert = s.lookahead;\n s.lookahead = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n strm.next_in = next;\n strm.input = input;\n strm.avail_in = avail;\n s.wrap = wrap;\n return Z_OK;\n}\n\nconst deflateInfo = 'pako deflate (from Nodeca project)';\nexport {\n deflateInit,\n deflateInit2,\n deflateReset,\n deflateResetKeep,\n deflateSetHeader,\n deflate,\n deflateEnd,\n deflateSetDictionary,\n deflateInfo\n};\n\n/* Not implemented\nexports.deflateBound = deflateBound;\nexports.deflateCopy = deflateCopy;\nexports.deflateParams = deflateParams;\nexports.deflatePending = deflatePending;\nexports.deflatePrime = deflatePrime;\nexports.deflateTune = deflateTune;\n*/\n","// String encode/decode helpers\n\n\n\nimport * as utils from \"./common.js\";\n\n\n// Quick check if we can use fast array to bin string conversion\n//\n// - apply(Array) can fail on Android 2.2\n// - apply(Uint8Array) can fail on iOS 5.1 Safari\n//\nlet STR_APPLY_OK = true;\nlet STR_APPLY_UIA_OK = true;\n\ntry {\n String.fromCharCode.apply(null, [ 0 ]); \n} catch (__) {\n STR_APPLY_OK = false; \n}\ntry {\n String.fromCharCode.apply(null, new Uint8Array(1)); \n} catch (__) {\n STR_APPLY_UIA_OK = false; \n}\n\n\n// Table with utf8 lengths (calculated by first byte of sequence)\n// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,\n// because max possible codepoint is 0x10ffff\nconst _utf8len = new utils.Buf8(256);\nfor (let q = 0; q < 256; q++) {\n _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1;\n}\n_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start\n\n\n// convert string to array (typed, when possible)\nexport function string2buf (str) {\n let c, c2, m_pos, i, buf_len = 0;\n const str_len = str.length;\n\n // count binary size\n for (m_pos = 0; m_pos < str_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;\n }\n\n // allocate buffer\n const buf = new utils.Buf8(buf_len);\n\n // convert\n for (i = 0, m_pos = 0; i < buf_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n if (c < 0x80) {\n /* one byte */\n buf[i++] = c;\n } else if (c < 0x800) {\n /* two bytes */\n buf[i++] = 0xC0 | c >>> 6;\n buf[i++] = 0x80 | c & 0x3f;\n } else if (c < 0x10000) {\n /* three bytes */\n buf[i++] = 0xE0 | c >>> 12;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n } else {\n /* four bytes */\n buf[i++] = 0xf0 | c >>> 18;\n buf[i++] = 0x80 | c >>> 12 & 0x3f;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n }\n }\n\n return buf;\n}\n\n// Helper (used in 2 places)\nfunction _buf2binstring(buf, len) {\n // On Chrome, the arguments in a function call that are allowed is `65534`.\n // If the length of the buffer is smaller than that, we can use this optimization,\n // otherwise we will take a slower path.\n if (len < 65534) {\n if (buf.subarray && STR_APPLY_UIA_OK || !buf.subarray && STR_APPLY_OK) {\n return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));\n }\n }\n\n let result = \"\";\n for (let i = 0; i < len; i++) {\n result += String.fromCharCode(buf[i]);\n }\n return result;\n}\n\n\n// Convert byte array to binary string\nexport function buf2binstring (buf) {\n return _buf2binstring(buf, buf.length);\n}\n\n\n// Convert binary string (typed, when possible)\nexport function binstring2buf (str) {\n const buf = new utils.Buf8(str.length);\n for (let i = 0, len = buf.length; i < len; i++) {\n buf[i] = str.charCodeAt(i);\n }\n return buf;\n}\n\n\n// convert array to string\nexport function buf2string (buf, max) {\n let i, out, c, c_len;\n const len = max || buf.length;\n\n // Reserve max possible length (2 words per char)\n // NB: by unknown reasons, Array is significantly faster for\n // String.fromCharCode.apply than Uint16Array.\n // var utf16buf = new Array(len * 2);\n // try Uint16Array\n const utf16buf = new Uint16Array(len * 2);\n\n for (out = 0, i = 0; i < len;) {\n c = buf[i++];\n // quick process ascii\n if (c < 0x80) {\n utf16buf[out++] = c; continue; \n }\n\n c_len = _utf8len[c];\n // skip 5 & 6 byte codes\n if (c_len > 4) {\n utf16buf[out++] = 0xfffd; i += c_len - 1; continue; \n }\n\n // apply mask on first byte\n c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;\n // join the rest\n while (c_len > 1 && i < len) {\n c = c << 6 | buf[i++] & 0x3f;\n c_len--;\n }\n\n // terminated by end of string?\n if (c_len > 1) {\n utf16buf[out++] = 0xfffd; continue; \n }\n\n if (c < 0x10000) {\n utf16buf[out++] = c;\n } else {\n c -= 0x10000;\n utf16buf[out++] = 0xd800 | c >> 10 & 0x3ff;\n utf16buf[out++] = 0xdc00 | c & 0x3ff;\n }\n }\n\n return _buf2binstring(utf16buf, out);\n}\n\n\n// Calculate max possible position in utf8 buffer,\n// that will not break sequence. If that's not possible\n// - (very small limits) return max size as is.\n//\n// buf[] - utf8 bytes array\n// max - length limit (mandatory);\nexport function utf8border (buf, max) {\n let pos;\n\n max = max || buf.length;\n if (max > buf.length) {\n max = buf.length; \n }\n\n // go back from last position, until start of sequence found\n pos = max - 1;\n while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) {\n pos--; \n }\n\n // Very small and broken sequence,\n // return max, because we should return something anyway.\n if (pos < 0) {\n return max; \n }\n\n // If we came to start of buffer - that means buffer is too small,\n // return max too.\n if (pos === 0) {\n return max; \n }\n\n return pos + _utf8len[buf[pos]] > max ? pos : max;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class ZStream {\n constructor() {\n /* next input byte */\n this.input = null; // JS specific, because we have no pointers\n this.next_in = 0;\n /* number of bytes available at input */\n this.avail_in = 0;\n /* total number of input bytes read so far */\n this.total_in = 0;\n /* next output byte should be put there */\n this.output = null; // JS specific, because we have no pointers\n this.next_out = 0;\n /* remaining free space at output */\n this.avail_out = 0;\n /* total number of bytes output so far */\n this.total_out = 0;\n /* last error message, NULL if no error */\n this.msg = ''/*Z_NULL*/;\n /* not visible by applications */\n this.state = null;\n /* best guess about the data type: binary or text */\n this.data_type = 2/*Z_UNKNOWN*/;\n /* adler32 value of the uncompressed data */\n this.adler = 0;\n }\n}","'use strict';\n\nimport * as zlib_deflate from \"./zlib/deflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\nimport { Z_NO_FLUSH, Z_FINISH,\n Z_OK, Z_STREAM_END, Z_SYNC_FLUSH,\n Z_DEFAULT_COMPRESSION,\n Z_DEFAULT_STRATEGY,\n Z_DEFLATED } from \"./zlib/constants.js\"\n\n/* ===========================================================================*/\n\n\n/**\n * class Deflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[deflate]],\n * [[deflateRaw]] and [[gzip]].\n **/\n\n/* internal\n * Deflate.chunks -> Array\n *\n * Chunks of output data, if [[Deflate#onData]] not overridden.\n **/\n\n/**\n * Deflate.result -> Uint8Array|Array\n *\n * Compressed result, generated by default [[Deflate#onData]]\n * and [[Deflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Deflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Deflate.err -> Number\n *\n * Error code after deflate finished. 0 (Z_OK) on success.\n * You will not need it in real life, because deflate errors\n * are possible only on wrong options or bad `onData` / `onEnd`\n * custom handlers.\n **/\n\n/**\n * Deflate.msg -> String\n *\n * Error message, if [[Deflate.err]] != 0\n **/\n\n\n/**\n * new Deflate(options)\n * - options (Object): zlib deflate options.\n *\n * Creates new deflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `level`\n * - `windowBits`\n * - `memLevel`\n * - `strategy`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw deflate\n * - `gzip` (Boolean) - create gzip wrapper\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n * - `header` (Object) - custom header for gzip\n * - `text` (Boolean) - true if compressed data believed to be text\n * - `time` (Number) - modification time, unix timestamp\n * - `os` (Number) - operation system code\n * - `extra` (Array) - array of bytes with extra data (max 65536)\n * - `name` (String) - file name (binary string)\n * - `comment` (String) - comment (binary string)\n * - `hcrc` (Boolean) - true if header crc should be added\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var deflate = new pako.Deflate({ level: 3});\n *\n * deflate.push(chunk1, false);\n * deflate.push(chunk2, true); // true -> last chunk\n *\n * if (deflate.err) { throw new Error(deflate.err); }\n *\n * console.log(deflate.result);\n * ```\n **/\n\nclass Deflate {\n constructor(options) {\n this.options = {\n level: Z_DEFAULT_COMPRESSION,\n method: Z_DEFLATED,\n chunkSize: 16384,\n windowBits: 15,\n memLevel: 8,\n strategy: Z_DEFAULT_STRATEGY,\n ...(options || {})\n };\n\n const opt = this.options;\n\n if (opt.raw && (opt.windowBits > 0)) {\n opt.windowBits = -opt.windowBits;\n }\n\n else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) {\n opt.windowBits += 16;\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n var status = zlib_deflate.deflateInit2(\n this.strm,\n opt.level,\n opt.method,\n opt.windowBits,\n opt.memLevel,\n opt.strategy\n );\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n if (opt.header) {\n zlib_deflate.deflateSetHeader(this.strm, opt.header);\n }\n\n if (opt.dictionary) {\n let dict;\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n // If we need to compress text, change encoding to utf8.\n dict = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n dict = new Uint8Array(opt.dictionary);\n } else {\n dict = opt.dictionary;\n }\n\n status = zlib_deflate.deflateSetDictionary(this.strm, dict);\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n this._dict_set = true;\n }\n }\n\n /**\n * Deflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be\n * converted to utf8 byte sequence.\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with\n * new compressed chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the compression context.\n *\n * On fail call [[Deflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * array format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize } } = this;\n var status, _mode;\n\n if (this.ended) { return false; }\n\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // If we need to compress text, change encoding to utf8.\n strm.input = strings.string2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n status = zlib_deflate.deflate(strm, _mode); /* no bad return value */\n\n if (status !== Z_STREAM_END && status !== Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END);\n\n // Finalize on the last chunk.\n if (_mode === Z_FINISH) {\n status = zlib_deflate.deflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === Z_SYNC_FLUSH) {\n this.onEnd(Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n /**\n * Deflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n /**\n * Deflate#onEnd(status) -> Void\n * - status (Number): deflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called once after you tell deflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n\n\n\n/**\n * deflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * Compress `data` with deflate algorithm and `options`.\n *\n * Supported options are:\n *\n * - level\n * - windowBits\n * - memLevel\n * - strategy\n * - dictionary\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , data = Uint8Array([1,2,3,4,5,6,7,8,9]);\n *\n * console.log(pako.deflate(data));\n * ```\n **/\nfunction deflate(input, options) {\n const deflator = new Deflate(options);\n\n deflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (deflator.err) { throw new Error(deflator.msg || msg[deflator.err]); }\n\n return deflator.result;\n}\n\n\n/**\n * deflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction deflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return deflate(input, options);\n}\n\n\n/**\n * gzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but create gzip wrapper instead of\n * deflate one.\n **/\nfunction gzip(input, options) {\n options = options || {};\n options.gzip = true;\n return deflate(input, options);\n}\n\nexport { Deflate, deflate, deflateRaw, gzip };\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// See state defs from inflate.js\nconst BAD = 30; /* got a data error -- remain here until reset */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\n\n/*\n Decode literal, length, and distance codes and write out the resulting\n literal and match bytes until either not enough input or output is\n available, an end-of-block is encountered, or a data error is encountered.\n When large enough input and output buffers are supplied to inflate(), for\n example, a 16K input buffer and a 64K output buffer, more than 95% of the\n inflate execution time is spent in this routine.\n\n Entry assumptions:\n\n state.mode === LEN\n strm.avail_in >= 6\n strm.avail_out >= 258\n start >= strm.avail_out\n state.bits < 8\n\n On return, state.mode is one of:\n\n LEN -- ran out of enough output space or enough available input\n TYPE -- reached end of block code, inflate() to interpret next block\n BAD -- error in block data\n\n Notes:\n\n - The maximum input bits used by a length/distance pair is 15 bits for the\n length code, 5 bits for the length extra, 15 bits for the distance code,\n and 13 bits for the distance extra. This totals 48 bits, or six bytes.\n Therefore if strm.avail_in >= 6, then there is enough input to avoid\n checking for available input while decoding.\n\n - The maximum bytes that a single length/distance pair can output is 258\n bytes, which is the maximum length that can be coded. inflate_fast()\n requires strm.avail_out >= 258 for each loop to avoid checking for\n output space.\n */\nexport default function inflate_fast(strm, start) {\n let _in; /* local strm.input */\n let _out; /* local strm.output */\n // Use `s_window` instead `window`, avoid conflict with instrumentation tools\n let hold; /* local strm.hold */\n let bits; /* local strm.bits */\n let here; /* retrieved table entry */\n let op; /* code bits, operation, extra bits, or */\n /* window position, window bytes to copy */\n let len; /* match length, unused bytes */\n let dist; /* match distance */\n let from; /* where to copy match from */\n let from_source;\n\n\n\n /* copy state to local variables */\n const state = strm.state;\n //here = state.here;\n _in = strm.next_in;\n const input = strm.input;\n const last = _in + (strm.avail_in - 5);\n _out = strm.next_out;\n const output = strm.output;\n const beg = _out - (start - strm.avail_out);\n const end = _out + (strm.avail_out - 257);\n //#ifdef INFLATE_STRICT\n const dmax = state.dmax;\n //#endif\n const wsize = state.wsize;\n const whave = state.whave;\n const wnext = state.wnext;\n const s_window = state.window;\n hold = state.hold;\n bits = state.bits;\n const lcode = state.lencode;\n const dcode = state.distcode;\n const lmask = (1 << state.lenbits) - 1;\n const dmask = (1 << state.distbits) - 1;\n\n\n /* decode literals and length/distances until end-of-block or not enough\n input data or output space */\n\n top:\n do {\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n\n here = lcode[hold & lmask];\n\n dolen:\n for (;;) { // Goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n if (op === 0) { /* literal */\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n output[_out++] = here & 0xffff/*here.val*/;\n } else if (op & 16) { /* length base */\n len = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (op) {\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n len += hold & (1 << op) - 1;\n hold >>>= op;\n bits -= op;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", len));\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n here = dcode[hold & dmask];\n\n dodist:\n for (;;) { // goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n\n if (op & 16) { /* distance base */\n dist = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n }\n dist += hold & (1 << op) - 1;\n //#ifdef INFLATE_STRICT\n if (dist > dmax) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n //#endif\n hold >>>= op;\n bits -= op;\n //Tracevv((stderr, \"inflate: distance %u\\n\", dist));\n op = _out - beg; /* max distance in output */\n if (dist > op) { /* see if copy from window */\n op = dist - op; /* distance back in window */\n if (op > whave) {\n if (state.sane) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n // if (len <= op - whave) {\n // do {\n // output[_out++] = 0;\n // } while (--len);\n // continue top;\n // }\n // len -= op - whave;\n // do {\n // output[_out++] = 0;\n // } while (--op > whave);\n // if (op === 0) {\n // from = _out - dist;\n // do {\n // output[_out++] = output[from++];\n // } while (--len);\n // continue top;\n // }\n //#endif\n }\n from = 0; // window index\n from_source = s_window;\n if (wnext === 0) { /* very common case */\n from += wsize - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n } else if (wnext < op) { /* wrap around window */\n from += wsize + wnext - op;\n op -= wnext;\n if (op < len) { /* some from end of window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = 0;\n if (wnext < len) { /* some from start of window */\n op = wnext;\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n } else { /* contiguous in window */\n from += wnext - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n while (len > 2) {\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n len -= 3;\n }\n if (len) {\n output[_out++] = from_source[from++];\n if (len > 1) {\n output[_out++] = from_source[from++];\n }\n }\n } else {\n from = _out - dist; /* copy direct from output */\n do { /* minimum length is three */\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n len -= 3;\n } while (len > 2);\n if (len) {\n output[_out++] = output[from++];\n if (len > 1) {\n output[_out++] = output[from++];\n }\n }\n }\n } else if ((op & 64) === 0) { /* 2nd level distance code */\n here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dodist;\n } else {\n strm.msg = \"invalid distance code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } else if ((op & 64) === 0) { /* 2nd level length code */\n here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dolen;\n } else if (op & 32) { /* end-of-block */\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.mode = TYPE;\n break top;\n } else {\n strm.msg = \"invalid literal/length code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } while (_in < last && _out < end);\n\n /* return unused bytes (on entry, bits < 8, so in won't go too far back) */\n len = bits >> 3;\n _in -= len;\n bits -= len << 3;\n hold &= (1 << bits) - 1;\n\n /* update state and return */\n strm.next_in = _in;\n strm.next_out = _out;\n strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last);\n strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end);\n state.hold = hold;\n state.bits = bits;\n return;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\n\nconst MAXBITS = 15;\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\nconst lbase = [ /* Length codes 257..285 base */\n 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,\n 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0\n];\n\nconst lext = [ /* Length codes 257..285 extra */\n 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,\n 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78\n];\n\nconst dbase = [ /* Distance codes 0..29 base */\n 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,\n 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,\n 8193, 12289, 16385, 24577, 0, 0\n];\n\nconst dext = [ /* Distance codes 0..29 extra */\n 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,\n 23, 23, 24, 24, 25, 25, 26, 26, 27, 27,\n 28, 28, 29, 29, 64, 64\n];\n\nexport default function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) {\n const bits = opts.bits;\n //here = opts.here; /* table entry for duplication */\n\n let len = 0; /* a code's length in bits */\n let sym = 0; /* index of code symbols */\n let min = 0, max = 0; /* minimum and maximum code lengths */\n let root = 0; /* number of index bits for root table */\n let curr = 0; /* number of index bits for current table */\n let drop = 0; /* code bits to drop for sub-table */\n let left = 0; /* number of prefix codes available */\n let used = 0; /* code entries in table used */\n let huff = 0; /* Huffman code */\n let incr; /* for incrementing code, index */\n let fill; /* index for replicating entries */\n let low; /* low bits for current root entry */\n let next; /* next available space in table */\n let base = null; /* base value table to use */\n let base_index = 0;\n // var shoextra; /* extra bits table to use */\n let end; /* use base and extra for symbol > end */\n const count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */\n const offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */\n let extra = null;\n let extra_index = 0;\n\n let here_bits, here_op, here_val;\n\n /*\n Process a set of code lengths to create a canonical Huffman code. The\n code lengths are lens[0..codes-1]. Each length corresponds to the\n symbols 0..codes-1. The Huffman code is generated by first sorting the\n symbols by length from short to long, and retaining the symbol order\n for codes with equal lengths. Then the code starts with all zero bits\n for the first code of the shortest length, and the codes are integer\n increments for the same length, and zeros are appended as the length\n increases. For the deflate format, these bits are stored backwards\n from their more natural integer increment ordering, and so when the\n decoding tables are built in the large loop below, the integer codes\n are incremented backwards.\n\n This routine assumes, but does not check, that all of the entries in\n lens[] are in the range 0..MAXBITS. The caller must assure this.\n 1..MAXBITS is interpreted as that code length. zero means that that\n symbol does not occur in this code.\n\n The codes are sorted by computing a count of codes for each length,\n creating from that a table of starting indices for each length in the\n sorted table, and then entering the symbols in order in the sorted\n table. The sorted table is work[], with that space being provided by\n the caller.\n\n The length counts are used for other purposes as well, i.e. finding\n the minimum and maximum length codes, determining if there are any\n codes at all, checking for a valid set of lengths, and looking ahead\n at length counts to determine sub-table sizes when building the\n decoding tables.\n */\n\n /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */\n for (len = 0; len <= MAXBITS; len++) {\n count[len] = 0;\n }\n for (sym = 0; sym < codes; sym++) {\n count[lens[lens_index + sym]]++;\n }\n\n /* bound code lengths, force root to be within code lengths */\n root = bits;\n for (max = MAXBITS; max >= 1; max--) {\n if (count[max] !== 0) {\n break; \n }\n }\n if (root > max) {\n root = max;\n }\n if (max === 0) { /* no symbols to code at all */\n //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */\n //table.bits[opts.table_index] = 1; //here.bits = (var char)1;\n //table.val[opts.table_index++] = 0; //here.val = (var short)0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n\n //table.op[opts.table_index] = 64;\n //table.bits[opts.table_index] = 1;\n //table.val[opts.table_index++] = 0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n opts.bits = 1;\n return 0; /* no symbols, but wait for decoding to report error */\n }\n for (min = 1; min < max; min++) {\n if (count[min] !== 0) {\n break; \n }\n }\n if (root < min) {\n root = min;\n }\n\n /* check for an over-subscribed or incomplete set of lengths */\n left = 1;\n for (len = 1; len <= MAXBITS; len++) {\n left <<= 1;\n left -= count[len];\n if (left < 0) {\n return -1;\n } /* over-subscribed */\n }\n if (left > 0 && (type === CODES || max !== 1)) {\n return -1; /* incomplete set */\n }\n\n /* generate offsets into symbol table for each length for sorting */\n offs[1] = 0;\n for (len = 1; len < MAXBITS; len++) {\n offs[len + 1] = offs[len] + count[len];\n }\n\n /* sort symbols by length, by symbol order within each length */\n for (sym = 0; sym < codes; sym++) {\n if (lens[lens_index + sym] !== 0) {\n work[offs[lens[lens_index + sym]]++] = sym;\n }\n }\n\n /*\n Create and fill in decoding tables. In this loop, the table being\n filled is at next and has curr index bits. The code being used is huff\n with length len. That code is converted to an index by dropping drop\n bits off of the bottom. For codes where len is less than drop + curr,\n those top drop + curr - len bits are incremented through all values to\n fill the table with replicated entries.\n\n root is the number of index bits for the root table. When len exceeds\n root, sub-tables are created pointed to by the root entry with an index\n of the low root bits of huff. This is saved in low to check for when a\n new sub-table should be started. drop is zero when the root table is\n being filled, and drop is root when sub-tables are being filled.\n\n When a new sub-table is needed, it is necessary to look ahead in the\n code lengths to determine what size sub-table is needed. The length\n counts are used for this, and so count[] is decremented as codes are\n entered in the tables.\n\n used keeps track of how many table entries have been allocated from the\n provided *table space. It is checked for LENS and DIST tables against\n the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in\n the initial root table size constants. See the comments in inftrees.h\n for more information.\n\n sym increments through all symbols, and the loop terminates when\n all codes of length max, i.e. all codes, have been processed. This\n routine permits incomplete codes, so another loop after this one fills\n in the rest of the decoding tables with invalid code markers.\n */\n\n /* set up for code type */\n // poor man optimization - use if-else instead of switch,\n // to avoid deopts in old v8\n if (type === CODES) {\n base = extra = work; /* dummy value--not used */\n end = 19;\n\n } else if (type === LENS) {\n base = lbase;\n base_index -= 257;\n extra = lext;\n extra_index -= 257;\n end = 256;\n\n } else { /* DISTS */\n base = dbase;\n extra = dext;\n end = -1;\n }\n\n /* initialize opts for loop */\n huff = 0; /* starting code */\n sym = 0; /* starting code symbol */\n len = min; /* starting code length */\n next = table_index; /* current table to fill in */\n curr = root; /* current table index bits */\n drop = 0; /* current bits to drop from code for index */\n low = -1; /* trigger new sub-table when len > root */\n used = 1 << root; /* use root table entries */\n const mask = used - 1; /* mask for comparing low */\n\n /* check available table space */\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* process all codes and make table entries */\n for (;;) {\n /* create table entry */\n here_bits = len - drop;\n if (work[sym] < end) {\n here_op = 0;\n here_val = work[sym];\n } else if (work[sym] > end) {\n here_op = extra[extra_index + work[sym]];\n here_val = base[base_index + work[sym]];\n } else {\n here_op = 32 + 64; /* end of block */\n here_val = 0;\n }\n\n /* replicate for those indices with low len bits equal to huff */\n incr = 1 << len - drop;\n fill = 1 << curr;\n min = fill; /* save offset to next table */\n do {\n fill -= incr;\n table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0;\n } while (fill !== 0);\n\n /* backwards increment the len-bit code huff */\n incr = 1 << len - 1;\n while (huff & incr) {\n incr >>= 1;\n }\n if (incr !== 0) {\n huff &= incr - 1;\n huff += incr;\n } else {\n huff = 0;\n }\n\n /* go to next symbol, update count, len */\n sym++;\n if (--count[len] === 0) {\n if (len === max) {\n break; \n }\n len = lens[lens_index + work[sym]];\n }\n\n /* create new sub-table if needed */\n if (len > root && (huff & mask) !== low) {\n /* if first time, transition to sub-tables */\n if (drop === 0) {\n drop = root;\n }\n\n /* increment past last table */\n next += min; /* here min is 1 << curr */\n\n /* determine length of next table */\n curr = len - drop;\n left = 1 << curr;\n while (curr + drop < max) {\n left -= count[curr + drop];\n if (left <= 0) {\n break; \n }\n curr++;\n left <<= 1;\n }\n\n /* check for enough space */\n used += 1 << curr;\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* point entry in root table to sub-table */\n low = huff & mask;\n /*table.op[low] = curr;\n table.bits[low] = root;\n table.val[low] = next - opts.table_index;*/\n table[low] = root << 24 | curr << 16 | next - table_index |0;\n }\n }\n\n /* fill in remaining table entry if code is incomplete (guaranteed to have\n at most one remaining entry, since if the code is incomplete, the\n maximum code length that was allowed to get this far is one bit) */\n if (huff !== 0) {\n //table.op[next + huff] = 64; /* invalid code marker */\n //table.bits[next + huff] = len - drop;\n //table.val[next + huff] = 0;\n table[next + huff] = len - drop << 24 | 64 << 16 |0;\n }\n\n /* set return parameters */\n //opts.table_index += used;\n opts.bits = root;\n return 0;\n}\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport inflate_fast from \"./inffast.js\";\nimport inflate_table from \"./inftrees.js\";\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_FINISH,\n Z_BLOCK,\n Z_TREES,\n Z_OK,\n Z_STREAM_END,\n Z_NEED_DICT,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/* STATES ====================================================================*/\n/* ===========================================================================*/\n\n\nconst HEAD = 1; /* i: waiting for magic header */\nconst FLAGS = 2; /* i: waiting for method and flags (gzip) */\nconst TIME = 3; /* i: waiting for modification time (gzip) */\nconst OS = 4; /* i: waiting for extra flags and operating system (gzip) */\nconst EXLEN = 5; /* i: waiting for extra length (gzip) */\nconst EXTRA = 6; /* i: waiting for extra bytes (gzip) */\nconst NAME = 7; /* i: waiting for end of file name (gzip) */\nconst COMMENT = 8; /* i: waiting for end of comment (gzip) */\nconst HCRC = 9; /* i: waiting for header crc (gzip) */\nconst DICTID = 10; /* i: waiting for dictionary check value */\nconst DICT = 11; /* waiting for inflateSetDictionary() call */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\nconst TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */\nconst STORED = 14; /* i: waiting for stored size (length and complement) */\nconst COPY_ = 15; /* i/o: same as COPY below, but only first time in */\nconst COPY = 16; /* i/o: waiting for input or output to copy stored block */\nconst TABLE = 17; /* i: waiting for dynamic block table lengths */\nconst LENLENS = 18; /* i: waiting for code length code lengths */\nconst CODELENS = 19; /* i: waiting for length/lit and distance code lengths */\nconst LEN_ = 20; /* i: same as LEN below, but only first time in */\nconst LEN = 21; /* i: waiting for length/lit/eob code */\nconst LENEXT = 22; /* i: waiting for length extra bits */\nconst DIST = 23; /* i: waiting for distance code */\nconst DISTEXT = 24; /* i: waiting for distance extra bits */\nconst MATCH = 25; /* o: waiting for output space to copy string */\nconst LIT = 26; /* o: waiting for output space to write literal */\nconst CHECK = 27; /* i: waiting for 32-bit check value */\nconst LENGTH = 28; /* i: waiting for 32-bit length (gzip) */\nconst DONE = 29; /* finished check, done -- remain here until reset */\nconst BAD = 30; /* got a data error -- remain here until reset */\n//const MEM = 31; /* got an inflate() memory error -- remain here until reset */\nconst SYNC = 32; /* looking for synchronization bytes to restart inflate() */\n\n/* ===========================================================================*/\n\n\n\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_WBITS = MAX_WBITS;\n\n\nfunction zswap32(q) {\n return (((q >>> 24) & 0xff) +\n ((q >>> 8) & 0xff00) +\n ((q & 0xff00) << 8) +\n ((q & 0xff) << 24));\n}\n\n\nclass InflateState {\n constructor() {\n this.mode = 0; /* current inflate mode */\n this.last = false; /* true if processing last block */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.havedict = false; /* true if dictionary provided */\n this.flags = 0; /* gzip header method and flags (0 if zlib) */\n this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */\n this.check = 0; /* protected copy of check value */\n this.total = 0; /* protected copy of output count */\n // TODO: may be {}\n this.head = null; /* where to save gzip header information */\n\n /* sliding window */\n this.wbits = 0; /* log base 2 of requested window size */\n this.wsize = 0; /* window size or zero if not using window */\n this.whave = 0; /* valid bytes in the window */\n this.wnext = 0; /* window write index */\n this.window = null; /* allocated sliding window, if needed */\n\n /* bit accumulator */\n this.hold = 0; /* input bit accumulator */\n this.bits = 0; /* number of bits in \"in\" */\n\n /* for string and stored block copying */\n this.length = 0; /* literal or length of data to copy */\n this.offset = 0; /* distance back to copy string from */\n\n /* for table and code decoding */\n this.extra = 0; /* extra bits needed */\n\n /* fixed and dynamic code tables */\n this.lencode = null; /* starting table for length/literal codes */\n this.distcode = null; /* starting table for distance codes */\n this.lenbits = 0; /* index bits for lencode */\n this.distbits = 0; /* index bits for distcode */\n\n /* dynamic table building */\n this.ncode = 0; /* number of code length code lengths */\n this.nlen = 0; /* number of length code lengths */\n this.ndist = 0; /* number of distance code lengths */\n this.have = 0; /* number of code lengths in lens[] */\n this.next = null; /* next available space in codes[] */\n\n this.lens = new utils.Buf16(320); /* temporary storage for code lengths */\n this.work = new utils.Buf16(288); /* work area for code table building */\n\n /*\n because we don't have pointers in js, we use lencode and distcode directly\n as buffers so we don't need codes\n */\n //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */\n this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */\n this.distdyn = null; /* dynamic table for distance codes (JS specific) */\n this.sane = 0; /* if false, allow invalid distance too far */\n this.back = 0; /* bits back of last unprocessed length/lit */\n this.was = 0; /* initial length of match */\n }\n}\n\nfunction inflateResetKeep(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n strm.total_in = strm.total_out = state.total = 0;\n strm.msg = ''; /*Z_NULL*/\n if (state.wrap) { /* to support ill-conceived Java test suite */\n strm.adler = state.wrap & 1;\n }\n state.mode = HEAD;\n state.last = 0;\n state.havedict = 0;\n state.dmax = 32768;\n state.head = null/*Z_NULL*/;\n state.hold = 0;\n state.bits = 0;\n //state.lencode = state.distcode = state.next = state.codes;\n state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);\n state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);\n\n state.sane = 1;\n state.back = -1;\n //Tracev((stderr, \"inflate: reset\\n\"));\n return Z_OK;\n}\n\nfunction inflateReset(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n state.wsize = 0;\n state.whave = 0;\n state.wnext = 0;\n return inflateResetKeep(strm);\n\n}\n\nfunction inflateReset2(strm, windowBits) {\n let wrap;\n let state;\n\n /* get the state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n /* extract wrap request from windowBits parameter */\n if (windowBits < 0) {\n wrap = 0;\n windowBits = -windowBits;\n }\n else {\n wrap = (windowBits >> 4) + 1;\n if (windowBits < 48) {\n windowBits &= 15;\n }\n }\n\n /* set number of window bits, free window if different */\n if (windowBits && (windowBits < 8 || windowBits > 15)) {\n return Z_STREAM_ERROR;\n }\n if (state.window !== null && state.wbits !== windowBits) {\n state.window = null;\n }\n\n /* update state and reset the rest of it */\n state.wrap = wrap;\n state.wbits = windowBits;\n return inflateReset(strm);\n}\n\nfunction inflateInit2(strm, windowBits) {\n let ret;\n let state;\n\n if (!strm) { return Z_STREAM_ERROR; }\n //strm.msg = Z_NULL; /* in case we return an error */\n\n state = new InflateState();\n\n //if (state === Z_NULL) return Z_MEM_ERROR;\n //Tracev((stderr, \"inflate: allocated\\n\"));\n strm.state = state;\n state.window = null/*Z_NULL*/;\n ret = inflateReset2(strm, windowBits);\n if (ret !== Z_OK) {\n strm.state = null/*Z_NULL*/;\n }\n return ret;\n}\n\nfunction inflateInit(strm) {\n return inflateInit2(strm, DEF_WBITS);\n}\n\n\n/*\n Return state with length and distance decoding tables and index sizes set to\n fixed code decoding. Normally this returns fixed tables from inffixed.h.\n If BUILDFIXED is defined, then instead this routine builds the tables the\n first time it's called, and returns those tables the first time and\n thereafter. This reduces the size of the code by about 2K bytes, in\n exchange for a little execution time. However, BUILDFIXED should not be\n used for threaded applications, since the rewriting of the tables and virgin\n may not be thread-safe.\n */\nlet virgin = true;\n\nlet lenfix, distfix; // We have no pointers in JS, so keep tables separate\n\nfunction fixedtables(state) {\n /* build fixed huffman tables if first call (may not be thread safe) */\n if (virgin) {\n let sym;\n\n lenfix = new utils.Buf32(512);\n distfix = new utils.Buf32(32);\n\n /* literal/length table */\n sym = 0;\n while (sym < 144) { state.lens[sym++] = 8; }\n while (sym < 256) { state.lens[sym++] = 9; }\n while (sym < 280) { state.lens[sym++] = 7; }\n while (sym < 288) { state.lens[sym++] = 8; }\n\n inflate_table(LENS, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 });\n\n /* distance table */\n sym = 0;\n while (sym < 32) { state.lens[sym++] = 5; }\n\n inflate_table(DISTS, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 });\n\n /* do this just once */\n virgin = false;\n }\n\n state.lencode = lenfix;\n state.lenbits = 9;\n state.distcode = distfix;\n state.distbits = 5;\n}\n\n\n/*\n Update the window with the last wsize (normally 32K) bytes written before\n returning. If window does not exist yet, create it. This is only called\n when a window is already in use, or when output has been written during this\n inflate call, but the end of the deflate stream has not been reached yet.\n It is also called to create a window for dictionary data when a dictionary\n is loaded.\n\n Providing output buffers larger than 32K to inflate() should provide a speed\n advantage, since only the last 32K of output is copied to the sliding window\n upon return from inflate(), and since all distances after the first 32K of\n output will fall in the output data, making match copies simpler and faster.\n The advantage may be dependent on the size of the processor's data caches.\n */\nfunction updatewindow(strm, src, end, copy) {\n let dist;\n const state = strm.state;\n\n /* if it hasn't been done already, allocate space for the window */\n if (state.window === null) {\n state.wsize = 1 << state.wbits;\n state.wnext = 0;\n state.whave = 0;\n\n state.window = new utils.Buf8(state.wsize);\n }\n\n /* copy state->wsize or less output bytes into the circular window */\n if (copy >= state.wsize) {\n utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);\n state.wnext = 0;\n state.whave = state.wsize;\n }\n else {\n dist = state.wsize - state.wnext;\n if (dist > copy) {\n dist = copy;\n }\n //zmemcpy(state->window + state->wnext, end - copy, dist);\n utils.arraySet(state.window, src, end - copy, dist, state.wnext);\n copy -= dist;\n if (copy) {\n //zmemcpy(state->window, end - copy, copy);\n utils.arraySet(state.window, src, end - copy, copy, 0);\n state.wnext = copy;\n state.whave = state.wsize;\n }\n else {\n state.wnext += dist;\n if (state.wnext === state.wsize) { state.wnext = 0; }\n if (state.whave < state.wsize) { state.whave += dist; }\n }\n }\n return 0;\n}\n\nfunction inflate(strm, flush) {\n let state;\n let input, output; // input/output buffers\n let next; /* next input INDEX */\n let put; /* next output INDEX */\n let have, left; /* available input and output */\n let hold; /* bit buffer */\n let bits; /* bits in bit buffer */\n let _in, _out; /* save starting available input and output */\n let copy; /* number of stored or match bytes to copy */\n let from; /* where to copy match bytes from */\n let from_source;\n let here = 0; /* current decoding table entry */\n let here_bits, here_op, here_val; // paked \"here\" denormalized (JS specific)\n //var last; /* parent table entry */\n let last_bits, last_op, last_val; // paked \"last\" denormalized (JS specific)\n let len; /* length to copy for repeats, bits to drop */\n let ret; /* return code */\n let hbuf = new utils.Buf8(4); /* buffer for gzip header crc calculation */\n let opts;\n\n let n; // temporary var for NEED_BITS\n\n const order = /* permutation of code lengths */\n [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];\n\n\n if (!strm || !strm.state || !strm.output ||\n (!strm.input && strm.avail_in !== 0)) {\n return Z_STREAM_ERROR;\n }\n\n state = strm.state;\n if (state.mode === TYPE) { state.mode = TYPEDO; } /* skip check */\n\n\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n _in = have;\n _out = left;\n ret = Z_OK;\n\n inf_leave: // goto emulation\n for (;;) {\n switch (state.mode) {\n case HEAD:\n if (state.wrap === 0) {\n state.mode = TYPEDO;\n break;\n }\n //=== NEEDBITS(16);\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */\n state.check = 0/*crc32(0L, Z_NULL, 0)*/;\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = FLAGS;\n break;\n }\n state.flags = 0; /* expect zlib header */\n if (state.head) {\n state.head.done = false;\n }\n if (!(state.wrap & 1) || /* check if zlib header allowed */\n (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {\n strm.msg = 'incorrect header check';\n state.mode = BAD;\n break;\n }\n if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n len = (hold & 0x0f)/*BITS(4)*/ + 8;\n if (state.wbits === 0) {\n state.wbits = len;\n }\n else if (len > state.wbits) {\n strm.msg = 'invalid window size';\n state.mode = BAD;\n break;\n }\n state.dmax = 1 << len;\n //Tracev((stderr, \"inflate: zlib header ok\\n\"));\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = hold & 0x200 ? DICTID : TYPE;\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n break;\n case FLAGS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.flags = hold;\n if ((state.flags & 0xff) !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n if (state.flags & 0xe000) {\n strm.msg = 'unknown header flags set';\n state.mode = BAD;\n break;\n }\n if (state.head) {\n state.head.text = ((hold >> 8) & 1);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = TIME;\n /* falls through */\n case TIME:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.time = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC4(state.check, hold)\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n hbuf[2] = (hold >>> 16) & 0xff;\n hbuf[3] = (hold >>> 24) & 0xff;\n state.check = crc32(state.check, hbuf, 4, 0);\n //===\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = OS;\n /* falls through */\n case OS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.xflags = (hold & 0xff);\n state.head.os = (hold >> 8);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = EXLEN;\n /* falls through */\n case EXLEN:\n if (state.flags & 0x0400) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length = hold;\n if (state.head) {\n state.head.extra_len = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n else if (state.head) {\n state.head.extra = null/*Z_NULL*/;\n }\n state.mode = EXTRA;\n /* falls through */\n case EXTRA:\n if (state.flags & 0x0400) {\n copy = state.length;\n if (copy > have) { copy = have; }\n if (copy) {\n if (state.head) {\n len = state.head.extra_len - state.length;\n if (!state.head.extra) {\n // Use untyped array for more convenient processing later\n state.head.extra = new Array(state.head.extra_len);\n }\n utils.arraySet(\n state.head.extra,\n input,\n next,\n // extra field is limited to 65536 bytes\n // - no need for additional size check\n copy,\n /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/\n len\n );\n //zmemcpy(state.head.extra + len, next,\n // len + copy > state.head.extra_max ?\n // state.head.extra_max - len : copy);\n }\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n state.length -= copy;\n }\n if (state.length) { break inf_leave; }\n }\n state.length = 0;\n state.mode = NAME;\n /* falls through */\n case NAME:\n if (state.flags & 0x0800) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n // TODO: 2 or 1 bytes?\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.name_max*/)) {\n state.head.name += String.fromCharCode(len);\n }\n } while (len && copy < have);\n\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.name = null;\n }\n state.length = 0;\n state.mode = COMMENT;\n /* falls through */\n case COMMENT:\n if (state.flags & 0x1000) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.comm_max*/)) {\n state.head.comment += String.fromCharCode(len);\n }\n } while (len && copy < have);\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.comment = null;\n }\n state.mode = HCRC;\n /* falls through */\n case HCRC:\n if (state.flags & 0x0200) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.check & 0xffff)) {\n strm.msg = 'header crc mismatch';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n if (state.head) {\n state.head.hcrc = ((state.flags >> 9) & 1);\n state.head.done = true;\n }\n strm.adler = state.check = 0;\n state.mode = TYPE;\n break;\n case DICTID:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n strm.adler = state.check = zswap32(hold);\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = DICT;\n /* falls through */\n case DICT:\n if (state.havedict === 0) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n return Z_NEED_DICT;\n }\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = TYPE;\n /* falls through */\n case TYPE:\n if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case TYPEDO:\n if (state.last) {\n //--- BYTEBITS() ---//\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n state.mode = CHECK;\n break;\n }\n //=== NEEDBITS(3); */\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.last = (hold & 0x01)/*BITS(1)*/;\n //--- DROPBITS(1) ---//\n hold >>>= 1;\n bits -= 1;\n //---//\n\n switch ((hold & 0x03)/*BITS(2)*/) {\n case 0: /* stored block */\n //Tracev((stderr, \"inflate: stored block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = STORED;\n break;\n case 1: /* fixed block */\n fixedtables(state);\n //Tracev((stderr, \"inflate: fixed codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = LEN_; /* decode codes */\n if (flush === Z_TREES) {\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break inf_leave;\n }\n break;\n case 2: /* dynamic block */\n //Tracev((stderr, \"inflate: dynamic codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = TABLE;\n break;\n case 3:\n strm.msg = 'invalid block type';\n state.mode = BAD;\n }\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break;\n case STORED:\n //--- BYTEBITS() ---// /* go to byte boundary */\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {\n strm.msg = 'invalid stored block lengths';\n state.mode = BAD;\n break;\n }\n state.length = hold & 0xffff;\n //Tracev((stderr, \"inflate: stored length %u\\n\",\n // state.length));\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = COPY_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case COPY_:\n state.mode = COPY;\n /* falls through */\n case COPY:\n copy = state.length;\n if (copy) {\n if (copy > have) { copy = have; }\n if (copy > left) { copy = left; }\n if (copy === 0) { break inf_leave; }\n //--- zmemcpy(put, next, copy); ---\n utils.arraySet(output, input, next, copy, put);\n //---//\n have -= copy;\n next += copy;\n left -= copy;\n put += copy;\n state.length -= copy;\n break;\n }\n //Tracev((stderr, \"inflate: stored end\\n\"));\n state.mode = TYPE;\n break;\n case TABLE:\n //=== NEEDBITS(14); */\n while (bits < 14) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n//#ifndef PKZIP_BUG_WORKAROUND\n if (state.nlen > 286 || state.ndist > 30) {\n strm.msg = 'too many length or distance symbols';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracev((stderr, \"inflate: table sizes ok\\n\"));\n state.have = 0;\n state.mode = LENLENS;\n /* falls through */\n case LENLENS:\n while (state.have < state.ncode) {\n //=== NEEDBITS(3);\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n while (state.have < 19) {\n state.lens[order[state.have++]] = 0;\n }\n // We have separate tables & no pointers. 2 commented lines below not needed.\n //state.next = state.codes;\n //state.lencode = state.next;\n // Switch to use dynamic table\n state.lencode = state.lendyn;\n state.lenbits = 7;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);\n state.lenbits = opts.bits;\n\n if (ret) {\n strm.msg = 'invalid code lengths set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, \"inflate: code lengths ok\\n\"));\n state.have = 0;\n state.mode = CODELENS;\n /* falls through */\n case CODELENS:\n while (state.have < state.nlen + state.ndist) {\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_val < 16) {\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.lens[state.have++] = here_val;\n }\n else {\n if (here_val === 16) {\n //=== NEEDBITS(here.bits + 2);\n n = here_bits + 2;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n if (state.have === 0) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n len = state.lens[state.have - 1];\n copy = 3 + (hold & 0x03);//BITS(2);\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n }\n else if (here_val === 17) {\n //=== NEEDBITS(here.bits + 3);\n n = here_bits + 3;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 3 + (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n else {\n //=== NEEDBITS(here.bits + 7);\n n = here_bits + 7;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 11 + (hold & 0x7f);//BITS(7);\n //--- DROPBITS(7) ---//\n hold >>>= 7;\n bits -= 7;\n //---//\n }\n if (state.have + copy > state.nlen + state.ndist) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n while (copy--) {\n state.lens[state.have++] = len;\n }\n }\n }\n\n /* handle error breaks in while */\n if (state.mode === BAD) { break; }\n\n /* check for end-of-block code (better have one) */\n if (state.lens[256] === 0) {\n strm.msg = 'invalid code -- missing end-of-block';\n state.mode = BAD;\n break;\n }\n\n /* build code tables -- note: do not change the lenbits or distbits\n values here (9 and 6) without reading the comments in inftrees.h\n concerning the ENOUGH constants, which depend on those values */\n state.lenbits = 9;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.lenbits = opts.bits;\n // state.lencode = state.next;\n\n if (ret) {\n strm.msg = 'invalid literal/lengths set';\n state.mode = BAD;\n break;\n }\n\n state.distbits = 6;\n //state.distcode.copy(state.codes);\n // Switch to use dynamic table\n state.distcode = state.distdyn;\n opts = { bits: state.distbits };\n ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.distbits = opts.bits;\n // state.distcode = state.next;\n\n if (ret) {\n strm.msg = 'invalid distances set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, 'inflate: codes ok\\n'));\n state.mode = LEN_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case LEN_:\n state.mode = LEN;\n /* falls through */\n case LEN:\n if (have >= 6 && left >= 258) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n inflate_fast(strm, _out);\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n if (state.mode === TYPE) {\n state.back = -1;\n }\n break;\n }\n state.back = 0;\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if (here_bits <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_op && (here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.lencode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n state.length = here_val;\n if (here_op === 0) {\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n state.mode = LIT;\n break;\n }\n if (here_op & 32) {\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.back = -1;\n state.mode = TYPE;\n break;\n }\n if (here_op & 64) {\n strm.msg = 'invalid literal/length code';\n state.mode = BAD;\n break;\n }\n state.extra = here_op & 15;\n state.mode = LENEXT;\n /* falls through */\n case LENEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", state.length));\n state.was = state.length;\n state.mode = DIST;\n /* falls through */\n case DIST:\n for (;;) {\n here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if ((here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.distcode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n if (here_op & 64) {\n strm.msg = 'invalid distance code';\n state.mode = BAD;\n break;\n }\n state.offset = here_val;\n state.extra = (here_op) & 15;\n state.mode = DISTEXT;\n /* falls through */\n case DISTEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n//#ifdef INFLATE_STRICT\n if (state.offset > state.dmax) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracevv((stderr, \"inflate: distance %u\\n\", state.offset));\n state.mode = MATCH;\n /* falls through */\n case MATCH:\n if (left === 0) { break inf_leave; }\n copy = _out - left;\n if (state.offset > copy) { /* copy from window */\n copy = state.offset - copy;\n if (copy > state.whave) {\n if (state.sane) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n// (!) This block is disabled in zlib defaults,\n// don't enable it for binary compatibility\n//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n// Trace((stderr, \"inflate.c too far\\n\"));\n// copy -= state.whave;\n// if (copy > state.length) { copy = state.length; }\n// if (copy > left) { copy = left; }\n// left -= copy;\n// state.length -= copy;\n// do {\n// output[put++] = 0;\n// } while (--copy);\n// if (state.length === 0) { state.mode = LEN; }\n// break;\n//#endif\n }\n if (copy > state.wnext) {\n copy -= state.wnext;\n from = state.wsize - copy;\n }\n else {\n from = state.wnext - copy;\n }\n if (copy > state.length) { copy = state.length; }\n from_source = state.window;\n }\n else { /* copy from output */\n from_source = output;\n from = put - state.offset;\n copy = state.length;\n }\n if (copy > left) { copy = left; }\n left -= copy;\n state.length -= copy;\n do {\n output[put++] = from_source[from++];\n } while (--copy);\n if (state.length === 0) { state.mode = LEN; }\n break;\n case LIT:\n if (left === 0) { break inf_leave; }\n output[put++] = state.length;\n left--;\n state.mode = LEN;\n break;\n case CHECK:\n if (state.wrap) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n // Use '|' instead of '+' to make sure that result is signed\n hold |= input[next++] << bits;\n bits += 8;\n }\n //===//\n _out -= left;\n strm.total_out += _out;\n state.total += _out;\n if (_out) {\n strm.adler = state.check =\n /*UPDATE(state.check, put - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));\n\n }\n _out = left;\n // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too\n if ((state.flags ? hold : zswap32(hold)) !== state.check) {\n strm.msg = 'incorrect data check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: check matches trailer\\n\"));\n }\n state.mode = LENGTH;\n /* falls through */\n case LENGTH:\n if (state.wrap && state.flags) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.total & 0xffffffff)) {\n strm.msg = 'incorrect length check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: length matches trailer\\n\"));\n }\n state.mode = DONE;\n /* falls through */\n case DONE:\n ret = Z_STREAM_END;\n break inf_leave;\n case BAD:\n ret = Z_DATA_ERROR;\n break inf_leave;\n // case MEM:\n // return Z_MEM_ERROR;\n case SYNC:\n /* falls through */\n default:\n return Z_STREAM_ERROR;\n }\n }\n\n // inf_leave <- here is real place for \"goto inf_leave\", emulated via \"break inf_leave\"\n\n /*\n Return from inflate(), updating the total counts and the check value.\n If there was no progress during the inflate() call, return a buffer\n error. Call updatewindow() to create and/or update the window state.\n Note: a memory error from inflate() is non-recoverable.\n */\n\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n\n if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&\n (state.mode < CHECK || flush !== Z_FINISH))) {\n if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n }\n }\n _in -= strm.avail_in;\n _out -= strm.avail_out;\n strm.total_in += _in;\n strm.total_out += _out;\n state.total += _out;\n if (state.wrap && _out) {\n strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));\n }\n strm.data_type = state.bits + (state.last ? 64 : 0) +\n (state.mode === TYPE ? 128 : 0) +\n (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);\n if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {\n ret = Z_BUF_ERROR;\n }\n return ret;\n}\n\nfunction inflateEnd(strm) {\n\n if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {\n return Z_STREAM_ERROR;\n }\n\n const state = strm.state;\n if (state.window) {\n state.window = null;\n }\n strm.state = null;\n return Z_OK;\n}\n\nfunction inflateGetHeader(strm, head) {\n let state;\n\n /* check state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }\n\n /* save header structure */\n state.head = head;\n head.done = false;\n return Z_OK;\n}\n\nfunction inflateSetDictionary(strm, dictionary) {\n const dictLength = dictionary.length;\n\n let state;\n let dictid;\n let ret;\n\n /* check state */\n if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n if (state.wrap !== 0 && state.mode !== DICT) {\n return Z_STREAM_ERROR;\n }\n\n /* check for correct dictionary identifier */\n if (state.mode === DICT) {\n dictid = 1; /* adler32(0, null, 0)*/\n /* dictid = adler32(dictid, dictionary, dictLength); */\n dictid = adler32(dictid, dictionary, dictLength, 0);\n if (dictid !== state.check) {\n return Z_DATA_ERROR;\n }\n }\n /* copy dictionary to window using updatewindow(), which will amend the\n existing dictionary if appropriate */\n ret = updatewindow(strm, dictionary, dictLength, dictLength);\n // if (ret) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n // }\n state.havedict = 1;\n // Tracev((stderr, \"inflate: dictionary set\\n\"));\n return Z_OK;\n}\n\nconst inflateInfo = 'pako inflate (from Nodeca project)';\n\nexport {\n inflateReset,\n inflateReset2,\n inflateResetKeep,\n inflateInit,\n inflateInit2,\n inflate,\n inflateEnd,\n inflateGetHeader,\n inflateSetDictionary,\n inflateInfo\n};\n\n/* Not implemented\nexports.inflateCopy = inflateCopy;\nexports.inflateGetDictionary = inflateGetDictionary;\nexports.inflateMark = inflateMark;\nexports.inflatePrime = inflatePrime;\nexports.inflateSync = inflateSync;\nexports.inflateSyncPoint = inflateSyncPoint;\nexports.inflateUndermine = inflateUndermine;\n*/\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class GZheader {\n constructor() {\n /* true if compressed data believed to be text */\n this.text = 0;\n /* modification time */\n this.time = 0;\n /* extra flags (not used when writing a gzip file) */\n this.xflags = 0;\n /* operating system */\n this.os = 0;\n /* pointer to extra field or Z_NULL if none */\n this.extra = null;\n /* extra field length (valid if extra != Z_NULL) */\n this.extra_len = 0; // Actually, we don't need it in JS,\n // but leave for few code modifications\n\n //\n // Setup limits is not necessary because in js we should not preallocate memory\n // for inflate use constant limit in 65536 bytes\n //\n\n /* space at extra (only when reading header) */\n // this.extra_max = 0;\n /* pointer to zero-terminated file name or Z_NULL */\n this.name = '';\n /* space at name (only when reading header) */\n // this.name_max = 0;\n /* pointer to zero-terminated comment or Z_NULL */\n this.comment = '';\n /* space at comment (only when reading header) */\n // this.comm_max = 0;\n /* true if there was or will be a header crc */\n this.hcrc = 0;\n /* true when done reading gzip header (not used when writing a gzip file) */\n this.done = false;\n }\n}","'use strict';\n\nimport * as zlib_inflate from \"./zlib/inflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport * as c from \"./zlib/constants.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\nimport GZheader from \"./zlib/gzheader.js\";\n\n/**\n * class Inflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[inflate]]\n * and [[inflateRaw]].\n **/\n\n/* internal\n * inflate.chunks -> Array\n *\n * Chunks of output data, if [[Inflate#onData]] not overridden.\n **/\n\n/**\n * Inflate.result -> Uint8Array|Array|String\n *\n * Uncompressed result, generated by default [[Inflate#onData]]\n * and [[Inflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Inflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Inflate.err -> Number\n *\n * Error code after inflate finished. 0 (Z_OK) on success.\n * Should be checked if broken data possible.\n **/\n\n/**\n * Inflate.msg -> String\n *\n * Error message, if [[Inflate.err]] != 0\n **/\n\n\n/**\n * new Inflate(options)\n * - options (Object): zlib inflate options.\n *\n * Creates new inflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `windowBits`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw inflate\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n * By default, when no options set, autodetect deflate/gzip data format via\n * wrapper header.\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var inflate = new pako.Inflate({ level: 3});\n *\n * inflate.push(chunk1, false);\n * inflate.push(chunk2, true); // true -> last chunk\n *\n * if (inflate.err) { throw new Error(inflate.err); }\n *\n * console.log(inflate.result);\n * ```\n **/\nclass Inflate {\n constructor(options) {\n this.options = {\n chunkSize: 16384,\n windowBits: 0,\n ...(options || {})\n };\n\n const opt = this.options;\n\n // Force window size for `raw` data, if not set directly,\n // because we have no header for autodetect.\n if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {\n opt.windowBits = -opt.windowBits;\n if (opt.windowBits === 0) { opt.windowBits = -15; }\n }\n\n // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate\n if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&\n !(options && options.windowBits)) {\n opt.windowBits += 32;\n }\n\n // Gzip header has no info about windows size, we can do autodetect only\n // for deflate. So, if window size not set, force it to max when gzip possible\n if ((opt.windowBits > 15) && (opt.windowBits < 48)) {\n // bit 3 (16) -> gzipped data\n // bit 4 (32) -> autodetect gzip/deflate\n if ((opt.windowBits & 15) === 0) {\n opt.windowBits |= 15;\n }\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n let status = zlib_inflate.inflateInit2(\n this.strm,\n opt.windowBits\n );\n\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n\n this.header = new GZheader();\n\n zlib_inflate.inflateGetHeader(this.strm, this.header);\n\n // Setup dictionary\n if (opt.dictionary) {\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n opt.dictionary = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n opt.dictionary = new Uint8Array(opt.dictionary);\n }\n if (opt.raw) { //In raw mode we need to set the dictionary early\n status = zlib_inflate.inflateSetDictionary(this.strm, opt.dictionary);\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n }\n }\n }\n /**\n * Inflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with\n * new output chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the decompression context.\n *\n * On fail call [[Inflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize, dictionary } } = this;\n let status, _mode;\n let next_out_utf8, tail, utf8str;\n\n // Flag to properly process Z_BUF_ERROR on testing inflate call\n // when we check that all output data was flushed.\n let allowBufError = false;\n\n if (this.ended) { return false; }\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // Only binary strings can be decompressed on practice\n strm.input = strings.binstring2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n\n status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH); /* no bad return value */\n\n if (status === c.Z_NEED_DICT && dictionary) {\n status = zlib_inflate.inflateSetDictionary(this.strm, dictionary);\n }\n\n if (status === c.Z_BUF_ERROR && allowBufError === true) {\n status = c.Z_OK;\n allowBufError = false;\n }\n\n if (status !== c.Z_STREAM_END && status !== c.Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n\n if (strm.next_out) {\n if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n }\n\n // When no more input data, we should check that internal inflate buffers\n // are flushed. The only way to do it when avail_out = 0 - run one more\n // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.\n // Here we set flag to process this error properly.\n //\n // NOTE. Deflate does not return error in this case and does not needs such\n // logic.\n if (strm.avail_in === 0 && strm.avail_out === 0) {\n allowBufError = true;\n }\n\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);\n\n if (status === c.Z_STREAM_END) {\n _mode = c.Z_FINISH;\n }\n\n // Finalize on the last chunk.\n if (_mode === c.Z_FINISH) {\n status = zlib_inflate.inflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === c.Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === c.Z_SYNC_FLUSH) {\n this.onEnd(c.Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n\n /**\n * Inflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n\n\n /**\n * Inflate#onEnd(status) -> Void\n * - status (Number): inflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called either after you tell inflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === c.Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n/**\n * inflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Decompress `data` with inflate/ungzip and `options`. Autodetect\n * format via wrapper header by default. That's why we don't provide\n * separate `ungzip` method.\n *\n * Supported options are:\n *\n * - windowBits\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , input = pako.deflate([1,2,3,4,5,6,7,8,9])\n * , output;\n *\n * try {\n * output = pako.inflate(input);\n * } catch (err)\n * console.log(err);\n * }\n * ```\n **/\nfunction inflate(input, options) {\n const inflator = new Inflate(options);\n\n inflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (inflator.err) { throw new Error(inflator.msg || msg[inflator.err]); }\n\n return inflator.result;\n}\n\n\n/**\n * inflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * The same as [[inflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction inflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return inflate(input, options);\n}\n\n\n/**\n * ungzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Just shortcut to [[inflate]], because it autodetects format\n * by header.content. Done for convenience.\n **/\n\nexport { Inflate, inflate, inflateRaw, inflate as ungzip };\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuer,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.signedHashValue = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n this.params = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length));\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false) {\n if (key.version === 5) {\n this.version = 5;\n } else {\n this.version = 4;\n }\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = [];\n this.unhashedSubpackets.forEach(data => {\n arr.push(writeSimpleLength(data.length));\n arr.push(data);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n // V4 signature sub packets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n if (!hashed) {\n this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n mypos++;\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuer:\n // Issuer\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion === 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n default: {\n const err = new Error(`Unknown signature subpacket type ${type}`);\n if (critical) {\n throw err;\n } else {\n util.printDebug(err);\n }\n }\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, 2));\n\n let i = 2;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n constructor() {\n /** A one-octet version number. The current version is 3. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** An eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current version is 3.\n this.version = bytes[mypos++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n // An eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]);\n\n const end = new Uint8Array([this.flags]);\n\n return util.concatUint8Array([start, this.issuerKeyID.write(), end]);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID)\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnsupportedError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Deflate } from '@openpgp/pako/lib/deflate';\nimport { Inflate } from '@openpgp/pako/lib/inflate';\nimport { Z_SYNC_FLUSH, Z_FINISH } from '@openpgp/pako/lib/zlib/constants';\nimport { decode as BunzipDecode } from '@openpgp/seek-bzip';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n\n /**\n * zip/zlib compression level, between 1 and 9\n */\n this.deflateLevel = config.deflateLevel;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName];\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write(), this.deflateLevel);\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nconst nodeZlib = util.getNodeZlib();\n\nfunction uncompressed(data) {\n return data;\n}\n\nfunction node_zlib(func, create, options = {}) {\n return function (data) {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(data => {\n return new Promise((resolve, reject) => {\n func(data, options, (err, result) => {\n if (err) return reject(err);\n resolve(result);\n });\n });\n }));\n }\n return stream.nodeToWeb(stream.webToNode(data).pipe(create(options)));\n };\n}\n\nfunction pako_zlib(constructor, options = {}) {\n return function(data) {\n const obj = new constructor(options);\n return stream.transform(data, value => {\n if (value.length) {\n obj.push(value, Z_SYNC_FLUSH);\n return obj.result;\n }\n }, () => {\n if (constructor === Deflate) {\n obj.push([], Z_FINISH);\n return obj.result;\n }\n });\n };\n}\n\nfunction bzip2(func) {\n return function(data) {\n return stream.fromAsync(async () => func(await stream.readToEnd(data)));\n };\n}\n\nconst compress_fns = nodeZlib ? {\n zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed)\n} : {\n zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed)\n};\n\nconst decompress_fns = nodeZlib ? {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw),\n zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n} : {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }),\n zlib: /*#__PURE__*/ pako_zlib(Inflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n constructor() {\n this.version = VERSION;\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n // - A one-octet version number. The only currently defined value is 1.\n if (version !== VERSION) {\n throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`);\n }\n\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n return util.concat([new Uint8Array([VERSION]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n let packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await this.crypt('decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await this.crypt('encrypt', key, data);\n }\n\n /**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\n async crypt(fn, key, data) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const modeInstance = await mode(this.cipherAlgorithm, key);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const adataBuffer = new ArrayBuffer(21);\n const adataArray = new Uint8Array(adataBuffer, 0, 13);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n const iv = this.iv;\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new stream.TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray);\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...)\n cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray);\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = 3;\n\n this.publicKeyID = new KeyID();\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n i += this.publicKeyID.read(bytes.subarray(i));\n this.publicKeyAlgorithm = bytes[i++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version);\n if (this.publicKeyAlgorithm === enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version]),\n this.publicKeyID.write(),\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n // v3 Montgomery curves have cleartext cipher algo\n if (this.publicKeyAlgorithm !== enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = sessionKeyAlgorithm;\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // add checksum\n return util.concatUint8Array([\n new Uint8Array([cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n }\n case enums.publicKey.x25519:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm);\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n return {\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n * @private\n */\n\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport { UnsupportedError } from '../packet/packet';\nimport util from '../util';\n\nclass S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = 'iterated';\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n try {\n this.type = enums.read(enums.s2k, bytes[i++]);\n } catch (err) {\n throw new UnsupportedError('Unknown S2K type.');\n }\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport S2K from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 5 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = enums.symmetric.aes256;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number. The only currently defined version is 4.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version === 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n this.s2k = new S2K();\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version === 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, key);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n } else {\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const encryptionKey = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v5Keys ? 5 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes) {\n let pos = 0;\n // A one-octet version number (3, 4 or 5).\n this.version = bytes[pos++];\n\n if (this.version === 4 || this.version === 5) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version === 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version === 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n if (version === 5) {\n return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]);\n }\n return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version === 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version === 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport S2K from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n this.s2k = new S2K();\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipher(this.symmetric).blockSize\n );\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n const cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...this.s2k.write());\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = new S2K(config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n\n const { blockSize } = crypto.getCipher(this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = enums.aead.eax;\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } else {\n this.s2kUsage = 254;\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\nasync function produceEncryptionKey(s2k, passphrase, algorithm) {\n const { keySize } = crypto.getCipher(algorithm);\n return s2k.produceKey(passphrase, keySize);\n}\n\nexport default SecretKeyPacket;\n","\n// email-addresses.js - RFC 5322 email address parser\n// v 3.1.0\n//\n// http://tools.ietf.org/html/rfc5322\n//\n// This library does not validate email addresses.\n// emailAddresses attempts to parse addresses using the (fairly liberal)\n// grammar specified in RFC 5322.\n//\n// email-addresses returns {\n// ast: ,\n// addresses: [{\n// node: ,\n// name: ,\n// address: ,\n// local: ,\n// domain: \n// }, ...]\n// }\n//\n// emailAddresses.parseOneAddress and emailAddresses.parseAddressList\n// work as you might expect. Try it out.\n//\n// Many thanks to Dominic Sayers and his documentation on the is_email function,\n// http://code.google.com/p/isemail/ , which helped greatly in writing this parser.\n\n(function (global) {\n\"use strict\";\n\nfunction parse5322(opts) {\n\n // tokenizing functions\n\n function inStr() { return pos < len; }\n function curTok() { return parseString[pos]; }\n function getPos() { return pos; }\n function setPos(i) { pos = i; }\n function nextTok() { pos += 1; }\n function initialize() {\n pos = 0;\n len = parseString.length;\n }\n\n // parser helper functions\n\n function o(name, value) {\n return {\n name: name,\n tokens: value || \"\",\n semantic: value || \"\",\n children: []\n };\n }\n\n function wrap(name, ast) {\n var n;\n if (ast === null) { return null; }\n n = o(name);\n n.tokens = ast.tokens;\n n.semantic = ast.semantic;\n n.children.push(ast);\n return n;\n }\n\n function add(parent, child) {\n if (child !== null) {\n parent.tokens += child.tokens;\n parent.semantic += child.semantic;\n }\n parent.children.push(child);\n return parent;\n }\n\n function compareToken(fxnCompare) {\n var tok;\n if (!inStr()) { return null; }\n tok = curTok();\n if (fxnCompare(tok)) {\n nextTok();\n return o('token', tok);\n }\n return null;\n }\n\n function literal(lit) {\n return function literalFunc() {\n return wrap('literal', compareToken(function (tok) {\n return tok === lit;\n }));\n };\n }\n\n function and() {\n var args = arguments;\n return function andFunc() {\n var i, s, result, start;\n start = getPos();\n s = o('and');\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result === null) {\n setPos(start);\n return null;\n }\n add(s, result);\n }\n return s;\n };\n }\n\n function or() {\n var args = arguments;\n return function orFunc() {\n var i, result, start;\n start = getPos();\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result !== null) {\n return result;\n }\n setPos(start);\n }\n return null;\n };\n }\n\n function opt(prod) {\n return function optFunc() {\n var result, start;\n start = getPos();\n result = prod();\n if (result !== null) {\n return result;\n }\n else {\n setPos(start);\n return o('opt');\n }\n };\n }\n\n function invis(prod) {\n return function invisFunc() {\n var result = prod();\n if (result !== null) {\n result.semantic = \"\";\n }\n return result;\n };\n }\n\n function colwsp(prod) {\n return function collapseSemanticWhitespace() {\n var result = prod();\n if (result !== null && result.semantic.length > 0) {\n result.semantic = \" \";\n }\n return result;\n };\n }\n\n function star(prod, minimum) {\n return function starFunc() {\n var s, result, count, start, min;\n start = getPos();\n s = o('star');\n count = 0;\n min = minimum === undefined ? 0 : minimum;\n while ((result = prod()) !== null) {\n count = count + 1;\n add(s, result);\n }\n if (count >= min) {\n return s;\n }\n else {\n setPos(start);\n return null;\n }\n };\n }\n\n // One expects names to get normalized like this:\n // \" First Last \" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n function collapseWhitespace(s) {\n return s.replace(/([ \\t]|\\r\\n)+/g, ' ').replace(/^\\s*/, '').replace(/\\s*$/, '');\n }\n\n // UTF-8 pseudo-production (RFC 6532)\n // RFC 6532 extends RFC 5322 productions to include UTF-8\n // using the following productions:\n // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4\n // UTF8-2 = \n // UTF8-3 = \n // UTF8-4 = \n //\n // For reference, the extended RFC 5322 productions are:\n // VCHAR =/ UTF8-non-ascii\n // ctext =/ UTF8-non-ascii\n // atext =/ UTF8-non-ascii\n // qtext =/ UTF8-non-ascii\n // dtext =/ UTF8-non-ascii\n function isUTF8NonAscii(tok) {\n // In JavaScript, we just deal directly with Unicode code points,\n // so we aren't checking individual bytes for UTF-8 encoding.\n // Just check that the character is non-ascii.\n return tok.charCodeAt(0) >= 128;\n }\n\n\n // common productions (RFC 5234)\n // http://tools.ietf.org/html/rfc5234\n // B.1. Core Rules\n\n // CR = %x0D\n // ; carriage return\n function cr() { return wrap('cr', literal('\\r')()); }\n\n // CRLF = CR LF\n // ; Internet standard newline\n function crlf() { return wrap('crlf', and(cr, lf)()); }\n\n // DQUOTE = %x22\n // ; \" (Double Quote)\n function dquote() { return wrap('dquote', literal('\"')()); }\n\n // HTAB = %x09\n // ; horizontal tab\n function htab() { return wrap('htab', literal('\\t')()); }\n\n // LF = %x0A\n // ; linefeed\n function lf() { return wrap('lf', literal('\\n')()); }\n\n // SP = %x20\n function sp() { return wrap('sp', literal(' ')()); }\n\n // VCHAR = %x21-7E\n // ; visible (printing) characters\n function vchar() {\n return wrap('vchar', compareToken(function vcharFunc(tok) {\n var code = tok.charCodeAt(0);\n var accept = (0x21 <= code && code <= 0x7E);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // WSP = SP / HTAB\n // ; white space\n function wsp() { return wrap('wsp', or(sp, htab)()); }\n\n\n // email productions (RFC 5322)\n // http://tools.ietf.org/html/rfc5322\n // 3.2.1. Quoted characters\n\n // quoted-pair = (\"\\\" (VCHAR / WSP)) / obs-qp\n function quotedPair() {\n var qp = wrap('quoted-pair',\n or(\n and(literal('\\\\'), or(vchar, wsp)),\n obsQP\n )());\n if (qp === null) { return null; }\n // a quoted pair will be two characters, and the \"\\\" character\n // should be semantically \"invisible\" (RFC 5322 3.2.1)\n qp.semantic = qp.semantic[1];\n return qp;\n }\n\n // 3.2.2. Folding White Space and Comments\n\n // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS\n function fws() {\n return wrap('fws', or(\n obsFws,\n and(\n opt(and(\n star(wsp),\n invis(crlf)\n )),\n star(wsp, 1)\n )\n )());\n }\n\n // ctext = %d33-39 / ; Printable US-ASCII\n // %d42-91 / ; characters not including\n // %d93-126 / ; \"(\", \")\", or \"\\\"\n // obs-ctext\n function ctext() {\n return wrap('ctext', or(\n function ctextFunc1() {\n return compareToken(function ctextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 39) ||\n (42 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsCtext\n )());\n }\n\n // ccontent = ctext / quoted-pair / comment\n function ccontent() {\n return wrap('ccontent', or(ctext, quotedPair, comment)());\n }\n\n // comment = \"(\" *([FWS] ccontent) [FWS] \")\"\n function comment() {\n return wrap('comment', and(\n literal('('),\n star(and(opt(fws), ccontent)),\n opt(fws),\n literal(')')\n )());\n }\n\n // CFWS = (1*([FWS] comment) [FWS]) / FWS\n function cfws() {\n return wrap('cfws', or(\n and(\n star(\n and(opt(fws), comment),\n 1\n ),\n opt(fws)\n ),\n fws\n )());\n }\n\n // 3.2.3. Atom\n\n //atext = ALPHA / DIGIT / ; Printable US-ASCII\n // \"!\" / \"#\" / ; characters not including\n // \"$\" / \"%\" / ; specials. Used for atoms.\n // \"&\" / \"'\" /\n // \"*\" / \"+\" /\n // \"-\" / \"/\" /\n // \"=\" / \"?\" /\n // \"^\" / \"_\" /\n // \"`\" / \"{\" /\n // \"|\" / \"}\" /\n // \"~\"\n function atext() {\n return wrap('atext', compareToken(function atextFunc(tok) {\n var accept =\n ('a' <= tok && tok <= 'z') ||\n ('A' <= tok && tok <= 'Z') ||\n ('0' <= tok && tok <= '9') ||\n (['!', '#', '$', '%', '&', '\\'', '*', '+', '-', '/',\n '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // atom = [CFWS] 1*atext [CFWS]\n function atom() {\n return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))());\n }\n\n // dot-atom-text = 1*atext *(\".\" 1*atext)\n function dotAtomText() {\n var s, maybeText;\n s = wrap('dot-atom-text', star(atext, 1)());\n if (s === null) { return s; }\n maybeText = star(and(literal('.'), star(atext, 1)))();\n if (maybeText !== null) {\n add(s, maybeText);\n }\n return s;\n }\n\n // dot-atom = [CFWS] dot-atom-text [CFWS]\n function dotAtom() {\n return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))());\n }\n\n // 3.2.4. Quoted Strings\n\n // qtext = %d33 / ; Printable US-ASCII\n // %d35-91 / ; characters not including\n // %d93-126 / ; \"\\\" or the quote character\n // obs-qtext\n function qtext() {\n return wrap('qtext', or(\n function qtextFunc1() {\n return compareToken(function qtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 === code) ||\n (35 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsQtext\n )());\n }\n\n // qcontent = qtext / quoted-pair\n function qcontent() {\n return wrap('qcontent', or(qtext, quotedPair)());\n }\n\n // quoted-string = [CFWS]\n // DQUOTE *([FWS] qcontent) [FWS] DQUOTE\n // [CFWS]\n function quotedString() {\n return wrap('quoted-string', and(\n invis(opt(cfws)),\n invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote),\n invis(opt(cfws))\n )());\n }\n\n // 3.2.5 Miscellaneous Tokens\n\n // word = atom / quoted-string\n function word() {\n return wrap('word', or(atom, quotedString)());\n }\n\n // phrase = 1*word / obs-phrase\n function phrase() {\n return wrap('phrase', or(obsPhrase, star(word, 1))());\n }\n\n // 3.4. Address Specification\n // address = mailbox / group\n function address() {\n return wrap('address', or(mailbox, group)());\n }\n\n // mailbox = name-addr / addr-spec\n function mailbox() {\n return wrap('mailbox', or(nameAddr, addrSpec)());\n }\n\n // name-addr = [display-name] angle-addr\n function nameAddr() {\n return wrap('name-addr', and(opt(displayName), angleAddr)());\n }\n\n // angle-addr = [CFWS] \"<\" addr-spec \">\" [CFWS] /\n // obs-angle-addr\n function angleAddr() {\n return wrap('angle-addr', or(\n and(\n invis(opt(cfws)),\n literal('<'),\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n ),\n obsAngleAddr\n )());\n }\n\n // group = display-name \":\" [group-list] \";\" [CFWS]\n function group() {\n return wrap('group', and(\n displayName,\n literal(':'),\n opt(groupList),\n literal(';'),\n invis(opt(cfws))\n )());\n }\n\n // display-name = phrase\n function displayName() {\n return wrap('display-name', function phraseFixedSemantic() {\n var result = phrase();\n if (result !== null) {\n result.semantic = collapseWhitespace(result.semantic);\n }\n return result;\n }());\n }\n\n // mailbox-list = (mailbox *(\",\" mailbox)) / obs-mbox-list\n function mailboxList() {\n return wrap('mailbox-list', or(\n and(\n mailbox,\n star(and(literal(','), mailbox))\n ),\n obsMboxList\n )());\n }\n\n // address-list = (address *(\",\" address)) / obs-addr-list\n function addressList() {\n return wrap('address-list', or(\n and(\n address,\n star(and(literal(','), address))\n ),\n obsAddrList\n )());\n }\n\n // group-list = mailbox-list / CFWS / obs-group-list\n function groupList() {\n return wrap('group-list', or(\n mailboxList,\n invis(cfws),\n obsGroupList\n )());\n }\n\n // 3.4.1 Addr-Spec Specification\n\n // local-part = dot-atom / quoted-string / obs-local-part\n function localPart() {\n // note: quoted-string, dotAtom are proper subsets of obs-local-part\n // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree\n return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)());\n }\n\n // dtext = %d33-90 / ; Printable US-ASCII\n // %d94-126 / ; characters not including\n // obs-dtext ; \"[\", \"]\", or \"\\\"\n function dtext() {\n return wrap('dtext', or(\n function dtextFunc1() {\n return compareToken(function dtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 90) ||\n (94 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsDtext\n )()\n );\n }\n\n // domain-literal = [CFWS] \"[\" *([FWS] dtext) [FWS] \"]\" [CFWS]\n function domainLiteral() {\n return wrap('domain-literal', and(\n invis(opt(cfws)),\n literal('['),\n star(and(opt(fws), dtext)),\n opt(fws),\n literal(']'),\n invis(opt(cfws))\n )());\n }\n\n // domain = dot-atom / domain-literal / obs-domain\n function domain() {\n return wrap('domain', function domainCheckTLD() {\n var result = or(obsDomain, dotAtom, domainLiteral)();\n if (opts.rejectTLD) {\n if (result && result.semantic && result.semantic.indexOf('.') < 0) {\n return null;\n }\n }\n // strip all whitespace from domains\n if (result) {\n result.semantic = result.semantic.replace(/\\s+/g, '');\n }\n return result;\n }());\n }\n\n // addr-spec = local-part \"@\" domain\n function addrSpec() {\n return wrap('addr-spec', and(\n localPart, literal('@'), domain\n )());\n }\n\n // 3.6.2 Originator Fields\n // Below we only parse the field body, not the name of the field\n // like \"From:\", \"Sender:\", or \"Reply-To:\". Other libraries that\n // parse email headers can parse those and defer to these productions\n // for the \"RFC 5322\" part.\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // from = \"From:\" (mailbox-list / address-list) CRLF\n function fromSpec() {\n return wrap('from', or(\n mailboxList,\n addressList\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // sender = \"Sender:\" (mailbox / address) CRLF\n function senderSpec() {\n return wrap('sender', or(\n mailbox,\n address\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // reply-to = \"Reply-To:\" address-list CRLF\n function replyToSpec() {\n return wrap('reply-to', addressList());\n }\n\n // 4.1. Miscellaneous Obsolete Tokens\n\n // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control\n // %d11 / ; characters that do not\n // %d12 / ; include the carriage\n // %d14-31 / ; return, line feed, and\n // %d127 ; white space characters\n function obsNoWsCtl() {\n return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) {\n var code = tok.charCodeAt(0);\n return ((1 <= code && code <= 8) ||\n (11 === code || 12 === code) ||\n (14 <= code && code <= 31) ||\n (127 === code));\n }));\n }\n\n // obs-ctext = obs-NO-WS-CTL\n function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); }\n\n // obs-qtext = obs-NO-WS-CTL\n function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); }\n\n // obs-qp = \"\\\" (%d0 / obs-NO-WS-CTL / LF / CR)\n function obsQP() {\n return opts.strict ? null : wrap('obs-qp', and(\n literal('\\\\'),\n or(literal('\\0'), obsNoWsCtl, lf, cr)\n )());\n }\n\n // obs-phrase = word *(word / \".\" / CFWS)\n function obsPhrase() {\n if (opts.strict ) return null;\n return opts.atInDisplayName ? wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), literal('@'), colwsp(cfws)))\n )()) :\n wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), colwsp(cfws)))\n )());\n }\n\n // 4.2. Obsolete Folding White Space\n\n // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908\n // obs-FWS = 1*([CRLF] WSP)\n function obsFws() {\n return opts.strict ? null : wrap('obs-FWS', star(\n and(invis(opt(crlf)), wsp),\n 1\n )());\n }\n\n // 4.4. Obsolete Addressing\n\n // obs-angle-addr = [CFWS] \"<\" obs-route addr-spec \">\" [CFWS]\n function obsAngleAddr() {\n return opts.strict ? null : wrap('obs-angle-addr', and(\n invis(opt(cfws)),\n literal('<'),\n obsRoute,\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n )());\n }\n\n // obs-route = obs-domain-list \":\"\n function obsRoute() {\n return opts.strict ? null : wrap('obs-route', and(\n obsDomainList,\n literal(':')\n )());\n }\n\n // obs-domain-list = *(CFWS / \",\") \"@\" domain\n // *(\",\" [CFWS] [\"@\" domain])\n function obsDomainList() {\n return opts.strict ? null : wrap('obs-domain-list', and(\n star(or(invis(cfws), literal(','))),\n literal('@'),\n domain,\n star(and(\n literal(','),\n invis(opt(cfws)),\n opt(and(literal('@'), domain))\n ))\n )());\n }\n\n // obs-mbox-list = *([CFWS] \",\") mailbox *(\",\" [mailbox / CFWS])\n function obsMboxList() {\n return opts.strict ? null : wrap('obs-mbox-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n mailbox,\n star(and(\n literal(','),\n opt(and(\n mailbox,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-addr-list = *([CFWS] \",\") address *(\",\" [address / CFWS])\n function obsAddrList() {\n return opts.strict ? null : wrap('obs-addr-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n address,\n star(and(\n literal(','),\n opt(and(\n address,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-group-list = 1*([CFWS] \",\") [CFWS]\n function obsGroupList() {\n return opts.strict ? null : wrap('obs-group-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n ), 1),\n invis(opt(cfws))\n )());\n }\n\n // obs-local-part = word *(\".\" word)\n function obsLocalPart() {\n return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))());\n }\n\n // obs-domain = atom *(\".\" atom)\n function obsDomain() {\n return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))());\n }\n\n // obs-dtext = obs-NO-WS-CTL / quoted-pair\n function obsDtext() {\n return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)());\n }\n\n /////////////////////////////////////////////////////\n\n // ast analysis\n\n function findNode(name, root) {\n var i, stack, node;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n return node;\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return null;\n }\n\n function findAllNodes(name, root) {\n var i, stack, node, result;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n result.push(node);\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return result;\n }\n\n function findAllNodesNoChildren(names, root) {\n var i, stack, node, result, namesLookup;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n namesLookup = {};\n for (i = 0; i < names.length; i += 1) {\n namesLookup[names[i]] = true;\n }\n\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name in namesLookup) {\n result.push(node);\n // don't look at children (hence findAllNodesNoChildren)\n } else {\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n }\n return result;\n }\n\n function giveResult(ast) {\n var addresses, groupsAndMailboxes, i, groupOrMailbox, result;\n if (ast === null) {\n return null;\n }\n addresses = [];\n\n // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'.\n groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast);\n for (i = 0; i < groupsAndMailboxes.length; i += 1) {\n groupOrMailbox = groupsAndMailboxes[i];\n if (groupOrMailbox.name === 'group') {\n addresses.push(giveResultGroup(groupOrMailbox));\n } else if (groupOrMailbox.name === 'mailbox') {\n addresses.push(giveResultMailbox(groupOrMailbox));\n }\n }\n\n result = {\n ast: ast,\n addresses: addresses,\n };\n if (opts.simple) {\n result = simplifyResult(result);\n }\n if (opts.oneResult) {\n return oneResult(result);\n }\n if (opts.simple) {\n return result && result.addresses;\n } else {\n return result;\n }\n }\n\n function giveResultGroup(group) {\n var i;\n var groupName = findNode('display-name', group);\n var groupResultMailboxes = [];\n var mailboxes = findAllNodesNoChildren(['mailbox'], group);\n for (i = 0; i < mailboxes.length; i += 1) {\n groupResultMailboxes.push(giveResultMailbox(mailboxes[i]));\n }\n return {\n node: group,\n parts: {\n name: groupName,\n },\n type: group.name, // 'group'\n name: grabSemantic(groupName),\n addresses: groupResultMailboxes,\n };\n }\n\n function giveResultMailbox(mailbox) {\n var name = findNode('display-name', mailbox);\n var aspec = findNode('addr-spec', mailbox);\n var cfws = findAllNodes('cfws', mailbox);\n var comments = findAllNodesNoChildren(['comment'], mailbox);\n\n\n var local = findNode('local-part', aspec);\n var domain = findNode('domain', aspec);\n return {\n node: mailbox,\n parts: {\n name: name,\n address: aspec,\n local: local,\n domain: domain,\n comments: cfws\n },\n type: mailbox.name, // 'mailbox'\n name: grabSemantic(name),\n address: grabSemantic(aspec),\n local: grabSemantic(local),\n domain: grabSemantic(domain),\n comments: concatComments(comments),\n groupName: grabSemantic(mailbox.groupName),\n };\n }\n\n function grabSemantic(n) {\n return n !== null && n !== undefined ? n.semantic : null;\n }\n\n function simplifyResult(result) {\n var i;\n if (result && result.addresses) {\n for (i = 0; i < result.addresses.length; i += 1) {\n delete result.addresses[i].node;\n }\n }\n return result;\n }\n\n function concatComments(comments) {\n var result = '';\n if (comments) {\n for (var i = 0; i < comments.length; i += 1) {\n result += grabSemantic(comments[i]);\n }\n }\n return result;\n }\n\n function oneResult(result) {\n if (!result) { return null; }\n if (!opts.partial && result.addresses.length > 1) { return null; }\n return result.addresses && result.addresses[0];\n }\n\n /////////////////////////////////////////////////////\n\n var parseString, pos, len, parsed, startProduction;\n\n opts = handleOpts(opts, {});\n if (opts === null) { return null; }\n\n parseString = opts.input;\n\n startProduction = {\n 'address': address,\n 'address-list': addressList,\n 'angle-addr': angleAddr,\n 'from': fromSpec,\n 'group': group,\n 'mailbox': mailbox,\n 'mailbox-list': mailboxList,\n 'reply-to': replyToSpec,\n 'sender': senderSpec,\n }[opts.startAt] || addressList;\n\n if (!opts.strict) {\n initialize();\n opts.strict = true;\n parsed = startProduction(parseString);\n if (opts.partial || !inStr()) {\n return giveResult(parsed);\n }\n opts.strict = false;\n }\n\n initialize();\n parsed = startProduction(parseString);\n if (!opts.partial && inStr()) { return null; }\n return giveResult(parsed);\n}\n\nfunction parseOneAddressSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseAddressListSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseFromSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'from',\n }));\n}\n\nfunction parseSenderSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'sender',\n }));\n}\n\nfunction parseReplyToSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'reply-to',\n }));\n}\n\nfunction handleOpts(opts, defs) {\n function isString(str) {\n return Object.prototype.toString.call(str) === '[object String]';\n }\n\n function isObject(o) {\n return o === Object(o);\n }\n\n function isNullUndef(o) {\n return o === null || o === undefined;\n }\n\n var defaults, o;\n\n if (isString(opts)) {\n opts = { input: opts };\n } else if (!isObject(opts)) {\n return null;\n }\n\n if (!isString(opts.input)) { return null; }\n if (!defs) { return null; }\n\n defaults = {\n oneResult: false,\n partial: false,\n rejectTLD: false,\n rfc6532: false,\n simple: false,\n startAt: 'address-list',\n strict: false,\n atInDisplayName: false\n };\n\n for (o in defaults) {\n if (isNullUndef(opts[o])) {\n opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o];\n }\n }\n return opts;\n}\n\nparse5322.parseOneAddress = parseOneAddressSimple;\nparse5322.parseAddressList = parseAddressListSimple;\nparse5322.parseFrom = parseFromSimple;\nparse5322.parseSender = parseSenderSimple;\nparse5322.parseReplyTo = parseReplyToSimple;\n\nif (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {\n module.exports = parse5322;\n} else {\n global.emailAddresses = parse5322;\n}\n\n}(this));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport emailAddresses from 'email-addresses';\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n try {\n const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true });\n this.comment = comments.replace(/^\\(|\\)$/g, '');\n this.name = name;\n this.email = email;\n } catch (e) {}\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n * @private\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm of a key\n * @param {Key} [key] - The key to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userID = {}, config) {\n let hashAlgo = config.preferredHashAlgorithm;\n let prefAlgo = hashAlgo;\n if (key) {\n const primaryUser = await key.getPrimaryUser(date, userID, config);\n if (primaryUser.selfCertification.preferredHashAlgorithms) {\n [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms;\n hashAlgo = crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n }\n }\n switch (keyPacket.algorithm) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n prefAlgo = crypto.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid);\n }\n return crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n}\n\n/**\n * Returns the preferred symmetric/aead/compression algorithm for a set of keys\n * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred algorithm\n * @async\n */\nexport async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = { // these are all must-implement in rfc4880bis\n 'symmetric': enums.symmetric.aes128,\n 'aead': enums.aead.eax,\n 'compression': enums.compression.uncompressed\n }[type];\n const preferredSenderAlgo = {\n 'symmetric': config.preferredSymmetricAlgorithm,\n 'aead': config.preferredAEADAlgorithm,\n 'compression': config.preferredCompressionAlgorithm\n }[type];\n const prefPropertyName = {\n 'symmetric': 'preferredSymmetricAlgorithms',\n 'aead': 'preferredAEADAlgorithms',\n 'compression': 'preferredCompressionAlgorithms'\n }[type];\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n const recipientPrefs = primaryUser.selfCertification[prefPropertyName];\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {PrivateKey} privateKey - key to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userID, config);\n signaturePacket.rawNotations = notations;\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n await revocationSignature.verify(\n key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\n/**\n * Returns whether aead is supported by all keys in the set\n * @param {Array} keys - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function isAEADSupported(keys, date = new Date(), userIDs = [], config = defaultConfig) {\n let supported = true;\n // TODO replace when Promise.some or Promise.any are implemented\n await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n if (!primaryUser.selfCertification.features ||\n !(primaryUser.selfCertification.features[0] & enums.features.aead)) {\n supported = false;\n }\n }));\n return supported;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc':\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) {\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function isValidSigningKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.rsaEncrypt &&\n keyAlgo !== enums.publicKey.elgamal &&\n keyAlgo !== enums.publicKey.ecdh &&\n keyAlgo !== enums.publicKey.x25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0);\n}\n\nexport function isValidEncryptionKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.dsa &&\n keyAlgo !== enums.publicKey.rsaSign &&\n keyAlgo !== enums.publicKey.ecdsa &&\n keyAlgo !== enums.publicKey.eddsaLegacy &&\n keyAlgo !== enums.publicKey.ed25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0);\n}\n\nexport function isValidDecryptionKeyPacket(signature, config) {\n if (config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n * @private\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n // check for expiration time in direct signatures\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const { selfCertification } = await this.getPrimaryUser(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate');\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {}\n }\n }\n\n // evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) &&\n helper.isValidDecryptionKeyPacket(primaryUser.selfCertification, config)) {\n keys.push(this);\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n const keyPacket = await helper.generateSecretSubkey(options);\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {};\n dataToSign.userID = userIDPacket;\n dataToSign.key = secretKeyPacket;\n\n const signatureProperties = {};\n signatureProperties.signatureType = enums.signature.certGeneric;\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128,\n enums.symmetric.aes192\n ], config.preferredSymmetricAlgorithm);\n if (config.aeadProtect) {\n signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.zlib,\n enums.compression.zip,\n enums.compression.uncompressed\n ], config.preferredCompressionAlgorithm);\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.aead;\n }\n if (config.v5Keys) {\n signatureProperties.features[0] |= enums.features.v5Keys;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return createKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No secret key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport KeyID from './type/keyid';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config);\n\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || !util.isString(algorithmName)) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config); // TODO: Pass userID from somewhere.\n if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n // do not check key expiration to allow decryption of old messages\n const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {\n return;\n }\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config);\n const algorithmName = enums.read(enums.symmetric, algo);\n const aeadAlgorithmName = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?\n enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :\n undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) {\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(algo);\n return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n let symEncryptedPacket;\n if (aeadAlgorithmName) {\n symEncryptedPacket = new AEADEncryptedDataPacket();\n symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName);\n } else {\n symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket();\n }\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const algorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();\n pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();\n pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;\n pkESKeyPacket.sessionKey = sessionKey;\n pkESKeyPacket.sessionKeyAlgorithm = algorithm;\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n let i;\n let existingSigPacketlist;\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n if (signature) {\n existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n for (i = existingSigPacketlist.length - 1; i >= 0; i--) {\n const signaturePacket = existingSigPacketlist[i];\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n if (!signingKeys.length && i === 0) {\n onePassSig.flags = 1;\n }\n packetlist.push(onePassSig);\n }\n }\n\n await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];\n const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signatureType;\n onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);\n onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;\n onePassSig.issuerKeyID = signingKey.getKeyID();\n if (i === signingKeys.length - 1) {\n onePassSig.flags = 1;\n }\n return onePassSig;\n })).then(onePassSignatureList => {\n onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig));\n });\n\n packetlist.push(literalDataPacket);\n packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config)));\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.message, this.write(), null, null, null, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const userID = userIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);\n return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n let input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} privateKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n let hashes = this.signature.packets.map(function(packet) {\n return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();\n });\n hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });\n const body = {\n hash: hashes.join(),\n text: this.text,\n data: this.signature.packets.write()\n };\n return armor(enums.armor.signed, body, undefined, undefined, undefined, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n let oneHeader = null;\n let hashAlgos = [];\n headers.forEach(function(header) {\n oneHeader = header.match(/^Hash: (.+)$/); // get header value\n if (oneHeader) {\n oneHeader = oneHeader[1].replace(/\\s/g, ''); // remove whitespace\n oneHeader = oneHeader.split(',');\n oneHeader = oneHeader.map(function(hash) {\n hash = hash.toLowerCase();\n try {\n return enums.write(enums.hash, hash);\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hash);\n }\n });\n hashAlgos = hashAlgos.concat(oneHeader);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {\n throw new Error('If no \"Hash\" header in cleartext signed message, then only MD5 signatures allowed');\n } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:\n * curve25519 (default), p256, p384, p521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key generation');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key reformat');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n const streaming = message.fromStream;\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return convertStream(data, streaming, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type\n * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data, streaming, encoding = 'utf8') {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n if (streaming === 'node') {\n data = stream.webToNode(data);\n if (encoding !== 'binary') data.setEncoding(encoding);\n return data;\n }\n if (streaming === 'web' && streamType === 'ponyfill') {\n return stream.toNativeReadable(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","this","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","prototype","undefined","read","async","length","value","done","readToEnd","join","result","slice","clone","then","push","write","chunk","close","abort","reason","isNode","globalThis","process","versions","NodeReadableStream","isStream","ReadableStream","isPrototypeOf","streams.ReadableStream","isUint8Array","Uint8Array","concatUint8Array","arrays","totalLength","i","Error","pos","forEach","element","set","NodeBuffer","nodeToWeb","webToNode","nodeStream","canceled","start","controller","pause","on","isBuffer","buffer","byteOffset","byteLength","enqueue","e","error","pull","resume","cancel","destroy","NodeReadable","webStream","options","_reader","streams.getReader","size","callback","doneReadingSet","WeakSet","externalBuffer","Reader","streams.isArrayStream","reader","_read","bind","_releaseLock","_cancel","streamType","streams.isStream","streams.nodeToWeb","doneReading","has","add","shift","readLine","returnVal","streams.concat","lineEndIndex","indexOf","concat","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","filter","toPonyfillReadable","toNativeReadable","WritableStream","TransformStream","loadStreamsPonyfill","ponyfill","adapter","all","import","createReadableStreamWrapper","toStream","toArrayStream","list","some","map","transform","transformWithCancel","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","transformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","highWaterMark","finish","output","data","result1","result2","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","Object","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","arrayStream","BigInteger","n","hex","hexByte","toString","BigInt","iinc","inc","idec","dec","iadd","x","isub","sub","imul","mul","imod","m","isNegative","mod","modExp","isZero","isOne","exp","r","lsb","rx","modInv","gcd","_egcd","b","y","xPrev","yPrev","a","q","tmp","ileftShift","leftShift","irightShift","rightShift","equal","lt","lte","gt","gte","isEven","abs","res","toNumber","number","Number","MAX_SAFE_INTEGER","getBit","bitLength","zero","one","negOne","bitlen","eight","len","toUint8Array","endian","rawLength","offset","parseInt","reverse","detectBigInt","byValue","curve","p256","secp256r1","prime256v1","p384","secp384r1","p521","secp521r1","secp256k1","ed25519Legacy","ED25519","ed25519","Ed25519","curve25519Legacy","X25519","cv25519","curve25519","Curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","eddsa","aedh","aedsa","x25519","x448","ed448","symmetric","plaintext","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","webHash","aead","eax","ocb","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuer","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","type","debugMode","env","NODE_ENV","util","isString","String","stream.isUint8Array","stream.isStream","readNumber","writeNumber","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","leftPad","padded","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","k","uint8ArrayToHex","h","c","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","s","printDebug","log","printDebugError","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","crypto","subtle","getBigInteger","default","getNodeCrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","selectUint8","isAES","cipherAlgo","enums","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","from","btoa","atob","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","deflateLevel","aeadProtect","preferredAEADAlgorithm","aeadChunkSizeByte","s2kIterationCountByte","allowUnauthenticatedMessages","allowUnauthenticatedStream","checksumRequired","minRSABits","passwordCollisionCheck","revocationsExpire","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","minBytesForWebCrypto","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","useIndutnyElliptic","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","getType","header","match","addheader","customComment","config","getCheckSum","base64.encode","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","splitChecksum","body","checksum","lastEquals","lastIndexOf","unarmor","defaultConfig","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","checksumVerified","stream.readToEnd","stream.passiveClone","stream.pipe","checksumVerifiedString","stream.isArrayStream","messageType","partIndex","partTotal","bodyClone","KeyID","toHex","equals","keyID","matchWildcard","isWildcard","isNull","static","AES_asm","gexp3","glog3","ginit_done","gmul","aes_sbox","aes_sinv","aes_enc","aes_dec","aes_init_done","aes_init","_s","ginv","d","ginit","wrapper","foreign","heap","asm","stdlib","S0","S1","S2","S3","I0","I1","I2","I3","N0","N1","N2","N3","M0","M1","M2","M3","H0","H1","H2","H3","R","HEAP","DATA","_core","x0","x1","x2","x3","t1","t2","t3","y0","y1","y2","y3","_ecb_enc","_ecb_dec","_cbc_enc","_cbc_dec","_cfb_enc","_cfb_dec","_ofb","_ctr","_gcm_mac","z0","z1","z2","z3","set_rounds","set_state","s0","s1","s2","s3","set_iv","i0","i1","i2","i3","set_nonce","n0","n1","n2","n3","set_mask","m0","m1","m2","m3","set_counter","c0","c1","c2","c3","get_state","get_iv","gcm_init","cipher","mode","ret","_cipher_modes","mac","_mac_modes","set_key","ks","k0","k1","k2","k3","k4","k5","k6","k7","ekeys","dkeys","rcon","jj","ENC","ECB","CBC","CFB","OFB","CTR","DEC","MAC","GCM","HEAP_DATA","is_bytes","_heap_init","heapSize","_heap_write","hpos","dpos","dlen","hlen","wlen","joinBytes","arg","totalLenght","reduce","sum","curr","cursor","IllegalStateError","args","IllegalArgumentError","SecurityError","heap_pool","asm_pool","AES","iv","padding","acquire_asm","pop","reset","release_asm","keylen","keyview","getUint32","ivview","AES_Encrypt_process","TypeError","amode","rpos","AES_Encrypt_finish","plen","rlen","hasOwnProperty","p","AES_Decrypt_process","AES_Decrypt_finish","pad","pcheck","AES_ECB","encrypt","decrypt","aes","C","aesECB","block","blockSize","keySize","des","keys","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","left","right","looping","cbcleft","cbcleft2","cbcright","cbcright2","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","src","dst","l","f1","f2","f3","scheduleA","scheduleB","I","sBox","inn","w","ki","half","round","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","u","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","vector","off","_decryptBlock","kk","sha1_asm","H4","TOTAL0","TOTAL1","I4","O0","O1","O2","O3","O4","w0","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","w19","w20","w21","w22","w23","w24","w25","w26","w27","w28","w29","w30","w31","w32","w33","w34","w35","w36","w37","w38","w39","w40","w41","w42","w43","w44","w45","w46","w47","w48","w49","w50","w51","w52","w53","w54","w55","w56","w57","w58","w59","w60","w61","w62","w63","w64","w65","w66","w67","w68","w69","w70","w71","w72","w73","w74","w75","w76","w77","w78","w79","_core_heap","_state_to_heap","h0","h1","h2","h3","h4","total0","total1","hashed","hmac_reset","_hmac_opad","hmac_init","p0","p1","p2","p3","p4","p5","p6","p7","p8","p9","p10","p11","p12","p13","p14","p15","hmac_finish","t0","t4","pbkdf2_generate_block","count","Hash","HASH_SIZE","Sha1","NAME","BLOCK_SIZE","asm_function","Sha256","H5","H6","H7","I5","I6","I7","O5","O6","O7","f","g","h5","h6","h7","t5","t6","t7","sha256_asm","assert","val","msg","module","create","ctor","superCtor","super_","enumerable","configurable","TempCtor","enc","hi","lo","zero2","htonl","zero8","word","inherits","ah","al","bh","bl","ch","cl","dh","dl","carry","eh","el","num","BlockHash","pending","pendingTotal","outSize","hmacStrength","_delta8","_delta32","update","utils","toArray","join32","_update","digest","_pad","_digest","rotr32","z","ch32","p32","maj32","sum32","sum32_4","sum32_5","shaCommon","s0_256","s1_256","g0_256","g1_256","common","sha256_K","SHA256","W","SHA224","T1","T2","toHex32","split32","rotr64_hi","rotr64_lo","shr64_hi","shr64_lo","sum64","sum64_hi","sum64_lo","sum64_4_hi","sum64_4_lo","sum64_5_hi","sum64_5_lo","sha512_K","SHA512","ch64_hi","xh","xl","yh","yl","zh","ch64_lo","zl","maj64_hi","maj64_lo","s0_512_hi","s0_512_lo","s1_512_hi","s1_512_lo","g0_512_hi","g0_512_lo","g1_512_hi","g1_512_lo","SHA384","_prepareBlock","c0_hi","c0_lo","c1_hi","c1_lo","c2_hi","c2_lo","c3_hi","c3_lo","fh","fl","gh","gl","hh","hl","c4_hi","c4_lo","T1_hi","T1_lo","T2_hi","T2_lo","rotl32","sum32_3","RIPEMD160","K","Kh","A","B","D","E","Ah","Bh","Ch","Dh","Eh","T","rh","sh","md5cycle","ff","gg","add32","cmn","md5blk","md5blks","hex_chr","rhex","webCrypto","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","hashjsHash","webCryptoHash","hashInstance","asmcryptoHash","hashFunctions","entree","state","substring","tail","md51","ripemd160","algo","getHashByteLength","AES_CFB","getCipher","algoName","knownAlgos","getCiphers","nodeAlgos","pt","cipherObj","createCipheriv","nodeEncrypt","ALGO","_key","importKey","cbc_pt","ct","xorMut","webEncrypt","cfb","aesEncrypt","cipherfn","block_size","blockc","ciphertext","encblock","decipherObj","createDecipheriv","nodeDecrypt","aesDecrypt","blockp","decblock","AES_CTR","nonce","AES_CTR_set_options","counter","mask","pow","view","AES_CBC","blockLength","rightXORMut","zeroBlock","CMAC","cbc","padding2","ivLength","tagLength","two","OMAC","cmac","en","final","EAX","omac","ctr","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","xor","OCB","encipher","decipher","maxNtz","crypt","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","xorInput","$","cipherInput","cipherName","ciphers","mask_x","mask_$","constructKeyVariables","crypted","_AES_GCM_data_maxLength","AES_GCM","tagSize","gamma0","noncelen","noncebuf","_gcm_mac_process","nonceview","RangeError","cleartext","tagsize","AES_GCM_encrypt","AES_GCM_decrypt","AES_GCM_Encrypt_process","AES_GCM_Encrypt_finish","alen","clen","AES_GCM_Decrypt_process","tlen","AES_GCM_Decrypt_finish","atag","acheck","setAAD","getAuthTag","de","setAuthTag","additionalData","gcm","nacl","gf","Float64Array","randombytes","_9","gf0","gf1","_121665","D2","X","Y","crypto_verify_32","xi","yi","vn","set25519","car25519","o","v","sel25519","pack25519","neq25519","par25519","unpack25519","Z","M","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","x32","x16","crypto_scalarmult_base","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","cleanup","arr","scalarMult","box","keyPair","fromSecretKey","sign","signedMsg","sm","smlen","crypto_sign","detached","sig","verify","crypto_sign_open","fromSeed","seed","setPRNG","self","msCrypto","getRandomValues","min","require","randomBytes","exports","getRandomBytes","getRandomBigInteger","modulus","randomProbablePrime","thirty","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","rand","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","emLen","hashPrefix","tLen","fill","EM","asn1","RSAPrivateKey","define","seq","obj","int","RSAPublicKey","hashAlgo","hashName","jwk","pNum","qNum","dNum","dq","dp","kty","qi","ext","privateToJWK","webSign","err","BN","pBNum","qBNum","dBNum","subn","createSign","keyObject","version","publicExponent","privateExponent","prime1","prime2","exponent1","exponent2","coefficient","createPrivateKey","der","format","pem","label","nodeSign","bnSign","publicToJWK","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","constants","RSA_PKCS1_PADDING","publicEncrypt","bnEncrypt","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","keyGenOpt","modulusLength","generateKey","exportKey","generateKeyPair","opts","publicKeyEncoding","privateKeyEncoding","prv","_","toArrayLike","phi","nSizeOver3","rde","pSize","n1023","threshold","rqx","OID","oid","getName","keyFromPrivate","indutnyCurve","priv","keyFromPublic","pub","validate","getIndutnyCurve","elliptic","ec","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","stream.TransformStream","lengthByte","nextPacket","UnsupportedError","params","captureStackTrace","UnparseablePacket","rawContent","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","CurveWithOID","oidOrName","webCryptoKey","namedCurve","jwkToRawPublic","webGenKeyPair","createECDH","generateKeys","getPublicKey","getPrivateKey","nodeGenKeyPair","genKeyPair","entropy","getPublic","getPrivate","validateStandardParams","Q","supportedCurves","curveName","dG","validationErrors","eq","bufX","bufY","rawPublicToJWK","crv","ECPrivateKey","parameters","unused","ECDSASignature","ellipticSign","SubjectPublicKeyInfo","algorithm","subjectPublicKey","ellipticVerify","octstr","explicit","optional","any","bitstr","AlgorithmIdentifier","objid","use","getPreferredHashAlgo","RS","wrap","IV","P","unpack","unwrap","createArrayBuffer","setUint32","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","genPrivateEphemeralKey","recipient","deriveBits","public","webPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","V","derive","ellipticPublicEphemeralKey","secret","webPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","ellipticPrivateEphemeralKey","pkcs5.encode","wrappedKey","aesKW.wrap","pkcs5.decode","aesKW.unwrap","nodeSubtleCrypto","webcrypto","HKDF","inputKey","salt","info","outLen","importedKey","hashAlgoName","computeHMAC","hmacKey","hmacMessage","createHmac","pseudoRandomKey","hashLen","outputKeyingMaterial","roundInput","HKDF_INFO","recipientA","ephemeralSecretKey","sharedSecret","ephemeralPublicKey","hkdfInput","computeHKDF","xr","u1","u2","qSize","n150","rsa","publicParams","curveSize","publicKeyParams","privateKeyParams","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","instance","followLength","checkSupportedCurve","keyAlgo","symmetricAlgo","ECDHSymkey","ecdhX","fromObject","sessionKeyParams","privateParams","algosWithNativeRepresentation","orderedParams","generate","validateParams","algoModule","prefixrandom","repeat","random","pkcs1","pkcs5","aesKW","assign","TYPED_OK","Uint16Array","Int32Array","shrinkBuf","fnTyped","arraySet","dest","src_offs","dest_offs","flattenChunks","chunks","fnUntyped","Buf8","Buf16","Buf32","Z_NO_FLUSH","Z_PARTIAL_FLUSH","Z_SYNC_FLUSH","Z_FULL_FLUSH","Z_FINISH","Z_BLOCK","Z_TREES","Z_OK","Z_STREAM_END","Z_NEED_DICT","Z_STREAM_ERROR","Z_DATA_ERROR","Z_BUF_ERROR","Z_DEFAULT_COMPRESSION","Z_FILTERED","Z_HUFFMAN_ONLY","Z_RLE","Z_FIXED","Z_BINARY","Z_TEXT","Z_UNKNOWN","Z_DEFLATED","STORED_BLOCK","STATIC_TREES","DYN_TREES","LENGTH_CODES","LITERALS","L_CODES","D_CODES","BL_CODES","HEAP_SIZE","MAX_BITS","Buf_size","MAX_BL_BITS","END_BLOCK","REP_3_6","REPZ_3_10","REPZ_11_138","extra_lbits","extra_dbits","extra_blbits","bl_order","static_ltree","static_dtree","_dist_code","_length_code","MAX_MATCH","base_length","base_dist","StaticTreeDesc","static_tree","extra_bits","extra_base","elems","max_length","has_stree","static_l_desc","static_d_desc","static_bl_desc","TreeDesc","dyn_tree","stat_desc","max_code","d_code","dist","put_short","pending_buf","send_bits","bi_valid","bi_buf","send_code","tree","bi_reverse","code","gen_codes","bl_count","next_code","init_block","dyn_ltree","dyn_dtree","bl_tree","opt_len","static_len","last_lit","matches","bi_windup","smaller","depth","_n2","_m2","pqdownheap","heap_len","compress_block","ltree","dtree","lc","extra","lx","d_buf","l_buf","build_tree","desc","stree","heap_max","base","xbits","overflow","gen_bitlen","scan_tree","curlen","prevlen","nextlen","max_count","min_count","send_tree","static_init_done","_tr_init","tr_static_init","l_desc","d_desc","bl_desc","_tr_stored_block","stored_len","utils.arraySet","window","copy_block","_tr_align","bi_flush","_tr_flush_block","opt_lenb","static_lenb","max_blindex","level","strm","data_type","black_mask","detect_data_type","build_bl_tree","strategy","lcodes","dcodes","blcodes","rank","send_all_trees","_tr_tally","lit_bufsize","adler32","adler","crcTable","table","makeTable","crc32","MAX_MEM_LEVEL","MIN_MATCH","MIN_LOOKAHEAD","PRESET_DICT","INIT_STATE","EXTRA_STATE","NAME_STATE","COMMENT_STATE","HCRC_STATE","BUSY_STATE","FINISH_STATE","BS_NEED_MORE","BS_BLOCK_DONE","BS_FINISH_STARTED","BS_FINISH_DONE","OS_CODE","errorCode","flush_pending","avail_out","pending_out","next_out","total_out","flush_block_only","trees._tr_flush_block","block_start","strstart","put_byte","putShortMSB","read_buf","avail_in","next_in","total_in","longest_match","cur_match","chain_length","max_chain_length","scan","best_len","prev_length","nice_match","limit","w_size","_win","wmask","w_mask","strend","scan_end1","scan_end","good_match","lookahead","match_start","fill_window","_w_size","more","window_size","hash_size","head","insert","ins_h","hash_shift","hash_mask","deflate_fast","flush","hash_head","bflush","match_length","trees._tr_tally","max_lazy_match","deflate_slow","max_insert","prev_match","match_available","Config","good_length","max_lazy","nice_length","max_chain","func","configuration_table","max_block_size","pending_buf_size","max_start","DeflateState","status","gzhead","gzindex","method","last_flush","w_bits","hash_bits","utils.Buf16","deflateReset","trees._tr_init","deflateResetKeep","lm_init","deflate","old_flush","beg","hcrc","comment","os","level_flags","bstate","deflate_huff","deflate_rle","trees._tr_align","trees._tr_stored_block","__","_utf8len","utils.Buf8","string2buf","m_pos","buf_len","str_len","ZStream","Deflate","chunkSize","windowBits","memLevel","opt","raw","gzip","ended","zlib_deflate.deflateInit2","dictionary","dict","strings.string2buf","avail","next","tmpDict","dictLength","zlib_deflate.deflateSetDictionary","_dict_set","_mode","zlib_deflate.deflate","onEnd","onData","utils.shrinkBuf","zlib_deflate.deflateEnd","utils.flattenChunks","BAD","TYPE","inflate_fast","_in","_out","hold","here","op","from_source","dmax","wsize","whave","wnext","s_window","lcode","lencode","dcode","distcode","lmask","lenbits","dmask","distbits","top","dolen","dodist","sane","MAXBITS","ENOUGH_LENS","ENOUGH_DISTS","CODES","LENS","DISTS","lbase","lext","dbase","dext","inflate_table","lens","lens_index","codes","table_index","work","incr","low","sym","root","drop","used","huff","base_index","offs","here_bits","here_op","here_val","extra_index","HEAD","FLAGS","TIME","OS","EXLEN","EXTRA","COMMENT","HCRC","DICTID","DICT","TYPEDO","STORED","COPY_","COPY","TABLE","LENLENS","CODELENS","LEN_","LEN","LENEXT","DIST","DISTEXT","MATCH","LIT","CHECK","LENGTH","DONE","zswap32","InflateState","havedict","flags","check","total","wbits","ncode","nlen","ndist","have","lendyn","distdyn","back","was","inflateReset","utils.Buf32","inflateResetKeep","inflateInit2","inflateReset2","lenfix","distfix","virgin","fixedtables","updatewindow","copy","inflate","put","last_bits","last_op","last_val","hbuf","order","inf_leave","xflags","extra_len","inflateSetDictionary","dictid","GZheader","Inflate","zlib_inflate.inflateInit2","c.Z_OK","zlib_inflate.inflateGetHeader","zlib_inflate.inflateSetDictionary","allowBufError","c.Z_FINISH","c.Z_NO_FLUSH","strings.binstring2buf","zlib_inflate.inflate","c.Z_NEED_DICT","c.Z_BUF_ERROR","c.Z_STREAM_END","c.Z_SYNC_FLUSH","zlib_inflate.inflateEnd","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","remaining","seek","n_bit","n_byte","pi","bufToHex","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","getCRC","updateCRC","updateCRCRun","mtf","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","optDetail","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","CRC32","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","MAX_HUFCODE_BITS","permute","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","multistream","bz","targetStreamCRC","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","verified","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","issuerKeyID","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","writeHashedSubPackets","toHash","stream.slice","stream.clone","writeSubPacket","humanReadable","critical","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","fromBinary","compressionFn","compress_fns","nodeZlib","node_zlib","stream.nodeToWeb","stream.webToNode","pako_zlib","deflateRaw","createDeflateRaw","createDeflate","inflateRaw","createInflateRaw","createInflate","BunzipDecode","SymEncryptedIntegrityProtectedDataPacket","encrypted","sessionKeyAlgorithm","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","AEADEncryptedDataPacket","cipherAlgorithm","aeadAlgorithm","chunkSizeByte","getAEADMode","modeInstance","tagLengthIfDecrypting","tagLengthIfEncrypting","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","latestPromise","cryptedBytes","queuedBytes","finalChunk","cryptedPromise","setInt32","desiredSize","PublicKeyEncryptedSessionKeyPacket","publicKeyID","sessionKey","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","sessionKeyData","S2K","getCount","passphrase","numBytes","rlength","prefixlen","datalen","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","produceKey","encryptionKey","generateSessionKey","associatedData","toEncrypt","PublicKeyPacket","expirationTimeV3","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","startOfSecretKeyData","unparseableKeyMaterial","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","produceEncryptionKey","cleartextWithHash","validParams","generateParams","global","parse5322","inStr","getPos","setPos","initialize","parseString","tokens","semantic","children","ast","parent","child","compareToken","fxnCompare","tok","lit","and","or","prod","invis","colwsp","star","minimum","isUTF8NonAscii","cr","crlf","lf","dquote","htab","sp","vchar","accept","rfc6532","wsp","quotedPair","obsQP","fws","obsFws","ctext","obsCtext","ccontent","cfws","atext","atom","dotAtomText","maybeText","dotAtom","qtext","obsQtext","qcontent","quotedString","address","mailbox","group","nameAddr","addrSpec","displayName","angleAddr","obsAngleAddr","groupList","obsPhrase","collapseWhitespace","mailboxList","obsMboxList","addressList","obsAddrList","obsGroupList","localPart","obsLocalPart","dtext","obsDtext","domainLiteral","domain","obsDomain","rejectTLD","obsNoWsCtl","strict","atInDisplayName","obsRoute","obsDomainList","findNode","stack","findAllNodesNoChildren","names","namesLookup","giveResult","addresses","groupsAndMailboxes","groupOrMailbox","giveResultGroup","giveResultMailbox","simplifyResult","oneResult","partial","groupName","groupResultMailboxes","mailboxes","grabSemantic","aspec","findAllNodes","comments","local","concatComments","startProduction","handleOpts","startAt","defs","isNullUndef","defaults","isObject","parseOneAddress","parseAddressList","parseFrom","parseSender","parseReplyTo","UserIDPacket","email","components","emailAddresses","otherUserID","SecretSubkeyPacket","TrustPacket","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","prefAlgo","primaryUser","getPrimaryUser","selfCertification","getPreferredCurveHashAlgo","getPreferredAlgo","userIDs","defaultAlgo","preferredSenderAlgo","prefPropertyName","recipientPrefs","Boolean","signingKeyPacket","signaturePacket","mergeSignatures","source","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","sanitizeKeyOptions","subkeyDefaults","isValidSigningKeyPacket","isValidEncryptionKeyPacket","isValidDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","signingKeys","isPrivate","signingKey","getSigningKey","certificate","verificationKeys","issuerKeys","getKeys","isRevoked","certifications","certification","valid","verifyCertificate","sourceUser","srcSelfSig","srcRevSig","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","sort","helper.isValidSigningKeyPacket","helper.checkKeyRequirements","helper.isValidEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","revocationCertificate","privateKeys","userSign","certify","verifyAllCertifications","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","fromSecretKeyPacket","pubSubkeyPacket","fromSecretSubkeyPacket","helper.isValidDecryptionKeyPacket","defaultOptions","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","readPrivateKey","readKeys","armoredKeys","binaryKeys","keyIndex","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","sessionKeyObjects","decryptSessionKeys","symEncryptedPacketlist","symEncryptedPacket","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","password","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","getDecryptionKeys","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgorithmName","supported","isAEADSupported","getEncryptionKey","maybeKey","wildcard","encryptionKeyIDs","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","literalDataPacket","existingSigPacketlist","onePassSig","signingKeyID","onePassSignatureList","createSignaturePackets","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","detachedSignature","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","stream.loadStreamsPonyfill","stream.toStream","createMessage","literalDataPacketlist","CleartextMessage","newSignature","hashes","ar","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","oneHeader","createCleartextMessage","checkConfig","helper.generateSecretKey","getRevocationCertificate","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","applyRevocationCertificate","revoke","decryptKey","clonedPrivateKey","passphrases","encryptKey","signingUserIDs","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","streaming","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","signDetached","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","encoding","setEncoding","stream.toNativeReadable","object"],"mappings":";6GAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxBC,cACEC,QACAC,KAAKT,GAAsB,IAAIU,SAAQ,CAACC,EAASC,KAC/CH,KAAKP,GAAsBS,EAC3BF,KAAKN,GAAqBS,CAAM,IAElCH,KAAKT,GAAoBa,OAAM,UAuCnC,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAaV,MAAMW,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,EAETV,KAAKe,OAAST,CAChB,CAvDAV,EAAYoB,UAAUT,UAAY,WAIhC,YAH2BU,IAAvBjB,KAAKL,KACPK,KAAKL,GAAgB,GAEhB,CACLuB,KAAMC,gBACEnB,KAAKT,GACPS,KAAKL,KAAkBK,KAAKoB,OACvB,CAAEC,WAAOJ,EAAWK,MAAM,GAE5B,CAAED,MAAOrB,KAAKA,KAAKL,MAAkB2B,MAAM,IAGxD,EAEA1B,EAAYoB,UAAUO,UAAYJ,eAAeK,SACzCxB,KAAKT,GACX,MAAMkC,EAASD,EAAKxB,KAAK0B,MAAM1B,KAAKL,KAEpC,OADAK,KAAKoB,OAAS,EACPK,CACT,EAEA7B,EAAYoB,UAAUW,MAAQ,WAC5B,MAAMA,EAAQ,IAAI/B,EAIlB,OAHA+B,EAAMpC,GAAsBS,KAAKT,GAAoBqC,MAAK,KACxDD,EAAME,QAAQ7B,KAAK,IAEd2B,CACT,EAkCAlB,EAAOO,UAAUc,MAAQX,eAAeY,GACtC/B,KAAKe,OAAOc,KAAKE,EACnB,EAOAtB,EAAOO,UAAUgB,MAAQb,iBACvBnB,KAAKe,OAAOtB,IACd,EAOAgB,EAAOO,UAAUiB,MAAQd,eAAee,GAEtC,OADAlC,KAAKe,OAAOrB,GAAmBwC,GACxBA,CACT,EAOAzB,EAAOO,UAAUJ,YAAc,aCxG/B,MAAMuB,EAAuC,iBAAvBC,EAAWC,SACQ,iBAAhCD,EAAWC,QAAQC,SAEtBC,EAAqBJ,QAAU,EAOrC,SAASK,EAASlC,GAChB,OAAID,EAAcC,GACT,QAEL8B,EAAWK,gBAAkBL,EAAWK,eAAezB,UAAU0B,cAAcpC,GAC1E,MAELqC,GAA0BA,EAAuB3B,UAAU0B,cAAcpC,GACpE,WAELiC,GAAsBA,EAAmBvB,UAAU0B,cAAcpC,GAC5D,UAELA,IAASA,EAAMC,YACV,UAGX,CAOA,SAASqC,EAAatC,GACpB,OAAOuC,WAAW7B,UAAU0B,cAAcpC,EAC5C,CAOA,SAASwC,EAAiBC,GACxB,GAAsB,IAAlBA,EAAO3B,OAAc,OAAO2B,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIF,EAAO3B,OAAQ6B,IAAK,CACtC,IAAKL,EAAaG,EAAOE,IACvB,MAAUC,MAAM,8DAGlBF,GAAeD,EAAOE,GAAG7B,OAG3B,MAAMK,EAAS,IAAIoB,WAAWG,GAC9B,IAAIG,EAAM,EAMV,OALAJ,EAAOK,SAAQ,SAAUC,GACvB5B,EAAO6B,IAAID,EAASF,GACpBA,GAAOE,EAAQjC,UAGVK,CACT,CC/DA,MAAM8B,EAAapB,QAAU,EACvBI,EAAqBJ,QAAU,EAOrC,IAAIqB,EACAC,EAEJ,GAAIlB,EAAoB,CAOtBiB,EAAY,SAASE,GACnB,IAAIC,GAAW,EACf,OAAO,IAAIhB,EAAuB,CAChCiB,MAAMC,GACJH,EAAWI,QACXJ,EAAWK,GAAG,QAAQhC,IAChB4B,IAGAJ,EAAWS,SAASjC,KACtBA,EAAQ,IAAIc,WAAWd,EAAMkC,OAAQlC,EAAMmC,WAAYnC,EAAMoC,aAE/DN,EAAWO,QAAQrC,GACnB2B,EAAWI,QAAO,IAEpBJ,EAAWK,GAAG,OAAO,KACfJ,GAGJE,EAAW7B,OAAO,IAEpB0B,EAAWK,GAAG,SAASM,GAAKR,EAAWS,MAAMD,MAE/CE,OACEb,EAAWc,UAEbC,OAAOvC,GACLyB,GAAW,EACXD,EAAWgB,QAAQxC,OAMzB,MAAMyC,UAAqBpC,EACzBzC,YAAY8E,EAAWC,GACrB9E,MAAM8E,GACN7E,KAAK8E,QAAUC,EAAkBH,GAGnCzD,YAAY6D,GACV,IACE,OAAa,CACX,MAAM1D,KAAEA,EAAID,MAAEA,SAAgBrB,KAAK8E,QAAQ5D,OAC3C,GAAII,EAAM,CACRtB,KAAK6B,KAAK,MACV,MAEF,IAAK7B,KAAK6B,KAAKR,GACb,OAGJ,MAAOgD,GACPrE,KAAK0E,QAAQL,IAIjBlD,eAAemD,EAAOW,GACpBjF,KAAK8E,QAAQL,OAAOH,GAAO1C,KAAKqD,EAAUA,IAU9CxB,EAAY,SAASmB,EAAWC,GAC9B,OAAO,IAAIF,EAAaC,EAAWC,GAGvC,CC1FA,MAAMK,EAAiB,IAAIC,QACrBC,EAAiB5F,OAAO,kBAS9B,SAAS6F,EAAO/E,GAKd,GAJAN,KAAKe,OAAST,EACVA,EAAM8E,KACRpF,KAAKoF,GAAkB9E,EAAM8E,GAAgB1D,SAE3C4D,EAAsBhF,GAAQ,CAChC,MAAMiF,EAASjF,EAAMC,YAIrB,OAHAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,YACpB1F,KAAK2F,QAAUxE,aAGjB,IAAIyE,EAAaC,EAAiBvF,GAIlC,GAHmB,SAAfsF,IACFtF,EAAQwF,EAAkBxF,IAExBsF,EAAY,CACd,MAAML,EAASjF,EAAMC,YAOrB,OANAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,KAClBH,EAAO1E,OAAOT,OAAM,eACpBmF,EAAO3E,aAAa,OAEtBZ,KAAK2F,QAAUJ,EAAOd,OAAOgB,KAAKF,IAGpC,IAAIQ,GAAc,EAClB/F,KAAKwF,MAAQrE,SACP4E,GAAeb,EAAec,IAAI1F,GAC7B,CAAEe,WAAOJ,EAAWK,MAAM,IAEnCyE,GAAc,EACP,CAAE1E,MAAOf,EAAOgB,MAAM,IAE/BtB,KAAK0F,aAAe,KAClB,GAAIK,EACF,IACEb,EAAee,IAAI3F,GACnB,MAAM+D,KAGd,CAOAgB,EAAOrE,UAAUE,KAAOC,iBACtB,GAAInB,KAAKoF,IAAmBpF,KAAKoF,GAAgBhE,OAAQ,CAEvD,MAAO,CAAEE,MAAM,EAAOD,MADRrB,KAAKoF,GAAgBc,SAGrC,OAAOlG,KAAKwF,OACd,EAKAH,EAAOrE,UAAUJ,YAAc,WACzBZ,KAAKoF,KACPpF,KAAKe,OAAOqE,GAAkBpF,KAAKoF,IAErCpF,KAAK0F,cACP,EAKAL,EAAOrE,UAAUyD,OAAS,SAASvC,GACjC,OAAOlC,KAAK2F,QAAQzD,EACtB,EAOAmD,EAAOrE,UAAUmF,SAAWhF,iBAC1B,IACIiF,EADAnC,EAAS,GAEb,MAAQmC,GAAW,CACjB,IAAI9E,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OAEjC,GADAG,GAAS,GACLC,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAEF,MAAMqC,EAAejF,EAAMkF,QAAQ,MAAQ,EACvCD,IACFF,EAAYC,EAAepC,EAAOuC,OAAOnF,EAAMoF,OAAO,EAAGH,KACzDrC,EAAS,IAEPqC,IAAiBjF,EAAMD,QACzB6C,EAAOpC,KAAKR,EAAMoF,OAAOH,IAI7B,OADAtG,KAAK0G,WAAWzC,GACTmC,CACT,EAOAf,EAAOrE,UAAU2F,SAAWxF,iBAC1B,MAAMG,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,OACV,MAAMsF,EAAOvF,EAAM,GAEnB,OADArB,KAAK0G,QAAQG,EAAcxF,EAAO,IAC3BuF,CACT,EAOAvB,EAAOrE,UAAU8F,UAAY3F,eAAeC,GAC1C,MAAM6C,EAAS,GACf,IAAI8C,EAAe,EACnB,OAAa,CACX,MAAMzF,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAIF,GAFAA,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgB3F,EAAQ,CAC1B,MAAM4F,EAAeX,EAAepC,GAEpC,OADAjE,KAAK0G,QAAQG,EAAcG,EAAc5F,IAClCyF,EAAcG,EAAc,EAAG5F,IAG5C,EAOAiE,EAAOrE,UAAUiG,UAAY9F,eAAeC,GAC1C,MAAM8F,QAAclH,KAAK8G,UAAU1F,GAEnC,OADApB,KAAK0G,QAAQQ,GACNA,CACT,EAOA7B,EAAOrE,UAAU0F,QAAU,YAAYS,GAChCnH,KAAKoF,KACRpF,KAAKoF,GAAkB,IAGL,IAAlB+B,EAAO/F,QAAgBwB,EAAauE,EAAO,KAC3CnH,KAAKoF,GAAgBhE,QAAU+F,EAAO,GAAG/F,QACzCpB,KAAKoF,GAAgB,GAAGlB,YAAciD,EAAO,GAAG/F,OAEhDpB,KAAKoF,GAAgB,GAAK,IAAIvC,WAC5B7C,KAAKoF,GAAgB,GAAGnB,OACxBjE,KAAKoF,GAAgB,GAAGlB,WAAaiD,EAAO,GAAG/F,OAC/CpB,KAAKoF,GAAgB,GAAGjB,WAAagD,EAAO,GAAG/F,QAInDpB,KAAKoF,GAAgBsB,WAAWS,EAAOC,QAAO/F,GAASA,GAASA,EAAMD,SACxE,EAQAiE,EAAOrE,UAAUO,UAAYJ,eAAeK,EAAK6E,GAC/C,MAAM5E,EAAS,GACf,OAAa,CACX,MAAMH,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,MACVG,EAAOI,KAAKR,GAEd,OAAOG,EAAKC,EACd,ECnMA,IAEI4F,EAAoBC,GAFpB7E,eAAEA,EAAc8E,eAAEA,EAAcC,gBAAEA,GAAoBpF,EAI1DjB,eAAesG,IACb,GAAID,EACF,OAGF,MAAOE,EAAUC,SAAiB1H,QAAQ2H,IAAI,CAC5CC,OAAO,0BACPA,OAAO,qCAGNpF,iBAAgB8E,iBAAgBC,mBAAoBE,GAEvD,MAAMI,4BAAEA,GAAgCH,EAEpCvF,EAAWK,gBAAkBA,IAAmBL,EAAWK,iBAC7D4E,EAAqBS,EAA4BrF,GACjD6E,EAAmBQ,EAA4B1F,EAAWK,gBAE9D,CAEA,MAAMc,EAAapB,QAAU,EAO7B,SAAS4F,EAASzH,GAChB,IAAIsF,EAAapD,EAASlC,GAC1B,MAAmB,SAAfsF,EACKpC,EAAUlD,GAEA,QAAfsF,GAAwByB,EACnBA,EAAmB/G,GAExBsF,EACKtF,EAEF,IAAImC,EAAe,CACxBmB,MAAMC,GACJA,EAAWO,QAAQ9D,GACnBuD,EAAW7B,UAGjB,CAOA,SAASgG,EAAc1H,GACrB,GAAIkC,EAASlC,GACX,OAAOA,EAET,MAAMS,EAAS,IAAInB,EAMnB,MALA,WACE,MAAMc,EAASC,EAAUI,SACnBL,EAAOoB,MAAMxB,SACbI,EAAOsB,OACd,EAJD,GAKOjB,CACT,CAQA,SAASyF,EAAOyB,GACd,OAAIA,EAAKC,MAAKnH,GAAUyB,EAASzB,KAAYV,EAAcU,KAoB7D,SAAsBkH,GACpBA,EAAOA,EAAKE,IAAIJ,GAChB,MAAMK,EAAYC,GAAoBlH,eAAee,SAC7CjC,QAAQ2H,IAAIU,EAAWH,KAAIpH,GAAU0D,EAAO1D,EAAQmB,SAE5D,IAAIqG,EAAOtI,QAAQC,UACnB,MAAMoI,EAAaL,EAAKE,KAAI,CAACpH,EAAQkC,IAAMuF,EAAczH,GAAQ,CAAC0H,EAAUC,KAC1EH,EAAOA,EAAK3G,MAAK,IAAM+G,EAAKF,EAAUL,EAAUM,SAAU,CACxDE,aAAc3F,IAAMgF,EAAK7G,OAAS,MAE7BmH,OAET,OAAOH,EAAUK,QACnB,CAhCWI,CAAaZ,GAElBA,EAAKC,MAAKnH,GAAUV,EAAcU,KAqCxC,SAA2BkH,GACzB,MAAMxG,EAAS,IAAI7B,EACnB,IAAI2I,EAAOtI,QAAQC,UAOnB,OANA+H,EAAK7E,SAAQ,CAACrC,EAAQkC,KACpBsF,EAAOA,EAAK3G,MAAK,IAAM+G,EAAK5H,EAAQU,EAAQ,CAC1CmH,aAAc3F,IAAMgF,EAAK7G,OAAS,MAE7BmH,KAEF9G,CACT,CA9CWqH,CAAkBb,GAEJ,iBAAZA,EAAK,GACPA,EAAKzG,KAAK,IAEf+B,GAAcA,EAAWS,SAASiE,EAAK,IAClC1E,EAAWiD,OAAOyB,GAEpBnF,EAAiBmF,EAC1B,CA4CA,SAAS1H,EAAUD,GACjB,OAAO,IAAI+E,EAAO/E,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CAUAa,eAAewH,EAAKrI,EAAOyI,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzG,EAASlC,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQyH,EAASzH,GACjB,IACE,GAAIA,EAAM8E,GAAiB,CACzB,MAAM1E,EAASC,EAAUoI,GACzB,IAAK,IAAI9F,EAAI,EAAGA,EAAI3C,EAAM8E,GAAgBhE,OAAQ6B,UAC1CvC,EAAOwI,YACPxI,EAAOoB,MAAMxB,EAAM8E,GAAgBnC,IAE3CvC,EAAOE,oBAEHN,EAAM6I,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,kBAEF,MAAM5E,IACR,OAGF,MAAMkB,EAAShF,EADfD,EAAQ0H,EAAc1H,IAEhBI,EAASC,EAAUoI,GACzB,IACE,OAAa,OACLrI,EAAOwI,MACb,MAAM5H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACHsH,SAAoBlI,EAAOsB,QAChC,YAEItB,EAAOoB,MAAMT,IAErB,MAAOgD,GACF2E,SAAoBtI,EAAOuB,MAAMoC,WAEtCkB,EAAO3E,cACPF,EAAOE,cAEX,CAQA,SAASwI,EAAa9I,EAAOuE,GAC3B,MAAMwE,EAAkB,IAAI7B,EAAgB3C,GAE5C,OADA8D,EAAKrI,EAAO+I,EAAgBX,UACrBW,EAAgBZ,QACzB,CAOA,SAASJ,EAAoBiB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLlB,SAAU,IAAIhG,EAAe,CAC3BmB,MAAMC,GACJ4F,EAAmB5F,GAErBU,OACMgF,EACFA,IAEAG,GAAS,GAGbvI,aAAae,GACXyH,GAAY,EACRL,SACIA,EAAapH,GAEjBsH,GACFA,EAAgCtH,KAGnC,CAAC0H,cAAe,IACnBlB,SAAU,IAAInB,EAAe,CAC3BzF,MAAOX,eAAeY,GACpB,GAAI4H,EACF,MAAUzG,MAAM,uBAElBuG,EAAiBrF,QAAQrC,GACpB2H,EAQHA,GAAS,SAPH,IAAIzJ,SAAQ,CAACC,EAASC,KAC1BoJ,EAAmCrJ,EACnCsJ,EAAkCrJ,CAAM,IAE1CoJ,EAAmC,KACnCC,EAAkC,OAKtCxH,MAAOyH,EAAiBzH,MAAMyD,KAAKgE,GACnCxH,MAAOwH,EAAiBnF,MAAMmB,KAAKgE,KAGzC,CASA,SAASrB,EAAU9H,EAAO+B,EAAU,MAAe,GAAEwH,EAAS,MAAe,IAC3E,GAAIxJ,EAAcC,GAAQ,CACxB,MAAMwJ,EAAS,IAAIlK,EAgBnB,MAfA,WACE,MAAMc,EAASC,EAAUmJ,GACzB,IACE,MAAMC,QAAaxI,EAAUjB,GACvB0J,EAAU3H,EAAQ0H,GAClBE,EAAUJ,IAChB,IAAIpI,EACgDA,OAApCR,IAAZ+I,QAAqC/I,IAAZgJ,EAAgCzD,EAAO,CAACwD,EAASC,SACpDhJ,IAAZ+I,EAAwBA,EAAUC,QAC1CvJ,EAAOoB,MAAML,SACbf,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EAdD,GAeOyF,EAET,GAAItH,EAASlC,GACX,OAAO8I,EAAa9I,EAAO,CACzBa,gBAAgBE,EAAOwC,GACrB,IACE,MAAMpC,QAAeY,EAAQhB,QACdJ,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,KAGrBlD,YAAY0C,GACV,IACE,MAAMpC,QAAeoI,SACN5I,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,OAKzB,MAAM2F,EAAU3H,EAAQ/B,GAClB2J,EAAUJ,IAChB,YAAgB5I,IAAZ+I,QAAqC/I,IAAZgJ,EAA8BzD,EAAO,CAACwD,EAASC,SACzDhJ,IAAZ+I,EAAwBA,EAAUC,CAC3C,CAWA,SAASzB,EAAclI,EAAO4J,GAC5B,GAAI1H,EAASlC,KAAWD,EAAcC,GAAQ,CAC5C,IAAI6J,EACJ,MAAMC,EAAW,IAAI5C,EAAgB,CACnC5D,MAAMC,GACJsG,EAA8BtG,KAI5BwG,EAAkB1B,EAAKrI,EAAO8J,EAAS1B,UAEvC4B,EAAWjC,GAAoBlH,eAAee,GAClDiI,EAA4B7F,MAAMpC,SAC5BmI,QACA,IAAIpK,QAAQsK,eAGpB,OADAL,EAAGE,EAAS3B,SAAU6B,EAAS5B,UACxB4B,EAAS7B,SAElBnI,EAAQ0H,EAAc1H,GACtB,MAAMwJ,EAAS,IAAIlK,EAEnB,OADAsK,EAAG5J,EAAOwJ,GACHA,CACT,CAWA,SAASU,EAAMlK,EAAO4J,GACpB,IAAIO,EACJ,MAAMC,EAAclC,EAAclI,GAAO,CAACmI,EAAUC,KAClD,MAAMnD,EAAShF,EAAUkI,GACzBlD,EAAOoF,UAAY,KACjBpF,EAAO3E,cACP+H,EAAKF,EAAUC,GACRgC,GAETD,EAAcP,EAAG3E,EAAO,IAE1B,OAAOkF,CACT,CA4BA,SAAS9I,EAAMrB,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqB,QAEf,GAAIa,EAASlC,GAAQ,CACnB,MAAMsK,EAxBV,SAAatK,GACX,GAAID,EAAcC,GAChB,MAAU4C,MAAM,qDAElB,GAAIV,EAASlC,GAAQ,CACnB,MAAMsK,EAAO7C,EAASzH,GAAOuK,MAE7B,OADAD,EAAK,GAAGxF,GAAkBwF,EAAK,GAAGxF,GAAkB9E,EAAM8E,GACnDwF,EAET,MAAO,CAAClJ,EAAMpB,GAAQoB,EAAMpB,GAC9B,CAciBuK,CAAIvK,GAEjB,OADAwK,EAAUxK,EAAOsK,EAAK,IACfA,EAAK,GAEd,OAAOlJ,EAAMpB,EACf,CAUA,SAASyK,EAAazK,GACpB,OAAID,EAAcC,GACTqB,EAAMrB,GAEXkC,EAASlC,GACJ,IAAImC,EAAe,CACxBmB,MAAMC,GACJ,MAAM6G,EAAclC,EAAclI,GAAOa,MAAOsH,EAAUC,KACxD,MAAMnD,EAAShF,EAAUkI,GACnB/H,EAASC,EAAU+H,GACzB,IACE,OAAa,OACLhI,EAAOwI,MACb,MAAM5H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,IAAMuC,EAAW7B,QAAW,MAAMqC,IAElC,kBADM3D,EAAOsB,QAGf,IAAM6B,EAAWO,QAAQ/C,GAAU,MAAMgD,UACnC3D,EAAOoB,MAAMT,IAErB,MAAMgD,GACNR,EAAWS,MAAMD,SACX3D,EAAOuB,MAAMoC,OAGvByG,EAAUxK,EAAOoK,MAIhBhJ,EAAMpB,EACf,CAQA,SAASwK,EAAUxK,EAAOqB,GAExBqJ,OAAOC,QAAQD,OAAOE,0BAA0B5K,EAAMR,YAAYkB,YAAYoC,SAAQ,EAAE+H,EAAMC,MAC/E,gBAATD,IAGAC,EAAW/J,MACb+J,EAAW/J,MAAQ+J,EAAW/J,MAAMoE,KAAK9D,GAEzCyJ,EAAWC,IAAMD,EAAWC,IAAI5F,KAAK9D,GAEvCqJ,OAAOM,eAAehL,EAAO6K,EAAMC,GAAW,GAElD,CAOA,SAAS1J,EAAMpB,EAAOiL,EAAM,EAAGC,EAAIC,KACjC,GAAIpL,EAAcC,GAChB,MAAU4C,MAAM,mBAElB,GAAIV,EAASlC,GAAQ,CACnB,GAAIiL,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAOtC,EAAa9I,EAAO,CACzB8H,UAAU/G,EAAOwC,GACX6H,EAAYF,GACVE,EAAYrK,EAAMD,QAAUmK,GAC9B1H,EAAWO,QAAQ1C,EAAML,EAAOsK,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAarK,EAAMD,QAEnByC,EAAWgI,eAKnB,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAO1D,EAAU9H,GAAOe,IAClBA,EAAMD,SAAWmK,EAAOO,EAAY,CAACzK,GACpCyK,EAAUjK,KAAKR,EAAM,IACzB,IAAMK,EAAM8E,EAAOsF,GAAYP,EAAOC,KAE3C,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAO1D,EAAU9H,GAAOe,IACtB,MAAMoJ,EAAcqB,EAAYtF,EAAO,CAACsF,EAAWzK,IAAUA,EAC7D,GAAIoJ,EAAYrJ,SAAWoK,EAEzB,OADAM,EAAYpK,EAAM+I,EAAae,GACxB9J,EAAM+I,EAAac,EAAOC,GAEjCM,EAAYrB,KAKlB,OADAsB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAU9K,SAAYO,QAAYH,EAAUjB,GAAQiL,EAAOC,KAKpE,OAHIlL,EAAM8E,KACR9E,EAAQkG,EAAOlG,EAAM8E,GAAgBoB,OAAO,CAAClG,OAE3CsC,EAAatC,IAAYiD,GAAcA,EAAWS,SAAS1D,GAIxDA,EAAMoB,MAAM6J,EAAOC,IAHpBA,IAAQC,MAAUD,EAAMlL,EAAMc,QAC3Bd,EAAM4L,SAASX,EAAOC,GAGjC,CASArK,eAAeI,EAAUjB,EAAOkB,EAAKgF,GACnC,OAAInG,EAAcC,GACTA,EAAMiB,UAAUC,GAErBgB,EAASlC,GACJC,EAAUD,GAAOiB,UAAUC,GAE7BlB,CACT,CASAa,eAAesD,EAAOnE,EAAO4B,GAC3B,GAAIM,EAASlC,GAAQ,CACnB,GAAIA,EAAMmE,OACR,OAAOnE,EAAMmE,OAAOvC,GAEtB,GAAI5B,EAAMoE,QAGR,OAFApE,EAAMoE,QAAQxC,SACR,IAAIjC,QAAQsK,YACXrI,EAGb,CAOA,SAAS+J,EAAU/B,GACjB,MAAMiC,EAAc,IAAIvM,EAUxB,MATA,WACE,MAAMc,EAASC,EAAUwL,GACzB,UACQzL,EAAOoB,YAAYoI,WACnBxJ,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EARD,GASO8H,CACT,CCjkBe,MAAMC,EAMnBtM,YAAYuM,GACV,QAAUpL,IAANoL,EACF,MAAUnJ,MAAM,4BAGlB,GAAImJ,aAAaxJ,WAAY,CAC3B,MAAMqE,EAAQmF,EACRC,EAAUzM,MAAMqH,EAAM9F,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAAK,CACrC,MAAMsJ,EAAUrF,EAAMjE,GAAGuJ,SAAS,IAClCF,EAAIrJ,GAAMiE,EAAMjE,IAAM,GAAQ,IAAMsJ,EAAWA,EAEjDvM,KAAKqB,MAAQoL,OAAO,MAAQH,EAAI9K,KAAK,UAErCxB,KAAKqB,MAAQoL,OAAOJ,GAIxB1K,QACE,OAAO,IAAIyK,EAAWpM,KAAKqB,OAM7BqL,OAEE,OADA1M,KAAKqB,QACErB,KAOT2M,MACE,OAAO3M,KAAK2B,QAAQ+K,OAMtBE,OAEE,OADA5M,KAAKqB,QACErB,KAOT6M,MACE,OAAO7M,KAAK2B,QAAQiL,OAOtBE,KAAKC,GAEH,OADA/M,KAAKqB,OAAS0L,EAAE1L,MACTrB,KAQTiG,IAAI8G,GACF,OAAO/M,KAAK2B,QAAQmL,KAAKC,GAO3BC,KAAKD,GAEH,OADA/M,KAAKqB,OAAS0L,EAAE1L,MACTrB,KAQTiN,IAAIF,GACF,OAAO/M,KAAK2B,QAAQqL,KAAKD,GAO3BG,KAAKH,GAEH,OADA/M,KAAKqB,OAAS0L,EAAE1L,MACTrB,KAQTmN,IAAIJ,GACF,OAAO/M,KAAK2B,QAAQuL,KAAKH,GAO3BK,KAAKC,GAKH,OAJArN,KAAKqB,OAASgM,EAAEhM,MACZrB,KAAKsN,cACPtN,KAAK8M,KAAKO,GAELrN,KAQTuN,IAAIF,GACF,OAAOrN,KAAK2B,QAAQyL,KAAKC,GAS3BG,OAAOnJ,EAAGgI,GACR,GAAIA,EAAEoB,SAAU,MAAMvK,MAAM,yBAC5B,GAAImJ,EAAEqB,QAAS,OAAO,IAAItB,EAAW,GACrC,GAAI/H,EAAEiJ,aAAc,MAAMpK,MAAM,iCAEhC,IAAIyK,EAAMtJ,EAAEhD,MACR0L,EAAI/M,KAAKqB,MAEb0L,GAAKV,EAAEhL,MACP,IAAIuM,EAAInB,OAAO,GACf,KAAOkB,EAAMlB,OAAO,IAAI,CACtB,MAAMoB,EAAMF,EAAMlB,OAAO,GACzBkB,IAAQlB,OAAO,GAEf,MAAMqB,EAAMF,EAAIb,EAAKV,EAAEhL,MAEvBuM,EAAIC,EAAMC,EAAKF,EACfb,EAAKA,EAAIA,EAAKV,EAAEhL,MAElB,OAAO,IAAI+K,EAAWwB,GAWxBG,OAAO1B,GACL,MAAM2B,IAAEA,EAAGjB,EAAEA,GAAM/M,KAAKiO,MAAM5B,GAC9B,IAAK2B,EAAIN,QACP,MAAUxK,MAAM,0BAElB,OAAO6J,EAAE9G,IAAIoG,GAAGkB,IAAIlB,GAStB4B,MAAMC,GACJ,IAAInB,EAAIN,OAAO,GACX0B,EAAI1B,OAAO,GACX2B,EAAQ3B,OAAO,GACf4B,EAAQ5B,OAAO,GAEf6B,EAAItO,KAAKqB,MAGb,IAFA6M,EAAIA,EAAE7M,MAEC6M,IAAMzB,OAAO,IAAI,CACtB,MAAM8B,EAAID,EAAIJ,EACd,IAAIM,EAAMzB,EACVA,EAAIqB,EAAQG,EAAIxB,EAChBqB,EAAQI,EAERA,EAAML,EACNA,EAAIE,EAAQE,EAAIJ,EAChBE,EAAQG,EAERA,EAAMN,EACNA,EAAII,EAAIJ,EACRI,EAAIE,EAGN,MAAO,CACLzB,EAAG,IAAIX,EAAWgC,GAClBD,EAAG,IAAI/B,EAAWiC,GAClBL,IAAK,IAAI5B,EAAWkC,IASxBN,IAAIE,GACF,IAAII,EAAItO,KAAKqB,MAEb,IADA6M,EAAIA,EAAE7M,MACC6M,IAAMzB,OAAO,IAAI,CACtB,MAAM+B,EAAMN,EACZA,EAAII,EAAIJ,EACRI,EAAIE,EAEN,OAAO,IAAIpC,EAAWkC,GAOxBG,WAAW1B,GAET,OADA/M,KAAKqB,QAAU0L,EAAE1L,MACVrB,KAQT0O,UAAU3B,GACR,OAAO/M,KAAK2B,QAAQ8M,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADA/M,KAAKqB,QAAU0L,EAAE1L,MACVrB,KAQT4O,WAAW7B,GACT,OAAO/M,KAAK2B,QAAQgN,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAO/M,KAAKqB,QAAU0L,EAAE1L,MAQ1ByN,GAAG/B,GACD,OAAO/M,KAAKqB,MAAQ0L,EAAE1L,MAQxB0N,IAAIhC,GACF,OAAO/M,KAAKqB,OAAS0L,EAAE1L,MAQzB2N,GAAGjC,GACD,OAAO/M,KAAKqB,MAAQ0L,EAAE1L,MAQxB4N,IAAIlC,GACF,OAAO/M,KAAKqB,OAAS0L,EAAE1L,MAGzBoM,SACE,OAAOzN,KAAKqB,QAAUoL,OAAO,GAG/BiB,QACE,OAAO1N,KAAKqB,QAAUoL,OAAO,GAG/Ba,aACE,OAAOtN,KAAKqB,MAAQoL,OAAO,GAG7ByC,SACE,QAASlP,KAAKqB,MAAQoL,OAAO,IAG/B0C,MACE,MAAMC,EAAMpP,KAAK2B,QAIjB,OAHI3B,KAAKsN,eACP8B,EAAI/N,OAAS+N,EAAI/N,OAEZ+N,EAOT5C,WACE,OAAOxM,KAAKqB,MAAMmL,WAQpB6C,WACE,MAAMC,EAASC,OAAOvP,KAAKqB,OAC3B,GAAIiO,EAASC,OAAOC,iBAElB,MAAUtM,MAAM,8CAElB,OAAOoM,EAQTG,OAAOxM,GAEL,OADajD,KAAKqB,OAASoL,OAAOxJ,GAAMwJ,OAAO,MAC/BA,OAAO,GAAM,EAAI,EAOnCiD,YACE,MAAMC,EAAO,IAAIvD,EAAW,GACtBwD,EAAM,IAAIxD,EAAW,GACrByD,EAAS,IAAIzD,GAAY,GAIzBrD,EAAS/I,KAAKsN,aAAeuC,EAASF,EAC5C,IAAIG,EAAS,EACb,MAAMtB,EAAMxO,KAAK2B,QACjB,MAAQ6M,EAAIG,YAAYiB,GAAKf,MAAM9F,IACjC+G,IAEF,OAAOA,EAOT3L,aACE,MAAMwL,EAAO,IAAIvD,EAAW,GACtByD,EAAS,IAAIzD,GAAY,GAEzBrD,EAAS/I,KAAKsN,aAAeuC,EAASF,EACtCI,EAAQ,IAAI3D,EAAW,GAC7B,IAAI4D,EAAM,EACV,MAAMxB,EAAMxO,KAAK2B,QACjB,MAAQ6M,EAAIG,YAAYoB,GAAOlB,MAAM9F,IACnCiH,IAEF,OAAOA,EASTC,aAAaC,EAAS,KAAM9O,GAG1B,IAAIkL,EAAMtM,KAAKqB,MAAMmL,SAAS,IAC1BF,EAAIlL,OAAS,GAAM,IACrBkL,EAAM,IAAMA,GAGd,MAAM6D,EAAY7D,EAAIlL,OAAS,EACzB8F,EAAQ,IAAIrE,WAAWzB,GAAU+O,GAEjCC,EAAShP,EAAUA,EAAS+O,EAAa,EAC/C,IAAIlN,EAAI,EACR,KAAOA,EAAIkN,GACTjJ,EAAMjE,EAAImN,GAAUC,SAAS/D,EAAI5K,MAAM,EAAIuB,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXiN,GACFhJ,EAAMoJ,UAGDpJ,GChcX,MAAMqJ,EAAe,IAAwB,oBAAX9D,OCElC,MAAM+D,EAAUhR,OAAO,WAEvB,MAAe,CAObiR,MAAO,CAELC,KAAuB,OACvB,QAAuB,OACvBC,UAAuB,OACvBC,WAAuB,OACvB,sBAAuB,OACvB,mBAAuB,OACvB,mBAAuB,OAGvBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,UAAgB,YAChB,eAAgB,YAChB,aAAgB,YAChB,aAAgB,YAGhBC,cAA0B,UAC1BC,QAA0B,UAE1BC,QAA0B,UAC1BC,QAA0B,UAC1B,yBAA0B,UAC1B,qBAA0B,UAC1B,qBAA0B,UAG1BC,iBAA0B,aAC1BC,OAA0B,aAC1BC,QAA0B,aAE1BC,WAA0B,aAC1BC,WAA0B,aAC1B,yBAA0B,aAC1B,uBAA0B,aAC1B,uBAA0B,aAG1BC,gBAAyB,kBACzB,uBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbzB,cAAe,GAEf0B,MAAO,GAEPC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAEN5B,QAAS,GAET6B,MAAO,IAOTC,UAAW,CACTC,UAAW,EAEXC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,IAOVC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXhD,UAAW,EACXiD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,IAOrBC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRpB,UAAW,CAETiB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,OAAQ,GACRC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,IAO3BP,SAAU,CAERQ,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTrH,UAAW,EACXsH,WAAY,EACZzE,UAAW,GAObuD,oBAAqB,CAEnBmB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBtB,SAAU,CAERuB,sBAAuB,EAGvBrF,KAAM,EAGNsF,OAAQ,GAUVlY,MAAO,SAASmY,EAAM5V,GAKpB,GAJiB,iBAANA,IACTA,EAAIrE,KAAKkB,KAAK+Y,EAAM5V,SAGNpD,IAAZgZ,EAAK5V,GACP,OAAO4V,EAAK5V,GAGd,MAAUnB,MAAM,wBAUlBhC,KAAM,SAAS+Y,EAAM5V,GAQnB,GAPK4V,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChBxF,OAAOC,QAAQgP,GAAM7W,SAAQ,EAAEyT,EAAKxV,MAClC4Y,EAAKzJ,GAASnP,GAASwV,CAAG,UAIL5V,IAArBgZ,EAAKzJ,GAASnM,GAChB,OAAO4V,EAAKzJ,GAASnM,GAGvB,MAAUnB,MAAM,yBC3dpB,MAAMgX,EAAY,MAChB,IACE,MAAgC,gBAAzB7X,QAAQ8X,IAAIC,SACnB,MAAO/V,IACT,OAAO,CACR,EALiB,GAOZgW,EAAO,CACXC,SAAU,SAASvQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBwQ,QAGrD/Z,QAAS,SAASuJ,GAChB,OAAOA,aAAgBlK,OAGzB+C,aAAc4X,EAEdhY,SAAUiY,EAEVC,WAAY,SAAUxT,GACpB,IAAImF,EAAI,EACR,IAAK,IAAIpJ,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAChCoJ,GAAM,KAAOpJ,EAAKiE,EAAMA,EAAM9F,OAAS,EAAI6B,GAE7C,OAAOoJ,GAGTsO,YAAa,SAAUtO,EAAGnF,GACxB,MAAMgH,EAAI,IAAIrL,WAAWqE,GACzB,IAAK,IAAIjE,EAAI,EAAGA,EAAIiE,EAAOjE,IACzBiL,EAAEjL,GAAMoJ,GAAM,GAAKnF,EAAQjE,EAAI,GAAO,IAGxC,OAAOiL,GAGT0M,SAAU,SAAU1T,GAClB,MAAMmF,EAAIgO,EAAKK,WAAWxT,GAE1B,OADU,IAAI2T,KAAS,IAAJxO,IAIrByO,UAAW,SAAUC,GACnB,MAAMC,EAAUrP,KAAKsP,MAAMF,EAAKG,UAAY,KAE5C,OAAOb,EAAKM,YAAYK,EAAS,IAGnCG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAStP,IAAWsP,EAAO,IAAIF,KAAgC,IAA3BlP,KAAKsP,OAAOF,EAAO,OAQjFM,QAAS,SAAUnU,GACjB,MACMoU,GADQpU,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAC/B,OAAOA,EAAMgF,SAAS,EAAG,EAAIoP,IAS/BC,QAAQrU,EAAO9F,GACb,MAAMoa,EAAS,IAAI3Y,WAAWzB,GACxBgP,EAAShP,EAAS8F,EAAM9F,OAE9B,OADAoa,EAAOlY,IAAI4D,EAAOkJ,GACXoL,GAQTC,gBAAiB,SAAUC,GACzB,MAAMC,EAAUtB,EAAKuB,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUzY,MAAM,YAElB,MAAM2Y,EAAWH,EAAIxP,SAASwP,EAAIta,OAASuK,KAAKmQ,KAAKH,EAAU,IACzDI,EAAS,IAAIlZ,WAAW,EAAY,MAAV8Y,IAAqB,EAAa,IAAVA,IACxD,OAAOtB,EAAKvX,iBAAiB,CAACiZ,EAAQF,KAQxCD,oBAAqB,SAAUF,GAC7B,IAAIzY,EACJ,IAAKA,EAAI,EAAGA,EAAIyY,EAAIta,QAA4B,IAAXsa,EAAIzY,GAAbA,KAC5B,GAAIA,IAAMyY,EAAIta,OACZ,OAAO,EAET,MAAMya,EAAWH,EAAIxP,SAASjJ,GAC9B,OAA+B,GAAvB4Y,EAASza,OAAS,GAASiZ,EAAK2B,MAAMH,EAAS,KAQzDI,gBAAiB,SAAU3P,GACzB,MAAM7K,EAAS,IAAIoB,WAAWyJ,EAAIlL,QAAU,GAC5C,IAAK,IAAI8a,EAAI,EAAGA,EAAI5P,EAAIlL,QAAU,EAAG8a,IACnCza,EAAOya,GAAK7L,SAAS/D,EAAI7F,OAAOyV,GAAK,EAAG,GAAI,IAE9C,OAAOza,GAQT0a,gBAAiB,SAAUjV,GACzB,MAAM0G,EAAI,GACJvJ,EAAI6C,EAAM9F,OAChB,IACIgb,EADAC,EAAI,EAER,KAAOA,EAAIhY,GAAG,CAEZ,IADA+X,EAAIlV,EAAMmV,KAAK7P,SAAS,IACjB4P,EAAEhb,OAAS,GAChBgb,EAAI,IAAMA,EAEZxO,EAAE/L,KAAK,GAAKua,GAEd,OAAOxO,EAAEpM,KAAK,KAQhB8a,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlC,EAAKC,SAASiC,GACjB,MAAUrZ,MAAM,4DAGlB,MAAMzB,EAAS,IAAIoB,WAAW0Z,EAAInb,QAClC,IAAK,IAAI6B,EAAI,EAAGA,EAAIsZ,EAAInb,OAAQ6B,IAC9BxB,EAAOwB,GAAKsZ,EAAIE,WAAWxZ,GAE7B,OAAOxB,CAAM,KASjBib,mBAAoB,SAAUxV,GAE5B,MAAMzF,EAAS,GACTkb,EAAK,MACLC,GAHN1V,EAAQ,IAAIrE,WAAWqE,IAGP9F,OAEhB,IAAK,IAAI6B,EAAI,EAAGA,EAAI2Z,EAAG3Z,GAAK0Z,EAC1Blb,EAAOI,KAAK0Y,OAAOsC,aAAaC,MAAMvC,OAAQrT,EAAMgF,SAASjJ,EAAGA,EAAI0Z,EAAKC,EAAI3Z,EAAI0Z,EAAKC,KAExF,OAAOnb,EAAOD,KAAK,KAQrBub,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAS5a,EAAQhB,EAAO6b,GAAY,GAClC,OAAOF,EAAQG,OAAO9b,EAAO,CAAEN,QAASmc,IAE1C,OAAOV,EAAiBD,EAAKla,GAAS,IAAMA,EAAQ,IAAI,MAQ1D+a,WAAY,SAAUjH,GACpB,MAAMkH,EAAU,IAAIC,YAAY,SAEhC,SAASjb,EAAQhB,EAAO6b,GAAY,GAClC,OAAOG,EAAQE,OAAOlc,EAAO,CAAEN,QAASmc,IAE1C,OAAOV,EAAiBrG,EAAM9T,GAAS,IAAMA,EAAQ,IAAIQ,YAAc,MASzE2D,OAAQgX,EAOR1a,iBAAkB2a,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvD,EAAKzX,aAAa+a,KAAYtD,EAAKzX,aAAagb,GACnD,MAAU1a,MAAM,4CAGlB,GAAIya,EAAOvc,SAAWwc,EAAOxc,OAC3B,OAAO,EAGT,IAAK,IAAI6B,EAAI,EAAGA,EAAI0a,EAAOvc,OAAQ6B,IACjC,GAAI0a,EAAO1a,KAAO2a,EAAO3a,GACvB,OAAO,EAGX,OAAO,GAST4a,cAAe,SAAU3H,GACvB,IAAI4H,EAAI,EACR,IAAK,IAAI7a,EAAI,EAAGA,EAAIiT,EAAK9U,OAAQ6B,IAC/B6a,EAAKA,EAAI5H,EAAKjT,GAAM,MAEtB,OAAOoX,EAAKM,YAAYmD,EAAG,IAQ7BC,WAAY,SAAUxB,GAChBrC,GACFnO,QAAQiS,IAAI,qBAAsBzB,IAStC0B,gBAAiB,SAAU3Z,GACrB4V,GACFnO,QAAQzH,MAAM,qBAAsBA,IAKxC0X,MAAO,SAAUjP,GACf,IAAIa,EAAI,EACJsQ,EAAInR,IAAM,GAyBd,OAxBU,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,IAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEAA,GAYTuQ,OAAQ,SAASpU,GACf,MAAMqU,EAAY,IAAIvb,WAAWkH,EAAK3I,QAChCid,EAAOtU,EAAK3I,OAAS,EAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAIob,EAAMpb,IACxBmb,EAAUnb,GAAM8G,EAAK9G,IAAM,EAAM8G,EAAK9G,EAAI,IAAM,EAGlD,OADAmb,EAAUC,GAAStU,EAAKsU,IAAS,EAAuB,KAAhBtU,EAAK,IAAM,GAC5CqU,GAUTE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIvb,EAAIsb,EAAMnd,OAAS,EAAG6B,GAAK,EAAGA,IACrCsb,EAAMtb,KAAOub,EACTvb,EAAI,IACNsb,EAAMtb,IAAOsb,EAAMtb,EAAI,IAAO,EAAIub,GAIxC,OAAOD,GAOTE,aAAc,WACZ,YAA6B,IAAfrc,GAA8BA,EAAWsc,QAAUtc,EAAWsc,OAAOC,QAUrFC,cFnYFzd,iBACE,GAAIoP,IACF,OAAOnE,EACF,CACL,MAAQyS,QAASzS,SAAqBvE,OAAO,0BAC7C,OAAOuE,EAEX,EEkYE0S,cAAe,aAIfC,YAAa,aASbC,cAAe,WACb,MAAO,CAAwB,EAAEC,QAGnCC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,YADW,GACDC,OAAOje,QAGnBke,eAAgB,SAASvV,GACvB,IAAKsQ,EAAKC,SAASvQ,GACjB,OAAO,EAGT,MADW,mLACDwV,KAAKxV,IAOjByV,gBAAiB,SAASzV,GAGxB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM7C,IAY5B,IAAIwY,EAXAD,IACFvY,EAAQmT,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,KAN9C,KASLA,EAAMA,EAAM9F,OAAS,IACvBqe,GAAc,EACdvY,EAAQA,EAAMgF,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAI1c,EAAI,EACXyc,EAAQxY,EAAMX,QAlBP,GAkBmBtD,GAAK,EAC3Byc,EAFYzc,EAAIyc,EAlBb,KAqBDxY,EAAMwY,EAAQ,IAAWC,EAAQ9d,KAAK6d,GAK9C,IAAKC,EAAQve,OACX,OAAO8F,EAGT,MAAM0Y,EAAa,IAAI/c,WAAWqE,EAAM9F,OAASue,EAAQve,QACzD,IAAIwb,EAAI,EACR,IAAK,IAAI3Z,EAAI,EAAGA,EAAI0c,EAAQve,OAAQ6B,IAAK,CACvC,MAAMgK,EAAM/F,EAAMgF,SAASyT,EAAQ1c,EAAI,IAAM,EAAG0c,EAAQ1c,IACxD2c,EAAWtc,IAAI2J,EAAK2P,GACpBA,GAAK3P,EAAI7L,OACTwe,EAAWhD,EAAI,GApCR,GAqCPgD,EAAWhD,GApCJ,GAqCPA,IAGF,OADAgD,EAAWtc,IAAI4D,EAAMgF,SAASyT,EAAQA,EAAQve,OAAS,IAAM,GAAIwb,GAC1DgD,CAAU,IAChB,IAAOH,EAAc,IAAI5c,WAAW,CA1C5B,UA0CoC5B,KAOjD4e,UAAW,SAAS9V,GAGlB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM7C,IAc5B,IAAIwY,EAlBK,MAMPxY,EADEuY,GAJK,KAIUvY,EAAM,GACfmT,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,IAE7C,IAAIrE,WAAWqE,IAGfA,EAAM9F,OAAS,IACvBqe,GAAc,EACdvY,EAAQA,EAAMgF,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,IAAI7C,EAAI,EACR,IAAK,IAAI3Z,EAAI,EAAGA,IAAMiE,EAAM9F,OAAQ6B,EAAIyc,EAAO,CAC7CA,EAAQxY,EAAMX,QArBP,GAqBmBtD,GAAK,EAC1Byc,IAAOA,EAAQxY,EAAM9F,QAC1B,MAAMid,EAAOqB,GAtBN,KAsBexY,EAAMwY,GAAgB,EAAI,GAC5Czc,GAAGiE,EAAM4Y,WAAWlD,EAAG3Z,EAAGob,GAC9BzB,GAAKyB,EAAOpb,EAEd,OAAOiE,EAAMgF,SAAS,EAAG0Q,EAAE,IAC1B,IAAO6C,EAAc,IAAI5c,WAAW,CA5B5B,UA4BoC5B,KAMjD8e,qBAAsB,SAAS7J,GAC7B,OAAOA,EAAK8J,MAAM,MAAM7X,KAAI8X,IAC1B,IAAIhd,EAAIgd,EAAK7e,OAAS,EACtB,KAAO6B,GAAK,IAAkB,MAAZgd,EAAKhd,IAA0B,OAAZgd,EAAKhd,IAA2B,OAAZgd,EAAKhd,IAAcA,KAC5E,OAAOgd,EAAKxZ,OAAO,EAAGxD,EAAI,EAAE,IAC3BzB,KAAK,OAGV0e,UAAW,SAAS1G,EAASlV,GAC3B,IAAKA,EACH,OAAWpB,MAAMsW,GAInB,IACElV,EAAMkV,QAAUA,EAAU,KAAOlV,EAAMkV,QACvC,MAAOnV,IAET,OAAOC,GAST6b,wBAAyB,SAASC,GAChC,MAAMjY,EAAM,GAOZ,OANAiY,EAAehd,SAAQid,IACrB,IAAKA,EAAYC,IACf,MAAUpd,MAAM,0CAElBiF,EAAIkY,EAAYC,KAAOD,CAAW,IAE7BlY,GAWToY,WAAY,SAASC,GAEnB,OAAO,IAAIvgB,SAAQkB,MAAOjB,EAASC,KACjC,IAAIsgB,QACExgB,QAAQ2H,IAAI4Y,EAASrY,KAAIhH,UAC7B,IACEjB,QAAcwgB,GACd,MAAOrc,GACPoc,EAAYpc,OAGhBlE,EAAOsgB,EAAU,KAWrBE,iBAAkB,SAASC,EAAMtS,EAAGJ,GAClC,MAAM9M,EAASuK,KAAKC,IAAI0C,EAAElN,OAAQ8M,EAAE9M,QAC9BK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAIoK,EAAM,EACV,IAAK,IAAIvI,EAAI,EAAGA,EAAIxB,EAAOL,OAAQ6B,IACjCxB,EAAOwB,GAAMqL,EAAErL,GAAM,IAAM2d,EAAU1S,EAAEjL,GAAM,IAAM2d,EACnDpV,GAAQoV,EAAO3d,EAAIqL,EAAElN,OAAY,EAAIwf,EAAQ3d,EAAIiL,EAAE9M,OAErD,OAAOK,EAAOyK,SAAS,EAAGV,IAU5BqV,YAAa,SAASD,EAAMtS,EAAGJ,GAC7B,OAAQI,EAAK,IAAMsS,EAAU1S,EAAK,IAAM0S,GAK1CE,MAAO,SAASC,GACd,OAAOA,IAAeC,EAAM9N,UAAUM,QAAUuN,IAAeC,EAAM9N,UAAUO,QAAUsN,IAAeC,EAAM9N,UAAUQ,SChlBtHuL,EAAS5E,EAAK2E,gBAEpB,IAAIiC,EACAC,EAkBG,SAAS/D,GAAOpT,GACrB,IAAIoX,EAAM,IAAIte,WACd,OAAO2Z,EAAiBzS,GAAM1I,IAC5B8f,EAAM9G,EAAKvX,iBAAiB,CAACqe,EAAK9f,IAClC,MAAMuM,EAAI,GAEJwT,EAAQzV,KAAKsP,MAAMkG,EAAI/f,OADR,IAEf8F,EAFe,GAEPka,EACRC,EAAUJ,EAAYE,EAAIjV,SAAS,EAAGhF,IAC5C,IAAK,IAAIjE,EAAI,EAAGA,EAAIme,EAAOne,IACzB2K,EAAE/L,KAAKwf,EAAQ5a,OAAW,GAAJxD,EAAQ,KAC9B2K,EAAE/L,KAAK,MAGT,OADAsf,EAAMA,EAAIjV,SAAShF,GACZ0G,EAAEpM,KAAK,GAAG,IAChB,IAAO2f,EAAI/f,OAAS6f,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS5D,GAAOxT,GACrB,IAAIoX,EAAM,GACV,OAAO3E,EAAiBzS,GAAM1I,IAC5B8f,GAAO9f,EAGP,IAAIigB,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIte,EAAI,EAAGA,EAAIse,EAAWngB,OAAQ6B,IAAK,CAC1C,MAAMue,EAAYD,EAAWte,GAC7B,IAAK,IAAIE,EAAMge,EAAI5a,QAAQib,IAAqB,IAATre,EAAYA,EAAMge,EAAI5a,QAAQib,EAAWre,EAAM,GACpFme,IAMJ,IAAIlgB,EAAS+f,EAAI/f,OACjB,KAAOA,EAAS,IAAMA,EAASkgB,GAAU,GAAM,EAAGlgB,IAC5CmgB,EAAWE,SAASN,EAAI/f,KAAUkgB,IAGxC,MAAMI,EAAUR,EAAYC,EAAI1a,OAAO,EAAGrF,IAE1C,OADA+f,EAAMA,EAAI1a,OAAOrF,GACVsgB,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,GAAgBC,GAC9B,OAAOrE,GAAOqE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,GAAgB5a,EAAO6a,GACrC,IAAIV,EAAUlE,GAAOjW,GAAO2a,QAAQ,UAAW,IAI/C,OAHIE,IACFV,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAEvER,CACT,CA5FIpC,GACFgC,EAAcE,GAAOlC,EAAO+C,KAAKb,GAAK3U,SAAS,UAC/C0U,EAAc3E,IACZ,MAAMrO,EAAI+Q,EAAO+C,KAAKzF,EAAK,UAC3B,OAAO,IAAI1Z,WAAWqL,EAAEjK,OAAQiK,EAAEhK,WAAYgK,EAAE/J,WAAW,IAG7D8c,EAAcE,GAAOc,KAAK5H,EAAKqC,mBAAmByE,IAClDD,EAAc3E,GAAOlC,EAAKiC,mBAAmB4F,KAAK3F,KCVpD,OAAe,CAKb4F,uBAAwBnB,EAAM/M,KAAKI,OAKnC+N,4BAA6BpB,EAAM9N,UAAUQ,OAK7C2O,8BAA+BrB,EAAMpN,YAAYC,aAKjDyO,aAAc,EAUdC,aAAa,EAObC,uBAAwBxB,EAAMtM,KAAKC,IAQnC8N,kBAAmB,GAQnBzI,QAAQ,EAOR0I,sBAAuB,IASvBC,8BAA8B,EAU9BC,4BAA4B,EAK5BC,kBAAkB,EAOlBC,WAAY,KAOZC,wBAAwB,EAKxBC,mBAAmB,EAQnBC,wCAAwC,EASxCC,8CAA8C,EAW9CC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAACrC,EAAM9N,UAAUM,OAAQwN,EAAM9N,UAAUO,OAAQuN,EAAM9N,UAAUQ,SAMlI4P,qBAAsB,IAKtBC,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,oBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,oBAAoB,EAMpBC,qBAAsB,IAAIZ,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,SAM1D8P,4BAA6B,IAAIb,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,OAAQ4M,EAAM/M,KAAKE,OAMpFgQ,0BAA2B,IAAId,IAAI,CAACrC,EAAM7O,UAAUI,QAASyO,EAAM7O,UAAUK,MAM7E4R,aAAc,IAAIf,IAAI,CAACrC,EAAMvQ,MAAMQ,aCzNrC,SAASoT,GAAQnO,GACf,MAEMoO,EAASpO,EAAKqO,MAFH,yIAIjB,IAAKD,EACH,MAAUphB,MAAM,4BAMlB,MAAI,yBAAyBqc,KAAK+E,EAAO,IAChCtD,EAAM5H,MAAMC,iBAMjB,oBAAoBkG,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAME,cAGjB,iBAAiBiG,KAAK+E,EAAO,IACxBtD,EAAM5H,MAAMG,OAIjB,UAAUgG,KAAK+E,EAAO,IACjBtD,EAAM5H,MAAMI,QAIjB,mBAAmB+F,KAAK+E,EAAO,IAC1BtD,EAAM5H,MAAMjH,UAIjB,oBAAoBoN,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAMK,WAMjB,YAAY8F,KAAK+E,EAAO,IACnBtD,EAAM5H,MAAMpE,eADrB,CAGF,CAWA,SAASwP,GAAUC,EAAeC,GAChC,IAAIjjB,EAAS,GAWb,OAVIijB,EAAOhB,cACTjiB,GAAU,YAAcijB,EAAOd,cAAgB,MAE7Cc,EAAOf,cACTliB,GAAU,YAAcijB,EAAOb,cAAgB,MAE7CY,IACFhjB,GAAU,YAAcgjB,EAAgB,MAE1ChjB,GAAU,KACHA,CACT,CASA,SAASkjB,GAAY5a,GAEnB,OAAO6a,GA8CT,SAAqBtkB,GACnB,IAAIukB,EAAM,SACV,OAAOrI,EAAiBlc,GAAOe,IAC7B,MAAMyjB,EAAQC,GAAiBpZ,KAAKsP,MAAM5Z,EAAMD,OAAS,GAAK,EACxD4jB,EAAQ,IAAIC,YAAY5jB,EAAM4C,OAAQ5C,EAAM6C,WAAY4gB,GAC9D,IAAK,IAAI7hB,EAAI,EAAGA,EAAI6hB,EAAO7hB,IACzB4hB,GAAOG,EAAM/hB,GACb4hB,EACEK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,EAAK,KAC1BK,GAAU,GAAIL,GAAO,EAAK,KAE9B,IAAK,IAAI5hB,EAAY,EAAR6hB,EAAW7hB,EAAI5B,EAAMD,OAAQ6B,IACxC4hB,EAAOA,GAAO,EAAKK,GAAU,GAAU,IAANL,EAAcxjB,EAAM4B,OAEtD,IAAM,IAAIJ,WAAW,CAACgiB,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYpb,GAE1B,CAIA,MAAMmb,GAAY,CACZrlB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAIoD,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAI4hB,EAAM5hB,GAAK,GACf,IAAK,IAAI2Z,EAAI,EAAGA,EAAI,EAAGA,IACrBiI,EAAOA,GAAO,GAA2B,IAAd,QAANA,GAAwB,QAAW,GAE1DK,GAAU,GAAGjiB,IACH,SAAN4hB,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAI5hB,EAAI,EAAGA,GAAK,IAAMA,IACzBiiB,GAAU,GAAGjiB,GAAMiiB,GAAU,GAAGjiB,IAAM,EAAKiiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGjiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBiiB,GAAU,GAAGjiB,GAAMiiB,GAAU,GAAGjiB,IAAM,EAAKiiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGjiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBiiB,GAAU,GAAGjiB,GAAMiiB,GAAU,GAAGjiB,IAAM,EAAKiiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGjiB,IAIvE,MAAM8hB,GAAkB,WACtB,MAAM9gB,EAAS,IAAImhB,YAAY,GAG/B,OAFA,IAAIC,SAASphB,GAAQqhB,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWthB,GAAQ,EAChC,IAmCA,SAASuhB,GAAcC,GACrB,IAAK,IAAIxiB,EAAI,EAAGA,EAAIwiB,EAAQrkB,OAAQ6B,IAC7B,mCAAmCsc,KAAKkG,EAAQxiB,KACnDoX,EAAK4D,gBAAoB/a,MAAM,sCAAwCuiB,EAAQxiB,KAE5E,iDAAiDsc,KAAKkG,EAAQxiB,KACjEoX,EAAK4D,gBAAoB/a,MAAM,mBAAqBuiB,EAAQxiB,IAGlE,CASA,SAASyiB,GAAcxP,GACrB,IAAIyP,EAAOzP,EACP0P,EAAW,GAEf,MAAMC,EAAa3P,EAAK4P,YAAY,KAOpC,OALID,GAAc,GAAKA,IAAe3P,EAAK9U,OAAS,IAClDukB,EAAOzP,EAAKxU,MAAM,EAAGmkB,GACrBD,EAAW1P,EAAKxU,MAAMmkB,EAAa,GAAGpf,OAAO,EAAG,IAG3C,CAAEkf,KAAMA,EAAMC,SAAUA,EACjC,CAWO,SAASG,GAAQzlB,EAAOokB,EAASsB,IAEtC,OAAO,IAAI/lB,SAAQkB,MAAOjB,EAASC,KACjC,IACE,MAAM8lB,EAAU,qBACVC,EAAc,oDAEpB,IAAIjM,EACJ,MAAMwL,EAAU,GAChB,IACIU,EAEAC,EACAR,EAJAS,EAAcZ,EAEdvP,EAAO,GAGPnM,EAAOuc,GAAcC,EAAqBjmB,GAAOa,MAAOsH,EAAUC,KACpE,MAAMnD,EAASihB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAIwX,QAAa1a,EAAOY,WACxB,QAAalF,IAATgf,EACF,MAAU/c,MAAM,0BAIlB,GADA+c,EAAO5F,EAAK0F,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpD5H,EAIE,GAAKkM,EAcAC,GAAqB,IAATnM,IACjBgM,EAAQ1G,KAAKU,IAIhB/J,EAAOA,EAAK1U,KAAK,QACjB4kB,GAAW,EACXZ,GAAca,GACdA,EAAc,GACdF,GAAc,GANdjQ,EAAKrU,KAAKoe,EAAK4B,QAAQ,MAAO,WAbhC,GAHIoE,EAAQ1G,KAAKU,IACf9f,EAAW+C,MAAM,sEAEdgjB,EAAY3G,KAAKU,IAKpB,GAFAuF,GAAca,GACdF,GAAc,EACVC,GAAqB,IAATnM,EAAY,CAC1B/Z,EAAQ,CAAEgW,OAAMnM,OAAM0b,UAASxL,SAC/B,YANFoM,EAAYxkB,KAAKoe,QARfgG,EAAQ1G,KAAKU,KACfhG,EAAOoK,GAAQpE,KA6BrB,MAAO5b,GAEP,YADAlE,EAAOkE,GAGT,MAAM3D,EAAS+lB,EAAiB/d,GAChC,IACE,OAAa,OACLhI,EAAOwI,MACb,MAAM5H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EACF,MAAU4B,MAAM,0BAElB,MAAM+c,EAAO5e,EAAQ,GACrB,IAA2B,IAAvB4e,EAAK1Z,QAAQ,OAAsC,IAAvB0Z,EAAK1Z,QAAQ,KAEtC,CACL,IAAIoE,QAAkBpF,EAAOhE,YACxBoJ,EAAUvJ,SAAQuJ,EAAY,IACnCA,EAAYsV,EAAOtV,EACnBA,EAAY0P,EAAK0F,qBAAqBpV,EAAUkX,QAAQ,MAAO,KAC/D,MAAM6E,EAAQ/b,EAAUqV,MAAMiG,GAC9B,GAAqB,IAAjBS,EAAMtlB,OACR,MAAU8B,MAAM,0BAElB,MAAM8c,EAAQ0F,GAAcgB,EAAM,GAAGhlB,MAAM,GAAI,IAC/CkkB,EAAW5F,EAAM4F,eACXllB,EAAOoB,MAAMke,EAAM2F,MACzB,YAbMjlB,EAAOoB,MAAMme,SAgBjBvf,EAAOwI,YACPxI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,QAGvB0F,EAAOwc,EAAqBxc,GAAM5I,MAAOsH,EAAUC,KACjD,MAAMie,EAAmBC,EAAiBjC,GAAYkC,EAAoBpe,KAC1Eke,EAAiBvmB,OAAM,eACjB0mB,EAAYre,EAAUC,EAAU,CACpCE,cAAc,IAEhB,MAAMlI,EAAS+lB,EAAiB/d,GAChC,IACE,MAAMqe,SAAgCJ,GAAkB9E,QAAQ,KAAM,IACtE,GAAI+D,IAAamB,IAA2BnB,GAAYlB,EAAO7B,kBAC7D,MAAU3f,MAAM,4CAEZxC,EAAOwI,YACPxI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAGvB,MAAOA,GACPlE,EAAOkE,OAERzC,MAAKT,UACF6lB,EAAqBvlB,EAAOsI,QAC9BtI,EAAOsI,WAAa6c,EAAiBnlB,EAAOsI,OAEvCtI,IAEX,CAaO,SAAS2X,GAAM6N,EAAatB,EAAMuB,EAAWC,EAAW1C,EAAeC,EAASsB,IACrF,IAAI9P,EACAjC,EACAgT,IAAgBjG,EAAM5H,MAAMG,SAC9BrD,EAAOyP,EAAKzP,KACZjC,EAAO0R,EAAK1R,KACZ0R,EAAOA,EAAK5b,MAEd,MAAMqd,EAAYP,EAAoBlB,GAChClkB,EAAS,GACf,OAAQwlB,GACN,KAAKjG,EAAM5H,MAAMC,iBACf5X,EAAOI,KAAK,gCAAkCqlB,EAAY,IAAMC,EAAY,WAC5E1lB,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,8BAAgCqlB,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAKnG,EAAM5H,MAAME,cACf7X,EAAOI,KAAK,gCAAkCqlB,EAAY,WAC1DzlB,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,8BAAgCqlB,EAAY,WACxD,MACF,KAAKlG,EAAM5H,MAAMG,OACf9X,EAAOI,KAAK,wCACZJ,EAAOI,KAAK,SAAWoS,EAAO,QAC9BxS,EAAOI,KAAKqU,EAAK2L,QAAQ,OAAQ,QACjCpgB,EAAOI,KAAK,qCACZJ,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,iCACZ,MACF,KAAKmf,EAAM5H,MAAMI,QACf/X,EAAOI,KAAK,iCACZJ,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,+BACZ,MACF,KAAKmf,EAAM5H,MAAMjH,UACf1Q,EAAOI,KAAK,0CACZJ,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,wCACZ,MACF,KAAKmf,EAAM5H,MAAMK,WACfhY,EAAOI,KAAK,2CACZJ,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,yCACZ,MACF,KAAKmf,EAAM5H,MAAMpE,UACfvT,EAAOI,KAAK,mCACZJ,EAAOI,KAAK2iB,GAAUC,EAAeC,IACrCjjB,EAAOI,KAAK+iB,GAAce,IAC1BlkB,EAAOI,KAAK,IAAK8iB,GAAYyC,IAC7B3lB,EAAOI,KAAK,iCAIhB,OAAOwY,EAAK7T,OAAO/E,EACrB,CC5YA,MAAM4lB,GACJvnB,cACEE,KAAKkH,MAAQ,GAOfhG,KAAKgG,GAEH,OADAlH,KAAKkH,MAAQmT,EAAKqC,mBAAmBxV,EAAMgF,SAAS,EAAG,IAChDlM,KAAKkH,MAAM9F,OAOpBU,QACE,OAAOuY,EAAKiC,mBAAmBtc,KAAKkH,OAOtCogB,QACE,OAAOjN,EAAK8B,gBAAgB9B,EAAKiC,mBAAmBtc,KAAKkH,QAQ3DqgB,OAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB1nB,KAAK0nB,eAAkB1nB,KAAKkH,QAAUsgB,EAAMtgB,MAO9FygB,SACE,MAAsB,KAAf3nB,KAAKkH,MAOdwgB,aACE,MAAO,OAAOnI,KAAKvf,KAAKsnB,SAG1BM,gBAAgBJ,GACd,OAAOA,EAAMF,QAGfM,cAActb,GACZ,MAAMkb,EAAQ,IAAIH,GAElB,OADAG,EAAMtmB,KAAKmZ,EAAK4B,gBAAgB3P,IACzBkb,EAGTI,kBACE,MAAMJ,EAAQ,IAAIH,GAElB,OADAG,EAAMtmB,KAAK,IAAI2B,WAAW,IACnB2kB,GChGJ,IAAIK,GAAU,WAMnB,IAKIC,EAAOC,EALPC,GAAa,EAsCjB,SAASC,EAAK3Z,EAAGJ,GACf,IAAImO,EAAIyL,GAAOC,EAAMzZ,GAAKyZ,EAAM7Z,IAAM,KAEtC,OADU,IAANI,GAAiB,IAANJ,IAASmO,EAAI,GACrBA,EAiBT,IAOI6L,EAKAC,EAKAC,EAKAC,EAtBAC,GAAgB,EA2BpB,SAASC,IAIP,SAASC,EAAGla,GACV,IAAI+N,EAAGyB,EAAG/Q,EAEV,IADA+Q,EAAI/Q,EA1CR,SAAcuB,GACZ,IAAIrL,EAAI6kB,EAAM,IAAMC,EAAMzZ,IAE1B,OADU,IAANA,IAASrL,EAAI,GACVA,EAuCGwlB,CAAKna,GACR+N,EAAI,EAAGA,EAAI,EAAGA,IAEjBtP,GADA+Q,EAA6B,KAAvBA,GAAK,EAAMA,IAAM,GAIzB,OADA/Q,GAAK,GAVFib,GA5EP,WACEF,EAAQ,GACNC,EAAQ,GAEV,IAAW1L,EAAGqM,EAAVpa,EAAI,EACR,IAAK+N,EAAI,EAAGA,EAAI,IAAKA,IACnByL,EAAMzL,GAAK/N,EAGXoa,EAAQ,IAAJpa,EAAUA,IAAM,EAAGA,GAAK,IAClB,MAANoa,IAAYpa,GAAK,IACrBA,GAAKwZ,EAAMzL,GAGX0L,EAAMD,EAAMzL,IAAMA,EAEpByL,EAAM,KAAOA,EAAM,GACnBC,EAAM,GAAK,EAEXC,GAAa,EAyDIW,GAejBT,EAAW,GACTC,EAAW,GACXC,EAAU,CAAC,GAAI,GAAI,GAAI,IACvBC,EAAU,CAAC,GAAI,GAAI,GAAI,IAEzB,IAAK,IAAIplB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC5B,IAAI6a,EAAI0K,EAAGvlB,GAGXilB,EAASjlB,GAAK6a,EACdqK,EAASrK,GAAK7a,EAGdmlB,EAAQ,GAAGnlB,GAAMglB,EAAK,EAAGnK,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKmK,EAAK,EAAGnK,GACpEuK,EAAQ,GAAGvK,GAAMmK,EAAK,GAAIhlB,IAAM,GAAOglB,EAAK,EAAGhlB,IAAM,GAAOglB,EAAK,GAAIhlB,IAAM,EAAKglB,EAAK,GAAIhlB,GAEzF,IAAK,IAAIib,EAAI,EAAGA,EAAI,EAAGA,IACrBkK,EAAQlK,GAAGjb,GAAMmlB,EAAQlK,EAAI,GAAGjb,KAAO,EAAMmlB,EAAQlK,EAAI,GAAGjb,IAAM,GAClEolB,EAAQnK,GAAGJ,GAAMuK,EAAQnK,EAAI,GAAGJ,KAAO,EAAMuK,EAAQnK,EAAI,GAAGJ,IAAM,GAItEwK,GAAgB,EA0BlB,IAAIM,EAAU,SAAUC,EAAS5kB,GAE1BqkB,GAAeC,IAGpB,IAAIO,EAAO,IAAI7D,YAAYhhB,GAC3B6kB,EAAKxlB,IAAI4kB,EAAU,KACnBY,EAAKxlB,IAAI6kB,EAAU,KACnB,IAAK,IAAIllB,EAAI,EAAGA,EAAI,EAAGA,IACrB6lB,EAAKxlB,IAAI8kB,EAAQnlB,GAAK,KAAS,KAAQA,GAAM,GAC7C6lB,EAAKxlB,IAAI+kB,EAAQplB,GAAK,KAAS,KAAQA,GAAM,GAuD/C,IAEI8lB,EAAM,SAAUC,EAAQH,EAAS5kB,GACnC,UAEA,IAAIglB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAI,EAEN,IAAIC,EAAO,IAAItB,EAAO/D,YAAYhhB,GAChCsmB,EAAO,IAAIvB,EAAOnmB,WAAWoB,GAa/B,SAASumB,EAAMtO,EAAG4B,EAAGI,EAAGtQ,EAAG6c,EAAIC,EAAIC,EAAIC,GACrC1O,EAAIA,EAAI,EACR4B,EAAIA,EAAI,EACRI,EAAIA,EAAI,EACRtQ,EAAIA,EAAI,EACR6c,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAIC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACvBC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BloB,EAAI,EAEN4nB,EAAK3M,EAAI,MAAO4M,EAAK5M,EAAI,MAAO6M,EAAK7M,EAAI,MAGzCuM,EAAKA,EAAKH,GAAMpO,EAAI,IAAM,GACxBwO,EAAKA,EAAKJ,GAAMpO,EAAI,IAAM,GAC1ByO,EAAKA,EAAKL,GAAMpO,EAAI,IAAM,GAC1B0O,EAAKA,EAAKN,GAAMpO,EAAI,KAAO,GAG7B,IAAKjZ,EAAI,IAAKA,EAAI,IAAO2K,GAAK,EAAI3K,EAAKA,EAAI,GAAM,EAAG,CAClD+nB,EAAKV,GAAMpM,EAAIuM,GAAM,GAAK,OAAS,GAAKH,GAAMO,EAAKH,GAAM,GAAK,OAAS,GAAKJ,GAAMQ,EAAKH,GAAM,EAAI,OAAS,GAAKL,GAAMS,EAAKH,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIjZ,EAAI,IAAM,GACpKgoB,EAAKX,GAAMpM,EAAIwM,GAAM,GAAK,OAAS,GAAKJ,GAAMO,EAAKF,GAAM,GAAK,OAAS,GAAKL,GAAMQ,EAAKF,GAAM,EAAI,OAAS,GAAKN,GAAMS,EAAKN,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIjZ,EAAI,IAAM,GACtKioB,EAAKZ,GAAMpM,EAAIyM,GAAM,GAAK,OAAS,GAAKL,GAAMO,EAAKD,GAAM,GAAK,OAAS,GAAKN,GAAMQ,EAAKL,GAAM,EAAI,OAAS,GAAKH,GAAMS,EAAKL,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIjZ,EAAI,IAAM,GACtKkoB,EAAKb,GAAMpM,EAAI0M,GAAM,GAAK,OAAS,GAAKN,GAAMO,EAAKJ,GAAM,GAAK,OAAS,GAAKH,GAAMQ,EAAKJ,GAAM,EAAI,OAAS,GAAKJ,GAAMS,EAAKJ,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIjZ,EAAI,KAAO,GACzKwnB,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAIlClC,EAAKqB,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,IAAM,EAAIL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIjZ,EAAI,IAAM,GAClLimB,EAAKoB,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,IAAM,EAAIN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIjZ,EAAI,IAAM,GACpLkmB,EAAKmB,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,IAAM,EAAIH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIjZ,EAAI,IAAM,GACpLmmB,EAAKkB,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,IAAM,EAAIJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIjZ,EAAI,KAAO,GAUzL,SAASmoB,EAASX,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAC,EACAC,EACAC,GAWJ,SAASS,EAASZ,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAWxB,SAASoN,EAASb,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,GAGPvB,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAUT,SAASmC,EAASd,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAEtB+K,EAAKA,EAAKI,EACRH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EAEZH,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASY,EAASf,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EAAKA,EAAKwB,EACbnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EAWnB,SAASa,EAAShB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFP,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAEZvB,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASc,EAAKjB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAEPH,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASe,EAAKlB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAZ,EACAC,EACAC,EACAC,GAGFA,GAAOI,EAAKJ,EAAMI,EAAMJ,EAAK,EAC3BD,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAE5CT,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASgB,EAASnB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAII,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BU,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7B/oB,EAAI,EAAGoZ,EAAI,EAEboO,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAEZwB,EAAKf,EAAK,EACRgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EAEZ,MAAQnnB,EAAI,GAAK,IAAKA,EAAKA,EAAI,EAAK,EAAG,CACrC,GAAI+nB,IAAO,GAAI,CACba,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAGdI,EAAMA,GAAM,EAAMC,IAAO,GACvBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAEd9O,EAAIuO,EAAK,EAETA,EAAMA,IAAO,EAAMD,GAAM,GACvBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAEf,GAAIpO,EAAGoO,EAAKA,EAAK,WAGnBpB,EAAKwC,EACHvC,EAAKwC,EACLvC,EAAKwC,EACLvC,EAAKwC,EAST,SAASC,EAAWre,GAClBA,EAAIA,EAAI,EACRyc,EAAIzc,EAYN,SAASse,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVrD,EAAKkD,EACHjD,EAAKkD,EACLjD,EAAKkD,EACLjD,EAAKkD,EAYT,SAASC,EAAOC,EAAIC,EAAIC,EAAIC,GAC1BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVtD,EAAKmD,EACHlD,EAAKmD,EACLlD,EAAKmD,EACLlD,EAAKmD,EAYT,SAASC,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVvD,EAAKoD,EACHnD,EAAKoD,EACLnD,EAAKoD,EACLnD,EAAKoD,EAYT,SAASC,EAASC,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVxD,EAAKqD,EACHpD,EAAKqD,EACLpD,EAAKqD,EACLpD,EAAKqD,EAYT,SAASC,EAAYC,EAAIC,EAAIC,EAAIC,GAC/BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV9D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACrB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EAU3B,SAASI,EAAUxqB,GACjBA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBonB,EAAKpnB,EAAM,GAAK8lB,IAAO,GACrBsB,EAAKpnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BsB,EAAKpnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BsB,EAAKpnB,EAAM,GAAK8lB,EAAK,IACrBsB,EAAKpnB,EAAM,GAAK+lB,IAAO,GACvBqB,EAAKpnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BqB,EAAKpnB,EAAM,GAAK+lB,IAAO,EAAI,IAC3BqB,EAAKpnB,EAAM,GAAK+lB,EAAK,IACrBqB,EAAKpnB,EAAM,GAAKgmB,IAAO,GACvBoB,EAAKpnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BoB,EAAKpnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BoB,EAAKpnB,EAAM,IAAMgmB,EAAK,IACtBoB,EAAKpnB,EAAM,IAAMimB,IAAO,GACxBmB,EAAKpnB,EAAM,IAAMimB,IAAO,GAAK,IAC7BmB,EAAKpnB,EAAM,IAAMimB,IAAO,EAAI,IAC5BmB,EAAKpnB,EAAM,IAAMimB,EAAK,IAExB,OAAO,GAUT,SAASwE,EAAOzqB,GACdA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBonB,EAAKpnB,EAAM,GAAKkmB,IAAO,GACrBkB,EAAKpnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BkB,EAAKpnB,EAAM,GAAKkmB,IAAO,EAAI,IAC3BkB,EAAKpnB,EAAM,GAAKkmB,EAAK,IACrBkB,EAAKpnB,EAAM,GAAKmmB,IAAO,GACvBiB,EAAKpnB,EAAM,GAAKmmB,IAAO,GAAK,IAC5BiB,EAAKpnB,EAAM,GAAKmmB,IAAO,EAAI,IAC3BiB,EAAKpnB,EAAM,GAAKmmB,EAAK,IACrBiB,EAAKpnB,EAAM,GAAKomB,IAAO,GACvBgB,EAAKpnB,EAAM,GAAKomB,IAAO,GAAK,IAC5BgB,EAAKpnB,EAAM,IAAMomB,IAAO,EAAI,IAC5BgB,EAAKpnB,EAAM,IAAMomB,EAAK,IACtBgB,EAAKpnB,EAAM,IAAMqmB,IAAO,GACxBe,EAAKpnB,EAAM,IAAMqmB,IAAO,GAAK,IAC7Be,EAAKpnB,EAAM,IAAMqmB,IAAO,EAAI,IAC5Be,EAAKpnB,EAAM,IAAMqmB,EAAK,IAExB,OAAO,GAQT,SAASqE,IACPzC,EAAS,EAAG,EAAG,EAAG,GAClBnB,EAAKhB,EACHiB,EAAKhB,EACLiB,EAAKhB,EACLiB,EAAKhB,EAYT,SAAS0E,EAAOC,EAAM5qB,EAAK6M,GACzB+d,EAAOA,EAAO,EACd5qB,EAAMA,EAAM,EACZ6M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI7qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ6M,EAAM,IAAM,GAAI,CACtBie,EAAcF,EAAO,GACnBxD,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,EAAIonB,EAAKpnB,EAAM,GAC5EonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,EAAIonB,EAAKpnB,EAAM,GAC5EonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,KAAO,EAAIonB,EAAKpnB,EAAM,IAC7EonB,EAAKpnB,EAAM,KAAO,GAAKonB,EAAKpnB,EAAM,KAAO,GAAKonB,EAAKpnB,EAAM,KAAO,EAAIonB,EAAKpnB,EAAM,KAGjFonB,EAAKpnB,EAAM,GAAK8lB,IAAO,GACrBsB,EAAKpnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BsB,EAAKpnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BsB,EAAKpnB,EAAM,GAAK8lB,EAAK,IACrBsB,EAAKpnB,EAAM,GAAK+lB,IAAO,GACvBqB,EAAKpnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BqB,EAAKpnB,EAAM,GAAK+lB,IAAO,EAAI,IAC3BqB,EAAKpnB,EAAM,GAAK+lB,EAAK,IACrBqB,EAAKpnB,EAAM,GAAKgmB,IAAO,GACvBoB,EAAKpnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BoB,EAAKpnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BoB,EAAKpnB,EAAM,IAAMgmB,EAAK,IACtBoB,EAAKpnB,EAAM,IAAMimB,IAAO,GACxBmB,EAAKpnB,EAAM,IAAMimB,IAAO,GAAK,IAC7BmB,EAAKpnB,EAAM,IAAMimB,IAAO,EAAI,IAC5BmB,EAAKpnB,EAAM,IAAMimB,EAAK,IAExB4E,EAAOA,EAAM,GAAM,EACjB7qB,EAAOA,EAAM,GAAM,EACnB6M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAYf,SAASE,EAAIH,EAAM5qB,EAAK6M,GACtB+d,EAAOA,EAAO,EACd5qB,EAAMA,EAAM,EACZ6M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI7qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ6M,EAAM,IAAM,GAAI,CACtBme,EAAWJ,EAAO,GAChBxD,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,EAAIonB,EAAKpnB,EAAM,GAC5EonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,EAAIonB,EAAKpnB,EAAM,GAC5EonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,IAAM,GAAKonB,EAAKpnB,EAAM,KAAO,EAAIonB,EAAKpnB,EAAM,IAC7EonB,EAAKpnB,EAAM,KAAO,GAAKonB,EAAKpnB,EAAM,KAAO,GAAKonB,EAAKpnB,EAAM,KAAO,EAAIonB,EAAKpnB,EAAM,KAGjF6qB,EAAOA,EAAM,GAAM,EACjB7qB,EAAOA,EAAM,GAAM,EACnB6M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAMf,IAAIC,EAAgB,CAAC7C,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAMC,GAKvF,IAAIwC,EAAa,CAAC7C,EAAUM,GAK5B,MAAO,CACLK,WAAYA,EACZC,UAAWA,EACXK,OAAQA,EACRK,UAAWA,EACXK,SAAUA,EACVK,YAAaA,EACbK,UAAWA,EACXC,OAAQA,EACRC,SAAUA,EACVC,OAAQA,EACRI,IAAKA,GAxpBC,CAFG,CAACrrB,WAAwBoiB,aA4pB5B4D,EAAS5kB,GAInB,OAFA8kB,EAAIqF,QApsBJ,SAAiBC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/C,IAAIC,EAAQhG,EAAK5c,SAAS,EAAO,IAC/B6iB,EAAQjG,EAAK5c,SAAS,IAAO,KAG/B4iB,EAAMxrB,IAAI,CAACgrB,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,IACvC,IAAK,IAAI5rB,EAAIorB,EAAIW,EAAO,EAAG/rB,EAAI,EAAIorB,EAAK,GAAIprB,IAAK,CAC/C,IAAIiZ,EAAI4S,EAAM7rB,EAAI,IACbA,EAAIorB,GAAO,GAAc,IAAPA,GAAYprB,EAAIorB,GAAO,KAC5CnS,EAAIgM,EAAShM,IAAM,KAAO,GAAKgM,EAAShM,IAAM,GAAK,MAAQ,GAAKgM,EAAShM,IAAM,EAAI,MAAQ,EAAIgM,EAAa,IAAJhM,IAEtGjZ,EAAIorB,GAAO,IACbnS,EAAKA,GAAK,EAAMA,IAAM,GAAO8S,GAAQ,GACrCA,EAAQA,GAAQ,GAAc,IAAPA,EAAe,GAAO,IAE/CF,EAAM7rB,GAAK6rB,EAAM7rB,EAAIorB,GAAMnS,EAI7B,IAAK,IAAIU,EAAI,EAAGA,EAAI3Z,EAAG2Z,GAAK,EAC1B,IAAK,IAAIqS,EAAK,EAAGA,EAAK,EAAGA,IAAM,CACzB/S,EAAI4S,EAAM7rB,GAAK,EAAI2Z,IAAM,EAAIqS,GAAM,GAErCF,EAAMnS,EAAIqS,GADRrS,EAAI,GAAKA,GAAK3Z,EAAI,EACJiZ,EAEAmM,EAAQ,GAAGH,EAAShM,IAAM,KACtCmM,EAAQ,GAAGH,EAAShM,IAAM,GAAK,MAC/BmM,EAAQ,GAAGH,EAAShM,IAAM,EAAI,MAC9BmM,EAAQ,GAAGH,EAAa,IAAJhM,IAM9B6M,EAAIkD,WAAWoC,EAAK,IAoqBftF,GA8CT,OAtCAH,EAAQsG,IAAM,CACZC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQL3G,EAAQ4G,IAAM,CACZL,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQP3G,EAAQ6G,IAAM,CACZL,IAAK,EACLM,IAAK,GAQT9G,EAAQ+G,UAAY,MAEb/G,CACT,CA36BqB,GC+Gd,SAASgH,GAASthB,GACrB,OAAOA,aAAazL,UACxB,CAWO,SAASgtB,GAAW/G,EAAMgH,GAC7B,MAAM9qB,EAAO8jB,EAAOA,EAAK3kB,WAAa2rB,GAAY,MAClD,GAAW,KAAP9qB,GAAgBA,GAAQ,EACxB,MAAU9B,MAAM,+DAEpB,OADA4lB,EAAOA,GAAQ,IAAIjmB,WAAW,IAAIuiB,YAAYpgB,GAElD,CACO,SAAS+qB,GAAYjH,EAAMkH,EAAMjmB,EAAMkmB,EAAMC,GAChD,MAAMC,EAAOrH,EAAK1nB,OAAS4uB,EACrBI,EAAOD,EAAOD,EAAOC,EAAOD,EAElC,OADApH,EAAKxlB,IAAIyG,EAAKmC,SAAS+jB,EAAMA,EAAOG,GAAOJ,GACpCI,CACX,CACO,SAASC,MAAaC,GACzB,MAAMC,EAAcD,EAAIE,QAAO,CAACC,EAAKC,IAASD,EAAMC,EAAKtvB,QAAQ,GAC3D4sB,EAAM,IAAInrB,WAAW0tB,GAC3B,IAAII,EAAS,EACb,IAAK,IAAI1tB,EAAI,EAAGA,EAAIqtB,EAAIlvB,OAAQ6B,IAC5B+qB,EAAI1qB,IAAIgtB,EAAIrtB,GAAI0tB,GAChBA,GAAUL,EAAIrtB,GAAG7B,OAErB,OAAO4sB,CACX,CCvJO,MAAM4C,WAA0B1tB,MACnCpD,eAAe+wB,GACX9wB,SAAS8wB,IAIV,MAAMC,WAA6B5tB,MACtCpD,eAAe+wB,GACX9wB,SAAS8wB,IAIV,MAAME,WAAsB7tB,MAC/BpD,eAAe+wB,GACX9wB,SAAS8wB,ICXjB,MAAMG,GAAY,GACZC,GAAW,GACV,MAAMC,GACTpxB,YAAY+W,EAAKsa,EAAIC,GAAU,EAAMrD,EAAMjF,EAAMC,GAC7C/oB,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACXhQ,KAAK+tB,KAAOA,EAEZ/tB,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACXhQ,KAAK6W,IAAMA,EACX7W,KAAKmxB,GAAKA,EACVnxB,KAAKoxB,QAAUA,EAEfpxB,KAAKqxB,YAAYvI,EAAMC,GAE3BsI,YAAYvI,EAAMC,GAMd,YALkB9nB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChC/oB,KAAK8oB,KAAOA,GAAQkI,GAAUM,OAASzB,KAAa3jB,SAAS2b,GAAQ8H,WACrE3vB,KAAK+oB,IAAMA,GAAOkI,GAASK,OAAS,IAAIzJ,GAAQ,KAAM7nB,KAAK8oB,KAAK7kB,QAChEjE,KAAKuxB,MAAMvxB,KAAK6W,IAAK7W,KAAKmxB,KAEvB,CAAErI,KAAM9oB,KAAK8oB,KAAMC,IAAK/oB,KAAK+oB,KAExCyI,mBACsBvwB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChCiI,GAAUnvB,KAAK7B,KAAK8oB,MACpBmI,GAASpvB,KAAK7B,KAAK+oB,MAEvB/oB,KAAK8oB,UAAO7nB,EACZjB,KAAK+oB,SAAM9nB,EAEfswB,MAAM1a,EAAKsa,GACP,MAAMpI,IAAEA,GAAQ/oB,KAAKqxB,cAEfI,EAAS5a,EAAIzV,OACnB,GAAe,KAAXqwB,GAA4B,KAAXA,GAA4B,KAAXA,EAClC,MAAM,IAAIX,GAAqB,oBACnC,MAAMY,EAAU,IAAIrM,SAASxO,EAAI5S,OAAQ4S,EAAI3S,WAAY2S,EAAI1S,YAG7D,GAFA4kB,EAAIqF,QAAQqD,GAAU,EAAGC,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,IAAKF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,QAExQ1wB,IAAPkwB,EAAkB,CAClB,GAAkB,KAAdA,EAAG/vB,OACH,MAAM,IAAI0vB,GAAqB,mBACnC,IAAIc,EAAS,IAAIvM,SAAS8L,EAAGltB,OAAQktB,EAAGjtB,WAAYitB,EAAGhtB,YACvD4kB,EAAIwD,OAAOqF,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,UAG3F5I,EAAIwD,OAAO,EAAG,EAAG,EAAG,GAG5BsF,oBAAoB9nB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ/oB,KAAKqxB,cACrBU,EAAQlK,GAAQqH,IAAIlvB,KAAK+tB,MACzBiC,EAAOnI,GAAQ8H,UACfxsB,EAAMnD,KAAKmD,IACX6M,EAAMhQ,KAAKgQ,IACXigB,EAAO,EACPC,EAAOnmB,EAAK3I,QAAU,EACtB4wB,EAAO,EAEP5B,EAAO,EACP3uB,EAAS,IAAIoB,WAFLmN,EAAMkgB,GAAS,IAG3B,KAAOA,EAAO,GACVE,EAAOL,GAAYjH,EAAM3lB,EAAM6M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO7sB,EAAK6M,GACjCogB,GACA3uB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMitB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP7M,GAAOitB,EACPpgB,GAAOogB,IAGPjtB,EAAM,EACN6M,EAAM,GAKd,OAFAhQ,KAAKmD,IAAMA,EACXnD,KAAKgQ,IAAMA,EACJvO,EAEXwwB,qBACI,IAAInJ,KAAEA,EAAIC,IAAEA,GAAQ/oB,KAAKqxB,cACrBU,EAAQlK,GAAQqH,IAAIlvB,KAAK+tB,MACzBiC,EAAOnI,GAAQ8H,UACfxsB,EAAMnD,KAAKmD,IACX6M,EAAMhQ,KAAKgQ,IACXkiB,EAAO,GAAMliB,EAAM,GACnBmiB,EAAOniB,EACX,GAAIhQ,KAAKoyB,eAAe,YACpB,GAAIpyB,KAAKoxB,QAAS,CACd,IAAK,IAAIiB,EAAI,EAAGA,EAAIH,IAAQG,EACxBvJ,EAAK3lB,EAAM6M,EAAMqiB,GAAKH,EAE1BliB,GAAOkiB,EACPC,EAAOniB,OAEN,GAAIA,EAAM,GACX,MAAM,IAAI8gB,GAAqB,yDAInC9gB,GAAOkiB,EAEX,MAAMzwB,EAAS,IAAIoB,WAAWsvB,GAQ9B,OAPIniB,GACA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO7sB,EAAK6M,GAC9BmiB,GACA1wB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMgvB,IACxCnyB,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACXhQ,KAAKwxB,cACE/vB,EAEX6wB,oBAAoBvoB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ/oB,KAAKqxB,cACrBU,EAAQlK,GAAQ2H,IAAIxvB,KAAK+tB,MACzBiC,EAAOnI,GAAQ8H,UACfxsB,EAAMnD,KAAKmD,IACX6M,EAAMhQ,KAAKgQ,IACXigB,EAAO,EACPC,EAAOnmB,EAAK3I,QAAU,EACtB4wB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBgC,EAAO,EACP9B,EAAO,EACPpwB,KAAKoxB,UACLc,EAAOliB,EAAMkgB,EAAOiC,GAAQ,GAC5BA,GAAQD,GAEZ,MAAMzwB,EAAS,IAAIoB,WAAWsvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM3lB,EAAM6M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO7sB,EAAK6M,GAAQkgB,EAAc,EAAPgC,IAChD9B,GACA3uB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMitB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP7M,GAAOitB,EACPpgB,GAAOogB,IAGPjtB,EAAM,EACN6M,EAAM,GAKd,OAFAhQ,KAAKmD,IAAMA,EACXnD,KAAKgQ,IAAMA,EACJvO,EAEX8wB,qBACI,IAAIzJ,KAAEA,EAAIC,IAAEA,GAAQ/oB,KAAKqxB,cACrBU,EAAQlK,GAAQ2H,IAAIxvB,KAAK+tB,MACzBiC,EAAOnI,GAAQ8H,UACfxsB,EAAMnD,KAAKmD,IACX6M,EAAMhQ,KAAKgQ,IACXmiB,EAAOniB,EACX,GAAIA,EAAM,EAAG,CACT,GAAIA,EAAM,GAAI,CACV,GAAIhQ,KAAKoyB,eAAe,WACpB,MAAM,IAAItB,GAAqB,oDAG/B9gB,GAAO,GAAMA,EAAM,GAI3B,GADA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO7sB,EAAK6M,GAC1BhQ,KAAKoyB,eAAe,YAAcpyB,KAAKoxB,QAAS,CAChD,IAAIoB,EAAM1J,EAAK3lB,EAAMgvB,EAAO,GAC5B,GAAIK,EAAM,GAAKA,EAAM,IAAMA,EAAML,EAC7B,MAAM,IAAIpB,GAAc,eAC5B,IAAI0B,EAAS,EACb,IAAK,IAAIxvB,EAAIuvB,EAAKvvB,EAAI,EAAGA,IACrBwvB,GAAUD,EAAM1J,EAAK3lB,EAAMgvB,EAAOlvB,GACtC,GAAIwvB,EACA,MAAM,IAAI1B,GAAc,eAC5BoB,GAAQK,GAGhB,MAAM/wB,EAAS,IAAIoB,WAAWsvB,GAO9B,OANIA,EAAO,GACP1wB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMgvB,IAExCnyB,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACXhQ,KAAKwxB,cACE/vB,GCtMR,MAAMixB,GACT9K,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASuB,QAAQ5oB,GAE7C6d,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASwB,QAAQ7oB,GAE7CjK,YAAY+W,EAAKua,GAAU,EAAOyB,GAC9B7yB,KAAK6yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK5V,EAAWmwB,EAAS,OAE5DuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIhB,oBAAoB9nB,GAC7B/J,KAAK6yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIP,oBAAoBvoB,GAC7B/J,KAAK6yB,IAAIN,uBCb5B,SAASM,GAAIzxB,GACX,MAAM0xB,EAAI,SAASjc,GACjB,MAAMkc,EAAS,IAAIL,GAAQ7b,GAE3B7W,KAAK2yB,QAAU,SAASK,GACtB,OAAOD,EAAOJ,QAAQK,IAGxBhzB,KAAK4yB,QAAU,SAASI,GACtB,OAAOD,EAAOH,QAAQI,KAO1B,OAHAF,EAAEG,UAAYH,EAAE9xB,UAAUiyB,UAAY,GACtCH,EAAEI,QAAUJ,EAAE9xB,UAAUkyB,QAAU9xB,EAAS,EAEpC0xB,CACT,CCAA,SAASK,GAAIC,EAAM5Z,EAASmZ,EAAS5E,EAAMoD,EAAIC,GAE7C,MAAMiC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI3wB,EACA2Z,EACAiX,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAdAnnB,EAAI,EAeJ2C,EAAMwJ,EAAQpY,OAGlB,MAAMqzB,EAA6B,KAAhBrB,EAAKhyB,OAAgB,EAAI,EAE1C8yB,EADiB,IAAfO,EACQ9B,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFnZ,EAqQJ,SAAuBA,EAAS4X,GAC9B,MAAMsD,EAAY,EAAKlb,EAAQpY,OAAS,EAExC,IAAIoxB,EACJ,GAAgB,IAAZpB,GAAkBsD,EAAY,EAChClC,EAAM,QACD,GAAgB,IAAZpB,EACToB,EAAMkC,MACD,IAAKtD,KAAYsD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOlb,EAEP,MAAUtW,MAAM,wBAJhBsvB,EAAM,EAOR,MAAMmC,EAAgB,IAAI9xB,WAAW2W,EAAQpY,OAASszB,GACtD,IAAK,IAAIzxB,EAAI,EAAGA,EAAIuW,EAAQpY,OAAQ6B,IAClC0xB,EAAc1xB,GAAKuW,EAAQvW,GAE7B,IAAK,IAAI2Z,EAAI,EAAGA,EAAI8X,EAAW9X,IAC7B+X,EAAcnb,EAAQpY,OAASwb,GAAK4V,EAGtC,OAAOmC,CACT,CA9RcC,CAAcpb,EAAS4X,GACjCphB,EAAMwJ,EAAQpY,QAIhB,IAAIK,EAAS,IAAIoB,WAAWmN,GACxBkM,EAAI,EASR,IAPa,IAAT6R,IACFoG,EAAWhD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KAClEgnB,EAAYlD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KACnEA,EAAI,GAICA,EAAI2C,GAAK,CAsCd,IArCAgkB,EAAQxa,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KACnF4mB,EAASza,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KAGvE,IAAT0gB,IACE4E,GACFqB,GAAQG,EACRF,GAASI,IAETD,EAAWD,EACXG,EAAYD,EACZF,EAAUH,EACVK,EAAWJ,IAKfJ,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BrX,EAAI,EAAGA,EAAI6X,EAAY7X,GAAK,EAAG,CAIlC,IAHA2X,EAAUL,EAAQtX,EAAI,GACtB4X,EAAUN,EAAQtX,EAAI,GAEjB3Z,EAAIixB,EAAQtX,GAAI3Z,IAAMsxB,EAAStxB,GAAKuxB,EACvCV,EAASG,EAAQb,EAAKnwB,GACtB8wB,GAAWE,IAAU,EAAMA,GAAS,IAAOb,EAAKnwB,EAAI,GAEpD4wB,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,EAIVG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGJ,IAAT9F,IACE4E,GACFwB,EAAUH,EACVK,EAAWJ,IAEXD,GAAQI,EACRH,GAASK,IAIb7yB,EAAOya,KAAQ8X,IAAS,GACxBvyB,EAAOya,KAAS8X,IAAS,GAAM,IAC/BvyB,EAAOya,KAAS8X,IAAS,EAAK,IAC9BvyB,EAAOya,KAAe,IAAP8X,EACfvyB,EAAOya,KAAQ+X,IAAU,GACzBxyB,EAAOya,KAAS+X,IAAU,GAAM,IAChCxyB,EAAOya,KAAS+X,IAAU,EAAK,IAC/BxyB,EAAOya,KAAgB,IAAR+X,EAQjB,OAJKtB,IACHlxB,EA4KJ,SAA0B+X,EAAS4X,GACjC,IACIoB,EADAkC,EAAY,KAEhB,GAAgB,IAAZtD,EACFoB,EAAM,QACD,GAAgB,IAAZpB,EACTsD,EAAYlb,EAAQA,EAAQpY,OAAS,OAChC,IAAKgwB,EAGV,MAAUluB,MAAM,wBAFhBsvB,EAAM,EAKR,IAAKkC,EAAW,CAEd,IADAA,EAAY,EACLlb,EAAQA,EAAQpY,OAASszB,KAAelC,GAC7CkC,IAEFA,IAGF,OAAOlb,EAAQtN,SAAS,EAAGsN,EAAQpY,OAASszB,EAC9C,CAlMaG,CAAiBpzB,EAAQ2vB,IAG7B3vB,CACT,CAOA,SAASqzB,GAAcje,GAErB,MAAMke,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa5d,EAAIzV,OAAS,EAAI,EAAI,EAElCgyB,EAAWvzB,MAAM,GAAK40B,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAlC,EAFAxmB,EAAI,EACJhB,EAAI,EAGR,IAAK,IAAIuQ,EAAI,EAAGA,EAAI6X,EAAY7X,IAAK,CACnC,IAAIoX,EAAQnd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KACnE4mB,EAASpd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KAExEwmB,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAI5wB,EAAI,EAAGA,EAAI4yB,GAAe5yB,IAE7B4yB,EAAO5yB,IACT+wB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMV6B,EAAWf,EAAUf,IAAS,IAAMgB,EAAWhB,IAAS,GAAM,IAAOiB,EAAWjB,IAAS,GAAM,IAAOkB,EACpGlB,IAAS,GAAM,IAAOmB,EAAWnB,IAAS,GAAM,IAAOoB,EAAWpB,IAAS,EAAK,IAAOqB,EAAWrB,IAAS,EAC3G,IACF+B,EAAYT,EAAUrB,IAAU,IAAMsB,EAAWtB,IAAU,GAAM,IAAOuB,EAAWvB,IAAU,GAAM,IACjGwB,EAAYxB,IAAU,GAAM,IAAOyB,EAAYzB,IAAU,GAAM,IAAO0B,EAAY1B,IAAU,EAAK,IACjG2B,EAAY3B,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCkC,IAAc,GAAMD,GAC7B1C,EAAK/mB,KAAOypB,EAAWjC,EACvBT,EAAK/mB,KAAO0pB,EAAalC,GAAQ,GAIrC,OAAOT,CACT,CAwDO,SAAS4C,GAAUnf,GACxB7W,KAAK6W,IAAM,GAEX,IAAK,IAAI5T,EAAI,EAAGA,EAAI,EAAGA,IACrBjD,KAAK6W,IAAIhV,KAAK,IAAIgB,WAAWgU,EAAI3K,SAAa,EAAJjJ,EAAY,EAAJA,EAAS,KAG7DjD,KAAK2yB,QAAU,SAASK,GACtB,OAAOG,GACL2B,GAAc90B,KAAK6W,IAAI,IACvBsc,GACE2B,GAAc90B,KAAK6W,IAAI,IACvBsc,GACE2B,GAAc90B,KAAK6W,IAAI,IACvBmc,GAAO,EAAM,EAAG,KAAM,OAExB,EAAO,EAAG,KAAM,OACf,EAAM,EAAG,KAAM,MAGxB,CCtbA,SAASiD,KACPj2B,KAAKk2B,UAAY,EACjBl2B,KAAKm2B,QAAU,GAEfn2B,KAAKo2B,OAAS,SAASvf,GAMrB,GALA7W,KAAKq2B,QAAcx2B,MAAM,IACzBG,KAAKs2B,OAAaz2B,MAAM,IAExBG,KAAKuxB,QAED1a,EAAIzV,SAAWpB,KAAKm2B,QAGtB,MAAUjzB,MAAM,mCAElB,OAJElD,KAAKu2B,YAAY1f,IAIZ,GAGT7W,KAAKuxB,MAAQ,WACX,IAAK,IAAItuB,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKq2B,QAAQpzB,GAAK,EAClBjD,KAAKs2B,OAAOrzB,GAAK,GAIrBjD,KAAKw2B,aAAe,WAClB,OAAOx2B,KAAKk2B,WAGdl2B,KAAK2yB,QAAU,SAAS8D,GACtB,MAAMC,EAAU72B,MAAM42B,EAAIr1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIwzB,EAAIr1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIib,EAFAyY,EAAKF,EAAIxzB,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,EAAKwzB,EAAIxzB,EAAI,GACtE2K,EAAK6oB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,EAAKwzB,EAAIxzB,EAAI,GAG9Eib,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EAEJwY,EAAIzzB,GAAM2K,IAAM,GAAM,IACtB8oB,EAAIzzB,EAAI,GAAM2K,IAAM,GAAM,IAC1B8oB,EAAIzzB,EAAI,GAAM2K,IAAM,EAAK,IACzB8oB,EAAIzzB,EAAI,GAAS,IAAJ2K,EACb8oB,EAAIzzB,EAAI,GAAM0zB,IAAM,GAAM,IAC1BD,EAAIzzB,EAAI,GAAM0zB,IAAM,GAAM,IAC1BD,EAAIzzB,EAAI,GAAM0zB,IAAM,EAAK,IACzBD,EAAIzzB,EAAI,GAAS,IAAJ0zB,EAGf,OAAOD,GAGT12B,KAAK4yB,QAAU,SAAS6D,GACtB,MAAMC,EAAU72B,MAAM42B,EAAIr1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIwzB,EAAIr1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIib,EAFAyY,EAAKF,EAAIxzB,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,EAAKwzB,EAAIxzB,EAAI,GACtE2K,EAAK6oB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,GAAOwzB,EAAIxzB,EAAI,IAAM,EAAKwzB,EAAIxzB,EAAI,GAG9Eib,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,IAAKr2B,KAAKs2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG5N,KAAKq2B,QAAQ,GAAIr2B,KAAKs2B,OAAO,IAC3CK,EAAIzY,EAEJwY,EAAIzzB,GAAM2K,IAAM,GAAM,IACtB8oB,EAAIzzB,EAAI,GAAM2K,IAAM,GAAM,IAC1B8oB,EAAIzzB,EAAI,GAAM2K,IAAM,EAAK,IACzB8oB,EAAIzzB,EAAI,GAAS,IAAJ2K,EACb8oB,EAAIzzB,EAAI,GAAM0zB,IAAM,GAAM,IAC1BD,EAAIzzB,EAAI,GAAM0zB,GAAK,GAAM,IACzBD,EAAIzzB,EAAI,GAAM0zB,GAAK,EAAK,IACxBD,EAAIzzB,EAAI,GAAS,IAAJ0zB,EAGf,OAAOD,GAET,MAAMK,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGlO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASJ,EAAGnO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASH,EAAGpO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,GA7FhGD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnCh3B,KAAKu2B,YAAc,SAASY,GAC1B,MAAMjZ,aACAhC,EAAQrc,MAAM,IAEpB,IAAI+c,EAEJ,IAAK,IAAI3Z,EAAI,EAAGA,EAAI,EAAGA,IACrB2Z,EAAQ,EAAJ3Z,EACJib,EAAEjb,GAAMk0B,EAAIva,IAAM,GAAOua,EAAIva,EAAI,IAAM,GAAOua,EAAIva,EAAI,IAAM,EAAKua,EAAIva,EAAI,GAG3E,MAAM7P,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIqqB,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK3a,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtO,EAAIyoB,EAAUQ,GAAO3a,GAC3Bwa,EAAIlZ,EAAE5P,EAAE,IAER8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAKnqB,EAAE6P,IAAKsB,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D4P,EAAE5P,EAAE,IAAM8oB,EAGZ,IAAKxa,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM1O,EAAI8oB,EAAUO,GAAO3a,GAC3Bwa,EAAIF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,EAAIta,GAAIsB,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7DgO,EAAEmb,GAAMD,EACRC,KAKN,IAAK,IAAIp0B,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKq2B,QAAQpzB,GAAKiZ,EAAEjZ,GACpBjD,KAAKs2B,OAAOrzB,GAAiB,GAAZiZ,EAAE,GAAKjZ,IAwB5B,MAAMi0B,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASM,GAAM3gB,GACb7W,KAAKsT,MAAQ,IAAI2iB,GACjBj2B,KAAKsT,MAAM8iB,OAAOvf,GAElB7W,KAAK2yB,QAAU,SAASK,GACtB,OAAOhzB,KAAKsT,MAAMqf,QAAQK,GAE9B,CDpJAgD,GAAU9C,QAAU8C,GAAUh1B,UAAUkyB,QAAU,GAClD8C,GAAU/C,UAAY+C,GAAUh1B,UAAUiyB,UAAY,ECqJtDuE,GAAMvE,UAAYuE,GAAMx2B,UAAUiyB,UAAY,EAC9CuE,GAAMtE,QAAUsE,GAAMx2B,UAAUkyB,QAAU,GCpkB1C,MAAMuE,GAAS,WAEf,SAASC,GAAKN,EAAG/qB,GACf,OAAQ+qB,GAAK/qB,EAAI+qB,IAAO,GAAK/qB,GAAMorB,EACrC,CAEA,SAASE,GAAKrpB,EAAGrL,GACf,OAAOqL,EAAErL,GAAKqL,EAAErL,EAAI,IAAM,EAAIqL,EAAErL,EAAI,IAAM,GAAKqL,EAAErL,EAAI,IAAM,EAC7D,CAEA,SAAS20B,GAAKtpB,EAAGrL,EAAGm0B,GAClB9oB,EAAEupB,OAAO50B,EAAG,EAAO,IAAJm0B,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASU,GAAK/qB,EAAGV,GACf,OAAQU,IAAW,EAAJV,EAAU,GAC3B,CAkSA,SAAS0rB,GAAGlhB,GACV7W,KAAKg4B,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMvrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASwrB,EAAMxrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASyrB,EAAQ5qB,EAAG6qB,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAC7DnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAGhE,SAASiB,EAAQz1B,EAAGw1B,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIn1B,EAAI,IAAOw0B,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIn1B,EAAI,IAAOw0B,GAAQ,IAClEnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIn1B,EAAI,GAAMw0B,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIn1B,EAAI,GAAMw0B,GAAQ,IAsDnE,MAAO,CACLtsB,KAAM,UACNwtB,UAAW,GACXC,KAhQF,SAAiB/hB,GAEf,IAAI5T,EACAqL,EACAJ,EACAmO,EACAqM,EALJuP,EAAWphB,EAMX,MAAMgiB,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DnrB,EAAI,CACR,GACA,IAEIlB,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASssB,EAAM5sB,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,GAG1C,SAAS6sB,EAAM7sB,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,GAGrD,SAAS8sB,EAAOxH,EAAG9jB,GACjB,IAAItL,EACAib,EACA4b,EACJ,IAAK72B,EAAI,EAAGA,EAAI,EAAGA,IACjBib,EAAI3P,IAAM,GACVA,EAAMA,GAAK,EAAKkpB,GAAUpF,IAAM,GAChCA,EAAKA,GAAK,EAAKoF,GACfqC,EAAI5b,GAAK,EACD,IAAJA,IACF4b,GAAK,KAEPvrB,GAAK2P,EAAK4b,GAAK,GACfA,GAAK5b,IAAM,EACH,EAAJA,IACF4b,GAAK,KAEPvrB,GAAKurB,GAAK,GAAKA,GAAK,EAEtB,OAAOvrB,EAGT,SAASwrB,EAAG1tB,EAAGU,GACb,MAAMuB,EAAIvB,GAAK,EACTmB,EAAQ,GAAJnB,EACJsP,EAAIgd,EAAGhtB,GAAGiC,EAAIJ,GACdwa,EAAI4Q,EAAGjtB,GAAGotB,EAAKvrB,GAAKwrB,EAAKprB,IAC/B,OAAOkrB,EAAGntB,GAAGotB,EAAK/Q,GAAKgR,EAAKrd,KAAO,EAAIkd,EAAGltB,GAAGgQ,EAAIqM,GAGnD,SAASsR,EAAKjtB,EAAG8J,GACf,IAAIvI,EAAIwpB,GAAK/qB,EAAG,GACZmB,EAAI4pB,GAAK/qB,EAAG,GACZsP,EAAIyb,GAAK/qB,EAAG,GACZ2b,EAAIoP,GAAK/qB,EAAG,GAChB,OAAQisB,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD3I,EAAIK,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnDwF,EAAI9N,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD6R,EAAIna,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GAEvD,OAAOxJ,EAAE,GAAGiB,GAAKjB,EAAE,GAAGa,GAAKb,EAAE,GAAGgP,GAAKhP,EAAE,GAAGqb,GAK5C,IAFAuP,EAAWA,EAASv2B,MAAM,EAAG,IAC7BuB,EAAIg1B,EAAS72B,OACA,KAAN6B,GAAkB,KAANA,GAAkB,KAANA,GAC7Bg1B,EAASh1B,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAIg1B,EAAS72B,OAAQ6B,GAAK,EACpC81B,EAAM91B,GAAK,GAAK00B,GAAKM,EAAUh1B,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBsL,EAAE,GAAGtL,GAAK82B,EAAG,EAAG92B,GAChBsL,EAAE,GAAGtL,GAAK82B,EAAG,EAAG92B,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBi2B,EAAM3qB,EAAE,GAAGtL,GACXk2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGpK,GAAKi2B,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnD/rB,EAAE,GAAGpK,GAAKk2B,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM3qB,EAAE,GAAGtL,GACXk2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGpK,GAAKm2B,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD7rB,EAAE,GAAGpK,GAAKk2B,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM33B,OAAS,EACjB6B,EAAI,EAAGA,EAAI+1B,EAAM/1B,IACpBqL,EAAIyqB,EAAM91B,EAAIA,GACd41B,EAAM51B,GAAKqL,EACXJ,EAAI6qB,EAAM91B,EAAIA,EAAI,GAClB61B,EAAM71B,GAAKiL,EACX+qB,EAAKD,EAAO/1B,EAAI,GAAK42B,EAAOvrB,EAAGJ,GAEjC,IAAKjL,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBqL,EAAI,SAAYrL,EAChBiL,EAAII,EAAI,SACRA,EAAI0rB,EAAK1rB,EAAGuqB,GACZ3qB,EAAIwpB,GAAKsC,EAAK9rB,EAAG4qB,GAAQ,GACzBV,EAAOn1B,GAAMqL,EAAIJ,EAAKupB,GACtBW,EAAOn1B,EAAI,GAAKy0B,GAAKppB,EAAI,EAAIJ,EAAG,GAElC,IAAKjL,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAqL,EAAIJ,EAAImO,EAAIqM,EAAIzlB,EACR+1B,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGp1B,GAAKoK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGp1B,GAAKoK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGp1B,GAAKoK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGp1B,GAAKoK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,MA0FzEj3B,MAvDF,WACEo2B,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,KAkDF1F,QA9CF,SAAoB5oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,EAAI,EAAGA,IACrB4b,EAAQ5b,EAAG6b,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,GAgCPtF,QA7BF,SAAoB7oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,GAAK,EAAGA,IACtB8b,EAAQ9b,EAAG6b,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,IAiBd8B,SAZF,WACE,OAAO/B,GAaX,CAKYgC,GACVl6B,KAAKg4B,GAAGY,KAAK/4B,MAAMmiB,KAAKnL,GAAM,GAE9B7W,KAAK2yB,QAAU,SAASK,GACtB,OAAOhzB,KAAKg4B,GAAGrF,QAAQ9yB,MAAMmiB,KAAKgR,GAAQ,GAE9C,CCxUA,SAASmH,MAqXT,SAASC,GAAGvjB,GACV7W,KAAKq6B,GAAK,IAAIF,GACdn6B,KAAKq6B,GAAGC,KAAKzjB,GAEb7W,KAAK2yB,QAAU,SAASK,GACtB,OAAOhzB,KAAKq6B,GAAGE,aAAavH,GAEhC,CDlDA+E,GAAG7E,QAAU6E,GAAG/2B,UAAUkyB,QAAU,GACpC6E,GAAG9E,UAAY8E,GAAG/2B,UAAUiyB,UAAY,GCrUxCkH,GAASn5B,UAAUw5B,UAAY,EAK/BL,GAASn5B,UAAUy5B,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,GAASn5B,UAAU05B,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,GAASn5B,UAAU25B,GAAK,GASxBR,GAASn5B,UAAU45B,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,WAEZ,OAAOA,CACT,EAKAV,GAASn5B,UAAU85B,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAK/6B,KAAKo7B,OAAO,GAAGD,GAAMn7B,KAAKo7B,OAAO,GAAGF,GACzCH,GAAM/6B,KAAKo7B,OAAO,GAAGH,GACrBF,GAAM/6B,KAAKo7B,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,GAASn5B,UAAUq6B,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAKv7B,KAAK26B,KAAMY,EAAI,CAC/BC,GAASx7B,KAAK07B,OAAOH,GACrBE,EAAQz7B,KAAK86B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASx7B,KAAK07B,OAAO17B,KAAK26B,GAAK,GAC/Bc,GAASz7B,KAAK07B,OAAO17B,KAAK26B,GAAK,GAE/BW,EAAK,GAAKt7B,KAAK46B,OAAOa,GACtBH,EAAK,GAAKt7B,KAAK46B,OAAOY,EACxB,EAWArB,GAASn5B,UAAUu5B,aAAe,SAASoB,GACzC,IAAIJ,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXM,EAAM57B,KAAKw6B,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAKv7B,KAAKw6B,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBK,EAAOJ,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBK,EAAOJ,EAAKK,GAG1C57B,KAAKq7B,cAAcC,GAEnB,MAAMtN,EAAM,GACZ,IAAKuN,EAAK,EAAGA,EAAKv7B,KAAKw6B,UAAY,IAAKe,EACtCvN,EAAIuN,EAAK,GAAOD,EAAK,KAAQ,GAAK,IAAa,IAC/CtN,EAAIuN,EAAKK,GAASN,EAAK,KAAQ,GAAK,IAAa,IAKnD,OAAOtN,CACT,EAMAmM,GAASn5B,UAAU66B,cAAgB,SAASP,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAKv7B,KAAK26B,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAASx7B,KAAK07B,OAAOH,GACrBE,EAAQz7B,KAAK86B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASx7B,KAAK07B,OAAO,GACrBD,GAASz7B,KAAK07B,OAAO,GAErBJ,EAAK,GAAKt7B,KAAK46B,OAAOa,GACtBH,EAAK,GAAKt7B,KAAK46B,OAAOY,EACxB,EAMArB,GAASn5B,UAAUs5B,KAAO,SAASzjB,GACjC,IAAI0kB,EACAtM,EAAK,EAGT,IADAjvB,KAAK07B,OAAS,GACTH,EAAK,EAAGA,EAAKv7B,KAAK26B,GAAK,IAAKY,EAAI,CACnC,IAAIxxB,EAAO,EACX,IAAK,IAAI+xB,EAAK,EAAGA,EAAK,IAAKA,EACzB/xB,EAAQA,GAAQ,EAAgB,IAAV8M,EAAIoY,KACpBA,GAAMpY,EAAIzV,SACd6tB,EAAK,GAGTjvB,KAAK07B,OAAOH,GAAMv7B,KAAK06B,OAAOa,GAAMxxB,EAItC,IADA/J,KAAKo7B,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAv7B,KAAKo7B,OAAOG,GAAM,GACbtM,EAAK,EAAGA,EAAK,MAAOA,EACvBjvB,KAAKo7B,OAAOG,GAAItM,GAAMjvB,KAAKy6B,OAAOc,GAAItM,GAI1C,MAAMqM,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAKv7B,KAAK26B,GAAK,EAAGY,GAAM,EACnCv7B,KAAKq7B,cAAcC,GACnBt7B,KAAK07B,OAAOH,EAAK,GAAKD,EAAK,GAC3Bt7B,KAAK07B,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKtM,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BjvB,KAAKq7B,cAAcC,GACnBt7B,KAAKo7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,GAC/Bt7B,KAAKo7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,EAGrC,EAYAlB,GAAGlH,QAAUkH,GAAGp5B,UAAUkyB,QAAU,GACpCkH,GAAGnH,UAAYmH,GAAGp5B,UAAUiyB,UAAY,ECvXjC,MAAMzf,GAASqf,GAAI,KASbpf,GAASof,GAAI,KASbnf,GAASmf,GAAI,yFJuanB,SAAahc,GAClB7W,KAAK6W,IAAMA,EAEX7W,KAAK2yB,QAAU,SAASK,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc90B,KAAK6W,KACfmc,GAAO,EAAM,EAAG,KAAM5B,IAGzCpxB,KAAK4yB,QAAU,SAASI,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc90B,KAAK6W,KACfmc,GAAO,EAAO,EAAG,KAAM5B,GAE5C,YIzayB4E,SAQJwB,WAQEO,YAQCqC,QAMJ,WAClB,MAAUl3B,MAAM,+CAClB,IChFW64B,GAAW,SAAW/S,EAAQH,EAAS5kB,GAC9C,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EACrCC,EAAS,EAAGC,EAAS,EAGzB,IAAI7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EACrCC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAGzC,IAAIlS,EAAO,IAAItB,EAAOnmB,WAAWoB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGrkB,EAAI,EAAGgI,EAAI,EAAG6R,EAAI,EAC9Cuf,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACjCC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAE3FlzB,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EAGJ9d,EAAMue,GAAOnuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMwe,GAAOpuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMye,GAAOruB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM0e,GAAOtuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM2e,GAAOvuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM4e,GAAOxuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM6e,GAAOzuB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM8e,GAAO1uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM+e,GAAO3uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMgf,GAAO5uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMif,GAAQ7uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMkf,GAAQ9uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMmf,GAAQ/uB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMof,GAAQhvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMqf,GAAQjvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMsf,GAAQlvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIixB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOpxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuf,GAAQnvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOrxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwf,GAAQpvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOtxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyf,GAAQrvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOvxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0f,GAAQtvB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOxxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2f,GAAQvvB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOzxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4f,GAAQxvB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO1xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6f,GAAQzvB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO3xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8f,GAAQ1vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyxB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+f,GAAQ3vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKggB,GAAQ5vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKigB,GAAQ7vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO/xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkgB,GAAQ9vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOhyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmgB,GAAQ/vB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOjyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKogB,GAAQhwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOlyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqgB,GAAQjwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOnyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKsgB,GAAQlwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIiyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOpyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKugB,GAAQnwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOryB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwgB,GAAQpwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOtyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKygB,GAAQrwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOvyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0gB,GAAQtwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOxyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2gB,GAAQvwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOzyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4gB,GAAQxwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO1yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6gB,GAAQzwB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO3yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8gB,GAAQ1wB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+gB,GAAQ3wB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKghB,GAAQ5wB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO9yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKihB,IAAQ7wB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO/yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkhB,IAAQ9wB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOhzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmhB,IAAQ/wB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOjzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKohB,IAAQhxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOlzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqhB,IAAQjxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOnzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKshB,IAAQlxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIizB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOpzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuhB,IAAQnxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOrzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwhB,IAAQpxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOtzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyhB,IAAQrxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIozB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOvzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0hB,IAAQtxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOxzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2hB,IAAQvxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIszB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOzzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4hB,IAAQxxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO1zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6hB,IAAQzxB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO3zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8hB,IAAQ1xB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyzB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO5zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+hB,IAAQ3xB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO7zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKgiB,IAAQ5xB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO9zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKiiB,IAAQ7xB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkiB,IAAQ9xB,GAAK,EAAMA,IAAM,IAAOjK,GAAM6J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmiB,IAAQ/xB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKoiB,IAAQhyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqiB,IAAQjyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsiB,IAAQlyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKuiB,IAAQnyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIk0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOr0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKwiB,IAAQpyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIm0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOt0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKyiB,IAAQryB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIo0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOv0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK0iB,IAAQtyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIq0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOx0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK2iB,IAAQvyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIs0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOz0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK4iB,IAAQxyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIu0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO10B,GAAK,EAAMA,IAAM,GACxB6R,EAAK6iB,IAAQzyB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIw0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO30B,GAAK,EAAMA,IAAM,GACxB6R,EAAK8iB,IAAQ1yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIy0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO50B,GAAK,EAAMA,IAAM,GACxB6R,EAAK+iB,IAAQ3yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI00B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO70B,GAAK,EAAMA,IAAM,GACxB6R,EAAKgjB,IAAQ5yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI20B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO90B,GAAK,EAAMA,IAAM,GACxB6R,EAAKijB,IAAQ7yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI40B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKkjB,IAAQ9yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI60B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmjB,IAAQ/yB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI80B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKojB,IAAQhzB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqjB,IAAQjzB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsjB,IAAQlzB,GAAK,EAAMA,IAAM,IAAOjK,GAAK6J,EAAImO,EAAIqM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAEpD+L,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAIpB,SAASo9B,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IAGzB,SAASzK,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLC,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAQC,GACxCN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACL9F,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS5/B,EAAU+N,EAAQhP,GACvBgP,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAEhB,IAAI8gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAShP,EAAO,IAAM,GAAK,CACvBqgC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzBhP,EAAWA,EAAS,GAAK,EAEzB8gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQhP,EAAQ0I,GAC9BsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB0I,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTj/B,EAAI,EAER,GAAKmN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM1I,EAAO,IAAM,GAAK,CACpB8gC,EAAS7/B,EAAS+N,EAAQhP,GAAS,EACnC,IAAM8gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B9gC,EAAWA,EAAS8gC,EAAS,EAGjCA,EAAWA,EAAS9gC,EAAS,EAC7B66B,EAAWA,EAAS76B,EAAS,EAC7B,GAAK66B,IAAS,EAAI76B,IAAS,EAAI86B,EAAUA,EAAS,EAAG,EAErD5R,EAAKla,EAAOhP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CqnB,EAAKla,EAAOnN,GAAK,KACrBw+B,EAAWrxB,GAEXhP,EAAS,EAETkpB,EAAKla,EAAO,GAAK,EAGrB,IAAMnN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CqnB,EAAKla,EAAOnN,GAAK,EAErBqnB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACLF,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACLP,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EAGLzK,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EAELC,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQhP,EAAQ0I,GACnCsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB0I,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGtB,EAAS,EAErD,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQhP,GAAS,GAAI,EACtCmiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAElE,IAAM15B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQhP,EAAQ4xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB4xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACrCwB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAEzC,GAAKpzB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAOhP,EAAQ,GAAO4xB,IAAQ,GACpC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,EAAM,IAGlCsQ,EAAalzB,EAAShP,EAAO,EAAG,GAAI,GAAI,EACxCugC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAClE0H,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzC2F,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EAEV0H,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EAEL,IAAMj4B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNj4B,QAASA,EACTwH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,EC/1BO,MAAME,GACT7jC,cACIE,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EAEfuhB,QACI,MAAMxI,IAAEA,GAAQ/oB,KAAKqxB,cAKrB,OAJArxB,KAAKyB,OAAS,KACdzB,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACX+Y,EAAIwI,QACGvxB,KAEXqC,QAAQ0H,GACJ,GAAoB,OAAhB/J,KAAKyB,OACL,MAAM,IAAImvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAKqxB,cAC3B,IAAIrB,EAAOhwB,KAAKmD,IACZgtB,EAAOnwB,KAAKgQ,IACZigB,EAAO,EACPC,EAAOnmB,EAAK3I,OACZgvB,EAAO,EACX,KAAOF,EAAO,GACVE,EAAOL,GAAYjH,EAAMkH,EAAOG,EAAMpmB,EAAMkmB,EAAMC,GAClDC,GAAQC,EACRH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI1mB,QAAQ2tB,EAAMG,GACzBH,GAAQI,EACRD,GAAQC,EACHD,IACDH,EAAO,GAIf,OAFAhwB,KAAKmD,IAAM6sB,EACXhwB,KAAKgQ,IAAMmgB,EACJnwB,KAEX6J,SACI,GAAoB,OAAhB7J,KAAKyB,OACL,MAAM,IAAImvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAKqxB,cAO3B,OANAtI,EAAIlf,OAAO7J,KAAKmD,IAAKnD,KAAKgQ,IAAK,GAC/BhQ,KAAKyB,OAAS,IAAIoB,WAAW7C,KAAK4jC,WAClC5jC,KAAKyB,OAAO6B,IAAIwlB,EAAK5c,SAAS,EAAGlM,KAAK4jC,YACtC5jC,KAAKmD,IAAM,EACXnD,KAAKgQ,IAAM,EACXhQ,KAAKwxB,cACExxB,MC9CR,MAEDgxB,GAAY,GACZC,GAAW,GACV,MAAM4S,WAAaF,GACtB7jC,cACIC,QACAC,KAAK8jC,KAAO,OACZ9jC,KAAK+jC,WARmB,GASxB/jC,KAAK4jC,UARkB,GASvB5jC,KAAKqxB,cAETA,cAMI,YALkBpwB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChC/oB,KAAK8oB,KAAOkI,GAAUM,OAASzB,KAC/B7vB,KAAK+oB,IAAMkI,GAASK,OAASyK,GAAS,CAAEl5B,YAA0B,KAAM7C,KAAK8oB,KAAK7kB,QAClFjE,KAAKuxB,SAEF,CAAEzI,KAAM9oB,KAAK8oB,KAAMC,IAAK/oB,KAAK+oB,KAExCyI,mBACsBvwB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChCiI,GAAUnvB,KAAK7B,KAAK8oB,MACpBmI,GAASpvB,KAAK7B,KAAK+oB,MAEvB/oB,KAAK8oB,UAAO7nB,EACZjB,KAAK+oB,SAAM9nB,EAEf2mB,aAAa7d,GACT,OAAO,IAAI85B,IAAOxhC,QAAQ0H,GAAMF,SAASpI,QAGjDoiC,GAAKC,KAAO,OACZD,GAAK7S,UAAY,GACjB6S,GAAK5S,SAAW,GAChB4S,GAAKG,aAAejI,GCnCb,MAED/K,GAAY,GACZC,GAAW,GACV,MAAMgT,WAAeN,GACxB7jC,cACIC,QACAC,KAAK8jC,KAAO,SACZ9jC,KAAK+jC,WARqB,GAS1B/jC,KAAK4jC,UARoB,GASzB5jC,KAAKqxB,cAETA,cAMI,YALkBpwB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChC/oB,KAAK8oB,KAAOkI,GAAUM,OAASzB,KAC/B7vB,KAAK+oB,IAAMkI,GAASK,OClBR,SAAWtI,EAAQH,EAAS5kB,GAChD,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAS,EAAGC,EAAS,EAGrB7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGgI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAG7Dpa,EAAO,IAAItB,EAAOnmB,WAAWoB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGrkB,EAAI,EAAGsgC,EAAI,EAAGC,EAAI,EAAGxoB,EAAI,EAEzD9N,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EACJ2I,EAAIT,EACJU,EAAIT,EACJ/nB,EAAIgoB,EAGJhoB,EAAMqgB,EAAKrgB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACtG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAMu4B,EAAKv4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgY,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGkO,EAAM6gB,EAAK7gB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACvG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAM+4B,EAAM/4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgY,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACtG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACvG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACtG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACvG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACtG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM/X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAShY,EAAIgY,GAAKqM,EAAErkB,IAAO,WAAa,EACvG6J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM6J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIjK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOrkB,GAAKgY,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG/X,EAAMA,EAAIiK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAEhG+b,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAChB6/B,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKhoB,EAAI,EAGpB,SAASqlB,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IACrB1R,EAAKxgB,EAAO,IAAMo6B,IAAK,GACvB5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,GAAG,IAC1B5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,EAAE,IACzB5Z,EAAKxgB,EAAO,IAAMo6B,EAAG,IACrB5Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GACvB7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GAAG,IAC1B7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,EAAE,IACzB7Z,EAAKxgB,EAAO,IAAMq6B,EAAG,IACrB7Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GACvB9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GAAG,IAC1B9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,EAAE,IACzB9Z,EAAKxgB,EAAO,IAAMs6B,EAAG,IAGzB,SAAS7S,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLkI,EAAK,WACLC,EAAK,WACLC,EAAK,WACLnI,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAI8C,EAAIC,EAAIC,EAAI/C,EAAQC,GACpDN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR8C,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR/C,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EACL9I,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS5/B,EAAU+N,EAAQhP,GACvBgP,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAEhB,IAAI8gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAShP,EAAO,IAAM,GAAK,CACvBqgC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzBhP,EAAWA,EAAS,GAAK,EAEzB8gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQhP,EAAQ0I,GAC9BsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB0I,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTj/B,EAAI,EAER,GAAKmN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM1I,EAAO,IAAM,GAAK,CACpB8gC,EAAS7/B,EAAS+N,EAAQhP,GAAS,EACnC,IAAM8gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B9gC,EAAWA,EAAS8gC,EAAS,EAGjCA,EAAWA,EAAS9gC,EAAS,EAC7B66B,EAAWA,EAAS76B,EAAS,EAC7B,GAAK66B,IAAS,EAAI76B,IAAS,EAAI86B,EAAWA,EAAS,EAAI,EAEvD5R,EAAKla,EAAOhP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CqnB,EAAKla,EAAOnN,GAAK,KAErBw+B,EAAWrxB,GAEXhP,EAAS,EAETkpB,EAAKla,EAAO,GAAK,EAGrB,IAAMnN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CqnB,EAAKla,EAAOnN,GAAK,EAErBqnB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACL+H,EAAKG,EACLF,EAAKG,EACLF,EAAKG,EACLtI,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACL0H,EAAKM,EACLL,EAAKM,EACLL,EAAKM,EACLzI,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EACLwI,EAAKN,EACLO,EAAKN,EACLO,EAAKN,EAGL7S,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EACLqI,EAAKH,EACLI,EAAKH,EACLI,EAAKH,EAELnI,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQhP,EAAQ0I,GACnCsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB0I,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DhD,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQhP,GAAS,GAAI,EACtCmiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAErE,IAAMp7B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQhP,EAAQ4xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChBhP,EAASA,EAAO,EAChB4xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG8C,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DxB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAEjE,GAAK90B,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAOhP,EAAQ,GAAO4xB,IAAQ,GACpC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAOhP,EAAO,EAAG,GAAK4xB,EAAM,IAGlCsQ,EAAalzB,EAAShP,EAAO,EAAG,GAAI,GAAI,EACxCugC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAAI6I,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAC5GV,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEzC,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EACV6I,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EAEVV,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EAEL,IAAMj7B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNj4B,QAASA,EACTwH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,CDtyByC0B,CAAW,CAAEtiC,YAA0B,KAAM7C,KAAK8oB,KAAK7kB,QACpFjE,KAAKuxB,SAEF,CAAEzI,KAAM9oB,KAAK8oB,KAAMC,IAAK/oB,KAAK+oB,KAExCyI,mBACsBvwB,IAAdjB,KAAK8oB,WAAmC7nB,IAAbjB,KAAK+oB,MAChCiI,GAAUnvB,KAAK7B,KAAK8oB,MACpBmI,GAASpvB,KAAK7B,KAAK+oB,MAEvB/oB,KAAK8oB,UAAO7nB,EACZjB,KAAK+oB,SAAM9nB,EAEf2mB,aAAa7d,GACT,OAAO,IAAIk6B,IAAS5hC,QAAQ0H,GAAMF,SAASpI,QAGnDwiC,GAAOH,KAAO,gBEnCGsB,GAEjB,SAASA,GAAOC,EAAKC,GACnB,IAAKD,EACH,MAAUniC,MAAMoiC,GAAO,mBAC3B,CAEAF,GAAOv2B,MAAQ,SAAqB8nB,EAAG/oB,EAAG03B,GACxC,GAAI3O,GAAK/oB,EACP,MAAU1K,MAAMoiC,GAAQ,qBAAuB3O,EAAI,OAAS/oB,EAChE,qTCRE23B,UAF2B,mBAAlBv6B,OAAOw6B,OAEC,SAAkBC,EAAMC,GACvCD,EAAKE,OAASD,EACdD,EAAKzkC,UAAYgK,OAAOw6B,OAAOE,EAAU1kC,UAAW,CAClDlB,YAAa,CACXuB,MAAOokC,EACPG,YAAY,EACZl9B,UAAU,EACVm9B,cAAc,MAMH,SAAkBJ,EAAMC,GACvCD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAAS9kC,UAAY0kC,EAAU1kC,UAC/BykC,EAAKzkC,UAAY,IAAI8kC,EACrBL,EAAKzkC,UAAUlB,YAAc2lC,MCiBjC,OA9BA,SAAiBH,EAAKS,GACpB,GAAIlmC,MAAMW,QAAQ8kC,GAChB,OAAOA,EAAI5jC,QACb,IAAK4jC,EACH,MAAO,GACT,IAAIl2B,EAAM,GACV,GAAmB,iBAARk2B,EACT,GAAKS,GAUE,GAAY,QAARA,EAIT,KAHAT,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1BzgB,OAAS,GAAM,IACrBkkC,EAAM,IAAMA,GACTriC,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,GAAK,EAC/BmM,EAAIvN,KAAKwO,SAASi1B,EAAIriC,GAAKqiC,EAAIriC,EAAI,GAAI,UAdzC,IAAK,IAAIA,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,IAAK,CACnC,IAAIoZ,EAAIipB,EAAI7oB,WAAWxZ,GACnB+iC,EAAK3pB,GAAK,EACV4pB,EAAS,IAAJ5pB,EACL2pB,EACF52B,EAAIvN,KAAKmkC,EAAIC,GAEb72B,EAAIvN,KAAKokC,QAUf,IAAKhjC,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,IAC1BmM,EAAInM,GAAc,EAATqiC,EAAIriC,GAEjB,OAAOmM,CACT,EASA,OANA,SAAek2B,GAEb,IADA,IAAIl2B,EAAM,GACDnM,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,IAC9BmM,GAAO82B,GAAMZ,EAAIriC,GAAGuJ,SAAS,KAC/B,OAAO4C,CACT,EAGA,SAAS+2B,GAAM/O,GAKb,OAJWA,IAAM,GACLA,IAAM,EAAK,MACXA,GAAK,EAAK,UACN,IAAJA,IAAa,MACV,CACjB,CAaA,OAVA,SAAiBkO,EAAKp1B,GAEpB,IADA,IAAId,EAAM,GACDnM,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,IAAK,CACnC,IAAIm0B,EAAIkO,EAAIriC,GACG,WAAXiN,IACFknB,EAAI+O,GAAM/O,IACZhoB,GAAOg3B,GAAMhP,EAAE5qB,SAAS,KAE1B,OAAO4C,CACT,EAGA,SAAS82B,GAAMG,GACb,OAAoB,IAAhBA,EAAKjlC,OACA,IAAMilC,EAENA,CACX,CAGA,SAASD,GAAMC,GACb,OAAoB,IAAhBA,EAAKjlC,OACA,IAAMilC,EACU,IAAhBA,EAAKjlC,OACL,KAAOilC,EACS,IAAhBA,EAAKjlC,OACL,MAAQilC,EACQ,IAAhBA,EAAKjlC,OACL,OAASilC,EACO,IAAhBA,EAAKjlC,OACL,QAAUilC,EACM,IAAhBA,EAAKjlC,OACL,SAAWilC,EACK,IAAhBA,EAAKjlC,OACL,UAAYilC,EAEZA,CACX,CAiBA,OAdA,SAAgBf,EAAK1hC,EAAO4H,EAAK0E,GAC/B,IAAIF,EAAMxE,EAAM5H,EAChBwhC,GAAOp1B,EAAM,GAAM,GAEnB,IADA,IAAIZ,EAAUvP,MAAMmQ,EAAM,GACjB/M,EAAI,EAAGiZ,EAAItY,EAAOX,EAAImM,EAAIhO,OAAQ6B,IAAKiZ,GAAK,EAAG,CACtD,IAAIkb,EAEFA,EADa,QAAXlnB,EACGo1B,EAAIppB,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,EAAI,GAEjEopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,GACxE9M,EAAInM,GAAKm0B,IAAM,EAEjB,OAAOhoB,CACT,EAqBA,OAlBA,SAAiBk2B,EAAKp1B,GAEpB,IADA,IAAId,EAAUvP,MAAmB,EAAbylC,EAAIlkC,QACf6B,EAAI,EAAGiZ,EAAI,EAAGjZ,EAAIqiC,EAAIlkC,OAAQ6B,IAAKiZ,GAAK,EAAG,CAClD,IAAI7O,EAAIi4B,EAAIriC,GACG,QAAXiN,GACFd,EAAI8M,GAAK7O,IAAM,GACf+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,EAAI,GAAS,IAAJ7O,IAEb+B,EAAI8M,EAAI,GAAK7O,IAAM,GACnB+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,GAAS,IAAJ7O,GAGb,OAAO+B,CACT,EA2HA,iBAvPmBk3B,6BAiDHH,oBAoBAD,SAoBAE,+BAsChB,SAAgBhP,EAAGlpB,GACjB,OAAQkpB,IAAMlpB,EAAMkpB,GAAM,GAAKlpB,CACjC,SAGA,SAAgBkpB,EAAGlpB,GACjB,OAAQkpB,GAAKlpB,EAAMkpB,IAAO,GAAKlpB,CACjC,QAGA,SAAeI,EAAGJ,GAChB,OAAQI,EAAIJ,IAAO,CACrB,UAGA,SAAiBI,EAAGJ,EAAGmO,GACrB,OAAQ/N,EAAIJ,EAAImO,IAAO,CACzB,UAGA,SAAiB/N,EAAGJ,EAAGmO,EAAGqM,GACxB,OAAQpa,EAAIJ,EAAImO,EAAIqM,IAAO,CAC7B,UAGA,SAAiBpa,EAAGJ,EAAGmO,EAAGqM,EAAGrkB,GAC3B,OAAQiK,EAAIJ,EAAImO,EAAIqM,EAAIrkB,IAAO,CACjC,QAGA,SAAe8c,EAAKhe,EAAKojC,EAAIC,GAC3B,IAAIC,EAAKtlB,EAAIhe,GAGT8iC,EAAMO,EAFDrlB,EAAIhe,EAAM,KAEI,EACnB6iC,GAAMC,EAAKO,EAAK,EAAI,GAAKD,EAAKE,EAClCtlB,EAAIhe,GAAO6iC,IAAO,EAClB7kB,EAAIhe,EAAM,GAAK8iC,CACjB,WAGA,SAAkBM,EAAIC,EAAIC,EAAIC,GAG5B,OAFUF,EAAKE,IAAQ,EACRF,EAAK,EAAI,GAAKD,EAAKE,IACpB,CAChB,WAGA,SAAkBF,EAAIC,EAAIC,EAAIC,GAE5B,OADSF,EAAKE,IACA,CAChB,aAGA,SAAoBH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC9C,IAAIC,EAAQ,EACRd,EAAKO,EAST,OAPAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAIdL,EAAKE,EAAKE,EAAKE,GAFxBE,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAE9C,OADSN,EAAKE,EAAKE,EAAKE,IACV,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GACtD,IAAIF,EAAQ,EACRd,EAAKO,EAWT,OATAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAEvBG,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,EAIdP,EAAKE,EAAKE,EAAKE,EAAKG,GAF7BD,IADAd,EAAMA,EAAKgB,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBV,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GAGtD,OAFST,EAAKE,EAAKE,EAAKE,EAAKG,IAEf,CAChB,YAGA,SAAmBV,EAAIC,EAAIU,GAEzB,OADSV,GAAO,GAAKU,EAASX,IAAOW,KACxB,CACf,YAGA,SAAmBX,EAAIC,EAAIU,GAEzB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,WAGA,SAAkBX,EAAIC,EAAIU,GACxB,OAAOX,IAAOW,CAChB,WAGA,SAAkBX,EAAIC,EAAIU,GAExB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,GCtPA,SAASC,KACPnnC,KAAKonC,QAAU,KACfpnC,KAAKqnC,aAAe,EACpBrnC,KAAKizB,UAAYjzB,KAAKF,YAAYmzB,UAClCjzB,KAAKsnC,QAAUtnC,KAAKF,YAAYwnC,QAChCtnC,KAAKunC,aAAevnC,KAAKF,YAAYynC,aACrCvnC,KAAK00B,UAAY10B,KAAKF,YAAY40B,UAAY,EAC9C10B,KAAKkQ,OAAS,MAEdlQ,KAAKwnC,QAAUxnC,KAAKizB,UAAY,EAChCjzB,KAAKynC,SAAWznC,KAAKizB,UAAY,EACnC,CACA,OAAoBkU,GAEpBA,GAAUnmC,UAAU0mC,OAAS,SAAgBpC,EAAKS,GAUhD,GARAT,EAAMqC,GAAMC,QAAQtC,EAAKS,GACpB/lC,KAAKonC,QAGRpnC,KAAKonC,QAAUpnC,KAAKonC,QAAQ5gC,OAAO8+B,GAFnCtlC,KAAKonC,QAAU9B,EAGjBtlC,KAAKqnC,cAAgB/B,EAAIlkC,OAGrBpB,KAAKonC,QAAQhmC,QAAUpB,KAAKwnC,QAAS,CAIvC,IAAI55B,GAHJ03B,EAAMtlC,KAAKonC,SAGChmC,OAASpB,KAAKwnC,QAC1BxnC,KAAKonC,QAAU9B,EAAI5jC,MAAM4jC,EAAIlkC,OAASwM,EAAG03B,EAAIlkC,QACjB,IAAxBpB,KAAKonC,QAAQhmC,SACfpB,KAAKonC,QAAU,MAEjB9B,EAAMqC,GAAME,OAAOvC,EAAK,EAAGA,EAAIlkC,OAASwM,EAAG5N,KAAKkQ,QAChD,IAAK,IAAIjN,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,GAAKjD,KAAKynC,SACxCznC,KAAK8nC,QAAQxC,EAAKriC,EAAGA,EAAIjD,KAAKynC,UAGlC,OAAOznC,IACT,EAEAmnC,GAAUnmC,UAAU+mC,OAAS,SAAgBhC,GAI3C,OAHA/lC,KAAK0nC,OAAO1nC,KAAKgoC,QACjB5C,GAAwB,OAAjBplC,KAAKonC,SAELpnC,KAAKioC,QAAQlC,EACtB,EAEAoB,GAAUnmC,UAAUgnC,KAAO,WACzB,IAAIh4B,EAAMhQ,KAAKqnC,aACXngC,EAAQlH,KAAKwnC,QACbtrB,EAAIhV,GAAU8I,EAAMhQ,KAAK00B,WAAaxtB,EACtCkI,EAAUvP,MAAMqc,EAAIlc,KAAK00B,WAC7BtlB,EAAI,GAAK,IACT,IAAK,IAAInM,EAAI,EAAGA,EAAIiZ,EAAGjZ,IACrBmM,EAAInM,GAAK,EAIX,GADA+M,IAAQ,EACY,QAAhBhQ,KAAKkQ,OAAkB,CACzB,IAAK,IAAIgO,EAAI,EAAGA,EAAIle,KAAK00B,UAAWxW,IAClC9O,EAAInM,KAAO,EAEbmM,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EACXmM,EAAInM,KAAQ+M,IAAQ,GAAM,IAC1BZ,EAAInM,KAAQ+M,IAAQ,GAAM,IAC1BZ,EAAInM,KAAQ+M,IAAQ,EAAK,IACzBZ,EAAInM,KAAa,IAAN+M,OAWX,IATAZ,EAAInM,KAAa,IAAN+M,EACXZ,EAAInM,KAAQ+M,IAAQ,EAAK,IACzBZ,EAAInM,KAAQ+M,IAAQ,GAAM,IAC1BZ,EAAInM,KAAQ+M,IAAQ,GAAM,IAC1BZ,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EACXmM,EAAInM,KAAO,EAENib,EAAI,EAAGA,EAAIle,KAAK00B,UAAWxW,IAC9B9O,EAAInM,KAAO,EAGf,OAAOmM,CACT,wBCxFI84B,GAASP,GAAMO,OAUnB,OARA,SAAcpqB,EAAG/Q,EAAGoB,EAAGg6B,GACrB,OAAU,IAANrqB,EACKsqB,GAAKr7B,EAAGoB,EAAGg6B,GACV,IAANrqB,GAAiB,IAANA,EACNuqB,GAAIt7B,EAAGoB,EAAGg6B,GACT,IAANrqB,EACKwqB,GAAMv7B,EAAGoB,EAAGg6B,QADrB,CAEF,EAGA,SAASC,GAAKr7B,EAAGoB,EAAGg6B,GAClB,OAAQp7B,EAAIoB,GAAQpB,EAAKo7B,CAC3B,CAGA,SAASG,GAAMv7B,EAAGoB,EAAGg6B,GACnB,OAAQp7B,EAAIoB,EAAMpB,EAAIo7B,EAAMh6B,EAAIg6B,CAClC,CAGA,SAASE,GAAIt7B,EAAGoB,EAAGg6B,GACjB,OAAOp7B,EAAIoB,EAAIg6B,CACjB,CAqBA,qBA9BeC,SAKCE,OAKFD,UAEd,SAAgBt7B,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAOA,IAAM,CAC/C,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,IAAOA,IAAM,EAChD,GCxCIw7B,GAAQZ,GAAMY,MACdC,GAAUb,GAAMa,QAChBC,GAAUd,GAAMc,QAChBL,GAAOM,GAAUN,KACjBE,GAAQI,GAAUJ,MAClBK,GAASD,GAAUC,OACnBC,GAASF,GAAUE,OACnBC,GAASH,GAAUG,OACnBC,GAASJ,GAAUI,OAEnB3B,GAAY4B,GAAO5B,UAEnB6B,GAAW,CACb,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,YAGtC,SAASC,KACP,KAAMjpC,gBAAgBipC,IACpB,OAAO,IAAIA,GAEb9B,GAAUrmC,KAAKd,MACfA,KAAKoc,EAAI,CACP,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,YAEtCpc,KAAKkc,EAAI8sB,GACThpC,KAAKkpC,EAAQrpC,MAAM,GACrB,CACA8nC,GAAMrB,SAAS2C,GAAQ9B,WACN8B,GC9CjB,SAASE,KACP,KAAMnpC,gBAAgBmpC,IACpB,OAAO,IAAIA,GAEbF,GAAOnoC,KAAKd,MACZA,KAAKoc,EAAI,CACP,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACxC,CDwCA6sB,GAAOhW,UAAY,IACnBgW,GAAO3B,QAAU,IACjB2B,GAAO1B,aAAe,IACtB0B,GAAOvU,UAAY,GAEnBuU,GAAOjoC,UAAU8mC,QAAU,SAAiBxC,EAAK1hC,GAG/C,IAFA,IAAIslC,EAAIlpC,KAAKkpC,EAEJjmC,EAAI,EAAGA,EAAI,GAAIA,IACtBimC,EAAEjmC,GAAKqiC,EAAI1hC,EAAQX,GACrB,KAAOA,EAAIimC,EAAE9nC,OAAQ6B,IACnBimC,EAAEjmC,GAAKulC,GAAQM,GAAOI,EAAEjmC,EAAI,IAAKimC,EAAEjmC,EAAI,GAAI4lC,GAAOK,EAAEjmC,EAAI,KAAMimC,EAAEjmC,EAAI,KAEtE,IAAIqL,EAAItO,KAAKoc,EAAE,GACXlO,EAAIlO,KAAKoc,EAAE,GACXC,EAAIrc,KAAKoc,EAAE,GACXsM,EAAI1oB,KAAKoc,EAAE,GACX/X,EAAIrE,KAAKoc,EAAE,GACXuoB,EAAI3kC,KAAKoc,EAAE,GACXwoB,EAAI5kC,KAAKoc,EAAE,GACXA,EAAIpc,KAAKoc,EAAE,GAGf,IADAgpB,GAAOplC,KAAKkc,EAAE9a,SAAW8nC,EAAE9nC,QACtB6B,EAAI,EAAGA,EAAIimC,EAAE9nC,OAAQ6B,IAAK,CAC7B,IAAImmC,EAAKX,GAAQrsB,EAAGwsB,GAAOvkC,GAAI+jC,GAAK/jC,EAAGsgC,EAAGC,GAAI5kC,KAAKkc,EAAEjZ,GAAIimC,EAAEjmC,IACvDomC,EAAKd,GAAMI,GAAOr6B,GAAIg6B,GAAMh6B,EAAGJ,EAAGmO,IACtCD,EAAIwoB,EACJA,EAAID,EACJA,EAAItgC,EACJA,EAAIkkC,GAAM7f,EAAG0gB,GACb1gB,EAAIrM,EACJA,EAAInO,EACJA,EAAII,EACJA,EAAIi6B,GAAMa,EAAIC,GAGhBrpC,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAI9N,GAC7BtO,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIlO,GAC7BlO,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIC,GAC7Brc,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIsM,GAC7B1oB,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAI/X,GAC7BrE,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIuoB,GAC7B3kC,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIwoB,GAC7B5kC,KAAKoc,EAAE,GAAKmsB,GAAMvoC,KAAKoc,EAAE,GAAIA,EAC/B,EAEA6sB,GAAOjoC,UAAUinC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQtpC,KAAKoc,EAAG,OAEtBurB,GAAM4B,QAAQvpC,KAAKoc,EAAG,MACjC,EC1FAurB,GAAMrB,SAAS6C,GAAQF,WACNE,GAEjBA,GAAOlW,UAAY,IACnBkW,GAAO7B,QAAU,IACjB6B,GAAO5B,aAAe,IACtB4B,GAAOzU,UAAY,GAEnByU,GAAOnoC,UAAUinC,QAAU,SAAgBlC,GAEzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQtpC,KAAKoc,EAAE1a,MAAM,EAAG,GAAI,OAElCimC,GAAM4B,QAAQvpC,KAAKoc,EAAE1a,MAAM,EAAG,GAAI,MAC7C,ECtBA,IAAI8nC,GAAY7B,GAAM6B,UAClBC,GAAY9B,GAAM8B,UAClBC,GAAW/B,GAAM+B,SACjBC,GAAWhC,GAAMgC,SACjBC,GAAQjC,GAAMiC,MACdC,GAAWlC,GAAMkC,SACjBC,GAAWnC,GAAMmC,SACjBC,GAAapC,GAAMoC,WACnBC,GAAarC,GAAMqC,WACnBC,GAAatC,GAAMsC,WACnBC,GAAavC,GAAMuC,WAEnB/C,GAAY4B,GAAO5B,UAEnBgD,GAAW,CACb,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,KACP,KAAMpqC,gBAAgBoqC,IACpB,OAAO,IAAIA,GAEbjD,GAAUrmC,KAAKd,MACfA,KAAKoc,EAAI,CACP,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACdpc,KAAKkc,EAAIiuB,GACTnqC,KAAKkpC,EAAQrpC,MAAM,IACrB,CACA8nC,GAAMrB,SAAS8D,GAAQjD,WACNiD,GAsIjB,SAASC,GAAQC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/B,IAAI98B,EAAK08B,EAAKE,GAASF,EAAMI,EAG7B,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS+8B,GAAQL,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACnC,IAAIh9B,EAAK28B,EAAKE,GAASF,EAAMK,EAG7B,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASi9B,GAASP,EAAIC,EAAIC,EAAIC,EAAIC,GAChC,IAAI98B,EAAK08B,EAAKE,EAAOF,EAAKI,EAAOF,EAAKE,EAGtC,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASk9B,GAASR,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACpC,IAAIh9B,EAAK28B,EAAKE,EAAOF,EAAKK,EAAOH,EAAKG,EAGtC,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASm9B,GAAUT,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAClBd,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASo9B,GAAUV,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAClBb,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASq9B,GAAUX,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASs9B,GAAUZ,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASu9B,GAAUb,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,GAClBf,GAAUc,EAAIC,EAAI,GAClBb,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASw9B,GAAUd,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,GAClBd,GAAUa,EAAIC,EAAI,GAClBZ,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASy9B,GAAUf,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,IAClBZ,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS09B,GAAUhB,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,IAClBX,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CCnUA,SAAS29B,KACP,KAAMvrC,gBAAgBurC,IACpB,OAAO,IAAIA,GAEbnB,GAAOtpC,KAAKd,MACZA,KAAKoc,EAAI,CACP,WAAY,WACZ,WAAY,UACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WAChB,CD+DAguB,GAAOnX,UAAY,KACnBmX,GAAO9C,QAAU,IACjB8C,GAAO7C,aAAe,IACtB6C,GAAO1V,UAAY,IAEnB0V,GAAOppC,UAAUwqC,cAAgB,SAAuBlG,EAAK1hC,GAI3D,IAHA,IAAIslC,EAAIlpC,KAAKkpC,EAGJjmC,EAAI,EAAGA,EAAI,GAAIA,IACtBimC,EAAEjmC,GAAKqiC,EAAI1hC,EAAQX,GACrB,KAAOA,EAAIimC,EAAE9nC,OAAQ6B,GAAK,EAAG,CAC3B,IAAIwoC,EAAQJ,GAAUnC,EAAEjmC,EAAI,GAAIimC,EAAEjmC,EAAI,IAClCyoC,EAAQJ,GAAUpC,EAAEjmC,EAAI,GAAIimC,EAAEjmC,EAAI,IAClC0oC,EAAQzC,EAAEjmC,EAAI,IACd2oC,EAAQ1C,EAAEjmC,EAAI,IACd4oC,EAAQV,GAAUjC,EAAEjmC,EAAI,IAAKimC,EAAEjmC,EAAI,KACnC6oC,EAAQV,GAAUlC,EAAEjmC,EAAI,IAAKimC,EAAEjmC,EAAI,KACnC8oC,EAAQ7C,EAAEjmC,EAAI,IACd+oC,EAAQ9C,EAAEjmC,EAAI,IAElBimC,EAAEjmC,GAAK8mC,GACL0B,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GACT9C,EAAEjmC,EAAI,GAAK+mC,GACTyB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GAEb,EAEA5B,GAAOppC,UAAU8mC,QAAU,SAAiBxC,EAAK1hC,GAC/C5D,KAAKwrC,cAAclG,EAAK1hC,GAExB,IAAIslC,EAAIlpC,KAAKkpC,EAET3C,EAAKvmC,KAAKoc,EAAE,GACZoqB,EAAKxmC,KAAKoc,EAAE,GACZqqB,EAAKzmC,KAAKoc,EAAE,GACZsqB,EAAK1mC,KAAKoc,EAAE,GACZuqB,EAAK3mC,KAAKoc,EAAE,GACZwqB,EAAK5mC,KAAKoc,EAAE,GACZyqB,EAAK7mC,KAAKoc,EAAE,GACZ0qB,EAAK9mC,KAAKoc,EAAE,GACZ4qB,EAAKhnC,KAAKoc,EAAE,GACZ6qB,EAAKjnC,KAAKoc,EAAE,GACZ6vB,EAAKjsC,KAAKoc,EAAE,IACZ8vB,EAAKlsC,KAAKoc,EAAE,IACZ+vB,EAAKnsC,KAAKoc,EAAE,IACZgwB,EAAKpsC,KAAKoc,EAAE,IACZiwB,EAAKrsC,KAAKoc,EAAE,IACZkwB,EAAKtsC,KAAKoc,EAAE,IAEhBgpB,GAAOplC,KAAKkc,EAAE9a,SAAW8nC,EAAE9nC,QAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAIimC,EAAE9nC,OAAQ6B,GAAK,EAAG,CACpC,IAAIwoC,EAAQY,EACRX,EAAQY,EACRX,EAAQV,GAAUjE,EAAIC,GACtB2E,EAAQV,GAAUlE,EAAIC,GACtB4E,EAAQxB,GAAQrD,EAAIC,EAAIgF,EAAIC,EAAIC,GAChCL,EAAQnB,GAAQ3D,EAAIC,EAAIgF,EAAIC,EAAIC,EAAIC,GACpCL,EAAQ/rC,KAAKkc,EAAEjZ,GACf+oC,EAAQhsC,KAAKkc,EAAEjZ,EAAI,GACnBspC,EAAQrD,EAAEjmC,GACVupC,EAAQtD,EAAEjmC,EAAI,GAEdwpC,EAAQxC,GACVwB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GACLE,EAAQxC,GACVuB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GAETf,EAAQV,GAAUxE,EAAIC,GACtBkF,EAAQV,GAAUzE,EAAIC,GACtBmF,EAAQd,GAAStE,EAAIC,EAAIC,EAAIC,EAAIC,GACjCiF,EAAQd,GAASvE,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAErC,IAAI+F,EAAQ9C,GAAS4B,EAAOC,EAAOC,EAAOC,GACtCgB,EAAQ9C,GAAS2B,EAAOC,EAAOC,EAAOC,GAE1CS,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKjF,EACLkF,EAAKjF,EAELD,EAAK6C,GAAShD,EAAIC,EAAI2F,EAAOC,GAC7BzF,EAAK6C,GAAShD,EAAIA,EAAI2F,EAAOC,GAE7B7F,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKsD,GAAS4C,EAAOC,EAAOC,EAAOC,GACnCpG,EAAKsD,GAAS2C,EAAOC,EAAOC,EAAOC,GAGrChD,GAAM5pC,KAAKoc,EAAG,EAAGmqB,EAAIC,GACrBoD,GAAM5pC,KAAKoc,EAAG,EAAGqqB,EAAIC,GACrBkD,GAAM5pC,KAAKoc,EAAG,EAAGuqB,EAAIC,GACrBgD,GAAM5pC,KAAKoc,EAAG,EAAGyqB,EAAIC,GACrB8C,GAAM5pC,KAAKoc,EAAG,EAAG4qB,EAAIC,GACrB2C,GAAM5pC,KAAKoc,EAAG,GAAI6vB,EAAIC,GACtBtC,GAAM5pC,KAAKoc,EAAG,GAAI+vB,EAAIC,GACtBxC,GAAM5pC,KAAKoc,EAAG,GAAIiwB,EAAIC,EACxB,EAEAlC,GAAOppC,UAAUinC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQtpC,KAAKoc,EAAG,OAEtBurB,GAAM4B,QAAQvpC,KAAKoc,EAAG,MACjC,EChMAurB,GAAMrB,SAASiF,GAAQnB,WACNmB,GAEjBA,GAAOtY,UAAY,KACnBsY,GAAOjE,QAAU,IACjBiE,GAAOhE,aAAe,IACtBgE,GAAO7W,UAAY,IAEnB6W,GAAOvqC,UAAUinC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQtpC,KAAKoc,EAAE1a,MAAM,EAAG,IAAK,OAEnCimC,GAAM4B,QAAQvpC,KAAKoc,EAAE1a,MAAM,EAAG,IAAK,MAC9C,EC7BA,IAAImrC,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACduE,GAAUnF,GAAMmF,QAChBtE,GAAUb,GAAMa,QAChBrB,GAAY4B,GAAO5B,UAEvB,SAAS4F,KACP,KAAM/sC,gBAAgB+sC,IACpB,OAAO,IAAIA,GAEb5F,GAAUrmC,KAAKd,MAEfA,KAAKoc,EAAI,CAAE,WAAY,WAAY,WAAY,UAAY,YAC3Dpc,KAAKkQ,OAAS,QAChB,CACAy3B,GAAMrB,SAASyG,GAAW5F,IAC1B,OAAoB4F,GAuDpB,SAASpI,GAAE/nB,EAAG7P,EAAGoB,EAAGg6B,GAClB,OAAIvrB,GAAK,GACA7P,EAAIoB,EAAIg6B,EACRvrB,GAAK,GACJ7P,EAAIoB,GAAQpB,EAAKo7B,EAClBvrB,GAAK,IACJ7P,GAAMoB,GAAMg6B,EACbvrB,GAAK,GACJ7P,EAAIo7B,EAAMh6B,GAAMg6B,EAEjBp7B,GAAKoB,GAAMg6B,EACtB,CAEA,SAAS6E,GAAEpwB,GACT,OAAIA,GAAK,GACA,EACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,UACX,CAEA,SAASqwB,GAAGrwB,GACV,OAAIA,GAAK,GACA,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,CACX,CA1FAmwB,GAAU9Z,UAAY,IACtB8Z,GAAUzF,QAAU,IACpByF,GAAUxF,aAAe,IACzBwF,GAAUrY,UAAY,GAEtBqY,GAAU/rC,UAAU8mC,QAAU,SAAgBxC,EAAK1hC,GAWjD,IAVA,IAAIspC,EAAIltC,KAAKoc,EAAE,GACX+wB,EAAIntC,KAAKoc,EAAE,GACX0W,EAAI9yB,KAAKoc,EAAE,GACXgxB,EAAIptC,KAAKoc,EAAE,GACXixB,EAAIrtC,KAAKoc,EAAE,GACXkxB,EAAKJ,EACLK,EAAKJ,EACLK,EAAK1a,EACL2a,EAAKL,EACLM,EAAKL,EACAzwB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAC3B,IAAI+wB,EAAIpF,GACNsE,GACErE,GAAQ0E,EAAGvI,GAAE/nB,EAAGuwB,EAAGra,EAAGsa,GAAI9H,EAAI13B,GAAEgP,GAAKhZ,GAAQopC,GAAEpwB,IAC/CkB,GAAElB,IACJywB,GACFH,EAAIG,EACJA,EAAID,EACJA,EAAIP,GAAO/Z,EAAG,IACdA,EAAIqa,EACJA,EAAIQ,EACJA,EAAIpF,GACFsE,GACErE,GAAQ8E,EAAI3I,GAAE,GAAK/nB,EAAG2wB,EAAIC,EAAIC,GAAKnI,EAAIsI,GAAGhxB,GAAKhZ,GAAQqpC,GAAGrwB,IAC1DixB,GAAGjxB,IACL8wB,GACFJ,EAAKI,EACLA,EAAKD,EACLA,EAAKZ,GAAOW,EAAI,IAChBA,EAAKD,EACLA,EAAKI,EAEPA,EAAIb,GAAQ9sC,KAAKoc,EAAE,GAAI0W,EAAG2a,GAC1BztC,KAAKoc,EAAE,GAAK0wB,GAAQ9sC,KAAKoc,EAAE,GAAIgxB,EAAGM,GAClC1tC,KAAKoc,EAAE,GAAK0wB,GAAQ9sC,KAAKoc,EAAE,GAAIixB,EAAGC,GAClCttC,KAAKoc,EAAE,GAAK0wB,GAAQ9sC,KAAKoc,EAAE,GAAI8wB,EAAGK,GAClCvtC,KAAKoc,EAAE,GAAK0wB,GAAQ9sC,KAAKoc,EAAE,GAAI+wB,EAAGK,GAClCxtC,KAAKoc,EAAE,GAAKuxB,CACd,EAEAZ,GAAU/rC,UAAUinC,QAAU,SAAgBlC,GAC5C,MAAY,QAARA,EACK4B,GAAM2B,QAAQtpC,KAAKoc,EAAG,UAEtBurB,GAAM4B,QAAQvpC,KAAKoc,EAAG,SACjC,EAyCA,IAAIxO,GAAI,CACN,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,IAGhDggC,GAAK,CACP,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAClD,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAClD,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,IAGhD9vB,GAAI,CACN,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EACrD,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GACpD,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GACpD,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,GAGnD+vB,GAAK,CACP,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EACrD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GACpD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,EACrD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EACrD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,sBC1HtD,SAASC,GAAS/gC,EAAGmP,GACnB,IAAI5N,EAAIvB,EAAE,GACNmB,EAAInB,EAAE,GACNsP,EAAItP,EAAE,GACN2b,EAAI3b,EAAE,GAEVuB,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,OAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAE9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,EAAG,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,WAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,WAC5BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,GAAI,YAC9BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,YAC7B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,GAAI,YAC9BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,YAC7BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAE/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,QAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,YAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,UAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,YAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,UAC7B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,WAC/BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,SAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,YAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9BnP,EAAE,GAAKkhC,GAAM3/B,EAAGvB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM//B,EAAGnB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM5xB,EAAGtP,EAAE,IAClBA,EAAE,GAAKkhC,GAAMvlB,EAAG3b,EAAE,GACpB,CAEA,SAASmhC,GAAI3/B,EAAGD,EAAGJ,EAAGnB,EAAG+Q,EAAGI,GAE1B,OADA5P,EAAI2/B,GAAMA,GAAM3/B,EAAGC,GAAI0/B,GAAMlhC,EAAGmR,IACzB+vB,GAAO3/B,GAAKwP,EAAMxP,IAAO,GAAKwP,EAAK5P,EAC5C,CAEA,SAAS6/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAImO,GAAQnO,EAAKwa,EAAIpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAAS8vB,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAIwa,EAAMrM,GAAMqM,EAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAASmuB,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAIhgC,EAAImO,EAAIqM,EAAGpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACpC,CAEA,SAASqd,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAI7xB,GAAKnO,GAAMwa,GAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACzC,CAyCA,SAASiwB,GAAOrwB,GACd,MAAMswB,EAAU,GAChB,IAAInrC,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBmrC,EAAQnrC,GAAK,GAAK6a,EAAErB,WAAWxZ,IAAM6a,EAAErB,WAAWxZ,EAAI,IAAM,IAAM6a,EAAErB,WAAWxZ,EAAI,IAAM,KAAO6a,EAAErB,WAAWxZ,EAAI,IAC/G,IAEJ,OAAOmrC,CACT,CAEA,MAAMC,GAAU,mBAAmBruB,MAAM,IAEzC,SAASsuB,GAAKjiC,GACZ,IAAIyR,EAAI,GACJlB,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZkB,GAAKuwB,GAAShiC,GAAU,EAAJuQ,EAAQ,EAAM,IAAQyxB,GAAShiC,GAAU,EAAJuQ,EAAU,IAErE,OAAOkB,CACT,CAeA,SAASmwB,GAAM3/B,EAAGJ,GAChB,OAAQI,EAAIJ,EAAK,UACnB,CClLA,MAAMqgC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClB2vB,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAAS10B,GAChB,GAAKu0B,IAAeC,GAAiBhtB,SAASxH,GAG9C,OAAO9Y,eAAgB4I,GACrB,MAAM6kC,EAASJ,GAAWK,WAAW50B,GACrC,OAAOuC,EAAiBzS,GAAM1I,IAC5ButC,EAAOlH,OAAOrmC,EAAM,IACnB,IAAM,IAAIwB,WAAW+rC,EAAO7G,YAEnC,CAEA,SAAS+G,GAAW76B,EAAM86B,GACxB,OAAO5tC,eAAe4I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,KAE3BsQ,EAAK7X,SAASuH,IAASwkC,IAAaQ,GAAiBhlC,EAAK3I,QAAUsjB,EAAOpB,qBAC9E,OAAO,IAAIzgB,iBAAiB0rC,GAAUxG,OAAOgH,EAAehlC,IAE9D,MAAMilC,EAAe/6B,IACrB,OAAOuI,EAAiBzS,GAAM1I,IAC5B2tC,EAAatH,OAAOrmC,EAAM,IACzB,IAAM,IAAIwB,WAAWmsC,EAAajH,YAEzC,CAEA,SAASkH,GAAch7B,EAAM86B,GAC3B,OAAO5tC,eAAe4I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,IAE5BsQ,EAAK7X,SAASuH,GAAO,CACvB,MAAMilC,EAAe,IAAI/6B,EACzB,OAAOuI,EAAiBzS,GAAM1I,IAC5B2tC,EAAa3sC,QAAQhB,EAAM,IAC1B,IAAM2tC,EAAanlC,SAASpI,SAC1B,OAAI8sC,IAAaQ,GAAiBhlC,EAAK3I,QAAUsjB,EAAOpB,qBACtD,IAAIzgB,iBAAiB0rC,GAAUxG,OAAOgH,EAAehlC,IAErDkK,EAAK/M,MAAM6C,GAGxB,CAEA,MAAMmlC,GAAgB,CACpBh7B,IAAKy6B,GAAS,QDrDhBxtC,eAAmBguC,GACjB,MAAMpH,EAyGR,SAAcjqB,GACZ,MAAMzR,EAAIyR,EAAE1c,OACNguC,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAInsC,EACJ,IAAKA,EAAI,GAAIA,GAAK6a,EAAE1c,OAAQ6B,GAAK,GAC/B6qC,GAASsB,EAAOjB,GAAOrwB,EAAEuxB,UAAUpsC,EAAI,GAAIA,KAE7C6a,EAAIA,EAAEuxB,UAAUpsC,EAAI,IACpB,MAAMqsC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKrsC,EAAI,EAAGA,EAAI6a,EAAE1c,OAAQ6B,IACxBqsC,EAAKrsC,GAAK,IAAM6a,EAAErB,WAAWxZ,KAAQA,EAAI,GAAM,GAGjD,GADAqsC,EAAKrsC,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADA6qC,GAASsB,EAAOE,GACXrsC,EAAI,EAAGA,EAAI,GAAIA,IAClBqsC,EAAKrsC,GAAK,EAKd,OAFAqsC,EAAK,IAAU,EAAJjjC,EACXyhC,GAASsB,EAAOE,GACTF,CACT,CA/HiBG,CAAKl1B,EAAKqC,mBAAmByyB,IAC5C,OAAO90B,EAAK4B,gBAoKd,SAAalP,GACX,IAAK,IAAI9J,EAAI,EAAGA,EAAI8J,EAAE3L,OAAQ6B,IAC5B8J,EAAE9J,GAAKqrC,GAAKvhC,EAAE9J,IAEhB,OAAO8J,EAAEvL,KAAK,GAChB,CAzK8B8K,CAAIy7B,GAClC,ECmDE5zB,KAAMw6B,GAAS,SAAWM,GAAcpL,GAAM,SAC9CrvB,OAAQm6B,GAAS,WAAaG,GAAWt6B,IACzCH,OAAQs6B,GAAS,WAAaM,GAAchL,GAAQ,WACpD3vB,OAAQq6B,GAAS,WAAaG,GAAWx6B,GAAQ,WACjDC,OAAQo6B,GAAS,WAAaG,GAAWv6B,GAAQ,WACjDH,OAAQu6B,GAAS,cAAgBG,GAAWU,KAG9C,OAAe,CAGbt7B,IAAKg7B,GAAch7B,IAEnBC,KAAM+6B,GAAc/6B,KAEpBK,OAAQ06B,GAAc16B,OAEtBH,OAAQ66B,GAAc76B,OAEtBC,OAAQ46B,GAAc56B,OAEtBC,OAAQ26B,GAAc36B,OAEtBH,OAAQ86B,GAAc96B,OAQtB2zB,OAAQ,SAAS0H,EAAM1lC,GACrB,OAAQ0lC,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAOlU,KAAKkU,IAAInK,GAClB,KAAKiX,EAAM/M,KAAKE,KACd,OAAOnU,KAAKmU,KAAKpK,GACnB,KAAKiX,EAAM/M,KAAKG,OACd,OAAOpU,KAAKoU,OAAOrK,GACrB,KAAKiX,EAAM/M,KAAKI,OACd,OAAOrU,KAAKqU,OAAOtK,GACrB,KAAKiX,EAAM/M,KAAKK,OACd,OAAOtU,KAAKsU,OAAOvK,GACrB,KAAKiX,EAAM/M,KAAKM,OACd,OAAOvU,KAAKuU,OAAOxK,GACrB,KAAKiX,EAAM/M,KAAKO,OACd,OAAOxU,KAAKwU,OAAOzK,GACrB,QACE,MAAU7G,MAAM,4BAStBwsC,kBAAmB,SAASD,GAC1B,OAAQA,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAO,GACT,KAAK8M,EAAM/M,KAAKE,KAChB,KAAK6M,EAAM/M,KAAKG,OACd,OAAO,GACT,KAAK4M,EAAM/M,KAAKI,OACd,OAAO,GACT,KAAK2M,EAAM/M,KAAKK,OACd,OAAO,GACT,KAAK0M,EAAM/M,KAAKM,OACd,OAAO,GACT,KAAKyM,EAAM/M,KAAKO,OACd,OAAO,GACT,QACE,MAAUtR,MAAM,8BC9IjB,MAAMysC,GACT/nB,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIwB,QAAQ5oB,GAExC6d,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIyB,QAAQ7oB,GAExCjK,YAAY+W,EAAKsa,EAAI0B,GACjB7yB,KAAK6yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,GAAI,EAAM,cACvCnxB,KAAK6yB,IAAIzB,QAEpBuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIhB,oBAAoB9nB,GAC7B/J,KAAK6yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIP,oBAAoBvoB,GAC7B/J,KAAK6yB,IAAIN,uBCXb,SAASqd,GAAUH,GAChC,MAAMI,EAAW7uB,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GAC7C,OAAO3hB,GAAO+hB,EAChB,CCkBA,MAAMtB,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBgxB,GAAatB,GAAaA,GAAWuB,aAAe,GACpDC,GAAY,CAChB58B,KAAM08B,GAAWruB,SAAS,YAAc,gBAAaxgB,EACrDoS,UAAWy8B,GAAWruB,SAAS,gBAAkB,oBAAiBxgB,EAClEqS,MAAOw8B,GAAWruB,SAAS,aAAe,iBAAcxgB,EACxDsS,SAAUu8B,GAAWruB,SAAS,UAAY,cAAWxgB,EACrDuS,OAAQs8B,GAAWruB,SAAS,eAAiB,mBAAgBxgB,EAC7DwS,OAAQq8B,GAAWruB,SAAS,eAAiB,mBAAgBxgB,EAC7DyS,OAAQo8B,GAAWruB,SAAS,eAAiB,mBAAgBxgB,6DAaxDE,eAAuBsuC,EAAM54B,EAAK1D,EAAWge,EAAIzM,GACtD,MAAMmrB,EAAW7uB,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OAiHJ,SAAqBJ,EAAM54B,EAAKo5B,EAAI9e,GAClC,MAAM0e,EAAW7uB,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GACvCS,EAAY,IAAI1B,GAAW2B,eAAeH,GAAUH,GAAWh5B,EAAKsa,GAC1E,OAAO3U,EAAiByzB,GAAI5uC,GAAS,IAAIwB,WAAWqtC,EAAUxI,OAAOrmC,KACvE,CArHW+uC,CAAYX,EAAM54B,EAAK1D,EAAWge,GAE3C,GAAI9W,EAAKyG,MAAM2uB,GACb,OAwEJ,SAAoBA,EAAM54B,EAAKo5B,EAAI9e,EAAIzM,GACrC,GACErK,EAAKoE,gBACU,KAAf5H,EAAIzV,SACHiZ,EAAK7X,SAASytC,IACfA,EAAG7uC,QAAU,IAAOsjB,EAAOpB,qBAE3B,OAqBJniB,eAA0BsuC,EAAM54B,EAAKo5B,EAAI9e,GACvC,MAAMkf,EAAO,UACPC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,IAAQ,EAAO,CAAC,aACrEpd,UAAEA,GAAc2c,GAAUH,GAC1Be,EAASn2B,EAAKvX,iBAAiB,CAAC,IAAID,WAAWowB,GAAYgd,IAC3DQ,EAAK,IAAI5tC,iBAAiB0rC,GAAU5b,QAAQ,CAAExnB,KAAMklC,EAAMlf,MAAMmf,EAAME,IAAStkC,SAAS,EAAG+jC,EAAG7uC,QAEpG,OAbF,SAAgBkN,EAAGJ,GACjB,IAAK,IAAIjL,EAAI,EAAGA,EAAIqL,EAAElN,OAAQ6B,IAC5BqL,EAAErL,GAAKqL,EAAErL,GAAKiL,EAAEjL,EAEpB,CAQEytC,CAAOD,EAAIR,GACJQ,CACT,CA7BWE,CAAWlB,EAAM54B,EAAKo5B,EAAI9e,GAGnC,MAAMyf,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiByzB,GAAI5uC,GAASuvC,EAAI/d,IAAIhB,oBAAoBxwB,KAAQ,IAAMuvC,EAAI/d,IAAIZ,sBACzF,CApFW4e,CAAWpB,EAAM54B,EAAK1D,EAAWge,EAAIzM,GAG9C,MACMosB,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAEtB+d,EAAS7f,EAAGzvB,QAClB,IAAIuuC,EAAK,IAAIptC,WACb,MAAMR,EAAUN,IACVA,IACFkuC,EAAK51B,EAAKvX,iBAAiB,CAACmtC,EAAIluC,KAElC,MAAMkvC,EAAa,IAAIpuC,WAAWotC,EAAG7uC,QACrC,IAAI6B,EACA2Z,EAAI,EACR,KAAO7a,EAAQkuC,EAAG7uC,QAAU2vC,EAAad,EAAG7uC,QAAQ,CAClD,MAAM8vC,EAAWJ,EAASne,QAAQqe,GAClC,IAAK/tC,EAAI,EAAGA,EAAI8tC,EAAY9tC,IAC1B+tC,EAAO/tC,GAAKgtC,EAAGhtC,GAAKiuC,EAASjuC,GAC7BguC,EAAWr0B,KAAOo0B,EAAO/tC,GAE3BgtC,EAAKA,EAAG/jC,SAAS6kC,GAEnB,OAAOE,EAAW/kC,SAAS,EAAG0Q,EAAE,EAElC,OAAOJ,EAAiBrJ,EAAW9Q,EAASA,EAC9C,UAUOlB,eAAuBsuC,EAAM54B,EAAKo6B,EAAY9f,GACnD,MAAM0e,EAAW7uB,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OA4EJ,SAAqBJ,EAAM54B,EAAK45B,EAAItf,GAClC,MAAM0e,EAAW7uB,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GACvC0B,EAAc,IAAI3C,GAAW4C,iBAAiBpB,GAAUH,GAAWh5B,EAAKsa,GAC9E,OAAO3U,EAAiBi0B,GAAIpvC,GAAS,IAAIwB,WAAWsuC,EAAYzJ,OAAOrmC,KACzE,CAhFWgwC,CAAY5B,EAAM54B,EAAKo6B,EAAY9f,GAE5C,GAAI9W,EAAKyG,MAAM2uB,GACb,OA2CJ,SAAoBA,EAAM54B,EAAK45B,EAAItf,GACjC,GAAI9W,EAAK7X,SAASiuC,GAAK,CACrB,MAAMG,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiBi0B,GAAIpvC,GAASuvC,EAAI/d,IAAIP,oBAAoBjxB,KAAQ,IAAMuvC,EAAI/d,IAAIN,uBAEzF,OAAOod,GAAQ/c,QAAQ6d,EAAI55B,EAAKsa,EAClC,CAjDWmgB,CAAW7B,EAAM54B,EAAKo6B,EAAY9f,GAG3C,MACM2f,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAE5B,IAAIse,EAASpgB,EACTsf,EAAK,IAAI5tC,WACb,MAAMR,EAAUN,IACVA,IACF0uC,EAAKp2B,EAAKvX,iBAAiB,CAAC2tC,EAAI1uC,KAElC,MAAMoR,EAAY,IAAItQ,WAAW4tC,EAAGrvC,QACpC,IAAI6B,EACA2Z,EAAI,EACR,KAAO7a,EAAQ0uC,EAAGrvC,QAAU2vC,EAAaN,EAAGrvC,QAAQ,CAClD,MAAMowC,EAAWV,EAASne,QAAQ4e,GAElC,IADAA,EAASd,EAAGvkC,SAAS,EAAG6kC,GACnB9tC,EAAI,EAAGA,EAAI8tC,EAAY9tC,IAC1BkQ,EAAUyJ,KAAO20B,EAAOtuC,GAAKuuC,EAASvuC,GAExCwtC,EAAKA,EAAGvkC,SAAS6kC,GAEnB,OAAO59B,EAAUjH,SAAS,EAAG0Q,EAAE,EAEjC,OAAOJ,EAAiBy0B,EAAY5uC,EAASA,EAC/C,IC/HO,MAAMovC,GACT7pB,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3C6d,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3CjK,YAAY+W,EAAK66B,EAAO7e,GACpB7yB,KAAK6yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK5V,GAAW,EAAO,cAC/CjB,KAAK6yB,IAAIzB,QAChBpxB,KAAK2xC,oBAAoBD,GAE7B/e,QAAQ5oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIhB,oBAAoB9nB,GAC7B/J,KAAK6yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIhB,oBAAoB9nB,GAC7B/J,KAAK6yB,IAAIZ,sBAGxB0f,oBAAoBD,EAAOE,EAAS5sC,GAChC,IAAI+jB,IAAEA,GAAQ/oB,KAAK6yB,IAAIxB,cACvB,QAAapwB,IAAT+D,EAAoB,CACpB,GAAIA,EAAO,GAAKA,EAAO,GACnB,MAAM,IAAI8rB,GAAqB,wBACnC,IAAI+gB,EAAOlmC,KAAKmmC,IAAI,EAAG9sC,GAAQ,EAC/B+jB,EAAIkE,SAAS,EAAG,EAAI4kB,EAAO,WAAe,EAAU,EAAPA,QAG7C7sC,EAAO,GACP+jB,EAAIkE,SAAS,EAAG,EAAG,MAAQ,YAE/B,QAAchsB,IAAVywC,EASA,MAAUxuC,MAAM,qBATK,CACrB,IAAI8M,EAAM0hC,EAAMtwC,OAChB,IAAK4O,GAAOA,EAAM,GACd,MAAM,IAAI8gB,GAAqB,sBACnC,IAAIihB,EAAO,IAAI1sB,SAAS,IAAID,YAAY,KACxC,IAAIviB,WAAWkvC,EAAK9tC,QAAQX,IAAIouC,GAChC3oB,EAAI6D,UAAUmlB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,KAK1F,QAAgB1wB,IAAZ2wC,EAAuB,CACvB,GAAIA,EAAU,GAAKA,GAAWjmC,KAAKmmC,IAAI,EAAG9sC,GACtC,MAAM,IAAI8rB,GAAqB,yBACnC/H,EAAIuE,YAAY,EAAG,EAAIskB,EAAU,WAAe,EAAa,EAAVA,KCjDxD,MAAMI,GACTpqB,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASuB,QAAQ5oB,GAEjD6d,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASwB,QAAQ7oB,GAEjDjK,YAAY+W,EAAKsa,EAAIC,GAAU,EAAMyB,GACjC7yB,KAAK6yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,EAAIC,EAAS,OAErDuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIhB,oBAAoB9nB,GAC7B/J,KAAK6yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIrwB,KAAK6yB,IAAIP,oBAAoBvoB,GAC7B/J,KAAK6yB,IAAIN,uBCT5B,MAAMgc,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBlBmzB,GAAc,GAWpB,SAASC,GAAYnoC,EAAMqnB,GACzB,MAAMhhB,EAASrG,EAAK3I,OAAS6wC,GAC7B,IAAK,IAAIhvC,EAAI,EAAGA,EAAIgvC,GAAahvC,IAC/B8G,EAAK9G,EAAImN,IAAWghB,EAAQnuB,GAE9B,OAAO8G,CACT,CAeA,MAAMooC,GAAY,IAAItvC,WAAWovC,IAElB9wC,eAAeixC,GAAKv7B,GACjC,MAAMw7B,QAYRlxC,eAAmB0V,GACjB,GAAIwD,EAAKoE,gBAAiC,KAAf5H,EAAIzV,OAE7B,OADAyV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW/J,OAAqB,EAAbyV,EAAIzV,SAAc,EAAO,CAAC,YAC1FD,eAAe8uC,GACpB,MAAMQ,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWgmB,GAAIghB,GAAW/wC,OAAsB,EAAd6wC,IAAmBp7B,EAAKo5B,GACrG,OAAO,IAAIptC,WAAW4tC,GAAIvkC,SAAS,EAAGukC,EAAGtsC,WAAa8tC,KAG1D,GAAI53B,EAAKyE,gBACP,OAAO3d,eAAe8uC,GACpB,MACMQ,EADK,IAAIjC,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIzV,OAAc,OAAQyV,EAAKs7B,IACpEzK,OAAOuI,GACrB,OAAO,IAAIptC,WAAW4tC,IAI1B,OAAOtvC,eAAe8uC,GACpB,OAAO+B,GAAQrf,QAAQsd,EAAIp5B,GAAK,EAAOs7B,IAE3C,CA/BoB/iB,CAAIvY,GAGhBua,EAAU/W,EAAK8D,aAAak0B,EAAIF,KAChCG,EAAWj4B,EAAK8D,OAAOiT,GAE7B,OAAOjwB,eAAe4I,GAEpB,aAAcsoC,EAxBlB,SAAatoC,EAAMqnB,EAASkhB,GAE1B,GAAIvoC,EAAK3I,QAAU2I,EAAK3I,OAAS6wC,IAAgB,EAE/C,OAAOC,GAAYnoC,EAAMqnB,GAG3B,MAAM5V,EAAS,IAAI3Y,WAAWkH,EAAK3I,QAAU6wC,GAAeloC,EAAK3I,OAAS6wC,KAG1E,OAFAz2B,EAAOlY,IAAIyG,GACXyR,EAAOzR,EAAK3I,QAAU,IACf8wC,GAAY12B,EAAQ82B,EAC7B,CAasB9f,CAAIzoB,EAAMqnB,EAASkhB,KAAYpmC,UAAU+lC,IAE/D,CC3CA,MAAM1D,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAGdizB,GAAc,GACdM,GAAWN,GACXO,GAAYP,GAEZtiC,GAAO,IAAI9M,WAAWovC,IACtBriC,GAAM,IAAI/M,WAAWovC,IAAcriC,GAAIqiC,GAAc,GAAK,EAChE,MAAMQ,GAAM,IAAI5vC,WAAWovC,IAE3B9wC,eAAeuxC,GAAK77B,GAClB,MAAM87B,QAAaP,GAAKv7B,GACxB,OAAO,SAASqH,EAAG1E,GACjB,OAAOm5B,EAAKt4B,EAAKvX,iBAAiB,CAACob,EAAG1E,KAE1C,CAEArY,eAAeouB,GAAI1Y,GACjB,OACEwD,EAAKoE,gBACU,KAAf5H,EAAIzV,QAEJyV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW/J,OAAqB,EAAbyV,EAAIzV,SAAc,EAAO,CAAC,YAC1FD,eAAe8uC,EAAI9e,GACxB,MAAMsf,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWymC,QAASzgB,EAAI/vB,OAAsB,EAAd6wC,IAAmBp7B,EAAKo5B,GACnG,OAAO,IAAIptC,WAAW4tC,KAGtBp2B,EAAKyE,gBACA3d,eAAe8uC,EAAI9e,GACxB,MAAMyhB,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIzV,OAAc,OAAQyV,EAAKsa,GAC5Esf,EAAKxxB,GAAOzY,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,UAC5C,OAAO,IAAIhwC,WAAW4tC,IAInBtvC,eAAe8uC,EAAI9e,GACxB,OAAOsgB,GAAQ9e,QAAQsd,EAAIp5B,EAAKsa,GAEpC,CAQAhwB,eAAe2xC,GAAIhlB,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUxQ,MAAM,qCAGlB,MACE6vC,EACAC,SACQ/yC,QAAQ2H,IAAI,CACpB8qC,GAAK77B,GACL0Y,GAAI1Y,KAGN,MAAO,CAQL8b,QAASxxB,eAAegS,EAAWu+B,EAAOuB,GACxC,MACEC,EACAC,SACQlzC,QAAQ2H,IAAI,CACpBmrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,KAENG,QAAiBJ,EAAI7/B,EAAW+/B,GAEhC5yB,QADqByyB,EAAKN,GAAKW,GAErC,IAAK,IAAInwC,EAAI,EAAGA,EAAIuvC,GAAWvvC,IAC7Bqd,EAAIrd,IAAMkwC,EAAUlwC,GAAKiwC,EAAUjwC,GAErC,OAAOoX,EAAKvX,iBAAiB,CAACswC,EAAU9yB,KAU1CsS,QAASzxB,eAAe8vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW7vC,OAASoxC,GAAW,MAAUtvC,MAAM,0BACnD,MAAMkwC,EAAWnC,EAAW/kC,SAAS,GAAIsmC,IACnCa,EAAQpC,EAAW/kC,UAAUsmC,KAEjCU,EACAC,EACAG,SACQrzC,QAAQ2H,IAAI,CACpBmrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,GACVF,EAAKN,GAAKW,KAEN9yB,EAAMgzB,EACZ,IAAK,IAAIrwC,EAAI,EAAGA,EAAIuvC,GAAWvvC,IAC7Bqd,EAAIrd,IAAMkwC,EAAUlwC,GAAKiwC,EAAUjwC,GAErC,IAAKoX,EAAKqD,iBAAiB21B,EAAO/yB,GAAM,MAAUpd,MAAM,+BAExD,aADwB8vC,EAAII,EAAUF,IAI5C,CA5GyCT,GAAIR,GAAc,GAAK,EAoHhEa,GAAIS,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGzvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIuwC,EAAWpyC,OAAQ6B,IACrCyuC,EAAM,EAAIzuC,IAAMuwC,EAAWvwC,GAE7B,OAAOyuC,CACT,EAEAoB,GAAIb,YAAcA,GAClBa,GAAIP,SAAWA,GACfO,GAAIN,UAAYA,GC3IhB,MAAMP,GAAc,GACdM,GAAW,GAMXC,GAAY,GAGlB,SAASiB,GAAIpnC,GACX,IAAIonC,EAAM,EACV,IAAK,IAAIxwC,EAAI,EAAe,IAAXoJ,EAAIpJ,GAAUA,IAAM,EACnCwwC,IAEF,OAAOA,CACT,CAEA,SAAS/C,GAAOgD,EAAG/F,GACjB,IAAK,IAAI1qC,EAAI,EAAGA,EAAIywC,EAAEtyC,OAAQ6B,IAC5BywC,EAAEzwC,IAAM0qC,EAAE1qC,GAEZ,OAAOywC,CACT,CAEA,SAASC,GAAID,EAAG/F,GACd,OAAO+C,GAAOgD,EAAEhyC,QAASisC,EAC3B,CAEA,MAAMwE,GAAY,IAAItvC,WAAWovC,IAC3BriC,GAAM,IAAI/M,WAAW,CAAC,IAO5B1B,eAAeyyC,GAAI9lB,EAAQjX,GAEzB,IACIg9B,EACAC,EACAjC,EAHAkC,EAAS,EA2Eb,SAASC,EAAM9pC,EAAIgM,EAAMw7B,EAAOuB,GAI9B,MAAM5lC,EAAI6I,EAAK9U,OAAS6wC,GAAc,GAxDxC,SAA4B/7B,EAAM+8B,GAChC,MAAMgB,EAAY55B,EAAK2B,MAAMrQ,KAAKC,IAAIsK,EAAK9U,OAAQ6xC,EAAM7xC,QAAU6wC,GAAc,GAAK,EACtF,IAAK,IAAIhvC,EAAI8wC,EAAS,EAAG9wC,GAAKgxC,EAAWhxC,IACvC4uC,EAAK5uC,GAAKoX,EAAK8D,OAAO0zB,EAAK5uC,EAAI,IAEjC8wC,EAASE,EAwDTC,CAAmBh+B,EAAM+8B,GAOzB,MAAMkB,EAAc95B,EAAKvX,iBAAiB,CAACqvC,GAAUjmC,SAAS,EAAGqmC,GAAWb,EAAMtwC,QAASwO,GAAK8hC,IAE1F0C,EAAwC,GAA/BD,EAAYlC,GAAc,GAEzCkC,EAAYlC,GAAc,IAAM,IAChC,MAAMoC,EAAOR,EAASM,GAEhBG,EAAYj6B,EAAKvX,iBAAiB,CAACuxC,EAAMV,GAAIU,EAAKnoC,SAAS,EAAG,GAAImoC,EAAKnoC,SAAS,EAAG,MAEnFkE,EAASiK,EAAKiE,WAAWg2B,EAAUpoC,SAAS,GAAKkoC,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAaloC,SAAS,GAE/G0Z,EAAW,IAAI/iB,WAAWovC,IAE1BxB,EAAK,IAAI5tC,WAAWqT,EAAK9U,OAASoxC,IAKxC,IAAIvvC,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIoK,EAAGpK,IAEjBytC,GAAOtgC,EAAQyhC,EAAK4B,GAAIxwC,EAAI,KAG5BwtC,EAAGntC,IAAIotC,GAAOxmC,EAAGypC,GAAIvjC,EAAQ8F,IAAQ9F,GAASjN,GAE9CutC,GAAO9qB,EAAU1b,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS/I,IAEtD+S,EAAOA,EAAKhK,SAAS+lC,IACrB9uC,GAAO8uC,GAMT,GAAI/7B,EAAK9U,OAAQ,CAEfsvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAMqkB,EAAUyiB,EAASzjC,GAEzBqgC,EAAGntC,IAAIqwC,GAAIz9B,EAAMkb,GAAUjuB,GAG3B,MAAMoxC,EAAW,IAAI1xC,WAAWovC,IAChCsC,EAASjxC,IAAI4G,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS/I,GAAMqvC,IAAY,GACpE+B,EAASr+B,EAAK9U,QAAU,IACxBsvC,GAAO9qB,EAAU2uB,GACjBpxC,GAAO+S,EAAK9U,OAGd,MAAMkf,EAAMowB,GAAOmD,EAASnD,GAAOA,GAAO9qB,EAAUxV,GAASyhC,EAAK2C,IAhHpE,SAAcvB,GACZ,IAAKA,EAAM7xC,OAET,OAAO+wC,GAMT,MAAM9kC,EAAI4lC,EAAM7xC,OAAS6wC,GAAc,EAEjC7hC,EAAS,IAAIvN,WAAWovC,IACxBxhB,EAAM,IAAI5tB,WAAWovC,IAC3B,IAAK,IAAIhvC,EAAI,EAAGA,EAAIoK,EAAGpK,IACrBytC,GAAOtgC,EAAQyhC,EAAK4B,GAAIxwC,EAAI,KAC5BytC,GAAOjgB,EAAKojB,EAASF,GAAIvjC,EAAQ6iC,KACjCA,EAAQA,EAAM/mC,SAAS+lC,IAMzB,GAAIgB,EAAM7xC,OAAQ,CAChBsvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAM0nC,EAAc,IAAI5xC,WAAWovC,IACnCwC,EAAYnxC,IAAI2vC,EAAO,GACvBwB,EAAYxB,EAAM7xC,QAAU,IAC5BsvC,GAAO+D,EAAarkC,GAEpBsgC,GAAOjgB,EAAKojB,EAASY,IAGvB,OAAOhkB,EA+EgExc,CAAKg/B,IAO5E,OADAxC,EAAGntC,IAAIgd,EAAKnd,GACLstC,EAIT,OAnJA,SAA+B3iB,EAAQjX,GACrC,MAAM69B,EAAa1zB,EAAM9f,KAAK8f,EAAM9N,UAAW4a,GACzC+E,EAAM,IAAI8hB,GAAQD,GAAY79B,GACpCg9B,EAAWhhB,EAAIF,QAAQltB,KAAKotB,GAC5BihB,EAAWjhB,EAAID,QAAQntB,KAAKotB,GAE5B,MAAM+hB,EAASf,EAAS1B,IAClB0C,EAASx6B,EAAK8D,OAAOy2B,GAC3B/C,EAAO,GACPA,EAAK,GAAKx3B,EAAK8D,OAAO02B,GAGtBhD,EAAK9kC,EAAI6nC,EACT/C,EAAK2C,EAAIK,EAfXC,CAAsBhnB,EAAQjX,GAqJvB,CAQL8b,QAASxxB,eAAegS,EAAWu+B,EAAOuB,GACxC,OAAOe,EAAMH,EAAU1gC,EAAWu+B,EAAOuB,IAU3CrgB,QAASzxB,eAAe8vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW7vC,OAASoxC,GAAW,MAAUtvC,MAAM,0BAEnD,MAAMod,EAAM2wB,EAAW/kC,UAAUsmC,IACjCvB,EAAaA,EAAW/kC,SAAS,GAAIsmC,IAErC,MAAMuC,EAAUf,EAAMF,EAAU7C,EAAYS,EAAOuB,GAEnD,GAAI54B,EAAKqD,iBAAiB4C,EAAKy0B,EAAQ7oC,UAAUsmC,KAC/C,OAAOuC,EAAQ7oC,SAAS,GAAIsmC,IAE9B,MAAUtvC,MAAM,gCAGtB,CAQA0wC,GAAIL,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGzvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIuwC,EAAWpyC,OAAQ6B,IACrCyuC,EAAM,EAAIzuC,IAAMuwC,EAAWvwC,GAE7B,OAAOyuC,CACT,EAEAkC,GAAI3B,YAAcA,GAClB2B,GAAIrB,SAAWA,GACfqB,GAAIpB,UAAYA,GC3QhB,MAAMwC,GAA0B,YACzB,MAAMC,GACTn1C,YAAY+W,EAAK66B,EAAOuB,EAAOiC,EAAU,GAAIriB,GACzC7yB,KAAKk1C,QAAUA,EACfl1C,KAAKm1C,OAAS,EACdn1C,KAAK4xC,QAAU,EACf5xC,KAAK6yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK5V,GAAW,EAAO,OACtD,IAAI8nB,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cAI7B,GAFAtI,EAAI8E,WAEA7tB,KAAKk1C,QAAU,GAAKl1C,KAAKk1C,QAAU,GACnC,MAAM,IAAIpkB,GAAqB,yBAEnC,MAAMskB,EAAW1D,EAAMtwC,QAAU,EAC3Bi0C,EAAW,IAAIxyC,WAAW,IACf,KAAbuyC,GACAp1C,KAAKs1C,iBAAiB5D,GACtB5oB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,IAAM,EACXA,EAAK,IAAMssB,IAAa,GACxBtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,EAAK,IAC9BtsB,EAAK,IAAOssB,GAAY,EAAK,IAC7BrsB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIwD,OAAO,EAAG,EAAG,EAAG,GACpB8oB,EAAS/xC,IAAIwlB,EAAK5c,SAAS,EAAG,OAG9BmpC,EAAS/xC,IAAIouC,GACb2D,EAAS,IAAM,GAEnB,MAAME,EAAY,IAAIlwB,SAASgwB,EAASpxC,QAKxC,GAJAjE,KAAKm1C,OAASI,EAAU5jB,UAAU,IAClC5I,EAAI6D,UAAU2oB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI,GACtF5I,EAAIkE,SAAS,EAAG,EAAG,EAAG,iBAERhsB,IAAVgyC,EAAqB,CACrB,GAAIA,EAAM7xC,OAAS4zC,GACf,MAAM,IAAIlkB,GAAqB,wBAC/BmiB,EAAM7xC,QACNpB,KAAKizC,MAAQA,EACbjzC,KAAKs1C,iBAAiBrC,IAGtBjzC,KAAKizC,WAAQhyC,OAIjBjB,KAAKizC,WAAQhyC,EAGjB,GAAIjB,KAAK4xC,QAAU,GAAK5xC,KAAK4xC,QAAU,WACnC,MAAM,IAAI4D,WAAW,6CACzBzsB,EAAIuE,YAAY,EAAG,EAAG,EAAIttB,KAAKm1C,OAASn1C,KAAK4xC,QAAW,GAE5DhqB,eAAe6tB,EAAW5+B,EAAK66B,EAAOuB,EAAOyC,GACzC,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS/iB,QAAQ8iB,GAE3D7tB,eAAeqpB,EAAYp6B,EAAK66B,EAAOuB,EAAOyC,GAC1C,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS9iB,QAAQqe,GAE3Dte,QAAQ5oB,GACJ,OAAO/J,KAAK21C,gBAAgB5rC,GAEhC6oB,QAAQ7oB,GACJ,OAAO/J,KAAK41C,gBAAgB7rC,GAEhC8rC,wBAAwB9rC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK3I,QAAU,GACtB2nB,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cACzBugB,EAAU5xC,KAAK4xC,QACfzuC,EAAMnD,KAAK6yB,IAAI1vB,IACf6M,EAAMhQ,KAAK6yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBE,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM/zC,EAAS,IAAIoB,WAAWsvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM3lB,EAAM6M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYxsB,EAAK6M,GAC5DogB,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYxsB,EAAKitB,GACrDA,GACA3uB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMitB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACJA,EAAOpgB,GACP7M,GAAOitB,EACPpgB,GAAOogB,IAGPjtB,EAAM,EACN6M,EAAM,GAMd,OAHAhQ,KAAK4xC,QAAUA,EACf5xC,KAAK6yB,IAAI1vB,IAAMA,EACfnD,KAAK6yB,IAAI7iB,IAAMA,EACRvO,EAEXq0C,yBACI,IAAI/sB,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cACzBugB,EAAU5xC,KAAK4xC,QACfsD,EAAUl1C,KAAKk1C,QACfjC,EAAQjzC,KAAKizC,MACb9vC,EAAMnD,KAAK6yB,IAAI1vB,IACf6M,EAAMhQ,KAAK6yB,IAAI7iB,IACnB,MAAMvO,EAAS,IAAIoB,WAAWmN,EAAMklC,GACpCnsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYxsB,EAAM6M,EAAM,IAAO,IAC/DA,GACAvO,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAM6M,IACxC,IAAI/M,EAAI+M,EACR,KAAW,GAAJ/M,EAAQA,IACX6lB,EAAK3lB,EAAMF,GAAK,EACpB8lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYxsB,EAAKF,GAClD,MAAM8yC,OAAiB90C,IAAVgyC,EAAsBA,EAAM7xC,OAAS,EAC5C40C,GAASpE,EAAU,GAAM,GAAK5hC,EAuBpC,OAtBA8Y,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGttB,KAAKm1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/CluB,EAAO6B,IAAIwlB,EAAK5c,SAAS,EAAGgpC,GAAUllC,GACtChQ,KAAK4xC,QAAU,EACf5xC,KAAK6yB,IAAI1vB,IAAM,EACfnD,KAAK6yB,IAAI7iB,IAAM,EACRvO,EAEXw0C,wBAAwBlsC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK3I,QAAU,GACtB2nB,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cACzBugB,EAAU5xC,KAAK4xC,QACfsD,EAAUl1C,KAAKk1C,QACf/xC,EAAMnD,KAAK6yB,IAAI1vB,IACf6M,EAAMhQ,KAAK6yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAOniB,EAAMkgB,EAAOglB,EAAWllC,EAAMkgB,EAAOglB,GAAY,GAAK,EAC7DgB,EAAOlmC,EAAMkgB,EAAOiC,EACpB/B,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM/zC,EAAS,IAAIoB,WAAWsvB,GAC9B,KAAOjC,EAAOgmB,GACV9lB,EAAOL,GAAYjH,EAAM3lB,EAAM6M,EAAKjG,EAAMkmB,EAAMC,EAAOgmB,GACvDlmC,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYxsB,EAAKitB,GACzDA,EAAOrH,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYxsB,EAAKitB,GACxDA,GACA3uB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMitB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACRjtB,EAAM,EACN6M,EAAM,EAQV,OANIkgB,EAAO,IACPlgB,GAAO+f,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,IAE5ClwB,KAAK4xC,QAAUA,EACf5xC,KAAK6yB,IAAI1vB,IAAMA,EACfnD,KAAK6yB,IAAI7iB,IAAMA,EACRvO,EAEX00C,yBACI,IAAIptB,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cACzB6jB,EAAUl1C,KAAKk1C,QACfjC,EAAQjzC,KAAKizC,MACbrB,EAAU5xC,KAAK4xC,QACfzuC,EAAMnD,KAAK6yB,IAAI1vB,IACf6M,EAAMhQ,KAAK6yB,IAAI7iB,IACfmiB,EAAOniB,EAAMklC,EACjB,GAAIllC,EAAMklC,EACN,MAAM,IAAItkB,GAAkB,gCAChC,MAAMnvB,EAAS,IAAIoB,WAAWsvB,GACxBikB,EAAO,IAAIvzC,WAAWimB,EAAK5c,SAAS/I,EAAMgvB,EAAMhvB,EAAM6M,IAC5D,IAAI/M,EAAIkvB,EACR,KAAW,GAAJlvB,EAAQA,IACX6lB,EAAK3lB,EAAMF,GAAK,EACpB8lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYxsB,EAAKF,GAClD8lB,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYxsB,EAAKF,GACjDkvB,GACA1wB,EAAO6B,IAAIwlB,EAAK5c,SAAS/I,EAAKA,EAAMgvB,IACxC,MAAM4jB,OAAiB90C,IAAVgyC,EAAsBA,EAAM7xC,OAAS,EAC5C40C,GAASpE,EAAU,GAAM,GAAK5hC,EAAMklC,EAC1CpsB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGttB,KAAKm1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/C,IAAI0mB,EAAS,EACb,IAAK,IAAIpzC,EAAI,EAAGA,EAAIiyC,IAAWjyC,EAC3BozC,GAAUD,EAAKnzC,GAAK6lB,EAAK7lB,GAC7B,GAAIozC,EACA,MAAM,IAAItlB,GAAc,+BAI5B,OAHA/wB,KAAK4xC,QAAU,EACf5xC,KAAK6yB,IAAI1vB,IAAM,EACfnD,KAAK6yB,IAAI7iB,IAAM,EACRvO,EAEXm0C,gBAAgB7rC,GACZ,MAAMC,EAAUhK,KAAKi2C,wBAAwBlsC,GACvCE,EAAUjK,KAAKm2C,yBACf10C,EAAS,IAAIoB,WAAWmH,EAAQ5I,OAAS6I,EAAQ7I,QAKvD,OAJI4I,EAAQ5I,QACRK,EAAO6B,IAAI0G,GACXC,EAAQ7I,QACRK,EAAO6B,IAAI2G,EAASD,EAAQ5I,QACzBK,EAEXk0C,gBAAgB5rC,GACZ,MAAMC,EAAUhK,KAAK61C,wBAAwB9rC,GACvCE,EAAUjK,KAAK81C,yBACfr0C,EAAS,IAAIoB,WAAWmH,EAAQ5I,OAAS6I,EAAQ7I,QAKvD,OAJI4I,EAAQ5I,QACRK,EAAO6B,IAAI0G,GACXC,EAAQ7I,QACRK,EAAO6B,IAAI2G,EAASD,EAAQ5I,QACzBK,EAEX6zC,iBAAiBvrC,GACb,IAAIgf,IAAEA,EAAGD,KAAEA,GAAS9oB,KAAK6yB,IAAIxB,cACzBpB,EAAO,EACPC,EAAOnmB,EAAK3I,QAAU,EACtBgvB,EAAO,EACX,KAAOF,EAAO,GAAG,CAIb,IAHAE,EAAOL,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,GACxCD,GAAQG,EACRF,GAAQE,EACM,GAAPA,GACHtH,EAAKsH,KAAU,EACnBrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAWS,KC3PxD,MAAMme,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAIdwzB,GAAY,GACZnC,GAAO,UAOblvC,eAAeuuB,GAAI5B,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUxQ,MAAM,qCAGlB,GAAImX,EAAKyE,gBACP,MAAO,CACL6T,QAASxxB,eAAe8uC,EAAI9e,EAAI8hB,EAAQ,IAAIpwC,YAC1C,MAAM+vC,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIzV,OAAc,OAAQyV,EAAKsa,GAClFyhB,EAAG0D,OAAOrD,GACV,MAAMxC,EAAKxxB,GAAOzY,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,QAASD,EAAG2D,eACxD,OAAO,IAAI1zC,WAAW4tC,IAGxB7d,QAASzxB,eAAesvC,EAAItf,EAAI8hB,EAAQ,IAAIpwC,YAC1C,MAAM2zC,EAAK,IAAIhI,GAAW4C,iBAAiB,OAAuB,EAAbv6B,EAAIzV,OAAc,OAAQyV,EAAKsa,GACpFqlB,EAAGF,OAAOrD,GACVuD,EAAGC,WAAWhG,EAAG/uC,MAAM+uC,EAAGrvC,OAASoxC,GAAW/B,EAAGrvC,SACjD,MAAM6uC,EAAKhxB,GAAOzY,OAAO,CAACgwC,EAAG9O,OAAO+I,EAAG/uC,MAAM,EAAG+uC,EAAGrvC,OAASoxC,KAAagE,EAAG3D,UAC5E,OAAO,IAAIhwC,WAAWotC,KAK5B,GAAI51B,EAAKoE,gBAAiC,KAAf5H,EAAIzV,OAAe,CAC5C,MAAMkvC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,KAAQ,EAAO,CAAC,UAAW,YAEtF,MAAO,CACL1d,QAASxxB,eAAe8uC,EAAI9e,EAAI8hB,EAAQ,IAAIpwC,YAC1C,IAAKotC,EAAG7uC,OACN,OAAO6zC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,GAEtC,MAAMxC,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAML,GAC9G,OAAO,IAAIptC,WAAW4tC,IAGxB7d,QAASzxB,eAAesvC,EAAItf,EAAI8hB,EAAQ,IAAIpwC,YAC1C,GAAI4tC,EAAGrvC,SAAWoxC,GAChB,OAAOyC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,GAEtC,MAAMhD,QAAW1B,GAAU3b,QAAQ,CAAEznB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAMG,GAC9G,OAAO,IAAI5tC,WAAWotC,KAK5B,MAAO,CACLtd,QAASxxB,eAAe8uC,EAAI9e,EAAI8hB,GAC9B,OAAOgC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,IAGtCrgB,QAASzxB,eAAesvC,EAAItf,EAAI8hB,GAC9B,OAAOgC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,IAG1C,CAWAvjB,GAAI6jB,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGzvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIuwC,EAAWpyC,OAAQ6B,IACrCyuC,EAAM,EAAIzuC,IAAMuwC,EAAWvwC,GAE7B,OAAOyuC,CACT,EAEAhiB,GAAIuiB,YAtFgB,GAuFpBviB,GAAI6iB,SAtFa,GAuFjB7iB,GAAI8iB,UAAYA,GC7GhB,OAAe,CAEb5B,IAAKA,GAEL+F,IAAKA,GACL9hC,gBAAiB8hC,GAEjBhiC,IAAKA,GAELC,IAAKA,wBClBP,SAAUgiC,GASV,IAAIC,EAAK,SAASvc,GAChB,IAAIr3B,EAAG2K,EAAI,IAAIkpC,aAAa,IAC5B,GAAIxc,EAAM,IAAKr3B,EAAI,EAAGA,EAAIq3B,EAAKl5B,OAAQ6B,IAAK2K,EAAE3K,GAAKq3B,EAAKr3B,GACxD,OAAO2K,CACT,EAGImpC,EAAc,WAAuB,MAAU7zC,MAAM,YAErD8zC,EAAK,IAAIn0C,WAAW,IAAKm0C,EAAG,GAAK,EAErC,IAAIC,EAAMJ,IACNK,EAAML,EAAG,CAAC,IACVM,EAAUN,EAAG,CAAC,MAAQ,IACtBzJ,EAAIyJ,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIO,EAAKP,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIQ,EAAIR,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIS,EAAIT,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChI5f,EAAI4f,EAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAQpI,SAASU,EAAiBxqC,EAAGyqC,EAAIrpC,EAAGspC,GAClC,OAPF,SAAY1qC,EAAGyqC,EAAIrpC,EAAGspC,EAAIprC,GACxB,IAAIpJ,EAAEylB,EAAI,EACV,IAAKzlB,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAKylB,GAAK3b,EAAEyqC,EAAGv0C,GAAGkL,EAAEspC,EAAGx0C,GAC1C,OAAQ,EAAMylB,EAAI,IAAO,GAAM,CACjC,CAGSgvB,CAAG3qC,EAAEyqC,EAAGrpC,EAAEspC,EAAG,GACtB,CAEA,SAASE,EAAS/pC,EAAGU,GACnB,IAAIrL,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2K,EAAE3K,GAAU,EAALqL,EAAErL,EACpC,CAEA,SAAS20C,EAASC,GAChB,IAAI50C,EAAG60C,EAAGz7B,EAAI,EACd,IAAKpZ,EAAI,EAAGA,EAAI,GAAIA,IAClB60C,EAAID,EAAE50C,GAAKoZ,EAAI,MACfA,EAAI1Q,KAAKsP,MAAM68B,EAAI,OACnBD,EAAE50C,GAAK60C,EAAQ,MAAJz7B,EAEbw7B,EAAE,IAAMx7B,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAAS07B,EAAS1lB,EAAG9jB,EAAGL,GAEtB,IADA,IAAIgQ,EAAG7B,IAAMnO,EAAE,GACNjL,EAAI,EAAGA,EAAI,GAAIA,IACtBib,EAAI7B,GAAKgW,EAAEpvB,GAAKsL,EAAEtL,IAClBovB,EAAEpvB,IAAMib,EACR3P,EAAEtL,IAAMib,CAEZ,CAEA,SAAS85B,EAAUH,EAAGxrC,GACpB,IAAIpJ,EAAG2Z,EAAG1O,EACNb,EAAIwpC,IAAM34B,EAAI24B,IAClB,IAAK5zC,EAAI,EAAGA,EAAI,GAAIA,IAAKib,EAAEjb,GAAKoJ,EAAEpJ,GAIlC,IAHA20C,EAAS15B,GACT05B,EAAS15B,GACT05B,EAAS15B,GACJtB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAvP,EAAE,GAAK6Q,EAAE,GAAK,MACTjb,EAAI,EAAGA,EAAI,GAAIA,IAClBoK,EAAEpK,GAAKib,EAAEjb,GAAK,OAAWoK,EAAEpK,EAAE,IAAI,GAAM,GACvCoK,EAAEpK,EAAE,IAAM,MAEZoK,EAAE,IAAM6Q,EAAE,IAAM,OAAW7Q,EAAE,KAAK,GAAM,GACxCa,EAAKb,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACT0qC,EAAS75B,EAAG7Q,EAAG,EAAEa,GAEnB,IAAKjL,EAAI,EAAGA,EAAI,GAAIA,IAClB40C,EAAE,EAAE50C,GAAY,IAAPib,EAAEjb,GACX40C,EAAE,EAAE50C,EAAE,GAAKib,EAAEjb,IAAI,CAErB,CAEA,SAASg1C,EAAS3pC,EAAGJ,GACnB,IAAImO,EAAI,IAAIxZ,WAAW,IAAK6lB,EAAI,IAAI7lB,WAAW,IAG/C,OAFAm1C,EAAU37B,EAAG/N,GACb0pC,EAAUtvB,EAAGxa,GACNqpC,EAAiBl7B,EAAG,EAAGqM,EAAG,EACnC,CAEA,SAASwvB,EAAS5pC,GAChB,IAAIoa,EAAI,IAAI7lB,WAAW,IAEvB,OADAm1C,EAAUtvB,EAAGpa,GACC,EAAPoa,EAAE,EACX,CAEA,SAASyvB,EAAYN,EAAGxrC,GACtB,IAAIpJ,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK40C,EAAE50C,GAAKoJ,EAAE,EAAEpJ,IAAMoJ,EAAE,EAAEpJ,EAAE,IAAM,GACtD40C,EAAE,KAAO,KACX,CAEA,SAAS3K,EAAE2K,EAAGvpC,EAAGJ,GACf,IAAK,IAAIjL,EAAI,EAAGA,EAAI,GAAIA,IAAK40C,EAAE50C,GAAKqL,EAAErL,GAAKiL,EAAEjL,EAC/C,CAEA,SAASm1C,EAAEP,EAAGvpC,EAAGJ,GACf,IAAK,IAAIjL,EAAI,EAAGA,EAAI,GAAIA,IAAK40C,EAAE50C,GAAKqL,EAAErL,GAAKiL,EAAEjL,EAC/C,CAEA,SAASo1C,EAAER,EAAGvpC,EAAGJ,GACf,IAAI4pC,EAAGz7B,EACJknB,EAAK,EAAI1Y,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIyY,EAAK,EAAIwB,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEoT,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK3rC,EAAE,GACP4rC,EAAK5rC,EAAE,GACP6rC,EAAK7rC,EAAE,GACP8rC,EAAK9rC,EAAE,GACP+rC,EAAK/rC,EAAE,GACPgsC,EAAKhsC,EAAE,GACPisC,EAAKjsC,EAAE,GACPksC,EAAKlsC,EAAE,GACPmsC,EAAKnsC,EAAE,GACPosC,EAAKpsC,EAAE,GACPqsC,EAAMrsC,EAAE,IACRssC,EAAMtsC,EAAE,IACRusC,EAAMvsC,EAAE,IACRwsC,EAAMxsC,EAAE,IACRysC,EAAMzsC,EAAE,IACR0sC,EAAM1sC,EAAE,IAGVq1B,IADAuU,EAAIxpC,EAAE,IACIurC,EACVhvB,GAAMitB,EAAIgC,EACVhvB,GAAMgtB,EAAIiC,EACVhvB,GAAM+sB,EAAIkC,EACVxW,GAAMsU,EAAImC,EACVjV,GAAM8S,EAAIoC,EACVjV,GAAM6S,EAAIqC,EACVjV,GAAM4S,EAAIsC,EACV9B,GAAMR,EAAIuC,EACV9B,GAAMT,EAAIwC,EACV9B,GAAOV,EAAIyC,EACX9B,GAAOX,EAAI0C,EACX9B,GAAOZ,EAAI2C,EACX9B,GAAOb,EAAI4C,EACX9B,GAAOd,EAAI6C,EACX9B,GAAOf,EAAI8C,EAEX/vB,IADAitB,EAAIxpC,EAAE,IACIurC,EACV/uB,GAAMgtB,EAAIgC,EACV/uB,GAAM+sB,EAAIiC,EACVvW,GAAMsU,EAAIkC,EACVhV,GAAM8S,EAAImC,EACVhV,GAAM6S,EAAIoC,EACVhV,GAAM4S,EAAIqC,EACV7B,GAAMR,EAAIsC,EACV7B,GAAMT,EAAIuC,EACV7B,GAAOV,EAAIwC,EACX7B,GAAOX,EAAIyC,EACX7B,GAAOZ,EAAI0C,EACX7B,GAAOb,EAAI2C,EACX7B,GAAOd,EAAI4C,EACX7B,GAAOf,EAAI6C,EACX7B,GAAOhB,EAAI8C,EAEX9vB,IADAgtB,EAAIxpC,EAAE,IACIurC,EACV9uB,GAAM+sB,EAAIgC,EACVtW,GAAMsU,EAAIiC,EACV/U,GAAM8S,EAAIkC,EACV/U,GAAM6S,EAAImC,EACV/U,GAAM4S,EAAIoC,EACV5B,GAAMR,EAAIqC,EACV5B,GAAMT,EAAIsC,EACV5B,GAAOV,EAAIuC,EACX5B,GAAOX,EAAIwC,EACX5B,GAAOZ,EAAIyC,EACX5B,GAAOb,EAAI0C,EACX5B,GAAOd,EAAI2C,EACX5B,GAAOf,EAAI4C,EACX5B,GAAOhB,EAAI6C,EACX5B,GAAOjB,EAAI8C,EAEX7vB,IADA+sB,EAAIxpC,EAAE,IACIurC,EACVrW,GAAMsU,EAAIgC,EACV9U,GAAM8S,EAAIiC,EACV9U,GAAM6S,EAAIkC,EACV9U,GAAM4S,EAAImC,EACV3B,GAAMR,EAAIoC,EACV3B,GAAMT,EAAIqC,EACV3B,GAAOV,EAAIsC,EACX3B,GAAOX,EAAIuC,EACX3B,GAAOZ,EAAIwC,EACX3B,GAAOb,EAAIyC,EACX3B,GAAOd,EAAI0C,EACX3B,GAAOf,EAAI2C,EACX3B,GAAOhB,EAAI4C,EACX3B,GAAOjB,EAAI6C,EACX3B,GAAOlB,EAAI8C,EAEXpX,IADAsU,EAAIxpC,EAAE,IACIurC,EACV7U,GAAM8S,EAAIgC,EACV7U,GAAM6S,EAAIiC,EACV7U,GAAM4S,EAAIkC,EACV1B,GAAMR,EAAImC,EACV1B,GAAMT,EAAIoC,EACV1B,GAAOV,EAAIqC,EACX1B,GAAOX,EAAIsC,EACX1B,GAAOZ,EAAIuC,EACX1B,GAAOb,EAAIwC,EACX1B,GAAOd,EAAIyC,EACX1B,GAAOf,EAAI0C,EACX1B,GAAOhB,EAAI2C,EACX1B,GAAOjB,EAAI4C,EACX1B,GAAOlB,EAAI6C,EACX1B,GAAOnB,EAAI8C,EAEX5V,IADA8S,EAAIxpC,EAAE,IACIurC,EACV5U,GAAM6S,EAAIgC,EACV5U,GAAM4S,EAAIiC,EACVzB,GAAMR,EAAIkC,EACVzB,GAAMT,EAAImC,EACVzB,GAAOV,EAAIoC,EACXzB,GAAOX,EAAIqC,EACXzB,GAAOZ,EAAIsC,EACXzB,GAAOb,EAAIuC,EACXzB,GAAOd,EAAIwC,EACXzB,GAAOf,EAAIyC,EACXzB,GAAOhB,EAAI0C,EACXzB,GAAOjB,EAAI2C,EACXzB,GAAOlB,EAAI4C,EACXzB,GAAOnB,EAAI6C,EACXzB,GAAOpB,EAAI8C,EAEX3V,IADA6S,EAAIxpC,EAAE,IACIurC,EACV3U,GAAM4S,EAAIgC,EACVxB,GAAMR,EAAIiC,EACVxB,GAAMT,EAAIkC,EACVxB,GAAOV,EAAImC,EACXxB,GAAOX,EAAIoC,EACXxB,GAAOZ,EAAIqC,EACXxB,GAAOb,EAAIsC,EACXxB,GAAOd,EAAIuC,EACXxB,GAAOf,EAAIwC,EACXxB,GAAOhB,EAAIyC,EACXxB,GAAOjB,EAAI0C,EACXxB,GAAOlB,EAAI2C,EACXxB,GAAOnB,EAAI4C,EACXxB,GAAOpB,EAAI6C,EACXxB,GAAOrB,EAAI8C,EAEX1V,IADA4S,EAAIxpC,EAAE,IACIurC,EACVvB,GAAMR,EAAIgC,EACVvB,GAAMT,EAAIiC,EACVvB,GAAOV,EAAIkC,EACXvB,GAAOX,EAAImC,EACXvB,GAAOZ,EAAIoC,EACXvB,GAAOb,EAAIqC,EACXvB,GAAOd,EAAIsC,EACXvB,GAAOf,EAAIuC,EACXvB,GAAOhB,EAAIwC,EACXvB,GAAOjB,EAAIyC,EACXvB,GAAOlB,EAAI0C,EACXvB,GAAOnB,EAAI2C,EACXvB,GAAOpB,EAAI4C,EACXvB,GAAOrB,EAAI6C,EACXvB,GAAOtB,EAAI8C,EAEXtC,IADAR,EAAIxpC,EAAE,IACIurC,EACVtB,GAAMT,EAAIgC,EACVtB,GAAOV,EAAIiC,EACXtB,GAAOX,EAAIkC,EACXtB,GAAOZ,EAAImC,EACXtB,GAAOb,EAAIoC,EACXtB,GAAOd,EAAIqC,EACXtB,GAAOf,EAAIsC,EACXtB,GAAOhB,EAAIuC,EACXtB,GAAOjB,EAAIwC,EACXtB,GAAOlB,EAAIyC,EACXtB,GAAOnB,EAAI0C,EACXtB,GAAOpB,EAAI2C,EACXtB,GAAOrB,EAAI4C,EACXtB,GAAOtB,EAAI6C,EACXtB,GAAOvB,EAAI8C,EAEXrC,IADAT,EAAIxpC,EAAE,IACIurC,EACVrB,GAAOV,EAAIgC,EACXrB,GAAOX,EAAIiC,EACXrB,GAAOZ,EAAIkC,EACXrB,GAAOb,EAAImC,EACXrB,GAAOd,EAAIoC,EACXrB,GAAOf,EAAIqC,EACXrB,GAAOhB,EAAIsC,EACXrB,GAAOjB,EAAIuC,EACXrB,GAAOlB,EAAIwC,EACXrB,GAAOnB,EAAIyC,EACXrB,GAAOpB,EAAI0C,EACXrB,GAAOrB,EAAI2C,EACXrB,GAAOtB,EAAI4C,EACXrB,GAAOvB,EAAI6C,EACXrB,GAAOxB,EAAI8C,EAEXpC,IADAV,EAAIxpC,EAAE,KACKurC,EACXpB,GAAOX,EAAIgC,EACXpB,GAAOZ,EAAIiC,EACXpB,GAAOb,EAAIkC,EACXpB,GAAOd,EAAImC,EACXpB,GAAOf,EAAIoC,EACXpB,GAAOhB,EAAIqC,EACXpB,GAAOjB,EAAIsC,EACXpB,GAAOlB,EAAIuC,EACXpB,GAAOnB,EAAIwC,EACXpB,GAAOpB,EAAIyC,EACXpB,GAAOrB,EAAI0C,EACXpB,GAAOtB,EAAI2C,EACXpB,GAAOvB,EAAI4C,EACXpB,GAAOxB,EAAI6C,EACXpB,GAAOzB,EAAI8C,EAEXnC,IADAX,EAAIxpC,EAAE,KACKurC,EACXnB,GAAOZ,EAAIgC,EACXnB,GAAOb,EAAIiC,EACXnB,GAAOd,EAAIkC,EACXnB,GAAOf,EAAImC,EACXnB,GAAOhB,EAAIoC,EACXnB,GAAOjB,EAAIqC,EACXnB,GAAOlB,EAAIsC,EACXnB,GAAOnB,EAAIuC,EACXnB,GAAOpB,EAAIwC,EACXnB,GAAOrB,EAAIyC,EACXnB,GAAOtB,EAAI0C,EACXnB,GAAOvB,EAAI2C,EACXnB,GAAOxB,EAAI4C,EACXnB,GAAOzB,EAAI6C,EACXnB,GAAO1B,EAAI8C,EAEXlC,IADAZ,EAAIxpC,EAAE,KACKurC,EACXlB,GAAOb,EAAIgC,EACXlB,GAAOd,EAAIiC,EACXlB,GAAOf,EAAIkC,EACXlB,GAAOhB,EAAImC,EACXlB,GAAOjB,EAAIoC,EACXlB,GAAOlB,EAAIqC,EACXlB,GAAOnB,EAAIsC,EACXlB,GAAOpB,EAAIuC,EACXlB,GAAOrB,EAAIwC,EACXlB,GAAOtB,EAAIyC,EACXlB,GAAOvB,EAAI0C,EACXlB,GAAOxB,EAAI2C,EACXlB,GAAOzB,EAAI4C,EACXlB,GAAO1B,EAAI6C,EACXlB,GAAO3B,EAAI8C,EAEXjC,IADAb,EAAIxpC,EAAE,KACKurC,EACXjB,GAAOd,EAAIgC,EACXjB,GAAOf,EAAIiC,EACXjB,GAAOhB,EAAIkC,EACXjB,GAAOjB,EAAImC,EACXjB,GAAOlB,EAAIoC,EACXjB,GAAOnB,EAAIqC,EACXjB,GAAOpB,EAAIsC,EACXjB,GAAOrB,EAAIuC,EACXjB,GAAOtB,EAAIwC,EACXjB,GAAOvB,EAAIyC,EACXjB,GAAOxB,EAAI0C,EACXjB,GAAOzB,EAAI2C,EACXjB,GAAO1B,EAAI4C,EACXjB,GAAO3B,EAAI6C,EACXjB,GAAO5B,EAAI8C,EAEXhC,IADAd,EAAIxpC,EAAE,KACKurC,EACXhB,GAAOf,EAAIgC,EACXhB,GAAOhB,EAAIiC,EACXhB,GAAOjB,EAAIkC,EACXhB,GAAOlB,EAAImC,EACXhB,GAAOnB,EAAIoC,EACXhB,GAAOpB,EAAIqC,EACXhB,GAAOrB,EAAIsC,EACXhB,GAAOtB,EAAIuC,EACXhB,GAAOvB,EAAIwC,EACXhB,GAAOxB,EAAIyC,EACXhB,GAAOzB,EAAI0C,EACXhB,GAAO1B,EAAI2C,EACXhB,GAAO3B,EAAI4C,EACXhB,GAAO5B,EAAI6C,EACXhB,GAAO7B,EAAI8C,EAEX/B,IADAf,EAAIxpC,EAAE,KACKurC,EAkBXhvB,GAAO,IAhBPkuB,GAAOjB,EAAIiC,GAiBXjvB,GAAO,IAhBPkuB,GAAOlB,EAAIkC,GAiBXjvB,GAAO,IAhBPkuB,GAAOnB,EAAImC,GAiBXzW,GAAO,IAhBP0V,GAAOpB,EAAIoC,GAiBXlV,GAAO,IAhBPmU,GAAOrB,EAAIqC,GAiBXlV,GAAO,IAhBPmU,GAAOtB,EAAIsC,GAiBXlV,GAAO,IAhBPmU,GAAOvB,EAAIuC,GAiBX/B,GAAO,IAhBPgB,GAAOxB,EAAIwC,GAiBX/B,GAAO,IAhBPgB,GAAOzB,EAAIyC,GAiBX/B,GAAO,IAhBPgB,GAAO1B,EAAI0C,GAiBX/B,GAAO,IAhBPgB,GAAO3B,EAAI2C,GAiBX/B,GAAO,IAhBPgB,GAAO5B,EAAI4C,GAiBX/B,GAAO,IAhBPgB,GAAO7B,EAAI6C,GAiBX/B,GAAO,IAhBPgB,GAAO9B,EAAI8C,GAqBsCrX,GAAjDuU,GAnBAvU,GAAO,IAhBPuV,GAAOhB,EAAIgC,KAkCXz9B,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QAKSvU,GAAjDuU,GAJAvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACxCvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,GAEpBw7B,EAAG,GAAKtU,EACRsU,EAAG,GAAKhtB,EACRgtB,EAAG,GAAK/sB,EACR+sB,EAAG,GAAK9sB,EACR8sB,EAAG,GAAKrU,EACRqU,EAAG,GAAK7S,EACR6S,EAAG,GAAK5S,EACR4S,EAAG,GAAK3S,EACR2S,EAAG,GAAKS,EACRT,EAAG,GAAKU,EACRV,EAAE,IAAMW,EACRX,EAAE,IAAMY,EACRZ,EAAE,IAAMa,EACRb,EAAE,IAAMc,EACRd,EAAE,IAAMe,EACRf,EAAE,IAAMgB,CACV,CAEA,SAASnF,EAAEmE,EAAGvpC,GACZ+pC,EAAER,EAAGvpC,EAAGA,EACV,CAEA,SAASusC,EAAShD,EAAG50C,GACnB,IACIqL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKrL,EAAEqL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAiB,IAANA,GAAS+pC,EAAEh8B,EAAGA,EAAGpZ,GAEjC,IAAKqL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CAaA,SAASwsC,EAAkBvsC,EAAGlC,EAAGgmB,GAC/B,IAC8BzkB,EAAG3K,EAD7BklC,EAAI,IAAItlC,WAAW,IACnBkK,EAAI,IAAI+pC,aAAa,IACrBxoC,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IAC5B,IAAK5zC,EAAI,EAAGA,EAAI,GAAIA,IAAKklC,EAAEllC,GAAKoJ,EAAEpJ,GAIlC,IAHAklC,EAAE,IAAW,IAAN97B,EAAE,IAAS,GAClB87B,EAAE,IAAI,IACNgQ,EAAYprC,EAAEslB,GACTpvB,EAAI,EAAGA,EAAI,GAAIA,IAClBiL,EAAEjL,GAAG8J,EAAE9J,GACPylB,EAAEzlB,GAAGqL,EAAErL,GAAGoZ,EAAEpZ,GAAG,EAGjB,IADAqL,EAAE,GAAGoa,EAAE,GAAG,EACLzlB,EAAE,IAAKA,GAAG,IAAKA,EAElB80C,EAASzpC,EAAEJ,EADXN,EAAGu6B,EAAEllC,IAAI,MAAQ,EAAFA,GAAM,GAErB80C,EAAS17B,EAAEqM,EAAE9a,GACbs/B,EAAE7oC,EAAEiK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACN6wB,EAAE7wB,EAAEnO,EAAEwa,GACN0vB,EAAElqC,EAAEA,EAAEwa,GACNgrB,EAAEhrB,EAAErkB,GACJqvC,EAAE/O,EAAEr2B,GACJ+pC,EAAE/pC,EAAE+N,EAAE/N,GACN+pC,EAAEh8B,EAAEnO,EAAE7J,GACN6oC,EAAE7oC,EAAEiK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACNq3B,EAAExlC,EAAEI,GACJ8pC,EAAE/7B,EAAEqM,EAAEic,GACN0T,EAAE/pC,EAAE+N,EAAE86B,GACNjK,EAAE5+B,EAAEA,EAAEoa,GACN2vB,EAAEh8B,EAAEA,EAAE/N,GACN+pC,EAAE/pC,EAAEoa,EAAEic,GACN0T,EAAE3vB,EAAExa,EAAEnB,GACN2mC,EAAExlC,EAAE7J,GACJ0zC,EAASzpC,EAAEJ,EAAEN,GACbmqC,EAAS17B,EAAEqM,EAAE9a,GAEf,IAAK3K,EAAI,EAAGA,EAAI,GAAIA,IAClB8J,EAAE9J,EAAE,IAAIqL,EAAErL,GACV8J,EAAE9J,EAAE,IAAIoZ,EAAEpZ,GACV8J,EAAE9J,EAAE,IAAIiL,EAAEjL,GACV8J,EAAE9J,EAAE,IAAIylB,EAAEzlB,GAEZ,IAAI83C,EAAMhuC,EAAEb,SAAS,IACjB8uC,EAAMjuC,EAAEb,SAAS,IAIrB,OAHA2uC,EAASE,EAAIA,GACb1C,EAAE2C,EAAIA,EAAID,GACV/C,EAAUzpC,EAAEysC,GACL,CACT,CAEA,SAASC,EAAuB1sC,EAAGlC,GACjC,OAAOyuC,EAAkBvsC,EAAGlC,EAAG2qC,EACjC,CAOA,SAAS/wC,EAAIosB,EAAG9jB,GACd,IAAID,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IACxBjS,EAAIiS,IAAMz6B,EAAIy6B,IAAM34B,EAAI24B,IAE5BuB,EAAE9pC,EAAG+jB,EAAE,GAAIA,EAAE,IACb+lB,EAAEl6B,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAE/pC,EAAGA,EAAG4P,GACRgvB,EAAEh/B,EAAGmkB,EAAE,GAAIA,EAAE,IACb6a,EAAEhvB,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAEnqC,EAAGA,EAAGgQ,GACRm6B,EAAEh8B,EAAGgW,EAAE,GAAI9jB,EAAE,IACb8pC,EAAEh8B,EAAGA,EAAG+6B,GACRiB,EAAE3vB,EAAG2J,EAAE,GAAI9jB,EAAE,IACb2+B,EAAExkB,EAAGA,EAAGA,GACR0vB,EAAE/zC,EAAG6J,EAAGI,GACR8pC,EAAEzT,EAAGjc,EAAGrM,GACR6wB,EAAEtI,EAAGlc,EAAGrM,GACR6wB,EAAE9wB,EAAGlO,EAAGI,GAER+pC,EAAEhmB,EAAE,GAAIhuB,EAAGsgC,GACX0T,EAAEhmB,EAAE,GAAIjW,EAAGwoB,GACXyT,EAAEhmB,EAAE,GAAIuS,EAAGD,GACX0T,EAAEhmB,EAAE,GAAIhuB,EAAG+X,EACb,CAEA,SAAS8+B,EAAM7oB,EAAG9jB,EAAGL,GACnB,IAAIjL,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB80C,EAAS1lB,EAAEpvB,GAAIsL,EAAEtL,GAAIiL,EAEzB,CAEA,SAASitC,EAAKvtC,EAAGykB,GACf,IAAI+oB,EAAKvE,IAAMwE,EAAKxE,IAAMyE,EAAKzE,IAC/BgE,EAASS,EAAIjpB,EAAE,IACfgmB,EAAE+C,EAAI/oB,EAAE,GAAIipB,GACZjD,EAAEgD,EAAIhpB,EAAE,GAAIipB,GACZtD,EAAUpqC,EAAGytC,GACbztC,EAAE,KAAOsqC,EAASkD,IAAO,CAC3B,CAEA,SAASG,EAAWlpB,EAAG9jB,EAAGuP,GACxB,IAAI5P,EAAGjL,EAKP,IAJA00C,EAAStlB,EAAE,GAAI4kB,GACfU,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI4kB,GACVh0C,EAAI,IAAKA,GAAK,IAAKA,EAEtBi4C,EAAM7oB,EAAG9jB,EADTL,EAAK4P,EAAG7a,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BgD,EAAIsI,EAAG8jB,GACPpsB,EAAIosB,EAAGA,GACP6oB,EAAM7oB,EAAG9jB,EAAGL,EAEhB,CAEA,SAASstC,EAAWnpB,EAAGvU,GACrB,IAAIvP,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAC3Bc,EAASppC,EAAE,GAAI8oC,GACfM,EAASppC,EAAE,GAAI+oC,GACfK,EAASppC,EAAE,GAAI2oC,GACfmB,EAAE9pC,EAAE,GAAI8oC,EAAGC,GACXiE,EAAWlpB,EAAG9jB,EAAGuP,EACnB,CAEA,SAAS29B,EAAoBC,EAAIC,EAAIC,GACnC,IAAIlzB,EAEAzlB,EADAovB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KAY3B,IATK+E,GAAQ7E,EAAY4E,EAAI,KAC7BjzB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8yB,EAAWnpB,EAAG3J,GACdyyB,EAAKO,EAAIrpB,GAEJpvB,EAAI,EAAGA,EAAI,GAAIA,IAAK04C,EAAG14C,EAAE,IAAMy4C,EAAGz4C,GACvC,OAAO,CACT,CAEA,IAAI44C,EAAI,IAAI/E,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgF,EAAKluC,EAAGb,GACf,IAAIg6B,EAAO9jC,EAAG2Z,EAAGV,EACjB,IAAKjZ,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADA8jC,EAAQ,EACHnqB,EAAI3Z,EAAI,GAAIiZ,EAAIjZ,EAAI,GAAI2Z,EAAIV,IAAKU,EACpC7P,EAAE6P,IAAMmqB,EAAQ,GAAKh6B,EAAE9J,GAAK44C,EAAEj/B,GAAK3Z,EAAI,KACvC8jC,EAAQp7B,KAAKsP,OAAOlO,EAAE6P,GAAK,KAAO,KAClC7P,EAAE6P,IAAc,IAARmqB,EAEVh6B,EAAE6P,IAAMmqB,EACRh6B,EAAE9J,GAAK,EAGT,IADA8jC,EAAQ,EACHnqB,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE6P,IAAMmqB,GAASh6B,EAAE,KAAO,GAAK8uC,EAAEj/B,GACjCmqB,EAAQh6B,EAAE6P,IAAM,EAChB7P,EAAE6P,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK7P,EAAE6P,IAAMmqB,EAAQ8U,EAAEj/B,GAC3C,IAAK3Z,EAAI,EAAGA,EAAI,GAAIA,IAClB8J,EAAE9J,EAAE,IAAM8J,EAAE9J,IAAM,EAClB2K,EAAE3K,GAAY,IAAP8J,EAAE9J,EAEb,CAEA,SAASutB,EAAO5iB,GACd,IAA8B3K,EAA1B8J,EAAI,IAAI+pC,aAAa,IACzB,IAAK7zC,EAAI,EAAGA,EAAI,GAAIA,IAAK8J,EAAE9J,GAAK2K,EAAE3K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2K,EAAE3K,GAAK,EAChC64C,EAAKluC,EAAGb,EACV,CAsCA,SAASgvC,EAAUnuC,EAAGykB,GACpB,IAAInU,EAAI24B,IAAMmF,EAAMnF,IAAM3P,EAAM2P,IAC5BoF,EAAMpF,IAAMqF,EAAOrF,IAAMsF,EAAOtF,IAChCuF,EAAOvF,IA2BX,OAzBAc,EAAS/pC,EAAE,GAAIspC,GACfiB,EAAYvqC,EAAE,GAAIykB,GAClBqhB,EAAExM,EAAKt5B,EAAE,IACTyqC,EAAE4D,EAAK/U,EAAKkG,GACZgL,EAAElR,EAAKA,EAAKt5B,EAAE,IACds/B,EAAE+O,EAAKruC,EAAE,GAAIquC,GAEbvI,EAAEwI,EAAMD,GACRvI,EAAEyI,EAAMD,GACR7D,EAAE+D,EAAMD,EAAMD,GACd7D,EAAEn6B,EAAGk+B,EAAMlV,GACXmR,EAAEn6B,EAAGA,EAAG+9B,GAnPV,SAAiBpE,EAAG50C,GAClB,IACIqL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKrL,EAAEqL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAS+pC,EAAEh8B,EAAGA,EAAGpZ,GAExB,IAAKqL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CA4OE+tC,CAAQn+B,EAAGA,GACXm6B,EAAEn6B,EAAGA,EAAGgpB,GACRmR,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEzqC,EAAE,GAAIsQ,EAAG+9B,GAEXvI,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAMmR,EAAEzqC,EAAE,GAAIA,EAAE,GAAIqpB,GAEtCyc,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAc,GAE5BgR,EAAStqC,EAAE,MAASykB,EAAE,KAAK,GAAI+lB,EAAExqC,EAAE,GAAIqpC,EAAKrpC,EAAE,IAElDyqC,EAAEzqC,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAII0uC,EAAoB,GAKxB,SAASC,IACP,IAAK,IAAIt5C,EAAI,EAAGA,EAAIu5C,UAAUp7C,OAAQ6B,IACpC,KAAMu5C,UAAUv5C,aAAcJ,YAC5B,MAAM,IAAIivB,UAAU,kCAE1B,CAEA,SAAS2qB,EAAQC,GACf,IAAK,IAAIz5C,EAAI,EAAGA,EAAIy5C,EAAIt7C,OAAQ6B,IAAKy5C,EAAIz5C,GAAK,CAChD,CAEA2zC,EAAK+F,WAAa,SAAStwC,EAAGgmB,GAE5B,GADAkqB,EAAgBlwC,EAAGgmB,GApBe,KAqB9BhmB,EAAEjL,OAA0C,MAAU8B,MAAM,cAChE,GAvB4B,KAuBxBmvB,EAAEjxB,OAAoC,MAAU8B,MAAM,cAC1D,IAAIqL,EAAI,IAAI1L,WAxBgB,IA0B5B,OADAi4C,EAAkBvsC,EAAGlC,EAAGgmB,GACjB9jB,CACT,EAEAqoC,EAAKgG,IAAM,GAEXhG,EAAKgG,IAAIC,QAAU,WACjB,IAnQ0B1uC,EAAGpB,EAmQzB2uC,EAAK,IAAI74C,WA9BiB,IA+B1B84C,EAAK,IAAI94C,WA9BiB,IAgC9B,OAtQ0BsL,EAqQPutC,EApQnB3E,EAD6BhqC,EAqQN4uC,EApQR,IACRV,EAAuB9sC,EAAGpB,GAoQ1B,CAACoF,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKgG,IAAIC,QAAQC,cAAgB,SAAS3nC,GAExC,GADAonC,EAAgBpnC,GApCc,KAqC1BA,EAAU/T,OACZ,MAAU8B,MAAM,uBAClB,IAAIw4C,EAAK,IAAI74C,WAxCiB,IA0C9B,OADAo4C,EAAuBS,EAAIvmC,GACpB,CAAChD,UAAWupC,EAAIvmC,UAAW,IAAItS,WAAWsS,GACnD,EAEAyhC,EAAKmG,KAAO,SAASzX,EAAKnwB,GAExB,GADAonC,EAAgBjX,EAAKnwB,GA1CU,KA2C3BA,EAAU/T,OACZ,MAAU8B,MAAM,uBAClB,IAAI85C,EAAY,IAAIn6C,WAAWy5C,EAAkBhX,EAAIlkC,QAErD,OA5JF,SAAqB67C,EAAI5vC,EAAGhB,EAAGsvC,GAC7B,IAAIjzB,EAAGtM,EAAGxO,EACN3K,EAAG2Z,EAAG7P,EAAI,IAAI+pC,aAAa,IAC3BzkB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,MAE3BnuB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIw0B,EAAQ7wC,EAAI,GAChB,IAAKpJ,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAKg6C,EAAG,GAAKh6C,GAAKoK,EAAEpK,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKg6C,EAAG,GAAKh6C,GAAKylB,EAAE,GAAKzlB,GAO7C,IAJAutB,EADA5iB,EAAIgpC,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,GAAIgxC,KAE9B1B,EAAWnpB,EAAGzkB,GACdutC,EAAK8B,EAAI5qB,GAEJpvB,EAAI,GAAIA,EAAI,GAAIA,IAAKg6C,EAAGh6C,GAAK04C,EAAG14C,GAIrC,IAFAutB,EADApU,EAAIw6B,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,EAAGgxC,KAGxBj6C,EAAI,EAAGA,EAAI,GAAIA,IAAK8J,EAAE9J,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK8J,EAAE9J,GAAK2K,EAAE3K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAK2Z,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE9J,EAAE2Z,IAAMR,EAAEnZ,GAAKylB,EAAE9L,GAIvBk/B,EAAKmB,EAAG/wC,SAAS,IAAKa,EAExB,CA0HEowC,CAAYH,EAAW1X,EAAKA,EAAIlkC,OAAQ+T,GACjC6nC,CACT,EAEApG,EAAKmG,KAAKK,SAAW,SAAS9X,EAAKnwB,GAGjC,IAFA,IAAI6nC,EAAYpG,EAAKmG,KAAKzX,EAAKnwB,GAC3BkoC,EAAM,IAAIx6C,WAAWy5C,GAChBr5C,EAAI,EAAGA,EAAIo6C,EAAIj8C,OAAQ6B,IAAKo6C,EAAIp6C,GAAK+5C,EAAU/5C,GACxD,OAAOo6C,CACT,EAEAzG,EAAKmG,KAAKK,SAASE,OAAS,SAAShY,EAAK+X,EAAKlrC,GAE7C,GADAoqC,EAAgBjX,EAAK+X,EAAKlrC,GACtBkrC,EAAIj8C,SAAWk7C,EACjB,MAAUp5C,MAAM,sBAClB,GA9D+B,KA8D3BiP,EAAU/Q,OACZ,MAAU8B,MAAM,uBAClB,IAEID,EAFAg6C,EAAK,IAAIp6C,WAAWy5C,EAAoBhX,EAAIlkC,QAC5CiM,EAAI,IAAIxK,WAAWy5C,EAAoBhX,EAAIlkC,QAE/C,IAAK6B,EAAI,EAAGA,EAAIq5C,EAAmBr5C,IAAKg6C,EAAGh6C,GAAKo6C,EAAIp6C,GACpD,IAAKA,EAAI,EAAGA,EAAIqiC,EAAIlkC,OAAQ6B,IAAKg6C,EAAGh6C,EAAEq5C,GAAqBhX,EAAIriC,GAC/D,OAxGF,SAA0BoK,EAAG4vC,EAAI5wC,EAAGqvC,GAClC,IAAIz4C,EACwBmZ,EAAxB8B,EAAI,IAAIrb,WAAW,IACnBwvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KACvBtoC,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAE3B,GAAIxqC,EAAI,GAAI,OAAQ,EAEpB,GAAI0vC,EAAUxtC,EAAGmtC,GAAK,OAAQ,EAE9B,IAAKz4C,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAKoK,EAAEpK,GAAKg6C,EAAGh6C,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKoK,EAAEpK,EAAE,IAAMy4C,EAAGz4C,GAUtC,GARAutB,EADApU,EAAIw6B,EAAK3iC,KAAK5G,EAAEnB,SAAS,EAAGG,KAE5BkvC,EAAWlpB,EAAG9jB,EAAG6N,GAEjBo/B,EAAWjtC,EAAG0uC,EAAG/wC,SAAS,KAC1BjG,EAAIosB,EAAG9jB,GACP4sC,EAAKj9B,EAAGmU,GAERhmB,GAAK,GACDkrC,EAAiB0F,EAAI,EAAG/+B,EAAG,GAAI,CACjC,IAAKjb,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAKoK,EAAEpK,GAAK,EAC/B,OAAQ,EAGV,IAAKA,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAKoK,EAAEpK,GAAKg6C,EAAGh6C,EAAI,IACtC,OAAOoJ,CACT,CA4EUkxC,CAAiBlwC,EAAG4vC,EAAIA,EAAG77C,OAAQ+Q,IAAc,CAC3D,EAEAykC,EAAKmG,KAAKF,QAAU,WAClB,IAAInB,EAAK,IAAI74C,WAzEkB,IA0E3B84C,EAAK,IAAI94C,WAzEkB,IA2E/B,OADA44C,EAAoBC,EAAIC,GACjB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKmG,KAAKF,QAAQC,cAAgB,SAAS3nC,GAEzC,GADAonC,EAAgBpnC,GA/Ee,KAgF3BA,EAAU/T,OACZ,MAAU8B,MAAM,uBAElB,IADA,IAAIw4C,EAAK,IAAI74C,WAnFkB,IAoFtBI,EAAI,EAAGA,EAAIy4C,EAAGt6C,OAAQ6B,IAAKy4C,EAAGz4C,GAAKkS,EAAU,GAAGlS,GACzD,MAAO,CAACkP,UAAWupC,EAAIvmC,UAAW,IAAItS,WAAWsS,GACnD,EAEAyhC,EAAKmG,KAAKF,QAAQW,SAAW,SAASC,GAEpC,GADAlB,EAAgBkB,GAvFU,KAwFtBA,EAAKr8C,OACP,MAAU8B,MAAM,iBAGlB,IAFA,IAAIw4C,EAAK,IAAI74C,WA5FkB,IA6F3B84C,EAAK,IAAI94C,WA5FkB,IA6FtBI,EAAI,EAAGA,EAAI,GAAIA,IAAK04C,EAAG14C,GAAKw6C,EAAKx6C,GAE1C,OADAw4C,EAAoBC,EAAIC,GAAI,GACrB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAK8G,QAAU,SAASxzC,GACtB6sC,EAAc7sC,CAChB,EAEA,WAGE,IAAIwU,EAAyB,oBAATi/B,KAAwBA,KAAKj/B,QAAUi/B,KAAKC,SAAY,KAC5E,GAAIl/B,GAAUA,EAAOm/B,gBAAiB,CAGpCjH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAIpJ,EAAG60C,EAAI,IAAIj1C,WAAWwJ,GAC1B,IAAKpJ,EAAI,EAAGA,EAAIoJ,EAAGpJ,GAHT,MAIRyb,EAAOm/B,gBAAgB/F,EAAE5rC,SAASjJ,EAAGA,EAAI0I,KAAKmyC,IAAIzxC,EAAIpJ,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAK8J,EAAE9J,GAAK60C,EAAE70C,GACjCw5C,EAAQ3E,gBAEkB,IAAZiG,KAEhBr/B,OAAS,IACKA,EAAOs/B,aACnBpH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAIpJ,EAAG60C,EAAIp5B,EAAOs/B,YAAY3xC,GAC9B,IAAKpJ,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAK8J,EAAE9J,GAAK60C,EAAE70C,GACjCw5C,EAAQ3E,KAIf,CA1BD,EA4BC,CAn6BD,CAm6BoCvS,EAAO0Y,QAAU1Y,EAAO0Y,QAAWN,KAAK/G,KAAO+G,KAAK/G,MAAQ,OC34BhG,MAAMpI,GAAan0B,EAAKyE,gBAOjB,SAASo/B,GAAe98C,GAC7B,MAAM+f,EAAM,IAAIte,WAAWzB,GAC3B,GAAIotC,GAAY,CACd,MAAMtnC,EAAQsnC,GAAWwP,YAAY78B,EAAI/f,QACzC+f,EAAI7d,IAAI4D,OACH,IAAsB,oBAAXwX,SAA0BA,OAAOm/B,gBAGjD,MAAU36C,MAAM,gDAFhBwb,OAAOm/B,gBAAgB18B,GAIzB,OAAOA,CACT,CASOhgB,eAAeg9C,GAAoBL,EAAKlyC,GAC7C,MAAMQ,QAAmBiO,EAAKuE,gBAE9B,GAAIhT,EAAIkD,GAAGgvC,GACT,MAAU56C,MAAM,uCAGlB,MAAMk7C,EAAUxyC,EAAIqB,IAAI6wC,GAClB52C,EAAQk3C,EAAQj6C,aAMtB,OADU,IAAIiI,QAAiB8xC,GAAeh3C,EAAQ,IAC7CqG,IAAI6wC,GAASn4C,IAAI63C,EAC5B,8FClCO38C,eAAek9C,GAAoB7/B,EAAMna,EAAG6X,GACjD,MAAM9P,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GACrB0xC,EAAMluC,EAAIlB,UAAU,IAAItC,EAAWoS,EAAO,IAC1C8/B,EAAS,IAAIlyC,EAAW,IAOxBmyC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE/FlyC,QAAU8xC,GAAoBL,EAAKA,EAAIpvC,UAAUkB,IACvD,IAAI3M,EAAIoJ,EAAEkB,IAAI+wC,GAAQjvC,WAEtB,GACEhD,EAAES,KAAK,IAAIV,EAAWmyC,EAAKt7C,KAC3BA,GAAKA,EAAIs7C,EAAKt7C,IAAMs7C,EAAKn9C,OAErBiL,EAAEqD,YAAc8O,IAClBnS,EAAEe,KAAK0wC,EAAIpvC,UAAUkB,IAAM9C,KAAKgxC,GAChC76C,EAAIoJ,EAAEkB,IAAI+wC,GAAQjvC,yBAENmvC,GAAgBnyC,EAAGhI,EAAG6X,IACtC,OAAO7P,CACT,CAUOlL,eAAeq9C,GAAgBnyC,EAAGhI,EAAG6X,GAC1C,QAAI7X,IAAMgI,EAAEQ,MAAMmB,IAAI3J,GAAGqJ,mBA8BpBvM,eAA4BkL,GACjC,MAAMD,QAAmBiO,EAAKuE,gBAC9B,OAAO6/B,GAAYC,OAAMrxC,GACa,IAA7BhB,EAAEkB,IAAI,IAAInB,EAAWiB,KAEhC,CAhCasxC,CAAatyC,aAqBnBlL,eAAsBkL,EAAG6B,GAC9B,MAAM9B,QAAmBiO,EAAKuE,gBAE9B,OADA1Q,EAAIA,GAAK,IAAI9B,EAAW,GACjB8B,EAAEV,OAAOnB,EAAEQ,MAAOR,GAAGqB,OAC9B,CAtBakxC,CAAOvyC,YAyJblL,eAA2BkL,EAAG6P,EAAG2iC,GACtC,MAAMzyC,QAAmBiO,EAAKuE,gBACxB5O,EAAM3D,EAAEqD,YAETwM,IACHA,EAAIvQ,KAAKC,IAAI,EAAIoE,EAAM,GAAM,IAG/B,MAAM8c,EAAKzgB,EAAEQ,MAGb,IAAIiR,EAAI,EACR,MAAQgP,EAAGrd,OAAOqO,IAAMA,IACxB,MAAM4K,EAAIrc,EAAEuC,WAAW,IAAIxC,EAAW0R,IAEtC,KAAO5B,EAAI,EAAGA,IAAK,CAGjB,IAKIjZ,EALA8J,GAFM8xC,EAAOA,UAAeV,GAAoB,IAAI/xC,EAAW,GAAI0gB,IAE7Dtf,OAAOkb,EAAGrc,GACpB,IAAIU,EAAEW,UAAWX,EAAE8B,MAAMie,GAAzB,CAKA,IAAK7pB,EAAI,EAAGA,EAAI6a,EAAG7a,IAAK,CAGtB,GAFA8J,EAAIA,EAAEI,IAAIJ,GAAGQ,IAAIlB,GAEbU,EAAEW,QACJ,OAAO,EAET,GAAIX,EAAE8B,MAAMie,GACV,MAIJ,GAAI7pB,IAAM6a,EACR,OAAO,GAIX,OAAO,CACT,CA/LaghC,CAAYzyC,EAAG6P,IAM5B,CAuBA,MAAMuiC,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MC1JtC,MAAMM,GAAe,GAyCd,SAASC,GAAUxlC,EAASylC,GACjC,MAAMC,EAAU1lC,EAAQpY,OAExB,GAAI89C,EAAUD,EAAY,GACxB,MAAU/7C,MAAM,oBAIlB,MAAMi8C,EA7BR,SAAyB/9C,GACvB,MAAMK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAIsiC,EAAQ,EACZ,KAAOA,EAAQtiC,GAAQ,CACrB,MAAM48C,EAAcE,GAAe98C,EAASsiC,GAC5C,IAAK,IAAIzgC,EAAI,EAAGA,EAAI+6C,EAAY58C,OAAQ6B,IACf,IAAnB+6C,EAAY/6C,KACdxB,EAAOiiC,KAAWsa,EAAY/6C,IAIpC,OAAOxB,CACT,CAiBa29C,CAAgBH,EAAYC,EAAU,GAG3C79B,EAAU,IAAIxe,WAAWo8C,GAM/B,OAJA59B,EAAQ,GAAK,EACbA,EAAQ/d,IAAI67C,EAAI,GAEhB99B,EAAQ/d,IAAIkW,EAASylC,EAAYC,GAC1B79B,CACT,CAUO,SAASg+B,GAAUh+B,EAASi+B,GAEjC,IAAIlvC,EAAS,EACTmvC,EAAoB,EACxB,IAAK,IAAI3iC,EAAIxM,EAAQwM,EAAIyE,EAAQjgB,OAAQwb,IACvC2iC,GAAoC,IAAfl+B,EAAQzE,GAC7BxM,GAAUmvC,EAGZ,MAAMC,EAAQpvC,EAAS,EACjBqvC,EAAUp+B,EAAQnV,SAASkE,EAAS,GACpCsvC,EAAgC,IAAfr+B,EAAQ,GAA0B,IAAfA,EAAQ,GAAWm+B,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOjlC,EAAKsG,iBAAiB++B,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUv8C,MAAM,mBAClB,CAUO/B,eAAew+C,GAAWlQ,EAAMvN,EAAQ0d,GAC7C,IAAI38C,EACJ,GAAIi/B,EAAO9gC,SAAW6S,GAAKy7B,kBAAkBD,GAC3C,MAAUvsC,MAAM,uBAIlB,MAAM28C,EAAa,IAAIh9C,WAAWk8C,GAAatP,GAAMruC,QACrD,IAAK6B,EAAI,EAAGA,EAAI87C,GAAatP,GAAMruC,OAAQ6B,IACzC48C,EAAW58C,GAAK87C,GAAatP,GAAMxsC,GAGrC,MAAM68C,EAAOD,EAAWz+C,OAAS8gC,EAAO9gC,OACxC,GAAIw+C,EAAQE,EAAO,GACjB,MAAU58C,MAAM,6CAIlB,MAAMi8C,EAAK,IAAIt8C,WAAW+8C,EAAQE,EAAO,GAAGC,KAAK,KAI3CC,EAAK,IAAIn9C,WAAW+8C,GAK1B,OAJAI,EAAG,GAAK,EACRA,EAAG18C,IAAI67C,EAAI,GACXa,EAAG18C,IAAIu8C,EAAYD,EAAQE,GAC3BE,EAAG18C,IAAI4+B,EAAQ0d,EAAQ1d,EAAO9gC,QACvB4+C,CACT,CAhIAjB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGChBd,MAAMxQ,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBmhC,QAAoB,EAGpBC,GAAgB1R,GAAayR,GAAKE,OAAO,iBAAiB,WAC9DngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,WAAWypC,MACpBtgD,KAAK6W,IAAI,WAAWypC,MACpBtgD,KAAK6W,IAAI,kBAAkBypC,MAC3BtgD,KAAK6W,IAAI,mBAAmBypC,MAC5BtgD,KAAK6W,IAAI,UAAUypC,MACnBtgD,KAAK6W,IAAI,UAAUypC,MACnBtgD,KAAK6W,IAAI,aAAaypC,MACtBtgD,KAAK6W,IAAI,aAAaypC,MACtBtgD,KAAK6W,IAAI,eAAeypC,MAE5B,SAAKr/C,EAECs/C,GAAe/R,GAAayR,GAAKE,OAAO,iBAAiB,WAC7DngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,WAAWypC,MACpBtgD,KAAK6W,IAAI,kBAAkBypC,MAE/B,SAAKr/C,yDAgBEE,eAAoBq/C,EAAUz2C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,GAC3D,GAAIn4B,IAASsQ,EAAK7X,SAASuH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aAyPRtd,eAAuBs/C,EAAU12C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAQpD,MAAM4mB,QAyMRv/C,eAA4BkL,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GACzC,MAAM1tB,QAAmBiO,EAAKuE,gBACxB+hC,EAAO,IAAIv0C,EAAWimB,GACtBuuB,EAAO,IAAIx0C,EAAWmC,GACtBsyC,EAAO,IAAIz0C,EAAWsc,GAE5B,IAAIo4B,EAAKD,EAAKtzC,IAAIqzC,EAAK/zC,OACnBk0C,EAAKF,EAAKtzC,IAAIozC,EAAK9zC,OAGvB,OAFAk0C,EAAKA,EAAG9wC,eACR6wC,EAAKA,EAAG7wC,eACD,CACL+wC,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtBhI,EAAGyd,GAAgBzd,GAAG,GACtBqkB,EAAG5G,GAAgB4G,GAAG,GAEtB2J,EAAGvQ,GAAgBvT,GAAG,GACtBA,EAAGuT,GAAgBuQ,GAAG,GAEtB0uB,GAAIj/B,GAAgBg/B,GAAI,GACxBA,GAAIh/B,GAAgBi/B,GAAI,GACxBE,GAAIn/B,GAAgBgY,GAAG,GACvBonB,KAAK,EAET,CAjOoBC,CAAa90C,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GACxC2V,EAAO,CACXtkC,KAAM,oBACN8I,KAAM,CAAE9I,KAAMs1C,IAEV5pC,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAKjR,GAAM,EAAO,CAAC,SAChE,OAAO,IAAI5sC,iBAAiB0rC,GAAUwO,KAAK,oBAAqBlmC,EAAK9M,GACvE,CAxQqBq3C,CAAQpgC,EAAM9f,KAAK8f,EAAMvM,QAAS+rC,GAAWz2C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAC/E,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAqQN3d,eAAwBq/C,EAAUz2C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GACrD,MAAQjb,QAASyiC,SAAaz5C,OAAO,gBAC/B05C,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1B3E,EAAOvO,GAAWmT,WAAW3gC,EAAM9f,KAAK8f,EAAM/M,KAAMusC,IAC1DzD,EAAKj7C,MAAMiI,GACXgzC,EAAKvxC,MACL,MAAMo2C,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,QAA2C,IAAhC0U,GAAW6T,iBAAkC,CACtD,MAAMC,EAAMpC,GAAc/iC,OAAOykC,EAAW,OAC5C,OAAO,IAAI/+C,WAAWk6C,EAAKA,KAAK,CAAElmC,IAAKyrC,EAAKC,OAAQ,MAAOtoC,KAAM,WAEnE,MAAMuoC,EAAMtC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAET,OAAO,IAAI5/C,WAAWk6C,EAAKA,KAAKyF,GAClC,CApSaE,CAASlC,EAAUz2C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAGnD,OAsOF34B,eAAsBq/C,EAAUn0C,EAAGqc,EAAGwZ,GACpC,MAAM91B,QAAmBiO,EAAKuE,gBAC9BvS,EAAI,IAAID,EAAWC,GACnB,MAAMgB,EAAI,IAAIjB,QAAiBuzC,GAAWa,EAAUte,EAAQ71B,EAAElI,eAE9D,GADAukB,EAAI,IAAItc,EAAWsc,GACfrb,EAAE4B,IAAI5C,GACR,MAAUnJ,MAAM,2CAElB,OAAOmK,EAAEG,OAAOkb,EAAGrc,GAAG4D,aAAa,KAAM5D,EAAElI,aAC7C,CA/OSw+C,CAAOnC,EAAUn0C,EAAGqc,EAAGwZ,EAChC,SAaO/gC,eAAsBq/C,EAAUz2C,EAAM+T,EAAGzR,EAAGhI,EAAG69B,GACpD,GAAIn4B,IAASsQ,EAAK7X,SAASuH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aA8RRtd,eAAyBs/C,EAAU12C,EAAM+T,EAAGzR,EAAGhI,GAC7C,MAAMq8C,EAiLR,SAAqBr0C,EAAGhI,GACtB,MAAO,CACL28C,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtBhI,EAAGyd,GAAgBzd,GAAG,GACtB68C,KAAK,EAET,CAxLc0B,CAAYv2C,EAAGhI,GACrBwS,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAK,CAChDv1C,KAAM,oBACN8I,KAAM,CAAE9I,KAAOs1C,KACd,EAAO,CAAC,WACX,OAAOlS,GAAU+O,OAAO,oBAAqBzmC,EAAKiH,EAAG/T,EACvD,CArSqB84C,CAAU7hC,EAAM9f,KAAK8f,EAAMvM,QAAS+rC,GAAWz2C,EAAM+T,EAAGzR,EAAGhI,GACxE,MAAOg9C,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAkSN3d,eAA0Bq/C,EAAUz2C,EAAM+T,EAAGzR,EAAGhI,GAC9C,MAAQwa,QAASyiC,SAAaz5C,OAAO,gBAE/By1C,EAAS9O,GAAWsU,aAAa9hC,EAAM9f,KAAK8f,EAAM/M,KAAMusC,IAC9DlD,EAAOx7C,MAAMiI,GACbuzC,EAAO9xC,MACP,MAAMo2C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIwS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,cAEvCpD,EAAM0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAC1Ca,MAAO,mBAGX,IACE,aAAanF,EAAOA,OAAOzmC,EAAKiH,GAChC,MAAOujC,GACP,OAAO,EAEX,CA1Ta0B,CAAWvC,EAAUz2C,EAAM+T,EAAGzR,EAAGhI,GAG5C,OAyQFlD,eAAwBq/C,EAAU1iC,EAAGzR,EAAGhI,EAAG69B,GACzC,MAAM91B,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnByR,EAAI,IAAI1R,EAAW0R,GACnBzZ,EAAI,IAAI+H,EAAW/H,GACfyZ,EAAE7O,IAAI5C,GACR,MAAUnJ,MAAM,6CAElB,MAAM8/C,EAAMllC,EAAEtQ,OAAOnJ,EAAGgI,GAAG4D,aAAa,KAAM5D,EAAElI,cAC1C8+C,QAAYtD,GAAWa,EAAUte,EAAQ71B,EAAElI,cACjD,OAAOkW,EAAKqD,iBAAiBslC,EAAKC,EACpC,CApRSC,CAAS1C,EAAU1iC,EAAGzR,EAAGhI,EAAG69B,EACrC,UAUO/gC,eAAuB4I,EAAMsC,EAAGhI,GACrC,OAAIgW,EAAKyE,gBA6SX3d,eAA2B4I,EAAMsC,EAAGhI,GAClC,MAAQwa,QAASyiC,SAAaz5C,OAAO,gBAE/B+5C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIwS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBACzE,CAILvsC,EAAM,CAAEA,IAHI0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAChDa,MAAO,mBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,OAAO,IAAIvgD,WAAW2rC,GAAW6U,cAAcxsC,EAAK9M,GACtD,CA9TWqmC,CAAYrmC,EAAMsC,EAAGhI,GAgUhClD,eAAyB4I,EAAMsC,EAAGhI,GAChC,MAAM+H,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnBtC,EAAO,IAAIqC,EAAW4yC,GAAUj1C,EAAMsC,EAAElI,eACxCE,EAAI,IAAI+H,EAAW/H,GACf0F,EAAKkF,IAAI5C,GACX,MAAUnJ,MAAM,2CAElB,OAAO6G,EAAKyD,OAAOnJ,EAAGgI,GAAG4D,aAAa,KAAM5D,EAAElI,aAChD,CAvUSm/C,CAAUv5C,EAAMsC,EAAGhI,EAC5B,UAiBOlD,eAAuB4I,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAIpD,GAAIjlC,EAAKyE,kBAAoBwgC,EAC3B,IACE,aAiTNn+C,eAA2B4I,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAQjb,QAASyiC,SAAaz5C,OAAO,gBAE/B05C,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1BE,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,IAAIjjB,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADIqpC,GAAc/iC,OAAOykC,EAAW,OAC1BW,OAAQ,MAAQtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBAC1E,CAILvsC,EAAM,CAAEA,IAHIqpC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,IACE,OAAO,IAAIvgD,WAAW2rC,GAAW+U,eAAe1sC,EAAK9M,IACrD,MAAOs3C,GACP,MAAUn+C,MAAM,oBAEpB,CArVmBmuC,CAAYtnC,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,OAkVFlgD,eAAyB4I,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAC/C,MAAMlzC,QAAmBiO,EAAKuE,gBAQ9B,GAPA7U,EAAO,IAAIqC,EAAWrC,GACtBsC,EAAI,IAAID,EAAWC,GACnBhI,EAAI,IAAI+H,EAAW/H,GACnBqkB,EAAI,IAAItc,EAAWsc,GACnB2J,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBurB,EAAI,IAAI1tB,EAAW0tB,GACf/vB,EAAKkF,IAAI5C,GACX,MAAUnJ,MAAM,mBAElB,MAAM49C,EAAKp4B,EAAEnb,IAAIgB,EAAE1B,OACbk0C,EAAKr4B,EAAEnb,IAAI8kB,EAAExlB,OAEb22C,SAAmBrF,GAAoB,IAAI/xC,EAAW,GAAIC,IAAIkB,IAAIlB,GAClEo3C,EAAUD,EAAUz1C,OAAO1B,GAAGmB,OAAOnJ,EAAGgI,GAC9CtC,EAAOA,EAAKoD,IAAIs2C,GAASl2C,IAAIlB,GAG7B,MAAMq3C,EAAK35C,EAAKyD,OAAOuzC,EAAI1uB,GACrBsxB,EAAK55C,EAAKyD,OAAOszC,EAAIvyC,GACrB6N,EAAI0d,EAAE3sB,IAAIw2C,EAAG12C,IAAIy2C,IAAKn2C,IAAIgB,GAEhC,IAAI9M,EAAS2a,EAAEjP,IAAIklB,GAAGpsB,IAAIy9C,GAK1B,OAHAjiD,EAASA,EAAO0L,IAAIq2C,GAAWj2C,IAAIlB,GAG5BgzC,GAAU59C,EAAOwO,aAAa,KAAM5D,EAAElI,cAAem7C,EAC9D,CAhXSsE,CAAU75C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,EAC3C,WAeOn+C,eAAwBqd,EAAMna,GAMnC,GAHAA,EAAI,UAFqBgW,EAAKuE,iBAEXva,GAGfgW,EAAKoE,eAAgB,CACvB,MAAMolC,EAAY,CAChB14C,KAAM,oBACN24C,cAAetlC,EACfsjC,eAAgBz9C,EAAE4L,eAClBgE,KAAM,CACJ9I,KAAM,UAGJ0xC,QAAgBtO,GAAUwV,YAAYF,GAAW,EAAM,CAAC,OAAQ,WAIhEnD,QAAYnS,GAAUyV,UAAU,MAAOnH,EAAQpjC,YAErD,MAAO,CACLpN,EAAGsV,GAAgB++B,EAAIr0C,GACvBhI,EAAGA,EAAE4L,eACLyY,EAAG/G,GAAgB++B,EAAIh4B,GAEvB2J,EAAG1Q,GAAgB++B,EAAInyC,GACvBA,EAAGoT,GAAgB++B,EAAIruB,GAEvByH,EAAGnY,GAAgB++B,EAAIO,KAEpB,GAAI5mC,EAAKyE,iBAAmB0vB,GAAWyV,iBAAmB/D,GAAe,CAC9E,MAAMgE,EAAO,CACXJ,cAAetlC,EACfsjC,eAAgBz9C,EAAEgL,WAClB80C,kBAAmB,CAAElqC,KAAM,QAASsoC,OAAQ,OAC5C6B,mBAAoB,CAAEnqC,KAAM,QAASsoC,OAAQ,QAEzC8B,QAAY,IAAIpkD,SAAQ,CAACC,EAASC,KACtCquC,GAAWyV,gBAAgB,MAAOC,GAAM,CAAC7C,EAAKiD,EAAGhC,KAC3CjB,EACFlhD,EAAOkhD,GAEPnhD,EAAQggD,GAAc3iC,OAAO+kC,EAAK,UAEpC,IAOJ,MAAO,CACLj2C,EAAGg4C,EAAIjG,QAAQmG,YAAY1hD,YAC3BwB,EAAGggD,EAAIvC,eAAeyC,YAAY1hD,YAClC6lB,EAAG27B,EAAItC,gBAAgBwC,YAAY1hD,YAEnCwvB,EAAGgyB,EAAIpC,OAAOsC,YAAY1hD,YAC1B0L,EAAG81C,EAAIrC,OAAOuC,YAAY1hD,YAE1Bi3B,EAAGuqB,EAAIjC,YAAYmC,YAAY1hD,aAOnC,IAAIwvB,EACA9jB,EACAlC,EACJ,GACEkC,QAAU8vC,GAAoB7/B,GAAQA,GAAQ,GAAIna,EAAG,IACrDguB,QAAUgsB,GAAoB7/B,GAAQ,EAAGna,EAAG,IAC5CgI,EAAIgmB,EAAEllB,IAAIoB,SACHlC,EAAEqD,cAAgB8O,GAE3B,MAAMgmC,EAAMnyB,EAAExlB,MAAMK,KAAKqB,EAAE1B,OAM3B,OAJI0B,EAAEO,GAAGujB,MACNA,EAAG9jB,GAAK,CAACA,EAAG8jB,IAGR,CACLhmB,EAAGA,EAAE4D,eACL5L,EAAGA,EAAE4L,eACLyY,EAAGrkB,EAAE0J,OAAOy2C,GAAKv0C,eACjBoiB,EAAGA,EAAEpiB,eACL1B,EAAGA,EAAE0B,eAGL6pB,EAAGzH,EAAEtkB,OAAOQ,GAAG0B,eAEnB,iBAaO9O,eAA8BkL,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAClD,MAAM1tB,QAAmBiO,EAAKuE,gBAM9B,GALAvS,EAAI,IAAID,EAAWC,GACnBgmB,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,IAGd8jB,EAAEllB,IAAIoB,GAAGM,MAAMxC,GAClB,OAAO,EAGT,MAAMomC,EAAM,IAAIrmC,EAAW,GAG3B,GADA0tB,EAAI,IAAI1tB,EAAW0tB,IACdzH,EAAEllB,IAAI2sB,GAAGvsB,IAAIgB,GAAGb,QACnB,OAAO,EAGTrJ,EAAI,IAAI+H,EAAW/H,GACnBqkB,EAAI,IAAItc,EAAWsc,GAQnB,MAAM+7B,EAAa,IAAIr4C,EAAWT,KAAKsP,MAAM5O,EAAEqD,YAAc,IACvD9B,QAAUuwC,GAAoB1L,EAAKA,EAAI/jC,UAAU+1C,IACjDC,EAAM92C,EAAET,IAAIub,GAAGvb,IAAI9I,GAGzB,SADoBqgD,EAAIn3C,IAAI8kB,EAAExlB,OAAOgC,MAAMjB,KAAM82C,EAAIn3C,IAAIgB,EAAE1B,OAAOgC,MAAMjB,GAM1E,8DCjROzM,eAAuB4I,EAAMsoB,EAAGuS,EAAGz2B,GACxC,MAAM/B,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MACMd,EAAI,IAAIjB,EADC4yC,GAAUj1C,EAAMsoB,EAAEluB,eAK3B+X,QAAUiiC,GAAoB,IAAI/xC,EAAW,GAAIimB,EAAExlB,OACzD,MAAO,CACL2gB,GAAIoX,EAAEp3B,OAAO0O,EAAGmW,GAAGpiB,eACnBwd,GAAItf,EAAEX,OAAO0O,EAAGmW,GAAGnlB,KAAKG,GAAGD,KAAKilB,GAAGpiB,eAEvC,UAcO9O,eAAuBqsB,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAC1C,MAAMlzC,QAAmBiO,EAAKuE,gBAO9B,OANA4O,EAAK,IAAIphB,EAAWohB,GACpBC,EAAK,IAAIrhB,EAAWqhB,GACpB4E,EAAI,IAAIjmB,EAAWimB,GACnBtlB,EAAI,IAAIX,EAAWW,GAGZsyC,GADQ7xB,EAAGhgB,OAAOT,EAAGslB,GAAGtkB,OAAOskB,GAAGnlB,KAAKugB,GAAIrgB,KAAKilB,GAC/BpiB,aAAa,KAAMoiB,EAAEluB,cAAem7C,EAC9D,iBAWOn+C,eAA8BkxB,EAAGuS,EAAGz2B,EAAGpB,GAC5C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAIT,MAAMsyB,EAAQ,IAAIv4C,EAAWimB,EAAE3iB,aACzBk1C,EAAQ,IAAIx4C,EAAW,MAC7B,GAAIu4C,EAAM71C,GAAG81C,GACX,OAAO,EAOT,IAAKhgB,EAAEp3B,OAAO6kB,EAAExlB,MAAOwlB,GAAG3kB,QACxB,OAAO,EAST,IAAI0B,EAAMw1B,EACV,MAAM3hC,EAAI,IAAImJ,EAAW,GACnBy4C,EAAY,IAAIz4C,EAAW,GAAGsC,UAAU,IAAItC,EAAW,KAC7D,KAAOnJ,EAAE6L,GAAG+1C,IAAY,CAEtB,GADAz1C,EAAMA,EAAIjC,IAAIy3B,GAAGx3B,KAAKilB,GAClBjjB,EAAI1B,QACN,OAAO,EAETzK,EAAEyJ,OASJK,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUi2C,EAAM93C,OAAQ4lC,EAAI/jC,UAAUi2C,IACxEG,EAAMzyB,EAAExlB,MAAMK,KAAKU,GAAGd,KAAKC,GACjC,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,IC5GA,MAAM0yB,GACJjlD,YAAYklD,GACV,GAAIA,aAAeD,GACjB/kD,KAAKglD,IAAMA,EAAIA,SACV,GAAI3qC,EAAK7Z,QAAQwkD,IACb3qC,EAAKzX,aAAaoiD,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIniD,WAAWmiD,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAI5jD,OAAS,EAC1B,MAAU8B,MAAM,sCAElB8hD,EAAMA,EAAI94C,SAAS,GAErBlM,KAAKglD,IAAMA,OAEXhlD,KAAKglD,IAAM,GASf9jD,KAAKZ,GACH,GAAIA,EAAMc,QAAU,EAAG,CACrB,MAAMA,EAASd,EAAM,GACrB,GAAIA,EAAMc,QAAU,EAAIA,EAEtB,OADApB,KAAKglD,IAAM1kD,EAAM4L,SAAS,EAAG,EAAI9K,GAC1B,EAAIpB,KAAKglD,IAAI5jD,OAGxB,MAAU8B,MAAM,eAOlBpB,QACE,OAAOuY,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAKglD,IAAI5jD,SAAUpB,KAAKglD,MAOxE19B,QACE,OAAOjN,EAAK8B,gBAAgBnc,KAAKglD,KAOnCC,UACE,MAAM34C,EAAMtM,KAAKsnB,QACjB,GAAItG,EAAMvQ,MAAMnE,GACd,OAAO0U,EAAMlf,MAAMkf,EAAMvQ,MAAOnE,GAEhC,MAAUpJ,MAAM,qCCzEf,SAASgiD,GAAeC,EAAcC,GAE3C,OADgBD,EAAatI,QAAQ,CAAEuI,KAAMA,GAE/C,CAEO,SAASC,GAAcF,EAAcG,GAC1C,MAAMzI,EAAUsI,EAAatI,QAAQ,CAAEyI,IAAKA,IAC5C,IAAkC,IAA9BzI,EAAQ0I,WAAW9jD,OACrB,MAAUyB,MAAM,+BAElB,OAAO25C,CACT,CAEO17C,eAAeqkD,GAAgBr6C,GACpC,IAAKuZ,GAAOV,mBACV,MAAU9gB,MAAM,gEAElB,MAAQ2b,QAAS4mC,SAAmB59C,OAAO,sBAC3C,OAAO,IAAI49C,EAASC,GAAGv6C,EACzB,CCjBO,SAASw6C,GAAiBz+C,GAC/B,IACIkJ,EADAJ,EAAM,EAEV,MAAMiK,EAAO/S,EAAM,GAcnB,OAXI+S,EAAO,MACRjK,GAAO9I,EACRkJ,EAAS,GACA6J,EAAO,KAChBjK,GAAQ9I,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CkJ,EAAS,GACS,MAAT6J,IACTjK,EAAMqK,EAAKK,WAAWxT,EAAMgF,SAAS,EAAG,IACxCkE,EAAS,GAGJ,CACLJ,IAAKA,EACLI,OAAQA,EAEZ,CASO,SAASw1C,GAAkBxkD,GAChC,OAAIA,EAAS,IACJ,IAAIyB,WAAW,CAACzB,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIyB,WAAW,CAAyB,KAAtBzB,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEiZ,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOwX,EAAKM,YAAYvZ,EAAQ,IAChF,CAEO,SAASykD,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAU5iD,MAAM,iDAElB,OAAO,IAAIL,WAAW,CAAC,IAAMijD,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAInjD,WAAW,CAAC,IAAOmjD,GAChC,CAUO,SAASC,GAAYD,EAAU5kD,GAEpC,OAAOiZ,EAAKvX,iBAAiB,CAACijD,GAASC,GAAWJ,GAAkBxkD,IACtE,CAOO,SAAS8kD,GAAkB5lC,GAChC,MAAO,CACLU,EAAMlM,OAAOU,YACbwL,EAAMlM,OAAOO,eACb2L,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBACb0L,SAASnB,EACb,CASOnf,eAAeglD,GAAY7lD,EAAO2E,GACvC,MAAMM,EAASihB,EAAiBlmB,GAChC,IAAII,EACA0lD,EACJ,IACE,MAAMC,QAAoB9gD,EAAO0B,UAAU,GAE3C,IAAKo/C,GAAeA,EAAYjlD,OAAS,GAAiC,IAAV,IAAjBilD,EAAY,IACzD,MAAUnjD,MAAM,iGAElB,MAAMojD,QAAmB/gD,EAAOoB,WAChC,IAEI4/C,EAOAC,EATAlmC,GAAO,EACPiiC,GAAU,EAGdA,EAAS,EACmB,IAAV,GAAb+D,KACH/D,EAAS,GAIPA,EAEFjiC,EAAmB,GAAbgmC,GAGNhmC,GAAoB,GAAbgmC,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BP,GAAkB5lC,GAClD,IAiBIomC,EAjBA5xC,EAAS,KACb,GAAI2xC,EAAyB,CAC3B,GAA6B,UAAzBpsC,EAAK7X,SAASlC,GAAoB,CACpC,MAAM6L,EAAc,IAAIw6C,EACxBjmD,EAAS+lB,EAAiBta,GAC1B2I,EAAS3I,MACJ,CACL,MAAM/D,EAAY,IAAIw+C,EACtBlmD,EAAS+lB,EAAiBre,EAAUM,UACpCoM,EAAS1M,EAAUK,SAGrB29C,EAAmBnhD,EAAS,CAAEqb,MAAKxL,gBAEnCA,EAAS,GAIX,EAAG,CACD,GAAKytC,EAiCE,CAEL,MAAMsE,QAAmBthD,EAAOoB,WAEhC,GADA+/C,GAAmB,EACfG,EAAa,IACfN,EAAeM,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CN,GAAiBM,EAAa,KAAQ,SAAYthD,EAAOoB,WAAc,SAElE,GAAIkgD,EAAa,KAAOA,EAAa,KAG1C,GAFAN,EAAe,IAAmB,GAAbM,GACrBH,GAAmB,GACdD,EACH,MAAM,IAAI30B,UAAU,2DAItBy0B,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,gBAlDtB,OAAQ6/C,GACN,KAAK,EAGHD,QAAqBhhD,EAAOoB,WAC5B,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,QAAWpB,EAAOoB,WAC7D,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,WACpB,MACF,QAWE4/C,EAAe96C,IAyBrB,GAAI86C,EAAe,EAAG,CACpB,IAAI76C,EAAY,EAChB,OAAa,CACPhL,SAAcA,EAAOwI,MACzB,MAAM5H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,GAAIilD,IAAiB96C,IAAU,MAC/B,MAAUvI,MAAM,4BAElB,MAAMnB,EAAQwkD,IAAiB96C,IAAWpK,EAAQA,EAAM6K,SAAS,EAAGq6C,EAAe76C,GAInF,GAHIhL,QAAcA,EAAOoB,MAAMC,GAC1B+S,EAAOjT,KAAKE,GACjB2J,GAAarK,EAAMD,OACfsK,GAAa66C,EAAc,CAC7BhhD,EAAOmB,QAAQrF,EAAM6K,SAASq6C,EAAe76C,EAAYrK,EAAMD,SAC/D,eAICslD,GAiCT,MAAMI,QAAmBvhD,EAAO0B,UAAUw/C,EAA0Bh7C,IAAW,GAS/E,OARI/K,SACIA,EAAOwI,YACPxI,EAAOsB,UAEb8S,EAASuF,EAAKvX,iBAAiBgS,SAEzB7P,EAAS,CAAEqb,MAAKxL,aAEhBgyC,IAAeA,EAAW1lD,OAClC,MAAOiD,GACP,GAAI3D,EAEF,aADMA,EAAOuB,MAAMoC,IACZ,EAEP,MAAMA,UAGJ3D,SACI0lD,EAER7gD,EAAO3E,cAEX,CAEO,MAAMmmD,WAAyB7jD,MACpCpD,eAAeknD,GACbjnD,SAASinD,GAEL9jD,MAAM+jD,mBACR/jD,MAAM+jD,kBAAkBjnD,KAAM+mD,IAGhC/mD,KAAKmL,KAAO,oBAIT,MAAM+7C,GACXpnD,YAAYwgB,EAAK6mC,GACfnnD,KAAKsgB,IAAMA,EACXtgB,KAAKmnD,WAAaA,EAGpBrlD,QACE,OAAO9B,KAAKmnD,YC9RhB,MAAM5Y,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBsoC,GAAY,CAChB12C,KAAQ,QACRG,KAAQ,QACRE,KAAQ,SAEJs2C,GAAc7Y,GAAaA,GAAW8Y,YAAc,GACpDC,GAAa/Y,GAAa,CAC9Bv9B,UAAWo2C,GAAY5lC,SAAS,aAAe,iBAAcxgB,EAC7DyP,KAAM22C,GAAY5lC,SAAS,cAAgB,kBAAexgB,EAC1D4P,KAAMw2C,GAAY5lC,SAAS,aAAe,iBAAcxgB,EACxD8P,KAAMs2C,GAAY5lC,SAAS,aAAe,iBAAcxgB,EACxDmQ,QAASi2C,GAAY5lC,SAAS,WAAa,eAAYxgB,EACvDwQ,WAAY41C,GAAY5lC,SAAS,UAAY,cAAWxgB,EACxD0Q,gBAAiB01C,GAAY5lC,SAAS,mBAAqB,uBAAoBxgB,EAC/E2Q,gBAAiBy1C,GAAY5lC,SAAS,mBAAqB,uBAAoBxgB,EAC/E4Q,gBAAiBw1C,GAAY5lC,SAAS,mBAAqB,uBAAoBxgB,GAC7E,GAEEumD,GAAS,CACb92C,KAAM,CACJs0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5DyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW72C,KACjBi3C,IAAKP,GAAU12C,KACfk3C,YAAa,GACbC,WAAY,KAEdh3C,KAAM,CACJm0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW12C,KACjB82C,IAAKP,GAAUv2C,KACf+2C,YAAa,GACbC,WAAY,KAEd92C,KAAM,CACJi0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAWx2C,KACjB42C,IAAKP,GAAUr2C,KACf62C,YAAa,GACbC,WAAY,KAEd52C,UAAW,CACT+zC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAWt2C,UACjB22C,YAAa,IAEfx2C,QAAS,CACP4zC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClEyC,QAASzmC,EAAM7O,UAAUQ,YACzBsB,KAAM+M,EAAM/M,KAAKM,OACjBmzC,MAAM,EACNE,YAAa,IAEfn2C,WAAY,CACVuzC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxEyC,QAASzmC,EAAM7O,UAAUM,KACzBwB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,MAAM,EACNE,YAAa,IAEfj2C,gBAAiB,CACfqzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW51C,gBACjBi2C,YAAa,IAEfh2C,gBAAiB,CACfozC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW31C,gBACjBg2C,YAAa,IAEf/1C,gBAAiB,CACfmzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAW11C,gBACjB+1C,YAAa,KAIjB,MAAME,GACJhoD,YAAYioD,EAAWf,GACrB,KACM3sC,EAAK7Z,QAAQunD,IACb1tC,EAAKzX,aAAamlD,MAEpBA,EAAY,IAAIhD,GAAIgD,IAElBA,aAAqBhD,KAEvBgD,EAAYA,EAAU9C,WAGxBjlD,KAAKmL,KAAO6V,EAAMlf,MAAMkf,EAAMvQ,MAAOs3C,GACrC,MAAO1G,GACP,MAAM,IAAI0F,GAAiB,iBAE7BC,EAASA,GAAUQ,GAAOxnD,KAAKmL,MAE/BnL,KAAKynD,QAAUT,EAAOS,QAEtBznD,KAAKglD,IAAMgC,EAAOhC,IAClBhlD,KAAKiU,KAAO+yC,EAAO/yC,KACnBjU,KAAK8tB,OAASk5B,EAAOl5B,OACrB9tB,KAAK0nD,KAAOV,EAAOU,MAAQF,GAAOxnD,KAAKmL,MACvCnL,KAAK2nD,IAAMX,EAAOW,KAAOH,GAAOxnD,KAAKmL,MACrCnL,KAAK4nD,YAAcZ,EAAOY,YACtB5nD,KAAK2nD,KAAOttC,EAAKoE,eACnBze,KAAKia,KAAO,MACHja,KAAK0nD,MAAQrtC,EAAKyE,gBAC3B9e,KAAKia,KAAO,OACW,eAAdja,KAAKmL,KACdnL,KAAKia,KAAO,aACW,YAAdja,KAAKmL,OACdnL,KAAKia,KAAO,WAIhB9Y,mBACE,IAAI07C,EACJ,OAAQ78C,KAAKia,MACX,IAAK,MACH,IACE,aAiIV9Y,eAA6BgK,GAE3B,MAAM68C,QAAqBzZ,GAAUwV,YAAY,CAAE54C,KAAM,QAAS88C,WAAYb,GAAUj8C,KAAS,EAAM,CAAC,OAAQ,WAE1GsO,QAAmB80B,GAAUyV,UAAU,MAAOgE,EAAavuC,YAC3DtH,QAAkBo8B,GAAUyV,UAAU,MAAOgE,EAAa71C,WAEhE,MAAO,CACLA,UAAW+1C,GAAe/1C,GAC1BsH,WAAYkI,GAAgBlI,EAAWiP,GAE3C,CA5IuBy/B,CAAcnoD,KAAKmL,MAChC,MAAOk2C,GACPhnC,EAAK4D,gBAAgB,6CAA+CojC,EAAI7nC,SACxE,MAEJ,IAAK,OACH,OAwIRrY,eAA8BgK,GAE5B,MAAMsH,EAAO+7B,GAAW4Z,WAAWb,GAAWp8C,IAE9C,aADMsH,EAAK41C,eACJ,CACLl2C,UAAW,IAAItP,WAAW4P,EAAK61C,gBAC/B7uC,WAAY,IAAI5W,WAAW4P,EAAK81C,iBAEpC,CAhJeC,CAAexoD,KAAKmL,MAC7B,IAAK,aAAc,CACjB,MAAMsO,EAAaykC,GAAe,IAClCzkC,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAClB,MAAMtE,EAAYsE,EAAW/X,QAAQ4O,UACrCusC,EAAUjG,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEzC,MAAO,CAAEhD,UADSkI,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQg6C,EAAQ1qC,YACrDsH,cAEtB,IAAK,UAAW,CACd,MAAMA,EAAaykC,GAAe,IAC5BrB,EAAUjG,GAAKmG,KAAKF,QAAQW,SAAS/jC,GAE3C,MAAO,CAAEtH,UADSkI,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQg6C,EAAQ1qC,YACrDsH,eAGxB,MAAM0rC,QAAqBK,GAAgBxlD,KAAKmL,MAIhD,OAHA0xC,QAAgBsI,EAAasD,WAAW,CACtCC,QAASruC,EAAKqC,mBAAmBwhC,GAAe,OAE3C,CAAE/rC,UAAW,IAAItP,WAAWg6C,EAAQ8L,UAAU,SAAS,IAASlvC,WAAYojC,EAAQ+L,aAAarE,YAAY1hD,cAuCxH1B,eAAe0nD,GAAuBpZ,EAAMuV,EAAK8D,EAAGpgC,GAClD,MAAMqgC,EAAkB,CACtBr4C,MAAM,EACNG,MAAM,EACNE,MAAM,EACNE,WAAW,EACXQ,WAAYg+B,IAASzuB,EAAM7O,UAAUM,KACrCd,iBAAiB,EACjBC,iBAAiB,EACjBC,iBAAiB,GAIbm3C,EAAYhE,EAAIC,UACtB,IAAK8D,EAAgBC,GACnB,OAAO,EAGT,GAAkB,eAAdA,EAA4B,CAC9BtgC,EAAIA,EAAEhnB,QAAQ4O,UAEd,MAAM6B,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAcp0B,GAErDogC,EAAI,IAAIjmD,WAAWimD,GACnB,MAAMG,EAAK,IAAIpmD,WAAW,CAAC,MAASsP,IACpC,QAAKkI,EAAKqD,iBAAiBurC,EAAIH,GAOjC,MAAMr4C,QAAc+0C,GAAgBwD,GACpC,IAEEF,EAAIzD,GAAc50C,EAAOq4C,GAAGH,YAC5B,MAAOO,GACP,OAAO,EAQT,QADWhE,GAAez0C,EAAOiY,GAAGigC,YAC5BQ,GAAGL,EAKb,CA+CA,SAASZ,GAAexH,GACtB,MAAM0I,EAAOznC,GAAgB++B,EAAI3zC,GAC3Bs8C,EAAO1nC,GAAgB++B,EAAIvyC,GAC3BgE,EAAY,IAAItP,WAAWumD,EAAKhoD,OAASioD,EAAKjoD,OAAS,GAI7D,OAHA+Q,EAAU,GAAK,EACfA,EAAU7O,IAAI8lD,EAAM,GACpBj3C,EAAU7O,IAAI+lD,EAAMD,EAAKhoD,OAAS,GAC3B+Q,CACT,CASA,SAASm3C,GAAe1B,EAAaz8C,EAAMgH,GACzC,MAAMnC,EAAM43C,EACNwB,EAAOj3C,EAAUzQ,MAAM,EAAGsO,EAAM,GAChCq5C,EAAOl3C,EAAUzQ,MAAMsO,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgxC,IAAK,KACLuI,IAAKp+C,EACL4B,EAAG+U,GAAgBsnC,GAAM,GACzBj7C,EAAG2T,GAAgBunC,GAAM,GACzBnI,KAAK,EAGT,CAUA,SAASC,GAAayG,EAAaz8C,EAAMgH,EAAWsH,GAClD,MAAMinC,EAAM4I,GAAe1B,EAAaz8C,EAAMgH,GAE9C,OADAuuC,EAAIh4B,EAAI5G,GAAgBrI,GAAY,GAC7BinC,CACT,CCjWA,MAAMnS,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBjB3d,eAAe47C,GAAKiI,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK7X,SAASgX,GAAU,CACtC,MAAMqjC,EAAU,CAAE1qC,YAAWsH,cAC7B,OAAQhJ,EAAMwJ,MACZ,IAAK,MAEH,IAEE,aAwHV9Y,eAAuBsP,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAM7sC,EAAMS,EAAMm3C,YACZlH,EAAMS,GAAa1wC,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAO0xC,EAAQ1qC,UAAW0qC,EAAQpjC,YACxF5C,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM9f,KAAK8f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,SAGGe,EAAY,IAAInS,iBAAiB0rC,GAAUwO,KAC/C,CACE5xC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM9f,KAAK8f,EAAMvM,QAAS+rC,KAE5C3pC,EACA2C,IAGF,MAAO,CACL5L,EAAGoH,EAAUtT,MAAM,EAAGsO,GACtB8N,EAAG9I,EAAUtT,MAAMsO,EAAKA,GAAO,GAEnC,CArJuBoxC,CAAQ3wC,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAOwE,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,oCAAsCojC,EAAI7nC,SAEjE,MAEF,IAAK,OAAQ,CACX,MAAMxE,QAsKd7T,eAAwBsP,EAAO+vC,EAAUhnC,EAASqjC,GAChD,MAAME,EAAOvO,GAAWmT,WAAW3gC,EAAM9f,KAAK8f,EAAM/M,KAAMusC,IAC1DzD,EAAKj7C,MAAM0X,GACXujC,EAAKvxC,MACL,MAAMqL,EAAM2yC,GAAarsC,OAAO,CAC9B0kC,QAAS,EACT4H,WAAYh5C,EAAMu0C,IAClBvrC,WAAY5Z,MAAMmiB,KAAK66B,EAAQpjC,YAC/BtH,UAAW,CAAEu3C,OAAQ,EAAG3/C,KAAMlK,MAAMmiB,KAAK66B,EAAQ1qC,aAChD,MAAO,CACRswC,MAAO,mBAGT,OAAOkH,GAAepsC,OAAOw/B,EAAKA,KAAKlmC,GAAM,MAC/C,CApLgC6rC,CAASjyC,EAAO+vC,EAAUhnC,EAASqjC,GAC3D,MAAO,CACLjvC,EAAGoH,EAAUpH,EAAE22C,YAAY1hD,YAC3Bib,EAAG9I,EAAU8I,EAAEymC,YAAY1hD,eAKnC,OAmFF1B,eAA4BsP,EAAOyxB,EAAQzoB,GACzC,MAAM0rC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMquC,GAAeC,EAAc1rC,GACnCzE,EAAY6B,EAAIkmC,KAAK7a,GAC3B,MAAO,CACLt0B,EAAGoH,EAAUpH,EAAE22C,YAAY1hD,YAC3Bib,EAAG9I,EAAU8I,EAAEymC,YAAY1hD,YAE/B,CA3FS+mD,CAAan5C,EAAOyxB,EAAQzoB,EACrC,CAcOtY,eAAem8C,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASrH,EAAW+vB,GACzE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK7X,SAASgX,GAC5B,OAAQ/I,EAAMwJ,MACZ,IAAK,MACH,IAEE,aA4GV9Y,eAAyBsP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC3D,MAAMuuC,EAAM4I,GAAe74C,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAOgH,GAC/D0E,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM9f,KAAK8f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,WAGGe,EAAYqF,EAAKvX,iBAAiB,CAAC8K,EAAGkQ,IAAI7Z,OAEhD,OAAOsqC,GAAU+O,OACf,CACEnyC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM9f,KAAK8f,EAAMvM,QAAS+rC,KAE5C3pC,EACA7B,EACAwE,EAEJ,CAtIuBqpC,CAAUpyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAC5D,MAAOkvC,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,sCAAwCojC,EAAI7nC,SAEnE,MACF,IAAK,OACH,OA4IRrY,eAA0BsP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC5D,MAAQ0M,QAASyiC,SAAaz5C,OAAO,gBAE/By1C,EAAS9O,GAAWsU,aAAa9hC,EAAM9f,KAAK8f,EAAM/M,KAAMusC,IAC9DlD,EAAOx7C,MAAM0X,GACb8jC,EAAO9xC,MACP,MAAMqL,EAAMgzC,GAAqB1sC,OAAO,CACtC2sC,UAAW,CACTA,UAAW,CAAC,EAAG,EAAG,IAAK,MAAO,EAAG,GACjCL,WAAYh5C,EAAMu0C,KAEpB+E,iBAAkB,CAAEL,OAAQ,EAAG3/C,KAAMlK,MAAMmiB,KAAK7P,KAC/C,MAAO,CACRswC,MAAO,eAEHztC,EAAY20C,GAAexsC,OAAO,CACtCvP,EAAG,IAAI0zC,EAAG1zC,GAAIkQ,EAAG,IAAIwjC,EAAGxjC,IACvB,OAEH,IACE,OAAOw/B,EAAOA,OAAOzmC,EAAK7B,GAC1B,MAAOqsC,GACP,OAAO,EAEX,CApKe0B,CAAWtyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAI7D,OAuDFhR,eAA8BsP,EAAOuE,EAAW+yB,EAAQ51B,GACtD,MAAMgzC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMwuC,GAAcF,EAAchzC,GACxC,OAAO0E,EAAIymC,OAAOvV,EAAQ/yB,EAC5B,CA3DSg1C,CAAev5C,EAAOuE,OADO,IAAbwrC,EAA4BhnC,EAAU0oB,EACb/vB,EAClD,CAsKA,MAAM8tC,QAAoB,EAEpB0J,GAAiBnb,GACrByR,GAAKE,OAAO,kBAAkB,WAC5BngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,KAAKypC,MACdtgD,KAAK6W,IAAI,KAAKypC,eAEbr/C,EAEDuoD,GAAehb,GACnByR,GAAKE,OAAO,gBAAgB,WAC1BngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,WAAWypC,MACpBtgD,KAAK6W,IAAI,cAAcozC,SACvBjqD,KAAK6W,IAAI,cAAcqzC,SAAS,GAAGC,WAAWC,MAC9CpqD,KAAK6W,IAAI,aAAaqzC,SAAS,GAAGC,WAAWE,kBAE5CppD,EAEDqpD,GAAsB9b,GAC1ByR,GAAKE,OAAO,uBAAuB,WACjCngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,aAAa0zC,QACtBvqD,KAAK6W,IAAI,cAAcszC,WAAWC,eAEjCnpD,EAED4oD,GAAuBrb,GAC3ByR,GAAKE,OAAO,wBAAwB,WAClCngD,KAAKogD,MAAMC,IACTrgD,KAAK6W,IAAI,aAAa2zC,IAAIF,IAC1BtqD,KAAK6W,IAAI,oBAAoBwzC,kBAE5BppD,qFA9LAE,eAA8B6jD,EAAK8D,EAAGpgC,GAC3C,MAAMjY,EAAQ,IAAIq3C,GAAa9C,GAE/B,GAAIv0C,EAAMg3C,UAAYzmC,EAAM7O,UAAUO,MACpC,OAAO,EAKT,OAAQjC,EAAMwJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMT,EAAU0kC,GAAe,GACzBsC,EAAWx/B,EAAM/M,KAAKI,OACtB6tB,QAAejuB,GAAK8zB,OAAOyY,EAAUhnC,GAC3C,IACE,MAAMxE,QAAkB+nC,GAAKiI,EAAKxE,EAAUhnC,EAASsvC,EAAGpgC,EAAGwZ,GAC3D,aAAaob,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASsvC,EAAG5mB,GAC1D,MAAOmf,GACP,OAAO,GAGX,QACE,OAAOwH,GAAuB7nC,EAAM7O,UAAUO,MAAOsyC,EAAK8D,EAAGpgC,GAEnE,ICzHAkuB,GAAK3iC,KAAO/M,GAAS,IAAIrE,WAAW0R,KAASmzB,OAAOxgC,GAAO6gC,iEAgBpD5mC,eAAoB6jD,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QAEvE,MAAUnR,MAAM,sCAElB,MAAMiS,EAAYkF,EAAKvX,iBAAiB,CAAC2W,EAAYtH,EAAUjG,SAAS,KAClE8I,EAAY4hC,GAAKmG,KAAKK,SAASlb,EAAQ/sB,GAE7C,MAAO,CACLvH,EAAGoH,EAAU9I,SAAS,EAAG,IACzB4R,EAAG9I,EAAU9I,SAAS,IAE1B,SAcO/K,eAAsB6jD,EAAKxE,GAAU5yC,EAAGkQ,EAAEA,GAAKzQ,EAAG8E,EAAW+vB,GAClE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QACvE,MAAUnR,MAAM,sCAElB,MAAM8R,EAAYqF,EAAKvX,iBAAiB,CAAC8K,EAAGkQ,IAC5C,OAAO84B,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQltB,EAAW7C,EAAUjG,SAAS,GACzE,iBASO/K,eAA8B6jD,EAAK8D,EAAG5sC,GAE3C,GAAsB,YAAlB8oC,EAAIC,UACN,OAAO,EAOT,MAAM9yC,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASthC,GAC3C+sC,EAAK,IAAIpmD,WAAW,CAAC,MAASsP,IACpC,OAAOkI,EAAKqD,iBAAiBorC,EAAGG,EAElC,IC4BO,SAASwB,GAAqBhb,GACnC,GAAQA,IACDzuB,EAAM7O,UAAUf,QACnB,OAAO4P,EAAM/M,KAAKI,OAElB,MAAUnR,MAAM,qBAEtB,CA1GA0zC,GAAK3iC,KAAO/M,GAAS,IAAIrE,WAAW0R,KAASmzB,OAAOxgC,GAAO6gC,qEAOpD5mC,eAAwBsuC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOS,GAAe,KACpB/rC,UAAW+6B,GAAM0J,GAAKmG,KAAKF,QAAQW,SAASC,GACpD,MAAO,CAAEvQ,IAAGuQ,QAGZ,MAAUv6C,MAAM,8BAEtB,OAeO/B,eAAoBsuC,EAAM+Q,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACzE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUvsC,MAAM,sCAElB,OAAQusC,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM+D,EAAYkF,EAAKvX,iBAAiB,CAAC2W,EAAYtH,IAErD,MAAO,CAAEu4C,GADS9T,GAAKmG,KAAKK,SAASlb,EAAQ/sB,IAG/C,KAAK6L,EAAM7O,UAAUc,MACrB,QACE,MAAU/P,MAAM,+BAGtB,SAaO/B,eAAsBsuC,EAAM+Q,GAAUkK,GAAEA,GAAMr9C,EAAG8E,EAAW+vB,GACjE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUvsC,MAAM,sCAElB,OAAQusC,GACN,KAAKzuB,EAAM7O,UAAUf,QACnB,OAAOwlC,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQwoB,EAAIv4C,GAE/C,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,MAAU/P,MAAM,+BAEtB,iBAUO/B,eAA8BsuC,EAAMvC,EAAGuQ,GAC5C,OAAQhO,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAK5B,MAAMe,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASC,GACjD,OAAOpjC,EAAKqD,iBAAiBwvB,EAAG/6B,GAGlC,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,OAAO,EAEb,4BC7FO,SAAS03C,GAAK9zC,EAAK9M,GACxB,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIzV,QAAayV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC4lC,EAAIC,GAAO/gD,GACjB,IAAImjC,EAAI0d,EACR,MAAMvgC,EAAIwgC,EACJx+C,EAAIw+C,EAAEzpD,OAAS,EACf8c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI3Z,EAAI,EAAGA,EAAIoJ,IAAKpJ,EACvBib,EAAE,GAAK7R,EAAIuQ,GAAK,EAAI3Z,GAEpBkqC,EAAE,GAAKD,EAAE,GACTC,EAAE,GAAKD,EAAE,GAETC,EAAE,GAAK9iB,EAAE,EAAIpnB,GACbkqC,EAAE,GAAK9iB,EAAE,EAAIpnB,EAAI,GAEjBkqC,EAAI2d,GAAOj4B,EAAIF,QAAQwoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAClBghC,EAAE,IAAMhvB,EAAE,GACVgvB,EAAE,IAAMhvB,EAAE,GAEVmM,EAAE,EAAIpnB,GAAKkqC,EAAE,GACb9iB,EAAE,EAAIpnB,EAAI,GAAKkqC,EAAE,GAGrB,OAAOgO,GAAKjO,EAAG7iB,EACjB,CAUO,SAAS0gC,GAAOl0C,EAAK9M,GAC1B,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIzV,QAAayV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC6N,EAAIg4B,GAAO/gD,GACjB,IAAImjC,EAAIpa,EAAE5mB,SAAS,EAAG,GACtB,MAAMme,EAAIyI,EAAE5mB,SAAS,GACfG,EAAIymB,EAAE1xB,OAAS,EAAI,EACnB8c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI3Z,EAAIoJ,EAAI,EAAGpJ,GAAK,IAAKA,EAC5Bib,EAAE,GAAK7R,EAAIuQ,GAAK3Z,EAAI,GAEpBkqC,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAChBivB,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAEhBivB,EAAE,GAAK9iB,EAAE,EAAIpnB,GACbkqC,EAAE,GAAK9iB,EAAE,EAAIpnB,EAAI,GAEjBkqC,EAAI2d,GAAOj4B,EAAID,QAAQuoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAElBme,EAAE,EAAIpnB,GAAKkqC,EAAE,GACb9iB,EAAE,EAAIpnB,EAAI,GAAKkqC,EAAE,GAGrB,GAAID,EAAE,KAAO0d,EAAG,IAAM1d,EAAE,KAAO0d,EAAG,GAChC,OAAOzP,GAAK9wB,GAEd,MAAUnnB,MAAM,4BAClB,CAeA,SAAS4nD,GAAO/gD,GACd,MAAM3I,OAAEA,GAAW2I,EACb9F,EAfR,SAA2B8F,GACzB,GAAIsQ,EAAKC,SAASvQ,GAAO,CACvB,MAAM3I,OAAEA,GAAW2I,EACb9F,EAAS,IAAImhB,YAAYhkB,GACzB2wC,EAAO,IAAIlvC,WAAWoB,GAC5B,IAAK,IAAI2Y,EAAI,EAAGA,EAAIxb,IAAUwb,EAC5Bm1B,EAAKn1B,GAAK7S,EAAK0S,WAAWG,GAE5B,OAAO3Y,EAET,OAAO,IAAIpB,WAAWkH,GAAM9F,MAC9B,CAIiB+mD,CAAkBjhD,GAC3BgoC,EAAO,IAAI1sB,SAASphB,GACpBy4C,EAAM,IAAIz3B,YAAY7jB,EAAS,GACrC,IAAK,IAAI6B,EAAI,EAAGA,EAAI7B,EAAS,IAAK6B,EAChCy5C,EAAIz5C,GAAK8uC,EAAKpgB,UAAU,EAAI1uB,GAE9B,OAAOy5C,CACT,CAEA,SAASvB,KACP,IAAI/5C,EAAS,EACb,IAAK,IAAI8a,EAAI,EAAGA,EAAIsgC,UAAUp7C,SAAU8a,EACtC9a,GAAU,EAAIo7C,UAAUtgC,GAAG9a,OAE7B,MAAM6C,EAAS,IAAImhB,YAAYhkB,GACzB2wC,EAAO,IAAI1sB,SAASphB,GAC1B,IAAImM,EAAS,EACb,IAAK,IAAInN,EAAI,EAAGA,EAAIu5C,UAAUp7C,SAAU6B,EAAG,CACzC,IAAK,IAAI2Z,EAAI,EAAGA,EAAI4/B,UAAUv5C,GAAG7B,SAAUwb,EACzCm1B,EAAKkZ,UAAU76C,EAAS,EAAIwM,EAAG4/B,UAAUv5C,GAAG2Z,IAE9CxM,GAAU,EAAIosC,UAAUv5C,GAAG7B,OAE7B,OAAO,IAAIyB,WAAWoB,EACxB,uECnHO,SAASkZ,GAAO3D,GACrB,MAAM6C,EAAI,EAAK7C,EAAQpY,OAAS,EAC1Boa,EAAS,IAAI3Y,WAAW2W,EAAQpY,OAASib,GAAG0jC,KAAK1jC,GAEvD,OADAb,EAAOlY,IAAIkW,GACJgC,CACT,CAOO,SAAS+B,GAAO/D,GACrB,MAAMxJ,EAAMwJ,EAAQpY,OACpB,GAAI4O,EAAM,EAAG,CACX,MAAMqM,EAAI7C,EAAQxJ,EAAM,GACxB,GAAIqM,GAAK,EAAG,CACV,MAAM6uC,EAAW1xC,EAAQtN,SAAS8D,EAAMqM,GAClC8uC,EAAW,IAAItoD,WAAWwZ,GAAG0jC,KAAK1jC,GACxC,GAAIhC,EAAKqD,iBAAiBwtC,EAAUC,GAClC,OAAO3xC,EAAQtN,SAAS,EAAG8D,EAAMqM,IAIvC,MAAUnZ,MAAM,kBAClB,yECrBA,MAAMqrC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAexB,SAASssC,GAAeC,EAAarG,EAAKsG,EAAWC,GACnD,OAAOlxC,EAAKvX,iBAAiB,CAC3BkiD,EAAIljD,QACJ,IAAIe,WAAW,CAACwoD,IAChBC,EAAUxpD,QACVuY,EAAKiC,mBAAmB,wBACxBivC,EAAYr/C,SAAS,EAAG,KAE5B,CAGA/K,eAAeqqD,GAAIhL,EAAUnJ,EAAGj2C,EAAQqqD,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAI1oD,EACJ,GAAIyoD,EAAc,CAEhB,IAAKzoD,EAAI,EAAGA,EAAIo0C,EAAEj2C,QAAmB,IAATi2C,EAAEp0C,GAAUA,KACxCo0C,EAAIA,EAAEnrC,SAASjJ,GAEjB,GAAI0oD,EAAe,CAEjB,IAAK1oD,EAAIo0C,EAAEj2C,OAAS,EAAG6B,GAAK,GAAc,IAATo0C,EAAEp0C,GAAUA,KAC7Co0C,EAAIA,EAAEnrC,SAAS,EAAGjJ,EAAI,GAOxB,aALqBgR,GAAK8zB,OAAOyY,EAAUnmC,EAAKvX,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBw0C,EACAoU,MAEYv/C,SAAS,EAAG9K,EAC5B,CAUAD,eAAeyqD,GAAsBn7C,EAAOq4C,GAC1C,OAAQr4C,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAMyO,EAAIw1B,GAAe,KACnB/oC,UAAEA,EAAS02C,UAAEA,SAAoBC,GAAuBr7C,EAAOq4C,EAAG,KAAMpgC,GAC9E,IAAIvW,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEnD,OADAhD,EAAYkI,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQsP,IACpD,CAAEA,YAAW05C,aAEtB,IAAK,MACH,GAAIp7C,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAoKVtd,eAAqCsP,EAAOq4C,GAC1C,MAAMpI,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,GAC7D,IAAIjM,EAAUtO,GAAUwV,YACtB,CACE54C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEZoE,EAAYxd,GAAUgC,UACxB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAED9K,EAASkP,SAAmB9rD,QAAQ2H,IAAI,CAACi1C,EAASkP,IACnD,IAAIjuC,EAAIywB,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQF,GAEVlP,EAAQpjC,WACRhJ,EAAMk3C,IAAIE,YAERx1B,EAAIkc,GAAUyV,UAChB,MACAnH,EAAQ1qC,YAET2L,EAAGuU,SAAWpyB,QAAQ2H,IAAI,CAACkW,EAAGuU,IAC/B,MAAMw5B,EAAY,IAAIhpD,WAAWib,GAC3B3L,EAAY,IAAItP,WAAWqlD,GAAe71B,IAChD,MAAO,CAAElgB,YAAW05C,YACtB,CA1MuBK,CAAsBz7C,EAAOq4C,GAC1C,MAAOzH,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OAsQNlgD,eAAsCsP,EAAOq4C,GAC3C,MAAMqD,EAAS3d,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MAChDyE,EAAO9D,eACP,MAAMwD,EAAY,IAAIhpD,WAAWspD,EAAOC,cAActD,IAChD32C,EAAY,IAAItP,WAAWspD,EAAO7D,gBACxC,MAAO,CAAEn2C,YAAW05C,YACtB,CA5QaQ,CAAuB57C,EAAOq4C,GAEzC,OA+NF3nD,eAA0CsP,EAAOq4C,GAC/C,MAAM3D,QAAqBK,GAAgB/0C,EAAMtF,MAC3C2sC,QAAUrnC,EAAMg4C,aACtBK,EAAIzD,GAAcF,EAAc2D,GAChC,MAAMwD,EAAIpH,GAAeC,EAAcrN,EAAEr+B,YACnCtH,EAAY2lC,EAAE3lC,UACduhC,EAAI4Y,EAAEC,OAAOzD,EAAEH,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY1hD,WAAY,KAAMmN,GAClD,MAAO,CAAEmC,YAAW05C,YACtB,CAzOSW,CAA2B/7C,EAAOq4C,EAC3C,CAmCA3nD,eAAe2qD,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GACjD,GAAIA,EAAEtnB,SAAWqP,EAAMm3C,YAAa,CAClC,MAAMnuC,EAAa,IAAI5W,WAAW4N,EAAMm3C,aACxCnuC,EAAWnW,IAAIolB,EAAGjY,EAAMm3C,YAAcl/B,EAAEtnB,QACxCsnB,EAAIjP,EAEN,OAAQhJ,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM9E,EAAYuT,EAAEhnB,QAAQ4O,UAE5B,MAAO,CAAE6E,YAAW02C,UADFjV,GAAK+F,WAAWxnC,EAAWm3C,EAAEpgD,SAAS,KAG1D,IAAK,MACH,GAAIuE,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAqDVtd,eAAsCsP,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAMqjC,EAAY5K,GAAa1wC,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,EAAGpgC,GACpE,IAAIjP,EAAa80B,GAAUgC,UACzB,MACAwb,EACA,CACE5gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEhB,MAAMjH,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAK2E,GAC7D,IAAIH,EAAS5d,GAAUgC,UACrB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAEDluC,EAAY0yC,SAAgBlsD,QAAQ2H,IAAI,CAAC6R,EAAY0yC,IACtD,IAAIzY,EAAInF,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQE,GAEV1yC,EACAhJ,EAAMk3C,IAAIE,YAER4E,EAASle,GAAUyV,UACrB,MACAvqC,IAEDi6B,EAAG+Y,SAAgBxsD,QAAQ2H,IAAI,CAAC8rC,EAAG+Y,IACpC,MAAMZ,EAAY,IAAIhpD,WAAW6wC,GAEjC,MAAO,CAAEv+B,UADSwM,GAAgB8qC,EAAO/jC,GACrBmjC,YACtB,CA9FuBa,CAAuBj8C,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAO24B,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OA0LNlgD,eAAuCsP,EAAO67C,EAAG5jC,GAC/C,MAAMqjC,EAAYvd,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MACnDqE,EAAUY,cAAcjkC,GACxB,MAAMmjC,EAAY,IAAIhpD,WAAWkpD,EAAUK,cAAcE,IAEzD,MAAO,CAAEn3C,UADS,IAAItS,WAAWkpD,EAAUxD,iBACvBsD,YACtB,CAhMae,CAAwBn8C,EAAO67C,EAAG5jC,GAE7C,OAgJFvnB,eAA2CsP,EAAO67C,EAAG5jC,GACnD,MAAMy8B,QAAqBK,GAAgB/0C,EAAMtF,MACjDmhD,EAAIjH,GAAcF,EAAcmH,GAChC5jC,EAAIw8B,GAAeC,EAAcz8B,GACjC,MAAMvT,EAAY,IAAItS,WAAW6lB,EAAEkgC,cAC7BlV,EAAIhrB,EAAE6jC,OAAOD,EAAE3D,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY1hD,WAAY,KAAMmN,GAClD,MAAO,CAAEmF,YAAW02C,YACtB,CAzJSgB,CAA4Bp8C,EAAO67C,EAAG5jC,EAC/C,kEAjIOvnB,eAA8B6jD,EAAK8D,EAAGpgC,GAC3C,OAAOmgC,GAAuB7nC,EAAM7O,UAAUM,KAAMuyC,EAAK8D,EAAGpgC,EAC9D,UAgFOvnB,eAAuB6jD,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GACrD,MAAMl+C,EAAIy/C,GAAa/iD,GAEjB0G,EAAQ,IAAIq3C,GAAa9C,IACzB7yC,UAAEA,EAAS05C,UAAEA,SAAoBD,GAAsBn7C,EAAOq4C,GAC9D2C,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QAGxC,MAAO,CAAE3b,YAAW46C,WADDC,SADHxB,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,GACvBp+C,GAEnC,UAoDOlM,eAAuB6jD,EAAKsG,EAAWgB,EAAGx5B,EAAGg2B,EAAGpgC,EAAG6iC,GACxD,MAAM96C,EAAQ,IAAIq3C,GAAa9C,IACzB6G,UAAEA,SAAoBC,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GAC1D+iC,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QACxC,IAAIuzB,EACJ,IAAK,IAAIp+C,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAGE,OAAOgqD,GAAaC,SADJ1B,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,EAAa,IAANxoD,EAAe,IAANA,GACpC6vB,IACpC,MAAOzuB,GACPg9C,EAAMh9C,EAGV,MAAMg9C,CACR,ICrMA,MAAM9S,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBquC,GAAmB3e,IAAcA,GAAW4e,WAAa5e,GAAW4e,UAAUzuC,OAErExd,eAAeksD,GAAK7M,EAAU8M,EAAUC,EAAMC,EAAMC,GACjE,MAAMx5C,EAAO+M,EAAM9f,KAAK8f,EAAMvM,QAAS+rC,GACvC,IAAKvsC,EAAM,MAAU/Q,MAAM,qCAE3B,GAAIqrC,IAAa4e,GAAkB,CACjC,MAAMzuC,EAAS6vB,IAAa4e,GACtBO,QAAoBhvC,EAAO6xB,UAAU,MAAO+c,EAAU,QAAQ,EAAO,CAAC,eACtE9uC,QAAaE,EAAOstC,WAAW,CAAE7gD,KAAM,OAAQ8I,OAAMs5C,OAAMC,QAAQE,EAAsB,EAATD,GACtF,OAAO,IAAI5qD,WAAW2b,GAGxB,GAAIgwB,GAAY,CACd,MAAMmf,EAAe3sC,EAAM9f,KAAK8f,EAAM/M,KAAMusC,GAGtCoN,EAAc,CAACC,EAASC,IAAgBtf,GAAWuf,WAAWJ,EAAcE,GAASnmB,OAAOomB,GAAa/lB,SAGzGimB,EAAkBJ,EAAYL,EAAMD,GAEpCW,EAAUD,EAAgB5sD,OAI1BiL,EAAIV,KAAKmQ,KAAK2xC,EAASQ,GACvBC,EAAuB,IAAIrrD,WAAWwJ,EAAI4hD,GAG1CE,EAAa,IAAItrD,WAAWorD,EAAUT,EAAKpsD,OAAS,GAE1D+sD,EAAW7qD,IAAIkqD,EAAMS,GAErB,IAAK,IAAIhrD,EAAI,EAAGA,EAAIoJ,EAAGpJ,IAAK,CAG1BkrD,EAAWA,EAAW/sD,OAAS,GAAK6B,EAAI,EAExC,MAAMib,EAAI0vC,EAAYI,EAAiB/qD,EAAI,EAAIkrD,EAAaA,EAAWjiD,SAAS+hD,IAChFE,EAAW7qD,IAAI4a,EAAG,GAElBgwC,EAAqB5qD,IAAI4a,EAAGjb,EAAIgrD,GAGlC,OAAOC,EAAqBhiD,SAAS,EAAGuhD,GAG1C,MAAUvqD,MAAM,mCAClB,CC7CA,MAAMkrD,GAAY,CAChBr7C,OAAQsH,EAAK0C,WAAW,8EAQnB5b,eAAwBsuC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUY,OAAQ,CAE3B,MAAMmJ,EAAIgiC,GAAe,KACjB/rC,UAAW+6B,GAAM0J,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACxD,MAAO,CAAEgxB,IAAGhxB,KAGZ,MAAUhZ,MAAM,6BAEtB,iBAUO/B,eAA8BsuC,EAAMvC,EAAGhxB,GAC5C,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAK3B,MAAMZ,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACrD,OAAO7B,EAAKqD,iBAAiBwvB,EAAG/6B,GAIhC,OAAO,CAEb,UAcOhR,eAAuBsuC,EAAM1lC,EAAMskD,GACxC,GAAQ5e,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMu7C,EAAqBpQ,GAAe,IACpCqQ,EAAe3X,GAAK+F,WAAW2R,EAAoBD,IACjDl8C,UAAWq8C,GAAuB5X,GAAKgG,IAAIC,QAAQC,cAAcwR,GACnEG,EAAYp0C,EAAKvX,iBAAiB,CACtC0rD,EACAH,EACAE,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAG9C,MAAO,CAAEg7C,qBAAoBzB,WADVC,SADS0B,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI5rD,WAAcurD,GAAUr7C,OAAQmgB,GAC7DnpB,IAK7C,MAAU7G,MAAM,6BAEtB,UAaO/B,eAAuBsuC,EAAM+e,EAAoBzB,EAAY7f,EAAGhxB,GACrE,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMw7C,EAAe3X,GAAK+F,WAAWzgC,EAAGsyC,GAClCC,EAAYp0C,EAAKvX,iBAAiB,CACtC0rD,EACAthB,EACAqhB,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAE9C,OAAO05C,SADqBwB,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI5rD,WAAcurD,GAAUr7C,OAAQmgB,GACvE65B,GAGnC,MAAU7pD,MAAM,6BAEtB,6HRqFA/B,eAAwBsP,GACtB,MAAMrE,QAAmBiO,EAAKuE,gBAE9BnO,EAAQ,IAAIq3C,GAAar3C,GACzB,MAAMosC,QAAgBpsC,EAAMg4C,aACtBK,EAAI,IAAI18C,EAAWywC,EAAQ1qC,WAAWlC,eACtCw8C,EAAS,IAAIrgD,EAAWywC,EAAQpjC,YAAYxJ,aAAa,KAAMQ,EAAMm3C,aAC3E,MAAO,CACL5C,IAAKv0C,EAAMu0C,IACX8D,IACA2D,SACAx4C,KAAMxD,EAAMwD,KACZ6Z,OAAQrd,EAAMqd,OAElB,uBAOA,SAA8Bk3B,GAC5B,OAAOwC,GAAOxmC,EAAMlf,MAAMkf,EAAMvQ,MAAOu0C,EAAI19B,UAAUrT,IACvD,2DS3LO9S,eAAoBq/C,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GACpD,MAAMX,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GAM3B,IAAI8P,EACAtO,EACAkQ,EACAI,EARJmU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnB73B,EAAI,IAAIX,EAAWW,GAMnB63B,EAAIA,EAAEr3B,IAAI8kB,GACVtlB,EAAIA,EAAEQ,IAAIgB,GAMV,MAAM6N,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEpK,eAAeoJ,IAAIgB,GAMjE,OAAa,CAIX,GAFA2N,QAAUiiC,GAAoBvuC,EAAKrB,GACnCX,EAAIg3B,EAAEp3B,OAAO0O,EAAGmW,GAAGjlB,KAAKmB,GACpBX,EAAEH,SACJ,SAEF,MAAMkhD,EAAK5hD,EAAEI,IAAIS,GAAGR,KAAKmB,GAGzB,GAFA2P,EAAI9B,EAAEnW,IAAI0oD,GAAIvhD,KAAKmB,GACnBuP,EAAI5B,EAAEnO,OAAOQ,GAAGrB,KAAKgR,GAAG9Q,KAAKmB,IACzBuP,EAAErQ,SAGN,MAEF,MAAO,CACLG,EAAGA,EAAEqC,aAAa,KAAM1B,EAAEpK,cAC1B2Z,EAAGA,EAAE7N,aAAa,KAAM1B,EAAEpK,cAE9B,SAeOhD,eAAsBq/C,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAC5D,MAAM/B,QAAmBiO,EAAKuE,gBACxBjP,EAAO,IAAIvD,EAAW,GAS5B,GARAwB,EAAI,IAAIxB,EAAWwB,GACnBkQ,EAAI,IAAI1R,EAAW0R,GAEnBuU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEfP,EAAEmB,IAAIY,IAAS/B,EAAEqB,IAAIV,IACrBuP,EAAE/O,IAAIY,IAASmO,EAAE7O,IAAIV,GAEvB,OADA8L,EAAK0D,WAAW,0BACT,EAET,MAAM3B,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEpK,eAAeiJ,KAAKmB,GAC5D6oB,EAAItZ,EAAE/P,OAAOQ,GACnB,GAAI6oB,EAAE3pB,SAEJ,OADA4M,EAAK0D,WAAW,0BACT,EAGT6mB,EAAIA,EAAEr3B,IAAI8kB,GACVlkB,EAAIA,EAAEZ,IAAI8kB,GACV,MAAMu8B,EAAKxyC,EAAEjP,IAAIiqB,GAAGhqB,KAAKmB,GACnBsgD,EAAKjhD,EAAET,IAAIiqB,GAAGhqB,KAAKmB,GACnBsc,EAAK+Z,EAAEp3B,OAAOohD,EAAIv8B,GAClBvH,EAAK3c,EAAEX,OAAOqhD,EAAIx8B,GAExB,OADUxH,EAAG1d,IAAI2d,GAAI1d,KAAKilB,GAAGjlB,KAAKmB,GACzBM,MAAMjB,EACjB,iBAYOzM,eAA8BkxB,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAC/C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GACnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAMT,IAAKA,EAAExlB,MAAMU,IAAIgB,GAAGd,SAClB,OAAO,EAOT,IAAKm3B,EAAEp3B,OAAOe,EAAG8jB,GAAG3kB,QAClB,OAAO,EAMT,MAAMohD,EAAQ,IAAI1iD,EAAWmC,EAAEmB,aACzBq/C,EAAO,IAAI3iD,EAAW,KAC5B,GAAI0iD,EAAMhgD,GAAGigD,WAAiBvQ,GAAgBjwC,EAAG,KAAM,IACrD,OAAO,EASTxB,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUogD,EAAMjiD,OAAQ4lC,EAAI/jC,UAAUogD,IACxEhK,EAAMv2C,EAAEpB,IAAIS,GAAG3H,IAAI8G,GACzB,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,OCxLe,CAEb28B,IAAKA,GAELz8C,QAASA,GAETkzC,SAAUA,GAEVjzC,IAAKA,GAELokC,KAAMA,2ECAD,SAA8BnH,EAAMz6B,GACzC,IAAI9T,EAAO,EACX,OAAQuuC,GAGN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAInB,MAAO,CAAEwL,EAHCzD,EAAKgB,QAAQrG,EAAU9I,SAAShL,KAQ5C,KAAK8f,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUO,MACrB,CACE,MAAM9E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAShL,IAAQA,GAAQ0M,EAAExM,OAAS,EAErE,MAAO,CAAEwM,IAAGkQ,EADFzD,EAAKgB,QAAQrG,EAAU9I,SAAShL,KAM5C,KAAK8f,EAAM7O,UAAUQ,YAAa,CAGhC,IAAI/E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAShL,IAAQA,GAAQ0M,EAAExM,OAAS,EACnEwM,EAAIyM,EAAKkB,QAAQ3N,EAAG,IACpB,IAAIkQ,EAAIzD,EAAKgB,QAAQrG,EAAU9I,SAAShL,IAExC,OADA4c,EAAIzD,EAAKkB,QAAQuC,EAAG,IACb,CAAElQ,IAAGkQ,KAId,KAAKkD,EAAM7O,UAAUf,QAAS,CAC5B,MAAMs5C,EAAK11C,EAAU9I,SAAShL,EAAMA,EAAO,IAC3C,OADgDA,GAAQwpD,EAAGtpD,OACpD,CAAEspD,MAEX,QACE,MAAM,IAAI3D,GAAiB,gCAEjC,SAgBO5lD,eAAsBsuC,EAAM+Q,EAAUxrC,EAAWi6C,EAAcllD,EAAMm4B,GAC1E,OAAQuN,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAChI,EAAEA,GAAM4qD,EACXnxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGzR,EAAEjL,QACtC,OAAO+Q,GAAU68C,IAAI1R,OAAOkD,EAAUz2C,EAAM+T,EAAGzR,EAAGhI,EAAG69B,GAEvD,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,EAACJ,EAAEA,GAAM8gD,GACjBrhD,EAAEA,EAACkQ,EAAEA,GAAM9I,EACjB,OAAO7C,GAAUK,IAAI8qC,OAAOkD,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAE/D,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EACbC,EAAY,IAAI/8C,GAAUszC,SAASqC,aAAa9C,GAAK4C,YAErDh6C,EAAIyM,EAAKkB,QAAQvG,EAAUpH,EAAGshD,GAC9BpxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGoxC,GACpC,OAAO/8C,GAAUszC,SAAS/yC,MAAM4qC,OAAO0H,EAAKxE,EAAU,CAAE5yC,IAAGkQ,KAAK/T,EAAM++C,EAAG5mB,GAE3E,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EAEnB,OAAO98C,GAAUszC,SAAS9yC,YAAY2qC,OAAO0H,EAAKxE,EAAUxrC,EAAWjL,EAAM++C,EAAG5mB,GAElF,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,EACd,OAAO98C,GAAUszC,SAAS7yC,MAAM0qC,OAAO7N,EAAM+Q,EAAUxrC,EAAWjL,EAAMmjC,EAAGhL,GAE7E,QACE,MAAUh/B,MAAM,gCAEtB,OAgBO/B,eAAoBsuC,EAAM+Q,EAAU2O,EAAiBC,EAAkBrlD,EAAMm4B,GAClF,IAAKitB,IAAoBC,EACvB,MAAUlsD,MAAM,0BAElB,OAAQusC,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAChI,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,GAAQs1B,EAEvB,MAAO,CAAEtxC,QADO3L,GAAU68C,IAAIjS,KAAKyD,EAAUz2C,EAAMsC,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,IAGvE,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,GAAM4gD,GACdpiD,EAAEA,GAAMqiD,EACd,OAAOj9C,GAAUK,IAAIuqC,KAAKyD,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GAEvD,KAAKiU,EAAM7O,UAAUI,QACnB,MAAUrP,MAAM,gEAElB,KAAK8d,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACbzmC,EAAEA,GAAM0mC,EACd,OAAOj9C,GAAUszC,SAAS/yC,MAAMqqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGpgC,EAAGwZ,GAElE,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACb1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS9yC,YAAYoqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGrL,EAAMvb,GAE3E,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAMiiB,GACR1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS7yC,MAAMmqC,KAAKtN,EAAM+Q,EAAUz2C,EAAMmjC,EAAGuQ,EAAMvb,GAEtE,QACE,MAAUh/B,MAAM,gCAEtB,ICjJA,MAAMmsD,GACJvvD,YAAYiK,GACNA,IACF/J,KAAK+J,KAAOA,GAWhB7I,KAAKgG,GACH,GAAIA,EAAM9F,QAAU,EAAG,CACrB,MAAMA,EAAS8F,EAAM,GACrB,GAAIA,EAAM9F,QAAU,EAAIA,EAEtB,OADApB,KAAK+J,KAAO7C,EAAMgF,SAAS,EAAG,EAAI9K,GAC3B,EAAIpB,KAAK+J,KAAK3I,OAGzB,MAAU8B,MAAM,yBAOlBpB,QACE,OAAOuY,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK+J,KAAK3I,SAAUpB,KAAK+J,QCzB3E,MAAMulD,GAKJxvD,YAAYiK,GACV,GAAIA,EAAM,CACR,MAAMkK,KAAEA,EAAI6Z,OAAEA,GAAW/jB,EACzB/J,KAAKiU,KAAOA,EACZjU,KAAK8tB,OAASA,OAEd9tB,KAAKiU,KAAO,KACZjU,KAAK8tB,OAAS,KASlB5sB,KAAKZ,GACH,GAAIA,EAAMc,OAAS,GAAkB,IAAbd,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIymD,GAAiB,yBAI7B,OAFA/mD,KAAKiU,KAAO3T,EAAM,GAClBN,KAAK8tB,OAASxtB,EAAM,GACb,EAOTwB,QACE,OAAO,IAAIe,WAAW,CAAC,EAAG,EAAG7C,KAAKiU,KAAMjU,KAAK8tB,UCxDjD,MAAMyhC,GACJ3nC,mBAAkBmlC,WAAEA,EAAUjD,UAAEA,IAC9B,MAAM0F,EAAW,IAAID,GAGrB,OAFAC,EAASzC,WAAaA,EACtByC,EAAS1F,UAAYA,EACd0F,EASTtuD,KAAKgG,GACH,IAAIhG,EAAO,EACPuuD,EAAevoD,EAAMhG,KACzBlB,KAAK8pD,UAAY2F,EAAe,EAAIvoD,EAAMhG,KAAU,KACpDuuD,GAAgBA,EAAe,EAC/BzvD,KAAK+sD,WAAa7lD,EAAMgF,SAAShL,EAAMA,EAAOuuD,GAAevuD,GAAQuuD,EAOvE3tD,QACE,OAAOuY,EAAKvX,iBAAiB,CAC3B9C,KAAK8pD,UACH,IAAIjnD,WAAW,CAAC7C,KAAK+sD,WAAW3rD,OAAS,EAAGpB,KAAK8pD,YACjD,IAAIjnD,WAAW,CAAC7C,KAAK+sD,WAAW3rD,SAClCpB,KAAK+sD,cCsaX,SAAS2C,GAAoB1K,GAC3B,IACEA,EAAIC,UACJ,MAAO5gD,GACP,MAAM,IAAI0iD,GAAiB,qBAE/B,oEAnaO5lD,eAAgCwuD,EAASC,EAAeX,EAAcllD,EAAMwhD,GACjF,OAAQoE,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAAgB,CACnC,MAAM/F,EAAEA,EAAChI,EAAEA,GAAM4qD,EAEjB,MAAO,CAAE5yC,QADOlK,GAAU68C,IAAIr8B,QAAQ5oB,EAAMsC,EAAGhI,IAGjD,KAAK2c,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,EACpB,OAAO98C,GAAUI,QAAQogB,QAAQ5oB,EAAMsoB,EAAGuS,EAAGz2B,GAE/C,KAAK6S,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc2D,GACtB98C,UAAWm6C,EAAGS,WAAYj6B,SAAY3gB,GAAUszC,SAAShzC,KAAKkgB,QACpEqyB,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GAC3B,MAAO,CAAEe,IAAGx5B,EAAG,IAAI+8B,GAAW/8B,IAEhC,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,IAAKsH,EAAKyG,MAAM8uC,GAEd,MAAU1sD,MAAM,iDAElB,MAAMgqC,EAAEA,GAAM+hB,GACRT,mBAAEA,EAAkBzB,WAAEA,SAAqB56C,GAAUszC,SAASqK,MAAMn9B,QACxEg9B,EAAS5lD,EAAMmjC,GAEjB,MAAO,CAAEshB,qBAAoB17B,EADnBy8B,GAAkBQ,WAAW,CAAEjG,UAAW8F,EAAe7C,gBAGrE,QACE,MAAO,GAEb,mBAgBO5rD,eAAgCsuC,EAAM0f,EAAiBC,EAAkBY,EAAkBzE,EAAajM,GAC7G,OAAQ7P,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WAAY,CAC/B,MAAMgK,EAAEA,GAAM2zC,GACR3jD,EAAEA,EAAChI,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,GAAQs1B,EACvB,OAAOj9C,GAAU68C,IAAIp8B,QAAQvW,EAAGhQ,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAEpD,KAAKt+B,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,GAAEA,EAAEC,GAAEA,GAAOuiC,EACb39B,EAAI88B,EAAgB98B,EACpBtlB,EAAIqiD,EAAiBriD,EAC3B,OAAOoF,GAAUI,QAAQqgB,QAAQpF,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAEjD,KAAKt+B,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc6D,GACxBzmC,EAAEA,GAAM0mC,GACR9C,EAAEA,EAACx5B,EAAEA,GAAMk9B,EACjB,OAAO79C,GAAUszC,SAAShzC,KAAKmgB,QAC7BoyB,EAAKsG,EAAWgB,EAAGx5B,EAAE/oB,KAAM++C,EAAGpgC,EAAG6iC,GAErC,KAAKvqC,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAMiiB,GACRjzC,EAAEA,GAAMkzC,GACRZ,mBAAEA,EAAkB17B,EAAEA,GAAMk9B,EAClC,IAAK31C,EAAKyG,MAAMgS,EAAEg3B,WAChB,MAAU5mD,MAAM,4BAElB,OAAOiP,GAAUszC,SAASqK,MAAMl9B,QAC9B6c,EAAM+e,EAAoB17B,EAAEi6B,WAAY7f,EAAGhxB,GAE/C,QACE,MAAUhZ,MAAM,4CAEtB,uBAQO,SAA8BusC,EAAMvoC,GACzC,IAAIhG,EAAO,EACX,OAAQuuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAIgO,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQmL,EAAEjL,OAAS,EACjE,MAAMiD,EAAIgW,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQmD,EAAEjD,OAAS,EAC1D,CAAEF,OAAM+tD,aAAc,CAAE5iD,IAAGhI,MAEpC,KAAK2c,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAIhY,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQmxB,EAAEjxB,OAAS,EACjE,MAAMmN,EAAI8L,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQqN,EAAEnN,OAAS,EACjE,MAAMwjC,EAAIvqB,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQ0jC,EAAExjC,OAAS,EACjE,MAAM+M,EAAIkM,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQiN,EAAE/M,OAAS,EAC1D,CAAEF,OAAM+tD,aAAc,CAAE58B,IAAG9jB,IAAGq2B,IAAGz2B,MAE1C,KAAK6S,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAIhY,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQmxB,EAAEjxB,OAAS,EACjE,MAAMwjC,EAAIvqB,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQ0jC,EAAExjC,OAAS,EACjE,MAAM+M,EAAIkM,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQiN,EAAE/M,OAAS,EAC1D,CAAEF,OAAM+tD,aAAc,CAAE58B,IAAGuS,IAAGz2B,MAEvC,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,EAAM,IAAID,GAAO7jD,GAAQ8jD,EAAI9jD,KAAKgG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQ4nD,EAAE1nD,OAAS,EAC1D,CAAEF,KAAMA,EAAM+tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,EAAM,IAAID,GAAO7jD,GAAQ8jD,EAAI9jD,KAAKgG,GACxCwoD,GAAoB1K,GACpB,IAAI8D,EAAIzuC,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAEpC,OAF4CA,GAAQ4nD,EAAE1nD,OAAS,EAC/D0nD,EAAIzuC,EAAKkB,QAAQutC,EAAG,IACb,CAAE5nD,KAAMA,EAAM+tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,EAAM,IAAID,GAAO7jD,GAAQ8jD,EAAI9jD,KAAKgG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQ4nD,EAAE1nD,OAAS,EACjE,MAAMkqD,EAAY,IAAIgE,GACtB,OADmCpuD,GAAQoqD,EAAUpqD,KAAKgG,EAAMgF,SAAShL,IAClE,CAAEA,KAAMA,EAAM+tD,aAAc,CAAEjK,MAAK8D,IAAGwC,cAE/C,KAAKtqC,EAAM7O,UAAUf,QACrB,KAAK4P,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAIhmC,EAAMgF,SAAShL,EAAMA,EAAO,IACtC,OAD2CA,GAAQgsC,EAAE9rC,OAC9C,CAAEF,OAAM+tD,aAAc,CAAE/hB,MAEjC,QACE,MAAM,IAAI6Z,GAAiB,4CAEjC,wBASO,SAA+BtX,EAAMvoC,EAAO+nD,GACjD,IAAI/tD,EAAO,EACX,OAAQuuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMoW,EAAIrO,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQwnB,EAAEtnB,OAAS,EACjE,MAAMixB,EAAIhY,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQmxB,EAAEjxB,OAAS,EACjE,MAAMmN,EAAI8L,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQqN,EAAEnN,OAAS,EACjE,MAAM04B,EAAIzf,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQ44B,EAAE14B,OAAS,EAC1D,CAAEF,OAAM+uD,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,MAE3C,KAAK9Y,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QAAS,CAC5B,MAAMxF,EAAIsN,EAAKgB,QAAQnU,EAAMgF,SAAShL,IACtC,OAD8CA,GAAQ6L,EAAE3L,OAAS,EAC1D,CAAEF,OAAM+uD,cAAe,CAAEljD,MAElC,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAMhC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIt8B,EAAIrO,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAEpC,OAF4CA,GAAQwnB,EAAEtnB,OAAS,EAC/DsnB,EAAIrO,EAAKkB,QAAQmN,EAAGjY,EAAMm3C,aACnB,CAAE1mD,OAAM+uD,cAAe,CAAEvnC,MAElC,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMlC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIvH,EAAOpjC,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAEvC,OAF+CA,GAAQu8C,EAAKr8C,OAAS,EACrEq8C,EAAOpjC,EAAKkB,QAAQkiC,EAAMhtC,EAAMm3C,aACzB,CAAE1mD,OAAM+uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOv2C,EAAMgF,SAAShL,EAAMA,EAAO,IACzC,OAD8CA,GAAQu8C,EAAKr8C,OACpD,CAAEF,OAAM+uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMmJ,EAAIhV,EAAMgF,SAAShL,EAAMA,EAAO,IACtC,OAD2CA,GAAQgb,EAAE9a,OAC9C,CAAEF,OAAM+uD,cAAe,CAAE/zC,MAElC,QACE,MAAM,IAAI6qC,GAAiB,4CAEjC,2BAOO,SAAkCtX,EAAMvoC,GAC7C,IAAIhG,EAAO,EACX,OAAQuuC,GAGN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAEnB,MAAO,CAAEiK,EADChC,EAAKgB,QAAQnU,EAAMgF,SAAShL,KAOxC,KAAK8f,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,EAAKnT,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQssB,EAAGpsB,OAAS,EAEnE,MAAO,CAAEosB,KAAIC,GADFpT,EAAKgB,QAAQnU,EAAMgF,SAAShL,KAMzC,KAAK8f,EAAM7O,UAAUM,KAAM,CACzB,MAAM65C,EAAIjyC,EAAKgB,QAAQnU,EAAMgF,SAAShL,IAAQA,GAAQorD,EAAElrD,OAAS,EACjE,MAAM0xB,EAAI,IAAI+8B,GACd,OAD4B/8B,EAAE5xB,KAAKgG,EAAMgF,SAAShL,IAC3C,CAAEorD,IAAGx5B,KAOd,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMy7C,EAAqBtnD,EAAMgF,SAAShL,EAAMA,EAAO,IAAKA,GAAQstD,EAAmBptD,OACvF,MAAM0xB,EAAI,IAAIy8B,GACd,OADmCz8B,EAAE5xB,KAAKgG,EAAMgF,SAAShL,IAClD,CAAEstD,qBAAoB17B,KAE/B,QACE,MAAM,IAAIi0B,GAAiB,4CAEjC,kBAQO,SAAyBtX,EAAMuX,GAEpC,MAAMkJ,EAAgC,IAAI7sC,IAAI,CAACrC,EAAM7O,UAAUf,QAAS4P,EAAM7O,UAAUY,SAClFo9C,EAAgBnlD,OAAOooB,KAAK4zB,GAAQ7+C,KAAIgD,IAC5C,MAAMsgD,EAAQzE,EAAO77C,GACrB,OAAKkP,EAAKzX,aAAa6oD,GAChByE,EAA8BlqD,IAAIypC,GAAQgc,EAAQpxC,EAAKoB,gBAAgBgwC,GADxCA,EAAM3pD,OACwC,IAEtF,OAAOuY,EAAKvX,iBAAiBqtD,EAC/B,iBAUO,SAAwB1gB,EAAMjxB,EAAMwmC,GACzC,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACnB,OAAOH,GAAU68C,IAAIoB,SAAS5xC,EAAM,OAAO5c,MAAK,EAAGyK,IAAGhI,IAAGqkB,IAAG2J,IAAG9jB,IAAGurB,SAChEm2B,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,KAC1Bm1B,aAAc,CAAE5iD,IAAGhI,SAGvB,KAAK2c,EAAM7O,UAAUO,MACnB,OAAOP,GAAUszC,SAAS2K,SAASpL,GAAKpjD,MAAK,EAAGojD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAAS2K,SAASpL,GAAKpjD,MAAK,EAAGojD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAExS,KAAMgP,GACvBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUM,KACnB,OAAON,GAAUszC,SAAS2K,SAASpL,GAAKpjD,MAAK,EAAGojD,MAAK8D,IAAG2D,SAAQx4C,OAAM6Z,cACpEmiC,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CACZjK,IAAK,IAAID,GAAIC,GACb8D,IACAwC,UAAW,IAAIgE,GAAU,CAAEr7C,OAAM6Z,gBAGvC,KAAK9M,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAMw9C,SAAS3gB,GAAM7tC,MAAK,EAAGsrC,IAAGuQ,YACxDwS,cAAe,CAAExS,QACjBwR,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUY,OACnB,OAAOZ,GAAUszC,SAASqK,MAAMM,SAAS3gB,GAAM7tC,MAAK,EAAGsrC,IAAGhxB,SACxD+zC,cAAe,CAAE/zC,KACjB+yC,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QACnB,MAAUrP,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,iBAUO/B,eAA8BsuC,EAAMwf,EAAcgB,GACvD,IAAKhB,IAAiBgB,EACpB,MAAU/sD,MAAM,0BAElB,OAAQusC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAChI,EAAEA,GAAM4qD,GACXvmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMm2B,EACvB,OAAO99C,GAAU68C,IAAIqB,eAAehkD,EAAGhI,EAAGqkB,EAAG2J,EAAG9jB,EAAGurB,GAErD,KAAK9Y,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAEA,EAAC9jB,EAAEA,EAACq2B,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACjBliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUK,IAAI69C,eAAeh+B,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAElD,KAAKiU,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACdliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUI,QAAQ89C,eAAeh+B,EAAGuS,EAAGz2B,EAAGpB,GAEnD,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAM69C,EAAan+C,GAAUszC,SAASzkC,EAAM9f,KAAK8f,EAAM7O,UAAWs9B,KAC5DuV,IAAEA,EAAG8D,EAAEA,GAAMmG,GACbvmC,EAAEA,GAAMunC,EACd,OAAOK,EAAWD,eAAerL,EAAK8D,EAAGpgC,GAE3C,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMm2C,EAAEA,EAAC9D,IAAEA,GAAQiK,GACbxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS9yC,YAAY09C,eAAerL,EAAK8D,EAAGrL,GAE/D,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,GACRxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS7yC,MAAMy9C,eAAe5gB,EAAMvC,EAAGuQ,GAE1D,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAM+hB,GACR/yC,EAAEA,GAAM+zC,EACd,OAAO99C,GAAUszC,SAASqK,MAAMO,eAAe5gB,EAAMvC,EAAGhxB,GAE1D,QACE,MAAUhZ,MAAM,iCAEtB,kBASO/B,eAA+BsuC,GACpC,MAAMxc,UAAEA,GAAc2c,GAAUH,GAC1B8gB,QAAqBrS,GAAejrB,GACpCu9B,EAAS,IAAI3tD,WAAW,CAAC0tD,EAAaA,EAAanvD,OAAS,GAAImvD,EAAaA,EAAanvD,OAAS,KACzG,OAAOiZ,EAAK7T,OAAO,CAAC+pD,EAAcC,GACpC,qBAQO,SAA4B/gB,GACjC,MAAMvc,QAAEA,GAAY0c,GAAUH,GAC9B,OAAOyO,GAAehrB,EACxB,cAQO,SAAqBuc,GAC1B,MAAMI,EAAW7uB,EAAM9f,KAAK8f,EAAMtM,KAAM+6B,GACxC,OAAO1hB,GAAK8hB,EACd,yCAsBO,SAAmCJ,EAAMuV,GAC9C,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAASgF,qBAAqBzF,GACjD,KAAKhkC,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAM63C,qBAAqBhb,GACvD,QACE,MAAUvsC,MAAM,iCAEtB,IC9cA,MAAMqK,GAAM,CAEVugB,OAAQA,GAER7Z,KAAMA,GAEN8Z,KAAMA,GAEN5b,UAAWA,GAEX6C,UAAWA,GAEXy7C,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT5lD,OAAO6lD,OAAOtjD,GAAKmR,IC1CnB,IAAIoyC,GAAiC,oBAAfjuD,YACG,oBAAhBkuD,aACe,oBAAfC,WA+BF,SAASC,GAAU9vC,EAAKnc,GAC3B,OAAImc,EAAI/f,SAAW4D,EACRmc,EAEPA,EAAIjV,SACGiV,EAAIjV,SAAS,EAAGlH,IAE3Bmc,EAAI/f,OAAS4D,EACNmc,EACX,CAGA,MAAM+vC,GAAU,CACZC,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,GAAI76B,EAAIvqB,UAAYklD,EAAKllD,SACrBklD,EAAK9tD,IAAImzB,EAAIvqB,SAASmlD,EAAUA,EAAWrhD,GAAMshD,QAIrD,IAAK,IAAIruD,EAAI,EAAGA,EAAI+M,EAAK/M,IACrBmuD,EAAKE,EAAYruD,GAAKwzB,EAAI46B,EAAWpuD,IAI7CsuD,cAAe,SAAUC,GACrB,IAAIvuD,EAAG0zB,EAAG3mB,EAAK7M,EAAKpB,EAIpB,IADAiO,EAAM,EACD/M,EAAI,EAAG0zB,EAAI66B,EAAOpwD,OAAQ6B,EAAI0zB,EAAG1zB,IAClC+M,GAAOwhD,EAAOvuD,GAAG7B,OAIrB,MAAMK,EAAS,IAAIoB,WAAWmN,GAE9B,IADA7M,EAAM,EACDF,EAAI,EAAG0zB,EAAI66B,EAAOpwD,OAAQ6B,EAAI0zB,EAAG1zB,IAClClB,EAAQyvD,EAAOvuD,GACfxB,EAAO6B,IAAIvB,EAAOoB,GAClBA,GAAOpB,EAAMX,OAGjB,OAAOK,IAITgwD,GAAY,CACdN,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,IAAK,IAAIruD,EAAI,EAAGA,EAAI+M,EAAK/M,IACrBmuD,EAAKE,EAAYruD,GAAKwzB,EAAI46B,EAAWpuD,IAI7CsuD,cAAe,SAAUC,GACrB,MAAO,GAAGhrD,OAAOsW,MAAM,GAAI00C,KAQ5B,IAAIE,GAAOZ,GAAWjuD,WAAahD,MAC/B8xD,GAAQb,GAAWC,YAAclxD,MACjC+xD,GAAQd,GAAWE,WAAanxD,MAChC0xD,GAAgBT,GAAWI,GAAQK,cAAgBE,GAAUF,cAC7DJ,GAAWL,GAAWI,GAAQC,SAAWM,GAAUN,SChFvD,MAAMU,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAKrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAErBC,IAAqB,EACrBC,IAAqB,EAErBC,IAAqB,EAOrBC,IAA2B,EAG3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAI3BC,GAA2B,EAC3BC,GAA2B,EAE3BC,GAA2B,EAG3BC,GAA2B,EC7BxC,SAASvjD,GAAKwR,GACV,IAAInR,EAAMmR,EAAI/f,OAAQ,OAAS4O,GAAO,GAClCmR,EAAInR,GAAO,CAEnB,CAIA,MAAMmjD,GAAe,EACfC,GAAe,EACfC,GAAe,EAYfC,GAAgB,GAGhBC,GAAgB,IAGhBC,GAAgBD,GAAW,EAAID,GAG/BG,GAAgB,GAGhBC,GAAgB,GAGhBC,GAAgB,EAAIH,GAAU,EAG9BI,GAAgB,GAGhBC,GAAgB,GAQhBC,GAAc,EAGdC,GAAc,IAGdC,GAAc,GAGdC,GAAc,GAGdC,GAAc,GAIdC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAErDC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAE9DC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAEjCC,GACJ,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAgBzCC,GAAoB10D,MAAsB,GAAf2zD,GAAU,IAC3C7jD,GAAK4kD,IAOL,MAAMC,GAAoB30D,MAAgB,EAAV4zD,IAChC9jD,GAAK6kD,IAKL,MAAMC,GAAoB50D,MAjBJ,KAkBtB8P,GAAK8kD,IAML,MAAMC,GAAoB70D,MAAM80D,KAChChlD,GAAK+kD,IAGL,MAAME,GAAoB/0D,MAAMyzD,IAChC3jD,GAAKilD,IAGL,MAAMC,GAAoBh1D,MAAM4zD,IAKhC,SAASqB,GAAeC,EAAaC,EAAYC,EAAYC,EAAOC,GAEhEn1D,KAAK+0D,YAAeA,EACpB/0D,KAAKg1D,WAAeA,EACpBh1D,KAAKi1D,WAAeA,EACpBj1D,KAAKk1D,MAAeA,EACpBl1D,KAAKm1D,WAAeA,EAGpBn1D,KAAKo1D,UAAeL,GAAeA,EAAY3zD,MACnD,CAGA,IAAIi0D,GACAC,GACAC,GAGJ,SAASC,GAASC,EAAUC,GACxB11D,KAAKy1D,SAAWA,EAChBz1D,KAAK21D,SAAW,EAChB31D,KAAK01D,UAAYA,CACrB,CAIA,SAASE,GAAOC,GACZ,OAAOA,EAAO,IAAMpB,GAAWoB,GAAQpB,GAAW,KAAOoB,IAAS,GACtE,CAOA,SAASC,GAAUh4C,EAAGsZ,GAGlBtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJhQ,EAC7BtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAahQ,IAAM,EAAI,GAC3C,CAOA,SAAS4+B,GAAUl4C,EAAGzc,EAAOD,GACrB0c,EAAEm4C,SAAWpC,GAAWzyD,GACxB0c,EAAEo4C,QAAU70D,GAASyc,EAAEm4C,SAAW,MAClCH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS70D,GAASwyD,GAAW/1C,EAAEm4C,SACjCn4C,EAAEm4C,UAAY70D,EAASyyD,KAEvB/1C,EAAEo4C,QAAU70D,GAASyc,EAAEm4C,SAAW,MAClCn4C,EAAEm4C,UAAY70D,EAEtB,CAGA,SAAS+0D,GAAUr4C,EAAGzB,EAAG+5C,GACrBJ,GAAUl4C,EAAGs4C,EAAS,EAAJ/5C,GAAiB+5C,EAAS,EAAJ/5C,EAAQ,GACpD,CAQA,SAASg6C,GAAWC,EAAMtmD,GACtB,IAAIZ,EAAM,EACV,GACIA,GAAc,EAAPknD,EACPA,KAAU,EACVlnD,IAAQ,UACDY,EAAM,GACjB,OAAOZ,IAAQ,CACnB,CAuIA,SAASmnD,GAAUH,EAAMT,EAAUa,GAK/B,MAAMC,EAAgB52D,MAAM+zD,GAAW,GACvC,IACIp1C,EACAnS,EAFAiqD,EAAO,EAOX,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bi4C,EAAUj4C,GAAQ83C,EAAOA,EAAOE,EAASh4C,EAAO,IAAM,EAS1D,IAAKnS,EAAI,EAAIA,GAAKspD,EAAUtpD,IAAK,CAC7B,MAAM2D,EAAMomD,EAAS,EAAJ/pD,EAAQ,GACb,IAAR2D,IAIJomD,EAAS,EAAJ/pD,GAAkBgqD,GAAWI,EAAUzmD,KAAQA,IAK5D,CA8GA,SAAS0mD,GAAW54C,GAChB,IAAIzR,EAGJ,IAAKA,EAAI,EAAGA,EAAImnD,GAAUnnD,IACtByR,EAAE64C,UAAc,EAAJtqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIonD,GAAUpnD,IACtByR,EAAE84C,UAAc,EAAJvqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIqnD,GAAUrnD,IACtByR,EAAE+4C,QAAY,EAAJxqD,GAAkB,EAGhCyR,EAAE64C,UAAsB,EAAZ5C,IAA0B,EACtCj2C,EAAEg5C,QAAUh5C,EAAEi5C,WAAa,EAC3Bj5C,EAAEk5C,SAAWl5C,EAAEm5C,QAAU,CAC7B,CAMA,SAASC,GAAUp5C,GACXA,EAAEm4C,SAAW,EACbH,GAAUh4C,EAAGA,EAAEo4C,QACRp4C,EAAEm4C,SAAW,IAEpBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAatpB,EAAEo4C,QAEnCp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,CACjB,CA6BA,SAASkB,GAAQf,EAAM/pD,EAAGgB,EAAG+pD,GACzB,MAAMC,EAAU,EAAJhrD,EACNirD,EAAU,EAAJjqD,EACZ,OAAO+oD,EAAKiB,GAAgBjB,EAAKkB,IAC5BlB,EAAKiB,KAAkBjB,EAAKkB,IAAiBF,EAAM/qD,IAAM+qD,EAAM/pD,EACxE,CAQA,SAASkqD,GAAWz5C,EAAGs4C,EAAMl6C,GAKzB,MAAM47B,EAAIh6B,EAAEgL,KAAK5M,GACjB,IAAIU,EAAIV,GAAK,EACb,KAAOU,GAAKkB,EAAE05C,WAEN56C,EAAIkB,EAAE05C,UACZL,GAAQf,EAAMt4C,EAAEgL,KAAKlM,EAAI,GAAIkB,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,QACpCx6C,KAGAu6C,GAAQf,EAAMte,EAAGh6B,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,SAKlCt5C,EAAEgL,KAAK5M,GAAK4B,EAAEgL,KAAKlM,GACnBV,EAAIU,EAGJA,IAAM,EAEVkB,EAAEgL,KAAK5M,GAAK47B,CAChB,CASA,SAAS2f,GAAe35C,EAAG45C,EAAOC,GAK9B,IAAI9B,EACA+B,EAEAtB,EACAuB,EAFAC,EAAK,EAIT,GAAmB,IAAfh6C,EAAEk5C,SACF,GACInB,EAAO/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,IAAW,EAAIh6C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,EAAS,GAC/EF,EAAK95C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQF,GAC7BA,IAEa,IAATjC,EACAM,GAAUr4C,EAAG85C,EAAIF,IAIjBpB,EAAO5B,GAAakD,GACpBzB,GAAUr4C,EAAGw4C,EAAO/C,GAAW,EAAGmE,GAClCG,EAAQ1D,GAAYmC,GACN,IAAVuB,IACAD,GAAMhD,GAAY0B,GAClBN,GAAUl4C,EAAG85C,EAAIC,IAErBhC,IACAS,EAAOV,GAAOC,GAGdM,GAAUr4C,EAAGw4C,EAAMqB,GACnBE,EAAQzD,GAAYkC,GACN,IAAVuB,IACAhC,GAAQhB,GAAUyB,GAClBN,GAAUl4C,EAAG+3C,EAAMgC,WAQtBC,EAAKh6C,EAAEk5C,UAGpBb,GAAUr4C,EAAGi2C,GAAW2D,EAC5B,CAWA,SAASO,GAAWn6C,EAAGo6C,GAInB,MAAM9B,EAAW8B,EAAKzC,SAChB0C,EAAWD,EAAKxC,UAAUX,YAC1BK,EAAY8C,EAAKxC,UAAUN,UAC3BF,EAAWgD,EAAKxC,UAAUR,MAChC,IAAI7oD,EAAGgB,EAEHq6C,EADAiO,GAAY,EAUhB,IAHA73C,EAAE05C,SAAW,EACb15C,EAAEs6C,SAAWzE,GAERtnD,EAAI,EAAGA,EAAI6oD,EAAO7oD,IACU,IAAzB+pD,EAAS,EAAJ/pD,IACLyR,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAWtpD,EAClCyR,EAAEs5C,MAAM/qD,GAAK,GAGb+pD,EAAS,EAAJ/pD,EAAQ,GAAa,EASlC,KAAOyR,EAAE05C,SAAW,GAChB9P,EAAO5pC,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAW,IAAMA,EAAW,EAC1DS,EAAY,EAAP1O,GAAqB,EAC1B5pC,EAAEs5C,MAAM1P,GAAQ,EAChB5pC,EAAEg5C,UAEE1B,IACAt3C,EAAEi5C,YAAcoB,EAAa,EAAPzQ,EAAW,IASzC,IALAwQ,EAAKvC,SAAWA,EAKXtpD,EAAIyR,EAAE05C,UAAY,EAAanrD,GAAK,EAAGA,IACxCkrD,GAAWz5C,EAAGs4C,EAAM/pD,GAMxBq7C,EAAOwN,EACP,GAGI7oD,EAAIyR,EAAEgL,KAAK,GACXhL,EAAEgL,KAAK,GAAiBhL,EAAEgL,KAAKhL,EAAE05C,YACjCD,GAAWz5C,EAAGs4C,EAAM,GAGpB/oD,EAAIyQ,EAAEgL,KAAK,GAEXhL,EAAEgL,OAAOhL,EAAEs6C,UAAY/rD,EACvByR,EAAEgL,OAAOhL,EAAEs6C,UAAY/qD,EAGvB+oD,EAAY,EAAP1O,GAAqB0O,EAAS,EAAJ/pD,GAAkB+pD,EAAS,EAAJ/oD,GACtDyQ,EAAEs5C,MAAM1P,IAAS5pC,EAAEs5C,MAAM/qD,IAAMyR,EAAEs5C,MAAM/pD,GAAKyQ,EAAEs5C,MAAM/qD,GAAKyR,EAAEs5C,MAAM/pD,IAAM,EACvE+oD,EAAS,EAAJ/pD,EAAQ,GAAa+pD,EAAS,EAAJ/oD,EAAQ,GAAaq6C,EAGpD5pC,EAAEgL,KAAK,GAAiB4+B,IACxB6P,GAAWz5C,EAAGs4C,EAAM,SAEft4C,EAAE05C,UAAY,GAEvB15C,EAAEgL,OAAOhL,EAAEs6C,UAAYt6C,EAAEgL,KAAK,GApflC,SAAoBhL,EAAGo6C,GAInB,MAAM9B,EAAkB8B,EAAKzC,SACvBE,EAAkBuC,EAAKvC,SACvBwC,EAAkBD,EAAKxC,UAAUX,YACjCK,EAAkB8C,EAAKxC,UAAUN,UACjCyC,EAAkBK,EAAKxC,UAAUV,WACjCqD,EAAkBH,EAAKxC,UAAUT,WACjCE,EAAkB+C,EAAKxC,UAAUP,WACvC,IAAI/4C,EACA/P,EAAGgB,EACHmR,EACA85C,EACA3zB,EACA4zB,EAAW,EAEf,IAAK/5C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7BV,EAAE04C,SAASh4C,GAAQ,EAQvB,IAFA43C,EAA0B,EAArBt4C,EAAEgL,KAAKhL,EAAEs6C,UAAgB,GAAa,EAEtCh8C,EAAI0B,EAAEs6C,SAAW,EAAGh8C,EAAIu3C,GAAWv3C,IACpC/P,EAAIyR,EAAEgL,KAAK1M,GACXoC,EAAO43C,EAA+B,EAA1BA,EAAS,EAAJ/pD,EAAQ,GAAiB,GAAa,EACnDmS,EAAO22C,IACP32C,EAAO22C,EACPoD,KAEJnC,EAAS,EAAJ/pD,EAAQ,GAAamS,EAGtBnS,EAAIspD,IAIR73C,EAAE04C,SAASh4C,KACX85C,EAAQ,EACJjsD,GAAKgsD,IACLC,EAAQT,EAAMxrD,EAAIgsD,IAEtB1zB,EAAIyxB,EAAS,EAAJ/pD,GACTyR,EAAEg5C,SAAWnyB,GAAKnmB,EAAO85C,GACrBlD,IACAt3C,EAAEi5C,YAAcpyB,GAAKwzB,EAAU,EAAJ9rD,EAAQ,GAAaisD,KAGxD,GAAiB,IAAbC,EAAJ,CAQA,EAAG,CAEC,IADA/5C,EAAO22C,EAAa,EACQ,IAArBr3C,EAAE04C,SAASh4C,IACdA,IAEJV,EAAE04C,SAASh4C,KACXV,EAAE04C,SAASh4C,EAAO,IAAM,EACxBV,EAAE04C,SAASrB,KAIXoD,GAAY,QACPA,EAAW,GAOpB,IAAK/5C,EAAO22C,EAAqB,IAAT32C,EAAYA,IAEhC,IADAnS,EAAIyR,EAAE04C,SAASh4C,GACF,IAANnS,GACHgB,EAAIyQ,EAAEgL,OAAO1M,GACT/O,EAAIsoD,IAGJS,EAAS,EAAJ/oD,EAAQ,KAAemR,IAE5BV,EAAEg5C,UAAYt4C,EAAO43C,EAAS,EAAJ/oD,EAAQ,IAAc+oD,EAAS,EAAJ/oD,GACrD+oD,EAAS,EAAJ/oD,EAAQ,GAAamR,GAE9BnS,KAGZ,CA2ZImsD,CAAW16C,EAAGo6C,GAGd3B,GAAUH,EAAMT,EAAU73C,EAAE04C,SAChC,CAOA,SAASiC,GAAU36C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IANgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAEhB1C,EAAsB,GAAhBT,EAAW,GAAS,GAAa,MAElCtpD,EAAI,EAAGA,GAAKspD,EAAUtpD,IACvBqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,KAEvBq3B,EAAQm1B,GAAaH,IAAWE,IAG3Bl1B,EAAQo1B,EACfh7C,EAAE+4C,QAAiB,EAAT6B,IAAwBh1B,EAEhB,IAAXg1B,GAEHA,IAAWC,GACX76C,EAAE+4C,QAAiB,EAAT6B,KAEd56C,EAAE+4C,QAAkB,EAAV7C,OAEHtwB,GAAS,GAChB5lB,EAAE+4C,QAAoB,EAAZ5C,MAGVn2C,EAAE+4C,QAAsB,EAAd3C,MAGdxwB,EAAQ,EACRi1B,EAAUD,EAEM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CAOA,SAASC,GAAUj7C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IALgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAGXzsD,EAAI,EAAGA,GAAKspD,EAAUtpD,IAIvB,GAHAqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,OAEvBq3B,EAAQm1B,GAAaH,IAAWE,GAAtC,CAGO,GAAIl1B,EAAQo1B,EACf,GACI3C,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,eACN,KAAVnzB,QAEO,IAAXg1B,GACHA,IAAWC,IACXxC,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,SACvBnzB,KAGJyyB,GAAUr4C,EAAGk2C,GAASl2C,EAAE+4C,SACxBb,GAAUl4C,EAAG4lB,EAAQ,EAAG,IAEjBA,GAAS,IAChByyB,GAAUr4C,EAAGm2C,GAAWn2C,EAAE+4C,SAC1Bb,GAAUl4C,EAAG4lB,EAAQ,EAAG,KAGxByyB,GAAUr4C,EAAGo2C,GAAap2C,EAAE+4C,SAC5Bb,GAAUl4C,EAAG4lB,EAAQ,GAAI,IAG7BA,EAAQ,EACRi1B,EAAUD,EACM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CA1vBAnpD,GAAKklD,IA82BL,IAAImE,IAAmB,EAKvB,SAASC,GAASn7C,GAETk7C,MApnBT,WACI,IAAI3sD,EACAmS,EACApd,EACAk1D,EACAT,EACJ,MAAMW,EAAe32D,MAAM+zD,GAAW,GAiBtC,IADAxyD,EAAS,EACJk1D,EAAO,EAAGA,EAAOhD,GAAe,EAAGgD,IAEpC,IADA1B,GAAY0B,GAAQl1D,EACfiL,EAAI,EAAGA,EAAI,GAAK8nD,GAAYmC,GAAOjqD,IACpCqoD,GAAatzD,KAAYk1D,EAYjC,IAJA5B,GAAatzD,EAAS,GAAKk1D,EAG3BT,EAAO,EACFS,EAAO,EAAGA,EAAO,GAAIA,IAEtB,IADAzB,GAAUyB,GAAQT,EACbxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAOjqD,IACpCooD,GAAWoB,KAAUS,EAK7B,IADAT,IAAS,EACFS,EAAO7C,GAAS6C,IAEnB,IADAzB,GAAUyB,GAAQT,GAAQ,EACrBxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAQ,EAAGjqD,IACxCooD,GAAW,IAAMoB,KAAUS,EAMnC,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bg4C,EAASh4C,GAAQ,EAIrB,IADAnS,EAAI,EACGA,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KASb,IAHAD,GAAUhC,GAAcf,GAAU,EAAGgD,GAGhCnqD,EAAI,EAAGA,EAAIonD,GAASpnD,IACrBmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCmoD,GAAiB,EAAJnoD,GAAkBgqD,GAAWhqD,EAAG,GAIjDgpD,GAAgB,IAAIP,GAAeP,GAAcJ,GAAaZ,GAAW,EAAGC,GAASI,IACrF0B,GAAgB,IAAIR,GAAeN,GAAcJ,GAAa,EAAYX,GAASG,IACnF2B,GAAiB,IAAIT,MAA6BT,GAAc,EAAWX,GAAUI,GAGzF,CAmhBQoF,GACAF,IAAmB,GAGvBl7C,EAAEq7C,OAAU,IAAI3D,GAAS13C,EAAE64C,UAAWtB,IACtCv3C,EAAEs7C,OAAU,IAAI5D,GAAS13C,EAAE84C,UAAWtB,IACtCx3C,EAAEu7C,QAAU,IAAI7D,GAAS13C,EAAE+4C,QAAStB,IAEpCz3C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,EAGbS,GAAW54C,EACf,CAMA,SAASw7C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAM1C23C,GAAUl4C,GAAIq1C,IAAgB,IAAM90C,EAAO,EAAI,GAAI,GAhgBvD,SAAoBP,EAAGqD,EAAKnR,EAAKsU,GAM7B4yC,GAAUp5C,GAENwG,IACAwxC,GAAUh4C,EAAG9N,GACb8lD,GAAUh4C,GAAI9N,IAKlBwpD,GAAe17C,EAAEi4C,YAAaj4C,EAAE27C,OAAQt4C,EAAKnR,EAAK8N,EAAEspB,SACpDtpB,EAAEspB,SAAWp3B,CACjB,CAgfI0pD,CAAW57C,EAAGqD,EAAKo4C,GAAY,EACnC,CAOA,SAASI,GAAU77C,GACfk4C,GAAUl4C,EAAGs1C,IAAgB,EAAG,GAChC+C,GAAUr4C,EAAGi2C,GAAWQ,IAl0B5B,SAAkBz2C,GACK,KAAfA,EAAEm4C,UACFH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,GAENn4C,EAAEm4C,UAAY,IACrBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAwB,IAAXtpB,EAAEo4C,OAC/Bp4C,EAAEo4C,SAAW,EACbp4C,EAAEm4C,UAAY,EAEtB,CAwzBI2D,CAAS97C,EACb,CAOA,SAAS+7C,GAAgB/7C,EAAGqD,EAAKo4C,EAAYl7C,GAMzC,IAAIy7C,EAAUC,EACVC,EAAc,EAGdl8C,EAAEm8C,MAAQ,GAGNn8C,EAAEo8C,KAAKC,YAAclH,KACrBn1C,EAAEo8C,KAAKC,UApGnB,SAA0Br8C,GAKtB,IACIzR,EADA+tD,EAAa,WAIjB,IAAK/tD,EAAI,EAAGA,GAAK,GAAIA,IAAK+tD,KAAgB,EACtC,GAAiB,EAAbA,GAAkD,IAAhCt8C,EAAE64C,UAAc,EAAJtqD,GAC9B,OAAO0mD,GAKf,GAAoC,IAAhCj1C,EAAE64C,UAAU,KAA0D,IAAjC74C,EAAE64C,UAAU,KAClB,IAAjC74C,EAAE64C,UAAU,IACV,OAAO3D,GAEX,IAAK3mD,EAAI,GAAIA,EAAIknD,GAAUlnD,IACvB,GAAoC,IAAhCyR,EAAE64C,UAAc,EAAJtqD,GACZ,OAAO2mD,GAOf,OAAOD,EACX,CAsE+BsH,CAAiBv8C,IAIxCm6C,GAAWn6C,EAAGA,EAAEq7C,QAIhBlB,GAAWn6C,EAAGA,EAAEs7C,QAUhBY,EAlMR,SAAuBl8C,GACnB,IAAIk8C,EAgBJ,IAbAvB,GAAU36C,EAAGA,EAAE64C,UAAW74C,EAAEq7C,OAAOxD,UACnC8C,GAAU36C,EAAGA,EAAE84C,UAAW94C,EAAEs7C,OAAOzD,UAGnCsC,GAAWn6C,EAAGA,EAAEu7C,SASXW,EAActG,GAAW,EAAGsG,GAAe,GACa,IAArDl8C,EAAE+4C,QAAgC,EAAxBvC,GAAS0F,GAAmB,GADKA,KAUnD,OAJAl8C,EAAEg5C,SAAW,GAAKkD,EAAc,GAAK,EAAI,EAAI,EAItCA,CACX,CAsKsBM,CAAcx8C,GAG5Bg8C,EAAWh8C,EAAEg5C,QAAU,EAAI,IAAM,EACjCiD,EAAcj8C,EAAEi5C,WAAa,EAAI,IAAM,EAMnCgD,GAAeD,IACfA,EAAWC,IAKfD,EAAWC,EAAcR,EAAa,EAGtCA,EAAa,GAAKO,IAAqB,IAAT34C,EAS9Bm4C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAE9BP,EAAEy8C,WAAazH,IAAWiH,IAAgBD,GAEjD9D,GAAUl4C,GAAIs1C,IAAgB,IAAM/0C,EAAO,EAAI,GAAI,GACnDo5C,GAAe35C,EAAGy2C,GAAcC,MAGhCwB,GAAUl4C,GAAIu1C,IAAa,IAAMh1C,EAAO,EAAI,GAAI,GAlMxD,SAAwBP,EAAG08C,EAAQC,EAAQC,GAIvC,IAAIC,EASJ,IAHA3E,GAAUl4C,EAAG08C,EAAS,IAAK,GAC3BxE,GAAUl4C,EAAG28C,EAAS,EAAK,GAC3BzE,GAAUl4C,EAAG48C,EAAU,EAAI,GACtBC,EAAO,EAAGA,EAAOD,EAASC,IAE3B3E,GAAUl4C,EAAGA,EAAE+4C,QAAyB,EAAjBvC,GAASqG,GAAY,GAAY,GAI5D5B,GAAUj7C,EAAGA,EAAE64C,UAAW6D,EAAS,GAGnCzB,GAAUj7C,EAAGA,EAAE84C,UAAW6D,EAAS,EAEvC,CA2KQG,CAAe98C,EAAGA,EAAEq7C,OAAOxD,SAAW,EAAG73C,EAAEs7C,OAAOzD,SAAW,EAAGqE,EAAc,GAC9EvC,GAAe35C,EAAGA,EAAE64C,UAAW74C,EAAE84C,YAMrCF,GAAW54C,GAEPO,GACA64C,GAAUp5C,EAIlB,CAMA,SAAS+8C,GAAU/8C,EAAG+3C,EAAM+B,GAmDxB,OA5CA95C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,UAAoBnB,IAAS,EAAI,IAC3D/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,SAAe,GAAY,IAAPnB,EAE9C/3C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQl6C,EAAEk5C,UAAiB,IAALY,EACtC95C,EAAEk5C,WAEW,IAATnB,EAEA/3C,EAAE64C,UAAe,EAALiB,MAEZ95C,EAAEm5C,UAEFpB,IAKA/3C,EAAE64C,UAA8C,GAAnCjC,GAAakD,GAAMrE,GAAW,MAC3Cz1C,EAAE84C,UAAyB,EAAfhB,GAAOC,OA0BhB/3C,EAAEk5C,WAAal5C,EAAEg9C,YAAc,CAK1C,CCxrCe,SAASC,GAAQC,EAAO75C,EAAKnR,EAAK7M,GAC7C,IAAIipB,EAAa,MAAR4uC,EAAgB,EACrB3uC,EAAK2uC,IAAU,GAAK,MAAQ,EAC5B3uD,EAAI,EAER,KAAe,IAAR2D,GAAW,CAId3D,EAAI2D,EAAM,IAAO,IAAOA,EACxBA,GAAO3D,EAEP,GACI+f,EAAKA,EAAKjL,EAAIhe,KAAQ,EACtBkpB,EAAKA,EAAKD,EAAI,UACP/f,GAEX+f,GAAM,MACNC,GAAM,MAGV,OAAOD,EAAKC,GAAM,GAAI,CAC1B,CCLA,MAAM4uC,GAhBN,WACI,IAAI5+C,EACJ,MAAM6+C,EAAQ,GAEd,IAAK,IAAI7uD,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1BgQ,EAAIhQ,EACJ,IAAK,IAAI6P,EAAI,EAAGA,EAAI,EAAGA,IACnBG,EAAQ,EAAJA,EAAQ,WAAaA,IAAM,EAAIA,IAAM,EAE7C6+C,EAAM7uD,GAAKgQ,EAGf,OAAO6+C,CACX,CAGiBC,GAGF,SAASC,GAAMv2C,EAAK1D,EAAKnR,EAAK7M,GACzC,MAAM+a,EAAI+8C,GACNzvD,EAAMrI,EAAM6M,EAEhB6U,IAAQ,EAER,IAAK,IAAI5hB,EAAIE,EAAKF,EAAIuI,EAAKvI,IACvB4hB,EAAMA,IAAQ,EAAI3G,EAAmB,KAAhB2G,EAAM1D,EAAIle,KAGnC,OAAc,EAAP4hB,CACX,CCnCA,OAAe,CACX,EAAQ,kBACR,EAAQ,aACR,EAAQ,GACR,KAAQ,aACR,KAAQ,eACR,KAAQ,aACR,KAAQ,sBACR,KAAQ,eACR,KAAQ,wBCwBZ,MAAMw2C,GAAgB,EAsBhBC,GAAY,EACZ3G,GAAY,IACZ4G,GAAiB5G,GAAY2G,GAAY,EAEzCE,GAAc,GAEdC,GAAa,GACbC,GAAc,GACdC,GAAa,GACbC,GAAgB,GAChBC,GAAa,IACbC,GAAa,IACbC,GAAe,IAEfC,GAAe,EACfC,GAAgB,EAChBC,GAAoB,EACpBC,GAAiB,EAEjBC,GAAU,EAEhB,SAAS/a,GAAI6Y,EAAMmC,GAEjB,OADAnC,EAAK50B,IAAMA,GAAI+2B,GACRA,CACT,CAEA,SAAS1B,GAAKh2B,GACZ,OAAQ,GAAO,IAAM,EAAM,EAAI,EAAI,EACrC,CAEA,SAASh1B,GAAKwR,GAAO,IAAInR,EAAMmR,EAAI/f,OAAQ,OAAS4O,GAAO,GAAKmR,EAAInR,GAAO,EAS3E,SAASssD,GAAcpC,GACrB,MAAMp8C,EAAIo8C,EAAK9qB,MAGf,IAAIp/B,EAAM8N,EAAEspB,QACRp3B,EAAMkqD,EAAKqC,YACbvsD,EAAMkqD,EAAKqC,WAED,IAARvsD,IAEJwpD,GAAeU,EAAKpwD,OAAQgU,EAAEi4C,YAAaj4C,EAAE0+C,YAAaxsD,EAAKkqD,EAAKuC,UACpEvC,EAAKuC,UAAYzsD,EACjB8N,EAAE0+C,aAAexsD,EACjBkqD,EAAKwC,WAAa1sD,EAClBkqD,EAAKqC,WAAavsD,EAClB8N,EAAEspB,SAAWp3B,EACK,IAAd8N,EAAEspB,UACJtpB,EAAE0+C,YAAc,GAEpB,CAGA,SAASG,GAAiB7+C,EAAGO,GAC3Bu+C,GAAsB9+C,EAAIA,EAAE++C,aAAe,EAAI/+C,EAAE++C,aAAe,EAAI/+C,EAAEg/C,SAAWh/C,EAAE++C,YAAax+C,GAChGP,EAAE++C,YAAc/+C,EAAEg/C,SAClBR,GAAcx+C,EAAEo8C,KAClB,CAGA,SAAS6C,GAASj/C,EAAG5P,GACnB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAal5B,CAC/B,CAQA,SAAS8uD,GAAYl/C,EAAG5P,GAGtB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAcl5B,IAAM,EAAK,IACzC4P,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJl5B,CAC/B,CAUA,SAAS+uD,GAAS/C,EAAM/4C,EAAKvd,EAAOoB,GAClC,IAAIgL,EAAMkqD,EAAKgD,SAGf,OADIltD,EAAMhL,IAAQgL,EAAMhL,GACZ,IAARgL,EAAoB,GAExBkqD,EAAKgD,UAAYltD,EAGjBwpD,GAAer4C,EAAK+4C,EAAK55D,MAAO45D,EAAKiD,QAASntD,EAAKpM,GAC3B,IAApBs2D,EAAK9qB,MAAMub,KACbuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAO75C,EAAKnR,EAAKpM,GAGhB,IAApBs2D,EAAK9qB,MAAMub,OAClBuP,EAAKc,MAAQI,GAAMlB,EAAKc,MAAO75C,EAAKnR,EAAKpM,IAG3Cs2D,EAAKiD,SAAWntD,EAChBkqD,EAAKkD,UAAYptD,EAEVA,EACT,CAYA,SAASqtD,GAAcv/C,EAAGw/C,GACxB,IAEI/4C,EACAvU,EAHAutD,EAAez/C,EAAE0/C,iBACjBC,EAAO3/C,EAAEg/C,SAGTY,EAAW5/C,EAAE6/C,YACbC,EAAa9/C,EAAE8/C,WACnB,MAAMC,EAAS//C,EAAEg/C,SAAYh/C,EAAEggD,OAASvC,GACtCz9C,EAAEg/C,UAAYh/C,EAAEggD,OAASvC,IAAiB,EAEtCwC,EAAOjgD,EAAE27C,OAETuE,EAAQlgD,EAAEmgD,OACV11D,EAAOuV,EAAEvV,KAMT21D,EAASpgD,EAAEg/C,SAAWnI,GAC5B,IAAIwJ,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,GAQvB5/C,EAAE6/C,aAAe7/C,EAAEugD,aACrBd,IAAiB,GAKfK,EAAa9/C,EAAEwgD,YAAaV,EAAa9/C,EAAEwgD,WAI/C,GAaE,GAXA/5C,EAAQ+4C,EAWJS,EAAKx5C,EAAQm5C,KAAcU,GAC7BL,EAAKx5C,EAAQm5C,EAAW,KAAOS,GAC/BJ,EAAKx5C,KAAWw5C,EAAKN,IACrBM,IAAOx5C,KAAWw5C,EAAKN,EAAO,GAHhC,CAaAA,GAAQ,EACRl5C,IAMA,UAESw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACnEw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACxDk5C,EAAOS,GAOT,GAHAluD,EAAM2kD,IAAauJ,EAAST,GAC5BA,EAAOS,EAASvJ,GAEZ3kD,EAAM0tD,EAAU,CAGlB,GAFA5/C,EAAEygD,YAAcjB,EAChBI,EAAW1tD,EACPA,GAAO4tD,EACT,MAEFO,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,YAEjBJ,EAAY/0D,EAAK+0D,EAAYU,IAAUH,GAA4B,KAAjBN,GAE5D,OAAIG,GAAY5/C,EAAEwgD,UACTZ,EAEF5/C,EAAEwgD,SACX,CAaA,SAASE,GAAY1gD,GACnB,MAAM2gD,EAAU3gD,EAAEggD,OAClB,IAAIzrC,EAAGhmB,EAAGgB,EAAGqxD,EAAMniD,EAInB,EAAG,CAqBD,GApBAmiD,EAAO5gD,EAAE6gD,YAAc7gD,EAAEwgD,UAAYxgD,EAAEg/C,SAoBnCh/C,EAAEg/C,UAAY2B,GAAWA,EAAUlD,IAAgB,CAErD/B,GAAe17C,EAAE27C,OAAQ37C,EAAE27C,OAAQgF,EAASA,EAAS,GACrD3gD,EAAEygD,aAAeE,EACjB3gD,EAAEg/C,UAAY2B,EAEd3gD,EAAE++C,aAAe4B,EASjBpyD,EAAIyR,EAAE8gD,UACNvsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAE+gD,OAAOxsC,GACbvU,EAAE+gD,KAAKxsC,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UACjCpyD,GAEXA,EAAIoyD,EACJpsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAEvV,OAAO8pB,GACbvU,EAAEvV,KAAK8pB,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UAIjCpyD,GAEXqyD,GAAQD,EAEV,GAAwB,IAApB3gD,EAAEo8C,KAAKgD,SACT,MAmBF,GAJA7wD,EAAI4wD,GAASn/C,EAAEo8C,KAAMp8C,EAAE27C,OAAQ37C,EAAEg/C,SAAWh/C,EAAEwgD,UAAWI,GACzD5gD,EAAEwgD,WAAajyD,EAGXyR,EAAEwgD,UAAYxgD,EAAEghD,QAAUxD,GAS5B,IARA/+C,EAAMuB,EAAEg/C,SAAWh/C,EAAEghD,OACrBhhD,EAAEihD,MAAQjhD,EAAE27C,OAAOl9C,GAGnBuB,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM,IAAMuB,EAAEmhD,UAIvDnhD,EAAEghD,SAEPhhD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAClCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,IACAuB,EAAEghD,WACEhhD,EAAEwgD,UAAYxgD,EAAEghD,OAASxD,cAS1Bx9C,EAAEwgD,UAAY/C,IAAqC,IAApBz9C,EAAEo8C,KAAKgD,SAsCjD,CA6GA,SAASgC,GAAaphD,EAAGqhD,GACvB,IAAIC,EACAC,EAEJ,OAAU,CAMR,GAAIvhD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MA2BJ,GApBAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAOJ,IAAdsC,GAA4BthD,EAAEg/C,SAAWsC,GAAethD,EAAEggD,OAASvC,KAKrEz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,IAGhCthD,EAAEwhD,cAAgBhE,GAYpB,GAPA+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAWh/C,EAAEygD,YAAazgD,EAAEwhD,aAAehE,IAEzEx9C,EAAEwgD,WAAaxgD,EAAEwhD,aAKbxhD,EAAEwhD,cAAgBxhD,EAAE0hD,gBAAuC1hD,EAAEwgD,WAAahD,GAAW,CACvFx9C,EAAEwhD,eACF,GACExhD,EAAEg/C,WAEFh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,eAKQ,KAAnBh/C,EAAEwhD,cACbxhD,EAAEg/C,gBAEFh/C,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,EACjBxhD,EAAEihD,MAAQjhD,EAAE27C,OAAO37C,EAAEg/C,UAErBh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAAMh/C,EAAEmhD,eAavEI,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WAEJ,GAAIuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAWhhD,EAAEg/C,SAAYxB,GAAY,EAAMx9C,EAAEg/C,SAAWxB,GAAY,EAClE6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAOA,SAASwD,GAAa3hD,EAAGqhD,GACvB,IAAIC,EACAC,EAEAK,EAGJ,OAAU,CAMR,GAAI5hD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MA0C3B,GApCAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAMtBh/C,EAAE6/C,YAAc7/C,EAAEwhD,aAClBxhD,EAAE6hD,WAAa7hD,EAAEygD,YACjBzgD,EAAEwhD,aAAehE,GAAY,EAEX,IAAd8D,GAA0BthD,EAAE6/C,YAAc7/C,EAAE0hD,gBAC9C1hD,EAAEg/C,SAAWsC,GAActhD,EAAEggD,OAASvC,KAKtCz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,GAG9BthD,EAAEwhD,cAAgB,IACnBxhD,EAAEy8C,WAAa5H,IAAe70C,EAAEwhD,eAAiBhE,IAAax9C,EAAEg/C,SAAWh/C,EAAEygD,YAAc,QAK5FzgD,EAAEwhD,aAAehE,GAAY,IAM7Bx9C,EAAE6/C,aAAerC,IAAax9C,EAAEwhD,cAAgBxhD,EAAE6/C,YAAa,CACjE+B,EAAa5hD,EAAEg/C,SAAWh/C,EAAEwgD,UAAYhD,GAOxC+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAW,EAAIh/C,EAAE6hD,WAAY7hD,EAAE6/C,YAAcrC,IAM3Ex9C,EAAEwgD,WAAaxgD,EAAE6/C,YAAc,EAC/B7/C,EAAE6/C,aAAe,EACjB,KACQ7/C,EAAEg/C,UAAY4C,IAElB5hD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,gBAGK,KAAlBh/C,EAAE6/C,aAKb,GAJA7/C,EAAE8hD,gBAAkB,EACpB9hD,EAAEwhD,aAAehE,GAAY,EAC7Bx9C,EAAEg/C,WAEEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,QAKN,GAAIl+C,EAAE8hD,iBAgBX,GATAP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAEjDuC,GAEF1C,GAAiB7+C,GAAG,GAGtBA,EAAEg/C,WACFh/C,EAAEwgD,YACuB,IAArBxgD,EAAEo8C,KAAKqC,UACT,OAAOP,QAMTl+C,EAAE8hD,gBAAkB,EACpB9hD,EAAEg/C,WACFh/C,EAAEwgD,YAYN,OARIxgD,EAAE8hD,kBAGJP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAErDh/C,EAAE8hD,gBAAkB,GAEtB9hD,EAAEghD,OAAShhD,EAAEg/C,SAAWxB,GAAY,EAAIx9C,EAAEg/C,SAAWxB,GAAY,EAC7D6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAKJC,EACT,CAgKA,MAAM4D,GACJ//D,YAAYggE,EAAaC,EAAUC,EAAaC,EAAWC,GACzDlgE,KAAK8/D,YAAcA,EACnB9/D,KAAK+/D,SAAWA,EAChB//D,KAAKggE,YAAcA,EACnBhgE,KAAKigE,UAAYA,EACjBjgE,KAAKkgE,KAAOA,GAIhB,MAAMC,GAAsB,CAE1B,IAAIN,GAAO,EAAG,EAAG,EAAG,GAviBtB,SAAwB/hD,EAAGqhD,GAIzB,IAAIiB,EAAiB,MAOrB,IALIA,EAAiBtiD,EAAEuiD,iBAAmB,IACxCD,EAAiBtiD,EAAEuiD,iBAAmB,KAI9B,CAER,GAAIviD,EAAEwgD,WAAa,EAAG,CAUpB,GADAE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAmBa,IAAUtN,GACjC,OAAOmK,GAGT,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MAOJxgD,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAEwgD,UAAY,EAGd,MAAMgC,EAAYxiD,EAAE++C,YAAcuD,EAElC,IAAmB,IAAftiD,EAAEg/C,UAAkBh/C,EAAEg/C,UAAYwD,KAEpCxiD,EAAEwgD,UAAYxgD,EAAEg/C,SAAWwD,EAC3BxiD,EAAEg/C,SAAWwD,EAEb3D,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GASX,GAAIl+C,EAAEg/C,SAAWh/C,EAAE++C,aAAgB/+C,EAAEggD,OAASvC,KAE5CoB,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAQb,OAFAl+C,EAAEghD,OAAS,EAEPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,KAGLr+C,EAAEg/C,SAAWh/C,EAAE++C,cAEjBF,GAAiB7+C,GAAG,GAChBA,EAAEo8C,KAAKqC,WACFP,GAMb,IA+cE,IAAI6D,GAAO,EAAG,EAAG,EAAG,EAAGX,IACvB,IAAIW,GAAO,EAAG,EAAG,GAAI,EAAGX,IACxB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIX,IAEzB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIJ,IACzB,IAAII,GAAO,EAAG,GAAI,GAAI,GAAIJ,IAC1B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,IAC/B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,KA6BjC,MAAMc,GACJzgE,cACEE,KAAKk6D,KAAO,KACZl6D,KAAKwgE,OAAS,EACdxgE,KAAK+1D,YAAc,KACnB/1D,KAAKqgE,iBAAmB,EACxBrgE,KAAKw8D,YAAc,EACnBx8D,KAAKonC,QAAU,EACfpnC,KAAK2qD,KAAO,EACZ3qD,KAAKygE,OAAS,KACdzgE,KAAK0gE,QAAU,EACf1gE,KAAK2gE,OAASzN,GACdlzD,KAAK4gE,YAAc,EAEnB5gE,KAAK89D,OAAS,EACd99D,KAAK6gE,OAAS,EACd7gE,KAAKi+D,OAAS,EAEdj+D,KAAKy5D,OAAS,KAQdz5D,KAAK2+D,YAAc,EAKnB3+D,KAAKuI,KAAO,KAMZvI,KAAK6+D,KAAO,KAEZ7+D,KAAK++D,MAAQ,EACb/+D,KAAK4+D,UAAY,EACjB5+D,KAAK8gE,UAAY,EACjB9gE,KAAKi/D,UAAY,EAEjBj/D,KAAKg/D,WAAa,EAOlBh/D,KAAK68D,YAAc,EAKnB78D,KAAKs/D,aAAe,EACpBt/D,KAAK2/D,WAAa,EAClB3/D,KAAK4/D,gBAAkB,EACvB5/D,KAAK88D,SAAW,EAChB98D,KAAKu+D,YAAc,EACnBv+D,KAAKs+D,UAAY,EAEjBt+D,KAAK29D,YAAc,EAKnB39D,KAAKw9D,iBAAmB,EAMxBx9D,KAAKw/D,eAAiB,EAYtBx/D,KAAKi6D,MAAQ,EACbj6D,KAAKu6D,SAAW,EAEhBv6D,KAAKq+D,WAAa,EAGlBr+D,KAAK49D,WAAa,EAYlB59D,KAAK22D,UAAa,IAAIoK,GAAYpN,MAClC3zD,KAAK42D,UAAa,IAAImK,GAAY,KAClC/gE,KAAK62D,QAAa,IAAIkK,GAAY,IAClCpxD,GAAK3P,KAAK22D,WACVhnD,GAAK3P,KAAK42D,WACVjnD,GAAK3P,KAAK62D,SAEV72D,KAAKm5D,OAAW,KAChBn5D,KAAKo5D,OAAW,KAChBp5D,KAAKq5D,QAAW,KAGhBr5D,KAAKw2D,SAAW,IAAIuK,GAAYnN,IAIhC5zD,KAAK8oB,KAAO,IAAIi4C,GAAY,KAC5BpxD,GAAK3P,KAAK8oB,MAEV9oB,KAAKw3D,SAAW,EAChBx3D,KAAKo4D,SAAW,EAKhBp4D,KAAKo3D,MAAQ,IAAI2J,GAAY,KAC7BpxD,GAAK3P,KAAKo3D,OAIVp3D,KAAKg4D,MAAQ,EAEbh4D,KAAK86D,YAAc,EAoBnB96D,KAAKg3D,SAAW,EAEhBh3D,KAAK+3D,MAAQ,EAMb/3D,KAAK82D,QAAU,EACf92D,KAAK+2D,WAAa,EAClB/2D,KAAKi3D,QAAU,EACfj3D,KAAK8+D,OAAS,EAGd9+D,KAAKk2D,OAAS,EAIdl2D,KAAKi2D,SAAW,GA6CpB,SAAS+K,GAAa9G,GACpB,MAAMlsC,EA9BR,SAA0BksC,GACxB,IAAIp8C,EAEJ,OAAKo8C,GAASA,EAAK9qB,OAInB8qB,EAAKkD,SAAWlD,EAAKwC,UAAY,EACjCxC,EAAKC,UAAYlH,GAEjBn1C,EAAIo8C,EAAK9qB,MACTtxB,EAAEspB,QAAU,EACZtpB,EAAE0+C,YAAc,EAEZ1+C,EAAE6sC,KAAO,IACX7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAGd7sC,EAAE0iD,OAAU1iD,EAAE6sC,KAAO8Q,GAAaK,GAClC5B,EAAKc,MAAoB,IAAXl9C,EAAE6sC,KACd,EAEA,EACF7sC,EAAE8iD,WAAa/O,GACfoP,GAAenjD,GACRs0C,IArBE/Q,GAAI6Y,EAAM3H,GAsBrB,CAIc2O,CAAiBhH,GAI7B,OAHIlsC,IAAQokC,IAnPd,SAAiBt0C,GACfA,EAAE6gD,YAAc,EAAI7gD,EAAEggD,OAGtBnuD,GAAKmO,EAAE+gD,MAIP/gD,EAAE0hD,eAAiBW,GAAoBriD,EAAEm8C,OAAO8F,SAChDjiD,EAAEugD,WAAa8B,GAAoBriD,EAAEm8C,OAAO6F,YAC5ChiD,EAAE8/C,WAAauC,GAAoBriD,EAAEm8C,OAAO+F,YAC5CliD,EAAE0/C,iBAAmB2C,GAAoBriD,EAAEm8C,OAAOgG,UAElDniD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEwgD,UAAY,EACdxgD,EAAEghD,OAAS,EACXhhD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB9hD,EAAEihD,MAAQ,CACZ,CAgOIoC,CAAQjH,EAAK9qB,OAERphB,CACT,CA6FA,SAASozC,GAAQlH,EAAMiF,GACrB,IAAIkC,EAAWvjD,EACXwjD,EAAKj8B,EAET,IAAK60B,IAASA,EAAK9qB,OACjB+vB,EAAQjN,IAAWiN,EAAQ,EAC3B,OAAOjF,EAAO7Y,GAAI6Y,EAAM3H,IAAkBA,GAK5C,GAFAz0C,EAAIo8C,EAAK9qB,OAEJ8qB,EAAKpwD,SACNowD,EAAK55D,OAA2B,IAAlB45D,EAAKgD,UACpBp/C,EAAE0iD,SAAWzE,IAAgBoD,IAAUlN,GACxC,OAAO5Q,GAAI6Y,EAA0B,IAAnBA,EAAKqC,UAAmB9J,GAAcF,IAQ1D,GALAz0C,EAAEo8C,KAAOA,EACTmH,EAAYvjD,EAAE8iD,WACd9iD,EAAE8iD,WAAazB,EAGXrhD,EAAE0iD,SAAW/E,GAEf,GAAe,IAAX39C,EAAE6sC,KACJuP,EAAKc,MAAQ,EACb+B,GAASj/C,EAAG,IACZi/C,GAASj/C,EAAG,KACZi/C,GAASj/C,EAAG,GACPA,EAAE2iD,QAaL1D,GAASj/C,GAAIA,EAAE2iD,OAAOvqD,KAAO,EAAI,IAC9B4H,EAAE2iD,OAAOc,KAAO,EAAI,IACnBzjD,EAAE2iD,OAAO5I,MAAY,EAAJ,IACjB/5C,EAAE2iD,OAAOt1D,KAAW,EAAJ,IAChB2S,EAAE2iD,OAAOe,QAAc,GAAJ,IAEvBzE,GAASj/C,EAAmB,IAAhBA,EAAE2iD,OAAO1lD,MACrBgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,EAAK,KACnCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAiB,IAAdA,EAAE2iD,OAAOgB,IACjB3jD,EAAE2iD,OAAO5I,OAAS/5C,EAAE2iD,OAAO5I,MAAMz2D,SACnC27D,GAASj/C,EAA2B,IAAxBA,EAAE2iD,OAAO5I,MAAMz2D,QAC3B27D,GAASj/C,EAAIA,EAAE2iD,OAAO5I,MAAMz2D,QAAU,EAAK,MAEzC0c,EAAE2iD,OAAOc,OACXrH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAS,IAE3DtpB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS9E,KAlCXqB,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAGs+C,IACZt+C,EAAE0iD,OAAS1E,QA6Bf,CACE,IAAIx3C,EAAU4uC,IAAep1C,EAAE+iD,OAAS,GAAM,IAAO,EACjDa,GAAe,EAGjBA,EADE5jD,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EAC9B,EACLn8C,EAAEm8C,MAAQ,EACL,EACO,IAAZn8C,EAAEm8C,MACG,EAEA,EAEhB31C,GAAWo9C,GAAe,EACP,IAAf5jD,EAAEg/C,WAAkBx4C,GAAUk3C,IAClCl3C,GAAU,GAAMA,EAAS,GAEzBxG,EAAE0iD,OAAS1E,GACXkB,GAAYl/C,EAAGwG,GAGI,IAAfxG,EAAEg/C,WACJE,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAEtBd,EAAKc,MAAQ,EAKjB,GAAIl9C,EAAE0iD,SAAW9E,GACf,GAAI59C,EAAE2iD,OAAO5I,MAAqB,CAGhC,IAFAyJ,EAAMxjD,EAAEspB,QAEDtpB,EAAE4iD,SAAmC,MAAxB5iD,EAAE2iD,OAAO5I,MAAMz2D,UAC7B0c,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,oBAItBtD,GAASj/C,EAA+B,IAA5BA,EAAE2iD,OAAO5I,MAAM/5C,EAAE4iD,UAC7B5iD,EAAE4iD,UAEA5iD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAE7DxjD,EAAE4iD,UAAY5iD,EAAE2iD,OAAO5I,MAAMz2D,SAC/B0c,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS7E,SAIb79C,EAAE0iD,OAAS7E,GAGf,GAAI79C,EAAE0iD,SAAW7E,GACf,GAAI79C,EAAE2iD,OAAOt1D,KAAoB,CAC/Bm2D,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOt1D,KAAK/J,OACkB,IAAxC0c,EAAE2iD,OAAOt1D,KAAKsR,WAAWqB,EAAE4iD,WAE3B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS5E,SAIb99C,EAAE0iD,OAAS5E,GAGf,GAAI99C,EAAE0iD,SAAW5E,GACf,GAAI99C,EAAE2iD,OAAOe,QAAuB,CAClCF,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOe,QAAQpgE,OACkB,IAA3C0c,EAAE2iD,OAAOe,QAAQ/kD,WAAWqB,EAAE4iD,WAE9B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE0iD,OAAS3E,SAIb/9C,EAAE0iD,OAAS3E,GAsBf,GAnBI/9C,EAAE0iD,SAAW3E,KACX/9C,EAAE2iD,OAAOc,MACPzjD,EAAEspB,QAAU,EAAItpB,EAAEuiD,kBACpB/D,GAAcpC,GAEZp8C,EAAEspB,QAAU,GAAKtpB,EAAEuiD,mBACrBtD,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChCd,EAAKc,MAAQ,EACbl9C,EAAE0iD,OAAS1E,KAIbh+C,EAAE0iD,OAAS1E,IAMG,IAAdh+C,EAAEspB,SAEJ,GADAk1B,GAAcpC,GACS,IAAnBA,EAAKqC,UAQP,OADAz+C,EAAE8iD,YAAc,EACTxO,QAOJ,GAAsB,IAAlB8H,EAAKgD,UAAkBvC,GAAKwE,IAAUxE,GAAK0G,IACpDlC,IAAUlN,GACV,OAAO5Q,GAAI6Y,EAAMzH,IAInB,GAAI30C,EAAE0iD,SAAWzE,IAAkC,IAAlB7B,EAAKgD,SACpC,OAAO7b,GAAI6Y,EAAMzH,IAKnB,GAAsB,IAAlByH,EAAKgD,UAAkC,IAAhBp/C,EAAEwgD,WAC1Ba,IAAUtN,IAAc/zC,EAAE0iD,SAAWzE,GAAe,CACrD,IAAI4F,EAAU7jD,EAAEy8C,WAAa3H,GAvqBjC,SAAsB90C,EAAGqhD,GACvB,IAAIE,EAEJ,OAAU,CAER,GAAoB,IAAhBvhD,EAAEwgD,YACJE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAiB,CACrB,GAAIa,IAAUtN,GACZ,OAAOmK,GAET,MAWJ,GANAl+C,EAAEwhD,aAAe,EAGjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAC1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WACEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAqnBmD2F,CAAa9jD,EAAGqhD,GAC5DrhD,EAAEy8C,WAAa1H,GAvwBtB,SAAqB/0C,EAAGqhD,GACtB,IAAIE,EACA92D,EACAk1D,EAAMS,EAEV,MAAMH,EAAOjgD,EAAE27C,OAEf,OAAU,CAKR,GAAI37C,EAAEwgD,WAAa3J,GAAW,CAE5B,GADA6J,GAAY1gD,GACRA,EAAEwgD,WAAa3J,IAAawK,IAAUtN,GACxC,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MAK3B,GADAxgD,EAAEwhD,aAAe,EACbxhD,EAAEwgD,WAAahD,IAAax9C,EAAEg/C,SAAW,IAC3CW,EAAO3/C,EAAEg/C,SAAW,EACpBv0D,EAAOw1D,EAAKN,GACRl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAAO,CAC3ES,EAASpgD,EAAEg/C,SAAWnI,GACtB,UAESpsD,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAClDl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACvCA,EAAOS,GACTpgD,EAAEwhD,aAAe3K,IAAauJ,EAAST,GACnC3/C,EAAEwhD,aAAexhD,EAAEwgD,YACrBxgD,EAAEwhD,aAAexhD,EAAEwgD,WAyBzB,GAlBIxgD,EAAEwhD,cAAgBhE,IAIpB+D,EAASE,GAAgBzhD,EAAG,EAAGA,EAAEwhD,aAAehE,IAEhDx9C,EAAEwgD,WAAaxgD,EAAEwhD,aACjBxhD,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,IAKjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,YAEAuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CA8qB8B4F,CAAY/jD,EAAGqhD,GACrCgB,GAAoBriD,EAAEm8C,OAAOiG,KAAKpiD,EAAGqhD,GAKzC,GAHIwC,IAAWzF,IAAqByF,IAAWxF,KAC7Cr+C,EAAE0iD,OAASzE,IAET4F,IAAW3F,IAAgB2F,IAAWzF,GAKxC,OAJuB,IAAnBhC,EAAKqC,YACPz+C,EAAE8iD,YAAc,GAGXxO,GAST,GAAIuP,IAAW1F,KACTkD,IAAUrN,GACZgQ,GAAgBhkD,GAETqhD,IAAUjN,KAEjB6P,GAAuBjkD,EAAG,EAAG,GAAG,GAI5BqhD,IAAUnN,KAEZriD,GAAKmO,EAAE+gD,MAEa,IAAhB/gD,EAAEwgD,YACJxgD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,KAIjBxC,GAAcpC,GACS,IAAnBA,EAAKqC,WAEP,OADAz+C,EAAE8iD,YAAc,EACTxO,GAOb,OAAI+M,IAAUlN,GAAmBG,GAC7Bt0C,EAAE6sC,MAAQ,EAAY0H,IAGX,IAAXv0C,EAAE6sC,MACJoS,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAmB,IAAhBo8C,EAAKkD,UACjBL,GAASj/C,EAAIo8C,EAAKkD,UAAY,EAAK,KACnCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,KACpCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,OAGpCJ,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAGtBsB,GAAcpC,GAIVp8C,EAAE6sC,KAAO,IAAK7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAET,IAAd7sC,EAAEspB,QAAgBgrB,GAAOC,GAClC,CChqDA,IACI93C,OAAOsC,aAAaC,KAAM,KAAQ,EACtC,CAAE,MAAOklD,GAET,CACA,IACIznD,OAAOsC,aAAaC,MAAM,KAAM,IAAIja,WAAW,GACnD,CAAE,MAAOm/D,GAET,CAMA,MAAMC,GAAW,IAAIC,GAAW,KAChC,IAAK,IAAI3zD,EAAI,EAAGA,EAAI,IAAKA,IACrB0zD,GAAS1zD,GAAKA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAI,EAMtF,SAAS4zD,GAAY5lD,GACxB,IAAIF,EAAGoR,EAAI20C,EAAOn/D,EAAGo/D,EAAU,EAC/B,MAAMC,EAAU/lD,EAAInb,OAGpB,IAAKghE,EAAQ,EAAGA,EAAQE,EAASF,IAC7B/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGRC,GAAWhmD,EAAI,IAAO,EAAIA,EAAI,KAAQ,EAAIA,EAAI,MAAU,EAAI,EAIhE,MAAM8E,EAAM,IAAI+gD,GAAWG,GAG3B,IAAKp/D,EAAI,EAAGm/D,EAAQ,EAAGn/D,EAAIo/D,EAASD,IAChC/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGJ/lD,EAAI,IAEJ8E,EAAIle,KAAOoZ,EACJA,EAAI,MAEX8E,EAAIle,KAAO,IAAOoZ,IAAM,EACxB8E,EAAIle,KAAO,IAAW,GAAJoZ,GACXA,EAAI,OAEX8E,EAAIle,KAAO,IAAOoZ,IAAM,GACxB8E,EAAIle,KAAO,IAAOoZ,IAAM,EAAI,GAC5B8E,EAAIle,KAAO,IAAW,GAAJoZ,IAGlB8E,EAAIle,KAAO,IAAOoZ,IAAM,GACxB8E,EAAIle,KAAO,IAAOoZ,IAAM,GAAK,GAC7B8E,EAAIle,KAAO,IAAOoZ,IAAM,EAAI,GAC5B8E,EAAIle,KAAO,IAAW,GAAJoZ,GAI1B,OAAO8E,CACX,CAxDA8gD,GAAS,KAAOA,GAAS,KAAO,ECbjB,MAAMM,GACnBziE,cAEEE,KAAKM,MAAQ,KACbN,KAAKm9D,QAAU,EAEfn9D,KAAKk9D,SAAW,EAEhBl9D,KAAKo9D,SAAW,EAEhBp9D,KAAK8J,OAAS,KACd9J,KAAKy8D,SAAW,EAEhBz8D,KAAKu8D,UAAY,EAEjBv8D,KAAK08D,UAAY,EAEjB18D,KAAKslC,IAAM,GAEXtlC,KAAKovC,MAAQ,KAEbpvC,KAAKm6D,UAAY,EAEjBn6D,KAAKg7D,MAAQ,GCiEjB,MAAMwH,GACJ1iE,YAAY+E,GACV7E,KAAK6E,QAAU,CACbo1D,MAAOvH,GACPiO,OAAQzN,GACRuP,UAAW,MACXC,WAAY,GACZC,SAAU,EACVpI,SR/DkC,KQgE9B11D,GAAW,IAGjB,MAAM+9D,EAAM5iE,KAAK6E,QAEb+9D,EAAIC,KAAQD,EAAIF,WAAa,EAC/BE,EAAIF,YAAcE,EAAIF,WAGfE,EAAIE,MAASF,EAAIF,WAAa,GAAOE,EAAIF,WAAa,KAC7DE,EAAIF,YAAc,IAGpB1iE,KAAKqhD,IAAS,EACdrhD,KAAKslC,IAAS,GACdtlC,KAAK+iE,OAAS,EACd/iE,KAAKwxD,OAAS,GAEdxxD,KAAKk6D,KAAO,IAAIqI,GAChBviE,KAAKk6D,KAAKqC,UAAY,EAEtB,IH+nCsBrC,EAAM2E,EG/nCxB2B,EHuoCR,SAAsBtG,EAAMD,EAAO0G,EAAQ+B,EAAYC,EAAUpI,GAC/D,IAAKL,EACH,OAAO3H,GAET,IAAI5H,EAAO,EAiBX,GAfIsP,IAAUvH,KACZuH,EAAQ,GAGNyI,EAAa,GACf/X,EAAO,EACP+X,GAAcA,GAGPA,EAAa,KACpB/X,EAAO,EACP+X,GAAc,IAIZC,EAAW,GAAKA,EAAWtH,IAAiBsF,IAAWzN,IACzDwP,EAAa,GAAKA,EAAa,IAAMzI,EAAQ,GAAKA,EAAQ,GAC1DM,EAAW,GAAKA,EAAWzH,GAC3B,OAAOzR,GAAI6Y,EAAM3H,IAIA,IAAfmQ,IACFA,EAAa,GAIf,MAAM5kD,EAAI,IAAIyiD,GAyCd,OAvCArG,EAAK9qB,MAAQtxB,EACbA,EAAEo8C,KAAOA,EAETp8C,EAAE6sC,KAAOA,EACT7sC,EAAE2iD,OAAS,KACX3iD,EAAE+iD,OAAS6B,EACX5kD,EAAEggD,OAAS,GAAKhgD,EAAE+iD,OAClB/iD,EAAEmgD,OAASngD,EAAEggD,OAAS,EAEtBhgD,EAAEgjD,UAAY6B,EAAW,EACzB7kD,EAAE8gD,UAAY,GAAK9gD,EAAEgjD,UACrBhjD,EAAEmhD,UAAYnhD,EAAE8gD,UAAY,EAC5B9gD,EAAEkhD,eAAiBlhD,EAAEgjD,UAAYxF,GAAY,GAAKA,IAClDx9C,EAAE27C,OAAS,IAAIyI,GAAsB,EAAXpkD,EAAEggD,QAC5BhgD,EAAE+gD,KAAO,IAAIkC,GAAYjjD,EAAE8gD,WAC3B9gD,EAAEvV,KAAO,IAAIw4D,GAAYjjD,EAAEggD,QAK3BhgD,EAAEg9C,YAAc,GAAM6H,EAAW,EAEjC7kD,EAAEuiD,iBAAmC,EAAhBviD,EAAEg9C,YAIvBh9C,EAAEi4C,YAAc,IAAImM,GAAWpkD,EAAEuiD,kBAIjCviD,EAAEi6C,MAAQ,EAAIj6C,EAAEg9C,YAGhBh9C,EAAEk6C,MAAQ,EAAUl6C,EAAEg9C,YAEtBh9C,EAAEm8C,MAAQA,EACVn8C,EAAEy8C,SAAWA,EACbz8C,EAAE6iD,OAASA,EAEJK,GAAa9G,EACtB,CGltCiB8I,CACXhjE,KAAKk6D,KACL0I,EAAI3I,MACJ2I,EAAIjC,OACJiC,EAAIF,WACJE,EAAID,SACJC,EAAIrI,UAGN,GAAIiG,IAAWpO,GACb,MAAUlvD,MAAMoiC,GAAIk7B,IAOtB,GAJIoC,EAAIt+C,SHknCc41C,EGjnCUl6D,KAAKk6D,KHinCT2E,EGjnCe+D,EAAIt+C,OHknC5C41C,GAASA,EAAK9qB,QACK,IAApB8qB,EAAK9qB,MAAMub,OACfuP,EAAK9qB,MAAMqxB,OAAS5B,KGjnCd+D,EAAIK,WAAY,CAClB,IAAIC,EAaJ,GATEA,EAF4B,iBAAnBN,EAAIK,WAENE,GAAmBP,EAAIK,YACrBL,EAAIK,sBAAsB79C,YAC5B,IAAIviB,WAAW+/D,EAAIK,YAEnBL,EAAIK,WAGbzC,EHsiDN,SAA8BtG,EAAM+I,GAClC,IAEInlD,EACAvB,EAAKlQ,EACLs+C,EACAyY,EACAC,EACA/iE,EACAgjE,EARAC,EAAaN,EAAW7hE,OAU5B,IAAK84D,IAAsBA,EAAK9qB,MAC9B,OAAOmjB,GAMT,GAHAz0C,EAAIo8C,EAAK9qB,MACTub,EAAO7sC,EAAE6sC,KAEI,IAATA,GAAwB,IAATA,GAAc7sC,EAAE0iD,SAAW/E,IAAe39C,EAAEwgD,UAC7D,OAAO/L,GAmCT,IA/Ba,IAAT5H,IAEFuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAOiI,EAAYM,EAAY,IAG3DzlD,EAAE6sC,KAAO,EAGL4Y,GAAczlD,EAAEggD,SACL,IAATnT,IAEFh7C,GAAKmO,EAAE+gD,MACP/gD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,GAIbwE,EAAU,IAAIpB,GAAWpkD,EAAEggD,QAC3BtE,GAAe8J,EAASL,EAAYM,EAAazlD,EAAEggD,OAAQhgD,EAAEggD,OAAQ,GACrEmF,EAAaK,EACbC,EAAazlD,EAAEggD,QAGjBsF,EAAQlJ,EAAKgD,SACbmG,EAAOnJ,EAAKiD,QACZ78D,EAAQ45D,EAAK55D,MACb45D,EAAKgD,SAAWqG,EAChBrJ,EAAKiD,QAAU,EACfjD,EAAK55D,MAAQ2iE,EACbzE,GAAY1gD,GACLA,EAAEwgD,WAAahD,IAAW,CAC/B/+C,EAAMuB,EAAEg/C,SACRzwD,EAAIyR,EAAEwgD,WAAahD,GAAY,GAC/B,GAEEx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAElCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,YACSlQ,GACXyR,EAAEg/C,SAAWvgD,EACbuB,EAAEwgD,UAAYhD,GAAY,EAC1BkD,GAAY1gD,GAYd,OAVAA,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAE++C,YAAc/+C,EAAEg/C,SAClBh/C,EAAEghD,OAAShhD,EAAEwgD,UACbxgD,EAAEwgD,UAAY,EACdxgD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB1F,EAAKiD,QAAUkG,EACfnJ,EAAK55D,MAAQA,EACb45D,EAAKgD,SAAWkG,EAChBtlD,EAAE6sC,KAAOA,EACFyH,EACT,CGvnDeoR,CAAkCxjE,KAAKk6D,KAAMgJ,GAElD1C,IAAWpO,GACb,MAAUlvD,MAAMoiC,GAAIk7B,IAGtBxgE,KAAKyjE,WAAY,GAiCrB5hE,KAAKkI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,IAAgBziE,KACzC,IAAIwgE,EAAQkD,EAEZ,GAAI1jE,KAAK+iE,MAAS,OAAO,EAEzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBkkC,GAAWJ,GAG7C,iBAAT9nD,EAETmwD,EAAK55D,MAAQ6iE,GAAmBp5D,GACvBA,aAAgBqb,YACzB80C,EAAK55D,MAAQ,IAAIuC,WAAWkH,GAE5BmwD,EAAK55D,MAAQyJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK55D,MAAMc,OAE3B,EAAG,CAQD,GAPuB,IAAnB84D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,IAEnBjC,EAASmD,GAAqBzJ,EAAMwJ,MAErBrR,IAAgBmO,IAAWpO,GAGxC,OAFApyD,KAAK4jE,MAAMpD,GACXxgE,KAAK+iE,OAAQ,GACN,EAEc,IAAnB7I,EAAKqC,YAAsC,IAAlBrC,EAAKgD,UAAmBwG,IAAUzR,IAAYyR,IAAU3R,KACnF/xD,KAAK6jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,kBAExCvC,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAWnO,IAGnE,OAAIqR,IAAUzR,IACZuO,EHy7CN,SAAoBtG,GAClB,IAAIsG,EAEJ,OAAKtG,GAAsBA,EAAK9qB,OAIhCoxB,EAAStG,EAAK9qB,MAAMoxB,OAChBA,IAAW/E,IACb+E,IAAW9E,IACX8E,IAAW7E,IACX6E,IAAW5E,IACX4E,IAAW3E,IACX2E,IAAW1E,IACX0E,IAAWzE,GAEJ1a,GAAI6Y,EAAM3H,KAGnB2H,EAAK9qB,MAAQ,KAENoxB,IAAW1E,GAAaza,GAAI6Y,EAAM1H,IAAgBJ,KAjBhDG,EAkBX,CG/8CewR,CAAwB/jE,KAAKk6D,MACtCl6D,KAAK4jE,MAAMpD,GACXxgE,KAAK+iE,OAAQ,EACNvC,IAAWpO,IAIhBsR,IAAU3R,KACZ/xD,KAAK4jE,MAAMxR,IACX8H,EAAKqC,UAAY,GACV,GAcXsH,OAAO9hE,GACL/B,KAAKwxD,OAAO3vD,KAAKE,GAanB6hE,MAAMpD,GAEAA,IAAWpO,KACbpyD,KAAKyB,OAASuiE,GAAoBhkE,KAAKwxD,SAEzCxxD,KAAKwxD,OAAS,GACdxxD,KAAKqhD,IAAMmf,EACXxgE,KAAKslC,IAAMtlC,KAAKk6D,KAAK50B,KC/QzB,MAAM2+B,GAAM,GACNC,GAAO,GAqCE,SAASC,GAAajK,EAAMt2D,GACvC,IAAIwgE,EACAC,EAEAC,EACA9lD,EACA+lD,EACAC,EAEAx0D,EACA6lD,EACA7zC,EACAyiD,EAKJ,MAAMr1B,EAAQ8qB,EAAK9qB,MAEnBg1B,EAAMlK,EAAKiD,QACX,MAAM78D,EAAQ45D,EAAK55D,MACb+d,EAAO+lD,GAAOlK,EAAKgD,SAAW,GACpCmH,EAAOnK,EAAKuC,SACZ,MAAM3yD,EAASowD,EAAKpwD,OACdw3D,EAAM+C,GAAQzgE,EAAQs2D,EAAKqC,WAC3B/wD,EAAM64D,GAAQnK,EAAKqC,UAAY,KAE/BmI,EAAOt1B,EAAMs1B,KAEbC,EAAQv1B,EAAMu1B,MACdC,EAAQx1B,EAAMw1B,MACdC,EAAQz1B,EAAMy1B,MACdC,EAAW11B,EAAMqqB,OACvB6K,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KACb,MAAMumD,EAAQ31B,EAAM41B,QACdC,EAAQ71B,EAAM81B,SACdC,GAAS,GAAK/1B,EAAMg2B,SAAW,EAC/BC,GAAS,GAAKj2B,EAAMk2B,UAAY,EAMtCC,EACA,EAAG,CACK/mD,EAAO,KACP8lD,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,GAGZ+lD,EAAOQ,EAAMT,EAAOa,GAEpBK,EACA,OAAS,CAKL,GAJAhB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,IACR,IAAPC,EAIA16D,EAAOu6D,KAAiB,MAAPE,MACd,MAAS,GAALC,GAkKJ,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOQ,GAAc,MAAPR,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASgB,EACN,GAAS,GAALhB,EAAS,CAEhBp1B,EAAMrhB,KAAOm2C,GACb,MAAMqB,EAENrL,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA3KNv1D,EAAa,MAAPu0D,EACNC,GAAM,GACFA,IACIhmD,EAAOgmD,IACPF,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,GAEZxO,GAAOs0D,GAAQ,GAAKE,GAAM,EAC1BF,KAAUE,EACVhmD,GAAQgmD,GAGRhmD,EAAO,KACP8lD,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,GAEZ+lD,EAAOU,EAAMX,EAAOe,GAEpBI,EACA,OAAS,CAML,GALAjB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,MAEV,GAALC,GA2HG,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOU,GAAc,MAAPV,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASiB,EAETvL,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EApHN,GAZA1P,EAAc,MAAP0O,EACPC,GAAM,GACFhmD,EAAOgmD,IACPF,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,EACJA,EAAOgmD,IACPF,GAAQhkE,EAAM8jE,MAAU5lD,EACxBA,GAAQ,IAGhBq3C,GAAQyO,GAAQ,GAAKE,GAAM,EAEvB3O,EAAO6O,EAAM,CACbxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EAOV,GAJAjB,KAAUE,EACVhmD,GAAQgmD,EAERA,EAAKH,EAAO/C,EACRzL,EAAO2O,EAAI,CAEX,GADAA,EAAK3O,EAAO2O,EACRA,EAAKI,GACDx1B,EAAMs2B,KAAM,CACZxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA2Bd,GAFAvjD,EAAO,EACPyiD,EAAcK,EACA,IAAVD,GAEA,GADA7iD,GAAQ2iD,EAAQH,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,QAEf,GAAI+6D,EAAQL,GAGf,GAFAxiD,GAAQ2iD,EAAQE,EAAQL,EACxBA,GAAMK,EACFL,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GAEX,GADAxiD,EAAO,EACH6iD,EAAQ70D,EAAK,CACbw0D,EAAKK,EACL70D,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,SAKtB,GADAkY,GAAQ6iD,EAAQL,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,EAGtB,KAAOkG,EAAM,GACTlG,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BhS,GAAO,EAEPA,IACAlG,EAAOu6D,KAAUI,EAAYziD,KACzBhS,EAAM,IACNlG,EAAOu6D,KAAUI,EAAYziD,WAGlC,CACHA,EAAOqiD,EAAOxO,EACd,GACI/rD,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBhS,GAAO,QACFA,EAAM,GACXA,IACAlG,EAAOu6D,KAAUv6D,EAAOkY,KACpBhS,EAAM,IACNlG,EAAOu6D,KAAUv6D,EAAOkY,OAaxC,OAeR,aAECoiD,EAAM/lD,GAAQgmD,EAAO74D,GAG9BwE,EAAMwO,GAAQ,EACd4lD,GAAOp0D,EACPwO,GAAQxO,GAAO,EACfs0D,IAAS,GAAK9lD,GAAQ,EAGtB07C,EAAKiD,QAAUiH,EACflK,EAAKuC,SAAW4H,EAChBnK,EAAKgD,SAAWkH,EAAM/lD,EAAYA,EAAO+lD,EAAZ,EAAmB,GAAKA,EAAM/lD,GAC3D67C,EAAKqC,UAAY8H,EAAO74D,EAAaA,EAAM64D,EAAb,IAAqB,KAAOA,EAAO74D,GACjE4jC,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,CAEjB,CCxSA,MAAMmnD,GAAU,GACVC,GAAc,IACdC,GAAe,IAGfC,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAERC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,EAAG,GAG3DC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAGtDC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IACtD,IAAK,IAAK,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KAClD,KAAM,MAAO,MAAO,MAAO,EAAG,GAG5BC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACpC,GAAI,GAAI,GAAI,GAAI,GAAI,IAGT,SAASC,GAAcpsD,EAAMqsD,EAAMC,EAAYC,EAAOtL,EAAOuL,EAAaC,EAAMxiB,GAC3F,MAAM1lC,EAAO0lC,EAAK1lC,KAGlB,IASImoD,EACA5mB,EACA6mB,EACAvD,EAIA73D,EAhBAwE,EAAM,EACN62D,EAAM,EACN/oB,EAAM,EAAGlyC,EAAM,EACfk7D,EAAO,EACPp2C,EAAO,EACPq2C,EAAO,EACP/yC,EAAO,EACPgzC,EAAO,EACPC,EAAO,EAKP5O,EAAO,KACP6O,EAAa,EAGjB,MAAMxjC,EAAQ,IAAIq9B,GAAY4E,GAAU,GAClCwB,EAAO,IAAIpG,GAAY4E,GAAU,GACvC,IAGIyB,EAAWC,EAASC,EAHpBzP,EAAQ,KACR0P,EAAc,EAoClB,IAAKv3D,EAAM,EAAGA,GAAO21D,GAAS31D,IAC1B0zB,EAAM1zB,GAAO,EAEjB,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACvBnjC,EAAM4iC,EAAKC,EAAaM,MAK5B,IADAC,EAAOtoD,EACF5S,EAAM+5D,GAAS/5D,GAAO,GACJ,IAAf83B,EAAM93B,GADgBA,KAQ9B,GAHIk7D,EAAOl7D,IACPk7D,EAAOl7D,GAEC,IAARA,EAaA,OATAsvD,EAAMuL,KAAiB,SAMvBvL,EAAMuL,KAAiB,SAEvBviB,EAAK1lC,KAAO,EACL,EAEX,IAAKs/B,EAAM,EAAGA,EAAMlyC,GACG,IAAf83B,EAAMoa,GADWA,KAWzB,IANIgpB,EAAOhpB,IACPgpB,EAAOhpB,GAIX9pB,EAAO,EACFhkB,EAAM,EAAGA,GAAO21D,GAAS31D,IAG1B,GAFAgkB,IAAS,EACTA,GAAQ0P,EAAM1zB,GACVgkB,EAAO,EACP,OAAQ,EAGhB,GAAIA,EAAO,IAAM/Z,IAAS6rD,IAAiB,IAARl6D,GAC/B,OAAQ,EAKZ,IADAu7D,EAAK,GAAK,EACLn3D,EAAM,EAAGA,EAAM21D,GAAS31D,IACzBm3D,EAAKn3D,EAAM,GAAKm3D,EAAKn3D,GAAO0zB,EAAM1zB,GAItC,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACQ,IAA3BP,EAAKC,EAAaM,KAClBH,EAAKS,EAAKb,EAAKC,EAAaM,OAAWA,GAsC3C5sD,IAAS6rD,IACTzN,EAAOR,EAAQ6O,EACfl7D,EAAM,IAECyO,IAAS8rD,IAChB1N,EAAO4N,GACPiB,GAAc,IACdrP,EAAQqO,GACRqB,GAAe,IACf/7D,EAAM,MAGN6sD,EAAO8N,GACPtO,EAAQuO,GACR56D,GAAO,GAIXy7D,EAAO,EACPJ,EAAM,EACN72D,EAAM8tC,EACNulB,EAAOoD,EACP/1C,EAAOo2C,EACPC,EAAO,EACPH,GAAO,EACPI,EAAO,GAAKF,EACZ,MAAMj1B,EAAOm1B,EAAO,EAGpB,GAAI/sD,IAAS8rD,IAAQiB,EAAOpB,IAC5B3rD,IAAS+rD,IAASgB,EAAOnB,GACrB,OAAO,EAIX,OAAS,CAELuB,EAAYp3D,EAAM+2D,EACdL,EAAKG,GAAOr7D,GACZ67D,EAAU,EACVC,EAAWZ,EAAKG,IACTH,EAAKG,GAAOr7D,GACnB67D,EAAUxP,EAAM0P,EAAcb,EAAKG,IACnCS,EAAWjP,EAAK6O,EAAaR,EAAKG,MAElCQ,EAAU,GACVC,EAAW,GAIfX,EAAO,GAAK32D,EAAM+2D,EAClBhnB,EAAO,GAAKrvB,EACZotB,EAAMiC,EACN,GACIA,GAAQ4mB,EACRzL,EAAMmI,GAAQ4D,GAAQF,GAAQhnB,GAAQqnB,GAAa,GAAKC,GAAW,GAAKC,EAAU,QACpE,IAATvnB,GAIT,IADA4mB,EAAO,GAAK32D,EAAM,EACXi3D,EAAON,GACVA,IAAS,EAWb,GATa,IAATA,GACAM,GAAQN,EAAO,EACfM,GAAQN,GAERM,EAAO,EAIXJ,IACqB,KAAfnjC,EAAM1zB,GAAY,CACpB,GAAIA,IAAQpE,EACR,MAEJoE,EAAMs2D,EAAKC,EAAaG,EAAKG,IAIjC,GAAI72D,EAAM82D,IAASG,EAAOp1B,KAAU+0B,EAAK,CAYrC,IAVa,IAATG,IACAA,EAAOD,GAIXzD,GAAQvlB,EAGRptB,EAAO1gB,EAAM+2D,EACb/yC,EAAO,GAAKtD,EACLA,EAAOq2C,EAAOn7D,IACjBooB,GAAQ0P,EAAMhT,EAAOq2C,KACjB/yC,GAAQ,KAGZtD,IACAsD,IAAS,EAKb,GADAgzC,GAAQ,GAAKt2C,EACTzW,IAAS8rD,IAAQiB,EAAOpB,IAChC3rD,IAAS+rD,IAASgB,EAAOnB,GACjB,OAAO,EAIXe,EAAMK,EAAOp1B,EAIbqpB,EAAM0L,GAAOE,GAAQ,GAAKp2C,GAAQ,GAAK2yC,EAAOoD,EAAa,GAiBnE,OAVa,IAATQ,IAIA/L,EAAMmI,EAAO4D,GAAQj3D,EAAM+2D,GAAQ,GAAK,IAAM,GAAI,GAKtD7iB,EAAK1lC,KAAOsoD,EACL,CACX,CC/TA,MAAMhB,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAsBLwB,GAAO,EACPC,GAAQ,EACRC,GAAO,EACPC,GAAK,EACLC,GAAQ,EACRC,GAAQ,EACR/jC,GAAO,EACPgkC,GAAU,EACVC,GAAO,EACPC,GAAS,GACTC,GAAO,GACH/D,GAAO,GACPgE,GAAS,GACTC,GAAS,GACTC,GAAQ,GACRC,GAAO,GACPC,GAAQ,GACRC,GAAU,GACVC,GAAW,GACPC,GAAO,GACPC,GAAM,GACNC,GAAS,GACTC,GAAO,GACPC,GAAU,GACVC,GAAQ,GACRC,GAAM,GACdC,GAAQ,GACRC,GAAS,GACTC,GAAO,GACPjF,GAAM,GAQT2B,GAAc,IACdC,GAAe,IAQrB,SAASsD,GAAQ56D,GACf,OAAWA,IAAM,GAAM,MACbA,IAAM,EAAK,SACP,MAAJA,IAAe,KACX,IAAJA,IAAa,GACzB,CAGA,MAAM66D,GACJtpE,cACEE,KAAK+tB,KAAO,EACZ/tB,KAAKqe,MAAO,EACZre,KAAK2qD,KAAO,EACZ3qD,KAAKqpE,UAAW,EAChBrpE,KAAKspE,MAAQ,EACbtpE,KAAK0kE,KAAO,EACZ1kE,KAAKupE,MAAQ,EACbvpE,KAAKwpE,MAAQ,EAEbxpE,KAAK6+D,KAAO,KAGZ7+D,KAAKypE,MAAQ,EACbzpE,KAAK2kE,MAAQ,EACb3kE,KAAK4kE,MAAQ,EACb5kE,KAAK6kE,MAAQ,EACb7kE,KAAKy5D,OAAS,KAGdz5D,KAAKskE,KAAO,EACZtkE,KAAKwe,KAAO,EAGZxe,KAAKoB,OAAS,EACdpB,KAAKoQ,OAAS,EAGdpQ,KAAK63D,MAAQ,EAGb73D,KAAKglE,QAAU,KACfhlE,KAAKklE,SAAW,KAChBllE,KAAKolE,QAAU,EACfplE,KAAKslE,SAAW,EAGhBtlE,KAAK0pE,MAAQ,EACb1pE,KAAK2pE,KAAO,EACZ3pE,KAAK4pE,MAAQ,EACb5pE,KAAK6pE,KAAO,EACZ7pE,KAAKqjE,KAAO,KAEZrjE,KAAKsmE,KAAO,IAAIvF,GAAY,KAC5B/gE,KAAK0mE,KAAO,IAAI3F,GAAY,KAO5B/gE,KAAK8pE,OAAS,KACd9pE,KAAK+pE,QAAU,KACf/pE,KAAK0lE,KAAO,EACZ1lE,KAAKgqE,KAAO,EACZhqE,KAAKiqE,IAAM,GA+Bf,SAASC,GAAahQ,GACpB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACbA,EAAMu1B,MAAQ,EACdv1B,EAAMw1B,MAAQ,EACdx1B,EAAMy1B,MAAQ,EAlChB,SAA0B3K,GACxB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACb8qB,EAAKkD,SAAWlD,EAAKwC,UAAYttB,EAAMo6B,MAAQ,EAC/CtP,EAAK50B,IAAM,GACP8J,EAAMub,OACRuP,EAAKc,MAAqB,EAAb5rB,EAAMub,MAErBvb,EAAMrhB,KAAOy5C,GACbp4B,EAAM/wB,KAAO,EACb+wB,EAAMi6B,SAAW,EACjBj6B,EAAMs1B,KAAO,MACbt1B,EAAMyvB,KAAO,KACbzvB,EAAMk1B,KAAO,EACbl1B,EAAM5wB,KAAO,EAEb4wB,EAAM41B,QAAU51B,EAAM06B,OAAS,IAAIK,GAAYvE,IAC/Cx2B,EAAM81B,SAAW91B,EAAM26B,QAAU,IAAII,GAAYtE,IAEjDz2B,EAAMs2B,KAAO,EACbt2B,EAAM46B,MAAQ,EAEP5X,IArB4BG,EAsBrC,CAUS6X,CAAiBlQ,IALW3H,EAOrC,CAoCA,SAAS8X,GAAanQ,EAAMwI,GAC1B,IAAI10C,EACAohB,EAEJ,OAAK8qB,GAGL9qB,EAAQ,IAAIg6B,GAIZlP,EAAK9qB,MAAQA,EACbA,EAAMqqB,OAAS,KACfzrC,EA/CF,SAAuBksC,EAAMwI,GAC3B,IAAI/X,EACAvb,EAGJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MAGTszB,EAAa,GACf/X,EAAO,EACP+X,GAAcA,IAGd/X,EAA2B,GAAnB+X,GAAc,GAClBA,EAAa,KACfA,GAAc,KAKdA,IAAeA,EAAa,GAAKA,EAAa,IACzCnQ,IAEY,OAAjBnjB,EAAMqqB,QAAmBrqB,EAAMq6B,QAAU/G,IAC3CtzB,EAAMqqB,OAAS,MAIjBrqB,EAAMub,KAAOA,EACbvb,EAAMq6B,MAAQ/G,EACPwH,GAAahQ,KA1Be3H,EA2BrC,CAeQ+X,CAAcpQ,EAAMwI,GACtB10C,IAAQokC,KACV8H,EAAK9qB,MAAQ,MAERphB,GAbaukC,EActB,CAiBA,IAEIgY,GAAQC,GAFRC,IAAS,EAIb,SAASC,GAAYt7B,GAEnB,GAAIq7B,GAAQ,CACV,IAAI5D,EAOJ,IALA0D,GAAS,IAAIJ,GAAY,KACzBK,GAAU,IAAIL,GAAY,IAG1BtD,EAAM,EACCA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EAMxC,IAJAR,GAAcN,GAAO32B,EAAMk3B,KAAM,EAAG,IAAKiE,GAAU,EAAGn7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EqoD,EAAM,EACCA,EAAM,IAAMz3B,EAAMk3B,KAAKO,KAAS,EAEvCR,GAAcL,GAAO52B,EAAMk3B,KAAM,EAAG,GAAMkE,GAAS,EAAGp7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EisD,IAAS,EAGXr7B,EAAM41B,QAAUuF,GAChBn7B,EAAMg2B,QAAU,EAChBh2B,EAAM81B,SAAWsF,GACjBp7B,EAAMk2B,SAAW,CACnB,CAiBA,SAASqF,GAAazQ,EAAMzjC,EAAKjrB,EAAKo/D,GACpC,IAAI/U,EACJ,MAAMzmB,EAAQ8qB,EAAK9qB,MAqCnB,OAlCqB,OAAjBA,EAAMqqB,SACRrqB,EAAMu1B,MAAQ,GAAKv1B,EAAMq6B,MACzBr6B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQ,EAEdx1B,EAAMqqB,OAAS,IAAIyI,GAAW9yB,EAAMu1B,QAIlCiG,GAAQx7B,EAAMu1B,OAChBnL,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAM4jC,EAAMu1B,MAAOv1B,EAAMu1B,MAAO,GAClEv1B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpB9O,EAAOzmB,EAAMu1B,MAAQv1B,EAAMy1B,MACvBhP,EAAO+U,IACT/U,EAAO+U,GAGTpR,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAM/U,EAAMzmB,EAAMy1B,QAC1D+F,GAAQ/U,IAGN2D,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAMA,EAAM,GACpDx7B,EAAMy1B,MAAQ+F,EACdx7B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpBv1B,EAAMy1B,OAAShP,EACXzmB,EAAMy1B,QAAUz1B,EAAMu1B,QAASv1B,EAAMy1B,MAAQ,GAC7Cz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAASv1B,EAAMw1B,OAAS/O,KAG7C,CACT,CAEA,SAASgV,GAAQ3Q,EAAMiF,GACrB,IAAI/vB,EACA9uC,EAAOwJ,EACPu5D,EACAyH,EACAjB,EAAM71C,EACNswC,EACA9lD,EACA4lD,EAAKC,EACLuG,EACA5oD,EACAyiD,EAEA2C,EAAWC,EAASC,EAEpByD,EAAWC,EAASC,EACpBj7D,EACAge,EAEAk2B,EAEA73C,EATAk4D,EAAO,EAMP2G,EAAO,IAAIhJ,GAAW,GAK1B,MAAMiJ,EACJ,CAAE,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAGlE,IAAKjR,IAASA,EAAK9qB,QAAU8qB,EAAKpwD,SAC5BowD,EAAK55D,OAA2B,IAAlB45D,EAAKgD,SACvB,OAAO3K,GAGTnjB,EAAQ8qB,EAAK9qB,MACTA,EAAMrhB,OAASm2C,KAAQ90B,EAAMrhB,KAAOm6C,IAIxC4C,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ78D,EAAQ45D,EAAK55D,MACbupE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGb4lD,EAAMyF,EACNxF,EAAOrwC,EACPhG,EAAMokC,GAENgZ,EACA,OACE,OAAQh8B,EAAMrhB,MACZ,KAAKy5C,GACH,GAAmB,IAAfp4B,EAAMub,KAAY,CACpBvb,EAAMrhB,KAAOm6C,GACb,MAGF,KAAO1pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAkB,EAAb4wB,EAAMub,MAAsB,QAAT2Z,EAAiB,CACvCl1B,EAAMm6B,MAAQ,EAEd2B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,GAI1C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO05C,GACb,MAMF,GAJAr4B,EAAMk6B,MAAQ,EACVl6B,EAAMyvB,OACRzvB,EAAMyvB,KAAKv9D,MAAO,KAED,EAAb8tC,EAAMub,UACA,IAAP2Z,IAA2B,IAAMA,GAAQ,IAAM,GAAI,CACtDpK,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,IAAY,GAAPK,KAA4BpR,GAAY,CAC3CgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAOF,GAJAK,KAAU,EACV9lD,GAAQ,EAERxO,EAAiC,GAAnB,GAAPs0D,GACa,IAAhBl1B,EAAMq6B,MACRr6B,EAAMq6B,MAAQz5D,OAEX,GAAIA,EAAMo/B,EAAMq6B,MAAO,CAC1BvP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMs1B,KAAO,GAAK10D,EAElBkqD,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAc,IAAPu2C,EAAe0D,GAAS9D,GAErCI,EAAO,EACP9lD,EAAO,EAEP,MACF,KAAKipD,GAEH,KAAOjpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAIV,GADA4wB,EAAMk6B,MAAQhF,GACK,IAAdl1B,EAAMk6B,SAAkBpW,GAAY,CACvCgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,GAAkB,MAAd70B,EAAMk6B,MAAgB,CACxBpP,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAEE70B,EAAMyvB,OACRzvB,EAAMyvB,KAAK3oD,KAASouD,GAAQ,EAAK,GAEjB,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO25C,GAEf,KAAKA,GAEH,KAAOlpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK9jD,KAAOupD,GAEF,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzB4G,EAAK,GAAM5G,IAAS,GAAM,IAC1B4G,EAAK,GAAM5G,IAAS,GAAM,IAC1Bl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO45C,GAEf,KAAKA,GAEH,KAAOnpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAKwM,OAAiB,IAAP/G,EACrBl1B,EAAMyvB,KAAK4C,GAAM6C,GAAQ,GAET,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO65C,GAEf,KAAKA,GACH,GAAkB,KAAdx4B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMhuC,OAASkjE,EACXl1B,EAAMyvB,OACRzvB,EAAMyvB,KAAKyM,UAAYhH,GAEP,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,OAGA4wB,EAAMyvB,OACbzvB,EAAMyvB,KAAKhH,MAAQ,MAErBzoB,EAAMrhB,KAAO85C,GAEf,KAAKA,GACH,GAAkB,KAAdz4B,EAAMk6B,QACRsB,EAAOx7B,EAAMhuC,OACTwpE,EAAOf,IAAQe,EAAOf,GACtBe,IACEx7B,EAAMyvB,OACR7uD,EAAMo/B,EAAMyvB,KAAKyM,UAAYl8B,EAAMhuC,OAC9BguC,EAAMyvB,KAAKhH,QAEdzoB,EAAMyvB,KAAKhH,MAAYh4D,MAAMuvC,EAAMyvB,KAAKyM,YAE1C9R,GACEpqB,EAAMyvB,KAAKhH,MACXv3D,EACA+iE,EAGAuH,EAEA56D,IAMc,IAAdo/B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOjpE,EAAOsqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACRx7B,EAAMhuC,QAAUwpE,GAEdx7B,EAAMhuC,QAAU,MAAMgqE,EAE5Bh8B,EAAMhuC,OAAS,EACfguC,EAAMrhB,KAAO+V,GAEf,KAAKA,GACH,GAAkB,KAAdsL,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GAEE56D,EAAM1P,EAAM+iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAMhuC,OAAS,QAClBguC,EAAMyvB,KAAK1zD,MAAQoP,OAAOsC,aAAa7M,UAElCA,GAAO46D,EAAOf,GAOvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOjpE,EAAOsqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK1zD,KAAO,MAEpBikC,EAAMhuC,OAAS,EACfguC,EAAMrhB,KAAO+5C,GAEf,KAAKA,GACH,GAAkB,KAAd14B,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GACE56D,EAAM1P,EAAM+iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAMhuC,OAAS,QAClBguC,EAAMyvB,KAAK2C,SAAWjnD,OAAOsC,aAAa7M,UAErCA,GAAO46D,EAAOf,GAMvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOjpE,EAAOsqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK2C,QAAU,MAEvBpyB,EAAMrhB,KAAOg6C,GAEf,KAAKA,GACH,GAAkB,IAAd34B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,MAAdl1B,EAAMm6B,OAAiB,CACnCrP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAGL4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK0C,KAASnyB,EAAMk6B,OAAS,EAAK,EACxCl6B,EAAMyvB,KAAKv9D,MAAO,GAEpB44D,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GACb,MACF,KAAK8D,GAEH,KAAOxpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV07C,EAAKc,MAAQ5rB,EAAMm6B,MAAQJ,GAAQ7E,GAEnCA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOk6C,GAEf,KAAKA,GACH,GAAuB,IAAnB74B,EAAMi6B,SASR,OAPAnP,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEN8zC,GAET4H,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GAEf,KAAKA,GACH,GAAI/E,IAAUjN,IAAWiN,IAAUhN,GAAW,MAAMiZ,EAEtD,KAAKlD,GACH,GAAI94B,EAAM/wB,KAAM,CAEdimD,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAER4wB,EAAMrhB,KAAOi7C,GACb,MAGF,KAAOxqD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EASV,OANA4wB,EAAM/wB,KAAe,EAAPimD,EAEdA,KAAU,EACV9lD,GAAQ,EAGQ,EAAP8lD,GACP,KAAK,EAGHl1B,EAAMrhB,KAAOo6C,GACb,MACF,KAAK,EAKH,GAJAuC,GAAYt7B,GAGZA,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAS,CAErBmS,KAAU,EACV9lD,GAAQ,EAER,MAAM4sD,EAER,MACF,KAAK,EAGHh8B,EAAMrhB,KAAOu6C,GACb,MACF,KAAK,EACHpO,EAAK50B,IAAM,qBACX8J,EAAMrhB,KAAOk2C,GAGjBK,KAAU,EACV9lD,GAAQ,EAER,MACF,KAAK2pD,GAMH,IAJA7D,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAGDA,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,IAAY,MAAP8lD,KAAqBA,IAAS,GAAM,OAAS,CAChDpK,EAAK50B,IAAM,+BACX8J,EAAMrhB,KAAOk2C,GACb,MAUF,GARA70B,EAAMhuC,OAAgB,MAAPkjE,EAIfA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOq6C,GACTjJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAKhD,GACHh5B,EAAMrhB,KAAOs6C,GAEf,KAAKA,GAEH,GADAuC,EAAOx7B,EAAMhuC,OACTwpE,EAAM,CAGR,GAFIA,EAAOf,IAAQe,EAAOf,GACtBe,EAAO52C,IAAQ42C,EAAO52C,GACb,IAAT42C,EAAc,MAAMQ,EAExB5R,GAAe1vD,EAAQxJ,EAAO+iE,EAAMuH,EAAME,GAE1CjB,GAAQe,EACRvH,GAAQuH,EACR52C,GAAQ42C,EACRE,GAAOF,EACPx7B,EAAMhuC,QAAUwpE,EAChB,MAGFx7B,EAAMrhB,KAAOm2C,GACb,MACF,KAAKoE,GAEH,KAAO9pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAmBV,GAhBA4wB,EAAMu6B,KAAkC,KAAnB,GAAPrF,GAEdA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMw6B,MAAmC,GAAnB,GAAPtF,GAEfA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMs6B,MAAmC,GAAnB,GAAPpF,GAEfA,KAAU,EACV9lD,GAAQ,EAGJ4wB,EAAMu6B,KAAO,KAAOv6B,EAAMw6B,MAAQ,GAAI,CACxC1P,EAAK50B,IAAM,sCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOw6C,GAEf,KAAKA,GACH,KAAOn5B,EAAMy6B,KAAOz6B,EAAMs6B,OAAO,CAE/B,KAAOlrD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAmB,EAAPvF,EAEnCA,KAAU,EACV9lD,GAAQ,EAGV,KAAO4wB,EAAMy6B,KAAO,IAClBz6B,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAW,EAapC,GAPAz6B,EAAM41B,QAAU51B,EAAM06B,OACtB16B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcP,GAAO12B,EAAMk3B,KAAM,EAAG,GAAIl3B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAC5E9U,EAAMg2B,QAAUlhB,EAAK1lC,KAEjBwP,EAAK,CACPksC,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAGF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOy6C,GAEf,KAAKA,GACH,KAAOp5B,EAAMy6B,KAAOz6B,EAAMu6B,KAAOv6B,EAAMw6B,OAAO,CAC5C,KACErF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8oD,EAAW,GAEbhD,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAMk3B,KAAKl3B,EAAMy6B,QAAUvC,MAExB,CACH,GAAiB,KAAbA,EAAiB,CAGnB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAOV,GAHA8lD,KAAU8C,EACV5oD,GAAQ4oD,EAEW,IAAfh4B,EAAMy6B,KAAY,CACpB3P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEFj0D,EAAMo/B,EAAMk3B,KAAKl3B,EAAMy6B,KAAO,GAC9Be,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,OAGL,GAAiB,KAAb8oD,EAAiB,CAGxB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,MAGL,CAGH,IADAnS,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,IAAa,IAAPtG,GAEbA,KAAU,EACV9lD,GAAQ,EAGV,GAAI4wB,EAAMy6B,KAAOe,EAAOx7B,EAAMu6B,KAAOv6B,EAAMw6B,MAAO,CAChD1P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,KAAO2G,KACLx7B,EAAMk3B,KAAKl3B,EAAMy6B,QAAU75D,GAMjC,GAAIo/B,EAAMrhB,OAASk2C,GAAO,MAG1B,GAAwB,IAApB70B,EAAMk3B,KAAK,KAAY,CACzBpM,EAAK50B,IAAM,uCACX8J,EAAMrhB,KAAOk2C,GACb,MAeF,GATA70B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcN,GAAM32B,EAAMk3B,KAAM,EAAGl3B,EAAMu6B,KAAMv6B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAGnF9U,EAAMg2B,QAAUlhB,EAAK1lC,KAGjBwP,EAAK,CACPksC,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAcF,GAXA70B,EAAMk2B,SAAW,EAGjBl2B,EAAM81B,SAAW91B,EAAM26B,QACvB7lB,EAAO,CAAE1lC,KAAM4wB,EAAMk2B,UACrBt3C,EAAMq4C,GAAcL,GAAO52B,EAAMk3B,KAAMl3B,EAAMu6B,KAAMv6B,EAAMw6B,MAAOx6B,EAAM81B,SAAU,EAAG91B,EAAMs3B,KAAMxiB,GAG/F9U,EAAMk2B,SAAWphB,EAAK1lC,KAGlBwP,EAAK,CACPksC,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAIF,GADA70B,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAK3C,GACHr5B,EAAMrhB,KAAO26C,GAEf,KAAKA,GACH,GAAImB,GAAQ,GAAK71C,GAAQ,IAAK,CAE5BkmC,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEb2lD,GAAajK,EAAMmK,GAEnByG,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ78D,EAAQ45D,EAAK55D,MACbupE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGT4wB,EAAMrhB,OAASm2C,KACjB90B,EAAM46B,MAAQ,GAEhB,MAGF,IADA56B,EAAM46B,KAAO,EAEXzF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP6C,GAAa5oD,IANV,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI6oD,GAAgC,IAAV,IAAVA,GAAuB,CAIrC,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM41B,QAAQiG,IACX3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAQhB,GALAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACdh4B,EAAMhuC,OAASkmE,EACC,IAAZD,EAAe,CAIjBj4B,EAAMrhB,KAAOg7C,GACb,MAEF,GAAc,GAAV1B,EAAc,CAEhBj4B,EAAM46B,MAAQ,EACd56B,EAAMrhB,KAAOm2C,GACb,MAEF,GAAc,GAAVmD,EAAc,CAChBnN,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMyoB,MAAkB,GAAVwP,EACdj4B,EAAMrhB,KAAO46C,GAEf,KAAKA,GACH,GAAIv5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMhuC,QAAUkjE,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtBzoB,EAAM66B,IAAM76B,EAAMhuC,OAClBguC,EAAMrhB,KAAO66C,GAEf,KAAKA,GACH,KACErE,EAAOn1B,EAAM81B,SAASZ,GAAS,GAAKl1B,EAAMk2B,UAAY,GACtD8B,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAyB,IAAV,IAAV6oD,GAAuB,CAI1B,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM81B,SAAS+F,IACZ3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAOhB,GAJAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACA,GAAVC,EAAc,CAChBnN,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMh/B,OAASk3D,EACfl4B,EAAMyoB,MAAoB,GAAZ,EACdzoB,EAAMrhB,KAAO86C,GAEf,KAAKA,GACH,GAAIz5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMh/B,QAAUk0D,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtB,GAAIzoB,EAAMh/B,OAASg/B,EAAMs1B,KAAM,CAC7BxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMrhB,KAAO+6C,GAEf,KAAKA,GACH,GAAa,IAAT90C,EAAc,MAAMo3C,EAExB,GADAR,EAAOvG,EAAOrwC,EACVob,EAAMh/B,OAASw6D,EAAM,CAEvB,GADAA,EAAOx7B,EAAMh/B,OAASw6D,EAClBA,EAAOx7B,EAAMw1B,OACXx1B,EAAMs2B,KAAM,CACdxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAkBA2G,EAAOx7B,EAAMy1B,OACf+F,GAAQx7B,EAAMy1B,MACd7iD,EAAOotB,EAAMu1B,MAAQiG,GAGrB5oD,EAAOotB,EAAMy1B,MAAQ+F,EAEnBA,EAAOx7B,EAAMhuC,SAAUwpE,EAAOx7B,EAAMhuC,QACxCqjE,EAAcr1B,EAAMqqB,YAGpBgL,EAAc36D,EACdkY,EAAO8oD,EAAM17B,EAAMh/B,OACnBw6D,EAAOx7B,EAAMhuC,OAEXwpE,EAAO52C,IAAQ42C,EAAO52C,GAC1BA,GAAQ42C,EACRx7B,EAAMhuC,QAAUwpE,EAChB,GACE9gE,EAAOghE,KAASrG,EAAYziD,aACnB4oD,GACU,IAAjBx7B,EAAMhuC,SAAgBguC,EAAMrhB,KAAO26C,IACvC,MACF,KAAKK,GACH,GAAa,IAAT/0C,EAAc,MAAMo3C,EACxBthE,EAAOghE,KAAS17B,EAAMhuC,OACtB4yB,IACAob,EAAMrhB,KAAO26C,GACb,MACF,KAAKM,GACH,GAAI55B,EAAMub,KAAM,CAEd,KAAOnsC,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IAEAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAcV,GAXA6lD,GAAQrwC,EACRkmC,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXA,IACFnK,EAAKc,MAAQ5rB,EAAMm6B,MAEdn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,IAG7GA,EAAOrwC,GAEFob,EAAMk6B,MAAQhF,EAAO6E,GAAQ7E,MAAWl1B,EAAMm6B,MAAO,CACxDrP,EAAK50B,IAAM,uBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOk7C,GAEf,KAAKA,GACH,GAAI75B,EAAMub,MAAQvb,EAAMk6B,MAAO,CAE7B,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQhkE,EAAM+iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,WAAdl1B,EAAMo6B,OAAqB,CACvCtP,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOm7C,GAEf,KAAKA,GACHl7C,EAAMqkC,GACN,MAAM+Y,EACR,KAAKnH,GACHj2C,EAAMwkC,GACN,MAAM4Y,EAKR,QACE,OAAO7Y,GA4Cb,OA9BA2H,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,GAGT4wB,EAAMu1B,OAAUN,IAASnK,EAAKqC,WAAantB,EAAMrhB,KAAOk2C,KACvC70B,EAAMrhB,KAAOi7C,IAAS7J,IAAUlN,MAC/C0Y,GAAazQ,EAAMA,EAAKpwD,OAAQowD,EAAKuC,SAAU4H,EAAOnK,EAAKqC,WAKjE6H,GAAOlK,EAAKgD,SACZmH,GAAQnK,EAAKqC,UACbrC,EAAKkD,UAAYgH,EACjBlK,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXj1B,EAAMub,MAAQ0Z,IAChBnK,EAAKc,MAAQ5rB,EAAMm6B,MAChBn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,IAE/HnK,EAAKC,UAAY/qB,EAAM5wB,MAAQ4wB,EAAM/wB,KAAO,GAAK,IAC9B+wB,EAAMrhB,OAASm2C,GAAO,IAAM,IAC5B90B,EAAMrhB,OAAS06C,IAAQr5B,EAAMrhB,OAASq6C,GAAQ,IAAM,IACzD,IAARhE,GAAsB,IAATC,GAAelF,IAAUlN,KAAajkC,IAAQokC,KAC/DpkC,EAAMykC,IAEDzkC,CACT,CA8BA,SAASu9C,GAAqBrR,EAAM+I,GAClC,MAAMM,EAAaN,EAAW7hE,OAE9B,IAAIguC,EACAo8B,EAIJ,OAAKtR,GAAyBA,EAAK9qB,OACnCA,EAAQ8qB,EAAK9qB,MAEM,IAAfA,EAAMub,MAAcvb,EAAMrhB,OAASk6C,GAC9B1V,GAILnjB,EAAMrhB,OAASk6C,KACjBuD,EAAS,EAETA,EAASzQ,GAAQyQ,EAAQvI,EAAYM,EAAY,GAC7CiI,IAAWp8B,EAAMm6B,OACZ/W,IAKLmY,GAAazQ,EAAM+I,EAAYM,EAAYA,GAKjDn0B,EAAMi6B,SAAW,EAEVjX,KAzB4DG,EA0BrE,CC59Ce,MAAMkZ,GACnB3rE,cAEEE,KAAKkW,KAAa,EAElBlW,KAAK+a,KAAa,EAElB/a,KAAKqrE,OAAa,EAElBrrE,KAAKyhE,GAAa,EAElBzhE,KAAK63D,MAAa,KAElB73D,KAAKsrE,UAAa,EAWlBtrE,KAAKmL,KAAa,GAIlBnL,KAAKwhE,QAAa,GAIlBxhE,KAAKuhE,KAAa,EAElBvhE,KAAKsB,MAAa,GCkCtB,MAAMoqE,GACJ5rE,YAAY+E,GACV7E,KAAK6E,QAAU,CACb49D,UAAW,MACXC,WAAY,KACR79D,GAAW,IAGjB,MAAM+9D,EAAM5iE,KAAK6E,QAIb+9D,EAAIC,KAAQD,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KACxDE,EAAIF,YAAcE,EAAIF,WACC,IAAnBE,EAAIF,aAAoBE,EAAIF,YAAc,OAI3CE,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KAC3C79D,GAAWA,EAAQ69D,aACrBE,EAAIF,YAAc,IAKfE,EAAIF,WAAa,IAAQE,EAAIF,WAAa,IAGf,IAAR,GAAjBE,EAAIF,cACPE,EAAIF,YAAc,IAItB1iE,KAAKqhD,IAAS,EACdrhD,KAAKslC,IAAS,GACdtlC,KAAK+iE,OAAS,EACd/iE,KAAKwxD,OAAS,GAEdxxD,KAAKk6D,KAAS,IAAIqI,GAClBviE,KAAKk6D,KAAKqC,UAAY,EAEtB,IAAIiE,EAASmL,GACX3rE,KAAKk6D,KACL0I,EAAIF,YAGN,GAAIlC,IAAWoL,GACb,MAAU1oE,MAAMoiC,GAAIk7B,IAQtB,GALAxgE,KAAKskB,OAAS,IAAImnD,GFszCtB,SAA0BvR,EAAM2E,GAC9B,IAAIzvB,EAGC8qB,GAASA,EAAK9qB,QACnBA,EAAQ8qB,EAAK9qB,MACY,IAAP,EAAbA,EAAMub,QAGXvb,EAAMyvB,KAAOA,EACbA,EAAKv9D,MAAO,GAEd,CEh0CIuqE,CAA8B7rE,KAAKk6D,KAAMl6D,KAAKskB,QAG1Cs+C,EAAIK,aAEwB,iBAAnBL,EAAIK,WACbL,EAAIK,WAAaE,GAAmBP,EAAIK,YAC/BL,EAAIK,sBAAsB79C,cACnCw9C,EAAIK,WAAa,IAAIpgE,WAAW+/D,EAAIK,aAElCL,EAAIC,MACNrC,EAASsL,GAAkC9rE,KAAKk6D,KAAM0I,EAAIK,YACtDzC,IAAWoL,KACb,MAAU1oE,MAAMoiC,GAAIk7B,IAiC5B3+D,KAAKkI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,EAASQ,WAAEA,IAAiBjjE,KACrD,IAAIwgE,EAAQkD,EAKRqI,GAAgB,EAEpB,GAAI/rE,KAAK+iE,MAAS,OAAO,EACzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBi+C,GAAaC,GAG/C,iBAATliE,EAETmwD,EAAK55D,MPpFJ,SAAwBic,GAC3B,MAAM4E,EAAM,IAAI+gD,GAAW3lD,EAAInb,QAC/B,IAAK,IAAI6B,EAAI,EAAG+M,EAAMmR,EAAI/f,OAAQ6B,EAAI+M,EAAK/M,IACvCke,EAAIle,GAAKsZ,EAAIE,WAAWxZ,GAE5B,OAAOke,CACX,CO8EmB+qD,CAAsBniE,GAC1BA,aAAgBqb,YACzB80C,EAAK55D,MAAQ,IAAIuC,WAAWkH,GAE5BmwD,EAAK55D,MAAQyJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK55D,MAAMc,OAE3B,EAAG,CAkBD,GAjBuB,IAAnB84D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,GAGnBjC,EAAS2L,GAAqBjS,EAAM+R,IAEhCzL,IAAW4L,IAAiBnJ,IAC9BzC,EAASsL,GAAkC9rE,KAAKk6D,KAAM+I,IAGpDzC,IAAW6L,KAAmC,IAAlBN,IAC9BvL,EAASoL,GACTG,GAAgB,GAGdvL,IAAW8L,IAAkB9L,IAAWoL,GAG1C,OAFA5rE,KAAK4jE,MAAMpD,GACXxgE,KAAK+iE,OAAQ,GACN,EAGL7I,EAAKuC,WACgB,IAAnBvC,EAAKqC,WAAmBiE,IAAW8L,KAAqC,IAAlBpS,EAAKgD,UAAmBwG,IAAUsI,IAActI,IAAU6I,KAClHvsE,KAAK6jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,YAW5B,IAAlBvC,EAAKgD,UAAqC,IAAnBhD,EAAKqC,YAC9BwP,GAAgB,UAGV7R,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAW8L,IAOnE,OALI9L,IAAW8L,KACb5I,EAAQsI,IAINtI,IAAUsI,IACZxL,EF8qCN,SAAoBtG,GAElB,IAAKA,IAASA,EAAK9qB,MACjB,OAAOmjB,GAGT,MAAMnjB,EAAQ8qB,EAAK9qB,MAKnB,OAJIA,EAAMqqB,SACRrqB,EAAMqqB,OAAS,MAEjBS,EAAK9qB,MAAQ,KACNgjB,EACT,CE1rCeoa,CAAwBxsE,KAAKk6D,MACtCl6D,KAAK4jE,MAAMpD,GACXxgE,KAAK+iE,OAAQ,EACNvC,IAAWoL,IAIhBlI,IAAU6I,KACZvsE,KAAK4jE,MAAMgI,IACX1R,EAAKqC,UAAY,GACV,GAeXsH,OAAO9hE,GACL/B,KAAKwxD,OAAO3vD,KAAKE,GAenB6hE,MAAMpD,GAEAA,IAAWoL,KACb5rE,KAAKyB,OAASuiE,GAAoBhkE,KAAKwxD,SAEzCxxD,KAAKwxD,OAAS,GACdxxD,KAAKqhD,IAAMmf,EACXxgE,KAAKslC,IAAMtlC,KAAKk6D,KAAK50B,KCxRzB,IAAImnC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS3rE,GACvBf,KAAKe,OAASA,EACdf,KAAK2sE,UAAY,EACjB3sE,KAAK4sE,QAAU,EACf5sE,KAAK6sE,SAAU,CACjB,EAEAH,GAAU1rE,UAAU8rE,YAAc,WAC3B9sE,KAAK6sE,UACR7sE,KAAK4sE,QAAU5sE,KAAKe,OAAO4F,WAC3B3G,KAAK6sE,SAAU,EAEnB,EAGAH,GAAU1rE,UAAUE,KAAO,SAASsd,GAElC,IADA,IAAI/c,EAAS,EACN+c,EAAO,GAAG,CACfxe,KAAK8sE,cACL,IAAIC,EAAY,EAAI/sE,KAAK2sE,UAEzB,GAAInuD,GAAQuuD,EACVtrE,IAAWsrE,EACXtrE,GAAUgrE,GAAQM,GAAa/sE,KAAK4sE,QACpC5sE,KAAK6sE,SAAU,EACf7sE,KAAK2sE,UAAY,EACjBnuD,GAAQuuD,MACH,CACLtrE,IAAW+c,EACX,IAAItY,EAAQ6mE,EAAYvuD,EACxB/c,IAAWzB,KAAK4sE,QAAWH,GAAQjuD,IAAStY,IAAWA,EACvDlG,KAAK2sE,WAAanuD,EAClBA,EAAO,GAGX,OAAO/c,CACT,EAGAirE,GAAU1rE,UAAUgsE,KAAO,SAAS7pE,GAClC,IAAI8pE,EAAQ9pE,EAAM,EACd+pE,GAAU/pE,EAAM8pE,GAAS,EAC7BjtE,KAAK2sE,UAAYM,EACjBjtE,KAAKe,OAAOisE,KAAKE,GACjBltE,KAAK6sE,SAAU,CACjB,EAGAH,GAAU1rE,UAAUmsE,GAAK,WACvB,IAA6BlqE,EAAzBke,EAAM,IAAIte,WAAW,GACzB,IAAKI,EAAI,EAAGA,EAAIke,EAAI/f,OAAQ6B,IAC1Bke,EAAIle,GAAKjD,KAAKkB,KAAK,GAErB,OAGF,SAAkBigB,GAChB,OAAOthB,MAAMmB,UAAUmH,IAAIrH,KAAKqgB,GAAKpU,IAAM,KAAOA,EAAEP,SAAS,KAAK9K,OAAO,KAAIF,KAAK,GACpF,CALS4rE,CAASjsD,EAClB,EAMA,OAAiBurD,GC3FbW,GAAS,WACb,EAIAA,GAAOrsE,UAAU2F,SAAW,WAC1B,MAAUzD,MAAM,6CAClB,EAGAmqE,GAAOrsE,UAAUE,KAAO,SAAS+C,EAAQqpE,EAAWlsE,GAElD,IADA,IAAIsK,EAAY,EACTA,EAAYtK,GAAQ,CACzB,IAAIib,EAAIrc,KAAK2G,WACb,GAAI0V,EAAI,EACN,OAAoB,IAAZ3Q,GAAkB,EAAIA,EAEhCzH,EAAOqpE,KAAejxD,EACtB3Q,IAEF,OAAOA,CACT,EACA2hE,GAAOrsE,UAAUgsE,KAAO,SAASO,GAC/B,MAAUrqE,MAAM,yCAClB,EAGAmqE,GAAOrsE,UAAUwsE,UAAY,SAASC,GACpC,MAAUvqE,MAAM,6CAClB,EACAmqE,GAAOrsE,UAAUc,MAAQ,SAASmC,EAAQqpE,EAAWlsE,GACnD,IAAI6B,EACJ,IAAKA,EAAE,EAAGA,EAAE7B,EAAQ6B,IAClBjD,KAAKwtE,UAAUvpE,EAAOqpE,MAExB,OAAOlsE,CACT,EACAisE,GAAOrsE,UAAUm+D,MAAQ,WACzB,EAEA,ICNMuO,MDMWL,OCNXK,GAAc,IAAIzoD,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKV7kB,KAAK2tE,OAAS,WACZ,OAAS9oD,IAAS,GAOpB7kB,KAAK4tE,UAAY,SAASvsE,GACxBwjB,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMxjB,KAQjDrB,KAAK6tE,aAAe,SAASxsE,EAAOqiC,GAClC,KAAOA,KAAU,GACf7e,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMxjB,OCnDnDysE,GAAM,SAASvvD,EAAOmB,GACxB,IAAwBzc,EAApBwzB,EAAMlY,EAAMmB,GAChB,IAAKzc,EAAIyc,EAAOzc,EAAI,EAAGA,IACrBsb,EAAMtb,GAAKsb,EAAMtb,EAAE,GAGrB,OADAsb,EAAM,GAAKkY,EACJA,CACT,EAEIs3C,GAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,GACpBA,GAAcV,GAAIE,YAAyB,oBAC3CQ,GAAcV,GAAIG,eAAyB,gBAC3CO,GAAcV,GAAII,sBAAyB,uBAC3CM,GAAcV,GAAIK,uBAAyB,wBAC3CK,GAAcV,GAAIM,YAAyB,aAC3CI,GAAcV,GAAIO,eAAyB,gBAC3CG,GAAcV,GAAIQ,gBAAkB,kDAEpC,IAAIG,GAAS,SAASlO,EAAQmO,GAC5B,IAAIrpC,EAAMmpC,GAAcjO,IAAW,gBAC/BmO,IAAarpC,GAAO,KAAKqpC,GAC7B,IAAItqE,EAAI,IAAIytB,UAAUwT,GAEtB,MADAjhC,EAAEg4D,UAAYmE,EACRn8D,CACR,EAEIuqE,GAAS,SAASC,EAAaC,GACjC9uE,KAAK+uE,SAAW/uE,KAAKgvE,aAAehvE,KAAKivE,WAAa,EAEtDjvE,KAAKkvE,cAAcL,EAAaC,EAClC,EACAF,GAAO5tE,UAAUmuE,YAAc,WAE7B,OADiBnvE,KAAKovE,mBAKtBpvE,KAAKqvE,SAAW,IAAIC,IACb,IAJLtvE,KAAKivE,YAAc,GACZ,EAIX,EAEAL,GAAO5tE,UAAUkuE,cAAgB,SAASL,EAAaC,GAErD,IAAI3tD,EAAM,IAAIte,WAAW,GACW,IAAhCgsE,EAAY3tE,KAAKigB,EAAK,EAAG,IACuB,QAAhD5G,OAAOsC,aAAasE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CutD,GAAOX,GAAIG,cAAe,aAE5B,IAAIjU,EAAQ94C,EAAI,GAAK,IACjB84C,EAAQ,GAAKA,EAAQ,IACvByU,GAAOX,GAAIG,cAAe,sBAE5BluE,KAAKuF,OAAS,IAAImnE,GAAUmC,GAI5B7uE,KAAKuvE,SAAW,IAAStV,EACzBj6D,KAAKwvE,WAAa,EAClBxvE,KAAK8uE,aAAeA,EACpB9uE,KAAKyvE,UAAY,CACnB,EACAb,GAAO5tE,UAAUouE,gBAAkB,WACjC,IAAInsE,EAAG2Z,EAAGV,EACN3W,EAASvF,KAAKuF,OAId6W,EAAI7W,EAAO4nE,KACf,GAjFW,iBAiFP/wD,EACF,OAAO,EAnFG,iBAqFRA,GACFsyD,GAAOX,GAAIG,eACbluE,KAAK0vE,eAAiBnqE,EAAOrE,KAAK,MAAQ,EAC1ClB,KAAKyvE,WAAazvE,KAAK0vE,gBACH1vE,KAAKyvE,WAAa,EAAMzvE,KAAKyvE,YAAY,OAAU,EAInElqE,EAAOrE,KAAK,IACdwtE,GAAOX,GAAIQ,gBACb,IAAIoB,EAAcpqE,EAAOrE,KAAK,IAC1ByuE,EAAc3vE,KAAKuvE,UACrBb,GAAOX,GAAIM,WAAY,kCAMzB,IAAInwD,EAAI3Y,EAAOrE,KAAK,IAChB0uE,EAAY,IAAI/sE,WAAW,KAAMgtE,EAAW,EAChD,IAAK5sE,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIib,EAAK,GAAM,GAAMjb,EAAK,CACxB,IAAI40C,EAAQ,GAAJ50C,EAER,IADAiZ,EAAI3W,EAAOrE,KAAK,IACX0b,EAAI,EAAGA,EAAI,GAAIA,IACdV,EAAK,GAAM,GAAMU,IACnBgzD,EAAUC,KAAch4B,EAAIj7B,GAKpC,IAAIkzD,EAAavqE,EAAOrE,KAAK,IACzB4uE,EAzHW,GAyHgBA,EAxHhB,IAyHbpB,GAAOX,GAAIM,YAKb,IAAI0B,EAAaxqE,EAAOrE,KAAK,IACV,IAAf6uE,GACFrB,GAAOX,GAAIM,YAEb,IAAI2B,EAAY,IAAIntE,WAAW,KAC/B,IAAKI,EAAI,EAAGA,EAAI6sE,EAAY7sE,IAC1B+sE,EAAU/sE,GAAKA,EAEjB,IAAIgtE,EAAY,IAAIptE,WAAWktE,GAE/B,IAAK9sE,EAAI,EAAGA,EAAI8sE,EAAY9sE,IAAK,CAE/B,IAAK2Z,EAAI,EAAGrX,EAAOrE,KAAK,GAAI0b,IACtBA,GAAKkzD,GAAYpB,GAAOX,GAAIM,YAElC4B,EAAUhtE,GAAK6qE,GAAIkC,EAAWpzD,GAKhC,IACiBszD,EADbC,EAAWN,EAAW,EACtBO,EAAS,GACb,IAAKxzD,EAAI,EAAGA,EAAIkzD,EAAYlzD,IAAK,CAC/B,IAqBIyzD,EAASC,EArBTlvE,EAAS,IAAIyB,WAAWstE,GAAWt8C,EAAO,IAAIk9B,YAAYwf,IAK9D,IADAryD,EAAI3Y,EAAOrE,KAAK,GACX+B,EAAI,EAAGA,EAAIktE,EAAUltE,IAAK,CAC7B,MACMib,EAAI,GAAKA,EAjKE,KAiKoBwwD,GAAOX,GAAIM,YAG1C9oE,EAAOrE,KAAK,IAEZqE,EAAOrE,KAAK,GAGdgd,IAFAA,IAIJ9c,EAAO6B,GAAKib,EAMd,IADAmyD,EAASC,EAASlvE,EAAO,GACpB6B,EAAI,EAAGA,EAAIktE,EAAUltE,IACpB7B,EAAO6B,GAAKqtE,EACdA,EAASlvE,EAAO6B,GACT7B,EAAO6B,GAAKotE,IACnBA,EAASjvE,EAAO6B,IAapBitE,EAAW,GACXE,EAAOvuE,KAAKquE,GACZA,EAASM,QAAU,IAAIzf,YAnMT,KAoMdmf,EAASrS,MAAQ,IAAI54C,YAAYsrD,IACjCL,EAAS7X,KAAO,IAAIpzC,YAAYsrD,IAChCL,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIG,EAAK,EACT,IAAKxtE,EAAIotE,EAAQptE,GAAKqtE,EAAQrtE,IAE5B,IADA4wB,EAAK5wB,GAAKitE,EAASrS,MAAM56D,GAAK,EACzBib,EAAI,EAAGA,EAAIiyD,EAAUjyD,IACpB9c,EAAO8c,KAAOjb,IAChBitE,EAASM,QAAQC,KAAQvyD,GAG/B,IAAKjb,EAAI,EAAGA,EAAIktE,EAAUltE,IACxB4wB,EAAKzyB,EAAO6B,MAMd,IADAwtE,EAAKvyD,EAAI,EACJjb,EAAIotE,EAAQptE,EAAIqtE,EAAQrtE,IAC3BwtE,GAAM58C,EAAK5wB,GAOXitE,EAASrS,MAAM56D,GAAKwtE,EAAK,EACzBA,IAAO,EACPvyD,GAAK2V,EAAK5wB,GACVitE,EAAS7X,KAAKp1D,EAAI,GAAKwtE,EAAKvyD,EAE9BgyD,EAASrS,MAAMyS,EAAS,GAAK/gE,OAAOmhE,UACpCR,EAASrS,MAAMyS,GAAUG,EAAK58C,EAAKy8C,GAAU,EAC7CJ,EAAS7X,KAAKgY,GAAU,EAO1B,IAAIM,EAAY,IAAI1rD,YAAY,KAChC,IAAKhiB,EAAI,EAAGA,EAAI,IAAKA,IACnB+sE,EAAU/sE,GAAKA,EAEjB,IAA6C2tE,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOhxE,KAAKgxE,KAAO,IAAI/rD,YAAYjlB,KAAKuvE,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWc,GACPF,GAAYhB,GAAcrB,GAAOX,GAAIM,YACzC6B,EAAWE,EAAOH,EAAUc,OAG9B9tE,EAAIitE,EAASG,OACbzzD,EAAIrX,EAAOrE,KAAK+B,GAEVA,EAAIitE,EAASI,QAAU5B,GAAOX,GAAIM,cAClCzxD,GAAKszD,EAASrS,MAAM56D,IAFnBA,IAIL2Z,EAAKA,GAAK,EAAKrX,EAAOrE,KAAK,KAG7B0b,GAAKszD,EAAS7X,KAAKp1D,IACX,GAAK2Z,GAvQC,MAuQmB8xD,GAAOX,GAAIM,YAC5C,IAAI6C,EAAUhB,EAASM,QAAQ5zD,GAK/B,GA5Qc,IA4QVs0D,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY5yD,EAAIle,KAAKuvE,UAAYb,GAAOX,GAAIM,YAEhDsC,EADAC,EAAKhB,EAAUI,EAAU,MACR9xD,EACVA,KACL8yD,EAAKF,KAAeF,EAGxB,GAAIM,EAAUrB,EACZ,MAQEiB,GAAa9wE,KAAKuvE,UAAYb,GAAOX,GAAIM,YAK7CsC,EAFAC,EAAKhB,EADLgB,EAAK9C,GAAIkC,EADT/sE,EAAIiuE,EAAU,OAKdF,EAAKF,KAAeF,OA9CbC,IACHA,EAAS,EACT3yD,EAAI,GAUJA,GA1RU,IAyRRgzD,EACGL,EAEA,EAAIA,EACXA,IAAW,EA0Cf,KAHIlB,EAAc,GAAKA,GAAemB,IAAapC,GAAOX,GAAIM,YAE9DzxD,EAAI,EACC3Z,EAAI,EAAGA,EAAI,IAAKA,IACnBiZ,EAAIU,EAAI+zD,EAAU1tE,GAClB0tE,EAAU1tE,GAAK2Z,EACfA,EAAIV,EAGN,IAAKjZ,EAAI,EAAGA,EAAI6tE,EAAW7tE,IAEzB+tE,EAAKL,EADLC,EAAe,IAAVI,EAAK/tE,MACcA,GAAK,EAC7B0tE,EAAUC,KAKZ,IAAIztE,EAAM,EAAGguE,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBhuE,EAAM6tE,EAAKrB,IAEXxsE,IAAQ,EACRiuE,GAAO,GAETpxE,KAAK+uE,SAAW5rE,EAChBnD,KAAKgvE,aAAemC,EACpBnxE,KAAKivE,WAAa6B,EAClB9wE,KAAKqxE,SAAWD,GAET,CACT,EAOAxC,GAAO5tE,UAAUswE,aAAe,SAASC,EAAcvhE,GACnD,IAAIwhE,EAAQC,EAAUC,EAKxB,GAAI1xE,KAAKivE,WAAa,EAAK,OAAO,EAGlC,IAAI+B,EAAOhxE,KAAKgxE,KAAM7tE,EAAMnD,KAAK+uE,SAAUoC,EAAUnxE,KAAKgvE,aACtD8B,EAAY9wE,KAAKivE,WAAyBjvE,KAAK2xE,WAGnD,IAFA,IAAIP,EAAMpxE,KAAKqxE,SAERP,GAAW,CAehB,IAdAA,IACAW,EAAWN,EAEXA,EAAgB,KADhBhuE,EAAM6tE,EAAK7tE,IAEXA,IAAQ,EACM,GAAViuE,KACFI,EAASL,EACTO,EAAUD,EACVN,GAAW,IAEXK,EAAS,EACTE,EAAUP,GAEZnxE,KAAKqvE,SAASxB,aAAa6D,EAASF,GAC7BA,KACLxxE,KAAK8uE,aAAatB,UAAUkE,GAC5B1xE,KAAKwvE,aAEH2B,GAAWM,IACbL,EAAM,GASV,OAPApxE,KAAKivE,WAAa6B,EAEd9wE,KAAKqvE,SAAS1B,WAAa3tE,KAAK0vE,gBAClChB,GAAOX,GAAIM,WAAY,sBACRruE,KAAKqvE,SAAS1B,SAASnhE,SAAS,IACxC,aAAaxM,KAAK0vE,eAAeljE,SAAS,IAAI,KAEhDxM,KAAKwvE,UACd,EAEA,IAAIoC,GAAoB,SAAStxE,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIuuE,EAAc,IAAIxB,GAKtB,OAJAwB,EAAY1rE,IAAM,EAClB0rE,EAAYloE,SAAW,WAAa,OAAOrG,EAAMN,KAAKmD,QACtD0rE,EAAY7B,KAAO,SAAS7pE,GAAOnD,KAAKmD,IAAMA,GAC9C0rE,EAAYgD,IAAM,WAAa,OAAO7xE,KAAKmD,KAAO7C,EAAMc,QACjDytE,CACT,EACIiD,GAAqB,SAAShoE,GAChC,IAAIglE,EAAe,IAAIzB,GACnB0E,GAAW,EACf,GAAIjoE,EACF,GAAqB,mBACnBglE,EAAa7qE,OAAS,IAAIpB,WAAWiH,GACrCioE,GAAW,MACN,IAAI,cAAejoE,EACxB,OAAOA,EAEPglE,EAAa7qE,OAAS6F,EACtBioE,GAAW,OAGbjD,EAAa7qE,OAAS,IAAIpB,WAAW,OAuBvC,OArBAisE,EAAa3rE,IAAM,EACnB2rE,EAAatB,UAAY,SAASC,GAChC,GAAIsE,GAAY/xE,KAAKmD,KAAOnD,KAAKiE,OAAO7C,OAAQ,CAC9C,IAAI4wE,EAAY,IAAInvE,WAA8B,EAAnB7C,KAAKiE,OAAO7C,QAC3C4wE,EAAU1uE,IAAItD,KAAKiE,QACnBjE,KAAKiE,OAAS+tE,EAEhBhyE,KAAKiE,OAAOjE,KAAKmD,OAASsqE,GAE5BqB,EAAamD,UAAY,WAEvB,GAAIjyE,KAAKmD,MAAQnD,KAAKiE,OAAO7C,OAAQ,CACnC,IAAK2wE,EACH,MAAM,IAAIjgD,UAAU,2CACtB,IAAIkgD,EAAY,IAAInvE,WAAW7C,KAAKmD,KACpC6uE,EAAU1uE,IAAItD,KAAKiE,OAAOiI,SAAS,EAAGlM,KAAKmD,MAC3CnD,KAAKiE,OAAS+tE,EAEhB,OAAOhyE,KAAKiE,QAEd6qE,EAAaoD,UAAW,EACjBpD,CACT,EAqGA,OAhGe,SAASxuE,EAAOwJ,EAAQqoE,GAMrC,IAJA,IAAItD,EAAc+C,GAAkBtxE,GAChCwuE,EAAegD,GAAmBhoE,GAElCsoE,EAAK,IAAIxD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgD,OACxC,GAAIO,EAAGjD,cACLiD,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG7sE,OAAOrE,KAAK,MAAQ,EAM7C,GALImxE,IAAoBD,EAAG3C,WACzBf,GAAOX,GAAIM,WAAY,uBACR+D,EAAG3C,UAAUjjE,SAAS,IAC9B,aAAa6lE,EAAgB7lE,SAAS,IAAI,MAE/C2lE,KACA,QAAStD,IACRA,EAAYgD,MAGV,MADLO,EAAGlD,cAAcL,EAAaC,GAIpC,GAAI,cAAeA,EACjB,OAAOA,EAAamD,WACxB,EC/eA,MAAMK,GACOhyD,iBACT,OAAOU,EAAMlM,OAAOU,YAMtB1V,YAAYyyE,EAAO,IAAI13D,MACrB7a,KAAKuiD,OAASvhC,EAAMhL,QAAQG,KAC5BnW,KAAKuyE,KAAOl4D,EAAKc,cAAco3D,GAC/BvyE,KAAKkW,KAAO,KACZlW,KAAK+J,KAAO,KACZ/J,KAAKwyE,SAAW,GASlBC,QAAQv8D,EAAMqsC,EAASvhC,EAAMhL,QAAQG,MACnCnW,KAAKuiD,OAASA,EACdviD,KAAKkW,KAAOA,EACZlW,KAAK+J,KAAO,KASd2oE,QAAQ/wE,GAAQ,GAId,OAHkB,OAAd3B,KAAKkW,MAAiBmE,EAAK7X,SAASxC,KAAKkW,SAC3ClW,KAAKkW,KAAOmE,EAAK+C,WAAW/C,EAAKwF,UAAU7f,KAAK2yE,SAAShxE,MAEpD3B,KAAKkW,KAQd08D,SAAS1rE,EAAOq7C,GACdviD,KAAKuiD,OAASA,EACdviD,KAAK+J,KAAO7C,EACZlH,KAAKkW,KAAO,KASdy8D,SAAShxE,GAAQ,GAKf,OAJkB,OAAd3B,KAAK+J,OAEP/J,KAAK+J,KAAOsQ,EAAKmF,gBAAgBnF,EAAK0C,WAAW/c,KAAKkW,QAEpDvU,EACKklB,EAAoB7mB,KAAK+J,MAE3B/J,KAAK+J,KAQd8oE,YAAYL,GACVxyE,KAAKwyE,SAAWA,EAQlBM,cACE,OAAO9yE,KAAKwyE,SAUdrxE,WAAW+F,SACH6rE,EAAa7rE,GAAO/F,UAExB,MAAMohD,QAAeh9C,EAAOoB,WAEtBqsE,QAAqBztE,EAAOoB,WAClC3G,KAAKwyE,SAAWn4D,EAAK+C,iBAAiB7X,EAAOuB,UAAUksE,IAEvDhzE,KAAKuyE,KAAOl4D,EAAKO,eAAerV,EAAOuB,UAAU,IAEjD,IAAIiD,EAAOxE,EAAOoF,YACdqc,EAAqBjd,KAAOA,QAAa6c,EAAiB7c,IAC9D/J,KAAK4yE,SAAS7oE,EAAMw4C,EAAO,IAS/B0D,cACE,MAAMusB,EAAWn4D,EAAK0C,WAAW/c,KAAKwyE,UAChCS,EAAkB,IAAIpwE,WAAW,CAAC2vE,EAASpxE,SAE3CmhD,EAAS,IAAI1/C,WAAW,CAAC7C,KAAKuiD,SAC9BgwB,EAAOl4D,EAAKS,UAAU9a,KAAKuyE,MAEjC,OAAOl4D,EAAKvX,iBAAiB,CAACy/C,EAAQ0wB,EAAiBT,EAAUD,IAQnEzwE,QACE,MAAMwiB,EAAStkB,KAAKimD,cACdl8C,EAAO/J,KAAK2yE,WAElB,OAAOt4D,EAAK7T,OAAO,CAAC8d,EAAQva,KCxIhC,MAAMmpE,GAAW1zE,OAAO,YAKlB2zE,GAA4B,IAAI9vD,IAAI,CACxCrC,EAAM9J,mBAAmBW,OACzBmJ,EAAM9J,mBAAmByB,kBACzBqI,EAAM9J,mBAAmBwB,oBAW3B,MAAM06D,GACO9yD,iBACT,OAAOU,EAAMlM,OAAOE,UAGtBlV,cACEE,KAAK6hD,QAAU,KAEf7hD,KAAKqzE,cAAgB,KAErBrzE,KAAKszE,cAAgB,KAErBtzE,KAAKuzE,mBAAqB,KAE1BvzE,KAAKwzE,cAAgB,KACrBxzE,KAAKyzE,mBAAqB,GAC1BzzE,KAAK0zE,gBAAkB,KAEvB1zE,KAAK2zE,QAAU,KACf3zE,KAAKoX,wBAA0B,KAC/BpX,KAAK4zE,uBAAwB,EAC7B5zE,KAAK6zE,WAAa,KAClB7zE,KAAK8zE,WAAa,KAClB9zE,KAAK+zE,YAAc,KACnB/zE,KAAKuX,kBAAoB,KACzBvX,KAAKwX,UAAY,KACjBxX,KAAKyX,kBAAoB,KACzBzX,KAAKg0E,gBAAkB,KACvBh0E,KAAK2X,6BAA+B,KACpC3X,KAAKi0E,mBAAqB,KAC1Bj0E,KAAKk0E,uBAAyB,KAC9Bl0E,KAAKm0E,yBAA2B,KAChCn0E,KAAKo0E,YAAc,IAAI/sD,GACvBrnB,KAAKq0E,aAAe,GACpBr0E,KAAKs0E,UAAY,GACjBt0E,KAAK+X,wBAA0B,KAC/B/X,KAAKgY,+BAAiC,KACtChY,KAAKiY,qBAAuB,KAC5BjY,KAAKkY,mBAAqB,KAC1BlY,KAAKu0E,gBAAkB,KACvBv0E,KAAKoY,UAAY,KACjBpY,KAAKqY,SAAW,KAChBrY,KAAKsY,cAAgB,KACrBtY,KAAKw0E,wBAA0B,KAC/Bx0E,KAAKy0E,0BAA4B,KACjCz0E,KAAKwY,SAAW,KAChBxY,KAAK00E,kCAAoC,KACzC10E,KAAK20E,6BAA+B,KACpC30E,KAAK40E,oBAAsB,KAC3B50E,KAAK0Y,kBAAoB,KACzB1Y,KAAK60E,iBAAmB,KACxB70E,KAAK2Y,kBAAoB,KACzB3Y,KAAK4Y,wBAA0B,KAE/B5Y,KAAK80E,QAAU,KACf90E,KAAKkzE,IAAY,KAQnBhyE,KAAKgG,GACH,IAAIjE,EAAI,EAGR,GAFAjD,KAAK6hD,QAAU36C,EAAMjE,KAEA,IAAjBjD,KAAK6hD,SAAkC,IAAjB7hD,KAAK6hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW/mD,KAAK6hD,mDAS7C,GANA7hD,KAAKqzE,cAAgBnsE,EAAMjE,KAC3BjD,KAAKuzE,mBAAqBrsE,EAAMjE,KAChCjD,KAAKszE,cAAgBpsE,EAAMjE,KAG3BA,GAAKjD,KAAK+0E,eAAe7tE,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SAAS,IACrDpB,KAAK2zE,QACR,MAAUzwE,MAAM,8CASlBlD,KAAKwzE,cAAgBtsE,EAAMgF,SAAS,EAAGjJ,GAGvCA,GAAKjD,KAAK+0E,eAAe7tE,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SAAS,GAG1DpB,KAAK0zE,gBAAkBxsE,EAAMgF,SAASjJ,EAAGA,EAAI,GAC7CA,GAAK,EAELjD,KAAKgnD,OAAStoC,GAAO1J,UAAUggE,qBAAqBh1E,KAAKuzE,mBAAoBrsE,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SAMvG6zE,cACE,OAAIj1E,KAAKgnD,kBAAkB/mD,QAClBi1E,GACL/zE,SAAYud,GAAOy2D,gBAAgBn1E,KAAKuzE,yBAA0BvzE,KAAKgnD,UAGpEtoC,GAAOy2D,gBAAgBn1E,KAAKuzE,mBAAoBvzE,KAAKgnD,QAG9DllD,QACE,MAAM46C,EAAM,GAKZ,OAJAA,EAAI76C,KAAK7B,KAAKwzE,eACd92B,EAAI76C,KAAK7B,KAAKo1E,2BACd14B,EAAI76C,KAAK7B,KAAK0zE,iBACdh3B,EAAI76C,KAAK7B,KAAKi1E,eACP56D,EAAK7T,OAAOk2C,GAYrBv7C,WAAW0V,EAAK9M,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,GAC9B,IAAhBvmC,EAAIgrC,QACN7hD,KAAK6hD,QAAU,EAEf7hD,KAAK6hD,QAAU,EAEjB,MAAMnF,EAAM,CAAC,IAAI75C,WAAW,CAAC7C,KAAK6hD,QAAS7hD,KAAKqzE,cAAerzE,KAAKuzE,mBAAoBvzE,KAAKszE,iBAE7FtzE,KAAK2zE,QAAUt5D,EAAKc,cAAco3D,GAClCvyE,KAAK60E,iBAAmBh+D,EAAIgrC,QAC5B7hD,KAAK2Y,kBAAoB9B,EAAIw+D,sBAC7Br1E,KAAKo0E,YAAcv9D,EAAIy+D,WAGvB54B,EAAI76C,KAAK7B,KAAKu1E,yBAKdv1E,KAAKyzE,mBAAqB,GAE1BzzE,KAAKwzE,cAAgBn5D,EAAK7T,OAAOk2C,GAEjC,MAAM84B,EAASx1E,KAAKw1E,OAAOx1E,KAAKqzE,cAAetpE,EAAMqzC,GAC/CnpC,QAAajU,KAAKiU,KAAKjU,KAAKqzE,cAAetpE,EAAMyrE,EAAQp4B,GAE/Dp9C,KAAK0zE,gBAAkB+B,EAAaC,EAAazhE,GAAO,EAAG,GAC3D,MAAMsF,EAASpY,SAAYud,GAAO1J,UAAU+nC,KAC1C/8C,KAAKuzE,mBAAoBvzE,KAAKszE,cAAez8D,EAAIo4C,aAAcp4C,EAAIo5C,cAAeulB,QAAc5uD,EAAiB3S,IAE/GoG,EAAK7X,SAASyR,GAChBjU,KAAKgnD,OAASztC,KAEdvZ,KAAKgnD,aAAeztC,IAMpBvZ,KAAKkzE,KAAY,GAQrBqC,wBACE,MAAMtoE,EAAM+T,EAAM9J,mBACZwlC,EAAM,GACZ,IAAIx1C,EACJ,GAAqB,OAAjBlH,KAAK2zE,QACP,MAAUzwE,MAAM,mCAElBw5C,EAAI76C,KAAK8zE,GAAe1oE,EAAIkK,uBAAuB,EAAMkD,EAAKS,UAAU9a,KAAK2zE,WACxC,OAAjC3zE,KAAKoX,yBACPslC,EAAI76C,KAAK8zE,GAAe1oE,EAAImK,yBAAyB,EAAMiD,EAAKM,YAAY3a,KAAKoX,wBAAyB,KAEpF,OAApBpX,KAAK6zE,YACPn3B,EAAI76C,KAAK8zE,GAAe1oE,EAAIoK,yBAAyB,EAAM,IAAIxU,WAAW,CAAC7C,KAAK6zE,WAAa,EAAI,MAE3E,OAApB7zE,KAAK8zE,aACP5sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAK8zE,WAAY9zE,KAAK+zE,cAC9Cr3B,EAAI76C,KAAK8zE,GAAe1oE,EAAIqK,gBAAgB,EAAMpQ,KAErB,OAA3BlH,KAAKuX,mBACPmlC,EAAI76C,KAAK8zE,GAAe1oE,EAAIsK,mBAAmB,EAAMvX,KAAKuX,oBAErC,OAAnBvX,KAAKwX,WACPklC,EAAI76C,KAAK8zE,GAAe1oE,EAAIuK,WAAW,EAAM,IAAI3U,WAAW,CAAC7C,KAAKwX,UAAY,EAAI,MAErD,OAA3BxX,KAAKyX,mBACPilC,EAAI76C,KAAK8zE,GAAe1oE,EAAIwK,mBAAmB,EAAM4C,EAAKM,YAAY3a,KAAKyX,kBAAmB,KAEtD,OAAtCzX,KAAK2X,+BACPzQ,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAK2X,+BAC7D+kC,EAAI76C,KAAK8zE,GAAe1oE,EAAI0K,8BAA8B,EAAOzQ,KAEnC,OAA5BlH,KAAKi0E,qBACP/sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAKi0E,mBAAoBj0E,KAAKk0E,yBACtDhtE,EAAQmT,EAAK7T,OAAO,CAACU,EAAOlH,KAAKm0E,2BACjCz3B,EAAI76C,KAAK8zE,GAAe1oE,EAAI2K,eAAe,EAAO1Q,KAE/ClH,KAAKo0E,YAAYzsD,UAAsC,IAA1B3nB,KAAK60E,kBAGrCn4B,EAAI76C,KAAK8zE,GAAe1oE,EAAI4K,QAAQ,EAAM7X,KAAKo0E,YAAYtyE,UAE7D9B,KAAKq0E,aAAajxE,SAAQ,EAAG+H,OAAM9J,QAAOu0E,gBAAeC,eACvD3uE,EAAQ,CAAC,IAAIrE,WAAW,CAAC+yE,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAME,EAAcz7D,EAAK0C,WAAW5R,GAEpCjE,EAAMrF,KAAKwY,EAAKM,YAAYm7D,EAAY10E,OAAQ,IAEhD8F,EAAMrF,KAAKwY,EAAKM,YAAYtZ,EAAMD,OAAQ,IAC1C8F,EAAMrF,KAAKi0E,GACX5uE,EAAMrF,KAAKR,GACX6F,EAAQmT,EAAK7T,OAAOU,GACpBw1C,EAAI76C,KAAK8zE,GAAe1oE,EAAI6K,aAAc+9D,EAAU3uE,GAAO,IAExB,OAAjClH,KAAK+X,0BACP7Q,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAK+X,0BAC7D2kC,EAAI76C,KAAK8zE,GAAe1oE,EAAI8K,yBAAyB,EAAO7Q,KAElB,OAAxClH,KAAKgY,iCACP9Q,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAKgY,iCAC7D0kC,EAAI76C,KAAK8zE,GAAe1oE,EAAI+K,gCAAgC,EAAO9Q,KAEnC,OAA9BlH,KAAKiY,uBACP/Q,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAKiY,uBAC7DykC,EAAI76C,KAAK8zE,GAAe1oE,EAAIgL,sBAAsB,EAAO/Q,KAE3B,OAA5BlH,KAAKkY,oBACPwkC,EAAI76C,KAAK8zE,GAAe1oE,EAAIiL,oBAAoB,EAAOmC,EAAK0C,WAAW/c,KAAKkY,sBAEjD,OAAzBlY,KAAKu0E,iBACP73B,EAAI76C,KAAK8zE,GAAe1oE,EAAIkL,eAAe,EAAO,IAAItV,WAAW,CAAC7C,KAAKu0E,gBAAkB,EAAI,MAExE,OAAnBv0E,KAAKoY,WACPskC,EAAI76C,KAAK8zE,GAAe1oE,EAAImL,WAAW,EAAOiC,EAAK0C,WAAW/c,KAAKoY,aAE/C,OAAlBpY,KAAKqY,WACPnR,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAKqY,WAC7DqkC,EAAI76C,KAAK8zE,GAAe1oE,EAAIoL,UAAU,EAAMnR,KAEnB,OAAvBlH,KAAKsY,eACPokC,EAAI76C,KAAK8zE,GAAe1oE,EAAIqL,eAAe,EAAO+B,EAAK0C,WAAW/c,KAAKsY,iBAEpC,OAAjCtY,KAAKw0E,0BACPttE,EAAQmT,EAAKiC,mBAAmB/B,OAAOsC,aAAa7c,KAAKw0E,yBAA2Bx0E,KAAKy0E,2BACzF/3B,EAAI76C,KAAK8zE,GAAe1oE,EAAIsL,qBAAqB,EAAMrR,KAEnC,OAAlBlH,KAAKwY,WACPtR,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAKwY,WAC7DkkC,EAAI76C,KAAK8zE,GAAe1oE,EAAIuL,UAAU,EAAOtR,KAEA,OAA3ClH,KAAK00E,oCACPxtE,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAK00E,kCAAmC10E,KAAK20E,gCACtEztE,EAAMrF,KAAKwY,EAAKiC,mBAAmBtc,KAAK40E,sBACxC1tE,EAAQmT,EAAK7T,OAAOU,GACpBw1C,EAAI76C,KAAK8zE,GAAe1oE,EAAIwL,iBAAiB,EAAMvR,KAEtB,OAA3BlH,KAAK0Y,mBACPgkC,EAAI76C,KAAK8zE,GAAe1oE,EAAIyL,mBAAmB,EAAM1Y,KAAK0Y,kBAAkB5W,UAE/C,OAA3B9B,KAAK2Y,oBACPzR,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAK60E,mBAAoB70E,KAAK2Y,mBACvDzR,EAAQmT,EAAK7T,OAAOU,GACpBw1C,EAAI76C,KAAK8zE,GAAe1oE,EAAI0L,kBAAoC,IAAjB3Y,KAAK6hD,QAAe36C,KAEhC,OAAjClH,KAAK4Y,0BACP1R,EAAQmT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmB1c,KAAK4Y,0BAC7D8jC,EAAI76C,KAAK8zE,GAAe1oE,EAAI2L,yBAAyB,EAAO1R,KAG9D,MAAMzF,EAAS4Y,EAAK7T,OAAOk2C,GACrBt7C,EAASiZ,EAAKM,YAAYlZ,EAAOL,OAAQ,GAE/C,OAAOiZ,EAAK7T,OAAO,CAACpF,EAAQK,IAO9B2zE,0BACE,MAAM14B,EAAM,GACZ18C,KAAKyzE,mBAAmBrwE,SAAQ2G,IAC9B2yC,EAAI76C,KAAK+jD,GAAkB77C,EAAK3I,SAChCs7C,EAAI76C,KAAKkI,EAAK,IAGhB,MAAMtI,EAAS4Y,EAAK7T,OAAOk2C,GACrBt7C,EAASiZ,EAAKM,YAAYlZ,EAAOL,OAAQ,GAE/C,OAAOiZ,EAAK7T,OAAO,CAACpF,EAAQK,IAI9Bs0E,cAAc7uE,EAAOg7B,GAAS,GAC5B,IAAI8zC,EAAQ,EAGZ,MAAMH,KAA6B,IAAf3uE,EAAM8uE,IACpB/7D,EAAsB,IAAf/S,EAAM8uE,GAEnB,GAAK9zC,IACHliC,KAAKyzE,mBAAmB5xE,KAAKqF,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACpD+xE,GAA0BntE,IAAIiU,IAQrC,OAHA+7D,IAGQ/7D,GACN,KAAK+G,EAAM9J,mBAAmBC,sBAE5BnX,KAAK2zE,QAAUt5D,EAAKO,SAAS1T,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACzD,MACF,KAAK4f,EAAM9J,mBAAmBE,wBAAyB,CAErD,MAAM6+D,EAAU57D,EAAKK,WAAWxT,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAE5DpB,KAAK4zE,sBAAoC,IAAZqC,EAC7Bj2E,KAAKoX,wBAA0B6+D,EAE/B,MAEF,KAAKj1D,EAAM9J,mBAAmBG,wBAE5BrX,KAAK6zE,WAAgC,IAAnB3sE,EAAM8uE,KACxB,MACF,KAAKh1D,EAAM9J,mBAAmBI,eAE5BtX,KAAK8zE,WAAa5sE,EAAM8uE,KACxBh2E,KAAK+zE,YAAc7sE,EAAM8uE,KACzB,MACF,KAAKh1D,EAAM9J,mBAAmBK,kBAE5BvX,KAAKuX,kBAAoBrQ,EAAM8uE,GAC/B,MACF,KAAKh1D,EAAM9J,mBAAmBM,UAE5BxX,KAAKwX,UAA+B,IAAnBtQ,EAAM8uE,KACvB,MACF,KAAKh1D,EAAM9J,mBAAmBO,kBAAmB,CAE/C,MAAMw+D,EAAU57D,EAAKK,WAAWxT,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAE5DpB,KAAKyX,kBAAoBw+D,EACzBj2E,KAAKg0E,gBAA8B,IAAZiC,EAEvB,MAEF,KAAKj1D,EAAM9J,mBAAmBS,6BAE5B3X,KAAK2X,6BAA+B,IAAIzQ,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACpE,MACF,KAAK4f,EAAM9J,mBAAmBU,cAK5B5X,KAAKi0E,mBAAqB/sE,EAAM8uE,KAChCh2E,KAAKk0E,uBAAyBhtE,EAAM8uE,KACpCh2E,KAAKm0E,yBAA2BjtE,EAAMgF,SAAS8pE,EAAOA,EAAQ,IAC9D,MAEF,KAAKh1D,EAAM9J,mBAAmBW,OAE5B7X,KAAKo0E,YAAYlzE,KAAKgG,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAClD,MAEF,KAAK4f,EAAM9J,mBAAmBY,aAAc,CAE1C,MAAM89D,KAAkC,IAAf1uE,EAAM8uE,IAG/BA,GAAS,EACT,MAAM3oE,EAAIgN,EAAKK,WAAWxT,EAAMgF,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAM3pE,EAAIgO,EAAKK,WAAWxT,EAAMgF,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM7qE,EAAOkP,EAAK+C,WAAWlW,EAAMgF,SAAS8pE,EAAOA,EAAQ3oE,IACrDhM,EAAQ6F,EAAMgF,SAAS8pE,EAAQ3oE,EAAG2oE,EAAQ3oE,EAAIhB,GAEpDrM,KAAKq0E,aAAaxyE,KAAK,CAAEsJ,OAAMyqE,gBAAev0E,QAAOw0E,aAEjDD,IACF51E,KAAKs0E,UAAUnpE,GAAQkP,EAAK+C,WAAW/b,IAEzC,MAEF,KAAK2f,EAAM9J,mBAAmBa,wBAE5B/X,KAAK+X,wBAA0B,IAAI7Q,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAC/D,MACF,KAAK4f,EAAM9J,mBAAmBc,+BAE5BhY,KAAKgY,+BAAiC,IAAI9Q,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACtE,MACF,KAAK4f,EAAM9J,mBAAmBe,qBAE5BjY,KAAKiY,qBAAuB,IAAI/Q,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAC5D,MACF,KAAK4f,EAAM9J,mBAAmBgB,mBAE5BlY,KAAKkY,mBAAqBmC,EAAK+C,WAAWlW,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACtE,MACF,KAAK4f,EAAM9J,mBAAmBiB,cAE5BnY,KAAKu0E,gBAAqC,IAAnBrtE,EAAM8uE,KAC7B,MACF,KAAKh1D,EAAM9J,mBAAmBkB,UAE5BpY,KAAKoY,UAAYiC,EAAK+C,WAAWlW,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAC7D,MACF,KAAK4f,EAAM9J,mBAAmBmB,SAE5BrY,KAAKqY,SAAW,IAAInR,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAChD,MACF,KAAK4f,EAAM9J,mBAAmBoB,cAE5BtY,KAAKsY,cAAgB+B,EAAK+C,WAAWlW,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACjE,MACF,KAAK4f,EAAM9J,mBAAmBqB,oBAE5BvY,KAAKw0E,wBAA0BttE,EAAM8uE,KACrCh2E,KAAKy0E,0BAA4Bp6D,EAAK+C,WAAWlW,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAC7E,MACF,KAAK4f,EAAM9J,mBAAmBsB,SAE5BxY,KAAKwY,SAAW,IAAItR,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAChD,MACF,KAAK4f,EAAM9J,mBAAmBuB,gBAAiB,CAG7CzY,KAAK00E,kCAAoCxtE,EAAM8uE,KAC/Ch2E,KAAK20E,6BAA+BztE,EAAM8uE,KAE1C,MAAMhmE,EAAM0O,GAAOgxB,kBAAkB1vC,KAAK20E,8BAE1C30E,KAAK40E,oBAAsBv6D,EAAKqC,mBAAmBxV,EAAMgF,SAAS8pE,EAAOA,EAAQhmE,IACjF,MAEF,KAAKgR,EAAM9J,mBAAmBwB,kBAE5B1Y,KAAK0Y,kBAAoB,IAAI06D,GAC7BpzE,KAAK0Y,kBAAkBxX,KAAKgG,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SACxD,MACF,KAAK4f,EAAM9J,mBAAmByB,kBAE5B3Y,KAAK60E,iBAAmB3tE,EAAM8uE,KAC9Bh2E,KAAK2Y,kBAAoBzR,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,QACvB,IAA1BpB,KAAK60E,iBACP70E,KAAKo0E,YAAYlzE,KAAKlB,KAAK2Y,mBAE3B3Y,KAAKo0E,YAAYlzE,KAAKlB,KAAK2Y,kBAAkBzM,UAAU,IAEzD,MACF,KAAK8U,EAAM9J,mBAAmB0B,wBAE5B5Y,KAAK4Y,wBAA0B,IAAI1R,EAAMgF,SAAS8pE,EAAO9uE,EAAM9F,SAC/D,MACF,QAAS,CACP,MAAMigD,EAAUn+C,MAAM,oCAAoC+W,GAC1D,GAAI47D,EACF,MAAMx0B,EAENhnC,EAAK0D,WAAWsjC,KAMxB0zB,eAAe7tE,EAAOgvE,GAAU,EAAMxxD,GAEpC,MAAMyxD,EAAkB97D,EAAKK,WAAWxT,EAAMgF,SAAS,EAAG,IAE1D,IAAIjJ,EAAI,EAGR,KAAOA,EAAI,EAAIkzE,GAAiB,CAC9B,MAAMnmE,EAAM21C,GAAiBz+C,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SACrD6B,GAAK+M,EAAII,OAETpQ,KAAK+1E,cAAc7uE,EAAMgF,SAASjJ,EAAGA,EAAI+M,EAAIA,KAAMkmE,EAASxxD,GAE5DzhB,GAAK+M,EAAIA,IAGX,OAAO/M,EAITmzE,OAAOn8D,EAAMlQ,GACX,MAAMmU,EAAI8C,EAAMhM,UAEhB,OAAQiF,GACN,KAAKiE,EAAEjI,OACL,OAAkB,OAAdlM,EAAKmM,KACAmE,EAAK0C,WAAWhT,EAAK2oE,SAAQ,IAE/B3oE,EAAK4oE,UAAS,GAEvB,KAAKz0D,EAAEhI,KAAM,CACX,MAAMhP,EAAQ6C,EAAK4oE,UAAS,GAE5B,OAAOt4D,EAAKmF,gBAAgBtY,GAE9B,KAAKgX,EAAE7H,WACL,OAAO,IAAIxT,WAAW,GAExB,KAAKqb,EAAE5H,YACP,KAAK4H,EAAE3H,YACP,KAAK2H,EAAE1H,WACP,KAAK0H,EAAEzH,aACP,KAAKyH,EAAExH,eAAgB,CACrB,IAAI5B,EACAwL,EAEJ,GAAIvW,EAAK2L,OACP4K,EAAM,IACNxL,EAAS/K,EAAK2L,WACT,KAAI3L,EAAK6L,cAId,MAAU1S,MAAM,mFAHhBod,EAAM,IACNxL,EAAS/K,EAAK6L,cAMhB,MAAM1O,EAAQ4N,EAAOhT,QAErB,OAAOuY,EAAK7T,OAAO,CAACxG,KAAKo2E,OAAOl4D,EAAErH,IAAK9M,GACrC,IAAIlH,WAAW,CAACyd,IAChBjG,EAAKM,YAAYzT,EAAM9F,OAAQ,GAC/B8F,IAEJ,KAAKgX,EAAEvH,cACP,KAAKuH,EAAEnH,iBACP,KAAKmH,EAAEtH,WACL,OAAOyD,EAAK7T,OAAO,CAACxG,KAAKo2E,OAAOl4D,EAAErH,IAAK9M,GAAO/J,KAAKo2E,OAAOl4D,EAAErH,IAAK,CAC/DA,IAAK9M,EAAKtE,SAGd,KAAKyY,EAAErH,IACL,QAAiB5V,IAAb8I,EAAK8M,IACP,MAAU3T,MAAM,8CAElB,OAAO6G,EAAK8M,IAAIw/D,aAAar2E,KAAK6hD,SAEpC,KAAK3jC,EAAEpH,cACL,OAAO9W,KAAKo2E,OAAOl4D,EAAErH,IAAK9M,GAC5B,KAAKmU,EAAElH,UACL,OAAO,IAAInU,WAAW,GACxB,KAAKqb,EAAEjH,WACL,MAAU/T,MAAM,mBAClB,QACE,MAAUA,MAAM,4BAItBozE,iBAAiBvsE,EAAMqzC,GACrB,IAAIh8C,EAAS,EACb,OAAOob,EAAiBk5D,EAAa11E,KAAKwzE,gBAAgBnyE,IACxDD,GAAUC,EAAMD,MAAM,IACrB,KACD,MAAMs7C,EAAM,GAeZ,OAdqB,IAAjB18C,KAAK6hD,SAAkB7hD,KAAKqzE,gBAAkBryD,EAAMhM,UAAUiB,QAAUjW,KAAKqzE,gBAAkBryD,EAAMhM,UAAUkB,OAC7GknC,EACFV,EAAI76C,KAAK,IAAIgB,WAAW,IAExB65C,EAAI76C,KAAKkI,EAAKk8C,gBAGlBvJ,EAAI76C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK6hD,QAAS,OAClB,IAAjB7hD,KAAK6hD,SACPnF,EAAI76C,KAAK,IAAIgB,WAAW,IAE1B65C,EAAI76C,KAAKwY,EAAKM,YAAYvZ,EAAQ,IAG3BiZ,EAAK7T,OAAOk2C,EAAI,IAI3B84B,OAAOnC,EAAetpE,EAAMqzC,GAAW,GACrC,MAAMl2C,EAAQlH,KAAKo2E,OAAO/C,EAAetpE,GAEzC,OAAOsQ,EAAK7T,OAAO,CAACU,EAAOlH,KAAKwzE,cAAexzE,KAAKs2E,iBAAiBvsE,EAAMqzC,KAG7Ej8C,WAAWkyE,EAAetpE,EAAMyrE,EAAQp4B,GAAW,GAEjD,OADKo4B,IAAQA,EAASx1E,KAAKw1E,OAAOnC,EAAetpE,EAAMqzC,IAChD1+B,GAAOzK,KAAK8zB,OAAO/nC,KAAKszE,cAAekC,GAehDr0E,aAAa0V,EAAKw8D,EAAetpE,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IACnF,IAAKhmB,KAAKo0E,YAAY7sD,OAAO1Q,EAAIy+D,YAC/B,MAAUpyE,MAAM,oDAElB,GAAIlD,KAAKuzE,qBAAuB18D,EAAIizC,UAClC,MAAU5mD,MAAM,oFAGlB,MAAMqzE,EAAqBlD,IAAkBryD,EAAMhM,UAAUiB,QAAUo9D,IAAkBryD,EAAMhM,UAAUkB,KAIzG,KADmBlW,KAAKkzE,MAAcqD,GACrB,CACf,IAAIf,EACAvhE,EAQJ,GAPIjU,KAAKkiC,OACPjuB,QAAajU,KAAKkiC,QAElBszC,EAASx1E,KAAKw1E,OAAOnC,EAAetpE,EAAMqzC,GAC1CnpC,QAAajU,KAAKiU,KAAKo/D,EAAetpE,EAAMyrE,IAE9CvhE,QAAa2S,EAAiB3S,GAC1BjU,KAAK0zE,gBAAgB,KAAOz/D,EAAK,IACjCjU,KAAK0zE,gBAAgB,KAAOz/D,EAAK,GACnC,MAAU/Q,MAAM,+BAUlB,GAPAlD,KAAKgnD,aAAehnD,KAAKgnD,OAEzBhnD,KAAKkzE,UAAkBx0D,GAAO1J,UAAUsoC,OACtCt9C,KAAKuzE,mBAAoBvzE,KAAKszE,cAAetzE,KAAKgnD,OAAQnwC,EAAIo4C,aAC9DumB,EAAQvhE,IAGLjU,KAAKkzE,IACR,MAAUhwE,MAAM,iCAIpB,MAAMszE,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAIiE,GAAYx2E,KAAK2zE,QAAU6C,EAC7B,MAAUtzE,MAAM,4CAElB,GAAIszE,GAAYA,GAAYx2E,KAAKy2E,oBAC/B,MAAUvzE,MAAM,wBAElB,GAAIwhB,EAAOT,qBAAqBje,IAAIhG,KAAKszE,eACvC,MAAUpwE,MAAM,4BAA8B8d,EAAM9f,KAAK8f,EAAM/M,KAAMjU,KAAKszE,eAAeoD,eAE3F,GAAIhyD,EAAOR,4BAA4Ble,IAAIhG,KAAKszE,gBAC9C,CAACtyD,EAAMhM,UAAUiB,OAAQ+K,EAAMhM,UAAUkB,MAAMuL,SAASzhB,KAAKqzE,eAC7D,MAAUnwE,MAAM,oCAAsC8d,EAAM9f,KAAK8f,EAAM/M,KAAMjU,KAAKszE,eAAeoD,eAOnG,GALA12E,KAAKq0E,aAAajxE,SAAQ,EAAG+H,OAAM0qE,eACjC,GAAIA,GAAanxD,EAAOX,eAAexd,QAAQ4E,GAAQ,EACrD,MAAUjI,MAAM,8BAA8BiI,MAGlB,OAA5BnL,KAAKi0E,mBACP,MAAU/wE,MAAM,iGASpByzE,UAAUpE,EAAO,IAAI13D,MACnB,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,OAAiB,OAAbiE,KACOx2E,KAAK2zE,SAAW6C,GAAYA,EAAWx2E,KAAKy2E,qBASzDA,oBACE,OAAOz2E,KAAK4zE,sBAAwBnoE,IAAW,IAAIoP,KAAK7a,KAAK2zE,QAAQz4D,UAA2C,IAA/Blb,KAAKoX,0BAgB1F,SAASu+D,GAAe17D,EAAM47D,EAAU9rE,GACtC,MAAM2yC,EAAM,GAIZ,OAHAA,EAAI76C,KAAK+jD,GAAkB77C,EAAK3I,OAAS,IACzCs7C,EAAI76C,KAAK,IAAIgB,WAAW,EAAEgzE,EAAW,IAAO,GAAK57D,KACjDyiC,EAAI76C,KAAKkI,GACFsQ,EAAK7T,OAAOk2C,EACrB,CC9tBA,MAAMk6B,GACOt2D,iBACT,OAAOU,EAAMlM,OAAOI,iBAGtBpV,cAEEE,KAAK6hD,QAAU,KAQf7hD,KAAKqzE,cAAgB,KAMrBrzE,KAAKszE,cAAgB,KAMrBtzE,KAAKuzE,mBAAqB,KAE1BvzE,KAAKo0E,YAAc,KAMnBp0E,KAAKspE,MAAQ,KAQfpoE,KAAKgG,GACH,IAAI8uE,EAAQ,EAGZ,GADAh2E,KAAK6hD,QAAU36C,EAAM8uE,KA1DT,IA2DRh2E,KAAK6hD,QACP,MAAM,IAAIkF,GAAiB,WAAW/mD,KAAK6hD,4DAuB7C,OAlBA7hD,KAAKqzE,cAAgBnsE,EAAM8uE,KAG3Bh2E,KAAKszE,cAAgBpsE,EAAM8uE,KAG3Bh2E,KAAKuzE,mBAAqBrsE,EAAM8uE,KAGhCh2E,KAAKo0E,YAAc,IAAI/sD,GACvBrnB,KAAKo0E,YAAYlzE,KAAKgG,EAAMgF,SAAS8pE,EAAOA,EAAQ,IACpDA,GAAS,EAMTh2E,KAAKspE,MAAQpiE,EAAM8uE,KACZh2E,KAOT8B,QACE,MAAM8B,EAAQ,IAAIf,WAAW,CA3FjB,EA2F2B7C,KAAKqzE,cAAerzE,KAAKszE,cAAetzE,KAAKuzE,qBAE9E/nE,EAAM,IAAI3I,WAAW,CAAC7C,KAAKspE,QAEjC,OAAOjvD,EAAKvX,iBAAiB,CAACc,EAAO5D,KAAKo0E,YAAYtyE,QAAS0J,IAGjE8qE,oBAAoBzlD,GAClB,OAAOqkD,GAAiB/zE,SAAYiyE,GAAgBpyE,UAAUs1E,iBAAiBx5D,YAAY9c,KAAK62E,iBAAkBhmD,KAGpH1vB,eACE,MAAM01E,QAAyB72E,KAAK62E,iBACpC,IAAKA,GAAoBA,EAAiB/2E,YAAYwgB,MAAQU,EAAMlM,OAAOE,UACzE,MAAU9R,MAAM,0CAElB,GACE2zE,EAAiBxD,gBAAkBrzE,KAAKqzE,eACxCwD,EAAiBvD,gBAAkBtzE,KAAKszE,eACxCuD,EAAiBtD,qBAAuBvzE,KAAKuzE,qBAC5CsD,EAAiBzC,YAAY7sD,OAAOvnB,KAAKo0E,aAE1C,MAAUlxE,MAAM,2EAGlB,OADA2zE,EAAiB30C,OAASliC,KAAKkiC,OACxB20C,EAAiBv5B,OAAOxgC,MAAM+5D,EAAkBr6B,YCxHpD,SAASs6B,GAAiBx2D,EAAKy2D,GACpC,IAAKA,EAAez2D,GAAM,CAExB,IAAI02D,EACJ,IACEA,EAAah2D,EAAM9f,KAAK8f,EAAMlM,OAAQwL,GACtC,MAAOjc,GACP,MAAM,IAAI0iD,GAAiB,iCAAiCzmC,GAE9D,MAAUpd,MAAM,uCAAuC8zE,GAEzD,OAAO,IAAID,EAAez2D,EAC5B,CDgHAs2D,GAAuB51E,UAAUiT,KAAOm/D,GAAgBpyE,UAAUiT,KAClE2iE,GAAuB51E,UAAUw0E,OAASpC,GAAgBpyE,UAAUw0E,OACpEoB,GAAuB51E,UAAUo1E,OAAShD,GAAgBpyE,UAAUo1E,OC1GpE,MAAMa,WAAmBp3E,MAWvB+nB,wBAAwB1gB,EAAO6vE,EAAgBryD,EAASsB,IACtD,MAAMkxD,EAAU,IAAID,GAEpB,aADMC,EAAQh2E,KAAKgG,EAAO6vE,EAAgBryD,GACnCwyD,EAWT/1E,WAAW+F,EAAO6vE,EAAgBryD,EAASsB,IACrCtB,EAAOjB,yBAAyBriB,SAClC21E,EAAiB,IAAKA,KAAmB18D,EAAK8F,wBAAwBuE,EAAOjB,4BAE/EzjB,KAAKe,OAASwlB,EAAqBrf,GAAO/F,MAAOsH,EAAUC,KACzD,MAAMhI,EAAS+lB,EAAiB/d,GAChC,IACE,OAAa,OACLhI,EAAOwI,MA6Bb,SA5BmBi9C,GAAY19C,GAAUtH,UACvC,IACE,GAAIg2E,EAAO72D,MAAQU,EAAMlM,OAAOS,QAAU4hE,EAAO72D,MAAQU,EAAMlM,OAAOW,MAIpE,OAEF,MAAMX,EAASgiE,GAAiBK,EAAO72D,IAAKy2D,GAC5CjiE,EAAOoiE,QAAU,IAAID,GACrBniE,EAAOsiE,WAAa/8D,EAAK7X,SAAS20E,EAAOriE,cACnCA,EAAO5T,KAAKi2E,EAAOriE,OAAQ4P,SAC3BhkB,EAAOoB,MAAMgT,GACnB,MAAOzQ,GACP,MAAMgzE,GAAyB3yD,EAAOnB,0BAA4Blf,aAAa0iD,GACzEuwB,IAAuB5yD,EAAOlB,wBAA4Bnf,aAAa0iD,IAC7E,GAAIswB,GAAyBC,GAAuBpxB,GAAkBixB,EAAO72D,WAIrE5f,EAAOuB,MAAMoC,OACd,CACL,MAAMkzE,EAAiB,IAAIrwB,GAAkBiwB,EAAO72D,IAAK62D,EAAOriE,cAC1DpU,EAAOoB,MAAMy1E,GAErBl9D,EAAK4D,gBAAgB5Z,OAMvB,aAFM3D,EAAOwI,iBACPxI,EAAOsB,SAIjB,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAKvB,MAAMkB,EAASihB,EAAiBxmB,KAAKe,QACrC,OAAa,CACX,MAAMO,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OAMrC,GALKI,EAGHtB,KAAKe,OAAS,KAFdf,KAAK6B,KAAKR,GAIRC,GAAQ4kD,GAAkB7kD,EAAMvB,YAAYwgB,KAC9C,MAGJ/a,EAAO3E,cAQTkB,QACE,MAAM46C,EAAM,GAEZ,IAAK,IAAIz5C,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,MAAMqd,EAAMtgB,KAAKiD,aAAcikD,GAAoBlnD,KAAKiD,GAAGqd,IAAMtgB,KAAKiD,GAAGnD,YAAYwgB,IAC/Ek3D,EAAcx3E,KAAKiD,GAAGnB,QAC5B,GAAIuY,EAAK7X,SAASg1E,IAAgBtxB,GAAkBlmD,KAAKiD,GAAGnD,YAAYwgB,KAAM,CAC5E,IAAIrc,EAAS,GACT8C,EAAe,EACnB,MAAM0wE,EAAY,IAClB/6B,EAAI76C,KAAKkkD,GAASzlC,IAClBo8B,EAAI76C,KAAK2a,EAAiBg7D,GAAan2E,IAGrC,GAFA4C,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgB0wE,EAAW,CAC7B,MAAMC,EAAW/rE,KAAKmyC,IAAInyC,KAAKqS,IAAIjX,GAAgB4E,KAAKgsE,IAAM,EAAG,IAC3DlV,EAAY,GAAKiV,EACjB1wE,EAAeqT,EAAK7T,OAAO,CAACq/C,GAAmB6xB,IAAWlxE,OAAOvC,IAGvE,OAFAA,EAAS,CAAC+C,EAAakF,SAAS,EAAIu2D,IACpC17D,EAAe9C,EAAO,GAAG7C,OAClB4F,EAAakF,SAAS,EAAG,EAAIu2D,OAErC,IAAMpoD,EAAK7T,OAAO,CAACo/C,GAAkB7+C,IAAeP,OAAOvC,WACzD,CACL,GAAIoW,EAAK7X,SAASg1E,GAAc,CAC9B,IAAIp2E,EAAS,EACbs7C,EAAI76C,KAAK2a,EAAiBk5D,EAAa8B,IAAcn2E,IACnDD,GAAUC,EAAMD,MAAM,IACrB,IAAM6kD,GAAY3lC,EAAKlf,WAE1Bs7C,EAAI76C,KAAKokD,GAAY3lC,EAAKk3D,EAAYp2E,SAExCs7C,EAAI76C,KAAK21E,IAIb,OAAOn9D,EAAK7T,OAAOk2C,GAQrBk7B,eAAeC,GACb,MAAMC,EAAW,IAAIb,GAEfc,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI/zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B40E,EAAK3vE,KAAK6vE,EAAO/3E,KAAKiD,GAAGnD,YAAYwgB,OACvCw3D,EAASj2E,KAAK7B,KAAKiD,IAIvB,OAAO60E,EAQTE,WAAW13D,GACT,OAAOtgB,KAAKi4E,MAAKnjE,GAAUA,EAAOhV,YAAYwgB,MAAQA,IAQxD43D,cAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOp4E,KAEP+3E,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI/zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B40E,EAAK3vE,KAAK6vE,EAAOK,EAAKn1E,GAAGnD,YAAYwgB,OACvC63D,EAASt2E,KAAKoB,GAGlB,OAAOk1E,GCzLX,MAAMpB,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACAsE,GACAxD,KAWF,MAAMiF,GACO/3D,iBACT,OAAOU,EAAMlM,OAAOO,eAMtBvV,YAAY4kB,EAASsB,IAKnBhmB,KAAKk3E,QAAU,KAKfl3E,KAAK8pD,UAAYplC,EAAOrC,8BAMxBriB,KAAKs4E,WAAa,KAKlBt4E,KAAKsiB,aAAeoC,EAAOpC,aAQ7BnhB,WAAW+F,EAAOwd,EAASsB,UACnB+sD,EAAa7rE,GAAO/F,UAGxBnB,KAAK8pD,gBAAkBvkD,EAAOoB,WAG9B3G,KAAKs4E,WAAa/yE,EAAOoF,kBAEnB3K,KAAKu4E,WAAW7zD,EAAO,IASjC5iB,QAKE,OAJwB,OAApB9B,KAAKs4E,YACPt4E,KAAKw4E,WAGAn+D,EAAK7T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK8pD,YAAa9pD,KAAKs4E,aAS7Dn3E,iBAAiBujB,EAASsB,IACxB,MAAMyyD,EAAkBz3D,EAAM9f,KAAK8f,EAAMpN,YAAa5T,KAAK8pD,WACrD4uB,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUx1E,MAASu1E,EAAH,gCAGlBz4E,KAAKk3E,cAAgBD,GAAW2B,WAAWF,EAAgB14E,KAAKs4E,YAAavB,GAAgBryD,GAM/F8zD,WACE,MAAMC,EAAkBz3D,EAAM9f,KAAK8f,EAAMpN,YAAa5T,KAAK8pD,WACrD+uB,EAAgBC,GAAaL,GACnC,IAAKI,EACH,MAAU31E,MAASu1E,EAAH,8BAGlBz4E,KAAKs4E,WAAaO,EAAc74E,KAAKk3E,QAAQp1E,QAAS9B,KAAKsiB,eAa/D,MAAMy2D,GAAW1+D,EAAK0E,cAEtB,SAASlL,GAAa9J,GACpB,OAAOA,CACT,CAEA,SAASivE,GAAU9Y,EAAM16B,EAAQ3gC,EAAU,IACzC,OAAO,SAAUkF,GACf,OAAKsQ,EAAK7X,SAASuH,IAASid,EAAqBjd,GACxCmrE,GAAiB,IAAMtuD,EAAiB7c,GAAMnI,MAAKmI,GACjD,IAAI9J,SAAQ,CAACC,EAASC,KAC3B+/D,EAAKn2D,EAAMlF,GAAS,CAACw8C,EAAK5/C,KACxB,GAAI4/C,EAAK,OAAOlhD,EAAOkhD,GACvBnhD,EAAQuB,EAAO,GACf,QAIDw3E,EAAiBC,EAAiBnvE,GAAMpB,KAAK68B,EAAO3gC,KAE/D,CAEA,SAASs0E,GAAUr5E,EAAa+E,EAAU,IACxC,OAAO,SAASkF,GACd,MAAMs2C,EAAM,IAAIvgD,EAAY+E,GAC5B,OAAO2X,EAAiBzS,GAAM1I,IAC5B,GAAIA,EAAMD,OAER,OADAi/C,EAAIx+C,KAAKR,EAAO0wD,IACT1R,EAAI5+C,UAEZ,KACD,GAAI3B,IAAgB0iE,GAElB,OADAniB,EAAIx+C,KAAK,GAAIowD,IACN5R,EAAI5+C,UAInB,CAEA,SAASuS,GAAMksD,GACb,OAAO,SAASn2D,GACd,OAAOmrE,GAAiB/zE,SAAY++D,QAAWt5C,EAAiB7c,MAEpE,CAEA,MAAM+uE,GAAeC,GAAW,CAC9BjlE,iBAAmB,CAACwkE,EAAYre,IAAU+e,GAAUD,GAASK,WAAYL,GAASM,iBAAkB,CAAEpf,SAA5D+e,CAAqEV,GAC/GvkE,kBAAoB,CAACukE,EAAYre,IAAU+e,GAAUD,GAAS3X,QAAS2X,GAASO,cAAe,CAAErf,SAAtD+e,CAA+DV,IACxG,CACFxkE,iBAAmB,CAACwkE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEK,KAAK,EAAM5I,SAAhCkf,CAAyCb,GACnFvkE,kBAAoB,CAACukE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEvI,SAArBkf,CAA8Bb,IAGrEK,GAAiBI,GAAW,CAChCllE,aAAcA,GACdC,iBAAmBklE,GAAUD,GAASQ,WAAYR,GAASS,kBAC3DzlE,kBAAoBilE,GAAUD,GAASlO,QAASkO,GAASU,eACzDzlE,mBAAqBA,GAAM0lE,KACzB,CACF7lE,aAAcA,GACdC,iBAAmBqlE,GAAUzN,GAAS,CAAE7I,KAAK,IAC7C9uD,kBAAoBolE,GAAUzN,IAC9B13D,mBAAqBA,GAAM0lE,KCnLvB3C,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAeF,MAAMuG,GACOr5D,iBACT,OAAOU,EAAMlM,OAAOe,mCAGtB/V,cACEE,KAAK6hD,QAlBO,EAmBZ7hD,KAAK45E,UAAY,KACjB55E,KAAKk3E,QAAU,KAGjB/1E,WAAW+F,SACH6rE,EAAa7rE,GAAO/F,UACxB,MAAM0gD,QAAgBt8C,EAAOoB,WAE7B,GA3BU,IA2BNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,wCAMxC7hD,KAAK45E,UAAYr0E,EAAOoF,WAAW,IAIvC7I,QACE,OAAOuY,EAAK7T,OAAO,CAAC,IAAI3D,WAAW,CAvCvB,IAuCmC7C,KAAK45E,YAYtDz4E,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEvC,IAAI3yE,EAAQlH,KAAKk3E,QAAQp1E,QACrBklB,EAAqB9f,KAAQA,QAAc0f,EAAiB1f,IAChE,MAAM6U,QAAe2C,GAAOo7D,gBAAgBD,GACtCE,EAAM,IAAIl3E,WAAW,CAAC,IAAM,KAE5Bm3E,EAAS3/D,EAAK7T,OAAO,CAACuV,EAAQ7U,EAAO6yE,IACrC9lE,QAAayK,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,IAClD7mE,EAAYkH,EAAK7T,OAAO,CAACwzE,EAAQ/lE,IAGvC,OADAjU,KAAK45E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK1D,EAAW,IAAItQ,WAAWowB,GAAYvO,IACxG,EAYTvjB,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACvC,IAAID,EAAYlE,EAAa11E,KAAK45E,WAC9B5yD,EAAqB4yD,KAAYA,QAAkBhzD,EAAiBgzD,IACxE,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EAAK+iE,EAAW,IAAI/2E,WAAWowB,IAI9FinD,EAAWzE,EAAa5uD,EAAoBozD,IAAa,IACzDD,EAASvE,EAAawE,EAAW,GAAI,IACrCE,EAAal6E,QAAQ2H,IAAI,CAC7Bgf,QAAuBlI,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,KAC5DpzD,EAAiBszD,KAChBt4E,MAAK,EAAEqS,EAAM8lE,MACd,IAAK1/D,EAAKqD,iBAAiBzJ,EAAM8lE,GAC/B,MAAU72E,MAAM,0BAElB,OAAO,IAAIL,UAAY,IAEnBqE,EAAQuuE,EAAauE,EAAQ/mD,EAAY,GAC/C,IAAIukD,EAAc/B,EAAavuE,EAAO,GAAI,GAM1C,OALAswE,EAAch6D,EAAc,CAACg6D,EAAatC,GAAiB,IAAMiF,MAC5D9/D,EAAK7X,SAASo3E,IAAel1D,EAAO9B,6BACvC40D,QAAoB5wD,EAAiB4wD,IAEvCx3E,KAAKk3E,cAAgBD,GAAW2B,WAAWpB,EAAaT,GAAgBryD,IACjE,GC7GX,MAAMqyD,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAYF,MAAMgH,GACO95D,iBACT,OAAOU,EAAMlM,OAAOiB,kBAGtBjW,cACEE,KAAK6hD,QAfO,EAiBZ7hD,KAAKq6E,gBAAkB,KAEvBr6E,KAAKs6E,cAAgBt5D,EAAMtM,KAAKC,IAChC3U,KAAKu6E,cAAgB,KACrBv6E,KAAKmxB,GAAK,KACVnxB,KAAK45E,UAAY,KACjB55E,KAAKk3E,QAAU,KAQjB/1E,WAAW+F,SACH6rE,EAAa7rE,GAAO/F,UACxB,MAAM0gD,QAAgBt8C,EAAOoB,WAC7B,GAlCU,IAkCNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,yDAExC7hD,KAAKq6E,sBAAwB90E,EAAOoB,WACpC3G,KAAKs6E,oBAAsB/0E,EAAOoB,WAClC3G,KAAKu6E,oBAAsBh1E,EAAOoB,WAElC,MAAMonB,EAAOrP,GAAO87D,YAAYx6E,KAAKs6E,eACrCt6E,KAAKmxB,SAAW5rB,EAAOuB,UAAUinB,EAAKwkB,UACtCvyC,KAAK45E,UAAYr0E,EAAOoF,WAAW,IAQvC7I,QACE,OAAOuY,EAAK7T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK6hD,QAAS7hD,KAAKq6E,gBAAiBr6E,KAAKs6E,cAAet6E,KAAKu6E,gBAAiBv6E,KAAKmxB,GAAInxB,KAAK45E,YAWlIz4E,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAC/ChmB,KAAKk3E,cAAgBD,GAAW2B,iBACxB54E,KAAKg0C,MAAM,UAAWn9B,EAAK6+D,EAAa11E,KAAK45E,YACnD7C,GACAryD,GAYJvjB,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAC/ChmB,KAAKq6E,gBAAkBR,EAEvB,MAAMtnC,SAAEA,GAAa7zB,GAAO87D,YAAYx6E,KAAKs6E,eAC7Ct6E,KAAKmxB,GAAKzS,GAAO+xC,OAAOvS,eAAe3L,GACvCvyC,KAAKu6E,cAAgB71D,EAAOjC,kBAC5B,MAAM1Y,EAAO/J,KAAKk3E,QAAQp1E,QAC1B9B,KAAK45E,gBAAkB55E,KAAKg0C,MAAM,UAAWn9B,EAAK9M,GAWpD5I,YAAY+I,EAAI2M,EAAK9M,GACnB,MAAMgkB,EAAOrP,GAAO87D,YAAYx6E,KAAKs6E,eAC/BG,QAAqB1sD,EAAK/tB,KAAKq6E,gBAAiBxjE,GAChD6jE,EAA+B,YAAPxwE,EAAmB6jB,EAAKykB,UAAY,EAC5DmoC,EAA+B,YAAPzwE,EAAmB6jB,EAAKykB,UAAY,EAC5DiwB,EAAY,IAAMziE,KAAKu6E,cAAgB,GAAKG,EAC5CE,EAAc,IAAIx1D,YAAY,IAC9By1D,EAAa,IAAIh4E,WAAW+3E,EAAa,EAAG,IAC5CE,EAAgB,IAAIj4E,WAAW+3E,GAC/BG,EAAY,IAAI11D,SAASu1D,GACzBI,EAAkB,IAAIn4E,WAAW+3E,EAAa,EAAG,GACvDC,EAAWv3E,IAAI,CAAC,IAAO82E,GAAwB95D,IAAKtgB,KAAK6hD,QAAS7hD,KAAKq6E,gBAAiBr6E,KAAKs6E,cAAet6E,KAAKu6E,eAAgB,GACjI,IAAI/mC,EAAa,EACbynC,EAAgBh7E,QAAQC,UACxBg7E,EAAe,EACfC,EAAc,EAClB,MAAMhqD,EAAKnxB,KAAKmxB,GAChB,OAAO5K,EAAqBxc,GAAM5I,MAAOsH,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7X,SAASiG,GAAuB,CACvC,MAAMxE,EAAS,IAAI2iD,EAAuB,GAAI,CAC5Ch9C,cAAeyQ,EAAK6E,yBAA2B,IAAMlf,KAAKu6E,cAAgB,GAC1Ev1E,KAAMuZ,GAASA,EAAMnd,SAEvB0lB,EAAY7iB,EAAOwE,SAAUC,GAC7BA,EAAWzE,EAAOyE,SAEpB,MAAMnD,EAASihB,EAAiB/d,GAC1B/H,EAAS+lB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAI3G,QAAcwD,EAAOuB,UAAU27D,EAAYiY,IAA0B,IAAI73E,WAC7E,MAAMu4E,EAAar5E,EAAMmK,SAASnK,EAAMX,OAASs5E,GAEjD,IAAIW,EACA/5E,EAwBJ,GA1BAS,EAAQA,EAAMmK,SAAS,EAAGnK,EAAMX,OAASs5E,IAGpClnC,GAAczxC,EAAMX,QACvBmE,EAAOmB,QAAQ00E,GACfC,EAAiBZ,EAAavwE,GAAInI,EAAOgsB,EAAKwlB,SAASpiB,EAAI6pD,GAAkBH,GAC7EM,GAAep5E,EAAMX,OAASs5E,EAAwBC,IAKtDI,EAAUO,SAAS,GAAQJ,GAC3BG,EAAiBZ,EAAavwE,GAAIkxE,EAAYrtD,EAAKwlB,SAASpiB,EAAI6pD,GAAkBF,GAClFK,GAAeR,EACfr5E,GAAO,GAET45E,GAAgBn5E,EAAMX,OAASs5E,EAE/BO,EAAgBA,EAAcr5E,MAAK,IAAMy5E,IAAgBz5E,MAAKT,gBACtDT,EAAOwI,YACPxI,EAAOoB,MAAMizC,GACnBomC,GAAepmC,EAAQ3zC,MAAM,IAC5BhB,OAAMihD,GAAO3gD,EAAOuB,MAAMo/C,MACzB//C,GAAQ65E,EAAcz6E,EAAO66E,oBACzBN,EAEH35E,EAEE,OACCZ,EAAOsB,QACb,MAHA+4E,EAAUO,SAAS,IAAS9nC,IAMhC,MAAOnvC,SACD3D,EAAOuB,MAAMoC,QChK3B,MAAMm3E,GACOl7D,iBACT,OAAOU,EAAMlM,OAAOC,6BAGtBjV,cACEE,KAAK6hD,QAAU,EAEf7hD,KAAKy7E,YAAc,IAAIp0D,GACvBrnB,KAAKuzE,mBAAqB,KAE1BvzE,KAAK07E,WAAa,KAKlB17E,KAAK65E,oBAAsB,KAG3B75E,KAAK45E,UAAY,GAQnB14E,KAAKgG,GACH,IAAIjE,EAAI,EAER,GADAjD,KAAK6hD,QAAU36C,EAAMjE,KA/CT,IAgDRjD,KAAK6hD,QACP,MAAM,IAAIkF,GAAiB,WAAW/mD,KAAK6hD,+CAE7C5+C,GAAKjD,KAAKy7E,YAAYv6E,KAAKgG,EAAMgF,SAASjJ,IAC1CjD,KAAKuzE,mBAAqBrsE,EAAMjE,KAChCjD,KAAK45E,UAAYl7D,GAAOi9D,yBAAyB37E,KAAKuzE,mBAAoBrsE,EAAMgF,SAASjJ,GAAIjD,KAAK6hD,SAC9F7hD,KAAKuzE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C/S,KAAK65E,oBAAsB74D,EAAMlf,MAAMkf,EAAM9N,UAAWlT,KAAK45E,UAAU9mD,EAAEg3B,YAS7EhoD,QACE,MAAM46C,EAAM,CACV,IAAI75C,WAAW,CAAC7C,KAAK6hD,UACrB7hD,KAAKy7E,YAAY35E,QACjB,IAAIe,WAAW,CAAC7C,KAAKuzE,qBACrB70D,GAAOy2D,gBAAgBn1E,KAAKuzE,mBAAoBvzE,KAAK45E,YAGvD,OAAOv/D,EAAKvX,iBAAiB45C,GAS/Bv7C,cAAc0V,GACZ,MAAM44B,EAAOzuB,EAAMlf,MAAMkf,EAAM7O,UAAWnS,KAAKuzE,oBACzClyD,EAAUu6D,GAAiB57E,KAAK6hD,QAASpS,EAAMzvC,KAAK65E,oBAAqB75E,KAAK07E,YACpF17E,KAAK45E,gBAAkBl7D,GAAOm9D,iBAC5BpsC,EAAMzvC,KAAK65E,oBAAqBhjE,EAAIo4C,aAAc5tC,EAASxK,EAAIw+D,uBAWnEl0E,cAAc0V,EAAKilE,GAEjB,GAAI97E,KAAKuzE,qBAAuB18D,EAAIizC,UAClC,MAAU5mD,MAAM,oBAGlB,MAAMo8C,EAAgBw8B,EACpBF,GAAiB57E,KAAK6hD,QAAS7hD,KAAKuzE,mBAAoBuI,EAAiBjC,oBAAqBiC,EAAiBJ,YAC/G,KACIK,QAAsBr9D,GAAOs9D,iBAAiBh8E,KAAKuzE,mBAAoB18D,EAAIo4C,aAAcp4C,EAAIo5C,cAAejwD,KAAK45E,UAAW/iE,EAAIw+D,sBAAuB/1B,IAEvJo8B,WAAEA,EAAU7B,oBAAEA,GAkCxB,SAA0Bh4B,EAAS8N,EAASosB,EAAeD,GACzD,OAAQnsB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAAM,CAEzB,MAAMhR,EAASs6E,EAAc7vE,SAAS,EAAG6vE,EAAc36E,OAAS,GAC1DwkB,EAAWm2D,EAAc7vE,SAAS6vE,EAAc36E,OAAS,GACzD66E,EAAmB5hE,EAAKwD,cAAcpc,EAAOyK,SAASzK,EAAOL,OAAS,IACtE86E,EAAkBD,EAAiB,KAAOr2D,EAAS,GAAKq2D,EAAiB,KAAOr2D,EAAS,GACzFu2D,EAAsB,CAAEtC,oBAAqBp4E,EAAO,GAAIi6E,WAAYj6E,EAAOyK,SAAS,IAC1F,GAAI4vE,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBtC,sBAAwBiC,EAAiBjC,oBAC7DsC,EAAoBT,WAAWt6E,SAAW06E,EAAiBJ,WAAWt6E,OACxE,MAAO,CACLs6E,WAAYrhE,EAAKsG,iBAAiBy7D,EAAgBD,EAAoBT,WAAYI,EAAiBJ,YACnG7B,oBAAqBx/D,EAAKwG,YACxBu7D,EACAD,EAAoBtC,oBACpBiC,EAAiBjC,sBAKrB,GADuBqC,GAAmBl7D,EAAM9f,KAAK8f,EAAM9N,UAAWipE,EAAoBtC,qBAExF,OAAOsC,EAEP,MAAUj5E,MAAM,oBAItB,KAAK8d,EAAM7O,UAAUY,OACnB,MAAO,CACL2oE,WAAYK,GAEhB,QACE,MAAU74E,MAAM,oCAEtB,CA5EgDm5E,CAAiBr8E,KAAK6hD,QAAS7hD,KAAKuzE,mBAAoBwI,EAAeD,GAG/G97E,KAAKuzE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C/S,KAAK65E,oBAAsBA,GAE7B75E,KAAK07E,WAAaA,GAOtB,SAASE,GAAiB/5B,EAAS8N,EAAS5uC,EAAYu7D,GACtD,OAAQ3sB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAEnB,OAAO4H,EAAKvX,iBAAiB,CAC3B,IAAID,WAAW,CAACke,IAChBu7D,EACAjiE,EAAKwD,cAAcy+D,EAAepwE,SAASowE,EAAel7E,OAAS,MAGvE,KAAK4f,EAAM7O,UAAUY,OACnB,OAAOupE,EACT,QACE,MAAUp5E,MAAM,oCAEtB,CC7HA,MAAMq5E,GAIJz8E,YAAY4kB,EAASsB,IAKnBhmB,KAAK8pD,UAAY9oC,EAAM/M,KAAKI,OAK5BrU,KAAKia,KAAO,WAEZja,KAAKqc,EAAIqI,EAAOhC,sBAIhB1iB,KAAKutD,KAAO,KAGdivB,WAIE,OAAQ,IAAe,GAATx8E,KAAKqc,IAFH,GAEiBrc,KAAKqc,GAAK,GAQ7Cnb,KAAKgG,GACH,IAAIjE,EAAI,EACR,IACEjD,KAAKia,KAAO+G,EAAM9f,KAAK8f,EAAMlP,IAAK5K,EAAMjE,MACxC,MAAOo+C,GACP,MAAM,IAAI0F,GAAiB,qBAI7B,OAFA/mD,KAAK8pD,UAAY5iD,EAAMjE,KAEfjD,KAAKia,MACX,IAAK,SACH,MAEF,IAAK,SACHja,KAAKutD,KAAOrmD,EAAMgF,SAASjJ,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACHjD,KAAKutD,KAAOrmD,EAAMgF,SAASjJ,EAAGA,EAAI,GAClCA,GAAK,EAGLjD,KAAKqc,EAAInV,EAAMjE,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDoX,EAAKqC,mBAAmBxV,EAAMgF,SAASjJ,EAAGA,EAAI,IAUhD,MAAM,IAAI8jD,GAAiB,qBAT3B9jD,GAAK,EAEL,GAAmB,OADA,IAAOiE,EAAMjE,KAK9B,MAAM,IAAI8jD,GAAiB,oCAH3B/mD,KAAKia,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI8sC,GAAiB,qBAG/B,OAAO9jD,EAOTnB,QACE,GAAkB,cAAd9B,KAAKia,KACP,OAAO,IAAIpX,WAAW,CAAC,IAAK,KAAMwX,EAAKiC,mBAAmB,OAAQ,IAEpE,MAAMogC,EAAM,CAAC,IAAI75C,WAAW,CAACme,EAAMlf,MAAMkf,EAAMlP,IAAK9R,KAAKia,MAAOja,KAAK8pD,aAErE,OAAQ9pD,KAAKia,MACX,IAAK,SACH,MACF,IAAK,SACHyiC,EAAI76C,KAAK7B,KAAKutD,MACd,MACF,IAAK,WACH7Q,EAAI76C,KAAK7B,KAAKutD,MACd7Q,EAAI76C,KAAK,IAAIgB,WAAW,CAAC7C,KAAKqc,KAC9B,MACF,IAAK,MACH,MAAUnZ,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOmX,EAAKvX,iBAAiB45C,GAW/Bv7C,iBAAiBs7E,EAAYC,GAC3BD,EAAapiE,EAAK0C,WAAW0/D,GAE7B,MAAM//B,EAAM,GACZ,IAAIigC,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIlH,EACJ,OAAQx1E,KAAKia,MACX,IAAK,SACHu7D,EAASn7D,EAAKvX,iBAAiB,CAAC,IAAID,WAAW+5E,GAAYH,IAC3D,MACF,IAAK,SACHjH,EAASn7D,EAAKvX,iBAAiB,CAAC,IAAID,WAAW+5E,GAAY58E,KAAKutD,KAAMkvB,IACtE,MACF,IAAK,WAAY,CACf,MAAM1yE,EAAOsQ,EAAKvX,iBAAiB,CAAC9C,KAAKutD,KAAMkvB,IAC/C,IAAII,EAAU9yE,EAAK3I,OACnB,MAAMsiC,EAAQ/3B,KAAKC,IAAI5L,KAAKw8E,WAAYK,GACxCrH,EAAS,IAAI3yE,WAAW+5E,EAAYl5C,GACpC8xC,EAAOlyE,IAAIyG,EAAM6yE,GACjB,IAAK,IAAIz5E,EAAMy5E,EAAYC,EAAS15E,EAAMugC,EAAOvgC,GAAO05E,EAASA,GAAW,EAC1ErH,EAAO11D,WAAW3c,EAAKy5E,EAAWz5E,GAEpC,MAEF,IAAK,MACH,MAAUD,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMzB,QAAeid,GAAOzK,KAAK8zB,OAAO/nC,KAAK8pD,UAAW0rB,GACxD94B,EAAI76C,KAAKJ,GACTk7E,GAAWl7E,EAAOL,OAClBw7E,IAGF,OAAOviE,EAAKvX,iBAAiB45C,GAAKxwC,SAAS,EAAGwwE,IC7JlD,MAAMI,GACOx8D,iBACT,OAAOU,EAAMlM,OAAOG,uBAMtBnV,YAAY4kB,EAASsB,IACnBhmB,KAAK6hD,QAAUn9B,EAAOnC,YAAc,EAAI,EACxCviB,KAAK07E,WAAa,KAKlB17E,KAAK+8E,8BAAgC,KAKrC/8E,KAAK65E,oBAAsB74D,EAAM9N,UAAUQ,OAK3C1T,KAAKs6E,cAAgBt5D,EAAMlf,MAAMkf,EAAMtM,KAAMgQ,EAAOlC,wBACpDxiB,KAAK45E,UAAY,KACjB55E,KAAK8R,IAAM,KACX9R,KAAKmxB,GAAK,KAQZjwB,KAAKgG,GACH,IAAIkJ,EAAS,EAIb,GADApQ,KAAK6hD,QAAU36C,EAAMkJ,KACA,IAAjBpQ,KAAK6hD,SAAkC,IAAjB7hD,KAAK6hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW/mD,KAAK6hD,+CAI7C,MAAMpS,EAAOvoC,EAAMkJ,KAWnB,GATqB,IAAjBpQ,KAAK6hD,UAEP7hD,KAAKs6E,cAAgBpzE,EAAMkJ,MAI7BpQ,KAAK8R,IAAM,IAAIyqE,GACfnsE,GAAUpQ,KAAK8R,IAAI5Q,KAAKgG,EAAMgF,SAASkE,EAAQlJ,EAAM9F,SAEhC,IAAjBpB,KAAK6hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYx6E,KAAKs6E,eAIrCt6E,KAAKmxB,GAAKjqB,EAAMgF,SAASkE,EAAQA,GAAU2d,EAAKwkB,UAK7B,IAAjBvyC,KAAK6hD,SAAiBzxC,EAASlJ,EAAM9F,QACvCpB,KAAK45E,UAAY1yE,EAAMgF,SAASkE,EAAQlJ,EAAM9F,QAC9CpB,KAAK+8E,8BAAgCttC,GAErCzvC,KAAK65E,oBAAsBpqC,EAS/B3tC,QACE,MAAM2tC,EAA0B,OAAnBzvC,KAAK45E,UAChB55E,KAAK65E,oBACL75E,KAAK+8E,8BAEP,IAAI71E,EAYJ,OAVqB,IAAjBlH,KAAK6hD,QACP36C,EAAQmT,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK6hD,QAASpS,EAAMzvC,KAAKs6E,gBAAiBt6E,KAAK8R,IAAIhQ,QAAS9B,KAAKmxB,GAAInxB,KAAK45E,aAEzH1yE,EAAQmT,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK6hD,QAASpS,IAAQzvC,KAAK8R,IAAIhQ,UAEvD,OAAnB9B,KAAK45E,YACP1yE,EAAQmT,EAAKvX,iBAAiB,CAACoE,EAAOlH,KAAK45E,cAIxC1yE,EAST/F,cAAcs7E,GACZ,MAAMhtC,EAA8C,OAAvCzvC,KAAK+8E,8BAChB/8E,KAAK+8E,8BACL/8E,KAAK65E,qBAED5mD,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1C54B,QAAY7W,KAAK8R,IAAIkrE,WAAWP,EAAYvpD,GAElD,GAAqB,IAAjBlzB,KAAK6hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYx6E,KAAKs6E,eAC/BrnC,EAAQ,IAAIpwC,WAAW,CAAC,IAAOi6E,GAA6Bx8D,IAAKtgB,KAAK6hD,QAAS7hD,KAAK+8E,8BAA+B/8E,KAAKs6E,gBACxHG,QAAqB1sD,EAAK0hB,EAAM54B,GACtC7W,KAAK07E,iBAAmBjB,EAAa7nD,QAAQ5yB,KAAK45E,UAAW55E,KAAKmxB,GAAI8hB,QACjE,GAAuB,OAAnBjzC,KAAK45E,UAAoB,CAClC,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQ6c,EAAM54B,EAAK7W,KAAK45E,UAAW,IAAI/2E,WAAWowB,IAE1FjzB,KAAK65E,oBAAsB74D,EAAMlf,MAAMkf,EAAM9N,UAAW+mE,EAAU,IAClEj6E,KAAK07E,WAAazB,EAAU/tE,SAAS,EAAG+tE,EAAU74E,aAElDpB,KAAK07E,WAAa7kE,EAWtB1V,cAAcs7E,EAAY/3D,EAASsB,IACjC,MAAMypB,EAA8C,OAAvCzvC,KAAK+8E,8BAChB/8E,KAAK+8E,8BACL/8E,KAAK65E,oBAEP75E,KAAK+8E,8BAAgCttC,EAErCzvC,KAAK8R,IAAM,IAAIyqE,GAAI73D,GACnB1kB,KAAK8R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAE7C,MAAMjrB,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1CwtC,QAAsBj9E,KAAK8R,IAAIkrE,WAAWP,EAAYvpD,GAM5D,GAJwB,OAApBlzB,KAAK07E,aACP17E,KAAK07E,WAAah9D,GAAOw+D,mBAAmBl9E,KAAK65E,sBAG9B,IAAjB75E,KAAK6hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYx6E,KAAKs6E,eACrCt6E,KAAKmxB,GAAKzS,GAAO+xC,OAAOvS,eAAenwB,EAAKwkB,UAC5C,MAAM4qC,EAAiB,IAAIt6E,WAAW,CAAC,IAAOi6E,GAA6Bx8D,IAAKtgB,KAAK6hD,QAAS7hD,KAAK+8E,8BAA+B/8E,KAAKs6E,gBACjIG,QAAqB1sD,EAAK0hB,EAAMwtC,GACtCj9E,KAAK45E,gBAAkBa,EAAa9nD,QAAQ3yB,KAAK07E,WAAY17E,KAAKmxB,GAAIgsD,OACjE,CACL,MAAMC,EAAY/iE,EAAKvX,iBAAiB,CACtC,IAAID,WAAW,CAAC7C,KAAK65E,sBACrB75E,KAAK07E,aAEP17E,KAAK45E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQ8c,EAAMwtC,EAAeG,EAAW,IAAIv6E,WAAWowB,GAAYvO,KCtKhH,MAAM24D,GACO/8D,iBACT,OAAOU,EAAMlM,OAAO3C,UAOtBrS,YAAYyyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAKtChmB,KAAK6hD,QAAUn9B,EAAO1K,OAAS,EAAI,EAKnCha,KAAK2zE,QAAUt5D,EAAKc,cAAco3D,GAKlCvyE,KAAK8pD,UAAY,KAKjB9pD,KAAKivD,aAAe,KAKpBjvD,KAAKs9E,iBAAmB,EAKxBt9E,KAAKurD,YAAc,KAKnBvrD,KAAKwnB,MAAQ,KASfI,2BAA2B21D,GACzB,MAAMC,EAAY,IAAIH,IAChBx7B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBgyB,EAO1E,OANAC,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,EASTr8E,WAAW+F,GACT,IAAI/D,EAAM,EAIV,GAFAnD,KAAK6hD,QAAU36C,EAAM/D,KAEA,IAAjBnD,KAAK6hD,SAAkC,IAAjB7hD,KAAK6hD,QAAe,CAE5C7hD,KAAK2zE,QAAUt5D,EAAKO,SAAS1T,EAAMgF,SAAS/I,EAAKA,EAAM,IACvDA,GAAO,EAGPnD,KAAK8pD,UAAY5iD,EAAM/D,KAEF,IAAjBnD,KAAK6hD,UAEP1+C,GAAO,GAIT,MAAMjC,KAAEA,EAAI+tD,aAAEA,GAAiBvwC,GAAO++D,qBAAqBz9E,KAAK8pD,UAAW5iD,EAAMgF,SAAS/I,IAM1F,OALAnD,KAAKivD,aAAeA,EACpB9rD,GAAOjC,QAGDlB,KAAK09E,6BACJv6E,EAET,MAAM,IAAI4jD,GAAiB,WAAW/mD,KAAK6hD,6CAO7C//C,QACE,MAAM46C,EAAM,GAEZA,EAAI76C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK6hD,WAC9BnF,EAAI76C,KAAKwY,EAAKS,UAAU9a,KAAK2zE,UAE7Bj3B,EAAI76C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK8pD,aAE9B,MAAM9C,EAAStoC,GAAOy2D,gBAAgBn1E,KAAK8pD,UAAW9pD,KAAKivD,cAO3D,OANqB,IAAjBjvD,KAAK6hD,SAEPnF,EAAI76C,KAAKwY,EAAKM,YAAYqsC,EAAO5lD,OAAQ,IAG3Cs7C,EAAI76C,KAAKmlD,GACF3sC,EAAKvX,iBAAiB45C,GAO/B25B,aAAax0B,GACX,MAAM36C,EAAQlH,KAAK29E,iBAEnB,OAAgB,IAAZ97B,EACKxnC,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQwX,EAAKM,YAAYzT,EAAM9F,OAAQ,GAAI8F,IAEpFmT,EAAKvX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQwX,EAAKM,YAAYzT,EAAM9F,OAAQ,GAAI8F,IAO3F02E,cACE,OAAO,KAOTC,kBACE,OAAO79E,KAAK2zE,QAOd2B,WACE,OAAOt1E,KAAKwnB,MAOdrmB,mCAIE,SAHMnB,KAAK89E,qBACX99E,KAAKwnB,MAAQ,IAAIH,GAEI,IAAjBrnB,KAAK6hD,QACP7hD,KAAKwnB,MAAMtmB,KAAKlB,KAAKurD,YAAYr/C,SAAS,EAAG,QACxC,IAAqB,IAAjBlM,KAAK6hD,QAGd,MAAU3+C,MAAM,2BAFhBlD,KAAKwnB,MAAMtmB,KAAKlB,KAAKurD,YAAYr/C,SAAS,GAAI,MASlD/K,2BACE,MAAMq0E,EAASx1E,KAAKq2E,aAAar2E,KAAK6hD,SAEtC,GAAqB,IAAjB7hD,KAAK6hD,QACP7hD,KAAKurD,kBAAoB7sC,GAAOzK,KAAKI,OAAOmhE,OACvC,IAAqB,IAAjBx1E,KAAK6hD,QAGd,MAAU3+C,MAAM,2BAFhBlD,KAAKurD,kBAAoB7sC,GAAOzK,KAAKE,KAAKqhE,IAU9CH,sBACE,OAAOr1E,KAAKurD,YAOdwyB,iBACE,OAAO1jE,EAAK8B,gBAAgBnc,KAAKq1E,uBAOnC2I,qBAAqBC,GACnB,OAAOj+E,KAAK6hD,UAAYo8B,EAAMp8B,SAAWxnC,EAAKqD,iBAAiB1d,KAAK29E,iBAAkBM,EAAMN,kBAO9FO,mBACE,MAAMz8E,EAAS,GACfA,EAAOqoD,UAAY9oC,EAAM9f,KAAK8f,EAAM7O,UAAWnS,KAAK8pD,WAEpD,MAAMq0B,EAASn+E,KAAKivD,aAAa5iD,GAAKrM,KAAKivD,aAAa58B,EAMxD,OALI8rD,EACF18E,EAAO+c,KAAOnE,EAAKuB,oBAAoBuiE,GAC9Bn+E,KAAKivD,aAAajK,MAC3BvjD,EAAOgP,MAAQzQ,KAAKivD,aAAajK,IAAIC,WAEhCxjD,GAQX47E,GAAgBr8E,UAAUo9E,cAAgBf,GAAgBr8E,UAAUE,KAMpEm8E,GAAgBr8E,UAAU28E,eAAiBN,GAAgBr8E,UAAUc,MCzPrE,MAAMi1E,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAaF,MAAMiL,GACO/9D,iBACT,OAAOU,EAAMlM,OAAOQ,2BAGtBxV,cAIEE,KAAK45E,UAAY,KAKjB55E,KAAKk3E,QAAU,KAGjBh2E,KAAKgG,GACHlH,KAAK45E,UAAY1yE,EAGnBpF,QACE,OAAO9B,KAAK45E,UAadz4E,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAE/C,IAAKtB,EAAO/B,6BACV,MAAUzf,MAAM,iCAGlB,MAAM+vB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACjCD,QAAkBhzD,EAAiB8uD,EAAa11E,KAAK45E,YACrDK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EACnE+iE,EAAU1tE,SAAS+mB,EAAY,GAC/B2mD,EAAU1tE,SAAS,EAAG+mB,EAAY,IAGpCjzB,KAAKk3E,cAAgBD,GAAW2B,WAAWqB,EAAWlD,GAAgBryD,GAYxEvjB,cAAc04E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMjc,EAAO/J,KAAKk3E,QAAQp1E,SACpBmxB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEjC99D,QAAe2C,GAAOo7D,gBAAgBD,GACtCyE,QAAY5/D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAKkF,EAAQ,IAAIlZ,WAAWowB,GAAYvO,GACjGusB,QAAmBvyB,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK9M,EAAMu0E,EAAIpyE,SAAS,GAAIwY,GAClG1kB,KAAK45E,UAAYv/D,EAAK7T,OAAO,CAAC83E,EAAKrtC,KC9EvC,MAAMstC,GACOj+D,iBACT,OAAOU,EAAMlM,OAAOS,OAQtBrU,KAAKgG,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,GAMZpF,QACE,OAAO,IAAIe,WAAW,CAAC,GAAM,GAAM,MC5BvC,MAAM27E,WAA2BnB,GACpB/8D,iBACT,OAAOU,EAAMlM,OAAOa,aAQtB7V,YAAYyyE,EAAM7tD,GAChB3kB,MAAMwyE,EAAM7tD,GASdkD,8BAA8B62D,GAC5B,MAAMjB,EAAY,IAAIgB,IAChB38B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBkzB,EAO1E,OANAjB,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,GCnBX,MAAMkB,GACOp+D,iBACT,OAAOU,EAAMlM,OAAOc,cAGtB9V,cACEE,KAAK2+E,WAAa,GAOpBz9E,KAAKgG,GACH,IAAIjE,EAAI,EACR,KAAOA,EAAIiE,EAAM9F,QAAQ,CACvB,MAAM4O,EAAM21C,GAAiBz+C,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SACrD6B,GAAK+M,EAAII,OAETpQ,KAAK2+E,WAAW98E,KAAKwY,EAAKqC,mBAAmBxV,EAAMgF,SAASjJ,EAAGA,EAAI+M,EAAIA,OACvE/M,GAAK+M,EAAIA,KAQblO,QACE,MAAM46C,EAAM,GACZ,IAAK,IAAIz5C,EAAI,EAAGA,EAAIjD,KAAK2+E,WAAWv9E,OAAQ6B,IAC1Cy5C,EAAI76C,KAAK+jD,GAAkB5lD,KAAK2+E,WAAW17E,GAAG7B,SAC9Cs7C,EAAI76C,KAAKwY,EAAKiC,mBAAmBtc,KAAK2+E,WAAW17E,KAEnD,OAAOoX,EAAKvX,iBAAiB45C,GAQ/Bn1B,OAAOq3D,GACL,SAAKA,GAAaA,aAAmBF,KAG9B1+E,KAAK2+E,WAAWjgC,OAAM,SAASmgC,EAAMn/D,GAC1C,OAAOm/D,IAASD,EAAQD,WAAWj/D,OCtDzC,MAAMo/D,WAAwBzB,GACjB/8D,iBACT,OAAOU,EAAMlM,OAAOK,UAOtBrV,YAAYyyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtCjmB,MAAMwyE,EAAM7tD,GAIZ1kB,KAAK++E,YAAc,KAInB/+E,KAAKg/E,YAAc,KAKnBh/E,KAAKi/E,SAAW,EAKhBj/E,KAAK8R,IAAM,KAKX9R,KAAKkT,UAAY,KAKjBlT,KAAK0U,KAAO,KAKZ1U,KAAKiwD,cAAgB,KAWvB9uD,WAAW+F,GAET,IAAIjE,QAAUjD,KAAKo+E,cAAcl3E,GACjC,MAAMg4E,EAAuBj8E,EAM7BjD,KAAKi/E,SAAW/3E,EAAMjE,KAID,IAAjBjD,KAAK6hD,SACP5+C,IAGF,IAGE,GAAsB,MAAlBjD,KAAKi/E,UAAsC,MAAlBj/E,KAAKi/E,UAAsC,MAAlBj/E,KAAKi/E,UAezD,GAdAj/E,KAAKkT,UAAYhM,EAAMjE,KAID,MAAlBjD,KAAKi/E,WACPj/E,KAAK0U,KAAOxN,EAAMjE,MAMpBjD,KAAK8R,IAAM,IAAIyqE,GACft5E,GAAKjD,KAAK8R,IAAI5Q,KAAKgG,EAAMgF,SAASjJ,EAAGiE,EAAM9F,SAErB,cAAlBpB,KAAK8R,IAAImI,KACX,YAEOja,KAAKi/E,WACdj/E,KAAKkT,UAAYlT,KAAKi/E,UAMpBj/E,KAAKi/E,WACPj/E,KAAKmxB,GAAKjqB,EAAMgF,SACdjJ,EACAA,EAAIyb,GAAOkxB,UAAU5vC,KAAKkT,WAAW+f,WAGvChwB,GAAKjD,KAAKmxB,GAAG/vB,QAEf,MAAOiD,GAEP,IAAKrE,KAAKi/E,SAAU,MAAM56E,EAC1BrE,KAAKm/E,uBAAyBj4E,EAAMgF,SAASgzE,GAC7Cl/E,KAAKg/E,aAAc,EAerB,GAVqB,IAAjBh/E,KAAK6hD,UACP5+C,GAAK,GAMPjD,KAAK++E,YAAc73E,EAAMgF,SAASjJ,GAClCjD,KAAKg/E,cAAgBh/E,KAAKi/E,UAErBj/E,KAAKg/E,YAAa,CACrB,MAAMvpC,EAAYz1C,KAAK++E,YAAY7yE,SAAS,GAAI,GAChD,IAAKmO,EAAKqD,iBAAiBrD,EAAKwD,cAAc43B,GAAYz1C,KAAK++E,YAAY7yE,UAAU,IACnF,MAAUhJ,MAAM,yBAElB,IACE,MAAM+sD,cAAEA,GAAkBvxC,GAAO0gE,sBAAsBp/E,KAAK8pD,UAAWrU,EAAWz1C,KAAKivD,cACvFjvD,KAAKiwD,cAAgBA,EACrB,MAAO5O,GACP,GAAIA,aAAe0F,GAAkB,MAAM1F,EAE3C,MAAUn+C,MAAM,wBAStBpB,QACE,MAAMu9E,EAAsBr/E,KAAK29E,iBACjC,GAAI39E,KAAKm/E,uBACP,OAAO9kE,EAAKvX,iBAAiB,CAC3Bu8E,EACAr/E,KAAKm/E,yBAIT,MAAMziC,EAAM,CAAC2iC,GACb3iC,EAAI76C,KAAK,IAAIgB,WAAW,CAAC7C,KAAKi/E,YAE9B,MAAMK,EAAoB,GA6C1B,OA1CsB,MAAlBt/E,KAAKi/E,UAAsC,MAAlBj/E,KAAKi/E,UAAsC,MAAlBj/E,KAAKi/E,WACzDK,EAAkBz9E,KAAK7B,KAAKkT,WAIN,MAAlBlT,KAAKi/E,UACPK,EAAkBz9E,KAAK7B,KAAK0U,MAM9B4qE,EAAkBz9E,QAAQ7B,KAAK8R,IAAIhQ,UAMjC9B,KAAKi/E,UAA8B,cAAlBj/E,KAAK8R,IAAImI,MAC5BqlE,EAAkBz9E,QAAQ7B,KAAKmxB,IAGZ,IAAjBnxB,KAAK6hD,SACPnF,EAAI76C,KAAK,IAAIgB,WAAW,CAACy8E,EAAkBl+E,UAE7Cs7C,EAAI76C,KAAK,IAAIgB,WAAWy8E,IAEnBt/E,KAAKu/E,YACHv/E,KAAKi/E,WACRj/E,KAAK++E,YAAcrgE,GAAOy2D,gBAAgBn1E,KAAK8pD,UAAW9pD,KAAKiwD,gBAG5C,IAAjBjwD,KAAK6hD,SACPnF,EAAI76C,KAAKwY,EAAKM,YAAY3a,KAAK++E,YAAY39E,OAAQ,IAErDs7C,EAAI76C,KAAK7B,KAAK++E,aAET/+E,KAAKi/E,UACRviC,EAAI76C,KAAKwY,EAAKwD,cAAc7d,KAAK++E,eAI9B1kE,EAAKvX,iBAAiB45C,GAQ/BkhC,cACE,OAA4B,IAArB59E,KAAKg/E,YAWdQ,6BACE,YAAuCv+E,IAAhCjB,KAAKm/E,wBAAwCn/E,KAAKu/E,UAO3DA,UACE,SAAUv/E,KAAK8R,KAAyB,cAAlB9R,KAAK8R,IAAImI,MAQjCwlE,UAAU/6D,EAASsB,IACbhmB,KAAKu/E,YAGLv/E,KAAK49E,eACP59E,KAAK0/E,4BAEA1/E,KAAKm/E,uBACZn/E,KAAKg/E,YAAc,KACnBh/E,KAAK++E,YAAc,KACnB/+E,KAAK8R,IAAM,IAAIyqE,GAAI73D,GACnB1kB,KAAK8R,IAAIg4C,UAAY,EACrB9pD,KAAK8R,IAAIuK,EAAI,EACbrc,KAAK8R,IAAImI,KAAO,YAChBja,KAAKi/E,SAAW,IAChBj/E,KAAKkT,UAAY8N,EAAM9N,UAAUQ,QAanCvS,cAAcs7E,EAAY/3D,EAASsB,IACjC,GAAIhmB,KAAKu/E,UACP,OAGF,IAAKv/E,KAAK49E,cACR,MAAU16E,MAAM,mCAGlB,IAAKu5E,EACH,MAAUv5E,MAAM,0DAGlBlD,KAAK8R,IAAM,IAAIyqE,GAAI73D,GACnB1kB,KAAK8R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAC7C,MAAMzI,EAAY/2B,GAAOy2D,gBAAgBn1E,KAAK8pD,UAAW9pD,KAAKiwD,eAC9DjwD,KAAKkT,UAAY8N,EAAM9N,UAAUQ,OACjC,MAAMmD,QAAY8oE,GAAqB3/E,KAAK8R,IAAK2qE,EAAYz8E,KAAKkT,YAE5D+f,UAAEA,GAAcvU,GAAOkxB,UAAU5vC,KAAKkT,WAG5C,GAFAlT,KAAKmxB,GAAKzS,GAAO+xC,OAAOvS,eAAejrB,GAEnCvO,EAAOnC,YAAa,CACtBviB,KAAKi/E,SAAW,IAChBj/E,KAAK0U,KAAOsM,EAAMtM,KAAKC,IACvB,MAAMoZ,EAAOrP,GAAO87D,YAAYx6E,KAAK0U,MAC/B+lE,QAAqB1sD,EAAK/tB,KAAKkT,UAAW2D,GAChD7W,KAAK++E,kBAAoBtE,EAAa9nD,QAAQ8iB,EAAWz1C,KAAKmxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAI1vC,iBAEjG7C,KAAKi/E,SAAW,IAChBj/E,KAAK++E,kBAAoBrgE,GAAOqP,KAAK6iB,IAAIje,QAAQ3yB,KAAKkT,UAAW2D,EAAKwD,EAAKvX,iBAAiB,CAC1F2yC,QACM/2B,GAAOzK,KAAKE,KAAKshC,EAAW/wB,KAChC1kB,KAAKmxB,GAAIzM,GAajBvjB,cAAcs7E,GACZ,GAAIz8E,KAAKu/E,UACP,OAAO,EAGT,GAAIv/E,KAAKm/E,uBACP,MAAUj8E,MAAM,kEAGlB,GAAIlD,KAAK49E,cACP,MAAU16E,MAAM,oCAGlB,IAAI2T,EASA4+B,EARJ,GAAsB,MAAlBz1C,KAAKi/E,UAAsC,MAAlBj/E,KAAKi/E,SAE3B,MAAsB,MAAlBj/E,KAAKi/E,SACJ/7E,MAAM,0EAENA,MAAM,yEAIlB,GARE2T,QAAY8oE,GAAqB3/E,KAAK8R,IAAK2qE,EAAYz8E,KAAKkT,WAQxC,MAAlBlT,KAAKi/E,SAAkB,CACzB,MAAMlxD,EAAOrP,GAAO87D,YAAYx6E,KAAK0U,MAC/B+lE,QAAqB1sD,EAAK/tB,KAAKkT,UAAW2D,GAChD,IACE4+B,QAAkBglC,EAAa7nD,QAAQ5yB,KAAK++E,YAAa/+E,KAAKmxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAI1vC,YACjG,MAAOw+C,GACP,GAAoB,gCAAhBA,EAAI7nC,QACN,MAAUtW,MAAM,6BAA+Bm+C,EAAI7nC,SAErD,MAAM6nC,OAEH,CACL,MAAMu+B,QAA0BlhE,GAAOqP,KAAK6iB,IAAIhe,QAAQ5yB,KAAKkT,UAAW2D,EAAK7W,KAAK++E,YAAa/+E,KAAKmxB,IAEpGskB,EAAYmqC,EAAkB1zE,SAAS,GAAI,IAC3C,MAAM+H,QAAayK,GAAOzK,KAAKE,KAAKshC,GAEpC,IAAKp7B,EAAKqD,iBAAiBzJ,EAAM2rE,EAAkB1zE,UAAU,KAC3D,MAAUhJ,MAAM,4BAIpB,IACE,MAAM+sD,cAAEA,GAAkBvxC,GAAO0gE,sBAAsBp/E,KAAK8pD,UAAWrU,EAAWz1C,KAAKivD,cACvFjvD,KAAKiwD,cAAgBA,EACrB,MAAO5O,GACP,MAAUn+C,MAAM,sBAElBlD,KAAKg/E,aAAc,EACnBh/E,KAAK++E,YAAc,KACnB/+E,KAAKi/E,SAAW,EAQlB99E,iBACE,GAAInB,KAAKu/E,UACP,OAGF,IAAKv/E,KAAK49E,cACR,MAAU16E,MAAM,wBAGlB,IAAI28E,EACJ,IAEEA,QAAoBnhE,GAAO2xC,eAAerwD,KAAK8pD,UAAW9pD,KAAKivD,aAAcjvD,KAAKiwD,eAClF,MAAO3L,GACPu7B,GAAc,EAEhB,IAAKA,EACH,MAAU38E,MAAM,kBAIpB/B,eAAeqd,EAAM/N,GACnB,MAAMw/C,cAAEA,EAAahB,aAAEA,SAAuBvwC,GAAOohE,eAAe9/E,KAAK8pD,UAAWtrC,EAAM/N,GAC1FzQ,KAAKiwD,cAAgBA,EACrBjwD,KAAKivD,aAAeA,EACpBjvD,KAAKg/E,aAAc,EAMrBU,qBACM1/E,KAAKw/E,+BAITx0E,OAAOooB,KAAKpzB,KAAKiwD,eAAe7sD,SAAQ+H,IACxBnL,KAAKiwD,cAAc9kD,GAC3B40C,KAAK,UACJ//C,KAAKiwD,cAAc9kD,EAAK,IAEjCnL,KAAKiwD,cAAgB,KACrBjwD,KAAKg/E,aAAc,IAIvB79E,eAAew+E,GAAqB7tE,EAAK2qE,EAAY3yB,GACnD,MAAM52B,QAAEA,GAAYxU,GAAOkxB,UAAUka,GACrC,OAAOh4C,EAAIkrE,WAAWP,EAAYvpD,EACpC,yBC5aC,SAAU6sD,GAGX,SAASC,EAAU97B,GAIf,SAAS+7B,IAAU,OAAO98E,GAAM6M,GAEhC,SAASkwE,IAAW,OAAO/8E,GAC3B,SAASg9E,EAAOl9E,GAAKE,GAAMF,EAE3B,SAASm9E,IACLj9E,GAAM,EACN6M,GAAMqwE,GAAYj/E,OAKtB,SAASy2C,EAAE1sC,EAAM9J,GACb,MAAO,CACH8J,KAAMA,EACNm1E,OAAQj/E,GAAS,GACjBk/E,SAAUl/E,GAAS,GACnBm/E,SAAU,IAIlB,SAAS71B,EAAKx/C,EAAMs1E,GAChB,IAAIp0E,EACJ,OAAY,OAARo0E,EAAuB,OAC3Bp0E,EAAIwrC,EAAE1sC,IACJm1E,OAASG,EAAIH,OACfj0E,EAAEk0E,SAAWE,EAAIF,SACjBl0E,EAAEm0E,SAAS3+E,KAAK4+E,GACTp0E,GAGX,SAASpG,EAAIy6E,EAAQC,GAMjB,OALc,OAAVA,IACAD,EAAOJ,QAAUK,EAAML,OACvBI,EAAOH,UAAYI,EAAMJ,UAE7BG,EAAOF,SAAS3+E,KAAK8+E,GACdD,EAGX,SAASE,EAAaC,GAClB,IAAIC,EACJ,OAAKb,KAEDY,EADJC,EA1CuBT,GAAYl9E,MAGlBA,IAAO,EA0Cb00C,EAAE,QAASipC,IAJC,KAS3B,SAAS9qE,EAAQ+qE,GACb,OAAO,WACH,OAAOp2B,EAAK,UAAWi2B,GAAa,SAAUE,GAC1C,OAAOA,IAAQC,OAK3B,SAASC,IACL,IAAInwD,EAAO2rB,UACX,OAAO,WACH,IAAIv5C,EAAG6a,EAAGrc,EAAQmC,EAGlB,IAFAA,EAAQs8E,IACRpiE,EAAI+5B,EAAE,OACD50C,EAAI,EAAGA,EAAI4tB,EAAKzvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASovB,EAAK5tB,MAGV,OADAk9E,EAAOv8E,GACA,KAEXqC,EAAI6X,EAAGrc,GAEX,OAAOqc,GAIf,SAASmjE,IACL,IAAIpwD,EAAO2rB,UACX,OAAO,WACH,IAAIv5C,EAAGxB,EAAQmC,EAEf,IADAA,EAAQs8E,IACHj9E,EAAI,EAAGA,EAAI4tB,EAAKzvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASovB,EAAK5tB,MAEV,OAAOxB,EAEX0+E,EAAOv8E,GAEX,OAAO,MAIf,SAASg/D,EAAIse,GACT,OAAO,WACH,IAAIz/E,EAAQmC,EAGZ,OAFAA,EAAQs8E,IAEO,QADfz+E,EAASy/E,KAEEz/E,GAGP0+E,EAAOv8E,GACAi0C,EAAE,SAKrB,SAASspC,EAAMD,GACX,OAAO,WACH,IAAIz/E,EAASy/E,IAIb,OAHe,OAAXz/E,IACAA,EAAO8+E,SAAW,IAEf9+E,GAIf,SAAS2/E,EAAOF,GACZ,OAAO,WACH,IAAIz/E,EAASy/E,IAIb,OAHe,OAAXz/E,GAAmBA,EAAO8+E,SAASn/E,OAAS,IAC5CK,EAAO8+E,SAAW,KAEf9+E,GAIf,SAAS4/E,EAAKH,EAAMI,GAChB,OAAO,WACH,IAAIxjE,EAAGrc,EAAQiiC,EAAO9/B,EAAOk6C,EAK7B,IAJAl6C,EAAQs8E,IACRpiE,EAAI+5B,EAAE,QACNnU,EAAQ,EACRoa,OAAkB78C,IAAZqgF,EAAwB,EAAIA,EACL,QAArB7/E,EAASy/E,MACbx9C,GAAgB,EAChBz9B,EAAI6X,EAAGrc,GAEX,OAAIiiC,GAASoa,EACFhgC,GAGPqiE,EAAOv8E,GACA,OA2BnB,SAAS29E,EAAeT,GAIpB,OAAOA,EAAIrkE,WAAW,IAAM,IAUhC,SAAS+kE,IAAO,OAAO72B,EAAK,KAAM30C,EAAQ,KAARA,IAIlC,SAASyrE,IAAS,OAAO92B,EAAK,OAAQq2B,EAAIQ,EAAIE,EAARV,IAItC,SAASW,IAAW,OAAOh3B,EAAK,SAAU30C,EAAQ,IAARA,IAI1C,SAAS4rE,IAAS,OAAOj3B,EAAK,OAAQ30C,EAAQ,KAARA,IAItC,SAAS0rE,IAAO,OAAO/2B,EAAK,KAAM30C,EAAQ,KAARA,IAGlC,SAAS6rE,IAAO,OAAOl3B,EAAK,KAAM30C,EAAQ,IAARA,IAIlC,SAAS8rE,IACL,OAAOn3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EAAU,IAAQzrB,GAAQA,GAAQ,IAItC,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAMf,SAASE,IAAQ,OAAOt3B,EAAK,MAAOs2B,EAAGY,EAAID,EAAPX,IAQpC,SAASiB,IACL,IAAInoD,EAAK4wB,EAAK,cACds2B,EACID,EAAIhrE,EAAQ,MAAOirE,EAAGa,EAAOG,IAC7BE,GAFJlB,IAIA,OAAW,OAAPlnD,EAAsB,MAG1BA,EAAGwmD,SAAWxmD,EAAGwmD,SAAS,GACnBxmD,GAMX,SAASqoD,IACL,OAAOz3B,EAAK,MAAOs2B,EACfoB,GACArB,EACIpe,EAAIoe,EACAK,EAAKY,GACLd,EAAMM,KAEVJ,EAAKY,EAAK,IAPChB,IAgBvB,SAASqB,IACL,OAAO33B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfQ,GAdiBtB,IAmBzB,SAASuB,IACL,OAAO73B,EAAK,WAAYs2B,EAAGqB,EAAOJ,EAAY1gB,EAAtByf,IAI5B,SAASzf,IACL,OAAO7W,EAAK,UAAWq2B,EACnBhrE,EAAQ,KACRqrE,EAAKL,EAAIpe,EAAIwf,GAAMI,IACnB5f,EAAIwf,GACJpsE,EAAQ,KAJWgrE,IAS3B,SAASyB,IACL,OAAO93B,EAAK,OAAQs2B,EAChBD,EACIK,EACIL,EAAIpe,EAAIwf,GAAM5gB,GACd,GAEJoB,EAAIwf,IAERA,EARgBnB,IAyBxB,SAASyB,IACL,OAAO/3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIiB,EACC,KAAOjB,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,CAAC,IAAK,IAAK,IAAK,IAAK,IAAK,IAAM,IAAK,IAAK,IAAK,IAC9C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,KAAKv6E,QAAQu6E,IAAQ,EAInE,OAHI58B,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAKf,SAASY,IACL,OAAOh4B,EAAK,OAAQq2B,EAAII,EAAOxe,EAAI6f,IAAQpB,EAAKqB,EAAO,GAAItB,EAAOxe,EAAI6f,IAAlDzB,IAIxB,SAAS4B,IACL,IAAI9kE,EAAG+kE,EAEP,OAAU,QADV/kE,EAAI6sC,EAAK,gBAAiB02B,EAAKqB,EAAO,EAAZrB,MAGR,QADlBwB,EAAYxB,EAAKL,EAAIhrE,EAAQ,KAAMqrE,EAAKqB,EAAO,IAAnCrB,KAERp7E,EAAI6X,EAAG+kE,GAHc/kE,EAS7B,SAASglE,IACL,OAAOn4B,EAAK,WAAYq2B,EAAIG,EAAMve,EAAI6f,IAAQG,EAAazB,EAAMve,EAAI6f,IAA7CzB,IAS5B,SAAS+B,IACL,OAAOp4B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,KAAOzrB,GACP,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfiB,GAdiB/B,IAmBzB,SAASgC,IACL,OAAOt4B,EAAK,WAAYs2B,EAAG8B,EAAOb,EAAVjB,IAM5B,SAASiC,IACL,OAAOv4B,EAAK,gBAAiBq2B,EACzBG,EAAMve,EAAI6f,IACVtB,EAAMQ,GAASN,EAAKL,EAAIpe,EAAIwe,EAAOgB,IAAOa,IAAYrgB,EAAIue,EAAMiB,IAAOjB,EAAMQ,GAC7ER,EAAMve,EAAI6f,IAHezB,IAUjC,SAAS36C,IACL,OAAOskB,EAAK,OAAQs2B,EAAG0B,EAAMO,EAATjC,IAUxB,SAASkC,IACL,OAAOx4B,EAAK,UAAWs2B,EAAGmC,EAASC,EAAZpC,IAI3B,SAASmC,IACL,OAAOz4B,EAAK,UAAWs2B,EAAGqC,EAAUC,EAAbtC,IAI3B,SAASqC,IACL,OAAO34B,EAAK,YAAaq2B,EAAIpe,EAAI4gB,GAAcC,EAAtBzC,IAK7B,SAASyC,IACL,OAAO94B,EAAK,aAAcs2B,EACtBD,EACIG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACRutE,EACAvtE,EAAQ,KACRmrE,EAAMve,EAAI6f,KAEdiB,GARsBzC,IAa9B,SAASoC,IACL,OAAO14B,EAAK,QAASq2B,EACjBwC,EACAxtE,EAAQ,KACR4sD,EAAI+gB,GACJ3tE,EAAQ,KACRmrE,EAAMve,EAAI6f,IALOzB,IAUzB,SAASwC,IACL,OAAO74B,EAAK,gBAEO,QADXlpD,EAhDDkpD,EAAK,SAAUs2B,EAAG2C,GAAWvC,EAAKh7C,EAAM,GAAzB46C,OAkDdx/E,EAAO8+E,SAnTnB,SAA4BziE,GACxB,OAAOA,EAAE+D,QAAQ,iBAAkB,KAAKA,QAAQ,OAAQ,IAAIA,QAAQ,OAAQ,IAkTlDgiE,CAAmBpiF,EAAO8+E,WAEzC9+E,IALiB,IACpBA,EASZ,SAASqiF,IACL,OAAOn5B,EAAK,eAAgBs2B,EACxBD,EACIoC,EACA/B,EAAKL,EAAIhrE,EAAQ,KAAMotE,KAE3BW,GALwB9C,IAUhC,SAAS+C,IACL,OAAOr5B,EAAK,eAAgBs2B,EACxBD,EACImC,EACA9B,EAAKL,EAAIhrE,EAAQ,KAAMmtE,KAE3Bc,GALwBhD,IAUhC,SAAS0C,IACL,OAAOh5B,EAAK,aAAcs2B,EACtB6C,EACA3C,EAAMsB,GACNyB,GAHsBjD,IAU9B,SAASkD,IAGL,OAAOx5B,EAAK,aAAcs2B,EAAGmD,GAActB,EAASI,EAA1BjC,IAM9B,SAASoD,IACL,OAAO15B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfuC,GAbiBrD,IAmBzB,SAASsD,IACL,OAAO55B,EAAK,iBAAkBq2B,EAC1BG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACRqrE,EAAKL,EAAIpe,EAAIwf,GAAMiC,IACnBzhB,EAAIwf,GACJpsE,EAAQ,KACRmrE,EAAMve,EAAI6f,IANgBzB,IAWlC,SAASwD,IACL,OAAO75B,EAAK,UACJlpD,EAASw/E,EAAGwD,GAAW3B,EAASyB,EAAvBtD,GACT/8B,EAAKwgC,WACDjjF,GAAUA,EAAO8+E,UAAY9+E,EAAO8+E,SAASh6E,QAAQ,KAAO,EACrD,MAIX9E,IACAA,EAAO8+E,SAAW9+E,EAAO8+E,SAAS1+D,QAAQ,OAAQ,KAE/CpgB,KAXW,IACdA,EAeZ,SAAS8hF,IACL,OAAO54B,EAAK,YAAaq2B,EACrBmD,EAAWnuE,EAAQ,KAAMwuE,EADJxD,IA0C7B,SAAS2D,KACL,OAAOzgC,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBi2B,GAAa,SAAUE,GACrE,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GAC1B,OAAS,GAAK65C,GAAQA,GAAQ,GACrB,KAAOA,GAAQ,KAAOA,GACtB,IAAMA,GAAQA,GAAQ,IACtB,MAAQA,MAKzB,SAASisB,KAAa,OAAOr+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAAS3B,KAAa,OAAO9+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAASxC,KACL,OAAOj+B,EAAK0gC,OAAS,KAAOj6B,EAAK,SAAUq2B,EACvChrE,EAAQ,MACRirE,EAAGjrE,EAAQ,MAAO2uE,GAAYjD,EAAIF,GAFKR,IAO/C,SAAS4C,KACL,OAAI1/B,EAAK0gC,OAAgB,KAClB1gC,EAAK2gC,gBAAkBl6B,EAAK,aAAcq2B,EAC7C36C,EACAg7C,EAAKJ,EAAG56C,EAAMrwB,EAAQ,KAAMA,EAAQ,KAAMorE,EAAOqB,KAFJzB,IAIjDr2B,EAAK,aAAcq2B,EACf36C,EACAg7C,EAAKJ,EAAG56C,EAAMrwB,EAAQ,KAAMorE,EAAOqB,KAFpBzB,IAUvB,SAASqB,KACL,OAAOn+B,EAAK0gC,OAAS,KAAOj6B,EAAK,UAAW02B,EACxCL,EAAIG,EAAMve,EAAI6e,IAAQQ,GACtB,EAFwCZ,IAShD,SAASqC,KACL,OAAOx/B,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACR8uE,GACAvB,EACAvtE,EAAQ,KACRmrE,EAAMve,EAAI6f,IANqCzB,IAWvD,SAAS8D,KACL,OAAO5gC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAaq2B,EAC1C+D,GACA/uE,EAAQ,KAFkCgrE,IAQlD,SAAS+D,KACL,OAAO7gC,EAAK0gC,OAAS,KAAOj6B,EAAK,kBAAmBq2B,EAChDK,EAAKJ,EAAGE,EAAMsB,GAAOzsE,EAAQ,OAC7BA,EAAQ,KACRwuE,EACAnD,EAAKL,EACDhrE,EAAQ,KACRmrE,EAAMve,EAAI6f,IACV7f,EAAIoe,EAAIhrE,EAAQ,KAAMwuE,MAPsBxD,IAaxD,SAAS+C,KACL,OAAO7/B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,OAEZotE,EACA/B,EAAKL,EACDhrE,EAAQ,KACR4sD,EAAIoe,EACAoC,EACAjC,EAAMsB,OAVgCzB,IAiBtD,SAASiD,KACL,OAAO//B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,OAEZmtE,EACA9B,EAAKL,EACDhrE,EAAQ,KACR4sD,EAAIoe,EACAmC,EACAhC,EAAMsB,OAVgCzB,IAiBtD,SAASkD,KACL,OAAOhgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,MACT,GACHmrE,EAAMve,EAAI6f,IALqCzB,IAUvD,SAASoD,KACL,OAAOlgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAAI36C,EAAMg7C,EAAKL,EAAIhrE,EAAQ,KAAMqwB,IAAjC26C,IAIvD,SAASyD,KACL,OAAOvgC,EAAK0gC,OAAS,KAAOj6B,EAAK,aAAcq2B,EAAI2B,EAAMtB,EAAKL,EAAIhrE,EAAQ,KAAM2sE,IAAjC3B,IAInD,SAASsD,KACL,OAAOpgC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAas2B,EAAG0D,GAAYzC,EAAfjB,IAOlD,SAAS+D,GAAS75E,EAAM27D,GACpB,IAAI7jE,EAAGgiF,EAAOv9B,EACd,GAAIof,QAAuC,OAAO,KAElD,IADAme,EAAQ,CAACne,GACFme,EAAM7jF,OAAS,GAAG,CAErB,IADAsmD,EAAOu9B,EAAM3zD,OACJnmB,OAASA,EACd,OAAOu8C,EAEX,IAAKzkD,EAAIykD,EAAK84B,SAASp/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5CgiF,EAAMpjF,KAAK6lD,EAAK84B,SAASv9E,IAGjC,OAAO,KAoBX,SAASiiF,GAAuBC,EAAOre,GACnC,IAAI7jE,EAAGgiF,EAAOv9B,EAAMjmD,EAAQ2jF,EAC5B,GAAIte,QAAuC,OAAO,KAIlD,IAHAme,EAAQ,CAACne,GACTrlE,EAAS,GACT2jF,EAAc,GACTniF,EAAI,EAAGA,EAAIkiF,EAAM/jF,OAAQ6B,GAAK,EAC/BmiF,EAAYD,EAAMliF,KAAM,EAG5B,KAAOgiF,EAAM7jF,OAAS,GAElB,IADAsmD,EAAOu9B,EAAM3zD,OACJnmB,QAAQi6E,EACb3jF,EAAOI,KAAK6lD,QAGZ,IAAKzkD,EAAIykD,EAAK84B,SAASp/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5CgiF,EAAMpjF,KAAK6lD,EAAK84B,SAASv9E,IAIrC,OAAOxB,EAGX,SAAS4jF,GAAW5E,GAChB,IAAI6E,EAAWC,EAAoBtiF,EAAGuiF,EAAgB/jF,EACtD,GAAY,OAARg/E,EACA,OAAO,KAMX,IAJA6E,EAAY,GAGZC,EAAqBL,GAAuB,CAAC,QAAS,WAAYzE,GAC7Dx9E,EAAI,EAAGA,EAAKsiF,EAAmBnkF,OAAQ6B,GAAK,EAEjB,WAD5BuiF,EAAiBD,EAAmBtiF,IACjBkI,KACfm6E,EAAUzjF,KAAK4jF,GAAgBD,IACA,YAAxBA,EAAer6E,MACtBm6E,EAAUzjF,KAAK6jF,GAAkBF,IAWzC,OAPA/jF,EAAS,CACLg/E,IAAKA,EACL6E,UAAWA,GAEXphC,EAAKnyC,SACLtQ,EA+DR,SAAwBA,GACpB,IAAIwB,EACJ,GAAIxB,GAAUA,EAAO6jF,UACjB,IAAKriF,EAAI,EAAGA,EAAIxB,EAAO6jF,UAAUlkF,OAAQ6B,GAAK,SACnCxB,EAAO6jF,UAAUriF,GAAGykD,KAGnC,OAAOjmD,EAtEMkkF,CAAelkF,IAExByiD,EAAK0hC,UAiFb,SAAmBnkF,GACf,IAAKA,EAAU,OAAO,KACtB,IAAKyiD,EAAK2hC,SAAWpkF,EAAO6jF,UAAUlkF,OAAS,EAAK,OAAO,KAC3D,OAAOK,EAAO6jF,WAAa7jF,EAAO6jF,UAAU,GAnFjCM,CAAUnkF,GAEjByiD,EAAKnyC,OACEtQ,GAAUA,EAAO6jF,UAEjB7jF,EAIf,SAASgkF,GAAgBpC,GACrB,IAAIpgF,EACA6iF,EAAYd,GAAS,eAAgB3B,GACrC0C,EAAuB,GACvBC,EAAYd,GAAuB,CAAC,WAAY7B,GACpD,IAAKpgF,EAAI,EAAGA,EAAI+iF,EAAU5kF,OAAQ6B,GAAK,EACnC8iF,EAAqBlkF,KAAK6jF,GAAkBM,EAAU/iF,KAE1D,MAAO,CACHykD,KAAM27B,EACN38D,MAAO,CACHvb,KAAM26E,GAEV7rE,KAAMopE,EAAMl4E,KACZA,KAAM86E,GAAaH,GACnBR,UAAWS,GAInB,SAASL,GAAkBtC,GACvB,IAAIj4E,EAAO65E,GAAS,eAAgB5B,GAChC8C,EAAQlB,GAAS,YAAa5B,GAC9BX,EAlGR,SAAsBt3E,EAAM27D,GACxB,IAAI7jE,EAAGgiF,EAAOv9B,EAAMjmD,EACpB,GAAIqlE,QAAuC,OAAO,KAGlD,IAFAme,EAAQ,CAACne,GACTrlE,EAAS,GACFwjF,EAAM7jF,OAAS,GAKlB,KAJAsmD,EAAOu9B,EAAM3zD,OACJnmB,OAASA,GACd1J,EAAOI,KAAK6lD,GAEXzkD,EAAIykD,EAAK84B,SAASp/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5CgiF,EAAMpjF,KAAK6lD,EAAK84B,SAASv9E,IAGjC,OAAOxB,EAoFI0kF,CAAa,OAAQ/C,GAC5BgD,EAAWlB,GAAuB,CAAC,WAAY9B,GAG/CiD,EAAQrB,GAAS,aAAckB,GAC/B1B,EAASQ,GAAS,SAAUkB,GAChC,MAAO,CACHx+B,KAAM07B,EACN18D,MAAO,CACHvb,KAAMA,EACNg4E,QAAS+C,EACTG,MAAOA,EACP7B,OAAQA,EACR4B,SAAU3D,GAEdxoE,KAAMmpE,EAAQj4E,KACdA,KAAM86E,GAAa96E,GACnBg4E,QAAS8C,GAAaC,GACtBG,MAAOJ,GAAaI,GACpB7B,OAAQyB,GAAazB,GACrB4B,SAAUE,GAAeF,GACzBN,UAAWG,GAAa7C,EAAQ0C,YAIxC,SAASG,GAAa55E,GAClB,OAAOA,QAAgCA,EAAEk0E,SAAW,KAaxD,SAAS+F,GAAeF,GACpB,IAAI3kF,EAAS,GACb,GAAI2kF,EACA,IAAK,IAAInjF,EAAI,EAAGA,EAAImjF,EAAShlF,OAAQ6B,GAAK,EACtCxB,GAAUwkF,GAAaG,EAASnjF,IAGxC,OAAOxB,EAWX,IAAI4+E,GAAal9E,GAAK6M,GAAKmnE,GAAQoP,GAGnC,GAAa,QADbriC,EAAOsiC,EAAWtiC,EAAM,KACH,OAAO,KAgB5B,GAdAm8B,GAAcn8B,EAAK5jD,MAEnBimF,GAAkB,CACdpD,QAAWA,EACX,eAAgBa,EAChB,aAAcP,EACdzhE,KA1WJ,WACI,OAAO2oC,EAAK,OAAQs2B,EAChB6C,EACAE,EAFgB/C,KA0WpBoC,MAASA,EACTD,QAAWA,EACX,eAAgBU,EAChB,WA5VJ,WACI,OAAOn5B,EAAK,WAAYq5B,MA4VxB73B,OAtWJ,WACI,OAAOxB,EAAK,SAAUs2B,EAClBmC,EACAD,EAFkBlC,MAsWxB/8B,EAAKuiC,UAAYzC,GAEd9/B,EAAK0gC,OAAQ,CAId,GAHAxE,IACAl8B,EAAK0gC,QAAS,EACdzN,GAASoP,GAAgBlG,IACrBn8B,EAAK2hC,UAAY5F,IACjB,OAAOoF,GAAWlO,IAEtBjzB,EAAK0gC,QAAS,EAKlB,OAFAxE,IACAjJ,GAASoP,GAAgBlG,KACpBn8B,EAAK2hC,SAAW5F,IAAkB,KAChCoF,GAAWlO,GACtB,CA4CA,SAASqP,EAAWtiC,EAAMwiC,GACtB,SAASpsE,EAASiC,GACd,MAA+C,oBAAxCvR,OAAOhK,UAAUwL,SAAS1L,KAAKyb,GAO1C,SAASoqE,EAAY9uC,GACjB,OAAOA,QAGX,IAAI+uC,EAAU/uC,EAEd,GAAIv9B,EAAS4pC,GACTA,EAAO,CAAE5jD,MAAO4jD,QACb,IAZP,SAAkBrM,GACd,OAAOA,IAAM7sC,OAAO6sC,GAWZgvC,CAAS3iC,GACjB,OAAO,KAGX,IAAK5pC,EAAS4pC,EAAK5jD,OAAU,OAAO,KACpC,IAAKomF,EAAQ,OAAO,KAapB,IAAK7uC,KAXL+uC,EAAW,CACPhB,WAAW,EACXC,SAAS,EACTnB,WAAW,EACX1C,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,eACT7B,QAAQ,EACRC,iBAAiB,GAIb8B,EAAYziC,EAAKrM,MACjBqM,EAAKrM,GAAM8uC,EAAYD,EAAK7uC,IAAgB+uC,EAAS/uC,GAAnB6uC,EAAK7uC,IAG/C,OAAOqM,CACX,CAEA87B,EAAU8G,gBArFV,SAA+B5iC,GAC3B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EA+EAzG,EAAU+G,iBA7EV,SAAgC7iC,GAC5B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EAwEAzG,EAAUgH,UAtEV,SAAyB9iC,GACrB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,SAEjB,EAiEAzG,EAAUiH,YA/DV,SAA2B/iC,GACvB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,WAEjB,EAyDAzG,EAAUkH,aAvDV,SAA4BhjC,GACxB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,aAEjB,EAoDIlhD,UAAiBy6C,CAKrB,CAtiCA,MCKA,MAAMmH,GACO7mE,iBACT,OAAOU,EAAMlM,OAAOY,OAGtB5V,cAKEE,KAAK0V,OAAS,GAEd1V,KAAKmL,KAAO,GACZnL,KAAKonF,MAAQ,GACbpnF,KAAKwhE,QAAU,GASjB55C,kBAAkBlS,GAChB,GAAI2E,EAAKC,SAAS5E,IACfA,EAAOvK,OAASkP,EAAKC,SAAS5E,EAAOvK,OACrCuK,EAAO0xE,QAAU/sE,EAAKiF,eAAe5J,EAAO0xE,QAC5C1xE,EAAO8rD,UAAYnnD,EAAKC,SAAS5E,EAAO8rD,SACzC,MAAUt+D,MAAM,0BAElB,MAAM4R,EAAS,IAAIqyE,GACnBn8E,OAAO6lD,OAAO/7C,EAAQY,GACtB,MAAM2xE,EAAa,GAKnB,OAJIvyE,EAAO3J,MAAMk8E,EAAWxlF,KAAKiT,EAAO3J,MACpC2J,EAAO0sD,SAAS6lB,EAAWxlF,KAAK,IAAIiT,EAAO0sD,YAC3C1sD,EAAOsyE,OAAOC,EAAWxlF,KAAK,IAAIiT,EAAOsyE,UAC7CtyE,EAAOY,OAAS2xE,EAAW7lF,KAAK,KACzBsT,EAOT5T,KAAKgG,EAAOwd,EAASsB,IACnB,MAAMtQ,EAAS2E,EAAK+C,WAAWlW,GAC/B,GAAIwO,EAAOtU,OAASsjB,EAAOZ,gBACzB,MAAU5gB,MAAM,8BAElB,IACE,MAAMiI,KAAEA,EAAMg4E,QAASiE,EAAKhB,SAAEA,GAAakB,GAAeR,gBAAgB,CAAExmF,MAAOoV,EAAQmvE,iBAAiB,IAC5G7kF,KAAKwhE,QAAU4kB,EAASvkE,QAAQ,WAAY,IAC5C7hB,KAAKmL,KAAOA,EACZnL,KAAKonF,MAAQA,EACb,MAAO/iF,IACTrE,KAAK0V,OAASA,EAOhB5T,QACE,OAAOuY,EAAK0C,WAAW/c,KAAK0V,QAG9B6R,OAAOggE,GACL,OAAOA,GAAeA,EAAY7xE,SAAW1V,KAAK0V,QCzEtD,MAAM8xE,WAA2B1I,GACpBx+D,iBACT,OAAOU,EAAMlM,OAAOM,aAOtBtV,YAAYyyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtCjmB,MAAMwyE,EAAM7tD,IClBhB,MAAM+iE,GACOnnE,iBACT,OAAOU,EAAMlM,OAAOW,MAOtBvU,OACE,MAAM,IAAI6lD,GAAiB,mCAG7BjlD,QACE,MAAM,IAAIilD,GAAiB,oCCR/B,MAAMgwB,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAK5D,MAAMsU,GAIX5nF,YAAY6nF,GACV3nF,KAAKk3E,QAAUyQ,GAAc,IAAI1Q,GAOnCn1E,QACE,OAAO9B,KAAKk3E,QAAQp1E,QAQtBsX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMpE,UAAWhV,KAAK8B,aAASb,OAAWA,OAAWA,EAAWyjB,GAOrFkjE,mBACE,OAAO5nF,KAAKk3E,QAAQ/uE,KAAI2M,GAAUA,EAAOs/D,eActCjzE,eAAe0mF,IAAcC,iBAAEA,EAAgBC,gBAAEA,SAAiBrjE,KAAWsjE,IAClFtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIpkB,EAAQwnF,GAAoBC,EAChC,IAAKznF,EACH,MAAU4C,MAAM,8FAElB,GAAI4kF,IAAqBztE,EAAKC,SAASwtE,GACrC,MAAU5kF,MAAM,4DAElB,GAAI6kF,IAAoB1tE,EAAKzX,aAAamlF,GACxC,MAAU7kF,MAAM,+DAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAIsmF,EAAkB,CACpB,MAAM7tE,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQzlB,EAAOokB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMpE,UACvB,MAAU9R,MAAM,sCAElB5C,EAAQyJ,EAEV,MAAM49E,QAAmB1Q,GAAW2B,WAAWt4E,EAAOy2E,GAAgBryD,GACtE,OAAO,IAAIgjE,GAAUC,EACvB,CChFOxmF,eAAe+mF,GAAqBrjF,EAAS6f,GAClD,MAAM+5D,EAAqB,IAAI+I,GAAmB3iF,EAAQ0tE,KAAM7tD,GAKhE,OAJA+5D,EAAmBvH,QAAU,KAC7BuH,EAAmB30B,UAAY9oC,EAAMlf,MAAMkf,EAAM7O,UAAWtN,EAAQilD,iBAC9D20B,EAAmBruB,SAASvrD,EAAQsjF,QAAStjF,EAAQ4L,aACrDguE,EAAmBf,6BAClBe,CACT,CAEOt9E,eAAeinF,GAAkBvjF,EAAS6f,GAC/C,MAAM64D,EAAkB,IAAIuB,GAAgBj6E,EAAQ0tE,KAAM7tD,GAK1D,OAJA64D,EAAgBrG,QAAU,KAC1BqG,EAAgBzzB,UAAY9oC,EAAMlf,MAAMkf,EAAM7O,UAAWtN,EAAQilD,iBAC3DyzB,EAAgBntB,SAASvrD,EAAQsjF,QAAStjF,EAAQ4L,MAAO5L,EAAQ6f,cACjE64D,EAAgBG,6BACfH,CACT,CAWOp8E,eAAeknF,GAAwBC,EAAYn2E,EAAWkhE,EAAekV,EAAchW,EAAO,IAAI13D,KAAQ6J,GACnH,IAAI8jE,EACA/nE,EACJ,IAAK,IAAIxd,EAAIqlF,EAAWlnF,OAAS,EAAG6B,GAAK,EAAGA,IAC1C,MAEMulF,GAAeF,EAAWrlF,GAAG0wE,SAAW6U,EAAY7U,iBAEhD2U,EAAWrlF,GAAGq6C,OAAOnrC,EAAWkhE,EAAekV,EAAchW,OAAMtxE,EAAWyjB,GACpF8jE,EAAcF,EAAWrlF,IAE3B,MAAOoB,GACPoc,EAAYpc,EAGhB,IAAKmkF,EACH,MAAMnuE,EAAK6F,UACT,wBAAwBc,EAAM9f,KAAK8f,EAAMhM,UAAWq+D,uBAAmClhE,EAAUmjE,WAAWhuD,UACzGzF,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACyiC,EAAGmkC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3DloE,GAEJ,OAAO+nE,CACT,CAEO,SAASI,GAAcpL,EAAWxoE,EAAWu9D,EAAO,IAAI13D,MAC7D,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAiB,OAAbiE,EAAmB,CACrB,MAAMqS,EAAiBC,GAAqBtL,EAAWxoE,GACvD,QAASwoE,EAAU7J,SAAW6C,GAAYA,EAAWqS,GAEvD,OAAO,CACT,CASO1nF,eAAe4nF,GAAuBC,EAAQC,EAAYpkF,EAAS6f,GACxE,MAAMwkE,EAAa,GACnBA,EAAWryE,IAAMoyE,EACjBC,EAAWzjF,KAAOujF,EAClB,MAAMG,EAAsB,CAAE9V,cAAeryD,EAAMhM,UAAU2B,eACzD9R,EAAQk4C,MACVosC,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASS,UAC/CqwE,EAAoBzwE,wBAA0B0wE,GAAsBF,EAAY,KAAMF,EAAQ,CAC5F3V,cAAeryD,EAAMhM,UAAU4B,YAC9B/R,EAAQ0tE,UAAMtxE,OAAWA,OAAWA,EAAWyjB,IAElDykE,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASU,qBAAuBiI,EAAM3I,SAASW,gBAEnFnU,EAAQ4S,kBAAoB,IAC9B0xE,EAAoB1xE,kBAAoB5S,EAAQ4S,kBAChD0xE,EAAoBnV,iBAAkB,GAGxC,aADoCoV,GAAsBF,EAAY,KAAMD,EAAYE,EAAqBtkF,EAAQ0tE,UAAMtxE,OAAWA,OAAWA,EAAWyjB,EAE9J,CAYOvjB,eAAespD,GAAqB5zC,EAAK2mE,EAAWjL,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,GACzF,IAAI87B,EAAW97B,EAAOvC,uBAClBknE,EAAW7oC,EACf,GAAI3pC,EAAK,CACP,MAAMyyE,QAAoBzyE,EAAI0yE,eAAehX,EAAM78D,EAAQgP,GACvD4kE,EAAYE,kBAAkBzxE,2BAC/BsxE,GAAYC,EAAYE,kBAAkBzxE,wBAC3CyoC,EAAW9hC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkB25C,GAClFA,EAAW7oC,GAGjB,OAAQg9B,EAAU1zB,WAChB,KAAK9oC,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUf,QACnBi4E,EAAW3qE,GAAO+qE,0BAA0BjM,EAAU1zB,UAAW0zB,EAAUvuB,aAAajK,KAE5F,OAAOtmC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkB25C,GAC9EA,EAAW7oC,CACf,CAYOr/C,eAAeuoF,GAAiBzvE,EAAMmZ,EAAO,GAAIm/C,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IAChG,MAAM4jE,EAAc,CAClB12E,UAAa8N,EAAM9N,UAAUM,OAC7BkB,KAAQsM,EAAMtM,KAAKC,IACnBf,YAAeoN,EAAMpN,YAAYC,cACjCoG,GACI4vE,EAAsB,CAC1B32E,UAAawR,EAAOtC,4BACpB1N,KAAQgQ,EAAOlC,uBACf5O,YAAe8Q,EAAOrC,+BACtBpI,GACI6vE,EAAmB,CACvB52E,UAAa,+BACbwB,KAAQ,0BACRd,YAAe,kCACfqG,GAUF,aALgCha,QAAQ2H,IAAIwrB,EAAKjrB,KAAIhH,eAAe0V,EAAK5T,GACvE,MACM8mF,SADoBlzE,EAAI0yE,eAAehX,EAAMoX,EAAQ1mF,GAAIyhB,IAC5B8kE,kBAAkBM,GACrD,QAASC,GAAkBA,EAAexjF,QAAQsjF,IAAwB,OAEnDnrC,MAAMsrC,SAAWH,EAAsBD,CAClE,CAgBOzoF,eAAeioF,GAAsBF,EAAYzvE,EAAYwwE,EAAkBd,EAAqB5W,EAAM78D,EAAQ4+D,EAAY,GAAIl3B,GAAW,EAAO14B,GACzJ,GAAIulE,EAAiB1K,UACnB,MAAUr8E,MAAM,qCAElB,IAAK+mF,EAAiBrM,cACpB,MAAU16E,MAAM,iCAElB,MAAMgnF,EAAkB,IAAI9W,GAM5B,OALApoE,OAAO6lD,OAAOq5B,EAAiBf,GAC/Be,EAAgB3W,mBAAqB0W,EAAiBngC,UACtDogC,EAAgB5W,oBAAsB7oB,GAAqBhxC,EAAYwwE,EAAkB1X,EAAM78D,EAAQgP,GACvGwlE,EAAgB7V,aAAeC,QACzB4V,EAAgBntC,KAAKktC,EAAkBf,EAAY3W,EAAMn1B,GACxD8sC,CACT,CAUO/oF,eAAegpF,GAAgBC,EAAQh5B,EAAMytB,EAAMtM,EAAO,IAAI13D,KAAQwvE,IAC3ED,EAASA,EAAOvL,MAETztB,EAAKytB,GAAMz9E,aAGRnB,QAAQ2H,IAAIwiF,EAAOjiF,KAAIhH,eAAempF,GACrCA,EAAU3T,UAAUpE,IAAW8X,UAAiBA,EAAQC,IACxDl5B,EAAKytB,GAAM32E,MAAK,SAASqiF,GACxB,OAAOlwE,EAAKqD,iBAAiB6sE,EAAQtV,cAAeqV,EAAUrV,mBAElE7jB,EAAKytB,GAAMh9E,KAAKyoF,OAPpBl5B,EAAKytB,GAAQuL,EAYnB,CAkBOjpF,eAAeqpF,GAAcvB,EAAY5V,EAAekV,EAAckC,EAAaz1E,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,GAC3H7N,EAAMA,GAAOoyE,EACb,MAAMyB,EAAmB,GAwBzB,aAvBMzqF,QAAQ2H,IAAI6iF,EAAYtiF,KAAIhH,eAAewpF,GAC/C,IAUK31E,IAAa21E,EAAoBvW,YAAY7sD,OAAOvS,EAAUo/D,qBAEzDuW,EAAoBrtC,OACxBzmC,EAAKw8D,EAAekV,EAAc7jE,EAAO1B,kBAAoBuvD,EAAO,MAAM,EAAO7tD,GAInFgmE,EAAiB7oF,KAAK8oF,EAAoBvW,cAE5C,MAAO/vE,SAGP2Q,GACFA,EAAU8/D,UAAU4V,EAAiBxiF,MAAKsf,GAASA,EAAMD,OAAOvS,EAAUo/D,iBACxEp/D,EAAU8/D,UAAW,GAChB9/D,EAAU8/D,SAEZ4V,EAAiBtpF,OAAS,CACnC,CASO,SAAS0nF,GAAqBtL,EAAWxoE,GAC9C,IAAI6zE,EAKJ,OAHkC,IAA9B7zE,EAAUg/D,kBACZ6U,EAAiBrL,EAAU7J,QAAQz4D,UAA0C,IAA9BlG,EAAUyC,mBAEpDoxE,EAAiB,IAAIhuE,KAAKguE,GAAkBp9E,GACrD,CAwBO,SAASm/E,GAAmB/lF,EAASgmF,EAAiB,IAU3D,OATAhmF,EAAQoV,KAAOpV,EAAQoV,MAAQ4wE,EAAe5wE,KAC9CpV,EAAQ4L,MAAQ5L,EAAQ4L,OAASo6E,EAAep6E,MAChD5L,EAAQsjF,QAAUtjF,EAAQsjF,SAAW0C,EAAe1C,QACpDtjF,EAAQ4S,uBAAkDxW,IAA9B4D,EAAQ4S,kBAAkC5S,EAAQ4S,kBAAoBozE,EAAepzE,kBACjH5S,EAAQ43E,WAAapiE,EAAKC,SAASzV,EAAQ43E,YAAc53E,EAAQ43E,WAAaoO,EAAepO,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQsY,EAAetY,KAE9C1tE,EAAQk4C,KAAOl4C,EAAQk4C,OAAQ,EAEvBl4C,EAAQoV,MACd,IAAK,MACH,IACEpV,EAAQ4L,MAAQuQ,EAAMlf,MAAMkf,EAAMvQ,MAAO5L,EAAQ4L,OACjD,MAAOpM,GACP,MAAUnB,MAAM,iBAEd2B,EAAQ4L,QAAUuQ,EAAMvQ,MAAMS,eAAiBrM,EAAQ4L,QAAUuQ,EAAMvQ,MAAMa,mBAC/EzM,EAAQ4L,MAAQ5L,EAAQk4C,KAAO/7B,EAAMvQ,MAAMS,cAAgB8P,EAAMvQ,MAAMa,kBAErEzM,EAAQk4C,KACVl4C,EAAQilD,UAAYjlD,EAAQ4L,QAAUuQ,EAAMvQ,MAAMS,cAAgB8P,EAAM7O,UAAUQ,YAAcqO,EAAM7O,UAAUO,MAEhH7N,EAAQilD,UAAY9oC,EAAM7O,UAAUM,KAEtC,MACF,IAAK,MACH5N,EAAQilD,UAAY9oC,EAAM7O,UAAUC,eACpC,MACF,QACE,MAAUlP,MAAM,wBAAwB2B,EAAQoV,MAEpD,OAAOpV,CACT,CAEO,SAASimF,GAAwBtN,EAAWxoE,GACjD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUE,YACjCs9C,IAAY3uC,EAAM7O,UAAUI,SAC5Bo9C,IAAY3uC,EAAM7O,UAAUM,MAC5Bk9C,IAAY3uC,EAAM7O,UAAUY,UAC1BiC,EAAUqD,UAC4C,IAArDrD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASS,UAC9C,CAEO,SAASiyE,GAA2BvN,EAAWxoE,GACpD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUK,KACjCm9C,IAAY3uC,EAAM7O,UAAUG,SAC5Bq9C,IAAY3uC,EAAM7O,UAAUO,OAC5Bi9C,IAAY3uC,EAAM7O,UAAUQ,aAC5Bg9C,IAAY3uC,EAAM7O,UAAUf,WAC1B4D,EAAUqD,UACwD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC9C,CAEO,SAASgyE,GAA2Bh2E,EAAW0P,GACpD,QAAIA,EAAOzB,0CAKHjO,EAAUqD,UACkD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC5C,CASO,SAASiyE,GAAqBzN,EAAW94D,GAC9C,MAAMirC,EAAU3uC,EAAMlf,MAAMkf,EAAM7O,UAAWqrE,EAAU1zB,WACjDohC,EAAW1N,EAAUU,mBAC3B,GAAIx5D,EAAOP,0BAA0Bne,IAAI2pD,GACvC,MAAUzsD,MAASgoF,EAASphC,UAAZ,kCAElB,OAAQ6F,GACN,KAAK3uC,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACrB,KAAK0O,EAAM7O,UAAUE,WACnB,GAAI64E,EAAS1sE,KAAOkG,EAAO5B,WACzB,MAAU5f,MAAM,yBAAyBwhB,EAAO5B,4CAElD,MACF,KAAK9B,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUM,KACnB,GAAIiS,EAAON,aAAape,IAAIklF,EAASz6E,OACnC,MAAUvN,MAAM,eAAegoF,EAASphC,8BAA8BohC,EAASz6E,sBAMvF,CCjZA,MAAM06E,GACJrrF,YAAYsrF,EAAYC,GACtBrrF,KAAK0V,OAAS01E,EAAWtrF,YAAYwgB,MAAQU,EAAMlM,OAAOY,OAAS01E,EAAa,KAChFprF,KAAK4V,cAAgBw1E,EAAWtrF,YAAYwgB,MAAQU,EAAMlM,OAAOc,cAAgBw1E,EAAa,KAC9FprF,KAAKsrF,mBAAqB,GAC1BtrF,KAAKurF,oBAAsB,GAC3BvrF,KAAKwrF,qBAAuB,GAC5BxrF,KAAKqrF,QAAUA,EAOjBI,eACE,MAAM9D,EAAa,IAAI1Q,GAKvB,OAJA0Q,EAAW9lF,KAAK7B,KAAK0V,QAAU1V,KAAK4V,eACpC+xE,EAAW9lF,QAAQ7B,KAAKwrF,sBACxB7D,EAAW9lF,QAAQ7B,KAAKsrF,oBACxB3D,EAAW9lF,QAAQ7B,KAAKurF,qBACjB5D,EAOThmF,QACE,MAAM+pF,EAAO,IAAIP,GAAKnrF,KAAK0V,QAAU1V,KAAK4V,cAAe5V,KAAKqrF,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAItrF,KAAKsrF,oBACnCI,EAAKH,oBAAsB,IAAIvrF,KAAKurF,qBACpCG,EAAKF,qBAAuB,IAAIxrF,KAAKwrF,sBAC9BE,EAWTvqF,cAAcwqF,EAAapZ,EAAM7tD,GAC/B,MAAMukE,EAAajpF,KAAKqrF,QAAQ7N,UAC1B0L,EAAa,CACjBxzE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,cACpBiB,IAAKoyE,GAEDyC,EAAO,IAAIP,GAAKjC,EAAWxzE,QAAUwzE,EAAWtzE,cAAe5V,KAAKqrF,SAgB1E,OAfAK,EAAKH,0BAA4BtrF,QAAQ2H,IAAI+jF,EAAYxjF,KAAIhH,eAAesY,GAC1E,IAAKA,EAAWmyE,YACd,MAAU1oF,MAAM,gCAElB,GAAIuW,EAAWukE,qBAAqBiL,GAClC,MAAU/lF,MAAM,+DAElB,MAAM2oF,QAAmBpyE,EAAWqyE,mBAAc7qF,EAAWsxE,OAAMtxE,EAAWyjB,GAC9E,OAAO0kE,GAAsBF,EAAYzvE,EAAYoyE,EAAWrO,UAAW,CAEzEnK,cAAeryD,EAAMhM,UAAUsB,YAC/B+B,SAAU,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,WACtDy5D,OAAMtxE,OAAWA,OAAWA,EAAWyjB,aAEtCgnE,EAAKhkD,OAAO1nC,KAAMuyE,EAAM7tD,GACvBgnE,EAeTvqF,gBAAgB4qF,EAAavO,EAAWjL,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClE,MAAMijE,EAAajpF,KAAKqrF,QAAQ7N,UAChC,OAAOgN,GAAcvB,EAAYjoE,EAAMhM,UAAU0B,eAAgB,CAC/DG,IAAKoyE,EACLvzE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,eACnB5V,KAAKwrF,qBAAsBO,EAAavO,EAAWjL,EAAM7tD,GAa9DvjB,wBAAwB4qF,EAAaC,EAAkBzZ,EAAO,IAAI13D,KAAQ6J,GACxE,MAAM0zD,EAAOp4E,KACPipF,EAAajpF,KAAKqrF,QAAQ7N,UAC1B+K,EAAe,CACnB7yE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,cACpBiB,IAAKoyE,IAED7U,YAAEA,GAAgB2X,EAClBE,EAAaD,EAAiB5kF,QAAOyP,GAAOA,EAAIq1E,QAAQ9X,GAAahzE,OAAS,IACpF,OAA0B,IAAtB6qF,EAAW7qF,OACN,YAEHnB,QAAQ2H,IAAIqkF,EAAW9jF,KAAIhH,UAC/B,MAAM0qF,QAAmBh1E,EAAIi1E,cAAc1X,EAAa2X,EAAYpY,aAAS1yE,EAAWyjB,GACxF,GAAIqnE,EAAYjX,eAAiBsD,EAAK+T,UAAUJ,EAAaF,EAAWrO,UAAWjL,EAAM7tD,GACvF,MAAUxhB,MAAM,+BAElB,UACQ6oF,EAAYzuC,OAAOuuC,EAAWrO,UAAWx8D,EAAMhM,UAAUsB,YAAaiyE,EAAchW,OAAMtxE,EAAWyjB,GAC3G,MAAOrgB,GACP,MAAMgW,EAAK6F,UAAU,8BAA+B7b,SAGjD,GAeTlD,8BAA8B6qF,EAAkBzZ,EAAO,IAAI13D,KAAQ6J,GACjE,MAAM0zD,EAAOp4E,KACPosF,EAAiBpsF,KAAKsrF,mBAAmB9kF,OAAOxG,KAAKurF,qBAC3D,OAAOtrF,QAAQ2H,IAAIwkF,EAAejkF,KAAIhH,WACpCqmB,MAAO6kE,EAAcjY,YACrBkY,YAAalU,EAAKmU,kBAAkBF,EAAeL,EAAkBzZ,EAAM7tD,GAAQtkB,OAAM,KAAM,SAanGe,aAAaoxE,EAAO,IAAI13D,KAAQ6J,GAC9B,IAAK1kB,KAAKsrF,mBAAmBlqF,OAC3B,MAAU8B,MAAM,gCAElB,MAAMk1E,EAAOp4E,KACPipF,EAAajpF,KAAKqrF,QAAQ7N,UAC1B+K,EAAe,CACnB7yE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,cACpBiB,IAAKoyE,GAGP,IAAIxoE,EACJ,IAAK,IAAIxd,EAAIjD,KAAKsrF,mBAAmBlqF,OAAS,EAAG6B,GAAK,EAAGA,IACvD,IACE,MAAMumF,EAAoBxpF,KAAKsrF,mBAAmBroF,GAClD,GAAIumF,EAAkB1U,eAAiBsD,EAAK+T,UAAU3C,OAAmBvoF,EAAWsxE,EAAM7tD,GACxF,MAAUxhB,MAAM,iCAElB,UACQsmF,EAAkBlsC,OAAO2rC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,OAAMtxE,EAAWyjB,GACvG,MAAOrgB,GACP,MAAMgW,EAAK6F,UAAU,gCAAiC7b,GAExD,OAAO,EACP,MAAOA,GACPoc,EAAYpc,EAGhB,MAAMoc,EAWRtf,aAAaqrF,EAAYja,EAAM7tD,GAC7B,MAAMukE,EAAajpF,KAAKqrF,QAAQ7N,UAC1B+K,EAAe,CACnB7yE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,cACpBiB,IAAKoyE,SAGDkB,GAAgBqC,EAAYxsF,KAAM,qBAAsBuyE,GAAMpxE,eAAesrF,GACjF,IAEE,aADMA,EAAWnvC,OAAO2rC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,GAAM,EAAO7tD,IACrF,EACP,MAAOrgB,GACP,OAAO,YAIL8lF,GAAgBqC,EAAYxsF,KAAM,sBAAuBuyE,SAEzD4X,GAAgBqC,EAAYxsF,KAAM,uBAAwBuyE,GAAM,SAASma,GAC7E,OAAOlC,GAAcvB,EAAYjoE,EAAMhM,UAAU0B,eAAgB6xE,EAAc,CAACmE,QAAYzrF,OAAWA,EAAWsxE,EAAM7tD,MAe5HvjB,aACE8nF,GAEE0D,KAAMnY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DkzE,OAAQnY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAMkjE,EAAa,CACjBxzE,OAAQ1V,KAAK0V,OACbE,cAAe5V,KAAK4V,cACpBiB,IAAKoyE,GAEDyC,EAAO,IAAIP,GAAKjC,EAAWxzE,QAAUwzE,EAAWtzE,cAAe5V,KAAKqrF,SAO1E,OANAK,EAAKF,qBAAqB3pF,WAAWunF,GAAsBF,EAAY,KAAMD,EAAY,CACvF5V,cAAeryD,EAAMhM,UAAU0B,eAC/B89D,wBAAyBxzD,EAAMlf,MAAMkf,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMtxE,OAAWA,GAAW,EAAOyjB,UAChCgnE,EAAKhkD,OAAO1nC,MACX0rF,GC1PX,MAAMmB,GAKJ/sF,YAAYgtF,EAAczB,GACxBrrF,KAAKw9E,UAAYsP,EACjB9sF,KAAK+sF,kBAAoB,GACzB/sF,KAAKwrF,qBAAuB,GAC5BxrF,KAAKqrF,QAAUA,EAOjBI,eACE,MAAM9D,EAAa,IAAI1Q,GAIvB,OAHA0Q,EAAW9lF,KAAK7B,KAAKw9E,WACrBmK,EAAW9lF,QAAQ7B,KAAKwrF,sBACxB7D,EAAW9lF,QAAQ7B,KAAK+sF,mBACjBpF,EAOThmF,QACE,MAAMqnF,EAAS,IAAI6D,GAAO7sF,KAAKw9E,UAAWx9E,KAAKqrF,SAG/C,OAFArC,EAAO+D,kBAAoB,IAAI/sF,KAAK+sF,mBACpC/D,EAAOwC,qBAAuB,IAAIxrF,KAAKwrF,sBAChCxC,EAeT7nF,gBAAgB6T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAMijE,EAAajpF,KAAKqrF,QAAQ7N,UAChC,OAAOwP,GACL/D,EAAYjoE,EAAMhM,UAAU+B,iBAAkB,CAC5CF,IAAKoyE,EACLxjF,KAAMzF,KAAKw9E,WACVx9E,KAAKwrF,qBAAsBx2E,EAAW6B,EAAK07D,EAAM7tD,GAaxDvjB,aAAaoxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAMijE,EAAajpF,KAAKqrF,QAAQ7N,UAC1B+K,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAMzF,KAAKw9E,WAE7CyP,QAAyBC,GAA+BltF,KAAK+sF,kBAAmB9D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAErJ,GAAIuoE,EAAiBnY,eAAiB90E,KAAKmsF,UAAUc,EAAkB,KAAM1a,EAAM7tD,GACjF,MAAUxhB,MAAM,qBAGlB,GAAIiqF,GAAqBntF,KAAKw9E,UAAWyP,EAAkB1a,GACzD,MAAUrvE,MAAM,qBAElB,OAAO+pF,EAWT9rF,wBAAwBoxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,MAAMijE,EAAajpF,KAAKqrF,QAAQ7N,UAC1B+K,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAMzF,KAAKw9E,WACnD,IAAIyP,EACJ,IACEA,QAAyBC,GAA+BltF,KAAK+sF,kBAAmB9D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAC/I,MAAOrgB,GACP,OAAO,KAET,MAAM+oF,EAAYC,GAA4BrtF,KAAKw9E,UAAWyP,GACxDK,EAAYL,EAAiBxW,oBACnC,OAAO2W,EAAYE,EAAYF,EAAYE,EAW7CnsF,aAAa6nF,EAAQzW,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC/C,MAAMijE,EAAajpF,KAAKqrF,QAAQ7N,UAChC,IAAKx9E,KAAKg+E,qBAAqBgL,GAC7B,MAAU9lF,MAAM,2DAGdlD,KAAKw9E,UAAU19E,YAAYwgB,MAAQU,EAAMlM,OAAOa,cAChDqzE,EAAOxL,UAAU19E,YAAYwgB,MAAQU,EAAMlM,OAAOM,eACpDpV,KAAKw9E,UAAYwL,EAAOxL,WAG1B,MAAMpF,EAAOp4E,KACPuoF,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAM2yE,EAAKoF,iBAC7C+P,GAAuBvE,EAAQhpF,KAAM,oBAAqBuyE,GAAMpxE,eAAeqsF,GACnF,IAAK,IAAIvqF,EAAI,EAAGA,EAAIm1E,EAAK2U,kBAAkB3rF,OAAQ6B,IACjD,GAAIm1E,EAAK2U,kBAAkB9pF,GAAGmxE,YAAY7sD,OAAOimE,EAAWpZ,aAI1D,OAHIoZ,EAAW7Z,QAAUyE,EAAK2U,kBAAkB9pF,GAAG0wE,UACjDyE,EAAK2U,kBAAkB9pF,GAAKuqF,IAEvB,EAGX,IAEE,aADMA,EAAWlwC,OAAO2rC,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,OAAMtxE,EAAWyjB,IAC3F,EACP,MAAOrgB,GACP,OAAO,YAILkpF,GAAuBvE,EAAQhpF,KAAM,uBAAwBuyE,GAAM,SAASma,GAChF,OAAOM,GAAqB/D,EAAYjoE,EAAMhM,UAAU+B,iBAAkBwxE,EAAc,CAACmE,QAAYzrF,OAAWA,EAAWsxE,EAAM7tD,MAerIvjB,aACE8nF,GAEE0D,KAAMnY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DkzE,OAAQnY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAMkjE,EAAa,CAAEryE,IAAKoyE,EAAYxjF,KAAMzF,KAAKw9E,WAC3CwL,EAAS,IAAI6D,GAAO7sF,KAAKw9E,UAAWx9E,KAAKqrF,SAO/C,OANArC,EAAOwC,qBAAqB3pF,WAAW4rF,GAA6BvE,EAAY,KAAMD,EAAY,CAChG5V,cAAeryD,EAAMhM,UAAU+B,iBAC/By9D,wBAAyBxzD,EAAMlf,MAAMkf,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMtxE,OAAWA,GAAW,EAAOyjB,UAChCskE,EAAOthD,OAAO1nC,MACbgpF,EAGThL,qBAAqBC,GACnB,OAAOj+E,KAAKw9E,UAAUQ,qBAAqBC,EAAMT,WAAaS,IAIlE,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe76E,SAAQ+H,IAC3F0hF,GAAO7rF,UAAUmK,GACf,WACE,OAAOnL,KAAKw9E,UAAUryE,KACvB,IC/KL,MAAMuiF,gBAAyCrzE,EAAK8F,wBAAwB,CAACizD,KACvEua,GAAoB,IAAItqE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,aAClEm0E,GAAgB,IAAIvqE,IAAI,CAC5BrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,WACrCuH,EAAMlM,OAAOa,aAAcqL,EAAMlM,OAAO+4E,gBAY1C,MAAMC,GAMJC,sBAAsBpG,EAAYqG,EAAoB,IAAI3qE,KACxD,IAAIqoE,EACAuC,EACAjF,EACAkF,EAEJ,IAAK,MAAMp5E,KAAU6yE,EAAY,CAE/B,GAAI7yE,aAAkBoyC,GAAmB,CACR0mC,GAAc5nF,IAAI8O,EAAOwL,OACzB4tE,IAI3BA,EADEP,GAAkB3nF,IAAI8O,EAAOwL,KACjBqtE,GAEAC,IAGlB,SAGF,MAAMttE,EAAMxL,EAAOhV,YAAYwgB,IAC/B,GAAI4tE,EAAa,CACf,IAAKA,EAAYloF,IAAIsa,GAAM,SAC3B4tE,EAAc,KAEhB,GAAIF,EAAkBhoF,IAAIsa,GACxB,MAAUpd,MAAM,2BAA2Bod,GAE7C,OAAQA,GACN,KAAKU,EAAMlM,OAAO3C,UAClB,KAAK6O,EAAMlM,OAAOK,UAChB,GAAInV,KAAKw9E,UACP,MAAUt6E,MAAM,oCAIlB,GAFAlD,KAAKw9E,UAAY1oE,EACjBm5E,EAAejuF,KAAKs1E,YACf2Y,EACH,MAAU/qF,MAAM,kBAElB,MACF,KAAK8d,EAAMlM,OAAOY,OAClB,KAAKsL,EAAMlM,OAAOc,cAChB81E,EAAO,IAAIP,GAAKr2E,EAAQ9U,MACxBA,KAAKmuF,MAAMtsF,KAAK6pF,GAChB,MACF,KAAK1qE,EAAMlM,OAAOa,aAClB,KAAKqL,EAAMlM,OAAOM,aAChBs2E,EAAO,KACP1C,EAAS,IAAI6D,GAAO/3E,EAAQ9U,MAC5BA,KAAKouF,QAAQvsF,KAAKmnF,GAClB,MACF,KAAKhoE,EAAMlM,OAAOE,UAChB,OAAQF,EAAOu+D,eACb,KAAKryD,EAAMhM,UAAUsB,YACrB,KAAK0K,EAAMhM,UAAUuB,YACrB,KAAKyK,EAAMhM,UAAUwB,WACrB,KAAKwK,EAAMhM,UAAUyB,aACnB,IAAKi1E,EAAM,CACTrxE,EAAK0D,WAAW,mEAChB,SAEEjJ,EAAOs/D,YAAY7sD,OAAO0mE,GAC5BvC,EAAKJ,mBAAmBzpF,KAAKiT,GAE7B42E,EAAKH,oBAAoB1pF,KAAKiT,GAEhC,MACF,KAAKkM,EAAMhM,UAAU0B,eACfg1E,EACFA,EAAKF,qBAAqB3pF,KAAKiT,GAE/B9U,KAAKquF,iBAAiBxsF,KAAKiT,GAE7B,MACF,KAAKkM,EAAMhM,UAAU6B,IACnB7W,KAAKquF,iBAAiBxsF,KAAKiT,GAC3B,MACF,KAAKkM,EAAMhM,UAAU2B,cACnB,IAAKqyE,EAAQ,CACX3uE,EAAK0D,WAAW,qEAChB,SAEFirE,EAAO+D,kBAAkBlrF,KAAKiT,GAC9B,MACF,KAAKkM,EAAMhM,UAAU8B,cACnB9W,KAAKwrF,qBAAqB3pF,KAAKiT,GAC/B,MACF,KAAKkM,EAAMhM,UAAU+B,iBACnB,IAAKiyE,EAAQ,CACX3uE,EAAK0D,WAAW,wEAChB,SAEFirE,EAAOwC,qBAAqB3pF,KAAKiT,MAY7C22E,eACE,MAAM9D,EAAa,IAAI1Q,GAMvB,OALA0Q,EAAW9lF,KAAK7B,KAAKw9E,WACrBmK,EAAW9lF,QAAQ7B,KAAKwrF,sBACxB7D,EAAW9lF,QAAQ7B,KAAKquF,kBACxBruF,KAAKmuF,MAAMhmF,KAAIujF,GAAQ/D,EAAW9lF,QAAQ6pF,EAAKD,kBAC/CzrF,KAAKouF,QAAQjmF,KAAI6gF,GAAUrB,EAAW9lF,QAAQmnF,EAAOyC,kBAC9C9D,EAQThmF,MAAM2sF,GAAqB,GACzB,MAAMz3E,EAAM,IAAI7W,KAAKF,YAAYE,KAAKyrF,gBAiBtC,OAhBI6C,GACFz3E,EAAIq1E,UAAU9oF,SAAQ8Y,IAMpB,GAJAA,EAAEshE,UAAYxyE,OAAOw6B,OACnBx6B,OAAOujF,eAAeryE,EAAEshE,WACxBxyE,OAAOE,0BAA0BgR,EAAEshE,aAEhCthE,EAAEshE,UAAUI,cAAe,OAEhC,MAAM3tB,EAAgB,GACtBjlD,OAAOooB,KAAKlX,EAAEshE,UAAUvtB,eAAe7sD,SAAQ+H,IAC7C8kD,EAAc9kD,GAAQ,IAAItI,WAAWqZ,EAAEshE,UAAUvtB,cAAc9kD,GAAM,IAEvE+Q,EAAEshE,UAAUvtB,cAAgBA,CAAa,IAGtCp5C,EAST23E,WAAWhnE,EAAQ,MAIjB,OAHgBxnB,KAAKouF,QAAQhnF,QAAO4hF,IACjCxhE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GAAO,KAW9C0kE,QAAQ1kE,EAAQ,MACd,MAAM4L,EAAO,GAIb,OAHK5L,IAASxnB,KAAKs1E,WAAW/tD,OAAOC,GAAO,IAC1C4L,EAAKvxB,KAAK7B,MAELozB,EAAK5sB,OAAOxG,KAAKwuF,WAAWhnE,IAOrCinE,YACE,OAAOzuF,KAAKksF,UAAU/jF,KAAI0O,GAAOA,EAAIy+D,aAOvCoZ,aACE,OAAO1uF,KAAKmuF,MAAMhmF,KAAIujF,GACbA,EAAKh2E,OAASg2E,EAAKh2E,OAAOA,OAAS,OACzCtO,QAAOsO,GAAqB,OAAXA,IAOtB5T,QACE,OAAO9B,KAAKyrF,eAAe3pF,QAa7BX,oBAAoBqmB,EAAQ,KAAM+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UACnEhmB,KAAK2uF,iBAAiBpc,EAAM78D,EAAQgP,GAC1C,MAAMukE,EAAajpF,KAAKw9E,UAClB4Q,EAAUpuF,KAAKouF,QAAQ1sF,QAAQktF,MAAK,CAACtgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUoF,EACnB,IAAK5mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAMujF,EAAOxL,WAC/CyP,QAAyBC,GAC7BlE,EAAO+D,kBAAmB9D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAE3F,IAAKmqE,GAA+B7F,EAAOxL,UAAWyP,GACpD,SAEF,IAAKA,EAAiBv0E,kBACpB,MAAUxV,MAAM,8BAOlB,aAJMgqF,GACJ,CAACD,EAAiBv0E,mBAAoBswE,EAAOxL,UAAWx8D,EAAMhM,UAAU4B,WAAY2xE,EAAchW,EAAM7tD,GAE1GoqE,GAA4B9F,EAAOxL,UAAW94D,GACvCskE,EACP,MAAO3kF,GACPoc,EAAYpc,EAKlB,IACE,MAAMilF,QAAoBtpF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCqnE,GAA+B5F,EAAYK,EAAYE,mBAEzD,OADAsF,GAA4B7F,EAAYvkE,GACjC1kB,KAET,MAAOqE,GACPoc,EAAYpc,EAEd,MAAMgW,EAAK6F,UAAU,kDAAoDlgB,KAAKs1E,WAAWhuD,QAAS7G,GAapGtf,uBAAuBqmB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UAC/DhmB,KAAK2uF,iBAAiBpc,EAAM78D,EAAQgP,GAC1C,MAAMukE,EAAajpF,KAAKw9E,UAElB4Q,EAAUpuF,KAAKouF,QAAQ1sF,QAAQktF,MAAK,CAACtgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUoF,EACnB,IAAK5mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAMujF,EAAOxL,WAC/CyP,QAAyBC,GAA+BlE,EAAO+D,kBAAmB9D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GACvJ,GAAIqqE,GAAkC/F,EAAOxL,UAAWyP,GAEtD,OADA6B,GAA4B9F,EAAOxL,UAAW94D,GACvCskE,EAET,MAAO3kF,GACPoc,EAAYpc,EAKlB,IAEE,MAAMilF,QAAoBtpF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCunE,GAAkC9F,EAAYK,EAAYE,mBAE5D,OADAsF,GAA4B7F,EAAYvkE,GACjC1kB,KAET,MAAOqE,GACPoc,EAAYpc,EAEd,MAAMgW,EAAK6F,UAAU,qDAAuDlgB,KAAKs1E,WAAWhuD,QAAS7G,GAevGtf,gBAAgB6T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,OAAOgnE,GACLhtF,KAAKw9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK7W,KAAKw9E,WAAax9E,KAAKwrF,qBAAsBx2E,EAAW6B,EAAK07D,EAAM7tD,GAa7HvjB,uBAAuBoxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC9D,MAAMijE,EAAajpF,KAAKw9E,UAExB,SAAUx9E,KAAKmsF,UAAU,KAAM,KAAM5Z,EAAM7tD,GACzC,MAAUxhB,MAAM,0BAGlB,MAAMsmF,kBAAEA,SAA4BxpF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAEtE,GAAIyoE,GAAqBlE,EAAYO,EAAmBjX,GACtD,MAAUrvE,MAAM,0BAGlB,MAAM8rF,QAAwB9B,GAC5BltF,KAAKquF,iBAAkBpF,EAAYjoE,EAAMhM,UAAU6B,IAAK,CAAEA,IAAKoyE,GAAc1W,EAAM7tD,GACnFtkB,OAAM,SAER,GAAI4uF,GAAmB7B,GAAqBlE,EAAY+F,EAAiBzc,GACvE,MAAUrvE,MAAM,0BAYpB/B,wBAAwBuU,EAAQgP,EAASsB,IACvC,IAAIipE,EACJ,IACE,MAAMzF,kBAAEA,SAA4BxpF,KAAKupF,eAAe,KAAM7zE,EAAQgP,GAChEwqE,EAAmB7B,GAA4BrtF,KAAKw9E,UAAWgM,GAC/D2F,EAAgB3F,EAAkB/S,oBAClCuY,QAAwB9B,GAC5BltF,KAAKquF,iBAAkBruF,KAAKw9E,UAAWx8D,EAAMhM,UAAU6B,IAAK,CAAEA,IAAK7W,KAAKw9E,WAAa,KAAM94D,GAC3FtkB,OAAM,SACR,GAAI4uF,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4BrtF,KAAKw9E,UAAWwR,GAGvEC,EAAmBtjF,KAAKmyC,IAAIoxC,EAAkBC,EAAeC,QAE7DH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,EAE3E,MAAO9qF,GACP4qF,EAAmB,KAGrB,OAAO50E,EAAKc,cAAc8zE,GAiB5B9tF,qBAAqBoxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC5D,MAAMijE,EAAajpF,KAAKw9E,UAClB2Q,EAAQ,GACd,IAAI1tE,EACJ,IAAK,IAAIxd,EAAI,EAAGA,EAAIjD,KAAKmuF,MAAM/sF,OAAQ6B,IACrC,IACE,MAAMyoF,EAAO1rF,KAAKmuF,MAAMlrF,GACxB,IAAKyoF,EAAKh2E,OACR,SAEF,QACmBzU,IAAhByU,EAAOvK,MAAsBugF,EAAKh2E,OAAOvK,OAASuK,EAAOvK,WACxClK,IAAjByU,EAAO0xE,OAAuBsE,EAAKh2E,OAAO0xE,QAAU1xE,EAAO0xE,YACxCnmF,IAAnByU,EAAO8rD,SAAyBkqB,EAAKh2E,OAAO8rD,UAAY9rD,EAAO8rD,QAEhE,MAAUt+D,MAAM,iDAElB,MAAMqlF,EAAe,CAAE7yE,OAAQg2E,EAAKh2E,OAAQmB,IAAKoyE,GAC3CO,QAA0B0D,GAA+BxB,EAAKJ,mBAAoBrC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,EAAM7tD,GACrJypE,EAAMtsF,KAAK,CAAE6d,MAAOzc,EAAGyoF,OAAMlC,sBAC7B,MAAOnlF,GACPoc,EAAYpc,EAGhB,IAAK8pF,EAAM/sF,OACT,MAAMqf,GAAiBvd,MAAM,qCAEzBjD,QAAQ2H,IAAIumF,EAAMhmF,KAAIhH,eAAgBmN,GAC1C,OAAOA,EAAEk7E,kBAAkB1U,SAAWxmE,EAAEo9E,KAAKS,UAAU79E,EAAEk7E,kBAAmB,KAAMjX,EAAM7tD,OAG1F,MAAM4kE,EAAc6E,EAAMS,MAAK,SAAStgF,EAAGJ,GACzC,MAAMg/B,EAAI5+B,EAAEk7E,kBACNr8C,EAAIj/B,EAAEs7E,kBACZ,OAAOr8C,EAAE2nC,QAAU5nC,EAAE4nC,SAAW5nC,EAAEqnC,gBAAkBpnC,EAAEonC,iBAAmBrnC,EAAEymC,QAAUxmC,EAAEwmC,WACtFriD,OACGo6D,KAAEA,EAAMlC,kBAAmB6F,GAAS/F,EAC1C,GAAI+F,EAAKva,eAAiB4W,EAAKS,UAAUkD,EAAM,KAAM9c,EAAM7tD,GACzD,MAAUxhB,MAAM,2BAElB,OAAOomF,EAgBTnoF,aAAamuF,EAAW/c,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,IAAKhmB,KAAKg+E,qBAAqBsR,GAC7B,MAAUpsF,MAAM,4DAElB,IAAKlD,KAAK4rF,aAAe0D,EAAU1D,YAAa,CAQ9C,KANe5rF,KAAKouF,QAAQhtF,SAAWkuF,EAAUlB,QAAQhtF,QAClDpB,KAAKouF,QAAQ1vC,OAAM6wC,GACXD,EAAUlB,QAAQlmF,MAAKsnF,GACrBD,EAAWvR,qBAAqBwR,QAI/C,MAAUtsF,MAAM,iEAGlB,OAAOosF,EAAU5nD,OAAO1nC,KAAM0kB,GAMhC,MAAM+qE,EAAazvF,KAAK2B,QA0CxB,aAxCM4rF,GAAuB+B,EAAWG,EAAY,uBAAwBld,GAAMma,GACzEM,GAAqByC,EAAWjS,UAAWx8D,EAAMhM,UAAU8B,cAAe24E,EAAY,CAAC/C,GAAY,KAAM4C,EAAU9R,UAAWjL,EAAM7tD,WAGvI6oE,GAAuB+B,EAAWG,EAAY,mBAAoBld,SAElEtyE,QAAQ2H,IAAI0nF,EAAUnB,MAAMhmF,KAAIhH,UAGpC,MAAMuuF,EAAgBD,EAAWtB,MAAM/mF,QAAOuoF,GAC3CC,EAAQl6E,QAAUk6E,EAAQl6E,OAAO6R,OAAOooE,EAAQj6E,SAChDk6E,EAAQh6E,eAAiBg6E,EAAQh6E,cAAc2R,OAAOooE,EAAQ/5E,iBAEjE,GAAI85E,EAActuF,OAAS,QACnBnB,QAAQ2H,IACZ8nF,EAAcvnF,KAAI0nF,GAAgBA,EAAanoD,OAAOkoD,EAASrd,EAAM7tD,UAElE,CACL,MAAMorE,EAAUF,EAAQjuF,QACxBmuF,EAAQzE,QAAUoE,EAClBA,EAAWtB,MAAMtsF,KAAKiuF,cAIpB7vF,QAAQ2H,IAAI0nF,EAAUlB,QAAQjmF,KAAIhH,UAEtC,MAAM4uF,EAAkBN,EAAWrB,QAAQhnF,QAAO4oF,GAChDA,EAAUhS,qBAAqBwR,KAEjC,GAAIO,EAAgB3uF,OAAS,QACrBnB,QAAQ2H,IACZmoF,EAAgB5nF,KAAI8nF,GAAkBA,EAAevoD,OAAO8nD,EAAWjd,EAAM7tD,UAE1E,CACL,MAAMwrE,EAAYV,EAAU7tF,QAC5BuuF,EAAU7E,QAAUoE,EACpBA,EAAWrB,QAAQvsF,KAAKquF,QAIrBT,EAWTtuF,+BAA+BoxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMuiE,EAAe,CAAE1xE,IAAK7W,KAAKw9E,WAC3BmN,QAA4BuC,GAA+BltF,KAAKwrF,qBAAsBxrF,KAAKw9E,UAAWx8D,EAAMhM,UAAU8B,cAAeyxE,EAAchW,EAAM7tD,GACzJijE,EAAa,IAAI1Q,GAEvB,OADA0Q,EAAW9lF,KAAK8oF,GACTvxE,GAAM4H,EAAM5H,MAAMjH,UAAWw1E,EAAW7lF,QAAS,KAAM,KAAM,oCAatEX,iCAAiCgvF,EAAuB5d,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClF,MAAM1lB,QAAcylB,GAAQoqE,EAAuBzrE,GAE7CimE,SADmB1T,GAAW2B,WAAWt4E,EAAMyJ,KAAM2jF,GAA0BhpE,IAC9CszD,WAAWh3D,EAAMlM,OAAOE,WAC/D,IAAK21E,GAAuBA,EAAoBtX,gBAAkBryD,EAAMhM,UAAU8B,cAChF,MAAU5T,MAAM,8CAElB,IAAKynF,EAAoBvW,YAAY7sD,OAAOvnB,KAAKs1E,YAC/C,MAAUpyE,MAAM,2CAElB,UACQynF,EAAoBrtC,OAAOt9C,KAAKw9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK7W,KAAKw9E,WAAajL,OAAMtxE,EAAWyjB,GAC1H,MAAOrgB,GACP,MAAMgW,EAAK6F,UAAU,wCAAyC7b,GAEhE,MAAMwS,EAAM7W,KAAK2B,QAEjB,OADAkV,EAAI20E,qBAAqB3pF,KAAK8oF,GACvB9zE,EAYT1V,sBAAsBivF,EAAa7d,EAAM78D,EAAQgP,EAASsB,IACxD,MAAMtG,MAAEA,EAAKgsE,KAAEA,SAAe1rF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAC1D2rE,QAAiB3E,EAAK4E,QAAQF,EAAa7d,EAAM7tD,GACjD7N,EAAM7W,KAAK2B,QAEjB,OADAkV,EAAIs3E,MAAMzuE,GAAS2wE,EACZx5E,EAWT1V,mBAAmBivF,EAAa7d,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAMnP,EAAM7W,KAAK2B,QAIjB,OAHAkV,EAAIs3E,YAAcluF,QAAQ2H,IAAI5H,KAAKmuF,MAAMhmF,KAAI,SAASujF,GACpD,OAAOA,EAAK4E,QAAQF,EAAa7d,EAAM7tD,OAElC7N,EAkBT1V,wBAAwB6qF,EAAkBzZ,EAAO,IAAI13D,KAAQnF,EAAQgP,EAASsB,IAC5E,MAAMijE,EAAajpF,KAAKw9E,WAClBkO,KAAEA,SAAe1rF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAIzD,OAHgBsnE,QACRN,EAAK6E,wBAAwBvE,EAAkBzZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYgX,YAAaZ,EAAKpuC,OAAOi1B,EAAM7tD,GAAQtkB,OAAM,KAAM,MAmBxFe,qBAAqB6qF,EAAkBzZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACjE,MAAMijE,EAAajpF,KAAKw9E,UAClBgT,EAAU,GAehB,aAdMvwF,QAAQ2H,IAAI5H,KAAKmuF,MAAMhmF,KAAIhH,UAC/B,MAAMmnF,EAAa0D,QACXN,EAAK6E,wBAAwBvE,EAAkBzZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYgX,YAAaZ,EAAKpuC,OAAOi1B,EAAM7tD,GAAQtkB,OAAM,KAAM,MAEtFowF,EAAQ3uF,QAAQymF,EAAWngF,KACzB6M,KACEU,OAAQg2E,EAAKh2E,OAASg2E,EAAKh2E,OAAOA,OAAS,KAC3CE,cAAe81E,EAAK91E,cACpB4R,MAAOxS,EAAUwS,MACjB8kE,MAAOt3E,EAAUs3E,UAEpB,KAEIkE,GAIX,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBptF,SAAQ+H,IACpG2iF,GAAI9sF,UAAUmK,GACd0hF,GAAO7rF,UAAUmK,EAAK,IC7qBxB,MAAMslF,WAAkB3C,GAItBhuF,YAAY6nF,GAOV,GANA5nF,QACAC,KAAKw9E,UAAY,KACjBx9E,KAAKwrF,qBAAuB,GAC5BxrF,KAAKquF,iBAAmB,GACxBruF,KAAKmuF,MAAQ,GACbnuF,KAAKouF,QAAU,GACXzG,IACF3nF,KAAK+tF,sBAAsBpG,EAAY,IAAItkE,IAAI,CAACrC,EAAMlM,OAAOK,UAAW6L,EAAMlM,OAAOM,iBAChFpV,KAAKw9E,WACR,MAAUt6E,MAAM,0CAStB0oF,YACE,OAAO,EAOT8E,WACE,OAAO1wF,KAQToZ,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMjH,UAAWnS,KAAKyrF,eAAe3pF,aAASb,OAAWA,OAAWA,EAAWyjB,ICjDtG,MAAMisE,WAAmBF,GAIvB3wF,YAAY6nF,GAGV,GAFA5nF,QACAC,KAAK+tF,sBAAsBpG,EAAY,IAAItkE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOa,iBAChF3V,KAAKw9E,UACR,MAAUt6E,MAAM,2CAQpB0oF,YACE,OAAO,EAOT8E,WACE,MAAM/I,EAAa,IAAI1Q,GACjB2Z,EAAa5wF,KAAKyrF,eACxB,IAAK,MAAMjO,KAAaoT,EACtB,OAAQpT,EAAU19E,YAAYwgB,KAC5B,KAAKU,EAAMlM,OAAOK,UAAW,CAC3B,MAAM07E,EAAexT,GAAgByT,oBAAoBtT,GACzDmK,EAAW9lF,KAAKgvF,GAChB,MAEF,KAAK7vE,EAAMlM,OAAOM,aAAc,CAC9B,MAAM27E,EAAkBvS,GAAmBwS,uBAAuBxT,GAClEmK,EAAW9lF,KAAKkvF,GAChB,MAEF,QACEpJ,EAAW9lF,KAAK27E,GAGtB,OAAO,IAAIiT,GAAU9I,GAQvBvuE,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMK,WAAYzZ,KAAKyrF,eAAe3pF,aAASb,OAAWA,OAAWA,EAAWyjB,GAarGvjB,wBAAwBqmB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IACtE,MAAMijE,EAAajpF,KAAKw9E,UAClBpqD,EAAO,GACb,IAAK,IAAInwB,EAAI,EAAGA,EAAIjD,KAAKouF,QAAQhtF,OAAQ6B,IACvC,IAAKukB,GAASxnB,KAAKouF,QAAQnrF,GAAGqyE,WAAW/tD,OAAOC,GAAO,GACrD,IACE,MAAM+gE,EAAe,CAAE1xE,IAAKoyE,EAAYxjF,KAAMzF,KAAKouF,QAAQnrF,GAAGu6E,WAE1DyT,SAD2B/D,GAA+BltF,KAAKouF,QAAQnrF,GAAG8pF,kBAAmB9D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GACxGA,IACtD0O,EAAKvxB,KAAK7B,KAAKouF,QAAQnrF,IAEzB,MAAOoB,IAKb,MAAMilF,QAAoBtpF,KAAKupF,eAAehX,EAAM78D,EAAQgP,GAM5D,OALM8C,IAASyhE,EAAW3T,WAAW/tD,OAAOC,GAAO,KAC/CypE,GAAkC3H,EAAYE,kBAAmB9kE,IACnE0O,EAAKvxB,KAAK7B,MAGLozB,EAOTwqD,cACE,OAAO59E,KAAKksF,UAAUhkF,MAAK,EAAGs1E,eAAgBA,EAAUI,gBAa1Dz8E,eAAeujB,EAASsB,IACtB,IAAKhmB,KAAK4rF,YACR,MAAU1oF,MAAM,gCAGlB,IAAI+mF,EACJ,GAAKjqF,KAAKw9E,UAAU+B,UAEb,CAKL,MAAMsM,QAAmB7rF,KAAK8rF,cAAc,KAAM,UAAM7qF,EAAW,IAAKyjB,EAAQP,0BAA2B,IAAId,IAAOP,WAAY,IAE9H+oE,IAAeA,EAAWrO,UAAU+B,YACtC0K,EAAmB4B,EAAWrO,gBAThCyM,EAAmBjqF,KAAKw9E,UAa1B,GAAIyM,EACF,OAAOA,EAAiB1kC,WACnB,CACL,MAAMnyB,EAAOpzB,KAAKksF,UAElB,GADmB94D,EAAKjrB,KAAI0O,GAAOA,EAAI2mE,UAAU+B,YAAW7gC,MAAMsrC,SAEhE,MAAU9mF,MAAM,wCAGlB,OAAOjD,QAAQ2H,IAAIwrB,EAAKjrB,KAAIhH,SAAa0V,EAAI2mE,UAAUj4B,eAO3Dm6B,qBACE1/E,KAAKksF,UAAU9oF,SAAQ,EAAGo6E,gBACpBA,EAAUI,eACZJ,EAAUkC,wBAehBv+E,cAEIwrF,KAAMnY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DkzE,OAAQnY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,IAAKhmB,KAAK4rF,YACR,MAAU1oF,MAAM,iCAElB,MAAMgmF,EAAa,CAAEryE,IAAK7W,KAAKw9E,WACzB3mE,EAAM7W,KAAK2B,QAMjB,OALAkV,EAAI20E,qBAAqB3pF,WAAW4rF,GAA6BvE,EAAY,KAAMlpF,KAAKw9E,UAAW,CACjGnK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMlf,MAAMkf,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMtxE,OAAWA,OAAWA,EAAWyjB,IACnC7N,EAiBT1V,gBAAgB0D,EAAU,IACxB,MAAM6f,EAAS,IAAKsB,MAAkBnhB,EAAQ6f,QAC9C,GAAI7f,EAAQ43E,WACV,MAAUv5E,MAAM,gEAElB,GAAI2B,EAAQsjF,QAAUzjE,EAAO5B,WAC3B,MAAU5f,MAAM,8BAA8BwhB,EAAO5B,oBAAoBje,EAAQsjF,WAEnF,MAAM5K,EAAkBv9E,KAAKw9E,UAC7B,GAAID,EAAgBgC,UAClB,MAAUr8E,MAAM,8CAElB,IAAKq6E,EAAgBK,cACnB,MAAU16E,MAAM,wBAElB,MAAMguF,EAAiB3T,EAAgBW,mBACvCgT,EAAej3E,KAAOi3E,EAAezgF,MAAQ,MAAQ,MACrDygF,EAAe/I,QAAU+I,EAAe1yE,MAAQ,KAChD0yE,EAAezgF,MAAQygF,EAAezgF,OAAS,aAC/C5L,EAAUssF,GAA0BtsF,EAASqsF,GAC7C,MAAM1T,QAAkB4T,GAA4BvsF,GACpDiqF,GAA4BtR,EAAW94D,GACvC,MAAMuoE,QAAyBoE,GAA8B7T,EAAWD,EAAiB14E,EAAS6f,GAC5F4sE,EAAatxF,KAAKyrF,eAExB,OADA6F,EAAWzvF,KAAK27E,EAAWyP,GACpB,IAAI0D,GAAWW,ICxM1B,MAAMC,gBAAkCl3E,EAAK8F,wBAAwB,CACnEk9D,GACAmB,GACAM,GACA0I,GACAL,GACAzI,GACAtL,KASF,SAASoe,GAAU7J,GACjB,IAAK,MAAM7yE,KAAU6yE,EACnB,OAAQ7yE,EAAOhV,YAAYwgB,KACzB,KAAKU,EAAMlM,OAAOK,UAChB,OAAO,IAAIw7E,GAAWhJ,GACxB,KAAK3mE,EAAMlM,OAAO3C,UAChB,OAAO,IAAIs+E,GAAU9I,GAG3B,MAAUzkF,MAAM,sBAClB,CAgHA/B,eAAeswF,GAAclU,EAAiBmU,EAAqB7sF,EAAS6f,GAEtE7f,EAAQ43E,kBACJc,EAAgB5qD,QAAQ9tB,EAAQ43E,WAAY/3D,SAG9CzkB,QAAQ2H,IAAI8pF,EAAoBvpF,KAAIhH,eAAes9E,EAAoB/+D,GAC3E,MAAMiyE,EAAmB9sF,EAAQupF,QAAQ1uE,GAAO+8D,WAC5CkV,SACIlT,EAAmB9rD,QAAQg/D,EAAkBjtE,OAIvD,MAAMijE,EAAa,IAAI1Q,GACvB0Q,EAAW9lF,KAAK07E,SAEVt9E,QAAQ2H,IAAI/C,EAAQ8kF,QAAQxhF,KAAIhH,eAAeuU,EAAQgK,GAC3D,SAASkyE,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMzqF,QAAOqoC,GAAQA,IAASqiD,KAG1D,MAAMC,EAAe5K,GAAap3B,WAAWr6C,GACvCwzE,EAAa,GACnBA,EAAWxzE,OAASq8E,EACpB7I,EAAWryE,IAAM0mE,EAEjB,MAAM4L,EAAsB,GAC5BA,EAAoB9V,cAAgBryD,EAAMhM,UAAUsB,YACpD6yE,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,UAC5EqwE,EAAoBxxE,6BAA+Bi6E,EAAqB,CAEtE5wE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUO,QACfiR,EAAOtC,6BACNsC,EAAOnC,cACT4mE,EAAoBvwE,wBAA0Bg5E,EAAqB,CACjE5wE,EAAMtM,KAAKC,IACXqM,EAAMtM,KAAKE,KACV8P,EAAOlC,yBAEZ2mE,EAAoBpxE,wBAA0B65E,EAAqB,CAEjE5wE,EAAM/M,KAAKI,OACX2M,EAAM/M,KAAKM,QACVmQ,EAAOvC,wBACVgnE,EAAoBnxE,+BAAiC45E,EAAqB,CACxE5wE,EAAMpN,YAAYG,KAClBiN,EAAMpN,YAAYE,IAClBkN,EAAMpN,YAAYC,cACjB6Q,EAAOrC,+BACI,IAAV3C,IACFypE,EAAoB5U,iBAAkB,GAGxC4U,EAAoB3wE,SAAW,CAAC,GAChC2wE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAASuB,sBAC9C2K,EAAOnC,cACT4mE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAAS9D,MAEhDgQ,EAAO1K,SACTmvE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAASwB,QAEhDnV,EAAQ4S,kBAAoB,IAC9B0xE,EAAoB1xE,kBAAoB5S,EAAQ4S,kBAChD0xE,EAAoBnV,iBAAkB,GAKxC,MAAO,CAAE+d,eAAc7H,sBAFOuD,GAA6BvE,EAAY,KAAM3L,EAAiB4L,EAAqBtkF,EAAQ0tE,UAAMtxE,OAAWA,OAAWA,EAAWyjB,QAGhK9iB,MAAKqG,IACPA,EAAK7E,SAAQ,EAAG2uF,eAAc7H,sBAC5BvC,EAAW9lF,KAAKkwF,GAChBpK,EAAW9lF,KAAKqoF,EAAgB,GAChC,UAGEjqF,QAAQ2H,IAAI8pF,EAAoBvpF,KAAIhH,eAAes9E,EAAoB/+D,GAC3E,MAAMsyE,EAAgBntF,EAAQupF,QAAQ1uE,GAEtC,MAAO,CAAE++D,qBAAoBwT,4BADOZ,GAA8B5S,EAAoBlB,EAAiByU,EAAettE,QAEpH9iB,MAAKs1E,IACPA,EAAQ9zE,SAAQ,EAAGq7E,qBAAoBwT,4BACrCtK,EAAW9lF,KAAK48E,GAChBkJ,EAAW9lF,KAAKowF,EAAsB,GACtC,IAKJ,MAAM/I,EAAa,CAAEryE,IAAK0mE,GAkB1B,OAjBAoK,EAAW9lF,WAAW4rF,GAA6BvE,EAAY,KAAM3L,EAAiB,CACpFlK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMzI,oBAAoBmB,SACnD+6D,0BAA2B,IAC1B5vE,EAAQ0tE,UAAMtxE,OAAWA,OAAWA,EAAWyjB,IAE9C7f,EAAQ43E,YACVc,EAAgBmC,2BAGZz/E,QAAQ2H,IAAI8pF,EAAoBvpF,KAAIhH,eAAes9E,EAAoB/+D,GAClD7a,EAAQupF,QAAQ1uE,GAAO+8D,YAE9CgC,EAAmBiB,yBAIhB,IAAIiR,GAAWhJ,EACxB,CAYOxmF,eAAe+wF,IAAQC,WAAEA,EAAUC,UAAEA,SAAW1tE,KAAWsjE,IAEhE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3BytE,IAAeC,EAClB,MAAUlvF,MAAM,4EAElB,GAAIivF,IAAe93E,EAAKC,SAAS63E,GAC/B,MAAUjvF,MAAM,gDAElB,GAAIkvF,IAAc/3E,EAAKzX,aAAawvF,GAClC,MAAUlvF,MAAM,mDAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAAIlB,EACJ,GAAI6xF,EAAY,CACd,MAAMl4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQosE,EAAYztE,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WAC3D,MAAUvW,MAAM,gCAElB5C,EAAQyJ,OAERzJ,EAAQ8xF,EAGV,OAAOZ,SADkBva,GAAW2B,WAAWt4E,EAAOixF,GAAmB7sE,GAE3E,CAYOvjB,eAAekxF,IAAeF,WAAEA,EAAUC,UAAEA,SAAW1tE,KAAWsjE,IAEvE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3BytE,IAAeC,EAClB,MAAUlvF,MAAM,mFAElB,GAAIivF,IAAe93E,EAAKC,SAAS63E,GAC/B,MAAUjvF,MAAM,uDAElB,GAAIkvF,IAAc/3E,EAAKzX,aAAawvF,GAClC,MAAUlvF,MAAM,0DAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAAIlB,EACJ,GAAI6xF,EAAY,CACd,MAAMl4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQosE,EAAYztE,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMK,WACzB,MAAUvW,MAAM,wCAElB5C,EAAQyJ,OAERzJ,EAAQ8xF,EAEV,MAAMzK,QAAmB1Q,GAAW2B,WAAWt4E,EAAOixF,GAAmB7sE,GACzE,OAAO,IAAIisE,GAAWhJ,EACxB,CAYOxmF,eAAemxF,IAASC,YAAEA,EAAWC,WAAEA,SAAY9tE,KAAWsjE,IACnEtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIpkB,EAAQiyF,GAAeC,EAC3B,IAAKlyF,EACH,MAAU4C,MAAM,+EAElB,GAAIqvF,IAAgBl4E,EAAKC,SAASi4E,GAChC,MAAUrvF,MAAM,kDAElB,GAAIsvF,IAAen4E,EAAKzX,aAAa4vF,GACnC,MAAUtvF,MAAM,qDAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAI+wF,EAAa,CACf,MAAMt4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQwsE,EAAa7tE,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WACzD,MAAUvW,MAAM,gCAElB5C,EAAQyJ,EAEV,MAAMqpB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAWt4E,EAAOixF,GAAmB7sE,GACnE+tE,EAAW9K,EAAWzP,WAAWl3D,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOK,WAC5E,GAAwB,IAApBs9E,EAASrxF,OACX,MAAU8B,MAAM,uBAElB,IAAK,IAAID,EAAI,EAAGA,EAAIwvF,EAASrxF,OAAQ6B,IAAK,CACxC,MACMyvF,EAASlB,GADI7J,EAAWjmF,MAAM+wF,EAASxvF,GAAIwvF,EAASxvF,EAAI,KAE9DmwB,EAAKvxB,KAAK6wF,GAEZ,OAAOt/D,CACT,CAYOjyB,eAAewxF,IAAgBJ,YAAEA,EAAWC,WAAEA,SAAY9tE,IAC/DA,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIpkB,EAAQiyF,GAAeC,EAC3B,IAAKlyF,EACH,MAAU4C,MAAM,sFAElB,GAAIqvF,IAAgBl4E,EAAKC,SAASi4E,GAChC,MAAUrvF,MAAM,yDAElB,GAAIsvF,IAAen4E,EAAKzX,aAAa4vF,GACnC,MAAUtvF,MAAM,4DAElB,GAAIqvF,EAAa,CACf,MAAMt4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQwsE,EAAa7tE,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMK,WACvB,MAAUvW,MAAM,wCAElB5C,EAAQyJ,EAEV,MAAMqpB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAWt4E,EAAOixF,GAAmB7sE,GACnE+tE,EAAW9K,EAAWzP,WAAWl3D,EAAMlM,OAAOK,WACpD,GAAwB,IAApBs9E,EAASrxF,OACX,MAAU8B,MAAM,8BAElB,IAAK,IAAID,EAAI,EAAGA,EAAIwvF,EAASrxF,OAAQ6B,IAAK,CACxC,MAAM2vF,EAAajL,EAAWjmF,MAAM+wF,EAASxvF,GAAIwvF,EAASxvF,EAAI,IACxDyvF,EAAS,IAAI/B,GAAWiC,GAC9Bx/D,EAAKvxB,KAAK6wF,GAEZ,OAAOt/D,CACT,CCtZA,MAAMy/D,gBAAsCx4E,EAAK8F,wBAAwB,CACvEmyD,GACA+F,GACA+B,GACAT,GACA0E,GACA7C,GACAsB,GACAlG,GACAxD,KAGI0f,gBAA4Cz4E,EAAK8F,wBAAwB,CAAC28D,KAE1EiW,gBAAgD14E,EAAK8F,wBAAwB,CAACizD,KAO7E,MAAM4f,GAIXlzF,YAAY6nF,GACV3nF,KAAKk3E,QAAUyQ,GAAc,IAAI1Q,GAOnCgc,sBACE,MAAMC,EAAS,GAKf,OAJ0BlzF,KAAKk3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC9C3R,SAAQ,SAAS0R,GACjCo+E,EAAOrxF,KAAKiT,EAAO2mE,gBAEdyX,EAOTtL,mBACE,MAAMtiD,EAAMtlC,KAAKmzF,mBAEXC,EAAiB9tD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAC5D,GAAIk+E,EAAehyF,OAAS,EAC1B,OAAOgyF,EAAejrF,KAAI2M,GAAUA,EAAOs/D,cAI7C,OADsB9uC,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WACtC7M,KAAI2M,GAAUA,EAAOs/D,cAa5CjzE,cAAckyF,EAAgBC,EAAWC,EAAahhB,EAAO,IAAI13D,KAAQ6J,EAASsB,IAChF,MAAMwtE,EAAoBD,SAAqBvzF,KAAKyzF,mBAAmBJ,EAAgBC,EAAW/gB,EAAM7tD,GAElGgvE,EAAyB1zF,KAAKk3E,QAAQU,YAC1C52D,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBAGf,GAAsC,IAAlC29E,EAAuBtyF,OACzB,MAAU8B,MAAM,2BAGlB,MAAMywF,EAAqBD,EAAuB,GAClD,IAAIjzE,EAAY,KAChB,MAAMmzE,EAAmB3zF,QAAQ2H,IAAI4rF,EAAkBrrF,KAAIhH,OAAS2oD,UAAW+pC,EAAe9pF,WAC5F,IAAKsQ,EAAKzX,aAAamH,KAAUsQ,EAAKC,SAASu5E,GAC7C,MAAU3wF,MAAM,uCAGlB,IACE,MAAMusC,EAAOzuB,EAAMlf,MAAMkf,EAAM9N,UAAW2gF,SACpCF,EAAmB/gE,QAAQ6c,EAAM1lC,EAAM2a,GAC7C,MAAOrgB,GACPgW,EAAK4D,gBAAgB5Z,GACrBoc,EAAYpc,OAQhB,GAJAyvF,EAAcH,EAAmB/Z,WACjC+Z,EAAmB/Z,UAAY,WACzBga,GAEDD,EAAmBzc,UAAYyc,EAAmBzc,QAAQ91E,OAC7D,MAAMqf,GAAiBvd,MAAM,sBAG/B,MAAM6wF,EAAY,IAAIf,GAAQW,EAAmBzc,SAGjD,OAFAyc,EAAmBzc,QAAU,IAAID,GAE1B8c,EAeT5yF,yBAAyBkyF,EAAgBC,EAAW/gB,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC9E,IAEIvF,EAFAuzE,EAA6B,GAGjC,GAAIV,EAAW,CACb,MAAMW,EAAej0F,KAAKk3E,QAAQU,YAAY52D,EAAMlM,OAAOG,wBAC3D,GAA4B,IAAxBg/E,EAAa7yF,OACf,MAAU8B,MAAM,8DAEZjD,QAAQ2H,IAAI0rF,EAAUnrF,KAAIhH,eAAe+yF,EAAUjxF,GACvD,IAAIi0E,EAEFA,EADEj0E,QACcg0E,GAAW2B,WAAWqb,EAAanyF,QAASgxF,GAA6BpuE,GAE/EuvE,QAENh0F,QAAQ2H,IAAIsvE,EAAQ/uE,KAAIhH,eAAegzF,GAC3C,UACQA,EAAYvhE,QAAQshE,GAC1BF,EAA2BnyF,KAAKsyF,GAChC,MAAO9yC,GACPhnC,EAAK4D,gBAAgBojC,gBAItB,KAAIgyC,EAqFT,MAAUnwF,MAAM,iCArFS,CACzB,MAAMkxF,EAAep0F,KAAKk3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC3D,GAA4B,IAAxBq/E,EAAahzF,OACf,MAAU8B,MAAM,2DAEZjD,QAAQ2H,IAAIwsF,EAAajsF,KAAIhH,eAAekzF,SAC1Cp0F,QAAQ2H,IAAIyrF,EAAelrF,KAAIhH,eAAemzF,GAClD,IAAIzC,EAAQ,CACV7wE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUG,UAChB2N,EAAM9N,UAAUI,OAElB,IACE,MAAMg2E,QAAoBgL,EAAc/K,eAAehX,OAAMtxE,EAAWyjB,GACpE4kE,EAAYE,kBAAkB7xE,+BAChCk6E,EAAQA,EAAMrrF,OAAO8iF,EAAYE,kBAAkB7xE,+BAErD,MAAOtT,IAGT,MAAMkwF,SAA8BD,EAAcE,kBAAkBH,EAAY5Y,YAAa,UAAMx6E,EAAWyjB,IAASvc,KAAI0O,GAAOA,EAAI2mE,kBAChIv9E,QAAQ2H,IAAI2sF,EAAqBpsF,KAAIhH,eAAeszF,GACxD,IAAKA,GAAuBA,EAAoBlV,UAC9C,OAEF,IAAKkV,EAAoB7W,cACvB,MAAU16E,MAAM,oCAWlB,GAPiCwhB,EAAOvB,8BACtCkxE,EAAY9gB,qBAAuBvyD,EAAM7O,UAAUE,YACnDgiF,EAAY9gB,qBAAuBvyD,EAAM7O,UAAUC,gBACnDiiF,EAAY9gB,qBAAuBvyD,EAAM7O,UAAUG,SACnD+hF,EAAY9gB,qBAAuBvyD,EAAM7O,UAAUI,SAGvB,CAW5B,MAAMmiF,EAAkBL,EAAYvyF,cAC9B7B,QAAQ2H,IAAI/H,MAAMmiB,KAAK0C,EAAOtB,yDAAyDjb,KAAIhH,UAC/F,MAAMwzF,EAAkB,IAAInZ,GAC5BmZ,EAAgBzzF,KAAKwzF,GACrB,MAAM5Y,EAAmB,CACvBjC,sBACA6B,WAAYh9D,GAAOw+D,mBAAmBrD,IAExC,UACQ8a,EAAgB/hE,QAAQ6hE,EAAqB3Y,GACnDkY,EAA2BnyF,KAAK8yF,GAChC,MAAOtzC,GAEPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,YAKhB,IAEE,SADMgzC,EAAYzhE,QAAQ6hE,IACrB5C,EAAMpwE,SAAST,EAAMlf,MAAMkf,EAAM9N,UAAWmhF,EAAYxa,sBAC3D,MAAU32E,MAAM,iDAElB8wF,EAA2BnyF,KAAKwyF,GAChC,MAAOhzC,GACPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,WAKpByyC,EAAcO,EAAYza,WAC1Bya,EAAYza,UAAY,UAM5B,GAAIoa,EAA2B5yF,OAAS,EAAG,CAEzC,GAAI4yF,EAA2B5yF,OAAS,EAAG,CACzC,MAAMwzF,EAAO,IAAIvxE,IACjB2wE,EAA6BA,EAA2B5sF,QAAOytF,IAC7D,MAAM34E,EAAI24E,EAAKhb,oBAAsBx/D,EAAKqC,mBAAmBm4E,EAAKnZ,YAClE,OAAIkZ,EAAK5uF,IAAIkW,KAGb04E,EAAK3uF,IAAIiW,IACF,EAAI,IAIf,OAAO83E,EAA2B7rF,KAAI2M,KACpC/K,KAAM+K,EAAO4mE,WACb5xB,UAAW9oC,EAAM9f,KAAK8f,EAAM9N,UAAW4B,EAAO+kE,yBAGlD,MAAMp5D,GAAiBvd,MAAM,kCAO/B4xF,iBACE,MACM9+E,EADMhW,KAAKmzF,mBACGjc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ28D,YAAe,KAO5CG,cACE,MACM98D,EADMhW,KAAKmzF,mBACGjc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ88D,eAAkB,KAO/CJ,UACE,MACM18D,EADMhW,KAAKmzF,mBACGjc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAIQ,EACKA,EAAQ08D,UAEV,KAYT9qD,gCAAgCmtE,EAAiB,GAAIxiB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IAC7F,MAAMypB,QAAai6C,GAAiB,YAAaqL,EAAgBxiB,EAAMoX,EAASjlE,GAC1EmvE,EAAgB7yE,EAAM9f,KAAK8f,EAAM9N,UAAWu8B,GAC5CulD,EAAoBtwE,EAAOnC,mBPtC9BphB,eAA+BiyB,EAAMm/C,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACpF,IAAIivE,GAAY,EAShB,aAPMh1F,QAAQ2H,IAAIwrB,EAAKjrB,KAAIhH,eAAe0V,EAAK5T,GAC7C,MAAMqmF,QAAoBzyE,EAAI0yE,eAAehX,EAAMoX,EAAQ1mF,GAAIyhB,GAC1D4kE,EAAYE,kBAAkBhxE,UAC7B8wE,EAAYE,kBAAkBhxE,SAAS,GAAKwI,EAAMxI,SAAS9D,OAC/DugF,GAAY,OAGTA,CACT,CO2B0DC,CAAgBH,EAAgBxiB,EAAMoX,EAASjlE,GACnG1D,EAAM9f,KAAK8f,EAAMtM,WAAYg1E,GAAiB,OAAQqL,EAAgBxiB,EAAMoX,EAASjlE,SACrFzjB,QAEIhB,QAAQ2H,IAAImtF,EAAe5sF,KAAI0O,GAAOA,EAAIs+E,mBAC7C/0F,OAAM,IAAM,OACZwB,MAAKwzF,IACJ,GAAIA,GAAaA,EAAS5X,UAAU1zB,YAAc9oC,EAAM7O,UAAUY,SAAYsH,EAAKyG,MAAM2uB,GACvF,MAAUvsC,MAAM,yMAMtB,MAAO,CAAE6G,KADc2U,GAAOw+D,mBAAmBztC,GAClBqa,UAAW+pC,EAAevZ,cAAe0a,GAgB1E7zF,cAAc4zF,EAAgBzB,EAAW5X,EAAY2Z,GAAW,EAAOC,EAAmB,GAAI/iB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACtI,GAAI01D,GACF,IAAKrhE,EAAKzX,aAAa84E,EAAW3xE,QAAUsQ,EAAKC,SAASohE,EAAW5xB,WACnE,MAAU5mD,MAAM,4CAEb,GAAI6xF,GAAkBA,EAAe3zF,OAC1Cs6E,QAAmBsX,GAAQ9V,mBAAmB6X,EAAgBxiB,EAAMoX,EAASjlE,OACxE,KAAI4uE,IAAaA,EAAUlyF,OAGhC,MAAU8B,MAAM,gDAFhBw4E,QAAmBsX,GAAQ9V,wBAAmBj8E,OAAWA,OAAWA,EAAWyjB,GAKjF,MAAQ3a,KAAMuyE,EAAgBxyB,UAAW+pC,EAAevZ,cAAe0a,GAAsBtZ,EAEvFp2C,QAAY0tD,GAAQuC,kBAAkBjZ,EAAgBuX,EAAemB,EAAmBD,EAAgBzB,EAAW+B,EAAUC,EAAkB/iB,EAAMoX,EAASjlE,GAEpK,IAAIivE,EACAqB,GACFrB,EAAqB,IAAIvZ,GACzBuZ,EAAmBrZ,cAAgBt5D,EAAMlf,MAAMkf,EAAMtM,KAAMsgF,IAE3DrB,EAAqB,IAAIha,GAE3Bga,EAAmBzc,QAAUl3E,KAAKk3E,QAElC,MAAMptB,EAAY9oC,EAAMlf,MAAMkf,EAAM9N,UAAW2gF,GAK/C,aAJMF,EAAmBhhE,QAAQm3B,EAAWwyB,EAAgB53D,GAE5D4gB,EAAI4xC,QAAQr1E,KAAK8xF,GACjBA,EAAmBzc,QAAU,IAAID,GAC1B3xC,EAkBT1d,+BAA+B8zD,EAAYmY,EAAemB,EAAmBD,EAAgBzB,EAAW+B,GAAW,EAAOC,EAAmB,GAAI/iB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACzL,MAAM2hE,EAAa,IAAI1Q,GACjBntB,EAAY9oC,EAAMlf,MAAMkf,EAAM9N,UAAW2gF,GACzCvZ,EAAgB0a,GAAqBh0E,EAAMlf,MAAMkf,EAAMtM,KAAMsgF,GAEnE,GAAID,EAAgB,CAClB,MAAMvE,QAAgBvwF,QAAQ2H,IAAImtF,EAAe5sF,KAAIhH,eAAe8nF,EAAYhmF,GAC9E,MAAMg6E,QAAsBgM,EAAWkM,iBAAiBG,EAAiBryF,GAAIsvE,EAAMoX,EAASjlE,GACtF8wE,EAAgB,IAAIha,GAO1B,OANAga,EAAc/Z,YAAc4Z,EAAWhuE,GAAMguE,WAAapY,EAAc3H,WACxEkgB,EAAcjiB,mBAAqB0J,EAAcO,UAAU1zB,UAC3D0rC,EAAc9Z,WAAaA,EAC3B8Z,EAAc3b,oBAAsB/vB,QAC9B0rC,EAAc7iE,QAAQsqD,EAAcO,kBACnCgY,EAAc9Z,WACd8Z,MAET7N,EAAW9lF,QAAQ2uF,GAErB,GAAI8C,EAAW,CACb,MAAMmC,EAAct0F,eAAeq8E,EAAW0W,GAC5C,IAEE,aADM1W,EAAU5qD,QAAQshE,GACjB,EACP,MAAO7vF,GACP,OAAO,IAILosB,EAAM,CAACilE,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkBz0F,eAAeu6E,EAAY5xB,EAAWwwB,EAAe4Z,GAC3E,MAAM2B,EAA+B,IAAI/Y,GAA6Bp4D,GAQtE,GAPAmxE,EAA6Bna,WAAaA,EAC1Cma,EAA6Bhc,oBAAsB/vB,EAC/CwwB,IACFub,EAA6Bvb,cAAgBA,SAEzCub,EAA6BljE,QAAQuhE,EAAUxvE,GAEjDA,EAAO3B,uBAAwB,CAEjC,GAA4B,WADN9iB,QAAQ2H,IAAI0rF,EAAUnrF,KAAI2tF,GAAOL,EAAYI,EAA8BC,OACrFtlE,OAAOC,GACjB,OAAOmlE,EAAgBla,EAAY5xB,EAAWoqC,GAKlD,cADO2B,EAA6Bna,WAC7Bma,GAGHrF,QAAgBvwF,QAAQ2H,IAAI0rF,EAAUnrF,KAAI2tF,GAAOF,EAAgBla,EAAY5xB,EAAWwwB,EAAewb,MAC7GnO,EAAW9lF,QAAQ2uF,GAGrB,OAAO,IAAIwC,GAAQrL,GAerBxmF,WAAWwqF,EAAc,GAAI32E,EAAY,KAAM+gF,EAAgB,GAAIxjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IAC3H,MAAM2hE,EAAa,IAAI1Q,GAEjB+e,EAAoBh2F,KAAKk3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAKwgF,EACH,MAAU9yF,MAAM,mCAGlB,IAAID,EACAgzF,EAEJ,MAAM5iB,EAA2C,OAA3B2iB,EAAkB9/E,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAE3C,GAAIlB,EAEF,IADAihF,EAAwBjhF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC9D/R,EAAIgzF,EAAsB70F,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACtD,MAAMinF,EAAkB+L,EAAsBhzF,GACxCizF,EAAa,IAAItf,GACvBsf,EAAW7iB,cAAgB6W,EAAgB7W,cAC3C6iB,EAAW5iB,cAAgB4W,EAAgB5W,cAC3C4iB,EAAW3iB,mBAAqB2W,EAAgB3W,mBAChD2iB,EAAW9hB,YAAc8V,EAAgB9V,YACpCuX,EAAYvqF,QAAgB,IAAN6B,IACzBizF,EAAW5sB,MAAQ,GAErBqe,EAAW9lF,KAAKq0F,GA0BpB,aAtBMj2F,QAAQ2H,IAAI/H,MAAMmiB,KAAK2pE,GAAar7E,UAAUnI,KAAIhH,eAAgB8nF,EAAYhmF,GAClF,IAAKgmF,EAAW2C,YACd,MAAU1oF,MAAM,gCAElB,MAAMizF,EAAeJ,EAAcpK,EAAYvqF,OAAS,EAAI6B,GACtD4oF,QAAmB5C,EAAW6C,cAAcqK,EAAc5jB,EAAMoX,EAASjlE,GACzEwxE,EAAa,IAAItf,GAQvB,OAPAsf,EAAW7iB,cAAgBA,EAC3B6iB,EAAW5iB,oBAAsB7oB,GAAqBw+B,EAAY4C,EAAWrO,UAAWjL,EAAMoX,EAASjlE,GACvGwxE,EAAW3iB,mBAAqBsY,EAAWrO,UAAU1zB,UACrDosC,EAAW9hB,YAAcyX,EAAWvW,WAChCryE,IAAM0oF,EAAYvqF,OAAS,IAC7B80F,EAAW5sB,MAAQ,GAEd4sB,MACLt0F,MAAKw0F,IACPA,EAAqBhzF,SAAQ8yF,GAAcvO,EAAW9lF,KAAKq0F,IAAY,IAGzEvO,EAAW9lF,KAAKm0F,GAChBrO,EAAW9lF,cAAew0F,GAAuBL,EAAmBrK,EAAa32E,EAAW+gF,EAAexjB,EAAMoX,EAASrV,GAAW,EAAO5vD,IAErI,IAAIsuE,GAAQrL,GASrBnP,SAAS/oC,EAAM/qB,EAASsB,IACtB,GAAIypB,IAASzuB,EAAMpN,YAAYC,aAC7B,OAAO7T,KAGT,MAAMs4E,EAAa,IAAID,GAAqB3zD,GAC5C4zD,EAAWxuB,UAAYra,EACvB6oC,EAAWpB,QAAUl3E,KAAKk3E,QAE1B,MAAMoa,EAAa,IAAIra,GAGvB,OAFAqa,EAAWzvF,KAAKy2E,GAET,IAAI0a,GAAQ1B,GAerBnwF,mBAAmBwqF,EAAc,GAAI32E,EAAY,KAAM+gF,EAAgB,GAAIxjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACnI,MAAMgwE,EAAoBh2F,KAAKk3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAKwgF,EACH,MAAU9yF,MAAM,mCAElB,OAAO,IAAIwkF,SAAgB2O,GAAuBL,EAAmBrK,EAAa32E,EAAW+gF,EAAexjB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAe9IvjB,aAAa6qF,EAAkBzZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMsf,EAAMtlC,KAAKmzF,mBACXmD,EAAkBhxD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3B8gF,EAAgBl1F,OAClB,MAAU8B,MAAM,yDAEd8jB,EAAqBse,EAAI4xC,QAAQn2E,SACnCukC,EAAI4xC,QAAQr1E,cAAc+kB,EAAiB0e,EAAI4xC,QAAQn2E,QAAQujD,GAAKA,GAAK,MAE3E,MAAM8uC,EAAiB9tD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAAkB5E,UACxEimF,EAAgBjxD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC3D,OAAIo+E,EAAehyF,SAAWm1F,EAAcn1F,QAAUiZ,EAAK7X,SAAS8iC,EAAI4xC,QAAQn2E,UAAYimB,EAAqBse,EAAI4xC,QAAQn2E,eACrHd,QAAQ2H,IAAIwrF,EAAejrF,KAAIhH,UACnC+0F,EAAWrf,iBAAmB,IAAI52E,SAAQ,CAACC,EAASC,KAClD+1F,EAAWM,wBAA0Bt2F,EACrCg2F,EAAWO,uBAAyBt2F,CAAM,IAE5C+1F,EAAW1iB,cAAgB0B,GAAiB/zE,gBAAmB+0F,EAAWrf,kBAAkBrD,gBAC5F0iB,EAAWh0D,OAAStb,QAAuBsvE,EAAWjiF,KAAKiiF,EAAW7iB,cAAeijB,EAAgB,QAAIr1F,GAAW,IACpHi1F,EAAWh0D,OAAO9hC,OAAM,QAAS,KAEnCklC,EAAI4xC,QAAQn2E,OAASwlB,EAAqB+e,EAAI4xC,QAAQn2E,QAAQI,MAAOsH,EAAUC,KAC7E,MAAMnD,EAASihB,EAAiB/d,GAC1B/H,EAAS+lB,EAAiB/d,GAChC,IACE,IAAK,IAAIzF,EAAI,EAAGA,EAAImwF,EAAehyF,OAAQ6B,IAAK,CAC9C,MAAQ5B,MAAO2T,SAAoBzP,EAAOrE,OAC1CkyF,EAAenwF,GAAGuzF,wBAAwBxhF,SAEtCzP,EAAOhE,kBACPb,EAAOwI,YACPxI,EAAOsB,QACb,MAAOqC,GACP+uF,EAAehwF,SAAQ8yF,IACrBA,EAAWO,uBAAuBpyF,EAAE,UAEhC3D,EAAOuB,MAAMoC,OAGhBqyF,GAA0BtD,EAAgBkD,EAAiBtK,EAAkBzZ,GAAM,EAAO7tD,IAE5FgyE,GAA0BH,EAAeD,EAAiBtK,EAAkBzZ,GAAM,EAAO7tD,GAgBlGiyE,eAAe3hF,EAAWg3E,EAAkBzZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtE,MACMswE,EADMt2F,KAAKmzF,mBACWjc,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3B8gF,EAAgBl1F,OAClB,MAAU8B,MAAM,yDAGlB,OAAOwzF,GADe1hF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACjBshF,EAAiBtK,EAAkBzZ,GAAM,EAAM7tD,GAOjGyuE,mBACE,MAAM7a,EAAat4E,KAAKk3E,QAAQU,YAAY52D,EAAMlM,OAAOO,gBACzD,OAAIijE,EAAWl3E,OACN,IAAI4xF,GAAQ1a,EAAW,GAAGpB,SAE5Bl3E,KAQTmB,sBAAsBy1F,EAAmBlyE,EAASsB,UAC1ChmB,KAAKk3E,QAAQh2E,KACjBmZ,EAAKzX,aAAag0F,GAAqBA,SAA2B7wE,GAAQ6wE,IAAoB7sF,KAC9FgpF,GACAruE,GAQJ5iB,QACE,OAAO9B,KAAKk3E,QAAQp1E,QAQtBsX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMI,QAASxZ,KAAK8B,QAAS,KAAM,KAAM,KAAM4iB,IAmB/DvjB,eAAek1F,GAAuBL,EAAmBrK,EAAa32E,EAAY,KAAM+gF,EAAgB,GAAIxjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAIl3B,GAAW,EAAO14B,EAASsB,IAC7L,MAAM2hE,EAAa,IAAI1Q,GAGjB5D,EAA2C,OAA3B2iB,EAAkB9/E,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAa3C,SAXMjW,QAAQ2H,IAAI+jF,EAAYxjF,KAAIhH,MAAO8nF,EAAYhmF,KACnD,MAAMyS,EAASi0E,EAAQ1mF,GACvB,IAAKgmF,EAAW2C,YACd,MAAU1oF,MAAM,gCAElB,MAAM2oF,QAAmB5C,EAAW6C,cAAciK,EAAc9yF,GAAIsvE,EAAM78D,EAAQgP,GAClF,OAAO0kE,GAAsB4M,EAAmB/M,EAAY4C,EAAWrO,UAAW,CAAEnK,iBAAiBd,EAAM78D,EAAQ4+D,EAAWl3B,EAAU14B,EAAO,KAC7I9iB,MAAK20F,IACP5O,EAAW9lF,QAAQ00F,EAAc,IAG/BvhF,EAAW,CACb,MAAMihF,EAAwBjhF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACzE2yE,EAAW9lF,QAAQo0F,GAErB,OAAOtO,CACT,CAkGOxmF,eAAeu1F,GAA0BH,EAAeD,EAAiBtK,EAAkBzZ,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAC9I,OAAO/lB,QAAQ2H,IAAI2uF,EAAcnvF,QAAO,SAAS4N,GAC/C,MAAO,CAAC,OAAQ,UAAUyM,SAAST,EAAM9f,KAAK8f,EAAMhM,UAAWA,EAAUq+D,mBACxElrE,KAAIhH,eAAe6T,GACpB,OApFJ7T,eAAwC6T,EAAWshF,EAAiBtK,EAAkBzZ,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAClI,IAAIijE,EACA4N,EAEJ,IAAK,MAAMhgF,KAAOm1E,EAAkB,CAClC,MAAMC,EAAap1E,EAAIq1E,QAAQl3E,EAAUo/D,aACzC,GAAI6X,EAAW7qF,OAAS,EAAG,CACzB6nF,EAAapyE,EACbggF,EAAuB5K,EAAW,GAClC,OAIJ,MACM6K,EADqB9hF,aAAqB4hE,GACI5hE,EAAU6hE,iBAAmB7hE,EAE3E+hF,EAAc,CAClBvvE,MAAOxS,EAAUo/D,YACjBlB,SAAU,WACR,IAAK2jB,EACH,MAAU3zF,MAAM,0CAA0C8R,EAAUo/D,YAAY9sD,eAG5EtS,EAAUsoC,OAAOu5C,EAAqBrZ,UAAWxoE,EAAUq+D,cAAeijB,EAAgB,GAAI/jB,EAAMn1B,EAAU14B,GACpH,MAAMwlE,QAAwB4M,EAC9B,GAAID,EAAqBhZ,kBAAoBqM,EAAgBvW,QAC3D,MAAUzwE,MAAM,mCAIlB,UACQ+lF,EAAW6C,cAAc+K,EAAqBvhB,WAAY4U,EAAgBvW,aAAS1yE,EAAWyjB,GACpG,MAAOrgB,GAKP,IAAIqgB,EAAOxB,+CAAgD7e,EAAEmV,QAAQ+K,MAAM,4CAGzE,MAAMlgB,QAFA4kF,EAAW6C,cAAc+K,EAAqBvhB,WAAY/C,OAAMtxE,EAAWyjB,GAKrF,OAAO,CACR,EA1BS,GA2BV1P,UAAW,WACT,MAAMk1E,QAAwB4M,EACxBnP,EAAa,IAAI1Q,GAEvB,OADAiT,GAAmBvC,EAAW9lF,KAAKqoF,GAC5B,IAAIxC,GAAUC,EACtB,EALU,IAeb,OAHAoP,EAAY/hF,UAAU5U,OAAM,SAC5B22F,EAAY7jB,SAAS9yE,OAAM,SAEpB22F,CACT,CAuBWC,CAAyBhiF,EAAWshF,EAAiBtK,EAAkBzZ,EAAMn1B,EAAU14B,MAElG,CAYOvjB,eAAe81F,IAAYC,eAAEA,EAAcC,cAAEA,SAAezyE,KAAWsjE,IAC5EtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIpkB,EAAQ42F,GAAkBC,EAC9B,IAAK72F,EACH,MAAU4C,MAAM,wFAElB,GAAIg0F,IAAmB78E,EAAKC,SAAS48E,KAAoB78E,EAAK7X,SAAS00F,GACrE,MAAUh0F,MAAM,kEAElB,GAAIi0F,IAAkB98E,EAAKzX,aAAau0F,KAAmB98E,EAAK7X,SAAS20F,GACvE,MAAUj0F,MAAM,qEAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,MAAMoE,EAAayU,EAAK7X,SAASlC,GAKjC,GAJIsF,UACIwxF,IACN92F,EAAQ+2F,EAAgB/2F,IAEtB42F,EAAgB,CAClB,MAAMj9E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQzlB,EAAOokB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMI,QACvB,MAAUtW,MAAM,oCAElB5C,EAAQyJ,EAEV,MAAM49E,QAAmB1Q,GAAW2B,WAAWt4E,EAAOuyF,GAAuBnuE,GACvElL,EAAU,IAAIw5E,GAAQrL,GAE5B,OADAnuE,EAAQ49D,WAAaxxE,EACd4T,CACT,CAcOrY,eAAem2F,IAAcphF,KAAEA,EAAID,OAAEA,EAAMu8D,SAAEA,EAAQD,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,QAAkBthD,IAATiV,EAAqB,OAAS,aAAa8xE,IACnI,IAAI1nF,OAAiBW,IAATiV,EAAqBA,EAAOD,EACxC,QAAchV,IAAVX,EACF,MAAU4C,MAAM,yEAElB,GAAIgT,IAASmE,EAAKC,SAASpE,KAAUmE,EAAK7X,SAAS0T,GACjD,MAAUhT,MAAM,0DAElB,GAAI+S,IAAWoE,EAAKzX,aAAaqT,KAAYoE,EAAK7X,SAASyT,GACzD,MAAU/S,MAAM,gEAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,MAAMoE,EAAayU,EAAK7X,SAASlC,GAC7BsF,UACIwxF,IACN92F,EAAQ+2F,EAAgB/2F,IAE1B,MAAM01F,EAAoB,IAAI1jB,GAAkBC,QACnCtxE,IAATiV,EACF8/E,EAAkBvjB,QAAQnyE,EAAO0gB,EAAMlf,MAAMkf,EAAMhL,QAASusC,IAE5DyzC,EAAkBpjB,SAAStyE,EAAO0gB,EAAMlf,MAAMkf,EAAMhL,QAASusC,SAE9CthD,IAAbuxE,GACFwjB,EAAkBnjB,YAAYL,GAEhC,MAAM+kB,EAAwB,IAAItgB,GAClCsgB,EAAsB11F,KAAKm0F,GAC3B,MAAMx8E,EAAU,IAAIw5E,GAAQuE,GAE5B,OADA/9E,EAAQ49D,WAAaxxE,EACd4T,CACT,CCl5BA,MAAMu9D,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAM5D,MAAMokB,GAKX13F,YAAYoW,EAAMlB,GAGhB,GADAhV,KAAKkW,KAAOmE,EAAK0F,qBAAqB7J,GAAM2L,QAAQ,SAAU,QAC1D7M,KAAeA,aAAqB0yE,IACtC,MAAUxkF,MAAM,2BAElBlD,KAAKgV,UAAYA,GAAa,IAAI0yE,GAAU,IAAIzQ,IAOlD2Q,mBACE,MAAMsL,EAAS,GAKf,OAJsBlzF,KAAKgV,UAAUkiE,QACvB9zE,SAAQ,SAAS0R,GAC7Bo+E,EAAOrxF,KAAKiT,EAAOs/D,gBAEd8e,EAeT/xF,WAAWivF,EAAap7E,EAAY,KAAM+gF,EAAgB,GAAIxjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACtH,MAAMgwE,EAAoB,IAAI1jB,GAC9B0jB,EAAkBvjB,QAAQzyE,KAAKkW,MAC/B,MAAMuhF,EAAe,IAAI/P,SAAgB2O,GAAuBL,EAAmB5F,EAAap7E,EAAW+gF,EAAexjB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAC1J,OAAO,IAAI8yE,GAAiBx3F,KAAKkW,KAAMuhF,GAezCn6C,OAAOlqB,EAAMm/C,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAMuwE,EAAgBv2F,KAAKgV,UAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAChEghF,EAAoB,IAAI1jB,GAG9B,OADA0jB,EAAkBvjB,QAAQzyE,KAAKkW,MACxBwgF,GAA0BH,EAAe,CAACP,GAAoB5iE,EAAMm/C,GAAM,EAAM7tD,GAOzFguD,UAEE,OAAO1yE,KAAKkW,KAAK2L,QAAQ,QAAS,MAQpCzI,MAAMsL,EAASsB,IACb,IAAI0xE,EAAS13F,KAAKgV,UAAUkiE,QAAQ/uE,KAAI,SAAS2M,GAC/C,OAAOkM,EAAM9f,KAAK8f,EAAM/M,KAAMa,EAAOw+D,eAAeoD,iBAEtDghB,EAASA,EAAOtwF,QAAO,SAASytF,EAAM5xF,EAAG00F,GAAM,OAAOA,EAAGpxF,QAAQsuF,KAAU5xF,KAC3E,MAAM0iB,EAAO,CACX1R,KAAMyjF,EAAOl2F,OACb0U,KAAMlW,KAAKkW,KACXnM,KAAM/J,KAAKgV,UAAUkiE,QAAQp1E,SAE/B,OAAOsX,GAAM4H,EAAM5H,MAAMG,OAAQoM,OAAM1kB,OAAWA,OAAWA,EAAWyjB,IAarEvjB,eAAey2F,IAAqBC,iBAAEA,SAAkBnzE,KAAWsjE,IAExE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3BmzE,EACH,MAAU30F,MAAM,gFAElB,IAAKmX,EAAKC,SAASu9E,GACjB,MAAU30F,MAAM,mEAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,MAAMlB,QAAcylB,GAAQ8xE,GAC5B,GAAIv3F,EAAM2Z,OAAS+G,EAAM5H,MAAMG,OAC7B,MAAUrW,MAAM,gCAElB,MAAMykF,QAAmB1Q,GAAW2B,WAAWt4E,EAAMyJ,KAAMgtE,GAAgBryD,IAY7E,SAAuBe,EAASkiE,GAC9B,MAAMmQ,EAAiB,SAASC,GAC9B,MAAMxuB,EAAQz0D,GAAU26B,GAAQ36B,EAAOw+D,gBAAkB7jC,EAEzD,IAAK,IAAIxsC,EAAI,EAAGA,EAAI0kF,EAAWvmF,OAAQ6B,IACrC,GAAI0kF,EAAW1kF,GAAGnD,YAAYwgB,MAAQU,EAAMlM,OAAOE,YAAc+iF,EAAU7vF,KAAKqhE,EAAMoe,EAAW1kF,KAC/F,OAAO,EAGX,OAAO,GAGT,IAAI+0F,EAAY,KACZD,EAAY,GAoBhB,GAnBAtyE,EAAQriB,SAAQ,SAASkhB,GAEvB,GADA0zE,EAAY1zE,EAAOC,MAAM,iBACrByzE,EAaF,MAAU90F,MAAM,0DAZhB80F,EAAYA,EAAU,GAAGn2E,QAAQ,MAAO,IACxCm2E,EAAYA,EAAUh4E,MAAM,KAC5Bg4E,EAAYA,EAAU7vF,KAAI,SAAS8L,GACjCA,EAAOA,EAAK00E,cACZ,IACE,OAAO3nE,EAAMlf,MAAMkf,EAAM/M,KAAMA,GAC/B,MAAO5P,GACP,MAAUnB,MAAM,2CAA6C+Q,OAGjE8jF,EAAYA,EAAUvxF,OAAOwxF,OAM5BD,EAAU32F,SAAW02F,EAAe,CAAC92E,EAAM/M,KAAKC,MACnD,MAAUhR,MAAM,qFACX,GAAI60F,EAAU32F,SAAW02F,EAAeC,GAC7C,MAAU70F,MAAM,wDAEpB,CAjDEsiB,CAAcllB,EAAMmlB,QAASkiE,GAC7B,MAAM3yE,EAAY,IAAI0yE,GAAUC,GAChC,OAAO,IAAI6P,GAAiBl3F,EAAM4V,KAAMlB,EAC1C,CAuDO7T,eAAe82F,IAAuB/hF,KAAEA,KAAS8xE,IACtD,IAAK9xE,EACH,MAAUhT,MAAM,sEAElB,IAAKmX,EAAKC,SAASpE,GACjB,MAAUhT,MAAM,yDAElB,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,OAAO,IAAIg2F,GAAiBthF,EAC9B,CCnKO/U,eAAe4iD,IAAY4lC,QAAEA,EAAU,GAAElN,WAAEA,EAAUxiE,KAAEA,EAAO,MAAKkuE,QAAEA,EAAU,KAAI13E,MAAEA,EAAQ,aAAYgH,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAO,IAAI13D,KAAMuzE,QAAEA,EAAU,CAAC,IAAG7rC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC/JkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAuB,IAAnBmoF,EAAQvoF,OACV,MAAU8B,MAAM,2CAElB,GAAa,QAAT+W,GAAkBkuE,EAAUzjE,EAAO5B,WACrC,MAAU5f,MAAM,8BAA8BwhB,EAAO5B,oBAAoBqlE,KAG3E,MAAMtjF,EAAU,CAAE8kF,UAASlN,aAAYxiE,OAAMkuE,UAAS13E,QAAOgH,oBAAmB86D,OAAM6b,WAEtF,IACE,MAAMv3E,IAAEA,EAAGs5E,sBAAEA,SHaVhvF,eAAwB0D,EAAS6f,GACtC7f,EAAQk4C,MAAO,GACfl4C,EAAUssF,GAA0BtsF,IAC5BupF,QAAUvpF,EAAQupF,QAAQjmF,KAAI,CAAC6gF,EAAQtpE,IAAUyxE,GAA0BtsF,EAAQupF,QAAQ1uE,GAAQ7a,KAC3G,IAAI2b,EAAW,CAAC23E,GAAyBtzF,EAAS6f,IAClDlE,EAAWA,EAASha,OAAO3B,EAAQupF,QAAQjmF,KAAItD,GAAWusF,GAA4BvsF,EAAS6f,MAC/F,MAAMwyD,QAAgBj3E,QAAQ2H,IAAI4Y,GAE5B3J,QAAY46E,GAAcva,EAAQ,GAAIA,EAAQx1E,MAAM,GAAImD,EAAS6f,GACjEyrE,QAA8Bt5E,EAAIuhF,yBAAyBvzF,EAAQ0tE,KAAM7tD,GAE/E,OADA7N,EAAI20E,qBAAuB,GACpB,CAAE30E,MAAKs5E,wBAChB,CGzBiD//B,CAASvrD,EAAS6f,GAG/D,OAFA7N,EAAIq1E,UAAU9oF,SAAQ,EAAGo6E,eAAgByN,GAAqBzN,EAAW94D,KAElE,CACLjL,WAAY4+E,GAAaxhF,EAAK0rC,EAAQ79B,GACtCvS,UAAWkmF,GAAaxhF,EAAI65E,WAAYnuC,EAAQ79B,GAChDyrE,yBAEF,MAAO9uC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CAkBOlgD,eAAem3F,IAAY7+E,WAAEA,EAAUkwE,QAAEA,EAAU,GAAElN,WAAEA,EAAUhlE,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAIhwB,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC1FkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAuB,IAAnBmoF,EAAQvoF,OACV,MAAU8B,MAAM,yCAElB,MAAM2B,EAAU,CAAE4U,aAAYkwE,UAASlN,aAAYhlE,oBAAmB86D,QAEtE,IACE,MAAQ17D,IAAK0hF,EAAcpI,sBAAEA,SHE1BhvF,eAAwB0D,EAAS6f,GACtC7f,EAAU2zF,EAAS3zF,GACnB,MAAM4U,WAAEA,GAAe5U,EAEvB,IAAK4U,EAAWmyE,YACd,MAAU1oF,MAAM,gCAGlB,GAAIuW,EAAW+jE,UAAU+B,UACvB,MAAUr8E,MAAM,2CAIlB,IADoBuW,EAAWyyE,UAAUxtC,OAAM,EAAG8+B,eAAgBA,EAAUI,gBAE1E,MAAU16E,MAAM,wBAGlB,MAAMq6E,EAAkB9jE,EAAW+jE,UAE9B34E,EAAQupF,UACXvpF,EAAQupF,cAAgBnuF,QAAQ2H,IAAI6R,EAAW20E,QAAQjmF,KAAIhH,UACzD,MAAMs9E,EAAqBuK,EAAOxL,UAC5B+K,EAAe,CAAE1xE,IAAK0mE,EAAiB93E,KAAMg5E,GAC7CwO,QACJC,GAA+BlE,EAAO+D,kBAAmBxP,EAAiBv8D,EAAMhM,UAAU2B,cAAe4xE,EAAc,KAAM7jE,GAC7HtkB,OAAM,MAAS,KACjB,MAAO,CACL28C,KAAMkwC,EAAiB50E,UAAa40E,EAAiB50E,SAAS,GAAK2I,EAAM3I,SAASS,SACnF,MAIL,MAAM44E,EAAsBj4E,EAAW20E,QAAQjmF,KAAI6gF,GAAUA,EAAOxL,YACpE,GAAI34E,EAAQupF,QAAQhtF,SAAWswF,EAAoBtwF,OACjD,MAAU8B,MAAM,6DAGlB2B,EAAQupF,QAAUvpF,EAAQupF,QAAQjmF,KAAI6pF,GAAiBwG,EAASxG,EAAentF,KAE/E,MAAMgS,QAAY46E,GAAclU,EAAiBmU,EAAqB7sF,EAAS6f,GACzEyrE,QAA8Bt5E,EAAIuhF,yBAAyBvzF,EAAQ0tE,KAAM7tD,GAE/E,OADA7N,EAAI20E,qBAAuB,GACpB,CAAE30E,MAAKs5E,yBAEd,SAASqI,EAAS3zF,EAASgmF,EAAiB,IAK1C,OAJAhmF,EAAQ4S,kBAAoB5S,EAAQ4S,mBAAqBozE,EAAepzE,kBACxE5S,EAAQ43E,WAAapiE,EAAKC,SAASzV,EAAQ43E,YAAc53E,EAAQ43E,WAAaoO,EAAepO,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQsY,EAAetY,KAEvC1tE,EAEX,CGrDiE4zF,CAAS5zF,EAAS6f,GAE/E,MAAO,CACLjL,WAAY4+E,GAAaE,EAAgBh2C,EAAQ79B,GACjDvS,UAAWkmF,GAAaE,EAAe7H,WAAYnuC,EAAQ79B,GAC3DyrE,yBAEF,MAAO9uC,GACP,MAAMhnC,EAAK6F,UAAU,6BAA8BmhC,GAEvD,CAoBOlgD,eAAeu3F,IAAU7hF,IAAEA,EAAGs5E,sBAAEA,EAAqB53E,oBAAEA,EAAmBg6D,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IACzFkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IACE,MAAMm3F,EAAaxI,QACXt5E,EAAI+hF,2BAA2BzI,EAAuB5d,EAAM7tD,SAC5D7N,EAAIgiF,OAAOtgF,EAAqBg6D,EAAM7tD,GAE9C,OAAOi0E,EAAW/M,YAAc,CAC9BnyE,WAAY4+E,GAAaM,EAAYp2C,EAAQ79B,GAC7CvS,UAAWkmF,GAAaM,EAAWjI,WAAYnuC,EAAQ79B,IACrD,CACFjL,WAAY,KACZtH,UAAWkmF,GAAaM,EAAYp2C,EAAQ79B,IAE9C,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,qBAAsBmhC,GAE/C,CAYOlgD,eAAe23F,IAAWr/E,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAWsjE,IAC1BkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAAKiY,EAAWmyE,YACd,MAAU1oF,MAAM,+BAElB,MAAM61F,EAAmBt/E,EAAW9X,OAAM,GACpCq3F,EAAc3+E,EAAK7Z,QAAQi8E,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMx8E,QAAQ2H,IAAImxF,EAAiB7M,UAAU/jF,KAAI0O,GAE/CwD,EAAKkG,WAAWy4E,EAAY7wF,KAAIs0E,GAAc5lE,EAAI2mE,UAAU5qD,QAAQ6pD,eAGhEsc,EAAiBxzC,SAAS7gC,GACzBq0E,EACP,MAAO13C,GAEP,MADA03C,EAAiBrZ,qBACXrlE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAYOlgD,eAAe83F,IAAWx/E,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAWsjE,IAC1BkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAAKiY,EAAWmyE,YACd,MAAU1oF,MAAM,+BAElB,MAAM61F,EAAmBt/E,EAAW9X,OAAM,GAEpCyxB,EAAO2lE,EAAiB7M,UACxB8M,EAAc3+E,EAAK7Z,QAAQi8E,GAAcA,EAAiB58E,MAAMuzB,EAAKhyB,QAAQ2+C,KAAK08B,GACxF,GAAIuc,EAAY53F,SAAWgyB,EAAKhyB,OAC9B,MAAU8B,MAAM,0DAGlB,IAME,aALMjD,QAAQ2H,IAAIwrB,EAAKjrB,KAAIhH,MAAO0V,EAAK5T,KACrC,MAAMu6E,UAAEA,GAAc3mE,QAChB2mE,EAAU7qD,QAAQqmE,EAAY/1F,GAAIyhB,GACxC84D,EAAUkC,oBAAoB,KAEzBqZ,EACP,MAAO13C,GAEP,MADA03C,EAAiBrZ,qBACXrlE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAiCOlgD,eAAewxB,IAAQnZ,QAAEA,EAAOu7E,eAAEA,EAAcpJ,YAAEA,EAAW2H,UAAEA,EAAS5X,WAAEA,EAAUn5B,OAAEA,EAAS,UAASvtC,UAAEA,EAAY,KAAIqgF,SAAEA,GAAW,EAAKU,cAAEA,EAAgB,GAAET,iBAAEA,EAAmB,GAAE/iB,KAAEA,EAAO,IAAI13D,KAAMq+E,eAAEA,EAAiB,GAAEC,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,UAAI10E,KAAWsjE,IAKlS,GAJ0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC20E,GAAa7/E,GAAU8/E,GAAyB/2C,GAChDwyC,EAAiBntD,GAAQmtD,GAAiBpJ,EAAc/jD,GAAQ+jD,GAAc2H,EAAY1rD,GAAQ0rD,GAClGyC,EAAgBnuD,GAAQmuD,GAAgBT,EAAmB1tD,GAAQ0tD,GAAmB4D,EAAiBtxD,GAAQsxD,GAAiBC,EAAoBvxD,GAAQuxD,GAAoBC,EAAqBxxD,GAAQwxD,GACzMpR,EAAK5qC,SACP,MAAUl6C,MAAM,+JAElB,GAAI8kF,EAAKuR,WAAY,MAAUr2F,MAAM,gGACrC,GAAI8kF,EAAKoI,YAAa,MAAUltF,MAAM,8FACtC,QAAmBjC,IAAf+mF,EAAK5uE,MAAqB,MAAUlW,MAAM,oFAC9C,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAE3HmqF,IACHA,EAAc,IAEhB,MAAM6N,EAAYhgF,EAAQ49D,WAC1B,IASE,IARIuU,EAAYvqF,QAAU4T,KACxBwE,QAAgBA,EAAQujC,KAAK4uC,EAAa32E,EAAW+gF,EAAexjB,EAAM2mB,EAAgBE,EAAoB10E,IAEhHlL,EAAUA,EAAQg/D,eACVkR,GAAiB,cAAeqL,EAAgBxiB,EAAM4mB,EAAmBz0E,GAC/EA,GAEFlL,QAAgBA,EAAQmZ,QAAQoiE,EAAgBzB,EAAW5X,EAAY2Z,EAAUC,EAAkB/iB,EAAM4mB,EAAmBz0E,GAC7G,WAAX69B,EAAqB,OAAO/oC,EAEhC,MAAMJ,EAAmB,YAAXmpC,EAEd,OAAOk3C,GADMrgF,EAAQI,EAAQJ,MAAMsL,GAAUlL,EAAQ1X,QAC1B03F,EAAWpgF,EAAQ,OAAS,UACvD,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CAmCOlgD,eAAeyxB,IAAQpZ,QAAEA,EAAO65E,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWvH,iBAAEA,EAAgB0N,aAAEA,GAAe,EAAKn3C,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAGxL,GAF0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC20E,GAAa7/E,GAAUwyE,EAAmBpkD,GAAQokD,GAAmBqH,EAAiBzrD,GAAQyrD,GAAiBC,EAAY1rD,GAAQ0rD,GAAYC,EAAc3rD,GAAQ2rD,GACjKvL,EAAKoI,YAAa,MAAUltF,MAAM,iGACtC,GAAI8kF,EAAKuR,WAAY,MAAUr2F,MAAM,kGACrC,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IACE,MAAMy4E,QAAkBzgE,EAAQoZ,QAAQygE,EAAgBC,EAAWC,EAAahhB,EAAM7tD,GACjFsnE,IACHA,EAAmB,IAGrB,MAAMvqF,EAAS,GAKf,GAJAA,EAAO6mF,WAAatzE,QAAkBilE,EAAU0c,eAAe3hF,EAAWg3E,EAAkBzZ,EAAM7tD,SAAgBu1D,EAAU38B,OAAO0uC,EAAkBzZ,EAAM7tD,GAC3JjjB,EAAOsI,KAAkB,WAAXw4C,EAAsB03B,EAAU6a,iBAAmB7a,EAAUvH,UAC3EjxE,EAAO+wE,SAAWyH,EAAUnH,cAC5B6mB,GAAYl4F,EAAQ+X,GAChBkgF,EAAc,CAChB,GAAgC,IAA5B1N,EAAiB5qF,OACnB,MAAU8B,MAAM,+DAElB,GAAiC,IAA7BzB,EAAO6mF,WAAWlnF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOsI,KAAOyT,EAAc,CAC1B/b,EAAOsI,KACPmrE,GAAiB/zE,gBACTkZ,EAAKkG,WAAW9e,EAAO6mF,WAAWngF,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAzxE,EAAOsI,WAAa0vF,GAAch4F,EAAOsI,KAAMyP,EAAQ49D,WAAY70B,GAC5D9gD,EACP,MAAO4/C,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CA0BOlgD,eAAe47C,IAAKvjC,QAAEA,EAAOmyE,YAAEA,EAAWppC,OAAEA,EAAS,UAASnF,SAAEA,GAAW,EAAK24C,cAAEA,EAAgB,GAAExjB,KAAEA,EAAO,IAAI13D,KAAMq+E,eAAEA,EAAiB,GAAEE,mBAAEA,EAAqB,UAAI10E,KAAWsjE,IAKvL,GAJ0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChCk1E,GAAwBpgF,GAAU8/E,GAAyB/2C,GAC3DopC,EAAc/jD,GAAQ+jD,GAAcoK,EAAgBnuD,GAAQmuD,GAAgBmD,EAAiBtxD,GAAQsxD,GAAiBE,EAAqBxxD,GAAQwxD,GAE/IpR,EAAKoI,YAAa,MAAUltF,MAAM,2FACtC,QAAmBjC,IAAf+mF,EAAK5uE,MAAqB,MAAUlW,MAAM,iFAC9C,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAIgY,aAAmBg+E,IAA+B,WAAXj1C,EAAqB,MAAUr/C,MAAM,2DAChF,GAAIsW,aAAmBg+E,IAAoBp6C,EAAU,MAAUl6C,MAAM,0CAErE,IAAKyoF,GAAsC,IAAvBA,EAAYvqF,OAC9B,MAAU8B,MAAM,4BAGlB,IACE,IAAI8R,EAMJ,GAJEA,EADEooC,QACgB5jC,EAAQqgF,aAAalO,OAAa1qF,EAAW80F,EAAexjB,EAAM2mB,EAAgBE,EAAoB10E,SAEtGlL,EAAQujC,KAAK4uC,OAAa1qF,EAAW80F,EAAexjB,EAAM2mB,EAAgBE,EAAoB10E,GAEnG,WAAX69B,EAAqB,OAAOvtC,EAEhC,MAAMoE,EAAmB,YAAXmpC,EAUd,OATAvtC,EAAYoE,EAAQpE,EAAUoE,MAAMsL,GAAU1P,EAAUlT,QACpDs7C,IACFpoC,EAAYuR,EAAqB/M,EAAQ09D,QAAQp1E,SAASX,MAAOsH,EAAUC,WACnEzI,QAAQ2H,IAAI,CAChBkf,EAAY9R,EAAWtM,GACvBke,EAAiBne,GAAUrI,OAAM,UACjC,KAGCq5F,GAAczkF,EAAWwE,EAAQ49D,WAAYh+D,EAAQ,OAAS,UACrE,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,wBAAyBmhC,GAElD,CA8BOlgD,eAAem8C,IAAO9jC,QAAEA,EAAOwyE,iBAAEA,EAAgB0N,aAAEA,GAAe,EAAKn3C,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAG/I,GAF0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChCk1E,GAAwBpgF,GAAUwyE,EAAmBpkD,GAAQokD,GACzDhE,EAAKuR,WAAY,MAAUr2F,MAAM,iGACrC,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,GAAIgY,aAAmBg+E,IAA+B,WAAXj1C,EAAqB,MAAUr/C,MAAM,iDAChF,GAAIsW,aAAmBg+E,IAAoBxiF,EAAW,MAAU9R,MAAM,6CAEtE,IACE,MAAMzB,EAAS,GAQf,GANEA,EAAO6mF,WADLtzE,QACwBwE,EAAQm9E,eAAe3hF,EAAWg3E,EAAkBzZ,EAAM7tD,SAE1DlL,EAAQ8jC,OAAO0uC,EAAkBzZ,EAAM7tD,GAEnEjjB,EAAOsI,KAAkB,WAAXw4C,EAAsB/oC,EAAQs7E,iBAAmBt7E,EAAQk5D,UACnEl5D,EAAQ49D,aAAepiE,GAAW2kF,GAAYl4F,EAAQ+X,GACtDkgF,EAAc,CAChB,GAAiC,IAA7Bj4F,EAAO6mF,WAAWlnF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOsI,KAAOyT,EAAc,CAC1B/b,EAAOsI,KACPmrE,GAAiB/zE,gBACTkZ,EAAKkG,WAAW9e,EAAO6mF,WAAWngF,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAzxE,EAAOsI,WAAa0vF,GAAch4F,EAAOsI,KAAMyP,EAAQ49D,WAAY70B,GAC5D9gD,EACP,MAAO4/C,GACP,MAAMhnC,EAAK6F,UAAU,iCAAkCmhC,GAE3D,CAoBOlgD,eAAe+7E,IAAmB6X,eAAEA,EAAcxiB,KAAEA,EAAO,IAAI13D,KAAMs+E,kBAAEA,EAAoB,UAAIz0E,KAAWsjE,IAG/G,GAF0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChCqwE,EAAiBntD,GAAQmtD,GAAiBoE,EAAoBvxD,GAAQuxD,GAClEnR,EAAKuR,WAAY,MAAUr2F,MAAM,2GACrC,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAEE,aAD0BwxF,GAAQ9V,mBAAmB6X,EAAgBxiB,EAAM4mB,EAAmBz0E,GAE9F,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAqBOlgD,eAAeo0F,IAAkBxrF,KAAEA,EAAI+/C,UAAEA,EAASwwB,cAAEA,EAAaya,eAAEA,EAAczB,UAAEA,EAAS/wC,OAAEA,EAAS,UAAS8yC,SAAEA,GAAW,EAAKC,iBAAEA,EAAmB,GAAE/iB,KAAEA,EAAO,IAAI13D,KAAMs+E,kBAAEA,EAAoB,UAAIz0E,KAAWsjE,IAItN,GAH0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAgElC,SAAqB3a,EAAMoB,GACzB,IAAKkP,EAAKzX,aAAamH,GACrB,MAAU7G,MAAM,eAAiBiI,GAAQ,QAAU,+BAEvD,CAnEE2uF,CAAY/vF,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAKkP,EAAKC,SAASvQ,GACjB,MAAU7G,MAAM,eAAiBiI,GAAQ,QAAU,2BAEvD,CA9DqB4uF,CAAYjwC,EAAW,aAAcwvC,GAAyB/2C,GACjFwyC,EAAiBntD,GAAQmtD,GAAiBzB,EAAY1rD,GAAQ0rD,GAAYgC,EAAmB1tD,GAAQ0tD,GAAmB6D,EAAoBvxD,GAAQuxD,GAChJnR,EAAKuR,WAAY,MAAUr2F,MAAM,0GACrC,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,KAAMuzF,GAA4C,IAA1BA,EAAe3zF,QAAmBkyF,GAAkC,IAArBA,EAAUlyF,QAC/E,MAAU8B,MAAM,6CAGlB,IAEE,OAAOm1F,SADerF,GAAQuC,kBAAkBxrF,EAAM+/C,EAAWwwB,EAAeya,EAAgBzB,EAAW+B,EAAUC,EAAkB/iB,EAAM4mB,EAAmBz0E,GACnI69B,EAAQ79B,GACrC,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAiBOlgD,eAAesyF,IAAmBj6E,QAAEA,EAAO65E,eAAEA,EAAcC,UAAEA,EAAS/gB,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAG3G,GAF0CkQ,GAA1CxzE,EAAS,IAAKsB,MAAkBtB,IAChC20E,GAAa7/E,GAAU65E,EAAiBzrD,GAAQyrD,GAAiBC,EAAY1rD,GAAQ0rD,GACjFtL,EAAKoI,YAAa,MAAUltF,MAAM,4GACtC,MAAM+kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe7mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB+kF,EAAezmF,KAAK,OAEhI,IAEE,aAD0BgY,EAAQi6E,mBAAmBJ,EAAgBC,EAAW/gB,EAAM7tD,GAEtF,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,gCAAiCmhC,GAE1D,CAwBA,SAASg4C,GAAa7/E,GACpB,KAAMA,aAAmBw5E,IACvB,MAAU9vF,MAAM,kDAEpB,CACA,SAAS02F,GAAwBpgF,GAC/B,KAAMA,aAAmBg+E,IAAuBh+E,aAAmBw5E,IACjE,MAAU9vF,MAAM,sEAEpB,CACA,SAASo2F,GAAyB/2C,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUr/C,MAAM,sBAAsBq/C,EAE1C,CACA,MAAMy3C,GAA0BhvF,OAAOooB,KAAKpN,IAAe5kB,OAC3D,SAAS82F,GAAYxzE,GACnB,MAAMu1E,EAAmBjvF,OAAOooB,KAAK1O,GACrC,GAAIu1E,EAAiB74F,SAAW44F,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiCh5F,IAA7B+kB,GAAck0E,GAChB,MAAUh3F,MAAM,4BAA4Bg3F,EAIpD,CAQA,SAAStyD,GAAQ6jB,GAIf,OAHIA,IAAUpxC,EAAK7Z,QAAQirD,KACzBA,EAAQ,CAACA,IAEJA,CACT,CAWAtqD,eAAes4F,GAAc1vF,EAAMyvF,EAAWW,EAAW,QACvD,MAAMv0F,EAAayU,EAAK7X,SAASuH,GACjC,MAAmB,UAAfnE,EACKghB,EAAiB7c,GAER,SAAdyvF,GACFzvF,EAAOmvE,EAAiBnvE,GACP,WAAbowF,GAAuBpwF,EAAKqwF,YAAYD,GACrCpwF,GAES,QAAdyvF,GAAsC,aAAf5zF,EAClBy0F,EAAwBtwF,GAE1BA,CACT,CAUA,SAAS4vF,GAAYl4F,EAAQ+X,GAC3B/X,EAAOsI,KAAOwc,EAAqB/M,EAAQ09D,QAAQn2E,QAAQI,MAAOsH,EAAUC,WACpEoe,EAAYrlB,EAAOsI,KAAMrB,EAAU,CACvCE,cAAc,IAEhB,MAAMlI,EAAS+lB,EAAiB/d,GAChC,UAEQke,EAAiBne,GAAU67C,GAAKA,UAChC5jD,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,MAGzB,CASA,SAASg0F,GAAaiC,EAAQ/3C,EAAQ79B,GACpC,OAAQ69B,GACN,IAAK,SACH,OAAO+3C,EACT,IAAK,UACH,OAAOA,EAAOlhF,MAAMsL,GACtB,IAAK,SACH,OAAO41E,EAAOx4F,QAChB,QACE,MAAUoB,MAAM,sBAAsBq/C,GAE5C"} \ No newline at end of file +{"version":3,"file":"openpgp.min.mjs","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/enums.js","../../src/config/config.js","../../src/util.js","../../src/encoding/base64.js","../../src/encoding/armor.js","../../src/crypto/cipher/index.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@noble/ciphers/esm/_assert.js","../../node_modules/@noble/ciphers/esm/utils.js","../../node_modules/@noble/ciphers/esm/_polyval.js","../../node_modules/@noble/ciphers/esm/aes.js","../../src/crypto/mode/cfb.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../../../../src/crypto/biginteger.ts","../../src/crypto/random.js","../../../../../src/crypto/public_key/prime.ts","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../node_modules/@openpgp/tweetnacl/cryptoBrowser.js","../../node_modules/@openpgp/tweetnacl/nacl-fast.js","../../src/type/oid.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../src/type/s2k/argon2.js","../../src/type/s2k/generic.js","../../src/type/s2k/index.js","../../node_modules/fflate/esm/browser.js","../../src/packet/literal_data.js","../../src/type/keyid.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/marker.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/packet/trust.js","../../src/packet/padding.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work\n Object.setPrototypeOf(this, ArrayStream.prototype);\n\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","/* eslint-disable no-prototype-builtins */\nimport { isArrayStream } from './writer.js';\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n // try and detect a node native stream without having to import its class\n if (input &&\n !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) &&\n typeof input._read === 'function' && typeof input._readableState === 'object') {\n throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`');\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isUint8Array, isStream, isArrayStream } from './util.js';\nimport * as streams from './streams.js';\n\nconst doneReadingSet = new WeakSet();\n/**\n * The external buffer is used to store values that have been peeked or unshifted from the original stream.\n * Because of how streams are implemented, such values cannot be \"put back\" in the original stream,\n * but they need to be returned first when reading from the input again.\n */\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = () => {};\n return;\n }\n let streamType = isStream(input);\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isStream, isArrayStream, isUint8Array, concatUint8Array } from './util.js';\nimport { Reader, externalBuffer } from './reader.js';\nimport { ArrayStream, Writer } from './writer.js';\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream.\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n }\n lastBytes = returnValue;\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input)) {\n return input.subarray(begin, end === Infinity ? input.length : end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n const cancelled = await input.cancel(reason);\n // the stream is not always cancelled at this point, so we wait some more\n await new Promise(setTimeout);\n return cancelled;\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n\nexport {\n ArrayStream,\n toStream,\n concatStream,\n concat,\n getReader,\n getWriter,\n pipe,\n transformRaw,\n transform,\n transformPair,\n parse,\n clone,\n passiveClone,\n slice,\n readToEnd,\n cancel,\n fromAsync\n};\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'nistP256': 'nistP256',\n /** @deprecated use `nistP256` instead */\n 'p256': 'nistP256',\n\n /** NIST P-384 Curve */\n 'nistP384': 'nistP384',\n /** @deprecated use `nistP384` instead */\n 'p384': 'nistP384',\n\n /** NIST P-521 Curve */\n 'nistP521': 'nistP521',\n /** @deprecated use `nistP521` instead */\n 'p521': 'nistP521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519Legacy',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519Legacy',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519Legacy',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519Legacy',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n argon2: 4,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11,\n sha3_256: 12,\n sha3_512: 14\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n gcm: 3,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n padding: 21\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuerKeyID: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34,\n preferredCipherSuites: 39\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4,\n seipdv2: 8\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha512,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * This option is applicable to:\n * - key generation (encryption key preferences),\n * - password-based message encryption, and\n * - private key encryption.\n * In the case of message encryption using public keys, the encryption key preferences are respected instead.\n * Note: not all OpenPGP implementations are compatible with this option.\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)\n * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,\n * this option must be set, otherwise key parsing and/or key decryption will fail.\n * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys\n * will be processed incorrectly.\n */\n parseAEADEncryptedV4KeysAsLegacy: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.gcm,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use v6 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v6Keys\n */\n v6Keys: false,\n /**\n * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet).\n * These are non-standard entities, which in the crypto-refresh have been superseded\n * by v6 keys and v6 signatures, respectively.\n * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries,\n * hence parsing them might be necessary in some cases.\n */\n enableParsingV5Entities: false,\n /**\n * S2K (String to Key) type, used for key derivation in the context of secret key encryption\n * and password-encrypted data. Weaker s2k options are not allowed.\n * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it\n * (pending standardisation).\n * @memberof module:config\n * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}\n */\n s2kType: enums.s2k.iterated,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:\n * Iteration Count Byte for Iterated and Salted S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.\n * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:\n * Argon2 parameters for S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.\n * Default settings correspond to the second recommendation from RFC9106 (\"uniformly safe option\"),\n * to ensure compatibility with memory-constrained environments.\n * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.\n * @memberof module:config\n * @property {Object} params\n * @property {Integer} params.passes - number of iterations t\n * @property {Integer} params.parallelism - degree of parallelism p\n * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.\n */\n s2kArgon2Params: {\n passes: 3,\n parallelism: 4, // lanes\n memoryExponent: 16 // 64 MiB of RAM\n },\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:\n * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL\n * (see https://efail.de/).\n * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.\n *\n * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n /**\n * Allow using keys that do not have any key flags set.\n * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages\n * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).\n * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.\n * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.\n */\n allowMissingKeyFlags: false,\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design).\n * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur\n * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of\n * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.\n * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases.\n */\n nonDeterministicSignaturesViaNotation: true,\n /**\n * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * @memberof module:config\n * @property {Boolean} useEllipticFallback\n */\n useEllipticFallback: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { createRequire } from 'module'; // Must be stripped in browser built\nimport enums from './enums';\nimport defaultConfig from './config';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n nodeRequire: createRequire(import.meta.url),\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n /**\n * Load noble-curves lib on demand and return the requested curve function\n * @param {enums.publicKey} publicKeyAlgo\n * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA)\n * @returns curve implementation\n * @throws on unrecognized curve, or curve not implemented by noble-curve\n */\n getNobleCurve: async (publicKeyAlgo, curveName) => {\n if (!defaultConfig.useEllipticFallback) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n\n const { nobleCurves } = await import('./crypto/public_key/elliptic/noble_curves');\n switch (publicKeyAlgo) {\n case enums.publicKey.ecdh:\n case enums.publicKey.ecdsa: {\n const curve = nobleCurves.get(curveName);\n if (!curve) throw new Error('Unsupported curve');\n return curve;\n }\n case enums.publicKey.x448:\n return nobleCurves.get('x448');\n case enums.publicKey.ed448:\n return nobleCurves.get('ed448');\n default:\n throw new Error('Unsupported curve');\n }\n },\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures,\n // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed\n // has not been authenticated (yet).\n // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues.\n // Also, AEAD is also not affected.\n return util.readExactSubarray(bytes, 2, 2 + bytelen);\n },\n\n /**\n * Read exactly `end - start` bytes from input.\n * This is a stricter version of `.subarray`.\n * @param {Uint8Array} input - Input data to parse\n * @returns {Uint8Array} subarray of size always equal to `end - start`\n * @throws if the input array is too short.\n */\n readExactSubarray: function (input, start, end) {\n if (input.length < (end - start)) {\n throw new Error('Input array too short');\n }\n return input.subarray(start, end);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n if (bytes.length > length) {\n throw new Error('Input array too long');\n }\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const hexAlphabet = '0123456789abcdef';\n let s = '';\n bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; });\n return s;\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography API.\n * @returns {Object} The SubtleCrypto API\n * @throws if the API is not available\n */\n getWebCrypto: function() {\n const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n // Fallback for Node 16, which does not expose WebCrypto as a global\n const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle;\n if (!webCrypto) {\n throw new Error('The WebCrypto API is not available');\n }\n return webCrypto;\n },\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return this.nodeRequire('crypto');\n },\n\n getNodeZlib: function() {\n return this.nodeRequire('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (this.nodeRequire('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = this.nodeRequire('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n /**\n * Test email format to ensure basic compliance:\n * - must include a single @\n * - no control or space unicode chars allowed\n * - no backslash and square brackets (as the latter can mess with the userID parsing)\n * - cannot end with a punctuation char\n * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation,\n * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)).\n */\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^[^\\p{C}\\p{Z}@<>\\\\]+@[^\\p{C}\\p{Z}@<>\\\\]+[^\\p{C}\\p{Z}\\p{P}]$/u;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n }\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n }\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n }\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n }\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n }\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n }\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Remove the (optional) checksum from an armored message.\n * @param {String} text - OpenPGP armored message\n * @returns {String} The body of the armored message.\n * @private\n */\nfunction removeChecksum(text) {\n let body = text;\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n }\n\n return body;\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n const data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== enums.armor.signed) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === enums.armor.signed) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const body = removeChecksum(parts[0].slice(0, -1));\n await writer.write(body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum\n * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug\n // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)\n const maybeBodyClone = emitChecksum && stream.passiveClone(body);\n\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push(hash ? `Hash: ${hash}\\n\\n` : '\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","import enums from '../../enums';\n\nexport async function getLegacyCipher(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n throw new Error('Not a legacy cipher');\n case enums.symmetric.cast5:\n case enums.symmetric.blowfish:\n case enums.symmetric.twofish:\n case enums.symmetric.tripledes: {\n const { legacyCiphers } = await import('./legacy_ciphers');\n const cipher = legacyCiphers.get(algo);\n if (!cipher) {\n throw new Error('Unsupported cipher algorithm');\n }\n return cipher;\n }\n default:\n throw new Error('Unsupported cipher algorithm');\n }\n}\n\n/**\n * Get block size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherBlockSize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 16;\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n case enums.symmetric.tripledes:\n return 8;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherKeySize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n return 16;\n case enums.symmetric.aes192:\n case enums.symmetric.tripledes:\n return 24;\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 32;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get block and key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nexport function getCipherParams(algo) {\n return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) };\n}\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction nobleHash(nobleHashName, webCryptoHashName) {\n const getNobleHash = async () => {\n const { nobleHashes } = await import('./noble_hashes');\n const hash = nobleHashes.get(nobleHashName);\n if (!hash) throw new Error('Unsupported hash');\n return hash;\n };\n\n return async function(data) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hash = await getNobleHash();\n\n const hashInstance = hash.create();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => hashInstance.digest());\n } else if (webCrypto && webCryptoHashName) {\n return new Uint8Array(await webCrypto.digest(webCryptoHashName, data));\n } else {\n const hash = await getNobleHash();\n\n return hash(data);\n }\n };\n}\n\nexport default {\n\n /** @see module:md5 */\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),\n sha224: nodeHash('sha224') || nobleHash('sha224'),\n sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),\n sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),\n sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),\n ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),\n sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),\n sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n case enums.hash.sha3_256:\n return this.sha3_256(data);\n case enums.hash.sha3_512:\n return this.sha3_512(data);\n default:\n throw new Error('Unsupported hash function');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n case enums.hash.sha3_256:\n return 32;\n case enums.hash.sha3_512:\n return 64;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(hash) {\n if (typeof hash !== 'function' || typeof hash.create !== 'function')\n throw new Error('hash must be wrapped by utils.wrapConstructor');\n number(hash.outputLen);\n number(hash.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\nimport { bytes as abytes, isBytes } from './_assert.js';\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u16 = (arr) => new Uint16Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 2));\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// big-endian hardware is rare. Just in case someone still decides to run ciphers:\n// early-throw an error because we don't support BE yet.\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\nif (!isLE)\n throw new Error('Non little-endian hardware is not supported');\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`string expected, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n else if (isBytes(data))\n data = copyBytes(data);\n else\n throw new Error(`Uint8Array expected, got ${typeof data}`);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n// For runtime check if class implements interface\nexport class Hash {\n}\n/**\n * @__NO_SIDE_EFFECTS__\n */\nexport const wrapCipher = (params, c) => {\n Object.assign(c, params);\n return c;\n};\n// Polyfill for Safari 14\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\nexport function u64Lengths(ciphertext, AAD) {\n const num = new Uint8Array(16);\n const view = createView(num);\n setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);\n setBigUint64(view, 8, BigInt(ciphertext.length), true);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n//# sourceMappingURL=utils.js.map","import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';\nimport { clean, copyBytes, createView, toBytes, u32 } from './utils.js';\n// GHash from AES-GCM and its little-endian \"mirror image\" Polyval from AES-SIV.\n// Implemented in terms of GHash with conversion function for keys\n// GCM GHASH from NIST SP800-38d, SIV from RFC 8452.\n// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf\n// GHASH modulo: x^128 + x^7 + x^2 + x + 1\n// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1\nconst BLOCK_SIZE = 16;\n// TODO: rewrite\n// temporary padding buffer\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\nconst ZEROS32 = u32(ZEROS16);\nconst POLY = 0xe1; // v = 2*v % POLY\n// v = 2*v % POLY\n// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x\n// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor)\nconst mul2 = (s0, s1, s2, s3) => {\n const hiBit = s3 & 1;\n return {\n s3: (s2 << 31) | (s3 >>> 1),\n s2: (s1 << 31) | (s2 >>> 1),\n s1: (s0 << 31) | (s1 >>> 1),\n s0: (s0 >>> 1) ^ ((POLY << 24) & -(hiBit & 1)), // reduce % poly\n };\n};\nconst swapLE = (n) => (((n >>> 0) & 0xff) << 24) |\n (((n >>> 8) & 0xff) << 16) |\n (((n >>> 16) & 0xff) << 8) |\n ((n >>> 24) & 0xff) |\n 0;\n/**\n * `mulX_POLYVAL(ByteReverse(H))` from spec\n * @param k mutated in place\n */\nexport function _toGHASHKey(k) {\n k.reverse();\n const hiBit = k[15] & 1;\n // k >>= 1\n let carry = 0;\n for (let i = 0; i < k.length; i++) {\n const t = k[i];\n k[i] = (t >>> 1) | carry;\n carry = (t & 1) << 7;\n }\n k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000;\n return k;\n}\nconst estimateWindow = (bytes) => {\n if (bytes > 64 * 1024)\n return 8;\n if (bytes > 1024)\n return 4;\n return 2;\n};\nclass GHASH {\n // We select bits per window adaptively based on expectedLength\n constructor(key, expectedLength) {\n this.blockLen = BLOCK_SIZE;\n this.outputLen = BLOCK_SIZE;\n this.s0 = 0;\n this.s1 = 0;\n this.s2 = 0;\n this.s3 = 0;\n this.finished = false;\n key = toBytes(key);\n abytes(key, 16);\n const kView = createView(key);\n let k0 = kView.getUint32(0, false);\n let k1 = kView.getUint32(4, false);\n let k2 = kView.getUint32(8, false);\n let k3 = kView.getUint32(12, false);\n // generate table of doubled keys (half of montgomery ladder)\n const doubles = [];\n for (let i = 0; i < 128; i++) {\n doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });\n ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));\n }\n const W = estimateWindow(expectedLength || 1024);\n if (![1, 2, 4, 8].includes(W))\n throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);\n this.W = W;\n const bits = 128; // always 128 bits;\n const windows = bits / W;\n const windowSize = (this.windowSize = 2 ** W);\n const items = [];\n // Create precompute table for window of W bits\n for (let w = 0; w < windows; w++) {\n // truth table: 00, 01, 10, 11\n for (let byte = 0; byte < windowSize; byte++) {\n // prettier-ignore\n let s0 = 0, s1 = 0, s2 = 0, s3 = 0;\n for (let j = 0; j < W; j++) {\n const bit = (byte >>> (W - j - 1)) & 1;\n if (!bit)\n continue;\n const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];\n (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3);\n }\n items.push({ s0, s1, s2, s3 });\n }\n }\n this.t = items;\n }\n _updateBlock(s0, s1, s2, s3) {\n (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3);\n const { W, t, windowSize } = this;\n // prettier-ignore\n let o0 = 0, o1 = 0, o2 = 0, o3 = 0;\n const mask = (1 << W) - 1; // 2**W will kill performance.\n let w = 0;\n for (const num of [s0, s1, s2, s3]) {\n for (let bytePos = 0; bytePos < 4; bytePos++) {\n const byte = (num >>> (8 * bytePos)) & 0xff;\n for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {\n const bit = (byte >>> (W * bitPos)) & mask;\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];\n (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3);\n w += 1;\n }\n }\n }\n this.s0 = o0;\n this.s1 = o1;\n this.s2 = o2;\n this.s3 = o3;\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n const left = data.length % BLOCK_SIZE;\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);\n clean(ZEROS32); // clean tmp buffer\n }\n return this;\n }\n destroy() {\n const { t } = this;\n // clean precompute table\n for (const elm of t) {\n (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0);\n }\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out;\n }\n digest() {\n const res = new Uint8Array(BLOCK_SIZE);\n this.digestInto(res);\n this.destroy();\n return res;\n }\n}\nclass Polyval extends GHASH {\n constructor(key, expectedLength) {\n key = toBytes(key);\n const ghKey = _toGHASHKey(copyBytes(key));\n super(ghKey, expectedLength);\n clean(ghKey);\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const left = data.length % BLOCK_SIZE;\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));\n clean(ZEROS32);\n }\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // tmp ugly hack\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out.reverse();\n }\n}\nfunction wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest();\n const tmp = hashCons(new Uint8Array(16), 0);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key, expectedLength) => hashCons(key, expectedLength);\n return hashC;\n}\nexport const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));\nexport const polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));\n//# sourceMappingURL=_polyval.js.map","// prettier-ignore\nimport { bytes as abytes } from './_assert.js';\nimport { ghash, polyval } from './_polyval.js';\nimport { clean, concatBytes, copyBytes, createView, equalBytes, isAligned32, setBigUint64, u32, u8, wrapCipher, } from './utils.js';\n/*\nAES (Advanced Encryption Standard) aka Rijndael block cipher.\n\nData is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round:\n1. **S-box**, table substitution\n2. **Shift rows**, cyclic shift left of all rows of data array\n3. **Mix columns**, multiplying every column by fixed polynomial\n4. **Add round key**, round_key xor i-th column of array\n\nResources:\n- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf\n- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf\n*/\nconst BLOCK_SIZE = 16;\nconst BLOCK_SIZE32 = 4;\nconst EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE);\nconst POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8\n// TODO: remove multiplication, binary ops only\nfunction mul2(n) {\n return (n << 1) ^ (POLY & -(n >> 7));\n}\nfunction mul(a, b) {\n let res = 0;\n for (; b > 0; b >>= 1) {\n // Montgomery ladder\n res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time).\n a = mul2(a); // a = 2*a\n }\n return res;\n}\n// AES S-box is generated using finite field inversion,\n// an affine transform, and xor of a constant 0x63.\nconst sbox = /* @__PURE__ */ (() => {\n const t = new Uint8Array(256);\n for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x))\n t[i] = x;\n const box = new Uint8Array(256);\n box[0] = 0x63; // first elm\n for (let i = 0; i < 255; i++) {\n let x = t[255 - i];\n x |= x << 8;\n box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff;\n }\n clean(t);\n return box;\n})();\n// Inverted S-box\nconst invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));\n// Rotate u32 by 8\nconst rotr32_8 = (n) => (n << 24) | (n >>> 8);\nconst rotl32_8 = (n) => (n << 8) | (n >>> 24);\n// The byte swap operation for uint32 (LE<->BE)\nconst byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes:\n// - LE instead of BE\n// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23;\n// so index is u16, instead of u8. This speeds up things, unexpectedly\nfunction genTtable(sbox, fn) {\n if (sbox.length !== 256)\n throw new Error('Wrong sbox length');\n const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j]));\n const T1 = T0.map(rotl32_8);\n const T2 = T1.map(rotl32_8);\n const T3 = T2.map(rotl32_8);\n const T01 = new Uint32Array(256 * 256);\n const T23 = new Uint32Array(256 * 256);\n const sbox2 = new Uint16Array(256 * 256);\n for (let i = 0; i < 256; i++) {\n for (let j = 0; j < 256; j++) {\n const idx = i * 256 + j;\n T01[idx] = T0[i] ^ T1[j];\n T23[idx] = T2[i] ^ T3[j];\n sbox2[idx] = (sbox[i] << 8) | sbox[j];\n }\n }\n return { sbox, sbox2, T0, T1, T2, T3, T01, T23 };\n}\nconst tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2));\nconst tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14));\nconst xPowers = /* @__PURE__ */ (() => {\n const p = new Uint8Array(16);\n for (let i = 0, x = 1; i < 16; i++, x = mul2(x))\n p[i] = x;\n return p;\n})();\nexport function expandKeyLE(key) {\n abytes(key);\n const len = key.length;\n if (![16, 24, 32].includes(len))\n throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);\n const { sbox2 } = tableEncoding;\n const toClean = [];\n if (!isAligned32(key))\n toClean.push((key = copyBytes(key)));\n const k32 = u32(key);\n const Nk = k32.length;\n const subByte = (n) => applySbox(sbox2, n, n, n, n);\n const xk = new Uint32Array(len + 28); // expanded key\n xk.set(k32);\n // 4.3.1 Key expansion\n for (let i = Nk; i < xk.length; i++) {\n let t = xk[i - 1];\n if (i % Nk === 0)\n t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1];\n else if (Nk > 6 && i % Nk === 4)\n t = subByte(t);\n xk[i] = xk[i - Nk] ^ t;\n }\n clean(...toClean);\n return xk;\n}\nexport function expandKeyDecLE(key) {\n const encKey = expandKeyLE(key);\n const xk = encKey.slice();\n const Nk = encKey.length;\n const { sbox2 } = tableEncoding;\n const { T0, T1, T2, T3 } = tableDecoding;\n // Inverse key by chunks of 4 (rounds)\n for (let i = 0; i < Nk; i += 4) {\n for (let j = 0; j < 4; j++)\n xk[i + j] = encKey[Nk - i - 4 + j];\n }\n clean(encKey);\n // apply InvMixColumn except first & last round\n for (let i = 4; i < Nk - 4; i++) {\n const x = xk[i];\n const w = applySbox(sbox2, x, x, x, x);\n xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24];\n }\n return xk;\n}\n// Apply tables\nfunction apply0123(T01, T23, s0, s1, s2, s3) {\n return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^\n T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]);\n}\nfunction applySbox(sbox2, s0, s1, s2, s3) {\n return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] |\n (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16));\n}\nfunction encrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableEncoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // last round (without mixcolumns, so using SBOX2 table)\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\n// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different\nfunction decrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableDecoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // Last round\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\nfunction getDst(len, dst) {\n if (dst === undefined)\n return new Uint8Array(len);\n abytes(dst);\n if (dst.length < len)\n throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);\n if (!isAligned32(dst))\n throw new Error('unaligned dst');\n return dst;\n}\n// TODO: investigate merging with ctr32\nfunction ctrCounter(xk, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const ctr = nonce;\n const c32 = u32(ctr);\n // Fill block (empty, ctr=0)\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n const src32 = u32(src);\n const dst32 = u32(dst);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n // Full 128 bit counter with wrap around\n let carry = 1;\n for (let i = ctr.length - 1; i >= 0; i--) {\n carry = (carry + (ctr[i] & 0xff)) | 0;\n ctr[i] = carry & 0xff;\n carry >>>= 8;\n }\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than block)\n // It's possible to handle > u32 fast, but is it worth it?\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n// AES CTR with overflowing 32 bit counter\n// It's possible to do 32le significantly simpler (and probably faster) by using u32.\n// But, we need both, and perf bottleneck is in ghash anyway.\nfunction ctr32(xk, isLE, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n dst = getDst(src.length, dst);\n const ctr = nonce; // write new value to nonce, so it can be re-used\n const c32 = u32(ctr);\n const view = createView(ctr);\n const src32 = u32(src);\n const dst32 = u32(dst);\n const ctrPos = isLE ? 0 : 12;\n const srcLen = src.length;\n // Fill block (empty, ctr=0)\n let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n ctrNum = (ctrNum + 1) >>> 0; // u32 wrap\n view.setUint32(ctrPos, ctrNum, isLE);\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than a block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n/**\n * CTR: counter mode. Creates stream cipher.\n * Requires good IV. Parallelizable. OK, but no MAC.\n */\nexport const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) {\n abytes(key);\n abytes(nonce, BLOCK_SIZE);\n function processCtr(buf, dst) {\n abytes(buf);\n if (dst !== undefined) {\n abytes(dst);\n if (!isAligned32(dst))\n throw new Error('unaligned destination');\n }\n const xk = expandKeyLE(key);\n const n = copyBytes(nonce); // align + avoid changing\n const toClean = [xk, n];\n if (!isAligned32(buf))\n toClean.push((buf = copyBytes(buf)));\n const out = ctrCounter(xk, n, buf, dst);\n clean(...toClean);\n return out;\n }\n return {\n encrypt: (plaintext, dst) => processCtr(plaintext, dst),\n decrypt: (ciphertext, dst) => processCtr(ciphertext, dst),\n };\n});\nfunction validateBlockDecrypt(data) {\n abytes(data);\n if (data.length % BLOCK_SIZE !== 0) {\n throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`);\n }\n}\nfunction validateBlockEncrypt(plaintext, pcks5, dst) {\n abytes(plaintext);\n let outLen = plaintext.length;\n const remaining = outLen % BLOCK_SIZE;\n if (!pcks5 && remaining !== 0)\n throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding');\n if (!isAligned32(plaintext))\n plaintext = copyBytes(plaintext);\n const b = u32(plaintext);\n if (pcks5) {\n let left = BLOCK_SIZE - remaining;\n if (!left)\n left = BLOCK_SIZE; // if no bytes left, create empty padding block\n outLen = outLen + left;\n }\n const out = getDst(outLen, dst);\n const o = u32(out);\n return { b, o, out };\n}\nfunction validatePCKS(data, pcks5) {\n if (!pcks5)\n return data;\n const len = data.length;\n if (!len)\n throw new Error('aes/pcks5: empty ciphertext not allowed');\n const lastByte = data[len - 1];\n if (lastByte <= 0 || lastByte > 16)\n throw new Error('aes/pcks5: wrong padding');\n const out = data.subarray(0, -lastByte);\n for (let i = 0; i < lastByte; i++)\n if (data[len - i - 1] !== lastByte)\n throw new Error('aes/pcks5: wrong padding');\n return out;\n}\nfunction padPCKS(left) {\n const tmp = new Uint8Array(16);\n const tmp32 = u32(tmp);\n tmp.set(left);\n const paddingByte = BLOCK_SIZE - left.length;\n for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++)\n tmp[i] = paddingByte;\n return tmp32;\n}\n/**\n * ECB: Electronic CodeBook. Simple deterministic replacement.\n * Dangerous: always map x to y. See [AES Penguin](https://words.filippo.io/the-ecb-penguin/).\n */\nexport const ecb = wrapCipher({ blockSize: 16 }, function ecb(key, opts = {}) {\n abytes(key);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n const xk = expandKeyLE(key);\n let i = 0;\n for (; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = encrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(xk);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n const out = getDst(ciphertext.length, dst);\n const toClean = [xk];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n for (let i = 0; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = decrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CBC: Cipher-Block-Chaining. Key is previous round’s block.\n * Fragile: needs proper padding. Unauthenticated: needs MAC.\n */\nexport const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) {\n abytes(key);\n abytes(iv, 16);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const xk = expandKeyLE(key);\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n let i = 0;\n for (; i + 4 <= b.length;) {\n (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n const out = getDst(ciphertext.length, dst);\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= b.length;) {\n // prettier-ignore\n const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;\n (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]);\n const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);\n (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output.\n * Unauthenticated: needs MAC.\n */\nexport const cfb = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) {\n abytes(key);\n abytes(iv, 16);\n function processCfb(src, isEncrypt, dst) {\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const xk = expandKeyLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n if (!isAligned32(src))\n toClean.push((src = copyBytes(src)));\n const src32 = u32(src);\n const dst32 = u32(dst);\n const next32 = isEncrypt ? dst32 : src32;\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= src32.length;) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt(xk, s0, s1, s2, s3);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]);\n }\n // leftovers (less than block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n const buf = u8(new Uint32Array([s0, s1, s2, s3]));\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(buf);\n }\n clean(...toClean);\n return dst;\n }\n return {\n encrypt: (plaintext, dst) => processCfb(plaintext, true, dst),\n decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst),\n };\n});\n// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen\nfunction computeTag(fn, isLE, key, data, AAD) {\n const aadLength = AAD == null ? 0 : AAD.length;\n const h = fn.create(key, data.length + aadLength);\n if (AAD)\n h.update(AAD);\n h.update(data);\n const num = new Uint8Array(16);\n const view = createView(num);\n if (AAD)\n setBigUint64(view, 0, BigInt(aadLength * 8), isLE);\n setBigUint64(view, 8, BigInt(data.length * 8), isLE);\n h.update(num);\n const res = h.digest();\n clean(num);\n return res;\n}\n/**\n * GCM: Galois/Counter Mode.\n * Modern, parallel version of CTR, with MAC.\n * Be careful: MACs can be forged.\n * Unsafe to use random nonces under the same key, due to collision chance.\n * As for nonce size, prefer 12-byte, instead of 8-byte.\n */\nexport const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) {\n abytes(key);\n abytes(nonce);\n if (AAD !== undefined)\n abytes(AAD);\n // NIST 800-38d doesn't enforce minimum nonce length.\n // We enforce 8 bytes for compat with openssl.\n // 12 bytes are recommended. More than 12 bytes would be converted into 12.\n if (nonce.length < 8)\n throw new Error('aes/gcm: invalid nonce length');\n const tagLength = 16;\n function _computeTag(authKey, tagMask, data) {\n const tag = computeTag(ghash, false, authKey, data, AAD);\n for (let i = 0; i < tagMask.length; i++)\n tag[i] ^= tagMask[i];\n return tag;\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const authKey = EMPTY_BLOCK.slice();\n const counter = EMPTY_BLOCK.slice();\n ctr32(xk, false, counter, counter, authKey);\n // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces\n if (nonce.length === 12) {\n counter.set(nonce);\n }\n else {\n const nonceLen = EMPTY_BLOCK.slice();\n const view = createView(nonceLen);\n setBigUint64(view, 8, BigInt(nonce.length * 8), false);\n // ghash(nonce || u64be(0) || u64be(nonceLen*8))\n const g = ghash.create(authKey).update(nonce).update(nonceLen);\n g.digestInto(counter); // digestInto doesn't trigger '.destroy'\n g.destroy();\n }\n const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);\n return { xk, authKey, counter, tagMask };\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const out = new Uint8Array(plaintext.length + tagLength);\n const toClean = [xk, authKey, counter, tagMask];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n ctr32(xk, false, counter, plaintext, out);\n const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));\n toClean.push(tag);\n out.set(tag, plaintext.length);\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n if (ciphertext.length < tagLength)\n throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const toClean = [xk, authKey, tagMask, counter];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = _computeTag(authKey, tagMask, data);\n toClean.push(tag);\n if (!equalBytes(tag, passedTag))\n throw new Error('aes/gcm: invalid ghash tag');\n const out = ctr32(xk, false, counter, data);\n clean(...toClean);\n return out;\n },\n };\n});\nconst limit = (name, min, max) => (value) => {\n if (!Number.isSafeInteger(value) || min > value || value > max)\n throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);\n};\n/**\n * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.\n * Guarantees that, when a nonce is repeated, the only security loss is that identical\n * plaintexts will produce identical ciphertexts.\n * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452\n */\nexport const siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv(key, nonce, AAD) {\n const tagLength = 16;\n // From RFC 8452: Section 6\n const AAD_LIMIT = limit('AAD', 0, 2 ** 36);\n const PLAIN_LIMIT = limit('plaintext', 0, 2 ** 36);\n const NONCE_LIMIT = limit('nonce', 12, 12);\n const CIPHER_LIMIT = limit('ciphertext', 16, 2 ** 36 + 16);\n abytes(key, 16, 24, 32);\n abytes(nonce);\n NONCE_LIMIT(nonce.length);\n if (AAD !== undefined) {\n abytes(AAD);\n AAD_LIMIT(AAD.length);\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const encKey = new Uint8Array(key.length);\n const authKey = new Uint8Array(16);\n const toClean = [xk, encKey];\n let _nonce = nonce;\n if (!isAligned32(_nonce))\n toClean.push((_nonce = copyBytes(_nonce)));\n const n32 = u32(_nonce);\n // prettier-ignore\n let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];\n let counter = 0;\n for (const derivedKey of [authKey, encKey].map(u32)) {\n const d32 = u32(derivedKey);\n for (let i = 0; i < d32.length; i += 2) {\n // aes(u32le(0) || nonce)[:8] || aes(u32le(1) || nonce)[:8] ...\n const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);\n d32[i + 0] = o0;\n d32[i + 1] = o1;\n s0 = ++counter; // increment counter inside state\n }\n }\n const res = { authKey, encKey: expandKeyLE(encKey) };\n // Cleanup\n clean(...toClean);\n return res;\n }\n function _computeTag(encKey, authKey, data) {\n const tag = computeTag(polyval, true, authKey, data, AAD);\n // Compute the expected tag by XORing S_s and the nonce, clearing the\n // most significant bit of the last byte and encrypting with the\n // message-encryption key.\n for (let i = 0; i < 12; i++)\n tag[i] ^= nonce[i];\n tag[15] &= 0x7f; // Clear the highest bit\n // encrypt tag as block\n const t32 = u32(tag);\n // prettier-ignore\n let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];\n ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));\n (t32[0] = s0), (t32[1] = s1), (t32[2] = s2), (t32[3] = s3);\n return tag;\n }\n // actual decrypt/encrypt of message.\n function processSiv(encKey, tag, input) {\n let block = copyBytes(tag);\n block[15] |= 0x80; // Force highest bit\n const res = ctr32(encKey, true, block, input);\n // Cleanup\n clean(block);\n return res;\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n PLAIN_LIMIT(plaintext.length);\n const { encKey, authKey } = deriveKeys();\n const tag = _computeTag(encKey, authKey, plaintext);\n const toClean = [encKey, authKey, tag];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n const out = new Uint8Array(plaintext.length + tagLength);\n out.set(tag, plaintext.length);\n out.set(processSiv(encKey, tag, plaintext));\n // Cleanup\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n CIPHER_LIMIT(ciphertext.length);\n const tag = ciphertext.subarray(-tagLength);\n const { encKey, authKey } = deriveKeys();\n const toClean = [encKey, authKey];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));\n const expectedTag = _computeTag(encKey, authKey, plaintext);\n toClean.push(expectedTag);\n if (!equalBytes(tag, expectedTag)) {\n clean(...toClean);\n throw new Error('invalid polyval tag');\n }\n // Cleanup\n clean(...toClean);\n return plaintext;\n },\n };\n});\nfunction isBytes32(a) {\n return (a != null &&\n typeof a === 'object' &&\n (a instanceof Uint32Array || a.constructor.name === 'Uint32Array'));\n}\nfunction encryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_encryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = encrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\nfunction decryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_decryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = decrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\n/**\n * AES-W (base for AESKW/AESKWP).\n * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf),\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/).\n */\nconst AESW = {\n /*\n High-level pseudocode:\n ```\n A: u64 = IV\n out = []\n for (let i=0, ctr = 0; i<6; i++) {\n for (const chunk of chunks(plaintext, 8)) {\n A ^= swapEndianess(ctr++)\n [A, res] = chunks(encrypt(A || chunk), 8);\n out ||= res\n }\n }\n out = A || out\n ```\n Decrypt is the same, but reversed.\n */\n encrypt(kek, out) {\n // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints.\n // If you need it larger, open an issue.\n if (out.length >= 2 ** 32)\n throw new Error('plaintext should be less than 4gb');\n const xk = expandKeyLE(kek);\n if (out.length === 16)\n encryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = 1; j < 6; j++) {\n for (let pos = 2; pos < o32.length; pos += 2, ctr++) {\n const { s0, s1, s2, s3 } = encrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n // A = MSB(64, B) ^ t where t = (n*j)+i\n (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1); // out = A || out\n }\n xk.fill(0);\n },\n decrypt(kek, out) {\n if (out.length - 8 >= 2 ** 32)\n throw new Error('ciphertext should be less than 4gb');\n const xk = expandKeyDecLE(kek);\n const chunks = out.length / 8 - 1; // first chunk is IV\n if (chunks === 1)\n decryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = chunks * 6; j < 6; j++) {\n for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) {\n a1 ^= byteSwap(ctr);\n const { s0, s1, s2, s3 } = decrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1);\n }\n xk.fill(0);\n },\n};\nconst AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6\n/**\n * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times.\n * Reduces block size from 16 to 8 bytes.\n * For padded version, use aeskwp.\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf).\n */\nexport const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length || plaintext.length % 8 !== 0)\n throw new Error('invalid plaintext length');\n if (plaintext.length === 8)\n throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead');\n const out = concatBytes(AESKW_IV, plaintext);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // ciphertext must be at least 24 bytes and a multiple of 8 bytes\n // 24 because should have at least two block (1 iv + 2).\n // Replace with 16 to enable '8-byte keys'\n if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n AESW.decrypt(kek, out);\n if (!equalBytes(out.subarray(0, 8), AESKW_IV))\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8);\n },\n}));\n/*\nWe don't support 8-byte keys. The rabbit hole:\n\n- Wycheproof says: \"NIST SP 800-38F does not define the wrapping of 8 byte keys.\n RFC 3394 Section 2 on the other hand specifies that 8 byte keys are wrapped\n by directly encrypting one block with AES.\"\n - https://github.com/C2SP/wycheproof/blob/master/doc/key_wrap.md\n - \"RFC 3394 specifies in Section 2, that the input for the key wrap\n algorithm must be at least two blocks and otherwise the constant\n field and key are simply encrypted with ECB as a single block\"\n- What RFC 3394 actually says (in Section 2):\n - \"Before being wrapped, the key data is parsed into n blocks of 64 bits.\n The only restriction the key wrap algorithm places on n is that n be\n at least two\"\n - \"For key data with length less than or equal to 64 bits, the constant\n field used in this specification and the key data form a single\n 128-bit codebook input making this key wrap unnecessary.\"\n- Which means \"assert(n >= 2)\" and \"use something else for 8 byte keys\"\n- NIST SP800-38F actually prohibits 8-byte in \"5.3.1 Mandatory Limits\".\n It states that plaintext for KW should be \"2 to 2^54 -1 semiblocks\".\n- So, where does \"directly encrypt single block with AES\" come from?\n - Not RFC 3394. Pseudocode of key wrap in 2.2 explicitly uses\n loop of 6 for any code path\n - There is a weird W3C spec:\n https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#kw-aes128\n - This spec is outdated, as admitted by Wycheproof authors\n - There is RFC 5649 for padded key wrap, which is padding construction on\n top of AESKW. In '4.1.2' it says: \"If the padded plaintext contains exactly\n eight octets, then prepend the AIV as defined in Section 3 above to P[1] and\n encrypt the resulting 128-bit block using AES in ECB mode [Modes] with key\n K (the KEK). In this case, the output is two 64-bit blocks C[0] and C[1]:\"\n - Browser subtle crypto is actually crashes on wrapping keys less than 16 bytes:\n `Error: error:1C8000E6:Provider routines::invalid input length] { opensslErrorStack: [ 'error:030000BD:digital envelope routines::update error' ]`\n\nIn the end, seems like a bug in Wycheproof.\nThe 8-byte check can be easily disabled inside of AES_W.\n*/\nconst AESKWP_IV = 0xa65959a6; // single u32le value\n/**\n * AES-KW, but with padding and allows random keys.\n * Second u32 of IV is used as counter for length.\n * [RFC 5649](https://www.rfc-editor.org/rfc/rfc5649)\n */\nexport const aeskwp = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length)\n throw new Error('invalid plaintext length');\n const padded = Math.ceil(plaintext.length / 8) * 8;\n const out = new Uint8Array(8 + padded);\n out.set(plaintext, 8);\n const out32 = u32(out);\n out32[0] = AESKWP_IV;\n out32[1] = byteSwap(plaintext.length);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // 16 because should have at least one block\n if (ciphertext.length < 16)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n const o32 = u32(out);\n AESW.decrypt(kek, out);\n const len = byteSwap(o32[1]) >>> 0;\n const padded = Math.ceil(len / 8) * 8;\n if (o32[0] !== AESKWP_IV || out.length - 8 !== padded)\n throw new Error('integrity check failed');\n for (let i = len; i < padded; i++)\n if (out[8 + i] !== 0)\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8, 8 + len);\n },\n}));\n// Private, unsafe low-level methods. Can change at any time.\nexport const unsafe = {\n expandKeyLE,\n expandKeyDecLE,\n encrypt,\n decrypt,\n encryptBlock,\n decryptBlock,\n ctrCounter,\n ctr32,\n};\n//# sourceMappingURL=aes.js.map","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n */\n\nimport { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../../util';\nimport enums from '../../enums';\nimport { getLegacyCipher, getCipherParams } from '../cipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (nodeCrypto && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nclass WebCryptoEncryptor {\n constructor(algo, key, iv) {\n const { blockSize } = getCipherParams(algo);\n this.key = key;\n this.prevBlock = iv;\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n this.zeroBlock = new Uint8Array(this.blockSize);\n }\n\n static async isSupported(algo) {\n const { keySize } = getCipherParams(algo);\n return webCrypto.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt'])\n .then(() => true, () => false);\n }\n\n async _runCBC(plaintext, nonZeroIV) {\n const mode = 'AES-CBC';\n this.keyRef = this.keyRef || await webCrypto.importKey('raw', this.key, mode, false, ['encrypt']);\n const ciphertext = await webCrypto.encrypt(\n { name: mode, iv: nonZeroIV || this.zeroBlock },\n this.keyRef,\n plaintext\n );\n return new Uint8Array(ciphertext).subarray(0, plaintext.length);\n }\n\n async encryptChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const plaintext = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n const toEncrypt = util.concatUint8Array([\n this.prevBlock,\n plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block \"early\", since we only need to xor the plaintext and pass it over as prevBlock\n ]);\n\n const encryptedBlocks = await this._runCBC(toEncrypt);\n xorMut(encryptedBlocks, plaintext);\n this.prevBlock = encryptedBlocks.slice(-this.blockSize);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return encryptedBlocks;\n }\n\n this.i += added.length;\n let encryptedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n const curBlock = this.nextBlock;\n encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n this.prevBlock = encryptedBlock.slice();\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n encryptedBlock = new Uint8Array();\n }\n\n return encryptedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n this.nextBlock = this.nextBlock.subarray(0, this.i);\n const curBlock = this.nextBlock;\n const encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n result = encryptedBlock.subarray(0, curBlock.length);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.keyRef = null;\n this.key = null;\n }\n\n async encrypt(plaintext) {\n // plaintext is internally padded to block length before encryption\n const encryptedWithPadding = await this._runCBC(\n util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]),\n this.iv\n );\n // drop encrypted padding\n const ct = encryptedWithPadding.subarray(0, plaintext.length);\n xorMut(ct, plaintext);\n this.clearSensitiveData();\n return ct;\n }\n}\n\nclass NobleStreamProcessor {\n constructor(forEncryption, algo, key, iv) {\n this.forEncryption = forEncryption;\n const { blockSize } = getCipherParams(algo);\n this.key = nobleAesHelpers.expandKeyLE(key);\n\n if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers\n this.prevBlock = getUint32Array(iv);\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n }\n\n _runCFB(src) {\n const src32 = getUint32Array(src);\n const dst = new Uint8Array(src.length);\n const dst32 = getUint32Array(dst);\n for (let i = 0; i + 4 <= dst32.length; i += 4) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = nobleAesHelpers.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4);\n }\n return dst;\n }\n\n async processChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const toProcess = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n\n const processedBlocks = this._runCFB(toProcess);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return processedBlocks;\n }\n\n this.i += added.length;\n\n let processedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n processedBlock = this._runCFB(this.nextBlock);\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n processedBlock = new Uint8Array();\n }\n\n return processedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n const processedBlock = this._runCFB(this.nextBlock);\n\n result = processedBlock.subarray(0, this.i);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.key.fill(0);\n }\n}\n\n\nasync function aesEncrypt(algo, key, pt, iv) {\n if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys\n const cfb = new WebCryptoEncryptor(algo, key, iv);\n return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);\n } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream\n const cfb = new NobleStreamProcessor(true, algo, key, iv);\n return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).encrypt(pt);\n}\n\nasync function aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new NobleStreamProcessor(false, algo, key, iv);\n return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).decrypt(ct);\n}\n\nfunction xorMut(a, b) {\n const aLength = Math.min(a.length, b.length);\n for (let i = 0; i < aLength; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nconst getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt) {\n return nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(pt);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n */\n\nimport { ctr as nobleAesCtr } from '@noble/ciphers/aes';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const keyRef = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, keyRef, pt);\n return new Uint8Array(ct);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt, iv) {\n return nobleAesCtr(key, iv).encrypt(pt);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport { getCipherParams } from '../cipher';\nimport util from '../../util';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n const { keySize } = getCipherParams(cipher);\n // sanity checks\n if (!util.isAES(cipher) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let maxNtz = 0;\n\n // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,\n // hence its execution cannot be broken up.\n // As a result, WebCrypto cannot currently be used for `encipher`.\n const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });\n const encipher = block => aes.encrypt(block);\n const decipher = block => aes.decrypt(block);\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables() {\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n */\n\nimport { gcm as nobleAesGcm } from '@noble/ciphers/aes';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages\n const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\\/13\\.\\d(\\.\\d)* Safari/) ||\n navigator.userAgent.match(/Version\\/(13|14)\\.\\d(\\.\\d)* Mobile\\/\\S* Safari/);\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && !pt.length) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n try {\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n } catch (e) {\n if (e.name === 'OperationError') {\n throw new Error('Authentication tag mismatch');\n }\n }\n }\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n },\n\n decrypt: async function(ct, iv, adata) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","// Operations are not constant time, but we try and limit timing leakage where we can\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\nexport function uint8ArrayToBigInt(bytes: Uint8Array) {\n const hexAlphabet = '0123456789ABCDEF';\n let s = '';\n bytes.forEach(v => {\n s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];\n });\n return BigInt('0x0' + s);\n}\n\nexport function mod(a: bigint, m: bigint) {\n const reduced = a % m;\n return reduced < _0n ? reduced + m : reduced;\n}\n\n/**\n * Compute modular exponentiation using square and multiply\n * @param {BigInt} a - Base\n * @param {BigInt} e - Exponent\n * @param {BigInt} n - Modulo\n * @returns {BigInt} b ** e mod n.\n */\nexport function modExp(b: bigint, e: bigint, n: bigint) {\n if (n === _0n) throw Error('Modulo cannot be zero');\n if (n === _1n) return BigInt(0);\n if (e < _0n) throw Error('Unsopported negative exponent');\n\n let exp = e;\n let x = b;\n\n x %= n;\n let r = BigInt(1);\n while (exp > _0n) {\n const lsb = exp & _1n;\n exp >>= _1n; // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n; // Square\n }\n return r;\n}\n\n\nfunction abs(x: bigint) {\n return x >= _0n ? x : -x;\n}\n\n/**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a and b, compute (x, y) such that ax + by = gdc(a, b).\n * Negative numbers are also supported.\n * @param {BigInt} a - First operand\n * @param {BigInt} b - Second operand\n * @returns {{ gcd, x, y: bigint }}\n */\nfunction _egcd(aInput: bigint, bInput: bigint) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n // Deal with negative numbers: run algo over absolute values,\n // and \"move\" the sign to the returned x and/or y.\n // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers\n let a = abs(aInput);\n let b = abs(bInput);\n const aNegated = aInput < _0n;\n const bNegated = bInput < _0n;\n\n while (b !== _0n) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: aNegated ? -xPrev : xPrev,\n y: bNegated ? -yPrev : yPrev,\n gcd: a\n };\n}\n\n/**\n * Compute the inverse of `a` modulo `n`\n * Note: `a` and and `n` must be relatively prime\n * @param {BigInt} a\n * @param {BigInt} n - Modulo\n * @returns {BigInt} x such that a*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\nexport function modInv(a: bigint, n: bigint) {\n const { gcd, x } = _egcd(a, n);\n if (gcd !== _1n) {\n throw new Error('Inverse does not exist');\n }\n return mod(x + n, n);\n}\n\n/**\n * Compute greatest common divisor between this and n\n * @param {BigInt} aInput - Operand\n * @param {BigInt} bInput - Operand\n * @returns {BigInt} gcd\n */\nexport function gcd(aInput: bigint, bInput: bigint) {\n let a = aInput;\n let b = bInput;\n while (b !== _0n) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return a;\n}\n\n/**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\nexport function bigIntToNumber(x: bigint) {\n const number = Number(x);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n}\n\n/**\n * Get value of i-th bit\n * @param {BigInt} x\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\nexport function getBit(x:bigint, i: number) {\n const bit = (x >> BigInt(i)) & _1n;\n return bit === _0n ? 0 : 1;\n}\n\n/**\n * Compute bit length\n */\nexport function bitLength(x: bigint) {\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = x < _0n ? BigInt(-1) : _0n;\n let bitlen = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _1n) !== target) {\n bitlen++;\n }\n return bitlen;\n}\n\n/**\n * Compute byte length\n */\nexport function byteLength(x: bigint) {\n const target = x < _0n ? BigInt(-1) : _0n;\n const _8n = BigInt(8);\n let len = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _8n) !== target) {\n len++;\n }\n return len;\n}\n\n/**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\nexport function bigIntToUint8Array(x: bigint, endian = 'be', length: number) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = x.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? length - rawLength : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n */\nimport { byteLength, mod, uint8ArrayToBigInt } from './biginteger';\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto?.webcrypto;\n if (webcrypto?.getRandomValues) {\n const buf = new Uint8Array(length);\n return webcrypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n}\n\n/**\n * Create a secure random BigInt that is greater than or equal to min and less than max.\n * @param {bigint} min - Lower bound, included\n * @param {bigint} max - Upper bound, excluded\n * @returns {bigint} Random BigInt.\n * @async\n */\nexport function getRandomBigInteger(min, max) {\n if (max < min) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max - min;\n const bytes = byteLength(modulus);\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));\n return mod(r, modulus) + min;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n */\nimport { bigIntToNumber, bitLength, gcd, getBit, mod, modExp } from '../biginteger';\nimport { getRandomBigInteger } from '../random';\n\nconst _1n = BigInt(1);\n\n/**\n * Generate a probably prime random number\n * @param bits - Bit length of the prime\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function randomProbablePrime(bits: number, e: bigint, k: number) {\n const _30n = BigInt(30);\n const min = _1n << BigInt(bits - 1);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n let n = getRandomBigInteger(min, min << _1n);\n let i = bigIntToNumber(mod(n, _30n));\n\n do {\n n += BigInt(adds[i]);\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (bitLength(n) > bits) {\n n = mod(n, min << _1n); n += min;\n i = bigIntToNumber(mod(n, _30n));\n }\n } while (!isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param n - Number to test\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function isProbablePrime(n: bigint, e: bigint, k: number) {\n if (e && gcd(n - _1n, e) !== _1n) {\n return false;\n }\n if (!divisionTest(n)) {\n return false;\n }\n if (!fermat(n)) {\n return false;\n }\n if (!millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param n - Number to test\n * @param b - Optional Fermat test base\n */\nexport function fermat(n: bigint, b = BigInt(2)) {\n return modExp(b, n - _1n, n) === _1n;\n}\n\nexport function divisionTest(n: bigint) {\n const _0n = BigInt(0);\n return smallPrimes.every(m => mod(n, m) !== _0n);\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n].map(n => BigInt(n));\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param n - Number to test\n * @param k - Optional number of iterations of Miller-Rabin test\n * @param rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport function millerRabin(n: bigint, k: number, rand?: () => bigint) {\n const len = bitLength(n);\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n - _1n; // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!getBit(n1, s)) { s++; }\n const d = n >> BigInt(s);\n\n for (; k > 0; k--) {\n const a = rand ? rand() : getRandomBigInteger(BigInt(2), n1);\n\n let x = modExp(a, d, n);\n if (x === _1n || x === n1) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = mod(x * x, n);\n\n if (x === _1n) {\n return false;\n }\n if (x === n1) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n */\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\nimport { bigIntToNumber, bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\nimport hash from '../hash';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst _1n = BigInt(1);\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (hash.getHashByteLength(hashAlgo) >= n.length) {\n // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error\n // e.g. if a 512-bit RSA key is used with a SHA-512 digest.\n // The size limit is actually slightly different but here we only care about throwing\n // on common key sizes.\n throw new Error('Digest size cannot exceed key modulus size');\n }\n\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n e = BigInt(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return jwkToPrivate(jwk, e);\n } else if (util.getNodeCrypto()) {\n const opts = {\n modulusLength: bits,\n publicExponent: bigIntToNumber(e),\n publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },\n privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }\n };\n const jwk = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => {\n if (err) {\n reject(err);\n } else {\n resolve(jwkPrivateKey);\n }\n });\n });\n return jwkToPrivate(jwk, e);\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = randomProbablePrime(bits - (bits >> 1), e, 40);\n p = randomProbablePrime(bits >> 1, e, 40);\n n = p * q;\n } while (bitLength(n) !== bits);\n\n const phi = (p - _1n) * (q - _1n);\n\n if (q < p) {\n [p, q] = [q, p];\n }\n\n return {\n n: bigIntToUint8Array(n),\n e: bigIntToUint8Array(e),\n d: bigIntToUint8Array(modInv(e, phi)),\n p: bigIntToUint8Array(p),\n q: bigIntToUint8Array(q),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: bigIntToUint8Array(modInv(p, q))\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n n = uint8ArrayToBigInt(n);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n\n // expect pq = n\n if ((p * q) !== n) {\n return false;\n }\n\n const _2n = BigInt(2);\n // expect p*u = 1 mod q\n u = uint8ArrayToBigInt(u);\n if (mod(p * u, q) !== BigInt(1)) {\n return false;\n }\n\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));\n const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r * d * e;\n\n const areInverses = mod(rde, p - _1n) === r && mod(rde, q - _1n) === r;\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n n = uint8ArrayToBigInt(n);\n const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));\n d = uint8ArrayToBigInt(d);\n return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n\n const jwk = await privateToJWK(n, e, d, p, q, u);\n return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' }));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n n = uint8ArrayToBigInt(n);\n s = uint8ArrayToBigInt(s);\n e = uint8ArrayToBigInt(e);\n if (s >= n) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));\n const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1' };\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n\n try {\n return verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n n = uint8ArrayToBigInt(n);\n data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));\n e = uint8ArrayToBigInt(e);\n if (data >= n) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n data = uint8ArrayToBigInt(data);\n n = uint8ArrayToBigInt(n);\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n u = uint8ArrayToBigInt(u);\n if (data >= n) {\n throw new Error('Data too large.');\n }\n const dq = mod(d, q - _1n); // d mod (q-1)\n const dp = mod(d, p - _1n); // d mod (p-1)\n\n const unblinder = getRandomBigInteger(BigInt(2), n);\n const blinder = modExp(modInv(unblinder, n), e, n);\n data = mod(data * blinder, n);\n\n const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p\n const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q\n const h = mod(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h * p + mp; // result < n due to relations above\n\n result = mod(result * unblinder, n);\n\n return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const pNum = uint8ArrayToBigInt(p);\n const qNum = uint8ArrayToBigInt(q);\n const dNum = uint8ArrayToBigInt(d);\n\n let dq = mod(dNum, qNum - _1n); // d mod (q-1)\n let dp = mod(dNum, pNum - _1n); // d mod (p-1)\n dp = bigIntToUint8Array(dp);\n dq = bigIntToUint8Array(dq);\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n\n/** Convert JWK private key to OpenPGP private key params */\nfunction jwkToPrivate(jwk, e) {\n return {\n n: b64ToUint8Array(jwk.n),\n e: bigIntToUint8Array(e),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n */\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\nconst _1n = BigInt(1);\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n const padded = emeEncode(data, byteLength(p));\n const m = uint8ArrayToBigInt(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = getRandomBigInteger(_1n, p - _1n);\n return {\n c1: bigIntToUint8Array(modExp(g, k, p)),\n c2: bigIntToUint8Array(mod(modExp(y, k, p) * m, p))\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n c1 = uint8ArrayToBigInt(c1);\n c2 = uint8ArrayToBigInt(c2);\n p = uint8ArrayToBigInt(p);\n x = uint8ArrayToBigInt(x);\n\n const padded = mod(modInv(modExp(c1, x, p), p) * c2, p);\n return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = BigInt(bitLength(p));\n const _1023n = BigInt(1023);\n if (pSize < _1023n) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (modExp(g, p - _1n, p) !== _1n) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n let i = BigInt(1);\n const _2n = BigInt(2);\n const threshold = _2n << BigInt(17); // we want order > threshold\n while (i < threshold) {\n res = mod(res * g, p);\n if (res === _1n) {\n return false;\n }\n i++;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const r = getRandomBigInteger(_2n << (pSize - _1n), _2n << pSize); // draw r of same size as p-1\n const rqx = (p - _1n) * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","// declare const globalThis: Record | undefined;\nexport const crypto =\n typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n","import { crypto } from './crypto.js';\n\n'use strict';\nconst nacl = {};\nexport default nacl;\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction ts64(x, i, h, l) {\n x[i] = (h >> 24) & 0xff;\n x[i+1] = (h >> 16) & 0xff;\n x[i+2] = (h >> 8) & 0xff;\n x[i+3] = h & 0xff;\n x[i+4] = (l >> 24) & 0xff;\n x[i+5] = (l >> 16) & 0xff;\n x[i+6] = (l >> 8) & 0xff;\n x[i+7] = l & 0xff;\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nvar K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction crypto_hashblocks_hl(hh, hl, m, n) {\n var wh = new Int32Array(16), wl = new Int32Array(16),\n bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\n bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\n th, tl, i, j, h, l, a, b, c, d;\n\n var ah0 = hh[0],\n ah1 = hh[1],\n ah2 = hh[2],\n ah3 = hh[3],\n ah4 = hh[4],\n ah5 = hh[5],\n ah6 = hh[6],\n ah7 = hh[7],\n\n al0 = hl[0],\n al1 = hl[1],\n al2 = hl[2],\n al3 = hl[3],\n al4 = hl[4],\n al5 = hl[5],\n al6 = hl[6],\n al7 = hl[7];\n\n var pos = 0;\n while (n >= 128) {\n for (i = 0; i < 16; i++) {\n j = 8 * i + pos;\n wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];\n wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];\n }\n for (i = 0; i < 80; i++) {\n bh0 = ah0;\n bh1 = ah1;\n bh2 = ah2;\n bh3 = ah3;\n bh4 = ah4;\n bh5 = ah5;\n bh6 = ah6;\n bh7 = ah7;\n\n bl0 = al0;\n bl1 = al1;\n bl2 = al2;\n bl3 = al3;\n bl4 = al4;\n bl5 = al5;\n bl6 = al6;\n bl7 = al7;\n\n // add\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma1\n h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\n l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Ch\n h = (ah4 & ah5) ^ (~ah4 & ah6);\n l = (al4 & al5) ^ (~al4 & al6);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // K\n h = K[i*2];\n l = K[i*2+1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // w\n h = wh[i%16];\n l = wl[i%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n th = c & 0xffff | d << 16;\n tl = a & 0xffff | b << 16;\n\n // add\n h = th;\n l = tl;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma0\n h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\n l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Maj\n h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\n l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh7 = (c & 0xffff) | (d << 16);\n bl7 = (a & 0xffff) | (b << 16);\n\n // add\n h = bh3;\n l = bl3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = th;\n l = tl;\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh3 = (c & 0xffff) | (d << 16);\n bl3 = (a & 0xffff) | (b << 16);\n\n ah1 = bh0;\n ah2 = bh1;\n ah3 = bh2;\n ah4 = bh3;\n ah5 = bh4;\n ah6 = bh5;\n ah7 = bh6;\n ah0 = bh7;\n\n al1 = bl0;\n al2 = bl1;\n al3 = bl2;\n al4 = bl3;\n al5 = bl4;\n al6 = bl5;\n al7 = bl6;\n al0 = bl7;\n\n if (i%16 === 15) {\n for (j = 0; j < 16; j++) {\n // add\n h = wh[j];\n l = wl[j];\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = wh[(j+9)%16];\n l = wl[(j+9)%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma0\n th = wh[(j+1)%16];\n tl = wl[(j+1)%16];\n h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\n l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma1\n th = wh[(j+14)%16];\n tl = wl[(j+14)%16];\n h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\n l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n wh[j] = (c & 0xffff) | (d << 16);\n wl[j] = (a & 0xffff) | (b << 16);\n }\n }\n }\n\n // add\n h = ah0;\n l = al0;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[0];\n l = hl[0];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[0] = ah0 = (c & 0xffff) | (d << 16);\n hl[0] = al0 = (a & 0xffff) | (b << 16);\n\n h = ah1;\n l = al1;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[1];\n l = hl[1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[1] = ah1 = (c & 0xffff) | (d << 16);\n hl[1] = al1 = (a & 0xffff) | (b << 16);\n\n h = ah2;\n l = al2;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[2];\n l = hl[2];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[2] = ah2 = (c & 0xffff) | (d << 16);\n hl[2] = al2 = (a & 0xffff) | (b << 16);\n\n h = ah3;\n l = al3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[3];\n l = hl[3];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[3] = ah3 = (c & 0xffff) | (d << 16);\n hl[3] = al3 = (a & 0xffff) | (b << 16);\n\n h = ah4;\n l = al4;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[4];\n l = hl[4];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[4] = ah4 = (c & 0xffff) | (d << 16);\n hl[4] = al4 = (a & 0xffff) | (b << 16);\n\n h = ah5;\n l = al5;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[5];\n l = hl[5];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[5] = ah5 = (c & 0xffff) | (d << 16);\n hl[5] = al5 = (a & 0xffff) | (b << 16);\n\n h = ah6;\n l = al6;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[6];\n l = hl[6];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[6] = ah6 = (c & 0xffff) | (d << 16);\n hl[6] = al6 = (a & 0xffff) | (b << 16);\n\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[7];\n l = hl[7];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[7] = ah7 = (c & 0xffff) | (d << 16);\n hl[7] = al7 = (a & 0xffff) | (b << 16);\n\n pos += 128;\n n -= 128;\n }\n\n return n;\n}\n\nfunction crypto_hash(out, m, n) {\n var hh = new Int32Array(8),\n hl = new Int32Array(8),\n x = new Uint8Array(256),\n i, b = n;\n\n hh[0] = 0x6a09e667;\n hh[1] = 0xbb67ae85;\n hh[2] = 0x3c6ef372;\n hh[3] = 0xa54ff53a;\n hh[4] = 0x510e527f;\n hh[5] = 0x9b05688c;\n hh[6] = 0x1f83d9ab;\n hh[7] = 0x5be0cd19;\n\n hl[0] = 0xf3bcc908;\n hl[1] = 0x84caa73b;\n hl[2] = 0xfe94f82b;\n hl[3] = 0x5f1d36f1;\n hl[4] = 0xade682d1;\n hl[5] = 0x2b3e6c1f;\n hl[6] = 0xfb41bd6b;\n hl[7] = 0x137e2179;\n\n crypto_hashblocks_hl(hh, hl, m, n);\n n %= 128;\n\n for (i = 0; i < n; i++) x[i] = m[b-n+i];\n x[n] = 128;\n\n n = 256-128*(n<112?1:0);\n x[n-9] = 0;\n ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\n crypto_hashblocks_hl(hh, hl, x, n);\n\n for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\n\n return 0;\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n crypto_hash(r, sm.subarray(32), n+32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n crypto_hash(h, sm, n + 64);\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n crypto_hash(h, m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n if (crypto && crypto.getRandomValues) {\n // Browsers and Node v16+\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n})();\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nconst knownOIDs = {\n '2a8648ce3d030107': enums.curve.nistP256,\n '2b81040022': enums.curve.nistP384,\n '2b81040023': enums.curve.nistP521,\n '2b8104000a': enums.curve.secp256k1,\n '2b06010401da470f01': enums.curve.ed25519Legacy,\n '2b060104019755010501': enums.curve.curve25519Legacy,\n '2b2403030208010107': enums.curve.brainpoolP256r1,\n '2b240303020801010b': enums.curve.brainpoolP384r1,\n '2b240303020801010d': enums.curve.brainpoolP512r1\n};\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {enums.curve} String with the canonical name of the curve\n * @throws if unknown\n */\n getName() {\n const name = knownOIDs[this.toHex()];\n if (!name) {\n throw new Error('Unknown curve object identifier.');\n }\n\n return name;\n }\n}\n\nexport default OID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\n// unknown packet types are handled differently depending on the packet criticality\nexport class UnknownPacketError extends UnsupportedError {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnknownPacketError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n */\n\nimport ed25519 from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\nimport { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';\n\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n A: new Uint8Array(b64ToUint8Array(publicKey.x)),\n seed: b64ToUint8Array(privateKey.d, true)\n };\n } catch (err) {\n if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux\n throw err;\n }\n const seed = getRandomBytes(getPayloadSize(algo));\n const { publicKey: A } = ed25519.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const seed = ed448.utils.randomPrivateKey();\n const A = ed448.getPublicKey(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = privateKeyToJWK(algo, publicKey, privateKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']);\n\n const signature = new Uint8Array(\n await webCrypto.sign('Ed25519', key, hashed)\n );\n\n return { RS: signature };\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = ed25519.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const signature = ed448.sign(hashed, privateKey);\n return { RS: signature };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = publicKeyToJWK(algo, publicKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']);\n const verified = await webCrypto.verify('Ed25519', key, RS, hashed);\n return verified;\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n return ed25519.sign.detached.verify(hashed, RS, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n return ed448.verify(RS, hashed, publicKey);\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented\n */\n const { publicKey } = ed25519.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n\n const publicKey = ed448.getPublicKey(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n default:\n return false;\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return 32;\n\n case enums.publicKey.ed448:\n return 57;\n\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n case enums.publicKey.ed448:\n return enums.hash.sha512;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n\nconst publicKeyToJWK = (algo, publicKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = {\n kty: 'OKP',\n crv: 'Ed25519',\n x: uint8ArrayToB64(publicKey, true),\n ext: true\n };\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n\nconst privateKeyToJWK = (algo, publicKey, privateKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = publicKeyToJWK(algo, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n */\n\nimport { aeskw as nobleAesKW } from '@noble/ciphers/aes';\nimport { getCipherParams } from './cipher';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n/**\n * AES key wrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} dataToWrap\n * @returns {Uint8Array} wrapped key\n */\nexport async function wrap(algo, key, dataToWrap) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n try {\n const wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']);\n // Import data as HMAC key, as it has no key length requirements\n const keyToWrap = await webCrypto.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n const wrapped = await webCrypto.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' });\n return new Uint8Array(wrapped);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n\n return nobleAesKW(key).encrypt(dataToWrap);\n}\n\n/**\n * AES key unwrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} wrappedData\n * @returns {Uint8Array} unwrapped data\n */\nexport async function unwrap(algo, key, wrappedData) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let wrappingKey;\n try {\n wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n return nobleAesKW(key).decrypt(wrappedData);\n }\n\n try {\n const unwrapped = await webCrypto.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n return new Uint8Array(await webCrypto.exportKey('raw', unwrapped));\n } catch (err) {\n if (err.name === 'OperationError') {\n throw new Error('Key Data Integrity failed');\n }\n throw err;\n }\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n\nexport default async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n const importedKey = await webCrypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await webCrypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport x25519 from '@openpgp/tweetnacl';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport computeHKDF from '../../hkdf';\nimport { getCipherParams } from '../../cipher';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519'),\n x448: util.encodeUTF8('OpenPGP X448')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const k = x448.utils.randomPrivateKey();\n const A = x448.getPublicKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = x25519.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const publicKey = x448.getPublicKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.x25519:\n return 32;\n\n case enums.publicKey.x448:\n return 56;\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Generate shared secret and ephemeral public key for encryption\n * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret\n * @async\n */\nexport async function generateEphemeralEncryptionMaterial(algo, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));\n const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const ephemeralSecretKey = x448.utils.randomPrivateKey();\n const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * x25519 and x448 produce an all-zero value when given as input a point with small order.\n * This does not lead to a security issue in the context of ECDH, but it is still unexpected,\n * hence we throw.\n * @param {Uint8Array} sharedSecret\n */\nfunction assertNonZeroArray(sharedSecret) {\n let acc = 0;\n for (let i = 0; i < sharedSecret.length; i++) {\n acc |= sharedSecret[i];\n }\n if (acc === 0) {\n throw new Error('Unexpected low order point');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n */\nimport nacl from '@openpgp/tweetnacl';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { UnsupportedError } from '../../../packet/packet';\nimport { generate as eddsaGenerate } from './eddsa';\nimport { generate as ecdhXGenerate } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n [enums.curve.nistP256]: 'P-256',\n [enums.curve.nistP384]: 'P-384',\n [enums.curve.nistP521]: 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,\n [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n [enums.curve.nistP256]: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.nistP256],\n web: webCurves[enums.curve.nistP256],\n payloadSize: 32,\n sharedSize: 256,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP384]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.nistP384],\n web: webCurves[enums.curve.nistP384],\n payloadSize: 48,\n sharedSize: 384,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP521]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.nistP521],\n web: webCurves[enums.curve.nistP521],\n payloadSize: 66,\n sharedSize: 528,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.secp256k1]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.secp256k1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.ed25519Legacy]: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.curve25519Legacy]: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.brainpoolP256r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.brainpoolP256r1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP384r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.brainpoolP384r1],\n payloadSize: 48,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP512r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.brainpoolP512r1],\n payloadSize: 64,\n wireFormatLeadingByte: 0x04\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName) {\n try {\n this.name = oidOrName instanceof OID ?\n oidOrName.getName() :\n enums.write(enums.curve,oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n const params = curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node;\n this.web = params.web;\n this.payloadSize = params.payloadSize;\n this.sharedSize = params.sharedSize;\n this.wireFormatLeadingByte = params.wireFormatLeadingByte;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === enums.curve.curve25519Legacy) {\n this.type = 'curve25519Legacy';\n } else if (this.name === enums.curve.ed25519Legacy) {\n this.type = 'ed25519Legacy';\n }\n }\n\n async genKeyPair() {\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name, this.wireFormatLeadingByte);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n return jsGenKeyPair(this.name);\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519Legacy': {\n // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3\n const { k, A } = await ecdhXGenerate(enums.publicKey.x25519);\n const privateKey = k.slice().reverse();\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n case 'ed25519Legacy': {\n const { seed: privateKey, A } = await eddsaGenerate(enums.publicKey.ed25519);\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n default:\n return jsGenKeyPair(this.name);\n }\n }\n}\n\nasync function generate(curveName) {\n const curve = new CurveWithOID(curveName);\n const { oid, hash, cipher } = curve;\n const keyPair = await curve.genKeyPair();\n return {\n oid,\n Q: keyPair.publicKey,\n secret: util.leftPad(keyPair.privateKey, curve.payloadSize),\n hash,\n cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[oid.getName()].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n [enums.curve.nistP256]: true,\n [enums.curve.nistP384]: true,\n [enums.curve.nistP521]: true,\n [enums.curve.secp256k1]: true,\n [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh,\n [enums.curve.brainpoolP256r1]: true,\n [enums.curve.brainpoolP384r1]: true,\n [enums.curve.brainpoolP512r1]: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === enums.curve.curve25519Legacy) {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n /*\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = nobleCurve.getPublicKey(d, false);\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n}\n\n/**\n * Check whether the public point has a valid encoding.\n * NB: this function does not check e.g. whether the point belongs to the curve.\n */\nfunction checkPublicPointEnconding(curve, V) {\n const { payloadSize, wireFormatLeadingByte, name: curveName } = curve;\n\n const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2;\n\n if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) {\n throw new Error('Invalid point encoding');\n }\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\nasync function jsGenKeyPair(name) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n const privateKey = nobleCurve.utils.randomPrivateKey();\n const publicKey = nobleCurve.getPublicKey(privateKey, false);\n return { publicKey, privateKey };\n}\n\nasync function webGenKeyPair(name, wireFormatLeadingByte) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk, wireFormatLeadingByte) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = wireFormatLeadingByte;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';\nimport { bigIntToUint8Array } from '../../biginteger';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web':\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n case 'node':\n return nodeSign(curve, hashAlgo, message, privateKey);\n }\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });\n return {\n r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),\n s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)\n };\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n // See https://github.com/openpgpjs/openpgpjs/pull/948.\n // NB: the impact was more likely limited to Brainpool curves, since thanks\n // to WebCrypto availability, NIST curve should not have been affected.\n // Similarly, secp256k1 should have been used rarely enough.\n // However, we implement the fix for all curves, since it's only needed in case of\n // verification failure, which is unexpected, hence a minor slowdown is acceptable.\n const tryFallbackVerificationForOldBug = async () => (\n hashed[0] === 0 ?\n jsVerify(curve, signature, hashed.subarray(1), publicKey) :\n false\n );\n\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n const verified = await webVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node': {\n const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n }\n }\n }\n\n const verified = await jsVerify(curve, signature, hashed, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n // eslint-disable-next-line @typescript-eslint/return-await\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Fallback javascript implementation of ECDSA verification.\n * To be used if no native implementation is available for the given curve/operation.\n */\nasync function jsVerify(curve, signature, hashed, publicKey) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false });\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, privateKey) {\n // JWT encoding cannot be used for now, as Brainpool curves are not supported\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n privateKey: nodeBuffer.from(privateKey)\n });\n\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n\n const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' }));\n const len = curve.payloadSize;\n\n return {\n r: signature.subarray(0, len),\n s: signature.subarray(len, len << 1)\n };\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { publicKey: derPublicKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n publicKey: nodeBuffer.from(publicKey)\n });\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n\n const signature = util.concatUint8Array([r, s]);\n\n try {\n return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature);\n } catch (err) {\n return false;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n */\n\nimport nacl from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { CurveWithOID, checkPublicPointEnconding } from './oid_curves';\nimport { sign as eddsaSign, verify as eddsaVerify } from './eddsa';\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const { RS: signature } = await eddsaSign(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const RS = util.concatUint8Array([r, s]);\n return eddsaVerify(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed);\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { getCipherParams } from '../../cipher';\nimport { generateEphemeralEncryptionMaterial as ecdhXGenerateEphemeralEncryptionMaterial, recomputeSharedSecret as ecdhXRecomputeSharedSecret } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519Legacy': {\n const { sharedSecret: sharedKey, ephemeralPublicKey } = await ecdhXGenerateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1));\n const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n return jsPublicEphemeralKey(curve, Q);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n default:\n return jsPublicEphemeralKey(curve, Q);\n\n }\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = await aesKW.wrap(kdfParams.cipher, Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519Legacy': {\n const secretKey = d.slice().reverse();\n const sharedKey = await ecdhXRecomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey);\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n return jsPrivateEphemeralKey(curve, V, d);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n default:\n return jsPrivateEphemeralKey(curve, V, d);\n }\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n checkPublicPointEnconding(curve, V);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(await aesKW.unwrap(kdfParams.cipher, Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\nasync function jsPrivateEphemeralKey(curve, V, d) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { secretKey: d, sharedKey };\n}\n\nasync function jsPublicEphemeralKey(curve, Q) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n const { publicKey: V, privateKey: v } = await curve.genKeyPair();\n\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { publicKey: V, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: sender\n },\n privateKey,\n curve.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const _0n = BigInt(0);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n x = uint8ArrayToBigInt(x);\n\n let k;\n let r;\n let s;\n let t;\n g = mod(g, p);\n x = mod(x, q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = getRandomBigInteger(_1n, q); // returns in [1, q-1]\n r = mod(modExp(g, k, p), q); // (g**k mod p) mod q\n if (r === _0n) {\n continue;\n }\n const xr = mod(x * r, q);\n t = mod(h + xr, q); // H(m) + x*r mod q\n s = mod(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q\n if (s === _0n) {\n continue;\n }\n break;\n }\n return {\n r: bigIntToUint8Array(r, 'be', byteLength(p)),\n s: bigIntToUint8Array(s, 'be', byteLength(p))\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n r = uint8ArrayToBigInt(r);\n s = uint8ArrayToBigInt(s);\n\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n if (r <= _0n || r >= q ||\n s <= _0n || s >= q) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n const w = modInv(s, q); // s**-1 mod q\n if (w === _0n) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = mod(g, p);\n y = mod(y, p);\n const u1 = mod(h * w, q); // H(m) * w mod q\n const u2 = mod(r * w, q); // r * w mod q\n const t1 = modExp(g, u1, p); // g**u1 mod p\n const t2 = modExp(y, u2, p); // y**u2 mod p\n const v = mod(mod(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q\n return v === r;\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (mod(p - _1n, q) !== _0n) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (modExp(g, q, p) !== _1n) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = BigInt(bitLength(q));\n const _150n = BigInt(150);\n if (qSize < _150n || !isProbablePrime(q, null, 32)) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const _2n = BigInt(2);\n const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q\n const rqx = q * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n */\n\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { read, signatureParams: { s } };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n // If the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature\n // verification: if the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n // Algorithm-Specific Fields for Ed448 signatures:\n // - 114 octets of the native signature\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo);\n const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length;\n return { read, signatureParams: { RS } };\n }\n\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal:\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport { getCipherParams } from './cipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only)\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n if (symmetricAlgo && !util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 and X448 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (C.algorithm !== null && !util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const payloadSize = getCurvePayloadSize(algo);\n const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const payloadSize = getCurvePayloadSize(algo);\n const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 or X448 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448).\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const pointSize = getCurvePayloadSize(algo);\n const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([\n enums.publicKey.ed25519,\n enums.publicKey.x25519,\n enums.publicKey.ed448,\n enums.publicKey.x448\n ]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipherParams(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipherParams(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get encoded secret size for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getCurvePayloadSize(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh:\n case enums.publicKey.eddsaLegacy:\n return new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPayloadSize(algo);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.getPayloadSize(algo);\n default:\n throw new Error('Unknown elliptic algo');\n }\n}\n\n/**\n * Get preferred signing hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n\n\nexport { getCipherParams };\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","import defaultConfig from '../../config';\nimport enums from '../../enums';\nimport util from '../../util';\nimport crypto from '../../crypto';\n\nconst ARGON2_TYPE = 0x02; // id\nconst ARGON2_VERSION = 0x13;\nconst ARGON2_SALT_SIZE = 16;\n\nexport class Argon2OutOfMemoryError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Argon2OutOfMemoryError);\n }\n\n this.name = 'Argon2OutOfMemoryError';\n }\n}\n\n// cache argon wasm module\nlet loadArgonWasmModule;\nlet argon2Promise;\n// reload wasm module above this treshold, to deallocated used memory\nconst ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;\n\nclass Argon2S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n const { passes, parallelism, memoryExponent } = config.s2kArgon2Params;\n\n this.type = 'argon2';\n /**\n * 16 bytes of salt\n * @type {Uint8Array}\n */\n this.salt = null;\n /**\n * number of passes\n * @type {Integer}\n */\n this.t = passes;\n /**\n * degree of parallelism (lanes)\n * @type {Integer}\n */\n this.p = parallelism;\n /**\n * exponent indicating memory size\n * @type {Integer}\n */\n this.encodedM = memoryExponent;\n }\n\n generateSalt() {\n this.salt = crypto.random.getRandomBytes(ARGON2_SALT_SIZE);\n }\n\n /**\n * Parsing function for argon2 string-to-key specifier.\n * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n\n this.salt = bytes.subarray(i, i + 16);\n i += 16;\n\n this.t = bytes[i++];\n this.p = bytes[i++];\n this.encodedM = bytes[i++]; // memory size exponent, one-octect\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n const arr = [\n new Uint8Array([enums.write(enums.s2k, this.type)]),\n this.salt,\n new Uint8Array([this.t, this.p, this.encodedM])\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to `keySize`\n * @throws {Argon2OutOfMemoryError|Errors}\n * @async\n */\n async produceKey(passphrase, keySize) {\n const decodedM = 2 << (this.encodedM - 1);\n\n try {\n // on first load, the argon2 lib is imported and the WASM module is initialized.\n // the two steps need to be atomic to avoid race conditions causing multiple wasm modules\n // being loaded when `argon2Promise` is not initialized.\n loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;\n argon2Promise = argon2Promise || loadArgonWasmModule();\n\n // important to keep local ref to argon2 in case the module is reloaded by another instance\n const argon2 = await argon2Promise;\n\n const passwordBytes = util.encodeUTF8(passphrase);\n const hash = argon2({\n version: ARGON2_VERSION,\n type: ARGON2_TYPE,\n password: passwordBytes,\n salt: this.salt,\n tagLength: keySize,\n memorySize: decodedM,\n parallelism: this.p,\n passes: this.t\n });\n\n // a lot of memory was used, reload to deallocate\n if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {\n // it will be awaited if needed at the next `produceKey` invocation\n argon2Promise = loadArgonWasmModule();\n argon2Promise.catch(() => {});\n }\n return hash;\n } catch (e) {\n if (e.message && (\n e.message.includes('Unable to grow instance memory') || // Chrome\n e.message.includes('failed to grow memory') || // Firefox\n e.message.includes('WebAssembly.Memory.grow') || // Safari\n e.message.includes('Out of memory') // Safari iOS\n )) {\n throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');\n } else {\n throw e;\n }\n }\n }\n}\n\nexport default Argon2S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n */\n\nimport defaultConfig from '../../config';\nimport crypto from '../../crypto';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\nimport util from '../../util';\n\nclass GenericS2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(s2kType, config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = enums.read(enums.s2k, s2kType);\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n generateSalt() {\n switch (this.type) {\n case 'salted':\n case 'iterated':\n this.salt = crypto.random.getRandomBytes(8);\n }\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default GenericS2K;\n","import defaultConfig from '../../config';\nimport Argon2S2K, { Argon2OutOfMemoryError } from './argon2';\nimport GenericS2K from './generic';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\n\nconst allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);\n\n/**\n * Instantiate a new S2K instance of the given type\n * @param {module:enums.s2k} type\n * @oaram {Object} [config]\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromType(type, config = defaultConfig) {\n switch (type) {\n case enums.s2k.argon2:\n return new Argon2S2K(config);\n case enums.s2k.iterated:\n case enums.s2k.gnu:\n case enums.s2k.salted:\n case enums.s2k.simple:\n return new GenericS2K(type, config);\n default:\n throw new UnsupportedError('Unsupported S2K type');\n }\n}\n\n/**\n * Instantiate a new S2K instance based on the config settings\n * @oaram {Object} config\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromConfig(config) {\n const { s2kType } = config;\n\n if (!allowedS2KTypesForEncryption.has(s2kType)) {\n throw new Error('The provided `config.s2kType` value is not allowed');\n }\n\n return newS2KFromType(s2kType, config);\n}\n\nexport { Argon2OutOfMemoryError };\n","// DEFLATE is a complex format; to read this code, you should probably check the RFC first:\n// https://tools.ietf.org/html/rfc1951\n// You may also wish to take a look at the guide I made about this program:\n// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad\n// Some of the following code is similar to that of UZIP.js:\n// https://github.com/photopea/UZIP.js\n// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size.\n// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint\n// is better for memory in most engines (I *think*).\nvar ch2 = {};\nvar wk = (function (c, id, msg, transfer, cb) {\n var w = new Worker(ch2[id] || (ch2[id] = URL.createObjectURL(new Blob([\n c + ';addEventListener(\"error\",function(e){e=e.error;postMessage({$e$:[e.message,e.code,e.stack]})})'\n ], { type: 'text/javascript' }))));\n w.onmessage = function (e) {\n var d = e.data, ed = d.$e$;\n if (ed) {\n var err = new Error(ed[0]);\n err['code'] = ed[1];\n err.stack = ed[2];\n cb(err, null);\n }\n else\n cb(null, d);\n };\n w.postMessage(msg, transfer);\n return w;\n});\n\n// aliases for shorter compressed code (most minifers don't do this)\nvar u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array;\n// fixed length extra bits\nvar fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]);\n// fixed distance extra bits\n// see fleb note\nvar fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]);\n// code length index map\nvar clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);\n// get base, reverse index map from extra bits\nvar freb = function (eb, start) {\n var b = new u16(31);\n for (var i = 0; i < 31; ++i) {\n b[i] = start += 1 << eb[i - 1];\n }\n // numbers here are at max 18 bits\n var r = new u32(b[30]);\n for (var i = 1; i < 30; ++i) {\n for (var j = b[i]; j < b[i + 1]; ++j) {\n r[j] = ((j - b[i]) << 5) | i;\n }\n }\n return [b, r];\n};\nvar _a = freb(fleb, 2), fl = _a[0], revfl = _a[1];\n// we can ignore the fact that the other numbers are wrong; they never happen anyway\nfl[28] = 258, revfl[258] = 28;\nvar _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1];\n// map of value to reverse (assuming 16 bits)\nvar rev = new u16(32768);\nfor (var i = 0; i < 32768; ++i) {\n // reverse table algorithm from SO\n var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1);\n x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2);\n x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4);\n rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1;\n}\n// create huffman tree from u8 \"map\": index -> code length for code index\n// mb (max bits) must be at most 15\n// TODO: optimize/split up?\nvar hMap = (function (cd, mb, r) {\n var s = cd.length;\n // index\n var i = 0;\n // u16 \"map\": index -> # of codes with bit length = index\n var l = new u16(mb);\n // length of cd must be 288 (total # of codes)\n for (; i < s; ++i) {\n if (cd[i])\n ++l[cd[i] - 1];\n }\n // u16 \"map\": index -> minimum code for bit length = index\n var le = new u16(mb);\n for (i = 0; i < mb; ++i) {\n le[i] = (le[i - 1] + l[i - 1]) << 1;\n }\n var co;\n if (r) {\n // u16 \"map\": index -> number of actual bits, symbol for code\n co = new u16(1 << mb);\n // bits to remove for reverser\n var rvb = 15 - mb;\n for (i = 0; i < s; ++i) {\n // ignore 0 lengths\n if (cd[i]) {\n // num encoding both symbol and bits read\n var sv = (i << 4) | cd[i];\n // free bits\n var r_1 = mb - cd[i];\n // start value\n var v = le[cd[i] - 1]++ << r_1;\n // m is end value\n for (var m = v | ((1 << r_1) - 1); v <= m; ++v) {\n // every 16 bit value starting with the code yields the same result\n co[rev[v] >>> rvb] = sv;\n }\n }\n }\n }\n else {\n co = new u16(s);\n for (i = 0; i < s; ++i) {\n if (cd[i]) {\n co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]);\n }\n }\n }\n return co;\n});\n// fixed length tree\nvar flt = new u8(288);\nfor (var i = 0; i < 144; ++i)\n flt[i] = 8;\nfor (var i = 144; i < 256; ++i)\n flt[i] = 9;\nfor (var i = 256; i < 280; ++i)\n flt[i] = 7;\nfor (var i = 280; i < 288; ++i)\n flt[i] = 8;\n// fixed distance tree\nvar fdt = new u8(32);\nfor (var i = 0; i < 32; ++i)\n fdt[i] = 5;\n// fixed length map\nvar flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1);\n// fixed distance map\nvar fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1);\n// find max of array\nvar max = function (a) {\n var m = a[0];\n for (var i = 1; i < a.length; ++i) {\n if (a[i] > m)\n m = a[i];\n }\n return m;\n};\n// read d, starting at bit p and mask with m\nvar bits = function (d, p, m) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m;\n};\n// read d, starting at bit p continuing for at least 16 bits\nvar bits16 = function (d, p) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7));\n};\n// get end of byte\nvar shft = function (p) { return ((p + 7) / 8) | 0; };\n// typed array slice - allows garbage collector to free original reference,\n// while being more compatible than .slice\nvar slc = function (v, s, e) {\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n // can't use .constructor in case user-supplied\n var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\n/**\n * Codes for errors generated within this library\n */\nexport var FlateErrorCode = {\n UnexpectedEOF: 0,\n InvalidBlockType: 1,\n InvalidLengthLiteral: 2,\n InvalidDistance: 3,\n StreamFinished: 4,\n NoStreamHandler: 5,\n InvalidHeader: 6,\n NoCallback: 7,\n InvalidUTF8: 8,\n ExtraFieldTooLong: 9,\n InvalidDate: 10,\n FilenameTooLong: 11,\n StreamFinishing: 12,\n InvalidZipData: 13,\n UnknownCompressionMethod: 14\n};\n// error codes\nvar ec = [\n 'unexpected EOF',\n 'invalid block type',\n 'invalid length/literal',\n 'invalid distance',\n 'stream finished',\n 'no stream handler',\n ,\n 'no callback',\n 'invalid UTF-8 data',\n 'extra field too long',\n 'date not in range 1980-2099',\n 'filename too long',\n 'stream finishing',\n 'invalid zip data'\n // determined by unknown compression method\n];\n;\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\n// expands raw DEFLATE data\nvar inflt = function (dat, buf, st) {\n // source length\n var sl = dat.length;\n if (!sl || (st && st.f && !st.l))\n return buf || new u8(0);\n // have to estimate size\n var noBuf = !buf || st;\n // no state\n var noSt = !st || st.i;\n if (!st)\n st = {};\n // Assumes roughly 33% compression ratio average\n if (!buf)\n buf = new u8(sl * 3);\n // ensure buffer can fit at least l elements\n var cbuf = function (l) {\n var bl = buf.length;\n // need to increase size to fit\n if (l > bl) {\n // Double or set to necessary, whichever is greater\n var nbuf = new u8(Math.max(bl * 2, l));\n nbuf.set(buf);\n buf = nbuf;\n }\n };\n // last chunk bitpos bytes\n var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;\n // total bits\n var tbts = sl * 8;\n do {\n if (!lm) {\n // BFINAL - this is only 1 when last chunk is next\n final = bits(dat, pos, 1);\n // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman\n var type = bits(dat, pos + 1, 3);\n pos += 3;\n if (!type) {\n // go to end of byte boundary\n var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l;\n if (t > sl) {\n if (noSt)\n err(0);\n break;\n }\n // ensure size\n if (noBuf)\n cbuf(bt + l);\n // Copy over uncompressed data\n buf.set(dat.subarray(s, t), bt);\n // Get new bitpos, update byte count\n st.b = bt += l, st.p = pos = t * 8, st.f = final;\n continue;\n }\n else if (type == 1)\n lm = flrm, dm = fdrm, lbt = 9, dbt = 5;\n else if (type == 2) {\n // literal lengths\n var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;\n var tl = hLit + bits(dat, pos + 5, 31) + 1;\n pos += 14;\n // length+distance tree\n var ldt = new u8(tl);\n // code length tree\n var clt = new u8(19);\n for (var i = 0; i < hcLen; ++i) {\n // use index map to get real code\n clt[clim[i]] = bits(dat, pos + i * 3, 7);\n }\n pos += hcLen * 3;\n // code lengths bits\n var clb = max(clt), clbmsk = (1 << clb) - 1;\n // code lengths map\n var clm = hMap(clt, clb, 1);\n for (var i = 0; i < tl;) {\n var r = clm[bits(dat, pos, clbmsk)];\n // bits read\n pos += r & 15;\n // symbol\n var s = r >>> 4;\n // code length to copy\n if (s < 16) {\n ldt[i++] = s;\n }\n else {\n // copy count\n var c = 0, n = 0;\n if (s == 16)\n n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1];\n else if (s == 17)\n n = 3 + bits(dat, pos, 7), pos += 3;\n else if (s == 18)\n n = 11 + bits(dat, pos, 127), pos += 7;\n while (n--)\n ldt[i++] = c;\n }\n }\n // length tree distance tree\n var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);\n // max length bits\n lbt = max(lt);\n // max dist bits\n dbt = max(dt);\n lm = hMap(lt, lbt, 1);\n dm = hMap(dt, dbt, 1);\n }\n else\n err(1);\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n }\n // Make sure the buffer can hold this + the largest possible addition\n // Maximum chunk size (practically, theoretically infinite) is 2^17;\n if (noBuf)\n cbuf(bt + 131072);\n var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;\n var lpos = pos;\n for (;; lpos = pos) {\n // bits read, code\n var c = lm[bits16(dat, pos) & lms], sym = c >>> 4;\n pos += c & 15;\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (!c)\n err(2);\n if (sym < 256)\n buf[bt++] = sym;\n else if (sym == 256) {\n lpos = pos, lm = null;\n break;\n }\n else {\n var add = sym - 254;\n // no extra bits needed if less\n if (sym > 264) {\n // index\n var i = sym - 257, b = fleb[i];\n add = bits(dat, pos, (1 << b) - 1) + fl[i];\n pos += b;\n }\n // dist\n var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4;\n if (!d)\n err(3);\n pos += d & 15;\n var dt = fd[dsym];\n if (dsym > 3) {\n var b = fdeb[dsym];\n dt += bits16(dat, pos) & ((1 << b) - 1), pos += b;\n }\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (noBuf)\n cbuf(bt + 131072);\n var end = bt + add;\n for (; bt < end; bt += 4) {\n buf[bt] = buf[bt - dt];\n buf[bt + 1] = buf[bt + 1 - dt];\n buf[bt + 2] = buf[bt + 2 - dt];\n buf[bt + 3] = buf[bt + 3 - dt];\n }\n bt = end;\n }\n }\n st.l = lm, st.p = lpos, st.b = bt, st.f = final;\n if (lm)\n final = 1, st.m = lbt, st.d = dm, st.n = dbt;\n } while (!final);\n return bt == buf.length ? buf : slc(buf, 0, bt);\n};\n// starting at p, write the minimum number of bits that can hold v to d\nvar wbits = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n};\n// starting at p, write the minimum number of bits (>8) that can hold v to d\nvar wbits16 = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n d[o + 2] |= v >>> 16;\n};\n// creates code lengths from a frequency table\nvar hTree = function (d, mb) {\n // Need extra info to make a tree\n var t = [];\n for (var i = 0; i < d.length; ++i) {\n if (d[i])\n t.push({ s: i, f: d[i] });\n }\n var s = t.length;\n var t2 = t.slice();\n if (!s)\n return [et, 0];\n if (s == 1) {\n var v = new u8(t[0].s + 1);\n v[t[0].s] = 1;\n return [v, 1];\n }\n t.sort(function (a, b) { return a.f - b.f; });\n // after i2 reaches last ind, will be stopped\n // freq must be greater than largest possible number of symbols\n t.push({ s: -1, f: 25001 });\n var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2;\n t[0] = { s: -1, f: l.f + r.f, l: l, r: r };\n // efficient algorithm from UZIP.js\n // i0 is lookbehind, i2 is lookahead - after processing two low-freq\n // symbols that combined have high freq, will start processing i2 (high-freq,\n // non-composite) symbols instead\n // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/\n while (i1 != s - 1) {\n l = t[t[i0].f < t[i2].f ? i0++ : i2++];\n r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++];\n t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r };\n }\n var maxSym = t2[0].s;\n for (var i = 1; i < s; ++i) {\n if (t2[i].s > maxSym)\n maxSym = t2[i].s;\n }\n // code lengths\n var tr = new u16(maxSym + 1);\n // max bits in tree\n var mbt = ln(t[i1 - 1], tr, 0);\n if (mbt > mb) {\n // more algorithms from UZIP.js\n // TODO: find out how this code works (debt)\n // ind debt\n var i = 0, dt = 0;\n // left cost\n var lft = mbt - mb, cst = 1 << lft;\n t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; });\n for (; i < s; ++i) {\n var i2_1 = t2[i].s;\n if (tr[i2_1] > mb) {\n dt += cst - (1 << (mbt - tr[i2_1]));\n tr[i2_1] = mb;\n }\n else\n break;\n }\n dt >>>= lft;\n while (dt > 0) {\n var i2_2 = t2[i].s;\n if (tr[i2_2] < mb)\n dt -= 1 << (mb - tr[i2_2]++ - 1);\n else\n ++i;\n }\n for (; i >= 0 && dt; --i) {\n var i2_3 = t2[i].s;\n if (tr[i2_3] == mb) {\n --tr[i2_3];\n ++dt;\n }\n }\n mbt = mb;\n }\n return [new u8(tr), mbt];\n};\n// get the max length and assign length codes\nvar ln = function (n, l, d) {\n return n.s == -1\n ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1))\n : (l[n.s] = d);\n};\n// length codes generation\nvar lc = function (c) {\n var s = c.length;\n // Note that the semicolon was intentional\n while (s && !c[--s])\n ;\n var cl = new u16(++s);\n // ind num streak\n var cli = 0, cln = c[0], cls = 1;\n var w = function (v) { cl[cli++] = v; };\n for (var i = 1; i <= s; ++i) {\n if (c[i] == cln && i != s)\n ++cls;\n else {\n if (!cln && cls > 2) {\n for (; cls > 138; cls -= 138)\n w(32754);\n if (cls > 2) {\n w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305);\n cls = 0;\n }\n }\n else if (cls > 3) {\n w(cln), --cls;\n for (; cls > 6; cls -= 6)\n w(8304);\n if (cls > 2)\n w(((cls - 3) << 5) | 8208), cls = 0;\n }\n while (cls--)\n w(cln);\n cls = 1;\n cln = c[i];\n }\n }\n return [cl.subarray(0, cli), s];\n};\n// calculate the length of output from tree, code lengths\nvar clen = function (cf, cl) {\n var l = 0;\n for (var i = 0; i < cl.length; ++i)\n l += cf[i] * cl[i];\n return l;\n};\n// writes a fixed block\n// returns the new bit pos\nvar wfblk = function (out, pos, dat) {\n // no need to write 00 as type: TypedArray defaults to 0\n var s = dat.length;\n var o = shft(pos + 2);\n out[o] = s & 255;\n out[o + 1] = s >>> 8;\n out[o + 2] = out[o] ^ 255;\n out[o + 3] = out[o + 1] ^ 255;\n for (var i = 0; i < s; ++i)\n out[o + i + 4] = dat[i];\n return (o + 4 + s) * 8;\n};\n// writes a block\nvar wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) {\n wbits(out, p++, final);\n ++lf[256];\n var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1];\n var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1];\n var _c = lc(dlt), lclt = _c[0], nlc = _c[1];\n var _d = lc(ddt), lcdt = _d[0], ndc = _d[1];\n var lcfreq = new u16(19);\n for (var i = 0; i < lclt.length; ++i)\n lcfreq[lclt[i] & 31]++;\n for (var i = 0; i < lcdt.length; ++i)\n lcfreq[lcdt[i] & 31]++;\n var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1];\n var nlcc = 19;\n for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc)\n ;\n var flen = (bl + 5) << 3;\n var ftlen = clen(lf, flt) + clen(df, fdt) + eb;\n var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]);\n if (flen <= ftlen && flen <= dtlen)\n return wfblk(out, p, dat.subarray(bs, bs + bl));\n var lm, ll, dm, dl;\n wbits(out, p, 1 + (dtlen < ftlen)), p += 2;\n if (dtlen < ftlen) {\n lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt;\n var llm = hMap(lct, mlcb, 0);\n wbits(out, p, nlc - 257);\n wbits(out, p + 5, ndc - 1);\n wbits(out, p + 10, nlcc - 4);\n p += 14;\n for (var i = 0; i < nlcc; ++i)\n wbits(out, p + 3 * i, lct[clim[i]]);\n p += 3 * nlcc;\n var lcts = [lclt, lcdt];\n for (var it = 0; it < 2; ++it) {\n var clct = lcts[it];\n for (var i = 0; i < clct.length; ++i) {\n var len = clct[i] & 31;\n wbits(out, p, llm[len]), p += lct[len];\n if (len > 15)\n wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12;\n }\n }\n }\n else {\n lm = flm, ll = flt, dm = fdm, dl = fdt;\n }\n for (var i = 0; i < li; ++i) {\n if (syms[i] > 255) {\n var len = (syms[i] >>> 18) & 31;\n wbits16(out, p, lm[len + 257]), p += ll[len + 257];\n if (len > 7)\n wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len];\n var dst = syms[i] & 31;\n wbits16(out, p, dm[dst]), p += dl[dst];\n if (dst > 3)\n wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst];\n }\n else {\n wbits16(out, p, lm[syms[i]]), p += ll[syms[i]];\n }\n }\n wbits16(out, p, lm[256]);\n return p + ll[256];\n};\n// deflate options (nice << 13) | chain\nvar deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]);\n// empty\nvar et = /*#__PURE__*/ new u8(0);\n// compresses data into a raw DEFLATE buffer\nvar dflt = function (dat, lvl, plvl, pre, post, lst) {\n var s = dat.length;\n var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post);\n // writing to this writes to the output buffer\n var w = o.subarray(pre, o.length - post);\n var pos = 0;\n if (!lvl || s < 8) {\n for (var i = 0; i <= s; i += 65535) {\n // end\n var e = i + 65535;\n if (e >= s) {\n // write final block\n w[pos >> 3] = lst;\n }\n pos = wfblk(w, pos + 1, dat.subarray(i, e));\n }\n }\n else {\n var opt = deo[lvl - 1];\n var n = opt >>> 13, c = opt & 8191;\n var msk_1 = (1 << plvl) - 1;\n // prev 2-byte val map curr 2-byte val map\n var prev = new u16(32768), head = new u16(msk_1 + 1);\n var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1;\n var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; };\n // 24576 is an arbitrary number of maximum symbols per block\n // 424 buffer for last block\n var syms = new u32(25000);\n // length/literal freq distance freq\n var lf = new u16(288), df = new u16(32);\n // l/lcnt exbits index l/lind waitdx bitpos\n var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0;\n for (; i < s; ++i) {\n // hash value\n // deopt when i > s - 3 - at end, deopt acceptable\n var hv = hsh(i);\n // index mod 32768 previous index mod\n var imod = i & 32767, pimod = head[hv];\n prev[imod] = pimod;\n head[hv] = imod;\n // We always should modify head and prev, but only add symbols if\n // this data is not yet processed (\"wait\" for wait index)\n if (wi <= i) {\n // bytes remaining\n var rem = s - i;\n if ((lc_1 > 7000 || li > 24576) && rem > 423) {\n pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos);\n li = lc_1 = eb = 0, bs = i;\n for (var j = 0; j < 286; ++j)\n lf[j] = 0;\n for (var j = 0; j < 30; ++j)\n df[j] = 0;\n }\n // len dist chain\n var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767;\n if (rem > 2 && hv == hsh(i - dif)) {\n var maxn = Math.min(n, rem) - 1;\n var maxd = Math.min(32767, i);\n // max possible length\n // not capped at dif because decompressors implement \"rolling\" index population\n var ml = Math.min(258, rem);\n while (dif <= maxd && --ch_1 && imod != pimod) {\n if (dat[i + l] == dat[i + l - dif]) {\n var nl = 0;\n for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl)\n ;\n if (nl > l) {\n l = nl, d = dif;\n // break out early when we reach \"nice\" (we are satisfied enough)\n if (nl > maxn)\n break;\n // now, find the rarest 2-byte sequence within this\n // length of literals and search for that instead.\n // Much faster than just using the start\n var mmd = Math.min(dif, nl - 2);\n var md = 0;\n for (var j = 0; j < mmd; ++j) {\n var ti = (i - dif + j + 32768) & 32767;\n var pti = prev[ti];\n var cd = (ti - pti + 32768) & 32767;\n if (cd > md)\n md = cd, pimod = ti;\n }\n }\n }\n // check the previous match\n imod = pimod, pimod = prev[imod];\n dif += (imod - pimod + 32768) & 32767;\n }\n }\n // d will be nonzero only when a match was found\n if (d) {\n // store both dist and len data in one Uint32\n // Make sure this is recognized as a len/dist with 28th bit (2^28)\n syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d];\n var lin = revfl[l] & 31, din = revfd[d] & 31;\n eb += fleb[lin] + fdeb[din];\n ++lf[257 + lin];\n ++df[din];\n wi = i + l;\n ++lc_1;\n }\n else {\n syms[li++] = dat[i];\n ++lf[dat[i]];\n }\n }\n }\n pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos);\n // this is the easiest way to avoid needing to maintain state\n if (!lst && pos & 7)\n pos = wfblk(w, pos + 1, et);\n }\n return slc(o, 0, pre + shft(pos) + post);\n};\n// CRC32 table\nvar crct = /*#__PURE__*/ (function () {\n var t = new Int32Array(256);\n for (var i = 0; i < 256; ++i) {\n var c = i, k = 9;\n while (--k)\n c = ((c & 1) && -306674912) ^ (c >>> 1);\n t[i] = c;\n }\n return t;\n})();\n// CRC32\nvar crc = function () {\n var c = -1;\n return {\n p: function (d) {\n // closures have awful performance\n var cr = c;\n for (var i = 0; i < d.length; ++i)\n cr = crct[(cr & 255) ^ d[i]] ^ (cr >>> 8);\n c = cr;\n },\n d: function () { return ~c; }\n };\n};\n// Alder32\nvar adler = function () {\n var a = 1, b = 0;\n return {\n p: function (d) {\n // closures have awful performance\n var n = a, m = b;\n var l = d.length | 0;\n for (var i = 0; i != l;) {\n var e = Math.min(i + 2655, l);\n for (; i < e; ++i)\n m += n += d[i];\n n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16);\n }\n a = n, b = m;\n },\n d: function () {\n a %= 65521, b %= 65521;\n return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8);\n }\n };\n};\n;\n// deflate with opts\nvar dopt = function (dat, opt, pre, post, st) {\n return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st);\n};\n// Walmart object spread\nvar mrg = function (a, b) {\n var o = {};\n for (var k in a)\n o[k] = a[k];\n for (var k in b)\n o[k] = b[k];\n return o;\n};\n// worker clone\n// This is possibly the craziest part of the entire codebase, despite how simple it may seem.\n// The only parameter to this function is a closure that returns an array of variables outside of the function scope.\n// We're going to try to figure out the variable names used in the closure as strings because that is crucial for workerization.\n// We will return an object mapping of true variable name to value (basically, the current scope as a JS object).\n// The reason we can't just use the original variable names is minifiers mangling the toplevel scope.\n// This took me three weeks to figure out how to do.\nvar wcln = function (fn, fnStr, td) {\n var dt = fn();\n var st = fn.toString();\n var ks = st.slice(st.indexOf('[') + 1, st.lastIndexOf(']')).replace(/\\s+/g, '').split(',');\n for (var i = 0; i < dt.length; ++i) {\n var v = dt[i], k = ks[i];\n if (typeof v == 'function') {\n fnStr += ';' + k + '=';\n var st_1 = v.toString();\n if (v.prototype) {\n // for global objects\n if (st_1.indexOf('[native code]') != -1) {\n var spInd = st_1.indexOf(' ', 8) + 1;\n fnStr += st_1.slice(spInd, st_1.indexOf('(', spInd));\n }\n else {\n fnStr += st_1;\n for (var t in v.prototype)\n fnStr += ';' + k + '.prototype.' + t + '=' + v.prototype[t].toString();\n }\n }\n else\n fnStr += st_1;\n }\n else\n td[k] = v;\n }\n return [fnStr, td];\n};\nvar ch = [];\n// clone bufs\nvar cbfs = function (v) {\n var tl = [];\n for (var k in v) {\n if (v[k].buffer) {\n tl.push((v[k] = new v[k].constructor(v[k])).buffer);\n }\n }\n return tl;\n};\n// use a worker to execute code\nvar wrkr = function (fns, init, id, cb) {\n var _a;\n if (!ch[id]) {\n var fnStr = '', td_1 = {}, m = fns.length - 1;\n for (var i = 0; i < m; ++i)\n _a = wcln(fns[i], fnStr, td_1), fnStr = _a[0], td_1 = _a[1];\n ch[id] = wcln(fns[m], fnStr, td_1);\n }\n var td = mrg({}, ch[id][1]);\n return wk(ch[id][0] + ';onmessage=function(e){for(var k in e.data)self[k]=e.data[k];onmessage=' + init.toString() + '}', id, td, cbfs(td), cb);\n};\n// base async inflate fn\nvar bInflt = function () { return [u8, u16, u32, fleb, fdeb, clim, fl, fd, flrm, fdrm, rev, ec, hMap, max, bits, bits16, shft, slc, err, inflt, inflateSync, pbf, gu8]; };\nvar bDflt = function () { return [u8, u16, u32, fleb, fdeb, clim, revfl, revfd, flm, flt, fdm, fdt, rev, deo, et, hMap, wbits, wbits16, hTree, ln, lc, clen, wfblk, wblk, shft, slc, dflt, dopt, deflateSync, pbf]; };\n// gzip extra\nvar gze = function () { return [gzh, gzhl, wbytes, crc, crct]; };\n// gunzip extra\nvar guze = function () { return [gzs, gzl]; };\n// zlib extra\nvar zle = function () { return [zlh, wbytes, adler]; };\n// unzlib extra\nvar zule = function () { return [zlv]; };\n// post buf\nvar pbf = function (msg) { return postMessage(msg, [msg.buffer]); };\n// get u8\nvar gu8 = function (o) { return o && o.size && new u8(o.size); };\n// async helper\nvar cbify = function (dat, opts, fns, init, id, cb) {\n var w = wrkr(fns, init, id, function (err, dat) {\n w.terminate();\n cb(err, dat);\n });\n w.postMessage([dat, opts], opts.consume ? [dat.buffer] : []);\n return function () { w.terminate(); };\n};\n// auto stream\nvar astrm = function (strm) {\n strm.ondata = function (dat, final) { return postMessage([dat, final], [dat.buffer]); };\n return function (ev) { return strm.push(ev.data[0], ev.data[1]); };\n};\n// async stream attach\nvar astrmify = function (fns, strm, opts, init, id) {\n var t;\n var w = wrkr(fns, init, id, function (err, dat) {\n if (err)\n w.terminate(), strm.ondata.call(strm, err);\n else {\n if (dat[1])\n w.terminate();\n strm.ondata.call(strm, err, dat[0], dat[1]);\n }\n });\n w.postMessage(opts);\n strm.push = function (d, f) {\n if (!strm.ondata)\n err(5);\n if (t)\n strm.ondata(err(4, 0, 1), null, !!f);\n w.postMessage([d, t = f], [d.buffer]);\n };\n strm.terminate = function () { w.terminate(); };\n};\n// read 2 bytes\nvar b2 = function (d, b) { return d[b] | (d[b + 1] << 8); };\n// read 4 bytes\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\nvar b8 = function (d, b) { return b4(d, b) + (b4(d, b + 4) * 4294967296); };\n// write bytes\nvar wbytes = function (d, b, v) {\n for (; v; ++b)\n d[b] = v, v >>>= 8;\n};\n// gzip header\nvar gzh = function (c, o) {\n var fn = o.filename;\n c[0] = 31, c[1] = 139, c[2] = 8, c[8] = o.level < 2 ? 4 : o.level == 9 ? 2 : 0, c[9] = 3; // assume Unix\n if (o.mtime != 0)\n wbytes(c, 4, Math.floor(new Date(o.mtime || Date.now()) / 1000));\n if (fn) {\n c[3] = 8;\n for (var i = 0; i <= fn.length; ++i)\n c[i + 10] = fn.charCodeAt(i);\n }\n};\n// gzip footer: -8 to -4 = CRC, -4 to -0 is length\n// gzip start\nvar gzs = function (d) {\n if (d[0] != 31 || d[1] != 139 || d[2] != 8)\n err(6, 'invalid gzip data');\n var flg = d[3];\n var st = 10;\n if (flg & 4)\n st += d[10] | (d[11] << 8) + 2;\n for (var zs = (flg >> 3 & 1) + (flg >> 4 & 1); zs > 0; zs -= !d[st++])\n ;\n return st + (flg & 2);\n};\n// gzip length\nvar gzl = function (d) {\n var l = d.length;\n return ((d[l - 4] | d[l - 3] << 8 | d[l - 2] << 16) | (d[l - 1] << 24)) >>> 0;\n};\n// gzip header length\nvar gzhl = function (o) { return 10 + ((o.filename && (o.filename.length + 1)) || 0); };\n// zlib header\nvar zlh = function (c, o) {\n var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2;\n c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1);\n};\n// zlib valid\nvar zlv = function (d) {\n if ((d[0] & 15) != 8 || (d[0] >>> 4) > 7 || ((d[0] << 8 | d[1]) % 31))\n err(6, 'invalid zlib data');\n if (d[1] & 32)\n err(6, 'invalid zlib data: preset dictionaries not supported');\n};\nfunction AsyncCmpStrm(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n return opts;\n}\n// zlib footer: -4 to -0 is Adler32\n/**\n * Streaming DEFLATE compression\n */\nvar Deflate = /*#__PURE__*/ (function () {\n function Deflate(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n this.o = opts || {};\n }\n Deflate.prototype.p = function (c, f) {\n this.ondata(dopt(c, this.o, 0, 0, !f), f);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Deflate.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.d = final;\n this.p(chunk, final || false);\n };\n return Deflate;\n}());\nexport { Deflate };\n/**\n * Asynchronous streaming DEFLATE compression\n */\nvar AsyncDeflate = /*#__PURE__*/ (function () {\n function AsyncDeflate(opts, cb) {\n astrmify([\n bDflt,\n function () { return [astrm, Deflate]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Deflate(ev.data);\n onmessage = astrm(strm);\n }, 6);\n }\n return AsyncDeflate;\n}());\nexport { AsyncDeflate };\nexport function deflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n ], function (ev) { return pbf(deflateSync(ev.data[0], ev.data[1])); }, 0, cb);\n}\n/**\n * Compresses data with DEFLATE without any wrapper\n * @param data The data to compress\n * @param opts The compression options\n * @returns The deflated version of the data\n */\nexport function deflateSync(data, opts) {\n return dopt(data, opts || {}, 0, 0);\n}\n/**\n * Streaming DEFLATE decompression\n */\nvar Inflate = /*#__PURE__*/ (function () {\n /**\n * Creates an inflation stream\n * @param cb The callback to call whenever data is inflated\n */\n function Inflate(cb) {\n this.s = {};\n this.p = new u8(0);\n this.ondata = cb;\n }\n Inflate.prototype.e = function (c) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n var l = this.p.length;\n var n = new u8(l + c.length);\n n.set(this.p), n.set(c, l), this.p = n;\n };\n Inflate.prototype.c = function (final) {\n this.d = this.s.i = final || false;\n var bts = this.s.b;\n var dt = inflt(this.p, this.o, this.s);\n this.ondata(slc(dt, bts, this.s.b), this.d);\n this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length;\n this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7;\n };\n /**\n * Pushes a chunk to be inflated\n * @param chunk The chunk to push\n * @param final Whether this is the final chunk\n */\n Inflate.prototype.push = function (chunk, final) {\n this.e(chunk), this.c(final);\n };\n return Inflate;\n}());\nexport { Inflate };\n/**\n * Asynchronous streaming DEFLATE decompression\n */\nvar AsyncInflate = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous inflation stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncInflate(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n function () { return [astrm, Inflate]; }\n ], this, 0, function () {\n var strm = new Inflate();\n onmessage = astrm(strm);\n }, 7);\n }\n return AsyncInflate;\n}());\nexport { AsyncInflate };\nexport function inflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt\n ], function (ev) { return pbf(inflateSync(ev.data[0], gu8(ev.data[1]))); }, 1, cb);\n}\n/**\n * Expands DEFLATE data with no wrapper\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function inflateSync(data, out) {\n return inflt(data, out);\n}\n// before you yell at me for not just using extends, my reason is that TS inheritance is hard to workerize.\n/**\n * Streaming GZIP compression\n */\nvar Gzip = /*#__PURE__*/ (function () {\n function Gzip(opts, cb) {\n this.c = crc();\n this.l = 0;\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be GZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gzip.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Gzip.prototype.p = function (c, f) {\n this.c.p(c);\n this.l += c.length;\n var raw = dopt(c, this.o, this.v && gzhl(this.o), f && 8, !f);\n if (this.v)\n gzh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 8, this.c.d()), wbytes(raw, raw.length - 4, this.l);\n this.ondata(raw, f);\n };\n return Gzip;\n}());\nexport { Gzip };\n/**\n * Asynchronous streaming GZIP compression\n */\nvar AsyncGzip = /*#__PURE__*/ (function () {\n function AsyncGzip(opts, cb) {\n astrmify([\n bDflt,\n gze,\n function () { return [astrm, Deflate, Gzip]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Gzip(ev.data);\n onmessage = astrm(strm);\n }, 8);\n }\n return AsyncGzip;\n}());\nexport { AsyncGzip };\nexport function gzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n gze,\n function () { return [gzipSync]; }\n ], function (ev) { return pbf(gzipSync(ev.data[0], ev.data[1])); }, 2, cb);\n}\n/**\n * Compresses data with GZIP\n * @param data The data to compress\n * @param opts The compression options\n * @returns The gzipped version of the data\n */\nexport function gzipSync(data, opts) {\n if (!opts)\n opts = {};\n var c = crc(), l = data.length;\n c.p(data);\n var d = dopt(data, opts, gzhl(opts), 8), s = d.length;\n return gzh(d, opts), wbytes(d, s - 8, c.d()), wbytes(d, s - 4, l), d;\n}\n/**\n * Streaming GZIP decompression\n */\nvar Gunzip = /*#__PURE__*/ (function () {\n /**\n * Creates a GUNZIP stream\n * @param cb The callback to call whenever data is inflated\n */\n function Gunzip(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be GUNZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gunzip.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n var s = this.p.length > 3 ? gzs(this.p) : 4;\n if (s >= this.p.length && !final)\n return;\n this.p = this.p.subarray(s), this.v = 0;\n }\n if (final) {\n if (this.p.length < 8)\n err(6, 'invalid gzip data');\n this.p = this.p.subarray(0, -8);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Gunzip;\n}());\nexport { Gunzip };\n/**\n * Asynchronous streaming GZIP decompression\n */\nvar AsyncGunzip = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous GUNZIP stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncGunzip(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n guze,\n function () { return [astrm, Inflate, Gunzip]; }\n ], this, 0, function () {\n var strm = new Gunzip();\n onmessage = astrm(strm);\n }, 9);\n }\n return AsyncGunzip;\n}());\nexport { AsyncGunzip };\nexport function gunzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n guze,\n function () { return [gunzipSync]; }\n ], function (ev) { return pbf(gunzipSync(ev.data[0])); }, 3, cb);\n}\n/**\n * Expands GZIP data\n * @param data The data to decompress\n * @param out Where to write the data. GZIP already encodes the output size, so providing this doesn't save memory.\n * @returns The decompressed version of the data\n */\nexport function gunzipSync(data, out) {\n return inflt(data.subarray(gzs(data), -8), out || new u8(gzl(data)));\n}\n/**\n * Streaming Zlib compression\n */\nvar Zlib = /*#__PURE__*/ (function () {\n function Zlib(opts, cb) {\n this.c = adler();\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be zlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Zlib.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Zlib.prototype.p = function (c, f) {\n this.c.p(c);\n var raw = dopt(c, this.o, this.v && 2, f && 4, !f);\n if (this.v)\n zlh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 4, this.c.d());\n this.ondata(raw, f);\n };\n return Zlib;\n}());\nexport { Zlib };\n/**\n * Asynchronous streaming Zlib compression\n */\nvar AsyncZlib = /*#__PURE__*/ (function () {\n function AsyncZlib(opts, cb) {\n astrmify([\n bDflt,\n zle,\n function () { return [astrm, Deflate, Zlib]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Zlib(ev.data);\n onmessage = astrm(strm);\n }, 10);\n }\n return AsyncZlib;\n}());\nexport { AsyncZlib };\nexport function zlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n zle,\n function () { return [zlibSync]; }\n ], function (ev) { return pbf(zlibSync(ev.data[0], ev.data[1])); }, 4, cb);\n}\n/**\n * Compress data with Zlib\n * @param data The data to compress\n * @param opts The compression options\n * @returns The zlib-compressed version of the data\n */\nexport function zlibSync(data, opts) {\n if (!opts)\n opts = {};\n var a = adler();\n a.p(data);\n var d = dopt(data, opts, 2, 4);\n return zlh(d, opts), wbytes(d, d.length - 4, a.d()), d;\n}\n/**\n * Streaming Zlib decompression\n */\nvar Unzlib = /*#__PURE__*/ (function () {\n /**\n * Creates a Zlib decompression stream\n * @param cb The callback to call whenever data is inflated\n */\n function Unzlib(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be unzlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzlib.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n if (this.p.length < 2 && !final)\n return;\n this.p = this.p.subarray(2), this.v = 0;\n }\n if (final) {\n if (this.p.length < 4)\n err(6, 'invalid zlib data');\n this.p = this.p.subarray(0, -4);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Unzlib;\n}());\nexport { Unzlib };\n/**\n * Asynchronous streaming Zlib decompression\n */\nvar AsyncUnzlib = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous Zlib decompression stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncUnzlib(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n zule,\n function () { return [astrm, Inflate, Unzlib]; }\n ], this, 0, function () {\n var strm = new Unzlib();\n onmessage = astrm(strm);\n }, 11);\n }\n return AsyncUnzlib;\n}());\nexport { AsyncUnzlib };\nexport function unzlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n zule,\n function () { return [unzlibSync]; }\n ], function (ev) { return pbf(unzlibSync(ev.data[0], gu8(ev.data[1]))); }, 5, cb);\n}\n/**\n * Expands Zlib data\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function unzlibSync(data, out) {\n return inflt((zlv(data), data.subarray(2, -4)), out);\n}\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzip as compress, AsyncGzip as AsyncCompress };\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzipSync as compressSync, Gzip as Compress };\n/**\n * Streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function Decompress(cb) {\n this.G = Gunzip;\n this.I = Inflate;\n this.Z = Unzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Decompress.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (!this.s) {\n if (this.p && this.p.length) {\n var n = new u8(this.p.length + chunk.length);\n n.set(this.p), n.set(chunk, this.p.length);\n }\n else\n this.p = chunk;\n if (this.p.length > 2) {\n var _this_1 = this;\n var cb = function () { _this_1.ondata.apply(_this_1, arguments); };\n this.s = (this.p[0] == 31 && this.p[1] == 139 && this.p[2] == 8)\n ? new this.G(cb)\n : ((this.p[0] & 15) != 8 || (this.p[0] >> 4) > 7 || ((this.p[0] << 8 | this.p[1]) % 31))\n ? new this.I(cb)\n : new this.Z(cb);\n this.s.push(this.p, final);\n this.p = null;\n }\n }\n else\n this.s.push(chunk, final);\n };\n return Decompress;\n}());\nexport { Decompress };\n/**\n * Asynchronous streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar AsyncDecompress = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function AsyncDecompress(cb) {\n this.G = AsyncGunzip;\n this.I = AsyncInflate;\n this.Z = AsyncUnzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncDecompress.prototype.push = function (chunk, final) {\n Decompress.prototype.push.call(this, chunk, final);\n };\n return AsyncDecompress;\n}());\nexport { AsyncDecompress };\nexport function decompress(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzip(data, opts, cb)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflate(data, opts, cb)\n : unzlib(data, opts, cb);\n}\n/**\n * Expands compressed GZIP, Zlib, or raw DEFLATE data, automatically detecting the format\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function decompressSync(data, out) {\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzipSync(data, out)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflateSync(data, out)\n : unzlibSync(data, out);\n}\n// flatten a directory structure\nvar fltn = function (d, p, t, o) {\n for (var k in d) {\n var val = d[k], n = p + k, op = o;\n if (Array.isArray(val))\n op = mrg(o, val[1]), val = val[0];\n if (val instanceof u8)\n t[n] = [val, op];\n else {\n t[n += '/'] = [new u8(0), op];\n fltn(val, n, t, o);\n }\n }\n};\n// text encoder\nvar te = typeof TextEncoder != 'undefined' && /*#__PURE__*/ new TextEncoder();\n// text decoder\nvar td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder();\n// text decoder stream\nvar tds = 0;\ntry {\n td.decode(et, { stream: true });\n tds = 1;\n}\ncatch (e) { }\n// decode UTF8\nvar dutf8 = function (d) {\n for (var r = '', i = 0;;) {\n var c = d[i++];\n var eb = (c > 127) + (c > 223) + (c > 239);\n if (i + eb > d.length)\n return [r, slc(d, i - 1)];\n if (!eb)\n r += String.fromCharCode(c);\n else if (eb == 3) {\n c = ((c & 15) << 18 | (d[i++] & 63) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63)) - 65536,\n r += String.fromCharCode(55296 | (c >> 10), 56320 | (c & 1023));\n }\n else if (eb & 1)\n r += String.fromCharCode((c & 31) << 6 | (d[i++] & 63));\n else\n r += String.fromCharCode((c & 15) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63));\n }\n};\n/**\n * Streaming UTF-8 decoding\n */\nvar DecodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is decoded\n */\n function DecodeUTF8(cb) {\n this.ondata = cb;\n if (tds)\n this.t = new TextDecoder();\n else\n this.p = et;\n }\n /**\n * Pushes a chunk to be decoded from UTF-8 binary\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n DecodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n final = !!final;\n if (this.t) {\n this.ondata(this.t.decode(chunk, { stream: true }), final);\n if (final) {\n if (this.t.decode().length)\n err(8);\n this.t = null;\n }\n return;\n }\n if (!this.p)\n err(4);\n var dat = new u8(this.p.length + chunk.length);\n dat.set(this.p);\n dat.set(chunk, this.p.length);\n var _a = dutf8(dat), ch = _a[0], np = _a[1];\n if (final) {\n if (np.length)\n err(8);\n this.p = null;\n }\n else\n this.p = np;\n this.ondata(ch, final);\n };\n return DecodeUTF8;\n}());\nexport { DecodeUTF8 };\n/**\n * Streaming UTF-8 encoding\n */\nvar EncodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is encoded\n */\n function EncodeUTF8(cb) {\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be encoded to UTF-8\n * @param chunk The string data to push\n * @param final Whether this is the last chunk\n */\n EncodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.ondata(strToU8(chunk), this.d = final || false);\n };\n return EncodeUTF8;\n}());\nexport { EncodeUTF8 };\n/**\n * Converts a string into a Uint8Array for use with compression/decompression methods\n * @param str The string to encode\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless decoding a binary string.\n * @returns The string encoded in UTF-8/Latin-1 binary\n */\nexport function strToU8(str, latin1) {\n if (latin1) {\n var ar_1 = new u8(str.length);\n for (var i = 0; i < str.length; ++i)\n ar_1[i] = str.charCodeAt(i);\n return ar_1;\n }\n if (te)\n return te.encode(str);\n var l = str.length;\n var ar = new u8(str.length + (str.length >> 1));\n var ai = 0;\n var w = function (v) { ar[ai++] = v; };\n for (var i = 0; i < l; ++i) {\n if (ai + 5 > ar.length) {\n var n = new u8(ai + 8 + ((l - i) << 1));\n n.set(ar);\n ar = n;\n }\n var c = str.charCodeAt(i);\n if (c < 128 || latin1)\n w(c);\n else if (c < 2048)\n w(192 | (c >> 6)), w(128 | (c & 63));\n else if (c > 55295 && c < 57344)\n c = 65536 + (c & 1023 << 10) | (str.charCodeAt(++i) & 1023),\n w(240 | (c >> 18)), w(128 | ((c >> 12) & 63)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n else\n w(224 | (c >> 12)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n }\n return slc(ar, 0, ai);\n}\n/**\n * Converts a Uint8Array to a string\n * @param dat The data to decode to string\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless encoding to binary string.\n * @returns The original UTF-8/Latin-1 string\n */\nexport function strFromU8(dat, latin1) {\n if (latin1) {\n var r = '';\n for (var i = 0; i < dat.length; i += 16384)\n r += String.fromCharCode.apply(null, dat.subarray(i, i + 16384));\n return r;\n }\n else if (td)\n return td.decode(dat);\n else {\n var _a = dutf8(dat), out = _a[0], ext = _a[1];\n if (ext.length)\n err(8);\n return out;\n }\n}\n;\n// deflate bit flag\nvar dbf = function (l) { return l == 1 ? 3 : l < 6 ? 2 : l == 9 ? 1 : 0; };\n// skip local zip header\nvar slzh = function (d, b) { return b + 30 + b2(d, b + 26) + b2(d, b + 28); };\n// read zip header\nvar zh = function (d, b, z) {\n var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);\n var _a = z && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a[0], su = _a[1], off = _a[2];\n return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];\n};\n// read zip64 extra field\nvar z64e = function (d, b) {\n for (; b2(d, b) != 1; b += 4 + b2(d, b + 2))\n ;\n return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];\n};\n// extra field length\nvar exfl = function (ex) {\n var le = 0;\n if (ex) {\n for (var k in ex) {\n var l = ex[k].length;\n if (l > 65535)\n err(9);\n le += l + 4;\n }\n }\n return le;\n};\n// write zip header\nvar wzh = function (d, b, f, fn, u, c, ce, co) {\n var fl = fn.length, ex = f.extra, col = co && co.length;\n var exl = exfl(ex);\n wbytes(d, b, ce != null ? 0x2014B50 : 0x4034B50), b += 4;\n if (ce != null)\n d[b++] = 20, d[b++] = f.os;\n d[b] = 20, b += 2; // spec compliance? what's that?\n d[b++] = (f.flag << 1) | (c < 0 && 8), d[b++] = u && 8;\n d[b++] = f.compression & 255, d[b++] = f.compression >> 8;\n var dt = new Date(f.mtime == null ? Date.now() : f.mtime), y = dt.getFullYear() - 1980;\n if (y < 0 || y > 119)\n err(10);\n wbytes(d, b, (y << 25) | ((dt.getMonth() + 1) << 21) | (dt.getDate() << 16) | (dt.getHours() << 11) | (dt.getMinutes() << 5) | (dt.getSeconds() >>> 1)), b += 4;\n if (c != -1) {\n wbytes(d, b, f.crc);\n wbytes(d, b + 4, c < 0 ? -c - 2 : c);\n wbytes(d, b + 8, f.size);\n }\n wbytes(d, b + 12, fl);\n wbytes(d, b + 14, exl), b += 16;\n if (ce != null) {\n wbytes(d, b, col);\n wbytes(d, b + 6, f.attrs);\n wbytes(d, b + 10, ce), b += 14;\n }\n d.set(fn, b);\n b += fl;\n if (exl) {\n for (var k in ex) {\n var exf = ex[k], l = exf.length;\n wbytes(d, b, +k);\n wbytes(d, b + 2, l);\n d.set(exf, b + 4), b += 4 + l;\n }\n }\n if (col)\n d.set(co, b), b += col;\n return b;\n};\n// write zip footer (end of central directory)\nvar wzf = function (o, b, c, d, e) {\n wbytes(o, b, 0x6054B50); // skip disk\n wbytes(o, b + 8, c);\n wbytes(o, b + 10, c);\n wbytes(o, b + 12, d);\n wbytes(o, b + 16, e);\n};\n/**\n * A pass-through stream to keep data uncompressed in a ZIP archive.\n */\nvar ZipPassThrough = /*#__PURE__*/ (function () {\n /**\n * Creates a pass-through stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n */\n function ZipPassThrough(filename) {\n this.filename = filename;\n this.c = crc();\n this.size = 0;\n this.compression = 0;\n }\n /**\n * Processes a chunk and pushes to the output stream. You can override this\n * method in a subclass for custom behavior, but by default this passes\n * the data through. You must call this.ondata(err, chunk, final) at some\n * point in this method.\n * @param chunk The chunk to process\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.process = function (chunk, final) {\n this.ondata(null, chunk, final);\n };\n /**\n * Pushes a chunk to be added. If you are subclassing this with a custom\n * compression algorithm, note that you must push data from the source\n * file only, pre-compression.\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n this.c.p(chunk);\n this.size += chunk.length;\n if (final)\n this.crc = this.c.d();\n this.process(chunk, final || false);\n };\n return ZipPassThrough;\n}());\nexport { ZipPassThrough };\n// I don't extend because TypeScript extension adds 1kB of runtime bloat\n/**\n * Streaming DEFLATE compression for ZIP archives. Prefer using AsyncZipDeflate\n * for better performance\n */\nvar ZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function ZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new Deflate(opts, function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n }\n ZipDeflate.prototype.process = function (chunk, final) {\n try {\n this.d.push(chunk, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return ZipDeflate;\n}());\nexport { ZipDeflate };\n/**\n * Asynchronous streaming DEFLATE compression for ZIP archives\n */\nvar AsyncZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function AsyncZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new AsyncDeflate(opts, function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n this.terminate = this.d.terminate;\n }\n AsyncZipDeflate.prototype.process = function (chunk, final) {\n this.d.push(chunk, final);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return AsyncZipDeflate;\n}());\nexport { AsyncZipDeflate };\n// TODO: Better tree shaking\n/**\n * A zippable archive to which files can incrementally be added\n */\nvar Zip = /*#__PURE__*/ (function () {\n /**\n * Creates an empty ZIP archive to which files can be added\n * @param cb The callback to call whenever data for the generated ZIP archive\n * is available\n */\n function Zip(cb) {\n this.ondata = cb;\n this.u = [];\n this.d = 1;\n }\n /**\n * Adds a file to the ZIP archive\n * @param file The file stream to add\n */\n Zip.prototype.add = function (file) {\n var _this_1 = this;\n if (!this.ondata)\n err(5);\n // finishing or finished\n if (this.d & 2)\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, false);\n else {\n var f = strToU8(file.filename), fl_1 = f.length;\n var com = file.comment, o = com && strToU8(com);\n var u = fl_1 != file.filename.length || (o && (com.length != o.length));\n var hl_1 = fl_1 + exfl(file.extra) + 30;\n if (fl_1 > 65535)\n this.ondata(err(11, 0, 1), null, false);\n var header = new u8(hl_1);\n wzh(header, 0, file, f, u, -1);\n var chks_1 = [header];\n var pAll_1 = function () {\n for (var _i = 0, chks_2 = chks_1; _i < chks_2.length; _i++) {\n var chk = chks_2[_i];\n _this_1.ondata(null, chk, false);\n }\n chks_1 = [];\n };\n var tr_1 = this.d;\n this.d = 0;\n var ind_1 = this.u.length;\n var uf_1 = mrg(file, {\n f: f,\n u: u,\n o: o,\n t: function () {\n if (file.terminate)\n file.terminate();\n },\n r: function () {\n pAll_1();\n if (tr_1) {\n var nxt = _this_1.u[ind_1 + 1];\n if (nxt)\n nxt.r();\n else\n _this_1.d = 1;\n }\n tr_1 = 1;\n }\n });\n var cl_1 = 0;\n file.ondata = function (err, dat, final) {\n if (err) {\n _this_1.ondata(err, dat, final);\n _this_1.terminate();\n }\n else {\n cl_1 += dat.length;\n chks_1.push(dat);\n if (final) {\n var dd = new u8(16);\n wbytes(dd, 0, 0x8074B50);\n wbytes(dd, 4, file.crc);\n wbytes(dd, 8, cl_1);\n wbytes(dd, 12, file.size);\n chks_1.push(dd);\n uf_1.c = cl_1, uf_1.b = hl_1 + cl_1 + 16, uf_1.crc = file.crc, uf_1.size = file.size;\n if (tr_1)\n uf_1.r();\n tr_1 = 1;\n }\n else if (tr_1)\n pAll_1();\n }\n };\n this.u.push(uf_1);\n }\n };\n /**\n * Ends the process of adding files and prepares to emit the final chunks.\n * This *must* be called after adding all desired files for the resulting\n * ZIP file to work properly.\n */\n Zip.prototype.end = function () {\n var _this_1 = this;\n if (this.d & 2) {\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, true);\n return;\n }\n if (this.d)\n this.e();\n else\n this.u.push({\n r: function () {\n if (!(_this_1.d & 1))\n return;\n _this_1.u.splice(-1, 1);\n _this_1.e();\n },\n t: function () { }\n });\n this.d = 3;\n };\n Zip.prototype.e = function () {\n var bt = 0, l = 0, tl = 0;\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n tl += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0);\n }\n var out = new u8(tl + 22);\n for (var _b = 0, _c = this.u; _b < _c.length; _b++) {\n var f = _c[_b];\n wzh(out, bt, f, f.f, f.u, -f.c - 2, l, f.o);\n bt += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0), l += f.b;\n }\n wzf(out, bt, this.u.length, tl, l);\n this.ondata(null, out, true);\n this.d = 2;\n };\n /**\n * A method to terminate any internal workers used by the stream. Subsequent\n * calls to add() will fail.\n */\n Zip.prototype.terminate = function () {\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n f.t();\n }\n this.d = 2;\n };\n return Zip;\n}());\nexport { Zip };\nexport function zip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var r = {};\n fltn(data, '', r, opts);\n var k = Object.keys(r);\n var lft = k.length, o = 0, tot = 0;\n var slft = lft, files = new Array(lft);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var cbf = function () {\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n tot = 0;\n for (var i = 0; i < slft; ++i) {\n var f = files[i];\n try {\n var l = f.c.length;\n wzh(out, tot, f, f.f, f.u, l);\n var badd = 30 + f.f.length + exfl(f.extra);\n var loc = tot + badd;\n out.set(f.c, loc);\n wzh(out, o, f, f.f, f.u, l, tot, f.m), o += 16 + badd + (f.m ? f.m.length : 0), tot = loc + l;\n }\n catch (e) {\n return cbd(e, null);\n }\n }\n wzf(out, o, files.length, cdl, oe);\n cbd(null, out);\n };\n if (!lft)\n cbf();\n var _loop_1 = function (i) {\n var fn = k[i];\n var _a = r[fn], file = _a[0], p = _a[1];\n var c = crc(), size = file.length;\n c.p(file);\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n var compression = p.level == 0 ? 0 : 8;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n var l = d.length;\n files[i] = mrg(p, {\n size: size,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n compression: compression\n });\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n if (!--lft)\n cbf();\n }\n };\n if (s > 65535)\n cbl(err(11, 0, 1), null);\n if (!compression)\n cbl(null, file);\n else if (size < 160000) {\n try {\n cbl(null, deflateSync(file, p));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(deflate(file, p, cbl));\n };\n // Cannot use lft because it can decrease\n for (var i = 0; i < slft; ++i) {\n _loop_1(i);\n }\n return tAll;\n}\n/**\n * Synchronously creates a ZIP file. Prefer using `zip` for better performance\n * with more than one file.\n * @param data The directory structure for the ZIP archive\n * @param opts The main options, merged with per-file options\n * @returns The generated ZIP archive\n */\nexport function zipSync(data, opts) {\n if (!opts)\n opts = {};\n var r = {};\n var files = [];\n fltn(data, '', r, opts);\n var o = 0;\n var tot = 0;\n for (var fn in r) {\n var _a = r[fn], file = _a[0], p = _a[1];\n var compression = p.level == 0 ? 0 : 8;\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n if (s > 65535)\n err(11);\n var d = compression ? deflateSync(file, p) : file, l = d.length;\n var c = crc();\n c.p(file);\n files.push(mrg(p, {\n size: file.length,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n o: o,\n compression: compression\n }));\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n }\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n for (var i = 0; i < files.length; ++i) {\n var f = files[i];\n wzh(out, f.o, f, f.f, f.u, f.c.length);\n var badd = 30 + f.f.length + exfl(f.extra);\n out.set(f.c, f.o + badd);\n wzh(out, o, f, f.f, f.u, f.c.length, f.o, f.m), o += 16 + badd + (f.m ? f.m.length : 0);\n }\n wzf(out, o, files.length, cdl, oe);\n return out;\n}\n/**\n * Streaming pass-through decompression for ZIP archives\n */\nvar UnzipPassThrough = /*#__PURE__*/ (function () {\n function UnzipPassThrough() {\n }\n UnzipPassThrough.prototype.push = function (data, final) {\n this.ondata(null, data, final);\n };\n UnzipPassThrough.compression = 0;\n return UnzipPassThrough;\n}());\nexport { UnzipPassThrough };\n/**\n * Streaming DEFLATE decompression for ZIP archives. Prefer AsyncZipInflate for\n * better performance.\n */\nvar UnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function UnzipInflate() {\n var _this_1 = this;\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n UnzipInflate.prototype.push = function (data, final) {\n try {\n this.i.push(data, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n UnzipInflate.compression = 8;\n return UnzipInflate;\n}());\nexport { UnzipInflate };\n/**\n * Asynchronous streaming DEFLATE decompression for ZIP archives\n */\nvar AsyncUnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function AsyncUnzipInflate(_, sz) {\n var _this_1 = this;\n if (sz < 320000) {\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n else {\n this.i = new AsyncInflate(function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.terminate = this.i.terminate;\n }\n }\n AsyncUnzipInflate.prototype.push = function (data, final) {\n if (this.i.terminate)\n data = slc(data, 0);\n this.i.push(data, final);\n };\n AsyncUnzipInflate.compression = 8;\n return AsyncUnzipInflate;\n}());\nexport { AsyncUnzipInflate };\n/**\n * A ZIP archive decompression stream that emits files as they are discovered\n */\nvar Unzip = /*#__PURE__*/ (function () {\n /**\n * Creates a ZIP decompression stream\n * @param cb The callback to call whenever a file in the ZIP archive is found\n */\n function Unzip(cb) {\n this.onfile = cb;\n this.k = [];\n this.o = {\n 0: UnzipPassThrough\n };\n this.p = et;\n }\n /**\n * Pushes a chunk to be unzipped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzip.prototype.push = function (chunk, final) {\n var _this_1 = this;\n if (!this.onfile)\n err(5);\n if (!this.p)\n err(4);\n if (this.c > 0) {\n var len = Math.min(this.c, chunk.length);\n var toAdd = chunk.subarray(0, len);\n this.c -= len;\n if (this.d)\n this.d.push(toAdd, !this.c);\n else\n this.k[0].push(toAdd);\n chunk = chunk.subarray(len);\n if (chunk.length)\n return this.push(chunk, final);\n }\n else {\n var f = 0, i = 0, is = void 0, buf = void 0;\n if (!this.p.length)\n buf = chunk;\n else if (!chunk.length)\n buf = this.p;\n else {\n buf = new u8(this.p.length + chunk.length);\n buf.set(this.p), buf.set(chunk, this.p.length);\n }\n var l = buf.length, oc = this.c, add = oc && this.d;\n var _loop_2 = function () {\n var _a;\n var sig = b4(buf, i);\n if (sig == 0x4034B50) {\n f = 1, is = i;\n this_1.d = null;\n this_1.c = 0;\n var bf = b2(buf, i + 6), cmp_1 = b2(buf, i + 8), u = bf & 2048, dd = bf & 8, fnl = b2(buf, i + 26), es = b2(buf, i + 28);\n if (l > i + 30 + fnl + es) {\n var chks_3 = [];\n this_1.k.unshift(chks_3);\n f = 2;\n var sc_1 = b4(buf, i + 18), su_1 = b4(buf, i + 22);\n var fn_1 = strFromU8(buf.subarray(i + 30, i += 30 + fnl), !u);\n if (sc_1 == 4294967295) {\n _a = dd ? [-2] : z64e(buf, i), sc_1 = _a[0], su_1 = _a[1];\n }\n else if (dd)\n sc_1 = -1;\n i += es;\n this_1.c = sc_1;\n var d_1;\n var file_1 = {\n name: fn_1,\n compression: cmp_1,\n start: function () {\n if (!file_1.ondata)\n err(5);\n if (!sc_1)\n file_1.ondata(null, et, true);\n else {\n var ctr = _this_1.o[cmp_1];\n if (!ctr)\n file_1.ondata(err(14, 'unknown compression type ' + cmp_1, 1), null, false);\n d_1 = sc_1 < 0 ? new ctr(fn_1) : new ctr(fn_1, sc_1, su_1);\n d_1.ondata = function (err, dat, final) { file_1.ondata(err, dat, final); };\n for (var _i = 0, chks_4 = chks_3; _i < chks_4.length; _i++) {\n var dat = chks_4[_i];\n d_1.push(dat, false);\n }\n if (_this_1.k[0] == chks_3 && _this_1.c)\n _this_1.d = d_1;\n else\n d_1.push(et, true);\n }\n },\n terminate: function () {\n if (d_1 && d_1.terminate)\n d_1.terminate();\n }\n };\n if (sc_1 >= 0)\n file_1.size = sc_1, file_1.originalSize = su_1;\n this_1.onfile(file_1);\n }\n return \"break\";\n }\n else if (oc) {\n if (sig == 0x8074B50) {\n is = i += 12 + (oc == -2 && 8), f = 3, this_1.c = 0;\n return \"break\";\n }\n else if (sig == 0x2014B50) {\n is = i -= 4, f = 3, this_1.c = 0;\n return \"break\";\n }\n }\n };\n var this_1 = this;\n for (; i < l - 4; ++i) {\n var state_1 = _loop_2();\n if (state_1 === \"break\")\n break;\n }\n this.p = et;\n if (oc < 0) {\n var dat = f ? buf.subarray(0, is - 12 - (oc == -2 && 8) - (b4(buf, is - 16) == 0x8074B50 && 4)) : buf.subarray(0, i);\n if (add)\n add.push(dat, !!f);\n else\n this.k[+(f == 2)].push(dat);\n }\n if (f & 2)\n return this.push(buf.subarray(i), final);\n this.p = buf.subarray(i);\n }\n if (final) {\n if (this.c)\n err(13);\n this.p = null;\n }\n };\n /**\n * Registers a decoder with the stream, allowing for files compressed with\n * the compression type provided to be expanded correctly\n * @param decoder The decoder constructor\n */\n Unzip.prototype.register = function (decoder) {\n this.o[decoder.compression] = decoder;\n };\n return Unzip;\n}());\nexport { Unzip };\nvar mt = typeof queueMicrotask == 'function' ? queueMicrotask : typeof setTimeout == 'function' ? setTimeout : function (fn) { fn(); };\nexport function unzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var files = {};\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558) {\n cbd(err(13, 0, 1), null);\n return tAll;\n }\n }\n ;\n var lft = b2(data, e + 8);\n if (lft) {\n var c = lft;\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = lft = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n var _loop_3 = function (i) {\n var _a = zh(data, o, z), c_1 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n if (d)\n files[fn] = d;\n if (!--lft)\n cbd(null, files);\n }\n };\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_1\n })) {\n if (!c_1)\n cbl(null, slc(data, b, b + sc));\n else if (c_1 == 8) {\n var infl = data.subarray(b, b + sc);\n if (sc < 320000) {\n try {\n cbl(null, inflateSync(infl, new u8(su)));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(inflate(infl, { size: su }, cbl));\n }\n else\n cbl(err(14, 'unknown compression type ' + c_1, 1), null);\n }\n else\n cbl(null, null);\n };\n for (var i = 0; i < c; ++i) {\n _loop_3(i);\n }\n }\n else\n cbd(null, {});\n return tAll;\n}\n/**\n * Synchronously decompresses a ZIP archive. Prefer using `unzip` for better\n * performance with more than one file.\n * @param data The raw compressed ZIP file\n * @param opts The ZIP extraction options\n * @returns The decompressed files\n */\nexport function unzipSync(data, opts) {\n var files = {};\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558)\n err(13);\n }\n ;\n var c = b2(data, e + 8);\n if (!c)\n return {};\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n for (var i = 0; i < c; ++i) {\n var _a = zh(data, o, z), c_2 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_2\n })) {\n if (!c_2)\n files[fn] = slc(data, b, b + sc);\n else if (c_2 == 8)\n files[fn] = inflateSync(data.subarray(b, b + sc), new u8(su));\n else\n err(14, 'unknown compression type ' + c_2);\n }\n }\n return files;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// A salt notation is used to randomize signatures.\n// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks\n// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).\n// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.\n// some chosen-prefix attacks.\n// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.\nconst SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org';\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuerKeyID,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.unknownSubpackets = [];\n this.signedHashValue = null;\n this.salt = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n this.preferredCipherSuites = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes, config = defaultConfig) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n // Only for v6 signatures, a variable-length field containing:\n if (this.version === 6) {\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[i++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(i, i + saltLength);\n i += saltLength;\n }\n\n const signatureMaterial = bytes.subarray(i, bytes.length);\n const { read, signatureParams } = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial);\n if (read < signatureMaterial.length) {\n throw new Error('Error reading MPIs');\n }\n this.params = signatureParams;\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n if (this.version === 6) {\n arr.push(new Uint8Array([this.salt.length]));\n arr.push(this.salt);\n }\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false, config) {\n this.version = key.version;\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n // add randomness to the signature\n if (this.version === 6) {\n const saltLength = saltLengthForHash(this.hashAlgorithm);\n if (this.salt === null) {\n this.salt = crypto.random.getRandomBytes(saltLength);\n } else if (saltLength !== this.salt.length) {\n throw new Error('Provided salt does not have the required length');\n }\n } else if (config.nonDeterministicSignaturesViaNotation) {\n const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME));\n // since re-signing the same object is not supported, it's not expected to have multiple salt notations,\n // but we guard against it as a sanity check\n if (saltNotations.length === 0) {\n const saltValue = crypto.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm));\n this.rawNotations.push({\n name: SALT_NOTATION_NAME,\n value: saltValue,\n humanReadable: false,\n critical: false\n });\n } else {\n throw new Error('Unexpected existing salt notation');\n }\n }\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n if (this.preferredCipherSuites !== null) {\n bytes = new Uint8Array([].concat(...this.preferredCipherSuites));\n arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = this.unhashedSubpackets.map(({ type, critical, body }) => {\n return writeSubPacket(type, critical, body);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n // Signature subpackets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n mypos++;\n\n if (!hashed) {\n this.unhashedSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuerKeyID:\n // Issuer\n if (this.version === 4) {\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n } else if (hashed) {\n // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature,\n // since the Issuer Fingerprint subpacket is to be used instead.\n // The `issuerKeyID` value will be set when reading the issuerFingerprint packet.\n // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it,\n // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed)\n // issuerFingerprint.\n // If the packet is hashed, then we reject the signature, to avoid verifying data different from\n // what was parsed.\n throw new Error('Unexpected Issuer Key ID subpacket');\n }\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion >= 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCipherSuites:\n // Preferred AEAD Cipher Suites\n this.preferredCipherSuites = [];\n for (let i = mypos; i < bytes.length; i += 2) {\n this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);\n }\n break;\n default:\n this.unknownSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n break;\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n const subpacketLengthBytes = this.version === 6 ? 4 : 2;\n\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes));\n\n let i = subpacketLengthBytes;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) {\n // avoid hashing unexpected salt size\n throw new Error('Signature salt does not have the expected length');\n }\n\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.unknownSubpackets.forEach(({ type, critical }) => {\n if (critical) {\n throw new Error(`Unknown critical signature subpacket type ${type}`);\n }\n });\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n\n/**\n * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh.\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5}\n * @param {enums.hash} hashAlgorithm - Hash algorithm.\n * @returns {Integer} Salt length.\n * @private\n */\nfunction saltLengthForHash(hashAlgorithm) {\n switch (hashAlgorithm) {\n case enums.hash.sha256: return 16;\n case enums.hash.sha384: return 24;\n case enums.hash.sha512: return 32;\n case enums.hash.sha224: return 16;\n case enums.hash.sha3_256: return 16;\n case enums.hash.sha3_512: return 32;\n default: throw new Error('Unsupported hash function');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n static fromSignaturePacket(signaturePacket, isLast) {\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.version = signaturePacket.version === 6 ? 6 : 3;\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n onePassSig.salt = signaturePacket.salt; // v6 only\n onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only\n\n onePassSig.flags = isLast ? 1 : 0;\n return onePassSig;\n }\n\n constructor() {\n /** A one-octet version number. The current versions are 3 and 6. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** Only for v6, a variable-length field containing the salt. */\n this.salt = null;\n /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */\n this.issuerFingerprint = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current versions are 3 or 6.\n this.version = bytes[mypos++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n if (this.version === 6) {\n // Only for v6 signatures, a variable-length field containing:\n\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[mypos++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(mypos, mypos + saltLength);\n mypos += saltLength;\n\n // Only for v6 packets, 32 octets of the fingerprint of the signing key.\n this.issuerFingerprint = bytes.subarray(mypos, mypos + 32);\n mypos += 32;\n this.issuerKeyID = new KeyID();\n // For v6 the Key ID is the high-order 64 bits of the fingerprint.\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n // Only for v3 packets, an eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n }\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const arr = [new Uint8Array([\n this.version,\n this.signatureType,\n this.hashAlgorithm,\n this.publicKeyAlgorithm\n ])];\n if (this.version === 6) {\n arr.push(\n new Uint8Array([this.salt.length]),\n this.salt,\n this.issuerFingerprint\n );\n } else {\n arr.push(this.issuerKeyID.write());\n }\n arr.push(new Uint8Array([this.flags]));\n return util.concatUint8Array(arr);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID) ||\n (this.version === 3 && correspondingSig.version === 6) ||\n (this.version === 6 && correspondingSig.version !== 6) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt))\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError,\n UnknownPacketError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence,\n // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored.\n // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical.\n if (e instanceof UnknownPacketError) {\n if (parsed.tag <= 39) {\n await writer.abort(e);\n } else {\n return;\n }\n }\n\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Inflate, Deflate, Zlib, Unzlib } from 'fflate';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write());\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise.\n * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator\n * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor\n * @returns {ReadableStream} compressed or decompressed data\n */\nfunction zlib(compressionStreamInstantiator, ZlibStreamedConstructor) {\n return data => {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(inputData => {\n return new Promise((resolve, reject) => {\n const zlibStream = new ZlibStreamedConstructor();\n zlibStream.ondata = processedData => {\n resolve(processedData);\n };\n try {\n zlibStream.push(inputData, true); // only one chunk to push\n } catch (err) {\n reject(err);\n }\n });\n }));\n }\n\n // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API)\n if (compressionStreamInstantiator) {\n try {\n const compressorOrDecompressor = compressionStreamInstantiator();\n return data.pipeThrough(compressorOrDecompressor);\n } catch (err) {\n // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate.\n if (err.name !== 'TypeError') {\n throw err;\n }\n }\n }\n\n // JS fallback\n const inputReader = data.getReader();\n const zlibStream = new ZlibStreamedConstructor();\n\n return new ReadableStream({\n async start(controller) {\n zlibStream.ondata = async (value, isLast) => {\n controller.enqueue(value);\n if (isLast) {\n controller.close();\n }\n };\n\n while (true) {\n const { done, value } = await inputReader.read();\n if (done) {\n zlibStream.push(new Uint8Array(), true);\n return;\n } else if (value.length) {\n zlibStream.push(value);\n }\n }\n }\n });\n };\n}\n\nfunction bzip2Decompress() {\n return async function(data) {\n const { decode: bunzipDecode } = await import('@openpgp/seek-bzip');\n return stream.fromAsync(async () => bunzipDecode(await stream.readToEnd(data)));\n };\n}\n\n/**\n * Get Compression Stream API instatiators if the constructors are implemented.\n * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported\n * (supported formats cannot be determined in advance).\n * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat\n * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }}\n */\nconst getCompressionStreamInstantiators = compressionFormat => ({\n compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)),\n decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat))\n});\n\nconst compress_fns = {\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib)\n};\n\nconst decompress_fns = {\n uncompressed: data => data,\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib),\n bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n static fromObject({ version, aeadAlgorithm }) {\n if (version !== 1 && version !== 2) {\n throw new Error('Unsupported SEIPD version');\n }\n\n const seip = new SymEncryptedIntegrityProtectedDataPacket();\n seip.version = version;\n if (version === 2) {\n seip.aeadAlgorithm = aeadAlgorithm;\n }\n\n return seip;\n }\n\n constructor() {\n this.version = null;\n\n // The following 4 fields are for V2 only.\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = null;\n this.chunkSizeByte = null;\n this.salt = null;\n\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n this.version = await reader.readByte();\n // - A one-octet version number with value 1 or 2.\n if (this.version !== 1 && this.version !== 2) {\n throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`);\n }\n\n if (this.version === 2) {\n // - A one-octet cipher algorithm.\n this.cipherAlgorithm = await reader.readByte();\n // - A one-octet AEAD algorithm.\n this.aeadAlgorithm = await reader.readByte();\n // - A one-octet chunk size.\n this.chunkSizeByte = await reader.readByte();\n // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique.\n this.salt = await reader.readBytes(32);\n }\n\n // For V1:\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n // For V2:\n // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode.\n // - A final, summary authentication tag for the AEAD mode.\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n if (this.version === 2) {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]);\n }\n return util.concat([new Uint8Array([this.version]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n const { blockSize, keySize } = crypto.getCipherParams(sessionKeyAlgorithm);\n if (key.length !== keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n\n if (this.version === 2) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n this.salt = crypto.random.getRandomBytes(32);\n this.chunkSizeByte = config.aeadChunkSizeByte;\n this.encrypted = await runAEAD(this, 'encrypt', key, bytes);\n } else {\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n }\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n if (key.length !== crypto.getCipherParams(sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n\n let packetbytes;\n if (this.version === 2) {\n if (this.cipherAlgorithm !== sessionKeyAlgorithm) {\n // sanity check\n throw new Error('Unexpected session key algorithm');\n }\n packetbytes = await runAEAD(this, 'decrypt', key, encrypted);\n } else {\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n }\n\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n\n/**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\nexport async function runAEAD(packet, fn, key, data) {\n const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2;\n const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import)\n if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type');\n\n const mode = crypto.getAEADMode(packet.aeadAlgorithm);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0;\n const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP);\n const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n let iv;\n let ivView;\n if (isSEIPDv2) {\n const { keySize } = crypto.getCipherParams(packet.cipherAlgorithm);\n const { ivLength } = mode;\n const info = new Uint8Array(adataBuffer, 0, 5);\n const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength);\n key = derived.subarray(0, keySize);\n iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy.\n iv.fill(0, iv.length - 8);\n ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n } else { // AEADEncryptedDataPacket\n iv = packet.iv;\n // ivView is unused in this case\n }\n const modeInstance = await mode(packet.cipherAlgorithm, key);\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n let nonce;\n if (isSEIPDv2) { // SEIPD V2\n nonce = iv;\n } else { // AEADEncryptedDataPacket\n nonce = iv.slice();\n for (let i = 0; i < 8; i++) {\n nonce[iv.length - 8 + i] ^= chunkIndexArray[i];\n }\n }\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, nonce, adataArray);\n cryptedPromise.catch(() => {});\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...)\n cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray);\n cryptedPromise.catch(() => {});\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line @typescript-eslint/no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n if (isSEIPDv2) { // SEIPD V2\n ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...)\n } else { // AEADEncryptedDataPacket\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n }\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.ready.catch(() => {});\n await writer.abort(e);\n }\n });\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\nimport { runAEAD } from './sym_encrypted_integrity_protected_data';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await runAEAD(this, 'decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await runAEAD(this, 'encrypt', key, data);\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = null;\n\n // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()`\n this.publicKeyID = new KeyID();\n\n // For version 6:\n this.publicKeyVersion = null;\n this.publicKeyFingerprint = null;\n\n // For all versions:\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n static fromObject({\n version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm\n }) {\n const pkesk = new PublicKeyEncryptedSessionKeyPacket();\n\n if (version !== 3 && version !== 6) {\n throw new Error('Unsupported PKESK version');\n }\n\n pkesk.version = version;\n\n if (version === 6) {\n pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version;\n pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes();\n }\n\n pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID();\n pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm;\n pkesk.sessionKey = sessionKey;\n pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm;\n\n return pkesk;\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let offset = 0;\n this.version = bytes[offset++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n if (this.version === 6) {\n // A one-octet size of the following two fields:\n // - A one octet key version number.\n // - The fingerprint of the public key or subkey to which the session key is encrypted.\n // The size may also be zero.\n const versionAndFingerprintLength = bytes[offset++];\n if (versionAndFingerprintLength) {\n this.publicKeyVersion = bytes[offset++];\n const fingerprintLength = versionAndFingerprintLength - 1;\n this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength;\n if (this.publicKeyVersion >= 5) {\n // For v5/6 the Key ID is the high-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint);\n } else {\n // For v4 The Key ID is the low-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8));\n }\n } else {\n // The size may also be zero, and the key version and\n // fingerprint omitted for an \"anonymous recipient\"\n this.publicKeyID = KeyID.wildcard();\n }\n } else {\n offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8));\n }\n this.publicKeyAlgorithm = bytes[offset++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset));\n if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) {\n if (this.version === 3) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n } else if (this.encrypted.C.algorithm !== null) {\n throw new Error('Unexpected cleartext symmetric algorithm');\n }\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version])\n ];\n\n if (this.version === 6) {\n if (this.publicKeyFingerprint !== null) {\n arr.push(new Uint8Array([\n this.publicKeyFingerprint.length + 1,\n this.publicKeyVersion]\n ));\n arr.push(this.publicKeyFingerprint);\n } else {\n arr.push(new Uint8Array([0]));\n }\n } else {\n arr.push(this.publicKeyID.write());\n }\n\n arr.push(\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n );\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a\n // v6 PKESK packet, as it is included in the v2 SEIPD packet.\n const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n if (this.version === 3) {\n // v3 Montgomery curves have cleartext cipher algo\n const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448;\n this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm;\n\n if (sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n // add checksum\n return util.concatUint8Array([\n new Uint8Array(version === 6 ? [] : [cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = version === 6 ?\n { sessionKeyAlgorithm: null, sessionKey: result } :\n { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: version === 6 ? null : util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && (\n version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm));\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return {\n sessionKeyAlgorithm: null,\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 6 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number with value 4, 5 or 6.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following 5 fields.\n offset++;\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version >= 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following field.\n offset++;\n }\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n const s2kType = bytes[offset++];\n this.s2k = newS2KFromType(s2kType);\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version >= 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n const s2k = this.s2k.write();\n if (this.version === 6) {\n const s2kLen = s2k.length;\n const fieldsLen = 3 + s2kLen + this.iv.length;\n bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]);\n } else if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n if (this.sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n } else {\n // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v6Keys ? 6 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes, config = defaultConfig) {\n let pos = 0;\n // A one-octet version number (4, 5 or 6).\n this.version = bytes[pos++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version === 4 || this.version === 5 || this.version === 6) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version >= 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (\n this.version === 6 &&\n publicParams.oid && (\n publicParams.oid.getName() === enums.curve.curve25519Legacy ||\n publicParams.oid.getName() === enums.curve.ed25519Legacy\n )\n ) {\n throw new Error('Legacy curve25519 cannot be used with v6 keys');\n }\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version >= 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n const versionOctet = 0x95 + version;\n const lengthOctets = version >= 5 ? 4 : 2;\n return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version >= 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version >= 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line @typescript-eslint/no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError, writeTag } from './packet';\nimport computeHKDF from '../crypto/hkdf';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis\n * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older).\n * This value is only relevant to know how to decrypt the key:\n * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism.\n * @type {Boolean}\n * @private\n */\n this.isLegacyAEAD = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n /**\n * `true` for keys whose integrity is already confirmed, based on\n * the AEAD encryption mechanism\n * @type {Boolean}\n * @private\n */\n this.usedModernAEAD = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes, config = defaultConfig) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes, config);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n // - Only for a version 6 packet where the secret key material is\n // encrypted (that is, where the previous octet is not zero), a one-\n // octet scalar octet count of the cumulative length of all the\n // following optional string-to-key parameter fields.\n if (this.version === 6 && this.s2kUsage) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n i++;\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n const s2kType = bytes[i++];\n this.s2k = newS2KFromType(s2kType);\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n\n if (this.s2kUsage) {\n // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5).\n // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format).\n // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always\n // fail if the key was parsed according to the wrong format, since the keys are processed differently.\n // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag.\n this.isLegacyAEAD = this.s2kUsage === 253 && (\n this.version === 5 || (this.version === 4 && config.parseAEADEncryptedV4KeysAsLegacy));\n // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV)\n // of the same length as the cipher's block size.\n // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the\n // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm.\n // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero\n if (this.s2kUsage !== 253 || this.isLegacyAEAD) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipherParams(this.symmetric).blockSize\n );\n this.usedModernAEAD = false;\n } else {\n // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted),\n // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which\n // is used as the nonce for the AEAD algorithm.\n this.iv = bytes.subarray(\n i,\n i + crypto.getAEADMode(this.aead).ivLength\n );\n // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation.\n this.usedModernAEAD = true;\n }\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n let cleartext;\n if (this.version === 6) {\n cleartext = this.keyMaterial;\n } else {\n cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n }\n try {\n const { read, privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n if (read < cleartext.length) {\n throw new Error('Error reading MPIs');\n }\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n const s2k = this.s2k.write();\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n optionalFieldsArr.push(s2k.length);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...s2k);\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5 || (this.version === 6 && this.s2kUsage)) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage && this.version !== 6) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = newS2KFromType(enums.s2k.gnu, config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n this.isLegacyAEAD = null;\n this.usedModernAEAD = null;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n\n const { blockSize } = crypto.getCipherParams(this.symmetric);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = config.preferredAEADAlgorithm;\n const mode = crypto.getAEADMode(this.aead);\n this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead.\n this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material\n\n const serializedPacketTag = writeTag(this.constructor.tag);\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n\n const modeInstance = await mode(this.symmetric, key);\n this.iv = this.isLegacyAEAD ? crypto.random.getRandomBytes(blockSize) : crypto.random.getRandomBytes(mode.ivLength);\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData);\n } else {\n this.s2kUsage = 254;\n this.usedModernAEAD = false;\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(\n this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData);\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n this.aead = null;\n this.symmetric = null;\n this.isLegacyAEAD = null;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n if (this.usedModernAEAD) {\n // key integrity confirmed by successful AEAD decryption\n return;\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (this.version === 6 && (\n (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||\n this.algorithm === enums.publicKey.eddsaLegacy\n )) {\n throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);\n }\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\n/**\n * Derive encryption key\n * @param {Number} keyVersion - key derivation differs for v5 keys\n * @param {module:type/s2k} s2k\n * @param {String} passphrase\n * @param {module:enums.symmetric} cipherAlgo\n * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5)\n * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5)\n * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only)\n * @returns encryption key\n */\nasync function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) {\n if (s2k.type === 'argon2' && !aeadMode) {\n throw new Error('Using Argon2 S2K without AEAD is not allowed');\n }\n if (s2k.type === 'simple' && keyVersion === 6) {\n throw new Error('Using Simple S2K with version 6 keys is not allowed');\n }\n const { keySize } = crypto.getCipherParams(cipherAlgo);\n const derivedKey = await s2k.produceKey(passphrase, keySize);\n if (!aeadMode || keyVersion === 5 || isLegacyAEAD) {\n return derivedKey;\n }\n const info = util.concatUint8Array([\n serializedPacketTag,\n new Uint8Array([keyVersion, cipherAlgo, aeadMode])\n ]);\n return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize);\n}\n\nexport default SecretKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n\n /**\n * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1,\n * as well comments placed between the name (if present) and the bracketed email address:\n * - name (comment) \n * - email\n * In the first case, the `email` is the only required part, and it must contain the `@` symbol.\n * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`,\n * since they interfere with `comment` parsing.\n */\n const re = /^(?[^()]+\\s+)?(?\\([^()]+\\)\\s+)?(?<\\S+@\\S+>)$/;\n const matches = re.exec(userID);\n if (matches !== null) {\n const { name, comment, email } = matches.groups;\n this.comment = comment?.replace(/^\\(|\\)|\\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace\n this.name = name?.trim() || '';\n this.email = email.substring(1, email.length - 1); // remove brackets\n } else if (/^[^\\s@]+@[^\\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace\n this.email = userID;\n }\n\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2022 Proton AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport crypto from '../crypto';\nimport enums from '../enums';\n\n/**\n * Implementation of the Padding Packet\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}:\n * Padding Packet\n */\nclass PaddingPacket {\n static get tag() {\n return enums.packet.padding;\n }\n\n constructor() {\n this.padding = null;\n }\n\n /**\n * Read a padding packet\n * @param {Uint8Array | ReadableStream} bytes\n */\n read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars\n // Padding packets are ignored, so this function is never called.\n }\n\n /**\n * Write the padding packet\n * @returns {Uint8Array} The padding packet.\n */\n write() {\n return this.padding;\n }\n\n /**\n * Create random padding.\n * @param {Number} length - The length of padding to be generated.\n * @throws {Error} if padding generation was not successful\n * @async\n */\n async createPadding(length) {\n this.padding = await crypto.random.getRandomBytes(length);\n }\n}\n\nexport default PaddingPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures,\n * `enums.signatures.certGeneric` should be given regardless of the actual trust level)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm for a set of keys.\n * @param {Array} [targetKeys] - The keys to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {\n /**\n * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the\n * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).\n * if no keys are available, `preferredSenderAlgo` is returned.\n * For ECC signing key, the curve preferred hash is taken into account as well (see logic below).\n */\n const defaultAlgo = enums.hash.sha256; // MUST implement\n const preferredSenderAlgo = config.preferredHashAlgorithm;\n\n const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => {\n const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config);\n const targetPrefs = selfCertification.preferredHashAlgorithms;\n return targetPrefs;\n }));\n const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys\n for (const supportedAlgos of supportedAlgosPerTarget) {\n for (const hashAlgo of supportedAlgos) {\n try {\n // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on\n const supportedAlgo = enums.write(enums.hash, hashAlgo);\n supportedAlgosMap.set(\n supportedAlgo,\n supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1\n );\n } catch {}\n }\n }\n const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo;\n const getStrongestSupportedHashAlgo = () => {\n if (supportedAlgosMap.size === 0) {\n return defaultAlgo;\n }\n const sortedHashAlgos = Array.from(supportedAlgosMap.keys())\n .filter(hashAlgo => isSupportedHashAlgo(hashAlgo))\n .sort((algoA, algoB) => crypto.hash.getHashByteLength(algoA) - crypto.hash.getHashByteLength(algoB));\n const strongestHashAlgo = sortedHashAlgos[0];\n // defaultAlgo is always implicilty supported, and might be stronger than the rest\n return crypto.hash.getHashByteLength(strongestHashAlgo) >= crypto.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo;\n };\n\n const eccAlgos = new Set([\n enums.publicKey.ecdsa,\n enums.publicKey.eddsaLegacy,\n enums.publicKey.ed25519,\n enums.publicKey.ed448\n ]);\n\n if (eccAlgos.has(signingKeyPacket.algorithm)) {\n // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:\n // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5\n // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough;\n // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve\n // preferred algo, even if not supported by all targets.\n const preferredCurveAlgo = crypto.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid);\n\n const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo);\n const preferredSenderAlgoStrongerThanCurveAlgo = crypto.hash.getHashByteLength(preferredSenderAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo);\n\n if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) {\n return preferredSenderAlgo;\n } else {\n const strongestSupportedAlgo = getStrongestSupportedHashAlgo();\n return crypto.hash.getHashByteLength(strongestSupportedAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo) ?\n strongestSupportedAlgo :\n preferredCurveAlgo;\n }\n }\n\n // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this,\n // since it was manually set by the sender.\n return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo();\n}\n\n/**\n * Returns the preferred compression algorithm for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred compression algorithm\n * @async\n */\nexport async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = enums.compression.uncompressed;\n const preferredSenderAlgo = config.preferredCompressionAlgorithm;\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config);\n const recipientPrefs = selfCertification.preferredCompressionAlgorithms;\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred\n * @async\n */\nexport async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));\n const withAEAD = keys.length ?\n selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :\n config.aeadProtect;\n\n if (withAEAD) {\n const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };\n const desiredCipherSuites = [\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },\n { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }\n ];\n for (const desiredCipherSuite of desiredCipherSuites) {\n if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(\n cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo\n ))) {\n return desiredCipherSuite;\n }\n }\n return defaultCipherSuite;\n }\n const defaultSymAlgo = enums.symmetric.aes128;\n const desiredSymAlgo = config.preferredSymmetricAlgorithm;\n return {\n symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ?\n desiredSymAlgo :\n defaultSymAlgo,\n aeadAlgo: undefined\n };\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {Array} recipientKeys - keys to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config);\n signaturePacket.rawNotations = [...notations];\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n const isHardRevocation = ![\n enums.reasonForRevocation.keyRetired,\n enums.reasonForRevocation.keySuperseded,\n enums.reasonForRevocation.userIDInvalid\n ].includes(revocationSignature.reasonForRevocationFlag);\n\n await revocationSignature.verify(\n key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve`\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy ||\n options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'curve25519':\n options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519;\n break;\n case 'curve448':\n options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448;\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function validateSigningKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateEncryptionKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateDecryptionKeyPacket(keyPacket, signature, config) {\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateSigningKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateEncryptionKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n if (primaryKey.version !== 6) {\n // check for expiration time in direct signatures (for V6 keys, the above already did so)\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const selfCertification = await this.getPrimarySelfSignature(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature.\n await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * For V4 keys, returns the self-signature of the primary user.\n * For V5 keys, returns the latest valid direct-key self-signature.\n * This self-signature is to be used to check the key expiration,\n * algorithm preferences, and so on.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} The primary self-signature\n * @async\n */\n async getPrimarySelfSignature(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n if (primaryKey.version === 6) {\n return helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n );\n }\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n return selfCertification;\n }\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config);\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @throws {Error} if no decryption key is found\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n let exception = null;\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n if (this.subkeys[i].keyPacket.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n continue;\n }\n\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n // evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && helper.validateDecryptionKeyPacket(primaryKey, selfCertification, config)) {\n if (primaryKey.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n } else {\n keys.push(this);\n }\n }\n\n if (keys.length === 0) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('No decryption key packets found');\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.\n * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).\n * Note: Curve448 and Curve25519 are not widely supported yet.\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n // Every subkey for a v4 primary key MUST be a v4 subkey.\n // Every subkey for a v6 primary key MUST be a v6 subkey.\n // For v5 keys, since we dropped generation support, a v4 subkey is added.\n // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.\n const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nfunction getDefaultSubkeyType(algoName) {\n const algo = enums.write(enums.publicKey, algoName);\n // NB: no encryption-only algos, since they cannot be in primary keys\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n return 'rsa';\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return 'ecc';\n case enums.publicKey.ed25519:\n return 'curve25519';\n case enums.publicKey.ed448:\n return 'curve448';\n default:\n throw new Error('Unsupported algorithm');\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format).\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n function getKeySignatureProperties() {\n const signatureProperties = {};\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n const symmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128\n ], config.preferredSymmetricAlgorithm);\n signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;\n if (config.aeadProtect) {\n const aeadAlgorithms = createPreferredAlgos([\n enums.aead.gcm,\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {\n return symmetricAlgorithms.map(symmetricAlgorithm => {\n return [symmetricAlgorithm, aeadAlgorithm];\n });\n });\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512,\n enums.hash.sha3_256,\n enums.hash.sha3_512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.uncompressed,\n enums.compression.zlib,\n enums.compression.zip\n ], config.preferredCompressionAlgorithm);\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.seipdv2;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n return signatureProperties;\n }\n\n if (secretKeyPacket.version === 6) { // add direct key signature with key prefs\n const dataToSign = {\n key: secretKeyPacket\n };\n\n const signatureProperties = getKeySignatureProperties();\n signatureProperties.signatureType = enums.signature.key;\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n packetlist.push(signaturePacket);\n }\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {\n userID: userIDPacket,\n key: secretKeyPacket\n };\n const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};\n signatureProperties.signatureType = enums.signature.certPositive;\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);\n return createKey(firstKeyPacketList);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n return new PrivateKey(firstPrivateKeyList);\n }\n throw new Error('No secret key packet found');\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n if (keys.length === 0) {\n throw new Error('No secret key packet found');\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport { Argon2OutOfMemoryError } from './type/s2k';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredCipherSuite, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm;\n\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config);\n\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable)\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n if (err instanceof Argon2OutOfMemoryError) {\n exception = err;\n }\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let decryptionKeyPackets;\n try {\n // do not check key expiration to allow decryption of old messages\n decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n } catch (err) {\n exception = err;\n return;\n }\n\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config); // TODO: Pass userID from somewhere.\n if (selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all((\n expectedSymmetricAlgorithm ?\n [expectedSymmetricAlgorithm] :\n Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)\n ).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm;\n if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config);\n const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo);\n const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) &&\n !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(symmetricAlgo);\n return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({\n version: aeadAlgorithmName ? 2 : 1,\n aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null\n });\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n\n const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({\n version: aeadAlgorithm ? 6 : 3,\n encryptionKeyPacket: encryptionKey.keyPacket,\n anonymousRecipient: wildcard,\n sessionKey,\n sessionKeyAlgorithm: symmetricAlgorithm\n });\n\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config); // this returns the existing signature packets as well\n const onePassSignaturePackets = signaturePackets.map(\n (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0))\n .reverse(); // innermost OPS refers to the first signature packet\n\n packetlist.push(...onePassSignaturePackets);\n packetlist.push(literalDataPacket);\n packetlist.push(...signaturePackets);\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n const trailingPacket = this.packets[this.packets.length - 1];\n // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer.\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ?\n trailingPacket.version !== 2 :\n this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const signingUserID = signingUserIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config);\n return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n const input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // emit header and checksum if one of the signatures has a version not 6\n const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6);\n const hash = emitHeaderAndChecksum ?\n Array.from(new Set(this.signature.packets.map(\n packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase()\n ))).join() :\n null;\n\n const body = {\n hash,\n text: this.text,\n data: this.signature.packets.write()\n };\n\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n const hashAlgos = [];\n headers.forEach(header => {\n const hashHeader = header.match(/^Hash: (.+)$/); // get header value\n if (hashHeader) {\n const parsedHashIDs = hashHeader[1]\n .replace(/\\s/g, '') // remove whitespace\n .split(',')\n .map(hashName => {\n try {\n return enums.write(enums.hash, hashName.toLowerCase());\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase());\n }\n });\n hashAlgos.push(...parsedHashIDs);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredCompressionAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).\n * Note: Curve448 and Curve25519 (new format) are not widely supported yet.\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:\n * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n if (!type && !curve) {\n type = config.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them)\n curve = 'curve25519Legacy'; // unused with type != 'ecc'\n } else {\n type = type || 'ecc';\n curve = curve || 'curve25519Legacy';\n }\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && !config.v6Keys) {\n throw new Error('UserIDs are required for V4 keys');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) {\n throw new Error('UserIDs are required for V4 keys');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return await convertStream(data);\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return await convertStream(signature);\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data) {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","Object","setPrototypeOf","this","prototype","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","isStream","globalThis","ReadableStream","isPrototypeOf","_read","_readableState","Error","isUint8Array","Uint8Array","concatUint8Array","arrays","length","totalLength","i","result","pos","forEach","element","set","undefined","read","async","value","done","readToEnd","join","slice","clone","then","push","write","chunk","close","abort","reason","process","versions","doneReadingSet","WeakSet","externalBuffer","Reader","reader","bind","_releaseLock","_cancel","cancel","doneReading","has","add","e","toStream","start","controller","enqueue","toArrayStream","concat","list","some","map","transform","transformWithCancel","all","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","options","transformStream","TransformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","pull","highWaterMark","WritableStream","error","finish","output","data","result1","result2","flush","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","destroy","arrayStream","shift","readLine","returnVal","buffer","streams.concat","lineEndIndex","indexOf","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","byteOffset","byteLength","filter","byValue","enums","curve","nistP256","p256","nistP384","p384","nistP521","p521","secp256k1","ed25519Legacy","ed25519","curve25519Legacy","curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","argon2","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","aedh","aedsa","x25519","x448","ed448","symmetric","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","sha3_256","sha3_512","webHash","aead","eax","ocb","gcm","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","padding","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuerKeyID","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","preferredCipherSuites","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","seipdv2","type","config","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","aeadProtect","parseAEADEncryptedV4KeysAsLegacy","preferredAEADAlgorithm","aeadChunkSizeByte","v6Keys","enableParsingV5Entities","s2kType","s2kIterationCountByte","s2kArgon2Params","passes","parallelism","memoryExponent","allowUnauthenticatedMessages","allowUnauthenticatedStream","minRSABits","passwordCollisionCheck","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","allowMissingKeyFlags","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","nonDeterministicSignaturesViaNotation","useEllipticFallback","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","debugMode","env","NODE_ENV","util","isString","String","nodeRequire","stream.isUint8Array","stream.isStream","getNobleCurve","publicKeyAlgo","curveName","defaultConfig","nobleCurves","import","readNumber","n","writeNumber","b","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","readExactSubarray","leftPad","padded","offset","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","hex","k","parseInt","uint8ArrayToHex","hexAlphabet","s","v","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","printDebug","log","printDebugError","x","r","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","webCrypto","crypto","subtle","getNodeCrypto","webcrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","sub","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","a","selectUint8","isAES","cipherAlgo","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","getType","header","match","addheader","customComment","getCheckSum","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","base64.encode","from","toString","btoa","atob","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","removeChecksum","body","lastEquals","lastIndexOf","unarmor","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","stream.isArrayStream","stream.readToEnd","messageType","partIndex","partTotal","emitChecksum","maybeBodyClone","stream.passiveClone","getLegacyCipher","algo","legacyCiphers","cipher","getCipherBlockSize","getCipherKeySize","getCipherParams","keySize","blockSize","md5cycle","c","d","ff","gg","hh","ii","add32","cmn","q","md5blk","md5blks","hex_chr","rhex","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","update","digest","nobleHash","nobleHashName","webCryptoHashName","getNobleHash","nobleHashes","hashInstance","create","entree","state","substring","tail","md51","getHashByteLength","isBytes","lengths","exists","instance","checkFinished","destroyed","finished","out","min","outputLen","u8","arr","u32","createView","toBytes","utf8ToBytes","copyBytes","equalBytes","diff","wrapCipher","params","assign","setBigUint64","view","isLE","_32n","BigInt","_u32_max","wh","Number","wl","setUint32","isAligned32","clean","fill","BLOCK_SIZE","ZEROS16","ZEROS32","swapLE","GHASH","expectedLength","blockLen","s0","s1","s2","s3","abytes","kView","k0","getUint32","k1","k2","k3","doubles","W","estimateWindow","windows","windowSize","items","w","d0","d1","d2","d3","_updateBlock","o0","o1","o2","o3","mask","num","bytePos","bitPos","bit","e0","e1","e2","e3","aexists","b32","blocks","left","elm","digestInto","aoutput","o32","res","Polyval","ghKey","reverse","hiBit","carry","_toGHASHKey","wrapConstructorWithKey","hashCons","hashC","msg","tmp","ghash","EMPTY_BLOCK","POLY","mul2","mul","sbox","box","invSbox","_","rotr32_8","rotl32_8","byteSwap","word","genTtable","T0","T1","T2","T3","T01","T23","sbox2","Uint16Array","idx","tableEncoding","tableDecoding","xPowers","p","expandKeyLE","len","toClean","k32","Nk","subByte","applySbox","xk","expandKeyDecLE","encKey","apply0123","encrypt","rounds","t0","t1","t2","t3","decrypt","getDst","dst","ctrCounter","nonce","src","srcLen","ctr","c32","src32","dst32","ctr32","ctrPos","ctrNum","nonceLength","processCtr","plaintext","ciphertext","cbc","iv","opts","pcks5","disablePadding","o","_out","outLen","remaining","validateBlockEncrypt","_iv","n32","tmp32","paddingByte","padPCKS","validateBlockDecrypt","ps0","ps1","ps2","ps3","lastByte","validatePCKS","cfb","processCfb","isEncrypt","next32","tagLength","AAD","_computeTag","authKey","tagMask","aadLength","h","computeTag","deriveKeys","counter","nonceLen","g","passedTag","isBytes32","encryptBlock","block","decryptBlock","AESW","kek","a0","a1","chunks","AESKW_IV","aeskw","sum","pad","concatBytes","unsafe","knownAlgos","getCiphers","nodeAlgos","WebCryptoEncryptor","prevBlock","nextBlock","zeroBlock","isSupported","importKey","_runCBC","nonZeroIV","mode","keyRef","encryptChunk","missing","added","leftover","toEncrypt","encryptedBlocks","xorMut","encryptedBlock","curBlock","clearSensitiveData","ct","NobleStreamProcessor","forEncryption","nobleAesHelpers","getUint32Array","_runCFB","processChunk","toProcess","processedBlocks","processedBlock","aLength","algoName","decipherObj","createDecipheriv","nodeDecrypt","nobleAesCfb","aesDecrypt","cipherfn","block_size","blockp","decblock","pt","cipherObj","createCipheriv","nodeEncrypt","aesEncrypt","blockc","encblock","blockLength","rightXORMut","CMAC","CBC","padding2","err","nobleAesCbc","ivLength","zero","one","two","OMAC","cmac","CTR","en","final","nobleAesCtr","EAX","omac","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","T","xor","OCB","maxNtz","aes","encipher","decipher","crypt","m","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","checksum","xorInput","$","cipherInput","mask_x","mask_$","constructKeyVariables","crypted","ALGO","GCM","setAAD","getAuthTag","de","setAuthTag","_key","webcryptoEmptyMessagesUnsupported","userAgent","nobleAesGcm","additionalData","_0n","_1n","uint8ArrayToBigInt","mod","reduced","modExp","exp","lsb","abs","modInv","gcd","aInput","bInput","y","xPrev","yPrev","aNegated","bNegated","_egcd","bigIntToNumber","number","MAX_SAFE_INTEGER","getBit","bitLength","bitlen","_8n","bigIntToUint8Array","endian","rawLength","getRandomBytes","getRandomValues","getRandomBigInteger","modulus","randomProbablePrime","_30n","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","n1","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","count","randomBytes","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","hashed","emLen","hashPrefix","tLen","EM","privateToJWK","u","pNum","qNum","dNum","dq","dp","kty","qi","ext","publicToJWK","jwkToPrivate","jwk","format","constants","RSA_PKCS1_PADDING","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","publicEncrypt","bnEncrypt","keyGenOpt","modulusLength","publicExponent","keyPair","generateKey","exportKey","publicKeyEncoding","privateKeyEncoding","generateKeyPair","jwkPrivateKey","phi","hashAlgo","hashName","sign","webSign","createSign","nodeSign","bnSign","_2n","rde","verify","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","c1","c2","pSize","threshold","nacl","gf","init","Float64Array","randombytes","_9","gf0","gf1","_121665","D","D2","X","Y","I","ts64","l","crypto_verify_32","xi","yi","vn","set25519","car25519","sel25519","pack25519","neq25519","par25519","unpack25519","A","Z","M","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","z","f","x32","x16","crypto_scalarmult_base","K","crypto_hashblocks_hl","hl","bh0","bh1","bh2","bh3","bh4","bh5","bh6","bh7","bl0","bl1","bl2","bl3","bl4","bl5","bl6","bl7","th","tl","Int32Array","ah0","ah1","ah2","ah3","ah4","ah5","ah6","ah7","al0","al1","al2","al3","al4","al5","al6","al7","crypto_hash","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","reduce","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","TypeError","scalarMult","crypto_box_keypair","fromSecretKey","signedMsg","sm","smlen","crypto_sign","detached","sig","crypto_sign_open","fromSeed","seed","setPRNG","cleanup","knownOIDs","OID","oid","toHex","getName","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callback","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","lengthByte","nextPacket","UnsupportedError","captureStackTrace","UnknownPacketError","UnparseablePacket","rawContent","generate","webCryptoKey","getPayloadSize","utils","randomPrivateKey","getPublicKey","getPreferredHashAlgo","privateKeyToJWK","RS","publicKeyToJWK","crv","wrap","dataToWrap","wrappingKey","keyToWrap","wrapped","wrapKey","nobleAesKW","unwrap","wrappedData","unwrapped","unwrapKey","computeHKDF","inputKey","salt","info","importedKey","deriveBits","HKDF_INFO","generateEphemeralEncryptionMaterial","recipientA","ephemeralSecretKey","sharedSecret","assertNonZeroArray","ephemeralPublicKey","getSharedSecret","recomputeSharedSecret","acc","wrappedKey","hkdfInput","aesKW.unwrap","encryptionKey","aesKW.wrap","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","wireFormatLeadingByte","CurveWithOID","oidOrName","genKeyPair","namedCurve","jwkToRawPublic","webGenKeyPair","jsGenKeyPair","createECDH","generateKeys","getPrivateKey","nodeGenKeyPair","ecdhXGenerate","eddsaGenerate","validateStandardParams","Q","supportedCurves","dG","checkPublicPointEnconding","V","pointSize","nobleCurve","bufX","bufY","rawPublicToJWK","ecKeyUtils","nodeBuffer","derPrivateKey","generateDer","dsaEncoding","lowS","tryFallbackVerificationForOldBug","jsVerify","verified","derPublicKey","eddsaSign","eddsaVerify","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","ecdhXGenerateEphemeralEncryptionMaterial","recipient","public","webPublicEphemeralKey","jsPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","genPrivateEphemeralKey","ecdhXRecomputeSharedSecret","secret","webPrivateEphemeralKey","jsPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","C","pkcs5.decode","pkcs5.encode","xr","qSize","u1","u2","rsa","elliptic","signatureParams","rsSize","eddsa","publicKeyParams","privateKeyParams","publicParams","curveSize","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","fromObject","algorithm","followLength","checkSupportedCurve","getCurvePayloadSize","ecdhX","privateParams","prefixrandom","repeat","ECDHSymkey","sessionKeyParams","keyAlgo","symmetricAlgo","algosWithNativeRepresentation","orderedParams","keys","validateParams","algoModule","random","pkcs1","pkcs5","aesKW","Argon2OutOfMemoryError","loadArgonWasmModule","argon2Promise","Argon2S2K","encodedM","generateSalt","produceKey","passphrase","decodedM","default","version","password","memorySize","GenericS2K","getCount","numBytes","rlength","prefixlen","toHash","datalen","allowedS2KTypesForEncryption","newS2KFromType","newS2KFromConfig","u16","fleb","fdeb","clim","freb","eb","_a","fl","revfl","_b","fd","revfd","rev","hMap","cd","mb","co","le","rvb","sv","r_1","flt","fdt","flm","flrm","fdm","fdrm","bits16","shft","slc","BYTES_PER_ELEMENT","ec","ind","nt","code","wbits","wbits16","hTree","et","sort","i0","i1","i2","maxSym","tr","mbt","ln","dt","lft","cst","i2_1","i2_2","i2_3","lc","cl","cli","cln","cls","clen","cf","wfblk","dat","wblk","syms","lf","df","li","bl","dlt","mlb","ddt","mdb","_c","lclt","nlc","_d","lcdt","ndc","lcfreq","_e","lct","mlcb","nlcc","lm","ll","dm","dl","flen","ftlen","dtlen","llm","lcts","it","clct","deo","dopt","opt","pre","post","st","lvl","plvl","lst","msk_1","head","bs1_1","bs2_1","hsh","lc_1","wi","hv","imod","pimod","rem","ch_1","dif","maxn","maxd","ml","nl","mmd","md","ti","lin","din","dflt","level","mem","Deflate","cb","ondata","Inflate","bts","sl","noBuf","noSt","cbuf","nbuf","bt","lbt","dbt","tbts","hLit","hcLen","ldt","clt","clb","clbmsk","clm","lt","lms","dms","lpos","sym","dsym","inflt","Zlib","raw","lv","zlh","wbytes","Unzlib","td","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","KeyID","equals","keyID","matchWildcard","isWildcard","isNull","mapToHex","fromID","wildcard","SALT_NOTATION_NAME","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","unknownSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","saltLength","signatureMaterial","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","saltLengthForHash","saltValue","humanReadable","critical","writeHashedSubPackets","stream.slice","stream.clone","writeSubPacket","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLengthBytes","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","fromSignaturePacket","signaturePacket","isLast","onePassSig","flags","args","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","fromBinary","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","chunkSize","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","compressionFn","compress_fns","compressionStreamInstantiator","ZlibStreamedConstructor","inputData","zlibStream","processedData","compressorOrDecompressor","pipeThrough","inputReader","bzip2Decompress","bunzipDecode","getCompressionStreamInstantiators","compressionFormat","compressor","CompressionStream","decompressor","DecompressionStream","SymEncryptedIntegrityProtectedDataPacket","aeadAlgorithm","seip","cipherAlgorithm","chunkSizeByte","encrypted","sessionKeyAlgorithm","runAEAD","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","isSEIPDv2","isAEADP","getAEADMode","tagLengthIfDecrypting","tagLengthIfEncrypting","chunkIndexSizeIfAEADEP","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","ivView","latestPromise","cryptedBytes","queuedBytes","derived","modeInstance","size","stream.pipe","finalChunk","cryptedPromise","setInt32","desiredSize","AEADEncryptedDataPacket","PublicKeyEncryptedSessionKeyPacket","publicKeyID","publicKeyVersion","publicKeyFingerprint","sessionKey","encryptionKeyPacket","anonymousRecipient","pkesk","versionAndFingerprintLength","fingerprintLength","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","hasEncryptedAlgo","sessionKeyData","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","s2kLen","fieldsLen","generateSessionKey","PublicKeyPacket","expirationTimeV3","fromSecretKeyPacket","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","versionOctet","lengthOctets","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","fromSecretSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","isLegacyAEAD","usedModernAEAD","startOfSecretKeyData","unparseableKeyMaterial","cleartext","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","serializedPacketTag","produceEncryptionKey","associateData","cleartextWithHash","validate","validParams","generateParams","keyVersion","aeadMode","derivedKey","UserIDPacket","email","comment","components","matches","exec","groups","trim","otherUserID","SecretSubkeyPacket","TrustPacket","PaddingPacket","createPadding","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","recipientKeys","signingKeyPacket","recipientUserIDs","targetKeys","targetUserIDs","defaultAlgo","preferredSenderAlgo","supportedAlgosPerTarget","getPrimarySelfSignature","supportedAlgosMap","Map","supportedAlgos","supportedAlgo","isSupportedHashAlgo","getStrongestSupportedHashAlgo","strongestHashAlgo","algoA","algoB","preferredCurveAlgo","getPreferredCurveHashAlgo","preferredSenderAlgoIsSupported","preferredSenderAlgoStrongerThanCurveAlgo","strongestSupportedAlgo","mergeSignatures","source","dest","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","isHardRevocation","sanitizeKeyOptions","subkeyDefaults","validateSigningKeyPacket","validateEncryptionKeyPacket","validateDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","certify","signingKeys","isPrivate","signingKey","getSigningKey","isRevoked","certificate","verifyCertificate","verificationKeys","issuerKeys","getKeys","verifyAllCertifications","certifications","certification","valid","selfCertification","sourceUser","srcSelfSig","srcRevSig","revoke","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","helper.checkKeyRequirements","helper.validateSigningKeyPacket","getEncryptionKey","helper.validateEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","getPrimaryUser","primaryUser","B","pop","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","getRevocationCertificate","applyRevocationCertificate","revocationCertificate","signPrimaryUser","privateKeys","userSign","signAllUsers","verifyPrimaryUser","verifyAllUsers","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","pubSubkeyPacket","getDecryptionKeys","helper.validateDecryptionKeyPacket","Boolean","addSubkey","defaultOptions","getDefaultSubkeyType","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","getKeySignatureProperties","symmetricAlgorithms","aeadAlgorithms","flatMap","symmetricAlgorithm","userIDs","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","keyIndex","readPrivateKey","firstPrivateKeyList","readKeys","armoredKeys","binaryKeys","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","symEncryptedPacketlist","symEncryptedPacket","expectedSymmetricAlgorithm","sessionKeyObjects","decryptSessionKeys","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgo","selfSigs","selfSig","defaultCipherSuite","desiredCipherSuites","desiredCipherSuite","cipherSuite","defaultSymAlgo","desiredSymAlgo","getPreferredCipherSuite","symmetricAlgoName","aeadAlgoName","maybeKey","encryptionKeyIDs","aeadAlgorithmName","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","signingUserIDs","literalDataPacket","signaturePackets","createSignaturePackets","onePassSignaturePackets","signDetached","recipientKeyIDs","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","appendSignature","detachedSignature","trailingPacket","signingUserID","existingSigPacketlist","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","streamType","createMessage","literalDataPacketlist","CleartextMessage","newSignature","emitHeaderAndChecksum","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","check","hashHeader","parsedHashIDs","createCleartextMessage","checkConfig","toArray","helper.generateSecretKey","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","decryptKey","clonedPrivateKey","passphrases","encryptKey","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","senderAlgoSupport","recipientPrefs","getPreferredCompressionAlgo","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","object"],"mappings":";6GAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxB,WAAAC,GACEC,QAEAC,OAAOC,eAAeC,KAAMN,EAAYO,WAExCD,KAAKX,GAAsB,IAAIa,SAAQ,CAACC,EAASC,KAC/CJ,KAAKT,GAAsBY,EAC3BH,KAAKR,GAAqBY,CAAM,IAElCJ,KAAKX,GAAoBgB,OAAM,QACnC,EAsCA,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAab,MAAMc,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,CACX,CACEX,KAAKgB,OAAST,CAChB,CCjEA,SAASU,EAASV,GAChB,GAAID,EAAcC,GAChB,MAAO,QAET,GAAIW,EAAWC,gBAAkBD,EAAWC,eAAelB,UAAUmB,cAAcb,GACjF,MAAO,MAGT,GAAIA,KACAW,EAAWC,gBAAkBZ,aAAiBW,EAAWC,iBACpC,mBAAhBZ,EAAMc,OAAwD,iBAAzBd,EAAMe,eAClD,MAAUC,MAAM,sIAElB,SAAIhB,IAASA,EAAMC,YACV,UAGX,CAOA,SAASgB,EAAajB,GACpB,OAAOkB,WAAWxB,UAAUmB,cAAcb,EAC5C,CAOA,SAASmB,EAAiBC,GACxB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACtC,IAAKN,EAAaG,EAAOG,IACvB,MAAUP,MAAM,8DAGlBM,GAAeF,EAAOG,GAAGF,MAC7B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAAQ,SAAUC,GACvBH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MACnB,IAESG,CACT,CD3CArC,EAAYO,UAAUO,UAAY,WAIhC,YAH2B4B,IAAvBpC,KAAKP,KACPO,KAAKP,GAAgB,GAEhB,CACL4C,KAAMC,gBACEtC,KAAKX,GACPW,KAAKP,KAAkBO,KAAK4B,OACvB,CAAEW,WAAOH,EAAWI,MAAM,GAE5B,CAAED,MAAOvC,KAAKA,KAAKP,MAAkB+C,MAAM,IAGxD,EAEA9C,EAAYO,UAAUwC,UAAYH,eAAeI,SACzC1C,KAAKX,GACX,MAAM0C,EAASW,EAAK1C,KAAK2C,MAAM3C,KAAKP,KAEpC,OADAO,KAAK4B,OAAS,EACPG,CACT,EAEArC,EAAYO,UAAU2C,MAAQ,WAC5B,MAAMA,EAAQ,IAAIlD,EAIlB,OAHAkD,EAAMvD,GAAsBW,KAAKX,GAAoBwD,MAAK,KACxDD,EAAME,QAAQ9C,KAAK,IAEd4C,CACT,EAkCAlC,EAAOT,UAAU8C,MAAQT,eAAeU,GACtChD,KAAKgB,OAAO8B,KAAKE,EACnB,EAOAtC,EAAOT,UAAUgD,MAAQX,iBACvBtC,KAAKgB,OAAOzB,IACd,EAOAmB,EAAOT,UAAUiD,MAAQZ,eAAea,GAEtC,OADAnD,KAAKgB,OAAOxB,GAAmB2D,GACxBA,CACT,EAOAzC,EAAOT,UAAUY,YAAc,WAAa,EC5GC,iBAAvBK,EAAWkC,SACxBlC,EAAWkC,QAAQC,SCA5B,MAAMC,EAAiB,IAAIC,QAMrBC,EAAiBlE,OAAO,kBAS9B,SAASmE,EAAOlD,GAKd,GAJAP,KAAKgB,OAAST,EACVA,EAAMiD,KACRxD,KAAKwD,GAAkBjD,EAAMiD,GAAgBb,SAE3CrC,EAAcC,GAAQ,CACxB,MAAMmD,EAASnD,EAAMC,YAIrB,OAHAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,YACpB5D,KAAK6D,QAAU,OAEnB,CAEE,GADiB5C,EAASV,GACV,CACd,MAAMmD,EAASnD,EAAMC,YAOrB,OANAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,KAClBF,EAAO5C,OAAOT,OAAM,eACpBqD,EAAO7C,aAAa,OAEtBb,KAAK6D,QAAUH,EAAOI,OAAOH,KAAKD,GAEtC,CACE,IAAIK,GAAc,EAClB/D,KAAKqB,MAAQiB,SACPyB,GAAeT,EAAeU,IAAIzD,GAC7B,CAAEgC,WAAOH,EAAWI,MAAM,IAEnCuB,GAAc,EACP,CAAExB,MAAOhC,EAAOiC,MAAM,IAE/BxC,KAAK4D,aAAe,KAClB,GAAIG,EACF,IACET,EAAeW,IAAI1D,EACpB,CAAC,MAAM2D,GAAG,CACjB,CAEA,CC/CA,SAASC,EAAS5D,GAEhB,OADiBU,EAASV,GAEjBA,EAEF,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJA,EAAWC,QAAQ/D,GACnB8D,EAAWpB,OACjB,GAEA,CAOA,SAASsB,EAAchE,GACrB,GAAIU,EAASV,GACX,OAAOA,EAET,MAAMS,EAAS,IAAItB,EAMnB,MALA,WACE,MAAMiB,EAASC,EAAUI,SACnBL,EAAOoC,MAAMxC,SACbI,EAAOsC,OACd,EAJD,GAKOjC,CACT,CAQA,SAASwD,EAAOC,GACd,OAAIA,EAAKC,MAAK1D,GAAUC,EAASD,KAAYV,EAAcU,KAiB7D,SAAsByD,GACpBA,EAAOA,EAAKE,IAAIR,GAChB,MAAMS,EAAYC,GAAoBvC,eAAea,SAC7CjD,QAAQ4E,IAAIC,EAAWJ,KAAI3D,GAAU8C,EAAO9C,EAAQmC,KAC9D,IACE,IAAI6B,EAAO9E,QAAQC,UACnB,MAAM4E,EAAaN,EAAKE,KAAI,CAAC3D,EAAQc,IAAMmD,EAAcjE,GAAQ,CAACkE,EAAUC,KAC1EH,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKF,EAAUN,EAAUO,SAAU,CACxDE,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,OAET,OAAOJ,EAAUM,QACnB,CA7BWI,CAAab,GAElBA,EAAKC,MAAK1D,GAAUV,EAAcU,KAkCxC,SAA2ByD,GACzB,MAAM1C,EAAS,IAAIrC,EACnB,IAAIsF,EAAO9E,QAAQC,UAOnB,OANAsE,EAAKxC,SAAQ,CAACjB,EAAQc,KACpBkD,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKpE,EAAQe,EAAQ,CAC1CsD,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,KAEFjD,CACT,CA3CWwD,CAAkBd,GAEJ,iBAAZA,EAAK,GACPA,EAAK/B,KAAK,IAEZhB,EAAiB+C,EAC1B,CA+CAnC,eAAe8C,EAAK7E,EAAOiF,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzE,EAASV,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4D,EAAS5D,GACjB,IACE,GAAIA,EAAMiD,GAAiB,CACzB,MAAM7C,EAASC,EAAU4E,GACzB,IAAK,IAAI1D,EAAI,EAAGA,EAAIvB,EAAMiD,GAAgB5B,OAAQE,UAC1CnB,EAAOgF,YACPhF,EAAOoC,MAAMxC,EAAMiD,GAAgB1B,IAE3CnB,EAAOE,aACf,OACYN,EAAMqF,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,iBAEH,CAAC,MAAMxB,GAAG,CACX,MACJ,CAEE,MAAMR,EAASlD,EADfD,EAAQgE,EAAchE,IAEhBI,EAASC,EAAU4E,GACzB,IAEE,OAAa,OACL7E,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACH6C,SAAoB1E,EAAOsC,QAChC,KACR,OACYtC,EAAOoC,MAAMR,EACzB,CACG,CAAC,MAAO2B,GACFuB,SAAoB9E,EAAOuC,MAAMgB,EAC1C,CAAY,QACRR,EAAO7C,cACPF,EAAOE,aACX,CACA,CAQA,SAASgF,EAAatF,EAAOuF,GAC3B,MAAMC,EAAkB,IAAIC,gBAAgBF,GAE5C,OADAV,EAAK7E,EAAOwF,EAAgBZ,UACrBY,EAAgBb,QACzB,CAOA,SAASL,EAAoBoB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLpB,SAAU,IAAI/D,eAAe,CAC3B,KAAAiD,CAAMC,GACJ+B,EAAmB/B,CACpB,EACD,IAAAkC,GACML,EACFA,IAEAG,GAAS,CAEZ,EACD,YAAMvC,CAAOX,GACXmD,GAAY,EACRL,SACIA,EAAa9C,GAEjBgD,GACFA,EAAgChD,EAE1C,GACO,CAACqD,cAAe,IACnBrB,SAAU,IAAIsB,eAAe,CAC3B1D,MAAOT,eAAeU,GACpB,GAAIsD,EACF,MAAU/E,MAAM,uBAElB6E,EAAiB9B,QAAQtB,GACpBqD,EAQHA,GAAS,SAPH,IAAInG,SAAQ,CAACC,EAASC,KAC1B8F,EAAmC/F,EACnCgG,EAAkC/F,CAAM,IAE1C8F,EAAmC,KACnCC,EAAkC,KAIrC,EACDlD,MAAOmD,EAAiBnD,MAAMU,KAAKyC,GACnClD,MAAOkD,EAAiBM,MAAM/C,KAAKyC,KAGzC,CASA,SAASxB,EAAUrE,EAAO6C,EAAU,KAAe,EAAEuD,EAAS,KAAe,GAC3E,GAAIrG,EAAcC,GAAQ,CACxB,MAAMqG,EAAS,IAAIlH,EAgBnB,MAfA,WACE,MAAMiB,EAASC,EAAUgG,GACzB,IACE,MAAMC,QAAapE,EAAUlC,GACvBuG,EAAU1D,EAAQyD,GAClBE,EAAUJ,IAChB,IAAI5E,EACgDA,OAApCK,IAAZ0E,QAAqC1E,IAAZ2E,EAAgCvC,EAAO,CAACsC,EAASC,SACpD3E,IAAZ0E,EAAwBA,EAAUC,QAC1CpG,EAAOoC,MAAMhB,SACbpB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,CACK,EAdD,GAeO0C,CACX,CACE,GAAI3F,EAASV,GACX,OAAOsF,EAAatF,EAAO,CACzB,eAAMqE,CAAUrC,EAAO8B,GACrB,IACE,MAAMtC,QAAeqB,EAAQb,QACdH,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACO,EACD,WAAM8C,CAAM3C,GACV,IACE,MAAMtC,QAAe4E,SACNvE,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACA,IAGE,MAAM4C,EAAU1D,EAAQ7C,GAClBwG,EAAUJ,IAChB,YAAgBvE,IAAZ0E,QAAqC1E,IAAZ2E,EAA8BvC,EAAO,CAACsC,EAASC,SACzD3E,IAAZ0E,EAAwBA,EAAUC,CAC3C,CAWA,SAAS9B,EAAc1E,EAAO0G,GAC5B,GAAIhG,EAASV,KAAWD,EAAcC,GAAQ,CAC5C,IAAI2G,EACJ,MAAMC,EAAW,IAAInB,gBAAgB,CACnC,KAAA5B,CAAMC,GACJ6C,EAA8B7C,CACtC,IAGU+C,EAAkBhC,EAAK7E,EAAO4G,EAAShC,UAEvCkC,EAAWxC,GAAoBvC,eAAea,GAClD+D,EAA4BR,MAAMvD,SAC5BiE,QACA,IAAIlH,QAAQoH,WACxB,IAEI,OADAL,EAAGE,EAASjC,SAAUmC,EAASlC,UACxBkC,EAASnC,QACpB,CACE3E,EAAQgE,EAAchE,GACtB,MAAMqG,EAAS,IAAIlH,EAEnB,OADAuH,EAAG1G,EAAOqG,GACHA,CACT,CAWA,SAASW,EAAMhH,EAAO0G,GACpB,IAAIO,EACJ,MAAMC,EAAcxC,EAAc1E,GAAO,CAAC2E,EAAUC,KAClD,MAAMzB,EAASlD,EAAU0E,GACzBxB,EAAOgE,UAAY,KACjBhE,EAAO7C,cACPuE,EAAKF,EAAUC,GACRsC,GAETD,EAAcP,EAAGvD,EAAO,IAE1B,OAAO8D,CACT,CA4BA,SAAS5E,EAAMrC,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqC,QAEf,GAAI3B,EAASV,GAAQ,CACnB,MAAMoH,EAxBV,SAAapH,GACX,GAAID,EAAcC,GAChB,MAAUgB,MAAM,qDAElB,GAAIN,EAASV,GAAQ,CACnB,MAAMoH,EAAOxD,EAAS5D,GAAOqH,MAE7B,OADAD,EAAK,GAAGnE,GAAkBmE,EAAK,GAAGnE,GAAkBjD,EAAMiD,GACnDmE,CACX,CACE,MAAO,CAAChF,EAAMpC,GAAQoC,EAAMpC,GAC9B,CAciBqH,CAAIrH,GAEjB,OADAsH,EAAUtH,EAAOoH,EAAK,IACfA,EAAK,EAChB,CACE,OAAOhF,EAAMpC,EACf,CAUA,SAASuH,EAAavH,GACpB,OAAID,EAAcC,GACTqC,EAAMrC,GAEXU,EAASV,GACJ,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJ,MAAMoD,EAAcxC,EAAc1E,GAAO+B,MAAO4C,EAAUC,KACxD,MAAMzB,EAASlD,EAAU0E,GACnBvE,EAASC,EAAUuE,GACzB,IAEE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,IAAM6B,EAAWpB,OAAU,CAAC,MAAMiB,GAAG,CAErC,kBADMvD,EAAOsC,OAE7B,CACc,IAAMoB,EAAWC,QAAQ/B,EAAO,CAAG,MAAM2B,GAAG,OACtCvD,EAAOoC,MAAMR,EACjC,CACW,CAAC,MAAM2B,GACNG,EAAWqC,MAAMxC,SACXvD,EAAOuC,MAAMgB,EAC/B,KAEQ2D,EAAUtH,EAAOkH,EACzB,IAGS9E,EAAMpC,EACf,CAQA,SAASsH,EAAUtH,EAAOqC,GAExB9C,OAAOiI,QAAQjI,OAAOkI,0BAA0BzH,EAAMX,YAAYK,YAAYgC,SAAQ,EAAEgG,EAAMC,MAC/E,gBAATD,IAGAC,EAAW3F,MACb2F,EAAW3F,MAAQ2F,EAAW3F,MAAMoB,KAAKf,GAEzCsF,EAAWC,IAAMD,EAAWC,IAAIxE,KAAKf,GAEvC9C,OAAOsI,eAAe7H,EAAO0H,EAAMC,GAAW,GAElD,CAOA,SAASvF,EAAMpC,EAAO8H,EAAM,EAAGC,EAAIC,KACjC,GAAIjI,EAAcC,GAChB,MAAUgB,MAAM,mBAElB,GAAIN,EAASV,GAAQ,CACnB,GAAI8H,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAO3C,EAAatF,EAAO,CACzB,SAAAqE,CAAUrC,EAAO8B,GACXmE,EAAYF,GACVE,EAAYjG,EAAMX,QAAUyG,GAC9BhE,EAAWC,QAAQ3B,EAAMJ,EAAOkG,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAajG,EAAMX,QAEnByC,EAAWsE,WAEvB,GAEA,CACI,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAOhE,EAAUrE,GAAOgC,IAClBA,EAAMX,SAAWyG,EAAOO,EAAY,CAACrG,GACpCqG,EAAU9F,KAAKP,EAAM,IACzB,IAAMI,EAAM6B,EAAOoE,GAAYP,EAAOC,IAC/C,CACI,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAOhE,EAAUrE,GAAOgC,IACtB,MAAMiF,EAAcoB,EAAYpE,EAAO,CAACoE,EAAWrG,IAAUA,EAC7D,GAAIiF,EAAY5F,SAAW0G,EAEzB,OADAM,EAAYjG,EAAM6E,EAAac,GACxB3F,EAAM6E,EAAaa,EAAOC,GAEjCM,EAAYpB,CAAW,GAEjC,CAEI,OADAqB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUzG,SAAYK,QAAYF,EAAUlC,GAAQ8H,EAAOC,IACtE,CAIE,OAHI/H,EAAMiD,KACRjD,EAAQiE,EAAOjE,EAAMiD,GAAgBgB,OAAO,CAACjE,MAE3CiB,EAAajB,GACRA,EAAMyI,SAASX,EAAOC,IAAQC,IAAWhI,EAAMqB,OAAS0G,GAE1D/H,EAAMoC,MAAM0F,EAAOC,EAC5B,CASAhG,eAAeG,EAAUlC,EAAOmC,EAAK8B,GACnC,OAAIlE,EAAcC,GACTA,EAAMkC,UAAUC,GAErBzB,EAASV,GACJC,EAAUD,GAAOkC,UAAUC,GAE7BnC,CACT,CASA+B,eAAewB,EAAOvD,EAAO4C,GAC3B,GAAIlC,EAASV,GAAQ,CACnB,GAAIA,EAAMuD,OAAQ,CAChB,MAAMwC,QAAkB/F,EAAMuD,OAAOX,GAGrC,aADM,IAAIjD,QAAQoH,YACXhB,CACb,CACI,GAAI/F,EAAM0I,QAGR,OAFA1I,EAAM0I,QAAQ9F,SACR,IAAIjD,QAAQoH,YACXnE,CAEb,CACA,CAOA,SAAS4F,EAAU9B,GACjB,MAAMiC,EAAc,IAAIxJ,EAUxB,MATA,WACE,MAAMiB,EAASC,EAAUsI,GACzB,UACQvI,EAAOoC,YAAYkE,WACnBtG,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,CACG,EARD,GASOgF,CACT,CAOA,SAAS1I,EAAUD,GACjB,OAAO,IAAIkD,EAAOlD,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CDhfAkD,EAAOxD,UAAUoC,KAAOC,iBACtB,GAAItC,KAAKwD,IAAmBxD,KAAKwD,GAAgB5B,OAAQ,CAEvD,MAAO,CAAEY,MAAM,EAAOD,MADRvC,KAAKwD,GAAgB2F,QAEvC,CACE,OAAOnJ,KAAKqB,OACd,EAKAoC,EAAOxD,UAAUY,YAAc,WACzBb,KAAKwD,KACPxD,KAAKgB,OAAOwC,GAAkBxD,KAAKwD,IAErCxD,KAAK4D,cACP,EAKAH,EAAOxD,UAAU6D,OAAS,SAASX,GACjC,OAAOnD,KAAK6D,QAAQV,EACtB,EAOAM,EAAOxD,UAAUmJ,SAAW9G,iBAC1B,IACI+G,EADAC,EAAS,GAEb,MAAQD,GAAW,CACjB,IAAI7G,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OAEjC,GADAE,GAAS,GACLC,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAEF,MAAME,EAAejH,EAAMkH,QAAQ,MAAQ,EACvCD,IACFH,EAAYE,EAAeD,EAAO9E,OAAOjC,EAAMmH,OAAO,EAAGF,KACzDF,EAAS,IAEPE,IAAiBjH,EAAMX,QACzB0H,EAAOxG,KAAKP,EAAMmH,OAAOF,GAE/B,CAEE,OADAxJ,KAAK2J,WAAWL,GACTD,CACT,EAOA5F,EAAOxD,UAAU2J,SAAWtH,iBAC1B,MAAME,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,OACV,MAAMqH,EAAOtH,EAAM,GAEnB,OADAvC,KAAK2J,QAAQG,EAAcvH,EAAO,IAC3BsH,CACT,EAOApG,EAAOxD,UAAU8J,UAAYzH,eAAeV,GAC1C,MAAM0H,EAAS,GACf,IAAIU,EAAe,EAEnB,OAAa,CACX,MAAMxH,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAIF,GAFAA,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBpI,EAAQ,CAC1B,MAAMqI,EAAeV,EAAeD,GAEpC,OADAtJ,KAAK2J,QAAQG,EAAcG,EAAcrI,IAClCkI,EAAcG,EAAc,EAAGrI,EAC5C,CACA,CACA,EAOA6B,EAAOxD,UAAUiK,UAAY5H,eAAeV,GAC1C,MAAMuI,QAAcnK,KAAK+J,UAAUnI,GAEnC,OADA5B,KAAK2J,QAAQQ,GACNA,CACT,EAOA1G,EAAOxD,UAAU0J,QAAU,YAAYS,GAChCpK,KAAKwD,KACRxD,KAAKwD,GAAkB,IAGL,IAAlB4G,EAAOxI,QAAgBJ,EAAa4I,EAAO,KAC3CpK,KAAKwD,GAAgB5B,QAAUwI,EAAO,GAAGxI,QACzC5B,KAAKwD,GAAgB,GAAG6G,YAAcD,EAAO,GAAGxI,OAEhD5B,KAAKwD,GAAgB,GAAK,IAAI/B,WAC5BzB,KAAKwD,GAAgB,GAAG8F,OACxBtJ,KAAKwD,GAAgB,GAAG6G,WAAaD,EAAO,GAAGxI,OAC/C5B,KAAKwD,GAAgB,GAAG8G,WAAaF,EAAO,GAAGxI,QAInD5B,KAAKwD,GAAgBmG,WAAWS,EAAOG,QAAOhI,GAASA,GAASA,EAAMX,SACxE,EAQA6B,EAAOxD,UAAUwC,UAAYH,eAAeI,EAAK6G,GAC/C,MAAMxH,EAAS,GAEf,OAAa,CACX,MAAMS,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,MACVT,EAAOe,KAAKP,EAChB,CACE,OAAOG,EAAKX,EACd,EExMA,MAAMyI,EAAUlL,OAAO,WAEvB,IAAemL,EAAA,CAObC,MAAO,CAELC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,UAA0B,YAG1BC,cAA0B,gBAE1BC,QAA0B,gBAG1BC,iBAA0B,mBAE1BC,WAA0B,mBAG1BC,gBAAyB,kBAGzBC,gBAAyB,kBAGzBC,gBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,OAAQ,EACRC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAENxB,QAAS,GAETyB,MAAO,IAOTC,UAAW,CAETC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,GACRC,SAAU,GACVC,SAAU,IAOZC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXjD,UAAW,EACXkD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,GACnBC,QAAS,IAOXC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRrB,UAAW,CAETkB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,YAAa,GACbC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,GACzBC,sBAAuB,IAOzBR,SAAU,CAERS,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTxH,UAAW,EACXyH,WAAY,EACZ3E,UAAW,GAObwD,oBAAqB,CAEnBoB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBvB,SAAU,CAERwB,sBAAuB,EAGvBxF,KAAM,EAGNyF,OAAQ,EACRC,QAAS,GAUXjR,MAAO,SAASkR,EAAM/P,GAKpB,GAJiB,iBAANA,IACTA,EAAIlE,KAAKqC,KAAK4R,EAAM/P,SAGN9B,IAAZ6R,EAAK/P,GACP,OAAO+P,EAAK/P,GAGd,MAAU3C,MAAM,sBACjB,EASDc,KAAM,SAAS4R,EAAM/P,GAQnB,GAPK+P,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChB1K,OAAOiI,QAAQkM,GAAMhS,SAAQ,EAAE0O,EAAKpO,MAClC0R,EAAKzJ,GAASjI,GAASoO,CAAG,UAILvO,IAArB6R,EAAKzJ,GAAStG,GAChB,OAAO+P,EAAKzJ,GAAStG,GAGvB,MAAU3C,MAAM,sBACpB,GCnce2S,EAAA,CAKbC,uBAAwB1J,EAAMkD,KAAKM,OAKnCmG,4BAA6B3J,EAAMoC,UAAUO,OAK7CiH,8BAA+B5J,EAAM6C,YAAYC,aAajD+G,aAAa,EAQbC,kCAAkC,EAOlCC,uBAAwB/J,EAAM6D,KAAKG,IAQnCgG,kBAAmB,GAQnBC,QAAQ,EAQRC,yBAAyB,EASzBC,QAASnK,EAAMgB,IAAIG,SASnBiJ,sBAAuB,IAcvBC,gBAAiB,CACfC,OAAQ,EACRC,YAAa,EACbC,eAAgB,IAUlBC,8BAA8B,EAe9BC,4BAA4B,EAO5BC,WAAY,KAOZC,wBAAwB,EAQxBC,wCAAwC,EASxCC,8CAA8C,EAQ9CC,sBAAsB,EAUtBC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAAClL,EAAMoC,UAAUK,OAAQzC,EAAMoC,UAAUM,OAAQ1C,EAAMoC,UAAUO,SAKlIwI,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,mBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,uCAAuC,EAOvCC,qBAAqB,EAMrBC,qBAAsB,IAAIZ,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,SAM1D0I,4BAA6B,IAAIb,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,OAAQrD,EAAMkD,KAAKE,OAMpF4I,0BAA2B,IAAId,IAAI,CAAClL,EAAMsB,UAAUI,QAAS1B,EAAMsB,UAAUK,MAM7EsK,aAAc,IAAIf,IAAI,CAAClL,EAAMC,MAAMO,aCjRrC,MAIM0L,EAAY,MAChB,IACE,MAAgC,gBAAzBvT,QAAQwT,IAAIC,QACpB,CAAC,MAAO3S,GAAG,CACZ,OAAO,CACR,EALiB,GAOZ4S,EAAO,CACXC,SAAU,SAASlQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBmQ,MACpD,EAEDC,YAhBF,OAkBExW,QAAS,SAASoG,GAChB,OAAOA,aAAgBlH,KACxB,EAED6B,aAAc0V,EAEdjW,SAAUkW,EASVC,cAAe9U,MAAO+U,EAAeC,KACnC,IAAKC,EAAcjB,oBACjB,MAAU/U,MAAM,gEAGlB,MAAMiW,YAAEA,SAAsBC,OAAO,0BACrC,OAAQJ,GACN,KAAK5M,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUO,MAAO,CAC1B,MAAM5B,EAAQ8M,EAAYrP,IAAImP,GAC9B,IAAK5M,EAAO,MAAUnJ,MAAM,qBAC5B,OAAOmJ,CACf,CACM,KAAKD,EAAMsB,UAAUY,KACnB,OAAO6K,EAAYrP,IAAI,QACzB,KAAKsC,EAAMsB,UAAUa,MACnB,OAAO4K,EAAYrP,IAAI,SACzB,QACE,MAAU5G,MAAM,qBACxB,EAGEmW,WAAY,SAAUvN,GACpB,IAAIwN,EAAI,EACR,IAAK,IAAI7V,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAChC6V,GAAM,KAAO7V,EAAKqI,EAAMA,EAAMvI,OAAS,EAAIE,GAE7C,OAAO6V,CACR,EAEDC,YAAa,SAAUD,EAAGxN,GACxB,MAAM0N,EAAI,IAAIpW,WAAW0I,GACzB,IAAK,IAAIrI,EAAI,EAAGA,EAAIqI,EAAOrI,IACzB+V,EAAE/V,GAAM6V,GAAM,GAAKxN,EAAQrI,EAAI,GAAO,IAGxC,OAAO+V,CACR,EAEDC,SAAU,SAAU3N,GAClB,MAAMwN,EAAIb,EAAKY,WAAWvN,GAE1B,OADU,IAAI4N,KAAS,IAAJJ,EAEpB,EAEDK,UAAW,SAAUC,GACnB,MAAMC,EAAUzP,KAAK0P,MAAMF,EAAKG,UAAY,KAE5C,OAAOtB,EAAKc,YAAYM,EAAS,EAClC,EAEDG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAS1P,IAAW0P,EAAO,IAAIF,KAAgC,IAA3BtP,KAAK0P,OAAOF,EAAO,KAChF,EAODM,QAAS,SAAUpO,GACjB,MACMqO,GADQrO,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAM/B,OAAO2M,EAAK2B,kBAAkBtO,EAAO,EAAG,EAAIqO,EAC7C,EASDC,kBAAmB,SAAUlY,EAAO6D,EAAOkE,GACzC,GAAI/H,EAAMqB,OAAU0G,EAAMlE,EACxB,MAAU7C,MAAM,yBAElB,OAAOhB,EAAMyI,SAAS5E,EAAOkE,EAC9B,EAQD,OAAAoQ,CAAQvO,EAAOvI,GACb,GAAIuI,EAAMvI,OAASA,EACjB,MAAUL,MAAM,wBAElB,MAAMoX,EAAS,IAAIlX,WAAWG,GACxBgX,EAAShX,EAASuI,EAAMvI,OAE9B,OADA+W,EAAOxW,IAAIgI,EAAOyO,GACXD,CACR,EAODE,gBAAiB,SAAUC,GACzB,MAAMC,EAAUjC,EAAKkC,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUxX,MAAM,YAElB,MAAM0X,EAAWH,EAAI9P,SAAS8P,EAAIlX,OAAS6G,KAAKyQ,KAAKH,EAAU,IACzDI,EAAS,IAAI1X,WAAW,EAAY,MAAVsX,IAAqB,EAAa,IAAVA,IACxD,OAAOjC,EAAKpV,iBAAiB,CAACyX,EAAQF,GACvC,EAODD,oBAAqB,SAAUF,GAC7B,IAAIhX,EACJ,IAAKA,EAAI,EAAGA,EAAIgX,EAAIlX,QAA4B,IAAXkX,EAAIhX,GAAbA,KAC5B,GAAIA,IAAMgX,EAAIlX,OACZ,OAAO,EAET,MAAMqX,EAAWH,EAAI9P,SAASlH,GAC9B,OAA+B,GAAvBmX,EAASrX,OAAS,GAASkV,EAAKsC,MAAMH,EAAS,GACxD,EAODI,gBAAiB,SAAUC,GACzB,MAAMvX,EAAS,IAAIN,WAAW6X,EAAI1X,QAAU,GAC5C,IAAK,IAAI2X,EAAI,EAAGA,EAAID,EAAI1X,QAAU,EAAG2X,IACnCxX,EAAOwX,GAAKC,SAASF,EAAI5P,OAAO6P,GAAK,EAAG,GAAI,IAE9C,OAAOxX,CACR,EAOD0X,gBAAiB,SAAUtP,GACzB,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAER,OADAxP,EAAMlI,SAAQ2X,IAAOD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAC5DD,CACR,EAODE,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKhD,EAAKC,SAAS+C,GACjB,MAAUvY,MAAM,4DAGlB,MAAMQ,EAAS,IAAIN,WAAWqY,EAAIlY,QAClC,IAAK,IAAIE,EAAI,EAAGA,EAAIgY,EAAIlY,OAAQE,IAC9BC,EAAOD,GAAKgY,EAAIE,WAAWlY,GAE7B,OAAOC,CAAM,GAEhB,EAODkY,mBAAoB,SAAU9P,GAE5B,MAAMpI,EAAS,GACTmY,EAAK,MACLC,GAHNhQ,EAAQ,IAAI1I,WAAW0I,IAGPvI,OAEhB,IAAK,IAAIE,EAAI,EAAGA,EAAIqY,EAAGrY,GAAKoY,EAC1BnY,EAAOe,KAAKkU,OAAOoD,aAAaC,MAAMrD,OAAQ7M,EAAMnB,SAASlH,EAAGA,EAAIoY,EAAKC,EAAIrY,EAAIoY,EAAKC,KAExF,OAAOpY,EAAOW,KAAK,GACpB,EAOD4X,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAASpX,EAAQb,EAAOkY,GAAY,GAClC,OAAOF,EAAQG,OAAOnY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiBD,EAAK1W,GAAS,IAAMA,EAAQ,IAAI,IACzD,EAODuX,WAAY,SAAU1K,GACpB,MAAM2K,EAAU,IAAIC,YAAY,SAEhC,SAASzX,EAAQb,EAAOkY,GAAY,GAClC,OAAOG,EAAQE,OAAOvY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiB9J,EAAM7M,GAAS,IAAMA,EAAQ,IAAI3B,YAAc,IACxE,EAQD+C,OAAQuW,EAORrZ,iBAAkBsZ,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKrE,EAAKtV,aAAa0Z,KAAYpE,EAAKtV,aAAa2Z,GACnD,MAAU5Z,MAAM,4CAGlB,GAAI2Z,EAAOtZ,SAAWuZ,EAAOvZ,OAC3B,OAAO,EAGT,IAAK,IAAIE,EAAI,EAAGA,EAAIoZ,EAAOtZ,OAAQE,IACjC,GAAIoZ,EAAOpZ,KAAOqZ,EAAOrZ,GACvB,OAAO,EAGX,OAAO,CACR,EAQDsZ,cAAe,SAAUpL,GACvB,IAAI2J,EAAI,EACR,IAAK,IAAI7X,EAAI,EAAGA,EAAIkO,EAAKpO,OAAQE,IAC/B6X,EAAKA,EAAI3J,EAAKlO,GAAM,MAEtB,OAAOgV,EAAKc,YAAY+B,EAAG,EAC5B,EAOD0B,WAAY,SAAUvB,GAChBnD,GACF9N,QAAQyS,IAAI,qBAAsBxB,EAErC,EAODyB,gBAAiB,SAAU7U,GACrBiQ,GACF9N,QAAQnC,MAAM,qBAAsBA,EAEvC,EAGD0S,MAAO,SAAUoC,GACf,IAAIC,EAAI,EACJC,EAAIF,IAAM,GAyBd,OAxBU,IAANE,IACFF,EAAIE,EACJD,GAAK,IAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEAA,CACR,EAWDE,OAAQ,SAAS9U,GACf,MAAM+U,EAAY,IAAIna,WAAWoF,EAAKjF,QAChCia,EAAOhV,EAAKjF,OAAS,EAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAI+Z,EAAM/Z,IACxB8Z,EAAU9Z,GAAM+E,EAAK/E,IAAM,EAAM+E,EAAK/E,EAAI,IAAM,EAGlD,OADA8Z,EAAUC,GAAShV,EAAKgV,IAAS,EAAuB,KAAhBhV,EAAK,IAAM,GAC5C+U,CACR,EASDE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIla,EAAIia,EAAMna,OAAS,EAAGE,GAAK,EAAGA,IACrCia,EAAMja,KAAOka,EACTla,EAAI,IACNia,EAAMja,IAAOia,EAAMja,EAAI,IAAO,EAAIka,GAIxC,OAAOD,CACR,EAODE,aAAc,WACZ,MAEMC,OAFwC,IAAfhb,GAA8BA,EAAWib,QAAUjb,EAAWib,OAAOC,QAE/Dpc,KAAKqc,iBAAiBC,UAAUF,OACrE,IAAKF,EACH,MAAU3a,MAAM,sCAElB,OAAO2a,CACR,EAMDG,cAAe,WACb,OAAOrc,KAAKiX,YAAY,SACzB,EAEDsF,YAAa,WACX,OAAOvc,KAAKiX,YAAY,OACzB,EAODuF,cAAe,WACb,OAAQxc,KAAKiX,YAAY,WAAa,CAAE,GAAEwF,MAC3C,EAEDC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADW5c,KAAKiX,YAAY,MAClB4F,OAAOjb,MAClB,EAWDkb,eAAgB,SAASjW,GACvB,IAAKiQ,EAAKC,SAASlQ,GACjB,OAAO,EAGT,MADW,+DACDkW,KAAKlW,EAChB,EAMDmW,gBAAiB,SAASnW,GAGxB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAY5B,IAAI+S,EAXAD,IACF9S,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,KAN9C,KASLA,EAAMA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIrb,EAAI,EACXob,EAAQ/S,EAAMV,QAlBP,GAkBmB3H,GAAK,EAC3Bob,EAFYpb,EAAIob,EAlBb,KAqBD/S,EAAM+S,EAAQ,IAAWC,EAAQra,KAAKoa,GAK9C,IAAKC,EAAQvb,OACX,OAAOuI,EAGT,MAAMiT,EAAa,IAAI3b,WAAW0I,EAAMvI,OAASub,EAAQvb,QACzD,IAAIuY,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,EAAIqb,EAAQvb,OAAQE,IAAK,CACvC,MAAMub,EAAMlT,EAAMnB,SAASmU,EAAQrb,EAAI,IAAM,EAAGqb,EAAQrb,IACxDsb,EAAWjb,IAAIkb,EAAKlD,GACpBA,GAAKkD,EAAIzb,OACTwb,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,GACR,CAEM,OADAiD,EAAWjb,IAAIgI,EAAMnB,SAASmU,EAAQA,EAAQvb,OAAS,IAAM,GAAIuY,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAIxb,WAAW,CA1C5B,UA0CoCW,GAChD,EAMDkb,UAAW,SAASzW,GAGlB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAc5B,IAAI+S,EAlBK,MAMP/S,EADE8S,GAJK,KAIU9S,EAAM,GACf2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,IAE7C,IAAI1I,WAAW0I,IAGfA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,IAAMqI,EAAMvI,OAAQE,EAAIob,EAAO,CAC7CA,EAAQ/S,EAAMV,QArBP,GAqBmB3H,GAAK,EAC1Bob,IAAOA,EAAQ/S,EAAMvI,QAC1B,MAAMia,EAAOqB,GAtBN,KAsBe/S,EAAM+S,GAAgB,EAAI,GAC5Cpb,GAAGqI,EAAMoT,WAAWpD,EAAGrY,EAAG+Z,GAC9B1B,GAAK0B,EAAO/Z,CACpB,CACM,OAAOqI,EAAMnB,SAAS,EAAGmR,EAAE,IAC1B,IAAO8C,EAAc,IAAIxb,WAAW,CA5B5B,UA4BoCW,GAChD,EAKDob,qBAAsB,SAASxN,GAC7B,OAAOA,EAAKyN,MAAM,MAAM9Y,KAAI+Y,IAC1B,IAAI5b,EAAI4b,EAAK9b,OAAS,EACtB,KAAOE,GAAK,IAAkB,MAAZ4b,EAAK5b,IAA0B,OAAZ4b,EAAK5b,IAA2B,OAAZ4b,EAAK5b,IAAcA,KAC5E,OAAO4b,EAAKhU,OAAO,EAAG5H,EAAI,EAAE,IAC3BY,KAAK,KACT,EAEDib,UAAW,SAASpK,EAAS7M,GAC3B,IAAKA,EACH,OAAWnF,MAAMgS,GAInB,IACE7M,EAAM6M,QAAUA,EAAU,KAAO7M,EAAM6M,OACxC,CAAC,MAAOrP,GAAG,CAEZ,OAAOwC,CACR,EAQDkX,wBAAyB,SAASC,GAChC,MAAMlZ,EAAM,CAAE,EAOd,OANAkZ,EAAe5b,SAAQ6b,IACrB,IAAKA,EAAYC,IACf,MAAUxc,MAAM,0CAElBoD,EAAImZ,EAAYC,KAAOD,CAAW,IAE7BnZ,CACR,EAUDqZ,WAAY,SAASC,GAEnB,OAAO,IAAI/d,SAAQoC,MAAOnC,EAASC,KACjC,IAAI8d,QACEhe,QAAQ4E,IAAImZ,EAAStZ,KAAIrC,UAC7B,IACEnC,QAAcge,EACf,CAAC,MAAOja,GACPga,EAAYha,CACtB,MAEM9D,EAAO8d,EAAU,GAEpB,EASDE,iBAAkB,SAASC,EAAMC,EAAGzG,GAClC,MAAMjW,EAAS6G,KAAKC,IAAI4V,EAAE1c,OAAQiW,EAAEjW,QAC9BG,EAAS,IAAIN,WAAWG,GAC9B,IAAI0G,EAAM,EACV,IAAK,IAAIxG,EAAI,EAAGA,EAAIC,EAAOH,OAAQE,IACjCC,EAAOD,GAAMwc,EAAExc,GAAM,IAAMuc,EAAUxG,EAAE/V,GAAM,IAAMuc,EACnD/V,GAAQ+V,EAAOvc,EAAIwc,EAAE1c,OAAY,EAAIyc,EAAQvc,EAAI+V,EAAEjW,OAErD,OAAOG,EAAOiH,SAAS,EAAGV,EAC3B,EASDiW,YAAa,SAASF,EAAMC,EAAGzG,GAC7B,OAAQyG,EAAK,IAAMD,EAAUxG,EAAK,IAAMwG,CACzC,EAIDG,MAAO,SAASC,GACd,OAAOA,IAAehU,EAAMoC,UAAUK,QAAUuR,IAAehU,EAAMoC,UAAUM,QAAUsR,IAAehU,EAAMoC,UAAUO,MAC5H,GCtoBMqP,EAAS3F,EAAK0F,gBAEpB,IAAIkC,EACAC,EAkBG,SAASjE,EAAO7T,GACrB,IAAI+X,EAAM,IAAInd,WACd,OAAOsY,EAAiBlT,GAAMtE,IAC5Bqc,EAAM9H,EAAKpV,iBAAiB,CAACkd,EAAKrc,IAClC,MAAMkZ,EAAI,GAEJoD,EAAQpW,KAAK0P,MAAMyG,EAAIhd,OADR,IAEfuI,EAFe,GAEP0U,EACRC,EAAUJ,EAAYE,EAAI5V,SAAS,EAAGmB,IAC5C,IAAK,IAAIrI,EAAI,EAAGA,EAAI+c,EAAO/c,IACzB2Z,EAAE3Y,KAAKgc,EAAQpV,OAAW,GAAJ5H,EAAQ,KAC9B2Z,EAAE3Y,KAAK,MAGT,OADA8b,EAAMA,EAAI5V,SAASmB,GACZsR,EAAE/Y,KAAK,GAAG,IAChB,IAAOkc,EAAIhd,OAAS8c,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS9D,EAAOjU,GACrB,IAAI+X,EAAM,GACV,OAAO7E,EAAiBlT,GAAMtE,IAC5Bqc,GAAOrc,EAGP,IAAIwc,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIld,EAAI,EAAGA,EAAIkd,EAAWpd,OAAQE,IAAK,CAC1C,MAAMmd,EAAYD,EAAWld,GAC7B,IAAK,IAAIE,EAAM4c,EAAInV,QAAQwV,IAAqB,IAATjd,EAAYA,EAAM4c,EAAInV,QAAQwV,EAAWjd,EAAM,GACpF+c,GAER,CAII,IAAInd,EAASgd,EAAIhd,OACjB,KAAOA,EAAS,IAAMA,EAASmd,GAAU,GAAM,EAAGnd,IAC5Cod,EAAWE,SAASN,EAAIhd,KAAUmd,IAGxC,MAAMI,EAAUR,EAAYC,EAAIlV,OAAO,EAAG9H,IAE1C,OADAgd,EAAMA,EAAIlV,OAAO9H,GACVud,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,EAAgBC,GAC9B,OAAOvE,EAAOuE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,EAAgBpV,EAAOqV,GACrC,IAAIV,EAAUpE,EAAOvQ,GAAOmV,QAAQ,UAAW,IAI/C,OAFER,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,IAEvER,CACT,CCjFA,SAASW,EAAQzP,GACf,MAEM0P,EAAS1P,EAAK2P,MAFH,yIAIjB,IAAKD,EACH,MAAUne,MAAM,4BAMlB,MAAI,yBAAyBwb,KAAK2C,EAAO,IAChCjV,EAAM0I,MAAMC,iBAMjB,oBAAoB2J,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAME,cAGjB,iBAAiB0J,KAAK2C,EAAO,IACxBjV,EAAM0I,MAAMG,OAIjB,UAAUyJ,KAAK2C,EAAO,IACjBjV,EAAM0I,MAAMI,QAIjB,mBAAmBwJ,KAAK2C,EAAO,IAC1BjV,EAAM0I,MAAMpH,UAIjB,oBAAoBgR,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAMK,WAMjB,YAAYuJ,KAAK2C,EAAO,IACnBjV,EAAM0I,MAAMtE,eADrB,CAGF,CAWA,SAAS+Q,EAAUC,EAAe3L,GAChC,IAAInS,EAAS,GAWb,OAVImS,EAAO6B,cACThU,GAAU,YAAcmS,EAAO+B,cAAgB,MAE7C/B,EAAO8B,cACTjU,GAAU,YAAcmS,EAAOgC,cAAgB,MAE7C2J,IACF9d,GAAU,YAAc8d,EAAgB,MAE1C9d,GAAU,KACHA,CACT,CAQA,SAAS+d,EAAYjZ,GACnB,MAAMkZ,EA+CR,SAAqBxf,GACnB,IAAIwf,EAAM,SACV,OAAOhG,EAAiBxZ,GAAOgC,IAC7B,MAAMyd,EAAQC,EAAiBxX,KAAK0P,MAAM5V,EAAMX,OAAS,GAAK,EACxDse,EAAQ,IAAIC,YAAY5d,EAAM+G,OAAQ/G,EAAM8H,WAAY2V,GAC9D,IAAK,IAAIle,EAAI,EAAGA,EAAIke,EAAOle,IACzBie,GAAOG,EAAMpe,GACbie,EACEK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,EAAK,KAC1BK,EAAU,GAAgB,IAAZL,GAElB,IAAK,IAAIje,EAAY,EAARke,EAAWle,EAAIS,EAAMX,OAAQE,IACxCie,EAAOA,GAAO,EAAKK,EAAU,GAAU,IAANL,EAAcxd,EAAMT,GAC3D,IACK,IAAM,IAAIL,WAAW,CAACse,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYxZ,GACxB,OAAOyZ,EAAcP,EACvB,CD9FItD,GACFiC,EAAcE,GAAOnC,EAAO8D,KAAK3B,GAAK4B,SAAS,UAC/C7B,EAAc7E,IACZ,MAAMjC,EAAI4E,EAAO8D,KAAKzG,EAAK,UAC3B,OAAO,IAAIrY,WAAWoW,EAAEvO,OAAQuO,EAAExN,WAAYwN,EAAEvN,WAAW,IAG7DoU,EAAcE,GAAO6B,KAAK3J,EAAKmD,mBAAmB2E,IAClDD,EAAc7E,GAAOhD,EAAK+C,mBAAmB6G,KAAK5G,KC0FpD,MAAMsG,EAAY,CACZzgB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAImC,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAIie,EAAMje,GAAK,GACf,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACrB4F,EAAOA,GAAO,GAAa,QAANA,EAAwB,QAAW,GAE1DK,EAAU,GAAGte,IACH,SAANie,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAIje,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAIvE,MAAMme,EAAkB,WACtB,MAAM3W,EAAS,IAAIqX,YAAY,GAG/B,OAFA,IAAIC,SAAStX,GAAQuX,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWxX,GAAQ,EAChC,IAmCA,SAASyX,EAAcC,GACrB,IAAK,IAAIlf,EAAI,EAAGA,EAAIkf,EAAQpf,OAAQE,IAC7B,mCAAmCib,KAAKiE,EAAQlf,KACnDgV,EAAKyE,gBAAoBha,MAAM,sCAAwCyf,EAAQlf,KAE5E,iDAAiDib,KAAKiE,EAAQlf,KACjEgV,EAAKyE,gBAAoBha,MAAM,mBAAqByf,EAAQlf,IAGlE,CAQA,SAASmf,EAAejR,GACtB,IAAIkR,EAAOlR,EAEX,MAAMmR,EAAanR,EAAKoR,YAAY,KAMpC,OAJID,GAAc,GAAKA,IAAenR,EAAKpO,OAAS,IAClDsf,EAAOlR,EAAKrN,MAAM,EAAGwe,IAGhBD,CACT,CAWO,SAASG,EAAQ9gB,GAEtB,OAAO,IAAIL,SAAQoC,MAAOnC,EAASC,KACjC,IACE,MAAMkhB,EAAU,qBACVC,EAAc,oDAEpB,IAAItN,EACJ,MAAM+M,EAAU,GAChB,IACIQ,EAEAC,EAHAC,EAAcV,EAEdhR,EAAO,GAEX,MAAMnJ,EAAO8a,EAAcC,EAAqBrhB,GAAO+B,MAAO4C,EAAUC,KACtE,MAAMzB,EAASme,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAIwY,QAAaha,EAAO0F,WACxB,QAAahH,IAATsb,EACF,MAAUnc,MAAM,0BAIlB,GADAmc,EAAO5G,EAAK0G,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpDrL,EAIE,GAAKuN,EAcAC,GAAYxN,IAASxJ,EAAM0I,MAAMG,SACtCgO,EAAQvE,KAAKW,IAIhB1N,EAAOA,EAAKtN,KAAK,QACjB+e,GAAW,EACXV,EAAcW,GACdA,EAAc,GACdF,GAAc,GANdxR,EAAKlN,KAAK4a,EAAK4B,QAAQ,MAAO,WAbhC,GAHIgC,EAAQvE,KAAKW,IACftd,EAAWmB,MAAM,sEAEdggB,EAAYxE,KAAKW,IAKpB,GAFAqD,EAAcW,GACdF,GAAc,EACVC,GAAYxN,IAASxJ,EAAM0I,MAAMG,OAAQ,CAC3CnT,EAAQ,CAAE6P,OAAMnJ,OAAMma,UAAS/M,SAC/B,KAClB,OAPgByN,EAAY5e,KAAK4a,QARf4D,EAAQvE,KAAKW,KACfzJ,EAAOwL,EAAQ/B,GA4B/B,CACS,CAAC,MAAOxZ,GAEP,YADA9D,EAAO8D,EAEjB,CACQ,MAAMvD,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EACF,MAAUjB,MAAM,0BAElB,MAAMmc,EAAOnb,EAAQ,GACrB,IAA2B,IAAvBmb,EAAKjU,QAAQ,OAAsC,IAAvBiU,EAAKjU,QAAQ,KAEtC,CACL,IAAI/B,QAAkBhE,EAAOjB,YACxBiF,EAAU9F,SAAQ8F,EAAY,IACnCA,EAAYgW,EAAOhW,EACnBA,EAAYoP,EAAK0G,qBAAqB9V,EAAU4X,QAAQ,MAAO,KAC/D,MAAMyC,EAAQra,EAAU+V,MAAM6D,GAC9B,GAAqB,IAAjBS,EAAMngB,OACR,MAAUL,MAAM,0BAElB,MAAM2f,EAAOD,EAAec,EAAM,GAAGpf,MAAM,GAAI,UACzChC,EAAOoC,MAAMme,GACnB,KACd,OAboBvgB,EAAOoC,MAAM2a,EAcjC,OACgB/c,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC7B,KAEK,CAAC,MAAOA,GACP9D,EAAO8D,EACb,KACKrB,MAAKP,UACF0f,EAAqBjgB,EAAO8E,QAC9B9E,EAAO8E,WAAaob,EAAiBlgB,EAAO8E,OAEvC9E,IAEX,CAgBO,SAASoR,EAAM+O,EAAahB,EAAMiB,EAAWC,EAAWvC,EAAewC,GAAe,EAAOnO,EAASqD,GAC3G,IAAIvH,EACArC,EACAuU,IAAgBzX,EAAM0I,MAAMG,SAC9BtD,EAAOkR,EAAKlR,KACZrC,EAAOuT,EAAKvT,KACZuT,EAAOA,EAAKra,MAId,MAAMyb,EAAiBD,GAAgBE,EAAoBrB,GAErDnf,EAAS,GACf,OAAQmgB,GACN,KAAKzX,EAAM0I,MAAMC,iBACfrR,EAAOe,KAAK,gCAAkCqf,EAAY,IAAMC,EAAY,WAC5ErgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAK3X,EAAM0I,MAAME,cACftR,EAAOe,KAAK,gCAAkCqf,EAAY,WAC1DpgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,WACxD,MACF,KAAK1X,EAAM0I,MAAMG,OACfvR,EAAOe,KAAK,wCACZf,EAAOe,KAAK6K,EAAO,SAASA,QAAa,MACzC5L,EAAOe,KAAKkN,EAAKsP,QAAQ,OAAQ,QACjCvd,EAAOe,KAAK,qCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCACZ,MACF,KAAK2H,EAAM0I,MAAMI,QACfxR,EAAOe,KAAK,iCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,+BACZ,MACF,KAAK2H,EAAM0I,MAAMpH,UACfhK,EAAOe,KAAK,0CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,wCACZ,MACF,KAAK2H,EAAM0I,MAAMK,WACfzR,EAAOe,KAAK,2CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,yCACZ,MACF,KAAK2H,EAAM0I,MAAMtE,UACf9M,EAAOe,KAAK,mCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCAIhB,OAAOgU,EAAKtS,OAAOzC,EACrB,CCzZOO,eAAekgB,EAAgBC,GACpC,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACnB,MAAU7L,MAAM,uBAClB,KAAKkJ,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUQ,QACrB,KAAK5C,EAAMoC,UAAUE,UAAW,CAC9B,MAAM2V,cAAEA,SAAwBjL,OAAO,4BACjCkL,EAASD,EAAcva,IAAIsa,GACjC,IAAKE,EACH,MAAUphB,MAAM,gCAElB,OAAOohB,CACb,CACI,QACE,MAAUphB,MAAM,gCAEtB,CAMA,SAASqhB,GAAmBH,GAC1B,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,KAAK5C,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUE,UACnB,OAAO,EACT,QACE,MAAUxL,MAAM,sBAEtB,CAMA,SAASshB,GAAiBJ,GACxB,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACnB,OAAO,GACT,KAAKvC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUE,UACnB,OAAO,GACT,KAAKtC,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,QACE,MAAU9L,MAAM,sBAEtB,CAMO,SAASuhB,GAAgBL,GAC9B,MAAO,CAAEM,QAASF,GAAiBJ,GAAOO,UAAWJ,GAAmBH,GAC1E,0FCjDA,SAASQ,GAASzH,EAAGjC,GACnB,IAAI+E,EAAI9C,EAAE,GACN3D,EAAI2D,EAAE,GACN0H,EAAI1H,EAAE,GACN2H,EAAI3H,EAAE,GAEV8C,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,WAC9B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,YAC5B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,OAC/B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,YAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,UAC/B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,GAAI,YAE9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,EAAG,UAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,WAC/B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,WAC5B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,GAAI,YAC9B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,GAAI,YAC7B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,GAAI,YAC9B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,UAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,YAC7B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAE/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,QAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,YAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,UAC/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,WAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,WAC9B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,GAAI,UAC7B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,WAC/B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAE9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,YAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,SAC/B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,YAC5B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,UAC/B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,GAAI,YAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,YAC/B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAE9BiC,EAAE,GAAKgI,GAAMlF,EAAG9C,EAAE,IAClBA,EAAE,GAAKgI,GAAM3L,EAAG2D,EAAE,IAClBA,EAAE,GAAKgI,GAAMN,EAAG1H,EAAE,IAClBA,EAAE,GAAKgI,GAAML,EAAG3H,EAAE,GACpB,CAEA,SAASiI,GAAIC,EAAGpF,EAAGzG,EAAG2D,EAAG7B,EAAG+B,GAE1B,OADA4C,EAAIkF,GAAMA,GAAMlF,EAAGoF,GAAIF,GAAMhI,EAAGE,IACzB8H,GAAOlF,GAAK3E,EAAM2E,IAAO,GAAK3E,EAAK9B,EAC5C,CAEA,SAASuL,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAK5L,EAAIqL,GAAQrL,EAAKsL,EAAI7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS2H,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAK5L,EAAIsL,EAAMD,GAAMC,EAAK7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS4H,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAI5L,EAAIqL,EAAIC,EAAG7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACpC,CAEA,SAAS6H,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAIP,GAAKrL,GAAMsL,GAAK7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACzC,CAyCA,SAASiI,GAAOhK,GACd,MAAMiK,EAAU,GAChB,IAAI9hB,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvB8hB,EAAQ9hB,GAAK,GAAK6X,EAAEK,WAAWlY,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,KAAO6X,EAAEK,WAAWlY,EAAI,IAC/G,IAEJ,OAAO8hB,CACT,CAEA,MAAMC,GAAU,mBAAmBpG,MAAM,IAEzC,SAASqG,GAAKnM,GACZ,IAAIgC,EAAI,GACJQ,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZR,GAAKkK,GAASlM,GAAU,EAAJwC,EAAQ,EAAM,IAAQ0J,GAASlM,GAAU,EAAJwC,EAAU,IAErE,OAAOR,CACT,CAeA,SAAS6J,GAAMlF,EAAGzG,GAChB,OAAQyG,EAAIzG,EAAK,UACnB,CC1LA,MAAMqE,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAClB2H,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAASjQ,GAChB,GAAK8P,IAAeC,GAAiB9E,SAASjL,GAG9C,OAAO3R,eAAgBuE,GACrB,MAAMsd,EAASJ,GAAWK,WAAWnQ,GACrC,OAAO8F,EAAiBlT,GAAMtE,IAC5B4hB,EAAOE,OAAO9hB,EAAM,IACnB,IAAM,IAAId,WAAW0iB,EAAOG,WAChC,CACH,CAEA,SAASC,GAAUC,EAAeC,GAChC,MAAMC,EAAepiB,UACnB,MAAMqiB,YAAEA,SAAsBlN,OAAO,0BAC/B9J,EAAOgX,EAAYxc,IAAIqc,GAC7B,IAAK7W,EAAM,MAAUpM,MAAM,oBAC3B,OAAOoM,CAAI,EAGb,OAAOrL,eAAeuE,GAIpB,GAHImb,EAAqBnb,KACvBA,QAAaob,EAAiBpb,IAE5BiQ,EAAK7V,SAAS4F,GAAO,CACvB,MAEM+d,SAFaF,KAEOG,SAC1B,OAAO9K,EAAiBlT,GAAMtE,IAC5BqiB,EAAaP,OAAO9hB,EAAM,IACzB,IAAMqiB,EAAaN,UAC5B,CAAW,GAAIpI,IAAauI,EACtB,OAAO,IAAIhjB,iBAAiBya,GAAUoI,OAAOG,EAAmB5d,IAIhE,aAFmB6d,KAEP7d,EAEf,CACH,CAEA,IAAe8G,GAAA,CAGbC,IAAKsW,GAAS,QD3ChB5hB,eAAmBwiB,GACjB,MAAMR,EAyGR,SAAc3K,GACZ,MAAMhC,EAAIgC,EAAE/X,OACNmjB,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIjjB,EACJ,IAAKA,EAAI,GAAIA,GAAK6X,EAAE/X,OAAQE,GAAK,GAC/BmhB,GAAS8B,EAAOpB,GAAOhK,EAAEqL,UAAUljB,EAAI,GAAIA,KAE7C6X,EAAIA,EAAEqL,UAAUljB,EAAI,IACpB,MAAMmjB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKnjB,EAAI,EAAGA,EAAI6X,EAAE/X,OAAQE,IACxBmjB,EAAKnjB,GAAK,IAAM6X,EAAEK,WAAWlY,KAAQA,EAAI,GAAM,GAGjD,GADAmjB,EAAKnjB,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADAmhB,GAAS8B,EAAOE,GACXnjB,EAAI,EAAGA,EAAI,GAAIA,IAClBmjB,EAAKnjB,GAAK,EAKd,OAFAmjB,EAAK,IAAU,EAAJtN,EACXsL,GAAS8B,EAAOE,GACTF,CACT,CA/HiBG,CAAKpO,EAAKmD,mBAAmB6K,IAC5C,OAAOhO,EAAKuC,gBAoKd,SAAamC,GACX,IAAK,IAAI1Z,EAAI,EAAGA,EAAI0Z,EAAE5Z,OAAQE,IAC5B0Z,EAAE1Z,GAAKgiB,GAAKtI,EAAE1Z,IAEhB,OAAO0Z,EAAE9Y,KAAK,GAChB,CAzK8B4W,CAAIgL,GAClC,ECyCEzW,KAAMqW,GAAS,SAAWK,GAAU,OAAQ,SAC5CrW,OAAQgW,GAAS,WAAaK,GAAU,UACxCxW,OAAQmW,GAAS,WAAaK,GAAU,SAAU,WAClDvW,OAAQkW,GAAS,WAAaK,GAAU,SAAU,WAClDtW,OAAQiW,GAAS,WAAaK,GAAU,SAAU,WAClDzW,OAAQoW,GAAS,cAAgBK,GAAU,aAC3CpW,SAAU+V,GAAS,aAAeK,GAAU,YAC5CnW,SAAU8V,GAAS,aAAeK,GAAU,YAQ5CD,OAAQ,SAAS7B,EAAM5b,GACrB,OAAQ4b,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO5N,KAAK4N,IAAI/G,GAClB,KAAK4D,EAAMkD,KAAKE,KACd,OAAO7N,KAAK6N,KAAKhH,GACnB,KAAK4D,EAAMkD,KAAKG,OACd,OAAO9N,KAAK8N,OAAOjH,GACrB,KAAK4D,EAAMkD,KAAKI,OACd,OAAO/N,KAAK+N,OAAOlH,GACrB,KAAK4D,EAAMkD,KAAKK,OACd,OAAOhO,KAAKgO,OAAOnH,GACrB,KAAK4D,EAAMkD,KAAKM,OACd,OAAOjO,KAAKiO,OAAOpH,GACrB,KAAK4D,EAAMkD,KAAKO,OACd,OAAOlO,KAAKkO,OAAOrH,GACrB,KAAK4D,EAAMkD,KAAKQ,SACd,OAAOnO,KAAKmO,SAAStH,GACvB,KAAK4D,EAAMkD,KAAKS,SACd,OAAOpO,KAAKoO,SAASvH,GACvB,QACE,MAAUtF,MAAM,6BAErB,EAOD4jB,kBAAmB,SAAS1C,GAC1B,OAAQA,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO,GACT,KAAKnD,EAAMkD,KAAKE,KAChB,KAAKpD,EAAMkD,KAAKG,OACd,OAAO,GACT,KAAKrD,EAAMkD,KAAKI,OACd,OAAO,GACT,KAAKtD,EAAMkD,KAAKK,OACd,OAAO,GACT,KAAKvD,EAAMkD,KAAKM,OACd,OAAO,GACT,KAAKxD,EAAMkD,KAAKO,OACd,OAAO,GACT,KAAKzD,EAAMkD,KAAKQ,SACd,OAAO,GACT,KAAK1D,EAAMkD,KAAKS,SACd,OAAO,GACT,QACE,MAAU7M,MAAM,2BAExB,GCxHO,SAAS6jB,GAAQ9G,GACpB,OAAQA,aAAa7c,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,IAC7D,CACA,SAASkC,GAAM0N,KAAMwN,GACjB,IAAKD,GAAQvN,GACT,MAAUtW,MAAM,uBACpB,GAAI8jB,EAAQzjB,OAAS,IAAMyjB,EAAQnG,SAASrH,EAAEjW,QAC1C,MAAUL,MAAM,iCAAiC8jB,oBAA0BxN,EAAEjW,SACrF,CAOA,SAAS0jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUlkB,MAAM,oCACpB,GAAIikB,GAAiBD,EAASG,SAC1B,MAAUnkB,MAAM,wCACxB,CACA,SAASqF,GAAO+e,EAAKJ,GACjBpb,GAAMwb,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAI/jB,OAASgkB,EACb,MAAUrkB,MAAM,yDAAyDqkB,EAEjF;uECjCO,MAAME,GAAMC,GAAQ,IAAItkB,WAAWskB,EAAIzc,OAAQyc,EAAI1b,WAAY0b,EAAIzb,YAE7D0b,GAAOD,GAAQ,IAAI5F,YAAY4F,EAAIzc,OAAQyc,EAAI1b,WAAY5B,KAAK0P,MAAM4N,EAAIzb,WAAa,IAEvF2b,GAAcF,GAAQ,IAAInF,SAASmF,EAAIzc,OAAQyc,EAAI1b,WAAY0b,EAAIzb,YAIhF,KADgF,KAA5D,IAAI7I,WAAW,IAAI0e,YAAY,CAAC,YAAa7W,QAAQ,IAErE,MAAU/H,MAAM,+CAiGb,SAAS2kB,GAAQrf,GACpB,GAAoB,iBAATA,EACPA,EAlBD,SAAqBiT,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,+BAA+BuY,GACnD,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD,CAceqM,CAAYtf,OAClB,KAAIue,GAAQve,GAGb,MAAUtF,MAAM,mCAAmCsF,GAFnDA,EAAOuf,GAAUvf,EAEyC,CAC9D,OAAOA,CACX,CA0BO,SAASwf,GAAW/H,EAAGzG,GAC1B,GAAIyG,EAAE1c,SAAWiW,EAAEjW,OACf,OAAO,EACX,IAAI0kB,EAAO,EACX,IAAK,IAAIxkB,EAAI,EAAGA,EAAIwc,EAAE1c,OAAQE,IAC1BwkB,GAAQhI,EAAExc,GAAK+V,EAAE/V,GACrB,OAAgB,IAATwkB,CACX,CAOO,MAAMC,GAAa,CAACC,EAAQtD,KAC/BpjB,OAAO2mB,OAAOvD,EAAGsD,GACVtD,GAGJ,SAASwD,GAAaC,EAAMtc,EAAY9H,EAAOqkB,GAClD,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAarc,EAAY9H,EAAOqkB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ1kB,GAASskB,EAAQE,GAC9BG,EAAKD,OAAO1kB,EAAQwkB,GAG1BJ,EAAKQ,UAAU9c,EAFM,EAEU2c,EAAIJ,GACnCD,EAAKQ,UAAU9c,EAFM,EAEU6c,EAAIN,EACvC,CASO,SAASQ,GAAYjd,GACxB,OAAOA,EAAME,WAAa,GAAM,CACpC,CAEO,SAAS+b,GAAUjc,GACtB,OAAO1I,WAAW8e,KAAKpW,EAC3B,CACO,SAASkd,MAAS1lB,GACrB,IAAK,IAAIG,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAC/BH,EAAOG,GAAGwlB,KAAK,EAEvB,CCzLA,MAAMC,GAAa,GAGbC,kBAA0B,IAAI/lB,WAAW,IACzCgmB,GAAUzB,GAAIwB,IAcdE,GAAU/P,IAASA,IAAM,EAAK,MAAS,IACtCA,IAAM,EAAK,MAAS,IACpBA,IAAM,GAAM,MAAS,EACtBA,IAAM,GAAM,IA0BlB,MAAMgQ,GAEF,WAAA/nB,CAAY+Q,EAAKiX,GACb5nB,KAAK6nB,SAAWN,GAChBvnB,KAAK6lB,UAAY0B,GACjBvnB,KAAK8nB,GAAK,EACV9nB,KAAK+nB,GAAK,EACV/nB,KAAKgoB,GAAK,EACVhoB,KAAKioB,GAAK,EACVjoB,KAAK0lB,UAAW,EAEhBwC,GADAvX,EAAMuV,GAAQvV,GACF,IACZ,MAAMwX,EAAQlC,GAAWtV,GACzB,IAAIyX,EAAKD,EAAME,UAAU,GAAG,GACxBC,EAAKH,EAAME,UAAU,GAAG,GACxBE,EAAKJ,EAAME,UAAU,GAAG,GACxBG,EAAKL,EAAME,UAAU,IAAI,GAE7B,MAAMI,EAAU,GAChB,IAAK,IAAI3mB,EAAI,EAAGA,EAAI,IAAKA,IACrB2mB,EAAQ3lB,KAAK,CAAEglB,GAAIJ,GAAOU,GAAKL,GAAIL,GAAOY,GAAKN,GAAIN,GAAOa,GAAKN,GAAIP,GAAOc,OACvEV,GAAIM,EAAIL,GAAIO,EAAIN,GAAIO,EAAIN,GAAIO,GAzDhC,CACHP,IAHcD,EA2DyCO,IAxD5C,IAHON,EA2DyCO,KAxDlC,EACzBR,IAJUD,EA2DyCO,IAvDxC,GAAON,IAAO,EACzBD,IALMD,EA2DyCM,IAtDpC,GAAOL,IAAO,EACzBD,GAAKA,IAAO,EAVP,KAUsB,KAAgB,EALjCG,KADL,IAACH,EAAIC,EAAIC,EAAIC,EA6DlB,MAAMS,EA9BS,CAACve,GAChBA,EAAQ,MACD,EACPA,EAAQ,KACD,EACJ,EAyBOwe,CAAef,GAAkB,MAC3C,IAAK,CAAC,EAAG,EAAG,EAAG,GAAG1I,SAASwJ,GACvB,MAAUnnB,MAAM,4BAA4BmnB,0BAChD1oB,KAAK0oB,EAAIA,EACT,MACME,EADO,IACUF,EACjBG,EAAc7oB,KAAK6oB,WAAa,GAAKH,EACrCI,EAAQ,GAEd,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAASG,IAEzB,IAAK,IAAIlf,EAAO,EAAGA,EAAOgf,EAAYhf,IAAQ,CAE1C,IAAIie,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,IAAK,IAAI9N,EAAI,EAAGA,EAAIuO,EAAGvO,IAAK,CAExB,KADatQ,IAAU6e,EAAIvO,EAAI,EAAM,GAEjC,SACJ,MAAQ2N,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,GAAOV,EAAQC,EAAIK,EAAI5O,GAC1D2N,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,CAC/D,CACgBL,EAAMhmB,KAAK,CAAEglB,KAAIC,KAAIC,KAAIC,MACzC,CAEQjoB,KAAK0b,EAAIoN,CACjB,CACI,YAAAM,CAAatB,EAAIC,EAAIC,EAAIC,GACpBH,GAAM9nB,KAAK8nB,GAAMC,GAAM/nB,KAAK+nB,GAAMC,GAAMhoB,KAAKgoB,GAAMC,GAAMjoB,KAAKioB,GAC/D,MAAMS,EAAEA,EAAChN,EAAEA,EAACmN,WAAEA,GAAe7oB,KAE7B,IAAIqpB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,MAAMC,GAAQ,GAAKf,GAAK,EACxB,IAAIK,EAAI,EACR,IAAK,MAAMW,IAAO,CAAC5B,EAAIC,EAAIC,EAAIC,GAC3B,IAAK,IAAI0B,EAAU,EAAGA,EAAU,EAAGA,IAAW,CAC1C,MAAM9f,EAAQ6f,IAAS,EAAIC,EAAY,IACvC,IAAK,IAAIC,EAAS,EAAIlB,EAAI,EAAGkB,GAAU,EAAGA,IAAU,CAChD,MAAMC,EAAOhgB,IAAU6e,EAAIkB,EAAWH,GAC9B3B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOvO,EAAEqN,EAAIF,EAAagB,GAC7DR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAC3ClB,GAAK,CACzB,CACA,CAEQ/oB,KAAK8nB,GAAKuB,EACVrpB,KAAK+nB,GAAKuB,EACVtpB,KAAKgoB,GAAKuB,EACVvpB,KAAKioB,GAAKuB,CAClB,CACI,MAAAnF,CAAOxd,GACHA,EAAOqf,GAAQrf,GACfqjB,GAAQlqB,MACR,MAAMmqB,EAAMnE,GAAInf,GACVujB,EAAS3hB,KAAK0P,MAAMtR,EAAKjF,OAAS2lB,IAClC8C,EAAOxjB,EAAKjF,OAAS2lB,GAC3B,IAAK,IAAIzlB,EAAI,EAAGA,EAAIsoB,EAAQtoB,IACxB9B,KAAKopB,aAAae,EAAQ,EAAJroB,EAAQ,GAAIqoB,EAAQ,EAAJroB,EAAQ,GAAIqoB,EAAQ,EAAJroB,EAAQ,GAAIqoB,EAAQ,EAAJroB,EAAQ,IAOlF,OALIuoB,IACA7C,GAAQrlB,IAAI0E,EAAKmC,SAASohB,EAAS7C,KACnCvnB,KAAKopB,aAAa3B,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,IAC9DJ,GAAMI,KAEHznB,IACf,CACI,OAAAiJ,GACI,MAAMyS,EAAEA,GAAM1b,KAEd,IAAK,MAAMsqB,KAAO5O,EACb4O,EAAIxC,GAAK,EAAKwC,EAAIvC,GAAK,EAAKuC,EAAItC,GAAK,EAAKsC,EAAIrC,GAAK,CAEhE,CACI,UAAAsC,CAAW5E,GACPuE,GAAQlqB,MACRwqB,GAAQ7E,EAAK3lB,MACbA,KAAK0lB,UAAW,EAChB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOjoB,KACrByqB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,CACf,CACI,MAAArB,GACI,MAAMoG,EAAM,IAAIjpB,WAAW8lB,IAG3B,OAFAvnB,KAAKuqB,WAAWG,GAChB1qB,KAAKiJ,UACEyhB,CACf,EAEA,MAAMC,WAAgBhD,GAClB,WAAA/nB,CAAY+Q,EAAKiX,GAEb,MAAMgD,EAzIP,SAAqBrR,GACxBA,EAAEsR,UACF,MAAMC,EAAgB,EAARvR,EAAE,IAEhB,IAAIwR,EAAQ,EACZ,IAAK,IAAIjpB,EAAI,EAAGA,EAAIyX,EAAE3X,OAAQE,IAAK,CAC/B,MAAM4Z,EAAInC,EAAEzX,GACZyX,EAAEzX,GAAM4Z,IAAM,EAAKqP,EACnBA,GAAa,EAAJrP,IAAU,CAC3B,CAEI,OADAnC,EAAE,IAAe,KAARuR,EACFvR,CACX,CA6HsByR,CAAY5E,GAD1BzV,EAAMuV,GAAQvV,KAEd9Q,MAAM+qB,EAAOhD,GACbP,GAAMuD,EACd,CACI,MAAAvG,CAAOxd,GACHA,EAAOqf,GAAQrf,GACfqjB,GAAQlqB,MACR,MAAMmqB,EAAMnE,GAAInf,GACVwjB,EAAOxjB,EAAKjF,OAAS2lB,GACrB6C,EAAS3hB,KAAK0P,MAAMtR,EAAKjF,OAAS2lB,IACxC,IAAK,IAAIzlB,EAAI,EAAGA,EAAIsoB,EAAQtoB,IACxB9B,KAAKopB,aAAa1B,GAAOyC,EAAQ,EAAJroB,EAAQ,IAAK4lB,GAAOyC,EAAQ,EAAJroB,EAAQ,IAAK4lB,GAAOyC,EAAQ,EAAJroB,EAAQ,IAAK4lB,GAAOyC,EAAQ,EAAJroB,EAAQ,KAOjH,OALIuoB,IACA7C,GAAQrlB,IAAI0E,EAAKmC,SAASohB,EAAS7C,KACnCvnB,KAAKopB,aAAa1B,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,KAC7FJ,GAAMI,KAEHznB,IACf,CACI,UAAAuqB,CAAW5E,GACPuE,GAAQlqB,MACRwqB,GAAQ7E,EAAK3lB,MACbA,KAAK0lB,UAAW,EAEhB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOjoB,KACrByqB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,EAAIkF,SACnB,EAEA,SAASI,GAAuBC,GAC5B,MAAMC,EAAQ,CAACC,EAAKza,IAAQua,EAASva,EAAKya,EAAIxpB,QAAQyiB,OAAO6B,GAAQkF,IAAM9G,SACrE+G,EAAMH,EAAS,IAAIzpB,WAAW,IAAK,GAIzC,OAHA0pB,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMtG,OAAS,CAAClU,EAAKiX,IAAmBsD,EAASva,EAAKiX,GAC/CuD,CACX,CACO,MAAMG,GAAQL,IAAuB,CAACta,EAAKiX,IAAmB,IAAID,GAAMhX,EAAKiX,KAC7DqD,IAAuB,CAACta,EAAKiX,IAAmB,IAAI+C,GAAQha,EAAKiX,KCtMxF,MAAML,GAAa,GAEbgE,GAAc,IAAI9pB,WAAW8lB,IAC7BiE,GAAO,IAEb,SAASC,GAAK9T,GACV,OAAQA,GAAK,EAAM6T,KAAS7T,GAAK,EACrC,CACA,SAAS+T,GAAIpN,EAAGzG,GACZ,IAAI6S,EAAM,EACV,KAAO7S,EAAI,EAAGA,IAAM,EAEhB6S,GAAOpM,IAAU,EAAJzG,GACbyG,EAAImN,GAAKnN,GAEb,OAAOoM,CACX,CAGA,MAAMiB,kBAAuB,MACzB,MAAMjQ,EAAI,IAAIja,WAAW,KACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,IAAKA,IAAK0Z,GAAKiQ,GAAKjQ,GAC3CE,EAAE5Z,GAAK0Z,EACX,MAAMoQ,EAAM,IAAInqB,WAAW,KAC3BmqB,EAAI,GAAK,GACT,IAAK,IAAI9pB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,IAAI0Z,EAAIE,EAAE,IAAM5Z,GAChB0Z,GAAKA,GAAK,EACVoQ,EAAIlQ,EAAE5Z,IAA+D,KAAxD0Z,EAAKA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAK,GACrE,CAEI,OADA6L,GAAM3L,GACCkQ,CACV,EAb4B,GAevBC,kBAA0BF,GAAKhnB,KAAI,CAACmnB,EAAG3R,IAAMwR,GAAKliB,QAAQ0Q,KAE1D4R,GAAYpU,GAAOA,GAAK,GAAOA,IAAM,EACrCqU,GAAYrU,GAAOA,GAAK,EAAMA,IAAM,GAEpCsU,GAAYC,GAAWA,GAAQ,GAAM,WACrCA,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAKrB,SAASC,GAAUR,EAAM1kB,GACrB,GAAoB,MAAhB0kB,EAAK/pB,OACL,MAAUL,MAAM,qBACpB,MAAM6qB,EAAK,IAAIjM,YAAY,KAAKxb,KAAI,CAACmnB,EAAG3R,IAAMlT,EAAG0kB,EAAKxR,MAChDkS,EAAKD,EAAGznB,IAAIqnB,IACZM,EAAKD,EAAG1nB,IAAIqnB,IACZO,EAAKD,EAAG3nB,IAAIqnB,IACZQ,EAAM,IAAIrM,YAAY,OACtBsM,EAAM,IAAItM,YAAY,OACtBuM,EAAQ,IAAIC,YAAY,OAC9B,IAAK,IAAI7qB,EAAI,EAAGA,EAAI,IAAKA,IACrB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,MAAMyS,EAAU,IAAJ9qB,EAAUqY,EACtBqS,EAAII,GAAOR,EAAGtqB,GAAKuqB,EAAGlS,GACtBsS,EAAIG,GAAON,EAAGxqB,GAAKyqB,EAAGpS,GACtBuS,EAAME,GAAQjB,EAAK7pB,IAAM,EAAK6pB,EAAKxR,EAC/C,CAEI,MAAO,CAAEwR,OAAMe,QAAON,KAAIC,KAAIC,KAAIC,KAAIC,MAAKC,MAC/C,CACA,MAAMI,kBAAgCV,GAAUR,IAAOhS,GAAO+R,GAAI/R,EAAG,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAK+R,GAAI/R,EAAG,KACzGmT,kBAAgCX,GAAUN,IAAUlS,GAAO+R,GAAI/R,EAAG,KAAO,GAAO+R,GAAI/R,EAAG,KAAO,GAAO+R,GAAI/R,EAAG,IAAM,EAAK+R,GAAI/R,EAAG,MAC9HoT,kBAA0B,MAC5B,MAAMC,EAAI,IAAIvrB,WAAW,IACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,GAAIA,IAAK0Z,EAAIiQ,GAAKjQ,GACzCwR,EAAElrB,GAAK0Z,EACX,OAAOwR,CACV,EAL+B,GAMzB,SAASC,GAAYtc,GACxBuX,GAAOvX,GACP,MAAMuc,EAAMvc,EAAI/O,OAChB,IAAK,CAAC,GAAI,GAAI,IAAIsd,SAASgO,GACvB,MAAU3rB,MAAM,qDAAqD2rB,GACzE,MAAMR,MAAEA,GAAUG,GACZM,EAAU,GACX/F,GAAYzW,IACbwc,EAAQrqB,KAAM6N,EAAMyV,GAAUzV,IAClC,MAAMyc,EAAMpH,GAAIrV,GACV0c,EAAKD,EAAIxrB,OACT0rB,EAAW3V,GAAM4V,GAAUb,EAAO/U,EAAGA,EAAGA,EAAGA,GAC3C6V,EAAK,IAAIrN,YAAY+M,EAAM,IACjCM,EAAGrrB,IAAIirB,GAEP,IAAK,IAAItrB,EAAIurB,EAAIvrB,EAAI0rB,EAAG5rB,OAAQE,IAAK,CACjC,IAAI4Z,EAAI8R,EAAG1rB,EAAI,GACXA,EAAIurB,GAAO,EACX3R,EAAI4R,EAAQvB,GAASrQ,IAAMqR,GAAQjrB,EAAIurB,EAAK,GACvCA,EAAK,GAAKvrB,EAAIurB,GAAO,IAC1B3R,EAAI4R,EAAQ5R,IAChB8R,EAAG1rB,GAAK0rB,EAAG1rB,EAAIurB,GAAM3R,CAC7B,CAEI,OADA2L,MAAS8F,GACFK,CACX,CACO,SAASC,GAAe9c,GAC3B,MAAM+c,EAAST,GAAYtc,GACrB6c,EAAKE,EAAO/qB,QACZ0qB,EAAKK,EAAO9rB,QACZ8qB,MAAEA,GAAUG,IACZT,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOO,GAE3B,IAAK,IAAIhrB,EAAI,EAAGA,EAAIurB,EAAIvrB,GAAK,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACnBqT,EAAG1rB,EAAIqY,GAAKuT,EAAOL,EAAKvrB,EAAI,EAAIqY,GAExCkN,GAAMqG,GAEN,IAAK,IAAI5rB,EAAI,EAAGA,EAAIurB,EAAK,EAAGvrB,IAAK,CAC7B,MAAM0Z,EAAIgS,EAAG1rB,GACPinB,EAAIwE,GAAUb,EAAOlR,EAAGA,EAAGA,EAAGA,GACpCgS,EAAG1rB,GAAKsqB,EAAO,IAAJrD,GAAYsD,EAAItD,IAAM,EAAK,KAAQuD,EAAIvD,IAAM,GAAM,KAAQwD,EAAGxD,IAAM,GACvF,CACI,OAAOyE,CACX,CAEA,SAASG,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GACrC,OAAQuE,EAAM1E,GAAM,EAAK,MAAYC,IAAO,EAAK,KAC7C0E,EAAMzE,IAAO,EAAK,MAAYC,IAAO,GAAM,IACnD,CACA,SAASsF,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAClC,OAAQyE,EAAY,IAAL5E,EAAmB,MAALC,GACxB2E,EAAQ1E,IAAO,GAAM,IAAUC,IAAO,GAAM,QAAY,EACjE,CACA,SAAS2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQI,GAC5B,IAAItT,EAAI,EACPuO,GAAM0F,EAAGjU,KAAQwO,GAAMyF,EAAGjU,KAAQyO,GAAMwF,EAAGjU,KAAQ0O,GAAMuF,EAAGjU,KAC7D,MAAMsU,EAASL,EAAG5rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAI+rB,EAAQ/rB,IAAK,CAC7B,MAAMgsB,EAAKN,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GAC/C8F,EAAKP,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAK1E,EAAIC,EAAIC,EAAIH,GAC/CkG,EAAKR,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAKzE,EAAIC,EAAIH,EAAIC,GAC/CkG,EAAKT,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAKxE,EAAIH,EAAIC,EAAIC,GACpDF,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGjU,KAAOgU,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAIjCF,GAHNyF,EAAGjU,KAAOgU,GAAUb,EAAO3E,EAAIC,EAAIC,EAAIH,GAGzBE,GAFdwF,EAAGjU,KAAOgU,GAAUb,EAAO1E,EAAIC,EAAIH,EAAIC,GAEjBE,GADtBuF,EAAGjU,KAAOgU,GAAUb,EAAOzE,EAAIH,EAAIC,EAAIC,GAEtD,CAEA,SAASkG,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQK,GAC5B,IAAIvT,EAAI,EACPuO,GAAM0F,EAAGjU,KAAQwO,GAAMyF,EAAGjU,KAAQyO,GAAMwF,EAAGjU,KAAQ0O,GAAMuF,EAAGjU,KAC7D,MAAMsU,EAASL,EAAG5rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAI+rB,EAAQ/rB,IAAK,CAC7B,MAAMgsB,EAAKN,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAK3E,EAAIG,EAAID,EAAID,GAC/CgG,EAAKP,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAK1E,EAAID,EAAIG,EAAID,GAC/CgG,EAAKR,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAKzE,EAAID,EAAID,EAAIG,GAC/CgG,EAAKT,EAAGjU,KAAOoU,GAAUnB,EAAKC,EAAKxE,EAAID,EAAID,EAAID,GACpDA,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGjU,KAAOgU,GAAUb,EAAO5E,EAAIG,EAAID,EAAID,GAIjCA,GAHNyF,EAAGjU,KAAOgU,GAAUb,EAAO3E,EAAID,EAAIG,EAAID,GAGzBA,GAFdwF,EAAGjU,KAAOgU,GAAUb,EAAO1E,EAAID,EAAID,EAAIG,GAEjBA,GADtBuF,EAAGjU,KAAOgU,GAAUb,EAAOzE,EAAID,EAAID,EAAID,GAEtD,CACA,SAASqG,GAAOjB,EAAKkB,GACjB,QAAYhsB,IAARgsB,EACA,OAAO,IAAI3sB,WAAWyrB,GAE1B,GADAhF,GAAOkG,GACHA,EAAIxsB,OAASsrB,EACb,MAAU3rB,MAAM,oDAAoD2rB,WAAakB,EAAIxsB,UACzF,IAAKwlB,GAAYgH,GACb,MAAU7sB,MAAM,iBACpB,OAAO6sB,CACX,CAEA,SAASC,GAAWb,EAAIc,EAAOC,EAAKH,GAChClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACP,MAAMC,EAASD,EAAI3sB,OACnBwsB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GAEhB,IAAI3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACjE,MAAMC,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GAElB,IAAK,IAAItsB,EAAI,EAAGA,EAAI,GAAK6sB,EAAM/sB,OAAQE,GAAK,EAAG,CAC3C8sB,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKgmB,EAC9B8G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKimB,EAC9B6G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKkmB,EAC9B4G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKmmB,EAE9B,IAAI8C,EAAQ,EACZ,IAAK,IAAIjpB,EAAI2sB,EAAI7sB,OAAS,EAAGE,GAAK,EAAGA,IACjCipB,EAASA,GAAkB,IAAT0D,EAAI3sB,IAAc,EACpC2sB,EAAI3sB,GAAa,IAARipB,EACTA,KAAW,IAEZjD,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACtE,CAGI,MAAMtqB,EAAQmjB,GAAa9e,KAAK0P,MAAMwW,EAAM/sB,OA/M3B,GAgNjB,GAAIwC,EAAQoqB,EAAQ,CAChB,MAAMrE,EAAM,IAAIhK,YAAY,CAAC2H,EAAIC,EAAIC,EAAIC,IACnCrJ,EAAMkH,GAAGqE,GACf,IAAK,IAAIroB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI0sB,EAAQ1sB,IAAKE,IAC1CosB,EAAItsB,GAAKysB,EAAIzsB,GAAK8c,EAAI5c,GAC1BqlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAIA,SAASS,GAAMrB,EAAI5G,EAAM0H,EAAOC,EAAKH,GACjClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACPH,EAAMD,GAAOI,EAAI3sB,OAAQwsB,GACzB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GACV9H,EAAOV,GAAWwI,GAClBE,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZU,EAASlI,EAAO,EAAI,GACpB4H,EAASD,EAAI3sB,OAEnB,IAAImtB,EAASpI,EAAK0B,UAAUyG,EAAQlI,IAChCkB,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,IAAK,IAAI5sB,EAAI,EAAGA,EAAI,GAAK6sB,EAAM/sB,OAAQE,GAAK,EACxC8sB,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKgmB,EAC9B8G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKimB,EAC9B6G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKkmB,EAC9B4G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKmmB,EAC9B8G,EAAUA,EAAS,IAAO,EAC1BpI,EAAKQ,UAAU2H,EAAQC,EAAQnI,KAC5BkB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAGlE,MAAMtqB,EAAQmjB,GAAa9e,KAAK0P,MAAMwW,EAAM/sB,OArP3B,GAsPjB,GAAIwC,EAAQoqB,EAAQ,CAChB,MAAMrE,EAAM,IAAIhK,YAAY,CAAC2H,EAAIC,EAAIC,EAAIC,IACnCrJ,EAAMkH,GAAGqE,GACf,IAAK,IAAIroB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI0sB,EAAQ1sB,IAAKE,IAC1CosB,EAAItsB,GAAKysB,EAAIzsB,GAAK8c,EAAI5c,GAC1BqlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAKO,MAAMK,GAAMlI,GAAW,CAAEvD,UAAW,GAAIgM,YAAa,KAAM,SAAare,EAAK2d,GAGhF,SAASW,EAAWrQ,EAAKwP,GAErB,GADAlG,GAAOtJ,QACKxc,IAARgsB,IACAlG,GAAOkG,IACFhH,GAAYgH,IACb,MAAU7sB,MAAM,yBAExB,MAAMisB,EAAKP,GAAYtc,GACjBgH,EAAIyO,GAAUkI,GACdnB,EAAU,CAACK,EAAI7V,GAChByP,GAAYxI,IACbuO,EAAQrqB,KAAM8b,EAAMwH,GAAUxH,IAClC,MAAM+G,EAAM0I,GAAWb,EAAI7V,EAAGiH,EAAKwP,GAEnC,OADA/G,MAAS8F,GACFxH,CACf,CACI,OAlBAuC,GAAOvX,GACPuX,GAAOoG,EAAO/G,IAiBP,CACHqG,QAAS,CAACsB,EAAWd,IAAQa,EAAWC,EAAWd,GACnDF,QAAS,CAACiB,EAAYf,IAAQa,EAAWE,EAAYf,GAE7D,IAgGO,MAAMgB,GAAM7I,GAAW,CAAEvD,UAAW,GAAIgM,YAAa,KAAM,SAAare,EAAK0e,EAAIC,EAAO,CAAA,GAC3FpH,GAAOvX,GACPuX,GAAOmH,EAAI,IACX,MAAME,GAASD,EAAKE,eACpB,MAAO,CACH,OAAA5B,CAAQsB,EAAWd,GACf,MAAMZ,EAAKP,GAAYtc,IACjBkH,EAAEA,EAAC4X,EAAK9J,IAAK+J,GAhG/B,SAA8BR,EAAWK,EAAOnB,GAC5ClG,GAAOgH,GACP,IAAIS,EAAST,EAAUttB,OACvB,MAAMguB,EAAYD,EAASpI,GAC3B,IAAKgI,GAAuB,IAAdK,EACV,MAAUruB,MAAM,2DACf6lB,GAAY8H,KACbA,EAAY9I,GAAU8I,IAC1B,MAAMrX,EAAImO,GAAIkJ,GACd,GAAIK,EAAO,CACP,IAAIlF,EAAO9C,GAAaqI,EACnBvF,IACDA,EAAO9C,IACXoI,GAAkBtF,CAC1B,CACI,MAAM1E,EAAMwI,GAAOwB,EAAQvB,GAE3B,MAAO,CAAEvW,IAAG4X,EADFzJ,GAAIL,GACCA,MACnB,CA8EwCkK,CAAqBX,EAAWK,EAAOnB,GACnE,IAAI0B,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQrqB,KAAMgtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GAChDjuB,EAAI,EACR,KAAOA,EAAI,GAAK+V,EAAEjW,QACbkmB,GAAMjQ,EAAE/V,EAAI,GAAMimB,GAAMlQ,EAAE/V,EAAI,GAAMkmB,GAAMnQ,EAAE/V,EAAI,GAAMmmB,GAAMpQ,EAAE/V,EAAI,KAChEgmB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE3tB,KAAOgmB,EAAM2H,EAAE3tB,KAAOimB,EAAM0H,EAAE3tB,KAAOkmB,EAAMyH,EAAE3tB,KAAOmmB,EAE3D,GAAIsH,EAAO,CACP,MAAMS,EA7EtB,SAAiB3F,GACb,MAAMgB,EAAM,IAAI5pB,WAAW,IACrBuuB,EAAQhK,GAAIqF,GAClBA,EAAIlpB,IAAIkoB,GACR,MAAM4F,EAAc1I,GAAa8C,EAAKzoB,OACtC,IAAK,IAAIE,EAAIylB,GAAa0I,EAAanuB,EAAIylB,GAAYzlB,IACnDupB,EAAIvpB,GAAKmuB,EACb,OAAOD,CACX,CAqE8BE,CAAQhB,EAAUlmB,SAAa,EAAJlH,IACxCgmB,GAAMkI,EAAM,GAAMjI,GAAMiI,EAAM,GAAMhI,GAAMgI,EAAM,GAAM/H,GAAM+H,EAAM,KAChElI,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE3tB,KAAOgmB,EAAM2H,EAAE3tB,KAAOimB,EAAM0H,EAAE3tB,KAAOkmB,EAAMyH,EAAE3tB,KAAOmmB,CACvE,CAEY,OADAZ,MAAS8F,GACFuC,CACV,EACD,OAAAxB,CAAQiB,EAAYf,IA7H5B,SAA8BvnB,GAE1B,GADAqhB,GAAOrhB,GACHA,EAAKjF,OAAS2lB,IAAe,EAC7B,MAAUhmB,MAAM,yEAExB,CAyHY4uB,CAAqBhB,GACrB,MAAM3B,EAAKC,GAAe9c,GAC1B,IAAImf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQrqB,KAAMgtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GACVnK,EAAMwI,GAAOgB,EAAWvtB,OAAQwsB,GACjChH,GAAY+H,IACbhC,EAAQrqB,KAAMqsB,EAAa/I,GAAU+I,IACzC,MAAMtX,EAAImO,GAAImJ,GACRM,EAAIzJ,GAAIL,GAEd,IAAImC,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIjuB,EAAI,EAAGA,EAAI,GAAK+V,EAAEjW,QAAS,CAEhC,MAAMwuB,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EACzCH,EAAKjQ,EAAE/V,EAAI,GAAMimB,EAAKlQ,EAAE/V,EAAI,GAAMkmB,EAAKnQ,EAAE/V,EAAI,GAAMmmB,EAAKpQ,EAAE/V,EAAI,GAC/D,MAAQgmB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAO0E,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAClEwH,EAAE3tB,KAAOunB,EAAK+G,EAAOX,EAAE3tB,KAAOwnB,EAAK+G,EAAOZ,EAAE3tB,KAAOynB,EAAK+G,EAAOb,EAAE3tB,KAAO0nB,EAAK+G,CAC9F,CAEY,OADAlJ,MAAS8F,GA1HrB,SAAsBtmB,EAAM0oB,GACxB,IAAKA,EACD,OAAO1oB,EACX,MAAMqmB,EAAMrmB,EAAKjF,OACjB,IAAKsrB,EACD,MAAU3rB,MAAM,2CACpB,MAAMivB,EAAW3pB,EAAKqmB,EAAM,GAC5B,GAAIsD,GAAY,GAAKA,EAAW,GAC5B,MAAUjvB,MAAM,4BACpB,MAAMokB,EAAM9e,EAAKmC,SAAS,GAAIwnB,GAC9B,IAAK,IAAI1uB,EAAI,EAAGA,EAAI0uB,EAAU1uB,IAC1B,GAAI+E,EAAKqmB,EAAMprB,EAAI,KAAO0uB,EACtB,MAAUjvB,MAAM,4BACxB,OAAOokB,CACX,CA6GmB8K,CAAa9K,EAAK4J,EAC5B,EAET,IAKamB,GAAMnK,GAAW,CAAEvD,UAAW,GAAIgM,YAAa,KAAM,SAAare,EAAK0e,GAGhF,SAASsB,EAAWpC,EAAKqC,EAAWxC,GAChClG,GAAOqG,GACP,MAAMC,EAASD,EAAI3sB,OACnBwsB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMZ,EAAKP,GAAYtc,GACvB,IAAImf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQrqB,KAAMgtB,EAAM1J,GAAU0J,IAC7B1I,GAAYmH,IACbpB,EAAQrqB,KAAMyrB,EAAMnI,GAAUmI,IAClC,MAAMI,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZyC,EAASD,EAAYhC,EAAQD,EAC7BoB,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIjuB,EAAI,EAAGA,EAAI,GAAK6sB,EAAM/sB,QAAS,CACpC,MAAQkmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO2D,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GACnE2G,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKgoB,EAC9B8E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKioB,EAC9B6E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKkoB,EAC9B4E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKmoB,EAC7BnC,EAAK+I,EAAO/uB,KAAQimB,EAAK8I,EAAO/uB,KAAQkmB,EAAK6I,EAAO/uB,KAAQmmB,EAAK4I,EAAO/uB,IACrF,CAEQ,MAAMsC,EAAQmjB,GAAa9e,KAAK0P,MAAMwW,EAAM/sB,OApd/B,GAqdb,GAAIwC,EAAQoqB,EAAQ,GACb1G,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC9C,MAAMrJ,EAAMkH,GAAG,IAAI3F,YAAY,CAAC2H,EAAIC,EAAIC,EAAIC,KAC5C,IAAK,IAAInmB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI0sB,EAAQ1sB,IAAKE,IAC1CosB,EAAItsB,GAAKysB,EAAIzsB,GAAK8c,EAAI5c,GAC1BqlB,GAAMzI,EAClB,CAEQ,OADAyI,MAAS8F,GACFiB,CACf,CACI,OAvCAlG,GAAOvX,GACPuX,GAAOmH,EAAI,IAsCJ,CACHzB,QAAS,CAACsB,EAAWd,IAAQuC,EAAWzB,GAAW,EAAMd,GACzDF,QAAS,CAACiB,EAAYf,IAAQuC,EAAWxB,GAAY,EAAOf,GAEpE,IAyBO,MAAM3f,GAAM8X,GAAW,CAAEvD,UAAW,GAAIgM,YAAa,GAAI8B,UAAW,KAAM,SAAangB,EAAK2d,EAAOyC,GAQtG,GAPA7I,GAAOvX,GACPuX,GAAOoG,QACKlsB,IAAR2uB,GACA7I,GAAO6I,GAIPzC,EAAM1sB,OAAS,EACf,MAAUL,MAAM,iCACpB,MAAMuvB,EAAY,GAClB,SAASE,EAAYC,EAASC,EAASrqB,GACnC,MAAMkX,EAnCd,SAAoB9W,EAAI2f,EAAMjW,EAAK9J,EAAMkqB,GACrC,MAAMI,EAAmB,MAAPJ,EAAc,EAAIA,EAAInvB,OAClCwvB,EAAInqB,EAAG4d,OAAOlU,EAAK9J,EAAKjF,OAASuvB,GACnCJ,GACAK,EAAE/M,OAAO0M,GACbK,EAAE/M,OAAOxd,GACT,MAAM6iB,EAAM,IAAIjoB,WAAW,IACrBklB,EAAOV,GAAWyD,GACpBqH,GACArK,GAAaC,EAAM,EAAGG,OAAmB,EAAZqK,GAAgBvK,GACjDF,GAAaC,EAAM,EAAGG,OAAqB,EAAdjgB,EAAKjF,QAAaglB,GAC/CwK,EAAE/M,OAAOqF,GACT,MAAMgB,EAAM0G,EAAE9M,SAEd,OADA+C,GAAMqC,GACCgB,CACX,CAoBoB2G,CAAW/F,IAAO,EAAO2F,EAASpqB,EAAMkqB,GACpD,IAAK,IAAIjvB,EAAI,EAAGA,EAAIovB,EAAQtvB,OAAQE,IAChCic,EAAIjc,IAAMovB,EAAQpvB,GACtB,OAAOic,CACf,CACI,SAASuT,IACL,MAAM9D,EAAKP,GAAYtc,GACjBsgB,EAAU1F,GAAY5oB,QACtB4uB,EAAUhG,GAAY5oB,QAG5B,GAFAksB,GAAMrB,GAAI,EAAO+D,EAASA,EAASN,GAEd,KAAjB3C,EAAM1sB,OACN2vB,EAAQpvB,IAAImsB,OAEX,CACD,MAAMkD,EAAWjG,GAAY5oB,QAE7B+jB,GADaT,GAAWuL,GACL,EAAG1K,OAAsB,EAAfwH,EAAM1sB,SAAa,GAEhD,MAAM6vB,EAAInG,GAAMzG,OAAOoM,GAAS5M,OAAOiK,GAAOjK,OAAOmN,GACrDC,EAAElH,WAAWgH,GACbE,EAAExoB,SACd,CAEQ,MAAO,CAAEukB,KAAIyD,UAASM,UAASL,QADfrC,GAAMrB,GAAI,EAAO+D,EAAShG,IAElD,CACI,MAAO,CACH,OAAAqC,CAAQsB,GACJhH,GAAOgH,GACP,MAAM1B,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpC3L,EAAM,IAAIlkB,WAAWytB,EAAUttB,OAASkvB,GACxC3D,EAAU,CAACK,EAAIyD,EAASM,EAASL,GAClC9J,GAAY8H,IACb/B,EAAQrqB,KAAMosB,EAAY9I,GAAU8I,IACxCL,GAAMrB,GAAI,EAAO+D,EAASrC,EAAWvJ,GACrC,MAAM5H,EAAMiT,EAAYC,EAASC,EAASvL,EAAI3c,SAAS,EAAG2c,EAAI/jB,OAASkvB,IAIvE,OAHA3D,EAAQrqB,KAAKib,GACb4H,EAAIxjB,IAAI4b,EAAKmR,EAAUttB,QACvBylB,MAAS8F,GACFxH,CACV,EACD,OAAAuI,CAAQiB,GAEJ,GADAjH,GAAOiH,GACHA,EAAWvtB,OAASkvB,EACpB,MAAUvvB,MAAM,6CACpB,MAAMisB,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpCnE,EAAU,CAACK,EAAIyD,EAASC,EAASK,GAClCnK,GAAY+H,IACbhC,EAAQrqB,KAAMqsB,EAAa/I,GAAU+I,IACzC,MAAMtoB,EAAOsoB,EAAWnmB,SAAS,GAAG,IAC9B0oB,EAAYvC,EAAWnmB,UAAS,IAChC+U,EAAMiT,EAAYC,EAASC,EAASrqB,GAE1C,GADAsmB,EAAQrqB,KAAKib,IACRsI,GAAWtI,EAAK2T,GACjB,MAAUnwB,MAAM,8BACpB,MAAMokB,EAAMkJ,GAAMrB,GAAI,EAAO+D,EAAS1qB,GAEtC,OADAwgB,MAAS8F,GACFxH,CACV,EAET,IAkHA,SAASgM,GAAUrT,GACf,OAAa,MAALA,GACS,iBAANA,IACNA,aAAa6B,aAAsC,gBAAvB7B,EAAE1e,YAAYqI,KACnD,CACA,SAAS2pB,GAAapE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUjsB,MAAM,+CACpB,MAAM4oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CACA,SAASC,GAAatE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUjsB,MAAM,+CACpB,MAAM4oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CAOA,MAAME,GAAO,CAiBT,OAAAnE,CAAQoE,EAAKrM,GAGT,GAAIA,EAAI/jB,QAAU,GAAK,GACnB,MAAUL,MAAM,qCACpB,MAAMisB,EAAKP,GAAY+E,GACvB,GAAmB,KAAfrM,EAAI/jB,OACJgwB,GAAapE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAItQ,EAAI,EAAGsU,EAAM,EAAGtU,EAAI,EAAGA,IAC5B,IAAK,IAAInY,EAAM,EAAGA,EAAMyoB,EAAI7oB,OAAQI,GAAO,EAAGysB,IAAO,CACjD,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIyE,EAAIC,EAAIzH,EAAIzoB,GAAMyoB,EAAIzoB,EAAM,IAElEiwB,EAAKnK,EAAMoK,EAAKnK,EAAKkE,GAASwC,GAAQhE,EAAIzoB,GAAOgmB,EAAMyC,EAAIzoB,EAAM,GAAKimB,CAC3F,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,EACD,OAAA4G,CAAQ8D,EAAKrM,GACT,GAAIA,EAAI/jB,OAAS,GAAK,GAAK,GACvB,MAAUL,MAAM,sCACpB,MAAMisB,EAAKC,GAAeuE,GACpBG,EAASxM,EAAI/jB,OAAS,EAAI,EAChC,GAAe,IAAXuwB,EACAL,GAAatE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAItQ,EAAI,EAAGsU,EAAe,EAAT0D,EAAYhY,EAAI,EAAGA,IACrC,IAAK,IAAInY,EAAe,EAATmwB,EAAYnwB,GAAO,EAAGA,GAAO,EAAGysB,IAAO,CAClDyD,GAAMjG,GAASwC,GACf,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIyE,EAAIC,EAAIzH,EAAIzoB,GAAMyoB,EAAIzoB,EAAM,IAClEiwB,EAAKnK,EAAMoK,EAAKnK,EAAM0C,EAAIzoB,GAAOgmB,EAAMyC,EAAIzoB,EAAM,GAAKimB,CAC3E,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,GAEC8K,GAAW,IAAI3wB,WAAW,GAAG6lB,KAAK,KAQ3B+K,GAAQ9L,GAAW,CAAEvD,UAAW,IAAMgP,IAAS,CACxD,OAAApE,CAAQsB,GAEJ,GADAhH,GAAOgH,IACFA,EAAUttB,QAAUstB,EAAUttB,OAAS,GAAM,EAC9C,MAAUL,MAAM,4BACpB,GAAyB,IAArB2tB,EAAUttB,OACV,MAAUL,MAAM,wDACpB,MAAMokB,EF1rBP,YAAwBhkB,GAC3B,IAAI2wB,EAAM,EACV,IAAK,IAAIxwB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBomB,GAAO5J,GACPgU,GAAOhU,EAAE1c,MACjB,CACI,MAAM8oB,EAAM,IAAIjpB,WAAW6wB,GAC3B,IAAK,IAAIxwB,EAAI,EAAGywB,EAAM,EAAGzwB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB4oB,EAAIvoB,IAAImc,EAAGiU,GACXA,GAAOjU,EAAE1c,MACjB,CACI,OAAO8oB,CACX,CE4qBoB8H,CAAYJ,GAAUlD,GAElC,OADA6C,GAAKnE,QAAQoE,EAAKrM,GACXA,CACV,EACD,OAAAuI,CAAQiB,GAKJ,GAJAjH,GAAOiH,GAIHA,EAAWvtB,OAAS,GAAM,GAAKutB,EAAWvtB,OAAS,GACnD,MAAUL,MAAM,6BACpB,MAAMokB,EAAMS,GAAU+I,GAEtB,GADA4C,GAAK7D,QAAQ8D,EAAKrM,IACbU,GAAWV,EAAI3c,SAAS,EAAG,GAAIopB,IAChC,MAAU7wB,MAAM,0BAEpB,OADAokB,EAAI3c,SAAS,EAAG,GAAGse,KAAK,GACjB3B,EAAI3c,SAAS,EACvB,MA+EQypB,GAAS,CAClBxF,eACAQ,kBACJG,QAAIA,GACJM,QAAIA,GACA0D,gBACAE,gBACAzD,cACAQ,UC73BE3S,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAElBqW,GAAa3O,GAAaA,GAAW4O,aAAe,GACpDC,GAAY,CAChB9lB,KAAM4lB,GAAWxT,SAAS,YAAc,gBAAa9c,EACrD2K,UAAW2lB,GAAWxT,SAAS,gBAAkB,oBAAiB9c,EAClE4K,MAAO0lB,GAAWxT,SAAS,aAAe,iBAAc9c,EACxD6K,SAAUylB,GAAWxT,SAAS,UAAY,cAAW9c,EACrD8K,OAAQwlB,GAAWxT,SAAS,eAAiB,mBAAgB9c,EAC7D+K,OAAQulB,GAAWxT,SAAS,eAAiB,mBAAgB9c,EAC7DgL,OAAQslB,GAAWxT,SAAS,eAAiB,mBAAgB9c,GA2F/D,MAAMywB,GACJ,WAAAjzB,CAAY6iB,EAAM9R,EAAK0e,GACrB,MAAMrM,UAAEA,GAAcF,GAAgBL,GACtCziB,KAAK2Q,IAAMA,EACX3Q,KAAK8yB,UAAYzD,EACjBrvB,KAAK+yB,UAAY,IAAItxB,WAAWuhB,GAChChjB,KAAK8B,EAAI,EACT9B,KAAKgjB,UAAYA,EACjBhjB,KAAKgzB,UAAY,IAAIvxB,WAAWzB,KAAKgjB,UACzC,CAEE,wBAAaiQ,CAAYxQ,GACvB,MAAMM,QAAEA,GAAYD,GAAgBL,GACpC,OAAOvG,GAAUgX,UAAU,MAAO,IAAIzxB,WAAWshB,GAAU,WAAW,EAAO,CAAC,YAC3ElgB,MAAK,KAAM,IAAM,KAAM,GAC9B,CAEE,aAAMswB,CAAQjE,EAAWkE,GACvB,MAAMC,EAAO,UACbrzB,KAAKszB,OAAStzB,KAAKszB,cAAgBpX,GAAUgX,UAAU,MAAOlzB,KAAK2Q,IAAK0iB,GAAM,EAAO,CAAC,YACtF,MAAMlE,QAAmBjT,GAAU0R,QACjC,CAAE3lB,KAAMorB,EAAMhE,GAAI+D,GAAapzB,KAAKgzB,WACpChzB,KAAKszB,OACLpE,GAEF,OAAO,IAAIztB,WAAW0tB,GAAYnmB,SAAS,EAAGkmB,EAAUttB,OAC5D,CAEE,kBAAM2xB,CAAahxB,GACjB,MAAMixB,EAAUxzB,KAAK+yB,UAAUnxB,OAAS5B,KAAK8B,EACvC2xB,EAAQlxB,EAAMyG,SAAS,EAAGwqB,GAEhC,GADAxzB,KAAK+yB,UAAU5wB,IAAIsxB,EAAOzzB,KAAK8B,GAC1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKgjB,UAAY,CACnD,MAAM0Q,GAAYnxB,EAAMX,OAAS4xB,GAAWxzB,KAAKgjB,UAC3CkM,EAAYpY,EAAKpV,iBAAiB,CACtC1B,KAAK+yB,UACLxwB,EAAMyG,SAASwqB,EAASjxB,EAAMX,OAAS8xB,KAEnCC,EAAY7c,EAAKpV,iBAAiB,CACtC1B,KAAK8yB,UACL5D,EAAUlmB,SAAS,EAAGkmB,EAAUttB,OAAS5B,KAAKgjB,aAG1C4Q,QAAwB5zB,KAAKmzB,QAAQQ,GAQ3C,OAPAE,GAAOD,EAAiB1E,GACxBlvB,KAAK8yB,UAAYc,EAAgBjxB,OAAO3C,KAAKgjB,WAGzC0Q,EAAW,GAAG1zB,KAAK+yB,UAAU5wB,IAAII,EAAMyG,UAAU0qB,IACrD1zB,KAAK8B,EAAI4xB,EAEFE,CACb,CAGI,IAAIE,EACJ,GAFA9zB,KAAK8B,GAAK2xB,EAAM7xB,OAEZ5B,KAAK8B,IAAM9B,KAAK+yB,UAAUnxB,OAAQ,CACpC,MAAMmyB,EAAW/zB,KAAK+yB,UACtBe,QAAuB9zB,KAAKmzB,QAAQnzB,KAAK8yB,WACzCe,GAAOC,EAAgBC,GACvB/zB,KAAK8yB,UAAYgB,EAAenxB,QAChC3C,KAAK8B,EAAI,EAET,MAAM8tB,EAAYrtB,EAAMyG,SAASyqB,EAAM7xB,QACvC5B,KAAK+yB,UAAU5wB,IAAIytB,EAAW5vB,KAAK8B,GACnC9B,KAAK8B,GAAK8tB,EAAUhuB,MAC1B,MACMkyB,EAAiB,IAAIryB,WAGvB,OAAOqyB,CACX,CAEE,YAAMntB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CACLzB,KAAK+yB,UAAY/yB,KAAK+yB,UAAU/pB,SAAS,EAAGhJ,KAAK8B,GACjD,MAAMiyB,EAAW/zB,KAAK+yB,UAChBe,QAAuB9zB,KAAKmzB,QAAQnzB,KAAK8yB,WAC/Ce,GAAOC,EAAgBC,GACvBhyB,EAAS+xB,EAAe9qB,SAAS,EAAG+qB,EAASnyB,OACnD,CAGI,OADA5B,KAAKg0B,qBACEjyB,CACX,CAEE,kBAAAiyB,GACEh0B,KAAK+yB,UAAUzL,KAAK,GACpBtnB,KAAK8yB,UAAUxL,KAAK,GACpBtnB,KAAKszB,OAAS,KACdtzB,KAAK2Q,IAAM,IACf,CAEE,aAAMid,CAAQsB,GAEZ,MAKM+E,SAL6Bj0B,KAAKmzB,QACtCrc,EAAKpV,iBAAiB,CAAC,IAAID,WAAWzB,KAAKgjB,WAAYkM,IACvDlvB,KAAKqvB,KAGyBrmB,SAAS,EAAGkmB,EAAUttB,QAGtD,OAFAiyB,GAAOI,EAAI/E,GACXlvB,KAAKg0B,qBACEC,CACX,EAGA,MAAMC,GACJ,WAAAt0B,CAAYu0B,EAAe1R,EAAM9R,EAAK0e,GACpCrvB,KAAKm0B,cAAgBA,EACrB,MAAMnR,UAAEA,GAAcF,GAAgBL,GACtCziB,KAAK2Q,IAAMyjB,GAAgBnH,YAAYtc,GAEnC0e,EAAGhlB,WAAa,GAAM,IAAGglB,EAAKA,EAAG1sB,SACrC3C,KAAK8yB,UAAYuB,GAAehF,GAChCrvB,KAAK+yB,UAAY,IAAItxB,WAAWuhB,GAChChjB,KAAK8B,EAAI,EACT9B,KAAKgjB,UAAYA,CACrB,CAEE,OAAAsR,CAAQ/F,GACN,MAAMI,EAAQ0F,GAAe9F,GACvBH,EAAM,IAAI3sB,WAAW8sB,EAAI3sB,QACzBgtB,EAAQyF,GAAejG,GAC7B,IAAK,IAAItsB,EAAI,EAAGA,EAAI,GAAK8sB,EAAMhtB,OAAQE,GAAK,EAAG,CAC7C,MAAQgmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOmK,GAAgBxG,QAAQ5tB,KAAK2Q,IAAK3Q,KAAK8yB,UAAU,GAAI9yB,KAAK8yB,UAAU,GAAI9yB,KAAK8yB,UAAU,GAAI9yB,KAAK8yB,UAAU,IACrJlE,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKgoB,EAC9B8E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKioB,EAC9B6E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKkoB,EAC9B4E,EAAM9sB,EAAI,GAAK6sB,EAAM7sB,EAAI,GAAKmoB,EAC9BjqB,KAAK8yB,WAAa9yB,KAAKm0B,cAAgBvF,EAAQD,GAAOhsB,MAAMb,EAAGA,EAAI,EACzE,CACI,OAAOssB,CACX,CAEE,kBAAMmG,CAAahyB,GACjB,MAAMixB,EAAUxzB,KAAK+yB,UAAUnxB,OAAS5B,KAAK8B,EACvC2xB,EAAQlxB,EAAMyG,SAAS,EAAGwqB,GAGhC,GAFAxzB,KAAK+yB,UAAU5wB,IAAIsxB,EAAOzzB,KAAK8B,GAE1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKgjB,UAAY,CACnD,MAAM0Q,GAAYnxB,EAAMX,OAAS4xB,GAAWxzB,KAAKgjB,UAC3CwR,EAAY1d,EAAKpV,iBAAiB,CACtC1B,KAAK+yB,UACLxwB,EAAMyG,SAASwqB,EAASjxB,EAAMX,OAAS8xB,KAGnCe,EAAkBz0B,KAAKs0B,QAAQE,GAMrC,OAHId,EAAW,GAAG1zB,KAAK+yB,UAAU5wB,IAAII,EAAMyG,UAAU0qB,IACrD1zB,KAAK8B,EAAI4xB,EAEFe,CACb,CAII,IAAIC,EACJ,GAHA10B,KAAK8B,GAAK2xB,EAAM7xB,OAGZ5B,KAAK8B,IAAM9B,KAAK+yB,UAAUnxB,OAAQ,CACpC8yB,EAAiB10B,KAAKs0B,QAAQt0B,KAAK+yB,WACnC/yB,KAAK8B,EAAI,EAET,MAAM8tB,EAAYrtB,EAAMyG,SAASyqB,EAAM7xB,QACvC5B,KAAK+yB,UAAU5wB,IAAIytB,EAAW5vB,KAAK8B,GACnC9B,KAAK8B,GAAK8tB,EAAUhuB,MAC1B,MACM8yB,EAAiB,IAAIjzB,WAGvB,OAAOizB,CACX,CAEE,YAAM/tB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CAGLM,EAFuB/B,KAAKs0B,QAAQt0B,KAAK+yB,WAEjB/pB,SAAS,EAAGhJ,KAAK8B,EAC/C,CAGI,OADA9B,KAAKg0B,qBACEjyB,CACX,CAEE,kBAAAiyB,GACEh0B,KAAK+yB,UAAUzL,KAAK,GACpBtnB,KAAK8yB,UAAUxL,KAAK,GACpBtnB,KAAK2Q,IAAI2W,KAAK,EAClB,EAuBA,SAASuM,GAAOvV,EAAGzG,GACjB,MAAM8c,EAAUlsB,KAAKmd,IAAItH,EAAE1c,OAAQiW,EAAEjW,QACrC,IAAK,IAAIE,EAAI,EAAGA,EAAI6yB,EAAS7yB,IAC3Bwc,EAAExc,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAEpB,CAEA,MAAMuyB,GAAiBtO,GAAO,IAAI5F,YAAY4F,EAAIzc,OAAQyc,EAAI1b,WAAY5B,KAAK0P,MAAM4N,EAAIzb,WAAa,8DAnQ/FhI,eAAuBmgB,EAAM9R,EAAKwe,EAAYE,GACnD,MAAMuF,EAAWnqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAIsB,IAAc6O,GAAUgC,GAC1B,OAwQJ,SAAqBnS,EAAM9R,EAAKsjB,EAAI5E,GAClC,MAAMuF,EAAWnqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvCoS,EAAc,IAAI9Q,GAAW+Q,iBAAiBlC,GAAUgC,GAAWjkB,EAAK0e,GAC9E,OAAOtV,EAAiBka,GAAI1xB,GAAS,IAAId,WAAWozB,EAAYxQ,OAAO9hB,KACzE,CA5QWwyB,CAAYtS,EAAM9R,EAAKwe,EAAYE,GAE5C,GAAIvY,EAAK0H,MAAMiE,GACb,OA8OJngB,eAA0BmgB,EAAM9R,EAAKsjB,EAAI5E,GACvC,GAAIvY,EAAK7V,SAASgzB,GAAK,CACrB,MAAMvD,EAAM,IAAIwD,IAAqB,EAAOzR,EAAM9R,EAAK0e,GACvD,OAAOtV,EAAiBka,GAAI1xB,GAASmuB,EAAI6D,aAAahyB,KAAQ,IAAMmuB,EAAI/pB,UAC5E,CACE,OAAOquB,GAAYrkB,EAAK0e,GAAInB,QAAQ+F,EACtC,CApPWgB,CAAWxS,EAAM9R,EAAKwe,EAAYE,GAG3C,MACM6F,EAAW,UADU1S,EAAgBC,IACT9R,GAC5BwkB,EAAaD,EAASlS,UAE5B,IAAIoS,EAAS/F,EACT4E,EAAK,IAAIxyB,WACb,MAAM2B,EAAUJ,IACVA,IACFixB,EAAKnd,EAAKpV,iBAAiB,CAACuyB,EAAIjxB,KAElC,MAAMksB,EAAY,IAAIztB,WAAWwyB,EAAGryB,QACpC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQixB,EAAGryB,QAAUuzB,EAAalB,EAAGryB,QAAQ,CAClD,MAAMyzB,EAAWH,EAAStH,QAAQwH,GAElC,IADAA,EAASnB,EAAGjrB,SAAS,EAAGmsB,GACnBrzB,EAAI,EAAGA,EAAIqzB,EAAYrzB,IAC1BotB,EAAU/U,KAAOib,EAAOtzB,GAAKuzB,EAASvzB,GAExCmyB,EAAKA,EAAGjrB,SAASmsB,EACvB,CACI,OAAOjG,EAAUlmB,SAAS,EAAGmR,EAAE,EAEjC,OAAOJ,EAAiBoV,EAAY/rB,EAASA,EAC/C,UA5EOd,eAAuBmgB,EAAM9R,EAAKue,EAAWG,EAAInb,GACtD,MAAM0gB,EAAWnqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAI3L,EAAKuF,iBAAmBuW,GAAUgC,GACpC,OA6SJ,SAAqBnS,EAAM9R,EAAK2kB,EAAIjG,GAClC,MAAMuF,EAAWnqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvC8S,EAAY,IAAIxR,GAAWyR,eAAe5C,GAAUgC,GAAWjkB,EAAK0e,GAC1E,OAAOtV,EAAiBub,GAAI/yB,GAAS,IAAId,WAAW8zB,EAAUlR,OAAO9hB,KACvE,CAjTWkzB,CAAYhT,EAAM9R,EAAKue,EAAWG,GAE3C,GAAIvY,EAAK0H,MAAMiE,GACb,OA8QJngB,eAA0BmgB,EAAM9R,EAAK2kB,EAAIjG,GACvC,GAAInT,UAAmB2W,GAAmBI,YAAYxQ,GAAO,CAC3D,MAAMiO,EAAM,IAAImC,GAAmBpQ,EAAM9R,EAAK0e,GAC9C,OAAOvY,EAAK7V,SAASq0B,GAAMvb,EAAiBub,GAAI/yB,GAASmuB,EAAI6C,aAAahxB,KAAQ,IAAMmuB,EAAI/pB,WAAY+pB,EAAI9C,QAAQ0H,EACrH,CAAM,GAAIxe,EAAK7V,SAASq0B,GAAK,CAC5B,MAAM5E,EAAM,IAAIwD,IAAqB,EAAMzR,EAAM9R,EAAK0e,GACtD,OAAOtV,EAAiBub,GAAI/yB,GAASmuB,EAAI6D,aAAahyB,KAAQ,IAAMmuB,EAAI/pB,UAC5E,CACE,OAAOquB,GAAYrkB,EAAK0e,GAAIzB,QAAQ0H,EACtC,CAvRWI,CAAWjT,EAAM9R,EAAKue,EAAWG,GAG1C,MACM6F,EAAW,UADU1S,EAAgBC,IACT9R,GAC5BwkB,EAAaD,EAASlS,UAEtB2S,EAAStG,EAAG1sB,QAClB,IAAI2yB,EAAK,IAAI7zB,WACb,MAAM2B,EAAUJ,IACVA,IACFsyB,EAAKxe,EAAKpV,iBAAiB,CAAC4zB,EAAItyB,KAElC,MAAMmsB,EAAa,IAAI1tB,WAAW6zB,EAAG1zB,QACrC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQsyB,EAAG1zB,QAAUuzB,EAAaG,EAAG1zB,QAAQ,CAClD,MAAMg0B,EAAWV,EAAStH,QAAQ+H,GAClC,IAAK7zB,EAAI,EAAGA,EAAIqzB,EAAYrzB,IAC1B6zB,EAAO7zB,GAAKwzB,EAAGxzB,GAAK8zB,EAAS9zB,GAC7BqtB,EAAWhV,KAAOwb,EAAO7zB,GAE3BwzB,EAAKA,EAAGtsB,SAASmsB,EACvB,CACI,OAAOhG,EAAWnmB,SAAS,EAAGmR,EAAE,EAElC,OAAOJ,EAAiBmV,EAAW9rB,EAASA,EAC9C,IC9EA,MAAM8Y,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAgBlBwZ,GAAc,GAWpB,SAASC,GAAYjvB,EAAMgJ,GACzB,MAAM+I,EAAS/R,EAAKjF,OAASi0B,GAC7B,IAAK,IAAI/zB,EAAI,EAAGA,EAAI+zB,GAAa/zB,IAC/B+E,EAAK/E,EAAI8W,IAAW/I,EAAQ/N,GAE9B,OAAO+E,CACT,CAeA,MAAMmsB,GAAY,IAAIvxB,WAAWo0B,IAElBvzB,eAAeyzB,GAAKplB,GACjC,MAAMye,QAAY4G,GAAIrlB,GAGhBd,EAAUiH,EAAK6E,aAAayT,EAAI4D,KAChCiD,EAAWnf,EAAK6E,OAAO9L,GAE7B,OAAOvN,eAAeuE,GAEpB,aAAcuoB,EAxBlB,SAAavoB,EAAMgJ,EAASomB,GAE1B,GAAIpvB,EAAKjF,QAAUiF,EAAKjF,OAASi0B,IAAgB,EAE/C,OAAOC,GAAYjvB,EAAMgJ,GAG3B,MAAM8I,EAAS,IAAIlX,WAAWoF,EAAKjF,QAAUi0B,GAAehvB,EAAKjF,OAASi0B,KAG1E,OAFAld,EAAOxW,IAAI0E,GACX8R,EAAO9R,EAAKjF,QAAU,IACfk0B,GAAYnd,EAAQsd,EAC7B,CAasB1D,CAAI1rB,EAAMgJ,EAASomB,KAAYjtB,UAAU6sB,GAC5D,CACH,CAEAvzB,eAAe0zB,GAAIrlB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAegzB,GACpB,MACMrB,EADK,IAAIlQ,GAAWyR,eAAe,OAAuB,EAAb7kB,EAAI/O,OAAc,OAAQ+O,EAAKqiB,IACpE3O,OAAOiR,GACrB,OAAO,IAAI7zB,WAAWwyB,EACvB,EAGH,GAAInd,EAAKmF,eACP,IAEE,OADAtL,QAAYuL,GAAUgX,UAAU,MAAOviB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1FU,eAAegzB,GACpB,MAAMrB,QAAW/X,GAAU0R,QAAQ,CAAE3lB,KAAM,UAAWonB,GAAI2D,GAAWpxB,OAAsB,EAAdi0B,IAAmBllB,EAAK2kB,GACrG,OAAO,IAAI7zB,WAAWwyB,GAAIjrB,SAAS,EAAGirB,EAAG3pB,WAAaurB,GACvD,CACF,CAAC,MAAOK,GAEP,GAAiB,sBAAbA,EAAIjuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAbs0B,EAAIjuB,MAC3B,MAAMiuB,EAERpf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,QACvE,CAGE,OAAOjR,eAAegzB,GACpB,OAAOa,GAAYxlB,EAAKqiB,GAAW,CAAExD,gBAAgB,IAAQ5B,QAAQ0H,EACtE,CACH,CC1EA,MAAMpZ,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAGdqZ,GAAc,GACdO,GAAWP,GACX/E,GAAY+E,GAEZQ,GAAO,IAAI50B,WAAWo0B,IACtBS,GAAM,IAAI70B,WAAWo0B,IAAcS,GAAIT,GAAc,GAAK,EAChE,MAAMU,GAAM,IAAI90B,WAAWo0B,IAE3BvzB,eAAek0B,GAAK7lB,GAClB,MAAM8lB,QAAaV,GAAKplB,GACxB,OAAO,SAAS+K,EAAGnI,GACjB,OAAOkjB,EAAK3f,EAAKpV,iBAAiB,CAACga,EAAGnI,IACvC,CACH,CAEAjR,eAAeo0B,GAAI/lB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAegzB,EAAIjG,GACxB,MAAMsH,EAAK,IAAI5S,GAAWyR,eAAe,OAAuB,EAAb7kB,EAAI/O,OAAc,OAAQ+O,EAAK0e,GAC5E4E,EAAKxX,GAAOjY,OAAO,CAACmyB,EAAGtS,OAAOiR,GAAKqB,EAAGC,UAC5C,OAAO,IAAIn1B,WAAWwyB,EACvB,EAGH,GAAInd,EAAKmF,eACP,IACE,MAAMqX,QAAepX,GAAUgX,UAAU,MAAOviB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1G,OAAOU,eAAegzB,EAAIjG,GACxB,MAAM4E,QAAW/X,GAAU0R,QAAQ,CAAE3lB,KAAM,UAAWspB,QAASlC,EAAIztB,OAAsB,EAAdi0B,IAAmBvC,EAAQgC,GACtG,OAAO,IAAI7zB,WAAWwyB,EACvB,CACF,CAAC,MAAOiC,GAEP,GAAiB,sBAAbA,EAAIjuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAbs0B,EAAIjuB,MAC3B,MAAMiuB,EAERpf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,QACvE,CAGE,OAAOjR,eAAegzB,EAAIjG,GACxB,OAAOwH,GAAYlmB,EAAK0e,GAAIzB,QAAQ0H,EACrC,CACH,CAQAhzB,eAAew0B,GAAInU,EAAQhS,GACzB,GAAIgS,IAAWlY,EAAMoC,UAAUK,QAC7ByV,IAAWlY,EAAMoC,UAAUM,QAC3BwV,IAAWlY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,MACEw1B,EACAtI,SACQvuB,QAAQ4E,IAAI,CACpB0xB,GAAK7lB,GACL+lB,GAAI/lB,KAGN,MAAO,CAQLid,QAAStrB,eAAe4sB,EAAWZ,EAAO0I,GACxC,MACEC,EACAC,SACQh3B,QAAQ4E,IAAI,CACpBiyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,KAENG,QAAiB1I,EAAIS,EAAW+H,GAEhClZ,QADqBgZ,EAAKR,GAAKY,GAErC,IAAK,IAAIr1B,EAAI,EAAGA,EAAIgvB,GAAWhvB,IAC7Bic,EAAIjc,IAAMo1B,EAAUp1B,GAAKm1B,EAAUn1B,GAErC,OAAOgV,EAAKpV,iBAAiB,CAACy1B,EAAUpZ,GACzC,EASDmQ,QAAS5rB,eAAe6sB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAWvtB,OAASkvB,GAAW,MAAUvvB,MAAM,0BACnD,MAAM41B,EAAWhI,EAAWnmB,SAAS,GAAI8nB,IACnCsG,EAAQjI,EAAWnmB,UAAU8nB,KAEjCmG,EACAC,EACAG,SACQn3B,QAAQ4E,IAAI,CACpBiyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,GACVD,EAAKR,GAAKY,KAENpZ,EAAMsZ,EACZ,IAAK,IAAIv1B,EAAI,EAAGA,EAAIgvB,GAAWhvB,IAC7Bic,EAAIjc,IAAMo1B,EAAUp1B,GAAKm1B,EAAUn1B,GAErC,IAAKgV,EAAKmE,iBAAiBmc,EAAOrZ,GAAM,MAAUxc,MAAM,+BAExD,aADwBktB,EAAI0I,EAAUF,EAE5C,EAEA,CAnHyCV,GAAIV,GAAc,GAAK,EA2HhEiB,GAAIQ,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG1sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAIy1B,EAAW31B,OAAQE,IACrCwsB,EAAM,EAAIxsB,IAAMy1B,EAAWz1B,GAE7B,OAAOwsB,CACT,EAEAwI,GAAIjB,YAAcA,GAClBiB,GAAIV,SAAWA,GACfU,GAAIhG,UAAYA,GClJhB,MAAM+E,GAAc,GAOd/E,GAAY,GAGlB,SAAS0G,GAAI7f,GACX,IAAI6f,EAAM,EACV,IAAK,IAAI11B,EAAI,IAAI6V,EAAI7V,GAAUA,IAAM,EACnC01B,IAEF,OAAOA,CACT,CAEA,SAAS3D,GAAO4D,EAAGC,GACjB,IAAK,IAAI51B,EAAI,EAAGA,EAAI21B,EAAE71B,OAAQE,IAC5B21B,EAAE31B,IAAM41B,EAAE51B,GAEZ,OAAO21B,CACT,CAEA,SAASE,GAAIF,EAAGC,GACd,OAAO7D,GAAO4D,EAAE90B,QAAS+0B,EAC3B,CAEA,MAAM1E,GAAY,IAAIvxB,WAAWo0B,IAC3BS,GAAM,IAAI70B,WAAW,CAAC,IAO5Ba,eAAes1B,GAAIjV,EAAQhS,GACzB,MAAMoS,QAAEA,GAAYD,GAAgBH,GAEpC,IAAK7L,EAAK0H,MAAMmE,IAAWhS,EAAI/O,SAAWmhB,EACxC,MAAUxhB,MAAM,oCAGlB,IAAIs2B,EAAS,EAKb,MAAMC,EAAM3B,GAAYxlB,EAAKqiB,GAAW,CAAExD,gBAAgB,IACpDuI,EAAWlG,GAASiG,EAAIlK,QAAQiE,GAChCmG,EAAWnG,GAASiG,EAAI5J,QAAQ2D,GACtC,IAAIpI,EAmEJ,SAASwO,EAAMhxB,EAAI+I,EAAMse,EAAO0I,GAI9B,MAAMkB,EAAIloB,EAAKpO,OAASi0B,GAAc,GAxDxC,SAA4B7lB,EAAMgnB,GAChC,MAAMmB,EAAYrhB,EAAKsC,MAAM3Q,KAAKC,IAAIsH,EAAKpO,OAAQo1B,EAAMp1B,QAAUi0B,GAAc,GAAK,EACtF,IAAK,IAAI/zB,EAAI+1B,EAAS,EAAG/1B,GAAKq2B,EAAWr2B,IACvC2nB,EAAK3nB,GAAKgV,EAAK6E,OAAO8N,EAAK3nB,EAAI,IAEjC+1B,EAASM,CACb,CAuDIC,CAAmBpoB,EAAMgnB,GAOzB,MAAMqB,EAAcvhB,EAAKpV,iBAAiB,CAACsxB,GAAUhqB,SAAS,EAtIjD,GAsI+DslB,EAAM1sB,QAAS00B,GAAKhI,IAE1FgK,EAAwC,GAA/BD,EAAYxC,IAE3BwC,EAAYxC,KAAoB,IAChC,MAAM0C,EAAOR,EAASM,GAEhBG,EAAY1hB,EAAKpV,iBAAiB,CAAC62B,EAAMZ,GAAIY,EAAKvvB,SAAS,EAAG,GAAIuvB,EAAKvvB,SAAS,EAAG,MAEnF4P,EAAS9B,EAAKgF,WAAW0c,EAAUxvB,SAAS,GAAKsvB,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAatvB,SAAS,GAE/GyvB,EAAW,IAAIh3B,WAAWo0B,IAE1B5B,EAAK,IAAIxyB,WAAWuO,EAAKpO,OAASkvB,IAKxC,IAAIhvB,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIo2B,EAAGp2B,IAEjB+xB,GAAOjb,EAAQ6Q,EAAK+N,GAAI11B,EAAI,KAG5BmyB,EAAG9xB,IAAI0xB,GAAO5sB,EAAG0wB,GAAI/e,EAAQ5I,IAAQ4I,GAAS5W,GAE9C6xB,GAAO4E,EAAUxxB,IAAO8wB,EAAW/nB,EAAOikB,EAAGjrB,SAAShH,IAEtDgO,EAAOA,EAAKhH,SAAS6sB,IACrB7zB,GAAO6zB,GAMT,GAAI7lB,EAAKpO,OAAQ,CAEfiyB,GAAOjb,EAAQ6Q,EAAKjO,GAEpB,MAAM3L,EAAUkoB,EAASnf,GAEzBqb,EAAG9xB,IAAIw1B,GAAI3nB,EAAMH,GAAU7N,GAG3B,MAAM02B,EAAW,IAAIj3B,WAAWo0B,IAChC6C,EAASv2B,IAAI8E,IAAO8wB,EAAW/nB,EAAOikB,EAAGjrB,SAAShH,GAAK,IAAa,GACpE02B,EAAS1oB,EAAKpO,QAAU,IACxBiyB,GAAO4E,EAAUC,GACjB12B,GAAOgO,EAAKpO,MAClB,CAEI,MAAMmc,EAAM8V,GAAOkE,EAASlE,GAAOA,GAAO4E,EAAU7f,GAAS6Q,EAAKkP,IAhHpE,SAAc3B,GACZ,IAAKA,EAAMp1B,OAET,OAAOoxB,GAMT,MAAMkF,EAAIlB,EAAMp1B,OAASi0B,GAAc,EAEjCjd,EAAS,IAAInX,WAAWo0B,IACxBvD,EAAM,IAAI7wB,WAAWo0B,IAC3B,IAAK,IAAI/zB,EAAI,EAAGA,EAAIo2B,EAAGp2B,IACrB+xB,GAAOjb,EAAQ6Q,EAAK+N,GAAI11B,EAAI,KAC5B+xB,GAAOvB,EAAKyF,EAASJ,GAAI/e,EAAQoe,KACjCA,EAAQA,EAAMhuB,SAAS6sB,IAMzB,GAAImB,EAAMp1B,OAAQ,CAChBiyB,GAAOjb,EAAQ6Q,EAAKjO,GAEpB,MAAMod,EAAc,IAAIn3B,WAAWo0B,IACnC+C,EAAYz2B,IAAI60B,EAAO,GACvB4B,EAAY5B,EAAMp1B,QAAU,IAC5BiyB,GAAO+E,EAAahgB,GAEpBib,GAAOvB,EAAKyF,EAASa,GAC3B,CAEI,OAAOtG,CACX,CA8E2E3kB,CAAKqpB,IAO5E,OADA/C,EAAG9xB,IAAI4b,EAAK/b,GACLiyB,CACX,CAGE,OA9IA,WACE,MAAM4E,EAASd,EAAS/E,IAClB8F,EAAShiB,EAAK6E,OAAOkd,GAC3BpP,EAAO,GACPA,EAAK,GAAK3S,EAAK6E,OAAOmd,GAGtBrP,EAAKjO,EAAIqd,EACTpP,EAAKkP,EAAIG,CACb,CAXEC,GAgJO,CAQLnL,QAAStrB,eAAe4sB,EAAWZ,EAAO0I,GACxC,OAAOiB,EAAMF,EAAU7I,EAAWZ,EAAO0I,EAC1C,EASD9I,QAAS5rB,eAAe6sB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAWvtB,OAASkvB,GAAW,MAAUvvB,MAAM,0BAEnD,MAAMwc,EAAMoR,EAAWnmB,UAAS,IAChCmmB,EAAaA,EAAWnmB,SAAS,GAAG,IAEpC,MAAMgwB,EAAUf,EAAMD,EAAU7I,EAAYb,EAAO0I,GAEnD,GAAIlgB,EAAKmE,iBAAiB8C,EAAKib,EAAQhwB,UAAS,KAC9C,OAAOgwB,EAAQhwB,SAAS,GAAG,IAE7B,MAAUzH,MAAM,8BACtB,EAEA,CAQAq2B,GAAIN,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG1sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAIy1B,EAAW31B,OAAQE,IACrCwsB,EAAM,EAAIxsB,IAAMy1B,EAAWz1B,GAE7B,OAAOwsB,CACT,EAEAsJ,GAAI/B,YAAcA,GAClB+B,GAAIxB,SAvPa,GAwPjBwB,GAAI9G,UAAYA,GCxPhB,MAAM5U,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAIdsU,GAAY,GACZmI,GAAO,UAOb32B,eAAe42B,GAAIvW,EAAQhS,GACzB,GAAIgS,IAAWlY,EAAMoC,UAAUK,QAC7ByV,IAAWlY,EAAMoC,UAAUM,QAC3BwV,IAAWlY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,GAAIuV,EAAKuF,gBACP,MAAO,CACLuR,QAAStrB,eAAegzB,EAAIjG,EAAI2H,EAAQ,IAAIv1B,YAC1C,MAAMk1B,EAAK,IAAI5S,GAAWyR,eAAe,OAAuB,EAAb7kB,EAAI/O,OAAc,OAAQ+O,EAAK0e,GAClFsH,EAAGwC,OAAOnC,GACV,MAAM/C,EAAKxX,GAAOjY,OAAO,CAACmyB,EAAGtS,OAAOiR,GAAKqB,EAAGC,QAASD,EAAGyC,eACxD,OAAO,IAAI33B,WAAWwyB,EACvB,EAED/F,QAAS5rB,eAAe2xB,EAAI5E,EAAI2H,EAAQ,IAAIv1B,YAC1C,MAAM43B,EAAK,IAAItV,GAAW+Q,iBAAiB,OAAuB,EAAbnkB,EAAI/O,OAAc,OAAQ+O,EAAK0e,GACpFgK,EAAGF,OAAOnC,GACVqC,EAAGC,WAAWrF,EAAGtxB,MAAMsxB,EAAGryB,OAASkvB,GAAWmD,EAAGryB,SACjD,MAAM0zB,EAAK7Y,GAAOjY,OAAO,CAAC60B,EAAGhV,OAAO4P,EAAGtxB,MAAM,EAAGsxB,EAAGryB,OAASkvB,KAAauI,EAAGzC,UAC5E,OAAO,IAAIn1B,WAAW6zB,EAC9B,GAIE,GAAIxe,EAAKmF,eACP,IACE,MAAMsd,QAAard,GAAUgX,UAAU,MAAOviB,EAAK,CAAE1I,KAAMgxB,KAAQ,EAAO,CAAC,UAAW,YAEhFO,EAAoC7c,UAAU8c,UAAU9Z,MAAM,kCAClEhD,UAAU8c,UAAU9Z,MAAM,kDAC5B,MAAO,CACLiO,QAAStrB,eAAegzB,EAAIjG,EAAI2H,EAAQ,IAAIv1B,YAC1C,GAAI+3B,IAAsClE,EAAG1zB,OAC3C,OAAO83B,GAAY/oB,EAAK0e,EAAI2H,GAAOpJ,QAAQ0H,GAE7C,MAAMrB,QAAW/X,GAAU0R,QAAQ,CAAE3lB,KAAMgxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMjE,GAC9G,OAAO,IAAI7zB,WAAWwyB,EACvB,EAED/F,QAAS5rB,eAAe2xB,EAAI5E,EAAI2H,EAAQ,IAAIv1B,YAC1C,GAAI+3B,GAAqCvF,EAAGryB,SAAWkvB,GACrD,OAAO4I,GAAY/oB,EAAK0e,EAAI2H,GAAO9I,QAAQ+F,GAE7C,IACE,MAAMqB,QAAWpZ,GAAUgS,QAAQ,CAAEjmB,KAAMgxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMtF,GAC9G,OAAO,IAAIxyB,WAAW6zB,EACvB,CAAC,MAAOpxB,GACP,GAAe,mBAAXA,EAAE+D,KACJ,MAAU1G,MAAM,8BAE9B,CACA,EAEK,CAAC,MAAO20B,GAEP,GAAiB,sBAAbA,EAAIjuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAbs0B,EAAIjuB,MAC3B,MAAMiuB,EAERpf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,QACvE,CAGE,MAAO,CACLqa,QAAStrB,eAAegzB,EAAIjG,EAAI2H,GAC9B,OAAO0C,GAAY/oB,EAAK0e,EAAI2H,GAAOpJ,QAAQ0H,EAC5C,EAEDpH,QAAS5rB,eAAe2xB,EAAI5E,EAAI2H,GAC9B,OAAO0C,GAAY/oB,EAAK0e,EAAI2H,GAAO9I,QAAQ+F,EACjD,EAEA,CAWAiF,GAAI5B,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG1sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAIy1B,EAAW31B,OAAQE,IACrCwsB,EAAM,EAAIxsB,IAAMy1B,EAAWz1B,GAE7B,OAAOwsB,CACT,EAEA4K,GAAIrD,YAvGgB,GAwGpBqD,GAAI9C,SAvGa,GAwGjB8C,GAAIpI,UAAYA,GC9HhB,IAAeuC,GAAA,CAEb3C,IAAKA,GAELjiB,IAAKA,GACLC,gBAAiBD,GAEjBF,IAAKA,GAELC,IAAKA,ICjBP,MAAMorB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAEb,SAAUgT,GAAmB3vB,GACjC,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAIR,OAHAxP,EAAMlI,SAAQ2X,IACZD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAEzCkN,OAAO,MAAQnN,EACxB,CAEgB,SAAAogB,GAAIzb,EAAW4Z,GAC7B,MAAM8B,EAAU1b,EAAI4Z,EACpB,OAAO8B,EAAUJ,GAAMI,EAAU9B,EAAI8B,CACvC,UASgBC,GAAOpiB,EAAW3T,EAAWyT,GAC3C,GAAIA,IAAMiiB,GAAK,MAAMr4B,MAAM,yBAC3B,GAAIoW,IAAMkiB,GAAK,OAAO/S,OAAO,GAC7B,GAAI5iB,EAAI01B,GAAK,MAAMr4B,MAAM,iCAEzB,IAAI24B,EAAMh2B,EACNsX,EAAI3D,EAER2D,GAAK7D,EACL,IAAI8D,EAAIqL,OAAO,GACf,KAAOoT,EAAMN,IAAK,CAChB,MAAMO,EAAMD,EAAML,GAClBK,IAAQL,GAIRpe,EAAI0e,EAFQ1e,EAAID,EAAK7D,EAEN8D,EACfD,EAAKA,EAAIA,EAAK7D,EAEhB,OAAO8D,CACT,CAGA,SAAS2e,GAAI5e,GACX,OAAOA,GAAKoe,GAAMpe,GAAKA,CACzB,CAsDgB,SAAA6e,GAAO/b,EAAW3G,GAChC,MAAM2iB,IAAEA,EAAG9e,EAAEA,GA7Cf,SAAe+e,EAAgBC,GAC7B,IAAIhf,EAAIsL,OAAO,GACX2T,EAAI3T,OAAO,GACX4T,EAAQ5T,OAAO,GACf6T,EAAQ7T,OAAO,GAKfxI,EAAI8b,GAAIG,GACR1iB,EAAIuiB,GAAII,GACZ,MAAMI,EAAWL,EAASX,GACpBiB,EAAWL,EAASZ,GAE1B,KAAO/hB,IAAM+hB,IAAK,CAChB,MAAMlW,EAAIpF,EAAIzG,EACd,IAAIwT,EAAM7P,EACVA,EAAIkf,EAAQhX,EAAIlI,EAChBkf,EAAQrP,EAERA,EAAMoP,EACNA,EAAIE,EAAQjX,EAAI+W,EAChBE,EAAQtP,EAERA,EAAMxT,EACNA,EAAIyG,EAAIzG,EACRyG,EAAI+M,EAGN,MAAO,CACL7P,EAAGof,GAAYF,EAAQA,EACvBD,EAAGI,GAAYF,EAAQA,EACvBL,IAAKhc,EAET,CAWqBwc,CAAMxc,EAAG3G,GAC5B,GAAI2iB,IAAQT,GACV,MAAUt4B,MAAM,0BAElB,OAAOw4B,GAAIve,EAAI7D,EAAGA,EACpB,CAwBM,SAAUojB,GAAevf,GAC7B,MAAMwf,EAAS/T,OAAOzL,GACtB,GAAIwf,EAAS/T,OAAOgU,iBAElB,MAAU15B,MAAM,8CAElB,OAAOy5B,CACT,CAQgB,SAAAE,GAAO1f,EAAU1Z,GAE/B,OADa0Z,GAAKsL,OAAOhlB,GAAM+3B,MAChBD,GAAM,EAAI,CAC3B,CAKM,SAAUuB,GAAU3f,GAGxB,MAAMhW,EAASgW,EAAIoe,GAAM9S,QAAQ,GAAK8S,GACtC,IAAIwB,EAAS,EACT/P,EAAM7P,EAEV,MAAQ6P,IAAQwO,MAASr0B,GACvB41B,IAEF,OAAOA,CACT,CAKM,SAAU9wB,GAAWkR,GACzB,MAAMhW,EAASgW,EAAIoe,GAAM9S,QAAQ,GAAK8S,GAChCyB,EAAMvU,OAAO,GACnB,IAAIoG,EAAM,EACN7B,EAAM7P,EAEV,MAAQ6P,IAAQgQ,KAAS71B,GACvB0nB,IAEF,OAAOA,CACT,CAQM,SAAUoO,GAAmB9f,EAAW+f,EAAS,KAAM35B,GAG3D,IAAI0X,EAAMkC,EAAEgF,SAAS,IACjBlH,EAAI1X,OAAS,GAAM,IACrB0X,EAAM,IAAMA,GAGd,MAAMkiB,EAAYliB,EAAI1X,OAAS,EACzBuI,EAAQ,IAAI1I,WAAWG,GAAU45B,GAEjC5iB,EAAShX,EAASA,EAAS45B,EAAY,EAC7C,IAAI15B,EAAI,EACR,KAAOA,EAAI05B,GACTrxB,EAAMrI,EAAI8W,GAAUY,SAASF,EAAI3W,MAAM,EAAIb,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXy5B,GACFpxB,EAAM0gB,UAGD1gB,CACT,CC7LA,MAAM4Z,GAAajN,EAAKuF,gBAOjB,SAASof,GAAe75B,GAC7B,MAAM0a,EAA8B,oBAAXH,OAAyBA,OAAS4H,IAAYzH,UACvE,GAAIA,GAAWof,gBAAiB,CAC9B,MAAM9c,EAAM,IAAInd,WAAWG,GAC3B,OAAO0a,EAAUof,gBAAgB9c,EACrC,CACI,MAAUrd,MAAM,+CAEpB,CASO,SAASo6B,GAAoB/V,EAAKld,GACvC,GAAIA,EAAMkd,EACR,MAAUrkB,MAAM,uCAGlB,MAAMq6B,EAAUlzB,EAAMkd,EAOtB,OAAOmU,GADGD,GAAmB2B,GALfnxB,GAAWsxB,GAK2B,IACtCA,GAAWhW,CAC3B,8FCvCA,MAAMiU,GAAM/S,OAAO,YAQH+U,GAAoB7f,EAAc9X,EAAWqV,GAC3D,MAAMuiB,EAAOhV,OAAO,IACdlB,EAAMiU,IAAO/S,OAAO9K,EAAO,GAO3B+f,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAErG,IAAIpkB,EAAIgkB,GAAoB/V,EAAKA,GAAOiU,IACpC/3B,EAAIi5B,GAAehB,GAAIpiB,EAAGmkB,IAE9B,GACEnkB,GAAKmP,OAAOiV,EAAKj6B,IACjBA,GAAKA,EAAIi6B,EAAKj6B,IAAMi6B,EAAKn6B,OAErBu5B,GAAUxjB,GAAKqE,IACjBrE,EAAIoiB,GAAIpiB,EAAGiO,GAAOiU,IAAMliB,GAAKiO,EAC7B9jB,EAAIi5B,GAAehB,GAAIpiB,EAAGmkB,YAEpBE,GAAgBrkB,EAAGzT,EAAGqV,IAChC,OAAO5B,CACT,UAQgBqkB,GAAgBrkB,EAAWzT,EAAWqV,GACpD,QAAIrV,GFsDU,SAAIq2B,EAAgBC,GAClC,IAAIlc,EAAIic,EACJ1iB,EAAI2iB,EACR,KAAO3iB,IAAM+hB,IAAK,CAChB,MAAMvO,EAAMxT,EACZA,EAAIyG,EAAIzG,EACRyG,EAAI+M,EAEN,OAAO/M,CACT,CE/DWgc,CAAI3iB,EAAIkiB,GAAK31B,KAAO21B,QA2BzB,SAAuBliB,GAC3B,MAAMiiB,EAAM9S,OAAO,GACnB,OAAOmV,GAAYC,OAAMhE,GAAK6B,GAAIpiB,EAAGugB,KAAO0B,GAC9C,CA3BOuC,CAAaxkB,OAoBd,SAAiBA,EAAWE,EAAIiP,OAAO,IAC3C,OAAOmT,GAAOpiB,EAAGF,EAAIkiB,GAAKliB,KAAOkiB,EACnC,CAnBOuC,CAAOzkB,eAoJcA,EAAW4B,GACrC,MAAM2T,EAAMiO,GAAUxjB,GAEjB4B,IACHA,EAAI9Q,KAAKC,IAAI,EAAIwkB,EAAM,GAAM,IAG/B,MAAMmP,EAAK1kB,EAAIkiB,GAGf,IAAIlgB,EAAI,EACR,MAAQuhB,GAAOmB,EAAI1iB,IAAMA,IACzB,MAAMwJ,EAAIxL,GAAKmP,OAAOnN,GAEtB,KAAOJ,EAAI,EAAGA,IAAK,CAGjB,IAKIzX,EALA0Z,EAAIye,GAFkB0B,GAAoB7U,OAAO,GAAIuV,GAEvClZ,EAAGxL,GACrB,GAAI6D,IAAMqe,IAAOre,IAAM6gB,EAAvB,CAKA,IAAKv6B,EAAI,EAAGA,EAAI6X,EAAG7X,IAAK,CAGtB,GAFA0Z,EAAIue,GAAIve,EAAIA,EAAG7D,GAEX6D,IAAMqe,GACR,OAAO,EAET,GAAIre,IAAM6gB,EACR,MAIJ,GAAIv6B,IAAM6X,EACR,OAAO,GAIX,OAAO,CACT,CAzLO2iB,CAAY3kB,EAAG4B,IAMtB,CAkBA,MAAM0iB,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MACpCt3B,KAAIgT,GAAKmP,OAAOnP,KCjJlB,MAAM4kB,GAAe,GAyCd,SAASC,GAAUjpB,EAASkpB,GACjC,MAAMC,EAAUnpB,EAAQ3R,OAExB,GAAI86B,EAAUD,EAAY,GACxB,MAAUl7B,MAAM,oBAIlB,MAAMo7B,EA7BR,SAAyB/6B,GACvB,MAAMG,EAAS,IAAIN,WAAWG,GAC9B,IAAIg7B,EAAQ,EACZ,KAAOA,EAAQh7B,GAAQ,CACrB,MAAMi7B,EAAcpB,GAAe75B,EAASg7B,GAC5C,IAAK,IAAI96B,EAAI,EAAGA,EAAI+6B,EAAYj7B,OAAQE,IACf,IAAnB+6B,EAAY/6B,KACdC,EAAO66B,KAAWC,EAAY/6B,GAGtC,CACE,OAAOC,CACT,CAiBa+6B,CAAgBL,EAAYC,EAAU,GAG3C5d,EAAU,IAAIrd,WAAWg7B,GAM/B,OAJA3d,EAAQ,GAAK,EACbA,EAAQ3c,IAAIw6B,EAAI,GAEhB7d,EAAQ3c,IAAIoR,EAASkpB,EAAYC,GAC1B5d,CACT,CAUO,SAASie,GAAUje,EAASke,GAEjC,IAAIpkB,EAAS,EACTqkB,EAAoB,EACxB,IAAK,IAAI9iB,EAAIvB,EAAQuB,EAAI2E,EAAQld,OAAQuY,IACvC8iB,GAAoC,IAAfne,EAAQ3E,GAC7BvB,GAAUqkB,EAGZ,MAAMC,EAAQtkB,EAAS,EACjBukB,EAAUre,EAAQ9V,SAAS4P,EAAS,GACpCwkB,EAAgC,IAAfte,EAAQ,GAA0B,IAAfA,EAAQ,GAAWoe,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOlmB,EAAKsH,iBAAiBgf,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAU57B,MAAM,mBAClB,CAUO,SAAS87B,GAAW5a,EAAM6a,EAAQC,GACvC,IAAIz7B,EACJ,GAAIw7B,EAAO17B,SAAW+L,GAAKwX,kBAAkB1C,GAC3C,MAAUlhB,MAAM,uBAIlB,MAAMi8B,EAAa,IAAI/7B,WAAW86B,GAAa9Z,GAAM7gB,QACrD,IAAKE,EAAI,EAAGA,EAAIy6B,GAAa9Z,GAAM7gB,OAAQE,IACzC07B,EAAW17B,GAAKy6B,GAAa9Z,GAAM3gB,GAGrC,MAAM27B,EAAOD,EAAW57B,OAAS07B,EAAO17B,OACxC,GAAI27B,EAAQE,EAAO,GACjB,MAAUl8B,MAAM,6CAIlB,MAAMo7B,EAAK,IAAIl7B,WAAW87B,EAAQE,EAAO,GAAGnW,KAAK,KAI3CoW,EAAK,IAAIj8B,WAAW87B,GAK1B,OAJAG,EAAG,GAAK,EACRA,EAAGv7B,IAAIw6B,EAAI,GACXe,EAAGv7B,IAAIq7B,EAAYD,EAAQE,GAC3BC,EAAGv7B,IAAIm7B,EAAQC,EAAQD,EAAO17B,QACvB87B,CACT,CAhIAnB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGCfd,MAAMrgB,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAClBwd,GAAM/S,OAAO,GAuXnBxkB,eAAeq7B,GAAahmB,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GACzC,MAAMC,EAAO/D,GAAmB9M,GAC1B8Q,EAAOhE,GAAmBpW,GAC1Bqa,EAAOjE,GAAmB3W,GAEhC,IAAI6a,EAAKjE,GAAIgE,EAAMD,EAAOjE,IACtBoE,EAAKlE,GAAIgE,EAAMF,EAAOhE,IAG1B,OAFAoE,EAAK3C,GAAmB2C,GACxBD,EAAK1C,GAAmB0C,GACjB,CACLE,IAAK,MACLvmB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBif,EAAG5D,EAAgB4D,GAEnB6J,EAAGzN,EAAgBmE,GACnBA,EAAGnE,EAAgByN,GAEnBiR,GAAI1e,EAAgBye,GACpBA,GAAIze,EAAgB0e,GACpBE,GAAI5e,EAAgBqe,GACpBQ,KAAK,EAET,CAQA,SAASC,GAAY1mB,EAAGzT,GACtB,MAAO,CACLg6B,IAAK,MACLvmB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBk6B,KAAK,EAET,CAGA,SAASE,GAAaC,EAAKr6B,GACzB,MAAO,CACLyT,EAAGyH,EAAgBmf,EAAI5mB,GACvBzT,EAAGo3B,GAAmBp3B,GACtBif,EAAG/D,EAAgBmf,EAAIpb,GAEvB6J,EAAG5N,EAAgBmf,EAAI7a,GACvBA,EAAGtE,EAAgBmf,EAAIvR,GAEvB4Q,EAAGxe,EAAgBmf,EAAIJ,IAE3B,2DA7UO77B,eAAuBuE,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGZ,GAIpD,GAAIlmB,EAAKuF,kBAAoB2gB,EAC3B,IACE,aAiON16B,eAA2BuE,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GAC9C,MAAMW,QAAYZ,GAAahmB,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GACxCjtB,EAAM,CAAEA,IAAK4tB,EAAKC,OAAQ,MAAQvqB,KAAM,QAASpE,QAASkU,GAAW0a,UAAUC,mBAErF,IACE,OAAO,IAAIj9B,WAAWsiB,GAAW4a,eAAehuB,EAAK9J,GACtD,CAAC,MAAOqvB,GACP,MAAU30B,MAAM,mBACpB,CACA,CA1OmBwzB,CAAYluB,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAC/C,CAAC,MAAO1H,GACPpf,EAAKyE,gBAAgB2a,EAC3B,CAEE,OAuOF5zB,eAAyBuE,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGZ,GAQ/C,GAPAn2B,EAAOizB,GAAmBjzB,GAC1B8Q,EAAImiB,GAAmBniB,GACvBzT,EAAI41B,GAAmB51B,GACvBif,EAAI2W,GAAmB3W,GACvB6J,EAAI8M,GAAmB9M,GACvBtJ,EAAIoW,GAAmBpW,GACvBka,EAAI9D,GAAmB8D,GACnB/2B,GAAQ8Q,EACV,MAAUpW,MAAM,mBAElB,MAAMy8B,EAAKjE,GAAI5W,EAAGO,EAAImW,IAChBoE,EAAKlE,GAAI5W,EAAG6J,EAAI6M,IAEhB+E,EAAYjD,GAAoB7U,OAAO,GAAInP,GAC3CknB,EAAU5E,GAAOI,GAAOuE,EAAWjnB,GAAIzT,EAAGyT,GAChD9Q,EAAOkzB,GAAIlzB,EAAOg4B,EAASlnB,GAE3B,MAAMmnB,EAAK7E,GAAOpzB,EAAMo3B,EAAIjR,GACtB+R,EAAK9E,GAAOpzB,EAAMm3B,EAAIta,GACtB0N,EAAI2I,GAAI6D,GAAKmB,EAAKD,GAAKpb,GAE7B,IAAI3hB,EAASqvB,EAAIpE,EAAI8R,EAIrB,OAFA/8B,EAASg4B,GAAIh4B,EAAS68B,EAAWjnB,GAE1BolB,GAAUzB,GAAmBv5B,EAAQ,KAAMuI,GAAWqN,IAAKqlB,EACpE,CAlQSgC,CAAUn4B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGZ,EAC3C,UAlCO16B,eAAuBuE,EAAM8Q,EAAGzT,GACrC,OAAI4S,EAAKuF,gBA2OX/Z,eAA2BuE,EAAM8Q,EAAGzT,GAClC,MAAMq6B,EAAMF,GAAY1mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK4tB,EAAKC,OAAQ,MAAOvqB,KAAM,QAASpE,QAASkU,GAAW0a,UAAUC,mBAEpF,OAAO,IAAIj9B,WAAWsiB,GAAWkb,cAActuB,EAAK9J,GACtD,CA/OW4uB,CAAY5uB,EAAM8Q,EAAGzT,GAiPhC5B,eAAyBuE,EAAM8Q,EAAGzT,GAIhC,GAHAyT,EAAImiB,GAAmBniB,GACvB9Q,EAAOizB,GAAmB0C,GAAU31B,EAAMyD,GAAWqN,KACrDzT,EAAI41B,GAAmB51B,GACnB2C,GAAQ8Q,EACV,MAAUpW,MAAM,2CAElB,OAAO+5B,GAAmBrB,GAAOpzB,EAAM3C,EAAGyT,GAAI,KAAMrN,GAAWqN,GACjE,CAvPSunB,CAAUr4B,EAAM8Q,EAAGzT,EAC5B,WA4CO5B,eAAwB0Z,EAAM9X,GAInC,GAHAA,EAAI4iB,OAAO5iB,GAGP4S,EAAKmF,eAAgB,CACvB,MAAMkjB,EAAY,CAChBl3B,KAAM,oBACNm3B,cAAepjB,EACfqjB,eAAgB/D,GAAmBp3B,GACnCyJ,KAAM,CACJ1F,KAAM,UAGJq3B,QAAgBpjB,GAAUqjB,YAAYJ,GAAW,EAAM,CAAC,OAAQ,WAMtE,OAAOb,SAFWpiB,GAAUsjB,UAAU,MAAOF,EAAQ9rB,YAE5BtP,EAC7B,CAAS,GAAI4S,EAAKuF,gBAAiB,CAC/B,MAAMiT,EAAO,CACX8P,cAAepjB,EACfqjB,eAAgBtE,GAAe72B,GAC/Bu7B,kBAAmB,CAAExrB,KAAM,QAASuqB,OAAQ,OAC5CkB,mBAAoB,CAAEzrB,KAAM,QAASuqB,OAAQ,QAEzCD,QAAY,IAAIr+B,SAAQ,CAACC,EAASC,KACtC2jB,GAAW4b,gBAAgB,MAAOrQ,GAAM,CAAC4G,EAAKpK,EAAG8T,KAC3C1J,EACF91B,EAAO81B,GAEP/1B,EAAQy/B,EAClB,GACQ,IAEJ,OAAOtB,GAAaC,EAAKr6B,EAC7B,CAKE,IAAI8oB,EACAtJ,EACA/L,EACJ,GACE+L,EAAImY,GAAoB7f,GAAQA,GAAQ,GAAI9X,EAAG,IAC/C8oB,EAAI6O,GAAoB7f,GAAQ,EAAG9X,EAAG,IACtCyT,EAAIqV,EAAItJ,QACDyX,GAAUxjB,KAAOqE,GAE1B,MAAM6jB,GAAO7S,EAAI6M,KAAQnW,EAAImW,IAM7B,OAJInW,EAAIsJ,KACLA,EAAGtJ,GAAK,CAACA,EAAGsJ,IAGR,CACLrV,EAAG2jB,GAAmB3jB,GACtBzT,EAAGo3B,GAAmBp3B,GACtBif,EAAGmY,GAAmBjB,GAAOn2B,EAAG27B,IAChC7S,EAAGsO,GAAmBtO,GACtBtJ,EAAG4X,GAAmB5X,GAGtBka,EAAGtC,GAAmBjB,GAAOrN,EAAGtJ,IAEpC,OA7KOphB,eAAoBw9B,EAAUj5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGN,GAC3D,GAAI3vB,GAAKwX,kBAAkB2a,IAAanoB,EAAE/V,OAKxC,MAAUL,MAAM,8CAGlB,GAAIsF,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aA2NR3Z,eAAuBy9B,EAAUl5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GAQpD,MAAMW,QAAYZ,GAAahmB,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GACxCnb,EAAO,CACXxa,KAAM,oBACN0F,KAAM,CAAE1F,KAAM83B,IAEVpvB,QAAYuL,GAAUgX,UAAU,MAAOqL,EAAK9b,GAAM,EAAO,CAAC,SAChE,OAAO,IAAIhhB,iBAAiBya,GAAU8jB,KAAK,oBAAqBrvB,EAAK9J,GACvE,CA1OqBo5B,CAAQx1B,EAAMpI,KAAKoI,EAAM4D,QAASyxB,GAAWj5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAChF,CAAC,MAAO1H,GACPpf,EAAKyE,gBAAgB2a,EAC7B,MACW,GAAIpf,EAAKuF,gBACd,OAuON/Z,eAAwBw9B,EAAUj5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GACrD,MAAMoC,EAAOjc,GAAWmc,WAAWz1B,EAAMpI,KAAKoI,EAAMkD,KAAMmyB,IAC1DE,EAAKj9B,MAAM8D,GACXm5B,EAAK13B,MAEL,MAAMi2B,QAAYZ,GAAahmB,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GAC9C,OAAO,IAAIn8B,WAAWu+B,EAAKA,KAAK,CAAErvB,IAAK4tB,EAAKC,OAAQ,MAAOvqB,KAAM,UACnE,CA9OaksB,CAASL,EAAUj5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GAGnD,OA4MFt7B,eAAsBw9B,EAAUnoB,EAAGwL,EAAGma,GACpC3lB,EAAImiB,GAAmBniB,GACvB,MAAMugB,EAAI4B,GAAmBuD,GAAWyC,EAAUxC,EAAQhzB,GAAWqN,KAErE,OADAwL,EAAI2W,GAAmB3W,GAChBmY,GAAmBrB,GAAO/B,EAAG/U,EAAGxL,GAAI,KAAMrN,GAAWqN,GAC9D,CAjNSyoB,CAAON,EAAUnoB,EAAGwL,EAAGma,EAChC,iBAqKOh7B,eAA8BqV,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,GAMlD,GALAjmB,EAAImiB,GAAmBniB,IACvBqV,EAAI8M,GAAmB9M,KACvBtJ,EAAIoW,GAAmBpW,MAGP/L,EACd,OAAO,EAGT,MAAM0oB,EAAMvZ,OAAO,GAGnB,GAAIiT,GAAI/M,GADR4Q,EAAI9D,GAAmB8D,IACRla,KAAOoD,OAAO,GAC3B,OAAO,EAGT5iB,EAAI41B,GAAmB51B,GACvBif,EAAI2W,GAAmB3W,GAQvB,MACM1H,EAAIkgB,GAAoB0E,EAAKA,GADhBvZ,OAAOre,KAAK0P,MAAMgjB,GAAUxjB,GAAK,KAE9C2oB,EAAM7kB,EAAI0H,EAAIjf,EAGpB,QADoB61B,GAAIuG,EAAKtT,EAAI6M,MAASpe,GAAKse,GAAIuG,EAAK5c,EAAImW,MAASpe,EAMvE,SA5LOnZ,eAAsBw9B,EAAUj5B,EAAM8S,EAAGhC,EAAGzT,EAAGo5B,GACpD,GAAIz2B,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aAuOR3Z,eAAyBy9B,EAAUl5B,EAAM8S,EAAGhC,EAAGzT,GAC7C,MAAMq6B,EAAMF,GAAY1mB,EAAGzT,GACrByM,QAAYuL,GAAUgX,UAAU,MAAOqL,EAAK,CAChDt2B,KAAM,oBACN0F,KAAM,CAAE1F,KAAO83B,KACd,EAAO,CAAC,WACX,OAAO7jB,GAAUqkB,OAAO,oBAAqB5vB,EAAKgJ,EAAG9S,EACvD,CA9OqB25B,CAAU/1B,EAAMpI,KAAKoI,EAAM4D,QAASyxB,GAAWj5B,EAAM8S,EAAGhC,EAAGzT,EACzE,CAAC,MAAOgyB,GACPpf,EAAKyE,gBAAgB2a,EAC7B,MACW,GAAIpf,EAAKuF,gBACd,OA2ON/Z,eAA0Bw9B,EAAUj5B,EAAM8S,EAAGhC,EAAGzT,GAC9C,MAAMq6B,EAAMF,GAAY1mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK4tB,EAAKC,OAAQ,MAAOvqB,KAAM,SAEvCssB,EAASxc,GAAW0c,aAAah2B,EAAMpI,KAAKoI,EAAMkD,KAAMmyB,IAC9DS,EAAOx9B,MAAM8D,GACb05B,EAAOj4B,MAEP,IACE,OAAOi4B,EAAOA,OAAO5vB,EAAKgJ,EAC3B,CAAC,MAAOuc,GACP,OAAO,CACX,CACA,CAxPawK,CAAWZ,EAAUj5B,EAAM8S,EAAGhC,EAAGzT,GAG5C,OAmNF5B,eAAwBw9B,EAAUnmB,EAAGhC,EAAGzT,EAAGo5B,GAIzC,GAHA3lB,EAAImiB,GAAmBniB,GACvBgC,EAAImgB,GAAmBngB,GACvBzV,EAAI41B,GAAmB51B,GACnByV,GAAKhC,EACP,MAAUpW,MAAM,6CAElB,MAAMo/B,EAAMrF,GAAmBrB,GAAOtgB,EAAGzV,EAAGyT,GAAI,KAAMrN,GAAWqN,IAC3DipB,EAAMvD,GAAWyC,EAAUxC,EAAQhzB,GAAWqN,IACpD,OAAOb,EAAKmE,iBAAiB0lB,EAAKC,EACpC,CA7NSC,CAASf,EAAUnmB,EAAGhC,EAAGzT,EAAGo5B,EACrC,ICrEA,MAAMzD,GAAM/S,OAAO,6DAyCZxkB,eAAuBw+B,EAAIC,EAAI/T,EAAGxR,EAAGwhB,GAO1C,OANA8D,EAAKhH,GAAmBgH,GACxBC,EAAKjH,GAAmBiH,GACxB/T,EAAI8M,GAAmB9M,GAIhB+P,GAAUzB,GADFvB,GAAIM,GAAOJ,GAAO6G,EAFjCtlB,EAAIse,GAAmBte,GAEiBwR,GAAIA,GAAK+T,EAAI/T,GACT,KAAM1iB,GAAW0iB,IAAKgQ,EACpE,UArCO16B,eAAuBuE,EAAMmmB,EAAGyE,EAAGgJ,GACxCzN,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEvB,MACMvC,EAAI4B,GADK0C,GAAU31B,EAAMyD,GAAW0iB,KAKpCzT,EAAIoiB,GAAoB9B,GAAK7M,EAAI6M,IACvC,MAAO,CACLiH,GAAIxF,GAAmBrB,GAAOxI,EAAGlY,EAAGyT,IACpC+T,GAAIzF,GAAmBvB,GAAIE,GAAOQ,EAAGlhB,EAAGyT,GAAKkL,EAAGlL,IAEpD,iBAiCO1qB,eAA8B0qB,EAAGyE,EAAGgJ,EAAGjf,GAM5C,GALAwR,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAGnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAIT,MAAMgU,EAAQla,OAAOqU,GAAUnO,IAE/B,GAAIgU,EADWla,OAAO,MAEpB,OAAO,EAOT,GAAImT,GAAOxI,EAAGzE,EAAI6M,GAAK7M,KAAO6M,GAC5B,OAAO,EAST,IAAInP,EAAM+G,EACN3vB,EAAIglB,OAAO,GACf,MAAMuZ,EAAMvZ,OAAO,GACbma,EAAYZ,GAAOvZ,OAAO,IAChC,KAAOhlB,EAAIm/B,GAAW,CAEpB,GADAvW,EAAMqP,GAAIrP,EAAM+G,EAAGzE,GACftC,IAAQmP,GACV,OAAO,EAET/3B,GACJ,CAQE0Z,EAAIse,GAAmBte,GACvB,MAAMC,EAAIkgB,GAAoB0E,GAAQW,EAAQnH,GAAMwG,GAAOW,GAE3D,OAAIvG,IAAMR,GAAOxI,GADJzE,EAAI6M,IAAOpe,EAAID,EACHwR,EAK3B,IC7IO,MAAM7Q,GACW,iBAAfjb,GAA2B,WAAYA,EAAaA,EAAWib,YAAS/Z,ECC3E8+B,GAAO,CAAE,EASf,IAAIC,GAAK,SAASC,GAChB,IAAIt/B,EAAG2Z,EAAI,IAAI4lB,aAAa,IAC5B,GAAID,EAAM,IAAKt/B,EAAI,EAAGA,EAAIs/B,EAAKx/B,OAAQE,IAAK2Z,EAAE3Z,GAAKs/B,EAAKt/B,GACxD,OAAO2Z,CACT,EAGI6lB,GAAc,WAAuB,MAAU//B,MAAM,UAAa,EAElEggC,GAAK,IAAI9/B,WAAW,IAAK8/B,GAAG,GAAK,EAErC,IAAIC,GAAML,KACNM,GAAMN,GAAG,CAAC,IACVO,GAAUP,GAAG,CAAC,MAAQ,IACtBQ,GAAIR,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIS,GAAKT,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIU,GAAIV,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIW,GAAIX,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIY,GAAIZ,GAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAEpI,SAASa,GAAKxmB,EAAG1Z,EAAGsvB,EAAG6Q,GACrBzmB,EAAE1Z,GAAQsvB,GAAK,GAAM,IACrB5V,EAAE1Z,EAAE,GAAMsvB,GAAK,GAAM,IACrB5V,EAAE1Z,EAAE,GAAMsvB,GAAM,EAAK,IACrB5V,EAAE1Z,EAAE,GAAS,IAAJsvB,EACT5V,EAAE1Z,EAAE,GAAMmgC,GAAK,GAAO,IACtBzmB,EAAE1Z,EAAE,GAAMmgC,GAAK,GAAO,IACtBzmB,EAAE1Z,EAAE,GAAMmgC,GAAM,EAAM,IACtBzmB,EAAE1Z,EAAE,GAAS,IAAJmgC,CACX,CAQA,SAASC,GAAiB1mB,EAAG2mB,EAAI1H,EAAG2H,GAClC,OAPF,SAAY5mB,EAAG2mB,EAAI1H,EAAG2H,EAAIzqB,GACxB,IAAI7V,EAAEqhB,EAAI,EACV,IAAKrhB,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKqhB,GAAK3H,EAAE2mB,EAAGrgC,GAAG24B,EAAE2H,EAAGtgC,GAC1C,OAAQ,EAAMqhB,EAAI,IAAO,GAAM,CACjC,CAGSkf,CAAG7mB,EAAE2mB,EAAG1H,EAAE2H,EAAG,GACtB,CAEA,SAASE,GAAS7mB,EAAG6C,GACnB,IAAIxc,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAU,EAALwc,EAAExc,EACpC,CAEA,SAASygC,GAAS9S,GAChB,IAAI3tB,EAAG8X,EAAGsJ,EAAI,EACd,IAAKphB,EAAI,EAAGA,EAAI,GAAIA,IAClB8X,EAAI6V,EAAE3tB,GAAKohB,EAAI,MACfA,EAAIza,KAAK0P,MAAMyB,EAAI,OACnB6V,EAAE3tB,GAAK8X,EAAQ,MAAJsJ,EAEbuM,EAAE,IAAMvM,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAASsf,GAASxV,EAAGtJ,EAAG7L,GAEtB,IADA,IAAI6D,EAAGwH,IAAMrL,EAAE,GACN/V,EAAI,EAAGA,EAAI,GAAIA,IACtB4Z,EAAIwH,GAAK8J,EAAElrB,GAAK4hB,EAAE5hB,IAClBkrB,EAAElrB,IAAM4Z,EACRgI,EAAE5hB,IAAM4Z,CAEZ,CAEA,SAAS+mB,GAAUhT,EAAG9X,GACpB,IAAI7V,EAAGqY,EAAGtC,EACNqgB,EAAIiJ,KAAMzlB,EAAIylB,KAClB,IAAKr/B,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK6V,EAAE7V,GAIlC,IAHAygC,GAAS7mB,GACT6mB,GAAS7mB,GACT6mB,GAAS7mB,GACJvB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADA+d,EAAE,GAAKxc,EAAE,GAAK,MACT5Z,EAAI,EAAGA,EAAI,GAAIA,IAClBo2B,EAAEp2B,GAAK4Z,EAAE5Z,GAAK,OAAWo2B,EAAEp2B,EAAE,IAAI,GAAM,GACvCo2B,EAAEp2B,EAAE,IAAM,MAEZo2B,EAAE,IAAMxc,EAAE,IAAM,OAAWwc,EAAE,KAAK,GAAM,GACxCrgB,EAAKqgB,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACTsK,GAAS9mB,EAAGwc,EAAG,EAAErgB,EACrB,CACE,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,IAClB2tB,EAAE,EAAE3tB,GAAY,IAAP4Z,EAAE5Z,GACX2tB,EAAE,EAAE3tB,EAAE,GAAK4Z,EAAE5Z,IAAI,CAErB,CAEA,SAAS4gC,GAASpkB,EAAGzG,GACnB,IAAIqL,EAAI,IAAIzhB,WAAW,IAAK0hB,EAAI,IAAI1hB,WAAW,IAG/C,OAFAghC,GAAUvf,EAAG5E,GACbmkB,GAAUtf,EAAGtL,GACNqqB,GAAiBhf,EAAG,EAAGC,EAAG,EACnC,CAEA,SAASwf,GAASrkB,GAChB,IAAI6E,EAAI,IAAI1hB,WAAW,IAEvB,OADAghC,GAAUtf,EAAG7E,GACC,EAAP6E,EAAE,EACX,CAEA,SAASyf,GAAYnT,EAAG9X,GACtB,IAAI7V,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2tB,EAAE3tB,GAAK6V,EAAE,EAAE7V,IAAM6V,EAAE,EAAE7V,EAAE,IAAM,GACtD2tB,EAAE,KAAO,KACX,CAEA,SAASoT,GAAEpT,EAAGnR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK2tB,EAAE3tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASghC,GAAErT,EAAGnR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK2tB,EAAE3tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASihC,GAAEtT,EAAGnR,EAAGzG,GACf,IAAI+B,EAAGsJ,EACJ4K,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAI+U,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK9sB,EAAE,GACP+sB,EAAK/sB,EAAE,GACPgtB,EAAKhtB,EAAE,GACPitB,EAAKjtB,EAAE,GACPktB,EAAKltB,EAAE,GACPmtB,EAAKntB,EAAE,GACPotB,EAAKptB,EAAE,GACPqtB,EAAKrtB,EAAE,GACPstB,EAAKttB,EAAE,GACPutB,EAAKvtB,EAAE,GACPwtB,EAAMxtB,EAAE,IACRytB,EAAMztB,EAAE,IACR0tB,EAAM1tB,EAAE,IACR2tB,EAAM3tB,EAAE,IACR4tB,EAAM5tB,EAAE,IACR6tB,EAAM7tB,EAAE,IAGViW,IADAlU,EAAI0E,EAAE,IACIqmB,EACV5W,GAAMnU,EAAIgrB,EACV5W,GAAMpU,EAAIirB,EACV5W,GAAMrU,EAAIkrB,EACV9B,GAAMppB,EAAImrB,EACV9B,GAAMrpB,EAAIorB,EACV9B,GAAMtpB,EAAIqrB,EACV9B,GAAMvpB,EAAIsrB,EACV9B,GAAMxpB,EAAIurB,EACV9B,GAAMzpB,EAAIwrB,EACV9B,GAAO1pB,EAAIyrB,EACX9B,GAAO3pB,EAAI0rB,EACX9B,GAAO5pB,EAAI2rB,EACX9B,GAAO7pB,EAAI4rB,EACX9B,GAAO9pB,EAAI6rB,EACX9B,GAAO/pB,EAAI8rB,EAEX3X,IADAnU,EAAI0E,EAAE,IACIqmB,EACV3W,GAAMpU,EAAIgrB,EACV3W,GAAMrU,EAAIirB,EACV7B,GAAMppB,EAAIkrB,EACV7B,GAAMrpB,EAAImrB,EACV7B,GAAMtpB,EAAIorB,EACV7B,GAAMvpB,EAAIqrB,EACV7B,GAAMxpB,EAAIsrB,EACV7B,GAAMzpB,EAAIurB,EACV7B,GAAO1pB,EAAIwrB,EACX7B,GAAO3pB,EAAIyrB,EACX7B,GAAO5pB,EAAI0rB,EACX7B,GAAO7pB,EAAI2rB,EACX7B,GAAO9pB,EAAI4rB,EACX7B,GAAO/pB,EAAI6rB,EACX7B,GAAOhqB,EAAI8rB,EAEX1X,IADApU,EAAI0E,EAAE,IACIqmB,EACV1W,GAAMrU,EAAIgrB,EACV5B,GAAMppB,EAAIirB,EACV5B,GAAMrpB,EAAIkrB,EACV5B,GAAMtpB,EAAImrB,EACV5B,GAAMvpB,EAAIorB,EACV5B,GAAMxpB,EAAIqrB,EACV5B,GAAMzpB,EAAIsrB,EACV5B,GAAO1pB,EAAIurB,EACX5B,GAAO3pB,EAAIwrB,EACX5B,GAAO5pB,EAAIyrB,EACX5B,GAAO7pB,EAAI0rB,EACX5B,GAAO9pB,EAAI2rB,EACX5B,GAAO/pB,EAAI4rB,EACX5B,GAAOhqB,EAAI6rB,EACX5B,GAAOjqB,EAAI8rB,EAEXzX,IADArU,EAAI0E,EAAE,IACIqmB,EACV3B,GAAMppB,EAAIgrB,EACV3B,GAAMrpB,EAAIirB,EACV3B,GAAMtpB,EAAIkrB,EACV3B,GAAMvpB,EAAImrB,EACV3B,GAAMxpB,EAAIorB,EACV3B,GAAMzpB,EAAIqrB,EACV3B,GAAO1pB,EAAIsrB,EACX3B,GAAO3pB,EAAIurB,EACX3B,GAAO5pB,EAAIwrB,EACX3B,GAAO7pB,EAAIyrB,EACX3B,GAAO9pB,EAAI0rB,EACX3B,GAAO/pB,EAAI2rB,EACX3B,GAAOhqB,EAAI4rB,EACX3B,GAAOjqB,EAAI6rB,EACX3B,GAAOlqB,EAAI8rB,EAEX1C,IADAppB,EAAI0E,EAAE,IACIqmB,EACV1B,GAAMrpB,EAAIgrB,EACV1B,GAAMtpB,EAAIirB,EACV1B,GAAMvpB,EAAIkrB,EACV1B,GAAMxpB,EAAImrB,EACV1B,GAAMzpB,EAAIorB,EACV1B,GAAO1pB,EAAIqrB,EACX1B,GAAO3pB,EAAIsrB,EACX1B,GAAO5pB,EAAIurB,EACX1B,GAAO7pB,EAAIwrB,EACX1B,GAAO9pB,EAAIyrB,EACX1B,GAAO/pB,EAAI0rB,EACX1B,GAAOhqB,EAAI2rB,EACX1B,GAAOjqB,EAAI4rB,EACX1B,GAAOlqB,EAAI6rB,EACX1B,GAAOnqB,EAAI8rB,EAEXzC,IADArpB,EAAI0E,EAAE,IACIqmB,EACVzB,GAAMtpB,EAAIgrB,EACVzB,GAAMvpB,EAAIirB,EACVzB,GAAMxpB,EAAIkrB,EACVzB,GAAMzpB,EAAImrB,EACVzB,GAAO1pB,EAAIorB,EACXzB,GAAO3pB,EAAIqrB,EACXzB,GAAO5pB,EAAIsrB,EACXzB,GAAO7pB,EAAIurB,EACXzB,GAAO9pB,EAAIwrB,EACXzB,GAAO/pB,EAAIyrB,EACXzB,GAAOhqB,EAAI0rB,EACXzB,GAAOjqB,EAAI2rB,EACXzB,GAAOlqB,EAAI4rB,EACXzB,GAAOnqB,EAAI6rB,EACXzB,GAAOpqB,EAAI8rB,EAEXxC,IADAtpB,EAAI0E,EAAE,IACIqmB,EACVxB,GAAMvpB,EAAIgrB,EACVxB,GAAMxpB,EAAIirB,EACVxB,GAAMzpB,EAAIkrB,EACVxB,GAAO1pB,EAAImrB,EACXxB,GAAO3pB,EAAIorB,EACXxB,GAAO5pB,EAAIqrB,EACXxB,GAAO7pB,EAAIsrB,EACXxB,GAAO9pB,EAAIurB,EACXxB,GAAO/pB,EAAIwrB,EACXxB,GAAOhqB,EAAIyrB,EACXxB,GAAOjqB,EAAI0rB,EACXxB,GAAOlqB,EAAI2rB,EACXxB,GAAOnqB,EAAI4rB,EACXxB,GAAOpqB,EAAI6rB,EACXxB,GAAOrqB,EAAI8rB,EAEXvC,IADAvpB,EAAI0E,EAAE,IACIqmB,EACVvB,GAAMxpB,EAAIgrB,EACVvB,GAAMzpB,EAAIirB,EACVvB,GAAO1pB,EAAIkrB,EACXvB,GAAO3pB,EAAImrB,EACXvB,GAAO5pB,EAAIorB,EACXvB,GAAO7pB,EAAIqrB,EACXvB,GAAO9pB,EAAIsrB,EACXvB,GAAO/pB,EAAIurB,EACXvB,GAAOhqB,EAAIwrB,EACXvB,GAAOjqB,EAAIyrB,EACXvB,GAAOlqB,EAAI0rB,EACXvB,GAAOnqB,EAAI2rB,EACXvB,GAAOpqB,EAAI4rB,EACXvB,GAAOrqB,EAAI6rB,EACXvB,GAAOtqB,EAAI8rB,EAEXtC,IADAxpB,EAAI0E,EAAE,IACIqmB,EACVtB,GAAMzpB,EAAIgrB,EACVtB,GAAO1pB,EAAIirB,EACXtB,GAAO3pB,EAAIkrB,EACXtB,GAAO5pB,EAAImrB,EACXtB,GAAO7pB,EAAIorB,EACXtB,GAAO9pB,EAAIqrB,EACXtB,GAAO/pB,EAAIsrB,EACXtB,GAAOhqB,EAAIurB,EACXtB,GAAOjqB,EAAIwrB,EACXtB,GAAOlqB,EAAIyrB,EACXtB,GAAOnqB,EAAI0rB,EACXtB,GAAOpqB,EAAI2rB,EACXtB,GAAOrqB,EAAI4rB,EACXtB,GAAOtqB,EAAI6rB,EACXtB,GAAOvqB,EAAI8rB,EAEXrC,IADAzpB,EAAI0E,EAAE,IACIqmB,EACVrB,GAAO1pB,EAAIgrB,EACXrB,GAAO3pB,EAAIirB,EACXrB,GAAO5pB,EAAIkrB,EACXrB,GAAO7pB,EAAImrB,EACXrB,GAAO9pB,EAAIorB,EACXrB,GAAO/pB,EAAIqrB,EACXrB,GAAOhqB,EAAIsrB,EACXrB,GAAOjqB,EAAIurB,EACXrB,GAAOlqB,EAAIwrB,EACXrB,GAAOnqB,EAAIyrB,EACXrB,GAAOpqB,EAAI0rB,EACXrB,GAAOrqB,EAAI2rB,EACXrB,GAAOtqB,EAAI4rB,EACXrB,GAAOvqB,EAAI6rB,EACXrB,GAAOxqB,EAAI8rB,EAEXpC,IADA1pB,EAAI0E,EAAE,KACKqmB,EACXpB,GAAO3pB,EAAIgrB,EACXpB,GAAO5pB,EAAIirB,EACXpB,GAAO7pB,EAAIkrB,EACXpB,GAAO9pB,EAAImrB,EACXpB,GAAO/pB,EAAIorB,EACXpB,GAAOhqB,EAAIqrB,EACXpB,GAAOjqB,EAAIsrB,EACXpB,GAAOlqB,EAAIurB,EACXpB,GAAOnqB,EAAIwrB,EACXpB,GAAOpqB,EAAIyrB,EACXpB,GAAOrqB,EAAI0rB,EACXpB,GAAOtqB,EAAI2rB,EACXpB,GAAOvqB,EAAI4rB,EACXpB,GAAOxqB,EAAI6rB,EACXpB,GAAOzqB,EAAI8rB,EAEXnC,IADA3pB,EAAI0E,EAAE,KACKqmB,EACXnB,GAAO5pB,EAAIgrB,EACXnB,GAAO7pB,EAAIirB,EACXnB,GAAO9pB,EAAIkrB,EACXnB,GAAO/pB,EAAImrB,EACXnB,GAAOhqB,EAAIorB,EACXnB,GAAOjqB,EAAIqrB,EACXnB,GAAOlqB,EAAIsrB,EACXnB,GAAOnqB,EAAIurB,EACXnB,GAAOpqB,EAAIwrB,EACXnB,GAAOrqB,EAAIyrB,EACXnB,GAAOtqB,EAAI0rB,EACXnB,GAAOvqB,EAAI2rB,EACXnB,GAAOxqB,EAAI4rB,EACXnB,GAAOzqB,EAAI6rB,EACXnB,GAAO1qB,EAAI8rB,EAEXlC,IADA5pB,EAAI0E,EAAE,KACKqmB,EACXlB,GAAO7pB,EAAIgrB,EACXlB,GAAO9pB,EAAIirB,EACXlB,GAAO/pB,EAAIkrB,EACXlB,GAAOhqB,EAAImrB,EACXlB,GAAOjqB,EAAIorB,EACXlB,GAAOlqB,EAAIqrB,EACXlB,GAAOnqB,EAAIsrB,EACXlB,GAAOpqB,EAAIurB,EACXlB,GAAOrqB,EAAIwrB,EACXlB,GAAOtqB,EAAIyrB,EACXlB,GAAOvqB,EAAI0rB,EACXlB,GAAOxqB,EAAI2rB,EACXlB,GAAOzqB,EAAI4rB,EACXlB,GAAO1qB,EAAI6rB,EACXlB,GAAO3qB,EAAI8rB,EAEXjC,IADA7pB,EAAI0E,EAAE,KACKqmB,EACXjB,GAAO9pB,EAAIgrB,EACXjB,GAAO/pB,EAAIirB,EACXjB,GAAOhqB,EAAIkrB,EACXjB,GAAOjqB,EAAImrB,EACXjB,GAAOlqB,EAAIorB,EACXjB,GAAOnqB,EAAIqrB,EACXjB,GAAOpqB,EAAIsrB,EACXjB,GAAOrqB,EAAIurB,EACXjB,GAAOtqB,EAAIwrB,EACXjB,GAAOvqB,EAAIyrB,EACXjB,GAAOxqB,EAAI0rB,EACXjB,GAAOzqB,EAAI2rB,EACXjB,GAAO1qB,EAAI4rB,EACXjB,GAAO3qB,EAAI6rB,EACXjB,GAAO5qB,EAAI8rB,EAEXhC,IADA9pB,EAAI0E,EAAE,KACKqmB,EACXhB,GAAO/pB,EAAIgrB,EACXhB,GAAOhqB,EAAIirB,EACXhB,GAAOjqB,EAAIkrB,EACXhB,GAAOlqB,EAAImrB,EACXhB,GAAOnqB,EAAIorB,EACXhB,GAAOpqB,EAAIqrB,EACXhB,GAAOrqB,EAAIsrB,EACXhB,GAAOtqB,EAAIurB,EACXhB,GAAOvqB,EAAIwrB,EACXhB,GAAOxqB,EAAIyrB,EACXhB,GAAOzqB,EAAI0rB,EACXhB,GAAO1qB,EAAI2rB,EACXhB,GAAO3qB,EAAI4rB,EACXhB,GAAO5qB,EAAI6rB,EACXhB,GAAO7qB,EAAI8rB,EAEX/B,IADA/pB,EAAI0E,EAAE,KACKqmB,EAkBX5W,GAAO,IAhBP8V,GAAOjqB,EAAIirB,GAiBX7W,GAAO,IAhBP8V,GAAOlqB,EAAIkrB,GAiBX7W,GAAO,IAhBP8V,GAAOnqB,EAAImrB,GAiBX/B,GAAO,IAhBPgB,GAAOpqB,EAAIorB,GAiBX/B,GAAO,IAhBPgB,GAAOrqB,EAAIqrB,GAiBX/B,GAAO,IAhBPgB,GAAOtqB,EAAIsrB,GAiBX/B,GAAO,IAhBPgB,GAAOvqB,EAAIurB,GAiBX/B,GAAO,IAhBPgB,GAAOxqB,EAAIwrB,GAiBX/B,GAAO,IAhBPgB,GAAOzqB,EAAIyrB,GAiBX/B,GAAO,IAhBPgB,GAAO1qB,EAAI0rB,GAiBX/B,GAAO,IAhBPgB,GAAO3qB,EAAI2rB,GAiBX/B,GAAO,IAhBPgB,GAAO5qB,EAAI4rB,GAiBX/B,GAAO,IAhBPgB,GAAO7qB,EAAI6rB,GAiBX/B,GAAO,IAhBPgB,GAAO9qB,EAAI8rB,GAqBsC5X,GAAjDlU,GAnBAkU,GAAO,IAhBP8V,GAAOhqB,EAAIgrB,KAkCX1hB,EAAI,GACU,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSmU,GAAjDnU,EAAKmU,EAAK7K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSoU,GAAjDpU,EAAKoU,EAAK9K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSqU,GAAjDrU,EAAKqU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSopB,GAAjDppB,EAAKopB,EAAK9f,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSqpB,GAAjDrpB,EAAKqpB,EAAK/f,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSspB,GAAjDtpB,EAAKspB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ0pB,GAAhD1pB,EAAI0pB,EAAMpgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ2pB,GAAhD3pB,EAAI2pB,EAAMrgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ4pB,GAAhD5pB,EAAI4pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QAKSkU,GAAjDlU,GAJAkU,GAAM5K,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSmU,GAAjDnU,EAAKmU,EAAK7K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSoU,GAAjDpU,EAAKoU,EAAK9K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSqU,GAAjDrU,EAAKqU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSopB,GAAjDppB,EAAKopB,EAAK9f,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSqpB,GAAjDrpB,EAAKqpB,EAAK/f,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSspB,GAAjDtpB,EAAKspB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ0pB,GAAhD1pB,EAAI0pB,EAAMpgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ2pB,GAAhD3pB,EAAI2pB,EAAMrgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ4pB,GAAhD5pB,EAAI4pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAIza,KAAK0P,MAAMyB,EAAI,QACxCkU,GAAM5K,EAAE,EAAI,IAAMA,EAAE,GAEpBuM,EAAG,GAAK3B,EACR2B,EAAG,GAAK1B,EACR0B,EAAG,GAAKzB,EACRyB,EAAG,GAAKxB,EACRwB,EAAG,GAAKuT,EACRvT,EAAG,GAAKwT,EACRxT,EAAG,GAAKyT,EACRzT,EAAG,GAAK0T,EACR1T,EAAG,GAAK2T,EACR3T,EAAG,GAAK4T,EACR5T,EAAE,IAAM6T,EACR7T,EAAE,IAAM8T,EACR9T,EAAE,IAAM+T,EACR/T,EAAE,IAAMgU,EACRhU,EAAE,IAAMiU,EACRjU,EAAE,IAAMkU,CACV,CAEA,SAASlM,GAAEhI,EAAGnR,GACZykB,GAAEtT,EAAGnR,EAAGA,EACV,CAEA,SAASqnB,GAASlW,EAAG3tB,GACnB,IACIwc,EADA4E,EAAIie,KAER,IAAK7iB,EAAI,EAAGA,EAAI,GAAIA,IAAK4E,EAAE5E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBmZ,GAAEvU,EAAGA,GACI,IAAN5E,GAAiB,IAANA,GAASykB,GAAE7f,EAAGA,EAAGphB,GAEjC,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKmR,EAAEnR,GAAK4E,EAAE5E,EACpC,CAaA,SAASsnB,GAAkBliB,EAAG/L,EAAGqV,GAC/B,IAC8BvR,EAAG3Z,EAD7B+jC,EAAI,IAAIpkC,WAAW,IACnB+Z,EAAI,IAAI6lB,aAAa,IACrB/iB,EAAI6iB,KAAMtpB,EAAIspB,KAAMje,EAAIie,KACxBhe,EAAIge,KAAMj9B,EAAIi9B,KAAM2E,EAAI3E,KAC5B,IAAKr/B,EAAI,EAAGA,EAAI,GAAIA,IAAK+jC,EAAE/jC,GAAK6V,EAAE7V,GAIlC,IAHA+jC,EAAE,IAAW,IAANluB,EAAE,IAAS,GAClBkuB,EAAE,IAAI,IACNjD,GAAYpnB,EAAEwR,GACTlrB,EAAI,EAAGA,EAAI,GAAIA,IAClB+V,EAAE/V,GAAG0Z,EAAE1Z,GACPqhB,EAAErhB,GAAGwc,EAAExc,GAAGohB,EAAEphB,GAAG,EAGjB,IADAwc,EAAE,GAAG6E,EAAE,GAAG,EACLrhB,EAAE,IAAKA,GAAG,IAAKA,EAElB0gC,GAASlkB,EAAEzG,EADX4D,EAAGoqB,EAAE/jC,IAAI,MAAQ,EAAFA,GAAM,GAErB0gC,GAAStf,EAAEC,EAAE1H,GACbonB,GAAE3+B,EAAEoa,EAAE4E,GACN4f,GAAExkB,EAAEA,EAAE4E,GACN2f,GAAE3f,EAAErL,EAAEsL,GACN2f,GAAEjrB,EAAEA,EAAEsL,GACNsU,GAAEtU,EAAEjf,GACJuzB,GAAEqO,EAAExnB,GACJykB,GAAEzkB,EAAE4E,EAAE5E,GACNykB,GAAE7f,EAAErL,EAAE3T,GACN2+B,GAAE3+B,EAAEoa,EAAE4E,GACN4f,GAAExkB,EAAEA,EAAE4E,GACNuU,GAAE5f,EAAEyG,GACJwkB,GAAE5f,EAAEC,EAAE2iB,GACN/C,GAAEzkB,EAAE4E,EAAEwe,IACNmB,GAAEvkB,EAAEA,EAAE6E,GACN4f,GAAE7f,EAAEA,EAAE5E,GACNykB,GAAEzkB,EAAE6E,EAAE2iB,GACN/C,GAAE5f,EAAEtL,EAAE2D,GACNic,GAAE5f,EAAE3T,GACJs+B,GAASlkB,EAAEzG,EAAE4D,GACb+mB,GAAStf,EAAEC,EAAE1H,GAEf,IAAK3Z,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAIwc,EAAExc,GACV0Z,EAAE1Z,EAAE,IAAIohB,EAAEphB,GACV0Z,EAAE1Z,EAAE,IAAI+V,EAAE/V,GACV0Z,EAAE1Z,EAAE,IAAIqhB,EAAErhB,GAEZ,IAAIikC,EAAMvqB,EAAExS,SAAS,IACjBg9B,EAAMxqB,EAAExS,SAAS,IAIrB,OAHA28B,GAASI,EAAIA,GACbhD,GAAEiD,EAAIA,EAAID,GACVtD,GAAU/e,EAAEsiB,GACL,CACT,CAEA,SAASC,GAAuBviB,EAAG/L,GACjC,OAAOiuB,GAAkBliB,EAAG/L,EAAG4pB,GACjC,CAOA,IAAI2E,GAAI,CACN,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,GAAqB7iB,EAAI8iB,EAAIlO,EAAGvgB,GAyBvC,IAxBA,IACI0uB,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAIC,EAAIxlC,EAAGqY,EAAGiX,EAAG6Q,EAAG3jB,EAAGzG,EAAGqL,EAAGC,EAH7B6D,EAAK,IAAIugB,WAAW,IAAKrgB,EAAK,IAAIqgB,WAAW,IAK7CC,EAAMlkB,EAAG,GACTmkB,EAAMnkB,EAAG,GACTokB,EAAMpkB,EAAG,GACTqkB,EAAMrkB,EAAG,GACTskB,EAAMtkB,EAAG,GACTukB,EAAMvkB,EAAG,GACTwkB,EAAMxkB,EAAG,GACTykB,EAAMzkB,EAAG,GAET0kB,EAAM5B,EAAG,GACT6B,EAAM7B,EAAG,GACT8B,EAAM9B,EAAG,GACT+B,EAAM/B,EAAG,GACTgC,EAAMhC,EAAG,GACTiC,EAAMjC,EAAG,GACTkC,EAAMlC,EAAG,GACTmC,EAAMnC,EAAG,GAETpkC,EAAM,EACH2V,GAAK,KAAK,CACf,IAAK7V,EAAI,EAAGA,EAAI,GAAIA,IAClBqY,EAAI,EAAIrY,EAAIE,EACZglB,EAAGllB,GAAMo2B,EAAE/d,EAAE,IAAM,GAAO+d,EAAE/d,EAAE,IAAM,GAAO+d,EAAE/d,EAAE,IAAM,EAAK+d,EAAE/d,EAAE,GAC9D+M,EAAGplB,GAAMo2B,EAAE/d,EAAE,IAAM,GAAO+d,EAAE/d,EAAE,IAAM,GAAO+d,EAAE/d,EAAE,IAAM,EAAK+d,EAAE/d,EAAE,GAEhE,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IA+HlB,GA9HAukC,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAENlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAMNjqB,EAAQ,OAFR2jB,EAAIsG,GAEY1wB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAI2W,GAIY5kB,EAAIiO,IAAM,GAM1B9S,GAAS,OAFT2jB,GAAMmG,IAAQ,GAAOR,GAAQ,KAAaQ,IAAQ,GAAOR,GAAQ,KAAaA,IAAG,EAAiBQ,GAAG,KAEpFvwB,GAAKoqB,IAAM,GAC5B/e,GAAS,OAJTkO,GAAMwW,IAAQ,GAAOQ,GAAQ,KAAaR,IAAQ,GAAOQ,GAAQ,KAAaA,IAAG,EAAiBR,GAAG,KAIpFzkB,GAAKiO,IAAM,GAM5B9S,GAAS,OAFT2jB,EAAKmG,EAAMC,GAASD,EAAME,GAETzwB,GAAKoqB,IAAM,GAC5B/e,GAAS,OAJTkO,EAAKwW,EAAMC,GAASD,EAAME,GAIT3kB,GAAKiO,IAAM,GAG5BA,EAAI8U,GAAI,EAAFpkC,GAGNwc,GAAS,OAFT2jB,EAAIiE,GAAI,EAAFpkC,EAAI,IAEO+V,GAAKoqB,IAAM,GAC5B/e,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAG5BA,EAAIpK,EAAGllB,EAAE,IAGQ+V,IAFjBoqB,EAAI/a,EAAGplB,EAAE,OAEmB,GAC5BohB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAG5BlO,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,GAUX3jB,EAAQ,OAFR2jB,EAJAqF,EAAS,MAAJhpB,EAAazG,GAAK,IAMPA,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAJAiW,EAAS,MAAJnkB,GAFLC,GAAKD,IAAM,KAEY,IAQPC,EAAIiO,IAAM,GAM1B9S,GAAS,OAFT2jB,GAAM+F,IAAQ,GAAOR,GAAG,IAAkBA,IAAG,EAAiBQ,GAAQ,KAAkBR,IAAG,EAAiBQ,GAAG,KAE9FnwB,GAAKoqB,IAAM,GAC5B/e,GAAS,OAJTkO,GAAMoW,IAAQ,GAAOQ,GAAG,IAAkBA,IAAG,EAAiBR,GAAQ,KAAkBQ,IAAG,EAAiBR,GAAG,KAI9FrkB,GAAKiO,IAAM,GAMXvZ,IAFjBoqB,EAAK+F,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,KAEX,GAC5BhlB,GAAS,OAJTkO,EAAKoW,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,GAItBvkB,GAAKiO,IAAM,GAM5BwV,EAAW,OAHX1jB,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,KACX9e,GAAKD,IAAM,KAEgB,GAC3BkkB,EAAW,MAAJ9oB,EAAezG,GAAK,GAM3ByG,EAAQ,OAFR2jB,EAAI+E,GAEYnvB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIoV,GAIYrjB,EAAIiO,IAAM,GAKTvZ,IAFjBoqB,EAAIqF,KAEwB,GAC5BpkB,GAAS,OAJTkO,EAAIiW,GAIalkB,GAAKiO,IAAM,GAS5BqW,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EANApB,EAAW,OAHXtjB,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,KACX9e,GAAKD,IAAM,KAEgB,GAO3B2kB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAENqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAdApB,EAAW,MAAJ1oB,EAAezG,GAAK,GAe3BwwB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAEFtlC,EAAE,IAAO,GACX,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAElBiX,EAAIpK,EAAG7M,GAGPmE,EAAQ,OAFR2jB,EAAI/a,EAAG/M,IAEStC,EAAIoqB,IAAM,GAC1B/e,EAAQ,MAAJkO,EAAYjO,EAAIiO,IAAM,GAE1BA,EAAIpK,GAAI7M,EAAE,GAAG,IAGbmE,GAAS,OAFT2jB,EAAI/a,GAAI/M,EAAE,GAAG,KAEItC,GAAKoqB,IAAM,GAC5B/e,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAG5BiW,EAAKrgB,GAAI7M,EAAE,GAAG,IAKdmE,GAAS,OAFT2jB,IAFAqF,EAAKpgB,GAAI/M,EAAE,GAAG,OAED,EAAMktB,QAAmBC,IAAO,EAAMD,GAAE,KAAiBC,IAAO,EAAMD,GAAO,KAEzExvB,GAAKoqB,IAAM,GAC5B/e,GAAS,OAJTkO,GAAMiW,IAAO,EAAMC,GAAO,KAAYD,IAAO,EAAMC,OAAkBD,IAAO,GAI3DlkB,GAAKiO,IAAM,GAG5BiW,EAAKrgB,GAAI7M,EAAE,IAAI,IAKEtC,IAFjBoqB,IAFAqF,EAAKpgB,GAAI/M,EAAE,IAAI,OAEF,GAAOktB,GAAO,KAAaA,IAAQ,GAAWC,GAAO,IAAkBA,IAAO,EAAMD,GAAE,OAEvE,GAC5BnkB,GAAS,OAJTkO,GAAMiW,IAAO,GAAOC,GAAE,KAAkBA,IAAE,GAAiBD,GAAO,GAAiBA,IAAO,GAIzElkB,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEXjb,EAAG7M,GAAU,MAAJ+I,EAAeC,GAAK,GAC7B+D,EAAG/M,GAAU,MAAJmE,EAAezG,GAAK,GASnCyG,EAAQ,OAFR2jB,EAAI+F,GAEYnwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIoW,GAIYrkB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKkkB,EAAW,MAAJtkB,EAAeC,GAAK,GACnCijB,EAAG,GAAK4B,EAAW,MAAJ1pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIgG,GAEYpwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIqW,GAIYtkB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKmkB,EAAW,MAAJvkB,EAAeC,GAAK,GACnCijB,EAAG,GAAK6B,EAAW,MAAJ3pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIiG,GAEYrwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIsW,GAIYvkB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKokB,EAAW,MAAJxkB,EAAeC,GAAK,GACnCijB,EAAG,GAAK8B,EAAW,MAAJ5pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIkG,GAEYtwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIuW,GAIYxkB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKqkB,EAAW,MAAJzkB,EAAeC,GAAK,GACnCijB,EAAG,GAAK+B,EAAW,MAAJ7pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAImG,GAEYvwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIwW,GAIYzkB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKskB,EAAW,MAAJ1kB,EAAeC,GAAK,GACnCijB,EAAG,GAAKgC,EAAW,MAAJ9pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIoG,GAEYxwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAIyW,GAIY1kB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKukB,EAAW,MAAJ3kB,EAAeC,GAAK,GACnCijB,EAAG,GAAKiC,EAAW,MAAJ/pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIqG,GAEYzwB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAI0W,GAIY3kB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKwkB,EAAW,MAAJ5kB,EAAeC,GAAK,GACnCijB,EAAG,GAAKkC,EAAW,MAAJhqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR2jB,EAAIsG,GAEY1wB,EAAIoqB,IAAM,GAC1B/e,EAAQ,OAJRkO,EAAI2W,GAIY5kB,EAAIiO,IAAM,GAE1BA,EAAI9N,EAAG,GAGUzL,IAFjBoqB,EAAImE,EAAG,MAEqB,GAC5BljB,GAAS,MAAJkO,EAAYjO,GAAKiO,IAAM,GAI5BjO,IADAD,IADArL,IAHAyG,GAAS,MAAJ2jB,KAGM,MACA,MACA,GAEX3e,EAAG,GAAKykB,EAAW,MAAJ7kB,EAAeC,GAAK,GACnCijB,EAAG,GAAKmC,EAAW,MAAJjqB,EAAezG,GAAK,GAEnC7V,GAAO,IACP2V,GAAK,GACT,CAEE,OAAOA,CACT,CAEA,SAAS6wB,GAAY7iB,EAAKuS,EAAGvgB,GAC3B,IAGI7V,EAHAwhB,EAAK,IAAIikB,WAAW,GACpBnB,EAAK,IAAImB,WAAW,GACpB/rB,EAAI,IAAI/Z,WAAW,KAChBoW,EAAIF,EAuBX,IArBA2L,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WAER8iB,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UAERD,GAAqB7iB,EAAI8iB,EAAIlO,EAAGvgB,GAChCA,GAAK,IAEA7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAKo2B,EAAErgB,EAAEF,EAAE7V,GAQrC,IAPA0Z,EAAE7D,GAAK,IAGP6D,GADA7D,EAAI,IAAI,KAAKA,EAAE,IAAI,EAAE,IACjB,GAAK,EACTqqB,GAAKxmB,EAAG7D,EAAE,EAAKE,EAAI,UAAc,EAAGA,GAAK,GACzCsuB,GAAqB7iB,EAAI8iB,EAAI5qB,EAAG7D,GAE3B7V,EAAI,EAAGA,EAAI,EAAGA,IAAKkgC,GAAKrc,EAAK,EAAE7jB,EAAGwhB,EAAGxhB,GAAIskC,EAAGtkC,IAEjD,OAAO,CACT,CAEA,SAASmC,GAAI+oB,EAAGtJ,GACd,IAAIpF,EAAI6iB,KAAMtpB,EAAIspB,KAAMje,EAAIie,KACxBhe,EAAIge,KAAMj9B,EAAIi9B,KAAM2E,EAAI3E,KACxB1P,EAAI0P,KAAM/P,EAAI+P,KAAMzlB,EAAIylB,KAE5B2B,GAAExkB,EAAG0O,EAAE,GAAIA,EAAE,IACb8V,GAAEpnB,EAAGgI,EAAE,GAAIA,EAAE,IACbqf,GAAEzkB,EAAGA,EAAG5C,GACRmnB,GAAEhrB,EAAGmV,EAAE,GAAIA,EAAE,IACb6V,GAAEnnB,EAAGgI,EAAE,GAAIA,EAAE,IACbqf,GAAElrB,EAAGA,EAAG6D,GACRqnB,GAAE7f,EAAG8J,EAAE,GAAItJ,EAAE,IACbqf,GAAE7f,EAAGA,EAAG0e,IACRmB,GAAE5f,EAAG6J,EAAE,GAAItJ,EAAE,IACbmf,GAAE1f,EAAGA,EAAGA,GACR2f,GAAE5+B,EAAG2T,EAAGyG,GACRwkB,GAAEgD,EAAG3iB,EAAGD,GACR2f,GAAEpR,EAAGtO,EAAGD,GACR2f,GAAEzR,EAAGvZ,EAAGyG,GAERykB,GAAE/V,EAAE,GAAI9oB,EAAG4hC,GACX/C,GAAE/V,EAAE,GAAIoE,EAAGK,GACXsR,GAAE/V,EAAE,GAAIyE,EAAGqU,GACX/C,GAAE/V,EAAE,GAAI9oB,EAAGktB,EACb,CAEA,SAASqX,GAAMzb,EAAGtJ,EAAG7L,GACnB,IAAI/V,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB0gC,GAASxV,EAAElrB,GAAI4hB,EAAE5hB,GAAI+V,EAEzB,CAEA,SAAS6wB,GAAKjtB,EAAGuR,GACf,IAAI2b,EAAKxH,KAAMyH,EAAKzH,KAAM0H,EAAK1H,KAC/BwE,GAASkD,EAAI7b,EAAE,IACf+V,GAAE4F,EAAI3b,EAAE,GAAI6b,GACZ9F,GAAE6F,EAAI5b,EAAE,GAAI6b,GACZpG,GAAUhnB,EAAGmtB,GACbntB,EAAE,KAAOknB,GAASgG,IAAO,CAC3B,CAEA,SAASG,GAAW9b,EAAGtJ,EAAG/J,GACxB,IAAI9B,EAAG/V,EAKP,IAJAwgC,GAAStV,EAAE,GAAIwU,IACfc,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIwU,IACV1/B,EAAI,IAAKA,GAAK,IAAKA,EAEtB2mC,GAAMzb,EAAGtJ,EADT7L,EAAK8B,EAAG7X,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BmC,GAAIyf,EAAGsJ,GACP/oB,GAAI+oB,EAAGA,GACPyb,GAAMzb,EAAGtJ,EAAG7L,EAEhB,CAEA,SAASkxB,GAAW/b,EAAGrT,GACrB,IAAI+J,EAAI,CAACyd,KAAMA,KAAMA,KAAMA,MAC3BmB,GAAS5e,EAAE,GAAIme,IACfS,GAAS5e,EAAE,GAAIoe,IACfQ,GAAS5e,EAAE,GAAI+d,IACfsB,GAAErf,EAAE,GAAIme,GAAGC,IACXgH,GAAW9b,EAAGtJ,EAAG/J,EACnB,CAEA,SAASqvB,GAAoBC,EAAIC,EAAIC,GACnC,IAEIrnC,EAFAqhB,EAAI,IAAI1hB,WAAW,IACnBurB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAY3B,IATKgI,GAAQ7H,GAAY4H,EAAI,IAC7BV,GAAYrlB,EAAG+lB,EAAI,IACnB/lB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET4lB,GAAW/b,EAAG7J,GACdulB,GAAKO,EAAIjc,GAEJlrB,EAAI,EAAGA,EAAI,GAAIA,IAAKonC,EAAGpnC,EAAE,IAAMmnC,EAAGnnC,GACvC,OAAO,CACT,CAEA,IAAIsnC,GAAI,IAAI/H,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgI,GAAK5tB,EAAGD,GACf,IAAIuP,EAAOjpB,EAAGqY,EAAGZ,EACjB,IAAKzX,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAipB,EAAQ,EACH5Q,EAAIrY,EAAI,GAAIyX,EAAIzX,EAAI,GAAIqY,EAAIZ,IAAKY,EACpCqB,EAAErB,IAAM4Q,EAAQ,GAAKvP,EAAE1Z,GAAKsnC,GAAEjvB,GAAKrY,EAAI,KACvCipB,EAAQtiB,KAAK0P,OAAOqD,EAAErB,GAAK,KAAO,KAClCqB,EAAErB,IAAc,IAAR4Q,EAEVvP,EAAErB,IAAM4Q,EACRvP,EAAE1Z,GAAK,CACX,CAEE,IADAipB,EAAQ,EACH5Q,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAErB,IAAM4Q,GAASvP,EAAE,KAAO,GAAK4tB,GAAEjvB,GACjC4Q,EAAQvP,EAAErB,IAAM,EAChBqB,EAAErB,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqB,EAAErB,IAAM4Q,EAAQqe,GAAEjvB,GAC3C,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAM0Z,EAAE1Z,IAAM,EAClB2Z,EAAE3Z,GAAY,IAAP0Z,EAAE1Z,EAEb,CAEA,SAASwnC,GAAO7tB,GACd,IAA8B3Z,EAA1B0Z,EAAI,IAAI6lB,aAAa,IACzB,IAAKv/B,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK,EAChCunC,GAAK5tB,EAAGD,EACV,CAsCA,SAAS+tB,GAAU9tB,EAAGuR,GACpB,IAAItR,EAAIylB,KAAMqI,EAAMrI,KAAMzX,EAAMyX,KAC5BsI,EAAMtI,KAAMuI,EAAOvI,KAAMwI,EAAOxI,KAChCyI,EAAOzI,KA2BX,OAzBAmB,GAAS7mB,EAAE,GAAIgmB,IACfmB,GAAYnnB,EAAE,GAAIuR,GAClByK,GAAE/N,EAAKjO,EAAE,IACTsnB,GAAE0G,EAAK/f,EAAKiY,IACZmB,GAAEpZ,EAAKA,EAAKjO,EAAE,IACdonB,GAAE4G,EAAKhuB,EAAE,GAAIguB,GAEbhS,GAAEiS,EAAMD,GACRhS,GAAEkS,EAAMD,GACR3G,GAAE6G,EAAMD,EAAMD,GACd3G,GAAErnB,EAAGkuB,EAAMlgB,GACXqZ,GAAErnB,EAAGA,EAAG+tB,GA/qBV,SAAiBha,EAAG3tB,GAClB,IACIwc,EADA4E,EAAIie,KAER,IAAK7iB,EAAI,EAAGA,EAAI,GAAIA,IAAK4E,EAAE5E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBmZ,GAAEvU,EAAGA,GACI,IAAN5E,GAASykB,GAAE7f,EAAGA,EAAGphB,GAExB,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKmR,EAAEnR,GAAK4E,EAAE5E,EACpC,CAwqBEurB,CAAQnuB,EAAGA,GACXqnB,GAAErnB,EAAGA,EAAGgO,GACRqZ,GAAErnB,EAAGA,EAAG+tB,GACR1G,GAAErnB,EAAGA,EAAG+tB,GACR1G,GAAEtnB,EAAE,GAAIC,EAAG+tB,GAEXhS,GAAE+R,EAAK/tB,EAAE,IACTsnB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAMqZ,GAAEtnB,EAAE,GAAIA,EAAE,GAAIsmB,IAEtCtK,GAAE+R,EAAK/tB,EAAE,IACTsnB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAc,GAE5BiZ,GAASlnB,EAAE,MAASuR,EAAE,KAAK,GAAI8V,GAAErnB,EAAE,GAAI+lB,GAAK/lB,EAAE,IAElDsnB,GAAEtnB,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAIIquB,GAAoB,GAKxB,SAASC,KACP,IAAK,IAAIjoC,EAAI,EAAGA,EAAIkoC,UAAUpoC,OAAQE,IACpC,KAAMkoC,UAAUloC,aAAcL,YAC5B,MAAM,IAAIwoC,UAAU,kCAE1B,CAMA/I,GAAKgJ,WAAa,SAASvyB,EAAGqV,GAE5B,GADA+c,GAAgBpyB,EAAGqV,GApBe,KAqB9BrV,EAAE/V,OAA0C,MAAUL,MAAM,cAChE,GAvB4B,KAuBxByrB,EAAEprB,OAAoC,MAAUL,MAAM,cAC1D,IAAImiB,EAAI,IAAIjiB,WAxBgB,IA0B5B,OADAmkC,GAAkBliB,EAAG/L,EAAGqV,GACjBtJ,CACT,EAEAwd,GAAKtV,IAAM,CAAE,EAEbsV,GAAKtV,IAAI0T,QAAU,WACjB,IAAI2J,EAAK,IAAIxnC,WA9BiB,IA+B1BynC,EAAK,IAAIznC,WA9BiB,IAgC9B,OAlsBF,SAA4Bg5B,EAAGjf,GAC7B8lB,GAAY9lB,EAAG,IACRyqB,GAAuBxL,EAAGjf,EACnC,CA8rBE2uB,CAAmBlB,EAAIC,GAChB,CAACn9B,UAAWk9B,EAAIj6B,UAAWk6B,EACpC,EAEAhI,GAAKtV,IAAI0T,QAAQ8K,cAAgB,SAASp7B,GAExC,GADA+6B,GAAgB/6B,GApCc,KAqC1BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI0nC,EAAK,IAAIxnC,WAxCiB,IA0C9B,OADAwkC,GAAuBgD,EAAIj6B,GACpB,CAACjD,UAAWk9B,EAAIj6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAkyB,GAAKlB,KAAO,SAAS5U,EAAKpc,GAExB,GADA+6B,GAAgB3e,EAAKpc,GA1CU,KA2C3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI8oC,EAAY,IAAI5oC,WAAWqoC,GAAkB1e,EAAIxpB,QAErD,OA5JF,SAAqB0oC,EAAIpS,EAAGvgB,EAAGuxB,GAC7B,IACIpnC,EAAGqY,EADHgJ,EAAI,IAAI1hB,WAAW,IAAK2vB,EAAI,IAAI3vB,WAAW,IAAKga,EAAI,IAAIha,WAAW,IAC7D+Z,EAAI,IAAI6lB,aAAa,IAC3BrU,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAE3BqH,GAAYrlB,EAAG+lB,EAAI,IACnB/lB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIonB,EAAQ5yB,EAAI,GAChB,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKwoC,EAAG,GAAKxoC,GAAKo2B,EAAEp2B,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKwoC,EAAG,GAAKxoC,GAAKqhB,EAAE,GAAKrhB,GAO7C,IALA0mC,GAAY/sB,EAAG6uB,EAAGthC,SAAS,IAAK2O,EAAE,IAClC2xB,GAAO7tB,GACPstB,GAAW/b,EAAGvR,GACditB,GAAK4B,EAAItd,GAEJlrB,EAAI,GAAIA,EAAI,GAAIA,IAAKwoC,EAAGxoC,GAAKonC,EAAGpnC,GAIrC,IAHA0mC,GAAYpX,EAAGkZ,EAAI3yB,EAAI,IACvB2xB,GAAOlY,GAEFtvB,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAE1Z,EAAEqY,IAAMiX,EAAEtvB,GAAKqhB,EAAEhJ,GAIvBkvB,GAAKiB,EAAGthC,SAAS,IAAKwS,EAExB,CA0HEgvB,CAAYH,EAAWjf,EAAKA,EAAIxpB,OAAQoN,GACjCq7B,CACT,EAEAnJ,GAAKlB,KAAKyK,SAAW,SAASrf,EAAKpc,GAGjC,IAFA,IAAIq7B,EAAYnJ,GAAKlB,KAAK5U,EAAKpc,GAC3B07B,EAAM,IAAIjpC,WAAWqoC,IAChBhoC,EAAI,EAAGA,EAAI4oC,EAAI9oC,OAAQE,IAAK4oC,EAAI5oC,GAAKuoC,EAAUvoC,GACxD,OAAO4oC,CACT,EAEAxJ,GAAKlB,KAAKyK,SAASlK,OAAS,SAASnV,EAAKsf,EAAK3+B,GAE7C,GADAg+B,GAAgB3e,EAAKsf,EAAK3+B,GACtB2+B,EAAI9oC,SAAWkoC,GACjB,MAAUvoC,MAAM,sBAClB,GA9D+B,KA8D3BwK,EAAUnK,OACZ,MAAUL,MAAM,uBAClB,IAEIO,EAFAwoC,EAAK,IAAI7oC,WAAWqoC,GAAoB1e,EAAIxpB,QAC5Cs2B,EAAI,IAAIz2B,WAAWqoC,GAAoB1e,EAAIxpB,QAE/C,IAAKE,EAAI,EAAGA,EAAIgoC,GAAmBhoC,IAAKwoC,EAAGxoC,GAAK4oC,EAAI5oC,GACpD,IAAKA,EAAI,EAAGA,EAAIspB,EAAIxpB,OAAQE,IAAKwoC,EAAGxoC,EAAEgoC,IAAqB1e,EAAItpB,GAC/D,OAxGF,SAA0Bo2B,EAAGoS,EAAI3yB,EAAGsxB,GAClC,IAAInnC,EACA4Z,EAAI,IAAIja,WAAW,IAAK2vB,EAAI,IAAI3vB,WAAW,IAC3CurB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MACvBzd,EAAI,CAACyd,KAAMA,KAAMA,KAAMA,MAE3B,GAAIxpB,EAAI,GAAI,OAAQ,EAEpB,GAAI4xB,GAAU7lB,EAAGulB,GAAK,OAAQ,EAE9B,IAAKnnC,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKo2B,EAAEp2B,GAAKwoC,EAAGxoC,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKo2B,EAAEp2B,EAAE,IAAMmnC,EAAGnnC,GAUtC,GATA0mC,GAAYpX,EAAG8G,EAAGvgB,GAClB2xB,GAAOlY,GACP0X,GAAW9b,EAAGtJ,EAAG0N,GAEjB2X,GAAWrlB,EAAG4mB,EAAGthC,SAAS,KAC1B/E,GAAI+oB,EAAGtJ,GACPglB,GAAKhtB,EAAGsR,GAERrV,GAAK,GACDuqB,GAAiBoI,EAAI,EAAG5uB,EAAG,GAAI,CACjC,IAAK5Z,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKo2B,EAAEp2B,GAAK,EAC/B,OAAQ,CACZ,CAEE,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKo2B,EAAEp2B,GAAKwoC,EAAGxoC,EAAI,IACtC,OAAO6V,CACT,CA4EUgzB,CAAiBzS,EAAGoS,EAAIA,EAAG1oC,OAAQmK,IAAc,CAC3D,EAEAm1B,GAAKlB,KAAKV,QAAU,WAClB,IAAI2J,EAAK,IAAIxnC,WAzEkB,IA0E3BynC,EAAK,IAAIznC,WAzEkB,IA2E/B,OADAunC,GAAoBC,EAAIC,GACjB,CAACn9B,UAAWk9B,EAAIj6B,UAAWk6B,EACpC,EAEAhI,GAAKlB,KAAKV,QAAQ8K,cAAgB,SAASp7B,GAEzC,GADA+6B,GAAgB/6B,GA/Ee,KAgF3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAElB,IADA,IAAI0nC,EAAK,IAAIxnC,WAnFkB,IAoFtBK,EAAI,EAAGA,EAAImnC,EAAGrnC,OAAQE,IAAKmnC,EAAGnnC,GAAKkN,EAAU,GAAGlN,GACzD,MAAO,CAACiK,UAAWk9B,EAAIj6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAkyB,GAAKlB,KAAKV,QAAQsL,SAAW,SAASC,GAEpC,GADAd,GAAgBc,GAvFU,KAwFtBA,EAAKjpC,OACP,MAAUL,MAAM,iBAGlB,IAFA,IAAI0nC,EAAK,IAAIxnC,WA5FkB,IA6F3BynC,EAAK,IAAIznC,WA5FkB,IA6FtBK,EAAI,EAAGA,EAAI,GAAIA,IAAKonC,EAAGpnC,GAAK+oC,EAAK/oC,GAE1C,OADAknC,GAAoBC,EAAIC,GAAI,GACrB,CAACn9B,UAAWk9B,EAAIj6B,UAAWk6B,EACpC,EAEAhI,GAAK4J,QAAU,SAAS7jC,GACtBq6B,GAAcr6B,CAChB,EAEA,WAGE,GAAIkV,IAAUA,GAAOuf,gBAAiB,CAGpCwF,GAAK4J,SAAQ,SAAStvB,EAAG7D,GACvB,IAAI7V,EAAG8X,EAAI,IAAInY,WAAWkW,GAC1B,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,GAHT,MAIRqa,GAAOuf,gBAAgB9hB,EAAE5Q,SAASlH,EAAGA,EAAI2G,KAAKmd,IAAIjO,EAAI7V,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAK8X,EAAE9X,IAvGvC,SAAiBikB,GACf,IAAK,IAAIjkB,EAAI,EAAGA,EAAIikB,EAAInkB,OAAQE,IAAKikB,EAAIjkB,GAAK,CAChD,CAsGMipC,CAAQnxB,EACd,GACA,CACC,CAfD,GC5yCA,MAAMoxB,GAAY,CAChB,mBAAoBvgC,EAAMC,MAAMC,SAChC,aAAcF,EAAMC,MAAMG,SAC1B,aAAcJ,EAAMC,MAAMK,SAC1B,aAAcN,EAAMC,MAAMO,UAC1B,qBAAsBR,EAAMC,MAAMQ,cAClC,uBAAwBT,EAAMC,MAAMU,iBACpC,qBAAsBX,EAAMC,MAAMY,gBAClC,qBAAsBb,EAAMC,MAAMa,gBAClC,qBAAsBd,EAAMC,MAAMc,iBAGpC,MAAMy/B,GACJ,WAAArrC,CAAYsrC,GACV,GAAIA,aAAeD,GACjBjrC,KAAKkrC,IAAMA,EAAIA,SACV,GAAIp0B,EAAKrW,QAAQyqC,IACbp0B,EAAKtV,aAAa0pC,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIzpC,WAAWypC,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAItpC,OAAS,EAC1B,MAAUL,MAAM,sCAElB2pC,EAAMA,EAAIliC,SAAS,EAC3B,CACMhJ,KAAKkrC,IAAMA,CACjB,MACMlrC,KAAKkrC,IAAM,EAEjB,CAOE,IAAA7oC,CAAK9B,GACH,GAAIA,EAAMqB,QAAU,EAAG,CACrB,MAAMA,EAASrB,EAAM,GACrB,GAAIA,EAAMqB,QAAU,EAAIA,EAEtB,OADA5B,KAAKkrC,IAAM3qC,EAAMyI,SAAS,EAAG,EAAIpH,GAC1B,EAAI5B,KAAKkrC,IAAItpC,MAE5B,CACI,MAAUL,MAAM,cACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKkrC,IAAItpC,SAAU5B,KAAKkrC,KAC1E,CAME,KAAAC,GACE,OAAOr0B,EAAK2C,gBAAgBzZ,KAAKkrC,IACrC,CAOE,OAAAE,GACE,MAAMnjC,EAAO+iC,GAAUhrC,KAAKmrC,SAC5B,IAAKljC,EACH,MAAU1G,MAAM,oCAGlB,OAAO0G,CACX,ECtFO,SAASojC,GAAiBlhC,GAC/B,IACIyO,EADAsU,EAAM,EAEV,MAAMjZ,EAAO9J,EAAM,GAcnB,OAXI8J,EAAO,MACRiZ,GAAO/iB,EACRyO,EAAS,GACA3E,EAAO,KAChBiZ,GAAQ/iB,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CyO,EAAS,GACS,MAAT3E,IACTiZ,EAAMpW,EAAKY,WAAWvN,EAAMnB,SAAS,EAAG,IACxC4P,EAAS,GAGJ,CACLsU,IAAKA,EACLtU,OAAQA,EAEZ,CASO,SAAS0yB,GAAkB1pC,GAChC,OAAIA,EAAS,IACJ,IAAIH,WAAW,CAACG,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIH,WAAW,CAAyB,KAAtBG,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEkV,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOqV,EAAKc,YAAYhW,EAAQ,IAChF,CAEO,SAAS2pC,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAUjqC,MAAM,iDAElB,OAAO,IAAIE,WAAW,CAAC,IAAM+pC,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIjqC,WAAW,CAAC,IAAOiqC,GAChC,CAUO,SAASC,GAAYD,EAAU9pC,GAEpC,OAAOkV,EAAKpV,iBAAiB,CAAC+pC,GAASC,GAAWJ,GAAkB1pC,IACtE,CAOO,SAASgqC,GAAkB7tB,GAChC,MAAO,CACLtT,EAAMkE,OAAOU,YACb5E,EAAMkE,OAAOO,eACbzE,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBACbsP,SAASnB,EACb,CASOzb,eAAeupC,GAAYtrC,EAAOurC,GACvC,MAAMpoC,EAASme,EAAiBthB,GAChC,IAAII,EACAorC,EACJ,IACE,MAAMC,QAAoBtoC,EAAOwG,UAAU,GAE3C,IAAK8hC,GAAeA,EAAYpqC,OAAS,KAAuB,IAAjBoqC,EAAY,IACzD,MAAUzqC,MAAM,iGAElB,MAAM0qC,QAAmBvoC,EAAOkG,WAChC,IAEIsiC,EAOAC,EATApuB,GAAO,EACPygB,GAAU,EAGdA,EAAS,EACS,GAAbyN,IACHzN,EAAS,GAIPA,EAEFzgB,EAAmB,GAAbkuB,GAGNluB,GAAoB,GAAbkuB,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BR,GAAkB7tB,GAClD,IAiBIsuB,EAjBA19B,EAAS,KACb,GAAIy9B,EAAyB,CAC3B,GAA6B,UAAzBt1B,EAAK7V,SAASV,GAAoB,CACpC,MAAM2I,EAAc,IAAIojC,EACxB3rC,EAASmhB,EAAiB5Y,GAC1ByF,EAASzF,CACjB,KAAa,CACL,MAAMtE,EAAY,IAAIoB,gBACtBrF,EAASmhB,EAAiBld,EAAUO,UACpCwJ,EAAS/J,EAAUM,QAC3B,CAEM6mC,EAAmBD,EAAS,CAAE/tB,MAAKpP,UACzC,MACMA,EAAS,GAIX,EAAG,CACD,GAAK6vB,EAiCE,CAEL,MAAM+N,QAAmB7oC,EAAOkG,WAEhC,GADAyiC,GAAmB,EACfE,EAAa,IACfL,EAAeK,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CL,GAAiBK,EAAa,KAAQ,SAAY7oC,EAAOkG,WAAc,SAElE,GAAI2iC,EAAa,KAAOA,EAAa,KAG1C,GAFAL,EAAe,IAAmB,GAAbK,GACrBF,GAAmB,GACdD,EACH,MAAM,IAAInC,UAAU,2DAItBiC,QAAsBxoC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,UAE9B,MApDQ,OAAQuiC,GACN,KAAK,EAGHD,QAAqBxoC,EAAOkG,WAC5B,MACF,KAAK,EAGHsiC,QAAsBxoC,EAAOkG,YAAc,QAAWlG,EAAOkG,WAC7D,MACF,KAAK,EAGHsiC,QAAsBxoC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,WACpB,MACF,QAWEsiC,EAAe3jC,IAyBrB,GAAI2jC,EAAe,EAAG,CACpB,IAAI1jC,EAAY,EAChB,OAAa,CACP7H,SAAcA,EAAOgF,MACzB,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,GAAI0pC,IAAiB3jC,IAAU,MAC/B,MAAUhH,MAAM,2BAC5B,CACU,MAAMyB,EAAQkpC,IAAiB3jC,IAAWhG,EAAQA,EAAMyG,SAAS,EAAGkjC,EAAe1jC,GAInF,GAHI7H,QAAcA,EAAOoC,MAAMC,GAC1B2L,EAAO7L,KAAKE,GACjBwF,GAAajG,EAAMX,OACf4G,GAAa0jC,EAAc,CAC7BxoC,EAAOiG,QAAQpH,EAAMyG,SAASkjC,EAAe1jC,EAAYjG,EAAMX,SAC/D,KACZ,CACA,CACA,CACA,OAAayqC,GAiCT,MAAMG,QAAmB9oC,EAAOwG,UAAUkiC,EAA0B7jC,IAAW,GAS/E,OARI5H,SACIA,EAAOgF,YACPhF,EAAOsC,UAEb0L,EAASmI,EAAKpV,iBAAiBiN,SAEzBm9B,EAAS,CAAE/tB,MAAKpP,aAEhB69B,IAAeA,EAAW5qC,MACnC,CAAC,MAAOsC,GACP,GAAIvD,EAEF,aADMA,EAAOuC,MAAMgB,IACZ,EAEP,MAAMA,CAEZ,CAAY,QACJvD,SACIorC,EAERroC,EAAO7C,aACX,CACA,CAEO,MAAM4rC,WAAyBlrC,MACpC,WAAA3B,IAAe4mB,GACb3mB,SAAS2mB,GAELjlB,MAAMmrC,mBACRnrC,MAAMmrC,kBAAkB1sC,KAAMysC,IAGhCzsC,KAAKiI,KAAO,kBAChB,EAIO,MAAM0kC,WAA2BF,GACtC,WAAA7sC,IAAe4mB,GACb3mB,SAAS2mB,GAELjlB,MAAMmrC,mBACRnrC,MAAMmrC,kBAAkB1sC,KAAMysC,IAGhCzsC,KAAKiI,KAAO,oBAChB,EAGO,MAAM2kC,GACX,WAAAhtC,CAAYme,EAAK8uB,GACf7sC,KAAK+d,IAAMA,EACX/d,KAAK6sC,WAAaA,CACtB,CAEE,KAAA9pC,GACE,OAAO/C,KAAK6sC,UAChB,ECxSOvqC,eAAewqC,GAASrqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjB8wB,QAAqB7wB,EAAUqjB,YAAY,WAAW,EAAM,CAAC,OAAQ,WAErE/rB,QAAmB0I,EAAUsjB,UAAU,MAAOuN,EAAav5B,YAC3DzH,QAAkBmQ,EAAUsjB,UAAU,MAAOuN,EAAahhC,WAEhE,MAAO,CACL82B,EAAG,IAAIphC,WAAW2d,EAAgBrT,EAAUyP,IAC5CqvB,KAAMzrB,EAAgB5L,EAAW2P,GAEpC,CAAC,MAAO+S,GACP,GAAiB,sBAAbA,EAAIjuB,MAA6C,mBAAbiuB,EAAIjuB,KAC1C,MAAMiuB,EAER,MAAM2U,EAAOpP,GAAeuR,GAAevqB,KACnC1W,UAAW82B,GAAM13B,GAAQ60B,KAAKV,QAAQsL,SAASC,GACvD,MAAO,CAAEhI,IAAGgI,OACpB,CAEI,KAAKpgC,EAAMsB,UAAUa,MAAO,CAC1B,MAAMA,QAAckK,EAAKM,cAAc3M,EAAMsB,UAAUa,OACjDi+B,EAAOj+B,EAAMqgC,MAAMC,mBAEzB,MAAO,CAAErK,EADCj2B,EAAMugC,aAAatC,GACjBA,OAClB,CACI,QACE,MAAUtpC,MAAM,+BAEtB,CAeOe,eAAe09B,GAAKvd,EAAMqd,EAAUvsB,EAASxH,EAAWyH,EAAY8pB,GACzE,GAAI3vB,GAAKwX,kBAAkB2a,GAAYnyB,GAAKwX,kBAAkBioB,GAAqB3qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjBsiB,EAAM8O,GAAgB5qB,EAAM1W,EAAWyH,GACvC7C,QAAYuL,EAAUgX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,SAMrE,MAAO,CAAE+O,GAJS,IAAI7rC,iBACdya,EAAU8jB,KAAK,UAAWrvB,EAAK2sB,IAIxC,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIjuB,KACN,MAAMiuB,EAER,MAAMlnB,EAAY8H,EAAKpV,iBAAiB,CAAC8R,EAAYzH,IAErD,MAAO,CAAEuhC,GADSniC,GAAQ60B,KAAKyK,SAASnN,EAAQtuB,GAExD,CAEI,KAAKvE,EAAMsB,UAAUa,MAGnB,MAAO,CAAE0gC,UAFWx2B,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC/BozB,KAAK1C,EAAQ9pB,IAGvC,QACE,MAAUjS,MAAM,+BAGtB,CAaOe,eAAei+B,GAAO9d,EAAMqd,GAAUwN,GAAEA,GAAMpV,EAAGnsB,EAAWuxB,GACjE,GAAI3vB,GAAKwX,kBAAkB2a,GAAYnyB,GAAKwX,kBAAkBioB,GAAqB3qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjBsiB,EAAMgP,GAAe9qB,EAAM1W,GAC3B4E,QAAYuL,EAAUgX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,WAErE,aADuBriB,EAAUqkB,OAAO,UAAW5vB,EAAK28B,EAAIhQ,EAE7D,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIjuB,KACN,MAAMiuB,EAER,OAAO/qB,GAAQ60B,KAAKyK,SAASlK,OAAOjD,EAAQgQ,EAAIvhC,EACxD,CAEI,KAAKtB,EAAMsB,UAAUa,MAEnB,aADoBkK,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC1C2zB,OAAO+M,EAAIhQ,EAAQvxB,GAElC,QACE,MAAUxK,MAAM,+BAEtB,CAiCO,SAASyrC,GAAevqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAO,GAET,KAAKV,EAAMsB,UAAUa,MACnB,OAAO,GAET,QACE,MAAUrL,MAAM,+BAEtB,CAEO,SAAS6rC,GAAqB3qB,GACnC,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAOV,EAAMkD,KAAKI,OACpB,KAAKtD,EAAMsB,UAAUa,MACnB,OAAOnC,EAAMkD,KAAKM,OACpB,QACE,MAAU1M,MAAM,sBAEtB,CAEA,MAAMgsC,GAAiB,CAAC9qB,EAAM1W,KAC5B,GAAQ0W,IACDhY,EAAMsB,UAAUZ,QAAS,CAO5B,MANY,CACV+yB,IAAK,MACLsP,IAAK,UACLhyB,EAAG+D,EAAgBxT,GACnBqyB,KAAK,EAGb,CAEM,MAAU78B,MAAM,8BACtB,EAGM8rC,GAAkB,CAAC5qB,EAAM1W,EAAWyH,KACxC,GAAQiP,IACDhY,EAAMsB,UAAUZ,QAAS,CAC5B,MAAMozB,EAAMgP,GAAe9qB,EAAM1W,GAEjC,OADAwyB,EAAIpb,EAAI5D,EAAgB/L,GACjB+qB,CACb,CAEM,MAAUh9B,MAAM,8BACtB,iIAxEOe,eAA8BmgB,EAAMogB,EAAGgI,GAC5C,OAAQpoB,GACN,KAAKhY,EAAMsB,UAAUZ,QAAS,CAM5B,MAAMY,UAAEA,GAAcZ,GAAQ60B,KAAKV,QAAQsL,SAASC,GACpD,OAAO/zB,EAAKmE,iBAAiB4nB,EAAG92B,EACtC,CAEI,KAAKtB,EAAMsB,UAAUa,MAAO,CAC1B,MAEMb,SAFc+K,EAAKM,cAAc3M,EAAMsB,UAAUa,QAE/BugC,aAAatC,GACrC,OAAO/zB,EAAKmE,iBAAiB4nB,EAAG92B,EACtC,CACI,QACE,OAAO,EAEb,cCrKA,MAAMmQ,GAAYpF,EAAKmF,eAQhB3Z,eAAemrC,GAAKhrB,EAAM9R,EAAK+8B,GACpC,MAAM3qB,QAAEA,GAAYD,GAAgBL,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWmhB,EACtC,MAAUxhB,MAAM,oCAGlB,IACE,MAAMosC,QAAoBzxB,GAAUgX,UAAU,MAAOviB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,YAEhF2lC,QAAkB1xB,GAAUgX,UAAU,MAAOwa,EAAY,CAAEzlC,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SACnGkgC,QAAgB3xB,GAAU4xB,QAAQ,MAAOF,EAAWD,EAAa,CAAE1lC,KAAM,WAC/E,OAAO,IAAIxG,WAAWosC,EACvB,CAAC,MAAO3X,GAEP,GAAiB,sBAAbA,EAAIjuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAbs0B,EAAIjuB,MAC3B,MAAMiuB,EAERpf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,QACrE,CAEE,OAAOw6B,GAAWp9B,GAAKid,QAAQ8f,EACjC,CASOprC,eAAe0rC,GAAOvrB,EAAM9R,EAAKs9B,GACtC,MAAMlrB,QAAEA,GAAYD,GAAgBL,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWmhB,EACtC,MAAUxhB,MAAM,oCAGlB,IAAIosC,EACJ,IACEA,QAAoBzxB,GAAUgX,UAAU,MAAOviB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,aACjF,CAAC,MAAOiuB,GAEP,GAAiB,sBAAbA,EAAIjuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAbs0B,EAAIjuB,MAC3B,MAAMiuB,EAGR,OADApf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,SAC1Dw6B,GAAWp9B,GAAKud,QAAQ+f,EACnC,CAEE,IACE,MAAMC,QAAkBhyB,GAAUiyB,UAAU,MAAOF,EAAaN,EAAa,CAAE1lC,KAAM,UAAY,CAAEA,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SAC3I,OAAO,IAAIlM,iBAAiBya,GAAUsjB,UAAU,MAAO0O,GACxD,CAAC,MAAOhY,GACP,GAAiB,mBAAbA,EAAIjuB,KACN,MAAU1G,MAAM,6BAElB,MAAM20B,CACV,CACA,uECxFA,MAAMha,GAAYpF,EAAKmF,eAER3Z,eAAe8rC,GAAYtO,EAAUuO,EAAUC,EAAMC,EAAM5e,GACxE,MAAMhiB,EAAOlD,EAAMpI,KAAKoI,EAAM4D,QAASyxB,GACvC,IAAKnyB,EAAM,MAAUpM,MAAM,qCAE3B,MAAMitC,QAAoBtyB,GAAUgX,UAAU,MAAOmb,EAAU,QAAQ,EAAO,CAAC,eACzEryB,QAAaE,GAAUuyB,WAAW,CAAExmC,KAAM,OAAQ0F,OAAM2gC,OAAMC,QAAQC,EAAsB,EAAT7e,GACzF,OAAO,IAAIluB,WAAWua,EACxB,CCHA,MAAM0yB,GAAY,CAChBhiC,OAAQoK,EAAKwD,WAAW,kBACxB3N,KAAMmK,EAAKwD,WAAW,iBAQjBhY,eAAewqC,GAASrqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAE3B,MAAM6M,EAAIkiB,GAAe,KACjB1vB,UAAW82B,GAAMn2B,GAAOkf,IAAI0T,QAAQ8K,cAAc7wB,GAC1D,MAAO,CAAEspB,IAAGtpB,IAClB,CAEI,KAAK9O,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChD4M,EAAI5M,EAAKsgC,MAAMC,mBAErB,MAAO,CAAErK,EADCl2B,EAAKwgC,aAAa5zB,GAChBA,IAClB,CACI,QACE,MAAUhY,MAAM,8BAEtB,CA+GO,SAASyrC,GAAevqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OACnB,OAAO,GAET,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO,GAET,QACE,MAAUpL,MAAM,8BAEtB,CAOOe,eAAeqsC,GAAoClsB,EAAMmsB,GAC9D,OAAQnsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMmiC,EAAqBpT,GAAeuR,GAAevqB,IACnDqsB,EAAepiC,GAAOw9B,WAAW2E,EAAoBD,GAC3DG,GAAmBD,GACnB,MAAQ/iC,UAAWijC,GAAuBtiC,GAAOkf,IAAI0T,QAAQ8K,cAAcyE,GAC3E,MAAO,CAAEG,qBAAoBF,eACnC,CACI,KAAKrkC,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChDkiC,EAAqBliC,EAAKsgC,MAAMC,mBAChC4B,EAAeniC,EAAKsiC,gBAAgBJ,EAAoBD,GAC9DG,GAAmBD,GAEnB,MAAO,CAAEE,mBADkBriC,EAAKwgC,aAAa0B,GAChBC,eACnC,CACI,QACE,MAAUvtC,MAAM,8BAEtB,CAEOe,eAAe4sC,GAAsBzsB,EAAMusB,EAAoBnM,EAAGtpB,GACvE,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMoiC,EAAepiC,GAAOw9B,WAAW3wB,EAAGy1B,GAE1C,OADAD,GAAmBD,GACZA,CACb,CACI,KAAKrkC,EAAMsB,UAAUY,KAAM,CACzB,MACMmiC,SADah4B,EAAKM,cAAc3M,EAAMsB,UAAUY,OAC5BsiC,gBAAgB11B,EAAGy1B,GAE7C,OADAD,GAAmBD,GACZA,CACb,CACI,QACE,MAAUvtC,MAAM,8BAEtB,CAQA,SAASwtC,GAAmBD,GAC1B,IAAIK,EAAM,EACV,IAAK,IAAIrtC,EAAI,EAAGA,EAAIgtC,EAAaltC,OAAQE,IACvCqtC,GAAOL,EAAahtC,GAEtB,GAAY,IAARqtC,EACF,MAAU5tC,MAAM,6BAEpB,2DAjGOe,eAAuBmgB,EAAMusB,EAAoBI,EAAYvM,EAAGtpB,GACrE,MAAMu1B,QAAqBI,GAAsBzsB,EAAMusB,EAAoBnM,EAAGtpB,GACxE81B,EAAYv4B,EAAKpV,iBAAiB,CACtCstC,EACAnM,EACAiM,IAEF,OAAQrsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B6V,QAAEA,GAAYD,GAAgBrE,GAEpC,OAAO6wB,GAAa7wB,QADQ2vB,GAAY3jC,EAAMkD,KAAKI,OAAQshC,EAAW,IAAI5tC,WAAcitC,GAAUhiC,OAAQqW,GAC3DqsB,EACrD,CACI,KAAK3kC,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B2V,QAAEA,GAAYD,GAAgBrY,EAAMoC,UAAUO,QAEpD,OAAOkiC,GAAa7wB,QADQ2vB,GAAY3jC,EAAMkD,KAAKM,OAAQohC,EAAW,IAAI5tC,WAAcitC,GAAU/hC,KAAMoW,GACzDqsB,EACrD,CACI,QACE,MAAU7tC,MAAM,8BAEtB,UA9DOe,eAAuBmgB,EAAM5b,EAAM+nC,GACxC,MAAMI,mBAAEA,EAAkBF,aAAEA,SAAuBH,GAAoClsB,EAAMmsB,GACvFS,EAAYv4B,EAAKpV,iBAAiB,CACtCstC,EACAJ,EACAE,IAEF,OAAQrsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B6V,QAAEA,GAAYD,GAAgBrE,GAC9B8wB,QAAsBnB,GAAY3jC,EAAMkD,KAAKI,OAAQshC,EAAW,IAAI5tC,WAAcitC,GAAUhiC,OAAQqW,GAE1G,MAAO,CAAEisB,qBAAoBI,iBADJI,GAAW/wB,EAAY8wB,EAAe1oC,GAErE,CACI,KAAK4D,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B2V,QAAEA,GAAYD,GAAgBrY,EAAMoC,UAAUO,QAC9CmiC,QAAsBnB,GAAY3jC,EAAMkD,KAAKM,OAAQohC,EAAW,IAAI5tC,WAAcitC,GAAU/hC,KAAMoW,GAExG,MAAO,CAAEisB,qBAAoBI,iBADJI,GAAW/wB,EAAY8wB,EAAe1oC,GAErE,CAEI,QACE,MAAUtF,MAAM,8BAEtB,+GA/DOe,eAA8BmgB,EAAMogB,EAAGtpB,GAC5C,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAK3B,MAAMX,UAAEA,GAAcW,GAAOkf,IAAI0T,QAAQ8K,cAAc7wB,GACvD,OAAOzC,EAAKmE,iBAAiB4nB,EAAG92B,EACtC,CACI,KAAKtB,EAAMsB,UAAUY,KAAM,CACzB,MAKMZ,SALa+K,EAAKM,cAAc3M,EAAMsB,UAAUY,OAK/BwgC,aAAa5zB,GACpC,OAAOzC,EAAKmE,iBAAiB4nB,EAAG92B,EACtC,CAEI,QACE,OAAO,EAEb,IC7CA,MAAMmQ,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAElBozB,GAAY,CAChB,CAAChlC,EAAMC,MAAMC,UAAW,QACxB,CAACF,EAAMC,MAAMG,UAAW,QACxB,CAACJ,EAAMC,MAAMK,UAAW,SAEpB2kC,GAAc3rB,GAAaA,GAAW4rB,YAAc,GACpDC,GAAa7rB,GAAa,CAC9B,CAACtZ,EAAMC,MAAMO,WAAYykC,GAAYxwB,SAAS,aAAe,iBAAc9c,EAC3E,CAACqI,EAAMC,MAAMC,UAAW+kC,GAAYxwB,SAAS,cAAgB,kBAAe9c,EAC5E,CAACqI,EAAMC,MAAMG,UAAW6kC,GAAYxwB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMK,UAAW2kC,GAAYxwB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMQ,eAAgBwkC,GAAYxwB,SAAS,WAAa,eAAY9c,EAC3E,CAACqI,EAAMC,MAAMU,kBAAmBskC,GAAYxwB,SAAS,UAAY,cAAW9c,EAC5E,CAACqI,EAAMC,MAAMY,iBAAkBokC,GAAYxwB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMa,iBAAkBmkC,GAAYxwB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMc,iBAAkBkkC,GAAYxwB,SAAS,mBAAqB,uBAAoB9c,GAC3F,CAAE,EAEAytC,GAAS,CACb,CAACplC,EAAMC,MAAMC,UAAW,CACtBugC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5D4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB4U,OAAQlY,EAAMoC,UAAUK,OACxB6iC,KAAMH,GAAWnlC,EAAMC,MAAMC,UAC7BqlC,IAAKP,GAAUhlC,EAAMC,MAAMC,UAC3BslC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMG,UAAW,CACtBqgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB2U,OAAQlY,EAAMoC,UAAUM,OACxB4iC,KAAMH,GAAWnlC,EAAMC,MAAMG,UAC7BmlC,IAAKP,GAAUhlC,EAAMC,MAAMG,UAC3BolC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMK,UAAW,CACtBmgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB0U,OAAQlY,EAAMoC,UAAUO,OACxB2iC,KAAMH,GAAWnlC,EAAMC,MAAMK,UAC7BilC,IAAKP,GAAUhlC,EAAMC,MAAMK,UAC3BklC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMO,WAAY,CACvBigC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB4U,OAAQlY,EAAMoC,UAAUK,OACxB6iC,KAAMH,GAAWnlC,EAAMC,MAAMO,WAC7BglC,YAAa,GACbE,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMQ,eAAgB,CAC3BggC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClE4E,QAASrlC,EAAMsB,UAAUQ,YACzBoB,KAAMlD,EAAMkD,KAAKM,OACjB8hC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC1lC,EAAMC,MAAMU,kBAAmB,CAC9B8/B,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxE4E,QAASrlC,EAAMsB,UAAUM,KACzBsB,KAAMlD,EAAMkD,KAAKI,OACjB4U,OAAQlY,EAAMoC,UAAUK,OACxB6iC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC1lC,EAAMC,MAAMY,iBAAkB,CAC7B4/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClE4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB4U,OAAQlY,EAAMoC,UAAUK,OACxB6iC,KAAMH,GAAWnlC,EAAMC,MAAMY,iBAC7B2kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMa,iBAAkB,CAC7B2/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB2U,OAAQlY,EAAMoC,UAAUM,OACxB4iC,KAAMH,GAAWnlC,EAAMC,MAAMa,iBAC7B0kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC1lC,EAAMC,MAAMc,iBAAkB,CAC7B0/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASrlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB0U,OAAQlY,EAAMoC,UAAUO,OACxB2iC,KAAMH,GAAWnlC,EAAMC,MAAMc,iBAC7BykC,YAAa,GACbE,sBAAuB,IAI3B,MAAMC,GACJ,WAAAxwC,CAAYywC,GACV,IACErwC,KAAKiI,KAAOooC,aAAqBpF,GAC/BoF,EAAUjF,UACV3gC,EAAM1H,MAAM0H,EAAMC,MAAM2lC,EAC3B,CAAC,MAAOna,GACP,MAAM,IAAIuW,GAAiB,gBACjC,CACI,MAAMjmB,EAASqpB,GAAO7vC,KAAKiI,MAE3BjI,KAAK8vC,QAAUtpB,EAAOspB,QAEtB9vC,KAAKkrC,IAAM1kB,EAAO0kB,IAClBlrC,KAAK2N,KAAO6Y,EAAO7Y,KACnB3N,KAAK2iB,OAAS6D,EAAO7D,OACrB3iB,KAAK+vC,KAAOvpB,EAAOupB,KACnB/vC,KAAKgwC,IAAMxpB,EAAOwpB,IAClBhwC,KAAKiwC,YAAczpB,EAAOypB,YAC1BjwC,KAAKkwC,WAAa1pB,EAAO0pB,WACzBlwC,KAAKmwC,sBAAwB3pB,EAAO2pB,sBAChCnwC,KAAKgwC,KAAOl5B,EAAKmF,eACnBjc,KAAKiU,KAAO,MACHjU,KAAK+vC,MAAQj5B,EAAKuF,gBAC3Brc,KAAKiU,KAAO,OACHjU,KAAKiI,OAASwC,EAAMC,MAAMU,iBACnCpL,KAAKiU,KAAO,mBACHjU,KAAKiI,OAASwC,EAAMC,MAAMQ,gBACnClL,KAAKiU,KAAO,gBAElB,CAEE,gBAAMq8B,GACJ,OAAQtwC,KAAKiU,MACX,IAAK,MACH,IACE,aAsIV3R,eAA6B2F,EAAMkoC,GAEjC,MAAMpD,QAAqB7wB,GAAUqjB,YAAY,CAAEt3B,KAAM,QAASsoC,WAAYd,GAAUxnC,KAAS,EAAM,CAAC,OAAQ,WAE1GuL,QAAmB0I,GAAUsjB,UAAU,MAAOuN,EAAav5B,YAC3DzH,QAAkBmQ,GAAUsjB,UAAU,MAAOuN,EAAahhC,WAEhE,MAAO,CACLA,UAAWykC,GAAezkC,EAAWokC,GACrC38B,WAAY4L,EAAgB5L,EAAW2P,GAE3C,CAjJuBstB,CAAczwC,KAAKiI,KAAMjI,KAAKmwC,sBAC5C,CAAC,MAAOja,GAEP,OADApf,EAAKyE,gBAAgB,6CAA+C2a,EAAI3iB,SACjEm9B,GAAa1wC,KAAKiI,KACnC,CACM,IAAK,OACH,OA6IR3F,eAA8B2F,GAE5B,MAAMoE,EAAO0X,GAAW4sB,WAAWf,GAAW3nC,IAE9C,aADMoE,EAAKukC,eACJ,CACL7kC,UAAW,IAAItK,WAAW4K,EAAK8gC,gBAC/B35B,WAAY,IAAI/R,WAAW4K,EAAKwkC,iBAEpC,CArJeC,CAAe9wC,KAAKiI,MAC7B,IAAK,mBAAoB,CAEvB,MAAMsR,EAAEA,EAACspB,EAAEA,SAAYkO,GAActmC,EAAMsB,UAAUW,QAC/C8G,EAAa+F,EAAE5W,QAAQkoB,UAC7BrX,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAElB,MAAO,CAAEzH,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKmwC,wBAAyBtN,IACnErvB,aAC5B,CACM,IAAK,gBAAiB,CACpB,MAAQq3B,KAAMr3B,EAAUqvB,EAAEA,SAAYmO,GAAcvmC,EAAMsB,UAAUZ,SAEpE,MAAO,CAAEY,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKmwC,wBAAyBtN,IACnErvB,aAC5B,CACM,QACE,OAAOk9B,GAAa1wC,KAAKiI,MAEjC,EAmCA3F,eAAe2uC,GAAuBxuB,EAAMyoB,EAAKgG,EAAG/tB,GAClD,MAAMguB,EAAkB,CACtB,CAAC1mC,EAAMC,MAAMC,WAAW,EACxB,CAACF,EAAMC,MAAMG,WAAW,EACxB,CAACJ,EAAMC,MAAMK,WAAW,EACxB,CAACN,EAAMC,MAAMO,YAAY,EACzB,CAACR,EAAMC,MAAMU,kBAAmBqX,IAAShY,EAAMsB,UAAUM,KACzD,CAAC5B,EAAMC,MAAMY,kBAAkB,EAC/B,CAACb,EAAMC,MAAMa,kBAAkB,EAC/B,CAACd,EAAMC,MAAMc,kBAAkB,GAI3B8L,EAAY4zB,EAAIE,UACtB,IAAK+F,EAAgB75B,GACnB,OAAO,EAGT,GAAIA,IAAc7M,EAAMC,MAAMU,iBAAkB,CAC9C+X,EAAIA,EAAExgB,QAAQkoB,UAEd,MAAM9e,UAAEA,GAAcm1B,GAAKtV,IAAI0T,QAAQ8K,cAAcjnB,GAErD+tB,EAAI,IAAIzvC,WAAWyvC,GACnB,MAAME,EAAK,IAAI3vC,WAAW,CAAC,MAASsK,IACpC,QAAK+K,EAAKmE,iBAAiBm2B,EAAIF,EAKnC,CAEE,MAKME,SALmBt6B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOgL,IAK7C61B,aAAahqB,GAAG,GACtC,QAAKrM,EAAKmE,iBAAiBm2B,EAAIF,EAKjC,CAMA,SAASG,GAA0B3mC,EAAO4mC,GACxC,MAAMrB,YAAEA,EAAWE,sBAAEA,EAAuBloC,KAAMqP,GAAc5M,EAE1D6mC,EAAaj6B,IAAc7M,EAAMC,MAAMU,kBAAoBkM,IAAc7M,EAAMC,MAAMQ,cAAiB+kC,EAA4B,EAAdA,EAE1H,GAAIqB,EAAE,KAAOnB,GAAyBmB,EAAE1vC,SAAW2vC,EAAY,EAC7D,MAAUhwC,MAAM,yBAEpB,CAWAe,eAAeouC,GAAazoC,GAC1B,MAAMupC,QAAmB16B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOrE,GAC7DuL,EAAag+B,EAAWvE,MAAMC,mBAEpC,MAAO,CAAEnhC,UADSylC,EAAWrE,aAAa35B,GAAY,GAClCA,aACtB,CAoCA,SAASg9B,GAAejS,EAAK4R,GAC3B,MAAMsB,EAAOryB,EAAgBmf,EAAI/iB,GAC3Bk2B,EAAOtyB,EAAgBmf,EAAI9D,GAC3B1uB,EAAY,IAAItK,WAAWgwC,EAAK7vC,OAAS8vC,EAAK9vC,OAAS,GAI7D,OAHAmK,EAAU,GAAKokC,EACfpkC,EAAU5J,IAAIsvC,EAAM,GACpB1lC,EAAU5J,IAAIuvC,EAAMD,EAAK7vC,OAAS,GAC3BmK,CACT,CASA,SAAS4lC,GAAe1B,EAAahoC,EAAM8D,GACzC,MAAMmhB,EAAM+iB,EACNwB,EAAO1lC,EAAUpJ,MAAM,EAAGuqB,EAAM,GAChCwkB,EAAO3lC,EAAUpJ,MAAMuqB,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgR,IAAK,KACLsP,IAAKvlC,EACLuT,EAAG+D,EAAgBkyB,GACnBhX,EAAGlb,EAAgBmyB,GACnBtT,KAAK,EAGT,CAUA,SAAST,GAAasS,EAAahoC,EAAM8D,EAAWyH,GAClD,MAAM+qB,EAAMoT,GAAe1B,EAAahoC,EAAM8D,GAE9C,OADAwyB,EAAIpb,EAAI5D,EAAgB/L,GACjB+qB,CACT,CCvWA,MAAMriB,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAgBjB/Z,eAAe09B,GAAKkL,EAAKpL,EAAUvsB,EAASxH,EAAWyH,EAAY8pB,GACxE,MAAM5yB,EAAQ,IAAI0lC,GAAalF,GAE/B,GADAmG,GAA0B3mC,EAAOqB,GAC7BwH,IAAYuD,EAAK7V,SAASsS,GAAU,CACtC,MAAM+rB,EAAU,CAAEvzB,YAAWyH,cAC7B,OAAQ9I,EAAMuJ,MACZ,IAAK,MAEH,IAEE,aAqIV3R,eAAuBoI,EAAOo1B,EAAUvsB,EAAS+rB,GAC/C,MAAMpS,EAAMxiB,EAAMulC,YACZ1R,EAAMZ,GAAajzB,EAAMulC,YAAaR,GAAU/kC,EAAMzC,MAAOq3B,EAAQvzB,UAAWuzB,EAAQ9rB,YACxF7C,QAAYuL,GAAUgX,UAC1B,MACAqL,EACA,CACEt2B,KAAQ,QACRsoC,WAAcd,GAAU/kC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,SAGGkB,EAAY,IAAIpN,iBAAiBya,GAAU8jB,KAC/C,CACE/3B,KAAQ,QACRsoC,WAAcd,GAAU/kC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAASyxB,KAE5CnvB,EACA4C,IAGF,MAAO,CACLkI,EAAG5M,EAAUlM,MAAM,EAAGuqB,GACtBvT,EAAG9K,EAAUlM,MAAMuqB,EAAKA,GAAO,GAEnC,CAlKuB+S,CAAQv1B,EAAOo1B,EAAUvsB,EAAS+rB,EAChD,CAAC,MAAOpJ,GAIP,GAAmB,aAAfxrB,EAAMzC,OAAqC,cAAbiuB,EAAIjuB,MAAqC,mBAAbiuB,EAAIjuB,MAChE,MAAMiuB,EAERpf,EAAKyE,gBAAgB,oCAAsC2a,EAAI3iB,QACzE,CACQ,MACF,IAAK,OACH,OAoLRjR,eAAwBoI,EAAOo1B,EAAUvsB,EAASC,GAEhD,MAAMo+B,EAAa96B,EAAKG,YAAY,eAC9B46B,EAAa/6B,EAAK0F,iBAChBhJ,WAAYs+B,GAAkBF,EAAWG,YAAY,CAC3Dz6B,UAAWs4B,GAAWllC,EAAMzC,MAC5BuL,WAAYq+B,EAAWtxB,KAAK/M,KAGxBwsB,EAAOjc,GAAWmc,WAAWz1B,EAAMpI,KAAKoI,EAAMkD,KAAMmyB,IAC1DE,EAAKj9B,MAAMwQ,GACXysB,EAAK13B,MAEL,MAAMuG,EAAY,IAAIpN,WAAWu+B,EAAKA,KAAK,CAAErvB,IAAKmhC,EAAetT,OAAQ,MAAOvqB,KAAM,OAAQ+9B,YAAa,gBACrG9kB,EAAMxiB,EAAMulC,YAElB,MAAO,CACLx0B,EAAG5M,EAAU7F,SAAS,EAAGkkB,GACzBvT,EAAG9K,EAAU7F,SAASkkB,EAAKA,GAAO,GAEtC,CAxMeiT,CAASz1B,EAAOo1B,EAAUvsB,EAASC,GAElD,CAEE,MAEM3E,SAFmBiI,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAE5C+3B,KAAK1C,EAAQ9pB,EAAY,CAAEy+B,MAAM,IAC9D,MAAO,CACLx2B,EAAG6f,GAAmBzsB,EAAU4M,EAAG,KAAM/Q,EAAMulC,aAC/Ct2B,EAAG2hB,GAAmBzsB,EAAU8K,EAAG,KAAMjP,EAAMulC,aAEnD,CAcO3tC,eAAei+B,GAAO2K,EAAKpL,EAAUjxB,EAAW0E,EAASxH,EAAWuxB,GACzE,MAAM5yB,EAAQ,IAAI0lC,GAAalF,GAC/BmG,GAA0B3mC,EAAOqB,GAOjC,MAAMmmC,EAAmC5vC,SACzB,IAAdg7B,EAAO,IACL6U,GAASznC,EAAOmE,EAAWyuB,EAAOt0B,SAAS,GAAI+C,GAInD,GAAIwH,IAAYuD,EAAK7V,SAASsS,GAC5B,OAAQ7I,EAAMuJ,MACZ,IAAK,MACH,IAEE,MAAMm+B,QA2GhB9vC,eAAyBoI,EAAOo1B,GAAUrkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC3D,MAAMwyB,EAAMoT,GAAejnC,EAAMulC,YAAaR,GAAU/kC,EAAMzC,MAAO8D,GAC/D4E,QAAYuL,GAAUgX,UAC1B,MACAqL,EACA,CACEt2B,KAAQ,QACRsoC,WAAcd,GAAU/kC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,WAGGkB,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAAIrQ,OAEhD,OAAO4S,GAAUqkB,OACf,CACEt4B,KAAQ,QACRsoC,WAAcd,GAAU/kC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAASyxB,KAE5CnvB,EACA9B,EACA0E,EAEJ,CArIiCitB,CAAU91B,EAAOo1B,EAAUjxB,EAAW0E,EAASxH,GACtE,OAAOqmC,GAAYF,GACpB,CAAC,MAAOhc,GAIP,GAAmB,aAAfxrB,EAAMzC,OAAqC,cAAbiuB,EAAIjuB,MAAqC,mBAAbiuB,EAAIjuB,MAChE,MAAMiuB,EAERpf,EAAKyE,gBAAgB,sCAAwC2a,EAAI3iB,QAC3E,CACQ,MACF,IAAK,OAAQ,CACX,MAAM6+B,QAgJd9vC,eAA0BoI,EAAOo1B,GAAUrkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC5D,MAAM6lC,EAAa96B,EAAKG,YAAY,eAC9B46B,EAAa/6B,EAAK0F,iBAChBzQ,UAAWsmC,GAAiBT,EAAWG,YAAY,CACzDz6B,UAAWs4B,GAAWllC,EAAMzC,MAC5B8D,UAAW8lC,EAAWtxB,KAAKxU,KAGvBw0B,EAASxc,GAAW0c,aAAah2B,EAAMpI,KAAKoI,EAAMkD,KAAMmyB,IAC9DS,EAAOx9B,MAAMwQ,GACbgtB,EAAOj4B,MAEP,MAAMuG,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAE5C,IACE,OAAO4mB,EAAOA,OAAO,CAAE5vB,IAAK0hC,EAAc7T,OAAQ,MAAOvqB,KAAM,OAAQ+9B,YAAa,cAAgBnjC,EACrG,CAAC,MAAOqnB,GACP,OAAO,CACX,CACA,CAnK+BwK,CAAWh2B,EAAOo1B,EAAUjxB,EAAW0E,EAASxH,GACvE,OAAOqmC,GAAYF,GAC3B,EAKE,aADuBC,GAASznC,EAAOmE,EAAWyuB,EAAQvxB,IACvCmmC,GACrB,CAiDA5vC,eAAe6vC,GAASznC,EAAOmE,EAAWyuB,EAAQvxB,GAGhD,aAFyB+K,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAEvDs4B,OAAOzpB,EAAKpV,iBAAiB,CAACmN,EAAU4M,EAAG5M,EAAU8K,IAAK2jB,EAAQvxB,EAAW,CAAEkmC,MAAM,GACzG,0EA3CO3vC,eAA8B4oC,EAAKgG,EAAG/tB,GAC3C,MAAMzY,EAAQ,IAAI0lC,GAAalF,GAE/B,GAAIxgC,EAAMolC,UAAYrlC,EAAMsB,UAAUO,MACpC,OAAO,EAKT,OAAQ5B,EAAMuJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMV,EAAUkoB,GAAe,GACzBqE,EAAWr1B,EAAMkD,KAAKI,OACtBuvB,QAAe3vB,GAAK2W,OAAOwb,EAAUvsB,GAC3C,IACE,MAAM1E,QAAkBmxB,GAAKkL,EAAKpL,EAAUvsB,EAAS29B,EAAG/tB,EAAGma,GAE3D,aAAaiD,GAAO2K,EAAKpL,EAAUjxB,EAAW0E,EAAS29B,EAAG5T,EAC3D,CAAC,MAAOpH,GACP,OAAO,CACf,CACA,CACI,QACE,OAAO+a,GAAuBxmC,EAAMsB,UAAUO,MAAO4+B,EAAKgG,EAAG/tB,GAEnE,qEC9HO7gB,eAAoB4oC,EAAKpL,EAAUvsB,EAASxH,EAAWyH,EAAY8pB,GAGxE,GADA+T,GADc,IAAIjB,GAAalF,GACEn/B,GAC7B4B,GAAKwX,kBAAkB2a,GAAYnyB,GAAKwX,kBAAkB1a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAQ+rC,GAAIz+B,SAAoByjC,GAAU7nC,EAAMsB,UAAUZ,QAAS20B,EAAUvsB,EAASxH,EAAU/C,SAAS,GAAIwK,EAAY8pB,GAEzH,MAAO,CACL7hB,EAAG5M,EAAU7F,SAAS,EAAG,IACzB2Q,EAAG9K,EAAU7F,SAAS,IAE1B,iBAkCO1G,eAA8B4oC,EAAKgG,EAAG33B,GAE3C,GAAI2xB,EAAIE,YAAc3gC,EAAMC,MAAMQ,cAChC,OAAO,EAOT,MAAMa,UAAEA,GAAcm1B,GAAKlB,KAAKV,QAAQsL,SAASrxB,GAC3C63B,EAAK,IAAI3vC,WAAW,CAAC,MAASsK,IACpC,OAAO+K,EAAKmE,iBAAiBi2B,EAAGE,EAElC,SAlCO9uC,eAAsB4oC,EAAKpL,GAAUrkB,EAAG9B,EAAEA,GAAKue,EAAGnsB,EAAWuxB,GAGlE,GADA+T,GADc,IAAIjB,GAAalF,GACEn/B,GAC7B4B,GAAKwX,kBAAkB2a,GAAYnyB,GAAKwX,kBAAkB1a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAM+rC,EAAKx2B,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IACrC,OAAO44B,GAAY9nC,EAAMsB,UAAUZ,QAAS20B,EAAU,CAAEwN,MAAMpV,EAAGnsB,EAAU/C,SAAS,GAAIs0B,EAC1F,ICrDO,SAAS5iB,GAAOnH,GACrB,MAAM2P,EAAI,EAAK3P,EAAQ3R,OAAS,EAC1B+W,EAAS,IAAIlX,WAAW8R,EAAQ3R,OAASshB,GAAGoE,KAAKpE,GAEvD,OADAvK,EAAOxW,IAAIoR,GACJoF,CACT,CAOO,SAASmC,GAAOvH,GACrB,MAAM2Z,EAAM3Z,EAAQ3R,OACpB,GAAIsrB,EAAM,EAAG,CACX,MAAMhK,EAAI3P,EAAQ2Z,EAAM,GACxB,GAAIhK,GAAK,EAAG,CACV,MAAMsvB,EAAWj/B,EAAQvK,SAASkkB,EAAMhK,GAClCuvB,EAAW,IAAIhxC,WAAWyhB,GAAGoE,KAAKpE,GACxC,GAAIpM,EAAKmE,iBAAiBu3B,EAAUC,GAClC,OAAOl/B,EAAQvK,SAAS,EAAGkkB,EAAMhK,EAEzC,CACA,CACE,MAAU3hB,MAAM,kBAClB,yECxBA,MAAM2a,GAAYpF,EAAKmF,eACjB8H,GAAajN,EAAKuF,gBAexB,SAASq2B,GAAeC,EAAazH,EAAK0H,EAAWC,GACnD,OAAO/7B,EAAKpV,iBAAiB,CAC3BwpC,EAAInoC,QACJ,IAAItB,WAAW,CAACkxC,IAChBC,EAAU7vC,QACV+T,EAAK+C,mBAAmB,wBACxBg5B,GAEJ,CAGAvwC,eAAewwC,GAAIhT,EAAU+B,EAAGjgC,EAAQmxC,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAInxC,EACJ,GAAIkxC,EAAc,CAEhB,IAAKlxC,EAAI,EAAGA,EAAI+/B,EAAEjgC,QAAmB,IAATigC,EAAE//B,GAAUA,KACxC+/B,EAAIA,EAAE74B,SAASlH,EACnB,CACE,GAAImxC,EAAe,CAEjB,IAAKnxC,EAAI+/B,EAAEjgC,OAAS,EAAGE,GAAK,GAAc,IAAT+/B,EAAE//B,GAAUA,KAC7C+/B,EAAIA,EAAE74B,SAAS,EAAGlH,EAAI,EAC1B,CAME,aALqB6L,GAAK2W,OAAOwb,EAAUhpB,EAAKpV,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBogC,EACAkR,MAEY/pC,SAAS,EAAGpH,EAC5B,CAUAU,eAAe4wC,GAAsBxoC,EAAOwmC,GAC1C,OAAQxmC,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAQ66B,aAAcqE,EAASnE,mBAAEA,SAA6BoE,GAAyC3oC,EAAMsB,UAAUW,OAAQwkC,EAAEloC,SAAS,IAE1I,MAAO,CAAE+C,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACiJ,EAAMylC,wBAAyBnB,IACpEmE,YAC1B,CACI,IAAK,MACH,GAAIzoC,EAAMslC,KAAOl5B,EAAKmF,eACpB,IACE,aA8LV3Z,eAAqCoI,EAAOwmC,GAC1C,MAAM3S,EAAMoT,GAAejnC,EAAMulC,YAAavlC,EAAMslC,IAAKkB,GACzD,IAAI5R,EAAUpjB,GAAUqjB,YACtB,CACEt3B,KAAM,OACNsoC,WAAY7lC,EAAMslC,MAEpB,EACA,CAAC,YAAa,eAEZqD,EAAYn3B,GAAUgX,UACxB,MACAqL,EACA,CACEt2B,KAAM,OACNsoC,WAAY7lC,EAAMslC,MAEpB,EACA,KAED1Q,EAAS+T,SAAmBnzC,QAAQ4E,IAAI,CAACw6B,EAAS+T,IACnD,IAAI15B,EAAIuC,GAAUuyB,WAChB,CACExmC,KAAM,OACNsoC,WAAY7lC,EAAMslC,IAClBsD,OAAQD,GAEV/T,EAAQ9rB,WACR9I,EAAMwlC,YAEJljB,EAAI9Q,GAAUsjB,UAChB,MACAF,EAAQvzB,YAET4N,EAAGqT,SAAW9sB,QAAQ4E,IAAI,CAAC6U,EAAGqT,IAC/B,MAAMmmB,EAAY,IAAI1xC,WAAWkY,GAC3B5N,EAAY,IAAItK,WAAW+uC,GAAexjB,EAAGtiB,EAAMylC,wBACzD,MAAO,CAAEpkC,YAAWonC,YACtB,CApOuBI,CAAsB7oC,EAAOwmC,EAC3C,CAAC,MAAOhb,GAEP,OADApf,EAAKyE,gBAAgB2a,GACdsd,GAAqB9oC,EAAOwmC,EAC7C,CAEM,MACF,IAAK,OACH,OAuPN5uC,eAAsCoI,EAAOwmC,GAC3C,MAAMuC,EAAS1vB,GAAW4sB,WAAWjmC,EAAMqlC,MAC3C0D,EAAO7C,eACP,MAAMuC,EAAY,IAAI1xC,WAAWgyC,EAAOC,cAAcxC,IAChDnlC,EAAY,IAAItK,WAAWgyC,EAAOtG,gBACxC,MAAO,CAAEphC,YAAWonC,YACtB,CA7PaQ,CAAuBjpC,EAAOwmC,GACvC,QACE,OAAOsC,GAAqB9oC,EAAOwmC,GAGzC,CAoCA5uC,eAAesxC,GAAuBlpC,EAAO4mC,EAAGJ,EAAG/tB,GACjD,GAAIA,EAAEvhB,SAAW8I,EAAMulC,YAAa,CAClC,MAAMz8B,EAAa,IAAI/R,WAAWiJ,EAAMulC,aACxCz8B,EAAWrR,IAAIghB,EAAGzY,EAAMulC,YAAc9sB,EAAEvhB,QACxCuhB,EAAI3P,CACR,CACE,OAAQ9I,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAMjF,EAAYmU,EAAExgB,QAAQkoB,UAE5B,MAAO,CAAE7b,YAAWmkC,gBADIU,GAA2BppC,EAAMsB,UAAUW,OAAQ4kC,EAAEtoC,SAAS,GAAIkoC,EAAEloC,SAAS,GAAIgG,GAE/G,CACI,IAAK,MACH,GAAItE,EAAMslC,KAAOl5B,EAAKmF,eACpB,IACE,aA2EV3Z,eAAsCoI,EAAO4mC,EAAGJ,EAAG/tB,GACjD,MAAMkwB,EAAY1V,GAAajzB,EAAMulC,YAAavlC,EAAMslC,IAAKkB,EAAG/tB,GAChE,IAAI3P,EAAa0I,GAAUgX,UACzB,MACAmgB,EACA,CACEprC,KAAM,OACNsoC,WAAY7lC,EAAMslC,MAEpB,EACA,CAAC,YAAa,eAEhB,MAAMzR,EAAMoT,GAAejnC,EAAMulC,YAAavlC,EAAMslC,IAAKsB,GACzD,IAAImC,EAASv3B,GAAUgX,UACrB,MACAqL,EACA,CACEt2B,KAAM,OACNsoC,WAAY7lC,EAAMslC,MAEpB,EACA,KAEDx8B,EAAYigC,SAAgBvzC,QAAQ4E,IAAI,CAAC0O,EAAYigC,IACtD,IAAIhc,EAAIvb,GAAUuyB,WAChB,CACExmC,KAAM,OACNsoC,WAAY7lC,EAAMslC,IAClBsD,OAAQG,GAEVjgC,EACA9I,EAAMwlC,YAEJ4D,EAAS53B,GAAUsjB,UACrB,MACAhsB,IAEDikB,EAAGqc,SAAgB5zC,QAAQ4E,IAAI,CAAC2yB,EAAGqc,IACpC,MAAMX,EAAY,IAAI1xC,WAAWg2B,GAEjC,MAAO,CAAEzoB,UADSoQ,EAAgB00B,EAAO3wB,GACrBgwB,YACtB,CApHuBY,CAAuBrpC,EAAO4mC,EAAGJ,EAAG/tB,EAClD,CAAC,MAAO+S,GAEP,OADApf,EAAKyE,gBAAgB2a,GACd8d,GAAsBtpC,EAAO4mC,EAAGnuB,EACjD,CAEM,MACF,IAAK,OACH,OAuKN7gB,eAAuCoI,EAAO4mC,EAAGnuB,GAC/C,MAAMkwB,EAAYtvB,GAAW4sB,WAAWjmC,EAAMqlC,MAC9CsD,EAAUY,cAAc9wB,GACxB,MAAMgwB,EAAY,IAAI1xC,WAAW4xC,EAAUK,cAAcpC,IAEzD,MAAO,CAAEtiC,UADS,IAAIvN,WAAW4xC,EAAUxC,iBACvBsC,YACtB,CA7Kae,CAAwBxpC,EAAO4mC,EAAGnuB,GAC3C,QACE,OAAO6wB,GAAsBtpC,EAAO4mC,EAAGnuB,GAE7C,CAmCA7gB,eAAe0xC,GAAsBtpC,EAAO4mC,EAAGnuB,GAK7C,MAAO,CAAEnU,UAAWmU,EAAGgwB,iBAJEr8B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAE9BgnC,gBAAgB9rB,EAAGmuB,GACpBtoC,SAAS,GAEpD,CAEA1G,eAAekxC,GAAqB9oC,EAAOwmC,GACzC,MAAMM,QAAmB16B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAChE8D,UAAWulC,EAAG99B,WAAYoG,SAAYlP,EAAM4lC,aAKpD,MAAO,CAAEvkC,UAAWulC,EAAG6B,UAFQ3B,EAAWvC,gBAAgBr1B,EAAGs3B,GACpBloC,SAAS,GAEpD,2DApCO1G,eAAuB4oC,EAAK0H,EAAWtB,EAAG6C,EAAGjD,EAAG/tB,EAAG0vB,GACxD,MAAMnoC,EAAQ,IAAI0lC,GAAalF,GAC/BmG,GAA0B3mC,EAAOwmC,GACjCG,GAA0B3mC,EAAO4mC,GACjC,MAAM6B,UAAEA,SAAoBS,GAAuBlpC,EAAO4mC,EAAGJ,EAAG/tB,GAC1D4vB,EAAQL,GAAejoC,EAAMsB,UAAUM,KAAM6+B,EAAK0H,EAAWC,IAC7D9vB,QAAEA,GAAYD,GAAgB8vB,EAAUjwB,QAC9C,IAAIuT,EACJ,IAAK,IAAIp0B,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAEE,MAAMghC,QAAUgQ,GAAIF,EAAUjlC,KAAMwlC,EAAWpwB,EAASgwB,EAAa,IAANjxC,EAAe,IAANA,GACxE,OAAOsyC,SAAmB9E,GAAasD,EAAUjwB,OAAQmgB,EAAGqR,GAC7D,CAAC,MAAOjwC,GACPgyB,EAAMhyB,CACZ,CAEE,MAAMgyB,CACR,UAnFO5zB,eAAuB4oC,EAAK0H,EAAW/rC,EAAMqqC,EAAG2B,GACrD,MAAM3a,EAAImc,GAAaxtC,GAEjB6D,EAAQ,IAAI0lC,GAAalF,GAC/BmG,GAA0B3mC,EAAOwmC,GACjC,MAAMnlC,UAAEA,EAASonC,UAAEA,SAAoBD,GAAsBxoC,EAAOwmC,GAC9D6B,EAAQL,GAAejoC,EAAMsB,UAAUM,KAAM6+B,EAAK0H,EAAWC,IAC7D9vB,QAAEA,GAAYD,GAAgB8vB,EAAUjwB,QACxCmgB,QAAUgQ,GAAIF,EAAUjlC,KAAMwlC,EAAWpwB,EAASgwB,GAExD,MAAO,CAAEhnC,YAAWqjC,iBADKI,GAAWoD,EAAUjwB,OAAQmgB,EAAG5K,GAE3D,iBA9FO51B,eAA8B4oC,EAAKgG,EAAG/tB,GAC3C,OAAO8tB,GAAuBxmC,EAAMsB,UAAUM,KAAM6+B,EAAKgG,EAAG/tB,EAC9D,6HJ8JA7gB,eAAwBgV,GACtB,MAAM5M,EAAQ,IAAI0lC,GAAa94B,IACzB4zB,IAAEA,EAAGv9B,KAAEA,EAAIgV,OAAEA,GAAWjY,EACxB40B,QAAgB50B,EAAM4lC,aAC5B,MAAO,CACLpF,MACAgG,EAAG5R,EAAQvzB,UACX+nC,OAAQh9B,EAAK4B,QAAQ4mB,EAAQ9rB,WAAY9I,EAAMulC,aAC/CtiC,OACAgV,SAEJ,uBAOA,SAA8BuoB,GAC5B,OAAO2E,GAAO3E,EAAIE,WAAWz9B,IAC/B,IK/LA,MAAMisB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,0DAaZxkB,eAAoBw9B,EAAUxC,EAAQ7L,EAAGzE,EAAGtJ,EAAGlI,GACpD,MAAMoe,EAAM9S,OAAO,GAMnB,IAAIvN,EACAkC,EACA9B,EACA+B,EARJsR,EAAI8M,GAAmB9M,GACvBtJ,EAAIoW,GAAmBpW,GACvB+N,EAAIqI,GAAmBrI,GACvBjW,EAAIse,GAAmBte,GAMvBiW,EAAIsI,GAAItI,EAAGzE,GACXxR,EAAIue,GAAIve,EAAGkI,GAMX,MAAM0N,EAAI2I,GAAID,GAAmBwD,EAAOt0B,SAAS,EAAGsB,GAAWoZ,KAAMA,GAMrE,OAAa,CAIX,GAFAnK,EAAIoiB,GAAoB9B,GAAKnW,GAC7BjI,EAAIse,GAAIE,GAAOxI,EAAGlY,EAAGyT,GAAItJ,GACrBjI,IAAMme,EACR,SAEF,MAAM0a,EAAKva,GAAIve,EAAIC,EAAGiI,GAGtB,GAFAhI,EAAIqe,GAAI3I,EAAIkjB,EAAI5wB,GAChB/J,EAAIogB,GAAIM,GAAO9gB,EAAGmK,GAAKhI,EAAGgI,GACtB/J,IAAMigB,EAGV,KACJ,CACE,MAAO,CACLne,EAAG6f,GAAmB7f,EAAG,KAAMnR,GAAW0iB,IAC1CrT,EAAG2hB,GAAmB3hB,EAAG,KAAMrP,GAAW0iB,IAE9C,iBAwDO1qB,eAA8B0qB,EAAGtJ,EAAG+N,EAAGgJ,EAAGjf,GAM/C,GALAwR,EAAI8M,GAAmB9M,GACvBtJ,EAAIoW,GAAmBpW,GACvB+N,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAMT,GAAI+M,GAAI/M,EAAI6M,GAAKnW,KAAOkW,GACtB,OAAO,EAOT,GAAIK,GAAOxI,EAAG/N,EAAGsJ,KAAO6M,GACtB,OAAO,EAMT,MAAM0a,EAAQztB,OAAOqU,GAAUzX,IAE/B,GAAI6wB,EADUztB,OAAO,OACCkV,GAAgBtY,EAAG,KAAM,IAC7C,OAAO,EASTlI,EAAIse,GAAmBte,GACvB,MAAM6kB,EAAMvZ,OAAO,GAGnB,OAAI2T,IAAMR,GAAOxI,EADL/N,EADFiY,GAAoB0E,GAAQkU,EAAQ1a,GAAMwG,GAAOkU,GACvC/4B,EACKwR,EAK3B,SA1FO1qB,eAAsBw9B,EAAUrkB,EAAG9B,EAAG2jB,EAAQ7L,EAAGzE,EAAGtJ,EAAG+W,GAS5D,GARAhf,EAAIqe,GAAmBre,GACvB9B,EAAImgB,GAAmBngB,GAEvBqT,EAAI8M,GAAmB9M,GACvBtJ,EAAIoW,GAAmBpW,GACvB+N,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhf,GAAKme,IAAOne,GAAKiI,GACjB/J,GAAKigB,IAAOjgB,GAAK+J,EAEnB,OADA5M,EAAKuE,WAAW,0BACT,EAET,MAAM+V,EAAI2I,GAAID,GAAmBwD,EAAOt0B,SAAS,EAAGsB,GAAWoZ,KAAMA,GAC/DqF,EAAIsR,GAAO1gB,EAAG+J,GACpB,GAAIqF,IAAM6Q,GAER,OADA9iB,EAAKuE,WAAW,0BACT,EAGToW,EAAIsI,GAAItI,EAAGzE,GACXyN,EAAIV,GAAIU,EAAGzN,GACX,MAAMwnB,EAAKza,GAAI3I,EAAIrI,EAAGrF,GAChB+wB,EAAK1a,GAAIte,EAAIsN,EAAGrF,GAItB,OADUqW,GAAIA,GAFHE,GAAOxI,EAAG+iB,EAAIxnB,GACdiN,GAAOQ,EAAGga,EAAIznB,GACEA,GAAItJ,KAClBjI,CACf,IC3He1P,GAAA,CAEb2oC,IAAKA,GAELvoC,QAASA,GAETwoC,SAAUA,GAEVvoC,IAAKA,2ECGA,SAA8BqW,EAAM5T,GACzC,IAAIxM,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyN,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAG1C,OAHkDA,GAAQsX,EAAE/X,OAAS,EAG9D,CAAES,OAAMuyC,gBAAiB,CAAEj7B,KACxC,CAII,KAAKlP,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,CAGE,MAAMmP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAMuyC,gBAAiB,CAAEn5B,IAAG9B,KAC3C,CAII,KAAKlP,EAAMsB,UAAUQ,YAAa,CAIhC,MAAMkP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAMuyC,gBAAiB,CAAEn5B,IAAG9B,KAC3C,CAKI,KAAKlP,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMioC,EAAS,EAAI9oC,GAAU4oC,SAASG,MAAM9H,eAAevqB,GACrD6qB,EAAKx2B,EAAK2B,kBAAkB5J,EAAWxM,EAAMA,EAAOwyC,GAC1D,OADmExyC,GAAQirC,EAAG1rC,OACvE,CAAES,OAAMuyC,gBAAiB,CAAEtH,MACxC,CAEI,QACE,MAAM,IAAIb,GAAiB,gCAEjC,OAuEOnqC,eAAoBmgB,EAAMqd,EAAUiV,EAAiBC,EAAkBnuC,EAAMy2B,GAClF,IAAKyX,IAAoBC,EACvB,MAAUzzC,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAM6wC,GACX5xB,EAAEA,EAAC6J,EAAEA,EAACtJ,EAAEA,EAACka,EAAEA,GAAMoX,EAEvB,MAAO,CAAEr7B,QADO5N,GAAU2oC,IAAI1U,KAAKF,EAAUj5B,EAAM8Q,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGN,GAE3E,CACI,KAAK7yB,EAAMsB,UAAUK,IAAK,CACxB,MAAMqlB,EAAEA,EAACzE,EAAEA,EAACtJ,EAAEA,GAAMqxB,GACdv5B,EAAEA,GAAMw5B,EACd,OAAOjpC,GAAUK,IAAI4zB,KAAKF,EAAUxC,EAAQ7L,EAAGzE,EAAGtJ,EAAGlI,EAC3D,CACI,KAAK/Q,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,gEAClB,KAAKkJ,EAAMsB,UAAUO,MAAO,CAC1B,MAAM4+B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACb5xB,EAAEA,GAAM6xB,EACd,OAAOjpC,GAAU4oC,SAASroC,MAAM0zB,KAAKkL,EAAKpL,EAAUj5B,EAAMqqC,EAAG/tB,EAAGma,EACtE,CACI,KAAK7yB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM2+B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACblK,KAAEA,GAASmK,EACjB,OAAOjpC,GAAU4oC,SAASpoC,YAAYyzB,KAAKkL,EAAKpL,EAAUj5B,EAAMqqC,EAAGrG,EAAMvN,EAC/E,CACI,KAAK7yB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMi2B,EAAEA,GAAMkS,GACRlK,KAAEA,GAASmK,EACjB,OAAOjpC,GAAU4oC,SAASG,MAAM9U,KAAKvd,EAAMqd,EAAUj5B,EAAMg8B,EAAGgI,EAAMvN,EAC1E,CACI,QACE,MAAU/7B,MAAM,gCAEtB,SA9FOe,eAAsBmgB,EAAMqd,EAAUjxB,EAAWomC,EAAcpuC,EAAMy2B,GAC1E,OAAQ7a,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAM+wC,EACXt7B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAGhC,EAAE/V,QACtC,OAAOmK,GAAU2oC,IAAInU,OAAOT,EAAUj5B,EAAM8S,EAAGhC,EAAGzT,EAAGo5B,EAC3D,CACI,KAAK7yB,EAAMsB,UAAUK,IAAK,CACxB,MAAMqlB,EAAEA,EAACzE,EAAEA,EAACtJ,EAAEA,EAAC+W,EAAEA,GAAMwa,GACjBx5B,EAAEA,EAAC9B,EAAEA,GAAM9K,EACjB,OAAO9C,GAAUK,IAAIm0B,OAAOT,EAAUrkB,EAAG9B,EAAG2jB,EAAQ7L,EAAGzE,EAAGtJ,EAAG+W,EACnE,CACI,KAAKhwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM4+B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAInpC,GAAU4oC,SAASvE,aAAalF,GAAK+E,YAErDx0B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAGy5B,GAC9Bv7B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAGu7B,GACpC,OAAOnpC,GAAU4oC,SAASroC,MAAMi0B,OAAO2K,EAAKpL,EAAU,CAAErkB,IAAG9B,KAAK9S,EAAMqqC,EAAG5T,EAC/E,CACI,KAAK7yB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM2+B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAInpC,GAAU4oC,SAASvE,aAAalF,GAAK+E,YAGrDx0B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAGy5B,GAC9Bv7B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAGu7B,GACpC,OAAOnpC,GAAU4oC,SAASpoC,YAAYg0B,OAAO2K,EAAKpL,EAAU,CAAErkB,IAAG9B,KAAK9S,EAAMqqC,EAAG5T,EACrF,CACI,KAAK7yB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMi2B,EAAEA,GAAMoS,EACd,OAAOlpC,GAAU4oC,SAASG,MAAMvU,OAAO9d,EAAMqd,EAAUjxB,EAAWhI,EAAMg8B,EAAGvF,EACjF,CACI,QACE,MAAU/7B,MAAM,gCAEtB,ICrGA,MAAM4zC,GACJ,WAAAv1C,CAAYiH,GACNA,IACF7G,KAAK6G,KAAOA,EAElB,CASE,IAAAxE,CAAK8H,GACH,GAAIA,EAAMvI,QAAU,EAAG,CACrB,MAAMA,EAASuI,EAAM,GACrB,GAAIA,EAAMvI,QAAU,EAAIA,EAEtB,OADA5B,KAAK6G,KAAOsD,EAAMnB,SAAS,EAAG,EAAIpH,GAC3B,EAAI5B,KAAK6G,KAAKjF,MAE7B,CACI,MAAUL,MAAM,wBACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK6G,KAAKjF,SAAU5B,KAAK6G,MAC3E,ECzBA,MAAMuuC,GAKJ,WAAAx1C,CAAYiH,GACV,GAAIA,EAAM,CACR,MAAM8G,KAAEA,EAAIgV,OAAEA,GAAW9b,EACzB7G,KAAK2N,KAAOA,EACZ3N,KAAK2iB,OAASA,CACpB,MACM3iB,KAAK2N,KAAO,KACZ3N,KAAK2iB,OAAS,IAEpB,CAOE,IAAAtgB,CAAK9B,GACH,GAAIA,EAAMqB,OAAS,GAAkB,IAAbrB,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIksC,GAAiB,yBAI7B,OAFAzsC,KAAK2N,KAAOpN,EAAM,GAClBP,KAAK2iB,OAASpiB,EAAM,GACb,CACX,CAME,KAAAwC,GACE,OAAO,IAAItB,WAAW,CAAC,EAAG,EAAGzB,KAAK2N,KAAM3N,KAAK2iB,QACjD,ECzDA,MAAM0yB,GACJ,iBAAOC,EAAWlG,WAAEA,EAAUmG,UAAEA,IAC9B,MAAMhwB,EAAW,IAAI8vB,GAGrB,OAFA9vB,EAAS6pB,WAAaA,EACtB7pB,EAASgwB,UAAYA,EACdhwB,CACX,CAQE,IAAAljB,CAAK8H,GACH,IAAI9H,EAAO,EACPmzC,EAAerrC,EAAM9H,KACzBrC,KAAKu1C,UAAYC,EAAe,EAAIrrC,EAAM9H,KAAU,KACpDmzC,GAAgBA,EAAe,EAC/Bx1C,KAAKovC,WAAat4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOmzC,GAAenzC,GAAQmzC,CACxF,CAME,KAAAzyC,GACE,OAAO+T,EAAKpV,iBAAiB,CAC3B1B,KAAKu1C,UACH,IAAI9zC,WAAW,CAACzB,KAAKovC,WAAWxtC,OAAS,EAAG5B,KAAKu1C,YACjD,IAAI9zC,WAAW,CAACzB,KAAKovC,WAAWxtC,SAClC5B,KAAKovC,YAEX,ECwbA,SAASqG,GAAoBvK,GAC3B,IACEA,EAAIE,SACL,CAAC,MAAOlnC,GACP,MAAM,IAAIuoC,GAAiB,oBAC/B,CACA,CAOO,SAASiJ,GAAoBjzB,EAAMyoB,GACxC,OAAQzoB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUQ,YACnB,OAAO,IAAIR,GAAU4oC,SAASvE,aAAalF,GAAK+E,YAClD,KAAKxlC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU4oC,SAASG,MAAM9H,eAAevqB,GACjD,KAAKhY,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU4oC,SAASgB,MAAM3I,eAAevqB,GACjD,QACE,MAAUlhB,MAAM,yBAEtB,kEAhLO,SAAwBkhB,EAAMzG,EAAMkvB,GACzC,OAAQzoB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACnB,OAAOH,GAAU2oC,IAAI5H,SAAS9wB,EAAM,OAAOnZ,MAAK,EAAG8U,IAAGzT,IAAGif,IAAG6J,IAAGtJ,IAAGka,QAAS,CACzEgY,cAAe,CAAEzyB,IAAG6J,IAAGtJ,IAAGka,KAC1BqX,aAAc,CAAEt9B,IAAGzT,SAEvB,KAAKuG,EAAMsB,UAAUO,MACnB,OAAOP,GAAU4oC,SAAS7H,SAAS5B,GAAKroC,MAAK,EAAGqoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAEzyB,EAAG2wB,GACpBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAKzmC,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU4oC,SAAS7H,SAAS5B,GAAKroC,MAAK,EAAGqoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE/K,KAAMiJ,GACvBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAKzmC,EAAMsB,UAAUM,KACnB,OAAON,GAAU4oC,SAAS7H,SAAS5B,GAAKroC,MAAK,EAAGqoC,MAAKgG,IAAG4C,SAAQnmC,OAAMgV,aAAc,CAClFizB,cAAe,CAAEzyB,EAAG2wB,GACpBmB,aAAc,CACZ/J,IAAK,IAAID,GAAIC,GACbgG,IACA0B,UAAW,IAAIwC,GAAU,CAAEznC,OAAMgV,gBAGvC,KAAKlY,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU4oC,SAASG,MAAMhI,SAASrqB,GAAM5f,MAAK,EAAGggC,IAAGgI,WAAY,CACpE+K,cAAe,CAAE/K,QACjBoK,aAAc,CAAEpS,SAEpB,KAAKp4B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU4oC,SAASgB,MAAM7I,SAASrqB,GAAM5f,MAAK,EAAGggC,IAAGtpB,QAAS,CACjEq8B,cAAe,CAAEr8B,KACjB07B,aAAc,CAAEpS,SAEpB,KAAKp4B,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,qBAiFO,SAA4BkhB,GACjC,MAAMM,QAAEA,GAAYD,GAAgBL,GACpC,OAAOgZ,GAAe1Y,EACxB,cAQO,SAAqBN,GAC1B,MAAMmS,EAAWnqB,EAAMpI,KAAKoI,EAAM6D,KAAMmU,GACxC,OAAO4Q,GAAKuB,EACd,sEA0CO,SAAmCnS,EAAMyoB,GAC9C,OAAQzoB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU4oC,SAASvH,qBAAqBlC,GACjD,KAAKzgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU4oC,SAASG,MAAM1H,qBAAqB3qB,GACvD,QACE,MAAUlhB,MAAM,iCAEtB,kBAhFOe,eAA+BmgB,GACpC,MAAMO,UAAEA,GAAcF,GAAgBL,GAChCozB,QAAqBpa,GAAezY,GACpC8yB,EAAS,IAAIr0C,WAAW,CAACo0C,EAAaA,EAAaj0C,OAAS,GAAIi0C,EAAaA,EAAaj0C,OAAS,KACzG,OAAOkV,EAAKtS,OAAO,CAACqxC,EAAcC,GACpC,2BAjMO,SAAkCrzB,EAAMtY,GAC7C,IAAI9H,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAEnB,MAAO,CAAEkX,EADCpM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,KAOxC,KAAKoI,EAAMsB,UAAUI,QAAS,CAC5B,MAAM20B,EAAKhqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQy+B,EAAGl/B,OAAS,EAEnE,MAAO,CAAEk/B,KAAIC,GADFjqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAE7C,CAII,KAAKoI,EAAMsB,UAAUM,KAAM,CACzB,MAAMilC,EAAIx6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQivC,EAAE1vC,OAAS,EACjE,MAAMuyC,EAAI,IAAI4B,GACd,OAD4B5B,EAAE9xC,KAAK8H,EAAMnB,SAAS3G,IAC3C,CAAEivC,IAAG6C,IAClB,CAMI,KAAK1pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAM4kC,EAAYmE,GAAoBjzB,GAChCusB,EAAqBl4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOkvC,GAAYlvC,GAAQ2sC,EAAmBptC,OAC7G,MAAMuyC,EAAI,IAAIkB,GACd,OADmClB,EAAE9xC,KAAK8H,EAAMnB,SAAS3G,IAClD,CAAE2sC,qBAAoBmF,IACnC,CACI,QACE,MAAM,IAAI1H,GAAiB,4CAEjC,wBAjGO,SAA+BhqB,EAAMtY,EAAO8qC,GACjD,IAAI5yC,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMiX,EAAIrM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8gB,EAAEvhB,OAAS,EACjE,MAAMorB,EAAIlW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ2qB,EAAEprB,OAAS,EACjE,MAAM8hB,EAAI5M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQqhB,EAAE9hB,OAAS,EACjE,MAAMg8B,EAAI9mB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQu7B,EAAEh8B,OAAS,EAC1D,CAAES,OAAMuzC,cAAe,CAAEzyB,IAAG6J,IAAGtJ,IAAGka,KAC/C,CACI,KAAKnzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QAAS,CAC5B,MAAMqP,EAAI1E,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQmZ,EAAE5Z,OAAS,EAC1D,CAAES,OAAMuzC,cAAe,CAAEp6B,KACtC,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAM4jC,EAAcyF,GAAoBjzB,EAAMwyB,EAAa/J,KAC3D,IAAI/nB,EAAIrM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQ8gB,EAAEvhB,OAAS,EAC/DuhB,EAAIrM,EAAK4B,QAAQyK,EAAG8sB,GACb,CAAE5tC,OAAMuzC,cAAe,CAAEzyB,KACtC,CACI,KAAK1Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM0jC,EAAcyF,GAAoBjzB,EAAMwyB,EAAa/J,KAC3D,GAAI+J,EAAa/J,IAAIE,YAAc3gC,EAAMC,MAAMQ,cAC7C,MAAU3J,MAAM,kCAElB,IAAIspC,EAAO/zB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEvC,OAF+CA,GAAQwoC,EAAKjpC,OAAS,EACrEipC,EAAO/zB,EAAK4B,QAAQmyB,EAAMoF,GACnB,CAAE5tC,OAAMuzC,cAAe,CAAE/K,QACtC,CACI,KAAKpgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMqjC,EAAcyF,GAAoBjzB,GAClCooB,EAAO/zB,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO4tC,GACxD,OADsE5tC,GAAQwoC,EAAKjpC,OAC5E,CAAES,OAAMuzC,cAAe,CAAE/K,QACtC,CACI,KAAKpgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMsjC,EAAcyF,GAAoBjzB,GAClClJ,EAAIzC,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO4tC,GACrD,OADmE5tC,GAAQkX,EAAE3X,OACtE,CAAES,OAAMuzC,cAAe,CAAEr8B,KACtC,CACI,QACE,MAAM,IAAIkzB,GAAiB,4CAEjC,uBAjHO,SAA8BhqB,EAAMtY,GACzC,IAAI9H,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAIb,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQsV,EAAE/V,OAAS,EACjE,MAAMsC,EAAI4S,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6B,EAAEtC,OAAS,EAC1D,CAAES,OAAM4yC,aAAc,CAAEt9B,IAAGzT,KACxC,CACI,KAAKuG,EAAMsB,UAAUK,IAAK,CACxB,MAAM4gB,EAAIlW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ2qB,EAAEprB,OAAS,EACjE,MAAM8hB,EAAI5M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQqhB,EAAE9hB,OAAS,EACjE,MAAM6vB,EAAI3a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQovB,EAAE7vB,OAAS,EACjE,MAAM64B,EAAI3jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQo4B,EAAE74B,OAAS,EAC1D,CAAES,OAAM4yC,aAAc,CAAEjoB,IAAGtJ,IAAG+N,IAAGgJ,KAC9C,CACI,KAAKhwB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM6gB,EAAIlW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ2qB,EAAEprB,OAAS,EACjE,MAAM6vB,EAAI3a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQovB,EAAE7vB,OAAS,EACjE,MAAM64B,EAAI3jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQo4B,EAAE74B,OAAS,EAC1D,CAAES,OAAM4yC,aAAc,CAAEjoB,IAAGyE,IAAGgJ,KAC3C,CACI,KAAKhwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM4+B,EAAM,IAAID,GAAO5oC,GAAQ6oC,EAAI7oC,KAAK8H,GACxCsrC,GAAoBvK,GACpB,MAAMgG,EAAIp6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6uC,EAAEtvC,OAAS,EAC1D,CAAES,KAAMA,EAAM4yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAKzmC,EAAMsB,UAAUQ,YAAa,CAChC,MAAM2+B,EAAM,IAAID,GAEhB,GAFuB5oC,GAAQ6oC,EAAI7oC,KAAK8H,GACxCsrC,GAAoBvK,GAChBA,EAAIE,YAAc3gC,EAAMC,MAAMQ,cAChC,MAAU3J,MAAM,kCAElB,IAAI2vC,EAAIp6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQ6uC,EAAEtvC,OAAS,EAC/DsvC,EAAIp6B,EAAK4B,QAAQw4B,EAAG,IACb,CAAE7uC,KAAMA,EAAM4yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAKzmC,EAAMsB,UAAUM,KAAM,CACzB,MAAM6+B,EAAM,IAAID,GAAO5oC,GAAQ6oC,EAAI7oC,KAAK8H,GACxCsrC,GAAoBvK,GACpB,MAAMgG,EAAIp6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ6uC,EAAEtvC,OAAS,EACjE,MAAMgxC,EAAY,IAAIwC,GACtB,OADmC/yC,GAAQuwC,EAAUvwC,KAAK8H,EAAMnB,SAAS3G,IAClE,CAAEA,KAAMA,EAAM4yC,aAAc,CAAE/J,MAAKgG,IAAG0B,aACnD,CACI,KAAKnoC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACrB,KAAKnC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMk2B,EAAI/rB,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOqzC,GAAoBjzB,IACzE,OADiFpgB,GAAQwgC,EAAEjhC,OACpF,CAAES,OAAM4yC,aAAc,CAAEpS,KACrC,CACI,QACE,MAAM,IAAI4J,GAAiB,4CAEjC,mBApGOnqC,eAAgCmgB,EAAMsyB,EAAiBC,EAAkBgB,EAAkBnD,EAAa7V,GAC7G,OAAQva,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WAAY,CAC/B,MAAMiX,EAAEA,GAAM8yB,GACRr+B,EAAGzT,EAAEA,GAAM6wC,GACX5xB,EAAEA,EAAC6J,EAAEA,EAACtJ,EAAEA,EAACka,EAAEA,GAAMoX,EACvB,OAAOjpC,GAAU2oC,IAAIxmB,QAAQhL,EAAGvL,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EAAGZ,EACxD,CACI,KAAKvyB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM20B,GAAEA,EAAEC,GAAEA,GAAOiV,EACbhpB,EAAI+nB,EAAgB/nB,EACpBxR,EAAIw5B,EAAiBx5B,EAC3B,OAAOzP,GAAUI,QAAQ+hB,QAAQ4S,EAAIC,EAAI/T,EAAGxR,EAAGwhB,EACrD,CACI,KAAKvyB,EAAMsB,UAAUM,KAAM,CACzB,MAAM6+B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcmC,GACxB5xB,EAAEA,GAAM6xB,GACR1D,EAAEA,EAAC6C,EAAEA,GAAM6B,EACjB,OAAOjqC,GAAU4oC,SAAStoC,KAAK6hB,QAC7Bgd,EAAK0H,EAAWtB,EAAG6C,EAAEttC,KAAMqqC,EAAG/tB,EAAG0vB,EACzC,CACI,KAAKpoC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMk2B,EAAEA,GAAMkS,GACRx7B,EAAEA,GAAMy7B,GACRhG,mBAAEA,EAAkBmF,EAAEA,GAAM6B,EAClC,GAAoB,OAAhB7B,EAAEoB,YAAuBz+B,EAAK0H,MAAM21B,EAAEoB,WACxC,MAAUh0C,MAAM,4BAElB,OAAOwK,GAAU4oC,SAASgB,MAAMznB,QAC9BzL,EAAMusB,EAAoBmF,EAAE/E,WAAYvM,EAAGtpB,EACnD,CACI,QACE,MAAUhY,MAAM,4CAEtB,mBArFOe,eAAgC2zC,EAASC,EAAejB,EAAcpuC,EAAMgsC,GACjF,OAAQoD,GACN,KAAKxrC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAAgB,CACnC,MAAM2L,EAAEA,EAACzT,EAAEA,GAAM+wC,EAEjB,MAAO,CAAE/xB,QADOnX,GAAU2oC,IAAI9mB,QAAQ/mB,EAAM8Q,EAAGzT,GAErD,CACI,KAAKuG,EAAMsB,UAAUI,QAAS,CAC5B,MAAM6gB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,EACpB,OAAOlpC,GAAUI,QAAQyhB,QAAQ/mB,EAAMmmB,EAAGyE,EAAGgJ,EACnD,CACI,KAAKhwB,EAAMsB,UAAUM,KAAM,CACzB,MAAM6+B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcqC,GACtBlpC,UAAWulC,EAAGlC,WAAY+E,SAAYpoC,GAAU4oC,SAAStoC,KAAKuhB,QACpEsd,EAAK0H,EAAW/rC,EAAMqqC,EAAG2B,GAC3B,MAAO,CAAEvB,IAAG6C,EAAG,IAAI4B,GAAW5B,GACpC,CACI,KAAK1pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,GAAIupC,IAAkBp/B,EAAK0H,MAAM03B,GAE/B,MAAU30C,MAAM,0DAElB,MAAMshC,EAAEA,GAAMoS,GACRjG,mBAAEA,EAAkBI,WAAEA,SAAqBrjC,GAAU4oC,SAASgB,MAAM/nB,QACxEqoB,EAASpvC,EAAMg8B,GAEjB,MAAO,CAAEmM,qBAAoBmF,EADnBkB,GAAkBC,WAAW,CAAEC,UAAWW,EAAe9G,eAEzE,CACI,QACE,MAAO,GAEb,kBAsOO,SAAyB3sB,EAAM+D,GAEpC,MAAM2vB,EAAgC,IAAIxgC,IAAI,CAC5ClL,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUW,OAChBjC,EAAMsB,UAAUa,MAChBnC,EAAMsB,UAAUY,OAEZypC,EAAgBt2C,OAAOu2C,KAAK7vB,GAAQ7hB,KAAIsD,IAC5C,MAAM8qC,EAAQvsB,EAAOve,GACrB,OAAK6O,EAAKtV,aAAauxC,GAChBoD,EAA8BnyC,IAAIye,GAAQswB,EAAQj8B,EAAK+B,gBAAgBk6B,GADxCA,EAAMhwC,OACwC,IAEtF,OAAO+T,EAAKpV,iBAAiB00C,EAC/B,iBAkEO9zC,eAA8BmgB,EAAMwyB,EAAcW,GACvD,IAAKX,IAAiBW,EACpB,MAAUr0C,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAM+wC,GACX9xB,EAAEA,EAAC6J,EAAEA,EAACtJ,EAAEA,EAACka,EAAEA,GAAMgY,EACvB,OAAO7pC,GAAU2oC,IAAI4B,eAAe3+B,EAAGzT,EAAGif,EAAG6J,EAAGtJ,EAAGka,EACzD,CACI,KAAKnzB,EAAMsB,UAAUK,IAAK,CACxB,MAAM4gB,EAAEA,EAACtJ,EAAEA,EAAC+N,EAAEA,EAACgJ,EAAEA,GAAMwa,GACjBz5B,EAAEA,GAAMo6B,EACd,OAAO7pC,GAAUK,IAAIkqC,eAAetpB,EAAGtJ,EAAG+N,EAAGgJ,EAAGjf,EACtD,CACI,KAAK/Q,EAAMsB,UAAUI,QAAS,CAC5B,MAAM6gB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,GACdz5B,EAAEA,GAAMo6B,EACd,OAAO7pC,GAAUI,QAAQmqC,eAAetpB,EAAGyE,EAAGgJ,EAAGjf,EACvD,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMkqC,EAAaxqC,GAAU4oC,SAASlqC,EAAMpI,KAAKoI,EAAMsB,UAAW0W,KAC5DyoB,IAAEA,EAAGgG,EAAEA,GAAM+D,GACb9xB,EAAEA,GAAMyyB,EACd,OAAOW,EAAWD,eAAepL,EAAKgG,EAAG/tB,EAC/C,CACI,KAAK1Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM2kC,EAAEA,EAAChG,IAAEA,GAAQ+J,GACbpK,KAAEA,GAAS+K,EACjB,OAAO7pC,GAAU4oC,SAASpoC,YAAY+pC,eAAepL,EAAKgG,EAAGrG,EACnE,CACI,KAAKpgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMi2B,EAAEA,GAAMoS,GACRpK,KAAEA,GAAS+K,EACjB,OAAO7pC,GAAU4oC,SAASG,MAAMwB,eAAe7zB,EAAMogB,EAAGgI,EAC9D,CACI,KAAKpgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMk2B,EAAEA,GAAMoS,GACR17B,EAAEA,GAAMq8B,EACd,OAAO7pC,GAAU4oC,SAASgB,MAAMW,eAAe7zB,EAAMogB,EAAGtpB,EAC9D,CACI,QACE,MAAUhY,MAAM,iCAEtB,ICjaA,MAAMw4B,GAAM,CAEVpX,OAAQA,GAERhV,KAAMA,GAEN0lB,KAAMA,GAENtnB,UAAWA,GAEX8C,UAAWA,GAEX2nC,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT72C,OAAO2mB,OAAOsT,GAAK5d,ICnCZ,MAAMy6B,WAA+Br1C,MAC1C,WAAA3B,IAAe4mB,GACb3mB,SAAS2mB,GAELjlB,MAAMmrC,mBACRnrC,MAAMmrC,kBAAkB1sC,KAAM42C,IAGhC52C,KAAKiI,KAAO,wBAChB,EAIA,IAAI4uC,GACAC,GAIJ,MAAMC,GAIJ,WAAAn3C,CAAYsU,EAASqD,GACnB,MAAMxC,OAAEA,EAAMC,YAAEA,EAAWC,eAAEA,GAAmBf,EAAOY,gBAEvD9U,KAAKiU,KAAO,SAKZjU,KAAKsuC,KAAO,KAKZtuC,KAAK0b,EAAI3G,EAKT/U,KAAKgtB,EAAIhY,EAKThV,KAAKg3C,SAAW/hC,CACpB,CAEE,YAAAgiC,GACEj3C,KAAKsuC,KAAOnyB,GAAOq6B,OAAO/a,eAnDL,GAoDzB,CAOE,IAAAp5B,CAAK8H,GACH,IAAIrI,EAAI,EASR,OAPA9B,KAAKsuC,KAAOnkC,EAAMnB,SAASlH,EAAGA,EAAI,IAClCA,GAAK,GAEL9B,KAAK0b,EAAIvR,EAAMrI,KACf9B,KAAKgtB,EAAI7iB,EAAMrI,KACf9B,KAAKg3C,SAAW7sC,EAAMrI,KAEfA,CACX,CAME,KAAAiB,GACE,MAAMgjB,EAAM,CACV,IAAItkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,QAC5CjU,KAAKsuC,KACL,IAAI7sC,WAAW,CAACzB,KAAK0b,EAAG1b,KAAKgtB,EAAGhtB,KAAKg3C,YAGvC,OAAOlgC,EAAKpV,iBAAiBqkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYp0B,GAC3B,MAAMq0B,EAAW,GAAMp3C,KAAKg3C,SAAW,EAEvC,IAIEH,GAAsBA,WAA8Bp/B,OAAO,uBAAa4/B,QACxEP,GAAgBA,IAAiBD,KAGjC,MAAMhrC,QAAeirC,GAGfnpC,EAAO9B,EAAO,CAClByrC,QA9Ge,GA+GfrjC,KAhHY,EAiHZsjC,SAJoBzgC,EAAKwD,WAAW68B,GAKpC7I,KAAMtuC,KAAKsuC,KACXxd,UAAW/N,EACXy0B,WAAYJ,EACZpiC,YAAahV,KAAKgtB,EAClBjY,OAAQ/U,KAAK0b,IASf,OALI07B,EAtGkC,UAwGpCN,GAAgBD,KAChBC,GAAcz2C,OAAM,UAEfsN,CACR,CAAC,MAAOzJ,GACP,MAAIA,EAAEqP,UACJrP,EAAEqP,QAAQ2L,SAAS,mCACnBhb,EAAEqP,QAAQ2L,SAAS,0BACnBhb,EAAEqP,QAAQ2L,SAAS,4BACnBhb,EAAEqP,QAAQ2L,SAAS,kBAEb,IAAI03B,GAAuB,iDAE3B1yC,CAEd,CACA,EC9GA,MAAMuzC,GAIJ,WAAA73C,CAAYgV,EAASV,EAASqD,GAK5BvX,KAAKu1C,UAAY9qC,EAAMkD,KAAKI,OAK5B/N,KAAKiU,KAAOxJ,EAAMpI,KAAKoI,EAAMgB,IAAKmJ,GAElC5U,KAAKkjB,EAAIhP,EAAOW,sBAIhB7U,KAAKsuC,KAAO,IAChB,CAEE,YAAA2I,GACE,OAAQj3C,KAAKiU,MACX,IAAK,SACL,IAAK,WACHjU,KAAKsuC,KAAOnyB,GAAOq6B,OAAO/a,eAAe,GAEjD,CAEE,QAAAic,GAIE,OAAQ,IAAe,GAAT13C,KAAKkjB,IAFH,GAEiBljB,KAAKkjB,GAAK,EAC/C,CAOE,IAAA7gB,CAAK8H,GACH,IAAIrI,EAAI,EAGR,OAFA9B,KAAKu1C,UAAYprC,EAAMrI,KAEf9B,KAAKiU,MACX,IAAK,SACH,MAEF,IAAK,SACHjU,KAAKsuC,KAAOnkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACH9B,KAAKsuC,KAAOnkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EAGL9B,KAAKkjB,EAAI/Y,EAAMrI,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDgV,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAI,IAUhD,MAAM,IAAI2qC,GAAiB,qBAT3B3qC,GAAK,EAEL,GAAmB,OADA,IAAOqI,EAAMrI,KAK9B,MAAM,IAAI2qC,GAAiB,oCAH3BzsC,KAAKiU,KAAO,YAQhB,MAEF,QACE,MAAM,IAAIw4B,GAAiB,qBAG/B,OAAO3qC,CACX,CAME,KAAAiB,GACE,GAAkB,cAAd/C,KAAKiU,KACP,OAAO,IAAIxS,WAAW,CAAC,IAAK,KAAMqV,EAAK+C,mBAAmB,OAAQ,IAEpE,MAAMkM,EAAM,CAAC,IAAItkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,MAAOjU,KAAKu1C,aAErE,OAAQv1C,KAAKiU,MACX,IAAK,SACH,MACF,IAAK,SACH8R,EAAIjjB,KAAK9C,KAAKsuC,MACd,MACF,IAAK,WACHvoB,EAAIjjB,KAAK9C,KAAKsuC,MACdvoB,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKkjB,KAC9B,MACF,IAAK,MACH,MAAU3hB,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOuV,EAAKpV,iBAAiBqkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYQ,GAC3BR,EAAargC,EAAKwD,WAAW68B,GAE7B,MAAMpxB,EAAM,GACZ,IAAI6xB,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIG,EACJ,OAAQ93C,KAAKiU,MACX,IAAK,SACH6jC,EAAShhC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWo2C,GAAYV,IAC3D,MACF,IAAK,SACHW,EAAShhC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWo2C,GAAY73C,KAAKsuC,KAAM6I,IACtE,MACF,IAAK,WAAY,CACf,MAAMtwC,EAAOiQ,EAAKpV,iBAAiB,CAAC1B,KAAKsuC,KAAM6I,IAC/C,IAAIY,EAAUlxC,EAAKjF,OACnB,MAAMg7B,EAAQn0B,KAAKC,IAAI1I,KAAK03C,WAAYK,GACxCD,EAAS,IAAIr2C,WAAWo2C,EAAYjb,GACpCkb,EAAO31C,IAAI0E,EAAMgxC,GACjB,IAAK,IAAI71C,EAAM61C,EAAYE,EAAS/1C,EAAM46B,EAAO56B,GAAO+1C,EAASA,GAAW,EAC1ED,EAAOv6B,WAAWvb,EAAK61C,EAAW71C,GAEpC,KACV,CACQ,IAAK,MACH,MAAUT,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMQ,QAAeoa,GAAOxO,KAAK2W,OAAOtkB,KAAKu1C,UAAWuC,GACxD/xB,EAAIjjB,KAAKf,GACT61C,GAAW71C,EAAOH,OAClBi2C,GACN,CAEI,OAAO/gC,EAAKpV,iBAAiBqkB,GAAK/c,SAAS,EAAG2uC,EAClD,EC/LA,MAAMK,GAA+B,IAAIriC,IAAI,CAAClL,EAAMgB,IAAII,OAAQpB,EAAMgB,IAAIG,WASnE,SAASqsC,GAAehkC,EAAMC,EAASqD,GAC5C,OAAQtD,GACN,KAAKxJ,EAAMgB,IAAII,OACb,OAAO,IAAIkrC,GAAU7iC,GACvB,KAAKzJ,EAAMgB,IAAIG,SACf,KAAKnB,EAAMgB,IAAIK,IACf,KAAKrB,EAAMgB,IAAIE,OACf,KAAKlB,EAAMgB,IAAIC,OACb,OAAO,IAAI+rC,GAAWxjC,EAAMC,GAC9B,QACE,MAAM,IAAIu4B,GAAiB,wBAEjC,CAQO,SAASyL,GAAiBhkC,GAC/B,MAAMU,QAAEA,GAAYV,EAEpB,IAAK8jC,GAA6Bh0C,IAAI4Q,GACpC,MAAUrT,MAAM,sDAGlB,OAAO02C,GAAerjC,EAASV,EACjC,CCbA,IAAI4R,GAAKrkB,WAAY02C,GAAMxrB,YAAa3G,GAAM7F,YAE1Ci4B,GAAO,IAAItyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAgB,EAAG,EAAoB,IAG1IuyB,GAAO,IAAIvyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAiB,EAAG,IAEjIwyB,GAAO,IAAIxyB,GAAG,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,KAE7EyyB,GAAO,SAAUC,EAAIp0C,GAErB,IADA,IAAIyT,EAAI,IAAIsgC,GAAI,IACPr2C,EAAI,EAAGA,EAAI,KAAMA,EACtB+V,EAAE/V,GAAKsC,GAAS,GAAKo0C,EAAG12C,EAAI,GAGhC,IAAI2Z,EAAI,IAAIuK,GAAInO,EAAE,KAClB,IAAS/V,EAAI,EAAGA,EAAI,KAAMA,EACtB,IAAK,IAAIqY,EAAItC,EAAE/V,GAAIqY,EAAItC,EAAE/V,EAAI,KAAMqY,EAC/BsB,EAAEtB,GAAOA,EAAItC,EAAE/V,IAAO,EAAKA,EAGnC,MAAO,CAAC+V,EAAG4D,EACf,EACIg9B,GAAKF,GAAKH,GAAM,GAAIM,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE/CC,GAAG,IAAM,IAAKC,GAAM,KAAO,GAI3B,IAHA,IAAIC,GAAKL,GAAKF,GAAM,GAAIQ,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE3CG,GAAM,IAAIZ,GAAI,OACTr2C,GAAI,EAAGA,GAAI,QAASA,GAAG,CAE5B,IAAI0Z,IAAU,MAAJ1Z,MAAgB,GAAW,MAAJA,KAAe,EAEhD0Z,IAAU,OADVA,IAAU,MAAJA,MAAgB,GAAW,MAAJA,KAAe,MACtB,GAAW,KAAJA,KAAe,EAC5Cu9B,GAAIj3C,MAAY,MAAJ0Z,MAAgB,GAAW,IAAJA,KAAe,KAAQ,CAC9D,CAIA,IAAIw9B,YAAkBC,EAAIC,EAAIz9B,GAO1B,IANA,IAAI9B,EAAIs/B,EAAGr3C,OAEPE,EAAI,EAEJmgC,EAAI,IAAIkW,GAAIe,GAETp3C,EAAI6X,IAAK7X,EACRm3C,EAAGn3C,MACDmgC,EAAEgX,EAAGn3C,GAAK,GAGpB,IAIIq3C,EAJAC,EAAK,IAAIjB,GAAIe,GACjB,IAAKp3C,EAAI,EAAGA,EAAIo3C,IAAMp3C,EAClBs3C,EAAGt3C,GAAMs3C,EAAGt3C,EAAI,GAAKmgC,EAAEngC,EAAI,IAAO,EAGtC,GAAI2Z,EAAG,CAEH09B,EAAK,IAAIhB,GAAI,GAAKe,GAElB,IAAIG,EAAM,GAAKH,EACf,IAAKp3C,EAAI,EAAGA,EAAI6X,IAAK7X,EAEjB,GAAIm3C,EAAGn3C,GAQH,IANA,IAAIw3C,EAAMx3C,GAAK,EAAKm3C,EAAGn3C,GAEnBy3C,EAAML,EAAKD,EAAGn3C,GAEd8X,EAAIw/B,EAAGH,EAAGn3C,GAAK,MAAQy3C,EAElBrhB,EAAIte,GAAM,GAAK2/B,GAAO,EAAI3/B,GAAKse,IAAKte,EAEzCu/B,EAAGJ,GAAIn/B,KAAOy/B,GAAOC,CAIzC,MAGQ,IADAH,EAAK,IAAIhB,GAAIx+B,GACR7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACbm3C,EAAGn3C,KACHq3C,EAAGr3C,GAAKi3C,GAAIK,EAAGH,EAAGn3C,GAAK,QAAW,GAAKm3C,EAAGn3C,IAItD,OAAOq3C,CACV,EAEGK,GAAM,IAAI1zB,GAAG,KACjB,IAAShkB,GAAI,EAAGA,GAAI,MAAOA,GACvB03C,GAAI13C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB03C,GAAI13C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB03C,GAAI13C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB03C,GAAI13C,IAAK,EAEb,IAAI23C,GAAM,IAAI3zB,GAAG,IACjB,IAAShkB,GAAI,EAAGA,GAAI,KAAMA,GACtB23C,GAAI33C,IAAK,EAEb,IAAI43C,gBAAoBV,GAAKQ,GAAK,EAAG,GAAIG,gBAAqBX,GAAKQ,GAAK,EAAG,GAEvEI,gBAAoBZ,GAAKS,GAAK,EAAG,GAAII,gBAAqBb,GAAKS,GAAK,EAAG,GAEvE/wC,GAAM,SAAU4V,GAEhB,IADA,IAAI4Z,EAAI5Z,EAAE,GACDxc,EAAI,EAAGA,EAAIwc,EAAE1c,SAAUE,EACxBwc,EAAExc,GAAKo2B,IACPA,EAAI5Z,EAAExc,IAEd,OAAOo2B,CACX,EAEIlc,GAAO,SAAUmH,EAAG6J,EAAGkL,GACvB,IAAIzI,EAAKzC,EAAI,EAAK,EAClB,OAAS7J,EAAEsM,GAAMtM,EAAEsM,EAAI,IAAM,KAAY,EAAJzC,GAAUkL,CACnD,EAEI4hB,GAAS,SAAU32B,EAAG6J,GACtB,IAAIyC,EAAKzC,EAAI,EAAK,EAClB,OAAS7J,EAAEsM,GAAMtM,EAAEsM,EAAI,IAAM,EAAMtM,EAAEsM,EAAI,IAAM,MAAa,EAAJzC,EAC5D,EAEI+sB,GAAO,SAAU/sB,GAAK,OAASA,EAAI,GAAK,EAAK,CAAI,EAGjDgtB,GAAM,SAAUpgC,EAAGD,EAAGzV,IACb,MAALyV,GAAaA,EAAI,KACjBA,EAAI,IACC,MAALzV,GAAaA,EAAI0V,EAAEhY,UACnBsC,EAAI0V,EAAEhY,QAEV,IAAI+V,EAAI,IAA4B,GAAvBiC,EAAEqgC,kBAAyB9B,GAA6B,GAAvBv+B,EAAEqgC,kBAAyBj0B,GAAMF,IAAI5hB,EAAIyV,GAEvF,OADAhC,EAAExV,IAAIyX,EAAE5Q,SAAS2Q,EAAGzV,IACbyT,CACX,EAsBIuiC,GAAK,CACL,iBACA,qBACA,yBACA,mBACA,kBACA,oBACJ,CACI,cACA,qBACA,uBACA,8BACA,oBACA,mBACA,oBAIAhkB,GAAM,SAAUikB,EAAK/uB,EAAKgvB,GAC1B,IAAIl2C,EAAQ3C,MAAM6pB,GAAO8uB,GAAGC,IAI5B,GAHAj2C,EAAEm2C,KAAOF,EACL54C,MAAMmrC,mBACNnrC,MAAMmrC,kBAAkBxoC,EAAGgyB,KAC1BkkB,EACD,MAAMl2C,EACV,OAAOA,CACX,EAqLIo2C,GAAQ,SAAUn3B,EAAG6J,EAAGpT,GACxBA,IAAU,EAAJoT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB7J,EAAEsM,IAAM7V,EACRuJ,EAAEsM,EAAI,IAAM7V,IAAM,CACtB,EAEI2gC,GAAU,SAAUp3B,EAAG6J,EAAGpT,GAC1BA,IAAU,EAAJoT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB7J,EAAEsM,IAAM7V,EACRuJ,EAAEsM,EAAI,IAAM7V,IAAM,EAClBuJ,EAAEsM,EAAI,IAAM7V,IAAM,EACtB,EAEI4gC,GAAQ,SAAUr3B,EAAG+1B,GAGrB,IADA,IAAIx9B,EAAI,GACC5Z,EAAI,EAAGA,EAAIqhB,EAAEvhB,SAAUE,EACxBqhB,EAAErhB,IACF4Z,EAAE5Y,KAAK,CAAE6W,EAAG7X,EAAGgkC,EAAG3iB,EAAErhB,KAE5B,IAAI6X,EAAI+B,EAAE9Z,OACNosB,EAAKtS,EAAE/Y,QACX,IAAKgX,EACD,MAAO,CAAC8gC,GAAI,GAChB,GAAS,GAAL9gC,EAAQ,CACR,IAAIC,EAAI,IAAIkM,GAAGpK,EAAE,GAAG/B,EAAI,GAExB,OADAC,EAAE8B,EAAE,GAAG/B,GAAK,EACL,CAACC,EAAG,EACnB,CACI8B,EAAEg/B,MAAK,SAAUp8B,EAAGzG,GAAK,OAAOyG,EAAEwnB,EAAIjuB,EAAEiuB,KAGxCpqB,EAAE5Y,KAAK,CAAE6W,GAAI,EAAGmsB,EAAG,QACnB,IAAI7D,EAAIvmB,EAAE,GAAID,EAAIC,EAAE,GAAIi/B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAO7C,IANAn/B,EAAE,GAAK,CAAE/B,GAAI,EAAGmsB,EAAG7D,EAAE6D,EAAIrqB,EAAEqqB,EAAG7D,EAAGA,EAAGxmB,EAAGA,GAMhCm/B,GAAMjhC,EAAI,GACbsoB,EAAIvmB,EAAEA,EAAEi/B,GAAI7U,EAAIpqB,EAAEm/B,GAAI/U,EAAI6U,IAAOE,KACjCp/B,EAAIC,EAAEi/B,GAAMC,GAAMl/B,EAAEi/B,GAAI7U,EAAIpqB,EAAEm/B,GAAI/U,EAAI6U,IAAOE,KAC7Cn/B,EAAEk/B,KAAQ,CAAEjhC,GAAI,EAAGmsB,EAAG7D,EAAE6D,EAAIrqB,EAAEqqB,EAAG7D,EAAGA,EAAGxmB,EAAGA,GAE9C,IAAIq/B,EAAS9sB,EAAG,GAAGrU,EACnB,IAAS7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACjBksB,EAAGlsB,GAAG6X,EAAImhC,IACVA,EAAS9sB,EAAGlsB,GAAG6X,GAGvB,IAAIohC,EAAK,IAAI5C,GAAI2C,EAAS,GAEtBE,EAAMC,GAAGv/B,EAAEk/B,EAAK,GAAIG,EAAI,GAC5B,GAAIC,EAAM9B,EAAI,CAINp3C,EAAI,EAAR,IAAWo5C,EAAK,EAEZC,EAAMH,EAAM9B,EAAIkC,EAAM,GAAKD,EAE/B,IADAntB,EAAG0sB,MAAK,SAAUp8B,EAAGzG,GAAK,OAAOkjC,EAAGljC,EAAE8B,GAAKohC,EAAGz8B,EAAE3E,IAAM2E,EAAEwnB,EAAIjuB,EAAEiuB,KACvDhkC,EAAI6X,IAAK7X,EAAG,CACf,IAAIu5C,EAAOrtB,EAAGlsB,GAAG6X,EACjB,KAAIohC,EAAGM,GAAQnC,GAKX,MAJAgC,GAAME,GAAO,GAAMJ,EAAMD,EAAGM,IAC5BN,EAAGM,GAAQnC,CAI3B,CAEQ,IADAgC,KAAQC,EACDD,EAAK,GAAG,CACX,IAAII,EAAOttB,EAAGlsB,GAAG6X,EACbohC,EAAGO,GAAQpC,EACXgC,GAAM,GAAMhC,EAAK6B,EAAGO,KAAU,IAE5Bx5C,CAClB,CACQ,KAAOA,GAAK,GAAKo5C,IAAMp5C,EAAG,CACtB,IAAIy5C,EAAOvtB,EAAGlsB,GAAG6X,EACbohC,EAAGQ,IAASrC,MACV6B,EAAGQ,KACHL,EAElB,CACQF,EAAM9B,CACd,CACI,MAAO,CAAC,IAAIpzB,GAAGi1B,GAAKC,EACxB,EAEIC,GAAK,SAAUtjC,EAAGsqB,EAAG9e,GACrB,OAAe,GAARxL,EAAEgC,EACHlR,KAAKC,IAAIuyC,GAAGtjC,EAAEsqB,EAAGA,EAAG9e,EAAI,GAAI83B,GAAGtjC,EAAE8D,EAAGwmB,EAAG9e,EAAI,IAC1C8e,EAAEtqB,EAAEgC,GAAKwJ,CACpB,EAEIq4B,GAAK,SAAUt4B,GAGf,IAFA,IAAIvJ,EAAIuJ,EAAEthB,OAEH+X,IAAMuJ,IAAIvJ,KAMjB,IAJA,IAAI8hC,EAAK,IAAItD,KAAMx+B,GAEf+hC,EAAM,EAAGC,EAAMz4B,EAAE,GAAI04B,EAAM,EAC3B7yB,EAAI,SAAUnP,GAAK6hC,EAAGC,KAAS9hC,CAAI,EAC9B9X,EAAI,EAAGA,GAAK6X,IAAK7X,EACtB,GAAIohB,EAAEphB,IAAM65C,GAAO75C,GAAK6X,IAClBiiC,MACD,CACD,IAAKD,GAAOC,EAAM,EAAG,CACjB,KAAOA,EAAM,IAAKA,GAAO,IACrB7yB,EAAE,OACF6yB,EAAM,IACN7yB,EAAE6yB,EAAM,GAAOA,EAAM,IAAO,EAAK,MAAUA,EAAM,GAAM,EAAK,OAC5DA,EAAM,EAE1B,MACiB,GAAIA,EAAM,EAAG,CAEd,IADA7yB,EAAE4yB,KAAQC,EACHA,EAAM,EAAGA,GAAO,EACnB7yB,EAAE,MACF6yB,EAAM,IACN7yB,EAAI6yB,EAAM,GAAM,EAAK,MAAOA,EAAM,EACtD,CACY,KAAOA,KACH7yB,EAAE4yB,GACNC,EAAM,EACND,EAAMz4B,EAAEphB,EACpB,CAEI,MAAO,CAAC25C,EAAGzyC,SAAS,EAAG0yC,GAAM/hC,EACjC,EAEIkiC,GAAO,SAAUC,EAAIL,GAErB,IADA,IAAIxZ,EAAI,EACCngC,EAAI,EAAGA,EAAI25C,EAAG75C,SAAUE,EAC7BmgC,GAAK6Z,EAAGh6C,GAAK25C,EAAG35C,GACpB,OAAOmgC,CACX,EAGI8Z,GAAQ,SAAUp2B,EAAK3jB,EAAKg6C,GAE5B,IAAIriC,EAAIqiC,EAAIp6C,OACR6tB,EAAIsqB,GAAK/3C,EAAM,GACnB2jB,EAAI8J,GAAS,IAAJ9V,EACTgM,EAAI8J,EAAI,GAAK9V,IAAM,EACnBgM,EAAI8J,EAAI,GAAc,IAAT9J,EAAI8J,GACjB9J,EAAI8J,EAAI,GAAkB,IAAb9J,EAAI8J,EAAI,GACrB,IAAK,IAAI3tB,EAAI,EAAGA,EAAI6X,IAAK7X,EACrB6jB,EAAI8J,EAAI3tB,EAAI,GAAKk6C,EAAIl6C,GACzB,OAAqB,GAAb2tB,EAAI,EAAI9V,EACpB,EAEIsiC,GAAO,SAAUD,EAAKr2B,EAAKiR,EAAOslB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIniC,EAAIoiC,EAAItvB,GAChEstB,GAAM30B,EAAKqH,IAAK4J,KACdulB,EAAG,KAML,IALA,IAAI1D,EAAK+B,GAAM2B,EAAI,IAAKI,EAAM9D,EAAG,GAAI+D,EAAM/D,EAAG,GAC1CG,EAAK4B,GAAM4B,EAAI,IAAKK,EAAM7D,EAAG,GAAI8D,EAAM9D,EAAG,GAC1C+D,EAAKnB,GAAGe,GAAMK,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAKtB,GAAGiB,GAAMM,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAS,IAAI9E,GAAI,IACZr2C,EAAI,EAAGA,EAAI86C,EAAKh7C,SAAUE,EAC/Bm7C,EAAiB,GAAVL,EAAK96C,MAChB,IAASA,EAAI,EAAGA,EAAIi7C,EAAKn7C,SAAUE,EAC/Bm7C,EAAiB,GAAVF,EAAKj7C,MAGhB,IAFA,IAAIo7C,EAAK1C,GAAMyC,EAAQ,GAAIE,EAAMD,EAAG,GAAIE,EAAOF,EAAG,GAC9CG,EAAO,GACJA,EAAO,IAAMF,EAAI7E,GAAK+E,EAAO,MAAOA,GAE3C,IAKIC,EAAIC,EAAIC,EAAIC,EALZC,EAAQpB,EAAK,GAAM,EACnBqB,EAAQ9B,GAAKM,EAAI3C,IAAOqC,GAAKO,EAAI3C,IAAOjB,EACxCoF,EAAQ/B,GAAKM,EAAII,GAAOV,GAAKO,EAAIK,GAAOjE,EAAK,GAAK,EAAI6E,EAAOxB,GAAKoB,EAAQE,IAAQ,EAAIF,EAAO,IAAM,EAAIA,EAAO,IAAM,EAAIA,EAAO,KACnI,GAAIS,GAAQC,GAASD,GAAQE,EACzB,OAAO7B,GAAMp2B,EAAKqH,EAAGgvB,EAAIhzC,SAASkR,EAAIA,EAAKoiC,IAG/C,GADAhC,GAAM30B,EAAKqH,EAAG,GAAK4wB,EAAQD,IAAS3wB,GAAK,EACrC4wB,EAAQD,EAAO,CACfL,EAAKtE,GAAKuD,EAAKC,EAAK,GAAIe,EAAKhB,EAAKiB,EAAKxE,GAAKyD,EAAKC,EAAK,GAAIe,EAAKhB,EAC/D,IAAIoB,EAAM7E,GAAKmE,EAAKC,EAAM,GAC1B9C,GAAM30B,EAAKqH,EAAG6vB,EAAM,KACpBvC,GAAM30B,EAAKqH,EAAI,EAAGgwB,EAAM,GACxB1C,GAAM30B,EAAKqH,EAAI,GAAIqwB,EAAO,GAC1BrwB,GAAK,GACL,IAASlrB,EAAI,EAAGA,EAAIu7C,IAAQv7C,EACxBw4C,GAAM30B,EAAKqH,EAAI,EAAIlrB,EAAGq7C,EAAI7E,GAAKx2C,KACnCkrB,GAAK,EAAIqwB,EAET,IADA,IAAIS,EAAO,CAAClB,EAAMG,GACTgB,EAAK,EAAGA,EAAK,IAAKA,EACvB,KAAIC,EAAOF,EAAKC,GAChB,IAASj8C,EAAI,EAAGA,EAAIk8C,EAAKp8C,SAAUE,EAAG,CAClC,IAAIorB,EAAgB,GAAV8wB,EAAKl8C,GACfw4C,GAAM30B,EAAKqH,EAAG6wB,EAAI3wB,IAAOF,GAAKmwB,EAAIjwB,GAC9BA,EAAM,KACNotB,GAAM30B,EAAKqH,EAAIgxB,EAAKl8C,KAAO,EAAK,KAAMkrB,GAAKgxB,EAAKl8C,KAAO,GAC3E,CAN+B,CAQ/B,MAEQw7C,EAAK5D,GAAK6D,EAAK/D,GAAKgE,EAAK5D,GAAK6D,EAAKhE,GAEvC,IAAS33C,EAAI,EAAGA,EAAIu6C,IAAMv6C,EACtB,GAAIo6C,EAAKp6C,GAAK,IAAK,CACXorB,EAAOgvB,EAAKp6C,KAAO,GAAM,GAC7By4C,GAAQ50B,EAAKqH,EAAGswB,EAAGpwB,EAAM,MAAOF,GAAKuwB,EAAGrwB,EAAM,KAC1CA,EAAM,IACNotB,GAAM30B,EAAKqH,EAAIkvB,EAAKp6C,KAAO,GAAM,IAAKkrB,GAAKorB,GAAKlrB,IACpD,IAAIkB,EAAgB,GAAV8tB,EAAKp6C,GACfy4C,GAAQ50B,EAAKqH,EAAGwwB,EAAGpvB,IAAOpB,GAAKywB,EAAGrvB,GAC9BA,EAAM,IACNmsB,GAAQ50B,EAAKqH,EAAIkvB,EAAKp6C,KAAO,EAAK,MAAOkrB,GAAKqrB,GAAKjqB,GACnE,MAEYmsB,GAAQ50B,EAAKqH,EAAGswB,EAAGpB,EAAKp6C,KAAMkrB,GAAKuwB,EAAGrB,EAAKp6C,IAInD,OADAy4C,GAAQ50B,EAAKqH,EAAGswB,EAAG,MACZtwB,EAAIuwB,EAAG,IAClB,EAEIU,gBAAoB,IAAIj4B,GAAI,CAAC,MAAO,OAAQ,OAAQ,OAAQ,OAAQ,QAAS,QAAS,QAAS,UAE/Fy0B,gBAAmB,IAAI30B,GAAG,GAsK1Bo4B,GAAO,SAAUlC,EAAKmC,EAAKC,EAAKC,EAAMC,GACtC,OArKO,SAAUtC,EAAKuC,EAAKC,EAAMJ,EAAKC,EAAMI,GAC5C,IAAI9kC,EAAIqiC,EAAIp6C,OACR6tB,EAAI,IAAI3J,GAAGs4B,EAAMzkC,EAAI,GAAK,EAAIlR,KAAKyQ,KAAKS,EAAI,MAAS0kC,GAErDt1B,EAAI0G,EAAEzmB,SAASo1C,EAAK3uB,EAAE7tB,OAASy8C,GAC/Br8C,EAAM,EACV,IAAKu8C,GAAO5kC,EAAI,EACZ,IAAK,IAAI7X,EAAI,EAAGA,GAAK6X,EAAG7X,GAAK,MAAO,CAEhC,IAAIoC,EAAIpC,EAAI,MACRoC,GAAKyV,IAELoP,EAAE/mB,GAAO,GAAKy8C,GAElBz8C,EAAM+5C,GAAMhzB,EAAG/mB,EAAM,EAAGg6C,EAAIhzC,SAASlH,EAAGoC,GACpD,KAES,CAeD,IAdA,IAAIi6C,EAAMF,GAAIM,EAAM,GAChB5mC,EAAIwmC,IAAQ,GAAIj7B,EAAU,KAANi7B,EACpBO,GAAS,GAAKF,GAAQ,EAEtBx5C,EAAO,IAAImzC,GAAI,OAAQwG,EAAO,IAAIxG,GAAIuG,EAAQ,GAC9CE,EAAQn2C,KAAKyQ,KAAKslC,EAAO,GAAIK,EAAQ,EAAID,EACzCE,EAAM,SAAUh9C,GAAK,OAAQk6C,EAAIl6C,GAAMk6C,EAAIl6C,EAAI,IAAM88C,EAAU5C,EAAIl6C,EAAI,IAAM+8C,GAAUH,CAAQ,EAG/FxC,EAAO,IAAIl2B,GAAI,MAEfm2B,EAAK,IAAIhE,GAAI,KAAMiE,EAAK,IAAIjE,GAAI,IAEhC4G,EAAO,EAAGvG,EAAK,EAAU6D,GAAPv6C,EAAI,EAAQ,GAAGk9C,EAAK,EAAG9kC,EAAK,EAC3CpY,EAAI6X,IAAK7X,EAAG,CAGf,IAAIm9C,EAAKH,EAAIh9C,GAETo9C,EAAW,MAAJp9C,EAAWq9C,EAAQR,EAAKM,GAKnC,GAJAj6C,EAAKk6C,GAAQC,EACbR,EAAKM,GAAMC,EAGPF,GAAMl9C,EAAG,CAET,IAAIs9C,EAAMzlC,EAAI7X,EACd,IAAKi9C,EAAO,KAAQ1C,EAAK,QAAU+C,EAAM,IAAK,CAC1Cp9C,EAAMi6C,GAAKD,EAAKjzB,EAAG,EAAGmzB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIniC,EAAIpY,EAAIoY,EAAIlY,GACxDq6C,EAAK0C,EAAOvG,EAAK,EAAGt+B,EAAKpY,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,MAAOA,EACvBgiC,EAAGhiC,GAAK,EACZ,IAASA,EAAI,EAAGA,EAAI,KAAMA,EACtBiiC,EAAGjiC,GAAK,CAChC,CAEgB,IAAI8nB,EAAI,EAAG9e,EAAI,EAAGk8B,EAAOn8B,EAAGo8B,EAAOJ,EAAOC,EAAS,MACnD,GAAIC,EAAM,GAAKH,GAAMH,EAAIh9C,EAAIw9C,GAMzB,IALA,IAAIC,EAAO92C,KAAKmd,IAAIjO,EAAGynC,GAAO,EAC1BI,EAAO/2C,KAAKmd,IAAI,MAAO9jB,GAGvB29C,EAAKh3C,KAAKmd,IAAI,IAAKw5B,GAChBE,GAAOE,KAAUH,GAAQH,GAAQC,GAAO,CAC3C,GAAInD,EAAIl6C,EAAImgC,IAAM+Z,EAAIl6C,EAAImgC,EAAIqd,GAAM,CAEhC,IADA,IAAII,EAAK,EACFA,EAAKD,GAAMzD,EAAIl6C,EAAI49C,IAAO1D,EAAIl6C,EAAI49C,EAAKJ,KAAQI,GAEtD,GAAIA,EAAKzd,EAAG,CAGR,GAFAA,EAAIyd,EAAIv8B,EAAIm8B,EAERI,EAAKH,EACL,MAIJ,IAAII,EAAMl3C,KAAKmd,IAAI05B,EAAKI,EAAK,GACzBE,EAAK,EACT,IAASzlC,EAAI,EAAGA,EAAIwlC,IAAOxlC,EAAG,CAC1B,IAAI0lC,EAAM/9C,EAAIw9C,EAAMnlC,EAAI,MAAS,MAE7B8+B,EAAM4G,EADA76C,EAAK66C,GACM,MAAS,MAC1B5G,EAAK2G,IACLA,EAAK3G,EAAIkG,EAAQU,EACzD,CACA,CACA,CAGwBP,IADAJ,EAAOC,IAAOA,EAAQn6C,EAAKk6C,IACJ,MAAS,KACxD,CAGgB,GAAI/7B,EAAG,CAGH+4B,EAAKG,KAAQ,UAAa1D,GAAM1W,IAAM,GAAM6W,GAAM31B,GAClD,IAAI28B,EAAiB,GAAXnH,GAAM1W,GAAS8d,EAAiB,GAAXjH,GAAM31B,GACrCq1B,GAAMJ,GAAK0H,GAAOzH,GAAK0H,KACrB5D,EAAG,IAAM2D,KACT1D,EAAG2D,GACLf,EAAKl9C,EAAImgC,IACP8c,CACtB,MAEoB7C,EAAKG,KAAQL,EAAIl6C,KACfq6C,EAAGH,EAAIl6C,GAE7B,CACA,CACQE,EAAMi6C,GAAKD,EAAKjzB,EAAG01B,EAAKvC,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIniC,EAAIpY,EAAIoY,EAAIlY,IAErDy8C,GAAa,EAANz8C,IACRA,EAAM+5C,GAAMhzB,EAAG/mB,EAAM,EAAGy4C,IACpC,CACI,OAAOT,GAAIvqB,EAAG,EAAG2uB,EAAMrE,GAAK/3C,GAAOq8C,EACvC,CAmDW2B,CAAKhE,EAAkB,MAAbmC,EAAI8B,MAAgB,EAAI9B,EAAI8B,MAAkB,MAAX9B,EAAI+B,IAAcz3C,KAAKyQ,KAAuD,IAAlDzQ,KAAKC,IAAI,EAAGD,KAAKmd,IAAI,GAAInd,KAAK6S,IAAI0gC,EAAIp6C,WAAoB,GAAKu8C,EAAI+B,IAAM9B,EAAKC,GAAOC,EACzK,EAwLI6B,gBAAyB,WACzB,SAASA,EAAQ7wB,EAAM8wB,GACdA,GAAqB,mBAAR9wB,IACd8wB,EAAK9wB,EAAMA,EAAO,CAAE,GACxBtvB,KAAKqgD,OAASD,EACdpgD,KAAKyvB,EAAIH,GAAQ,CAAE,CAC3B,CAiBI,OAhBA6wB,EAAQlgD,UAAU+sB,EAAI,SAAU9J,EAAG4iB,GAC/B9lC,KAAKqgD,OAAOnC,GAAKh7B,EAAGljB,KAAKyvB,EAAG,EAAG,GAAIqW,GAAIA,EAC1C,EAMDqa,EAAQlgD,UAAU6C,KAAO,SAAUE,EAAO4zB,GACjC52B,KAAKqgD,QACNnqB,GAAI,GACJl2B,KAAKmjB,GACL+S,GAAI,GACRl2B,KAAKmjB,EAAIyT,EACT52B,KAAKgtB,EAAEhqB,EAAO4zB,IAAS,EAC1B,EACMupB,CACX,IAuCIG,gBAAyB,WAKzB,SAASA,EAAQF,GACbpgD,KAAK2Z,EAAI,CAAE,EACX3Z,KAAKgtB,EAAI,IAAIlH,GAAG,GAChB9lB,KAAKqgD,OAASD,CACtB,CA0BI,OAzBAE,EAAQrgD,UAAUiE,EAAI,SAAUgf,GACvBljB,KAAKqgD,QACNnqB,GAAI,GACJl2B,KAAKmjB,GACL+S,GAAI,GACR,IAAI+L,EAAIjiC,KAAKgtB,EAAEprB,OACX+V,EAAI,IAAImO,GAAGmc,EAAI/e,EAAEthB,QACrB+V,EAAExV,IAAInC,KAAKgtB,GAAIrV,EAAExV,IAAI+gB,EAAG+e,GAAIjiC,KAAKgtB,EAAIrV,CACxC,EACD2oC,EAAQrgD,UAAUijB,EAAI,SAAU0T,GAC5B52B,KAAKmjB,EAAInjB,KAAK2Z,EAAE7X,EAAI80B,IAAS,EAC7B,IAAI2pB,EAAMvgD,KAAK2Z,EAAE9B,EACbqjC,EAz0BA,SAAUc,EAAKp9B,EAAK0/B,GAE5B,IAAIkC,EAAKxE,EAAIp6C,OACb,IAAK4+C,GAAOlC,GAAMA,EAAGxY,IAAMwY,EAAGrc,EAC1B,OAAOrjB,GAAO,IAAIkH,GAAG,GAEzB,IAAI26B,GAAS7hC,GAAO0/B,EAEhBoC,GAAQpC,GAAMA,EAAGx8C,EAChBw8C,IACDA,EAAK,CAAE,GAEN1/B,IACDA,EAAM,IAAIkH,GAAQ,EAAL06B,IAEjB,IAAIG,EAAO,SAAU1e,GACjB,IAAIqa,EAAK19B,EAAIhd,OAEb,GAAIqgC,EAAIqa,EAAI,CAER,IAAIsE,EAAO,IAAI96B,GAAGrd,KAAKC,IAAS,EAAL4zC,EAAQra,IACnC2e,EAAKz+C,IAAIyc,GACTA,EAAMgiC,CAClB,CACK,EAEGhqB,EAAQ0nB,EAAGxY,GAAK,EAAG9jC,EAAMs8C,EAAGtxB,GAAK,EAAG6zB,EAAKvC,EAAGzmC,GAAK,EAAGylC,EAAKgB,EAAGrc,EAAGub,EAAKc,EAAGn7B,EAAG29B,EAAMxC,EAAGpmB,EAAG6oB,EAAMzC,EAAG3mC,EAE/FqpC,EAAY,EAALR,EACX,EAAG,CACC,IAAKlD,EAAI,CAEL1mB,EAAQ5a,GAAKggC,EAAKh6C,EAAK,GAEvB,IAAIiS,EAAO+H,GAAKggC,EAAKh6C,EAAM,EAAG,GAE9B,GADAA,GAAO,GACFiS,EAAM,CAEP,IAAuBguB,EAAI+Z,GAAvBriC,EAAIogC,GAAK/3C,GAAO,GAAe,GAAMg6C,EAAIriC,EAAI,IAAM,EAAI+B,EAAI/B,EAAIsoB,EACnE,GAAIvmB,EAAI8kC,EAAI,CACJE,GACAxqB,GAAI,GACR,KACpB,CAEoBuqB,GACAE,EAAKE,EAAK5e,GAEdrjB,EAAIzc,IAAI65C,EAAIhzC,SAAS2Q,EAAG+B,GAAImlC,GAE5BvC,EAAGzmC,EAAIgpC,GAAM5e,EAAGqc,EAAGtxB,EAAIhrB,EAAU,EAAJ0Z,EAAO4iC,EAAGxY,EAAIlP,EAC3C,QAChB,CACiB,GAAY,GAAR3iB,EACLqpC,EAAK3D,GAAM6D,EAAK3D,GAAMiH,EAAM,EAAGC,EAAM,OACpC,GAAY,GAAR9sC,EAAW,CAEhB,IAAIgtC,EAAOjlC,GAAKggC,EAAKh6C,EAAK,IAAM,IAAKk/C,EAAQllC,GAAKggC,EAAKh6C,EAAM,GAAI,IAAM,EACnEslC,EAAK2Z,EAAOjlC,GAAKggC,EAAKh6C,EAAM,EAAG,IAAM,EACzCA,GAAO,GAKP,IAHA,IAAIm/C,EAAM,IAAIr7B,GAAGwhB,GAEb8Z,EAAM,IAAIt7B,GAAG,IACRhkB,EAAI,EAAGA,EAAIo/C,IAASp/C,EAEzBs/C,EAAI9I,GAAKx2C,IAAMka,GAAKggC,EAAKh6C,EAAU,EAAJF,EAAO,GAE1CE,GAAe,EAARk/C,EAEP,IAAIG,EAAM34C,GAAI04C,GAAME,GAAU,GAAKD,GAAO,EAEtCE,EAAMvI,GAAKoI,EAAKC,EAAK,GACzB,IAASv/C,EAAI,EAAGA,EAAIwlC,GAAK,CACrB,IAII3tB,EAJA8B,EAAI8lC,EAAIvlC,GAAKggC,EAAKh6C,EAAKs/C,IAM3B,GAJAt/C,GAAW,GAAJyZ,GAEH9B,EAAI8B,IAAM,GAEN,GACJ0lC,EAAIr/C,KAAO6X,MAEV,CAED,IAAIuJ,EAAI,EAAGvL,EAAI,EAOf,IANS,IAALgC,GACAhC,EAAI,EAAIqE,GAAKggC,EAAKh6C,EAAK,GAAIA,GAAO,EAAGkhB,EAAIi+B,EAAIr/C,EAAI,IACvC,IAAL6X,GACLhC,EAAI,EAAIqE,GAAKggC,EAAKh6C,EAAK,GAAIA,GAAO,GACxB,IAAL2X,IACLhC,EAAI,GAAKqE,GAAKggC,EAAKh6C,EAAK,KAAMA,GAAO,GAClC2V,KACHwpC,EAAIr/C,KAAOohB,CACvC,CACA,CAEgB,IAAIs+B,EAAKL,EAAIn4C,SAAS,EAAGi4C,GAAO/F,EAAKiG,EAAIn4C,SAASi4C,GAElDH,EAAMp4C,GAAI84C,GAEVT,EAAMr4C,GAAIwyC,GACVoC,EAAKtE,GAAKwI,EAAIV,EAAK,GACnBtD,EAAKxE,GAAKkC,EAAI6F,EAAK,EACnC,MAEgB7qB,GAAI,GACR,GAAIl0B,EAAMg/C,EAAM,CACRN,GACAxqB,GAAI,GACR,KAChB,CACA,CAGYuqB,GACAE,EAAKE,EAAK,QAGd,IAFA,IAAIY,GAAO,GAAKX,GAAO,EAAGY,GAAO,GAAKX,GAAO,EACzCY,EAAO3/C,GACH2/C,EAAO3/C,EAAK,CAEhB,IAAoC4/C,GAAhC1+B,EAAIo6B,EAAGxD,GAAOkC,EAAKh6C,GAAOy/C,MAAkB,EAEhD,IADAz/C,GAAW,GAAJkhB,GACG89B,EAAM,CACRN,GACAxqB,GAAI,GACR,KAChB,CAGY,GAFKhT,GACDgT,GAAI,GACJ0rB,EAAM,IACNhjC,EAAIiiC,KAAQe,MACX,IAAW,KAAPA,EAAY,CACjBD,EAAO3/C,EAAKs7C,EAAK,KACjB,KAChB,CAEgB,IAAIr5C,EAAM29C,EAAM,IAEhB,GAAIA,EAAM,IAAK,CAEX,IAAmB/pC,EAAIugC,GAAnBt2C,EAAI8/C,EAAM,KACd39C,EAAM+X,GAAKggC,EAAKh6C,GAAM,GAAK6V,GAAK,GAAK6gC,GAAG52C,GACxCE,GAAO6V,CAC3B,CAEgB,IAAIsL,EAAIq6B,EAAG1D,GAAOkC,EAAKh6C,GAAO0/C,GAAMG,EAAO1+B,IAAM,EASjD,GARKA,GACD+S,GAAI,GACRl0B,GAAW,GAAJmhB,EACH+3B,EAAKrC,GAAGgJ,GACRA,EAAO,IACHhqC,EAAIwgC,GAAKwJ,GACb3G,GAAMpB,GAAOkC,EAAKh6C,IAAS,GAAK6V,GAAK,EAAI7V,GAAO6V,GAEhD7V,EAAMg/C,EAAM,CACRN,GACAxqB,GAAI,GACR,KACpB,CACoBuqB,GACAE,EAAKE,EAAK,QAEd,IADA,IAAIv4C,EAAMu4C,EAAK58C,EACR48C,EAAKv4C,EAAKu4C,GAAM,EACnBjiC,EAAIiiC,GAAMjiC,EAAIiiC,EAAK3F,GACnBt8B,EAAIiiC,EAAK,GAAKjiC,EAAIiiC,EAAK,EAAI3F,GAC3Bt8B,EAAIiiC,EAAK,GAAKjiC,EAAIiiC,EAAK,EAAI3F,GAC3Bt8B,EAAIiiC,EAAK,GAAKjiC,EAAIiiC,EAAK,EAAI3F,GAE/B2F,EAAKv4C,CACrB,CACA,CACQg2C,EAAGrc,EAAIqb,EAAIgB,EAAGtxB,EAAI20B,EAAMrD,EAAGzmC,EAAIgpC,EAAIvC,EAAGxY,EAAIlP,EACtC0mB,IACA1mB,EAAQ,EAAG0nB,EAAGpmB,EAAI4oB,EAAKxC,EAAGn7B,EAAIq6B,EAAIc,EAAG3mC,EAAIopC,EAChD,QAASnqB,GACV,OAAOiqB,GAAMjiC,EAAIhd,OAASgd,EAAMo7B,GAAIp7B,EAAK,EAAGiiC,EAChD,CAwpBiBiB,CAAM9hD,KAAKgtB,EAAGhtB,KAAKyvB,EAAGzvB,KAAK2Z,GACpC3Z,KAAKqgD,OAAOrG,GAAIkB,EAAIqF,EAAKvgD,KAAK2Z,EAAE9B,GAAI7X,KAAKmjB,GACzCnjB,KAAKyvB,EAAIuqB,GAAIkB,EAAIl7C,KAAK2Z,EAAE9B,EAAI,OAAQ7X,KAAK2Z,EAAE9B,EAAI7X,KAAKyvB,EAAE7tB,OACtD5B,KAAKgtB,EAAIgtB,GAAIh6C,KAAKgtB,EAAIhtB,KAAK2Z,EAAEqT,EAAI,EAAK,GAAIhtB,KAAK2Z,EAAEqT,GAAK,CACzD,EAMDszB,EAAQrgD,UAAU6C,KAAO,SAAUE,EAAO4zB,GACtC52B,KAAKkE,EAAElB,GAAQhD,KAAKkjB,EAAE0T,EACzB,EACM0pB,CACX,IAqMIyB,gBAAsB,WACtB,SAASA,EAAKzyB,EAAM8wB,GA1fZ,IACJ9hC,EAAOzG,EA0fP7X,KAAKkjB,GA1fL5E,EAAI,EAAGzG,EAAI,EACR,CACHmV,EAAG,SAAU7J,GAIT,IAFA,IAAIxL,EAAI2G,EAAG4Z,EAAIrgB,EACXoqB,EAAe,EAAX9e,EAAEvhB,OACDE,EAAI,EAAGA,GAAKmgC,GAAI,CAErB,IADA,IAAI/9B,EAAIuE,KAAKmd,IAAI9jB,EAAI,KAAMmgC,GACpBngC,EAAIoC,IAAKpC,EACZo2B,GAAKvgB,GAAKwL,EAAErhB,GAChB6V,GAAS,MAAJA,GAAa,IAAMA,GAAK,IAAKugB,GAAS,MAAJA,GAAa,IAAMA,GAAK,GAC/E,CACY5Z,EAAI3G,EAAGE,EAAIqgB,CACd,EACD/U,EAAG,WAEC,OAAY,KADZ7E,GAAK,SACe,GAAMA,IAAM,GAAM,IAAU,KADpCzG,GAAK,SACuC,EAAKA,IAAM,CAC/E,IA0eQ7X,KAAK4Z,EAAI,EACTumC,GAAQp/C,KAAKf,KAAMsvB,EAAM8wB,EACjC,CAkBI,OAZA2B,EAAK9hD,UAAU6C,KAAO,SAAUE,EAAO4zB,GACnCupB,GAAQlgD,UAAU6C,KAAK/B,KAAKf,KAAMgD,EAAO4zB,EAC5C,EACDmrB,EAAK9hD,UAAU+sB,EAAI,SAAU9J,EAAG4iB,GAC5B9lC,KAAKkjB,EAAE8J,EAAE9J,GACT,IAAI8+B,EAAM9D,GAAKh7B,EAAGljB,KAAKyvB,EAAGzvB,KAAK4Z,GAAK,EAAGksB,GAAK,GAAIA,GAC5C9lC,KAAK4Z,IA9UP,SAAUsJ,EAAGuM,GACnB,IAAIwyB,EAAKxyB,EAAEwwB,MAAOvH,EAAW,GAANuJ,EAAU,EAAIA,EAAK,EAAI,EAAU,GAANA,EAAU,EAAI,EAChE/+B,EAAE,GAAK,IAAKA,EAAE,GAAMw1B,GAAM,GAAMA,EAAM,GAAK,EAAIA,EAAM,EACzD,CA4UYwJ,CAAIF,EAAKhiD,KAAKyvB,GAAIzvB,KAAK4Z,EAAI,GAC3BksB,GArXC,SAAU3iB,EAAGtL,EAAG+B,GACzB,KAAOA,IAAK/B,EACRsL,EAAEtL,GAAK+B,EAAGA,KAAO,CACzB,CAmXYuoC,CAAOH,EAAKA,EAAIpgD,OAAS,EAAG5B,KAAKkjB,EAAEC,KACvCnjB,KAAKqgD,OAAO2B,EAAKlc,EACpB,EACMic,CACX,IA+CIK,gBAAwB,WAKxB,SAASA,EAAOhC,GACZpgD,KAAK4Z,EAAI,EACT0mC,GAAQv/C,KAAKf,KAAMogD,EAC3B,CAsBI,OAhBAgC,EAAOniD,UAAU6C,KAAO,SAAUE,EAAO4zB,GAErC,GADA0pB,GAAQrgD,UAAUiE,EAAEnD,KAAKf,KAAMgD,GAC3BhD,KAAK4Z,EAAG,CACR,GAAI5Z,KAAKgtB,EAAEprB,OAAS,IAAMg1B,EACtB,OACJ52B,KAAKgtB,EAAIhtB,KAAKgtB,EAAEhkB,SAAS,GAAIhJ,KAAK4Z,EAAI,CAClD,CACYgd,IACI52B,KAAKgtB,EAAEprB,OAAS,GAChBs0B,GAAI,EAAG,qBACXl2B,KAAKgtB,EAAIhtB,KAAKgtB,EAAEhkB,SAAS,GAAI,IAIjCs3C,GAAQrgD,UAAUijB,EAAEniB,KAAKf,KAAM42B,EAClC,EACMwrB,CACX,IAiKIC,GAA2B,oBAAfxnC,0BAA4C,IAAIA,YAGhE,IACIwnC,GAAGvnC,OAAO2/B,GAAI,CAAEz5C,QAAQ,IAClB,CACV,CACA,MAAOkD,GAAG,CCx+CV,MAAMo+C,GACJ,cAAWvkC,GACT,OAAOtT,EAAMkE,OAAOU,WACxB,CAKE,WAAAzP,CAAY2iD,EAAO,IAAIxqC,MACrB/X,KAAKw+B,OAAS/zB,EAAMqF,QAAQG,KAC5BjQ,KAAKuiD,KAAOzrC,EAAKuB,cAAckqC,GAC/BviD,KAAKgQ,KAAO,KACZhQ,KAAK6G,KAAO,KACZ7G,KAAKwiD,SAAW,EACpB,CAQE,OAAAC,CAAQzyC,EAAMwuB,EAAS/zB,EAAMqF,QAAQG,MACnCjQ,KAAKw+B,OAASA,EACdx+B,KAAKgQ,KAAOA,EACZhQ,KAAK6G,KAAO,IAChB,CAQE,OAAA67C,CAAQ9/C,GAAQ,GAId,OAHkB,OAAd5C,KAAKgQ,MAAiB8G,EAAK7V,SAASjB,KAAKgQ,SAC3ChQ,KAAKgQ,KAAO8G,EAAK6D,WAAW7D,EAAKwG,UAAUtd,KAAK2iD,SAAS//C,MAEpD5C,KAAKgQ,IAChB,CAOE,QAAA4yC,CAASz4C,EAAOq0B,GACdx+B,KAAKw+B,OAASA,EACdx+B,KAAK6G,KAAOsD,EACZnK,KAAKgQ,KAAO,IAChB,CAQE,QAAA2yC,CAAS//C,GAAQ,GAKf,OAJkB,OAAd5C,KAAK6G,OAEP7G,KAAK6G,KAAOiQ,EAAKkG,gBAAgBlG,EAAKwD,WAAWta,KAAKgQ,QAEpDpN,EACK2f,EAAoBviB,KAAK6G,MAE3B7G,KAAK6G,IAChB,CAOE,WAAAg8C,CAAYL,GACVxiD,KAAKwiD,SAAWA,CACpB,CAOE,WAAAM,GACE,OAAO9iD,KAAKwiD,QAChB,CASE,UAAMngD,CAAK8H,SACH44C,EAAa54C,GAAO7H,UAExB,MAAMk8B,QAAe96B,EAAOkG,WAEtBo5C,QAAqBt/C,EAAOkG,WAClC5J,KAAKwiD,SAAW1rC,EAAK6D,iBAAiBjX,EAAOqG,UAAUi5C,IAEvDhjD,KAAKuiD,KAAOzrC,EAAKgB,eAAepU,EAAOqG,UAAU,IAEjD,IAAIlD,EAAOnD,EAAOgE,YACdsa,EAAqBnb,KAAOA,QAAaob,EAAiBpb,IAC9D7G,KAAK4iD,SAAS/7C,EAAM23B,EAAO,GAEjC,CAOE,WAAAmN,GACE,MAAM6W,EAAW1rC,EAAKwD,WAAWta,KAAKwiD,UAChCS,EAAkB,IAAIxhD,WAAW,CAAC+gD,EAAS5gD,SAE3C48B,EAAS,IAAI/8B,WAAW,CAACzB,KAAKw+B,SAC9B+jB,EAAOzrC,EAAKkB,UAAUhY,KAAKuiD,MAEjC,OAAOzrC,EAAKpV,iBAAiB,CAAC88B,EAAQykB,EAAiBT,EAAUD,GACrE,CAOE,KAAAx/C,GACE,MAAM2c,EAAS1f,KAAK2rC,cACd9kC,EAAO7G,KAAK2iD,WAElB,OAAO7rC,EAAKtS,OAAO,CAACkb,EAAQ7Y,GAChC,ECnIA,MAAMq8C,GACJ,WAAAtjD,GACEI,KAAKmK,MAAQ,EACjB,CAME,IAAA9H,CAAK8H,GAEH,OADAnK,KAAKmK,MAAQ2M,EAAKmD,mBAAmB9P,EAAMnB,SAAS,EAAG,IAChDhJ,KAAKmK,MAAMvI,MACtB,CAME,KAAAmB,GACE,OAAO+T,EAAK+C,mBAAmB7Z,KAAKmK,MACxC,CAME,KAAAghC,GACE,OAAOr0B,EAAK2C,gBAAgB3C,EAAK+C,mBAAmB7Z,KAAKmK,OAC7D,CAOE,MAAAg5C,CAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgBtjD,KAAKsjD,eAAkBtjD,KAAKmK,QAAUi5C,EAAMj5C,KAChG,CAME,MAAAo5C,GACE,MAAsB,KAAfvjD,KAAKmK,KAChB,CAME,UAAAm5C,GACE,MAAO,OAAOvmC,KAAK/c,KAAKmrC,QAC5B,CAEE,eAAOqY,CAASJ,GACd,OAAOA,EAAMjY,OACjB,CAEE,aAAOsY,CAAOnqC,GACZ,MAAM8pC,EAAQ,IAAIF,GAElB,OADAE,EAAM/gD,KAAKyU,EAAKuC,gBAAgBC,IACzB8pC,CACX,CAEE,eAAOM,GACL,MAAMN,EAAQ,IAAIF,GAElB,OADAE,EAAM/gD,KAAK,IAAIZ,WAAW,IACnB2hD,CACX,EC3EA,MAAMhR,GAAW9yC,OAAO,YAQlBqkD,GAAqB,+BAKrBC,GAA4B,IAAIjuC,IAAI,CACxClL,EAAMuG,mBAAmBW,YACzBlH,EAAMuG,mBAAmByB,kBACzBhI,EAAMuG,mBAAmBwB,oBAW3B,MAAMqxC,GACJ,cAAW9lC,GACT,OAAOtT,EAAMkE,OAAOE,SACxB,CAEE,WAAAjP,GACEI,KAAKs3C,QAAU,KAEft3C,KAAK8jD,cAAgB,KAErB9jD,KAAK+jD,cAAgB,KAErB/jD,KAAKgkD,mBAAqB,KAE1BhkD,KAAKikD,cAAgB,KACrBjkD,KAAKkkD,mBAAqB,GAC1BlkD,KAAKmkD,kBAAoB,GACzBnkD,KAAKokD,gBAAkB,KACvBpkD,KAAKsuC,KAAO,KAEZtuC,KAAKqkD,QAAU,KACfrkD,KAAKkR,wBAA0B,KAC/BlR,KAAKskD,uBAAwB,EAC7BtkD,KAAKukD,WAAa,KAClBvkD,KAAKwkD,WAAa,KAClBxkD,KAAKykD,YAAc,KACnBzkD,KAAKqR,kBAAoB,KACzBrR,KAAKsR,UAAY,KACjBtR,KAAKuR,kBAAoB,KACzBvR,KAAK0kD,gBAAkB,KACvB1kD,KAAKyR,6BAA+B,KACpCzR,KAAK2kD,mBAAqB,KAC1B3kD,KAAK4kD,uBAAyB,KAC9B5kD,KAAK6kD,yBAA2B,KAChC7kD,KAAK2R,YAAc,IAAIuxC,GACvBljD,KAAK8kD,aAAe,GACpB9kD,KAAK+kD,UAAY,CAAE,EACnB/kD,KAAK6R,wBAA0B,KAC/B7R,KAAK8R,+BAAiC,KACtC9R,KAAK+R,qBAAuB,KAC5B/R,KAAKgS,mBAAqB,KAC1BhS,KAAKglD,gBAAkB,KACvBhlD,KAAKkS,UAAY,KACjBlS,KAAKmS,SAAW,KAChBnS,KAAKoS,cAAgB,KACrBpS,KAAKilD,wBAA0B,KAC/BjlD,KAAKklD,0BAA4B,KACjCllD,KAAKsS,SAAW,KAChBtS,KAAKmlD,kCAAoC,KACzCnlD,KAAKolD,6BAA+B,KACpCplD,KAAKqlD,oBAAsB,KAC3BrlD,KAAKwS,kBAAoB,KACzBxS,KAAKslD,iBAAmB,KACxBtlD,KAAKyS,kBAAoB,KACzBzS,KAAK0S,wBAA0B,KAC/B1S,KAAK2S,sBAAwB,KAE7B3S,KAAKulD,QAAU,KACfvlD,KAAKoyC,IAAY,IACrB,CAOE,IAAA/vC,CAAK8H,EAAO+J,EAASqD,GACnB,IAAIzV,EAAI,EAER,GADA9B,KAAKs3C,QAAUntC,EAAMrI,KACA,IAAjB9B,KAAKs3C,UAAkBpjC,EAAOS,wBAChC,MAAM,IAAI83B,GAAiB,2FAG7B,GAAqB,IAAjBzsC,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QACnD,MAAM,IAAI7K,GAAiB,WAAWzsC,KAAKs3C,mDAS7C,GANAt3C,KAAK8jD,cAAgB35C,EAAMrI,KAC3B9B,KAAKgkD,mBAAqB75C,EAAMrI,KAChC9B,KAAK+jD,cAAgB55C,EAAMrI,KAG3BA,GAAK9B,KAAKwlD,eAAer7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,IACrD5B,KAAKqkD,QACR,MAAU9iD,MAAM,8CAmBlB,GAVAvB,KAAKikD,cAAgB95C,EAAMnB,SAAS,EAAGlH,GAGvCA,GAAK9B,KAAKwlD,eAAer7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,GAG1D5B,KAAKokD,gBAAkBj6C,EAAMnB,SAASlH,EAAGA,EAAI,GAC7CA,GAAK,EAGgB,IAAjB9B,KAAKs3C,QAAe,CAItB,MAAMmO,EAAat7C,EAAMrI,KAGzB9B,KAAKsuC,KAAOnkC,EAAMnB,SAASlH,EAAGA,EAAI2jD,GAClC3jD,GAAK2jD,CACX,CAEI,MAAMC,EAAoBv7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAC5CS,KAAEA,EAAIuyC,gBAAEA,GAAoBz4B,GAAOtN,UAAU82C,qBAAqB3lD,KAAKgkD,mBAAoB0B,GACjG,GAAIrjD,EAAOqjD,EAAkB9jD,OAC3B,MAAUL,MAAM,sBAElBvB,KAAKwmB,OAASouB,CAClB,CAKE,WAAAgR,GACE,OAAI5lD,KAAKwmB,kBAAkBtmB,QAClB2lD,GACLvjD,SAAY6Z,GAAO2pC,gBAAgB9lD,KAAKgkD,yBAA0BhkD,KAAKwmB,UAGpErK,GAAO2pC,gBAAgB9lD,KAAKgkD,mBAAoBhkD,KAAKwmB,OAChE,CAEE,KAAAzjB,GACE,MAAMgjB,EAAM,GASZ,OARAA,EAAIjjB,KAAK9C,KAAKikD,eACdl+B,EAAIjjB,KAAK9C,KAAK+lD,2BACdhgC,EAAIjjB,KAAK9C,KAAKokD,iBACO,IAAjBpkD,KAAKs3C,UACPvxB,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKsuC,KAAK1sC,UACnCmkB,EAAIjjB,KAAK9C,KAAKsuC,OAEhBvoB,EAAIjjB,KAAK9C,KAAK4lD,eACP9uC,EAAKtS,OAAOuhB,EACvB,CAWE,UAAMia,CAAKrvB,EAAK9J,EAAM07C,EAAO,IAAIxqC,KAAQ0yB,GAAW,EAAOv2B,GACzDlU,KAAKs3C,QAAU3mC,EAAI2mC,QAEnBt3C,KAAKqkD,QAAUvtC,EAAKuB,cAAckqC,GAClCviD,KAAKslD,iBAAmB30C,EAAI2mC,QAC5Bt3C,KAAKyS,kBAAoB9B,EAAIq1C,sBAC7BhmD,KAAK2R,YAAchB,EAAIs1C,WAEvB,MAAMlgC,EAAM,CAAC,IAAItkB,WAAW,CAACzB,KAAKs3C,QAASt3C,KAAK8jD,cAAe9jD,KAAKgkD,mBAAoBhkD,KAAK+jD,iBAG7F,GAAqB,IAAjB/jD,KAAKs3C,QAAe,CACtB,MAAMmO,EAAaS,GAAkBlmD,KAAK+jD,eAC1C,GAAkB,OAAd/jD,KAAKsuC,KACPtuC,KAAKsuC,KAAOnyB,GAAOq6B,OAAO/a,eAAegqB,QACpC,GAAIA,IAAezlD,KAAKsuC,KAAK1sC,OAClC,MAAUL,MAAM,kDAExB,MAAW,GAAI2S,EAAOmC,sCAAuC,CAIvD,GAA6B,IAHPrW,KAAK8kD,aAAav6C,QAAO,EAAGtC,UAAYA,IAAS07C,KAGrD/hD,OAShB,MAAUL,MAAM,qCATc,CAC9B,MAAM4kD,EAAYhqC,GAAOq6B,OAAO/a,eAAeyqB,GAAkBlmD,KAAK+jD,gBACtE/jD,KAAK8kD,aAAahiD,KAAK,CACrBmF,KAAM07C,GACNphD,MAAO4jD,EACPC,eAAe,EACfC,UAAU,GAEpB,CAGA,CAGItgC,EAAIjjB,KAAK9C,KAAKsmD,yBAKdtmD,KAAKkkD,mBAAqB,GAE1BlkD,KAAKikD,cAAgBntC,EAAKtS,OAAOuhB,GAEjC,MAAM+xB,EAAS93C,KAAK83C,OAAO93C,KAAK8jD,cAAej9C,EAAM4jC,GAC/C98B,QAAa3N,KAAK2N,KAAK3N,KAAK8jD,cAAej9C,EAAMixC,EAAQrN,GAE/DzqC,KAAKokD,gBAAkBmC,EAAaC,EAAa74C,GAAO,EAAG,GAC3D,MAAM2F,EAAShR,SAAY6Z,GAAOtN,UAAUmxB,KAC1ChgC,KAAKgkD,mBAAoBhkD,KAAK+jD,cAAepzC,EAAIskC,aAActkC,EAAIilC,cAAekC,QAAc71B,EAAiBtU,IAE/GmJ,EAAK7V,SAAS0M,GAChB3N,KAAKwmB,OAASlT,KAEdtT,KAAKwmB,aAAelT,IAMpBtT,KAAKoyC,KAAY,EAEvB,CAME,qBAAAkU,GACE,MAAMjpC,EAAM5S,EAAMuG,mBACZ+U,EAAM,GACZ,IAAI5b,EACJ,GAAqB,OAAjBnK,KAAKqkD,QACP,MAAU9iD,MAAM,mCAElBwkB,EAAIjjB,KAAK2jD,GAAeppC,EAAIpM,uBAAuB,EAAM6F,EAAKkB,UAAUhY,KAAKqkD,WACxC,OAAjCrkD,KAAKkR,yBACP6U,EAAIjjB,KAAK2jD,GAAeppC,EAAInM,yBAAyB,EAAM4F,EAAKc,YAAY5X,KAAKkR,wBAAyB,KAEpF,OAApBlR,KAAKukD,YACPx+B,EAAIjjB,KAAK2jD,GAAeppC,EAAIlM,yBAAyB,EAAM,IAAI1P,WAAW,CAACzB,KAAKukD,WAAa,EAAI,MAE3E,OAApBvkD,KAAKwkD,aACPr6C,EAAQ,IAAI1I,WAAW,CAACzB,KAAKwkD,WAAYxkD,KAAKykD,cAC9C1+B,EAAIjjB,KAAK2jD,GAAeppC,EAAIjM,gBAAgB,EAAMjH,KAErB,OAA3BnK,KAAKqR,mBACP0U,EAAIjjB,KAAK2jD,GAAeppC,EAAIhM,mBAAmB,EAAMrR,KAAKqR,oBAErC,OAAnBrR,KAAKsR,WACPyU,EAAIjjB,KAAK2jD,GAAeppC,EAAI/L,WAAW,EAAM,IAAI7P,WAAW,CAACzB,KAAKsR,UAAY,EAAI,MAErD,OAA3BtR,KAAKuR,mBACPwU,EAAIjjB,KAAK2jD,GAAeppC,EAAI9L,mBAAmB,EAAMuF,EAAKc,YAAY5X,KAAKuR,kBAAmB,KAEtD,OAAtCvR,KAAKyR,+BACPtH,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKyR,+BAC7DsU,EAAIjjB,KAAK2jD,GAAeppC,EAAI5L,8BAA8B,EAAOtH,KAEnC,OAA5BnK,KAAK2kD,qBACPx6C,EAAQ,IAAI1I,WAAW,CAACzB,KAAK2kD,mBAAoB3kD,KAAK4kD,yBACtDz6C,EAAQ2M,EAAKtS,OAAO,CAAC2F,EAAOnK,KAAK6kD,2BACjC9+B,EAAIjjB,KAAK2jD,GAAeppC,EAAI3L,eAAe,EAAOvH,MAE/CnK,KAAK2R,YAAY4xC,UAAYvjD,KAAKslD,iBAAmB,GAGxDv/B,EAAIjjB,KAAK2jD,GAAeppC,EAAI1L,aAAa,EAAM3R,KAAK2R,YAAY5O,UAElE/C,KAAK8kD,aAAa7iD,SAAQ,EAAGgG,OAAM1F,QAAO6jD,gBAAeC,eACvDl8C,EAAQ,CAAC,IAAI1I,WAAW,CAAC2kD,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAMM,EAAc5vC,EAAKwD,WAAWrS,GAEpCkC,EAAMrH,KAAKgU,EAAKc,YAAY8uC,EAAY9kD,OAAQ,IAEhDuI,EAAMrH,KAAKgU,EAAKc,YAAYrV,EAAMX,OAAQ,IAC1CuI,EAAMrH,KAAK4jD,GACXv8C,EAAMrH,KAAKP,GACX4H,EAAQ2M,EAAKtS,OAAO2F,GACpB4b,EAAIjjB,KAAK2jD,GAAeppC,EAAIzL,aAAcy0C,EAAUl8C,GAAO,IAExB,OAAjCnK,KAAK6R,0BACP1H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK6R,0BAC7DkU,EAAIjjB,KAAK2jD,GAAeppC,EAAIxL,yBAAyB,EAAO1H,KAElB,OAAxCnK,KAAK8R,iCACP3H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK8R,iCAC7DiU,EAAIjjB,KAAK2jD,GAAeppC,EAAIvL,gCAAgC,EAAO3H,KAEnC,OAA9BnK,KAAK+R,uBACP5H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK+R,uBAC7DgU,EAAIjjB,KAAK2jD,GAAeppC,EAAItL,sBAAsB,EAAO5H,KAE3B,OAA5BnK,KAAKgS,oBACP+T,EAAIjjB,KAAK2jD,GAAeppC,EAAIrL,oBAAoB,EAAO8E,EAAKwD,WAAWta,KAAKgS,sBAEjD,OAAzBhS,KAAKglD,iBACPj/B,EAAIjjB,KAAK2jD,GAAeppC,EAAIpL,eAAe,EAAO,IAAIxQ,WAAW,CAACzB,KAAKglD,gBAAkB,EAAI,MAExE,OAAnBhlD,KAAKkS,WACP6T,EAAIjjB,KAAK2jD,GAAeppC,EAAInL,WAAW,EAAO4E,EAAKwD,WAAWta,KAAKkS,aAE/C,OAAlBlS,KAAKmS,WACPhI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKmS,WAC7D4T,EAAIjjB,KAAK2jD,GAAeppC,EAAIlL,UAAU,EAAMhI,KAEnB,OAAvBnK,KAAKoS,eACP2T,EAAIjjB,KAAK2jD,GAAeppC,EAAIjL,eAAe,EAAO0E,EAAKwD,WAAWta,KAAKoS,iBAEpC,OAAjCpS,KAAKilD,0BACP96C,EAAQ2M,EAAK+C,mBAAmB7C,OAAOoD,aAAapa,KAAKilD,yBAA2BjlD,KAAKklD,2BACzFn/B,EAAIjjB,KAAK2jD,GAAeppC,EAAIhL,qBAAqB,EAAMlI,KAEnC,OAAlBnK,KAAKsS,WACPnI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKsS,WAC7DyT,EAAIjjB,KAAK2jD,GAAeppC,EAAI/K,UAAU,EAAOnI,KAEA,OAA3CnK,KAAKmlD,oCACPh7C,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAKmlD,kCAAmCnlD,KAAKolD,gCACtEj7C,EAAMrH,KAAKgU,EAAK+C,mBAAmB7Z,KAAKqlD,sBACxCl7C,EAAQ2M,EAAKtS,OAAO2F,GACpB4b,EAAIjjB,KAAK2jD,GAAeppC,EAAI9K,iBAAiB,EAAMpI,KAEtB,OAA3BnK,KAAKwS,mBACPuT,EAAIjjB,KAAK2jD,GAAeppC,EAAI7K,mBAAmB,EAAMxS,KAAKwS,kBAAkBzP,UAE/C,OAA3B/C,KAAKyS,oBACPtI,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAKslD,mBAAoBtlD,KAAKyS,mBACvDtI,EAAQ2M,EAAKtS,OAAO2F,GACpB4b,EAAIjjB,KAAK2jD,GAAeppC,EAAI5K,kBAAmBzS,KAAKs3C,SAAW,EAAGntC,KAE/B,OAAjCnK,KAAK0S,0BACPvI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK0S,0BAC7DqT,EAAIjjB,KAAK2jD,GAAeppC,EAAI3K,yBAAyB,EAAOvI,KAE3B,OAA/BnK,KAAK2S,wBACPxI,EAAQ,IAAI1I,WAAW,GAAG+C,UAAUxE,KAAK2S,wBACzCoT,EAAIjjB,KAAK2jD,GAAeppC,EAAI1K,uBAAuB,EAAOxI,KAG5D,MAAMpI,EAAS+U,EAAKtS,OAAOuhB,GACrBnkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAKs3C,QAAgB,EAAI,GAExE,OAAOxgC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAME,uBAAAgkD,GACE,MAAMhgC,EAAM/lB,KAAKkkD,mBAAmBv/C,KAAI,EAAGsP,OAAMoyC,WAAUnlC,UAClDulC,GAAexyC,EAAMoyC,EAAUnlC,KAGlCnf,EAAS+U,EAAKtS,OAAOuhB,GACrBnkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAKs3C,QAAgB,EAAI,GAExE,OAAOxgC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAGE,aAAA4kD,CAAcx8C,EAAOmzB,GAAS,GAC5B,IAAIspB,EAAQ,EAGZ,MAAMP,KAA6B,IAAfl8C,EAAMy8C,IACpB3yC,EAAsB,IAAf9J,EAAMy8C,GAInB,GAFAA,IAEKtpB,IACHt9B,KAAKkkD,mBAAmBphD,KAAK,CAC3BmR,OACAoyC,WACAnlC,KAAM/W,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,UAE/BgiD,GAA0B5/C,IAAIiQ,IAMrC,OAAQA,GACN,KAAKxJ,EAAMuG,mBAAmBC,sBAE5BjR,KAAKqkD,QAAUvtC,EAAKgB,SAAS3N,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACzD,MACF,KAAK6I,EAAMuG,mBAAmBE,wBAAyB,CAErD,MAAM21C,EAAU/vC,EAAKY,WAAWvN,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAE5D5B,KAAKskD,sBAAoC,IAAZuC,EAC7B7mD,KAAKkR,wBAA0B21C,EAE/B,KACR,CACM,KAAKp8C,EAAMuG,mBAAmBG,wBAE5BnR,KAAKukD,WAAgC,IAAnBp6C,EAAMy8C,KACxB,MACF,KAAKn8C,EAAMuG,mBAAmBI,eAE5BpR,KAAKwkD,WAAar6C,EAAMy8C,KACxB5mD,KAAKykD,YAAct6C,EAAMy8C,KACzB,MACF,KAAKn8C,EAAMuG,mBAAmBK,kBAE5BrR,KAAKqR,kBAAoBlH,EAAMy8C,GAC/B,MACF,KAAKn8C,EAAMuG,mBAAmBM,UAE5BtR,KAAKsR,UAA+B,IAAnBnH,EAAMy8C,KACvB,MACF,KAAKn8C,EAAMuG,mBAAmBO,kBAAmB,CAE/C,MAAMs1C,EAAU/vC,EAAKY,WAAWvN,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAE5D5B,KAAKuR,kBAAoBs1C,EACzB7mD,KAAK0kD,gBAA8B,IAAZmC,EAEvB,KACR,CACM,KAAKp8C,EAAMuG,mBAAmBS,6BAE5BzR,KAAKyR,6BAA+B,IAAItH,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACpE,MACF,KAAK6I,EAAMuG,mBAAmBU,cAK5B1R,KAAK2kD,mBAAqBx6C,EAAMy8C,KAChC5mD,KAAK4kD,uBAAyBz6C,EAAMy8C,KACpC5mD,KAAK6kD,yBAA2B16C,EAAMnB,SAAS49C,EAAOA,EAAQ,IAC9D,MAEF,KAAKn8C,EAAMuG,mBAAmBW,YAE5B,GAAqB,IAAjB3R,KAAKs3C,QACPt3C,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,cAC7C,GAAI07B,EAST,MAAU/7B,MAAM,sCAElB,MAEF,KAAKkJ,EAAMuG,mBAAmBY,aAAc,CAE1C,MAAMw0C,KAAkC,IAAfj8C,EAAMy8C,IAG/BA,GAAS,EACT,MAAM1uB,EAAIphB,EAAKY,WAAWvN,EAAMnB,SAAS49C,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAMjvC,EAAIb,EAAKY,WAAWvN,EAAMnB,SAAS49C,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM3+C,EAAO6O,EAAK6D,WAAWxQ,EAAMnB,SAAS49C,EAAOA,EAAQ1uB,IACrD31B,EAAQ4H,EAAMnB,SAAS49C,EAAQ1uB,EAAG0uB,EAAQ1uB,EAAIvgB,GAEpD3X,KAAK8kD,aAAahiD,KAAK,CAAEmF,OAAMm+C,gBAAe7jD,QAAO8jD,aAEjDD,IACFpmD,KAAK+kD,UAAU98C,GAAQ6O,EAAK6D,WAAWpY,IAEzC,KACR,CACM,KAAKkI,EAAMuG,mBAAmBa,wBAE5B7R,KAAK6R,wBAA0B,IAAI1H,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmBc,+BAE5B9R,KAAK8R,+BAAiC,IAAI3H,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBe,qBAE5B/R,KAAK+R,qBAAuB,IAAI5H,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAC5D,MACF,KAAK6I,EAAMuG,mBAAmBgB,mBAE5BhS,KAAKgS,mBAAqB8E,EAAK6D,WAAWxQ,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBiB,cAE5BjS,KAAKglD,gBAAqC,IAAnB76C,EAAMy8C,KAC7B,MACF,KAAKn8C,EAAMuG,mBAAmBkB,UAE5BlS,KAAKkS,UAAY4E,EAAK6D,WAAWxQ,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAC7D,MACF,KAAK6I,EAAMuG,mBAAmBmB,SAE5BnS,KAAKmS,SAAW,IAAIhI,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBoB,cAE5BpS,KAAKoS,cAAgB0E,EAAK6D,WAAWxQ,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACjE,MACF,KAAK6I,EAAMuG,mBAAmBqB,oBAE5BrS,KAAKilD,wBAA0B96C,EAAMy8C,KACrC5mD,KAAKklD,0BAA4BpuC,EAAK6D,WAAWxQ,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAC7E,MACF,KAAK6I,EAAMuG,mBAAmBsB,SAE5BtS,KAAKsS,SAAW,IAAInI,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBuB,gBAAiB,CAG7CvS,KAAKmlD,kCAAoCh7C,EAAMy8C,KAC/C5mD,KAAKolD,6BAA+Bj7C,EAAMy8C,KAE1C,MAAM15B,EAAM/Q,GAAOgJ,kBAAkBnlB,KAAKolD,8BAE1CplD,KAAKqlD,oBAAsBvuC,EAAKmD,mBAAmB9P,EAAMnB,SAAS49C,EAAOA,EAAQ15B,IACjF,KACR,CACM,KAAKziB,EAAMuG,mBAAmBwB,kBAE5BxS,KAAKwS,kBAAoB,IAAIqxC,GAC7B7jD,KAAKwS,kBAAkBnQ,KAAK8H,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SACxD,MACF,KAAK6I,EAAMuG,mBAAmByB,kBAE5BzS,KAAKslD,iBAAmBn7C,EAAMy8C,KAC9B5mD,KAAKyS,kBAAoBtI,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,QACjD5B,KAAKslD,kBAAoB,EAC3BtlD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,mBAE3BzS,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBAAkBzJ,UAAU,IAEzD,MACF,KAAKyB,EAAMuG,mBAAmB0B,wBAE5B1S,KAAK0S,wBAA0B,IAAIvI,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmB2B,sBAE5B3S,KAAK2S,sBAAwB,GAC7B,IAAK,IAAI7Q,EAAI8kD,EAAO9kD,EAAIqI,EAAMvI,OAAQE,GAAK,EACzC9B,KAAK2S,sBAAsB7P,KAAK,CAACqH,EAAMrI,GAAIqI,EAAMrI,EAAI,KAEvD,MACF,QACE9B,KAAKmkD,kBAAkBrhD,KAAK,CAC1BmR,OACAoyC,WACAnlC,KAAM/W,EAAMnB,SAAS49C,EAAOz8C,EAAMvI,UAI5C,CAEE,cAAA4jD,CAAer7C,EAAO28C,GAAU,EAAM5yC,GACpC,MAAM6yC,EAAwC,IAAjB/mD,KAAKs3C,QAAgB,EAAI,EAGhD0P,EAAkBlwC,EAAKY,WAAWvN,EAAMnB,SAAS,EAAG+9C,IAE1D,IAAIjlD,EAAIilD,EAGR,KAAOjlD,EAAI,EAAIklD,GAAiB,CAC9B,MAAM95B,EAAMme,GAAiBlhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKorB,EAAItU,OAET5Y,KAAK2mD,cAAcx8C,EAAMnB,SAASlH,EAAGA,EAAIorB,EAAIA,KAAM45B,EAAS5yC,GAE5DpS,GAAKorB,EAAIA,GACf,CAEI,OAAOprB,CACX,CAGE,MAAAmlD,CAAOhzC,EAAMpN,GACX,MAAM6U,EAAIjR,EAAMoE,UAEhB,OAAQoF,GACN,KAAKyH,EAAE3L,OACL,OAAkB,OAAdlJ,EAAKmJ,KACA8G,EAAKwD,WAAWzT,EAAK67C,SAAQ,IAE/B77C,EAAK87C,UAAS,GAEvB,KAAKjnC,EAAE1L,KAAM,CACX,MAAM7F,EAAQtD,EAAK87C,UAAS,GAE5B,OAAO7rC,EAAKkG,gBAAgB7S,EACpC,CACM,KAAKuR,EAAEvL,WACL,OAAO,IAAI1O,WAAW,GAExB,KAAKia,EAAEtL,YACP,KAAKsL,EAAErL,YACP,KAAKqL,EAAEpL,WACP,KAAKoL,EAAEnL,aACP,KAAKmL,EAAElL,eAAgB,CACrB,IAAI7B,EACAoP,EAEJ,GAAIlX,EAAK0I,OACPwO,EAAM,IACNpP,EAAS9H,EAAK0I,WACT,KAAI1I,EAAK4I,cAId,MAAUlO,MAAM,mFAHhBwc,EAAM,IACNpP,EAAS9H,EAAK4I,aAIxB,CAEQ,MAAMtF,EAAQwE,EAAO5L,QAErB,OAAO+T,EAAKtS,OAAO,CAACxE,KAAKinD,OAAOvrC,EAAE/K,IAAK9J,GACrC,IAAIpF,WAAW,CAACsc,IAChBjH,EAAKc,YAAYzN,EAAMvI,OAAQ,GAC/BuI,GACV,CACM,KAAKuR,EAAEjL,cACP,KAAKiL,EAAE7K,iBACP,KAAK6K,EAAEhL,WACL,OAAOoG,EAAKtS,OAAO,CAACxE,KAAKinD,OAAOvrC,EAAE/K,IAAK9J,GAAO7G,KAAKinD,OAAOvrC,EAAE/K,IAAK,CAC/DA,IAAK9J,EAAKlD,SAGd,KAAK+X,EAAE/K,IACL,QAAiBvO,IAAbyE,EAAK8J,IACP,MAAUpP,MAAM,8CAElB,OAAOsF,EAAK8J,IAAIu2C,aAAalnD,KAAKs3C,SAEpC,KAAK57B,EAAE9K,cACL,OAAO5Q,KAAKinD,OAAOvrC,EAAE/K,IAAK9J,GAC5B,KAAK6U,EAAE5K,UACL,OAAO,IAAIrP,WAAW,GACxB,KAAKia,EAAE3K,WACL,MAAUxP,MAAM,mBAClB,QACE,MAAUA,MAAM,2BAExB,CAEE,gBAAA4lD,CAAiBtgD,EAAM4jC,GACrB,IAAI7oC,EAAS,EACb,OAAOmY,EAAiBysC,EAAaxmD,KAAKikD,gBAAgB1hD,IACxDX,GAAUW,EAAMX,MAAM,IACrB,KACD,MAAMmkB,EAAM,GAeZ,OAdqB,IAAjB/lB,KAAKs3C,SAAkBt3C,KAAK8jD,gBAAkBr5C,EAAMoE,UAAUkB,QAAU/P,KAAK8jD,gBAAkBr5C,EAAMoE,UAAUmB,OAC7Gy6B,EACF1kB,EAAIjjB,KAAK,IAAIrB,WAAW,IAExBskB,EAAIjjB,KAAK+D,EAAK8kC,gBAGlB5lB,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKs3C,QAAS,OAClB,IAAjBt3C,KAAKs3C,SACPvxB,EAAIjjB,KAAK,IAAIrB,WAAW,IAE1BskB,EAAIjjB,KAAKgU,EAAKc,YAAYhW,EAAQ,IAG3BkV,EAAKtS,OAAOuhB,EAAI,GAE7B,CAEE,MAAA+xB,CAAOgM,EAAej9C,EAAM4jC,GAAW,GACrC,MAAMtgC,EAAQnK,KAAKinD,OAAOnD,EAAej9C,GAEzC,OAAOiQ,EAAKtS,OAAO,CAACxE,KAAKsuC,MAAQ,IAAI7sC,WAAc0I,EAAOnK,KAAKikD,cAAejkD,KAAKmnD,iBAAiBtgD,EAAM4jC,IAC9G,CAEE,UAAM98B,CAAKm2C,EAAej9C,EAAMixC,EAAQrN,GAAW,GACjD,GAAqB,IAAjBzqC,KAAKs3C,SAAiBt3C,KAAKsuC,KAAK1sC,SAAWskD,GAAkBlmD,KAAK+jD,eAEpE,MAAUxiD,MAAM,oDAIlB,OADKu2C,IAAQA,EAAS93C,KAAK83C,OAAOgM,EAAej9C,EAAM4jC,IAChDtuB,GAAOxO,KAAK2W,OAAOtkB,KAAK+jD,cAAejM,EAClD,CAcE,YAAMvX,CAAO5vB,EAAKmzC,EAAej9C,EAAM07C,EAAO,IAAIxqC,KAAQ0yB,GAAW,EAAOv2B,EAASqD,GACnF,IAAKvX,KAAK2R,YAAYwxC,OAAOxyC,EAAIs1C,YAC/B,MAAU1kD,MAAM,oDAElB,GAAIvB,KAAKgkD,qBAAuBrzC,EAAI4kC,UAClC,MAAUh0C,MAAM,oFAGlB,MAAM6lD,EAAqBtD,IAAkBr5C,EAAMoE,UAAUkB,QAAU+zC,IAAkBr5C,EAAMoE,UAAUmB,KAIzG,KADmBhQ,KAAKoyC,MAAcgV,GACrB,CACf,IAAItP,EACAnqC,EAQJ,GAPI3N,KAAKs9B,OACP3vB,QAAa3N,KAAKs9B,QAElBwa,EAAS93C,KAAK83C,OAAOgM,EAAej9C,EAAM4jC,GAC1C98B,QAAa3N,KAAK2N,KAAKm2C,EAAej9C,EAAMixC,IAE9CnqC,QAAasU,EAAiBtU,GAC1B3N,KAAKokD,gBAAgB,KAAOz2C,EAAK,IACjC3N,KAAKokD,gBAAgB,KAAOz2C,EAAK,GACnC,MAAUpM,MAAM,+BAUlB,GAPAvB,KAAKwmB,aAAexmB,KAAKwmB,OAEzBxmB,KAAKoyC,UAAkBj2B,GAAOtN,UAAU0xB,OACtCvgC,KAAKgkD,mBAAoBhkD,KAAK+jD,cAAe/jD,KAAKwmB,OAAQ7V,EAAIskC,aAC9D6C,EAAQnqC,IAGL3N,KAAKoyC,IACR,MAAU7wC,MAAM,gCAExB,CAEI,MAAM8lD,EAAWvwC,EAAKuB,cAAckqC,GACpC,GAAI8E,GAAYrnD,KAAKqkD,QAAUgD,EAC7B,MAAU9lD,MAAM,4CAElB,GAAI8lD,GAAYA,GAAYrnD,KAAKsnD,oBAC/B,MAAU/lD,MAAM,wBAElB,GAAI2S,EAAOqC,qBAAqBvS,IAAIhE,KAAK+jD,eACvC,MAAUxiD,MAAM,4BAA8BkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAK+jD,eAAewD,eAE3F,GAAIrzC,EAAOsC,4BAA4BxS,IAAIhE,KAAK+jD,gBAC9C,CAACt5C,EAAMoE,UAAUkB,OAAQtF,EAAMoE,UAAUmB,MAAMkP,SAASlf,KAAK8jD,eAC7D,MAAUviD,MAAM,oCAAsCkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAK+jD,eAAewD,eAYnG,GAVAvnD,KAAKmkD,kBAAkBliD,SAAQ,EAAGgS,OAAMoyC,eACtC,GAAIA,EACF,MAAU9kD,MAAM,6CAA6C0S,EACrE,IAEIjU,KAAK8kD,aAAa7iD,SAAQ,EAAGgG,OAAMo+C,eACjC,GAAIA,GAAanyC,EAAOkC,eAAe3M,QAAQxB,GAAQ,EACrD,MAAU1G,MAAM,8BAA8B0G,EACtD,IAEoC,OAA5BjI,KAAK2kD,mBACP,MAAUpjD,MAAM,gGAEtB,CAOE,SAAAimD,CAAUjF,EAAO,IAAIxqC,MACnB,MAAMsvC,EAAWvwC,EAAKuB,cAAckqC,GACpC,OAAiB,OAAb8E,KACOrnD,KAAKqkD,SAAWgD,GAAYA,EAAWrnD,KAAKsnD,oBAG3D,CAME,iBAAAA,GACE,OAAOtnD,KAAKskD,sBAAwB/7C,IAAW,IAAIwP,KAAK/X,KAAKqkD,QAAQjsC,UAA2C,IAA/BpY,KAAKkR,wBAC1F,EAeA,SAASu1C,GAAexyC,EAAMoyC,EAAUx/C,GACtC,MAAMkf,EAAM,GAIZ,OAHAA,EAAIjjB,KAAKwoC,GAAkBzkC,EAAKjF,OAAS,IACzCmkB,EAAIjjB,KAAK,IAAIrB,WAAW,EAAE4kD,EAAW,IAAO,GAAKpyC,KACjD8R,EAAIjjB,KAAK+D,GACFiQ,EAAKtS,OAAOuhB,EACrB,CASA,SAASmgC,GAAkBnC,GACzB,OAAQA,GACN,KAAKt5C,EAAMkD,KAAKI,OAAQ,OAAO,GAC/B,KAAKtD,EAAMkD,KAAKK,OAAQ,OAAO,GAC/B,KAAKvD,EAAMkD,KAAKM,OAAQ,OAAO,GAC/B,KAAKxD,EAAMkD,KAAKO,OAChB,KAAKzD,EAAMkD,KAAKQ,SAAU,OAAO,GACjC,KAAK1D,EAAMkD,KAAKS,SAAU,OAAO,GACjC,QAAS,MAAU7M,MAAM,6BAE7B,CCh1BA,MAAMkmD,GACJ,cAAW1pC,GACT,OAAOtT,EAAMkE,OAAOI,gBACxB,CAEE,0BAAO24C,CAAoBC,EAAiBC,GAC1C,MAAMC,EAAa,IAAIJ,GAUvB,OATAI,EAAWvQ,QAAsC,IAA5BqQ,EAAgBrQ,QAAgB,EAAI,EACzDuQ,EAAW/D,cAAgB6D,EAAgB7D,cAC3C+D,EAAW9D,cAAgB4D,EAAgB5D,cAC3C8D,EAAW7D,mBAAqB2D,EAAgB3D,mBAChD6D,EAAWl2C,YAAcg2C,EAAgBh2C,YACzCk2C,EAAWvZ,KAAOqZ,EAAgBrZ,KAClCuZ,EAAWp1C,kBAAoBk1C,EAAgBl1C,kBAE/Co1C,EAAWC,MAAQF,EAAS,EAAI,EACzBC,CACX,CAEE,WAAAjoD,GAEEI,KAAKs3C,QAAU,KAQft3C,KAAK8jD,cAAgB,KAMrB9jD,KAAK+jD,cAAgB,KAMrB/jD,KAAKgkD,mBAAqB,KAE1BhkD,KAAKsuC,KAAO,KAEZtuC,KAAK2R,YAAc,KAEnB3R,KAAKyS,kBAAoB,KAMzBzS,KAAK8nD,MAAQ,IACjB,CAOE,IAAAzlD,CAAK8H,GACH,IAAIy8C,EAAQ,EAGZ,GADA5mD,KAAKs3C,QAAUntC,EAAMy8C,KACA,IAAjB5mD,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QAC7B,MAAM,IAAI7K,GAAiB,WAAWzsC,KAAKs3C,4DAa7C,GARAt3C,KAAK8jD,cAAgB35C,EAAMy8C,KAG3B5mD,KAAK+jD,cAAgB55C,EAAMy8C,KAG3B5mD,KAAKgkD,mBAAqB75C,EAAMy8C,KAEX,IAAjB5mD,KAAKs3C,QAAe,CAMtB,MAAMmO,EAAat7C,EAAMy8C,KAGzB5mD,KAAKsuC,KAAOnkC,EAAMnB,SAAS49C,EAAOA,EAAQnB,GAC1CmB,GAASnB,EAGTzlD,KAAKyS,kBAAoBtI,EAAMnB,SAAS49C,EAAOA,EAAQ,IACvDA,GAAS,GACT5mD,KAAK2R,YAAc,IAAIuxC,GAEvBljD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBACjC,MAEMzS,KAAK2R,YAAc,IAAIuxC,GACvBljD,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAAS49C,EAAOA,EAAQ,IACpDA,GAAS,EAQX,OADA5mD,KAAK8nD,MAAQ39C,EAAMy8C,KACZ5mD,IACX,CAME,KAAA+C,GACE,MAAMgjB,EAAM,CAAC,IAAItkB,WAAW,CAC1BzB,KAAKs3C,QACLt3C,KAAK8jD,cACL9jD,KAAK+jD,cACL/jD,KAAKgkD,sBAYP,OAVqB,IAAjBhkD,KAAKs3C,QACPvxB,EAAIjjB,KACF,IAAIrB,WAAW,CAACzB,KAAKsuC,KAAK1sC,SAC1B5B,KAAKsuC,KACLtuC,KAAKyS,mBAGPsT,EAAIjjB,KAAK9C,KAAK2R,YAAY5O,SAE5BgjB,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK8nD,SACvBhxC,EAAKpV,iBAAiBqkB,EACjC,CAEE,gBAAAohC,IAAoBY,GAClB,OAAOlC,GAAiBvjD,SAAYuhD,GAAgB5jD,UAAUknD,iBAAiB9sC,YAAYra,KAAKgoD,iBAAkBD,IACtH,CAEE,YAAMxnB,GACJ,MAAMynB,QAAyBhoD,KAAKgoD,iBACpC,IAAKA,GAAoBA,EAAiBpoD,YAAYme,MAAQtT,EAAMkE,OAAOE,UACzE,MAAUtN,MAAM,0CAElB,GACEymD,EAAiBlE,gBAAkB9jD,KAAK8jD,eACxCkE,EAAiBjE,gBAAkB/jD,KAAK+jD,eACxCiE,EAAiBhE,qBAAuBhkD,KAAKgkD,qBAC5CgE,EAAiBr2C,YAAYwxC,OAAOnjD,KAAK2R,cACxB,IAAjB3R,KAAKs3C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjBt3C,KAAKs3C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjBt3C,KAAKs3C,UAAkBxgC,EAAKmE,iBAAiB+sC,EAAiBv1C,kBAAmBzS,KAAKyS,oBACrE,IAAjBzS,KAAKs3C,UAAkBxgC,EAAKmE,iBAAiB+sC,EAAiB1Z,KAAMtuC,KAAKsuC,MAE1E,MAAU/sC,MAAM,2EAGlB,OADAymD,EAAiB1qB,OAASt9B,KAAKs9B,OACxB0qB,EAAiBznB,OAAOlmB,MAAM2tC,EAAkBhe,UAC3D,EC5KO,SAASie,GAAiBlqC,EAAKmqC,GACpC,IAAKA,EAAenqC,GAAM,CAExB,IAAIoqC,EACJ,IACEA,EAAa19C,EAAMpI,KAAKoI,EAAMkE,OAAQoP,EACvC,CAAC,MAAO7Z,GACP,MAAM,IAAIyoC,GAAmB,iCAAiC5uB,EACpE,CACI,MAAUxc,MAAM,uCAAuC4mD,EAC3D,CACE,OAAO,IAAID,EAAenqC,EAC5B,CDmKA0pC,GAAuBxnD,UAAU0N,KAAOk2C,GAAgB5jD,UAAU0N,KAClE85C,GAAuBxnD,UAAU63C,OAAS+L,GAAgB5jD,UAAU63C,OACpE2P,GAAuBxnD,UAAUgnD,OAASpD,GAAgB5jD,UAAUgnD,OC7JpE,MAAMmB,WAAmBzoD,MAWvB,uBAAa0oD,CAAWl+C,EAAO+9C,EAAgBh0C,EAASqD,GACtD,MAAM+wC,EAAU,IAAIF,GAEpB,aADME,EAAQjmD,KAAK8H,EAAO+9C,EAAgBh0C,GACnCo0C,CACX,CAUE,UAAMjmD,CAAK8H,EAAO+9C,EAAgBh0C,EAASqD,GACrCrD,EAAO4B,yBAAyBlU,SAClCsmD,EAAiB,IAAKA,KAAmBpxC,EAAK8G,wBAAwB1J,EAAO4B,4BAE/E9V,KAAKgB,OAAS4gB,EAAqBzX,GAAO7H,MAAO4C,EAAUC,KACzD,MAAMxE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MAyCb,SAxCmBkmC,GAAY3mC,GAAU5C,UACvC,IACE,GAAIimD,EAAOxqC,MAAQtT,EAAMkE,OAAOS,QAAUm5C,EAAOxqC,MAAQtT,EAAMkE,OAAOW,OAASi5C,EAAOxqC,MAAQtT,EAAMkE,OAAOkB,QAKzG,OAEF,MAAMlB,EAASs5C,GAAiBM,EAAOxqC,IAAKmqC,GAC5Cv5C,EAAO25C,QAAU,IAAIF,GACrBz5C,EAAO65C,WAAa1xC,EAAK7V,SAASsnD,EAAO55C,cACnCA,EAAOtM,KAAKkmD,EAAO55C,OAAQuF,SAC3BvT,EAAOoC,MAAM4L,EACpB,CAAC,MAAOzK,GAIP,GAAIA,aAAayoC,GAAoB,CACnC,KAAI4b,EAAOxqC,KAAO,IAGhB,aAFMpd,EAAOuC,MAAMgB,EAIrC,CAEc,MAAMukD,GAAyBv0C,EAAO0B,0BAA4B1R,aAAauoC,GACzEic,IAAuBx0C,EAAO2B,wBAA4B3R,aAAauoC,IAC7E,GAAIgc,GAAyBC,GAAuB9c,GAAkB2c,EAAOxqC,WAIrEpd,EAAOuC,MAAMgB,OACd,CACL,MAAMykD,EAAiB,IAAI/b,GAAkB2b,EAAOxqC,IAAKwqC,EAAO55C,cAC1DhO,EAAOoC,MAAM4lD,EACnC,CACc7xC,EAAKyE,gBAAgBrX,EACnC,KAKY,aAFMvD,EAAOgF,iBACPhF,EAAOsC,OAGzB,CACO,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,KAII,MAAMR,EAASme,EAAiB7hB,KAAKgB,QACrC,OAAa,CACX,MAAMwB,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OAMrC,GALKG,EAGHxC,KAAKgB,OAAS,KAFdhB,KAAK8C,KAAKP,GAIRC,GAAQopC,GAAkBrpC,EAAM3C,YAAYme,KAC9C,KAER,CACIra,EAAO7C,aACX,CAOE,KAAAkC,GACE,MAAMgjB,EAAM,GAEZ,IAAK,IAAIjkB,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAAK,CACpC,MAAMic,EAAM/d,KAAK8B,aAAc8qC,GAAoB5sC,KAAK8B,GAAGic,IAAM/d,KAAK8B,GAAGlC,YAAYme,IAC/E6qC,EAAc5oD,KAAK8B,GAAGiB,QAC5B,GAAI+T,EAAK7V,SAAS2nD,IAAgBhd,GAAkB5rC,KAAK8B,GAAGlC,YAAYme,KAAM,CAC5E,IAAIzU,EAAS,GACTU,EAAe,EACnB,MAAM6+C,EAAY,IAClB9iC,EAAIjjB,KAAK2oC,GAAS1tB,IAClBgI,EAAIjjB,KAAKiX,EAAiB6uC,GAAarmD,IAGrC,GAFA+G,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgB6+C,EAAW,CAC7B,MAAMC,EAAWrgD,KAAKmd,IAAInd,KAAK6S,IAAItR,GAAgBvB,KAAKsgD,IAAM,EAAG,IAC3DC,EAAY,GAAKF,EACjB7+C,EAAe6M,EAAKtS,OAAO,CAAC+mC,GAAmBud,IAAWtkD,OAAO8E,IAGvE,OAFAA,EAAS,CAACW,EAAajB,SAAS,EAAIggD,IACpCh/C,EAAeV,EAAO,GAAG1H,OAClBqI,EAAajB,SAAS,EAAG,EAAIggD,EAChD,KACW,IAAMlyC,EAAKtS,OAAO,CAAC8mC,GAAkBthC,IAAexF,OAAO8E,MACtE,KAAa,CACL,GAAIwN,EAAK7V,SAAS2nD,GAAc,CAC9B,IAAIhnD,EAAS,EACbmkB,EAAIjjB,KAAKiX,EAAiBysC,EAAaoC,IAAcrmD,IACnDX,GAAUW,EAAMX,MAAM,IACrB,IAAM+pC,GAAY5tB,EAAKnc,KACpC,MACUmkB,EAAIjjB,KAAK6oC,GAAY5tB,EAAK6qC,EAAYhnD,SAExCmkB,EAAIjjB,KAAK8lD,EACjB,CACA,CAEI,OAAO9xC,EAAKtS,OAAOuhB,EACvB,CAOE,WAAAkjC,IAAeC,GACb,MAAMC,EAAW,IAAIf,GAEfgB,EAASrrC,GAAOoqC,GAAcpqC,IAAQoqC,EAE5C,IAAK,IAAIrmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BonD,EAAKxkD,KAAK0kD,EAAOppD,KAAK8B,GAAGlC,YAAYme,OACvCorC,EAASrmD,KAAK9C,KAAK8B,IAIvB,OAAOqnD,CACX,CAOE,UAAAE,CAAWtrC,GACT,OAAO/d,KAAKspD,MAAK36C,GAAUA,EAAO/O,YAAYme,MAAQA,GAC1D,CAOE,UAAAwrC,IAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOzpD,KAEPopD,EAASrrC,GAAOoqC,GAAcpqC,IAAQoqC,EAE5C,IAAK,IAAIrmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BonD,EAAKxkD,KAAK0kD,EAAOK,EAAK3nD,GAAGlC,YAAYme,OACvCyrC,EAAS1mD,KAAKhB,GAGlB,OAAO0nD,CACX,EC1MA,MAAMtB,gBAA+BpxC,EAAK8G,wBAAwB,CAChE0kC,GACAmF,GACA5D,KAWF,MAAM6F,GACJ,cAAW3rC,GACT,OAAOtT,EAAMkE,OAAOO,cACxB,CAKE,WAAAtP,CAAYsU,EAASqD,GAKnBvX,KAAKsoD,QAAU,KAKftoD,KAAKu1C,UAAYrhC,EAAOG,8BAMxBrU,KAAK2pD,WAAa,IACtB,CAOE,UAAMtnD,CAAK8H,EAAO+J,EAASqD,SACnBwrC,EAAa54C,GAAO7H,UAGxBtC,KAAKu1C,gBAAkB7xC,EAAOkG,WAG9B5J,KAAK2pD,WAAajmD,EAAOgE,kBAEnB1H,KAAK4pD,WAAW11C,EAAO,GAEnC,CAOE,KAAAnR,GAKE,OAJwB,OAApB/C,KAAK2pD,YACP3pD,KAAK6pD,WAGA/yC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAKu1C,YAAav1C,KAAK2pD,YAC/D,CAQE,gBAAMC,CAAW11C,EAASqD,GACxB,MAAMuyC,EAAkBr/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAKu1C,WACrDwU,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUxoD,MAASuoD,EAAH,gCAGlB9pD,KAAKsoD,cAAgBF,GAAWC,iBAAiB0B,EAAgB/pD,KAAK2pD,YAAazB,GAAgBh0C,EACvG,CAKE,QAAA21C,GACE,MAAMC,EAAkBr/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAKu1C,WACrD0U,EAAgBC,GAAaJ,GACnC,IAAKG,EACH,MAAU1oD,MAASuoD,EAAH,8BAGlB9pD,KAAK2pD,WAAaM,EAAcjqD,KAAKsoD,QAAQvlD,QACjD,EAiBA,SAAS0K,GAAK08C,EAA+BC,GAC3C,OAAOvjD,IACL,IAAKiQ,EAAK7V,SAAS4F,IAASmb,EAAqBnb,GAC/C,OAAOg/C,GAAiB,IAAM5jC,EAAiBpb,GAAMhE,MAAKwnD,GACjD,IAAInqD,SAAQ,CAACC,EAASC,KAC3B,MAAMkqD,EAAa,IAAIF,EACvBE,EAAWjK,OAASkK,IAClBpqD,EAAQoqD,EAAc,EAExB,IACED,EAAWxnD,KAAKunD,GAAW,EAC5B,CAAC,MAAOn0B,GACP91B,EAAO81B,EACnB,SAMI,GAAIi0B,EACF,IACE,MAAMK,EAA2BL,IACjC,OAAOtjD,EAAK4jD,YAAYD,EACzB,CAAC,MAAOt0B,GAEP,GAAiB,cAAbA,EAAIjuB,KACN,MAAMiuB,CAEhB,CAII,MAAMw0B,EAAc7jD,EAAKrG,YACnB8pD,EAAa,IAAIF,EAEvB,OAAO,IAAIjpD,eAAe,CACxB,WAAMiD,CAAMC,GAQV,IAPAimD,EAAWjK,OAAS/9C,MAAOC,EAAOqlD,KAChCvjD,EAAWC,QAAQ/B,GACfqlD,GACFvjD,EAAWpB,OACvB,IAGqB,CACX,MAAMT,KAAEA,EAAID,MAAEA,SAAgBmoD,EAAYroD,OAC1C,GAAIG,EAEF,YADA8nD,EAAWxnD,KAAK,IAAIrB,YAAc,GAEzBc,EAAMX,QACf0oD,EAAWxnD,KAAKP,EAE5B,CACA,GACM,CAEN,CAEA,SAASooD,KACP,OAAOroD,eAAeuE,GACpB,MAAQiU,OAAQ8vC,SAAuBnzC,OAAO,uBAAqB5U,MAAA,SAAA8U,GAAA,OAAAA,EAAA7V,CAAA,IACnE,OAAO+jD,GAAiBvjD,SAAYsoD,QAAmB3oC,EAAiBpb,KACzE,CACH,CASA,MAAMgkD,GAAoCC,IAAsB,CAC9DC,WAAyC,oBAAtBC,mBAAsC,KAAM,IAAIA,kBAAkBF,IACrFG,aAA6C,oBAAxBC,qBAAwC,KAAM,IAAIA,oBAAoBJ,MAGvFZ,GAAe,CACnB18C,iBAAmBC,GAAKo9C,GAAkC,eAAeE,WAAY5K,IACrF1yC,kBAAoBA,GAAKo9C,GAAkC,WAAWE,WAAYhJ,KAG9EiI,GAAiB,CACrBz8C,aAAc1G,GAAQA,EACtB2G,iBAAmBC,GAAKo9C,GAAkC,eAAeI,aAAc3K,IACvF7yC,kBAAoBA,GAAKo9C,GAAkC,WAAWI,aAAc7I,IACpF10C,mBAAqBi9C,MCvMjBzC,gBAA+BpxC,EAAK8G,wBAAwB,CAChE0kC,GACAoH,GACAjC,GACA5D,KAaF,MAAMsH,GACJ,cAAWptC,GACT,OAAOtT,EAAMkE,OAAOe,kCACxB,CAEE,iBAAO4lC,EAAWgC,QAAEA,EAAO8T,cAAEA,IAC3B,GAAgB,IAAZ9T,GAA6B,IAAZA,EACnB,MAAU/1C,MAAM,6BAGlB,MAAM8pD,EAAO,IAAIF,GAMjB,OALAE,EAAK/T,QAAUA,EACC,IAAZA,IACF+T,EAAKD,cAAgBA,GAGhBC,CACX,CAEE,WAAAzrD,GACEI,KAAKs3C,QAAU,KAIft3C,KAAKsrD,gBAAkB,KAEvBtrD,KAAKorD,cAAgB,KACrBprD,KAAKurD,cAAgB,KACrBvrD,KAAKsuC,KAAO,KAEZtuC,KAAKwrD,UAAY,KACjBxrD,KAAKsoD,QAAU,IACnB,CAEE,UAAMjmD,CAAK8H,SACH44C,EAAa54C,GAAO7H,UAGxB,GAFAtC,KAAKs3C,cAAgB5zC,EAAOkG,WAEP,IAAjB5J,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QAC7B,MAAM,IAAI7K,GAAiB,WAAWzsC,KAAKs3C,8CAGxB,IAAjBt3C,KAAKs3C,UAEPt3C,KAAKsrD,sBAAwB5nD,EAAOkG,WAEpC5J,KAAKorD,oBAAsB1nD,EAAOkG,WAElC5J,KAAKurD,oBAAsB7nD,EAAOkG,WAElC5J,KAAKsuC,WAAa5qC,EAAOqG,UAAU,KAUrC/J,KAAKwrD,UAAY9nD,EAAOgE,WAAW,GAEzC,CAEE,KAAA3E,GACE,OAAqB,IAAjB/C,KAAKs3C,QACAxgC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAKs3C,QAASt3C,KAAKsrD,gBAAiBtrD,KAAKorD,cAAeprD,KAAKurD,gBAAiBvrD,KAAKsuC,KAAMtuC,KAAKwrD,YAE7H10C,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAKs3C,UAAWt3C,KAAKwrD,WAC7D,CAWE,aAAM59B,CAAQ69B,EAAqB96C,EAAKuD,EAASqD,GAM/C,MAAMyL,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgB2oC,GACtD,GAAI96C,EAAI/O,SAAWmhB,EACjB,MAAUxhB,MAAM,+BAGlB,IAAI4I,EAAQnK,KAAKsoD,QAAQvlD,QAGzB,GAFIif,EAAqB7X,KAAQA,QAAc8X,EAAiB9X,IAE3C,IAAjBnK,KAAKs3C,QACPt3C,KAAKsrD,gBAAkBG,EAEvBzrD,KAAKsuC,KAAOnyB,GAAOq6B,OAAO/a,eAAe,IACzCz7B,KAAKurD,cAAgBr3C,EAAOO,kBAC5BzU,KAAKwrD,gBAAkBE,GAAQ1rD,KAAM,UAAW2Q,EAAKxG,OAChD,CACL,MAAMgP,QAAegD,GAAOwvC,gBAAgBF,GACtCG,EAAM,IAAInqD,WAAW,CAAC,IAAM,KAE5BoqD,EAAS/0C,EAAKtS,OAAO,CAAC2U,EAAQhP,EAAOyhD,IACrCj+C,QAAawO,GAAOxO,KAAKE,KAAK0U,EAAoBspC,IAClD38B,EAAYpY,EAAKtS,OAAO,CAACqnD,EAAQl+C,IAEvC3N,KAAKwrD,gBAAkBrvC,GAAOkX,KAAK3C,IAAI9C,QAAQ69B,EAAqB96C,EAAKue,EAAW,IAAIztB,WAAWuhB,GAAY9O,EACrH,CACI,OAAO,CACX,CAWE,aAAMga,CAAQu9B,EAAqB96C,EAAKuD,EAASqD,GAM/C,GAAI5G,EAAI/O,SAAWua,GAAO2G,gBAAgB2oC,GAAqB1oC,QAC7D,MAAUxhB,MAAM,+BAGlB,IAGIqnD,EAHA4C,EAAYhF,EAAaxmD,KAAKwrD,WAIlC,GAHIxpC,EAAqBwpC,KAAYA,QAAkBvpC,EAAiBupC,IAGnD,IAAjBxrD,KAAKs3C,QAAe,CACtB,GAAIt3C,KAAKsrD,kBAAoBG,EAE3B,MAAUlqD,MAAM,oCAElBqnD,QAAoB8C,GAAQ1rD,KAAM,UAAW2Q,EAAK66C,EACxD,KAAW,CACL,MAAMxoC,UAAEA,GAAc7G,GAAO2G,gBAAgB2oC,GACvCK,QAAkB3vC,GAAOkX,KAAK3C,IAAIxC,QAAQu9B,EAAqB96C,EAAK66C,EAAW,IAAI/pD,WAAWuhB,IAI9F+oC,EAAWxF,EAAahkC,EAAoBupC,IAAa,IACzDD,EAAStF,EAAauF,EAAW,GAAI,IACrCE,EAAa9rD,QAAQ4E,IAAI,CAC7Bmd,QAAuB9F,GAAOxO,KAAKE,KAAK0U,EAAoBspC,KAC5D5pC,EAAiB8pC,KAChBlpD,MAAK,EAAE8K,EAAMi+C,MACd,IAAK90C,EAAKmE,iBAAiBtN,EAAMi+C,GAC/B,MAAUrqD,MAAM,0BAElB,OAAO,IAAIE,UAAY,IAEnB0I,EAAQo8C,EAAasF,EAAQ7oC,EAAY,GAC/C4lC,EAAcrC,EAAap8C,EAAO,GAAI,GACtCy+C,EAAc7tC,EAAc,CAAC6tC,EAAa/C,GAAiB,IAAMmG,MAC5Dl1C,EAAK7V,SAASuqD,IAAet3C,EAAOiB,6BACvCyzC,QAAoB3mC,EAAiB2mC,GAE7C,CAGI,OADA5oD,KAAKsoD,cAAgBF,GAAWC,WAAWO,EAAaV,GAAgBh0C,IACjE,CACX,EAaO5R,eAAeopD,GAAQ/8C,EAAQ1H,EAAI0J,EAAK9J,GAC7C,MAAMolD,EAAYt9C,aAAkBw8C,IAA+D,IAAnBx8C,EAAO2oC,QACjF4U,GAAWD,GAAat9C,EAAO/O,YAAYme,MAAQtT,EAAMkE,OAAOiB,kBACtE,IAAKq8C,IAAcC,EAAS,MAAU3qD,MAAM,0BAE5C,MAAM8xB,EAAOlX,GAAOgwC,YAAYx9C,EAAOy8C,eACjCgB,EAA+B,YAAPnlD,EAAmBosB,EAAKvC,UAAY,EAC5Du7B,EAA+B,YAAPplD,EAAmBosB,EAAKvC,UAAY,EAC5Dk4B,EAAY,IAAMr6C,EAAO48C,cAAgB,GAAKa,EAC9CE,EAAyBJ,EAAU,EAAI,EACvCK,EAAc,IAAI5rC,YAAY,GAAK2rC,GACnCE,EAAa,IAAI/qD,WAAW8qD,EAAa,EAAG,EAAID,GAChDG,EAAgB,IAAIhrD,WAAW8qD,GAC/BG,EAAY,IAAI9rC,SAAS2rC,GACzBI,EAAkB,IAAIlrD,WAAW8qD,EAAa,EAAG,GACvDC,EAAWrqD,IAAI,CAAC,IAAOwM,EAAO/O,YAAYme,IAAKpP,EAAO2oC,QAAS3oC,EAAO28C,gBAAiB38C,EAAOy8C,cAAez8C,EAAO48C,eAAgB,GACpI,IAIIl8B,EACAu9B,EALAr1B,EAAa,EACbs1B,EAAgB3sD,QAAQC,UACxB2sD,EAAe,EACfC,EAAc,EAGlB,GAAId,EAAW,CACb,MAAMlpC,QAAEA,GAAY5G,GAAO2G,gBAAgBnU,EAAO28C,kBAC5Cl1B,SAAEA,GAAa/C,EACfkb,EAAO,IAAI9sC,WAAW8qD,EAAa,EAAG,GACtCS,QAAgB5e,GAAY3jC,EAAMkD,KAAKI,OAAQ4C,EAAKhC,EAAO2/B,KAAMC,EAAMxrB,EAAUqT,GACvFzlB,EAAMq8C,EAAQhkD,SAAS,EAAG+Z,GAC1BsM,EAAK29B,EAAQhkD,SAAS+Z,GACtBsM,EAAG/H,KAAK,EAAG+H,EAAGztB,OAAS,GACvBgrD,EAAS,IAAIhsC,SAASyO,EAAG/lB,OAAQ+lB,EAAGhlB,WAAYglB,EAAG/kB,WACvD,MACI+kB,EAAK1gB,EAAO0gB,GAGd,MAAM49B,QAAqB55B,EAAK1kB,EAAO28C,gBAAiB36C,GACxD,OAAOiR,EAAqB/a,GAAMvE,MAAO4C,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7V,SAASiE,GAAuB,CACvC,MAAMoE,EAAS,IAAItD,gBAAgB,GAAI,CACrCQ,cAAesQ,EAAK4F,yBAA2B,IAAM/N,EAAO48C,cAAgB,GAC5E2B,KAAMnxC,GAASA,EAAMna,SAEvBurD,EAAY7jD,EAAOpE,SAAUC,GAC7BA,EAAWmE,EAAOnE,QACxB,CACI,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAInC,QAAcU,EAAOqG,UAAUi/C,EAAYoD,IAA0B,IAAI3qD,WAC7E,MAAM2rD,EAAapqD,EAAMgG,SAAShG,EAAMpB,OAASwqD,GAEjD,IAAIiB,EACA7qD,EACA8rB,EACJ,GAJAtrB,EAAQA,EAAMgG,SAAS,EAAGhG,EAAMpB,OAASwqD,GAIrCH,EACF39B,EAAQe,MACH,CACLf,EAAQe,EAAG1sB,QACX,IAAK,IAAIb,EAAI,EAAGA,EAAI,EAAGA,IACrBwsB,EAAMe,EAAGztB,OAAS,EAAIE,IAAM6qD,EAAgB7qD,EAExD,CA0BQ,IAzBKy1B,GAAcv0B,EAAMpB,QACvB8B,EAAOiG,QAAQyjD,GACfC,EAAiBJ,EAAahmD,GAAIjE,EAAOsrB,EAAOk+B,GAChDa,EAAehtD,OAAM,SACrB0sD,GAAe/pD,EAAMpB,OAASwqD,EAAwBC,IAKtDK,EAAUY,SAAS,EAAIhB,EAAyB,EAAGQ,GACnDO,EAAiBJ,EAAahmD,GAAImmD,EAAY9+B,EAAOm+B,GACrDY,EAAehtD,OAAM,SACrB0sD,GAAeV,EACf7pD,GAAO,GAETsqD,GAAgB9pD,EAAMpB,OAASwqD,EAE/BS,EAAgBA,EAAchqD,MAAK,IAAMwqD,IAAgBxqD,MAAKP,gBACtD3B,EAAOgF,YACPhF,EAAOoC,MAAMi2B,GACnB+zB,GAAe/zB,EAAQp3B,MAAM,IAC5BvB,OAAM61B,GAAOv1B,EAAOuC,MAAMgzB,MACzB1zB,GAAQuqD,EAAcpsD,EAAO4sD,oBACzBV,EAEHrqD,EAME,OACC7B,EAAOsC,QACb,KACV,CARcgpD,EACFW,EAAOU,SAASj+B,EAAGztB,OAAS,IAAK21B,GAEjCm1B,EAAUY,SAAS,IAAS/1B,EAMxC,CACK,CAAC,MAAOrzB,SACDvD,EAAOgF,MAAMtF,OAAM,eACnBM,EAAOuC,MAAMgB,EACzB,IAEA,CC/SA,MAAMgkD,gBAA+BpxC,EAAK8G,wBAAwB,CAChE0kC,GACAoH,GACAjC,GACA5D,KAYF,MAAM2J,GACJ,cAAWzvC,GACT,OAAOtT,EAAMkE,OAAOiB,iBACxB,CAEE,WAAAhQ,GACEI,KAAKs3C,QAfO,EAiBZt3C,KAAKsrD,gBAAkB,KAEvBtrD,KAAKorD,cAAgB3gD,EAAM6D,KAAKC,IAChCvO,KAAKurD,cAAgB,KACrBvrD,KAAKqvB,GAAK,KACVrvB,KAAKwrD,UAAY,KACjBxrD,KAAKsoD,QAAU,IACnB,CAOE,UAAMjmD,CAAK8H,SACH44C,EAAa54C,GAAO7H,UACxB,MAAMg1C,QAAgB5zC,EAAOkG,WAC7B,GAlCU,IAkCN0tC,EACF,MAAM,IAAI7K,GAAiB,WAAW6K,yDAExCt3C,KAAKsrD,sBAAwB5nD,EAAOkG,WACpC5J,KAAKorD,oBAAsB1nD,EAAOkG,WAClC5J,KAAKurD,oBAAsB7nD,EAAOkG,WAElC,MAAMypB,EAAOlX,GAAOgwC,YAAYnsD,KAAKorD,eACrCprD,KAAKqvB,SAAW3rB,EAAOqG,UAAUspB,EAAK+C,UACtCp2B,KAAKwrD,UAAY9nD,EAAOgE,WAAW,GAEzC,CAME,KAAA3E,GACE,OAAO+T,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAKs3C,QAASt3C,KAAKsrD,gBAAiBtrD,KAAKorD,cAAeprD,KAAKurD,gBAAiBvrD,KAAKqvB,GAAIrvB,KAAKwrD,WACpI,CAUE,aAAMt9B,CAAQu9B,EAAqB96C,EAAKuD,EAASqD,GAC/CvX,KAAKsoD,cAAgBF,GAAWC,iBACxBqD,GAAQ1rD,KAAM,UAAW2Q,EAAK61C,EAAaxmD,KAAKwrD,YACtDtD,GACAh0C,EAEN,CAUE,aAAM0Z,CAAQ69B,EAAqB96C,EAAKuD,EAASqD,GAC/CvX,KAAKsrD,gBAAkBG,EAEvB,MAAMr1B,SAAEA,GAAaja,GAAOgwC,YAAYnsD,KAAKorD,eAC7CprD,KAAKqvB,GAAKlT,GAAOq6B,OAAO/a,eAAerF,GACvCp2B,KAAKurD,cAAgBr3C,EAAOO,kBAC5B,MAAM5N,EAAO7G,KAAKsoD,QAAQvlD,QAC1B/C,KAAKwrD,gBAAkBE,GAAQ1rD,KAAM,UAAW2Q,EAAK9J,EACzD,ECvFA,MAAM4mD,GACJ,cAAW1vC,GACT,OAAOtT,EAAMkE,OAAOC,4BACxB,CAEE,WAAAhP,GACEI,KAAKs3C,QAAU,KAGft3C,KAAK0tD,YAAc,IAAIxK,GAGvBljD,KAAK2tD,iBAAmB,KACxB3tD,KAAK4tD,qBAAuB,KAG5B5tD,KAAKgkD,mBAAqB,KAE1BhkD,KAAK6tD,WAAa,KAKlB7tD,KAAKyrD,oBAAsB,KAG3BzrD,KAAKwrD,UAAY,CAAE,CACvB,CAEE,iBAAOlW,EAAWgC,QAChBA,EAAOwW,oBAAEA,EAAmBC,mBAAEA,EAAkBF,WAAEA,EAAUpC,oBAAEA,IAE9D,MAAMuC,EAAQ,IAAIP,GAElB,GAAgB,IAAZnW,GAA6B,IAAZA,EACnB,MAAU/1C,MAAM,6BAelB,OAZAysD,EAAM1W,QAAUA,EAEA,IAAZA,IACF0W,EAAML,iBAAmBI,EAAqB,KAAOD,EAAoBxW,QACzE0W,EAAMJ,qBAAuBG,EAAqB,KAAOD,EAAoB9H,uBAG/EgI,EAAMN,YAAcK,EAAqB7K,GAAMQ,WAAaoK,EAAoB7H,WAChF+H,EAAMhK,mBAAqB8J,EAAoBvY,UAC/CyY,EAAMH,WAAaA,EACnBG,EAAMvC,oBAAsBA,EAErBuC,CACX,CAOE,IAAA3rD,CAAK8H,GACH,IAAIyO,EAAS,EAEb,GADA5Y,KAAKs3C,QAAUntC,EAAMyO,KACA,IAAjB5Y,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QAC7B,MAAM,IAAI7K,GAAiB,WAAWzsC,KAAKs3C,+CAE7C,GAAqB,IAAjBt3C,KAAKs3C,QAAe,CAKtB,MAAM2W,EAA8B9jD,EAAMyO,KAC1C,GAAIq1C,EAA6B,CAC/BjuD,KAAK2tD,iBAAmBxjD,EAAMyO,KAC9B,MAAMs1C,EAAoBD,EAA8B,EACxDjuD,KAAK4tD,qBAAuBzjD,EAAMnB,SAAS4P,EAAQA,EAASs1C,GAAoBt1C,GAAUs1C,EACtFluD,KAAK2tD,kBAAoB,EAE3B3tD,KAAK0tD,YAAYrrD,KAAKrC,KAAK4tD,sBAG3B5tD,KAAK0tD,YAAYrrD,KAAKrC,KAAK4tD,qBAAqB5kD,UAAU,GAEpE,MAGQhJ,KAAK0tD,YAAcxK,GAAMQ,UAEjC,MACM9qC,GAAU5Y,KAAK0tD,YAAYrrD,KAAK8H,EAAMnB,SAAS4P,EAAQA,EAAS,IAIlE,GAFA5Y,KAAKgkD,mBAAqB75C,EAAMyO,KAChC5Y,KAAKwrD,UAAYrvC,GAAOgyC,yBAAyBnuD,KAAKgkD,mBAAoB75C,EAAMnB,SAAS4P,IACrF5Y,KAAKgkD,qBAAuBv5C,EAAMsB,UAAUW,QAAU1M,KAAKgkD,qBAAuBv5C,EAAMsB,UAAUY,KACpG,GAAqB,IAAjB3M,KAAKs3C,QACPt3C,KAAKyrD,oBAAsBhhD,EAAM1H,MAAM0H,EAAMoC,UAAW7M,KAAKwrD,UAAUrX,EAAEoB,gBACpE,GAAmC,OAA/Bv1C,KAAKwrD,UAAUrX,EAAEoB,UAC1B,MAAUh0C,MAAM,2CAGxB,CAOE,KAAAwB,GACE,MAAMgjB,EAAM,CACV,IAAItkB,WAAW,CAACzB,KAAKs3C,WAsBvB,OAnBqB,IAAjBt3C,KAAKs3C,QAC2B,OAA9Bt3C,KAAK4tD,sBACP7nC,EAAIjjB,KAAK,IAAIrB,WAAW,CACtBzB,KAAK4tD,qBAAqBhsD,OAAS,EACnC5B,KAAK2tD,oBAEP5nC,EAAIjjB,KAAK9C,KAAK4tD,uBAEd7nC,EAAIjjB,KAAK,IAAIrB,WAAW,CAAC,KAG3BskB,EAAIjjB,KAAK9C,KAAK0tD,YAAY3qD,SAG5BgjB,EAAIjjB,KACF,IAAIrB,WAAW,CAACzB,KAAKgkD,qBACrB7nC,GAAO2pC,gBAAgB9lD,KAAKgkD,mBAAoBhkD,KAAKwrD,YAGhD10C,EAAKpV,iBAAiBqkB,EACjC,CAQE,aAAM6H,CAAQjd,GACZ,MAAM8R,EAAOhY,EAAM1H,MAAM0H,EAAMsB,UAAW/L,KAAKgkD,oBAGzCyH,EAAuC,IAAjBzrD,KAAKs3C,QAAgBt3C,KAAKyrD,oBAAsB,KACtE5Y,EAA8B,IAAhBliC,EAAI2mC,QAAgB3mC,EAAIq1C,sBAAsBh9C,SAAS,EAAG,IAAM2H,EAAIq1C,sBAClFlnC,EAAUsvC,GAAiBpuD,KAAKs3C,QAAS70B,EAAMgpC,EAAqBzrD,KAAK6tD,YAC/E7tD,KAAKwrD,gBAAkBrvC,GAAOkyC,iBAC5B5rC,EAAMgpC,EAAqB96C,EAAIskC,aAAcn2B,EAAS+zB,EAC5D,CAUE,aAAM3kB,CAAQvd,EAAK29C,GAEjB,GAAItuD,KAAKgkD,qBAAuBrzC,EAAI4kC,UAClC,MAAUh0C,MAAM,oBAGlB,MAAMy7B,EAAgBsxB,EACpBF,GAAiBpuD,KAAKs3C,QAASt3C,KAAKgkD,mBAAoBsK,EAAiB7C,oBAAqB6C,EAAiBT,YAC/G,KACIhb,EAA8B,IAAhBliC,EAAI2mC,QAAgB3mC,EAAIq1C,sBAAsBh9C,SAAS,EAAG,IAAM2H,EAAIq1C,sBAClFuI,QAAsBpyC,GAAOqyC,iBAAiBxuD,KAAKgkD,mBAAoBrzC,EAAIskC,aAActkC,EAAIilC,cAAe51C,KAAKwrD,UAAW3Y,EAAa7V,IAEzI6wB,WAAEA,EAAUpC,oBAAEA,GAuCxB,SAA0BnU,EAASrB,EAASsY,EAAeD,GACzD,OAAQrY,GACN,KAAKxrC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAAM,CAEzB,MAAMtK,EAASwsD,EAAcvlD,SAAS,EAAGulD,EAAc3sD,OAAS,GAC1D62B,EAAW81B,EAAcvlD,SAASulD,EAAc3sD,OAAS,GACzD6sD,EAAmB33C,EAAKsE,cAAcrZ,EAAOiH,SAASjH,EAAOH,OAAS,IACtE8sD,EAAkBD,EAAiB,KAAOh2B,EAAS,GAAKg2B,EAAiB,KAAOh2B,EAAS,GACzFk2B,EAAkC,IAAZrX,EAC1B,CAAEmU,oBAAqB,KAAMoC,WAAY9rD,GACzC,CAAE0pD,oBAAqB1pD,EAAO,GAAI8rD,WAAY9rD,EAAOiH,SAAS,IAChE,GAAIslD,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBlD,sBAAwB6C,EAAiB7C,oBAC7DkD,EAAoBd,WAAWjsD,SAAW0sD,EAAiBT,WAAWjsD,OACxE,MAAO,CACLisD,WAAY/2C,EAAKsH,iBAAiBwwC,EAAgBD,EAAoBd,WAAYS,EAAiBT,YACnGpC,oBAAiC,IAAZnU,EAAgB,KAAOxgC,EAAKyH,YAC/CqwC,EACAD,EAAoBlD,oBACpB6C,EAAiB7C,qBAG7B,CAGQ,GAFuBiD,IACT,IAAZpX,GAAiB7sC,EAAMpI,KAAKoI,EAAMoC,UAAW8hD,EAAoBlD,sBAEjE,OAAOkD,EAEP,MAAUptD,MAAM,mBAG1B,CACI,KAAKkJ,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,MAAO,CACL8+C,oBAAqB,KACrBoC,WAAYU,GAEhB,QACE,MAAUhtD,MAAM,oCAEtB,CAtFgDstD,CAAiB7uD,KAAKs3C,QAASt3C,KAAKgkD,mBAAoBuK,EAAeD,GAEnH,GAAqB,IAAjBtuD,KAAKs3C,QAAe,CAEtB,MAAMwX,EAAmB9uD,KAAKgkD,qBAAuBv5C,EAAMsB,UAAUW,QAAU1M,KAAKgkD,qBAAuBv5C,EAAMsB,UAAUY,KAG3H,GAFA3M,KAAKyrD,oBAAsBqD,EAAmBrD,EAAsBzrD,KAAKyrD,oBAErEoC,EAAWjsD,SAAWua,GAAO2G,gBAAgB9iB,KAAKyrD,qBAAqB1oC,QACzE,MAAUxhB,MAAM,8BAExB,CACIvB,KAAK6tD,WAAaA,CACtB,EAMA,SAASO,GAAiB9W,EAASrB,EAASx3B,EAAYswC,GACtD,OAAQ9Y,GACN,KAAKxrC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAEnB,OAAOyK,EAAKpV,iBAAiB,CAC3B,IAAID,WAAuB,IAAZ61C,EAAgB,GAAK,CAAC74B,IACrCswC,EACAj4C,EAAKsE,cAAc2zC,EAAe/lD,SAAS+lD,EAAentD,OAAS,MAEvE,KAAK6I,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOoiD,EACT,QACE,MAAUxtD,MAAM,oCAEtB,CC9MA,MAAMytD,GACJ,cAAWjxC,GACT,OAAOtT,EAAMkE,OAAOG,sBACxB,CAKE,WAAAlP,CAAYsU,EAASqD,GACnBvX,KAAKs3C,QAAUpjC,EAAOI,YAAc,EAAI,EACxCtU,KAAK6tD,WAAa,KAKlB7tD,KAAKivD,8BAAgC,KAKrCjvD,KAAKyrD,oBAAsB,KAK3BzrD,KAAKorD,cAAgB3gD,EAAM1H,MAAM0H,EAAM6D,KAAM4F,EAAOM,wBACpDxU,KAAKwrD,UAAY,KACjBxrD,KAAKyL,IAAM,KACXzL,KAAKqvB,GAAK,IACd,CAOE,IAAAhtB,CAAK8H,GACH,IAAIyO,EAAS,EAIb,GADA5Y,KAAKs3C,QAAUntC,EAAMyO,KACA,IAAjB5Y,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QACnD,MAAM,IAAI7K,GAAiB,WAAWzsC,KAAKs3C,+CAGxB,IAAjBt3C,KAAKs3C,SAEP1+B,IAIF,MAAM6J,EAAOtY,EAAMyO,KAEf5Y,KAAKs3C,SAAW,IAElBt3C,KAAKorD,cAAgBjhD,EAAMyO,KAEN,IAAjB5Y,KAAKs3C,SAEP1+B,KAKJ,MAAMhE,EAAUzK,EAAMyO,KAItB,GAHA5Y,KAAKyL,IAAMwsC,GAAerjC,GAC1BgE,GAAU5Y,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAAS4P,EAAQzO,EAAMvI,SAEjD5B,KAAKs3C,SAAW,EAAG,CACrB,MAAMjkB,EAAOlX,GAAOgwC,YAAYnsD,KAAKorD,eAIrCprD,KAAKqvB,GAAKllB,EAAMnB,SAAS4P,EAAQA,GAAUya,EAAK+C,SACtD,CAIQp2B,KAAKs3C,SAAW,GAAK1+B,EAASzO,EAAMvI,QACtC5B,KAAKwrD,UAAYrhD,EAAMnB,SAAS4P,EAAQzO,EAAMvI,QAC9C5B,KAAKivD,8BAAgCxsC,GAErCziB,KAAKyrD,oBAAsBhpC,CAEjC,CAOE,KAAA1f,GACE,MAAM0f,EAA0B,OAAnBziB,KAAKwrD,UAChBxrD,KAAKyrD,oBACLzrD,KAAKivD,8BAEP,IAAI9kD,EAEJ,MAAMsB,EAAMzL,KAAKyL,IAAI1I,QACrB,GAAqB,IAAjB/C,KAAKs3C,QAAe,CACtB,MAAM4X,EAASzjD,EAAI7J,OACbutD,EAAY,EAAID,EAASlvD,KAAKqvB,GAAGztB,OACvCuI,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKs3C,QAAS6X,EAAW1sC,EAAMziB,KAAKorD,cAAe8D,IAAUzjD,EAAKzL,KAAKqvB,GAAIrvB,KAAKwrD,WACrI,MAAgC,IAAjBxrD,KAAKs3C,QACdntC,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKs3C,QAAS70B,EAAMziB,KAAKorD,gBAAiB3/C,EAAKzL,KAAKqvB,GAAIrvB,KAAKwrD,aAE5GrhD,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKs3C,QAAS70B,IAAQhX,IAE9C,OAAnBzL,KAAKwrD,YACPrhD,EAAQ2M,EAAKpV,iBAAiB,CAACyI,EAAOnK,KAAKwrD,cAI/C,OAAOrhD,CACX,CAQE,aAAM+jB,CAAQipB,GACZ,MAAM10B,EAA8C,OAAvCziB,KAAKivD,8BAChBjvD,KAAKivD,8BACLjvD,KAAKyrD,qBAEDzoC,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgBL,GAChD9R,QAAY3Q,KAAKyL,IAAIyrC,WAAWC,EAAYp0B,GAElD,GAAI/iB,KAAKs3C,SAAW,EAAG,CACrB,MAAMjkB,EAAOlX,GAAOgwC,YAAYnsD,KAAKorD,eAC/Bp0B,EAAQ,IAAIv1B,WAAW,CAAC,IAAOutD,GAA6BjxC,IAAK/d,KAAKs3C,QAASt3C,KAAKivD,8BAA+BjvD,KAAKorD,gBACxH7b,EAAiC,IAAjBvvC,KAAKs3C,cAAsBlJ,GAAY3jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAcu1B,EAAOjU,GAAWpS,EACnHs8C,QAAqB55B,EAAK5Q,EAAM8sB,GACtCvvC,KAAK6tD,iBAAmBZ,EAAa/+B,QAAQluB,KAAKwrD,UAAWxrD,KAAKqvB,GAAI2H,EAC5E,MAAW,GAAuB,OAAnBh3B,KAAKwrD,UAAoB,CAClC,MAAMM,QAAkB3vC,GAAOkX,KAAK3C,IAAIxC,QAAQzL,EAAM9R,EAAK3Q,KAAKwrD,UAAW,IAAI/pD,WAAWuhB,IAI1F,GAFAhjB,KAAKyrD,oBAAsBhhD,EAAM1H,MAAM0H,EAAMoC,UAAWi/C,EAAU,IAClE9rD,KAAK6tD,WAAa/B,EAAU9iD,SAAS,EAAG8iD,EAAUlqD,QAC9C5B,KAAK6tD,WAAWjsD,SAAWua,GAAO2G,gBAAgB9iB,KAAKyrD,qBAAqB1oC,QAC9E,MAAUxhB,MAAM,8BAExB,MAEMvB,KAAK6tD,WAAal9C,CAExB,CASE,aAAMid,CAAQupB,EAAYjjC,EAASqD,GACjC,MAAMkL,EAA8C,OAAvCziB,KAAKivD,8BAChBjvD,KAAKivD,8BACLjvD,KAAKyrD,oBAEPzrD,KAAKivD,8BAAgCxsC,EAErCziB,KAAKyL,IAAMysC,GAAiBhkC,GAC5BlU,KAAKyL,IAAIwrC,eAET,MAAMj0B,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgBL,GAChD9R,QAAY3Q,KAAKyL,IAAIyrC,WAAWC,EAAYp0B,GAMlD,GAJwB,OAApB/iB,KAAK6tD,aACP7tD,KAAK6tD,WAAa1xC,GAAOizC,mBAAmBpvD,KAAKyrD,sBAG/CzrD,KAAKs3C,SAAW,EAAG,CACrB,MAAMjkB,EAAOlX,GAAOgwC,YAAYnsD,KAAKorD,eACrCprD,KAAKqvB,GAAKlT,GAAOq6B,OAAO/a,eAAepI,EAAK+C,UAC5C,MAAMY,EAAQ,IAAIv1B,WAAW,CAAC,IAAOutD,GAA6BjxC,IAAK/d,KAAKs3C,QAASt3C,KAAKivD,8BAA+BjvD,KAAKorD,gBACxH7b,EAAiC,IAAjBvvC,KAAKs3C,cAAsBlJ,GAAY3jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAcu1B,EAAOjU,GAAWpS,EACnHs8C,QAAqB55B,EAAK5Q,EAAM8sB,GACtCvvC,KAAKwrD,gBAAkByB,EAAar/B,QAAQ5tB,KAAK6tD,WAAY7tD,KAAKqvB,GAAI2H,EAC5E,KAAW,CACL,MAAMrD,EAAY7c,EAAKpV,iBAAiB,CACtC,IAAID,WAAW,CAACzB,KAAKyrD,sBACrBzrD,KAAK6tD,aAEP7tD,KAAKwrD,gBAAkBrvC,GAAOkX,KAAK3C,IAAI9C,QAAQnL,EAAM9R,EAAKgjB,EAAW,IAAIlyB,WAAWuhB,GAAY9O,EACtG,CACA,EC/LA,MAAMm7C,GACJ,cAAWtxC,GACT,OAAOtT,EAAMkE,OAAO5C,SACxB,CAME,WAAAnM,CAAY2iD,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAKtCvX,KAAKs3C,QAAUpjC,EAAOQ,OAAS,EAAI,EAKnC1U,KAAKqkD,QAAUvtC,EAAKuB,cAAckqC,GAKlCviD,KAAKu1C,UAAY,KAKjBv1C,KAAKi1C,aAAe,KAKpBj1C,KAAKsvD,iBAAmB,EAKxBtvD,KAAK6yC,YAAc,KAKnB7yC,KAAKojD,MAAQ,IACjB,CAQE,0BAAOmM,CAAoBC,GACzB,MAAMC,EAAY,IAAIJ,IAChB/X,QAAEA,EAAO+M,QAAEA,EAAO9O,UAAEA,EAASN,aAAEA,EAAYmO,MAAEA,EAAKvQ,YAAEA,GAAgB2c,EAO1E,OANAC,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUla,UAAYA,EACtBka,EAAUxa,aAAeA,EACzBwa,EAAUrM,MAAQA,EAClBqM,EAAU5c,YAAcA,EACjB4c,CACX,CAQE,UAAMptD,CAAK8H,EAAO+J,EAASqD,GACzB,IAAIvV,EAAM,EAGV,GADAhC,KAAKs3C,QAAUntC,EAAMnI,KACA,IAAjBhC,KAAKs3C,UAAkBpjC,EAAOS,wBAChC,MAAM,IAAI83B,GAAiB,mGAG7B,GAAqB,IAAjBzsC,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,SAAkC,IAAjBt3C,KAAKs3C,QAAe,CAElEt3C,KAAKqkD,QAAUvtC,EAAKgB,SAAS3N,EAAMnB,SAAShH,EAAKA,EAAM,IACvDA,GAAO,EAGPhC,KAAKu1C,UAAYprC,EAAMnI,KAEnBhC,KAAKs3C,SAAW,IAElBt1C,GAAO,GAIT,MAAMK,KAAEA,EAAI4yC,aAAEA,GAAiB94B,GAAOuzC,qBAAqB1vD,KAAKu1C,UAAWprC,EAAMnB,SAAShH,IAG1F,GACmB,IAAjBhC,KAAKs3C,SACLrC,EAAa/J,MACX+J,EAAa/J,IAAIE,YAAc3gC,EAAMC,MAAMU,kBAC3C6pC,EAAa/J,IAAIE,YAAc3gC,EAAMC,MAAMQ,eAG7C,MAAU3J,MAAM,iDAOlB,OALAvB,KAAKi1C,aAAeA,EACpBjzC,GAAOK,QAGDrC,KAAK2vD,6BACJ3tD,CACb,CACI,MAAM,IAAIyqC,GAAiB,WAAWzsC,KAAKs3C,4CAC/C,CAME,KAAAv0C,GACE,MAAMgjB,EAAM,GAEZA,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKs3C,WAC9BvxB,EAAIjjB,KAAKgU,EAAKkB,UAAUhY,KAAKqkD,UAE7Bt+B,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKu1C,aAE9B,MAAM/uB,EAASrK,GAAO2pC,gBAAgB9lD,KAAKu1C,UAAWv1C,KAAKi1C,cAO3D,OANIj1C,KAAKs3C,SAAW,GAElBvxB,EAAIjjB,KAAKgU,EAAKc,YAAY4O,EAAO5kB,OAAQ,IAG3CmkB,EAAIjjB,KAAK0jB,GACF1P,EAAKpV,iBAAiBqkB,EACjC,CAME,YAAAmhC,CAAa5P,GACX,MAAMntC,EAAQnK,KAAK4vD,iBAEbC,EAAe,IAAOvY,EACtBwY,EAAexY,GAAW,EAAI,EAAI,EACxC,OAAOxgC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACouD,IAAgB/4C,EAAKc,YAAYzN,EAAMvI,OAAQkuD,GAAe3lD,GAChH,CAME,WAAA4lD,GACE,OAAO,IACX,CAME,eAAAC,GACE,OAAOhwD,KAAKqkD,OAChB,CAME,QAAA4B,GACE,OAAOjmD,KAAKojD,KAChB,CAME,gCAAMuM,GAIJ,SAHM3vD,KAAKiwD,qBACXjwD,KAAKojD,MAAQ,IAAIF,GAEbljD,KAAKs3C,SAAW,EAClBt3C,KAAKojD,MAAM/gD,KAAKrC,KAAK6yC,YAAY7pC,SAAS,EAAG,QACxC,IAAqB,IAAjBhJ,KAAKs3C,QAGd,MAAU/1C,MAAM,2BAFhBvB,KAAKojD,MAAM/gD,KAAKrC,KAAK6yC,YAAY7pC,SAAS,GAAI,IAGpD,CACA,CAKE,wBAAMinD,GACJ,MAAMnY,EAAS93C,KAAKknD,aAAalnD,KAAKs3C,SAEtC,GAAIt3C,KAAKs3C,SAAW,EAClBt3C,KAAK6yC,kBAAoB12B,GAAOxO,KAAKI,OAAO+pC,OACvC,IAAqB,IAAjB93C,KAAKs3C,QAGd,MAAU/1C,MAAM,2BAFhBvB,KAAK6yC,kBAAoB12B,GAAOxO,KAAKE,KAAKiqC,EAGhD,CACA,CAME,mBAAAkO,GACE,OAAOhmD,KAAK6yC,WAChB,CAME,cAAAqd,GACE,OAAOp5C,EAAK2C,gBAAgBzZ,KAAKgmD,sBACrC,CAME,oBAAAmK,CAAqBC,GACnB,OAAOpwD,KAAKs3C,UAAY8Y,EAAM9Y,SAAWxgC,EAAKmE,iBAAiBjb,KAAK4vD,iBAAkBQ,EAAMR,iBAChG,CAME,gBAAAS,GACE,MAAMtuD,EAAS,CAAE,EACjBA,EAAOwzC,UAAY9qC,EAAMpI,KAAKoI,EAAMsB,UAAW/L,KAAKu1C,WAEpD,MAAM+a,EAAStwD,KAAKi1C,aAAat9B,GAAK3X,KAAKi1C,aAAajoB,EAMxD,OALIsjC,EACFvuD,EAAOia,KAAOlF,EAAKkC,oBAAoBs3C,GAC9BtwD,KAAKi1C,aAAa/J,MAC3BnpC,EAAO2I,MAAQ1K,KAAKi1C,aAAa/J,IAAIE,WAEhCrpC,CACX,EAOAstD,GAAgBpvD,UAAUswD,cAAgBlB,GAAgBpvD,UAAUoC,KAMpEgtD,GAAgBpvD,UAAU2vD,eAAiBP,GAAgBpvD,UAAU8C,MCtQrE,MAAMmlD,gBAA+BpxC,EAAK8G,wBAAwB,CAChE0kC,GACAoH,GACAjC,GACA5D,KAaF,MAAM2M,GACJ,cAAWzyC,GACT,OAAOtT,EAAMkE,OAAOQ,0BACxB,CAEE,WAAAvP,GAIEI,KAAKwrD,UAAY,KAKjBxrD,KAAKsoD,QAAU,IACnB,CAEE,IAAAjmD,CAAK8H,GACHnK,KAAKwrD,UAAYrhD,CACrB,CAEE,KAAApH,GACE,OAAO/C,KAAKwrD,SAChB,CAYE,aAAMt9B,CAAQu9B,EAAqB96C,EAAKuD,EAASqD,GAE/C,IAAKrD,EAAOgB,6BACV,MAAU3T,MAAM,iCAGlB,MAAMyhB,UAAEA,GAAc7G,GAAO2G,gBAAgB2oC,GACvCD,QAAkBvpC,EAAiBukC,EAAaxmD,KAAKwrD,YACrDM,QAAkB3vC,GAAOkX,KAAK3C,IAAIxC,QAAQu9B,EAAqB96C,EACnE66C,EAAUxiD,SAASga,EAAY,GAC/BwoC,EAAUxiD,SAAS,EAAGga,EAAY,IAGpChjB,KAAKsoD,cAAgBF,GAAWC,WAAWyD,EAAW5D,GAAgBh0C,EAC1E,CAWE,aAAM0Z,CAAQ69B,EAAqB96C,EAAKuD,EAASqD,GAC/C,MAAM1Q,EAAO7G,KAAKsoD,QAAQvlD,SACpBigB,UAAEA,GAAc7G,GAAO2G,gBAAgB2oC,GAEvCtyC,QAAegD,GAAOwvC,gBAAgBF,GACtCgF,QAAYt0C,GAAOkX,KAAK3C,IAAI9C,QAAQ69B,EAAqB96C,EAAKwI,EAAQ,IAAI1X,WAAWuhB,GAAY9O,GACjGib,QAAmBhT,GAAOkX,KAAK3C,IAAI9C,QAAQ69B,EAAqB96C,EAAK9J,EAAM4pD,EAAIznD,SAAS,GAAIkL,GAClGlU,KAAKwrD,UAAY10C,EAAKtS,OAAO,CAACisD,EAAKthC,GACvC,EC/EA,MAAMuhC,GACJ,cAAW3yC,GACT,OAAOtT,EAAMkE,OAAOS,MACxB,CAOE,IAAA/M,CAAK8H,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,EAId,CAEE,KAAApH,GACE,OAAO,IAAItB,WAAW,CAAC,GAAM,GAAM,IACvC,EC7BA,MAAMkvD,WAA2BtB,GAC/B,cAAWtxC,GACT,OAAOtT,EAAMkE,OAAOa,YACxB,CAOE,WAAA5P,CAAY2iD,EAAMruC,GAChBrU,MAAM0iD,EAAMruC,EAChB,CAQE,6BAAO08C,CAAuBC,GAC5B,MAAMpB,EAAY,IAAIkB,IAChBrZ,QAAEA,EAAO+M,QAAEA,EAAO9O,UAAEA,EAASN,aAAEA,EAAYmO,MAAEA,EAAKvQ,YAAEA,GAAgBge,EAO1E,OANApB,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUla,UAAYA,EACtBka,EAAUxa,aAAeA,EACzBwa,EAAUrM,MAAQA,EAClBqM,EAAU5c,YAAcA,EACjB4c,CACX,ECpBA,MAAMqB,GACJ,cAAW/yC,GACT,OAAOtT,EAAMkE,OAAOc,aACxB,CAEE,WAAA7P,GACEI,KAAK+wD,WAAa,EACtB,CAME,IAAA1uD,CAAK8H,GACH,IAAIrI,EAAI,EACR,KAAOA,EAAIqI,EAAMvI,QAAQ,CACvB,MAAMsrB,EAAMme,GAAiBlhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKorB,EAAItU,OAET5Y,KAAK+wD,WAAWjuD,KAAKgU,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAIorB,EAAIA,OACvEprB,GAAKorB,EAAIA,GACf,CACA,CAME,KAAAnqB,GACE,MAAMgjB,EAAM,GACZ,IAAK,IAAIjkB,EAAI,EAAGA,EAAI9B,KAAK+wD,WAAWnvD,OAAQE,IAC1CikB,EAAIjjB,KAAKwoC,GAAkBtrC,KAAK+wD,WAAWjvD,GAAGF,SAC9CmkB,EAAIjjB,KAAKgU,EAAK+C,mBAAmB7Z,KAAK+wD,WAAWjvD,KAEnD,OAAOgV,EAAKpV,iBAAiBqkB,EACjC,CAOE,MAAAo9B,CAAO6N,GACL,SAAKA,GAAaA,aAAmBF,KAG9B9wD,KAAK+wD,WAAW70B,OAAM,SAAS+0B,EAAM/zC,GAC1C,OAAO+zC,IAASD,EAAQD,WAAW7zC,EACzC,GACA,ECvDA,MAAMg0C,WAAwB7B,GAC5B,cAAWtxC,GACT,OAAOtT,EAAMkE,OAAOK,SACxB,CAME,WAAApP,CAAY2iD,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACtC1X,MAAM0iD,EAAMruC,GAIZlU,KAAKmxD,YAAc,KAInBnxD,KAAKoxD,YAAc,KAKnBpxD,KAAKqxD,SAAW,EAKhBrxD,KAAKyL,IAAM,KAKXzL,KAAK6M,UAAY,KAKjB7M,KAAKsO,KAAO,KASZtO,KAAKsxD,aAAe,KAKpBtxD,KAAK41C,cAAgB,KAOrB51C,KAAKuxD,eAAiB,IAC1B,CAUE,UAAMlvD,CAAK8H,EAAO+J,EAASqD,GAEzB,IAAIzV,QAAU9B,KAAKuwD,cAAcpmD,EAAO+J,GACxC,MAAMs9C,EAAuB1vD,EAM7B9B,KAAKqxD,SAAWlnD,EAAMrI,KAID,IAAjB9B,KAAKs3C,SACPx1C,IAOmB,IAAjB9B,KAAKs3C,SAAiBt3C,KAAKqxD,UAC7BvvD,IAGF,IAGE,GAAsB,MAAlB9B,KAAKqxD,UAAsC,MAAlBrxD,KAAKqxD,UAAsC,MAAlBrxD,KAAKqxD,SAAkB,CAC3ErxD,KAAK6M,UAAY1C,EAAMrI,KAID,MAAlB9B,KAAKqxD,WACPrxD,KAAKsO,KAAOnE,EAAMrI,MAKC,IAAjB9B,KAAKs3C,SACPx1C,IAMF,MAAM8S,EAAUzK,EAAMrI,KAItB,GAHA9B,KAAKyL,IAAMwsC,GAAerjC,GAC1B9S,GAAK9B,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAErB,cAAlB5B,KAAKyL,IAAIwI,KACX,MAEV,MAAiBjU,KAAKqxD,WACdrxD,KAAK6M,UAAY7M,KAAKqxD,UAIpBrxD,KAAKqxD,WAMPrxD,KAAKsxD,aAAiC,MAAlBtxD,KAAKqxD,WACN,IAAjBrxD,KAAKs3C,SAAmC,IAAjBt3C,KAAKs3C,SAAiBpjC,EAAOK,kCAMhC,MAAlBvU,KAAKqxD,UAAoBrxD,KAAKsxD,cAChCtxD,KAAKqvB,GAAKllB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAO2G,gBAAgB9iB,KAAK6M,WAAWmW,WAE7ChjB,KAAKuxD,gBAAiB,IAKtBvxD,KAAKqvB,GAAKllB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAOgwC,YAAYnsD,KAAKsO,MAAM8nB,UAGpCp2B,KAAKuxD,gBAAiB,GAGxBzvD,GAAK9B,KAAKqvB,GAAGztB,OAEhB,CAAC,MAAOsC,GAEP,IAAKlE,KAAKqxD,SAAU,MAAMntD,EAC1BlE,KAAKyxD,uBAAyBtnD,EAAMnB,SAASwoD,GAC7CxxD,KAAKoxD,aAAc,CACzB,CAcI,GAVqB,IAAjBpxD,KAAKs3C,UACPx1C,GAAK,GAMP9B,KAAKmxD,YAAchnD,EAAMnB,SAASlH,GAClC9B,KAAKoxD,cAAgBpxD,KAAKqxD,UAErBrxD,KAAKoxD,YAAa,CACrB,IAAIM,EACJ,GAAqB,IAAjB1xD,KAAKs3C,QACPoa,EAAY1xD,KAAKmxD,iBAGjB,GADAO,EAAY1xD,KAAKmxD,YAAYnoD,SAAS,GAAI,IACrC8N,EAAKmE,iBAAiBnE,EAAKsE,cAAcs2C,GAAY1xD,KAAKmxD,YAAYnoD,UAAU,IACnF,MAAUzH,MAAM,yBAGpB,IACE,MAAMc,KAAEA,EAAIuzC,cAAEA,GAAkBz5B,GAAOw1C,sBAAsB3xD,KAAKu1C,UAAWmc,EAAW1xD,KAAKi1C,cAC7F,GAAI5yC,EAAOqvD,EAAU9vD,OACnB,MAAUL,MAAM,sBAElBvB,KAAK41C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,GAAIA,aAAeuW,GAAkB,MAAMvW,EAE3C,MAAU30B,MAAM,qBACxB,CACA,CACA,CAME,KAAAwB,GACE,MAAM6uD,EAAsB5xD,KAAK4vD,iBACjC,GAAI5vD,KAAKyxD,uBACP,OAAO36C,EAAKpV,iBAAiB,CAC3BkwD,EACA5xD,KAAKyxD,yBAIT,MAAM1rC,EAAM,CAAC6rC,GACb7rC,EAAIjjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKqxD,YAE9B,MAAMQ,EAAoB,GAG1B,GAAsB,MAAlB7xD,KAAKqxD,UAAsC,MAAlBrxD,KAAKqxD,UAAsC,MAAlBrxD,KAAKqxD,SAAkB,CAC3EQ,EAAkB/uD,KAAK9C,KAAK6M,WAIN,MAAlB7M,KAAKqxD,UACPQ,EAAkB/uD,KAAK9C,KAAKsO,MAG9B,MAAM7C,EAAMzL,KAAKyL,IAAI1I,QAIA,IAAjB/C,KAAKs3C,SACPua,EAAkB/uD,KAAK2I,EAAI7J,QAM7BiwD,EAAkB/uD,QAAQ2I,EAChC,CA6BI,OAxBIzL,KAAKqxD,UAA8B,cAAlBrxD,KAAKyL,IAAIwI,MAC5B49C,EAAkB/uD,QAAQ9C,KAAKqvB,KAGZ,IAAjBrvB,KAAKs3C,SAAmC,IAAjBt3C,KAAKs3C,SAAiBt3C,KAAKqxD,WACpDtrC,EAAIjjB,KAAK,IAAIrB,WAAW,CAACowD,EAAkBjwD,UAE7CmkB,EAAIjjB,KAAK,IAAIrB,WAAWowD,IAEnB7xD,KAAK8xD,YACH9xD,KAAKqxD,WACRrxD,KAAKmxD,YAAch1C,GAAO2pC,gBAAgB9lD,KAAKu1C,UAAWv1C,KAAK41C,gBAG5C,IAAjB51C,KAAKs3C,SACPvxB,EAAIjjB,KAAKgU,EAAKc,YAAY5X,KAAKmxD,YAAYvvD,OAAQ,IAErDmkB,EAAIjjB,KAAK9C,KAAKmxD,aAETnxD,KAAKqxD,UAA6B,IAAjBrxD,KAAKs3C,SACzBvxB,EAAIjjB,KAAKgU,EAAKsE,cAAcpb,KAAKmxD,eAI9Br6C,EAAKpV,iBAAiBqkB,EACjC,CAOE,WAAAgqC,GACE,OAA4B,IAArB/vD,KAAKoxD,WAChB,CAUE,0BAAAW,GACE,YAAuC3vD,IAAhCpC,KAAKyxD,wBAAwCzxD,KAAK8xD,SAC7D,CAME,OAAAA,GACE,SAAU9xD,KAAKyL,KAAyB,cAAlBzL,KAAKyL,IAAIwI,KACnC,CAOE,SAAA+9C,CAAU99C,EAASqD,GACbvX,KAAK8xD,YAGL9xD,KAAK+vD,eACP/vD,KAAKiyD,4BAEAjyD,KAAKyxD,uBACZzxD,KAAKoxD,YAAc,KACnBpxD,KAAKmxD,YAAc,KACnBnxD,KAAKyL,IAAMwsC,GAAextC,EAAMgB,IAAIK,IAAKoI,GACzClU,KAAKyL,IAAI8pC,UAAY,EACrBv1C,KAAKyL,IAAIyX,EAAI,EACbljB,KAAKyL,IAAIwI,KAAO,YAChBjU,KAAKqxD,SAAW,IAChBrxD,KAAK6M,UAAYpC,EAAMoC,UAAUO,OACjCpN,KAAKsxD,aAAe,KACpBtxD,KAAKuxD,eAAiB,KAC1B,CAYE,aAAM3jC,CAAQupB,EAAYjjC,EAASqD,GACjC,GAAIvX,KAAK8xD,UACP,OAGF,IAAK9xD,KAAK+vD,cACR,MAAUxuD,MAAM,mCAGlB,IAAK41C,EACH,MAAU51C,MAAM,0DAGlBvB,KAAKyL,IAAMysC,GAAiBhkC,GAC5BlU,KAAKyL,IAAIwrC,eACT,MAAMya,EAAYv1C,GAAO2pC,gBAAgB9lD,KAAKu1C,UAAWv1C,KAAK41C,eAC9D51C,KAAK6M,UAAYpC,EAAMoC,UAAUO,OAEjC,MAAM4V,UAAEA,GAAc7G,GAAO2G,gBAAgB9iB,KAAK6M,WAElD,GAAIqH,EAAOI,YAAa,CACtBtU,KAAKqxD,SAAW,IAChBrxD,KAAKsO,KAAO4F,EAAOM,uBACnB,MAAM6e,EAAOlX,GAAOgwC,YAAYnsD,KAAKsO,MACrCtO,KAAKsxD,aAAgC,IAAjBtxD,KAAKs3C,QACzBt3C,KAAKuxD,gBAAkBvxD,KAAKsxD,aAE5B,MAAMY,EAAsBzmB,GAASzrC,KAAKJ,YAAYme,KAChDpN,QAAYwhD,GAAqBnyD,KAAKs3C,QAASt3C,KAAKyL,IAAK0rC,EAAYn3C,KAAK6M,UAAW7M,KAAKsO,KAAM4jD,EAAqBlyD,KAAKsxD,cAE1HrE,QAAqB55B,EAAKrzB,KAAK6M,UAAW8D,GAChD3Q,KAAKqvB,GAAKrvB,KAAKsxD,aAAen1C,GAAOq6B,OAAO/a,eAAezY,GAAa7G,GAAOq6B,OAAO/a,eAAepI,EAAK+C,UAC1G,MAAMg8B,EAAgBpyD,KAAKsxD,aACzB,IAAI7vD,WACJqV,EAAKpV,iBAAiB,CAACwwD,EAAqBlyD,KAAK4vD,mBAEnD5vD,KAAKmxD,kBAAoBlE,EAAar/B,QAAQ8jC,EAAW1xD,KAAKqvB,GAAGrmB,SAAS,EAAGqqB,EAAK+C,UAAWg8B,EACnG,KAAW,CACLpyD,KAAKqxD,SAAW,IAChBrxD,KAAKuxD,gBAAiB,EACtB,MAAM5gD,QAAYwhD,GAAqBnyD,KAAKs3C,QAASt3C,KAAKyL,IAAK0rC,EAAYn3C,KAAK6M,WAChF7M,KAAKqvB,GAAKlT,GAAOq6B,OAAO/a,eAAezY,GACvChjB,KAAKmxD,kBAAoBh1C,GAAOkX,KAAK3C,IAAI9C,QAAQ5tB,KAAK6M,UAAW8D,EAAKmG,EAAKpV,iBAAiB,CAC1FgwD,QACMv1C,GAAOxO,KAAKE,KAAK6jD,EAAWx9C,KAChClU,KAAKqvB,GAAInb,EACnB,CACA,CAWE,aAAMga,CAAQipB,GACZ,GAAIn3C,KAAK8xD,UACP,OAAO,EAGT,GAAI9xD,KAAKyxD,uBACP,MAAUlwD,MAAM,kEAGlB,GAAIvB,KAAK+vD,cACP,MAAUxuD,MAAM,oCAGlB,IAAIoP,EACJ,MAAMuhD,EAAsBzmB,GAASzrC,KAAKJ,YAAYme,KACtD,GAAsB,MAAlB/d,KAAKqxD,UAAsC,MAAlBrxD,KAAKqxD,SAG3B,MAAsB,MAAlBrxD,KAAKqxD,SACJ9vD,MAAM,0EAENA,MAAM,yEAGlB,IAAImwD,EACJ,GATE/gD,QAAYwhD,GACVnyD,KAAKs3C,QAASt3C,KAAKyL,IAAK0rC,EAAYn3C,KAAK6M,UAAW7M,KAAKsO,KAAM4jD,EAAqBlyD,KAAKsxD,cAQvE,MAAlBtxD,KAAKqxD,SAAkB,CACzB,MAAMh+B,EAAOlX,GAAOgwC,YAAYnsD,KAAKsO,MAC/B2+C,QAAqB55B,EAAKrzB,KAAK6M,UAAW8D,GAChD,IACE,MAAMyhD,EAAgBpyD,KAAKsxD,aACzB,IAAI7vD,WACJqV,EAAKpV,iBAAiB,CAACwwD,EAAqBlyD,KAAK4vD,mBACnD8B,QAAkBzE,EAAa/+B,QAAQluB,KAAKmxD,YAAanxD,KAAKqvB,GAAGrmB,SAAS,EAAGqqB,EAAK+C,UAAWg8B,EAC9F,CAAC,MAAOl8B,GACP,GAAoB,gCAAhBA,EAAI3iB,QACN,MAAUhS,MAAM,6BAA+B20B,EAAI3iB,SAErD,MAAM2iB,CACd,CACA,KAAW,CACL,MAAMm8B,QAA0Bl2C,GAAOkX,KAAK3C,IAAIxC,QAAQluB,KAAK6M,UAAW8D,EAAK3Q,KAAKmxD,YAAanxD,KAAKqvB,IAEpGqiC,EAAYW,EAAkBrpD,SAAS,GAAI,IAC3C,MAAM2E,QAAawO,GAAOxO,KAAKE,KAAK6jD,GAEpC,IAAK56C,EAAKmE,iBAAiBtN,EAAM0kD,EAAkBrpD,UAAU,KAC3D,MAAUzH,MAAM,2BAExB,CAEI,IACE,MAAMq0C,cAAEA,GAAkBz5B,GAAOw1C,sBAAsB3xD,KAAKu1C,UAAWmc,EAAW1xD,KAAKi1C,cACvFj1C,KAAK41C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,MAAU30B,MAAM,qBACtB,CACIvB,KAAKoxD,aAAc,EACnBpxD,KAAKmxD,YAAc,KACnBnxD,KAAKqxD,SAAW,EAChBrxD,KAAKsO,KAAO,KACZtO,KAAK6M,UAAY,KACjB7M,KAAKsxD,aAAe,IACxB,CAOE,cAAMgB,GACJ,GAAItyD,KAAK8xD,UACP,OAGF,IAAK9xD,KAAK+vD,cACR,MAAUxuD,MAAM,wBAGlB,GAAIvB,KAAKuxD,eAEP,OAGF,IAAIgB,EACJ,IAEEA,QAAoBp2C,GAAOm6B,eAAet2C,KAAKu1C,UAAWv1C,KAAKi1C,aAAcj1C,KAAK41C,cACnF,CAAC,MAAO9pB,GACPymC,GAAc,CACpB,CACI,IAAKA,EACH,MAAUhxD,MAAM,iBAEtB,CAEE,cAAMurC,CAAS9wB,EAAMtR,GAGnB,GAAqB,IAAjB1K,KAAKs3C,UACNt3C,KAAKu1C,YAAc9qC,EAAMsB,UAAUM,MAAQ3B,IAAUD,EAAMC,MAAMU,kBAClEpL,KAAKu1C,YAAc9qC,EAAMsB,UAAUQ,aAEnC,MAAUhL,MAAM,oDAAoDmJ,kDAEtE,MAAMkrC,cAAEA,EAAaX,aAAEA,SAAuB94B,GAAOq2C,eAAexyD,KAAKu1C,UAAWv5B,EAAMtR,GAC1F1K,KAAK41C,cAAgBA,EACrB51C,KAAKi1C,aAAeA,EACpBj1C,KAAKoxD,aAAc,CACvB,CAKE,kBAAAa,GACMjyD,KAAK+xD,+BAITjyD,OAAOu2C,KAAKr2C,KAAK41C,eAAe3zC,SAAQgG,IACxBjI,KAAK41C,cAAc3tC,GAC3Bqf,KAAK,UACJtnB,KAAK41C,cAAc3tC,EAAK,IAEjCjI,KAAK41C,cAAgB,KACrB51C,KAAKoxD,aAAc,EACvB,EAcA9uD,eAAe6vD,GAAqBM,EAAYhnD,EAAK0rC,EAAY14B,EAAYi0C,EAAUR,EAAqBZ,GAC1G,GAAiB,WAAb7lD,EAAIwI,OAAsBy+C,EAC5B,MAAUnxD,MAAM,gDAElB,GAAiB,WAAbkK,EAAIwI,MAAoC,IAAfw+C,EAC3B,MAAUlxD,MAAM,uDAElB,MAAMwhB,QAAEA,GAAY5G,GAAO2G,gBAAgBrE,GACrCk0C,QAAmBlnD,EAAIyrC,WAAWC,EAAYp0B,GACpD,IAAK2vC,GAA2B,IAAfD,GAAoBnB,EACnC,OAAOqB,EAET,MAAMpkB,EAAOz3B,EAAKpV,iBAAiB,CACjCwwD,EACA,IAAIzwD,WAAW,CAACgxD,EAAYh0C,EAAYi0C,MAE1C,OAAOtkB,GAAY3jC,EAAMkD,KAAKI,OAAQ4kD,EAAY,IAAIlxD,WAAc8sC,EAAMxrB,EAC5E,CC5iBA,MAAM6vC,GACJ,cAAW70C,GACT,OAAOtT,EAAMkE,OAAOY,MACxB,CAEE,WAAA3P,GAKEI,KAAKuP,OAAS,GAEdvP,KAAKiI,KAAO,GACZjI,KAAK6yD,MAAQ,GACb7yD,KAAK8yD,QAAU,EACnB,CAQE,iBAAOxd,CAAW/lC,GAChB,GAAIuH,EAAKC,SAASxH,IACfA,EAAOtH,OAAS6O,EAAKC,SAASxH,EAAOtH,OACrCsH,EAAOsjD,QAAU/7C,EAAKgG,eAAevN,EAAOsjD,QAC5CtjD,EAAOujD,UAAYh8C,EAAKC,SAASxH,EAAOujD,SACzC,MAAUvxD,MAAM,0BAElB,MAAMoN,EAAS,IAAIikD,GACnB9yD,OAAO2mB,OAAO9X,EAAQY,GACtB,MAAMwjD,EAAa,GAKnB,OAJIpkD,EAAO1G,MAAM8qD,EAAWjwD,KAAK6L,EAAO1G,MACpC0G,EAAOmkD,SAASC,EAAWjwD,KAAK,IAAI6L,EAAOmkD,YAC3CnkD,EAAOkkD,OAAOE,EAAWjwD,KAAK,IAAI6L,EAAOkkD,UAC7ClkD,EAAOY,OAASwjD,EAAWrwD,KAAK,KACzBiM,CACX,CAME,IAAAtM,CAAK8H,EAAO+J,EAASqD,GACnB,MAAMhI,EAASuH,EAAK6D,WAAWxQ,GAC/B,GAAIoF,EAAO3N,OAASsS,EAAOiC,gBACzB,MAAU5U,MAAM,8BAYlB,MACMyxD,EADK,qEACQC,KAAK1jD,GACxB,GAAgB,OAAZyjD,EAAkB,CACpB,MAAM/qD,KAAEA,EAAI6qD,QAAEA,EAAOD,MAAEA,GAAUG,EAAQE,OACzClzD,KAAK8yD,QAAUA,GAASxzC,QAAQ,cAAe,IAAI6zC,QAAU,GAC7DnzD,KAAKiI,KAAOA,GAAMkrD,QAAU,GAC5BnzD,KAAK6yD,MAAQA,EAAM7tC,UAAU,EAAG6tC,EAAMjxD,OAAS,EAChD,KAAU,oBAAoBmb,KAAKxN,KAClCvP,KAAK6yD,MAAQtjD,GAGfvP,KAAKuP,OAASA,CAClB,CAME,KAAAxM,GACE,OAAO+T,EAAKwD,WAAWta,KAAKuP,OAChC,CAEE,MAAA4zC,CAAOiQ,GACL,OAAOA,GAAeA,EAAY7jD,SAAWvP,KAAKuP,MACtD,ECvFA,MAAM8jD,WAA2BnC,GAC/B,cAAWnzC,GACT,OAAOtT,EAAMkE,OAAOM,YACxB,CAME,WAAArP,CAAY2iD,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACtC1X,MAAM0iD,EAAMruC,EAChB,ECnBA,MAAMo/C,GACJ,cAAWv1C,GACT,OAAOtT,EAAMkE,OAAOW,KACxB,CAME,IAAAjN,GACE,MAAM,IAAIoqC,GAAiB,kCAC/B,CAEE,KAAA1pC,GACE,MAAM,IAAI0pC,GAAiB,kCAC/B,ECPA,MAAM8mB,GACJ,cAAWx1C,GACT,OAAOtT,EAAMkE,OAAOkB,OACxB,CAEE,WAAAjQ,GACEI,KAAK6P,QAAU,IACnB,CAME,IAAAxN,CAAK8H,GAEP,CAME,KAAApH,GACE,OAAO/C,KAAK6P,OAChB,CAQE,mBAAM2jD,CAAc5xD,GAClB5B,KAAK6P,cAAgBsM,GAAOq6B,OAAO/a,eAAe75B,EACtD,ECnCA,MAAMsmD,gBAA+BpxC,EAAK8G,wBAAwB,CAACimC,KAK5D,MAAM4P,GAIX,WAAA7zD,CAAY8zD,GACV1zD,KAAKsoD,QAAUoL,GAAc,IAAItL,EACrC,CAME,KAAArlD,GACE,OAAO/C,KAAKsoD,QAAQvlD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GAEb,MAAM8K,EAAeriB,KAAKsoD,QAAQ5jD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQ8lC,GAAgB9lC,KAA0B,IAAnBpP,EAAO2oC,UAC1G,OAAOnkC,EAAM1I,EAAM0I,MAAMtE,UAAW7O,KAAK+C,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrG,CAME,gBAAAy/C,GACE,OAAO3zD,KAAKsoD,QAAQ3jD,KAAIgK,GAAUA,EAAOgD,aAC7C,EAaOrP,eAAesxD,IAAcC,iBAAEA,EAAgBC,gBAAEA,EAAiB5/C,OAAAA,KAAW6/C,IAClF7/C,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQszD,GAAoBC,EAChC,IAAKvzD,EACH,MAAUgB,MAAM,8FAElB,GAAIsyD,IAAqB/8C,EAAKC,SAAS88C,GACrC,MAAUtyD,MAAM,4DAElB,GAAIuyD,IAAoBh9C,EAAKtV,aAAasyD,GACxC,MAAUvyD,MAAM,+DAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAImxD,EAAkB,CACpB,MAAM5/C,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMtE,UACvB,MAAUtN,MAAM,sCAElBhB,EAAQsG,CACZ,CACE,MAAM6sD,QAAmBtL,GAAWC,WAAW9nD,EAAO2nD,GAAgBh0C,GACtE,OAAO,IAAIu/C,GAAUC,EACvB,CCnFOpxD,eAAe2xD,GAAqBnuD,EAASoO,GAClD,MAAM28C,EAAqB,IAAIwC,GAAmBvtD,EAAQy8C,KAAMruC,GAKhE,OAJA28C,EAAmBvI,QAAU,KAC7BuI,EAAmBtb,UAAY9qC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQyvC,iBAC9Dsb,EAAmB/jB,SAAShnC,EAAQouD,QAASpuD,EAAQ4E,aACrDmmD,EAAmBlB,6BAClBkB,CACT,CAEOvuD,eAAe6xD,GAAkBruD,EAASoO,GAC/C,MAAMs7C,EAAkB,IAAI0B,GAAgBprD,EAAQy8C,KAAMruC,GAK1D,OAJAs7C,EAAgBlH,QAAU,KAC1BkH,EAAgBja,UAAY9qC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQyvC,iBAC3Dia,EAAgB1iB,SAAShnC,EAAQouD,QAASpuD,EAAQ4E,MAAO5E,EAAQoO,cACjEs7C,EAAgBG,6BACfH,CACT,CAaOltD,eAAe8xD,GAAwBC,EAAYtoD,EAAW+3C,EAAewQ,EAAc/R,EAAO,IAAIxqC,KAAQ7D,GACnH,IAAIqgD,EACAr2C,EACJ,IAAK,IAAIpc,EAAIuyD,EAAWzyD,OAAS,EAAGE,GAAK,EAAGA,IAC1C,MAEMyyD,GAAeF,EAAWvyD,GAAGuiD,SAAWkQ,EAAYlQ,iBAEhDgQ,EAAWvyD,GAAGy+B,OAAOx0B,EAAW+3C,EAAewQ,EAAc/R,OAAMngD,EAAW8R,GACpFqgD,EAAcF,EAAWvyD,GAE5B,CAAC,MAAOoC,GACPga,EAAYha,CAClB,CAEE,IAAKqwD,EACH,MAAMz9C,EAAK6G,UACT,wBAAwBlT,EAAMpI,KAAKoI,EAAMoE,UAAWi1C,uBAAmC/3C,EAAUk6C,WAAW9a,UACzG7rB,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACwM,EAAG0oC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3Dx2C,GAEJ,OAAOq2C,CACT,CAEO,SAASI,GAAclF,EAAW5gD,EAAW0zC,EAAO,IAAIxqC,MAC7D,MAAMsvC,EAAWvwC,EAAKuB,cAAckqC,GACpC,GAAiB,OAAb8E,EAAmB,CACrB,MAAMuN,EAAiBC,GAAqBpF,EAAW5gD,GACvD,QAAS4gD,EAAUpL,SAAWgD,GAAYA,EAAWuN,EACzD,CACE,OAAO,CACT,CASOtyD,eAAewyD,GAAuBC,EAAQC,EAAYlvD,EAASoO,GACxE,MAAM+gD,EAAa,CAAE,EACrBA,EAAWtkD,IAAMqkD,EACjBC,EAAWtxD,KAAOoxD,EAClB,MAAMG,EAAsB,CAAEpR,cAAer5C,EAAMoE,UAAU4B,eACzD3K,EAAQk6B,MACVk1B,EAAoB/iD,SAAW,CAAC1H,EAAM0H,SAASU,UAC/CqiD,EAAoB1iD,wBAA0B2iD,GAAsBF,EAAY,GAAIF,EAAQ,CAC1FjR,cAAer5C,EAAMoE,UAAU6B,YAC9B5K,EAAQy8C,UAAMngD,OAAWA,OAAWA,EAAW8R,IAElDghD,EAAoB/iD,SAAW,CAAC1H,EAAM0H,SAASW,qBAAuBrI,EAAM0H,SAASY,gBAEnFjN,EAAQyL,kBAAoB,IAC9B2jD,EAAoB3jD,kBAAoBzL,EAAQyL,kBAChD2jD,EAAoBxQ,iBAAkB,GAGxC,aADoCyQ,GAAsBF,EAAY,GAAID,EAAYE,EAAqBpvD,EAAQy8C,UAAMngD,OAAWA,OAAWA,EAAW8R,EAE5J,CAwKO5R,eAAe6yD,GAAsBF,EAAYG,EAAeC,EAAkBH,EAAqB3S,EAAM+S,EAAkBvQ,EAAY,GAAIta,GAAW,EAAOv2B,GACtK,GAAImhD,EAAiBvD,UACnB,MAAUvwD,MAAM,qCAElB,IAAK8zD,EAAiBtF,cACpB,MAAUxuD,MAAM,iCAElB,MAAMomD,EAAkB,IAAI9D,GAM5B,OALA/jD,OAAO2mB,OAAOkhC,EAAiBuN,GAC/BvN,EAAgB3D,mBAAqBqR,EAAiB9f,UACtDoS,EAAgB5D,oBAtKXzhD,eAAoCizD,EAAYF,EAAkB9S,EAAO,IAAIxqC,KAAQy9C,EAAgB,GAAIthD,GAO9G,MAAMuhD,EAAchrD,EAAMkD,KAAKI,OACzB2nD,EAAsBxhD,EAAOC,uBAE7BwhD,QAAgCz1D,QAAQ4E,IAAIywD,EAAW5wD,KAAIrC,MAAOqO,EAAK7O,WAC3C6O,EAAIilD,wBAAwBrT,EAAMiT,EAAc1zD,GAAIoS,IAC9CrC,2BAGlCgkD,EAAoB,IAAIC,IAC9B,IAAK,MAAMC,KAAkBJ,EAC3B,IAAK,MAAM71B,KAAYi2B,EACrB,IAEE,MAAMC,EAAgBvrD,EAAM1H,MAAM0H,EAAMkD,KAAMmyB,GAC9C+1B,EAAkB1zD,IAChB6zD,EACAH,EAAkB7xD,IAAIgyD,GAAiBH,EAAkB1tD,IAAI6tD,GAAiB,EAAI,EAE5F,CAAQ,MAAM,CAGZ,MAAMC,EAAsBn2B,GAAkC,IAAtBy1B,EAAW3zD,QAAgBi0D,EAAkB1tD,IAAI23B,KAAcy1B,EAAW3zD,QAAUk+B,IAAa21B,EACnIS,EAAgC,KACpC,GAA+B,IAA3BL,EAAkB3I,KACpB,OAAOuI,EAET,MAGMU,EAHkBx2D,MAAM4gB,KAAKs1C,EAAkBxf,QAClD9rC,QAAOu1B,GAAYm2B,EAAoBn2B,KACvC4a,MAAK,CAAC0b,EAAOC,IAAUl6C,GAAOxO,KAAKwX,kBAAkBixC,GAASj6C,GAAOxO,KAAKwX,kBAAkBkxC,KACrD,GAE1C,OAAOl6C,GAAOxO,KAAKwX,kBAAkBgxC,IAAsBh6C,GAAOxO,KAAKwX,kBAAkBswC,GAAeU,EAAoBV,CAAW,EAUzI,GAPiB,IAAI9/C,IAAI,CACvBlL,EAAMsB,UAAUO,MAChB7B,EAAMsB,UAAUQ,YAChB9B,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUa,QAGL5I,IAAIqxD,EAAiB9f,WAAY,CAS5C,MAAM+gB,EAAqBn6C,GAAOo6C,0BAA0BlB,EAAiB9f,UAAW8f,EAAiBpgB,aAAa/J,KAEhHsrB,EAAiCP,EAAoBP,GACrDe,EAA2Ct6C,GAAOxO,KAAKwX,kBAAkBuwC,IAAwBv5C,GAAOxO,KAAKwX,kBAAkBmxC,GAErI,GAAIE,GAAkCC,EACpC,OAAOf,EACF,CACL,MAAMgB,EAAyBR,IAC/B,OAAO/5C,GAAOxO,KAAKwX,kBAAkBuxC,IAA2Bv6C,GAAOxO,KAAKwX,kBAAkBmxC,GAC5FI,EACAJ,CACR,CACA,CAIE,OAAOL,EAAoBP,GAAuBA,EAAsBQ,GAC1E,CA2FwC9oB,CAAqBgoB,EAAeC,EAAkB9S,EAAM+S,EAAkBphD,GACpHyzC,EAAgB7C,aAAe,IAAIC,SAC7B4C,EAAgB3nB,KAAKq1B,EAAkBJ,EAAY1S,EAAM9X,EAAUv2B,GAClEyzC,CACT,CAUOrlD,eAAeq0D,GAAgBC,EAAQC,EAAM5F,EAAM1O,EAAO,IAAIxqC,KAAQ++C,IAC3EF,EAASA,EAAO3F,MAET4F,EAAK5F,GAAMrvD,aAGR1B,QAAQ4E,IAAI8xD,EAAOjyD,KAAIrC,eAAey0D,GACrCA,EAAUvP,UAAUjF,IAAWuU,UAAiBA,EAAQC,IACxDF,EAAK5F,GAAMvsD,MAAK,SAASsyD,GACxB,OAAOlgD,EAAKmE,iBAAiB+7C,EAAQpR,cAAemR,EAAUnR,cAC5E,KACUiR,EAAK5F,GAAMnuD,KAAKi0D,EAE1B,KATMF,EAAK5F,GAAQ2F,EAYnB,CAkBOt0D,eAAe20D,GAAcjC,EAAYlR,EAAewQ,EAAc4C,EAAaroD,EAAW8B,EAAK4xC,EAAO,IAAIxqC,KAAQ7D,GAC3HvD,EAAMA,GAAOqkD,EACb,MAAMmC,EAAmB,GA8BzB,aA7BMj3D,QAAQ4E,IAAIoyD,EAAYvyD,KAAIrC,eAAe80D,GAC/C,IACE,IASGvoD,GAAauoD,EAAoBzlD,YAAYwxC,OAAOt0C,EAAU8C,aAC/D,CACA,MAAM0lD,GAAoB,CACxB5sD,EAAM4H,oBAAoBuB,WAC1BnJ,EAAM4H,oBAAoBqB,cAC1BjJ,EAAM4H,oBAAoBwB,eAC1BqL,SAASk4C,EAAoBnS,+BAEzBmS,EAAoB72B,OACxB5vB,EAAKmzC,EAAewQ,EAAc+C,EAAmB,KAAO9U,GAAM,EAAOruC,GAI3EijD,EAAiBr0D,KAAKs0D,EAAoBzlD,YAClD,CACK,CAAC,MAAOzN,GAAG,CAChB,KAEM2K,GACFA,EAAU02C,UAAU4R,EAAiBzyD,MAAK0+C,GAASA,EAAMD,OAAOt0C,EAAU8C,iBACxE9C,EAAU02C,UAAW,GAChB12C,EAAU02C,SAEZ4R,EAAiBv1D,OAAS,CACnC,CASO,SAASizD,GAAqBpF,EAAW5gD,GAC9C,IAAI+lD,EAKJ,OAHkC,IAA9B/lD,EAAU61C,kBACZkQ,EAAiBnF,EAAUpL,QAAQjsC,UAA0C,IAA9BvJ,EAAU0C,mBAEpDqjD,EAAiB,IAAI78C,KAAK68C,GAAkBrsD,GACrD,CAEO,SAAS+uD,GAAmBxxD,EAASyxD,EAAiB,IAU3D,OATAzxD,EAAQmO,KAAOnO,EAAQmO,MAAQsjD,EAAetjD,KAC9CnO,EAAQ4E,MAAQ5E,EAAQ4E,OAAS6sD,EAAe7sD,MAChD5E,EAAQouD,QAAUpuD,EAAQouD,SAAWqD,EAAerD,QACpDpuD,EAAQyL,uBAAkDnP,IAA9B0D,EAAQyL,kBAAkCzL,EAAQyL,kBAAoBgmD,EAAehmD,kBACjHzL,EAAQqxC,WAAargC,EAAKC,SAASjR,EAAQqxC,YAAcrxC,EAAQqxC,WAAaogB,EAAepgB,WAC7FrxC,EAAQy8C,KAAOz8C,EAAQy8C,MAAQgV,EAAehV,KAE9Cz8C,EAAQk6B,KAAOl6B,EAAQk6B,OAAQ,EAEvBl6B,EAAQmO,MACd,IAAK,MACH,IACEnO,EAAQ4E,MAAQD,EAAM1H,MAAM0H,EAAMC,MAAO5E,EAAQ4E,MAClD,CAAC,MAAOxG,GACP,MAAU3C,MAAM,gBACxB,CACUuE,EAAQ4E,QAAUD,EAAMC,MAAMQ,eAAiBpF,EAAQ4E,QAAUD,EAAMC,MAAMU,kBAC7D,YAAlBtF,EAAQ4E,OAAyC,eAAlB5E,EAAQ4E,QACvC5E,EAAQ4E,MAAQ5E,EAAQk6B,KAAOv1B,EAAMC,MAAMQ,cAAgBT,EAAMC,MAAMU,kBAErEtF,EAAQk6B,KACVl6B,EAAQyvC,UAAYzvC,EAAQ4E,QAAUD,EAAMC,MAAMQ,cAAgBT,EAAMsB,UAAUQ,YAAc9B,EAAMsB,UAAUO,MAEhHxG,EAAQyvC,UAAY9qC,EAAMsB,UAAUM,KAEtC,MACF,IAAK,aACHvG,EAAQyvC,UAAYzvC,EAAQk6B,KAAOv1B,EAAMsB,UAAUZ,QAAUV,EAAMsB,UAAUW,OAC7E,MACF,IAAK,WACH5G,EAAQyvC,UAAYzvC,EAAQk6B,KAAOv1B,EAAMsB,UAAUa,MAAQnC,EAAMsB,UAAUY,KAC3E,MACF,IAAK,MACH7G,EAAQyvC,UAAY9qC,EAAMsB,UAAUC,eACpC,MACF,QACE,MAAUzK,MAAM,wBAAwBuE,EAAQmO,MAEpD,OAAOnO,CACT,CAEO,SAAS0xD,GAAyB/H,EAAW5gD,EAAWqF,GAC7D,OAAQu7C,EAAUla,WAChB,KAAK9qC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,IAAKiC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,UAC5C,QACE,OAAO,EAEb,CAEO,SAAS4kD,GAA4BhI,EAAW5gD,EAAWqF,GAChE,OAAQu7C,EAAUla,WAChB,KAAK9qC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,IAAKkC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,gBAC5C,QACE,OAAO,EAEb,CAEO,SAAS2kD,GAA4BjI,EAAW5gD,EAAWqF,GAChE,IAAKrF,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAGlB,OAAQkuD,EAAUla,WAChB,KAAK9qC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAEnB,WADiCkC,EAAUsD,aAAatD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,aAChEqB,EAAOoB,2CAK9BzG,EAAUsD,aACjBtD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,iBAE1C,QACE,OAAO,EAEb,CASO,SAAS4kD,GAAqBlI,EAAWv7C,GAC9C,MAAM+hC,EAAUxrC,EAAM1H,MAAM0H,EAAMsB,UAAW0jD,EAAUla,WACjDqiB,EAAWnI,EAAUY,mBAC3B,GAAIn8C,EAAOuC,0BAA0BzS,IAAIiyC,GACvC,MAAU10C,MAASq2D,EAASriB,UAAZ,kCAElB,OAAQU,GACN,KAAKxrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUE,WACnB,GAAI2rD,EAAS57C,KAAO9H,EAAOkB,WACzB,MAAU7T,MAAM,yBAAyB2S,EAAOkB,4CAElD,MACF,KAAK3K,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUM,KACnB,GAAI6H,EAAOwC,aAAa1S,IAAI4zD,EAASltD,OACnC,MAAUnJ,MAAM,eAAeq2D,EAASriB,8BAA8BqiB,EAASltD,sBAMvF,CC7fA,MAAMmtD,GACJ,WAAAj4D,CAAYk4D,EAAYC,GACtB/3D,KAAKuP,OAASuoD,EAAWl4D,YAAYme,MAAQtT,EAAMkE,OAAOY,OAASuoD,EAAa,KAChF93D,KAAKyP,cAAgBqoD,EAAWl4D,YAAYme,MAAQtT,EAAMkE,OAAOc,cAAgBqoD,EAAa,KAC9F93D,KAAKg4D,mBAAqB,GAC1Bh4D,KAAKi4D,oBAAsB,GAC3Bj4D,KAAKk4D,qBAAuB,GAC5Bl4D,KAAK+3D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAKvB,OAJAsL,EAAW5wD,KAAK9C,KAAKuP,QAAUvP,KAAKyP,eACpCikD,EAAW5wD,QAAQ9C,KAAKk4D,sBACxBxE,EAAW5wD,QAAQ9C,KAAKg4D,oBACxBtE,EAAW5wD,QAAQ9C,KAAKi4D,qBACjBvE,CACX,CAME,KAAA9wD,GACE,MAAMw1D,EAAO,IAAIP,GAAK73D,KAAKuP,QAAUvP,KAAKyP,cAAezP,KAAK+3D,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAIh4D,KAAKg4D,oBACnCI,EAAKH,oBAAsB,IAAIj4D,KAAKi4D,qBACpCG,EAAKF,qBAAuB,IAAIl4D,KAAKk4D,sBAC9BE,CACX,CAUE,aAAMC,CAAQC,EAAa/V,EAAMruC,GAC/B,MAAM8gD,EAAah1D,KAAK+3D,QAAQtI,UAC1BwF,EAAa,CACjB1lD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKqkD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAW1lD,QAAU0lD,EAAWxlD,cAAezP,KAAK+3D,SAgB1E,OAfAK,EAAKH,0BAA4B/3D,QAAQ4E,IAAIwzD,EAAY3zD,KAAIrC,eAAekR,GAC1E,IAAKA,EAAW+kD,YACd,MAAUh3D,MAAM,gCAElB,GAAIiS,EAAW28C,qBAAqB6E,GAClC,MAAUzzD,MAAM,+DAElB,MAAMi3D,QAAmBhlD,EAAWilD,mBAAcr2D,EAAWmgD,OAAMngD,EAAW8R,GAC9E,OAAOihD,GAAsBF,EAAY,CAACzhD,GAAaglD,EAAW/I,UAAW,CAE3E3L,cAAer5C,EAAMoE,UAAUuB,YAC/B+B,SAAU,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,WACtD0vC,OAAMngD,OAAWA,OAAWA,EAAW8R,EAChD,WACUkkD,EAAK/zC,OAAOrkB,KAAMuiD,EAAMruC,GACvBkkD,CACX,CAcE,eAAMM,CAAUC,EAAalJ,EAAWlN,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAClE,MAAMy9C,EAAah1D,KAAK+3D,QAAQtI,UAChC,OAAOwH,GAAcjC,EAAYvqD,EAAMoE,UAAU2B,eAAgB,CAC/DG,IAAKqkD,EACLzlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,eACnBzP,KAAKk4D,qBAAsBS,EAAalJ,EAAWlN,EAAMruC,EAChE,CAYE,uBAAM0kD,CAAkBD,EAAaE,EAAkBtW,EAAO,IAAIxqC,KAAQ7D,GACxE,MAAMu1C,EAAOzpD,KACPg1D,EAAah1D,KAAK+3D,QAAQtI,UAC1B6E,EAAe,CACnB/kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKqkD,IAEDrjD,YAAEA,GAAgBgnD,EAClBG,EAAaD,EAAiBtuD,QAAOoG,GAAOA,EAAIooD,QAAQpnD,GAAa/P,OAAS,IACpF,OAA0B,IAAtBk3D,EAAWl3D,OACN,YAEH1B,QAAQ4E,IAAIg0D,EAAWn0D,KAAIrC,UAC/B,MAAMk2D,QAAmB7nD,EAAI8nD,cAAc9mD,EAAagnD,EAAYtU,aAASjiD,EAAW8R,GACxF,GAAIykD,EAAYpT,eAAiBkE,EAAKiP,UAAUC,EAAaH,EAAW/I,UAAWlN,EAAMruC,GACvF,MAAU3S,MAAM,+BAElB,UACQo3D,EAAYp4B,OAAOi4B,EAAW/I,UAAWhlD,EAAMoE,UAAUuB,YAAakkD,EAAc/R,OAAMngD,EAAW8R,EAC5G,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,8BAA+BzZ,EAC5D,OAEW,EACX,CAcE,6BAAM80D,CAAwBH,EAAkBtW,EAAO,IAAIxqC,KAAQ7D,GACjE,MAAMu1C,EAAOzpD,KACPi5D,EAAiBj5D,KAAKg4D,mBAAmBxzD,OAAOxE,KAAKi4D,qBAC3D,OAAO/3D,QAAQ4E,IAAIm0D,EAAet0D,KAAIrC,UAAwB,CAC5D8gD,MAAO8V,EAAcvnD,YACrBwnD,YAAa1P,EAAKmP,kBAAkBM,EAAeL,EAAkBtW,EAAMruC,GAAQ7T,OAAM,KAAM,QAErG,CAWE,YAAMkgC,CAAOgiB,EAAO,IAAIxqC,KAAQ7D,GAC9B,IAAKlU,KAAKg4D,mBAAmBp2D,OAC3B,MAAUL,MAAM,gCAElB,MAAMkoD,EAAOzpD,KACPg1D,EAAah1D,KAAK+3D,QAAQtI,UAC1B6E,EAAe,CACnB/kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKqkD,GAGP,IAAI92C,EACJ,IAAK,IAAIpc,EAAI9B,KAAKg4D,mBAAmBp2D,OAAS,EAAGE,GAAK,EAAGA,IACvD,IACE,MAAMs3D,EAAoBp5D,KAAKg4D,mBAAmBl2D,GAClD,GAAIs3D,EAAkB7T,eAAiBkE,EAAKiP,UAAUU,OAAmBh3D,EAAWmgD,EAAMruC,GACxF,MAAU3S,MAAM,iCAElB,UACQ63D,EAAkB74B,OAAOy0B,EAAYvqD,EAAMoE,UAAUuB,YAAakkD,EAAc/R,OAAMngD,EAAW8R,EACxG,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,gCAAiCzZ,EAChE,CACQ,OAAO,CACR,CAAC,MAAOA,GACPga,EAAYha,CACpB,CAEI,MAAMga,CACV,CAUE,YAAMmG,CAAOg1C,EAAY9W,EAAMruC,GAC7B,MAAM8gD,EAAah1D,KAAK+3D,QAAQtI,UAC1B6E,EAAe,CACnB/kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKqkD,SAGD2B,GAAgB0C,EAAYr5D,KAAM,qBAAsBuiD,GAAMjgD,eAAeg3D,GACjF,IAEE,aADMA,EAAW/4B,OAAOy0B,EAAYvqD,EAAMoE,UAAUuB,YAAakkD,EAAc/R,GAAM,EAAOruC,IACrF,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUyyD,GAAgB0C,EAAYr5D,KAAM,sBAAuBuiD,SAEzDoU,GAAgB0C,EAAYr5D,KAAM,uBAAwBuiD,GAAM,SAASgX,GAC7E,OAAOtC,GAAcjC,EAAYvqD,EAAMoE,UAAU2B,eAAgB8jD,EAAc,CAACiF,QAAYn3D,OAAWA,EAAWmgD,EAAMruC,EAC9H,GACA,CAaE,YAAMslD,CACJxE,GAEEyE,KAAMxU,EAA0Bx6C,EAAM4H,oBAAoBoB,SAC1DimD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAIxqC,KACX7D,EAASqD,GAET,MAAM09C,EAAa,CACjB1lD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKqkD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAW1lD,QAAU0lD,EAAWxlD,cAAezP,KAAK+3D,SAO1E,OANAK,EAAKF,qBAAqBp1D,WAAWqyD,GAAsBF,EAAY,GAAID,EAAY,CACrFlR,cAAer5C,EAAMoE,UAAU2B,eAC/By0C,wBAAyBx6C,EAAM1H,MAAM0H,EAAM4H,oBAAqB4yC,GAChEC,6BACC3C,OAAMngD,OAAWA,GAAW,EAAO8R,UAChCkkD,EAAK/zC,OAAOrkB,MACXo4D,CACX,EC3PA,MAAMuB,GAKJ,WAAA/5D,CAAYg6D,EAAc7B,GACxB/3D,KAAKyvD,UAAYmK,EACjB55D,KAAK65D,kBAAoB,GACzB75D,KAAKk4D,qBAAuB,GAC5Bl4D,KAAK+3D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAIvB,OAHAsL,EAAW5wD,KAAK9C,KAAKyvD,WACrBiE,EAAW5wD,QAAQ9C,KAAKk4D,sBACxBxE,EAAW5wD,QAAQ9C,KAAK65D,mBACjBnG,CACX,CAME,KAAA9wD,GACE,MAAMmyD,EAAS,IAAI4E,GAAO35D,KAAKyvD,UAAWzvD,KAAK+3D,SAG/C,OAFAhD,EAAO8E,kBAAoB,IAAI75D,KAAK65D,mBACpC9E,EAAOmD,qBAAuB,IAAIl4D,KAAKk4D,sBAChCnD,CACX,CAcE,eAAM2D,CAAU7pD,EAAW8B,EAAK4xC,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAC1D,MAAMy9C,EAAah1D,KAAK+3D,QAAQtI,UAChC,OAAOqK,GACL9E,EAAYvqD,EAAMoE,UAAUgC,iBAAkB,CAC5CF,IAAKqkD,EACLrxD,KAAM3D,KAAKyvD,WACVzvD,KAAKk4D,qBAAsBrpD,EAAW8B,EAAK4xC,EAAMruC,EAE1D,CAWE,YAAMqsB,CAAOgiB,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACvC,MAAMy9C,EAAah1D,KAAK+3D,QAAQtI,UAC1B6E,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAM3D,KAAKyvD,WAE7CsK,QAAyBC,GAA+Bh6D,KAAK65D,kBAAmB7E,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,EAAMruC,GAErJ,GAAI6lD,EAAiBxU,eAAiBvlD,KAAK04D,UAAUqB,EAAkB,KAAMxX,EAAMruC,GACjF,MAAU3S,MAAM,qBAGlB,GAAI04D,GAAqBj6D,KAAKyvD,UAAWsK,EAAkBxX,GACzD,MAAUhhD,MAAM,qBAElB,OAAOw4D,CACX,CAUE,uBAAMzS,CAAkB/E,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAClD,MAAMy9C,EAAah1D,KAAK+3D,QAAQtI,UAC1B6E,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAM3D,KAAKyvD,WACnD,IAAIsK,EACJ,IACEA,QAAyBC,GAA+Bh6D,KAAK65D,kBAAmB7E,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,EAAMruC,EAChJ,CAAC,MAAOhQ,GACP,OAAO,IACb,CACI,MAAMg2D,EAAYC,GAA4Bn6D,KAAKyvD,UAAWsK,GACxDK,EAAYL,EAAiBzS,oBACnC,OAAO4S,EAAYE,EAAYF,EAAYE,CAC/C,CAUE,YAAM/1C,CAAO0wC,EAAQxS,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAC/C,MAAMy9C,EAAah1D,KAAK+3D,QAAQtI,UAChC,IAAKzvD,KAAKmwD,qBAAqB4E,GAC7B,MAAUxzD,MAAM,2DAGdvB,KAAKyvD,UAAU7vD,YAAYme,MAAQtT,EAAMkE,OAAOa,cAChDulD,EAAOtF,UAAU7vD,YAAYme,MAAQtT,EAAMkE,OAAOM,eACpDjP,KAAKyvD,UAAYsF,EAAOtF,WAG1B,MAAMhG,EAAOzpD,KACPs0D,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAM8lD,EAAKgG,iBAC7C4K,GAAuBtF,EAAQ/0D,KAAM,oBAAqBuiD,GAAMjgD,eAAeg4D,GACnF,IAAK,IAAIx4D,EAAI,EAAGA,EAAI2nD,EAAKoQ,kBAAkBj4D,OAAQE,IACjD,GAAI2nD,EAAKoQ,kBAAkB/3D,GAAG6P,YAAYwxC,OAAOmX,EAAW3oD,aAI1D,OAHI2oD,EAAWjW,QAAUoF,EAAKoQ,kBAAkB/3D,GAAGuiD,UACjDoF,EAAKoQ,kBAAkB/3D,GAAKw4D,IAEvB,EAGX,IAEE,aADMA,EAAW/5B,OAAOy0B,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,OAAMngD,EAAW8R,IAC3F,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUm2D,GAAuBtF,EAAQ/0D,KAAM,uBAAwBuiD,GAAM,SAASgX,GAChF,OAAOO,GAAqB9E,EAAYvqD,EAAMoE,UAAUgC,iBAAkByjD,EAAc,CAACiF,QAAYn3D,OAAWA,EAAWmgD,EAAMruC,EACvI,GACA,CAaE,YAAMslD,CACJxE,GAEEyE,KAAMxU,EAA0Bx6C,EAAM4H,oBAAoBoB,SAC1DimD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAIxqC,KACX7D,EAASqD,GAET,MAAM09C,EAAa,CAAEtkD,IAAKqkD,EAAYrxD,KAAM3D,KAAKyvD,WAC3CsF,EAAS,IAAI4E,GAAO35D,KAAKyvD,UAAWzvD,KAAK+3D,SAO/C,OANAhD,EAAOmD,qBAAqBp1D,WAAWy3D,GAA6BtF,EAAY,GAAID,EAAY,CAC9FlR,cAAer5C,EAAMoE,UAAUgC,iBAC/Bo0C,wBAAyBx6C,EAAM1H,MAAM0H,EAAM4H,oBAAqB4yC,GAChEC,6BACC3C,OAAMngD,OAAWA,GAAW,EAAO8R,UAChC6gD,EAAO1wC,OAAOrkB,MACb+0D,CACX,CAEE,oBAAA5E,CAAqBC,GACnB,OAAOpwD,KAAKyvD,UAAUU,qBAAqBC,EAAMX,WAAaW,EAClE,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAenuD,SAAQgG,IAC3F0xD,GAAO15D,UAAUgI,GACf,WACE,OAAOjI,KAAKyvD,UAAUxnD,IACvB,CAAA,IC9KL,MAAMuyD,gBAAyC1jD,EAAK8G,wBAAwB,CAACimC,KACvE4W,GAAoB,IAAI9kD,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,aAClEknD,GAAgB,IAAI/kD,IAAI,CAC5BlL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,WACrC/I,EAAMkE,OAAOa,aAAc/E,EAAMkE,OAAOgsD,gBAY1C,MAAMC,GAMJ,qBAAAC,CAAsBnH,EAAYoH,EAAoB,IAAInlD,KACxD,IAAIyiD,EACA2C,EACAhG,EACAiG,EAEJ,IAAK,MAAMrsD,KAAU+kD,EAAY,CAE/B,GAAI/kD,aAAkBi+B,GAAmB,CACR8tB,GAAc12D,IAAI2K,EAAOoP,OACzBi9C,IAI3BA,EADEP,GAAkBz2D,IAAI2K,EAAOoP,KACjB08C,GAEAC,IAGlB,QACR,CAEM,MAAM38C,EAAMpP,EAAO/O,YAAYme,IAC/B,GAAIi9C,EAAa,CACf,IAAKA,EAAYh3D,IAAI+Z,GAAM,SAC3Bi9C,EAAc,IACtB,CACM,GAAIF,EAAkB92D,IAAI+Z,GACxB,MAAUxc,MAAM,2BAA2Bwc,GAE7C,OAAQA,GACN,KAAKtT,EAAMkE,OAAO5C,UAClB,KAAKtB,EAAMkE,OAAOK,UAChB,GAAIhP,KAAKyvD,UACP,MAAUluD,MAAM,oCAIlB,GAFAvB,KAAKyvD,UAAY9gD,EACjBosD,EAAe/6D,KAAKimD,YACf8U,EACH,MAAUx5D,MAAM,kBAElB,MACF,KAAKkJ,EAAMkE,OAAOY,OAClB,KAAK9E,EAAMkE,OAAOc,cAChB2oD,EAAO,IAAIP,GAAKlpD,EAAQ3O,MACxBA,KAAKi7D,MAAMn4D,KAAKs1D,GAChB,MACF,KAAK3tD,EAAMkE,OAAOa,aAClB,KAAK/E,EAAMkE,OAAOM,aAChBmpD,EAAO,KACPrD,EAAS,IAAI4E,GAAOhrD,EAAQ3O,MAC5BA,KAAKk7D,QAAQp4D,KAAKiyD,GAClB,MACF,KAAKtqD,EAAMkE,OAAOE,UAChB,OAAQF,EAAOm1C,eACb,KAAKr5C,EAAMoE,UAAUuB,YACrB,KAAK3F,EAAMoE,UAAUwB,YACrB,KAAK5F,EAAMoE,UAAUyB,WACrB,KAAK7F,EAAMoE,UAAU0B,aACnB,IAAK6nD,EAAM,CACTthD,EAAKuE,WAAW,mEAChB,QAChB,CACkB1M,EAAOgD,YAAYwxC,OAAO4X,GAC5B3C,EAAKJ,mBAAmBl1D,KAAK6L,GAE7BypD,EAAKH,oBAAoBn1D,KAAK6L,GAEhC,MACF,KAAKlE,EAAMoE,UAAU2B,eACf4nD,EACFA,EAAKF,qBAAqBp1D,KAAK6L,GAE/B3O,KAAKm7D,iBAAiBr4D,KAAK6L,GAE7B,MACF,KAAKlE,EAAMoE,UAAU8B,IACnB3Q,KAAKm7D,iBAAiBr4D,KAAK6L,GAC3B,MACF,KAAKlE,EAAMoE,UAAU4B,cACnB,IAAKskD,EAAQ,CACXj+C,EAAKuE,WAAW,qEAChB,QAChB,CACc05C,EAAO8E,kBAAkB/2D,KAAK6L,GAC9B,MACF,KAAKlE,EAAMoE,UAAU+B,cACnB5Q,KAAKk4D,qBAAqBp1D,KAAK6L,GAC/B,MACF,KAAKlE,EAAMoE,UAAUgC,iBACnB,IAAKkkD,EAAQ,CACXj+C,EAAKuE,WAAW,wEAChB,QAChB,CACc05C,EAAOmD,qBAAqBp1D,KAAK6L,IAK/C,CACA,CAME,YAAAwpD,GACE,MAAMzE,EAAa,IAAItL,GAMvB,OALAsL,EAAW5wD,KAAK9C,KAAKyvD,WACrBiE,EAAW5wD,QAAQ9C,KAAKk4D,sBACxBxE,EAAW5wD,QAAQ9C,KAAKm7D,kBACxBn7D,KAAKi7D,MAAMt2D,KAAIyzD,GAAQ1E,EAAW5wD,QAAQs1D,EAAKD,kBAC/Cn4D,KAAKk7D,QAAQv2D,KAAIowD,GAAUrB,EAAW5wD,QAAQiyD,EAAOoD,kBAC9CzE,CACX,CAOE,KAAA9wD,CAAMw4D,GAAqB,GACzB,MAAMzqD,EAAM,IAAI3Q,KAAKJ,YAAYI,KAAKm4D,gBAiBtC,OAhBIiD,GACFzqD,EAAIooD,UAAU92D,SAAQsX,IAMpB,GAJAA,EAAEk2C,UAAY3vD,OAAO+kB,OACnB/kB,OAAOu7D,eAAe9hD,EAAEk2C,WACxB3vD,OAAOkI,0BAA0BuR,EAAEk2C,aAEhCl2C,EAAEk2C,UAAUM,cAAe,OAEhC,MAAMna,EAAgB,CAAE,EACxB91C,OAAOu2C,KAAK98B,EAAEk2C,UAAU7Z,eAAe3zC,SAAQgG,IAC7C2tC,EAAc3tC,GAAQ,IAAIxG,WAAW8X,EAAEk2C,UAAU7Z,cAAc3tC,GAAM,IAEvEsR,EAAEk2C,UAAU7Z,cAAgBA,CAAa,IAGtCjlC,CACX,CAQE,UAAA2qD,CAAWlY,EAAQ,MAIjB,OAHgBpjD,KAAKk7D,QAAQ3wD,QAAOwqD,IACjC3R,GAAS2R,EAAO9O,WAAW9C,OAAOC,GAAO,IAGhD,CAQE,OAAA2V,CAAQ3V,EAAQ,MACd,MAAM/M,EAAO,GAIb,OAHK+M,IAASpjD,KAAKimD,WAAW9C,OAAOC,GAAO,IAC1C/M,EAAKvzC,KAAK9C,MAELq2C,EAAK7xC,OAAOxE,KAAKs7D,WAAWlY,GACvC,CAME,SAAAmY,GACE,OAAOv7D,KAAK+4D,UAAUp0D,KAAIgM,GAAOA,EAAIs1C,YACzC,CAME,UAAAuV,GACE,OAAOx7D,KAAKi7D,MAAMt2D,KAAIyzD,GACbA,EAAK7oD,OAAS6oD,EAAK7oD,OAAOA,OAAS,OACzChF,QAAOgF,GAAqB,OAAXA,GACxB,CAME,KAAAxM,GACE,OAAO/C,KAAKm4D,eAAep1D,OAC/B,CAYE,mBAAM01D,CAAcrV,EAAQ,KAAMb,EAAO,IAAIxqC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SACnEvX,KAAKy7D,iBAAiBlZ,EAAMhzC,EAAQ2E,GAC1C,MAAM8gD,EAAah1D,KAAKyvD,UACxB,IACEiM,GAA4B1G,EAAY9gD,EACzC,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,+BAAgCuY,EAC3D,CACI,MAAMglC,EAAUl7D,KAAKk7D,QAAQv4D,QAAQ+3C,MAAK,CAACp8B,EAAGzG,IAAMA,EAAE43C,UAAUpL,QAAU/lC,EAAEmxC,UAAUpL,UACtF,IAAInmC,EACJ,IAAK,MAAM62C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAOx0B,OAAOgiB,EAAMruC,GAC1B,MAAMogD,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAMoxD,EAAOtF,WAC/CsK,QAAyBC,GAC7BjF,EAAO8E,kBAAmB7E,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,EAAMruC,GAE3F,IAAKynD,GAAgC5G,EAAOtF,UAAWsK,EAAkB7lD,GACvE,SAEF,IAAK6lD,EAAiBvnD,kBACpB,MAAUjR,MAAM,8BAOlB,aAJMy4D,GACJ,CAACD,EAAiBvnD,mBAAoBuiD,EAAOtF,UAAWhlD,EAAMoE,UAAU6B,WAAY4jD,EAAc/R,EAAMruC,GAE1GwnD,GAA4B3G,EAAOtF,UAAWv7C,GACvC6gD,CACR,CAAC,MAAO7wD,GACPga,EAAYha,CACtB,CAII,IACE,MAAMk1D,QAA0Bp5D,KAAK41D,wBAAwBrT,EAAMhzC,EAAQ2E,GAC3E,KAAMkvC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCuY,GAAgC3G,EAAYoE,EAAmBllD,GAEjE,OADAwnD,GAA4B1G,EAAY9gD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,kDAAoD3d,KAAKimD,WAAW9a,QAASjtB,EACtG,CAYE,sBAAM09C,CAAiBxY,EAAOb,EAAO,IAAIxqC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SAC/DvX,KAAKy7D,iBAAiBlZ,EAAMhzC,EAAQ2E,GAC1C,MAAM8gD,EAAah1D,KAAKyvD,UACxB,IACEiM,GAA4B1G,EAAY9gD,EACzC,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,+BAAgCuY,EAC3D,CAEI,MAAMglC,EAAUl7D,KAAKk7D,QAAQv4D,QAAQ+3C,MAAK,CAACp8B,EAAGzG,IAAMA,EAAE43C,UAAUpL,QAAU/lC,EAAEmxC,UAAUpL,UACtF,IAAInmC,EACJ,IAAK,MAAM62C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAOx0B,OAAOgiB,EAAMruC,GAC1B,MAAMogD,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAMoxD,EAAOtF,WAC/CsK,QAAyBC,GAA+BjF,EAAO8E,kBAAmB7E,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,EAAMruC,GACvJ,GAAI2nD,GAAmC9G,EAAOtF,UAAWsK,EAAkB7lD,GAEzE,OADAwnD,GAA4B3G,EAAOtF,UAAWv7C,GACvC6gD,CAEV,CAAC,MAAO7wD,GACPga,EAAYha,CACtB,CAII,IAEE,MAAMk1D,QAA0Bp5D,KAAK41D,wBAAwBrT,EAAMhzC,EAAQ2E,GAC3E,KAAMkvC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCyY,GAAmC7G,EAAYoE,EAAmBllD,GAEpE,OADAwnD,GAA4B1G,EAAY9gD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,qDAAuD3d,KAAKimD,WAAW9a,QAASjtB,EACzG,CAcE,eAAMw6C,CAAU7pD,EAAW8B,EAAK4xC,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAC1D,OAAOuiD,GACL95D,KAAKyvD,UAAWhlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKyvD,WAAazvD,KAAKk4D,qBAAsBrpD,EAAW8B,EAAK4xC,EAAMruC,EAE/H,CAWE,sBAAMunD,CAAiBlZ,EAAO,IAAIxqC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC9D,MAAMy9C,EAAah1D,KAAKyvD,UAExB,SAAUzvD,KAAK04D,UAAU,KAAM,KAAMnW,EAAMruC,GACzC,MAAU3S,MAAM,0BAKlB,GAAI04D,GAAqBjF,QAFOh1D,KAAK41D,wBAAwBrT,EAAMhzC,EAAQ2E,GAEnBquC,GACtD,MAAUhhD,MAAM,0BAElB,GAA2B,IAAvByzD,EAAW1d,QAAe,CAE5B,MAAMwkB,QAAwB9B,GAC5Bh6D,KAAKm7D,iBAAkBnG,EAAYvqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKqkD,GAAczS,EAAMruC,GACnF7T,OAAM,SAER,GAAIy7D,GAAmB7B,GAAqBjF,EAAY8G,EAAiBvZ,GACvE,MAAUhhD,MAAM,yBAExB,CACA,CAUE,uBAAM+lD,CAAkB/3C,EAAQ2E,EAASqD,GACvC,IAAIwkD,EACJ,IACE,MAAM3C,QAA0Bp5D,KAAK41D,wBAAwB,KAAMrmD,EAAQ2E,GACrE8nD,EAAmB7B,GAA4Bn6D,KAAKyvD,UAAW2J,GAC/D6C,EAAgB7C,EAAkB9R,oBAClCwU,EAA6C,IAA3B97D,KAAKyvD,UAAUnY,eAC/B0iB,GACJh6D,KAAKm7D,iBAAkBn7D,KAAKyvD,UAAWhlD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK3Q,KAAKyvD,WAAa,KAAMv7C,GAC3F7T,OAAM,SACV,GAAIy7D,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4Bn6D,KAAKyvD,UAAWqM,GAGvEC,EAAmBtzD,KAAKmd,IAAIo2C,EAAkBC,EAAeC,EACrE,MACQH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,CAE5E,CAAC,MAAO/3D,GACP63D,EAAmB,IACzB,CAEI,OAAOjlD,EAAKuB,cAAc0jD,EAC9B,CAcE,6BAAMnG,CAAwBrT,EAAO,IAAIxqC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GACrE,MAAMy9C,EAAah1D,KAAKyvD,UACxB,GAA2B,IAAvBuF,EAAW1d,QACb,OAAO0iB,GACLh6D,KAAKm7D,iBAAkBnG,EAAYvqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKqkD,GAAczS,EAAMruC,GAGvF,MAAMklD,kBAAEA,SAA4Bp5D,KAAKm8D,eAAe5Z,EAAMhzC,EAAQ2E,GACtE,OAAOklD,CACX,CAeE,oBAAM+C,CAAe5Z,EAAO,IAAIxqC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC5D,MAAMy9C,EAAah1D,KAAKyvD,UAClBwL,EAAQ,GACd,IAAI/8C,EACJ,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAKi7D,MAAMr5D,OAAQE,IACrC,IACE,MAAMs2D,EAAOp4D,KAAKi7D,MAAMn5D,GACxB,IAAKs2D,EAAK7oD,OACR,SAEF,QACmBnN,IAAhBmN,EAAOtH,MAAsBmwD,EAAK7oD,OAAOtH,OAASsH,EAAOtH,WACxC7F,IAAjBmN,EAAOsjD,OAAuBuF,EAAK7oD,OAAOsjD,QAAUtjD,EAAOsjD,YACxCzwD,IAAnBmN,EAAOujD,SAAyBsF,EAAK7oD,OAAOujD,UAAYvjD,EAAOujD,QAEhE,MAAUvxD,MAAM,iDAElB,MAAM+yD,EAAe,CAAE/kD,OAAQ6oD,EAAK7oD,OAAQoB,IAAKqkD,GAC3CoE,QAA0BY,GAA+B5B,EAAKJ,mBAAoBhD,EAAYvqD,EAAMoE,UAAUuB,YAAakkD,EAAc/R,EAAMruC,GACrJ+mD,EAAMn4D,KAAK,CAAEoa,MAAOpb,EAAGs2D,OAAMgB,qBAC9B,CAAC,MAAOl1D,GACPga,EAAYha,CACpB,CAEI,IAAK+2D,EAAMr5D,OAET,MAAMsc,GAAiB3c,MAAM,qCAEzBrB,QAAQ4E,IAAIm2D,EAAMt2D,KAAIrC,eAAgBgc,GAC1C,OAAOA,EAAE86C,kBAAkB7T,SAAWjnC,EAAE85C,KAAKM,UAAUp6C,EAAE86C,kBAAmB,KAAM7W,EAAMruC,EAC9F,KAEI,MAAMkoD,EAAcnB,EAAMvgB,MAAK,SAASp8B,EAAGzG,GACzC,MAAMgrB,EAAIvkB,EAAE86C,kBACNiD,EAAIxkD,EAAEuhD,kBACZ,OAAOiD,EAAE9W,QAAU1iB,EAAE0iB,SAAW1iB,EAAEmiB,gBAAkBqX,EAAErX,iBAAmBniB,EAAEwhB,QAAUgY,EAAEhY,OACxF,IAAEiY,OACGlE,KAAEA,EAAMgB,kBAAmBmD,GAASH,EAC1C,GAAIG,EAAKhX,eAAiB6S,EAAKM,UAAU6D,EAAM,KAAMha,EAAMruC,GACzD,MAAU3S,MAAM,2BAElB,OAAO66D,CACX,CAeE,YAAM/3C,CAAOm4C,EAAWja,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAClD,IAAKvX,KAAKmwD,qBAAqBqM,GAC7B,MAAUj7D,MAAM,4DAElB,IAAKvB,KAAKu4D,aAAeiE,EAAUjE,YAAa,CAQ9C,KANev4D,KAAKk7D,QAAQt5D,SAAW46D,EAAUtB,QAAQt5D,QAClD5B,KAAKk7D,QAAQh/B,OAAMugC,GACXD,EAAUtB,QAAQx2D,MAAKg4D,GACrBD,EAAWtM,qBAAqBuM,QAI/C,MAAUn7D,MAAM,iEAGlB,OAAOi7D,EAAUn4C,OAAOrkB,KAAMkU,EACpC,CAKI,MAAMyoD,EAAa38D,KAAK4C,QA0CxB,aAxCMy3D,GAAuBmC,EAAWG,EAAY,uBAAwBpa,GAAMgX,GACzEO,GAAqB6C,EAAWlN,UAAWhlD,EAAMoE,UAAU+B,cAAe+rD,EAAY,CAACpD,GAAY,KAAMiD,EAAU/M,UAAWlN,EAAMruC,WAGvImmD,GAAuBmC,EAAWG,EAAY,mBAAoBpa,SAElEriD,QAAQ4E,IAAI03D,EAAUvB,MAAMt2D,KAAIrC,UAGpC,MAAMs6D,EAAgBD,EAAW1B,MAAM1wD,QAAOsyD,GAC3CC,EAAQvtD,QAAUutD,EAAQvtD,OAAO4zC,OAAO0Z,EAAQttD,SAChDutD,EAAQrtD,eAAiBqtD,EAAQrtD,cAAc0zC,OAAO0Z,EAAQptD,iBAEjE,GAAImtD,EAAch7D,OAAS,QACnB1B,QAAQ4E,IACZ83D,EAAcj4D,KAAIo4D,GAAgBA,EAAa14C,OAAOy4C,EAASva,EAAMruC,UAElE,CACL,MAAM8oD,EAAUF,EAAQl6D,QACxBo6D,EAAQjF,QAAU4E,EAClBA,EAAW1B,MAAMn4D,KAAKk6D,EAC9B,YAGU98D,QAAQ4E,IAAI03D,EAAUtB,QAAQv2D,KAAIrC,UAEtC,MAAM26D,EAAkBN,EAAWzB,QAAQ3wD,QAAO2yD,GAChDA,EAAU/M,qBAAqBuM,KAEjC,GAAIO,EAAgBr7D,OAAS,QACrB1B,QAAQ4E,IACZm4D,EAAgBt4D,KAAIw4D,GAAkBA,EAAe94C,OAAOq4C,EAAWna,EAAMruC,UAE1E,CACL,MAAMkpD,EAAYV,EAAU95D,QAC5Bw6D,EAAUrF,QAAU4E,EACpBA,EAAWzB,QAAQp4D,KAAKs6D,EAChC,MAGWT,CACX,CAUE,8BAAMU,CAAyB9a,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACzD,MAAM+8C,EAAe,CAAE3jD,IAAK3Q,KAAKyvD,WAC3B2H,QAA4B4C,GAA+Bh6D,KAAKk4D,qBAAsBl4D,KAAKyvD,UAAWhlD,EAAMoE,UAAU+B,cAAe0jD,EAAc/R,EAAMruC,GACzJw/C,EAAa,IAAItL,GACvBsL,EAAW5wD,KAAKs0D,GAEhB,MAAM/0C,EAA0C,IAA3BriB,KAAKyvD,UAAUnY,QACpC,OAAOnkC,EAAM1I,EAAM0I,MAAMpH,UAAW2nD,EAAW3wD,QAAS,KAAM,KAAM,mCAAoCsf,EAAcnO,EAC1H,CAYE,gCAAMopD,CAA2BC,EAAuBhb,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAClF,MAAMhX,QAAc8gB,EAAQk8C,GAEtBnG,SADmBhP,GAAWC,WAAW9nD,EAAMsG,KAAM2zD,GAA0BtmD,IAC9Cm1C,WAAW5+C,EAAMkE,OAAOE,WAC/D,IAAKuoD,GAAuBA,EAAoBtT,gBAAkBr5C,EAAMoE,UAAU+B,cAChF,MAAUrP,MAAM,8CAElB,IAAK61D,EAAoBzlD,YAAYwxC,OAAOnjD,KAAKimD,YAC/C,MAAU1kD,MAAM,2CAElB,UACQ61D,EAAoB72B,OAAOvgC,KAAKyvD,UAAWhlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKyvD,WAAalN,OAAMngD,EAAW8R,EAC3H,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,wCAAyCzZ,EACpE,CACI,MAAMyM,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIunD,qBAAqBp1D,KAAKs0D,GACvBzmD,CACX,CAWE,qBAAM6sD,CAAgBC,EAAalb,EAAMhzC,EAAQ2E,EAASqD,GACxD,MAAM2F,MAAEA,EAAKk7C,KAAEA,SAAep4D,KAAKm8D,eAAe5Z,EAAMhzC,EAAQ2E,GAC1DwpD,QAAiBtF,EAAKC,QAAQoF,EAAalb,EAAMruC,GACjDvD,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIsqD,MAAM/9C,GAASwgD,EACZ/sD,CACX,CAUE,kBAAMgtD,CAAaF,EAAalb,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAC1D,MAAM5G,EAAM3Q,KAAK4C,QAIjB,OAHA+N,EAAIsqD,YAAc/6D,QAAQ4E,IAAI9E,KAAKi7D,MAAMt2D,KAAI,SAASyzD,GACpD,OAAOA,EAAKC,QAAQoF,EAAalb,EAAMruC,EAC7C,KACWvD,CACX,CAiBE,uBAAMitD,CAAkB/E,EAAkBtW,EAAO,IAAIxqC,KAAQxI,EAAQ2E,EAASqD,GAC5E,MAAMy9C,EAAah1D,KAAKyvD,WAClB2I,KAAEA,SAAep4D,KAAKm8D,eAAe5Z,EAAMhzC,EAAQ2E,GAIzD,OAHgB2kD,QACRT,EAAKY,wBAAwBH,EAAkBtW,EAAMruC,GAC3D,CAAC,CAAEkvC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAK73B,OAAOgiB,EAAMruC,GAAQ7T,OAAM,KAAM,KAE1F,CAiBE,oBAAMw9D,CAAehF,EAAkBtW,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACjE,MAAMy9C,EAAah1D,KAAKyvD,UAClBqO,EAAU,GAehB,aAdM59D,QAAQ4E,IAAI9E,KAAKi7D,MAAMt2D,KAAIrC,UAC/B,MAAM+xD,EAAawE,QACXT,EAAKY,wBAAwBH,EAAkBtW,EAAMruC,GAC3D,CAAC,CAAEkvC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAK73B,OAAOgiB,EAAMruC,GAAQ7T,OAAM,KAAM,MAEtFy9D,EAAQh7D,QAAQuxD,EAAW1vD,KACzBkK,IAAc,CACZU,OAAQ6oD,EAAK7oD,OAAS6oD,EAAK7oD,OAAOA,OAAS,KAC3CE,cAAe2oD,EAAK3oD,cACpB2zC,MAAOv0C,EAAUu0C,MACjB+V,MAAOtqD,EAAUsqD,UAEpB,KAEI2E,CACX,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwB77D,SAAQgG,IACpG2yD,GAAI36D,UAAUgI,GACd0xD,GAAO15D,UAAUgI,EAAK,ICntBxB,MAAM81D,WAAkBnD,GAItB,WAAAh7D,CAAY8zD,GAOV,GANA7zD,QACAG,KAAKyvD,UAAY,KACjBzvD,KAAKk4D,qBAAuB,GAC5Bl4D,KAAKm7D,iBAAmB,GACxBn7D,KAAKi7D,MAAQ,GACbj7D,KAAKk7D,QAAU,GACXxH,IACF1zD,KAAK66D,sBAAsBnH,EAAY,IAAI/9C,IAAI,CAAClL,EAAMkE,OAAOK,UAAWvE,EAAMkE,OAAOM,iBAChFjP,KAAKyvD,WACR,MAAUluD,MAAM,yCAGxB,CAME,SAAAg3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,OAAOh+D,IACX,CAOE,KAAAmT,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAKyvD,UAAUnY,QACpC,OAAOnkC,EAAM1I,EAAM0I,MAAMpH,UAAW/L,KAAKm4D,eAAep1D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACpH,ECpDA,MAAM+pD,WAAmBF,GAIvB,WAAAn+D,CAAY8zD,GAGV,GAFA7zD,QACAG,KAAK66D,sBAAsBnH,EAAY,IAAI/9C,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOa,iBAChFxP,KAAKyvD,UACR,MAAUluD,MAAM,0CAEtB,CAME,SAAAg3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,MAAMtK,EAAa,IAAItL,GACjB8V,EAAal+D,KAAKm4D,eACxB,IAAK,MAAM1I,KAAayO,EACtB,OAAQzO,EAAU7vD,YAAYme,KAC5B,KAAKtT,EAAMkE,OAAOK,UAAW,CAC3B,MAAMmvD,EAAe9O,GAAgBE,oBAAoBE,GACzDiE,EAAW5wD,KAAKq7D,GAChB,KACV,CACQ,KAAK1zD,EAAMkE,OAAOM,aAAc,CAC9B,MAAMmvD,EAAkBzN,GAAmBC,uBAAuBnB,GAClEiE,EAAW5wD,KAAKs7D,GAChB,KACV,CACQ,QACE1K,EAAW5wD,KAAK2sD,GAGtB,OAAO,IAAIsO,GAAUrK,EACzB,CAOE,KAAAvgD,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAKyvD,UAAUnY,QACpC,OAAOnkC,EAAM1I,EAAM0I,MAAMK,WAAYxT,KAAKm4D,eAAep1D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrH,CAaE,uBAAMmqD,CAAkBjb,EAAOb,EAAO,IAAIxqC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,GACtE,MAAMy9C,EAAah1D,KAAKyvD,UAClBpZ,EAAO,GACb,IAAIn4B,EAAY,KAChB,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAKk7D,QAAQt5D,OAAQE,IACvC,IAAKshD,GAASpjD,KAAKk7D,QAAQp5D,GAAGmkD,WAAW9C,OAAOC,GAAO,GAAO,CAC5D,GAAIpjD,KAAKk7D,QAAQp5D,GAAG2tD,UAAUqC,UAAW,CACvC5zC,EAAYA,GAAiB3c,MAAM,uDACnC,QACV,CAEQ,IACE,MAAM+yD,EAAe,CAAE3jD,IAAKqkD,EAAYrxD,KAAM3D,KAAKk7D,QAAQp5D,GAAG2tD,WACxDsK,QAAyBC,GAA+Bh6D,KAAKk7D,QAAQp5D,GAAG+3D,kBAAmB7E,EAAYvqD,EAAMoE,UAAU4B,cAAe6jD,EAAc/R,EAAMruC,GAC5JoqD,GAAmCt+D,KAAKk7D,QAAQp5D,GAAG2tD,UAAWsK,EAAkB7lD,IAClFmiC,EAAKvzC,KAAK9C,KAAKk7D,QAAQp5D,GAE1B,CAAC,MAAOoC,GACPga,EAAYha,CACtB,CACA,CAII,MAAMk1D,QAA0Bp5D,KAAK41D,wBAAwBrT,EAAMhzC,EAAQ2E,GAS3E,GARMkvC,IAAS4R,EAAW/O,WAAW9C,OAAOC,GAAO,KAAUkb,GAAmCtJ,EAAYoE,EAAmBllD,KACzH8gD,EAAWlD,UACb5zC,EAAYA,GAAiB3c,MAAM,uDAEnC80C,EAAKvzC,KAAK9C,OAIM,IAAhBq2C,EAAKz0C,OAEP,MAAMsc,GAAiB3c,MAAM,mCAG/B,OAAO80C,CACX,CAME,WAAA0Z,GACE,OAAO/vD,KAAK+4D,UAAUr0D,MAAK,EAAG+qD,eAAgBA,EAAUM,eAC5D,CAYE,cAAMuC,CAASp+C,EAASqD,GACtB,IAAKvX,KAAKu4D,YACR,MAAUh3D,MAAM,gCAGlB,IAAI8zD,EACJ,GAAKr1D,KAAKyvD,UAAUqC,UAEb,CAKL,MAAM0G,QAAmBx4D,KAAKy4D,cAAc,KAAM,UAAMr2D,EAAW,IAAK8R,EAAQuC,0BAA2B,IAAId,IAAOP,WAAY,IAE9HojD,IAAeA,EAAW/I,UAAUqC,YACtCuD,EAAmBmD,EAAW/I,UAEtC,MAXM4F,EAAmBr1D,KAAKyvD,UAa1B,GAAI4F,EACF,OAAOA,EAAiB/C,WACnB,CACL,MAAMjc,EAAOr2C,KAAK+4D,UAElB,GADmB1iB,EAAK1xC,KAAIgM,GAAOA,EAAI8+C,UAAUqC,YAAW51B,MAAMqiC,SAEhE,MAAUh9D,MAAM,wCAGlB,OAAOrB,QAAQ4E,IAAIuxC,EAAK1xC,KAAIrC,SAAaqO,EAAI8+C,UAAU6C,aAC7D,CACA,CAKE,kBAAAL,GACEjyD,KAAK+4D,UAAU92D,SAAQ,EAAGwtD,gBACpBA,EAAUM,eACZN,EAAUwC,oBAClB,GAEA,CAYE,YAAMuH,EAEFC,KAAMxU,EAA0Bx6C,EAAM4H,oBAAoBoB,SAC1DimD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAIxqC,KACX7D,EAASqD,GAET,IAAKvX,KAAKu4D,YACR,MAAUh3D,MAAM,iCAElB,MAAM0zD,EAAa,CAAEtkD,IAAK3Q,KAAKyvD,WACzB9+C,EAAM3Q,KAAK4C,QAMjB,OALA+N,EAAIunD,qBAAqBp1D,WAAWy3D,GAA6BtF,EAAY,GAAIj1D,KAAKyvD,UAAW,CAC/F3L,cAAer5C,EAAMoE,UAAU+B,cAC/Bq0C,wBAAyBx6C,EAAM1H,MAAM0H,EAAM4H,oBAAqB4yC,GAChEC,6BACC3C,OAAMngD,OAAWA,OAAWA,EAAW8R,IACnCvD,CACX,CAkBE,eAAM6tD,CAAU14D,EAAU,IACxB,MAAMoO,EAAS,IAAKqD,KAAkBzR,EAAQoO,QAC9C,GAAIpO,EAAQqxC,WACV,MAAU51C,MAAM,gEAElB,GAAIuE,EAAQouD,QAAUhgD,EAAOkB,WAC3B,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBtP,EAAQouD,WAEnF,MAAM1E,EAAkBxvD,KAAKyvD,UAC7B,GAAID,EAAgBsC,UAClB,MAAUvwD,MAAM,8CAElB,IAAKiuD,EAAgBO,cACnB,MAAUxuD,MAAM,wBAElB,MAAMk9D,EAAiBjP,EAAgBa,mBACvCoO,EAAexqD,KAiBnB,SAA8B2gB,GAG5B,OAFanqB,EAAM1H,MAAM0H,EAAMsB,UAAW6oB,IAGxC,KAAKnqB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACnB,MAAO,MACT,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,MAAO,MACT,KAAK9B,EAAMsB,UAAUZ,QACnB,MAAO,aACT,KAAKV,EAAMsB,UAAUa,MACnB,MAAO,WACT,QACE,MAAUrL,MAAM,yBAEtB,CApC0Bm9D,CAAqBD,EAAelpB,WAC1DkpB,EAAevK,QAAUuK,EAAeziD,MAAQ,KAChDyiD,EAAe/zD,MAAQ+zD,EAAe/zD,OAAS,mBAC/C5E,EAAU64D,GAA0B74D,EAAS24D,GAK7C,MAAMhP,QAAkBmP,GAA4B94D,EAAS,IAAKoO,EAAQQ,OAAmC,IAA3B1U,KAAKyvD,UAAUnY,UACjGokB,GAA4BjM,EAAWv7C,GACvC,MAAM6lD,QAAyB8E,GAA8BpP,EAAWD,EAAiB1pD,EAASoO,GAC5F4qD,EAAa9+D,KAAKm4D,eAExB,OADA2G,EAAWh8D,KAAK2sD,EAAWsK,GACpB,IAAIkE,GAAWa,EAC1B,EClOA,MAAMC,gBAAkCjoD,EAAK8G,wBAAwB,CACnEyxC,GACAsB,GACAO,GACAmC,GACAT,GACA9B,GACAjN,KASF,SAASmb,GAAUtL,GACjB,IAAK,MAAM/kD,KAAU+kD,EACnB,OAAQ/kD,EAAO/O,YAAYme,KACzB,KAAKtT,EAAMkE,OAAOK,UAChB,OAAO,IAAIivD,GAAWvK,GACxB,KAAKjpD,EAAMkE,OAAO5C,UAChB,OAAO,IAAIgyD,GAAUrK,GAG3B,MAAUnyD,MAAM,sBAClB,CAgHAe,eAAe28D,GAAczP,EAAiB0P,EAAqBp5D,EAASoO,GAEtEpO,EAAQqxC,kBACJqY,EAAgB5hC,QAAQ9nB,EAAQqxC,WAAYjjC,SAG9ChU,QAAQ4E,IAAIo6D,EAAoBv6D,KAAIrC,eAAeuuD,EAAoB3zC,GAC3E,MAAMiiD,EAAmBr5D,EAAQo1D,QAAQh+C,GAAOi6B,WAC5CgoB,SACItO,EAAmBjjC,QAAQuxC,EAAkBjrD,EAEzD,KAEE,MAAMw/C,EAAa,IAAItL,GAGvB,SAASgX,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAM90D,QAAOkY,GAAQA,IAAS68C,IAC5D,CAEE,SAASC,IACP,MAAMrK,EAAsB,CAAE,EAC9BA,EAAoB/iD,SAAW,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,UAC5E,MAAM2sD,EAAsBJ,EAAqB,CAE/C30D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,QACfgH,EAAOE,6BAEV,GADA8gD,EAAoBzjD,6BAA+B+tD,EAC/CtrD,EAAOI,YAAa,CACtB,MAAMmrD,EAAiBL,EAAqB,CAC1C30D,EAAM6D,KAAKG,IACXhE,EAAM6D,KAAKC,IACX9D,EAAM6D,KAAKE,KACV0F,EAAOM,wBACV0gD,EAAoBviD,sBAAwB8sD,EAAeC,SAAQtU,GAC1DoU,EAAoB76D,KAAIg7D,GACtB,CAACA,EAAoBvU,MAGtC,CAuBI,OAtBA8J,EAAoBrjD,wBAA0ButD,EAAqB,CAEjE30D,EAAMkD,KAAKI,OACXtD,EAAMkD,KAAKM,OACXxD,EAAMkD,KAAKQ,SACX1D,EAAMkD,KAAKS,UACV8F,EAAOC,wBACV+gD,EAAoBpjD,+BAAiCstD,EAAqB,CACxE30D,EAAM6C,YAAYC,aAClB9C,EAAM6C,YAAYG,KAClBhD,EAAM6C,YAAYE,KACjB0G,EAAOG,+BAEV6gD,EAAoB5iD,SAAW,CAAC,GAChC4iD,EAAoB5iD,SAAS,IAAM7H,EAAM6H,SAASwB,sBAC9CI,EAAOI,cACT4gD,EAAoB5iD,SAAS,IAAM7H,EAAM6H,SAAS0B,SAEhDlO,EAAQyL,kBAAoB,IAC9B2jD,EAAoB3jD,kBAAoBzL,EAAQyL,kBAChD2jD,EAAoBxQ,iBAAkB,GAEjCwQ,CACX,CAEE,GApDAxB,EAAW5wD,KAAK0sD,GAoDgB,IAA5BA,EAAgBlY,QAAe,CACjC,MAAM2d,EAAa,CACjBtkD,IAAK6+C,GAGD0F,EAAsBqK,IAC5BrK,EAAoBpR,cAAgBr5C,EAAMoE,UAAU8B,IAEpD,MAAMg3C,QAAwB4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqBpvD,EAAQy8C,UAAMngD,OAAWA,OAAWA,EAAW8R,GAChKw/C,EAAW5wD,KAAK6kD,EACpB,OAEQznD,QAAQ4E,IAAIgB,EAAQ85D,QAAQj7D,KAAIrC,eAAeiN,EAAQ2N,GAC3D,MAAM2iD,EAAejN,GAAatd,WAAW/lC,GACvC0lD,EAAa,CACjB1lD,OAAQswD,EACRlvD,IAAK6+C,GAED0F,EAAkD,IAA5B1F,EAAgBlY,QAAgBioB,IAA8B,CAAE,EAC5FrK,EAAoBpR,cAAgBr5C,EAAMoE,UAAU0B,aACtC,IAAV2M,IACFg4C,EAAoBlQ,iBAAkB,GAKxC,MAAO,CAAE6a,eAAclY,sBAFO4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqBpvD,EAAQy8C,UAAMngD,OAAWA,OAAWA,EAAW8R,GAGpK,KAAMrR,MAAK4B,IACPA,EAAKxC,SAAQ,EAAG49D,eAAclY,sBAC5B+L,EAAW5wD,KAAK+8D,GAChBnM,EAAW5wD,KAAK6kD,EAAgB,GAChC,UAGEznD,QAAQ4E,IAAIo6D,EAAoBv6D,KAAIrC,eAAeuuD,EAAoB3zC,GAC3E,MAAM4iD,EAAgBh6D,EAAQo1D,QAAQh+C,GAEtC,MAAO,CAAE2zC,qBAAoBkP,4BADOlB,GAA8BhO,EAAoBrB,EAAiBsQ,EAAe5rD,GAE1H,KAAMrR,MAAKylD,IACPA,EAAQrmD,SAAQ,EAAG4uD,qBAAoBkP,4BACrCrM,EAAW5wD,KAAK+tD,GAChB6C,EAAW5wD,KAAKi9D,EAAsB,GACtC,IAKJ,MAAM9K,EAAa,CAAEtkD,IAAK6+C,GAkB1B,OAjBAkE,EAAW5wD,WAAWy3D,GAA6BtF,EAAY,GAAIzF,EAAiB,CAClF1L,cAAer5C,EAAMoE,UAAU+B,cAC/Bq0C,wBAAyBx6C,EAAM4H,oBAAoBoB,SACnDyxC,0BAA2B,IAC1Bp/C,EAAQy8C,UAAMngD,OAAWA,OAAWA,EAAW8R,IAE9CpO,EAAQqxC,YACVqY,EAAgByC,2BAGZ/xD,QAAQ4E,IAAIo6D,EAAoBv6D,KAAIrC,eAAeuuD,EAAoB3zC,GAClDpX,EAAQo1D,QAAQh+C,GAAOi6B,YAE9C0Z,EAAmBoB,oBAEzB,KAES,IAAIgM,GAAWvK,EACxB,CAYOpxD,eAAe09D,IAAQC,WAAEA,EAAUC,UAAEA,EAAWhsD,OAAAA,KAAW6/C,IAEhE,GADA7/C,EAAS,IAAKqD,KAAkBrD,IAC3B+rD,IAAeC,EAClB,MAAU3+D,MAAM,4EAElB,GAAI0+D,IAAenpD,EAAKC,SAASkpD,GAC/B,MAAU1+D,MAAM,gDAElB,GAAI2+D,IAAcppD,EAAKtV,aAAa0+D,GAClC,MAAU3+D,MAAM,mDAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAAInC,EACJ,GAAI0/D,EAAY,CACd,MAAMhsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ4+C,GACrC,GAAMhsD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WAC3D,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,MACItG,EAAQ2/D,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAW9nD,EAAOw+D,GAAmB7qD,GACnEisD,EAAWzM,EAAWnK,WAAW9+C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApBmxD,EAASv+D,OACX,MAAUL,MAAM,uBAGlB,OAAOy9D,GADoBtL,EAAW/wD,MAAMw9D,EAAS,GAAIA,EAAS,IAEpE,CAYO79D,eAAe89D,IAAeH,WAAEA,EAAUC,UAAEA,EAAWhsD,OAAAA,KAAW6/C,IAEvE,GADA7/C,EAAS,IAAKqD,KAAkBrD,IAC3B+rD,IAAeC,EAClB,MAAU3+D,MAAM,mFAElB,GAAI0+D,IAAenpD,EAAKC,SAASkpD,GAC/B,MAAU1+D,MAAM,uDAElB,GAAI2+D,IAAcppD,EAAKtV,aAAa0+D,GAClC,MAAU3+D,MAAM,0DAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAAInC,EACJ,GAAI0/D,EAAY,CACd,MAAMhsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ4+C,GACrC,GAAMhsD,IAASxJ,EAAM0I,MAAMK,WACzB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,MACItG,EAAQ2/D,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAW9nD,EAAOw+D,GAAmB7qD,GACnEisD,EAAWzM,EAAWnK,WAAW9+C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIq+D,EAASv+D,OAAQE,IAAK,CACxC,GAAI4xD,EAAWyM,EAASr+D,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMs0D,EAAsB3M,EAAW/wD,MAAMw9D,EAASr+D,GAAIq+D,EAASr+D,EAAI,IACvE,OAAO,IAAIm8D,GAAWoC,EAC1B,CACE,MAAU9+D,MAAM,6BAClB,CAYOe,eAAeg+D,IAASC,YAAEA,EAAWC,WAAEA,EAAYtsD,OAAAA,KAAW6/C,IACnE7/C,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQggE,GAAeC,EAC3B,IAAKjgE,EACH,MAAUgB,MAAM,+EAElB,GAAIg/D,IAAgBzpD,EAAKC,SAASwpD,GAChC,MAAUh/D,MAAM,kDAElB,GAAIi/D,IAAe1pD,EAAKtV,aAAag/D,GACnC,MAAUj/D,MAAM,qDAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAI69D,EAAa,CACf,MAAMtsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQk/C,GACrC,GAAItsD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WACzD,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,CACE,MAAMwvC,EAAO,GACPqd,QAAmBtL,GAAWC,WAAW9nD,EAAOw+D,GAAmB7qD,GACnEisD,EAAWzM,EAAWnK,WAAW9+C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApBmxD,EAASv+D,OACX,MAAUL,MAAM,uBAElB,IAAK,IAAIO,EAAI,EAAGA,EAAIq+D,EAASv+D,OAAQE,IAAK,CACxC,MACM2+D,EAASzB,GADItL,EAAW/wD,MAAMw9D,EAASr+D,GAAIq+D,EAASr+D,EAAI,KAE9Du0C,EAAKvzC,KAAK29D,EACd,CACE,OAAOpqB,CACT,CAYO/zC,eAAeo+D,IAAgBH,YAAEA,EAAWC,WAAEA,EAAUtsD,OAAEA,IAC/DA,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQggE,GAAeC,EAC3B,IAAKjgE,EACH,MAAUgB,MAAM,sFAElB,GAAIg/D,IAAgBzpD,EAAKC,SAASwpD,GAChC,MAAUh/D,MAAM,yDAElB,GAAIi/D,IAAe1pD,EAAKtV,aAAag/D,GACnC,MAAUj/D,MAAM,4DAElB,GAAIg/D,EAAa,CACf,MAAMtsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQk/C,GACrC,GAAItsD,IAASxJ,EAAM0I,MAAMK,WACvB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,CACE,MAAMwvC,EAAO,GACPqd,QAAmBtL,GAAWC,WAAW9nD,EAAOw+D,GAAmB7qD,GACnEisD,EAAWzM,EAAWnK,WAAW9+C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIq+D,EAASv+D,OAAQE,IAAK,CACxC,GAAI4xD,EAAWyM,EAASr+D,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAM40D,EAAajN,EAAW/wD,MAAMw9D,EAASr+D,GAAIq+D,EAASr+D,EAAI,IACxD2+D,EAAS,IAAIxC,GAAW0C,GAC9BtqB,EAAKvzC,KAAK29D,EACd,CACE,GAAoB,IAAhBpqB,EAAKz0C,OACP,MAAUL,MAAM,8BAElB,OAAO80C,CACT,CC5bA,MAAMuqB,gBAAsC9pD,EAAK8G,wBAAwB,CACvE0kC,GACAoH,GACA8D,GACArC,GACAqF,GACA/C,GACAuB,GACAvH,GACA5D,KAGIgd,gBAA4C/pD,EAAK8G,wBAAwB,CAACoxC,KAE1E8R,gBAAgDhqD,EAAK8G,wBAAwB,CAACimC,KAO7E,MAAMkd,GAIX,WAAAnhE,CAAY8zD,GACV1zD,KAAKsoD,QAAUoL,GAAc,IAAItL,EACrC,CAME,mBAAA4Y,GACE,MAAMC,EAAS,GAKf,OAJ0BjhE,KAAKsoD,QAAQW,YAAYx+C,EAAMkE,OAAOC,8BAC9C3M,SAAQ,SAAS0M,GACjCsyD,EAAOn+D,KAAK6L,EAAO++C,YACzB,IACWuT,CACX,CAME,gBAAAtN,GACE,MAAMvoC,EAAMprB,KAAKkhE,mBAEXC,EAAiB/1C,EAAIk9B,QAAQW,YAAYx+C,EAAMkE,OAAOI,kBAC5D,GAAIoyD,EAAev/D,OAAS,EAC1B,OAAOu/D,EAAex8D,KAAIgK,GAAUA,EAAOgD,cAI7C,OADsByZ,EAAIk9B,QAAQW,YAAYx+C,EAAMkE,OAAOE,WACtClK,KAAIgK,GAAUA,EAAOgD,aAC9C,CAYE,aAAMuc,CAAQkzC,EAAgBC,EAAWC,EAAa/e,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAChF,MAAMgqD,EAAyBvhE,KAAKsoD,QAAQW,YAC1Cx+C,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBAGf,GAAsC,IAAlC2xD,EAAuB3/D,OACzB,MAAUL,MAAM,2BAGlB,MAAMigE,EAAqBD,EAAuB,GAC5CE,EAA6BD,EAAmBlW,gBAEhDoW,EAAoBJ,SAAqBthE,KAAK2hE,mBAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAMruC,GAEpI,IAAIgK,EAAY,KAChB,MAAM0jD,EAAmB1hE,QAAQ4E,IAAI48D,EAAkB/8D,KAAIrC,OAASizC,UAAWssB,EAAeh7D,WAC5F,IAAKiQ,EAAKtV,aAAaqF,KAAW26D,EAAmBlW,kBAAoBx0C,EAAKC,SAAS8qD,GACrF,MAAUtgE,MAAM,uCAGlB,IACE,MAAMkhB,EAAO++C,EAAmBlW,iBAAmB7gD,EAAM1H,MAAM0H,EAAMoC,UAAWg1D,SAC1EL,EAAmBtzC,QAAQzL,EAAM5b,EAAMqN,EAC9C,CAAC,MAAOhQ,GACP4S,EAAKyE,gBAAgBrX,GACrBga,EAAYha,CACpB,MAOI,GAJA49D,EAAcN,EAAmBhW,WACjCgW,EAAmBhW,UAAY,WACzBoW,GAEDJ,EAAmBlZ,UAAYkZ,EAAmBlZ,QAAQ1mD,OAC7D,MAAMsc,GAAiB3c,MAAM,sBAG/B,MAAMwgE,EAAY,IAAIhB,GAAQS,EAAmBlZ,SAGjD,OAFAkZ,EAAmBlZ,QAAU,IAAIF,GAE1B2Z,CACX,CAeE,wBAAMJ,CAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAO,IAAIxqC,KAAQ7D,EAASqD,GAC1G,IAEI2G,EAFA8jD,EAA6B,GAGjC,GAAIX,EAAW,CACb,MAAMY,EAAejiE,KAAKsoD,QAAQW,YAAYx+C,EAAMkE,OAAOG,wBAC3D,GAA4B,IAAxBmzD,EAAargE,OACf,MAAUL,MAAM,8DAEZrB,QAAQ4E,IAAIu8D,EAAU18D,KAAIrC,eAAei1C,EAAUz1C,GACvD,IAAIwmD,EAEFA,EADExmD,QACcsmD,GAAWC,WAAW4Z,EAAal/D,QAAS89D,GAA6B3sD,GAE/E+tD,QAEN/hE,QAAQ4E,IAAIwjD,EAAQ3jD,KAAIrC,eAAe4/D,GAC3C,UACQA,EAAYh0C,QAAQqpB,GAC1ByqB,EAA2Bl/D,KAAKo/D,EACjC,CAAC,MAAOhsC,GACPpf,EAAKyE,gBAAgB2a,GACjBA,aAAe0gB,KACjB14B,EAAYgY,EAE1B,CACA,IACA,IACK,KAAM,KAAIkrC,EA8FT,MAAU7/D,MAAM,iCA9FS,CACzB,MAAM4gE,EAAeniE,KAAKsoD,QAAQW,YAAYx+C,EAAMkE,OAAOC,8BAC3D,GAA4B,IAAxBuzD,EAAavgE,OACf,MAAUL,MAAM,2DAEZrB,QAAQ4E,IAAIq9D,EAAax9D,KAAIrC,eAAe8/D,SAC1CliE,QAAQ4E,IAAIs8D,EAAez8D,KAAIrC,eAAe+/D,GAClD,IAAIC,EACJ,IAEEA,SAA8BD,EAAchE,kBAAkB+D,EAAY1U,YAAa,UAAMtrD,EAAW8R,IAASvP,KAAIgM,GAAOA,EAAI8+C,WACjI,CAAC,MAAOv5B,GAEP,YADAhY,EAAYgY,EAExB,CAEU,IAAImpC,EAAQ,CACV50D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,OAChBzC,EAAMoC,UAAUE,UAChBtC,EAAMoC,UAAUG,OAElB,IACE,MAAMosD,QAA0BiJ,EAAczM,wBAAwBrT,OAAMngD,EAAW8R,GACnFklD,EAAkB3nD,+BACpB4tD,EAAQA,EAAM76D,OAAO40D,EAAkB3nD,8BAE1C,CAAC,MAAOvN,GAAG,OAENhE,QAAQ4E,IAAIw9D,EAAqB39D,KAAIrC,eAAeigE,GACxD,IAAKA,EAAoBxS,cACvB,MAAUxuD,MAAM,oCAWlB,GAPiC2S,EAAOuB,8BACtC2sD,EAAYpe,qBAAuBv5C,EAAMsB,UAAUE,YACnDm2D,EAAYpe,qBAAuBv5C,EAAMsB,UAAUC,gBACnDo2D,EAAYpe,qBAAuBv5C,EAAMsB,UAAUG,SACnDk2D,EAAYpe,qBAAuBv5C,EAAMsB,UAAUI,SAGvB,CAW5B,MAAMq2D,EAAkBJ,EAAYr/D,cAC9B7C,QAAQ4E,KACZ28D,EACE,CAACA,GACD9hE,MAAM4gB,KAAKrM,EAAOwB,0DACpB/Q,KAAIrC,UACJ,MAAMmgE,EAAkB,IAAIhV,GAC5BgV,EAAgBpgE,KAAKmgE,GACrB,MAAMlU,EAAmB,CACvB7C,sBACAoC,WAAY1xC,GAAOizC,mBAAmB3D,IAExC,UACQgX,EAAgBv0C,QAAQq0C,EAAqBjU,GACnD0T,EAA2Bl/D,KAAK2/D,EACjC,CAAC,MAAOvsC,GAEPpf,EAAKyE,gBAAgB2a,GACrBhY,EAAYgY,CAC9B,KAGA,MACc,UACQksC,EAAYl0C,QAAQq0C,GAC1B,MAAM5C,EAAqB8B,GAA8BW,EAAY3W,oBACrE,GAAIkU,IAAuBN,EAAMngD,SAASzU,EAAM1H,MAAM0H,EAAMoC,UAAW8yD,IACrE,MAAUp+D,MAAM,iDAElBygE,EAA2Bl/D,KAAKs/D,EACjC,CAAC,MAAOlsC,GACPpf,EAAKyE,gBAAgB2a,GACrBhY,EAAYgY,CAC5B,CAEA,IACA,KACQ4rC,EAAcM,EAAY5W,WAC1B4W,EAAY5W,UAAY,IAChC,IACA,CAEA,CAEI,GAAIwW,EAA2BpgE,OAAS,EAAG,CAEzC,GAAIogE,EAA2BpgE,OAAS,EAAG,CACzC,MAAM8gE,EAAO,IAAI/sD,IACjBqsD,EAA6BA,EAA2Bz3D,QAAOo4D,IAC7D,MAAMppD,EAAIopD,EAAKlX,oBAAsB30C,EAAKmD,mBAAmB0oD,EAAK9U,YAClE,OAAI6U,EAAK1+D,IAAIuV,KAGbmpD,EAAKz+D,IAAIsV,IACF,EAAI,GAErB,CAEM,OAAOyoD,EAA2Br9D,KAAIgK,IAAW,CAC/C9H,KAAM8H,EAAOk/C,WACbtY,UAAW5mC,EAAO88C,qBAAuBhhD,EAAMpI,KAAKoI,EAAMoC,UAAW8B,EAAO88C,wBAEpF,CACI,MAAMvtC,GAAiB3c,MAAM,iCACjC,CAME,cAAAqhE,GACE,MACM9yD,EADM9P,KAAKkhE,mBACG5Y,QAAQe,WAAW5+C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQ6yC,YAAe,IAC9C,CAME,WAAAG,GACE,MACMhzC,EADM9P,KAAKkhE,mBACG5Y,QAAQe,WAAW5+C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQgzC,eAAkB,IACjD,CAME,OAAAJ,GACE,MACM5yC,EADM9P,KAAKkhE,mBACG5Y,QAAQe,WAAW5+C,EAAMkE,OAAOU,aACpD,OAAIS,EACKA,EAAQ4yC,UAEV,IACX,CAWE,+BAAa0M,CAAmByT,EAAiB,GAAItgB,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI1rD,EAASqD,GAC7F,MAAM2+B,cAAEA,EAAa4sB,SAAEA,SPlIpBxgE,eAAuC+zC,EAAO,GAAIkM,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI1rD,EAASqD,GACjG,MAAMwrD,QAAiB7iE,QAAQ4E,IAAIuxC,EAAK1xC,KAAI,CAACgM,EAAK7O,IAAM6O,EAAIilD,wBAAwBrT,EAAMqd,EAAQ99D,GAAIoS,MAKtG,GAJiBmiC,EAAKz0C,OACpBmhE,EAAS7mC,OAAM8mC,GAAWA,EAAQ1wD,UAAa0wD,EAAQ1wD,SAAS,GAAK7H,EAAM6H,SAAS0B,UACpFE,EAAOI,YAEK,CACZ,MAAM2uD,EAAqB,CAAE/sB,cAAezrC,EAAMoC,UAAUK,OAAQ41D,SAAUr4D,EAAM6D,KAAKE,KACnF00D,EAAsB,CAC1B,CAAEhtB,cAAehiC,EAAOE,4BAA6B0uD,SAAU5uD,EAAOM,wBACtE,CAAE0hC,cAAehiC,EAAOE,4BAA6B0uD,SAAUr4D,EAAM6D,KAAKE,KAC1E,CAAE0nC,cAAezrC,EAAMoC,UAAUK,OAAQ41D,SAAU5uD,EAAOM,yBAE5D,IAAK,MAAM2uD,KAAsBD,EAC/B,GAAIH,EAAS7mC,OAAM8mC,GAAWA,EAAQrwD,uBAAyBqwD,EAAQrwD,sBAAsBjO,MAC3F0+D,GAAeA,EAAY,KAAOD,EAAmBjtB,eAAiBktB,EAAY,KAAOD,EAAmBL,aAE5G,OAAOK,EAGX,OAAOF,CACX,CACE,MAAMI,EAAiB54D,EAAMoC,UAAUK,OACjCo2D,EAAiBpvD,EAAOE,4BAC9B,MAAO,CACL8hC,cAAe6sB,EAAS7mC,OAAM8mC,GAAWA,EAAQvxD,8BAAgCuxD,EAAQvxD,6BAA6ByN,SAASokD,KAC7HA,EACAD,EACFP,cAAU1gE,EAEd,COoG8CmhE,CAAwBV,EAAgBtgB,EAAMqd,EAAS1rD,GAC3FsvD,EAAoB/4D,EAAMpI,KAAKoI,EAAMoC,UAAWqpC,GAChDutB,EAAeX,EAAWr4D,EAAMpI,KAAKoI,EAAM6D,KAAMw0D,QAAY1gE,QAE7DlC,QAAQ4E,IAAI+9D,EAAel+D,KAAIgM,GAAOA,EAAIirD,mBAC7Cv7D,OAAM,IAAM,OACZwC,MAAK6gE,IACJ,GAAIA,IAAaA,EAASjU,UAAUla,YAAc9qC,EAAMsB,UAAUW,QAAUg3D,EAASjU,UAAUla,YAAc9qC,EAAMsB,UAAUY,QAC1H82D,IAAiB3sD,EAAK0H,MAAM03B,GAC7B,MAAU30C,MAAM,2MAC1B,OAKI,MAAO,CAAEsF,KADcsV,GAAOizC,mBAAmBlZ,GAClBX,UAAWiuB,EAAmBpY,cAAeqY,EAChF,CAeE,aAAM71C,CAAQi1C,EAAgBxB,EAAWxT,EAAYnK,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI1rD,EAASqD,GACtI,GAAIs2C,GACF,IAAK/2C,EAAKtV,aAAaqsD,EAAWhnD,QAAUiQ,EAAKC,SAAS82C,EAAWtY,WACnE,MAAUh0C,MAAM,4CAEb,GAAIshE,GAAkBA,EAAejhE,OAC1CisD,QAAmBkT,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMqd,EAAS1rD,OACxE,KAAImtD,IAAaA,EAAUz/D,OAGhC,MAAUL,MAAM,gDAFhBssD,QAAmBkT,GAAQ3R,wBAAmBhtD,OAAWA,OAAWA,EAAW8R,EAGrF,CAEI,MAAQrN,KAAMkoD,EAAgBxZ,UAAWssB,EAAezW,cAAewY,GAAsB/V,EAEvFziC,QAAY21C,GAAQ8C,kBAAkB9U,EAAgB8S,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMqd,EAAS1rD,GAE9JstD,EAAqBrW,GAAyC7V,WAAW,CAC7EgC,QAASssB,EAAoB,EAAI,EACjCxY,cAAewY,EAAoBn5D,EAAM1H,MAAM0H,EAAM6D,KAAMs1D,GAAqB,OAElFpC,EAAmBlZ,QAAUtoD,KAAKsoD,QAElC,MAAM/S,EAAY9qC,EAAM1H,MAAM0H,EAAMoC,UAAWg1D,GAK/C,aAJML,EAAmB5zC,QAAQ2nB,EAAWwZ,EAAgB76C,GAE5DkX,EAAIk9B,QAAQxlD,KAAK0+D,GACjBA,EAAmBlZ,QAAU,IAAIF,GAC1Bh9B,CACX,CAiBE,8BAAay4C,CAAkBhW,EAAYgU,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI1rD,EAASqD,GACzL,MAAMm8C,EAAa,IAAItL,GACjBuX,EAAqBl1D,EAAM1H,MAAM0H,EAAMoC,UAAWg1D,GAClDzW,EAAgBwY,GAAqBn5D,EAAM1H,MAAM0H,EAAM6D,KAAMs1D,GAEnE,GAAIf,EAAgB,CAClB,MAAM/E,QAAgB59D,QAAQ4E,IAAI+9D,EAAel+D,KAAIrC,eAAe0yD,EAAYlzD,GAC9E,MAAMytC,QAAsBylB,EAAW4G,iBAAiB+H,EAAiB7hE,GAAIygD,EAAMqd,EAAS1rD,GAEtF4vD,EAAgBrW,GAAmCnY,WAAW,CAClEgC,QAAS8T,EAAgB,EAAI,EAC7B0C,oBAAqBve,EAAckgB,UACnC1B,mBAAoBrK,EACpBmK,aACApC,oBAAqBkU,IAKvB,aAFMmE,EAAcl2C,QAAQ2hB,EAAckgB,kBACnCqU,EAAcjW,WACdiW,CACf,KACMpQ,EAAW5wD,QAAQg7D,EACzB,CACI,GAAIuD,EAAW,CACb,MAAM0C,EAAczhE,eAAemtD,EAAWlY,GAC5C,IAEE,aADMkY,EAAUvhC,QAAQqpB,GACjB,CACR,CAAC,MAAOrzC,GACP,OAAO,CACjB,CACO,EAEKouB,EAAM,CAAC0xC,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB5hE,eAAeurD,EAAYtY,EAAW6V,EAAe7T,GAC3E,MAAM4sB,EAA+B,IAAInV,GAA6B96C,GAQtE,GAPAiwD,EAA6BtW,WAAaA,EAC1CsW,EAA6B1Y,oBAAsBlW,EAC/C6V,IACF+Y,EAA6B/Y,cAAgBA,SAEzC+Y,EAA6Bv2C,QAAQ2pB,EAAUrjC,GAEjDA,EAAOmB,uBAAwB,CAEjC,GAA4B,WADNnV,QAAQ4E,IAAIu8D,EAAU18D,KAAIy/D,GAAOL,EAAYI,EAA8BC,OACrF96B,OAAOhX,GACjB,OAAO4xC,EAAgBrW,EAAYtY,EAAWgC,EAE1D,CAGQ,cADO4sB,EAA6BtW,WAC7BsW,CACR,EAEKrG,QAAgB59D,QAAQ4E,IAAIu8D,EAAU18D,KAAIy/D,GAAOF,EAAgBrW,EAAY8R,EAAoBvU,EAAegZ,MACtH1Q,EAAW5wD,QAAQg7D,EACzB,CAEI,OAAO,IAAIiD,GAAQrN,EACvB,CAgBE,UAAM1zB,CAAKs4B,EAAc,GAAIlD,EAAgB,GAAIvmD,EAAY,KAAMw1D,EAAgB,GAAI9hB,EAAO,IAAIxqC,KAAQusD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAI7wC,EAASqD,GAC7K,MAAMm8C,EAAa,IAAItL,GAEjBmc,EAAoBvkE,KAAKsoD,QAAQe,WAAW5+C,EAAMkE,OAAOU,aAC/D,IAAKk1D,EACH,MAAUhjE,MAAM,mCAGlB,MAAMijE,QAAyBC,GAAuBF,EAAmBjM,EAAalD,EAAevmD,EAAWw1D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAO7wC,GACnLwwD,EAA0BF,EAAiB7/D,KAC/C,CAACgjD,EAAiB7lD,IAAM2lD,GAAuBC,oBAAoBC,EAAuB,IAAN7lD,KACnF+oB,UAMH,OAJA6oC,EAAW5wD,QAAQ4hE,GACnBhR,EAAW5wD,KAAKyhE,GAChB7Q,EAAW5wD,QAAQ0hE,GAEZ,IAAIzD,GAAQrN,EACvB,CAQE,QAAA7J,CAASpnC,EAAMvO,EAASqD,GACtB,GAAIkL,IAAShY,EAAM6C,YAAYC,aAC7B,OAAOvN,KAGT,MAAM2pD,EAAa,IAAID,GAAqBx1C,GAC5Cy1C,EAAWpU,UAAY9yB,EACvBknC,EAAWrB,QAAUtoD,KAAKsoD,QAE1B,MAAMwW,EAAa,IAAI1W,GAGvB,OAFA0W,EAAWh8D,KAAK6mD,GAET,IAAIoX,GAAQjC,EACvB,CAgBE,kBAAM6F,CAAarM,EAAc,GAAIlD,EAAgB,GAAIvmD,EAAY,KAAMw1D,EAAgB,GAAIO,EAAkB,GAAIriB,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI7a,EAAY,GAAI7wC,EAASqD,GAC7K,MAAMgtD,EAAoBvkE,KAAKsoD,QAAQe,WAAW5+C,EAAMkE,OAAOU,aAC/D,IAAKk1D,EACH,MAAUhjE,MAAM,mCAElB,OAAO,IAAIkyD,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAevmD,EAAWw1D,EAAeO,EAAiBriB,EAAMqd,EAAS7a,GAAW,EAAM7wC,GAChL,CAcE,YAAMqsB,CAAOs4B,EAAkBtW,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACzD,MAAM6T,EAAMprB,KAAKkhE,mBACX2D,EAAkBz5C,EAAIk9B,QAAQW,YAAYx+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bw1D,EAAgBjjE,OAClB,MAAUL,MAAM,yDAEdygB,EAAqBoJ,EAAIk9B,QAAQtnD,SACnCoqB,EAAIk9B,QAAQxlD,cAAcmf,EAAiBmJ,EAAIk9B,QAAQtnD,QAAQ8qB,GAAKA,GAAK,MAE3E,MAAMq1C,EAAiB/1C,EAAIk9B,QAAQW,YAAYx+C,EAAMkE,OAAOI,kBAAkB8b,UACxEi6C,EAAgB15C,EAAIk9B,QAAQW,YAAYx+C,EAAMkE,OAAOE,WAC3D,OAAIsyD,EAAev/D,SAAWkjE,EAAcljE,QAAUkV,EAAK7V,SAASmqB,EAAIk9B,QAAQtnD,UAAYghB,EAAqBoJ,EAAIk9B,QAAQtnD,eACrHd,QAAQ4E,IAAIq8D,EAAex8D,KAAIrC,UACnCulD,EAAWG,iBAAmB,IAAI9nD,SAAQ,CAACC,EAASC,KAClDynD,EAAWkd,wBAA0B5kE,EACrC0nD,EAAWmd,uBAAyB5kE,CAAM,IAE5CynD,EAAW5D,cAAgB4B,GAAiBvjD,gBAAmBulD,EAAWG,kBAAkB/D,gBAC5F4D,EAAWvqB,OAASrb,QAAuB4lC,EAAWl6C,KAAKk6C,EAAW/D,cAAe+gB,EAAgB,QAAIziE,GAAW,IACpHylD,EAAWvqB,OAAOj9B,OAAM,QAAS,KAEnC+qB,EAAIk9B,QAAQtnD,OAAS4gB,EAAqBwJ,EAAIk9B,QAAQtnD,QAAQsB,MAAO4C,EAAUC,KAC7E,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,IAAK,IAAIrD,EAAI,EAAGA,EAAIq/D,EAAev/D,OAAQE,IAAK,CAC9C,MAAQS,MAAOsM,SAAoBnL,EAAOrB,OAC1C8+D,EAAer/D,GAAGijE,wBAAwBl2D,EACtD,OACgBnL,EAAOjB,kBACP9B,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,GACPi9D,EAAel/D,SAAQ4lD,IACrBA,EAAWmd,uBAAuB9gE,EAAE,UAEhCvD,EAAOuC,MAAMgB,EAC7B,KAEa+gE,GAA0B9D,EAAgB0D,EAAiBhM,EAAkBtW,GAAM,EAAOruC,IAE5F+wD,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,GAAM,EAAOruC,EACpG,CAeE,cAAAgxD,CAAer2D,EAAWgqD,EAAkBtW,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACtE,MACMstD,EADM7kE,KAAKkhE,mBACW5Y,QAAQW,YAAYx+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bw1D,EAAgBjjE,OAClB,MAAUL,MAAM,yDAGlB,OAAO0jE,GADep2D,EAAUy5C,QAAQW,YAAYx+C,EAAMkE,OAAOE,WACjBg2D,EAAiBhM,EAAkBtW,GAAM,EAAMruC,EACnG,CAME,gBAAAgtD,GACE,MAAMvX,EAAa3pD,KAAKsoD,QAAQW,YAAYx+C,EAAMkE,OAAOO,gBACzD,OAAIy6C,EAAW/nD,OACN,IAAIm/D,GAAQpX,EAAW,GAAGrB,SAE5BtoD,IACX,CAOE,qBAAMmlE,CAAgBC,EAAmBlxD,EAASqD,SAC1CvX,KAAKsoD,QAAQjmD,KACjByU,EAAKtV,aAAa4jE,GAAqBA,SAA2B/jD,EAAQ+jD,IAAoBv+D,KAC9Fi6D,GACA5sD,EAEN,CAME,KAAAnR,GACE,OAAO/C,KAAKsoD,QAAQvlD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GACb,MAAM8tD,EAAiBrlE,KAAKsoD,QAAQtoD,KAAKsoD,QAAQ1mD,OAAS,GAGpDygB,EAAegjD,EAAezlE,YAAYme,MAAQotC,GAAyCptC,IACpE,IAA3BsnD,EAAe/tB,QACft3C,KAAKsoD,QAAQ5jD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQ8lC,GAAgB9lC,KAA0B,IAAnBpP,EAAO2oC,UACvF,OAAOnkC,EAAM1I,EAAM0I,MAAMI,QAASvT,KAAK+C,QAAS,KAAM,KAAM,KAAMsf,EAAcnO,EACpF,EAqBO5R,eAAemiE,GAAuBF,EAAmBjM,EAAalD,EAAgB,GAAIvmD,EAAY,KAAMw1D,EAAgB,GAAI9hB,EAAO,IAAIxqC,KAAQusD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIta,GAAW,EAAOv2B,EAASqD,GAC/O,MAAMm8C,EAAa,IAAItL,GAGjBtE,EAA2C,OAA3BygB,EAAkBv0D,KACtCvF,EAAMoE,UAAUkB,OAAStF,EAAMoE,UAAUmB,KAa3C,SAXM9P,QAAQ4E,IAAIwzD,EAAY3zD,KAAIrC,MAAO0yD,EAAYlzD,KACnD,MAAMwjE,EAAgBhB,EAAexiE,GACrC,IAAKkzD,EAAWuD,YACd,MAAUh3D,MAAM,gCAElB,MAAMi3D,QAAmBxD,EAAWyD,cAAc4L,EAAcviE,GAAIygD,EAAM+iB,EAAepxD,GACzF,OAAOihD,GAAsBoP,EAAmBnP,EAAcxzD,OAASwzD,EAAgB,CAACJ,GAAawD,EAAW/I,UAAW,CAAE3L,iBAAiBvB,EAAM+S,EAAkBvQ,EAAWta,EAAUv2B,EAAO,KAChMrR,MAAKiiE,IACPpR,EAAW5wD,QAAQgiE,EAAc,IAG/Bj2D,EAAW,CACb,MAAM02D,EAAwB12D,EAAUy5C,QAAQW,YAAYx+C,EAAMkE,OAAOE,WACzE6kD,EAAW5wD,QAAQyiE,EACvB,CACE,OAAO7R,CACT,CAkGOpxD,eAAe2iE,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,EAAO,IAAIxqC,KAAQ0yB,GAAW,EAAOv2B,EAASqD,GAC9I,OAAOrX,QAAQ4E,IAAIggE,EAAcv6D,QAAO,SAASsE,GAC/C,MAAO,CAAC,OAAQ,UAAUqQ,SAASzU,EAAMpI,KAAKoI,EAAMoE,UAAWA,EAAUi1C,eAC7E,IAAKn/C,KAAIrC,eAAeuM,GACpB,OApFJvM,eAAwCuM,EAAWg2D,EAAiBhM,EAAkBtW,EAAO,IAAIxqC,KAAQ0yB,GAAW,EAAOv2B,EAASqD,GAClI,IAAIy9C,EACAwQ,EAEJ,IAAK,MAAM70D,KAAOkoD,EAAkB,CAClC,MAAMC,EAAanoD,EAAIooD,QAAQlqD,EAAU8C,aACzC,GAAImnD,EAAWl3D,OAAS,EAAG,CACzBozD,EAAarkD,EACb60D,EAAuB1M,EAAW,GAClC,KACN,CACA,CAEE,MACM2M,EADqB52D,aAAqB44C,GACI54C,EAAUm5C,iBAAmBn5C,EAE3E62D,EAAc,CAClBtiB,MAAOv0C,EAAU8C,YACjBygC,SAAU,WACR,IAAKozB,EACH,MAAUjkE,MAAM,0CAA0CsN,EAAU8C,YAAYw5B,eAG5Et8B,EAAU0xB,OAAOilC,EAAqB/V,UAAW5gD,EAAUi1C,cAAe+gB,EAAgB,GAAItiB,EAAM9X,EAAUv2B,GACpH,MAAMyzC,QAAwB8d,EAC9B,GAAID,EAAqBxV,kBAAoBrI,EAAgBtD,QAC3D,MAAU9iD,MAAM,mCAIlB,UACQyzD,EAAWyD,cAAc+M,EAAqBvf,WAAY0B,EAAgBtD,aAASjiD,EAAW8R,EACrG,CAAC,MAAOhQ,GAKP,IAAIgQ,EAAOqB,+CAAgDrR,EAAEqP,QAAQoM,MAAM,4CAGzE,MAAMzb,QAFA8wD,EAAWyD,cAAc+M,EAAqBvf,WAAY1D,OAAMngD,EAAW8R,EAI3F,CACM,OAAO,CACR,EA1BS,GA2BVrF,UAAW,WACT,MAAM84C,QAAwB8d,EACxB/R,EAAa,IAAItL,GAEvB,OADAT,GAAmB+L,EAAW5wD,KAAK6kD,GAC5B,IAAI8L,GAAUC,EACtB,EALU,IAeb,OAHAgS,EAAY72D,UAAUxO,OAAM,SAC5BqlE,EAAYtzB,SAAS/xC,OAAM,SAEpBqlE,CACT,CAuBWC,CAAyB92D,EAAWg2D,EAAiBhM,EAAkBtW,EAAM9X,EAAUv2B,EAClG,IACA,CAYO5R,eAAesjE,IAAYC,eAAEA,EAAcC,cAAEA,EAAe5xD,OAAAA,KAAW6/C,IAC5E7/C,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQslE,GAAkBC,EAC9B,IAAKvlE,EACH,MAAUgB,MAAM,wFAElB,GAAIskE,IAAmB/uD,EAAKC,SAAS8uD,KAAoB/uD,EAAK7V,SAAS4kE,GACrE,MAAUtkE,MAAM,kEAElB,GAAIukE,IAAkBhvD,EAAKtV,aAAaskE,KAAmBhvD,EAAK7V,SAAS6kE,GACvE,MAAUvkE,MAAM,qEAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,MAAMqjE,EAAajvD,EAAK7V,SAASV,GACjC,GAAIslE,EAAgB,CAClB,MAAM5xD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMI,QACvB,MAAUhS,MAAM,oCAElBhB,EAAQsG,CACZ,CACE,MAAM6sD,QAAmBtL,GAAWC,WAAW9nD,EAAOqgE,GAAuB1sD,GACvEX,EAAU,IAAIwtD,GAAQrN,GAE5B,OADAngD,EAAQi1C,WAAaud,EACdxyD,CACT,CAcOjR,eAAe0jE,IAAch2D,KAAEA,EAAID,OAAEA,EAAMyyC,SAAEA,EAAQD,KAAEA,EAAO,IAAIxqC,KAAMymB,OAAEA,QAAkBp8B,IAAT4N,EAAqB,OAAS,aAAa+jD,IACnI,MAAMxzD,OAAiB6B,IAAT4N,EAAqBA,EAAOD,EAC1C,QAAc3N,IAAV7B,EACF,MAAUgB,MAAM,yEAElB,GAAIyO,IAAS8G,EAAKC,SAAS/G,KAAU8G,EAAK7V,SAAS+O,GACjD,MAAUzO,MAAM,0DAElB,GAAIwO,IAAW+G,EAAKtV,aAAauO,KAAY+G,EAAK7V,SAAS8O,GACzD,MAAUxO,MAAM,gEAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,MAAMqjE,EAAajvD,EAAK7V,SAASV,GAC3BgkE,EAAoB,IAAIjiB,GAAkBC,QACnCngD,IAAT4N,EACFu0D,EAAkB9hB,QAAQliD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS0uB,IAE5D+lC,EAAkB3hB,SAASriD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS0uB,SAE9Cp8B,IAAbogD,GACF+hB,EAAkB1hB,YAAYL,GAEhC,MAAMyjB,EAAwB,IAAI7d,GAClC6d,EAAsBnjE,KAAKyhE,GAC3B,MAAMhxD,EAAU,IAAIwtD,GAAQkF,GAE5B,OADA1yD,EAAQi1C,WAAaud,EACdxyD,CACT,CCn4BA,MAAM20C,gBAA+BpxC,EAAK8G,wBAAwB,CAACimC,KAM5D,MAAMqiB,GAKX,WAAAtmE,CAAYoQ,EAAMnB,GAGhB,GADA7O,KAAKgQ,KAAO8G,EAAK0G,qBAAqBxN,GAAMsP,QAAQ,SAAU,QAC1DzQ,KAAeA,aAAqB4kD,IACtC,MAAUlyD,MAAM,2BAElBvB,KAAK6O,UAAYA,GAAa,IAAI4kD,GAAU,IAAIrL,GACpD,CAME,gBAAAuL,GACE,MAAMsN,EAAS,GAKf,OAJsBjhE,KAAK6O,UAAUy5C,QACvBrmD,SAAQ,SAAS0M,GAC7BsyD,EAAOn+D,KAAK6L,EAAOgD,YACzB,IACWsvD,CACX,CAgBE,UAAMjhC,CAAKs4B,EAAalD,EAAgB,GAAIvmD,EAAY,KAAMw1D,EAAgB,GAAI9hB,EAAO,IAAIxqC,KAAQusD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAI7wC,EAASqD,GACxK,MAAMgtD,EAAoB,IAAIjiB,GAC9BiiB,EAAkB9hB,QAAQziD,KAAKgQ,MAC/B,MAAMm2D,EAAe,IAAI1S,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAevmD,EAAWw1D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAM7wC,IAClM,OAAO,IAAIgyD,GAAiBlmE,KAAKgQ,KAAMm2D,EAC3C,CAcE,MAAA5lC,CAAO8V,EAAMkM,EAAO,IAAIxqC,KAAQ7D,EAASqD,GACvC,MAAMutD,EAAgB9kE,KAAK6O,UAAUy5C,QAAQW,YAAYx+C,EAAMkE,OAAOE,WAChE01D,EAAoB,IAAIjiB,GAG9B,OADAiiB,EAAkB9hB,QAAQziD,KAAKgQ,MACxBi1D,GAA0BH,EAAe,CAACP,GAAoBluB,EAAMkM,GAAM,EAAMruC,EAC3F,CAME,OAAAwuC,GAEE,OAAO1iD,KAAKgQ,KAAKsP,QAAQ,QAAS,KACtC,CAOE,KAAAnM,CAAMe,EAASqD,GAEb,MAAM6uD,EAAwBpmE,KAAK6O,UAAUy5C,QAAQ5jD,MAAKiK,GAA6B,IAAnBA,EAAO2oC,UAOrEp2B,EAAO,CACXvT,KAPWy4D,EACXzmE,MAAM4gB,KAAK,IAAI5K,IAAI3V,KAAK6O,UAAUy5C,QAAQ3jD,KACxCgK,GAAUlE,EAAMpI,KAAKoI,EAAMkD,KAAMgB,EAAOo1C,eAAewD,kBACrD7kD,OACJ,KAIAsN,KAAMhQ,KAAKgQ,KACXnJ,KAAM7G,KAAK6O,UAAUy5C,QAAQvlD,SAI/B,OAAOoQ,EAAM1I,EAAM0I,MAAMG,OAAQ4N,OAAM9e,OAAWA,OAAWA,EAAWgkE,EAAuBlyD,EACnG,EAYO5R,eAAe+jE,IAAqBC,iBAAEA,EAAgBpyD,OAAEA,KAAW6/C,IAExE,GADA7/C,EAAS,IAAKqD,KAAkBrD,IAC3BoyD,EACH,MAAU/kE,MAAM,gFAElB,IAAKuV,EAAKC,SAASuvD,GACjB,MAAU/kE,MAAM,mEAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,MAAMnC,QAAc8gB,EAAQilD,GAC5B,GAAI/lE,EAAM0T,OAASxJ,EAAM0I,MAAMG,OAC7B,MAAU/R,MAAM,gCAElB,MAAMmyD,QAAmBtL,GAAWC,WAAW9nD,EAAMsG,KAAMqhD,GAAgBh0C,IAY7E,SAAuB8M,EAAS0yC,GAC9B,MAAM6S,EAAiB,SAASC,GAC9B,MAAMC,EAAQ93D,GAAU8T,GAAQ9T,EAAOo1C,gBAAkBthC,EAEzD,IAAK,IAAI3gB,EAAI,EAAGA,EAAI4xD,EAAW9xD,OAAQE,IACrC,GAAI4xD,EAAW5xD,GAAGlC,YAAYme,MAAQtT,EAAMkE,OAAOE,YAAc23D,EAAU9hE,KAAK+hE,EAAM/S,EAAW5xD,KAC/F,OAAO,EAGX,OAAO,CACR,EAEK0kE,EAAY,GAoBlB,GAnBAxlD,EAAQ/e,SAAQyd,IACd,MAAMgnD,EAAahnD,EAAOC,MAAM,gBAChC,IAAI+mD,EAaF,MAAUnlE,MAAM,0DAbF,CACd,MAAMolE,EAAgBD,EAAW,GAC9BpnD,QAAQ,MAAO,IACf7B,MAAM,KACN9Y,KAAIo7B,IACH,IACE,OAAOt1B,EAAM1H,MAAM0H,EAAMkD,KAAMoyB,EAAS20B,cACzC,CAAC,MAAOxwD,GACP,MAAU3C,MAAM,2CAA6Cw+B,EAAS20B,cAClF,KAEM8R,EAAU1jE,QAAQ6jE,EACxB,CAEA,IAGMH,EAAU5kE,SAAW2kE,EAAeC,GACtC,MAAUjlE,MAAM,wDAEpB,CA9CEwf,CAAcxgB,EAAMygB,QAAS0yC,GAC7B,MAAM7kD,EAAY,IAAI4kD,GAAUC,GAChC,OAAO,IAAIwS,GAAiB3lE,EAAMyP,KAAMnB,EAC1C,CAoDOvM,eAAeskE,IAAuB52D,KAAEA,KAAS+jD,IACtD,IAAK/jD,EACH,MAAUzO,MAAM,sEAElB,IAAKuV,EAAKC,SAAS/G,GACjB,MAAUzO,MAAM,yDAElB,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,OAAO,IAAIwjE,GAAiBl2D,EAC9B,CCtKO1N,eAAei9B,IAAYqgC,QAAEA,EAAU,GAAEzoB,WAAEA,EAAUljC,KAAEA,EAAIvJ,MAAEA,EAAKwpD,QAAEA,EAAU,KAAI3iD,kBAAEA,EAAoB,EAACgxC,KAAEA,EAAO,IAAIxqC,KAAMmjD,QAAEA,EAAU,CAAC,CAAE,GAAC18B,OAAEA,EAAS,UAAWtqB,OAAAA,KAAW6/C,IACxI8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAC3BD,GAASvJ,GAIZuJ,EAAOA,GAAQ,MACfvJ,EAAQA,GAAS,qBAJjBuJ,EAAOC,EAAOQ,OAAS,aAAe,MACtChK,EAAQ,oBAKVk1D,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAuB,IAAnBk9D,EAAQh+D,SAAiBsS,EAAOQ,OAClC,MAAUnT,MAAM,oCAElB,GAAa,QAAT0S,GAAkBigD,EAAUhgD,EAAOkB,WACrC,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoB8+C,KAG3E,MAAMpuD,EAAU,CAAE85D,UAASzoB,aAAYljC,OAAMigD,UAASxpD,QAAO6G,oBAAmBgxC,OAAM2Y,WAEtF,IACE,MAAMvqD,IAAEA,EAAG4sD,sBAAEA,SHIVj7D,eAAwBwD,EAASoO,GACtCpO,EAAQk6B,MAAO,GACfl6B,EAAU64D,GAA0B74D,IAC5Bo1D,QAAUp1D,EAAQo1D,QAAQv2D,KAAI,CAACowD,EAAQ73C,IAAUyhD,GAA0B74D,EAAQo1D,QAAQh+C,GAAQpX,KAC3G,IAAImY,EAAW,CAAC8oD,GAAyBjhE,EAASoO,IAClD+J,EAAWA,EAASzZ,OAAOsB,EAAQo1D,QAAQv2D,KAAImB,GAAW84D,GAA4B94D,EAASoO,MAC/F,MAAMo0C,QAAgBpoD,QAAQ4E,IAAImZ,GAE5BtN,QAAYsuD,GAAc3W,EAAQ,GAAIA,EAAQ3lD,MAAM,GAAImD,EAASoO,GACjEqpD,QAA8B5sD,EAAI0sD,yBAAyBv3D,EAAQy8C,KAAMruC,GAE/E,OADAvD,EAAIunD,qBAAuB,GACpB,CAAEvnD,MAAK4sD,wBAChB,CGhBiDzwB,CAAShnC,EAASoO,GAG/D,OAFAvD,EAAIooD,UAAU92D,SAAQ,EAAGwtD,eAAgBkI,GAAqBlI,EAAWv7C,KAElE,CACLV,WAAYwzD,GAAar2D,EAAK6tB,EAAQtqB,GACtCnI,UAAWi7D,GAAar2D,EAAIqtD,WAAYx/B,EAAQtqB,GAChDqpD,wBAEH,CAAC,MAAOrnC,GACP,MAAMpf,EAAK6G,UAAU,2BAA4BuY,EACrD,CACA,CAkBO5zB,eAAe2kE,IAAYzzD,WAAEA,EAAUosD,QAAEA,EAAU,GAAEzoB,WAAEA,EAAU5lC,kBAAEA,EAAoB,EAACgxC,KAAEA,EAAI/jB,OAAEA,EAAS,UAAWtqB,OAAAA,KAAW6/C,IAC1F8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC0rD,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAuB,IAAnBk9D,EAAQh+D,QAAiD,IAAjC4R,EAAWi8C,UAAUnY,QAC/C,MAAU/1C,MAAM,oCAElB,MAAMuE,EAAU,CAAE0N,aAAYosD,UAASzoB,aAAY5lC,oBAAmBgxC,QAEtE,IACE,MAAQ5xC,IAAKu2D,EAAc3J,sBAAEA,SHP1Bj7D,eAAwBwD,EAASoO,GACtCpO,EAAUqhE,EAASrhE,GACnB,MAAM0N,WAAEA,GAAe1N,EAEvB,IAAK0N,EAAW+kD,YACd,MAAUh3D,MAAM,gCAGlB,GAAIiS,EAAWi8C,UAAUqC,UACvB,MAAUvwD,MAAM,2CAIlB,IADoBiS,EAAWulD,UAAU78B,OAAM,EAAGuzB,eAAgBA,EAAUM,gBAE1E,MAAUxuD,MAAM,wBAGlB,MAAMiuD,EAAkBh8C,EAAWi8C,UAE9B3pD,EAAQo1D,UACXp1D,EAAQo1D,cAAgBh7D,QAAQ4E,IAAI0O,EAAW0nD,QAAQv2D,KAAIrC,UACzD,MAAMuuD,EAAqBkE,EAAOtF,UAC5B6E,EAAe,CAAE3jD,IAAK6+C,EAAiB7rD,KAAMktD,GAC7CkJ,QACJC,GAA+BjF,EAAO8E,kBAAmBrK,EAAiB/kD,EAAMoE,UAAU4B,cAAe6jD,EAAc,KAAMpgD,GAC7H7T,OAAM,KAAO,CAAE,KACjB,MAAO,CACL2/B,KAAM+5B,EAAiB5nD,UAAa4nD,EAAiB5nD,SAAS,GAAK1H,EAAM0H,SAASU,SACnF,MAIL,MAAMqsD,EAAsB1rD,EAAW0nD,QAAQv2D,KAAIowD,GAAUA,EAAOtF,YACpE,GAAI3pD,EAAQo1D,QAAQt5D,SAAWs9D,EAAoBt9D,OACjD,MAAUL,MAAM,6DAGlBuE,EAAQo1D,QAAUp1D,EAAQo1D,QAAQv2D,KAAIm7D,GAAiBqH,EAASrH,EAAeh6D,KAE/E,MAAM6K,QAAYsuD,GAAczP,EAAiB0P,EAAqBp5D,EAASoO,GACzEqpD,QAA8B5sD,EAAI0sD,yBAAyBv3D,EAAQy8C,KAAMruC,GAE/E,OADAvD,EAAIunD,qBAAuB,GACpB,CAAEvnD,MAAK4sD,yBAEd,SAAS4J,EAASrhE,EAASyxD,EAAiB,IAK1C,OAJAzxD,EAAQyL,kBAAoBzL,EAAQyL,mBAAqBgmD,EAAehmD,kBACxEzL,EAAQqxC,WAAargC,EAAKC,SAASjR,EAAQqxC,YAAcrxC,EAAQqxC,WAAaogB,EAAepgB,WAC7FrxC,EAAQy8C,KAAOz8C,EAAQy8C,MAAQgV,EAAehV,KAEvCz8C,CACX,CACA,CG5CiEshE,CAASthE,EAASoO,GAE/E,MAAO,CACLV,WAAYwzD,GAAaE,EAAgB1oC,EAAQtqB,GACjDnI,UAAWi7D,GAAaE,EAAelJ,WAAYx/B,EAAQtqB,GAC3DqpD,wBAEH,CAAC,MAAOrnC,GACP,MAAMpf,EAAK6G,UAAU,6BAA8BuY,EACvD,CACA,CAoBO5zB,eAAe+kE,IAAU12D,IAAEA,EAAG4sD,sBAAEA,EAAqBlrD,oBAAEA,EAAmBkwC,KAAEA,EAAO,IAAIxqC,KAAMymB,OAAEA,EAAS,UAAStqB,OAAEA,KAAW6/C,IACzF8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAM8/C,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IACE,MAAM4kE,EAAa/J,QACX5sD,EAAI2sD,2BAA2BC,EAAuBhb,EAAMruC,SAC5DvD,EAAI6oD,OAAOnnD,EAAqBkwC,EAAMruC,GAE9C,OAAOozD,EAAW/O,YAAc,CAC9B/kD,WAAYwzD,GAAaM,EAAY9oC,EAAQtqB,GAC7CnI,UAAWi7D,GAAaM,EAAWtJ,WAAYx/B,EAAQtqB,IACrD,CACFV,WAAY,KACZzH,UAAWi7D,GAAaM,EAAY9oC,EAAQtqB,GAE/C,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,qBAAsBuY,EAC/C,CACA,CAYO5zB,eAAeilE,IAAW/zD,WAAEA,EAAU2jC,WAAEA,EAAYjjC,OAAAA,KAAW6/C,IAC1B8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAM8/C,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAAK8Q,EAAW+kD,YACd,MAAUh3D,MAAM,+BAElB,MAAMimE,EAAmBh0D,EAAW5Q,OAAM,GACpC6kE,EAAc3wD,EAAKrW,QAAQ02C,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMj3C,QAAQ4E,IAAI0iE,EAAiBzO,UAAUp0D,KAAIgM,GAE/CmG,EAAKkH,WAAWypD,EAAY9iE,KAAIwyC,GAAcxmC,EAAI8+C,UAAUvhC,QAAQipB,eAGhEqwB,EAAiBlV,SAASp+C,GACzBszD,CACR,CAAC,MAAOtxC,GAEP,MADAsxC,EAAiBvV,qBACXn7C,EAAK6G,UAAU,+BAAgCuY,EACzD,CACA,CAYO5zB,eAAeolE,IAAWl0D,WAAEA,EAAU2jC,WAAEA,EAAYjjC,OAAAA,KAAW6/C,IAC1B8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAM8/C,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAAK8Q,EAAW+kD,YACd,MAAUh3D,MAAM,+BAElB,MAAMimE,EAAmBh0D,EAAW5Q,OAAM,GAEpCyzC,EAAOmxB,EAAiBzO,UACxB0O,EAAc3wD,EAAKrW,QAAQ02C,GAAcA,EAAiBx3C,MAAM02C,EAAKz0C,QAAQ0lB,KAAK6vB,GACxF,GAAIswB,EAAY7lE,SAAWy0C,EAAKz0C,OAC9B,MAAUL,MAAM,0DAGlB,IAME,aALMrB,QAAQ4E,IAAIuxC,EAAK1xC,KAAIrC,MAAOqO,EAAK7O,KACrC,MAAM2tD,UAAEA,GAAc9+C,QAChB8+C,EAAU7hC,QAAQ65C,EAAY3lE,GAAIoS,GACxCu7C,EAAUwC,oBAAoB,KAEzBuV,CACR,CAAC,MAAOtxC,GAEP,MADAsxC,EAAiBvV,qBACXn7C,EAAK6G,UAAU,+BAAgCuY,EACzD,CACA,CAiCO5zB,eAAesrB,IAAQra,QAAEA,EAAOsvD,eAAEA,EAAcvK,YAAEA,EAAW+I,UAAEA,EAASxT,WAAEA,EAAUrvB,OAAEA,EAAS,UAAS3vB,UAAEA,EAAY,KAAI60C,SAAEA,GAAW,EAAK2gB,cAAEA,EAAgB,GAAEV,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAIxqC,KAAMusD,eAAEA,EAAiB,GAAEqD,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,GAAI1zD,OAAAA,KAAW6/C,IAKlS,GAJ0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC2zD,GAAat0D,GAAUu0D,GAAyBtpC,GAChDqkC,EAAiBiE,GAAQjE,GAAiBvK,EAAcwO,GAAQxO,GAAc+I,EAAYyF,GAAQzF,GAClGgD,EAAgByC,GAAQzC,GAAgBV,EAAmBmD,GAAQnD,GAAmBW,EAAiBwC,GAAQxC,GAAiBqD,EAAoBb,GAAQa,GAAoBC,EAAqBd,GAAQc,GACzM7T,EAAKtpB,SACP,MAAUlpC,MAAM,+JAElB,GAAIwyD,EAAKgU,WAAY,MAAUxmE,MAAM,gGACrC,GAAIwyD,EAAK0J,YAAa,MAAUl8D,MAAM,8FACtC,QAAmBa,IAAf2xD,EAAK5gD,MAAqB,MAAU5R,MAAM,oFAC9C,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAE3H41D,IACHA,EAAc,IAGhB,IASE,IARIA,EAAY12D,QAAUiN,KACxB0E,QAAgBA,EAAQysB,KAAKs4B,EAAauK,EAAgBh0D,EAAWw1D,EAAe9hB,EAAM+hB,EAAgBX,EAAkBiE,EAAoB1zD,IAElJX,EAAUA,EAAQs2C,eT5FfvnD,eAA2C+zC,EAAO,GAAIkM,EAAO,IAAIxqC,KAAQ6nD,EAAU,GAAI1rD,EAASqD,GACrG,MAAMk+C,EAAchrD,EAAM6C,YAAYC,aAChCmoD,EAAsBxhD,EAAOG,8BAK7B2zD,QAA0B9nE,QAAQ4E,IAAIuxC,EAAK1xC,KAAIrC,eAAeqO,EAAK7O,GACvE,MACMmmE,SAD0Bt3D,EAAIilD,wBAAwBrT,EAAMqd,EAAQ99D,GAAIoS,IACrCpC,+BACzC,QAASm2D,GAAkBA,EAAex+D,QAAQisD,IAAwB,CAC9E,KACE,OAAOsS,EAAkB9rC,MAAMqiC,SAAW7I,EAAsBD,CAClE,CSgFYyS,CAA4BrF,EAAgBtgB,EAAMolB,EAAmBzzD,GAC3EA,GAEFX,QAAgBA,EAAQqa,QAAQi1C,EAAgBxB,EAAWxT,EAAYnK,EAAUigB,EAAkBphB,EAAMolB,EAAmBzzD,GAC7G,WAAXsqB,EAAqB,OAAOjrB,EAEhC,MACM1M,EADmB,YAAX23B,EACOjrB,EAAQJ,MAAMe,GAAUX,EAAQxQ,QACrD,aAAaolE,GAActhE,EAC5B,CAAC,MAAOqvB,GACP,MAAMpf,EAAK6G,UAAU,2BAA4BuY,EACrD,CACA,CAmCO5zB,eAAe4rB,IAAQ3a,QAAEA,EAAO6tD,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWzI,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAK5pC,OAAEA,EAAS,OAAM3vB,UAAEA,EAAY,KAAI0zC,KAAEA,EAAO,IAAIxqC,YAAQ7D,KAAW6/C,IAGxL,GAF0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC2zD,GAAat0D,GAAUslD,EAAmBiO,GAAQjO,GAAmBuI,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GAAYC,EAAcwF,GAAQxF,GACjKvN,EAAK0J,YAAa,MAAUl8D,MAAM,iGACtC,GAAIwyD,EAAKgU,WAAY,MAAUxmE,MAAM,kGACrC,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IACE,MAAMopD,QAAkBv4C,EAAQ2a,QAAQkzC,EAAgBC,EAAWC,EAAa/e,EAAMruC,GACjF2kD,IACHA,EAAmB,IAGrB,MAAM92D,EAAS,CAAE,EAKjB,GAJAA,EAAOsyD,WAAaxlD,QAAkBi9C,EAAUoZ,eAAer2D,EAAWgqD,EAAkBtW,EAAMruC,SAAgB43C,EAAUvrB,OAAOs4B,EAAkBtW,EAAMruC,GAC3JnS,EAAO8E,KAAkB,WAAX23B,EAAsBstB,EAAU8W,iBAAmB9W,EAAUpJ,UAC3E3gD,EAAOygD,SAAWsJ,EAAUhJ,cAC5BulB,GAAYtmE,EAAQwR,GAChB60D,EAAc,CAChB,GAAgC,IAA5BvP,EAAiBj3D,OACnB,MAAUL,MAAM,+DAElB,GAAiC,IAA7BQ,EAAOsyD,WAAWzyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPg/C,GAAiBvjD,gBACTwU,EAAKkH,WAAWjc,EAAOsyD,WAAW1vD,KAAI+lC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADArwC,EAAO8E,WAAashE,GAAcpmE,EAAO8E,MAClC9E,CACR,CAAC,MAAOm0B,GACP,MAAMpf,EAAK6G,UAAU,2BAA4BuY,EACrD,CACA,CA4BO5zB,eAAe09B,IAAKzsB,QAAEA,EAAO+kD,YAAEA,EAAWlD,cAAEA,EAAgB,GAAE52B,OAAEA,EAAS,UAASiM,SAAEA,GAAW,EAAK45B,cAAEA,EAAgB,GAAE9hB,KAAEA,EAAO,IAAIxqC,KAAMusD,eAAEA,EAAiB,GAAEhP,iBAAEA,EAAmB,GAAEsS,mBAAEA,EAAqB,GAAE1zD,OAAEA,KAAW6/C,IAKlO,GAJ0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChCo0D,GAAwB/0D,GAAUu0D,GAAyBtpC,GAC3D85B,EAAcwO,GAAQxO,GAAc+L,EAAgByC,GAAQzC,GAAgBC,EAAiBwC,GAAQxC,GAAiBlP,EAAgB0R,GAAQ1R,GAAgBE,EAAmBwR,GAAQxR,GAAmBsS,EAAqBd,GAAQc,GAErO7T,EAAK0J,YAAa,MAAUl8D,MAAM,2FACtC,QAAmBa,IAAf2xD,EAAK5gD,MAAqB,MAAU5R,MAAM,iFAC9C,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAI6Q,aAAmB2yD,IAA+B,WAAX1nC,EAAqB,MAAUj9B,MAAM,2DAChF,GAAIgS,aAAmB2yD,IAAoBz7B,EAAU,MAAUlpC,MAAM,0CAErE,IAAK+2D,GAAsC,IAAvBA,EAAY12D,OAC9B,MAAUL,MAAM,4BAGlB,IACE,IAAIsN,EAMJ,GAJEA,EADE47B,QACgBl3B,EAAQoxD,aAAarM,EAAalD,OAAehzD,EAAWiiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoB1zD,SAEvIX,EAAQysB,KAAKs4B,EAAalD,OAAehzD,EAAWiiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoB1zD,GAEpI,WAAXsqB,EAAqB,OAAO3vB,EAYhC,OATAA,EADyB,YAAX2vB,EACM3vB,EAAUsE,MAAMe,GAAUrF,EAAU9L,QACpD0nC,IACF57B,EAAY+S,EAAqBrO,EAAQ+0C,QAAQvlD,SAAST,MAAO4C,EAAUC,WACnEjF,QAAQ4E,IAAI,CAChBqoD,EAAYt+C,EAAW1J,GACvB8c,EAAiB/c,GAAU7E,OAAM,UACjC,WAGO8nE,GAAct5D,EAC5B,CAAC,MAAOqnB,GACP,MAAMpf,EAAK6G,UAAU,wBAAyBuY,EAClD,CACA,CA8BO5zB,eAAei+B,IAAOhtB,QAAEA,EAAOslD,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAK5pC,OAAEA,EAAS,OAAM3vB,UAAEA,EAAY,KAAI0zC,KAAEA,EAAO,IAAIxqC,KAAM7D,OAAEA,KAAW6/C,IAG/I,GAF0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChCo0D,GAAwB/0D,GAAUslD,EAAmBiO,GAAQjO,GACzD9E,EAAKgU,WAAY,MAAUxmE,MAAM,iGACrC,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,GAAI6Q,aAAmB2yD,IAA+B,WAAX1nC,EAAqB,MAAUj9B,MAAM,iDAChF,GAAIgS,aAAmB2yD,IAAoBr3D,EAAW,MAAUtN,MAAM,6CAEtE,IACE,MAAMQ,EAAS,CAAE,EAQjB,GANEA,EAAOsyD,WADLxlD,QACwB0E,EAAQ2xD,eAAer2D,EAAWgqD,EAAkBtW,EAAMruC,SAE1DX,EAAQgtB,OAAOs4B,EAAkBtW,EAAMruC,GAEnEnS,EAAO8E,KAAkB,WAAX23B,EAAsBjrB,EAAQqvD,iBAAmBrvD,EAAQmvC,UACnEnvC,EAAQi1C,aAAe35C,GAAWw5D,GAAYtmE,EAAQwR,GACtD60D,EAAc,CAChB,GAAiC,IAA7BrmE,EAAOsyD,WAAWzyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPg/C,GAAiBvjD,gBACTwU,EAAKkH,WAAWjc,EAAOsyD,WAAW1vD,KAAI+lC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADArwC,EAAO8E,WAAashE,GAAcpmE,EAAO8E,MAClC9E,CACR,CAAC,MAAOm0B,GACP,MAAMpf,EAAK6G,UAAU,iCAAkCuY,EAC3D,CACA,CAoBO5zB,eAAe8sD,IAAmByT,eAAEA,EAActgB,KAAEA,EAAO,IAAIxqC,KAAM4vD,kBAAEA,EAAoB,GAAIzzD,OAAAA,KAAW6/C,IAG/G,GAF0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC2uD,EAAiBiE,GAAQjE,GAAiB8E,EAAoBb,GAAQa,GAClE5T,EAAKgU,WAAY,MAAUxmE,MAAM,2GACrC,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAEE,aAD0Bq+D,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMolB,EAAmBzzD,EAE/F,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,+BAAgCuY,EACzD,CACA,CAqBO5zB,eAAeuhE,IAAkBh9D,KAAEA,EAAI0uC,UAAEA,EAAS6V,cAAEA,EAAayX,eAAEA,EAAcxB,UAAEA,EAAS7iC,OAAEA,EAAS,UAASklB,SAAEA,GAAW,EAAKigB,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAIxqC,KAAM4vD,kBAAEA,EAAoB,GAAIzzD,OAAAA,KAAW6/C,IAItN,GAH0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAgElC,SAAqBrN,GACnB,IAAKiQ,EAAKtV,aAAaqF,GACrB,MAAUtF,MAAM,8CAEpB,CAnEEgnE,CAAY1hE,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAK6O,EAAKC,SAASlQ,GACjB,MAAUtF,MAAM,gBAAmC,2BAEvD,CA9DqBinE,CAAYjzB,EAAW,aAAcuyB,GAAyBtpC,GACjFqkC,EAAiBiE,GAAQjE,GAAiBxB,EAAYyF,GAAQzF,GAAYsC,EAAmBmD,GAAQnD,GAAmBgE,EAAoBb,GAAQa,GAChJ5T,EAAKgU,WAAY,MAAUxmE,MAAM,0GACrC,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,KAAMmgE,GAA4C,IAA1BA,EAAejhE,QAAmBy/D,GAAkC,IAArBA,EAAUz/D,QAC/E,MAAUL,MAAM,6CAGlB,IAEE,OAAOylE,SADejG,GAAQ8C,kBAAkBh9D,EAAM0uC,EAAW6V,EAAeyX,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMolB,EAAmBzzD,GACnIsqB,EAAQtqB,EACtC,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,+BAAgCuY,EACzD,CACA,CAiBO5zB,eAAeq/D,IAAmBpuD,QAAEA,EAAO6tD,eAAEA,EAAcC,UAAEA,EAAS9e,KAAEA,EAAO,IAAIxqC,KAAQ7D,OAAAA,KAAW6/C,IAG3G,GAF0C8S,GAA1C3yD,EAAS,IAAKqD,KAAkBrD,IAChC2zD,GAAat0D,GAAU6tD,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GACjFtN,EAAK0J,YAAa,MAAUl8D,MAAM,4GACtC,MAAMyyD,EAAiBl0D,OAAOu2C,KAAK0d,GAAO,GAAIC,EAAepyD,OAAS,EAAG,MAAUL,MAAM,mBAAmByyD,EAAetxD,KAAK,OAEhI,IAEE,aAD0B6Q,EAAQouD,mBAAmBP,EAAgBC,OAAWj/D,EAAWmgD,EAAMruC,EAElG,CAAC,MAAOgiB,GACP,MAAMpf,EAAK6G,UAAU,gCAAiCuY,EAC1D,CACA,CAwBA,SAAS2xC,GAAat0D,GACpB,KAAMA,aAAmBwtD,IACvB,MAAUx/D,MAAM,kDAEpB,CACA,SAAS+mE,GAAwB/0D,GAC/B,KAAMA,aAAmB2yD,IAAuB3yD,aAAmBwtD,IACjE,MAAUx/D,MAAM,sEAEpB,CACA,SAASumE,GAAyBtpC,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUj9B,MAAM,sBAAsBi9B,EAE1C,CACA,MAAMiqC,GAA0B3oE,OAAOu2C,KAAK9+B,GAAe3V,OAC3D,SAASilE,GAAY3yD,GACnB,MAAMw0D,EAAmB5oE,OAAOu2C,KAAKniC,GACrC,GAAIw0D,EAAiB9mE,SAAW6mE,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiCtmE,IAA7BmV,EAAcoxD,GAChB,MAAUpnE,MAAM,4BAA4BonE,EAIpD,CAQA,SAAS7B,GAAQ/zB,GAIf,OAHIA,IAAUj8B,EAAKrW,QAAQsyC,KACzBA,EAAQ,CAACA,IAEJA,CACT,CASAzwC,eAAe6lE,GAActhE,GAE3B,MAAmB,UADAiQ,EAAK7V,SAAS4F,GAExBob,EAAiBpb,GAEnBA,CACT,CAUA,SAASwhE,GAAYtmE,EAAQwR,GAC3BxR,EAAO8E,KAAO+a,EAAqBrO,EAAQ+0C,QAAQtnD,QAAQsB,MAAO4C,EAAUC,WACpEgoD,EAAYprD,EAAO8E,KAAM1B,EAAU,CACvCE,cAAc,IAEhB,MAAM1E,EAASmhB,EAAiB3c,GAChC,UAEQ8c,EAAiB/c,GAAU4mB,GAAKA,UAChCnrB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,IAEA,CASA,SAAS8iE,GAAa4B,EAAQpqC,EAAQtqB,GACpC,OAAQsqB,GACN,IAAK,SACH,OAAOoqC,EACT,IAAK,UACH,OAAOA,EAAOz1D,MAAMe,GACtB,IAAK,SACH,OAAO00D,EAAO7lE,QAChB,QACE,MAAUxB,MAAM,sBAAsBi9B,GAE5C","x_google_ignoreList":[0,1,2,3,12,13,14,15,28,29,52]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/openpgp.mjs b/app/node_modules/openpgp/dist/lightweight/openpgp.mjs index a6eb5717e..57dfd97ca 100644 --- a/app/node_modules/openpgp/dist/lightweight/openpgp.mjs +++ b/app/node_modules/openpgp/dist/lightweight/openpgp.mjs @@ -1,4 +1,4 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; const doneWritingPromise = Symbol('doneWritingPromise'); @@ -10,6 +10,9 @@ const readingIndex = Symbol('readingIndex'); class ArrayStream extends Array { constructor() { super(); + // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work + Object.setPrototypeOf(this, ArrayStream.prototype); + this[doneWritingPromise] = new Promise((resolve, reject) => { this[doneWritingResolve] = resolve; this[doneWritingReject] = reject; @@ -110,15 +113,14 @@ Writer.prototype.abort = async function(reason) { */ Writer.prototype.releaseLock = function() {}; -const isNode = typeof globalThis.process === 'object' && +/* eslint-disable no-prototype-builtins */ +typeof globalThis.process === 'object' && typeof globalThis.process.versions === 'object'; -const NodeReadableStream = isNode && void('stream').Readable; - /** * Check whether data is a Stream, and if so of which type * @param {Any} input data to check - * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false} + * @returns {'web'|'node'|'array'|'web-like'|false} */ function isStream(input) { if (isArrayStream(input)) { @@ -127,11 +129,11 @@ function isStream(input) { if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { return 'web'; } - if (ReadableStream && ReadableStream.prototype.isPrototypeOf(input)) { - return 'ponyfill'; - } - if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) { - return 'node'; + // try and detect a node native stream without having to import its class + if (input && + !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) && + typeof input._read === 'function' && typeof input._readableState === 'object') { + throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`'); } if (input && input.getReader) { return 'web-like'; @@ -175,99 +177,12 @@ function concatUint8Array(arrays) { return result; } -const NodeBuffer = isNode && void('buffer').Buffer; -const NodeReadableStream$1 = isNode && void('stream').Readable; - +const doneReadingSet = new WeakSet(); /** - * Web / node stream conversion functions - * From https://github.com/gwicke/node-web-streams + * The external buffer is used to store values that have been peeked or unshifted from the original stream. + * Because of how streams are implemented, such values cannot be "put back" in the original stream, + * but they need to be returned first when reading from the input again. */ - -let nodeToWeb; -let webToNode; - -if (NodeReadableStream$1) { - - /** - * Convert a Node Readable Stream to a Web ReadableStream - * @param {Readable} nodeStream - * @returns {ReadableStream} - */ - nodeToWeb = function(nodeStream) { - let canceled = false; - return new ReadableStream({ - start(controller) { - nodeStream.pause(); - nodeStream.on('data', chunk => { - if (canceled) { - return; - } - if (NodeBuffer.isBuffer(chunk)) { - chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength); - } - controller.enqueue(chunk); - nodeStream.pause(); - }); - nodeStream.on('end', () => { - if (canceled) { - return; - } - controller.close(); - }); - nodeStream.on('error', e => controller.error(e)); - }, - pull() { - nodeStream.resume(); - }, - cancel(reason) { - canceled = true; - nodeStream.destroy(reason); - } - }); - }; - - - class NodeReadable extends NodeReadableStream$1 { - constructor(webStream, options) { - super(options); - this._reader = getReader(webStream); - } - - async _read(size) { - try { - while (true) { - const { done, value } = await this._reader.read(); - if (done) { - this.push(null); - break; - } - if (!this.push(value)) { - break; - } - } - } catch (e) { - this.destroy(e); - } - } - - async _destroy(error, callback) { - this._reader.cancel(error).then(callback, callback); - } - } - - /** - * Convert a Web ReadableStream to a Node Readable Stream - * @param {ReadableStream} webStream - * @param {Object} options - * @returns {Readable} - */ - webToNode = function(webStream, options) { - return new NodeReadable(webStream, options); - }; - -} - -const doneReadingSet = new WeakSet(); const externalBuffer = Symbol('externalBuffer'); /** @@ -286,13 +201,10 @@ function Reader(input) { const reader = input.getReader(); this._read = reader.read.bind(reader); this._releaseLock = () => {}; - this._cancel = async () => {}; + this._cancel = () => {}; return; } let streamType = isStream(input); - if (streamType === 'node') { - input = nodeToWeb(input); - } if (streamType) { const reader = input.getReader(); this._read = reader.read.bind(reader); @@ -399,6 +311,7 @@ Reader.prototype.readByte = async function() { Reader.prototype.readBytes = async function(length) { const buffer = []; let bufferLength = 0; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) { @@ -458,6 +371,7 @@ Reader.prototype.unshift = function(...values) { */ Reader.prototype.readToEnd = async function(join=concat) { const result = []; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) break; @@ -466,32 +380,6 @@ Reader.prototype.readToEnd = async function(join=concat) { return join(result); }; -let { ReadableStream, WritableStream, TransformStream } = globalThis; - -let toPonyfillReadable, toNativeReadable; - -async function loadStreamsPonyfill() { - if (TransformStream) { - return; - } - - const [ponyfill, adapter] = await Promise.all([ - import('./ponyfill.es6.mjs'), - import('./web-streams-adapter.mjs') - ]); - - ({ ReadableStream, WritableStream, TransformStream } = ponyfill); - - const { createReadableStreamWrapper } = adapter; - - if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) { - toPonyfillReadable = createReadableStreamWrapper(ReadableStream); - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } -} - -const NodeBuffer$1 = isNode && void('buffer').Buffer; - /** * Convert data to Stream * @param {ReadableStream|Uint8array|String} input data to convert @@ -499,12 +387,6 @@ const NodeBuffer$1 = isNode && void('buffer').Buffer; */ function toStream(input) { let streamType = isStream(input); - if (streamType === 'node') { - return nodeToWeb(input); - } - if (streamType === 'web' && toPonyfillReadable) { - return toPonyfillReadable(input); - } if (streamType) { return input; } @@ -517,7 +399,7 @@ function toStream(input) { } /** - * Convert data to ArrayStream + * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream. * @param {Object} input data to convert * @returns {ArrayStream} Converted data */ @@ -550,9 +432,6 @@ function concat(list) { if (typeof list[0] === 'string') { return list.join(''); } - if (NodeBuffer$1 && NodeBuffer$1.isBuffer(list[0])) { - return NodeBuffer$1.concat(list); - } return concatUint8Array(list); } @@ -593,24 +472,6 @@ function concatArrayStream(list) { return result; } -/** - * Get a Reader - * @param {ReadableStream|Uint8array|String} input - * @returns {Reader} - */ -function getReader(input) { - return new Reader(input); -} - -/** - * Get a Writer - * @param {WritableStream} input - * @returns {Writer} - */ -function getWriter(input) { - return new Writer(input); -} - /** * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. * @param {ReadableStream|Uint8array|String} input @@ -647,6 +508,7 @@ async function pipe(input, target, { const reader = getReader(input); const writer = getWriter(target); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -898,6 +760,7 @@ function passiveClone(input) { const reader = getReader(readable); const writer = getWriter(writable); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -981,9 +844,8 @@ function slice(input, begin=0, end=Infinity) { if (returnValue.length >= -end) { lastBytes = slice(returnValue, end); return slice(returnValue, begin, end); - } else { - lastBytes = returnValue; } + lastBytes = returnValue; }); } console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); @@ -992,9 +854,8 @@ function slice(input, begin=0, end=Infinity) { if (input[externalBuffer]) { input = concat(input[externalBuffer].concat([input])); } - if (isUint8Array(input) && !(NodeBuffer$1 && NodeBuffer$1.isBuffer(input))) { - if (end === Infinity) end = input.length; - return input.subarray(begin, end); + if (isUint8Array(input)) { + return input.subarray(begin, end === Infinity ? input.length : end); } return input.slice(begin, end); } @@ -1026,7 +887,10 @@ async function readToEnd(input, join=concat) { async function cancel(input, reason) { if (isStream(input)) { if (input.cancel) { - return input.cancel(reason); + const cancelled = await input.cancel(reason); + // the stream is not always cancelled at this point, so we wait some more + await new Promise(setTimeout); + return cancelled; } if (input.destroy) { input.destroy(reason); @@ -1055,640 +919,156 @@ function fromAsync(fn) { return arrayStream; } -/* eslint-disable new-cap */ +/** + * Get a Reader + * @param {ReadableStream|Uint8array|String} input + * @returns {Reader} + */ +function getReader(input) { + return new Reader(input); +} /** - * @fileoverview - * BigInteger implementation of basic operations - * that wraps the native BigInt library. - * Operations are not constant time, - * but we try and limit timing leakage where we can - * @module biginteger/native - * @private + * Get a Writer + * @param {WritableStream} input + * @returns {Writer} */ +function getWriter(input) { + return new Writer(input); +} /** - * @private + * @module enums */ -class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on null or undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - if (n instanceof Uint8Array) { - const bytes = n; - const hex = new Array(bytes.length); - for (let i = 0; i < bytes.length; i++) { - const hexByte = bytes[i].toString(16); - hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte; - } - this.value = BigInt('0x0' + hex.join('')); - } else { - this.value = BigInt(n); - } - } +const byValue = Symbol('byValue'); - clone() { - return new BigInteger(this.value); - } +var enums = { - /** - * BigInteger increment in place + /** Maps curve names under various standards to one + * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} + * @enum {String} + * @readonly */ - iinc() { - this.value++; - return this; - } + curve: { + /** NIST P-256 Curve */ + 'nistP256': 'nistP256', + /** @deprecated use `nistP256` instead */ + 'p256': 'nistP256', - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } + /** NIST P-384 Curve */ + 'nistP384': 'nistP384', + /** @deprecated use `nistP384` instead */ + 'p384': 'nistP384', - /** - * BigInteger decrement in place - */ - idec() { - this.value--; - return this; - } + /** NIST P-521 Curve */ + 'nistP521': 'nistP521', + /** @deprecated use `nistP521` instead */ + 'p521': 'nistP521', - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + /** SECG SECP256k1 Curve */ + 'secp256k1': 'secp256k1', - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value += x.value; - return this; - } + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519Legacy', + /** @deprecated use `ed25519Legacy` instead */ + 'ed25519': 'ed25519Legacy', - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'curve25519Legacy': 'curve25519Legacy', + /** @deprecated use `curve25519Legacy` instead */ + 'curve25519': 'curve25519Legacy', - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value -= x.value; - return this; - } + /** BrainpoolP256r1 Curve */ + 'brainpoolP256r1': 'brainpoolP256r1', - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } + /** BrainpoolP384r1 Curve */ + 'brainpoolP384r1': 'brainpoolP384r1', - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value *= x.value; - return this; - } + /** BrainpoolP512r1 Curve */ + 'brainpoolP512r1': 'brainpoolP512r1' + }, - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. + /** A string to key specifier type + * @enum {Integer} + * @readonly */ - mul(x) { - return this.clone().imul(x); - } + s2k: { + simple: 0, + salted: 1, + iterated: 3, + argon2: 4, + gnu: 101 + }, - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} + * @enum {Integer} + * @readonly */ - imod(m) { - this.value %= m.value; - if (this.isNegative()) { - this.iadd(m); - } - return this; - } + publicKey: { + /** RSA (Encrypt or Sign) [HAC] */ + rsaEncryptSign: 1, + /** RSA (Encrypt only) [HAC] */ + rsaEncrypt: 2, + /** RSA (Sign only) [HAC] */ + rsaSign: 3, + /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ + elgamal: 16, + /** DSA (Sign only) [FIPS186] [HAC] */ + dsa: 17, + /** ECDH (Encrypt only) [RFC6637] */ + ecdh: 18, + /** ECDSA (Sign only) [RFC6637] */ + ecdsa: 19, + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) + * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ + eddsaLegacy: 22, + /** Reserved for AEDH */ + aedh: 23, + /** Reserved for AEDSA */ + aedsa: 24, + /** X25519 (Encrypt only) */ + x25519: 25, + /** X448 (Encrypt only) */ + x448: 26, + /** Ed25519 (Sign only) */ + ed25519: 27, + /** Ed448 (Sign only) */ + ed448: 28 + }, - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} + * @enum {Integer} + * @readonly */ - mod(m) { - return this.clone().imod(m); - } + symmetric: { + /** Not implemented! */ + idea: 1, + tripledes: 2, + cast5: 3, + blowfish: 4, + aes128: 7, + aes192: 8, + aes256: 9, + twofish: 10 + }, - /** - * Compute modular exponentiation using square and multiply - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} + * @enum {Integer} + * @readonly */ - modExp(e, n) { - if (n.isZero()) throw Error('Modulo cannot be zero'); - if (n.isOne()) return new BigInteger(0); - if (e.isNegative()) throw Error('Unsopported negative exponent'); - - let exp = e.value; - let x = this.value; - - x %= n.value; - let r = BigInt(1); - while (exp > BigInt(0)) { - const lsb = exp & BigInt(1); - exp >>= BigInt(1); // e / 2 - // Always compute multiplication step, to reduce timing leakage - const rx = (r * x) % n.value; - // Update r only if lsb is 1 (odd exponent) - r = lsb ? rx : r; - x = (x * x) % n.value; // Square - } - return new BigInteger(r); - } - + compression: { + uncompressed: 0, + /** RFC1951 */ + zip: 1, + /** RFC1950 */ + zlib: 2, + bzip2: 3 + }, - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - const { gcd, x } = this._egcd(n); - if (!gcd.isOne()) { - throw new Error('Inverse does not exist'); - } - return x.add(n).mod(n); - } - - /** - * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) - * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b) - * @param {BigInteger} b - Second operand - * @returns {{ gcd, x, y: BigInteger }} - */ - _egcd(b) { - let x = BigInt(0); - let y = BigInt(1); - let xPrev = BigInt(1); - let yPrev = BigInt(0); - - let a = this.value; - b = b.value; - - while (b !== BigInt(0)) { - const q = a / b; - let tmp = x; - x = xPrev - q * x; - xPrev = tmp; - - tmp = y; - y = yPrev - q * y; - yPrev = tmp; - - tmp = b; - b = a % b; - a = tmp; - } - - return { - x: new BigInteger(xPrev), - y: new BigInteger(yPrev), - gcd: new BigInteger(a) - }; - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} b - Operand - * @returns {BigInteger} gcd - */ - gcd(b) { - let a = this.value; - b = b.value; - while (b !== BigInt(0)) { - const tmp = b; - b = a % b; - a = tmp; - } - return new BigInteger(a); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value <<= x.value; - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value >>= x.value; - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value === x.value; - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value < x.value; - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value <= x.value; - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value > x.value; - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value >= x.value; - } - - isZero() { - return this.value === BigInt(0); - } - - isOne() { - return this.value === BigInt(1); - } - - isNegative() { - return this.value < BigInt(0); - } - - isEven() { - return !(this.value & BigInt(1)); - } - - abs() { - const res = this.clone(); - if (this.isNegative()) { - res.value = -res.value; - } - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - const number = Number(this.value); - if (number > Number.MAX_SAFE_INTEGER) { - // We throw and error to conform with the bn.js implementation - throw new Error('Number can only safely store up to 53 bits'); - } - return number; - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - const bit = (this.value >> BigInt(i)) & BigInt(1); - return (bit === BigInt(0)) ? 0 : 1; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - const zero = new BigInteger(0); - const one = new BigInteger(1); - const negOne = new BigInteger(-1); - - // -1n >> -1n is -1n - // 1n >> 1n is 0n - const target = this.isNegative() ? negOne : zero; - let bitlen = 1; - const tmp = this.clone(); - while (!tmp.irightShift(one).equal(target)) { - bitlen++; - } - return bitlen; - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - const zero = new BigInteger(0); - const negOne = new BigInteger(-1); - - const target = this.isNegative() ? negOne : zero; - const eight = new BigInteger(8); - let len = 1; - const tmp = this.clone(); - while (!tmp.irightShift(eight).equal(target)) { - len++; - } - return len; - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) - // this is faster than shift+mod iterations - let hex = this.value.toString(16); - if (hex.length % 2 === 1) { - hex = '0' + hex; - } - - const rawLength = hex.length / 2; - const bytes = new Uint8Array(length || rawLength); - // parse hex - const offset = length ? (length - rawLength) : 0; - let i = 0; - while (i < rawLength) { - bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); - i++; - } - - if (endian !== 'be') { - bytes.reverse(); - } - - return bytes; - } -} - -const detectBigInt = () => typeof BigInt !== 'undefined'; - -async function getBigInteger() { - if (detectBigInt()) { - return BigInteger; - } else { - const { default: BigInteger } = await import('./bn.interface.mjs'); - return BigInteger; - } -} - -/** - * @module enums - */ - -const byValue = Symbol('byValue'); - -var enums = { - - /** Maps curve names under various standards to one - * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} - * @enum {String} - * @readonly - */ - curve: { - /** NIST P-256 Curve */ - 'p256': 'p256', - 'P-256': 'p256', - 'secp256r1': 'p256', - 'prime256v1': 'p256', - '1.2.840.10045.3.1.7': 'p256', - '2a8648ce3d030107': 'p256', - '2A8648CE3D030107': 'p256', - - /** NIST P-384 Curve */ - 'p384': 'p384', - 'P-384': 'p384', - 'secp384r1': 'p384', - '1.3.132.0.34': 'p384', - '2b81040022': 'p384', - '2B81040022': 'p384', - - /** NIST P-521 Curve */ - 'p521': 'p521', - 'P-521': 'p521', - 'secp521r1': 'p521', - '1.3.132.0.35': 'p521', - '2b81040023': 'p521', - '2B81040023': 'p521', - - /** SECG SECP256k1 Curve */ - 'secp256k1': 'secp256k1', - '1.3.132.0.10': 'secp256k1', - '2b8104000a': 'secp256k1', - '2B8104000A': 'secp256k1', - - /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ - 'ed25519Legacy': 'ed25519', - 'ED25519': 'ed25519', - /** @deprecated use `ed25519Legacy` instead */ - 'ed25519': 'ed25519', - 'Ed25519': 'ed25519', - '1.3.6.1.4.1.11591.15.1': 'ed25519', - '2b06010401da470f01': 'ed25519', - '2B06010401DA470F01': 'ed25519', - - /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ - 'curve25519Legacy': 'curve25519', - 'X25519': 'curve25519', - 'cv25519': 'curve25519', - /** @deprecated use `curve25519Legacy` instead */ - 'curve25519': 'curve25519', - 'Curve25519': 'curve25519', - '1.3.6.1.4.1.3029.1.5.1': 'curve25519', - '2b060104019755010501': 'curve25519', - '2B060104019755010501': 'curve25519', - - /** BrainpoolP256r1 Curve */ - 'brainpoolP256r1': 'brainpoolP256r1', - '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1', - '2b2403030208010107': 'brainpoolP256r1', - '2B2403030208010107': 'brainpoolP256r1', - - /** BrainpoolP384r1 Curve */ - 'brainpoolP384r1': 'brainpoolP384r1', - '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1', - '2b240303020801010b': 'brainpoolP384r1', - '2B240303020801010B': 'brainpoolP384r1', - - /** BrainpoolP512r1 Curve */ - 'brainpoolP512r1': 'brainpoolP512r1', - '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1', - '2b240303020801010d': 'brainpoolP512r1', - '2B240303020801010D': 'brainpoolP512r1' - }, - - /** A string to key specifier type - * @enum {Integer} - * @readonly - */ - s2k: { - simple: 0, - salted: 1, - iterated: 3, - gnu: 101 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} - * @enum {Integer} - * @readonly - */ - publicKey: { - /** RSA (Encrypt or Sign) [HAC] */ - rsaEncryptSign: 1, - /** RSA (Encrypt only) [HAC] */ - rsaEncrypt: 2, - /** RSA (Sign only) [HAC] */ - rsaSign: 3, - /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ - elgamal: 16, - /** DSA (Sign only) [FIPS186] [HAC] */ - dsa: 17, - /** ECDH (Encrypt only) [RFC6637] */ - ecdh: 18, - /** ECDSA (Sign only) [RFC6637] */ - ecdsa: 19, - /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) - * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility - /** @deprecated use `eddsaLegacy` instead */ - ed25519Legacy: 22, - /** @deprecated use `eddsaLegacy` instead */ - eddsa: 22, - /** Reserved for AEDH */ - aedh: 23, - /** Reserved for AEDSA */ - aedsa: 24, - /** X25519 (Encrypt only) */ - x25519: 25, - /** X448 (Encrypt only) */ - x448: 26, - /** Ed25519 (Sign only) */ - ed25519: 27, - /** Ed448 (Sign only) */ - ed448: 28 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} - * @enum {Integer} - * @readonly - */ - symmetric: { - plaintext: 0, - /** Not implemented! */ - idea: 1, - tripledes: 2, - cast5: 3, - blowfish: 4, - aes128: 7, - aes192: 8, - aes256: 9, - twofish: 10 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} - * @enum {Integer} - * @readonly - */ - compression: { - uncompressed: 0, - /** RFC1951 */ - zip: 1, - /** RFC1950 */ - zlib: 2, - bzip2: 3 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} - * @enum {Integer} - * @readonly + /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} + * @enum {Integer} + * @readonly */ hash: { md5: 1, @@ -1697,7 +1077,9 @@ var enums = { sha256: 8, sha384: 9, sha512: 10, - sha224: 11 + sha224: 11, + sha3_256: 12, + sha3_512: 14 }, /** A list of hash names as accepted by webCrypto functions. @@ -1718,6 +1100,7 @@ var enums = { aead: { eax: 1, ocb: 2, + gcm: 3, experimentalGCM: 100 // Private algorithm }, @@ -1743,7 +1126,8 @@ var enums = { userAttribute: 17, symEncryptedIntegrityProtectedData: 18, modificationDetectionCode: 19, - aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + padding: 21 }, /** Data types in the literal packet @@ -1899,7 +1283,7 @@ var enums = { placeholderBackwardsCompatibility: 10, preferredSymmetricAlgorithms: 11, revocationKey: 12, - issuer: 16, + issuerKeyID: 16, notationData: 20, preferredHashAlgorithms: 21, preferredCompressionAlgorithms: 22, @@ -1914,7 +1298,8 @@ var enums = { signatureTarget: 31, embeddedSignature: 32, issuerFingerprint: 33, - preferredAEADAlgorithms: 34 + preferredAEADAlgorithms: 34, + preferredCipherSuites: 39 }, /** Key flags @@ -1983,7 +1368,8 @@ var enums = { aead: 2, /** 0x04 - Version 5 Public-Key Packet format and corresponding new * fingerprint format */ - v5Keys: 4 + v5Keys: 4, + seipdv2: 8 }, /** @@ -2029,9 +1415,322 @@ var enums = { }; // GPG4Browsers - An OpenPGP implementation in javascript - -const debugMode = (() => { - try { +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +var config = { + /** + * @memberof module:config + * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} + */ + preferredHashAlgorithm: enums.hash.sha512, + /** + * @memberof module:config + * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} + */ + preferredSymmetricAlgorithm: enums.symmetric.aes256, + /** + * @memberof module:config + * @property {Integer} compression Default compression algorithm {@link module:enums.compression} + */ + preferredCompressionAlgorithm: enums.compression.uncompressed, + /** + * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. + * This option is applicable to: + * - key generation (encryption key preferences), + * - password-based message encryption, and + * - private key encryption. + * In the case of message encryption using public keys, the encryption key preferences are respected instead. + * Note: not all OpenPGP implementations are compatible with this option. + * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10} + * @memberof module:config + * @property {Boolean} aeadProtect + */ + aeadProtect: false, + /** + * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`) + * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`, + * this option must be set, otherwise key parsing and/or key decryption will fail. + * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys + * will be processed incorrectly. + */ + parseAEADEncryptedV4KeysAsLegacy: false, + /** + * Default Authenticated Encryption with Additional Data (AEAD) encryption mode + * Only has an effect when aeadProtect is set to true. + * @memberof module:config + * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} + */ + preferredAEADAlgorithm: enums.aead.gcm, + /** + * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode + * Only has an effect when aeadProtect is set to true. + * Must be an integer value from 0 to 56. + * @memberof module:config + * @property {Integer} aeadChunkSizeByte + */ + aeadChunkSizeByte: 12, + /** + * Use v6 keys. + * Note: not all OpenPGP implementations are compatible with this option. + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v6Keys + */ + v6Keys: false, + /** + * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet). + * These are non-standard entities, which in the crypto-refresh have been superseded + * by v6 keys and v6 signatures, respectively. + * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries, + * hence parsing them might be necessary in some cases. + */ + enableParsingV5Entities: false, + /** + * S2K (String to Key) type, used for key derivation in the context of secret key encryption + * and password-encrypted data. Weaker s2k options are not allowed. + * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it + * (pending standardisation). + * @memberof module:config + * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k} + */ + s2kType: enums.s2k.iterated, + /** + * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}: + * Iteration Count Byte for Iterated and Salted S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`. + * Note: this is the exponent value, not the final number of iterations (refer to specs for more details). + * @memberof module:config + * @property {Integer} s2kIterationCountByte + */ + s2kIterationCountByte: 224, + /** + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}: + * Argon2 parameters for S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`. + * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"), + * to ensure compatibility with memory-constrained environments. + * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. + * @memberof module:config + * @property {Object} params + * @property {Integer} params.passes - number of iterations t + * @property {Integer} params.parallelism - degree of parallelism p + * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes. + */ + s2kArgon2Params: { + passes: 3, + parallelism: 4, // lanes + memoryExponent: 16 // 64 MiB of RAM + }, + /** + * Allow decryption of messages without integrity protection. + * This is an **insecure** setting: + * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. + * - it enables downgrade attacks against integrity-protected messages. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedMessages + */ + allowUnauthenticatedMessages: false, + /** + * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to + * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible + * and deferring checking their integrity until the decrypted stream has been read in full. + * + * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity: + * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL + * (see https://efail.de/). + * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data. + * + * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedStream + */ + allowUnauthenticatedStream: false, + /** + * Minimum RSA key size allowed for key generation and message signing, verification and encryption. + * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. + * @memberof module:config + * @property {Number} minRSABits + */ + minRSABits: 2047, + /** + * Work-around for rare GPG decryption bug when encrypting with multiple passwords. + * **Slower and slightly less secure** + * @memberof module:config + * @property {Boolean} passwordCollisionCheck + */ + passwordCollisionCheck: false, + /** + * Allow decryption using RSA keys without `encrypt` flag. + * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug + * where key flags were ignored when selecting a key for encryption. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureDecryptionWithSigningKeys: false, + /** + * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. + * Instead, a verification key will also be consider valid as long as it is valid at the current time. + * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, + * and have self-signature's creation date that does not match the primary key creation date. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureVerificationWithReformattedKeys: false, + /** + * Allow using keys that do not have any key flags set. + * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages + * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29). + * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation. + * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm. + */ + allowMissingKeyFlags: false, + /** + * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). + * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: + * - new/incoming messages are automatically decrypted (without user interaction); + * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). + * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. + * @memberof module:config + * @property {Boolean} constantTimePKCS1Decryption + */ + constantTimePKCS1Decryption: false, + /** + * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. + * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. + * However, the more algorithms are added, the slower the decryption procedure becomes. + * @memberof module:config + * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} + */ + constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), + /** + * @memberof module:config + * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error + */ + ignoreUnsupportedPackets: true, + /** + * @memberof module:config + * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error + */ + ignoreMalformedPackets: false, + /** + * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only + * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable + * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). + * @memberof module:config + * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] + */ + additionalAllowedPackets: [], + /** + * @memberof module:config + * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages + */ + showVersion: false, + /** + * @memberof module:config + * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages + */ + showComment: false, + /** + * @memberof module:config + * @property {String} versionString A version string to be included in armored messages + */ + versionString: 'OpenPGP.js 6.0.0', + /** + * @memberof module:config + * @property {String} commentString A comment string to be included in armored messages + */ + commentString: 'https://openpgpjs.org', + + /** + * Max userID string length (used for parsing) + * @memberof module:config + * @property {Integer} maxUserIDLength + */ + maxUserIDLength: 1024 * 5, + /** + * Contains notatations that are considered "known". Known notations do not trigger + * validation error when the notation is marked as critical. + * @memberof module:config + * @property {Array} knownNotations + */ + knownNotations: [], + /** + * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design). + * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur + * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of + * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. + * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. + */ + nonDeterministicSignaturesViaNotation: true, + /** + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. + * When false, certain standard curves will not be supported (depending on the platform). + * @memberof module:config + * @property {Boolean} useEllipticFallback + */ + useEllipticFallback: true, + /** + * Reject insecure hash algorithms + * @memberof module:config + * @property {Set} rejectHashAlgorithms {@link module:enums.hash} + */ + rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), + /** + * Reject insecure message hash algorithms + * @memberof module:config + * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} + */ + rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), + /** + * Reject insecure public key algorithms for key generation and message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} + */ + rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), + /** + * Reject non-standard curves for key generation, message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectCurves {@link module:enums.curve} + */ + rejectCurves: new Set([enums.curve.secp256k1]) +}; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +const createRequire = () => () => {}; // Must be stripped in browser built + +const debugMode = (() => { + try { return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env } catch (e) {} return false; @@ -2042,6 +1741,8 @@ const util = { return typeof data === 'string' || data instanceof String; }, + nodeRequire: createRequire(), + isArray: function(data) { return data instanceof Array; }, @@ -2050,6 +1751,35 @@ const util = { isStream: isStream, + /** + * Load noble-curves lib on demand and return the requested curve function + * @param {enums.publicKey} publicKeyAlgo + * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA) + * @returns curve implementation + * @throws on unrecognized curve, or curve not implemented by noble-curve + */ + getNobleCurve: async (publicKeyAlgo, curveName) => { + if (!config.useEllipticFallback) { + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } + + const { nobleCurves } = await import('./noble_curves.mjs'); + switch (publicKeyAlgo) { + case enums.publicKey.ecdh: + case enums.publicKey.ecdsa: { + const curve = nobleCurves.get(curveName); + if (!curve) throw new Error('Unsupported curve'); + return curve; + } + case enums.publicKey.x448: + return nobleCurves.get('x448'); + case enums.publicKey.ed448: + return nobleCurves.get('ed448'); + default: + throw new Error('Unsupported curve'); + } + }, + readNumber: function (bytes) { let n = 0; for (let i = 0; i < bytes.length; i++) { @@ -2091,7 +1821,26 @@ const util = { readMPI: function (bytes) { const bits = (bytes[0] << 8) | bytes[1]; const bytelen = (bits + 7) >>> 3; - return bytes.subarray(2, 2 + bytelen); + // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures, + // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed + // has not been authenticated (yet). + // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues. + // Also, AEAD is also not affected. + return util.readExactSubarray(bytes, 2, 2 + bytelen); + }, + + /** + * Read exactly `end - start` bytes from input. + * This is a stricter version of `.subarray`. + * @param {Uint8Array} input - Input data to parse + * @returns {Uint8Array} subarray of size always equal to `end - start` + * @throws if the input array is too short. + */ + readExactSubarray: function (input, start, end) { + if (input.length < (end - start)) { + throw new Error('Input array too short'); + } + return input.subarray(start, end); }, /** @@ -2101,6 +1850,9 @@ const util = { * @returns {Uint8Array} Padded bytes. */ leftPad(bytes, length) { + if (bytes.length > length) { + throw new Error('Input array too long'); + } const padded = new Uint8Array(length); const offset = length - bytes.length; padded.set(bytes, offset); @@ -2156,18 +1908,10 @@ const util = { * @returns {String} Hexadecimal representation of the array. */ uint8ArrayToHex: function (bytes) { - const r = []; - const e = bytes.length; - let c = 0; - let h; - while (c < e) { - h = bytes[c++].toString(16); - while (h.length < 2) { - h = '0' + h; - } - r.push('' + h); - } - return r.join(''); + const hexAlphabet = '0123456789abcdef'; + let s = ''; + bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; }); + return s; }, /** @@ -2378,32 +2122,30 @@ const util = { }, /** - * Get native Web Cryptography api, only the current version of the spec. - * @returns {Object} The SubtleCrypto api or 'undefined'. + * Get native Web Cryptography API. + * @returns {Object} The SubtleCrypto API + * @throws if the API is not available */ getWebCrypto: function() { - return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + // Fallback for Node 16, which does not expose WebCrypto as a global + const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle; + if (!webCrypto) { + throw new Error('The WebCrypto API is not available'); + } + return webCrypto; }, - /** - * Get BigInteger class - * It wraps the native BigInt type if it's available - * Otherwise it relies on bn.js - * @returns {BigInteger} - * @async - */ - getBigInteger, - /** * Get native Node.js crypto api. * @returns {Object} The crypto module or 'undefined'. */ getNodeCrypto: function() { - return void('crypto'); + return this.nodeRequire('crypto'); }, getNodeZlib: function() { - return void('zlib'); + return this.nodeRequire('zlib'); }, /** @@ -2412,7 +2154,7 @@ const util = { * @returns {Function} The Buffer constructor or 'undefined'. */ getNodeBuffer: function() { - return ({}).Buffer; + return (this.nodeRequire('buffer') || {}).Buffer; }, getHardwareConcurrency: function() { @@ -2420,15 +2162,24 @@ const util = { return navigator.hardwareConcurrency || 1; } - const os = void('os'); // Assume we're on Node.js. + const os = this.nodeRequire('os'); // Assume we're on Node.js. return os.cpus().length; }, + /** + * Test email format to ensure basic compliance: + * - must include a single @ + * - no control or space unicode chars allowed + * - no backslash and square brackets (as the latter can mess with the userID parsing) + * - cannot end with a punctuation char + * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation, + * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)). + */ isEmailAddress: function(data) { if (!util.isString(data)) { return false; } - const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/; + const re = /^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u; return re.test(data); }, @@ -2631,14 +2382,15 @@ const util = { * provided with the application or distribution. */ -const Buffer = util.getNodeBuffer(); + +const Buffer$2 = util.getNodeBuffer(); let encodeChunk; let decodeChunk; -if (Buffer) { - encodeChunk = buf => Buffer.from(buf).toString('base64'); +if (Buffer$2) { + encodeChunk = buf => Buffer$2.from(buf).toString('base64'); decodeChunk = str => { - const b = Buffer.from(str, 'base64'); + const b = Buffer$2.from(str, 'base64'); return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); }; } else { @@ -2652,7 +2404,7 @@ if (Buffer) { * @returns {String | ReadableStream} Radix-64 version of input string. * @static */ -function encode(data) { +function encode$1(data) { let buf = new Uint8Array(); return transform(data, value => { buf = util.concatUint8Array([buf, value]); @@ -2676,7 +2428,7 @@ function encode(data) { * @returns {Uint8Array | ReadableStream} Binary array version of input string. * @static */ -function decode(data) { +function decode$1(data) { let buf = ''; return transform(data, value => { buf += value; @@ -2712,7 +2464,7 @@ function decode(data) { * @returns {Uint8Array} An array of 8-bit integers. */ function b64ToUint8Array(base64) { - return decode(base64.replace(/-/g, '+').replace(/_/g, '/')); + return decode$1(base64.replace(/-/g, '+').replace(/_/g, '/')); } /** @@ -2722,248 +2474,30 @@ function b64ToUint8Array(base64) { * @returns {String} Base-64 encoded string. */ function uint8ArrayToB64(bytes, url) { - let encoded = encode(bytes).replace(/[\r\n]/g, ''); - if (url) { + let encoded = encode$1(bytes).replace(/[\r\n]/g, ''); + { encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); } return encoded; } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -var config = { - /** - * @memberof module:config - * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} - */ - preferredHashAlgorithm: enums.hash.sha256, - /** - * @memberof module:config - * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} - */ - preferredSymmetricAlgorithm: enums.symmetric.aes256, - /** - * @memberof module:config - * @property {Integer} compression Default compression algorithm {@link module:enums.compression} - */ - preferredCompressionAlgorithm: enums.compression.uncompressed, - /** - * @memberof module:config - * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9 - */ - deflateLevel: 6, - - /** - * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07} - * @memberof module:config - * @property {Boolean} aeadProtect - */ - aeadProtect: false, - /** - * Default Authenticated Encryption with Additional Data (AEAD) encryption mode - * Only has an effect when aeadProtect is set to true. - * @memberof module:config - * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} - */ - preferredAEADAlgorithm: enums.aead.eax, - /** - * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode - * Only has an effect when aeadProtect is set to true. - * Must be an integer value from 0 to 56. - * @memberof module:config - * @property {Integer} aeadChunkSizeByte - */ - aeadChunkSizeByte: 12, - /** - * Use V5 keys. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @memberof module:config - * @property {Boolean} v5Keys - */ - v5Keys: false, - /** - * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: - * Iteration Count Byte for S2K (String to Key) - * @memberof module:config - * @property {Integer} s2kIterationCountByte - */ - s2kIterationCountByte: 224, - /** - * Allow decryption of messages without integrity protection. - * This is an **insecure** setting: - * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. - * - it enables downgrade attacks against integrity-protected messages. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedMessages - */ - allowUnauthenticatedMessages: false, - /** - * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to - * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible - * and deferring checking their integrity until the decrypted stream has been read in full. - * - * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedStream - */ - allowUnauthenticatedStream: false, - /** - * @memberof module:config - * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum - */ - checksumRequired: false, - /** - * Minimum RSA key size allowed for key generation and message signing, verification and encryption. - * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. - * @memberof module:config - * @property {Number} minRSABits - */ - minRSABits: 2047, - /** - * Work-around for rare GPG decryption bug when encrypting with multiple passwords. - * **Slower and slightly less secure** - * @memberof module:config - * @property {Boolean} passwordCollisionCheck - */ - passwordCollisionCheck: false, - /** - * @memberof module:config - * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored - */ - revocationsExpire: false, - /** - * Allow decryption using RSA keys without `encrypt` flag. - * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug - * where key flags were ignored when selecting a key for encryption. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureDecryptionWithSigningKeys: false, - /** - * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. - * Instead, a verification key will also be consider valid as long as it is valid at the current time. - * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, - * and have self-signature's creation date that does not match the primary key creation date. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureVerificationWithReformattedKeys: false, - - /** - * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). - * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: - * - new/incoming messages are automatically decrypted (without user interaction); - * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). - * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. - * @memberof module:config - * @property {Boolean} constantTimePKCS1Decryption - */ - constantTimePKCS1Decryption: false, - /** - * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. - * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. - * However, the more algorithms are added, the slower the decryption procedure becomes. - * @memberof module:config - * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} - */ - constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), - - /** - * @memberof module:config - * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available - */ - minBytesForWebCrypto: 1000, - /** - * @memberof module:config - * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error - */ - ignoreUnsupportedPackets: true, - /** - * @memberof module:config - * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error - */ - ignoreMalformedPackets: false, - /** - * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only - * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable - * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). - * @memberof module:config - * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] - */ - additionalAllowedPackets: [], - /** - * @memberof module:config - * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages - */ - showVersion: false, - /** - * @memberof module:config - * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages - */ - showComment: false, - /** - * @memberof module:config - * @property {String} versionString A version string to be included in armored messages - */ - versionString: 'OpenPGP.js 5.11.2', - /** - * @memberof module:config - * @property {String} commentString A comment string to be included in armored messages - */ - commentString: 'https://openpgpjs.org', - - /** - * Max userID string length (used for parsing) - * @memberof module:config - * @property {Integer} maxUserIDLength - */ - maxUserIDLength: 1024 * 5, - /** - * Contains notatations that are considered "known". Known notations do not trigger - * validation error when the notation is marked as critical. - * @memberof module:config - * @property {Array} knownNotations - */ - knownNotations: [], - /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. - * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. - * @memberof module:config - * @property {Boolean} useIndutnyElliptic - */ - useIndutnyElliptic: true, - /** - * Reject insecure hash algorithms - * @memberof module:config - * @property {Set} rejectHashAlgorithms {@link module:enums.hash} - */ - rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), - /** - * Reject insecure message hash algorithms - * @memberof module:config - * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} - */ - rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), - /** - * Reject insecure public key algorithms for key generation and message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} - */ - rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), - /** - * Reject non-standard curves for key generation, message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectCurves {@link module:enums.curve} - */ - rejectCurves: new Set([enums.curve.secp256k1]) -}; - -// GPG4Browsers - An OpenPGP implementation in javascript /** * Finds out which Ascii Armoring type is used. Throws error if unknown type. @@ -2991,33 +2525,33 @@ function getType(text) { // parts, and this is the Xth part out of Y. if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { return enums.armor.multipartSection; - } else + } // BEGIN PGP MESSAGE, PART X // Used for multi-part messages, where this is the Xth part of an // unspecified number of parts. Requires the MESSAGE-ID Armor // Header to be used. if (/MESSAGE, PART \d+/.test(header[1])) { return enums.armor.multipartLast; - } else + } // BEGIN PGP SIGNED MESSAGE if (/SIGNED MESSAGE/.test(header[1])) { return enums.armor.signed; - } else + } // BEGIN PGP MESSAGE // Used for signed, encrypted, or compressed files. if (/MESSAGE/.test(header[1])) { return enums.armor.message; - } else + } // BEGIN PGP PUBLIC KEY BLOCK // Used for armoring public keys. if (/PUBLIC KEY BLOCK/.test(header[1])) { return enums.armor.publicKey; - } else + } // BEGIN PGP PRIVATE KEY BLOCK // Used for armoring private keys. if (/PRIVATE KEY BLOCK/.test(header[1])) { return enums.armor.privateKey; - } else + } // BEGIN PGP SIGNATURE // Used for detached signatures, OpenPGP/MIME signatures, and // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE @@ -3051,7 +2585,6 @@ function addheader(customComment, config) { return result; } - /** * Calculates a checksum over the given data and returns it base64 encoded * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for @@ -3060,7 +2593,7 @@ function addheader(customComment, config) { */ function getCheckSum(data) { const crc = createcrc24(data); - return encode(crc); + return encode$1(crc); } // https://create.stephan-brumme.com/crc32/#slicing-by-8-overview @@ -3133,7 +2666,7 @@ function createcrc24(input) { * @private * @param {Array} headers - Armor headers */ -function verifyHeaders(headers) { +function verifyHeaders$1(headers) { for (let i = 0; i < headers.length; i++) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); @@ -3145,24 +2678,21 @@ function verifyHeaders(headers) { } /** - * Splits a message into two parts, the body and the checksum. This is an internal function - * @param {String} text - OpenPGP armored message part - * @returns {Object} An object with attribute "body" containing the body. - * and an attribute "checksum" containing the checksum. + * Remove the (optional) checksum from an armored message. + * @param {String} text - OpenPGP armored message + * @returns {String} The body of the armored message. * @private */ -function splitChecksum(text) { +function removeChecksum(text) { let body = text; - let checksum = ''; const lastEquals = text.lastIndexOf('='); if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum body = text.slice(0, lastEquals); - checksum = text.slice(lastEquals + 1).substr(0, 4); } - return { body: body, checksum: checksum }; + return body; } /** @@ -3174,7 +2704,7 @@ function splitChecksum(text) { * @async * @static */ -function unarmor(input, config$1 = config) { +function unarmor(input) { // eslint-disable-next-line no-async-promise-executor return new Promise(async (resolve, reject) => { try { @@ -3187,8 +2717,7 @@ function unarmor(input, config$1 = config) { let headersDone; let text = []; let textDone; - let checksum; - let data = decode(transformPair(input, async (readable, writable) => { + const data = decode$1(transformPair(input, async (readable, writable) => { const reader = getReader(readable); try { while (true) { @@ -3209,21 +2738,21 @@ function unarmor(input, config$1 = config) { if (!reEmptyLine.test(line)) { lastHeaders.push(line); } else { - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); headersDone = true; - if (textDone || type !== 2) { + if (textDone || type !== enums.armor.signed) { resolve({ text, data, headers, type }); break; } } - } else if (!textDone && type === 2) { + } else if (!textDone && type === enums.armor.signed) { if (!reSplit.test(line)) { // Reverse dash-escaping for msg text.push(line.replace(/^- /, '')); } else { text = text.join('\r\n'); textDone = true; - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); lastHeaders = []; headersDone = false; } @@ -3253,9 +2782,8 @@ function unarmor(input, config$1 = config) { if (parts.length === 1) { throw new Error('Misformed armored text'); } - const split = splitChecksum(parts[0].slice(0, -1)); - checksum = split.checksum; - await writer.write(split.body); + const body = removeChecksum(parts[0].slice(0, -1)); + await writer.write(body); break; } } @@ -3265,24 +2793,6 @@ function unarmor(input, config$1 = config) { await writer.abort(e); } })); - data = transformPair(data, async (readable, writable) => { - const checksumVerified = readToEnd(getCheckSum(passiveClone(readable))); - checksumVerified.catch(() => {}); - await pipe(readable, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - const checksumVerifiedString = (await checksumVerified).replace('\n', ''); - if (checksum !== checksumVerifiedString && (checksum || config$1.checksumRequired)) { - throw new Error('Ascii armor integrity check failed'); - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); } catch (e) { reject(e); } @@ -3302,10 +2812,13 @@ function unarmor(input, config$1 = config) { * @param {Integer} [partIndex] * @param {Integer} [partTotal] * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {String | ReadableStream} Armored text. * @static */ -function armor(messageType, body, partIndex, partTotal, customComment, config$1 = config) { +function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config$1 = config) { let text; let hash; if (messageType === enums.armor.signed) { @@ -3313,59 +2826,62 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 hash = body.hash; body = body.data; } - const bodyClone = passiveClone(body); + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && passiveClone(body); + const result = []; switch (messageType) { case enums.armor.multipartSection: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); break; case enums.armor.multipartLast: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); break; case enums.armor.signed: result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); - result.push('Hash: ' + hash + '\n\n'); + result.push(hash ? `Hash: ${hash}\n\n` : '\n'); result.push(text.replace(/^-/mg, '- -')); result.push('\n-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; case enums.armor.message: result.push('-----BEGIN PGP MESSAGE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE-----\n'); break; case enums.armor.publicKey: result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); break; case enums.armor.privateKey: result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); break; case enums.armor.signature: result.push('-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; } @@ -3373,19653 +2889,9715 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 return util.concat(result); } -// GPG4Browsers - An OpenPGP implementation in javascript +async function getLegacyCipher(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + throw new Error('Not a legacy cipher'); + case enums.symmetric.cast5: + case enums.symmetric.blowfish: + case enums.symmetric.twofish: + case enums.symmetric.tripledes: { + const { legacyCiphers } = await import('./legacy_ciphers.mjs'); + const cipher = legacyCiphers.get(algo); + if (!cipher) { + throw new Error('Unsupported cipher algorithm'); + } + return cipher; + } + default: + throw new Error('Unsupported cipher algorithm'); + } +} /** - * Implementation of type key id - * - * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: - * A Key ID is an eight-octet scalar that identifies a key. - * Implementations SHOULD NOT assume that Key IDs are unique. The - * section "Enhanced Key Formats" below describes how Key IDs are - * formed. + * Get block size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -class KeyID { - constructor() { - this.bytes = ''; +function getCipherBlockSize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 16; + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + case enums.symmetric.tripledes: + return 8; + default: + throw new Error('Unsupported cipher'); } +} - /** - * Parsing method for a key id - * @param {Uint8Array} bytes - Input to read the key id from - */ - read(bytes) { - this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); - return this.bytes.length; - } - - /** - * Serializes the Key ID - * @returns {Uint8Array} Key ID as a Uint8Array. - */ - write() { - return util.stringToUint8Array(this.bytes); - } - - /** - * Returns the Key ID represented as a hexadecimal string - * @returns {String} Key ID as a hexadecimal string. - */ - toHex() { - return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); - } - - /** - * Checks equality of Key ID's - * @param {KeyID} keyID - * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard - */ - equals(keyID, matchWildcard = false) { - return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; - } - - /** - * Checks to see if the Key ID is unset - * @returns {Boolean} True if the Key ID is null. - */ - isNull() { - return this.bytes === ''; - } - - /** - * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) - * @returns {Boolean} True if this is a wildcard Key ID. - */ - isWildcard() { - return /^0+$/.test(this.toHex()); - } - - static mapToHex(keyID) { - return keyID.toHex(); - } - - static fromID(hex) { - const keyID = new KeyID(); - keyID.read(util.hexToUint8Array(hex)); - return keyID; - } - - static wildcard() { - const keyID = new KeyID(); - keyID.read(new Uint8Array(8)); - return keyID; +/** + * Get key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherKeySize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + return 16; + case enums.symmetric.aes192: + case enums.symmetric.tripledes: + return 24; + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 32; + default: + throw new Error('Unsupported cipher'); } } /** - * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}. - * @author Artem S Vybornov - * @license MIT + * Get block and key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -var AES_asm = function () { +function getCipherParams(algo) { + return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) }; +} - /** - * Galois Field stuff init flag - */ - var ginit_done = false; +var cipher = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCipherParams: getCipherParams, + getLegacyCipher: getLegacyCipher +}); - /** - * Galois Field exponentiation and logarithm tables for 3 (the generator) - */ - var gexp3, glog3; +/** + * A fast MD5 JavaScript implementation + * Copyright (c) 2012 Joseph Myers + * http://www.myersdaily.org/joseph/javascript/md5-text.html + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purposes and without + * fee is hereby granted provided that this copyright notice + * appears in all copies. + * + * Of course, this soft is provided "as is" without express or implied + * warranty of any kind. + */ - /** - * Init Galois Field tables - */ - function ginit() { - gexp3 = [], - glog3 = []; - var a = 1, c, d; - for (c = 0; c < 255; c++) { - gexp3[c] = a; +// MD5 Digest +async function md5(entree) { + const digest = md51(util.uint8ArrayToString(entree)); + return util.hexToUint8Array(hex(digest)); +} - // Multiply by three - d = a & 0x80, a <<= 1, a &= 255; - if (d === 0x80) a ^= 0x1b; - a ^= gexp3[c]; +function md5cycle(x, k) { + let a = x[0]; + let b = x[1]; + let c = x[2]; + let d = x[3]; - // Set the log table value - glog3[gexp3[c]] = c; - } - gexp3[255] = gexp3[0]; - glog3[0] = 0; + a = ff(a, b, c, d, k[0], 7, -680876936); + d = ff(d, a, b, c, k[1], 12, -389564586); + c = ff(c, d, a, b, k[2], 17, 606105819); + b = ff(b, c, d, a, k[3], 22, -1044525330); + a = ff(a, b, c, d, k[4], 7, -176418897); + d = ff(d, a, b, c, k[5], 12, 1200080426); + c = ff(c, d, a, b, k[6], 17, -1473231341); + b = ff(b, c, d, a, k[7], 22, -45705983); + a = ff(a, b, c, d, k[8], 7, 1770035416); + d = ff(d, a, b, c, k[9], 12, -1958414417); + c = ff(c, d, a, b, k[10], 17, -42063); + b = ff(b, c, d, a, k[11], 22, -1990404162); + a = ff(a, b, c, d, k[12], 7, 1804603682); + d = ff(d, a, b, c, k[13], 12, -40341101); + c = ff(c, d, a, b, k[14], 17, -1502002290); + b = ff(b, c, d, a, k[15], 22, 1236535329); - ginit_done = true; - } + a = gg(a, b, c, d, k[1], 5, -165796510); + d = gg(d, a, b, c, k[6], 9, -1069501632); + c = gg(c, d, a, b, k[11], 14, 643717713); + b = gg(b, c, d, a, k[0], 20, -373897302); + a = gg(a, b, c, d, k[5], 5, -701558691); + d = gg(d, a, b, c, k[10], 9, 38016083); + c = gg(c, d, a, b, k[15], 14, -660478335); + b = gg(b, c, d, a, k[4], 20, -405537848); + a = gg(a, b, c, d, k[9], 5, 568446438); + d = gg(d, a, b, c, k[14], 9, -1019803690); + c = gg(c, d, a, b, k[3], 14, -187363961); + b = gg(b, c, d, a, k[8], 20, 1163531501); + a = gg(a, b, c, d, k[13], 5, -1444681467); + d = gg(d, a, b, c, k[2], 9, -51403784); + c = gg(c, d, a, b, k[7], 14, 1735328473); + b = gg(b, c, d, a, k[12], 20, -1926607734); - /** - * Galois Field multiplication - * @param {number} a - * @param {number} b - * @return {number} - */ - function gmul(a, b) { - var c = gexp3[(glog3[a] + glog3[b]) % 255]; - if (a === 0 || b === 0) c = 0; - return c; - } + a = hh(a, b, c, d, k[5], 4, -378558); + d = hh(d, a, b, c, k[8], 11, -2022574463); + c = hh(c, d, a, b, k[11], 16, 1839030562); + b = hh(b, c, d, a, k[14], 23, -35309556); + a = hh(a, b, c, d, k[1], 4, -1530992060); + d = hh(d, a, b, c, k[4], 11, 1272893353); + c = hh(c, d, a, b, k[7], 16, -155497632); + b = hh(b, c, d, a, k[10], 23, -1094730640); + a = hh(a, b, c, d, k[13], 4, 681279174); + d = hh(d, a, b, c, k[0], 11, -358537222); + c = hh(c, d, a, b, k[3], 16, -722521979); + b = hh(b, c, d, a, k[6], 23, 76029189); + a = hh(a, b, c, d, k[9], 4, -640364487); + d = hh(d, a, b, c, k[12], 11, -421815835); + c = hh(c, d, a, b, k[15], 16, 530742520); + b = hh(b, c, d, a, k[2], 23, -995338651); - /** - * Galois Field reciprocal - * @param {number} a - * @return {number} - */ - function ginv(a) { - var i = gexp3[255 - glog3[a]]; - if (a === 0) i = 0; - return i; - } + a = ii(a, b, c, d, k[0], 6, -198630844); + d = ii(d, a, b, c, k[7], 10, 1126891415); + c = ii(c, d, a, b, k[14], 15, -1416354905); + b = ii(b, c, d, a, k[5], 21, -57434055); + a = ii(a, b, c, d, k[12], 6, 1700485571); + d = ii(d, a, b, c, k[3], 10, -1894986606); + c = ii(c, d, a, b, k[10], 15, -1051523); + b = ii(b, c, d, a, k[1], 21, -2054922799); + a = ii(a, b, c, d, k[8], 6, 1873313359); + d = ii(d, a, b, c, k[15], 10, -30611744); + c = ii(c, d, a, b, k[6], 15, -1560198380); + b = ii(b, c, d, a, k[13], 21, 1309151649); + a = ii(a, b, c, d, k[4], 6, -145523070); + d = ii(d, a, b, c, k[11], 10, -1120210379); + c = ii(c, d, a, b, k[2], 15, 718787259); + b = ii(b, c, d, a, k[9], 21, -343485551); - /** - * AES stuff init flag - */ - var aes_init_done = false; + x[0] = add32(a, x[0]); + x[1] = add32(b, x[1]); + x[2] = add32(c, x[2]); + x[3] = add32(d, x[3]); +} - /** - * Encryption, Decryption, S-Box and KeyTransform tables - * - * @type {number[]} - */ - var aes_sbox; +function cmn(q, a, b, x, s, t) { + a = add32(add32(a, q), add32(x, t)); + return add32((a << s) | (a >>> (32 - s)), b); +} - /** - * @type {number[]} - */ - var aes_sinv; +function ff(a, b, c, d, x, s, t) { + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} - /** - * @type {number[][]} - */ - var aes_enc; +function gg(a, b, c, d, x, s, t) { + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} - /** - * @type {number[][]} - */ - var aes_dec; +function hh(a, b, c, d, x, s, t) { + return cmn(b ^ c ^ d, a, b, x, s, t); +} - /** - * Init AES tables - */ - function aes_init() { - if (!ginit_done) ginit(); +function ii(a, b, c, d, x, s, t) { + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} - // Calculates AES S-Box value - function _s(a) { - var c, s, x; - s = x = ginv(a); - for (c = 0; c < 4; c++) { - s = ((s << 1) | (s >>> 7)) & 255; - x ^= s; - } - x ^= 99; - return x; - } - - // Tables - aes_sbox = [], - aes_sinv = [], - aes_enc = [[], [], [], []], - aes_dec = [[], [], [], []]; - - for (var i = 0; i < 256; i++) { - var s = _s(i); - - // S-Box and its inverse - aes_sbox[i] = s; - aes_sinv[s] = i; - - // Ecryption and Decryption tables - aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s); - aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i); - // Rotate tables - for (var t = 1; t < 4; t++) { - aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24); - aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24); - } +function md51(s) { + const n = s.length; + const state = [1732584193, -271733879, -1732584194, 271733878]; + let i; + for (i = 64; i <= s.length; i += 64) { + md5cycle(state, md5blk(s.substring(i - 64, i))); + } + s = s.substring(i - 64); + const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for (i = 0; i < s.length; i++) { + tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + } + tail[i >> 2] |= 0x80 << ((i % 4) << 3); + if (i > 55) { + md5cycle(state, tail); + for (i = 0; i < 16; i++) { + tail[i] = 0; } + } + tail[14] = n * 8; + md5cycle(state, tail); + return state; +} - aes_init_done = true; +/* there needs to be support for Unicode here, + * unless we pretend that we can redefine the MD-5 + * algorithm for multi-byte characters (perhaps + * by adding every four 16-bit characters and + * shortening the sum to 32 bits). Otherwise + * I suggest performing MD-5 as if every character + * was two bytes--e.g., 0040 0025 = @%--but then + * how will an ordinary MD-5 sum be matched? + * There is no way to standardize text to something + * like UTF-8 before transformation; speed cost is + * utterly prohibitive. The JavaScript standard + * itself needs to look at this: it should start + * providing access to strings as preformed UTF-8 + * 8-bit unsigned value arrays. + */ +function md5blk(s) { /* I figured global was faster. */ + const md5blks = []; + let i; /* Andy King said do it this way. */ + for (i = 0; i < 64; i += 4) { + md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << + 24); } + return md5blks; +} - /** - * Asm.js module constructor. - * - *

- * Heap buffer layout by offset: - * 

-   * 0x0000   encryption key schedule
-   * 0x0400   decryption key schedule
-   * 0x0800   sbox
-   * 0x0c00   inv sbox
-   * 0x1000   encryption tables
-   * 0x2000   decryption tables
-   * 0x3000   reserved (future GCM multiplication lookup table)
-   * 0x4000   data
-   *
- * Don't touch anything before 0x400. - *

- * - * @alias AES_asm - * @class - * @param foreign - ignored - * @param buffer - heap buffer to link with - */ - var wrapper = function (foreign, buffer) { - // Init AES stuff for the first time - if (!aes_init_done) aes_init(); - - // Fill up AES tables - var heap = new Uint32Array(buffer); - heap.set(aes_sbox, 0x0800 >> 2); - heap.set(aes_sinv, 0x0c00 >> 2); - for (var i = 0; i < 4; i++) { - heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2); - heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2); - } +const hex_chr = '0123456789abcdef'.split(''); - /** - * Calculate AES key schedules. - * @instance - * @memberof AES_asm - * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly) - * @param {number} k0 - key vector components - * @param {number} k1 - key vector components - * @param {number} k2 - key vector components - * @param {number} k3 - key vector components - * @param {number} k4 - key vector components - * @param {number} k5 - key vector components - * @param {number} k6 - key vector components - * @param {number} k7 - key vector components - */ - function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) { - var ekeys = heap.subarray(0x000, 60), - dkeys = heap.subarray(0x100, 0x100 + 60); - - // Encryption key schedule - ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]); - for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) { - var k = ekeys[i - 1]; - if ((i % ks === 0) || (ks === 8 && i % ks === 4)) { - k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255]; - } - if (i % ks === 0) { - k = (k << 8) ^ (k >>> 24) ^ (rcon << 24); - rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0); - } - ekeys[i] = ekeys[i - ks] ^ k; - } +function rhex(n) { + let s = ''; + let j = 0; + for (; j < 4; j++) { + s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; + } + return s; +} - // Decryption key schedule - for (var j = 0; j < i; j += 4) { - for (var jj = 0; jj < 4; jj++) { - var k = ekeys[i - (4 + j) + (4 - jj) % 4]; - if (j < 4 || j >= i - 4) { - dkeys[j + jj] = k; - } else { - dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]] - ^ aes_dec[1][aes_sbox[k >>> 16 & 255]] - ^ aes_dec[2][aes_sbox[k >>> 8 & 255]] - ^ aes_dec[3][aes_sbox[k & 255]]; - } - } - } +function hex(x) { + for (let i = 0; i < x.length; i++) { + x[i] = rhex(x[i]); + } + return x.join(''); +} - // Set rounds number - asm.set_rounds(ks + 5); - } +/* this function is much faster, +so if possible we use it. Some IEs +are the only ones I know of that +need the idiotic second function, +generated by an if clause. */ - // create library object with necessary properties - var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array}; +function add32(a, b) { + return (a + b) & 0xFFFFFFFF; +} - var asm = function (stdlib, foreign, buffer) { - "use asm"; +/** + * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. + * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} + * @see {@link https://github.com/indutny/hash.js|hash.js} + * @module crypto/hash + */ - var S0 = 0, S1 = 0, S2 = 0, S3 = 0, - I0 = 0, I1 = 0, I2 = 0, I3 = 0, - N0 = 0, N1 = 0, N2 = 0, N3 = 0, - M0 = 0, M1 = 0, M2 = 0, M3 = 0, - H0 = 0, H1 = 0, H2 = 0, H3 = 0, - R = 0; - var HEAP = new stdlib.Uint32Array(buffer), - DATA = new stdlib.Uint8Array(buffer); +const webCrypto$a = util.getWebCrypto(); +const nodeCrypto$9 = util.getNodeCrypto(); +const nodeCryptoHashes = nodeCrypto$9 && nodeCrypto$9.getHashes(); - /** - * AES core - * @param {number} k - precomputed key schedule offset - * @param {number} s - precomputed sbox table offset - * @param {number} t - precomputed round table offset - * @param {number} r - number of inner rounds to perform - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _core(k, s, t, r, x0, x1, x2, x3) { - k = k | 0; - s = s | 0; - t = t | 0; - r = r | 0; - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t1 = 0, t2 = 0, t3 = 0, - y0 = 0, y1 = 0, y2 = 0, y3 = 0, - i = 0; - - t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00; - - // round 0 - x0 = x0 ^ HEAP[(k | 0) >> 2], - x1 = x1 ^ HEAP[(k | 4) >> 2], - x2 = x2 ^ HEAP[(k | 8) >> 2], - x3 = x3 ^ HEAP[(k | 12) >> 2]; - - // round 1..r - for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) { - y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - x0 = y0, x1 = y1, x2 = y2, x3 = y3; - } +function nodeHash(type) { + if (!nodeCrypto$9 || !nodeCryptoHashes.includes(type)) { + return; + } + return async function (data) { + const shasum = nodeCrypto$9.createHash(type); + return transform(data, value => { + shasum.update(value); + }, () => new Uint8Array(shasum.digest())); + }; +} - // final round - S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - } +function nobleHash(nobleHashName, webCryptoHashName) { + const getNobleHash = async () => { + const { nobleHashes } = await import('./noble_hashes.mjs'); + const hash = nobleHashes.get(nobleHashName); + if (!hash) throw new Error('Unsupported hash'); + return hash; + }; - /** - * ECB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - x0, - x1, - x2, - x3 - ); - } + return async function(data) { + if (isArrayStream(data)) { + data = await readToEnd(data); + } + if (util.isStream(data)) { + const hash = await getNobleHash(); - /** - * ECB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); + const hashInstance = hash.create(); + return transform(data, value => { + hashInstance.update(value); + }, () => hashInstance.digest()); + } else if (webCrypto$a && webCryptoHashName) { + return new Uint8Array(await webCrypto$a.digest(webCryptoHashName, data)); + } else { + const hash = await getNobleHash(); - t = S1, S1 = S3, S3 = t; - } + return hash(data); + } + }; +} +var hash = { - /** - * CBC mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0 ^ x0, - I1 ^ x1, - I2 ^ x2, - I3 ^ x3 - ); + /** @see module:md5 */ + md5: nodeHash('md5') || md5, + sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'), + sha224: nodeHash('sha224') || nobleHash('sha224'), + sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'), + sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'), + sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'), + ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'), + sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'), + sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'), - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - } + /** + * Create a hash on the specified data using the specified algorithm + * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @param {Uint8Array} data - Data to be hashed + * @returns {Promise} Hash value. + */ + digest: function(algo, data) { + switch (algo) { + case enums.hash.md5: + return this.md5(data); + case enums.hash.sha1: + return this.sha1(data); + case enums.hash.ripemd: + return this.ripemd(data); + case enums.hash.sha256: + return this.sha256(data); + case enums.hash.sha384: + return this.sha384(data); + case enums.hash.sha512: + return this.sha512(data); + case enums.hash.sha224: + return this.sha224(data); + case enums.hash.sha3_256: + return this.sha3_256(data); + case enums.hash.sha3_512: + return this.sha3_512(data); + default: + throw new Error('Unsupported hash function'); + } + }, - /** - * CBC mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); + /** + * Returns the hash size in bytes of the specified hash algorithm type + * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @returns {Integer} Size in bytes of the resulting hash. + */ + getHashByteLength: function(algo) { + switch (algo) { + case enums.hash.md5: + return 16; + case enums.hash.sha1: + case enums.hash.ripemd: + return 20; + case enums.hash.sha256: + return 32; + case enums.hash.sha384: + return 48; + case enums.hash.sha512: + return 64; + case enums.hash.sha224: + return 28; + case enums.hash.sha3_256: + return 32; + case enums.hash.sha3_512: + return 64; + default: + throw new Error('Invalid hash algorithm.'); + } + } +}; - t = S1, S1 = S3, S3 = t; +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes(b, ...lengths) { + if (!isBytes(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */ +// Cast array to different type +const u8$1 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength); +const u32$1 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// big-endian hardware is rare. Just in case someone still decides to run ciphers: +// early-throw an error because we don't support BE yet. +const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +if (!isLE) + throw new Error('Non little-endian hardware is not supported'); +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`string expected, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes(data); + else if (isBytes(data)) + data = copyBytes(data); + else + throw new Error(`Uint8Array expected, got ${typeof data}`); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @__NO_SIDE_EFFECTS__ + */ +const wrapCipher = (params, c) => { + Object.assign(c, params); + return c; +}; +// Polyfill for Safari 14 +function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = 0; + const l = 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +// Is byte array aligned to 4 byte offset (u32)? +function isAligned32(bytes) { + return bytes.byteOffset % 4 === 0; +} +// copy bytes to new u8a (aligned). Because Buffer.slice is broken. +function copyBytes(bytes) { + return Uint8Array.from(bytes); +} +function clean(...arrays) { + for (let i = 0; i < arrays.length; i++) { + arrays[i].fill(0); + } +} + +// GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV. +// Implemented in terms of GHash with conversion function for keys +// GCM GHASH from NIST SP800-38d, SIV from RFC 8452. +// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf +// GHASH modulo: x^128 + x^7 + x^2 + x + 1 +// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1 +const BLOCK_SIZE$1 = 16; +// TODO: rewrite +// temporary padding buffer +const ZEROS16 = /* @__PURE__ */ new Uint8Array(16); +const ZEROS32 = u32$1(ZEROS16); +const POLY$1 = 0xe1; // v = 2*v % POLY +// v = 2*v % POLY +// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x +// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor) +const mul2$1 = (s0, s1, s2, s3) => { + const hiBit = s3 & 1; + return { + s3: (s2 << 31) | (s3 >>> 1), + s2: (s1 << 31) | (s2 >>> 1), + s1: (s0 << 31) | (s1 >>> 1), + s0: (s0 >>> 1) ^ ((POLY$1 << 24) & -(hiBit & 1)), // reduce % poly + }; +}; +const swapLE = (n) => (((n >>> 0) & 0xff) << 24) | + (((n >>> 8) & 0xff) << 16) | + (((n >>> 16) & 0xff) << 8) | + ((n >>> 24) & 0xff) | + 0; +/** + * `mulX_POLYVAL(ByteReverse(H))` from spec + * @param k mutated in place + */ +function _toGHASHKey(k) { + k.reverse(); + const hiBit = k[15] & 1; + // k >>= 1 + let carry = 0; + for (let i = 0; i < k.length; i++) { + const t = k[i]; + k[i] = (t >>> 1) | carry; + carry = (t & 1) << 7; + } + k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000; + return k; +} +const estimateWindow = (bytes) => { + if (bytes > 64 * 1024) + return 8; + if (bytes > 1024) + return 4; + return 2; +}; +class GHASH { + // We select bits per window adaptively based on expectedLength + constructor(key, expectedLength) { + this.blockLen = BLOCK_SIZE$1; + this.outputLen = BLOCK_SIZE$1; + this.s0 = 0; + this.s1 = 0; + this.s2 = 0; + this.s3 = 0; + this.finished = false; + key = toBytes(key); + bytes(key, 16); + const kView = createView(key); + let k0 = kView.getUint32(0, false); + let k1 = kView.getUint32(4, false); + let k2 = kView.getUint32(8, false); + let k3 = kView.getUint32(12, false); + // generate table of doubled keys (half of montgomery ladder) + const doubles = []; + for (let i = 0; i < 128; i++) { + doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) }); + ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2$1(k0, k1, k2, k3)); + } + const W = estimateWindow(expectedLength || 1024); + if (![1, 2, 4, 8].includes(W)) + throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`); + this.W = W; + const bits = 128; // always 128 bits; + const windows = bits / W; + const windowSize = (this.windowSize = 2 ** W); + const items = []; + // Create precompute table for window of W bits + for (let w = 0; w < windows; w++) { + // truth table: 00, 01, 10, 11 + for (let byte = 0; byte < windowSize; byte++) { + // prettier-ignore + let s0 = 0, s1 = 0, s2 = 0, s3 = 0; + for (let j = 0; j < W; j++) { + const bit = (byte >>> (W - j - 1)) & 1; + if (!bit) + continue; + const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j]; + (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3); + } + items.push({ s0, s1, s2, s3 }); + } + } + this.t = items; + } + _updateBlock(s0, s1, s2, s3) { + (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3); + const { W, t, windowSize } = this; + // prettier-ignore + let o0 = 0, o1 = 0, o2 = 0, o3 = 0; + const mask = (1 << W) - 1; // 2**W will kill performance. + let w = 0; + for (const num of [s0, s1, s2, s3]) { + for (let bytePos = 0; bytePos < 4; bytePos++) { + const byte = (num >>> (8 * bytePos)) & 0xff; + for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) { + const bit = (byte >>> (W * bitPos)) & mask; + const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit]; + (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3); + w += 1; + } + } + } + this.s0 = o0; + this.s1 = o1; + this.s2 = o2; + this.s3 = o3; + } + update(data) { + data = toBytes(data); + exists(this); + const b32 = u32$1(data); + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + const left = data.length % BLOCK_SIZE$1; + for (let i = 0; i < blocks; i++) { + this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]); + clean(ZEROS32); // clean tmp buffer + } + return this; + } + destroy() { + const { t } = this; + // clean precompute table + for (const elm of t) { + (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0); + } + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + const { s0, s1, s2, s3 } = this; + const o32 = u32$1(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out; + } + digest() { + const res = new Uint8Array(BLOCK_SIZE$1); + this.digestInto(res); + this.destroy(); + return res; + } +} +class Polyval extends GHASH { + constructor(key, expectedLength) { + key = toBytes(key); + const ghKey = _toGHASHKey(copyBytes(key)); + super(ghKey, expectedLength); + clean(ghKey); + } + update(data) { + data = toBytes(data); + exists(this); + const b32 = u32$1(data); + const left = data.length % BLOCK_SIZE$1; + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + for (let i = 0; i < blocks; i++) { + this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0])); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0])); + clean(ZEROS32); + } + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // tmp ugly hack + const { s0, s1, s2, s3 } = this; + const o32 = u32$1(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out.reverse(); + } +} +function wrapConstructorWithKey(hashCons) { + const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest(); + const tmp = hashCons(new Uint8Array(16), 0); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (key, expectedLength) => hashCons(key, expectedLength); + return hashC; +} +const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength)); +wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength)); + +// prettier-ignore +/* +AES (Advanced Encryption Standard) aka Rijndael block cipher. - S0 = S0 ^ I0, - S1 = S1 ^ I1, - S2 = S2 ^ I2, - S3 = S3 ^ I3; +Data is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round: +1. **S-box**, table substitution +2. **Shift rows**, cyclic shift left of all rows of data array +3. **Mix columns**, multiplying every column by fixed polynomial +4. **Add round key**, round_key xor i-th column of array - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; +Resources: +- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf +- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf +*/ +const BLOCK_SIZE = 16; +const BLOCK_SIZE32 = 4; +const EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE); +const POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8 +// TODO: remove multiplication, binary ops only +function mul2(n) { + return (n << 1) ^ (POLY & -(n >> 7)); +} +function mul(a, b) { + let res = 0; + for (; b > 0; b >>= 1) { + // Montgomery ladder + res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time). + a = mul2(a); // a = 2*a + } + return res; +} +// AES S-box is generated using finite field inversion, +// an affine transform, and xor of a constant 0x63. +const sbox = /* @__PURE__ */ (() => { + const t = new Uint8Array(256); + for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x)) + t[i] = x; + const box = new Uint8Array(256); + box[0] = 0x63; // first elm + for (let i = 0; i < 255; i++) { + let x = t[255 - i]; + x |= x << 8; + box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff; + } + clean(t); + return box; +})(); +// Inverted S-box +const invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j)); +// Rotate u32 by 8 +const rotr32_8 = (n) => (n << 24) | (n >>> 8); +const rotl32_8 = (n) => (n << 8) | (n >>> 24); +// The byte swap operation for uint32 (LE<->BE) +const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes: +// - LE instead of BE +// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23; +// so index is u16, instead of u8. This speeds up things, unexpectedly +function genTtable(sbox, fn) { + if (sbox.length !== 256) + throw new Error('Wrong sbox length'); + const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j])); + const T1 = T0.map(rotl32_8); + const T2 = T1.map(rotl32_8); + const T3 = T2.map(rotl32_8); + const T01 = new Uint32Array(256 * 256); + const T23 = new Uint32Array(256 * 256); + const sbox2 = new Uint16Array(256 * 256); + for (let i = 0; i < 256; i++) { + for (let j = 0; j < 256; j++) { + const idx = i * 256 + j; + T01[idx] = T0[i] ^ T1[j]; + T23[idx] = T2[i] ^ T3[j]; + sbox2[idx] = (sbox[i] << 8) | sbox[j]; + } + } + return { sbox, sbox2, T0, T1, T2, T3, T01, T23 }; +} +const tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2)); +const tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14)); +const xPowers = /* @__PURE__ */ (() => { + const p = new Uint8Array(16); + for (let i = 0, x = 1; i < 16; i++, x = mul2(x)) + p[i] = x; + return p; +})(); +function expandKeyLE(key) { + bytes(key); + const len = key.length; + if (![16, 24, 32].includes(len)) + throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`); + const { sbox2 } = tableEncoding; + const toClean = []; + if (!isAligned32(key)) + toClean.push((key = copyBytes(key))); + const k32 = u32$1(key); + const Nk = k32.length; + const subByte = (n) => applySbox(sbox2, n, n, n, n); + const xk = new Uint32Array(len + 28); // expanded key + xk.set(k32); + // 4.3.1 Key expansion + for (let i = Nk; i < xk.length; i++) { + let t = xk[i - 1]; + if (i % Nk === 0) + t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1]; + else if (Nk > 6 && i % Nk === 4) + t = subByte(t); + xk[i] = xk[i - Nk] ^ t; + } + clean(...toClean); + return xk; +} +function expandKeyDecLE(key) { + const encKey = expandKeyLE(key); + const xk = encKey.slice(); + const Nk = encKey.length; + const { sbox2 } = tableEncoding; + const { T0, T1, T2, T3 } = tableDecoding; + // Inverse key by chunks of 4 (rounds) + for (let i = 0; i < Nk; i += 4) { + for (let j = 0; j < 4; j++) + xk[i + j] = encKey[Nk - i - 4 + j]; + } + clean(encKey); + // apply InvMixColumn except first & last round + for (let i = 4; i < Nk - 4; i++) { + const x = xk[i]; + const w = applySbox(sbox2, x, x, x, x); + xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24]; + } + return xk; +} +// Apply tables +function apply0123(T01, T23, s0, s1, s2, s3) { + return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^ + T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]); +} +function applySbox(sbox2, s0, s1, s2, s3) { + return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] | + (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16)); +} +function encrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableEncoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // last round (without mixcolumns, so using SBOX2 table) + const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different +function decrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableDecoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // Last round + const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +function getDst(len, dst) { + if (dst === undefined) + return new Uint8Array(len); + bytes(dst); + if (dst.length < len) + throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`); + if (!isAligned32(dst)) + throw new Error('unaligned dst'); + return dst; +} +// TODO: investigate merging with ctr32 +function ctrCounter(xk, nonce, src, dst) { + bytes(nonce, BLOCK_SIZE); + bytes(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const ctr = nonce; + const c32 = u32$1(ctr); + // Fill block (empty, ctr=0) + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + const src32 = u32$1(src); + const dst32 = u32$1(dst); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + // Full 128 bit counter with wrap around + let carry = 1; + for (let i = ctr.length - 1; i >= 0; i--) { + carry = (carry + (ctr[i] & 0xff)) | 0; + ctr[i] = carry & 0xff; + carry >>>= 8; + } + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than block) + // It's possible to handle > u32 fast, but is it worth it? + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +// AES CTR with overflowing 32 bit counter +// It's possible to do 32le significantly simpler (and probably faster) by using u32. +// But, we need both, and perf bottleneck is in ghash anyway. +function ctr32(xk, isLE, nonce, src, dst) { + bytes(nonce, BLOCK_SIZE); + bytes(src); + dst = getDst(src.length, dst); + const ctr = nonce; // write new value to nonce, so it can be re-used + const c32 = u32$1(ctr); + const view = createView(ctr); + const src32 = u32$1(src); + const dst32 = u32$1(dst); + const ctrPos = isLE ? 0 : 12; + const srcLen = src.length; + // Fill block (empty, ctr=0) + let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + ctrNum = (ctrNum + 1) >>> 0; // u32 wrap + view.setUint32(ctrPos, ctrNum, isLE); + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than a block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +/** + * CTR: counter mode. Creates stream cipher. + * Requires good IV. Parallelizable. OK, but no MAC. + */ +const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) { + bytes(key); + bytes(nonce, BLOCK_SIZE); + function processCtr(buf, dst) { + bytes(buf); + if (dst !== undefined) { + bytes(dst); + if (!isAligned32(dst)) + throw new Error('unaligned destination'); + } + const xk = expandKeyLE(key); + const n = copyBytes(nonce); // align + avoid changing + const toClean = [xk, n]; + if (!isAligned32(buf)) + toClean.push((buf = copyBytes(buf))); + const out = ctrCounter(xk, n, buf, dst); + clean(...toClean); + return out; + } + return { + encrypt: (plaintext, dst) => processCtr(plaintext, dst), + decrypt: (ciphertext, dst) => processCtr(ciphertext, dst), + }; +}); +function validateBlockDecrypt(data) { + bytes(data); + if (data.length % BLOCK_SIZE !== 0) { + throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`); + } +} +function validateBlockEncrypt(plaintext, pcks5, dst) { + bytes(plaintext); + let outLen = plaintext.length; + const remaining = outLen % BLOCK_SIZE; + if (!pcks5 && remaining !== 0) + throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding'); + if (!isAligned32(plaintext)) + plaintext = copyBytes(plaintext); + const b = u32$1(plaintext); + if (pcks5) { + let left = BLOCK_SIZE - remaining; + if (!left) + left = BLOCK_SIZE; // if no bytes left, create empty padding block + outLen = outLen + left; + } + const out = getDst(outLen, dst); + const o = u32$1(out); + return { b, o, out }; +} +function validatePCKS(data, pcks5) { + if (!pcks5) + return data; + const len = data.length; + if (!len) + throw new Error('aes/pcks5: empty ciphertext not allowed'); + const lastByte = data[len - 1]; + if (lastByte <= 0 || lastByte > 16) + throw new Error('aes/pcks5: wrong padding'); + const out = data.subarray(0, -lastByte); + for (let i = 0; i < lastByte; i++) + if (data[len - i - 1] !== lastByte) + throw new Error('aes/pcks5: wrong padding'); + return out; +} +function padPCKS(left) { + const tmp = new Uint8Array(16); + const tmp32 = u32$1(tmp); + tmp.set(left); + const paddingByte = BLOCK_SIZE - left.length; + for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++) + tmp[i] = paddingByte; + return tmp32; +} +/** + * CBC: Cipher-Block-Chaining. Key is previous round’s block. + * Fragile: needs proper padding. Unauthenticated: needs MAC. + */ +const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) { + bytes(key); + bytes(iv, 16); + const pcks5 = !opts.disablePadding; + return { + encrypt(plaintext, dst) { + const xk = expandKeyLE(key); + const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$1(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + let i = 0; + for (; i + 4 <= b.length;) { + (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + if (pcks5) { + const tmp32 = padPCKS(plaintext.subarray(i * 4)); + (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + clean(...toClean); + return _out; + }, + decrypt(ciphertext, dst) { + validateBlockDecrypt(ciphertext); + const xk = expandKeyDecLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$1(_iv); + const out = getDst(ciphertext.length, dst); + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const b = u32$1(ciphertext); + const o = u32$1(out); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= b.length;) { + // prettier-ignore + const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3; + (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]); + const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt$6(xk, s0, s1, s2, s3); + (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3); + } + clean(...toClean); + return validatePCKS(out, pcks5); + }, + }; +}); +/** + * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output. + * Unauthenticated: needs MAC. + */ +const cfb$1 = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) { + bytes(key); + bytes(iv, 16); + function processCfb(src, isEncrypt, dst) { + bytes(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const xk = expandKeyLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + if (!isAligned32(src)) + toClean.push((src = copyBytes(src))); + const src32 = u32$1(src); + const dst32 = u32$1(dst); + const next32 = isEncrypt ? dst32 : src32; + const n32 = u32$1(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= src32.length;) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt$6(xk, s0, s1, s2, s3); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]); + } + // leftovers (less than block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + const buf = u8$1(new Uint32Array([s0, s1, s2, s3])); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(buf); + } + clean(...toClean); + return dst; + } + return { + encrypt: (plaintext, dst) => processCfb(plaintext, true, dst), + decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst), + }; +}); +// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen +function computeTag(fn, isLE, key, data, AAD) { + const aadLength = AAD == null ? 0 : AAD.length; + const h = fn.create(key, data.length + aadLength); + if (AAD) + h.update(AAD); + h.update(data); + const num = new Uint8Array(16); + const view = createView(num); + if (AAD) + setBigUint64(view, 0, BigInt(aadLength * 8), isLE); + setBigUint64(view, 8, BigInt(data.length * 8), isLE); + h.update(num); + const res = h.digest(); + clean(num); + return res; +} +/** + * GCM: Galois/Counter Mode. + * Modern, parallel version of CTR, with MAC. + * Be careful: MACs can be forged. + * Unsafe to use random nonces under the same key, due to collision chance. + * As for nonce size, prefer 12-byte, instead of 8-byte. + */ +const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) { + bytes(key); + bytes(nonce); + if (AAD !== undefined) + bytes(AAD); + // NIST 800-38d doesn't enforce minimum nonce length. + // We enforce 8 bytes for compat with openssl. + // 12 bytes are recommended. More than 12 bytes would be converted into 12. + if (nonce.length < 8) + throw new Error('aes/gcm: invalid nonce length'); + const tagLength = 16; + function _computeTag(authKey, tagMask, data) { + const tag = computeTag(ghash, false, authKey, data, AAD); + for (let i = 0; i < tagMask.length; i++) + tag[i] ^= tagMask[i]; + return tag; + } + function deriveKeys() { + const xk = expandKeyLE(key); + const authKey = EMPTY_BLOCK.slice(); + const counter = EMPTY_BLOCK.slice(); + ctr32(xk, false, counter, counter, authKey); + // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces + if (nonce.length === 12) { + counter.set(nonce); + } + else { + const nonceLen = EMPTY_BLOCK.slice(); + const view = createView(nonceLen); + setBigUint64(view, 8, BigInt(nonce.length * 8), false); + // ghash(nonce || u64be(0) || u64be(nonceLen*8)) + const g = ghash.create(authKey).update(nonce).update(nonceLen); + g.digestInto(counter); // digestInto doesn't trigger '.destroy' + g.destroy(); + } + const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK); + return { xk, authKey, counter, tagMask }; + } + return { + encrypt(plaintext) { + bytes(plaintext); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const out = new Uint8Array(plaintext.length + tagLength); + const toClean = [xk, authKey, counter, tagMask]; + if (!isAligned32(plaintext)) + toClean.push((plaintext = copyBytes(plaintext))); + ctr32(xk, false, counter, plaintext, out); + const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength)); + toClean.push(tag); + out.set(tag, plaintext.length); + clean(...toClean); + return out; + }, + decrypt(ciphertext) { + bytes(ciphertext); + if (ciphertext.length < tagLength) + throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const toClean = [xk, authKey, tagMask, counter]; + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const data = ciphertext.subarray(0, -tagLength); + const passedTag = ciphertext.subarray(-tagLength); + const tag = _computeTag(authKey, tagMask, data); + toClean.push(tag); + if (!equalBytes(tag, passedTag)) + throw new Error('aes/gcm: invalid ghash tag'); + const out = ctr32(xk, false, counter, data); + clean(...toClean); + return out; + }, + }; +}); +function isBytes32(a) { + return (a != null && + typeof a === 'object' && + (a instanceof Uint32Array || a.constructor.name === 'Uint32Array')); +} +function encryptBlock(xk, block) { + bytes(block, 16); + if (!isBytes32(xk)) + throw new Error('_encryptBlock accepts result of expandKeyLE'); + const b32 = u32$1(block); + let { s0, s1, s2, s3 } = encrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +function decryptBlock(xk, block) { + bytes(block, 16); + if (!isBytes32(xk)) + throw new Error('_decryptBlock accepts result of expandKeyLE'); + const b32 = u32$1(block); + let { s0, s1, s2, s3 } = decrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +/** + * AES-W (base for AESKW/AESKWP). + * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf), + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/). + */ +const AESW = { + /* + High-level pseudocode: + ``` + A: u64 = IV + out = [] + for (let i=0, ctr = 0; i<6; i++) { + for (const chunk of chunks(plaintext, 8)) { + A ^= swapEndianess(ctr++) + [A, res] = chunks(encrypt(A || chunk), 8); + out ||= res } + } + out = A || out + ``` + Decrypt is the same, but reversed. + */ + encrypt(kek, out) { + // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints. + // If you need it larger, open an issue. + if (out.length >= 2 ** 32) + throw new Error('plaintext should be less than 4gb'); + const xk = expandKeyLE(kek); + if (out.length === 16) + encryptBlock(xk, out); + else { + const o32 = u32$1(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = 1; j < 6; j++) { + for (let pos = 2; pos < o32.length; pos += 2, ctr++) { + const { s0, s1, s2, s3 } = encrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + // A = MSB(64, B) ^ t where t = (n*j)+i + (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); // out = A || out + } + xk.fill(0); + }, + decrypt(kek, out) { + if (out.length - 8 >= 2 ** 32) + throw new Error('ciphertext should be less than 4gb'); + const xk = expandKeyDecLE(kek); + const chunks = out.length / 8 - 1; // first chunk is IV + if (chunks === 1) + decryptBlock(xk, out); + else { + const o32 = u32$1(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = chunks * 6; j < 6; j++) { + for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) { + a1 ^= byteSwap(ctr); + const { s0, s1, s2, s3 } = decrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); + } + xk.fill(0); + }, +}; +const AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6 +/** + * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times. + * Reduces block size from 16 to 8 bytes. + * For padded version, use aeskwp. + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + */ +const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({ + encrypt(plaintext) { + bytes(plaintext); + if (!plaintext.length || plaintext.length % 8 !== 0) + throw new Error('invalid plaintext length'); + if (plaintext.length === 8) + throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead'); + const out = concatBytes(AESKW_IV, plaintext); + AESW.encrypt(kek, out); + return out; + }, + decrypt(ciphertext) { + bytes(ciphertext); + // ciphertext must be at least 24 bytes and a multiple of 8 bytes + // 24 because should have at least two block (1 iv + 2). + // Replace with 16 to enable '8-byte keys' + if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8) + throw new Error('invalid ciphertext length'); + const out = copyBytes(ciphertext); + AESW.decrypt(kek, out); + if (!equalBytes(out.subarray(0, 8), AESKW_IV)) + throw new Error('integrity check failed'); + out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway + return out.subarray(8); + }, +})); +// Private, unsafe low-level methods. Can change at any time. +const unsafe = { + expandKeyLE, + expandKeyDecLE, + encrypt: encrypt$6, + decrypt: decrypt$6, + encryptBlock, + decryptBlock, + ctrCounter, + ctr32, +}; - /** - * CFB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0 = S0 ^ x0, - I1 = S1 = S1 ^ x1, - I2 = S2 = S2 ^ x2, - I3 = S3 = S3 ^ x3; - } +// Modified by ProtonTech AG - /** - * CFB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); +const webCrypto$9 = util.getWebCrypto(); +const nodeCrypto$8 = util.getNodeCrypto(); + +const knownAlgos = nodeCrypto$8 ? nodeCrypto$8.getCiphers() : []; +const nodeAlgos = { + idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ + tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, + cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, + blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, + aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, + aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, + aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined + /* twofish is not implemented in OpenSSL */ +}; - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; +/** + * CFB encryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} plaintext + * @param {Uint8Array} iv + * @param {Object} config - full configuration, defaults to openpgp.config + * @returns MaybeStream + */ +async function encrypt$5(algo, key, plaintext, iv, config) { + const algoName = enums.read(enums.symmetric, algo); + if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. + return nodeEncrypt$1(algo, key, plaintext, iv); + } + if (util.isAES(algo)) { + return aesEncrypt(algo, key, plaintext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; + const blockc = iv.slice(); + let pt = new Uint8Array(); + const process = chunk => { + if (chunk) { + pt = util.concatUint8Array([pt, chunk]); + } + const ciphertext = new Uint8Array(pt.length); + let i; + let j = 0; + while (chunk ? pt.length >= block_size : pt.length) { + const encblock = cipherfn.encrypt(blockc); + for (i = 0; i < block_size; i++) { + blockc[i] = pt[i] ^ encblock[i]; + ciphertext[j++] = blockc[i]; } + pt = pt.subarray(block_size); + } + return ciphertext.subarray(0, j); + }; + return transform(plaintext, process, process); +} - /** - * OFB mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ofb(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); +/** + * CFB decryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} ciphertext + * @param {Uint8Array} iv + * @returns MaybeStream + */ +async function decrypt$5(algo, key, ciphertext, iv) { + const algoName = enums.read(enums.symmetric, algo); + if (nodeCrypto$8 && nodeAlgos[algoName]) { // Node crypto library. + return nodeDecrypt$1(algo, key, ciphertext, iv); + } + if (util.isAES(algo)) { + return aesDecrypt(algo, key, ciphertext, iv); + } - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; + let blockp = iv; + let ct = new Uint8Array(); + const process = chunk => { + if (chunk) { + ct = util.concatUint8Array([ct, chunk]); + } + const plaintext = new Uint8Array(ct.length); + let i; + let j = 0; + while (chunk ? ct.length >= block_size : ct.length) { + const decblock = cipherfn.encrypt(blockp); + blockp = ct.subarray(0, block_size); + for (i = 0; i < block_size; i++) { + plaintext[j++] = blockp[i] ^ decblock[i]; } + ct = ct.subarray(block_size); + } + return plaintext.subarray(0, j); + }; + return transform(ciphertext, process, process); +} - /** - * CTR mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ctr(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - N0, - N1, - N2, - N3 - ); +class WebCryptoEncryptor { + constructor(algo, key, iv) { + const { blockSize } = getCipherParams(algo); + this.key = key; + this.prevBlock = iv; + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + this.zeroBlock = new Uint8Array(this.blockSize); + } - N3 = (~M3 & N3) | M3 & (N3 + 1); - N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0)); - N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0)); - N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0)); + static async isSupported(algo) { + const { keySize } = getCipherParams(algo); + return webCrypto$9.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt']) + .then(() => true, () => false); + } - S0 = S0 ^ x0; - S1 = S1 ^ x1; - S2 = S2 ^ x2; - S3 = S3 ^ x3; - } + async _runCBC(plaintext, nonZeroIV) { + const mode = 'AES-CBC'; + this.keyRef = this.keyRef || await webCrypto$9.importKey('raw', this.key, mode, false, ['encrypt']); + const ciphertext = await webCrypto$9.encrypt( + { name: mode, iv: nonZeroIV || this.zeroBlock }, + this.keyRef, + plaintext + ); + return new Uint8Array(ciphertext).subarray(0, plaintext.length); + } + + async encryptChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const plaintext = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + const toEncrypt = util.concatUint8Array([ + this.prevBlock, + plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block "early", since we only need to xor the plaintext and pass it over as prevBlock + ]); - /** - * GCM mode MAC calculation - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _gcm_mac(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var y0 = 0, y1 = 0, y2 = 0, y3 = 0, - z0 = 0, z1 = 0, z2 = 0, z3 = 0, - i = 0, c = 0; - - x0 = x0 ^ I0, - x1 = x1 ^ I1, - x2 = x2 ^ I2, - x3 = x3 ^ I3; - - y0 = H0 | 0, - y1 = H1 | 0, - y2 = H2 | 0, - y3 = H3 | 0; - - for (; (i | 0) < 128; i = (i + 1) | 0) { - if (y0 >>> 31) { - z0 = z0 ^ x0, - z1 = z1 ^ x1, - z2 = z2 ^ x2, - z3 = z3 ^ x3; - } + const encryptedBlocks = await this._runCBC(toEncrypt); + xorMut$1(encryptedBlocks, plaintext); + this.prevBlock = encryptedBlocks.slice(-this.blockSize); - y0 = (y0 << 1) | (y1 >>> 31), - y1 = (y1 << 1) | (y2 >>> 31), - y2 = (y2 << 1) | (y3 >>> 31), - y3 = (y3 << 1); + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - c = x3 & 1; + return encryptedBlocks; + } - x3 = (x3 >>> 1) | (x2 << 31), - x2 = (x2 >>> 1) | (x1 << 31), - x1 = (x1 >>> 1) | (x0 << 31), - x0 = (x0 >>> 1); + this.i += added.length; + let encryptedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + const curBlock = this.nextBlock; + encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + this.prevBlock = encryptedBlock.slice(); + this.i = 0; - if (c) x0 = x0 ^ 0xe1000000; - } + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + encryptedBlock = new Uint8Array(); + } - I0 = z0, - I1 = z1, - I2 = z2, - I3 = z3; - } + return encryptedBlock; + } - /** - * Set the internal rounds number. - * @instance - * @memberof AES_asm - * @param {number} r - number if inner AES rounds - */ - function set_rounds(r) { - r = r | 0; - R = r; - } + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + this.nextBlock = this.nextBlock.subarray(0, this.i); + const curBlock = this.nextBlock; + const encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + result = encryptedBlock.subarray(0, curBlock.length); + } - /** - * Populate the internal state of the module. - * @instance - * @memberof AES_asm - * @param {number} s0 - state vector - * @param {number} s1 - state vector - * @param {number} s2 - state vector - * @param {number} s3 - state vector - */ - function set_state(s0, s1, s2, s3) { - s0 = s0 | 0; - s1 = s1 | 0; - s2 = s2 | 0; - s3 = s3 | 0; - - S0 = s0, - S1 = s1, - S2 = s2, - S3 = s3; - } + this.clearSensitiveData(); + return result; + } - /** - * Populate the internal iv of the module. - * @instance - * @memberof AES_asm - * @param {number} i0 - iv vector - * @param {number} i1 - iv vector - * @param {number} i2 - iv vector - * @param {number} i3 - iv vector - */ - function set_iv(i0, i1, i2, i3) { - i0 = i0 | 0; - i1 = i1 | 0; - i2 = i2 | 0; - i3 = i3 | 0; - - I0 = i0, - I1 = i1, - I2 = i2, - I3 = i3; - } + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.keyRef = null; + this.key = null; + } - /** - * Set nonce for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} n0 - nonce vector - * @param {number} n1 - nonce vector - * @param {number} n2 - nonce vector - * @param {number} n3 - nonce vector - */ - function set_nonce(n0, n1, n2, n3) { - n0 = n0 | 0; - n1 = n1 | 0; - n2 = n2 | 0; - n3 = n3 | 0; - - N0 = n0, - N1 = n1, - N2 = n2, - N3 = n3; - } + async encrypt(plaintext) { + // plaintext is internally padded to block length before encryption + const encryptedWithPadding = await this._runCBC( + util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]), + this.iv + ); + // drop encrypted padding + const ct = encryptedWithPadding.subarray(0, plaintext.length); + xorMut$1(ct, plaintext); + this.clearSensitiveData(); + return ct; + } +} - /** - * Set counter mask for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} m0 - counter mask vector - * @param {number} m1 - counter mask vector - * @param {number} m2 - counter mask vector - * @param {number} m3 - counter mask vector - */ - function set_mask(m0, m1, m2, m3) { - m0 = m0 | 0; - m1 = m1 | 0; - m2 = m2 | 0; - m3 = m3 | 0; - - M0 = m0, - M1 = m1, - M2 = m2, - M3 = m3; - } +class NobleStreamProcessor { + constructor(forEncryption, algo, key, iv) { + this.forEncryption = forEncryption; + const { blockSize } = getCipherParams(algo); + this.key = unsafe.expandKeyLE(key); - /** - * Set counter for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} c0 - counter vector - * @param {number} c1 - counter vector - * @param {number} c2 - counter vector - * @param {number} c3 - counter vector - */ - function set_counter(c0, c1, c2, c3) { - c0 = c0 | 0; - c1 = c1 | 0; - c2 = c2 | 0; - c3 = c3 | 0; - - N3 = (~M3 & N3) | M3 & c3, - N2 = (~M2 & N2) | M2 & c2, - N1 = (~M1 & N1) | M1 & c1, - N0 = (~M0 & N0) | M0 & c0; - } + if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers + this.prevBlock = getUint32Array(iv); + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + } - /** - * Store the internal state vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_state(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; + _runCFB(src) { + const src32 = getUint32Array(src); + const dst = new Uint8Array(src.length); + const dst32 = getUint32Array(dst); + for (let i = 0; i + 4 <= dst32.length; i += 4) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = unsafe.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4); + } + return dst; + } - return 16; - } + async processChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); - /** - * Store the internal iv vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_iv(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = I0 >>> 24, - DATA[pos | 1] = I0 >>> 16 & 255, - DATA[pos | 2] = I0 >>> 8 & 255, - DATA[pos | 3] = I0 & 255, - DATA[pos | 4] = I1 >>> 24, - DATA[pos | 5] = I1 >>> 16 & 255, - DATA[pos | 6] = I1 >>> 8 & 255, - DATA[pos | 7] = I1 & 255, - DATA[pos | 8] = I2 >>> 24, - DATA[pos | 9] = I2 >>> 16 & 255, - DATA[pos | 10] = I2 >>> 8 & 255, - DATA[pos | 11] = I2 & 255, - DATA[pos | 12] = I3 >>> 24, - DATA[pos | 13] = I3 >>> 16 & 255, - DATA[pos | 14] = I3 >>> 8 & 255, - DATA[pos | 15] = I3 & 255; + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const toProcess = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); - return 16; - } + const processedBlocks = this._runCFB(toProcess); - /** - * GCM initialization. - * @instance - * @memberof AES_asm - */ - function gcm_init() { - _ecb_enc(0, 0, 0, 0); - H0 = S0, - H1 = S1, - H2 = S2, - H3 = S3; - } + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - /** - * Perform ciphering operation on the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function cipher(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; + return processedBlocks; + } - var ret = 0; + this.i += added.length; - if (pos & 15) return -1; + let processedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + processedBlock = this._runCFB(this.nextBlock); + this.i = 0; - while ((len | 0) >= 16) { - _cipher_modes[mode & 7]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + processedBlock = new Uint8Array(); + } - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } + return processedBlock; + } - return ret | 0; - } + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + const processedBlock = this._runCFB(this.nextBlock); - /** - * Calculates MAC of the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function mac(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; + result = processedBlock.subarray(0, this.i); + } - var ret = 0; + this.clearSensitiveData(); + return result; + } - if (pos & 15) return -1; + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.key.fill(0); + } +} - while ((len | 0) >= 16) { - _mac_modes[mode & 1]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } +async function aesEncrypt(algo, key, pt, iv) { + if (webCrypto$9 && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys + const cfb = new WebCryptoEncryptor(algo, key, iv); + return util.isStream(pt) ? transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt); + } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream + const cfb = new NobleStreamProcessor(true, algo, key, iv); + return transform(pt, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).encrypt(pt); +} - return ret | 0; - } +async function aesDecrypt(algo, key, ct, iv) { + if (util.isStream(ct)) { + const cfb = new NobleStreamProcessor(false, algo, key, iv); + return transform(ct, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).decrypt(ct); +} - /** - * AES cipher modes table (virual methods) - */ - var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr]; +function xorMut$1(a, b) { + const aLength = Math.min(a.length, b.length); + for (let i = 0; i < aLength; i++) { + a[i] = a[i] ^ b[i]; + } +} - /** - * AES MAC modes table (virual methods) - */ - var _mac_modes = [_cbc_enc, _gcm_mac]; +const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); - /** - * Asm.js module exports - */ - return { - set_rounds: set_rounds, - set_state: set_state, - set_iv: set_iv, - set_nonce: set_nonce, - set_mask: set_mask, - set_counter: set_counter, - get_state: get_state, - get_iv: get_iv, - gcm_init: gcm_init, - cipher: cipher, - mac: mac, - }; - }(stdlib, foreign, buffer); +function nodeEncrypt$1(algo, key, pt, iv) { + const algoName = enums.read(enums.symmetric, algo); + const cipherObj = new nodeCrypto$8.createCipheriv(nodeAlgos[algoName], key, iv); + return transform(pt, value => new Uint8Array(cipherObj.update(value))); +} + +function nodeDecrypt$1(algo, key, ct, iv) { + const algoName = enums.read(enums.symmetric, algo); + const decipherObj = new nodeCrypto$8.createDecipheriv(nodeAlgos[algoName], key, iv); + return transform(ct, value => new Uint8Array(decipherObj.update(value))); +} - asm.set_key = set_key; +var cfb = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$5, + encrypt: encrypt$5 +}); - return asm; - }; +/** + * @fileoverview This module implements AES-CMAC on top of + * native AES-CBC using either the WebCrypto API or Node.js' crypto API. + * @module crypto/cmac + */ - /** - * AES enciphering mode constants - * @enum {number} - * @const - */ - wrapper.ENC = { - ECB: 0, - CBC: 2, - CFB: 4, - OFB: 6, - CTR: 7, - }, - /** - * AES deciphering mode constants - * @enum {number} - * @const - */ - wrapper.DEC = { - ECB: 1, - CBC: 3, - CFB: 5, - OFB: 6, - CTR: 7, - }, +const webCrypto$8 = util.getWebCrypto(); +const nodeCrypto$7 = util.getNodeCrypto(); - /** - * AES MAC mode constants - * @enum {number} - * @const - */ - wrapper.MAC = { - CBC: 0, - GCM: 1, - }; - /** - * Heap data offset - * @type {number} - * @const - */ - wrapper.HEAP_DATA = 0x4000; +/** + * This implementation of CMAC is based on the description of OMAC in + * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that + * document: + * + * We have made a small modification to the OMAC algorithm as it was + * originally presented, changing one of its two constants. + * Specifically, the constant 4 at line 85 was the constant 1/2 (the + * multiplicative inverse of 2) in the original definition of OMAC [14]. + * The OMAC authors indicate that they will promulgate this modification + * [15], which slightly simplifies implementations. + */ - return wrapper; -}(); +const blockLength$3 = 16; -function is_bytes(a) { - return a instanceof Uint8Array; -} -function _heap_init(heap, heapSize) { - const size = heap ? heap.byteLength : heapSize || 65536; - if (size & 0xfff || size <= 0) - throw new Error('heap size must be a positive integer and a multiple of 4096'); - heap = heap || new Uint8Array(new ArrayBuffer(size)); - return heap; -} -function _heap_write(heap, hpos, data, dpos, dlen) { - const hlen = heap.length - hpos; - const wlen = hlen < dlen ? hlen : dlen; - heap.set(data.subarray(dpos, dpos + wlen), hpos); - return wlen; -} -function joinBytes(...arg) { - const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0); - const ret = new Uint8Array(totalLenght); - let cursor = 0; - for (let i = 0; i < arg.length; i++) { - ret.set(arg[i], cursor); - cursor += arg[i].length; - } - return ret; -} -class IllegalStateError extends Error { - constructor(...args) { - super(...args); - } -} -class IllegalArgumentError extends Error { - constructor(...args) { - super(...args); - } -} -class SecurityError extends Error { - constructor(...args) { - super(...args); - } +/** + * xor `padding` into the end of `data`. This function implements "the + * operation xor→ [which] xors the shorter string into the end of longer + * one". Since data is always as least as long as padding, we can + * simplify the implementation. + * @param {Uint8Array} data + * @param {Uint8Array} padding + */ +function rightXORMut(data, padding) { + const offset = data.length - blockLength$3; + for (let i = 0; i < blockLength$3; i++) { + data[i + offset] ^= padding[i]; + } + return data; } -const heap_pool = []; -const asm_pool = []; -class AES { - constructor(key, iv, padding = true, mode, heap, asm) { - this.pos = 0; - this.len = 0; - this.mode = mode; - // The AES object state - this.pos = 0; - this.len = 0; - this.key = key; - this.iv = iv; - this.padding = padding; - // The AES "worker" - this.acquire_asm(heap, asm); - } - acquire_asm(heap, asm) { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA); - this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer); - this.reset(this.key, this.iv); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool.push(this.heap); - asm_pool.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - reset(key, iv) { - const { asm } = this.acquire_asm(); - // Key - const keylen = key.length; - if (keylen !== 16 && keylen !== 24 && keylen !== 32) - throw new IllegalArgumentError('illegal key size'); - const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength); - asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0); - // IV - if (iv !== undefined) { - if (iv.length !== 16) - throw new IllegalArgumentError('illegal iv size'); - let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); - asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12)); - } - else { - asm.set_iv(0, 0, 0, 0); - } - } - AES_Encrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - let result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.pos = pos; - this.len = len; - return result; - } - AES_Encrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let plen = 16 - (len % 16); - let rlen = len; - if (this.hasOwnProperty('padding')) { - if (this.padding) { - for (let p = 0; p < plen; ++p) { - heap[pos + len + p] = plen; - } - len += plen; - rlen = len; - } - else if (len % 16) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - } - else { - len += plen; - } - const result = new Uint8Array(rlen); - if (len) - asm.cipher(amode, hpos + pos, len); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - AES_Decrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let plen = 0; - let wlen = 0; - if (this.padding) { - plen = len + dlen - rlen || 16; - rlen -= plen; - } - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0)); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.pos = pos; - this.len = len; - return result; - } - AES_Decrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let rlen = len; - if (len > 0) { - if (len % 16) { - if (this.hasOwnProperty('padding')) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - else { - len += 16 - (len % 16); - } - } - asm.cipher(amode, hpos + pos, len); - if (this.hasOwnProperty('padding') && this.padding) { - let pad = heap[pos + rlen - 1]; - if (pad < 1 || pad > 16 || pad > rlen) - throw new SecurityError('bad padding'); - let pcheck = 0; - for (let i = pad; i > 1; i--) - pcheck |= pad ^ heap[pos + rlen - i]; - if (pcheck) - throw new SecurityError('bad padding'); - rlen -= pad; - } - } - const result = new Uint8Array(rlen); - if (rlen > 0) { - result.set(heap.subarray(pos, pos + rlen)); - } - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } +function pad(data, padding, padding2) { + // if |M| in {n, 2n, 3n, ...} + if (data.length && data.length % blockLength$3 === 0) { + // then return M xor→ B, + return rightXORMut(data, padding); + } + // else return (M || 10^(n−1−(|M| mod n))) xor→ P + const padded = new Uint8Array(data.length + (blockLength$3 - (data.length % blockLength$3))); + padded.set(data); + padded[data.length] = 0b10000000; + return rightXORMut(padded, padding2); } -class AES_ECB { - static encrypt(data, key, padding = false) { - return new AES_ECB(key, padding).encrypt(data); - } - static decrypt(data, key, padding = false) { - return new AES_ECB(key, padding).decrypt(data); - } - constructor(key, padding = false, aes) { - this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} +const zeroBlock$1 = new Uint8Array(blockLength$3); -/** - * Javascript AES implementation. - * This is used as fallback if the native Crypto APIs are not available. - */ -function aes(length) { - const C = function(key) { - const aesECB = new AES_ECB(key); +async function CMAC(key) { + const cbc = await CBC(key); - this.encrypt = function(block) { - return aesECB.encrypt(block); - }; + // L ← E_K(0^n); B ← 2L; P ← 4L + const padding = util.double(await cbc(zeroBlock$1)); + const padding2 = util.double(padding); - this.decrypt = function(block) { - return aesECB.decrypt(block); - }; + return async function(data) { + // return CBC_K(pad(M; B, P)) + return (await cbc(pad(data, padding, padding2))).subarray(-blockLength$3); }; - - C.blockSize = C.prototype.blockSize = 16; - C.keySize = C.prototype.keySize = length / 8; - - return C; } -//Paul Tero, July 2001 -//http://www.tero.co.uk/des/ -// -//Optimised for performance with large blocks by Michael Hayworth, November 2001 -//http://www.netdealing.com -// -// Modified by Recurity Labs GmbH - -//THIS SOFTWARE IS PROVIDED "AS IS" AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. - -//des -//this takes the key, the message, and whether to encrypt or decrypt - -function des(keys, message, encrypt, mode, iv, padding) { - //declaring this locally speeds things up a bit - const spfunction1 = [ - 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, - 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, - 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, - 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, - 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, - 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 - ]; - const spfunction2 = [ - -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, - 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - -0x7fef7fe0, 0x108000 - ]; - const spfunction3 = [ - 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, - 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, - 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, - 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, - 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, - 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 - ]; - const spfunction4 = [ - 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, - 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, - 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, - 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, - 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 - ]; - const spfunction5 = [ - 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, - 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, - 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, - 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, - 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, - 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, - 0x40080000, 0x2080100, 0x40000100 - ]; - const spfunction6 = [ - 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, - 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, - 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, - 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, - 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, - 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 - ]; - const spfunction7 = [ - 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, - 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, - 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, - 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, - 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, - 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 - ]; - const spfunction8 = [ - 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, - 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, - 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, - 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, - 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 - ]; - - //create the 16 or 48 subkeys we will need - let m = 0; - let i; - let j; - let temp; - let right1; - let right2; - let left; - let right; - let looping; - let cbcleft; - let cbcleft2; - let cbcright; - let cbcright2; - let endloop; - let loopinc; - let len = message.length; - - //set up the loops for single and triple des - const iterations = keys.length === 32 ? 3 : 9; //single or triple des - if (iterations === 3) { - looping = encrypt ? [0, 32, 2] : [30, -2, -2]; - } else { - looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; - } - - //pad the message depending on the padding parameter - //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt - if (encrypt) { - message = desAddPadding(message, padding); - len = message.length; - } - - //store the result here - let result = new Uint8Array(len); - let k = 0; - - if (mode === 1) { //CBC mode - cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - m = 0; +async function CBC(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt) { + const en = new nodeCrypto$7.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock$1); + const ct = en.update(pt); + return new Uint8Array(ct); + }; } - //loop through each 64 bit chunk of the message - while (m < len) { - left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - left ^= cbcleft; - right ^= cbcright; - } else { - cbcleft2 = cbcleft; - cbcright2 = cbcright; - cbcleft = left; - cbcright = right; - } - } - - //first each 64 but chunk of the message must be permuted according to IP - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - - left = ((left << 1) | (left >>> 31)); - right = ((right << 1) | (right >>> 31)); - - //do this either 1 or 3 times for each chunk of the message - for (j = 0; j < iterations; j += 3) { - endloop = looping[j + 1]; - loopinc = looping[j + 2]; - //now go through and perform the encryption or decryption - for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency - right1 = right ^ keys[i]; - right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; - //the result is attained by passing these bytes through the S selection functions - temp = left; - left = right; - right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> - 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & - 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); - } - temp = left; - left = right; - right = temp; //unreverse left and right - } //for either 1 or 3 iterations - - //move then each one bit to the right - left = ((left >>> 1) | (left << 31)); - right = ((right >>> 1) | (right << 31)); - - //now perform IP-1, which is IP in the opposite direction - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - cbcleft = left; - cbcright = right; - } else { - left ^= cbcleft2; - right ^= cbcright2; + if (util.getWebCrypto()) { + try { + key = await webCrypto$8.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); + return async function(pt) { + const ct = await webCrypto$8.encrypt({ name: 'AES-CBC', iv: zeroBlock$1, length: blockLength$3 * 8 }, key, pt); + return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength$3); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); } + } - result[k++] = (left >>> 24); - result[k++] = ((left >>> 16) & 0xff); - result[k++] = ((left >>> 8) & 0xff); - result[k++] = (left & 0xff); - result[k++] = (right >>> 24); - result[k++] = ((right >>> 16) & 0xff); - result[k++] = ((right >>> 8) & 0xff); - result[k++] = (right & 0xff); - } //for every 8 characters, or 64 bits in the message + return async function(pt) { + return cbc(key, zeroBlock$1, { disablePadding: true }).encrypt(pt); + }; +} - //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt - if (!encrypt) { - result = desRemovePadding(result, padding); - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return result; -} //end of des - - -//desCreateKeys -//this takes as input a 64 bit key (even though only 56 bits are used) -//as an array of 2 integers, and returns 16 48 bit keys - -function desCreateKeys(key) { - //declaring this locally speeds things up a bit - const pc2bytes0 = [ - 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, - 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 - ]; - const pc2bytes1 = [ - 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, - 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 - ]; - const pc2bytes2 = [ - 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, - 0x1000000, 0x1000008, 0x1000800, 0x1000808 - ]; - const pc2bytes3 = [ - 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, - 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 - ]; - const pc2bytes4 = [ - 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, - 0x41000, 0x1010, 0x41010 - ]; - const pc2bytes5 = [ - 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, - 0x2000000, 0x2000400, 0x2000020, 0x2000420 - ]; - const pc2bytes6 = [ - 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, - 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 - ]; - const pc2bytes7 = [ - 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, - 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 - ]; - const pc2bytes8 = [ - 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, - 0x2000002, 0x2040002, 0x2000002, 0x2040002 - ]; - const pc2bytes9 = [ - 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, - 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 - ]; - const pc2bytes10 = [ - 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, - 0x102000, 0x102020, 0x102000, 0x102020 - ]; - const pc2bytes11 = [ - 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, - 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 - ]; - const pc2bytes12 = [ - 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, - 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 - ]; - const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; - - //how many iterations (1 for des, 3 for triple des) - const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys - //stores the return keys - const keys = new Array(32 * iterations); - //now define the left shifts which need to be done - const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - //other variables - let lefttemp; - let righttemp; - let m = 0; - let n = 0; - let temp; - - for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations - let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 2) ^ right) & 0x33333333; - right ^= temp; - left ^= (temp << 2); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - - //the right side needs to be shifted and to get the last four bits of the left side - temp = (left << 8) | ((right >>> 20) & 0x000000f0); - //left needs to be put upside down - left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); - right = temp; - - //now go through and perform these shifts on the left and right keys - for (let i = 0; i < shifts.length; i++) { - //shift the keys either one or two bits to the left - if (shifts[i]) { - left = (left << 2) | (left >>> 26); - right = (right << 2) | (right >>> 26); - } else { - left = (left << 1) | (left >>> 27); - right = (right << 1) | (right >>> 27); - } - left &= -0xf; - right &= -0xf; - - //now apply PC-2, in such a way that E is easier when encrypting or decrypting - //this conversion will look like PC-2 except only the last 6 bits of each byte are used - //rather than 48 consecutive bits and the order of lines will be according to - //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 - lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( - left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & - 0xf]; - righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | - pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | - pc2bytes13[(right >>> 4) & 0xf]; - temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; - keys[n++] = lefttemp ^ temp; - keys[n++] = righttemp ^ (temp << 16); - } - } //for each iterations - //return the keys we've created - return keys; -} //end of desCreateKeys +const webCrypto$7 = util.getWebCrypto(); +const nodeCrypto$6 = util.getNodeCrypto(); +const Buffer$1 = util.getNodeBuffer(); -function desAddPadding(message, padding) { - const padLength = 8 - (message.length % 8); - let pad; - if (padding === 2 && (padLength < 8)) { //pad the message with spaces - pad = ' '.charCodeAt(0); - } else if (padding === 1) { //PKCS7 padding - pad = padLength; - } else if (!padding && (padLength < 8)) { //pad the message out with null bytes - pad = 0; - } else if (padLength === 8) { - return message; - } else { - throw new Error('des: invalid padding'); - } +const blockLength$2 = 16; +const ivLength$2 = blockLength$2; +const tagLength$2 = blockLength$2; - const paddedMessage = new Uint8Array(message.length + padLength); - for (let i = 0; i < message.length; i++) { - paddedMessage[i] = message[i]; - } - for (let j = 0; j < padLength; j++) { - paddedMessage[message.length + j] = pad; - } +const zero = new Uint8Array(blockLength$2); +const one$1 = new Uint8Array(blockLength$2); one$1[blockLength$2 - 1] = 1; +const two = new Uint8Array(blockLength$2); two[blockLength$2 - 1] = 2; - return paddedMessage; +async function OMAC(key) { + const cmac = await CMAC(key); + return function(t, message) { + return cmac(util.concatUint8Array([t, message])); + }; } -function desRemovePadding(message, padding) { - let padLength = null; - let pad; - if (padding === 2) { // space padded - pad = ' '.charCodeAt(0); - } else if (padding === 1) { // PKCS7 - padLength = message[message.length - 1]; - } else if (!padding) { // null padding - pad = 0; - } else { - throw new Error('des: invalid padding'); +async function CTR(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt, iv) { + const en = new nodeCrypto$6.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); + const ct = Buffer$1.concat([en.update(pt), en.final()]); + return new Uint8Array(ct); + }; } - if (!padLength) { - padLength = 1; - while (message[message.length - padLength] === pad) { - padLength++; + if (util.getWebCrypto()) { + try { + const keyRef = await webCrypto$7.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); + return async function(pt, iv) { + const ct = await webCrypto$7.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$2 * 8 }, keyRef, pt); + return new Uint8Array(ct); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); } - padLength--; } - return message.subarray(0, message.length - padLength); -} - -// added by Recurity Labs - -function TripleDES(key) { - this.key = []; - - for (let i = 0; i < 3; i++) { - this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); - } - - this.encrypt = function(block) { - return des( - desCreateKeys(this.key[2]), - des( - desCreateKeys(this.key[1]), - des( - desCreateKeys(this.key[0]), - block, true, 0, null, null - ), - false, 0, null, null - ), true, 0, null, null - ); + return async function(pt, iv) { + return ctr(key, iv).encrypt(pt); }; } -TripleDES.keySize = TripleDES.prototype.keySize = 24; -TripleDES.blockSize = TripleDES.prototype.blockSize = 8; -// This is "original" DES +/** + * Class to en/decrypt using EAX mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function EAX(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('EAX mode supports only AES cipher'); + } -function DES(key) { - this.key = key; + const [ + omac, + ctr + ] = await Promise.all([ + OMAC(key), + CTR(key) + ]); - this.encrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, true, 0, null, padding); - }; + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + const [ + omacNonce, + omacAdata + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata) + ]); + const ciphered = await ctr(plaintext, omacNonce); + const omacCiphered = await omac(two, ciphered); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + return util.concatUint8Array([ciphered, tag]); + }, - this.decrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, false, 0, null, padding); + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to verify + * @returns {Promise} The plaintext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$2) throw new Error('Invalid EAX ciphertext'); + const ciphered = ciphertext.subarray(0, -tagLength$2); + const ctTag = ciphertext.subarray(-tagLength$2); + const [ + omacNonce, + omacAdata, + omacCiphered + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata), + omac(two, ciphered) + ]); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); + const plaintext = await ctr(ciphered, omacNonce); + return plaintext; + } }; } -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. -// Copyright 2010 pjacobs@xeekr.com . All rights reserved. +/** + * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. + * @param {Uint8Array} iv - The initialization vector (16 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +EAX.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[8 + i] ^= chunkIndex[i]; + } + return nonce; +}; -// Modified by Recurity Labs GmbH +EAX.blockLength = blockLength$2; +EAX.ivLength = ivLength$2; +EAX.tagLength = tagLength$2; -// fixed/modified by Herbert Hanewinkel, www.haneWIN.de -// check www.haneWIN.de for the latest version +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. -// CAST-128 is a common OpenPGP cipher. +const blockLength$1 = 16; +const ivLength$1 = 15; -// CAST5 constructor +// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: +// While OCB [RFC7253] allows the authentication tag length to be of any +// number up to 128 bits long, this document requires a fixed +// authentication tag length of 128 bits (16 octets) for simplicity. +const tagLength$1 = 16; -function OpenPGPSymEncCAST5() { - this.BlockSize = 8; - this.KeySize = 16; - this.setKey = function(key) { - this.masking = new Array(16); - this.rotate = new Array(16); +function ntz(n) { + let ntz = 0; + for (let i = 1; (n & i) === 0; i <<= 1) { + ntz++; + } + return ntz; +} - this.reset(); +function xorMut(S, T) { + for (let i = 0; i < S.length; i++) { + S[i] ^= T[i]; + } + return S; +} - if (key.length === this.KeySize) { - this.keySchedule(key); - } else { - throw new Error('CAST-128: keys must be 16 bytes'); - } - return true; - }; +function xor(S, T) { + return xorMut(S.slice(), T); +} - this.reset = function() { - for (let i = 0; i < 16; i++) { - this.masking[i] = 0; - this.rotate[i] = 0; - } - }; +const zeroBlock = new Uint8Array(blockLength$1); +const one = new Uint8Array([1]); - this.getBlockSize = function() { - return this.BlockSize; - }; +/** + * Class to en/decrypt using OCB mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function OCB(cipher, key) { + const { keySize } = getCipherParams(cipher); + // sanity checks + if (!util.isAES(cipher) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - this.encrypt = function(src) { - const dst = new Array(src.length); - - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; - - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >>> 16) & 255; - dst[i + 6] = (l >>> 8) & 255; - dst[i + 7] = l & 255; - } + let maxNtz = 0; - return dst; - }; + // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls, + // hence its execution cannot be broken up. + // As a result, WebCrypto cannot currently be used for `encipher`. + const aes = cbc(key, zeroBlock, { disablePadding: true }); + const encipher = block => aes.encrypt(block); + const decipher = block => aes.decrypt(block); + let mask; - this.decrypt = function(src) { - const dst = new Array(src.length); - - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; - - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >> 16) & 255; - dst[i + 6] = (l >> 8) & 255; - dst[i + 7] = l & 255; - } + constructKeyVariables(); - return dst; - }; - const scheduleA = new Array(4); - - scheduleA[0] = new Array(4); - scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; - scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - - scheduleA[1] = new Array(4); - scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - - scheduleA[2] = new Array(4); - scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; - scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - - - scheduleA[3] = new Array(4); - scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - - const scheduleB = new Array(4); - - scheduleB[0] = new Array(4); - scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; - scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; - scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; - scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; - - scheduleB[1] = new Array(4); - scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; - scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; - scheduleB[1][2] = [7, 6, 8, 9, 3]; - scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; - - - scheduleB[2] = new Array(4); - scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; - scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; - scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; - scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; - - - scheduleB[3] = new Array(4); - scheduleB[3][0] = [8, 9, 7, 6, 3]; - scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; - scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; - scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; - - // changed 'in' to 'inn' (in javascript 'in' is a reserved word) - this.keySchedule = function(inn) { - const t = new Array(8); - const k = new Array(32); - - let j; - - for (let i = 0; i < 4; i++) { - j = i * 4; - t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; - } - - const x = [6, 7, 4, 5]; - let ki = 0; - let w; - - for (let half = 0; half < 2; half++) { - for (let round = 0; round < 4; round++) { - for (j = 0; j < 4; j++) { - const a = scheduleA[round][j]; - w = t[a[1]]; - - w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; - w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; - w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; - w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; - w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; - t[a[0]] = w; - } + function constructKeyVariables() { + const mask_x = encipher(zeroBlock); + const mask_$ = util.double(mask_x); + mask = []; + mask[0] = util.double(mask_$); - for (j = 0; j < 4; j++) { - const b = scheduleB[round][j]; - w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; - w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; - w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; - w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; - k[ki] = w; - ki++; - } - } - } + mask.x = mask_x; + mask.$ = mask_$; + } - for (let i = 0; i < 16; i++) { - this.masking[i] = k[i]; - this.rotate[i] = k[16 + i] & 0x1f; + function extendKeyVariables(text, adata) { + const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$1 | 0) - 1; + for (let i = maxNtz + 1; i <= newMaxNtz; i++) { + mask[i] = util.double(mask[i - 1]); } - }; - - // These are the three 'f' functions. See RFC 2144, section 2.2. - - function f1(d, m, r) { - const t = m + d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; - } - - function f2(d, m, r) { - const t = m ^ d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; - } - - function f3(d, m, r) { - const t = m - d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; - } - - const sBox = new Array(8); - sBox[0] = [ - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf - ]; - - sBox[1] = [ - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 - ]; - - sBox[2] = [ - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 - ]; - - sBox[3] = [ - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 - ]; - - sBox[4] = [ - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 - ]; - - sBox[5] = [ - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f - ]; - - sBox[6] = [ - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 - ]; - - sBox[7] = [ - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e - ]; -} - -function CAST5(key) { - this.cast5 = new OpenPGPSymEncCAST5(); - this.cast5.setKey(key); - - this.encrypt = function(block) { - return this.cast5.encrypt(block); - }; -} - -CAST5.blockSize = CAST5.prototype.blockSize = 8; -CAST5.keySize = CAST5.prototype.keySize = 16; - -/* eslint-disable no-mixed-operators, no-fallthrough */ + maxNtz = newMaxNtz; + } + function hash(adata) { + if (!adata.length) { + // Fast path + return zeroBlock; + } -/* Modified by Recurity Labs GmbH - * - * Cipher.js - * A block-cipher algorithm implementation on JavaScript - * See Cipher.readme.txt for further information. - * - * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] - * This script file is distributed under the LGPL - * - * ACKNOWLEDGMENT - * - * The main subroutines are written by Michiel van Everdingen. - * - * Michiel van Everdingen - * http://home.versatel.nl/MAvanEverdingen/index.html - * - * All rights for these routines are reserved to Michiel van Everdingen. - * - */ + // + // Consider A as a sequence of 128-bit blocks + // + const m = adata.length / blockLength$1 | 0; -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -//Math -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + const offset = new Uint8Array(blockLength$1); + const sum = new Uint8Array(blockLength$1); + for (let i = 0; i < m; i++) { + xorMut(offset, mask[ntz(i + 1)]); + xorMut(sum, encipher(xor(offset, adata))); + adata = adata.subarray(blockLength$1); + } -const MAXINT = 0xFFFFFFFF; + // + // Process any final partial block; compute final hash value + // + if (adata.length) { + xorMut(offset, mask.x); -function rotw(w, n) { - return (w << n | w >>> (32 - n)) & MAXINT; -} + const cipherInput = new Uint8Array(blockLength$1); + cipherInput.set(adata, 0); + cipherInput[adata.length] = 0b10000000; + xorMut(cipherInput, offset); -function getW(a, i) { - return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; -} + xorMut(sum, encipher(cipherInput)); + } -function setW(a, i, w) { - a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); -} + return sum; + } -function getB(x, n) { - return (x >>> (n * 8)) & 0xFF; -} + /** + * Encrypt/decrypt data. + * @param {encipher|decipher} fn - Encryption/decryption block cipher function + * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. + */ + function crypt(fn, text, nonce, adata) { + // + // Consider P as a sequence of 128-bit blocks + // + const m = text.length / blockLength$1 | 0; -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Twofish -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + // + // Key-dependent variables + // + extendKeyVariables(text, adata); -function createTwofish() { - // - let keyBytes = null; - let dataBytes = null; - let dataOffset = -1; - // var dataLength = -1; - // var idx2 = -1; - // + // + // Nonce-dependent and per-encryption variables + // + // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N + // Note: We assume here that tagLength mod 16 == 0. + const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength$1 - nonce.length), one, nonce]); + // bottom = str2num(Nonce[123..128]) + const bottom = paddedNonce[blockLength$1 - 1] & 0b111111; + // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) + paddedNonce[blockLength$1 - 1] &= 0b11000000; + const kTop = encipher(paddedNonce); + // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) + const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); + // Offset_0 = Stretch[1+bottom..128+bottom] + const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); + // Checksum_0 = zeros(128) + const checksum = new Uint8Array(blockLength$1); - let tfsKey = []; - let tfsM = [ - [], - [], - [], - [] - ]; + const ct = new Uint8Array(text.length + tagLength$1); - function tfsInit(key) { - keyBytes = key; + // + // Process any whole blocks + // let i; - let a; - let b; - let c; - let d; - const meKey = []; - const moKey = []; - const inKey = []; - let kLen; - const sKey = []; - let f01; - let f5b; - let fef; - - const q0 = [ - [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], - [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] - ]; - const q1 = [ - [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], - [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] - ]; - const q2 = [ - [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], - [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] - ]; - const q3 = [ - [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], - [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] - ]; - const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; - const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; - const q = [ - [], - [] - ]; - const m = [ - [], - [], - [], - [] - ]; - - function ffm5b(x) { - return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; - } - - function ffmEf(x) { - return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; - } + let pos = 0; + for (i = 0; i < m; i++) { + // Offset_i = Offset_{i-1} xor L_{ntz(i)} + xorMut(offset, mask[ntz(i + 1)]); + // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) + // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) + ct.set(xorMut(fn(xor(offset, text)), offset), pos); + // Checksum_i = Checksum_{i-1} xor P_i + xorMut(checksum, fn === encipher ? text : ct.subarray(pos)); - function mdsRem(p, q) { - let i; - let t; - let u; - for (i = 0; i < 8; i++) { - t = q >>> 24; - q = ((q << 8) & MAXINT) | p >>> 24; - p = (p << 8) & MAXINT; - u = t << 1; - if (t & 128) { - u ^= 333; - } - q ^= t ^ (u << 16); - u ^= t >>> 1; - if (t & 1) { - u ^= 166; - } - q ^= u << 24 | u << 8; - } - return q; - } - - function qp(n, x) { - const a = x >> 4; - const b = x & 15; - const c = q0[n][a ^ b]; - const d = q1[n][ror4[b] ^ ashx[a]]; - return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; - } - - function hFun(x, key) { - let a = getB(x, 0); - let b = getB(x, 1); - let c = getB(x, 2); - let d = getB(x, 3); - switch (kLen) { - case 4: - a = q[1][a] ^ getB(key[3], 0); - b = q[0][b] ^ getB(key[3], 1); - c = q[0][c] ^ getB(key[3], 2); - d = q[1][d] ^ getB(key[3], 3); - case 3: - a = q[1][a] ^ getB(key[2], 0); - b = q[1][b] ^ getB(key[2], 1); - c = q[0][c] ^ getB(key[2], 2); - d = q[0][d] ^ getB(key[2], 3); - case 2: - a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); - b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); - c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); - d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); - } - return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; - } - - keyBytes = keyBytes.slice(0, 32); - i = keyBytes.length; - while (i !== 16 && i !== 24 && i !== 32) { - keyBytes[i++] = 0; - } - - for (i = 0; i < keyBytes.length; i += 4) { - inKey[i >> 2] = getW(keyBytes, i); - } - for (i = 0; i < 256; i++) { - q[0][i] = qp(0, i); - q[1][i] = qp(1, i); - } - for (i = 0; i < 256; i++) { - f01 = q[1][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); - m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); - f01 = q[0][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); - m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); - } - - kLen = inKey.length / 2; - for (i = 0; i < kLen; i++) { - a = inKey[i + i]; - meKey[i] = a; - b = inKey[i + i + 1]; - moKey[i] = b; - sKey[kLen - i - 1] = mdsRem(a, b); - } - for (i = 0; i < 40; i += 2) { - a = 0x1010101 * i; - b = a + 0x1010101; - a = hFun(a, meKey); - b = rotw(hFun(b, moKey), 8); - tfsKey[i] = (a + b) & MAXINT; - tfsKey[i + 1] = rotw(a + 2 * b, 9); - } - for (i = 0; i < 256; i++) { - a = b = c = d = i; - switch (kLen) { - case 4: - a = q[1][a] ^ getB(sKey[3], 0); - b = q[0][b] ^ getB(sKey[3], 1); - c = q[0][c] ^ getB(sKey[3], 2); - d = q[1][d] ^ getB(sKey[3], 3); - case 3: - a = q[1][a] ^ getB(sKey[2], 0); - b = q[1][b] ^ getB(sKey[2], 1); - c = q[0][c] ^ getB(sKey[2], 2); - d = q[0][d] ^ getB(sKey[2], 3); - case 2: - tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; - tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; - tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; - tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; - } + text = text.subarray(blockLength$1); + pos += blockLength$1; } - } - - function tfsG0(x) { - return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; - } - function tfsG1(x) { - return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; - } - - function tfsFrnd(r, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); - blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); - blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; - } - - function tfsIrnd(i, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; - blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; - blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); - } - - function tfsClose() { - tfsKey = []; - tfsM = [ - [], - [], - [], - [] - ]; - } + // + // Process any final partial block and compute raw tag + // + if (text.length) { + // Offset_* = Offset_m xor L_* + xorMut(offset, mask.x); + // Pad = ENCIPHER(K, Offset_*) + const padding = encipher(offset); + // C_* = P_* xor Pad[1..bitlen(P_*)] + ct.set(xor(text, padding), pos); - function tfsEncrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], - getW(dataBytes, dataOffset + 4) ^ tfsKey[1], - getW(dataBytes, dataOffset + 8) ^ tfsKey[2], - getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; - for (let j = 0; j < 8; j++) { - tfsFrnd(j, blk); + // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) + const xorInput = new Uint8Array(blockLength$1); + xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); + xorInput[text.length] = 0b10000000; + xorMut(checksum, xorInput); + pos += text.length; } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); - dataOffset += 16; - return dataBytes; - } + // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) + const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata)); - function tfsDecrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], - getW(dataBytes, dataOffset + 4) ^ tfsKey[5], - getW(dataBytes, dataOffset + 8) ^ tfsKey[6], - getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; - for (let j = 7; j >= 0; j--) { - tfsIrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); - dataOffset += 16; + // + // Assemble ciphertext + // + // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] + ct.set(tag, pos); + return ct; } - // added by Recurity Labs - - function tfsFinal() { - return dataBytes; - } return { - name: 'twofish', - blocksize: 128 / 8, - open: tfsInit, - close: tfsClose, - encrypt: tfsEncrypt, - decrypt: tfsDecrypt, - // added by Recurity Labs - finalize: tfsFinal - }; -} + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + return crypt(encipher, plaintext, nonce, adata); + }, -// added by Recurity Labs + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); -function TF(key) { - this.tf = createTwofish(); - this.tf.open(Array.from(key), 0); + const tag = ciphertext.subarray(-tagLength$1); + ciphertext = ciphertext.subarray(0, -tagLength$1); - this.encrypt = function(block) { - return this.tf.encrypt(Array.from(block), 0); + const crypted = crypt(decipher, ciphertext, nonce, adata); + // if (Tag[1..TAGLEN] == T) + if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { + return crypted.subarray(0, -tagLength$1); + } + throw new Error('Authentication tag mismatch'); + } }; } -TF.keySize = TF.prototype.keySize = 32; -TF.blockSize = TF.prototype.blockSize = 16; - -/* Modified by Recurity Labs GmbH - * - * Originally written by nklein software (nklein.com) - */ - -/* - * Javascript implementation based on Bruce Schneier's reference implementation. - * - * - * The constructor doesn't do much of anything. It's just here - * so we can start defining properties and methods and such. - */ -function Blowfish() {} -/* - * Declare the block size so that protocols know what size - * Initialization Vector (IV) they will need. +/** + * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. + * @param {Uint8Array} iv - The initialization vector (15 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) */ -Blowfish.prototype.BLOCKSIZE = 8; - -/* - * These are the default SBOXES. - */ -Blowfish.prototype.SBOXES = [ - [ - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, - 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, - 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, - 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, - 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, - 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, - 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, - 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, - 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, - 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, - 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, - 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, - 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, - 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, - 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, - 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, - 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, - 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, - 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, - 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, - 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, - 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a - ], - [ - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 - ], - [ - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 - ], - [ - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 - ] -]; - -//* -//* This is the default PARRAY -//* -Blowfish.prototype.PARRAY = [ - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b -]; - -//* -//* This is the number of rounds the cipher will go -//* -Blowfish.prototype.NN = 16; - -//* -//* This function is needed to get rid of problems -//* with the high-bit getting set. If we don't do -//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not -//* equal to ( bb & 0x00FFFFFFFF ) even when they -//* agree bit-for-bit for the first 32 bits. -//* -Blowfish.prototype._clean = function(xx) { - if (xx < 0) { - const yy = xx & 0x7FFFFFFF; - xx = yy + 0x80000000; - } - return xx; -}; - -//* -//* This is the mixing function that uses the sboxes -//* -Blowfish.prototype._F = function(xx) { - let yy; - - const dd = xx & 0x00FF; - xx >>>= 8; - const cc = xx & 0x00FF; - xx >>>= 8; - const bb = xx & 0x00FF; - xx >>>= 8; - const aa = xx & 0x00FF; - - yy = this.sboxes[0][aa] + this.sboxes[1][bb]; - yy ^= this.sboxes[2][cc]; - yy += this.sboxes[3][dd]; - - return yy; +OCB.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[7 + i] ^= chunkIndex[i]; + } + return nonce; }; -//* -//* This method takes an array with two values, left and right -//* and does NN rounds of Blowfish on them. -//* -Blowfish.prototype._encryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; - - let ii; - - for (ii = 0; ii < this.NN; ++ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; - - const tmp = dataL; - dataL = dataR; - dataR = tmp; - } +OCB.blockLength = blockLength$1; +OCB.ivLength = ivLength$1; +OCB.tagLength = tagLength$1; - dataL ^= this.parray[this.NN + 0]; - dataR ^= this.parray[this.NN + 1]; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; -//* -//* This method takes a vector of numbers and turns them -//* into long words so that they can be processed by the -//* real algorithm. -//* -//* Maybe I should make the real algorithm above take a vector -//* instead. That will involve more looping, but it won't require -//* the F() method to deconstruct the vector. -//* -Blowfish.prototype.encryptBlock = function(vector) { - let ii; - const vals = [0, 0]; - const off = this.BLOCKSIZE / 2; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); - vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); - } - - this._encryptBlock(vals); - - const ret = []; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); - ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); - // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); - // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); - } - - return ret; -}; +const webCrypto$6 = util.getWebCrypto(); +const nodeCrypto$5 = util.getNodeCrypto(); +const Buffer = util.getNodeBuffer(); -//* -//* This method takes an array with two values, left and right -//* and undoes NN rounds of Blowfish on them. -//* -Blowfish.prototype._decryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; +const blockLength = 16; +const ivLength = 12; // size of the IV in bytes +const tagLength = 16; // size of the tag in bytes +const ALGO = 'AES-GCM'; - let ii; +/** + * Class to en/decrypt using GCM mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function GCM(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('GCM mode supports only AES cipher'); + } - for (ii = this.NN + 1; ii > 1; --ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; + if (util.getNodeCrypto()) { // Node crypto library + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + const en = new nodeCrypto$5.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + en.setAAD(adata); + const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext + return new Uint8Array(ct); + }, - const tmp = dataL; - dataL = dataR; - dataR = tmp; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + const de = new nodeCrypto$5.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + de.setAAD(adata); + de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext + const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]); + return new Uint8Array(pt); + } + }; } - dataL ^= this.parray[1]; - dataR ^= this.parray[0]; - - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; + if (util.getWebCrypto()) { + try { + const _key = await webCrypto$6.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); + // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages + const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/) || + navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/); + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && !pt.length) { + return gcm(key, iv, adata).encrypt(pt); + } + const ct = await webCrypto$6.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt); + return new Uint8Array(ct); + }, -//* -//* This method takes a key array and initializes the -//* sboxes and parray for this encryption. -//* -Blowfish.prototype.init = function(key) { - let ii; - let jj = 0; - - this.parray = []; - for (ii = 0; ii < this.NN + 2; ++ii) { - let data = 0x00000000; - for (let kk = 0; kk < 4; ++kk) { - data = (data << 8) | (key[jj] & 0x00FF); - if (++jj >= key.length) { - jj = 0; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) { + return gcm(key, iv, adata).decrypt(ct); + } + try { + const pt = await webCrypto$6.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct); + return new Uint8Array(pt); + } catch (e) { + if (e.name === 'OperationError') { + throw new Error('Authentication tag mismatch'); + } + } + } + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); } - this.parray[ii] = this.PARRAY[ii] ^ data; } - this.sboxes = []; - for (ii = 0; ii < 4; ++ii) { - this.sboxes[ii] = []; - for (jj = 0; jj < 256; ++jj) { - this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + return { + encrypt: async function(pt, iv, adata) { + return gcm(key, iv, adata).encrypt(pt); + }, + + decrypt: async function(ct, iv, adata) { + return gcm(key, iv, adata).decrypt(ct); } - } + }; +} - const vals = [0x00000000, 0x00000000]; - for (ii = 0; ii < this.NN + 2; ii += 2) { - this._encryptBlock(vals); - this.parray[ii + 0] = vals[0]; - this.parray[ii + 1] = vals[1]; - } - - for (ii = 0; ii < 4; ++ii) { - for (jj = 0; jj < 256; jj += 2) { - this._encryptBlock(vals); - this.sboxes[ii][jj + 0] = vals[0]; - this.sboxes[ii][jj + 1] = vals[1]; - } +/** + * Get GCM nonce. Note: this operation is not defined by the standard. + * A future version of the standard may define GCM mode differently, + * hopefully under a different ID (we use Private/Experimental algorithm + * ID 100) so that we can maintain backwards compatibility. + * @param {Uint8Array} iv - The initialization vector (12 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +GCM.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[4 + i] ^= chunkIndex[i]; } + return nonce; }; -// added by Recurity Labs -function BF(key) { - this.bf = new Blowfish(); - this.bf.init(key); - - this.encrypt = function(block) { - return this.bf.encryptBlock(block); - }; -} - -BF.keySize = BF.prototype.keySize = 16; -BF.blockSize = BF.prototype.blockSize = 8; +GCM.blockLength = blockLength; +GCM.ivLength = ivLength; +GCM.tagLength = tagLength; /** - * @fileoverview Symmetric cryptography functions - * @module crypto/cipher - * @private + * @fileoverview Cipher modes + * @module crypto/mode */ + +var mode = { + /** @see module:crypto/mode/cfb */ + cfb: cfb, + /** @see module:crypto/mode/gcm */ + gcm: GCM, + experimentalGCM: GCM, + /** @see module:crypto/mode/eax */ + eax: EAX, + /** @see module:crypto/mode/ocb */ + ocb: OCB +}; + +// Operations are not constant time, but we try and limit timing leakage where we can +const _0n$1 = BigInt(0); +const _1n$4 = BigInt(1); +function uint8ArrayToBigInt(bytes) { + const hexAlphabet = '0123456789ABCDEF'; + let s = ''; + bytes.forEach(v => { + s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; + }); + return BigInt('0x0' + s); +} +function mod$1(a, m) { + const reduced = a % m; + return reduced < _0n$1 ? reduced + m : reduced; +} /** - * AES-128 encryption and decryption (ID 7) - * @function - * @param {String} key - 128-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes128 = aes(128); + * Compute modular exponentiation using square and multiply + * @param {BigInt} a - Base + * @param {BigInt} e - Exponent + * @param {BigInt} n - Modulo + * @returns {BigInt} b ** e mod n. + */ +function modExp(b, e, n) { + if (n === _0n$1) + throw Error('Modulo cannot be zero'); + if (n === _1n$4) + return BigInt(0); + if (e < _0n$1) + throw Error('Unsopported negative exponent'); + let exp = e; + let x = b; + x %= n; + let r = BigInt(1); + while (exp > _0n$1) { + const lsb = exp & _1n$4; + exp >>= _1n$4; // e / 2 + // Always compute multiplication step, to reduce timing leakage + const rx = (r * x) % n; + // Update r only if lsb is 1 (odd exponent) + r = lsb ? rx : r; + x = (x * x) % n; // Square + } + return r; +} +function abs(x) { + return x >= _0n$1 ? x : -x; +} /** - * AES-128 Block Cipher (ID 8) - * @function - * @param {String} key - 192-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes192 = aes(192); + * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) + * Given a and b, compute (x, y) such that ax + by = gdc(a, b). + * Negative numbers are also supported. + * @param {BigInt} a - First operand + * @param {BigInt} b - Second operand + * @returns {{ gcd, x, y: bigint }} + */ +function _egcd(aInput, bInput) { + let x = BigInt(0); + let y = BigInt(1); + let xPrev = BigInt(1); + let yPrev = BigInt(0); + // Deal with negative numbers: run algo over absolute values, + // and "move" the sign to the returned x and/or y. + // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers + let a = abs(aInput); + let b = abs(bInput); + const aNegated = aInput < _0n$1; + const bNegated = bInput < _0n$1; + while (b !== _0n$1) { + const q = a / b; + let tmp = x; + x = xPrev - q * x; + xPrev = tmp; + tmp = y; + y = yPrev - q * y; + yPrev = tmp; + tmp = b; + b = a % b; + a = tmp; + } + return { + x: aNegated ? -xPrev : xPrev, + y: bNegated ? -yPrev : yPrev, + gcd: a + }; +} /** - * AES-128 Block Cipher (ID 9) - * @function - * @param {String} key - 256-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} + * Compute the inverse of `a` modulo `n` + * Note: `a` and and `n` must be relatively prime + * @param {BigInt} a + * @param {BigInt} n - Modulo + * @returns {BigInt} x such that a*x = 1 mod n + * @throws {Error} if the inverse does not exist */ -const aes256 = aes(256); -// Not in OpenPGP specifications -const des$1 = DES; +function modInv(a, n) { + const { gcd, x } = _egcd(a, n); + if (gcd !== _1n$4) { + throw new Error('Inverse does not exist'); + } + return mod$1(x + n, n); +} /** - * Triple DES Block Cipher (ID 2) - * @function - * @param {String} key - 192-bit key - * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67} - * @returns {Object} + * Compute greatest common divisor between this and n + * @param {BigInt} aInput - Operand + * @param {BigInt} bInput - Operand + * @returns {BigInt} gcd */ -const tripledes = TripleDES; +function gcd(aInput, bInput) { + let a = aInput; + let b = bInput; + while (b !== _0n$1) { + const tmp = b; + b = a % b; + a = tmp; + } + return a; +} /** - * CAST-128 Block Cipher (ID 3) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm} - * @returns {Object} + * Get this value as an exact Number (max 53 bits) + * Fails if this value is too large + * @returns {Number} */ -const cast5 = CAST5; +function bigIntToNumber(x) { + const number = Number(x); + if (number > Number.MAX_SAFE_INTEGER) { + // We throw and error to conform with the bn.js implementation + throw new Error('Number can only safely store up to 53 bits'); + } + return number; +} /** - * Twofish Block Cipher (ID 10) - * @function - * @param {String} key - 256-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH} - * @returns {Object} + * Get value of i-th bit + * @param {BigInt} x + * @param {Number} i - Bit index + * @returns {Number} Bit value. */ -const twofish = TF; +function getBit(x, i) { + const bit = (x >> BigInt(i)) & _1n$4; + return bit === _0n$1 ? 0 : 1; +} /** - * Blowfish Block Cipher (ID 4) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH} - * @returns {Object} + * Compute bit length */ -const blowfish = BF; +function bitLength(x) { + // -1n >> -1n is -1n + // 1n >> 1n is 0n + const target = x < _0n$1 ? BigInt(-1) : _0n$1; + let bitlen = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _1n$4) !== target) { + bitlen++; + } + return bitlen; +} /** - * Not implemented - * @function - * @throws {Error} + * Compute byte length */ -const idea = function() { - throw new Error('IDEA symmetric-key algorithm not implemented'); -}; - -var cipher = /*#__PURE__*/Object.freeze({ - __proto__: null, - aes128: aes128, - aes192: aes192, - aes256: aes256, - des: des$1, - tripledes: tripledes, - cast5: cast5, - twofish: twofish, - blowfish: blowfish, - idea: idea -}); - -var sha1_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0, - w16 = 0, w17 = 0, w18 = 0, w19 = 0, - w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0, - w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0, - w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0, - w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0, - w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0, - w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - - // 0 - t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 1 - t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 2 - t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 3 - t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 4 - t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 5 - t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 6 - t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 7 - t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 8 - t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 9 - t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 10 - t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 11 - t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 12 - t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 13 - t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 14 - t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 15 - t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 16 - n = w13 ^ w8 ^ w2 ^ w0; - w16 = (n << 1) | (n >>> 31); - t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 17 - n = w14 ^ w9 ^ w3 ^ w1; - w17 = (n << 1) | (n >>> 31); - t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 18 - n = w15 ^ w10 ^ w4 ^ w2; - w18 = (n << 1) | (n >>> 31); - t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 19 - n = w16 ^ w11 ^ w5 ^ w3; - w19 = (n << 1) | (n >>> 31); - t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 20 - n = w17 ^ w12 ^ w6 ^ w4; - w20 = (n << 1) | (n >>> 31); - t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 21 - n = w18 ^ w13 ^ w7 ^ w5; - w21 = (n << 1) | (n >>> 31); - t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 22 - n = w19 ^ w14 ^ w8 ^ w6; - w22 = (n << 1) | (n >>> 31); - t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 23 - n = w20 ^ w15 ^ w9 ^ w7; - w23 = (n << 1) | (n >>> 31); - t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 24 - n = w21 ^ w16 ^ w10 ^ w8; - w24 = (n << 1) | (n >>> 31); - t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 25 - n = w22 ^ w17 ^ w11 ^ w9; - w25 = (n << 1) | (n >>> 31); - t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 26 - n = w23 ^ w18 ^ w12 ^ w10; - w26 = (n << 1) | (n >>> 31); - t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 27 - n = w24 ^ w19 ^ w13 ^ w11; - w27 = (n << 1) | (n >>> 31); - t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 28 - n = w25 ^ w20 ^ w14 ^ w12; - w28 = (n << 1) | (n >>> 31); - t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 29 - n = w26 ^ w21 ^ w15 ^ w13; - w29 = (n << 1) | (n >>> 31); - t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 30 - n = w27 ^ w22 ^ w16 ^ w14; - w30 = (n << 1) | (n >>> 31); - t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 31 - n = w28 ^ w23 ^ w17 ^ w15; - w31 = (n << 1) | (n >>> 31); - t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 32 - n = w29 ^ w24 ^ w18 ^ w16; - w32 = (n << 1) | (n >>> 31); - t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 33 - n = w30 ^ w25 ^ w19 ^ w17; - w33 = (n << 1) | (n >>> 31); - t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 34 - n = w31 ^ w26 ^ w20 ^ w18; - w34 = (n << 1) | (n >>> 31); - t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 35 - n = w32 ^ w27 ^ w21 ^ w19; - w35 = (n << 1) | (n >>> 31); - t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 36 - n = w33 ^ w28 ^ w22 ^ w20; - w36 = (n << 1) | (n >>> 31); - t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 37 - n = w34 ^ w29 ^ w23 ^ w21; - w37 = (n << 1) | (n >>> 31); - t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 38 - n = w35 ^ w30 ^ w24 ^ w22; - w38 = (n << 1) | (n >>> 31); - t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 39 - n = w36 ^ w31 ^ w25 ^ w23; - w39 = (n << 1) | (n >>> 31); - t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 40 - n = w37 ^ w32 ^ w26 ^ w24; - w40 = (n << 1) | (n >>> 31); - t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 41 - n = w38 ^ w33 ^ w27 ^ w25; - w41 = (n << 1) | (n >>> 31); - t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 42 - n = w39 ^ w34 ^ w28 ^ w26; - w42 = (n << 1) | (n >>> 31); - t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 43 - n = w40 ^ w35 ^ w29 ^ w27; - w43 = (n << 1) | (n >>> 31); - t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 44 - n = w41 ^ w36 ^ w30 ^ w28; - w44 = (n << 1) | (n >>> 31); - t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 45 - n = w42 ^ w37 ^ w31 ^ w29; - w45 = (n << 1) | (n >>> 31); - t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 46 - n = w43 ^ w38 ^ w32 ^ w30; - w46 = (n << 1) | (n >>> 31); - t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 47 - n = w44 ^ w39 ^ w33 ^ w31; - w47 = (n << 1) | (n >>> 31); - t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 48 - n = w45 ^ w40 ^ w34 ^ w32; - w48 = (n << 1) | (n >>> 31); - t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 49 - n = w46 ^ w41 ^ w35 ^ w33; - w49 = (n << 1) | (n >>> 31); - t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 50 - n = w47 ^ w42 ^ w36 ^ w34; - w50 = (n << 1) | (n >>> 31); - t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 51 - n = w48 ^ w43 ^ w37 ^ w35; - w51 = (n << 1) | (n >>> 31); - t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 52 - n = w49 ^ w44 ^ w38 ^ w36; - w52 = (n << 1) | (n >>> 31); - t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 53 - n = w50 ^ w45 ^ w39 ^ w37; - w53 = (n << 1) | (n >>> 31); - t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 54 - n = w51 ^ w46 ^ w40 ^ w38; - w54 = (n << 1) | (n >>> 31); - t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 55 - n = w52 ^ w47 ^ w41 ^ w39; - w55 = (n << 1) | (n >>> 31); - t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 56 - n = w53 ^ w48 ^ w42 ^ w40; - w56 = (n << 1) | (n >>> 31); - t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 57 - n = w54 ^ w49 ^ w43 ^ w41; - w57 = (n << 1) | (n >>> 31); - t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 58 - n = w55 ^ w50 ^ w44 ^ w42; - w58 = (n << 1) | (n >>> 31); - t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 59 - n = w56 ^ w51 ^ w45 ^ w43; - w59 = (n << 1) | (n >>> 31); - t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 60 - n = w57 ^ w52 ^ w46 ^ w44; - w60 = (n << 1) | (n >>> 31); - t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 61 - n = w58 ^ w53 ^ w47 ^ w45; - w61 = (n << 1) | (n >>> 31); - t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 62 - n = w59 ^ w54 ^ w48 ^ w46; - w62 = (n << 1) | (n >>> 31); - t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 63 - n = w60 ^ w55 ^ w49 ^ w47; - w63 = (n << 1) | (n >>> 31); - t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 64 - n = w61 ^ w56 ^ w50 ^ w48; - w64 = (n << 1) | (n >>> 31); - t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 65 - n = w62 ^ w57 ^ w51 ^ w49; - w65 = (n << 1) | (n >>> 31); - t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 66 - n = w63 ^ w58 ^ w52 ^ w50; - w66 = (n << 1) | (n >>> 31); - t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 67 - n = w64 ^ w59 ^ w53 ^ w51; - w67 = (n << 1) | (n >>> 31); - t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 68 - n = w65 ^ w60 ^ w54 ^ w52; - w68 = (n << 1) | (n >>> 31); - t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 69 - n = w66 ^ w61 ^ w55 ^ w53; - w69 = (n << 1) | (n >>> 31); - t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 70 - n = w67 ^ w62 ^ w56 ^ w54; - w70 = (n << 1) | (n >>> 31); - t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 71 - n = w68 ^ w63 ^ w57 ^ w55; - w71 = (n << 1) | (n >>> 31); - t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 72 - n = w69 ^ w64 ^ w58 ^ w56; - w72 = (n << 1) | (n >>> 31); - t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 73 - n = w70 ^ w65 ^ w59 ^ w57; - w73 = (n << 1) | (n >>> 31); - t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 74 - n = w71 ^ w66 ^ w60 ^ w58; - w74 = (n << 1) | (n >>> 31); - t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 75 - n = w72 ^ w67 ^ w61 ^ w59; - w75 = (n << 1) | (n >>> 31); - t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 76 - n = w73 ^ w68 ^ w62 ^ w60; - w76 = (n << 1) | (n >>> 31); - t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 77 - n = w74 ^ w69 ^ w63 ^ w61; - w77 = (n << 1) | (n >>> 31); - t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 78 - n = w75 ^ w70 ^ w64 ^ w62; - w78 = (n << 1) | (n >>> 31); - t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 79 - n = w76 ^ w71 ^ w65 ^ w63; - w79 = (n << 1) | (n >>> 31); - t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); +function byteLength(x) { + const target = x < _0n$1 ? BigInt(-1) : _0n$1; + const _8n = BigInt(8); + let len = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _8n) !== target) { + len++; } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - } - - function reset () { - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; + return len; +} +/** + * Get Uint8Array representation of this number + * @param {String} endian - Endianess of output array (defaults to 'be') + * @param {Number} length - Of output array + * @returns {Uint8Array} + */ +function bigIntToUint8Array(x, endian = 'be', length) { + // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) + // this is faster than shift+mod iterations + let hex = x.toString(16); + if (hex.length % 2 === 1) { + hex = '0' + hex; } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - - TOTAL0 = 64; - TOTAL1 = 0; + const rawLength = hex.length / 2; + const bytes = new Uint8Array(length || rawLength); + // parse hex + const offset = length ? length - rawLength : 0; + let i = 0; + while (i < rawLength) { + bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); + i++; } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; + if (endian !== 'be') { + bytes.reverse(); } + return bytes; +} - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if ( offset & 63 ) - return -1; - if ( ~output ) - if ( output & 31 ) - return -1; +const nodeCrypto$4 = util.getNodeCrypto(); - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; +/** + * Retrieve secure random byte array of the specified length + * @param {Integer} length - Length in bytes to generate + * @returns {Uint8Array} Random byte array. + */ +function getRandomBytes(length) { + const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto$4?.webcrypto; + if (webcrypto?.getRandomValues) { + const buf = new Uint8Array(length); + return webcrypto.getRandomValues(buf); + } else { + throw new Error('No secure random number generator available.'); + } +} - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4; - count = (count-1)|0; +/** + * Create a secure random BigInt that is greater than or equal to min and less than max. + * @param {bigint} min - Lower bound, included + * @param {bigint} max - Upper bound, excluded + * @returns {bigint} Random BigInt. + * @async + */ +function getRandomBigInteger(min, max) { + if (max < min) { + throw new Error('Illegal parameter value: max <= min'); + } - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + const modulus = max - min; + const bytes = byteLength(modulus); - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + // Using a while loop is necessary to avoid bias introduced by the mod operation. + // However, we request 64 extra random bits so that the bias is negligible. + // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8)); + return mod$1(r, modulus) + min; +} - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; +var random = /*#__PURE__*/Object.freeze({ + __proto__: null, + getRandomBigInteger: getRandomBigInteger, + getRandomBytes: getRandomBytes +}); - count = (count-1)|0; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +/** + * @fileoverview Algorithms for probabilistic random prime generation + * @module crypto/public_key/prime + */ +const _1n$3 = BigInt(1); +/** + * Generate a probably prime random number + * @param bits - Bit length of the prime + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function randomProbablePrime(bits, e, k) { + const _30n = BigInt(30); + const min = _1n$3 << BigInt(bits - 1); + /* + * We can avoid any multiples of 3 and 5 by looking at n mod 30 + * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 + * the next possible prime is mod 30: + * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 + */ + const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; + let n = getRandomBigInteger(min, min << _1n$3); + let i = bigIntToNumber(mod$1(n, _30n)); + do { + n += BigInt(adds[i]); + i = (i + adds[i]) % adds.length; + // If reached the maximum, go back to the minimum. + if (bitLength(n) > bits) { + n = mod$1(n, min << _1n$3); + n += min; + i = bigIntToNumber(mod$1(n, _30n)); } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA1 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA1 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA1 - pbkdf2_generate_block: pbkdf2_generate_block + } while (!isProbablePrime(n, e, k)); + return n; +} +/** + * Probabilistic primality testing + * @param n - Number to test + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function isProbablePrime(n, e, k) { + if (e && gcd(n - _1n$3, e) !== _1n$3) { + return false; } -}; - -class Hash { - constructor() { - this.pos = 0; - this.len = 0; - } - reset() { - const { asm } = this.acquire_asm(); - this.result = null; - this.pos = 0; - this.len = 0; - asm.reset(); - return this; + if (!divisionTest(n)) { + return false; } - process(data) { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - let hpos = this.pos; - let hlen = this.len; - let dpos = 0; - let dlen = data.length; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen); - hlen += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.process(hpos, hlen); - hpos += wlen; - hlen -= wlen; - if (!hlen) - hpos = 0; - } - this.pos = hpos; - this.len = hlen; - return this; + if (!fermat(n)) { + return false; } - finish() { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - asm.finish(this.pos, this.len, 0); - this.result = new Uint8Array(this.HASH_SIZE); - this.result.set(heap.subarray(0, this.HASH_SIZE)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return this; + if (!millerRabin(n, k)) { + return false; } + // TODO implement the Lucas test + // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + return true; } - -const _sha1_block_size = 64; -const _sha1_hash_size = 20; -const heap_pool$1 = []; -const asm_pool$1 = []; -class Sha1 extends Hash { - constructor() { - super(); - this.NAME = 'sha1'; - this.BLOCK_SIZE = _sha1_block_size; - this.HASH_SIZE = _sha1_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$1.pop() || _heap_init(); - this.asm = asm_pool$1.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; +/** + * Tests whether n is probably prime or not using Fermat's test with b = 2. + * Fails if b^(n-1) mod n != 1. + * @param n - Number to test + * @param b - Optional Fermat test base + */ +function fermat(n, b = BigInt(2)) { + return modExp(b, n - _1n$3, n) === _1n$3; +} +function divisionTest(n) { + const _0n = BigInt(0); + return smallPrimes.every(m => mod$1(n, m) !== _0n); +} +// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c +const smallPrimes = [ + 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +].map(n => BigInt(n)); +// Miller-Rabin - Miller Rabin algorithm for primality test +// Copyright Fedor Indutny, 2014. +// +// This software is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. +// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin +// Sample syntax for Fixed-Base Miller-Rabin: +// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) +/** + * Tests whether n is probably prime or not using the Miller-Rabin test. + * See HAC Remark 4.28. + * @param n - Number to test + * @param k - Optional number of iterations of Miller-Rabin test + * @param rand - Optional function to generate potential witnesses + * @returns {boolean} + * @async + */ +function millerRabin(n, k, rand) { + const len = bitLength(n); + if (!k) { + k = Math.max(1, (len / 48) | 0); } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$1.push(this.heap); - asm_pool$1.push(this.asm); + const n1 = n - _1n$3; // n - 1 + // Find d and s, (n - 1) = (2 ^ s) * d; + let s = 0; + while (!getBit(n1, s)) { + s++; + } + const d = n >> BigInt(s); + for (; k > 0; k--) { + const a = getRandomBigInteger(BigInt(2), n1); + let x = modExp(a, d, n); + if (x === _1n$3 || x === n1) { + continue; + } + let i; + for (i = 1; i < s; i++) { + x = mod$1(x * x, n); + if (x === _1n$3) { + return false; + } + if (x === n1) { + break; + } + } + if (i === s) { + return false; } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha1().process(data).finish().result; - } -} -Sha1.NAME = 'sha1'; -Sha1.heap_pool = []; -Sha1.asm_pool = []; -Sha1.asm_function = sha1_asm; - -var sha256_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - f = H5; - g = H6; - h = H7; - - // 0 - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 1 - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 2 - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 3 - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 4 - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 5 - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 6 - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 7 - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 8 - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 9 - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 10 - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 11 - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 12 - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 13 - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 14 - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 15 - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 16 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 17 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 18 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 19 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 20 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 21 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 22 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 23 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 24 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 25 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 26 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 27 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 28 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 29 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 30 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 31 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 32 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 33 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 34 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 35 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 36 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 37 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 38 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 39 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 40 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 41 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 42 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 43 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 44 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 45 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 46 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 47 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 48 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 49 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 50 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 51 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 52 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 53 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 54 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 55 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 56 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 57 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 58 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 59 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 60 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 61 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 62 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 63 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - H5 = ( H5 + f )|0; - H6 = ( H6 + g )|0; - H7 = ( H7 + h )|0; - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); } + return true; +} - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - HEAP[output|20] = H5>>>24; - HEAP[output|21] = H5>>>16&255; - HEAP[output|22] = H5>>>8&255; - HEAP[output|23] = H5&255; - HEAP[output|24] = H6>>>24; - HEAP[output|25] = H6>>>16&255; - HEAP[output|26] = H6>>>8&255; - HEAP[output|27] = H6&255; - HEAP[output|28] = H7>>>24; - HEAP[output|29] = H7>>>16&255; - HEAP[output|30] = H7>>>8&255; - HEAP[output|31] = H7&255; - } - - function reset () { - H0 = 0x6a09e667; - H1 = 0xbb67ae85; - H2 = 0x3c6ef372; - H3 = 0xa54ff53a; - H4 = 0x510e527f; - H5 = 0x9b05688c; - H6 = 0x1f83d9ab; - H7 = 0x5be0cd19; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - h5 = h5|0; - h6 = h6|0; - h7 = h7|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - H5 = I5; - H6 = I6; - H7 = I7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - H5 = O5; - H6 = O6; - H7 = O7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - O5 = H5; - O6 = H6; - O7 = H7; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - I5 = H5; - I6 = H6; - I7 = H7; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - h5 = h5 ^ H5; - h6 = h6 ^ H6; - h7 = h7 ^ H7; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA256 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA256 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA256 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; - -const _sha256_block_size = 64; -const _sha256_hash_size = 32; -const heap_pool$2 = []; -const asm_pool$2 = []; -class Sha256 extends Hash { - constructor() { - super(); - this.NAME = 'sha256'; - this.BLOCK_SIZE = _sha256_block_size; - this.HASH_SIZE = _sha256_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$2.pop() || _heap_init(); - this.asm = asm_pool$2.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$2.push(this.heap); - asm_pool$2.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha256().process(data).finish().result; - } -} -Sha256.NAME = 'sha256'; - -var minimalisticAssert = assert; - -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} - -assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); -}; - -var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -function createCommonjsModule(fn, module) { - return module = { exports: {} }, fn(module, module.exports), module.exports; -} - -function commonjsRequire () { - throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs'); -} - -var inherits_browser = createCommonjsModule(function (module) { -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - }; -} -}); +/** + * ASN1 object identifiers for hashes + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} + */ +const hash_headers = []; +hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, + 0x10]; +hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; +hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; +hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20]; +hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, + 0x04, 0x30]; +hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40]; +hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, + 0x00, 0x04, 0x1C]; -var inherits_1 = inherits_browser; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); +/** + * Create padding with secure random data + * @private + * @param {Integer} length - Length of the padding in bytes + * @returns {Uint8Array} Random padding. + */ +function getPKCS1Padding(length) { + const result = new Uint8Array(length); + let count = 0; + while (count < length) { + const randomBytes = getRandomBytes(length - count); + for (let i = 0; i < randomBytes.length; i++) { + if (randomBytes[i] !== 0) { + result[count++] = randomBytes[i]; } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; -} -var toArray_1 = toArray; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -var toHex_1 = toHex; - -function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; -} -var htonl_1 = htonl; - -function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); - } - return res; -} -var toHex32_1 = toHex32; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -var zero2_1 = zero2; - -function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; -} -var zero8_1 = zero8; - -function join32(msg, start, end, endian) { - var len = end - start; - minimalisticAssert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; - } - return res; -} -var join32_1 = join32; - -function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; } } - return res; -} -var split32_1 = split32; - -function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); -} -var rotr32_1 = rotr32; - -function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); + return result; } -var rotl32_1 = rotl32; -function sum32(a, b) { - return (a + b) >>> 0; +/** + * Create a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} + * @param {Uint8Array} message - Message to be encoded + * @param {Integer} keyLength - The length in octets of the key modulus + * @returns {Uint8Array} EME-PKCS1 padded message. + */ +function emeEncode(message, keyLength) { + const mLength = message.length; + // length checking + if (mLength > keyLength - 11) { + throw new Error('Message too long'); + } + // Generate an octet string PS of length k - mLen - 3 consisting of + // pseudo-randomly generated nonzero octets + const PS = getPKCS1Padding(keyLength - mLength - 3); + // Concatenate PS, the message M, and other padding to form an + // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. + const encoded = new Uint8Array(keyLength); + // 0x00 byte + encoded[1] = 2; + encoded.set(PS, 2); + // 0x00 bytes + encoded.set(message, keyLength - mLength); + return encoded; } -var sum32_1 = sum32; -function sum32_3(a, b, c) { - return (a + b + c) >>> 0; -} -var sum32_3_1 = sum32_3; +/** + * Decode a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} + * @param {Uint8Array} encoded - Encoded message bytes + * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) + * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) + * @throws {Error} on decoding failure, unless `randomPayload` is provided + */ +function emeDecode(encoded, randomPayload) { + // encoded format: 0x00 0x02 0x00 + let offset = 2; + let separatorNotFound = 1; + for (let j = offset; j < encoded.length; j++) { + separatorNotFound &= encoded[j] !== 0; + offset += separatorNotFound; + } -function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; -} -var sum32_4_1 = sum32_4; + const psLen = offset - 2; + const payload = encoded.subarray(offset + 1); // discard the 0x00 separator + const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; -function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; -} -var sum32_5_1 = sum32_5; + if (randomPayload) { + return util.selectUint8Array(isValidPadding, payload, randomPayload); + } -function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; + if (isValidPadding) { + return payload; + } - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; + throw new Error('Decryption error'); } -var sum64_1 = sum64; -function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; -} -var sum64_hi_1 = sum64_hi; +/** + * Create a EMSA-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} + * @param {Integer} algo - Hash algorithm type used + * @param {Uint8Array} hashed - Message to be encoded + * @param {Integer} emLen - Intended length in octets of the encoded message + * @returns {Uint8Array} Encoded message. + */ +function emsaEncode(algo, hashed, emLen) { + let i; + if (hashed.length !== hash.getHashByteLength(algo)) { + throw new Error('Invalid hash length'); + } + // produce an ASN.1 DER value for the hash function used. + // Let T be the full hash prefix + const hashPrefix = new Uint8Array(hash_headers[algo].length); + for (i = 0; i < hash_headers[algo].length; i++) { + hashPrefix[i] = hash_headers[algo][i]; + } + // and let tLen be the length in octets prefix and hashed data + const tLen = hashPrefix.length + hashed.length; + if (emLen < tLen + 11) { + throw new Error('Intended encoded message length too short'); + } + // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF + // The length of PS will be at least 8 octets + const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); -function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; + // Concatenate PS, the hash prefix, hashed data, and other padding to form the + // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed + const EM = new Uint8Array(emLen); + EM[1] = 0x01; + EM.set(PS, 2); + EM.set(hashPrefix, emLen - tLen); + EM.set(hashed, emLen - hashed.length); + return EM; } -var sum64_lo_1 = sum64_lo; - -function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; -} -var sum64_4_hi_1 = sum64_4_hi; +var pkcs1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + emeDecode: emeDecode, + emeEncode: emeEncode, + emsaEncode: emsaEncode +}); -function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; -} -var sum64_4_lo_1 = sum64_4_lo; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; -} -var sum64_5_hi_1 = sum64_5_hi; +const webCrypto$5 = util.getWebCrypto(); +const nodeCrypto$3 = util.getNodeCrypto(); +const _1n$2 = BigInt(1); -function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; +/** Create signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} hashed - Hashed message + * @returns {Promise} RSA Signature. + * @async + */ +async function sign$6(hashAlgo, data, n, e, d, p, q, u, hashed) { + if (hash.getHashByteLength(hashAlgo) >= n.length) { + // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error + // e.g. if a 512-bit RSA key is used with a SHA-512 digest. + // The size limit is actually slightly different but here we only care about throwing + // on common key sizes. + throw new Error('Digest size cannot exceed key modulus size'); + } - return lo >>> 0; + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webSign$1(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeSign$1(hashAlgo, data, n, e, d, p, q, u); + } + } + return bnSign(hashAlgo, n, d, hashed); } -var sum64_5_lo_1 = sum64_5_lo; -function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; +/** + * Verify signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} s - Signature + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} hashed - Hashed message + * @returns {Boolean} + * @async + */ +async function verify$6(hashAlgo, data, s, n, e, hashed) { + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webVerify$1(enums.read(enums.webHash, hashAlgo), data, s, n, e); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeVerify$1(hashAlgo, data, s, n, e); + } + } + return bnVerify(hashAlgo, s, n, e, hashed); } -var rotr64_hi_1 = rotr64_hi; -function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; +/** + * Encrypt message + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @returns {Promise} RSA Ciphertext. + * @async + */ +async function encrypt$4(data, n, e) { + if (util.getNodeCrypto()) { + return nodeEncrypt(data, n, e); + } + return bnEncrypt(data, n, e); } -var rotr64_lo_1 = rotr64_lo; -function shr64_hi(ah, al, num) { - return ah >>> num; -} -var shr64_hi_1 = shr64_hi; - -function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var shr64_lo_1 = shr64_lo; - -var utils = { - inherits: inherits_1, - toArray: toArray_1, - toHex: toHex_1, - htonl: htonl_1, - toHex32: toHex32_1, - zero2: zero2_1, - zero8: zero8_1, - join32: join32_1, - split32: split32_1, - rotr32: rotr32_1, - rotl32: rotl32_1, - sum32: sum32_1, - sum32_3: sum32_3_1, - sum32_4: sum32_4_1, - sum32_5: sum32_5_1, - sum64: sum64_1, - sum64_hi: sum64_hi_1, - sum64_lo: sum64_lo_1, - sum64_4_hi: sum64_4_hi_1, - sum64_4_lo: sum64_4_lo_1, - sum64_5_hi: sum64_5_hi_1, - sum64_5_lo: sum64_5_lo_1, - rotr64_hi: rotr64_hi_1, - rotr64_lo: rotr64_lo_1, - shr64_hi: shr64_hi_1, - shr64_lo: shr64_lo_1 -}; - -function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; - - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; -} -var BlockHash_1 = BlockHash; - -BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; - - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; - - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; - - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); - } - - return this; -}; - -BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - minimalisticAssert(this.pending === null); - - return this._digest(enc); -}; - -BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; - } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (t = 8; t < this.padLength; t++) - res[i++] = 0; +/** + * Decrypt RSA message + * @param {Uint8Array} m - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} RSA Plaintext. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$4(data, n, e, d, p, q, u, randomPayload) { + // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, + // and we want to avoid checking the error type to decide if the random payload + // should indeed be returned. + if (util.getNodeCrypto() && !randomPayload) { + try { + return await nodeDecrypt(data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } } - - return res; -}; - -var common = { - BlockHash: BlockHash_1 -}; - -var rotr32$1 = utils.rotr32; - -function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); + return bnDecrypt(data, n, e, d, p, q, u, randomPayload); } -var ft_1_1 = ft_1; -function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); -} -var ch32_1 = ch32; +/** + * Generate a new random private key B bits long with public exponent E. + * + * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using + * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. + * @see module:crypto/public_key/prime + * @param {Integer} bits - RSA bit length + * @param {Integer} e - RSA public exponent + * @returns {{n, e, d, + * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, + * RSA private prime p, RSA private prime q, u = p ** -1 mod q + * @async + */ +async function generate$4(bits, e) { + e = BigInt(e); -function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); -} -var maj32_1 = maj32; + // Native RSA keygen using Web Crypto + if (util.getWebCrypto()) { + const keyGenOpt = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: bits, // the specified keysize in bits + publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent + hash: { + name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' + } + }; + const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); -function p32(x, y, z) { - return x ^ y ^ z; -} -var p32_1 = p32; + // export the generated keys as JsonWebKey (JWK) + // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 + const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); + // map JWK parameters to corresponding OpenPGP names + return jwkToPrivate(jwk, e); + } else if (util.getNodeCrypto()) { + const opts = { + modulusLength: bits, + publicExponent: bigIntToNumber(e), + publicKeyEncoding: { type: 'pkcs1', format: 'jwk' }, + privateKeyEncoding: { type: 'pkcs1', format: 'jwk' } + }; + const jwk = await new Promise((resolve, reject) => { + nodeCrypto$3.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => { + if (err) { + reject(err); + } else { + resolve(jwkPrivateKey); + } + }); + }); + return jwkToPrivate(jwk, e); + } -function s0_256(x) { - return rotr32$1(x, 2) ^ rotr32$1(x, 13) ^ rotr32$1(x, 22); -} -var s0_256_1 = s0_256; + // RSA keygen fallback using 40 iterations of the Miller-Rabin test + // See https://stackoverflow.com/a/6330138 for justification + // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST + let p; + let q; + let n; + do { + q = randomProbablePrime(bits - (bits >> 1), e, 40); + p = randomProbablePrime(bits >> 1, e, 40); + n = p * q; + } while (bitLength(n) !== bits); -function s1_256(x) { - return rotr32$1(x, 6) ^ rotr32$1(x, 11) ^ rotr32$1(x, 25); -} -var s1_256_1 = s1_256; + const phi = (p - _1n$2) * (q - _1n$2); -function g0_256(x) { - return rotr32$1(x, 7) ^ rotr32$1(x, 18) ^ (x >>> 3); -} -var g0_256_1 = g0_256; + if (q < p) { + [p, q] = [q, p]; + } -function g1_256(x) { - return rotr32$1(x, 17) ^ rotr32$1(x, 19) ^ (x >>> 10); + return { + n: bigIntToUint8Array(n), + e: bigIntToUint8Array(e), + d: bigIntToUint8Array(modInv(e, phi)), + p: bigIntToUint8Array(p), + q: bigIntToUint8Array(q), + // dp: d.mod(p.subn(1)), + // dq: d.mod(q.subn(1)), + u: bigIntToUint8Array(modInv(p, q)) + }; } -var g1_256_1 = g1_256; - -var common$1 = { - ft_1: ft_1_1, - ch32: ch32_1, - maj32: maj32_1, - p32: p32_1, - s0_256: s0_256_1, - s1_256: s1_256_1, - g0_256: g0_256_1, - g1_256: g1_256_1 -}; - -var sum32$1 = utils.sum32; -var sum32_4$1 = utils.sum32_4; -var sum32_5$1 = utils.sum32_5; -var ch32$1 = common$1.ch32; -var maj32$1 = common$1.maj32; -var s0_256$1 = common$1.s0_256; -var s1_256$1 = common$1.s1_256; -var g0_256$1 = common$1.g0_256; -var g1_256$1 = common$1.g1_256; - -var BlockHash$1 = common.BlockHash; - -var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; - -function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); - - BlockHash$1.call(this); - this.h = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 - ]; - this.k = sha256_K; - this.W = new Array(64); -} -utils.inherits(SHA256, BlockHash$1); -var _256 = SHA256; - -SHA256.blockSize = 512; -SHA256.outSize = 256; -SHA256.hmacStrength = 192; -SHA256.padLength = 64; - -SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4$1(g1_256$1(W[i - 2]), W[i - 7], g0_256$1(W[i - 15]), W[i - 16]); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; - - minimalisticAssert(this.k.length === W.length); - for (i = 0; i < W.length; i++) { - var T1 = sum32_5$1(h, s1_256$1(e), ch32$1(e, f, g), this.k[i], W[i]); - var T2 = sum32$1(s0_256$1(a), maj32$1(a, b, c)); - h = g; - g = f; - f = e; - e = sum32$1(d, T1); - d = c; - c = b; - b = a; - a = sum32$1(T1, T2); - } - - this.h[0] = sum32$1(this.h[0], a); - this.h[1] = sum32$1(this.h[1], b); - this.h[2] = sum32$1(this.h[2], c); - this.h[3] = sum32$1(this.h[3], d); - this.h[4] = sum32$1(this.h[4], e); - this.h[5] = sum32$1(this.h[5], f); - this.h[6] = sum32$1(this.h[6], g); - this.h[7] = sum32$1(this.h[7], h); -}; - -SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - - _256.call(this); - this.h = [ - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; -} -utils.inherits(SHA224, _256); -var _224 = SHA224; - -SHA224.blockSize = 512; -SHA224.outSize = 224; -SHA224.hmacStrength = 192; -SHA224.padLength = 64; - -SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); -}; -var rotr64_hi$1 = utils.rotr64_hi; -var rotr64_lo$1 = utils.rotr64_lo; -var shr64_hi$1 = utils.shr64_hi; -var shr64_lo$1 = utils.shr64_lo; -var sum64$1 = utils.sum64; -var sum64_hi$1 = utils.sum64_hi; -var sum64_lo$1 = utils.sum64_lo; -var sum64_4_hi$1 = utils.sum64_4_hi; -var sum64_4_lo$1 = utils.sum64_4_lo; -var sum64_5_hi$1 = utils.sum64_5_hi; -var sum64_5_lo$1 = utils.sum64_5_lo; - -var BlockHash$2 = common.BlockHash; - -var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 -]; +/** + * Validate RSA parameters + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA inverse of p w.r.t. q + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$8(n, e, d, p, q, u) { + n = uint8ArrayToBigInt(n); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); -function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - - BlockHash$2.call(this); - this.h = [ - 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); -} -utils.inherits(SHA512, BlockHash$2); -var _512 = SHA512; - -SHA512.blockSize = 1024; -SHA512.outSize = 512; -SHA512.hmacStrength = 192; -SHA512.padLength = 128; - -SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; - - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - - W[i] = sum64_4_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); + // expect pq = n + if ((p * q) !== n) { + return false; } -}; -SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; - - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; - - minimalisticAssert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; - - var T1_hi = sum64_5_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - - c0_hi = s0_512_hi(ah, al); - c0_lo = s0_512_lo(ah, al); - c1_hi = maj64_hi(ah, al, bh, bl, ch); - c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); - - var T2_hi = sum64_hi$1(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo$1(c0_hi, c0_lo, c1_hi, c1_lo); - - hh = gh; - hl = gl; - - gh = fh; - gl = fl; - - fh = eh; - fl = el; - - eh = sum64_hi$1(dh, dl, T1_hi, T1_lo); - el = sum64_lo$1(dl, dl, T1_hi, T1_lo); - - dh = ch; - dl = cl; - - ch = bh; - cl = bl; - - bh = ah; - bl = al; - - ah = sum64_hi$1(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo$1(T1_hi, T1_lo, T2_hi, T2_lo); - } - - sum64$1(this.h, 0, ah, al); - sum64$1(this.h, 2, bh, bl); - sum64$1(this.h, 4, ch, cl); - sum64$1(this.h, 6, dh, dl); - sum64$1(this.h, 8, eh, el); - sum64$1(this.h, 10, fh, fl); - sum64$1(this.h, 12, gh, gl); - sum64$1(this.h, 14, hh, hl); -}; + const _2n = BigInt(2); + // expect p*u = 1 mod q + u = uint8ArrayToBigInt(u); + if (mod$1(p * u, q) !== BigInt(1)) { + return false; + } -SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + /** + * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) + * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] + * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] + * + * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) + */ + const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3)); + const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q + const rde = r * d * e; -function ch64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; -} + const areInverses = mod$1(rde, p - _1n$2) === r && mod$1(rde, q - _1n$2) === r; + if (!areInverses) { + return false; + } -function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; + return true; } -function maj64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; +async function bnSign(hashAlgo, n, d, hashed) { + n = uint8ArrayToBigInt(n); + const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n))); + d = uint8ArrayToBigInt(d); + return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n)); } -function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; +async function webSign$1(hashName, data, n, e, d, p, q, u) { + /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. + * We swap them in privateToJWK, so it usually works out, but nevertheless, + * not all OpenPGP keys are compatible with this requirement. + * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still + * does if the underlying Web Crypto does so (though the tested implementations + * don't do so). + */ + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const algo = { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }; + const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); + return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); } -function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 28); - var c1_hi = rotr64_hi$1(xl, xh, 2); // 34 - var c2_hi = rotr64_hi$1(xl, xh, 7); // 39 +async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) { + const sign = nodeCrypto$3.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(data); + sign.end(); - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; + const jwk = await privateToJWK$1(n, e, d, p, q, u); + return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' })); } -function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 28); - var c1_lo = rotr64_lo$1(xl, xh, 2); // 34 - var c2_lo = rotr64_lo$1(xl, xh, 7); // 39 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; +async function bnVerify(hashAlgo, s, n, e, hashed) { + n = uint8ArrayToBigInt(n); + s = uint8ArrayToBigInt(s); + e = uint8ArrayToBigInt(e); + if (s >= n) { + throw new Error('Signature size cannot exceed modulus size'); + } + const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n)); + const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n)); + return util.equalsUint8Array(EM1, EM2); } -function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 14); - var c1_hi = rotr64_hi$1(xh, xl, 18); - var c2_hi = rotr64_hi$1(xl, xh, 9); // 41 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; +async function webVerify$1(hashName, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = await webCrypto$5.importKey('jwk', jwk, { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }, false, ['verify']); + return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); } -function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 14); - var c1_lo = rotr64_lo$1(xh, xl, 18); - var c2_lo = rotr64_lo$1(xl, xh, 9); // 41 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} +async function nodeVerify$1(hashAlgo, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1' }; -function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 1); - var c1_hi = rotr64_hi$1(xh, xl, 8); - var c2_hi = shr64_hi$1(xh, xl, 7); + const verify = nodeCrypto$3.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(data); + verify.end(); - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; + try { + return verify.verify(key, s); + } catch (err) { + return false; + } } -function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 1); - var c1_lo = rotr64_lo$1(xh, xl, 8); - var c2_lo = shr64_lo$1(xh, xl, 7); +async function nodeEncrypt(data, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; + return new Uint8Array(nodeCrypto$3.publicEncrypt(key, data)); } -function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 19); - var c1_hi = rotr64_hi$1(xl, xh, 29); // 61 - var c2_hi = shr64_hi$1(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; +async function bnEncrypt(data, n, e) { + n = uint8ArrayToBigInt(n); + data = uint8ArrayToBigInt(emeEncode(data, byteLength(n))); + e = uint8ArrayToBigInt(e); + if (data >= n) { + throw new Error('Message size cannot exceed modulus size'); + } + return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n)); } -function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 19); - var c1_lo = rotr64_lo$1(xl, xh, 29); // 61 - var c2_lo = shr64_lo$1(xh, xl, 6); +async function nodeDecrypt(data, n, e, d, p, q, u) { + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; + try { + return new Uint8Array(nodeCrypto$3.privateDecrypt(key, data)); + } catch (err) { + throw new Error('Decryption error'); + } } -function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - _512.call(this); - this.h = [ - 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; -} -utils.inherits(SHA384, _512); -var _384 = SHA384; - -SHA384.blockSize = 1024; -SHA384.outSize = 384; -SHA384.hmacStrength = 192; -SHA384.padLength = 128; - -SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); -}; +async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { + data = uint8ArrayToBigInt(data); + n = uint8ArrayToBigInt(n); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + u = uint8ArrayToBigInt(u); + if (data >= n) { + throw new Error('Data too large.'); + } + const dq = mod$1(d, q - _1n$2); // d mod (q-1) + const dp = mod$1(d, p - _1n$2); // d mod (p-1) -var rotl32$1 = utils.rotl32; -var sum32$2 = utils.sum32; -var sum32_3$1 = utils.sum32_3; -var sum32_4$2 = utils.sum32_4; -var BlockHash$3 = common.BlockHash; - -function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash$3.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; -} -utils.inherits(RIPEMD160, BlockHash$3); -var ripemd160 = RIPEMD160; - -RIPEMD160.blockSize = 512; -RIPEMD160.outSize = 160; -RIPEMD160.hmacStrength = 192; -RIPEMD160.padLength = 64; - -RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32$2( - rotl32$1( - sum32_4$2(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32$1(C, 10); - C = B; - B = T; - T = sum32$2( - rotl32$1( - sum32_4$2(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32$1(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3$1(this.h[1], C, Dh); - this.h[1] = sum32_3$1(this.h[2], D, Eh); - this.h[2] = sum32_3$1(this.h[3], E, Ah); - this.h[3] = sum32_3$1(this.h[4], A, Bh); - this.h[4] = sum32_3$1(this.h[0], B, Ch); - this.h[0] = T; -}; + const unblinder = getRandomBigInteger(BigInt(2), n); + const blinder = modExp(modInv(unblinder, n), e, n); + data = mod$1(data * blinder, n); -RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); -}; + const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p + const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q + const h = mod$1(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q) -function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); -} - -function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; -} - -function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; -} - -var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -]; + let result = h * p + mp; // result < n due to relations above -var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -]; + result = mod$1(result * unblinder, n); -var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -]; + return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload); +} -var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -]; +/** Convert Openpgp private key params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + * @param {Uint8Array} d + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} u + */ +async function privateToJWK$1(n, e, d, p, q, u) { + const pNum = uint8ArrayToBigInt(p); + const qNum = uint8ArrayToBigInt(q); + const dNum = uint8ArrayToBigInt(d); -var ripemd = { - ripemd160: ripemd160 -}; + let dq = mod$1(dNum, qNum - _1n$2); // d mod (q-1) + let dp = mod$1(dNum, pNum - _1n$2); // d mod (p-1) + dp = bigIntToUint8Array(dp); + dq = bigIntToUint8Array(dq); + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + d: uint8ArrayToB64(d), + // switch p and q + p: uint8ArrayToB64(q), + q: uint8ArrayToB64(p), + // switch dp and dq + dp: uint8ArrayToB64(dq), + dq: uint8ArrayToB64(dp), + qi: uint8ArrayToB64(u), + ext: true + }; +} -/** - * A fast MD5 JavaScript implementation - * Copyright (c) 2012 Joseph Myers - * http://www.myersdaily.org/joseph/javascript/md5-text.html - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purposes and without - * fee is hereby granted provided that this copyright notice - * appears in all copies. - * - * Of course, this soft is provided "as is" without express or implied - * warranty of any kind. +/** Convert Openpgp key public params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e */ +function publicToJWK(n, e) { + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + ext: true + }; +} -// MD5 Digest -async function md5(entree) { - const digest = md51(util.uint8ArrayToString(entree)); - return util.hexToUint8Array(hex(digest)); +/** Convert JWK private key to OpenPGP private key params */ +function jwkToPrivate(jwk, e) { + return { + n: b64ToUint8Array(jwk.n), + e: bigIntToUint8Array(e), + d: b64ToUint8Array(jwk.d), + // switch p and q + p: b64ToUint8Array(jwk.q), + q: b64ToUint8Array(jwk.p), + // Since p and q are switched in places, u is the inverse of jwk.q + u: b64ToUint8Array(jwk.qi) + }; } -function md5cycle(x, k) { - let a = x[0]; - let b = x[1]; - let c = x[2]; - let d = x[3]; +var rsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$4, + encrypt: encrypt$4, + generate: generate$4, + sign: sign$6, + validateParams: validateParams$8, + verify: verify$6 +}); - a = ff(a, b, c, d, k[0], 7, -680876936); - d = ff(d, a, b, c, k[1], 12, -389564586); - c = ff(c, d, a, b, k[2], 17, 606105819); - b = ff(b, c, d, a, k[3], 22, -1044525330); - a = ff(a, b, c, d, k[4], 7, -176418897); - d = ff(d, a, b, c, k[5], 12, 1200080426); - c = ff(c, d, a, b, k[6], 17, -1473231341); - b = ff(b, c, d, a, k[7], 22, -45705983); - a = ff(a, b, c, d, k[8], 7, 1770035416); - d = ff(d, a, b, c, k[9], 12, -1958414417); - c = ff(c, d, a, b, k[10], 17, -42063); - b = ff(b, c, d, a, k[11], 22, -1990404162); - a = ff(a, b, c, d, k[12], 7, 1804603682); - d = ff(d, a, b, c, k[13], 12, -40341101); - c = ff(c, d, a, b, k[14], 17, -1502002290); - b = ff(b, c, d, a, k[15], 22, 1236535329); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - a = gg(a, b, c, d, k[1], 5, -165796510); - d = gg(d, a, b, c, k[6], 9, -1069501632); - c = gg(c, d, a, b, k[11], 14, 643717713); - b = gg(b, c, d, a, k[0], 20, -373897302); - a = gg(a, b, c, d, k[5], 5, -701558691); - d = gg(d, a, b, c, k[10], 9, 38016083); - c = gg(c, d, a, b, k[15], 14, -660478335); - b = gg(b, c, d, a, k[4], 20, -405537848); - a = gg(a, b, c, d, k[9], 5, 568446438); - d = gg(d, a, b, c, k[14], 9, -1019803690); - c = gg(c, d, a, b, k[3], 14, -187363961); - b = gg(b, c, d, a, k[8], 20, 1163531501); - a = gg(a, b, c, d, k[13], 5, -1444681467); - d = gg(d, a, b, c, k[2], 9, -51403784); - c = gg(c, d, a, b, k[7], 14, 1735328473); - b = gg(b, c, d, a, k[12], 20, -1926607734); - a = hh(a, b, c, d, k[5], 4, -378558); - d = hh(d, a, b, c, k[8], 11, -2022574463); - c = hh(c, d, a, b, k[11], 16, 1839030562); - b = hh(b, c, d, a, k[14], 23, -35309556); - a = hh(a, b, c, d, k[1], 4, -1530992060); - d = hh(d, a, b, c, k[4], 11, 1272893353); - c = hh(c, d, a, b, k[7], 16, -155497632); - b = hh(b, c, d, a, k[10], 23, -1094730640); - a = hh(a, b, c, d, k[13], 4, 681279174); - d = hh(d, a, b, c, k[0], 11, -358537222); - c = hh(c, d, a, b, k[3], 16, -722521979); - b = hh(b, c, d, a, k[6], 23, 76029189); - a = hh(a, b, c, d, k[9], 4, -640364487); - d = hh(d, a, b, c, k[12], 11, -421815835); - c = hh(c, d, a, b, k[15], 16, 530742520); - b = hh(b, c, d, a, k[2], 23, -995338651); +const _1n$1 = BigInt(1); - a = ii(a, b, c, d, k[0], 6, -198630844); - d = ii(d, a, b, c, k[7], 10, 1126891415); - c = ii(c, d, a, b, k[14], 15, -1416354905); - b = ii(b, c, d, a, k[5], 21, -57434055); - a = ii(a, b, c, d, k[12], 6, 1700485571); - d = ii(d, a, b, c, k[3], 10, -1894986606); - c = ii(c, d, a, b, k[10], 15, -1051523); - b = ii(b, c, d, a, k[1], 21, -2054922799); - a = ii(a, b, c, d, k[8], 6, 1873313359); - d = ii(d, a, b, c, k[15], 10, -30611744); - c = ii(c, d, a, b, k[6], 15, -1560198380); - b = ii(b, c, d, a, k[13], 21, 1309151649); - a = ii(a, b, c, d, k[4], 6, -145523070); - d = ii(d, a, b, c, k[11], 10, -1120210379); - c = ii(c, d, a, b, k[2], 15, 718787259); - b = ii(b, c, d, a, k[9], 21, -343485551); +/** + * ElGamal Encryption function + * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) + * @param {Uint8Array} data - To be padded and encrypted + * @param {Uint8Array} p + * @param {Uint8Array} g + * @param {Uint8Array} y + * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} + * @async + */ +async function encrypt$3(data, p, g, y) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - x[0] = add32(a, x[0]); - x[1] = add32(b, x[1]); - x[2] = add32(c, x[2]); - x[3] = add32(d, x[3]); -} + const padded = emeEncode(data, byteLength(p)); + const m = uint8ArrayToBigInt(padded); -function cmn(q, a, b, x, s, t) { - a = add32(add32(a, q), add32(x, t)); - return add32((a << s) | (a >>> (32 - s)), b); + // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* + // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] + const k = getRandomBigInteger(_1n$1, p - _1n$1); + return { + c1: bigIntToUint8Array(modExp(g, k, p)), + c2: bigIntToUint8Array(mod$1(modExp(y, k, p) * m, p)) + }; } -function ff(a, b, c, d, x, s, t) { - return cmn((b & c) | ((~b) & d), a, b, x, s, t); -} +/** + * ElGamal Encryption function + * @param {Uint8Array} c1 + * @param {Uint8Array} c2 + * @param {Uint8Array} p + * @param {Uint8Array} x + * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} Unpadded message. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$3(c1, c2, p, x, randomPayload) { + c1 = uint8ArrayToBigInt(c1); + c2 = uint8ArrayToBigInt(c2); + p = uint8ArrayToBigInt(p); + x = uint8ArrayToBigInt(x); -function gg(a, b, c, d, x, s, t) { - return cmn((b & d) | (c & (~d)), a, b, x, s, t); + const padded = mod$1(modInv(modExp(c1, x, p), p) * c2, p); + return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload); } -function hh(a, b, c, d, x, s, t) { - return cmn(b ^ c ^ d, a, b, x, s, t); -} +/** + * Validate ElGamal parameters + * @param {Uint8Array} p - ElGamal prime + * @param {Uint8Array} g - ElGamal group generator + * @param {Uint8Array} y - ElGamal public key + * @param {Uint8Array} x - ElGamal private exponent + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$7(p, g, y, x) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); -function ii(a, b, c, d, x, s, t) { - return cmn(c ^ (b | (~d)), a, b, x, s, t); -} + // Check that 1 < g < p + if (g <= _1n$1 || g >= p) { + return false; + } -function md51(s) { - const n = s.length; - const state = [1732584193, -271733879, -1732584194, 271733878]; - let i; - for (i = 64; i <= s.length; i += 64) { - md5cycle(state, md5blk(s.substring(i - 64, i))); + // Expect p-1 to be large + const pSize = BigInt(bitLength(p)); + const _1023n = BigInt(1023); + if (pSize < _1023n) { + return false; } - s = s.substring(i - 64); - const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (i = 0; i < s.length; i++) { - tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + + /** + * g should have order p-1 + * Check that g ** (p-1) = 1 mod p + */ + if (modExp(g, p - _1n$1, p) !== _1n$1) { + return false; } - tail[i >> 2] |= 0x80 << ((i % 4) << 3); - if (i > 55) { - md5cycle(state, tail); - for (i = 0; i < 16; i++) { - tail[i] = 0; + + /** + * Since p-1 is not prime, g might have a smaller order that divides p-1 + * We want to make sure that the order is large enough to hinder a small subgroup attack + * + * We just check g**i != 1 for all i up to a threshold + */ + let res = g; + let i = BigInt(1); + const _2n = BigInt(2); + const threshold = _2n << BigInt(17); // we want order > threshold + while (i < threshold) { + res = mod$1(res * g, p); + if (res === _1n$1) { + return false; } + i++; } - tail[14] = n * 8; - md5cycle(state, tail); - return state; -} -/* there needs to be support for Unicode here, - * unless we pretend that we can redefine the MD-5 - * algorithm for multi-byte characters (perhaps - * by adding every four 16-bit characters and - * shortening the sum to 32 bits). Otherwise - * I suggest performing MD-5 as if every character - * was two bytes--e.g., 0040 0025 = @%--but then - * how will an ordinary MD-5 sum be matched? - * There is no way to standardize text to something - * like UTF-8 before transformation; speed cost is - * utterly prohibitive. The JavaScript standard - * itself needs to look at this: it should start - * providing access to strings as preformed UTF-8 - * 8-bit unsigned value arrays. - */ -function md5blk(s) { /* I figured global was faster. */ - const md5blks = []; - let i; /* Andy King said do it this way. */ - for (i = 0; i < 64; i += 4) { - md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << - 24); + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{r(p-1) + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const r = getRandomBigInteger(_2n << (pSize - _1n$1), _2n << pSize); // draw r of same size as p-1 + const rqx = (p - _1n$1) * r + x; + if (y !== modExp(g, rqx, p)) { + return false; } - return md5blks; + + return true; } -const hex_chr = '0123456789abcdef'.split(''); +var elgamal = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$3, + encrypt: encrypt$3, + validateParams: validateParams$7 +}); -function rhex(n) { - let s = ''; - let j = 0; - for (; j < 4; j++) { - s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; - } - return s; -} +// declare const globalThis: Record | undefined; +const crypto$2 = + typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; -function hex(x) { - for (let i = 0; i < x.length; i++) { - x[i] = rhex(x[i]); - } - return x.join(''); -} +const nacl = {}; -/* this function is much faster, -so if possible we use it. Some IEs -are the only ones I know of that -need the idiotic second function, -generated by an if clause. */ +// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. +// Public domain. +// +// Implementation derived from TweetNaCl version 20140427. +// See for details: http://tweetnacl.cr.yp.to/ -function add32(a, b) { - return (a + b) & 0xFFFFFFFF; -} +var gf = function(init) { + var i, r = new Float64Array(16); + if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; + return r; +}; -/** - * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://github.com/indutny/hash.js|hash.js} - * @module crypto/hash - * @private - */ +// Pluggable, initialized in high-level API below. +var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; -const webCrypto = util.getWebCrypto(); -const nodeCrypto = util.getNodeCrypto(); -const nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes(); +var _9 = new Uint8Array(32); _9[0] = 9; -function nodeHash(type) { - if (!nodeCrypto || !nodeCryptoHashes.includes(type)) { - return; - } - return async function (data) { - const shasum = nodeCrypto.createHash(type); - return transform(data, value => { - shasum.update(value); - }, () => new Uint8Array(shasum.digest())); - }; -} +var gf0 = gf(), + gf1 = gf([1]), + _121665 = gf([0xdb41, 1]), + D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), + D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), + X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), + Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), + I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); -function hashjsHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } - const hashInstance = hash(); - return transform(data, value => { - hashInstance.update(value); - }, () => new Uint8Array(hashInstance.digest())); - }; +function ts64(x, i, h, l) { + x[i] = (h >> 24) & 0xff; + x[i+1] = (h >> 16) & 0xff; + x[i+2] = (h >> 8) & 0xff; + x[i+3] = h & 0xff; + x[i+4] = (l >> 24) & 0xff; + x[i+5] = (l >> 16) & 0xff; + x[i+6] = (l >> 8) & 0xff; + x[i+7] = l & 0xff; } -function asmcryptoHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (util.isStream(data)) { - const hashInstance = new hash(); - return transform(data, value => { - hashInstance.process(value); - }, () => hashInstance.finish().result); - } else if (webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } else { - return hash.bytes(data); - } - }; +function vn(x, xi, y, yi, n) { + var i,d = 0; + for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; + return (1 & ((d - 1) >>> 8)) - 1; } -const hashFunctions = { - md5: nodeHash('md5') || md5, - sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'), - sha224: nodeHash('sha224') || hashjsHash(_224), - sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'), - sha384: nodeHash('sha384') || hashjsHash(_384, 'SHA-384'), - sha512: nodeHash('sha512') || hashjsHash(_512, 'SHA-512'), // asmcrypto sha512 is huge. - ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160) -}; - -var hash = { +function crypto_verify_32(x, xi, y, yi) { + return vn(x,xi,y,yi,32); +} - /** @see module:md5 */ - md5: hashFunctions.md5, - /** @see asmCrypto */ - sha1: hashFunctions.sha1, - /** @see hash.js */ - sha224: hashFunctions.sha224, - /** @see asmCrypto */ - sha256: hashFunctions.sha256, - /** @see hash.js */ - sha384: hashFunctions.sha384, - /** @see asmCrypto */ - sha512: hashFunctions.sha512, - /** @see hash.js */ - ripemd: hashFunctions.ripemd, +function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) r[i] = a[i]|0; +} - /** - * Create a hash on the specified data using the specified algorithm - * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @param {Uint8Array} data - Data to be hashed - * @returns {Promise} Hash value. - */ - digest: function(algo, data) { - switch (algo) { - case enums.hash.md5: - return this.md5(data); - case enums.hash.sha1: - return this.sha1(data); - case enums.hash.ripemd: - return this.ripemd(data); - case enums.hash.sha256: - return this.sha256(data); - case enums.hash.sha384: - return this.sha384(data); - case enums.hash.sha512: - return this.sha512(data); - case enums.hash.sha224: - return this.sha224(data); - default: - throw new Error('Invalid hash function.'); - } - }, +function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; i++) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c-1 + 37 * (c-1); +} - /** - * Returns the hash size in bytes of the specified hash algorithm type - * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @returns {Integer} Size in bytes of the resulting hash. - */ - getHashByteLength: function(algo) { - switch (algo) { - case enums.hash.md5: - return 16; - case enums.hash.sha1: - case enums.hash.ripemd: - return 20; - case enums.hash.sha256: - return 32; - case enums.hash.sha384: - return 48; - case enums.hash.sha512: - return 64; - case enums.hash.sha224: - return 28; - default: - throw new Error('Invalid hash algorithm.'); - } +function sel25519(p, q, b) { + var t, c = ~(b-1); + for (var i = 0; i < 16; i++) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; } -}; +} -class AES_CFB { - static encrypt(data, key, iv) { - return new AES_CFB(key, iv).encrypt(data); - } - static decrypt(data, key, iv) { - return new AES_CFB(key, iv).decrypt(data); - } - constructor(key, iv, aes) { - this.aes = aes ? aes : new AES(key, iv, true, 'CFB'); - delete this.aes.padding; - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); +function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; i++) t[i] = n[i]; + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; j++) { + m[0] = t[0] - 0xffed; + for (i = 1; i < 15; i++) { + m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); + m[i-1] &= 0xffff; } + m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); + b = (m[15]>>16) & 1; + m[14] &= 0xffff; + sel25519(t, m, 1-b); + } + for (i = 0; i < 16; i++) { + o[2*i] = t[i] & 0xff; + o[2*i+1] = t[i]>>8; + } } -/** - * Get implementation of the given cipher - * @param {enums.symmetric} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getCipher(algo) { - const algoName = enums.read(enums.symmetric, algo); - return cipher[algoName]; +function neq25519(a, b) { + var c = new Uint8Array(32), d = new Uint8Array(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); } -// Modified by ProtonTech AG - -const webCrypto$1 = util.getWebCrypto(); -const nodeCrypto$1 = util.getNodeCrypto(); - -const knownAlgos = nodeCrypto$1 ? nodeCrypto$1.getCiphers() : []; -const nodeAlgos = { - idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ - tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, - cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, - blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, - aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, - aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, - aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined - /* twofish is not implemented in OpenSSL */ -}; +function par25519(a) { + var d = new Uint8Array(32); + pack25519(d, a); + return d[0] & 1; +} -/** - * CFB encryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} plaintext - * @param {Uint8Array} iv - * @param {Object} config - full configuration, defaults to openpgp.config - * @returns MaybeStream - */ -async function encrypt(algo, key, plaintext, iv, config) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeEncrypt(algo, key, plaintext, iv); - } - if (util.isAES(algo)) { - return aesEncrypt(algo, key, plaintext, iv, config); - } +function unpack25519(o, n) { + var i; + for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); + o[15] &= 0x7fff; +} - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; +function A(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; +} - const blockc = iv.slice(); - let pt = new Uint8Array(); - const process = chunk => { - if (chunk) { - pt = util.concatUint8Array([pt, chunk]); - } - const ciphertext = new Uint8Array(pt.length); - let i; - let j = 0; - while (chunk ? pt.length >= block_size : pt.length) { - const encblock = cipherfn.encrypt(blockc); - for (i = 0; i < block_size; i++) { - blockc[i] = pt[i] ^ encblock[i]; - ciphertext[j++] = blockc[i]; - } - pt = pt.subarray(block_size); - } - return ciphertext.subarray(0, j); - }; - return transform(plaintext, process, process); +function Z(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; } -/** - * CFB decryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} ciphertext - * @param {Uint8Array} iv - * @returns MaybeStream - */ -async function decrypt(algo, key, ciphertext, iv) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeDecrypt(algo, key, ciphertext, iv); - } - if (util.isAES(algo)) { - return aesDecrypt(algo, key, ciphertext, iv); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - let blockp = iv; - let ct = new Uint8Array(); - const process = chunk => { - if (chunk) { - ct = util.concatUint8Array([ct, chunk]); - } - const plaintext = new Uint8Array(ct.length); - let i; - let j = 0; - while (chunk ? ct.length >= block_size : ct.length) { - const decblock = cipherfn.encrypt(blockp); - blockp = ct.subarray(0, block_size); - for (i = 0; i < block_size; i++) { - plaintext[j++] = blockp[i] ^ decblock[i]; - } - ct = ct.subarray(block_size); - } - return plaintext.subarray(0, j); - }; - return transform(ciphertext, process, process); -} - -function aesEncrypt(algo, key, pt, iv, config) { - if ( - util.getWebCrypto() && - key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support - !util.isStream(pt) && - pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2 - ) { // Web Crypto - return webEncrypt(algo, key, pt, iv); - } - // asm.js fallback - const cfb = new AES_CFB(key, iv); - return transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish()); -} - -function aesDecrypt(algo, key, ct, iv) { - if (util.isStream(ct)) { - const cfb = new AES_CFB(key, iv); - return transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish()); - } - return AES_CFB.decrypt(ct, key, iv); -} - -function xorMut(a, b) { - for (let i = 0; i < a.length; i++) { - a[i] = a[i] ^ b[i]; - } -} - -async function webEncrypt(algo, key, pt, iv) { - const ALGO = 'AES-CBC'; - const _key = await webCrypto$1.importKey('raw', key, { name: ALGO }, false, ['encrypt']); - const { blockSize } = getCipher(algo); - const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]); - const ct = new Uint8Array(await webCrypto$1.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length); - xorMut(ct, pt); - return ct; -} - -function nodeEncrypt(algo, key, pt, iv) { - const algoName = enums.read(enums.symmetric, algo); - const cipherObj = new nodeCrypto$1.createCipheriv(nodeAlgos[algoName], key, iv); - return transform(pt, value => new Uint8Array(cipherObj.update(value))); -} - -function nodeDecrypt(algo, key, ct, iv) { - const algoName = enums.read(enums.symmetric, algo); - const decipherObj = new nodeCrypto$1.createDecipheriv(nodeAlgos[algoName], key, iv); - return transform(ct, value => new Uint8Array(decipherObj.update(value))); -} - -var cfb = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt, - decrypt: decrypt -}); - -class AES_CTR { - static encrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - static decrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - constructor(key, nonce, aes) { - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - delete this.aes.padding; - this.AES_CTR_set_options(nonce); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - AES_CTR_set_options(nonce, counter, size) { - let { asm } = this.aes.acquire_asm(); - if (size !== undefined) { - if (size < 8 || size > 48) - throw new IllegalArgumentError('illegal counter size'); - let mask = Math.pow(2, size) - 1; - asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0); - } - else { - size = 48; - asm.set_mask(0, 0, 0xffff, 0xffffffff); - } - if (nonce !== undefined) { - let len = nonce.length; - if (!len || len > 16) - throw new IllegalArgumentError('illegal nonce size'); - let view = new DataView(new ArrayBuffer(16)); - new Uint8Array(view.buffer).set(nonce); - asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12)); - } - else { - throw new Error('nonce is required'); - } - if (counter !== undefined) { - if (counter < 0 || counter >= Math.pow(2, size)) - throw new IllegalArgumentError('illegal counter value'); - asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0); - } - } -} - -class AES_CBC { - static encrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).encrypt(data); - } - static decrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).decrypt(data); - } - constructor(key, iv, padding = true, aes) { - this.aes = aes ? aes : new AES(key, iv, padding, 'CBC'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * @fileoverview This module implements AES-CMAC on top of - * native AES-CBC using either the WebCrypto API or Node.js' crypto API. - * @module crypto/cmac - * @private - */ - -const webCrypto$2 = util.getWebCrypto(); -const nodeCrypto$2 = util.getNodeCrypto(); - - -/** - * This implementation of CMAC is based on the description of OMAC in - * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that - * document: - * - * We have made a small modification to the OMAC algorithm as it was - * originally presented, changing one of its two constants. - * Specifically, the constant 4 at line 85 was the constant 1/2 (the - * multiplicative inverse of 2) in the original definition of OMAC [14]. - * The OMAC authors indicate that they will promulgate this modification - * [15], which slightly simplifies implementations. - */ - -const blockLength = 16; - - -/** - * xor `padding` into the end of `data`. This function implements "the - * operation xor→ [which] xors the shorter string into the end of longer - * one". Since data is always as least as long as padding, we can - * simplify the implementation. - * @param {Uint8Array} data - * @param {Uint8Array} padding - */ -function rightXORMut(data, padding) { - const offset = data.length - blockLength; - for (let i = 0; i < blockLength; i++) { - data[i + offset] ^= padding[i]; - } - return data; -} - -function pad(data, padding, padding2) { - // if |M| in {n, 2n, 3n, ...} - if (data.length && data.length % blockLength === 0) { - // then return M xor→ B, - return rightXORMut(data, padding); - } - // else return (M || 10^(n−1−(|M| mod n))) xor→ P - const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength))); - padded.set(data); - padded[data.length] = 0b10000000; - return rightXORMut(padded, padding2); -} - -const zeroBlock = new Uint8Array(blockLength); - -async function CMAC(key) { - const cbc = await CBC(key); - - // L ← E_K(0^n); B ← 2L; P ← 4L - const padding = util.double(await cbc(zeroBlock)); - const padding2 = util.double(padding); - - return async function(data) { - // return CBC_K(pad(M; B, P)) - return (await cbc(pad(data, padding, padding2))).subarray(-blockLength); - }; -} - -async function CBC(key) { - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - key = await webCrypto$2.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); - return async function(pt) { - const ct = await webCrypto$2.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt); - return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt) { - const en = new nodeCrypto$2.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock); - const ct = en.update(pt); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt) { - return AES_CBC.encrypt(pt, key, false, zeroBlock); - }; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$3 = util.getWebCrypto(); -const nodeCrypto$3 = util.getNodeCrypto(); -const Buffer$1 = util.getNodeBuffer(); - - -const blockLength$1 = 16; -const ivLength = blockLength$1; -const tagLength = blockLength$1; - -const zero = new Uint8Array(blockLength$1); -const one = new Uint8Array(blockLength$1); one[blockLength$1 - 1] = 1; -const two = new Uint8Array(blockLength$1); two[blockLength$1 - 1] = 2; - -async function OMAC(key) { - const cmac = await CMAC(key); - return function(t, message) { - return cmac(util.concatUint8Array([t, message])); - }; -} - -async function CTR(key) { - if ( - util.getWebCrypto() && - key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - ) { - key = await webCrypto$3.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); - return async function(pt, iv) { - const ct = await webCrypto$3.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$1 * 8 }, key, pt); - return new Uint8Array(ct); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt, iv) { - const en = new nodeCrypto$3.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); - const ct = Buffer$1.concat([en.update(pt), en.final()]); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt, iv) { - return AES_CTR.encrypt(pt, key, iv); - }; -} - - -/** - * Class to en/decrypt using EAX mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function EAX(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('EAX mode supports only AES cipher'); - } - - const [ - omac, - ctr - ] = await Promise.all([ - OMAC(key), - CTR(key) - ]); - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - const [ - omacNonce, - omacAdata - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata) - ]); - const ciphered = await ctr(plaintext, omacNonce); - const omacCiphered = await omac(two, ciphered); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - return util.concatUint8Array([ciphered, tag]); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to verify - * @returns {Promise} The plaintext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext'); - const ciphered = ciphertext.subarray(0, -tagLength); - const ctTag = ciphertext.subarray(-tagLength); - const [ - omacNonce, - omacAdata, - omacCiphered - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata), - omac(two, ciphered) - ]); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); - const plaintext = await ctr(ciphered, omacNonce); - return plaintext; - } - }; -} - - -/** - * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. - * @param {Uint8Array} iv - The initialization vector (16 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -EAX.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[8 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -EAX.blockLength = blockLength$1; -EAX.ivLength = ivLength; -EAX.tagLength = tagLength; - -// OpenPGP.js - An OpenPGP implementation in javascript - -const blockLength$2 = 16; -const ivLength$1 = 15; - -// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: -// While OCB [RFC7253] allows the authentication tag length to be of any -// number up to 128 bits long, this document requires a fixed -// authentication tag length of 128 bits (16 octets) for simplicity. -const tagLength$1 = 16; - - -function ntz(n) { - let ntz = 0; - for (let i = 1; (n & i) === 0; i <<= 1) { - ntz++; - } - return ntz; -} - -function xorMut$1(S, T) { - for (let i = 0; i < S.length; i++) { - S[i] ^= T[i]; - } - return S; -} - -function xor(S, T) { - return xorMut$1(S.slice(), T); -} - -const zeroBlock$1 = new Uint8Array(blockLength$2); -const one$1 = new Uint8Array([1]); - -/** - * Class to en/decrypt using OCB mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function OCB(cipher$1, key) { - - let maxNtz = 0; - let encipher; - let decipher; - let mask; - - constructKeyVariables(cipher$1, key); - - function constructKeyVariables(cipher$1, key) { - const cipherName = enums.read(enums.symmetric, cipher$1); - const aes = new cipher[cipherName](key); - encipher = aes.encrypt.bind(aes); - decipher = aes.decrypt.bind(aes); - - const mask_x = encipher(zeroBlock$1); - const mask_$ = util.double(mask_x); - mask = []; - mask[0] = util.double(mask_$); - - - mask.x = mask_x; - mask.$ = mask_$; - } - - function extendKeyVariables(text, adata) { - const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$2 | 0) - 1; - for (let i = maxNtz + 1; i <= newMaxNtz; i++) { - mask[i] = util.double(mask[i - 1]); - } - maxNtz = newMaxNtz; - } - - function hash(adata) { - if (!adata.length) { - // Fast path - return zeroBlock$1; - } - - // - // Consider A as a sequence of 128-bit blocks - // - const m = adata.length / blockLength$2 | 0; - - const offset = new Uint8Array(blockLength$2); - const sum = new Uint8Array(blockLength$2); - for (let i = 0; i < m; i++) { - xorMut$1(offset, mask[ntz(i + 1)]); - xorMut$1(sum, encipher(xor(offset, adata))); - adata = adata.subarray(blockLength$2); - } - - // - // Process any final partial block; compute final hash value - // - if (adata.length) { - xorMut$1(offset, mask.x); - - const cipherInput = new Uint8Array(blockLength$2); - cipherInput.set(adata, 0); - cipherInput[adata.length] = 0b10000000; - xorMut$1(cipherInput, offset); - - xorMut$1(sum, encipher(cipherInput)); - } - - return sum; - } - - /** - * Encrypt/decrypt data. - * @param {encipher|decipher} fn - Encryption/decryption block cipher function - * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. - */ - function crypt(fn, text, nonce, adata) { - // - // Consider P as a sequence of 128-bit blocks - // - const m = text.length / blockLength$2 | 0; - - // - // Key-dependent variables - // - extendKeyVariables(text, adata); - - // - // Nonce-dependent and per-encryption variables - // - // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N - // Note: We assume here that tagLength mod 16 == 0. - const paddedNonce = util.concatUint8Array([zeroBlock$1.subarray(0, ivLength$1 - nonce.length), one$1, nonce]); - // bottom = str2num(Nonce[123..128]) - const bottom = paddedNonce[blockLength$2 - 1] & 0b111111; - // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) - paddedNonce[blockLength$2 - 1] &= 0b11000000; - const kTop = encipher(paddedNonce); - // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) - const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); - // Offset_0 = Stretch[1+bottom..128+bottom] - const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); - // Checksum_0 = zeros(128) - const checksum = new Uint8Array(blockLength$2); - - const ct = new Uint8Array(text.length + tagLength$1); - - // - // Process any whole blocks - // - let i; - let pos = 0; - for (i = 0; i < m; i++) { - // Offset_i = Offset_{i-1} xor L_{ntz(i)} - xorMut$1(offset, mask[ntz(i + 1)]); - // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) - // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) - ct.set(xorMut$1(fn(xor(offset, text)), offset), pos); - // Checksum_i = Checksum_{i-1} xor P_i - xorMut$1(checksum, fn === encipher ? text : ct.subarray(pos)); - - text = text.subarray(blockLength$2); - pos += blockLength$2; - } - - // - // Process any final partial block and compute raw tag - // - if (text.length) { - // Offset_* = Offset_m xor L_* - xorMut$1(offset, mask.x); - // Pad = ENCIPHER(K, Offset_*) - const padding = encipher(offset); - // C_* = P_* xor Pad[1..bitlen(P_*)] - ct.set(xor(text, padding), pos); - - // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) - const xorInput = new Uint8Array(blockLength$2); - xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); - xorInput[text.length] = 0b10000000; - xorMut$1(checksum, xorInput); - pos += text.length; - } - // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - const tag = xorMut$1(encipher(xorMut$1(xorMut$1(checksum, offset), mask.$)), hash(adata)); - - // - // Assemble ciphertext - // - // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] - ct.set(tag, pos); - return ct; - } - - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - return crypt(encipher, plaintext, nonce, adata); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); - - const tag = ciphertext.subarray(-tagLength$1); - ciphertext = ciphertext.subarray(0, -tagLength$1); - - const crypted = crypt(decipher, ciphertext, nonce, adata); - // if (Tag[1..TAGLEN] == T) - if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { - return crypted.subarray(0, -tagLength$1); - } - throw new Error('Authentication tag mismatch'); - } - }; -} - - -/** - * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. - * @param {Uint8Array} iv - The initialization vector (15 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -OCB.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[7 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -OCB.blockLength = blockLength$2; -OCB.ivLength = ivLength$1; -OCB.tagLength = tagLength$1; - -const _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5 -class AES_GCM { - constructor(key, nonce, adata, tagSize = 16, aes) { - this.tagSize = tagSize; - this.gamma0 = 0; - this.counter = 1; - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - let { asm, heap } = this.aes.acquire_asm(); - // Init GCM - asm.gcm_init(); - // Tag size - if (this.tagSize < 4 || this.tagSize > 16) - throw new IllegalArgumentError('illegal tagSize value'); - // Nonce - const noncelen = nonce.length || 0; - const noncebuf = new Uint8Array(16); - if (noncelen !== 12) { - this._gcm_mac_process(nonce); - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = 0; - heap[4] = 0; - heap[5] = 0; - heap[6] = 0; - heap[7] = 0; - heap[8] = 0; - heap[9] = 0; - heap[10] = 0; - heap[11] = noncelen >>> 29; - heap[12] = (noncelen >>> 21) & 255; - heap[13] = (noncelen >>> 13) & 255; - heap[14] = (noncelen >>> 5) & 255; - heap[15] = (noncelen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_iv(0, 0, 0, 0); - noncebuf.set(heap.subarray(0, 16)); - } - else { - noncebuf.set(nonce); - noncebuf[15] = 1; - } - const nonceview = new DataView(noncebuf.buffer); - this.gamma0 = nonceview.getUint32(12); - asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0); - asm.set_mask(0, 0, 0, 0xffffffff); - // Associated data - if (adata !== undefined) { - if (adata.length > _AES_GCM_data_maxLength) - throw new IllegalArgumentError('illegal adata length'); - if (adata.length) { - this.adata = adata; - this._gcm_mac_process(adata); - } - else { - this.adata = undefined; - } - } - else { - this.adata = undefined; - } - // Counter - if (this.counter < 1 || this.counter > 0xffffffff) - throw new RangeError('counter must be a positive 32-bit integer'); - asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0); - } - static encrypt(cleartext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext); - } - static decrypt(ciphertext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext); - } - encrypt(data) { - return this.AES_GCM_encrypt(data); - } - decrypt(data) { - return this.AES_GCM_decrypt(data); - } - AES_GCM_Encrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len); - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Encrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let adata = this.adata; - let pos = this.aes.pos; - let len = this.aes.len; - const result = new Uint8Array(len + tagSize); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16); - if (len) - result.set(heap.subarray(pos, pos + len)); - let i = len; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - result.set(heap.subarray(0, tagSize), len); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_Decrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0; - let tlen = len + dlen - rlen; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > tlen) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - pos = 0; - len = 0; - } - if (dlen > 0) { - len += _heap_write(heap, 0, data, dpos, dlen); - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Decrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let tagSize = this.tagSize; - let adata = this.adata; - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rlen = len - tagSize; - if (len < tagSize) - throw new IllegalStateError('authentication tag not found'); - const result = new Uint8Array(rlen); - const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len)); - let i = rlen; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len - tagSize; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - let acheck = 0; - for (let i = 0; i < tagSize; ++i) - acheck |= atag[i] ^ heap[i]; - if (acheck) - throw new SecurityError('data integrity check failed'); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_decrypt(data) { - const result1 = this.AES_GCM_Decrypt_process(data); - const result2 = this.AES_GCM_Decrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - AES_GCM_encrypt(data) { - const result1 = this.AES_GCM_Encrypt_process(data); - const result2 = this.AES_GCM_Encrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - _gcm_mac_process(data) { - let { asm, heap } = this.aes.acquire_asm(); - let dpos = 0; - let dlen = data.length || 0; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, 0, data, dpos, dlen); - dpos += wlen; - dlen -= wlen; - while (wlen & 15) - heap[wlen++] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$4 = util.getWebCrypto(); -const nodeCrypto$4 = util.getNodeCrypto(); -const Buffer$2 = util.getNodeBuffer(); - -const blockLength$3 = 16; -const ivLength$2 = 12; // size of the IV in bytes -const tagLength$2 = 16; // size of the tag in bytes -const ALGO = 'AES-GCM'; - -/** - * Class to en/decrypt using GCM mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function GCM(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('GCM mode supports only AES cipher'); - } - - if (util.getNodeCrypto()) { // Node crypto library - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - const en = new nodeCrypto$4.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - en.setAAD(adata); - const ct = Buffer$2.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - const de = new nodeCrypto$4.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - de.setAAD(adata); - de.setAuthTag(ct.slice(ct.length - tagLength$2, ct.length)); // read auth tag at end of ciphertext - const pt = Buffer$2.concat([de.update(ct.slice(0, ct.length - tagLength$2)), de.final()]); - return new Uint8Array(pt); - } - }; - } - - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - const _key = await webCrypto$4.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); - - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.encrypt(pt, key, iv, adata); - } - const ct = await webCrypto$4.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, pt); - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - if (ct.length === tagLength$2) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.decrypt(ct, key, iv, adata); - } - const pt = await webCrypto$4.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, ct); - return new Uint8Array(pt); - } - }; - } - - return { - encrypt: async function(pt, iv, adata) { - return AES_GCM.encrypt(pt, key, iv, adata); - }, - - decrypt: async function(ct, iv, adata) { - return AES_GCM.decrypt(ct, key, iv, adata); - } - }; -} - - -/** - * Get GCM nonce. Note: this operation is not defined by the standard. - * A future version of the standard may define GCM mode differently, - * hopefully under a different ID (we use Private/Experimental algorithm - * ID 100) so that we can maintain backwards compatibility. - * @param {Uint8Array} iv - The initialization vector (12 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -GCM.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[4 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -GCM.blockLength = blockLength$3; -GCM.ivLength = ivLength$2; -GCM.tagLength = tagLength$2; - -/** - * @fileoverview Cipher modes - * @module crypto/mode - * @private - */ - -var mode = { - /** @see module:crypto/mode/cfb */ - cfb: cfb, - /** @see module:crypto/mode/gcm */ - gcm: GCM, - experimentalGCM: GCM, - /** @see module:crypto/mode/eax */ - eax: EAX, - /** @see module:crypto/mode/ocb */ - ocb: OCB -}; - -var naclFastLight = createCommonjsModule(function (module) { -/*jshint bitwise: false*/ - -(function(nacl) { - -// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. -// Public domain. -// -// Implementation derived from TweetNaCl version 20140427. -// See for details: http://tweetnacl.cr.yp.to/ - -var gf = function(init) { - var i, r = new Float64Array(16); - if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; - return r; -}; - -// Pluggable, initialized in high-level API below. -var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - -var _9 = new Uint8Array(32); _9[0] = 9; - -var gf0 = gf(), - gf1 = gf([1]), - _121665 = gf([0xdb41, 1]), - D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), - D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), - X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), - Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), - I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - -function vn(x, xi, y, yi, n) { - var i,d = 0; - for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; - return (1 & ((d - 1) >>> 8)) - 1; -} - -function crypto_verify_32(x, xi, y, yi) { - return vn(x,xi,y,yi,32); -} - -function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) r[i] = a[i]|0; -} - -function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; i++) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c-1 + 37 * (c-1); -} - -function sel25519(p, q, b) { - var t, c = ~(b-1); - for (var i = 0; i < 16; i++) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } -} - -function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; i++) t[i] = n[i]; - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; j++) { - m[0] = t[0] - 0xffed; - for (i = 1; i < 15; i++) { - m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); - m[i-1] &= 0xffff; - } - m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); - b = (m[15]>>16) & 1; - m[14] &= 0xffff; - sel25519(t, m, 1-b); - } - for (i = 0; i < 16; i++) { - o[2*i] = t[i] & 0xff; - o[2*i+1] = t[i]>>8; - } -} - -function neq25519(a, b) { - var c = new Uint8Array(32), d = new Uint8Array(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); -} - -function par25519(a) { - var d = new Uint8Array(32); - pack25519(d, a); - return d[0] & 1; -} - -function unpack25519(o, n) { - var i; - for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); - o[15] &= 0x7fff; -} - -function A(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; -} - -function Z(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; -} - -function M(o, a, b) { - var v, c, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, - t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, - t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, - b0 = b[0], - b1 = b[1], - b2 = b[2], - b3 = b[3], - b4 = b[4], - b5 = b[5], - b6 = b[6], - b7 = b[7], - b8 = b[8], - b9 = b[9], - b10 = b[10], - b11 = b[11], - b12 = b[12], - b13 = b[13], - b14 = b[14], - b15 = b[15]; - - v = a[0]; - t0 += v * b0; - t1 += v * b1; - t2 += v * b2; - t3 += v * b3; - t4 += v * b4; - t5 += v * b5; - t6 += v * b6; - t7 += v * b7; - t8 += v * b8; - t9 += v * b9; - t10 += v * b10; - t11 += v * b11; - t12 += v * b12; - t13 += v * b13; - t14 += v * b14; - t15 += v * b15; - v = a[1]; - t1 += v * b0; - t2 += v * b1; - t3 += v * b2; - t4 += v * b3; - t5 += v * b4; - t6 += v * b5; - t7 += v * b6; - t8 += v * b7; - t9 += v * b8; - t10 += v * b9; - t11 += v * b10; - t12 += v * b11; - t13 += v * b12; - t14 += v * b13; - t15 += v * b14; - t16 += v * b15; - v = a[2]; - t2 += v * b0; - t3 += v * b1; - t4 += v * b2; - t5 += v * b3; - t6 += v * b4; - t7 += v * b5; - t8 += v * b6; - t9 += v * b7; - t10 += v * b8; - t11 += v * b9; - t12 += v * b10; - t13 += v * b11; - t14 += v * b12; - t15 += v * b13; - t16 += v * b14; - t17 += v * b15; - v = a[3]; - t3 += v * b0; - t4 += v * b1; - t5 += v * b2; - t6 += v * b3; - t7 += v * b4; - t8 += v * b5; - t9 += v * b6; - t10 += v * b7; - t11 += v * b8; - t12 += v * b9; - t13 += v * b10; - t14 += v * b11; - t15 += v * b12; - t16 += v * b13; - t17 += v * b14; - t18 += v * b15; - v = a[4]; - t4 += v * b0; - t5 += v * b1; - t6 += v * b2; - t7 += v * b3; - t8 += v * b4; - t9 += v * b5; - t10 += v * b6; - t11 += v * b7; - t12 += v * b8; - t13 += v * b9; - t14 += v * b10; - t15 += v * b11; - t16 += v * b12; - t17 += v * b13; - t18 += v * b14; - t19 += v * b15; - v = a[5]; - t5 += v * b0; - t6 += v * b1; - t7 += v * b2; - t8 += v * b3; - t9 += v * b4; - t10 += v * b5; - t11 += v * b6; - t12 += v * b7; - t13 += v * b8; - t14 += v * b9; - t15 += v * b10; - t16 += v * b11; - t17 += v * b12; - t18 += v * b13; - t19 += v * b14; - t20 += v * b15; - v = a[6]; - t6 += v * b0; - t7 += v * b1; - t8 += v * b2; - t9 += v * b3; - t10 += v * b4; - t11 += v * b5; - t12 += v * b6; - t13 += v * b7; - t14 += v * b8; - t15 += v * b9; - t16 += v * b10; - t17 += v * b11; - t18 += v * b12; - t19 += v * b13; - t20 += v * b14; - t21 += v * b15; - v = a[7]; - t7 += v * b0; - t8 += v * b1; - t9 += v * b2; - t10 += v * b3; - t11 += v * b4; - t12 += v * b5; - t13 += v * b6; - t14 += v * b7; - t15 += v * b8; - t16 += v * b9; - t17 += v * b10; - t18 += v * b11; - t19 += v * b12; - t20 += v * b13; - t21 += v * b14; - t22 += v * b15; - v = a[8]; - t8 += v * b0; - t9 += v * b1; - t10 += v * b2; - t11 += v * b3; - t12 += v * b4; - t13 += v * b5; - t14 += v * b6; - t15 += v * b7; - t16 += v * b8; - t17 += v * b9; - t18 += v * b10; - t19 += v * b11; - t20 += v * b12; - t21 += v * b13; - t22 += v * b14; - t23 += v * b15; - v = a[9]; - t9 += v * b0; - t10 += v * b1; - t11 += v * b2; - t12 += v * b3; - t13 += v * b4; - t14 += v * b5; - t15 += v * b6; - t16 += v * b7; - t17 += v * b8; - t18 += v * b9; - t19 += v * b10; - t20 += v * b11; - t21 += v * b12; - t22 += v * b13; - t23 += v * b14; - t24 += v * b15; - v = a[10]; - t10 += v * b0; - t11 += v * b1; - t12 += v * b2; - t13 += v * b3; - t14 += v * b4; - t15 += v * b5; - t16 += v * b6; - t17 += v * b7; - t18 += v * b8; - t19 += v * b9; - t20 += v * b10; - t21 += v * b11; - t22 += v * b12; - t23 += v * b13; - t24 += v * b14; - t25 += v * b15; - v = a[11]; - t11 += v * b0; - t12 += v * b1; - t13 += v * b2; - t14 += v * b3; - t15 += v * b4; - t16 += v * b5; - t17 += v * b6; - t18 += v * b7; - t19 += v * b8; - t20 += v * b9; - t21 += v * b10; - t22 += v * b11; - t23 += v * b12; - t24 += v * b13; - t25 += v * b14; - t26 += v * b15; - v = a[12]; - t12 += v * b0; - t13 += v * b1; - t14 += v * b2; - t15 += v * b3; - t16 += v * b4; - t17 += v * b5; - t18 += v * b6; - t19 += v * b7; - t20 += v * b8; - t21 += v * b9; - t22 += v * b10; - t23 += v * b11; - t24 += v * b12; - t25 += v * b13; - t26 += v * b14; - t27 += v * b15; - v = a[13]; - t13 += v * b0; - t14 += v * b1; - t15 += v * b2; - t16 += v * b3; - t17 += v * b4; - t18 += v * b5; - t19 += v * b6; - t20 += v * b7; - t21 += v * b8; - t22 += v * b9; - t23 += v * b10; - t24 += v * b11; - t25 += v * b12; - t26 += v * b13; - t27 += v * b14; - t28 += v * b15; - v = a[14]; - t14 += v * b0; - t15 += v * b1; - t16 += v * b2; - t17 += v * b3; - t18 += v * b4; - t19 += v * b5; - t20 += v * b6; - t21 += v * b7; - t22 += v * b8; - t23 += v * b9; - t24 += v * b10; - t25 += v * b11; - t26 += v * b12; - t27 += v * b13; - t28 += v * b14; - t29 += v * b15; - v = a[15]; - t15 += v * b0; - t16 += v * b1; - t17 += v * b2; - t18 += v * b3; - t19 += v * b4; - t20 += v * b5; - t21 += v * b6; - t22 += v * b7; - t23 += v * b8; - t24 += v * b9; - t25 += v * b10; - t26 += v * b11; - t27 += v * b12; - t28 += v * b13; - t29 += v * b14; - t30 += v * b15; - - t0 += 38 * t16; - t1 += 38 * t17; - t2 += 38 * t18; - t3 += 38 * t19; - t4 += 38 * t20; - t5 += 38 * t21; - t6 += 38 * t22; - t7 += 38 * t23; - t8 += 38 * t24; - t9 += 38 * t25; - t10 += 38 * t26; - t11 += 38 * t27; - t12 += 38 * t28; - t13 += 38 * t29; - t14 += 38 * t30; - // t15 left as is - - // first car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - // second car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - o[ 0] = t0; - o[ 1] = t1; - o[ 2] = t2; - o[ 3] = t3; - o[ 4] = t4; - o[ 5] = t5; - o[ 6] = t6; - o[ 7] = t7; - o[ 8] = t8; - o[ 9] = t9; - o[10] = t10; - o[11] = t11; - o[12] = t12; - o[13] = t13; - o[14] = t14; - o[15] = t15; -} - -function S(o, a) { - M(o, a, a); -} - -function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 253; a >= 0; a--) { - S(c, c); - if(a !== 2 && a !== 4) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 250; a >= 0; a--) { - S(c, c); - if(a !== 1) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function crypto_scalarmult(q, n, p) { - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; -} - -function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); -} - -function crypto_box_keypair(y, x) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); -} - -function add(p, q) { - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(), - g = gf(), h = gf(), t = gf(); - - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); -} - -function cswap(p, q, b) { - var i; - for (i = 0; i < 4; i++) { - sel25519(p[i], q[i], b); - } -} - -function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; -} - -function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = (s[(i/8)|0] >> (i&7)) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } -} - -function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); -} - -function crypto_sign_keypair(pk, sk, seeded) { - var d; - var p = [gf(), gf(), gf(), gf()]; - var i; - - if (!seeded) randombytes(sk, 32); - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - scalarbase(p, d); - pack(pk, p); - - for (i = 0; i < 32; i++) sk[i+32] = pk[i]; - return 0; -} - -var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - -function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = Math.floor((x[j] + 128) / 256); - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; j++) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; j++) x[j] -= carry * L[j]; - for (i = 0; i < 32; i++) { - x[i+1] += x[i] >> 8; - r[i] = x[i] & 255; - } -} - -function reduce(r) { - var x = new Float64Array(64), i; - for (i = 0; i < 64; i++) x[i] = r[i]; - for (i = 0; i < 64; i++) r[i] = 0; - modL(r, x); -} - -// Note: difference from C - smlen returned, not passed as argument. -function crypto_sign(sm, m, n, sk) { - var d, h, r; - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - var smlen = n + 64; - for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - - r = nacl.hash(sm.subarray(32, smlen)); - reduce(r); - scalarbase(p, r); - pack(sm, p); - - for (i = 32; i < 64; i++) sm[i] = sk[i]; - h = nacl.hash(sm.subarray(0, smlen)); - reduce(h); - - for (i = 0; i < 64; i++) x[i] = 0; - for (i = 0; i < 32; i++) x[i] = r[i]; - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - x[i+j] += h[i] * d[j]; - } - } - - modL(sm.subarray(32), x); - return smlen; -} - -function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), - den = gf(), den2 = gf(), den4 = gf(), - den6 = gf(); - - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) M(r[0], r[0], I); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) return -1; - - if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); - - M(r[3], r[0], r[1]); - return 0; -} - -function crypto_sign_open(m, sm, n, pk) { - var i; - var t = new Uint8Array(32), h; - var p = [gf(), gf(), gf(), gf()], - q = [gf(), gf(), gf(), gf()]; - - if (n < 64) return -1; - - if (unpackneg(q, pk)) return -1; - - for (i = 0; i < n; i++) m[i] = sm[i]; - for (i = 0; i < 32; i++) m[i+32] = pk[i]; - h = nacl.hash(m.subarray(0, n)); - reduce(h); - scalarmult(p, q, h); - - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; i++) m[i] = 0; - return -1; - } - - for (i = 0; i < n; i++) m[i] = sm[i + 64]; - return n; -} - -var crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_sign_BYTES = 64, - crypto_sign_PUBLICKEYBYTES = 32, - crypto_sign_SECRETKEYBYTES = 64, - crypto_sign_SEEDBYTES = 32; - -function checkArrayTypes() { - for (var i = 0; i < arguments.length; i++) { - if (!(arguments[i] instanceof Uint8Array)) - throw new TypeError('unexpected type, use Uint8Array'); - } -} - -function cleanup(arr) { - for (var i = 0; i < arr.length; i++) arr[i] = 0; -} - -nacl.scalarMult = function(n, p) { - checkArrayTypes(n, p); - if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); - if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); - var q = new Uint8Array(crypto_scalarmult_BYTES); - crypto_scalarmult(q, n, p); - return q; -}; - -nacl.box = {}; - -nacl.box.keyPair = function() { - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.box.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign = function(msg, secretKey) { - checkArrayTypes(msg, secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); - crypto_sign(signedMsg, msg, msg.length, secretKey); - return signedMsg; -}; - -nacl.sign.detached = function(msg, secretKey) { - var signedMsg = nacl.sign(msg, secretKey); - var sig = new Uint8Array(crypto_sign_BYTES); - for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; - return sig; -}; - -nacl.sign.detached.verify = function(msg, sig, publicKey) { - checkArrayTypes(msg, sig, publicKey); - if (sig.length !== crypto_sign_BYTES) - throw new Error('bad signature size'); - if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) - throw new Error('bad public key size'); - var sm = new Uint8Array(crypto_sign_BYTES + msg.length); - var m = new Uint8Array(crypto_sign_BYTES + msg.length); - var i; - for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; - for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; - return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); -}; - -nacl.sign.keyPair = function() { - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.sign.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign.keyPair.fromSeed = function(seed) { - checkArrayTypes(seed); - if (seed.length !== crypto_sign_SEEDBYTES) - throw new Error('bad seed size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - for (var i = 0; i < 32; i++) sk[i] = seed[i]; - crypto_sign_keypair(pk, sk, true); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.setPRNG = function(fn) { - randombytes = fn; -}; - -(function() { - // Initialize PRNG if environment provides CSPRNG. - // If not, methods calling randombytes will throw. - var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; - if (crypto && crypto.getRandomValues) { - // Browsers. - var QUOTA = 65536; - nacl.setPRNG(function(x, n) { - var i, v = new Uint8Array(n); - for (i = 0; i < n; i += QUOTA) { - crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); - } - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } else if (typeof commonjsRequire !== 'undefined') { - // Node.js. - crypto = void('crypto'); - if (crypto && crypto.randomBytes) { - nacl.setPRNG(function(x, n) { - var i, v = crypto.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } - } -})(); - -})(module.exports ? module.exports : (self.nacl = self.nacl || {})); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const nodeCrypto$5 = util.getNodeCrypto(); - -/** - * Retrieve secure random byte array of the specified length - * @param {Integer} length - Length in bytes to generate - * @returns {Uint8Array} Random byte array. - */ -function getRandomBytes(length) { - const buf = new Uint8Array(length); - if (nodeCrypto$5) { - const bytes = nodeCrypto$5.randomBytes(buf.length); - buf.set(bytes); - } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) { - crypto.getRandomValues(buf); - } else { - throw new Error('No secure random number generator available.'); - } - return buf; -} - -/** - * Create a secure random BigInteger that is greater than or equal to min and less than max. - * @param {module:BigInteger} min - Lower bound, included - * @param {module:BigInteger} max - Upper bound, excluded - * @returns {Promise} Random BigInteger. - * @async - */ -async function getRandomBigInteger(min, max) { - const BigInteger = await util.getBigInteger(); - - if (max.lt(min)) { - throw new Error('Illegal parameter value: max <= min'); - } - - const modulus = max.sub(min); - const bytes = modulus.byteLength(); - - // Using a while loop is necessary to avoid bias introduced by the mod operation. - // However, we request 64 extra random bits so that the bias is negligible. - // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - const r = new BigInteger(await getRandomBytes(bytes + 8)); - return r.mod(modulus).add(min); -} - -var random = /*#__PURE__*/Object.freeze({ - __proto__: null, - getRandomBytes: getRandomBytes, - getRandomBigInteger: getRandomBigInteger -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Generate a probably prime random number - * @param {Integer} bits - Bit length of the prime - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns BigInteger - * @async - */ -async function randomProbablePrime(bits, e, k) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - const min = one.leftShift(new BigInteger(bits - 1)); - const thirty = new BigInteger(30); - /* - * We can avoid any multiples of 3 and 5 by looking at n mod 30 - * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 - * the next possible prime is mod 30: - * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 - */ - const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; - - const n = await getRandomBigInteger(min, min.leftShift(one)); - let i = n.mod(thirty).toNumber(); - - do { - n.iadd(new BigInteger(adds[i])); - i = (i + adds[i]) % adds.length; - // If reached the maximum, go back to the minimum. - if (n.bitLength() > bits) { - n.imod(min.leftShift(one)).iadd(min); - i = n.mod(thirty).toNumber(); - } - } while (!await isProbablePrime(n, e, k)); - return n; -} - -/** - * Probabilistic primality testing - * @param {BigInteger} n - Number to test - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns {boolean} - * @async - */ -async function isProbablePrime(n, e, k) { - if (e && !n.dec().gcd(e).isOne()) { - return false; - } - if (!await divisionTest(n)) { - return false; - } - if (!await fermat(n)) { - return false; - } - if (!await millerRabin(n, k)) { - return false; - } - // TODO implement the Lucas test - // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - return true; -} - -/** - * Tests whether n is probably prime or not using Fermat's test with b = 2. - * Fails if b^(n-1) mod n != 1. - * @param {BigInteger} n - Number to test - * @param {BigInteger} b - Optional Fermat test base - * @returns {boolean} - */ -async function fermat(n, b) { - const BigInteger = await util.getBigInteger(); - b = b || new BigInteger(2); - return b.modExp(n.dec(), n).isOne(); -} - -async function divisionTest(n) { - const BigInteger = await util.getBigInteger(); - return smallPrimes.every(m => { - return n.mod(new BigInteger(m)) !== 0; - }); -} - -// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c -const smallPrimes = [ - 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 -]; - - -// Miller-Rabin - Miller Rabin algorithm for primality test -// Copyright Fedor Indutny, 2014. -// -// This software is licensed under the MIT License. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin - -// Sample syntax for Fixed-Base Miller-Rabin: -// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) - -/** - * Tests whether n is probably prime or not using the Miller-Rabin test. - * See HAC Remark 4.28. - * @param {BigInteger} n - Number to test - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @param {Function} rand - Optional function to generate potential witnesses - * @returns {boolean} - * @async - */ -async function millerRabin(n, k, rand) { - const BigInteger = await util.getBigInteger(); - const len = n.bitLength(); - - if (!k) { - k = Math.max(1, (len / 48) | 0); - } - - const n1 = n.dec(); // n - 1 - - // Find d and s, (n - 1) = (2 ^ s) * d; - let s = 0; - while (!n1.getBit(s)) { s++; } - const d = n.rightShift(new BigInteger(s)); - - for (; k > 0; k--) { - const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1); - - let x = a.modExp(d, n); - if (x.isOne() || x.equal(n1)) { - continue; - } - - let i; - for (i = 1; i < s; i++) { - x = x.mul(x).mod(n); - - if (x.isOne()) { - return false; - } - if (x.equal(n1)) { - break; - } - } - - if (i === s) { - return false; - } - } - - return true; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ASN1 object identifiers for hashes - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} - */ -const hash_headers = []; -hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, - 0x10]; -hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; -hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; -hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, - 0x04, 0x20]; -hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, - 0x04, 0x30]; -hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, - 0x00, 0x04, 0x40]; -hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, - 0x00, 0x04, 0x1C]; - -/** - * Create padding with secure random data - * @private - * @param {Integer} length - Length of the padding in bytes - * @returns {Uint8Array} Random padding. - */ -function getPKCS1Padding(length) { - const result = new Uint8Array(length); - let count = 0; - while (count < length) { - const randomBytes = getRandomBytes(length - count); - for (let i = 0; i < randomBytes.length; i++) { - if (randomBytes[i] !== 0) { - result[count++] = randomBytes[i]; - } - } - } - return result; -} - -/** - * Create a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} - * @param {Uint8Array} message - Message to be encoded - * @param {Integer} keyLength - The length in octets of the key modulus - * @returns {Uint8Array} EME-PKCS1 padded message. - */ -function emeEncode(message, keyLength) { - const mLength = message.length; - // length checking - if (mLength > keyLength - 11) { - throw new Error('Message too long'); - } - // Generate an octet string PS of length k - mLen - 3 consisting of - // pseudo-randomly generated nonzero octets - const PS = getPKCS1Padding(keyLength - mLength - 3); - // Concatenate PS, the message M, and other padding to form an - // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. - const encoded = new Uint8Array(keyLength); - // 0x00 byte - encoded[1] = 2; - encoded.set(PS, 2); - // 0x00 bytes - encoded.set(message, keyLength - mLength); - return encoded; -} - -/** - * Decode a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} - * @param {Uint8Array} encoded - Encoded message bytes - * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) - * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) - * @throws {Error} on decoding failure, unless `randomPayload` is provided - */ -function emeDecode(encoded, randomPayload) { - // encoded format: 0x00 0x02 0x00 - let offset = 2; - let separatorNotFound = 1; - for (let j = offset; j < encoded.length; j++) { - separatorNotFound &= encoded[j] !== 0; - offset += separatorNotFound; - } - - const psLen = offset - 2; - const payload = encoded.subarray(offset + 1); // discard the 0x00 separator - const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - - if (randomPayload) { - return util.selectUint8Array(isValidPadding, payload, randomPayload); - } - - if (isValidPadding) { - return payload; - } - - throw new Error('Decryption error'); -} - -/** - * Create a EMSA-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} - * @param {Integer} algo - Hash algorithm type used - * @param {Uint8Array} hashed - Message to be encoded - * @param {Integer} emLen - Intended length in octets of the encoded message - * @returns {Uint8Array} Encoded message. - */ -async function emsaEncode(algo, hashed, emLen) { - let i; - if (hashed.length !== hash.getHashByteLength(algo)) { - throw new Error('Invalid hash length'); - } - // produce an ASN.1 DER value for the hash function used. - // Let T be the full hash prefix - const hashPrefix = new Uint8Array(hash_headers[algo].length); - for (i = 0; i < hash_headers[algo].length; i++) { - hashPrefix[i] = hash_headers[algo][i]; - } - // and let tLen be the length in octets prefix and hashed data - const tLen = hashPrefix.length + hashed.length; - if (emLen < tLen + 11) { - throw new Error('Intended encoded message length too short'); - } - // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF - // The length of PS will be at least 8 octets - const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - - // Concatenate PS, the hash prefix, hashed data, and other padding to form the - // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed - const EM = new Uint8Array(emLen); - EM[1] = 0x01; - EM.set(PS, 2); - EM.set(hashPrefix, emLen - tLen); - EM.set(hashed, emLen - hashed.length); - return EM; -} - -var pkcs1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - emeEncode: emeEncode, - emeDecode: emeDecode, - emsaEncode: emsaEncode -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const webCrypto$5 = util.getWebCrypto(); -const nodeCrypto$6 = util.getNodeCrypto(); -const asn1 = nodeCrypto$6 ? void('asn1.js') : undefined; - -/* eslint-disable no-invalid-this */ -const RSAPrivateKey = nodeCrypto$6 ? asn1.define('RSAPrivateKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('version').int(), // 0 - this.key('modulus').int(), // n - this.key('publicExponent').int(), // e - this.key('privateExponent').int(), // d - this.key('prime1').int(), // p - this.key('prime2').int(), // q - this.key('exponent1').int(), // dp - this.key('exponent2').int(), // dq - this.key('coefficient').int() // u - ); -}) : undefined; - -const RSAPublicKey = nodeCrypto$6 ? asn1.define('RSAPubliceKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('modulus').int(), // n - this.key('publicExponent').int() // e - ); -}) : undefined; -/* eslint-enable no-invalid-this */ - -/** Create signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} hashed - Hashed message - * @returns {Promise} RSA Signature. - * @async - */ -async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeSign(hashAlgo, data, n, e, d, p, q, u); - } - } - return bnSign(hashAlgo, n, d, hashed); -} - -/** - * Verify signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} s - Signature - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} hashed - Hashed message - * @returns {Boolean} - * @async - */ -async function verify(hashAlgo, data, s, n, e, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeVerify(hashAlgo, data, s, n, e); - } - } - return bnVerify(hashAlgo, s, n, e, hashed); -} - -/** - * Encrypt message - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @returns {Promise} RSA Ciphertext. - * @async - */ -async function encrypt$1(data, n, e) { - if (util.getNodeCrypto()) { - return nodeEncrypt$1(data, n, e); - } - return bnEncrypt(data, n, e); -} - -/** - * Decrypt RSA message - * @param {Uint8Array} m - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} RSA Plaintext. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$1(data, n, e, d, p, q, u, randomPayload) { - // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, - // and we want to avoid checking the error type to decide if the random payload - // should indeed be returned. - if (util.getNodeCrypto() && !randomPayload) { - try { - return await nodeDecrypt$1(data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } - return bnDecrypt(data, n, e, d, p, q, u, randomPayload); -} - -/** - * Generate a new random private key B bits long with public exponent E. - * - * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using - * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. - * @see module:crypto/public_key/prime - * @param {Integer} bits - RSA bit length - * @param {Integer} e - RSA public exponent - * @returns {{n, e, d, - * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, - * RSA private prime p, RSA private prime q, u = p ** -1 mod q - * @async - */ -async function generate(bits, e) { - const BigInteger = await util.getBigInteger(); - - e = new BigInteger(e); - - // Native RSA keygen using Web Crypto - if (util.getWebCrypto()) { - const keyGenOpt = { - name: 'RSASSA-PKCS1-v1_5', - modulusLength: bits, // the specified keysize in bits - publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent - hash: { - name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' - } - }; - const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - - // export the generated keys as JsonWebKey (JWK) - // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 - const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); - // map JWK parameters to corresponding OpenPGP names - return { - n: b64ToUint8Array(jwk.n), - e: e.toUint8Array(), - d: b64ToUint8Array(jwk.d), - // switch p and q - p: b64ToUint8Array(jwk.q), - q: b64ToUint8Array(jwk.p), - // Since p and q are switched in places, u is the inverse of jwk.q - u: b64ToUint8Array(jwk.qi) - }; - } else if (util.getNodeCrypto() && nodeCrypto$6.generateKeyPair && RSAPrivateKey) { - const opts = { - modulusLength: bits, - publicExponent: e.toNumber(), - publicKeyEncoding: { type: 'pkcs1', format: 'der' }, - privateKeyEncoding: { type: 'pkcs1', format: 'der' } - }; - const prv = await new Promise((resolve, reject) => { - nodeCrypto$6.generateKeyPair('rsa', opts, (err, _, der) => { - if (err) { - reject(err); - } else { - resolve(RSAPrivateKey.decode(der, 'der')); - } - }); - }); - /** - * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`. - * @link https://tools.ietf.org/html/rfc3447#section-3.2 - * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1 - */ - return { - n: prv.modulus.toArrayLike(Uint8Array), - e: prv.publicExponent.toArrayLike(Uint8Array), - d: prv.privateExponent.toArrayLike(Uint8Array), - // switch p and q - p: prv.prime2.toArrayLike(Uint8Array), - q: prv.prime1.toArrayLike(Uint8Array), - // Since p and q are switched in places, we can keep u as defined by DER - u: prv.coefficient.toArrayLike(Uint8Array) - }; - } - - // RSA keygen fallback using 40 iterations of the Miller-Rabin test - // See https://stackoverflow.com/a/6330138 for justification - // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST - let p; - let q; - let n; - do { - q = await randomProbablePrime(bits - (bits >> 1), e, 40); - p = await randomProbablePrime(bits >> 1, e, 40); - n = p.mul(q); - } while (n.bitLength() !== bits); - - const phi = p.dec().imul(q.dec()); - - if (q.lt(p)) { - [p, q] = [q, p]; - } - - return { - n: n.toUint8Array(), - e: e.toUint8Array(), - d: e.modInv(phi).toUint8Array(), - p: p.toUint8Array(), - q: q.toUint8Array(), - // dp: d.mod(p.subn(1)), - // dq: d.mod(q.subn(1)), - u: p.modInv(q).toUint8Array() - }; -} - -/** - * Validate RSA parameters - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA inverse of p w.r.t. q - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - p = new BigInteger(p); - q = new BigInteger(q); - - // expect pq = n - if (!p.mul(q).equal(n)) { - return false; - } - - const two = new BigInteger(2); - // expect p*u = 1 mod q - u = new BigInteger(u); - if (!p.mul(u).mod(q).isOne()) { - return false; - } - - e = new BigInteger(e); - d = new BigInteger(d); - /** - * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) - * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] - * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] - * - * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) - */ - const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3)); - const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q - const rde = r.mul(d).mul(e); - - const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r); - if (!areInverses) { - return false; - } - - return true; -} - -async function bnSign(hashAlgo, n, d, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength())); - d = new BigInteger(d); - if (m.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return m.modExp(d, n).toUint8Array('be', n.byteLength()); -} - -async function webSign(hashName, data, n, e, d, p, q, u) { - /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. - * We swap them in privateToJWK, so it usually works out, but nevertheless, - * not all OpenPGP keys are compatible with this requirement. - * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still - * does if the underlying Web Crypto does so (though the tested implementations - * don't do so). - */ - const jwk = await privateToJWK(n, e, d, p, q, u); - const algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }; - const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); - return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); -} - -async function nodeSign(hashAlgo, data, n, e, d, p, q, u) { - const { default: BN } = await import('./bn.mjs'); - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const sign = nodeCrypto$6.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(data); - sign.end(); - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPrivateKey.encode(keyObject, 'der'); - return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' })); - } - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - return new Uint8Array(sign.sign(pem)); -} - -async function bnVerify(hashAlgo, s, n, e, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - s = new BigInteger(s); - e = new BigInteger(e); - if (s.gte(n)) { - throw new Error('Signature size cannot exceed modulus size'); - } - const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength()); - const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength()); - return util.equalsUint8Array(EM1, EM2); -} - -async function webVerify(hashName, data, s, n, e) { - const jwk = publicToJWK(n, e); - const key = await webCrypto$5.importKey('jwk', jwk, { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }, false, ['verify']); - return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); -} - -async function nodeVerify(hashAlgo, data, s, n, e) { - const { default: BN } = await import('./bn.mjs'); - - const verify = nodeCrypto$6.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(data); - verify.end(); - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1' }; - } else { - key = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - } - try { - return await verify.verify(key, s); - } catch (err) { - return false; - } -} - -async function nodeEncrypt$1(data, n, e) { - const { default: BN } = await import('./bn.mjs'); - - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - return new Uint8Array(nodeCrypto$6.publicEncrypt(key, data)); -} - -async function bnEncrypt(data, n, e) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - data = new BigInteger(emeEncode(data, n.byteLength())); - e = new BigInteger(e); - if (data.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return data.modExp(e, n).toUint8Array('be', n.byteLength()); -} - -async function nodeDecrypt$1(data, n, e, d, p, q, u) { - const { default: BN } = await import('./bn.mjs'); - - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPrivateKey.encode(keyObject, 'der'); - key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - try { - return new Uint8Array(nodeCrypto$6.privateDecrypt(key, data)); - } catch (err) { - throw new Error('Decryption error'); - } -} - -async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { - const BigInteger = await util.getBigInteger(); - data = new BigInteger(data); - n = new BigInteger(n); - e = new BigInteger(e); - d = new BigInteger(d); - p = new BigInteger(p); - q = new BigInteger(q); - u = new BigInteger(u); - if (data.gte(n)) { - throw new Error('Data too large.'); - } - const dq = d.mod(q.dec()); // d mod (q-1) - const dp = d.mod(p.dec()); // d mod (p-1) - - const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n); - const blinder = unblinder.modInv(n).modExp(e, n); - data = data.mul(blinder).mod(n); - - - const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p - const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q - const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q) - - let result = h.mul(p).add(mp); // result < n due to relations above - - result = result.mul(unblinder).mod(n); - - - return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload); -} - -/** Convert Openpgp private key params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - * @param {Uint8Array} d - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} u - */ -async function privateToJWK(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - const pNum = new BigInteger(p); - const qNum = new BigInteger(q); - const dNum = new BigInteger(d); - - let dq = dNum.mod(qNum.dec()); // d mod (q-1) - let dp = dNum.mod(pNum.dec()); // d mod (p-1) - dp = dp.toUint8Array(); - dq = dq.toUint8Array(); - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - d: uint8ArrayToB64(d, true), - // switch p and q - p: uint8ArrayToB64(q, true), - q: uint8ArrayToB64(p, true), - // switch dp and dq - dp: uint8ArrayToB64(dq, true), - dq: uint8ArrayToB64(dp, true), - qi: uint8ArrayToB64(u, true), - ext: true - }; -} - -/** Convert Openpgp key public params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - */ -function publicToJWK(n, e) { - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - ext: true - }; -} - -var rsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign, - verify: verify, - encrypt: encrypt$1, - decrypt: decrypt$1, - generate: generate, - validateParams: validateParams -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ElGamal Encryption function - * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) - * @param {Uint8Array} data - To be padded and encrypted - * @param {Uint8Array} p - * @param {Uint8Array} g - * @param {Uint8Array} y - * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} - * @async - */ -async function encrypt$2(data, p, g, y) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const padded = emeEncode(data, p.byteLength()); - const m = new BigInteger(padded); - - // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* - // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] - const k = await getRandomBigInteger(new BigInteger(1), p.dec()); - return { - c1: g.modExp(k, p).toUint8Array(), - c2: y.modExp(k, p).imul(m).imod(p).toUint8Array() - }; -} - -/** - * ElGamal Encryption function - * @param {Uint8Array} c1 - * @param {Uint8Array} c2 - * @param {Uint8Array} p - * @param {Uint8Array} x - * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} Unpadded message. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$2(c1, c2, p, x, randomPayload) { - const BigInteger = await util.getBigInteger(); - c1 = new BigInteger(c1); - c2 = new BigInteger(c2); - p = new BigInteger(p); - x = new BigInteger(x); - - const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p); - return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload); -} - -/** - * Validate ElGamal parameters - * @param {Uint8Array} p - ElGamal prime - * @param {Uint8Array} g - ElGamal group generator - * @param {Uint8Array} y - ElGamal public key - * @param {Uint8Array} x - ElGamal private exponent - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$1(p, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - // Expect p-1 to be large - const pSize = new BigInteger(p.bitLength()); - const n1023 = new BigInteger(1023); - if (pSize.lt(n1023)) { - return false; - } - - /** - * g should have order p-1 - * Check that g ** (p-1) = 1 mod p - */ - if (!g.modExp(p.dec(), p).isOne()) { - return false; - } - - /** - * Since p-1 is not prime, g might have a smaller order that divides p-1 - * We want to make sure that the order is large enough to hinder a small subgroup attack - * - * We just check g**i != 1 for all i up to a threshold - */ - let res = g; - const i = new BigInteger(1); - const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold - while (i.lt(threshold)) { - res = res.mul(g).imod(p); - if (res.isOne()) { - return false; - } - i.iinc(); - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{r(p-1) + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1 - const rqx = p.dec().imul(r).iadd(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var elgamal = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt$2, - decrypt: decrypt$2, - validateParams: validateParams$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class OID { - constructor(oid) { - if (oid instanceof OID) { - this.oid = oid.oid; - } else if (util.isArray(oid) || - util.isUint8Array(oid)) { - oid = new Uint8Array(oid); - if (oid[0] === 0x06) { // DER encoded oid byte array - if (oid[1] !== oid.length - 2) { - throw new Error('Length mismatch in DER encoded oid'); - } - oid = oid.subarray(2); - } - this.oid = oid; - } else { - this.oid = ''; - } - } - - /** - * Method to read an OID object - * @param {Uint8Array} input - Where to read the OID from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length >= 1) { - const length = input[0]; - if (input.length >= 1 + length) { - this.oid = input.subarray(1, 1 + length); - return 1 + this.oid.length; - } - } - throw new Error('Invalid oid'); - } - - /** - * Serialize an OID object - * @returns {Uint8Array} Array with the serialized value the OID. - */ - write() { - return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); - } - - /** - * Serialize an OID object as a hex string - * @returns {string} String with the hex value of the OID. - */ - toHex() { - return util.uint8ArrayToHex(this.oid); - } - - /** - * If a known curve object identifier, return the canonical name of the curve - * @returns {string} String with the canonical name of the curve. - */ - getName() { - const hex = this.toHex(); - if (enums.curve[hex]) { - return enums.write(enums.curve, hex); - } else { - throw new Error('Unknown curve object identifier.'); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -function keyFromPrivate(indutnyCurve, priv) { - const keyPair = indutnyCurve.keyPair({ priv: priv }); - return keyPair; -} - -function keyFromPublic(indutnyCurve, pub) { - const keyPair = indutnyCurve.keyPair({ pub: pub }); - if (keyPair.validate().result !== true) { - throw new Error('Invalid elliptic public key'); - } - return keyPair; -} - -async function getIndutnyCurve(name) { - if (!config.useIndutnyElliptic) { - throw new Error('This curve is only supported in the full build of OpenPGP.js'); - } - const { default: elliptic } = await import('./elliptic.mjs'); - return new elliptic.ec(name); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -function readSimpleLength(bytes) { - let len = 0; - let offset; - const type = bytes[0]; - - - if (type < 192) { - [len] = bytes; - offset = 1; - } else if (type < 255) { - len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; - offset = 2; - } else if (type === 255) { - len = util.readNumber(bytes.subarray(1, 1 + 4)); - offset = 5; - } - - return { - len: len, - offset: offset - }; -} - -/** - * Encodes a given integer of length to the openpgp length specifier to a - * string - * - * @param {Integer} length - The length to encode - * @returns {Uint8Array} String with openpgp length representation. - */ -function writeSimpleLength(length) { - if (length < 192) { - return new Uint8Array([length]); - } else if (length > 191 && length < 8384) { - /* - * let a = (total data packet length) - 192 let bc = two octet - * representation of a let d = b + 192 - */ - return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); - } - return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); -} - -function writePartialLength(power) { - if (power < 0 || power > 30) { - throw new Error('Partial Length power must be between 1 and 30'); - } - return new Uint8Array([224 + power]); -} - -function writeTag(tag_type) { - /* we're only generating v4 packet headers here */ - return new Uint8Array([0xC0 | tag_type]); -} - -/** - * Writes a packet header version 4 with the given tag_type and length to a - * string - * - * @param {Integer} tag_type - Tag type - * @param {Integer} length - Length of the payload - * @returns {String} String of the header. - */ -function writeHeader(tag_type, length) { - /* we're only generating v4 packet headers here */ - return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); -} - -/** - * Whether the packet type supports partial lengths per RFC4880 - * @param {Integer} tag - Tag type - * @returns {Boolean} String of the header. - */ -function supportsStreaming(tag) { - return [ - enums.packet.literalData, - enums.packet.compressedData, - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ].includes(tag); -} - -/** - * Generic static Packet Parser function - * - * @param {Uint8Array | ReadableStream} input - Input stream as string - * @param {Function} callback - Function to call with the parsed packet - * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. - */ -async function readPackets(input, callback) { - const reader = getReader(input); - let writer; - let callbackReturned; - try { - const peekedBytes = await reader.peekBytes(2); - // some sanity checks - if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { - throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); - } - const headerByte = await reader.readByte(); - let tag = -1; - let format = -1; - let packetLength; - - format = 0; // 0 = old format; 1 = new format - if ((headerByte & 0x40) !== 0) { - format = 1; - } - - let packetLengthType; - if (format) { - // new format header - tag = headerByte & 0x3F; // bit 5-0 - } else { - // old format header - tag = (headerByte & 0x3F) >> 2; // bit 5-2 - packetLengthType = headerByte & 0x03; // bit 1-0 - } - - const packetSupportsStreaming = supportsStreaming(tag); - let packet = null; - if (packetSupportsStreaming) { - if (util.isStream(input) === 'array') { - const arrayStream = new ArrayStream(); - writer = getWriter(arrayStream); - packet = arrayStream; - } else { - const transform = new TransformStream(); - writer = getWriter(transform.writable); - packet = transform.readable; - } - // eslint-disable-next-line callback-return - callbackReturned = callback({ tag, packet }); - } else { - packet = []; - } - - let wasPartialLength; - do { - if (!format) { - // 4.2.1. Old Format Packet Lengths - switch (packetLengthType) { - case 0: - // The packet has a one-octet length. The header is 2 octets - // long. - packetLength = await reader.readByte(); - break; - case 1: - // The packet has a two-octet length. The header is 3 octets - // long. - packetLength = (await reader.readByte() << 8) | await reader.readByte(); - break; - case 2: - // The packet has a four-octet length. The header is 5 - // octets long. - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - break; - default: - // 3 - The packet is of indeterminate length. The header is 1 - // octet long, and the implementation must determine how long - // the packet is. If the packet is in a file, this means that - // the packet extends until the end of the file. In general, - // an implementation SHOULD NOT use indeterminate-length - // packets except where the end of the data will be clear - // from the context, and even then it is better to use a - // definite length, or a new format header. The new format - // headers described below have a mechanism for precisely - // encoding data of indeterminate length. - packetLength = Infinity; - break; - } - } else { // 4.2.2. New Format Packet Lengths - // 4.2.2.1. One-Octet Lengths - const lengthByte = await reader.readByte(); - wasPartialLength = false; - if (lengthByte < 192) { - packetLength = lengthByte; - // 4.2.2.2. Two-Octet Lengths - } else if (lengthByte >= 192 && lengthByte < 224) { - packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; - // 4.2.2.4. Partial Body Lengths - } else if (lengthByte > 223 && lengthByte < 255) { - packetLength = 1 << (lengthByte & 0x1F); - wasPartialLength = true; - if (!packetSupportsStreaming) { - throw new TypeError('This packet type does not support partial lengths.'); - } - // 4.2.2.3. Five-Octet Lengths - } else { - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - } - } - if (packetLength > 0) { - let bytesRead = 0; - while (true) { - if (writer) await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (packetLength === Infinity) break; - throw new Error('Unexpected end of packet'); - } - const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); - if (writer) await writer.write(chunk); - else packet.push(chunk); - bytesRead += value.length; - if (bytesRead >= packetLength) { - reader.unshift(value.subarray(packetLength - bytesRead + value.length)); - break; - } - } - } - } while (wasPartialLength); - - // If this was not a packet that "supports streaming", we peek to check - // whether it is the last packet in the message. We peek 2 bytes instead - // of 1 because the beginning of this function also peeks 2 bytes, and we - // want to cut a `subarray` of the correct length into `web-stream-tools`' - // `externalBuffer` as a tiny optimization here. - // - // If it *was* a streaming packet (i.e. the data packets), we peek at the - // entire remainder of the stream, in order to forward errors in the - // remainder of the stream to the packet data. (Note that this means we - // read/peek at all signature packets before closing the literal data - // packet, for example.) This forwards MDC errors to the literal data - // stream, for example, so that they don't get lost / forgotten on - // decryptedMessage.packets.stream, which we never look at. - // - // An example of what we do when stream-parsing a message containing - // [ one-pass signature packet, literal data packet, signature packet ]: - // 1. Read the one-pass signature packet - // 2. Peek 2 bytes of the literal data packet - // 3. Parse the one-pass signature packet - // - // 4. Read the literal data packet, simultaneously stream-parsing it - // 5. Peek until the end of the message - // 6. Finish parsing the literal data packet - // - // 7. Read the signature packet again (we already peeked at it in step 5) - // 8. Peek at the end of the stream again (`peekBytes` returns undefined) - // 9. Parse the signature packet - // - // Note that this means that if there's an error in the very end of the - // stream, such as an MDC error, we throw in step 5 instead of in step 8 - // (or never), which is the point of this exercise. - const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); - if (writer) { - await writer.ready; - await writer.close(); - } else { - packet = util.concatUint8Array(packet); - // eslint-disable-next-line callback-return - await callback({ tag, packet }); - } - return !nextPacket || !nextPacket.length; - } catch (e) { - if (writer) { - await writer.abort(e); - return true; - } else { - throw e; - } - } finally { - if (writer) { - await callbackReturned; - } - reader.releaseLock(); - } -} - -class UnsupportedError extends Error { - constructor(...params) { - super(...params); - - if (Error.captureStackTrace) { - Error.captureStackTrace(this, UnsupportedError); - } - - this.name = 'UnsupportedError'; - } -} - -class UnparseablePacket { - constructor(tag, rawContent) { - this.tag = tag; - this.rawContent = rawContent; - } - - write() { - return this.rawContent; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$6 = util.getWebCrypto(); -const nodeCrypto$7 = util.getNodeCrypto(); - -const webCurves = { - 'p256': 'P-256', - 'p384': 'P-384', - 'p521': 'P-521' -}; -const knownCurves = nodeCrypto$7 ? nodeCrypto$7.getCurves() : []; -const nodeCurves = nodeCrypto$7 ? { - secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, - p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, - p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, - p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, - ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined, - curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined, - brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, - brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, - brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined -} : {}; - -const curves = { - p256: { - oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.p256, - web: webCurves.p256, - payloadSize: 32, - sharedSize: 256 - }, - p384: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.p384, - web: webCurves.p384, - payloadSize: 48, - sharedSize: 384 - }, - p521: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.p521, - web: webCurves.p521, - payloadSize: 66, - sharedSize: 528 - }, - secp256k1: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.secp256k1, - payloadSize: 32 - }, - ed25519: { - oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], - keyType: enums.publicKey.eddsaLegacy, - hash: enums.hash.sha512, - node: false, // nodeCurves.ed25519 TODO - payloadSize: 32 - }, - curve25519: { - oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], - keyType: enums.publicKey.ecdh, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: false, // nodeCurves.curve25519 TODO - payloadSize: 32 - }, - brainpoolP256r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.brainpoolP256r1, - payloadSize: 32 - }, - brainpoolP384r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.brainpoolP384r1, - payloadSize: 48 - }, - brainpoolP512r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.brainpoolP512r1, - payloadSize: 64 - } -}; - -class CurveWithOID { - constructor(oidOrName, params) { - try { - if (util.isArray(oidOrName) || - util.isUint8Array(oidOrName)) { - // by oid byte array - oidOrName = new OID(oidOrName); - } - if (oidOrName instanceof OID) { - // by curve OID - oidOrName = oidOrName.getName(); - } - // by curve name or oid string - this.name = enums.write(enums.curve, oidOrName); - } catch (err) { - throw new UnsupportedError('Unknown curve'); - } - params = params || curves[this.name]; - - this.keyType = params.keyType; - - this.oid = params.oid; - this.hash = params.hash; - this.cipher = params.cipher; - this.node = params.node && curves[this.name]; - this.web = params.web && curves[this.name]; - this.payloadSize = params.payloadSize; - if (this.web && util.getWebCrypto()) { - this.type = 'web'; - } else if (this.node && util.getNodeCrypto()) { - this.type = 'node'; - } else if (this.name === 'curve25519') { - this.type = 'curve25519'; - } else if (this.name === 'ed25519') { - this.type = 'ed25519'; - } - } - - async genKeyPair() { - let keyPair; - switch (this.type) { - case 'web': - try { - return await webGenKeyPair(this.name); - } catch (err) { - util.printDebugError('Browser did not support generating ec key ' + err.message); - break; - } - case 'node': - return nodeGenKeyPair(this.name); - case 'curve25519': { - const privateKey = getRandomBytes(32); - privateKey[0] = (privateKey[0] & 127) | 64; - privateKey[31] &= 248; - const secretKey = privateKey.slice().reverse(); - keyPair = naclFastLight.box.keyPair.fromSecretKey(secretKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - case 'ed25519': { - const privateKey = getRandomBytes(32); - const keyPair = naclFastLight.sign.keyPair.fromSeed(privateKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - } - const indutnyCurve = await getIndutnyCurve(this.name); - keyPair = await indutnyCurve.genKeyPair({ - entropy: util.uint8ArrayToString(getRandomBytes(32)) - }); - return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) }; - } -} - -async function generate$1(curve) { - const BigInteger = await util.getBigInteger(); - - curve = new CurveWithOID(curve); - const keyPair = await curve.genKeyPair(); - const Q = new BigInteger(keyPair.publicKey).toUint8Array(); - const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize); - return { - oid: curve.oid, - Q, - secret, - hash: curve.hash, - cipher: curve.cipher - }; -} - -/** - * Get preferred hash algo to use with the given curve - * @param {module:type/oid} oid - curve oid - * @returns {enums.hash} hash algorithm - */ -function getPreferredHashAlgo(oid) { - return curves[enums.write(enums.curve, oid.toHex())].hash; -} - -/** - * Validate ECDH and ECDSA parameters - * Not suitable for EdDSA (different secret key format) - * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves - * @param {module:type/oid} oid - EC object identifier - * @param {Uint8Array} Q - EC public point - * @param {Uint8Array} d - EC secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateStandardParams(algo, oid, Q, d) { - const supportedCurves = { - p256: true, - p384: true, - p521: true, - secp256k1: true, - curve25519: algo === enums.publicKey.ecdh, - brainpoolP256r1: true, - brainpoolP384r1: true, - brainpoolP512r1: true - }; - - // Check whether the given curve is supported - const curveName = oid.getName(); - if (!supportedCurves[curveName]) { - return false; - } - - if (curveName === 'curve25519') { - d = d.slice().reverse(); - // Re-derive public point Q' - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(d); - - Q = new Uint8Array(Q); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - if (!util.equalsUint8Array(dG, Q)) { - return false; - } - - return true; - } - - const curve = await getIndutnyCurve(curveName); - try { - // Parse Q and check that it is on the curve but not at infinity - Q = keyFromPublic(curve, Q).getPublic(); - } catch (validationErrors) { - return false; - } - - /** - * Re-derive public point Q' = dG from private key - * Expect Q == Q' - */ - const dG = keyFromPrivate(curve, d).getPublic(); - if (!dG.eq(Q)) { - return false; - } - - return true; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -async function webGenKeyPair(name) { - // Note: keys generated with ECDSA and ECDH are structurally equivalent - const webCryptoKey = await webCrypto$6.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - - const privateKey = await webCrypto$6.exportKey('jwk', webCryptoKey.privateKey); - const publicKey = await webCrypto$6.exportKey('jwk', webCryptoKey.publicKey); - - return { - publicKey: jwkToRawPublic(publicKey), - privateKey: b64ToUint8Array(privateKey.d) - }; -} - -async function nodeGenKeyPair(name) { - // Note: ECDSA and ECDH key generation is structurally equivalent - const ecdh = nodeCrypto$7.createECDH(nodeCurves[name]); - await ecdh.generateKeys(); - return { - publicKey: new Uint8Array(ecdh.getPublicKey()), - privateKey: new Uint8Array(ecdh.getPrivateKey()) - }; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -/** - * @param {JsonWebKey} jwk - key for conversion - * - * @returns {Uint8Array} Raw public key. - */ -function jwkToRawPublic(jwk) { - const bufX = b64ToUint8Array(jwk.x); - const bufY = b64ToUint8Array(jwk.y); - const publicKey = new Uint8Array(bufX.length + bufY.length + 1); - publicKey[0] = 0x04; - publicKey.set(bufX, 1); - publicKey.set(bufY, bufX.length + 1); - return publicKey; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * - * @returns {JsonWebKey} Public key in jwk format. - */ -function rawPublicToJWK(payloadSize, name, publicKey) { - const len = payloadSize; - const bufX = publicKey.slice(1, len + 1); - const bufY = publicKey.slice(len + 1, len * 2 + 1); - // https://www.rfc-editor.org/rfc/rfc7518.txt - const jwk = { - kty: 'EC', - crv: name, - x: uint8ArrayToB64(bufX, true), - y: uint8ArrayToB64(bufY, true), - ext: true - }; - return jwk; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * @param {Uint8Array} privateKey - private key - * - * @returns {JsonWebKey} Private key in jwk format. - */ -function privateToJWK$1(payloadSize, name, publicKey, privateKey) { - const jwk = rawPublicToJWK(payloadSize, name, publicKey); - jwk.d = uint8ArrayToB64(privateKey, true); - return jwk; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$7 = util.getWebCrypto(); -const nodeCrypto$8 = util.getNodeCrypto(); - -/** - * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$1(oid, hashAlgo, message, publicKey, privateKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - const keyPair = { publicKey, privateKey }; - switch (curve.type) { - case 'web': { - // If browser doesn't support a curve, we'll catch it - try { - // Need to await to make sure browser succeeds - return await webSign$1(curve, hashAlgo, message, keyPair); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunaley Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support signing: ' + err.message); - } - break; - } - case 'node': { - const signature = await nodeSign$1(curve, hashAlgo, message, keyPair); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - } - } - return ellipticSign(curve, hashed, privateKey); -} - -/** - * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify - * @param {Uint8Array} message - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$1(oid, hashAlgo, signature, message, publicKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - switch (curve.type) { - case 'web': - try { - // Need to await to make sure browser succeeds - return await webVerify$1(curve, hashAlgo, signature, message, publicKey); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunately Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support verifying: ' + err.message); - } - break; - case 'node': - return nodeVerify$1(curve, hashAlgo, signature, message, publicKey); - } - } - const digest = (typeof hashAlgo === 'undefined') ? message : hashed; - return ellipticVerify(curve, signature, digest, publicKey); -} - -/** - * Validate ECDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDSA public point - * @param {Uint8Array} d - ECDSA secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$2(oid, Q, d) { - const curve = new CurveWithOID(oid); - // Reject curves x25519 and ed25519 - if (curve.keyType !== enums.publicKey.ecdsa) { - return false; - } - - // To speed up the validation, we try to use node- or webcrypto when available - // and sign + verify a random message - switch (curve.type) { - case 'web': - case 'node': { - const message = getRandomBytes(8); - const hashAlgo = enums.hash.sha256; - const hashed = await hash.digest(hashAlgo, message); - try { - const signature = await sign$1(oid, hashAlgo, message, Q, d, hashed); - return await verify$1(oid, hashAlgo, signature, message, Q, hashed); - } catch (err) { - return false; - } - } - default: - return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); - } -} - - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -async function ellipticSign(curve, hashed, privateKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPrivate(indutnyCurve, privateKey); - const signature = key.sign(hashed); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; -} - -async function ellipticVerify(curve, signature, digest, publicKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPublic(indutnyCurve, publicKey); - return key.verify(digest, signature); -} - -async function webSign$1(curve, hashAlgo, message, keyPair) { - const len = curve.payloadSize; - const jwk = privateToJWK$1(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['sign'] - ); - - const signature = new Uint8Array(await webCrypto$7.sign( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - message - )); - - return { - r: signature.slice(0, len), - s: signature.slice(len, len << 1) - }; -} - -async function webVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['verify'] - ); - - const signature = util.concatUint8Array([r, s]).buffer; - - return webCrypto$7.verify( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - signature, - message - ); -} - -async function nodeSign$1(curve, hashAlgo, message, keyPair) { - const sign = nodeCrypto$8.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(message); - sign.end(); - const key = ECPrivateKey.encode({ - version: 1, - parameters: curve.oid, - privateKey: Array.from(keyPair.privateKey), - publicKey: { unused: 0, data: Array.from(keyPair.publicKey) } - }, 'pem', { - label: 'EC PRIVATE KEY' - }); - - return ECDSASignature.decode(sign.sign(key), 'der'); -} - -async function nodeVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const { default: BN } = await import('./bn.mjs'); - - const verify = nodeCrypto$8.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(message); - verify.end(); - const key = SubjectPublicKeyInfo.encode({ - algorithm: { - algorithm: [1, 2, 840, 10045, 2, 1], - parameters: curve.oid - }, - subjectPublicKey: { unused: 0, data: Array.from(publicKey) } - }, 'pem', { - label: 'PUBLIC KEY' - }); - const signature = ECDSASignature.encode({ - r: new BN(r), s: new BN(s) - }, 'der'); - - try { - return verify.verify(key, signature); - } catch (err) { - return false; - } -} - -// Originally written by Owen Smith https://github.com/omsmith -// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/ - -/* eslint-disable no-invalid-this */ - -const asn1$1 = nodeCrypto$8 ? void('asn1.js') : undefined; - -const ECDSASignature = nodeCrypto$8 ? - asn1$1.define('ECDSASignature', function() { - this.seq().obj( - this.key('r').int(), - this.key('s').int() - ); - }) : undefined; - -const ECPrivateKey = nodeCrypto$8 ? - asn1$1.define('ECPrivateKey', function() { - this.seq().obj( - this.key('version').int(), - this.key('privateKey').octstr(), - this.key('parameters').explicit(0).optional().any(), - this.key('publicKey').explicit(1).optional().bitstr() - ); - }) : undefined; - -const AlgorithmIdentifier = nodeCrypto$8 ? - asn1$1.define('AlgorithmIdentifier', function() { - this.seq().obj( - this.key('algorithm').objid(), - this.key('parameters').optional().any() - ); - }) : undefined; - -const SubjectPublicKeyInfo = nodeCrypto$8 ? - asn1$1.define('SubjectPublicKeyInfo', function() { - this.seq().obj( - this.key('algorithm').use(AlgorithmIdentifier), - this.key('subjectPublicKey').bitstr() - ); - }) : undefined; - -var ecdsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$1, - verify: verify$1, - validateParams: validateParams$2 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Sign a message using the provided legacy EdDSA key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$2(oid, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; -} - -/** - * Verifies if a legacy EdDSA signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$2(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const signature = util.concatUint8Array([r, s]); - return naclFastLight.sign.detached.verify(hashed, signature, publicKey.subarray(1)); -} -/** - * Validate legacy EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point - * @param {Uint8Array} k - EdDSA secret seed - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$3(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } - - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); - -} - -var eddsa_legacy = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$2, - verify: verify$2, - validateParams: validateParams$3 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Generate (non-legacy) EdDSA key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} - */ -async function generate$2(algo) { - switch (algo) { - case enums.publicKey.ed25519: { - const seed = getRandomBytes(32); - const { publicKey: A } = naclFastLight.sign.keyPair.fromSeed(seed); - return { A, seed }; - } - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} - -/** - * Sign a message using the provided key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * RS: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$3(algo, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - const secretKey = util.concatUint8Array([privateKey, publicKey]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - return { RS: signature }; - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - -} - -/** - * Verifies if a signature is valid for a message - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{ RS: Uint8Array }} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$3(algo, hashAlgo, { RS }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - return naclFastLight.sign.detached.verify(hashed, RS, publicKey); - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} -/** - * Validate (non-legacy) EdDSA parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - EdDSA public point - * @param {Uint8Array} seed - EdDSA secret seed - * @param {Uint8Array} oid - (legacy only) EdDSA OID - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$4(algo, A, seed) { - switch (algo) { - case enums.publicKey.ed25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(seed); - return util.equalsUint8Array(A, publicKey); - } - - case enums.publicKey.ed448: // unsupported - default: - return false; - } -} - -function getPreferredHashAlgo$1(algo) { - switch (algo) { - case enums.publicKey.ed25519: - return enums.hash.sha256; - default: - throw new Error('Unknown EdDSA algo'); - } -} - -var eddsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$2, - sign: sign$3, - verify: verify$3, - validateParams: validateParams$4, - getPreferredHashAlgo: getPreferredHashAlgo$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * AES key wrap - * @function - * @param {Uint8Array} key - * @param {Uint8Array} data - * @returns {Uint8Array} - */ -function wrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const P = unpack(data); - let A = IV; - const R = P; - const n = P.length / 2; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 0; j <= 5; ++j) { - for (let i = 0; i < n; ++i) { - t[1] = n * j + (1 + i); - // B = A - B[0] = A[0]; - B[1] = A[1]; - // B = A || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES(K, B) - B = unpack(aes.encrypt(pack(B))); - // A = MSB(64, B) ^ t - A = B.subarray(0, 2); - A[0] ^= t[0]; - A[1] ^= t[1]; - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - return pack(A, R); -} - -/** - * AES key unwrap - * @function - * @param {String} key - * @param {String} data - * @returns {Uint8Array} - * @throws {Error} - */ -function unwrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const C = unpack(data); - let A = C.subarray(0, 2); - const R = C.subarray(2); - const n = C.length / 2 - 1; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 5; j >= 0; --j) { - for (let i = n - 1; i >= 0; --i) { - t[1] = n * j + (i + 1); - // B = A ^ t - B[0] = A[0] ^ t[0]; - B[1] = A[1] ^ t[1]; - // B = (A ^ t) || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES-1(B) - B = unpack(aes.decrypt(pack(B))); - // A = MSB(64, B) - A = B.subarray(0, 2); - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - if (A[0] === IV[0] && A[1] === IV[1]) { - return pack(R); - } - throw new Error('Key Data Integrity failed'); -} - -function createArrayBuffer(data) { - if (util.isString(data)) { - const { length } = data; - const buffer = new ArrayBuffer(length); - const view = new Uint8Array(buffer); - for (let j = 0; j < length; ++j) { - view[j] = data.charCodeAt(j); - } - return buffer; - } - return new Uint8Array(data).buffer; -} - -function unpack(data) { - const { length } = data; - const buffer = createArrayBuffer(data); - const view = new DataView(buffer); - const arr = new Uint32Array(length / 4); - for (let i = 0; i < length / 4; ++i) { - arr[i] = view.getUint32(4 * i); - } - return arr; -} - -function pack() { - let length = 0; - for (let k = 0; k < arguments.length; ++k) { - length += 4 * arguments[k].length; - } - const buffer = new ArrayBuffer(length); - const view = new DataView(buffer); - let offset = 0; - for (let i = 0; i < arguments.length; ++i) { - for (let j = 0; j < arguments[i].length; ++j) { - view.setUint32(offset + 4 * j, arguments[i][j]); - } - offset += 4 * arguments[i].length; - } - return new Uint8Array(buffer); -} - -var aesKW = /*#__PURE__*/Object.freeze({ - __proto__: null, - wrap: wrap, - unwrap: unwrap -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * @fileoverview Functions to add and remove PKCS5 padding - * @see PublicKeyEncryptedSessionKeyPacket - * @module crypto/pkcs5 - * @private - */ - -/** - * Add pkcs5 padding to a message - * @param {Uint8Array} message - message to pad - * @returns {Uint8Array} Padded message. - */ -function encode$1(message) { - const c = 8 - (message.length % 8); - const padded = new Uint8Array(message.length + c).fill(c); - padded.set(message); - return padded; -} - -/** - * Remove pkcs5 padding from a message - * @param {Uint8Array} message - message to remove padding from - * @returns {Uint8Array} Message without padding. - */ -function decode$1(message) { - const len = message.length; - if (len > 0) { - const c = message[len - 1]; - if (c >= 1) { - const provided = message.subarray(len - c); - const computed = new Uint8Array(c).fill(c); - if (util.equalsUint8Array(provided, computed)) { - return message.subarray(0, len - c); - } - } - } - throw new Error('Invalid padding'); -} - -var pkcs5 = /*#__PURE__*/Object.freeze({ - __proto__: null, - encode: encode$1, - decode: decode$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$8 = util.getWebCrypto(); -const nodeCrypto$9 = util.getNodeCrypto(); - -/** - * Validate ECDH parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDH public point - * @param {Uint8Array} d - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$5(oid, Q, d) { - return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); -} - -// Build Param for ECDH algorithm (RFC 6637) -function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { - return util.concatUint8Array([ - oid.write(), - new Uint8Array([public_algo]), - kdfParams.write(), - util.stringToUint8Array('Anonymous Sender '), - fingerprint.subarray(0, 20) - ]); -} - -// Key Derivation Function (RFC 6637) -async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { - // Note: X is little endian for Curve25519, big-endian for all others. - // This is not ideal, but the RFC's are unclear - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - let i; - if (stripLeading) { - // Work around old go crypto bug - for (i = 0; i < X.length && X[i] === 0; i++); - X = X.subarray(i); - } - if (stripTrailing) { - // Work around old OpenPGP.js bug - for (i = X.length - 1; i >= 0 && X[i] === 0; i--); - X = X.subarray(0, i + 1); - } - const digest = await hash.digest(hashAlgo, util.concatUint8Array([ - new Uint8Array([0, 0, 0, 1]), - X, - param - ])); - return digest.subarray(0, length); -} - -/** - * Generate ECDHE ephemeral key and secret from public key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPublicEphemeralKey(curve, Q) { - switch (curve.type) { - case 'curve25519': { - const d = getRandomBytes(32); - const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d); - let { publicKey } = naclFastLight.box.keyPair.fromSecretKey(secretKey); - publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]); - return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPublicEphemeralKey(curve, Q); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePublicEphemeralKey(curve, Q); - } - return ellipticPublicEphemeralKey(curve, Q); -} - -/** - * Encrypt and wrap a session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} data - Unpadded session key data - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} - * @async - */ -async function encrypt$3(oid, kdfParams, data, Q, fingerprint) { - const m = encode$1(data); - - const curve = new CurveWithOID(oid); - const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); - const wrappedKey = wrap(Z, m); - return { publicKey, wrappedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPrivateEphemeralKey(curve, V, Q, d) { - if (d.length !== curve.payloadSize) { - const privateKey = new Uint8Array(curve.payloadSize); - privateKey.set(d, curve.payloadSize - d.length); - d = privateKey; - } - switch (curve.type) { - case 'curve25519': { - const secretKey = d.slice().reverse(); - const sharedKey = naclFastLight.scalarMult(secretKey, V.subarray(1)); - return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPrivateEphemeralKey(curve, V, Q, d); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePrivateEphemeralKey(curve, V, d); - } - return ellipticPrivateEphemeralKey(curve, V, d); -} - -/** - * Decrypt and unwrap the value derived from session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} C - Encrypted and wrapped value derived from session key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Value derived from session key. - * @async - */ -async function decrypt$3(oid, kdfParams, V, C, Q, d, fingerprint) { - const curve = new CurveWithOID(oid); - const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - let err; - for (let i = 0; i < 3; i++) { - try { - // Work around old go crypto bug and old OpenPGP.js bug, respectively. - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); - return decode$1(unwrap(Z, C)); - } catch (e) { - err = e; - } - } - throw err; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPrivateEphemeralKey(curve, V, Q, d) { - const recipient = privateToJWK$1(curve.payloadSize, curve.web.web, Q, d); - let privateKey = webCrypto$8.importKey( - 'jwk', - recipient, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V); - let sender = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - [] - ); - [privateKey, sender] = await Promise.all([privateKey, sender]); - let S = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: sender - }, - privateKey, - curve.web.sharedSize - ); - let secret = webCrypto$8.exportKey( - 'jwk', - privateKey - ); - [S, secret] = await Promise.all([S, secret]); - const sharedKey = new Uint8Array(S); - const secretKey = b64ToUint8Array(secret.d); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPublicEphemeralKey(curve, Q) { - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q); - let keyPair = webCrypto$8.generateKey( - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - let recipient = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - false, - [] - ); - [keyPair, recipient] = await Promise.all([keyPair, recipient]); - let s = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: recipient - }, - keyPair.privateKey, - curve.web.sharedSize - ); - let p = webCrypto$8.exportKey( - 'jwk', - keyPair.publicKey - ); - [s, p] = await Promise.all([s, p]); - const sharedKey = new Uint8Array(s); - const publicKey = new Uint8Array(jwkToRawPublic(p)); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPrivateEphemeralKey(curve, V, d) { - const indutnyCurve = await getIndutnyCurve(curve.name); - V = keyFromPublic(indutnyCurve, V); - d = keyFromPrivate(indutnyCurve, d); - const secretKey = new Uint8Array(d.getPrivate()); - const S = d.derive(V.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPublicEphemeralKey(curve, Q) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const v = await curve.genKeyPair(); - Q = keyFromPublic(indutnyCurve, Q); - const V = keyFromPrivate(indutnyCurve, v.privateKey); - const publicKey = v.publicKey; - const S = V.derive(Q.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePrivateEphemeralKey(curve, V, d) { - const recipient = nodeCrypto$9.createECDH(curve.node.node); - recipient.setPrivateKey(d); - const sharedKey = new Uint8Array(recipient.computeSecret(V)); - const secretKey = new Uint8Array(recipient.getPrivateKey()); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePublicEphemeralKey(curve, Q) { - const sender = nodeCrypto$9.createECDH(curve.node.node); - sender.generateKeys(); - const sharedKey = new Uint8Array(sender.computeSecret(Q)); - const publicKey = new Uint8Array(sender.getPublicKey()); - return { publicKey, sharedKey }; -} - -var ecdh = /*#__PURE__*/Object.freeze({ - __proto__: null, - validateParams: validateParams$5, - encrypt: encrypt$3, - decrypt: decrypt$3 -}); - -/** - * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. - * @module crypto/hkdf - * @private - */ - -const webCrypto$9 = util.getWebCrypto(); -const nodeCrypto$a = util.getNodeCrypto(); -const nodeSubtleCrypto = nodeCrypto$a && nodeCrypto$a.webcrypto && nodeCrypto$a.webcrypto.subtle; - -async function HKDF(hashAlgo, inputKey, salt, info, outLen) { - const hash = enums.read(enums.webHash, hashAlgo); - if (!hash) throw new Error('Hash algo not supported with HKDF'); - - if (webCrypto$9 || nodeSubtleCrypto) { - const crypto = webCrypto$9 || nodeSubtleCrypto; - const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); - const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); - return new Uint8Array(bits); - } - - if (nodeCrypto$a) { - const hashAlgoName = enums.read(enums.hash, hashAlgo); - // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869 - - const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto$a.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest(); - // Step 1: Extract - // PRK = HMAC-Hash(salt, IKM) - const pseudoRandomKey = computeHMAC(salt, inputKey); - - const hashLen = pseudoRandomKey.length; - - // Step 2: Expand - // HKDF-Expand(PRK, info, L) -> OKM - const n = Math.ceil(outLen / hashLen); - const outputKeyingMaterial = new Uint8Array(n * hashLen); - - // HMAC input buffer updated at each iteration - const roundInput = new Uint8Array(hashLen + info.length + 1); - // T_i and last byte are updated at each iteration, but `info` remains constant - roundInput.set(info, hashLen); - - for (let i = 0; i < n; i++) { - // T(0) = empty string (zero length) - // T(i) = HMAC-Hash(PRK, T(i-1) | info | i) - roundInput[roundInput.length - 1] = i + 1; - // t = T(i+1) - const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen)); - roundInput.set(t, 0); - - outputKeyingMaterial.set(t, i * hashLen); - } - - return outputKeyingMaterial.subarray(0, outLen); - } - - throw new Error('No HKDF implementation available'); -} - -/** - * @fileoverview Key encryption and decryption for RFC 6637 ECDH - * @module crypto/public_key/elliptic/ecdh - * @private - */ - -const HKDF_INFO = { - x25519: util.encodeUTF8('OpenPGP X25519') -}; - -/** - * Generate ECDH key for Montgomery curves - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} - */ -async function generate$3(algo) { - switch (algo) { - case enums.publicKey.x25519: { - // k stays in little-endian, unlike legacy ECDH over curve25519 - const k = getRandomBytes(32); - const { publicKey: A } = naclFastLight.box.keyPair.fromSecretKey(k); - return { A, k }; - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** -* Validate ECDH parameters -* @param {module:enums.publicKey} algo - Algorithm identifier -* @param {Uint8Array} A - ECDH public point -* @param {Uint8Array} k - ECDH secret scalar -* @returns {Promise} Whether params are valid. -* @async -*/ -async function validateParams$6(algo, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(k); - return util.equalsUint8Array(A, publicKey); - } - - default: - return false; - } -} - -/** - * Wrap and encrypt a session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} data - session key data to be encrypted - * @param {Uint8Array} recipientA - Recipient public key (K_B) - * @returns {Promise<{ - * ephemeralPublicKey: Uint8Array, - * wrappedKey: Uint8Array - * }>} ephemeral public key (K_A) and encrypted key - * @async - */ -async function encrypt$4(algo, data, recipientA) { - switch (algo) { - case enums.publicKey.x25519: { - const ephemeralSecretKey = getRandomBytes(32); - const sharedSecret = naclFastLight.scalarMult(ephemeralSecretKey, recipientA); - const { publicKey: ephemeralPublicKey } = naclFastLight.box.keyPair.fromSecretKey(ephemeralSecretKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - recipientA, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - const wrappedKey = wrap(encryptionKey, data); - return { ephemeralPublicKey, wrappedKey }; - } - - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** - * Decrypt and unwrap the session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} ephemeralPublicKey - (K_A) - * @param {Uint8Array} wrappedKey, - * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF - * @param {Uint8Array} k - Recipient secret key (b) - * @returns {Promise} decrypted session key data - * @async - */ -async function decrypt$4(algo, ephemeralPublicKey, wrappedKey, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - const sharedSecret = naclFastLight.scalarMult(k, ephemeralPublicKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - A, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - return unwrap(encryptionKey, wrappedKey); - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -var ecdh_x = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$3, - validateParams: validateParams$6, - encrypt: encrypt$4, - decrypt: decrypt$4 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -var elliptic = /*#__PURE__*/Object.freeze({ - __proto__: null, - CurveWithOID: CurveWithOID, - ecdh: ecdh, - ecdhX: ecdh_x, - ecdsa: ecdsa, - eddsaLegacy: eddsa_legacy, - eddsa: eddsa, - generate: generate$1, - getPreferredHashAlgo: getPreferredHashAlgo -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/* - TODO regarding the hash function, read: - https://tools.ietf.org/html/rfc4880#section-13.6 - https://tools.ietf.org/html/rfc4880#section-14 -*/ - -/** - * DSA Sign function - * @param {Integer} hashAlgo - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} x - * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} - * @async - */ -async function sign$4(hashAlgo, hashed, g, p, q, x) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - x = new BigInteger(x); - - let k; - let r; - let s; - let t; - g = g.mod(p); - x = x.mod(q); - // If the output size of the chosen hash is larger than the number of - // bits of q, the hash result is truncated to fit by taking the number - // of leftmost bits equal to the number of bits of q. This (possibly - // truncated) hash function result is treated as a number and used - // directly in the DSA signature algorithm. - const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q); - // FIPS-186-4, section 4.6: - // The values of r and s shall be checked to determine if r = 0 or s = 0. - // If either r = 0 or s = 0, a new value of k shall be generated, and the - // signature shall be recalculated. It is extremely unlikely that r = 0 - // or s = 0 if signatures are generated properly. - while (true) { - // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - k = await getRandomBigInteger(one, q); // returns in [1, q-1] - r = g.modExp(k, p).imod(q); // (g**k mod p) mod q - if (r.isZero()) { - continue; - } - const xr = x.mul(r).imod(q); - t = h.add(xr).imod(q); // H(m) + x*r mod q - s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q - if (s.isZero()) { - continue; - } - break; - } - return { - r: r.toUint8Array('be', q.byteLength()), - s: s.toUint8Array('be', q.byteLength()) - }; -} - -/** - * DSA Verify function - * @param {Integer} hashAlgo - * @param {Uint8Array} r - * @param {Uint8Array} s - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} y - * @returns {boolean} - * @async - */ -async function verify$4(hashAlgo, r, s, hashed, g, p, q, y) { - const BigInteger = await util.getBigInteger(); - const zero = new BigInteger(0); - r = new BigInteger(r); - s = new BigInteger(s); - - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - - if (r.lte(zero) || r.gte(q) || - s.lte(zero) || s.gte(q)) { - util.printDebug('invalid DSA Signature'); - return false; - } - const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q); - const w = s.modInv(q); // s**-1 mod q - if (w.isZero()) { - util.printDebug('invalid DSA Signature'); - return false; - } - - g = g.mod(p); - y = y.mod(p); - const u1 = h.mul(w).imod(q); // H(m) * w mod q - const u2 = r.mul(w).imod(q); // r * w mod q - const t1 = g.modExp(u1, p); // g**u1 mod p - const t2 = y.modExp(u2, p); // y**u2 mod p - const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q - return v.equal(r); -} - -/** - * Validate DSA parameters - * @param {Uint8Array} p - DSA prime - * @param {Uint8Array} q - DSA group order - * @param {Uint8Array} g - DSA sub-group generator - * @param {Uint8Array} y - DSA public key - * @param {Uint8Array} x - DSA private key - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$7(p, q, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - /** - * Check that subgroup order q divides p-1 - */ - if (!p.dec().mod(q).isZero()) { - return false; - } - - /** - * g has order q - * Check that g ** q = 1 mod p - */ - if (!g.modExp(q, p).isOne()) { - return false; - } - - /** - * Check q is large and probably prime (we mainly want to avoid small factors) - */ - const qSize = new BigInteger(q.bitLength()); - const n150 = new BigInteger(150); - if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) { - return false; - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{rq + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q - const rqx = q.mul(r).add(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var dsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$4, - verify: verify$4, - validateParams: validateParams$7 -}); - -/** - * @fileoverview Asymmetric cryptography functions - * @module crypto/public_key - * @private - */ - -var publicKey = { - /** @see module:crypto/public_key/rsa */ - rsa: rsa, - /** @see module:crypto/public_key/elgamal */ - elgamal: elgamal, - /** @see module:crypto/public_key/elliptic */ - elliptic: elliptic, - /** @see module:crypto/public_key/dsa */ - dsa: dsa, - /** @see tweetnacl */ - nacl: naclFastLight -}; - -/** - * @fileoverview Provides functions for asymmetric signing and signature verification - * @module crypto/signature - * @private - */ - -/** - * Parse signature in binary form to get the parameters. - * The returned values are only padded for EdDSA, since in the other cases their expected length - * depends on the key params, hence we delegate the padding to the signature verification function. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Uint8Array} signature - Data for which the signature was created - * @returns {Promise} True if signature is valid. - * @async - */ -function parseSignatureParams(algo, signature) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA signatures: - // - MPI of RSA signature value m**d mod n. - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const s = util.readMPI(signature.subarray(read)); - // The signature needs to be the same length as the public key modulo n. - // We pad s on signature verification, where we have access to n. - return { s }; - } - // Algorithm-Specific Fields for DSA or ECDSA signatures: - // - MPI of DSA or ECDSA value r. - // - MPI of DSA or ECDSA value s. - case enums.publicKey.dsa: - case enums.publicKey.ecdsa: - { - const r = util.readMPI(signature.subarray(read)); read += r.length + 2; - const s = util.readMPI(signature.subarray(read)); - return { r, s }; - } - // Algorithm-Specific Fields for legacy EdDSA signatures: - // - MPI of an EC point r. - // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsaLegacy: { - // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: - // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 - let r = util.readMPI(signature.subarray(read)); read += r.length + 2; - r = util.leftPad(r, 32); - let s = util.readMPI(signature.subarray(read)); - s = util.leftPad(s, 32); - return { r, s }; - } - // Algorithm-Specific Fields for Ed25519 signatures: - // - 64 octets of the native signature - case enums.publicKey.ed25519: { - const RS = signature.subarray(read, read + 64); read += RS.length; - return { RS }; - } - default: - throw new UnsupportedError('Unknown signature algorithm.'); - } -} - -/** - * Verifies the signature provided for data using specified algorithms and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} signature - Named algorithm-specific signature parameters - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Data for which the signature was created - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} True if signature is valid. - * @async - */ -async function verify$5(algo, hashAlgo, signature, publicParams, data, hashed) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto - return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); - } - case enums.publicKey.dsa: { - const { g, p, q, y } = publicParams; - const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers - return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicParams; - const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; - // padding needed for webcrypto - const r = util.leftPad(signature.r, curveSize); - const s = util.leftPad(signature.s, curveSize); - return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicParams; - // signature already padded on parsing - return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -/** - * Creates a signature on data using specified algorithms and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters - * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters - * @param {Uint8Array} data - Data to be signed - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} Signature Object containing named signature parameters. - * @async - */ -async function sign$5(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { - if (!publicKeyParams || !privateKeyParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); - return { s }; - } - case enums.publicKey.dsa: { - const { g, p, q } = publicKeyParams; - const { x } = privateKeyParams; - return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); - } - case enums.publicKey.elgamal: { - throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicKeyParams; - const { d } = privateKeyParams; - return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -var signature = /*#__PURE__*/Object.freeze({ - __proto__: null, - parseSignatureParams: parseSignatureParams, - verify: verify$5, - sign: sign$5 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class ECDHSymmetricKey { - constructor(data) { - if (data) { - this.data = data; - } - } - - /** - * Read an ECDHSymmetricKey from an Uint8Array: - * - 1 octect for the length `l` - * - `l` octects of encoded session key data - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - if (bytes.length >= 1) { - const length = bytes[0]; - if (bytes.length >= 1 + length) { - this.data = bytes.subarray(1, 1 + length); - return 1 + this.data.length; - } - } - throw new Error('Invalid symmetric key'); - } - - /** - * Write an ECDHSymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Implementation of type KDF parameters - * - * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: - * A key derivation function (KDF) is necessary to implement the EC - * encryption. The Concatenation Key Derivation Function (Approved - * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is - * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. - * @module type/kdf_params - * @private - */ - -class KDFParams { - /** - * @param {enums.hash} hash - Hash algorithm - * @param {enums.symmetric} cipher - Symmetric algorithm - */ - constructor(data) { - if (data) { - const { hash, cipher } = data; - this.hash = hash; - this.cipher = cipher; - } else { - this.hash = null; - this.cipher = null; - } - } - - /** - * Read KDFParams from an Uint8Array - * @param {Uint8Array} input - Where to read the KDFParams from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { - throw new UnsupportedError('Cannot read KDFParams'); - } - this.hash = input[2]; - this.cipher = input[3]; - return 4; - } +function M(o, a, b) { + var v, c, + t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, + t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, + t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, + t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, + b0 = b[0], + b1 = b[1], + b2 = b[2], + b3 = b[3], + b4 = b[4], + b5 = b[5], + b6 = b[6], + b7 = b[7], + b8 = b[8], + b9 = b[9], + b10 = b[10], + b11 = b[11], + b12 = b[12], + b13 = b[13], + b14 = b[14], + b15 = b[15]; - /** - * Write KDFParams to an Uint8Array - * @returns {Uint8Array} Array with the KDFParams value - */ - write() { - return new Uint8Array([3, 1, this.hash, this.cipher]); - } -} + v = a[0]; + t0 += v * b0; + t1 += v * b1; + t2 += v * b2; + t3 += v * b3; + t4 += v * b4; + t5 += v * b5; + t6 += v * b6; + t7 += v * b7; + t8 += v * b8; + t9 += v * b9; + t10 += v * b10; + t11 += v * b11; + t12 += v * b12; + t13 += v * b13; + t14 += v * b14; + t15 += v * b15; + v = a[1]; + t1 += v * b0; + t2 += v * b1; + t3 += v * b2; + t4 += v * b3; + t5 += v * b4; + t6 += v * b5; + t7 += v * b6; + t8 += v * b7; + t9 += v * b8; + t10 += v * b9; + t11 += v * b10; + t12 += v * b11; + t13 += v * b12; + t14 += v * b13; + t15 += v * b14; + t16 += v * b15; + v = a[2]; + t2 += v * b0; + t3 += v * b1; + t4 += v * b2; + t5 += v * b3; + t6 += v * b4; + t7 += v * b5; + t8 += v * b6; + t9 += v * b7; + t10 += v * b8; + t11 += v * b9; + t12 += v * b10; + t13 += v * b11; + t14 += v * b12; + t15 += v * b13; + t16 += v * b14; + t17 += v * b15; + v = a[3]; + t3 += v * b0; + t4 += v * b1; + t5 += v * b2; + t6 += v * b3; + t7 += v * b4; + t8 += v * b5; + t9 += v * b6; + t10 += v * b7; + t11 += v * b8; + t12 += v * b9; + t13 += v * b10; + t14 += v * b11; + t15 += v * b12; + t16 += v * b13; + t17 += v * b14; + t18 += v * b15; + v = a[4]; + t4 += v * b0; + t5 += v * b1; + t6 += v * b2; + t7 += v * b3; + t8 += v * b4; + t9 += v * b5; + t10 += v * b6; + t11 += v * b7; + t12 += v * b8; + t13 += v * b9; + t14 += v * b10; + t15 += v * b11; + t16 += v * b12; + t17 += v * b13; + t18 += v * b14; + t19 += v * b15; + v = a[5]; + t5 += v * b0; + t6 += v * b1; + t7 += v * b2; + t8 += v * b3; + t9 += v * b4; + t10 += v * b5; + t11 += v * b6; + t12 += v * b7; + t13 += v * b8; + t14 += v * b9; + t15 += v * b10; + t16 += v * b11; + t17 += v * b12; + t18 += v * b13; + t19 += v * b14; + t20 += v * b15; + v = a[6]; + t6 += v * b0; + t7 += v * b1; + t8 += v * b2; + t9 += v * b3; + t10 += v * b4; + t11 += v * b5; + t12 += v * b6; + t13 += v * b7; + t14 += v * b8; + t15 += v * b9; + t16 += v * b10; + t17 += v * b11; + t18 += v * b12; + t19 += v * b13; + t20 += v * b14; + t21 += v * b15; + v = a[7]; + t7 += v * b0; + t8 += v * b1; + t9 += v * b2; + t10 += v * b3; + t11 += v * b4; + t12 += v * b5; + t13 += v * b6; + t14 += v * b7; + t15 += v * b8; + t16 += v * b9; + t17 += v * b10; + t18 += v * b11; + t19 += v * b12; + t20 += v * b13; + t21 += v * b14; + t22 += v * b15; + v = a[8]; + t8 += v * b0; + t9 += v * b1; + t10 += v * b2; + t11 += v * b3; + t12 += v * b4; + t13 += v * b5; + t14 += v * b6; + t15 += v * b7; + t16 += v * b8; + t17 += v * b9; + t18 += v * b10; + t19 += v * b11; + t20 += v * b12; + t21 += v * b13; + t22 += v * b14; + t23 += v * b15; + v = a[9]; + t9 += v * b0; + t10 += v * b1; + t11 += v * b2; + t12 += v * b3; + t13 += v * b4; + t14 += v * b5; + t15 += v * b6; + t16 += v * b7; + t17 += v * b8; + t18 += v * b9; + t19 += v * b10; + t20 += v * b11; + t21 += v * b12; + t22 += v * b13; + t23 += v * b14; + t24 += v * b15; + v = a[10]; + t10 += v * b0; + t11 += v * b1; + t12 += v * b2; + t13 += v * b3; + t14 += v * b4; + t15 += v * b5; + t16 += v * b6; + t17 += v * b7; + t18 += v * b8; + t19 += v * b9; + t20 += v * b10; + t21 += v * b11; + t22 += v * b12; + t23 += v * b13; + t24 += v * b14; + t25 += v * b15; + v = a[11]; + t11 += v * b0; + t12 += v * b1; + t13 += v * b2; + t14 += v * b3; + t15 += v * b4; + t16 += v * b5; + t17 += v * b6; + t18 += v * b7; + t19 += v * b8; + t20 += v * b9; + t21 += v * b10; + t22 += v * b11; + t23 += v * b12; + t24 += v * b13; + t25 += v * b14; + t26 += v * b15; + v = a[12]; + t12 += v * b0; + t13 += v * b1; + t14 += v * b2; + t15 += v * b3; + t16 += v * b4; + t17 += v * b5; + t18 += v * b6; + t19 += v * b7; + t20 += v * b8; + t21 += v * b9; + t22 += v * b10; + t23 += v * b11; + t24 += v * b12; + t25 += v * b13; + t26 += v * b14; + t27 += v * b15; + v = a[13]; + t13 += v * b0; + t14 += v * b1; + t15 += v * b2; + t16 += v * b3; + t17 += v * b4; + t18 += v * b5; + t19 += v * b6; + t20 += v * b7; + t21 += v * b8; + t22 += v * b9; + t23 += v * b10; + t24 += v * b11; + t25 += v * b12; + t26 += v * b13; + t27 += v * b14; + t28 += v * b15; + v = a[14]; + t14 += v * b0; + t15 += v * b1; + t16 += v * b2; + t17 += v * b3; + t18 += v * b4; + t19 += v * b5; + t20 += v * b6; + t21 += v * b7; + t22 += v * b8; + t23 += v * b9; + t24 += v * b10; + t25 += v * b11; + t26 += v * b12; + t27 += v * b13; + t28 += v * b14; + t29 += v * b15; + v = a[15]; + t15 += v * b0; + t16 += v * b1; + t17 += v * b2; + t18 += v * b3; + t19 += v * b4; + t20 += v * b5; + t21 += v * b6; + t22 += v * b7; + t23 += v * b8; + t24 += v * b9; + t25 += v * b10; + t26 += v * b11; + t27 += v * b12; + t28 += v * b13; + t29 += v * b14; + t30 += v * b15; -/** - * Encoded symmetric key for x25519 and x448 - * The payload format varies for v3 and v6 PKESK: - * the former includes an algorithm byte preceeding the encrypted session key. - * - * @module type/x25519x448_symkey - */ + t0 += 38 * t16; + t1 += 38 * t17; + t2 += 38 * t18; + t3 += 38 * t19; + t4 += 38 * t20; + t5 += 38 * t21; + t6 += 38 * t22; + t7 += 38 * t23; + t8 += 38 * t24; + t9 += 38 * t25; + t10 += 38 * t26; + t11 += 38 * t27; + t12 += 38 * t28; + t13 += 38 * t29; + t14 += 38 * t30; + // t15 left as is -class ECDHXSymmetricKey { - static fromObject({ wrappedKey, algorithm }) { - const instance = new ECDHXSymmetricKey(); - instance.wrappedKey = wrappedKey; - instance.algorithm = algorithm; - return instance; - } + // first car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - /** - * - 1 octect for the length `l` - * - `l` octects of encoded session key data (with optional leading algorithm byte) - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - let read = 0; - let followLength = bytes[read++]; - this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even - followLength -= followLength % 2; - this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength; - } + // second car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - /** - * Write an MontgomerySymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([ - this.algorithm ? - new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : - new Uint8Array([this.wrappedKey.length]), - this.wrappedKey - ]); - } + o[ 0] = t0; + o[ 1] = t1; + o[ 2] = t2; + o[ 3] = t3; + o[ 4] = t4; + o[ 5] = t5; + o[ 6] = t6; + o[ 7] = t7; + o[ 8] = t8; + o[ 9] = t9; + o[10] = t10; + o[11] = t11; + o[12] = t12; + o[13] = t13; + o[14] = t14; + o[15] = t15; } -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Encrypts data using specified algorithm and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. - * @param {module:enums.publicKey} keyAlgo - Public key algorithm - * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Session key data to be encrypted - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Encrypted session key parameters. - * @async - */ -async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const { n, e } = publicParams; - const c = await publicKey.rsa.encrypt(data, n, e); - return { c }; - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - return publicKey.elgamal.encrypt(data, p, g, y); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicParams; - const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( - oid, kdfParams, data, Q, fingerprint); - return { V, C: new ECDHSymmetricKey(C) }; - } - case enums.publicKey.x25519: { - if (!util.isAES(symmetricAlgo)) { - // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 - throw new Error('X25519 keys can only encrypt AES session keys'); - } - const { A } = publicParams; - const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( - keyAlgo, data, A); - const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); - return { ephemeralPublicKey, C }; - } - default: - return []; - } +function S(o, a) { + M(o, a, a); } -/** - * Decrypts data using specified algorithm and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Object} publicKeyParams - Algorithm-specific public key parameters - * @param {Object} privateKeyParams - Algorithm-specific private key parameters - * @param {Object} sessionKeyParams - Encrypted session key parameters - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing - * (needed for constant-time processing in RSA and ElGamal) - * @returns {Promise} Decrypted data. - * @throws {Error} on sensitive decryption error, unless `randomPayload` is given - * @async - */ -async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: { - const { c } = sessionKeyParams; - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); - } - case enums.publicKey.elgamal: { - const { c1, c2 } = sessionKeyParams; - const p = publicKeyParams.p; - const x = privateKeyParams.x; - return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicKeyParams; - const { d } = privateKeyParams; - const { V, C } = sessionKeyParams; - return publicKey.elliptic.ecdh.decrypt( - oid, kdfParams, V, C.data, Q, d, fingerprint); - } - case enums.publicKey.x25519: { - const { A } = publicKeyParams; - const { k } = privateKeyParams; - const { ephemeralPublicKey, C } = sessionKeyParams; - if (!util.isAES(C.algorithm)) { - throw new Error('AES session key expected'); - } - return publicKey.elliptic.ecdhX.decrypt( - algo, ephemeralPublicKey, C.wrappedKey, A, k); - } - default: - throw new Error('Unknown public key encryption algorithm.'); +function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 253; a >= 0; a--) { + S(c, c); + if(a !== 2 && a !== 4) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; } -/** - * Parse public key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. - */ -function parsePublicKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; - const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; - return { read, publicParams: { n, e } }; - } - case enums.publicKey.dsa: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, q, g, y } }; - } - case enums.publicKey.elgamal: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, g, y } }; - } - case enums.publicKey.ecdsa: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.eddsaLegacy: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - Q = util.leftPad(Q, 33); - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.ecdh: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); - return { read: read, publicParams: { oid, Q, kdfParams } }; - } - case enums.publicKey.ed25519: - case enums.publicKey.x25519: { - const A = bytes.subarray(read, read + 32); read += A.length; - return { read, publicParams: { A } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); +function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 250; a >= 0; a--) { + S(c, c); + if(a !== 1) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; } -/** - * Parse private key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @param {Object} publicParams - (ECC only) public params, needed to format some private params - * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. - */ -function parsePrivateKeyParams(algo, bytes, publicParams) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; - return { read, privateParams: { d, p, q, u } }; - } - case enums.publicKey.dsa: - case enums.publicKey.elgamal: { - const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; - return { read, privateParams: { x } }; - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const curve = new CurveWithOID(publicParams.oid); - let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - d = util.leftPad(d, curve.payloadSize); - return { read, privateParams: { d } }; - } - case enums.publicKey.eddsaLegacy: { - const curve = new CurveWithOID(publicParams.oid); - let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; - seed = util.leftPad(seed, curve.payloadSize); - return { read, privateParams: { seed } }; - } - case enums.publicKey.ed25519: { - const seed = bytes.subarray(read, read + 32); read += seed.length; - return { read, privateParams: { seed } }; - } - case enums.publicKey.x25519: { - const k = bytes.subarray(read, read + 32); read += k.length; - return { read, privateParams: { k } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); +function crypto_scalarmult(q, n, p) { + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; + } + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); } + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; + } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; } -/** Returns the types comprising the encrypted session key of an algorithm - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {Object} The session key parameters referenced by name. - */ -function parseEncSessionKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA encrypted session keys: - // - MPI of RSA encrypted value m**e mod n. - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const c = util.readMPI(bytes.subarray(read)); - return { c }; - } - - // Algorithm-Specific Fields for Elgamal encrypted session keys: - // - MPI of Elgamal value g**k mod p - // - MPI of Elgamal value m * y**k mod p - case enums.publicKey.elgamal: { - const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; - const c2 = util.readMPI(bytes.subarray(read)); - return { c1, c2 }; - } - // Algorithm-Specific Fields for ECDH encrypted session keys: - // - MPI containing the ephemeral key used to establish the shared secret - // - ECDH Symmetric Key - case enums.publicKey.ecdh: { - const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; - const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); - return { V, C }; - } - // Algorithm-Specific Fields for X25519 encrypted session keys: - // - 32 octets representing an ephemeral X25519 public key. - // - A one-octet size of the following fields. - // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - // - The encrypted session key. - case enums.publicKey.x25519: { - const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length; - const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); - return { ephemeralPublicKey, C }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } +function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); } -/** - * Convert params to MPI and serializes them in the proper order - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} params - The key parameters indexed by name - * @returns {Uint8Array} The array containing the MPIs. - */ -function serializeParams(algo, params) { - // Some algorithms do not rely on MPIs to store the binary params - const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]); - const orderedParams = Object.keys(params).map(name => { - const param = params[name]; - if (!util.isUint8Array(param)) return param.write(); - return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); - }); - return util.concatUint8Array(orderedParams); +function crypto_box_keypair(y, x) { + randombytes(x, 32); + return crypto_scalarmult_base(y, x); } -/** - * Generate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Integer} bits - Bit length for RSA keys - * @param {module:type/oid} oid - Object identifier for ECC keys - * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. - * @async - */ -function generateParams(algo, bits, oid) { - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ - privateParams: { d, p, q, u }, - publicParams: { n, e } - })); +var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 +]; + +function crypto_hashblocks_hl(hh, hl, m, n) { + var wh = new Int32Array(16), wl = new Int32Array(16), + bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, + bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, + th, tl, i, j, h, l, a, b, c, d; + + var ah0 = hh[0], + ah1 = hh[1], + ah2 = hh[2], + ah3 = hh[3], + ah4 = hh[4], + ah5 = hh[5], + ah6 = hh[6], + ah7 = hh[7], + + al0 = hl[0], + al1 = hl[1], + al2 = hl[2], + al3 = hl[3], + al4 = hl[4], + al5 = hl[5], + al6 = hl[6], + al7 = hl[7]; + + var pos = 0; + while (n >= 128) { + for (i = 0; i < 16; i++) { + j = 8 * i + pos; + wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; + wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; } - case enums.publicKey.ecdsa: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { d: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { seed: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.ecdh: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ - privateParams: { d: secret }, - publicParams: { - oid: new OID(oid), - Q, - kdfParams: new KDFParams({ hash, cipher }) + for (i = 0; i < 80; i++) { + bh0 = ah0; + bh1 = ah1; + bh2 = ah2; + bh3 = ah3; + bh4 = ah4; + bh5 = ah5; + bh6 = ah6; + bh7 = ah7; + + bl0 = al0; + bl1 = al1; + bl2 = al2; + bl3 = al3; + bl4 = al4; + bl5 = al5; + bl6 = al6; + bl7 = al7; + + // add + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma1 + h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); + l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Ch + h = (ah4 & ah5) ^ (~ah4 & ah6); + l = (al4 & al5) ^ (~al4 & al6); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // K + h = K[i*2]; + l = K[i*2+1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // w + h = wh[i%16]; + l = wl[i%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + th = c & 0xffff | d << 16; + tl = a & 0xffff | b << 16; + + // add + h = th; + l = tl; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma0 + h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); + l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Maj + h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); + l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + bh7 = (c & 0xffff) | (d << 16); + bl7 = (a & 0xffff) | (b << 16); + + // add + h = bh3; + l = bl3; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = th; + l = tl; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + bh3 = (c & 0xffff) | (d << 16); + bl3 = (a & 0xffff) | (b << 16); + + ah1 = bh0; + ah2 = bh1; + ah3 = bh2; + ah4 = bh3; + ah5 = bh4; + ah6 = bh5; + ah7 = bh6; + ah0 = bh7; + + al1 = bl0; + al2 = bl1; + al3 = bl2; + al4 = bl3; + al5 = bl4; + al6 = bl5; + al7 = bl6; + al0 = bl7; + + if (i%16 === 15) { + for (j = 0; j < 16; j++) { + // add + h = wh[j]; + l = wl[j]; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = wh[(j+9)%16]; + l = wl[(j+9)%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma0 + th = wh[(j+1)%16]; + tl = wl[(j+1)%16]; + h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); + l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma1 + th = wh[(j+14)%16]; + tl = wl[(j+14)%16]; + h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); + l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + wh[j] = (c & 0xffff) | (d << 16); + wl[j] = (a & 0xffff) | (b << 16); } - })); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ - privateParams: { seed }, - publicParams: { A } - })); - case enums.publicKey.x25519: - return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ - privateParams: { k }, - publicParams: { A } - })); - case enums.publicKey.dsa: - case enums.publicKey.elgamal: - throw new Error('Unsupported algorithm for key generation.'); - default: - throw new Error('Unknown public key algorithm.'); + } + } + + // add + h = ah0; + l = al0; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[0]; + l = hl[0]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[0] = ah0 = (c & 0xffff) | (d << 16); + hl[0] = al0 = (a & 0xffff) | (b << 16); + + h = ah1; + l = al1; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[1]; + l = hl[1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[1] = ah1 = (c & 0xffff) | (d << 16); + hl[1] = al1 = (a & 0xffff) | (b << 16); + + h = ah2; + l = al2; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[2]; + l = hl[2]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[2] = ah2 = (c & 0xffff) | (d << 16); + hl[2] = al2 = (a & 0xffff) | (b << 16); + + h = ah3; + l = al3; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[3]; + l = hl[3]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[3] = ah3 = (c & 0xffff) | (d << 16); + hl[3] = al3 = (a & 0xffff) | (b << 16); + + h = ah4; + l = al4; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[4]; + l = hl[4]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[4] = ah4 = (c & 0xffff) | (d << 16); + hl[4] = al4 = (a & 0xffff) | (b << 16); + + h = ah5; + l = al5; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[5]; + l = hl[5]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[5] = ah5 = (c & 0xffff) | (d << 16); + hl[5] = al5 = (a & 0xffff) | (b << 16); + + h = ah6; + l = al6; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[6]; + l = hl[6]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[6] = ah6 = (c & 0xffff) | (d << 16); + hl[6] = al6 = (a & 0xffff) | (b << 16); + + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[7]; + l = hl[7]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[7] = ah7 = (c & 0xffff) | (d << 16); + hl[7] = al7 = (a & 0xffff) | (b << 16); + + pos += 128; + n -= 128; } + + return n; } -/** - * Validate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Object} privateParams - Algorithm-specific private key parameters - * @returns {Promise} Whether the parameters are valid. - * @async - */ -async function validateParams$8(algo, publicParams, privateParams) { - if (!publicParams || !privateParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const { d, p, q, u } = privateParams; - return publicKey.rsa.validateParams(n, e, d, p, q, u); - } - case enums.publicKey.dsa: { - const { p, q, g, y } = publicParams; - const { x } = privateParams; - return publicKey.dsa.validateParams(p, q, g, y, x); - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - const { x } = privateParams; - return publicKey.elgamal.validateParams(p, g, y, x); - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; - const { oid, Q } = publicParams; - const { d } = privateParams; - return algoModule.validateParams(oid, Q, d); - } - case enums.publicKey.eddsaLegacy: { - const { Q, oid } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(algo, A, seed); - } - case enums.publicKey.x25519: { - const { A } = publicParams; - const { k } = privateParams; - return publicKey.elliptic.ecdhX.validateParams(algo, A, k); - } - default: - throw new Error('Unknown public key algorithm.'); - } +function crypto_hash(out, m, n) { + var hh = new Int32Array(8), + hl = new Int32Array(8), + x = new Uint8Array(256), + i, b = n; + + hh[0] = 0x6a09e667; + hh[1] = 0xbb67ae85; + hh[2] = 0x3c6ef372; + hh[3] = 0xa54ff53a; + hh[4] = 0x510e527f; + hh[5] = 0x9b05688c; + hh[6] = 0x1f83d9ab; + hh[7] = 0x5be0cd19; + + hl[0] = 0xf3bcc908; + hl[1] = 0x84caa73b; + hl[2] = 0xfe94f82b; + hl[3] = 0x5f1d36f1; + hl[4] = 0xade682d1; + hl[5] = 0x2b3e6c1f; + hl[6] = 0xfb41bd6b; + hl[7] = 0x137e2179; + + crypto_hashblocks_hl(hh, hl, m, n); + n %= 128; + + for (i = 0; i < n; i++) x[i] = m[b-n+i]; + x[n] = 128; + + n = 256-128*(n<112?1:0); + x[n-9] = 0; + ts64(x, n-8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(hh, hl, x, n); + + for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); + + return 0; } -/** - * Generates a random byte prefix for the specified algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. - * @async - */ -async function getPrefixRandom(algo) { - const { blockSize } = getCipher(algo); - const prefixrandom = await getRandomBytes(blockSize); - const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); - return util.concat([prefixrandom, repeat]); +function add(p, q) { + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(), + g = gf(), h = gf(), t = gf(); + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); + + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); } -/** - * Generating a session key for the specified symmetric algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Uint8Array} Random bytes as a string to be used as a key. - */ -function generateSessionKey(algo) { - const { keySize } = getCipher(algo); - return getRandomBytes(keySize); +function cswap(p, q, b) { + var i; + for (i = 0; i < 4; i++) { + sel25519(p[i], q[i], b); + } } -/** - * Get implementation of the given AEAD mode - * @param {enums.aead} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getAEADMode(algo) { - const algoName = enums.read(enums.aead, algo); - return mode[algoName]; +function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; } -/** - * Check whether the given curve OID is supported - * @param {module:type/oid} oid - EC object identifier - * @throws {UnsupportedError} if curve is not supported - */ -function checkSupportedCurve(oid) { - try { - oid.getName(); - } catch (e) { - throw new UnsupportedError('Unknown curve OID'); +function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = (s[(i/8)|0] >> (i&7)) & 1; + cswap(p, q, b); + add(q, p); + add(p, p); + cswap(p, q, b); } } -/** - * Get preferred hash algo for a given elliptic algo - * @param {module:enums.publicKey} algo - alrogithm identifier - * @param {module:type/oid} [oid] - curve OID if needed by algo - */ -function getPreferredCurveHashAlgo(algo, oid) { - switch (algo) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.getPreferredHashAlgo(oid); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); - default: - throw new Error('Unknown elliptic signing algo'); - } +function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); } -var crypto$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - publicKeyEncrypt: publicKeyEncrypt, - publicKeyDecrypt: publicKeyDecrypt, - parsePublicKeyParams: parsePublicKeyParams, - parsePrivateKeyParams: parsePrivateKeyParams, - parseEncSessionKeyParams: parseEncSessionKeyParams, - serializeParams: serializeParams, - generateParams: generateParams, - validateParams: validateParams$8, - getPrefixRandom: getPrefixRandom, - generateSessionKey: generateSessionKey, - getAEADMode: getAEADMode, - getCipher: getCipher, - getPreferredCurveHashAlgo: getPreferredCurveHashAlgo -}); +function crypto_sign_keypair(pk, sk, seeded) { + var d = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()]; + var i; -/** - * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js - * @see module:crypto/crypto - * @see module:crypto/signature - * @see module:crypto/public_key - * @see module:crypto/cipher - * @see module:crypto/random - * @see module:crypto/hash - * @module crypto - * @private - */ + if (!seeded) randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; -// TODO move cfb and gcm to cipher -const mod = { - /** @see module:crypto/cipher */ - cipher: cipher, - /** @see module:crypto/hash */ - hash: hash, - /** @see module:crypto/mode */ - mode: mode, - /** @see module:crypto/public_key */ - publicKey: publicKey, - /** @see module:crypto/signature */ - signature: signature, - /** @see module:crypto/random */ - random: random, - /** @see module:crypto/pkcs1 */ - pkcs1: pkcs1, - /** @see module:crypto/pkcs5 */ - pkcs5: pkcs5, - /** @see module:crypto/aes_kw */ - aesKW: aesKW -}; + scalarbase(p, d); + pack(pk, p); -Object.assign(mod, crypto$1); + for (i = 0; i < 32; i++) sk[i+32] = pk[i]; + return 0; +} + +var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); + +function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = Math.floor((x[j] + 128) / 256); + x[j] -= carry * 256; + } + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; j++) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; j++) x[j] -= carry * L[j]; + for (i = 0; i < 32; i++) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; + } +} -var TYPED_OK = typeof Uint8Array !== "undefined" && - typeof Uint16Array !== "undefined" && - typeof Int32Array !== "undefined"; +function reduce(r) { + var x = new Float64Array(64), i; + for (i = 0; i < 64; i++) x[i] = r[i]; + for (i = 0; i < 64; i++) r[i] = 0; + modL(r, x); +} +// Note: difference from C - smlen returned, not passed as argument. +function crypto_sign(sm, m, n, sk) { + var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; -// reduce buffer size, avoiding mem copy -function shrinkBuf(buf, size) { - if (buf.length === size) { - return buf; - } - if (buf.subarray) { - return buf.subarray(0, size); - } - buf.length = size; - return buf; -} + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + var smlen = n + 64; + for (i = 0; i < n; i++) sm[64 + i] = m[i]; + for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; -const fnTyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - if (src.subarray && dest.subarray) { - dest.set(src.subarray(src_offs, src_offs + len), dest_offs); - return; - } - // Fallback to ordinary array - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - let i, l, len, pos, chunk; - - // calculate data length - len = 0; - for (i = 0, l = chunks.length; i < l; i++) { - len += chunks[i].length; - } + crypto_hash(r, sm.subarray(32), n+32); + reduce(r); + scalarbase(p, r); + pack(sm, p); - // join chunks - const result = new Uint8Array(len); - pos = 0; - for (i = 0, l = chunks.length; i < l; i++) { - chunk = chunks[i]; - result.set(chunk, pos); - pos += chunk.length; - } + for (i = 32; i < 64; i++) sm[i] = sk[i]; + crypto_hash(h, sm, n + 64); + reduce(h); - return result; + for (i = 0; i < 64; i++) x[i] = 0; + for (i = 0; i < 32; i++) x[i] = r[i]; + for (i = 0; i < 32; i++) { + for (j = 0; j < 32; j++) { + x[i+j] += h[i] * d[j]; } -}; + } -const fnUntyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - return [].concat.apply([], chunks); - } -}; + modL(sm.subarray(32), x); + return smlen; +} +function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), + den = gf(), den2 = gf(), den4 = gf(), + den6 = gf(); -// Enable/Disable typed arrays use, for testing -// + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); + + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); + + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); -let Buf8 = TYPED_OK ? Uint8Array : Array; -let Buf16 = TYPED_OK ? Uint16Array : Array; -let Buf32 = TYPED_OK ? Int32Array : Array; -let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks; -let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet; + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) M(r[0], r[0], I); -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) return -1; -/* Allowed flush values; see deflate() and inflate() below for details */ -const Z_NO_FLUSH = 0; -const Z_PARTIAL_FLUSH = 1; -const Z_SYNC_FLUSH = 2; -const Z_FULL_FLUSH = 3; -const Z_FINISH = 4; -const Z_BLOCK = 5; -const Z_TREES = 6; + if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); -/* Return codes for the compression/decompression functions. Negative values - * are errors, positive values are used for special but normal events. - */ -const Z_OK = 0; -const Z_STREAM_END = 1; -const Z_NEED_DICT = 2; -const Z_STREAM_ERROR = -2; -const Z_DATA_ERROR = -3; -//export const Z_MEM_ERROR = -4; -const Z_BUF_ERROR = -5; -const Z_DEFAULT_COMPRESSION = -1; + M(r[3], r[0], r[1]); + return 0; +} +function crypto_sign_open(m, sm, n, pk) { + var i; + var t = new Uint8Array(32), h = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()], + q = [gf(), gf(), gf(), gf()]; -const Z_FILTERED = 1; -const Z_HUFFMAN_ONLY = 2; -const Z_RLE = 3; -const Z_FIXED = 4; -const Z_DEFAULT_STRATEGY = 0; + if (n < 64) return -1; -/* Possible values of the data_type field (though see inflate()) */ -const Z_BINARY = 0; -const Z_TEXT = 1; -//export const Z_ASCII = 1; // = Z_TEXT (deprecated) -const Z_UNKNOWN = 2; + if (unpackneg(q, pk)) return -1; -/* The deflate compression method */ -const Z_DEFLATED = 8; -//export const Z_NULL = null // Use -1 or null inline, depending on var type + for (i = 0; i < n; i++) m[i] = sm[i]; + for (i = 0; i < 32; i++) m[i+32] = pk[i]; + crypto_hash(h, m, n); + reduce(h); + scalarmult(p, q, h); -/*============================================================================*/ + scalarbase(q, sm.subarray(32)); + add(p, q); + pack(t, p); + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; i++) m[i] = 0; + return -1; + } -function zero$1(buf) { - let len = buf.length; while (--len >= 0) { - buf[len] = 0; - } + for (i = 0; i < n; i++) m[i] = sm[i + 64]; + return n; } -// From zutil.h - -const STORED_BLOCK = 0; -const STATIC_TREES = 1; -const DYN_TREES = 2; -/* The three kinds of block type */ +var crypto_scalarmult_BYTES = 32, + crypto_scalarmult_SCALARBYTES = 32, + crypto_box_PUBLICKEYBYTES = 32, + crypto_box_SECRETKEYBYTES = 32, + crypto_sign_BYTES = 64, + crypto_sign_PUBLICKEYBYTES = 32, + crypto_sign_SECRETKEYBYTES = 64, + crypto_sign_SEEDBYTES = 32; -const MIN_MATCH = 3; -const MAX_MATCH = 258; -/* The minimum and maximum match lengths */ +function checkArrayTypes() { + for (var i = 0; i < arguments.length; i++) { + if (!(arguments[i] instanceof Uint8Array)) + throw new TypeError('unexpected type, use Uint8Array'); + } +} -// From deflate.h -/* =========================================================================== - * Internal compression state. - */ +function cleanup(arr) { + for (var i = 0; i < arr.length; i++) arr[i] = 0; +} -const LENGTH_CODES = 29; -/* number of length codes, not counting the special END_BLOCK code */ +nacl.scalarMult = function(n, p) { + checkArrayTypes(n, p); + if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); + if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); + var q = new Uint8Array(crypto_scalarmult_BYTES); + crypto_scalarmult(q, n, p); + return q; +}; -const LITERALS = 256; -/* number of literal bytes 0..255 */ +nacl.box = {}; -const L_CODES = LITERALS + 1 + LENGTH_CODES; -/* number of Literal or Length codes, including the END_BLOCK code */ +nacl.box.keyPair = function() { + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); + crypto_box_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; -const D_CODES = 30; -/* number of distance codes */ +nacl.box.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_box_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + crypto_scalarmult_base(pk, secretKey); + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; -const BL_CODES = 19; -/* number of codes used to transfer the bit lengths */ +nacl.sign = function(msg, secretKey) { + checkArrayTypes(msg, secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); + crypto_sign(signedMsg, msg, msg.length, secretKey); + return signedMsg; +}; -const HEAP_SIZE = 2 * L_CODES + 1; -/* maximum heap size */ +nacl.sign.detached = function(msg, secretKey) { + var signedMsg = nacl.sign(msg, secretKey); + var sig = new Uint8Array(crypto_sign_BYTES); + for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; + return sig; +}; -const MAX_BITS = 15; -/* All codes must not exceed MAX_BITS bits */ +nacl.sign.detached.verify = function(msg, sig, publicKey) { + checkArrayTypes(msg, sig, publicKey); + if (sig.length !== crypto_sign_BYTES) + throw new Error('bad signature size'); + if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) + throw new Error('bad public key size'); + var sm = new Uint8Array(crypto_sign_BYTES + msg.length); + var m = new Uint8Array(crypto_sign_BYTES + msg.length); + var i; + for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; + for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; + return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); +}; -const Buf_size = 16; -/* size of bit buffer in bi_buf */ +nacl.sign.keyPair = function() { + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + crypto_sign_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; +nacl.sign.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; -/* =========================================================================== - * Constants - */ +nacl.sign.keyPair.fromSeed = function(seed) { + checkArrayTypes(seed); + if (seed.length !== crypto_sign_SEEDBYTES) + throw new Error('bad seed size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + for (var i = 0; i < 32; i++) sk[i] = seed[i]; + crypto_sign_keypair(pk, sk, true); + return {publicKey: pk, secretKey: sk}; +}; -const MAX_BL_BITS = 7; -/* Bit length codes must not exceed MAX_BL_BITS bits */ +nacl.setPRNG = function(fn) { + randombytes = fn; +}; -const END_BLOCK = 256; -/* end of block literal code */ +(function() { + // Initialize PRNG if environment provides CSPRNG. + // If not, methods calling randombytes will throw. + if (crypto$2 && crypto$2.getRandomValues) { + // Browsers and Node v16+ + var QUOTA = 65536; + nacl.setPRNG(function(x, n) { + var i, v = new Uint8Array(n); + for (i = 0; i < n; i += QUOTA) { + crypto$2.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); + } + for (i = 0; i < n; i++) x[i] = v[i]; + cleanup(v); + }); + } +})(); -const REP_3_6 = 16; -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const knownOIDs = { + '2a8648ce3d030107': enums.curve.nistP256, + '2b81040022': enums.curve.nistP384, + '2b81040023': enums.curve.nistP521, + '2b8104000a': enums.curve.secp256k1, + '2b06010401da470f01': enums.curve.ed25519Legacy, + '2b060104019755010501': enums.curve.curve25519Legacy, + '2b2403030208010107': enums.curve.brainpoolP256r1, + '2b240303020801010b': enums.curve.brainpoolP384r1, + '2b240303020801010d': enums.curve.brainpoolP512r1 +}; -const REPZ_3_10 = 17; -/* repeat a zero length 3-10 times (3 bits of repeat count) */ +class OID { + constructor(oid) { + if (oid instanceof OID) { + this.oid = oid.oid; + } else if (util.isArray(oid) || + util.isUint8Array(oid)) { + oid = new Uint8Array(oid); + if (oid[0] === 0x06) { // DER encoded oid byte array + if (oid[1] !== oid.length - 2) { + throw new Error('Length mismatch in DER encoded oid'); + } + oid = oid.subarray(2); + } + this.oid = oid; + } else { + this.oid = ''; + } + } -const REPZ_11_138 = 18; -/* repeat a zero length 11-138 times (7 bits of repeat count) */ + /** + * Method to read an OID object + * @param {Uint8Array} input - Where to read the OID from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length >= 1) { + const length = input[0]; + if (input.length >= 1 + length) { + this.oid = input.subarray(1, 1 + length); + return 1 + this.oid.length; + } + } + throw new Error('Invalid oid'); + } -/* eslint-disable comma-spacing,array-bracket-spacing */ -const extra_lbits = /* extra bits for each length code */ - [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]; + /** + * Serialize an OID object + * @returns {Uint8Array} Array with the serialized value the OID. + */ + write() { + return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); + } -const extra_dbits = /* extra bits for each distance code */ - [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]; + /** + * Serialize an OID object as a hex string + * @returns {string} String with the hex value of the OID. + */ + toHex() { + return util.uint8ArrayToHex(this.oid); + } -const extra_blbits = /* extra bits for each bit length code */ - [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]; + /** + * If a known curve object identifier, return the canonical name of the curve + * @returns {enums.curve} String with the canonical name of the curve + * @throws if unknown + */ + getName() { + const name = knownOIDs[this.toHex()]; + if (!name) { + throw new Error('Unknown curve object identifier.'); + } -const bl_order = - [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]; -/* eslint-enable comma-spacing,array-bracket-spacing */ + return name; + } +} -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/* =========================================================================== - * Local data. These are initialized only once. - */ -// We pre-fill arrays with 0 to avoid uninitialized gaps +function readSimpleLength(bytes) { + let len = 0; + let offset; + const type = bytes[0]; -const DIST_CODE_LEN = 512; /* see definition of array dist_code below */ -// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1 -const static_ltree = new Array((L_CODES + 2) * 2); -zero$1(static_ltree); -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ + if (type < 192) { + [len] = bytes; + offset = 1; + } else if (type < 255) { + len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; + offset = 2; + } else if (type === 255) { + len = util.readNumber(bytes.subarray(1, 1 + 4)); + offset = 5; + } -const static_dtree = new Array(D_CODES * 2); -zero$1(static_dtree); -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ + return { + len: len, + offset: offset + }; +} -const _dist_code = new Array(DIST_CODE_LEN); -zero$1(_dist_code); -/* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. +/** + * Encodes a given integer of length to the openpgp length specifier to a + * string + * + * @param {Integer} length - The length to encode + * @returns {Uint8Array} String with openpgp length representation. */ - -const _length_code = new Array(MAX_MATCH - MIN_MATCH + 1); -zero$1(_length_code); -/* length code for each normalized match length (0 == MIN_MATCH) */ - -const base_length = new Array(LENGTH_CODES); -zero$1(base_length); -/* First normalized length for each code (0 = MIN_MATCH) */ - -const base_dist = new Array(D_CODES); -zero$1(base_dist); -/* First normalized distance for each code (0 = distance of 1) */ - - -function StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) { - - this.static_tree = static_tree; /* static tree or NULL */ - this.extra_bits = extra_bits; /* extra bits for each code or NULL */ - this.extra_base = extra_base; /* base index for extra_bits */ - this.elems = elems; /* max number of elements in the tree */ - this.max_length = max_length; /* max bit length for the codes */ - - // show if `static_tree` has data or dummy - needed for monomorphic objects - this.has_stree = static_tree && static_tree.length; +function writeSimpleLength(length) { + if (length < 192) { + return new Uint8Array([length]); + } else if (length > 191 && length < 8384) { + /* + * let a = (total data packet length) - 192 let bc = two octet + * representation of a let d = b + 192 + */ + return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); + } + return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); } - -let static_l_desc; -let static_d_desc; -let static_bl_desc; - - -function TreeDesc(dyn_tree, stat_desc) { - this.dyn_tree = dyn_tree; /* the dynamic tree */ - this.max_code = 0; /* largest code with non zero frequency */ - this.stat_desc = stat_desc; /* the corresponding static tree */ +function writePartialLength(power) { + if (power < 0 || power > 30) { + throw new Error('Partial Length power must be between 1 and 30'); + } + return new Uint8Array([224 + power]); } - - -function d_code(dist) { - return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)]; +function writeTag(tag_type) { + /* we're only generating v4 packet headers here */ + return new Uint8Array([0xC0 | tag_type]); } - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. +/** + * Writes a packet header version 4 with the given tag_type and length to a + * string + * + * @param {Integer} tag_type - Tag type + * @param {Integer} length - Length of the payload + * @returns {String} String of the header. */ -function put_short(s, w) { -// put_byte(s, (uch)((w) & 0xff)); -// put_byte(s, (uch)((ush)(w) >> 8)); - s.pending_buf[s.pending++] = w & 0xff; - s.pending_buf[s.pending++] = w >>> 8 & 0xff; +function writeHeader(tag_type, length) { + /* we're only generating v4 packet headers here */ + return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); } - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. +/** + * Whether the packet type supports partial lengths per RFC4880 + * @param {Integer} tag - Tag type + * @returns {Boolean} String of the header. */ -function send_bits(s, value, length) { - if (s.bi_valid > Buf_size - length) { - s.bi_buf |= value << s.bi_valid & 0xffff; - put_short(s, s.bi_buf); - s.bi_buf = value >> Buf_size - s.bi_valid; - s.bi_valid += length - Buf_size; - } else { - s.bi_buf |= value << s.bi_valid & 0xffff; - s.bi_valid += length; - } -} - - -function send_code(s, c, tree) { - send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/); +function supportsStreaming(tag) { + return [ + enums.packet.literalData, + enums.packet.compressedData, + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ].includes(tag); } - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 +/** + * Generic static Packet Parser function + * + * @param {Uint8Array | ReadableStream} input - Input stream as string + * @param {Function} callback - Function to call with the parsed packet + * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. */ -function bi_reverse(code, len) { - let res = 0; - do { - res |= code & 1; - code >>>= 1; - res <<= 1; - } while (--len > 0); - return res >>> 1; -} - - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -function bi_flush(s) { - if (s.bi_valid === 16) { - put_short(s, s.bi_buf); - s.bi_buf = 0; - s.bi_valid = 0; - - } else if (s.bi_valid >= 8) { - s.pending_buf[s.pending++] = s.bi_buf & 0xff; - s.bi_buf >>= 8; - s.bi_valid -= 8; - } -} - - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -function gen_bitlen(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const max_code = desc.max_code; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const extra = desc.stat_desc.extra_bits; - const base = desc.stat_desc.extra_base; - const max_length = desc.stat_desc.max_length; - let h; /* heap index */ - let n, m; /* iterate over the tree elements */ - let bits; /* bit length */ - let xbits; /* extra bits */ - let f; /* frequency */ - let overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) { - s.bl_count[bits] = 0; - } - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */ - - for (h = s.heap_max + 1; h < HEAP_SIZE; h++) { - n = s.heap[h]; - bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1; - if (bits > max_length) { - bits = max_length; - overflow++; - } - tree[n * 2 + 1]/*.Len*/ = bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) { - continue; - } /* not a leaf node */ - - s.bl_count[bits]++; - xbits = 0; - if (n >= base) { - xbits = extra[n - base]; - } - f = tree[n * 2]/*.Freq*/; - s.opt_len += f * (bits + xbits); - if (has_stree) { - s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits); - } - } - if (overflow === 0) { - return; +async function readPackets(input, callback) { + const reader = getReader(input); + let writer; + let callbackReturned; + try { + const peekedBytes = await reader.peekBytes(2); + // some sanity checks + if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { + throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); } + const headerByte = await reader.readByte(); + let tag = -1; + let format = -1; + let packetLength; - // Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length - 1; - while (s.bl_count[bits] === 0) { - bits--; - } - s.bl_count[bits]--; /* move one leaf down the tree */ - s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */ - s.bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits !== 0; bits--) { - n = s.bl_count[bits]; - while (n !== 0) { - m = s.heap[--h]; - if (m > max_code) { - continue; - } - if (tree[m * 2 + 1]/*.Len*/ !== bits) { - // Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/; - tree[m * 2 + 1]/*.Len*/ = bits; - } - n--; - } + format = 0; // 0 = old format; 1 = new format + if ((headerByte & 0x40) !== 0) { + format = 1; } -} - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -function gen_codes(tree, max_code, bl_count) -// ct_data *tree; /* the tree to decorate */ -// int max_code; /* largest code with non zero frequency */ -// ushf *bl_count; /* number of codes at each bit length */ -{ - const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */ - let code = 0; /* running code value */ - let bits; /* bit index */ - let n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = code + bl_count[bits - 1] << 1; + let packetLengthType; + if (format) { + // new format header + tag = headerByte & 0x3F; // bit 5-0 + } else { + // old format header + tag = (headerByte & 0x3F) >> 2; // bit 5-2 + packetLengthType = headerByte & 0x03; // bit 1-0 } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES - 1; code++) { - base_length[code] = length; - for (n = 0; n < 1 << extra_lbits[code]; n++) { - _length_code[length++] = code; + let wasPartialLength; + do { + if (!format) { + // 4.2.1. Old Format Packet Lengths + switch (packetLengthType) { + case 0: + // The packet has a one-octet length. The header is 2 octets + // long. + packetLength = await reader.readByte(); + break; + case 1: + // The packet has a two-octet length. The header is 3 octets + // long. + packetLength = (await reader.readByte() << 8) | await reader.readByte(); + break; + case 2: + // The packet has a four-octet length. The header is 5 + // octets long. + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + break; + default: + // 3 - The packet is of indeterminate length. The header is 1 + // octet long, and the implementation must determine how long + // the packet is. If the packet is in a file, this means that + // the packet extends until the end of the file. In general, + // an implementation SHOULD NOT use indeterminate-length + // packets except where the end of the data will be clear + // from the context, and even then it is better to use a + // definite length, or a new format header. The new format + // headers described below have a mechanism for precisely + // encoding data of indeterminate length. + packetLength = Infinity; + break; } - } - //Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - _length_code[length - 1] = code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < 1 << extra_dbits[code]; n++) { - _dist_code[dist++] = code; + } else { // 4.2.2. New Format Packet Lengths + // 4.2.2.1. One-Octet Lengths + const lengthByte = await reader.readByte(); + wasPartialLength = false; + if (lengthByte < 192) { + packetLength = lengthByte; + // 4.2.2.2. Two-Octet Lengths + } else if (lengthByte >= 192 && lengthByte < 224) { + packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; + // 4.2.2.4. Partial Body Lengths + } else if (lengthByte > 223 && lengthByte < 255) { + packetLength = 1 << (lengthByte & 0x1F); + wasPartialLength = true; + if (!packetSupportsStreaming) { + throw new TypeError('This packet type does not support partial lengths.'); + } + // 4.2.2.3. Five-Octet Lengths + } else { + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); } - } - //Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for (; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < 1 << extra_dbits[code] - 7; n++) { - _dist_code[256 + dist++] = code; + } + if (packetLength > 0) { + let bytesRead = 0; + while (true) { + if (writer) await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (packetLength === Infinity) break; + throw new Error('Unexpected end of packet'); + } + const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); + if (writer) await writer.write(chunk); + else packet.push(chunk); + bytesRead += value.length; + if (bytesRead >= packetLength) { + reader.unshift(value.subarray(packetLength - bytesRead + value.length)); + break; + } } - } - //Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) { - bl_count[bits] = 0; - } - - n = 0; - while (n <= 143) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - while (n <= 255) { - static_ltree[n * 2 + 1]/*.Len*/ = 9; - n++; - bl_count[9]++; - } - while (n <= 279) { - static_ltree[n * 2 + 1]/*.Len*/ = 7; - n++; - bl_count[7]++; - } - while (n <= 287) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes(static_ltree, L_CODES + 1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n * 2 + 1]/*.Len*/ = 5; - static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5); - } - - // Now data ready and we can init static trees - static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS); - static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS); - static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS); - - //static_init_done = true; -} - - -/* =========================================================================== - * Initialize a new block. - */ -function init_block(s) { - let n; /* iterates over tree elements */ + } + } while (wasPartialLength); - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) { - s.dyn_ltree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < D_CODES; n++) { - s.dyn_dtree[n * 2]/*.Freq*/ = 0; + // If this was not a packet that "supports streaming", we peek to check + // whether it is the last packet in the message. We peek 2 bytes instead + // of 1 because the beginning of this function also peeks 2 bytes, and we + // want to cut a `subarray` of the correct length into `web-stream-tools`' + // `externalBuffer` as a tiny optimization here. + // + // If it *was* a streaming packet (i.e. the data packets), we peek at the + // entire remainder of the stream, in order to forward errors in the + // remainder of the stream to the packet data. (Note that this means we + // read/peek at all signature packets before closing the literal data + // packet, for example.) This forwards MDC errors to the literal data + // stream, for example, so that they don't get lost / forgotten on + // decryptedMessage.packets.stream, which we never look at. + // + // An example of what we do when stream-parsing a message containing + // [ one-pass signature packet, literal data packet, signature packet ]: + // 1. Read the one-pass signature packet + // 2. Peek 2 bytes of the literal data packet + // 3. Parse the one-pass signature packet + // + // 4. Read the literal data packet, simultaneously stream-parsing it + // 5. Peek until the end of the message + // 6. Finish parsing the literal data packet + // + // 7. Read the signature packet again (we already peeked at it in step 5) + // 8. Peek at the end of the stream again (`peekBytes` returns undefined) + // 9. Parse the signature packet + // + // Note that this means that if there's an error in the very end of the + // stream, such as an MDC error, we throw in step 5 instead of in step 8 + // (or never), which is the point of this exercise. + const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); + if (writer) { + await writer.ready; + await writer.close(); + } else { + packet = util.concatUint8Array(packet); + // eslint-disable-next-line callback-return + await callback({ tag, packet }); } - for (n = 0; n < BL_CODES; n++) { - s.bl_tree[n * 2]/*.Freq*/ = 0; + return !nextPacket || !nextPacket.length; + } catch (e) { + if (writer) { + await writer.abort(e); + return true; + } else { + throw e; } - - s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1; - s.opt_len = s.static_len = 0; - s.last_lit = s.matches = 0; -} - - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -function bi_windup(s) { - if (s.bi_valid > 8) { - put_short(s, s.bi_buf); - } else if (s.bi_valid > 0) { - //put_byte(s, (Byte)s->bi_buf); - s.pending_buf[s.pending++] = s.bi_buf; + } finally { + if (writer) { + await callbackReturned; } - s.bi_buf = 0; - s.bi_valid = 0; + reader.releaseLock(); + } } -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -function copy_block(s, buf, len, header) -//DeflateState *s; -//charf *buf; /* the input data */ -//unsigned len; /* its length */ -//int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ +class UnsupportedError extends Error { + constructor(...params) { + super(...params); - if (header) { - put_short(s, len); - put_short(s, ~len); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - // while (len--) { - // put_byte(s, *buf++); - // } - arraySet(s.pending_buf, s.window, buf, len, s.pending); - s.pending += len; -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -function smaller(tree, n, m, depth) { - const _n2 = n * 2; - const _m2 = m * 2; - return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ || - tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m]; -} - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -function pqdownheap(s, tree, k) -// deflate_state *s; -// ct_data *tree; /* the tree to restore */ -// int k; /* node to move down */ -{ - const v = s.heap[k]; - let j = k << 1; /* left son of k */ - while (j <= s.heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s.heap_len && - smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s.heap[j], s.depth)) { - break; - } - /* Exchange v with the smallest son */ - s.heap[k] = s.heap[j]; - k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s.heap[k] = v; + this.name = 'UnsupportedError'; + } } +// unknown packet types are handled differently depending on the packet criticality +class UnknownPacketError extends UnsupportedError { + constructor(...params) { + super(...params); -// inlined manually -// var SMALLEST = 1; - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -function compress_block(s, ltree, dtree) -// deflate_state *s; -// const ct_data *ltree; /* literal tree */ -// const ct_data *dtree; /* distance tree */ -{ - let dist; /* distance of matched string */ - let lc; /* match length or unmatched char (if dist == 0) */ - let lx = 0; /* running index in l_buf */ - let code; /* the code to send */ - let extra; /* number of extra bits to send */ - - if (s.last_lit !== 0) { - do { - dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1]; - lc = s.pending_buf[s.l_buf + lx]; - lx++; - - if (dist === 0) { - send_code(s, lc, ltree); /* send a literal byte */ - //Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code + LITERALS + 1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra !== 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - //Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra !== 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - // "pendingBuf overflow"); - - } while (lx < s.last_lit); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - send_code(s, END_BLOCK, ltree); + this.name = 'UnknownPacketError'; + } } +class UnparseablePacket { + constructor(tag, rawContent) { + this.tag = tag; + this.rawContent = rawContent; + } -/* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ -function build_tree(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const elems = desc.stat_desc.elems; - let n, m; /* iterate over heap elements */ - let max_code = -1; /* largest code with non zero frequency */ - let node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s.heap_len = 0; - s.heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n * 2]/*.Freq*/ !== 0) { - s.heap[++s.heap_len] = max_code = n; - s.depth[n] = 0; - - } else { - tree[n * 2 + 1]/*.Len*/ = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s.heap_len < 2) { - node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0; - tree[node * 2]/*.Freq*/ = 1; - s.depth[node] = 0; - s.opt_len--; - - if (has_stree) { - s.static_len -= stree[node * 2 + 1]/*.Len*/; - } - /* node is 0 or 1 so it does not have extra bits */ - } - desc.max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) { - pqdownheap(s, tree, n); - } - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - //pqremove(s, tree, n); /* n = node of least frequency */ - /*** pqremove ***/ - n = s.heap[1/*SMALLEST*/]; - s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--]; - pqdownheap(s, tree, 1/*SMALLEST*/); - /***/ - - m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */ - - s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */ - s.heap[--s.heap_max] = m; - - /* Create a new node father of n and m */ - tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/; - s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1; - tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node; - - /* and insert the new node in the heap */ - s.heap[1/*SMALLEST*/] = node++; - pqdownheap(s, tree, 1/*SMALLEST*/); - - } while (s.heap_len >= 2); - - s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes(tree, max_code, s.bl_count); + write() { + return this.rawContent; + } } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -function scan_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - s.bl_tree[curlen * 2]/*.Freq*/ += count; - - } else if (curlen !== 0) { - - if (curlen !== prevlen) { - s.bl_tree[curlen * 2]/*.Freq*/++; - } - s.bl_tree[REP_3_6 * 2]/*.Freq*/++; - - } else if (count <= 10) { - s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++; - - } else { - s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++; - } - - count = 0; - prevlen = curlen; - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. +/** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} */ -function send_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - do { - send_code(s, curlen, s.bl_tree); - } while (--count !== 0); - - } else if (curlen !== 0) { - if (curlen !== prevlen) { - send_code(s, curlen, s.bl_tree); - count--; - } - //Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s.bl_tree); - send_bits(s, count - 3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s.bl_tree); - send_bits(s, count - 3, 3); - - } else { - send_code(s, REPZ_11_138, s.bl_tree); - send_bits(s, count - 11, 7); - } - - count = 0; - prevlen = curlen; - if (nextlen === 0) { - max_count = 138; - min_count = 3; +async function generate$3(algo) { + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']); - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; + const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey); - } else { - max_count = 7; - min_count = 4; + return { + A: new Uint8Array(b64ToUint8Array(publicKey.x)), + seed: b64ToUint8Array(privateKey.d, true) + }; + } catch (err) { + if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux + throw err; } - } -} - - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -function build_bl_tree(s) { - let max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, s.dyn_ltree, s.l_desc.max_code); - scan_tree(s, s.dyn_dtree, s.d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, s.bl_desc); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ + const seed = getRandomBytes(getPayloadSize$1(algo)); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) { - if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) { - break; - } + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const seed = ed448.utils.randomPrivateKey(); + const A = ed448.getPublicKey(seed); + return { A, seed }; } - /* Update opt_len to include the bit length tree and counts */ - s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4; - //Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - // s->opt_len, s->static_len)); - - return max_blindex; + default: + throw new Error('Unsupported EdDSA algorithm'); + } } - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. +/** + * Sign a message using the provided key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * RS: Uint8Array + * }>} Signature of the message + * @async */ -function send_all_trees(s, lcodes, dcodes, blcodes) -// deflate_state *s; -// int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - let rank; /* index in bl_order */ - - //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - // "too many codes"); - //Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes - 1, 5); - send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - //Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3); - } - //Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */ - //Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */ - //Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - +async function sign$5(algo, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = privateKeyToJWK(algo, publicKey, privateKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']); -/* =========================================================================== - * Check if the data type is TEXT or BINARY, using the following algorithm: - * - TEXT if the two conditions below are satisfied: - * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). - * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). - * - BINARY otherwise. - * - The following partially-portable control characters form a - * "gray list" that is ignored in this detection algorithm: - * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). - * IN assertion: the fields Freq of dyn_ltree are set. - */ -function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes - * set bits 0..6, 14..25, and 28..31 - * 0xf3ffc07f = binary 11110011111111111100000001111111 - */ - let black_mask = 0xf3ffc07f; - let n; + const signature = new Uint8Array( + await webCrypto.sign('Ed25519', key, hashed) + ); - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_BINARY; + return { RS: signature }; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; } - } + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } - /* Check for textual ("white-listed") bytes. */ - if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || - s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - for (n = 32; n < LITERALS; n++) { - if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const signature = ed448.sign(hashed, privateKey); + return { RS: signature }; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } - /* There are no "black-listed" or "white-listed" bytes: - * this stream either is empty or has tolerated ("gray-listed") bytes only. - */ - return Z_BINARY; } - -let static_init_done = false; - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. +/** + * Verifies if a signature is valid for a message + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{ RS: Uint8Array }} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async */ -function _tr_init(s) { +async function verify$5(algo, hashAlgo, { RS }, m, publicKey, hashed) { + if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = publicKeyToJWK(algo, publicKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']); + const verified = await webCrypto.verify('Ed25519', key, RS, hashed); + return verified; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + return nacl.sign.detached.verify(hashed, RS, publicKey); + } - if (!static_init_done) { - tr_static_init(); - static_init_done = true; + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + return ed448.verify(RS, hashed, publicKey); } - - s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc); - s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc); - s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc); - - s.bi_buf = 0; - s.bi_valid = 0; - - /* Initialize the first block of the first file: */ - init_block(s); -} - - -/* =========================================================================== - * Send a stored block - */ -function _tr_stored_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */ - copy_block(s, buf, stored_len, true); /* with header */ -} - - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - */ -function _tr_align(s) { - send_bits(s, STATIC_TREES << 1, 3); - send_code(s, END_BLOCK, static_ltree); - bi_flush(s); + default: + throw new Error('Unsupported EdDSA algorithm'); + } } - - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. +/** + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point + * @param {Uint8Array} seed - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID + * @returns {Promise} Whether params are valid. + * @async */ -function _tr_flush_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block, or NULL if too old */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - let opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - let max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s.level > 0) { - - /* Check if the file is binary or text */ - if (s.strm.data_type === Z_UNKNOWN) { - s.strm.data_type = detect_data_type(s); - } - - /* Construct the literal and distance trees */ - build_tree(s, s.l_desc); - // Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - - build_tree(s, s.d_desc); - // Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute the block lengths in bytes. */ - opt_lenb = s.opt_len + 3 + 7 >>> 3; - static_lenb = s.static_len + 3 + 7 >>> 3; - - // Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - // s->last_lit)); +async function validateParams$6(algo, A, seed) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(seed); + return util.equalsUint8Array(A, publicKey); + } - if (static_lenb <= opt_lenb) { - opt_lenb = static_lenb; - } + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); - } else { - // Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ + const publicKey = ed448.getPublicKey(seed); + return util.equalsUint8Array(A, publicKey); } + default: + return false; + } +} - if (stored_len + 4 <= opt_lenb && buf !== -1) { - /* 4: two words for the lengths */ +function getPayloadSize$1(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return 32; - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, last); + case enums.publicKey.ed448: + return 57; - } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) { + default: + throw new Error('Unsupported EdDSA algorithm'); + } +} - send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3); - compress_block(s, static_ltree, static_dtree); +function getPreferredHashAlgo$2(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return enums.hash.sha256; + case enums.publicKey.ed448: + return enums.hash.sha512; + default: + throw new Error('Unknown EdDSA algo'); + } +} - } else { - send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3); - send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1); - compress_block(s, s.dyn_ltree, s.dyn_dtree); +const publicKeyToJWK = (algo, publicKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = { + kty: 'OKP', + crv: 'Ed25519', + x: uint8ArrayToB64(publicKey), + ext: true + }; + return jwk; } - // Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; - if (last) { - bi_windup(s); +const privateKeyToJWK = (algo, publicKey, privateKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = publicKeyToJWK(algo, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } - // Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - // s->compressed_len-7*last)); -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -function _tr_tally(s, dist, lc) -// deflate_state *s; -// unsigned dist; /* distance of matched string */ -// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - //var out_length, in_length, dcode; - - s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff; - s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff; + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; - s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff; - s.last_lit++; +var eddsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + generate: generate$3, + getPayloadSize: getPayloadSize$1, + getPreferredHashAlgo: getPreferredHashAlgo$2, + sign: sign$5, + validateParams: validateParams$6, + verify: verify$5 +}); - if (dist === 0) { - /* lc is the unmatched char */ - s.dyn_ltree[lc * 2]/*.Freq*/++; - } else { - s.matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - //Assert((ush)dist < (ush)MAX_DIST(s) && - // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - // (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++; - s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - - //#ifdef TRUNCATE_BLOCK - // /* Try to guess if it is profitable to stop the current block here */ - // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) { - // /* Compute an upper bound for the compressed length */ - // out_length = s.last_lit*8; - // in_length = s.strstart - s.block_start; - // - // for (dcode = 0; dcode < D_CODES; dcode++) { - // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]); - // } - // out_length >>>= 3; - // //Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - // // s->last_lit, in_length, out_length, - // // 100L - out_length*100L/in_length)); - // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) { - // return true; - // } - // } - //#endif - - return s.last_lit === s.lit_bufsize - 1; - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -// Note: adler32 takes 12% for level 0 and 2% for level 6. -// It isn't worth it to make additional optimizations as in original. -// Small size is preferable. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral // -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. // -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. // -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function adler32(adler, buf, len, pos) { - let s1 = adler & 0xffff |0, - s2 = adler >>> 16 & 0xffff |0, - n = 0; - while (len !== 0) { - // Set limit ~ twice less than 5552, to keep - // s2 in 31-bits, because we force signed ints. - // in other case %= will fail. - n = len > 2000 ? 2000 : len; - len -= n; - - do { - s1 = s1 + buf[pos++] |0; - s2 = s2 + s1 |0; - } while (--n); +const webCrypto$4 = util.getWebCrypto(); +/** + * AES key wrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} dataToWrap + * @returns {Uint8Array} wrapped key + */ +async function wrap(algo, key, dataToWrap) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - s1 %= 65521; - s2 %= 65521; + try { + const wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']); + // Import data as HMAC key, as it has no key length requirements + const keyToWrap = await webCrypto$4.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + const wrapped = await webCrypto$4.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' }); + return new Uint8Array(wrapped); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + } - return s1 | s2 << 16 |0; + return aeskw(key).encrypt(dataToWrap); } -// Note: we can't get significant speed boost here. -// So write code to minimize size - no pregenerated tables -// and array tools dependencies. +/** + * AES key unwrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} wrappedData + * @returns {Uint8Array} unwrapped data + */ +async function unwrap(algo, key, wrappedData) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// Use ordinary array, since untyped makes no boost here -function makeTable() { - let c; - const table = []; - - for (let n = 0; n < 256; n++) { - c = n; - for (let k = 0; k < 8; k++) { - c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1; - } - table[n] = c; + let wrappingKey; + try { + wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + return aeskw(key).decrypt(wrappedData); + } - return table; -} - -// Create table on load. Just 255 signed longs. Not a problem. -const crcTable = makeTable(); - - -function crc32(crc, buf, len, pos) { - const t = crcTable, - end = pos + len; - - crc ^= -1; - - for (let i = pos; i < end; i++) { - crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF]; + try { + const unwrapped = await webCrypto$4.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + return new Uint8Array(await webCrypto$4.exportKey('raw', unwrapped)); + } catch (err) { + if (err.name === 'OperationError') { + throw new Error('Key Data Integrity failed'); } - - return crc ^ -1; // >>> 0; + throw err; + } } -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -var msg = { - 2: "need dictionary", /* Z_NEED_DICT 2 */ - 1: "stream end", /* Z_STREAM_END 1 */ - 0: "", /* Z_OK 0 */ - "-1": "file error", /* Z_ERRNO (-1) */ - "-2": "stream error", /* Z_STREAM_ERROR (-2) */ - "-3": "data error", /* Z_DATA_ERROR (-3) */ - "-4": "insufficient memory", /* Z_MEM_ERROR (-4) */ - "-5": "buffer error", /* Z_BUF_ERROR (-5) */ - "-6": "incompatible version" /* Z_VERSION_ERROR (-6) */ -}; - -/*============================================================================*/ - +var aesKW = /*#__PURE__*/Object.freeze({ + __proto__: null, + unwrap: unwrap, + wrap: wrap +}); -const MAX_MEM_LEVEL = 9; +/** + * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. + * @module crypto/hkdf + */ -const LENGTH_CODES$1 = 29; -/* number of length codes, not counting the special END_BLOCK code */ -const LITERALS$1 = 256; -/* number of literal bytes 0..255 */ -const L_CODES$1 = LITERALS$1 + 1 + LENGTH_CODES$1; -/* number of Literal or Length codes, including the END_BLOCK code */ -const D_CODES$1 = 30; -/* number of distance codes */ -const BL_CODES$1 = 19; -/* number of codes used to transfer the bit lengths */ -const HEAP_SIZE$1 = 2 * L_CODES$1 + 1; -/* maximum heap size */ -const MAX_BITS$1 = 15; -/* All codes must not exceed MAX_BITS bits */ +const webCrypto$3 = util.getWebCrypto(); -const MIN_MATCH$1 = 3; -const MAX_MATCH$1 = 258; -const MIN_LOOKAHEAD = (MAX_MATCH$1 + MIN_MATCH$1 + 1); +async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) { + const hash = enums.read(enums.webHash, hashAlgo); + if (!hash) throw new Error('Hash algo not supported with HKDF'); -const PRESET_DICT = 0x20; + const importedKey = await webCrypto$3.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); + const bits = await webCrypto$3.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); + return new Uint8Array(bits); +} -const INIT_STATE = 42; -const EXTRA_STATE = 69; -const NAME_STATE = 73; -const COMMENT_STATE = 91; -const HCRC_STATE = 103; -const BUSY_STATE = 113; -const FINISH_STATE = 666; +/** + * @fileoverview Key encryption and decryption for RFC 6637 ECDH + * @module crypto/public_key/elliptic/ecdh + */ -const BS_NEED_MORE = 1; /* block not completed, need more input or more output */ -const BS_BLOCK_DONE = 2; /* block flush performed */ -const BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */ -const BS_FINISH_DONE = 4; /* finish done, accept no more input or output */ -const OS_CODE = 0x03; // Unix :) . Don't detect, use this default. +const HKDF_INFO = { + x25519: util.encodeUTF8('OpenPGP X25519'), + x448: util.encodeUTF8('OpenPGP X448') +}; -function err(strm, errorCode) { - strm.msg = msg[errorCode]; - return errorCode; -} +/** + * Generate ECDH key for Montgomery curves + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} + */ +async function generate$2(algo) { + switch (algo) { + case enums.publicKey.x25519: { + // k stays in little-endian, unlike legacy ECDH over curve25519 + const k = getRandomBytes(32); + const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k); + return { A, k }; + } -function rank(f) { - return ((f) << 1) - ((f) > 4 ? 9 : 0); + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const k = x448.utils.randomPrivateKey(); + const A = x448.getPublicKey(k); + return { A, k }; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } } -function zero$2(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } } +/** +* Validate ECDH parameters +* @param {module:enums.publicKey} algo - Algorithm identifier +* @param {Uint8Array} A - ECDH public point +* @param {Uint8Array} k - ECDH secret scalar +* @returns {Promise} Whether params are valid. +* @async +*/ +async function validateParams$5(algo, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.box.keyPair.fromSecretKey(k); + return util.equalsUint8Array(A, publicKey); + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + /** + * Derive public point A' from private key + * and expect A == A' + */ + const publicKey = x448.getPublicKey(k); + return util.equalsUint8Array(A, publicKey); + } + default: + return false; + } +} -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->output buffer and copying into it. - * (See also read_buf()). +/** + * Wrap and encrypt a session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} data - session key data to be encrypted + * @param {Uint8Array} recipientA - Recipient public key (K_B) + * @returns {Promise<{ + * ephemeralPublicKey: Uint8Array, + * wrappedKey: Uint8Array + * }>} ephemeral public key (K_A) and encrypted key + * @async */ -function flush_pending(strm) { - const s = strm.state; +async function encrypt$2(algo, data, recipientA) { + const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + recipientA, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } - //_tr_flush_bits(s); - let len = s.pending; - if (len > strm.avail_out) { - len = strm.avail_out; + default: + throw new Error('Unsupported ECDH algorithm'); } - if (len === 0) { return; } +} - arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out); - strm.next_out += len; - s.pending_out += len; - strm.total_out += len; - strm.avail_out -= len; - s.pending -= len; - if (s.pending === 0) { - s.pending_out = 0; +/** + * Decrypt and unwrap the session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} ephemeralPublicKey - (K_A) + * @param {Uint8Array} wrappedKey, + * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF + * @param {Uint8Array} k - Recipient secret key (b) + * @returns {Promise} decrypted session key data + * @async + */ +async function decrypt$2(algo, ephemeralPublicKey, wrappedKey, A, k) { + const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + A, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + default: + throw new Error('Unsupported ECDH algorithm'); } } +function getPayloadSize(algo) { + switch (algo) { + case enums.publicKey.x25519: + return 32; -function flush_block_only(s, last) { - _tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last); - s.block_start = s.strstart; - flush_pending(s.strm); -} - + case enums.publicKey.x448: + return 56; -function put_byte(s, b) { - s.pending_buf[s.pending++] = b; + default: + throw new Error('Unsupported ECDH algorithm'); + } } - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. +/** + * Generate shared secret and ephemeral public key for encryption + * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret + * @async */ -function putShortMSB(s, b) { - // put_byte(s, (Byte)(b >> 8)); - // put_byte(s, (Byte)(b & 0xff)); - s.pending_buf[s.pending++] = (b >>> 8) & 0xff; - s.pending_buf[s.pending++] = b & 0xff; +async function generateEphemeralEncryptionMaterial(algo, recipientA) { + switch (algo) { + case enums.publicKey.x25519: { + const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo)); + const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const ephemeralSecretKey = x448.utils.randomPrivateKey(); + const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } } +async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->input buffer and copying from it. - * (See also flush_pending()). +/** + * x25519 and x448 produce an all-zero value when given as input a point with small order. + * This does not lead to a security issue in the context of ECDH, but it is still unexpected, + * hence we throw. + * @param {Uint8Array} sharedSecret */ -function read_buf(strm, buf, start, size) { - let len = strm.avail_in; - - if (len > size) { len = size; } - if (len === 0) { return 0; } - - strm.avail_in -= len; - - // zmemcpy(buf, strm->next_in, len); - arraySet(buf, strm.input, strm.next_in, len, start); - if (strm.state.wrap === 1) { - strm.adler = adler32(strm.adler, buf, len, start); +function assertNonZeroArray(sharedSecret) { + let acc = 0; + for (let i = 0; i < sharedSecret.length; i++) { + acc |= sharedSecret[i]; } - - else if (strm.state.wrap === 2) { - strm.adler = crc32(strm.adler, buf, len, start); + if (acc === 0) { + throw new Error('Unexpected low order point'); } - - strm.next_in += len; - strm.total_in += len; - - return len; } +var ecdh_x = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$2, + encrypt: encrypt$2, + generate: generate$2, + generateEphemeralEncryptionMaterial: generateEphemeralEncryptionMaterial, + getPayloadSize: getPayloadSize, + recomputeSharedSecret: recomputeSharedSecret, + validateParams: validateParams$5 +}); -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -function longest_match(s, cur_match) { - let chain_length = s.max_chain_length; /* max hash chain length */ - let scan = s.strstart; /* current string */ - let match; /* matched string */ - let len; /* length of current match */ - let best_len = s.prev_length; /* best match length so far */ - let nice_match = s.nice_match; /* stop if match long enough */ - const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ? - s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/; - - const _win = s.window; // shortcut - - const wmask = s.w_mask; - const prev = s.prev; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - const strend = s.strstart + MAX_MATCH$1; - let scan_end1 = _win[scan + best_len - 1]; - let scan_end = _win[scan + best_len]; +const webCrypto$2 = util.getWebCrypto(); +const nodeCrypto$2 = util.getNodeCrypto(); - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); +const webCurves = { + [enums.curve.nistP256]: 'P-256', + [enums.curve.nistP384]: 'P-384', + [enums.curve.nistP521]: 'P-521' +}; +const knownCurves = nodeCrypto$2 ? nodeCrypto$2.getCurves() : []; +const nodeCurves = nodeCrypto$2 ? { + [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, + [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, + [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, + [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, + [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined, + [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined, + [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, + [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, + [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined +} : {}; - /* Do not waste too much time if we already have a good match: */ - if (s.prev_length >= s.good_match) { - chain_length >>= 2; +const curves = { + [enums.curve.nistP256]: { + oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.nistP256], + web: webCurves[enums.curve.nistP256], + payloadSize: 32, + sharedSize: 256, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP384]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.nistP384], + web: webCurves[enums.curve.nistP384], + payloadSize: 48, + sharedSize: 384, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP521]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.nistP521], + web: webCurves[enums.curve.nistP521], + payloadSize: 66, + sharedSize: 528, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.secp256k1]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.secp256k1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.ed25519Legacy]: { + oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], + keyType: enums.publicKey.eddsaLegacy, + hash: enums.hash.sha512, + node: false, // nodeCurves.ed25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.curve25519Legacy]: { + oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], + keyType: enums.publicKey.ecdh, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: false, // nodeCurves.curve25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.brainpoolP256r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.brainpoolP256r1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP384r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.brainpoolP384r1], + payloadSize: 48, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP512r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.brainpoolP512r1], + payloadSize: 64, + wireFormatLeadingByte: 0x04 } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if (nice_match > s.lookahead) { nice_match = s.lookahead; } - - // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - // Assert(cur_match < s->strstart, "no future"); - match = cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2. Note that the checks below - * for insufficient lookahead only occur occasionally for performance - * reasons. Therefore uninitialized memory will be accessed, and - * conditional jumps will be made that depend on those values. - * However the length of the match is limited to the lookahead, so - * the output of deflate is not affected by the uninitialized values. - */ +}; - if (_win[match + best_len] !== scan_end || - _win[match + best_len - 1] !== scan_end1 || - _win[match] !== _win[scan] || - _win[++match] !== _win[scan + 1]) { - continue; +class CurveWithOID { + constructor(oidOrName) { + try { + this.name = oidOrName instanceof OID ? + oidOrName.getName() : + enums.write(enums.curve,oidOrName); + } catch (err) { + throw new UnsupportedError('Unknown curve'); } + const params = curves[this.name]; - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2; - match++; - // Assert(*scan == *match, "match[2]?"); + this.keyType = params.keyType; - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - /*jshint noempty:false*/ - } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - scan < strend); - - // Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH$1 - (strend - scan); - scan = strend - MAX_MATCH$1; - - if (len > best_len) { - s.match_start = cur_match; - best_len = len; - if (len >= nice_match) { - break; - } - scan_end1 = _win[scan + best_len - 1]; - scan_end = _win[scan + best_len]; + this.oid = params.oid; + this.hash = params.hash; + this.cipher = params.cipher; + this.node = params.node; + this.web = params.web; + this.payloadSize = params.payloadSize; + this.sharedSize = params.sharedSize; + this.wireFormatLeadingByte = params.wireFormatLeadingByte; + if (this.web && util.getWebCrypto()) { + this.type = 'web'; + } else if (this.node && util.getNodeCrypto()) { + this.type = 'node'; + } else if (this.name === enums.curve.curve25519Legacy) { + this.type = 'curve25519Legacy'; + } else if (this.name === enums.curve.ed25519Legacy) { + this.type = 'ed25519Legacy'; } - } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0); - - if (best_len <= s.lookahead) { - return best_len; } - return s.lookahead; -} - - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -function fill_window(s) { - const _w_size = s.w_size; - let p, n, m, more, str; - - //Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); - do { - more = s.window_size - s.lookahead - s.strstart; - - // JS ints have 32 bit, block below not needed - /* Deal with !@#$% 64K limit: */ - //if (sizeof(int) <= 2) { - // if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - // more = wsize; - // - // } else if (more == (unsigned)(-1)) { - // /* Very unlikely, but possible on 16 bit machine if - // * strstart == 0 && lookahead == 1 (input done a byte at time) - // */ - // more--; - // } - //} - - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) { - - arraySet(s.window, s.window, _w_size, _w_size, 0); - s.match_start -= _w_size; - s.strstart -= _w_size; - /* we now have strstart >= MAX_DIST */ - s.block_start -= _w_size; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - - n = s.hash_size; - p = n; - do { - m = s.head[--p]; - s.head[p] = (m >= _w_size ? m - _w_size : 0); - } while (--n); - - n = _w_size; - p = n; - do { - m = s.prev[--p]; - s.prev[p] = (m >= _w_size ? m - _w_size : 0); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += _w_size; - } - if (s.strm.avail_in === 0) { - break; - } - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - //Assert(more >= 2, "more < 2"); - n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more); - s.lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s.lookahead + s.insert >= MIN_MATCH$1) { - str = s.strstart - s.insert; - s.ins_h = s.window[str]; - - /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask; - //#if MIN_MATCH != 3 - // Call update_hash() MIN_MATCH-3 more times - //#endif - while (s.insert) { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = str; - str++; - s.insert--; - if (s.lookahead + s.insert < MIN_MATCH$1) { - break; + async genKeyPair() { + switch (this.type) { + case 'web': + try { + return await webGenKeyPair(this.name, this.wireFormatLeadingByte); + } catch (err) { + util.printDebugError('Browser did not support generating ec key ' + err.message); + return jsGenKeyPair(this.name); } + case 'node': + return nodeGenKeyPair(this.name); + case 'curve25519Legacy': { + // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3 + const { k, A } = await generate$2(enums.publicKey.x25519); + const privateKey = k.slice().reverse(); + privateKey[0] = (privateKey[0] & 127) | 64; + privateKey[31] &= 248; + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; } - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0); - - /* If the WIN_INIT bytes after the end of the current data have never been - * written, then zero those bytes in order to avoid memory check reports of - * the use of uninitialized (or uninitialised as Julian writes) bytes by - * the longest match routines. Update the high water mark for the next - * time through here. WIN_INIT is set to MAX_MATCH since the longest match - * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. - */ - // if (s.high_water < s.window_size) { - // var curr = s.strstart + s.lookahead; - // var init = 0; - // - // if (s.high_water < curr) { - // /* Previous high water mark below current data -- zero WIN_INIT - // * bytes or up to end of window, whichever is less. - // */ - // init = s.window_size - curr; - // if (init > WIN_INIT) - // init = WIN_INIT; - // zmemzero(s->window + curr, (unsigned)init); - // s->high_water = curr + init; - // } - // else if (s->high_water < (ulg)curr + WIN_INIT) { - // /* High water mark at or above current data, but below current data - // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up - // * to end of window, whichever is less. - // */ - // init = (ulg)curr + WIN_INIT - s->high_water; - // if (init > s->window_size - s->high_water) - // init = s->window_size - s->high_water; - // zmemzero(s->window + s->high_water, (unsigned)init); - // s->high_water += init; - // } - // } - // - // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, - // "not enough room for search"); -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ -function deflate_stored(s, flush) { - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - let max_block_size = 0xffff; - - if (max_block_size > s.pending_buf_size - 5) { - max_block_size = s.pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (; ;) { - /* Fill the window as much as possible: */ - if (s.lookahead <= 1) { - - //Assert(s->strstart < s->w_size+MAX_DIST(s) || - // s->block_start >= (long)s->w_size, "slide too late"); - // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) || - // s.block_start >= s.w_size)) { - // throw new Error("slide too late"); - // } - - fill_window(s); - if (s.lookahead === 0 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - - if (s.lookahead === 0) { - break; + case 'ed25519Legacy': { + const { seed: privateKey, A } = await generate$3(enums.publicKey.ed25519); + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; } - /* flush the current block */ + default: + return jsGenKeyPair(this.name); } - //Assert(s->block_start >= 0L, "block gone"); - // if (s.block_start < 0) throw new Error("block gone"); - - s.strstart += s.lookahead; - s.lookahead = 0; + } +} - /* Emit a stored block if pending_buf will be full: */ - const max_start = s.block_start + max_block_size; +async function generate$1(curveName) { + const curve = new CurveWithOID(curveName); + const { oid, hash, cipher } = curve; + const keyPair = await curve.genKeyPair(); + return { + oid, + Q: keyPair.publicKey, + secret: util.leftPad(keyPair.privateKey, curve.payloadSize), + hash, + cipher + }; +} - if (s.strstart === 0 || s.strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s.lookahead = s.strstart - max_start; - s.strstart = max_start; - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ +/** + * Get preferred hash algo to use with the given curve + * @param {module:type/oid} oid - curve oid + * @returns {enums.hash} hash algorithm + */ +function getPreferredHashAlgo$1(oid) { + return curves[oid.getName()].hash; +} +/** + * Validate ECDH and ECDSA parameters + * Not suitable for EdDSA (different secret key format) + * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves + * @param {module:type/oid} oid - EC object identifier + * @param {Uint8Array} Q - EC public point + * @param {Uint8Array} d - EC secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateStandardParams(algo, oid, Q, d) { + const supportedCurves = { + [enums.curve.nistP256]: true, + [enums.curve.nistP384]: true, + [enums.curve.nistP521]: true, + [enums.curve.secp256k1]: true, + [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh, + [enums.curve.brainpoolP256r1]: true, + [enums.curve.brainpoolP384r1]: true, + [enums.curve.brainpoolP512r1]: true + }; - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } + // Check whether the given curve is supported + const curveName = oid.getName(); + if (!supportedCurves[curveName]) { + return false; } - s.insert = 0; + if (curveName === enums.curve.curve25519Legacy) { + d = d.slice().reverse(); + // Re-derive public point Q' + const { publicKey } = nacl.box.keyPair.fromSecretKey(d); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; + Q = new Uint8Array(Q); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + if (!util.equalsUint8Array(dG, Q)) { + return false; } - /***/ - return BS_FINISH_DONE; + + return true; } - if (s.strstart > s.block_start) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + /* + * Re-derive public point Q' = dG from private key + * Expect Q == Q' + */ + const dG = nobleCurve.getPublicKey(d, false); + if (!util.equalsUint8Array(dG, Q)) { + return false; } - return BS_NEED_MORE; + return true; } -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. +/** + * Check whether the public point has a valid encoding. + * NB: this function does not check e.g. whether the point belongs to the curve. */ -function deflate_fast(s, flush) { - let hash_head; /* head of the hash chain */ - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { - break; /* flush the current block */ - } - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - } - if (s.match_length >= MIN_MATCH$1) { - // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only - - /*** _tr_tally_dist(s, s.strstart - s.match_start, - s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH$1); +function checkPublicPointEnconding(curve, V) { + const { payloadSize, wireFormatLeadingByte, name: curveName } = curve; - s.lookahead -= s.match_length; + const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2; - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH$1) { - s.match_length--; /* string at strstart already in table */ - do { - s.strstart++; - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s.match_length !== 0); - s.strstart++; - } else { - s.strstart += s.match_length; - s.match_length = 0; - s.ins_h = s.window[s.strstart]; - /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask; - - //#if MIN_MATCH != 3 - // Call UPDATE_HASH() MIN_MATCH-3 more times - //#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s.window[s.strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = ((s.strstart < (MIN_MATCH$1 - 1)) ? s.strstart : MIN_MATCH$1 - 1); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; + if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) { + throw new Error('Invalid point encoding'); } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; } -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -function deflate_slow(s, flush) { - let hash_head; /* head of hash chain */ - let bflush; /* set if current block must be flushed */ - - let max_insert; - - /* Process the input block. */ - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// +async function jsGenKeyPair(name) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + const privateKey = nobleCurve.utils.randomPrivateKey(); + const publicKey = nobleCurve.getPublicKey(privateKey, false); + return { publicKey, privateKey }; +} + +async function webGenKeyPair(name, wireFormatLeadingByte) { + // Note: keys generated with ECDSA and ECDH are structurally equivalent + const webCryptoKey = await webCrypto$2.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } + const privateKey = await webCrypto$2.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto$2.exportKey('jwk', webCryptoKey.publicKey); - /* Find the longest match, discarding those <= prev_length. - */ - s.prev_length = s.match_length; - s.prev_match = s.match_start; - s.match_length = MIN_MATCH$1 - 1; - - if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match && - s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ + return { + publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte), + privateKey: b64ToUint8Array(privateKey.d) + }; +} - if (s.match_length <= 5 && - (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH$1 && s.strstart - s.match_start > 4096/*TOO_FAR*/))) { +async function nodeGenKeyPair(name) { + // Note: ECDSA and ECDH key generation is structurally equivalent + const ecdh = nodeCrypto$2.createECDH(nodeCurves[name]); + await ecdh.generateKeys(); + return { + publicKey: new Uint8Array(ecdh.getPublicKey()), + privateKey: new Uint8Array(ecdh.getPrivateKey()) + }; +} - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s.match_length = MIN_MATCH$1 - 1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s.prev_length >= MIN_MATCH$1 && s.match_length <= s.prev_length) { - max_insert = s.strstart + s.lookahead - MIN_MATCH$1; - /* Do not insert strings in hash table beyond this. */ - - //check_match(s, s.strstart-1, s.prev_match, s.prev_length); - - /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match, - s.prev_length - MIN_MATCH, bflush);***/ - bflush = _tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH$1); - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s.lookahead -= s.prev_length - 1; - s.prev_length -= 2; - do { - if (++s.strstart <= max_insert) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - } while (--s.prev_length !== 0); - s.match_available = 0; - s.match_length = MIN_MATCH$1 - 1; - s.strstart++; - - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// - } else if (s.match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - if (bflush) { - /*** FLUSH_BLOCK_ONLY(s, 0) ***/ - flush_block_only(s, false); - /***/ - } - s.strstart++; - s.lookahead--; - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s.match_available = 1; - s.strstart++; - s.lookahead--; - } - } - //Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s.match_available) { - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); +/** + * @param {JsonWebKey} jwk - key for conversion + * + * @returns {Uint8Array} Raw public key. + */ +function jwkToRawPublic(jwk, wireFormatLeadingByte) { + const bufX = b64ToUint8Array(jwk.x); + const bufY = b64ToUint8Array(jwk.y); + const publicKey = new Uint8Array(bufX.length + bufY.length + 1); + publicKey[0] = wireFormatLeadingByte; + publicKey.set(bufX, 1); + publicKey.set(bufY, bufX.length + 1); + return publicKey; +} - s.match_available = 0; - } - s.insert = s.strstart < MIN_MATCH$1 - 1 ? s.strstart : MIN_MATCH$1 - 1; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * + * @returns {JsonWebKey} Public key in jwk format. + */ +function rawPublicToJWK(payloadSize, name, publicKey) { + const len = payloadSize; + const bufX = publicKey.slice(1, len + 1); + const bufY = publicKey.slice(len + 1, len * 2 + 1); + // https://www.rfc-editor.org/rfc/rfc7518.txt + const jwk = { + kty: 'EC', + crv: name, + x: uint8ArrayToB64(bufX), + y: uint8ArrayToB64(bufY), + ext: true + }; + return jwk; +} - return BS_BLOCK_DONE; +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * @param {Uint8Array} privateKey - private key + * + * @returns {JsonWebKey} Private key in jwk format. + */ +function privateToJWK(payloadSize, name, publicKey, privateKey) { + const jwk = rawPublicToJWK(payloadSize, name, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/* =========================================================================== - * For Z_RLE, simply look for runs of bytes, generate matches only of distance - * one. Do not maintain a hash table. (It will be regenerated if this run of - * deflate switches away from Z_RLE.) - */ -function deflate_rle(s, flush) { - let bflush; /* set if current block must be flushed */ - let prev; /* byte at distance one to match */ - let scan, strend; /* scan goes up to strend for length of run */ - const _win = s.window; +const webCrypto$1 = util.getWebCrypto(); +const nodeCrypto$1 = util.getNodeCrypto(); - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the longest run, plus one for the unrolled loop. - */ - if (s.lookahead <= MAX_MATCH$1) { - fill_window(s); - if (s.lookahead <= MAX_MATCH$1 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* See how many times the previous byte repeats */ - s.match_length = 0; - if (s.lookahead >= MIN_MATCH$1 && s.strstart > 0) { - scan = s.strstart - 1; - prev = _win[scan]; - if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) { - strend = s.strstart + MAX_MATCH$1; - do { - /*jshint noempty:false*/ - } while (prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - scan < strend); - s.match_length = MAX_MATCH$1 - (strend - scan); - if (s.match_length > s.lookahead) { - s.match_length = s.lookahead; +/** + * Sign a message using the provided key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$4(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (message && !util.isStream(message)) { + const keyPair = { publicKey, privateKey }; + switch (curve.type) { + case 'web': + // If browser doesn't support a curve, we'll catch it + try { + // Need to await to make sure browser succeeds + return await webSign(curve, hashAlgo, message, keyPair); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunaley Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support signing: ' + err.message); } - } - //Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); + break; + case 'node': + return nodeSign(curve, hashAlgo, message, privateKey); } + } - /* Emit match if have run of MIN_MATCH or longer, else emit literal */ - if (s.match_length >= MIN_MATCH$1) { - //check_match(s, s.strstart, s.strstart - 1, s.match_length); + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + const signature = nobleCurve.sign(hashed, privateKey, { lowS: false }); + return { + r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize), + s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize) + }; +} - /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, 1, s.match_length - MIN_MATCH$1); +/** + * Verifies if a signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify + * @param {Uint8Array} message - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$4(oid, hashAlgo, signature, message, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + // See https://github.com/openpgpjs/openpgpjs/pull/948. + // NB: the impact was more likely limited to Brainpool curves, since thanks + // to WebCrypto availability, NIST curve should not have been affected. + // Similarly, secp256k1 should have been used rarely enough. + // However, we implement the fix for all curves, since it's only needed in case of + // verification failure, which is unexpected, hence a minor slowdown is acceptable. + const tryFallbackVerificationForOldBug = async () => ( + hashed[0] === 0 ? + jsVerify(curve, signature, hashed.subarray(1), publicKey) : + false + ); - s.lookahead -= s.match_length; - s.strstart += s.match_length; - s.match_length = 0; - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; + if (message && !util.isStream(message)) { + switch (curve.type) { + case 'web': + try { + // Need to await to make sure browser succeeds + const verified = await webVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunately Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support verifying: ' + err.message); + } + break; + case 'node': { + const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; } - /***/ } - return BS_BLOCK_DONE; + + const verified = await jsVerify(curve, signature, hashed, publicKey); + return verified || tryFallbackVerificationForOldBug(); } -/* =========================================================================== - * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. - * (It will be regenerated if this run of deflate switches away from Huffman.) +/** + * Validate ECDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDSA public point + * @param {Uint8Array} d - ECDSA secret scalar + * @returns {Promise} Whether params are valid. + * @async */ -function deflate_huff(s, flush) { - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we have a literal to write. */ - if (s.lookahead === 0) { - fill_window(s); - if (s.lookahead === 0) { - if (flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - break; /* flush the current block */ - } - } +async function validateParams$4(oid, Q, d) { + const curve = new CurveWithOID(oid); + // Reject curves x25519 and ed25519 + if (curve.keyType !== enums.publicKey.ecdsa) { + return false; + } - /* Output a literal byte */ - s.match_length = 0; - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - s.lookahead--; - s.strstart++; - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; + // To speed up the validation, we try to use node- or webcrypto when available + // and sign + verify a random message + switch (curve.type) { + case 'web': + case 'node': { + const message = getRandomBytes(8); + const hashAlgo = enums.hash.sha256; + const hashed = await hash.digest(hashAlgo, message); + try { + const signature = await sign$4(oid, hashAlgo, message, Q, d, hashed); + // eslint-disable-next-line @typescript-eslint/return-await + return await verify$4(oid, hashAlgo, signature, message, Q, hashed); + } catch (err) { + return false; } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; } - /***/ + default: + return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); } - return BS_BLOCK_DONE; } -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + +/** + * Fallback javascript implementation of ECDSA verification. + * To be used if no native implementation is available for the given curve/operation. */ -class Config { - constructor(good_length, max_lazy, nice_length, max_chain, func) { - this.good_length = good_length; - this.max_lazy = max_lazy; - this.nice_length = nice_length; - this.max_chain = max_chain; - this.func = func; - } +async function jsVerify(curve, signature, hashed, publicKey) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false }); } -const configuration_table = [ - /* good lazy nice chain */ - new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */ - new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */ - new Config(4, 5, 16, 8, deflate_fast), /* 2 */ - new Config(4, 6, 32, 32, deflate_fast), /* 3 */ - new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */ - new Config(8, 16, 32, 32, deflate_slow), /* 5 */ - new Config(8, 16, 128, 128, deflate_slow), /* 6 */ - new Config(8, 32, 128, 256, deflate_slow), /* 7 */ - new Config(32, 128, 258, 1024, deflate_slow), /* 8 */ - new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */ -]; +async function webSign(curve, hashAlgo, message, keyPair) { + const len = curve.payloadSize; + const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['sign'] + ); + const signature = new Uint8Array(await webCrypto$1.sign( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + message + )); -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -function lm_init(s) { - s.window_size = 2 * s.w_size; + return { + r: signature.slice(0, len), + s: signature.slice(len, len << 1) + }; +} - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); +async function webVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['verify'] + ); - /* Set the default configuration parameters: - */ - s.max_lazy_match = configuration_table[s.level].max_lazy; - s.good_match = configuration_table[s.level].good_length; - s.nice_match = configuration_table[s.level].nice_length; - s.max_chain_length = configuration_table[s.level].max_chain; + const signature = util.concatUint8Array([r, s]).buffer; - s.strstart = 0; - s.block_start = 0; - s.lookahead = 0; - s.insert = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - s.ins_h = 0; + return webCrypto$1.verify( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + signature, + message + ); } -class DeflateState { - constructor() { - this.strm = null; /* pointer back to this zlib stream */ - this.status = 0; /* as the name implies */ - this.pending_buf = null; /* output still pending */ - this.pending_buf_size = 0; /* size of pending_buf */ - this.pending_out = 0; /* next pending byte to output to the stream */ - this.pending = 0; /* nb of bytes in the pending buffer */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.gzhead = null; /* gzip header information to write */ - this.gzindex = 0; /* where in extra, name, or comment */ - this.method = Z_DEFLATED; /* can only be DEFLATED */ - this.last_flush = -1; /* value of flush param for previous deflate call */ - - this.w_size = 0; /* LZ77 window size (32K by default) */ - this.w_bits = 0; /* log2(w_size) (8..16) */ - this.w_mask = 0; /* w_size - 1 */ - - this.window = null; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. - */ +async function nodeSign(curve, hashAlgo, message, privateKey) { + // JWT encoding cannot be used for now, as Brainpool curves are not supported + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + privateKey: nodeBuffer.from(privateKey) + }); - this.window_size = 0; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ + const sign = nodeCrypto$1.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(message); + sign.end(); - this.prev = null; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ + const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' })); + const len = curve.payloadSize; - this.head = null; /* Heads of the hash chains or NIL. */ + return { + r: signature.subarray(0, len), + s: signature.subarray(len, len << 1) + }; +} - this.ins_h = 0; /* hash index of string to be inserted */ - this.hash_size = 0; /* number of elements in hash table */ - this.hash_bits = 0; /* log2(hash_size) */ - this.hash_mask = 0; /* hash_size-1 */ +async function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { publicKey: derPublicKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + publicKey: nodeBuffer.from(publicKey) + }); - this.hash_shift = 0; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ + const verify = nodeCrypto$1.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(message); + verify.end(); - this.block_start = 0; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ + const signature = util.concatUint8Array([r, s]); - this.match_length = 0; /* length of best match */ - this.prev_match = 0; /* previous match */ - this.match_available = 0; /* set if previous match exists */ - this.strstart = 0; /* start of string to insert */ - this.match_start = 0; /* start of matching string */ - this.lookahead = 0; /* number of valid bytes ahead in window */ + try { + return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature); + } catch (err) { + return false; + } +} - this.prev_length = 0; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ +var ecdsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$4, + validateParams: validateParams$4, + verify: verify$4 +}); - this.max_chain_length = 0; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - this.max_lazy_match = 0; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ - // That's alias to max_lazy_match, don't use directly - //this.max_insert_length = 0; - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - this.level = 0; /* compression level (1..9) */ - this.strategy = 0; /* favor or force Huffman coding*/ +/** + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$3(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + const { RS: signature } = await sign$5(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; +} - this.good_match = 0; - /* Use a faster search when the previous match is longer than this */ +/** + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$3(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + const RS = util.concatUint8Array([r, s]); + return verify$5(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed); +} +/** + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$3(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== enums.curve.ed25519Legacy) { + return false; + } - this.nice_match = 0; /* Stop searching when current match exceeds this */ + /** + * Derive public point Q' = dG from private key + * and expect Q == Q' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); - /* used by trees.c: */ +} - /* Didn't use ct_data typedef below to suppress compiler warning */ +var eddsa_legacy = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$3, + validateParams: validateParams$3, + verify: verify$3 +}); - // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Use flat array of DOUBLE size, with interleaved fata, - // because JS does not support effective - this.dyn_ltree = new Buf16(HEAP_SIZE$1 * 2); - this.dyn_dtree = new Buf16((2 * D_CODES$1 + 1) * 2); - this.bl_tree = new Buf16((2 * BL_CODES$1 + 1) * 2); - zero$2(this.dyn_ltree); - zero$2(this.dyn_dtree); - zero$2(this.bl_tree); - this.l_desc = null; /* desc. for literal tree */ - this.d_desc = null; /* desc. for distance tree */ - this.bl_desc = null; /* desc. for bit length tree */ +/** + * @fileoverview Functions to add and remove PKCS5 padding + * @see PublicKeyEncryptedSessionKeyPacket + * @module crypto/pkcs5 + * @private + */ - //ush bl_count[MAX_BITS+1]; - this.bl_count = new Buf16(MAX_BITS$1 + 1); - /* number of codes at each bit length for an optimal tree */ +/** + * Add pkcs5 padding to a message + * @param {Uint8Array} message - message to pad + * @returns {Uint8Array} Padded message. + */ +function encode(message) { + const c = 8 - (message.length % 8); + const padded = new Uint8Array(message.length + c).fill(c); + padded.set(message); + return padded; +} - //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - this.heap = new Buf16(2 * L_CODES$1 + 1); /* heap used to build the Huffman trees */ - zero$2(this.heap); +/** + * Remove pkcs5 padding from a message + * @param {Uint8Array} message - message to remove padding from + * @returns {Uint8Array} Message without padding. + */ +function decode(message) { + const len = message.length; + if (len > 0) { + const c = message[len - 1]; + if (c >= 1) { + const provided = message.subarray(len - c); + const computed = new Uint8Array(c).fill(c); + if (util.equalsUint8Array(provided, computed)) { + return message.subarray(0, len - c); + } + } + } + throw new Error('Invalid padding'); +} - this.heap_len = 0; /* number of elements in the heap */ - this.heap_max = 0; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ +var pkcs5 = /*#__PURE__*/Object.freeze({ + __proto__: null, + decode: decode, + encode: encode +}); - this.depth = new Buf16(2 * L_CODES$1 + 1); //uch depth[2*L_CODES+1]; - zero$2(this.depth); - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - this.l_buf = 0; /* buffer index for literals or lengths */ - - this.lit_bufsize = 0; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - this.last_lit = 0; /* running index in l_buf */ +const webCrypto = util.getWebCrypto(); +const nodeCrypto = util.getNodeCrypto(); - this.d_buf = 0; - /* Buffer index for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ +/** + * Validate ECDH parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDH public point + * @param {Uint8Array} d - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$2(oid, Q, d) { + return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); +} - this.opt_len = 0; /* bit length of current block with optimal trees */ - this.static_len = 0; /* bit length of current block with static trees */ - this.matches = 0; /* number of string matches in current block */ - this.insert = 0; /* bytes at end of window left to insert */ +// Build Param for ECDH algorithm (RFC 6637) +function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { + return util.concatUint8Array([ + oid.write(), + new Uint8Array([public_algo]), + kdfParams.write(), + util.stringToUint8Array('Anonymous Sender '), + fingerprint + ]); +} +// Key Derivation Function (RFC 6637) +async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { + // Note: X is little endian for Curve25519, big-endian for all others. + // This is not ideal, but the RFC's are unclear + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B + let i; + if (stripLeading) { + // Work around old go crypto bug + for (i = 0; i < X.length && X[i] === 0; i++); + X = X.subarray(i); + } + if (stripTrailing) { + // Work around old OpenPGP.js bug + for (i = X.length - 1; i >= 0 && X[i] === 0; i--); + X = X.subarray(0, i + 1); + } + const digest = await hash.digest(hashAlgo, util.concatUint8Array([ + new Uint8Array([0, 0, 0, 1]), + X, + param + ])); + return digest.subarray(0, length); +} - this.bi_buf = 0; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - this.bi_valid = 0; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ +/** + * Generate ECDHE ephemeral key and secret from public key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPublicEphemeralKey(curve, Q) { + switch (curve.type) { + case 'curve25519Legacy': { + const { sharedSecret: sharedKey, ephemeralPublicKey } = await generateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1)); + const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]); + return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPublicEphemeralKey(curve, Q); + } catch (err) { + util.printDebugError(err); + return jsPublicEphemeralKey(curve, Q); + } + } + break; + case 'node': + return nodePublicEphemeralKey(curve, Q); + default: + return jsPublicEphemeralKey(curve, Q); - // Used for window memory init. We safely ignore it for JS. That makes - // sense only for pointers and memory check tools. - //this.high_water = 0; - /* High water mark offset in window for initialized bytes -- bytes above - * this are set to zero in order to avoid memory check warnings when - * longest match routines access bytes past the input. This is then - * updated to the new high water mark. - */ } } -function deflateResetKeep(strm) { - let s; +/** + * Encrypt and wrap a session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} data - Unpadded session key data + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} + * @async + */ +async function encrypt$1(oid, kdfParams, data, Q, fingerprint) { + const m = encode(data); + + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); + const wrappedKey = await wrap(kdfParams.cipher, Z, m); + return { publicKey, wrappedKey }; +} - if (!strm || !strm.state) { - return err(strm, Z_STREAM_ERROR); +/** + * Generate ECDHE secret from private key and public part of ephemeral key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPrivateEphemeralKey(curve, V, Q, d) { + if (d.length !== curve.payloadSize) { + const privateKey = new Uint8Array(curve.payloadSize); + privateKey.set(d, curve.payloadSize - d.length); + d = privateKey; } - - strm.total_in = strm.total_out = 0; - strm.data_type = Z_UNKNOWN; - - s = strm.state; - s.pending = 0; - s.pending_out = 0; - - if (s.wrap < 0) { - s.wrap = -s.wrap; - /* was made negative by deflate(..., Z_FINISH); */ + switch (curve.type) { + case 'curve25519Legacy': { + const secretKey = d.slice().reverse(); + const sharedKey = await recomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey); + return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPrivateEphemeralKey(curve, V, Q, d); + } catch (err) { + util.printDebugError(err); + return jsPrivateEphemeralKey(curve, V, d); + } + } + break; + case 'node': + return nodePrivateEphemeralKey(curve, V, d); + default: + return jsPrivateEphemeralKey(curve, V, d); } - s.status = (s.wrap ? INIT_STATE : BUSY_STATE); - strm.adler = (s.wrap === 2) ? - 0 // crc32(0, Z_NULL, 0) - : - 1; // adler32(0, Z_NULL, 0) - s.last_flush = Z_NO_FLUSH; - _tr_init(s); - return Z_OK; } - -function deflateReset(strm) { - const ret = deflateResetKeep(strm); - if (ret === Z_OK) { - lm_init(strm.state); +/** + * Decrypt and unwrap the value derived from session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} C - Encrypted and wrapped value derived from session key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise} Value derived from session key. + * @async + */ +async function decrypt$1(oid, kdfParams, V, C, Q, d, fingerprint) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + checkPublicPointEnconding(curve, V); + const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + let err; + for (let i = 0; i < 3; i++) { + try { + // Work around old go crypto bug and old OpenPGP.js bug, respectively. + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); + return decode(await unwrap(kdfParams.cipher, Z, C)); + } catch (e) { + err = e; + } } - return ret; + throw err; } - -function deflateSetHeader(strm, head) { - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; } - strm.state.gzhead = head; - return Z_OK; +async function jsPrivateEphemeralKey(curve, V, d) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V); + const sharedKey = sharedSecretWithParity.subarray(1); + return { secretKey: d, sharedKey }; } +async function jsPublicEphemeralKey(curve, Q) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + const { publicKey: V, privateKey: v } = await curve.genKeyPair(); -function deflateInit2(strm, level, method, windowBits, memLevel, strategy) { - if (!strm) { // === Z_NULL - return Z_STREAM_ERROR; - } - let wrap = 1; - - if (level === Z_DEFAULT_COMPRESSION) { - level = 6; - } - - if (windowBits < 0) { /* suppress zlib wrapper */ - wrap = 0; - windowBits = -windowBits; - } - - else if (windowBits > 15) { - wrap = 2; /* write gzip wrapper instead */ - windowBits -= 16; - } - - - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_FIXED) { - return err(strm, Z_STREAM_ERROR); - } - - - if (windowBits === 8) { - windowBits = 9; - } - /* until 256-byte window bug fixed */ - - const s = new DeflateState(); - - strm.state = s; - s.strm = strm; - - s.wrap = wrap; - s.gzhead = null; - s.w_bits = windowBits; - s.w_size = 1 << s.w_bits; - s.w_mask = s.w_size - 1; - - s.hash_bits = memLevel + 7; - s.hash_size = 1 << s.hash_bits; - s.hash_mask = s.hash_size - 1; - s.hash_shift = ~~((s.hash_bits + MIN_MATCH$1 - 1) / MIN_MATCH$1); - s.window = new Buf8(s.w_size * 2); - s.head = new Buf16(s.hash_size); - s.prev = new Buf16(s.w_size); - - // Don't need mem init magic for JS. - //s.high_water = 0; /* nothing written to s->window yet */ - - s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s.pending_buf_size = s.lit_bufsize * 4; - - //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - //s->pending_buf = (uchf *) overlay; - s.pending_buf = new Buf8(s.pending_buf_size); - - // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`) - //s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s.d_buf = 1 * s.lit_bufsize; - - //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - s.l_buf = (1 + 2) * s.lit_bufsize; - - s.level = level; - s.strategy = strategy; - s.method = method; - - return deflateReset(strm); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q); + const sharedKey = sharedSecretWithParity.subarray(1); + return { publicKey: V, sharedKey }; } +/** + * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPrivateEphemeralKey(curve, V, Q, d) { + const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d); + let privateKey = webCrypto.importKey( + 'jwk', + recipient, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V); + let sender = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + [] + ); + [privateKey, sender] = await Promise.all([privateKey, sender]); + let S = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: sender + }, + privateKey, + curve.sharedSize + ); + let secret = webCrypto.exportKey( + 'jwk', + privateKey + ); + [S, secret] = await Promise.all([S, secret]); + const sharedKey = new Uint8Array(S); + const secretKey = b64ToUint8Array(secret.d); + return { secretKey, sharedKey }; +} -function deflate(strm, flush) { - let old_flush, s; - let beg, val; // for gzip header write only - - if (!strm || !strm.state || - flush > Z_BLOCK || flush < 0) { - return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR; - } +/** + * Generate ECDHE ephemeral key and secret from public key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPublicEphemeralKey(curve, Q) { + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q); + let keyPair = webCrypto.generateKey( + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + let recipient = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + false, + [] + ); + [keyPair, recipient] = await Promise.all([keyPair, recipient]); + let s = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: recipient + }, + keyPair.privateKey, + curve.sharedSize + ); + let p = webCrypto.exportKey( + 'jwk', + keyPair.publicKey + ); + [s, p] = await Promise.all([s, p]); + const sharedKey = new Uint8Array(s); + const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte)); + return { publicKey, sharedKey }; +} - s = strm.state; +/** + * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePrivateEphemeralKey(curve, V, d) { + const recipient = nodeCrypto.createECDH(curve.node); + recipient.setPrivateKey(d); + const sharedKey = new Uint8Array(recipient.computeSecret(V)); + const secretKey = new Uint8Array(recipient.getPrivateKey()); + return { secretKey, sharedKey }; +} - if (!strm.output || - (!strm.input && strm.avail_in !== 0) || - (s.status === FINISH_STATE && flush !== Z_FINISH)) { - return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR); - } +/** + * Generate ECDHE ephemeral key and secret from public key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePublicEphemeralKey(curve, Q) { + const sender = nodeCrypto.createECDH(curve.node); + sender.generateKeys(); + const sharedKey = new Uint8Array(sender.computeSecret(Q)); + const publicKey = new Uint8Array(sender.getPublicKey()); + return { publicKey, sharedKey }; +} - s.strm = strm; /* just in case */ - old_flush = s.last_flush; - s.last_flush = flush; +var ecdh = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$1, + encrypt: encrypt$1, + validateParams: validateParams$2 +}); - /* Write the header */ - if (s.status === INIT_STATE) { +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (s.wrap === 2) { // GZIP header - strm.adler = 0; //crc32(0L, Z_NULL, 0); - put_byte(s, 31); - put_byte(s, 139); - put_byte(s, 8); - if (!s.gzhead) { // s->gzhead == Z_NULL - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, OS_CODE); - s.status = BUSY_STATE; - } - else { - put_byte(s, (s.gzhead.text ? 1 : 0) + - (s.gzhead.hcrc ? 2 : 0) + - (!s.gzhead.extra ? 0 : 4) + - (!s.gzhead.name ? 0 : 8) + - (!s.gzhead.comment ? 0 : 16) - ); - put_byte(s, s.gzhead.time & 0xff); - put_byte(s, (s.gzhead.time >> 8) & 0xff); - put_byte(s, (s.gzhead.time >> 16) & 0xff); - put_byte(s, (s.gzhead.time >> 24) & 0xff); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, s.gzhead.os & 0xff); - if (s.gzhead.extra && s.gzhead.extra.length) { - put_byte(s, s.gzhead.extra.length & 0xff); - put_byte(s, (s.gzhead.extra.length >> 8) & 0xff); - } - if (s.gzhead.hcrc) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0); - } - s.gzindex = 0; - s.status = EXTRA_STATE; - } - } - else // DEFLATE header - { - let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8; - let level_flags = -1; - - if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) { - level_flags = 0; - } else if (s.level < 6) { - level_flags = 1; - } else if (s.level === 6) { - level_flags = 2; - } else { - level_flags = 3; - } - header |= (level_flags << 6); - if (s.strstart !== 0) { header |= PRESET_DICT; } - header += 31 - (header % 31); +var elliptic = /*#__PURE__*/Object.freeze({ + __proto__: null, + CurveWithOID: CurveWithOID, + ecdh: ecdh, + ecdhX: ecdh_x, + ecdsa: ecdsa, + eddsa: eddsa, + eddsaLegacy: eddsa_legacy, + generate: generate$1, + getPreferredHashAlgo: getPreferredHashAlgo$1 +}); - s.status = BUSY_STATE; - putShortMSB(s, header); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /* Save the adler32 of the preset dictionary: */ - if (s.strstart !== 0) { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - strm.adler = 1; // adler32(0L, Z_NULL, 0); - } - } - //#ifdef GZIP - if (s.status === EXTRA_STATE) { - if (s.gzhead.extra/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ +/* + TODO regarding the hash function, read: + https://tools.ietf.org/html/rfc4880#section-13.6 + https://tools.ietf.org/html/rfc4880#section-14 +*/ - while (s.gzindex < (s.gzhead.extra.length & 0xffff)) { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - break; - } - } - put_byte(s, s.gzhead.extra[s.gzindex] & 0xff); - s.gzindex++; - } - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (s.gzindex === s.gzhead.extra.length) { - s.gzindex = 0; - s.status = NAME_STATE; - } - } - else { - s.status = NAME_STATE; - } - } - if (s.status === NAME_STATE) { - if (s.gzhead.name/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; +const _0n = BigInt(0); +const _1n = BigInt(1); - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.name.length) { - val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); +/** + * DSA Sign function + * @param {Integer} hashAlgo + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} x + * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} + * @async + */ +async function sign$2(hashAlgo, hashed, g, p, q, x) { + const _0n = BigInt(0); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + x = uint8ArrayToBigInt(x); - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.gzindex = 0; - s.status = COMMENT_STATE; - } + let k; + let r; + let s; + let t; + g = mod$1(g, p); + x = mod$1(x, q); + // If the output size of the chosen hash is larger than the number of + // bits of q, the hash result is truncated to fit by taking the number + // of leftmost bits equal to the number of bits of q. This (possibly + // truncated) hash function result is treated as a number and used + // directly in the DSA signature algorithm. + const h = mod$1(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + // FIPS-186-4, section 4.6: + // The values of r and s shall be checked to determine if r = 0 or s = 0. + // If either r = 0 or s = 0, a new value of k shall be generated, and the + // signature shall be recalculated. It is extremely unlikely that r = 0 + // or s = 0 if signatures are generated properly. + while (true) { + // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + k = getRandomBigInteger(_1n, q); // returns in [1, q-1] + r = mod$1(modExp(g, k, p), q); // (g**k mod p) mod q + if (r === _0n) { + continue; } - else { - s.status = COMMENT_STATE; + const xr = mod$1(x * r, q); + t = mod$1(h + xr, q); // H(m) + x*r mod q + s = mod$1(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q + if (s === _0n) { + continue; } + break; } - if (s.status === COMMENT_STATE) { - if (s.gzhead.comment/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; + return { + r: bigIntToUint8Array(r, 'be', byteLength(p)), + s: bigIntToUint8Array(s, 'be', byteLength(p)) + }; +} - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.comment.length) { - val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); +/** + * DSA Verify function + * @param {Integer} hashAlgo + * @param {Uint8Array} r + * @param {Uint8Array} s + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} y + * @returns {boolean} + * @async + */ +async function verify$2(hashAlgo, r, s, hashed, g, p, q, y) { + r = uint8ArrayToBigInt(r); + s = uint8ArrayToBigInt(s); - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.status = HCRC_STATE; - } - } - else { - s.status = HCRC_STATE; - } + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + + if (r <= _0n || r >= q || + s <= _0n || s >= q) { + util.printDebug('invalid DSA Signature'); + return false; } - if (s.status === HCRC_STATE) { - if (s.gzhead.hcrc) { - if (s.pending + 2 > s.pending_buf_size) { - flush_pending(strm); - } - if (s.pending + 2 <= s.pending_buf_size) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - strm.adler = 0; //crc32(0L, Z_NULL, 0); - s.status = BUSY_STATE; - } - } - else { - s.status = BUSY_STATE; - } + const h = mod$1(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + const w = modInv(s, q); // s**-1 mod q + if (w === _0n) { + util.printDebug('invalid DSA Signature'); + return false; } - //#endif - /* Flush as much pending output as possible */ - if (s.pending !== 0) { - flush_pending(strm); - if (strm.avail_out === 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s.last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUF_ERROR. - */ - } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) && - flush !== Z_FINISH) { - return err(strm, Z_BUF_ERROR); - } + g = mod$1(g, p); + y = mod$1(y, p); + const u1 = mod$1(h * w, q); // H(m) * w mod q + const u2 = mod$1(r * w, q); // r * w mod q + const t1 = modExp(g, u1, p); // g**u1 mod p + const t2 = modExp(y, u2, p); // y**u2 mod p + const v = mod$1(mod$1(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q + return v === r; +} - /* User must not provide more input after the first FINISH: */ - if (s.status === FINISH_STATE && strm.avail_in !== 0) { - return err(strm, Z_BUF_ERROR); +/** + * Validate DSA parameters + * @param {Uint8Array} p - DSA prime + * @param {Uint8Array} q - DSA group order + * @param {Uint8Array} g - DSA sub-group generator + * @param {Uint8Array} y - DSA public key + * @param {Uint8Array} x - DSA private key + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$1(p, q, g, y, x) { + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + // Check that 1 < g < p + if (g <= _1n || g >= p) { + return false; } - /* Start a new block or continue the current one. + /** + * Check that subgroup order q divides p-1 */ - if (strm.avail_in !== 0 || s.lookahead !== 0 || - (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) { - var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) : - (s.strategy === Z_RLE ? deflate_rle(s, flush) : - configuration_table[s.level].func(s, flush)); - - if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) { - s.status = FINISH_STATE; - } - if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) { - if (strm.avail_out === 0) { - s.last_flush = -1; - /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate === BS_BLOCK_DONE) { - if (flush === Z_PARTIAL_FLUSH) { - _tr_align(s); - } - else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ - - _tr_stored_block(s, 0, 0, false); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush === Z_FULL_FLUSH) { - /*** CLEAR_HASH(s); ***/ /* forget history */ - zero$2(s.head); // Fill with NIL (= 0); - - if (s.lookahead === 0) { - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - } - } - flush_pending(strm); - if (strm.avail_out === 0) { - s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } + if (mod$1(p - _1n, q) !== _0n) { + return false; } - //Assert(strm->avail_out > 0, "bug2"); - //if (strm.avail_out <= 0) { throw new Error("bug2");} - if (flush !== Z_FINISH) { return Z_OK; } - if (s.wrap <= 0) { return Z_STREAM_END; } - - /* Write the trailer */ - if (s.wrap === 2) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - put_byte(s, (strm.adler >> 16) & 0xff); - put_byte(s, (strm.adler >> 24) & 0xff); - put_byte(s, strm.total_in & 0xff); - put_byte(s, (strm.total_in >> 8) & 0xff); - put_byte(s, (strm.total_in >> 16) & 0xff); - put_byte(s, (strm.total_in >> 24) & 0xff); - } - else { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); + /** + * g has order q + * Check that g ** q = 1 mod p + */ + if (modExp(g, q, p) !== _1n) { + return false; } - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. + /** + * Check q is large and probably prime (we mainly want to avoid small factors) */ - if (s.wrap > 0) { s.wrap = -s.wrap; } - /* write the trailer only once! */ - return s.pending !== 0 ? Z_OK : Z_STREAM_END; -} - -function deflateEnd(strm) { - let status; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; + const qSize = BigInt(bitLength(q)); + const _150n = BigInt(150); + if (qSize < _150n || !isProbablePrime(q, null, 32)) { + return false; } - status = strm.state.status; - if (status !== INIT_STATE && - status !== EXTRA_STATE && - status !== NAME_STATE && - status !== COMMENT_STATE && - status !== HCRC_STATE && - status !== BUSY_STATE && - status !== FINISH_STATE - ) { - return err(strm, Z_STREAM_ERROR); + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{rq + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const _2n = BigInt(2); + const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q + const rqx = q * r + x; + if (y !== modExp(g, rqx, p)) { + return false; } - strm.state = null; - - return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK; + return true; } +var dsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$2, + validateParams: validateParams$1, + verify: verify$2 +}); -/* ========================================================================= - * Initializes the compression dictionary from the given byte - * sequence without producing any compressed output. +/** + * @fileoverview Asymmetric cryptography functions + * @module crypto/public_key */ -function deflateSetDictionary(strm, dictionary) { - let dictLength = dictionary.length; - - let s; - let str, n; - let wrap; - let avail; - let next; - let input; - let tmpDict; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - s = strm.state; - wrap = s.wrap; - - if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) { - return Z_STREAM_ERROR; - } - - /* when using zlib wrappers, compute Adler-32 for provided dictionary */ - if (wrap === 1) { - /* adler32(strm->adler, dictionary, dictLength); */ - strm.adler = adler32(strm.adler, dictionary, dictLength, 0); - } - - s.wrap = 0; /* avoid computing Adler-32 in read_buf */ - - /* if dictionary would fill window, just replace the history */ - if (dictLength >= s.w_size) { - if (wrap === 0) { /* already empty otherwise */ - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - /* use the tail */ - // dictionary = dictionary.slice(dictLength - s.w_size); - tmpDict = new Buf8(s.w_size); - arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0); - dictionary = tmpDict; - dictLength = s.w_size; - } - /* insert dictionary into window and hash */ - avail = strm.avail_in; - next = strm.next_in; - input = strm.input; - strm.avail_in = dictLength; - strm.next_in = 0; - strm.input = dictionary; - fill_window(s); - while (s.lookahead >= MIN_MATCH$1) { - str = s.strstart; - n = s.lookahead - (MIN_MATCH$1 - 1); - do { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - - s.head[s.ins_h] = str; - str++; - } while (--n); - s.strstart = str; - s.lookahead = MIN_MATCH$1 - 1; - fill_window(s); - } - s.strstart += s.lookahead; - s.block_start = s.strstart; - s.insert = s.lookahead; - s.lookahead = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - strm.next_in = next; - strm.input = input; - strm.avail_in = avail; - s.wrap = wrap; - return Z_OK; -} - -/* Not implemented -exports.deflateBound = deflateBound; -exports.deflateCopy = deflateCopy; -exports.deflateParams = deflateParams; -exports.deflatePending = deflatePending; -exports.deflatePrime = deflatePrime; -exports.deflateTune = deflateTune; -*/ - -// String encode/decode helpers -try { - String.fromCharCode.apply(null, [ 0 ]); -} catch (__) { -} -try { - String.fromCharCode.apply(null, new Uint8Array(1)); -} catch (__) { -} +var publicKey = { + /** @see module:crypto/public_key/rsa */ + rsa: rsa, + /** @see module:crypto/public_key/elgamal */ + elgamal: elgamal, + /** @see module:crypto/public_key/elliptic */ + elliptic: elliptic, + /** @see module:crypto/public_key/dsa */ + dsa: dsa +}; -// Table with utf8 lengths (calculated by first byte of sequence) -// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS, -// because max possible codepoint is 0x10ffff -const _utf8len = new Buf8(256); -for (let q = 0; q < 256; q++) { - _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1; -} -_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start - +/** + * @fileoverview Provides functions for asymmetric signing and signature verification + * @module crypto/signature + */ -// convert string to array (typed, when possible) -function string2buf (str) { - let c, c2, m_pos, i, buf_len = 0; - const str_len = str.length; - // count binary size - for (m_pos = 0; m_pos < str_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4; +/** + * Parse signature in binary form to get the parameters. + * The returned values are only padded for EdDSA, since in the other cases their expected length + * depends on the key params, hence we delegate the padding to the signature verification function. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Uint8Array} signature - Data for which the signature was created + * @returns {Promise} True if signature is valid. + * @async + */ +function parseSignatureParams(algo, signature) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA signatures: + // - MPI of RSA signature value m**d mod n. + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + // The signature needs to be the same length as the public key modulo n. + // We pad s on signature verification, where we have access to n. + return { read, signatureParams: { s } }; } - - // allocate buffer - const buf = new Buf8(buf_len); - - // convert - for (i = 0, m_pos = 0; i < buf_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - if (c < 0x80) { - /* one byte */ - buf[i++] = c; - } else if (c < 0x800) { - /* two bytes */ - buf[i++] = 0xC0 | c >>> 6; - buf[i++] = 0x80 | c & 0x3f; - } else if (c < 0x10000) { - /* three bytes */ - buf[i++] = 0xE0 | c >>> 12; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } else { - /* four bytes */ - buf[i++] = 0xf0 | c >>> 18; - buf[i++] = 0x80 | c >>> 12 & 0x3f; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } + // Algorithm-Specific Fields for DSA or ECDSA signatures: + // - MPI of DSA or ECDSA value r. + // - MPI of DSA or ECDSA value s. + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + { + // If the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; } - - return buf; -} - - -// Convert binary string (typed, when possible) -function binstring2buf (str) { - const buf = new Buf8(str.length); - for (let i = 0, len = buf.length; i < len; i++) { - buf[i] = str.charCodeAt(i); + // Algorithm-Specific Fields for legacy EdDSA signatures: + // - MPI of an EC point r. + // - EdDSA value s, in MPI, in the little endian representation + case enums.publicKey.eddsaLegacy: { + // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature + // verification: if the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + // Algorithm-Specific Fields for Ed448 signatures: + // - 114 octets of the native signature + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo); + const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length; + return { read, signatureParams: { RS } }; } - return buf; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class ZStream { - constructor() { - /* next input byte */ - this.input = null; // JS specific, because we have no pointers - this.next_in = 0; - /* number of bytes available at input */ - this.avail_in = 0; - /* total number of input bytes read so far */ - this.total_in = 0; - /* next output byte should be put there */ - this.output = null; // JS specific, because we have no pointers - this.next_out = 0; - /* remaining free space at output */ - this.avail_out = 0; - /* total number of bytes output so far */ - this.total_out = 0; - /* last error message, NULL if no error */ - this.msg = ''/*Z_NULL*/; - /* not visible by applications */ - this.state = null; - /* best guess about the data type: binary or text */ - this.data_type = 2/*Z_UNKNOWN*/; - /* adler32 value of the uncompressed data */ - this.adler = 0; - } -} - -/* ===========================================================================*/ - - -/** - * class Deflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[deflate]], - * [[deflateRaw]] and [[gzip]]. - **/ - -/* internal - * Deflate.chunks -> Array - * - * Chunks of output data, if [[Deflate#onData]] not overridden. - **/ - -/** - * Deflate.result -> Uint8Array|Array - * - * Compressed result, generated by default [[Deflate#onData]] - * and [[Deflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Deflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ -/** - * Deflate.err -> Number - * - * Error code after deflate finished. 0 (Z_OK) on success. - * You will not need it in real life, because deflate errors - * are possible only on wrong options or bad `onData` / `onEnd` - * custom handlers. - **/ + default: + throw new UnsupportedError('Unknown signature algorithm.'); + } +} /** - * Deflate.msg -> String - * - * Error message, if [[Deflate.err]] != 0 - **/ - + * Verifies the signature provided for data using specified algorithms and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} signature - Named algorithm-specific signature parameters + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Data for which the signature was created + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} True if signature is valid. + * @async + */ +async function verify$1(algo, hashAlgo, signature, publicParams, data, hashed) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto + return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); + } + case enums.publicKey.dsa: { + const { g, p, q, y } = publicParams; + const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers + return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); + } + case enums.publicKey.ecdsa: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // padding needed for webcrypto + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values: + // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); + } +} /** - * new Deflate(options) - * - options (Object): zlib deflate options. - * - * Creates new deflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `level` - * - `windowBits` - * - `memLevel` - * - `strategy` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw deflate - * - `gzip` (Boolean) - create gzip wrapper - * - `to` (String) - if equal to 'string', then result will be "binary string" - * (each char code [0..255]) - * - `header` (Object) - custom header for gzip - * - `text` (Boolean) - true if compressed data believed to be text - * - `time` (Number) - modification time, unix timestamp - * - `os` (Number) - operation system code - * - `extra` (Array) - array of bytes with extra data (max 65536) - * - `name` (String) - file name (binary string) - * - `comment` (String) - comment (binary string) - * - `hcrc` (Boolean) - true if header crc should be added - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var deflate = new pako.Deflate({ level: 3}); - * - * deflate.push(chunk1, false); - * deflate.push(chunk2, true); // true -> last chunk - * - * if (deflate.err) { throw new Error(deflate.err); } - * - * console.log(deflate.result); - * ``` - **/ - -class Deflate { - constructor(options) { - this.options = { - level: Z_DEFAULT_COMPRESSION, - method: Z_DEFLATED, - chunkSize: 16384, - windowBits: 15, - memLevel: 8, - strategy: Z_DEFAULT_STRATEGY, - ...(options || {}) - }; - - const opt = this.options; - - if (opt.raw && (opt.windowBits > 0)) { - opt.windowBits = -opt.windowBits; + * Creates a signature on data using specified algorithms and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters + * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters + * @param {Uint8Array} data - Data to be signed + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} Signature Object containing named signature parameters. + * @async + */ +async function sign$1(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { + if (!publicKeyParams || !privateKeyParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); + return { s }; } - - else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) { - opt.windowBits += 16; + case enums.publicKey.dsa: { + const { g, p, q } = publicKeyParams; + const { x } = privateKeyParams; + return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - var status = deflateInit2( - this.strm, - opt.level, - opt.method, - opt.windowBits, - opt.memLevel, - opt.strategy - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); + case enums.publicKey.elgamal: + throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); + case enums.publicKey.ecdsa: { + const { oid, Q } = publicKeyParams; + const { d } = privateKeyParams; + return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); } - - if (opt.header) { - deflateSetHeader(this.strm, opt.header); + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); } + default: + throw new Error('Unknown signature algorithm.'); + } +} - if (opt.dictionary) { - let dict; - // Convert data if needed - if (typeof opt.dictionary === 'string') { - // If we need to compress text, change encoding to utf8. - dict = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - dict = new Uint8Array(opt.dictionary); - } else { - dict = opt.dictionary; - } +var signature = /*#__PURE__*/Object.freeze({ + __proto__: null, + parseSignatureParams: parseSignatureParams, + sign: sign$1, + verify: verify$1 +}); - status = deflateSetDictionary(this.strm, dict); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (status !== Z_OK) { - throw new Error(msg[status]); - } - this._dict_set = true; +class ECDHSymmetricKey { + constructor(data) { + if (data) { + this.data = data; } } /** - * Deflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be - * converted to utf8 byte sequence. - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with - * new compressed chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the compression context. - * - * On fail call [[Deflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * array format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize } } = this; - var status, _mode; - - if (this.ended) { return false; } - - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // If we need to compress text, change encoding to utf8. - strm.input = string2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = deflate(strm, _mode); /* no bad return value */ - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); + * Read an ECDHSymmetricKey from an Uint8Array: + * - 1 octect for the length `l` + * - `l` octects of encoded session key data + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + if (bytes.length >= 1) { + const length = bytes[0]; + if (bytes.length >= 1 + length) { + this.data = bytes.subarray(1, 1 + length); + return 1 + this.data.length; } - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = deflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; } - - return true; - }; - /** - * Deflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; + throw new Error('Invalid symmetric key'); + } /** - * Deflate#onEnd(status) -> Void - * - status (Number): deflate status. 0 (Z_OK) on success, - * other if not. - * - * Called once after you tell deflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; + * Write an ECDHSymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); + } } -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral // -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. // -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. // -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// See state defs from inflate.js -const BAD = 30; /* got a data error -- remain here until reset */ -const TYPE = 12; /* i: waiting for type bits, including last-flag bit */ - -/* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is - available, an end-of-block is encountered, or a data error is encountered. - When large enough input and output buffers are supplied to inflate(), for - example, a 16K input buffer and a 64K output buffer, more than 95% of the - inflate execution time is spent in this routine. - - Entry assumptions: - - state.mode === LEN - strm.avail_in >= 6 - strm.avail_out >= 258 - start >= strm.avail_out - state.bits < 8 - - On return, state.mode is one of: - - LEN -- ran out of enough output space or enough available input - TYPE -- reached end of block code, inflate() to interpret next block - BAD -- error in block data - - Notes: - - - The maximum input bits used by a length/distance pair is 15 bits for the - length code, 5 bits for the length extra, 15 bits for the distance code, - and 13 bits for the distance extra. This totals 48 bits, or six bytes. - Therefore if strm.avail_in >= 6, then there is enough input to avoid - checking for available input while decoding. - - - The maximum bytes that a single length/distance pair can output is 258 - bytes, which is the maximum length that can be coded. inflate_fast() - requires strm.avail_out >= 258 for each loop to avoid checking for - output space. - */ -function inflate_fast(strm, start) { - let _in; /* local strm.input */ - let _out; /* local strm.output */ - // Use `s_window` instead `window`, avoid conflict with instrumentation tools - let hold; /* local strm.hold */ - let bits; /* local strm.bits */ - let here; /* retrieved table entry */ - let op; /* code bits, operation, extra bits, or */ - /* window position, window bytes to copy */ - let len; /* match length, unused bytes */ - let dist; /* match distance */ - let from; /* where to copy match from */ - let from_source; - - - - /* copy state to local variables */ - const state = strm.state; - //here = state.here; - _in = strm.next_in; - const input = strm.input; - const last = _in + (strm.avail_in - 5); - _out = strm.next_out; - const output = strm.output; - const beg = _out - (start - strm.avail_out); - const end = _out + (strm.avail_out - 257); - //#ifdef INFLATE_STRICT - const dmax = state.dmax; - //#endif - const wsize = state.wsize; - const whave = state.whave; - const wnext = state.wnext; - const s_window = state.window; - hold = state.hold; - bits = state.bits; - const lcode = state.lencode; - const dcode = state.distcode; - const lmask = (1 << state.lenbits) - 1; - const dmask = (1 << state.distbits) - 1; - - - /* decode literals and length/distances until end-of-block or not enough - input data or output space */ - - top: - do { - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - - here = lcode[hold & lmask]; - - dolen: - for (;;) { // Goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - if (op === 0) { /* literal */ - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - output[_out++] = here & 0xffff/*here.val*/; - } else if (op & 16) { /* length base */ - len = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - len += hold & (1 << op) - 1; - hold >>>= op; - bits -= op; - } - //Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - here = dcode[hold & dmask]; - - dodist: - for (;;) { // goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - - if (op & 16) { /* distance base */ - dist = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - } - dist += hold & (1 << op) - 1; - //#ifdef INFLATE_STRICT - if (dist > dmax) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - //#endif - hold >>>= op; - bits -= op; - //Tracevv((stderr, "inflate: distance %u\n", dist)); - op = _out - beg; /* max distance in output */ - if (dist > op) { /* see if copy from window */ - op = dist - op; /* distance back in window */ - if (op > whave) { - if (state.sane) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // if (len <= op - whave) { - // do { - // output[_out++] = 0; - // } while (--len); - // continue top; - // } - // len -= op - whave; - // do { - // output[_out++] = 0; - // } while (--op > whave); - // if (op === 0) { - // from = _out - dist; - // do { - // output[_out++] = output[from++]; - // } while (--len); - // continue top; - // } - //#endif - } - from = 0; // window index - from_source = s_window; - if (wnext === 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; - if (op < len) { /* some from end of window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = 0; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - } else { /* contiguous in window */ - from += wnext - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - while (len > 2) { - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - len -= 3; - } - if (len) { - output[_out++] = from_source[from++]; - if (len > 1) { - output[_out++] = from_source[from++]; - } - } - } else { - from = _out - dist; /* copy direct from output */ - do { /* minimum length is three */ - output[_out++] = output[from++]; - output[_out++] = output[from++]; - output[_out++] = output[from++]; - len -= 3; - } while (len > 2); - if (len) { - output[_out++] = output[from++]; - if (len > 1) { - output[_out++] = output[from++]; - } - } - } - } else if ((op & 64) === 0) { /* 2nd level distance code */ - here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dodist; - } else { - strm.msg = "invalid distance code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } else if ((op & 64) === 0) { /* 2nd level length code */ - here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dolen; - } else if (op & 32) { /* end-of-block */ - //Tracevv((stderr, "inflate: end of block\n")); - state.mode = TYPE; - break top; - } else { - strm.msg = "invalid literal/length code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } while (_in < last && _out < end); - - /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ - len = bits >> 3; - _in -= len; - bits -= len << 3; - hold &= (1 << bits) - 1; - - /* update state and return */ - strm.next_in = _in; - strm.next_out = _out; - strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last); - strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end); - state.hold = hold; - state.bits = bits; - return; -} - -const MAXBITS = 15; -const ENOUGH_LENS = 852; -const ENOUGH_DISTS = 592; -//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS); - -const CODES = 0; -const LENS = 1; -const DISTS = 2; - -const lbase = [ /* Length codes 257..285 base */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 -]; - -const lext = [ /* Length codes 257..285 extra */ - 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78 -]; - -const dbase = [ /* Distance codes 0..29 base */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577, 0, 0 -]; - -const dext = [ /* Distance codes 0..29 extra */ - 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, - 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, - 28, 28, 29, 29, 64, 64 -]; - -function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) { - const bits = opts.bits; - //here = opts.here; /* table entry for duplication */ - - let len = 0; /* a code's length in bits */ - let sym = 0; /* index of code symbols */ - let min = 0, max = 0; /* minimum and maximum code lengths */ - let root = 0; /* number of index bits for root table */ - let curr = 0; /* number of index bits for current table */ - let drop = 0; /* code bits to drop for sub-table */ - let left = 0; /* number of prefix codes available */ - let used = 0; /* code entries in table used */ - let huff = 0; /* Huffman code */ - let incr; /* for incrementing code, index */ - let fill; /* index for replicating entries */ - let low; /* low bits for current root entry */ - let next; /* next available space in table */ - let base = null; /* base value table to use */ - let base_index = 0; - // var shoextra; /* extra bits table to use */ - let end; /* use base and extra for symbol > end */ - const count = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */ - const offs = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */ - let extra = null; - let extra_index = 0; - - let here_bits, here_op, here_val; - - /* - Process a set of code lengths to create a canonical Huffman code. The - code lengths are lens[0..codes-1]. Each length corresponds to the - symbols 0..codes-1. The Huffman code is generated by first sorting the - symbols by length from short to long, and retaining the symbol order - for codes with equal lengths. Then the code starts with all zero bits - for the first code of the shortest length, and the codes are integer - increments for the same length, and zeros are appended as the length - increases. For the deflate format, these bits are stored backwards - from their more natural integer increment ordering, and so when the - decoding tables are built in the large loop below, the integer codes - are incremented backwards. - - This routine assumes, but does not check, that all of the entries in - lens[] are in the range 0..MAXBITS. The caller must assure this. - 1..MAXBITS is interpreted as that code length. zero means that that - symbol does not occur in this code. - - The codes are sorted by computing a count of codes for each length, - creating from that a table of starting indices for each length in the - sorted table, and then entering the symbols in order in the sorted - table. The sorted table is work[], with that space being provided by - the caller. - - The length counts are used for other purposes as well, i.e. finding - the minimum and maximum length codes, determining if there are any - codes at all, checking for a valid set of lengths, and looking ahead - at length counts to determine sub-table sizes when building the - decoding tables. - */ - - /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ - for (len = 0; len <= MAXBITS; len++) { - count[len] = 0; - } - for (sym = 0; sym < codes; sym++) { - count[lens[lens_index + sym]]++; - } - - /* bound code lengths, force root to be within code lengths */ - root = bits; - for (max = MAXBITS; max >= 1; max--) { - if (count[max] !== 0) { - break; - } - } - if (root > max) { - root = max; - } - if (max === 0) { /* no symbols to code at all */ - //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */ - //table.bits[opts.table_index] = 1; //here.bits = (var char)1; - //table.val[opts.table_index++] = 0; //here.val = (var short)0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - //table.op[opts.table_index] = 64; - //table.bits[opts.table_index] = 1; - //table.val[opts.table_index++] = 0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - opts.bits = 1; - return 0; /* no symbols, but wait for decoding to report error */ - } - for (min = 1; min < max; min++) { - if (count[min] !== 0) { - break; - } - } - if (root < min) { - root = min; - } - - /* check for an over-subscribed or incomplete set of lengths */ - left = 1; - for (len = 1; len <= MAXBITS; len++) { - left <<= 1; - left -= count[len]; - if (left < 0) { - return -1; - } /* over-subscribed */ - } - if (left > 0 && (type === CODES || max !== 1)) { - return -1; /* incomplete set */ - } - - /* generate offsets into symbol table for each length for sorting */ - offs[1] = 0; - for (len = 1; len < MAXBITS; len++) { - offs[len + 1] = offs[len] + count[len]; - } +/** + * Implementation of type KDF parameters + * + * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: + * A key derivation function (KDF) is necessary to implement the EC + * encryption. The Concatenation Key Derivation Function (Approved + * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is + * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. + * @module type/kdf_params + * @private + */ - /* sort symbols by length, by symbol order within each length */ - for (sym = 0; sym < codes; sym++) { - if (lens[lens_index + sym] !== 0) { - work[offs[lens[lens_index + sym]]++] = sym; - } +class KDFParams { + /** + * @param {enums.hash} hash - Hash algorithm + * @param {enums.symmetric} cipher - Symmetric algorithm + */ + constructor(data) { + if (data) { + const { hash, cipher } = data; + this.hash = hash; + this.cipher = cipher; + } else { + this.hash = null; + this.cipher = null; } + } - /* - Create and fill in decoding tables. In this loop, the table being - filled is at next and has curr index bits. The code being used is huff - with length len. That code is converted to an index by dropping drop - bits off of the bottom. For codes where len is less than drop + curr, - those top drop + curr - len bits are incremented through all values to - fill the table with replicated entries. - - root is the number of index bits for the root table. When len exceeds - root, sub-tables are created pointed to by the root entry with an index - of the low root bits of huff. This is saved in low to check for when a - new sub-table should be started. drop is zero when the root table is - being filled, and drop is root when sub-tables are being filled. - - When a new sub-table is needed, it is necessary to look ahead in the - code lengths to determine what size sub-table is needed. The length - counts are used for this, and so count[] is decremented as codes are - entered in the tables. - - used keeps track of how many table entries have been allocated from the - provided *table space. It is checked for LENS and DIST tables against - the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in - the initial root table size constants. See the comments in inftrees.h - for more information. - - sym increments through all symbols, and the loop terminates when - all codes of length max, i.e. all codes, have been processed. This - routine permits incomplete codes, so another loop after this one fills - in the rest of the decoding tables with invalid code markers. - */ - - /* set up for code type */ - // poor man optimization - use if-else instead of switch, - // to avoid deopts in old v8 - if (type === CODES) { - base = extra = work; /* dummy value--not used */ - end = 19; - - } else if (type === LENS) { - base = lbase; - base_index -= 257; - extra = lext; - extra_index -= 257; - end = 256; - - } else { /* DISTS */ - base = dbase; - extra = dext; - end = -1; - } - - /* initialize opts for loop */ - huff = 0; /* starting code */ - sym = 0; /* starting code symbol */ - len = min; /* starting code length */ - next = table_index; /* current table to fill in */ - curr = root; /* current table index bits */ - drop = 0; /* current bits to drop from code for index */ - low = -1; /* trigger new sub-table when len > root */ - used = 1 << root; /* use root table entries */ - const mask = used - 1; /* mask for comparing low */ - - /* check available table space */ - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* process all codes and make table entries */ - for (;;) { - /* create table entry */ - here_bits = len - drop; - if (work[sym] < end) { - here_op = 0; - here_val = work[sym]; - } else if (work[sym] > end) { - here_op = extra[extra_index + work[sym]]; - here_val = base[base_index + work[sym]]; - } else { - here_op = 32 + 64; /* end of block */ - here_val = 0; - } - - /* replicate for those indices with low len bits equal to huff */ - incr = 1 << len - drop; - fill = 1 << curr; - min = fill; /* save offset to next table */ - do { - fill -= incr; - table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0; - } while (fill !== 0); - - /* backwards increment the len-bit code huff */ - incr = 1 << len - 1; - while (huff & incr) { - incr >>= 1; - } - if (incr !== 0) { - huff &= incr - 1; - huff += incr; - } else { - huff = 0; - } - - /* go to next symbol, update count, len */ - sym++; - if (--count[len] === 0) { - if (len === max) { - break; - } - len = lens[lens_index + work[sym]]; - } - - /* create new sub-table if needed */ - if (len > root && (huff & mask) !== low) { - /* if first time, transition to sub-tables */ - if (drop === 0) { - drop = root; - } - - /* increment past last table */ - next += min; /* here min is 1 << curr */ - - /* determine length of next table */ - curr = len - drop; - left = 1 << curr; - while (curr + drop < max) { - left -= count[curr + drop]; - if (left <= 0) { - break; - } - curr++; - left <<= 1; - } - - /* check for enough space */ - used += 1 << curr; - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* point entry in root table to sub-table */ - low = huff & mask; - /*table.op[low] = curr; - table.bits[low] = root; - table.val[low] = next - opts.table_index;*/ - table[low] = root << 24 | curr << 16 | next - table_index |0; - } + /** + * Read KDFParams from an Uint8Array + * @param {Uint8Array} input - Where to read the KDFParams from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { + throw new UnsupportedError('Cannot read KDFParams'); } + this.hash = input[2]; + this.cipher = input[3]; + return 4; + } - /* fill in remaining table entry if code is incomplete (guaranteed to have - at most one remaining entry, since if the code is incomplete, the - maximum code length that was allowed to get this far is one bit) */ - if (huff !== 0) { - //table.op[next + huff] = 64; /* invalid code marker */ - //table.bits[next + huff] = len - drop; - //table.val[next + huff] = 0; - table[next + huff] = len - drop << 24 | 64 << 16 |0; - } - - /* set return parameters */ - //opts.table_index += used; - opts.bits = root; - return 0; -} - -const CODES$1 = 0; -const LENS$1 = 1; -const DISTS$1 = 2; - -/* STATES ====================================================================*/ -/* ===========================================================================*/ - - -const HEAD = 1; /* i: waiting for magic header */ -const FLAGS = 2; /* i: waiting for method and flags (gzip) */ -const TIME = 3; /* i: waiting for modification time (gzip) */ -const OS = 4; /* i: waiting for extra flags and operating system (gzip) */ -const EXLEN = 5; /* i: waiting for extra length (gzip) */ -const EXTRA = 6; /* i: waiting for extra bytes (gzip) */ -const NAME = 7; /* i: waiting for end of file name (gzip) */ -const COMMENT = 8; /* i: waiting for end of comment (gzip) */ -const HCRC = 9; /* i: waiting for header crc (gzip) */ -const DICTID = 10; /* i: waiting for dictionary check value */ -const DICT = 11; /* waiting for inflateSetDictionary() call */ -const TYPE$1 = 12; /* i: waiting for type bits, including last-flag bit */ -const TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */ -const STORED = 14; /* i: waiting for stored size (length and complement) */ -const COPY_ = 15; /* i/o: same as COPY below, but only first time in */ -const COPY = 16; /* i/o: waiting for input or output to copy stored block */ -const TABLE = 17; /* i: waiting for dynamic block table lengths */ -const LENLENS = 18; /* i: waiting for code length code lengths */ -const CODELENS = 19; /* i: waiting for length/lit and distance code lengths */ -const LEN_ = 20; /* i: same as LEN below, but only first time in */ -const LEN = 21; /* i: waiting for length/lit/eob code */ -const LENEXT = 22; /* i: waiting for length extra bits */ -const DIST = 23; /* i: waiting for distance code */ -const DISTEXT = 24; /* i: waiting for distance extra bits */ -const MATCH = 25; /* o: waiting for output space to copy string */ -const LIT = 26; /* o: waiting for output space to write literal */ -const CHECK = 27; /* i: waiting for 32-bit check value */ -const LENGTH = 28; /* i: waiting for 32-bit length (gzip) */ -const DONE = 29; /* finished check, done -- remain here until reset */ -const BAD$1 = 30; /* got a data error -- remain here until reset */ -//const MEM = 31; /* got an inflate() memory error -- remain here until reset */ -const SYNC = 32; /* looking for synchronization bytes to restart inflate() */ - -/* ===========================================================================*/ - - - -const ENOUGH_LENS$1 = 852; -const ENOUGH_DISTS$1 = 592; - - -function zswap32(q) { - return (((q >>> 24) & 0xff) + - ((q >>> 8) & 0xff00) + - ((q & 0xff00) << 8) + - ((q & 0xff) << 24)); -} - - -class InflateState { - constructor() { - this.mode = 0; /* current inflate mode */ - this.last = false; /* true if processing last block */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.havedict = false; /* true if dictionary provided */ - this.flags = 0; /* gzip header method and flags (0 if zlib) */ - this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */ - this.check = 0; /* protected copy of check value */ - this.total = 0; /* protected copy of output count */ - // TODO: may be {} - this.head = null; /* where to save gzip header information */ - - /* sliding window */ - this.wbits = 0; /* log base 2 of requested window size */ - this.wsize = 0; /* window size or zero if not using window */ - this.whave = 0; /* valid bytes in the window */ - this.wnext = 0; /* window write index */ - this.window = null; /* allocated sliding window, if needed */ - - /* bit accumulator */ - this.hold = 0; /* input bit accumulator */ - this.bits = 0; /* number of bits in "in" */ - - /* for string and stored block copying */ - this.length = 0; /* literal or length of data to copy */ - this.offset = 0; /* distance back to copy string from */ - - /* for table and code decoding */ - this.extra = 0; /* extra bits needed */ - - /* fixed and dynamic code tables */ - this.lencode = null; /* starting table for length/literal codes */ - this.distcode = null; /* starting table for distance codes */ - this.lenbits = 0; /* index bits for lencode */ - this.distbits = 0; /* index bits for distcode */ - - /* dynamic table building */ - this.ncode = 0; /* number of code length code lengths */ - this.nlen = 0; /* number of length code lengths */ - this.ndist = 0; /* number of distance code lengths */ - this.have = 0; /* number of code lengths in lens[] */ - this.next = null; /* next available space in codes[] */ - - this.lens = new Buf16(320); /* temporary storage for code lengths */ - this.work = new Buf16(288); /* work area for code table building */ - - /* - because we don't have pointers in js, we use lencode and distcode directly - as buffers so we don't need codes - */ - //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */ - this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */ - this.distdyn = null; /* dynamic table for distance codes (JS specific) */ - this.sane = 0; /* if false, allow invalid distance too far */ - this.back = 0; /* bits back of last unprocessed length/lit */ - this.was = 0; /* initial length of match */ + /** + * Write KDFParams to an Uint8Array + * @returns {Uint8Array} Array with the KDFParams value + */ + write() { + return new Uint8Array([3, 1, this.hash, this.cipher]); } } -function inflateResetKeep(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - strm.total_in = strm.total_out = state.total = 0; - strm.msg = ''; /*Z_NULL*/ - if (state.wrap) { /* to support ill-conceived Java test suite */ - strm.adler = state.wrap & 1; - } - state.mode = HEAD; - state.last = 0; - state.havedict = 0; - state.dmax = 32768; - state.head = null/*Z_NULL*/; - state.hold = 0; - state.bits = 0; - //state.lencode = state.distcode = state.next = state.codes; - state.lencode = state.lendyn = new Buf32(ENOUGH_LENS$1); - state.distcode = state.distdyn = new Buf32(ENOUGH_DISTS$1); +/** + * Encoded symmetric key for x25519 and x448 + * The payload format varies for v3 and v6 PKESK: + * the former includes an algorithm byte preceeding the encrypted session key. + * + * @module type/x25519x448_symkey + */ - state.sane = 1; - state.back = -1; - //Tracev((stderr, "inflate: reset\n")); - return Z_OK; -} -function inflateReset(strm) { - let state; +class ECDHXSymmetricKey { + static fromObject({ wrappedKey, algorithm }) { + const instance = new ECDHXSymmetricKey(); + instance.wrappedKey = wrappedKey; + instance.algorithm = algorithm; + return instance; + } - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - state.wsize = 0; - state.whave = 0; - state.wnext = 0; - return inflateResetKeep(strm); + /** + * - 1 octect for the length `l` + * - `l` octects of encoded session key data (with optional leading algorithm byte) + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + let read = 0; + let followLength = bytes[read++]; + this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even + followLength -= followLength % 2; + this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength; + } + /** + * Write an MontgomerySymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([ + this.algorithm ? + new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : + new Uint8Array([this.wrappedKey.length]), + this.wrappedKey + ]); + } } -function inflateReset2(strm, windowBits) { - let wrap; - let state; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /* get the state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - /* extract wrap request from windowBits parameter */ - if (windowBits < 0) { - wrap = 0; - windowBits = -windowBits; - } - else { - wrap = (windowBits >> 4) + 1; - if (windowBits < 48) { - windowBits &= 15; +/** + * Encrypts data using specified algorithm and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. + * @param {module:enums.publicKey} keyAlgo - Public key algorithm + * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only) + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Session key data to be encrypted + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @returns {Promise} Encrypted session key parameters. + * @async + */ +async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const { n, e } = publicParams; + const c = await publicKey.rsa.encrypt(data, n, e); + return { c }; + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + return publicKey.elgamal.encrypt(data, p, g, y); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicParams; + const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( + oid, kdfParams, data, Q, fingerprint); + return { V, C: new ECDHSymmetricKey(C) }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + if (symmetricAlgo && !util.isAES(symmetricAlgo)) { + // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 + throw new Error('X25519 and X448 keys can only encrypt AES session keys'); + } + const { A } = publicParams; + const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( + keyAlgo, data, A); + const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); + return { ephemeralPublicKey, C }; } + default: + return []; } +} - /* set number of window bits, free window if different */ - if (windowBits && (windowBits < 8 || windowBits > 15)) { - return Z_STREAM_ERROR; - } - if (state.window !== null && state.wbits !== windowBits) { - state.window = null; +/** + * Decrypts data using specified algorithm and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Object} publicKeyParams - Algorithm-specific public key parameters + * @param {Object} privateKeyParams - Algorithm-specific private key parameters + * @param {Object} sessionKeyParams - Encrypted session key parameters + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing + * (needed for constant-time processing in RSA and ElGamal) + * @returns {Promise} Decrypted data. + * @throws {Error} on sensitive decryption error, unless `randomPayload` is given + * @async + */ +async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: { + const { c } = sessionKeyParams; + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); + } + case enums.publicKey.elgamal: { + const { c1, c2 } = sessionKeyParams; + const p = publicKeyParams.p; + const x = privateKeyParams.x; + return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicKeyParams; + const { d } = privateKeyParams; + const { V, C } = sessionKeyParams; + return publicKey.elliptic.ecdh.decrypt( + oid, kdfParams, V, C.data, Q, d, fingerprint); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicKeyParams; + const { k } = privateKeyParams; + const { ephemeralPublicKey, C } = sessionKeyParams; + if (C.algorithm !== null && !util.isAES(C.algorithm)) { + throw new Error('AES session key expected'); + } + return publicKey.elliptic.ecdhX.decrypt( + algo, ephemeralPublicKey, C.wrappedKey, A, k); + } + default: + throw new Error('Unknown public key encryption algorithm.'); } - - /* update state and reset the rest of it */ - state.wrap = wrap; - state.wbits = windowBits; - return inflateReset(strm); } -function inflateInit2(strm, windowBits) { - let ret; - let state; - - if (!strm) { return Z_STREAM_ERROR; } - //strm.msg = Z_NULL; /* in case we return an error */ - - state = new InflateState(); - - //if (state === Z_NULL) return Z_MEM_ERROR; - //Tracev((stderr, "inflate: allocated\n")); - strm.state = state; - state.window = null/*Z_NULL*/; - ret = inflateReset2(strm, windowBits); - if (ret !== Z_OK) { - strm.state = null/*Z_NULL*/; +/** + * Parse public key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. + */ +function parsePublicKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; + const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; + return { read, publicParams: { n, e } }; + } + case enums.publicKey.dsa: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, q, g, y } }; + } + case enums.publicKey.elgamal: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, g, y } }; + } + case enums.publicKey.ecdsa: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.eddsaLegacy: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + if (oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + Q = util.leftPad(Q, 33); + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.ecdh: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); + return { read: read, publicParams: { oid, Q, kdfParams } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length; + return { read, publicParams: { A } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - return ret; } - -/* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. +/** + * Parse private key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @param {Object} publicParams - (ECC only) public params, needed to format some private params + * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. */ -let virgin = true; - -let lenfix, distfix; // We have no pointers in JS, so keep tables separate - -function fixedtables(state) { - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - let sym; - - lenfix = new Buf32(512); - distfix = new Buf32(32); - - /* literal/length table */ - sym = 0; - while (sym < 144) { state.lens[sym++] = 8; } - while (sym < 256) { state.lens[sym++] = 9; } - while (sym < 280) { state.lens[sym++] = 7; } - while (sym < 288) { state.lens[sym++] = 8; } - - inflate_table(LENS$1, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 }); - - /* distance table */ - sym = 0; - while (sym < 32) { state.lens[sym++] = 5; } - - inflate_table(DISTS$1, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 }); - - /* do this just once */ - virgin = false; +function parsePrivateKeyParams(algo, bytes, publicParams) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; + return { read, privateParams: { d, p, q, u } }; + } + case enums.publicKey.dsa: + case enums.publicKey.elgamal: { + const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; + return { read, privateParams: { x } }; + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + d = util.leftPad(d, payloadSize); + return { read, privateParams: { d } }; + } + case enums.publicKey.eddsaLegacy: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; + seed = util.leftPad(seed, payloadSize); + return { read, privateParams: { seed } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const payloadSize = getCurvePayloadSize(algo); + const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length; + return { read, privateParams: { seed } }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const payloadSize = getCurvePayloadSize(algo); + const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length; + return { read, privateParams: { k } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - - state.lencode = lenfix; - state.lenbits = 9; - state.distcode = distfix; - state.distbits = 5; } +/** Returns the types comprising the encrypted session key of an algorithm + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {Object} The session key parameters referenced by name. + */ +function parseEncSessionKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA encrypted session keys: + // - MPI of RSA encrypted value m**e mod n. + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const c = util.readMPI(bytes.subarray(read)); + return { c }; + } -/* - Update the window with the last wsize (normally 32K) bytes written before - returning. If window does not exist yet, create it. This is only called - when a window is already in use, or when output has been written during this - inflate call, but the end of the deflate stream has not been reached yet. - It is also called to create a window for dictionary data when a dictionary - is loaded. - - Providing output buffers larger than 32K to inflate() should provide a speed - advantage, since only the last 32K of output is copied to the sliding window - upon return from inflate(), and since all distances after the first 32K of - output will fall in the output data, making match copies simpler and faster. - The advantage may be dependent on the size of the processor's data caches. - */ -function updatewindow(strm, src, end, copy) { - let dist; - const state = strm.state; - - /* if it hasn't been done already, allocate space for the window */ - if (state.window === null) { - state.wsize = 1 << state.wbits; - state.wnext = 0; - state.whave = 0; - - state.window = new Buf8(state.wsize); - } - - /* copy state->wsize or less output bytes into the circular window */ - if (copy >= state.wsize) { - arraySet(state.window, src, end - state.wsize, state.wsize, 0); - state.wnext = 0; - state.whave = state.wsize; - } - else { - dist = state.wsize - state.wnext; - if (dist > copy) { - dist = copy; - } - //zmemcpy(state->window + state->wnext, end - copy, dist); - arraySet(state.window, src, end - copy, dist, state.wnext); - copy -= dist; - if (copy) { - //zmemcpy(state->window, end - copy, copy); - arraySet(state.window, src, end - copy, copy, 0); - state.wnext = copy; - state.whave = state.wsize; + // Algorithm-Specific Fields for Elgamal encrypted session keys: + // - MPI of Elgamal value g**k mod p + // - MPI of Elgamal value m * y**k mod p + case enums.publicKey.elgamal: { + const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; + const c2 = util.readMPI(bytes.subarray(read)); + return { c1, c2 }; } - else { - state.wnext += dist; - if (state.wnext === state.wsize) { state.wnext = 0; } - if (state.whave < state.wsize) { state.whave += dist; } + // Algorithm-Specific Fields for ECDH encrypted session keys: + // - MPI containing the ephemeral key used to establish the shared secret + // - ECDH Symmetric Key + case enums.publicKey.ecdh: { + const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; + const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); + return { V, C }; + } + // Algorithm-Specific Fields for X25519 or X448 encrypted session keys: + // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448). + // - A one-octet size of the following fields. + // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). + // - The encrypted session key. + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const pointSize = getCurvePayloadSize(algo); + const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length; + const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); + return { ephemeralPublicKey, C }; } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - return 0; } -function inflate(strm, flush) { - let state; - let input, output; // input/output buffers - let next; /* next input INDEX */ - let put; /* next output INDEX */ - let have, left; /* available input and output */ - let hold; /* bit buffer */ - let bits; /* bits in bit buffer */ - let _in, _out; /* save starting available input and output */ - let copy; /* number of stored or match bytes to copy */ - let from; /* where to copy match bytes from */ - let from_source; - let here = 0; /* current decoding table entry */ - let here_bits, here_op, here_val; // paked "here" denormalized (JS specific) - //var last; /* parent table entry */ - let last_bits, last_op, last_val; // paked "last" denormalized (JS specific) - let len; /* length to copy for repeats, bits to drop */ - let ret; /* return code */ - let hbuf = new Buf8(4); /* buffer for gzip header crc calculation */ - let opts; - - let n; // temporary var for NEED_BITS - - const order = /* permutation of code lengths */ - [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ]; - - - if (!strm || !strm.state || !strm.output || - (!strm.input && strm.avail_in !== 0)) { - return Z_STREAM_ERROR; - } - - state = strm.state; - if (state.mode === TYPE$1) { state.mode = TYPEDO; } /* skip check */ - - - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - _in = have; - _out = left; - ret = Z_OK; - - inf_leave: // goto emulation - for (;;) { - switch (state.mode) { - case HEAD: - if (state.wrap === 0) { - state.mode = TYPEDO; - break; - } - //=== NEEDBITS(16); - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */ - state.check = 0/*crc32(0L, Z_NULL, 0)*/; - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = FLAGS; - break; - } - state.flags = 0; /* expect zlib header */ - if (state.head) { - state.head.done = false; - } - if (!(state.wrap & 1) || /* check if zlib header allowed */ - (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) { - strm.msg = 'incorrect header check'; - state.mode = BAD$1; - break; - } - if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - len = (hold & 0x0f)/*BITS(4)*/ + 8; - if (state.wbits === 0) { - state.wbits = len; - } - else if (len > state.wbits) { - strm.msg = 'invalid window size'; - state.mode = BAD$1; - break; - } - state.dmax = 1 << len; - //Tracev((stderr, "inflate: zlib header ok\n")); - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = hold & 0x200 ? DICTID : TYPE$1; - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - break; - case FLAGS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.flags = hold; - if ((state.flags & 0xff) !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - if (state.flags & 0xe000) { - strm.msg = 'unknown header flags set'; - state.mode = BAD$1; - break; - } - if (state.head) { - state.head.text = ((hold >> 8) & 1); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = TIME; - /* falls through */ - case TIME: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.time = hold; - } - if (state.flags & 0x0200) { - //=== CRC4(state.check, hold) - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - hbuf[2] = (hold >>> 16) & 0xff; - hbuf[3] = (hold >>> 24) & 0xff; - state.check = crc32(state.check, hbuf, 4, 0); - //=== - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = OS; - /* falls through */ - case OS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.xflags = (hold & 0xff); - state.head.os = (hold >> 8); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = EXLEN; - /* falls through */ - case EXLEN: - if (state.flags & 0x0400) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length = hold; - if (state.head) { - state.head.extra_len = hold; - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - else if (state.head) { - state.head.extra = null/*Z_NULL*/; - } - state.mode = EXTRA; - /* falls through */ - case EXTRA: - if (state.flags & 0x0400) { - copy = state.length; - if (copy > have) { copy = have; } - if (copy) { - if (state.head) { - len = state.head.extra_len - state.length; - if (!state.head.extra) { - // Use untyped array for more convenient processing later - state.head.extra = new Array(state.head.extra_len); - } - arraySet( - state.head.extra, - input, - next, - // extra field is limited to 65536 bytes - // - no need for additional size check - copy, - /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/ - len - ); - //zmemcpy(state.head.extra + len, next, - // len + copy > state.head.extra_max ? - // state.head.extra_max - len : copy); - } - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - state.length -= copy; - } - if (state.length) { break inf_leave; } - } - state.length = 0; - state.mode = NAME; - /* falls through */ - case NAME: - if (state.flags & 0x0800) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - // TODO: 2 or 1 bytes? - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.name_max*/)) { - state.head.name += String.fromCharCode(len); - } - } while (len && copy < have); - - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.name = null; - } - state.length = 0; - state.mode = COMMENT; - /* falls through */ - case COMMENT: - if (state.flags & 0x1000) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.comm_max*/)) { - state.head.comment += String.fromCharCode(len); - } - } while (len && copy < have); - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.comment = null; - } - state.mode = HCRC; - /* falls through */ - case HCRC: - if (state.flags & 0x0200) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.check & 0xffff)) { - strm.msg = 'header crc mismatch'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - if (state.head) { - state.head.hcrc = ((state.flags >> 9) & 1); - state.head.done = true; - } - strm.adler = state.check = 0; - state.mode = TYPE$1; - break; - case DICTID: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - strm.adler = state.check = zswap32(hold); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = DICT; - /* falls through */ - case DICT: - if (state.havedict === 0) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - return Z_NEED_DICT; - } - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = TYPE$1; - /* falls through */ - case TYPE$1: - if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; } - /* falls through */ - case TYPEDO: - if (state.last) { - //--- BYTEBITS() ---// - hold >>>= bits & 7; - bits -= bits & 7; - //---// - state.mode = CHECK; - break; - } - //=== NEEDBITS(3); */ - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.last = (hold & 0x01)/*BITS(1)*/; - //--- DROPBITS(1) ---// - hold >>>= 1; - bits -= 1; - //---// - - switch ((hold & 0x03)/*BITS(2)*/) { - case 0: /* stored block */ - //Tracev((stderr, "inflate: stored block%s\n", - // state.last ? " (last)" : "")); - state.mode = STORED; - break; - case 1: /* fixed block */ - fixedtables(state); - //Tracev((stderr, "inflate: fixed codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = LEN_; /* decode codes */ - if (flush === Z_TREES) { - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break inf_leave; - } - break; - case 2: /* dynamic block */ - //Tracev((stderr, "inflate: dynamic codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = TABLE; - break; - case 3: - strm.msg = 'invalid block type'; - state.mode = BAD$1; - } - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break; - case STORED: - //--- BYTEBITS() ---// /* go to byte boundary */ - hold >>>= bits & 7; - bits -= bits & 7; - //---// - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) { - strm.msg = 'invalid stored block lengths'; - state.mode = BAD$1; - break; - } - state.length = hold & 0xffff; - //Tracev((stderr, "inflate: stored length %u\n", - // state.length)); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = COPY_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case COPY_: - state.mode = COPY; - /* falls through */ - case COPY: - copy = state.length; - if (copy) { - if (copy > have) { copy = have; } - if (copy > left) { copy = left; } - if (copy === 0) { break inf_leave; } - //--- zmemcpy(put, next, copy); --- - arraySet(output, input, next, copy, put); - //---// - have -= copy; - next += copy; - left -= copy; - put += copy; - state.length -= copy; - break; - } - //Tracev((stderr, "inflate: stored end\n")); - state.mode = TYPE$1; - break; - case TABLE: - //=== NEEDBITS(14); */ - while (bits < 14) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4; - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// -//#ifndef PKZIP_BUG_WORKAROUND - if (state.nlen > 286 || state.ndist > 30) { - strm.msg = 'too many length or distance symbols'; - state.mode = BAD$1; - break; - } -//#endif - //Tracev((stderr, "inflate: table sizes ok\n")); - state.have = 0; - state.mode = LENLENS; - /* falls through */ - case LENLENS: - while (state.have < state.ncode) { - //=== NEEDBITS(3); - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.lens[order[state.have++]] = (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - while (state.have < 19) { - state.lens[order[state.have++]] = 0; - } - // We have separate tables & no pointers. 2 commented lines below not needed. - //state.next = state.codes; - //state.lencode = state.next; - // Switch to use dynamic table - state.lencode = state.lendyn; - state.lenbits = 7; - - opts = { bits: state.lenbits }; - ret = inflate_table(CODES$1, state.lens, 0, 19, state.lencode, 0, state.work, opts); - state.lenbits = opts.bits; - - if (ret) { - strm.msg = 'invalid code lengths set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, "inflate: code lengths ok\n")); - state.have = 0; - state.mode = CODELENS; - /* falls through */ - case CODELENS: - while (state.have < state.nlen + state.ndist) { - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_val < 16) { - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.lens[state.have++] = here_val; - } - else { - if (here_val === 16) { - //=== NEEDBITS(here.bits + 2); - n = here_bits + 2; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - if (state.have === 0) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - len = state.lens[state.have - 1]; - copy = 3 + (hold & 0x03);//BITS(2); - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - } - else if (here_val === 17) { - //=== NEEDBITS(here.bits + 3); - n = here_bits + 3; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 3 + (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - else { - //=== NEEDBITS(here.bits + 7); - n = here_bits + 7; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 11 + (hold & 0x7f);//BITS(7); - //--- DROPBITS(7) ---// - hold >>>= 7; - bits -= 7; - //---// - } - if (state.have + copy > state.nlen + state.ndist) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - while (copy--) { - state.lens[state.have++] = len; - } - } - } - - /* handle error breaks in while */ - if (state.mode === BAD$1) { break; } - - /* check for end-of-block code (better have one) */ - if (state.lens[256] === 0) { - strm.msg = 'invalid code -- missing end-of-block'; - state.mode = BAD$1; - break; - } - - /* build code tables -- note: do not change the lenbits or distbits - values here (9 and 6) without reading the comments in inftrees.h - concerning the ENOUGH constants, which depend on those values */ - state.lenbits = 9; - - opts = { bits: state.lenbits }; - ret = inflate_table(LENS$1, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.lenbits = opts.bits; - // state.lencode = state.next; - - if (ret) { - strm.msg = 'invalid literal/lengths set'; - state.mode = BAD$1; - break; - } - - state.distbits = 6; - //state.distcode.copy(state.codes); - // Switch to use dynamic table - state.distcode = state.distdyn; - opts = { bits: state.distbits }; - ret = inflate_table(DISTS$1, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.distbits = opts.bits; - // state.distcode = state.next; - - if (ret) { - strm.msg = 'invalid distances set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, 'inflate: codes ok\n')); - state.mode = LEN_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case LEN_: - state.mode = LEN; - /* falls through */ - case LEN: - if (have >= 6 && left >= 258) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - inflate_fast(strm, _out); - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - if (state.mode === TYPE$1) { - state.back = -1; - } - break; - } - state.back = 0; - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if (here_bits <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_op && (here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.lencode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - state.length = here_val; - if (here_op === 0) { - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - state.mode = LIT; - break; - } - if (here_op & 32) { - //Tracevv((stderr, "inflate: end of block\n")); - state.back = -1; - state.mode = TYPE$1; - break; - } - if (here_op & 64) { - strm.msg = 'invalid literal/length code'; - state.mode = BAD$1; - break; - } - state.extra = here_op & 15; - state.mode = LENEXT; - /* falls through */ - case LENEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //Tracevv((stderr, "inflate: length %u\n", state.length)); - state.was = state.length; - state.mode = DIST; - /* falls through */ - case DIST: - for (;;) { - here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if ((here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.distcode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - if (here_op & 64) { - strm.msg = 'invalid distance code'; - state.mode = BAD$1; - break; - } - state.offset = here_val; - state.extra = (here_op) & 15; - state.mode = DISTEXT; - /* falls through */ - case DISTEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } -//#ifdef INFLATE_STRICT - if (state.offset > state.dmax) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -//#endif - //Tracevv((stderr, "inflate: distance %u\n", state.offset)); - state.mode = MATCH; - /* falls through */ - case MATCH: - if (left === 0) { break inf_leave; } - copy = _out - left; - if (state.offset > copy) { /* copy from window */ - copy = state.offset - copy; - if (copy > state.whave) { - if (state.sane) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -// (!) This block is disabled in zlib defaults, -// don't enable it for binary compatibility -//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR -// Trace((stderr, "inflate.c too far\n")); -// copy -= state.whave; -// if (copy > state.length) { copy = state.length; } -// if (copy > left) { copy = left; } -// left -= copy; -// state.length -= copy; -// do { -// output[put++] = 0; -// } while (--copy); -// if (state.length === 0) { state.mode = LEN; } -// break; -//#endif - } - if (copy > state.wnext) { - copy -= state.wnext; - from = state.wsize - copy; - } - else { - from = state.wnext - copy; - } - if (copy > state.length) { copy = state.length; } - from_source = state.window; - } - else { /* copy from output */ - from_source = output; - from = put - state.offset; - copy = state.length; - } - if (copy > left) { copy = left; } - left -= copy; - state.length -= copy; - do { - output[put++] = from_source[from++]; - } while (--copy); - if (state.length === 0) { state.mode = LEN; } - break; - case LIT: - if (left === 0) { break inf_leave; } - output[put++] = state.length; - left--; - state.mode = LEN; - break; - case CHECK: - if (state.wrap) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - // Use '|' instead of '+' to make sure that result is signed - hold |= input[next++] << bits; - bits += 8; - } - //===// - _out -= left; - strm.total_out += _out; - state.total += _out; - if (_out) { - strm.adler = state.check = - /*UPDATE(state.check, put - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out)); +/** + * Convert params to MPI and serializes them in the proper order + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} params - The key parameters indexed by name + * @returns {Uint8Array} The array containing the MPIs. + */ +function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([ + enums.publicKey.ed25519, + enums.publicKey.x25519, + enums.publicKey.ed448, + enums.publicKey.x448 + ]); + const orderedParams = Object.keys(params).map(name => { + const param = params[name]; + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); + }); + return util.concatUint8Array(orderedParams); +} - } - _out = left; - // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too - if ((state.flags ? hold : zswap32(hold)) !== state.check) { - strm.msg = 'incorrect data check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: check matches trailer\n")); - } - state.mode = LENGTH; - /* falls through */ - case LENGTH: - if (state.wrap && state.flags) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.total & 0xffffffff)) { - strm.msg = 'incorrect length check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: length matches trailer\n")); +/** + * Generate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Integer} bits - Bit length for RSA keys + * @param {module:type/oid} oid - Object identifier for ECC keys + * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. + * @async + */ +function generateParams(algo, bits, oid) { + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ + privateParams: { d, p, q, u }, + publicParams: { n, e } + })); + case enums.publicKey.ecdsa: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { d: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { seed: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.ecdh: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ + privateParams: { d: secret }, + publicParams: { + oid: new OID(oid), + Q, + kdfParams: new KDFParams({ hash, cipher }) } - state.mode = DONE; - /* falls through */ - case DONE: - ret = Z_STREAM_END; - break inf_leave; - case BAD$1: - ret = Z_DATA_ERROR; - break inf_leave; - // case MEM: - // return Z_MEM_ERROR; - case SYNC: - /* falls through */ - default: - return Z_STREAM_ERROR; - } - } - - // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave" - - /* - Return from inflate(), updating the total counts and the check value. - If there was no progress during the inflate() call, return a buffer - error. Call updatewindow() to create and/or update the window state. - Note: a memory error from inflate() is non-recoverable. - */ - - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - - if (state.wsize || (_out !== strm.avail_out && state.mode < BAD$1 && - (state.mode < CHECK || flush !== Z_FINISH))) { - if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) ; - } - _in -= strm.avail_in; - _out -= strm.avail_out; - strm.total_in += _in; - strm.total_out += _out; - state.total += _out; - if (state.wrap && _out) { - strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out)); - } - strm.data_type = state.bits + (state.last ? 64 : 0) + - (state.mode === TYPE$1 ? 128 : 0) + - (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0); - if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) { - ret = Z_BUF_ERROR; + })); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ + privateParams: { k }, + publicParams: { A } + })); + case enums.publicKey.dsa: + case enums.publicKey.elgamal: + throw new Error('Unsupported algorithm for key generation.'); + default: + throw new Error('Unknown public key algorithm.'); } - return ret; } -function inflateEnd(strm) { - - if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) { - return Z_STREAM_ERROR; +/** + * Validate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Object} privateParams - Algorithm-specific private key parameters + * @returns {Promise} Whether the parameters are valid. + * @async + */ +async function validateParams(algo, publicParams, privateParams) { + if (!publicParams || !privateParams) { + throw new Error('Missing key parameters'); } - - const state = strm.state; - if (state.window) { - state.window = null; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const { d, p, q, u } = privateParams; + return publicKey.rsa.validateParams(n, e, d, p, q, u); + } + case enums.publicKey.dsa: { + const { p, q, g, y } = publicParams; + const { x } = privateParams; + return publicKey.dsa.validateParams(p, q, g, y, x); + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + const { x } = privateParams; + return publicKey.elgamal.validateParams(p, g, y, x); + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; + const { oid, Q } = publicParams; + const { d } = privateParams; + return algoModule.validateParams(oid, Q, d); + } + case enums.publicKey.eddsaLegacy: { + const { Q, oid } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicParams; + const { k } = privateParams; + return publicKey.elliptic.ecdhX.validateParams(algo, A, k); + } + default: + throw new Error('Unknown public key algorithm.'); } - strm.state = null; - return Z_OK; } -function inflateGetHeader(strm, head) { - let state; - - /* check state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; } - - /* save header structure */ - state.head = head; - head.done = false; - return Z_OK; +/** + * Generates a random byte prefix for the specified algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. + * @async + */ +async function getPrefixRandom(algo) { + const { blockSize } = getCipherParams(algo); + const prefixrandom = await getRandomBytes(blockSize); + const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); + return util.concat([prefixrandom, repeat]); } -function inflateSetDictionary(strm, dictionary) { - const dictLength = dictionary.length; +/** + * Generating a session key for the specified symmetric algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Uint8Array} Random bytes as a string to be used as a key. + */ +function generateSessionKey$1(algo) { + const { keySize } = getCipherParams(algo); + return getRandomBytes(keySize); +} - let state; - let dictid; +/** + * Get implementation of the given AEAD mode + * @param {enums.aead} algo + * @returns {Object} + * @throws {Error} on invalid algo + */ +function getAEADMode(algo) { + const algoName = enums.read(enums.aead, algo); + return mode[algoName]; +} - /* check state */ - if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; } - state = strm.state; +/** + * Check whether the given curve OID is supported + * @param {module:type/oid} oid - EC object identifier + * @throws {UnsupportedError} if curve is not supported + */ +function checkSupportedCurve(oid) { + try { + oid.getName(); + } catch (e) { + throw new UnsupportedError('Unknown curve OID'); + } +} - if (state.wrap !== 0 && state.mode !== DICT) { - return Z_STREAM_ERROR; +/** + * Get encoded secret size for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getCurvePayloadSize(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: + case enums.publicKey.eddsaLegacy: + return new publicKey.elliptic.CurveWithOID(oid).payloadSize; + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPayloadSize(algo); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.getPayloadSize(algo); + default: + throw new Error('Unknown elliptic algo'); } +} - /* check for correct dictionary identifier */ - if (state.mode === DICT) { - dictid = 1; /* adler32(0, null, 0)*/ - /* dictid = adler32(dictid, dictionary, dictLength); */ - dictid = adler32(dictid, dictionary, dictLength, 0); - if (dictid !== state.check) { - return Z_DATA_ERROR; - } +/** + * Get preferred signing hash algo for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getPreferredCurveHashAlgo(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.getPreferredHashAlgo(oid); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); + default: + throw new Error('Unknown elliptic signing algo'); } - /* copy dictionary to window using updatewindow(), which will amend the - existing dictionary if appropriate */ - updatewindow(strm, dictionary, dictLength, dictLength); - // if (ret) { - // state.mode = MEM; - // return Z_MEM_ERROR; - // } - state.havedict = 1; - // Tracev((stderr, "inflate: dictionary set\n")); - return Z_OK; } -/* Not implemented -exports.inflateCopy = inflateCopy; -exports.inflateGetDictionary = inflateGetDictionary; -exports.inflateMark = inflateMark; -exports.inflatePrime = inflatePrime; -exports.inflateSync = inflateSync; -exports.inflateSyncPoint = inflateSyncPoint; -exports.inflateUndermine = inflateUndermine; -*/ +var crypto$1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + generateParams: generateParams, + generateSessionKey: generateSessionKey$1, + getAEADMode: getAEADMode, + getCipherParams: getCipherParams, + getCurvePayloadSize: getCurvePayloadSize, + getPreferredCurveHashAlgo: getPreferredCurveHashAlgo, + getPrefixRandom: getPrefixRandom, + parseEncSessionKeyParams: parseEncSessionKeyParams, + parsePrivateKeyParams: parsePrivateKeyParams, + parsePublicKeyParams: parsePublicKeyParams, + publicKeyDecrypt: publicKeyDecrypt, + publicKeyEncrypt: publicKeyEncrypt, + serializeParams: serializeParams, + validateParams: validateParams +}); -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class GZheader { - constructor() { - /* true if compressed data believed to be text */ - this.text = 0; - /* modification time */ - this.time = 0; - /* extra flags (not used when writing a gzip file) */ - this.xflags = 0; - /* operating system */ - this.os = 0; - /* pointer to extra field or Z_NULL if none */ - this.extra = null; - /* extra field length (valid if extra != Z_NULL) */ - this.extra_len = 0; // Actually, we don't need it in JS, - // but leave for few code modifications +/** + * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js + * @see module:crypto/crypto + * @see module:crypto/signature + * @see module:crypto/public_key + * @see module:crypto/cipher + * @see module:crypto/random + * @see module:crypto/hash + * @module crypto + */ - // - // Setup limits is not necessary because in js we should not preallocate memory - // for inflate use constant limit in 65536 bytes - // - /* space at extra (only when reading header) */ - // this.extra_max = 0; - /* pointer to zero-terminated file name or Z_NULL */ - this.name = ''; - /* space at name (only when reading header) */ - // this.name_max = 0; - /* pointer to zero-terminated comment or Z_NULL */ - this.comment = ''; - /* space at comment (only when reading header) */ - // this.comm_max = 0; - /* true if there was or will be a header crc */ - this.hcrc = 0; - /* true when done reading gzip header (not used when writing a gzip file) */ - this.done = false; - } -} +// TODO move cfb and gcm to cipher +const mod = { + /** @see module:crypto/cipher */ + cipher: cipher, + /** @see module:crypto/hash */ + hash: hash, + /** @see module:crypto/mode */ + mode: mode, + /** @see module:crypto/public_key */ + publicKey: publicKey, + /** @see module:crypto/signature */ + signature: signature, + /** @see module:crypto/random */ + random: random, + /** @see module:crypto/pkcs1 */ + pkcs1: pkcs1, + /** @see module:crypto/pkcs5 */ + pkcs5: pkcs5, + /** @see module:crypto/aes_kw */ + aesKW: aesKW +}; -/** - * class Inflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[inflate]] - * and [[inflateRaw]]. - **/ +Object.assign(mod, crypto$1); -/* internal - * inflate.chunks -> Array - * - * Chunks of output data, if [[Inflate#onData]] not overridden. - **/ +const ARGON2_TYPE = 0x02; // id +const ARGON2_VERSION = 0x13; +const ARGON2_SALT_SIZE = 16; -/** - * Inflate.result -> Uint8Array|Array|String - * - * Uncompressed result, generated by default [[Inflate#onData]] - * and [[Inflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Inflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ +class Argon2OutOfMemoryError extends Error { + constructor(...params) { + super(...params); -/** - * Inflate.err -> Number - * - * Error code after inflate finished. 0 (Z_OK) on success. - * Should be checked if broken data possible. - **/ + if (Error.captureStackTrace) { + Error.captureStackTrace(this, Argon2OutOfMemoryError); + } -/** - * Inflate.msg -> String - * - * Error message, if [[Inflate.err]] != 0 - **/ + this.name = 'Argon2OutOfMemoryError'; + } +} +// cache argon wasm module +let loadArgonWasmModule; +let argon2Promise; +// reload wasm module above this treshold, to deallocated used memory +const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19; -/** - * new Inflate(options) - * - options (Object): zlib inflate options. - * - * Creates new inflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `windowBits` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw inflate - * - `to` (String) - if equal to 'string', then result will be converted - * from utf8 to utf16 (javascript) string. When string output requested, - * chunk length can differ from `chunkSize`, depending on content. - * - * By default, when no options set, autodetect deflate/gzip data format via - * wrapper header. - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var inflate = new pako.Inflate({ level: 3}); - * - * inflate.push(chunk1, false); - * inflate.push(chunk2, true); // true -> last chunk - * - * if (inflate.err) { throw new Error(inflate.err); } - * - * console.log(inflate.result); - * ``` - **/ -class Inflate { - constructor(options) { - this.options = { - chunkSize: 16384, - windowBits: 0, - ...(options || {}) - }; +class Argon2S2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params; - const opt = this.options; + this.type = 'argon2'; + /** + * 16 bytes of salt + * @type {Uint8Array} + */ + this.salt = null; + /** + * number of passes + * @type {Integer} + */ + this.t = passes; + /** + * degree of parallelism (lanes) + * @type {Integer} + */ + this.p = parallelism; + /** + * exponent indicating memory size + * @type {Integer} + */ + this.encodedM = memoryExponent; + } - // Force window size for `raw` data, if not set directly, - // because we have no header for autodetect. - if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) { - opt.windowBits = -opt.windowBits; - if (opt.windowBits === 0) { opt.windowBits = -15; } - } + generateSalt() { + this.salt = mod.random.getRandomBytes(ARGON2_SALT_SIZE); + } - // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate - if ((opt.windowBits >= 0) && (opt.windowBits < 16) && - !(options && options.windowBits)) { - opt.windowBits += 32; - } + /** + * Parsing function for argon2 string-to-key specifier. + * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; - // Gzip header has no info about windows size, we can do autodetect only - // for deflate. So, if window size not set, force it to max when gzip possible - if ((opt.windowBits > 15) && (opt.windowBits < 48)) { - // bit 3 (16) -> gzipped data - // bit 4 (32) -> autodetect gzip/deflate - if ((opt.windowBits & 15) === 0) { - opt.windowBits |= 15; - } - } + this.salt = bytes.subarray(i, i + 16); + i += 16; - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data + this.t = bytes[i++]; + this.p = bytes[i++]; + this.encodedM = bytes[i++]; // memory size exponent, one-octect - this.strm = new ZStream(); - this.strm.avail_out = 0; + return i; + } - let status = inflateInit2( - this.strm, - opt.windowBits - ); + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + const arr = [ + new Uint8Array([enums.write(enums.s2k, this.type)]), + this.salt, + new Uint8Array([this.t, this.p, this.encodedM]) + ]; - if (status !== Z_OK) { - throw new Error(msg[status]); - } + return util.concatUint8Array(arr); + } - this.header = new GZheader(); + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to `keySize` + * @throws {Argon2OutOfMemoryError|Errors} + * @async + */ + async produceKey(passphrase, keySize) { + const decodedM = 2 << (this.encodedM - 1); - inflateGetHeader(this.strm, this.header); + try { + // on first load, the argon2 lib is imported and the WASM module is initialized. + // the two steps need to be atomic to avoid race conditions causing multiple wasm modules + // being loaded when `argon2Promise` is not initialized. + loadArgonWasmModule = loadArgonWasmModule || (await import('./argon2id.mjs')).default; + argon2Promise = argon2Promise || loadArgonWasmModule(); + + // important to keep local ref to argon2 in case the module is reloaded by another instance + const argon2 = await argon2Promise; + + const passwordBytes = util.encodeUTF8(passphrase); + const hash = argon2({ + version: ARGON2_VERSION, + type: ARGON2_TYPE, + password: passwordBytes, + salt: this.salt, + tagLength: keySize, + memorySize: decodedM, + parallelism: this.p, + passes: this.t + }); - // Setup dictionary - if (opt.dictionary) { - // Convert data if needed - if (typeof opt.dictionary === 'string') { - opt.dictionary = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - opt.dictionary = new Uint8Array(opt.dictionary); + // a lot of memory was used, reload to deallocate + if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) { + // it will be awaited if needed at the next `produceKey` invocation + argon2Promise = loadArgonWasmModule(); + argon2Promise.catch(() => {}); } - if (opt.raw) { //In raw mode we need to set the dictionary early - status = inflateSetDictionary(this.strm, opt.dictionary); - if (status !== Z_OK) { - throw new Error(msg[status]); - } + return hash; + } catch (e) { + if (e.message && ( + e.message.includes('Unable to grow instance memory') || // Chrome + e.message.includes('failed to grow memory') || // Firefox + e.message.includes('WebAssembly.Memory.grow') || // Safari + e.message.includes('Out of memory') // Safari iOS + )) { + throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2'); + } else { + throw e; } } } - /** - * Inflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with - * new output chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the decompression context. - * - * On fail call [[Inflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize, dictionary } } = this; - let status, _mode; - - // Flag to properly process Z_BUF_ERROR on testing inflate call - // when we check that all output data was flushed. - let allowBufError = false; - - if (this.ended) { return false; } - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // Only binary strings can be decompressed on practice - strm.input = binstring2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } +} - strm.next_in = 0; - strm.avail_in = strm.input.length; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = inflate(strm, Z_NO_FLUSH); /* no bad return value */ +class GenericS2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(s2kType, config$1 = config) { + /** + * Hash function identifier, or 0 for gnu-dummy keys + * @type {module:enums.hash | 0} + */ + this.algorithm = enums.hash.sha256; + /** + * enums.s2k identifier or 'gnu-dummy' + * @type {String} + */ + this.type = enums.read(enums.s2k, s2kType); + /** @type {Integer} */ + this.c = config$1.s2kIterationCountByte; + /** Eight bytes of salt in a binary string. + * @type {Uint8Array} + */ + this.salt = null; + } - if (status === Z_NEED_DICT && dictionary) { - status = inflateSetDictionary(this.strm, dictionary); - } + generateSalt() { + switch (this.type) { + case 'salted': + case 'iterated': + this.salt = mod.random.getRandomBytes(8); + } + } - if (status === Z_BUF_ERROR && allowBufError === true) { - status = Z_OK; - allowBufError = false; - } + getCount() { + // Exponent bias, defined in RFC4880 + const expbias = 6; - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } + return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); + } - if (strm.next_out) { - if (strm.avail_out === 0 || status === Z_STREAM_END || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } + /** + * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). + * @param {Uint8Array} bytes - Payload of string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; + this.algorithm = bytes[i++]; - // When no more input data, we should check that internal inflate buffers - // are flushed. The only way to do it when avail_out = 0 - run one more - // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR. - // Here we set flag to process this error properly. - // - // NOTE. Deflate does not return error in this case and does not needs such - // logic. - if (strm.avail_in === 0 && strm.avail_out === 0) { - allowBufError = true; - } + switch (this.type) { + case 'simple': + break; - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); + case 'salted': + this.salt = bytes.subarray(i, i + 8); + i += 8; + break; - if (status === Z_STREAM_END) { - _mode = Z_FINISH; - } + case 'iterated': + this.salt = bytes.subarray(i, i + 8); + i += 8; - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = inflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } + // Octet 10: count, a one-octet, coded value + this.c = bytes[i++]; + break; - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; + case 'gnu': + if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { + i += 3; // GNU + const gnuExtType = 1000 + bytes[i++]; + if (gnuExtType === 1001) { + this.type = 'gnu-dummy'; + // GnuPG extension mode 1001 -- don't write secret key at all + } else { + throw new UnsupportedError('Unknown s2k gnu protection mode.'); + } + } else { + throw new UnsupportedError('Unknown s2k type.'); + } + break; + + default: + throw new UnsupportedError('Unknown s2k type.'); // unreachable } - return true; - }; + return i; + } /** - * Inflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + if (this.type === 'gnu-dummy') { + return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); + } + const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; + switch (this.type) { + case 'simple': + break; + case 'salted': + arr.push(this.salt); + break; + case 'iterated': + arr.push(this.salt); + arr.push(new Uint8Array([this.c])); + break; + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + return util.concatUint8Array(arr); + } /** - * Inflate#onEnd(status) -> Void - * - status (Number): inflate status. 0 (Z_OK) on success, - * other if not. - * - * Called either after you tell inflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -/* -node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - -Copyright (C) 2012 Eli Skeggs - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to. + * hashAlgorithm hash length + * @async + */ + async produceKey(passphrase, numBytes) { + passphrase = util.encodeUTF8(passphrase); -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html + const arr = []; + let rlength = 0; -Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). + let prefixlen = 0; + while (rlength < numBytes) { + let toHash; + switch (this.type) { + case 'simple': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); + break; + case 'salted': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); + break; + case 'iterated': { + const data = util.concatUint8Array([this.salt, passphrase]); + let datalen = data.length; + const count = Math.max(this.getCount(), datalen); + toHash = new Uint8Array(prefixlen + count); + toHash.set(data, prefixlen); + for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { + toHash.copyWithin(pos, prefixlen, pos); + } + break; + } + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + const result = await mod.hash.digest(this.algorithm, toHash); + arr.push(result); + rlength += result.length; + prefixlen++; + } -Based on micro-bunzip by Rob Landley (rob@landley.net). + return util.concatUint8Array(arr).subarray(0, numBytes); + } +} -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ +const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]); -var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; +/** + * Instantiate a new S2K instance of the given type + * @param {module:enums.s2k} type + * @oaram {Object} [config] + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromType(type, config$1 = config) { + switch (type) { + case enums.s2k.argon2: + return new Argon2S2K(config$1); + case enums.s2k.iterated: + case enums.s2k.gnu: + case enums.s2k.salted: + case enums.s2k.simple: + return new GenericS2K(type, config$1); + default: + throw new UnsupportedError('Unsupported S2K type'); + } +} -// offset in bytes -var BitReader = function(stream) { - this.stream = stream; - this.bitOffset = 0; - this.curByte = 0; - this.hasByte = false; +/** + * Instantiate a new S2K instance based on the config settings + * @oaram {Object} config + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromConfig(config) { + const { s2kType } = config; + + if (!allowedS2KTypesForEncryption.has(s2kType)) { + throw new Error('The provided `config.s2kType` value is not allowed'); + } + + return newS2KFromType(s2kType, config); +} + +// DEFLATE is a complex format; to read this code, you should probably check the RFC first: +// https://tools.ietf.org/html/rfc1951 +// You may also wish to take a look at the guide I made about this program: +// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad +// Some of the following code is similar to that of UZIP.js: +// https://github.com/photopea/UZIP.js +// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size. +// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint +// is better for memory in most engines (I *think*). + +// aliases for shorter compressed code (most minifers don't do this) +var u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array; +// fixed length extra bits +var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]); +// fixed distance extra bits +// see fleb note +var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]); +// code length index map +var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]); +// get base, reverse index map from extra bits +var freb = function (eb, start) { + var b = new u16(31); + for (var i = 0; i < 31; ++i) { + b[i] = start += 1 << eb[i - 1]; + } + // numbers here are at max 18 bits + var r = new u32(b[30]); + for (var i = 1; i < 30; ++i) { + for (var j = b[i]; j < b[i + 1]; ++j) { + r[j] = ((j - b[i]) << 5) | i; + } + } + return [b, r]; }; - -BitReader.prototype._ensureByte = function() { - if (!this.hasByte) { - this.curByte = this.stream.readByte(); - this.hasByte = true; - } +var _a = freb(fleb, 2), fl = _a[0], revfl = _a[1]; +// we can ignore the fact that the other numbers are wrong; they never happen anyway +fl[28] = 258, revfl[258] = 28; +var _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1]; +// map of value to reverse (assuming 16 bits) +var rev = new u16(32768); +for (var i = 0; i < 32768; ++i) { + // reverse table algorithm from SO + var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1); + x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2); + x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4); + rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1; +} +// create huffman tree from u8 "map": index -> code length for code index +// mb (max bits) must be at most 15 +// TODO: optimize/split up? +var hMap = (function (cd, mb, r) { + var s = cd.length; + // index + var i = 0; + // u16 "map": index -> # of codes with bit length = index + var l = new u16(mb); + // length of cd must be 288 (total # of codes) + for (; i < s; ++i) { + if (cd[i]) + ++l[cd[i] - 1]; + } + // u16 "map": index -> minimum code for bit length = index + var le = new u16(mb); + for (i = 0; i < mb; ++i) { + le[i] = (le[i - 1] + l[i - 1]) << 1; + } + var co; + if (r) { + // u16 "map": index -> number of actual bits, symbol for code + co = new u16(1 << mb); + // bits to remove for reverser + var rvb = 15 - mb; + for (i = 0; i < s; ++i) { + // ignore 0 lengths + if (cd[i]) { + // num encoding both symbol and bits read + var sv = (i << 4) | cd[i]; + // free bits + var r_1 = mb - cd[i]; + // start value + var v = le[cd[i] - 1]++ << r_1; + // m is end value + for (var m = v | ((1 << r_1) - 1); v <= m; ++v) { + // every 16 bit value starting with the code yields the same result + co[rev[v] >>> rvb] = sv; + } + } + } + } + else { + co = new u16(s); + for (i = 0; i < s; ++i) { + if (cd[i]) { + co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]); + } + } + } + return co; +}); +// fixed length tree +var flt = new u8(288); +for (var i = 0; i < 144; ++i) + flt[i] = 8; +for (var i = 144; i < 256; ++i) + flt[i] = 9; +for (var i = 256; i < 280; ++i) + flt[i] = 7; +for (var i = 280; i < 288; ++i) + flt[i] = 8; +// fixed distance tree +var fdt = new u8(32); +for (var i = 0; i < 32; ++i) + fdt[i] = 5; +// fixed length map +var flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1); +// fixed distance map +var fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1); +// find max of array +var max = function (a) { + var m = a[0]; + for (var i = 1; i < a.length; ++i) { + if (a[i] > m) + m = a[i]; + } + return m; }; - -// reads bits from the buffer -BitReader.prototype.read = function(bits) { - var result = 0; - while (bits > 0) { - this._ensureByte(); - var remaining = 8 - this.bitOffset; - // if we're in a byte - if (bits >= remaining) { - result <<= remaining; - result |= BITMASK[remaining] & this.curByte; - this.hasByte = false; - this.bitOffset = 0; - bits -= remaining; - } else { - result <<= bits; - var shift = remaining - bits; - result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; - this.bitOffset += bits; - bits = 0; +// read d, starting at bit p and mask with m +var bits = function (d, p, m) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m; +}; +// read d, starting at bit p continuing for at least 16 bits +var bits16 = function (d, p) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7)); +}; +// get end of byte +var shft = function (p) { return ((p + 7) / 8) | 0; }; +// typed array slice - allows garbage collector to free original reference, +// while being more compatible than .slice +var slc = function (v, s, e) { + if (s == null || s < 0) + s = 0; + if (e == null || e > v.length) + e = v.length; + // can't use .constructor in case user-supplied + var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s); + n.set(v.subarray(s, e)); + return n; +}; +// error codes +var ec = [ + 'unexpected EOF', + 'invalid block type', + 'invalid length/literal', + 'invalid distance', + 'stream finished', + 'no stream handler', + , + 'no callback', + 'invalid UTF-8 data', + 'extra field too long', + 'date not in range 1980-2099', + 'filename too long', + 'stream finishing', + 'invalid zip data' + // determined by unknown compression method +]; +var err = function (ind, msg, nt) { + var e = new Error(msg || ec[ind]); + e.code = ind; + if (Error.captureStackTrace) + Error.captureStackTrace(e, err); + if (!nt) + throw e; + return e; +}; +// expands raw DEFLATE data +var inflt = function (dat, buf, st) { + // source length + var sl = dat.length; + if (!sl || (st && st.f && !st.l)) + return buf || new u8(0); + // have to estimate size + var noBuf = !buf || st; + // no state + var noSt = !st || st.i; + if (!st) + st = {}; + // Assumes roughly 33% compression ratio average + if (!buf) + buf = new u8(sl * 3); + // ensure buffer can fit at least l elements + var cbuf = function (l) { + var bl = buf.length; + // need to increase size to fit + if (l > bl) { + // Double or set to necessary, whichever is greater + var nbuf = new u8(Math.max(bl * 2, l)); + nbuf.set(buf); + buf = nbuf; + } + }; + // last chunk bitpos bytes + var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n; + // total bits + var tbts = sl * 8; + do { + if (!lm) { + // BFINAL - this is only 1 when last chunk is next + final = bits(dat, pos, 1); + // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman + var type = bits(dat, pos + 1, 3); + pos += 3; + if (!type) { + // go to end of byte boundary + var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l; + if (t > sl) { + if (noSt) + err(0); + break; + } + // ensure size + if (noBuf) + cbuf(bt + l); + // Copy over uncompressed data + buf.set(dat.subarray(s, t), bt); + // Get new bitpos, update byte count + st.b = bt += l, st.p = pos = t * 8, st.f = final; + continue; + } + else if (type == 1) + lm = flrm, dm = fdrm, lbt = 9, dbt = 5; + else if (type == 2) { + // literal lengths + var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4; + var tl = hLit + bits(dat, pos + 5, 31) + 1; + pos += 14; + // length+distance tree + var ldt = new u8(tl); + // code length tree + var clt = new u8(19); + for (var i = 0; i < hcLen; ++i) { + // use index map to get real code + clt[clim[i]] = bits(dat, pos + i * 3, 7); + } + pos += hcLen * 3; + // code lengths bits + var clb = max(clt), clbmsk = (1 << clb) - 1; + // code lengths map + var clm = hMap(clt, clb, 1); + for (var i = 0; i < tl;) { + var r = clm[bits(dat, pos, clbmsk)]; + // bits read + pos += r & 15; + // symbol + var s = r >>> 4; + // code length to copy + if (s < 16) { + ldt[i++] = s; + } + else { + // copy count + var c = 0, n = 0; + if (s == 16) + n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1]; + else if (s == 17) + n = 3 + bits(dat, pos, 7), pos += 3; + else if (s == 18) + n = 11 + bits(dat, pos, 127), pos += 7; + while (n--) + ldt[i++] = c; + } + } + // length tree distance tree + var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit); + // max length bits + lbt = max(lt); + // max dist bits + dbt = max(dt); + lm = hMap(lt, lbt, 1); + dm = hMap(dt, dbt, 1); + } + else + err(1); + if (pos > tbts) { + if (noSt) + err(0); + break; + } + } + // Make sure the buffer can hold this + the largest possible addition + // Maximum chunk size (practically, theoretically infinite) is 2^17; + if (noBuf) + cbuf(bt + 131072); + var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1; + var lpos = pos; + for (;; lpos = pos) { + // bits read, code + var c = lm[bits16(dat, pos) & lms], sym = c >>> 4; + pos += c & 15; + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (!c) + err(2); + if (sym < 256) + buf[bt++] = sym; + else if (sym == 256) { + lpos = pos, lm = null; + break; + } + else { + var add = sym - 254; + // no extra bits needed if less + if (sym > 264) { + // index + var i = sym - 257, b = fleb[i]; + add = bits(dat, pos, (1 << b) - 1) + fl[i]; + pos += b; + } + // dist + var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4; + if (!d) + err(3); + pos += d & 15; + var dt = fd[dsym]; + if (dsym > 3) { + var b = fdeb[dsym]; + dt += bits16(dat, pos) & ((1 << b) - 1), pos += b; + } + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (noBuf) + cbuf(bt + 131072); + var end = bt + add; + for (; bt < end; bt += 4) { + buf[bt] = buf[bt - dt]; + buf[bt + 1] = buf[bt + 1 - dt]; + buf[bt + 2] = buf[bt + 2 - dt]; + buf[bt + 3] = buf[bt + 3 - dt]; + } + bt = end; + } + } + st.l = lm, st.p = lpos, st.b = bt, st.f = final; + if (lm) + final = 1, st.m = lbt, st.d = dm, st.n = dbt; + } while (!final); + return bt == buf.length ? buf : slc(buf, 0, bt); +}; +// starting at p, write the minimum number of bits that can hold v to d +var wbits = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; +}; +// starting at p, write the minimum number of bits (>8) that can hold v to d +var wbits16 = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + d[o + 2] |= v >>> 16; +}; +// creates code lengths from a frequency table +var hTree = function (d, mb) { + // Need extra info to make a tree + var t = []; + for (var i = 0; i < d.length; ++i) { + if (d[i]) + t.push({ s: i, f: d[i] }); + } + var s = t.length; + var t2 = t.slice(); + if (!s) + return [et, 0]; + if (s == 1) { + var v = new u8(t[0].s + 1); + v[t[0].s] = 1; + return [v, 1]; + } + t.sort(function (a, b) { return a.f - b.f; }); + // after i2 reaches last ind, will be stopped + // freq must be greater than largest possible number of symbols + t.push({ s: -1, f: 25001 }); + var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2; + t[0] = { s: -1, f: l.f + r.f, l: l, r: r }; + // efficient algorithm from UZIP.js + // i0 is lookbehind, i2 is lookahead - after processing two low-freq + // symbols that combined have high freq, will start processing i2 (high-freq, + // non-composite) symbols instead + // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/ + while (i1 != s - 1) { + l = t[t[i0].f < t[i2].f ? i0++ : i2++]; + r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++]; + t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r }; + } + var maxSym = t2[0].s; + for (var i = 1; i < s; ++i) { + if (t2[i].s > maxSym) + maxSym = t2[i].s; + } + // code lengths + var tr = new u16(maxSym + 1); + // max bits in tree + var mbt = ln(t[i1 - 1], tr, 0); + if (mbt > mb) { + // more algorithms from UZIP.js + // TODO: find out how this code works (debt) + // ind debt + var i = 0, dt = 0; + // left cost + var lft = mbt - mb, cst = 1 << lft; + t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; }); + for (; i < s; ++i) { + var i2_1 = t2[i].s; + if (tr[i2_1] > mb) { + dt += cst - (1 << (mbt - tr[i2_1])); + tr[i2_1] = mb; + } + else + break; + } + dt >>>= lft; + while (dt > 0) { + var i2_2 = t2[i].s; + if (tr[i2_2] < mb) + dt -= 1 << (mb - tr[i2_2]++ - 1); + else + ++i; + } + for (; i >= 0 && dt; --i) { + var i2_3 = t2[i].s; + if (tr[i2_3] == mb) { + --tr[i2_3]; + ++dt; + } + } + mbt = mb; } - } - return result; + return [new u8(tr), mbt]; }; - -// seek to an arbitrary point in the buffer (expressed in bits) -BitReader.prototype.seek = function(pos) { - var n_bit = pos % 8; - var n_byte = (pos - n_bit) / 8; - this.bitOffset = n_bit; - this.stream.seek(n_byte); - this.hasByte = false; +// get the max length and assign length codes +var ln = function (n, l, d) { + return n.s == -1 + ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1)) + : (l[n.s] = d); +}; +// length codes generation +var lc = function (c) { + var s = c.length; + // Note that the semicolon was intentional + while (s && !c[--s]) + ; + var cl = new u16(++s); + // ind num streak + var cli = 0, cln = c[0], cls = 1; + var w = function (v) { cl[cli++] = v; }; + for (var i = 1; i <= s; ++i) { + if (c[i] == cln && i != s) + ++cls; + else { + if (!cln && cls > 2) { + for (; cls > 138; cls -= 138) + w(32754); + if (cls > 2) { + w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305); + cls = 0; + } + } + else if (cls > 3) { + w(cln), --cls; + for (; cls > 6; cls -= 6) + w(8304); + if (cls > 2) + w(((cls - 3) << 5) | 8208), cls = 0; + } + while (cls--) + w(cln); + cls = 1; + cln = c[i]; + } + } + return [cl.subarray(0, cli), s]; }; - -// reads 6 bytes worth of data using the read method -BitReader.prototype.pi = function() { - var buf = new Uint8Array(6), i; - for (i = 0; i < buf.length; i++) { - buf[i] = this.read(8); - } - return bufToHex(buf); +// calculate the length of output from tree, code lengths +var clen = function (cf, cl) { + var l = 0; + for (var i = 0; i < cl.length; ++i) + l += cf[i] * cl[i]; + return l; }; - -function bufToHex(buf) { - return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); -} - -var bitreader = BitReader; - -/* very simple input/output stream interface */ -var Stream = function() { +// writes a fixed block +// returns the new bit pos +var wfblk = function (out, pos, dat) { + // no need to write 00 as type: TypedArray defaults to 0 + var s = dat.length; + var o = shft(pos + 2); + out[o] = s & 255; + out[o + 1] = s >>> 8; + out[o + 2] = out[o] ^ 255; + out[o + 3] = out[o + 1] ^ 255; + for (var i = 0; i < s; ++i) + out[o + i + 4] = dat[i]; + return (o + 4 + s) * 8; }; - -// input streams ////////////// -/** Returns the next byte, or -1 for EOF. */ -Stream.prototype.readByte = function() { - throw new Error("abstract method readByte() not implemented"); +// writes a block +var wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) { + wbits(out, p++, final); + ++lf[256]; + var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1]; + var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1]; + var _c = lc(dlt), lclt = _c[0], nlc = _c[1]; + var _d = lc(ddt), lcdt = _d[0], ndc = _d[1]; + var lcfreq = new u16(19); + for (var i = 0; i < lclt.length; ++i) + lcfreq[lclt[i] & 31]++; + for (var i = 0; i < lcdt.length; ++i) + lcfreq[lcdt[i] & 31]++; + var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1]; + var nlcc = 19; + for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc) + ; + var flen = (bl + 5) << 3; + var ftlen = clen(lf, flt) + clen(df, fdt) + eb; + var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]); + if (flen <= ftlen && flen <= dtlen) + return wfblk(out, p, dat.subarray(bs, bs + bl)); + var lm, ll, dm, dl; + wbits(out, p, 1 + (dtlen < ftlen)), p += 2; + if (dtlen < ftlen) { + lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt; + var llm = hMap(lct, mlcb, 0); + wbits(out, p, nlc - 257); + wbits(out, p + 5, ndc - 1); + wbits(out, p + 10, nlcc - 4); + p += 14; + for (var i = 0; i < nlcc; ++i) + wbits(out, p + 3 * i, lct[clim[i]]); + p += 3 * nlcc; + var lcts = [lclt, lcdt]; + for (var it = 0; it < 2; ++it) { + var clct = lcts[it]; + for (var i = 0; i < clct.length; ++i) { + var len = clct[i] & 31; + wbits(out, p, llm[len]), p += lct[len]; + if (len > 15) + wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12; + } + } + } + else { + lm = flm, ll = flt, dm = fdm, dl = fdt; + } + for (var i = 0; i < li; ++i) { + if (syms[i] > 255) { + var len = (syms[i] >>> 18) & 31; + wbits16(out, p, lm[len + 257]), p += ll[len + 257]; + if (len > 7) + wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len]; + var dst = syms[i] & 31; + wbits16(out, p, dm[dst]), p += dl[dst]; + if (dst > 3) + wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst]; + } + else { + wbits16(out, p, lm[syms[i]]), p += ll[syms[i]]; + } + } + wbits16(out, p, lm[256]); + return p + ll[256]; }; -/** Attempts to fill the buffer; returns number of bytes read, or - * -1 for EOF. */ -Stream.prototype.read = function(buffer, bufOffset, length) { - var bytesRead = 0; - while (bytesRead < length) { - var c = this.readByte(); - if (c < 0) { // EOF - return (bytesRead===0) ? -1 : bytesRead; - } - buffer[bufOffset++] = c; - bytesRead++; - } - return bytesRead; +// deflate options (nice << 13) | chain +var deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]); +// empty +var et = /*#__PURE__*/ new u8(0); +// compresses data into a raw DEFLATE buffer +var dflt = function (dat, lvl, plvl, pre, post, lst) { + var s = dat.length; + var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post); + // writing to this writes to the output buffer + var w = o.subarray(pre, o.length - post); + var pos = 0; + if (!lvl || s < 8) { + for (var i = 0; i <= s; i += 65535) { + // end + var e = i + 65535; + if (e >= s) { + // write final block + w[pos >> 3] = lst; + } + pos = wfblk(w, pos + 1, dat.subarray(i, e)); + } + } + else { + var opt = deo[lvl - 1]; + var n = opt >>> 13, c = opt & 8191; + var msk_1 = (1 << plvl) - 1; + // prev 2-byte val map curr 2-byte val map + var prev = new u16(32768), head = new u16(msk_1 + 1); + var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1; + var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; }; + // 24576 is an arbitrary number of maximum symbols per block + // 424 buffer for last block + var syms = new u32(25000); + // length/literal freq distance freq + var lf = new u16(288), df = new u16(32); + // l/lcnt exbits index l/lind waitdx bitpos + var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0; + for (; i < s; ++i) { + // hash value + // deopt when i > s - 3 - at end, deopt acceptable + var hv = hsh(i); + // index mod 32768 previous index mod + var imod = i & 32767, pimod = head[hv]; + prev[imod] = pimod; + head[hv] = imod; + // We always should modify head and prev, but only add symbols if + // this data is not yet processed ("wait" for wait index) + if (wi <= i) { + // bytes remaining + var rem = s - i; + if ((lc_1 > 7000 || li > 24576) && rem > 423) { + pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos); + li = lc_1 = eb = 0, bs = i; + for (var j = 0; j < 286; ++j) + lf[j] = 0; + for (var j = 0; j < 30; ++j) + df[j] = 0; + } + // len dist chain + var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767; + if (rem > 2 && hv == hsh(i - dif)) { + var maxn = Math.min(n, rem) - 1; + var maxd = Math.min(32767, i); + // max possible length + // not capped at dif because decompressors implement "rolling" index population + var ml = Math.min(258, rem); + while (dif <= maxd && --ch_1 && imod != pimod) { + if (dat[i + l] == dat[i + l - dif]) { + var nl = 0; + for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl) + ; + if (nl > l) { + l = nl, d = dif; + // break out early when we reach "nice" (we are satisfied enough) + if (nl > maxn) + break; + // now, find the rarest 2-byte sequence within this + // length of literals and search for that instead. + // Much faster than just using the start + var mmd = Math.min(dif, nl - 2); + var md = 0; + for (var j = 0; j < mmd; ++j) { + var ti = (i - dif + j + 32768) & 32767; + var pti = prev[ti]; + var cd = (ti - pti + 32768) & 32767; + if (cd > md) + md = cd, pimod = ti; + } + } + } + // check the previous match + imod = pimod, pimod = prev[imod]; + dif += (imod - pimod + 32768) & 32767; + } + } + // d will be nonzero only when a match was found + if (d) { + // store both dist and len data in one Uint32 + // Make sure this is recognized as a len/dist with 28th bit (2^28) + syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d]; + var lin = revfl[l] & 31, din = revfd[d] & 31; + eb += fleb[lin] + fdeb[din]; + ++lf[257 + lin]; + ++df[din]; + wi = i + l; + ++lc_1; + } + else { + syms[li++] = dat[i]; + ++lf[dat[i]]; + } + } + } + pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos); + // this is the easiest way to avoid needing to maintain state + if (!lst && pos & 7) + pos = wfblk(w, pos + 1, et); + } + return slc(o, 0, pre + shft(pos) + post); }; -Stream.prototype.seek = function(new_pos) { - throw new Error("abstract method seek() not implemented"); +// Alder32 +var adler = function () { + var a = 1, b = 0; + return { + p: function (d) { + // closures have awful performance + var n = a, m = b; + var l = d.length | 0; + for (var i = 0; i != l;) { + var e = Math.min(i + 2655, l); + for (; i < e; ++i) + m += n += d[i]; + n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16); + } + a = n, b = m; + }, + d: function () { + a %= 65521, b %= 65521; + return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8); + } + }; }; - -// output streams /////////// -Stream.prototype.writeByte = function(_byte) { - throw new Error("abstract method readByte() not implemented"); +// deflate with opts +var dopt = function (dat, opt, pre, post, st) { + return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st); }; -Stream.prototype.write = function(buffer, bufOffset, length) { - var i; - for (i=0; i>>= 8; }; -Stream.prototype.flush = function() { +// zlib header +var zlh = function (c, o) { + var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2; + c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1); }; - -var stream = Stream; - -/* CRC32, used in Bzip2 implementation. - * This is a port of CRC32.java from the jbzip2 implementation at - * https://code.google.com/p/jbzip2 - * which is: - * Copyright (c) 2011 Matthew Francis - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. - * This JavaScript implementation is: - * Copyright (c) 2013 C. Scott Ananian - * with the same licensing terms as Matthew Francis' original implementation. - */ -var crc32$1 = (function() { - - /** - * A static CRC lookup table - */ - var crc32Lookup = new Uint32Array([ - 0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005, - 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61, 0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, - 0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75, - 0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd, - 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039, 0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, - 0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d, - 0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95, - 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1, 0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, - 0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072, - 0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca, - 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde, 0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, - 0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba, - 0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692, - 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6, 0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, - 0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2, - 0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a, - 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637, 0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, - 0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53, - 0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b, - 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff, 0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, - 0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b, - 0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3, - 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7, 0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, - 0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3, - 0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c, - 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8, 0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, - 0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec, - 0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654, - 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0, 0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, - 0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4, - 0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c, - 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668, 0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4 - ]); - - var CRC32 = function() { +// zlib footer: -4 to -0 is Adler32 +/** + * Streaming DEFLATE compression + */ +var Deflate = /*#__PURE__*/ (function () { + function Deflate(opts, cb) { + if (!cb && typeof opts == 'function') + cb = opts, opts = {}; + this.ondata = cb; + this.o = opts || {}; + } + Deflate.prototype.p = function (c, f) { + this.ondata(dopt(c, this.o, 0, 0, !f), f); + }; /** - * The current CRC + * Pushes a chunk to be deflated + * @param chunk The chunk to push + * @param final Whether this is the last chunk */ - var crc = 0xffffffff; - + Deflate.prototype.push = function (chunk, final) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + this.d = final; + this.p(chunk, final || false); + }; + return Deflate; +}()); +/** + * Streaming DEFLATE decompression + */ +var Inflate = /*#__PURE__*/ (function () { /** - * @return The current CRC + * Creates an inflation stream + * @param cb The callback to call whenever data is inflated */ - this.getCRC = function() { - return (~crc) >>> 0; // return an unsigned value + function Inflate(cb) { + this.s = {}; + this.p = new u8(0); + this.ondata = cb; + } + Inflate.prototype.e = function (c) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + var l = this.p.length; + var n = new u8(l + c.length); + n.set(this.p), n.set(c, l), this.p = n; + }; + Inflate.prototype.c = function (final) { + this.d = this.s.i = final || false; + var bts = this.s.b; + var dt = inflt(this.p, this.o, this.s); + this.ondata(slc(dt, bts, this.s.b), this.d); + this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length; + this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7; }; - /** - * Update the CRC with a single byte - * @param value The value to update the CRC with + * Pushes a chunk to be inflated + * @param chunk The chunk to push + * @param final Whether this is the final chunk */ - this.updateCRC = function(value) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + Inflate.prototype.push = function (chunk, final) { + this.e(chunk), this.c(final); }; - + return Inflate; +}()); +/** + * Streaming Zlib compression + */ +var Zlib = /*#__PURE__*/ (function () { + function Zlib(opts, cb) { + this.c = adler(); + this.v = 1; + Deflate.call(this, opts, cb); + } /** - * Update the CRC with a sequence of identical bytes - * @param value The value to update the CRC with - * @param count The number of bytes + * Pushes a chunk to be zlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk */ - this.updateCRCRun = function(value, count) { - while (count-- > 0) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - } + Zlib.prototype.push = function (chunk, final) { + Deflate.prototype.push.call(this, chunk, final); }; - }; - return CRC32; -})(); - -/* -seek-bzip - a pure-javascript module for seeking within bzip2 data - -Copyright (C) 2013 C. Scott Ananian -Copyright (C) 2012 Eli Skeggs -Copyright (C) 2011 Kevin Kwok - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from node-bzip, copyright 2012 Eli Skeggs. -Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - - - - - -var MAX_HUFCODE_BITS = 20; -var MAX_SYMBOLS = 258; -var SYMBOL_RUNA = 0; -var SYMBOL_RUNB = 1; -var MIN_GROUPS = 2; -var MAX_GROUPS = 6; -var GROUP_SIZE = 50; - -var WHOLEPI = "314159265359"; -var SQRTPI = "177245385090"; - -var mtf = function(array, index) { - var src = array[index], i; - for (i = index; i > 0; i--) { - array[i] = array[i-1]; - } - array[0] = src; - return src; -}; - -var Err = { - OK: 0, - LAST_BLOCK: -1, - NOT_BZIP_DATA: -2, - UNEXPECTED_INPUT_EOF: -3, - UNEXPECTED_OUTPUT_EOF: -4, - DATA_ERROR: -5, - OUT_OF_MEMORY: -6, - OBSOLETE_INPUT: -7, - END_OF_BLOCK: -8 -}; -var ErrorMessages = {}; -ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; -ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; -ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; -ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; -ErrorMessages[Err.DATA_ERROR] = "Data error"; -ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; -ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - -var _throw = function(status, optDetail) { - var msg = ErrorMessages[status] || 'unknown error'; - if (optDetail) { msg += ': '+optDetail; } - var e = new TypeError(msg); - e.errorCode = status; - throw e; -}; - -var Bunzip = function(inputStream, outputStream) { - this.writePos = this.writeCurrent = this.writeCount = 0; - - this._start_bunzip(inputStream, outputStream); -}; -Bunzip.prototype._init_block = function() { - var moreBlocks = this._get_next_block(); - if ( !moreBlocks ) { - this.writeCount = -1; - return false; /* no more blocks */ - } - this.blockCRC = new crc32$1(); - return true; -}; -/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ -Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { - /* Ensure that file starts with "BZh['1'-'9']." */ - var buf = new Uint8Array(4); - if (inputStream.read(buf, 0, 4) !== 4 || - String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') - _throw(Err.NOT_BZIP_DATA, 'bad magic'); - - var level = buf[3] - 0x30; - if (level < 1 || level > 9) - _throw(Err.NOT_BZIP_DATA, 'level out of range'); - - this.reader = new bitreader(inputStream); - - /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of - uncompressed data. Allocate intermediate buffer for block. */ - this.dbufSize = 100000 * level; - this.nextoutput = 0; - this.outputStream = outputStream; - this.streamCRC = 0; -}; -Bunzip.prototype._get_next_block = function() { - var i, j, k; - var reader = this.reader; - // this is get_next_block() function from micro-bunzip: - /* Read in header signature and CRC, then validate signature. - (last block signature means CRC is for whole file, return now) */ - var h = reader.pi(); - if (h === SQRTPI) { // last block - return false; /* no more blocks */ - } - if (h !== WHOLEPI) - _throw(Err.NOT_BZIP_DATA); - this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) - this.streamCRC = (this.targetBlockCRC ^ - ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; - /* We can add support for blockRandomised if anybody complains. There was - some code for this in busybox 1.0.0-pre3, but nobody ever noticed that - it didn't actually work. */ - if (reader.read(1)) - _throw(Err.OBSOLETE_INPUT); - var origPointer = reader.read(24); - if (origPointer > this.dbufSize) - _throw(Err.DATA_ERROR, 'initial position out of bounds'); - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer - symbols to deal with, and writes a sparse bitfield indicating which - values were present. We make a translation table to convert the symbols - back to the corresponding bytes. */ - var t = reader.read(16); - var symToByte = new Uint8Array(256), symTotal = 0; - for (i = 0; i < 16; i++) { - if (t & (1 << (0xF - i))) { - var o = i * 16; - k = reader.read(16); - for (j = 0; j < 16; j++) - if (k & (1 << (0xF - j))) - symToByte[symTotal++] = o + j; - } - } - - /* How many different huffman coding groups does this block use? */ - var groupCount = reader.read(3); - if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) - _throw(Err.DATA_ERROR); - /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding - group. Read in the group selector list, which is stored as MTF encoded - bit runs. (MTF=Move To Front, as each value is used it's moved to the - start of the list.) */ - var nSelectors = reader.read(15); - if (nSelectors === 0) - _throw(Err.DATA_ERROR); - - var mtfSymbol = new Uint8Array(256); - for (i = 0; i < groupCount; i++) - mtfSymbol[i] = i; - - var selectors = new Uint8Array(nSelectors); // was 32768... - - for (i = 0; i < nSelectors; i++) { - /* Get next value */ - for (j = 0; reader.read(1); j++) - if (j >= groupCount) _throw(Err.DATA_ERROR); - /* Decode MTF to get the next selector */ - selectors[i] = mtf(mtfSymbol, j); - } - - /* Read the huffman coding tables for each group, which code for symTotal - literal symbols, plus two run symbols (RUNA, RUNB) */ - var symCount = symTotal + 2; - var groups = [], hufGroup; - for (j = 0; j < groupCount; j++) { - var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); - /* Read huffman code lengths for each symbol. They're stored in - a way similar to mtf; record a starting value for the first symbol, - and an offset from the previous value for everys symbol after that. */ - t = reader.read(5); // lengths - for (i = 0; i < symCount; i++) { - for (;;) { - if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); - /* If first bit is 0, stop. Else second bit indicates whether - to increment or decrement the value. */ - if(!reader.read(1)) - break; - if(!reader.read(1)) - t++; - else - t--; - } - length[i] = t; - } - - /* Find largest and smallest lengths in this group */ - var minLen, maxLen; - minLen = maxLen = length[0]; - for (i = 1; i < symCount; i++) { - if (length[i] > maxLen) - maxLen = length[i]; - else if (length[i] < minLen) - minLen = length[i]; - } - - /* Calculate permute[], base[], and limit[] tables from length[]. - * - * permute[] is the lookup table for converting huffman coded symbols - * into decoded symbols. base[] is the amount to subtract from the - * value of a huffman symbol of a given length when using permute[]. - * - * limit[] indicates the largest numerical value a symbol with a given - * number of bits can have. This is how the huffman codes can vary in - * length: each code with a value>limit[length] needs another bit. + Zlib.prototype.p = function (c, f) { + this.c.p(c); + var raw = dopt(c, this.o, this.v && 2, f && 4, !f); + if (this.v) + zlh(raw, this.o), this.v = 0; + if (f) + wbytes(raw, raw.length - 4, this.c.d()); + this.ondata(raw, f); + }; + return Zlib; +}()); +/** + * Streaming Zlib decompression + */ +var Unzlib = /*#__PURE__*/ (function () { + /** + * Creates a Zlib decompression stream + * @param cb The callback to call whenever data is inflated */ - hufGroup = {}; - groups.push(hufGroup); - hufGroup.permute = new Uint16Array(MAX_SYMBOLS); - hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); - hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); - hufGroup.minLen = minLen; - hufGroup.maxLen = maxLen; - /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ - var pp = 0; - for (i = minLen; i <= maxLen; i++) { - temp[i] = hufGroup.limit[i] = 0; - for (t = 0; t < symCount; t++) - if (length[t] === i) - hufGroup.permute[pp++] = t; - } - /* Count symbols coded for at each bit length */ - for (i = 0; i < symCount; i++) - temp[length[i]]++; - /* Calculate limit[] (the largest symbol-coding value at each bit - * length, which is (previous limit<<1)+symbols at this level), and - * base[] (number of symbols to ignore at each bit length, which is - * limit minus the cumulative count of symbols coded for already). */ - pp = t = 0; - for (i = minLen; i < maxLen; i++) { - pp += temp[i]; - /* We read the largest possible symbol size and then unget bits - after determining how many we need, and those extra bits could - be set to anything. (They're noise from future symbols.) At - each level we're really only interested in the first few bits, - so here we set all the trailing to-be-ignored bits to 1 so they - don't affect the value>limit[length] comparison. */ - hufGroup.limit[i] = pp - 1; - pp <<= 1; - t += temp[i]; - hufGroup.base[i + 1] = pp - t; - } - hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ - hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; - hufGroup.base[minLen] = 0; - } - /* We've finished reading and digesting the block header. Now read this - block's huffman coded symbols from the file and undo the huffman coding - and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - - /* Initialize symbol occurrence counters and symbol Move To Front table */ - var byteCount = new Uint32Array(256); - for (i = 0; i < 256; i++) - mtfSymbol[i] = i; - /* Loop through compressed symbols. */ - var runPos = 0, dbufCount = 0, selector = 0, uc; - var dbuf = this.dbuf = new Uint32Array(this.dbufSize); - symCount = 0; - for (;;) { - /* Determine which huffman coding group to use. */ - if (!(symCount--)) { - symCount = GROUP_SIZE - 1; - if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } - hufGroup = groups[selectors[selector++]]; - } - /* Read next huffman-coded symbol. */ - i = hufGroup.minLen; - j = reader.read(i); - for (;;i++) { - if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } - if (j <= hufGroup.limit[i]) - break; - j = (j << 1) | reader.read(1); - } - /* Huffman decode value to get nextSym (with bounds checking) */ - j -= hufGroup.base[i]; - if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } - var nextSym = hufGroup.permute[j]; - /* We have now decoded the symbol, which indicates either a new literal - byte, or a repeated run of the most recent literal byte. First, - check if nextSym indicates a repeated run, and if so loop collecting - how many times to repeat the last literal. */ - if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { - /* If this is the start of a new run, zero out counter */ - if (!runPos){ - runPos = 1; - t = 0; - } - /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at - each bit position, add 1 or 2 instead. For example, - 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. - You can make any bit pattern that way using 1 less symbol than - the basic or 0/1 method (except all bits 0, which would use no - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - if (nextSym === SYMBOL_RUNA) - t += runPos; - else - t += 2 * runPos; - runPos <<= 1; - continue; - } - /* When we hit the first non-run symbol after a run, we now know - how many times to repeat the last literal, so append that many - copies to our buffer of decoded symbols (dbuf) now. (The last - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos){ - runPos = 0; - if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } - uc = symToByte[mtfSymbol[0]]; - byteCount[uc] += t; - while (t--) - dbuf[dbufCount++] = uc; - } - /* Is this the terminating symbol? */ - if (nextSym > symTotal) - break; - /* At this point, nextSym indicates a new literal character. Subtract - one to get the position in the MTF array at which this literal is - currently to be found. (Note that the result can't be -1 or 0, - because 0 and 1 are RUNA and RUNB. But another instance of the - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ - if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } - i = nextSym - 1; - uc = mtf(mtfSymbol, i); - uc = symToByte[uc]; - /* We have our literal byte. Save it into dbuf. */ - byteCount[uc]++; - dbuf[dbufCount++] = uc; - } - /* At this point, we've read all the huffman-coded symbols (and repeated - runs) for this block from the input stream, and decoded them into the - intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. - Now undo the Burrows-Wheeler transform on dbuf. - See http://dogma.net/markn/articles/bwt/bwt.htm - */ - if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } - /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ - j = 0; - for (i = 0; i < 256; i++) { - k = j + byteCount[i]; - byteCount[i] = j; - j = k; - } - /* Figure out what order dbuf would be in if we sorted it. */ - for (i = 0; i < dbufCount; i++) { - uc = dbuf[i] & 0xff; - dbuf[byteCount[uc]] |= (i << 8); - byteCount[uc]++; - } - /* Decode first byte by hand to initialize "previous" byte. Note that it - doesn't get output, and if the first three characters are identical - it doesn't qualify as a run (hence writeRunCountdown=5). */ - var pos = 0, current = 0, run = 0; - if (dbufCount) { - pos = dbuf[origPointer]; - current = (pos & 0xff); - pos >>= 8; - run = -1; - } - this.writePos = pos; - this.writeCurrent = current; - this.writeCount = dbufCount; - this.writeRun = run; - - return true; /* more blocks to come */ -}; -/* Undo burrows-wheeler transform on intermediate buffer to produce output. - If start_bunzip was initialized with out_fd=-1, then up to len bytes of - data are written to outbuf. Return value is number of bytes written or - error (all errors are negative numbers). If out_fd!=-1, outbuf and len - are ignored, data is written to out_fd and return is RETVAL_OK or error. -*/ -Bunzip.prototype._read_bunzip = function(outputBuffer, len) { - var copies, previous, outbyte; - /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully - decoded, which results in this returning RETVAL_LAST_BLOCK, also - equal to -1... Confusing, I'm returning 0 here to indicate no - bytes written into the buffer */ - if (this.writeCount < 0) { return 0; } - var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; - var dbufCount = this.writeCount; this.outputsize; - var run = this.writeRun; - - while (dbufCount) { - dbufCount--; - previous = current; - pos = dbuf[pos]; - current = pos & 0xff; - pos >>= 8; - if (run++ === 3){ - copies = current; - outbyte = previous; - current = -1; - } else { - copies = 1; - outbyte = current; - } - this.blockCRC.updateCRCRun(outbyte, copies); - while (copies--) { - this.outputStream.writeByte(outbyte); - this.nextoutput++; - } - if (current != previous) - run = 0; - } - this.writeCount = dbufCount; - // check CRC - if (this.blockCRC.getCRC() !== this.targetBlockCRC) { - _throw(Err.DATA_ERROR, "Bad block CRC "+ - "(got "+this.blockCRC.getCRC().toString(16)+ - " expected "+this.targetBlockCRC.toString(16)+")"); - } - return this.nextoutput; -}; - -var coerceInputStream = function(input) { - if ('readByte' in input) { return input; } - var inputStream = new stream(); - inputStream.pos = 0; - inputStream.readByte = function() { return input[this.pos++]; }; - inputStream.seek = function(pos) { this.pos = pos; }; - inputStream.eof = function() { return this.pos >= input.length; }; - return inputStream; -}; -var coerceOutputStream = function(output) { - var outputStream = new stream(); - var resizeOk = true; - if (output) { - if (typeof(output)==='number') { - outputStream.buffer = new Uint8Array(output); - resizeOk = false; - } else if ('writeByte' in output) { - return output; - } else { - outputStream.buffer = output; - resizeOk = false; - } - } else { - outputStream.buffer = new Uint8Array(16384); - } - outputStream.pos = 0; - outputStream.writeByte = function(_byte) { - if (resizeOk && this.pos >= this.buffer.length) { - var newBuffer = new Uint8Array(this.buffer.length*2); - newBuffer.set(this.buffer); - this.buffer = newBuffer; + function Unzlib(cb) { + this.v = 1; + Inflate.call(this, cb); } - this.buffer[this.pos++] = _byte; - }; - outputStream.getBuffer = function() { - // trim buffer - if (this.pos !== this.buffer.length) { - if (!resizeOk) - throw new TypeError('outputsize does not match decoded input'); - var newBuffer = new Uint8Array(this.pos); - newBuffer.set(this.buffer.subarray(0, this.pos)); - this.buffer = newBuffer; - } - return this.buffer; - }; - outputStream._coerced = true; - return outputStream; -}; - -/* Static helper functions */ -// 'input' can be a stream or a buffer -// 'output' can be a stream or a buffer or a number (buffer size) -const decode$2 = function(input, output, multistream) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - - var bz = new Bunzip(inputStream, outputStream); - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - if (bz._init_block()) { - bz._read_bunzip(); - } else { - var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) - if (targetStreamCRC !== bz.streamCRC) { - _throw(Err.DATA_ERROR, "Bad stream CRC "+ - "(got "+bz.streamCRC.toString(16)+ - " expected "+targetStreamCRC.toString(16)+")"); - } - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - } else break; - } - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -const decodeBlock = function(input, pos, output) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - var bz = new Bunzip(inputStream, outputStream); - bz.reader.seek(pos); - /* Fill the decode buffer for the block */ - var moreBlocks = bz._get_next_block(); - if (moreBlocks) { - /* Init the CRC for writing */ - bz.blockCRC = new crc32$1(); - - /* Zero this so the current byte from before the seek is not written */ - bz.writeCopies = 0; - - /* Decompress the block and write to stdout */ - bz._read_bunzip(); - // XXX keep writing? - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -/* Reads bzip2 file from stream or buffer `input`, and invoke - * `callback(position, size)` once for each bzip2 block, - * where position gives the starting position (in *bits*) - * and size gives uncompressed size of the block (in *bytes*). */ -const table = function(input, callback, multistream) { - // make a stream from a buffer, if necessary - var inputStream = new stream(); - inputStream.delegate = coerceInputStream(input); - inputStream.pos = 0; - inputStream.readByte = function() { - this.pos++; - return this.delegate.readByte(); - }; - if (inputStream.delegate.eof) { - inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); - } - var outputStream = new stream(); - outputStream.pos = 0; - outputStream.writeByte = function() { this.pos++; }; - - var bz = new Bunzip(inputStream, outputStream); - var blockSize = bz.dbufSize; - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - - var position = inputStream.pos*8 + bz.reader.bitOffset; - if (bz.reader.hasByte) { position -= 8; } - - if (bz._init_block()) { - var start = outputStream.pos; - bz._read_bunzip(); - callback(position, outputStream.pos - start); - } else { - bz.reader.read(32); // (but we ignore the crc) - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - console.assert(bz.dbufSize === blockSize, - "shouldn't change block size within multistream file"); - } else break; - } - } -}; - -var lib = { - Bunzip, - Stream: stream, - Err, - decode: decode$2, - decodeBlock, - table -}; -var lib_4 = lib.decode; + /** + * Pushes a chunk to be unzlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Unzlib.prototype.push = function (chunk, final) { + Inflate.prototype.e.call(this, chunk); + if (this.v) { + if (this.p.length < 2 && !final) + return; + this.p = this.p.subarray(2), this.v = 0; + } + if (final) { + if (this.p.length < 4) + err(6, 'invalid zlib data'); + this.p = this.p.subarray(0, -4); + } + // necessary to prevent TS from using the closure value + // This allows for workerization to function correctly + Inflate.prototype.c.call(this, final); + }; + return Unzlib; +}()); +// text decoder +var td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder(); +// text decoder stream +var tds = 0; +try { + td.decode(et, { stream: true }); + tds = 1; +} +catch (e) { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Implementation of the Literal Data Packet (Tag 11) @@ -23139,43 +12717,166 @@ class LiteralDataPacket { } /** - * Creates a Uint8Array representation of the packet, excluding the data - * - * @returns {Uint8Array} Uint8Array representation of the packet. + * Creates a Uint8Array representation of the packet, excluding the data + * + * @returns {Uint8Array} Uint8Array representation of the packet. + */ + writeHeader() { + const filename = util.encodeUTF8(this.filename); + const filename_length = new Uint8Array([filename.length]); + + const format = new Uint8Array([this.format]); + const date = util.writeDate(this.date); + + return util.concatUint8Array([format, filename_length, filename, date]); + } + + /** + * Creates a Uint8Array representation of the packet + * + * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. + */ + write() { + const header = this.writeHeader(); + const data = this.getBytes(); + + return util.concat([header, data]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of type key id + * + * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: + * A Key ID is an eight-octet scalar that identifies a key. + * Implementations SHOULD NOT assume that Key IDs are unique. The + * section "Enhanced Key Formats" below describes how Key IDs are + * formed. + */ +class KeyID { + constructor() { + this.bytes = ''; + } + + /** + * Parsing method for a key id + * @param {Uint8Array} bytes - Input to read the key id from + */ + read(bytes) { + this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); + return this.bytes.length; + } + + /** + * Serializes the Key ID + * @returns {Uint8Array} Key ID as a Uint8Array. + */ + write() { + return util.stringToUint8Array(this.bytes); + } + + /** + * Returns the Key ID represented as a hexadecimal string + * @returns {String} Key ID as a hexadecimal string. + */ + toHex() { + return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); + } + + /** + * Checks equality of Key ID's + * @param {KeyID} keyID + * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard + */ + equals(keyID, matchWildcard = false) { + return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; + } + + /** + * Checks to see if the Key ID is unset + * @returns {Boolean} True if the Key ID is null. + */ + isNull() { + return this.bytes === ''; + } + + /** + * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) + * @returns {Boolean} True if this is a wildcard Key ID. */ - writeHeader() { - const filename = util.encodeUTF8(this.filename); - const filename_length = new Uint8Array([filename.length]); - - const format = new Uint8Array([this.format]); - const date = util.writeDate(this.date); + isWildcard() { + return /^0+$/.test(this.toHex()); + } - return util.concatUint8Array([format, filename_length, filename, date]); + static mapToHex(keyID) { + return keyID.toHex(); } - /** - * Creates a Uint8Array representation of the packet - * - * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. - */ - write() { - const header = this.writeHeader(); - const data = this.getBytes(); + static fromID(hex) { + const keyID = new KeyID(); + keyID.read(util.hexToUint8Array(hex)); + return keyID; + } - return util.concat([header, data]); + static wildcard() { + const keyID = new KeyID(); + keyID.read(new Uint8Array(8)); + return keyID; } } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. const verified = Symbol('verified'); +// A salt notation is used to randomize signatures. +// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks +// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170). +// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g. +// some chosen-prefix attacks. +// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt. +const SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org'; + // GPG puts the Issuer and Signature subpackets in the unhashed area. // Tampering with those invalidates the signature, so we still trust them and parse them. // All other unhashed subpackets are ignored. const allowedUnhashedSubpackets = new Set([ - enums.signatureSubpacket.issuer, + enums.signatureSubpacket.issuerKeyID, enums.signatureSubpacket.issuerFingerprint, enums.signatureSubpacket.embeddedSignature ]); @@ -23204,7 +12905,9 @@ class SignaturePacket { this.signatureData = null; this.unhashedSubpackets = []; + this.unknownSubpackets = []; this.signedHashValue = null; + this.salt = null; this.created = null; this.signatureExpirationTime = null; @@ -23241,6 +12944,7 @@ class SignaturePacket { this.issuerKeyVersion = null; this.issuerFingerprint = null; this.preferredAEADAlgorithms = null; + this.preferredCipherSuites = null; this.revoked = null; this[verified] = null; @@ -23251,11 +12955,14 @@ class SignaturePacket { * @param {String} bytes - Payload of a tag 2 packet * @returns {SignaturePacket} Object representation. */ - read(bytes) { + read(bytes, config$1 = config) { let i = 0; this.version = bytes[i++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } - if (this.version !== 4 && this.version !== 5) { + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); } @@ -23284,7 +12991,24 @@ class SignaturePacket { this.signedHashValue = bytes.subarray(i, i + 2); i += 2; - this.params = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length)); + // Only for v6 signatures, a variable-length field containing: + if (this.version === 6) { + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[i++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(i, i + saltLength); + i += saltLength; + } + + const signatureMaterial = bytes.subarray(i, bytes.length); + const { read, signatureParams } = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial); + if (read < signatureMaterial.length) { + throw new Error('Error reading MPIs'); + } + this.params = signatureParams; } /** @@ -23304,6 +13028,10 @@ class SignaturePacket { arr.push(this.signatureData); arr.push(this.writeUnhashedSubPackets()); arr.push(this.signedHashValue); + if (this.version === 6) { + arr.push(new Uint8Array([this.salt.length])); + arr.push(this.salt); + } arr.push(this.writeParams()); return util.concat(arr); } @@ -23317,19 +13045,41 @@ class SignaturePacket { * @throws {Error} if signing failed * @async */ - async sign(key, data, date = new Date(), detached = false) { - if (key.version === 5) { - this.version = 5; - } else { - this.version = 4; - } - const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; + async sign(key, data, date = new Date(), detached = false, config) { + this.version = key.version; this.created = util.normalizeDate(date); this.issuerKeyVersion = key.version; this.issuerFingerprint = key.getFingerprintBytes(); this.issuerKeyID = key.getKeyID(); + const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; + + // add randomness to the signature + if (this.version === 6) { + const saltLength = saltLengthForHash(this.hashAlgorithm); + if (this.salt === null) { + this.salt = mod.random.getRandomBytes(saltLength); + } else if (saltLength !== this.salt.length) { + throw new Error('Provided salt does not have the required length'); + } + } else if (config.nonDeterministicSignaturesViaNotation) { + const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME)); + // since re-signing the same object is not supported, it's not expected to have multiple salt notations, + // but we guard against it as a sanity check + if (saltNotations.length === 0) { + const saltValue = mod.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm)); + this.rawNotations.push({ + name: SALT_NOTATION_NAME, + value: saltValue, + humanReadable: false, + critical: false + }); + } else { + throw new Error('Unexpected existing salt notation'); + } + } + // Add hashed subpackets arr.push(this.writeHashedSubPackets()); @@ -23400,10 +13150,10 @@ class SignaturePacket { bytes = util.concat([bytes, this.revocationKeyFingerprint]); arr.push(writeSubPacket(sub.revocationKey, false, bytes)); } - if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { + if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) { // If the version of [the] key is greater than 4, this subpacket // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write())); + arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write())); } this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; @@ -23465,15 +13215,19 @@ class SignaturePacket { if (this.issuerFingerprint !== null) { bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes)); + arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes)); } if (this.preferredAEADAlgorithms !== null) { bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); } + if (this.preferredCipherSuites !== null) { + bytes = new Uint8Array([].concat(...this.preferredCipherSuites)); + arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes)); + } const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); return util.concat([length, result]); } @@ -23483,19 +13237,17 @@ class SignaturePacket { * @returns {Uint8Array} Subpacket data. */ writeUnhashedSubPackets() { - const arr = []; - this.unhashedSubpackets.forEach(data => { - arr.push(writeSimpleLength(data.length)); - arr.push(data); + const arr = this.unhashedSubpackets.map(({ type, critical, body }) => { + return writeSubPacket(type, critical, body); }); const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); return util.concat([length, result]); } - // V4 signature sub packets + // Signature subpackets readSubPacket(bytes, hashed = true) { let mypos = 0; @@ -23503,15 +13255,19 @@ class SignaturePacket { const critical = !!(bytes[mypos] & 0x80); const type = bytes[mypos] & 0x7F; + mypos++; + if (!hashed) { - this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); + this.unhashedSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); if (!allowedUnhashedSubpackets.has(type)) { return; } } - mypos++; - // subpacket type switch (type) { case enums.signatureSubpacket.signatureCreationTime: @@ -23567,9 +13323,21 @@ class SignaturePacket { this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); break; - case enums.signatureSubpacket.issuer: + case enums.signatureSubpacket.issuerKeyID: // Issuer - this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + if (this.version === 4) { + this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + } else if (hashed) { + // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature, + // since the Issuer Fingerprint subpacket is to be used instead. + // The `issuerKeyID` value will be set when reading the issuerFingerprint packet. + // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it, + // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed) + // issuerFingerprint. + // If the packet is hashed, then we reject the signature, to avoid verifying data different from + // what was parsed. + throw new Error('Unexpected Issuer Key ID subpacket'); + } break; case enums.signatureSubpacket.notationData: { @@ -23654,7 +13422,7 @@ class SignaturePacket { // Issuer Fingerprint this.issuerKeyVersion = bytes[mypos++]; this.issuerFingerprint = bytes.subarray(mypos, bytes.length); - if (this.issuerKeyVersion === 5) { + if (this.issuerKeyVersion >= 5) { this.issuerKeyID.read(this.issuerFingerprint); } else { this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); @@ -23664,22 +13432,30 @@ class SignaturePacket { // Preferred AEAD Algorithms this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; break; - default: { - const err = new Error(`Unknown signature subpacket type ${type}`); - if (critical) { - throw err; - } else { - util.printDebug(err); + case enums.signatureSubpacket.preferredCipherSuites: + // Preferred AEAD Cipher Suites + this.preferredCipherSuites = []; + for (let i = mypos; i < bytes.length; i += 2) { + this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); } - } + break; + default: + this.unknownSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + break; } } readSubPackets(bytes, trusted = true, config) { + const subpacketLengthBytes = this.version === 6 ? 4 : 2; + // Two-octet scalar octet count for following subpacket data. - const subpacketLength = util.readNumber(bytes.subarray(0, 2)); + const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes)); - let i = 2; + let i = subpacketLengthBytes; // subpacket data set (zero or more subpackets) while (i < 2 + subpacketLength) { @@ -23790,10 +13566,15 @@ class SignaturePacket { toHash(signatureType, data, detached = false) { const bytes = this.toSign(signatureType, data); - return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]); + return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]); } async hash(signatureType, data, toHash, detached = false) { + if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) { + // avoid hashing unexpected salt size + throw new Error('Signature salt does not have the expected length'); + } + if (!toHash) toHash = this.toHash(signatureType, data, detached); return mod.hash.digest(this.hashAlgorithm, toHash); } @@ -23863,6 +13644,11 @@ class SignaturePacket { [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); } + this.unknownSubpackets.forEach(({ type, critical }) => { + if (critical) { + throw new Error(`Unknown critical signature subpacket type ${type}`); + } + }); this.rawNotations.forEach(({ name, critical }) => { if (critical && (config$1.knownNotations.indexOf(name) < 0)) { throw new Error(`Unknown critical notation: ${name}`); @@ -23913,9 +13699,42 @@ function writeSubPacket(type, critical, data) { return util.concat(arr); } +/** + * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. + * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5} + * @param {enums.hash} hashAlgorithm - Hash algorithm. + * @returns {Integer} Salt length. + * @private + */ +function saltLengthForHash(hashAlgorithm) { + switch (hashAlgorithm) { + case enums.hash.sha256: return 16; + case enums.hash.sha384: return 24; + case enums.hash.sha512: return 32; + case enums.hash.sha224: return 16; + case enums.hash.sha3_256: return 16; + case enums.hash.sha3_512: return 32; + default: throw new Error('Unsupported hash function'); + } +} + // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -const VERSION = 3; /** * Implementation of the One-Pass Signature Packets (Tag 4) @@ -23932,8 +13751,22 @@ class OnePassSignaturePacket { return enums.packet.onePassSignature; } + static fromSignaturePacket(signaturePacket, isLast) { + const onePassSig = new OnePassSignaturePacket(); + onePassSig.version = signaturePacket.version === 6 ? 6 : 3; + onePassSig.signatureType = signaturePacket.signatureType; + onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; + onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; + onePassSig.issuerKeyID = signaturePacket.issuerKeyID; + onePassSig.salt = signaturePacket.salt; // v6 only + onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only + + onePassSig.flags = isLast ? 1 : 0; + return onePassSig; + } + constructor() { - /** A one-octet version number. The current version is 3. */ + /** A one-octet version number. The current versions are 3 and 6. */ this.version = null; /** * A one-octet signature type. @@ -23955,8 +13788,12 @@ class OnePassSignaturePacket { * @type {enums.publicKey} */ this.publicKeyAlgorithm = null; - /** An eight-octet number holding the Key ID of the signing key. */ + /** Only for v6, a variable-length field containing the salt. */ + this.salt = null; + /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */ this.issuerKeyID = null; + /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */ + this.issuerFingerprint = null; /** * A one-octet number holding a flag showing whether the signature is nested. * A zero value indicates that the next packet is another One-Pass Signature packet @@ -23972,9 +13809,9 @@ class OnePassSignaturePacket { */ read(bytes) { let mypos = 0; - // A one-octet version number. The current version is 3. + // A one-octet version number. The current versions are 3 or 6. this.version = bytes[mypos++]; - if (this.version !== VERSION) { + if (this.version !== 3 && this.version !== 6) { throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); } @@ -23988,10 +13825,30 @@ class OnePassSignaturePacket { // A one-octet number describing the public-key algorithm used. this.publicKeyAlgorithm = bytes[mypos++]; - // An eight-octet number holding the Key ID of the signing key. - this.issuerKeyID = new KeyID(); - this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); - mypos += 8; + if (this.version === 6) { + // Only for v6 signatures, a variable-length field containing: + + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[mypos++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(mypos, mypos + saltLength); + mypos += saltLength; + + // Only for v6 packets, 32 octets of the fingerprint of the signing key. + this.issuerFingerprint = bytes.subarray(mypos, mypos + 32); + mypos += 32; + this.issuerKeyID = new KeyID(); + // For v6 the Key ID is the high-order 64 bits of the fingerprint. + this.issuerKeyID.read(this.issuerFingerprint); + } else { + // Only for v3 packets, an eight-octet number holding the Key ID of the signing key. + this.issuerKeyID = new KeyID(); + this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); + mypos += 8; + } // A one-octet number holding a flag showing whether the signature // is nested. A zero value indicates that the next packet is @@ -24006,11 +13863,23 @@ class OnePassSignaturePacket { * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. */ write() { - const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]); - - const end = new Uint8Array([this.flags]); - - return util.concatUint8Array([start, this.issuerKeyID.write(), end]); + const arr = [new Uint8Array([ + this.version, + this.signatureType, + this.hashAlgorithm, + this.publicKeyAlgorithm + ])]; + if (this.version === 6) { + arr.push( + new Uint8Array([this.salt.length]), + this.salt, + this.issuerFingerprint + ); + } else { + arr.push(this.issuerKeyID.write()); + } + arr.push(new Uint8Array([this.flags])); + return util.concatUint8Array(arr); } calculateTrailer(...args) { @@ -24026,7 +13895,11 @@ class OnePassSignaturePacket { correspondingSig.signatureType !== this.signatureType || correspondingSig.hashAlgorithm !== this.hashAlgorithm || correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || - !correspondingSig.issuerKeyID.equals(this.issuerKeyID) + !correspondingSig.issuerKeyID.equals(this.issuerKeyID) || + (this.version === 3 && correspondingSig.version === 6) || + (this.version === 6 && correspondingSig.version !== 6) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt)) ) { throw new Error('Corresponding signature packet does not match one-pass signature packet'); } @@ -24054,7 +13927,7 @@ function newPacketFromTag(tag, allowedPackets) { try { packetType = enums.read(enums.packet, tag); } catch (e) { - throw new UnsupportedError(`Unknown packet type with tag: ${tag}`); + throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`); } throw new Error(`Packet not allowed in this context: ${packetType}`); } @@ -24103,10 +13976,11 @@ class PacketList extends Array { await writer.ready; const done = await readPackets(readable, async parsed => { try { - if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) { + if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) { // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 + // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 return; } const packet = newPacketFromTag(parsed.tag, allowedPackets); @@ -24115,6 +13989,17 @@ class PacketList extends Array { await packet.read(parsed.packet, config$1); await writer.write(packet); } catch (e) { + // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence, + // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored. + // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical. + if (e instanceof UnknownPacketError) { + if (parsed.tag <= 39) { + await writer.abort(e); + } else { + return; + } + } + const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { @@ -24249,9 +14134,25 @@ class PacketList extends Array { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A Compressed Data packet can contain the following packet types -const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([ +const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([ LiteralDataPacket, OnePassSignaturePacket, SignaturePacket @@ -24290,11 +14191,6 @@ class CompressedDataPacket { * @type {Uint8Array | ReadableStream} */ this.compressed = null; - - /** - * zip/zlib compression level, between 1 and 9 - */ - this.deflateLevel = config$1.deflateLevel; } /** @@ -24336,12 +14232,12 @@ class CompressedDataPacket { */ async decompress(config$1 = config) { const compressionName = enums.read(enums.compression, this.algorithm); - const decompressionFn = decompress_fns[compressionName]; + const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async if (!decompressionFn) { throw new Error(`${compressionName} decompression not supported`); } - this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config$1); + this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets$5, config$1); } /** @@ -24354,7 +14250,7 @@ class CompressedDataPacket { throw new Error(`${compressionName} compression not supported`); } - this.compressed = compressionFn(this.packets.write(), this.deflateLevel); + this.compressed = compressionFn(this.packets.write()); } } @@ -24364,84 +14260,127 @@ class CompressedDataPacket { // // ////////////////////////// - -const nodeZlib = util.getNodeZlib(); - -function uncompressed(data) { - return data; -} - -function node_zlib(func, create, options = {}) { - return function (data) { +/** + * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise. + * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator + * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor + * @returns {ReadableStream} compressed or decompressed data + */ +function zlib(compressionStreamInstantiator, ZlibStreamedConstructor) { + return data => { if (!util.isStream(data) || isArrayStream(data)) { - return fromAsync(() => readToEnd(data).then(data => { + return fromAsync(() => readToEnd(data).then(inputData => { return new Promise((resolve, reject) => { - func(data, options, (err, result) => { - if (err) return reject(err); - resolve(result); - }); + const zlibStream = new ZlibStreamedConstructor(); + zlibStream.ondata = processedData => { + resolve(processedData); + }; + try { + zlibStream.push(inputData, true); // only one chunk to push + } catch (err) { + reject(err); + } }); })); } - return nodeToWeb(webToNode(data).pipe(create(options))); - }; -} -function pako_zlib(constructor, options = {}) { - return function(data) { - const obj = new constructor(options); - return transform(data, value => { - if (value.length) { - obj.push(value, Z_SYNC_FLUSH); - return obj.result; + // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API) + if (compressionStreamInstantiator) { + try { + const compressorOrDecompressor = compressionStreamInstantiator(); + return data.pipeThrough(compressorOrDecompressor); + } catch (err) { + // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate. + if (err.name !== 'TypeError') { + throw err; + } } - }, () => { - if (constructor === Deflate) { - obj.push([], Z_FINISH); - return obj.result; + } + + // JS fallback + const inputReader = data.getReader(); + const zlibStream = new ZlibStreamedConstructor(); + + return new ReadableStream({ + async start(controller) { + zlibStream.ondata = async (value, isLast) => { + controller.enqueue(value); + if (isLast) { + controller.close(); + } + }; + + while (true) { + const { done, value } = await inputReader.read(); + if (done) { + zlibStream.push(new Uint8Array(), true); + return; + } else if (value.length) { + zlibStream.push(value); + } + } } }); }; } -function bzip2(func) { - return function(data) { - return fromAsync(async () => func(await readToEnd(data))); +function bzip2Decompress() { + return async function(data) { + const { decode: bunzipDecode } = await import('./seek-bzip.mjs').then(function (n) { return n.i; }); + return fromAsync(async () => bunzipDecode(await readToEnd(data))); }; } -const compress_fns = nodeZlib ? { - zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed) -} : { - zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed) +/** + * Get Compression Stream API instatiators if the constructors are implemented. + * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported + * (supported formats cannot be determined in advance). + * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat + * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }} + */ +const getCompressionStreamInstantiators = compressionFormat => ({ + compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)), + decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat)) +}); + +const compress_fns = { + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib) }; -const decompress_fns = nodeZlib ? { - uncompressed: uncompressed, - zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw), - zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -} : { - uncompressed: uncompressed, - zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }), - zlib: /*#__PURE__*/ pako_zlib(Inflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) +const decompress_fns = { + uncompressed: data => data, + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib), + bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import }; // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A SEIP packet can contain the following packet types -const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([ +const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([ LiteralDataPacket, CompressedDataPacket, OnePassSignaturePacket, SignaturePacket ]); -const VERSION$1 = 1; // A one-octet version number of the data packet. - /** * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) * @@ -24457,29 +14396,70 @@ class SymEncryptedIntegrityProtectedDataPacket { return enums.packet.symEncryptedIntegrityProtectedData; } + static fromObject({ version, aeadAlgorithm }) { + if (version !== 1 && version !== 2) { + throw new Error('Unsupported SEIPD version'); + } + + const seip = new SymEncryptedIntegrityProtectedDataPacket(); + seip.version = version; + if (version === 2) { + seip.aeadAlgorithm = aeadAlgorithm; + } + + return seip; + } + constructor() { - this.version = VERSION$1; + this.version = null; + + // The following 4 fields are for V2 only. + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = null; + this.chunkSizeByte = null; + this.salt = null; + this.encrypted = null; this.packets = null; } async read(bytes) { await parse(bytes, async reader => { - const version = await reader.readByte(); - // - A one-octet version number. The only currently defined value is 1. - if (version !== VERSION$1) { - throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`); + this.version = await reader.readByte(); + // - A one-octet version number with value 1 or 2. + if (this.version !== 1 && this.version !== 2) { + throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`); + } + + if (this.version === 2) { + // - A one-octet cipher algorithm. + this.cipherAlgorithm = await reader.readByte(); + // - A one-octet AEAD algorithm. + this.aeadAlgorithm = await reader.readByte(); + // - A one-octet chunk size. + this.chunkSizeByte = await reader.readByte(); + // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique. + this.salt = await reader.readBytes(32); } + // For V1: // - Encrypted data, the output of the selected symmetric-key cipher // operating in Cipher Feedback mode with shift amount equal to the // block size of the cipher (CFB-n where n is the block size). + // For V2: + // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode. + // - A final, summary authentication tag for the AEAD mode. this.encrypted = reader.remainder(); }); } write() { - return util.concat([new Uint8Array([VERSION$1]), this.encrypted]); + if (this.version === 2) { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]); + } + return util.concat([new Uint8Array([this.version]), this.encrypted]); } /** @@ -24492,18 +14472,35 @@ class SymEncryptedIntegrityProtectedDataPacket { * @async */ async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + const { blockSize, keySize } = mod.getCipherParams(sessionKeyAlgorithm); + if (key.length !== keySize) { + throw new Error('Unexpected session key size'); + } let bytes = this.packets.write(); if (isArrayStream(bytes)) bytes = await readToEnd(bytes); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet - const tohash = util.concat([prefix, bytes, mdc]); - const hash = await mod.hash.sha1(passiveClone(tohash)); - const plaintext = util.concat([tohash, hash]); + if (this.version === 2) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + this.salt = mod.random.getRandomBytes(32); + this.chunkSizeByte = config$1.aeadChunkSizeByte; + this.encrypted = await runAEAD(this, 'encrypt', key, bytes); + } else { + const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); + const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet + + const tohash = util.concat([prefix, bytes, mdc]); + const hash = await mod.hash.sha1(passiveClone(tohash)); + const plaintext = util.concat([tohash, hash]); - this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); + this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); + } return true; } @@ -24517,46 +14514,196 @@ class SymEncryptedIntegrityProtectedDataPacket { * @async */ async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + if (key.length !== mod.getCipherParams(sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + let encrypted = clone(this.encrypted); if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); - - // there must be a modification detection code packet as the - // last packet and everything gets hashed except the hash itself - const realHash = slice(passiveClone(decrypted), -20); - const tohash = slice(decrypted, 0, -20); - const verifyHash = Promise.all([ - readToEnd(await mod.hash.sha1(passiveClone(tohash))), - readToEnd(realHash) - ]).then(([hash, mdc]) => { - if (!util.equalsUint8Array(hash, mdc)) { - throw new Error('Modification detected.'); + + let packetbytes; + if (this.version === 2) { + if (this.cipherAlgorithm !== sessionKeyAlgorithm) { + // sanity check + throw new Error('Unexpected session key algorithm'); + } + packetbytes = await runAEAD(this, 'decrypt', key, encrypted); + } else { + const { blockSize } = mod.getCipherParams(sessionKeyAlgorithm); + const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); + + // there must be a modification detection code packet as the + // last packet and everything gets hashed except the hash itself + const realHash = slice(passiveClone(decrypted), -20); + const tohash = slice(decrypted, 0, -20); + const verifyHash = Promise.all([ + readToEnd(await mod.hash.sha1(passiveClone(tohash))), + readToEnd(realHash) + ]).then(([hash, mdc]) => { + if (!util.equalsUint8Array(hash, mdc)) { + throw new Error('Modification detected.'); + } + return new Uint8Array(); + }); + const bytes = slice(tohash, blockSize + 2); // Remove random prefix + packetbytes = slice(bytes, 0, -2); // Remove MDC packet + packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); + if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { + packetbytes = await readToEnd(packetbytes); } - return new Uint8Array(); - }); - const bytes = slice(tohash, blockSize + 2); // Remove random prefix - let packetbytes = slice(bytes, 0, -2); // Remove MDC packet - packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); - if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { - packetbytes = await readToEnd(packetbytes); } - this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$1, config$1); + + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$4, config$1); return true; } } +/** + * En/decrypt the payload. + * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt + * @param {Uint8Array} key - The session key used to en/decrypt the payload + * @param {Uint8Array | ReadableStream} data - The data to en/decrypt + * @returns {Promise>} + * @async + */ +async function runAEAD(packet, fn, key, data) { + const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2; + const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import) + if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type'); + + const mode = mod.getAEADMode(packet.aeadAlgorithm); + const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; + const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; + const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) + const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0; + const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP); + const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP); + const adataTagArray = new Uint8Array(adataBuffer); + const adataView = new DataView(adataBuffer); + const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); + adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0); + let chunkIndex = 0; + let latestPromise = Promise.resolve(); + let cryptedBytes = 0; + let queuedBytes = 0; + let iv; + let ivView; + if (isSEIPDv2) { + const { keySize } = mod.getCipherParams(packet.cipherAlgorithm); + const { ivLength } = mode; + const info = new Uint8Array(adataBuffer, 0, 5); + const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength); + key = derived.subarray(0, keySize); + iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy. + iv.fill(0, iv.length - 8); + ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); + } else { // AEADEncryptedDataPacket + iv = packet.iv; + // ivView is unused in this case + } + const modeInstance = await mode(packet.cipherAlgorithm, key); + return transformPair(data, async (readable, writable) => { + if (util.isStream(readable) !== 'array') { + const buffer = new TransformStream({}, { + highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6), + size: array => array.length + }); + pipe(buffer.readable, writable); + writable = buffer.writable; + } + const reader = getReader(readable); + const writer = getWriter(writable); + try { + while (true) { + let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); + const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); + chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); + let cryptedPromise; + let done; + let nonce; + if (isSEIPDv2) { // SEIPD V2 + nonce = iv; + } else { // AEADEncryptedDataPacket + nonce = iv.slice(); + for (let i = 0; i < 8; i++) { + nonce[iv.length - 8 + i] ^= chunkIndexArray[i]; + } + } + if (!chunkIndex || chunk.length) { + reader.unshift(finalChunk); + cryptedPromise = modeInstance[fn](chunk, nonce, adataArray); + cryptedPromise.catch(() => {}); + queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; + } else { + // After the last chunk, we either encrypt a final, empty + // data chunk to get the final authentication tag or + // validate that final authentication tag. + adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...) + cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray); + cryptedPromise.catch(() => {}); + queuedBytes += tagLengthIfEncrypting; + done = true; + } + cryptedBytes += chunk.length - tagLengthIfDecrypting; + // eslint-disable-next-line @typescript-eslint/no-loop-func + latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { + await writer.ready; + await writer.write(crypted); + queuedBytes -= crypted.length; + }).catch(err => writer.abort(err)); + if (done || queuedBytes > writer.desiredSize) { + await latestPromise; // Respect backpressure + } + if (!done) { + if (isSEIPDv2) { // SEIPD V2 + ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...) + } else { // AEADEncryptedDataPacket + adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) + } + } else { + await writer.close(); + break; + } + } + } catch (e) { + await writer.ready.catch(() => {}); + await writer.abort(e); + } + }); +} + // OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // An AEAD-encrypted Data packet can contain the following packet types -const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ +const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ LiteralDataPacket, CompressedDataPacket, OnePassSignaturePacket, SignaturePacket ]); -const VERSION$2 = 1; // A one-octet version number of the data packet. +const VERSION = 1; // A one-octet version number of the data packet. /** * Implementation of the Symmetrically Encrypted Authenticated Encryption with @@ -24571,7 +14718,7 @@ class AEADEncryptedDataPacket { } constructor() { - this.version = VERSION$2; + this.version = VERSION; /** @type {enums.symmetric} */ this.cipherAlgorithm = null; /** @type {enums.aead} */ @@ -24590,7 +14737,7 @@ class AEADEncryptedDataPacket { async read(bytes) { await parse(bytes, async reader => { const version = await reader.readByte(); - if (version !== VERSION$2) { // The only currently defined value is 1. + if (version !== VERSION) { // The only currently defined value is 1. throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); } this.cipherAlgorithm = await reader.readByte(); @@ -24621,8 +14768,8 @@ class AEADEncryptedDataPacket { */ async decrypt(sessionKeyAlgorithm, key, config$1 = config) { this.packets = await PacketList.fromBinary( - await this.crypt('decrypt', key, clone(this.encrypted)), - allowedPackets$2, + await runAEAD(this, 'decrypt', key, clone(this.encrypted)), + allowedPackets$3, config$1 ); } @@ -24642,92 +14789,27 @@ class AEADEncryptedDataPacket { this.iv = mod.random.getRandomBytes(ivLength); // generate new random IV this.chunkSizeByte = config$1.aeadChunkSizeByte; const data = this.packets.write(); - this.encrypted = await this.crypt('encrypt', key, data); - } - - /** - * En/decrypt the payload. - * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt - * @param {Uint8Array} key - The session key used to en/decrypt the payload - * @param {Uint8Array | ReadableStream} data - The data to en/decrypt - * @returns {Promise>} - * @async - */ - async crypt(fn, key, data) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const modeInstance = await mode(this.cipherAlgorithm, key); - const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; - const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; - const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) - const adataBuffer = new ArrayBuffer(21); - const adataArray = new Uint8Array(adataBuffer, 0, 13); - const adataTagArray = new Uint8Array(adataBuffer); - const adataView = new DataView(adataBuffer); - const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); - adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0); - let chunkIndex = 0; - let latestPromise = Promise.resolve(); - let cryptedBytes = 0; - let queuedBytes = 0; - const iv = this.iv; - return transformPair(data, async (readable, writable) => { - if (util.isStream(readable) !== 'array') { - const buffer = new TransformStream({}, { - highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6), - size: array => array.length - }); - pipe(buffer.readable, writable); - writable = buffer.writable; - } - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); - const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); - chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); - let cryptedPromise; - let done; - if (!chunkIndex || chunk.length) { - reader.unshift(finalChunk); - cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray); - queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; - } else { - // After the last chunk, we either encrypt a final, empty - // data chunk to get the final authentication tag or - // validate that final authentication tag. - adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...) - cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray); - queuedBytes += tagLengthIfEncrypting; - done = true; - } - cryptedBytes += chunk.length - tagLengthIfDecrypting; - // eslint-disable-next-line no-loop-func - latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { - await writer.ready; - await writer.write(crypted); - queuedBytes -= crypted.length; - }).catch(err => writer.abort(err)); - if (done || queuedBytes > writer.desiredSize) { - await latestPromise; // Respect backpressure - } - if (!done) { - adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) - } else { - await writer.close(); - break; - } - } - } catch (e) { - await writer.abort(e); - } - }); + this.encrypted = await runAEAD(this, 'encrypt', key, data); } } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -const VERSION$3 = 3; /** * Public-Key Encrypted Session Key Packets (Tag 1) @@ -24751,9 +14833,16 @@ class PublicKeyEncryptedSessionKeyPacket { } constructor() { - this.version = 3; + this.version = null; + // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()` this.publicKeyID = new KeyID(); + + // For version 6: + this.publicKeyVersion = null; + this.publicKeyFingerprint = null; + + // For all versions: this.publicKeyAlgorithm = null; this.sessionKey = null; @@ -24767,22 +14856,74 @@ class PublicKeyEncryptedSessionKeyPacket { this.encrypted = {}; } + static fromObject({ + version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm + }) { + const pkesk = new PublicKeyEncryptedSessionKeyPacket(); + + if (version !== 3 && version !== 6) { + throw new Error('Unsupported PKESK version'); + } + + pkesk.version = version; + + if (version === 6) { + pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version; + pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes(); + } + + pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID(); + pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm; + pkesk.sessionKey = sessionKey; + pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm; + + return pkesk; + } + /** * Parsing function for a publickey encrypted session key packet (tag 1). * * @param {Uint8Array} bytes - Payload of a tag 1 packet */ read(bytes) { - let i = 0; - this.version = bytes[i++]; - if (this.version !== VERSION$3) { + let offset = 0; + this.version = bytes[offset++]; + if (this.version !== 3 && this.version !== 6) { throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); } - i += this.publicKeyID.read(bytes.subarray(i)); - this.publicKeyAlgorithm = bytes[i++]; - this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version); - if (this.publicKeyAlgorithm === enums.publicKey.x25519) { - this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + if (this.version === 6) { + // A one-octet size of the following two fields: + // - A one octet key version number. + // - The fingerprint of the public key or subkey to which the session key is encrypted. + // The size may also be zero. + const versionAndFingerprintLength = bytes[offset++]; + if (versionAndFingerprintLength) { + this.publicKeyVersion = bytes[offset++]; + const fingerprintLength = versionAndFingerprintLength - 1; + this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength; + if (this.publicKeyVersion >= 5) { + // For v5/6 the Key ID is the high-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint); + } else { + // For v4 The Key ID is the low-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8)); + } + } else { + // The size may also be zero, and the key version and + // fingerprint omitted for an "anonymous recipient" + this.publicKeyID = KeyID.wildcard(); + } + } else { + offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8)); + } + this.publicKeyAlgorithm = bytes[offset++]; + this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset)); + if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) { + if (this.version === 3) { + this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + } else if (this.encrypted.C.algorithm !== null) { + throw new Error('Unexpected cleartext symmetric algorithm'); + } } } @@ -24793,11 +14934,27 @@ class PublicKeyEncryptedSessionKeyPacket { */ write() { const arr = [ - new Uint8Array([this.version]), - this.publicKeyID.write(), + new Uint8Array([this.version]) + ]; + + if (this.version === 6) { + if (this.publicKeyFingerprint !== null) { + arr.push(new Uint8Array([ + this.publicKeyFingerprint.length + 1, + this.publicKeyVersion] + )); + arr.push(this.publicKeyFingerprint); + } else { + arr.push(new Uint8Array([0])); + } + } else { + arr.push(this.publicKeyID.write()); + } + + arr.push( new Uint8Array([this.publicKeyAlgorithm]), mod.serializeParams(this.publicKeyAlgorithm, this.encrypted) - ]; + ); return util.concatUint8Array(arr); } @@ -24810,9 +14967,13 @@ class PublicKeyEncryptedSessionKeyPacket { */ async encrypt(key) { const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); - const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey); + // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a + // v6 PKESK packet, as it is included in the v2 SEIPD packet. + const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey); this.encrypted = await mod.publicKeyEncrypt( - algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes()); + algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint); } /** @@ -24832,13 +14993,19 @@ class PublicKeyEncryptedSessionKeyPacket { const randomPayload = randomSessionKey ? encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : null; - const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload); + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload); const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); - // v3 Montgomery curves have cleartext cipher algo - if (this.publicKeyAlgorithm !== enums.publicKey.x25519) { - this.sessionKeyAlgorithm = sessionKeyAlgorithm; + if (this.version === 3) { + // v3 Montgomery curves have cleartext cipher algo + const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448; + this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm; + + if (sessionKey.length !== mod.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } } this.sessionKey = sessionKey; } @@ -24850,15 +15017,15 @@ function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { case enums.publicKey.rsaEncrypt: case enums.publicKey.rsaEncryptSign: case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { + case enums.publicKey.ecdh: // add checksum return util.concatUint8Array([ - new Uint8Array([cipherAlgo]), + new Uint8Array(version === 6 ? [] : [cipherAlgo]), sessionKeyData, util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) ]); - } case enums.publicKey.x25519: + case enums.publicKey.x448: return sessionKeyData; default: throw new Error('Unsupported public key algorithm'); @@ -24877,7 +15044,9 @@ function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { const checksum = decryptedData.subarray(decryptedData.length - 2); const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; - const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; + const decryptedSessionKey = version === 6 ? + { sessionKeyAlgorithm: null, sessionKey: result } : + { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; if (randomSessionKey) { // We must not leak info about the validity of the decrypted checksum or cipher algo. // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. @@ -24886,14 +15055,15 @@ function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; return { sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), - sessionKeyAlgorithm: util.selectUint8( + sessionKeyAlgorithm: version === 6 ? null : util.selectUint8( isValidPayload, decryptedSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm ) }; } else { - const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm); + const isValidPayload = isValidChecksum && ( + version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm)); if (isValidPayload) { return decryptedSessionKey; } else { @@ -24902,7 +15072,9 @@ function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { } } case enums.publicKey.x25519: + case enums.publicKey.x448: return { + sessionKeyAlgorithm: null, sessionKey: decryptedData }; default: @@ -24911,170 +15083,22 @@ function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -class S2K { - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * Hash function identifier, or 0 for gnu-dummy keys - * @type {module:enums.hash | 0} - */ - this.algorithm = enums.hash.sha256; - /** - * enums.s2k identifier or 'gnu-dummy' - * @type {String} - */ - this.type = 'iterated'; - /** @type {Integer} */ - this.c = config$1.s2kIterationCountByte; - /** Eight bytes of salt in a binary string. - * @type {Uint8Array} - */ - this.salt = null; - } - - getCount() { - // Exponent bias, defined in RFC4880 - const expbias = 6; - - return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); - } - - /** - * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). - * @param {Uint8Array} bytes - Payload of string-to-key specifier - * @returns {Integer} Actual length of the object. - */ - read(bytes) { - let i = 0; - try { - this.type = enums.read(enums.s2k, bytes[i++]); - } catch (err) { - throw new UnsupportedError('Unknown S2K type.'); - } - this.algorithm = bytes[i++]; - - switch (this.type) { - case 'simple': - break; - - case 'salted': - this.salt = bytes.subarray(i, i + 8); - i += 8; - break; - - case 'iterated': - this.salt = bytes.subarray(i, i + 8); - i += 8; - - // Octet 10: count, a one-octet, coded value - this.c = bytes[i++]; - break; - - case 'gnu': - if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { - i += 3; // GNU - const gnuExtType = 1000 + bytes[i++]; - if (gnuExtType === 1001) { - this.type = 'gnu-dummy'; - // GnuPG extension mode 1001 -- don't write secret key at all - } else { - throw new UnsupportedError('Unknown s2k gnu protection mode.'); - } - } else { - throw new UnsupportedError('Unknown s2k type.'); - } - break; - - default: - throw new UnsupportedError('Unknown s2k type.'); // unreachable - } - - return i; - } - - /** - * Serializes s2k information - * @returns {Uint8Array} Binary representation of s2k. - */ - write() { - if (this.type === 'gnu-dummy') { - return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); - } - const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; - - switch (this.type) { - case 'simple': - break; - case 'salted': - arr.push(this.salt); - break; - case 'iterated': - arr.push(this.salt); - arr.push(new Uint8Array([this.c])); - break; - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - - return util.concatUint8Array(arr); - } - - /** - * Produces a key using the specified passphrase and the defined - * hashAlgorithm - * @param {String} passphrase - Passphrase containing user input - * @returns {Promise} Produced key with a length corresponding to. - * hashAlgorithm hash length - * @async - */ - async produceKey(passphrase, numBytes) { - passphrase = util.encodeUTF8(passphrase); - - const arr = []; - let rlength = 0; - - let prefixlen = 0; - while (rlength < numBytes) { - let toHash; - switch (this.type) { - case 'simple': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); - break; - case 'salted': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); - break; - case 'iterated': { - const data = util.concatUint8Array([this.salt, passphrase]); - let datalen = data.length; - const count = Math.max(this.getCount(), datalen); - toHash = new Uint8Array(prefixlen + count); - toHash.set(data, prefixlen); - for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { - toHash.copyWithin(pos, prefixlen, pos); - } - break; - } - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - const result = await mod.hash.digest(this.algorithm, toHash); - arr.push(result); - rlength += result.length; - prefixlen++; - } - - return util.concatUint8Array(arr).subarray(0, numBytes); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript /** * Symmetric-Key Encrypted Session Key Packets (Tag 3) @@ -25098,7 +15122,7 @@ class SymEncryptedSessionKeyPacket { * @param {Object} [config] - Full configuration, defaults to openpgp.config */ constructor(config$1 = config) { - this.version = config$1.aeadProtect ? 5 : 4; + this.version = config$1.aeadProtect ? 6 : 4; this.sessionKey = null; /** * Algorithm to encrypt the session key with @@ -25109,7 +15133,7 @@ class SymEncryptedSessionKeyPacket { * Algorithm to encrypt the message with * @type {enums.symmetric} */ - this.sessionKeyAlgorithm = enums.symmetric.aes256; + this.sessionKeyAlgorithm = null; /** * AEAD mode to encrypt the session key with (if AEAD protection is enabled) * @type {enums.aead} @@ -25128,25 +15152,36 @@ class SymEncryptedSessionKeyPacket { read(bytes) { let offset = 0; - // A one-octet version number. The only currently defined version is 4. + // A one-octet version number with value 4, 5 or 6. this.version = bytes[offset++]; - if (this.version !== 4 && this.version !== 5) { + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); } + if (this.version === 6) { + // A one-octet scalar octet count of the following 5 fields. + offset++; + } + // A one-octet number describing the symmetric algorithm used. const algo = bytes[offset++]; - if (this.version === 5) { + if (this.version >= 5) { // A one-octet AEAD algorithm. this.aeadAlgorithm = bytes[offset++]; + + if (this.version === 6) { + // A one-octet scalar octet count of the following field. + offset++; + } } // A string-to-key (S2K) specifier, length as defined above. - this.s2k = new S2K(); + const s2kType = bytes[offset++]; + this.s2k = newS2KFromType(s2kType); offset += this.s2k.read(bytes.subarray(offset, bytes.length)); - if (this.version === 5) { + if (this.version >= 5) { const mode = mod.getAEADMode(this.aeadAlgorithm); // A starting initialization vector of size specified by the AEAD @@ -25156,7 +15191,7 @@ class SymEncryptedSessionKeyPacket { // The encrypted session key itself, which is decrypted with the // string-to-key object. This is optional in version 4. - if (this.version === 5 || offset < bytes.length) { + if (this.version >= 5 || offset < bytes.length) { this.encrypted = bytes.subarray(offset, bytes.length); this.sessionKeyEncryptionAlgorithm = algo; } else { @@ -25176,10 +15211,15 @@ class SymEncryptedSessionKeyPacket { let bytes; - if (this.version === 5) { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]); + const s2k = this.s2k.write(); + if (this.version === 6) { + const s2kLen = s2k.length; + const fieldsLen = 3 + s2kLen + this.iv.length; + bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]); + } else if (this.version === 5) { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]); } else { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]); + bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]); if (this.encrypted !== null) { bytes = util.concatUint8Array([bytes, this.encrypted]); @@ -25200,20 +15240,25 @@ class SymEncryptedSessionKeyPacket { this.sessionKeyEncryptionAlgorithm : this.sessionKeyAlgorithm; - const { blockSize, keySize } = mod.getCipher(algo); + const { blockSize, keySize } = mod.getCipherParams(algo); const key = await this.s2k.produceKey(passphrase, keySize); - if (this.version === 5) { + if (this.version >= 5) { const mode = mod.getAEADMode(this.aeadAlgorithm); const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, key); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); } else if (this.encrypted !== null) { const decrypted = await mod.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); this.sessionKey = decrypted.subarray(1, decrypted.length); + if (this.sessionKey.length !== mod.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } } else { + // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo this.sessionKey = key; } } @@ -25232,33 +15277,50 @@ class SymEncryptedSessionKeyPacket { this.sessionKeyEncryptionAlgorithm = algo; - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); - const { blockSize, keySize } = mod.getCipher(algo); - const encryptionKey = await this.s2k.produceKey(passphrase, keySize); + const { blockSize, keySize } = mod.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); if (this.sessionKey === null) { this.sessionKey = mod.generateSessionKey(this.sessionKeyAlgorithm); } - if (this.version === 5) { + if (this.version >= 5) { const mode = mod.getAEADMode(this.aeadAlgorithm); this.iv = mod.random.getRandomBytes(mode.ivLength); // generate new random IV - const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; const modeInstance = await mode(algo, encryptionKey); - this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData); + this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata); } else { const toEncrypt = util.concatUint8Array([ new Uint8Array([this.sessionKeyAlgorithm]), this.sessionKey ]); - this.encrypted = await mod.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config$1); + this.encrypted = await mod.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config$1); } } } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Implementation of the Key Material Packet (Tag 5,6,7,14) @@ -25285,7 +15347,7 @@ class PublicKeyPacket { * Packet version * @type {Integer} */ - this.version = config$1.v5Keys ? 5 : 4; + this.version = config$1.v6Keys ? 6 : 4; /** * Key creation date. * @type {Date} @@ -25342,12 +15404,15 @@ class PublicKeyPacket { * @returns {Object} This object with attributes set by the parser * @async */ - async read(bytes) { + async read(bytes, config$1 = config) { let pos = 0; - // A one-octet version number (3, 4 or 5). + // A one-octet version number (4, 5 or 6). this.version = bytes[pos++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } - if (this.version === 4 || this.version === 5) { + if (this.version === 4 || this.version === 5 || this.version === 6) { // - A four-octet number denoting the time that the key was created. this.created = util.readDate(bytes.subarray(pos, pos + 4)); pos += 4; @@ -25355,13 +15420,24 @@ class PublicKeyPacket { // - A one-octet number denoting the public-key algorithm of this key. this.algorithm = bytes[pos++]; - if (this.version === 5) { + if (this.version >= 5) { // - A four-octet scalar octet count for the following key material. pos += 4; } // - A series of values comprising the key material. const { read, publicParams } = mod.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } this.publicParams = publicParams; pos += read; @@ -25385,7 +15461,7 @@ class PublicKeyPacket { arr.push(new Uint8Array([this.algorithm])); const params = mod.serializeParams(this.algorithm, this.publicParams); - if (this.version === 5) { + if (this.version >= 5) { // A four-octet scalar octet count for the following key material arr.push(util.writeNumber(params.length, 4)); } @@ -25401,10 +15477,9 @@ class PublicKeyPacket { writeForHash(version) { const bytes = this.writePublicKey(); - if (version === 5) { - return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]); - } - return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]); + const versionOctet = 0x95 + version; + const lengthOctets = version >= 5 ? 4 : 2; + return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]); } /** @@ -25439,7 +15514,7 @@ class PublicKeyPacket { await this.computeFingerprint(); this.keyID = new KeyID(); - if (this.version === 5) { + if (this.version >= 5) { this.keyID.read(this.fingerprint.subarray(0, 8)); } else if (this.version === 4) { this.keyID.read(this.fingerprint.subarray(12, 20)); @@ -25454,7 +15529,7 @@ class PublicKeyPacket { async computeFingerprint() { const toHash = this.writeForHash(this.version); - if (this.version === 5) { + if (this.version >= 5) { this.fingerprint = await mod.hash.sha256(toHash); } else if (this.version === 4) { this.fingerprint = await mod.hash.sha1(toHash); @@ -25518,9 +15593,25 @@ PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A SE packet can contain the following packet types -const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ +const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ LiteralDataPacket, CompressedDataPacket, OnePassSignaturePacket, @@ -25578,14 +15669,14 @@ class SymmetricallyEncryptedDataPacket { throw new Error('Message is not authenticated.'); } - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + const { blockSize } = mod.getCipherParams(sessionKeyAlgorithm); const encrypted = await readToEnd(clone(this.encrypted)); const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted.subarray(blockSize + 2), encrypted.subarray(2, blockSize + 2) ); - this.packets = await PacketList.fromBinary(decrypted, allowedPackets$3, config$1); + this.packets = await PacketList.fromBinary(decrypted, allowedPackets$2, config$1); } /** @@ -25599,7 +15690,7 @@ class SymmetricallyEncryptedDataPacket { */ async encrypt(sessionKeyAlgorithm, key, config$1 = config) { const data = this.packets.write(); - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + const { blockSize } = mod.getCipherParams(sessionKeyAlgorithm); const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); const FRE = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); @@ -25609,6 +15700,22 @@ class SymmetricallyEncryptedDataPacket { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Implementation of the strange "Marker packet" (Tag 10) @@ -25652,6 +15759,22 @@ class MarkerPacket { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * A Public-Subkey packet (tag 14) has exactly the same format as a @@ -25670,7 +15793,7 @@ class PublicSubkeyPacket extends PublicKeyPacket { * @param {Date} [date] - Creation date * @param {Object} [config] - Full configuration, defaults to openpgp.config */ - // eslint-disable-next-line no-useless-constructor + // eslint-disable-next-line @typescript-eslint/no-useless-constructor constructor(date, config) { super(date, config); } @@ -25695,6 +15818,22 @@ class PublicSubkeyPacket extends PublicKeyPacket { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Implementation of the User Attribute Packet (Tag 17) @@ -25765,7 +15904,23 @@ class UserAttributePacket { } } -// GPG4Browsers - An OpenPGP implementation in javascript +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * A Secret-Key packet contains all the information that is found in a @@ -25812,11 +15967,27 @@ class SecretKeyPacket extends PublicKeyPacket { * @type {enums.aead} */ this.aead = null; + /** + * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis + * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older). + * This value is only relevant to know how to decrypt the key: + * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism. + * @type {Boolean} + * @private + */ + this.isLegacyAEAD = null; /** * Decrypted private parameters, referenced by name * @type {Object} */ this.privateParams = null; + /** + * `true` for keys whose integrity is already confirmed, based on + * the AEAD encryption mechanism + * @type {Boolean} + * @private + */ + this.usedModernAEAD = null; } // 5.5.3. Secret-Key Packet Formats @@ -25827,9 +15998,9 @@ class SecretKeyPacket extends PublicKeyPacket { * @param {Uint8Array} bytes - Input string to read the packet from * @async */ - async read(bytes) { + async read(bytes, config$1 = config) { // - A Public-Key or Public-Subkey packet, as described above. - let i = await this.readPublicKey(bytes); + let i = await this.readPublicKey(bytes, config$1); const startOfSecretKeyData = i; // - One octet indicating string-to-key usage conventions. Zero @@ -25844,6 +16015,14 @@ class SecretKeyPacket extends PublicKeyPacket { i++; } + // - Only for a version 6 packet where the secret key material is + // encrypted (that is, where the previous octet is not zero), a one- + // octet scalar octet count of the cumulative length of all the + // following optional string-to-key parameter fields. + if (this.version === 6 && this.s2kUsage) { + i++; + } + try { // - [Optional] If string-to-key usage octet was 255, 254, or 253, a // one-octet symmetric encryption algorithm. @@ -25856,10 +16035,17 @@ class SecretKeyPacket extends PublicKeyPacket { this.aead = bytes[i++]; } + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + i++; + } + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a // string-to-key specifier. The length of the string-to-key // specifier is implied by its type, as described above. - this.s2k = new S2K(); + const s2kType = bytes[i++]; + this.s2k = newS2KFromType(s2kType); i += this.s2k.read(bytes.subarray(i, bytes.length)); if (this.s2k.type === 'gnu-dummy') { @@ -25869,14 +16055,37 @@ class SecretKeyPacket extends PublicKeyPacket { this.symmetric = this.s2kUsage; } - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. + if (this.s2kUsage) { - this.iv = bytes.subarray( - i, - i + mod.getCipher(this.symmetric).blockSize - ); + // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5). + // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format). + // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always + // fail if the key was parsed according to the wrong format, since the keys are processed differently. + // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag. + this.isLegacyAEAD = this.s2kUsage === 253 && ( + this.version === 5 || (this.version === 4 && config$1.parseAEADEncryptedV4KeysAsLegacy)); + // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV) + // of the same length as the cipher's block size. + // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the + // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm. + // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero + if (this.s2kUsage !== 253 || this.isLegacyAEAD) { + this.iv = bytes.subarray( + i, + i + mod.getCipherParams(this.symmetric).blockSize + ); + this.usedModernAEAD = false; + } else { + // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted), + // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which + // is used as the nonce for the AEAD algorithm. + this.iv = bytes.subarray( + i, + i + mod.getAEADMode(this.aead).ivLength + ); + // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation. + this.usedModernAEAD = true; + } i += this.iv.length; } @@ -25900,12 +16109,20 @@ class SecretKeyPacket extends PublicKeyPacket { this.isEncrypted = !!this.s2kUsage; if (!this.isEncrypted) { - const cleartext = this.keyMaterial.subarray(0, -2); - if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { - throw new Error('Key checksum mismatch'); + let cleartext; + if (this.version === 6) { + cleartext = this.keyMaterial; + } else { + cleartext = this.keyMaterial.subarray(0, -2); + if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { + throw new Error('Key checksum mismatch'); + } } try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + const { read, privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + if (read < cleartext.length) { + throw new Error('Error reading MPIs'); + } this.privateParams = privateParams; } catch (err) { if (err instanceof UnsupportedError) throw err; @@ -25943,10 +16160,18 @@ class SecretKeyPacket extends PublicKeyPacket { optionalFieldsArr.push(this.aead); } + const s2k = this.s2k.write(); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + optionalFieldsArr.push(s2k.length); + } + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a // string-to-key specifier. The length of the string-to-key // specifier is implied by its type, as described above. - optionalFieldsArr.push(...this.s2k.write()); + optionalFieldsArr.push(...s2k); } // - [Optional] If secret data is encrypted (string-to-key usage octet @@ -25956,7 +16181,7 @@ class SecretKeyPacket extends PublicKeyPacket { optionalFieldsArr.push(...this.iv); } - if (this.version === 5) { + if (this.version === 5 || (this.version === 6 && this.s2kUsage)) { arr.push(new Uint8Array([optionalFieldsArr.length])); } arr.push(new Uint8Array(optionalFieldsArr)); @@ -25971,7 +16196,7 @@ class SecretKeyPacket extends PublicKeyPacket { } arr.push(this.keyMaterial); - if (!this.s2kUsage) { + if (!this.s2kUsage && this.version !== 6) { arr.push(util.writeChecksum(this.keyMaterial)); } } @@ -26023,12 +16248,14 @@ class SecretKeyPacket extends PublicKeyPacket { delete this.unparseableKeyMaterial; this.isEncrypted = null; this.keyMaterial = null; - this.s2k = new S2K(config$1); + this.s2k = newS2KFromType(enums.s2k.gnu, config$1); this.s2k.algorithm = 0; this.s2k.c = 0; this.s2k.type = 'gnu-dummy'; this.s2kUsage = 254; this.symmetric = enums.symmetric.aes256; + this.isLegacyAEAD = null; + this.usedModernAEAD = null; } /** @@ -26039,1256 +16266,241 @@ class SecretKeyPacket extends PublicKeyPacket { * @param {String} passphrase * @param {Object} [config] - Full configuration, defaults to openpgp.config * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - if (this.isDummy()) { - return; - } - - if (!this.isDecrypted()) { - throw new Error('Key packet is already encrypted'); - } - - if (!passphrase) { - throw new Error('A non-empty passphrase is required for key encryption.'); - } - - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - const cleartext = mod.serializeParams(this.algorithm, this.privateParams); - this.symmetric = enums.symmetric.aes256; - const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - - const { blockSize } = mod.getCipher(this.symmetric); - this.iv = mod.random.getRandomBytes(blockSize); - - if (config$1.aeadProtect) { - this.s2kUsage = 253; - this.aead = enums.aead.eax; - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } else { - this.s2kUsage = 254; - this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ - cleartext, - await mod.hash.sha1(cleartext, config$1) - ]), this.iv, config$1); - } - } - - /** - * Decrypts the private key params which are needed to use the key. - * Successful decryption does not imply key integrity, call validate() to confirm that. - * {@link SecretKeyPacket.isDecrypted} should be false, as - * otherwise calls to this function will throw an error. - * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if the key is already decrypted, or if decryption was not successful - * @async - */ - async decrypt(passphrase) { - if (this.isDummy()) { - return false; - } - - if (this.unparseableKeyMaterial) { - throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); - } - - if (this.isDecrypted()) { - throw new Error('Key packet is already decrypted.'); - } - - let key; - if (this.s2kUsage === 254 || this.s2kUsage === 253) { - key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - } else if (this.s2kUsage === 255) { - throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); - } else { - throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); - } - - let cleartext; - if (this.s2kUsage === 253) { - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - try { - cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } catch (err) { - if (err.message === 'Authentication tag mismatch') { - throw new Error('Incorrect key passphrase: ' + err.message); - } - throw err; - } - } else { - const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); - - cleartext = cleartextWithHash.subarray(0, -20); - const hash = await mod.hash.sha1(cleartext); - - if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { - throw new Error('Incorrect key passphrase'); - } - } - - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - throw new Error('Error reading MPIs'); - } - this.isEncrypted = false; - this.keyMaterial = null; - this.s2kUsage = 0; - } - - /** - * Checks that the key parameters are consistent - * @throws {Error} if validation was not successful - * @async - */ - async validate() { - if (this.isDummy()) { - return; - } - - if (!this.isDecrypted()) { - throw new Error('Key is not decrypted'); - } - - let validParams; - try { - // this can throw if some parameters are undefined - validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); - } catch (_) { - validParams = false; - } - if (!validParams) { - throw new Error('Key is invalid'); - } - } - - async generate(bits, curve) { - const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); - this.privateParams = privateParams; - this.publicParams = publicParams; - this.isEncrypted = false; - } - - /** - * Clear private key parameters - */ - clearPrivateParams() { - if (this.isMissingSecretKeyMaterial()) { - return; - } - - Object.keys(this.privateParams).forEach(name => { - const param = this.privateParams[name]; - param.fill(0); - delete this.privateParams[name]; - }); - this.privateParams = null; - this.isEncrypted = true; - } -} - -async function produceEncryptionKey(s2k, passphrase, algorithm) { - const { keySize } = mod.getCipher(algorithm); - return s2k.produceKey(passphrase, keySize); -} - -var emailAddresses = createCommonjsModule(function (module) { -// email-addresses.js - RFC 5322 email address parser -// v 3.1.0 -// -// http://tools.ietf.org/html/rfc5322 -// -// This library does not validate email addresses. -// emailAddresses attempts to parse addresses using the (fairly liberal) -// grammar specified in RFC 5322. -// -// email-addresses returns { -// ast: , -// addresses: [{ -// node: , -// name: , -// address: , -// local: , -// domain: -// }, ...] -// } -// -// emailAddresses.parseOneAddress and emailAddresses.parseAddressList -// work as you might expect. Try it out. -// -// Many thanks to Dominic Sayers and his documentation on the is_email function, -// http://code.google.com/p/isemail/ , which helped greatly in writing this parser. - -(function (global) { - -function parse5322(opts) { - - // tokenizing functions - - function inStr() { return pos < len; } - function curTok() { return parseString[pos]; } - function getPos() { return pos; } - function setPos(i) { pos = i; } - function nextTok() { pos += 1; } - function initialize() { - pos = 0; - len = parseString.length; - } - - // parser helper functions - - function o(name, value) { - return { - name: name, - tokens: value || "", - semantic: value || "", - children: [] - }; - } - - function wrap(name, ast) { - var n; - if (ast === null) { return null; } - n = o(name); - n.tokens = ast.tokens; - n.semantic = ast.semantic; - n.children.push(ast); - return n; - } - - function add(parent, child) { - if (child !== null) { - parent.tokens += child.tokens; - parent.semantic += child.semantic; - } - parent.children.push(child); - return parent; - } - - function compareToken(fxnCompare) { - var tok; - if (!inStr()) { return null; } - tok = curTok(); - if (fxnCompare(tok)) { - nextTok(); - return o('token', tok); - } - return null; - } - - function literal(lit) { - return function literalFunc() { - return wrap('literal', compareToken(function (tok) { - return tok === lit; - })); - }; - } - - function and() { - var args = arguments; - return function andFunc() { - var i, s, result, start; - start = getPos(); - s = o('and'); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result === null) { - setPos(start); - return null; - } - add(s, result); - } - return s; - }; - } - - function or() { - var args = arguments; - return function orFunc() { - var i, result, start; - start = getPos(); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result !== null) { - return result; - } - setPos(start); - } - return null; - }; - } - - function opt(prod) { - return function optFunc() { - var result, start; - start = getPos(); - result = prod(); - if (result !== null) { - return result; - } - else { - setPos(start); - return o('opt'); - } - }; - } - - function invis(prod) { - return function invisFunc() { - var result = prod(); - if (result !== null) { - result.semantic = ""; - } - return result; - }; - } - - function colwsp(prod) { - return function collapseSemanticWhitespace() { - var result = prod(); - if (result !== null && result.semantic.length > 0) { - result.semantic = " "; - } - return result; - }; - } - - function star(prod, minimum) { - return function starFunc() { - var s, result, count, start, min; - start = getPos(); - s = o('star'); - count = 0; - min = minimum === undefined ? 0 : minimum; - while ((result = prod()) !== null) { - count = count + 1; - add(s, result); - } - if (count >= min) { - return s; - } - else { - setPos(start); - return null; - } - }; - } - - // One expects names to get normalized like this: - // " First Last " -> "First Last" - // "First Last" -> "First Last" - // "First Last" -> "First Last" - function collapseWhitespace(s) { - return s.replace(/([ \t]|\r\n)+/g, ' ').replace(/^\s*/, '').replace(/\s*$/, ''); - } - - // UTF-8 pseudo-production (RFC 6532) - // RFC 6532 extends RFC 5322 productions to include UTF-8 - // using the following productions: - // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4 - // UTF8-2 = - // UTF8-3 = - // UTF8-4 = - // - // For reference, the extended RFC 5322 productions are: - // VCHAR =/ UTF8-non-ascii - // ctext =/ UTF8-non-ascii - // atext =/ UTF8-non-ascii - // qtext =/ UTF8-non-ascii - // dtext =/ UTF8-non-ascii - function isUTF8NonAscii(tok) { - // In JavaScript, we just deal directly with Unicode code points, - // so we aren't checking individual bytes for UTF-8 encoding. - // Just check that the character is non-ascii. - return tok.charCodeAt(0) >= 128; - } - - - // common productions (RFC 5234) - // http://tools.ietf.org/html/rfc5234 - // B.1. Core Rules - - // CR = %x0D - // ; carriage return - function cr() { return wrap('cr', literal('\r')()); } - - // CRLF = CR LF - // ; Internet standard newline - function crlf() { return wrap('crlf', and(cr, lf)()); } - - // DQUOTE = %x22 - // ; " (Double Quote) - function dquote() { return wrap('dquote', literal('"')()); } - - // HTAB = %x09 - // ; horizontal tab - function htab() { return wrap('htab', literal('\t')()); } - - // LF = %x0A - // ; linefeed - function lf() { return wrap('lf', literal('\n')()); } - - // SP = %x20 - function sp() { return wrap('sp', literal(' ')()); } - - // VCHAR = %x21-7E - // ; visible (printing) characters - function vchar() { - return wrap('vchar', compareToken(function vcharFunc(tok) { - var code = tok.charCodeAt(0); - var accept = (0x21 <= code && code <= 0x7E); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } - - // WSP = SP / HTAB - // ; white space - function wsp() { return wrap('wsp', or(sp, htab)()); } - - - // email productions (RFC 5322) - // http://tools.ietf.org/html/rfc5322 - // 3.2.1. Quoted characters - - // quoted-pair = ("\" (VCHAR / WSP)) / obs-qp - function quotedPair() { - var qp = wrap('quoted-pair', - or( - and(literal('\\'), or(vchar, wsp)), - obsQP - )()); - if (qp === null) { return null; } - // a quoted pair will be two characters, and the "\" character - // should be semantically "invisible" (RFC 5322 3.2.1) - qp.semantic = qp.semantic[1]; - return qp; - } - - // 3.2.2. Folding White Space and Comments - - // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS - function fws() { - return wrap('fws', or( - obsFws, - and( - opt(and( - star(wsp), - invis(crlf) - )), - star(wsp, 1) - ) - )()); - } - - // ctext = %d33-39 / ; Printable US-ASCII - // %d42-91 / ; characters not including - // %d93-126 / ; "(", ")", or "\" - // obs-ctext - function ctext() { - return wrap('ctext', or( - function ctextFunc1() { - return compareToken(function ctextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 39) || - (42 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsCtext - )()); - } - - // ccontent = ctext / quoted-pair / comment - function ccontent() { - return wrap('ccontent', or(ctext, quotedPair, comment)()); - } - - // comment = "(" *([FWS] ccontent) [FWS] ")" - function comment() { - return wrap('comment', and( - literal('('), - star(and(opt(fws), ccontent)), - opt(fws), - literal(')') - )()); - } - - // CFWS = (1*([FWS] comment) [FWS]) / FWS - function cfws() { - return wrap('cfws', or( - and( - star( - and(opt(fws), comment), - 1 - ), - opt(fws) - ), - fws - )()); - } - - // 3.2.3. Atom - - //atext = ALPHA / DIGIT / ; Printable US-ASCII - // "!" / "#" / ; characters not including - // "$" / "%" / ; specials. Used for atoms. - // "&" / "'" / - // "*" / "+" / - // "-" / "/" / - // "=" / "?" / - // "^" / "_" / - // "`" / "{" / - // "|" / "}" / - // "~" - function atext() { - return wrap('atext', compareToken(function atextFunc(tok) { - var accept = - ('a' <= tok && tok <= 'z') || - ('A' <= tok && tok <= 'Z') || - ('0' <= tok && tok <= '9') || - (['!', '#', '$', '%', '&', '\'', '*', '+', '-', '/', - '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } - - // atom = [CFWS] 1*atext [CFWS] - function atom() { - return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))()); - } - - // dot-atom-text = 1*atext *("." 1*atext) - function dotAtomText() { - var s, maybeText; - s = wrap('dot-atom-text', star(atext, 1)()); - if (s === null) { return s; } - maybeText = star(and(literal('.'), star(atext, 1)))(); - if (maybeText !== null) { - add(s, maybeText); - } - return s; - } - - // dot-atom = [CFWS] dot-atom-text [CFWS] - function dotAtom() { - return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))()); - } - - // 3.2.4. Quoted Strings - - // qtext = %d33 / ; Printable US-ASCII - // %d35-91 / ; characters not including - // %d93-126 / ; "\" or the quote character - // obs-qtext - function qtext() { - return wrap('qtext', or( - function qtextFunc1() { - return compareToken(function qtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 === code) || - (35 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsQtext - )()); - } - - // qcontent = qtext / quoted-pair - function qcontent() { - return wrap('qcontent', or(qtext, quotedPair)()); - } - - // quoted-string = [CFWS] - // DQUOTE *([FWS] qcontent) [FWS] DQUOTE - // [CFWS] - function quotedString() { - return wrap('quoted-string', and( - invis(opt(cfws)), - invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote), - invis(opt(cfws)) - )()); + * @async + */ + async encrypt(passphrase, config$1 = config) { + if (this.isDummy()) { + return; } - // 3.2.5 Miscellaneous Tokens - - // word = atom / quoted-string - function word() { - return wrap('word', or(atom, quotedString)()); + if (!this.isDecrypted()) { + throw new Error('Key packet is already encrypted'); } - // phrase = 1*word / obs-phrase - function phrase() { - return wrap('phrase', or(obsPhrase, star(word, 1))()); + if (!passphrase) { + throw new Error('A non-empty passphrase is required for key encryption.'); } - // 3.4. Address Specification - // address = mailbox / group - function address() { - return wrap('address', or(mailbox, group)()); - } + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + const cleartext = mod.serializeParams(this.algorithm, this.privateParams); + this.symmetric = enums.symmetric.aes256; - // mailbox = name-addr / addr-spec - function mailbox() { - return wrap('mailbox', or(nameAddr, addrSpec)()); - } + const { blockSize } = mod.getCipherParams(this.symmetric); - // name-addr = [display-name] angle-addr - function nameAddr() { - return wrap('name-addr', and(opt(displayName), angleAddr)()); - } + if (config$1.aeadProtect) { + this.s2kUsage = 253; + this.aead = config$1.preferredAEADAlgorithm; + const mode = mod.getAEADMode(this.aead); + this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead. + this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material - // angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / - // obs-angle-addr - function angleAddr() { - return wrap('angle-addr', or( - and( - invis(opt(cfws)), - literal('<'), - addrSpec, - literal('>'), - invis(opt(cfws)) - ), - obsAngleAddr - )()); - } + const serializedPacketTag = writeTag(this.constructor.tag); + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); - // group = display-name ":" [group-list] ";" [CFWS] - function group() { - return wrap('group', and( - displayName, - literal(':'), - opt(groupList), - literal(';'), - invis(opt(cfws)) - )()); - } + const modeInstance = await mode(this.symmetric, key); + this.iv = this.isLegacyAEAD ? mod.random.getRandomBytes(blockSize) : mod.random.getRandomBytes(mode.ivLength); + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); - // display-name = phrase - function displayName() { - return wrap('display-name', function phraseFixedSemantic() { - var result = phrase(); - if (result !== null) { - result.semantic = collapseWhitespace(result.semantic); - } - return result; - }()); - } - - // mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list - function mailboxList() { - return wrap('mailbox-list', or( - and( - mailbox, - star(and(literal(','), mailbox)) - ), - obsMboxList - )()); - } - - // address-list = (address *("," address)) / obs-addr-list - function addressList() { - return wrap('address-list', or( - and( - address, - star(and(literal(','), address)) - ), - obsAddrList - )()); - } - - // group-list = mailbox-list / CFWS / obs-group-list - function groupList() { - return wrap('group-list', or( - mailboxList, - invis(cfws), - obsGroupList - )()); - } - - // 3.4.1 Addr-Spec Specification - - // local-part = dot-atom / quoted-string / obs-local-part - function localPart() { - // note: quoted-string, dotAtom are proper subsets of obs-local-part - // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree - return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)()); - } - - // dtext = %d33-90 / ; Printable US-ASCII - // %d94-126 / ; characters not including - // obs-dtext ; "[", "]", or "\" - function dtext() { - return wrap('dtext', or( - function dtextFunc1() { - return compareToken(function dtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 90) || - (94 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsDtext - )() - ); + this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData); + } else { + this.s2kUsage = 254; + this.usedModernAEAD = false; + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric); + this.iv = mod.random.getRandomBytes(blockSize); + this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ + cleartext, + await mod.hash.sha1(cleartext, config$1) + ]), this.iv, config$1); } + } - // domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS] - function domainLiteral() { - return wrap('domain-literal', and( - invis(opt(cfws)), - literal('['), - star(and(opt(fws), dtext)), - opt(fws), - literal(']'), - invis(opt(cfws)) - )()); - } - - // domain = dot-atom / domain-literal / obs-domain - function domain() { - return wrap('domain', function domainCheckTLD() { - var result = or(obsDomain, dotAtom, domainLiteral)(); - if (opts.rejectTLD) { - if (result && result.semantic && result.semantic.indexOf('.') < 0) { - return null; - } - } - // strip all whitespace from domains - if (result) { - result.semantic = result.semantic.replace(/\s+/g, ''); - } - return result; - }()); - } - - // addr-spec = local-part "@" domain - function addrSpec() { - return wrap('addr-spec', and( - localPart, literal('@'), domain - )()); - } - - // 3.6.2 Originator Fields - // Below we only parse the field body, not the name of the field - // like "From:", "Sender:", or "Reply-To:". Other libraries that - // parse email headers can parse those and defer to these productions - // for the "RFC 5322" part. - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // from = "From:" (mailbox-list / address-list) CRLF - function fromSpec() { - return wrap('from', or( - mailboxList, - addressList - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // sender = "Sender:" (mailbox / address) CRLF - function senderSpec() { - return wrap('sender', or( - mailbox, - address - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // reply-to = "Reply-To:" address-list CRLF - function replyToSpec() { - return wrap('reply-to', addressList()); - } - - // 4.1. Miscellaneous Obsolete Tokens - - // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control - // %d11 / ; characters that do not - // %d12 / ; include the carriage - // %d14-31 / ; return, line feed, and - // %d127 ; white space characters - function obsNoWsCtl() { - return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) { - var code = tok.charCodeAt(0); - return ((1 <= code && code <= 8) || - (11 === code || 12 === code) || - (14 <= code && code <= 31) || - (127 === code)); - })); + /** + * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. + * {@link SecretKeyPacket.isDecrypted} should be false, as + * otherwise calls to this function will throw an error. + * @param {String} passphrase - The passphrase for this private key as string + * @throws {Error} if the key is already decrypted, or if decryption was not successful + * @async + */ + async decrypt(passphrase) { + if (this.isDummy()) { + return false; } - // obs-ctext = obs-NO-WS-CTL - function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); } - - // obs-qtext = obs-NO-WS-CTL - function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); } - - // obs-qp = "\" (%d0 / obs-NO-WS-CTL / LF / CR) - function obsQP() { - return opts.strict ? null : wrap('obs-qp', and( - literal('\\'), - or(literal('\0'), obsNoWsCtl, lf, cr) - )()); - } - - // obs-phrase = word *(word / "." / CFWS) - function obsPhrase() { - if (opts.strict ) return null; - return opts.atInDisplayName ? wrap('obs-phrase', and( - word, - star(or(word, literal('.'), literal('@'), colwsp(cfws))) - )()) : - wrap('obs-phrase', and( - word, - star(or(word, literal('.'), colwsp(cfws))) - )()); - } - - // 4.2. Obsolete Folding White Space - - // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908 - // obs-FWS = 1*([CRLF] WSP) - function obsFws() { - return opts.strict ? null : wrap('obs-FWS', star( - and(invis(opt(crlf)), wsp), - 1 - )()); - } - - // 4.4. Obsolete Addressing - - // obs-angle-addr = [CFWS] "<" obs-route addr-spec ">" [CFWS] - function obsAngleAddr() { - return opts.strict ? null : wrap('obs-angle-addr', and( - invis(opt(cfws)), - literal('<'), - obsRoute, - addrSpec, - literal('>'), - invis(opt(cfws)) - )()); - } - - // obs-route = obs-domain-list ":" - function obsRoute() { - return opts.strict ? null : wrap('obs-route', and( - obsDomainList, - literal(':') - )()); - } - - // obs-domain-list = *(CFWS / ",") "@" domain - // *("," [CFWS] ["@" domain]) - function obsDomainList() { - return opts.strict ? null : wrap('obs-domain-list', and( - star(or(invis(cfws), literal(','))), - literal('@'), - domain, - star(and( - literal(','), - invis(opt(cfws)), - opt(and(literal('@'), domain)) - )) - )()); - } - - // obs-mbox-list = *([CFWS] ",") mailbox *("," [mailbox / CFWS]) - function obsMboxList() { - return opts.strict ? null : wrap('obs-mbox-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - mailbox, - star(and( - literal(','), - opt(and( - mailbox, - invis(cfws) - )) - )) - )()); - } - - // obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) - function obsAddrList() { - return opts.strict ? null : wrap('obs-addr-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - address, - star(and( - literal(','), - opt(and( - address, - invis(cfws) - )) - )) - )()); - } - - // obs-group-list = 1*([CFWS] ",") [CFWS] - function obsGroupList() { - return opts.strict ? null : wrap('obs-group-list', and( - star(and( - invis(opt(cfws)), - literal(',') - ), 1), - invis(opt(cfws)) - )()); - } - - // obs-local-part = word *("." word) - function obsLocalPart() { - return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))()); - } - - // obs-domain = atom *("." atom) - function obsDomain() { - return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))()); - } - - // obs-dtext = obs-NO-WS-CTL / quoted-pair - function obsDtext() { - return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)()); - } - - ///////////////////////////////////////////////////// - - // ast analysis - - function findNode(name, root) { - var i, stack, node; - if (root === null || root === undefined) { return null; } - stack = [root]; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - return node; - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return null; - } - - function findAllNodes(name, root) { - var i, stack, node, result; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - result.push(node); - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return result; + if (this.unparseableKeyMaterial) { + throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); } - function findAllNodesNoChildren(names, root) { - var i, stack, node, result, namesLookup; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - namesLookup = {}; - for (i = 0; i < names.length; i += 1) { - namesLookup[names[i]] = true; - } - - while (stack.length > 0) { - node = stack.pop(); - if (node.name in namesLookup) { - result.push(node); - // don't look at children (hence findAllNodesNoChildren) - } else { - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - } - return result; + if (this.isDecrypted()) { + throw new Error('Key packet is already decrypted.'); } - function giveResult(ast) { - var addresses, groupsAndMailboxes, i, groupOrMailbox, result; - if (ast === null) { - return null; - } - addresses = []; - - // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'. - groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast); - for (i = 0; i < groupsAndMailboxes.length; i += 1) { - groupOrMailbox = groupsAndMailboxes[i]; - if (groupOrMailbox.name === 'group') { - addresses.push(giveResultGroup(groupOrMailbox)); - } else if (groupOrMailbox.name === 'mailbox') { - addresses.push(giveResultMailbox(groupOrMailbox)); - } - } - - result = { - ast: ast, - addresses: addresses, - }; - if (opts.simple) { - result = simplifyResult(result); - } - if (opts.oneResult) { - return oneResult(result); - } - if (opts.simple) { - return result && result.addresses; - } else { - return result; - } + let key; + const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only + if (this.s2kUsage === 254 || this.s2kUsage === 253) { + key = await produceEncryptionKey( + this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + } else if (this.s2kUsage === 255) { + throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); + } else { + throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); } - function giveResultGroup(group) { - var i; - var groupName = findNode('display-name', group); - var groupResultMailboxes = []; - var mailboxes = findAllNodesNoChildren(['mailbox'], group); - for (i = 0; i < mailboxes.length; i += 1) { - groupResultMailboxes.push(giveResultMailbox(mailboxes[i])); + let cleartext; + if (this.s2kUsage === 253) { + const mode = mod.getAEADMode(this.aead); + const modeInstance = await mode(this.symmetric, key); + try { + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData); + } catch (err) { + if (err.message === 'Authentication tag mismatch') { + throw new Error('Incorrect key passphrase: ' + err.message); } - return { - node: group, - parts: { - name: groupName, - }, - type: group.name, // 'group' - name: grabSemantic(groupName), - addresses: groupResultMailboxes, - }; - } - - function giveResultMailbox(mailbox) { - var name = findNode('display-name', mailbox); - var aspec = findNode('addr-spec', mailbox); - var cfws = findAllNodes('cfws', mailbox); - var comments = findAllNodesNoChildren(['comment'], mailbox); - + throw err; + } + } else { + const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); - var local = findNode('local-part', aspec); - var domain = findNode('domain', aspec); - return { - node: mailbox, - parts: { - name: name, - address: aspec, - local: local, - domain: domain, - comments: cfws - }, - type: mailbox.name, // 'mailbox' - name: grabSemantic(name), - address: grabSemantic(aspec), - local: grabSemantic(local), - domain: grabSemantic(domain), - comments: concatComments(comments), - groupName: grabSemantic(mailbox.groupName), - }; - } + cleartext = cleartextWithHash.subarray(0, -20); + const hash = await mod.hash.sha1(cleartext); - function grabSemantic(n) { - return n !== null && n !== undefined ? n.semantic : null; + if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { + throw new Error('Incorrect key passphrase'); + } } - function simplifyResult(result) { - var i; - if (result && result.addresses) { - for (i = 0; i < result.addresses.length; i += 1) { - delete result.addresses[i].node; - } - } - return result; + try { + const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + this.privateParams = privateParams; + } catch (err) { + throw new Error('Error reading MPIs'); } + this.isEncrypted = false; + this.keyMaterial = null; + this.s2kUsage = 0; + this.aead = null; + this.symmetric = null; + this.isLegacyAEAD = null; + } - function concatComments(comments) { - var result = ''; - if (comments) { - for (var i = 0; i < comments.length; i += 1) { - result += grabSemantic(comments[i]); - } - } - return result; + /** + * Checks that the key parameters are consistent + * @throws {Error} if validation was not successful + * @async + */ + async validate() { + if (this.isDummy()) { + return; } - function oneResult(result) { - if (!result) { return null; } - if (!opts.partial && result.addresses.length > 1) { return null; } - return result.addresses && result.addresses[0]; + if (!this.isDecrypted()) { + throw new Error('Key is not decrypted'); } - ///////////////////////////////////////////////////// - - var parseString, pos, len, parsed, startProduction; - - opts = handleOpts(opts, {}); - if (opts === null) { return null; } - - parseString = opts.input; - - startProduction = { - 'address': address, - 'address-list': addressList, - 'angle-addr': angleAddr, - 'from': fromSpec, - 'group': group, - 'mailbox': mailbox, - 'mailbox-list': mailboxList, - 'reply-to': replyToSpec, - 'sender': senderSpec, - }[opts.startAt] || addressList; - - if (!opts.strict) { - initialize(); - opts.strict = true; - parsed = startProduction(parseString); - if (opts.partial || !inStr()) { - return giveResult(parsed); - } - opts.strict = false; + if (this.usedModernAEAD) { + // key integrity confirmed by successful AEAD decryption + return; } - initialize(); - parsed = startProduction(parseString); - if (!opts.partial && inStr()) { return null; } - return giveResult(parsed); -} - -function parseOneAddressSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} - -function parseAddressListSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} - -function parseFromSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'from', - })); -} - -function parseSenderSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'sender', - })); -} - -function parseReplyToSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'reply-to', - })); -} - -function handleOpts(opts, defs) { - function isString(str) { - return Object.prototype.toString.call(str) === '[object String]'; + let validParams; + try { + // this can throw if some parameters are undefined + validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); + } catch (_) { + validParams = false; } - - function isObject(o) { - return o === Object(o); + if (!validParams) { + throw new Error('Key is invalid'); } + } - function isNullUndef(o) { - return o === null || o === undefined; + async generate(bits, curve) { + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if (this.version === 6 && ( + (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) || + this.algorithm === enums.publicKey.eddsaLegacy + )) { + throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`); } + const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); + this.privateParams = privateParams; + this.publicParams = publicParams; + this.isEncrypted = false; + } - var defaults, o; - - if (isString(opts)) { - opts = { input: opts }; - } else if (!isObject(opts)) { - return null; + /** + * Clear private key parameters + */ + clearPrivateParams() { + if (this.isMissingSecretKeyMaterial()) { + return; } - if (!isString(opts.input)) { return null; } - if (!defs) { return null; } - - defaults = { - oneResult: false, - partial: false, - rejectTLD: false, - rfc6532: false, - simple: false, - startAt: 'address-list', - strict: false, - atInDisplayName: false - }; - - for (o in defaults) { - if (isNullUndef(opts[o])) { - opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o]; - } - } - return opts; + Object.keys(this.privateParams).forEach(name => { + const param = this.privateParams[name]; + param.fill(0); + delete this.privateParams[name]; + }); + this.privateParams = null; + this.isEncrypted = true; + } } -parse5322.parseOneAddress = parseOneAddressSimple; -parse5322.parseAddressList = parseAddressListSimple; -parse5322.parseFrom = parseFromSimple; -parse5322.parseSender = parseSenderSimple; -parse5322.parseReplyTo = parseReplyToSimple; - -{ - module.exports = parse5322; +/** + * Derive encryption key + * @param {Number} keyVersion - key derivation differs for v5 keys + * @param {module:type/s2k} s2k + * @param {String} passphrase + * @param {module:enums.symmetric} cipherAlgo + * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5) + * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5) + * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only) + * @returns encryption key + */ +async function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) { + if (s2k.type === 'argon2' && !aeadMode) { + throw new Error('Using Argon2 S2K without AEAD is not allowed'); + } + if (s2k.type === 'simple' && keyVersion === 6) { + throw new Error('Using Simple S2K with version 6 keys is not allowed'); + } + const { keySize } = mod.getCipherParams(cipherAlgo); + const derivedKey = await s2k.produceKey(passphrase, keySize); + if (!aeadMode || keyVersion === 5 || isLegacyAEAD) { + return derivedKey; + } + const info = util.concatUint8Array([ + serializedPacketTag, + new Uint8Array([keyVersion, cipherAlgo, aeadMode]) + ]); + return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize); } -}()); -}); - // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Implementation of the User ID Packet (Tag 13) @@ -27348,12 +16560,27 @@ class UserIDPacket { if (userID.length > config$1.maxUserIDLength) { throw new Error('User ID string is too long'); } - try { - const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true }); - this.comment = comments.replace(/^\(|\)$/g, ''); - this.name = name; - this.email = email; - } catch (e) {} + + /** + * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1, + * as well comments placed between the name (if present) and the bracketed email address: + * - name (comment) + * - email + * In the first case, the `email` is the only required part, and it must contain the `@` symbol. + * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`, + * since they interfere with `comment` parsing. + */ + const re = /^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/; + const matches = re.exec(userID); + if (matches !== null) { + const { name, comment, email } = matches.groups; + this.comment = comment?.replace(/^\(|\)|\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace + this.name = name?.trim() || ''; + this.email = email.substring(1, email.length - 1); // remove brackets + } else if (/^[^\s@]+@[^\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace + this.email = userID; + } + this.userID = userID; } @@ -27371,6 +16598,22 @@ class UserIDPacket { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret @@ -27424,10 +16667,86 @@ class TrustPacket { } } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2022 Proton AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Padding Packet + * + * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}: + * Padding Packet + */ +class PaddingPacket { + static get tag() { + return enums.packet.padding; + } + + constructor() { + this.padding = null; + } + + /** + * Read a padding packet + * @param {Uint8Array | ReadableStream} bytes + */ + read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars + // Padding packets are ignored, so this function is never called. + } + + /** + * Write the padding packet + * @returns {Uint8Array} The padding packet. + */ + write() { + return this.padding; + } + + /** + * Create random padding. + * @param {Number} length - The length of padding to be generated. + * @throws {Error} if padding generation was not successful + * @async + */ + async createPadding(length) { + this.padding = await mod.random.getRandomBytes(length); + } +} + // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A Signature can contain the following packets -const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); +const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); /** * Class that represents an OpenPGP signature. @@ -27454,7 +16773,9 @@ class Signature { * @returns {ReadableStream} ASCII armor. */ armor(config$1 = config) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config$1); + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config$1); } /** @@ -27491,22 +16812,22 @@ async function readSignature({ armoredSignature, binarySignature, config: config const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); if (armoredSignature) { - const { type, data } = await unarmor(input, config$1); + const { type, data } = await unarmor(input); if (type !== enums.armor.signature) { throw new Error('Armored text not of type signature'); } input = data; } - const packetlist = await PacketList.fromBinary(input, allowedPackets$4, config$1); + const packetlist = await PacketList.fromBinary(input, allowedPackets$1, config$1); return new Signature(packetlist); } /** * @fileoverview Provides helpers methods for key module * @module key/helper - * @private */ + async function generateSecretSubkey(options, config) { const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); secretSubkeyPacket.packets = null; @@ -27529,6 +16850,8 @@ async function generateSecretKey(options, config) { * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. * @param {Array} signatures - List of signatures * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature + * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures, + * `enums.signatures.certGeneric` should be given regardless of the actual trust level) * @param {Date} date - Use the given date instead of the current time * @param {Object} config - full configuration * @returns {Promise} The latest valid signature. @@ -27582,7 +16905,7 @@ async function createBindingSignature(subkey, primaryKey, options, config) { const signatureProperties = { signatureType: enums.signature.subkeyBinding }; if (options.sign) { signatureProperties.keyFlags = [enums.keyFlags.signData]; - signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, { + signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, { signatureType: enums.signature.keyBinding }, options.date, undefined, undefined, undefined, config); } else { @@ -27592,83 +16915,166 @@ async function createBindingSignature(subkey, primaryKey, options, config) { signatureProperties.keyExpirationTime = options.keyExpirationTime; signatureProperties.keyNeverExpires = false; } - const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); + const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); return subkeySignaturePacket; } /** - * Returns the preferred signature hash algorithm of a key - * @param {Key} [key] - The key to get preferences from - * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing + * Returns the preferred signature hash algorithm for a set of keys. + * @param {Array} [targetKeys] - The keys to get preferences from + * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID + * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from * @param {Object} config - full configuration * @returns {Promise} * @async */ -async function getPreferredHashAlgo$2(key, keyPacket, date = new Date(), userID = {}, config) { - let hashAlgo = config.preferredHashAlgorithm; - let prefAlgo = hashAlgo; - if (key) { - const primaryUser = await key.getPrimaryUser(date, userID, config); - if (primaryUser.selfCertification.preferredHashAlgorithms) { - [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms; - hashAlgo = mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; +async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { + /** + * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the + * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). + * if no keys are available, `preferredSenderAlgo` is returned. + * For ECC signing key, the curve preferred hash is taken into account as well (see logic below). + */ + const defaultAlgo = enums.hash.sha256; // MUST implement + const preferredSenderAlgo = config.preferredHashAlgorithm; + + const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => { + const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config); + const targetPrefs = selfCertification.preferredHashAlgorithms; + return targetPrefs; + })); + const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys + for (const supportedAlgos of supportedAlgosPerTarget) { + for (const hashAlgo of supportedAlgos) { + try { + // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on + const supportedAlgo = enums.write(enums.hash, hashAlgo); + supportedAlgosMap.set( + supportedAlgo, + supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1 + ); + } catch {} } } - switch (keyPacket.algorithm) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ed25519: - prefAlgo = mod.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid); + const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo; + const getStrongestSupportedHashAlgo = () => { + if (supportedAlgosMap.size === 0) { + return defaultAlgo; + } + const sortedHashAlgos = Array.from(supportedAlgosMap.keys()) + .filter(hashAlgo => isSupportedHashAlgo(hashAlgo)) + .sort((algoA, algoB) => mod.hash.getHashByteLength(algoA) - mod.hash.getHashByteLength(algoB)); + const strongestHashAlgo = sortedHashAlgos[0]; + // defaultAlgo is always implicilty supported, and might be stronger than the rest + return mod.hash.getHashByteLength(strongestHashAlgo) >= mod.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo; + }; + + const eccAlgos = new Set([ + enums.publicKey.ecdsa, + enums.publicKey.eddsaLegacy, + enums.publicKey.ed25519, + enums.publicKey.ed448 + ]); + + if (eccAlgos.has(signingKeyPacket.algorithm)) { + // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: + // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 + // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough; + // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve + // preferred algo, even if not supported by all targets. + const preferredCurveAlgo = mod.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid); + + const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo); + const preferredSenderAlgoStrongerThanCurveAlgo = mod.hash.getHashByteLength(preferredSenderAlgo) >= mod.hash.getHashByteLength(preferredCurveAlgo); + + if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) { + return preferredSenderAlgo; + } else { + const strongestSupportedAlgo = getStrongestSupportedHashAlgo(); + return mod.hash.getHashByteLength(strongestSupportedAlgo) >= mod.hash.getHashByteLength(preferredCurveAlgo) ? + strongestSupportedAlgo : + preferredCurveAlgo; + } } - return mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; + + // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this, + // since it was manually set by the sender. + return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo(); } /** - * Returns the preferred symmetric/aead/compression algorithm for a set of keys - * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return + * Returns the preferred compression algorithm for a set of keys * @param {Array} [keys] - Set of keys * @param {Date} [date] - Use the given date for verification instead of the current time * @param {Array} [userIDs] - User IDs * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Preferred algorithm + * @returns {Promise} Preferred compression algorithm * @async */ -async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config$1 = config) { - const defaultAlgo = { // these are all must-implement in rfc4880bis - 'symmetric': enums.symmetric.aes128, - 'aead': enums.aead.eax, - 'compression': enums.compression.uncompressed - }[type]; - const preferredSenderAlgo = { - 'symmetric': config$1.preferredSymmetricAlgorithm, - 'aead': config$1.preferredAEADAlgorithm, - 'compression': config$1.preferredCompressionAlgorithm - }[type]; - const prefPropertyName = { - 'symmetric': 'preferredSymmetricAlgorithms', - 'aead': 'preferredAEADAlgorithms', - 'compression': 'preferredCompressionAlgorithms' - }[type]; +async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const defaultAlgo = enums.compression.uncompressed; + const preferredSenderAlgo = config$1.preferredCompressionAlgorithm; // if preferredSenderAlgo appears in the prefs of all recipients, we pick it // otherwise we use the default algo // if no keys are available, preferredSenderAlgo is returned const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - const recipientPrefs = primaryUser.selfCertification[prefPropertyName]; + const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config$1); + const recipientPrefs = selfCertification.preferredCompressionAlgorithms; return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; })); return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; } +/** + * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred + * @async + */ +async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1))); + const withAEAD = keys.length ? + selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) : + config$1.aeadProtect; + + if (withAEAD) { + const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb }; + const desiredCipherSuites = [ + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: config$1.preferredAEADAlgorithm }, + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb }, + { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config$1.preferredAEADAlgorithm } + ]; + for (const desiredCipherSuite of desiredCipherSuites) { + if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some( + cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo + ))) { + return desiredCipherSuite; + } + } + return defaultCipherSuite; + } + const defaultSymAlgo = enums.symmetric.aes128; + const desiredSymAlgo = config$1.preferredSymmetricAlgorithm; + return { + symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ? + desiredSymAlgo : + defaultSymAlgo, + aeadAlgo: undefined + }; +} + /** * Create signature packet * @param {Object} dataToSign - Contains packets to be signed - * @param {PrivateKey} privateKey - key to get preferences from + * @param {Array} recipientKeys - keys to get preferences from * @param {SecretKeyPacket| * SecretSubkeyPacket} signingKeyPacket secret key packet for signing * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing @@ -27679,7 +17085,7 @@ async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [] * @param {Object} config - full configuration * @returns {Promise} Signature packet. */ -async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) { +async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) { if (signingKeyPacket.isDummy()) { throw new Error('Cannot sign with a gnu-dummy key.'); } @@ -27689,9 +17095,9 @@ async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, s const signaturePacket = new SignaturePacket(); Object.assign(signaturePacket, signatureProperties); signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; - signaturePacket.hashAlgorithm = await getPreferredHashAlgo$2(privateKey, signingKeyPacket, date, userID, config); - signaturePacket.rawNotations = notations; - await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached); + signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config); + signaturePacket.rawNotations = [...notations]; + await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config); return signaturePacket; } @@ -27753,8 +17159,14 @@ async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocation // `verifyAllCertifications`.) !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) ) { + const isHardRevocation = ![ + enums.reasonForRevocation.keyRetired, + enums.reasonForRevocation.keySuperseded, + enums.reasonForRevocation.userIDInvalid + ].includes(revocationSignature.reasonForRevocationFlag); + await revocationSignature.verify( - key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config + key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config ); // TODO get an identifier of the revoked object instead @@ -27787,28 +17199,6 @@ function getKeyExpirationTime(keyPacket, signature) { return expirationTime ? new Date(expirationTime) : Infinity; } -/** - * Returns whether aead is supported by all keys in the set - * @param {Array} keys - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} config - full configuration - * @returns {Promise} - * @async - */ -async function isAEADSupported(keys, date = new Date(), userIDs = [], config$1 = config) { - let supported = true; - // TODO replace when Promise.some or Promise.any are implemented - await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - if (!primaryUser.selfCertification.features || - !(primaryUser.selfCertification.features[0] & enums.features.aead)) { - supported = false; - } - })); - return supported; -} - function sanitizeKeyOptions(options, subkeyDefaults = {}) { options.type = options.type || subkeyDefaults.type; options.curve = options.curve || subkeyDefaults.curve; @@ -27820,13 +17210,14 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) { options.sign = options.sign || false; switch (options.type) { - case 'ecc': + case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve` try { options.curve = enums.write(enums.curve, options.curve); } catch (e) { throw new Error('Unknown curve'); } - if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) { + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy || + options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; } if (options.sign) { @@ -27835,6 +17226,12 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) { options.algorithm = enums.publicKey.ecdh; } break; + case 'curve25519': + options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519; + break; + case 'curve448': + options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448; + break; case 'rsa': options.algorithm = enums.publicKey.rsaEncryptSign; break; @@ -27844,37 +17241,69 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) { return options; } -function isValidSigningKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.rsaEncrypt && - keyAlgo !== enums.publicKey.elgamal && - keyAlgo !== enums.publicKey.ecdh && - keyAlgo !== enums.publicKey.x25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.signData) !== 0); -} - -function isValidEncryptionKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.dsa && - keyAlgo !== enums.publicKey.rsaSign && - keyAlgo !== enums.publicKey.ecdsa && - keyAlgo !== enums.publicKey.eddsaLegacy && - keyAlgo !== enums.publicKey.ed25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0); +function validateSigningKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + default: + return false; + } } -function isValidDecryptionKeyPacket(signature, config) { - if (config.allowInsecureDecryptionWithSigningKeys) { - // This is only relevant for RSA keys, all other signing algorithms cannot decrypt - return true; +function validateEncryptionKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + default: + return false; } +} + +function validateDecryptionKeyPacket(keyPacket, signature, config) { + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) { + // This is only relevant for RSA keys, all other signing algorithms cannot decrypt + return true; + } - return !signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + } + default: + return false; + } } /** @@ -27910,9 +17339,9 @@ function checkKeyRequirements(keyPacket, config) { /** * @module key/User - * @private */ + /** * Class that represents an user ID or attribute packet and the relevant signatures. * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info @@ -27977,7 +17406,7 @@ class User { throw new Error("The user's own key can only be used for self-certifications"); } const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); - return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, { + return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, { // Most OpenPGP implementations use generic certification (0x10) signatureType: enums.signature.certGeneric, keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] @@ -28165,7 +17594,7 @@ class User { key: primaryKey }; const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { + user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { signatureType: enums.signature.certRevocation, reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), reasonForRevocationString @@ -28177,9 +17606,9 @@ class User { /** * @module key/Subkey - * @private */ + /** * Class that represents a subkey packet and the relevant signatures. * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID @@ -28358,7 +17787,7 @@ class Subkey { ) { const dataToSign = { key: primaryKey, bind: this.keyPacket }; const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { + subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { signatureType: enums.signature.subkeyRevocation, reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), reasonForRevocationString @@ -28380,6 +17809,22 @@ class Subkey { }); // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A key revocation certificate can contain the following packets const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); @@ -28612,6 +18057,11 @@ class Key { async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { await this.verifyPrimaryKey(date, userID, config$1); const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); + } const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); let exception; for (const subkey of subkeys) { @@ -28622,7 +18072,7 @@ class Key { const bindingSignature = await getLatestValidSignature( subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 ); - if (!isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) { + if (!validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { continue; } if (!bindingSignature.embeddedSignature) { @@ -28641,9 +18091,9 @@ class Key { } try { - const primaryUser = await this.getPrimaryUser(date, userID, config$1); + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config$1)) { + validateSigningKeyPacket(primaryKey, selfCertification, config$1)) { checkKeyRequirements(primaryKey, config$1); return this; } @@ -28666,6 +18116,11 @@ class Key { async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { await this.verifyPrimaryKey(date, userID, config$1); const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); + } // V4: by convention subkeys are preferred for encryption service const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); let exception; @@ -28675,7 +18130,7 @@ class Key { await subkey.verify(date, config$1); const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) { + if (validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { checkKeyRequirements(subkey.keyPacket, config$1); return subkey; } @@ -28687,9 +18142,9 @@ class Key { try { // if no valid subkey for encryption, evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) { + validateEncryptionKeyPacket(primaryKey, selfCertification, config$1)) { checkKeyRequirements(primaryKey, config$1); return this; } @@ -28733,18 +18188,20 @@ class Key { throw new Error('Primary key is revoked'); } // check for valid, unrevoked, unexpired self signature - const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); // check for expiration time in binding signatures if (isDataExpired(primaryKey, selfCertification, date)) { throw new Error('Primary key is expired'); } - // check for expiration time in direct signatures - const directSignature = await getLatestValidSignature( - this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 - ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key + if (primaryKey.version !== 6) { + // check for expiration time in direct signatures (for V6 keys, the above already did so) + const directSignature = await getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key - if (directSignature && isDataExpired(primaryKey, directSignature, date)) { - throw new Error('Primary key is expired'); + if (directSignature && isDataExpired(primaryKey, directSignature, date)) { + throw new Error('Primary key is expired'); + } } } @@ -28759,12 +18216,13 @@ class Key { async getExpirationTime(userID, config$1 = config) { let primaryKeyExpiry; try { - const { selfCertification } = await this.getPrimaryUser(null, userID, config$1); + const selfCertification = await this.getPrimarySelfSignature(null, userID, config$1); const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); const selfSigExpiry = selfCertification.getExpirationTime(); - const directSignature = await getLatestValidSignature( - this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 - ).catch(() => {}); + const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature. + await getLatestValidSignature( + this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 + ).catch(() => {}); if (directSignature) { const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, @@ -28781,6 +18239,28 @@ class Key { } + /** + * For V4 keys, returns the self-signature of the primary user. + * For V5 keys, returns the latest valid direct-key self-signature. + * This self-signature is to be used to check the key expiration, + * algorithm preferences, and so on. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} The primary self-signature + * @async + */ + async getPrimarySelfSignature(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + if (primaryKey.version === 6) { + return getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ); + } + const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + return selfCertification; + } + /** * Returns primary user and most significant (latest valid) self signature * - if multiple primary users exist, returns the one with the latest self signature @@ -28819,6 +18299,7 @@ class Key { } } if (!users.length) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal throw exception || new Error('Could not find primary user'); } await Promise.all(users.map(async function (a) { @@ -28930,7 +18411,9 @@ class Key { const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); const packetlist = new PacketList(); packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config$1); } /** @@ -28944,7 +18427,7 @@ class Key { * @async */ async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { - const input = await unarmor(revocationCertificate, config$1); + const input = await unarmor(revocationCertificate); const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); const revocationSignature = packetlist.findPacket(enums.packet.signature); if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { @@ -29062,6 +18545,19 @@ class Key { }); // This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** * Class that represents an OpenPGP Public Key @@ -29107,7 +18603,9 @@ class PublicKey extends Key { * @returns {ReadableStream} ASCII armor. */ armor(config$1 = config) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); } } @@ -29166,7 +18664,9 @@ class PrivateKey extends PublicKey { * @returns {ReadableStream} ASCII armor. */ armor(config$1 = config) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); } /** @@ -29177,28 +18677,45 @@ class PrivateKey extends PublicKey { * @param {String} userID, optional * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise>} Array of decryption keys. + * @throws {Error} if no decryption key is found * @async */ async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { const primaryKey = this.keyPacket; const keys = []; + let exception = null; for (let i = 0; i < this.subkeys.length; i++) { if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { + if (this.subkeys[i].keyPacket.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + continue; + } + try { const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidDecryptionKeyPacket(bindingSignature, config$1)) { + if (validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config$1)) { keys.push(this.subkeys[i]); } - } catch (e) {} + } catch (e) { + exception = e; + } } } // evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && - isValidDecryptionKeyPacket(primaryUser.selfCertification, config$1)) { - keys.push(this); + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && validateDecryptionKeyPacket(primaryKey, selfCertification, config$1)) { + if (primaryKey.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + } else { + keys.push(this); + } + } + + if (keys.length === 0) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('No decryption key packets found'); } return keys; @@ -29289,7 +18806,7 @@ class PrivateKey extends PublicKey { } const dataToSign = { key: this.keyPacket }; const key = this.clone(); - key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.keyPacket, { + key.revocationSignatures.push(await createSignaturePacket(dataToSign, [], this.keyPacket, { signatureType: enums.signature.keyRevocation, reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), reasonForRevocationString @@ -29300,8 +18817,10 @@ class PrivateKey extends PublicKey { /** * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. - * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. - * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA + * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519. + * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. + * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format). + * Note: Curve448 and Curve25519 are not widely supported yet. * @param {String} options.curve (optional) Elliptic curve for ECC keys * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires @@ -29327,11 +18846,15 @@ class PrivateKey extends PublicKey { throw new Error('Key is not decrypted'); } const defaultOptions = secretKeyPacket.getAlgorithmInfo(); - defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA + defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm); defaultOptions.rsaBits = defaultOptions.bits || 4096; - defaultOptions.curve = defaultOptions.curve || 'curve25519'; + defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy'; options = sanitizeKeyOptions(options, defaultOptions); - const keyPacket = await generateSecretSubkey(options); + // Every subkey for a v4 primary key MUST be a v4 subkey. + // Every subkey for a v6 primary key MUST be a v6 subkey. + // For v5 keys, since we dropped generation support, a v4 subkey is added. + // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user. + const keyPacket = await generateSecretSubkey(options, { ...config$1, v6Keys: this.keyPacket.version === 6 }); checkKeyRequirements(keyPacket, config$1); const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); const packetList = this.toPacketList(); @@ -29340,7 +18863,44 @@ class PrivateKey extends PublicKey { } } +function getDefaultSubkeyType(algoName) { + const algo = enums.write(enums.publicKey, algoName); + // NB: no encryption-only algos, since they cannot be in primary keys + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + return 'rsa'; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return 'ecc'; + case enums.publicKey.ed25519: + return 'curve25519'; + case enums.publicKey.ed448: + return 'curve448'; + default: + throw new Error('Unsupported algorithm'); + } +} + // OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A Key can contain the following packets const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ @@ -29373,9 +18933,9 @@ function createKey(packetlist) { /** - * Generates a new OpenPGP key. Supports RSA and ECC keys. + * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. * By default, primary and subkeys will be of same type. - * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA + * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format). * @param {String} options.curve Elliptic curve for ECC keys * @param {Integer} options.rsaBits Number of bits for RSA keys * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } @@ -29390,7 +18950,7 @@ function createKey(packetlist) { * @static * @private */ -async function generate$4(options, config) { +async function generate(options, config) { options.sign = true; // primary key is always a signing key options = sanitizeKeyOptions(options); options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); @@ -29497,59 +19057,81 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf const packetlist = new PacketList(); packetlist.push(secretKeyPacket); - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; - } - - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } + function getKeySignatureProperties() { const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; - signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ - // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) + const symmetricAlgorithms = createPreferredAlgos([ + // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support) enums.symmetric.aes256, - enums.symmetric.aes128, - enums.symmetric.aes192 + enums.symmetric.aes128 ], config.preferredSymmetricAlgorithm); + signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms; if (config.aeadProtect) { - signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([ + const aeadAlgorithms = createPreferredAlgos([ + enums.aead.gcm, enums.aead.eax, enums.aead.ocb ], config.preferredAEADAlgorithm); + signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => { + return symmetricAlgorithms.map(symmetricAlgorithm => { + return [symmetricAlgorithm, aeadAlgorithm]; + }); + }); } signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ // prefer fast asm.js implementations (SHA-256) enums.hash.sha256, - enums.hash.sha512 + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 ], config.preferredHashAlgorithm); signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ + enums.compression.uncompressed, enums.compression.zlib, - enums.compression.zip, - enums.compression.uncompressed + enums.compression.zip ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } // integrity protection always enabled signatureProperties.features = [0]; signatureProperties.features[0] |= enums.features.modificationDetection; if (config.aeadProtect) { - signatureProperties.features[0] |= enums.features.aead; - } - if (config.v5Keys) { - signatureProperties.features[0] |= enums.features.v5Keys; + signatureProperties.features[0] |= enums.features.seipdv2; } if (options.keyExpirationTime > 0) { signatureProperties.keyExpirationTime = options.keyExpirationTime; signatureProperties.keyNeverExpires = false; } + return signatureProperties; + } + + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; + + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; + + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } + + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certPositive; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; + } - const signaturePacket = await createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); return { userIDPacket, signaturePacket }; })).then(list => { @@ -29573,7 +19155,7 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf // Add revocation signature packet for creating a revocation certificate. // This packet should be removed before returning the key. const dataToSign = { key: secretKeyPacket }; - packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { + packetlist.push(await createSignaturePacket(dataToSign, [], secretKeyPacket, { signatureType: enums.signature.keyRevocation, reasonForRevocationFlag: enums.reasonForRevocation.noReason, reasonForRevocationString: '' @@ -29618,7 +19200,7 @@ async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { let input; if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); + const { type, data } = await unarmor(armoredKey); if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { throw new Error('Armored text not of type key'); } @@ -29627,7 +19209,12 @@ async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { input = binaryKey; } const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return createKey(packetlist); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]); + return createKey(firstKeyPacketList); } /** @@ -29655,7 +19242,7 @@ async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest let input; if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); + const { type, data } = await unarmor(armoredKey); if (!(type === enums.armor.privateKey)) { throw new Error('Armored text not of type private key'); } @@ -29664,7 +19251,15 @@ async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest input = binaryKey; } const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return new PrivateKey(packetlist); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } + const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + return new PrivateKey(firstPrivateKeyList); + } + throw new Error('No secret key packet found'); } /** @@ -29692,7 +19287,7 @@ async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); + const { type, data } = await unarmor(armoredKeys); if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { throw new Error('Armored text not of type key'); } @@ -29735,7 +19330,7 @@ async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); } if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); + const { type, data } = await unarmor(armoredKeys); if (type !== enums.armor.privateKey) { throw new Error('Armored text not of type private key'); } @@ -29743,19 +19338,38 @@ async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { } const keys = []; const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No secret key packet found'); - } + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); const newKey = new PrivateKey(oneKeyList); keys.push(newKey); } + if (keys.length === 0) { + throw new Error('No secret key packet found'); + } return keys; } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A Message can contain the following packets const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ @@ -29827,8 +19441,6 @@ class Message { * @async */ async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { - const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - const symEncryptedPacketlist = this.packets.filterByTag( enums.packet.symmetricallyEncryptedData, enums.packet.symEncryptedIntegrityProtectedData, @@ -29840,14 +19452,18 @@ class Message { } const symEncryptedPacket = symEncryptedPacketlist[0]; + const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm; + + const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config$1); + let exception = null; const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { - if (!util.isUint8Array(data) || !util.isString(algorithmName)) { + if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) { throw new Error('Invalid session key for decryption.'); } try { - const algo = enums.write(enums.symmetric, algorithmName); + const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName); await symEncryptedPacket.decrypt(algo, data, config$1); } catch (e) { util.printDebugError(e); @@ -29873,6 +19489,7 @@ class Message { * Decrypt encrypted session keys either with private keys or passwords. * @param {Array} [decryptionKeys] - Private keys with decrypted secret data * @param {Array} [passwords] - Passwords used to decrypt + * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable) * @param {Date} [date] - Use the given date for key verification, instead of current time * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise>} array of object with potential sessionKey, algorithm pairs * @async */ - async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config$1 = config) { + async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config$1 = config) { let decryptedSessionKeyPackets = []; let exception; @@ -29903,6 +19520,9 @@ class Message { decryptedSessionKeyPackets.push(skeskPacket); } catch (err) { util.printDebugError(err); + if (err instanceof Argon2OutOfMemoryError) { + exception = err; + } } })); })); @@ -29913,6 +19533,15 @@ class Message { } await Promise.all(pkeskPackets.map(async function(pkeskPacket) { await Promise.all(decryptionKeys.map(async function(decryptionKey) { + let decryptionKeyPackets; + try { + // do not check key expiration to allow decryption of old messages + decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); + } catch (err) { + exception = err; + return; + } + let algos = [ enums.symmetric.aes256, // Old OpenPGP.js default fallback enums.symmetric.aes128, // RFC4880bis fallback @@ -29920,18 +19549,13 @@ class Message { enums.symmetric.cast5 // Golang OpenPGP fallback ]; try { - const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config$1); // TODO: Pass userID from somewhere. - if (primaryUser.selfCertification.preferredSymmetricAlgorithms) { - algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms); + const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config$1); // TODO: Pass userID from somewhere. + if (selfCertification.preferredSymmetricAlgorithms) { + algos = algos.concat(selfCertification.preferredSymmetricAlgorithms); } } catch (e) {} - // do not check key expiration to allow decryption of old messages - const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { - if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) { - return; - } if (!decryptionKeyPacket.isDecrypted()) { throw new Error('Decryption key is not decrypted.'); } @@ -29956,7 +19580,11 @@ class Message { // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times - await Promise.all(Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => { + await Promise.all(( + expectedSymmetricAlgorithm ? + [expectedSymmetricAlgorithm] : + Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms) + ).map(async sessionKeyAlgorithm => { const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); pkeskPacketCopy.read(serialisedPKESK); const randomSessionKey = { @@ -29976,7 +19604,8 @@ class Message { } else { try { await pkeskPacket.decrypt(decryptionKeyPacket); - if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) { + const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm; + if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) { throw new Error('A non-preferred symmetric algorithm was used.'); } decryptedSessionKeyPackets.push(pkeskPacket); @@ -30010,7 +19639,7 @@ class Message { return decryptedSessionKeyPackets.map(packet => ({ data: packet.sessionKey, - algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm) + algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm) })); } throw exception || new Error('Session key decryption failed.'); @@ -30059,23 +19688,22 @@ class Message { * @async */ static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { - const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config$1); - const algorithmName = enums.read(enums.symmetric, algo); - const aeadAlgorithmName = config$1.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config$1) ? - enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config$1)) : - undefined; + const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config$1); + const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo); + const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined; await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() .catch(() => null) // ignore key strength requirements .then(maybeKey => { - if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { - throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); + if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) && + !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted + throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); } }) )); - const sessionKeyData = mod.generateSessionKey(algo); - return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName }; + const sessionKeyData = mod.generateSessionKey(symmetricAlgo); + return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName }; } /** @@ -30108,13 +19736,10 @@ class Message { const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); - let symEncryptedPacket; - if (aeadAlgorithmName) { - symEncryptedPacket = new AEADEncryptedDataPacket(); - symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName); - } else { - symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket(); - } + const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({ + version: aeadAlgorithmName ? 2 : 1, + aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null + }); symEncryptedPacket.packets = this.packets; const algorithm = enums.write(enums.symmetric, algorithmName); @@ -30142,17 +19767,21 @@ class Message { */ static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { const packetlist = new PacketList(); - const algorithm = enums.write(enums.symmetric, algorithmName); + const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName); const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); if (encryptionKeys) { const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket(); - pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID(); - pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm; - pkESKeyPacket.sessionKey = sessionKey; - pkESKeyPacket.sessionKeyAlgorithm = algorithm; + + const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({ + version: aeadAlgorithm ? 6 : 3, + encryptionKeyPacket: encryptionKey.keyPacket, + anonymousRecipient: wildcard, + sessionKey, + sessionKeyAlgorithm: symmetricAlgorithm + }); + await pkESKeyPacket.encrypt(encryptionKey.keyPacket); delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption return pkESKeyPacket; @@ -30191,7 +19820,7 @@ class Message { return symEncryptedSessionKeyPacket; }; - const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd))); + const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd))); packetlist.push(...results); } @@ -30201,16 +19830,18 @@ class Message { /** * Sign the message (the literal data packet of the message) * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from * @param {Signature} [signature] - Any existing detached signature to add to the message * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise} New message with signed content. * @async */ - async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { const packetlist = new PacketList(); const literalDataPacket = this.packets.findPacket(enums.packet.literalData); @@ -30218,49 +19849,14 @@ class Message { throw new Error('No literal data packet to sign.'); } - let i; - let existingSigPacketlist; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; - - if (signature) { - existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - for (i = existingSigPacketlist.length - 1; i >= 0; i--) { - const signaturePacket = existingSigPacketlist[i]; - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signaturePacket.signatureType; - onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; - onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; - onePassSig.issuerKeyID = signaturePacket.issuerKeyID; - if (!signingKeys.length && i === 0) { - onePassSig.flags = 1; - } - packetlist.push(onePassSig); - } - } - - await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; - const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config$1); - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signatureType; - onePassSig.hashAlgorithm = await getPreferredHashAlgo$2(primaryKey, signingKey.keyPacket, date, userIDs, config$1); - onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm; - onePassSig.issuerKeyID = signingKey.getKeyID(); - if (i === signingKeys.length - 1) { - onePassSig.flags = 1; - } - return onePassSig; - })).then(onePassSignatureList => { - onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig)); - }); + const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config$1); // this returns the existing signature packets as well + const onePassSignaturePackets = signaturePackets.map( + (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0)) + .reverse(); // innermost OPS refers to the first signature packet + packetlist.push(...onePassSignaturePackets); packetlist.push(literalDataPacket); - packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config$1))); + packetlist.push(...signaturePackets); return new Message(packetlist); } @@ -30289,21 +19885,23 @@ class Message { /** * Create a detached signature for the message (the literal data packet of the message) * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from * @param {Signature} [signature] - Any existing detached signature * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise} New detached signature of message content. * @async */ - async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { const literalDataPacket = this.packets.findPacket(enums.packet.literalData); if (!literalDataPacket) { throw new Error('No literal data packet to sign.'); } - return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); + return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config$1)); } /** @@ -30424,7 +20022,13 @@ class Message { * @returns {ReadableStream} ASCII armor. */ armor(config$1 = config) { - return armor(enums.armor.message, this.write(), null, null, null, config$1); + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config$1); } } @@ -30432,18 +20036,21 @@ class Message { * Create signature packets for the message * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing + * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from * @param {Signature} [signature] - Any existing detached signature to append * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] * @param {Date} [date] - Override the creationtime of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures * @param {Boolean} [detached] - Whether to create detached signature packets * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise} List of signature packets. * @async * @private */ -async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config$1 = config) { +async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config$1 = config) { const packetlist = new PacketList(); // If data packet was created from Uint8Array, use binary, otherwise use text @@ -30451,12 +20058,12 @@ async function createSignaturePackets(literalDataPacket, signingKeys, signature enums.signature.binary : enums.signature.text; await Promise.all(signingKeys.map(async (primaryKey, i) => { - const userID = userIDs[i]; + const signingUserID = signingUserIDs[i]; if (!primaryKey.isPrivate()) { throw new Error('Need private key for signing'); } - const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config$1); - return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config$1); + const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config$1); + return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config$1); })).then(signatureList => { packetlist.push(...signatureList); }); @@ -30597,12 +20204,8 @@ async function readMessage({ armoredMessage, binaryMessage, config: config$1, .. const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } if (armoredMessage) { - const { type, data } = await unarmor(input, config$1); + const { type, data } = await unarmor(input); if (type !== enums.armor.message) { throw new Error('Armored text not of type message'); } @@ -30627,7 +20230,7 @@ async function readMessage({ armoredMessage, binaryMessage, config: config$1, .. * @static */ async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { - let input = text !== undefined ? text : binary; + const input = text !== undefined ? text : binary; if (input === undefined) { throw new Error('createMessage: must pass options object containing `text` or `binary`'); } @@ -30640,10 +20243,6 @@ async function createMessage({ text, binary, filename, date = new Date(), format const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } const literalDataPacket = new LiteralDataPacket(date); if (text !== undefined) { literalDataPacket.setText(input, enums.write(enums.literal, format)); @@ -30661,9 +20260,25 @@ async function createMessage({ text, binary, filename, date = new Date(), format } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A Cleartext message can contain the following packets -const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); +const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); /** * Class that represents an OpenPGP cleartext signed message. @@ -30698,20 +20313,22 @@ class CleartextMessage { /** * Sign the cleartext message - * @param {Array} privateKeys - private keys with decrypted secret key data for signing + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from * @param {Signature} [signature] - Any existing detached signature * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] * @param {Date} [date] - The creation time of the signature that should be created - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {Promise} New cleartext message with signed content. * @async */ - async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { const literalDataPacket = new LiteralDataPacket(); literalDataPacket.setText(this.text); - const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); + const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config$1)); return new CleartextMessage(this.text, newSignature); } @@ -30750,16 +20367,22 @@ class CleartextMessage { * @returns {String | ReadableStream} ASCII armor. */ armor(config$1 = config) { - let hashes = this.signature.packets.map(function(packet) { - return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase(); - }); - hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; }); + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? + Array.from(new Set(this.signature.packets.map( + packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() + ))).join() : + null; + const body = { - hash: hashes.join(), + hash, text: this.text, data: this.signature.packets.write() }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config$1); + + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config$1); } } @@ -30786,8 +20409,8 @@ async function readCleartextMessage({ cleartextMessage, config: config$1, ...res if (input.type !== enums.armor.signed) { throw new Error('No cleartext signed message.'); } - const packetlist = await PacketList.fromBinary(input.data, allowedPackets$5, config$1); - verifyHeaders$1(input.headers, packetlist); + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config$1); + verifyHeaders(input.headers, packetlist); const signature = new Signature(packetlist); return new CleartextMessage(input.text, signature); } @@ -30798,7 +20421,7 @@ async function readCleartextMessage({ cleartextMessage, config: config$1, ...res * @param {PacketList} packetlist - The packetlist with signature packets * @private */ -function verifyHeaders$1(headers, packetlist) { +function verifyHeaders(headers, packetlist) { const checkHashAlgos = function(hashAlgos) { const check = packet => algo => packet.hashAlgorithm === algo; @@ -30810,30 +20433,27 @@ function verifyHeaders$1(headers, packetlist) { return true; }; - let oneHeader = null; - let hashAlgos = []; - headers.forEach(function(header) { - oneHeader = header.match(/^Hash: (.+)$/); // get header value - if (oneHeader) { - oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace - oneHeader = oneHeader.split(','); - oneHeader = oneHeader.map(function(hash) { - hash = hash.toLowerCase(); - try { - return enums.write(enums.hash, hash); - } catch (e) { - throw new Error('Unknown hash algorithm in armor header: ' + hash); - } - }); - hashAlgos = hashAlgos.concat(oneHeader); + const hashAlgos = []; + headers.forEach(header => { + const hashHeader = header.match(/^Hash: (.+)$/); // get header value + if (hashHeader) { + const parsedHashIDs = hashHeader[1] + .replace(/\s/g, '') // remove whitespace + .split(',') + .map(hashName => { + try { + return enums.write(enums.hash, hashName.toLowerCase()); + } catch (e) { + throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase()); + } + }); + hashAlgos.push(...parsedHashIDs); } else { throw new Error('Only "Hash" header allowed in cleartext signed message'); } }); - if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { - throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); - } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { + if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { throw new Error('Hash algorithm mismatch in armor header and signature'); } } @@ -30858,6 +20478,22 @@ async function createCleartextMessage({ text, ...rest }) { } // OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + ////////////////////// @@ -30868,15 +20504,17 @@ async function createCleartextMessage({ text, ...rest }) { /** - * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. + * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. * @param {Object} options * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA + * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys). + * Note: Curve448 and Curve25519 (new format) are not widely supported yet. * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys - * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: - * curve25519 (default), p256, p384, p521, secp256k1, + * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys: + * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1, * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires @@ -30889,13 +20527,20 @@ async function createCleartextMessage({ text, ...rest }) { * @async * @static */ -async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { +async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); + if (!type && !curve) { + type = config$1.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them) + curve = 'curve25519Legacy'; // unused with type != 'ecc' + } else { + type = type || 'ecc'; + curve = curve || 'curve25519Legacy'; + } + userIDs = toArray(userIDs); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key generation'); + if (userIDs.length === 0 && !config$1.v6Keys) { + throw new Error('UserIDs are required for V4 keys'); } if (type === 'rsa' && rsaBits < config$1.minRSABits) { throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); @@ -30904,7 +20549,7 @@ async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4 const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; try { - const { key, revocationCertificate } = await generate$4(options, config$1); + const { key, revocationCertificate } = await generate(options, config$1); key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); return { @@ -30935,11 +20580,11 @@ async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4 */ async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); + userIDs = toArray(userIDs); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key reformat'); + if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) { + throw new Error('UserIDs are required for V4 keys'); } const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; @@ -31098,11 +20743,11 @@ async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) * @async * @static */ -async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { +async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); checkMessage(message); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); signingKeys = toArray$1(signingKeys); passwords = toArray$1(passwords); - signingKeyIDs = toArray$1(signingKeyIDs); encryptionKeyIDs = toArray$1(encryptionKeyIDs); signingUserIDs = toArray$1(signingUserIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); signatureNotations = toArray$1(signatureNotations); + encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); + signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations); if (rest.detached) { throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); } @@ -31114,13 +20759,13 @@ async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sess if (!signingKeys) { signingKeys = []; } - const streaming = message.fromStream; + try { if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified - message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); + message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config$1); } message = message.compress( - await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config$1), + await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config$1), config$1 ); message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); @@ -31128,7 +20773,7 @@ async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sess // serialize data const armor = format === 'armored'; const data = armor ? message.armor(config$1) : message.write(); - return convertStream(data, streaming, armor ? 'utf8' : 'binary'); + return await convertStream(data); } catch (err) { throw util.wrapError('Error encrypting message', err); } @@ -31167,9 +20812,9 @@ async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sess * @async * @static */ -async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { +async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); verificationKeys = toArray$1(verificationKeys); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); sessionKeys = toArray$1(sessionKeys); + checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); @@ -31199,7 +20844,7 @@ async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, veri }) ]); } - result.data = await convertStream(result.data, message.fromStream, format); + result.data = await convertStream(result.data); return result; } catch (err) { throw util.wrapError('Error decrypting message', err); @@ -31219,21 +20864,23 @@ async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, veri * @param {Object} options * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext + * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] * @param {Date} [options.date=current date] - Override the creation date of the signature * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys` * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). * @async * @static */ -async function sign$6({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { +async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); checkCleartextOrMessage(message); checkOutputMessageFormat(format); - signingKeys = toArray$1(signingKeys); signingKeyIDs = toArray$1(signingKeyIDs); signingUserIDs = toArray$1(signingUserIDs); signatureNotations = toArray$1(signatureNotations); + signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations); if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); @@ -31249,9 +20896,9 @@ async function sign$6({ message, signingKeys, format = 'armored', detached = fal try { let signature; if (detached) { - signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); + signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); } else { - signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); + signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); } if (format === 'object') return signature; @@ -31265,7 +20912,7 @@ async function sign$6({ message, signingKeys, format = 'armored', detached = fal ]); }); } - return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); + return await convertStream(signature); } catch (err) { throw util.wrapError('Error signing message', err); } @@ -31299,9 +20946,9 @@ async function sign$6({ message, signingKeys, format = 'armored', detached = fal * @async * @static */ -async function verify$6({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { +async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); verificationKeys = toArray$1(verificationKeys); + checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys); if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); @@ -31328,7 +20975,7 @@ async function verify$6({ message, verificationKeys, expectSigned = false, forma }) ]); } - result.data = await convertStream(result.data, message.fromStream, format); + result.data = await convertStream(result.data); return result; } catch (err) { throw util.wrapError('Error verifying signed message', err); @@ -31353,9 +21000,9 @@ async function verify$6({ message, verificationKeys, expectSigned = false, forma * @async * @static */ -async function generateSessionKey$1({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { +async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - encryptionKeys = toArray$1(encryptionKeys); encryptionUserIDs = toArray$1(encryptionUserIDs); + encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs); if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); @@ -31389,7 +21036,7 @@ async function generateSessionKey$1({ encryptionKeys, date = new Date(), encrypt async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); passwords = toArray$1(passwords); encryptionKeyIDs = toArray$1(encryptionKeyIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); + encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs); if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); @@ -31422,12 +21069,12 @@ async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKey */ async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); + checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); try { - const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config$1); + const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config$1); return sessionKeys; } catch (err) { throw util.wrapError('Error decrypting session keys', err); @@ -31448,12 +21095,12 @@ async function decryptSessionKeys({ message, decryptionKeys, passwords, date = n */ function checkString(data, name) { if (!util.isString(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type String'); + throw new Error('Parameter [' + (name) + '] must be of type String'); } } function checkBinary(data, name) { if (!util.isUint8Array(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array'); + throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array'); } } function checkMessage(message) { @@ -31489,7 +21136,7 @@ function checkConfig(config$1) { * @returns {Array|undefined} The resulting array or undefined. * @private */ -function toArray$1(param) { +function toArray(param) { if (param && !util.isArray(param)) { param = [param]; } @@ -31499,25 +21146,15 @@ function toArray$1(param) { /** * Convert data to or from Stream * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams * @returns {Promise} The data in the respective format. * @async * @private */ -async function convertStream(data, streaming, encoding = 'utf8') { +async function convertStream(data) { const streamType = util.isStream(data); if (streamType === 'array') { return readToEnd(data); } - if (streaming === 'node') { - data = webToNode(data); - if (encoding !== 'binary') data.setEncoding(encoding); - return data; - } - if (streaming === 'web' && streamType === 'ponyfill') { - return toNativeReadable(data); - } return data; } @@ -31565,4 +21202,4 @@ function formatObject(object, format, config) { } } -export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, _224 as _, commonjsGlobal as a, armor, common$1 as b, createCommonjsModule as c, config, createCleartextMessage, createMessage, common as d, decrypt$5 as decrypt, decryptKey, decryptSessionKeys, _256 as e, encrypt$5 as encrypt, encryptKey, encryptSessionKey, enums, _384 as f, _512 as g, generateKey, generateSessionKey$1 as generateSessionKey, inherits_browser as i, minimalisticAssert as m, ripemd as r, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$6 as sign, utils as u, unarmor, verify$6 as verify }; +export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PaddingPacket, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt, decryptKey, decryptSessionKeys, encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign, unarmor, verify }; diff --git a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs b/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs deleted file mode 100644 index 7d3d0e7b1..000000000 --- a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs +++ /dev/null @@ -1,3 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;const e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol:e=>`Symbol(${e})`;function t(){}const r="undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0;function o(e){return"object"==typeof e&&null!==e||"function"==typeof e}const n=t,i=Promise,a=Promise.prototype.then,s=Promise.resolve.bind(i),l=Promise.reject.bind(i);function u(e){return new i(e)}function c(e){return s(e)}function d(e){return l(e)}function f(e,t,r){return a.call(e,t,r)}function h(e,t,r){f(f(e,t,r),void 0,n)}function _(e,t){h(e,t)}function b(e,t){h(e,void 0,t)}function p(e,t,r){return f(e,t,r)}function m(e){f(e,void 0,n)}const y=(()=>{const e=r&&r.queueMicrotask;if("function"==typeof e)return e;const t=c(void 0);return e=>f(t,e)})();function g(e,t,r){if("function"!=typeof e)throw new TypeError("Argument is not a function");return Function.prototype.apply.call(e,t,r)}function w(e,t,r){try{return c(g(e,t,r))}catch(e){return d(e)}}class v{constructor(){this._cursor=0,this._size=0,this._front={_elements:[],_next:void 0},this._back=this._front,this._cursor=0,this._size=0}get length(){return this._size}push(e){const t=this._back;let r=t;16383===t._elements.length&&(r={_elements:[],_next:void 0}),t._elements.push(e),r!==t&&(this._back=r,t._next=r),++this._size}shift(){const e=this._front;let t=e;const r=this._cursor;let o=r+1;const n=e._elements,i=n[r];return 16384===o&&(t=e._next,o=0),--this._size,this._cursor=o,e!==t&&(this._front=t),n[r]=void 0,i}forEach(e){let t=this._cursor,r=this._front,o=r._elements;for(;!(t===o.length&&void 0===r._next||t===o.length&&(r=r._next,o=r._elements,t=0,0===o.length));)e(o[t]),++t}peek(){const e=this._front,t=this._cursor;return e._elements[t]}}function S(e,t){e._ownerReadableStream=t,t._reader=e,"readable"===t._state?q(e):"closed"===t._state?function(e){q(e),k(e)}(e):E(e,t._storedError)}function R(e,t){return ar(e._ownerReadableStream,t)}function T(e){"readable"===e._ownerReadableStream._state?C(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")):function(e,t){E(e,t)}(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")),e._ownerReadableStream._reader=void 0,e._ownerReadableStream=void 0}function P(e){return new TypeError("Cannot "+e+" a stream using a released reader")}function q(e){e._closedPromise=u(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r}))}function E(e,t){q(e),C(e,t)}function C(e,t){void 0!==e._closedPromise_reject&&(m(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}function k(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}const O=e("[[AbortSteps]]"),j=e("[[ErrorSteps]]"),W=e("[[CancelSteps]]"),A=e("[[PullSteps]]"),z=Number.isFinite||function(e){return"number"==typeof e&&isFinite(e)},F=Math.trunc||function(e){return e<0?Math.ceil(e):Math.floor(e)};function B(e,t){if(void 0!==e&&("object"!=typeof(r=e)&&"function"!=typeof r))throw new TypeError(t+" is not an object.");var r}function I(e,t){if("function"!=typeof e)throw new TypeError(t+" is not a function.")}function L(e,t){if(!function(e){return"object"==typeof e&&null!==e||"function"==typeof e}(e))throw new TypeError(t+" is not an object.")}function M(e,t,r){if(void 0===e)throw new TypeError(`Parameter ${t} is required in '${r}'.`)}function $(e,t,r){if(void 0===e)throw new TypeError(`${t} is required in '${r}'.`)}function D(e){return Number(e)}function x(e){return 0===e?0:e}function N(e,t){const r=Number.MAX_SAFE_INTEGER;let o=Number(e);if(o=x(o),!z(o))throw new TypeError(t+" is not a finite number");if(o=function(e){return x(F(e))}(o),o<0||o>r)throw new TypeError(`${t} is outside the accepted range of 0 to ${r}, inclusive`);return z(o)&&0!==o?o:0}function Q(e,t){if(!nr(e))throw new TypeError(t+" is not a ReadableStream.")}function H(e){return new X(e)}function Y(e,t){e._reader._readRequests.push(t)}function V(e,t,r){const o=e._reader._readRequests.shift();r?o._closeSteps():o._chunkSteps(t)}function U(e){return e._reader._readRequests.length}function G(e){const t=e._reader;return void 0!==t&&!!J(t)}class X{constructor(e){if(M(e,1,"ReadableStreamDefaultReader"),Q(e,"First parameter"),ir(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");S(this,e),this._readRequests=new v}get closed(){return J(this)?this._closedPromise:d(Z("closed"))}cancel(e=undefined){return J(this)?void 0===this._ownerReadableStream?d(P("cancel")):R(this,e):d(Z("cancel"))}read(){if(!J(this))return d(Z("read"));if(void 0===this._ownerReadableStream)return d(P("read from"));let e,t;const r=u(((r,o)=>{e=r,t=o}));return K(this,{_chunkSteps:t=>e({value:t,done:!1}),_closeSteps:()=>e({value:void 0,done:!0}),_errorSteps:e=>t(e)}),r}releaseLock(){if(!J(this))throw Z("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");T(this)}}}function J(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readRequests")}function K(e,t){const r=e._ownerReadableStream;r._disturbed=!0,"closed"===r._state?t._closeSteps():"errored"===r._state?t._errorSteps(r._storedError):r._readableStreamController[A](t)}function Z(e){return new TypeError(`ReadableStreamDefaultReader.prototype.${e} can only be used on a ReadableStreamDefaultReader`)}let ee;Object.defineProperties(X.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(X.prototype,e.toStringTag,{value:"ReadableStreamDefaultReader",configurable:!0}),"symbol"==typeof e.asyncIterator&&(ee={[e.asyncIterator](){return this}},Object.defineProperty(ee,e.asyncIterator,{enumerable:!1}));class te{constructor(e,t){this._ongoingPromise=void 0,this._isFinished=!1,this._reader=e,this._preventCancel=t}next(){const e=()=>this._nextSteps();return this._ongoingPromise=this._ongoingPromise?p(this._ongoingPromise,e,e):e(),this._ongoingPromise}return(e){const t=()=>this._returnSteps(e);return this._ongoingPromise?p(this._ongoingPromise,t,t):t()}_nextSteps(){if(this._isFinished)return Promise.resolve({value:void 0,done:!0});const e=this._reader;if(void 0===e._ownerReadableStream)return d(P("iterate"));let t,r;const o=u(((e,o)=>{t=e,r=o}));return K(e,{_chunkSteps:e=>{this._ongoingPromise=void 0,y((()=>t({value:e,done:!1})))},_closeSteps:()=>{this._ongoingPromise=void 0,this._isFinished=!0,T(e),t({value:void 0,done:!0})},_errorSteps:t=>{this._ongoingPromise=void 0,this._isFinished=!0,T(e),r(t)}}),o}_returnSteps(e){if(this._isFinished)return Promise.resolve({value:e,done:!0});this._isFinished=!0;const t=this._reader;if(void 0===t._ownerReadableStream)return d(P("finish iterating"));if(!this._preventCancel){const r=R(t,e);return T(t),p(r,(()=>({value:e,done:!0})))}return T(t),c({value:e,done:!0})}}const re={next(){return oe(this)?this._asyncIteratorImpl.next():d(ne("next"))},return(e){return oe(this)?this._asyncIteratorImpl.return(e):d(ne("return"))}};function oe(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_asyncIteratorImpl")}function ne(e){return new TypeError(`ReadableStreamAsyncIterator.${e} can only be used on a ReadableSteamAsyncIterator`)}void 0!==ee&&Object.setPrototypeOf(re,ee);const ie=Number.isNaN||function(e){return e!=e};function ae(e){return!!function(e){if("number"!=typeof e)return!1;if(ie(e))return!1;if(e<0)return!1;return!0}(e)&&e!==1/0}function se(e){const t=e._queue.shift();return e._queueTotalSize-=t.size,e._queueTotalSize<0&&(e._queueTotalSize=0),t.value}function le(e,t,r){if(!ae(r=Number(r)))throw new RangeError("Size must be a finite, non-NaN, non-negative number.");e._queue.push({value:t,size:r}),e._queueTotalSize+=r}function ue(e){e._queue=new v,e._queueTotalSize=0}function ce(e){return e.slice()}class de{constructor(){throw new TypeError("Illegal constructor")}get view(){if(!_e(this))throw Oe("view");return this._view}respond(e){if(!_e(this))throw Oe("respond");if(M(e,1,"respond"),e=N(e,"First parameter"),void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");this._view.buffer,function(e,t){if(t=Number(t),!ae(t))throw new RangeError("bytesWritten must be a finite");Te(e,t)}(this._associatedReadableByteStreamController,e)}respondWithNewView(e){if(!_e(this))throw Oe("respondWithNewView");if(M(e,1,"respondWithNewView"),!ArrayBuffer.isView(e))throw new TypeError("You can only respond with array buffer views");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");!function(e,t){const r=e._pendingPullIntos.peek();if(r.byteOffset+r.bytesFilled!==t.byteOffset)throw new RangeError("The region specified by view does not match byobRequest");if(r.byteLength!==t.byteLength)throw new RangeError("The buffer of view has different capacity than byobRequest");r.buffer=t.buffer,Te(e,t.byteLength)}(this._associatedReadableByteStreamController,e)}}Object.defineProperties(de.prototype,{respond:{enumerable:!0},respondWithNewView:{enumerable:!0},view:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(de.prototype,e.toStringTag,{value:"ReadableStreamBYOBRequest",configurable:!0});class fe{constructor(){throw new TypeError("Illegal constructor")}get byobRequest(){if(!he(this))throw je("byobRequest");if(null===this._byobRequest&&this._pendingPullIntos.length>0){const e=this._pendingPullIntos.peek(),t=new Uint8Array(e.buffer,e.byteOffset+e.bytesFilled,e.byteLength-e.bytesFilled),r=Object.create(de.prototype);!function(e,t,r){e._associatedReadableByteStreamController=t,e._view=r}(r,this,t),this._byobRequest=r}return this._byobRequest}get desiredSize(){if(!he(this))throw je("desiredSize");return Ce(this)}close(){if(!he(this))throw je("close");if(this._closeRequested)throw new TypeError("The stream has already been closed; do not close it again!");const e=this._controlledReadableByteStream._state;if("readable"!==e)throw new TypeError(`The stream (in ${e} state) is not in the readable state and cannot be closed`);!function(e){const t=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==t._state)return;if(e._queueTotalSize>0)return void(e._closeRequested=!0);if(e._pendingPullIntos.length>0){if(e._pendingPullIntos.peek().bytesFilled>0){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");throw Ee(e,t),t}}qe(e),sr(t)}(this)}enqueue(e){if(!he(this))throw je("enqueue");if(M(e,1,"enqueue"),!ArrayBuffer.isView(e))throw new TypeError("chunk must be an array buffer view");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(this._closeRequested)throw new TypeError("stream is closed or draining");const t=this._controlledReadableByteStream._state;if("readable"!==t)throw new TypeError(`The stream (in ${t} state) is not in the readable state and cannot be enqueued to`);!function(e,t){const r=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==r._state)return;const o=t.buffer,n=t.byteOffset,i=t.byteLength,a=o;if(G(r))if(0===U(r))ye(e,a,n,i);else{V(r,new Uint8Array(a,n,i),!1)}else ze(r)?(ye(e,a,n,i),Re(e)):ye(e,a,n,i);be(e)}(this,e)}error(e=undefined){if(!he(this))throw je("error");Ee(this,e)}[W](e){if(this._pendingPullIntos.length>0){this._pendingPullIntos.peek().bytesFilled=0}ue(this);const t=this._cancelAlgorithm(e);return qe(this),t}[A](e){const t=this._controlledReadableByteStream;if(this._queueTotalSize>0){const t=this._queue.shift();this._queueTotalSize-=t.byteLength,ve(this);const r=new Uint8Array(t.buffer,t.byteOffset,t.byteLength);return void e._chunkSteps(r)}const r=this._autoAllocateChunkSize;if(void 0!==r){let t;try{t=new ArrayBuffer(r)}catch(t){return void e._errorSteps(t)}const o={buffer:t,byteOffset:0,byteLength:r,bytesFilled:0,elementSize:1,viewConstructor:Uint8Array,readerType:"default"};this._pendingPullIntos.push(o)}Y(t,e),be(this)}}function he(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableByteStream")}function _e(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_associatedReadableByteStreamController")}function be(e){const t=function(e){const t=e._controlledReadableByteStream;if("readable"!==t._state)return!1;if(e._closeRequested)return!1;if(!e._started)return!1;if(G(t)&&U(t)>0)return!0;if(ze(t)&&Ae(t)>0)return!0;const r=Ce(e);if(r>0)return!0;return!1}(e);if(!t)return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;h(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,be(e))}),(t=>{Ee(e,t)}))}function pe(e,t){let r=!1;"closed"===e._state&&(r=!0);const o=me(t);"default"===t.readerType?V(e,o,r):function(e,t,r){const o=e._reader,n=o._readIntoRequests.shift();r?n._closeSteps(t):n._chunkSteps(t)}(e,o,r)}function me(e){const t=e.bytesFilled,r=e.elementSize;return new e.viewConstructor(e.buffer,e.byteOffset,t/r)}function ye(e,t,r,o){e._queue.push({buffer:t,byteOffset:r,byteLength:o}),e._queueTotalSize+=o}function ge(e,t){const r=t.elementSize,o=t.bytesFilled-t.bytesFilled%r,n=Math.min(e._queueTotalSize,t.byteLength-t.bytesFilled),i=t.bytesFilled+n,a=i-i%r;let s=n,l=!1;a>o&&(s=a-t.bytesFilled,l=!0);const u=e._queue;for(;s>0;){const r=u.peek(),o=Math.min(s,r.byteLength),n=t.byteOffset+t.bytesFilled;c=t.buffer,d=n,f=r.buffer,h=r.byteOffset,_=o,new Uint8Array(c).set(new Uint8Array(f,h,_),d),r.byteLength===o?u.shift():(r.byteOffset+=o,r.byteLength-=o),e._queueTotalSize-=o,we(e,o,t),s-=o}var c,d,f,h,_;return l}function we(e,t,r){Se(e),r.bytesFilled+=t}function ve(e){0===e._queueTotalSize&&e._closeRequested?(qe(e),sr(e._controlledReadableByteStream)):be(e)}function Se(e){null!==e._byobRequest&&(e._byobRequest._associatedReadableByteStreamController=void 0,e._byobRequest._view=null,e._byobRequest=null)}function Re(e){for(;e._pendingPullIntos.length>0;){if(0===e._queueTotalSize)return;const t=e._pendingPullIntos.peek();ge(e,t)&&(Pe(e),pe(e._controlledReadableByteStream,t))}}function Te(e,t){const r=e._pendingPullIntos.peek();if("closed"===e._controlledReadableByteStream._state){if(0!==t)throw new TypeError("bytesWritten must be 0 when calling respond() on a closed stream");!function(e,t){t.buffer=t.buffer;const r=e._controlledReadableByteStream;if(ze(r))for(;Ae(r)>0;)pe(r,Pe(e))}(e,r)}else!function(e,t,r){if(r.bytesFilled+t>r.byteLength)throw new RangeError("bytesWritten out of range");if(we(e,t,r),r.bytesFilled0){const t=r.byteOffset+r.bytesFilled,n=r.buffer.slice(t-o,t);ye(e,n,0,n.byteLength)}r.buffer=r.buffer,r.bytesFilled-=o,pe(e._controlledReadableByteStream,r),Re(e)}(e,t,r);be(e)}function Pe(e){const t=e._pendingPullIntos.shift();return Se(e),t}function qe(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0}function Ee(e,t){const r=e._controlledReadableByteStream;"readable"===r._state&&(!function(e){Se(e),e._pendingPullIntos=new v}(e),ue(e),qe(e),lr(r,t))}function Ce(e){const t=e._controlledReadableByteStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function ke(e,t,r){const o=Object.create(fe.prototype);let n=()=>{},i=()=>c(void 0),a=()=>c(void 0);void 0!==t.start&&(n=()=>t.start(o)),void 0!==t.pull&&(i=()=>t.pull(o)),void 0!==t.cancel&&(a=e=>t.cancel(e));const s=t.autoAllocateChunkSize;if(0===s)throw new TypeError("autoAllocateChunkSize must be greater than 0");!function(e,t,r,o,n,i,a){t._controlledReadableByteStream=e,t._pullAgain=!1,t._pulling=!1,t._byobRequest=null,t._queue=t._queueTotalSize=void 0,ue(t),t._closeRequested=!1,t._started=!1,t._strategyHWM=i,t._pullAlgorithm=o,t._cancelAlgorithm=n,t._autoAllocateChunkSize=a,t._pendingPullIntos=new v,e._readableStreamController=t,h(c(r()),(()=>{t._started=!0,be(t)}),(e=>{Ee(t,e)}))}(e,o,n,i,a,r,s)}function Oe(e){return new TypeError(`ReadableStreamBYOBRequest.prototype.${e} can only be used on a ReadableStreamBYOBRequest`)}function je(e){return new TypeError(`ReadableByteStreamController.prototype.${e} can only be used on a ReadableByteStreamController`)}function We(e,t){e._reader._readIntoRequests.push(t)}function Ae(e){return e._reader._readIntoRequests.length}function ze(e){const t=e._reader;return void 0!==t&&!!Be(t)}Object.defineProperties(fe.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},byobRequest:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(fe.prototype,e.toStringTag,{value:"ReadableByteStreamController",configurable:!0});class Fe{constructor(e){if(M(e,1,"ReadableStreamBYOBReader"),Q(e,"First parameter"),ir(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");if(!he(e._readableStreamController))throw new TypeError("Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte source");S(this,e),this._readIntoRequests=new v}get closed(){return Be(this)?this._closedPromise:d(Ie("closed"))}cancel(e=undefined){return Be(this)?void 0===this._ownerReadableStream?d(P("cancel")):R(this,e):d(Ie("cancel"))}read(e){if(!Be(this))return d(Ie("read"));if(!ArrayBuffer.isView(e))return d(new TypeError("view must be an array buffer view"));if(0===e.byteLength)return d(new TypeError("view must have non-zero byteLength"));if(0===e.buffer.byteLength)return d(new TypeError("view's buffer must have non-zero byteLength"));if(void 0===this._ownerReadableStream)return d(P("read from"));let t,r;const o=u(((e,o)=>{t=e,r=o}));return function(e,t,r){const o=e._ownerReadableStream;o._disturbed=!0,"errored"===o._state?r._errorSteps(o._storedError):function(e,t,r){const o=e._controlledReadableByteStream;let n=1;t.constructor!==DataView&&(n=t.constructor.BYTES_PER_ELEMENT);const i=t.constructor,a={buffer:t.buffer,byteOffset:t.byteOffset,byteLength:t.byteLength,bytesFilled:0,elementSize:n,viewConstructor:i,readerType:"byob"};if(e._pendingPullIntos.length>0)return e._pendingPullIntos.push(a),void We(o,r);if("closed"!==o._state){if(e._queueTotalSize>0){if(ge(e,a)){const t=me(a);return ve(e),void r._chunkSteps(t)}if(e._closeRequested){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");return Ee(e,t),void r._errorSteps(t)}}e._pendingPullIntos.push(a),We(o,r),be(e)}else{const e=new i(a.buffer,a.byteOffset,0);r._closeSteps(e)}}(o._readableStreamController,t,r)}(this,e,{_chunkSteps:e=>t({value:e,done:!1}),_closeSteps:e=>t({value:e,done:!0}),_errorSteps:e=>r(e)}),o}releaseLock(){if(!Be(this))throw Ie("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readIntoRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");T(this)}}}function Be(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readIntoRequests")}function Ie(e){return new TypeError(`ReadableStreamBYOBReader.prototype.${e} can only be used on a ReadableStreamBYOBReader`)}function Le(e,t){const{highWaterMark:r}=e;if(void 0===r)return t;if(ie(r)||r<0)throw new RangeError("Invalid highWaterMark");return r}function Me(e){const{size:t}=e;return t||(()=>1)}function $e(e,t){B(e,t);const r=null==e?void 0:e.highWaterMark,o=null==e?void 0:e.size;return{highWaterMark:void 0===r?void 0:D(r),size:void 0===o?void 0:De(o,t+" has member 'size' that")}}function De(e,t){return I(e,t),t=>D(e(t))}function xe(e,t,r){return I(e,r),r=>w(e,t,[r])}function Ne(e,t,r){return I(e,r),()=>w(e,t,[])}function Qe(e,t,r){return I(e,r),r=>g(e,t,[r])}function He(e,t,r){return I(e,r),(r,o)=>w(e,t,[r,o])}function Ye(e,t){if(!Xe(e))throw new TypeError(t+" is not a WritableStream.")}Object.defineProperties(Fe.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(Fe.prototype,e.toStringTag,{value:"ReadableStreamBYOBReader",configurable:!0});class Ve{constructor(e={},t={}){void 0===e?e=null:L(e,"First parameter");const r=$e(t,"Second parameter"),o=function(e,t){B(e,t);const r=null==e?void 0:e.abort,o=null==e?void 0:e.close,n=null==e?void 0:e.start,i=null==e?void 0:e.type,a=null==e?void 0:e.write;return{abort:void 0===r?void 0:xe(r,e,t+" has member 'abort' that"),close:void 0===o?void 0:Ne(o,e,t+" has member 'close' that"),start:void 0===n?void 0:Qe(n,e,t+" has member 'start' that"),write:void 0===a?void 0:He(a,e,t+" has member 'write' that"),type:i}}(e,"First parameter");Ge(this);if(void 0!==o.type)throw new RangeError("Invalid type is specified");const n=Me(r);!function(e,t,r,o){const n=Object.create(_t.prototype);let i=()=>{},a=()=>c(void 0),s=()=>c(void 0),l=()=>c(void 0);void 0!==t.start&&(i=()=>t.start(n));void 0!==t.write&&(a=e=>t.write(e,n));void 0!==t.close&&(s=()=>t.close());void 0!==t.abort&&(l=e=>t.abort(e));bt(e,n,i,a,s,l,r,o)}(this,o,Le(r,1),n)}get locked(){if(!Xe(this))throw St("locked");return Je(this)}abort(e=undefined){return Xe(this)?Je(this)?d(new TypeError("Cannot abort a stream that already has a writer")):Ke(this,e):d(St("abort"))}close(){return Xe(this)?Je(this)?d(new TypeError("Cannot close a stream that already has a writer")):ot(this)?d(new TypeError("Cannot close an already-closing stream")):Ze(this):d(St("close"))}getWriter(){if(!Xe(this))throw St("getWriter");return Ue(this)}}function Ue(e){return new at(e)}function Ge(e){e._state="writable",e._storedError=void 0,e._writer=void 0,e._writableStreamController=void 0,e._writeRequests=new v,e._inFlightWriteRequest=void 0,e._closeRequest=void 0,e._inFlightCloseRequest=void 0,e._pendingAbortRequest=void 0,e._backpressure=!1}function Xe(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_writableStreamController")}function Je(e){return void 0!==e._writer}function Ke(e,t){const r=e._state;if("closed"===r||"errored"===r)return c(void 0);if(void 0!==e._pendingAbortRequest)return e._pendingAbortRequest._promise;let o=!1;"erroring"===r&&(o=!0,t=void 0);const n=u(((r,n)=>{e._pendingAbortRequest={_promise:void 0,_resolve:r,_reject:n,_reason:t,_wasAlreadyErroring:o}}));return e._pendingAbortRequest._promise=n,o||tt(e,t),n}function Ze(e){const t=e._state;if("closed"===t||"errored"===t)return d(new TypeError(`The stream (in ${t} state) is not in the writable state and cannot be closed`));const r=u(((t,r)=>{const o={_resolve:t,_reject:r};e._closeRequest=o})),o=e._writer;var n;return void 0!==o&&e._backpressure&&"writable"===t&&At(o),le(n=e._writableStreamController,ht,0),yt(n),r}function et(e,t){"writable"!==e._state?rt(e):tt(e,t)}function tt(e,t){const r=e._writableStreamController;e._state="erroring",e._storedError=t;const o=e._writer;void 0!==o&&ct(o,t),!function(e){if(void 0===e._inFlightWriteRequest&&void 0===e._inFlightCloseRequest)return!1;return!0}(e)&&r._started&&rt(e)}function rt(e){e._state="errored",e._writableStreamController[j]();const t=e._storedError;if(e._writeRequests.forEach((e=>{e._reject(t)})),e._writeRequests=new v,void 0===e._pendingAbortRequest)return void nt(e);const r=e._pendingAbortRequest;if(e._pendingAbortRequest=void 0,r._wasAlreadyErroring)return r._reject(t),void nt(e);h(e._writableStreamController[O](r._reason),(()=>{r._resolve(),nt(e)}),(t=>{r._reject(t),nt(e)}))}function ot(e){return void 0!==e._closeRequest||void 0!==e._inFlightCloseRequest}function nt(e){void 0!==e._closeRequest&&(e._closeRequest._reject(e._storedError),e._closeRequest=void 0);const t=e._writer;void 0!==t&&Et(t,e._storedError)}function it(e,t){const r=e._writer;void 0!==r&&t!==e._backpressure&&(t?function(e){kt(e)}(r):At(r)),e._backpressure=t}Object.defineProperties(Ve.prototype,{abort:{enumerable:!0},close:{enumerable:!0},getWriter:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(Ve.prototype,e.toStringTag,{value:"WritableStream",configurable:!0});class at{constructor(e){if(M(e,1,"WritableStreamDefaultWriter"),Ye(e,"First parameter"),Je(e))throw new TypeError("This stream has already been locked for exclusive writing by another writer");this._ownerWritableStream=e,e._writer=this;const t=e._state;if("writable"===t)!ot(e)&&e._backpressure?kt(this):jt(this),Pt(this);else if("erroring"===t)Ot(this,e._storedError),Pt(this);else if("closed"===t)jt(this),Pt(r=this),Ct(r);else{const t=e._storedError;Ot(this,t),qt(this,t)}var r}get closed(){return st(this)?this._closedPromise:d(Rt("closed"))}get desiredSize(){if(!st(this))throw Rt("desiredSize");if(void 0===this._ownerWritableStream)throw Tt("desiredSize");return function(e){const t=e._ownerWritableStream,r=t._state;if("errored"===r||"erroring"===r)return null;if("closed"===r)return 0;return mt(t._writableStreamController)}(this)}get ready(){return st(this)?this._readyPromise:d(Rt("ready"))}abort(e=undefined){return st(this)?void 0===this._ownerWritableStream?d(Tt("abort")):function(e,t){return Ke(e._ownerWritableStream,t)}(this,e):d(Rt("abort"))}close(){if(!st(this))return d(Rt("close"));const e=this._ownerWritableStream;return void 0===e?d(Tt("close")):ot(e)?d(new TypeError("Cannot close an already-closing stream")):lt(this)}releaseLock(){if(!st(this))throw Rt("releaseLock");void 0!==this._ownerWritableStream&&dt(this)}write(e=undefined){return st(this)?void 0===this._ownerWritableStream?d(Tt("write to")):ft(this,e):d(Rt("write"))}}function st(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_ownerWritableStream")}function lt(e){return Ze(e._ownerWritableStream)}function ut(e,t){"pending"===e._closedPromiseState?Et(e,t):function(e,t){qt(e,t)}(e,t)}function ct(e,t){"pending"===e._readyPromiseState?Wt(e,t):function(e,t){Ot(e,t)}(e,t)}function dt(e){const t=e._ownerWritableStream,r=new TypeError("Writer was released and can no longer be used to monitor the stream's closedness");ct(e,r),ut(e,r),t._writer=void 0,e._ownerWritableStream=void 0}function ft(e,t){const r=e._ownerWritableStream,o=r._writableStreamController,n=function(e,t){try{return e._strategySizeAlgorithm(t)}catch(t){return gt(e,t),1}}(o,t);if(r!==e._ownerWritableStream)return d(Tt("write to"));const i=r._state;if("errored"===i)return d(r._storedError);if(ot(r)||"closed"===i)return d(new TypeError("The stream is closing or closed and cannot be written to"));if("erroring"===i)return d(r._storedError);const a=function(e){return u(((t,r)=>{const o={_resolve:t,_reject:r};e._writeRequests.push(o)}))}(r);return function(e,t,r){try{le(e,t,r)}catch(t){return void gt(e,t)}const o=e._controlledWritableStream;if(!ot(o)&&"writable"===o._state){it(o,wt(e))}yt(e)}(o,t,n),a}Object.defineProperties(at.prototype,{abort:{enumerable:!0},close:{enumerable:!0},releaseLock:{enumerable:!0},write:{enumerable:!0},closed:{enumerable:!0},desiredSize:{enumerable:!0},ready:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(at.prototype,e.toStringTag,{value:"WritableStreamDefaultWriter",configurable:!0});const ht={};class _t{constructor(){throw new TypeError("Illegal constructor")}error(e=undefined){if(!function(e){if(!o(e))return!1;if(!Object.prototype.hasOwnProperty.call(e,"_controlledWritableStream"))return!1;return!0}(this))throw new TypeError("WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController");"writable"===this._controlledWritableStream._state&&vt(this,e)}[O](e){const t=this._abortAlgorithm(e);return pt(this),t}[j](){ue(this)}}function bt(e,t,r,o,n,i,a,s){t._controlledWritableStream=e,e._writableStreamController=t,t._queue=void 0,t._queueTotalSize=void 0,ue(t),t._started=!1,t._strategySizeAlgorithm=s,t._strategyHWM=a,t._writeAlgorithm=o,t._closeAlgorithm=n,t._abortAlgorithm=i;const l=wt(t);it(e,l);h(c(r()),(()=>{t._started=!0,yt(t)}),(r=>{t._started=!0,et(e,r)}))}function pt(e){e._writeAlgorithm=void 0,e._closeAlgorithm=void 0,e._abortAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function mt(e){return e._strategyHWM-e._queueTotalSize}function yt(e){const t=e._controlledWritableStream;if(!e._started)return;if(void 0!==t._inFlightWriteRequest)return;if("erroring"===t._state)return void rt(t);if(0===e._queue.length)return;const r=e._queue.peek().value;r===ht?function(e){const t=e._controlledWritableStream;(function(e){e._inFlightCloseRequest=e._closeRequest,e._closeRequest=void 0})(t),se(e);const r=e._closeAlgorithm();pt(e),h(r,(()=>{!function(e){e._inFlightCloseRequest._resolve(void 0),e._inFlightCloseRequest=void 0,"erroring"===e._state&&(e._storedError=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._resolve(),e._pendingAbortRequest=void 0)),e._state="closed";const t=e._writer;void 0!==t&&Ct(t)}(t)}),(e=>{!function(e,t){e._inFlightCloseRequest._reject(t),e._inFlightCloseRequest=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._reject(t),e._pendingAbortRequest=void 0),et(e,t)}(t,e)}))}(e):function(e,t){const r=e._controlledWritableStream;!function(e){e._inFlightWriteRequest=e._writeRequests.shift()}(r);const o=e._writeAlgorithm(t);h(o,(()=>{!function(e){e._inFlightWriteRequest._resolve(void 0),e._inFlightWriteRequest=void 0}(r);const t=r._state;if(se(e),!ot(r)&&"writable"===t){const t=wt(e);it(r,t)}yt(e)}),(t=>{"writable"===r._state&&pt(e),function(e,t){e._inFlightWriteRequest._reject(t),e._inFlightWriteRequest=void 0,et(e,t)}(r,t)}))}(e,r)}function gt(e,t){"writable"===e._controlledWritableStream._state&&vt(e,t)}function wt(e){return mt(e)<=0}function vt(e,t){const r=e._controlledWritableStream;pt(e),tt(r,t)}function St(e){return new TypeError(`WritableStream.prototype.${e} can only be used on a WritableStream`)}function Rt(e){return new TypeError(`WritableStreamDefaultWriter.prototype.${e} can only be used on a WritableStreamDefaultWriter`)}function Tt(e){return new TypeError("Cannot "+e+" a stream using a released writer")}function Pt(e){e._closedPromise=u(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r,e._closedPromiseState="pending"}))}function qt(e,t){Pt(e),Et(e,t)}function Et(e,t){void 0!==e._closedPromise_reject&&(m(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="rejected")}function Ct(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="resolved")}function kt(e){e._readyPromise=u(((t,r)=>{e._readyPromise_resolve=t,e._readyPromise_reject=r})),e._readyPromiseState="pending"}function Ot(e,t){kt(e),Wt(e,t)}function jt(e){kt(e),At(e)}function Wt(e,t){void 0!==e._readyPromise_reject&&(m(e._readyPromise),e._readyPromise_reject(t),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="rejected")}function At(e){void 0!==e._readyPromise_resolve&&(e._readyPromise_resolve(void 0),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="fulfilled")}Object.defineProperties(_t.prototype,{error:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(_t.prototype,e.toStringTag,{value:"WritableStreamDefaultController",configurable:!0});const zt="undefined"!=typeof DOMException?DOMException:void 0;const Ft=function(e){if("function"!=typeof e&&"object"!=typeof e)return!1;try{return new e,!0}catch(e){return!1}}(zt)?zt:function(){const e=function(e,t){this.message=e||"",this.name=t||"Error",Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)};return Object.defineProperty(e.prototype=Object.create(Error.prototype),"constructor",{value:e,writable:!0,configurable:!0}),e}();function Bt(e,r,o,n,i,a){const s=H(e),l=Ue(r);e._disturbed=!0;let p=!1,y=c(void 0);return u(((g,w)=>{let v;if(void 0!==a){if(v=()=>{const t=new Ft("Aborted","AbortError"),o=[];n||o.push((()=>"writable"===r._state?Ke(r,t):c(void 0))),i||o.push((()=>"readable"===e._state?ar(e,t):c(void 0))),C((()=>Promise.all(o.map((e=>e())))),!0,t)},a.aborted)return void v();a.addEventListener("abort",v)}var S,R,P;if(E(e,s._closedPromise,(e=>{n?k(!0,e):C((()=>Ke(r,e)),!0,e)})),E(r,l._closedPromise,(t=>{i?k(!0,t):C((()=>ar(e,t)),!0,t)})),S=e,R=s._closedPromise,P=()=>{o?k():C((()=>function(e){const t=e._ownerWritableStream,r=t._state;return ot(t)||"closed"===r?c(void 0):"errored"===r?d(t._storedError):lt(e)}(l)))},"closed"===S._state?P():_(R,P),ot(r)||"closed"===r._state){const t=new TypeError("the destination writable stream closed before all data could be piped to it");i?k(!0,t):C((()=>ar(e,t)),!0,t)}function q(){const e=y;return f(y,(()=>e!==y?q():void 0))}function E(e,t,r){"errored"===e._state?r(e._storedError):b(t,r)}function C(e,t,o){function n(){h(e(),(()=>O(t,o)),(e=>O(!0,e)))}p||(p=!0,"writable"!==r._state||ot(r)?n():_(q(),n))}function k(e,t){p||(p=!0,"writable"!==r._state||ot(r)?O(e,t):_(q(),(()=>O(e,t))))}function O(e,t){dt(l),T(s),void 0!==a&&a.removeEventListener("abort",v),e?w(t):g(void 0)}m(u(((e,r)=>{!function o(n){n?e():f(p?c(!0):f(l._readyPromise,(()=>u(((e,r)=>{K(s,{_chunkSteps:r=>{y=f(ft(l,r),void 0,t),e(!1)},_closeSteps:()=>e(!0),_errorSteps:r})})))),o,r)}(!1)})))}))}class It{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Lt(this))throw Ut("desiredSize");return Ht(this)}close(){if(!Lt(this))throw Ut("close");if(!Yt(this))throw new TypeError("The stream is not in a state that permits close");xt(this)}enqueue(e=undefined){if(!Lt(this))throw Ut("enqueue");if(!Yt(this))throw new TypeError("The stream is not in a state that permits enqueue");return Nt(this,e)}error(e=undefined){if(!Lt(this))throw Ut("error");Qt(this,e)}[W](e){ue(this);const t=this._cancelAlgorithm(e);return Dt(this),t}[A](e){const t=this._controlledReadableStream;if(this._queue.length>0){const r=se(this);this._closeRequested&&0===this._queue.length?(Dt(this),sr(t)):Mt(this),e._chunkSteps(r)}else Y(t,e),Mt(this)}}function Lt(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableStream")}function Mt(e){if(!$t(e))return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;h(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Mt(e))}),(t=>{Qt(e,t)}))}function $t(e){const t=e._controlledReadableStream;if(!Yt(e))return!1;if(!e._started)return!1;if(ir(t)&&U(t)>0)return!0;return Ht(e)>0}function Dt(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function xt(e){if(!Yt(e))return;const t=e._controlledReadableStream;e._closeRequested=!0,0===e._queue.length&&(Dt(e),sr(t))}function Nt(e,t){if(!Yt(e))return;const r=e._controlledReadableStream;if(ir(r)&&U(r)>0)V(r,t,!1);else{let r;try{r=e._strategySizeAlgorithm(t)}catch(t){throw Qt(e,t),t}try{le(e,t,r)}catch(t){throw Qt(e,t),t}}Mt(e)}function Qt(e,t){const r=e._controlledReadableStream;"readable"===r._state&&(ue(e),Dt(e),lr(r,t))}function Ht(e){const t=e._controlledReadableStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Yt(e){const t=e._controlledReadableStream._state;return!e._closeRequested&&"readable"===t}function Vt(e,t,r,o,n,i,a){t._controlledReadableStream=e,t._queue=void 0,t._queueTotalSize=void 0,ue(t),t._started=!1,t._closeRequested=!1,t._pullAgain=!1,t._pulling=!1,t._strategySizeAlgorithm=a,t._strategyHWM=i,t._pullAlgorithm=o,t._cancelAlgorithm=n,e._readableStreamController=t;h(c(r()),(()=>{t._started=!0,Mt(t)}),(e=>{Qt(t,e)}))}function Ut(e){return new TypeError(`ReadableStreamDefaultController.prototype.${e} can only be used on a ReadableStreamDefaultController`)}function Gt(e,t,r){return I(e,r),r=>w(e,t,[r])}function Xt(e,t,r){return I(e,r),r=>w(e,t,[r])}function Jt(e,t,r){return I(e,r),r=>g(e,t,[r])}function Kt(e,t){if("bytes"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamType`);return e}function Zt(e,t){if("byob"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamReaderMode`);return e}function er(e,t){B(e,t);const r=null==e?void 0:e.preventAbort,o=null==e?void 0:e.preventCancel,n=null==e?void 0:e.preventClose,i=null==e?void 0:e.signal;return void 0!==i&&function(e,t){if(!function(e){if("object"!=typeof e||null===e)return!1;try{return"boolean"==typeof e.aborted}catch(e){return!1}}(e))throw new TypeError(t+" is not an AbortSignal.")}(i,t+" has member 'signal' that"),{preventAbort:!!r,preventCancel:!!o,preventClose:!!n,signal:i}}Object.defineProperties(It.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(It.prototype,e.toStringTag,{value:"ReadableStreamDefaultController",configurable:!0});class tr{constructor(e={},t={}){void 0===e?e=null:L(e,"First parameter");const r=$e(t,"Second parameter"),o=function(e,t){B(e,t);const r=e,o=null==r?void 0:r.autoAllocateChunkSize,n=null==r?void 0:r.cancel,i=null==r?void 0:r.pull,a=null==r?void 0:r.start,s=null==r?void 0:r.type;return{autoAllocateChunkSize:void 0===o?void 0:N(o,t+" has member 'autoAllocateChunkSize' that"),cancel:void 0===n?void 0:Gt(n,r,t+" has member 'cancel' that"),pull:void 0===i?void 0:Xt(i,r,t+" has member 'pull' that"),start:void 0===a?void 0:Jt(a,r,t+" has member 'start' that"),type:void 0===s?void 0:Kt(s,t+" has member 'type' that")}}(e,"First parameter");if(or(this),"bytes"===o.type){if(void 0!==r.size)throw new RangeError("The strategy for a byte stream cannot have a size function");ke(this,o,Le(r,0))}else{const e=Me(r);!function(e,t,r,o){const n=Object.create(It.prototype);let i=()=>{},a=()=>c(void 0),s=()=>c(void 0);void 0!==t.start&&(i=()=>t.start(n)),void 0!==t.pull&&(a=()=>t.pull(n)),void 0!==t.cancel&&(s=e=>t.cancel(e)),Vt(e,n,i,a,s,r,o)}(this,o,Le(r,1),e)}}get locked(){if(!nr(this))throw ur("locked");return ir(this)}cancel(e=undefined){return nr(this)?ir(this)?d(new TypeError("Cannot cancel a stream that already has a reader")):ar(this,e):d(ur("cancel"))}getReader(e=undefined){if(!nr(this))throw ur("getReader");return void 0===function(e,t){B(e,t);const r=null==e?void 0:e.mode;return{mode:void 0===r?void 0:Zt(r,t+" has member 'mode' that")}}(e,"First parameter").mode?H(this):new Fe(this)}pipeThrough(e,t={}){if(!nr(this))throw ur("pipeThrough");M(e,1,"pipeThrough");const r=function(e,t){B(e,t);const r=null==e?void 0:e.readable;$(r,"readable","ReadableWritablePair"),Q(r,t+" has member 'readable' that");const o=null==e?void 0:e.writable;return $(o,"writable","ReadableWritablePair"),Ye(o,t+" has member 'writable' that"),{readable:r,writable:o}}(e,"First parameter"),o=er(t,"Second parameter");if(ir(this))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream");if(Je(r.writable))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream");return m(Bt(this,r.writable,o.preventClose,o.preventAbort,o.preventCancel,o.signal)),r.readable}pipeTo(e,t={}){if(!nr(this))return d(ur("pipeTo"));if(void 0===e)return d("Parameter 1 is required in 'pipeTo'.");if(!Xe(e))return d(new TypeError("ReadableStream.prototype.pipeTo's first argument must be a WritableStream"));let r;try{r=er(t,"Second parameter")}catch(e){return d(e)}return ir(this)?d(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream")):Je(e)?d(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream")):Bt(this,e,r.preventClose,r.preventAbort,r.preventCancel,r.signal)}tee(){if(!nr(this))throw ur("tee");const e=function(e,t){const r=H(e);let o,n,i,a,s,l=!1,d=!1,f=!1;const h=u((e=>{s=e}));function _(){return l||(l=!0,K(r,{_chunkSteps:e=>{y((()=>{l=!1;const t=e,r=e;d||Nt(i._readableStreamController,t),f||Nt(a._readableStreamController,r)}))},_closeSteps:()=>{l=!1,d||xt(i._readableStreamController),f||xt(a._readableStreamController),d&&f||s(void 0)},_errorSteps:()=>{l=!1}})),c(void 0)}function p(){}return i=rr(p,_,(function(t){if(d=!0,o=t,f){const t=ce([o,n]),r=ar(e,t);s(r)}return h})),a=rr(p,_,(function(t){if(f=!0,n=t,d){const t=ce([o,n]),r=ar(e,t);s(r)}return h})),b(r._closedPromise,(e=>{Qt(i._readableStreamController,e),Qt(a._readableStreamController,e),d&&f||s(void 0)})),[i,a]}(this);return ce(e)}values(e=undefined){if(!nr(this))throw ur("values");return function(e,t){const r=H(e),o=new te(r,t),n=Object.create(re);return n._asyncIteratorImpl=o,n}(this,function(e,t){return B(e,t),{preventCancel:!!(null==e?void 0:e.preventCancel)}}(e,"First parameter").preventCancel)}}function rr(e,t,r,o=1,n=(()=>1)){const i=Object.create(tr.prototype);or(i);return Vt(i,Object.create(It.prototype),e,t,r,o,n),i}function or(e){e._state="readable",e._reader=void 0,e._storedError=void 0,e._disturbed=!1}function nr(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readableStreamController")}function ir(e){return void 0!==e._reader}function ar(e,r){if(e._disturbed=!0,"closed"===e._state)return c(void 0);if("errored"===e._state)return d(e._storedError);sr(e);return p(e._readableStreamController[W](r),t)}function sr(e){e._state="closed";const t=e._reader;void 0!==t&&(k(t),J(t)&&(t._readRequests.forEach((e=>{e._closeSteps()})),t._readRequests=new v))}function lr(e,t){e._state="errored",e._storedError=t;const r=e._reader;void 0!==r&&(C(r,t),J(r)?(r._readRequests.forEach((e=>{e._errorSteps(t)})),r._readRequests=new v):(r._readIntoRequests.forEach((e=>{e._errorSteps(t)})),r._readIntoRequests=new v))}function ur(e){return new TypeError(`ReadableStream.prototype.${e} can only be used on a ReadableStream`)}function cr(e,t){B(e,t);const r=null==e?void 0:e.highWaterMark;return $(r,"highWaterMark","QueuingStrategyInit"),{highWaterMark:D(r)}}Object.defineProperties(tr.prototype,{cancel:{enumerable:!0},getReader:{enumerable:!0},pipeThrough:{enumerable:!0},pipeTo:{enumerable:!0},tee:{enumerable:!0},values:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(tr.prototype,e.toStringTag,{value:"ReadableStream",configurable:!0}),"symbol"==typeof e.asyncIterator&&Object.defineProperty(tr.prototype,e.asyncIterator,{value:tr.prototype.values,writable:!0,configurable:!0});const dr=function(e){return e.byteLength};class fr{constructor(e){M(e,1,"ByteLengthQueuingStrategy"),e=cr(e,"First parameter"),this._byteLengthQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!_r(this))throw hr("highWaterMark");return this._byteLengthQueuingStrategyHighWaterMark}get size(){if(!_r(this))throw hr("size");return dr}}function hr(e){return new TypeError(`ByteLengthQueuingStrategy.prototype.${e} can only be used on a ByteLengthQueuingStrategy`)}function _r(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_byteLengthQueuingStrategyHighWaterMark")}Object.defineProperties(fr.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(fr.prototype,e.toStringTag,{value:"ByteLengthQueuingStrategy",configurable:!0});const br=function(){return 1};class pr{constructor(e){M(e,1,"CountQueuingStrategy"),e=cr(e,"First parameter"),this._countQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!yr(this))throw mr("highWaterMark");return this._countQueuingStrategyHighWaterMark}get size(){if(!yr(this))throw mr("size");return br}}function mr(e){return new TypeError(`CountQueuingStrategy.prototype.${e} can only be used on a CountQueuingStrategy`)}function yr(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_countQueuingStrategyHighWaterMark")}function gr(e,t,r){return I(e,r),r=>w(e,t,[r])}function wr(e,t,r){return I(e,r),r=>g(e,t,[r])}function vr(e,t,r){return I(e,r),(r,o)=>w(e,t,[r,o])}Object.defineProperties(pr.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(pr.prototype,e.toStringTag,{value:"CountQueuingStrategy",configurable:!0});class Sr{constructor(e={},t={},r={}){void 0===e&&(e=null);const o=$e(t,"Second parameter"),n=$e(r,"Third parameter"),i=function(e,t){B(e,t);const r=null==e?void 0:e.flush,o=null==e?void 0:e.readableType,n=null==e?void 0:e.start,i=null==e?void 0:e.transform,a=null==e?void 0:e.writableType;return{flush:void 0===r?void 0:gr(r,e,t+" has member 'flush' that"),readableType:o,start:void 0===n?void 0:wr(n,e,t+" has member 'start' that"),transform:void 0===i?void 0:vr(i,e,t+" has member 'transform' that"),writableType:a}}(e,"First parameter");if(void 0!==i.readableType)throw new RangeError("Invalid readableType specified");if(void 0!==i.writableType)throw new RangeError("Invalid writableType specified");const a=Le(n,0),s=Me(n),l=Le(o,1),f=Me(o);let h;!function(e,t,r,o,n,i){function a(){return t}function s(t){return function(e,t){const r=e._transformStreamController;if(e._backpressure){return p(e._backpressureChangePromise,(()=>{const o=e._writable;if("erroring"===o._state)throw o._storedError;return jr(r,t)}))}return jr(r,t)}(e,t)}function l(t){return function(e,t){return Tr(e,t),c(void 0)}(e,t)}function u(){return function(e){const t=e._readable,r=e._transformStreamController,o=r._flushAlgorithm();return kr(r),p(o,(()=>{if("errored"===t._state)throw t._storedError;xt(t._readableStreamController)}),(r=>{throw Tr(e,r),t._storedError}))}(e)}function d(){return function(e){return qr(e,!1),e._backpressureChangePromise}(e)}function f(t){return Pr(e,t),c(void 0)}e._writable=function(e,t,r,o,n=1,i=(()=>1)){const a=Object.create(Ve.prototype);return Ge(a),bt(a,Object.create(_t.prototype),e,t,r,o,n,i),a}(a,s,u,l,r,o),e._readable=rr(a,d,f,n,i),e._backpressure=void 0,e._backpressureChangePromise=void 0,e._backpressureChangePromise_resolve=void 0,qr(e,!0),e._transformStreamController=void 0}(this,u((e=>{h=e})),l,f,a,s),function(e,t){const r=Object.create(Er.prototype);let o=e=>{try{return Or(r,e),c(void 0)}catch(e){return d(e)}},n=()=>c(void 0);void 0!==t.transform&&(o=e=>t.transform(e,r));void 0!==t.flush&&(n=()=>t.flush(r));!function(e,t,r,o){t._controlledTransformStream=e,e._transformStreamController=t,t._transformAlgorithm=r,t._flushAlgorithm=o}(e,r,o,n)}(this,i),void 0!==i.start?h(i.start(this._transformStreamController)):h(void 0)}get readable(){if(!Rr(this))throw Ar("readable");return this._readable}get writable(){if(!Rr(this))throw Ar("writable");return this._writable}}function Rr(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_transformStreamController")}function Tr(e,t){Qt(e._readable._readableStreamController,t),Pr(e,t)}function Pr(e,t){kr(e._transformStreamController),gt(e._writable._writableStreamController,t),e._backpressure&&qr(e,!1)}function qr(e,t){void 0!==e._backpressureChangePromise&&e._backpressureChangePromise_resolve(),e._backpressureChangePromise=u((t=>{e._backpressureChangePromise_resolve=t})),e._backpressure=t}Object.defineProperties(Sr.prototype,{readable:{enumerable:!0},writable:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(Sr.prototype,e.toStringTag,{value:"TransformStream",configurable:!0});class Er{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Cr(this))throw Wr("desiredSize");return Ht(this._controlledTransformStream._readable._readableStreamController)}enqueue(e=undefined){if(!Cr(this))throw Wr("enqueue");Or(this,e)}error(e=undefined){if(!Cr(this))throw Wr("error");var t;t=e,Tr(this._controlledTransformStream,t)}terminate(){if(!Cr(this))throw Wr("terminate");!function(e){const t=e._controlledTransformStream;xt(t._readable._readableStreamController);Pr(t,new TypeError("TransformStream terminated"))}(this)}}function Cr(e){return!!o(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledTransformStream")}function kr(e){e._transformAlgorithm=void 0,e._flushAlgorithm=void 0}function Or(e,t){const r=e._controlledTransformStream,o=r._readable._readableStreamController;if(!Yt(o))throw new TypeError("Readable side is not in a state that permits enqueue");try{Nt(o,t)}catch(e){throw Pr(r,e),r._readable._storedError}const n=function(e){return!$t(e)}(o);n!==r._backpressure&&qr(r,!0)}function jr(e,t){return p(e._transformAlgorithm(t),void 0,(t=>{throw Tr(e._controlledTransformStream,t),t}))}function Wr(e){return new TypeError(`TransformStreamDefaultController.prototype.${e} can only be used on a TransformStreamDefaultController`)}function Ar(e){return new TypeError(`TransformStream.prototype.${e} can only be used on a TransformStream`)}Object.defineProperties(Er.prototype,{enqueue:{enumerable:!0},error:{enumerable:!0},terminate:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof e.toStringTag&&Object.defineProperty(Er.prototype,e.toStringTag,{value:"TransformStreamDefaultController",configurable:!0});export{fr as ByteLengthQueuingStrategy,pr as CountQueuingStrategy,fe as ReadableByteStreamController,tr as ReadableStream,Fe as ReadableStreamBYOBReader,de as ReadableStreamBYOBRequest,It as ReadableStreamDefaultController,X as ReadableStreamDefaultReader,Sr as TransformStream,Er as TransformStreamDefaultController,Ve as WritableStream,_t as WritableStreamDefaultController,at as WritableStreamDefaultWriter}; -//# sourceMappingURL=ponyfill.es6.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs.map deleted file mode 100644 index 7f8eb7dd3..000000000 --- a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.min.mjs.map +++ /dev/null @@ -1 +0,0 @@ -{"version":3,"file":"ponyfill.es6.min.mjs","sources":["../../node_modules/@openpgp/web-stream-tools/node_modules/web-streams-polyfill/dist/ponyfill.es6.mjs"],"sourcesContent":["/**\n * web-streams-polyfill v3.0.3\n */\n/// \nconst SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ?\n Symbol :\n description => `Symbol(${description})`;\n\n/// \nfunction noop() {\n return undefined;\n}\nfunction getGlobals() {\n if (typeof self !== 'undefined') {\n return self;\n }\n else if (typeof window !== 'undefined') {\n return window;\n }\n else if (typeof global !== 'undefined') {\n return global;\n }\n return undefined;\n}\nconst globals = getGlobals();\n\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nconst rethrowAssertionErrorRejection = noop;\n\nconst originalPromise = Promise;\nconst originalPromiseThen = Promise.prototype.then;\nconst originalPromiseResolve = Promise.resolve.bind(originalPromise);\nconst originalPromiseReject = Promise.reject.bind(originalPromise);\nfunction newPromise(executor) {\n return new originalPromise(executor);\n}\nfunction promiseResolvedWith(value) {\n return originalPromiseResolve(value);\n}\nfunction promiseRejectedWith(reason) {\n return originalPromiseReject(reason);\n}\nfunction PerformPromiseThen(promise, onFulfilled, onRejected) {\n // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an\n // approximation.\n return originalPromiseThen.call(promise, onFulfilled, onRejected);\n}\nfunction uponPromise(promise, onFulfilled, onRejected) {\n PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection);\n}\nfunction uponFulfillment(promise, onFulfilled) {\n uponPromise(promise, onFulfilled);\n}\nfunction uponRejection(promise, onRejected) {\n uponPromise(promise, undefined, onRejected);\n}\nfunction transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) {\n return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler);\n}\nfunction setPromiseIsHandledToTrue(promise) {\n PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection);\n}\nconst queueMicrotask = (() => {\n const globalQueueMicrotask = globals && globals.queueMicrotask;\n if (typeof globalQueueMicrotask === 'function') {\n return globalQueueMicrotask;\n }\n const resolvedPromise = promiseResolvedWith(undefined);\n return (fn) => PerformPromiseThen(resolvedPromise, fn);\n})();\nfunction reflectCall(F, V, args) {\n if (typeof F !== 'function') {\n throw new TypeError('Argument is not a function');\n }\n return Function.prototype.apply.call(F, V, args);\n}\nfunction promiseCall(F, V, args) {\n try {\n return promiseResolvedWith(reflectCall(F, V, args));\n }\n catch (value) {\n return promiseRejectedWith(value);\n }\n}\n\n// Original from Chromium\n// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js\nconst QUEUE_MAX_ARRAY_SIZE = 16384;\n/**\n * Simple queue structure.\n *\n * Avoids scalability issues with using a packed array directly by using\n * multiple arrays in a linked list and keeping the array size bounded.\n */\nclass SimpleQueue {\n constructor() {\n this._cursor = 0;\n this._size = 0;\n // _front and _back are always defined.\n this._front = {\n _elements: [],\n _next: undefined\n };\n this._back = this._front;\n // The cursor is used to avoid calling Array.shift().\n // It contains the index of the front element of the array inside the\n // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE).\n this._cursor = 0;\n // When there is only one node, size === elements.length - cursor.\n this._size = 0;\n }\n get length() {\n return this._size;\n }\n // For exception safety, this method is structured in order:\n // 1. Read state\n // 2. Calculate required state mutations\n // 3. Perform state mutations\n push(element) {\n const oldBack = this._back;\n let newBack = oldBack;\n if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) {\n newBack = {\n _elements: [],\n _next: undefined\n };\n }\n // push() is the mutation most likely to throw an exception, so it\n // goes first.\n oldBack._elements.push(element);\n if (newBack !== oldBack) {\n this._back = newBack;\n oldBack._next = newBack;\n }\n ++this._size;\n }\n // Like push(), shift() follows the read -> calculate -> mutate pattern for\n // exception safety.\n shift() { // must not be called on an empty queue\n const oldFront = this._front;\n let newFront = oldFront;\n const oldCursor = this._cursor;\n let newCursor = oldCursor + 1;\n const elements = oldFront._elements;\n const element = elements[oldCursor];\n if (newCursor === QUEUE_MAX_ARRAY_SIZE) {\n newFront = oldFront._next;\n newCursor = 0;\n }\n // No mutations before this point.\n --this._size;\n this._cursor = newCursor;\n if (oldFront !== newFront) {\n this._front = newFront;\n }\n // Permit shifted element to be garbage collected.\n elements[oldCursor] = undefined;\n return element;\n }\n // The tricky thing about forEach() is that it can be called\n // re-entrantly. The queue may be mutated inside the callback. It is easy to\n // see that push() within the callback has no negative effects since the end\n // of the queue is checked for on every iteration. If shift() is called\n // repeatedly within the callback then the next iteration may return an\n // element that has been removed. In this case the callback will be called\n // with undefined values until we either \"catch up\" with elements that still\n // exist or reach the back of the queue.\n forEach(callback) {\n let i = this._cursor;\n let node = this._front;\n let elements = node._elements;\n while (i !== elements.length || node._next !== undefined) {\n if (i === elements.length) {\n node = node._next;\n elements = node._elements;\n i = 0;\n if (elements.length === 0) {\n break;\n }\n }\n callback(elements[i]);\n ++i;\n }\n }\n // Return the element that would be returned if shift() was called now,\n // without modifying the queue.\n peek() { // must not be called on an empty queue\n const front = this._front;\n const cursor = this._cursor;\n return front._elements[cursor];\n }\n}\n\nfunction ReadableStreamReaderGenericInitialize(reader, stream) {\n reader._ownerReadableStream = stream;\n stream._reader = reader;\n if (stream._state === 'readable') {\n defaultReaderClosedPromiseInitialize(reader);\n }\n else if (stream._state === 'closed') {\n defaultReaderClosedPromiseInitializeAsResolved(reader);\n }\n else {\n defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError);\n }\n}\n// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state\n// check.\nfunction ReadableStreamReaderGenericCancel(reader, reason) {\n const stream = reader._ownerReadableStream;\n return ReadableStreamCancel(stream, reason);\n}\nfunction ReadableStreamReaderGenericRelease(reader) {\n if (reader._ownerReadableStream._state === 'readable') {\n defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n else {\n defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n reader._ownerReadableStream._reader = undefined;\n reader._ownerReadableStream = undefined;\n}\n// Helper functions for the readers.\nfunction readerLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released reader');\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderClosedPromiseInitialize(reader) {\n reader._closedPromise = newPromise((resolve, reject) => {\n reader._closedPromise_resolve = resolve;\n reader._closedPromise_reject = reject;\n });\n}\nfunction defaultReaderClosedPromiseInitializeAsRejected(reader, reason) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseReject(reader, reason);\n}\nfunction defaultReaderClosedPromiseInitializeAsResolved(reader) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseResolve(reader);\n}\nfunction defaultReaderClosedPromiseReject(reader, reason) {\n if (reader._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(reader._closedPromise);\n reader._closedPromise_reject(reason);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\nfunction defaultReaderClosedPromiseResetToRejected(reader, reason) {\n defaultReaderClosedPromiseInitializeAsRejected(reader, reason);\n}\nfunction defaultReaderClosedPromiseResolve(reader) {\n if (reader._closedPromise_resolve === undefined) {\n return;\n }\n reader._closedPromise_resolve(undefined);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\n\nconst AbortSteps = SymbolPolyfill('[[AbortSteps]]');\nconst ErrorSteps = SymbolPolyfill('[[ErrorSteps]]');\nconst CancelSteps = SymbolPolyfill('[[CancelSteps]]');\nconst PullSteps = SymbolPolyfill('[[PullSteps]]');\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill\nconst NumberIsFinite = Number.isFinite || function (x) {\n return typeof x === 'number' && isFinite(x);\n};\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill\nconst MathTrunc = Math.trunc || function (v) {\n return v < 0 ? Math.ceil(v) : Math.floor(v);\n};\n\n// https://heycam.github.io/webidl/#idl-dictionaries\nfunction isDictionary(x) {\n return typeof x === 'object' || typeof x === 'function';\n}\nfunction assertDictionary(obj, context) {\n if (obj !== undefined && !isDictionary(obj)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-callback-functions\nfunction assertFunction(x, context) {\n if (typeof x !== 'function') {\n throw new TypeError(`${context} is not a function.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-object\nfunction isObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nfunction assertObject(x, context) {\n if (!isObject(x)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\nfunction assertRequiredArgument(x, position, context) {\n if (x === undefined) {\n throw new TypeError(`Parameter ${position} is required in '${context}'.`);\n }\n}\nfunction assertRequiredField(x, field, context) {\n if (x === undefined) {\n throw new TypeError(`${field} is required in '${context}'.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-unrestricted-double\nfunction convertUnrestrictedDouble(value) {\n return Number(value);\n}\nfunction censorNegativeZero(x) {\n return x === 0 ? 0 : x;\n}\nfunction integerPart(x) {\n return censorNegativeZero(MathTrunc(x));\n}\n// https://heycam.github.io/webidl/#idl-unsigned-long-long\nfunction convertUnsignedLongLongWithEnforceRange(value, context) {\n const lowerBound = 0;\n const upperBound = Number.MAX_SAFE_INTEGER;\n let x = Number(value);\n x = censorNegativeZero(x);\n if (!NumberIsFinite(x)) {\n throw new TypeError(`${context} is not a finite number`);\n }\n x = integerPart(x);\n if (x < lowerBound || x > upperBound) {\n throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`);\n }\n if (!NumberIsFinite(x) || x === 0) {\n return 0;\n }\n // TODO Use BigInt if supported?\n // let xBigInt = BigInt(integerPart(x));\n // xBigInt = BigInt.asUintN(64, xBigInt);\n // return Number(xBigInt);\n return x;\n}\n\nfunction assertReadableStream(x, context) {\n if (!IsReadableStream(x)) {\n throw new TypeError(`${context} is not a ReadableStream.`);\n }\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamDefaultReader(stream) {\n return new ReadableStreamDefaultReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadRequest(stream, readRequest) {\n stream._reader._readRequests.push(readRequest);\n}\nfunction ReadableStreamFulfillReadRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readRequest = reader._readRequests.shift();\n if (done) {\n readRequest._closeSteps();\n }\n else {\n readRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadRequests(stream) {\n return stream._reader._readRequests.length;\n}\nfunction ReadableStreamHasDefaultReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamDefaultReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A default reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamDefaultReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed,\n * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Returns a promise that allows access to the next chunk from the stream's internal queue, if available.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('read'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: () => resolvePromise({ value: undefined, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamDefaultReaderRead(this, readRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamDefaultReader(this)) {\n throw defaultReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamDefaultReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamDefaultReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultReaderRead(reader, readRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'closed') {\n readRequest._closeSteps();\n }\n else if (stream._state === 'errored') {\n readRequest._errorSteps(stream._storedError);\n }\n else {\n stream._readableStreamController[PullSteps](readRequest);\n }\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`);\n}\n\n/// \nlet AsyncIteratorPrototype;\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n // We're running inside a ES2018+ environment, but we're compiling to an older syntax.\n // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it.\n AsyncIteratorPrototype = {\n // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( )\n // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator\n [SymbolPolyfill.asyncIterator]() {\n return this;\n }\n };\n Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false });\n}\n\n/// \nclass ReadableStreamAsyncIteratorImpl {\n constructor(reader, preventCancel) {\n this._ongoingPromise = undefined;\n this._isFinished = false;\n this._reader = reader;\n this._preventCancel = preventCancel;\n }\n next() {\n const nextSteps = () => this._nextSteps();\n this._ongoingPromise = this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) :\n nextSteps();\n return this._ongoingPromise;\n }\n return(value) {\n const returnSteps = () => this._returnSteps(value);\n return this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) :\n returnSteps();\n }\n _nextSteps() {\n if (this._isFinished) {\n return Promise.resolve({ value: undefined, done: true });\n }\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('iterate'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => {\n this._ongoingPromise = undefined;\n // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test.\n // FIXME Is this a bug in the specification, or in the test?\n queueMicrotask(() => resolvePromise({ value: chunk, done: false }));\n },\n _closeSteps: () => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n resolvePromise({ value: undefined, done: true });\n },\n _errorSteps: reason => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n rejectPromise(reason);\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promise;\n }\n _returnSteps(value) {\n if (this._isFinished) {\n return Promise.resolve({ value, done: true });\n }\n this._isFinished = true;\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('finish iterating'));\n }\n if (!this._preventCancel) {\n const result = ReadableStreamReaderGenericCancel(reader, value);\n ReadableStreamReaderGenericRelease(reader);\n return transformPromiseWith(result, () => ({ value, done: true }));\n }\n ReadableStreamReaderGenericRelease(reader);\n return promiseResolvedWith({ value, done: true });\n }\n}\nconst ReadableStreamAsyncIteratorPrototype = {\n next() {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next'));\n }\n return this._asyncIteratorImpl.next();\n },\n return(value) {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return'));\n }\n return this._asyncIteratorImpl.return(value);\n }\n};\nif (AsyncIteratorPrototype !== undefined) {\n Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype);\n}\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamAsyncIterator(stream, preventCancel) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel);\n const iterator = Object.create(ReadableStreamAsyncIteratorPrototype);\n iterator._asyncIteratorImpl = impl;\n return iterator;\n}\nfunction IsReadableStreamAsyncIterator(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) {\n return false;\n }\n return true;\n}\n// Helper functions for the ReadableStream.\nfunction streamAsyncIteratorBrandCheckException(name) {\n return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`);\n}\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill\nconst NumberIsNaN = Number.isNaN || function (x) {\n // eslint-disable-next-line no-self-compare\n return x !== x;\n};\n\nfunction IsFiniteNonNegativeNumber(v) {\n if (!IsNonNegativeNumber(v)) {\n return false;\n }\n if (v === Infinity) {\n return false;\n }\n return true;\n}\nfunction IsNonNegativeNumber(v) {\n if (typeof v !== 'number') {\n return false;\n }\n if (NumberIsNaN(v)) {\n return false;\n }\n if (v < 0) {\n return false;\n }\n return true;\n}\n\nfunction DequeueValue(container) {\n const pair = container._queue.shift();\n container._queueTotalSize -= pair.size;\n if (container._queueTotalSize < 0) {\n container._queueTotalSize = 0;\n }\n return pair.value;\n}\nfunction EnqueueValueWithSize(container, value, size) {\n size = Number(size);\n if (!IsFiniteNonNegativeNumber(size)) {\n throw new RangeError('Size must be a finite, non-NaN, non-negative number.');\n }\n container._queue.push({ value, size });\n container._queueTotalSize += size;\n}\nfunction PeekQueueValue(container) {\n const pair = container._queue.peek();\n return pair.value;\n}\nfunction ResetQueue(container) {\n container._queue = new SimpleQueue();\n container._queueTotalSize = 0;\n}\n\nfunction CreateArrayFromList(elements) {\n // We use arrays to represent lists, so this is basically a no-op.\n // Do a slice though just in case we happen to depend on the unique-ness.\n return elements.slice();\n}\nfunction CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) {\n new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset);\n}\n// Not implemented correctly\nfunction TransferArrayBuffer(O) {\n return O;\n}\n// Not implemented correctly\nfunction IsDetachedBuffer(O) {\n return false;\n}\n\n/**\n * A pull-into request in a {@link ReadableByteStreamController}.\n *\n * @public\n */\nclass ReadableStreamBYOBRequest {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the view for writing in to, or `null` if the BYOB request has already been responded to.\n */\n get view() {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('view');\n }\n return this._view;\n }\n respond(bytesWritten) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respond');\n }\n assertRequiredArgument(bytesWritten, 1, 'respond');\n bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter');\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n if (IsDetachedBuffer(this._view.buffer)) ;\n ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten);\n }\n respondWithNewView(view) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respondWithNewView');\n }\n assertRequiredArgument(view, 1, 'respondWithNewView');\n if (!ArrayBuffer.isView(view)) {\n throw new TypeError('You can only respond with array buffer views');\n }\n if (view.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (view.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view);\n }\n}\nObject.defineProperties(ReadableStreamBYOBRequest.prototype, {\n respond: { enumerable: true },\n respondWithNewView: { enumerable: true },\n view: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBRequest',\n configurable: true\n });\n}\n/**\n * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableByteStreamController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the current BYOB pull request, or `null` if there isn't one.\n */\n get byobRequest() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('byobRequest');\n }\n if (this._byobRequest === null && this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled);\n const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype);\n SetUpReadableStreamBYOBRequest(byobRequest, this, view);\n this._byobRequest = byobRequest;\n }\n return this._byobRequest;\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('desiredSize');\n }\n return ReadableByteStreamControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('close');\n }\n if (this._closeRequested) {\n throw new TypeError('The stream has already been closed; do not close it again!');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`);\n }\n ReadableByteStreamControllerClose(this);\n }\n enqueue(chunk) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('enqueue');\n }\n assertRequiredArgument(chunk, 1, 'enqueue');\n if (!ArrayBuffer.isView(chunk)) {\n throw new TypeError('chunk must be an array buffer view');\n }\n if (chunk.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (chunk.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._closeRequested) {\n throw new TypeError('stream is closed or draining');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`);\n }\n ReadableByteStreamControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('error');\n }\n ReadableByteStreamControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n if (this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n firstDescriptor.bytesFilled = 0;\n }\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableByteStreamControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableByteStream;\n if (this._queueTotalSize > 0) {\n const entry = this._queue.shift();\n this._queueTotalSize -= entry.byteLength;\n ReadableByteStreamControllerHandleQueueDrain(this);\n const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength);\n readRequest._chunkSteps(view);\n return;\n }\n const autoAllocateChunkSize = this._autoAllocateChunkSize;\n if (autoAllocateChunkSize !== undefined) {\n let buffer;\n try {\n buffer = new ArrayBuffer(autoAllocateChunkSize);\n }\n catch (bufferE) {\n readRequest._errorSteps(bufferE);\n return;\n }\n const pullIntoDescriptor = {\n buffer,\n byteOffset: 0,\n byteLength: autoAllocateChunkSize,\n bytesFilled: 0,\n elementSize: 1,\n viewConstructor: Uint8Array,\n readerType: 'default'\n };\n this._pendingPullIntos.push(pullIntoDescriptor);\n }\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableByteStreamControllerCallPullIfNeeded(this);\n }\n}\nObject.defineProperties(ReadableByteStreamController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n byobRequest: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableByteStreamController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableByteStreamController.\nfunction IsReadableByteStreamController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamBYOBRequest(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) {\n return false;\n }\n return true;\n}\nfunction ReadableByteStreamControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableByteStreamControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n // TODO: Test controller argument\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableByteStreamControllerError(controller, e);\n });\n}\nfunction ReadableByteStreamControllerClearPendingPullIntos(controller) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n controller._pendingPullIntos = new SimpleQueue();\n}\nfunction ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) {\n let done = false;\n if (stream._state === 'closed') {\n done = true;\n }\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n if (pullIntoDescriptor.readerType === 'default') {\n ReadableStreamFulfillReadRequest(stream, filledView, done);\n }\n else {\n ReadableStreamFulfillReadIntoRequest(stream, filledView, done);\n }\n}\nfunction ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) {\n const bytesFilled = pullIntoDescriptor.bytesFilled;\n const elementSize = pullIntoDescriptor.elementSize;\n return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize);\n}\nfunction ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) {\n controller._queue.push({ buffer, byteOffset, byteLength });\n controller._queueTotalSize += byteLength;\n}\nfunction ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) {\n const elementSize = pullIntoDescriptor.elementSize;\n const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize;\n const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled);\n const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy;\n const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize;\n let totalBytesToCopyRemaining = maxBytesToCopy;\n let ready = false;\n if (maxAlignedBytes > currentAlignedBytes) {\n totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled;\n ready = true;\n }\n const queue = controller._queue;\n while (totalBytesToCopyRemaining > 0) {\n const headOfQueue = queue.peek();\n const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength);\n const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy);\n if (headOfQueue.byteLength === bytesToCopy) {\n queue.shift();\n }\n else {\n headOfQueue.byteOffset += bytesToCopy;\n headOfQueue.byteLength -= bytesToCopy;\n }\n controller._queueTotalSize -= bytesToCopy;\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor);\n totalBytesToCopyRemaining -= bytesToCopy;\n }\n return ready;\n}\nfunction ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n pullIntoDescriptor.bytesFilled += size;\n}\nfunction ReadableByteStreamControllerHandleQueueDrain(controller) {\n if (controller._queueTotalSize === 0 && controller._closeRequested) {\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(controller._controlledReadableByteStream);\n }\n else {\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n}\nfunction ReadableByteStreamControllerInvalidateBYOBRequest(controller) {\n if (controller._byobRequest === null) {\n return;\n }\n controller._byobRequest._associatedReadableByteStreamController = undefined;\n controller._byobRequest._view = null;\n controller._byobRequest = null;\n}\nfunction ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) {\n while (controller._pendingPullIntos.length > 0) {\n if (controller._queueTotalSize === 0) {\n return;\n }\n const pullIntoDescriptor = controller._pendingPullIntos.peek();\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) {\n const stream = controller._controlledReadableByteStream;\n let elementSize = 1;\n if (view.constructor !== DataView) {\n elementSize = view.constructor.BYTES_PER_ELEMENT;\n }\n const ctor = view.constructor;\n const buffer = TransferArrayBuffer(view.buffer);\n const pullIntoDescriptor = {\n buffer,\n byteOffset: view.byteOffset,\n byteLength: view.byteLength,\n bytesFilled: 0,\n elementSize,\n viewConstructor: ctor,\n readerType: 'byob'\n };\n if (controller._pendingPullIntos.length > 0) {\n controller._pendingPullIntos.push(pullIntoDescriptor);\n // No ReadableByteStreamControllerCallPullIfNeeded() call since:\n // - No change happens on desiredSize\n // - The source has already been notified of that there's at least 1 pending read(view)\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n return;\n }\n if (stream._state === 'closed') {\n const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0);\n readIntoRequest._closeSteps(emptyView);\n return;\n }\n if (controller._queueTotalSize > 0) {\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n ReadableByteStreamControllerHandleQueueDrain(controller);\n readIntoRequest._chunkSteps(filledView);\n return;\n }\n if (controller._closeRequested) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n readIntoRequest._errorSteps(e);\n return;\n }\n }\n controller._pendingPullIntos.push(pullIntoDescriptor);\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) {\n firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer);\n const stream = controller._controlledReadableByteStream;\n if (ReadableStreamHasBYOBReader(stream)) {\n while (ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) {\n if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) {\n throw new RangeError('bytesWritten out of range');\n }\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor);\n if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) {\n // TODO: Figure out whether we should detach the buffer or not here.\n return;\n }\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize;\n if (remainderSize > 0) {\n const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end);\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength);\n }\n pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer);\n pullIntoDescriptor.bytesFilled -= remainderSize;\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n}\nfunction ReadableByteStreamControllerRespondInternal(controller, bytesWritten) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n const state = controller._controlledReadableByteStream._state;\n if (state === 'closed') {\n if (bytesWritten !== 0) {\n throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream');\n }\n ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor);\n }\n else {\n ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerShiftPendingPullInto(controller) {\n const descriptor = controller._pendingPullIntos.shift();\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n return descriptor;\n}\nfunction ReadableByteStreamControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return false;\n }\n if (controller._closeRequested) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableByteStreamControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n}\n// A client of ReadableByteStreamController may use these functions directly to bypass state check.\nfunction ReadableByteStreamControllerClose(controller) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n if (controller._queueTotalSize > 0) {\n controller._closeRequested = true;\n return;\n }\n if (controller._pendingPullIntos.length > 0) {\n const firstPendingPullInto = controller._pendingPullIntos.peek();\n if (firstPendingPullInto.bytesFilled > 0) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n throw e;\n }\n }\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n}\nfunction ReadableByteStreamControllerEnqueue(controller, chunk) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n const buffer = chunk.buffer;\n const byteOffset = chunk.byteOffset;\n const byteLength = chunk.byteLength;\n const transferredBuffer = TransferArrayBuffer(buffer);\n if (ReadableStreamHasDefaultReader(stream)) {\n if (ReadableStreamGetNumReadRequests(stream) === 0) {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n else {\n const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength);\n ReadableStreamFulfillReadRequest(stream, transferredView, false);\n }\n }\n else if (ReadableStreamHasBYOBReader(stream)) {\n // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully.\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n }\n else {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerError(controller, e) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return;\n }\n ReadableByteStreamControllerClearPendingPullIntos(controller);\n ResetQueue(controller);\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableByteStreamControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableByteStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction ReadableByteStreamControllerRespond(controller, bytesWritten) {\n bytesWritten = Number(bytesWritten);\n if (!IsFiniteNonNegativeNumber(bytesWritten)) {\n throw new RangeError('bytesWritten must be a finite');\n }\n ReadableByteStreamControllerRespondInternal(controller, bytesWritten);\n}\nfunction ReadableByteStreamControllerRespondWithNewView(controller, view) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) {\n throw new RangeError('The region specified by view does not match byobRequest');\n }\n if (firstDescriptor.byteLength !== view.byteLength) {\n throw new RangeError('The buffer of view has different capacity than byobRequest');\n }\n firstDescriptor.buffer = view.buffer;\n ReadableByteStreamControllerRespondInternal(controller, view.byteLength);\n}\nfunction SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) {\n controller._controlledReadableByteStream = stream;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._byobRequest = null;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._closeRequested = false;\n controller._started = false;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n controller._autoAllocateChunkSize = autoAllocateChunkSize;\n controller._pendingPullIntos = new SimpleQueue();\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableByteStreamControllerError(controller, r);\n });\n}\nfunction SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) {\n const controller = Object.create(ReadableByteStreamController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingByteSource.start !== undefined) {\n startAlgorithm = () => underlyingByteSource.start(controller);\n }\n if (underlyingByteSource.pull !== undefined) {\n pullAlgorithm = () => underlyingByteSource.pull(controller);\n }\n if (underlyingByteSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingByteSource.cancel(reason);\n }\n const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize;\n if (autoAllocateChunkSize === 0) {\n throw new TypeError('autoAllocateChunkSize must be greater than 0');\n }\n SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize);\n}\nfunction SetUpReadableStreamBYOBRequest(request, controller, view) {\n request._associatedReadableByteStreamController = controller;\n request._view = view;\n}\n// Helper functions for the ReadableStreamBYOBRequest.\nfunction byobRequestBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`);\n}\n// Helper functions for the ReadableByteStreamController.\nfunction byteStreamControllerBrandCheckException(name) {\n return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`);\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamBYOBReader(stream) {\n return new ReadableStreamBYOBReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadIntoRequest(stream, readIntoRequest) {\n stream._reader._readIntoRequests.push(readIntoRequest);\n}\nfunction ReadableStreamFulfillReadIntoRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readIntoRequest = reader._readIntoRequests.shift();\n if (done) {\n readIntoRequest._closeSteps(chunk);\n }\n else {\n readIntoRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadIntoRequests(stream) {\n return stream._reader._readIntoRequests.length;\n}\nfunction ReadableStreamHasBYOBReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamBYOBReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A BYOB reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamBYOBReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n if (!IsReadableByteStreamController(stream._readableStreamController)) {\n throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' +\n 'source');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readIntoRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Attempts to reads bytes into view, and returns a promise resolved with the result.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read(view) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('read'));\n }\n if (!ArrayBuffer.isView(view)) {\n return promiseRejectedWith(new TypeError('view must be an array buffer view'));\n }\n if (view.byteLength === 0) {\n return promiseRejectedWith(new TypeError('view must have non-zero byteLength'));\n }\n if (view.buffer.byteLength === 0) {\n return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readIntoRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: chunk => resolvePromise({ value: chunk, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamBYOBReaderRead(this, view, readIntoRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamBYOBReader(this)) {\n throw byobReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readIntoRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamBYOBReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamBYOBReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'errored') {\n readIntoRequest._errorSteps(stream._storedError);\n }\n else {\n ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest);\n }\n}\n// Helper functions for the ReadableStreamBYOBReader.\nfunction byobReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`);\n}\n\nfunction ExtractHighWaterMark(strategy, defaultHWM) {\n const { highWaterMark } = strategy;\n if (highWaterMark === undefined) {\n return defaultHWM;\n }\n if (NumberIsNaN(highWaterMark) || highWaterMark < 0) {\n throw new RangeError('Invalid highWaterMark');\n }\n return highWaterMark;\n}\nfunction ExtractSizeAlgorithm(strategy) {\n const { size } = strategy;\n if (!size) {\n return () => 1;\n }\n return size;\n}\n\nfunction convertQueuingStrategy(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n const size = init === null || init === void 0 ? void 0 : init.size;\n return {\n highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark),\n size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`)\n };\n}\nfunction convertQueuingStrategySize(fn, context) {\n assertFunction(fn, context);\n return chunk => convertUnrestrictedDouble(fn(chunk));\n}\n\nfunction convertUnderlyingSink(original, context) {\n assertDictionary(original, context);\n const abort = original === null || original === void 0 ? void 0 : original.abort;\n const close = original === null || original === void 0 ? void 0 : original.close;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n const write = original === null || original === void 0 ? void 0 : original.write;\n return {\n abort: abort === undefined ?\n undefined :\n convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`),\n close: close === undefined ?\n undefined :\n convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`),\n write: write === undefined ?\n undefined :\n convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`),\n type\n };\n}\nfunction convertUnderlyingSinkAbortCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSinkCloseCallback(fn, original, context) {\n assertFunction(fn, context);\n return () => promiseCall(fn, original, []);\n}\nfunction convertUnderlyingSinkStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSinkWriteCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\nfunction assertWritableStream(x, context) {\n if (!IsWritableStream(x)) {\n throw new TypeError(`${context} is not a WritableStream.`);\n }\n}\n\n/**\n * A writable stream represents a destination for data, into which you can write.\n *\n * @public\n */\nclass WritableStream {\n constructor(rawUnderlyingSink = {}, rawStrategy = {}) {\n if (rawUnderlyingSink === undefined) {\n rawUnderlyingSink = null;\n }\n else {\n assertObject(rawUnderlyingSink, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter');\n InitializeWritableStream(this);\n const type = underlyingSink.type;\n if (type !== undefined) {\n throw new RangeError('Invalid type is specified');\n }\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm);\n }\n /**\n * Returns whether or not the writable stream is locked to a writer.\n */\n get locked() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('locked');\n }\n return IsWritableStreamLocked(this);\n }\n /**\n * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be\n * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort\n * mechanism of the underlying sink.\n *\n * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled\n * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel\n * the stream) if the stream is currently locked.\n */\n abort(reason = undefined) {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('abort'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer'));\n }\n return WritableStreamAbort(this, reason);\n }\n /**\n * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its\n * close behavior. During this time any further attempts to write will fail (without erroring the stream).\n *\n * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream\n * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with\n * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked.\n */\n close() {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('close'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer'));\n }\n if (WritableStreamCloseQueuedOrInFlight(this)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamClose(this);\n }\n /**\n * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream\n * is locked, no other writer can be acquired until this one is released.\n *\n * This functionality is especially useful for creating abstractions that desire the ability to write to a stream\n * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at\n * the same time, which would cause the resulting written data to be unpredictable and probably useless.\n */\n getWriter() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('getWriter');\n }\n return AcquireWritableStreamDefaultWriter(this);\n }\n}\nObject.defineProperties(WritableStream.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n getWriter: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStream',\n configurable: true\n });\n}\n// Abstract operations for the WritableStream.\nfunction AcquireWritableStreamDefaultWriter(stream) {\n return new WritableStreamDefaultWriter(stream);\n}\n// Throws if and only if startAlgorithm throws.\nfunction CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(WritableStream.prototype);\n InitializeWritableStream(stream);\n const controller = Object.create(WritableStreamDefaultController.prototype);\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeWritableStream(stream) {\n stream._state = 'writable';\n // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is\n // 'erroring' or 'errored'. May be set to an undefined value.\n stream._storedError = undefined;\n stream._writer = undefined;\n // Initialize to undefined first because the constructor of the controller checks this\n // variable to validate the caller.\n stream._writableStreamController = undefined;\n // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data\n // producer without waiting for the queued writes to finish.\n stream._writeRequests = new SimpleQueue();\n // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents\n // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here.\n stream._inFlightWriteRequest = undefined;\n // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer\n // has been detached.\n stream._closeRequest = undefined;\n // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it\n // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here.\n stream._inFlightCloseRequest = undefined;\n // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached.\n stream._pendingAbortRequest = undefined;\n // The backpressure signal set by the controller.\n stream._backpressure = false;\n}\nfunction IsWritableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsWritableStreamLocked(stream) {\n if (stream._writer === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamAbort(stream, reason) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseResolvedWith(undefined);\n }\n if (stream._pendingAbortRequest !== undefined) {\n return stream._pendingAbortRequest._promise;\n }\n let wasAlreadyErroring = false;\n if (state === 'erroring') {\n wasAlreadyErroring = true;\n // reason will not be used, so don't keep a reference to it.\n reason = undefined;\n }\n const promise = newPromise((resolve, reject) => {\n stream._pendingAbortRequest = {\n _promise: undefined,\n _resolve: resolve,\n _reject: reject,\n _reason: reason,\n _wasAlreadyErroring: wasAlreadyErroring\n };\n });\n stream._pendingAbortRequest._promise = promise;\n if (!wasAlreadyErroring) {\n WritableStreamStartErroring(stream, reason);\n }\n return promise;\n}\nfunction WritableStreamClose(stream) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`));\n }\n const promise = newPromise((resolve, reject) => {\n const closeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._closeRequest = closeRequest;\n });\n const writer = stream._writer;\n if (writer !== undefined && stream._backpressure && state === 'writable') {\n defaultWriterReadyPromiseResolve(writer);\n }\n WritableStreamDefaultControllerClose(stream._writableStreamController);\n return promise;\n}\n// WritableStream API exposed for controllers.\nfunction WritableStreamAddWriteRequest(stream) {\n const promise = newPromise((resolve, reject) => {\n const writeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._writeRequests.push(writeRequest);\n });\n return promise;\n}\nfunction WritableStreamDealWithRejection(stream, error) {\n const state = stream._state;\n if (state === 'writable') {\n WritableStreamStartErroring(stream, error);\n return;\n }\n WritableStreamFinishErroring(stream);\n}\nfunction WritableStreamStartErroring(stream, reason) {\n const controller = stream._writableStreamController;\n stream._state = 'erroring';\n stream._storedError = reason;\n const writer = stream._writer;\n if (writer !== undefined) {\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason);\n }\n if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) {\n WritableStreamFinishErroring(stream);\n }\n}\nfunction WritableStreamFinishErroring(stream) {\n stream._state = 'errored';\n stream._writableStreamController[ErrorSteps]();\n const storedError = stream._storedError;\n stream._writeRequests.forEach(writeRequest => {\n writeRequest._reject(storedError);\n });\n stream._writeRequests = new SimpleQueue();\n if (stream._pendingAbortRequest === undefined) {\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const abortRequest = stream._pendingAbortRequest;\n stream._pendingAbortRequest = undefined;\n if (abortRequest._wasAlreadyErroring) {\n abortRequest._reject(storedError);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const promise = stream._writableStreamController[AbortSteps](abortRequest._reason);\n uponPromise(promise, () => {\n abortRequest._resolve();\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n }, (reason) => {\n abortRequest._reject(reason);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n });\n}\nfunction WritableStreamFinishInFlightWrite(stream) {\n stream._inFlightWriteRequest._resolve(undefined);\n stream._inFlightWriteRequest = undefined;\n}\nfunction WritableStreamFinishInFlightWriteWithError(stream, error) {\n stream._inFlightWriteRequest._reject(error);\n stream._inFlightWriteRequest = undefined;\n WritableStreamDealWithRejection(stream, error);\n}\nfunction WritableStreamFinishInFlightClose(stream) {\n stream._inFlightCloseRequest._resolve(undefined);\n stream._inFlightCloseRequest = undefined;\n const state = stream._state;\n if (state === 'erroring') {\n // The error was too late to do anything, so it is ignored.\n stream._storedError = undefined;\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._resolve();\n stream._pendingAbortRequest = undefined;\n }\n }\n stream._state = 'closed';\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseResolve(writer);\n }\n}\nfunction WritableStreamFinishInFlightCloseWithError(stream, error) {\n stream._inFlightCloseRequest._reject(error);\n stream._inFlightCloseRequest = undefined;\n // Never execute sink abort() after sink close().\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._reject(error);\n stream._pendingAbortRequest = undefined;\n }\n WritableStreamDealWithRejection(stream, error);\n}\n// TODO(ricea): Fix alphabetical order.\nfunction WritableStreamCloseQueuedOrInFlight(stream) {\n if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamHasOperationMarkedInFlight(stream) {\n if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamMarkCloseRequestInFlight(stream) {\n stream._inFlightCloseRequest = stream._closeRequest;\n stream._closeRequest = undefined;\n}\nfunction WritableStreamMarkFirstWriteRequestInFlight(stream) {\n stream._inFlightWriteRequest = stream._writeRequests.shift();\n}\nfunction WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) {\n if (stream._closeRequest !== undefined) {\n stream._closeRequest._reject(stream._storedError);\n stream._closeRequest = undefined;\n }\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseReject(writer, stream._storedError);\n }\n}\nfunction WritableStreamUpdateBackpressure(stream, backpressure) {\n const writer = stream._writer;\n if (writer !== undefined && backpressure !== stream._backpressure) {\n if (backpressure) {\n defaultWriterReadyPromiseReset(writer);\n }\n else {\n defaultWriterReadyPromiseResolve(writer);\n }\n }\n stream._backpressure = backpressure;\n}\n/**\n * A default writer vended by a {@link WritableStream}.\n *\n * @public\n */\nclass WritableStreamDefaultWriter {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter');\n assertWritableStream(stream, 'First parameter');\n if (IsWritableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive writing by another writer');\n }\n this._ownerWritableStream = stream;\n stream._writer = this;\n const state = stream._state;\n if (state === 'writable') {\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) {\n defaultWriterReadyPromiseInitialize(this);\n }\n else {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n }\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'erroring') {\n defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError);\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'closed') {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n defaultWriterClosedPromiseInitializeAsResolved(this);\n }\n else {\n const storedError = stream._storedError;\n defaultWriterReadyPromiseInitializeAsRejected(this, storedError);\n defaultWriterClosedPromiseInitializeAsRejected(this, storedError);\n }\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the writer’s lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full.\n * A producer can use this information to determine the right amount of data to write.\n *\n * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort\n * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when\n * the writer’s lock is released.\n */\n get desiredSize() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('desiredSize');\n }\n if (this._ownerWritableStream === undefined) {\n throw defaultWriterLockException('desiredSize');\n }\n return WritableStreamDefaultWriterGetDesiredSize(this);\n }\n /**\n * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions\n * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips\n * back to zero or below, the getter will return a new promise that stays pending until the next transition.\n *\n * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become\n * rejected.\n */\n get ready() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('ready'));\n }\n return this._readyPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}.\n */\n abort(reason = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('abort'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('abort'));\n }\n return WritableStreamDefaultWriterAbort(this, reason);\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}.\n */\n close() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('close'));\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('close'));\n }\n if (WritableStreamCloseQueuedOrInFlight(stream)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamDefaultWriterClose(this);\n }\n /**\n * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active.\n * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from\n * now on; otherwise, the writer will appear closed.\n *\n * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the\n * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled).\n * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents\n * other producers from writing in an interleaved manner.\n */\n releaseLock() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('releaseLock');\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return;\n }\n WritableStreamDefaultWriterRelease(this);\n }\n write(chunk = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('write'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n return WritableStreamDefaultWriterWrite(this, chunk);\n }\n}\nObject.defineProperties(WritableStreamDefaultWriter.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n releaseLock: { enumerable: true },\n write: { enumerable: true },\n closed: { enumerable: true },\n desiredSize: { enumerable: true },\n ready: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultWriter',\n configurable: true\n });\n}\n// Abstract operations for the WritableStreamDefaultWriter.\nfunction IsWritableStreamDefaultWriter(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) {\n return false;\n }\n return true;\n}\n// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check.\nfunction WritableStreamDefaultWriterAbort(writer, reason) {\n const stream = writer._ownerWritableStream;\n return WritableStreamAbort(stream, reason);\n}\nfunction WritableStreamDefaultWriterClose(writer) {\n const stream = writer._ownerWritableStream;\n return WritableStreamClose(stream);\n}\nfunction WritableStreamDefaultWriterCloseWithErrorPropagation(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n return WritableStreamDefaultWriterClose(writer);\n}\nfunction WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) {\n if (writer._closedPromiseState === 'pending') {\n defaultWriterClosedPromiseReject(writer, error);\n }\n else {\n defaultWriterClosedPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) {\n if (writer._readyPromiseState === 'pending') {\n defaultWriterReadyPromiseReject(writer, error);\n }\n else {\n defaultWriterReadyPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterGetDesiredSize(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (state === 'errored' || state === 'erroring') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController);\n}\nfunction WritableStreamDefaultWriterRelease(writer) {\n const stream = writer._ownerWritableStream;\n const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`);\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError);\n // The state transitions to \"errored\" before the sink abort() method runs, but the writer.closed promise is not\n // rejected until afterwards. This means that simply testing state will not work.\n WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError);\n stream._writer = undefined;\n writer._ownerWritableStream = undefined;\n}\nfunction WritableStreamDefaultWriterWrite(writer, chunk) {\n const stream = writer._ownerWritableStream;\n const controller = stream._writableStreamController;\n const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk);\n if (stream !== writer._ownerWritableStream) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n const state = stream._state;\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to'));\n }\n if (state === 'erroring') {\n return promiseRejectedWith(stream._storedError);\n }\n const promise = WritableStreamAddWriteRequest(stream);\n WritableStreamDefaultControllerWrite(controller, chunk, chunkSize);\n return promise;\n}\nconst closeSentinel = {};\n/**\n * Allows control of a {@link WritableStream | writable stream}'s state and internal queue.\n *\n * @public\n */\nclass WritableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`.\n *\n * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying\n * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the\n * normal lifecycle of interactions with the underlying sink.\n */\n error(e = undefined) {\n if (!IsWritableStreamDefaultController(this)) {\n throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController');\n }\n const state = this._controlledWritableStream._state;\n if (state !== 'writable') {\n // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so\n // just treat it as a no-op.\n return;\n }\n WritableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [AbortSteps](reason) {\n const result = this._abortAlgorithm(reason);\n WritableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [ErrorSteps]() {\n ResetQueue(this);\n }\n}\nObject.defineProperties(WritableStreamDefaultController.prototype, {\n error: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations implementing interface required by the WritableStream.\nfunction IsWritableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledWritableStream = stream;\n stream._writableStreamController = controller;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._writeAlgorithm = writeAlgorithm;\n controller._closeAlgorithm = closeAlgorithm;\n controller._abortAlgorithm = abortAlgorithm;\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n const startResult = startAlgorithm();\n const startPromise = promiseResolvedWith(startResult);\n uponPromise(startPromise, () => {\n controller._started = true;\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, r => {\n controller._started = true;\n WritableStreamDealWithRejection(stream, r);\n });\n}\nfunction SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(WritableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let writeAlgorithm = () => promiseResolvedWith(undefined);\n let closeAlgorithm = () => promiseResolvedWith(undefined);\n let abortAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSink.start !== undefined) {\n startAlgorithm = () => underlyingSink.start(controller);\n }\n if (underlyingSink.write !== undefined) {\n writeAlgorithm = chunk => underlyingSink.write(chunk, controller);\n }\n if (underlyingSink.close !== undefined) {\n closeAlgorithm = () => underlyingSink.close();\n }\n if (underlyingSink.abort !== undefined) {\n abortAlgorithm = reason => underlyingSink.abort(reason);\n }\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls.\nfunction WritableStreamDefaultControllerClearAlgorithms(controller) {\n controller._writeAlgorithm = undefined;\n controller._closeAlgorithm = undefined;\n controller._abortAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\nfunction WritableStreamDefaultControllerClose(controller) {\n EnqueueValueWithSize(controller, closeSentinel, 0);\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\nfunction WritableStreamDefaultControllerGetChunkSize(controller, chunk) {\n try {\n return controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE);\n return 1;\n }\n}\nfunction WritableStreamDefaultControllerGetDesiredSize(controller) {\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) {\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE);\n return;\n }\n const stream = controller._controlledWritableStream;\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\n// Abstract operations for the WritableStreamDefaultController.\nfunction WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) {\n const stream = controller._controlledWritableStream;\n if (!controller._started) {\n return;\n }\n if (stream._inFlightWriteRequest !== undefined) {\n return;\n }\n const state = stream._state;\n if (state === 'erroring') {\n WritableStreamFinishErroring(stream);\n return;\n }\n if (controller._queue.length === 0) {\n return;\n }\n const value = PeekQueueValue(controller);\n if (value === closeSentinel) {\n WritableStreamDefaultControllerProcessClose(controller);\n }\n else {\n WritableStreamDefaultControllerProcessWrite(controller, value);\n }\n}\nfunction WritableStreamDefaultControllerErrorIfNeeded(controller, error) {\n if (controller._controlledWritableStream._state === 'writable') {\n WritableStreamDefaultControllerError(controller, error);\n }\n}\nfunction WritableStreamDefaultControllerProcessClose(controller) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkCloseRequestInFlight(stream);\n DequeueValue(controller);\n const sinkClosePromise = controller._closeAlgorithm();\n WritableStreamDefaultControllerClearAlgorithms(controller);\n uponPromise(sinkClosePromise, () => {\n WritableStreamFinishInFlightClose(stream);\n }, reason => {\n WritableStreamFinishInFlightCloseWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerProcessWrite(controller, chunk) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkFirstWriteRequestInFlight(stream);\n const sinkWritePromise = controller._writeAlgorithm(chunk);\n uponPromise(sinkWritePromise, () => {\n WritableStreamFinishInFlightWrite(stream);\n const state = stream._state;\n DequeueValue(controller);\n if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, reason => {\n if (stream._state === 'writable') {\n WritableStreamDefaultControllerClearAlgorithms(controller);\n }\n WritableStreamFinishInFlightWriteWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerGetBackpressure(controller) {\n const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller);\n return desiredSize <= 0;\n}\n// A client of WritableStreamDefaultController may use these functions directly to bypass state check.\nfunction WritableStreamDefaultControllerError(controller, error) {\n const stream = controller._controlledWritableStream;\n WritableStreamDefaultControllerClearAlgorithms(controller);\n WritableStreamStartErroring(stream, error);\n}\n// Helper functions for the WritableStream.\nfunction streamBrandCheckException$2(name) {\n return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`);\n}\n// Helper functions for the WritableStreamDefaultWriter.\nfunction defaultWriterBrandCheckException(name) {\n return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`);\n}\nfunction defaultWriterLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released writer');\n}\nfunction defaultWriterClosedPromiseInitialize(writer) {\n writer._closedPromise = newPromise((resolve, reject) => {\n writer._closedPromise_resolve = resolve;\n writer._closedPromise_reject = reject;\n writer._closedPromiseState = 'pending';\n });\n}\nfunction defaultWriterClosedPromiseInitializeAsRejected(writer, reason) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseReject(writer, reason);\n}\nfunction defaultWriterClosedPromiseInitializeAsResolved(writer) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseResolve(writer);\n}\nfunction defaultWriterClosedPromiseReject(writer, reason) {\n if (writer._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._closedPromise);\n writer._closedPromise_reject(reason);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'rejected';\n}\nfunction defaultWriterClosedPromiseResetToRejected(writer, reason) {\n defaultWriterClosedPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterClosedPromiseResolve(writer) {\n if (writer._closedPromise_resolve === undefined) {\n return;\n }\n writer._closedPromise_resolve(undefined);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'resolved';\n}\nfunction defaultWriterReadyPromiseInitialize(writer) {\n writer._readyPromise = newPromise((resolve, reject) => {\n writer._readyPromise_resolve = resolve;\n writer._readyPromise_reject = reject;\n });\n writer._readyPromiseState = 'pending';\n}\nfunction defaultWriterReadyPromiseInitializeAsRejected(writer, reason) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseReject(writer, reason);\n}\nfunction defaultWriterReadyPromiseInitializeAsResolved(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseResolve(writer);\n}\nfunction defaultWriterReadyPromiseReject(writer, reason) {\n if (writer._readyPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._readyPromise);\n writer._readyPromise_reject(reason);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'rejected';\n}\nfunction defaultWriterReadyPromiseReset(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n}\nfunction defaultWriterReadyPromiseResetToRejected(writer, reason) {\n defaultWriterReadyPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterReadyPromiseResolve(writer) {\n if (writer._readyPromise_resolve === undefined) {\n return;\n }\n writer._readyPromise_resolve(undefined);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'fulfilled';\n}\n\nfunction isAbortSignal(value) {\n if (typeof value !== 'object' || value === null) {\n return false;\n }\n try {\n return typeof value.aborted === 'boolean';\n }\n catch (_a) {\n // AbortSignal.prototype.aborted throws if its brand check fails\n return false;\n }\n}\n\n/// \nconst NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined;\n\n/// \nfunction isDOMExceptionConstructor(ctor) {\n if (!(typeof ctor === 'function' || typeof ctor === 'object')) {\n return false;\n }\n try {\n new ctor();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction createDOMExceptionPolyfill() {\n // eslint-disable-next-line no-shadow\n const ctor = function DOMException(message, name) {\n this.message = message || '';\n this.name = name || 'Error';\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n };\n ctor.prototype = Object.create(Error.prototype);\n Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true });\n return ctor;\n}\n// eslint-disable-next-line no-redeclare\nconst DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill();\n\nfunction ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) {\n const reader = AcquireReadableStreamDefaultReader(source);\n const writer = AcquireWritableStreamDefaultWriter(dest);\n source._disturbed = true;\n let shuttingDown = false;\n // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown.\n let currentWrite = promiseResolvedWith(undefined);\n return newPromise((resolve, reject) => {\n let abortAlgorithm;\n if (signal !== undefined) {\n abortAlgorithm = () => {\n const error = new DOMException$1('Aborted', 'AbortError');\n const actions = [];\n if (!preventAbort) {\n actions.push(() => {\n if (dest._state === 'writable') {\n return WritableStreamAbort(dest, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n if (!preventCancel) {\n actions.push(() => {\n if (source._state === 'readable') {\n return ReadableStreamCancel(source, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error);\n };\n if (signal.aborted) {\n abortAlgorithm();\n return;\n }\n signal.addEventListener('abort', abortAlgorithm);\n }\n // Using reader and writer, read all chunks from this and write them to dest\n // - Backpressure must be enforced\n // - Shutdown must stop all activity\n function pipeLoop() {\n return newPromise((resolveLoop, rejectLoop) => {\n function next(done) {\n if (done) {\n resolveLoop();\n }\n else {\n // Use `PerformPromiseThen` instead of `uponPromise` to avoid\n // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers\n PerformPromiseThen(pipeStep(), next, rejectLoop);\n }\n }\n next(false);\n });\n }\n function pipeStep() {\n if (shuttingDown) {\n return promiseResolvedWith(true);\n }\n return PerformPromiseThen(writer._readyPromise, () => {\n return newPromise((resolveRead, rejectRead) => {\n ReadableStreamDefaultReaderRead(reader, {\n _chunkSteps: chunk => {\n currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop);\n resolveRead(false);\n },\n _closeSteps: () => resolveRead(true),\n _errorSteps: rejectRead\n });\n });\n });\n }\n // Errors must be propagated forward\n isOrBecomesErrored(source, reader._closedPromise, storedError => {\n if (!preventAbort) {\n shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Errors must be propagated backward\n isOrBecomesErrored(dest, writer._closedPromise, storedError => {\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Closing must be propagated forward\n isOrBecomesClosed(source, reader._closedPromise, () => {\n if (!preventClose) {\n shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer));\n }\n else {\n shutdown();\n }\n });\n // Closing must be propagated backward\n if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') {\n const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it');\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed);\n }\n else {\n shutdown(true, destClosed);\n }\n }\n setPromiseIsHandledToTrue(pipeLoop());\n function waitForWritesToFinish() {\n // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait\n // for that too.\n const oldCurrentWrite = currentWrite;\n return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined);\n }\n function isOrBecomesErrored(stream, promise, action) {\n if (stream._state === 'errored') {\n action(stream._storedError);\n }\n else {\n uponRejection(promise, action);\n }\n }\n function isOrBecomesClosed(stream, promise, action) {\n if (stream._state === 'closed') {\n action();\n }\n else {\n uponFulfillment(promise, action);\n }\n }\n function shutdownWithAction(action, originalIsError, originalError) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), doTheRest);\n }\n else {\n doTheRest();\n }\n function doTheRest() {\n uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError));\n }\n }\n function shutdown(isError, error) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error));\n }\n else {\n finalize(isError, error);\n }\n }\n function finalize(isError, error) {\n WritableStreamDefaultWriterRelease(writer);\n ReadableStreamReaderGenericRelease(reader);\n if (signal !== undefined) {\n signal.removeEventListener('abort', abortAlgorithm);\n }\n if (isError) {\n reject(error);\n }\n else {\n resolve(undefined);\n }\n }\n });\n}\n\n/**\n * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('desiredSize');\n }\n return ReadableStreamDefaultControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('close');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits close');\n }\n ReadableStreamDefaultControllerClose(this);\n }\n enqueue(chunk = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('enqueue');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits enqueue');\n }\n return ReadableStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('error');\n }\n ReadableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableStream;\n if (this._queue.length > 0) {\n const chunk = DequeueValue(this);\n if (this._closeRequested && this._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(this);\n ReadableStreamClose(stream);\n }\n else {\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n readRequest._chunkSteps(chunk);\n }\n else {\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n }\n}\nObject.defineProperties(ReadableStreamDefaultController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableStreamDefaultController.\nfunction IsReadableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableStreamDefaultControllerError(controller, e);\n });\n}\nfunction ReadableStreamDefaultControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableStream;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableStreamDefaultControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\n// A client of ReadableStreamDefaultController may use these functions directly to bypass state check.\nfunction ReadableStreamDefaultControllerClose(controller) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n controller._closeRequested = true;\n if (controller._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n }\n}\nfunction ReadableStreamDefaultControllerEnqueue(controller, chunk) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n ReadableStreamFulfillReadRequest(stream, chunk, false);\n }\n else {\n let chunkSize;\n try {\n chunkSize = controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n ReadableStreamDefaultControllerError(controller, chunkSizeE);\n throw chunkSizeE;\n }\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n ReadableStreamDefaultControllerError(controller, enqueueE);\n throw enqueueE;\n }\n }\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n}\nfunction ReadableStreamDefaultControllerError(controller, e) {\n const stream = controller._controlledReadableStream;\n if (stream._state !== 'readable') {\n return;\n }\n ResetQueue(controller);\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableStreamDefaultControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\n// This is used in the implementation of TransformStream.\nfunction ReadableStreamDefaultControllerHasBackpressure(controller) {\n if (ReadableStreamDefaultControllerShouldCallPull(controller)) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) {\n const state = controller._controlledReadableStream._state;\n if (!controller._closeRequested && state === 'readable') {\n return true;\n }\n return false;\n}\nfunction SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledReadableStream = stream;\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._closeRequested = false;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableStreamDefaultControllerError(controller, r);\n });\n}\nfunction SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSource.start !== undefined) {\n startAlgorithm = () => underlyingSource.start(controller);\n }\n if (underlyingSource.pull !== undefined) {\n pullAlgorithm = () => underlyingSource.pull(controller);\n }\n if (underlyingSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingSource.cancel(reason);\n }\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// Helper functions for the ReadableStreamDefaultController.\nfunction defaultControllerBrandCheckException$1(name) {\n return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`);\n}\n\nfunction ReadableStreamTee(stream, cloneForBranch2) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n let reading = false;\n let canceled1 = false;\n let canceled2 = false;\n let reason1;\n let reason2;\n let branch1;\n let branch2;\n let resolveCancelPromise;\n const cancelPromise = newPromise(resolve => {\n resolveCancelPromise = resolve;\n });\n function pullAlgorithm() {\n if (reading) {\n return promiseResolvedWith(undefined);\n }\n reading = true;\n const readRequest = {\n _chunkSteps: value => {\n // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using\n // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let\n // successful synchronously-available reads get ahead of asynchronously-available errors.\n queueMicrotask(() => {\n reading = false;\n const value1 = value;\n const value2 = value;\n // There is no way to access the cloning code right now in the reference implementation.\n // If we add one then we'll need an implementation for serializable objects.\n // if (!canceled2 && cloneForBranch2) {\n // value2 = StructuredDeserialize(StructuredSerialize(value2));\n // }\n if (!canceled1) {\n ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2);\n }\n });\n },\n _closeSteps: () => {\n reading = false;\n if (!canceled1) {\n ReadableStreamDefaultControllerClose(branch1._readableStreamController);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerClose(branch2._readableStreamController);\n }\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n },\n _errorSteps: () => {\n reading = false;\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promiseResolvedWith(undefined);\n }\n function cancel1Algorithm(reason) {\n canceled1 = true;\n reason1 = reason;\n if (canceled2) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function cancel2Algorithm(reason) {\n canceled2 = true;\n reason2 = reason;\n if (canceled1) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function startAlgorithm() {\n // do nothing\n }\n branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm);\n branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm);\n uponRejection(reader._closedPromise, (r) => {\n ReadableStreamDefaultControllerError(branch1._readableStreamController, r);\n ReadableStreamDefaultControllerError(branch2._readableStreamController, r);\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n });\n return [branch1, branch2];\n}\n\nfunction convertUnderlyingDefaultOrByteSource(source, context) {\n assertDictionary(source, context);\n const original = source;\n const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize;\n const cancel = original === null || original === void 0 ? void 0 : original.cancel;\n const pull = original === null || original === void 0 ? void 0 : original.pull;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n return {\n autoAllocateChunkSize: autoAllocateChunkSize === undefined ?\n undefined :\n convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`),\n cancel: cancel === undefined ?\n undefined :\n convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`),\n pull: pull === undefined ?\n undefined :\n convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`),\n type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`)\n };\n}\nfunction convertUnderlyingSourceCancelCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSourcePullCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSourceStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertReadableStreamType(type, context) {\n type = `${type}`;\n if (type !== 'bytes') {\n throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`);\n }\n return type;\n}\n\nfunction convertReaderOptions(options, context) {\n assertDictionary(options, context);\n const mode = options === null || options === void 0 ? void 0 : options.mode;\n return {\n mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`)\n };\n}\nfunction convertReadableStreamReaderMode(mode, context) {\n mode = `${mode}`;\n if (mode !== 'byob') {\n throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`);\n }\n return mode;\n}\n\nfunction convertIteratorOptions(options, context) {\n assertDictionary(options, context);\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n return { preventCancel: Boolean(preventCancel) };\n}\n\nfunction convertPipeOptions(options, context) {\n assertDictionary(options, context);\n const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort;\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n const preventClose = options === null || options === void 0 ? void 0 : options.preventClose;\n const signal = options === null || options === void 0 ? void 0 : options.signal;\n if (signal !== undefined) {\n assertAbortSignal(signal, `${context} has member 'signal' that`);\n }\n return {\n preventAbort: Boolean(preventAbort),\n preventCancel: Boolean(preventCancel),\n preventClose: Boolean(preventClose),\n signal\n };\n}\nfunction assertAbortSignal(signal, context) {\n if (!isAbortSignal(signal)) {\n throw new TypeError(`${context} is not an AbortSignal.`);\n }\n}\n\nfunction convertReadableWritablePair(pair, context) {\n assertDictionary(pair, context);\n const readable = pair === null || pair === void 0 ? void 0 : pair.readable;\n assertRequiredField(readable, 'readable', 'ReadableWritablePair');\n assertReadableStream(readable, `${context} has member 'readable' that`);\n const writable = pair === null || pair === void 0 ? void 0 : pair.writable;\n assertRequiredField(writable, 'writable', 'ReadableWritablePair');\n assertWritableStream(writable, `${context} has member 'writable' that`);\n return { readable, writable };\n}\n\n/**\n * A readable stream represents a source of data, from which you can read.\n *\n * @public\n */\nclass ReadableStream {\n constructor(rawUnderlyingSource = {}, rawStrategy = {}) {\n if (rawUnderlyingSource === undefined) {\n rawUnderlyingSource = null;\n }\n else {\n assertObject(rawUnderlyingSource, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter');\n InitializeReadableStream(this);\n if (underlyingSource.type === 'bytes') {\n if (strategy.size !== undefined) {\n throw new RangeError('The strategy for a byte stream cannot have a size function');\n }\n const highWaterMark = ExtractHighWaterMark(strategy, 0);\n SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark);\n }\n else {\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm);\n }\n }\n /**\n * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}.\n */\n get locked() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('locked');\n }\n return IsReadableStreamLocked(this);\n }\n /**\n * Cancels the stream, signaling a loss of interest in the stream by a consumer.\n *\n * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()}\n * method, which might or might not use it.\n */\n cancel(reason = undefined) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('cancel'));\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader'));\n }\n return ReadableStreamCancel(this, reason);\n }\n getReader(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('getReader');\n }\n const options = convertReaderOptions(rawOptions, 'First parameter');\n if (options.mode === undefined) {\n return AcquireReadableStreamDefaultReader(this);\n }\n return AcquireReadableStreamBYOBReader(this);\n }\n pipeThrough(rawTransform, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('pipeThrough');\n }\n assertRequiredArgument(rawTransform, 1, 'pipeThrough');\n const transform = convertReadableWritablePair(rawTransform, 'First parameter');\n const options = convertPipeOptions(rawOptions, 'Second parameter');\n if (IsReadableStreamLocked(this)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream');\n }\n if (IsWritableStreamLocked(transform.writable)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream');\n }\n const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n setPromiseIsHandledToTrue(promise);\n return transform.readable;\n }\n pipeTo(destination, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('pipeTo'));\n }\n if (destination === undefined) {\n return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`);\n }\n if (!IsWritableStream(destination)) {\n return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`));\n }\n let options;\n try {\n options = convertPipeOptions(rawOptions, 'Second parameter');\n }\n catch (e) {\n return promiseRejectedWith(e);\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream'));\n }\n if (IsWritableStreamLocked(destination)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream'));\n }\n return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n }\n /**\n * Tees this readable stream, returning a two-element array containing the two resulting branches as\n * new {@link ReadableStream} instances.\n *\n * Teeing a stream will lock it, preventing any other consumer from acquiring a reader.\n * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be\n * propagated to the stream's underlying source.\n *\n * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable,\n * this could allow interference between the two branches.\n */\n tee() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('tee');\n }\n const branches = ReadableStreamTee(this);\n return CreateArrayFromList(branches);\n }\n values(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('values');\n }\n const options = convertIteratorOptions(rawOptions, 'First parameter');\n return AcquireReadableStreamAsyncIterator(this, options.preventCancel);\n }\n}\nObject.defineProperties(ReadableStream.prototype, {\n cancel: { enumerable: true },\n getReader: { enumerable: true },\n pipeThrough: { enumerable: true },\n pipeTo: { enumerable: true },\n tee: { enumerable: true },\n values: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStream',\n configurable: true\n });\n}\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, {\n value: ReadableStream.prototype.values,\n writable: true,\n configurable: true\n });\n}\n// Abstract operations for the ReadableStream.\n// Throws if and only if startAlgorithm throws.\nfunction CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(ReadableStream.prototype);\n InitializeReadableStream(stream);\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeReadableStream(stream) {\n stream._state = 'readable';\n stream._reader = undefined;\n stream._storedError = undefined;\n stream._disturbed = false;\n}\nfunction IsReadableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamLocked(stream) {\n if (stream._reader === undefined) {\n return false;\n }\n return true;\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamCancel(stream, reason) {\n stream._disturbed = true;\n if (stream._state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (stream._state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n ReadableStreamClose(stream);\n const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason);\n return transformPromiseWith(sourceCancelPromise, noop);\n}\nfunction ReadableStreamClose(stream) {\n stream._state = 'closed';\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseResolve(reader);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._closeSteps();\n });\n reader._readRequests = new SimpleQueue();\n }\n}\nfunction ReadableStreamError(stream, e) {\n stream._state = 'errored';\n stream._storedError = e;\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseReject(reader, e);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._errorSteps(e);\n });\n reader._readRequests = new SimpleQueue();\n }\n else {\n reader._readIntoRequests.forEach(readIntoRequest => {\n readIntoRequest._errorSteps(e);\n });\n reader._readIntoRequests = new SimpleQueue();\n }\n}\n// Helper functions for the ReadableStream.\nfunction streamBrandCheckException$1(name) {\n return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`);\n}\n\nfunction convertQueuingStrategyInit(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit');\n return {\n highWaterMark: convertUnrestrictedDouble(highWaterMark)\n };\n}\n\nconst byteLengthSizeFunction = function size(chunk) {\n return chunk.byteLength;\n};\n/**\n * A queuing strategy that counts the number of bytes in each chunk.\n *\n * @public\n */\nclass ByteLengthQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('highWaterMark');\n }\n return this._byteLengthQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by returning the value of its `byteLength` property.\n */\n get size() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('size');\n }\n return byteLengthSizeFunction;\n }\n}\nObject.defineProperties(ByteLengthQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'ByteLengthQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the ByteLengthQueuingStrategy.\nfunction byteLengthBrandCheckException(name) {\n return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`);\n}\nfunction IsByteLengthQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nconst countSizeFunction = function size() {\n return 1;\n};\n/**\n * A queuing strategy that counts the number of chunks.\n *\n * @public\n */\nclass CountQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'CountQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._countQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('highWaterMark');\n }\n return this._countQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by always returning 1.\n * This ensures that the total queue size is a count of the number of chunks in the queue.\n */\n get size() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('size');\n }\n return countSizeFunction;\n }\n}\nObject.defineProperties(CountQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'CountQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the CountQueuingStrategy.\nfunction countBrandCheckException(name) {\n return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`);\n}\nfunction IsCountQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nfunction convertTransformer(original, context) {\n assertDictionary(original, context);\n const flush = original === null || original === void 0 ? void 0 : original.flush;\n const readableType = original === null || original === void 0 ? void 0 : original.readableType;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const transform = original === null || original === void 0 ? void 0 : original.transform;\n const writableType = original === null || original === void 0 ? void 0 : original.writableType;\n return {\n flush: flush === undefined ?\n undefined :\n convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`),\n readableType,\n start: start === undefined ?\n undefined :\n convertTransformerStartCallback(start, original, `${context} has member 'start' that`),\n transform: transform === undefined ?\n undefined :\n convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`),\n writableType\n };\n}\nfunction convertTransformerFlushCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertTransformerStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertTransformerTransformCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\n// Class TransformStream\n/**\n * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream},\n * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side.\n * In a manner specific to the transform stream in question, writes to the writable side result in new data being\n * made available for reading from the readable side.\n *\n * @public\n */\nclass TransformStream {\n constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) {\n if (rawTransformer === undefined) {\n rawTransformer = null;\n }\n const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter');\n const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter');\n const transformer = convertTransformer(rawTransformer, 'First parameter');\n if (transformer.readableType !== undefined) {\n throw new RangeError('Invalid readableType specified');\n }\n if (transformer.writableType !== undefined) {\n throw new RangeError('Invalid writableType specified');\n }\n const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0);\n const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy);\n const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1);\n const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy);\n let startPromise_resolve;\n const startPromise = newPromise(resolve => {\n startPromise_resolve = resolve;\n });\n InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n SetUpTransformStreamDefaultControllerFromTransformer(this, transformer);\n if (transformer.start !== undefined) {\n startPromise_resolve(transformer.start(this._transformStreamController));\n }\n else {\n startPromise_resolve(undefined);\n }\n }\n /**\n * The readable side of the transform stream.\n */\n get readable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('readable');\n }\n return this._readable;\n }\n /**\n * The writable side of the transform stream.\n */\n get writable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('writable');\n }\n return this._writable;\n }\n}\nObject.defineProperties(TransformStream.prototype, {\n readable: { enumerable: true },\n writable: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStream',\n configurable: true\n });\n}\nfunction InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) {\n function startAlgorithm() {\n return startPromise;\n }\n function writeAlgorithm(chunk) {\n return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk);\n }\n function abortAlgorithm(reason) {\n return TransformStreamDefaultSinkAbortAlgorithm(stream, reason);\n }\n function closeAlgorithm() {\n return TransformStreamDefaultSinkCloseAlgorithm(stream);\n }\n stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm);\n function pullAlgorithm() {\n return TransformStreamDefaultSourcePullAlgorithm(stream);\n }\n function cancelAlgorithm(reason) {\n TransformStreamErrorWritableAndUnblockWrite(stream, reason);\n return promiseResolvedWith(undefined);\n }\n stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure.\n stream._backpressure = undefined;\n stream._backpressureChangePromise = undefined;\n stream._backpressureChangePromise_resolve = undefined;\n TransformStreamSetBackpressure(stream, true);\n stream._transformStreamController = undefined;\n}\nfunction IsTransformStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) {\n return false;\n }\n return true;\n}\n// This is a no-op if both sides are already errored.\nfunction TransformStreamError(stream, e) {\n ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e);\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n}\nfunction TransformStreamErrorWritableAndUnblockWrite(stream, e) {\n TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController);\n WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e);\n if (stream._backpressure) {\n // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure()\n // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time\n // _backpressure is set.\n TransformStreamSetBackpressure(stream, false);\n }\n}\nfunction TransformStreamSetBackpressure(stream, backpressure) {\n // Passes also when called during construction.\n if (stream._backpressureChangePromise !== undefined) {\n stream._backpressureChangePromise_resolve();\n }\n stream._backpressureChangePromise = newPromise(resolve => {\n stream._backpressureChangePromise_resolve = resolve;\n });\n stream._backpressure = backpressure;\n}\n// Class TransformStreamDefaultController\n/**\n * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}.\n *\n * @public\n */\nclass TransformStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full.\n */\n get desiredSize() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('desiredSize');\n }\n const readableController = this._controlledTransformStream._readable._readableStreamController;\n return ReadableStreamDefaultControllerGetDesiredSize(readableController);\n }\n enqueue(chunk = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('enqueue');\n }\n TransformStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors both the readable side and the writable side of the controlled transform stream, making all future\n * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded.\n */\n error(reason = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('error');\n }\n TransformStreamDefaultControllerError(this, reason);\n }\n /**\n * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the\n * transformer only needs to consume a portion of the chunks written to the writable side.\n */\n terminate() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('terminate');\n }\n TransformStreamDefaultControllerTerminate(this);\n }\n}\nObject.defineProperties(TransformStreamDefaultController.prototype, {\n enqueue: { enumerable: true },\n error: { enumerable: true },\n terminate: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStreamDefaultController',\n configurable: true\n });\n}\n// Transform Stream Default Controller Abstract Operations\nfunction IsTransformStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) {\n controller._controlledTransformStream = stream;\n stream._transformStreamController = controller;\n controller._transformAlgorithm = transformAlgorithm;\n controller._flushAlgorithm = flushAlgorithm;\n}\nfunction SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) {\n const controller = Object.create(TransformStreamDefaultController.prototype);\n let transformAlgorithm = (chunk) => {\n try {\n TransformStreamDefaultControllerEnqueue(controller, chunk);\n return promiseResolvedWith(undefined);\n }\n catch (transformResultE) {\n return promiseRejectedWith(transformResultE);\n }\n };\n let flushAlgorithm = () => promiseResolvedWith(undefined);\n if (transformer.transform !== undefined) {\n transformAlgorithm = chunk => transformer.transform(chunk, controller);\n }\n if (transformer.flush !== undefined) {\n flushAlgorithm = () => transformer.flush(controller);\n }\n SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm);\n}\nfunction TransformStreamDefaultControllerClearAlgorithms(controller) {\n controller._transformAlgorithm = undefined;\n controller._flushAlgorithm = undefined;\n}\nfunction TransformStreamDefaultControllerEnqueue(controller, chunk) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) {\n throw new TypeError('Readable side is not in a state that permits enqueue');\n }\n // We throttle transform invocations based on the backpressure of the ReadableStream, but we still\n // accept TransformStreamDefaultControllerEnqueue() calls.\n try {\n ReadableStreamDefaultControllerEnqueue(readableController, chunk);\n }\n catch (e) {\n // This happens when readableStrategy.size() throws.\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n throw stream._readable._storedError;\n }\n const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController);\n if (backpressure !== stream._backpressure) {\n TransformStreamSetBackpressure(stream, true);\n }\n}\nfunction TransformStreamDefaultControllerError(controller, e) {\n TransformStreamError(controller._controlledTransformStream, e);\n}\nfunction TransformStreamDefaultControllerPerformTransform(controller, chunk) {\n const transformPromise = controller._transformAlgorithm(chunk);\n return transformPromiseWith(transformPromise, undefined, r => {\n TransformStreamError(controller._controlledTransformStream, r);\n throw r;\n });\n}\nfunction TransformStreamDefaultControllerTerminate(controller) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n ReadableStreamDefaultControllerClose(readableController);\n const error = new TypeError('TransformStream terminated');\n TransformStreamErrorWritableAndUnblockWrite(stream, error);\n}\n// TransformStreamDefaultSink Algorithms\nfunction TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) {\n const controller = stream._transformStreamController;\n if (stream._backpressure) {\n const backpressureChangePromise = stream._backpressureChangePromise;\n return transformPromiseWith(backpressureChangePromise, () => {\n const writable = stream._writable;\n const state = writable._state;\n if (state === 'erroring') {\n throw writable._storedError;\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n });\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n}\nfunction TransformStreamDefaultSinkAbortAlgorithm(stream, reason) {\n // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already\n // errored.\n TransformStreamError(stream, reason);\n return promiseResolvedWith(undefined);\n}\nfunction TransformStreamDefaultSinkCloseAlgorithm(stream) {\n // stream._readable cannot change after construction, so caching it across a call to user code is safe.\n const readable = stream._readable;\n const controller = stream._transformStreamController;\n const flushPromise = controller._flushAlgorithm();\n TransformStreamDefaultControllerClearAlgorithms(controller);\n // Return a promise that is fulfilled with undefined on success.\n return transformPromiseWith(flushPromise, () => {\n if (readable._state === 'errored') {\n throw readable._storedError;\n }\n ReadableStreamDefaultControllerClose(readable._readableStreamController);\n }, r => {\n TransformStreamError(stream, r);\n throw readable._storedError;\n });\n}\n// TransformStreamDefaultSource Algorithms\nfunction TransformStreamDefaultSourcePullAlgorithm(stream) {\n // Invariant. Enforced by the promises returned by start() and pull().\n TransformStreamSetBackpressure(stream, false);\n // Prevent the next pull() call until there is backpressure.\n return stream._backpressureChangePromise;\n}\n// Helper functions for the TransformStreamDefaultController.\nfunction defaultControllerBrandCheckException(name) {\n return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`);\n}\n// Helper functions for the TransformStream.\nfunction streamBrandCheckException(name) {\n return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`);\n}\n\nexport { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter };\n//# sourceMappingURL=ponyfill.es6.mjs.map\n"],"names":["SymbolPolyfill","Symbol","iterator","description","noop","globals","self","window","global","typeIsObject","x","rethrowAssertionErrorRejection","originalPromise","Promise","originalPromiseThen","prototype","then","originalPromiseResolve","resolve","bind","originalPromiseReject","reject","newPromise","executor","promiseResolvedWith","value","promiseRejectedWith","reason","PerformPromiseThen","promise","onFulfilled","onRejected","call","uponPromise","undefined","uponFulfillment","uponRejection","transformPromiseWith","fulfillmentHandler","rejectionHandler","setPromiseIsHandledToTrue","queueMicrotask","globalQueueMicrotask","resolvedPromise","fn","reflectCall","F","V","args","TypeError","Function","apply","promiseCall","SimpleQueue","constructor","this","_cursor","_size","_front","_elements","_next","_back","length","push","element","oldBack","newBack","QUEUE_MAX_ARRAY_SIZE","shift","oldFront","newFront","oldCursor","newCursor","elements","forEach","callback","i","node","peek","front","cursor","ReadableStreamReaderGenericInitialize","reader","stream","_ownerReadableStream","_reader","_state","defaultReaderClosedPromiseInitialize","defaultReaderClosedPromiseResolve","defaultReaderClosedPromiseInitializeAsResolved","defaultReaderClosedPromiseInitializeAsRejected","_storedError","ReadableStreamReaderGenericCancel","ReadableStreamCancel","ReadableStreamReaderGenericRelease","defaultReaderClosedPromiseReject","defaultReaderClosedPromiseResetToRejected","readerLockException","name","_closedPromise","_closedPromise_resolve","_closedPromise_reject","AbortSteps","ErrorSteps","CancelSteps","PullSteps","NumberIsFinite","Number","isFinite","MathTrunc","Math","trunc","v","ceil","floor","assertDictionary","obj","context","assertFunction","assertObject","isObject","assertRequiredArgument","position","assertRequiredField","field","convertUnrestrictedDouble","censorNegativeZero","convertUnsignedLongLongWithEnforceRange","upperBound","MAX_SAFE_INTEGER","integerPart","assertReadableStream","IsReadableStream","AcquireReadableStreamDefaultReader","ReadableStreamDefaultReader","ReadableStreamAddReadRequest","readRequest","_readRequests","ReadableStreamFulfillReadRequest","chunk","done","_closeSteps","_chunkSteps","ReadableStreamGetNumReadRequests","ReadableStreamHasDefaultReader","IsReadableStreamDefaultReader","IsReadableStreamLocked","closed","defaultReaderBrandCheckException","cancel","read","resolvePromise","rejectPromise","ReadableStreamDefaultReaderRead","_errorSteps","e","releaseLock","Object","hasOwnProperty","_disturbed","_readableStreamController","AsyncIteratorPrototype","defineProperties","enumerable","toStringTag","defineProperty","configurable","asyncIterator","ReadableStreamAsyncIteratorImpl","preventCancel","_ongoingPromise","_isFinished","_preventCancel","next","nextSteps","_nextSteps","return","returnSteps","_returnSteps","result","ReadableStreamAsyncIteratorPrototype","IsReadableStreamAsyncIterator","_asyncIteratorImpl","streamAsyncIteratorBrandCheckException","setPrototypeOf","NumberIsNaN","isNaN","IsFiniteNonNegativeNumber","IsNonNegativeNumber","Infinity","DequeueValue","container","pair","_queue","_queueTotalSize","size","EnqueueValueWithSize","RangeError","ResetQueue","CreateArrayFromList","slice","ReadableStreamBYOBRequest","view","IsReadableStreamBYOBRequest","byobRequestBrandCheckException","_view","respond","bytesWritten","_associatedReadableByteStreamController","buffer","controller","ReadableByteStreamControllerRespondInternal","ReadableByteStreamControllerRespond","respondWithNewView","ArrayBuffer","isView","byteLength","firstDescriptor","_pendingPullIntos","byteOffset","bytesFilled","ReadableByteStreamControllerRespondWithNewView","ReadableByteStreamController","byobRequest","IsReadableByteStreamController","byteStreamControllerBrandCheckException","_byobRequest","Uint8Array","create","request","SetUpReadableStreamBYOBRequest","desiredSize","ReadableByteStreamControllerGetDesiredSize","close","_closeRequested","state","_controlledReadableByteStream","ReadableByteStreamControllerError","ReadableByteStreamControllerClearAlgorithms","ReadableStreamClose","ReadableByteStreamControllerClose","enqueue","transferredBuffer","ReadableByteStreamControllerEnqueueChunkToQueue","ReadableStreamHasBYOBReader","ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue","ReadableByteStreamControllerCallPullIfNeeded","ReadableByteStreamControllerEnqueue","error","_cancelAlgorithm","entry","ReadableByteStreamControllerHandleQueueDrain","autoAllocateChunkSize","_autoAllocateChunkSize","bufferE","pullIntoDescriptor","elementSize","viewConstructor","readerType","shouldPull","_started","ReadableStreamGetNumReadIntoRequests","ReadableByteStreamControllerShouldCallPull","_pulling","_pullAgain","_pullAlgorithm","ReadableByteStreamControllerCommitPullIntoDescriptor","filledView","ReadableByteStreamControllerConvertPullIntoDescriptor","readIntoRequest","_readIntoRequests","ReadableStreamFulfillReadIntoRequest","ReadableByteStreamControllerFillPullIntoDescriptorFromQueue","currentAlignedBytes","maxBytesToCopy","min","maxBytesFilled","maxAlignedBytes","totalBytesToCopyRemaining","ready","queue","headOfQueue","bytesToCopy","destStart","dest","destOffset","src","srcOffset","n","set","ReadableByteStreamControllerFillHeadPullIntoDescriptor","ReadableByteStreamControllerInvalidateBYOBRequest","ReadableByteStreamControllerShiftPendingPullInto","ReadableByteStreamControllerRespondInClosedState","remainderSize","end","remainder","ReadableByteStreamControllerRespondInReadableState","descriptor","ReadableByteStreamControllerClearPendingPullIntos","ReadableStreamError","_strategyHWM","SetUpReadableByteStreamControllerFromUnderlyingSource","underlyingByteSource","highWaterMark","startAlgorithm","pullAlgorithm","cancelAlgorithm","start","pull","r","SetUpReadableByteStreamController","ReadableStreamAddReadIntoRequest","IsReadableStreamBYOBReader","ReadableStreamBYOBReader","byobReaderBrandCheckException","DataView","BYTES_PER_ELEMENT","ctor","emptyView","ReadableByteStreamControllerPullInto","ReadableStreamBYOBReaderRead","ExtractHighWaterMark","strategy","defaultHWM","ExtractSizeAlgorithm","convertQueuingStrategy","init","convertQueuingStrategySize","convertUnderlyingSinkAbortCallback","original","convertUnderlyingSinkCloseCallback","convertUnderlyingSinkStartCallback","convertUnderlyingSinkWriteCallback","assertWritableStream","IsWritableStream","WritableStream","rawUnderlyingSink","rawStrategy","underlyingSink","abort","type","write","convertUnderlyingSink","InitializeWritableStream","sizeAlgorithm","WritableStreamDefaultController","writeAlgorithm","closeAlgorithm","abortAlgorithm","SetUpWritableStreamDefaultController","SetUpWritableStreamDefaultControllerFromUnderlyingSink","locked","streamBrandCheckException$2","IsWritableStreamLocked","WritableStreamAbort","WritableStreamCloseQueuedOrInFlight","WritableStreamClose","getWriter","AcquireWritableStreamDefaultWriter","WritableStreamDefaultWriter","_writer","_writableStreamController","_writeRequests","_inFlightWriteRequest","_closeRequest","_inFlightCloseRequest","_pendingAbortRequest","_backpressure","_promise","wasAlreadyErroring","_resolve","_reject","_reason","_wasAlreadyErroring","WritableStreamStartErroring","closeRequest","writer","defaultWriterReadyPromiseResolve","closeSentinel","WritableStreamDefaultControllerAdvanceQueueIfNeeded","WritableStreamDealWithRejection","WritableStreamFinishErroring","WritableStreamDefaultWriterEnsureReadyPromiseRejected","WritableStreamHasOperationMarkedInFlight","storedError","writeRequest","WritableStreamRejectCloseAndClosedPromiseIfNeeded","abortRequest","defaultWriterClosedPromiseReject","WritableStreamUpdateBackpressure","backpressure","defaultWriterReadyPromiseInitialize","defaultWriterReadyPromiseReset","_ownerWritableStream","defaultWriterReadyPromiseInitializeAsResolved","defaultWriterClosedPromiseInitialize","defaultWriterReadyPromiseInitializeAsRejected","defaultWriterClosedPromiseResolve","defaultWriterClosedPromiseInitializeAsRejected","IsWritableStreamDefaultWriter","defaultWriterBrandCheckException","defaultWriterLockException","WritableStreamDefaultControllerGetDesiredSize","WritableStreamDefaultWriterGetDesiredSize","_readyPromise","WritableStreamDefaultWriterAbort","WritableStreamDefaultWriterClose","WritableStreamDefaultWriterRelease","WritableStreamDefaultWriterWrite","WritableStreamDefaultWriterEnsureClosedPromiseRejected","_closedPromiseState","defaultWriterClosedPromiseResetToRejected","_readyPromiseState","defaultWriterReadyPromiseReject","defaultWriterReadyPromiseResetToRejected","releasedError","chunkSize","_strategySizeAlgorithm","chunkSizeE","WritableStreamDefaultControllerErrorIfNeeded","WritableStreamDefaultControllerGetChunkSize","WritableStreamAddWriteRequest","enqueueE","_controlledWritableStream","WritableStreamDefaultControllerGetBackpressure","WritableStreamDefaultControllerWrite","IsWritableStreamDefaultController","WritableStreamDefaultControllerError","_abortAlgorithm","WritableStreamDefaultControllerClearAlgorithms","_writeAlgorithm","_closeAlgorithm","WritableStreamMarkCloseRequestInFlight","sinkClosePromise","WritableStreamFinishInFlightClose","WritableStreamFinishInFlightCloseWithError","WritableStreamDefaultControllerProcessClose","WritableStreamMarkFirstWriteRequestInFlight","sinkWritePromise","WritableStreamFinishInFlightWrite","WritableStreamFinishInFlightWriteWithError","WritableStreamDefaultControllerProcessWrite","_readyPromise_resolve","_readyPromise_reject","NativeDOMException","DOMException","DOMException$1","_a","isDOMExceptionConstructor","message","Error","captureStackTrace","writable","createDOMExceptionPolyfill","ReadableStreamPipeTo","source","preventClose","preventAbort","signal","shuttingDown","currentWrite","actions","shutdownWithAction","all","map","action","aborted","addEventListener","isOrBecomesErrored","shutdown","WritableStreamDefaultWriterCloseWithErrorPropagation","destClosed","waitForWritesToFinish","oldCurrentWrite","originalIsError","originalError","doTheRest","finalize","newError","isError","removeEventListener","resolveLoop","rejectLoop","resolveRead","rejectRead","ReadableStreamDefaultController","IsReadableStreamDefaultController","defaultControllerBrandCheckException$1","ReadableStreamDefaultControllerGetDesiredSize","ReadableStreamDefaultControllerCanCloseOrEnqueue","ReadableStreamDefaultControllerClose","ReadableStreamDefaultControllerEnqueue","ReadableStreamDefaultControllerError","ReadableStreamDefaultControllerClearAlgorithms","_controlledReadableStream","ReadableStreamDefaultControllerCallPullIfNeeded","ReadableStreamDefaultControllerShouldCallPull","SetUpReadableStreamDefaultController","convertUnderlyingSourceCancelCallback","convertUnderlyingSourcePullCallback","convertUnderlyingSourceStartCallback","convertReadableStreamType","convertReadableStreamReaderMode","mode","convertPipeOptions","options","isAbortSignal","assertAbortSignal","ReadableStream","rawUnderlyingSource","underlyingSource","convertUnderlyingDefaultOrByteSource","InitializeReadableStream","SetUpReadableStreamDefaultControllerFromUnderlyingSource","streamBrandCheckException$1","getReader","rawOptions","convertReaderOptions","pipeThrough","rawTransform","transform","readable","convertReadableWritablePair","pipeTo","destination","tee","branches","cloneForBranch2","reason1","reason2","branch1","branch2","resolveCancelPromise","reading","canceled1","canceled2","cancelPromise","value1","value2","CreateReadableStream","compositeReason","cancelResult","ReadableStreamTee","values","impl","AcquireReadableStreamAsyncIterator","convertIteratorOptions","convertQueuingStrategyInit","byteLengthSizeFunction","ByteLengthQueuingStrategy","_byteLengthQueuingStrategyHighWaterMark","IsByteLengthQueuingStrategy","byteLengthBrandCheckException","countSizeFunction","CountQueuingStrategy","_countQueuingStrategyHighWaterMark","IsCountQueuingStrategy","countBrandCheckException","convertTransformerFlushCallback","convertTransformerStartCallback","convertTransformerTransformCallback","TransformStream","rawTransformer","rawWritableStrategy","rawReadableStrategy","writableStrategy","readableStrategy","transformer","flush","readableType","writableType","convertTransformer","readableHighWaterMark","readableSizeAlgorithm","writableHighWaterMark","writableSizeAlgorithm","startPromise_resolve","startPromise","_transformStreamController","_backpressureChangePromise","_writable","TransformStreamDefaultControllerPerformTransform","TransformStreamDefaultSinkWriteAlgorithm","TransformStreamError","TransformStreamDefaultSinkAbortAlgorithm","_readable","flushPromise","_flushAlgorithm","TransformStreamDefaultControllerClearAlgorithms","TransformStreamDefaultSinkCloseAlgorithm","TransformStreamSetBackpressure","TransformStreamDefaultSourcePullAlgorithm","TransformStreamErrorWritableAndUnblockWrite","CreateWritableStream","_backpressureChangePromise_resolve","InitializeTransformStream","TransformStreamDefaultController","transformAlgorithm","TransformStreamDefaultControllerEnqueue","transformResultE","flushAlgorithm","_controlledTransformStream","_transformAlgorithm","SetUpTransformStreamDefaultController","SetUpTransformStreamDefaultControllerFromTransformer","IsTransformStream","streamBrandCheckException","IsTransformStreamDefaultController","defaultControllerBrandCheckException","terminate","TransformStreamDefaultControllerTerminate","readableController","ReadableStreamDefaultControllerHasBackpressure"],"mappings":";yGAIMA,EAAmC,mBAAXC,QAAoD,iBAApBA,OAAOC,SACjED,OACAE,GAAe,UAAUA,KAG7B,SAASC,IAET,CAaA,MAAMC,EAXkB,oBAATC,KACAA,KAEgB,oBAAXC,OACLA,OAEgB,oBAAXC,OACLA,YADN,EAOT,SAASC,EAAaC,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CACA,MAAMC,EAAiCP,EAEjCQ,EAAkBC,QAClBC,EAAsBD,QAAQE,UAAUC,KACxCC,EAAyBJ,QAAQK,QAAQC,KAAKP,GAC9CQ,EAAwBP,QAAQQ,OAAOF,KAAKP,GAClD,SAASU,EAAWC,GAChB,OAAO,IAAIX,EAAgBW,EAC/B,CACA,SAASC,EAAoBC,GACzB,OAAOR,EAAuBQ,EAClC,CACA,SAASC,EAAoBC,GACzB,OAAOP,EAAsBO,EACjC,CACA,SAASC,EAAmBC,EAASC,EAAaC,GAG9C,OAAOjB,EAAoBkB,KAAKH,EAASC,EAAaC,EAC1D,CACA,SAASE,EAAYJ,EAASC,EAAaC,GACvCH,EAAmBA,EAAmBC,EAASC,EAAaC,QAAaG,EAAWvB,EACxF,CACA,SAASwB,EAAgBN,EAASC,GAC9BG,EAAYJ,EAASC,EACzB,CACA,SAASM,EAAcP,EAASE,GAC5BE,EAAYJ,OAASK,EAAWH,EACpC,CACA,SAASM,EAAqBR,EAASS,EAAoBC,GACvD,OAAOX,EAAmBC,EAASS,EAAoBC,EAC3D,CACA,SAASC,EAA0BX,GAC/BD,EAAmBC,OAASK,EAAWvB,EAC3C,CACA,MAAM8B,EAAiB,MACnB,MAAMC,EAAuBrC,GAAWA,EAAQoC,eAChD,GAAoC,mBAAzBC,EACP,OAAOA,EAEX,MAAMC,EAAkBnB,OAAoBU,GAC5C,OAAQU,GAAOhB,EAAmBe,EAAiBC,EACtD,EAPsB,GAQvB,SAASC,EAAYC,EAAGC,EAAGC,GACvB,GAAiB,mBAANF,EACP,MAAM,IAAIG,UAAU,8BAExB,OAAOC,SAASnC,UAAUoC,MAAMnB,KAAKc,EAAGC,EAAGC,EAC/C,CACA,SAASI,EAAYN,EAAGC,EAAGC,GACvB,IACI,OAAOxB,EAAoBqB,EAAYC,EAAGC,EAAGC,IAEjD,MAAOvB,GACH,OAAOC,EAAoBD,GAEnC,CAWA,MAAM4B,EACFC,cACIC,KAAKC,QAAU,EACfD,KAAKE,MAAQ,EAEbF,KAAKG,OAAS,CACVC,UAAW,GACXC,WAAO1B,GAEXqB,KAAKM,MAAQN,KAAKG,OAIlBH,KAAKC,QAAU,EAEfD,KAAKE,MAAQ,EAEbK,aACA,OAAOP,KAAKE,MAMhBM,KAAKC,GACD,MAAMC,EAAUV,KAAKM,MACrB,IAAIK,EAAUD,EACmBE,QAA7BF,EAAQN,UAAUG,SAClBI,EAAU,CACNP,UAAW,GACXC,WAAO1B,IAKf+B,EAAQN,UAAUI,KAAKC,GACnBE,IAAYD,IACZV,KAAKM,MAAQK,EACbD,EAAQL,MAAQM,KAElBX,KAAKE,MAIXW,QACI,MAAMC,EAAWd,KAAKG,OACtB,IAAIY,EAAWD,EACf,MAAME,EAAYhB,KAAKC,QACvB,IAAIgB,EAAYD,EAAY,EAC5B,MAAME,EAAWJ,EAASV,UACpBK,EAAUS,EAASF,GAazB,OAtEqB,QA0DjBC,IACAF,EAAWD,EAAST,MACpBY,EAAY,KAGdjB,KAAKE,MACPF,KAAKC,QAAUgB,EACXH,IAAaC,IACbf,KAAKG,OAASY,GAGlBG,EAASF,QAAarC,EACf8B,EAUXU,QAAQC,GACJ,IAAIC,EAAIrB,KAAKC,QACTqB,EAAOtB,KAAKG,OACZe,EAAWI,EAAKlB,UACpB,OAAOiB,IAAMH,EAASX,aAAyB5B,IAAf2C,EAAKjB,OAC7BgB,IAAMH,EAASX,SACfe,EAAOA,EAAKjB,MACZa,EAAWI,EAAKlB,UAChBiB,EAAI,EACoB,IAApBH,EAASX,UAIjBa,EAASF,EAASG,MAChBA,EAKVE,OACI,MAAMC,EAAQxB,KAAKG,OACbsB,EAASzB,KAAKC,QACpB,OAAOuB,EAAMpB,UAAUqB,IAI/B,SAASC,EAAsCC,EAAQC,GACnDD,EAAOE,qBAAuBD,EAC9BA,EAAOE,QAAUH,EACK,aAAlBC,EAAOG,OACPC,EAAqCL,GAEd,WAAlBC,EAAOG,OAsCpB,SAAwDJ,GACpDK,EAAqCL,GACrCM,EAAkCN,EACtC,CAxCQO,CAA+CP,GAG/CQ,EAA+CR,EAAQC,EAAOQ,aAEtE,CAGA,SAASC,EAAkCV,EAAQvD,GAE/C,OAAOkE,GADQX,EAAOE,qBACczD,EACxC,CACA,SAASmE,EAAmCZ,GACG,aAAvCA,EAAOE,qBAAqBE,OAC5BS,EAAiCb,EAAQ,IAAIjC,UAAU,qFAoC/D,SAAmDiC,EAAQvD,GACvD+D,EAA+CR,EAAQvD,EAC3D,CAnCQqE,CAA0Cd,EAAQ,IAAIjC,UAAU,qFAEpEiC,EAAOE,qBAAqBC,aAAUnD,EACtCgD,EAAOE,0BAAuBlD,CAClC,CAEA,SAAS+D,EAAoBC,GACzB,OAAO,IAAIjD,UAAU,UAAYiD,EAAO,oCAC5C,CAEA,SAASX,EAAqCL,GAC1CA,EAAOiB,eAAiB7E,GAAW,CAACJ,EAASG,KACzC6D,EAAOkB,uBAAyBlF,EAChCgE,EAAOmB,sBAAwBhF,CAAM,GAE7C,CACA,SAASqE,EAA+CR,EAAQvD,GAC5D4D,EAAqCL,GACrCa,EAAiCb,EAAQvD,EAC7C,CAKA,SAASoE,EAAiCb,EAAQvD,QACTO,IAAjCgD,EAAOmB,wBAGX7D,EAA0B0C,EAAOiB,gBACjCjB,EAAOmB,sBAAsB1E,GAC7BuD,EAAOkB,4BAAyBlE,EAChCgD,EAAOmB,2BAAwBnE,EACnC,CAIA,SAASsD,EAAkCN,QACDhD,IAAlCgD,EAAOkB,yBAGXlB,EAAOkB,4BAAuBlE,GAC9BgD,EAAOkB,4BAAyBlE,EAChCgD,EAAOmB,2BAAwBnE,EACnC,CAEA,MAAMoE,EAAatG,EAAe,kBAC5BuG,EAAavG,EAAe,kBAC5BwG,EAAcxG,EAAe,mBAC7ByG,EAAYzG,EAAe,iBAI3B0G,EAAiBC,OAAOC,UAAY,SAAUlG,GAChD,MAAoB,iBAANA,GAAkBkG,SAASlG,EAC7C,EAIMmG,EAAYC,KAAKC,OAAS,SAAUC,GACtC,OAAOA,EAAI,EAAIF,KAAKG,KAAKD,GAAKF,KAAKI,MAAMF,EAC7C,EAMA,SAASG,EAAiBC,EAAKC,GAC3B,QAAYnF,IAARkF,IAHgB,iBADF1G,EAIqB0G,IAHM,mBAAN1G,GAInC,MAAM,IAAIuC,UAAaoE,EAAH,sBAL5B,IAAsB3G,CAOtB,CAEA,SAAS4G,EAAe5G,EAAG2G,GACvB,GAAiB,mBAAN3G,EACP,MAAM,IAAIuC,UAAaoE,EAAH,sBAE5B,CAKA,SAASE,EAAa7G,EAAG2G,GACrB,IAJJ,SAAkB3G,GACd,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAES8G,CAAS9G,GACV,MAAM,IAAIuC,UAAaoE,EAAH,qBAE5B,CACA,SAASI,EAAuB/G,EAAGgH,EAAUL,GACzC,QAAUnF,IAANxB,EACA,MAAM,IAAIuC,UAAU,aAAayE,qBAA4BL,MAErE,CACA,SAASM,EAAoBjH,EAAGkH,EAAOP,GACnC,QAAUnF,IAANxB,EACA,MAAM,IAAIuC,UAAU,GAAG2E,qBAAyBP,MAExD,CAEA,SAASQ,EAA0BpG,GAC/B,OAAOkF,OAAOlF,EAClB,CACA,SAASqG,EAAmBpH,GACxB,OAAa,IAANA,EAAU,EAAIA,CACzB,CAKA,SAASqH,EAAwCtG,EAAO4F,GACpD,MACMW,EAAarB,OAAOsB,iBAC1B,IAAIvH,EAAIiG,OAAOlF,GAEf,GADAf,EAAIoH,EAAmBpH,IAClBgG,EAAehG,GAChB,MAAM,IAAIuC,UAAaoE,EAAH,2BAGxB,GADA3G,EAZJ,SAAqBA,GACjB,OAAOoH,EAAmBjB,EAAUnG,GACxC,CAUQwH,CAAYxH,GACZA,EARe,GAQGA,EAAIsH,EACtB,MAAM,IAAI/E,UAAU,GAAGoE,2CAA6DW,gBAExF,OAAKtB,EAAehG,IAAY,IAANA,EAOnBA,EANI,CAOf,CAEA,SAASyH,EAAqBzH,EAAG2G,GAC7B,IAAKe,GAAiB1H,GAClB,MAAM,IAAIuC,UAAaoE,EAAH,4BAE5B,CAGA,SAASgB,EAAmClD,GACxC,OAAO,IAAImD,EAA4BnD,EAC3C,CAEA,SAASoD,EAA6BpD,EAAQqD,GAC1CrD,EAAOE,QAAQoD,cAAc1E,KAAKyE,EACtC,CACA,SAASE,EAAiCvD,EAAQwD,EAAOC,GACrD,MACMJ,EADSrD,EAAOE,QACKoD,cAAcrE,QACrCwE,EACAJ,EAAYK,cAGZL,EAAYM,YAAYH,EAEhC,CACA,SAASI,EAAiC5D,GACtC,OAAOA,EAAOE,QAAQoD,cAAc3E,MACxC,CACA,SAASkF,EAA+B7D,GACpC,MAAMD,EAASC,EAAOE,QACtB,YAAenD,IAAXgD,KAGC+D,EAA8B/D,EAIvC,CAMA,MAAMoD,EACFhF,YAAY6B,GAGR,GAFAsC,EAAuBtC,EAAQ,EAAG,+BAClCgD,EAAqBhD,EAAQ,mBACzB+D,GAAuB/D,GACvB,MAAM,IAAIlC,UAAU,+EAExBgC,EAAsC1B,KAAM4B,GAC5C5B,KAAKkF,cAAgB,IAAIpF,EAMzB8F,aACA,OAAKF,EAA8B1F,MAG5BA,KAAK4C,eAFDzE,EAAoB0H,EAAiC,WAOpEC,OAAO1H,EAASO,WACZ,OAAK+G,EAA8B1F,WAGDrB,IAA9BqB,KAAK6B,qBACE1D,EAAoBuE,EAAoB,WAE5CL,EAAkCrC,KAAM5B,GALpCD,EAAoB0H,EAAiC,WAYpEE,OACI,IAAKL,EAA8B1F,MAC/B,OAAO7B,EAAoB0H,EAAiC,SAEhE,QAAkClH,IAA9BqB,KAAK6B,qBACL,OAAO1D,EAAoBuE,EAAoB,cAEnD,IAAIsD,EACAC,EACJ,MAAM3H,EAAUP,GAAW,CAACJ,EAASG,KACjCkI,EAAiBrI,EACjBsI,EAAgBnI,CAAM,IAQ1B,OADAoI,EAAgClG,KALZ,CAChBuF,YAAaH,GAASY,EAAe,CAAE9H,MAAOkH,EAAOC,MAAM,IAC3DC,YAAa,IAAMU,EAAe,CAAE9H,WAAOS,EAAW0G,MAAM,IAC5Dc,YAAaC,GAAKH,EAAcG,KAG7B9H,EAWX+H,cACI,IAAKX,EAA8B1F,MAC/B,MAAM6F,EAAiC,eAE3C,QAAkClH,IAA9BqB,KAAK6B,qBAAT,CAGA,GAAI7B,KAAKkF,cAAc3E,OAAS,EAC5B,MAAM,IAAIb,UAAU,uFAExB6C,EAAmCvC,QAgB3C,SAAS0F,EAA8BvI,GACnC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,gBAIjD,CACA,SAAS+I,EAAgCvE,EAAQsD,GAC7C,MAAMrD,EAASD,EAAOE,qBACtBD,EAAO4E,YAAa,EACE,WAAlB5E,EAAOG,OACPkD,EAAYK,cAEW,YAAlB1D,EAAOG,OACZkD,EAAYkB,YAAYvE,EAAOQ,cAG/BR,EAAO6E,0BAA0BvD,GAAW+B,EAEpD,CAEA,SAASY,EAAiClD,GACtC,OAAO,IAAIjD,UAAU,yCAAyCiD,sDAClE,CAGA,IAAI+D,GAzCJJ,OAAOK,iBAAiB5B,EAA4BvH,UAAW,CAC3DsI,OAAQ,CAAEc,YAAY,GACtBb,KAAM,CAAEa,YAAY,GACpBP,YAAa,CAAEO,YAAY,GAC3BhB,OAAQ,CAAEgB,YAAY,KAEgB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAe/B,EAA4BvH,UAAWf,EAAeoK,YAAa,CACrF3I,MAAO,8BACP6I,cAAc,IAiCsB,iBAAjCtK,EAAeuK,gBAGtBN,GAAyB,CAGrB,CAACjK,EAAeuK,iBACZ,OAAOhH,OAGfsG,OAAOQ,eAAeJ,GAAwBjK,EAAeuK,cAAe,CAAEJ,YAAY,KAI9F,MAAMK,GACFlH,YAAY4B,EAAQuF,GAChBlH,KAAKmH,qBAAkBxI,EACvBqB,KAAKoH,aAAc,EACnBpH,KAAK8B,QAAUH,EACf3B,KAAKqH,eAAiBH,EAE1BI,OACI,MAAMC,EAAY,IAAMvH,KAAKwH,aAI7B,OAHAxH,KAAKmH,gBAAkBnH,KAAKmH,gBACxBrI,EAAqBkB,KAAKmH,gBAAiBI,EAAWA,GACtDA,IACGvH,KAAKmH,gBAEhBM,OAAOvJ,GACH,MAAMwJ,EAAc,IAAM1H,KAAK2H,aAAazJ,GAC5C,OAAO8B,KAAKmH,gBACRrI,EAAqBkB,KAAKmH,gBAAiBO,EAAaA,GACxDA,IAERF,aACI,GAAIxH,KAAKoH,YACL,OAAO9J,QAAQK,QAAQ,CAAEO,WAAOS,EAAW0G,MAAM,IAErD,MAAM1D,EAAS3B,KAAK8B,QACpB,QAAoCnD,IAAhCgD,EAAOE,qBACP,OAAO1D,EAAoBuE,EAAoB,YAEnD,IAAIsD,EACAC,EACJ,MAAM3H,EAAUP,GAAW,CAACJ,EAASG,KACjCkI,EAAiBrI,EACjBsI,EAAgBnI,CAAM,IAuB1B,OADAoI,EAAgCvE,EApBZ,CAChB4D,YAAaH,IACTpF,KAAKmH,qBAAkBxI,EAGvBO,GAAe,IAAM8G,EAAe,CAAE9H,MAAOkH,EAAOC,MAAM,KAAS,EAEvEC,YAAa,KACTtF,KAAKmH,qBAAkBxI,EACvBqB,KAAKoH,aAAc,EACnB7E,EAAmCZ,GACnCqE,EAAe,CAAE9H,WAAOS,EAAW0G,MAAM,GAAO,EAEpDc,YAAa/H,IACT4B,KAAKmH,qBAAkBxI,EACvBqB,KAAKoH,aAAc,EACnB7E,EAAmCZ,GACnCsE,EAAc7H,EAAO,IAItBE,EAEXqJ,aAAazJ,GACT,GAAI8B,KAAKoH,YACL,OAAO9J,QAAQK,QAAQ,CAAEO,QAAOmH,MAAM,IAE1CrF,KAAKoH,aAAc,EACnB,MAAMzF,EAAS3B,KAAK8B,QACpB,QAAoCnD,IAAhCgD,EAAOE,qBACP,OAAO1D,EAAoBuE,EAAoB,qBAEnD,IAAK1C,KAAKqH,eAAgB,CACtB,MAAMO,EAASvF,EAAkCV,EAAQzD,GAEzD,OADAqE,EAAmCZ,GAC5B7C,EAAqB8I,GAAQ,MAAS1J,QAAOmH,MAAM,MAG9D,OADA9C,EAAmCZ,GAC5B1D,EAAoB,CAAEC,QAAOmH,MAAM,KAGlD,MAAMwC,GAAuC,CACzCP,OACI,OAAKQ,GAA8B9H,MAG5BA,KAAK+H,mBAAmBT,OAFpBnJ,EAAoB6J,GAAuC,UAI1EP,OAAOvJ,GACH,OAAK4J,GAA8B9H,MAG5BA,KAAK+H,mBAAmBN,OAAOvJ,GAF3BC,EAAoB6J,GAAuC,aAgB9E,SAASF,GAA8B3K,GACnC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,qBAIjD,CAEA,SAAS6K,GAAuCrF,GAC5C,OAAO,IAAIjD,UAAU,+BAA+BiD,qDACxD,MAvB+BhE,IAA3B+H,IACAJ,OAAO2B,eAAeJ,GAAsCnB,IA0BhE,MAAMwB,GAAc9E,OAAO+E,OAAS,SAAUhL,GAE1C,OAAOA,GAAMA,CACjB,EAEA,SAASiL,GAA0B3E,GAC/B,QAQJ,SAA6BA,GACzB,GAAiB,iBAANA,EACP,OAAO,EAEX,GAAIyE,GAAYzE,GACZ,OAAO,EAEX,GAAIA,EAAI,EACJ,OAAO,EAEX,OAAO,CACX,CAnBS4E,CAAoB5E,IAGrBA,IAAM6E,GAId,CAcA,SAASC,GAAaC,GAClB,MAAMC,EAAOD,EAAUE,OAAO7H,QAK9B,OAJA2H,EAAUG,iBAAmBF,EAAKG,KAC9BJ,EAAUG,gBAAkB,IAC5BH,EAAUG,gBAAkB,GAEzBF,EAAKvK,KAChB,CACA,SAAS2K,GAAqBL,EAAWtK,EAAO0K,GAE5C,IAAKR,GADLQ,EAAOxF,OAAOwF,IAEV,MAAM,IAAIE,WAAW,wDAEzBN,EAAUE,OAAOlI,KAAK,CAAEtC,QAAO0K,SAC/BJ,EAAUG,iBAAmBC,CACjC,CAKA,SAASG,GAAWP,GAChBA,EAAUE,OAAS,IAAI5I,EACvB0I,EAAUG,gBAAkB,CAChC,CAEA,SAASK,GAAoB9H,GAGzB,OAAOA,EAAS+H,OACpB,CAkBA,MAAMC,GACFnJ,cACI,MAAM,IAAIL,UAAU,uBAKpByJ,WACA,IAAKC,GAA4BpJ,MAC7B,MAAMqJ,GAA+B,QAEzC,OAAOrJ,KAAKsJ,MAEhBC,QAAQC,GACJ,IAAKJ,GAA4BpJ,MAC7B,MAAMqJ,GAA+B,WAIzC,GAFAnF,EAAuBsF,EAAc,EAAG,WACxCA,EAAehF,EAAwCgF,EAAc,wBAChB7K,IAAjDqB,KAAKyJ,wCACL,MAAM,IAAI/J,UAAU,0CAEHM,KAAKsJ,MAAMI,OAufxC,SAA6CC,EAAYH,GAErD,GADAA,EAAepG,OAAOoG,IACjBpB,GAA0BoB,GAC3B,MAAM,IAAIV,WAAW,iCAEzBc,GAA4CD,EAAYH,EAC5D,CA5fQK,CAAoC7J,KAAKyJ,wCAAyCD,GAEtFM,mBAAmBX,GACf,IAAKC,GAA4BpJ,MAC7B,MAAMqJ,GAA+B,sBAGzC,GADAnF,EAAuBiF,EAAM,EAAG,uBAC3BY,YAAYC,OAAOb,GACpB,MAAM,IAAIzJ,UAAU,gDAExB,GAAwB,IAApByJ,EAAKc,WACL,MAAM,IAAIvK,UAAU,uCAExB,GAA+B,IAA3ByJ,EAAKO,OAAOO,WACZ,MAAM,IAAIvK,UAAU,gDAExB,QAAqDf,IAAjDqB,KAAKyJ,wCACL,MAAM,IAAI/J,UAAU,2CA4ehC,SAAwDiK,EAAYR,GAChE,MAAMe,EAAkBP,EAAWQ,kBAAkB5I,OACrD,GAAI2I,EAAgBE,WAAaF,EAAgBG,cAAgBlB,EAAKiB,WAClE,MAAM,IAAItB,WAAW,2DAEzB,GAAIoB,EAAgBD,aAAed,EAAKc,WACpC,MAAM,IAAInB,WAAW,8DAEzBoB,EAAgBR,OAASP,EAAKO,OAC9BE,GAA4CD,EAAYR,EAAKc,WACjE,CApfQK,CAA+CtK,KAAKyJ,wCAAyCN,IAGrG7C,OAAOK,iBAAiBuC,GAA0B1L,UAAW,CACzD+L,QAAS,CAAE3C,YAAY,GACvBkD,mBAAoB,CAAElD,YAAY,GAClCuC,KAAM,CAAEvC,YAAY,KAEkB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeoC,GAA0B1L,UAAWf,EAAeoK,YAAa,CACnF3I,MAAO,4BACP6I,cAAc,IAQtB,MAAMwD,GACFxK,cACI,MAAM,IAAIL,UAAU,uBAKpB8K,kBACA,IAAKC,GAA+BzK,MAChC,MAAM0K,GAAwC,eAElD,GAA0B,OAAtB1K,KAAK2K,cAAyB3K,KAAKmK,kBAAkB5J,OAAS,EAAG,CACjE,MAAM2J,EAAkBlK,KAAKmK,kBAAkB5I,OACzC4H,EAAO,IAAIyB,WAAWV,EAAgBR,OAAQQ,EAAgBE,WAAaF,EAAgBG,YAAaH,EAAgBD,WAAaC,EAAgBG,aACrJG,EAAclE,OAAOuE,OAAO3B,GAA0B1L,YAggBxE,SAAwCsN,EAASnB,EAAYR,GACzD2B,EAAQrB,wCAA0CE,EAClDmB,EAAQxB,MAAQH,CACpB,CAlgBY4B,CAA+BP,EAAaxK,KAAMmJ,GAClDnJ,KAAK2K,aAAeH,EAExB,OAAOxK,KAAK2K,aAMZK,kBACA,IAAKP,GAA+BzK,MAChC,MAAM0K,GAAwC,eAElD,OAAOO,GAA2CjL,MAMtDkL,QACI,IAAKT,GAA+BzK,MAChC,MAAM0K,GAAwC,SAElD,GAAI1K,KAAKmL,gBACL,MAAM,IAAIzL,UAAU,8DAExB,MAAM0L,EAAQpL,KAAKqL,8BAA8BtJ,OACjD,GAAc,aAAVqJ,EACA,MAAM,IAAI1L,UAAU,kBAAkB0L,+DAiWlD,SAA2CzB,GACvC,MAAM/H,EAAS+H,EAAW0B,8BAC1B,GAAI1B,EAAWwB,iBAAqC,aAAlBvJ,EAAOG,OACrC,OAEJ,GAAI4H,EAAWhB,gBAAkB,EAE7B,YADAgB,EAAWwB,iBAAkB,GAGjC,GAAIxB,EAAWQ,kBAAkB5J,OAAS,EAAG,CAEzC,GAD6BoJ,EAAWQ,kBAAkB5I,OACjC8I,YAAc,EAAG,CACtC,MAAMjE,EAAI,IAAI1G,UAAU,2DAExB,MADA4L,GAAkC3B,EAAYvD,GACxCA,GAGdmF,GAA4C5B,GAC5C6B,GAAoB5J,EACxB,CAlXQ6J,CAAkCzL,MAEtC0L,QAAQtG,GACJ,IAAKqF,GAA+BzK,MAChC,MAAM0K,GAAwC,WAGlD,GADAxG,EAAuBkB,EAAO,EAAG,YAC5B2E,YAAYC,OAAO5E,GACpB,MAAM,IAAI1F,UAAU,sCAExB,GAAyB,IAArB0F,EAAM6E,WACN,MAAM,IAAIvK,UAAU,uCAExB,GAAgC,IAA5B0F,EAAMsE,OAAOO,WACb,MAAM,IAAIvK,UAAU,gDAExB,GAAIM,KAAKmL,gBACL,MAAM,IAAIzL,UAAU,gCAExB,MAAM0L,EAAQpL,KAAKqL,8BAA8BtJ,OACjD,GAAc,aAAVqJ,EACA,MAAM,IAAI1L,UAAU,kBAAkB0L,oEA8VlD,SAA6CzB,EAAYvE,GACrD,MAAMxD,EAAS+H,EAAW0B,8BAC1B,GAAI1B,EAAWwB,iBAAqC,aAAlBvJ,EAAOG,OACrC,OAEJ,MAAM2H,EAAStE,EAAMsE,OACfU,EAAahF,EAAMgF,WACnBH,EAAa7E,EAAM6E,WACnB0B,EAAwCjC,EAC9C,GAAIjE,EAA+B7D,GAC/B,GAAiD,IAA7C4D,EAAiC5D,GACjCgK,GAAgDjC,EAAYgC,EAAmBvB,EAAYH,OAE1F,CAED9E,EAAiCvD,EADT,IAAIgJ,WAAWe,EAAmBvB,EAAYH,IACZ,QAGzD4B,GAA4BjK,IAEjCgK,GAAgDjC,EAAYgC,EAAmBvB,EAAYH,GAC3F6B,GAAiEnC,IAGjEiC,GAAgDjC,EAAYgC,EAAmBvB,EAAYH,GAE/F8B,GAA6CpC,EACjD,CAvXQqC,CAAoChM,KAAMoF,GAK9C6G,MAAM7F,EAAIzH,WACN,IAAK8L,GAA+BzK,MAChC,MAAM0K,GAAwC,SAElDY,GAAkCtL,KAAMoG,GAG5CnD,CAACA,GAAa7E,GACV,GAAI4B,KAAKmK,kBAAkB5J,OAAS,EAAG,CACXP,KAAKmK,kBAAkB5I,OAC/B8I,YAAc,EAElCtB,GAAW/I,MACX,MAAM4H,EAAS5H,KAAKkM,iBAAiB9N,GAErC,OADAmN,GAA4CvL,MACrC4H,EAGX1E,CAACA,GAAW+B,GACR,MAAMrD,EAAS5B,KAAKqL,8BACpB,GAAIrL,KAAK2I,gBAAkB,EAAG,CAC1B,MAAMwD,EAAQnM,KAAK0I,OAAO7H,QAC1Bb,KAAK2I,iBAAmBwD,EAAMlC,WAC9BmC,GAA6CpM,MAC7C,MAAMmJ,EAAO,IAAIyB,WAAWuB,EAAMzC,OAAQyC,EAAM/B,WAAY+B,EAAMlC,YAElE,YADAhF,EAAYM,YAAY4D,GAG5B,MAAMkD,EAAwBrM,KAAKsM,uBACnC,QAA8B3N,IAA1B0N,EAAqC,CACrC,IAAI3C,EACJ,IACIA,EAAS,IAAIK,YAAYsC,GAE7B,MAAOE,GAEH,YADAtH,EAAYkB,YAAYoG,GAG5B,MAAMC,EAAqB,CACvB9C,SACAU,WAAY,EACZH,WAAYoC,EACZhC,YAAa,EACboC,YAAa,EACbC,gBAAiB9B,WACjB+B,WAAY,WAEhB3M,KAAKmK,kBAAkB3J,KAAKgM,GAEhCxH,EAA6BpD,EAAQqD,GACrC8G,GAA6C/L,OAiBrD,SAASyK,GAA+BtN,GACpC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,gCAIjD,CACA,SAASiM,GAA4BjM,GACjC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,0CAIjD,CACA,SAAS4O,GAA6CpC,GAClD,MAAMiD,EAiNV,SAAoDjD,GAChD,MAAM/H,EAAS+H,EAAW0B,8BAC1B,GAAsB,aAAlBzJ,EAAOG,OACP,OAAO,EAEX,GAAI4H,EAAWwB,gBACX,OAAO,EAEX,IAAKxB,EAAWkD,SACZ,OAAO,EAEX,GAAIpH,EAA+B7D,IAAW4D,EAAiC5D,GAAU,EACrF,OAAO,EAEX,GAAIiK,GAA4BjK,IAAWkL,GAAqClL,GAAU,EACtF,OAAO,EAEX,MAAMoJ,EAAcC,GAA2CtB,GAC/D,GAAIqB,EAAc,EACd,OAAO,EAEX,OAAO,CACX,CAvOuB+B,CAA2CpD,GAC9D,IAAKiD,EACD,OAEJ,GAAIjD,EAAWqD,SAEX,YADArD,EAAWsD,YAAa,GAG5BtD,EAAWqD,UAAW,EAGtBtO,EADoBiL,EAAWuD,kBACN,KACrBvD,EAAWqD,UAAW,EAClBrD,EAAWsD,aACXtD,EAAWsD,YAAa,EACxBlB,GAA6CpC,OAElDvD,IACCkF,GAAkC3B,EAAYvD,EAAE,GAExD,CAKA,SAAS+G,GAAqDvL,EAAQ4K,GAClE,IAAInH,GAAO,EACW,WAAlBzD,EAAOG,SACPsD,GAAO,GAEX,MAAM+H,EAAaC,GAAsDb,GACnC,YAAlCA,EAAmBG,WACnBxH,EAAiCvD,EAAQwL,EAAY/H,GAoW7D,SAA8CzD,EAAQwD,EAAOC,GACzD,MAAM1D,EAASC,EAAOE,QAChBwL,EAAkB3L,EAAO4L,kBAAkB1M,QAC7CwE,EACAiI,EAAgBhI,YAAYF,GAG5BkI,EAAgB/H,YAAYH,EAEpC,CA1WQoI,CAAqC5L,EAAQwL,EAAY/H,EAEjE,CACA,SAASgI,GAAsDb,GAC3D,MAAMnC,EAAcmC,EAAmBnC,YACjCoC,EAAcD,EAAmBC,YACvC,OAAO,IAAID,EAAmBE,gBAAgBF,EAAmB9C,OAAQ8C,EAAmBpC,WAAYC,EAAcoC,EAC1H,CACA,SAASb,GAAgDjC,EAAYD,EAAQU,EAAYH,GACrFN,EAAWjB,OAAOlI,KAAK,CAAEkJ,SAAQU,aAAYH,eAC7CN,EAAWhB,iBAAmBsB,CAClC,CACA,SAASwD,GAA4D9D,EAAY6C,GAC7E,MAAMC,EAAcD,EAAmBC,YACjCiB,EAAsBlB,EAAmBnC,YAAcmC,EAAmBnC,YAAcoC,EACxFkB,EAAiBpK,KAAKqK,IAAIjE,EAAWhB,gBAAiB6D,EAAmBvC,WAAauC,EAAmBnC,aACzGwD,EAAiBrB,EAAmBnC,YAAcsD,EAClDG,EAAkBD,EAAiBA,EAAiBpB,EAC1D,IAAIsB,EAA4BJ,EAC5BK,GAAQ,EACRF,EAAkBJ,IAClBK,EAA4BD,EAAkBtB,EAAmBnC,YACjE2D,GAAQ,GAEZ,MAAMC,EAAQtE,EAAWjB,OACzB,KAAOqF,EAA4B,GAAG,CAClC,MAAMG,EAAcD,EAAM1M,OACpB4M,EAAc5K,KAAKqK,IAAIG,EAA2BG,EAAYjE,YAC9DmE,EAAY5B,EAAmBpC,WAAaoC,EAAmBnC,YA5SjDgE,EA6SD7B,EAAmB9C,OA7SZ4E,EA6SoBF,EA7SRG,EA6SmBL,EAAYxE,OA7S1B8E,EA6SkCN,EAAY9D,WA7SnCqE,EA6S+CN,EA5SzG,IAAIvD,WAAWyD,GAAMK,IAAI,IAAI9D,WAAW2D,EAAKC,EAAWC,GAAIH,GA6SpDJ,EAAYjE,aAAekE,EAC3BF,EAAMpN,SAGNqN,EAAY9D,YAAc+D,EAC1BD,EAAYjE,YAAckE,GAE9BxE,EAAWhB,iBAAmBwF,EAC9BQ,GAAuDhF,EAAYwE,EAAa3B,GAChFuB,GAA6BI,EAvTrC,IAA4BE,EAAMC,EAAYC,EAAKC,EAAWC,EAyT1D,OAAOT,CACX,CACA,SAASW,GAAuDhF,EAAYf,EAAM4D,GAC9EoC,GAAkDjF,GAClD6C,EAAmBnC,aAAezB,CACtC,CACA,SAASwD,GAA6CzC,GACf,IAA/BA,EAAWhB,iBAAyBgB,EAAWwB,iBAC/CI,GAA4C5B,GAC5C6B,GAAoB7B,EAAW0B,gCAG/BU,GAA6CpC,EAErD,CACA,SAASiF,GAAkDjF,GACvB,OAA5BA,EAAWgB,eAGfhB,EAAWgB,aAAalB,6CAA0C9K,EAClEgL,EAAWgB,aAAarB,MAAQ,KAChCK,EAAWgB,aAAe,KAC9B,CACA,SAASmB,GAAiEnC,GACtE,KAAOA,EAAWQ,kBAAkB5J,OAAS,GAAG,CAC5C,GAAmC,IAA/BoJ,EAAWhB,gBACX,OAEJ,MAAM6D,EAAqB7C,EAAWQ,kBAAkB5I,OACpDkM,GAA4D9D,EAAY6C,KACxEqC,GAAiDlF,GACjDwD,GAAqDxD,EAAW0B,8BAA+BmB,IAG3G,CAgFA,SAAS5C,GAA4CD,EAAYH,GAC7D,MAAMU,EAAkBP,EAAWQ,kBAAkB5I,OAErD,GAAc,WADAoI,EAAW0B,8BAA8BtJ,OAC/B,CACpB,GAAqB,IAAjByH,EACA,MAAM,IAAI9J,UAAU,qEApChC,SAA0DiK,EAAYO,GAClEA,EAAgBR,OAA6BQ,EAAgBR,OAC7D,MAAM9H,EAAS+H,EAAW0B,8BAC1B,GAAIQ,GAA4BjK,GAC5B,KAAOkL,GAAqClL,GAAU,GAElDuL,GAAqDvL,EAD1BiN,GAAiDlF,GAIxF,CA6BQmF,CAAiDnF,EAAYO,QA5BrE,SAA4DP,EAAYH,EAAcgD,GAClF,GAAIA,EAAmBnC,YAAcb,EAAegD,EAAmBvC,WACnE,MAAM,IAAInB,WAAW,6BAGzB,GADA6F,GAAuDhF,EAAYH,EAAcgD,GAC7EA,EAAmBnC,YAAcmC,EAAmBC,YAEpD,OAEJoC,GAAiDlF,GACjD,MAAMoF,EAAgBvC,EAAmBnC,YAAcmC,EAAmBC,YAC1E,GAAIsC,EAAgB,EAAG,CACnB,MAAMC,EAAMxC,EAAmBpC,WAAaoC,EAAmBnC,YACzD4E,EAAYzC,EAAmB9C,OAAOT,MAAM+F,EAAMD,EAAeC,GACvEpD,GAAgDjC,EAAYsF,EAAW,EAAGA,EAAUhF,YAExFuC,EAAmB9C,OAA6B8C,EAAmB9C,OACnE8C,EAAmBnC,aAAe0E,EAClC5B,GAAqDxD,EAAW0B,8BAA+BmB,GAC/FV,GAAiEnC,EACrE,CAWQuF,CAAmDvF,EAAYH,EAAcU,GAEjF6B,GAA6CpC,EACjD,CACA,SAASkF,GAAiDlF,GACtD,MAAMwF,EAAaxF,EAAWQ,kBAAkBtJ,QAEhD,OADA+N,GAAkDjF,GAC3CwF,CACX,CAwBA,SAAS5D,GAA4C5B,GACjDA,EAAWuD,oBAAiBvO,EAC5BgL,EAAWuC,sBAAmBvN,CAClC,CAkDA,SAAS2M,GAAkC3B,EAAYvD,GACnD,MAAMxE,EAAS+H,EAAW0B,8BACJ,aAAlBzJ,EAAOG,UA1Qf,SAA2D4H,GACvDiF,GAAkDjF,GAClDA,EAAWQ,kBAAoB,IAAIrK,CACvC,CA0QIsP,CAAkDzF,GAClDZ,GAAWY,GACX4B,GAA4C5B,GAC5C0F,GAAoBzN,EAAQwE,GAChC,CACA,SAAS6E,GAA2CtB,GAChD,MAAMyB,EAAQzB,EAAW0B,8BAA8BtJ,OACvD,MAAc,YAAVqJ,EACO,KAEG,WAAVA,EACO,EAEJzB,EAAW2F,aAAe3F,EAAWhB,eAChD,CA2CA,SAAS4G,GAAsD3N,EAAQ4N,EAAsBC,GACzF,MAAM9F,EAAarD,OAAOuE,OAAON,GAA6B/M,WAC9D,IAAIkS,EAAiB,KAAe,EAChCC,EAAgB,IAAM1R,OAAoBU,GAC1CiR,EAAkB,IAAM3R,OAAoBU,QACbA,IAA/B6Q,EAAqBK,QACrBH,EAAiB,IAAMF,EAAqBK,MAAMlG,SAEpBhL,IAA9B6Q,EAAqBM,OACrBH,EAAgB,IAAMH,EAAqBM,KAAKnG,SAEhBhL,IAAhC6Q,EAAqB1J,SACrB8J,EAAkBxR,GAAUoR,EAAqB1J,OAAO1H,IAE5D,MAAMiO,EAAwBmD,EAAqBnD,sBACnD,GAA8B,IAA1BA,EACA,MAAM,IAAI3M,UAAU,iDAxC5B,SAA2CkC,EAAQ+H,EAAY+F,EAAgBC,EAAeC,EAAiBH,EAAepD,GAC1H1C,EAAW0B,8BAAgCzJ,EAC3C+H,EAAWsD,YAAa,EACxBtD,EAAWqD,UAAW,EACtBrD,EAAWgB,aAAe,KAE1BhB,EAAWjB,OAASiB,EAAWhB,qBAAkBhK,EACjDoK,GAAWY,GACXA,EAAWwB,iBAAkB,EAC7BxB,EAAWkD,UAAW,EACtBlD,EAAW2F,aAAeG,EAC1B9F,EAAWuD,eAAiByC,EAC5BhG,EAAWuC,iBAAmB0D,EAC9BjG,EAAW2C,uBAAyBD,EACpC1C,EAAWQ,kBAAoB,IAAIrK,EACnC8B,EAAO6E,0BAA4BkD,EAEnCjL,EAAYT,EADQyR,MAC0B,KAC1C/F,EAAWkD,UAAW,EACtBd,GAA6CpC,EAAW,IACzDoG,IACCzE,GAAkC3B,EAAYoG,EAAE,GAExD,CAmBIC,CAAkCpO,EAAQ+H,EAAY+F,EAAgBC,EAAeC,EAAiBH,EAAepD,EACzH,CAMA,SAAShD,GAA+B1G,GACpC,OAAO,IAAIjD,UAAU,uCAAuCiD,oDAChE,CAEA,SAAS+H,GAAwC/H,GAC7C,OAAO,IAAIjD,UAAU,0CAA0CiD,uDACnE,CAOA,SAASsN,GAAiCrO,EAAQ0L,GAC9C1L,EAAOE,QAAQyL,kBAAkB/M,KAAK8M,EAC1C,CAWA,SAASR,GAAqClL,GAC1C,OAAOA,EAAOE,QAAQyL,kBAAkBhN,MAC5C,CACA,SAASsL,GAA4BjK,GACjC,MAAMD,EAASC,EAAOE,QACtB,YAAenD,IAAXgD,KAGCuO,GAA2BvO,EAIpC,CA3bA2E,OAAOK,iBAAiB4D,GAA6B/M,UAAW,CAC5D0N,MAAO,CAAEtE,YAAY,GACrB8E,QAAS,CAAE9E,YAAY,GACvBqF,MAAO,CAAErF,YAAY,GACrB4D,YAAa,CAAE5D,YAAY,GAC3BoE,YAAa,CAAEpE,YAAY,KAEW,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeyD,GAA6B/M,UAAWf,EAAeoK,YAAa,CACtF3I,MAAO,+BACP6I,cAAc,IAubtB,MAAMoJ,GACFpQ,YAAY6B,GAGR,GAFAsC,EAAuBtC,EAAQ,EAAG,4BAClCgD,EAAqBhD,EAAQ,mBACzB+D,GAAuB/D,GACvB,MAAM,IAAIlC,UAAU,+EAExB,IAAK+K,GAA+B7I,EAAO6E,2BACvC,MAAM,IAAI/G,UAAU,+FAGxBgC,EAAsC1B,KAAM4B,GAC5C5B,KAAKuN,kBAAoB,IAAIzN,EAM7B8F,aACA,OAAKsK,GAA2BlQ,MAGzBA,KAAK4C,eAFDzE,EAAoBiS,GAA8B,WAOjEtK,OAAO1H,EAASO,WACZ,OAAKuR,GAA2BlQ,WAGErB,IAA9BqB,KAAK6B,qBACE1D,EAAoBuE,EAAoB,WAE5CL,EAAkCrC,KAAM5B,GALpCD,EAAoBiS,GAA8B,WAYjErK,KAAKoD,GACD,IAAK+G,GAA2BlQ,MAC5B,OAAO7B,EAAoBiS,GAA8B,SAE7D,IAAKrG,YAAYC,OAAOb,GACpB,OAAOhL,EAAoB,IAAIuB,UAAU,sCAE7C,GAAwB,IAApByJ,EAAKc,WACL,OAAO9L,EAAoB,IAAIuB,UAAU,uCAE7C,GAA+B,IAA3ByJ,EAAKO,OAAOO,WACZ,OAAO9L,EAAoB,IAAIuB,UAAU,gDAE7C,QAAkCf,IAA9BqB,KAAK6B,qBACL,OAAO1D,EAAoBuE,EAAoB,cAEnD,IAAIsD,EACAC,EACJ,MAAM3H,EAAUP,GAAW,CAACJ,EAASG,KACjCkI,EAAiBrI,EACjBsI,EAAgBnI,CAAM,IAQ1B,OA8CR,SAAsC6D,EAAQwH,EAAMmE,GAChD,MAAM1L,EAASD,EAAOE,qBACtBD,EAAO4E,YAAa,EACE,YAAlB5E,EAAOG,OACPuL,EAAgBnH,YAAYvE,EAAOQ,cAxa3C,SAA8CuH,EAAYR,EAAMmE,GAC5D,MAAM1L,EAAS+H,EAAW0B,8BAC1B,IAAIoB,EAAc,EACdtD,EAAKpJ,cAAgBsQ,WACrB5D,EAActD,EAAKpJ,YAAYuQ,mBAEnC,MAAMC,EAAOpH,EAAKpJ,YAEZyM,EAAqB,CACvB9C,OAF+BP,EAAKO,OAGpCU,WAAYjB,EAAKiB,WACjBH,WAAYd,EAAKc,WACjBI,YAAa,EACboC,cACAC,gBAAiB6D,EACjB5D,WAAY,QAEhB,GAAIhD,EAAWQ,kBAAkB5J,OAAS,EAMtC,OALAoJ,EAAWQ,kBAAkB3J,KAAKgM,QAIlCyD,GAAiCrO,EAAQ0L,GAG7C,GAAsB,WAAlB1L,EAAOG,OAAX,CAKA,GAAI4H,EAAWhB,gBAAkB,EAAG,CAChC,GAAI8E,GAA4D9D,EAAY6C,GAAqB,CAC7F,MAAMY,EAAaC,GAAsDb,GAGzE,OAFAJ,GAA6CzC,QAC7C2D,EAAgB/H,YAAY6H,GAGhC,GAAIzD,EAAWwB,gBAAiB,CAC5B,MAAM/E,EAAI,IAAI1G,UAAU,2DAGxB,OAFA4L,GAAkC3B,EAAYvD,QAC9CkH,EAAgBnH,YAAYC,IAIpCuD,EAAWQ,kBAAkB3J,KAAKgM,GAClCyD,GAAiCrO,EAAQ0L,GACzCvB,GAA6CpC,OArB7C,CACI,MAAM6G,EAAY,IAAID,EAAK/D,EAAmB9C,OAAQ8C,EAAmBpC,WAAY,GACrFkD,EAAgBhI,YAAYkL,GAoBpC,CA4XQC,CAAqC7O,EAAO6E,0BAA2B0C,EAAMmE,EAErF,CAxDQoD,CAA6B1Q,KAAMmJ,EALX,CACpB5D,YAAaH,GAASY,EAAe,CAAE9H,MAAOkH,EAAOC,MAAM,IAC3DC,YAAaF,GAASY,EAAe,CAAE9H,MAAOkH,EAAOC,MAAM,IAC3Dc,YAAaC,GAAKH,EAAcG,KAG7B9H,EAWX+H,cACI,IAAK6J,GAA2BlQ,MAC5B,MAAMoQ,GAA8B,eAExC,QAAkCzR,IAA9BqB,KAAK6B,qBAAT,CAGA,GAAI7B,KAAKuN,kBAAkBhN,OAAS,EAChC,MAAM,IAAIb,UAAU,uFAExB6C,EAAmCvC,QAgB3C,SAASkQ,GAA2B/S,GAChC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,oBAIjD,CAYA,SAASiT,GAA8BzN,GACnC,OAAO,IAAIjD,UAAU,sCAAsCiD,mDAC/D,CAEA,SAASgO,GAAqBC,EAAUC,GACpC,MAAMpB,cAAEA,GAAkBmB,EAC1B,QAAsBjS,IAAlB8Q,EACA,OAAOoB,EAEX,GAAI3I,GAAYuH,IAAkBA,EAAgB,EAC9C,MAAM,IAAI3G,WAAW,yBAEzB,OAAO2G,CACX,CACA,SAASqB,GAAqBF,GAC1B,MAAMhI,KAAEA,GAASgI,EACjB,OAAKhI,GACM,KAAM,EAGrB,CAEA,SAASmI,GAAuBC,EAAMlN,GAClCF,EAAiBoN,EAAMlN,GACvB,MAAM2L,EAAgBuB,aAAmC,EAASA,EAAKvB,cACjE7G,EAAOoI,aAAmC,EAASA,EAAKpI,KAC9D,MAAO,CACH6G,mBAAiC9Q,IAAlB8Q,OAA8B9Q,EAAY2F,EAA0BmL,GACnF7G,UAAejK,IAATiK,OAAqBjK,EAAYsS,GAA2BrI,EAAS9E,EAAH,2BAEhF,CACA,SAASmN,GAA2B5R,EAAIyE,GAEpC,OADAC,EAAe1E,EAAIyE,GACZsB,GAASd,EAA0BjF,EAAG+F,GACjD,CAyBA,SAAS8L,GAAmC7R,EAAI8R,EAAUrN,GAEtD,OADAC,EAAe1E,EAAIyE,GACX1F,GAAWyB,EAAYR,EAAI8R,EAAU,CAAC/S,GAClD,CACA,SAASgT,GAAmC/R,EAAI8R,EAAUrN,GAEtD,OADAC,EAAe1E,EAAIyE,GACZ,IAAMjE,EAAYR,EAAI8R,EAAU,GAC3C,CACA,SAASE,GAAmChS,EAAI8R,EAAUrN,GAEtD,OADAC,EAAe1E,EAAIyE,GACX6F,GAAerK,EAAYD,EAAI8R,EAAU,CAACxH,GACtD,CACA,SAAS2H,GAAmCjS,EAAI8R,EAAUrN,GAEtD,OADAC,EAAe1E,EAAIyE,GACZ,CAACsB,EAAOuE,IAAe9J,EAAYR,EAAI8R,EAAU,CAAC/L,EAAOuE,GACpE,CAEA,SAAS4H,GAAqBpU,EAAG2G,GAC7B,IAAK0N,GAAiBrU,GAClB,MAAM,IAAIuC,UAAaoE,EAAH,4BAE5B,CAjHAwC,OAAOK,iBAAiBwJ,GAAyB3S,UAAW,CACxDsI,OAAQ,CAAEc,YAAY,GACtBb,KAAM,CAAEa,YAAY,GACpBP,YAAa,CAAEO,YAAY,GAC3BhB,OAAQ,CAAEgB,YAAY,KAEgB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeqJ,GAAyB3S,UAAWf,EAAeoK,YAAa,CAClF3I,MAAO,2BACP6I,cAAc,IA+GtB,MAAM0K,GACF1R,YAAY2R,EAAoB,GAAIC,EAAc,SACpBhT,IAAtB+S,EACAA,EAAoB,KAGpB1N,EAAa0N,EAAmB,mBAEpC,MAAMd,EAAWG,GAAuBY,EAAa,oBAC/CC,EA5Dd,SAA+BT,EAAUrN,GACrCF,EAAiBuN,EAAUrN,GAC3B,MAAM+N,EAAQV,aAA2C,EAASA,EAASU,MACrE3G,EAAQiG,aAA2C,EAASA,EAASjG,MACrE2E,EAAQsB,aAA2C,EAASA,EAAStB,MACrEiC,EAAOX,aAA2C,EAASA,EAASW,KACpEC,EAAQZ,aAA2C,EAASA,EAASY,MAC3E,MAAO,CACHF,WAAiBlT,IAAVkT,OACHlT,EACAuS,GAAmCW,EAAOV,EAAarN,EAAH,4BACxDoH,WAAiBvM,IAAVuM,OACHvM,EACAyS,GAAmClG,EAAOiG,EAAarN,EAAH,4BACxD+L,WAAiBlR,IAAVkR,OACHlR,EACA0S,GAAmCxB,EAAOsB,EAAarN,EAAH,4BACxDiO,WAAiBpT,IAAVoT,OACHpT,EACA2S,GAAmCS,EAAOZ,EAAarN,EAAH,4BACxDgO,OAER,CAsC+BE,CAAsBN,EAAmB,mBAChEO,GAAyBjS,MAEzB,QAAarB,IADAiT,EAAeE,KAExB,MAAM,IAAIhJ,WAAW,6BAEzB,MAAMoJ,EAAgBpB,GAAqBF,IAioBnD,SAAgEhP,EAAQgQ,EAAgBnC,EAAeyC,GACnG,MAAMvI,EAAarD,OAAOuE,OAAOsH,GAAgC3U,WACjE,IAAIkS,EAAiB,KAAe,EAChC0C,EAAiB,IAAMnU,OAAoBU,GAC3C0T,EAAiB,IAAMpU,OAAoBU,GAC3C2T,EAAiB,IAAMrU,OAAoBU,QAClBA,IAAzBiT,EAAe/B,QACfH,EAAiB,IAAMkC,EAAe/B,MAAMlG,SAEnBhL,IAAzBiT,EAAeG,QACfK,EAAiBhN,GAASwM,EAAeG,MAAM3M,EAAOuE,SAE7BhL,IAAzBiT,EAAe1G,QACfmH,EAAiB,IAAMT,EAAe1G,cAEbvM,IAAzBiT,EAAeC,QACfS,EAAiBlU,GAAUwT,EAAeC,MAAMzT,IAEpDmU,GAAqC3Q,EAAQ+H,EAAY+F,EAAgB0C,EAAgBC,EAAgBC,EAAgB7C,EAAeyC,EAC5I,CAlpBQM,CAAuDxS,KAAM4R,EADvCjB,GAAqBC,EAAU,GACuCsB,GAK5FO,aACA,IAAKjB,GAAiBxR,MAClB,MAAM0S,GAA4B,UAEtC,OAAOC,GAAuB3S,MAWlC6R,MAAMzT,EAASO,WACX,OAAK6S,GAAiBxR,MAGlB2S,GAAuB3S,MAChB7B,EAAoB,IAAIuB,UAAU,oDAEtCkT,GAAoB5S,KAAM5B,GALtBD,EAAoBuU,GAA4B,UAe/DxH,QACI,OAAKsG,GAAiBxR,MAGlB2S,GAAuB3S,MAChB7B,EAAoB,IAAIuB,UAAU,oDAEzCmT,GAAoC7S,MAC7B7B,EAAoB,IAAIuB,UAAU,2CAEtCoT,GAAoB9S,MARhB7B,EAAoBuU,GAA4B,UAkB/DK,YACI,IAAKvB,GAAiBxR,MAClB,MAAM0S,GAA4B,aAEtC,OAAOM,GAAmChT,OAgBlD,SAASgT,GAAmCpR,GACxC,OAAO,IAAIqR,GAA4BrR,EAC3C,CASA,SAASqQ,GAAyBrQ,GAC9BA,EAAOG,OAAS,WAGhBH,EAAOQ,kBAAezD,EACtBiD,EAAOsR,aAAUvU,EAGjBiD,EAAOuR,+BAA4BxU,EAGnCiD,EAAOwR,eAAiB,IAAItT,EAG5B8B,EAAOyR,2BAAwB1U,EAG/BiD,EAAO0R,mBAAgB3U,EAGvBiD,EAAO2R,2BAAwB5U,EAE/BiD,EAAO4R,0BAAuB7U,EAE9BiD,EAAO6R,eAAgB,CAC3B,CACA,SAASjC,GAAiBrU,GACtB,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,4BAIjD,CACA,SAASwV,GAAuB/Q,GAC5B,YAAuBjD,IAAnBiD,EAAOsR,OAIf,CACA,SAASN,GAAoBhR,EAAQxD,GACjC,MAAMgN,EAAQxJ,EAAOG,OACrB,GAAc,WAAVqJ,GAAgC,YAAVA,EACtB,OAAOnN,OAAoBU,GAE/B,QAAoCA,IAAhCiD,EAAO4R,qBACP,OAAO5R,EAAO4R,qBAAqBE,SAEvC,IAAIC,GAAqB,EACX,aAAVvI,IACAuI,GAAqB,EAErBvV,OAASO,GAEb,MAAML,EAAUP,GAAW,CAACJ,EAASG,KACjC8D,EAAO4R,qBAAuB,CAC1BE,cAAU/U,EACViV,SAAUjW,EACVkW,QAAS/V,EACTgW,QAAS1V,EACT2V,oBAAqBJ,EACxB,IAML,OAJA/R,EAAO4R,qBAAqBE,SAAWpV,EAClCqV,GACDK,GAA4BpS,EAAQxD,GAEjCE,CACX,CACA,SAASwU,GAAoBlR,GACzB,MAAMwJ,EAAQxJ,EAAOG,OACrB,GAAc,WAAVqJ,GAAgC,YAAVA,EACtB,OAAOjN,EAAoB,IAAIuB,UAAU,kBAAkB0L,+DAE/D,MAAM9M,EAAUP,GAAW,CAACJ,EAASG,KACjC,MAAMmW,EAAe,CACjBL,SAAUjW,EACVkW,QAAS/V,GAEb8D,EAAO0R,cAAgBW,CAAY,IAEjCC,EAAStS,EAAOsR,QAgf1B,IAA8CvJ,EA3e1C,YAJehL,IAAXuV,GAAwBtS,EAAO6R,eAA2B,aAAVrI,GAChD+I,GAAiCD,GA+erCrL,GAD0Cc,EA5eL/H,EAAOuR,0BA6eXiB,GAAe,GAChDC,GAAoD1K,GA7e7CrL,CACX,CAYA,SAASgW,GAAgC1S,EAAQqK,GAE/B,aADArK,EAAOG,OAKrBwS,GAA6B3S,GAHzBoS,GAA4BpS,EAAQqK,EAI5C,CACA,SAAS+H,GAA4BpS,EAAQxD,GACzC,MAAMuL,EAAa/H,EAAOuR,0BAC1BvR,EAAOG,OAAS,WAChBH,EAAOQ,aAAehE,EACtB,MAAM8V,EAAStS,EAAOsR,aACPvU,IAAXuV,GACAM,GAAsDN,EAAQ9V,IA8EtE,SAAkDwD,GAC9C,QAAqCjD,IAAjCiD,EAAOyR,4BAAwE1U,IAAjCiD,EAAO2R,sBACrD,OAAO,EAEX,OAAO,CACX,CAjFSkB,CAAyC7S,IAAW+H,EAAWkD,UAChE0H,GAA6B3S,EAErC,CACA,SAAS2S,GAA6B3S,GAClCA,EAAOG,OAAS,UAChBH,EAAOuR,0BAA0BnQ,KACjC,MAAM0R,EAAc9S,EAAOQ,aAK3B,GAJAR,EAAOwR,eAAejS,SAAQwT,IAC1BA,EAAad,QAAQa,EAAY,IAErC9S,EAAOwR,eAAiB,IAAItT,OACQnB,IAAhCiD,EAAO4R,qBAEP,YADAoB,GAAkDhT,GAGtD,MAAMiT,EAAejT,EAAO4R,qBAE5B,GADA5R,EAAO4R,0BAAuB7U,EAC1BkW,EAAad,oBAGb,OAFAc,EAAahB,QAAQa,QACrBE,GAAkDhT,GAItDlD,EADgBkD,EAAOuR,0BAA0BpQ,GAAY8R,EAAaf,UACrD,KACjBe,EAAajB,WACbgB,GAAkDhT,EAAO,IACzDxD,IACAyW,EAAahB,QAAQzV,GACrBwW,GAAkDhT,EAAO,GAEjE,CAuCA,SAASiR,GAAoCjR,GACzC,YAA6BjD,IAAzBiD,EAAO0R,oBAAgE3U,IAAjCiD,EAAO2R,qBAIrD,CAcA,SAASqB,GAAkDhT,QAC1BjD,IAAzBiD,EAAO0R,gBACP1R,EAAO0R,cAAcO,QAAQjS,EAAOQ,cACpCR,EAAO0R,mBAAgB3U,GAE3B,MAAMuV,EAAStS,EAAOsR,aACPvU,IAAXuV,GACAY,GAAiCZ,EAAQtS,EAAOQ,aAExD,CACA,SAAS2S,GAAiCnT,EAAQoT,GAC9C,MAAMd,EAAStS,EAAOsR,aACPvU,IAAXuV,GAAwBc,IAAiBpT,EAAO6R,gBAC5CuB,EAwhBZ,SAAwCd,GACpCe,GAAoCf,EACxC,CAzhBYgB,CAA+BhB,GAG/BC,GAAiCD,IAGzCtS,EAAO6R,cAAgBuB,CAC3B,CA1PA1O,OAAOK,iBAAiB8K,GAAejU,UAAW,CAC9CqU,MAAO,CAAEjL,YAAY,GACrBsE,MAAO,CAAEtE,YAAY,GACrBmM,UAAW,CAAEnM,YAAY,GACzB6L,OAAQ,CAAE7L,YAAY,KAEgB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAe2K,GAAejU,UAAWf,EAAeoK,YAAa,CACxE3I,MAAO,iBACP6I,cAAc,IAuPtB,MAAMkM,GACFlT,YAAY6B,GAGR,GAFAsC,EAAuBtC,EAAQ,EAAG,+BAClC2P,GAAqB3P,EAAQ,mBACzB+Q,GAAuB/Q,GACvB,MAAM,IAAIlC,UAAU,+EAExBM,KAAKmV,qBAAuBvT,EAC5BA,EAAOsR,QAAUlT,KACjB,MAAMoL,EAAQxJ,EAAOG,OACrB,GAAc,aAAVqJ,GACKyH,GAAoCjR,IAAWA,EAAO6R,cACvDwB,GAAoCjV,MAGpCoV,GAA8CpV,MAElDqV,GAAqCrV,WAEpC,GAAc,aAAVoL,EACLkK,GAA8CtV,KAAM4B,EAAOQ,cAC3DiT,GAAqCrV,WAEpC,GAAc,WAAVoL,EACLgK,GAA8CpV,MAgctDqV,GADoDnB,EA9bGlU,MAgcvDuV,GAAkCrB,OA9bzB,CACD,MAAMQ,EAAc9S,EAAOQ,aAC3BkT,GAA8CtV,KAAM0U,GACpDc,GAA+CxV,KAAM0U,GAybjE,IAAwDR,EAlbhDtO,aACA,OAAK6P,GAA8BzV,MAG5BA,KAAK4C,eAFDzE,EAAoBuX,GAAiC,WAYhE1K,kBACA,IAAKyK,GAA8BzV,MAC/B,MAAM0V,GAAiC,eAE3C,QAAkC/W,IAA9BqB,KAAKmV,qBACL,MAAMQ,GAA2B,eAErC,OAuIR,SAAmDzB,GAC/C,MAAMtS,EAASsS,EAAOiB,qBAChB/J,EAAQxJ,EAAOG,OACrB,GAAc,YAAVqJ,GAAiC,aAAVA,EACvB,OAAO,KAEX,GAAc,WAAVA,EACA,OAAO,EAEX,OAAOwK,GAA8ChU,EAAOuR,0BAChE,CAjJe0C,CAA0C7V,MAUjDgO,YACA,OAAKyH,GAA8BzV,MAG5BA,KAAK8V,cAFD3X,EAAoBuX,GAAiC,UAOpE7D,MAAMzT,EAASO,WACX,OAAK8W,GAA8BzV,WAGDrB,IAA9BqB,KAAKmV,qBACEhX,EAAoBwX,GAA2B,UA4ElE,SAA0CzB,EAAQ9V,GAE9C,OAAOwU,GADQsB,EAAOiB,qBACa/W,EACvC,CA7Ee2X,CAAiC/V,KAAM5B,GALnCD,EAAoBuX,GAAiC,UAUpExK,QACI,IAAKuK,GAA8BzV,MAC/B,OAAO7B,EAAoBuX,GAAiC,UAEhE,MAAM9T,EAAS5B,KAAKmV,qBACpB,YAAexW,IAAXiD,EACOzD,EAAoBwX,GAA2B,UAEtD9C,GAAoCjR,GAC7BzD,EAAoB,IAAIuB,UAAU,2CAEtCsW,GAAiChW,MAY5CqG,cACI,IAAKoP,GAA8BzV,MAC/B,MAAM0V,GAAiC,oBAG5B/W,IADAqB,KAAKmV,sBAIpBc,GAAmCjW,MAEvC+R,MAAM3M,EAAQzG,WACV,OAAK8W,GAA8BzV,WAGDrB,IAA9BqB,KAAKmV,qBACEhX,EAAoBwX,GAA2B,aAEnDO,GAAiClW,KAAMoF,GALnCjH,EAAoBuX,GAAiC,WAwBxE,SAASD,GAA8BtY,GACnC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,uBAIjD,CAMA,SAAS6Y,GAAiC9B,GAEtC,OAAOpB,GADQoB,EAAOiB,qBAE1B,CAYA,SAASgB,GAAuDjC,EAAQjI,GACjC,YAA/BiI,EAAOkC,oBACPtB,GAAiCZ,EAAQjI,GAkTjD,SAAmDiI,EAAQ9V,GACvDoX,GAA+CtB,EAAQ9V,EAC3D,CAjTQiY,CAA0CnC,EAAQjI,EAE1D,CACA,SAASuI,GAAsDN,EAAQjI,GACjC,YAA9BiI,EAAOoC,mBACPC,GAAgCrC,EAAQjI,GAkVhD,SAAkDiI,EAAQ9V,GACtDkX,GAA8CpB,EAAQ9V,EAC1D,CAjVQoY,CAAyCtC,EAAQjI,EAEzD,CAYA,SAASgK,GAAmC/B,GACxC,MAAMtS,EAASsS,EAAOiB,qBAChBsB,EAAgB,IAAI/W,UAAU,oFACpC8U,GAAsDN,EAAQuC,GAG9DN,GAAuDjC,EAAQuC,GAC/D7U,EAAOsR,aAAUvU,EACjBuV,EAAOiB,0BAAuBxW,CAClC,CACA,SAASuX,GAAiChC,EAAQ9O,GAC9C,MAAMxD,EAASsS,EAAOiB,qBAChBxL,EAAa/H,EAAOuR,0BACpBuD,EAqIV,SAAqD/M,EAAYvE,GAC7D,IACI,OAAOuE,EAAWgN,uBAAuBvR,GAE7C,MAAOwR,GAEH,OADAC,GAA6ClN,EAAYiN,GAClD,EAEf,CA7IsBE,CAA4CnN,EAAYvE,GAC1E,GAAIxD,IAAWsS,EAAOiB,qBAClB,OAAOhX,EAAoBwX,GAA2B,aAE1D,MAAMvK,EAAQxJ,EAAOG,OACrB,GAAc,YAAVqJ,EACA,OAAOjN,EAAoByD,EAAOQ,cAEtC,GAAIyQ,GAAoCjR,IAAqB,WAAVwJ,EAC/C,OAAOjN,EAAoB,IAAIuB,UAAU,6DAE7C,GAAc,aAAV0L,EACA,OAAOjN,EAAoByD,EAAOQ,cAEtC,MAAM9D,EArXV,SAAuCsD,GAQnC,OAPgB7D,GAAW,CAACJ,EAASG,KACjC,MAAM6W,EAAe,CACjBf,SAAUjW,EACVkW,QAAS/V,GAEb8D,EAAOwR,eAAe5S,KAAKmU,EAAa,GAGhD,CA4WoBoC,CAA8BnV,GAE9C,OAiIJ,SAA8C+H,EAAYvE,EAAOsR,GAC7D,IACI7N,GAAqBc,EAAYvE,EAAOsR,GAE5C,MAAOM,GAEH,YADAH,GAA6ClN,EAAYqN,GAG7D,MAAMpV,EAAS+H,EAAWsN,0BAC1B,IAAKpE,GAAoCjR,IAA6B,aAAlBA,EAAOG,OAAuB,CAE9EgT,GAAiCnT,EADZsV,GAA+CvN,IAGxE0K,GAAoD1K,EACxD,CAhJIwN,CAAqCxN,EAAYvE,EAAOsR,GACjDpY,CACX,CAtGAgI,OAAOK,iBAAiBsM,GAA4BzV,UAAW,CAC3DqU,MAAO,CAAEjL,YAAY,GACrBsE,MAAO,CAAEtE,YAAY,GACrBP,YAAa,CAAEO,YAAY,GAC3BmL,MAAO,CAAEnL,YAAY,GACrBhB,OAAQ,CAAEgB,YAAY,GACtBoE,YAAa,CAAEpE,YAAY,GAC3BoH,MAAO,CAAEpH,YAAY,KAEiB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAemM,GAA4BzV,UAAWf,EAAeoK,YAAa,CACrF3I,MAAO,8BACP6I,cAAc,IA2FtB,MAAMqN,GAAgB,GAMtB,MAAMjC,GACFpS,cACI,MAAM,IAAIL,UAAU,uBASxBuM,MAAM7F,EAAIzH,WACN,IAgCR,SAA2CxB,GACvC,IAAKD,EAAaC,GACd,OAAO,EAEX,IAAKmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,6BACzC,OAAO,EAEX,OAAO,CACX,CAxCaia,CAAkCpX,MACnC,MAAM,IAAIN,UAAU,yGAGV,aADAM,KAAKiX,0BAA0BlV,QAM7CsV,GAAqCrX,KAAMoG,GAG/CrD,CAACA,GAAY3E,GACT,MAAMwJ,EAAS5H,KAAKsX,gBAAgBlZ,GAEpC,OADAmZ,GAA+CvX,MACxC4H,EAGX5E,CAACA,KACG+F,GAAW/I,OAsBnB,SAASuS,GAAqC3Q,EAAQ+H,EAAY+F,EAAgB0C,EAAgBC,EAAgBC,EAAgB7C,EAAeyC,GAC7IvI,EAAWsN,0BAA4BrV,EACvCA,EAAOuR,0BAA4BxJ,EAEnCA,EAAWjB,YAAS/J,EACpBgL,EAAWhB,qBAAkBhK,EAC7BoK,GAAWY,GACXA,EAAWkD,UAAW,EACtBlD,EAAWgN,uBAAyBzE,EACpCvI,EAAW2F,aAAeG,EAC1B9F,EAAW6N,gBAAkBpF,EAC7BzI,EAAW8N,gBAAkBpF,EAC7B1I,EAAW2N,gBAAkBhF,EAC7B,MAAM0C,EAAekC,GAA+CvN,GACpEoL,GAAiCnT,EAAQoT,GAGzCtW,EADqBT,EADDyR,MAEM,KACtB/F,EAAWkD,UAAW,EACtBwH,GAAoD1K,EAAW,IAChEoG,IACCpG,EAAWkD,UAAW,EACtByH,GAAgC1S,EAAQmO,EAAE,GAElD,CAsBA,SAASwH,GAA+C5N,GACpDA,EAAW6N,qBAAkB7Y,EAC7BgL,EAAW8N,qBAAkB9Y,EAC7BgL,EAAW2N,qBAAkB3Y,EAC7BgL,EAAWgN,4BAAyBhY,CACxC,CAcA,SAASiX,GAA8CjM,GACnD,OAAOA,EAAW2F,aAAe3F,EAAWhB,eAChD,CAiBA,SAAS0L,GAAoD1K,GACzD,MAAM/H,EAAS+H,EAAWsN,0BAC1B,IAAKtN,EAAWkD,SACZ,OAEJ,QAAqClO,IAAjCiD,EAAOyR,sBACP,OAGJ,GAAc,aADAzR,EAAOG,OAGjB,YADAwS,GAA6B3S,GAGjC,GAAiC,IAA7B+H,EAAWjB,OAAOnI,OAClB,OAEJ,MAAMrC,EAAuByL,EA1kDNjB,OAAOnH,OAClBrD,MA0kDRA,IAAUkW,GAYlB,SAAqDzK,GACjD,MAAM/H,EAAS+H,EAAWsN,2BA1b9B,SAAgDrV,GAC5CA,EAAO2R,sBAAwB3R,EAAO0R,cACtC1R,EAAO0R,mBAAgB3U,CAC3B,EAwbI+Y,CAAuC9V,GACvC2G,GAAaoB,GACb,MAAMgO,EAAmBhO,EAAW8N,kBACpCF,GAA+C5N,GAC/CjL,EAAYiZ,GAAkB,MAxelC,SAA2C/V,GACvCA,EAAO2R,sBAAsBK,cAASjV,GACtCiD,EAAO2R,2BAAwB5U,EAEjB,aADAiD,EAAOG,SAGjBH,EAAOQ,kBAAezD,OACcA,IAAhCiD,EAAO4R,uBACP5R,EAAO4R,qBAAqBI,WAC5BhS,EAAO4R,0BAAuB7U,IAGtCiD,EAAOG,OAAS,SAChB,MAAMmS,EAAStS,EAAOsR,aACPvU,IAAXuV,GACAqB,GAAkCrB,EAE1C,CAwdQ0D,CAAkChW,EAAO,IAC1CxD,KAxdP,SAAoDwD,EAAQqK,GACxDrK,EAAO2R,sBAAsBM,QAAQ5H,GACrCrK,EAAO2R,2BAAwB5U,OAEKA,IAAhCiD,EAAO4R,uBACP5R,EAAO4R,qBAAqBK,QAAQ5H,GACpCrK,EAAO4R,0BAAuB7U,GAElC2V,GAAgC1S,EAAQqK,EAC5C,CAgdQ4L,CAA2CjW,EAAQxD,EAAO,GAElE,CAtBQ0Z,CAA4CnO,GAuBpD,SAAqDA,EAAYvE,GAC7D,MAAMxD,EAAS+H,EAAWsN,2BAlc9B,SAAqDrV,GACjDA,EAAOyR,sBAAwBzR,EAAOwR,eAAevS,OACzD,CAicIkX,CAA4CnW,GAC5C,MAAMoW,EAAmBrO,EAAW6N,gBAAgBpS,GACpD1G,EAAYsZ,GAAkB,MA3flC,SAA2CpW,GACvCA,EAAOyR,sBAAsBO,cAASjV,GACtCiD,EAAOyR,2BAAwB1U,CACnC,CAyfQsZ,CAAkCrW,GAClC,MAAMwJ,EAAQxJ,EAAOG,OAErB,GADAwG,GAAaoB,IACRkJ,GAAoCjR,IAAqB,aAAVwJ,EAAsB,CACtE,MAAM4J,EAAekC,GAA+CvN,GACpEoL,GAAiCnT,EAAQoT,GAE7CX,GAAoD1K,EAAW,IAChEvL,IACuB,aAAlBwD,EAAOG,QACPwV,GAA+C5N,GAlgB3D,SAAoD/H,EAAQqK,GACxDrK,EAAOyR,sBAAsBQ,QAAQ5H,GACrCrK,EAAOyR,2BAAwB1U,EAC/B2V,GAAgC1S,EAAQqK,EAC5C,CAggBQiM,CAA2CtW,EAAQxD,EAAO,GAElE,CAvCQ+Z,CAA4CxO,EAAYzL,EAEhE,CACA,SAAS2Y,GAA6ClN,EAAYsC,GACV,aAAhDtC,EAAWsN,0BAA0BlV,QACrCsV,GAAqC1N,EAAYsC,EAEzD,CAiCA,SAASiL,GAA+CvN,GAEpD,OADoBiM,GAA8CjM,IAC5C,CAC1B,CAEA,SAAS0N,GAAqC1N,EAAYsC,GACtD,MAAMrK,EAAS+H,EAAWsN,0BAC1BM,GAA+C5N,GAC/CqK,GAA4BpS,EAAQqK,EACxC,CAEA,SAASyG,GAA4B/P,GACjC,OAAO,IAAIjD,UAAU,4BAA4BiD,yCACrD,CAEA,SAAS+S,GAAiC/S,GACtC,OAAO,IAAIjD,UAAU,yCAAyCiD,sDAClE,CACA,SAASgT,GAA2BhT,GAChC,OAAO,IAAIjD,UAAU,UAAYiD,EAAO,oCAC5C,CACA,SAAS0S,GAAqCnB,GAC1CA,EAAOtR,eAAiB7E,GAAW,CAACJ,EAASG,KACzCoW,EAAOrR,uBAAyBlF,EAChCuW,EAAOpR,sBAAwBhF,EAC/BoW,EAAOkC,oBAAsB,SAAS,GAE9C,CACA,SAASZ,GAA+CtB,EAAQ9V,GAC5DiX,GAAqCnB,GACrCY,GAAiCZ,EAAQ9V,EAC7C,CAKA,SAAS0W,GAAiCZ,EAAQ9V,QACTO,IAAjCuV,EAAOpR,wBAGX7D,EAA0BiV,EAAOtR,gBACjCsR,EAAOpR,sBAAsB1E,GAC7B8V,EAAOrR,4BAAyBlE,EAChCuV,EAAOpR,2BAAwBnE,EAC/BuV,EAAOkC,oBAAsB,WACjC,CAIA,SAASb,GAAkCrB,QACDvV,IAAlCuV,EAAOrR,yBAGXqR,EAAOrR,4BAAuBlE,GAC9BuV,EAAOrR,4BAAyBlE,EAChCuV,EAAOpR,2BAAwBnE,EAC/BuV,EAAOkC,oBAAsB,WACjC,CACA,SAASnB,GAAoCf,GACzCA,EAAO4B,cAAgB/X,GAAW,CAACJ,EAASG,KACxCoW,EAAOkE,sBAAwBza,EAC/BuW,EAAOmE,qBAAuBva,CAAM,IAExCoW,EAAOoC,mBAAqB,SAChC,CACA,SAAShB,GAA8CpB,EAAQ9V,GAC3D6W,GAAoCf,GACpCqC,GAAgCrC,EAAQ9V,EAC5C,CACA,SAASgX,GAA8ClB,GACnDe,GAAoCf,GACpCC,GAAiCD,EACrC,CACA,SAASqC,GAAgCrC,EAAQ9V,QACTO,IAAhCuV,EAAOmE,uBAGXpZ,EAA0BiV,EAAO4B,eACjC5B,EAAOmE,qBAAqBja,GAC5B8V,EAAOkE,2BAAwBzZ,EAC/BuV,EAAOmE,0BAAuB1Z,EAC9BuV,EAAOoC,mBAAqB,WAChC,CAOA,SAASnC,GAAiCD,QACDvV,IAAjCuV,EAAOkE,wBAGXlE,EAAOkE,2BAAsBzZ,GAC7BuV,EAAOkE,2BAAwBzZ,EAC/BuV,EAAOmE,0BAAuB1Z,EAC9BuV,EAAOoC,mBAAqB,YAChC,CArQAhQ,OAAOK,iBAAiBwL,GAAgC3U,UAAW,CAC/DyO,MAAO,CAAErF,YAAY,KAEiB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeqL,GAAgC3U,UAAWf,EAAeoK,YAAa,CACzF3I,MAAO,kCACP6I,cAAc,IA+QtB,MAAMuR,GAA6C,oBAAjBC,aAA+BA,kBAAe5Z,EA6BhF,MAAM6Z,GA1BN,SAAmCjI,GAC/B,GAAsB,mBAATA,GAAuC,iBAATA,EACvC,OAAO,EAEX,IAEI,OADA,IAAIA,GACG,EAEX,MAAOkI,GACH,OAAO,EAEf,CAeuBC,CAA0BJ,IAAsBA,GAdvE,WAEI,MAAM/H,EAAO,SAAsBoI,EAAShW,GACxC3C,KAAK2Y,QAAUA,GAAW,GAC1B3Y,KAAK2C,KAAOA,GAAQ,QAChBiW,MAAMC,mBACND,MAAMC,kBAAkB7Y,KAAMA,KAAKD,cAK3C,OADAuG,OAAOQ,eADPyJ,EAAK/S,UAAY8I,OAAOuE,OAAO+N,MAAMpb,WACC,cAAe,CAAEU,MAAOqS,EAAMuI,UAAU,EAAM/R,cAAc,IAC3FwJ,CACX,CAE4FwI,GAE5F,SAASC,GAAqBC,EAAQ5K,EAAM6K,EAAcC,EAAcjS,EAAekS,GACnF,MAAMzX,EAASmD,EAAmCmU,GAC5C/E,EAASlB,GAAmC3E,GAClD4K,EAAOzS,YAAa,EACpB,IAAI6S,GAAe,EAEfC,EAAerb,OAAoBU,GACvC,OAAOZ,GAAW,CAACJ,EAASG,KACxB,IAAIwU,EACJ,QAAe3T,IAAXya,EAAsB,CAsBtB,GArBA9G,EAAiB,KACb,MAAMrG,EAAQ,IAAIuM,GAAe,UAAW,cACtCe,EAAU,GACXJ,GACDI,EAAQ/Y,MAAK,IACW,aAAhB6N,EAAKtM,OACE6Q,GAAoBvE,EAAMpC,GAE9BhO,OAAoBU,KAG9BuI,GACDqS,EAAQ/Y,MAAK,IACa,aAAlByY,EAAOlX,OACAO,GAAqB2W,EAAQhN,GAEjChO,OAAoBU,KAGnC6a,GAAmB,IAAMlc,QAAQmc,IAAIF,EAAQG,KAAIC,GAAUA,SAAY,EAAM1N,EAAM,EAEnFmN,EAAOQ,QAEP,YADAtH,IAGJ8G,EAAOS,iBAAiB,QAASvH,GAyFrC,IAA2B1Q,EAAQtD,EAASqb,EAxB5C,GA3BAG,EAAmBb,EAAQtX,EAAOiB,gBAAgB8R,IACzCyE,EAIDY,GAAS,EAAMrF,GAHf8E,GAAmB,IAAM5G,GAAoBvE,EAAMqG,KAAc,EAAMA,MAO/EoF,EAAmBzL,EAAM6F,EAAOtR,gBAAgB8R,IACvCxN,EAID6S,GAAS,EAAMrF,GAHf8E,GAAmB,IAAMlX,GAAqB2W,EAAQvE,KAAc,EAAMA,MAwCvD9S,EAjCTqX,EAiCiB3a,EAjCTqD,EAAOiB,eAiCW+W,EAjCK,KACxCT,EAIDa,IAHAP,GAAmB,IA9fnC,SAA8DtF,GAC1D,MAAMtS,EAASsS,EAAOiB,qBAChB/J,EAAQxJ,EAAOG,OACrB,OAAI8Q,GAAoCjR,IAAqB,WAAVwJ,EACxCnN,OAAoBU,GAEjB,YAAVyM,EACOjN,EAAoByD,EAAOQ,cAE/B4T,GAAiC9B,EAC5C,CAofyC8F,CAAqD9F,MAgC5D,WAAlBtS,EAAOG,OACP4X,IAGA/a,EAAgBN,EAASqb,GA7B7B9G,GAAoCxE,IAAyB,WAAhBA,EAAKtM,OAAqB,CACvE,MAAMkY,EAAa,IAAIva,UAAU,+EAC5BwH,EAID6S,GAAS,EAAME,GAHfT,GAAmB,IAAMlX,GAAqB2W,EAAQgB,KAAa,EAAMA,GAOjF,SAASC,IAGL,MAAMC,EAAkBb,EACxB,OAAOjb,EAAmBib,GAAc,IAAMa,IAAoBb,EAAeY,SAA0Bvb,IAE/G,SAASmb,EAAmBlY,EAAQtD,EAASqb,GACnB,YAAlB/X,EAAOG,OACP4X,EAAO/X,EAAOQ,cAGdvD,EAAcP,EAASqb,GAW/B,SAASH,EAAmBG,EAAQS,EAAiBC,GAWjD,SAASC,IACL5b,EAAYib,KAAU,IAAMY,EAASH,EAAiBC,KAAgBG,GAAYD,GAAS,EAAMC,KAXjGnB,IAGJA,GAAe,EACK,aAAhBhL,EAAKtM,QAA0B8Q,GAAoCxE,GAInEiM,IAHA1b,EAAgBsb,IAAyBI,IASjD,SAASP,EAASU,EAASxO,GACnBoN,IAGJA,GAAe,EACK,aAAhBhL,EAAKtM,QAA0B8Q,GAAoCxE,GAInEkM,EAASE,EAASxO,GAHlBrN,EAAgBsb,KAAyB,IAAMK,EAASE,EAASxO,MAMzE,SAASsO,EAASE,EAASxO,GACvBgK,GAAmC/B,GACnC3R,EAAmCZ,QACpBhD,IAAXya,GACAA,EAAOsB,oBAAoB,QAASpI,GAEpCmI,EACA3c,EAAOmO,GAGPtO,OAAQgB,GA5DhBM,EApEWlB,GAAW,CAAC4c,EAAaC,MAC5B,SAAStT,EAAKjC,GACNA,EACAsV,IAKAtc,EAORgb,EACOpb,GAAoB,GAExBI,EAAmB6V,EAAO4B,eAAe,IACrC/X,GAAW,CAAC8c,EAAaC,KAC5B5U,EAAgCvE,EAAQ,CACpC4D,YAAaH,IACTkU,EAAejb,EAAmB6X,GAAiChC,EAAQ9O,QAAQzG,EAAW9B,GAC9Fge,GAAY,EAAM,EAEtBvV,YAAa,IAAMuV,GAAY,GAC/B1U,YAAa2U,GACf,MAnBiCxT,EAAMsT,GAG7CtT,EAAK,EAAM,OAyH3B,CAOA,MAAMyT,GACFhb,cACI,MAAM,IAAIL,UAAU,uBAMpBsL,kBACA,IAAKgQ,GAAkChb,MACnC,MAAMib,GAAuC,eAEjD,OAAOC,GAA8Clb,MAMzDkL,QACI,IAAK8P,GAAkChb,MACnC,MAAMib,GAAuC,SAEjD,IAAKE,GAAiDnb,MAClD,MAAM,IAAIN,UAAU,mDAExB0b,GAAqCpb,MAEzC0L,QAAQtG,EAAQzG,WACZ,IAAKqc,GAAkChb,MACnC,MAAMib,GAAuC,WAEjD,IAAKE,GAAiDnb,MAClD,MAAM,IAAIN,UAAU,qDAExB,OAAO2b,GAAuCrb,KAAMoF,GAKxD6G,MAAM7F,EAAIzH,WACN,IAAKqc,GAAkChb,MACnC,MAAMib,GAAuC,SAEjDK,GAAqCtb,KAAMoG,GAG/CnD,CAACA,GAAa7E,GACV2K,GAAW/I,MACX,MAAM4H,EAAS5H,KAAKkM,iBAAiB9N,GAErC,OADAmd,GAA+Cvb,MACxC4H,EAGX1E,CAACA,GAAW+B,GACR,MAAMrD,EAAS5B,KAAKwb,0BACpB,GAAIxb,KAAK0I,OAAOnI,OAAS,EAAG,CACxB,MAAM6E,EAAQmD,GAAavI,MACvBA,KAAKmL,iBAA0C,IAAvBnL,KAAK0I,OAAOnI,QACpCgb,GAA+Cvb,MAC/CwL,GAAoB5J,IAGpB6Z,GAAgDzb,MAEpDiF,EAAYM,YAAYH,QAGxBJ,EAA6BpD,EAAQqD,GACrCwW,GAAgDzb,OAiB5D,SAASgb,GAAkC7d,GACvC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,4BAIjD,CACA,SAASse,GAAgD9R,GAErD,IADmB+R,GAA8C/R,GAE7D,OAEJ,GAAIA,EAAWqD,SAEX,YADArD,EAAWsD,YAAa,GAG5BtD,EAAWqD,UAAW,EAEtBtO,EADoBiL,EAAWuD,kBACN,KACrBvD,EAAWqD,UAAW,EAClBrD,EAAWsD,aACXtD,EAAWsD,YAAa,EACxBwO,GAAgD9R,OAErDvD,IACCkV,GAAqC3R,EAAYvD,EAAE,GAE3D,CACA,SAASsV,GAA8C/R,GACnD,MAAM/H,EAAS+H,EAAW6R,0BAC1B,IAAKL,GAAiDxR,GAClD,OAAO,EAEX,IAAKA,EAAWkD,SACZ,OAAO,EAEX,GAAIlH,GAAuB/D,IAAW4D,EAAiC5D,GAAU,EAC7E,OAAO,EAGX,OADoBsZ,GAA8CvR,GAChD,CAItB,CACA,SAAS4R,GAA+C5R,GACpDA,EAAWuD,oBAAiBvO,EAC5BgL,EAAWuC,sBAAmBvN,EAC9BgL,EAAWgN,4BAAyBhY,CACxC,CAEA,SAASyc,GAAqCzR,GAC1C,IAAKwR,GAAiDxR,GAClD,OAEJ,MAAM/H,EAAS+H,EAAW6R,0BAC1B7R,EAAWwB,iBAAkB,EACI,IAA7BxB,EAAWjB,OAAOnI,SAClBgb,GAA+C5R,GAC/C6B,GAAoB5J,GAE5B,CACA,SAASyZ,GAAuC1R,EAAYvE,GACxD,IAAK+V,GAAiDxR,GAClD,OAEJ,MAAM/H,EAAS+H,EAAW6R,0BAC1B,GAAI7V,GAAuB/D,IAAW4D,EAAiC5D,GAAU,EAC7EuD,EAAiCvD,EAAQwD,GAAO,OAE/C,CACD,IAAIsR,EACJ,IACIA,EAAY/M,EAAWgN,uBAAuBvR,GAElD,MAAOwR,GAEH,MADA0E,GAAqC3R,EAAYiN,GAC3CA,EAEV,IACI/N,GAAqBc,EAAYvE,EAAOsR,GAE5C,MAAOM,GAEH,MADAsE,GAAqC3R,EAAYqN,GAC3CA,GAGdyE,GAAgD9R,EACpD,CACA,SAAS2R,GAAqC3R,EAAYvD,GACtD,MAAMxE,EAAS+H,EAAW6R,0BACJ,aAAlB5Z,EAAOG,SAGXgH,GAAWY,GACX4R,GAA+C5R,GAC/C0F,GAAoBzN,EAAQwE,GAChC,CACA,SAAS8U,GAA8CvR,GACnD,MAAMyB,EAAQzB,EAAW6R,0BAA0BzZ,OACnD,MAAc,YAAVqJ,EACO,KAEG,WAAVA,EACO,EAEJzB,EAAW2F,aAAe3F,EAAWhB,eAChD,CAQA,SAASwS,GAAiDxR,GACtD,MAAMyB,EAAQzB,EAAW6R,0BAA0BzZ,OACnD,OAAK4H,EAAWwB,iBAA6B,aAAVC,CAIvC,CACA,SAASuQ,GAAqC/Z,EAAQ+H,EAAY+F,EAAgBC,EAAeC,EAAiBH,EAAeyC,GAC7HvI,EAAW6R,0BAA4B5Z,EACvC+H,EAAWjB,YAAS/J,EACpBgL,EAAWhB,qBAAkBhK,EAC7BoK,GAAWY,GACXA,EAAWkD,UAAW,EACtBlD,EAAWwB,iBAAkB,EAC7BxB,EAAWsD,YAAa,EACxBtD,EAAWqD,UAAW,EACtBrD,EAAWgN,uBAAyBzE,EACpCvI,EAAW2F,aAAeG,EAC1B9F,EAAWuD,eAAiByC,EAC5BhG,EAAWuC,iBAAmB0D,EAC9BhO,EAAO6E,0BAA4BkD,EAEnCjL,EAAYT,EADQyR,MAC0B,KAC1C/F,EAAWkD,UAAW,EACtB4O,GAAgD9R,EAAW,IAC5DoG,IACCuL,GAAqC3R,EAAYoG,EAAE,GAE3D,CAkBA,SAASkL,GAAuCtY,GAC5C,OAAO,IAAIjD,UAAU,6CAA6CiD,0DACtE,CAwHA,SAASiZ,GAAsCvc,EAAI8R,EAAUrN,GAEzD,OADAC,EAAe1E,EAAIyE,GACX1F,GAAWyB,EAAYR,EAAI8R,EAAU,CAAC/S,GAClD,CACA,SAASyd,GAAoCxc,EAAI8R,EAAUrN,GAEvD,OADAC,EAAe1E,EAAIyE,GACX6F,GAAe9J,EAAYR,EAAI8R,EAAU,CAACxH,GACtD,CACA,SAASmS,GAAqCzc,EAAI8R,EAAUrN,GAExD,OADAC,EAAe1E,EAAIyE,GACX6F,GAAerK,EAAYD,EAAI8R,EAAU,CAACxH,GACtD,CACA,SAASoS,GAA0BjK,EAAMhO,GAErC,GAAa,WADbgO,EAAO,GAAGA,GAEN,MAAM,IAAIpS,UAAU,GAAGoE,MAAYgO,8DAEvC,OAAOA,CACX,CASA,SAASkK,GAAgCC,EAAMnY,GAE3C,GAAa,UADbmY,EAAO,GAAGA,GAEN,MAAM,IAAIvc,UAAU,GAAGoE,MAAYmY,oEAEvC,OAAOA,CACX,CAQA,SAASC,GAAmBC,EAASrY,GACjCF,EAAiBuY,EAASrY,GAC1B,MAAMqV,EAAegD,aAAyC,EAASA,EAAQhD,aACzEjS,EAAgBiV,aAAyC,EAASA,EAAQjV,cAC1EgS,EAAeiD,aAAyC,EAASA,EAAQjD,aACzEE,EAAS+C,aAAyC,EAASA,EAAQ/C,OAIzE,YAHeza,IAAXya,GAUR,SAA2BA,EAAQtV,GAC/B,IA7oBJ,SAAuB5F,GACnB,GAAqB,iBAAVA,GAAgC,OAAVA,EAC7B,OAAO,EAEX,IACI,MAAgC,kBAAlBA,EAAM0b,QAExB,MAAOnB,GAEH,OAAO,EAEf,CAkoBS2D,CAAchD,GACf,MAAM,IAAI1Z,UAAaoE,EAAH,0BAE5B,CAbQuY,CAAkBjD,EAAWtV,EAAH,6BAEvB,CACHqV,eAAsBA,EACtBjS,gBAAuBA,EACvBgS,eAAsBA,EACtBE,SAER,CAlWA9S,OAAOK,iBAAiBoU,GAAgCvd,UAAW,CAC/D0N,MAAO,CAAEtE,YAAY,GACrB8E,QAAS,CAAE9E,YAAY,GACvBqF,MAAO,CAAErF,YAAY,GACrBoE,YAAa,CAAEpE,YAAY,KAEW,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeiU,GAAgCvd,UAAWf,EAAeoK,YAAa,CACzF3I,MAAO,kCACP6I,cAAc,IAgXtB,MAAMuV,GACFvc,YAAYwc,EAAsB,GAAI5K,EAAc,SACpBhT,IAAxB4d,EACAA,EAAsB,KAGtBvY,EAAauY,EAAqB,mBAEtC,MAAM3L,EAAWG,GAAuBY,EAAa,oBAC/C6K,EAhHd,SAA8CvD,EAAQnV,GAClDF,EAAiBqV,EAAQnV,GACzB,MAAMqN,EAAW8H,EACX5M,EAAwB8E,aAA2C,EAASA,EAAS9E,sBACrFvG,EAASqL,aAA2C,EAASA,EAASrL,OACtEgK,EAAOqB,aAA2C,EAASA,EAASrB,KACpED,EAAQsB,aAA2C,EAASA,EAAStB,MACrEiC,EAAOX,aAA2C,EAASA,EAASW,KAC1E,MAAO,CACHzF,2BAAiD1N,IAA1B0N,OACnB1N,EACA6F,EAAwC6H,EAA0BvI,EAAH,4CACnEgC,YAAmBnH,IAAXmH,OACJnH,EACAid,GAAsC9V,EAAQqL,EAAarN,EAAH,6BAC5DgM,UAAenR,IAATmR,OACFnR,EACAkd,GAAoC/L,EAAMqB,EAAarN,EAAH,2BACxD+L,WAAiBlR,IAAVkR,OACHlR,EACAmd,GAAqCjM,EAAOsB,EAAarN,EAAH,4BAC1DgO,UAAenT,IAATmT,OAAqBnT,EAAYod,GAA0BjK,EAAShO,EAAH,2BAE/E,CAyFiC2Y,CAAqCF,EAAqB,mBAEnF,GADAG,GAAyB1c,MACK,UAA1Bwc,EAAiB1K,KAAkB,CACnC,QAAsBnT,IAAlBiS,EAAShI,KACT,MAAM,IAAIE,WAAW,8DAGzByG,GAAsDvP,KAAMwc,EADtC7L,GAAqBC,EAAU,QAGpD,CACD,MAAMsB,EAAgBpB,GAAqBF,IA7OvD,SAAkEhP,EAAQ4a,EAAkB/M,EAAeyC,GACvG,MAAMvI,EAAarD,OAAOuE,OAAOkQ,GAAgCvd,WACjE,IAAIkS,EAAiB,KAAe,EAChCC,EAAgB,IAAM1R,OAAoBU,GAC1CiR,EAAkB,IAAM3R,OAAoBU,QACjBA,IAA3B6d,EAAiB3M,QACjBH,EAAiB,IAAM8M,EAAiB3M,MAAMlG,SAEpBhL,IAA1B6d,EAAiB1M,OACjBH,EAAgB,IAAM6M,EAAiB1M,KAAKnG,SAEhBhL,IAA5B6d,EAAiB1W,SACjB8J,EAAkBxR,GAAUoe,EAAiB1W,OAAO1H,IAExDud,GAAqC/Z,EAAQ+H,EAAY+F,EAAgBC,EAAeC,EAAiBH,EAAeyC,EAC5H,CAgOYyK,CAAyD3c,KAAMwc,EADzC7L,GAAqBC,EAAU,GAC2CsB,IAMpGO,aACA,IAAK5N,GAAiB7E,MAClB,MAAM4c,GAA4B,UAEtC,OAAOjX,GAAuB3F,MAQlC8F,OAAO1H,EAASO,WACZ,OAAKkG,GAAiB7E,MAGlB2F,GAAuB3F,MAChB7B,EAAoB,IAAIuB,UAAU,qDAEtC4C,GAAqBtC,KAAM5B,GALvBD,EAAoBye,GAA4B,WAO/DC,UAAUC,EAAane,WACnB,IAAKkG,GAAiB7E,MAClB,MAAM4c,GAA4B,aAGtC,YAAqBje,IAhH7B,SAA8Bwd,EAASrY,GACnCF,EAAiBuY,EAASrY,GAC1B,MAAMmY,EAAOE,aAAyC,EAASA,EAAQF,KACvE,MAAO,CACHA,UAAetd,IAATsd,OAAqBtd,EAAYqd,GAAgCC,EAASnY,EAAH,2BAErF,CAyGwBiZ,CAAqBD,EAAY,mBACrCb,KACDnX,EAAmC9E,MA1zD3C,IAAImQ,GA4zDgCnQ,MAE3Cgd,YAAYC,EAAcH,EAAa,IACnC,IAAKjY,GAAiB7E,MAClB,MAAM4c,GAA4B,eAEtC1Y,EAAuB+Y,EAAc,EAAG,eACxC,MAAMC,EA/Ed,SAAqCzU,EAAM3E,GACvCF,EAAiB6E,EAAM3E,GACvB,MAAMqZ,EAAW1U,aAAmC,EAASA,EAAK0U,SAClE/Y,EAAoB+Y,EAAU,WAAY,wBAC1CvY,EAAqBuY,EAAarZ,EAAH,+BAC/B,MAAMgV,EAAWrQ,aAAmC,EAASA,EAAKqQ,SAGlE,OAFA1U,EAAoB0U,EAAU,WAAY,wBAC1CvH,GAAqBuH,EAAahV,EAAH,+BACxB,CAAEqZ,WAAUrE,WACvB,CAsE0BsE,CAA4BH,EAAc,mBACtDd,EAAUD,GAAmBY,EAAY,oBAC/C,GAAInX,GAAuB3F,MACvB,MAAM,IAAIN,UAAU,kFAExB,GAAIiT,GAAuBuK,EAAUpE,UACjC,MAAM,IAAIpZ,UAAU,kFAIxB,OADAT,EADgB+Z,GAAqBhZ,KAAMkd,EAAUpE,SAAUqD,EAAQjD,aAAciD,EAAQhD,aAAcgD,EAAQjV,cAAeiV,EAAQ/C,SAEnI8D,EAAUC,SAErBE,OAAOC,EAAaR,EAAa,IAC7B,IAAKjY,GAAiB7E,MAClB,OAAO7B,EAAoBye,GAA4B,WAE3D,QAAoBje,IAAhB2e,EACA,OAAOnf,EAAoB,wCAE/B,IAAKqT,GAAiB8L,GAClB,OAAOnf,EAAoB,IAAIuB,UAAU,8EAE7C,IAAIyc,EACJ,IACIA,EAAUD,GAAmBY,EAAY,oBAE7C,MAAO1W,GACH,OAAOjI,EAAoBiI,GAE/B,OAAIT,GAAuB3F,MAChB7B,EAAoB,IAAIuB,UAAU,8EAEzCiT,GAAuB2K,GAChBnf,EAAoB,IAAIuB,UAAU,8EAEtCsZ,GAAqBhZ,KAAMsd,EAAanB,EAAQjD,aAAciD,EAAQhD,aAAcgD,EAAQjV,cAAeiV,EAAQ/C,QAa9HmE,MACI,IAAK1Y,GAAiB7E,MAClB,MAAM4c,GAA4B,OAEtC,MAAMY,EAxTd,SAA2B5b,EAAQ6b,GAC/B,MAAM9b,EAASmD,EAAmClD,GAClD,IAGI8b,EACAC,EACAC,EACAC,EACAC,EAPAC,GAAU,EACVC,GAAY,EACZC,GAAY,EAMhB,MAAMC,EAAgBngB,GAAWJ,IAC7BmgB,EAAuBngB,CAAO,IAElC,SAASgS,IACL,OAAIoO,IAGJA,GAAU,EAuCV7X,EAAgCvE,EAtCZ,CAChB4D,YAAarH,IAITgB,GAAe,KACX6e,GAAU,EACV,MAAMI,EAASjgB,EACTkgB,EAASlgB,EAMV8f,GACD3C,GAAuCuC,EAAQnX,0BAA2B0X,GAEzEF,GACD5C,GAAuCwC,EAAQpX,0BAA2B2X,KAEhF,EAEN9Y,YAAa,KACTyY,GAAU,EACLC,GACD5C,GAAqCwC,EAAQnX,2BAE5CwX,GACD7C,GAAqCyC,EAAQpX,2BAE5CuX,GAAcC,GACfH,OAAqBnf,IAG7BwH,YAAa,KACT4X,GAAU,CAAK,KAtCZ9f,OAAoBU,GAgEnC,SAAS+Q,KAYT,OATAkO,EAAUS,GAAqB3O,EAAgBC,GAvB/C,SAA0BvR,GAGtB,GAFA4f,GAAY,EACZN,EAAUtf,EACN6f,EAAW,CACX,MAAMK,EAAkBtV,GAAoB,CAAC0U,EAASC,IAChDY,EAAejc,GAAqBV,EAAQ0c,GAClDR,EAAqBS,GAEzB,OAAOL,KAgBXL,EAAUQ,GAAqB3O,EAAgBC,GAd/C,SAA0BvR,GAGtB,GAFA6f,GAAY,EACZN,EAAUvf,EACN4f,EAAW,CACX,MAAMM,EAAkBtV,GAAoB,CAAC0U,EAASC,IAChDY,EAAejc,GAAqBV,EAAQ0c,GAClDR,EAAqBS,GAEzB,OAAOL,KAOXrf,EAAc8C,EAAOiB,gBAAiBmN,IAClCuL,GAAqCsC,EAAQnX,0BAA2BsJ,GACxEuL,GAAqCuC,EAAQpX,0BAA2BsJ,GACnEiO,GAAcC,GACfH,OAAqBnf,MAGtB,CAACif,EAASC,EACrB,CA4NyBW,CAAkBxe,MACnC,OAAOgJ,GAAoBwU,GAE/BiB,OAAO3B,EAAane,WAChB,IAAKkG,GAAiB7E,MAClB,MAAM4c,GAA4B,UAGtC,OA1jFR,SAA4Chb,EAAQsF,GAChD,MAAMvF,EAASmD,EAAmClD,GAC5C8c,EAAO,IAAIzX,GAAgCtF,EAAQuF,GACnDvK,EAAW2J,OAAOuE,OAAOhD,IAE/B,OADAlL,EAASoL,mBAAqB2W,EACvB/hB,CACX,CAojFegiB,CAAmC3e,KAvKlD,SAAgCmc,EAASrY,GAGrC,OAFAF,EAAiBuY,EAASrY,GAEnB,CAAEoD,iBADaiV,aAAyC,EAASA,EAAQjV,eAEpF,CAkKwB0X,CAAuB9B,EAAY,mBACK5V,gBA2BhE,SAASmX,GAAqB3O,EAAgBC,EAAeC,EAAiBH,EAAgB,EAAGyC,EAAgB,KAAM,IACnH,MAAMtQ,EAAS0E,OAAOuE,OAAOyR,GAAe9e,WAC5Ckf,GAAyB9a,GAGzB,OADA+Z,GAAqC/Z,EADlB0E,OAAOuE,OAAOkQ,GAAgCvd,WACRkS,EAAgBC,EAAeC,EAAiBH,EAAeyC,GACjHtQ,CACX,CACA,SAAS8a,GAAyB9a,GAC9BA,EAAOG,OAAS,WAChBH,EAAOE,aAAUnD,EACjBiD,EAAOQ,kBAAezD,EACtBiD,EAAO4E,YAAa,CACxB,CACA,SAAS3B,GAAiB1H,GACtB,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,4BAIjD,CACA,SAASwI,GAAuB/D,GAC5B,YAAuBjD,IAAnBiD,EAAOE,OAIf,CAEA,SAASQ,GAAqBV,EAAQxD,GAElC,GADAwD,EAAO4E,YAAa,EACE,WAAlB5E,EAAOG,OACP,OAAO9D,OAAoBU,GAE/B,GAAsB,YAAlBiD,EAAOG,OACP,OAAO5D,EAAoByD,EAAOQ,cAEtCoJ,GAAoB5J,GAEpB,OAAO9C,EADqB8C,EAAO6E,0BAA0BxD,GAAa7E,GACzBvB,EACrD,CACA,SAAS2O,GAAoB5J,GACzBA,EAAOG,OAAS,SAChB,MAAMJ,EAASC,EAAOE,aACPnD,IAAXgD,IAGJM,EAAkCN,GAC9B+D,EAA8B/D,KAC9BA,EAAOuD,cAAc/D,SAAQ8D,IACzBA,EAAYK,aAAa,IAE7B3D,EAAOuD,cAAgB,IAAIpF,GAEnC,CACA,SAASuP,GAAoBzN,EAAQwE,GACjCxE,EAAOG,OAAS,UAChBH,EAAOQ,aAAegE,EACtB,MAAMzE,EAASC,EAAOE,aACPnD,IAAXgD,IAGJa,EAAiCb,EAAQyE,GACrCV,EAA8B/D,IAC9BA,EAAOuD,cAAc/D,SAAQ8D,IACzBA,EAAYkB,YAAYC,EAAE,IAE9BzE,EAAOuD,cAAgB,IAAIpF,IAG3B6B,EAAO4L,kBAAkBpM,SAAQmM,IAC7BA,EAAgBnH,YAAYC,EAAE,IAElCzE,EAAO4L,kBAAoB,IAAIzN,GAEvC,CAEA,SAAS8c,GAA4Bja,GACjC,OAAO,IAAIjD,UAAU,4BAA4BiD,yCACrD,CAEA,SAASkc,GAA2B7N,EAAMlN,GACtCF,EAAiBoN,EAAMlN,GACvB,MAAM2L,EAAgBuB,aAAmC,EAASA,EAAKvB,cAEvE,OADArL,EAAoBqL,EAAe,gBAAiB,uBAC7C,CACHA,cAAenL,EAA0BmL,GAEjD,CAhHAnJ,OAAOK,iBAAiB2V,GAAe9e,UAAW,CAC9CsI,OAAQ,CAAEc,YAAY,GACtBiW,UAAW,CAAEjW,YAAY,GACzBoW,YAAa,CAAEpW,YAAY,GAC3ByW,OAAQ,CAAEzW,YAAY,GACtB2W,IAAK,CAAE3W,YAAY,GACnB6X,OAAQ,CAAE7X,YAAY,GACtB6L,OAAQ,CAAE7L,YAAY,KAEgB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAewV,GAAe9e,UAAWf,EAAeoK,YAAa,CACxE3I,MAAO,iBACP6I,cAAc,IAGsB,iBAAjCtK,EAAeuK,eACtBV,OAAOQ,eAAewV,GAAe9e,UAAWf,EAAeuK,cAAe,CAC1E9I,MAAOoe,GAAe9e,UAAUihB,OAChC3F,UAAU,EACV/R,cAAc,IA+FtB,MAAM+X,GAAyB,SAAc1Z,GACzC,OAAOA,EAAM6E,UACjB,EAMA,MAAM8U,GACFhf,YAAYoc,GACRjY,EAAuBiY,EAAS,EAAG,6BACnCA,EAAU0C,GAA2B1C,EAAS,mBAC9Cnc,KAAKgf,wCAA0C7C,EAAQ1M,cAKvDA,oBACA,IAAKwP,GAA4Bjf,MAC7B,MAAMkf,GAA8B,iBAExC,OAAOlf,KAAKgf,wCAKZpW,WACA,IAAKqW,GAA4Bjf,MAC7B,MAAMkf,GAA8B,QAExC,OAAOJ,IAcf,SAASI,GAA8Bvc,GACnC,OAAO,IAAIjD,UAAU,uCAAuCiD,oDAChE,CACA,SAASsc,GAA4B9hB,GACjC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,0CAIjD,CAtBAmJ,OAAOK,iBAAiBoY,GAA0BvhB,UAAW,CACzDiS,cAAe,CAAE7I,YAAY,GAC7BgC,KAAM,CAAEhC,YAAY,KAEkB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAeiY,GAA0BvhB,UAAWf,EAAeoK,YAAa,CACnF3I,MAAO,4BACP6I,cAAc,IAiBtB,MAAMoY,GAAoB,WACtB,OAAO,CACX,EAMA,MAAMC,GACFrf,YAAYoc,GACRjY,EAAuBiY,EAAS,EAAG,wBACnCA,EAAU0C,GAA2B1C,EAAS,mBAC9Cnc,KAAKqf,mCAAqClD,EAAQ1M,cAKlDA,oBACA,IAAK6P,GAAuBtf,MACxB,MAAMuf,GAAyB,iBAEnC,OAAOvf,KAAKqf,mCAMZzW,WACA,IAAK0W,GAAuBtf,MACxB,MAAMuf,GAAyB,QAEnC,OAAOJ,IAcf,SAASI,GAAyB5c,GAC9B,OAAO,IAAIjD,UAAU,kCAAkCiD,+CAC3D,CACA,SAAS2c,GAAuBniB,GAC5B,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,qCAIjD,CAuBA,SAASqiB,GAAgCngB,EAAI8R,EAAUrN,GAEnD,OADAC,EAAe1E,EAAIyE,GACX6F,GAAe9J,EAAYR,EAAI8R,EAAU,CAACxH,GACtD,CACA,SAAS8V,GAAgCpgB,EAAI8R,EAAUrN,GAEnD,OADAC,EAAe1E,EAAIyE,GACX6F,GAAerK,EAAYD,EAAI8R,EAAU,CAACxH,GACtD,CACA,SAAS+V,GAAoCrgB,EAAI8R,EAAUrN,GAEvD,OADAC,EAAe1E,EAAIyE,GACZ,CAACsB,EAAOuE,IAAe9J,EAAYR,EAAI8R,EAAU,CAAC/L,EAAOuE,GACpE,CAxDArD,OAAOK,iBAAiByY,GAAqB5hB,UAAW,CACpDiS,cAAe,CAAE7I,YAAY,GAC7BgC,KAAM,CAAEhC,YAAY,KAEkB,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAesY,GAAqB5hB,UAAWf,EAAeoK,YAAa,CAC9E3I,MAAO,uBACP6I,cAAc,IA4DtB,MAAM4Y,GACF5f,YAAY6f,EAAiB,GAAIC,EAAsB,GAAIC,EAAsB,SACtDnhB,IAAnBihB,IACAA,EAAiB,MAErB,MAAMG,EAAmBhP,GAAuB8O,EAAqB,oBAC/DG,EAAmBjP,GAAuB+O,EAAqB,mBAC/DG,EAlDd,SAA4B9O,EAAUrN,GAClCF,EAAiBuN,EAAUrN,GAC3B,MAAMoc,EAAQ/O,aAA2C,EAASA,EAAS+O,MACrEC,EAAehP,aAA2C,EAASA,EAASgP,aAC5EtQ,EAAQsB,aAA2C,EAASA,EAAStB,MACrEqN,EAAY/L,aAA2C,EAASA,EAAS+L,UACzEkD,EAAejP,aAA2C,EAASA,EAASiP,aAClF,MAAO,CACHF,WAAiBvhB,IAAVuhB,OACHvhB,EACA6gB,GAAgCU,EAAO/O,EAAarN,EAAH,4BACrDqc,eACAtQ,WAAiBlR,IAAVkR,OACHlR,EACA8gB,GAAgC5P,EAAOsB,EAAarN,EAAH,4BACrDoZ,eAAyBve,IAAdue,OACPve,EACA+gB,GAAoCxC,EAAW/L,EAAarN,EAAH,gCAC7Dsc,eAER,CA8B4BC,CAAmBT,EAAgB,mBACvD,QAAiCjhB,IAA7BshB,EAAYE,aACZ,MAAM,IAAIrX,WAAW,kCAEzB,QAAiCnK,IAA7BshB,EAAYG,aACZ,MAAM,IAAItX,WAAW,kCAEzB,MAAMwX,EAAwB3P,GAAqBqP,EAAkB,GAC/DO,EAAwBzP,GAAqBkP,GAC7CQ,EAAwB7P,GAAqBoP,EAAkB,GAC/DU,EAAwB3P,GAAqBiP,GACnD,IAAIW,GA0CZ,SAAmC9e,EAAQ+e,EAAcH,EAAuBC,EAAuBH,EAAuBC,GAC1H,SAAS7Q,IACL,OAAOiR,EAEX,SAASvO,EAAehN,GACpB,OAoMR,SAAkDxD,EAAQwD,GACtD,MAAMuE,EAAa/H,EAAOgf,2BAC1B,GAAIhf,EAAO6R,cAAe,CAEtB,OAAO3U,EAD2B8C,EAAOif,4BACc,KACnD,MAAM/H,EAAWlX,EAAOkf,UAExB,GAAc,aADAhI,EAAS/W,OAEnB,MAAM+W,EAAS1W,aAEnB,OAAO2e,GAAiDpX,EAAYvE,EAAM,IAGlF,OAAO2b,GAAiDpX,EAAYvE,EACxE,CAlNe4b,CAAyCpf,EAAQwD,GAE5D,SAASkN,EAAelU,GACpB,OAgNR,SAAkDwD,EAAQxD,GAItD,OADA6iB,GAAqBrf,EAAQxD,GACtBH,OAAoBU,EAC/B,CArNeuiB,CAAyCtf,EAAQxD,GAE5D,SAASiU,IACL,OAmNR,SAAkDzQ,GAE9C,MAAMub,EAAWvb,EAAOuf,UAClBxX,EAAa/H,EAAOgf,2BACpBQ,EAAezX,EAAW0X,kBAGhC,OAFAC,GAAgD3X,GAEzC7K,EAAqBsiB,GAAc,KACtC,GAAwB,YAApBjE,EAASpb,OACT,MAAMob,EAAS/a,aAEnBgZ,GAAqC+B,EAAS1W,0BAA0B,IACzEsJ,IAEC,MADAkR,GAAqBrf,EAAQmO,GACvBoN,EAAS/a,YAAY,GAEnC,CAnOemf,CAAyC3f,GAGpD,SAAS+N,IACL,OAiOR,SAAmD/N,GAI/C,OAFA4f,GAA+B5f,GAAQ,GAEhCA,EAAOif,0BAClB,CAtOeY,CAA0C7f,GAErD,SAASgO,EAAgBxR,GAErB,OADAsjB,GAA4C9f,EAAQxD,GAC7CH,OAAoBU,GAN/BiD,EAAOkf,UAl4DX,SAA8BpR,EAAgB0C,EAAgBC,EAAgBC,EAAgB7C,EAAgB,EAAGyC,EAAgB,KAAM,IACnI,MAAMtQ,EAAS0E,OAAOuE,OAAO4G,GAAejU,WAI5C,OAHAyU,GAAyBrQ,GAEzB2Q,GAAqC3Q,EADlB0E,OAAOuE,OAAOsH,GAAgC3U,WACRkS,EAAgB0C,EAAgBC,EAAgBC,EAAgB7C,EAAeyC,GACjItQ,CACX,CA43DuB+f,CAAqBjS,EAAgB0C,EAAgBC,EAAgBC,EAAgBkO,EAAuBC,GAQ/H7e,EAAOuf,UAAY9C,GAAqB3O,EAAgBC,EAAeC,EAAiB0Q,EAAuBC,GAE/G3e,EAAO6R,mBAAgB9U,EACvBiD,EAAOif,gCAA6BliB,EACpCiD,EAAOggB,wCAAqCjjB,EAC5C6iB,GAA+B5f,GAAQ,GACvCA,EAAOgf,gCAA6BjiB,CACxC,CAlEQkjB,CAA0B7hB,KAHLjC,GAAWJ,IAC5B+iB,EAAuB/iB,CAAO,IAEY6iB,EAAuBC,EAAuBH,EAAuBC,GAgL3H,SAA8D3e,EAAQqe,GAClE,MAAMtW,EAAarD,OAAOuE,OAAOiX,GAAiCtkB,WAClE,IAAIukB,EAAsB3c,IACtB,IAEI,OADA4c,GAAwCrY,EAAYvE,GAC7CnH,OAAoBU,GAE/B,MAAOsjB,GACH,OAAO9jB,EAAoB8jB,KAG/BC,EAAiB,IAAMjkB,OAAoBU,QACjBA,IAA1BshB,EAAY/C,YACZ6E,EAAqB3c,GAAS6a,EAAY/C,UAAU9X,EAAOuE,SAErChL,IAAtBshB,EAAYC,QACZgC,EAAiB,IAAMjC,EAAYC,MAAMvW,KAtBjD,SAA+C/H,EAAQ+H,EAAYoY,EAAoBG,GACnFvY,EAAWwY,2BAA6BvgB,EACxCA,EAAOgf,2BAA6BjX,EACpCA,EAAWyY,oBAAsBL,EACjCpY,EAAW0X,gBAAkBa,CACjC,CAmBIG,CAAsCzgB,EAAQ+H,EAAYoY,EAAoBG,EAClF,CAlMQI,CAAqDtiB,KAAMigB,QACjCthB,IAAtBshB,EAAYpQ,MACZ6Q,EAAqBT,EAAYpQ,MAAM7P,KAAK4gB,6BAG5CF,OAAqB/hB,GAMzBwe,eACA,IAAKoF,GAAkBviB,MACnB,MAAMwiB,GAA0B,YAEpC,OAAOxiB,KAAKmhB,UAKZrI,eACA,IAAKyJ,GAAkBviB,MACnB,MAAMwiB,GAA0B,YAEpC,OAAOxiB,KAAK8gB,WA0CpB,SAASyB,GAAkBplB,GACvB,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,6BAIjD,CAEA,SAAS8jB,GAAqBrf,EAAQwE,GAClCkV,GAAqC1Z,EAAOuf,UAAU1a,0BAA2BL,GACjFsb,GAA4C9f,EAAQwE,EACxD,CACA,SAASsb,GAA4C9f,EAAQwE,GACzDkb,GAAgD1f,EAAOgf,4BACvD/J,GAA6CjV,EAAOkf,UAAU3N,0BAA2B/M,GACrFxE,EAAO6R,eAIP+N,GAA+B5f,GAAQ,EAE/C,CACA,SAAS4f,GAA+B5f,EAAQoT,QAEFrW,IAAtCiD,EAAOif,4BACPjf,EAAOggB,qCAEXhgB,EAAOif,2BAA6B9iB,GAAWJ,IAC3CiE,EAAOggB,mCAAqCjkB,CAAO,IAEvDiE,EAAO6R,cAAgBuB,CAC3B,CAxEA1O,OAAOK,iBAAiBgZ,GAAgBniB,UAAW,CAC/C2f,SAAU,CAAEvW,YAAY,GACxBkS,SAAU,CAAElS,YAAY,KAEc,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAe6Y,GAAgBniB,UAAWf,EAAeoK,YAAa,CACzE3I,MAAO,kBACP6I,cAAc,IAwEtB,MAAM+a,GACF/hB,cACI,MAAM,IAAIL,UAAU,uBAKpBsL,kBACA,IAAKyX,GAAmCziB,MACpC,MAAM0iB,GAAqC,eAG/C,OAAOxH,GADoBlb,KAAKmiB,2BAA2BhB,UAAU1a,2BAGzEiF,QAAQtG,EAAQzG,WACZ,IAAK8jB,GAAmCziB,MACpC,MAAM0iB,GAAqC,WAE/CV,GAAwChiB,KAAMoF,GAMlD6G,MAAM7N,EAASO,WACX,IAAK8jB,GAAmCziB,MACpC,MAAM0iB,GAAqC,SAwFvD,IAA2Dtc,IAtFPhI,EAuFhD6iB,GAvF0CjhB,KAuFVmiB,2BAA4B/b,GAjF5Duc,YACI,IAAKF,GAAmCziB,MACpC,MAAM0iB,GAAqC,cAwFvD,SAAmD/Y,GAC/C,MAAM/H,EAAS+H,EAAWwY,2BAE1B/G,GAD2BxZ,EAAOuf,UAAU1a,2BAG5Cib,GAA4C9f,EAD9B,IAAIlC,UAAU,8BAEhC,CA5FQkjB,CAA0C5iB,OAgBlD,SAASyiB,GAAmCtlB,GACxC,QAAKD,EAAaC,MAGbmJ,OAAO9I,UAAU+I,eAAe9H,KAAKtB,EAAG,6BAIjD,CA2BA,SAASmkB,GAAgD3X,GACrDA,EAAWyY,yBAAsBzjB,EACjCgL,EAAW0X,qBAAkB1iB,CACjC,CACA,SAASqjB,GAAwCrY,EAAYvE,GACzD,MAAMxD,EAAS+H,EAAWwY,2BACpBU,EAAqBjhB,EAAOuf,UAAU1a,0BAC5C,IAAK0U,GAAiD0H,GAClD,MAAM,IAAInjB,UAAU,wDAIxB,IACI2b,GAAuCwH,EAAoBzd,GAE/D,MAAOgB,GAGH,MADAsb,GAA4C9f,EAAQwE,GAC9CxE,EAAOuf,UAAU/e,aAE3B,MAAM4S,EAz3BV,SAAwDrL,GACpD,OAAI+R,GAA8C/R,EAItD,CAo3ByBmZ,CAA+CD,GAChE7N,IAAiBpT,EAAO6R,eACxB+N,GAA+B5f,GAAQ,EAE/C,CAIA,SAASmf,GAAiDpX,EAAYvE,GAElE,OAAOtG,EADkB6K,EAAWyY,oBAAoBhd,QACVzG,GAAWoR,IAErD,MADAkR,GAAqBtX,EAAWwY,2BAA4BpS,GACtDA,CAAC,GAEf,CAuDA,SAAS2S,GAAqC/f,GAC1C,OAAO,IAAIjD,UAAU,8CAA8CiD,2DACvE,CAEA,SAAS6f,GAA0B7f,GAC/B,OAAO,IAAIjD,UAAU,6BAA6BiD,0CACtD,CA/IA2D,OAAOK,iBAAiBmb,GAAiCtkB,UAAW,CAChEkO,QAAS,CAAE9E,YAAY,GACvBqF,MAAO,CAAErF,YAAY,GACrB+b,UAAW,CAAE/b,YAAY,GACzBoE,YAAa,CAAEpE,YAAY,KAEW,iBAA/BnK,EAAeoK,aACtBP,OAAOQ,eAAegb,GAAiCtkB,UAAWf,EAAeoK,YAAa,CAC1F3I,MAAO,mCACP6I,cAAc"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.mjs b/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.mjs deleted file mode 100644 index ce6dd54b1..000000000 --- a/app/node_modules/openpgp/dist/lightweight/ponyfill.es6.mjs +++ /dev/null @@ -1,3831 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -/** - * web-streams-polyfill v3.0.3 - */ -/// -const SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? - Symbol : - description => `Symbol(${description})`; - -/// -function noop() { - return undefined; -} -function getGlobals() { - if (typeof self !== 'undefined') { - return self; - } - else if (typeof window !== 'undefined') { - return window; - } - else if (typeof global !== 'undefined') { - return global; - } - return undefined; -} -const globals = getGlobals(); - -function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -const rethrowAssertionErrorRejection = noop; - -const originalPromise = Promise; -const originalPromiseThen = Promise.prototype.then; -const originalPromiseResolve = Promise.resolve.bind(originalPromise); -const originalPromiseReject = Promise.reject.bind(originalPromise); -function newPromise(executor) { - return new originalPromise(executor); -} -function promiseResolvedWith(value) { - return originalPromiseResolve(value); -} -function promiseRejectedWith(reason) { - return originalPromiseReject(reason); -} -function PerformPromiseThen(promise, onFulfilled, onRejected) { - // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an - // approximation. - return originalPromiseThen.call(promise, onFulfilled, onRejected); -} -function uponPromise(promise, onFulfilled, onRejected) { - PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection); -} -function uponFulfillment(promise, onFulfilled) { - uponPromise(promise, onFulfilled); -} -function uponRejection(promise, onRejected) { - uponPromise(promise, undefined, onRejected); -} -function transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) { - return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler); -} -function setPromiseIsHandledToTrue(promise) { - PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection); -} -const queueMicrotask = (() => { - const globalQueueMicrotask = globals && globals.queueMicrotask; - if (typeof globalQueueMicrotask === 'function') { - return globalQueueMicrotask; - } - const resolvedPromise = promiseResolvedWith(undefined); - return (fn) => PerformPromiseThen(resolvedPromise, fn); -})(); -function reflectCall(F, V, args) { - if (typeof F !== 'function') { - throw new TypeError('Argument is not a function'); - } - return Function.prototype.apply.call(F, V, args); -} -function promiseCall(F, V, args) { - try { - return promiseResolvedWith(reflectCall(F, V, args)); - } - catch (value) { - return promiseRejectedWith(value); - } -} - -// Original from Chromium -// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js -const QUEUE_MAX_ARRAY_SIZE = 16384; -/** - * Simple queue structure. - * - * Avoids scalability issues with using a packed array directly by using - * multiple arrays in a linked list and keeping the array size bounded. - */ -class SimpleQueue { - constructor() { - this._cursor = 0; - this._size = 0; - // _front and _back are always defined. - this._front = { - _elements: [], - _next: undefined - }; - this._back = this._front; - // The cursor is used to avoid calling Array.shift(). - // It contains the index of the front element of the array inside the - // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE). - this._cursor = 0; - // When there is only one node, size === elements.length - cursor. - this._size = 0; - } - get length() { - return this._size; - } - // For exception safety, this method is structured in order: - // 1. Read state - // 2. Calculate required state mutations - // 3. Perform state mutations - push(element) { - const oldBack = this._back; - let newBack = oldBack; - if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) { - newBack = { - _elements: [], - _next: undefined - }; - } - // push() is the mutation most likely to throw an exception, so it - // goes first. - oldBack._elements.push(element); - if (newBack !== oldBack) { - this._back = newBack; - oldBack._next = newBack; - } - ++this._size; - } - // Like push(), shift() follows the read -> calculate -> mutate pattern for - // exception safety. - shift() { // must not be called on an empty queue - const oldFront = this._front; - let newFront = oldFront; - const oldCursor = this._cursor; - let newCursor = oldCursor + 1; - const elements = oldFront._elements; - const element = elements[oldCursor]; - if (newCursor === QUEUE_MAX_ARRAY_SIZE) { - newFront = oldFront._next; - newCursor = 0; - } - // No mutations before this point. - --this._size; - this._cursor = newCursor; - if (oldFront !== newFront) { - this._front = newFront; - } - // Permit shifted element to be garbage collected. - elements[oldCursor] = undefined; - return element; - } - // The tricky thing about forEach() is that it can be called - // re-entrantly. The queue may be mutated inside the callback. It is easy to - // see that push() within the callback has no negative effects since the end - // of the queue is checked for on every iteration. If shift() is called - // repeatedly within the callback then the next iteration may return an - // element that has been removed. In this case the callback will be called - // with undefined values until we either "catch up" with elements that still - // exist or reach the back of the queue. - forEach(callback) { - let i = this._cursor; - let node = this._front; - let elements = node._elements; - while (i !== elements.length || node._next !== undefined) { - if (i === elements.length) { - node = node._next; - elements = node._elements; - i = 0; - if (elements.length === 0) { - break; - } - } - callback(elements[i]); - ++i; - } - } - // Return the element that would be returned if shift() was called now, - // without modifying the queue. - peek() { // must not be called on an empty queue - const front = this._front; - const cursor = this._cursor; - return front._elements[cursor]; - } -} - -function ReadableStreamReaderGenericInitialize(reader, stream) { - reader._ownerReadableStream = stream; - stream._reader = reader; - if (stream._state === 'readable') { - defaultReaderClosedPromiseInitialize(reader); - } - else if (stream._state === 'closed') { - defaultReaderClosedPromiseInitializeAsResolved(reader); - } - else { - defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError); - } -} -// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state -// check. -function ReadableStreamReaderGenericCancel(reader, reason) { - const stream = reader._ownerReadableStream; - return ReadableStreamCancel(stream, reason); -} -function ReadableStreamReaderGenericRelease(reader) { - if (reader._ownerReadableStream._state === 'readable') { - defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - else { - defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - reader._ownerReadableStream._reader = undefined; - reader._ownerReadableStream = undefined; -} -// Helper functions for the readers. -function readerLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released reader'); -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderClosedPromiseInitialize(reader) { - reader._closedPromise = newPromise((resolve, reject) => { - reader._closedPromise_resolve = resolve; - reader._closedPromise_reject = reject; - }); -} -function defaultReaderClosedPromiseInitializeAsRejected(reader, reason) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseReject(reader, reason); -} -function defaultReaderClosedPromiseInitializeAsResolved(reader) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseResolve(reader); -} -function defaultReaderClosedPromiseReject(reader, reason) { - if (reader._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(reader._closedPromise); - reader._closedPromise_reject(reason); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -function defaultReaderClosedPromiseResetToRejected(reader, reason) { - defaultReaderClosedPromiseInitializeAsRejected(reader, reason); -} -function defaultReaderClosedPromiseResolve(reader) { - if (reader._closedPromise_resolve === undefined) { - return; - } - reader._closedPromise_resolve(undefined); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} - -const AbortSteps = SymbolPolyfill('[[AbortSteps]]'); -const ErrorSteps = SymbolPolyfill('[[ErrorSteps]]'); -const CancelSteps = SymbolPolyfill('[[CancelSteps]]'); -const PullSteps = SymbolPolyfill('[[PullSteps]]'); - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill -const NumberIsFinite = Number.isFinite || function (x) { - return typeof x === 'number' && isFinite(x); -}; - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill -const MathTrunc = Math.trunc || function (v) { - return v < 0 ? Math.ceil(v) : Math.floor(v); -}; - -// https://heycam.github.io/webidl/#idl-dictionaries -function isDictionary(x) { - return typeof x === 'object' || typeof x === 'function'; -} -function assertDictionary(obj, context) { - if (obj !== undefined && !isDictionary(obj)) { - throw new TypeError(`${context} is not an object.`); - } -} -// https://heycam.github.io/webidl/#idl-callback-functions -function assertFunction(x, context) { - if (typeof x !== 'function') { - throw new TypeError(`${context} is not a function.`); - } -} -// https://heycam.github.io/webidl/#idl-object -function isObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -function assertObject(x, context) { - if (!isObject(x)) { - throw new TypeError(`${context} is not an object.`); - } -} -function assertRequiredArgument(x, position, context) { - if (x === undefined) { - throw new TypeError(`Parameter ${position} is required in '${context}'.`); - } -} -function assertRequiredField(x, field, context) { - if (x === undefined) { - throw new TypeError(`${field} is required in '${context}'.`); - } -} -// https://heycam.github.io/webidl/#idl-unrestricted-double -function convertUnrestrictedDouble(value) { - return Number(value); -} -function censorNegativeZero(x) { - return x === 0 ? 0 : x; -} -function integerPart(x) { - return censorNegativeZero(MathTrunc(x)); -} -// https://heycam.github.io/webidl/#idl-unsigned-long-long -function convertUnsignedLongLongWithEnforceRange(value, context) { - const lowerBound = 0; - const upperBound = Number.MAX_SAFE_INTEGER; - let x = Number(value); - x = censorNegativeZero(x); - if (!NumberIsFinite(x)) { - throw new TypeError(`${context} is not a finite number`); - } - x = integerPart(x); - if (x < lowerBound || x > upperBound) { - throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`); - } - if (!NumberIsFinite(x) || x === 0) { - return 0; - } - // TODO Use BigInt if supported? - // let xBigInt = BigInt(integerPart(x)); - // xBigInt = BigInt.asUintN(64, xBigInt); - // return Number(xBigInt); - return x; -} - -function assertReadableStream(x, context) { - if (!IsReadableStream(x)) { - throw new TypeError(`${context} is not a ReadableStream.`); - } -} - -// Abstract operations for the ReadableStream. -function AcquireReadableStreamDefaultReader(stream) { - return new ReadableStreamDefaultReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadRequest(stream, readRequest) { - stream._reader._readRequests.push(readRequest); -} -function ReadableStreamFulfillReadRequest(stream, chunk, done) { - const reader = stream._reader; - const readRequest = reader._readRequests.shift(); - if (done) { - readRequest._closeSteps(); - } - else { - readRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadRequests(stream) { - return stream._reader._readRequests.length; -} -function ReadableStreamHasDefaultReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamDefaultReader(reader)) { - return false; - } - return true; -} -/** - * A default reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamDefaultReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, - * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } - /** - * Returns a promise that allows access to the next chunk from the stream's internal queue, if available. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('read')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: () => resolvePromise({ value: undefined, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamDefaultReaderRead(this, readRequest); - return promise; - } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamDefaultReader(this)) { - throw defaultReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamDefaultReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamDefaultReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) { - return false; - } - return true; -} -function ReadableStreamDefaultReaderRead(reader, readRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'closed') { - readRequest._closeSteps(); - } - else if (stream._state === 'errored') { - readRequest._errorSteps(stream._storedError); - } - else { - stream._readableStreamController[PullSteps](readRequest); - } -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`); -} - -/// -let AsyncIteratorPrototype; -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - // We're running inside a ES2018+ environment, but we're compiling to an older syntax. - // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it. - AsyncIteratorPrototype = { - // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( ) - // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator - [SymbolPolyfill.asyncIterator]() { - return this; - } - }; - Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false }); -} - -/// -class ReadableStreamAsyncIteratorImpl { - constructor(reader, preventCancel) { - this._ongoingPromise = undefined; - this._isFinished = false; - this._reader = reader; - this._preventCancel = preventCancel; - } - next() { - const nextSteps = () => this._nextSteps(); - this._ongoingPromise = this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) : - nextSteps(); - return this._ongoingPromise; - } - return(value) { - const returnSteps = () => this._returnSteps(value); - return this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) : - returnSteps(); - } - _nextSteps() { - if (this._isFinished) { - return Promise.resolve({ value: undefined, done: true }); - } - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('iterate')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => { - this._ongoingPromise = undefined; - // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test. - // FIXME Is this a bug in the specification, or in the test? - queueMicrotask(() => resolvePromise({ value: chunk, done: false })); - }, - _closeSteps: () => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - resolvePromise({ value: undefined, done: true }); - }, - _errorSteps: reason => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - rejectPromise(reason); - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promise; - } - _returnSteps(value) { - if (this._isFinished) { - return Promise.resolve({ value, done: true }); - } - this._isFinished = true; - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('finish iterating')); - } - if (!this._preventCancel) { - const result = ReadableStreamReaderGenericCancel(reader, value); - ReadableStreamReaderGenericRelease(reader); - return transformPromiseWith(result, () => ({ value, done: true })); - } - ReadableStreamReaderGenericRelease(reader); - return promiseResolvedWith({ value, done: true }); - } -} -const ReadableStreamAsyncIteratorPrototype = { - next() { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next')); - } - return this._asyncIteratorImpl.next(); - }, - return(value) { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return')); - } - return this._asyncIteratorImpl.return(value); - } -}; -if (AsyncIteratorPrototype !== undefined) { - Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype); -} -// Abstract operations for the ReadableStream. -function AcquireReadableStreamAsyncIterator(stream, preventCancel) { - const reader = AcquireReadableStreamDefaultReader(stream); - const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel); - const iterator = Object.create(ReadableStreamAsyncIteratorPrototype); - iterator._asyncIteratorImpl = impl; - return iterator; -} -function IsReadableStreamAsyncIterator(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) { - return false; - } - return true; -} -// Helper functions for the ReadableStream. -function streamAsyncIteratorBrandCheckException(name) { - return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`); -} - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill -const NumberIsNaN = Number.isNaN || function (x) { - // eslint-disable-next-line no-self-compare - return x !== x; -}; - -function IsFiniteNonNegativeNumber(v) { - if (!IsNonNegativeNumber(v)) { - return false; - } - if (v === Infinity) { - return false; - } - return true; -} -function IsNonNegativeNumber(v) { - if (typeof v !== 'number') { - return false; - } - if (NumberIsNaN(v)) { - return false; - } - if (v < 0) { - return false; - } - return true; -} - -function DequeueValue(container) { - const pair = container._queue.shift(); - container._queueTotalSize -= pair.size; - if (container._queueTotalSize < 0) { - container._queueTotalSize = 0; - } - return pair.value; -} -function EnqueueValueWithSize(container, value, size) { - size = Number(size); - if (!IsFiniteNonNegativeNumber(size)) { - throw new RangeError('Size must be a finite, non-NaN, non-negative number.'); - } - container._queue.push({ value, size }); - container._queueTotalSize += size; -} -function PeekQueueValue(container) { - const pair = container._queue.peek(); - return pair.value; -} -function ResetQueue(container) { - container._queue = new SimpleQueue(); - container._queueTotalSize = 0; -} - -function CreateArrayFromList(elements) { - // We use arrays to represent lists, so this is basically a no-op. - // Do a slice though just in case we happen to depend on the unique-ness. - return elements.slice(); -} -function CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) { - new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset); -} -// Not implemented correctly -function TransferArrayBuffer(O) { - return O; -} -// Not implemented correctly -function IsDetachedBuffer(O) { - return false; -} - -/** - * A pull-into request in a {@link ReadableByteStreamController}. - * - * @public - */ -class ReadableStreamBYOBRequest { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the view for writing in to, or `null` if the BYOB request has already been responded to. - */ - get view() { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('view'); - } - return this._view; - } - respond(bytesWritten) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respond'); - } - assertRequiredArgument(bytesWritten, 1, 'respond'); - bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter'); - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - if (IsDetachedBuffer(this._view.buffer)) ; - ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten); - } - respondWithNewView(view) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respondWithNewView'); - } - assertRequiredArgument(view, 1, 'respondWithNewView'); - if (!ArrayBuffer.isView(view)) { - throw new TypeError('You can only respond with array buffer views'); - } - if (view.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (view.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view); - } -} -Object.defineProperties(ReadableStreamBYOBRequest.prototype, { - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, - view: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBRequest', - configurable: true - }); -} -/** - * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue. - * - * @public - */ -class ReadableByteStreamController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the current BYOB pull request, or `null` if there isn't one. - */ - get byobRequest() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('byobRequest'); - } - if (this._byobRequest === null && this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled); - const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype); - SetUpReadableStreamBYOBRequest(byobRequest, this, view); - this._byobRequest = byobRequest; - } - return this._byobRequest; - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('desiredSize'); - } - return ReadableByteStreamControllerGetDesiredSize(this); - } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('close'); - } - if (this._closeRequested) { - throw new TypeError('The stream has already been closed; do not close it again!'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`); - } - ReadableByteStreamControllerClose(this); - } - enqueue(chunk) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('enqueue'); - } - assertRequiredArgument(chunk, 1, 'enqueue'); - if (!ArrayBuffer.isView(chunk)) { - throw new TypeError('chunk must be an array buffer view'); - } - if (chunk.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (chunk.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._closeRequested) { - throw new TypeError('stream is closed or draining'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`); - } - ReadableByteStreamControllerEnqueue(this, chunk); - } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('error'); - } - ReadableByteStreamControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - if (this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - firstDescriptor.bytesFilled = 0; - } - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableByteStreamControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableByteStream; - if (this._queueTotalSize > 0) { - const entry = this._queue.shift(); - this._queueTotalSize -= entry.byteLength; - ReadableByteStreamControllerHandleQueueDrain(this); - const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength); - readRequest._chunkSteps(view); - return; - } - const autoAllocateChunkSize = this._autoAllocateChunkSize; - if (autoAllocateChunkSize !== undefined) { - let buffer; - try { - buffer = new ArrayBuffer(autoAllocateChunkSize); - } - catch (bufferE) { - readRequest._errorSteps(bufferE); - return; - } - const pullIntoDescriptor = { - buffer, - byteOffset: 0, - byteLength: autoAllocateChunkSize, - bytesFilled: 0, - elementSize: 1, - viewConstructor: Uint8Array, - readerType: 'default' - }; - this._pendingPullIntos.push(pullIntoDescriptor); - } - ReadableStreamAddReadRequest(stream, readRequest); - ReadableByteStreamControllerCallPullIfNeeded(this); - } -} -Object.defineProperties(ReadableByteStreamController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableByteStreamController', - configurable: true - }); -} -// Abstract operations for the ReadableByteStreamController. -function IsReadableByteStreamController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) { - return false; - } - return true; -} -function IsReadableStreamBYOBRequest(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) { - return false; - } - return true; -} -function ReadableByteStreamControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableByteStreamControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - // TODO: Test controller argument - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableByteStreamControllerError(controller, e); - }); -} -function ReadableByteStreamControllerClearPendingPullIntos(controller) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - controller._pendingPullIntos = new SimpleQueue(); -} -function ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) { - let done = false; - if (stream._state === 'closed') { - done = true; - } - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - if (pullIntoDescriptor.readerType === 'default') { - ReadableStreamFulfillReadRequest(stream, filledView, done); - } - else { - ReadableStreamFulfillReadIntoRequest(stream, filledView, done); - } -} -function ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) { - const bytesFilled = pullIntoDescriptor.bytesFilled; - const elementSize = pullIntoDescriptor.elementSize; - return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize); -} -function ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) { - controller._queue.push({ buffer, byteOffset, byteLength }); - controller._queueTotalSize += byteLength; -} -function ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) { - const elementSize = pullIntoDescriptor.elementSize; - const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize; - const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled); - const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy; - const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize; - let totalBytesToCopyRemaining = maxBytesToCopy; - let ready = false; - if (maxAlignedBytes > currentAlignedBytes) { - totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled; - ready = true; - } - const queue = controller._queue; - while (totalBytesToCopyRemaining > 0) { - const headOfQueue = queue.peek(); - const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength); - const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy); - if (headOfQueue.byteLength === bytesToCopy) { - queue.shift(); - } - else { - headOfQueue.byteOffset += bytesToCopy; - headOfQueue.byteLength -= bytesToCopy; - } - controller._queueTotalSize -= bytesToCopy; - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor); - totalBytesToCopyRemaining -= bytesToCopy; - } - return ready; -} -function ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - pullIntoDescriptor.bytesFilled += size; -} -function ReadableByteStreamControllerHandleQueueDrain(controller) { - if (controller._queueTotalSize === 0 && controller._closeRequested) { - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(controller._controlledReadableByteStream); - } - else { - ReadableByteStreamControllerCallPullIfNeeded(controller); - } -} -function ReadableByteStreamControllerInvalidateBYOBRequest(controller) { - if (controller._byobRequest === null) { - return; - } - controller._byobRequest._associatedReadableByteStreamController = undefined; - controller._byobRequest._view = null; - controller._byobRequest = null; -} -function ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) { - while (controller._pendingPullIntos.length > 0) { - if (controller._queueTotalSize === 0) { - return; - } - const pullIntoDescriptor = controller._pendingPullIntos.peek(); - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) { - const stream = controller._controlledReadableByteStream; - let elementSize = 1; - if (view.constructor !== DataView) { - elementSize = view.constructor.BYTES_PER_ELEMENT; - } - const ctor = view.constructor; - const buffer = TransferArrayBuffer(view.buffer); - const pullIntoDescriptor = { - buffer, - byteOffset: view.byteOffset, - byteLength: view.byteLength, - bytesFilled: 0, - elementSize, - viewConstructor: ctor, - readerType: 'byob' - }; - if (controller._pendingPullIntos.length > 0) { - controller._pendingPullIntos.push(pullIntoDescriptor); - // No ReadableByteStreamControllerCallPullIfNeeded() call since: - // - No change happens on desiredSize - // - The source has already been notified of that there's at least 1 pending read(view) - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - return; - } - if (stream._state === 'closed') { - const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0); - readIntoRequest._closeSteps(emptyView); - return; - } - if (controller._queueTotalSize > 0) { - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - ReadableByteStreamControllerHandleQueueDrain(controller); - readIntoRequest._chunkSteps(filledView); - return; - } - if (controller._closeRequested) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - readIntoRequest._errorSteps(e); - return; - } - } - controller._pendingPullIntos.push(pullIntoDescriptor); - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) { - firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer); - const stream = controller._controlledReadableByteStream; - if (ReadableStreamHasBYOBReader(stream)) { - while (ReadableStreamGetNumReadIntoRequests(stream) > 0) { - const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) { - if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) { - throw new RangeError('bytesWritten out of range'); - } - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor); - if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) { - // TODO: Figure out whether we should detach the buffer or not here. - return; - } - ReadableByteStreamControllerShiftPendingPullInto(controller); - const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize; - if (remainderSize > 0) { - const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end); - ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength); - } - pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer); - pullIntoDescriptor.bytesFilled -= remainderSize; - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); -} -function ReadableByteStreamControllerRespondInternal(controller, bytesWritten) { - const firstDescriptor = controller._pendingPullIntos.peek(); - const state = controller._controlledReadableByteStream._state; - if (state === 'closed') { - if (bytesWritten !== 0) { - throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream'); - } - ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor); - } - else { - ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerShiftPendingPullInto(controller) { - const descriptor = controller._pendingPullIntos.shift(); - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - return descriptor; -} -function ReadableByteStreamControllerShouldCallPull(controller) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return false; - } - if (controller._closeRequested) { - return false; - } - if (!controller._started) { - return false; - } - if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; - } - return false; -} -function ReadableByteStreamControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; -} -// A client of ReadableByteStreamController may use these functions directly to bypass state check. -function ReadableByteStreamControllerClose(controller) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; - } - if (controller._queueTotalSize > 0) { - controller._closeRequested = true; - return; - } - if (controller._pendingPullIntos.length > 0) { - const firstPendingPullInto = controller._pendingPullIntos.peek(); - if (firstPendingPullInto.bytesFilled > 0) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - throw e; - } - } - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(stream); -} -function ReadableByteStreamControllerEnqueue(controller, chunk) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; - } - const buffer = chunk.buffer; - const byteOffset = chunk.byteOffset; - const byteLength = chunk.byteLength; - const transferredBuffer = TransferArrayBuffer(buffer); - if (ReadableStreamHasDefaultReader(stream)) { - if (ReadableStreamGetNumReadRequests(stream) === 0) { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - else { - const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength); - ReadableStreamFulfillReadRequest(stream, transferredView, false); - } - } - else if (ReadableStreamHasBYOBReader(stream)) { - // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully. - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); - } - else { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerError(controller, e) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return; - } - ReadableByteStreamControllerClearPendingPullIntos(controller); - ResetQueue(controller); - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableByteStreamControllerGetDesiredSize(controller) { - const state = controller._controlledReadableByteStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -function ReadableByteStreamControllerRespond(controller, bytesWritten) { - bytesWritten = Number(bytesWritten); - if (!IsFiniteNonNegativeNumber(bytesWritten)) { - throw new RangeError('bytesWritten must be a finite'); - } - ReadableByteStreamControllerRespondInternal(controller, bytesWritten); -} -function ReadableByteStreamControllerRespondWithNewView(controller, view) { - const firstDescriptor = controller._pendingPullIntos.peek(); - if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) { - throw new RangeError('The region specified by view does not match byobRequest'); - } - if (firstDescriptor.byteLength !== view.byteLength) { - throw new RangeError('The buffer of view has different capacity than byobRequest'); - } - firstDescriptor.buffer = view.buffer; - ReadableByteStreamControllerRespondInternal(controller, view.byteLength); -} -function SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) { - controller._controlledReadableByteStream = stream; - controller._pullAgain = false; - controller._pulling = false; - controller._byobRequest = null; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._closeRequested = false; - controller._started = false; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - controller._autoAllocateChunkSize = autoAllocateChunkSize; - controller._pendingPullIntos = new SimpleQueue(); - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableByteStreamControllerCallPullIfNeeded(controller); - }, r => { - ReadableByteStreamControllerError(controller, r); - }); -} -function SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) { - const controller = Object.create(ReadableByteStreamController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingByteSource.start !== undefined) { - startAlgorithm = () => underlyingByteSource.start(controller); - } - if (underlyingByteSource.pull !== undefined) { - pullAlgorithm = () => underlyingByteSource.pull(controller); - } - if (underlyingByteSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingByteSource.cancel(reason); - } - const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize; - if (autoAllocateChunkSize === 0) { - throw new TypeError('autoAllocateChunkSize must be greater than 0'); - } - SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize); -} -function SetUpReadableStreamBYOBRequest(request, controller, view) { - request._associatedReadableByteStreamController = controller; - request._view = view; -} -// Helper functions for the ReadableStreamBYOBRequest. -function byobRequestBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`); -} -// Helper functions for the ReadableByteStreamController. -function byteStreamControllerBrandCheckException(name) { - return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`); -} - -// Abstract operations for the ReadableStream. -function AcquireReadableStreamBYOBReader(stream) { - return new ReadableStreamBYOBReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadIntoRequest(stream, readIntoRequest) { - stream._reader._readIntoRequests.push(readIntoRequest); -} -function ReadableStreamFulfillReadIntoRequest(stream, chunk, done) { - const reader = stream._reader; - const readIntoRequest = reader._readIntoRequests.shift(); - if (done) { - readIntoRequest._closeSteps(chunk); - } - else { - readIntoRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadIntoRequests(stream) { - return stream._reader._readIntoRequests.length; -} -function ReadableStreamHasBYOBReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamBYOBReader(reader)) { - return false; - } - return true; -} -/** - * A BYOB reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamBYOBReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - if (!IsReadableByteStreamController(stream._readableStreamController)) { - throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' + - 'source'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readIntoRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } - /** - * Attempts to reads bytes into view, and returns a promise resolved with the result. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read(view) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('read')); - } - if (!ArrayBuffer.isView(view)) { - return promiseRejectedWith(new TypeError('view must be an array buffer view')); - } - if (view.byteLength === 0) { - return promiseRejectedWith(new TypeError('view must have non-zero byteLength')); - } - if (view.buffer.byteLength === 0) { - return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`)); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readIntoRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: chunk => resolvePromise({ value: chunk, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamBYOBReaderRead(this, view, readIntoRequest); - return promise; - } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamBYOBReader(this)) { - throw byobReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readIntoRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamBYOBReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamBYOBReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) { - return false; - } - return true; -} -function ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'errored') { - readIntoRequest._errorSteps(stream._storedError); - } - else { - ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest); - } -} -// Helper functions for the ReadableStreamBYOBReader. -function byobReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`); -} - -function ExtractHighWaterMark(strategy, defaultHWM) { - const { highWaterMark } = strategy; - if (highWaterMark === undefined) { - return defaultHWM; - } - if (NumberIsNaN(highWaterMark) || highWaterMark < 0) { - throw new RangeError('Invalid highWaterMark'); - } - return highWaterMark; -} -function ExtractSizeAlgorithm(strategy) { - const { size } = strategy; - if (!size) { - return () => 1; - } - return size; -} - -function convertQueuingStrategy(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - const size = init === null || init === void 0 ? void 0 : init.size; - return { - highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark), - size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`) - }; -} -function convertQueuingStrategySize(fn, context) { - assertFunction(fn, context); - return chunk => convertUnrestrictedDouble(fn(chunk)); -} - -function convertUnderlyingSink(original, context) { - assertDictionary(original, context); - const abort = original === null || original === void 0 ? void 0 : original.abort; - const close = original === null || original === void 0 ? void 0 : original.close; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - const write = original === null || original === void 0 ? void 0 : original.write; - return { - abort: abort === undefined ? - undefined : - convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`), - close: close === undefined ? - undefined : - convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`), - start: start === undefined ? - undefined : - convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`), - write: write === undefined ? - undefined : - convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`), - type - }; -} -function convertUnderlyingSinkAbortCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSinkCloseCallback(fn, original, context) { - assertFunction(fn, context); - return () => promiseCall(fn, original, []); -} -function convertUnderlyingSinkStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertUnderlyingSinkWriteCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} - -function assertWritableStream(x, context) { - if (!IsWritableStream(x)) { - throw new TypeError(`${context} is not a WritableStream.`); - } -} - -/** - * A writable stream represents a destination for data, into which you can write. - * - * @public - */ -class WritableStream { - constructor(rawUnderlyingSink = {}, rawStrategy = {}) { - if (rawUnderlyingSink === undefined) { - rawUnderlyingSink = null; - } - else { - assertObject(rawUnderlyingSink, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter'); - InitializeWritableStream(this); - const type = underlyingSink.type; - if (type !== undefined) { - throw new RangeError('Invalid type is specified'); - } - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm); - } - /** - * Returns whether or not the writable stream is locked to a writer. - */ - get locked() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('locked'); - } - return IsWritableStreamLocked(this); - } - /** - * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be - * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort - * mechanism of the underlying sink. - * - * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled - * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel - * the stream) if the stream is currently locked. - */ - abort(reason = undefined) { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('abort')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer')); - } - return WritableStreamAbort(this, reason); - } - /** - * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its - * close behavior. During this time any further attempts to write will fail (without erroring the stream). - * - * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream - * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with - * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked. - */ - close() { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('close')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer')); - } - if (WritableStreamCloseQueuedOrInFlight(this)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamClose(this); - } - /** - * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream - * is locked, no other writer can be acquired until this one is released. - * - * This functionality is especially useful for creating abstractions that desire the ability to write to a stream - * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at - * the same time, which would cause the resulting written data to be unpredictable and probably useless. - */ - getWriter() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('getWriter'); - } - return AcquireWritableStreamDefaultWriter(this); - } -} -Object.defineProperties(WritableStream.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStream', - configurable: true - }); -} -// Abstract operations for the WritableStream. -function AcquireWritableStreamDefaultWriter(stream) { - return new WritableStreamDefaultWriter(stream); -} -// Throws if and only if startAlgorithm throws. -function CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(WritableStream.prototype); - InitializeWritableStream(stream); - const controller = Object.create(WritableStreamDefaultController.prototype); - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeWritableStream(stream) { - stream._state = 'writable'; - // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is - // 'erroring' or 'errored'. May be set to an undefined value. - stream._storedError = undefined; - stream._writer = undefined; - // Initialize to undefined first because the constructor of the controller checks this - // variable to validate the caller. - stream._writableStreamController = undefined; - // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data - // producer without waiting for the queued writes to finish. - stream._writeRequests = new SimpleQueue(); - // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents - // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here. - stream._inFlightWriteRequest = undefined; - // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer - // has been detached. - stream._closeRequest = undefined; - // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it - // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here. - stream._inFlightCloseRequest = undefined; - // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached. - stream._pendingAbortRequest = undefined; - // The backpressure signal set by the controller. - stream._backpressure = false; -} -function IsWritableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) { - return false; - } - return true; -} -function IsWritableStreamLocked(stream) { - if (stream._writer === undefined) { - return false; - } - return true; -} -function WritableStreamAbort(stream, reason) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseResolvedWith(undefined); - } - if (stream._pendingAbortRequest !== undefined) { - return stream._pendingAbortRequest._promise; - } - let wasAlreadyErroring = false; - if (state === 'erroring') { - wasAlreadyErroring = true; - // reason will not be used, so don't keep a reference to it. - reason = undefined; - } - const promise = newPromise((resolve, reject) => { - stream._pendingAbortRequest = { - _promise: undefined, - _resolve: resolve, - _reject: reject, - _reason: reason, - _wasAlreadyErroring: wasAlreadyErroring - }; - }); - stream._pendingAbortRequest._promise = promise; - if (!wasAlreadyErroring) { - WritableStreamStartErroring(stream, reason); - } - return promise; -} -function WritableStreamClose(stream) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`)); - } - const promise = newPromise((resolve, reject) => { - const closeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._closeRequest = closeRequest; - }); - const writer = stream._writer; - if (writer !== undefined && stream._backpressure && state === 'writable') { - defaultWriterReadyPromiseResolve(writer); - } - WritableStreamDefaultControllerClose(stream._writableStreamController); - return promise; -} -// WritableStream API exposed for controllers. -function WritableStreamAddWriteRequest(stream) { - const promise = newPromise((resolve, reject) => { - const writeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._writeRequests.push(writeRequest); - }); - return promise; -} -function WritableStreamDealWithRejection(stream, error) { - const state = stream._state; - if (state === 'writable') { - WritableStreamStartErroring(stream, error); - return; - } - WritableStreamFinishErroring(stream); -} -function WritableStreamStartErroring(stream, reason) { - const controller = stream._writableStreamController; - stream._state = 'erroring'; - stream._storedError = reason; - const writer = stream._writer; - if (writer !== undefined) { - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason); - } - if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) { - WritableStreamFinishErroring(stream); - } -} -function WritableStreamFinishErroring(stream) { - stream._state = 'errored'; - stream._writableStreamController[ErrorSteps](); - const storedError = stream._storedError; - stream._writeRequests.forEach(writeRequest => { - writeRequest._reject(storedError); - }); - stream._writeRequests = new SimpleQueue(); - if (stream._pendingAbortRequest === undefined) { - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const abortRequest = stream._pendingAbortRequest; - stream._pendingAbortRequest = undefined; - if (abortRequest._wasAlreadyErroring) { - abortRequest._reject(storedError); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const promise = stream._writableStreamController[AbortSteps](abortRequest._reason); - uponPromise(promise, () => { - abortRequest._resolve(); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }, (reason) => { - abortRequest._reject(reason); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }); -} -function WritableStreamFinishInFlightWrite(stream) { - stream._inFlightWriteRequest._resolve(undefined); - stream._inFlightWriteRequest = undefined; -} -function WritableStreamFinishInFlightWriteWithError(stream, error) { - stream._inFlightWriteRequest._reject(error); - stream._inFlightWriteRequest = undefined; - WritableStreamDealWithRejection(stream, error); -} -function WritableStreamFinishInFlightClose(stream) { - stream._inFlightCloseRequest._resolve(undefined); - stream._inFlightCloseRequest = undefined; - const state = stream._state; - if (state === 'erroring') { - // The error was too late to do anything, so it is ignored. - stream._storedError = undefined; - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._resolve(); - stream._pendingAbortRequest = undefined; - } - } - stream._state = 'closed'; - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseResolve(writer); - } -} -function WritableStreamFinishInFlightCloseWithError(stream, error) { - stream._inFlightCloseRequest._reject(error); - stream._inFlightCloseRequest = undefined; - // Never execute sink abort() after sink close(). - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._reject(error); - stream._pendingAbortRequest = undefined; - } - WritableStreamDealWithRejection(stream, error); -} -// TODO(ricea): Fix alphabetical order. -function WritableStreamCloseQueuedOrInFlight(stream) { - if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamHasOperationMarkedInFlight(stream) { - if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamMarkCloseRequestInFlight(stream) { - stream._inFlightCloseRequest = stream._closeRequest; - stream._closeRequest = undefined; -} -function WritableStreamMarkFirstWriteRequestInFlight(stream) { - stream._inFlightWriteRequest = stream._writeRequests.shift(); -} -function WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) { - if (stream._closeRequest !== undefined) { - stream._closeRequest._reject(stream._storedError); - stream._closeRequest = undefined; - } - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseReject(writer, stream._storedError); - } -} -function WritableStreamUpdateBackpressure(stream, backpressure) { - const writer = stream._writer; - if (writer !== undefined && backpressure !== stream._backpressure) { - if (backpressure) { - defaultWriterReadyPromiseReset(writer); - } - else { - defaultWriterReadyPromiseResolve(writer); - } - } - stream._backpressure = backpressure; -} -/** - * A default writer vended by a {@link WritableStream}. - * - * @public - */ -class WritableStreamDefaultWriter { - constructor(stream) { - assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter'); - assertWritableStream(stream, 'First parameter'); - if (IsWritableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive writing by another writer'); - } - this._ownerWritableStream = stream; - stream._writer = this; - const state = stream._state; - if (state === 'writable') { - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) { - defaultWriterReadyPromiseInitialize(this); - } - else { - defaultWriterReadyPromiseInitializeAsResolved(this); - } - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'erroring') { - defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError); - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'closed') { - defaultWriterReadyPromiseInitializeAsResolved(this); - defaultWriterClosedPromiseInitializeAsResolved(this); - } - else { - const storedError = stream._storedError; - defaultWriterReadyPromiseInitializeAsRejected(this, storedError); - defaultWriterClosedPromiseInitializeAsRejected(this, storedError); - } - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the writer’s lock is released before the stream finishes closing. - */ - get closed() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full. - * A producer can use this information to determine the right amount of data to write. - * - * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort - * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when - * the writer’s lock is released. - */ - get desiredSize() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('desiredSize'); - } - if (this._ownerWritableStream === undefined) { - throw defaultWriterLockException('desiredSize'); - } - return WritableStreamDefaultWriterGetDesiredSize(this); - } - /** - * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions - * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips - * back to zero or below, the getter will return a new promise that stays pending until the next transition. - * - * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become - * rejected. - */ - get ready() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('ready')); - } - return this._readyPromise; - } - /** - * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}. - */ - abort(reason = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('abort')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('abort')); - } - return WritableStreamDefaultWriterAbort(this, reason); - } - /** - * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}. - */ - close() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('close')); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return promiseRejectedWith(defaultWriterLockException('close')); - } - if (WritableStreamCloseQueuedOrInFlight(stream)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamDefaultWriterClose(this); - } - /** - * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active. - * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from - * now on; otherwise, the writer will appear closed. - * - * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the - * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled). - * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents - * other producers from writing in an interleaved manner. - */ - releaseLock() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('releaseLock'); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return; - } - WritableStreamDefaultWriterRelease(this); - } - write(chunk = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('write')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - return WritableStreamDefaultWriterWrite(this, chunk); - } -} -Object.defineProperties(WritableStreamDefaultWriter.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, - closed: { enumerable: true }, - desiredSize: { enumerable: true }, - ready: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultWriter', - configurable: true - }); -} -// Abstract operations for the WritableStreamDefaultWriter. -function IsWritableStreamDefaultWriter(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) { - return false; - } - return true; -} -// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check. -function WritableStreamDefaultWriterAbort(writer, reason) { - const stream = writer._ownerWritableStream; - return WritableStreamAbort(stream, reason); -} -function WritableStreamDefaultWriterClose(writer) { - const stream = writer._ownerWritableStream; - return WritableStreamClose(stream); -} -function WritableStreamDefaultWriterCloseWithErrorPropagation(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseResolvedWith(undefined); - } - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - return WritableStreamDefaultWriterClose(writer); -} -function WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) { - if (writer._closedPromiseState === 'pending') { - defaultWriterClosedPromiseReject(writer, error); - } - else { - defaultWriterClosedPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) { - if (writer._readyPromiseState === 'pending') { - defaultWriterReadyPromiseReject(writer, error); - } - else { - defaultWriterReadyPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterGetDesiredSize(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (state === 'errored' || state === 'erroring') { - return null; - } - if (state === 'closed') { - return 0; - } - return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController); -} -function WritableStreamDefaultWriterRelease(writer) { - const stream = writer._ownerWritableStream; - const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`); - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError); - // The state transitions to "errored" before the sink abort() method runs, but the writer.closed promise is not - // rejected until afterwards. This means that simply testing state will not work. - WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError); - stream._writer = undefined; - writer._ownerWritableStream = undefined; -} -function WritableStreamDefaultWriterWrite(writer, chunk) { - const stream = writer._ownerWritableStream; - const controller = stream._writableStreamController; - const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk); - if (stream !== writer._ownerWritableStream) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - const state = stream._state; - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to')); - } - if (state === 'erroring') { - return promiseRejectedWith(stream._storedError); - } - const promise = WritableStreamAddWriteRequest(stream); - WritableStreamDefaultControllerWrite(controller, chunk, chunkSize); - return promise; -} -const closeSentinel = {}; -/** - * Allows control of a {@link WritableStream | writable stream}'s state and internal queue. - * - * @public - */ -class WritableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`. - * - * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying - * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the - * normal lifecycle of interactions with the underlying sink. - */ - error(e = undefined) { - if (!IsWritableStreamDefaultController(this)) { - throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController'); - } - const state = this._controlledWritableStream._state; - if (state !== 'writable') { - // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so - // just treat it as a no-op. - return; - } - WritableStreamDefaultControllerError(this, e); - } - /** @internal */ - [AbortSteps](reason) { - const result = this._abortAlgorithm(reason); - WritableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [ErrorSteps]() { - ResetQueue(this); - } -} -Object.defineProperties(WritableStreamDefaultController.prototype, { - error: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultController', - configurable: true - }); -} -// Abstract operations implementing interface required by the WritableStream. -function IsWritableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) { - return false; - } - return true; -} -function SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledWritableStream = stream; - stream._writableStreamController = controller; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._writeAlgorithm = writeAlgorithm; - controller._closeAlgorithm = closeAlgorithm; - controller._abortAlgorithm = abortAlgorithm; - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - const startResult = startAlgorithm(); - const startPromise = promiseResolvedWith(startResult); - uponPromise(startPromise, () => { - controller._started = true; - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, r => { - controller._started = true; - WritableStreamDealWithRejection(stream, r); - }); -} -function SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) { - const controller = Object.create(WritableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let writeAlgorithm = () => promiseResolvedWith(undefined); - let closeAlgorithm = () => promiseResolvedWith(undefined); - let abortAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSink.start !== undefined) { - startAlgorithm = () => underlyingSink.start(controller); - } - if (underlyingSink.write !== undefined) { - writeAlgorithm = chunk => underlyingSink.write(chunk, controller); - } - if (underlyingSink.close !== undefined) { - closeAlgorithm = () => underlyingSink.close(); - } - if (underlyingSink.abort !== undefined) { - abortAlgorithm = reason => underlyingSink.abort(reason); - } - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); -} -// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls. -function WritableStreamDefaultControllerClearAlgorithms(controller) { - controller._writeAlgorithm = undefined; - controller._closeAlgorithm = undefined; - controller._abortAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -function WritableStreamDefaultControllerClose(controller) { - EnqueueValueWithSize(controller, closeSentinel, 0); - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -function WritableStreamDefaultControllerGetChunkSize(controller, chunk) { - try { - return controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE); - return 1; - } -} -function WritableStreamDefaultControllerGetDesiredSize(controller) { - return controller._strategyHWM - controller._queueTotalSize; -} -function WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) { - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE); - return; - } - const stream = controller._controlledWritableStream; - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -// Abstract operations for the WritableStreamDefaultController. -function WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) { - const stream = controller._controlledWritableStream; - if (!controller._started) { - return; - } - if (stream._inFlightWriteRequest !== undefined) { - return; - } - const state = stream._state; - if (state === 'erroring') { - WritableStreamFinishErroring(stream); - return; - } - if (controller._queue.length === 0) { - return; - } - const value = PeekQueueValue(controller); - if (value === closeSentinel) { - WritableStreamDefaultControllerProcessClose(controller); - } - else { - WritableStreamDefaultControllerProcessWrite(controller, value); - } -} -function WritableStreamDefaultControllerErrorIfNeeded(controller, error) { - if (controller._controlledWritableStream._state === 'writable') { - WritableStreamDefaultControllerError(controller, error); - } -} -function WritableStreamDefaultControllerProcessClose(controller) { - const stream = controller._controlledWritableStream; - WritableStreamMarkCloseRequestInFlight(stream); - DequeueValue(controller); - const sinkClosePromise = controller._closeAlgorithm(); - WritableStreamDefaultControllerClearAlgorithms(controller); - uponPromise(sinkClosePromise, () => { - WritableStreamFinishInFlightClose(stream); - }, reason => { - WritableStreamFinishInFlightCloseWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerProcessWrite(controller, chunk) { - const stream = controller._controlledWritableStream; - WritableStreamMarkFirstWriteRequestInFlight(stream); - const sinkWritePromise = controller._writeAlgorithm(chunk); - uponPromise(sinkWritePromise, () => { - WritableStreamFinishInFlightWrite(stream); - const state = stream._state; - DequeueValue(controller); - if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, reason => { - if (stream._state === 'writable') { - WritableStreamDefaultControllerClearAlgorithms(controller); - } - WritableStreamFinishInFlightWriteWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerGetBackpressure(controller) { - const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller); - return desiredSize <= 0; -} -// A client of WritableStreamDefaultController may use these functions directly to bypass state check. -function WritableStreamDefaultControllerError(controller, error) { - const stream = controller._controlledWritableStream; - WritableStreamDefaultControllerClearAlgorithms(controller); - WritableStreamStartErroring(stream, error); -} -// Helper functions for the WritableStream. -function streamBrandCheckException$2(name) { - return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`); -} -// Helper functions for the WritableStreamDefaultWriter. -function defaultWriterBrandCheckException(name) { - return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`); -} -function defaultWriterLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released writer'); -} -function defaultWriterClosedPromiseInitialize(writer) { - writer._closedPromise = newPromise((resolve, reject) => { - writer._closedPromise_resolve = resolve; - writer._closedPromise_reject = reject; - writer._closedPromiseState = 'pending'; - }); -} -function defaultWriterClosedPromiseInitializeAsRejected(writer, reason) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseReject(writer, reason); -} -function defaultWriterClosedPromiseInitializeAsResolved(writer) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseResolve(writer); -} -function defaultWriterClosedPromiseReject(writer, reason) { - if (writer._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._closedPromise); - writer._closedPromise_reject(reason); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'rejected'; -} -function defaultWriterClosedPromiseResetToRejected(writer, reason) { - defaultWriterClosedPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterClosedPromiseResolve(writer) { - if (writer._closedPromise_resolve === undefined) { - return; - } - writer._closedPromise_resolve(undefined); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'resolved'; -} -function defaultWriterReadyPromiseInitialize(writer) { - writer._readyPromise = newPromise((resolve, reject) => { - writer._readyPromise_resolve = resolve; - writer._readyPromise_reject = reject; - }); - writer._readyPromiseState = 'pending'; -} -function defaultWriterReadyPromiseInitializeAsRejected(writer, reason) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseReject(writer, reason); -} -function defaultWriterReadyPromiseInitializeAsResolved(writer) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseResolve(writer); -} -function defaultWriterReadyPromiseReject(writer, reason) { - if (writer._readyPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._readyPromise); - writer._readyPromise_reject(reason); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'rejected'; -} -function defaultWriterReadyPromiseReset(writer) { - defaultWriterReadyPromiseInitialize(writer); -} -function defaultWriterReadyPromiseResetToRejected(writer, reason) { - defaultWriterReadyPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterReadyPromiseResolve(writer) { - if (writer._readyPromise_resolve === undefined) { - return; - } - writer._readyPromise_resolve(undefined); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'fulfilled'; -} - -function isAbortSignal(value) { - if (typeof value !== 'object' || value === null) { - return false; - } - try { - return typeof value.aborted === 'boolean'; - } - catch (_a) { - // AbortSignal.prototype.aborted throws if its brand check fails - return false; - } -} - -/// -const NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined; - -/// -function isDOMExceptionConstructor(ctor) { - if (!(typeof ctor === 'function' || typeof ctor === 'object')) { - return false; - } - try { - new ctor(); - return true; - } - catch (_a) { - return false; - } -} -function createDOMExceptionPolyfill() { - // eslint-disable-next-line no-shadow - const ctor = function DOMException(message, name) { - this.message = message || ''; - this.name = name || 'Error'; - if (Error.captureStackTrace) { - Error.captureStackTrace(this, this.constructor); - } - }; - ctor.prototype = Object.create(Error.prototype); - Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true }); - return ctor; -} -// eslint-disable-next-line no-redeclare -const DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill(); - -function ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) { - const reader = AcquireReadableStreamDefaultReader(source); - const writer = AcquireWritableStreamDefaultWriter(dest); - source._disturbed = true; - let shuttingDown = false; - // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown. - let currentWrite = promiseResolvedWith(undefined); - return newPromise((resolve, reject) => { - let abortAlgorithm; - if (signal !== undefined) { - abortAlgorithm = () => { - const error = new DOMException$1('Aborted', 'AbortError'); - const actions = []; - if (!preventAbort) { - actions.push(() => { - if (dest._state === 'writable') { - return WritableStreamAbort(dest, error); - } - return promiseResolvedWith(undefined); - }); - } - if (!preventCancel) { - actions.push(() => { - if (source._state === 'readable') { - return ReadableStreamCancel(source, error); - } - return promiseResolvedWith(undefined); - }); - } - shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error); - }; - if (signal.aborted) { - abortAlgorithm(); - return; - } - signal.addEventListener('abort', abortAlgorithm); - } - // Using reader and writer, read all chunks from this and write them to dest - // - Backpressure must be enforced - // - Shutdown must stop all activity - function pipeLoop() { - return newPromise((resolveLoop, rejectLoop) => { - function next(done) { - if (done) { - resolveLoop(); - } - else { - // Use `PerformPromiseThen` instead of `uponPromise` to avoid - // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers - PerformPromiseThen(pipeStep(), next, rejectLoop); - } - } - next(false); - }); - } - function pipeStep() { - if (shuttingDown) { - return promiseResolvedWith(true); - } - return PerformPromiseThen(writer._readyPromise, () => { - return newPromise((resolveRead, rejectRead) => { - ReadableStreamDefaultReaderRead(reader, { - _chunkSteps: chunk => { - currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop); - resolveRead(false); - }, - _closeSteps: () => resolveRead(true), - _errorSteps: rejectRead - }); - }); - }); - } - // Errors must be propagated forward - isOrBecomesErrored(source, reader._closedPromise, storedError => { - if (!preventAbort) { - shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Errors must be propagated backward - isOrBecomesErrored(dest, writer._closedPromise, storedError => { - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Closing must be propagated forward - isOrBecomesClosed(source, reader._closedPromise, () => { - if (!preventClose) { - shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer)); - } - else { - shutdown(); - } - }); - // Closing must be propagated backward - if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') { - const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it'); - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed); - } - else { - shutdown(true, destClosed); - } - } - setPromiseIsHandledToTrue(pipeLoop()); - function waitForWritesToFinish() { - // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait - // for that too. - const oldCurrentWrite = currentWrite; - return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined); - } - function isOrBecomesErrored(stream, promise, action) { - if (stream._state === 'errored') { - action(stream._storedError); - } - else { - uponRejection(promise, action); - } - } - function isOrBecomesClosed(stream, promise, action) { - if (stream._state === 'closed') { - action(); - } - else { - uponFulfillment(promise, action); - } - } - function shutdownWithAction(action, originalIsError, originalError) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), doTheRest); - } - else { - doTheRest(); - } - function doTheRest() { - uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError)); - } - } - function shutdown(isError, error) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error)); - } - else { - finalize(isError, error); - } - } - function finalize(isError, error) { - WritableStreamDefaultWriterRelease(writer); - ReadableStreamReaderGenericRelease(reader); - if (signal !== undefined) { - signal.removeEventListener('abort', abortAlgorithm); - } - if (isError) { - reject(error); - } - else { - resolve(undefined); - } - } - }); -} - -/** - * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue. - * - * @public - */ -class ReadableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('desiredSize'); - } - return ReadableStreamDefaultControllerGetDesiredSize(this); - } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('close'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits close'); - } - ReadableStreamDefaultControllerClose(this); - } - enqueue(chunk = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('enqueue'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits enqueue'); - } - return ReadableStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('error'); - } - ReadableStreamDefaultControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableStream; - if (this._queue.length > 0) { - const chunk = DequeueValue(this); - if (this._closeRequested && this._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(this); - ReadableStreamClose(stream); - } - else { - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - readRequest._chunkSteps(chunk); - } - else { - ReadableStreamAddReadRequest(stream, readRequest); - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - } -} -Object.defineProperties(ReadableStreamDefaultController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultController', - configurable: true - }); -} -// Abstract operations for the ReadableStreamDefaultController. -function IsReadableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) { - return false; - } - return true; -} -function ReadableStreamDefaultControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableStreamDefaultControllerError(controller, e); - }); -} -function ReadableStreamDefaultControllerShouldCallPull(controller) { - const stream = controller._controlledReadableStream; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return false; - } - if (!controller._started) { - return false; - } - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; - } - return false; -} -function ReadableStreamDefaultControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -// A client of ReadableStreamDefaultController may use these functions directly to bypass state check. -function ReadableStreamDefaultControllerClose(controller) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; - } - const stream = controller._controlledReadableStream; - controller._closeRequested = true; - if (controller._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamClose(stream); - } -} -function ReadableStreamDefaultControllerEnqueue(controller, chunk) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; - } - const stream = controller._controlledReadableStream; - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - ReadableStreamFulfillReadRequest(stream, chunk, false); - } - else { - let chunkSize; - try { - chunkSize = controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - ReadableStreamDefaultControllerError(controller, chunkSizeE); - throw chunkSizeE; - } - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - ReadableStreamDefaultControllerError(controller, enqueueE); - throw enqueueE; - } - } - ReadableStreamDefaultControllerCallPullIfNeeded(controller); -} -function ReadableStreamDefaultControllerError(controller, e) { - const stream = controller._controlledReadableStream; - if (stream._state !== 'readable') { - return; - } - ResetQueue(controller); - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableStreamDefaultControllerGetDesiredSize(controller) { - const state = controller._controlledReadableStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -// This is used in the implementation of TransformStream. -function ReadableStreamDefaultControllerHasBackpressure(controller) { - if (ReadableStreamDefaultControllerShouldCallPull(controller)) { - return false; - } - return true; -} -function ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) { - const state = controller._controlledReadableStream._state; - if (!controller._closeRequested && state === 'readable') { - return true; - } - return false; -} -function SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledReadableStream = stream; - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._closeRequested = false; - controller._pullAgain = false; - controller._pulling = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - }, r => { - ReadableStreamDefaultControllerError(controller, r); - }); -} -function SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) { - const controller = Object.create(ReadableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSource.start !== undefined) { - startAlgorithm = () => underlyingSource.start(controller); - } - if (underlyingSource.pull !== undefined) { - pullAlgorithm = () => underlyingSource.pull(controller); - } - if (underlyingSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingSource.cancel(reason); - } - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); -} -// Helper functions for the ReadableStreamDefaultController. -function defaultControllerBrandCheckException$1(name) { - return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`); -} - -function ReadableStreamTee(stream, cloneForBranch2) { - const reader = AcquireReadableStreamDefaultReader(stream); - let reading = false; - let canceled1 = false; - let canceled2 = false; - let reason1; - let reason2; - let branch1; - let branch2; - let resolveCancelPromise; - const cancelPromise = newPromise(resolve => { - resolveCancelPromise = resolve; - }); - function pullAlgorithm() { - if (reading) { - return promiseResolvedWith(undefined); - } - reading = true; - const readRequest = { - _chunkSteps: value => { - // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using - // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let - // successful synchronously-available reads get ahead of asynchronously-available errors. - queueMicrotask(() => { - reading = false; - const value1 = value; - const value2 = value; - // There is no way to access the cloning code right now in the reference implementation. - // If we add one then we'll need an implementation for serializable objects. - // if (!canceled2 && cloneForBranch2) { - // value2 = StructuredDeserialize(StructuredSerialize(value2)); - // } - if (!canceled1) { - ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1); - } - if (!canceled2) { - ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2); - } - }); - }, - _closeSteps: () => { - reading = false; - if (!canceled1) { - ReadableStreamDefaultControllerClose(branch1._readableStreamController); - } - if (!canceled2) { - ReadableStreamDefaultControllerClose(branch2._readableStreamController); - } - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }, - _errorSteps: () => { - reading = false; - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promiseResolvedWith(undefined); - } - function cancel1Algorithm(reason) { - canceled1 = true; - reason1 = reason; - if (canceled2) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function cancel2Algorithm(reason) { - canceled2 = true; - reason2 = reason; - if (canceled1) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function startAlgorithm() { - // do nothing - } - branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm); - branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm); - uponRejection(reader._closedPromise, (r) => { - ReadableStreamDefaultControllerError(branch1._readableStreamController, r); - ReadableStreamDefaultControllerError(branch2._readableStreamController, r); - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }); - return [branch1, branch2]; -} - -function convertUnderlyingDefaultOrByteSource(source, context) { - assertDictionary(source, context); - const original = source; - const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize; - const cancel = original === null || original === void 0 ? void 0 : original.cancel; - const pull = original === null || original === void 0 ? void 0 : original.pull; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - return { - autoAllocateChunkSize: autoAllocateChunkSize === undefined ? - undefined : - convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`), - cancel: cancel === undefined ? - undefined : - convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`), - pull: pull === undefined ? - undefined : - convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`), - start: start === undefined ? - undefined : - convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`), - type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`) - }; -} -function convertUnderlyingSourceCancelCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSourcePullCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertUnderlyingSourceStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertReadableStreamType(type, context) { - type = `${type}`; - if (type !== 'bytes') { - throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`); - } - return type; -} - -function convertReaderOptions(options, context) { - assertDictionary(options, context); - const mode = options === null || options === void 0 ? void 0 : options.mode; - return { - mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`) - }; -} -function convertReadableStreamReaderMode(mode, context) { - mode = `${mode}`; - if (mode !== 'byob') { - throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`); - } - return mode; -} - -function convertIteratorOptions(options, context) { - assertDictionary(options, context); - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - return { preventCancel: Boolean(preventCancel) }; -} - -function convertPipeOptions(options, context) { - assertDictionary(options, context); - const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort; - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - const preventClose = options === null || options === void 0 ? void 0 : options.preventClose; - const signal = options === null || options === void 0 ? void 0 : options.signal; - if (signal !== undefined) { - assertAbortSignal(signal, `${context} has member 'signal' that`); - } - return { - preventAbort: Boolean(preventAbort), - preventCancel: Boolean(preventCancel), - preventClose: Boolean(preventClose), - signal - }; -} -function assertAbortSignal(signal, context) { - if (!isAbortSignal(signal)) { - throw new TypeError(`${context} is not an AbortSignal.`); - } -} - -function convertReadableWritablePair(pair, context) { - assertDictionary(pair, context); - const readable = pair === null || pair === void 0 ? void 0 : pair.readable; - assertRequiredField(readable, 'readable', 'ReadableWritablePair'); - assertReadableStream(readable, `${context} has member 'readable' that`); - const writable = pair === null || pair === void 0 ? void 0 : pair.writable; - assertRequiredField(writable, 'writable', 'ReadableWritablePair'); - assertWritableStream(writable, `${context} has member 'writable' that`); - return { readable, writable }; -} - -/** - * A readable stream represents a source of data, from which you can read. - * - * @public - */ -class ReadableStream { - constructor(rawUnderlyingSource = {}, rawStrategy = {}) { - if (rawUnderlyingSource === undefined) { - rawUnderlyingSource = null; - } - else { - assertObject(rawUnderlyingSource, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter'); - InitializeReadableStream(this); - if (underlyingSource.type === 'bytes') { - if (strategy.size !== undefined) { - throw new RangeError('The strategy for a byte stream cannot have a size function'); - } - const highWaterMark = ExtractHighWaterMark(strategy, 0); - SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark); - } - else { - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm); - } - } - /** - * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}. - */ - get locked() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('locked'); - } - return IsReadableStreamLocked(this); - } - /** - * Cancels the stream, signaling a loss of interest in the stream by a consumer. - * - * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()} - * method, which might or might not use it. - */ - cancel(reason = undefined) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('cancel')); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader')); - } - return ReadableStreamCancel(this, reason); - } - getReader(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('getReader'); - } - const options = convertReaderOptions(rawOptions, 'First parameter'); - if (options.mode === undefined) { - return AcquireReadableStreamDefaultReader(this); - } - return AcquireReadableStreamBYOBReader(this); - } - pipeThrough(rawTransform, rawOptions = {}) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('pipeThrough'); - } - assertRequiredArgument(rawTransform, 1, 'pipeThrough'); - const transform = convertReadableWritablePair(rawTransform, 'First parameter'); - const options = convertPipeOptions(rawOptions, 'Second parameter'); - if (IsReadableStreamLocked(this)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream'); - } - if (IsWritableStreamLocked(transform.writable)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream'); - } - const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - setPromiseIsHandledToTrue(promise); - return transform.readable; - } - pipeTo(destination, rawOptions = {}) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('pipeTo')); - } - if (destination === undefined) { - return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`); - } - if (!IsWritableStream(destination)) { - return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`)); - } - let options; - try { - options = convertPipeOptions(rawOptions, 'Second parameter'); - } - catch (e) { - return promiseRejectedWith(e); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream')); - } - if (IsWritableStreamLocked(destination)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream')); - } - return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - } - /** - * Tees this readable stream, returning a two-element array containing the two resulting branches as - * new {@link ReadableStream} instances. - * - * Teeing a stream will lock it, preventing any other consumer from acquiring a reader. - * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be - * propagated to the stream's underlying source. - * - * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable, - * this could allow interference between the two branches. - */ - tee() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('tee'); - } - const branches = ReadableStreamTee(this); - return CreateArrayFromList(branches); - } - values(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('values'); - } - const options = convertIteratorOptions(rawOptions, 'First parameter'); - return AcquireReadableStreamAsyncIterator(this, options.preventCancel); - } -} -Object.defineProperties(ReadableStream.prototype, { - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, - values: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStream', - configurable: true - }); -} -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, { - value: ReadableStream.prototype.values, - writable: true, - configurable: true - }); -} -// Abstract operations for the ReadableStream. -// Throws if and only if startAlgorithm throws. -function CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(ReadableStream.prototype); - InitializeReadableStream(stream); - const controller = Object.create(ReadableStreamDefaultController.prototype); - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeReadableStream(stream) { - stream._state = 'readable'; - stream._reader = undefined; - stream._storedError = undefined; - stream._disturbed = false; -} -function IsReadableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) { - return false; - } - return true; -} -function IsReadableStreamLocked(stream) { - if (stream._reader === undefined) { - return false; - } - return true; -} -// ReadableStream API exposed for controllers. -function ReadableStreamCancel(stream, reason) { - stream._disturbed = true; - if (stream._state === 'closed') { - return promiseResolvedWith(undefined); - } - if (stream._state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - ReadableStreamClose(stream); - const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason); - return transformPromiseWith(sourceCancelPromise, noop); -} -function ReadableStreamClose(stream) { - stream._state = 'closed'; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseResolve(reader); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._closeSteps(); - }); - reader._readRequests = new SimpleQueue(); - } -} -function ReadableStreamError(stream, e) { - stream._state = 'errored'; - stream._storedError = e; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseReject(reader, e); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._errorSteps(e); - }); - reader._readRequests = new SimpleQueue(); - } - else { - reader._readIntoRequests.forEach(readIntoRequest => { - readIntoRequest._errorSteps(e); - }); - reader._readIntoRequests = new SimpleQueue(); - } -} -// Helper functions for the ReadableStream. -function streamBrandCheckException$1(name) { - return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`); -} - -function convertQueuingStrategyInit(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit'); - return { - highWaterMark: convertUnrestrictedDouble(highWaterMark) - }; -} - -const byteLengthSizeFunction = function size(chunk) { - return chunk.byteLength; -}; -/** - * A queuing strategy that counts the number of bytes in each chunk. - * - * @public - */ -class ByteLengthQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('highWaterMark'); - } - return this._byteLengthQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by returning the value of its `byteLength` property. - */ - get size() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('size'); - } - return byteLengthSizeFunction; - } -} -Object.defineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'ByteLengthQueuingStrategy', - configurable: true - }); -} -// Helper functions for the ByteLengthQueuingStrategy. -function byteLengthBrandCheckException(name) { - return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`); -} -function IsByteLengthQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) { - return false; - } - return true; -} - -const countSizeFunction = function size() { - return 1; -}; -/** - * A queuing strategy that counts the number of chunks. - * - * @public - */ -class CountQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'CountQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._countQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('highWaterMark'); - } - return this._countQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by always returning 1. - * This ensures that the total queue size is a count of the number of chunks in the queue. - */ - get size() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('size'); - } - return countSizeFunction; - } -} -Object.defineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'CountQueuingStrategy', - configurable: true - }); -} -// Helper functions for the CountQueuingStrategy. -function countBrandCheckException(name) { - return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`); -} -function IsCountQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) { - return false; - } - return true; -} - -function convertTransformer(original, context) { - assertDictionary(original, context); - const flush = original === null || original === void 0 ? void 0 : original.flush; - const readableType = original === null || original === void 0 ? void 0 : original.readableType; - const start = original === null || original === void 0 ? void 0 : original.start; - const transform = original === null || original === void 0 ? void 0 : original.transform; - const writableType = original === null || original === void 0 ? void 0 : original.writableType; - return { - flush: flush === undefined ? - undefined : - convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`), - readableType, - start: start === undefined ? - undefined : - convertTransformerStartCallback(start, original, `${context} has member 'start' that`), - transform: transform === undefined ? - undefined : - convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`), - writableType - }; -} -function convertTransformerFlushCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertTransformerStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertTransformerTransformCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} - -// Class TransformStream -/** - * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream}, - * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side. - * In a manner specific to the transform stream in question, writes to the writable side result in new data being - * made available for reading from the readable side. - * - * @public - */ -class TransformStream { - constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) { - if (rawTransformer === undefined) { - rawTransformer = null; - } - const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter'); - const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter'); - const transformer = convertTransformer(rawTransformer, 'First parameter'); - if (transformer.readableType !== undefined) { - throw new RangeError('Invalid readableType specified'); - } - if (transformer.writableType !== undefined) { - throw new RangeError('Invalid writableType specified'); - } - const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0); - const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy); - const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1); - const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy); - let startPromise_resolve; - const startPromise = newPromise(resolve => { - startPromise_resolve = resolve; - }); - InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - SetUpTransformStreamDefaultControllerFromTransformer(this, transformer); - if (transformer.start !== undefined) { - startPromise_resolve(transformer.start(this._transformStreamController)); - } - else { - startPromise_resolve(undefined); - } - } - /** - * The readable side of the transform stream. - */ - get readable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('readable'); - } - return this._readable; - } - /** - * The writable side of the transform stream. - */ - get writable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('writable'); - } - return this._writable; - } -} -Object.defineProperties(TransformStream.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStream', - configurable: true - }); -} -function InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) { - function startAlgorithm() { - return startPromise; - } - function writeAlgorithm(chunk) { - return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk); - } - function abortAlgorithm(reason) { - return TransformStreamDefaultSinkAbortAlgorithm(stream, reason); - } - function closeAlgorithm() { - return TransformStreamDefaultSinkCloseAlgorithm(stream); - } - stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm); - function pullAlgorithm() { - return TransformStreamDefaultSourcePullAlgorithm(stream); - } - function cancelAlgorithm(reason) { - TransformStreamErrorWritableAndUnblockWrite(stream, reason); - return promiseResolvedWith(undefined); - } - stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure. - stream._backpressure = undefined; - stream._backpressureChangePromise = undefined; - stream._backpressureChangePromise_resolve = undefined; - TransformStreamSetBackpressure(stream, true); - stream._transformStreamController = undefined; -} -function IsTransformStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) { - return false; - } - return true; -} -// This is a no-op if both sides are already errored. -function TransformStreamError(stream, e) { - ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e); - TransformStreamErrorWritableAndUnblockWrite(stream, e); -} -function TransformStreamErrorWritableAndUnblockWrite(stream, e) { - TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController); - WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e); - if (stream._backpressure) { - // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure() - // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time - // _backpressure is set. - TransformStreamSetBackpressure(stream, false); - } -} -function TransformStreamSetBackpressure(stream, backpressure) { - // Passes also when called during construction. - if (stream._backpressureChangePromise !== undefined) { - stream._backpressureChangePromise_resolve(); - } - stream._backpressureChangePromise = newPromise(resolve => { - stream._backpressureChangePromise_resolve = resolve; - }); - stream._backpressure = backpressure; -} -// Class TransformStreamDefaultController -/** - * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}. - * - * @public - */ -class TransformStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full. - */ - get desiredSize() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('desiredSize'); - } - const readableController = this._controlledTransformStream._readable._readableStreamController; - return ReadableStreamDefaultControllerGetDesiredSize(readableController); - } - enqueue(chunk = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('enqueue'); - } - TransformStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors both the readable side and the writable side of the controlled transform stream, making all future - * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded. - */ - error(reason = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('error'); - } - TransformStreamDefaultControllerError(this, reason); - } - /** - * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the - * transformer only needs to consume a portion of the chunks written to the writable side. - */ - terminate() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('terminate'); - } - TransformStreamDefaultControllerTerminate(this); - } -} -Object.defineProperties(TransformStreamDefaultController.prototype, { - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStreamDefaultController', - configurable: true - }); -} -// Transform Stream Default Controller Abstract Operations -function IsTransformStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) { - return false; - } - return true; -} -function SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) { - controller._controlledTransformStream = stream; - stream._transformStreamController = controller; - controller._transformAlgorithm = transformAlgorithm; - controller._flushAlgorithm = flushAlgorithm; -} -function SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) { - const controller = Object.create(TransformStreamDefaultController.prototype); - let transformAlgorithm = (chunk) => { - try { - TransformStreamDefaultControllerEnqueue(controller, chunk); - return promiseResolvedWith(undefined); - } - catch (transformResultE) { - return promiseRejectedWith(transformResultE); - } - }; - let flushAlgorithm = () => promiseResolvedWith(undefined); - if (transformer.transform !== undefined) { - transformAlgorithm = chunk => transformer.transform(chunk, controller); - } - if (transformer.flush !== undefined) { - flushAlgorithm = () => transformer.flush(controller); - } - SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm); -} -function TransformStreamDefaultControllerClearAlgorithms(controller) { - controller._transformAlgorithm = undefined; - controller._flushAlgorithm = undefined; -} -function TransformStreamDefaultControllerEnqueue(controller, chunk) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) { - throw new TypeError('Readable side is not in a state that permits enqueue'); - } - // We throttle transform invocations based on the backpressure of the ReadableStream, but we still - // accept TransformStreamDefaultControllerEnqueue() calls. - try { - ReadableStreamDefaultControllerEnqueue(readableController, chunk); - } - catch (e) { - // This happens when readableStrategy.size() throws. - TransformStreamErrorWritableAndUnblockWrite(stream, e); - throw stream._readable._storedError; - } - const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController); - if (backpressure !== stream._backpressure) { - TransformStreamSetBackpressure(stream, true); - } -} -function TransformStreamDefaultControllerError(controller, e) { - TransformStreamError(controller._controlledTransformStream, e); -} -function TransformStreamDefaultControllerPerformTransform(controller, chunk) { - const transformPromise = controller._transformAlgorithm(chunk); - return transformPromiseWith(transformPromise, undefined, r => { - TransformStreamError(controller._controlledTransformStream, r); - throw r; - }); -} -function TransformStreamDefaultControllerTerminate(controller) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - ReadableStreamDefaultControllerClose(readableController); - const error = new TypeError('TransformStream terminated'); - TransformStreamErrorWritableAndUnblockWrite(stream, error); -} -// TransformStreamDefaultSink Algorithms -function TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) { - const controller = stream._transformStreamController; - if (stream._backpressure) { - const backpressureChangePromise = stream._backpressureChangePromise; - return transformPromiseWith(backpressureChangePromise, () => { - const writable = stream._writable; - const state = writable._state; - if (state === 'erroring') { - throw writable._storedError; - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - }); - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); -} -function TransformStreamDefaultSinkAbortAlgorithm(stream, reason) { - // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already - // errored. - TransformStreamError(stream, reason); - return promiseResolvedWith(undefined); -} -function TransformStreamDefaultSinkCloseAlgorithm(stream) { - // stream._readable cannot change after construction, so caching it across a call to user code is safe. - const readable = stream._readable; - const controller = stream._transformStreamController; - const flushPromise = controller._flushAlgorithm(); - TransformStreamDefaultControllerClearAlgorithms(controller); - // Return a promise that is fulfilled with undefined on success. - return transformPromiseWith(flushPromise, () => { - if (readable._state === 'errored') { - throw readable._storedError; - } - ReadableStreamDefaultControllerClose(readable._readableStreamController); - }, r => { - TransformStreamError(stream, r); - throw readable._storedError; - }); -} -// TransformStreamDefaultSource Algorithms -function TransformStreamDefaultSourcePullAlgorithm(stream) { - // Invariant. Enforced by the promises returned by start() and pull(). - TransformStreamSetBackpressure(stream, false); - // Prevent the next pull() call until there is backpressure. - return stream._backpressureChangePromise; -} -// Helper functions for the TransformStreamDefaultController. -function defaultControllerBrandCheckException(name) { - return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`); -} -// Helper functions for the TransformStream. -function streamBrandCheckException(name) { - return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`); -} - -export { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter }; diff --git a/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs b/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs new file mode 100644 index 000000000..c448367e5 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs @@ -0,0 +1,3 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;function t(t,e){return e.forEach((function(e){e&&"string"!=typeof e&&!Array.isArray(e)&&Object.keys(e).forEach((function(r){if("default"!==r&&!(r in t)){var i=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,i.get?i:{enumerable:!0,get:function(){return e[r]}})}}))})),Object.freeze(t)}var e=[0,1,3,7,15,31,63,127,255],r=function(t){this.stream=t,this.bitOffset=0,this.curByte=0,this.hasByte=!1};r.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},r.prototype.read=function(t){for(var r=0;t>0;){this._ensureByte();var i=8-this.bitOffset;if(t>=i)r<<=i,r|=e[i]&this.curByte,this.hasByte=!1,this.bitOffset=0,t-=i;else{r<<=t;var n=i-t;r|=(this.curByte&e[t]<>n,this.bitOffset+=t,t=0}}return r},r.prototype.seek=function(t){var e=t%8,r=(t-e)/8;this.bitOffset=e,this.stream.seek(r),this.hasByte=!1},r.prototype.pi=function(){var t,e=new Uint8Array(6);for(t=0;t("00"+t.toString(16)).slice(-2))).join("")}(e)};var i=r,n=function(){};n.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},n.prototype.read=function(t,e,r){for(var i=0;i>>0},this.updateCRC=function(e){t=t<<8^o[255&(t>>>24^e)]},this.updateCRCRun=function(e,r){for(;r-- >0;)t=t<<8^o[255&(t>>>24^e)]}}),f=i,u=a,h=s,p=function(t,e){var r,i=t[e];for(r=e;r>0;r--)t[r]=t[r-1];return t[0]=i,i},d={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},c={};c[d.LAST_BLOCK]="Bad file checksum",c[d.NOT_BZIP_DATA]="Not bzip data",c[d.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",c[d.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",c[d.DATA_ERROR]="Data error",c[d.OUT_OF_MEMORY]="Out of memory",c[d.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var _=function(t,e){var r=c[t]||"unknown error";e&&(r+=": "+e);var i=new TypeError(r);throw i.errorCode=t,i},b=function(t,e){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(t,e)};b.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new h,!0):(this.writeCount=-1,!1)},b.prototype._start_bunzip=function(t,e){var r=new Uint8Array(4);4===t.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||_(d.NOT_BZIP_DATA,"bad magic");var i=r[3]-48;(i<1||i>9)&&_(d.NOT_BZIP_DATA,"level out of range"),this.reader=new f(t),this.dbufSize=1e5*i,this.nextoutput=0,this.outputStream=e,this.streamCRC=0},b.prototype._get_next_block=function(){var t,e,r,i=this.reader,n=i.pi();if("177245385090"===n)return!1;"314159265359"!==n&&_(d.NOT_BZIP_DATA),this.targetBlockCRC=i.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,i.read(1)&&_(d.OBSOLETE_INPUT);var o=i.read(24);o>this.dbufSize&&_(d.DATA_ERROR,"initial position out of bounds");var a=i.read(16),s=new Uint8Array(256),f=0;for(t=0;t<16;t++)if(a&1<<15-t){var u=16*t;for(r=i.read(16),e=0;e<16;e++)r&1<<15-e&&(s[f++]=u+e)}var h=i.read(3);(h<2||h>6)&&_(d.DATA_ERROR);var c=i.read(15);0===c&&_(d.DATA_ERROR);var b=new Uint8Array(256);for(t=0;t=h&&_(d.DATA_ERROR);y[t]=p(b,e)}var R,l=f+2,C=[];for(e=0;e20)&&_(d.DATA_ERROR),i.read(1);)i.read(1)?a--:a++;O[t]=a}for(A=w=O[0],t=1;tw?w=O[t]:O[t]=c&&_(d.DATA_ERROR),R=C[y[U++]]),t=R.minLen,e=i.read(t);t>R.maxLen&&_(d.DATA_ERROR),!(e<=R.limit[t]);t++)e=e<<1|i.read(1);((e-=R.base[t])<0||e>=258)&&_(d.DATA_ERROR);var D=R.permute[e];if(0!==D&&1!==D){if(T)for(T=0,g+a>this.dbufSize&&_(d.DATA_ERROR),E[m=s[b[0]]]+=a;a--;)k[g++]=m;if(D>f)break;g>=this.dbufSize&&_(d.DATA_ERROR),E[m=s[m=p(b,t=D-1)]]++,k[g++]=m}else T||(T=1,a=0),a+=0===D?T:2*T,T<<=1}for((o<0||o>=g)&&_(d.DATA_ERROR),e=0,t=0;t<256;t++)r=e+E[t],E[t]=e,e=r;for(t=0;t>=8,S=-1),this.writePos=z,this.writeCurrent=P,this.writeCount=g,this.writeRun=S,!0},b.prototype._read_bunzip=function(t,e){var r,i,n;if(this.writeCount<0)return 0;var o=this.dbuf,a=this.writePos,s=this.writeCurrent,f=this.writeCount;this.outputsize;for(var u=this.writeRun;f;){for(f--,i=s,s=255&(a=o[a]),a>>=8,3==u++?(r=s,n=i,s=-1):(r=1,n=s),this.blockCRC.updateCRCRun(n,r);r--;)this.outputStream.writeByte(n),this.nextoutput++;s!=i&&(u=0)}return this.writeCount=f,this.blockCRC.getCRC()!==this.targetBlockCRC&&_(d.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var y=function(t){if("readByte"in t)return t;var e=new u;return e.pos=0,e.readByte=function(){return t[this.pos++]},e.seek=function(t){this.pos=t},e.eof=function(){return this.pos>=t.length},e},R=function(t){var e=new u,r=!0;if(t)if("number"==typeof t)e.buffer=new Uint8Array(t),r=!1;else{if("writeByte"in t)return t;e.buffer=t,r=!1}else e.buffer=new Uint8Array(16384);return e.pos=0,e.writeByte=function(t){if(r&&this.pos>=this.buffer.length){var e=new Uint8Array(2*this.buffer.length);e.set(this.buffer),this.buffer=e}this.buffer[this.pos++]=t},e.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var t=new Uint8Array(this.pos);t.set(this.buffer.subarray(0,this.pos)),this.buffer=t}return this.buffer},e._coerced=!0,e};var l=/*#__PURE__*/t({__proto__:null},[{Bunzip:b,Stream:u,Err:d,decode:function(t,e,r){for(var i=y(t),n=R(e),o=new b(i,n);!("eof"in i)||!i.eof();)if(o._init_block())o._read_bunzip();else{var a=o.reader.read(32)>>>0;if(a!==o.streamCRC&&_(d.DATA_ERROR,"Bad stream CRC (got "+o.streamCRC.toString(16)+" expected "+a.toString(16)+")"),!r||!("eof"in i)||i.eof())break;o._start_bunzip(i,n)}if("getBuffer"in n)return n.getBuffer()},decodeBlock:function(t,e,r){var i=y(t),n=R(r),o=new b(i,n);if(o.reader.seek(e),o._get_next_block()&&(o.blockCRC=new h,o.writeCopies=0,o._read_bunzip()),"getBuffer"in n)return n.getBuffer()},table:function(t,e,r){var i=new u;i.delegate=y(t),i.pos=0,i.readByte=function(){return this.pos++,this.delegate.readByte()},i.delegate.eof&&(i.eof=i.delegate.eof.bind(i.delegate));var n=new u;n.pos=0,n.writeByte=function(){this.pos++};for(var o=new b(i,n),a=o.dbufSize;!("eof"in i)||!i.eof();){var s=8*i.pos+o.reader.bitOffset;if(o.reader.hasByte&&(s-=8),o._init_block()){var f=n.pos;o._read_bunzip(),e(s,n.pos-f)}else{if(o.reader.read(32),!r||!("eof"in i)||i.eof())break;o._start_bunzip(i,n),console.assert(o.dbufSize===a,"shouldn't change block size within multistream file")}}}}]);export{l as i}; +//# sourceMappingURL=seek-bzip.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs.map new file mode 100644 index 000000000..d0452c540 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/seek-bzip.min.mjs.map @@ -0,0 +1 @@ +{"version":3,"file":"seek-bzip.min.mjs","sources":["../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js"],"sourcesContent":["/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n"],"names":["BITMASK","BitReader","stream","this","bitOffset","curByte","hasByte","prototype","_ensureByte","readByte","read","bits","result","remaining","shift","seek","pos","n_bit","n_byte","pi","i","buf","Uint8Array","length","Array","map","call","x","toString","slice","join","bufToHex","bitreader","Stream","Error","buffer","bufOffset","bytesRead","c","new_pos","writeByte","_byte","write","flush","crc32Lookup","crc32","Uint32Array","crc","getCRC","updateCRC","value","updateCRCRun","count","require$$0","require$$1","CRC32","require$$2","mtf","array","index","src","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","status","optDetail","msg","e","TypeError","errorCode","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","String","fromCharCode","level","reader","dbufSize","nextoutput","streamCRC","j","k","h","targetBlockCRC","origPointer","t","symToByte","symTotal","o","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","temp","Uint16Array","MAX_HUFCODE_BITS","push","permute","limit","base","pp","Number","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","len","copies","previous","outbyte","outputsize","coerceInputStream","input","eof","coerceOutputStream","output","resizeOk","newBuffer","set","getBuffer","subarray","_coerced","decode","multistream","bz","targetStreamCRC","decodeBlock","writeCopies","table","callback","delegate","bind","blockSize","position","start","console","assert"],"mappings":";8YA6BA,IAAIA,EAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,EAAY,SAASC,GACvBC,KAAKD,OAASA,EACdC,KAAKC,UAAY,EACjBD,KAAKE,QAAU,EACfF,KAAKG,SAAU,CACjB,EAEAL,EAAUM,UAAUC,YAAc,WAC3BL,KAAKG,UACRH,KAAKE,QAAUF,KAAKD,OAAOO,WAC3BN,KAAKG,SAAU,EAEnB,EAGAL,EAAUM,UAAUG,KAAO,SAASC,GAElC,IADA,IAAIC,EAAS,EACND,EAAO,GAAG,CACfR,KAAKK,cACL,IAAIK,EAAY,EAAIV,KAAKC,UAEzB,GAAIO,GAAQE,EACVD,IAAWC,EACXD,GAAUZ,EAAQa,GAAaV,KAAKE,QACpCF,KAAKG,SAAU,EACfH,KAAKC,UAAY,EACjBO,GAAQE,MACH,CACLD,IAAWD,EACX,IAAIG,EAAQD,EAAYF,EACxBC,IAAWT,KAAKE,QAAWL,EAAQW,IAASG,IAAWA,EACvDX,KAAKC,WAAaO,EAClBA,EAAO,CACb,CACA,CACE,OAAOC,CACT,EAGAX,EAAUM,UAAUQ,KAAO,SAASC,GAClC,IAAIC,EAAQD,EAAM,EACdE,GAAUF,EAAMC,GAAS,EAC7Bd,KAAKC,UAAYa,EACjBd,KAAKD,OAAOa,KAAKG,GACjBf,KAAKG,SAAU,CACjB,EAGAL,EAAUM,UAAUY,GAAK,WACvB,IAA6BC,EAAzBC,EAAM,IAAIC,WAAW,GACzB,IAAKF,EAAI,EAAGA,EAAIC,EAAIE,OAAQH,IAC1BC,EAAID,GAAKjB,KAAKO,KAAK,GAErB,OAGF,SAAkBW,GAChB,OAAOG,MAAMjB,UAAUkB,IAAIC,KAAKL,GAAKM,IAAM,KAAOA,EAAEC,SAAS,KAAKC,OAAO,KAAIC,KAAK,GACpF,CALSC,CAASV,EAClB,EAMA,IAAAW,EAAiB/B,EC3FbgC,EAAS,WACb,EAIAA,EAAO1B,UAAUE,SAAW,WAC1B,MAAUyB,MAAM,6CAClB,EAGAD,EAAO1B,UAAUG,KAAO,SAASyB,EAAQC,EAAWb,GAElD,IADA,IAAIc,EAAY,EACTA,EAAYd,GAAQ,CACzB,IAAIe,EAAInC,KAAKM,WACb,GAAI6B,EAAI,EACN,OAAoB,IAAZD,GAAkB,EAAIA,EAEhCF,EAAOC,KAAeE,EACtBD,GACJ,CACE,OAAOA,CACT,EACAJ,EAAO1B,UAAUQ,KAAO,SAASwB,GAC/B,MAAUL,MAAM,yCAClB,EAGAD,EAAO1B,UAAUiC,UAAY,SAASC,GACpC,MAAUP,MAAM,6CAClB,EACAD,EAAO1B,UAAUmC,MAAQ,SAASP,EAAQC,EAAWb,GACnD,IAAIH,EACJ,IAAKA,EAAE,EAAGA,EAAEG,EAAQH,IAClBjB,KAAKqC,UAAUL,EAAOC,MAExB,OAAOb,CACT,EACAU,EAAO1B,UAAUoC,MAAQ,WACzB,EAEA,ICNMC,EDMN1C,EAAiB+B,ECXjBY,GAKMD,EAAc,IAAIE,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIC,EAAM,WAKV5C,KAAK6C,OAAS,WACZ,OAASD,IAAS,CACnB,EAMD5C,KAAK8C,UAAY,SAASC,GACxBH,EAAOA,GAAO,EAAKH,EAAqC,KAAvBG,IAAQ,GAAMG,GAChD,EAOD/C,KAAKgD,aAAe,SAASD,EAAOE,GAClC,KAAOA,KAAU,GACfL,EAAOA,GAAO,EAAKH,EAAqC,KAAvBG,IAAQ,GAAMG,GAElD,CACF,GCrECjD,EAAYoD,EACZpB,EAASqB,EACTC,EAAQC,EAaRC,EAAM,SAASC,EAAOC,GACxB,IAAwBvC,EAApBwC,EAAMF,EAAMC,GAChB,IAAKvC,EAAIuC,EAAOvC,EAAI,EAAGA,IACrBsC,EAAMtC,GAAKsC,EAAMtC,EAAE,GAGrB,OADAsC,EAAM,GAAKE,EACJA,CACT,EAEIC,EAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,EAAgB,CAAE,EACtBA,EAAcV,EAAIE,YAAyB,oBAC3CQ,EAAcV,EAAIG,eAAyB,gBAC3CO,EAAcV,EAAII,sBAAyB,uBAC3CM,EAAcV,EAAIK,uBAAyB,wBAC3CK,EAAcV,EAAIM,YAAyB,aAC3CI,EAAcV,EAAIO,eAAyB,gBAC3CG,EAAcV,EAAIQ,gBAAkB,kDAEpC,IAAIG,EAAS,SAASC,EAAQC,GAC5B,IAAIC,EAAMJ,EAAcE,IAAW,gBAC/BC,IAAaC,GAAO,KAAKD,GAC7B,IAAIE,EAAI,IAAIC,UAAUF,GAEtB,MADAC,EAAEE,UAAYL,EACRG,CACR,EAEIG,EAAS,SAASC,EAAaC,GACjC9E,KAAK+E,SAAW/E,KAAKgF,aAAehF,KAAKiF,WAAa,EAEtDjF,KAAKkF,cAAcL,EAAaC,EAClC,EACAF,EAAOxE,UAAU+E,YAAc,WAE7B,OADiBnF,KAAKoF,mBAKtBpF,KAAKqF,SAAW,IAAIjC,GACb,IAJLpD,KAAKiF,YAAc,GACZ,EAIX,EAEAL,EAAOxE,UAAU8E,cAAgB,SAASL,EAAaC,GAErD,IAAI5D,EAAM,IAAIC,WAAW,GACW,IAAhC0D,EAAYtE,KAAKW,EAAK,EAAG,IACuB,QAAhDoE,OAAOC,aAAarE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CmD,EAAOX,EAAIG,cAAe,aAE5B,IAAI2B,EAAQtE,EAAI,GAAK,IACjBsE,EAAQ,GAAKA,EAAQ,IACvBnB,EAAOX,EAAIG,cAAe,sBAE5B7D,KAAKyF,OAAS,IAAI3F,EAAU+E,GAI5B7E,KAAK0F,SAAW,IAASF,EACzBxF,KAAK2F,WAAa,EAClB3F,KAAK8E,aAAeA,EACpB9E,KAAK4F,UAAY,CACnB,EACAhB,EAAOxE,UAAUgF,gBAAkB,WACjC,IAAInE,EAAG4E,EAAGC,EACNL,EAASzF,KAAKyF,OAIdM,EAAIN,EAAOzE,KACf,GAjFW,iBAiFP+E,EACF,OAAO,EAnFG,iBAqFRA,GACF1B,EAAOX,EAAIG,eACb7D,KAAKgG,eAAiBP,EAAOlF,KAAK,MAAQ,EAC1CP,KAAK4F,WAAa5F,KAAKgG,gBACHhG,KAAK4F,WAAa,EAAM5F,KAAK4F,YAAY,OAAU,EAInEH,EAAOlF,KAAK,IACd8D,EAAOX,EAAIQ,gBACb,IAAI+B,EAAcR,EAAOlF,KAAK,IAC1B0F,EAAcjG,KAAK0F,UACrBrB,EAAOX,EAAIM,WAAY,kCAMzB,IAAIkC,EAAIT,EAAOlF,KAAK,IAChB4F,EAAY,IAAIhF,WAAW,KAAMiF,EAAW,EAChD,IAAKnF,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIiF,EAAK,GAAM,GAAMjF,EAAK,CACxB,IAAIoF,EAAQ,GAAJpF,EAER,IADA6E,EAAIL,EAAOlF,KAAK,IACXsF,EAAI,EAAGA,EAAI,GAAIA,IACdC,EAAK,GAAM,GAAMD,IACnBM,EAAUC,KAAcC,EAAIR,EACtC,CAIE,IAAIS,EAAab,EAAOlF,KAAK,IACzB+F,EAzHW,GAyHgBA,EAxHhB,IAyHbjC,EAAOX,EAAIM,YAKb,IAAIuC,EAAad,EAAOlF,KAAK,IACV,IAAfgG,GACFlC,EAAOX,EAAIM,YAEb,IAAIwC,EAAY,IAAIrF,WAAW,KAC/B,IAAKF,EAAI,EAAGA,EAAIqF,EAAYrF,IAC1BuF,EAAUvF,GAAKA,EAEjB,IAAIwF,EAAY,IAAItF,WAAWoF,GAE/B,IAAKtF,EAAI,EAAGA,EAAIsF,EAAYtF,IAAK,CAE/B,IAAK4E,EAAI,EAAGJ,EAAOlF,KAAK,GAAIsF,IACtBA,GAAKS,GAAYjC,EAAOX,EAAIM,YAElCyC,EAAUxF,GAAKqC,EAAIkD,EAAWX,EAClC,CAIE,IACiBa,EADbC,EAAWP,EAAW,EACtBQ,EAAS,GACb,IAAKf,EAAI,EAAGA,EAAIS,EAAYT,IAAK,CAC/B,IAqBIgB,EAASC,EArBT1F,EAAS,IAAID,WAAWwF,GAAWI,EAAO,IAAIC,YAAYC,IAK9D,IADAf,EAAIT,EAAOlF,KAAK,GACXU,EAAI,EAAGA,EAAI0F,EAAU1F,IAAK,CAC7B,MACMiF,EAAI,GAAKA,EAjKE,KAiKoB7B,EAAOX,EAAIM,YAG1CyB,EAAOlF,KAAK,IAEZkF,EAAOlF,KAAK,GAGd2F,IAFAA,IAIJ9E,EAAOH,GAAKiF,CAClB,CAKI,IADAW,EAASC,EAAS1F,EAAO,GACpBH,EAAI,EAAGA,EAAI0F,EAAU1F,IACpBG,EAAOH,GAAK6F,EACdA,EAAS1F,EAAOH,GACTG,EAAOH,GAAK4F,IACnBA,EAASzF,EAAOH,IAapByF,EAAW,CAAE,EACbE,EAAOM,KAAKR,GACZA,EAASS,QAAU,IAAIH,YAnMT,KAoMdN,EAASU,MAAQ,IAAIzE,YAAYsE,IACjCP,EAASW,KAAO,IAAI1E,YAAYsE,IAChCP,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIQ,EAAK,EACT,IAAKrG,EAAI4F,EAAQ5F,GAAK6F,EAAQ7F,IAE5B,IADA8F,EAAK9F,GAAKyF,EAASU,MAAMnG,GAAK,EACzBiF,EAAI,EAAGA,EAAIS,EAAUT,IACpB9E,EAAO8E,KAAOjF,IAChByF,EAASS,QAAQG,KAAQpB,GAG/B,IAAKjF,EAAI,EAAGA,EAAI0F,EAAU1F,IACxB8F,EAAK3F,EAAOH,MAMd,IADAqG,EAAKpB,EAAI,EACJjF,EAAI4F,EAAQ5F,EAAI6F,EAAQ7F,IAC3BqG,GAAMP,EAAK9F,GAOXyF,EAASU,MAAMnG,GAAKqG,EAAK,EACzBA,IAAO,EACPpB,GAAKa,EAAK9F,GACVyF,EAASW,KAAKpG,EAAI,GAAKqG,EAAKpB,EAE9BQ,EAASU,MAAMN,EAAS,GAAKS,OAAOC,UACpCd,EAASU,MAAMN,GAAUQ,EAAKP,EAAKD,GAAU,EAC7CJ,EAASW,KAAKR,GAAU,CAC5B,CAME,IAAIY,EAAY,IAAI9E,YAAY,KAChC,IAAK1B,EAAI,EAAGA,EAAI,IAAKA,IACnBuF,EAAUvF,GAAKA,EAEjB,IAA6CyG,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAO9H,KAAK8H,KAAO,IAAInF,YAAY3C,KAAK0F,UAE5C,IADAiB,EAAW,IACF,CAUP,IARMA,MACJA,EAAWoB,GACPF,GAAYtB,GAAclC,EAAOX,EAAIM,YACzC0C,EAAWE,EAAOH,EAAUoB,OAG9B5G,EAAIyF,EAASG,OACbhB,EAAIJ,EAAOlF,KAAKU,GAEVA,EAAIyF,EAASI,QAAUzC,EAAOX,EAAIM,cAClC6B,GAAKa,EAASU,MAAMnG,IAFnBA,IAIL4E,EAAKA,GAAK,EAAKJ,EAAOlF,KAAK,KAG7BsF,GAAKa,EAASW,KAAKpG,IACX,GAAK4E,GAvQC,MAuQmBxB,EAAOX,EAAIM,YAC5C,IAAIgE,EAAUtB,EAASS,QAAQtB,GAK/B,GA5Qc,IA4QVmC,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY1B,EAAIlG,KAAK0F,UAAYrB,EAAOX,EAAIM,YAEhDyD,EADAC,EAAKvB,EAAUK,EAAU,MACRN,EACVA,KACL4B,EAAKF,KAAeF,EAGxB,GAAIM,EAAU5B,EACZ,MAQEwB,GAAa5H,KAAK0F,UAAYrB,EAAOX,EAAIM,YAK7CyD,EAFAC,EAAKvB,EADLuB,EAAKpE,EAAIkD,EADTvF,EAAI+G,EAAU,OAKdF,EAAKF,KAAeF,CA7BxB,MAjBWC,IACHA,EAAS,EACTzB,EAAI,GAUJA,GA1RU,IAyRR8B,EACGL,EAEA,EAAIA,EACXA,IAAW,CAgCjB,CAUE,KAHI1B,EAAc,GAAKA,GAAe2B,IAAavD,EAAOX,EAAIM,YAE9D6B,EAAI,EACC5E,EAAI,EAAGA,EAAI,IAAKA,IACnB6E,EAAID,EAAI4B,EAAUxG,GAClBwG,EAAUxG,GAAK4E,EACfA,EAAIC,EAGN,IAAK7E,EAAI,EAAGA,EAAI2G,EAAW3G,IAEzB6G,EAAKL,EADLC,EAAe,IAAVI,EAAK7G,MACcA,GAAK,EAC7BwG,EAAUC,KAKZ,IAAI7G,EAAM,EAAGoH,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBpH,EAAMiH,EAAK7B,IAEXpF,IAAQ,EACRqH,GAAO,GAETlI,KAAK+E,SAAWlE,EAChBb,KAAKgF,aAAeiD,EACpBjI,KAAKiF,WAAa2C,EAClB5H,KAAKmI,SAAWD,GAET,CACT,EAOAtD,EAAOxE,UAAUgI,aAAe,SAASC,EAAcC,GACnD,IAAIC,EAAQC,EAAUC,EAKxB,GAAIzI,KAAKiF,WAAa,EAAK,OAAO,EAGlC,IAAI6C,EAAO9H,KAAK8H,KAAMjH,EAAMb,KAAK+E,SAAUkD,EAAUjI,KAAKgF,aACtD4C,EAAY5H,KAAKiF,WAAyBjF,KAAK0I,WAGnD,IAFA,IAAIR,EAAMlI,KAAKmI,SAERP,GAAW,CAehB,IAdAA,IACAY,EAAWP,EAEXA,EAAgB,KADhBpH,EAAMiH,EAAKjH,IAEXA,IAAQ,EACM,GAAVqH,KACFK,EAASN,EACTQ,EAAUD,EACVP,GAAW,IAEXM,EAAS,EACTE,EAAUR,GAEZjI,KAAKqF,SAASrC,aAAayF,EAASF,GAC7BA,KACLvI,KAAK8E,aAAazC,UAAUoG,GAC5BzI,KAAK2F,aAEHsC,GAAWO,IACbN,EAAM,EACZ,CAQE,OAPAlI,KAAKiF,WAAa2C,EAEd5H,KAAKqF,SAASxC,WAAa7C,KAAKgG,gBAClC3B,EAAOX,EAAIM,WAAY,sBACRhE,KAAKqF,SAASxC,SAASpB,SAAS,IACxC,aAAazB,KAAKgG,eAAevE,SAAS,IAAI,KAEhDzB,KAAK2F,UACd,EAEA,IAAIgD,EAAoB,SAASC,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAI/D,EAAc,IAAI/C,EAKtB,OAJA+C,EAAYhE,IAAM,EAClBgE,EAAYvE,SAAW,WAAa,OAAOsI,EAAM5I,KAAKa,MAAS,EAC/DgE,EAAYjE,KAAO,SAASC,GAAOb,KAAKa,IAAMA,CAAM,EACpDgE,EAAYgE,IAAM,WAAa,OAAO7I,KAAKa,KAAO+H,EAAMxH,MAAS,EAC1DyD,CACT,EACIiE,EAAqB,SAASC,GAChC,IAAIjE,EAAe,IAAIhD,EACnBkH,GAAW,EACf,GAAID,EACF,GAAqB,iBAAV,EACTjE,EAAa9C,OAAS,IAAIb,WAAW4H,GACrCC,GAAW,MACN,IAAI,cAAeD,EACxB,OAAOA,EAEPjE,EAAa9C,OAAS+G,EACtBC,GAAW,CACjB,MAEIlE,EAAa9C,OAAS,IAAIb,WAAW,OAuBvC,OArBA2D,EAAajE,IAAM,EACnBiE,EAAazC,UAAY,SAASC,GAChC,GAAI0G,GAAYhJ,KAAKa,KAAOb,KAAKgC,OAAOZ,OAAQ,CAC9C,IAAI6H,EAAY,IAAI9H,WAA8B,EAAnBnB,KAAKgC,OAAOZ,QAC3C6H,EAAUC,IAAIlJ,KAAKgC,QACnBhC,KAAKgC,OAASiH,CACpB,CACIjJ,KAAKgC,OAAOhC,KAAKa,OAASyB,CAC3B,EACDwC,EAAaqE,UAAY,WAEvB,GAAInJ,KAAKa,MAAQb,KAAKgC,OAAOZ,OAAQ,CACnC,IAAK4H,EACH,MAAM,IAAItE,UAAU,2CACtB,IAAIuE,EAAY,IAAI9H,WAAWnB,KAAKa,KACpCoI,EAAUC,IAAIlJ,KAAKgC,OAAOoH,SAAS,EAAGpJ,KAAKa,MAC3Cb,KAAKgC,OAASiH,CACpB,CACI,OAAOjJ,KAAKgC,MACb,EACD8C,EAAauE,UAAW,EACjBvE,CACT,EAqGA,uCAAiB,CACfF,SACA9C,SACA4B,MACA4F,OApGa,SAASV,EAAOG,EAAQQ,GAMrC,IAJA,IAAI1E,EAAc8D,EAAkBC,GAChC9D,EAAegE,EAAmBC,GAElCS,EAAK,IAAI5E,EAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgE,OACxC,GAAIW,EAAGrE,cACLqE,EAAGpB,mBACE,CACL,IAAIqB,EAAkBD,EAAG/D,OAAOlF,KAAK,MAAQ,EAM7C,GALIkJ,IAAoBD,EAAG5D,WACzBvB,EAAOX,EAAIM,WAAY,uBACRwF,EAAG5D,UAAUnE,SAAS,IAC9B,aAAagI,EAAgBhI,SAAS,IAAI,MAE/C8H,KACA,QAAS1E,IACRA,EAAYgE,MAGV,MADLW,EAAGtE,cAAcL,EAAaC,EAEtC,CAEE,GAAI,cAAeA,EACjB,OAAOA,EAAaqE,WACxB,EA0EEO,YAzEkB,SAASd,EAAO/H,EAAKkI,GAEvC,IAAIlE,EAAc8D,EAAkBC,GAChC9D,EAAegE,EAAmBC,GAClCS,EAAK,IAAI5E,EAAOC,EAAaC,GAejC,GAdA0E,EAAG/D,OAAO7E,KAAKC,GAEE2I,EAAGpE,oBAGlBoE,EAAGnE,SAAW,IAAIjC,EAGlBoG,EAAGG,YAAc,EAGjBH,EAAGpB,gBAGD,cAAetD,EACjB,OAAOA,EAAaqE,WACxB,EAqDES,MAhDY,SAAShB,EAAOiB,EAAUN,GAEtC,IAAI1E,EAAc,IAAI/C,EACtB+C,EAAYiF,SAAWnB,EAAkBC,GACzC/D,EAAYhE,IAAM,EAClBgE,EAAYvE,SAAW,WAErB,OADAN,KAAKa,MACEb,KAAK8J,SAASxJ,UACtB,EACGuE,EAAYiF,SAASjB,MACvBhE,EAAYgE,IAAMhE,EAAYiF,SAASjB,IAAIkB,KAAKlF,EAAYiF,WAE9D,IAAIhF,EAAe,IAAIhD,EACvBgD,EAAajE,IAAM,EACnBiE,EAAazC,UAAY,WAAarC,KAAKa,KAAQ,EAInD,IAFA,IAAI2I,EAAK,IAAI5E,EAAOC,EAAaC,GAC7BkF,EAAYR,EAAG9D,WAEb,QAASb,KAAeA,EAAYgE,OAD7B,CAGX,IAAIoB,EAA2B,EAAhBpF,EAAYhE,IAAQ2I,EAAG/D,OAAOxF,UAG7C,GAFIuJ,EAAG/D,OAAOtF,UAAW8J,GAAY,GAEjCT,EAAGrE,cAAe,CACpB,IAAI+E,EAAQpF,EAAajE,IACzB2I,EAAGpB,eACHyB,EAASI,EAAUnF,EAAajE,IAAMqJ,EAC5C,KAAW,CAEL,GADUV,EAAG/D,OAAOlF,KAAK,KACrBgJ,KACA,QAAS1E,IACRA,EAAYgE,MAKV,MAHLW,EAAGtE,cAAcL,EAAaC,GAC9BqF,QAAQC,OAAOZ,EAAG9D,WAAasE,EAChB,sDAEvB,CACA,CACA","x_google_ignoreList":[0,1,2,3]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/seek-bzip.mjs b/app/node_modules/openpgp/dist/lightweight/seek-bzip.mjs new file mode 100644 index 000000000..54090aba5 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/seek-bzip.mjs @@ -0,0 +1,866 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +function _mergeNamespaces(n, m) { + m.forEach(function (e) { + e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) { + if (k !== 'default' && !(k in n)) { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + }); + return Object.freeze(n); +} + +/* +node-bzip - a pure-javascript Node.JS module for decoding bzip2 data + +Copyright (C) 2012 Eli Skeggs + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html + +Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). + +Based on micro-bunzip by Rob Landley (rob@landley.net). + +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ + +var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; + +// offset in bytes +var BitReader$1 = function(stream) { + this.stream = stream; + this.bitOffset = 0; + this.curByte = 0; + this.hasByte = false; +}; + +BitReader$1.prototype._ensureByte = function() { + if (!this.hasByte) { + this.curByte = this.stream.readByte(); + this.hasByte = true; + } +}; + +// reads bits from the buffer +BitReader$1.prototype.read = function(bits) { + var result = 0; + while (bits > 0) { + this._ensureByte(); + var remaining = 8 - this.bitOffset; + // if we're in a byte + if (bits >= remaining) { + result <<= remaining; + result |= BITMASK[remaining] & this.curByte; + this.hasByte = false; + this.bitOffset = 0; + bits -= remaining; + } else { + result <<= bits; + var shift = remaining - bits; + result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; + this.bitOffset += bits; + bits = 0; + } + } + return result; +}; + +// seek to an arbitrary point in the buffer (expressed in bits) +BitReader$1.prototype.seek = function(pos) { + var n_bit = pos % 8; + var n_byte = (pos - n_bit) / 8; + this.bitOffset = n_bit; + this.stream.seek(n_byte); + this.hasByte = false; +}; + +// reads 6 bytes worth of data using the read method +BitReader$1.prototype.pi = function() { + var buf = new Uint8Array(6), i; + for (i = 0; i < buf.length; i++) { + buf[i] = this.read(8); + } + return bufToHex(buf); +}; + +function bufToHex(buf) { + return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); +} + +var bitreader = BitReader$1; + +/* very simple input/output stream interface */ + +var Stream$1 = function() { +}; + +// input streams ////////////// +/** Returns the next byte, or -1 for EOF. */ +Stream$1.prototype.readByte = function() { + throw new Error("abstract method readByte() not implemented"); +}; +/** Attempts to fill the buffer; returns number of bytes read, or + * -1 for EOF. */ +Stream$1.prototype.read = function(buffer, bufOffset, length) { + var bytesRead = 0; + while (bytesRead < length) { + var c = this.readByte(); + if (c < 0) { // EOF + return (bytesRead===0) ? -1 : bytesRead; + } + buffer[bufOffset++] = c; + bytesRead++; + } + return bytesRead; +}; +Stream$1.prototype.seek = function(new_pos) { + throw new Error("abstract method seek() not implemented"); +}; + +// output streams /////////// +Stream$1.prototype.writeByte = function(_byte) { + throw new Error("abstract method readByte() not implemented"); +}; +Stream$1.prototype.write = function(buffer, bufOffset, length) { + var i; + for (i=0; i>> 0; // return an unsigned value + }; + + /** + * Update the CRC with a single byte + * @param value The value to update the CRC with + */ + this.updateCRC = function(value) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + }; + + /** + * Update the CRC with a sequence of identical bytes + * @param value The value to update the CRC with + * @param count The number of bytes + */ + this.updateCRCRun = function(value, count) { + while (count-- > 0) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + } + }; + }; + return CRC32; +})(); + +/* +seek-bzip - a pure-javascript module for seeking within bzip2 data + +Copyright (C) 2013 C. Scott Ananian +Copyright (C) 2012 Eli Skeggs +Copyright (C) 2011 Kevin Kwok + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html + +Adapted from node-bzip, copyright 2012 Eli Skeggs. +Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). + +Based on micro-bunzip by Rob Landley (rob@landley.net). + +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ + +var BitReader = bitreader; +var Stream = stream; +var CRC32 = crc32; + +var MAX_HUFCODE_BITS = 20; +var MAX_SYMBOLS = 258; +var SYMBOL_RUNA = 0; +var SYMBOL_RUNB = 1; +var MIN_GROUPS = 2; +var MAX_GROUPS = 6; +var GROUP_SIZE = 50; + +var WHOLEPI = "314159265359"; +var SQRTPI = "177245385090"; + +var mtf = function(array, index) { + var src = array[index], i; + for (i = index; i > 0; i--) { + array[i] = array[i-1]; + } + array[0] = src; + return src; +}; + +var Err = { + OK: 0, + LAST_BLOCK: -1, + NOT_BZIP_DATA: -2, + UNEXPECTED_INPUT_EOF: -3, + UNEXPECTED_OUTPUT_EOF: -4, + DATA_ERROR: -5, + OUT_OF_MEMORY: -6, + OBSOLETE_INPUT: -7, + END_OF_BLOCK: -8 +}; +var ErrorMessages = {}; +ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; +ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; +ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; +ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; +ErrorMessages[Err.DATA_ERROR] = "Data error"; +ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; +ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; + +var _throw = function(status, optDetail) { + var msg = ErrorMessages[status] || 'unknown error'; + if (optDetail) { msg += ': '+optDetail; } + var e = new TypeError(msg); + e.errorCode = status; + throw e; +}; + +var Bunzip = function(inputStream, outputStream) { + this.writePos = this.writeCurrent = this.writeCount = 0; + + this._start_bunzip(inputStream, outputStream); +}; +Bunzip.prototype._init_block = function() { + var moreBlocks = this._get_next_block(); + if ( !moreBlocks ) { + this.writeCount = -1; + return false; /* no more blocks */ + } + this.blockCRC = new CRC32(); + return true; +}; +/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ +Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { + /* Ensure that file starts with "BZh['1'-'9']." */ + var buf = new Uint8Array(4); + if (inputStream.read(buf, 0, 4) !== 4 || + String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') + _throw(Err.NOT_BZIP_DATA, 'bad magic'); + + var level = buf[3] - 0x30; + if (level < 1 || level > 9) + _throw(Err.NOT_BZIP_DATA, 'level out of range'); + + this.reader = new BitReader(inputStream); + + /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of + uncompressed data. Allocate intermediate buffer for block. */ + this.dbufSize = 100000 * level; + this.nextoutput = 0; + this.outputStream = outputStream; + this.streamCRC = 0; +}; +Bunzip.prototype._get_next_block = function() { + var i, j, k; + var reader = this.reader; + // this is get_next_block() function from micro-bunzip: + /* Read in header signature and CRC, then validate signature. + (last block signature means CRC is for whole file, return now) */ + var h = reader.pi(); + if (h === SQRTPI) { // last block + return false; /* no more blocks */ + } + if (h !== WHOLEPI) + _throw(Err.NOT_BZIP_DATA); + this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) + this.streamCRC = (this.targetBlockCRC ^ + ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; + /* We can add support for blockRandomised if anybody complains. There was + some code for this in busybox 1.0.0-pre3, but nobody ever noticed that + it didn't actually work. */ + if (reader.read(1)) + _throw(Err.OBSOLETE_INPUT); + var origPointer = reader.read(24); + if (origPointer > this.dbufSize) + _throw(Err.DATA_ERROR, 'initial position out of bounds'); + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer + symbols to deal with, and writes a sparse bitfield indicating which + values were present. We make a translation table to convert the symbols + back to the corresponding bytes. */ + var t = reader.read(16); + var symToByte = new Uint8Array(256), symTotal = 0; + for (i = 0; i < 16; i++) { + if (t & (1 << (0xF - i))) { + var o = i * 16; + k = reader.read(16); + for (j = 0; j < 16; j++) + if (k & (1 << (0xF - j))) + symToByte[symTotal++] = o + j; + } + } + + /* How many different huffman coding groups does this block use? */ + var groupCount = reader.read(3); + if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) + _throw(Err.DATA_ERROR); + /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding + group. Read in the group selector list, which is stored as MTF encoded + bit runs. (MTF=Move To Front, as each value is used it's moved to the + start of the list.) */ + var nSelectors = reader.read(15); + if (nSelectors === 0) + _throw(Err.DATA_ERROR); + + var mtfSymbol = new Uint8Array(256); + for (i = 0; i < groupCount; i++) + mtfSymbol[i] = i; + + var selectors = new Uint8Array(nSelectors); // was 32768... + + for (i = 0; i < nSelectors; i++) { + /* Get next value */ + for (j = 0; reader.read(1); j++) + if (j >= groupCount) _throw(Err.DATA_ERROR); + /* Decode MTF to get the next selector */ + selectors[i] = mtf(mtfSymbol, j); + } + + /* Read the huffman coding tables for each group, which code for symTotal + literal symbols, plus two run symbols (RUNA, RUNB) */ + var symCount = symTotal + 2; + var groups = [], hufGroup; + for (j = 0; j < groupCount; j++) { + var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); + /* Read huffman code lengths for each symbol. They're stored in + a way similar to mtf; record a starting value for the first symbol, + and an offset from the previous value for everys symbol after that. */ + t = reader.read(5); // lengths + for (i = 0; i < symCount; i++) { + for (;;) { + if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); + /* If first bit is 0, stop. Else second bit indicates whether + to increment or decrement the value. */ + if(!reader.read(1)) + break; + if(!reader.read(1)) + t++; + else + t--; + } + length[i] = t; + } + + /* Find largest and smallest lengths in this group */ + var minLen, maxLen; + minLen = maxLen = length[0]; + for (i = 1; i < symCount; i++) { + if (length[i] > maxLen) + maxLen = length[i]; + else if (length[i] < minLen) + minLen = length[i]; + } + + /* Calculate permute[], base[], and limit[] tables from length[]. + * + * permute[] is the lookup table for converting huffman coded symbols + * into decoded symbols. base[] is the amount to subtract from the + * value of a huffman symbol of a given length when using permute[]. + * + * limit[] indicates the largest numerical value a symbol with a given + * number of bits can have. This is how the huffman codes can vary in + * length: each code with a value>limit[length] needs another bit. + */ + hufGroup = {}; + groups.push(hufGroup); + hufGroup.permute = new Uint16Array(MAX_SYMBOLS); + hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); + hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); + hufGroup.minLen = minLen; + hufGroup.maxLen = maxLen; + /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ + var pp = 0; + for (i = minLen; i <= maxLen; i++) { + temp[i] = hufGroup.limit[i] = 0; + for (t = 0; t < symCount; t++) + if (length[t] === i) + hufGroup.permute[pp++] = t; + } + /* Count symbols coded for at each bit length */ + for (i = 0; i < symCount; i++) + temp[length[i]]++; + /* Calculate limit[] (the largest symbol-coding value at each bit + * length, which is (previous limit<<1)+symbols at this level), and + * base[] (number of symbols to ignore at each bit length, which is + * limit minus the cumulative count of symbols coded for already). */ + pp = t = 0; + for (i = minLen; i < maxLen; i++) { + pp += temp[i]; + /* We read the largest possible symbol size and then unget bits + after determining how many we need, and those extra bits could + be set to anything. (They're noise from future symbols.) At + each level we're really only interested in the first few bits, + so here we set all the trailing to-be-ignored bits to 1 so they + don't affect the value>limit[length] comparison. */ + hufGroup.limit[i] = pp - 1; + pp <<= 1; + t += temp[i]; + hufGroup.base[i + 1] = pp - t; + } + hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ + hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; + hufGroup.base[minLen] = 0; + } + /* We've finished reading and digesting the block header. Now read this + block's huffman coded symbols from the file and undo the huffman coding + and run length encoding, saving the result into dbuf[dbufCount++]=uc */ + + /* Initialize symbol occurrence counters and symbol Move To Front table */ + var byteCount = new Uint32Array(256); + for (i = 0; i < 256; i++) + mtfSymbol[i] = i; + /* Loop through compressed symbols. */ + var runPos = 0, dbufCount = 0, selector = 0, uc; + var dbuf = this.dbuf = new Uint32Array(this.dbufSize); + symCount = 0; + for (;;) { + /* Determine which huffman coding group to use. */ + if (!(symCount--)) { + symCount = GROUP_SIZE - 1; + if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } + hufGroup = groups[selectors[selector++]]; + } + /* Read next huffman-coded symbol. */ + i = hufGroup.minLen; + j = reader.read(i); + for (;;i++) { + if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } + if (j <= hufGroup.limit[i]) + break; + j = (j << 1) | reader.read(1); + } + /* Huffman decode value to get nextSym (with bounds checking) */ + j -= hufGroup.base[i]; + if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } + var nextSym = hufGroup.permute[j]; + /* We have now decoded the symbol, which indicates either a new literal + byte, or a repeated run of the most recent literal byte. First, + check if nextSym indicates a repeated run, and if so loop collecting + how many times to repeat the last literal. */ + if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { + /* If this is the start of a new run, zero out counter */ + if (!runPos){ + runPos = 1; + t = 0; + } + /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at + each bit position, add 1 or 2 instead. For example, + 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. + You can make any bit pattern that way using 1 less symbol than + the basic or 0/1 method (except all bits 0, which would use no + symbols, but a run of length 0 doesn't mean anything in this + context). Thus space is saved. */ + if (nextSym === SYMBOL_RUNA) + t += runPos; + else + t += 2 * runPos; + runPos <<= 1; + continue; + } + /* When we hit the first non-run symbol after a run, we now know + how many times to repeat the last literal, so append that many + copies to our buffer of decoded symbols (dbuf) now. (The last + literal used is the one at the head of the mtfSymbol array.) */ + if (runPos){ + runPos = 0; + if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } + uc = symToByte[mtfSymbol[0]]; + byteCount[uc] += t; + while (t--) + dbuf[dbufCount++] = uc; + } + /* Is this the terminating symbol? */ + if (nextSym > symTotal) + break; + /* At this point, nextSym indicates a new literal character. Subtract + one to get the position in the MTF array at which this literal is + currently to be found. (Note that the result can't be -1 or 0, + because 0 and 1 are RUNA and RUNB. But another instance of the + first symbol in the mtf array, position 0, would have been handled + as part of a run above. Therefore 1 unused mtf position minus + 2 non-literal nextSym values equals -1.) */ + if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } + i = nextSym - 1; + uc = mtf(mtfSymbol, i); + uc = symToByte[uc]; + /* We have our literal byte. Save it into dbuf. */ + byteCount[uc]++; + dbuf[dbufCount++] = uc; + } + /* At this point, we've read all the huffman-coded symbols (and repeated + runs) for this block from the input stream, and decoded them into the + intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. + Now undo the Burrows-Wheeler transform on dbuf. + See http://dogma.net/markn/articles/bwt/bwt.htm + */ + if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } + /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ + j = 0; + for (i = 0; i < 256; i++) { + k = j + byteCount[i]; + byteCount[i] = j; + j = k; + } + /* Figure out what order dbuf would be in if we sorted it. */ + for (i = 0; i < dbufCount; i++) { + uc = dbuf[i] & 0xff; + dbuf[byteCount[uc]] |= (i << 8); + byteCount[uc]++; + } + /* Decode first byte by hand to initialize "previous" byte. Note that it + doesn't get output, and if the first three characters are identical + it doesn't qualify as a run (hence writeRunCountdown=5). */ + var pos = 0, current = 0, run = 0; + if (dbufCount) { + pos = dbuf[origPointer]; + current = (pos & 0xff); + pos >>= 8; + run = -1; + } + this.writePos = pos; + this.writeCurrent = current; + this.writeCount = dbufCount; + this.writeRun = run; + + return true; /* more blocks to come */ +}; +/* Undo burrows-wheeler transform on intermediate buffer to produce output. + If start_bunzip was initialized with out_fd=-1, then up to len bytes of + data are written to outbuf. Return value is number of bytes written or + error (all errors are negative numbers). If out_fd!=-1, outbuf and len + are ignored, data is written to out_fd and return is RETVAL_OK or error. +*/ +Bunzip.prototype._read_bunzip = function(outputBuffer, len) { + var copies, previous, outbyte; + /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully + decoded, which results in this returning RETVAL_LAST_BLOCK, also + equal to -1... Confusing, I'm returning 0 here to indicate no + bytes written into the buffer */ + if (this.writeCount < 0) { return 0; } + var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; + var dbufCount = this.writeCount; this.outputsize; + var run = this.writeRun; + + while (dbufCount) { + dbufCount--; + previous = current; + pos = dbuf[pos]; + current = pos & 0xff; + pos >>= 8; + if (run++ === 3){ + copies = current; + outbyte = previous; + current = -1; + } else { + copies = 1; + outbyte = current; + } + this.blockCRC.updateCRCRun(outbyte, copies); + while (copies--) { + this.outputStream.writeByte(outbyte); + this.nextoutput++; + } + if (current != previous) + run = 0; + } + this.writeCount = dbufCount; + // check CRC + if (this.blockCRC.getCRC() !== this.targetBlockCRC) { + _throw(Err.DATA_ERROR, "Bad block CRC "+ + "(got "+this.blockCRC.getCRC().toString(16)+ + " expected "+this.targetBlockCRC.toString(16)+")"); + } + return this.nextoutput; +}; + +var coerceInputStream = function(input) { + if ('readByte' in input) { return input; } + var inputStream = new Stream(); + inputStream.pos = 0; + inputStream.readByte = function() { return input[this.pos++]; }; + inputStream.seek = function(pos) { this.pos = pos; }; + inputStream.eof = function() { return this.pos >= input.length; }; + return inputStream; +}; +var coerceOutputStream = function(output) { + var outputStream = new Stream(); + var resizeOk = true; + if (output) { + if (typeof(output)==='number') { + outputStream.buffer = new Uint8Array(output); + resizeOk = false; + } else if ('writeByte' in output) { + return output; + } else { + outputStream.buffer = output; + resizeOk = false; + } + } else { + outputStream.buffer = new Uint8Array(16384); + } + outputStream.pos = 0; + outputStream.writeByte = function(_byte) { + if (resizeOk && this.pos >= this.buffer.length) { + var newBuffer = new Uint8Array(this.buffer.length*2); + newBuffer.set(this.buffer); + this.buffer = newBuffer; + } + this.buffer[this.pos++] = _byte; + }; + outputStream.getBuffer = function() { + // trim buffer + if (this.pos !== this.buffer.length) { + if (!resizeOk) + throw new TypeError('outputsize does not match decoded input'); + var newBuffer = new Uint8Array(this.pos); + newBuffer.set(this.buffer.subarray(0, this.pos)); + this.buffer = newBuffer; + } + return this.buffer; + }; + outputStream._coerced = true; + return outputStream; +}; + +/* Static helper functions */ +// 'input' can be a stream or a buffer +// 'output' can be a stream or a buffer or a number (buffer size) +const decode = function(input, output, multistream) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + + var bz = new Bunzip(inputStream, outputStream); + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + if (bz._init_block()) { + bz._read_bunzip(); + } else { + var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) + if (targetStreamCRC !== bz.streamCRC) { + _throw(Err.DATA_ERROR, "Bad stream CRC "+ + "(got "+bz.streamCRC.toString(16)+ + " expected "+targetStreamCRC.toString(16)+")"); + } + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + } else break; + } + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); +}; +const decodeBlock = function(input, pos, output) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + var bz = new Bunzip(inputStream, outputStream); + bz.reader.seek(pos); + /* Fill the decode buffer for the block */ + var moreBlocks = bz._get_next_block(); + if (moreBlocks) { + /* Init the CRC for writing */ + bz.blockCRC = new CRC32(); + + /* Zero this so the current byte from before the seek is not written */ + bz.writeCopies = 0; + + /* Decompress the block and write to stdout */ + bz._read_bunzip(); + // XXX keep writing? + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); +}; +/* Reads bzip2 file from stream or buffer `input`, and invoke + * `callback(position, size)` once for each bzip2 block, + * where position gives the starting position (in *bits*) + * and size gives uncompressed size of the block (in *bytes*). */ +const table = function(input, callback, multistream) { + // make a stream from a buffer, if necessary + var inputStream = new Stream(); + inputStream.delegate = coerceInputStream(input); + inputStream.pos = 0; + inputStream.readByte = function() { + this.pos++; + return this.delegate.readByte(); + }; + if (inputStream.delegate.eof) { + inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); + } + var outputStream = new Stream(); + outputStream.pos = 0; + outputStream.writeByte = function() { this.pos++; }; + + var bz = new Bunzip(inputStream, outputStream); + var blockSize = bz.dbufSize; + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + + var position = inputStream.pos*8 + bz.reader.bitOffset; + if (bz.reader.hasByte) { position -= 8; } + + if (bz._init_block()) { + var start = outputStream.pos; + bz._read_bunzip(); + callback(position, outputStream.pos - start); + } else { + bz.reader.read(32); // (but we ignore the crc) + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + console.assert(bz.dbufSize === blockSize, + "shouldn't change block size within multistream file"); + } else break; + } + } +}; + +var lib = { + Bunzip, + Stream, + Err, + decode, + decodeBlock, + table +}; + +var index = /*#__PURE__*/_mergeNamespaces({ + __proto__: null +}, [lib]); + +export { index as i }; diff --git a/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs b/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs new file mode 100644 index 000000000..ff9144568 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs @@ -0,0 +1,4 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const t="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function e(t){if(!Number.isSafeInteger(t)||t<0)throw Error("positive integer expected, not "+t)}function s(t,...e){if(!((s=t)instanceof Uint8Array||null!=s&&"object"==typeof s&&"Uint8Array"===s.constructor.name))throw Error("Uint8Array expected");var s;if(e.length>0&&!e.includes(t.length))throw Error(`Uint8Array expected of length ${e}, not of length=${t.length}`)}function i(t){if("function"!=typeof t||"function"!=typeof t.create)throw Error("Hash should be wrapped by utils.wrapConstructor");e(t.outputLen),e(t.blockLen)}function n(t,e=!0){if(t.destroyed)throw Error("Hash instance has been destroyed");if(e&&t.finished)throw Error("Hash#digest() has already been called")}function h(t,e){s(t);const i=e.outputLen;if(t.lengthnew DataView(t.buffer,t.byteOffset,t.byteLength),c=(t,e)=>t<<32-e|t>>>e,a=(t,e)=>t<>>32-e>>>0,f=68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]; +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function d(t){for(let s=0;s>>8&65280|e>>>24&255;var e}function l(t){if("string"!=typeof t)throw Error("utf8ToBytes expected string, got "+typeof t);return new Uint8Array((new TextEncoder).encode(t))}function u(t){return"string"==typeof t&&(t=l(t)),s(t),t}function b(...t){let e=0;for(let i=0;it().update(u(e)).digest(),s=t();return e.outputLen=s.outputLen,e.blockLen=s.blockLen,e.create=()=>t(),e}function g(t=32){if(r&&"function"==typeof r.getRandomValues)return r.getRandomValues(new Uint8Array(t));if(r&&"function"==typeof r.randomBytes)return r.randomBytes(t);throw Error("crypto.getRandomValues must be defined")}const y=(t,e,s)=>t&e^~t&s,L=(t,e,s)=>t&e^t&s^e&s;class w extends x{constructor(t,e,s,i){super(),this.blockLen=t,this.outputLen=e,this.padOffset=s,this.isLE=i,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(t),this.view=o(this.buffer)}update(t){n(this);const{view:e,buffer:s,blockLen:i}=this,h=(t=u(t)).length;for(let n=0;ni-c&&(this.process(s,0),c=0);for(let t=c;t>n&h),o=Number(s&h),c=i?4:0,a=i?0:4;t.setUint32(e+c,r,i),t.setUint32(e+a,o,i)}(s,i-8,BigInt(8*this.length),r),this.process(s,0);const a=o(t),f=this.outputLen;if(f%4)throw Error("_sha2: outputLen should be aligned to 32bit");const d=f/4,l=this.get();if(d>l.length)throw Error("_sha2: outputLen bigger than state");for(let t=0;t>>3,n=c(s,17)^c(s,19)^s>>>10;A[t]=n+A[t-7]+i+A[t-16]|0}let{A:s,B:i,C:n,D:h,E:r,F:o,G:a,H:f}=this;for(let t=0;t<64;t++){const e=f+(c(r,6)^c(r,11)^c(r,25))+y(r,o,a)+B[t]+A[t]|0,d=(c(s,2)^c(s,13)^c(s,22))+L(s,i,n)|0;f=a,a=o,o=r,r=h+e|0,h=n,n=i,i=s,s=e+d|0}s=s+this.A|0,i=i+this.B|0,n=n+this.C|0,h=h+this.D|0,r=r+this.E|0,o=o+this.F|0,a=a+this.G|0,f=f+this.H|0,this.set(s,i,n,h,r,o,a,f)}roundClean(){A.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}}class k extends E{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}const U=/* @__PURE__ */p((()=>new E)),I=/* @__PURE__ */p((()=>new k)),S=/* @__PURE__ */BigInt(2**32-1),C=/* @__PURE__ */BigInt(32);function F(t,e=!1){return e?{h:Number(t&S),l:Number(t>>C&S)}:{h:0|Number(t>>C&S),l:0|Number(t&S)}}function m(t,e=!1){let s=new Uint32Array(t.length),i=new Uint32Array(t.length);for(let n=0;nt<>>32-s,G=(t,e,s)=>e<>>32-s,O=(t,e,s)=>e<>>64-s,v=(t,e,s)=>t<>>64-s;const N={fromBig:F,split:m,toBig:(t,e)=>BigInt(t>>>0)<>>0),shrSH:(t,e,s)=>t>>>s,shrSL:(t,e,s)=>t<<32-s|e>>>s,rotrSH:(t,e,s)=>t>>>s|e<<32-s,rotrSL:(t,e,s)=>t<<32-s|e>>>s,rotrBH:(t,e,s)=>t<<64-s|e>>>s-32,rotrBL:(t,e,s)=>t>>>s-32|e<<64-s,rotr32H:(t,e)=>e,rotr32L:(t,e)=>t,rotlSH:D,rotlSL:G,rotlBH:O,rotlBL:v,add:function(t,e,s,i){const n=(e>>>0)+(i>>>0);return{h:t+s+(n/2**32|0)|0,l:0|n}},add3L:(t,e,s)=>(t>>>0)+(e>>>0)+(s>>>0),add3H:(t,e,s,i)=>e+s+i+(t/2**32|0)|0,add4L:(t,e,s,i)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0),add4H:(t,e,s,i,n)=>e+s+i+n+(t/2**32|0)|0,add5H:(t,e,s,i,n,h)=>e+s+i+n+h+(t/2**32|0)|0,add5L:(t,e,s,i,n)=>(t>>>0)+(e>>>0)+(s>>>0)+(i>>>0)+(n>>>0)},[M,X]=/* @__PURE__ */(()=>N.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((t=>BigInt(t)))))(),_=/* @__PURE__ */new Uint32Array(80),V=/* @__PURE__ */new Uint32Array(80);class j extends w{constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}get(){const{Ah:t,Al:e,Bh:s,Bl:i,Ch:n,Cl:h,Dh:r,Dl:o,Eh:c,El:a,Fh:f,Fl:d,Gh:l,Gl:u,Hh:b,Hl:x}=this;return[t,e,s,i,n,h,r,o,c,a,f,d,l,u,b,x]}set(t,e,s,i,n,h,r,o,c,a,f,d,l,u,b,x){this.Ah=0|t,this.Al=0|e,this.Bh=0|s,this.Bl=0|i,this.Ch=0|n,this.Cl=0|h,this.Dh=0|r,this.Dl=0|o,this.Eh=0|c,this.El=0|a,this.Fh=0|f,this.Fl=0|d,this.Gh=0|l,this.Gl=0|u,this.Hh=0|b,this.Hl=0|x}process(t,e){for(let s=0;s<16;s++,e+=4)_[s]=t.getUint32(e),V[s]=t.getUint32(e+=4);for(let t=16;t<80;t++){const e=0|_[t-15],s=0|V[t-15],i=N.rotrSH(e,s,1)^N.rotrSH(e,s,8)^N.shrSH(e,s,7),n=N.rotrSL(e,s,1)^N.rotrSL(e,s,8)^N.shrSL(e,s,7),h=0|_[t-2],r=0|V[t-2],o=N.rotrSH(h,r,19)^N.rotrBH(h,r,61)^N.shrSH(h,r,6),c=N.rotrSL(h,r,19)^N.rotrBL(h,r,61)^N.shrSL(h,r,6),a=N.add4L(n,c,V[t-7],V[t-16]),f=N.add4H(a,i,o,_[t-7],_[t-16]);_[t]=0|f,V[t]=0|a}let{Ah:s,Al:i,Bh:n,Bl:h,Ch:r,Cl:o,Dh:c,Dl:a,Eh:f,El:d,Fh:l,Fl:u,Gh:b,Gl:x,Hh:p,Hl:g}=this;for(let t=0;t<80;t++){const e=N.rotrSH(f,d,14)^N.rotrSH(f,d,18)^N.rotrBH(f,d,41),y=N.rotrSL(f,d,14)^N.rotrSL(f,d,18)^N.rotrBL(f,d,41),L=f&l^~f&b,w=d&u^~d&x,B=N.add5L(g,y,w,X[t],V[t]),H=N.add5H(B,p,e,L,M[t],_[t]),A=0|B,E=N.rotrSH(s,i,28)^N.rotrBH(s,i,34)^N.rotrBH(s,i,39),k=N.rotrSL(s,i,28)^N.rotrBL(s,i,34)^N.rotrBL(s,i,39),U=s&n^s&r^n&r,I=i&h^i&o^h&o;p=0|b,g=0|x,b=0|l,x=0|u,l=0|f,u=0|d,({h:f,l:d}=N.add(0|c,0|a,0|H,0|A)),c=0|r,a=0|o,r=0|n,o=0|h,n=0|s,h=0|i;const S=N.add3L(A,k,I);s=N.add3H(S,H,E,U),i=0|S}({h:s,l:i}=N.add(0|this.Ah,0|this.Al,0|s,0|i)),({h:n,l:h}=N.add(0|this.Bh,0|this.Bl,0|n,0|h)),({h:r,l:o}=N.add(0|this.Ch,0|this.Cl,0|r,0|o)),({h:c,l:a}=N.add(0|this.Dh,0|this.Dl,0|c,0|a)),({h:f,l:d}=N.add(0|this.Eh,0|this.El,0|f,0|d)),({h:l,l:u}=N.add(0|this.Fh,0|this.Fl,0|l,0|u)),({h:b,l:x}=N.add(0|this.Gh,0|this.Gl,0|b,0|x)),({h:p,l:g}=N.add(0|this.Hh,0|this.Hl,0|p,0|g)),this.set(s,i,n,h,r,o,c,a,f,d,l,u,b,x,p,g)}roundClean(){_.fill(0),V.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class R extends j{constructor(){super(),this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const T=/* @__PURE__ */p((()=>new j)),$=/* @__PURE__ */p((()=>new R)),q=[],z=[],J=[],K=/* @__PURE__ */BigInt(0),P=/* @__PURE__ */BigInt(1),Q=/* @__PURE__ */BigInt(2),W=/* @__PURE__ */BigInt(7),Y=/* @__PURE__ */BigInt(256),Z=/* @__PURE__ */BigInt(113);for(let t=0,e=P,s=1,i=0;t<24;t++){[s,i]=[i,(2*s+3*i)%5],q.push(2*(5*i+s)),z.push((t+1)*(t+2)/2%64);let n=K;for(let t=0;t<7;t++)e=(e<>W)*Z)%Y,e&Q&&(n^=P<<(P<s>32?O(t,e,s):D(t,e,s),it=(t,e,s)=>s>32?v(t,e,s):G(t,e,s);class nt extends x{constructor(t,s,i,n=!1,h=24){if(super(),this.blockLen=t,this.suffix=s,this.outputLen=i,this.enableXOF=n,this.rounds=h,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,e(i),0>=this.blockLen||this.blockLen>=200)throw Error("Sha3 supports only keccak-f1600 function");var r;this.state=new Uint8Array(200),this.state32=(r=this.state,new Uint32Array(r.buffer,r.byteOffset,Math.floor(r.byteLength/4)))}keccak(){f||d(this.state32),function(t,e=24){const s=new Uint32Array(10);for(let i=24-e;i<24;i++){for(let e=0;e<10;e++)s[e]=t[e]^t[e+10]^t[e+20]^t[e+30]^t[e+40];for(let e=0;e<10;e+=2){const i=(e+8)%10,n=(e+2)%10,h=s[n],r=s[n+1],o=st(h,r,1)^s[i],c=it(h,r,1)^s[i+1];for(let s=0;s<50;s+=10)t[e+s]^=o,t[e+s+1]^=c}let e=t[2],n=t[3];for(let s=0;s<24;s++){const i=z[s],h=st(e,n,i),r=it(e,n,i),o=q[s];e=t[o],n=t[o+1],t[o]=h,t[o+1]=r}for(let e=0;e<50;e+=10){for(let i=0;i<10;i++)s[i]=t[e+i];for(let i=0;i<10;i++)t[e+i]^=~s[(i+2)%10]&s[(i+4)%10]}t[0]^=tt[i],t[1]^=et[i]}s.fill(0)}(this.state32,this.rounds),f||d(this.state32),this.posOut=0,this.pos=0}update(t){n(this);const{blockLen:e,state:s}=this,i=(t=u(t)).length;for(let n=0;n=i&&this.keccak();const h=Math.min(i-this.posOut,n-s);t.set(e.subarray(this.posOut,this.posOut+h),s),this.posOut+=h,s+=h}return t}xofInto(t){if(!this.enableXOF)throw Error("XOF is not possible for this instance");return this.writeInto(t)}xof(t){return e(t),this.xofInto(new Uint8Array(t))}digestInto(t){if(h(t,this),this.finished)throw Error("digest() was already called");return this.writeInto(t),this.destroy(),t}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(t){const{blockLen:e,suffix:s,outputLen:i,rounds:n,enableXOF:h}=this;return t||(t=new nt(e,s,i,h,n)),t.state32.set(this.state32),t.pos=this.pos,t.posOut=this.posOut,t.finished=this.finished,t.rounds=n,t.suffix=s,t.outputLen=i,t.enableXOF=h,t.destroyed=this.destroyed,t}}const ht=(t,e,s)=>p((()=>new nt(e,t,s))),rt=/* @__PURE__ */ht(6,136,32),ot=/* @__PURE__ */ht(6,72,64),ct=/* @__PURE__ */((t,e,s)=>function(t){const e=(e,s)=>t(s).update(u(e)).digest(),s=t({});return e.outputLen=s.outputLen,e.blockLen=s.blockLen,e.create=e=>t(e),e}(((i={})=>new nt(e,t,void 0===i.dkLen?s:i.dkLen,!0))))(31,136,32);export{y as C,x as H,L as M,$ as a,s as b,b as c,T as d,n as e,ct as f,w as g,i as h,a as i,I as j,rt as k,ot as l,g as r,U as s,u as t,l as u,p as w}; +//# sourceMappingURL=sha3.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs.map new file mode 100644 index 000000000..710d0361c --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/sha3.min.mjs.map @@ -0,0 +1 @@ +{"version":3,"file":"sha3.min.mjs","sources":["../../node_modules/@noble/hashes/esm/_assert.js","../../node_modules/@noble/hashes/esm/crypto.js","../../node_modules/@noble/hashes/esm/utils.js","../../node_modules/@noble/hashes/esm/_md.js","../../node_modules/@noble/hashes/esm/sha256.js","../../node_modules/@noble/hashes/esm/_u64.js","../../node_modules/@noble/hashes/esm/sha512.js","../../node_modules/@noble/hashes/esm/sha3.js"],"sourcesContent":["function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\n// copied from utils\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(h) {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.wrapConstructor');\n number(h.outputLen);\n number(h.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","export const crypto = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n//# sourceMappingURL=crypto.js.map","/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0);\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// For runtime check if class implements interface\nexport class Hash {\n // Safe version that clones internal state\n clone() {\n return this._cloneInto();\n }\n}\nconst toStr = {}.toString;\nexport function checkOpts(defaults, opts) {\n if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n throw new Error('Options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\nexport function wrapConstructor(hashCons) {\n const hashC = (msg) => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\nexport function wrapConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\nexport function wrapXOFConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32) {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return crypto.randomBytes(bytesLength);\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n//# sourceMappingURL=utils.js.map","import { exists, output } from './_assert.js';\nimport { Hash, createView, toBytes } from './utils.js';\n/**\n * Polyfill for Safari 14\n */\nfunction setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/**\n * Choice: a ? b : c\n */\nexport const Chi = (a, b, c) => (a & b) ^ (~a & c);\n/**\n * Majority function, true if any two inputs is true\n */\nexport const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n */\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n exists(this);\n const { view, buffer, blockLen } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n exists(this);\n output(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n this.buffer.subarray(pos).fill(0);\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to || (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.length = length;\n to.pos = pos;\n to.finished = finished;\n to.destroyed = destroyed;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n}\n//# sourceMappingURL=_md.js.map","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotr, wrapConstructor } from './utils.js';\n// SHA2-256 need to try 2^128 hashes to execute birthday attack.\n// BTC network is doing 2^67 hashes/sec as per early 2023.\n// Round constants:\n// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ new Uint32Array([\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n// Initial state:\n// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19\n// prettier-ignore\nconst SHA256_IV = /* @__PURE__ */ new Uint32Array([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\nexport class SHA256 extends HashMD {\n constructor() {\n super(64, 32, 8, false);\n // We cannot use array here since array allows indexing by variable\n // which means optimizer/compiler cannot use registers.\n this.A = SHA256_IV[0] | 0;\n this.B = SHA256_IV[1] | 0;\n this.C = SHA256_IV[2] | 0;\n this.D = SHA256_IV[3] | 0;\n this.E = SHA256_IV[4] | 0;\n this.F = SHA256_IV[5] | 0;\n this.G = SHA256_IV[6] | 0;\n this.H = SHA256_IV[7] | 0;\n }\n get() {\n const { A, B, C, D, E, F, G, H } = this;\n return [A, B, C, D, E, F, G, H];\n }\n // prettier-ignore\n set(A, B, C, D, E, F, G, H) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n this.F = F | 0;\n this.G = G | 0;\n this.H = H | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4)\n SHA256_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 64; i++) {\n const W15 = SHA256_W[i - 15];\n const W2 = SHA256_W[i - 2];\n const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n }\n // Compression function main loop, 64 rounds\n let { A, B, C, D, E, F, G, H } = this;\n for (let i = 0; i < 64; i++) {\n const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n const T2 = (sigma0 + Maj(A, B, C)) | 0;\n H = G;\n G = F;\n F = E;\n E = (D + T1) | 0;\n D = C;\n C = B;\n B = A;\n A = (T1 + T2) | 0;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n F = (F + this.F) | 0;\n G = (G + this.G) | 0;\n H = (H + this.H) | 0;\n this.set(A, B, C, D, E, F, G, H);\n }\n roundClean() {\n SHA256_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\nclass SHA224 extends SHA256 {\n constructor() {\n super();\n this.A = 0xc1059ed8 | 0;\n this.B = 0x367cd507 | 0;\n this.C = 0x3070dd17 | 0;\n this.D = 0xf70e5939 | 0;\n this.E = 0xffc00b31 | 0;\n this.F = 0x68581511 | 0;\n this.G = 0x64f98fa7 | 0;\n this.H = 0xbefa4fa4 | 0;\n this.outputLen = 28;\n }\n}\n/**\n * SHA2-256 hash function\n * @param message - data that would be hashed\n */\nexport const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());\n/**\n * SHA2-224 hash function\n */\nexport const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224());\n//# sourceMappingURL=sha256.js.map","const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\n// We are not using BigUint64Array, because they are extremely slow as per 2022\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };\n}\nfunction split(lst, le = false) {\n let Ah = new Uint32Array(lst.length);\n let Al = new Uint32Array(lst.length);\n for (let i = 0; i < lst.length; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { fromBig, split, toBig, shrSH, shrSL, rotrSH, rotrSL, rotrBH, rotrBL, rotr32H, rotr32L, rotlSH, rotlSL, rotlBH, rotlBL, add, add3L, add3H, add4L, add4H, add5H, add5L, };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map","import { HashMD } from './_md.js';\nimport u64 from './_u64.js';\nimport { wrapConstructor } from './utils.js';\n// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):\n// prettier-ignore\nconst [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([\n '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\n// Temporary buffer, not used to store anything between runs\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA512 extends HashMD {\n constructor() {\n super(128, 64, 16, false);\n // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.\n // Also looks cleaner and easier to verify with spec.\n // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x6a09e667 | 0;\n this.Al = 0xf3bcc908 | 0;\n this.Bh = 0xbb67ae85 | 0;\n this.Bl = 0x84caa73b | 0;\n this.Ch = 0x3c6ef372 | 0;\n this.Cl = 0xfe94f82b | 0;\n this.Dh = 0xa54ff53a | 0;\n this.Dl = 0x5f1d36f1 | 0;\n this.Eh = 0x510e527f | 0;\n this.El = 0xade682d1 | 0;\n this.Fh = 0x9b05688c | 0;\n this.Fl = 0x2b3e6c1f | 0;\n this.Gh = 0x1f83d9ab | 0;\n this.Gl = 0xfb41bd6b | 0;\n this.Hh = 0x5be0cd19 | 0;\n this.Hl = 0x137e2179 | 0;\n }\n // prettier-ignore\n get() {\n const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n }\n // prettier-ignore\n set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {\n this.Ah = Ah | 0;\n this.Al = Al | 0;\n this.Bh = Bh | 0;\n this.Bl = Bl | 0;\n this.Ch = Ch | 0;\n this.Cl = Cl | 0;\n this.Dh = Dh | 0;\n this.Dl = Dl | 0;\n this.Eh = Eh | 0;\n this.El = El | 0;\n this.Fh = Fh | 0;\n this.Fl = Fl | 0;\n this.Gh = Gh | 0;\n this.Gl = Gl | 0;\n this.Hh = Hh | 0;\n this.Hl = Hl | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4) {\n SHA512_W_H[i] = view.getUint32(offset);\n SHA512_W_L[i] = view.getUint32((offset += 4));\n }\n for (let i = 16; i < 80; i++) {\n // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n const W15h = SHA512_W_H[i - 15] | 0;\n const W15l = SHA512_W_L[i - 15] | 0;\n const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n const W2h = SHA512_W_H[i - 2] | 0;\n const W2l = SHA512_W_L[i - 2] | 0;\n const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];\n const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n SHA512_W_H[i] = SUMh | 0;\n SHA512_W_L[i] = SUMl | 0;\n }\n let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n // Compression function main loop, 80 rounds\n for (let i = 0; i < 80; i++) {\n // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n const CHIl = (El & Fl) ^ (~El & Gl);\n // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n // prettier-ignore\n const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n const T1l = T1ll | 0;\n // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n Hh = Gh | 0;\n Hl = Gl | 0;\n Gh = Fh | 0;\n Gl = Fl | 0;\n Fh = Eh | 0;\n Fl = El | 0;\n ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n Dh = Ch | 0;\n Dl = Cl | 0;\n Ch = Bh | 0;\n Cl = Bl | 0;\n Bh = Ah | 0;\n Bl = Al | 0;\n const All = u64.add3L(T1l, sigma0l, MAJl);\n Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n Al = All | 0;\n }\n // Add the compressed chunk to the current hash value\n ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n }\n roundClean() {\n SHA512_W_H.fill(0);\n SHA512_W_L.fill(0);\n }\n destroy() {\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n }\n}\nexport class SHA512_224 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x8c3d37c8 | 0;\n this.Al = 0x19544da2 | 0;\n this.Bh = 0x73e19966 | 0;\n this.Bl = 0x89dcd4d6 | 0;\n this.Ch = 0x1dfab7ae | 0;\n this.Cl = 0x32ff9c82 | 0;\n this.Dh = 0x679dd514 | 0;\n this.Dl = 0x582f9fcf | 0;\n this.Eh = 0x0f6d2b69 | 0;\n this.El = 0x7bd44da8 | 0;\n this.Fh = 0x77e36f73 | 0;\n this.Fl = 0x04c48942 | 0;\n this.Gh = 0x3f9d85a8 | 0;\n this.Gl = 0x6a1d36c8 | 0;\n this.Hh = 0x1112e6ad | 0;\n this.Hl = 0x91d692a1 | 0;\n this.outputLen = 28;\n }\n}\nexport class SHA512_256 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x22312194 | 0;\n this.Al = 0xfc2bf72c | 0;\n this.Bh = 0x9f555fa3 | 0;\n this.Bl = 0xc84c64c2 | 0;\n this.Ch = 0x2393b86b | 0;\n this.Cl = 0x6f53b151 | 0;\n this.Dh = 0x96387719 | 0;\n this.Dl = 0x5940eabd | 0;\n this.Eh = 0x96283ee2 | 0;\n this.El = 0xa88effe3 | 0;\n this.Fh = 0xbe5e1e25 | 0;\n this.Fl = 0x53863992 | 0;\n this.Gh = 0x2b0199fc | 0;\n this.Gl = 0x2c85b8aa | 0;\n this.Hh = 0x0eb72ddc | 0;\n this.Hl = 0x81c52ca2 | 0;\n this.outputLen = 32;\n }\n}\nexport class SHA384 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0xcbbb9d5d | 0;\n this.Al = 0xc1059ed8 | 0;\n this.Bh = 0x629a292a | 0;\n this.Bl = 0x367cd507 | 0;\n this.Ch = 0x9159015a | 0;\n this.Cl = 0x3070dd17 | 0;\n this.Dh = 0x152fecd8 | 0;\n this.Dl = 0xf70e5939 | 0;\n this.Eh = 0x67332667 | 0;\n this.El = 0xffc00b31 | 0;\n this.Fh = 0x8eb44a87 | 0;\n this.Fl = 0x68581511 | 0;\n this.Gh = 0xdb0c2e0d | 0;\n this.Gl = 0x64f98fa7 | 0;\n this.Hh = 0x47b5481d | 0;\n this.Hl = 0xbefa4fa4 | 0;\n this.outputLen = 48;\n }\n}\nexport const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());\nexport const sha512_224 = /* @__PURE__ */ wrapConstructor(() => new SHA512_224());\nexport const sha512_256 = /* @__PURE__ */ wrapConstructor(() => new SHA512_256());\nexport const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384());\n//# sourceMappingURL=sha512.js.map","import { bytes, exists, number, output } from './_assert.js';\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';\nimport { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';\n// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.\n// It's called a sponge function.\n// Various per round constants calculations\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nconst _7n = /* @__PURE__ */ BigInt(7);\nconst _256n = /* @__PURE__ */ BigInt(256);\nconst _0x71n = /* @__PURE__ */ BigInt(0x71);\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true);\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n// Same as keccakf1600, but allows to skip some rounds\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n B.fill(0);\n}\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n // Can be passed from user as dkLen\n number(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n if (0 >= this.blockLen || this.blockLen >= 200)\n throw new Error('Sha3 supports only keccak-f1600 function');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n keccak() {\n if (!isLE)\n byteSwap32(this.state32);\n keccakP(this.state32, this.rounds);\n if (!isLE)\n byteSwap32(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n exists(this);\n const { blockLen, state } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n exists(this, false);\n bytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n number(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n output(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n this.state.fill(0);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));\nexport const sha3_224 = /* @__PURE__ */ gen(0x06, 144, 224 / 8);\n/**\n * SHA3-256 hash function\n * @param message - that would be hashed\n */\nexport const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8);\nexport const sha3_384 = /* @__PURE__ */ gen(0x06, 104, 384 / 8);\nexport const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8);\nexport const keccak_224 = /* @__PURE__ */ gen(0x01, 144, 224 / 8);\n/**\n * keccak-256 hash function. Different from SHA3-256.\n * @param message - that would be hashed\n */\nexport const keccak_256 = /* @__PURE__ */ gen(0x01, 136, 256 / 8);\nexport const keccak_384 = /* @__PURE__ */ gen(0x01, 104, 384 / 8);\nexport const keccak_512 = /* @__PURE__ */ gen(0x01, 72, 512 / 8);\nconst genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\nexport const shake128 = /* @__PURE__ */ genShake(0x1f, 168, 128 / 8);\nexport const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8);\n//# sourceMappingURL=sha3.js.map"],"names":["number","n","Number","isSafeInteger","Error","bytes","b","lengths","a","Uint8Array","constructor","name","length","includes","hash","h","create","outputLen","blockLen","exists","instance","checkFinished","destroyed","finished","output","out","min","crypto","globalThis","undefined","createView","arr","DataView","buffer","byteOffset","byteLength","rotr","word","shift","rotl","isLE","Uint32Array","byteSwap32","i","utf8ToBytes","str","TextEncoder","encode","toBytes","data","abytes","concatBytes","arrays","sum","res","pad","set","Hash","clone","this","_cloneInto","wrapConstructor","hashCons","hashC","msg","update","digest","tmp","randomBytes","bytesLength","getRandomValues","Chi","c","Maj","HashMD","padOffset","super","pos","view","len","take","Math","subarray","process","dataView","roundClean","digestInto","fill","value","setBigUint64","_32n","BigInt","_u32_max","wh","wl","l","setUint32","oview","outLen","state","get","slice","destroy","to","SHA256_K","SHA256_IV","SHA256_W","SHA256","A","B","C","D","E","F","G","H","offset","getUint32","W15","W2","s0","s1","T1","T2","SHA224","sha256","sha224","U32_MASK64","fromBig","le","split","lst","Ah","Al","rotlSH","s","rotlSL","rotlBH","rotlBL","u64","toBig","shrSH","_l","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","rotr32H","_h","rotr32L","add","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5H","Eh","add5L","El","SHA512_Kh","SHA512_Kl","map","SHA512_W_H","SHA512_W_L","SHA512","Fh","Fl","Gh","Gl","Hh","Hl","W15h","W15l","s0h","s0l","W2h","W2l","s1h","s1l","SUMl","SUMh","sigma1h","sigma1l","CHIh","CHIl","T1ll","T1h","T1l","sigma0h","sigma0l","MAJh","MAJl","All","SHA384","sha512","sha384","SHA3_PI","SHA3_ROTL","_SHA3_IOTA","_0n","_1n","_2n","_7n","_256n","_0x71n","round","R","x","y","push","t","j","SHA3_IOTA_H","SHA3_IOTA_L","rotlH","rotlL","Keccak","suffix","enableXOF","rounds","posOut","state32","floor","keccak","idx1","idx0","B0","B1","Th","Tl","curH","curL","PI","keccakP","finish","writeInto","bufferOut","xofInto","xof","gen","sha3_256","sha3_512","shake256","opts","wrapXOFConstructorWithOpts","dkLen","genShake"],"mappings":";6GAAA,SAASA,EAAOC,GACZ,IAAKC,OAAOC,cAAcF,IAAMA,EAAI,EAChC,MAAUG,MAAM,kCAAkCH,EAC1D,CAUA,SAASI,EAAMC,KAAMC,GACjB,MALoBC,EAKPF,aAJQG,YACX,MAALD,GAA0B,iBAANA,GAAyC,eAAvBA,EAAEE,YAAYC,MAIrD,MAAUP,MAAM,uBANjB,IAAiBI,EAOpB,GAAID,EAAQK,OAAS,IAAML,EAAQM,SAASP,EAAEM,QAC1C,MAAUR,MAAM,iCAAiCG,oBAA0BD,EAAEM,SACrF,CACA,SAASE,EAAKC,GACV,GAAiB,mBAANA,GAAwC,mBAAbA,EAAEC,OACpC,MAAUZ,MAAM,mDACpBJ,EAAOe,EAAEE,WACTjB,EAAOe,EAAEG,SACb,CACA,SAASC,EAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUlB,MAAM,oCACpB,GAAIiB,GAAiBD,EAASG,SAC1B,MAAUnB,MAAM,wCACxB,CACA,SAASoB,EAAOC,EAAKL,GACjBf,EAAMoB,GACN,MAAMC,EAAMN,EAASH,UACrB,GAAIQ,EAAIb,OAASc,EACb,MAAUtB,MAAM,yDAAyDsB,EAEjF,CCrCO,MAAMC,EAA+B,iBAAfC,GAA2B,WAAYA,EAAaA,EAAWD,YAASE,ECmBxFC,EAAcC,GAAQ,IAAIC,SAASD,EAAIE,OAAQF,EAAIG,WAAYH,EAAII,YAEnEC,EAAO,CAACC,EAAMC,IAAWD,GAAS,GAAKC,EAAWD,IAASC,EAE3DC,EAAO,CAACF,EAAMC,IAAWD,GAAQC,EAAWD,IAAU,GAAKC,IAAY,EACvEE,EAAmE,KAA5D,IAAI/B,WAAW,IAAIgC,YAAY,CAAC,YAAaR,QAAQ;sEASlE,SAASS,EAAWX,GACvB,IAAK,IAAIY,EAAI,EAAGA,EAAIZ,EAAInB,OAAQ+B,IAC5BZ,EAAIY,IATaN,EASCN,EAAIY,KATc,GAAM,WAC5CN,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAHG,IAACA,CAWzB,CAoEO,SAASO,EAAYC,GACxB,GAAmB,iBAARA,EACP,MAAUzC,MAAM,2CAA2CyC,GAC/D,OAAO,IAAIpC,YAAW,IAAIqC,aAAcC,OAAOF,GACnD,CAMO,SAASG,EAAQC,GAIpB,MAHoB,iBAATA,IACPA,EAAOL,EAAYK,IACvBC,EAAOD,GACAA,CACX,CAIO,SAASE,KAAeC,GAC3B,IAAIC,EAAM,EACV,IAAK,IAAIV,EAAI,EAAGA,EAAIS,EAAOxC,OAAQ+B,IAAK,CACpC,MAAMnC,EAAI4C,EAAOT,GACjBO,EAAO1C,GACP6C,GAAO7C,EAAEI,MACjB,CACI,MAAM0C,EAAM,IAAI7C,WAAW4C,GAC3B,IAAK,IAAIV,EAAI,EAAGY,EAAM,EAAGZ,EAAIS,EAAOxC,OAAQ+B,IAAK,CAC7C,MAAMnC,EAAI4C,EAAOT,GACjBW,EAAIE,IAAIhD,EAAG+C,GACXA,GAAO/C,EAAEI,MACjB,CACI,OAAO0C,CACX,CAEO,MAAMG,EAET,KAAAC,GACI,OAAOC,KAAKC,YACpB,EASO,SAASC,EAAgBC,GAC5B,MAAMC,EAASC,GAAQF,IAAWG,OAAOjB,EAAQgB,IAAME,SACjDC,EAAML,IAIZ,OAHAC,EAAM9C,UAAYkD,EAAIlD,UACtB8C,EAAM7C,SAAWiD,EAAIjD,SACrB6C,EAAM/C,OAAS,IAAM8C,IACdC,CACX,CAoBO,SAASK,EAAYC,EAAc,IACtC,GAAI1C,GAA4C,mBAA3BA,EAAO2C,gBACxB,OAAO3C,EAAO2C,gBAAgB,IAAI7D,WAAW4D,IAGjD,GAAI1C,GAAwC,mBAAvBA,EAAOyC,YACxB,OAAOzC,EAAOyC,YAAYC,GAE9B,MAAUjE,MAAM,yCACpB,CCzKY,MAACmE,EAAM,CAAC/D,EAAGF,EAAGkE,IAAOhE,EAAIF,GAAOE,EAAIgE,EAInCC,EAAM,CAACjE,EAAGF,EAAGkE,IAAOhE,EAAIF,EAAME,EAAIgE,EAAMlE,EAAIkE,EAKlD,MAAME,UAAejB,EACxB,WAAA/C,CAAYQ,EAAUD,EAAW0D,EAAWnC,GACxCoC,QACAjB,KAAKzC,SAAWA,EAChByC,KAAK1C,UAAYA,EACjB0C,KAAKgB,UAAYA,EACjBhB,KAAKnB,KAAOA,EACZmB,KAAKpC,UAAW,EAChBoC,KAAK/C,OAAS,EACd+C,KAAKkB,IAAM,EACXlB,KAAKrC,WAAY,EACjBqC,KAAK1B,OAAS,IAAIxB,WAAWS,GAC7ByC,KAAKmB,KAAOhD,EAAW6B,KAAK1B,OACpC,CACI,MAAAgC,CAAOhB,GACH9B,EAAOwC,MACP,MAAMmB,KAAEA,EAAI7C,OAAEA,EAAMf,SAAEA,GAAayC,KAE7BoB,GADN9B,EAAOD,EAAQC,IACErC,OACjB,IAAK,IAAIiE,EAAM,EAAGA,EAAME,GAAM,CAC1B,MAAMC,EAAOC,KAAKvD,IAAIR,EAAWyC,KAAKkB,IAAKE,EAAMF,GAEjD,GAAIG,IAAS9D,EAMbe,EAAOuB,IAAIP,EAAKiC,SAASL,EAAKA,EAAMG,GAAOrB,KAAKkB,KAChDlB,KAAKkB,KAAOG,EACZH,GAAOG,EACHrB,KAAKkB,MAAQ3D,IACbyC,KAAKwB,QAAQL,EAAM,GACnBnB,KAAKkB,IAAM,OAXf,CACI,MAAMO,EAAWtD,EAAWmB,GAC5B,KAAO/B,GAAY6D,EAAMF,EAAKA,GAAO3D,EACjCyC,KAAKwB,QAAQC,EAAUP,EAE3C,CAQA,CAGQ,OAFAlB,KAAK/C,QAAUqC,EAAKrC,OACpB+C,KAAK0B,aACE1B,IACf,CACI,UAAA2B,CAAW7D,GACPN,EAAOwC,MACPnC,EAAOC,EAAKkC,MACZA,KAAKpC,UAAW,EAIhB,MAAMU,OAAEA,EAAM6C,KAAEA,EAAI5D,SAAEA,EAAQsB,KAAEA,GAASmB,KACzC,IAAIkB,IAAEA,GAAQlB,KAEd1B,EAAO4C,KAAS,IAChBlB,KAAK1B,OAAOiD,SAASL,GAAKU,KAAK,GAG3B5B,KAAKgB,UAAYzD,EAAW2D,IAC5BlB,KAAKwB,QAAQL,EAAM,GACnBD,EAAM,GAGV,IAAK,IAAIlC,EAAIkC,EAAKlC,EAAIzB,EAAUyB,IAC5BV,EAAOU,GAAK,GApFxB,SAAsBmC,EAAM5C,EAAYsD,EAAOhD,GAC3C,GAAiC,mBAAtBsC,EAAKW,aACZ,OAAOX,EAAKW,aAAavD,EAAYsD,EAAOhD,GAChD,MAAMkD,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAK3F,OAAQsF,GAASE,EAAQE,GAC9BE,EAAK5F,OAAOsF,EAAQI,GACpB7E,EAAIyB,EAAO,EAAI,EACfuD,EAAIvD,EAAO,EAAI,EACrBsC,EAAKkB,UAAU9D,EAAanB,EAAG8E,EAAIrD,GACnCsC,EAAKkB,UAAU9D,EAAa6D,EAAGD,EAAItD,EACvC,CA6EQiD,CAAaX,EAAM5D,EAAW,EAAGyE,OAAqB,EAAdhC,KAAK/C,QAAa4B,GAC1DmB,KAAKwB,QAAQL,EAAM,GACnB,MAAMmB,EAAQnE,EAAWL,GACnBsD,EAAMpB,KAAK1C,UAEjB,GAAI8D,EAAM,EACN,MAAU3E,MAAM,+CACpB,MAAM8F,EAASnB,EAAM,EACfoB,EAAQxC,KAAKyC,MACnB,GAAIF,EAASC,EAAMvF,OACf,MAAUR,MAAM,sCACpB,IAAK,IAAIuC,EAAI,EAAGA,EAAIuD,EAAQvD,IACxBsD,EAAMD,UAAU,EAAIrD,EAAGwD,EAAMxD,GAAIH,EAC7C,CACI,MAAA0B,GACI,MAAMjC,OAAEA,EAAMhB,UAAEA,GAAc0C,KAC9BA,KAAK2B,WAAWrD,GAChB,MAAMqB,EAAMrB,EAAOoE,MAAM,EAAGpF,GAE5B,OADA0C,KAAK2C,UACEhD,CACf,CACI,UAAAM,CAAW2C,GACPA,IAAOA,EAAK,IAAI5C,KAAKjD,aACrB6F,EAAG/C,OAAOG,KAAKyC,OACf,MAAMlF,SAAEA,EAAQe,OAAEA,EAAMrB,OAAEA,EAAMW,SAAEA,EAAQD,UAAEA,EAASuD,IAAEA,GAAQlB,KAO/D,OANA4C,EAAG3F,OAASA,EACZ2F,EAAG1B,IAAMA,EACT0B,EAAGhF,SAAWA,EACdgF,EAAGjF,UAAYA,EACXV,EAASM,GACTqF,EAAGtE,OAAOuB,IAAIvB,GACXsE,CACf,ECtHA,MAAMC,iBAA2B,IAAI/D,YAAY,CAC7C,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAKlFgE,iBAA4B,IAAIhE,YAAY,CAC9C,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAIlFiE,iBAA2B,IAAIjE,YAAY,IAC1C,MAAMkE,UAAejC,EACxB,WAAAhE,GACIkE,MAAM,GAAI,GAAI,GAAG,GAGjBjB,KAAKiD,EAAmB,EAAfH,EAAU,GACnB9C,KAAKkD,EAAmB,EAAfJ,EAAU,GACnB9C,KAAKmD,EAAmB,EAAfL,EAAU,GACnB9C,KAAKoD,EAAmB,EAAfN,EAAU,GACnB9C,KAAKqD,EAAmB,EAAfP,EAAU,GACnB9C,KAAKsD,EAAmB,EAAfR,EAAU,GACnB9C,KAAKuD,EAAmB,EAAfT,EAAU,GACnB9C,KAAKwD,EAAmB,EAAfV,EAAU,EAC3B,CACI,GAAAL,GACI,MAAMQ,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMxD,KACnC,MAAO,CAACiD,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EACrC,CAEI,GAAA3D,CAAIoD,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,GACrBxD,KAAKiD,EAAQ,EAAJA,EACTjD,KAAKkD,EAAQ,EAAJA,EACTlD,KAAKmD,EAAQ,EAAJA,EACTnD,KAAKoD,EAAQ,EAAJA,EACTpD,KAAKqD,EAAQ,EAAJA,EACTrD,KAAKsD,EAAQ,EAAJA,EACTtD,KAAKuD,EAAQ,EAAJA,EACTvD,KAAKwD,EAAQ,EAAJA,CACjB,CACI,OAAAhC,CAAQL,EAAMsC,GAEV,IAAK,IAAIzE,EAAI,EAAGA,EAAI,GAAIA,IAAKyE,GAAU,EACnCV,EAAS/D,GAAKmC,EAAKuC,UAAUD,GAAQ,GACzC,IAAK,IAAIzE,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAC1B,MAAM2E,EAAMZ,EAAS/D,EAAI,IACnB4E,EAAKb,EAAS/D,EAAI,GAClB6E,EAAKpF,EAAKkF,EAAK,GAAKlF,EAAKkF,EAAK,IAAOA,IAAQ,EAC7CG,EAAKrF,EAAKmF,EAAI,IAAMnF,EAAKmF,EAAI,IAAOA,IAAO,GACjDb,EAAS/D,GAAM8E,EAAKf,EAAS/D,EAAI,GAAK6E,EAAKd,EAAS/D,EAAI,IAAO,CAC3E,CAEQ,IAAIiE,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMxD,KACjC,IAAK,IAAIhB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MACM+E,EAAMP,GADG/E,EAAK4E,EAAG,GAAK5E,EAAK4E,EAAG,IAAM5E,EAAK4E,EAAG,KACzBzC,EAAIyC,EAAGC,EAAGC,GAAKV,EAAS7D,GAAK+D,EAAS/D,GAAM,EAE/DgF,GADSvF,EAAKwE,EAAG,GAAKxE,EAAKwE,EAAG,IAAMxE,EAAKwE,EAAG,KAC7BnC,EAAImC,EAAGC,EAAGC,GAAM,EACrCK,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAKD,EAAIW,EAAM,EACfX,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAKc,EAAKC,EAAM,CAC5B,CAEQf,EAAKA,EAAIjD,KAAKiD,EAAK,EACnBC,EAAKA,EAAIlD,KAAKkD,EAAK,EACnBC,EAAKA,EAAInD,KAAKmD,EAAK,EACnBC,EAAKA,EAAIpD,KAAKoD,EAAK,EACnBC,EAAKA,EAAIrD,KAAKqD,EAAK,EACnBC,EAAKA,EAAItD,KAAKsD,EAAK,EACnBC,EAAKA,EAAIvD,KAAKuD,EAAK,EACnBC,EAAKA,EAAIxD,KAAKwD,EAAK,EACnBxD,KAAKH,IAAIoD,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EACtC,CACI,UAAA9B,GACIqB,EAASnB,KAAK,EACtB,CACI,OAAAe,GACI3C,KAAKH,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC9BG,KAAK1B,OAAOsD,KAAK,EACzB,EAGA,MAAMqC,UAAejB,EACjB,WAAAjG,GACIkE,QACAjB,KAAKiD,GAAI,WACTjD,KAAKkD,EAAI,UACTlD,KAAKmD,EAAI,UACTnD,KAAKoD,GAAI,UACTpD,KAAKqD,GAAI,QACTrD,KAAKsD,EAAI,WACTtD,KAAKuD,EAAI,WACTvD,KAAKwD,GAAI,WACTxD,KAAK1C,UAAY,EACzB,EAMY,MAAC4G,iBAAyBhE,GAAgB,IAAM,IAAI8C,IAInDmB,iBAAyBjE,GAAgB,IAAM,IAAI+D,IC5H1DG,iBAA6BpC,OAAO,GAAK,GAAK,GAC9CD,iBAAuBC,OAAO,IAEpC,SAASqC,EAAQ/H,EAAGgI,GAAK,GACrB,OAAIA,EACO,CAAElH,EAAGb,OAAOD,EAAI8H,GAAahC,EAAG7F,OAAQD,GAAKyF,EAAQqC,IACzD,CAAEhH,EAAsC,EAAnCb,OAAQD,GAAKyF,EAAQqC,GAAiBhC,EAA4B,EAAzB7F,OAAOD,EAAI8H,GACpE,CACA,SAASG,EAAMC,EAAKF,GAAK,GACrB,IAAIG,EAAK,IAAI3F,YAAY0F,EAAIvH,QACzByH,EAAK,IAAI5F,YAAY0F,EAAIvH,QAC7B,IAAK,IAAI+B,EAAI,EAAGA,EAAIwF,EAAIvH,OAAQ+B,IAAK,CACjC,MAAM5B,EAAGgF,EAAEA,GAAMiC,EAAQG,EAAIxF,GAAIsF,IAChCG,EAAGzF,GAAI0F,EAAG1F,IAAM,CAAC5B,EAAGgF,EAC7B,CACI,MAAO,CAACqC,EAAIC,EAChB,CACA,MAcMC,EAAS,CAACvH,EAAGgF,EAAGwC,IAAOxH,GAAKwH,EAAMxC,IAAO,GAAKwC,EAC9CC,EAAS,CAACzH,EAAGgF,EAAGwC,IAAOxC,GAAKwC,EAAMxH,IAAO,GAAKwH,EAE9CE,EAAS,CAAC1H,EAAGgF,EAAGwC,IAAOxC,GAAMwC,EAAI,GAAQxH,IAAO,GAAKwH,EACrDG,EAAS,CAAC3H,EAAGgF,EAAGwC,IAAOxH,GAAMwH,EAAI,GAAQxC,IAAO,GAAKwC,EAQ3D,MASMI,EAAM,CACRX,UAASE,QAAOU,MApCN,CAAC7H,EAAGgF,IAAOJ,OAAO5E,IAAM,IAAM2E,EAAQC,OAAOI,IAAM,GAqC7D8C,MAnCU,CAAC9H,EAAG+H,EAAIP,IAAMxH,IAAMwH,EAmCvBQ,MAlCG,CAAChI,EAAGgF,EAAGwC,IAAOxH,GAAM,GAAKwH,EAAOxC,IAAMwC,EAmChDS,OAjCW,CAACjI,EAAGgF,EAAGwC,IAAOxH,IAAMwH,EAAMxC,GAAM,GAAKwC,EAiCxCU,OAhCG,CAAClI,EAAGgF,EAAGwC,IAAOxH,GAAM,GAAKwH,EAAOxC,IAAMwC,EAgCjCW,OA9BL,CAACnI,EAAGgF,EAAGwC,IAAOxH,GAAM,GAAKwH,EAAOxC,IAAOwC,EAAI,GA8B9BY,OA7Bb,CAACpI,EAAGgF,EAAGwC,IAAOxH,IAAOwH,EAAI,GAAQxC,GAAM,GAAKwC,EA8BvDa,QA5BY,CAACC,EAAItD,IAAMA,EA4BduD,QA3BG,CAACvI,EAAG+H,IAAO/H,EA4BvBuH,SAAQE,SAAQC,SAAQC,SACxBa,IApBJ,SAAanB,EAAIC,EAAImB,EAAIC,GACrB,MAAM1D,GAAKsC,IAAO,IAAMoB,IAAO,GAC/B,MAAO,CAAE1I,EAAIqH,EAAKoB,GAAOzD,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACxD,EAiBS2D,MAfK,CAACrB,EAAIoB,EAAIE,KAAQtB,IAAO,IAAMoB,IAAO,IAAME,IAAO,GAehDC,MAdF,CAACC,EAAKzB,EAAIoB,EAAIM,IAAQ1B,EAAKoB,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EAcrDE,MAbT,CAAC1B,EAAIoB,EAAIE,EAAIK,KAAQ3B,IAAO,IAAMoB,IAAO,IAAME,IAAO,IAAMK,IAAO,GAanDC,MAZhB,CAACJ,EAAKzB,EAAIoB,EAAIM,EAAII,IAAQ9B,EAAKoB,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAYhDM,MAVvB,CAACN,EAAKzB,EAAIoB,EAAIM,EAAII,EAAIE,IAAQhC,EAAKoB,EAAKM,EAAKI,EAAKE,GAAOP,EAAM,GAAK,GAAM,GAAM,EAUlDQ,MAX9B,CAAChC,EAAIoB,EAAIE,EAAIK,EAAIM,KAAQjC,IAAO,IAAMoB,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMM,IAAO,KC1C3FC,EAAWC,kBAA6B,KAAO7B,EAAIT,MAAM,CAC5D,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,sBACpEuC,KAAIxK,GAAK0F,OAAO1F,MArB6B,GAuBzCyK,iBAA6B,IAAIjI,YAAY,IAC7CkI,iBAA6B,IAAIlI,YAAY,IAC5C,MAAMmI,UAAelG,EACxB,WAAAhE,GACIkE,MAAM,IAAK,GAAI,IAAI,GAKnBjB,KAAKyE,GAAK,WACVzE,KAAK0E,IAAK,UACV1E,KAAK6F,IAAK,WACV7F,KAAK8F,IAAK,WACV9F,KAAKmG,GAAK,WACVnG,KAAKgG,IAAK,SACVhG,KAAKuG,IAAK,WACVvG,KAAKqG,GAAK,WACVrG,KAAKyG,GAAK,WACVzG,KAAK2G,IAAK,WACV3G,KAAKkH,IAAK,WACVlH,KAAKmH,GAAK,UACVnH,KAAKoH,GAAK,UACVpH,KAAKqH,IAAK,SACVrH,KAAKsH,GAAK,WACVtH,KAAKuH,GAAK,SAClB,CAEI,GAAA9E,GACI,MAAMgC,GAAEA,EAAEC,GAAEA,EAAEmB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEO,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOvH,KAC3E,MAAO,CAACyE,EAAIC,EAAImB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIO,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC5E,CAEI,GAAA1H,CAAI4E,EAAIC,EAAImB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIO,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC5DvH,KAAKyE,GAAU,EAALA,EACVzE,KAAK0E,GAAU,EAALA,EACV1E,KAAK6F,GAAU,EAALA,EACV7F,KAAK8F,GAAU,EAALA,EACV9F,KAAKmG,GAAU,EAALA,EACVnG,KAAKgG,GAAU,EAALA,EACVhG,KAAKuG,GAAU,EAALA,EACVvG,KAAKqG,GAAU,EAALA,EACVrG,KAAKyG,GAAU,EAALA,EACVzG,KAAK2G,GAAU,EAALA,EACV3G,KAAKkH,GAAU,EAALA,EACVlH,KAAKmH,GAAU,EAALA,EACVnH,KAAKoH,GAAU,EAALA,EACVpH,KAAKqH,GAAU,EAALA,EACVrH,KAAKsH,GAAU,EAALA,EACVtH,KAAKuH,GAAU,EAALA,CAClB,CACI,OAAA/F,CAAQL,EAAMsC,GAEV,IAAK,IAAIzE,EAAI,EAAGA,EAAI,GAAIA,IAAKyE,GAAU,EACnCsD,EAAW/H,GAAKmC,EAAKuC,UAAUD,GAC/BuD,EAAWhI,GAAKmC,EAAKuC,UAAWD,GAAU,GAE9C,IAAK,IAAIzE,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAE1B,MAAMwI,EAA4B,EAArBT,EAAW/H,EAAI,IACtByI,EAA4B,EAArBT,EAAWhI,EAAI,IACtB0I,EAAM1C,EAAIK,OAAOmC,EAAMC,EAAM,GAAKzC,EAAIK,OAAOmC,EAAMC,EAAM,GAAKzC,EAAIE,MAAMsC,EAAMC,EAAM,GACpFE,EAAM3C,EAAIM,OAAOkC,EAAMC,EAAM,GAAKzC,EAAIM,OAAOkC,EAAMC,EAAM,GAAKzC,EAAII,MAAMoC,EAAMC,EAAM,GAEpFG,EAA0B,EAApBb,EAAW/H,EAAI,GACrB6I,EAA0B,EAApBb,EAAWhI,EAAI,GACrB8I,EAAM9C,EAAIK,OAAOuC,EAAKC,EAAK,IAAM7C,EAAIO,OAAOqC,EAAKC,EAAK,IAAM7C,EAAIE,MAAM0C,EAAKC,EAAK,GAChFE,EAAM/C,EAAIM,OAAOsC,EAAKC,EAAK,IAAM7C,EAAIQ,OAAOoC,EAAKC,EAAK,IAAM7C,EAAII,MAAMwC,EAAKC,EAAK,GAEhFG,EAAOhD,EAAIoB,MAAMuB,EAAKI,EAAKf,EAAWhI,EAAI,GAAIgI,EAAWhI,EAAI,KAC7DiJ,EAAOjD,EAAIsB,MAAM0B,EAAMN,EAAKI,EAAKf,EAAW/H,EAAI,GAAI+H,EAAW/H,EAAI,KACzE+H,EAAW/H,GAAY,EAAPiJ,EAChBjB,EAAWhI,GAAY,EAAPgJ,CAC5B,CACQ,IAAIvD,GAAEA,EAAEC,GAAEA,EAAEmB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEO,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOvH,KAEzE,IAAK,IAAIhB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAEzB,MAAMkJ,EAAUlD,EAAIK,OAAOoB,EAAIE,EAAI,IAAM3B,EAAIK,OAAOoB,EAAIE,EAAI,IAAM3B,EAAIO,OAAOkB,EAAIE,EAAI,IAC/EwB,EAAUnD,EAAIM,OAAOmB,EAAIE,EAAI,IAAM3B,EAAIM,OAAOmB,EAAIE,EAAI,IAAM3B,EAAIQ,OAAOiB,EAAIE,EAAI,IAE/EyB,EAAQ3B,EAAKS,GAAQT,EAAKW,EAC1BiB,EAAQ1B,EAAKQ,GAAQR,EAAKU,EAG1BiB,EAAOtD,EAAI0B,MAAMa,EAAIY,EAASE,EAAMxB,EAAU7H,GAAIgI,EAAWhI,IAC7DuJ,EAAMvD,EAAIwB,MAAM8B,EAAMhB,EAAIY,EAASE,EAAMxB,EAAU5H,GAAI+H,EAAW/H,IAClEwJ,EAAa,EAAPF,EAENG,EAAUzD,EAAIK,OAAOZ,EAAIC,EAAI,IAAMM,EAAIO,OAAOd,EAAIC,EAAI,IAAMM,EAAIO,OAAOd,EAAIC,EAAI,IAC/EgE,EAAU1D,EAAIM,OAAOb,EAAIC,EAAI,IAAMM,EAAIQ,OAAOf,EAAIC,EAAI,IAAMM,EAAIQ,OAAOf,EAAIC,EAAI,IAC/EiE,EAAQlE,EAAKoB,EAAOpB,EAAK0B,EAAON,EAAKM,EACrCyC,EAAQlE,EAAKoB,EAAOpB,EAAKsB,EAAOF,EAAKE,EAC3CsB,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALT,EACLU,EAAU,EAALR,IACFvJ,EAAGqJ,EAAIrE,EAAGuE,GAAO3B,EAAIY,IAAS,EAALW,EAAa,EAALF,EAAc,EAANkC,EAAe,EAANC,IACrDjC,EAAU,EAALJ,EACLE,EAAU,EAALL,EACLG,EAAU,EAALN,EACLG,EAAU,EAALF,EACLD,EAAU,EAALpB,EACLqB,EAAU,EAALpB,EACL,MAAMmE,EAAM7D,EAAIe,MAAMyC,EAAKE,EAASE,GACpCnE,EAAKO,EAAIiB,MAAM4C,EAAKN,EAAKE,EAASE,GAClCjE,EAAW,EAANmE,CACjB,GAEWzL,EAAGqH,EAAIrC,EAAGsC,GAAOM,EAAIY,IAAc,EAAV5F,KAAKyE,GAAkB,EAAVzE,KAAK0E,GAAa,EAALD,EAAa,EAALC,MAC3DtH,EAAGyI,EAAIzD,EAAG0D,GAAOd,EAAIY,IAAc,EAAV5F,KAAK6F,GAAkB,EAAV7F,KAAK8F,GAAa,EAALD,EAAa,EAALC,MAC3D1I,EAAG+I,EAAI/D,EAAG4D,GAAOhB,EAAIY,IAAc,EAAV5F,KAAKmG,GAAkB,EAAVnG,KAAKgG,GAAa,EAALG,EAAa,EAALH,MAC3D5I,EAAGmJ,EAAInE,EAAGiE,GAAOrB,EAAIY,IAAc,EAAV5F,KAAKuG,GAAkB,EAAVvG,KAAKqG,GAAa,EAALE,EAAa,EAALF,MAC3DjJ,EAAGqJ,EAAIrE,EAAGuE,GAAO3B,EAAIY,IAAc,EAAV5F,KAAKyG,GAAkB,EAAVzG,KAAK2G,GAAa,EAALF,EAAa,EAALE,MAC3DvJ,EAAG8J,EAAI9E,EAAG+E,GAAOnC,EAAIY,IAAc,EAAV5F,KAAKkH,GAAkB,EAAVlH,KAAKmH,GAAa,EAALD,EAAa,EAALC,MAC3D/J,EAAGgK,EAAIhF,EAAGiF,GAAOrC,EAAIY,IAAc,EAAV5F,KAAKoH,GAAkB,EAAVpH,KAAKqH,GAAa,EAALD,EAAa,EAALC,MAC3DjK,EAAGkK,EAAIlF,EAAGmF,GAAOvC,EAAIY,IAAc,EAAV5F,KAAKsH,GAAkB,EAAVtH,KAAKuH,GAAa,EAALD,EAAa,EAALC,IAC9DvH,KAAKH,IAAI4E,EAAIC,EAAImB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIO,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC7E,CACI,UAAA7F,GACIqF,EAAWnF,KAAK,GAChBoF,EAAWpF,KAAK,EACxB,CACI,OAAAe,GACI3C,KAAK1B,OAAOsD,KAAK,GACjB5B,KAAKH,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC9D,EAgDO,MAAMiJ,UAAe7B,EACxB,WAAAlK,GACIkE,QAEAjB,KAAKyE,IAAK,UACVzE,KAAK0E,IAAK,WACV1E,KAAK6F,GAAK,WACV7F,KAAK8F,GAAK,UACV9F,KAAKmG,IAAK,WACVnG,KAAKgG,GAAK,UACVhG,KAAKuG,GAAK,UACVvG,KAAKqG,IAAK,UACVrG,KAAKyG,GAAK,WACVzG,KAAK2G,IAAK,QACV3G,KAAKkH,IAAK,WACVlH,KAAKmH,GAAK,WACVnH,KAAKoH,IAAK,UACVpH,KAAKqH,GAAK,WACVrH,KAAKsH,GAAK,WACVtH,KAAKuH,IAAK,WACVvH,KAAK1C,UAAY,EACzB,EAEY,MAACyL,iBAAyB7I,GAAgB,IAAM,IAAI+G,IAGnD+B,iBAAyB9I,GAAgB,IAAM,IAAI4I,IC/N1DG,EAAU,GACVC,EAAY,GACZC,EAAa,GACbC,iBAAsBpH,OAAO,GAC7BqH,iBAAsBrH,OAAO,GAC7BsH,iBAAsBtH,OAAO,GAC7BuH,iBAAsBvH,OAAO,GAC7BwH,iBAAwBxH,OAAO,KAC/ByH,iBAAyBzH,OAAO,KACtC,IAAK,IAAI0H,EAAQ,EAAGC,EAAIN,EAAKO,EAAI,EAAGC,EAAI,EAAGH,EAAQ,GAAIA,IAAS,EAE3DE,EAAGC,GAAK,CAACA,GAAI,EAAID,EAAI,EAAIC,GAAK,GAC/BZ,EAAQa,KAAK,GAAK,EAAID,EAAID,IAE1BV,EAAUY,MAAQJ,EAAQ,IAAMA,EAAQ,GAAM,EAAK,IAEnD,IAAIK,EAAIX,EACR,IAAK,IAAIY,EAAI,EAAGA,EAAI,EAAGA,IACnBL,GAAMA,GAAKN,GAASM,GAAKJ,GAAOE,GAAWD,EACvCG,EAAIL,IACJS,GAAKV,IAASA,kBAAuBrH,OAAOgI,IAAMX,GAE1DF,EAAWW,KAAKC,EACpB,CACA,MAAOE,GAAaC,mBAA+B3F,EAAM4E,GAAY,GAE/DgB,GAAQ,CAAC/M,EAAGgF,EAAGwC,IAAOA,EAAI,GAAKE,EAAO1H,EAAGgF,EAAGwC,GAAKD,EAAOvH,EAAGgF,EAAGwC,GAC9DwF,GAAQ,CAAChN,EAAGgF,EAAGwC,IAAOA,EAAI,GAAKG,EAAO3H,EAAGgF,EAAGwC,GAAKC,EAAOzH,EAAGgF,EAAGwC,GA+C7D,MAAMyF,WAAevK,EAExB,WAAA/C,CAAYQ,EAAU+M,EAAQhN,EAAWiN,GAAY,EAAOC,EAAS,IAcjE,GAbAvJ,QACAjB,KAAKzC,SAAWA,EAChByC,KAAKsK,OAASA,EACdtK,KAAK1C,UAAYA,EACjB0C,KAAKuK,UAAYA,EACjBvK,KAAKwK,OAASA,EACdxK,KAAKkB,IAAM,EACXlB,KAAKyK,OAAS,EACdzK,KAAKpC,UAAW,EAChBoC,KAAKrC,WAAY,EAEjBtB,EAAOiB,GAEH,GAAK0C,KAAKzC,UAAYyC,KAAKzC,UAAY,IACvC,MAAUd,MAAM,4CLhFT,IAAC2B,EKiFZ4B,KAAKwC,MAAQ,IAAI1F,WAAW,KAC5BkD,KAAK0K,SLlFOtM,EKkFO4B,KAAKwC,MLlFJ,IAAI1D,YAAYV,EAAIE,OAAQF,EAAIG,WAAY+C,KAAKqJ,MAAMvM,EAAII,WAAa,IKmFpG,CACI,MAAAoM,GACS/L,GACDE,EAAWiB,KAAK0K,SApErB,SAAiB9F,EAAG4F,EAAS,IAChC,MAAMtH,EAAI,IAAIpE,YAAY,IAE1B,IAAK,IAAI4K,EAAQ,GAAKc,EAAQd,EAAQ,GAAIA,IAAS,CAE/C,IAAK,IAAIE,EAAI,EAAGA,EAAI,GAAIA,IACpB1G,EAAE0G,GAAKhF,EAAEgF,GAAKhF,EAAEgF,EAAI,IAAMhF,EAAEgF,EAAI,IAAMhF,EAAEgF,EAAI,IAAMhF,EAAEgF,EAAI,IAC5D,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EAAG,CAC5B,MAAMiB,GAAQjB,EAAI,GAAK,GACjBkB,GAAQlB,EAAI,GAAK,GACjBmB,EAAK7H,EAAE4H,GACPE,EAAK9H,EAAE4H,EAAO,GACdG,EAAKd,GAAMY,EAAIC,EAAI,GAAK9H,EAAE2H,GAC1BK,EAAKd,GAAMW,EAAIC,EAAI,GAAK9H,EAAE2H,EAAO,GACvC,IAAK,IAAIhB,EAAI,EAAGA,EAAI,GAAIA,GAAK,GACzBjF,EAAEgF,EAAIC,IAAMoB,EACZrG,EAAEgF,EAAIC,EAAI,IAAMqB,CAEhC,CAEQ,IAAIC,EAAOvG,EAAE,GACTwG,EAAOxG,EAAE,GACb,IAAK,IAAImF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMpL,EAAQuK,EAAUa,GAClBkB,EAAKd,GAAMgB,EAAMC,EAAMzM,GACvBuM,EAAKd,GAAMe,EAAMC,EAAMzM,GACvB0M,EAAKpC,EAAQc,GACnBoB,EAAOvG,EAAEyG,GACTD,EAAOxG,EAAEyG,EAAK,GACdzG,EAAEyG,GAAMJ,EACRrG,EAAEyG,EAAK,GAAKH,CACxB,CAEQ,IAAK,IAAIrB,EAAI,EAAGA,EAAI,GAAIA,GAAK,GAAI,CAC7B,IAAK,IAAID,EAAI,EAAGA,EAAI,GAAIA,IACpB1G,EAAE0G,GAAKhF,EAAEiF,EAAID,GACjB,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACpBhF,EAAEiF,EAAID,KAAO1G,GAAG0G,EAAI,GAAK,IAAM1G,GAAG0G,EAAI,GAAK,GAC3D,CAEQhF,EAAE,IAAMqF,GAAYP,GACpB9E,EAAE,IAAMsF,GAAYR,EAC5B,CACIxG,EAAEtB,KAAK,EACX,CAyBQ0J,CAAQtL,KAAK0K,QAAS1K,KAAKwK,QACtB3L,GACDE,EAAWiB,KAAK0K,SACpB1K,KAAKyK,OAAS,EACdzK,KAAKkB,IAAM,CACnB,CACI,MAAAZ,CAAOhB,GACH9B,EAAOwC,MACP,MAAMzC,SAAEA,EAAQiF,MAAEA,GAAUxC,KAEtBoB,GADN9B,EAAOD,EAAQC,IACErC,OACjB,IAAK,IAAIiE,EAAM,EAAGA,EAAME,GAAM,CAC1B,MAAMC,EAAOC,KAAKvD,IAAIR,EAAWyC,KAAKkB,IAAKE,EAAMF,GACjD,IAAK,IAAIlC,EAAI,EAAGA,EAAIqC,EAAMrC,IACtBwD,EAAMxC,KAAKkB,QAAU5B,EAAK4B,KAC1BlB,KAAKkB,MAAQ3D,GACbyC,KAAK4K,QACrB,CACQ,OAAO5K,IACf,CACI,MAAAuL,GACI,GAAIvL,KAAKpC,SACL,OACJoC,KAAKpC,UAAW,EAChB,MAAM4E,MAAEA,EAAK8H,OAAEA,EAAMpJ,IAAEA,EAAG3D,SAAEA,GAAayC,KAEzCwC,EAAMtB,IAAQoJ,EACA,IAATA,GAAwBpJ,IAAQ3D,EAAW,GAC5CyC,KAAK4K,SACTpI,EAAMjF,EAAW,IAAM,IACvByC,KAAK4K,QACb,CACI,SAAAY,CAAU1N,GACNN,EAAOwC,MAAM,GACbtD,EAAMoB,GACNkC,KAAKuL,SACL,MAAME,EAAYzL,KAAKwC,OACjBjF,SAAEA,GAAayC,KACrB,IAAK,IAAIkB,EAAM,EAAGE,EAAMtD,EAAIb,OAAQiE,EAAME,GAAM,CACxCpB,KAAKyK,QAAUlN,GACfyC,KAAK4K,SACT,MAAMvJ,EAAOC,KAAKvD,IAAIR,EAAWyC,KAAKyK,OAAQrJ,EAAMF,GACpDpD,EAAI+B,IAAI4L,EAAUlK,SAASvB,KAAKyK,OAAQzK,KAAKyK,OAASpJ,GAAOH,GAC7DlB,KAAKyK,QAAUpJ,EACfH,GAAOG,CACnB,CACQ,OAAOvD,CACf,CACI,OAAA4N,CAAQ5N,GAEJ,IAAKkC,KAAKuK,UACN,MAAU9N,MAAM,yCACpB,OAAOuD,KAAKwL,UAAU1N,EAC9B,CACI,GAAA6N,CAAIjP,GAEA,OADAL,EAAOK,GACAsD,KAAK0L,QAAQ,IAAI5O,WAAWJ,GAC3C,CACI,UAAAiF,CAAW7D,GAEP,GADAD,EAAOC,EAAKkC,MACRA,KAAKpC,SACL,MAAUnB,MAAM,+BAGpB,OAFAuD,KAAKwL,UAAU1N,GACfkC,KAAK2C,UACE7E,CACf,CACI,MAAAyC,GACI,OAAOP,KAAK2B,WAAW,IAAI7E,WAAWkD,KAAK1C,WACnD,CACI,OAAAqF,GACI3C,KAAKrC,WAAY,EACjBqC,KAAKwC,MAAMZ,KAAK,EACxB,CACI,UAAA3B,CAAW2C,GACP,MAAMrF,SAAEA,EAAQ+M,OAAEA,EAAMhN,UAAEA,EAASkN,OAAEA,EAAMD,UAAEA,GAAcvK,KAY3D,OAXA4C,IAAOA,EAAK,IAAIyH,GAAO9M,EAAU+M,EAAQhN,EAAWiN,EAAWC,IAC/D5H,EAAG8H,QAAQ7K,IAAIG,KAAK0K,SACpB9H,EAAG1B,IAAMlB,KAAKkB,IACd0B,EAAG6H,OAASzK,KAAKyK,OACjB7H,EAAGhF,SAAWoC,KAAKpC,SACnBgF,EAAG4H,OAASA,EAEZ5H,EAAG0H,OAASA,EACZ1H,EAAGtF,UAAYA,EACfsF,EAAG2H,UAAYA,EACf3H,EAAGjF,UAAYqC,KAAKrC,UACbiF,CACf,EAEA,MAAMgJ,GAAM,CAACtB,EAAQ/M,EAAUD,IAAc4C,GAAgB,IAAM,IAAImK,GAAO9M,EAAU+M,EAAQhN,KAMnFuO,kBAA2BD,GAAI,EAAM,IAAK,IAE1CE,kBAA2BF,GAAI,EAAM,GAAI,IAWzCG,kBAFI,EAACzB,EAAQ/M,EAAUD,ILzC7B,SAAoC6C,GACvC,MAAMC,EAAQ,CAACC,EAAK2L,IAAS7L,EAAS6L,GAAM1L,OAAOjB,EAAQgB,IAAME,SAC3DC,EAAML,EAAS,IAIrB,OAHAC,EAAM9C,UAAYkD,EAAIlD,UACtB8C,EAAM7C,SAAWiD,EAAIjD,SACrB6C,EAAM/C,OAAU2O,GAAS7L,EAAS6L,GAC3B5L,CACX,CKkCkD6L,EAA2B,CAACD,EAAO,CAAA,IAAO,IAAI3B,GAAO9M,EAAU+M,OAAuBpM,IAAf8N,EAAKE,MAAsB5O,EAAY0O,EAAKE,OAAO,KAEpIC,CAAS,GAAM,IAAK","x_google_ignoreList":[0,1,2,3,4,5,6,7]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/sha3.mjs b/app/node_modules/openpgp/dist/lightweight/sha3.mjs new file mode 100644 index 000000000..ae10d02b6 --- /dev/null +++ b/app/node_modules/openpgp/dist/lightweight/sha3.mjs @@ -0,0 +1,830 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +function number(n) { + if (!Number.isSafeInteger(n) || n < 0) + throw new Error(`positive integer expected, not ${n}`); +} +// copied from utils +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes(b, ...lengths) { + if (!isBytes(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function hash(h) { + if (typeof h !== 'function' || typeof h.create !== 'function') + throw new Error('Hash should be wrapped by utils.wrapConstructor'); + number(h.outputLen); + number(h.blockLen); +} +function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +const crypto = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; + +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// node.js versions earlier than v19 don't declare it in global scope. +// For node.js, package.json#exports field mapping rewrites import +// from `crypto` to `cryptoNode`, which imports native module. +// Makes the utils un-importable in browsers without a bundler. +// Once node.js 18 is deprecated (2025-04-30), we can just drop the import. +const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// The rotate right (circular right shift) operation for uint32 +const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift); +// The rotate left (circular left shift) operation for uint32 +const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0); +const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +// The byte swap operation for uint32 +const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// In place byte swap for Uint32Array +function byteSwap32(arr) { + for (let i = 0; i < arr.length; i++) { + arr[i] = byteSwap(arr[i]); + } +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes(data); + bytes(data); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// For runtime check if class implements interface +class Hash { + // Safe version that clones internal state + clone() { + return this._cloneInto(); + } +} +function wrapConstructor(hashCons) { + const hashC = (msg) => hashCons().update(toBytes(msg)).digest(); + const tmp = hashCons(); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = () => hashCons(); + return hashC; +} +function wrapXOFConstructorWithOpts(hashCons) { + const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest(); + const tmp = hashCons({}); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (opts) => hashCons(opts); + return hashC; +} +/** + * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS. + */ +function randomBytes(bytesLength = 32) { + if (crypto && typeof crypto.getRandomValues === 'function') { + return crypto.getRandomValues(new Uint8Array(bytesLength)); + } + // Legacy Node.js compatibility + if (crypto && typeof crypto.randomBytes === 'function') { + return crypto.randomBytes(bytesLength); + } + throw new Error('crypto.getRandomValues must be defined'); +} + +/** + * Polyfill for Safari 14 + */ +function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = isLE ? 4 : 0; + const l = isLE ? 0 : 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +/** + * Choice: a ? b : c + */ +const Chi = (a, b, c) => (a & b) ^ (~a & c); +/** + * Majority function, true if any two inputs is true + */ +const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c); +/** + * Merkle-Damgard hash construction base class. + * Could be used to create MD5, RIPEMD, SHA1, SHA2. + */ +class HashMD extends Hash { + constructor(blockLen, outputLen, padOffset, isLE) { + super(); + this.blockLen = blockLen; + this.outputLen = outputLen; + this.padOffset = padOffset; + this.isLE = isLE; + this.finished = false; + this.length = 0; + this.pos = 0; + this.destroyed = false; + this.buffer = new Uint8Array(blockLen); + this.view = createView(this.buffer); + } + update(data) { + exists(this); + const { view, buffer, blockLen } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + // Fast path: we have at least one block in input, cast it to view and process + if (take === blockLen) { + const dataView = createView(data); + for (; blockLen <= len - pos; pos += blockLen) + this.process(dataView, pos); + continue; + } + buffer.set(data.subarray(pos, pos + take), this.pos); + this.pos += take; + pos += take; + if (this.pos === blockLen) { + this.process(view, 0); + this.pos = 0; + } + } + this.length += data.length; + this.roundClean(); + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // Padding + // We can avoid allocation of buffer for padding completely if it + // was previously not allocated here. But it won't change performance. + const { buffer, view, blockLen, isLE } = this; + let { pos } = this; + // append the bit '1' to the message + buffer[pos++] = 0b10000000; + this.buffer.subarray(pos).fill(0); + // we have less than padOffset left in buffer, so we cannot put length in + // current block, need process it and pad again + if (this.padOffset > blockLen - pos) { + this.process(view, 0); + pos = 0; + } + // Pad until full block byte with zeros + for (let i = pos; i < blockLen; i++) + buffer[i] = 0; + // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that + // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen. + // So we just write lowest 64 bits of that value. + setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE); + this.process(view, 0); + const oview = createView(out); + const len = this.outputLen; + // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT + if (len % 4) + throw new Error('_sha2: outputLen should be aligned to 32bit'); + const outLen = len / 4; + const state = this.get(); + if (outLen > state.length) + throw new Error('_sha2: outputLen bigger than state'); + for (let i = 0; i < outLen; i++) + oview.setUint32(4 * i, state[i], isLE); + } + digest() { + const { buffer, outputLen } = this; + this.digestInto(buffer); + const res = buffer.slice(0, outputLen); + this.destroy(); + return res; + } + _cloneInto(to) { + to || (to = new this.constructor()); + to.set(...this.get()); + const { blockLen, buffer, length, finished, destroyed, pos } = this; + to.length = length; + to.pos = pos; + to.finished = finished; + to.destroyed = destroyed; + if (length % blockLen) + to.buffer.set(buffer); + return to; + } +} + +// SHA2-256 need to try 2^128 hashes to execute birthday attack. +// BTC network is doing 2^67 hashes/sec as per early 2023. +// Round constants: +// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) +// prettier-ignore +const SHA256_K = /* @__PURE__ */ new Uint32Array([ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +]); +// Initial state: +// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19 +// prettier-ignore +const SHA256_IV = /* @__PURE__ */ new Uint32Array([ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA256_W = /* @__PURE__ */ new Uint32Array(64); +class SHA256 extends HashMD { + constructor() { + super(64, 32, 8, false); + // We cannot use array here since array allows indexing by variable + // which means optimizer/compiler cannot use registers. + this.A = SHA256_IV[0] | 0; + this.B = SHA256_IV[1] | 0; + this.C = SHA256_IV[2] | 0; + this.D = SHA256_IV[3] | 0; + this.E = SHA256_IV[4] | 0; + this.F = SHA256_IV[5] | 0; + this.G = SHA256_IV[6] | 0; + this.H = SHA256_IV[7] | 0; + } + get() { + const { A, B, C, D, E, F, G, H } = this; + return [A, B, C, D, E, F, G, H]; + } + // prettier-ignore + set(A, B, C, D, E, F, G, H) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + this.F = F | 0; + this.G = G | 0; + this.H = H | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) + SHA256_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 64; i++) { + const W15 = SHA256_W[i - 15]; + const W2 = SHA256_W[i - 2]; + const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3); + const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10); + SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0; + } + // Compression function main loop, 64 rounds + let { A, B, C, D, E, F, G, H } = this; + for (let i = 0; i < 64; i++) { + const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25); + const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22); + const T2 = (sigma0 + Maj(A, B, C)) | 0; + H = G; + G = F; + F = E; + E = (D + T1) | 0; + D = C; + C = B; + B = A; + A = (T1 + T2) | 0; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + F = (F + this.F) | 0; + G = (G + this.G) | 0; + H = (H + this.H) | 0; + this.set(A, B, C, D, E, F, G, H); + } + roundClean() { + SHA256_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf +class SHA224 extends SHA256 { + constructor() { + super(); + this.A = 0xc1059ed8 | 0; + this.B = 0x367cd507 | 0; + this.C = 0x3070dd17 | 0; + this.D = 0xf70e5939 | 0; + this.E = 0xffc00b31 | 0; + this.F = 0x68581511 | 0; + this.G = 0x64f98fa7 | 0; + this.H = 0xbefa4fa4 | 0; + this.outputLen = 28; + } +} +/** + * SHA2-256 hash function + * @param message - data that would be hashed + */ +const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256()); +/** + * SHA2-224 hash function + */ +const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224()); + +const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1); +const _32n = /* @__PURE__ */ BigInt(32); +// We are not using BigUint64Array, because they are extremely slow as per 2022 +function fromBig(n, le = false) { + if (le) + return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) }; + return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 }; +} +function split(lst, le = false) { + let Ah = new Uint32Array(lst.length); + let Al = new Uint32Array(lst.length); + for (let i = 0; i < lst.length; i++) { + const { h, l } = fromBig(lst[i], le); + [Ah[i], Al[i]] = [h, l]; + } + return [Ah, Al]; +} +const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0); +// for Shift in [0, 32) +const shrSH = (h, _l, s) => h >>> s; +const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in [1, 32) +const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s)); +const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32)); +const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s)); +// Right rotate for shift===32 (just swaps l&h) +const rotr32H = (_h, l) => l; +const rotr32L = (h, _l) => h; +// Left rotate for Shift in [1, 32) +const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s)); +const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s)); +// Left rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s)); +const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s)); +// JS uses 32-bit signed integers for bitwise operations which means we cannot +// simple take carry out of low bit sum by shift, we need to use division. +function add(Ah, Al, Bh, Bl) { + const l = (Al >>> 0) + (Bl >>> 0); + return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 }; +} +// Addition with more than 2 elements +const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0); +const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0; +const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0); +const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0; +const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0); +const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0; +// prettier-ignore +const u64 = { + fromBig, split, toBig, + shrSH, shrSL, + rotrSH, rotrSL, rotrBH, rotrBL, + rotr32H, rotr32L, + rotlSH, rotlSL, rotlBH, rotlBL, + add, add3L, add3H, add4L, add4H, add5H, add5L, +}; + +// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409): +// prettier-ignore +const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([ + '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc', + '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118', + '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2', + '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694', + '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65', + '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5', + '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4', + '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70', + '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df', + '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b', + '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30', + '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8', + '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8', + '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3', + '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec', + '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b', + '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178', + '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b', + '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c', + '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817' +].map(n => BigInt(n))))(); +// Temporary buffer, not used to store anything between runs +const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80); +const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80); +class SHA512 extends HashMD { + constructor() { + super(128, 64, 16, false); + // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers. + // Also looks cleaner and easier to verify with spec. + // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19): + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0x6a09e667 | 0; + this.Al = 0xf3bcc908 | 0; + this.Bh = 0xbb67ae85 | 0; + this.Bl = 0x84caa73b | 0; + this.Ch = 0x3c6ef372 | 0; + this.Cl = 0xfe94f82b | 0; + this.Dh = 0xa54ff53a | 0; + this.Dl = 0x5f1d36f1 | 0; + this.Eh = 0x510e527f | 0; + this.El = 0xade682d1 | 0; + this.Fh = 0x9b05688c | 0; + this.Fl = 0x2b3e6c1f | 0; + this.Gh = 0x1f83d9ab | 0; + this.Gl = 0xfb41bd6b | 0; + this.Hh = 0x5be0cd19 | 0; + this.Hl = 0x137e2179 | 0; + } + // prettier-ignore + get() { + const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl]; + } + // prettier-ignore + set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) { + this.Ah = Ah | 0; + this.Al = Al | 0; + this.Bh = Bh | 0; + this.Bl = Bl | 0; + this.Ch = Ch | 0; + this.Cl = Cl | 0; + this.Dh = Dh | 0; + this.Dl = Dl | 0; + this.Eh = Eh | 0; + this.El = El | 0; + this.Fh = Fh | 0; + this.Fl = Fl | 0; + this.Gh = Gh | 0; + this.Gl = Gl | 0; + this.Hh = Hh | 0; + this.Hl = Hl | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) { + SHA512_W_H[i] = view.getUint32(offset); + SHA512_W_L[i] = view.getUint32((offset += 4)); + } + for (let i = 16; i < 80; i++) { + // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7) + const W15h = SHA512_W_H[i - 15] | 0; + const W15l = SHA512_W_L[i - 15] | 0; + const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7); + const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7); + // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6) + const W2h = SHA512_W_H[i - 2] | 0; + const W2l = SHA512_W_L[i - 2] | 0; + const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6); + const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6); + // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16]; + const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]); + const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]); + SHA512_W_H[i] = SUMh | 0; + SHA512_W_L[i] = SUMl | 0; + } + let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + // Compression function main loop, 80 rounds + for (let i = 0; i < 80; i++) { + // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41) + const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41); + const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41); + //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const CHIh = (Eh & Fh) ^ (~Eh & Gh); + const CHIl = (El & Fl) ^ (~El & Gl); + // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i] + // prettier-ignore + const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]); + const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]); + const T1l = T1ll | 0; + // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39) + const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39); + const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39); + const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch); + const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl); + Hh = Gh | 0; + Hl = Gl | 0; + Gh = Fh | 0; + Gl = Fl | 0; + Fh = Eh | 0; + Fl = El | 0; + ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0)); + Dh = Ch | 0; + Dl = Cl | 0; + Ch = Bh | 0; + Cl = Bl | 0; + Bh = Ah | 0; + Bl = Al | 0; + const All = u64.add3L(T1l, sigma0l, MAJl); + Ah = u64.add3H(All, T1h, sigma0h, MAJh); + Al = All | 0; + } + // Add the compressed chunk to the current hash value + ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0)); + ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0)); + ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0)); + ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0)); + ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0)); + ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0)); + ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0)); + ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0)); + this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl); + } + roundClean() { + SHA512_W_H.fill(0); + SHA512_W_L.fill(0); + } + destroy() { + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + } +} +class SHA384 extends SHA512 { + constructor() { + super(); + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0xcbbb9d5d | 0; + this.Al = 0xc1059ed8 | 0; + this.Bh = 0x629a292a | 0; + this.Bl = 0x367cd507 | 0; + this.Ch = 0x9159015a | 0; + this.Cl = 0x3070dd17 | 0; + this.Dh = 0x152fecd8 | 0; + this.Dl = 0xf70e5939 | 0; + this.Eh = 0x67332667 | 0; + this.El = 0xffc00b31 | 0; + this.Fh = 0x8eb44a87 | 0; + this.Fl = 0x68581511 | 0; + this.Gh = 0xdb0c2e0d | 0; + this.Gl = 0x64f98fa7 | 0; + this.Hh = 0x47b5481d | 0; + this.Hl = 0xbefa4fa4 | 0; + this.outputLen = 48; + } +} +const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512()); +const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384()); + +// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size. +// It's called a sponge function. +// Various per round constants calculations +const SHA3_PI = []; +const SHA3_ROTL = []; +const _SHA3_IOTA = []; +const _0n = /* @__PURE__ */ BigInt(0); +const _1n = /* @__PURE__ */ BigInt(1); +const _2n = /* @__PURE__ */ BigInt(2); +const _7n = /* @__PURE__ */ BigInt(7); +const _256n = /* @__PURE__ */ BigInt(256); +const _0x71n = /* @__PURE__ */ BigInt(0x71); +for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) { + // Pi + [x, y] = [y, (2 * x + 3 * y) % 5]; + SHA3_PI.push(2 * (5 * y + x)); + // Rotational + SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64); + // Iota + let t = _0n; + for (let j = 0; j < 7; j++) { + R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n; + if (R & _2n) + t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n); + } + _SHA3_IOTA.push(t); +} +const [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true); +// Left rotation (without 0, 32, 64) +const rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s)); +const rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s)); +// Same as keccakf1600, but allows to skip some rounds +function keccakP(s, rounds = 24) { + const B = new Uint32Array(5 * 2); + // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js) + for (let round = 24 - rounds; round < 24; round++) { + // Theta θ + for (let x = 0; x < 10; x++) + B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40]; + for (let x = 0; x < 10; x += 2) { + const idx1 = (x + 8) % 10; + const idx0 = (x + 2) % 10; + const B0 = B[idx0]; + const B1 = B[idx0 + 1]; + const Th = rotlH(B0, B1, 1) ^ B[idx1]; + const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1]; + for (let y = 0; y < 50; y += 10) { + s[x + y] ^= Th; + s[x + y + 1] ^= Tl; + } + } + // Rho (ρ) and Pi (π) + let curH = s[2]; + let curL = s[3]; + for (let t = 0; t < 24; t++) { + const shift = SHA3_ROTL[t]; + const Th = rotlH(curH, curL, shift); + const Tl = rotlL(curH, curL, shift); + const PI = SHA3_PI[t]; + curH = s[PI]; + curL = s[PI + 1]; + s[PI] = Th; + s[PI + 1] = Tl; + } + // Chi (χ) + for (let y = 0; y < 50; y += 10) { + for (let x = 0; x < 10; x++) + B[x] = s[y + x]; + for (let x = 0; x < 10; x++) + s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10]; + } + // Iota (ι) + s[0] ^= SHA3_IOTA_H[round]; + s[1] ^= SHA3_IOTA_L[round]; + } + B.fill(0); +} +class Keccak extends Hash { + // NOTE: we accept arguments in bytes instead of bits here. + constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) { + super(); + this.blockLen = blockLen; + this.suffix = suffix; + this.outputLen = outputLen; + this.enableXOF = enableXOF; + this.rounds = rounds; + this.pos = 0; + this.posOut = 0; + this.finished = false; + this.destroyed = false; + // Can be passed from user as dkLen + number(outputLen); + // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes + if (0 >= this.blockLen || this.blockLen >= 200) + throw new Error('Sha3 supports only keccak-f1600 function'); + this.state = new Uint8Array(200); + this.state32 = u32(this.state); + } + keccak() { + if (!isLE) + byteSwap32(this.state32); + keccakP(this.state32, this.rounds); + if (!isLE) + byteSwap32(this.state32); + this.posOut = 0; + this.pos = 0; + } + update(data) { + exists(this); + const { blockLen, state } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + for (let i = 0; i < take; i++) + state[this.pos++] ^= data[pos++]; + if (this.pos === blockLen) + this.keccak(); + } + return this; + } + finish() { + if (this.finished) + return; + this.finished = true; + const { state, suffix, pos, blockLen } = this; + // Do the padding + state[pos] ^= suffix; + if ((suffix & 0x80) !== 0 && pos === blockLen - 1) + this.keccak(); + state[blockLen - 1] ^= 0x80; + this.keccak(); + } + writeInto(out) { + exists(this, false); + bytes(out); + this.finish(); + const bufferOut = this.state; + const { blockLen } = this; + for (let pos = 0, len = out.length; pos < len;) { + if (this.posOut >= blockLen) + this.keccak(); + const take = Math.min(blockLen - this.posOut, len - pos); + out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos); + this.posOut += take; + pos += take; + } + return out; + } + xofInto(out) { + // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF + if (!this.enableXOF) + throw new Error('XOF is not possible for this instance'); + return this.writeInto(out); + } + xof(bytes) { + number(bytes); + return this.xofInto(new Uint8Array(bytes)); + } + digestInto(out) { + output(out, this); + if (this.finished) + throw new Error('digest() was already called'); + this.writeInto(out); + this.destroy(); + return out; + } + digest() { + return this.digestInto(new Uint8Array(this.outputLen)); + } + destroy() { + this.destroyed = true; + this.state.fill(0); + } + _cloneInto(to) { + const { blockLen, suffix, outputLen, rounds, enableXOF } = this; + to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds)); + to.state32.set(this.state32); + to.pos = this.pos; + to.posOut = this.posOut; + to.finished = this.finished; + to.rounds = rounds; + // Suffix can change in cSHAKE + to.suffix = suffix; + to.outputLen = outputLen; + to.enableXOF = enableXOF; + to.destroyed = this.destroyed; + return to; + } +} +const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen)); +/** + * SHA3-256 hash function + * @param message - that would be hashed + */ +const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8); +const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8); +const genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true)); +const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8); + +export { Chi as C, Hash as H, Maj as M, sha384 as a, bytes as b, concatBytes as c, sha512 as d, exists as e, shake256 as f, HashMD as g, hash as h, rotl as i, sha224 as j, sha3_256 as k, sha3_512 as l, randomBytes as r, sha256 as s, toBytes as t, utf8ToBytes as u, wrapConstructor as w }; diff --git a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs b/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs deleted file mode 100644 index 66d080272..000000000 --- a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs +++ /dev/null @@ -1,17 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self; -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */var t=function(e,r){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},t(e,r)};function e(e,r){if("function"!=typeof r&&null!==r)throw new TypeError("Class extends value "+r+" is not a constructor or null");function n(){this.constructor=e}t(e,r),e.prototype=null===r?Object.create(r):(n.prototype=r.prototype,new n)}function r(t){if(!t)throw new TypeError("Assertion failed")}function n(){}function i(t){return"object"==typeof t&&null!==t||"function"==typeof t}function o(t){if("function"!=typeof t)return!1;var e=!1;try{new t({start:function(){e=!0}})}catch(t){}return e}function a(t){return!!i(t)&&"function"==typeof t.getReader}function s(t){return!!i(t)&&"function"==typeof t.getWriter}function u(t){return!!i(t)&&(!!a(t.readable)&&!!s(t.writable))}function d(t){try{return t.getReader({mode:"byob"}).releaseLock(),!0}catch(t){return!1}}function h(t){r(function(t){return!!o(t)&&!!a(new t)}(t));var e=function(t){try{return new t({type:"bytes"}),!0}catch(t){return!1}}(t);return function(r,n){var i=(void 0===n?{}:n).type;if("bytes"!==(i=f(i))||e||(i=void 0),r.constructor===t&&("bytes"!==i||d(r)))return r;if("bytes"===i){var o=c(r,{type:i});return new t(o)}o=c(r);return new t(o)}}function c(t,e){var n=(void 0===e?{}:e).type;return r(a(t)),r(!1===t.locked),"bytes"===(n=f(n))?new y(t):new _(t)}function f(t){var e=t+"";if("bytes"===e)return e;if(void 0===t)return t;throw new RangeError("Invalid type is specified")}var l=function(){function t(t){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=t,this._attachDefaultReader()}return t.prototype.start=function(t){this._readableStreamController=t},t.prototype.cancel=function(t){return r(void 0!==this._underlyingReader),this._underlyingReader.cancel(t)},t.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var t=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(t)}},t.prototype._attachReader=function(t){var e=this;r(void 0===this._underlyingReader),this._underlyingReader=t;var i=this._underlyingReader.closed;i&&i.then((function(){return e._finishPendingRead()})).then((function(){t===e._underlyingReader&&e._readableStreamController.close()}),(function(r){t===e._underlyingReader&&e._readableStreamController.error(r)})).catch(n)},t.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},t.prototype._pullWithDefaultReader=function(){var t=this;this._attachDefaultReader();var e=this._underlyingReader.read().then((function(e){var r=t._readableStreamController;e.done?t._tryClose():r.enqueue(e.value)}));return this._setPendingRead(e),e},t.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(t){}},t.prototype._setPendingRead=function(t){var e,r=this,n=function(){r._pendingRead===e&&(r._pendingRead=void 0)};this._pendingRead=e=t.then(n,n)},t.prototype._finishPendingRead=function(){var t=this;if(this._pendingRead){var e=function(){return t._finishPendingRead()};return this._pendingRead.then(e,e)}},t}(),_=function(t){function r(){return null!==t&&t.apply(this,arguments)||this}return e(r,t),r.prototype.pull=function(){return this._pullWithDefaultReader()},r}(l);function p(t){return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}var y=function(t){function n(e){var r=this,n=d(e);return(r=t.call(this,e)||this)._supportsByob=n,r}return e(n,t),Object.defineProperty(n.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),n.prototype._attachByobReader=function(){if("byob"!==this._readerMode){r(this._supportsByob),this._detachReader();var t=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(t)}},n.prototype.pull=function(){if(this._supportsByob){var t=this._readableStreamController.byobRequest;if(t)return this._pullWithByobRequest(t)}return this._pullWithDefaultReader()},n.prototype._pullWithByobRequest=function(t){var e=this;this._attachByobReader();var r=new Uint8Array(t.view.byteLength),n=this._underlyingReader.read(r).then((function(r){var n,i,o;e._readableStreamController,r.done?(e._tryClose(),t.respond(0)):(n=r.value,i=t.view,o=p(n),p(i).set(o,0),t.respond(r.value.byteLength))}));return this._setPendingRead(n),n},n}(l);function v(t){return r(function(t){return!!o(t)&&!!s(new t)}(t)),function(e){if(e.constructor===t)return e;var r=g(e);return new t(r)}}function g(t){r(s(t)),r(!1===t.locked);var e=t.getWriter();return new b(e)}var b=function(){function t(t){var e=this;this._writableStreamController=void 0,this._pendingWrite=void 0,this._state="writable",this._storedError=void 0,this._underlyingWriter=t,this._errorPromise=new Promise((function(t,r){e._errorPromiseReject=r})),this._errorPromise.catch(n)}return t.prototype.start=function(t){var e=this;this._writableStreamController=t,this._underlyingWriter.closed.then((function(){e._state="closed"})).catch((function(t){return e._finishErroring(t)}))},t.prototype.write=function(t){var e=this,r=this._underlyingWriter;if(null===r.desiredSize)return r.ready;var n=r.write(t);n.catch((function(t){return e._finishErroring(t)})),r.ready.catch((function(t){return e._startErroring(t)}));var i=Promise.race([n,this._errorPromise]);return this._setPendingWrite(i),i},t.prototype.close=function(){var t=this;return void 0===this._pendingWrite?this._underlyingWriter.close():this._finishPendingWrite().then((function(){return t.close()}))},t.prototype.abort=function(t){if("errored"!==this._state)return this._underlyingWriter.abort(t)},t.prototype._setPendingWrite=function(t){var e,r=this,n=function(){r._pendingWrite===e&&(r._pendingWrite=void 0)};this._pendingWrite=e=t.then(n,n)},t.prototype._finishPendingWrite=function(){var t=this;if(void 0===this._pendingWrite)return Promise.resolve();var e=function(){return t._finishPendingWrite()};return this._pendingWrite.then(e,e)},t.prototype._startErroring=function(t){var e=this;if("writable"===this._state){this._state="erroring",this._storedError=t;var r=function(){return e._finishErroring(t)};void 0===this._pendingWrite?r():this._finishPendingWrite().then(r,r),this._writableStreamController.error(t)}},t.prototype._finishErroring=function(t){"writable"===this._state&&this._startErroring(t),"erroring"===this._state&&(this._state="errored",this._errorPromiseReject(this._storedError))},t}();function R(t){return r(function(t){return!!o(t)&&!!u(new t)}(t)),function(e){if(e.constructor===t)return e;var r=w(e);return new t(r)}}function w(t){r(u(t));var e=t.readable,n=t.writable;r(!1===e.locked),r(!1===n.locked);var i,o=e.getReader();try{i=n.getWriter()}catch(t){throw o.releaseLock(),t}return new m(o,i)}var m=function(){function t(t,e){var r=this;this._transformStreamController=void 0,this._onRead=function(t){if(!t.done)return r._transformStreamController.enqueue(t.value),r._reader.read().then(r._onRead)},this._onError=function(t){r._flushReject(t),r._transformStreamController.error(t),r._reader.cancel(t).catch(n),r._writer.abort(t).catch(n)},this._onTerminate=function(){r._flushResolve(),r._transformStreamController.terminate();var t=new TypeError("TransformStream terminated");r._writer.abort(t).catch(n)},this._reader=t,this._writer=e,this._flushPromise=new Promise((function(t,e){r._flushResolve=t,r._flushReject=e}))}return t.prototype.start=function(t){this._transformStreamController=t,this._reader.read().then(this._onRead).then(this._onTerminate,this._onError);var e=this._reader.closed;e&&e.then(this._onTerminate,this._onError)},t.prototype.transform=function(t){return this._writer.write(t)},t.prototype.flush=function(){var t=this;return this._writer.close().then((function(){return t._flushPromise}))},t}();export{h as createReadableStreamWrapper,R as createTransformStreamWrapper,c as createWrappingReadableSource,w as createWrappingTransformer,g as createWrappingWritableSink,v as createWritableStreamWrapper}; -//# sourceMappingURL=web-streams-adapter.min.mjs.map diff --git a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs.map b/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs.map deleted file mode 100644 index f21dd2b49..000000000 --- a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.min.mjs.map +++ /dev/null @@ -1 +0,0 @@ -{"version":3,"file":"web-streams-adapter.min.mjs","sources":["../../node_modules/@mattiasbuelens/web-streams-adapter/dist/web-streams-adapter.mjs"],"sourcesContent":["/*! *****************************************************************************\nCopyright (c) Microsoft Corporation.\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\nPERFORMANCE OF THIS SOFTWARE.\n***************************************************************************** */\n/* global Reflect, Promise */\n\nvar extendStatics = function(d, b) {\n extendStatics = Object.setPrototypeOf ||\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\n return extendStatics(d, b);\n};\n\nfunction __extends(d, b) {\n if (typeof b !== \"function\" && b !== null)\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\n extendStatics(d, b);\n function __() { this.constructor = d; }\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\n}\n\nfunction assert(test) {\n if (!test) {\n throw new TypeError('Assertion failed');\n }\n}\n\nfunction noop() {\n return;\n}\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\n\nfunction isStreamConstructor(ctor) {\n if (typeof ctor !== 'function') {\n return false;\n }\n var startCalled = false;\n try {\n new ctor({\n start: function () {\n startCalled = true;\n }\n });\n }\n catch (e) {\n // ignore\n }\n return startCalled;\n}\nfunction isReadableStream(readable) {\n if (!typeIsObject(readable)) {\n return false;\n }\n if (typeof readable.getReader !== 'function') {\n return false;\n }\n return true;\n}\nfunction isReadableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isReadableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isWritableStream(writable) {\n if (!typeIsObject(writable)) {\n return false;\n }\n if (typeof writable.getWriter !== 'function') {\n return false;\n }\n return true;\n}\nfunction isWritableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isWritableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isTransformStream(transform) {\n if (!typeIsObject(transform)) {\n return false;\n }\n if (!isReadableStream(transform.readable)) {\n return false;\n }\n if (!isWritableStream(transform.writable)) {\n return false;\n }\n return true;\n}\nfunction isTransformStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isTransformStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction supportsByobReader(readable) {\n try {\n var reader = readable.getReader({ mode: 'byob' });\n reader.releaseLock();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction supportsByteSource(ctor) {\n try {\n new ctor({ type: 'bytes' });\n return true;\n }\n catch (_a) {\n return false;\n }\n}\n\nfunction createReadableStreamWrapper(ctor) {\n assert(isReadableStreamConstructor(ctor));\n var byteSourceSupported = supportsByteSource(ctor);\n return function (readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n type = parseReadableType(type);\n if (type === 'bytes' && !byteSourceSupported) {\n type = undefined;\n }\n if (readable.constructor === ctor) {\n if (type !== 'bytes' || supportsByobReader(readable)) {\n return readable;\n }\n }\n if (type === 'bytes') {\n var source = createWrappingReadableSource(readable, { type: type });\n return new ctor(source);\n }\n else {\n var source = createWrappingReadableSource(readable);\n return new ctor(source);\n }\n };\n}\nfunction createWrappingReadableSource(readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n assert(isReadableStream(readable));\n assert(readable.locked === false);\n type = parseReadableType(type);\n var source;\n if (type === 'bytes') {\n source = new WrappingReadableByteStreamSource(readable);\n }\n else {\n source = new WrappingReadableStreamDefaultSource(readable);\n }\n return source;\n}\nfunction parseReadableType(type) {\n var typeString = String(type);\n if (typeString === 'bytes') {\n return typeString;\n }\n else if (type === undefined) {\n return type;\n }\n else {\n throw new RangeError('Invalid type is specified');\n }\n}\nvar AbstractWrappingReadableStreamSource = /** @class */ (function () {\n function AbstractWrappingReadableStreamSource(underlyingStream) {\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n this._readableStreamController = undefined;\n this._pendingRead = undefined;\n this._underlyingStream = underlyingStream;\n // always keep a reader attached to detect close/error\n this._attachDefaultReader();\n }\n AbstractWrappingReadableStreamSource.prototype.start = function (controller) {\n this._readableStreamController = controller;\n };\n AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) {\n assert(this._underlyingReader !== undefined);\n return this._underlyingReader.cancel(reason);\n };\n AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () {\n if (this._readerMode === \"default\" /* DEFAULT */) {\n return;\n }\n this._detachReader();\n var reader = this._underlyingStream.getReader();\n this._readerMode = \"default\" /* DEFAULT */;\n this._attachReader(reader);\n };\n AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) {\n var _this = this;\n assert(this._underlyingReader === undefined);\n this._underlyingReader = reader;\n var closed = this._underlyingReader.closed;\n if (!closed) {\n return;\n }\n closed\n .then(function () { return _this._finishPendingRead(); })\n .then(function () {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.close();\n }\n }, function (reason) {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.error(reason);\n }\n })\n .catch(noop);\n };\n AbstractWrappingReadableStreamSource.prototype._detachReader = function () {\n if (this._underlyingReader === undefined) {\n return;\n }\n this._underlyingReader.releaseLock();\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n };\n AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () {\n var _this = this;\n this._attachDefaultReader();\n // TODO Backpressure?\n var read = this._underlyingReader.read()\n .then(function (result) {\n var controller = _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n }\n else {\n controller.enqueue(result.value);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n AbstractWrappingReadableStreamSource.prototype._tryClose = function () {\n try {\n this._readableStreamController.close();\n }\n catch (_a) {\n // already errored or closed\n }\n };\n AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) {\n var _this = this;\n var pendingRead;\n var finishRead = function () {\n if (_this._pendingRead === pendingRead) {\n _this._pendingRead = undefined;\n }\n };\n this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead);\n };\n AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () {\n var _this = this;\n if (!this._pendingRead) {\n return undefined;\n }\n var afterRead = function () { return _this._finishPendingRead(); };\n return this._pendingRead.then(afterRead, afterRead);\n };\n return AbstractWrappingReadableStreamSource;\n}());\nvar WrappingReadableStreamDefaultSource = /** @class */ (function (_super) {\n __extends(WrappingReadableStreamDefaultSource, _super);\n function WrappingReadableStreamDefaultSource() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n WrappingReadableStreamDefaultSource.prototype.pull = function () {\n return this._pullWithDefaultReader();\n };\n return WrappingReadableStreamDefaultSource;\n}(AbstractWrappingReadableStreamSource));\nfunction toUint8Array(view) {\n return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);\n}\nfunction copyArrayBufferView(from, to) {\n var fromArray = toUint8Array(from);\n var toArray = toUint8Array(to);\n toArray.set(fromArray, 0);\n}\nvar WrappingReadableByteStreamSource = /** @class */ (function (_super) {\n __extends(WrappingReadableByteStreamSource, _super);\n function WrappingReadableByteStreamSource(underlyingStream) {\n var _this = this;\n var supportsByob = supportsByobReader(underlyingStream);\n _this = _super.call(this, underlyingStream) || this;\n _this._supportsByob = supportsByob;\n return _this;\n }\n Object.defineProperty(WrappingReadableByteStreamSource.prototype, \"type\", {\n get: function () {\n return 'bytes';\n },\n enumerable: false,\n configurable: true\n });\n WrappingReadableByteStreamSource.prototype._attachByobReader = function () {\n if (this._readerMode === \"byob\" /* BYOB */) {\n return;\n }\n assert(this._supportsByob);\n this._detachReader();\n var reader = this._underlyingStream.getReader({ mode: 'byob' });\n this._readerMode = \"byob\" /* BYOB */;\n this._attachReader(reader);\n };\n WrappingReadableByteStreamSource.prototype.pull = function () {\n if (this._supportsByob) {\n var byobRequest = this._readableStreamController.byobRequest;\n if (byobRequest) {\n return this._pullWithByobRequest(byobRequest);\n }\n }\n return this._pullWithDefaultReader();\n };\n WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) {\n var _this = this;\n this._attachByobReader();\n // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly\n // create a separate buffer to read into, then copy that to byobRequest.view\n var buffer = new Uint8Array(byobRequest.view.byteLength);\n // TODO Backpressure?\n var read = this._underlyingReader.read(buffer)\n .then(function (result) {\n _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n byobRequest.respond(0);\n }\n else {\n copyArrayBufferView(result.value, byobRequest.view);\n byobRequest.respond(result.value.byteLength);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n return WrappingReadableByteStreamSource;\n}(AbstractWrappingReadableStreamSource));\n\nfunction createWritableStreamWrapper(ctor) {\n assert(isWritableStreamConstructor(ctor));\n return function (writable) {\n if (writable.constructor === ctor) {\n return writable;\n }\n var sink = createWrappingWritableSink(writable);\n return new ctor(sink);\n };\n}\nfunction createWrappingWritableSink(writable) {\n assert(isWritableStream(writable));\n assert(writable.locked === false);\n var writer = writable.getWriter();\n return new WrappingWritableStreamSink(writer);\n}\nvar WrappingWritableStreamSink = /** @class */ (function () {\n function WrappingWritableStreamSink(underlyingWriter) {\n var _this = this;\n this._writableStreamController = undefined;\n this._pendingWrite = undefined;\n this._state = \"writable\" /* WRITABLE */;\n this._storedError = undefined;\n this._underlyingWriter = underlyingWriter;\n this._errorPromise = new Promise(function (resolve, reject) {\n _this._errorPromiseReject = reject;\n });\n this._errorPromise.catch(noop);\n }\n WrappingWritableStreamSink.prototype.start = function (controller) {\n var _this = this;\n this._writableStreamController = controller;\n this._underlyingWriter.closed\n .then(function () {\n _this._state = \"closed\" /* CLOSED */;\n })\n .catch(function (reason) { return _this._finishErroring(reason); });\n };\n WrappingWritableStreamSink.prototype.write = function (chunk) {\n var _this = this;\n var writer = this._underlyingWriter;\n // Detect past errors\n if (writer.desiredSize === null) {\n return writer.ready;\n }\n var writeRequest = writer.write(chunk);\n // Detect future errors\n writeRequest.catch(function (reason) { return _this._finishErroring(reason); });\n writer.ready.catch(function (reason) { return _this._startErroring(reason); });\n // Reject write when errored\n var write = Promise.race([writeRequest, this._errorPromise]);\n this._setPendingWrite(write);\n return write;\n };\n WrappingWritableStreamSink.prototype.close = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return this._underlyingWriter.close();\n }\n return this._finishPendingWrite().then(function () { return _this.close(); });\n };\n WrappingWritableStreamSink.prototype.abort = function (reason) {\n if (this._state === \"errored\" /* ERRORED */) {\n return undefined;\n }\n var writer = this._underlyingWriter;\n return writer.abort(reason);\n };\n WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) {\n var _this = this;\n var pendingWrite;\n var finishWrite = function () {\n if (_this._pendingWrite === pendingWrite) {\n _this._pendingWrite = undefined;\n }\n };\n this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite);\n };\n WrappingWritableStreamSink.prototype._finishPendingWrite = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return Promise.resolve();\n }\n var afterWrite = function () { return _this._finishPendingWrite(); };\n return this._pendingWrite.then(afterWrite, afterWrite);\n };\n WrappingWritableStreamSink.prototype._startErroring = function (reason) {\n var _this = this;\n if (this._state === \"writable\" /* WRITABLE */) {\n this._state = \"erroring\" /* ERRORING */;\n this._storedError = reason;\n var afterWrite = function () { return _this._finishErroring(reason); };\n if (this._pendingWrite === undefined) {\n afterWrite();\n }\n else {\n this._finishPendingWrite().then(afterWrite, afterWrite);\n }\n this._writableStreamController.error(reason);\n }\n };\n WrappingWritableStreamSink.prototype._finishErroring = function (reason) {\n if (this._state === \"writable\" /* WRITABLE */) {\n this._startErroring(reason);\n }\n if (this._state === \"erroring\" /* ERRORING */) {\n this._state = \"errored\" /* ERRORED */;\n this._errorPromiseReject(this._storedError);\n }\n };\n return WrappingWritableStreamSink;\n}());\n\nfunction createTransformStreamWrapper(ctor) {\n assert(isTransformStreamConstructor(ctor));\n return function (transform) {\n if (transform.constructor === ctor) {\n return transform;\n }\n var transformer = createWrappingTransformer(transform);\n return new ctor(transformer);\n };\n}\nfunction createWrappingTransformer(transform) {\n assert(isTransformStream(transform));\n var readable = transform.readable, writable = transform.writable;\n assert(readable.locked === false);\n assert(writable.locked === false);\n var reader = readable.getReader();\n var writer;\n try {\n writer = writable.getWriter();\n }\n catch (e) {\n reader.releaseLock(); // do not leak reader\n throw e;\n }\n return new WrappingTransformStreamTransformer(reader, writer);\n}\nvar WrappingTransformStreamTransformer = /** @class */ (function () {\n function WrappingTransformStreamTransformer(reader, writer) {\n var _this = this;\n this._transformStreamController = undefined;\n this._onRead = function (result) {\n if (result.done) {\n return;\n }\n _this._transformStreamController.enqueue(result.value);\n return _this._reader.read().then(_this._onRead);\n };\n this._onError = function (reason) {\n _this._flushReject(reason);\n _this._transformStreamController.error(reason);\n _this._reader.cancel(reason).catch(noop);\n _this._writer.abort(reason).catch(noop);\n };\n this._onTerminate = function () {\n _this._flushResolve();\n _this._transformStreamController.terminate();\n var error = new TypeError('TransformStream terminated');\n _this._writer.abort(error).catch(noop);\n };\n this._reader = reader;\n this._writer = writer;\n this._flushPromise = new Promise(function (resolve, reject) {\n _this._flushResolve = resolve;\n _this._flushReject = reject;\n });\n }\n WrappingTransformStreamTransformer.prototype.start = function (controller) {\n this._transformStreamController = controller;\n this._reader.read()\n .then(this._onRead)\n .then(this._onTerminate, this._onError);\n var readerClosed = this._reader.closed;\n if (readerClosed) {\n readerClosed\n .then(this._onTerminate, this._onError);\n }\n };\n WrappingTransformStreamTransformer.prototype.transform = function (chunk) {\n return this._writer.write(chunk);\n };\n WrappingTransformStreamTransformer.prototype.flush = function () {\n var _this = this;\n return this._writer.close()\n .then(function () { return _this._flushPromise; });\n };\n return WrappingTransformStreamTransformer;\n}());\n\nexport { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper };\n//# sourceMappingURL=web-streams-adapter.mjs.map\n"],"names":["extendStatics","d","b","Object","setPrototypeOf","__proto__","Array","p","prototype","hasOwnProperty","call","__extends","TypeError","__","this","constructor","create","assert","test","noop","typeIsObject","x","isStreamConstructor","ctor","startCalled","start","e","isReadableStream","readable","getReader","isWritableStream","writable","getWriter","isTransformStream","transform","supportsByobReader","mode","releaseLock","_a","createReadableStreamWrapper","isReadableStreamConstructor","byteSourceSupported","type","supportsByteSource","parseReadableType","undefined","source","createWrappingReadableSource","locked","WrappingReadableByteStreamSource","WrappingReadableStreamDefaultSource","typeString","String","RangeError","AbstractWrappingReadableStreamSource","underlyingStream","_underlyingReader","_readerMode","_readableStreamController","_pendingRead","_underlyingStream","_attachDefaultReader","controller","cancel","reason","_detachReader","reader","_attachReader","_this","closed","then","_finishPendingRead","close","error","catch","_pullWithDefaultReader","read","result","done","_tryClose","enqueue","value","_setPendingRead","readPromise","pendingRead","finishRead","afterRead","_super","apply","arguments","pull","toUint8Array","view","Uint8Array","buffer","byteOffset","byteLength","supportsByob","_supportsByob","defineProperty","get","enumerable","configurable","_attachByobReader","byobRequest","_pullWithByobRequest","from","to","fromArray","respond","set","createWritableStreamWrapper","isWritableStreamConstructor","sink","createWrappingWritableSink","writer","WrappingWritableStreamSink","underlyingWriter","_writableStreamController","_pendingWrite","_state","_storedError","_underlyingWriter","_errorPromise","Promise","resolve","reject","_errorPromiseReject","_finishErroring","write","chunk","desiredSize","ready","writeRequest","_startErroring","race","_setPendingWrite","_finishPendingWrite","abort","writePromise","pendingWrite","finishWrite","afterWrite","createTransformStreamWrapper","isTransformStreamConstructor","transformer","createWrappingTransformer","WrappingTransformStreamTransformer","_transformStreamController","_onRead","_reader","_onError","_flushReject","_writer","_onTerminate","_flushResolve","terminate","_flushPromise","readerClosed","flush"],"mappings":";;;;;;;;;;;;;;;gFAgBA,IAAIA,EAAgB,SAASC,EAAGC,GAI5B,OAHAF,EAAgBG,OAAOC,gBAClB,CAAEC,UAAW,cAAgBC,OAAS,SAAUL,EAAGC,GAAKD,EAAEI,UAAYH,IACvE,SAAUD,EAAGC,GAAK,IAAK,IAAIK,KAAKL,EAAOC,OAAOK,UAAUC,eAAeC,KAAKR,EAAGK,KAAIN,EAAEM,GAAKL,EAAEK,KACzFP,EAAcC,EAAGC,EAC5B,EAEA,SAASS,EAAUV,EAAGC,GAClB,GAAiB,mBAANA,GAA0B,OAANA,EAC3B,MAAM,IAAIU,UAAU,uBAAgCV,EAAK,iCAE7D,SAASW,IAAOC,KAAKC,YAAcd,EADnCD,EAAcC,EAAGC,GAEjBD,EAAEO,UAAkB,OAANN,EAAaC,OAAOa,OAAOd,IAAMW,EAAGL,UAAYN,EAAEM,UAAW,IAAIK,EACnF,CAEA,SAASI,EAAOC,GACZ,IAAKA,EACD,MAAM,IAAIN,UAAU,mBAE5B,CAEA,SAASO,IAET,CACA,SAASC,EAAaC,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAEA,SAASC,EAAoBC,GACzB,GAAoB,mBAATA,EACP,OAAO,EAEX,IAAIC,GAAc,EAClB,IACI,IAAID,EAAK,CACLE,MAAO,WACHD,GAAc,KAI1B,MAAOE,IAGP,OAAOF,CACX,CACA,SAASG,EAAiBC,GACtB,QAAKR,EAAaQ,IAGgB,mBAAvBA,EAASC,SAIxB,CAUA,SAASC,EAAiBC,GACtB,QAAKX,EAAaW,IAGgB,mBAAvBA,EAASC,SAIxB,CAUA,SAASC,EAAkBC,GACvB,QAAKd,EAAac,OAGbP,EAAiBO,EAAUN,aAG3BE,EAAiBI,EAAUH,UAIpC,CAUA,SAASI,EAAmBP,GACxB,IAGI,OAFaA,EAASC,UAAU,CAAEO,KAAM,SACjCC,eACA,EAEX,MAAOC,GACH,OAAO,EAEf,CAWA,SAASC,EAA4BhB,GACjCN,EArEJ,SAAqCM,GACjC,QAAKD,EAAoBC,MAGpBI,EAAiB,IAAIJ,EAI9B,CA6DWiB,CAA4BjB,IACnC,IAAIkB,EAZR,SAA4BlB,GACxB,IAEI,OADA,IAAIA,EAAK,CAAEmB,KAAM,WACV,EAEX,MAAOJ,GACH,OAAO,EAEf,CAI8BK,CAAmBpB,GAC7C,OAAO,SAAUK,EAAUU,GACvB,IAAkCI,QAAlB,IAAPJ,EAAgB,GAAKA,GAAcI,KAK5C,GAHa,WADbA,EAAOE,EAAkBF,KACAD,IACrBC,OAAOG,GAEPjB,EAASb,cAAgBQ,IACZ,UAATmB,GAAoBP,EAAmBP,IACvC,OAAOA,EAGf,GAAa,UAATc,EAAkB,CAClB,IAAII,EAASC,EAA6BnB,EAAU,CAAEc,KAAMA,IAC5D,OAAO,IAAInB,EAAKuB,GAGZA,EAASC,EAA6BnB,GAC1C,OAAO,IAAIL,EAAKuB,GAG5B,CACA,SAASC,EAA6BnB,EAAUU,GAC5C,IAAkCI,QAAlB,IAAPJ,EAAgB,GAAKA,GAAcI,KAW5C,OAVAzB,EAAOU,EAAiBC,IACxBX,GAA2B,IAApBW,EAASoB,QAGH,WAFbN,EAAOE,EAAkBF,IAGZ,IAAIO,EAAiCrB,GAGrC,IAAIsB,EAAoCtB,EAGzD,CACA,SAASgB,EAAkBF,GACvB,IAAIS,EAAoBT,EAAPU,GACjB,GAAmB,UAAfD,EACA,OAAOA,EAEN,QAAaN,IAATH,EACL,OAAOA,EAGP,MAAM,IAAIW,WAAW,4BAE7B,CACA,IAAIC,EAAsD,WACtD,SAASA,EAAqCC,GAC1CzC,KAAK0C,uBAAoBX,EACzB/B,KAAK2C,iBAAcZ,EACnB/B,KAAK4C,+BAA4Bb,EACjC/B,KAAK6C,kBAAed,EACpB/B,KAAK8C,kBAAoBL,EAEzBzC,KAAK+C,uBA0FT,OAxFAP,EAAqC9C,UAAUiB,MAAQ,SAAUqC,GAC7DhD,KAAK4C,0BAA4BI,GAErCR,EAAqC9C,UAAUuD,OAAS,SAAUC,GAE9D,OADA/C,OAAkC4B,IAA3B/B,KAAK0C,mBACL1C,KAAK0C,kBAAkBO,OAAOC,IAEzCV,EAAqC9C,UAAUqD,qBAAuB,WAClE,GAAyB,YAArB/C,KAAK2C,YAAT,CAGA3C,KAAKmD,gBACL,IAAIC,EAASpD,KAAK8C,kBAAkB/B,YACpCf,KAAK2C,YAAc,UACnB3C,KAAKqD,cAAcD,KAEvBZ,EAAqC9C,UAAU2D,cAAgB,SAAUD,GACrE,IAAIE,EAAQtD,KACZG,OAAkC4B,IAA3B/B,KAAK0C,mBACZ1C,KAAK0C,kBAAoBU,EACzB,IAAIG,EAASvD,KAAK0C,kBAAkBa,OAC/BA,GAGLA,EACKC,MAAK,WAAc,OAAOF,EAAMG,wBAChCD,MAAK,WACFJ,IAAWE,EAAMZ,mBACjBY,EAAMV,0BAA0Bc,WAErC,SAAUR,GACLE,IAAWE,EAAMZ,mBACjBY,EAAMV,0BAA0Be,MAAMT,MAGzCU,MAAMvD,IAEfmC,EAAqC9C,UAAUyD,cAAgB,gBAC5BpB,IAA3B/B,KAAK0C,oBAGT1C,KAAK0C,kBAAkBnB,cACvBvB,KAAK0C,uBAAoBX,EACzB/B,KAAK2C,iBAAcZ,IAEvBS,EAAqC9C,UAAUmE,uBAAyB,WACpE,IAAIP,EAAQtD,KACZA,KAAK+C,uBAEL,IAAIe,EAAO9D,KAAK0C,kBAAkBoB,OAC7BN,MAAK,SAAUO,GAChB,IAAIf,EAAaM,EAAMV,0BACnBmB,EAAOC,KACPV,EAAMW,YAGNjB,EAAWkB,QAAQH,EAAOI,UAIlC,OADAnE,KAAKoE,gBAAgBN,GACdA,GAEXtB,EAAqC9C,UAAUuE,UAAY,WACvD,IACIjE,KAAK4C,0BAA0Bc,QAEnC,MAAOlC,MAIXgB,EAAqC9C,UAAU0E,gBAAkB,SAAUC,GACvE,IACIC,EADAhB,EAAQtD,KAERuE,EAAa,WACTjB,EAAMT,eAAiByB,IACvBhB,EAAMT,kBAAed,IAG7B/B,KAAK6C,aAAeyB,EAAcD,EAAYb,KAAKe,EAAYA,IAEnE/B,EAAqC9C,UAAU+D,mBAAqB,WAChE,IAAIH,EAAQtD,KACZ,GAAKA,KAAK6C,aAAV,CAGA,IAAI2B,EAAY,WAAc,OAAOlB,EAAMG,sBAC3C,OAAOzD,KAAK6C,aAAaW,KAAKgB,EAAWA,KAEtChC,CACX,IACIJ,EAAqD,SAAUqC,GAE/D,SAASrC,IACL,OAAkB,OAAXqC,GAAmBA,EAAOC,MAAM1E,KAAM2E,YAAc3E,KAK/D,OAPAH,EAAUuC,EAAqCqC,GAI/CrC,EAAoC1C,UAAUkF,KAAO,WACjD,OAAO5E,KAAK6D,0BAETzB,CACX,EAAEI,GACF,SAASqC,EAAaC,GAClB,OAAO,IAAIC,WAAWD,EAAKE,OAAQF,EAAKG,WAAYH,EAAKI,WAC7D,CAMA,IAAI/C,EAAkD,SAAUsC,GAE5D,SAAStC,EAAiCM,GACtC,IAAIa,EAAQtD,KACRmF,EAAe9D,EAAmBoB,GAGtC,OAFAa,EAAQmB,EAAO7E,KAAKI,KAAMyC,IAAqBzC,MACzCoF,cAAgBD,EACf7B,EAkDX,OAxDAzD,EAAUsC,EAAkCsC,GAQ5CpF,OAAOgG,eAAelD,EAAiCzC,UAAW,OAAQ,CACtE4F,IAAK,WACD,MAAO,SAEXC,YAAY,EACZC,cAAc,IAElBrD,EAAiCzC,UAAU+F,kBAAoB,WAC3D,GAAyB,SAArBzF,KAAK2C,YAAT,CAGAxC,EAAOH,KAAKoF,eACZpF,KAAKmD,gBACL,IAAIC,EAASpD,KAAK8C,kBAAkB/B,UAAU,CAAEO,KAAM,SACtDtB,KAAK2C,YAAc,OACnB3C,KAAKqD,cAAcD,KAEvBjB,EAAiCzC,UAAUkF,KAAO,WAC9C,GAAI5E,KAAKoF,cAAe,CACpB,IAAIM,EAAc1F,KAAK4C,0BAA0B8C,YACjD,GAAIA,EACA,OAAO1F,KAAK2F,qBAAqBD,GAGzC,OAAO1F,KAAK6D,0BAEhB1B,EAAiCzC,UAAUiG,qBAAuB,SAAUD,GACxE,IAAIpC,EAAQtD,KACZA,KAAKyF,oBAGL,IAAIT,EAAS,IAAID,WAAWW,EAAYZ,KAAKI,YAEzCpB,EAAO9D,KAAK0C,kBAAkBoB,KAAKkB,GAClCxB,MAAK,SAAUO,GAhD5B,IAA6B6B,EAAMC,EAC3BC,EAgDIxC,EAAMV,0BACFmB,EAAOC,MACPV,EAAMW,YACNyB,EAAYK,QAAQ,KApDPH,EAuDO7B,EAAOI,MAvDR0B,EAuDeH,EAAYZ,KAtDtDgB,EAAYjB,EAAae,GACff,EAAagB,GACnBG,IAAIF,EAAW,GAqDXJ,EAAYK,QAAQhC,EAAOI,MAAMe,gBAIzC,OADAlF,KAAKoE,gBAAgBN,GACdA,GAEJ3B,CACX,EAAEK,GAEF,SAASyD,EAA4BxF,GAEjC,OADAN,EAvRJ,SAAqCM,GACjC,QAAKD,EAAoBC,MAGpBO,EAAiB,IAAIP,EAI9B,CA+QWyF,CAA4BzF,IAC5B,SAAUQ,GACb,GAAIA,EAAShB,cAAgBQ,EACzB,OAAOQ,EAEX,IAAIkF,EAAOC,EAA2BnF,GACtC,OAAO,IAAIR,EAAK0F,GAExB,CACA,SAASC,EAA2BnF,GAChCd,EAAOa,EAAiBC,IACxBd,GAA2B,IAApBc,EAASiB,QAChB,IAAImE,EAASpF,EAASC,YACtB,OAAO,IAAIoF,EAA2BD,EAC1C,CACA,IAAIC,EAA4C,WAC5C,SAASA,EAA2BC,GAChC,IAAIjD,EAAQtD,KACZA,KAAKwG,+BAA4BzE,EACjC/B,KAAKyG,mBAAgB1E,EACrB/B,KAAK0G,OAAS,WACd1G,KAAK2G,kBAAe5E,EACpB/B,KAAK4G,kBAAoBL,EACzBvG,KAAK6G,cAAgB,IAAIC,SAAQ,SAAUC,EAASC,GAChD1D,EAAM2D,oBAAsBD,KAEhChH,KAAK6G,cAAcjD,MAAMvD,GAmF7B,OAjFAiG,EAA2B5G,UAAUiB,MAAQ,SAAUqC,GACnD,IAAIM,EAAQtD,KACZA,KAAKwG,0BAA4BxD,EACjChD,KAAK4G,kBAAkBrD,OAClBC,MAAK,WACNF,EAAMoD,OAAS,YAEd9C,OAAM,SAAUV,GAAU,OAAOI,EAAM4D,gBAAgBhE,OAEhEoD,EAA2B5G,UAAUyH,MAAQ,SAAUC,GACnD,IAAI9D,EAAQtD,KACRqG,EAASrG,KAAK4G,kBAElB,GAA2B,OAAvBP,EAAOgB,YACP,OAAOhB,EAAOiB,MAElB,IAAIC,EAAelB,EAAOc,MAAMC,GAEhCG,EAAa3D,OAAM,SAAUV,GAAU,OAAOI,EAAM4D,gBAAgBhE,MACpEmD,EAAOiB,MAAM1D,OAAM,SAAUV,GAAU,OAAOI,EAAMkE,eAAetE,MAEnE,IAAIiE,EAAQL,QAAQW,KAAK,CAACF,EAAcvH,KAAK6G,gBAE7C,OADA7G,KAAK0H,iBAAiBP,GACfA,GAEXb,EAA2B5G,UAAUgE,MAAQ,WACzC,IAAIJ,EAAQtD,KACZ,YAA2B+B,IAAvB/B,KAAKyG,cACEzG,KAAK4G,kBAAkBlD,QAE3B1D,KAAK2H,sBAAsBnE,MAAK,WAAc,OAAOF,EAAMI,YAEtE4C,EAA2B5G,UAAUkI,MAAQ,SAAU1E,GACnD,GAAoB,YAAhBlD,KAAK0G,OAIT,OADa1G,KAAK4G,kBACJgB,MAAM1E,IAExBoD,EAA2B5G,UAAUgI,iBAAmB,SAAUG,GAC9D,IACIC,EADAxE,EAAQtD,KAER+H,EAAc,WACVzE,EAAMmD,gBAAkBqB,IACxBxE,EAAMmD,mBAAgB1E,IAG9B/B,KAAKyG,cAAgBqB,EAAeD,EAAarE,KAAKuE,EAAaA,IAEvEzB,EAA2B5G,UAAUiI,oBAAsB,WACvD,IAAIrE,EAAQtD,KACZ,QAA2B+B,IAAvB/B,KAAKyG,cACL,OAAOK,QAAQC,UAEnB,IAAIiB,EAAa,WAAc,OAAO1E,EAAMqE,uBAC5C,OAAO3H,KAAKyG,cAAcjD,KAAKwE,EAAYA,IAE/C1B,EAA2B5G,UAAU8H,eAAiB,SAAUtE,GAC5D,IAAII,EAAQtD,KACZ,GAAoB,aAAhBA,KAAK0G,OAAsC,CAC3C1G,KAAK0G,OAAS,WACd1G,KAAK2G,aAAezD,EACpB,IAAI8E,EAAa,WAAc,OAAO1E,EAAM4D,gBAAgBhE,SACjCnB,IAAvB/B,KAAKyG,cACLuB,IAGAhI,KAAK2H,sBAAsBnE,KAAKwE,EAAYA,GAEhDhI,KAAKwG,0BAA0B7C,MAAMT,KAG7CoD,EAA2B5G,UAAUwH,gBAAkB,SAAUhE,GACzC,aAAhBlD,KAAK0G,QACL1G,KAAKwH,eAAetE,GAEJ,aAAhBlD,KAAK0G,SACL1G,KAAK0G,OAAS,UACd1G,KAAKiH,oBAAoBjH,KAAK2G,gBAG/BL,CACX,IAEA,SAAS2B,EAA6BxH,GAElC,OADAN,EAnXJ,SAAsCM,GAClC,QAAKD,EAAoBC,MAGpBU,EAAkB,IAAIV,EAI/B,CA2WWyH,CAA6BzH,IAC7B,SAAUW,GACb,GAAIA,EAAUnB,cAAgBQ,EAC1B,OAAOW,EAEX,IAAI+G,EAAcC,EAA0BhH,GAC5C,OAAO,IAAIX,EAAK0H,GAExB,CACA,SAASC,EAA0BhH,GAC/BjB,EAAOgB,EAAkBC,IACzB,IAAIN,EAAWM,EAAUN,SAAUG,EAAWG,EAAUH,SACxDd,GAA2B,IAApBW,EAASoB,QAChB/B,GAA2B,IAApBc,EAASiB,QAChB,IACImE,EADAjD,EAAStC,EAASC,YAEtB,IACIsF,EAASpF,EAASC,YAEtB,MAAON,GAEH,MADAwC,EAAO7B,cACDX,EAEV,OAAO,IAAIyH,EAAmCjF,EAAQiD,EAC1D,CACA,IAAIgC,EAAoD,WACpD,SAASA,EAAmCjF,EAAQiD,GAChD,IAAI/C,EAAQtD,KACZA,KAAKsI,gCAA6BvG,EAClC/B,KAAKuI,QAAU,SAAUxE,GACrB,IAAIA,EAAOC,KAIX,OADAV,EAAMgF,2BAA2BpE,QAAQH,EAAOI,OACzCb,EAAMkF,QAAQ1E,OAAON,KAAKF,EAAMiF,UAE3CvI,KAAKyI,SAAW,SAAUvF,GACtBI,EAAMoF,aAAaxF,GACnBI,EAAMgF,2BAA2B3E,MAAMT,GACvCI,EAAMkF,QAAQvF,OAAOC,GAAQU,MAAMvD,GACnCiD,EAAMqF,QAAQf,MAAM1E,GAAQU,MAAMvD,IAEtCL,KAAK4I,aAAe,WAChBtF,EAAMuF,gBACNvF,EAAMgF,2BAA2BQ,YACjC,IAAInF,EAAQ,IAAI7D,UAAU,8BAC1BwD,EAAMqF,QAAQf,MAAMjE,GAAOC,MAAMvD,IAErCL,KAAKwI,QAAUpF,EACfpD,KAAK2I,QAAUtC,EACfrG,KAAK+I,cAAgB,IAAIjC,SAAQ,SAAUC,EAASC,GAChD1D,EAAMuF,cAAgB9B,EACtBzD,EAAMoF,aAAe1B,KAsB7B,OAnBAqB,EAAmC3I,UAAUiB,MAAQ,SAAUqC,GAC3DhD,KAAKsI,2BAA6BtF,EAClChD,KAAKwI,QAAQ1E,OACRN,KAAKxD,KAAKuI,SACV/E,KAAKxD,KAAK4I,aAAc5I,KAAKyI,UAClC,IAAIO,EAAehJ,KAAKwI,QAAQjF,OAC5ByF,GACAA,EACKxF,KAAKxD,KAAK4I,aAAc5I,KAAKyI,WAG1CJ,EAAmC3I,UAAU0B,UAAY,SAAUgG,GAC/D,OAAOpH,KAAK2I,QAAQxB,MAAMC,IAE9BiB,EAAmC3I,UAAUuJ,MAAQ,WACjD,IAAI3F,EAAQtD,KACZ,OAAOA,KAAK2I,QAAQjF,QACfF,MAAK,WAAc,OAAOF,EAAMyF,kBAElCV,CACX"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.mjs b/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.mjs deleted file mode 100644 index 2bc2a8091..000000000 --- a/app/node_modules/openpgp/dist/lightweight/web-streams-adapter.mjs +++ /dev/null @@ -1,561 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise */ - -var extendStatics = function(d, b) { - extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return extendStatics(d, b); -}; - -function __extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); -} - -function assert(test) { - if (!test) { - throw new TypeError('Assertion failed'); - } -} - -function noop() { - return; -} -function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} - -function isStreamConstructor(ctor) { - if (typeof ctor !== 'function') { - return false; - } - var startCalled = false; - try { - new ctor({ - start: function () { - startCalled = true; - } - }); - } - catch (e) { - // ignore - } - return startCalled; -} -function isReadableStream(readable) { - if (!typeIsObject(readable)) { - return false; - } - if (typeof readable.getReader !== 'function') { - return false; - } - return true; -} -function isReadableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isReadableStream(new ctor())) { - return false; - } - return true; -} -function isWritableStream(writable) { - if (!typeIsObject(writable)) { - return false; - } - if (typeof writable.getWriter !== 'function') { - return false; - } - return true; -} -function isWritableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isWritableStream(new ctor())) { - return false; - } - return true; -} -function isTransformStream(transform) { - if (!typeIsObject(transform)) { - return false; - } - if (!isReadableStream(transform.readable)) { - return false; - } - if (!isWritableStream(transform.writable)) { - return false; - } - return true; -} -function isTransformStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isTransformStream(new ctor())) { - return false; - } - return true; -} -function supportsByobReader(readable) { - try { - var reader = readable.getReader({ mode: 'byob' }); - reader.releaseLock(); - return true; - } - catch (_a) { - return false; - } -} -function supportsByteSource(ctor) { - try { - new ctor({ type: 'bytes' }); - return true; - } - catch (_a) { - return false; - } -} - -function createReadableStreamWrapper(ctor) { - assert(isReadableStreamConstructor(ctor)); - var byteSourceSupported = supportsByteSource(ctor); - return function (readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - type = parseReadableType(type); - if (type === 'bytes' && !byteSourceSupported) { - type = undefined; - } - if (readable.constructor === ctor) { - if (type !== 'bytes' || supportsByobReader(readable)) { - return readable; - } - } - if (type === 'bytes') { - var source = createWrappingReadableSource(readable, { type: type }); - return new ctor(source); - } - else { - var source = createWrappingReadableSource(readable); - return new ctor(source); - } - }; -} -function createWrappingReadableSource(readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - assert(isReadableStream(readable)); - assert(readable.locked === false); - type = parseReadableType(type); - var source; - if (type === 'bytes') { - source = new WrappingReadableByteStreamSource(readable); - } - else { - source = new WrappingReadableStreamDefaultSource(readable); - } - return source; -} -function parseReadableType(type) { - var typeString = String(type); - if (typeString === 'bytes') { - return typeString; - } - else if (type === undefined) { - return type; - } - else { - throw new RangeError('Invalid type is specified'); - } -} -var AbstractWrappingReadableStreamSource = /** @class */ (function () { - function AbstractWrappingReadableStreamSource(underlyingStream) { - this._underlyingReader = undefined; - this._readerMode = undefined; - this._readableStreamController = undefined; - this._pendingRead = undefined; - this._underlyingStream = underlyingStream; - // always keep a reader attached to detect close/error - this._attachDefaultReader(); - } - AbstractWrappingReadableStreamSource.prototype.start = function (controller) { - this._readableStreamController = controller; - }; - AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) { - assert(this._underlyingReader !== undefined); - return this._underlyingReader.cancel(reason); - }; - AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () { - if (this._readerMode === "default" /* DEFAULT */) { - return; - } - this._detachReader(); - var reader = this._underlyingStream.getReader(); - this._readerMode = "default" /* DEFAULT */; - this._attachReader(reader); - }; - AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) { - var _this = this; - assert(this._underlyingReader === undefined); - this._underlyingReader = reader; - var closed = this._underlyingReader.closed; - if (!closed) { - return; - } - closed - .then(function () { return _this._finishPendingRead(); }) - .then(function () { - if (reader === _this._underlyingReader) { - _this._readableStreamController.close(); - } - }, function (reason) { - if (reader === _this._underlyingReader) { - _this._readableStreamController.error(reason); - } - }) - .catch(noop); - }; - AbstractWrappingReadableStreamSource.prototype._detachReader = function () { - if (this._underlyingReader === undefined) { - return; - } - this._underlyingReader.releaseLock(); - this._underlyingReader = undefined; - this._readerMode = undefined; - }; - AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () { - var _this = this; - this._attachDefaultReader(); - // TODO Backpressure? - var read = this._underlyingReader.read() - .then(function (result) { - var controller = _this._readableStreamController; - if (result.done) { - _this._tryClose(); - } - else { - controller.enqueue(result.value); - } - }); - this._setPendingRead(read); - return read; - }; - AbstractWrappingReadableStreamSource.prototype._tryClose = function () { - try { - this._readableStreamController.close(); - } - catch (_a) { - // already errored or closed - } - }; - AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) { - var _this = this; - var pendingRead; - var finishRead = function () { - if (_this._pendingRead === pendingRead) { - _this._pendingRead = undefined; - } - }; - this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead); - }; - AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () { - var _this = this; - if (!this._pendingRead) { - return undefined; - } - var afterRead = function () { return _this._finishPendingRead(); }; - return this._pendingRead.then(afterRead, afterRead); - }; - return AbstractWrappingReadableStreamSource; -}()); -var WrappingReadableStreamDefaultSource = /** @class */ (function (_super) { - __extends(WrappingReadableStreamDefaultSource, _super); - function WrappingReadableStreamDefaultSource() { - return _super !== null && _super.apply(this, arguments) || this; - } - WrappingReadableStreamDefaultSource.prototype.pull = function () { - return this._pullWithDefaultReader(); - }; - return WrappingReadableStreamDefaultSource; -}(AbstractWrappingReadableStreamSource)); -function toUint8Array(view) { - return new Uint8Array(view.buffer, view.byteOffset, view.byteLength); -} -function copyArrayBufferView(from, to) { - var fromArray = toUint8Array(from); - var toArray = toUint8Array(to); - toArray.set(fromArray, 0); -} -var WrappingReadableByteStreamSource = /** @class */ (function (_super) { - __extends(WrappingReadableByteStreamSource, _super); - function WrappingReadableByteStreamSource(underlyingStream) { - var _this = this; - var supportsByob = supportsByobReader(underlyingStream); - _this = _super.call(this, underlyingStream) || this; - _this._supportsByob = supportsByob; - return _this; - } - Object.defineProperty(WrappingReadableByteStreamSource.prototype, "type", { - get: function () { - return 'bytes'; - }, - enumerable: false, - configurable: true - }); - WrappingReadableByteStreamSource.prototype._attachByobReader = function () { - if (this._readerMode === "byob" /* BYOB */) { - return; - } - assert(this._supportsByob); - this._detachReader(); - var reader = this._underlyingStream.getReader({ mode: 'byob' }); - this._readerMode = "byob" /* BYOB */; - this._attachReader(reader); - }; - WrappingReadableByteStreamSource.prototype.pull = function () { - if (this._supportsByob) { - var byobRequest = this._readableStreamController.byobRequest; - if (byobRequest) { - return this._pullWithByobRequest(byobRequest); - } - } - return this._pullWithDefaultReader(); - }; - WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) { - var _this = this; - this._attachByobReader(); - // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly - // create a separate buffer to read into, then copy that to byobRequest.view - var buffer = new Uint8Array(byobRequest.view.byteLength); - // TODO Backpressure? - var read = this._underlyingReader.read(buffer) - .then(function (result) { - _this._readableStreamController; - if (result.done) { - _this._tryClose(); - byobRequest.respond(0); - } - else { - copyArrayBufferView(result.value, byobRequest.view); - byobRequest.respond(result.value.byteLength); - } - }); - this._setPendingRead(read); - return read; - }; - return WrappingReadableByteStreamSource; -}(AbstractWrappingReadableStreamSource)); - -function createWritableStreamWrapper(ctor) { - assert(isWritableStreamConstructor(ctor)); - return function (writable) { - if (writable.constructor === ctor) { - return writable; - } - var sink = createWrappingWritableSink(writable); - return new ctor(sink); - }; -} -function createWrappingWritableSink(writable) { - assert(isWritableStream(writable)); - assert(writable.locked === false); - var writer = writable.getWriter(); - return new WrappingWritableStreamSink(writer); -} -var WrappingWritableStreamSink = /** @class */ (function () { - function WrappingWritableStreamSink(underlyingWriter) { - var _this = this; - this._writableStreamController = undefined; - this._pendingWrite = undefined; - this._state = "writable" /* WRITABLE */; - this._storedError = undefined; - this._underlyingWriter = underlyingWriter; - this._errorPromise = new Promise(function (resolve, reject) { - _this._errorPromiseReject = reject; - }); - this._errorPromise.catch(noop); - } - WrappingWritableStreamSink.prototype.start = function (controller) { - var _this = this; - this._writableStreamController = controller; - this._underlyingWriter.closed - .then(function () { - _this._state = "closed" /* CLOSED */; - }) - .catch(function (reason) { return _this._finishErroring(reason); }); - }; - WrappingWritableStreamSink.prototype.write = function (chunk) { - var _this = this; - var writer = this._underlyingWriter; - // Detect past errors - if (writer.desiredSize === null) { - return writer.ready; - } - var writeRequest = writer.write(chunk); - // Detect future errors - writeRequest.catch(function (reason) { return _this._finishErroring(reason); }); - writer.ready.catch(function (reason) { return _this._startErroring(reason); }); - // Reject write when errored - var write = Promise.race([writeRequest, this._errorPromise]); - this._setPendingWrite(write); - return write; - }; - WrappingWritableStreamSink.prototype.close = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return this._underlyingWriter.close(); - } - return this._finishPendingWrite().then(function () { return _this.close(); }); - }; - WrappingWritableStreamSink.prototype.abort = function (reason) { - if (this._state === "errored" /* ERRORED */) { - return undefined; - } - var writer = this._underlyingWriter; - return writer.abort(reason); - }; - WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) { - var _this = this; - var pendingWrite; - var finishWrite = function () { - if (_this._pendingWrite === pendingWrite) { - _this._pendingWrite = undefined; - } - }; - this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite); - }; - WrappingWritableStreamSink.prototype._finishPendingWrite = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return Promise.resolve(); - } - var afterWrite = function () { return _this._finishPendingWrite(); }; - return this._pendingWrite.then(afterWrite, afterWrite); - }; - WrappingWritableStreamSink.prototype._startErroring = function (reason) { - var _this = this; - if (this._state === "writable" /* WRITABLE */) { - this._state = "erroring" /* ERRORING */; - this._storedError = reason; - var afterWrite = function () { return _this._finishErroring(reason); }; - if (this._pendingWrite === undefined) { - afterWrite(); - } - else { - this._finishPendingWrite().then(afterWrite, afterWrite); - } - this._writableStreamController.error(reason); - } - }; - WrappingWritableStreamSink.prototype._finishErroring = function (reason) { - if (this._state === "writable" /* WRITABLE */) { - this._startErroring(reason); - } - if (this._state === "erroring" /* ERRORING */) { - this._state = "errored" /* ERRORED */; - this._errorPromiseReject(this._storedError); - } - }; - return WrappingWritableStreamSink; -}()); - -function createTransformStreamWrapper(ctor) { - assert(isTransformStreamConstructor(ctor)); - return function (transform) { - if (transform.constructor === ctor) { - return transform; - } - var transformer = createWrappingTransformer(transform); - return new ctor(transformer); - }; -} -function createWrappingTransformer(transform) { - assert(isTransformStream(transform)); - var readable = transform.readable, writable = transform.writable; - assert(readable.locked === false); - assert(writable.locked === false); - var reader = readable.getReader(); - var writer; - try { - writer = writable.getWriter(); - } - catch (e) { - reader.releaseLock(); // do not leak reader - throw e; - } - return new WrappingTransformStreamTransformer(reader, writer); -} -var WrappingTransformStreamTransformer = /** @class */ (function () { - function WrappingTransformStreamTransformer(reader, writer) { - var _this = this; - this._transformStreamController = undefined; - this._onRead = function (result) { - if (result.done) { - return; - } - _this._transformStreamController.enqueue(result.value); - return _this._reader.read().then(_this._onRead); - }; - this._onError = function (reason) { - _this._flushReject(reason); - _this._transformStreamController.error(reason); - _this._reader.cancel(reason).catch(noop); - _this._writer.abort(reason).catch(noop); - }; - this._onTerminate = function () { - _this._flushResolve(); - _this._transformStreamController.terminate(); - var error = new TypeError('TransformStream terminated'); - _this._writer.abort(error).catch(noop); - }; - this._reader = reader; - this._writer = writer; - this._flushPromise = new Promise(function (resolve, reject) { - _this._flushResolve = resolve; - _this._flushReject = reject; - }); - } - WrappingTransformStreamTransformer.prototype.start = function (controller) { - this._transformStreamController = controller; - this._reader.read() - .then(this._onRead) - .then(this._onTerminate, this._onError); - var readerClosed = this._reader.closed; - if (readerClosed) { - readerClosed - .then(this._onTerminate, this._onError); - } - }; - WrappingTransformStreamTransformer.prototype.transform = function (chunk) { - return this._writer.write(chunk); - }; - WrappingTransformStreamTransformer.prototype.flush = function () { - var _this = this; - return this._writer.close() - .then(function () { return _this._flushPromise; }); - }; - return WrappingTransformStreamTransformer; -}()); - -export { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper }; diff --git a/app/node_modules/openpgp/dist/node/openpgp.cjs b/app/node_modules/openpgp/dist/node/openpgp.cjs new file mode 100644 index 000000000..5f469109a --- /dev/null +++ b/app/node_modules/openpgp/dist/node/openpgp.cjs @@ -0,0 +1,28651 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +'use strict'; + +const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + +var module$1 = require('module'); +var nc = require('node:crypto'); + +var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null; +function _interopNamespaceDefault(e) { + var n = Object.create(null); + if (e) { + Object.keys(e).forEach(function (k) { + if (k !== 'default') { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + } + n.default = e; + return Object.freeze(n); +} + +function _mergeNamespaces(n, m) { + m.forEach(function (e) { + e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) { + if (k !== 'default' && !(k in n)) { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + }); + return Object.freeze(n); +} + +var nc__namespace = /*#__PURE__*/_interopNamespaceDefault(nc); + +const doneWritingPromise = Symbol('doneWritingPromise'); +const doneWritingResolve = Symbol('doneWritingResolve'); +const doneWritingReject = Symbol('doneWritingReject'); + +const readingIndex = Symbol('readingIndex'); + +class ArrayStream extends Array { + constructor() { + super(); + // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work + Object.setPrototypeOf(this, ArrayStream.prototype); + + this[doneWritingPromise] = new Promise((resolve, reject) => { + this[doneWritingResolve] = resolve; + this[doneWritingReject] = reject; + }); + this[doneWritingPromise].catch(() => {}); + } +} + +ArrayStream.prototype.getReader = function() { + if (this[readingIndex] === undefined) { + this[readingIndex] = 0; + } + return { + read: async () => { + await this[doneWritingPromise]; + if (this[readingIndex] === this.length) { + return { value: undefined, done: true }; + } + return { value: this[this[readingIndex]++], done: false }; + } + }; +}; + +ArrayStream.prototype.readToEnd = async function(join) { + await this[doneWritingPromise]; + const result = join(this.slice(this[readingIndex])); + this.length = 0; + return result; +}; + +ArrayStream.prototype.clone = function() { + const clone = new ArrayStream(); + clone[doneWritingPromise] = this[doneWritingPromise].then(() => { + clone.push(...this); + }); + return clone; +}; + +/** + * Check whether data is an ArrayStream + * @param {Any} input data to check + * @returns {boolean} + */ +function isArrayStream(input) { + return input && input.getReader && Array.isArray(input); +} + +/** + * A wrapper class over the native WritableStreamDefaultWriter. + * It also lets you "write data to" array streams instead of streams. + * @class + */ +function Writer(input) { + if (!isArrayStream(input)) { + const writer = input.getWriter(); + const releaseLock = writer.releaseLock; + writer.releaseLock = () => { + writer.closed.catch(function() {}); + releaseLock.call(writer); + }; + return writer; + } + this.stream = input; +} + +/** + * Write a chunk of data. + * @returns {Promise} + * @async + */ +Writer.prototype.write = async function(chunk) { + this.stream.push(chunk); +}; + +/** + * Close the stream. + * @returns {Promise} + * @async + */ +Writer.prototype.close = async function() { + this.stream[doneWritingResolve](); +}; + +/** + * Error the stream. + * @returns {Promise} + * @async + */ +Writer.prototype.abort = async function(reason) { + this.stream[doneWritingReject](reason); + return reason; +}; + +/** + * Release the writer's lock. + * @returns {undefined} + * @async + */ +Writer.prototype.releaseLock = function() {}; + +/* eslint-disable no-prototype-builtins */ +typeof globalThis.process === 'object' && + typeof globalThis.process.versions === 'object'; + +/** + * Check whether data is a Stream, and if so of which type + * @param {Any} input data to check + * @returns {'web'|'node'|'array'|'web-like'|false} + */ +function isStream(input) { + if (isArrayStream(input)) { + return 'array'; + } + if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { + return 'web'; + } + // try and detect a node native stream without having to import its class + if (input && + !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) && + typeof input._read === 'function' && typeof input._readableState === 'object') { + throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`'); + } + if (input && input.getReader) { + return 'web-like'; + } + return false; +} + +/** + * Check whether data is a Uint8Array + * @param {Any} input data to check + * @returns {Boolean} + */ +function isUint8Array(input) { + return Uint8Array.prototype.isPrototypeOf(input); +} + +/** + * Concat Uint8Arrays + * @param {Array} Array of Uint8Arrays to concatenate + * @returns {Uint8array} Concatenated array + */ +function concatUint8Array(arrays) { + if (arrays.length === 1) return arrays[0]; + + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!isUint8Array(arrays[i])) { + throw new Error('concatUint8Array: Data must be in the form of a Uint8Array'); + } + + totalLength += arrays[i].length; + } + + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach(function (element) { + result.set(element, pos); + pos += element.length; + }); + + return result; +} + +const doneReadingSet = new WeakSet(); +/** + * The external buffer is used to store values that have been peeked or unshifted from the original stream. + * Because of how streams are implemented, such values cannot be "put back" in the original stream, + * but they need to be returned first when reading from the input again. + */ +const externalBuffer = Symbol('externalBuffer'); + +/** + * A wrapper class over the native ReadableStreamDefaultReader. + * This additionally implements pushing back data on the stream, which + * lets us implement peeking and a host of convenience functions. + * It also lets you read data other than streams, such as a Uint8Array. + * @class + */ +function Reader(input) { + this.stream = input; + if (input[externalBuffer]) { + this[externalBuffer] = input[externalBuffer].slice(); + } + if (isArrayStream(input)) { + const reader = input.getReader(); + this._read = reader.read.bind(reader); + this._releaseLock = () => {}; + this._cancel = () => {}; + return; + } + let streamType = isStream(input); + if (streamType) { + const reader = input.getReader(); + this._read = reader.read.bind(reader); + this._releaseLock = () => { + reader.closed.catch(function() {}); + reader.releaseLock(); + }; + this._cancel = reader.cancel.bind(reader); + return; + } + let doneReading = false; + this._read = async () => { + if (doneReading || doneReadingSet.has(input)) { + return { value: undefined, done: true }; + } + doneReading = true; + return { value: input, done: false }; + }; + this._releaseLock = () => { + if (doneReading) { + try { + doneReadingSet.add(input); + } catch(e) {} + } + }; +} + +/** + * Read a chunk of data. + * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined } + * @async + */ +Reader.prototype.read = async function() { + if (this[externalBuffer] && this[externalBuffer].length) { + const value = this[externalBuffer].shift(); + return { done: false, value }; + } + return this._read(); +}; + +/** + * Allow others to read the stream. + */ +Reader.prototype.releaseLock = function() { + if (this[externalBuffer]) { + this.stream[externalBuffer] = this[externalBuffer]; + } + this._releaseLock(); +}; + +/** + * Cancel the stream. + */ +Reader.prototype.cancel = function(reason) { + return this._cancel(reason); +}; + +/** + * Read up to and including the first \n character. + * @returns {Promise} + * @async + */ +Reader.prototype.readLine = async function() { + let buffer = []; + let returnVal; + while (!returnVal) { + let { done, value } = await this.read(); + value += ''; + if (done) { + if (buffer.length) return concat(buffer); + return; + } + const lineEndIndex = value.indexOf('\n') + 1; + if (lineEndIndex) { + returnVal = concat(buffer.concat(value.substr(0, lineEndIndex))); + buffer = []; + } + if (lineEndIndex !== value.length) { + buffer.push(value.substr(lineEndIndex)); + } + } + this.unshift(...buffer); + return returnVal; +}; + +/** + * Read a single byte/character. + * @returns {Promise} + * @async + */ +Reader.prototype.readByte = async function() { + const { done, value } = await this.read(); + if (done) return; + const byte = value[0]; + this.unshift(slice(value, 1)); + return byte; +}; + +/** + * Read a specific amount of bytes/characters, unless the stream ends before that amount. + * @returns {Promise} + * @async + */ +Reader.prototype.readBytes = async function(length) { + const buffer = []; + let bufferLength = 0; + // eslint-disable-next-line no-constant-condition + while (true) { + const { done, value } = await this.read(); + if (done) { + if (buffer.length) return concat(buffer); + return; + } + buffer.push(value); + bufferLength += value.length; + if (bufferLength >= length) { + const bufferConcat = concat(buffer); + this.unshift(slice(bufferConcat, length)); + return slice(bufferConcat, 0, length); + } + } +}; + +/** + * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount. + * @returns {Promise} + * @async + */ +Reader.prototype.peekBytes = async function(length) { + const bytes = await this.readBytes(length); + this.unshift(bytes); + return bytes; +}; + +/** + * Push data to the front of the stream. + * Data must have been read in the last call to read*. + * @param {...(Uint8Array|String|Undefined)} values + */ +Reader.prototype.unshift = function(...values) { + if (!this[externalBuffer]) { + this[externalBuffer] = []; + } + if ( + values.length === 1 && isUint8Array(values[0]) && + this[externalBuffer].length && values[0].length && + this[externalBuffer][0].byteOffset >= values[0].length + ) { + this[externalBuffer][0] = new Uint8Array( + this[externalBuffer][0].buffer, + this[externalBuffer][0].byteOffset - values[0].length, + this[externalBuffer][0].byteLength + values[0].length + ); + return; + } + this[externalBuffer].unshift(...values.filter(value => value && value.length)); +}; + +/** + * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat). + * @param {Function} join + * @returns {Promise} the return value of join() + * @async + */ +Reader.prototype.readToEnd = async function(join=concat) { + const result = []; + // eslint-disable-next-line no-constant-condition + while (true) { + const { done, value } = await this.read(); + if (done) break; + result.push(value); + } + return join(result); +}; + +/** + * Convert data to Stream + * @param {ReadableStream|Uint8array|String} input data to convert + * @returns {ReadableStream} Converted data + */ +function toStream(input) { + let streamType = isStream(input); + if (streamType) { + return input; + } + return new ReadableStream({ + start(controller) { + controller.enqueue(input); + controller.close(); + } + }); +} + +/** + * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream. + * @param {Object} input data to convert + * @returns {ArrayStream} Converted data + */ +function toArrayStream(input) { + if (isStream(input)) { + return input; + } + const stream = new ArrayStream(); + (async () => { + const writer = getWriter(stream); + await writer.write(input); + await writer.close(); + })(); + return stream; +} + +/** + * Concat a list of Uint8Arrays, Strings or Streams + * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams. + * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate + * @returns {Uint8array|String|ReadableStream} Concatenated array + */ +function concat(list) { + if (list.some(stream => isStream(stream) && !isArrayStream(stream))) { + return concatStream(list); + } + if (list.some(stream => isArrayStream(stream))) { + return concatArrayStream(list); + } + if (typeof list[0] === 'string') { + return list.join(''); + } + return concatUint8Array(list); +} + +/** + * Concat a list of Streams + * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate + * @returns {ReadableStream} Concatenated list + */ +function concatStream(list) { + list = list.map(toStream); + const transform = transformWithCancel(async function(reason) { + await Promise.all(transforms.map(stream => cancel(stream, reason))); + }); + let prev = Promise.resolve(); + const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => { + prev = prev.then(() => pipe(readable, transform.writable, { + preventClose: i !== list.length - 1 + })); + return prev; + })); + return transform.readable; +} + +/** + * Concat a list of ArrayStreams + * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate + * @returns {ArrayStream} Concatenated streams + */ +function concatArrayStream(list) { + const result = new ArrayStream(); + let prev = Promise.resolve(); + list.forEach((stream, i) => { + prev = prev.then(() => pipe(stream, result, { + preventClose: i !== list.length - 1 + })); + return prev; + }); + return result; +} + +/** + * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. + * @param {ReadableStream|Uint8array|String} input + * @param {WritableStream} target + * @param {Object} (optional) options + * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored) + * @async + */ +async function pipe(input, target, { + preventClose = false, + preventAbort = false, + preventCancel = false +} = {}) { + if (isStream(input) && !isArrayStream(input)) { + input = toStream(input); + try { + if (input[externalBuffer]) { + const writer = getWriter(target); + for (let i = 0; i < input[externalBuffer].length; i++) { + await writer.ready; + await writer.write(input[externalBuffer][i]); + } + writer.releaseLock(); + } + await input.pipeTo(target, { + preventClose, + preventAbort, + preventCancel + }); + } catch(e) {} + return; + } + input = toArrayStream(input); + const reader = getReader(input); + const writer = getWriter(target); + try { + // eslint-disable-next-line no-constant-condition + while (true) { + await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (!preventClose) await writer.close(); + break; + } + await writer.write(value); + } + } catch (e) { + if (!preventAbort) await writer.abort(e); + } finally { + reader.releaseLock(); + writer.releaseLock(); + } +} + +/** + * Pipe a readable stream through a transform stream. + * @param {ReadableStream|Uint8array|String} input + * @param {Object} (optional) options + * @returns {ReadableStream} transformed stream + */ +function transformRaw(input, options) { + const transformStream = new TransformStream(options); + pipe(input, transformStream.writable); + return transformStream.readable; +} + +/** + * Create a cancelable TransformStream. + * @param {Function} cancel + * @returns {TransformStream} + */ +function transformWithCancel(customCancel) { + let pulled = false; + let cancelled = false; + let backpressureChangePromiseResolve, backpressureChangePromiseReject; + let outputController; + return { + readable: new ReadableStream({ + start(controller) { + outputController = controller; + }, + pull() { + if (backpressureChangePromiseResolve) { + backpressureChangePromiseResolve(); + } else { + pulled = true; + } + }, + async cancel(reason) { + cancelled = true; + if (customCancel) { + await customCancel(reason); + } + if (backpressureChangePromiseReject) { + backpressureChangePromiseReject(reason); + } + } + }, {highWaterMark: 0}), + writable: new WritableStream({ + write: async function(chunk) { + if (cancelled) { + throw new Error('Stream is cancelled'); + } + outputController.enqueue(chunk); + if (!pulled) { + await new Promise((resolve, reject) => { + backpressureChangePromiseResolve = resolve; + backpressureChangePromiseReject = reject; + }); + backpressureChangePromiseResolve = null; + backpressureChangePromiseReject = null; + } else { + pulled = false; + } + }, + close: outputController.close.bind(outputController), + abort: outputController.error.bind(outputController) + }) + }; +} + +/** + * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively. + * @param {ReadableStream|Uint8array|String} input + * @param {Function} process + * @param {Function} finish + * @returns {ReadableStream|Uint8array|String} + */ +function transform(input, process = () => undefined, finish = () => undefined) { + if (isArrayStream(input)) { + const output = new ArrayStream(); + (async () => { + const writer = getWriter(output); + try { + const data = await readToEnd(input); + const result1 = process(data); + const result2 = finish(); + let result; + if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]); + else result = result1 !== undefined ? result1 : result2; + await writer.write(result); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + })(); + return output; + } + if (isStream(input)) { + return transformRaw(input, { + async transform(value, controller) { + try { + const result = await process(value); + if (result !== undefined) controller.enqueue(result); + } catch(e) { + controller.error(e); + } + }, + async flush(controller) { + try { + const result = await finish(); + if (result !== undefined) controller.enqueue(result); + } catch(e) { + controller.error(e); + } + } + }); + } + const result1 = process(input); + const result2 = finish(); + if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]); + return result1 !== undefined ? result1 : result2; +} + +/** + * Transform a stream using a helper function which is passed a readable and a writable stream. + * This function also maintains the possibility to cancel the input stream, + * and does so on cancelation of the output stream, despite cancelation + * normally being impossible when the input stream is being read from. + * @param {ReadableStream|Uint8array|String} input + * @param {Function} fn + * @returns {ReadableStream} + */ +function transformPair(input, fn) { + if (isStream(input) && !isArrayStream(input)) { + let incomingTransformController; + const incoming = new TransformStream({ + start(controller) { + incomingTransformController = controller; + } + }); + + const pipeDonePromise = pipe(input, incoming.writable); + + const outgoing = transformWithCancel(async function(reason) { + incomingTransformController.error(reason); + await pipeDonePromise; + await new Promise(setTimeout); + }); + fn(incoming.readable, outgoing.writable); + return outgoing.readable; + } + input = toArrayStream(input); + const output = new ArrayStream(); + fn(input, output); + return output; +} + +/** + * Parse a stream using a helper function which is passed a Reader. + * The reader additionally has a remainder() method which returns a + * stream pointing to the remainder of input, and is linked to input + * for cancelation. + * @param {ReadableStream|Uint8array|String} input + * @param {Function} fn + * @returns {Any} the return value of fn() + */ +function parse(input, fn) { + let returnValue; + const transformed = transformPair(input, (readable, writable) => { + const reader = getReader(readable); + reader.remainder = () => { + reader.releaseLock(); + pipe(readable, writable); + return transformed; + }; + returnValue = fn(reader); + }); + return returnValue; +} + +/** + * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing. + * Reading either of the two returned streams will pull from the input stream. + * The input stream will only be canceled if both of the returned streams are canceled. + * @param {ReadableStream|Uint8array|String} input + * @returns {Array} array containing two copies of input + */ +function tee(input) { + if (isArrayStream(input)) { + throw new Error('ArrayStream cannot be tee()d, use clone() instead'); + } + if (isStream(input)) { + const teed = toStream(input).tee(); + teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer]; + return teed; + } + return [slice(input), slice(input)]; +} + +/** + * Clone a Stream for reading it twice. The input stream can still be read after clone()ing. + * Reading from the clone will pull from the input stream. + * The input stream will only be canceled if both the clone and the input stream are canceled. + * @param {ReadableStream|Uint8array|String} input + * @returns {ReadableStream|Uint8array|String} cloned input + */ +function clone(input) { + if (isArrayStream(input)) { + return input.clone(); + } + if (isStream(input)) { + const teed = tee(input); + overwrite(input, teed[0]); + return teed[1]; + } + return slice(input); +} + +/** + * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read. + * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream. + * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled. + * If the input stream is canceled, the clone will be errored. + * @param {ReadableStream|Uint8array|String} input + * @returns {ReadableStream|Uint8array|String} cloned input + */ +function passiveClone(input) { + if (isArrayStream(input)) { + return clone(input); + } + if (isStream(input)) { + return new ReadableStream({ + start(controller) { + const transformed = transformPair(input, async (readable, writable) => { + const reader = getReader(readable); + const writer = getWriter(writable); + try { + // eslint-disable-next-line no-constant-condition + while (true) { + await writer.ready; + const { done, value } = await reader.read(); + if (done) { + try { controller.close(); } catch(e) {} + await writer.close(); + return; + } + try { controller.enqueue(value); } catch(e) {} + await writer.write(value); + } + } catch(e) { + controller.error(e); + await writer.abort(e); + } + }); + overwrite(input, transformed); + } + }); + } + return slice(input); +} + +/** + * Modify a stream object to point to a different stream object. + * This is used internally by clone() and passiveClone() to provide an abstraction over tee(). + * @param {ReadableStream} input + * @param {ReadableStream} clone + */ +function overwrite(input, clone) { + // Overwrite input.getReader, input.locked, etc to point to clone + Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => { + if (name === 'constructor') { + return; + } + if (descriptor.value) { + descriptor.value = descriptor.value.bind(clone); + } else { + descriptor.get = descriptor.get.bind(clone); + } + Object.defineProperty(input, name, descriptor); + }); +} + +/** + * Return a stream pointing to a part of the input stream. + * @param {ReadableStream|Uint8array|String} input + * @returns {ReadableStream|Uint8array|String} clone + */ +function slice(input, begin=0, end=Infinity) { + if (isArrayStream(input)) { + throw new Error('Not implemented'); + } + if (isStream(input)) { + if (begin >= 0 && end >= 0) { + let bytesRead = 0; + return transformRaw(input, { + transform(value, controller) { + if (bytesRead < end) { + if (bytesRead + value.length >= begin) { + controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead)); + } + bytesRead += value.length; + } else { + controller.terminate(); + } + } + }); + } + if (begin < 0 && (end < 0 || end === Infinity)) { + let lastBytes = []; + return transform(input, value => { + if (value.length >= -begin) lastBytes = [value]; + else lastBytes.push(value); + }, () => slice(concat(lastBytes), begin, end)); + } + if (begin === 0 && end < 0) { + let lastBytes; + return transform(input, value => { + const returnValue = lastBytes ? concat([lastBytes, value]) : value; + if (returnValue.length >= -end) { + lastBytes = slice(returnValue, end); + return slice(returnValue, begin, end); + } + lastBytes = returnValue; + }); + } + console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); + return fromAsync(async () => slice(await readToEnd(input), begin, end)); + } + if (input[externalBuffer]) { + input = concat(input[externalBuffer].concat([input])); + } + if (isUint8Array(input)) { + return input.subarray(begin, end === Infinity ? input.length : end); + } + return input.slice(begin, end); +} + +/** + * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat). + * @param {ReadableStream|Uint8array|String} input + * @param {Function} join + * @returns {Promise} the return value of join() + * @async + */ +async function readToEnd(input, join=concat) { + if (isArrayStream(input)) { + return input.readToEnd(join); + } + if (isStream(input)) { + return getReader(input).readToEnd(join); + } + return input; +} + +/** + * Cancel a stream. + * @param {ReadableStream|Uint8array|String} input + * @param {Any} reason + * @returns {Promise} indicates when the stream has been canceled + * @async + */ +async function cancel(input, reason) { + if (isStream(input)) { + if (input.cancel) { + const cancelled = await input.cancel(reason); + // the stream is not always cancelled at this point, so we wait some more + await new Promise(setTimeout); + return cancelled; + } + if (input.destroy) { + input.destroy(reason); + await new Promise(setTimeout); + return reason; + } + } +} + +/** + * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream. + * @param {Function} fn + * @returns {ArrayStream} + */ +function fromAsync(fn) { + const arrayStream = new ArrayStream(); + (async () => { + const writer = getWriter(arrayStream); + try { + await writer.write(await fn()); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + })(); + return arrayStream; +} + +/** + * Get a Reader + * @param {ReadableStream|Uint8array|String} input + * @returns {Reader} + */ +function getReader(input) { + return new Reader(input); +} + +/** + * Get a Writer + * @param {WritableStream} input + * @returns {Writer} + */ +function getWriter(input) { + return new Writer(input); +} + +/** + * @module enums + */ + +const byValue = Symbol('byValue'); + +var enums = { + + /** Maps curve names under various standards to one + * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} + * @enum {String} + * @readonly + */ + curve: { + /** NIST P-256 Curve */ + 'nistP256': 'nistP256', + /** @deprecated use `nistP256` instead */ + 'p256': 'nistP256', + + /** NIST P-384 Curve */ + 'nistP384': 'nistP384', + /** @deprecated use `nistP384` instead */ + 'p384': 'nistP384', + + /** NIST P-521 Curve */ + 'nistP521': 'nistP521', + /** @deprecated use `nistP521` instead */ + 'p521': 'nistP521', + + /** SECG SECP256k1 Curve */ + 'secp256k1': 'secp256k1', + + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519Legacy', + /** @deprecated use `ed25519Legacy` instead */ + 'ed25519': 'ed25519Legacy', + + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'curve25519Legacy': 'curve25519Legacy', + /** @deprecated use `curve25519Legacy` instead */ + 'curve25519': 'curve25519Legacy', + + /** BrainpoolP256r1 Curve */ + 'brainpoolP256r1': 'brainpoolP256r1', + + /** BrainpoolP384r1 Curve */ + 'brainpoolP384r1': 'brainpoolP384r1', + + /** BrainpoolP512r1 Curve */ + 'brainpoolP512r1': 'brainpoolP512r1' + }, + + /** A string to key specifier type + * @enum {Integer} + * @readonly + */ + s2k: { + simple: 0, + salted: 1, + iterated: 3, + argon2: 4, + gnu: 101 + }, + + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} + * @enum {Integer} + * @readonly + */ + publicKey: { + /** RSA (Encrypt or Sign) [HAC] */ + rsaEncryptSign: 1, + /** RSA (Encrypt only) [HAC] */ + rsaEncrypt: 2, + /** RSA (Sign only) [HAC] */ + rsaSign: 3, + /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ + elgamal: 16, + /** DSA (Sign only) [FIPS186] [HAC] */ + dsa: 17, + /** ECDH (Encrypt only) [RFC6637] */ + ecdh: 18, + /** ECDSA (Sign only) [RFC6637] */ + ecdsa: 19, + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) + * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ + eddsaLegacy: 22, + /** Reserved for AEDH */ + aedh: 23, + /** Reserved for AEDSA */ + aedsa: 24, + /** X25519 (Encrypt only) */ + x25519: 25, + /** X448 (Encrypt only) */ + x448: 26, + /** Ed25519 (Sign only) */ + ed25519: 27, + /** Ed448 (Sign only) */ + ed448: 28 + }, + + /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} + * @enum {Integer} + * @readonly + */ + symmetric: { + /** Not implemented! */ + idea: 1, + tripledes: 2, + cast5: 3, + blowfish: 4, + aes128: 7, + aes192: 8, + aes256: 9, + twofish: 10 + }, + + /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} + * @enum {Integer} + * @readonly + */ + compression: { + uncompressed: 0, + /** RFC1951 */ + zip: 1, + /** RFC1950 */ + zlib: 2, + bzip2: 3 + }, + + /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} + * @enum {Integer} + * @readonly + */ + hash: { + md5: 1, + sha1: 2, + ripemd: 3, + sha256: 8, + sha384: 9, + sha512: 10, + sha224: 11, + sha3_256: 12, + sha3_512: 14 + }, + + /** A list of hash names as accepted by webCrypto functions. + * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo} + * @enum {String} + */ + webHash: { + 'SHA-1': 2, + 'SHA-256': 8, + 'SHA-384': 9, + 'SHA-512': 10 + }, + + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6} + * @enum {Integer} + * @readonly + */ + aead: { + eax: 1, + ocb: 2, + gcm: 3, + experimentalGCM: 100 // Private algorithm + }, + + /** A list of packet types and numeric tags associated with them. + * @enum {Integer} + * @readonly + */ + packet: { + publicKeyEncryptedSessionKey: 1, + signature: 2, + symEncryptedSessionKey: 3, + onePassSignature: 4, + secretKey: 5, + publicKey: 6, + secretSubkey: 7, + compressedData: 8, + symmetricallyEncryptedData: 9, + marker: 10, + literalData: 11, + trust: 12, + userID: 13, + publicSubkey: 14, + userAttribute: 17, + symEncryptedIntegrityProtectedData: 18, + modificationDetectionCode: 19, + aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + padding: 21 + }, + + /** Data types in the literal packet + * @enum {Integer} + * @readonly + */ + literal: { + /** Binary data 'b' */ + binary: 'b'.charCodeAt(), + /** Text data 't' */ + text: 't'.charCodeAt(), + /** Utf8 data 'u' */ + utf8: 'u'.charCodeAt(), + /** MIME message body part 'm' */ + mime: 'm'.charCodeAt() + }, + + + /** One pass signature packet type + * @enum {Integer} + * @readonly + */ + signature: { + /** 0x00: Signature of a binary document. */ + binary: 0, + /** 0x01: Signature of a canonical text document. + * + * Canonicalyzing the document by converting line endings. */ + text: 1, + /** 0x02: Standalone signature. + * + * This signature is a signature of only its own subpacket contents. + * It is calculated identically to a signature over a zero-lengh + * binary document. Note that it doesn't make sense to have a V3 + * standalone signature. */ + standalone: 2, + /** 0x10: Generic certification of a User ID and Public-Key packet. + * + * The issuer of this certification does not make any particular + * assertion as to how well the certifier has checked that the owner + * of the key is in fact the person described by the User ID. */ + certGeneric: 16, + /** 0x11: Persona certification of a User ID and Public-Key packet. + * + * The issuer of this certification has not done any verification of + * the claim that the owner of this key is the User ID specified. */ + certPersona: 17, + /** 0x12: Casual certification of a User ID and Public-Key packet. + * + * The issuer of this certification has done some casual + * verification of the claim of identity. */ + certCasual: 18, + /** 0x13: Positive certification of a User ID and Public-Key packet. + * + * The issuer of this certification has done substantial + * verification of the claim of identity. + * + * Most OpenPGP implementations make their "key signatures" as 0x10 + * certifications. Some implementations can issue 0x11-0x13 + * certifications, but few differentiate between the types. */ + certPositive: 19, + /** 0x30: Certification revocation signature + * + * This signature revokes an earlier User ID certification signature + * (signature class 0x10 through 0x13) or direct-key signature + * (0x1F). It should be issued by the same key that issued the + * revoked signature or an authorized revocation key. The signature + * is computed over the same data as the certificate that it + * revokes, and should have a later creation date than that + * certificate. */ + certRevocation: 48, + /** 0x18: Subkey Binding Signature + * + * This signature is a statement by the top-level signing key that + * indicates that it owns the subkey. This signature is calculated + * directly on the primary key and subkey, and not on any User ID or + * other packets. A signature that binds a signing subkey MUST have + * an Embedded Signature subpacket in this binding signature that + * contains a 0x19 signature made by the signing subkey on the + * primary key and subkey. */ + subkeyBinding: 24, + /** 0x19: Primary Key Binding Signature + * + * This signature is a statement by a signing subkey, indicating + * that it is owned by the primary key and subkey. This signature + * is calculated the same way as a 0x18 signature: directly on the + * primary key and subkey, and not on any User ID or other packets. + * + * When a signature is made over a key, the hash data starts with the + * octet 0x99, followed by a two-octet length of the key, and then body + * of the key packet. (Note that this is an old-style packet header for + * a key packet with two-octet length.) A subkey binding signature + * (type 0x18) or primary key binding signature (type 0x19) then hashes + * the subkey using the same format as the main key (also using 0x99 as + * the first octet). */ + keyBinding: 25, + /** 0x1F: Signature directly on a key + * + * This signature is calculated directly on a key. It binds the + * information in the Signature subpackets to the key, and is + * appropriate to be used for subpackets that provide information + * about the key, such as the Revocation Key subpacket. It is also + * appropriate for statements that non-self certifiers want to make + * about the key itself, rather than the binding between a key and a + * name. */ + key: 31, + /** 0x20: Key revocation signature + * + * The signature is calculated directly on the key being revoked. A + * revoked key is not to be used. Only revocation signatures by the + * key being revoked, or by an authorized revocation key, should be + * considered valid revocation signatures.a */ + keyRevocation: 32, + /** 0x28: Subkey revocation signature + * + * The signature is calculated directly on the subkey being revoked. + * A revoked subkey is not to be used. Only revocation signatures + * by the top-level signature key that is bound to this subkey, or + * by an authorized revocation key, should be considered valid + * revocation signatures. + * + * Key revocation signatures (types 0x20 and 0x28) + * hash only the key being revoked. */ + subkeyRevocation: 40, + /** 0x40: Timestamp signature. + * This signature is only meaningful for the timestamp contained in + * it. */ + timestamp: 64, + /** 0x50: Third-Party Confirmation signature. + * + * This signature is a signature over some other OpenPGP Signature + * packet(s). It is analogous to a notary seal on the signed data. + * A third-party signature SHOULD include Signature Target + * subpacket(s) to give easy identification. Note that we really do + * mean SHOULD. There are plausible uses for this (such as a blind + * party that only sees the signature, not the key or source + * document) that cannot include a target subpacket. */ + thirdParty: 80 + }, + + /** Signature subpacket type + * @enum {Integer} + * @readonly + */ + signatureSubpacket: { + signatureCreationTime: 2, + signatureExpirationTime: 3, + exportableCertification: 4, + trustSignature: 5, + regularExpression: 6, + revocable: 7, + keyExpirationTime: 9, + placeholderBackwardsCompatibility: 10, + preferredSymmetricAlgorithms: 11, + revocationKey: 12, + issuerKeyID: 16, + notationData: 20, + preferredHashAlgorithms: 21, + preferredCompressionAlgorithms: 22, + keyServerPreferences: 23, + preferredKeyServer: 24, + primaryUserID: 25, + policyURI: 26, + keyFlags: 27, + signersUserID: 28, + reasonForRevocation: 29, + features: 30, + signatureTarget: 31, + embeddedSignature: 32, + issuerFingerprint: 33, + preferredAEADAlgorithms: 34, + preferredCipherSuites: 39 + }, + + /** Key flags + * @enum {Integer} + * @readonly + */ + keyFlags: { + /** 0x01 - This key may be used to certify other keys. */ + certifyKeys: 1, + /** 0x02 - This key may be used to sign data. */ + signData: 2, + /** 0x04 - This key may be used to encrypt communications. */ + encryptCommunication: 4, + /** 0x08 - This key may be used to encrypt storage. */ + encryptStorage: 8, + /** 0x10 - The private component of this key may have been split + * by a secret-sharing mechanism. */ + splitPrivateKey: 16, + /** 0x20 - This key may be used for authentication. */ + authentication: 32, + /** 0x80 - The private component of this key may be in the + * possession of more than one person. */ + sharedPrivateKey: 128 + }, + + /** Armor type + * @enum {Integer} + * @readonly + */ + armor: { + multipartSection: 0, + multipartLast: 1, + signed: 2, + message: 3, + publicKey: 4, + privateKey: 5, + signature: 6 + }, + + /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23} + * @enum {Integer} + * @readonly + */ + reasonForRevocation: { + /** No reason specified (key revocations or cert revocations) */ + noReason: 0, + /** Key is superseded (key revocations) */ + keySuperseded: 1, + /** Key material has been compromised (key revocations) */ + keyCompromised: 2, + /** Key is retired and no longer used (key revocations) */ + keyRetired: 3, + /** User ID information is no longer valid (cert revocations) */ + userIDInvalid: 32 + }, + + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25} + * @enum {Integer} + * @readonly + */ + features: { + /** 0x01 - Modification Detection (packets 18 and 19) */ + modificationDetection: 1, + /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5 + * Symmetric-Key Encrypted Session Key Packets (packet 3) */ + aead: 2, + /** 0x04 - Version 5 Public-Key Packet format and corresponding new + * fingerprint format */ + v5Keys: 4, + seipdv2: 8 + }, + + /** + * Asserts validity of given value and converts from string/integer to integer. + * @param {Object} type target enum type + * @param {String|Integer} e value to check and/or convert + * @returns {Integer} enum value if it exists + * @throws {Error} if the value is invalid + */ + write: function(type, e) { + if (typeof e === 'number') { + e = this.read(type, e); + } + + if (type[e] !== undefined) { + return type[e]; + } + + throw new Error('Invalid enum value.'); + }, + + /** + * Converts enum integer value to the corresponding string, if it exists. + * @param {Object} type target enum type + * @param {Integer} e value to convert + * @returns {String} name of enum value if it exists + * @throws {Error} if the value is invalid + */ + read: function(type, e) { + if (!type[byValue]) { + type[byValue] = []; + Object.entries(type).forEach(([key, value]) => { + type[byValue][value] = key; + }); + } + + if (type[byValue][e] !== undefined) { + return type[byValue][e]; + } + + throw new Error('Invalid enum value.'); + } +}; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +var config = { + /** + * @memberof module:config + * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} + */ + preferredHashAlgorithm: enums.hash.sha512, + /** + * @memberof module:config + * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} + */ + preferredSymmetricAlgorithm: enums.symmetric.aes256, + /** + * @memberof module:config + * @property {Integer} compression Default compression algorithm {@link module:enums.compression} + */ + preferredCompressionAlgorithm: enums.compression.uncompressed, + /** + * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. + * This option is applicable to: + * - key generation (encryption key preferences), + * - password-based message encryption, and + * - private key encryption. + * In the case of message encryption using public keys, the encryption key preferences are respected instead. + * Note: not all OpenPGP implementations are compatible with this option. + * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10} + * @memberof module:config + * @property {Boolean} aeadProtect + */ + aeadProtect: false, + /** + * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`) + * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`, + * this option must be set, otherwise key parsing and/or key decryption will fail. + * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys + * will be processed incorrectly. + */ + parseAEADEncryptedV4KeysAsLegacy: false, + /** + * Default Authenticated Encryption with Additional Data (AEAD) encryption mode + * Only has an effect when aeadProtect is set to true. + * @memberof module:config + * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} + */ + preferredAEADAlgorithm: enums.aead.gcm, + /** + * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode + * Only has an effect when aeadProtect is set to true. + * Must be an integer value from 0 to 56. + * @memberof module:config + * @property {Integer} aeadChunkSizeByte + */ + aeadChunkSizeByte: 12, + /** + * Use v6 keys. + * Note: not all OpenPGP implementations are compatible with this option. + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v6Keys + */ + v6Keys: false, + /** + * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet). + * These are non-standard entities, which in the crypto-refresh have been superseded + * by v6 keys and v6 signatures, respectively. + * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries, + * hence parsing them might be necessary in some cases. + */ + enableParsingV5Entities: false, + /** + * S2K (String to Key) type, used for key derivation in the context of secret key encryption + * and password-encrypted data. Weaker s2k options are not allowed. + * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it + * (pending standardisation). + * @memberof module:config + * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k} + */ + s2kType: enums.s2k.iterated, + /** + * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}: + * Iteration Count Byte for Iterated and Salted S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`. + * Note: this is the exponent value, not the final number of iterations (refer to specs for more details). + * @memberof module:config + * @property {Integer} s2kIterationCountByte + */ + s2kIterationCountByte: 224, + /** + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}: + * Argon2 parameters for S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`. + * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"), + * to ensure compatibility with memory-constrained environments. + * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. + * @memberof module:config + * @property {Object} params + * @property {Integer} params.passes - number of iterations t + * @property {Integer} params.parallelism - degree of parallelism p + * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes. + */ + s2kArgon2Params: { + passes: 3, + parallelism: 4, // lanes + memoryExponent: 16 // 64 MiB of RAM + }, + /** + * Allow decryption of messages without integrity protection. + * This is an **insecure** setting: + * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. + * - it enables downgrade attacks against integrity-protected messages. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedMessages + */ + allowUnauthenticatedMessages: false, + /** + * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to + * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible + * and deferring checking their integrity until the decrypted stream has been read in full. + * + * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity: + * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL + * (see https://efail.de/). + * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data. + * + * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedStream + */ + allowUnauthenticatedStream: false, + /** + * Minimum RSA key size allowed for key generation and message signing, verification and encryption. + * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. + * @memberof module:config + * @property {Number} minRSABits + */ + minRSABits: 2047, + /** + * Work-around for rare GPG decryption bug when encrypting with multiple passwords. + * **Slower and slightly less secure** + * @memberof module:config + * @property {Boolean} passwordCollisionCheck + */ + passwordCollisionCheck: false, + /** + * Allow decryption using RSA keys without `encrypt` flag. + * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug + * where key flags were ignored when selecting a key for encryption. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureDecryptionWithSigningKeys: false, + /** + * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. + * Instead, a verification key will also be consider valid as long as it is valid at the current time. + * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, + * and have self-signature's creation date that does not match the primary key creation date. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureVerificationWithReformattedKeys: false, + /** + * Allow using keys that do not have any key flags set. + * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages + * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29). + * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation. + * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm. + */ + allowMissingKeyFlags: false, + /** + * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). + * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: + * - new/incoming messages are automatically decrypted (without user interaction); + * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). + * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. + * @memberof module:config + * @property {Boolean} constantTimePKCS1Decryption + */ + constantTimePKCS1Decryption: false, + /** + * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. + * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. + * However, the more algorithms are added, the slower the decryption procedure becomes. + * @memberof module:config + * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} + */ + constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), + /** + * @memberof module:config + * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error + */ + ignoreUnsupportedPackets: true, + /** + * @memberof module:config + * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error + */ + ignoreMalformedPackets: false, + /** + * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only + * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable + * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). + * @memberof module:config + * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] + */ + additionalAllowedPackets: [], + /** + * @memberof module:config + * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages + */ + showVersion: false, + /** + * @memberof module:config + * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages + */ + showComment: false, + /** + * @memberof module:config + * @property {String} versionString A version string to be included in armored messages + */ + versionString: 'OpenPGP.js 6.0.0', + /** + * @memberof module:config + * @property {String} commentString A comment string to be included in armored messages + */ + commentString: 'https://openpgpjs.org', + + /** + * Max userID string length (used for parsing) + * @memberof module:config + * @property {Integer} maxUserIDLength + */ + maxUserIDLength: 1024 * 5, + /** + * Contains notatations that are considered "known". Known notations do not trigger + * validation error when the notation is marked as critical. + * @memberof module:config + * @property {Array} knownNotations + */ + knownNotations: [], + /** + * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design). + * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur + * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of + * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. + * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. + */ + nonDeterministicSignaturesViaNotation: true, + /** + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. + * When false, certain standard curves will not be supported (depending on the platform). + * @memberof module:config + * @property {Boolean} useEllipticFallback + */ + useEllipticFallback: true, + /** + * Reject insecure hash algorithms + * @memberof module:config + * @property {Set} rejectHashAlgorithms {@link module:enums.hash} + */ + rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), + /** + * Reject insecure message hash algorithms + * @memberof module:config + * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} + */ + rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), + /** + * Reject insecure public key algorithms for key generation and message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} + */ + rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), + /** + * Reject non-standard curves for key generation, message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectCurves {@link module:enums.curve} + */ + rejectCurves: new Set([enums.curve.secp256k1]) +}; + +/** + * @fileoverview This object contains global configuration values. + * @see module:config/config + * @module config + */ + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const debugMode = (() => { + try { + return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env + } catch (e) {} + return false; +})(); + +const util = { + isString: function(data) { + return typeof data === 'string' || data instanceof String; + }, + + nodeRequire: module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('openpgp.cjs', document.baseURI).href))), + + isArray: function(data) { + return data instanceof Array; + }, + + isUint8Array: isUint8Array, + + isStream: isStream, + + /** + * Load noble-curves lib on demand and return the requested curve function + * @param {enums.publicKey} publicKeyAlgo + * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA) + * @returns curve implementation + * @throws on unrecognized curve, or curve not implemented by noble-curve + */ + getNobleCurve: async (publicKeyAlgo, curveName) => { + if (!config.useEllipticFallback) { + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } + + const { nobleCurves } = await Promise.resolve().then(function () { return noble_curves; }); + switch (publicKeyAlgo) { + case enums.publicKey.ecdh: + case enums.publicKey.ecdsa: { + const curve = nobleCurves.get(curveName); + if (!curve) throw new Error('Unsupported curve'); + return curve; + } + case enums.publicKey.x448: + return nobleCurves.get('x448'); + case enums.publicKey.ed448: + return nobleCurves.get('ed448'); + default: + throw new Error('Unsupported curve'); + } + }, + + readNumber: function (bytes) { + let n = 0; + for (let i = 0; i < bytes.length; i++) { + n += (256 ** i) * bytes[bytes.length - 1 - i]; + } + return n; + }, + + writeNumber: function (n, bytes) { + const b = new Uint8Array(bytes); + for (let i = 0; i < bytes; i++) { + b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF; + } + + return b; + }, + + readDate: function (bytes) { + const n = util.readNumber(bytes); + const d = new Date(n * 1000); + return d; + }, + + writeDate: function (time) { + const numeric = Math.floor(time.getTime() / 1000); + + return util.writeNumber(numeric, 4); + }, + + normalizeDate: function (time = Date.now()) { + return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000); + }, + + /** + * Read one MPI from bytes in input + * @param {Uint8Array} bytes - Input data to parse + * @returns {Uint8Array} Parsed MPI. + */ + readMPI: function (bytes) { + const bits = (bytes[0] << 8) | bytes[1]; + const bytelen = (bits + 7) >>> 3; + // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures, + // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed + // has not been authenticated (yet). + // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues. + // Also, AEAD is also not affected. + return util.readExactSubarray(bytes, 2, 2 + bytelen); + }, + + /** + * Read exactly `end - start` bytes from input. + * This is a stricter version of `.subarray`. + * @param {Uint8Array} input - Input data to parse + * @returns {Uint8Array} subarray of size always equal to `end - start` + * @throws if the input array is too short. + */ + readExactSubarray: function (input, start, end) { + if (input.length < (end - start)) { + throw new Error('Input array too short'); + } + return input.subarray(start, end); + }, + + /** + * Left-pad Uint8Array to length by adding 0x0 bytes + * @param {Uint8Array} bytes - Data to pad + * @param {Number} length - Padded length + * @returns {Uint8Array} Padded bytes. + */ + leftPad(bytes, length) { + if (bytes.length > length) { + throw new Error('Input array too long'); + } + const padded = new Uint8Array(length); + const offset = length - bytes.length; + padded.set(bytes, offset); + return padded; + }, + + /** + * Convert a Uint8Array to an MPI-formatted Uint8Array. + * @param {Uint8Array} bin - An array of 8-bit integers to convert + * @returns {Uint8Array} MPI-formatted Uint8Array. + */ + uint8ArrayToMPI: function (bin) { + const bitSize = util.uint8ArrayBitLength(bin); + if (bitSize === 0) { + throw new Error('Zero MPI'); + } + const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8)); + const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]); + return util.concatUint8Array([prefix, stripped]); + }, + + /** + * Return bit length of the input data + * @param {Uint8Array} bin input data (big endian) + * @returns bit length + */ + uint8ArrayBitLength: function (bin) { + let i; // index of leading non-zero byte + for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break; + if (i === bin.length) { + return 0; + } + const stripped = bin.subarray(i); + return (stripped.length - 1) * 8 + util.nbits(stripped[0]); + }, + + /** + * Convert a hex string to an array of 8-bit integers + * @param {String} hex - A hex string to convert + * @returns {Uint8Array} An array of 8-bit integers. + */ + hexToUint8Array: function (hex) { + const result = new Uint8Array(hex.length >> 1); + for (let k = 0; k < hex.length >> 1; k++) { + result[k] = parseInt(hex.substr(k << 1, 2), 16); + } + return result; + }, + + /** + * Convert an array of 8-bit integers to a hex string + * @param {Uint8Array} bytes - Array of 8-bit integers to convert + * @returns {String} Hexadecimal representation of the array. + */ + uint8ArrayToHex: function (bytes) { + const hexAlphabet = '0123456789abcdef'; + let s = ''; + bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; }); + return s; + }, + + /** + * Convert a string to an array of 8-bit integers + * @param {String} str - String to convert + * @returns {Uint8Array} An array of 8-bit integers. + */ + stringToUint8Array: function (str) { + return transform(str, str => { + if (!util.isString(str)) { + throw new Error('stringToUint8Array: Data must be in the form of a string'); + } + + const result = new Uint8Array(str.length); + for (let i = 0; i < str.length; i++) { + result[i] = str.charCodeAt(i); + } + return result; + }); + }, + + /** + * Convert an array of 8-bit integers to a string + * @param {Uint8Array} bytes - An array of 8-bit integers to convert + * @returns {String} String representation of the array. + */ + uint8ArrayToString: function (bytes) { + bytes = new Uint8Array(bytes); + const result = []; + const bs = 1 << 14; + const j = bytes.length; + + for (let i = 0; i < j; i += bs) { + result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j))); + } + return result.join(''); + }, + + /** + * Convert a native javascript string to a Uint8Array of utf8 bytes + * @param {String|ReadableStream} str - The string to convert + * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes. + */ + encodeUTF8: function (str) { + const encoder = new TextEncoder('utf-8'); + // eslint-disable-next-line no-inner-declarations + function process(value, lastChunk = false) { + return encoder.encode(value, { stream: !lastChunk }); + } + return transform(str, process, () => process('', true)); + }, + + /** + * Convert a Uint8Array of utf8 bytes to a native javascript string + * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes + * @returns {String|ReadableStream} A native javascript string. + */ + decodeUTF8: function (utf8) { + const decoder = new TextDecoder('utf-8'); + // eslint-disable-next-line no-inner-declarations + function process(value, lastChunk = false) { + return decoder.decode(value, { stream: !lastChunk }); + } + return transform(utf8, process, () => process(new Uint8Array(), true)); + }, + + /** + * Concat a list of Uint8Arrays, Strings or Streams + * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams. + * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate + * @returns {Uint8Array|String|ReadableStream} Concatenated array. + */ + concat: concat, + + /** + * Concat Uint8Arrays + * @param {Array} Array - Of Uint8Arrays to concatenate + * @returns {Uint8Array} Concatenated array. + */ + concatUint8Array: concatUint8Array, + + /** + * Check Uint8Array equality + * @param {Uint8Array} array1 - First array + * @param {Uint8Array} array2 - Second array + * @returns {Boolean} Equality. + */ + equalsUint8Array: function (array1, array2) { + if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) { + throw new Error('Data must be in the form of a Uint8Array'); + } + + if (array1.length !== array2.length) { + return false; + } + + for (let i = 0; i < array1.length; i++) { + if (array1[i] !== array2[i]) { + return false; + } + } + return true; + }, + + /** + * Calculates a 16bit sum of a Uint8Array by adding each character + * codes modulus 65535 + * @param {Uint8Array} Uint8Array - To create a sum of + * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535. + */ + writeChecksum: function (text) { + let s = 0; + for (let i = 0; i < text.length; i++) { + s = (s + text[i]) & 0xFFFF; + } + return util.writeNumber(s, 2); + }, + + /** + * Helper function to print a debug message. Debug + * messages are only printed if + * @param {String} str - String of the debug message + */ + printDebug: function (str) { + if (debugMode) { + console.log('[OpenPGP.js debug]', str); + } + }, + + /** + * Helper function to print a debug error. Debug + * messages are only printed if + * @param {String} str - String of the debug message + */ + printDebugError: function (error) { + if (debugMode) { + console.error('[OpenPGP.js debug]', error); + } + }, + + // returns bit length of the integer x + nbits: function (x) { + let r = 1; + let t = x >>> 16; + if (t !== 0) { + x = t; + r += 16; + } + t = x >> 8; + if (t !== 0) { + x = t; + r += 8; + } + t = x >> 4; + if (t !== 0) { + x = t; + r += 4; + } + t = x >> 2; + if (t !== 0) { + x = t; + r += 2; + } + t = x >> 1; + if (t !== 0) { + x = t; + r += 1; + } + return r; + }, + + /** + * If S[1] == 0, then double(S) == (S[2..128] || 0); + * otherwise, double(S) == (S[2..128] || 0) xor + * (zeros(120) || 10000111). + * + * Both OCB and EAX (through CMAC) require this function to be constant-time. + * + * @param {Uint8Array} data + */ + double: function(data) { + const doubleVar = new Uint8Array(data.length); + const last = data.length - 1; + for (let i = 0; i < last; i++) { + doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7); + } + doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87); + return doubleVar; + }, + + /** + * Shift a Uint8Array to the right by n bits + * @param {Uint8Array} array - The array to shift + * @param {Integer} bits - Amount of bits to shift (MUST be smaller + * than 8) + * @returns {String} Resulting array. + */ + shiftRight: function (array, bits) { + if (bits) { + for (let i = array.length - 1; i >= 0; i--) { + array[i] >>= bits; + if (i > 0) { + array[i] |= (array[i - 1] << (8 - bits)); + } + } + } + return array; + }, + + /** + * Get native Web Cryptography API. + * @returns {Object} The SubtleCrypto API + * @throws if the API is not available + */ + getWebCrypto: function() { + const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + // Fallback for Node 16, which does not expose WebCrypto as a global + const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle; + if (!webCrypto) { + throw new Error('The WebCrypto API is not available'); + } + return webCrypto; + }, + + /** + * Get native Node.js crypto api. + * @returns {Object} The crypto module or 'undefined'. + */ + getNodeCrypto: function() { + return this.nodeRequire('crypto'); + }, + + getNodeZlib: function() { + return this.nodeRequire('zlib'); + }, + + /** + * Get native Node.js Buffer constructor. This should be used since + * Buffer is not available under browserify. + * @returns {Function} The Buffer constructor or 'undefined'. + */ + getNodeBuffer: function() { + return (this.nodeRequire('buffer') || {}).Buffer; + }, + + getHardwareConcurrency: function() { + if (typeof navigator !== 'undefined') { + return navigator.hardwareConcurrency || 1; + } + + const os = this.nodeRequire('os'); // Assume we're on Node.js. + return os.cpus().length; + }, + + /** + * Test email format to ensure basic compliance: + * - must include a single @ + * - no control or space unicode chars allowed + * - no backslash and square brackets (as the latter can mess with the userID parsing) + * - cannot end with a punctuation char + * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation, + * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)). + */ + isEmailAddress: function(data) { + if (!util.isString(data)) { + return false; + } + const re = /^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u; + return re.test(data); + }, + + /** + * Normalize line endings to + * Support any encoding where CR=0x0D, LF=0x0A + */ + canonicalizeEOL: function(data) { + const CR = 13; + const LF = 10; + let carryOverCR = false; + + return transform(data, bytes => { + if (carryOverCR) { + bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]); + } + + if (bytes[bytes.length - 1] === CR) { + carryOverCR = true; + bytes = bytes.subarray(0, -1); + } else { + carryOverCR = false; + } + + let index; + const indices = []; + for (let i = 0; ; i = index) { + index = bytes.indexOf(LF, i) + 1; + if (index) { + if (bytes[index - 2] !== CR) indices.push(index); + } else { + break; + } + } + if (!indices.length) { + return bytes; + } + + const normalized = new Uint8Array(bytes.length + indices.length); + let j = 0; + for (let i = 0; i < indices.length; i++) { + const sub = bytes.subarray(indices[i - 1] || 0, indices[i]); + normalized.set(sub, j); + j += sub.length; + normalized[j - 1] = CR; + normalized[j] = LF; + j++; + } + normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j); + return normalized; + }, () => (carryOverCR ? new Uint8Array([CR]) : undefined)); + }, + + /** + * Convert line endings from canonicalized to native + * Support any encoding where CR=0x0D, LF=0x0A + */ + nativeEOL: function(data) { + const CR = 13; + const LF = 10; + let carryOverCR = false; + + return transform(data, bytes => { + if (carryOverCR && bytes[0] !== LF) { + bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]); + } else { + bytes = new Uint8Array(bytes); // Don't mutate passed bytes + } + + if (bytes[bytes.length - 1] === CR) { + carryOverCR = true; + bytes = bytes.subarray(0, -1); + } else { + carryOverCR = false; + } + + let index; + let j = 0; + for (let i = 0; i !== bytes.length; i = index) { + index = bytes.indexOf(CR, i) + 1; + if (!index) index = bytes.length; + const last = index - (bytes[index] === LF ? 1 : 0); + if (i) bytes.copyWithin(j, i, last); + j += last - i; + } + return bytes.subarray(0, j); + }, () => (carryOverCR ? new Uint8Array([CR]) : undefined)); + }, + + /** + * Remove trailing spaces, carriage returns and tabs from each line + */ + removeTrailingSpaces: function(text) { + return text.split('\n').map(line => { + let i = line.length - 1; + for (; i >= 0 && (line[i] === ' ' || line[i] === '\t' || line[i] === '\r'); i--); + return line.substr(0, i + 1); + }).join('\n'); + }, + + wrapError: function(message, error) { + if (!error) { + return new Error(message); + } + + // update error message + try { + error.message = message + ': ' + error.message; + } catch (e) {} + + return error; + }, + + /** + * Map allowed packet tags to corresponding classes + * Meant to be used to format `allowedPacket` for Packetlist.read + * @param {Array} allowedClasses + * @returns {Object} map from enum.packet to corresponding *Packet class + */ + constructAllowedPackets: function(allowedClasses) { + const map = {}; + allowedClasses.forEach(PacketClass => { + if (!PacketClass.tag) { + throw new Error('Invalid input: expected a packet class'); + } + map[PacketClass.tag] = PacketClass; + }); + return map; + }, + + /** + * Return a Promise that will resolve as soon as one of the promises in input resolves + * or will reject if all input promises all rejected + * (similar to Promise.any, but with slightly different error handling) + * @param {Array} promises + * @return {Promise} Promise resolving to the result of the fastest fulfilled promise + * or rejected with the Error of the last resolved Promise (if all promises are rejected) + */ + anyPromise: function(promises) { + // eslint-disable-next-line no-async-promise-executor + return new Promise(async (resolve, reject) => { + let exception; + await Promise.all(promises.map(async promise => { + try { + resolve(await promise); + } catch (e) { + exception = e; + } + })); + reject(exception); + }); + }, + + /** + * Return either `a` or `b` based on `cond`, in algorithmic constant time. + * @param {Boolean} cond + * @param {Uint8Array} a + * @param {Uint8Array} b + * @returns `a` if `cond` is true, `b` otherwise + */ + selectUint8Array: function(cond, a, b) { + const length = Math.max(a.length, b.length); + const result = new Uint8Array(length); + let end = 0; + for (let i = 0; i < result.length; i++) { + result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond)); + end += (cond & i < a.length) | ((1 - cond) & i < b.length); + } + return result.subarray(0, end); + }, + /** + * Return either `a` or `b` based on `cond`, in algorithmic constant time. + * NB: it only supports `a, b` with values between 0-255. + * @param {Boolean} cond + * @param {Uint8} a + * @param {Uint8} b + * @returns `a` if `cond` is true, `b` otherwise + */ + selectUint8: function(cond, a, b) { + return (a & (256 - cond)) | (b & (255 + cond)); + }, + /** + * @param {module:enums.symmetric} cipherAlgo + */ + isAES: function(cipherAlgo) { + return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256; + } +}; + +/* OpenPGP radix-64/base64 string encoding/decoding + * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de + * version 1.0, check www.haneWIN.de for the latest version + * + * This software is provided as-is, without express or implied warranty. + * Permission to use, copy, modify, distribute or sell this software, with or + * without fee, for any purpose and by any individual or organization, is hereby + * granted, provided that the above copyright notice and this paragraph appear + * in all copies. Distribution as a part of an application or binary must + * include the above copyright notice in the documentation and/or other materials + * provided with the application or distribution. + */ + + +const Buffer$3 = util.getNodeBuffer(); + +let encodeChunk; +let decodeChunk; +if (Buffer$3) { + encodeChunk = buf => Buffer$3.from(buf).toString('base64'); + decodeChunk = str => { + const b = Buffer$3.from(str, 'base64'); + return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); + }; +} else { + encodeChunk = buf => btoa(util.uint8ArrayToString(buf)); + decodeChunk = str => util.stringToUint8Array(atob(str)); +} + +/** + * Convert binary array to radix-64 + * @param {Uint8Array | ReadableStream} data - Uint8Array to convert + * @returns {String | ReadableStream} Radix-64 version of input string. + * @static + */ +function encode$1(data) { + let buf = new Uint8Array(); + return transform(data, value => { + buf = util.concatUint8Array([buf, value]); + const r = []; + const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64). + const lines = Math.floor(buf.length / bytesPerLine); + const bytes = lines * bytesPerLine; + const encoded = encodeChunk(buf.subarray(0, bytes)); + for (let i = 0; i < lines; i++) { + r.push(encoded.substr(i * 60, 60)); + r.push('\n'); + } + buf = buf.subarray(bytes); + return r.join(''); + }, () => (buf.length ? encodeChunk(buf) + '\n' : '')); +} + +/** + * Convert radix-64 to binary array + * @param {String | ReadableStream} data - Radix-64 string to convert + * @returns {Uint8Array | ReadableStream} Binary array version of input string. + * @static + */ +function decode$2(data) { + let buf = ''; + return transform(data, value => { + buf += value; + + // Count how many whitespace characters there are in buf + let spaces = 0; + const spacechars = [' ', '\t', '\r', '\n']; + for (let i = 0; i < spacechars.length; i++) { + const spacechar = spacechars[i]; + for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) { + spaces++; + } + } + + // Backtrack until we have 4n non-whitespace characters + // that we can safely base64-decode + let length = buf.length; + for (; length > 0 && (length - spaces) % 4 !== 0; length--) { + if (spacechars.includes(buf[length])) spaces--; + } + + const decoded = decodeChunk(buf.substr(0, length)); + buf = buf.substr(length); + return decoded; + }, () => decodeChunk(buf)); +} + +/** + * Convert a Base-64 encoded string an array of 8-bit integer + * + * Note: accepts both Radix-64 and URL-safe strings + * @param {String} base64 - Base-64 encoded string to convert + * @returns {Uint8Array} An array of 8-bit integers. + */ +function b64ToUint8Array(base64) { + return decode$2(base64.replace(/-/g, '+').replace(/_/g, '/')); +} + +/** + * Convert an array of 8-bit integer to a Base-64 encoded string + * @param {Uint8Array} bytes - An array of 8-bit integers to convert + * @param {bool} url - If true, output is URL-safe + * @returns {String} Base-64 encoded string. + */ +function uint8ArrayToB64(bytes, url) { + let encoded = encode$1(bytes).replace(/[\r\n]/g, ''); + { + encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); + } + return encoded; +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Finds out which Ascii Armoring type is used. Throws error if unknown type. + * @param {String} text - ascii armored text + * @returns {Integer} 0 = MESSAGE PART n of m. + * 1 = MESSAGE PART n + * 2 = SIGNED MESSAGE + * 3 = PGP MESSAGE + * 4 = PUBLIC KEY BLOCK + * 5 = PRIVATE KEY BLOCK + * 6 = SIGNATURE + * @private + */ +function getType(text) { + const reHeader = /^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m; + + const header = text.match(reHeader); + + if (!header) { + throw new Error('Unknown ASCII armor type'); + } + + // BEGIN PGP MESSAGE, PART X/Y + // Used for multi-part messages, where the armor is split amongst Y + // parts, and this is the Xth part out of Y. + if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { + return enums.armor.multipartSection; + } + // BEGIN PGP MESSAGE, PART X + // Used for multi-part messages, where this is the Xth part of an + // unspecified number of parts. Requires the MESSAGE-ID Armor + // Header to be used. + if (/MESSAGE, PART \d+/.test(header[1])) { + return enums.armor.multipartLast; + } + // BEGIN PGP SIGNED MESSAGE + if (/SIGNED MESSAGE/.test(header[1])) { + return enums.armor.signed; + } + // BEGIN PGP MESSAGE + // Used for signed, encrypted, or compressed files. + if (/MESSAGE/.test(header[1])) { + return enums.armor.message; + } + // BEGIN PGP PUBLIC KEY BLOCK + // Used for armoring public keys. + if (/PUBLIC KEY BLOCK/.test(header[1])) { + return enums.armor.publicKey; + } + // BEGIN PGP PRIVATE KEY BLOCK + // Used for armoring private keys. + if (/PRIVATE KEY BLOCK/.test(header[1])) { + return enums.armor.privateKey; + } + // BEGIN PGP SIGNATURE + // Used for detached signatures, OpenPGP/MIME signatures, and + // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE + // for detached signatures. + if (/SIGNATURE/.test(header[1])) { + return enums.armor.signature; + } +} + +/** + * Add additional information to the armor version of an OpenPGP binary + * packet block. + * @author Alex + * @version 2011-12-16 + * @param {String} [customComment] - Additional comment to add to the armored string + * @returns {String} The header information. + * @private + */ +function addheader(customComment, config) { + let result = ''; + if (config.showVersion) { + result += 'Version: ' + config.versionString + '\n'; + } + if (config.showComment) { + result += 'Comment: ' + config.commentString + '\n'; + } + if (customComment) { + result += 'Comment: ' + customComment + '\n'; + } + result += '\n'; + return result; +} + +/** + * Calculates a checksum over the given data and returns it base64 encoded + * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for + * @returns {String | ReadableStream} Base64 encoded checksum. + * @private + */ +function getCheckSum(data) { + const crc = createcrc24(data); + return encode$1(crc); +} + +// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview + +const crc_table = [ + new Array(0xFF), + new Array(0xFF), + new Array(0xFF), + new Array(0xFF) +]; + +for (let i = 0; i <= 0xFF; i++) { + let crc = i << 16; + for (let j = 0; j < 8; j++) { + crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0); + } + crc_table[0][i] = + ((crc & 0xFF0000) >> 16) | + (crc & 0x00FF00) | + ((crc & 0x0000FF) << 16); +} +for (let i = 0; i <= 0xFF; i++) { + crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF]; +} +for (let i = 0; i <= 0xFF; i++) { + crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF]; +} +for (let i = 0; i <= 0xFF; i++) { + crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF]; +} + +// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness +const isLittleEndian$1 = (function() { + const buffer = new ArrayBuffer(2); + new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */); + // Int16Array uses the platform's endianness. + return new Int16Array(buffer)[0] === 0xFF; +}()); + +/** + * Internal function to calculate a CRC-24 checksum over a given string (data) + * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for + * @returns {Uint8Array | ReadableStream} The CRC-24 checksum. + * @private + */ +function createcrc24(input) { + let crc = 0xCE04B7; + return transform(input, value => { + const len32 = isLittleEndian$1 ? Math.floor(value.length / 4) : 0; + const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32); + for (let i = 0; i < len32; i++) { + crc ^= arr32[i]; + crc = + crc_table[0][(crc >> 24) & 0xFF] ^ + crc_table[1][(crc >> 16) & 0xFF] ^ + crc_table[2][(crc >> 8) & 0xFF] ^ + crc_table[3][(crc >> 0) & 0xFF]; + } + for (let i = len32 * 4; i < value.length; i++) { + crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]]; + } + }, () => new Uint8Array([crc, crc >> 8, crc >> 16])); +} + +/** + * Verify armored headers. crypto-refresh-06, section 6.2: + * "An OpenPGP implementation may consider improperly formatted Armor + * Headers to be corruption of the ASCII Armor, but SHOULD make an + * effort to recover." + * @private + * @param {Array} headers - Armor headers + */ +function verifyHeaders$1(headers) { + for (let i = 0; i < headers.length; i++) { + if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { + util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); + } + if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) { + util.printDebugError(new Error('Unknown header: ' + headers[i])); + } + } +} + +/** + * Remove the (optional) checksum from an armored message. + * @param {String} text - OpenPGP armored message + * @returns {String} The body of the armored message. + * @private + */ +function removeChecksum(text) { + let body = text; + + const lastEquals = text.lastIndexOf('='); + + if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum + body = text.slice(0, lastEquals); + } + + return body; +} + +/** + * Dearmor an OpenPGP armored message; verify the checksum and return + * the encoded bytes + * @param {String} input - OpenPGP armored message + * @returns {Promise} An object with attribute "text" containing the message text, + * an attribute "data" containing a stream of bytes and "type" for the ASCII armor type + * @async + * @static + */ +function unarmor(input) { + // eslint-disable-next-line no-async-promise-executor + return new Promise(async (resolve, reject) => { + try { + const reSplit = /^-----[^-]+-----$/m; + const reEmptyLine = /^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/; + + let type; + const headers = []; + let lastHeaders = headers; + let headersDone; + let text = []; + let textDone; + const data = decode$2(transformPair(input, async (readable, writable) => { + const reader = getReader(readable); + try { + while (true) { + let line = await reader.readLine(); + if (line === undefined) { + throw new Error('Misformed armored text'); + } + // remove trailing whitespace at end of lines + line = util.removeTrailingSpaces(line.replace(/[\r\n]/g, '')); + if (!type) { + if (reSplit.test(line)) { + type = getType(line); + } + } else if (!headersDone) { + if (reSplit.test(line)) { + reject(new Error('Mandatory blank line missing between armor headers and armor data')); + } + if (!reEmptyLine.test(line)) { + lastHeaders.push(line); + } else { + verifyHeaders$1(lastHeaders); + headersDone = true; + if (textDone || type !== enums.armor.signed) { + resolve({ text, data, headers, type }); + break; + } + } + } else if (!textDone && type === enums.armor.signed) { + if (!reSplit.test(line)) { + // Reverse dash-escaping for msg + text.push(line.replace(/^- /, '')); + } else { + text = text.join('\r\n'); + textDone = true; + verifyHeaders$1(lastHeaders); + lastHeaders = []; + headersDone = false; + } + } + } + } catch (e) { + reject(e); + return; + } + const writer = getWriter(writable); + try { + while (true) { + await writer.ready; + const { done, value } = await reader.read(); + if (done) { + throw new Error('Misformed armored text'); + } + const line = value + ''; + if (line.indexOf('=') === -1 && line.indexOf('-') === -1) { + await writer.write(line); + } else { + let remainder = await reader.readToEnd(); + if (!remainder.length) remainder = ''; + remainder = line + remainder; + remainder = util.removeTrailingSpaces(remainder.replace(/\r/g, '')); + const parts = remainder.split(reSplit); + if (parts.length === 1) { + throw new Error('Misformed armored text'); + } + const body = removeChecksum(parts[0].slice(0, -1)); + await writer.write(body); + break; + } + } + await writer.ready; + await writer.close(); + } catch (e) { + await writer.abort(e); + } + })); + } catch (e) { + reject(e); + } + }).then(async result => { + if (isArrayStream(result.data)) { + result.data = await readToEnd(result.data); + } + return result; + }); +} + + +/** + * Armor an OpenPGP binary packet block + * @param {module:enums.armor} messageType - Type of the message + * @param {Uint8Array | ReadableStream} body - The message body to armor + * @param {Integer} [partIndex] + * @param {Integer} [partTotal] + * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {String | ReadableStream} Armored text. + * @static + */ +function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config$1 = config) { + let text; + let hash; + if (messageType === enums.armor.signed) { + text = body.text; + hash = body.hash; + body = body.data; + } + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && passiveClone(body); + + const result = []; + switch (messageType) { + case enums.armor.multipartSection: + result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); + break; + case enums.armor.multipartLast: + result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); + break; + case enums.armor.signed: + result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); + result.push(hash ? `Hash: ${hash}\n\n` : '\n'); + result.push(text.replace(/^-/mg, '- -')); + result.push('\n-----BEGIN PGP SIGNATURE-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP SIGNATURE-----\n'); + break; + case enums.armor.message: + result.push('-----BEGIN PGP MESSAGE-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP MESSAGE-----\n'); + break; + case enums.armor.publicKey: + result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); + break; + case enums.armor.privateKey: + result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); + break; + case enums.armor.signature: + result.push('-----BEGIN PGP SIGNATURE-----\n'); + result.push(addheader(customComment, config$1)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); + result.push('-----END PGP SIGNATURE-----\n'); + break; + } + + return util.concat(result); +} + +async function getLegacyCipher(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + throw new Error('Not a legacy cipher'); + case enums.symmetric.cast5: + case enums.symmetric.blowfish: + case enums.symmetric.twofish: + case enums.symmetric.tripledes: { + const { legacyCiphers } = await Promise.resolve().then(function () { return legacy_ciphers; }); + const cipher = legacyCiphers.get(algo); + if (!cipher) { + throw new Error('Unsupported cipher algorithm'); + } + return cipher; + } + default: + throw new Error('Unsupported cipher algorithm'); + } +} + +/** + * Get block size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherBlockSize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 16; + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + case enums.symmetric.tripledes: + return 8; + default: + throw new Error('Unsupported cipher'); + } +} + +/** + * Get key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherKeySize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + return 16; + case enums.symmetric.aes192: + case enums.symmetric.tripledes: + return 24; + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 32; + default: + throw new Error('Unsupported cipher'); + } +} + +/** + * Get block and key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherParams(algo) { + return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) }; +} + +var cipher = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCipherParams: getCipherParams, + getLegacyCipher: getLegacyCipher +}); + +/** + * A fast MD5 JavaScript implementation + * Copyright (c) 2012 Joseph Myers + * http://www.myersdaily.org/joseph/javascript/md5-text.html + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purposes and without + * fee is hereby granted provided that this copyright notice + * appears in all copies. + * + * Of course, this soft is provided "as is" without express or implied + * warranty of any kind. + */ + + +// MD5 Digest +async function md5(entree) { + const digest = md51(util.uint8ArrayToString(entree)); + return util.hexToUint8Array(hex(digest)); +} + +function md5cycle(x, k) { + let a = x[0]; + let b = x[1]; + let c = x[2]; + let d = x[3]; + + a = ff(a, b, c, d, k[0], 7, -680876936); + d = ff(d, a, b, c, k[1], 12, -389564586); + c = ff(c, d, a, b, k[2], 17, 606105819); + b = ff(b, c, d, a, k[3], 22, -1044525330); + a = ff(a, b, c, d, k[4], 7, -176418897); + d = ff(d, a, b, c, k[5], 12, 1200080426); + c = ff(c, d, a, b, k[6], 17, -1473231341); + b = ff(b, c, d, a, k[7], 22, -45705983); + a = ff(a, b, c, d, k[8], 7, 1770035416); + d = ff(d, a, b, c, k[9], 12, -1958414417); + c = ff(c, d, a, b, k[10], 17, -42063); + b = ff(b, c, d, a, k[11], 22, -1990404162); + a = ff(a, b, c, d, k[12], 7, 1804603682); + d = ff(d, a, b, c, k[13], 12, -40341101); + c = ff(c, d, a, b, k[14], 17, -1502002290); + b = ff(b, c, d, a, k[15], 22, 1236535329); + + a = gg(a, b, c, d, k[1], 5, -165796510); + d = gg(d, a, b, c, k[6], 9, -1069501632); + c = gg(c, d, a, b, k[11], 14, 643717713); + b = gg(b, c, d, a, k[0], 20, -373897302); + a = gg(a, b, c, d, k[5], 5, -701558691); + d = gg(d, a, b, c, k[10], 9, 38016083); + c = gg(c, d, a, b, k[15], 14, -660478335); + b = gg(b, c, d, a, k[4], 20, -405537848); + a = gg(a, b, c, d, k[9], 5, 568446438); + d = gg(d, a, b, c, k[14], 9, -1019803690); + c = gg(c, d, a, b, k[3], 14, -187363961); + b = gg(b, c, d, a, k[8], 20, 1163531501); + a = gg(a, b, c, d, k[13], 5, -1444681467); + d = gg(d, a, b, c, k[2], 9, -51403784); + c = gg(c, d, a, b, k[7], 14, 1735328473); + b = gg(b, c, d, a, k[12], 20, -1926607734); + + a = hh(a, b, c, d, k[5], 4, -378558); + d = hh(d, a, b, c, k[8], 11, -2022574463); + c = hh(c, d, a, b, k[11], 16, 1839030562); + b = hh(b, c, d, a, k[14], 23, -35309556); + a = hh(a, b, c, d, k[1], 4, -1530992060); + d = hh(d, a, b, c, k[4], 11, 1272893353); + c = hh(c, d, a, b, k[7], 16, -155497632); + b = hh(b, c, d, a, k[10], 23, -1094730640); + a = hh(a, b, c, d, k[13], 4, 681279174); + d = hh(d, a, b, c, k[0], 11, -358537222); + c = hh(c, d, a, b, k[3], 16, -722521979); + b = hh(b, c, d, a, k[6], 23, 76029189); + a = hh(a, b, c, d, k[9], 4, -640364487); + d = hh(d, a, b, c, k[12], 11, -421815835); + c = hh(c, d, a, b, k[15], 16, 530742520); + b = hh(b, c, d, a, k[2], 23, -995338651); + + a = ii(a, b, c, d, k[0], 6, -198630844); + d = ii(d, a, b, c, k[7], 10, 1126891415); + c = ii(c, d, a, b, k[14], 15, -1416354905); + b = ii(b, c, d, a, k[5], 21, -57434055); + a = ii(a, b, c, d, k[12], 6, 1700485571); + d = ii(d, a, b, c, k[3], 10, -1894986606); + c = ii(c, d, a, b, k[10], 15, -1051523); + b = ii(b, c, d, a, k[1], 21, -2054922799); + a = ii(a, b, c, d, k[8], 6, 1873313359); + d = ii(d, a, b, c, k[15], 10, -30611744); + c = ii(c, d, a, b, k[6], 15, -1560198380); + b = ii(b, c, d, a, k[13], 21, 1309151649); + a = ii(a, b, c, d, k[4], 6, -145523070); + d = ii(d, a, b, c, k[11], 10, -1120210379); + c = ii(c, d, a, b, k[2], 15, 718787259); + b = ii(b, c, d, a, k[9], 21, -343485551); + + x[0] = add32(a, x[0]); + x[1] = add32(b, x[1]); + x[2] = add32(c, x[2]); + x[3] = add32(d, x[3]); +} + +function cmn(q, a, b, x, s, t) { + a = add32(add32(a, q), add32(x, t)); + return add32((a << s) | (a >>> (32 - s)), b); +} + +function ff(a, b, c, d, x, s, t) { + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} + +function gg(a, b, c, d, x, s, t) { + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} + +function hh(a, b, c, d, x, s, t) { + return cmn(b ^ c ^ d, a, b, x, s, t); +} + +function ii(a, b, c, d, x, s, t) { + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} + +function md51(s) { + const n = s.length; + const state = [1732584193, -271733879, -1732584194, 271733878]; + let i; + for (i = 64; i <= s.length; i += 64) { + md5cycle(state, md5blk(s.substring(i - 64, i))); + } + s = s.substring(i - 64); + const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for (i = 0; i < s.length; i++) { + tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + } + tail[i >> 2] |= 0x80 << ((i % 4) << 3); + if (i > 55) { + md5cycle(state, tail); + for (i = 0; i < 16; i++) { + tail[i] = 0; + } + } + tail[14] = n * 8; + md5cycle(state, tail); + return state; +} + +/* there needs to be support for Unicode here, + * unless we pretend that we can redefine the MD-5 + * algorithm for multi-byte characters (perhaps + * by adding every four 16-bit characters and + * shortening the sum to 32 bits). Otherwise + * I suggest performing MD-5 as if every character + * was two bytes--e.g., 0040 0025 = @%--but then + * how will an ordinary MD-5 sum be matched? + * There is no way to standardize text to something + * like UTF-8 before transformation; speed cost is + * utterly prohibitive. The JavaScript standard + * itself needs to look at this: it should start + * providing access to strings as preformed UTF-8 + * 8-bit unsigned value arrays. + */ +function md5blk(s) { /* I figured global was faster. */ + const md5blks = []; + let i; /* Andy King said do it this way. */ + for (i = 0; i < 64; i += 4) { + md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << + 24); + } + return md5blks; +} + +const hex_chr = '0123456789abcdef'.split(''); + +function rhex(n) { + let s = ''; + let j = 0; + for (; j < 4; j++) { + s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; + } + return s; +} + +function hex(x) { + for (let i = 0; i < x.length; i++) { + x[i] = rhex(x[i]); + } + return x.join(''); +} + +/* this function is much faster, +so if possible we use it. Some IEs +are the only ones I know of that +need the idiotic second function, +generated by an if clause. */ + +function add32(a, b) { + return (a + b) & 0xFFFFFFFF; +} + +/** + * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. + * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} + * @see {@link https://github.com/indutny/hash.js|hash.js} + * @module crypto/hash + */ + + +const webCrypto$a = util.getWebCrypto(); +const nodeCrypto$9 = util.getNodeCrypto(); +const nodeCryptoHashes = nodeCrypto$9 && nodeCrypto$9.getHashes(); + +function nodeHash(type) { + if (!nodeCrypto$9 || !nodeCryptoHashes.includes(type)) { + return; + } + return async function (data) { + const shasum = nodeCrypto$9.createHash(type); + return transform(data, value => { + shasum.update(value); + }, () => new Uint8Array(shasum.digest())); + }; +} + +function nobleHash(nobleHashName, webCryptoHashName) { + const getNobleHash = async () => { + const { nobleHashes } = await Promise.resolve().then(function () { return noble_hashes; }); + const hash = nobleHashes.get(nobleHashName); + if (!hash) throw new Error('Unsupported hash'); + return hash; + }; + + return async function(data) { + if (isArrayStream(data)) { + data = await readToEnd(data); + } + if (util.isStream(data)) { + const hash = await getNobleHash(); + + const hashInstance = hash.create(); + return transform(data, value => { + hashInstance.update(value); + }, () => hashInstance.digest()); + } else if (webCrypto$a && webCryptoHashName) { + return new Uint8Array(await webCrypto$a.digest(webCryptoHashName, data)); + } else { + const hash = await getNobleHash(); + + return hash(data); + } + }; +} + +var hash$1 = { + + /** @see module:md5 */ + md5: nodeHash('md5') || md5, + sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'), + sha224: nodeHash('sha224') || nobleHash('sha224'), + sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'), + sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'), + sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'), + ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'), + sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'), + sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'), + + /** + * Create a hash on the specified data using the specified algorithm + * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @param {Uint8Array} data - Data to be hashed + * @returns {Promise} Hash value. + */ + digest: function(algo, data) { + switch (algo) { + case enums.hash.md5: + return this.md5(data); + case enums.hash.sha1: + return this.sha1(data); + case enums.hash.ripemd: + return this.ripemd(data); + case enums.hash.sha256: + return this.sha256(data); + case enums.hash.sha384: + return this.sha384(data); + case enums.hash.sha512: + return this.sha512(data); + case enums.hash.sha224: + return this.sha224(data); + case enums.hash.sha3_256: + return this.sha3_256(data); + case enums.hash.sha3_512: + return this.sha3_512(data); + default: + throw new Error('Unsupported hash function'); + } + }, + + /** + * Returns the hash size in bytes of the specified hash algorithm type + * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @returns {Integer} Size in bytes of the resulting hash. + */ + getHashByteLength: function(algo) { + switch (algo) { + case enums.hash.md5: + return 16; + case enums.hash.sha1: + case enums.hash.ripemd: + return 20; + case enums.hash.sha256: + return 32; + case enums.hash.sha384: + return 48; + case enums.hash.sha512: + return 64; + case enums.hash.sha224: + return 28; + case enums.hash.sha3_256: + return 32; + case enums.hash.sha3_512: + return 64; + default: + throw new Error('Invalid hash algorithm.'); + } + } +}; + +function isBytes$2(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes$1(b, ...lengths) { + if (!isBytes$2(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function exists$1(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output$1(out, instance) { + bytes$1(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */ +// Cast array to different type +const u8$1 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength); +const u32$2 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView$1 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// big-endian hardware is rare. Just in case someone still decides to run ciphers: +// early-throw an error because we don't support BE yet. +const isLE$1 = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +if (!isLE$1) + throw new Error('Non little-endian hardware is not supported'); +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$2(str) { + if (typeof str !== 'string') + throw new Error(`string expected, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes$1(data) { + if (typeof data === 'string') + data = utf8ToBytes$2(data); + else if (isBytes$2(data)) + data = copyBytes(data); + else + throw new Error(`Uint8Array expected, got ${typeof data}`); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$2(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes$1(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes$1(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @__NO_SIDE_EFFECTS__ + */ +const wrapCipher = (params, c) => { + Object.assign(c, params); + return c; +}; +// Polyfill for Safari 14 +function setBigUint64$1(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = 0; + const l = 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +// Is byte array aligned to 4 byte offset (u32)? +function isAligned32(bytes) { + return bytes.byteOffset % 4 === 0; +} +// copy bytes to new u8a (aligned). Because Buffer.slice is broken. +function copyBytes(bytes) { + return Uint8Array.from(bytes); +} +function clean(...arrays) { + for (let i = 0; i < arrays.length; i++) { + arrays[i].fill(0); + } +} + +// GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV. +// Implemented in terms of GHash with conversion function for keys +// GCM GHASH from NIST SP800-38d, SIV from RFC 8452. +// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf +// GHASH modulo: x^128 + x^7 + x^2 + x + 1 +// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1 +const BLOCK_SIZE$1 = 16; +// TODO: rewrite +// temporary padding buffer +const ZEROS16 = /* @__PURE__ */ new Uint8Array(16); +const ZEROS32 = u32$2(ZEROS16); +const POLY$1 = 0xe1; // v = 2*v % POLY +// v = 2*v % POLY +// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x +// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor) +const mul2$1 = (s0, s1, s2, s3) => { + const hiBit = s3 & 1; + return { + s3: (s2 << 31) | (s3 >>> 1), + s2: (s1 << 31) | (s2 >>> 1), + s1: (s0 << 31) | (s1 >>> 1), + s0: (s0 >>> 1) ^ ((POLY$1 << 24) & -(hiBit & 1)), // reduce % poly + }; +}; +const swapLE = (n) => (((n >>> 0) & 0xff) << 24) | + (((n >>> 8) & 0xff) << 16) | + (((n >>> 16) & 0xff) << 8) | + ((n >>> 24) & 0xff) | + 0; +/** + * `mulX_POLYVAL(ByteReverse(H))` from spec + * @param k mutated in place + */ +function _toGHASHKey(k) { + k.reverse(); + const hiBit = k[15] & 1; + // k >>= 1 + let carry = 0; + for (let i = 0; i < k.length; i++) { + const t = k[i]; + k[i] = (t >>> 1) | carry; + carry = (t & 1) << 7; + } + k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000; + return k; +} +const estimateWindow = (bytes) => { + if (bytes > 64 * 1024) + return 8; + if (bytes > 1024) + return 4; + return 2; +}; +class GHASH { + // We select bits per window adaptively based on expectedLength + constructor(key, expectedLength) { + this.blockLen = BLOCK_SIZE$1; + this.outputLen = BLOCK_SIZE$1; + this.s0 = 0; + this.s1 = 0; + this.s2 = 0; + this.s3 = 0; + this.finished = false; + key = toBytes$1(key); + bytes$1(key, 16); + const kView = createView$1(key); + let k0 = kView.getUint32(0, false); + let k1 = kView.getUint32(4, false); + let k2 = kView.getUint32(8, false); + let k3 = kView.getUint32(12, false); + // generate table of doubled keys (half of montgomery ladder) + const doubles = []; + for (let i = 0; i < 128; i++) { + doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) }); + ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2$1(k0, k1, k2, k3)); + } + const W = estimateWindow(expectedLength || 1024); + if (![1, 2, 4, 8].includes(W)) + throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`); + this.W = W; + const bits = 128; // always 128 bits; + const windows = bits / W; + const windowSize = (this.windowSize = 2 ** W); + const items = []; + // Create precompute table for window of W bits + for (let w = 0; w < windows; w++) { + // truth table: 00, 01, 10, 11 + for (let byte = 0; byte < windowSize; byte++) { + // prettier-ignore + let s0 = 0, s1 = 0, s2 = 0, s3 = 0; + for (let j = 0; j < W; j++) { + const bit = (byte >>> (W - j - 1)) & 1; + if (!bit) + continue; + const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j]; + (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3); + } + items.push({ s0, s1, s2, s3 }); + } + } + this.t = items; + } + _updateBlock(s0, s1, s2, s3) { + (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3); + const { W, t, windowSize } = this; + // prettier-ignore + let o0 = 0, o1 = 0, o2 = 0, o3 = 0; + const mask = (1 << W) - 1; // 2**W will kill performance. + let w = 0; + for (const num of [s0, s1, s2, s3]) { + for (let bytePos = 0; bytePos < 4; bytePos++) { + const byte = (num >>> (8 * bytePos)) & 0xff; + for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) { + const bit = (byte >>> (W * bitPos)) & mask; + const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit]; + (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3); + w += 1; + } + } + } + this.s0 = o0; + this.s1 = o1; + this.s2 = o2; + this.s3 = o3; + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + const left = data.length % BLOCK_SIZE$1; + for (let i = 0; i < blocks; i++) { + this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]); + clean(ZEROS32); // clean tmp buffer + } + return this; + } + destroy() { + const { t } = this; + // clean precompute table + for (const elm of t) { + (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0); + } + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out; + } + digest() { + const res = new Uint8Array(BLOCK_SIZE$1); + this.digestInto(res); + this.destroy(); + return res; + } +} +class Polyval extends GHASH { + constructor(key, expectedLength) { + key = toBytes$1(key); + const ghKey = _toGHASHKey(copyBytes(key)); + super(ghKey, expectedLength); + clean(ghKey); + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const left = data.length % BLOCK_SIZE$1; + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + for (let i = 0; i < blocks; i++) { + this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0])); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0])); + clean(ZEROS32); + } + return this; + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + // tmp ugly hack + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out.reverse(); + } +} +function wrapConstructorWithKey(hashCons) { + const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes$1(msg)).digest(); + const tmp = hashCons(new Uint8Array(16), 0); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (key, expectedLength) => hashCons(key, expectedLength); + return hashC; +} +const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength)); +wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength)); + +// prettier-ignore +/* +AES (Advanced Encryption Standard) aka Rijndael block cipher. + +Data is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round: +1. **S-box**, table substitution +2. **Shift rows**, cyclic shift left of all rows of data array +3. **Mix columns**, multiplying every column by fixed polynomial +4. **Add round key**, round_key xor i-th column of array + +Resources: +- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf +- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf +*/ +const BLOCK_SIZE = 16; +const BLOCK_SIZE32 = 4; +const EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE); +const POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8 +// TODO: remove multiplication, binary ops only +function mul2(n) { + return (n << 1) ^ (POLY & -(n >> 7)); +} +function mul(a, b) { + let res = 0; + for (; b > 0; b >>= 1) { + // Montgomery ladder + res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time). + a = mul2(a); // a = 2*a + } + return res; +} +// AES S-box is generated using finite field inversion, +// an affine transform, and xor of a constant 0x63. +const sbox = /* @__PURE__ */ (() => { + const t = new Uint8Array(256); + for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x)) + t[i] = x; + const box = new Uint8Array(256); + box[0] = 0x63; // first elm + for (let i = 0; i < 255; i++) { + let x = t[255 - i]; + x |= x << 8; + box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff; + } + clean(t); + return box; +})(); +// Inverted S-box +const invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j)); +// Rotate u32 by 8 +const rotr32_8 = (n) => (n << 24) | (n >>> 8); +const rotl32_8 = (n) => (n << 8) | (n >>> 24); +// The byte swap operation for uint32 (LE<->BE) +const byteSwap$1 = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes: +// - LE instead of BE +// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23; +// so index is u16, instead of u8. This speeds up things, unexpectedly +function genTtable(sbox, fn) { + if (sbox.length !== 256) + throw new Error('Wrong sbox length'); + const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j])); + const T1 = T0.map(rotl32_8); + const T2 = T1.map(rotl32_8); + const T3 = T2.map(rotl32_8); + const T01 = new Uint32Array(256 * 256); + const T23 = new Uint32Array(256 * 256); + const sbox2 = new Uint16Array(256 * 256); + for (let i = 0; i < 256; i++) { + for (let j = 0; j < 256; j++) { + const idx = i * 256 + j; + T01[idx] = T0[i] ^ T1[j]; + T23[idx] = T2[i] ^ T3[j]; + sbox2[idx] = (sbox[i] << 8) | sbox[j]; + } + } + return { sbox, sbox2, T0, T1, T2, T3, T01, T23 }; +} +const tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2)); +const tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14)); +const xPowers = /* @__PURE__ */ (() => { + const p = new Uint8Array(16); + for (let i = 0, x = 1; i < 16; i++, x = mul2(x)) + p[i] = x; + return p; +})(); +function expandKeyLE(key) { + bytes$1(key); + const len = key.length; + if (![16, 24, 32].includes(len)) + throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`); + const { sbox2 } = tableEncoding; + const toClean = []; + if (!isAligned32(key)) + toClean.push((key = copyBytes(key))); + const k32 = u32$2(key); + const Nk = k32.length; + const subByte = (n) => applySbox(sbox2, n, n, n, n); + const xk = new Uint32Array(len + 28); // expanded key + xk.set(k32); + // 4.3.1 Key expansion + for (let i = Nk; i < xk.length; i++) { + let t = xk[i - 1]; + if (i % Nk === 0) + t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1]; + else if (Nk > 6 && i % Nk === 4) + t = subByte(t); + xk[i] = xk[i - Nk] ^ t; + } + clean(...toClean); + return xk; +} +function expandKeyDecLE(key) { + const encKey = expandKeyLE(key); + const xk = encKey.slice(); + const Nk = encKey.length; + const { sbox2 } = tableEncoding; + const { T0, T1, T2, T3 } = tableDecoding; + // Inverse key by chunks of 4 (rounds) + for (let i = 0; i < Nk; i += 4) { + for (let j = 0; j < 4; j++) + xk[i + j] = encKey[Nk - i - 4 + j]; + } + clean(encKey); + // apply InvMixColumn except first & last round + for (let i = 4; i < Nk - 4; i++) { + const x = xk[i]; + const w = applySbox(sbox2, x, x, x, x); + xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24]; + } + return xk; +} +// Apply tables +function apply0123(T01, T23, s0, s1, s2, s3) { + return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^ + T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]); +} +function applySbox(sbox2, s0, s1, s2, s3) { + return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] | + (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16)); +} +function encrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableEncoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // last round (without mixcolumns, so using SBOX2 table) + const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different +function decrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableDecoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // Last round + const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +function getDst(len, dst) { + if (dst === undefined) + return new Uint8Array(len); + bytes$1(dst); + if (dst.length < len) + throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`); + if (!isAligned32(dst)) + throw new Error('unaligned dst'); + return dst; +} +// TODO: investigate merging with ctr32 +function ctrCounter(xk, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const ctr = nonce; + const c32 = u32$2(ctr); + // Fill block (empty, ctr=0) + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + // Full 128 bit counter with wrap around + let carry = 1; + for (let i = ctr.length - 1; i >= 0; i--) { + carry = (carry + (ctr[i] & 0xff)) | 0; + ctr[i] = carry & 0xff; + carry >>>= 8; + } + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than block) + // It's possible to handle > u32 fast, but is it worth it? + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +// AES CTR with overflowing 32 bit counter +// It's possible to do 32le significantly simpler (and probably faster) by using u32. +// But, we need both, and perf bottleneck is in ghash anyway. +function ctr32(xk, isLE, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + dst = getDst(src.length, dst); + const ctr = nonce; // write new value to nonce, so it can be re-used + const c32 = u32$2(ctr); + const view = createView$1(ctr); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const ctrPos = isLE ? 0 : 12; + const srcLen = src.length; + // Fill block (empty, ctr=0) + let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + ctrNum = (ctrNum + 1) >>> 0; // u32 wrap + view.setUint32(ctrPos, ctrNum, isLE); + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than a block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +/** + * CTR: counter mode. Creates stream cipher. + * Requires good IV. Parallelizable. OK, but no MAC. + */ +const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) { + bytes$1(key); + bytes$1(nonce, BLOCK_SIZE); + function processCtr(buf, dst) { + bytes$1(buf); + if (dst !== undefined) { + bytes$1(dst); + if (!isAligned32(dst)) + throw new Error('unaligned destination'); + } + const xk = expandKeyLE(key); + const n = copyBytes(nonce); // align + avoid changing + const toClean = [xk, n]; + if (!isAligned32(buf)) + toClean.push((buf = copyBytes(buf))); + const out = ctrCounter(xk, n, buf, dst); + clean(...toClean); + return out; + } + return { + encrypt: (plaintext, dst) => processCtr(plaintext, dst), + decrypt: (ciphertext, dst) => processCtr(ciphertext, dst), + }; +}); +function validateBlockDecrypt(data) { + bytes$1(data); + if (data.length % BLOCK_SIZE !== 0) { + throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`); + } +} +function validateBlockEncrypt(plaintext, pcks5, dst) { + bytes$1(plaintext); + let outLen = plaintext.length; + const remaining = outLen % BLOCK_SIZE; + if (!pcks5 && remaining !== 0) + throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding'); + if (!isAligned32(plaintext)) + plaintext = copyBytes(plaintext); + const b = u32$2(plaintext); + if (pcks5) { + let left = BLOCK_SIZE - remaining; + if (!left) + left = BLOCK_SIZE; // if no bytes left, create empty padding block + outLen = outLen + left; + } + const out = getDst(outLen, dst); + const o = u32$2(out); + return { b, o, out }; +} +function validatePCKS(data, pcks5) { + if (!pcks5) + return data; + const len = data.length; + if (!len) + throw new Error('aes/pcks5: empty ciphertext not allowed'); + const lastByte = data[len - 1]; + if (lastByte <= 0 || lastByte > 16) + throw new Error('aes/pcks5: wrong padding'); + const out = data.subarray(0, -lastByte); + for (let i = 0; i < lastByte; i++) + if (data[len - i - 1] !== lastByte) + throw new Error('aes/pcks5: wrong padding'); + return out; +} +function padPCKS(left) { + const tmp = new Uint8Array(16); + const tmp32 = u32$2(tmp); + tmp.set(left); + const paddingByte = BLOCK_SIZE - left.length; + for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++) + tmp[i] = paddingByte; + return tmp32; +} +/** + * CBC: Cipher-Block-Chaining. Key is previous round’s block. + * Fragile: needs proper padding. Unauthenticated: needs MAC. + */ +const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) { + bytes$1(key); + bytes$1(iv, 16); + const pcks5 = !opts.disablePadding; + return { + encrypt(plaintext, dst) { + const xk = expandKeyLE(key); + const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + let i = 0; + for (; i + 4 <= b.length;) { + (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + if (pcks5) { + const tmp32 = padPCKS(plaintext.subarray(i * 4)); + (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + clean(...toClean); + return _out; + }, + decrypt(ciphertext, dst) { + validateBlockDecrypt(ciphertext); + const xk = expandKeyDecLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + const out = getDst(ciphertext.length, dst); + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const b = u32$2(ciphertext); + const o = u32$2(out); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= b.length;) { + // prettier-ignore + const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3; + (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]); + const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt$6(xk, s0, s1, s2, s3); + (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3); + } + clean(...toClean); + return validatePCKS(out, pcks5); + }, + }; +}); +/** + * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output. + * Unauthenticated: needs MAC. + */ +const cfb$1 = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) { + bytes$1(key); + bytes$1(iv, 16); + function processCfb(src, isEncrypt, dst) { + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const xk = expandKeyLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + if (!isAligned32(src)) + toClean.push((src = copyBytes(src))); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const next32 = isEncrypt ? dst32 : src32; + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= src32.length;) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt$6(xk, s0, s1, s2, s3); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]); + } + // leftovers (less than block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + const buf = u8$1(new Uint32Array([s0, s1, s2, s3])); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(buf); + } + clean(...toClean); + return dst; + } + return { + encrypt: (plaintext, dst) => processCfb(plaintext, true, dst), + decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst), + }; +}); +// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen +function computeTag(fn, isLE, key, data, AAD) { + const aadLength = AAD == null ? 0 : AAD.length; + const h = fn.create(key, data.length + aadLength); + if (AAD) + h.update(AAD); + h.update(data); + const num = new Uint8Array(16); + const view = createView$1(num); + if (AAD) + setBigUint64$1(view, 0, BigInt(aadLength * 8), isLE); + setBigUint64$1(view, 8, BigInt(data.length * 8), isLE); + h.update(num); + const res = h.digest(); + clean(num); + return res; +} +/** + * GCM: Galois/Counter Mode. + * Modern, parallel version of CTR, with MAC. + * Be careful: MACs can be forged. + * Unsafe to use random nonces under the same key, due to collision chance. + * As for nonce size, prefer 12-byte, instead of 8-byte. + */ +const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) { + bytes$1(key); + bytes$1(nonce); + if (AAD !== undefined) + bytes$1(AAD); + // NIST 800-38d doesn't enforce minimum nonce length. + // We enforce 8 bytes for compat with openssl. + // 12 bytes are recommended. More than 12 bytes would be converted into 12. + if (nonce.length < 8) + throw new Error('aes/gcm: invalid nonce length'); + const tagLength = 16; + function _computeTag(authKey, tagMask, data) { + const tag = computeTag(ghash, false, authKey, data, AAD); + for (let i = 0; i < tagMask.length; i++) + tag[i] ^= tagMask[i]; + return tag; + } + function deriveKeys() { + const xk = expandKeyLE(key); + const authKey = EMPTY_BLOCK.slice(); + const counter = EMPTY_BLOCK.slice(); + ctr32(xk, false, counter, counter, authKey); + // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces + if (nonce.length === 12) { + counter.set(nonce); + } + else { + const nonceLen = EMPTY_BLOCK.slice(); + const view = createView$1(nonceLen); + setBigUint64$1(view, 8, BigInt(nonce.length * 8), false); + // ghash(nonce || u64be(0) || u64be(nonceLen*8)) + const g = ghash.create(authKey).update(nonce).update(nonceLen); + g.digestInto(counter); // digestInto doesn't trigger '.destroy' + g.destroy(); + } + const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK); + return { xk, authKey, counter, tagMask }; + } + return { + encrypt(plaintext) { + bytes$1(plaintext); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const out = new Uint8Array(plaintext.length + tagLength); + const toClean = [xk, authKey, counter, tagMask]; + if (!isAligned32(plaintext)) + toClean.push((plaintext = copyBytes(plaintext))); + ctr32(xk, false, counter, plaintext, out); + const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength)); + toClean.push(tag); + out.set(tag, plaintext.length); + clean(...toClean); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + if (ciphertext.length < tagLength) + throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const toClean = [xk, authKey, tagMask, counter]; + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const data = ciphertext.subarray(0, -tagLength); + const passedTag = ciphertext.subarray(-tagLength); + const tag = _computeTag(authKey, tagMask, data); + toClean.push(tag); + if (!equalBytes$1(tag, passedTag)) + throw new Error('aes/gcm: invalid ghash tag'); + const out = ctr32(xk, false, counter, data); + clean(...toClean); + return out; + }, + }; +}); +function isBytes32(a) { + return (a != null && + typeof a === 'object' && + (a instanceof Uint32Array || a.constructor.name === 'Uint32Array')); +} +function encryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_encryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = encrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +function decryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_decryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = decrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +/** + * AES-W (base for AESKW/AESKWP). + * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf), + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/). + */ +const AESW = { + /* + High-level pseudocode: + ``` + A: u64 = IV + out = [] + for (let i=0, ctr = 0; i<6; i++) { + for (const chunk of chunks(plaintext, 8)) { + A ^= swapEndianess(ctr++) + [A, res] = chunks(encrypt(A || chunk), 8); + out ||= res + } + } + out = A || out + ``` + Decrypt is the same, but reversed. + */ + encrypt(kek, out) { + // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints. + // If you need it larger, open an issue. + if (out.length >= 2 ** 32) + throw new Error('plaintext should be less than 4gb'); + const xk = expandKeyLE(kek); + if (out.length === 16) + encryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = 1; j < 6; j++) { + for (let pos = 2; pos < o32.length; pos += 2, ctr++) { + const { s0, s1, s2, s3 } = encrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + // A = MSB(64, B) ^ t where t = (n*j)+i + (a0 = s0), (a1 = s1 ^ byteSwap$1(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); // out = A || out + } + xk.fill(0); + }, + decrypt(kek, out) { + if (out.length - 8 >= 2 ** 32) + throw new Error('ciphertext should be less than 4gb'); + const xk = expandKeyDecLE(kek); + const chunks = out.length / 8 - 1; // first chunk is IV + if (chunks === 1) + decryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = chunks * 6; j < 6; j++) { + for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) { + a1 ^= byteSwap$1(ctr); + const { s0, s1, s2, s3 } = decrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); + } + xk.fill(0); + }, +}; +const AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6 +/** + * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times. + * Reduces block size from 16 to 8 bytes. + * For padded version, use aeskwp. + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + */ +const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({ + encrypt(plaintext) { + bytes$1(plaintext); + if (!plaintext.length || plaintext.length % 8 !== 0) + throw new Error('invalid plaintext length'); + if (plaintext.length === 8) + throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead'); + const out = concatBytes$2(AESKW_IV, plaintext); + AESW.encrypt(kek, out); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + // ciphertext must be at least 24 bytes and a multiple of 8 bytes + // 24 because should have at least two block (1 iv + 2). + // Replace with 16 to enable '8-byte keys' + if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8) + throw new Error('invalid ciphertext length'); + const out = copyBytes(ciphertext); + AESW.decrypt(kek, out); + if (!equalBytes$1(out.subarray(0, 8), AESKW_IV)) + throw new Error('integrity check failed'); + out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway + return out.subarray(8); + }, +})); +// Private, unsafe low-level methods. Can change at any time. +const unsafe = { + expandKeyLE, + expandKeyDecLE, + encrypt: encrypt$6, + decrypt: decrypt$6, + encryptBlock, + decryptBlock, + ctrCounter, + ctr32, +}; + +// Modified by ProtonTech AG + + +const webCrypto$9 = util.getWebCrypto(); +const nodeCrypto$8 = util.getNodeCrypto(); + +const knownAlgos = nodeCrypto$8 ? nodeCrypto$8.getCiphers() : []; +const nodeAlgos = { + idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ + tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, + cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, + blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, + aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, + aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, + aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined + /* twofish is not implemented in OpenSSL */ +}; + +/** + * CFB encryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} plaintext + * @param {Uint8Array} iv + * @param {Object} config - full configuration, defaults to openpgp.config + * @returns MaybeStream + */ +async function encrypt$5(algo, key, plaintext, iv, config) { + const algoName = enums.read(enums.symmetric, algo); + if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. + return nodeEncrypt$1(algo, key, plaintext, iv); + } + if (util.isAES(algo)) { + return aesEncrypt(algo, key, plaintext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; + + const blockc = iv.slice(); + let pt = new Uint8Array(); + const process = chunk => { + if (chunk) { + pt = util.concatUint8Array([pt, chunk]); + } + const ciphertext = new Uint8Array(pt.length); + let i; + let j = 0; + while (chunk ? pt.length >= block_size : pt.length) { + const encblock = cipherfn.encrypt(blockc); + for (i = 0; i < block_size; i++) { + blockc[i] = pt[i] ^ encblock[i]; + ciphertext[j++] = blockc[i]; + } + pt = pt.subarray(block_size); + } + return ciphertext.subarray(0, j); + }; + return transform(plaintext, process, process); +} + +/** + * CFB decryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} ciphertext + * @param {Uint8Array} iv + * @returns MaybeStream + */ +async function decrypt$5(algo, key, ciphertext, iv) { + const algoName = enums.read(enums.symmetric, algo); + if (nodeCrypto$8 && nodeAlgos[algoName]) { // Node crypto library. + return nodeDecrypt$1(algo, key, ciphertext, iv); + } + if (util.isAES(algo)) { + return aesDecrypt(algo, key, ciphertext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; + + let blockp = iv; + let ct = new Uint8Array(); + const process = chunk => { + if (chunk) { + ct = util.concatUint8Array([ct, chunk]); + } + const plaintext = new Uint8Array(ct.length); + let i; + let j = 0; + while (chunk ? ct.length >= block_size : ct.length) { + const decblock = cipherfn.encrypt(blockp); + blockp = ct.subarray(0, block_size); + for (i = 0; i < block_size; i++) { + plaintext[j++] = blockp[i] ^ decblock[i]; + } + ct = ct.subarray(block_size); + } + return plaintext.subarray(0, j); + }; + return transform(ciphertext, process, process); +} + +class WebCryptoEncryptor { + constructor(algo, key, iv) { + const { blockSize } = getCipherParams(algo); + this.key = key; + this.prevBlock = iv; + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + this.zeroBlock = new Uint8Array(this.blockSize); + } + + static async isSupported(algo) { + const { keySize } = getCipherParams(algo); + return webCrypto$9.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt']) + .then(() => true, () => false); + } + + async _runCBC(plaintext, nonZeroIV) { + const mode = 'AES-CBC'; + this.keyRef = this.keyRef || await webCrypto$9.importKey('raw', this.key, mode, false, ['encrypt']); + const ciphertext = await webCrypto$9.encrypt( + { name: mode, iv: nonZeroIV || this.zeroBlock }, + this.keyRef, + plaintext + ); + return new Uint8Array(ciphertext).subarray(0, plaintext.length); + } + + async encryptChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const plaintext = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + const toEncrypt = util.concatUint8Array([ + this.prevBlock, + plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block "early", since we only need to xor the plaintext and pass it over as prevBlock + ]); + + const encryptedBlocks = await this._runCBC(toEncrypt); + xorMut$1(encryptedBlocks, plaintext); + this.prevBlock = encryptedBlocks.slice(-this.blockSize); + + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; + + return encryptedBlocks; + } + + this.i += added.length; + let encryptedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + const curBlock = this.nextBlock; + encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + this.prevBlock = encryptedBlock.slice(); + this.i = 0; + + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + encryptedBlock = new Uint8Array(); + } + + return encryptedBlock; + } + + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + this.nextBlock = this.nextBlock.subarray(0, this.i); + const curBlock = this.nextBlock; + const encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + result = encryptedBlock.subarray(0, curBlock.length); + } + + this.clearSensitiveData(); + return result; + } + + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.keyRef = null; + this.key = null; + } + + async encrypt(plaintext) { + // plaintext is internally padded to block length before encryption + const encryptedWithPadding = await this._runCBC( + util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]), + this.iv + ); + // drop encrypted padding + const ct = encryptedWithPadding.subarray(0, plaintext.length); + xorMut$1(ct, plaintext); + this.clearSensitiveData(); + return ct; + } +} + +class NobleStreamProcessor { + constructor(forEncryption, algo, key, iv) { + this.forEncryption = forEncryption; + const { blockSize } = getCipherParams(algo); + this.key = unsafe.expandKeyLE(key); + + if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers + this.prevBlock = getUint32Array(iv); + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + } + + _runCFB(src) { + const src32 = getUint32Array(src); + const dst = new Uint8Array(src.length); + const dst32 = getUint32Array(dst); + for (let i = 0; i + 4 <= dst32.length; i += 4) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = unsafe.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4); + } + return dst; + } + + async processChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const toProcess = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + + const processedBlocks = this._runCFB(toProcess); + + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; + + return processedBlocks; + } + + this.i += added.length; + + let processedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + processedBlock = this._runCFB(this.nextBlock); + this.i = 0; + + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + processedBlock = new Uint8Array(); + } + + return processedBlock; + } + + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + const processedBlock = this._runCFB(this.nextBlock); + + result = processedBlock.subarray(0, this.i); + } + + this.clearSensitiveData(); + return result; + } + + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.key.fill(0); + } +} + + +async function aesEncrypt(algo, key, pt, iv) { + if (webCrypto$9 && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys + const cfb = new WebCryptoEncryptor(algo, key, iv); + return util.isStream(pt) ? transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt); + } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream + const cfb = new NobleStreamProcessor(true, algo, key, iv); + return transform(pt, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).encrypt(pt); +} + +async function aesDecrypt(algo, key, ct, iv) { + if (util.isStream(ct)) { + const cfb = new NobleStreamProcessor(false, algo, key, iv); + return transform(ct, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).decrypt(ct); +} + +function xorMut$1(a, b) { + const aLength = Math.min(a.length, b.length); + for (let i = 0; i < aLength; i++) { + a[i] = a[i] ^ b[i]; + } +} + +const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); + +function nodeEncrypt$1(algo, key, pt, iv) { + const algoName = enums.read(enums.symmetric, algo); + const cipherObj = new nodeCrypto$8.createCipheriv(nodeAlgos[algoName], key, iv); + return transform(pt, value => new Uint8Array(cipherObj.update(value))); +} + +function nodeDecrypt$1(algo, key, ct, iv) { + const algoName = enums.read(enums.symmetric, algo); + const decipherObj = new nodeCrypto$8.createDecipheriv(nodeAlgos[algoName], key, iv); + return transform(ct, value => new Uint8Array(decipherObj.update(value))); +} + +var cfb = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$5, + encrypt: encrypt$5 +}); + +/** + * @fileoverview This module implements AES-CMAC on top of + * native AES-CBC using either the WebCrypto API or Node.js' crypto API. + * @module crypto/cmac + */ + + +const webCrypto$8 = util.getWebCrypto(); +const nodeCrypto$7 = util.getNodeCrypto(); + + +/** + * This implementation of CMAC is based on the description of OMAC in + * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that + * document: + * + * We have made a small modification to the OMAC algorithm as it was + * originally presented, changing one of its two constants. + * Specifically, the constant 4 at line 85 was the constant 1/2 (the + * multiplicative inverse of 2) in the original definition of OMAC [14]. + * The OMAC authors indicate that they will promulgate this modification + * [15], which slightly simplifies implementations. + */ + +const blockLength$3 = 16; + + +/** + * xor `padding` into the end of `data`. This function implements "the + * operation xor→ [which] xors the shorter string into the end of longer + * one". Since data is always as least as long as padding, we can + * simplify the implementation. + * @param {Uint8Array} data + * @param {Uint8Array} padding + */ +function rightXORMut(data, padding) { + const offset = data.length - blockLength$3; + for (let i = 0; i < blockLength$3; i++) { + data[i + offset] ^= padding[i]; + } + return data; +} + +function pad(data, padding, padding2) { + // if |M| in {n, 2n, 3n, ...} + if (data.length && data.length % blockLength$3 === 0) { + // then return M xor→ B, + return rightXORMut(data, padding); + } + // else return (M || 10^(n−1−(|M| mod n))) xor→ P + const padded = new Uint8Array(data.length + (blockLength$3 - (data.length % blockLength$3))); + padded.set(data); + padded[data.length] = 0b10000000; + return rightXORMut(padded, padding2); +} + +const zeroBlock$1 = new Uint8Array(blockLength$3); + +async function CMAC(key) { + const cbc = await CBC(key); + + // L ← E_K(0^n); B ← 2L; P ← 4L + const padding = util.double(await cbc(zeroBlock$1)); + const padding2 = util.double(padding); + + return async function(data) { + // return CBC_K(pad(M; B, P)) + return (await cbc(pad(data, padding, padding2))).subarray(-blockLength$3); + }; +} + +async function CBC(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt) { + const en = new nodeCrypto$7.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock$1); + const ct = en.update(pt); + return new Uint8Array(ct); + }; + } + + if (util.getWebCrypto()) { + try { + key = await webCrypto$8.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); + return async function(pt) { + const ct = await webCrypto$8.encrypt({ name: 'AES-CBC', iv: zeroBlock$1, length: blockLength$3 * 8 }, key, pt); + return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength$3); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } + + return async function(pt) { + return cbc(key, zeroBlock$1, { disablePadding: true }).encrypt(pt); + }; +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$7 = util.getWebCrypto(); +const nodeCrypto$6 = util.getNodeCrypto(); +const Buffer$2 = util.getNodeBuffer(); + + +const blockLength$2 = 16; +const ivLength$2 = blockLength$2; +const tagLength$2 = blockLength$2; + +const zero = new Uint8Array(blockLength$2); +const one$1 = new Uint8Array(blockLength$2); one$1[blockLength$2 - 1] = 1; +const two = new Uint8Array(blockLength$2); two[blockLength$2 - 1] = 2; + +async function OMAC(key) { + const cmac = await CMAC(key); + return function(t, message) { + return cmac(util.concatUint8Array([t, message])); + }; +} + +async function CTR(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt, iv) { + const en = new nodeCrypto$6.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); + const ct = Buffer$2.concat([en.update(pt), en.final()]); + return new Uint8Array(ct); + }; + } + + if (util.getWebCrypto()) { + try { + const keyRef = await webCrypto$7.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); + return async function(pt, iv) { + const ct = await webCrypto$7.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$2 * 8 }, keyRef, pt); + return new Uint8Array(ct); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } + + return async function(pt, iv) { + return ctr(key, iv).encrypt(pt); + }; +} + + +/** + * Class to en/decrypt using EAX mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function EAX(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('EAX mode supports only AES cipher'); + } + + const [ + omac, + ctr + ] = await Promise.all([ + OMAC(key), + CTR(key) + ]); + + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + const [ + omacNonce, + omacAdata + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata) + ]); + const ciphered = await ctr(plaintext, omacNonce); + const omacCiphered = await omac(two, ciphered); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + return util.concatUint8Array([ciphered, tag]); + }, + + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to verify + * @returns {Promise} The plaintext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$2) throw new Error('Invalid EAX ciphertext'); + const ciphered = ciphertext.subarray(0, -tagLength$2); + const ctTag = ciphertext.subarray(-tagLength$2); + const [ + omacNonce, + omacAdata, + omacCiphered + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata), + omac(two, ciphered) + ]); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); + const plaintext = await ctr(ciphered, omacNonce); + return plaintext; + } + }; +} + + +/** + * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. + * @param {Uint8Array} iv - The initialization vector (16 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +EAX.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[8 + i] ^= chunkIndex[i]; + } + return nonce; +}; + +EAX.blockLength = blockLength$2; +EAX.ivLength = ivLength$2; +EAX.tagLength = tagLength$2; + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const blockLength$1 = 16; +const ivLength$1 = 15; + +// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: +// While OCB [RFC7253] allows the authentication tag length to be of any +// number up to 128 bits long, this document requires a fixed +// authentication tag length of 128 bits (16 octets) for simplicity. +const tagLength$1 = 16; + + +function ntz(n) { + let ntz = 0; + for (let i = 1; (n & i) === 0; i <<= 1) { + ntz++; + } + return ntz; +} + +function xorMut(S, T) { + for (let i = 0; i < S.length; i++) { + S[i] ^= T[i]; + } + return S; +} + +function xor(S, T) { + return xorMut(S.slice(), T); +} + +const zeroBlock = new Uint8Array(blockLength$1); +const one = new Uint8Array([1]); + +/** + * Class to en/decrypt using OCB mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function OCB(cipher, key) { + const { keySize } = getCipherParams(cipher); + // sanity checks + if (!util.isAES(cipher) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } + + let maxNtz = 0; + + // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls, + // hence its execution cannot be broken up. + // As a result, WebCrypto cannot currently be used for `encipher`. + const aes = cbc(key, zeroBlock, { disablePadding: true }); + const encipher = block => aes.encrypt(block); + const decipher = block => aes.decrypt(block); + let mask; + + constructKeyVariables(); + + function constructKeyVariables() { + const mask_x = encipher(zeroBlock); + const mask_$ = util.double(mask_x); + mask = []; + mask[0] = util.double(mask_$); + + + mask.x = mask_x; + mask.$ = mask_$; + } + + function extendKeyVariables(text, adata) { + const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$1 | 0) - 1; + for (let i = maxNtz + 1; i <= newMaxNtz; i++) { + mask[i] = util.double(mask[i - 1]); + } + maxNtz = newMaxNtz; + } + + function hash(adata) { + if (!adata.length) { + // Fast path + return zeroBlock; + } + + // + // Consider A as a sequence of 128-bit blocks + // + const m = adata.length / blockLength$1 | 0; + + const offset = new Uint8Array(blockLength$1); + const sum = new Uint8Array(blockLength$1); + for (let i = 0; i < m; i++) { + xorMut(offset, mask[ntz(i + 1)]); + xorMut(sum, encipher(xor(offset, adata))); + adata = adata.subarray(blockLength$1); + } + + // + // Process any final partial block; compute final hash value + // + if (adata.length) { + xorMut(offset, mask.x); + + const cipherInput = new Uint8Array(blockLength$1); + cipherInput.set(adata, 0); + cipherInput[adata.length] = 0b10000000; + xorMut(cipherInput, offset); + + xorMut(sum, encipher(cipherInput)); + } + + return sum; + } + + /** + * Encrypt/decrypt data. + * @param {encipher|decipher} fn - Encryption/decryption block cipher function + * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. + */ + function crypt(fn, text, nonce, adata) { + // + // Consider P as a sequence of 128-bit blocks + // + const m = text.length / blockLength$1 | 0; + + // + // Key-dependent variables + // + extendKeyVariables(text, adata); + + // + // Nonce-dependent and per-encryption variables + // + // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N + // Note: We assume here that tagLength mod 16 == 0. + const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength$1 - nonce.length), one, nonce]); + // bottom = str2num(Nonce[123..128]) + const bottom = paddedNonce[blockLength$1 - 1] & 0b111111; + // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) + paddedNonce[blockLength$1 - 1] &= 0b11000000; + const kTop = encipher(paddedNonce); + // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) + const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); + // Offset_0 = Stretch[1+bottom..128+bottom] + const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); + // Checksum_0 = zeros(128) + const checksum = new Uint8Array(blockLength$1); + + const ct = new Uint8Array(text.length + tagLength$1); + + // + // Process any whole blocks + // + let i; + let pos = 0; + for (i = 0; i < m; i++) { + // Offset_i = Offset_{i-1} xor L_{ntz(i)} + xorMut(offset, mask[ntz(i + 1)]); + // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) + // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) + ct.set(xorMut(fn(xor(offset, text)), offset), pos); + // Checksum_i = Checksum_{i-1} xor P_i + xorMut(checksum, fn === encipher ? text : ct.subarray(pos)); + + text = text.subarray(blockLength$1); + pos += blockLength$1; + } + + // + // Process any final partial block and compute raw tag + // + if (text.length) { + // Offset_* = Offset_m xor L_* + xorMut(offset, mask.x); + // Pad = ENCIPHER(K, Offset_*) + const padding = encipher(offset); + // C_* = P_* xor Pad[1..bitlen(P_*)] + ct.set(xor(text, padding), pos); + + // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) + const xorInput = new Uint8Array(blockLength$1); + xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); + xorInput[text.length] = 0b10000000; + xorMut(checksum, xorInput); + pos += text.length; + } + // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) + const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata)); + + // + // Assemble ciphertext + // + // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] + ct.set(tag, pos); + return ct; + } + + + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + return crypt(encipher, plaintext, nonce, adata); + }, + + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); + + const tag = ciphertext.subarray(-tagLength$1); + ciphertext = ciphertext.subarray(0, -tagLength$1); + + const crypted = crypt(decipher, ciphertext, nonce, adata); + // if (Tag[1..TAGLEN] == T) + if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { + return crypted.subarray(0, -tagLength$1); + } + throw new Error('Authentication tag mismatch'); + } + }; +} + + +/** + * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. + * @param {Uint8Array} iv - The initialization vector (15 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +OCB.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[7 + i] ^= chunkIndex[i]; + } + return nonce; +}; + +OCB.blockLength = blockLength$1; +OCB.ivLength = ivLength$1; +OCB.tagLength = tagLength$1; + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$6 = util.getWebCrypto(); +const nodeCrypto$5 = util.getNodeCrypto(); +const Buffer$1 = util.getNodeBuffer(); + +const blockLength = 16; +const ivLength = 12; // size of the IV in bytes +const tagLength = 16; // size of the tag in bytes +const ALGO = 'AES-GCM'; + +/** + * Class to en/decrypt using GCM mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function GCM(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('GCM mode supports only AES cipher'); + } + + if (util.getNodeCrypto()) { // Node crypto library + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + const en = new nodeCrypto$5.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + en.setAAD(adata); + const ct = Buffer$1.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext + return new Uint8Array(ct); + }, + + decrypt: async function(ct, iv, adata = new Uint8Array()) { + const de = new nodeCrypto$5.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + de.setAAD(adata); + de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext + const pt = Buffer$1.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]); + return new Uint8Array(pt); + } + }; + } + + if (util.getWebCrypto()) { + try { + const _key = await webCrypto$6.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); + // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages + const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/) || + navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/); + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && !pt.length) { + return gcm(key, iv, adata).encrypt(pt); + } + const ct = await webCrypto$6.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt); + return new Uint8Array(ct); + }, + + decrypt: async function(ct, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) { + return gcm(key, iv, adata).decrypt(ct); + } + try { + const pt = await webCrypto$6.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct); + return new Uint8Array(pt); + } catch (e) { + if (e.name === 'OperationError') { + throw new Error('Authentication tag mismatch'); + } + } + } + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } + + return { + encrypt: async function(pt, iv, adata) { + return gcm(key, iv, adata).encrypt(pt); + }, + + decrypt: async function(ct, iv, adata) { + return gcm(key, iv, adata).decrypt(ct); + } + }; +} + + +/** + * Get GCM nonce. Note: this operation is not defined by the standard. + * A future version of the standard may define GCM mode differently, + * hopefully under a different ID (we use Private/Experimental algorithm + * ID 100) so that we can maintain backwards compatibility. + * @param {Uint8Array} iv - The initialization vector (12 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +GCM.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[4 + i] ^= chunkIndex[i]; + } + return nonce; +}; + +GCM.blockLength = blockLength; +GCM.ivLength = ivLength; +GCM.tagLength = tagLength; + +/** + * @fileoverview Cipher modes + * @module crypto/mode + */ + + +var mode = { + /** @see module:crypto/mode/cfb */ + cfb: cfb, + /** @see module:crypto/mode/gcm */ + gcm: GCM, + experimentalGCM: GCM, + /** @see module:crypto/mode/eax */ + eax: EAX, + /** @see module:crypto/mode/ocb */ + ocb: OCB +}; + +// Operations are not constant time, but we try and limit timing leakage where we can +const _0n$8 = BigInt(0); +const _1n$d = BigInt(1); +function uint8ArrayToBigInt(bytes) { + const hexAlphabet = '0123456789ABCDEF'; + let s = ''; + bytes.forEach(v => { + s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; + }); + return BigInt('0x0' + s); +} +function mod$2(a, m) { + const reduced = a % m; + return reduced < _0n$8 ? reduced + m : reduced; +} +/** + * Compute modular exponentiation using square and multiply + * @param {BigInt} a - Base + * @param {BigInt} e - Exponent + * @param {BigInt} n - Modulo + * @returns {BigInt} b ** e mod n. + */ +function modExp(b, e, n) { + if (n === _0n$8) + throw Error('Modulo cannot be zero'); + if (n === _1n$d) + return BigInt(0); + if (e < _0n$8) + throw Error('Unsopported negative exponent'); + let exp = e; + let x = b; + x %= n; + let r = BigInt(1); + while (exp > _0n$8) { + const lsb = exp & _1n$d; + exp >>= _1n$d; // e / 2 + // Always compute multiplication step, to reduce timing leakage + const rx = (r * x) % n; + // Update r only if lsb is 1 (odd exponent) + r = lsb ? rx : r; + x = (x * x) % n; // Square + } + return r; +} +function abs(x) { + return x >= _0n$8 ? x : -x; +} +/** + * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) + * Given a and b, compute (x, y) such that ax + by = gdc(a, b). + * Negative numbers are also supported. + * @param {BigInt} a - First operand + * @param {BigInt} b - Second operand + * @returns {{ gcd, x, y: bigint }} + */ +function _egcd(aInput, bInput) { + let x = BigInt(0); + let y = BigInt(1); + let xPrev = BigInt(1); + let yPrev = BigInt(0); + // Deal with negative numbers: run algo over absolute values, + // and "move" the sign to the returned x and/or y. + // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers + let a = abs(aInput); + let b = abs(bInput); + const aNegated = aInput < _0n$8; + const bNegated = bInput < _0n$8; + while (b !== _0n$8) { + const q = a / b; + let tmp = x; + x = xPrev - q * x; + xPrev = tmp; + tmp = y; + y = yPrev - q * y; + yPrev = tmp; + tmp = b; + b = a % b; + a = tmp; + } + return { + x: aNegated ? -xPrev : xPrev, + y: bNegated ? -yPrev : yPrev, + gcd: a + }; +} +/** + * Compute the inverse of `a` modulo `n` + * Note: `a` and and `n` must be relatively prime + * @param {BigInt} a + * @param {BigInt} n - Modulo + * @returns {BigInt} x such that a*x = 1 mod n + * @throws {Error} if the inverse does not exist + */ +function modInv(a, n) { + const { gcd, x } = _egcd(a, n); + if (gcd !== _1n$d) { + throw new Error('Inverse does not exist'); + } + return mod$2(x + n, n); +} +/** + * Compute greatest common divisor between this and n + * @param {BigInt} aInput - Operand + * @param {BigInt} bInput - Operand + * @returns {BigInt} gcd + */ +function gcd(aInput, bInput) { + let a = aInput; + let b = bInput; + while (b !== _0n$8) { + const tmp = b; + b = a % b; + a = tmp; + } + return a; +} +/** + * Get this value as an exact Number (max 53 bits) + * Fails if this value is too large + * @returns {Number} + */ +function bigIntToNumber(x) { + const number = Number(x); + if (number > Number.MAX_SAFE_INTEGER) { + // We throw and error to conform with the bn.js implementation + throw new Error('Number can only safely store up to 53 bits'); + } + return number; +} +/** + * Get value of i-th bit + * @param {BigInt} x + * @param {Number} i - Bit index + * @returns {Number} Bit value. + */ +function getBit(x, i) { + const bit = (x >> BigInt(i)) & _1n$d; + return bit === _0n$8 ? 0 : 1; +} +/** + * Compute bit length + */ +function bitLength(x) { + // -1n >> -1n is -1n + // 1n >> 1n is 0n + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + let bitlen = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _1n$d) !== target) { + bitlen++; + } + return bitlen; +} +/** + * Compute byte length + */ +function byteLength(x) { + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + const _8n = BigInt(8); + let len = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _8n) !== target) { + len++; + } + return len; +} +/** + * Get Uint8Array representation of this number + * @param {String} endian - Endianess of output array (defaults to 'be') + * @param {Number} length - Of output array + * @returns {Uint8Array} + */ +function bigIntToUint8Array(x, endian = 'be', length) { + // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) + // this is faster than shift+mod iterations + let hex = x.toString(16); + if (hex.length % 2 === 1) { + hex = '0' + hex; + } + const rawLength = hex.length / 2; + const bytes = new Uint8Array(length || rawLength); + // parse hex + const offset = length ? length - rawLength : 0; + let i = 0; + while (i < rawLength) { + bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); + i++; + } + if (endian !== 'be') { + bytes.reverse(); + } + return bytes; +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const nodeCrypto$4 = util.getNodeCrypto(); + +/** + * Retrieve secure random byte array of the specified length + * @param {Integer} length - Length in bytes to generate + * @returns {Uint8Array} Random byte array. + */ +function getRandomBytes(length) { + const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto$4?.webcrypto; + if (webcrypto?.getRandomValues) { + const buf = new Uint8Array(length); + return webcrypto.getRandomValues(buf); + } else { + throw new Error('No secure random number generator available.'); + } +} + +/** + * Create a secure random BigInt that is greater than or equal to min and less than max. + * @param {bigint} min - Lower bound, included + * @param {bigint} max - Upper bound, excluded + * @returns {bigint} Random BigInt. + * @async + */ +function getRandomBigInteger(min, max) { + if (max < min) { + throw new Error('Illegal parameter value: max <= min'); + } + + const modulus = max - min; + const bytes = byteLength(modulus); + + // Using a while loop is necessary to avoid bias introduced by the mod operation. + // However, we request 64 extra random bits so that the bias is negligible. + // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8)); + return mod$2(r, modulus) + min; +} + +var random = /*#__PURE__*/Object.freeze({ + __proto__: null, + getRandomBigInteger: getRandomBigInteger, + getRandomBytes: getRandomBytes +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +/** + * @fileoverview Algorithms for probabilistic random prime generation + * @module crypto/public_key/prime + */ +const _1n$c = BigInt(1); +/** + * Generate a probably prime random number + * @param bits - Bit length of the prime + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function randomProbablePrime(bits, e, k) { + const _30n = BigInt(30); + const min = _1n$c << BigInt(bits - 1); + /* + * We can avoid any multiples of 3 and 5 by looking at n mod 30 + * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 + * the next possible prime is mod 30: + * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 + */ + const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; + let n = getRandomBigInteger(min, min << _1n$c); + let i = bigIntToNumber(mod$2(n, _30n)); + do { + n += BigInt(adds[i]); + i = (i + adds[i]) % adds.length; + // If reached the maximum, go back to the minimum. + if (bitLength(n) > bits) { + n = mod$2(n, min << _1n$c); + n += min; + i = bigIntToNumber(mod$2(n, _30n)); + } + } while (!isProbablePrime(n, e, k)); + return n; +} +/** + * Probabilistic primality testing + * @param n - Number to test + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function isProbablePrime(n, e, k) { + if (e && gcd(n - _1n$c, e) !== _1n$c) { + return false; + } + if (!divisionTest(n)) { + return false; + } + if (!fermat(n)) { + return false; + } + if (!millerRabin(n, k)) { + return false; + } + // TODO implement the Lucas test + // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + return true; +} +/** + * Tests whether n is probably prime or not using Fermat's test with b = 2. + * Fails if b^(n-1) mod n != 1. + * @param n - Number to test + * @param b - Optional Fermat test base + */ +function fermat(n, b = BigInt(2)) { + return modExp(b, n - _1n$c, n) === _1n$c; +} +function divisionTest(n) { + const _0n = BigInt(0); + return smallPrimes.every(m => mod$2(n, m) !== _0n); +} +// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c +const smallPrimes = [ + 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +].map(n => BigInt(n)); +// Miller-Rabin - Miller Rabin algorithm for primality test +// Copyright Fedor Indutny, 2014. +// +// This software is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. +// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin +// Sample syntax for Fixed-Base Miller-Rabin: +// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) +/** + * Tests whether n is probably prime or not using the Miller-Rabin test. + * See HAC Remark 4.28. + * @param n - Number to test + * @param k - Optional number of iterations of Miller-Rabin test + * @param rand - Optional function to generate potential witnesses + * @returns {boolean} + * @async + */ +function millerRabin(n, k, rand) { + const len = bitLength(n); + if (!k) { + k = Math.max(1, (len / 48) | 0); + } + const n1 = n - _1n$c; // n - 1 + // Find d and s, (n - 1) = (2 ^ s) * d; + let s = 0; + while (!getBit(n1, s)) { + s++; + } + const d = n >> BigInt(s); + for (; k > 0; k--) { + const a = getRandomBigInteger(BigInt(2), n1); + let x = modExp(a, d, n); + if (x === _1n$c || x === n1) { + continue; + } + let i; + for (i = 1; i < s; i++) { + x = mod$2(x * x, n); + if (x === _1n$c) { + return false; + } + if (x === n1) { + break; + } + } + if (i === s) { + return false; + } + } + return true; +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * ASN1 object identifiers for hashes + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} + */ +const hash_headers = []; +hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, + 0x10]; +hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; +hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; +hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20]; +hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, + 0x04, 0x30]; +hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40]; +hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, + 0x00, 0x04, 0x1C]; + +/** + * Create padding with secure random data + * @private + * @param {Integer} length - Length of the padding in bytes + * @returns {Uint8Array} Random padding. + */ +function getPKCS1Padding(length) { + const result = new Uint8Array(length); + let count = 0; + while (count < length) { + const randomBytes = getRandomBytes(length - count); + for (let i = 0; i < randomBytes.length; i++) { + if (randomBytes[i] !== 0) { + result[count++] = randomBytes[i]; + } + } + } + return result; +} + +/** + * Create a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} + * @param {Uint8Array} message - Message to be encoded + * @param {Integer} keyLength - The length in octets of the key modulus + * @returns {Uint8Array} EME-PKCS1 padded message. + */ +function emeEncode(message, keyLength) { + const mLength = message.length; + // length checking + if (mLength > keyLength - 11) { + throw new Error('Message too long'); + } + // Generate an octet string PS of length k - mLen - 3 consisting of + // pseudo-randomly generated nonzero octets + const PS = getPKCS1Padding(keyLength - mLength - 3); + // Concatenate PS, the message M, and other padding to form an + // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. + const encoded = new Uint8Array(keyLength); + // 0x00 byte + encoded[1] = 2; + encoded.set(PS, 2); + // 0x00 bytes + encoded.set(message, keyLength - mLength); + return encoded; +} + +/** + * Decode a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} + * @param {Uint8Array} encoded - Encoded message bytes + * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) + * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) + * @throws {Error} on decoding failure, unless `randomPayload` is provided + */ +function emeDecode(encoded, randomPayload) { + // encoded format: 0x00 0x02 0x00 + let offset = 2; + let separatorNotFound = 1; + for (let j = offset; j < encoded.length; j++) { + separatorNotFound &= encoded[j] !== 0; + offset += separatorNotFound; + } + + const psLen = offset - 2; + const payload = encoded.subarray(offset + 1); // discard the 0x00 separator + const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; + + if (randomPayload) { + return util.selectUint8Array(isValidPadding, payload, randomPayload); + } + + if (isValidPadding) { + return payload; + } + + throw new Error('Decryption error'); +} + +/** + * Create a EMSA-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} + * @param {Integer} algo - Hash algorithm type used + * @param {Uint8Array} hashed - Message to be encoded + * @param {Integer} emLen - Intended length in octets of the encoded message + * @returns {Uint8Array} Encoded message. + */ +function emsaEncode(algo, hashed, emLen) { + let i; + if (hashed.length !== hash$1.getHashByteLength(algo)) { + throw new Error('Invalid hash length'); + } + // produce an ASN.1 DER value for the hash function used. + // Let T be the full hash prefix + const hashPrefix = new Uint8Array(hash_headers[algo].length); + for (i = 0; i < hash_headers[algo].length; i++) { + hashPrefix[i] = hash_headers[algo][i]; + } + // and let tLen be the length in octets prefix and hashed data + const tLen = hashPrefix.length + hashed.length; + if (emLen < tLen + 11) { + throw new Error('Intended encoded message length too short'); + } + // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF + // The length of PS will be at least 8 octets + const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); + + // Concatenate PS, the hash prefix, hashed data, and other padding to form the + // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed + const EM = new Uint8Array(emLen); + EM[1] = 0x01; + EM.set(PS, 2); + EM.set(hashPrefix, emLen - tLen); + EM.set(hashed, emLen - hashed.length); + return EM; +} + +var pkcs1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + emeDecode: emeDecode, + emeEncode: emeEncode, + emsaEncode: emsaEncode +}); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$5 = util.getWebCrypto(); +const nodeCrypto$3 = util.getNodeCrypto(); +const _1n$b = BigInt(1); + +/** Create signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} hashed - Hashed message + * @returns {Promise} RSA Signature. + * @async + */ +async function sign$6(hashAlgo, data, n, e, d, p, q, u, hashed) { + if (hash$1.getHashByteLength(hashAlgo) >= n.length) { + // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error + // e.g. if a 512-bit RSA key is used with a SHA-512 digest. + // The size limit is actually slightly different but here we only care about throwing + // on common key sizes. + throw new Error('Digest size cannot exceed key modulus size'); + } + + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webSign$1(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeSign$1(hashAlgo, data, n, e, d, p, q, u); + } + } + return bnSign(hashAlgo, n, d, hashed); +} + +/** + * Verify signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} s - Signature + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} hashed - Hashed message + * @returns {Boolean} + * @async + */ +async function verify$6(hashAlgo, data, s, n, e, hashed) { + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webVerify$1(enums.read(enums.webHash, hashAlgo), data, s, n, e); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeVerify$1(hashAlgo, data, s, n, e); + } + } + return bnVerify(hashAlgo, s, n, e, hashed); +} + +/** + * Encrypt message + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @returns {Promise} RSA Ciphertext. + * @async + */ +async function encrypt$4(data, n, e) { + if (util.getNodeCrypto()) { + return nodeEncrypt(data, n, e); + } + return bnEncrypt(data, n, e); +} + +/** + * Decrypt RSA message + * @param {Uint8Array} m - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} RSA Plaintext. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$4(data, n, e, d, p, q, u, randomPayload) { + // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, + // and we want to avoid checking the error type to decide if the random payload + // should indeed be returned. + if (util.getNodeCrypto() && !randomPayload) { + try { + return await nodeDecrypt(data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } + return bnDecrypt(data, n, e, d, p, q, u, randomPayload); +} + +/** + * Generate a new random private key B bits long with public exponent E. + * + * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using + * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. + * @see module:crypto/public_key/prime + * @param {Integer} bits - RSA bit length + * @param {Integer} e - RSA public exponent + * @returns {{n, e, d, + * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, + * RSA private prime p, RSA private prime q, u = p ** -1 mod q + * @async + */ +async function generate$4(bits, e) { + e = BigInt(e); + + // Native RSA keygen using Web Crypto + if (util.getWebCrypto()) { + const keyGenOpt = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: bits, // the specified keysize in bits + publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent + hash: { + name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' + } + }; + const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); + + // export the generated keys as JsonWebKey (JWK) + // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 + const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); + // map JWK parameters to corresponding OpenPGP names + return jwkToPrivate(jwk, e); + } else if (util.getNodeCrypto()) { + const opts = { + modulusLength: bits, + publicExponent: bigIntToNumber(e), + publicKeyEncoding: { type: 'pkcs1', format: 'jwk' }, + privateKeyEncoding: { type: 'pkcs1', format: 'jwk' } + }; + const jwk = await new Promise((resolve, reject) => { + nodeCrypto$3.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => { + if (err) { + reject(err); + } else { + resolve(jwkPrivateKey); + } + }); + }); + return jwkToPrivate(jwk, e); + } + + // RSA keygen fallback using 40 iterations of the Miller-Rabin test + // See https://stackoverflow.com/a/6330138 for justification + // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST + let p; + let q; + let n; + do { + q = randomProbablePrime(bits - (bits >> 1), e, 40); + p = randomProbablePrime(bits >> 1, e, 40); + n = p * q; + } while (bitLength(n) !== bits); + + const phi = (p - _1n$b) * (q - _1n$b); + + if (q < p) { + [p, q] = [q, p]; + } + + return { + n: bigIntToUint8Array(n), + e: bigIntToUint8Array(e), + d: bigIntToUint8Array(modInv(e, phi)), + p: bigIntToUint8Array(p), + q: bigIntToUint8Array(q), + // dp: d.mod(p.subn(1)), + // dq: d.mod(q.subn(1)), + u: bigIntToUint8Array(modInv(p, q)) + }; +} + +/** + * Validate RSA parameters + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA inverse of p w.r.t. q + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$9(n, e, d, p, q, u) { + n = uint8ArrayToBigInt(n); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + + // expect pq = n + if ((p * q) !== n) { + return false; + } + + const _2n = BigInt(2); + // expect p*u = 1 mod q + u = uint8ArrayToBigInt(u); + if (mod$2(p * u, q) !== BigInt(1)) { + return false; + } + + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + /** + * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) + * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] + * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] + * + * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) + */ + const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3)); + const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q + const rde = r * d * e; + + const areInverses = mod$2(rde, p - _1n$b) === r && mod$2(rde, q - _1n$b) === r; + if (!areInverses) { + return false; + } + + return true; +} + +async function bnSign(hashAlgo, n, d, hashed) { + n = uint8ArrayToBigInt(n); + const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n))); + d = uint8ArrayToBigInt(d); + return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n)); +} + +async function webSign$1(hashName, data, n, e, d, p, q, u) { + /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. + * We swap them in privateToJWK, so it usually works out, but nevertheless, + * not all OpenPGP keys are compatible with this requirement. + * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still + * does if the underlying Web Crypto does so (though the tested implementations + * don't do so). + */ + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const algo = { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }; + const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); + return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); +} + +async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) { + const sign = nodeCrypto$3.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(data); + sign.end(); + + const jwk = await privateToJWK$1(n, e, d, p, q, u); + return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' })); +} + +async function bnVerify(hashAlgo, s, n, e, hashed) { + n = uint8ArrayToBigInt(n); + s = uint8ArrayToBigInt(s); + e = uint8ArrayToBigInt(e); + if (s >= n) { + throw new Error('Signature size cannot exceed modulus size'); + } + const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n)); + const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n)); + return util.equalsUint8Array(EM1, EM2); +} + +async function webVerify$1(hashName, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = await webCrypto$5.importKey('jwk', jwk, { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }, false, ['verify']); + return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); +} + +async function nodeVerify$1(hashAlgo, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1' }; + + const verify = nodeCrypto$3.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(data); + verify.end(); + + try { + return verify.verify(key, s); + } catch (err) { + return false; + } +} + +async function nodeEncrypt(data, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; + + return new Uint8Array(nodeCrypto$3.publicEncrypt(key, data)); +} + +async function bnEncrypt(data, n, e) { + n = uint8ArrayToBigInt(n); + data = uint8ArrayToBigInt(emeEncode(data, byteLength(n))); + e = uint8ArrayToBigInt(e); + if (data >= n) { + throw new Error('Message size cannot exceed modulus size'); + } + return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n)); +} + +async function nodeDecrypt(data, n, e, d, p, q, u) { + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; + + try { + return new Uint8Array(nodeCrypto$3.privateDecrypt(key, data)); + } catch (err) { + throw new Error('Decryption error'); + } +} + +async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { + data = uint8ArrayToBigInt(data); + n = uint8ArrayToBigInt(n); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + u = uint8ArrayToBigInt(u); + if (data >= n) { + throw new Error('Data too large.'); + } + const dq = mod$2(d, q - _1n$b); // d mod (q-1) + const dp = mod$2(d, p - _1n$b); // d mod (p-1) + + const unblinder = getRandomBigInteger(BigInt(2), n); + const blinder = modExp(modInv(unblinder, n), e, n); + data = mod$2(data * blinder, n); + + const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p + const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q + const h = mod$2(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q) + + let result = h * p + mp; // result < n due to relations above + + result = mod$2(result * unblinder, n); + + return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload); +} + +/** Convert Openpgp private key params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + * @param {Uint8Array} d + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} u + */ +async function privateToJWK$1(n, e, d, p, q, u) { + const pNum = uint8ArrayToBigInt(p); + const qNum = uint8ArrayToBigInt(q); + const dNum = uint8ArrayToBigInt(d); + + let dq = mod$2(dNum, qNum - _1n$b); // d mod (q-1) + let dp = mod$2(dNum, pNum - _1n$b); // d mod (p-1) + dp = bigIntToUint8Array(dp); + dq = bigIntToUint8Array(dq); + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + d: uint8ArrayToB64(d), + // switch p and q + p: uint8ArrayToB64(q), + q: uint8ArrayToB64(p), + // switch dp and dq + dp: uint8ArrayToB64(dq), + dq: uint8ArrayToB64(dp), + qi: uint8ArrayToB64(u), + ext: true + }; +} + +/** Convert Openpgp key public params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + */ +function publicToJWK(n, e) { + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + ext: true + }; +} + +/** Convert JWK private key to OpenPGP private key params */ +function jwkToPrivate(jwk, e) { + return { + n: b64ToUint8Array(jwk.n), + e: bigIntToUint8Array(e), + d: b64ToUint8Array(jwk.d), + // switch p and q + p: b64ToUint8Array(jwk.q), + q: b64ToUint8Array(jwk.p), + // Since p and q are switched in places, u is the inverse of jwk.q + u: b64ToUint8Array(jwk.qi) + }; +} + +var rsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$4, + encrypt: encrypt$4, + generate: generate$4, + sign: sign$6, + validateParams: validateParams$9, + verify: verify$6 +}); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const _1n$a = BigInt(1); + +/** + * ElGamal Encryption function + * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) + * @param {Uint8Array} data - To be padded and encrypted + * @param {Uint8Array} p + * @param {Uint8Array} g + * @param {Uint8Array} y + * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} + * @async + */ +async function encrypt$3(data, p, g, y) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + + const padded = emeEncode(data, byteLength(p)); + const m = uint8ArrayToBigInt(padded); + + // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* + // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] + const k = getRandomBigInteger(_1n$a, p - _1n$a); + return { + c1: bigIntToUint8Array(modExp(g, k, p)), + c2: bigIntToUint8Array(mod$2(modExp(y, k, p) * m, p)) + }; +} + +/** + * ElGamal Encryption function + * @param {Uint8Array} c1 + * @param {Uint8Array} c2 + * @param {Uint8Array} p + * @param {Uint8Array} x + * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} Unpadded message. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$3(c1, c2, p, x, randomPayload) { + c1 = uint8ArrayToBigInt(c1); + c2 = uint8ArrayToBigInt(c2); + p = uint8ArrayToBigInt(p); + x = uint8ArrayToBigInt(x); + + const padded = mod$2(modInv(modExp(c1, x, p), p) * c2, p); + return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload); +} + +/** + * Validate ElGamal parameters + * @param {Uint8Array} p - ElGamal prime + * @param {Uint8Array} g - ElGamal group generator + * @param {Uint8Array} y - ElGamal public key + * @param {Uint8Array} x - ElGamal private exponent + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$8(p, g, y, x) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + + // Check that 1 < g < p + if (g <= _1n$a || g >= p) { + return false; + } + + // Expect p-1 to be large + const pSize = BigInt(bitLength(p)); + const _1023n = BigInt(1023); + if (pSize < _1023n) { + return false; + } + + /** + * g should have order p-1 + * Check that g ** (p-1) = 1 mod p + */ + if (modExp(g, p - _1n$a, p) !== _1n$a) { + return false; + } + + /** + * Since p-1 is not prime, g might have a smaller order that divides p-1 + * We want to make sure that the order is large enough to hinder a small subgroup attack + * + * We just check g**i != 1 for all i up to a threshold + */ + let res = g; + let i = BigInt(1); + const _2n = BigInt(2); + const threshold = _2n << BigInt(17); // we want order > threshold + while (i < threshold) { + res = mod$2(res * g, p); + if (res === _1n$a) { + return false; + } + i++; + } + + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{r(p-1) + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const r = getRandomBigInteger(_2n << (pSize - _1n$a), _2n << pSize); // draw r of same size as p-1 + const rqx = (p - _1n$a) * r + x; + if (y !== modExp(g, rqx, p)) { + return false; + } + + return true; +} + +var elgamal = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$3, + encrypt: encrypt$3, + validateParams: validateParams$8 +}); + +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// See utils.ts for details. +const crypto$3 = + nc__namespace && typeof nc__namespace === 'object' && 'webcrypto' in nc__namespace ? nc__namespace.webcrypto : undefined; + +const nacl = {}; + +// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. +// Public domain. +// +// Implementation derived from TweetNaCl version 20140427. +// See for details: http://tweetnacl.cr.yp.to/ + +var gf = function(init) { + var i, r = new Float64Array(16); + if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; + return r; +}; + +// Pluggable, initialized in high-level API below. +var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; + +var _9 = new Uint8Array(32); _9[0] = 9; + +var gf0 = gf(), + gf1 = gf([1]), + _121665 = gf([0xdb41, 1]), + D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), + D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), + X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), + Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), + I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); + +function ts64(x, i, h, l) { + x[i] = (h >> 24) & 0xff; + x[i+1] = (h >> 16) & 0xff; + x[i+2] = (h >> 8) & 0xff; + x[i+3] = h & 0xff; + x[i+4] = (l >> 24) & 0xff; + x[i+5] = (l >> 16) & 0xff; + x[i+6] = (l >> 8) & 0xff; + x[i+7] = l & 0xff; +} + +function vn(x, xi, y, yi, n) { + var i,d = 0; + for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; + return (1 & ((d - 1) >>> 8)) - 1; +} + +function crypto_verify_32(x, xi, y, yi) { + return vn(x,xi,y,yi,32); +} + +function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) r[i] = a[i]|0; +} + +function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; i++) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c-1 + 37 * (c-1); +} + +function sel25519(p, q, b) { + var t, c = ~(b-1); + for (var i = 0; i < 16; i++) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; + } +} + +function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; i++) t[i] = n[i]; + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; j++) { + m[0] = t[0] - 0xffed; + for (i = 1; i < 15; i++) { + m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); + m[i-1] &= 0xffff; + } + m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); + b = (m[15]>>16) & 1; + m[14] &= 0xffff; + sel25519(t, m, 1-b); + } + for (i = 0; i < 16; i++) { + o[2*i] = t[i] & 0xff; + o[2*i+1] = t[i]>>8; + } +} + +function neq25519(a, b) { + var c = new Uint8Array(32), d = new Uint8Array(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); +} + +function par25519(a) { + var d = new Uint8Array(32); + pack25519(d, a); + return d[0] & 1; +} + +function unpack25519(o, n) { + var i; + for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); + o[15] &= 0x7fff; +} + +function A(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; +} + +function Z(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; +} + +function M(o, a, b) { + var v, c, + t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, + t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, + t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, + t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, + b0 = b[0], + b1 = b[1], + b2 = b[2], + b3 = b[3], + b4 = b[4], + b5 = b[5], + b6 = b[6], + b7 = b[7], + b8 = b[8], + b9 = b[9], + b10 = b[10], + b11 = b[11], + b12 = b[12], + b13 = b[13], + b14 = b[14], + b15 = b[15]; + + v = a[0]; + t0 += v * b0; + t1 += v * b1; + t2 += v * b2; + t3 += v * b3; + t4 += v * b4; + t5 += v * b5; + t6 += v * b6; + t7 += v * b7; + t8 += v * b8; + t9 += v * b9; + t10 += v * b10; + t11 += v * b11; + t12 += v * b12; + t13 += v * b13; + t14 += v * b14; + t15 += v * b15; + v = a[1]; + t1 += v * b0; + t2 += v * b1; + t3 += v * b2; + t4 += v * b3; + t5 += v * b4; + t6 += v * b5; + t7 += v * b6; + t8 += v * b7; + t9 += v * b8; + t10 += v * b9; + t11 += v * b10; + t12 += v * b11; + t13 += v * b12; + t14 += v * b13; + t15 += v * b14; + t16 += v * b15; + v = a[2]; + t2 += v * b0; + t3 += v * b1; + t4 += v * b2; + t5 += v * b3; + t6 += v * b4; + t7 += v * b5; + t8 += v * b6; + t9 += v * b7; + t10 += v * b8; + t11 += v * b9; + t12 += v * b10; + t13 += v * b11; + t14 += v * b12; + t15 += v * b13; + t16 += v * b14; + t17 += v * b15; + v = a[3]; + t3 += v * b0; + t4 += v * b1; + t5 += v * b2; + t6 += v * b3; + t7 += v * b4; + t8 += v * b5; + t9 += v * b6; + t10 += v * b7; + t11 += v * b8; + t12 += v * b9; + t13 += v * b10; + t14 += v * b11; + t15 += v * b12; + t16 += v * b13; + t17 += v * b14; + t18 += v * b15; + v = a[4]; + t4 += v * b0; + t5 += v * b1; + t6 += v * b2; + t7 += v * b3; + t8 += v * b4; + t9 += v * b5; + t10 += v * b6; + t11 += v * b7; + t12 += v * b8; + t13 += v * b9; + t14 += v * b10; + t15 += v * b11; + t16 += v * b12; + t17 += v * b13; + t18 += v * b14; + t19 += v * b15; + v = a[5]; + t5 += v * b0; + t6 += v * b1; + t7 += v * b2; + t8 += v * b3; + t9 += v * b4; + t10 += v * b5; + t11 += v * b6; + t12 += v * b7; + t13 += v * b8; + t14 += v * b9; + t15 += v * b10; + t16 += v * b11; + t17 += v * b12; + t18 += v * b13; + t19 += v * b14; + t20 += v * b15; + v = a[6]; + t6 += v * b0; + t7 += v * b1; + t8 += v * b2; + t9 += v * b3; + t10 += v * b4; + t11 += v * b5; + t12 += v * b6; + t13 += v * b7; + t14 += v * b8; + t15 += v * b9; + t16 += v * b10; + t17 += v * b11; + t18 += v * b12; + t19 += v * b13; + t20 += v * b14; + t21 += v * b15; + v = a[7]; + t7 += v * b0; + t8 += v * b1; + t9 += v * b2; + t10 += v * b3; + t11 += v * b4; + t12 += v * b5; + t13 += v * b6; + t14 += v * b7; + t15 += v * b8; + t16 += v * b9; + t17 += v * b10; + t18 += v * b11; + t19 += v * b12; + t20 += v * b13; + t21 += v * b14; + t22 += v * b15; + v = a[8]; + t8 += v * b0; + t9 += v * b1; + t10 += v * b2; + t11 += v * b3; + t12 += v * b4; + t13 += v * b5; + t14 += v * b6; + t15 += v * b7; + t16 += v * b8; + t17 += v * b9; + t18 += v * b10; + t19 += v * b11; + t20 += v * b12; + t21 += v * b13; + t22 += v * b14; + t23 += v * b15; + v = a[9]; + t9 += v * b0; + t10 += v * b1; + t11 += v * b2; + t12 += v * b3; + t13 += v * b4; + t14 += v * b5; + t15 += v * b6; + t16 += v * b7; + t17 += v * b8; + t18 += v * b9; + t19 += v * b10; + t20 += v * b11; + t21 += v * b12; + t22 += v * b13; + t23 += v * b14; + t24 += v * b15; + v = a[10]; + t10 += v * b0; + t11 += v * b1; + t12 += v * b2; + t13 += v * b3; + t14 += v * b4; + t15 += v * b5; + t16 += v * b6; + t17 += v * b7; + t18 += v * b8; + t19 += v * b9; + t20 += v * b10; + t21 += v * b11; + t22 += v * b12; + t23 += v * b13; + t24 += v * b14; + t25 += v * b15; + v = a[11]; + t11 += v * b0; + t12 += v * b1; + t13 += v * b2; + t14 += v * b3; + t15 += v * b4; + t16 += v * b5; + t17 += v * b6; + t18 += v * b7; + t19 += v * b8; + t20 += v * b9; + t21 += v * b10; + t22 += v * b11; + t23 += v * b12; + t24 += v * b13; + t25 += v * b14; + t26 += v * b15; + v = a[12]; + t12 += v * b0; + t13 += v * b1; + t14 += v * b2; + t15 += v * b3; + t16 += v * b4; + t17 += v * b5; + t18 += v * b6; + t19 += v * b7; + t20 += v * b8; + t21 += v * b9; + t22 += v * b10; + t23 += v * b11; + t24 += v * b12; + t25 += v * b13; + t26 += v * b14; + t27 += v * b15; + v = a[13]; + t13 += v * b0; + t14 += v * b1; + t15 += v * b2; + t16 += v * b3; + t17 += v * b4; + t18 += v * b5; + t19 += v * b6; + t20 += v * b7; + t21 += v * b8; + t22 += v * b9; + t23 += v * b10; + t24 += v * b11; + t25 += v * b12; + t26 += v * b13; + t27 += v * b14; + t28 += v * b15; + v = a[14]; + t14 += v * b0; + t15 += v * b1; + t16 += v * b2; + t17 += v * b3; + t18 += v * b4; + t19 += v * b5; + t20 += v * b6; + t21 += v * b7; + t22 += v * b8; + t23 += v * b9; + t24 += v * b10; + t25 += v * b11; + t26 += v * b12; + t27 += v * b13; + t28 += v * b14; + t29 += v * b15; + v = a[15]; + t15 += v * b0; + t16 += v * b1; + t17 += v * b2; + t18 += v * b3; + t19 += v * b4; + t20 += v * b5; + t21 += v * b6; + t22 += v * b7; + t23 += v * b8; + t24 += v * b9; + t25 += v * b10; + t26 += v * b11; + t27 += v * b12; + t28 += v * b13; + t29 += v * b14; + t30 += v * b15; + + t0 += 38 * t16; + t1 += 38 * t17; + t2 += 38 * t18; + t3 += 38 * t19; + t4 += 38 * t20; + t5 += 38 * t21; + t6 += 38 * t22; + t7 += 38 * t23; + t8 += 38 * t24; + t9 += 38 * t25; + t10 += 38 * t26; + t11 += 38 * t27; + t12 += 38 * t28; + t13 += 38 * t29; + t14 += 38 * t30; + // t15 left as is + + // first car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); + + // second car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); + + o[ 0] = t0; + o[ 1] = t1; + o[ 2] = t2; + o[ 3] = t3; + o[ 4] = t4; + o[ 5] = t5; + o[ 6] = t6; + o[ 7] = t7; + o[ 8] = t8; + o[ 9] = t9; + o[10] = t10; + o[11] = t11; + o[12] = t12; + o[13] = t13; + o[14] = t14; + o[15] = t15; +} + +function S(o, a) { + M(o, a, a); +} + +function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 253; a >= 0; a--) { + S(c, c); + if(a !== 2 && a !== 4) M(c, c, i); + } + for (a = 0; a < 16; a++) o[a] = c[a]; +} + +function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 250; a >= 0; a--) { + S(c, c); + if(a !== 1) M(c, c, i); + } + for (a = 0; a < 16; a++) o[a] = c[a]; +} + +function crypto_scalarmult(q, n, p) { + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; + } + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); + } + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; + } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; +} + +function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); +} + +function crypto_box_keypair(y, x) { + randombytes(x, 32); + return crypto_scalarmult_base(y, x); +} + +var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 +]; + +function crypto_hashblocks_hl(hh, hl, m, n) { + var wh = new Int32Array(16), wl = new Int32Array(16), + bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, + bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, + th, tl, i, j, h, l, a, b, c, d; + + var ah0 = hh[0], + ah1 = hh[1], + ah2 = hh[2], + ah3 = hh[3], + ah4 = hh[4], + ah5 = hh[5], + ah6 = hh[6], + ah7 = hh[7], + + al0 = hl[0], + al1 = hl[1], + al2 = hl[2], + al3 = hl[3], + al4 = hl[4], + al5 = hl[5], + al6 = hl[6], + al7 = hl[7]; + + var pos = 0; + while (n >= 128) { + for (i = 0; i < 16; i++) { + j = 8 * i + pos; + wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; + wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; + } + for (i = 0; i < 80; i++) { + bh0 = ah0; + bh1 = ah1; + bh2 = ah2; + bh3 = ah3; + bh4 = ah4; + bh5 = ah5; + bh6 = ah6; + bh7 = ah7; + + bl0 = al0; + bl1 = al1; + bl2 = al2; + bl3 = al3; + bl4 = al4; + bl5 = al5; + bl6 = al6; + bl7 = al7; + + // add + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma1 + h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); + l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Ch + h = (ah4 & ah5) ^ (~ah4 & ah6); + l = (al4 & al5) ^ (~al4 & al6); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // K + h = K[i*2]; + l = K[i*2+1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // w + h = wh[i%16]; + l = wl[i%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + th = c & 0xffff | d << 16; + tl = a & 0xffff | b << 16; + + // add + h = th; + l = tl; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma0 + h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); + l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Maj + h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); + l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + bh7 = (c & 0xffff) | (d << 16); + bl7 = (a & 0xffff) | (b << 16); + + // add + h = bh3; + l = bl3; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = th; + l = tl; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + bh3 = (c & 0xffff) | (d << 16); + bl3 = (a & 0xffff) | (b << 16); + + ah1 = bh0; + ah2 = bh1; + ah3 = bh2; + ah4 = bh3; + ah5 = bh4; + ah6 = bh5; + ah7 = bh6; + ah0 = bh7; + + al1 = bl0; + al2 = bl1; + al3 = bl2; + al4 = bl3; + al5 = bl4; + al6 = bl5; + al7 = bl6; + al0 = bl7; + + if (i%16 === 15) { + for (j = 0; j < 16; j++) { + // add + h = wh[j]; + l = wl[j]; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = wh[(j+9)%16]; + l = wl[(j+9)%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma0 + th = wh[(j+1)%16]; + tl = wl[(j+1)%16]; + h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); + l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma1 + th = wh[(j+14)%16]; + tl = wl[(j+14)%16]; + h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); + l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + wh[j] = (c & 0xffff) | (d << 16); + wl[j] = (a & 0xffff) | (b << 16); + } + } + } + + // add + h = ah0; + l = al0; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[0]; + l = hl[0]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[0] = ah0 = (c & 0xffff) | (d << 16); + hl[0] = al0 = (a & 0xffff) | (b << 16); + + h = ah1; + l = al1; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[1]; + l = hl[1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[1] = ah1 = (c & 0xffff) | (d << 16); + hl[1] = al1 = (a & 0xffff) | (b << 16); + + h = ah2; + l = al2; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[2]; + l = hl[2]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[2] = ah2 = (c & 0xffff) | (d << 16); + hl[2] = al2 = (a & 0xffff) | (b << 16); + + h = ah3; + l = al3; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[3]; + l = hl[3]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[3] = ah3 = (c & 0xffff) | (d << 16); + hl[3] = al3 = (a & 0xffff) | (b << 16); + + h = ah4; + l = al4; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[4]; + l = hl[4]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[4] = ah4 = (c & 0xffff) | (d << 16); + hl[4] = al4 = (a & 0xffff) | (b << 16); + + h = ah5; + l = al5; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[5]; + l = hl[5]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[5] = ah5 = (c & 0xffff) | (d << 16); + hl[5] = al5 = (a & 0xffff) | (b << 16); + + h = ah6; + l = al6; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[6]; + l = hl[6]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[6] = ah6 = (c & 0xffff) | (d << 16); + hl[6] = al6 = (a & 0xffff) | (b << 16); + + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[7]; + l = hl[7]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[7] = ah7 = (c & 0xffff) | (d << 16); + hl[7] = al7 = (a & 0xffff) | (b << 16); + + pos += 128; + n -= 128; + } + + return n; +} + +function crypto_hash(out, m, n) { + var hh = new Int32Array(8), + hl = new Int32Array(8), + x = new Uint8Array(256), + i, b = n; + + hh[0] = 0x6a09e667; + hh[1] = 0xbb67ae85; + hh[2] = 0x3c6ef372; + hh[3] = 0xa54ff53a; + hh[4] = 0x510e527f; + hh[5] = 0x9b05688c; + hh[6] = 0x1f83d9ab; + hh[7] = 0x5be0cd19; + + hl[0] = 0xf3bcc908; + hl[1] = 0x84caa73b; + hl[2] = 0xfe94f82b; + hl[3] = 0x5f1d36f1; + hl[4] = 0xade682d1; + hl[5] = 0x2b3e6c1f; + hl[6] = 0xfb41bd6b; + hl[7] = 0x137e2179; + + crypto_hashblocks_hl(hh, hl, m, n); + n %= 128; + + for (i = 0; i < n; i++) x[i] = m[b-n+i]; + x[n] = 128; + + n = 256-128*(n<112?1:0); + x[n-9] = 0; + ts64(x, n-8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(hh, hl, x, n); + + for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); + + return 0; +} + +function add$1(p, q) { + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(), + g = gf(), h = gf(), t = gf(); + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); + + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); +} + +function cswap(p, q, b) { + var i; + for (i = 0; i < 4; i++) { + sel25519(p[i], q[i], b); + } +} + +function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; +} + +function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = (s[(i/8)|0] >> (i&7)) & 1; + cswap(p, q, b); + add$1(q, p); + add$1(p, p); + cswap(p, q, b); + } +} + +function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); +} + +function crypto_sign_keypair(pk, sk, seeded) { + var d = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()]; + var i; + + if (!seeded) randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + + scalarbase(p, d); + pack(pk, p); + + for (i = 0; i < 32; i++) sk[i+32] = pk[i]; + return 0; +} + +var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); + +function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = Math.floor((x[j] + 128) / 256); + x[j] -= carry * 256; + } + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; j++) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; j++) x[j] -= carry * L[j]; + for (i = 0; i < 32; i++) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; + } +} + +function reduce(r) { + var x = new Float64Array(64), i; + for (i = 0; i < 64; i++) x[i] = r[i]; + for (i = 0; i < 64; i++) r[i] = 0; + modL(r, x); +} + +// Note: difference from C - smlen returned, not passed as argument. +function crypto_sign(sm, m, n, sk) { + var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; + + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + + var smlen = n + 64; + for (i = 0; i < n; i++) sm[64 + i] = m[i]; + for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; + + crypto_hash(r, sm.subarray(32), n+32); + reduce(r); + scalarbase(p, r); + pack(sm, p); + + for (i = 32; i < 64; i++) sm[i] = sk[i]; + crypto_hash(h, sm, n + 64); + reduce(h); + + for (i = 0; i < 64; i++) x[i] = 0; + for (i = 0; i < 32; i++) x[i] = r[i]; + for (i = 0; i < 32; i++) { + for (j = 0; j < 32; j++) { + x[i+j] += h[i] * d[j]; + } + } + + modL(sm.subarray(32), x); + return smlen; +} + +function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), + den = gf(), den2 = gf(), den4 = gf(), + den6 = gf(); + + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); + + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); + + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); + + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) M(r[0], r[0], I); + + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) return -1; + + if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); + + M(r[3], r[0], r[1]); + return 0; +} + +function crypto_sign_open(m, sm, n, pk) { + var i; + var t = new Uint8Array(32), h = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()], + q = [gf(), gf(), gf(), gf()]; + + if (n < 64) return -1; + + if (unpackneg(q, pk)) return -1; + + for (i = 0; i < n; i++) m[i] = sm[i]; + for (i = 0; i < 32; i++) m[i+32] = pk[i]; + crypto_hash(h, m, n); + reduce(h); + scalarmult(p, q, h); + + scalarbase(q, sm.subarray(32)); + add$1(p, q); + pack(t, p); + + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; i++) m[i] = 0; + return -1; + } + + for (i = 0; i < n; i++) m[i] = sm[i + 64]; + return n; +} + +var crypto_scalarmult_BYTES = 32, + crypto_scalarmult_SCALARBYTES = 32, + crypto_box_PUBLICKEYBYTES = 32, + crypto_box_SECRETKEYBYTES = 32, + crypto_sign_BYTES = 64, + crypto_sign_PUBLICKEYBYTES = 32, + crypto_sign_SECRETKEYBYTES = 64, + crypto_sign_SEEDBYTES = 32; + +function checkArrayTypes() { + for (var i = 0; i < arguments.length; i++) { + if (!(arguments[i] instanceof Uint8Array)) + throw new TypeError('unexpected type, use Uint8Array'); + } +} + +function cleanup(arr) { + for (var i = 0; i < arr.length; i++) arr[i] = 0; +} + +nacl.scalarMult = function(n, p) { + checkArrayTypes(n, p); + if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); + if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); + var q = new Uint8Array(crypto_scalarmult_BYTES); + crypto_scalarmult(q, n, p); + return q; +}; + +nacl.box = {}; + +nacl.box.keyPair = function() { + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); + crypto_box_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; + +nacl.box.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_box_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + crypto_scalarmult_base(pk, secretKey); + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; + +nacl.sign = function(msg, secretKey) { + checkArrayTypes(msg, secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); + crypto_sign(signedMsg, msg, msg.length, secretKey); + return signedMsg; +}; + +nacl.sign.detached = function(msg, secretKey) { + var signedMsg = nacl.sign(msg, secretKey); + var sig = new Uint8Array(crypto_sign_BYTES); + for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; + return sig; +}; + +nacl.sign.detached.verify = function(msg, sig, publicKey) { + checkArrayTypes(msg, sig, publicKey); + if (sig.length !== crypto_sign_BYTES) + throw new Error('bad signature size'); + if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) + throw new Error('bad public key size'); + var sm = new Uint8Array(crypto_sign_BYTES + msg.length); + var m = new Uint8Array(crypto_sign_BYTES + msg.length); + var i; + for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; + for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; + return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); +}; + +nacl.sign.keyPair = function() { + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + crypto_sign_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; + +nacl.sign.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; + +nacl.sign.keyPair.fromSeed = function(seed) { + checkArrayTypes(seed); + if (seed.length !== crypto_sign_SEEDBYTES) + throw new Error('bad seed size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + for (var i = 0; i < 32; i++) sk[i] = seed[i]; + crypto_sign_keypair(pk, sk, true); + return {publicKey: pk, secretKey: sk}; +}; + +nacl.setPRNG = function(fn) { + randombytes = fn; +}; + +(function() { + // Initialize PRNG if environment provides CSPRNG. + // If not, methods calling randombytes will throw. + if (crypto$3 && crypto$3.getRandomValues) { + // Browsers and Node v16+ + var QUOTA = 65536; + nacl.setPRNG(function(x, n) { + var i, v = new Uint8Array(n); + for (i = 0; i < n; i += QUOTA) { + crypto$3.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); + } + for (i = 0; i < n; i++) x[i] = v[i]; + cleanup(v); + }); + } +})(); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const knownOIDs = { + '2a8648ce3d030107': enums.curve.nistP256, + '2b81040022': enums.curve.nistP384, + '2b81040023': enums.curve.nistP521, + '2b8104000a': enums.curve.secp256k1, + '2b06010401da470f01': enums.curve.ed25519Legacy, + '2b060104019755010501': enums.curve.curve25519Legacy, + '2b2403030208010107': enums.curve.brainpoolP256r1, + '2b240303020801010b': enums.curve.brainpoolP384r1, + '2b240303020801010d': enums.curve.brainpoolP512r1 +}; + +class OID { + constructor(oid) { + if (oid instanceof OID) { + this.oid = oid.oid; + } else if (util.isArray(oid) || + util.isUint8Array(oid)) { + oid = new Uint8Array(oid); + if (oid[0] === 0x06) { // DER encoded oid byte array + if (oid[1] !== oid.length - 2) { + throw new Error('Length mismatch in DER encoded oid'); + } + oid = oid.subarray(2); + } + this.oid = oid; + } else { + this.oid = ''; + } + } + + /** + * Method to read an OID object + * @param {Uint8Array} input - Where to read the OID from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length >= 1) { + const length = input[0]; + if (input.length >= 1 + length) { + this.oid = input.subarray(1, 1 + length); + return 1 + this.oid.length; + } + } + throw new Error('Invalid oid'); + } + + /** + * Serialize an OID object + * @returns {Uint8Array} Array with the serialized value the OID. + */ + write() { + return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); + } + + /** + * Serialize an OID object as a hex string + * @returns {string} String with the hex value of the OID. + */ + toHex() { + return util.uint8ArrayToHex(this.oid); + } + + /** + * If a known curve object identifier, return the canonical name of the curve + * @returns {enums.curve} String with the canonical name of the curve + * @throws if unknown + */ + getName() { + const name = knownOIDs[this.toHex()]; + if (!name) { + throw new Error('Unknown curve object identifier.'); + } + + return name; + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +function readSimpleLength(bytes) { + let len = 0; + let offset; + const type = bytes[0]; + + + if (type < 192) { + [len] = bytes; + offset = 1; + } else if (type < 255) { + len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; + offset = 2; + } else if (type === 255) { + len = util.readNumber(bytes.subarray(1, 1 + 4)); + offset = 5; + } + + return { + len: len, + offset: offset + }; +} + +/** + * Encodes a given integer of length to the openpgp length specifier to a + * string + * + * @param {Integer} length - The length to encode + * @returns {Uint8Array} String with openpgp length representation. + */ +function writeSimpleLength(length) { + if (length < 192) { + return new Uint8Array([length]); + } else if (length > 191 && length < 8384) { + /* + * let a = (total data packet length) - 192 let bc = two octet + * representation of a let d = b + 192 + */ + return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); + } + return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); +} + +function writePartialLength(power) { + if (power < 0 || power > 30) { + throw new Error('Partial Length power must be between 1 and 30'); + } + return new Uint8Array([224 + power]); +} + +function writeTag(tag_type) { + /* we're only generating v4 packet headers here */ + return new Uint8Array([0xC0 | tag_type]); +} + +/** + * Writes a packet header version 4 with the given tag_type and length to a + * string + * + * @param {Integer} tag_type - Tag type + * @param {Integer} length - Length of the payload + * @returns {String} String of the header. + */ +function writeHeader(tag_type, length) { + /* we're only generating v4 packet headers here */ + return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); +} + +/** + * Whether the packet type supports partial lengths per RFC4880 + * @param {Integer} tag - Tag type + * @returns {Boolean} String of the header. + */ +function supportsStreaming(tag) { + return [ + enums.packet.literalData, + enums.packet.compressedData, + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ].includes(tag); +} + +/** + * Generic static Packet Parser function + * + * @param {Uint8Array | ReadableStream} input - Input stream as string + * @param {Function} callback - Function to call with the parsed packet + * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. + */ +async function readPackets(input, callback) { + const reader = getReader(input); + let writer; + let callbackReturned; + try { + const peekedBytes = await reader.peekBytes(2); + // some sanity checks + if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { + throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); + } + const headerByte = await reader.readByte(); + let tag = -1; + let format = -1; + let packetLength; + + format = 0; // 0 = old format; 1 = new format + if ((headerByte & 0x40) !== 0) { + format = 1; + } + + let packetLengthType; + if (format) { + // new format header + tag = headerByte & 0x3F; // bit 5-0 + } else { + // old format header + tag = (headerByte & 0x3F) >> 2; // bit 5-2 + packetLengthType = headerByte & 0x03; // bit 1-0 + } + + const packetSupportsStreaming = supportsStreaming(tag); + let packet = null; + if (packetSupportsStreaming) { + if (util.isStream(input) === 'array') { + const arrayStream = new ArrayStream(); + writer = getWriter(arrayStream); + packet = arrayStream; + } else { + const transform = new TransformStream(); + writer = getWriter(transform.writable); + packet = transform.readable; + } + // eslint-disable-next-line callback-return + callbackReturned = callback({ tag, packet }); + } else { + packet = []; + } + + let wasPartialLength; + do { + if (!format) { + // 4.2.1. Old Format Packet Lengths + switch (packetLengthType) { + case 0: + // The packet has a one-octet length. The header is 2 octets + // long. + packetLength = await reader.readByte(); + break; + case 1: + // The packet has a two-octet length. The header is 3 octets + // long. + packetLength = (await reader.readByte() << 8) | await reader.readByte(); + break; + case 2: + // The packet has a four-octet length. The header is 5 + // octets long. + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + break; + default: + // 3 - The packet is of indeterminate length. The header is 1 + // octet long, and the implementation must determine how long + // the packet is. If the packet is in a file, this means that + // the packet extends until the end of the file. In general, + // an implementation SHOULD NOT use indeterminate-length + // packets except where the end of the data will be clear + // from the context, and even then it is better to use a + // definite length, or a new format header. The new format + // headers described below have a mechanism for precisely + // encoding data of indeterminate length. + packetLength = Infinity; + break; + } + } else { // 4.2.2. New Format Packet Lengths + // 4.2.2.1. One-Octet Lengths + const lengthByte = await reader.readByte(); + wasPartialLength = false; + if (lengthByte < 192) { + packetLength = lengthByte; + // 4.2.2.2. Two-Octet Lengths + } else if (lengthByte >= 192 && lengthByte < 224) { + packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; + // 4.2.2.4. Partial Body Lengths + } else if (lengthByte > 223 && lengthByte < 255) { + packetLength = 1 << (lengthByte & 0x1F); + wasPartialLength = true; + if (!packetSupportsStreaming) { + throw new TypeError('This packet type does not support partial lengths.'); + } + // 4.2.2.3. Five-Octet Lengths + } else { + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + } + } + if (packetLength > 0) { + let bytesRead = 0; + while (true) { + if (writer) await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (packetLength === Infinity) break; + throw new Error('Unexpected end of packet'); + } + const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); + if (writer) await writer.write(chunk); + else packet.push(chunk); + bytesRead += value.length; + if (bytesRead >= packetLength) { + reader.unshift(value.subarray(packetLength - bytesRead + value.length)); + break; + } + } + } + } while (wasPartialLength); + + // If this was not a packet that "supports streaming", we peek to check + // whether it is the last packet in the message. We peek 2 bytes instead + // of 1 because the beginning of this function also peeks 2 bytes, and we + // want to cut a `subarray` of the correct length into `web-stream-tools`' + // `externalBuffer` as a tiny optimization here. + // + // If it *was* a streaming packet (i.e. the data packets), we peek at the + // entire remainder of the stream, in order to forward errors in the + // remainder of the stream to the packet data. (Note that this means we + // read/peek at all signature packets before closing the literal data + // packet, for example.) This forwards MDC errors to the literal data + // stream, for example, so that they don't get lost / forgotten on + // decryptedMessage.packets.stream, which we never look at. + // + // An example of what we do when stream-parsing a message containing + // [ one-pass signature packet, literal data packet, signature packet ]: + // 1. Read the one-pass signature packet + // 2. Peek 2 bytes of the literal data packet + // 3. Parse the one-pass signature packet + // + // 4. Read the literal data packet, simultaneously stream-parsing it + // 5. Peek until the end of the message + // 6. Finish parsing the literal data packet + // + // 7. Read the signature packet again (we already peeked at it in step 5) + // 8. Peek at the end of the stream again (`peekBytes` returns undefined) + // 9. Parse the signature packet + // + // Note that this means that if there's an error in the very end of the + // stream, such as an MDC error, we throw in step 5 instead of in step 8 + // (or never), which is the point of this exercise. + const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); + if (writer) { + await writer.ready; + await writer.close(); + } else { + packet = util.concatUint8Array(packet); + // eslint-disable-next-line callback-return + await callback({ tag, packet }); + } + return !nextPacket || !nextPacket.length; + } catch (e) { + if (writer) { + await writer.abort(e); + return true; + } else { + throw e; + } + } finally { + if (writer) { + await callbackReturned; + } + reader.releaseLock(); + } +} + +class UnsupportedError extends Error { + constructor(...params) { + super(...params); + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); + } + + this.name = 'UnsupportedError'; + } +} + +// unknown packet types are handled differently depending on the packet criticality +class UnknownPacketError extends UnsupportedError { + constructor(...params) { + super(...params); + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); + } + + this.name = 'UnknownPacketError'; + } +} + +class UnparseablePacket { + constructor(tag, rawContent) { + this.tag = tag; + this.rawContent = rawContent; + } + + write() { + return this.rawContent; + } +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +/** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} + */ +async function generate$3(algo) { + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']); + + const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey); + + return { + A: new Uint8Array(b64ToUint8Array(publicKey.x)), + seed: b64ToUint8Array(privateKey.d, true) + }; + } catch (err) { + if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux + throw err; + } + const seed = getRandomBytes(getPayloadSize$1(algo)); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const seed = ed448.utils.randomPrivateKey(); + const A = ed448.getPublicKey(seed); + return { A, seed }; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +} + +/** + * Sign a message using the provided key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * RS: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$5(algo, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = privateKeyToJWK(algo, publicKey, privateKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']); + + const signature = new Uint8Array( + await webCrypto.sign('Ed25519', key, hashed) + ); + + return { RS: signature }; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const signature = ed448.sign(hashed, privateKey); + return { RS: signature }; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } + +} + +/** + * Verifies if a signature is valid for a message + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{ RS: Uint8Array }} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$5(algo, hashAlgo, { RS }, m, publicKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = publicKeyToJWK(algo, publicKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']); + const verified = await webCrypto.verify('Ed25519', key, RS, hashed); + return verified; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + return nacl.sign.detached.verify(hashed, RS, publicKey); + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + return ed448.verify(RS, hashed, publicKey); + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +} +/** + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point + * @param {Uint8Array} seed - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$7(algo, A, seed) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(seed); + return util.equalsUint8Array(A, publicKey); + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + + const publicKey = ed448.getPublicKey(seed); + return util.equalsUint8Array(A, publicKey); + } + default: + return false; + } +} + +function getPayloadSize$1(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return 32; + + case enums.publicKey.ed448: + return 57; + + default: + throw new Error('Unsupported EdDSA algorithm'); + } +} + +function getPreferredHashAlgo$2(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return enums.hash.sha256; + case enums.publicKey.ed448: + return enums.hash.sha512; + default: + throw new Error('Unknown EdDSA algo'); + } +} + +const publicKeyToJWK = (algo, publicKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = { + kty: 'OKP', + crv: 'Ed25519', + x: uint8ArrayToB64(publicKey), + ext: true + }; + return jwk; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; + +const privateKeyToJWK = (algo, publicKey, privateKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = publicKeyToJWK(algo, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; + +var eddsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + generate: generate$3, + getPayloadSize: getPayloadSize$1, + getPreferredHashAlgo: getPreferredHashAlgo$2, + sign: sign$5, + validateParams: validateParams$7, + verify: verify$5 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$4 = util.getWebCrypto(); +/** + * AES key wrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} dataToWrap + * @returns {Uint8Array} wrapped key + */ +async function wrap(algo, key, dataToWrap) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } + + try { + const wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']); + // Import data as HMAC key, as it has no key length requirements + const keyToWrap = await webCrypto$4.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + const wrapped = await webCrypto$4.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' }); + return new Uint8Array(wrapped); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + + return aeskw(key).encrypt(dataToWrap); +} + +/** + * AES key unwrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} wrappedData + * @returns {Uint8Array} unwrapped data + */ +async function unwrap(algo, key, wrappedData) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } + + let wrappingKey; + try { + wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + return aeskw(key).decrypt(wrappedData); + } + + try { + const unwrapped = await webCrypto$4.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + return new Uint8Array(await webCrypto$4.exportKey('raw', unwrapped)); + } catch (err) { + if (err.name === 'OperationError') { + throw new Error('Key Data Integrity failed'); + } + throw err; + } +} + +var aesKW = /*#__PURE__*/Object.freeze({ + __proto__: null, + unwrap: unwrap, + wrap: wrap +}); + +/** + * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. + * @module crypto/hkdf + */ + + +const webCrypto$3 = util.getWebCrypto(); + +async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) { + const hash = enums.read(enums.webHash, hashAlgo); + if (!hash) throw new Error('Hash algo not supported with HKDF'); + + const importedKey = await webCrypto$3.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); + const bits = await webCrypto$3.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); + return new Uint8Array(bits); +} + +/** + * @fileoverview Key encryption and decryption for RFC 6637 ECDH + * @module crypto/public_key/elliptic/ecdh + */ + + +const HKDF_INFO = { + x25519: util.encodeUTF8('OpenPGP X25519'), + x448: util.encodeUTF8('OpenPGP X448') +}; + +/** + * Generate ECDH key for Montgomery curves + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} + */ +async function generate$2(algo) { + switch (algo) { + case enums.publicKey.x25519: { + // k stays in little-endian, unlike legacy ECDH over curve25519 + const k = getRandomBytes(32); + const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k); + return { A, k }; + } + + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const k = x448.utils.randomPrivateKey(); + const A = x448.getPublicKey(k); + return { A, k }; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +/** +* Validate ECDH parameters +* @param {module:enums.publicKey} algo - Algorithm identifier +* @param {Uint8Array} A - ECDH public point +* @param {Uint8Array} k - ECDH secret scalar +* @returns {Promise} Whether params are valid. +* @async +*/ +async function validateParams$6(algo, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.box.keyPair.fromSecretKey(k); + return util.equalsUint8Array(A, publicKey); + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + /** + * Derive public point A' from private key + * and expect A == A' + */ + const publicKey = x448.getPublicKey(k); + return util.equalsUint8Array(A, publicKey); + } + + default: + return false; + } +} + +/** + * Wrap and encrypt a session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} data - session key data to be encrypted + * @param {Uint8Array} recipientA - Recipient public key (K_B) + * @returns {Promise<{ + * ephemeralPublicKey: Uint8Array, + * wrappedKey: Uint8Array + * }>} ephemeral public key (K_A) and encrypted key + * @async + */ +async function encrypt$2(algo, data, recipientA) { + const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + recipientA, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } + + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +/** + * Decrypt and unwrap the session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} ephemeralPublicKey - (K_A) + * @param {Uint8Array} wrappedKey, + * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF + * @param {Uint8Array} k - Recipient secret key (b) + * @returns {Promise} decrypted session key data + * @async + */ +async function decrypt$2(algo, ephemeralPublicKey, wrappedKey, A, k) { + const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + A, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +function getPayloadSize(algo) { + switch (algo) { + case enums.publicKey.x25519: + return 32; + + case enums.publicKey.x448: + return 56; + + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +/** + * Generate shared secret and ephemeral public key for encryption + * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret + * @async + */ +async function generateEphemeralEncryptionMaterial(algo, recipientA) { + switch (algo) { + case enums.publicKey.x25519: { + const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo)); + const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const ephemeralSecretKey = x448.utils.randomPrivateKey(); + const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +/** + * x25519 and x448 produce an all-zero value when given as input a point with small order. + * This does not lead to a security issue in the context of ECDH, but it is still unexpected, + * hence we throw. + * @param {Uint8Array} sharedSecret + */ +function assertNonZeroArray(sharedSecret) { + let acc = 0; + for (let i = 0; i < sharedSecret.length; i++) { + acc |= sharedSecret[i]; + } + if (acc === 0) { + throw new Error('Unexpected low order point'); + } +} + +var ecdh_x = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$2, + encrypt: encrypt$2, + generate: generate$2, + generateEphemeralEncryptionMaterial: generateEphemeralEncryptionMaterial, + getPayloadSize: getPayloadSize, + recomputeSharedSecret: recomputeSharedSecret, + validateParams: validateParams$6 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$2 = util.getWebCrypto(); +const nodeCrypto$2 = util.getNodeCrypto(); + +const webCurves = { + [enums.curve.nistP256]: 'P-256', + [enums.curve.nistP384]: 'P-384', + [enums.curve.nistP521]: 'P-521' +}; +const knownCurves = nodeCrypto$2 ? nodeCrypto$2.getCurves() : []; +const nodeCurves = nodeCrypto$2 ? { + [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, + [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, + [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, + [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, + [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined, + [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined, + [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, + [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, + [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined +} : {}; + +const curves = { + [enums.curve.nistP256]: { + oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.nistP256], + web: webCurves[enums.curve.nistP256], + payloadSize: 32, + sharedSize: 256, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP384]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.nistP384], + web: webCurves[enums.curve.nistP384], + payloadSize: 48, + sharedSize: 384, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP521]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.nistP521], + web: webCurves[enums.curve.nistP521], + payloadSize: 66, + sharedSize: 528, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.secp256k1]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.secp256k1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.ed25519Legacy]: { + oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], + keyType: enums.publicKey.eddsaLegacy, + hash: enums.hash.sha512, + node: false, // nodeCurves.ed25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.curve25519Legacy]: { + oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], + keyType: enums.publicKey.ecdh, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: false, // nodeCurves.curve25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.brainpoolP256r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.brainpoolP256r1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP384r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.brainpoolP384r1], + payloadSize: 48, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP512r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.brainpoolP512r1], + payloadSize: 64, + wireFormatLeadingByte: 0x04 + } +}; + +class CurveWithOID { + constructor(oidOrName) { + try { + this.name = oidOrName instanceof OID ? + oidOrName.getName() : + enums.write(enums.curve,oidOrName); + } catch (err) { + throw new UnsupportedError('Unknown curve'); + } + const params = curves[this.name]; + + this.keyType = params.keyType; + + this.oid = params.oid; + this.hash = params.hash; + this.cipher = params.cipher; + this.node = params.node; + this.web = params.web; + this.payloadSize = params.payloadSize; + this.sharedSize = params.sharedSize; + this.wireFormatLeadingByte = params.wireFormatLeadingByte; + if (this.web && util.getWebCrypto()) { + this.type = 'web'; + } else if (this.node && util.getNodeCrypto()) { + this.type = 'node'; + } else if (this.name === enums.curve.curve25519Legacy) { + this.type = 'curve25519Legacy'; + } else if (this.name === enums.curve.ed25519Legacy) { + this.type = 'ed25519Legacy'; + } + } + + async genKeyPair() { + switch (this.type) { + case 'web': + try { + return await webGenKeyPair(this.name, this.wireFormatLeadingByte); + } catch (err) { + util.printDebugError('Browser did not support generating ec key ' + err.message); + return jsGenKeyPair(this.name); + } + case 'node': + return nodeGenKeyPair(this.name); + case 'curve25519Legacy': { + // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3 + const { k, A } = await generate$2(enums.publicKey.x25519); + const privateKey = k.slice().reverse(); + privateKey[0] = (privateKey[0] & 127) | 64; + privateKey[31] &= 248; + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + case 'ed25519Legacy': { + const { seed: privateKey, A } = await generate$3(enums.publicKey.ed25519); + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + default: + return jsGenKeyPair(this.name); + } + } +} + +async function generate$1(curveName) { + const curve = new CurveWithOID(curveName); + const { oid, hash, cipher } = curve; + const keyPair = await curve.genKeyPair(); + return { + oid, + Q: keyPair.publicKey, + secret: util.leftPad(keyPair.privateKey, curve.payloadSize), + hash, + cipher + }; +} + +/** + * Get preferred hash algo to use with the given curve + * @param {module:type/oid} oid - curve oid + * @returns {enums.hash} hash algorithm + */ +function getPreferredHashAlgo$1(oid) { + return curves[oid.getName()].hash; +} + +/** + * Validate ECDH and ECDSA parameters + * Not suitable for EdDSA (different secret key format) + * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves + * @param {module:type/oid} oid - EC object identifier + * @param {Uint8Array} Q - EC public point + * @param {Uint8Array} d - EC secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateStandardParams(algo, oid, Q, d) { + const supportedCurves = { + [enums.curve.nistP256]: true, + [enums.curve.nistP384]: true, + [enums.curve.nistP521]: true, + [enums.curve.secp256k1]: true, + [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh, + [enums.curve.brainpoolP256r1]: true, + [enums.curve.brainpoolP384r1]: true, + [enums.curve.brainpoolP512r1]: true + }; + + // Check whether the given curve is supported + const curveName = oid.getName(); + if (!supportedCurves[curveName]) { + return false; + } + + if (curveName === enums.curve.curve25519Legacy) { + d = d.slice().reverse(); + // Re-derive public point Q' + const { publicKey } = nacl.box.keyPair.fromSecretKey(d); + + Q = new Uint8Array(Q); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + if (!util.equalsUint8Array(dG, Q)) { + return false; + } + + return true; + } + + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + /* + * Re-derive public point Q' = dG from private key + * Expect Q == Q' + */ + const dG = nobleCurve.getPublicKey(d, false); + if (!util.equalsUint8Array(dG, Q)) { + return false; + } + + return true; +} + +/** + * Check whether the public point has a valid encoding. + * NB: this function does not check e.g. whether the point belongs to the curve. + */ +function checkPublicPointEnconding(curve, V) { + const { payloadSize, wireFormatLeadingByte, name: curveName } = curve; + + const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2; + + if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) { + throw new Error('Invalid point encoding'); + } +} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// +async function jsGenKeyPair(name) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + const privateKey = nobleCurve.utils.randomPrivateKey(); + const publicKey = nobleCurve.getPublicKey(privateKey, false); + return { publicKey, privateKey }; +} + +async function webGenKeyPair(name, wireFormatLeadingByte) { + // Note: keys generated with ECDSA and ECDH are structurally equivalent + const webCryptoKey = await webCrypto$2.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); + + const privateKey = await webCrypto$2.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto$2.exportKey('jwk', webCryptoKey.publicKey); + + return { + publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte), + privateKey: b64ToUint8Array(privateKey.d) + }; +} + +async function nodeGenKeyPair(name) { + // Note: ECDSA and ECDH key generation is structurally equivalent + const ecdh = nodeCrypto$2.createECDH(nodeCurves[name]); + await ecdh.generateKeys(); + return { + publicKey: new Uint8Array(ecdh.getPublicKey()), + privateKey: new Uint8Array(ecdh.getPrivateKey()) + }; +} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + +/** + * @param {JsonWebKey} jwk - key for conversion + * + * @returns {Uint8Array} Raw public key. + */ +function jwkToRawPublic(jwk, wireFormatLeadingByte) { + const bufX = b64ToUint8Array(jwk.x); + const bufY = b64ToUint8Array(jwk.y); + const publicKey = new Uint8Array(bufX.length + bufY.length + 1); + publicKey[0] = wireFormatLeadingByte; + publicKey.set(bufX, 1); + publicKey.set(bufY, bufX.length + 1); + return publicKey; +} + +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * + * @returns {JsonWebKey} Public key in jwk format. + */ +function rawPublicToJWK(payloadSize, name, publicKey) { + const len = payloadSize; + const bufX = publicKey.slice(1, len + 1); + const bufY = publicKey.slice(len + 1, len * 2 + 1); + // https://www.rfc-editor.org/rfc/rfc7518.txt + const jwk = { + kty: 'EC', + crv: name, + x: uint8ArrayToB64(bufX), + y: uint8ArrayToB64(bufY), + ext: true + }; + return jwk; +} + +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * @param {Uint8Array} privateKey - private key + * + * @returns {JsonWebKey} Private key in jwk format. + */ +function privateToJWK(payloadSize, name, publicKey, privateKey) { + const jwk = rawPublicToJWK(payloadSize, name, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$1 = util.getWebCrypto(); +const nodeCrypto$1 = util.getNodeCrypto(); + +/** + * Sign a message using the provided key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$4(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (message && !util.isStream(message)) { + const keyPair = { publicKey, privateKey }; + switch (curve.type) { + case 'web': + // If browser doesn't support a curve, we'll catch it + try { + // Need to await to make sure browser succeeds + return await webSign(curve, hashAlgo, message, keyPair); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunaley Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support signing: ' + err.message); + } + break; + case 'node': + return nodeSign(curve, hashAlgo, message, privateKey); + } + } + + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + const signature = nobleCurve.sign(hashed, privateKey, { lowS: false }); + return { + r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize), + s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize) + }; +} + +/** + * Verifies if a signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify + * @param {Uint8Array} message - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$4(oid, hashAlgo, signature, message, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + // See https://github.com/openpgpjs/openpgpjs/pull/948. + // NB: the impact was more likely limited to Brainpool curves, since thanks + // to WebCrypto availability, NIST curve should not have been affected. + // Similarly, secp256k1 should have been used rarely enough. + // However, we implement the fix for all curves, since it's only needed in case of + // verification failure, which is unexpected, hence a minor slowdown is acceptable. + const tryFallbackVerificationForOldBug = async () => ( + hashed[0] === 0 ? + jsVerify(curve, signature, hashed.subarray(1), publicKey) : + false + ); + + if (message && !util.isStream(message)) { + switch (curve.type) { + case 'web': + try { + // Need to await to make sure browser succeeds + const verified = await webVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunately Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support verifying: ' + err.message); + } + break; + case 'node': { + const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } + } + } + + const verified = await jsVerify(curve, signature, hashed, publicKey); + return verified || tryFallbackVerificationForOldBug(); +} + +/** + * Validate ECDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDSA public point + * @param {Uint8Array} d - ECDSA secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$5(oid, Q, d) { + const curve = new CurveWithOID(oid); + // Reject curves x25519 and ed25519 + if (curve.keyType !== enums.publicKey.ecdsa) { + return false; + } + + // To speed up the validation, we try to use node- or webcrypto when available + // and sign + verify a random message + switch (curve.type) { + case 'web': + case 'node': { + const message = getRandomBytes(8); + const hashAlgo = enums.hash.sha256; + const hashed = await hash$1.digest(hashAlgo, message); + try { + const signature = await sign$4(oid, hashAlgo, message, Q, d, hashed); + // eslint-disable-next-line @typescript-eslint/return-await + return await verify$4(oid, hashAlgo, signature, message, Q, hashed); + } catch (err) { + return false; + } + } + default: + return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); + } +} + + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + +/** + * Fallback javascript implementation of ECDSA verification. + * To be used if no native implementation is available for the given curve/operation. + */ +async function jsVerify(curve, signature, hashed, publicKey) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false }); +} + +async function webSign(curve, hashAlgo, message, keyPair) { + const len = curve.payloadSize; + const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['sign'] + ); + + const signature = new Uint8Array(await webCrypto$1.sign( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + message + )); + + return { + r: signature.slice(0, len), + s: signature.slice(len, len << 1) + }; +} + +async function webVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['verify'] + ); + + const signature = util.concatUint8Array([r, s]).buffer; + + return webCrypto$1.verify( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + signature, + message + ); +} + +async function nodeSign(curve, hashAlgo, message, privateKey) { + // JWT encoding cannot be used for now, as Brainpool curves are not supported + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + privateKey: nodeBuffer.from(privateKey) + }); + + const sign = nodeCrypto$1.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(message); + sign.end(); + + const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' })); + const len = curve.payloadSize; + + return { + r: signature.subarray(0, len), + s: signature.subarray(len, len << 1) + }; +} + +async function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { publicKey: derPublicKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + publicKey: nodeBuffer.from(publicKey) + }); + + const verify = nodeCrypto$1.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(message); + verify.end(); + + const signature = util.concatUint8Array([r, s]); + + try { + return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature); + } catch (err) { + return false; + } +} + +var ecdsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$4, + validateParams: validateParams$5, + verify: verify$4 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$3(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + const { RS: signature } = await sign$5(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; +} + +/** + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$3(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + const RS = util.concatUint8Array([r, s]); + return verify$5(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed); +} +/** + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$4(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== enums.curve.ed25519Legacy) { + return false; + } + + /** + * Derive public point Q' = dG from private key + * and expect Q == Q' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); + +} + +var eddsa_legacy = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$3, + validateParams: validateParams$4, + verify: verify$3 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * @fileoverview Functions to add and remove PKCS5 padding + * @see PublicKeyEncryptedSessionKeyPacket + * @module crypto/pkcs5 + * @private + */ + +/** + * Add pkcs5 padding to a message + * @param {Uint8Array} message - message to pad + * @returns {Uint8Array} Padded message. + */ +function encode(message) { + const c = 8 - (message.length % 8); + const padded = new Uint8Array(message.length + c).fill(c); + padded.set(message); + return padded; +} + +/** + * Remove pkcs5 padding from a message + * @param {Uint8Array} message - message to remove padding from + * @returns {Uint8Array} Message without padding. + */ +function decode$1(message) { + const len = message.length; + if (len > 0) { + const c = message[len - 1]; + if (c >= 1) { + const provided = message.subarray(len - c); + const computed = new Uint8Array(c).fill(c); + if (util.equalsUint8Array(provided, computed)) { + return message.subarray(0, len - c); + } + } + } + throw new Error('Invalid padding'); +} + +var pkcs5 = /*#__PURE__*/Object.freeze({ + __proto__: null, + decode: decode$1, + encode: encode +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto = util.getWebCrypto(); +const nodeCrypto = util.getNodeCrypto(); + +/** + * Validate ECDH parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDH public point + * @param {Uint8Array} d - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$3(oid, Q, d) { + return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); +} + +// Build Param for ECDH algorithm (RFC 6637) +function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { + return util.concatUint8Array([ + oid.write(), + new Uint8Array([public_algo]), + kdfParams.write(), + util.stringToUint8Array('Anonymous Sender '), + fingerprint + ]); +} + +// Key Derivation Function (RFC 6637) +async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { + // Note: X is little endian for Curve25519, big-endian for all others. + // This is not ideal, but the RFC's are unclear + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B + let i; + if (stripLeading) { + // Work around old go crypto bug + for (i = 0; i < X.length && X[i] === 0; i++); + X = X.subarray(i); + } + if (stripTrailing) { + // Work around old OpenPGP.js bug + for (i = X.length - 1; i >= 0 && X[i] === 0; i--); + X = X.subarray(0, i + 1); + } + const digest = await hash$1.digest(hashAlgo, util.concatUint8Array([ + new Uint8Array([0, 0, 0, 1]), + X, + param + ])); + return digest.subarray(0, length); +} + +/** + * Generate ECDHE ephemeral key and secret from public key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPublicEphemeralKey(curve, Q) { + switch (curve.type) { + case 'curve25519Legacy': { + const { sharedSecret: sharedKey, ephemeralPublicKey } = await generateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1)); + const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]); + return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPublicEphemeralKey(curve, Q); + } catch (err) { + util.printDebugError(err); + return jsPublicEphemeralKey(curve, Q); + } + } + break; + case 'node': + return nodePublicEphemeralKey(curve, Q); + default: + return jsPublicEphemeralKey(curve, Q); + + } +} + +/** + * Encrypt and wrap a session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} data - Unpadded session key data + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} + * @async + */ +async function encrypt$1(oid, kdfParams, data, Q, fingerprint) { + const m = encode(data); + + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); + const wrappedKey = await wrap(kdfParams.cipher, Z, m); + return { publicKey, wrappedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPrivateEphemeralKey(curve, V, Q, d) { + if (d.length !== curve.payloadSize) { + const privateKey = new Uint8Array(curve.payloadSize); + privateKey.set(d, curve.payloadSize - d.length); + d = privateKey; + } + switch (curve.type) { + case 'curve25519Legacy': { + const secretKey = d.slice().reverse(); + const sharedKey = await recomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey); + return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPrivateEphemeralKey(curve, V, Q, d); + } catch (err) { + util.printDebugError(err); + return jsPrivateEphemeralKey(curve, V, d); + } + } + break; + case 'node': + return nodePrivateEphemeralKey(curve, V, d); + default: + return jsPrivateEphemeralKey(curve, V, d); + } +} + +/** + * Decrypt and unwrap the value derived from session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} C - Encrypted and wrapped value derived from session key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise} Value derived from session key. + * @async + */ +async function decrypt$1(oid, kdfParams, V, C, Q, d, fingerprint) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + checkPublicPointEnconding(curve, V); + const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + let err; + for (let i = 0; i < 3; i++) { + try { + // Work around old go crypto bug and old OpenPGP.js bug, respectively. + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); + return decode$1(await unwrap(kdfParams.cipher, Z, C)); + } catch (e) { + err = e; + } + } + throw err; +} + +async function jsPrivateEphemeralKey(curve, V, d) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V); + const sharedKey = sharedSecretWithParity.subarray(1); + return { secretKey: d, sharedKey }; +} + +async function jsPublicEphemeralKey(curve, Q) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + const { publicKey: V, privateKey: v } = await curve.genKeyPair(); + + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q); + const sharedKey = sharedSecretWithParity.subarray(1); + return { publicKey: V, sharedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPrivateEphemeralKey(curve, V, Q, d) { + const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d); + let privateKey = webCrypto.importKey( + 'jwk', + recipient, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V); + let sender = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + [] + ); + [privateKey, sender] = await Promise.all([privateKey, sender]); + let S = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: sender + }, + privateKey, + curve.sharedSize + ); + let secret = webCrypto.exportKey( + 'jwk', + privateKey + ); + [S, secret] = await Promise.all([S, secret]); + const sharedKey = new Uint8Array(S); + const secretKey = b64ToUint8Array(secret.d); + return { secretKey, sharedKey }; +} + +/** + * Generate ECDHE ephemeral key and secret from public key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPublicEphemeralKey(curve, Q) { + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q); + let keyPair = webCrypto.generateKey( + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + let recipient = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + false, + [] + ); + [keyPair, recipient] = await Promise.all([keyPair, recipient]); + let s = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: recipient + }, + keyPair.privateKey, + curve.sharedSize + ); + let p = webCrypto.exportKey( + 'jwk', + keyPair.publicKey + ); + [s, p] = await Promise.all([s, p]); + const sharedKey = new Uint8Array(s); + const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte)); + return { publicKey, sharedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePrivateEphemeralKey(curve, V, d) { + const recipient = nodeCrypto.createECDH(curve.node); + recipient.setPrivateKey(d); + const sharedKey = new Uint8Array(recipient.computeSecret(V)); + const secretKey = new Uint8Array(recipient.getPrivateKey()); + return { secretKey, sharedKey }; +} + +/** + * Generate ECDHE ephemeral key and secret from public key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePublicEphemeralKey(curve, Q) { + const sender = nodeCrypto.createECDH(curve.node); + sender.generateKeys(); + const sharedKey = new Uint8Array(sender.computeSecret(Q)); + const publicKey = new Uint8Array(sender.getPublicKey()); + return { publicKey, sharedKey }; +} + +var ecdh = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$1, + encrypt: encrypt$1, + validateParams: validateParams$3 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +var elliptic = /*#__PURE__*/Object.freeze({ + __proto__: null, + CurveWithOID: CurveWithOID, + ecdh: ecdh, + ecdhX: ecdh_x, + ecdsa: ecdsa, + eddsa: eddsa, + eddsaLegacy: eddsa_legacy, + generate: generate$1, + getPreferredHashAlgo: getPreferredHashAlgo$1 +}); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/* + TODO regarding the hash function, read: + https://tools.ietf.org/html/rfc4880#section-13.6 + https://tools.ietf.org/html/rfc4880#section-14 +*/ + +const _0n$7 = BigInt(0); +const _1n$9 = BigInt(1); + +/** + * DSA Sign function + * @param {Integer} hashAlgo + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} x + * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} + * @async + */ +async function sign$2(hashAlgo, hashed, g, p, q, x) { + const _0n = BigInt(0); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + x = uint8ArrayToBigInt(x); + + let k; + let r; + let s; + let t; + g = mod$2(g, p); + x = mod$2(x, q); + // If the output size of the chosen hash is larger than the number of + // bits of q, the hash result is truncated to fit by taking the number + // of leftmost bits equal to the number of bits of q. This (possibly + // truncated) hash function result is treated as a number and used + // directly in the DSA signature algorithm. + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + // FIPS-186-4, section 4.6: + // The values of r and s shall be checked to determine if r = 0 or s = 0. + // If either r = 0 or s = 0, a new value of k shall be generated, and the + // signature shall be recalculated. It is extremely unlikely that r = 0 + // or s = 0 if signatures are generated properly. + while (true) { + // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + k = getRandomBigInteger(_1n$9, q); // returns in [1, q-1] + r = mod$2(modExp(g, k, p), q); // (g**k mod p) mod q + if (r === _0n) { + continue; + } + const xr = mod$2(x * r, q); + t = mod$2(h + xr, q); // H(m) + x*r mod q + s = mod$2(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q + if (s === _0n) { + continue; + } + break; + } + return { + r: bigIntToUint8Array(r, 'be', byteLength(p)), + s: bigIntToUint8Array(s, 'be', byteLength(p)) + }; +} + +/** + * DSA Verify function + * @param {Integer} hashAlgo + * @param {Uint8Array} r + * @param {Uint8Array} s + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} y + * @returns {boolean} + * @async + */ +async function verify$2(hashAlgo, r, s, hashed, g, p, q, y) { + r = uint8ArrayToBigInt(r); + s = uint8ArrayToBigInt(s); + + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + + if (r <= _0n$7 || r >= q || + s <= _0n$7 || s >= q) { + util.printDebug('invalid DSA Signature'); + return false; + } + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + const w = modInv(s, q); // s**-1 mod q + if (w === _0n$7) { + util.printDebug('invalid DSA Signature'); + return false; + } + + g = mod$2(g, p); + y = mod$2(y, p); + const u1 = mod$2(h * w, q); // H(m) * w mod q + const u2 = mod$2(r * w, q); // r * w mod q + const t1 = modExp(g, u1, p); // g**u1 mod p + const t2 = modExp(y, u2, p); // y**u2 mod p + const v = mod$2(mod$2(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q + return v === r; +} + +/** + * Validate DSA parameters + * @param {Uint8Array} p - DSA prime + * @param {Uint8Array} q - DSA group order + * @param {Uint8Array} g - DSA sub-group generator + * @param {Uint8Array} y - DSA public key + * @param {Uint8Array} x - DSA private key + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$2(p, q, g, y, x) { + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + // Check that 1 < g < p + if (g <= _1n$9 || g >= p) { + return false; + } + + /** + * Check that subgroup order q divides p-1 + */ + if (mod$2(p - _1n$9, q) !== _0n$7) { + return false; + } + + /** + * g has order q + * Check that g ** q = 1 mod p + */ + if (modExp(g, q, p) !== _1n$9) { + return false; + } + + /** + * Check q is large and probably prime (we mainly want to avoid small factors) + */ + const qSize = BigInt(bitLength(q)); + const _150n = BigInt(150); + if (qSize < _150n || !isProbablePrime(q, null, 32)) { + return false; + } + + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{rq + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const _2n = BigInt(2); + const r = getRandomBigInteger(_2n << (qSize - _1n$9), _2n << qSize); // draw r of same size as q + const rqx = q * r + x; + if (y !== modExp(g, rqx, p)) { + return false; + } + + return true; +} + +var dsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$2, + validateParams: validateParams$2, + verify: verify$2 +}); + +/** + * @fileoverview Asymmetric cryptography functions + * @module crypto/public_key + */ + + +var publicKey = { + /** @see module:crypto/public_key/rsa */ + rsa: rsa, + /** @see module:crypto/public_key/elgamal */ + elgamal: elgamal, + /** @see module:crypto/public_key/elliptic */ + elliptic: elliptic, + /** @see module:crypto/public_key/dsa */ + dsa: dsa +}; + +/** + * @fileoverview Provides functions for asymmetric signing and signature verification + * @module crypto/signature + */ + + +/** + * Parse signature in binary form to get the parameters. + * The returned values are only padded for EdDSA, since in the other cases their expected length + * depends on the key params, hence we delegate the padding to the signature verification function. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Uint8Array} signature - Data for which the signature was created + * @returns {Promise} True if signature is valid. + * @async + */ +function parseSignatureParams(algo, signature) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA signatures: + // - MPI of RSA signature value m**d mod n. + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + // The signature needs to be the same length as the public key modulo n. + // We pad s on signature verification, where we have access to n. + return { read, signatureParams: { s } }; + } + // Algorithm-Specific Fields for DSA or ECDSA signatures: + // - MPI of DSA or ECDSA value r. + // - MPI of DSA or ECDSA value s. + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + { + // If the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for legacy EdDSA signatures: + // - MPI of an EC point r. + // - EdDSA value s, in MPI, in the little endian representation + case enums.publicKey.eddsaLegacy: { + // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature + // verification: if the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + // Algorithm-Specific Fields for Ed448 signatures: + // - 114 octets of the native signature + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo); + const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length; + return { read, signatureParams: { RS } }; + } + + default: + throw new UnsupportedError('Unknown signature algorithm.'); + } +} + +/** + * Verifies the signature provided for data using specified algorithms and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} signature - Named algorithm-specific signature parameters + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Data for which the signature was created + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} True if signature is valid. + * @async + */ +async function verify$1(algo, hashAlgo, signature, publicParams, data, hashed) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto + return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); + } + case enums.publicKey.dsa: { + const { g, p, q, y } = publicParams; + const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers + return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); + } + case enums.publicKey.ecdsa: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // padding needed for webcrypto + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values: + // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); + } +} + +/** + * Creates a signature on data using specified algorithms and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters + * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters + * @param {Uint8Array} data - Data to be signed + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} Signature Object containing named signature parameters. + * @async + */ +async function sign$1(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { + if (!publicKeyParams || !privateKeyParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); + return { s }; + } + case enums.publicKey.dsa: { + const { g, p, q } = publicKeyParams; + const { x } = privateKeyParams; + return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); + } + case enums.publicKey.elgamal: + throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); + case enums.publicKey.ecdsa: { + const { oid, Q } = publicKeyParams; + const { d } = privateKeyParams; + return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); + } +} + +var signature = /*#__PURE__*/Object.freeze({ + __proto__: null, + parseSignatureParams: parseSignatureParams, + sign: sign$1, + verify: verify$1 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +class ECDHSymmetricKey { + constructor(data) { + if (data) { + this.data = data; + } + } + + /** + * Read an ECDHSymmetricKey from an Uint8Array: + * - 1 octect for the length `l` + * - `l` octects of encoded session key data + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + if (bytes.length >= 1) { + const length = bytes[0]; + if (bytes.length >= 1 + length) { + this.data = bytes.subarray(1, 1 + length); + return 1 + this.data.length; + } + } + throw new Error('Invalid symmetric key'); + } + + /** + * Write an ECDHSymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); + } +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of type KDF parameters + * + * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: + * A key derivation function (KDF) is necessary to implement the EC + * encryption. The Concatenation Key Derivation Function (Approved + * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is + * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. + * @module type/kdf_params + * @private + */ + +class KDFParams { + /** + * @param {enums.hash} hash - Hash algorithm + * @param {enums.symmetric} cipher - Symmetric algorithm + */ + constructor(data) { + if (data) { + const { hash, cipher } = data; + this.hash = hash; + this.cipher = cipher; + } else { + this.hash = null; + this.cipher = null; + } + } + + /** + * Read KDFParams from an Uint8Array + * @param {Uint8Array} input - Where to read the KDFParams from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { + throw new UnsupportedError('Cannot read KDFParams'); + } + this.hash = input[2]; + this.cipher = input[3]; + return 4; + } + + /** + * Write KDFParams to an Uint8Array + * @returns {Uint8Array} Array with the KDFParams value + */ + write() { + return new Uint8Array([3, 1, this.hash, this.cipher]); + } +} + +/** + * Encoded symmetric key for x25519 and x448 + * The payload format varies for v3 and v6 PKESK: + * the former includes an algorithm byte preceeding the encrypted session key. + * + * @module type/x25519x448_symkey + */ + + +class ECDHXSymmetricKey { + static fromObject({ wrappedKey, algorithm }) { + const instance = new ECDHXSymmetricKey(); + instance.wrappedKey = wrappedKey; + instance.algorithm = algorithm; + return instance; + } + + /** + * - 1 octect for the length `l` + * - `l` octects of encoded session key data (with optional leading algorithm byte) + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + let read = 0; + let followLength = bytes[read++]; + this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even + followLength -= followLength % 2; + this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength; + } + + /** + * Write an MontgomerySymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([ + this.algorithm ? + new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : + new Uint8Array([this.wrappedKey.length]), + this.wrappedKey + ]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Encrypts data using specified algorithm and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. + * @param {module:enums.publicKey} keyAlgo - Public key algorithm + * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only) + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Session key data to be encrypted + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @returns {Promise} Encrypted session key parameters. + * @async + */ +async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const { n, e } = publicParams; + const c = await publicKey.rsa.encrypt(data, n, e); + return { c }; + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + return publicKey.elgamal.encrypt(data, p, g, y); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicParams; + const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( + oid, kdfParams, data, Q, fingerprint); + return { V, C: new ECDHSymmetricKey(C) }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + if (symmetricAlgo && !util.isAES(symmetricAlgo)) { + // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 + throw new Error('X25519 and X448 keys can only encrypt AES session keys'); + } + const { A } = publicParams; + const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( + keyAlgo, data, A); + const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); + return { ephemeralPublicKey, C }; + } + default: + return []; + } +} + +/** + * Decrypts data using specified algorithm and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Object} publicKeyParams - Algorithm-specific public key parameters + * @param {Object} privateKeyParams - Algorithm-specific private key parameters + * @param {Object} sessionKeyParams - Encrypted session key parameters + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing + * (needed for constant-time processing in RSA and ElGamal) + * @returns {Promise} Decrypted data. + * @throws {Error} on sensitive decryption error, unless `randomPayload` is given + * @async + */ +async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: { + const { c } = sessionKeyParams; + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); + } + case enums.publicKey.elgamal: { + const { c1, c2 } = sessionKeyParams; + const p = publicKeyParams.p; + const x = privateKeyParams.x; + return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicKeyParams; + const { d } = privateKeyParams; + const { V, C } = sessionKeyParams; + return publicKey.elliptic.ecdh.decrypt( + oid, kdfParams, V, C.data, Q, d, fingerprint); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicKeyParams; + const { k } = privateKeyParams; + const { ephemeralPublicKey, C } = sessionKeyParams; + if (C.algorithm !== null && !util.isAES(C.algorithm)) { + throw new Error('AES session key expected'); + } + return publicKey.elliptic.ecdhX.decrypt( + algo, ephemeralPublicKey, C.wrappedKey, A, k); + } + default: + throw new Error('Unknown public key encryption algorithm.'); + } +} + +/** + * Parse public key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. + */ +function parsePublicKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; + const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; + return { read, publicParams: { n, e } }; + } + case enums.publicKey.dsa: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, q, g, y } }; + } + case enums.publicKey.elgamal: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, g, y } }; + } + case enums.publicKey.ecdsa: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.eddsaLegacy: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + if (oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + Q = util.leftPad(Q, 33); + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.ecdh: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); + return { read: read, publicParams: { oid, Q, kdfParams } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length; + return { read, publicParams: { A } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); + } +} + +/** + * Parse private key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @param {Object} publicParams - (ECC only) public params, needed to format some private params + * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. + */ +function parsePrivateKeyParams(algo, bytes, publicParams) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; + return { read, privateParams: { d, p, q, u } }; + } + case enums.publicKey.dsa: + case enums.publicKey.elgamal: { + const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; + return { read, privateParams: { x } }; + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + d = util.leftPad(d, payloadSize); + return { read, privateParams: { d } }; + } + case enums.publicKey.eddsaLegacy: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; + seed = util.leftPad(seed, payloadSize); + return { read, privateParams: { seed } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const payloadSize = getCurvePayloadSize(algo); + const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length; + return { read, privateParams: { seed } }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const payloadSize = getCurvePayloadSize(algo); + const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length; + return { read, privateParams: { k } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); + } +} + +/** Returns the types comprising the encrypted session key of an algorithm + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {Object} The session key parameters referenced by name. + */ +function parseEncSessionKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA encrypted session keys: + // - MPI of RSA encrypted value m**e mod n. + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const c = util.readMPI(bytes.subarray(read)); + return { c }; + } + + // Algorithm-Specific Fields for Elgamal encrypted session keys: + // - MPI of Elgamal value g**k mod p + // - MPI of Elgamal value m * y**k mod p + case enums.publicKey.elgamal: { + const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; + const c2 = util.readMPI(bytes.subarray(read)); + return { c1, c2 }; + } + // Algorithm-Specific Fields for ECDH encrypted session keys: + // - MPI containing the ephemeral key used to establish the shared secret + // - ECDH Symmetric Key + case enums.publicKey.ecdh: { + const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; + const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); + return { V, C }; + } + // Algorithm-Specific Fields for X25519 or X448 encrypted session keys: + // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448). + // - A one-octet size of the following fields. + // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). + // - The encrypted session key. + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const pointSize = getCurvePayloadSize(algo); + const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length; + const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); + return { ephemeralPublicKey, C }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); + } +} + +/** + * Convert params to MPI and serializes them in the proper order + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} params - The key parameters indexed by name + * @returns {Uint8Array} The array containing the MPIs. + */ +function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([ + enums.publicKey.ed25519, + enums.publicKey.x25519, + enums.publicKey.ed448, + enums.publicKey.x448 + ]); + const orderedParams = Object.keys(params).map(name => { + const param = params[name]; + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); + }); + return util.concatUint8Array(orderedParams); +} + +/** + * Generate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Integer} bits - Bit length for RSA keys + * @param {module:type/oid} oid - Object identifier for ECC keys + * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. + * @async + */ +function generateParams(algo, bits, oid) { + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ + privateParams: { d, p, q, u }, + publicParams: { n, e } + })); + case enums.publicKey.ecdsa: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { d: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { seed: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.ecdh: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ + privateParams: { d: secret }, + publicParams: { + oid: new OID(oid), + Q, + kdfParams: new KDFParams({ hash, cipher }) + } + })); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ + privateParams: { k }, + publicParams: { A } + })); + case enums.publicKey.dsa: + case enums.publicKey.elgamal: + throw new Error('Unsupported algorithm for key generation.'); + default: + throw new Error('Unknown public key algorithm.'); + } +} + +/** + * Validate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Object} privateParams - Algorithm-specific private key parameters + * @returns {Promise} Whether the parameters are valid. + * @async + */ +async function validateParams$1(algo, publicParams, privateParams) { + if (!publicParams || !privateParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const { d, p, q, u } = privateParams; + return publicKey.rsa.validateParams(n, e, d, p, q, u); + } + case enums.publicKey.dsa: { + const { p, q, g, y } = publicParams; + const { x } = privateParams; + return publicKey.dsa.validateParams(p, q, g, y, x); + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + const { x } = privateParams; + return publicKey.elgamal.validateParams(p, g, y, x); + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; + const { oid, Q } = publicParams; + const { d } = privateParams; + return algoModule.validateParams(oid, Q, d); + } + case enums.publicKey.eddsaLegacy: { + const { Q, oid } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicParams; + const { k } = privateParams; + return publicKey.elliptic.ecdhX.validateParams(algo, A, k); + } + default: + throw new Error('Unknown public key algorithm.'); + } +} + +/** + * Generates a random byte prefix for the specified algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. + * @async + */ +async function getPrefixRandom(algo) { + const { blockSize } = getCipherParams(algo); + const prefixrandom = await getRandomBytes(blockSize); + const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); + return util.concat([prefixrandom, repeat]); +} + +/** + * Generating a session key for the specified symmetric algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Uint8Array} Random bytes as a string to be used as a key. + */ +function generateSessionKey$1(algo) { + const { keySize } = getCipherParams(algo); + return getRandomBytes(keySize); +} + +/** + * Get implementation of the given AEAD mode + * @param {enums.aead} algo + * @returns {Object} + * @throws {Error} on invalid algo + */ +function getAEADMode(algo) { + const algoName = enums.read(enums.aead, algo); + return mode[algoName]; +} + +/** + * Check whether the given curve OID is supported + * @param {module:type/oid} oid - EC object identifier + * @throws {UnsupportedError} if curve is not supported + */ +function checkSupportedCurve(oid) { + try { + oid.getName(); + } catch (e) { + throw new UnsupportedError('Unknown curve OID'); + } +} + +/** + * Get encoded secret size for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getCurvePayloadSize(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: + case enums.publicKey.eddsaLegacy: + return new publicKey.elliptic.CurveWithOID(oid).payloadSize; + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPayloadSize(algo); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.getPayloadSize(algo); + default: + throw new Error('Unknown elliptic algo'); + } +} + +/** + * Get preferred signing hash algo for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getPreferredCurveHashAlgo(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.getPreferredHashAlgo(oid); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); + default: + throw new Error('Unknown elliptic signing algo'); + } +} + +var crypto$2 = /*#__PURE__*/Object.freeze({ + __proto__: null, + generateParams: generateParams, + generateSessionKey: generateSessionKey$1, + getAEADMode: getAEADMode, + getCipherParams: getCipherParams, + getCurvePayloadSize: getCurvePayloadSize, + getPreferredCurveHashAlgo: getPreferredCurveHashAlgo, + getPrefixRandom: getPrefixRandom, + parseEncSessionKeyParams: parseEncSessionKeyParams, + parsePrivateKeyParams: parsePrivateKeyParams, + parsePublicKeyParams: parsePublicKeyParams, + publicKeyDecrypt: publicKeyDecrypt, + publicKeyEncrypt: publicKeyEncrypt, + serializeParams: serializeParams, + validateParams: validateParams$1 +}); + +/** + * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js + * @see module:crypto/crypto + * @see module:crypto/signature + * @see module:crypto/public_key + * @see module:crypto/cipher + * @see module:crypto/random + * @see module:crypto/hash + * @module crypto + */ + + +// TODO move cfb and gcm to cipher +const mod$1 = { + /** @see module:crypto/cipher */ + cipher: cipher, + /** @see module:crypto/hash */ + hash: hash$1, + /** @see module:crypto/mode */ + mode: mode, + /** @see module:crypto/public_key */ + publicKey: publicKey, + /** @see module:crypto/signature */ + signature: signature, + /** @see module:crypto/random */ + random: random, + /** @see module:crypto/pkcs1 */ + pkcs1: pkcs1, + /** @see module:crypto/pkcs5 */ + pkcs5: pkcs5, + /** @see module:crypto/aes_kw */ + aesKW: aesKW +}; + +Object.assign(mod$1, crypto$2); + +const ARGON2_TYPE = 0x02; // id +const ARGON2_VERSION = 0x13; +const ARGON2_SALT_SIZE = 16; + +class Argon2OutOfMemoryError extends Error { + constructor(...params) { + super(...params); + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, Argon2OutOfMemoryError); + } + + this.name = 'Argon2OutOfMemoryError'; + } +} + +// cache argon wasm module +let loadArgonWasmModule; +let argon2Promise; +// reload wasm module above this treshold, to deallocated used memory +const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19; + +class Argon2S2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params; + + this.type = 'argon2'; + /** + * 16 bytes of salt + * @type {Uint8Array} + */ + this.salt = null; + /** + * number of passes + * @type {Integer} + */ + this.t = passes; + /** + * degree of parallelism (lanes) + * @type {Integer} + */ + this.p = parallelism; + /** + * exponent indicating memory size + * @type {Integer} + */ + this.encodedM = memoryExponent; + } + + generateSalt() { + this.salt = mod$1.random.getRandomBytes(ARGON2_SALT_SIZE); + } + + /** + * Parsing function for argon2 string-to-key specifier. + * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; + + this.salt = bytes.subarray(i, i + 16); + i += 16; + + this.t = bytes[i++]; + this.p = bytes[i++]; + this.encodedM = bytes[i++]; // memory size exponent, one-octect + + return i; + } + + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + const arr = [ + new Uint8Array([enums.write(enums.s2k, this.type)]), + this.salt, + new Uint8Array([this.t, this.p, this.encodedM]) + ]; + + return util.concatUint8Array(arr); + } + + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to `keySize` + * @throws {Argon2OutOfMemoryError|Errors} + * @async + */ + async produceKey(passphrase, keySize) { + const decodedM = 2 << (this.encodedM - 1); + + try { + // on first load, the argon2 lib is imported and the WASM module is initialized. + // the two steps need to be atomic to avoid race conditions causing multiple wasm modules + // being loaded when `argon2Promise` is not initialized. + loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index$1; })).default; + argon2Promise = argon2Promise || loadArgonWasmModule(); + + // important to keep local ref to argon2 in case the module is reloaded by another instance + const argon2 = await argon2Promise; + + const passwordBytes = util.encodeUTF8(passphrase); + const hash = argon2({ + version: ARGON2_VERSION, + type: ARGON2_TYPE, + password: passwordBytes, + salt: this.salt, + tagLength: keySize, + memorySize: decodedM, + parallelism: this.p, + passes: this.t + }); + + // a lot of memory was used, reload to deallocate + if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) { + // it will be awaited if needed at the next `produceKey` invocation + argon2Promise = loadArgonWasmModule(); + argon2Promise.catch(() => {}); + } + return hash; + } catch (e) { + if (e.message && ( + e.message.includes('Unable to grow instance memory') || // Chrome + e.message.includes('failed to grow memory') || // Firefox + e.message.includes('WebAssembly.Memory.grow') || // Safari + e.message.includes('Out of memory') // Safari iOS + )) { + throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2'); + } else { + throw e; + } + } + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +class GenericS2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(s2kType, config$1 = config) { + /** + * Hash function identifier, or 0 for gnu-dummy keys + * @type {module:enums.hash | 0} + */ + this.algorithm = enums.hash.sha256; + /** + * enums.s2k identifier or 'gnu-dummy' + * @type {String} + */ + this.type = enums.read(enums.s2k, s2kType); + /** @type {Integer} */ + this.c = config$1.s2kIterationCountByte; + /** Eight bytes of salt in a binary string. + * @type {Uint8Array} + */ + this.salt = null; + } + + generateSalt() { + switch (this.type) { + case 'salted': + case 'iterated': + this.salt = mod$1.random.getRandomBytes(8); + } + } + + getCount() { + // Exponent bias, defined in RFC4880 + const expbias = 6; + + return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); + } + + /** + * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). + * @param {Uint8Array} bytes - Payload of string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; + this.algorithm = bytes[i++]; + + switch (this.type) { + case 'simple': + break; + + case 'salted': + this.salt = bytes.subarray(i, i + 8); + i += 8; + break; + + case 'iterated': + this.salt = bytes.subarray(i, i + 8); + i += 8; + + // Octet 10: count, a one-octet, coded value + this.c = bytes[i++]; + break; + + case 'gnu': + if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { + i += 3; // GNU + const gnuExtType = 1000 + bytes[i++]; + if (gnuExtType === 1001) { + this.type = 'gnu-dummy'; + // GnuPG extension mode 1001 -- don't write secret key at all + } else { + throw new UnsupportedError('Unknown s2k gnu protection mode.'); + } + } else { + throw new UnsupportedError('Unknown s2k type.'); + } + break; + + default: + throw new UnsupportedError('Unknown s2k type.'); // unreachable + } + + return i; + } + + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + if (this.type === 'gnu-dummy') { + return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); + } + const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; + + switch (this.type) { + case 'simple': + break; + case 'salted': + arr.push(this.salt); + break; + case 'iterated': + arr.push(this.salt); + arr.push(new Uint8Array([this.c])); + break; + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + + return util.concatUint8Array(arr); + } + + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to. + * hashAlgorithm hash length + * @async + */ + async produceKey(passphrase, numBytes) { + passphrase = util.encodeUTF8(passphrase); + + const arr = []; + let rlength = 0; + + let prefixlen = 0; + while (rlength < numBytes) { + let toHash; + switch (this.type) { + case 'simple': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); + break; + case 'salted': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); + break; + case 'iterated': { + const data = util.concatUint8Array([this.salt, passphrase]); + let datalen = data.length; + const count = Math.max(this.getCount(), datalen); + toHash = new Uint8Array(prefixlen + count); + toHash.set(data, prefixlen); + for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { + toHash.copyWithin(pos, prefixlen, pos); + } + break; + } + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + const result = await mod$1.hash.digest(this.algorithm, toHash); + arr.push(result); + rlength += result.length; + prefixlen++; + } + + return util.concatUint8Array(arr).subarray(0, numBytes); + } +} + +const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]); + +/** + * Instantiate a new S2K instance of the given type + * @param {module:enums.s2k} type + * @oaram {Object} [config] + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromType(type, config$1 = config) { + switch (type) { + case enums.s2k.argon2: + return new Argon2S2K(config$1); + case enums.s2k.iterated: + case enums.s2k.gnu: + case enums.s2k.salted: + case enums.s2k.simple: + return new GenericS2K(type, config$1); + default: + throw new UnsupportedError('Unsupported S2K type'); + } +} + +/** + * Instantiate a new S2K instance based on the config settings + * @oaram {Object} config + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromConfig(config) { + const { s2kType } = config; + + if (!allowedS2KTypesForEncryption.has(s2kType)) { + throw new Error('The provided `config.s2kType` value is not allowed'); + } + + return newS2KFromType(s2kType, config); +} + +var require$1 = module$1.createRequire('/'); +// DEFLATE is a complex format; to read this code, you should probably check the RFC first: +// https://tools.ietf.org/html/rfc1951 +// You may also wish to take a look at the guide I made about this program: +// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad +// Some of the following code is similar to that of UZIP.js: +// https://github.com/photopea/UZIP.js +// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size. +// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint +// is better for memory in most engines (I *think*). +// Mediocre shim +var Worker; +try { + Worker = require$1('worker_threads').Worker; +} +catch (e) { +} + +// aliases for shorter compressed code (most minifers don't do this) +var u8 = Uint8Array, u16 = Uint16Array, u32$1 = Uint32Array; +// fixed length extra bits +var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]); +// fixed distance extra bits +// see fleb note +var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]); +// code length index map +var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]); +// get base, reverse index map from extra bits +var freb = function (eb, start) { + var b = new u16(31); + for (var i = 0; i < 31; ++i) { + b[i] = start += 1 << eb[i - 1]; + } + // numbers here are at max 18 bits + var r = new u32$1(b[30]); + for (var i = 1; i < 30; ++i) { + for (var j = b[i]; j < b[i + 1]; ++j) { + r[j] = ((j - b[i]) << 5) | i; + } + } + return [b, r]; +}; +var _a = freb(fleb, 2), fl = _a[0], revfl = _a[1]; +// we can ignore the fact that the other numbers are wrong; they never happen anyway +fl[28] = 258, revfl[258] = 28; +var _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1]; +// map of value to reverse (assuming 16 bits) +var rev = new u16(32768); +for (var i = 0; i < 32768; ++i) { + // reverse table algorithm from SO + var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1); + x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2); + x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4); + rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1; +} +// create huffman tree from u8 "map": index -> code length for code index +// mb (max bits) must be at most 15 +// TODO: optimize/split up? +var hMap = (function (cd, mb, r) { + var s = cd.length; + // index + var i = 0; + // u16 "map": index -> # of codes with bit length = index + var l = new u16(mb); + // length of cd must be 288 (total # of codes) + for (; i < s; ++i) { + if (cd[i]) + ++l[cd[i] - 1]; + } + // u16 "map": index -> minimum code for bit length = index + var le = new u16(mb); + for (i = 0; i < mb; ++i) { + le[i] = (le[i - 1] + l[i - 1]) << 1; + } + var co; + if (r) { + // u16 "map": index -> number of actual bits, symbol for code + co = new u16(1 << mb); + // bits to remove for reverser + var rvb = 15 - mb; + for (i = 0; i < s; ++i) { + // ignore 0 lengths + if (cd[i]) { + // num encoding both symbol and bits read + var sv = (i << 4) | cd[i]; + // free bits + var r_1 = mb - cd[i]; + // start value + var v = le[cd[i] - 1]++ << r_1; + // m is end value + for (var m = v | ((1 << r_1) - 1); v <= m; ++v) { + // every 16 bit value starting with the code yields the same result + co[rev[v] >>> rvb] = sv; + } + } + } + } + else { + co = new u16(s); + for (i = 0; i < s; ++i) { + if (cd[i]) { + co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]); + } + } + } + return co; +}); +// fixed length tree +var flt = new u8(288); +for (var i = 0; i < 144; ++i) + flt[i] = 8; +for (var i = 144; i < 256; ++i) + flt[i] = 9; +for (var i = 256; i < 280; ++i) + flt[i] = 7; +for (var i = 280; i < 288; ++i) + flt[i] = 8; +// fixed distance tree +var fdt = new u8(32); +for (var i = 0; i < 32; ++i) + fdt[i] = 5; +// fixed length map +var flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1); +// fixed distance map +var fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1); +// find max of array +var max = function (a) { + var m = a[0]; + for (var i = 1; i < a.length; ++i) { + if (a[i] > m) + m = a[i]; + } + return m; +}; +// read d, starting at bit p and mask with m +var bits = function (d, p, m) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m; +}; +// read d, starting at bit p continuing for at least 16 bits +var bits16 = function (d, p) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7)); +}; +// get end of byte +var shft = function (p) { return ((p + 7) / 8) | 0; }; +// typed array slice - allows garbage collector to free original reference, +// while being more compatible than .slice +var slc = function (v, s, e) { + if (s == null || s < 0) + s = 0; + if (e == null || e > v.length) + e = v.length; + // can't use .constructor in case user-supplied + var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32$1 : u8)(e - s); + n.set(v.subarray(s, e)); + return n; +}; +// error codes +var ec = [ + 'unexpected EOF', + 'invalid block type', + 'invalid length/literal', + 'invalid distance', + 'stream finished', + 'no stream handler', + , + 'no callback', + 'invalid UTF-8 data', + 'extra field too long', + 'date not in range 1980-2099', + 'filename too long', + 'stream finishing', + 'invalid zip data' + // determined by unknown compression method +]; +var err = function (ind, msg, nt) { + var e = new Error(msg || ec[ind]); + e.code = ind; + if (Error.captureStackTrace) + Error.captureStackTrace(e, err); + if (!nt) + throw e; + return e; +}; +// expands raw DEFLATE data +var inflt = function (dat, buf, st) { + // source length + var sl = dat.length; + if (!sl || (st && st.f && !st.l)) + return buf || new u8(0); + // have to estimate size + var noBuf = !buf || st; + // no state + var noSt = !st || st.i; + if (!st) + st = {}; + // Assumes roughly 33% compression ratio average + if (!buf) + buf = new u8(sl * 3); + // ensure buffer can fit at least l elements + var cbuf = function (l) { + var bl = buf.length; + // need to increase size to fit + if (l > bl) { + // Double or set to necessary, whichever is greater + var nbuf = new u8(Math.max(bl * 2, l)); + nbuf.set(buf); + buf = nbuf; + } + }; + // last chunk bitpos bytes + var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n; + // total bits + var tbts = sl * 8; + do { + if (!lm) { + // BFINAL - this is only 1 when last chunk is next + final = bits(dat, pos, 1); + // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman + var type = bits(dat, pos + 1, 3); + pos += 3; + if (!type) { + // go to end of byte boundary + var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l; + if (t > sl) { + if (noSt) + err(0); + break; + } + // ensure size + if (noBuf) + cbuf(bt + l); + // Copy over uncompressed data + buf.set(dat.subarray(s, t), bt); + // Get new bitpos, update byte count + st.b = bt += l, st.p = pos = t * 8, st.f = final; + continue; + } + else if (type == 1) + lm = flrm, dm = fdrm, lbt = 9, dbt = 5; + else if (type == 2) { + // literal lengths + var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4; + var tl = hLit + bits(dat, pos + 5, 31) + 1; + pos += 14; + // length+distance tree + var ldt = new u8(tl); + // code length tree + var clt = new u8(19); + for (var i = 0; i < hcLen; ++i) { + // use index map to get real code + clt[clim[i]] = bits(dat, pos + i * 3, 7); + } + pos += hcLen * 3; + // code lengths bits + var clb = max(clt), clbmsk = (1 << clb) - 1; + // code lengths map + var clm = hMap(clt, clb, 1); + for (var i = 0; i < tl;) { + var r = clm[bits(dat, pos, clbmsk)]; + // bits read + pos += r & 15; + // symbol + var s = r >>> 4; + // code length to copy + if (s < 16) { + ldt[i++] = s; + } + else { + // copy count + var c = 0, n = 0; + if (s == 16) + n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1]; + else if (s == 17) + n = 3 + bits(dat, pos, 7), pos += 3; + else if (s == 18) + n = 11 + bits(dat, pos, 127), pos += 7; + while (n--) + ldt[i++] = c; + } + } + // length tree distance tree + var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit); + // max length bits + lbt = max(lt); + // max dist bits + dbt = max(dt); + lm = hMap(lt, lbt, 1); + dm = hMap(dt, dbt, 1); + } + else + err(1); + if (pos > tbts) { + if (noSt) + err(0); + break; + } + } + // Make sure the buffer can hold this + the largest possible addition + // Maximum chunk size (practically, theoretically infinite) is 2^17; + if (noBuf) + cbuf(bt + 131072); + var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1; + var lpos = pos; + for (;; lpos = pos) { + // bits read, code + var c = lm[bits16(dat, pos) & lms], sym = c >>> 4; + pos += c & 15; + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (!c) + err(2); + if (sym < 256) + buf[bt++] = sym; + else if (sym == 256) { + lpos = pos, lm = null; + break; + } + else { + var add = sym - 254; + // no extra bits needed if less + if (sym > 264) { + // index + var i = sym - 257, b = fleb[i]; + add = bits(dat, pos, (1 << b) - 1) + fl[i]; + pos += b; + } + // dist + var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4; + if (!d) + err(3); + pos += d & 15; + var dt = fd[dsym]; + if (dsym > 3) { + var b = fdeb[dsym]; + dt += bits16(dat, pos) & ((1 << b) - 1), pos += b; + } + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (noBuf) + cbuf(bt + 131072); + var end = bt + add; + for (; bt < end; bt += 4) { + buf[bt] = buf[bt - dt]; + buf[bt + 1] = buf[bt + 1 - dt]; + buf[bt + 2] = buf[bt + 2 - dt]; + buf[bt + 3] = buf[bt + 3 - dt]; + } + bt = end; + } + } + st.l = lm, st.p = lpos, st.b = bt, st.f = final; + if (lm) + final = 1, st.m = lbt, st.d = dm, st.n = dbt; + } while (!final); + return bt == buf.length ? buf : slc(buf, 0, bt); +}; +// starting at p, write the minimum number of bits that can hold v to d +var wbits = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; +}; +// starting at p, write the minimum number of bits (>8) that can hold v to d +var wbits16 = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + d[o + 2] |= v >>> 16; +}; +// creates code lengths from a frequency table +var hTree = function (d, mb) { + // Need extra info to make a tree + var t = []; + for (var i = 0; i < d.length; ++i) { + if (d[i]) + t.push({ s: i, f: d[i] }); + } + var s = t.length; + var t2 = t.slice(); + if (!s) + return [et, 0]; + if (s == 1) { + var v = new u8(t[0].s + 1); + v[t[0].s] = 1; + return [v, 1]; + } + t.sort(function (a, b) { return a.f - b.f; }); + // after i2 reaches last ind, will be stopped + // freq must be greater than largest possible number of symbols + t.push({ s: -1, f: 25001 }); + var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2; + t[0] = { s: -1, f: l.f + r.f, l: l, r: r }; + // efficient algorithm from UZIP.js + // i0 is lookbehind, i2 is lookahead - after processing two low-freq + // symbols that combined have high freq, will start processing i2 (high-freq, + // non-composite) symbols instead + // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/ + while (i1 != s - 1) { + l = t[t[i0].f < t[i2].f ? i0++ : i2++]; + r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++]; + t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r }; + } + var maxSym = t2[0].s; + for (var i = 1; i < s; ++i) { + if (t2[i].s > maxSym) + maxSym = t2[i].s; + } + // code lengths + var tr = new u16(maxSym + 1); + // max bits in tree + var mbt = ln(t[i1 - 1], tr, 0); + if (mbt > mb) { + // more algorithms from UZIP.js + // TODO: find out how this code works (debt) + // ind debt + var i = 0, dt = 0; + // left cost + var lft = mbt - mb, cst = 1 << lft; + t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; }); + for (; i < s; ++i) { + var i2_1 = t2[i].s; + if (tr[i2_1] > mb) { + dt += cst - (1 << (mbt - tr[i2_1])); + tr[i2_1] = mb; + } + else + break; + } + dt >>>= lft; + while (dt > 0) { + var i2_2 = t2[i].s; + if (tr[i2_2] < mb) + dt -= 1 << (mb - tr[i2_2]++ - 1); + else + ++i; + } + for (; i >= 0 && dt; --i) { + var i2_3 = t2[i].s; + if (tr[i2_3] == mb) { + --tr[i2_3]; + ++dt; + } + } + mbt = mb; + } + return [new u8(tr), mbt]; +}; +// get the max length and assign length codes +var ln = function (n, l, d) { + return n.s == -1 + ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1)) + : (l[n.s] = d); +}; +// length codes generation +var lc = function (c) { + var s = c.length; + // Note that the semicolon was intentional + while (s && !c[--s]) + ; + var cl = new u16(++s); + // ind num streak + var cli = 0, cln = c[0], cls = 1; + var w = function (v) { cl[cli++] = v; }; + for (var i = 1; i <= s; ++i) { + if (c[i] == cln && i != s) + ++cls; + else { + if (!cln && cls > 2) { + for (; cls > 138; cls -= 138) + w(32754); + if (cls > 2) { + w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305); + cls = 0; + } + } + else if (cls > 3) { + w(cln), --cls; + for (; cls > 6; cls -= 6) + w(8304); + if (cls > 2) + w(((cls - 3) << 5) | 8208), cls = 0; + } + while (cls--) + w(cln); + cls = 1; + cln = c[i]; + } + } + return [cl.subarray(0, cli), s]; +}; +// calculate the length of output from tree, code lengths +var clen = function (cf, cl) { + var l = 0; + for (var i = 0; i < cl.length; ++i) + l += cf[i] * cl[i]; + return l; +}; +// writes a fixed block +// returns the new bit pos +var wfblk = function (out, pos, dat) { + // no need to write 00 as type: TypedArray defaults to 0 + var s = dat.length; + var o = shft(pos + 2); + out[o] = s & 255; + out[o + 1] = s >>> 8; + out[o + 2] = out[o] ^ 255; + out[o + 3] = out[o + 1] ^ 255; + for (var i = 0; i < s; ++i) + out[o + i + 4] = dat[i]; + return (o + 4 + s) * 8; +}; +// writes a block +var wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) { + wbits(out, p++, final); + ++lf[256]; + var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1]; + var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1]; + var _c = lc(dlt), lclt = _c[0], nlc = _c[1]; + var _d = lc(ddt), lcdt = _d[0], ndc = _d[1]; + var lcfreq = new u16(19); + for (var i = 0; i < lclt.length; ++i) + lcfreq[lclt[i] & 31]++; + for (var i = 0; i < lcdt.length; ++i) + lcfreq[lcdt[i] & 31]++; + var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1]; + var nlcc = 19; + for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc) + ; + var flen = (bl + 5) << 3; + var ftlen = clen(lf, flt) + clen(df, fdt) + eb; + var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]); + if (flen <= ftlen && flen <= dtlen) + return wfblk(out, p, dat.subarray(bs, bs + bl)); + var lm, ll, dm, dl; + wbits(out, p, 1 + (dtlen < ftlen)), p += 2; + if (dtlen < ftlen) { + lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt; + var llm = hMap(lct, mlcb, 0); + wbits(out, p, nlc - 257); + wbits(out, p + 5, ndc - 1); + wbits(out, p + 10, nlcc - 4); + p += 14; + for (var i = 0; i < nlcc; ++i) + wbits(out, p + 3 * i, lct[clim[i]]); + p += 3 * nlcc; + var lcts = [lclt, lcdt]; + for (var it = 0; it < 2; ++it) { + var clct = lcts[it]; + for (var i = 0; i < clct.length; ++i) { + var len = clct[i] & 31; + wbits(out, p, llm[len]), p += lct[len]; + if (len > 15) + wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12; + } + } + } + else { + lm = flm, ll = flt, dm = fdm, dl = fdt; + } + for (var i = 0; i < li; ++i) { + if (syms[i] > 255) { + var len = (syms[i] >>> 18) & 31; + wbits16(out, p, lm[len + 257]), p += ll[len + 257]; + if (len > 7) + wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len]; + var dst = syms[i] & 31; + wbits16(out, p, dm[dst]), p += dl[dst]; + if (dst > 3) + wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst]; + } + else { + wbits16(out, p, lm[syms[i]]), p += ll[syms[i]]; + } + } + wbits16(out, p, lm[256]); + return p + ll[256]; +}; +// deflate options (nice << 13) | chain +var deo = /*#__PURE__*/ new u32$1([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]); +// empty +var et = /*#__PURE__*/ new u8(0); +// compresses data into a raw DEFLATE buffer +var dflt = function (dat, lvl, plvl, pre, post, lst) { + var s = dat.length; + var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post); + // writing to this writes to the output buffer + var w = o.subarray(pre, o.length - post); + var pos = 0; + if (!lvl || s < 8) { + for (var i = 0; i <= s; i += 65535) { + // end + var e = i + 65535; + if (e >= s) { + // write final block + w[pos >> 3] = lst; + } + pos = wfblk(w, pos + 1, dat.subarray(i, e)); + } + } + else { + var opt = deo[lvl - 1]; + var n = opt >>> 13, c = opt & 8191; + var msk_1 = (1 << plvl) - 1; + // prev 2-byte val map curr 2-byte val map + var prev = new u16(32768), head = new u16(msk_1 + 1); + var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1; + var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; }; + // 24576 is an arbitrary number of maximum symbols per block + // 424 buffer for last block + var syms = new u32$1(25000); + // length/literal freq distance freq + var lf = new u16(288), df = new u16(32); + // l/lcnt exbits index l/lind waitdx bitpos + var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0; + for (; i < s; ++i) { + // hash value + // deopt when i > s - 3 - at end, deopt acceptable + var hv = hsh(i); + // index mod 32768 previous index mod + var imod = i & 32767, pimod = head[hv]; + prev[imod] = pimod; + head[hv] = imod; + // We always should modify head and prev, but only add symbols if + // this data is not yet processed ("wait" for wait index) + if (wi <= i) { + // bytes remaining + var rem = s - i; + if ((lc_1 > 7000 || li > 24576) && rem > 423) { + pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos); + li = lc_1 = eb = 0, bs = i; + for (var j = 0; j < 286; ++j) + lf[j] = 0; + for (var j = 0; j < 30; ++j) + df[j] = 0; + } + // len dist chain + var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767; + if (rem > 2 && hv == hsh(i - dif)) { + var maxn = Math.min(n, rem) - 1; + var maxd = Math.min(32767, i); + // max possible length + // not capped at dif because decompressors implement "rolling" index population + var ml = Math.min(258, rem); + while (dif <= maxd && --ch_1 && imod != pimod) { + if (dat[i + l] == dat[i + l - dif]) { + var nl = 0; + for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl) + ; + if (nl > l) { + l = nl, d = dif; + // break out early when we reach "nice" (we are satisfied enough) + if (nl > maxn) + break; + // now, find the rarest 2-byte sequence within this + // length of literals and search for that instead. + // Much faster than just using the start + var mmd = Math.min(dif, nl - 2); + var md = 0; + for (var j = 0; j < mmd; ++j) { + var ti = (i - dif + j + 32768) & 32767; + var pti = prev[ti]; + var cd = (ti - pti + 32768) & 32767; + if (cd > md) + md = cd, pimod = ti; + } + } + } + // check the previous match + imod = pimod, pimod = prev[imod]; + dif += (imod - pimod + 32768) & 32767; + } + } + // d will be nonzero only when a match was found + if (d) { + // store both dist and len data in one Uint32 + // Make sure this is recognized as a len/dist with 28th bit (2^28) + syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d]; + var lin = revfl[l] & 31, din = revfd[d] & 31; + eb += fleb[lin] + fdeb[din]; + ++lf[257 + lin]; + ++df[din]; + wi = i + l; + ++lc_1; + } + else { + syms[li++] = dat[i]; + ++lf[dat[i]]; + } + } + } + pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos); + // this is the easiest way to avoid needing to maintain state + if (!lst && pos & 7) + pos = wfblk(w, pos + 1, et); + } + return slc(o, 0, pre + shft(pos) + post); +}; +// Alder32 +var adler = function () { + var a = 1, b = 0; + return { + p: function (d) { + // closures have awful performance + var n = a, m = b; + var l = d.length | 0; + for (var i = 0; i != l;) { + var e = Math.min(i + 2655, l); + for (; i < e; ++i) + m += n += d[i]; + n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16); + } + a = n, b = m; + }, + d: function () { + a %= 65521, b %= 65521; + return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8); + } + }; +}; +// deflate with opts +var dopt = function (dat, opt, pre, post, st) { + return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st); +}; +// write bytes +var wbytes = function (d, b, v) { + for (; v; ++b) + d[b] = v, v >>>= 8; +}; +// zlib header +var zlh = function (c, o) { + var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2; + c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1); +}; +// zlib footer: -4 to -0 is Adler32 +/** + * Streaming DEFLATE compression + */ +var Deflate = /*#__PURE__*/ (function () { + function Deflate(opts, cb) { + if (!cb && typeof opts == 'function') + cb = opts, opts = {}; + this.ondata = cb; + this.o = opts || {}; + } + Deflate.prototype.p = function (c, f) { + this.ondata(dopt(c, this.o, 0, 0, !f), f); + }; + /** + * Pushes a chunk to be deflated + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Deflate.prototype.push = function (chunk, final) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + this.d = final; + this.p(chunk, final || false); + }; + return Deflate; +}()); +/** + * Streaming DEFLATE decompression + */ +var Inflate = /*#__PURE__*/ (function () { + /** + * Creates an inflation stream + * @param cb The callback to call whenever data is inflated + */ + function Inflate(cb) { + this.s = {}; + this.p = new u8(0); + this.ondata = cb; + } + Inflate.prototype.e = function (c) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + var l = this.p.length; + var n = new u8(l + c.length); + n.set(this.p), n.set(c, l), this.p = n; + }; + Inflate.prototype.c = function (final) { + this.d = this.s.i = final || false; + var bts = this.s.b; + var dt = inflt(this.p, this.o, this.s); + this.ondata(slc(dt, bts, this.s.b), this.d); + this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length; + this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7; + }; + /** + * Pushes a chunk to be inflated + * @param chunk The chunk to push + * @param final Whether this is the final chunk + */ + Inflate.prototype.push = function (chunk, final) { + this.e(chunk), this.c(final); + }; + return Inflate; +}()); +/** + * Streaming Zlib compression + */ +var Zlib = /*#__PURE__*/ (function () { + function Zlib(opts, cb) { + this.c = adler(); + this.v = 1; + Deflate.call(this, opts, cb); + } + /** + * Pushes a chunk to be zlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Zlib.prototype.push = function (chunk, final) { + Deflate.prototype.push.call(this, chunk, final); + }; + Zlib.prototype.p = function (c, f) { + this.c.p(c); + var raw = dopt(c, this.o, this.v && 2, f && 4, !f); + if (this.v) + zlh(raw, this.o), this.v = 0; + if (f) + wbytes(raw, raw.length - 4, this.c.d()); + this.ondata(raw, f); + }; + return Zlib; +}()); +/** + * Streaming Zlib decompression + */ +var Unzlib = /*#__PURE__*/ (function () { + /** + * Creates a Zlib decompression stream + * @param cb The callback to call whenever data is inflated + */ + function Unzlib(cb) { + this.v = 1; + Inflate.call(this, cb); + } + /** + * Pushes a chunk to be unzlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Unzlib.prototype.push = function (chunk, final) { + Inflate.prototype.e.call(this, chunk); + if (this.v) { + if (this.p.length < 2 && !final) + return; + this.p = this.p.subarray(2), this.v = 0; + } + if (final) { + if (this.p.length < 4) + err(6, 'invalid zlib data'); + this.p = this.p.subarray(0, -4); + } + // necessary to prevent TS from using the closure value + // This allows for workerization to function correctly + Inflate.prototype.c.call(this, final); + }; + return Unzlib; +}()); +// text decoder +var td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder(); +// text decoder stream +var tds = 0; +try { + td.decode(et, { stream: true }); + tds = 1; +} +catch (e) { } + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Literal Data Packet (Tag 11) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: + * A Literal Data packet contains the body of a message; data that is not to be + * further interpreted. + */ +class LiteralDataPacket { + static get tag() { + return enums.packet.literalData; + } + + /** + * @param {Date} date - The creation date of the literal package + */ + constructor(date = new Date()) { + this.format = enums.literal.utf8; // default format for literal data packets + this.date = util.normalizeDate(date); + this.text = null; // textual data representation + this.data = null; // literal data representation + this.filename = ''; + } + + /** + * Set the packet data to a javascript native string, end of line + * will be normalized to \r\n and by default text is converted to UTF8 + * @param {String | ReadableStream} text - Any native javascript string + * @param {enums.literal} [format] - The format of the string of bytes + */ + setText(text, format = enums.literal.utf8) { + this.format = format; + this.text = text; + this.data = null; + } + + /** + * Returns literal data packets as native JavaScript string + * with normalized end of line to \n + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {String | ReadableStream} Literal data as text. + */ + getText(clone = false) { + if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read + this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); + } + return this.text; + } + + /** + * Set the packet data to value represented by the provided string of bytes. + * @param {Uint8Array | ReadableStream} bytes - The string of bytes + * @param {enums.literal} format - The format of the string of bytes + */ + setBytes(bytes, format) { + this.format = format; + this.data = bytes; + this.text = null; + } + + + /** + * Get the byte sequence representing the literal packet data + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {Uint8Array | ReadableStream} A sequence of bytes. + */ + getBytes(clone = false) { + if (this.data === null) { + // encode UTF8 and normalize EOL to \r\n + this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); + } + if (clone) { + return passiveClone(this.data); + } + return this.data; + } + + + /** + * Sets the filename of the literal packet data + * @param {String} filename - Any native javascript string + */ + setFilename(filename) { + this.filename = filename; + } + + + /** + * Get the filename of the literal packet data + * @returns {String} Filename. + */ + getFilename() { + return this.filename; + } + + /** + * Parsing function for a literal data packet (tag 11). + * + * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet + * @returns {Promise} Object representation. + * @async + */ + async read(bytes) { + await parse(bytes, async reader => { + // - A one-octet field that describes how the data is formatted. + const format = await reader.readByte(); // enums.literal + + const filename_len = await reader.readByte(); + this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); + + this.date = util.readDate(await reader.readBytes(4)); + + let data = reader.remainder(); + if (isArrayStream(data)) data = await readToEnd(data); + this.setBytes(data, format); + }); + } + + /** + * Creates a Uint8Array representation of the packet, excluding the data + * + * @returns {Uint8Array} Uint8Array representation of the packet. + */ + writeHeader() { + const filename = util.encodeUTF8(this.filename); + const filename_length = new Uint8Array([filename.length]); + + const format = new Uint8Array([this.format]); + const date = util.writeDate(this.date); + + return util.concatUint8Array([format, filename_length, filename, date]); + } + + /** + * Creates a Uint8Array representation of the packet + * + * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. + */ + write() { + const header = this.writeHeader(); + const data = this.getBytes(); + + return util.concat([header, data]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of type key id + * + * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: + * A Key ID is an eight-octet scalar that identifies a key. + * Implementations SHOULD NOT assume that Key IDs are unique. The + * section "Enhanced Key Formats" below describes how Key IDs are + * formed. + */ +class KeyID { + constructor() { + this.bytes = ''; + } + + /** + * Parsing method for a key id + * @param {Uint8Array} bytes - Input to read the key id from + */ + read(bytes) { + this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); + return this.bytes.length; + } + + /** + * Serializes the Key ID + * @returns {Uint8Array} Key ID as a Uint8Array. + */ + write() { + return util.stringToUint8Array(this.bytes); + } + + /** + * Returns the Key ID represented as a hexadecimal string + * @returns {String} Key ID as a hexadecimal string. + */ + toHex() { + return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); + } + + /** + * Checks equality of Key ID's + * @param {KeyID} keyID + * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard + */ + equals(keyID, matchWildcard = false) { + return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; + } + + /** + * Checks to see if the Key ID is unset + * @returns {Boolean} True if the Key ID is null. + */ + isNull() { + return this.bytes === ''; + } + + /** + * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) + * @returns {Boolean} True if this is a wildcard Key ID. + */ + isWildcard() { + return /^0+$/.test(this.toHex()); + } + + static mapToHex(keyID) { + return keyID.toHex(); + } + + static fromID(hex) { + const keyID = new KeyID(); + keyID.read(util.hexToUint8Array(hex)); + return keyID; + } + + static wildcard() { + const keyID = new KeyID(); + keyID.read(new Uint8Array(8)); + return keyID; + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. +const verified = Symbol('verified'); + +// A salt notation is used to randomize signatures. +// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks +// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170). +// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g. +// some chosen-prefix attacks. +// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt. +const SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org'; + +// GPG puts the Issuer and Signature subpackets in the unhashed area. +// Tampering with those invalidates the signature, so we still trust them and parse them. +// All other unhashed subpackets are ignored. +const allowedUnhashedSubpackets = new Set([ + enums.signatureSubpacket.issuerKeyID, + enums.signatureSubpacket.issuerFingerprint, + enums.signatureSubpacket.embeddedSignature +]); + +/** + * Implementation of the Signature Packet (Tag 2) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: + * A Signature packet describes a binding between some public key and + * some data. The most common signatures are a signature of a file or a + * block of text, and a signature that is a certification of a User ID. + */ +class SignaturePacket { + static get tag() { + return enums.packet.signature; + } + + constructor() { + this.version = null; + /** @type {enums.signature} */ + this.signatureType = null; + /** @type {enums.hash} */ + this.hashAlgorithm = null; + /** @type {enums.publicKey} */ + this.publicKeyAlgorithm = null; + + this.signatureData = null; + this.unhashedSubpackets = []; + this.unknownSubpackets = []; + this.signedHashValue = null; + this.salt = null; + + this.created = null; + this.signatureExpirationTime = null; + this.signatureNeverExpires = true; + this.exportable = null; + this.trustLevel = null; + this.trustAmount = null; + this.regularExpression = null; + this.revocable = null; + this.keyExpirationTime = null; + this.keyNeverExpires = null; + this.preferredSymmetricAlgorithms = null; + this.revocationKeyClass = null; + this.revocationKeyAlgorithm = null; + this.revocationKeyFingerprint = null; + this.issuerKeyID = new KeyID(); + this.rawNotations = []; + this.notations = {}; + this.preferredHashAlgorithms = null; + this.preferredCompressionAlgorithms = null; + this.keyServerPreferences = null; + this.preferredKeyServer = null; + this.isPrimaryUserID = null; + this.policyURI = null; + this.keyFlags = null; + this.signersUserID = null; + this.reasonForRevocationFlag = null; + this.reasonForRevocationString = null; + this.features = null; + this.signatureTargetPublicKeyAlgorithm = null; + this.signatureTargetHashAlgorithm = null; + this.signatureTargetHash = null; + this.embeddedSignature = null; + this.issuerKeyVersion = null; + this.issuerFingerprint = null; + this.preferredAEADAlgorithms = null; + this.preferredCipherSuites = null; + + this.revoked = null; + this[verified] = null; + } + + /** + * parsing function for a signature packet (tag 2). + * @param {String} bytes - Payload of a tag 2 packet + * @returns {SignaturePacket} Object representation. + */ + read(bytes, config$1 = config) { + let i = 0; + this.version = bytes[i++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } + + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); + } + + this.signatureType = bytes[i++]; + this.publicKeyAlgorithm = bytes[i++]; + this.hashAlgorithm = bytes[i++]; + + // hashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), true); + if (!this.created) { + throw new Error('Missing signature creation time subpacket.'); + } + + // A V4 signature hashes the packet body + // starting from its first field, the version number, through the end + // of the hashed subpacket data. Thus, the fields hashed are the + // signature version, the signature type, the public-key algorithm, the + // hash algorithm, the hashed subpacket length, and the hashed + // subpacket body. + this.signatureData = bytes.subarray(0, i); + + // unhashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), false); + + // Two-octet field holding left 16 bits of signed hash value. + this.signedHashValue = bytes.subarray(i, i + 2); + i += 2; + + // Only for v6 signatures, a variable-length field containing: + if (this.version === 6) { + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[i++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(i, i + saltLength); + i += saltLength; + } + + const signatureMaterial = bytes.subarray(i, bytes.length); + const { read, signatureParams } = mod$1.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial); + if (read < signatureMaterial.length) { + throw new Error('Error reading MPIs'); + } + this.params = signatureParams; + } + + /** + * @returns {Uint8Array | ReadableStream} + */ + writeParams() { + if (this.params instanceof Promise) { + return fromAsync( + async () => mod$1.serializeParams(this.publicKeyAlgorithm, await this.params) + ); + } + return mod$1.serializeParams(this.publicKeyAlgorithm, this.params); + } + + write() { + const arr = []; + arr.push(this.signatureData); + arr.push(this.writeUnhashedSubPackets()); + arr.push(this.signedHashValue); + if (this.version === 6) { + arr.push(new Uint8Array([this.salt.length])); + arr.push(this.salt); + } + arr.push(this.writeParams()); + return util.concat(arr); + } + + /** + * Signs provided data. This needs to be done prior to serialization. + * @param {SecretKeyPacket} key - Private key used to sign the message. + * @param {Object} data - Contains packets to be signed. + * @param {Date} [date] - The signature creation time. + * @param {Boolean} [detached] - Whether to create a detached signature + * @throws {Error} if signing failed + * @async + */ + async sign(key, data, date = new Date(), detached = false, config) { + this.version = key.version; + + this.created = util.normalizeDate(date); + this.issuerKeyVersion = key.version; + this.issuerFingerprint = key.getFingerprintBytes(); + this.issuerKeyID = key.getKeyID(); + + const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; + + // add randomness to the signature + if (this.version === 6) { + const saltLength = saltLengthForHash(this.hashAlgorithm); + if (this.salt === null) { + this.salt = mod$1.random.getRandomBytes(saltLength); + } else if (saltLength !== this.salt.length) { + throw new Error('Provided salt does not have the required length'); + } + } else if (config.nonDeterministicSignaturesViaNotation) { + const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME)); + // since re-signing the same object is not supported, it's not expected to have multiple salt notations, + // but we guard against it as a sanity check + if (saltNotations.length === 0) { + const saltValue = mod$1.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm)); + this.rawNotations.push({ + name: SALT_NOTATION_NAME, + value: saltValue, + humanReadable: false, + critical: false + }); + } else { + throw new Error('Unexpected existing salt notation'); + } + } + + // Add hashed subpackets + arr.push(this.writeHashedSubPackets()); + + // Remove unhashed subpackets, in case some allowed unhashed + // subpackets existed, in order not to duplicate them (in both + // the hashed and unhashed subpackets) when re-signing. + this.unhashedSubpackets = []; + + this.signatureData = util.concat(arr); + + const toHash = this.toHash(this.signatureType, data, detached); + const hash = await this.hash(this.signatureType, data, toHash, detached); + + this.signedHashValue = slice(clone(hash), 0, 2); + const signed = async () => mod$1.signature.sign( + this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) + ); + if (util.isStream(hash)) { + this.params = signed(); + } else { + this.params = await signed(); + + // Store the fact that this signature is valid, e.g. for when we call `await + // getLatestValidSignature(this.revocationSignatures, key, data)` later. + // Note that this only holds up if the key and data passed to verify are the + // same as the ones passed to sign. + this[verified] = true; + } + } + + /** + * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets + * @returns {Uint8Array} Subpacket data. + */ + writeHashedSubPackets() { + const sub = enums.signatureSubpacket; + const arr = []; + let bytes; + if (this.created === null) { + throw new Error('Missing signature creation time'); + } + arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); + if (this.signatureExpirationTime !== null) { + arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); + } + if (this.exportable !== null) { + arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); + } + if (this.trustLevel !== null) { + bytes = new Uint8Array([this.trustLevel, this.trustAmount]); + arr.push(writeSubPacket(sub.trustSignature, true, bytes)); + } + if (this.regularExpression !== null) { + arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); + } + if (this.revocable !== null) { + arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); + } + if (this.keyExpirationTime !== null) { + arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); + } + if (this.preferredSymmetricAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); + arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); + } + if (this.revocationKeyClass !== null) { + bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); + bytes = util.concat([bytes, this.revocationKeyFingerprint]); + arr.push(writeSubPacket(sub.revocationKey, false, bytes)); + } + if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) { + // If the version of [the] key is greater than 4, this subpacket + // MUST NOT be included in the signature. + arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write())); + } + this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { + bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; + const encodedName = util.encodeUTF8(name); + // 2 octets of name length + bytes.push(util.writeNumber(encodedName.length, 2)); + // 2 octets of value length + bytes.push(util.writeNumber(value.length, 2)); + bytes.push(encodedName); + bytes.push(value); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.notationData, critical, bytes)); + }); + if (this.preferredHashAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); + arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); + } + if (this.preferredCompressionAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); + arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); + } + if (this.keyServerPreferences !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); + arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); + } + if (this.preferredKeyServer !== null) { + arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); + } + if (this.isPrimaryUserID !== null) { + arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); + } + if (this.policyURI !== null) { + arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); + } + if (this.keyFlags !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); + arr.push(writeSubPacket(sub.keyFlags, true, bytes)); + } + if (this.signersUserID !== null) { + arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); + } + if (this.reasonForRevocationFlag !== null) { + bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); + arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); + } + if (this.features !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); + arr.push(writeSubPacket(sub.features, false, bytes)); + } + if (this.signatureTargetPublicKeyAlgorithm !== null) { + bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; + bytes.push(util.stringToUint8Array(this.signatureTargetHash)); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); + } + if (this.embeddedSignature !== null) { + arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); + } + if (this.issuerFingerprint !== null) { + bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes)); + } + if (this.preferredAEADAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); + arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); + } + if (this.preferredCipherSuites !== null) { + bytes = new Uint8Array([].concat(...this.preferredCipherSuites)); + arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes)); + } + + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); + + return util.concat([length, result]); + } + + /** + * Creates an Uint8Array containing the unhashed subpackets + * @returns {Uint8Array} Subpacket data. + */ + writeUnhashedSubPackets() { + const arr = this.unhashedSubpackets.map(({ type, critical, body }) => { + return writeSubPacket(type, critical, body); + }); + + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); + + return util.concat([length, result]); + } + + // Signature subpackets + readSubPacket(bytes, hashed = true) { + let mypos = 0; + + // The leftmost bit denotes a "critical" packet + const critical = !!(bytes[mypos] & 0x80); + const type = bytes[mypos] & 0x7F; + + mypos++; + + if (!hashed) { + this.unhashedSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + if (!allowedUnhashedSubpackets.has(type)) { + return; + } + } + + // subpacket type + switch (type) { + case enums.signatureSubpacket.signatureCreationTime: + // Signature Creation Time + this.created = util.readDate(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.signatureExpirationTime: { + // Signature Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); + + this.signatureNeverExpires = seconds === 0; + this.signatureExpirationTime = seconds; + + break; + } + case enums.signatureSubpacket.exportableCertification: + // Exportable Certification + this.exportable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.trustSignature: + // Trust Signature + this.trustLevel = bytes[mypos++]; + this.trustAmount = bytes[mypos++]; + break; + case enums.signatureSubpacket.regularExpression: + // Regular Expression + this.regularExpression = bytes[mypos]; + break; + case enums.signatureSubpacket.revocable: + // Revocable + this.revocable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.keyExpirationTime: { + // Key Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); + + this.keyExpirationTime = seconds; + this.keyNeverExpires = seconds === 0; + + break; + } + case enums.signatureSubpacket.preferredSymmetricAlgorithms: + // Preferred Symmetric Algorithms + this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.revocationKey: + // Revocation Key + // (1 octet of class, 1 octet of public-key algorithm ID, 20 + // octets of + // fingerprint) + this.revocationKeyClass = bytes[mypos++]; + this.revocationKeyAlgorithm = bytes[mypos++]; + this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); + break; + + case enums.signatureSubpacket.issuerKeyID: + // Issuer + if (this.version === 4) { + this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + } else if (hashed) { + // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature, + // since the Issuer Fingerprint subpacket is to be used instead. + // The `issuerKeyID` value will be set when reading the issuerFingerprint packet. + // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it, + // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed) + // issuerFingerprint. + // If the packet is hashed, then we reject the signature, to avoid verifying data different from + // what was parsed. + throw new Error('Unexpected Issuer Key ID subpacket'); + } + break; + + case enums.signatureSubpacket.notationData: { + // Notation Data + const humanReadable = !!(bytes[mypos] & 0x80); + + // We extract key/value tuple from the byte stream. + mypos += 4; + const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + + const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); + const value = bytes.subarray(mypos + m, mypos + m + n); + + this.rawNotations.push({ name, humanReadable, value, critical }); + + if (humanReadable) { + this.notations[name] = util.decodeUTF8(value); + } + break; + } + case enums.signatureSubpacket.preferredHashAlgorithms: + // Preferred Hash Algorithms + this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCompressionAlgorithms: + // Preferred Compression Algorithms + this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.keyServerPreferences: + // Key Server Preferences + this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredKeyServer: + // Preferred Key Server + this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.primaryUserID: + // Primary User ID + this.isPrimaryUserID = bytes[mypos++] !== 0; + break; + case enums.signatureSubpacket.policyURI: + // Policy URI + this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.keyFlags: + // Key Flags + this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signersUserID: + // Signer's User ID + this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.reasonForRevocation: + // Reason for Revocation + this.reasonForRevocationFlag = bytes[mypos++]; + this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.features: + // Features + this.features = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signatureTarget: { + // Signature Target + // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) + this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; + this.signatureTargetHashAlgorithm = bytes[mypos++]; + + const len = mod$1.getHashByteLength(this.signatureTargetHashAlgorithm); + + this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); + break; + } + case enums.signatureSubpacket.embeddedSignature: + // Embedded Signature + this.embeddedSignature = new SignaturePacket(); + this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.issuerFingerprint: + // Issuer Fingerprint + this.issuerKeyVersion = bytes[mypos++]; + this.issuerFingerprint = bytes.subarray(mypos, bytes.length); + if (this.issuerKeyVersion >= 5) { + this.issuerKeyID.read(this.issuerFingerprint); + } else { + this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); + } + break; + case enums.signatureSubpacket.preferredAEADAlgorithms: + // Preferred AEAD Algorithms + this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCipherSuites: + // Preferred AEAD Cipher Suites + this.preferredCipherSuites = []; + for (let i = mypos; i < bytes.length; i += 2) { + this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); + } + break; + default: + this.unknownSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + break; + } + } + + readSubPackets(bytes, trusted = true, config) { + const subpacketLengthBytes = this.version === 6 ? 4 : 2; + + // Two-octet scalar octet count for following subpacket data. + const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes)); + + let i = subpacketLengthBytes; + + // subpacket data set (zero or more subpackets) + while (i < 2 + subpacketLength) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; + + this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); + + i += len.len; + } + + return i; + } + + // Produces data to produce signature on + toSign(type, data) { + const t = enums.signature; + + switch (type) { + case t.binary: + if (data.text !== null) { + return util.encodeUTF8(data.getText(true)); + } + return data.getBytes(true); + + case t.text: { + const bytes = data.getBytes(true); + // normalize EOL to \r\n + return util.canonicalizeEOL(bytes); + } + case t.standalone: + return new Uint8Array(0); + + case t.certGeneric: + case t.certPersona: + case t.certCasual: + case t.certPositive: + case t.certRevocation: { + let packet; + let tag; + + if (data.userID) { + tag = 0xB4; + packet = data.userID; + } else if (data.userAttribute) { + tag = 0xD1; + packet = data.userAttribute; + } else { + throw new Error('Either a userID or userAttribute packet needs to be ' + + 'supplied for certification.'); + } + + const bytes = packet.write(); + + return util.concat([this.toSign(t.key, data), + new Uint8Array([tag]), + util.writeNumber(bytes.length, 4), + bytes]); + } + case t.subkeyBinding: + case t.subkeyRevocation: + case t.keyBinding: + return util.concat([this.toSign(t.key, data), this.toSign(t.key, { + key: data.bind + })]); + + case t.key: + if (data.key === undefined) { + throw new Error('Key packet is required for this signature.'); + } + return data.key.writeForHash(this.version); + + case t.keyRevocation: + return this.toSign(t.key, data); + case t.timestamp: + return new Uint8Array(0); + case t.thirdParty: + throw new Error('Not implemented'); + default: + throw new Error('Unknown signature type.'); + } + } + + calculateTrailer(data, detached) { + let length = 0; + return transform(clone(this.signatureData), value => { + length += value.length; + }, () => { + const arr = []; + if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { + if (detached) { + arr.push(new Uint8Array(6)); + } else { + arr.push(data.writeHeader()); + } + } + arr.push(new Uint8Array([this.version, 0xFF])); + if (this.version === 5) { + arr.push(new Uint8Array(4)); + } + arr.push(util.writeNumber(length, 4)); + // For v5, this should really be writeNumber(length, 8) rather than the + // hardcoded 4 zero bytes above + return util.concat(arr); + }); + } + + toHash(signatureType, data, detached = false) { + const bytes = this.toSign(signatureType, data); + + return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]); + } + + async hash(signatureType, data, toHash, detached = false) { + if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) { + // avoid hashing unexpected salt size + throw new Error('Signature salt does not have the expected length'); + } + + if (!toHash) toHash = this.toHash(signatureType, data, detached); + return mod$1.hash.digest(this.hashAlgorithm, toHash); + } + + /** + * verifies the signature packet. Note: not all signature types are implemented + * @param {PublicSubkeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature + * @param {module:enums.signature} signatureType - Expected signature type + * @param {Uint8Array|Object} data - Data which on the signature applies + * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration + * @param {Boolean} [detached] - Whether to verify a detached signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if signature validation failed + * @async + */ + async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { + if (!this.issuerKeyID.equals(key.getKeyID())) { + throw new Error('Signature was not issued by the given public key'); + } + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); + } + + const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; + // Cryptographic validity is cached after one successful verification. + // However, for message signatures, we always re-verify, since the passed `data` can change + const skipVerify = this[verified] && !isMessageSignature; + if (!skipVerify) { + let toHash; + let hash; + if (this.hashed) { + hash = await this.hashed; + } else { + toHash = this.toHash(signatureType, data, detached); + hash = await this.hash(signatureType, data, toHash); + } + hash = await readToEnd(hash); + if (this.signedHashValue[0] !== hash[0] || + this.signedHashValue[1] !== hash[1]) { + throw new Error('Signed digest did not match'); + } + + this.params = await this.params; + + this[verified] = await mod$1.signature.verify( + this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, + toHash, hash + ); + + if (!this[verified]) { + throw new Error('Signature verification failed'); + } + } + + const normDate = util.normalizeDate(date); + if (normDate && this.created > normDate) { + throw new Error('Signature creation time is in the future'); + } + if (normDate && normDate >= this.getExpirationTime()) { + throw new Error('Signature is expired'); + } + if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { + throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && + [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { + throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + this.unknownSubpackets.forEach(({ type, critical }) => { + if (critical) { + throw new Error(`Unknown critical signature subpacket type ${type}`); + } + }); + this.rawNotations.forEach(({ name, critical }) => { + if (critical && (config$1.knownNotations.indexOf(name) < 0)) { + throw new Error(`Unknown critical notation: ${name}`); + } + }); + if (this.revocationKeyClass !== null) { + throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); + } + } + + /** + * Verifies signature expiration date + * @param {Date} [date] - Use the given date for verification instead of the current time + * @returns {Boolean} True if expired. + */ + isExpired(date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + return !(this.created <= normDate && normDate < this.getExpirationTime()); + } + return false; + } + + /** + * Returns the expiration time of the signature or Infinity if signature does not expire + * @returns {Date | Infinity} Expiration time. + */ + getExpirationTime() { + return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); + } +} + +/** + * Creates a Uint8Array representation of a sub signature packet + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} + * @param {Integer} type - Subpacket signature type. + * @param {Boolean} critical - Whether the subpacket should be critical. + * @param {String} data - Data to be included + * @returns {Uint8Array} The signature subpacket. + * @private + */ +function writeSubPacket(type, critical, data) { + const arr = []; + arr.push(writeSimpleLength(data.length + 1)); + arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); + arr.push(data); + return util.concat(arr); +} + +/** + * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. + * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5} + * @param {enums.hash} hashAlgorithm - Hash algorithm. + * @returns {Integer} Salt length. + * @private + */ +function saltLengthForHash(hashAlgorithm) { + switch (hashAlgorithm) { + case enums.hash.sha256: return 16; + case enums.hash.sha384: return 24; + case enums.hash.sha512: return 32; + case enums.hash.sha224: return 16; + case enums.hash.sha3_256: return 16; + case enums.hash.sha3_512: return 32; + default: throw new Error('Unsupported hash function'); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the One-Pass Signature Packets (Tag 4) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: + * The One-Pass Signature packet precedes the signed data and contains + * enough information to allow the receiver to begin calculating any + * hashes needed to verify the signature. It allows the Signature + * packet to be placed at the end of the message, so that the signer + * can compute the entire signed message in one pass. + */ +class OnePassSignaturePacket { + static get tag() { + return enums.packet.onePassSignature; + } + + static fromSignaturePacket(signaturePacket, isLast) { + const onePassSig = new OnePassSignaturePacket(); + onePassSig.version = signaturePacket.version === 6 ? 6 : 3; + onePassSig.signatureType = signaturePacket.signatureType; + onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; + onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; + onePassSig.issuerKeyID = signaturePacket.issuerKeyID; + onePassSig.salt = signaturePacket.salt; // v6 only + onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only + + onePassSig.flags = isLast ? 1 : 0; + return onePassSig; + } + + constructor() { + /** A one-octet version number. The current versions are 3 and 6. */ + this.version = null; + /** + * A one-octet signature type. + * Signature types are described in + * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. + * @type {enums.signature} + + */ + this.signatureType = null; + /** + * A one-octet number describing the hash algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} + * @type {enums.hash} + */ + this.hashAlgorithm = null; + /** + * A one-octet number describing the public-key algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} + * @type {enums.publicKey} + */ + this.publicKeyAlgorithm = null; + /** Only for v6, a variable-length field containing the salt. */ + this.salt = null; + /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */ + this.issuerKeyID = null; + /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */ + this.issuerFingerprint = null; + /** + * A one-octet number holding a flag showing whether the signature is nested. + * A zero value indicates that the next packet is another One-Pass Signature packet + * that describes another signature to be applied to the same message data. + */ + this.flags = null; + } + + /** + * parsing function for a one-pass signature packet (tag 4). + * @param {Uint8Array} bytes - Payload of a tag 4 packet + * @returns {OnePassSignaturePacket} Object representation. + */ + read(bytes) { + let mypos = 0; + // A one-octet version number. The current versions are 3 or 6. + this.version = bytes[mypos++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); + } + + // A one-octet signature type. Signature types are described in + // Section 5.2.1. + this.signatureType = bytes[mypos++]; + + // A one-octet number describing the hash algorithm used. + this.hashAlgorithm = bytes[mypos++]; + + // A one-octet number describing the public-key algorithm used. + this.publicKeyAlgorithm = bytes[mypos++]; + + if (this.version === 6) { + // Only for v6 signatures, a variable-length field containing: + + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[mypos++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(mypos, mypos + saltLength); + mypos += saltLength; + + // Only for v6 packets, 32 octets of the fingerprint of the signing key. + this.issuerFingerprint = bytes.subarray(mypos, mypos + 32); + mypos += 32; + this.issuerKeyID = new KeyID(); + // For v6 the Key ID is the high-order 64 bits of the fingerprint. + this.issuerKeyID.read(this.issuerFingerprint); + } else { + // Only for v3 packets, an eight-octet number holding the Key ID of the signing key. + this.issuerKeyID = new KeyID(); + this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); + mypos += 8; + } + + // A one-octet number holding a flag showing whether the signature + // is nested. A zero value indicates that the next packet is + // another One-Pass Signature packet that describes another + // signature to be applied to the same message data. + this.flags = bytes[mypos++]; + return this; + } + + /** + * creates a string representation of a one-pass signature packet + * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. + */ + write() { + const arr = [new Uint8Array([ + this.version, + this.signatureType, + this.hashAlgorithm, + this.publicKeyAlgorithm + ])]; + if (this.version === 6) { + arr.push( + new Uint8Array([this.salt.length]), + this.salt, + this.issuerFingerprint + ); + } else { + arr.push(this.issuerKeyID.write()); + } + arr.push(new Uint8Array([this.flags])); + return util.concatUint8Array(arr); + } + + calculateTrailer(...args) { + return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); + } + + async verify() { + const correspondingSig = await this.correspondingSig; + if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { + throw new Error('Corresponding signature packet missing'); + } + if ( + correspondingSig.signatureType !== this.signatureType || + correspondingSig.hashAlgorithm !== this.hashAlgorithm || + correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || + !correspondingSig.issuerKeyID.equals(this.issuerKeyID) || + (this.version === 3 && correspondingSig.version === 6) || + (this.version === 6 && correspondingSig.version !== 6) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt)) + ) { + throw new Error('Corresponding signature packet does not match one-pass signature packet'); + } + correspondingSig.hashed = this.hashed; + return correspondingSig.verify.apply(correspondingSig, arguments); + } +} + +OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; +OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; +OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; + +/** + * Instantiate a new packet given its tag + * @function newPacketFromTag + * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @returns {Object} New packet object with type based on tag + * @throws {Error|UnsupportedError} for disallowed or unknown packets + */ +function newPacketFromTag(tag, allowedPackets) { + if (!allowedPackets[tag]) { + // distinguish between disallowed packets and unknown ones + let packetType; + try { + packetType = enums.read(enums.packet, tag); + } catch (e) { + throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`); + } + throw new Error(`Packet not allowed in this context: ${packetType}`); + } + return new allowedPackets[tag](); +} + +/** + * This class represents a list of openpgp packets. + * Take care when iterating over it - the packets themselves + * are stored as numerical indices. + * @extends Array + */ +class PacketList extends Array { + /** + * Parses the given binary data and returns a list of packets. + * Equivalent to calling `read` on an empty PacketList instance. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @returns {PacketList} parsed list of packets + * @throws on parsing errors + * @async + */ + static async fromBinary(bytes, allowedPackets, config$1 = config) { + const packets = new PacketList(); + await packets.read(bytes, allowedPackets, config$1); + return packets; + } + + /** + * Reads a stream of binary data and interprets it as a list of packets. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @throws on parsing errors + * @async + */ + async read(bytes, allowedPackets, config$1 = config) { + if (config$1.additionalAllowedPackets.length) { + allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; + } + this.stream = transformPair(bytes, async (readable, writable) => { + const writer = getWriter(writable); + try { + while (true) { + await writer.ready; + const done = await readPackets(readable, async parsed => { + try { + if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) { + // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: + // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 + // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 + // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 + return; + } + const packet = newPacketFromTag(parsed.tag, allowedPackets); + packet.packets = new PacketList(); + packet.fromStream = util.isStream(parsed.packet); + await packet.read(parsed.packet, config$1); + await writer.write(packet); + } catch (e) { + // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence, + // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored. + // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical. + if (e instanceof UnknownPacketError) { + if (parsed.tag <= 39) { + await writer.abort(e); + } else { + return; + } + } + + const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; + const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); + if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { + // The packets that support streaming are the ones that contain message data. + // Those are also the ones we want to be more strict about and throw on parse errors + // (since we likely cannot process the message without these packets anyway). + await writer.abort(e); + } else { + const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); + await writer.write(unparsedPacket); + } + util.printDebugError(e); + } + }); + if (done) { + await writer.ready; + await writer.close(); + return; + } + } + } catch (e) { + await writer.abort(e); + } + }); + + // Wait until first few packets have been read + const reader = getReader(this.stream); + while (true) { + const { done, value } = await reader.read(); + if (!done) { + this.push(value); + } else { + this.stream = null; + } + if (done || supportsStreaming(value.constructor.tag)) { + break; + } + } + reader.releaseLock(); + } + + /** + * Creates a binary representation of openpgp objects contained within the + * class instance. + * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. + */ + write() { + const arr = []; + + for (let i = 0; i < this.length; i++) { + const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; + const packetbytes = this[i].write(); + if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { + let buffer = []; + let bufferLength = 0; + const minLength = 512; + arr.push(writeTag(tag)); + arr.push(transform(packetbytes, value => { + buffer.push(value); + bufferLength += value.length; + if (bufferLength >= minLength) { + const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); + const chunkSize = 2 ** powerOf2; + const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); + buffer = [bufferConcat.subarray(1 + chunkSize)]; + bufferLength = buffer[0].length; + return bufferConcat.subarray(0, 1 + chunkSize); + } + }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); + } else { + if (util.isStream(packetbytes)) { + let length = 0; + arr.push(transform(clone(packetbytes), value => { + length += value.length; + }, () => writeHeader(tag, length))); + } else { + arr.push(writeHeader(tag, packetbytes.length)); + } + arr.push(packetbytes); + } + } + + return util.concat(arr); + } + + /** + * Creates a new PacketList with all packets matching the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {PacketList} + */ + filterByTag(...tags) { + const filtered = new PacketList(); + + const handle = tag => packetType => tag === packetType; + + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(this[i].constructor.tag))) { + filtered.push(this[i]); + } + } + + return filtered; + } + + /** + * Traverses packet list and returns first packet with matching tag + * @param {module:enums.packet} tag - The packet tag + * @returns {Packet|undefined} + */ + findPacket(tag) { + return this.find(packet => packet.constructor.tag === tag); + } + + /** + * Find indices of packets with the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {Integer[]} packet indices + */ + indexOfTag(...tags) { + const tagIndex = []; + const that = this; + + const handle = tag => packetType => tag === packetType; + + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(that[i].constructor.tag))) { + tagIndex.push(i); + } + } + return tagIndex; + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Compressed Data packet can contain the following packet types +const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +/** + * Implementation of the Compressed Data Packet (Tag 8) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: + * The Compressed Data packet contains compressed data. Typically, + * this packet is found as the contents of an encrypted packet, or following + * a Signature or One-Pass Signature packet, and contains a literal data packet. + */ +class CompressedDataPacket { + static get tag() { + return enums.packet.compressedData; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + /** + * List of packets + * @type {PacketList} + */ + this.packets = null; + /** + * Compression algorithm + * @type {enums.compression} + */ + this.algorithm = config$1.preferredCompressionAlgorithm; + + /** + * Compressed packet data + * @type {Uint8Array | ReadableStream} + */ + this.compressed = null; + } + + /** + * Parsing function for the packet. + * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async read(bytes, config$1 = config) { + await parse(bytes, async reader => { + + // One octet that gives the algorithm used to compress the packet. + this.algorithm = await reader.readByte(); + + // Compressed data, which makes up the remainder of the packet. + this.compressed = reader.remainder(); + + await this.decompress(config$1); + }); + } + + + /** + * Return the compressed packet. + * @returns {Uint8Array | ReadableStream} Binary compressed packet. + */ + write() { + if (this.compressed === null) { + this.compress(); + } + + return util.concat([new Uint8Array([this.algorithm]), this.compressed]); + } + + + /** + * Decompression method for decompressing the compressed data + * read by read_packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async decompress(config$1 = config) { + const compressionName = enums.read(enums.compression, this.algorithm); + const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async + if (!decompressionFn) { + throw new Error(`${compressionName} decompression not supported`); + } + + this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets$5, config$1); + } + + /** + * Compress the packet data (member decompressedData) + */ + compress() { + const compressionName = enums.read(enums.compression, this.algorithm); + const compressionFn = compress_fns[compressionName]; + if (!compressionFn) { + throw new Error(`${compressionName} compression not supported`); + } + + this.compressed = compressionFn(this.packets.write()); + } +} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + +/** + * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise. + * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator + * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor + * @returns {ReadableStream} compressed or decompressed data + */ +function zlib(compressionStreamInstantiator, ZlibStreamedConstructor) { + return data => { + if (!util.isStream(data) || isArrayStream(data)) { + return fromAsync(() => readToEnd(data).then(inputData => { + return new Promise((resolve, reject) => { + const zlibStream = new ZlibStreamedConstructor(); + zlibStream.ondata = processedData => { + resolve(processedData); + }; + try { + zlibStream.push(inputData, true); // only one chunk to push + } catch (err) { + reject(err); + } + }); + })); + } + + // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API) + if (compressionStreamInstantiator) { + try { + const compressorOrDecompressor = compressionStreamInstantiator(); + return data.pipeThrough(compressorOrDecompressor); + } catch (err) { + // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate. + if (err.name !== 'TypeError') { + throw err; + } + } + } + + // JS fallback + const inputReader = data.getReader(); + const zlibStream = new ZlibStreamedConstructor(); + + return new ReadableStream({ + async start(controller) { + zlibStream.ondata = async (value, isLast) => { + controller.enqueue(value); + if (isLast) { + controller.close(); + } + }; + + while (true) { + const { done, value } = await inputReader.read(); + if (done) { + zlibStream.push(new Uint8Array(), true); + return; + } else if (value.length) { + zlibStream.push(value); + } + } + } + }); + }; +} + +function bzip2Decompress() { + return async function(data) { + const { decode: bunzipDecode } = await Promise.resolve().then(function () { return index; }); + return fromAsync(async () => bunzipDecode(await readToEnd(data))); + }; +} + +/** + * Get Compression Stream API instatiators if the constructors are implemented. + * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported + * (supported formats cannot be determined in advance). + * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat + * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }} + */ +const getCompressionStreamInstantiators = compressionFormat => ({ + compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)), + decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat)) +}); + +const compress_fns = { + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib) +}; + +const decompress_fns = { + uncompressed: data => data, + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib), + bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import +}; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A SEIP packet can contain the following packet types +const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +/** + * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: + * The Symmetrically Encrypted Integrity Protected Data packet is + * a variant of the Symmetrically Encrypted Data packet. It is a new feature + * created for OpenPGP that addresses the problem of detecting a modification to + * encrypted data. It is used in combination with a Modification Detection Code + * packet. + */ +class SymEncryptedIntegrityProtectedDataPacket { + static get tag() { + return enums.packet.symEncryptedIntegrityProtectedData; + } + + static fromObject({ version, aeadAlgorithm }) { + if (version !== 1 && version !== 2) { + throw new Error('Unsupported SEIPD version'); + } + + const seip = new SymEncryptedIntegrityProtectedDataPacket(); + seip.version = version; + if (version === 2) { + seip.aeadAlgorithm = aeadAlgorithm; + } + + return seip; + } + + constructor() { + this.version = null; + + // The following 4 fields are for V2 only. + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = null; + this.chunkSizeByte = null; + this.salt = null; + + this.encrypted = null; + this.packets = null; + } + + async read(bytes) { + await parse(bytes, async reader => { + this.version = await reader.readByte(); + // - A one-octet version number with value 1 or 2. + if (this.version !== 1 && this.version !== 2) { + throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`); + } + + if (this.version === 2) { + // - A one-octet cipher algorithm. + this.cipherAlgorithm = await reader.readByte(); + // - A one-octet AEAD algorithm. + this.aeadAlgorithm = await reader.readByte(); + // - A one-octet chunk size. + this.chunkSizeByte = await reader.readByte(); + // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique. + this.salt = await reader.readBytes(32); + } + + // For V1: + // - Encrypted data, the output of the selected symmetric-key cipher + // operating in Cipher Feedback mode with shift amount equal to the + // block size of the cipher (CFB-n where n is the block size). + // For V2: + // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode. + // - A final, summary authentication tag for the AEAD mode. + this.encrypted = reader.remainder(); + }); + } + + write() { + if (this.version === 2) { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]); + } + return util.concat([new Uint8Array([this.version]), this.encrypted]); + } + + /** + * Encrypt the payload in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on encryption failure + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + const { blockSize, keySize } = mod$1.getCipherParams(sessionKeyAlgorithm); + if (key.length !== keySize) { + throw new Error('Unexpected session key size'); + } + + let bytes = this.packets.write(); + if (isArrayStream(bytes)) bytes = await readToEnd(bytes); + + if (this.version === 2) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + this.salt = mod$1.random.getRandomBytes(32); + this.chunkSizeByte = config$1.aeadChunkSizeByte; + this.encrypted = await runAEAD(this, 'encrypt', key, bytes); + } else { + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet + + const tohash = util.concat([prefix, bytes, mdc]); + const hash = await mod$1.hash.sha1(passiveClone(tohash)); + const plaintext = util.concat([tohash, hash]); + + this.encrypted = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); + } + return true; + } + + /** + * Decrypts the encrypted data contained in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on decryption failure + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + if (key.length !== mod$1.getCipherParams(sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + + let encrypted = clone(this.encrypted); + if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); + + let packetbytes; + if (this.version === 2) { + if (this.cipherAlgorithm !== sessionKeyAlgorithm) { + // sanity check + throw new Error('Unexpected session key algorithm'); + } + packetbytes = await runAEAD(this, 'decrypt', key, encrypted); + } else { + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); + + // there must be a modification detection code packet as the + // last packet and everything gets hashed except the hash itself + const realHash = slice(passiveClone(decrypted), -20); + const tohash = slice(decrypted, 0, -20); + const verifyHash = Promise.all([ + readToEnd(await mod$1.hash.sha1(passiveClone(tohash))), + readToEnd(realHash) + ]).then(([hash, mdc]) => { + if (!util.equalsUint8Array(hash, mdc)) { + throw new Error('Modification detected.'); + } + return new Uint8Array(); + }); + const bytes = slice(tohash, blockSize + 2); // Remove random prefix + packetbytes = slice(bytes, 0, -2); // Remove MDC packet + packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); + if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { + packetbytes = await readToEnd(packetbytes); + } + } + + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$4, config$1); + return true; + } +} + +/** + * En/decrypt the payload. + * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt + * @param {Uint8Array} key - The session key used to en/decrypt the payload + * @param {Uint8Array | ReadableStream} data - The data to en/decrypt + * @returns {Promise>} + * @async + */ +async function runAEAD(packet, fn, key, data) { + const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2; + const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import) + if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type'); + + const mode = mod$1.getAEADMode(packet.aeadAlgorithm); + const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; + const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; + const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) + const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0; + const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP); + const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP); + const adataTagArray = new Uint8Array(adataBuffer); + const adataView = new DataView(adataBuffer); + const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); + adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0); + let chunkIndex = 0; + let latestPromise = Promise.resolve(); + let cryptedBytes = 0; + let queuedBytes = 0; + let iv; + let ivView; + if (isSEIPDv2) { + const { keySize } = mod$1.getCipherParams(packet.cipherAlgorithm); + const { ivLength } = mode; + const info = new Uint8Array(adataBuffer, 0, 5); + const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength); + key = derived.subarray(0, keySize); + iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy. + iv.fill(0, iv.length - 8); + ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); + } else { // AEADEncryptedDataPacket + iv = packet.iv; + // ivView is unused in this case + } + const modeInstance = await mode(packet.cipherAlgorithm, key); + return transformPair(data, async (readable, writable) => { + if (util.isStream(readable) !== 'array') { + const buffer = new TransformStream({}, { + highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6), + size: array => array.length + }); + pipe(buffer.readable, writable); + writable = buffer.writable; + } + const reader = getReader(readable); + const writer = getWriter(writable); + try { + while (true) { + let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); + const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); + chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); + let cryptedPromise; + let done; + let nonce; + if (isSEIPDv2) { // SEIPD V2 + nonce = iv; + } else { // AEADEncryptedDataPacket + nonce = iv.slice(); + for (let i = 0; i < 8; i++) { + nonce[iv.length - 8 + i] ^= chunkIndexArray[i]; + } + } + if (!chunkIndex || chunk.length) { + reader.unshift(finalChunk); + cryptedPromise = modeInstance[fn](chunk, nonce, adataArray); + cryptedPromise.catch(() => {}); + queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; + } else { + // After the last chunk, we either encrypt a final, empty + // data chunk to get the final authentication tag or + // validate that final authentication tag. + adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...) + cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray); + cryptedPromise.catch(() => {}); + queuedBytes += tagLengthIfEncrypting; + done = true; + } + cryptedBytes += chunk.length - tagLengthIfDecrypting; + // eslint-disable-next-line @typescript-eslint/no-loop-func + latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { + await writer.ready; + await writer.write(crypted); + queuedBytes -= crypted.length; + }).catch(err => writer.abort(err)); + if (done || queuedBytes > writer.desiredSize) { + await latestPromise; // Respect backpressure + } + if (!done) { + if (isSEIPDv2) { // SEIPD V2 + ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...) + } else { // AEADEncryptedDataPacket + adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) + } + } else { + await writer.close(); + break; + } + } + } catch (e) { + await writer.ready.catch(() => {}); + await writer.abort(e); + } + }); +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// An AEAD-encrypted Data packet can contain the following packet types +const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +const VERSION$1 = 1; // A one-octet version number of the data packet. + +/** + * Implementation of the Symmetrically Encrypted Authenticated Encryption with + * Additional Data (AEAD) Protected Data Packet + * + * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: + * AEAD Protected Data Packet + */ +class AEADEncryptedDataPacket { + static get tag() { + return enums.packet.aeadEncryptedData; + } + + constructor() { + this.version = VERSION$1; + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = enums.aead.eax; + this.chunkSizeByte = null; + this.iv = null; + this.encrypted = null; + this.packets = null; + } + + /** + * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @param {Uint8Array | ReadableStream} bytes + * @throws {Error} on parsing failure + */ + async read(bytes) { + await parse(bytes, async reader => { + const version = await reader.readByte(); + if (version !== VERSION$1) { // The only currently defined value is 1. + throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); + } + this.cipherAlgorithm = await reader.readByte(); + this.aeadAlgorithm = await reader.readByte(); + this.chunkSizeByte = await reader.readByte(); + + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = await reader.readBytes(mode.ivLength); + this.encrypted = reader.remainder(); + }); + } + + /** + * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @returns {Uint8Array | ReadableStream} The encrypted payload. + */ + write() { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); + } + + /** + * Decrypt the encrypted payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.packets = await PacketList.fromBinary( + await runAEAD(this, 'decrypt', key, clone(this.encrypted)), + allowedPackets$3, + config$1 + ); + } + + /** + * Encrypt the packet payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + const { ivLength } = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(ivLength); // generate new random IV + this.chunkSizeByte = config$1.aeadChunkSizeByte; + const data = this.packets.write(); + this.encrypted = await runAEAD(this, 'encrypt', key, data); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Public-Key Encrypted Session Key Packets (Tag 1) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: + * A Public-Key Encrypted Session Key packet holds the session key + * used to encrypt a message. Zero or more Public-Key Encrypted Session Key + * packets and/or Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data Packet, which holds an encrypted message. The + * message is encrypted with the session key, and the session key is itself + * encrypted and stored in the Encrypted Session Key packet(s). The + * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted + * Session Key packet for each OpenPGP key to which the message is encrypted. + * The recipient of the message finds a session key that is encrypted to their + * public key, decrypts the session key, and then uses the session key to + * decrypt the message. + */ +class PublicKeyEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.publicKeyEncryptedSessionKey; + } + + constructor() { + this.version = null; + + // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()` + this.publicKeyID = new KeyID(); + + // For version 6: + this.publicKeyVersion = null; + this.publicKeyFingerprint = null; + + // For all versions: + this.publicKeyAlgorithm = null; + + this.sessionKey = null; + /** + * Algorithm to encrypt the message with + * @type {enums.symmetric} + */ + this.sessionKeyAlgorithm = null; + + /** @type {Object} */ + this.encrypted = {}; + } + + static fromObject({ + version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm + }) { + const pkesk = new PublicKeyEncryptedSessionKeyPacket(); + + if (version !== 3 && version !== 6) { + throw new Error('Unsupported PKESK version'); + } + + pkesk.version = version; + + if (version === 6) { + pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version; + pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes(); + } + + pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID(); + pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm; + pkesk.sessionKey = sessionKey; + pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm; + + return pkesk; + } + + /** + * Parsing function for a publickey encrypted session key packet (tag 1). + * + * @param {Uint8Array} bytes - Payload of a tag 1 packet + */ + read(bytes) { + let offset = 0; + this.version = bytes[offset++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); + } + if (this.version === 6) { + // A one-octet size of the following two fields: + // - A one octet key version number. + // - The fingerprint of the public key or subkey to which the session key is encrypted. + // The size may also be zero. + const versionAndFingerprintLength = bytes[offset++]; + if (versionAndFingerprintLength) { + this.publicKeyVersion = bytes[offset++]; + const fingerprintLength = versionAndFingerprintLength - 1; + this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength; + if (this.publicKeyVersion >= 5) { + // For v5/6 the Key ID is the high-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint); + } else { + // For v4 The Key ID is the low-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8)); + } + } else { + // The size may also be zero, and the key version and + // fingerprint omitted for an "anonymous recipient" + this.publicKeyID = KeyID.wildcard(); + } + } else { + offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8)); + } + this.publicKeyAlgorithm = bytes[offset++]; + this.encrypted = mod$1.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset)); + if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) { + if (this.version === 3) { + this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + } else if (this.encrypted.C.algorithm !== null) { + throw new Error('Unexpected cleartext symmetric algorithm'); + } + } + } + + /** + * Create a binary representation of a tag 1 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const arr = [ + new Uint8Array([this.version]) + ]; + + if (this.version === 6) { + if (this.publicKeyFingerprint !== null) { + arr.push(new Uint8Array([ + this.publicKeyFingerprint.length + 1, + this.publicKeyVersion] + )); + arr.push(this.publicKeyFingerprint); + } else { + arr.push(new Uint8Array([0])); + } + } else { + arr.push(this.publicKeyID.write()); + } + + arr.push( + new Uint8Array([this.publicKeyAlgorithm]), + mod$1.serializeParams(this.publicKeyAlgorithm, this.encrypted) + ); + + return util.concatUint8Array(arr); + } + + /** + * Encrypt session key packet + * @param {PublicKeyPacket} key - Public key + * @throws {Error} if encryption failed + * @async + */ + async encrypt(key) { + const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); + // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a + // v6 PKESK packet, as it is included in the v2 SEIPD packet. + const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey); + this.encrypted = await mod$1.publicKeyEncrypt( + algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint); + } + + /** + * Decrypts the session key (only for public key encrypted session key packets (tag 1) + * @param {SecretKeyPacket} key - decrypted private key + * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. + * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } + * @throws {Error} if decryption failed, unless `randomSessionKey` is given + * @async + */ + async decrypt(key, randomSessionKey) { + // check that session key algo matches the secret key algo + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Decryption error'); + } + + const randomPayload = randomSessionKey ? + encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : + null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const decryptedData = await mod$1.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload); + + const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); + + if (this.version === 3) { + // v3 Montgomery curves have cleartext cipher algo + const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448; + this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm; + + if (sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + } + this.sessionKey = sessionKey; + } +} + + +function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + // add checksum + return util.concatUint8Array([ + new Uint8Array(version === 6 ? [] : [cipherAlgo]), + sessionKeyData, + util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) + ]); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return sessionKeyData; + default: + throw new Error('Unsupported public key algorithm'); + } +} + + +function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: { + // verify checksum in constant time + const result = decryptedData.subarray(0, decryptedData.length - 2); + const checksum = decryptedData.subarray(decryptedData.length - 2); + const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); + const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; + const decryptedSessionKey = version === 6 ? + { sessionKeyAlgorithm: null, sessionKey: result } : + { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; + if (randomSessionKey) { + // We must not leak info about the validity of the decrypted checksum or cipher algo. + // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. + const isValidPayload = isValidChecksum & + decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & + decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; + return { + sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), + sessionKeyAlgorithm: version === 6 ? null : util.selectUint8( + isValidPayload, + decryptedSessionKey.sessionKeyAlgorithm, + randomSessionKey.sessionKeyAlgorithm + ) + }; + } else { + const isValidPayload = isValidChecksum && ( + version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm)); + if (isValidPayload) { + return decryptedSessionKey; + } else { + throw new Error('Decryption error'); + } + } + } + case enums.publicKey.x25519: + case enums.publicKey.x448: + return { + sessionKeyAlgorithm: null, + sessionKey: decryptedData + }; + default: + throw new Error('Unsupported public key algorithm'); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Symmetric-Key Encrypted Session Key Packets (Tag 3) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: + * The Symmetric-Key Encrypted Session Key packet holds the + * symmetric-key encryption of a session key used to encrypt a message. + * Zero or more Public-Key Encrypted Session Key packets and/or + * Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data packet that holds an encrypted message. + * The message is encrypted with a session key, and the session key is + * itself encrypted and stored in the Encrypted Session Key packet or + * the Symmetric-Key Encrypted Session Key packet. + */ +class SymEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.symEncryptedSessionKey; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + this.version = config$1.aeadProtect ? 6 : 4; + this.sessionKey = null; + /** + * Algorithm to encrypt the session key with + * @type {enums.symmetric} + */ + this.sessionKeyEncryptionAlgorithm = null; + /** + * Algorithm to encrypt the message with + * @type {enums.symmetric} + */ + this.sessionKeyAlgorithm = null; + /** + * AEAD mode to encrypt the session key with (if AEAD protection is enabled) + * @type {enums.aead} + */ + this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); + this.encrypted = null; + this.s2k = null; + this.iv = null; + } + + /** + * Parsing function for a symmetric encrypted session key packet (tag 3). + * + * @param {Uint8Array} bytes - Payload of a tag 3 packet + */ + read(bytes) { + let offset = 0; + + // A one-octet version number with value 4, 5 or 6. + this.version = bytes[offset++]; + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); + } + + if (this.version === 6) { + // A one-octet scalar octet count of the following 5 fields. + offset++; + } + + // A one-octet number describing the symmetric algorithm used. + const algo = bytes[offset++]; + + if (this.version >= 5) { + // A one-octet AEAD algorithm. + this.aeadAlgorithm = bytes[offset++]; + + if (this.version === 6) { + // A one-octet scalar octet count of the following field. + offset++; + } + } + + // A string-to-key (S2K) specifier, length as defined above. + const s2kType = bytes[offset++]; + this.s2k = newS2KFromType(s2kType); + offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + + // A starting initialization vector of size specified by the AEAD + // algorithm. + this.iv = bytes.subarray(offset, offset += mode.ivLength); + } + + // The encrypted session key itself, which is decrypted with the + // string-to-key object. This is optional in version 4. + if (this.version >= 5 || offset < bytes.length) { + this.encrypted = bytes.subarray(offset, bytes.length); + this.sessionKeyEncryptionAlgorithm = algo; + } else { + this.sessionKeyAlgorithm = algo; + } + } + + /** + * Create a binary representation of a tag 3 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const algo = this.encrypted === null ? + this.sessionKeyAlgorithm : + this.sessionKeyEncryptionAlgorithm; + + let bytes; + + const s2k = this.s2k.write(); + if (this.version === 6) { + const s2kLen = s2k.length; + const fieldsLen = 3 + s2kLen + this.iv.length; + bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]); + } else if (this.version === 5) { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]); + } else { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]); + + if (this.encrypted !== null) { + bytes = util.concatUint8Array([bytes, this.encrypted]); + } + } + + return bytes; + } + + /** + * Decrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(passphrase) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); + } else if (this.encrypted !== null) { + const decrypted = await mod$1.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + + this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); + this.sessionKey = decrypted.subarray(1, decrypted.length); + if (this.sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + } else { + // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo + this.sessionKey = key; + } + } + + /** + * Encrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + this.sessionKeyEncryptionAlgorithm = algo; + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.sessionKey === null) { + this.sessionKey = mod$1.generateSessionKey(this.sessionKeyAlgorithm); + } + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(mode.ivLength); // generate new random IV + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata); + } else { + const toEncrypt = util.concatUint8Array([ + new Uint8Array([this.sessionKeyAlgorithm]), + this.sessionKey + ]); + this.encrypted = await mod$1.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config$1); + } + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Key Material Packet (Tag 5,6,7,14) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: + * A key material packet contains all the information about a public or + * private key. There are four variants of this packet type, and two + * major versions. + * + * A Public-Key packet starts a series of packets that forms an OpenPGP + * key (sometimes called an OpenPGP certificate). + */ +class PublicKeyPacket { + static get tag() { + return enums.packet.publicKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + /** + * Packet version + * @type {Integer} + */ + this.version = config$1.v6Keys ? 6 : 4; + /** + * Key creation date. + * @type {Date} + */ + this.created = util.normalizeDate(date); + /** + * Public key algorithm. + * @type {enums.publicKey} + */ + this.algorithm = null; + /** + * Algorithm specific public params + * @type {Object} + */ + this.publicParams = null; + /** + * Time until expiration in days (V3 only) + * @type {Integer} + */ + this.expirationTimeV3 = 0; + /** + * Fingerprint bytes + * @type {Uint8Array} + */ + this.fingerprint = null; + /** + * KeyID + * @type {module:type/keyid~KeyID} + */ + this.keyID = null; + } + + /** + * Create a PublicKeyPacket from a SecretKeyPacket + * @param {SecretKeyPacket} secretKeyPacket - key packet to convert + * @returns {PublicKeyPacket} public key packet + * @static + */ + static fromSecretKeyPacket(secretKeyPacket) { + const keyPacket = new PublicKeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } + + /** + * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} + * @param {Uint8Array} bytes - Input array to read the packet from + * @returns {Object} This object with attributes set by the parser + * @async + */ + async read(bytes, config$1 = config) { + let pos = 0; + // A one-octet version number (4, 5 or 6). + this.version = bytes[pos++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } + + if (this.version === 4 || this.version === 5 || this.version === 6) { + // - A four-octet number denoting the time that the key was created. + this.created = util.readDate(bytes.subarray(pos, pos + 4)); + pos += 4; + + // - A one-octet number denoting the public-key algorithm of this key. + this.algorithm = bytes[pos++]; + + if (this.version >= 5) { + // - A four-octet scalar octet count for the following key material. + pos += 4; + } + + // - A series of values comprising the key material. + const { read, publicParams } = mod$1.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } + this.publicParams = publicParams; + pos += read; + + // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor + await this.computeFingerprintAndKeyID(); + return pos; + } + throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); + } + + /** + * Creates an OpenPGP public key packet for the given key. + * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. + */ + write() { + const arr = []; + // Version + arr.push(new Uint8Array([this.version])); + arr.push(util.writeDate(this.created)); + // A one-octet number denoting the public-key algorithm of this key + arr.push(new Uint8Array([this.algorithm])); + + const params = mod$1.serializeParams(this.algorithm, this.publicParams); + if (this.version >= 5) { + // A four-octet scalar octet count for the following key material + arr.push(util.writeNumber(params.length, 4)); + } + // Algorithm-specific params + arr.push(params); + return util.concatUint8Array(arr); + } + + /** + * Write packet in order to be hashed; either for a signature or a fingerprint + * @param {Integer} version - target version of signature or key + */ + writeForHash(version) { + const bytes = this.writePublicKey(); + + const versionOctet = 0x95 + version; + const lengthOctets = version >= 5 ? 4 : 2; + return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]); + } + + /** + * Check whether secret-key data is available in decrypted form. Returns null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return null; + } + + /** + * Returns the creation time of the key + * @returns {Date} + */ + getCreationTime() { + return this.created; + } + + /** + * Return the key ID of the key + * @returns {module:type/keyid~KeyID} The 8-byte key ID + */ + getKeyID() { + return this.keyID; + } + + /** + * Computes and set the key ID and fingerprint of the key + * @async + */ + async computeFingerprintAndKeyID() { + await this.computeFingerprint(); + this.keyID = new KeyID(); + + if (this.version >= 5) { + this.keyID.read(this.fingerprint.subarray(0, 8)); + } else if (this.version === 4) { + this.keyID.read(this.fingerprint.subarray(12, 20)); + } else { + throw new Error('Unsupported key version'); + } + } + + /** + * Computes and set the fingerprint of the key + */ + async computeFingerprint() { + const toHash = this.writeForHash(this.version); + + if (this.version >= 5) { + this.fingerprint = await mod$1.hash.sha256(toHash); + } else if (this.version === 4) { + this.fingerprint = await mod$1.hash.sha1(toHash); + } else { + throw new Error('Unsupported key version'); + } + } + + /** + * Returns the fingerprint of the key, as an array of bytes + * @returns {Uint8Array} A Uint8Array containing the fingerprint + */ + getFingerprintBytes() { + return this.fingerprint; + } + + /** + * Calculates and returns the fingerprint of the key, as a string + * @returns {String} A string containing the fingerprint in lowercase hex + */ + getFingerprint() { + return util.uint8ArrayToHex(this.getFingerprintBytes()); + } + + /** + * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint + * @returns {Boolean} Whether the two keys have the same version and public key data. + */ + hasSameFingerprintAs(other) { + return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); + } + + /** + * Returns algorithm information + * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. + */ + getAlgorithmInfo() { + const result = {}; + result.algorithm = enums.read(enums.publicKey, this.algorithm); + // RSA, DSA or ElGamal public modulo + const modulo = this.publicParams.n || this.publicParams.p; + if (modulo) { + result.bits = util.uint8ArrayBitLength(modulo); + } else if (this.publicParams.oid) { + result.curve = this.publicParams.oid.getName(); + } + return result; + } +} + +/** + * Alias of read() + * @see PublicKeyPacket#read + */ +PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; + +/** + * Alias of write() + * @see PublicKeyPacket#write + */ +PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A SE packet can contain the following packet types +const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +/** + * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: + * The Symmetrically Encrypted Data packet contains data encrypted with a + * symmetric-key algorithm. When it has been decrypted, it contains other + * packets (usually a literal data packet or compressed data packet, but in + * theory other Symmetrically Encrypted Data packets or sequences of packets + * that form whole OpenPGP messages). + */ +class SymmetricallyEncryptedDataPacket { + static get tag() { + return enums.packet.symmetricallyEncryptedData; + } + + constructor() { + /** + * Encrypted secret-key data + */ + this.encrypted = null; + /** + * Decrypted packets contained within. + * @type {PacketList} + */ + this.packets = null; + } + + read(bytes) { + this.encrypted = bytes; + } + + write() { + return this.encrypted; + } + + /** + * Decrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error + if (!config$1.allowUnauthenticatedMessages) { + throw new Error('Message is not authenticated.'); + } + + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const encrypted = await readToEnd(clone(this.encrypted)); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, + encrypted.subarray(blockSize + 2), + encrypted.subarray(2, blockSize + 2) + ); + + this.packets = await PacketList.fromBinary(decrypted, allowedPackets$2, config$1); + } + + /** + * Encrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + const data = this.packets.write(); + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const FRE = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); + const ciphertext = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); + this.encrypted = util.concat([FRE, ciphertext]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the strange "Marker packet" (Tag 10) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: + * An experimental version of PGP used this packet as the Literal + * packet, but no released version of PGP generated Literal packets with this + * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as + * the Marker packet. + * + * The body of this packet consists of: + * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). + * + * Such a packet MUST be ignored when received. It may be placed at the + * beginning of a message that uses features not available in PGP + * version 2.6 in order to cause that version to report that newer + * software is necessary to process the message. + */ +class MarkerPacket { + static get tag() { + return enums.packet.marker; + } + + /** + * Parsing function for a marker data packet (tag 10). + * @param {Uint8Array} bytes - Payload of a tag 10 packet + * @returns {Boolean} whether the packet payload contains "PGP" + */ + read(bytes) { + if (bytes[0] === 0x50 && // P + bytes[1] === 0x47 && // G + bytes[2] === 0x50) { // P + return true; + } + return false; + } + + write() { + return new Uint8Array([0x50, 0x47, 0x50]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Public-Subkey packet (tag 14) has exactly the same format as a + * Public-Key packet, but denotes a subkey. One or more subkeys may be + * associated with a top-level key. By convention, the top-level key + * provides signature services, and the subkeys provide encryption + * services. + * @extends PublicKeyPacket + */ +class PublicSubkeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.publicSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + // eslint-disable-next-line @typescript-eslint/no-useless-constructor + constructor(date, config) { + super(date, config); + } + + /** + * Create a PublicSubkeyPacket from a SecretSubkeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert + * @returns {SecretSubkeyPacket} public key packet + * @static + */ + static fromSecretSubkeyPacket(secretSubkeyPacket) { + const keyPacket = new PublicSubkeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the User Attribute Packet (Tag 17) + * + * The User Attribute packet is a variation of the User ID packet. It + * is capable of storing more types of data than the User ID packet, + * which is limited to text. Like the User ID packet, a User Attribute + * packet may be certified by the key owner ("self-signed") or any other + * key owner who cares to certify it. Except as noted, a User Attribute + * packet may be used anywhere that a User ID packet may be used. + * + * While User Attribute packets are not a required part of the OpenPGP + * standard, implementations SHOULD provide at least enough + * compatibility to properly handle a certification signature on the + * User Attribute packet. A simple way to do this is by treating the + * User Attribute packet as a User ID packet with opaque contents, but + * an implementation may use any method desired. + */ +class UserAttributePacket { + static get tag() { + return enums.packet.userAttribute; + } + + constructor() { + this.attributes = []; + } + + /** + * parsing function for a user attribute packet (tag 17). + * @param {Uint8Array} input - Payload of a tag 17 packet + */ + read(bytes) { + let i = 0; + while (i < bytes.length) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; + + this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); + i += len.len; + } + } + + /** + * Creates a binary representation of the user attribute packet + * @returns {Uint8Array} String representation. + */ + write() { + const arr = []; + for (let i = 0; i < this.attributes.length; i++) { + arr.push(writeSimpleLength(this.attributes[i].length)); + arr.push(util.stringToUint8Array(this.attributes[i])); + } + return util.concatUint8Array(arr); + } + + /** + * Compare for equality + * @param {UserAttributePacket} usrAttr + * @returns {Boolean} True if equal. + */ + equals(usrAttr) { + if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { + return false; + } + return this.attributes.every(function(attr, index) { + return attr === usrAttr.attributes[index]; + }); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Secret-Key packet contains all the information that is found in a + * Public-Key packet, including the public-key material, but also + * includes the secret-key material after all the public-key fields. + * @extends PublicKeyPacket + */ +class SecretKeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.secretKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); + /** + * Secret-key data + */ + this.keyMaterial = null; + /** + * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. + */ + this.isEncrypted = null; + /** + * S2K usage + * @type {enums.symmetric} + */ + this.s2kUsage = 0; + /** + * S2K object + * @type {type/s2k} + */ + this.s2k = null; + /** + * Symmetric algorithm to encrypt the key with + * @type {enums.symmetric} + */ + this.symmetric = null; + /** + * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) + * @type {enums.aead} + */ + this.aead = null; + /** + * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis + * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older). + * This value is only relevant to know how to decrypt the key: + * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism. + * @type {Boolean} + * @private + */ + this.isLegacyAEAD = null; + /** + * Decrypted private parameters, referenced by name + * @type {Object} + */ + this.privateParams = null; + /** + * `true` for keys whose integrity is already confirmed, based on + * the AEAD encryption mechanism + * @type {Boolean} + * @private + */ + this.usedModernAEAD = null; + } + + // 5.5.3. Secret-Key Packet Formats + + /** + * Internal parser for private keys as specified in + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} + * @param {Uint8Array} bytes - Input string to read the packet from + * @async + */ + async read(bytes, config$1 = config) { + // - A Public-Key or Public-Subkey packet, as described above. + let i = await this.readPublicKey(bytes, config$1); + const startOfSecretKeyData = i; + + // - One octet indicating string-to-key usage conventions. Zero + // indicates that the secret-key data is not encrypted. 255 or 254 + // indicates that a string-to-key specifier is being given. Any + // other value is a symmetric-key encryption algorithm identifier. + this.s2kUsage = bytes[i++]; + + // - Only for a version 5 packet, a one-octet scalar octet count of + // the next 4 optional fields. + if (this.version === 5) { + i++; + } + + // - Only for a version 6 packet where the secret key material is + // encrypted (that is, where the previous octet is not zero), a one- + // octet scalar octet count of the cumulative length of all the + // following optional string-to-key parameter fields. + if (this.version === 6 && this.s2kUsage) { + i++; + } + + try { + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one-octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + this.symmetric = bytes[i++]; + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + this.aead = bytes[i++]; + } + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + i++; + } + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + const s2kType = bytes[i++]; + this.s2k = newS2KFromType(s2kType); + i += this.s2k.read(bytes.subarray(i, bytes.length)); + + if (this.s2k.type === 'gnu-dummy') { + return; + } + } else if (this.s2kUsage) { + this.symmetric = this.s2kUsage; + } + + + if (this.s2kUsage) { + // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5). + // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format). + // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always + // fail if the key was parsed according to the wrong format, since the keys are processed differently. + // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag. + this.isLegacyAEAD = this.s2kUsage === 253 && ( + this.version === 5 || (this.version === 4 && config$1.parseAEADEncryptedV4KeysAsLegacy)); + // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV) + // of the same length as the cipher's block size. + // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the + // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm. + // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero + if (this.s2kUsage !== 253 || this.isLegacyAEAD) { + this.iv = bytes.subarray( + i, + i + mod$1.getCipherParams(this.symmetric).blockSize + ); + this.usedModernAEAD = false; + } else { + // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted), + // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which + // is used as the nonce for the AEAD algorithm. + this.iv = bytes.subarray( + i, + i + mod$1.getAEADMode(this.aead).ivLength + ); + // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation. + this.usedModernAEAD = true; + } + + i += this.iv.length; + } + } catch (e) { + // if the s2k is unsupported, we still want to support encrypting and verifying with the given key + if (!this.s2kUsage) throw e; // always throw for decrypted keys + this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); + this.isEncrypted = true; + } + + // - Only for a version 5 packet, a four-octet scalar octet count for + // the following key material. + if (this.version === 5) { + i += 4; + } + + // - Plain or encrypted multiprecision integers comprising the secret + // key data. These algorithm-specific fields are as described + // below. + this.keyMaterial = bytes.subarray(i); + this.isEncrypted = !!this.s2kUsage; + + if (!this.isEncrypted) { + let cleartext; + if (this.version === 6) { + cleartext = this.keyMaterial; + } else { + cleartext = this.keyMaterial.subarray(0, -2); + if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { + throw new Error('Key checksum mismatch'); + } + } + try { + const { read, privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + if (read < cleartext.length) { + throw new Error('Error reading MPIs'); + } + this.privateParams = privateParams; + } catch (err) { + if (err instanceof UnsupportedError) throw err; + // avoid throwing potentially sensitive errors + throw new Error('Error reading MPIs'); + } + } + } + + /** + * Creates an OpenPGP key packet for the given key. + * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. + */ + write() { + const serializedPublicKey = this.writePublicKey(); + if (this.unparseableKeyMaterial) { + return util.concatUint8Array([ + serializedPublicKey, + this.unparseableKeyMaterial + ]); + } + + const arr = [serializedPublicKey]; + arr.push(new Uint8Array([this.s2kUsage])); + + const optionalFieldsArr = []; + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one- octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + optionalFieldsArr.push(this.symmetric); + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + optionalFieldsArr.push(this.aead); + } + + const s2k = this.s2k.write(); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + optionalFieldsArr.push(s2k.length); + } + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + optionalFieldsArr.push(...s2k); + } + + // - [Optional] If secret data is encrypted (string-to-key usage octet + // not zero), an Initial Vector (IV) of the same length as the + // cipher's block size. + if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { + optionalFieldsArr.push(...this.iv); + } + + if (this.version === 5 || (this.version === 6 && this.s2kUsage)) { + arr.push(new Uint8Array([optionalFieldsArr.length])); + } + arr.push(new Uint8Array(optionalFieldsArr)); + + if (!this.isDummy()) { + if (!this.s2kUsage) { + this.keyMaterial = mod$1.serializeParams(this.algorithm, this.privateParams); + } + + if (this.version === 5) { + arr.push(util.writeNumber(this.keyMaterial.length, 4)); + } + arr.push(this.keyMaterial); + + if (!this.s2kUsage && this.version !== 6) { + arr.push(util.writeChecksum(this.keyMaterial)); + } + } + + return util.concatUint8Array(arr); + } + + /** + * Check whether secret-key data is available in decrypted form. + * Returns false for gnu-dummy keys and null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return this.isEncrypted === false; + } + + /** + * Check whether the key includes secret key material. + * Some secret keys do not include it, and can thus only be used + * for public-key operations (encryption and verification). + * Such keys are: + * - GNU-dummy keys, where the secret material has been stripped away + * - encrypted keys with unsupported S2K or cipher + */ + isMissingSecretKeyMaterial() { + return this.unparseableKeyMaterial !== undefined || this.isDummy(); + } + + /** + * Check whether this is a gnu-dummy key + * @returns {Boolean} + */ + isDummy() { + return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + } + + /** + * Remove private key material, converting the key to a dummy one. + * The resulting key cannot be used for signing/decrypting but can still verify signatures. + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + makeDummy(config$1 = config) { + if (this.isDummy()) { + return; + } + if (this.isDecrypted()) { + this.clearPrivateParams(); + } + delete this.unparseableKeyMaterial; + this.isEncrypted = null; + this.keyMaterial = null; + this.s2k = newS2KFromType(enums.s2k.gnu, config$1); + this.s2k.algorithm = 0; + this.s2k.c = 0; + this.s2k.type = 'gnu-dummy'; + this.s2kUsage = 254; + this.symmetric = enums.symmetric.aes256; + this.isLegacyAEAD = null; + this.usedModernAEAD = null; + } + + /** + * Encrypt the payload. By default, we use aes256 and iterated, salted string + * to key specifier. If the key is in a decrypted state (isEncrypted === false) + * and the passphrase is empty or undefined, the key will be set as not encrypted. + * This can be used to remove passphrase protection after calling decrypt(). + * @param {String} passphrase + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + if (this.isDummy()) { + return; + } + + if (!this.isDecrypted()) { + throw new Error('Key packet is already encrypted'); + } + + if (!passphrase) { + throw new Error('A non-empty passphrase is required for key encryption.'); + } + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + const cleartext = mod$1.serializeParams(this.algorithm, this.privateParams); + this.symmetric = enums.symmetric.aes256; + + const { blockSize } = mod$1.getCipherParams(this.symmetric); + + if (config$1.aeadProtect) { + this.s2kUsage = 253; + this.aead = config$1.preferredAEADAlgorithm; + const mode = mod$1.getAEADMode(this.aead); + this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead. + this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material + + const serializedPacketTag = writeTag(this.constructor.tag); + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + + const modeInstance = await mode(this.symmetric, key); + this.iv = this.isLegacyAEAD ? mod$1.random.getRandomBytes(blockSize) : mod$1.random.getRandomBytes(mode.ivLength); + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + + this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData); + } else { + this.s2kUsage = 254; + this.usedModernAEAD = false; + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric); + this.iv = mod$1.random.getRandomBytes(blockSize); + this.keyMaterial = await mod$1.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ + cleartext, + await mod$1.hash.sha1(cleartext, config$1) + ]), this.iv, config$1); + } + } + + /** + * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. + * {@link SecretKeyPacket.isDecrypted} should be false, as + * otherwise calls to this function will throw an error. + * @param {String} passphrase - The passphrase for this private key as string + * @throws {Error} if the key is already decrypted, or if decryption was not successful + * @async + */ + async decrypt(passphrase) { + if (this.isDummy()) { + return false; + } + + if (this.unparseableKeyMaterial) { + throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); + } + + if (this.isDecrypted()) { + throw new Error('Key packet is already decrypted.'); + } + + let key; + const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only + if (this.s2kUsage === 254 || this.s2kUsage === 253) { + key = await produceEncryptionKey( + this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + } else if (this.s2kUsage === 255) { + throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); + } else { + throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); + } + + let cleartext; + if (this.s2kUsage === 253) { + const mode = mod$1.getAEADMode(this.aead); + const modeInstance = await mode(this.symmetric, key); + try { + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData); + } catch (err) { + if (err.message === 'Authentication tag mismatch') { + throw new Error('Incorrect key passphrase: ' + err.message); + } + throw err; + } + } else { + const cleartextWithHash = await mod$1.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); + + cleartext = cleartextWithHash.subarray(0, -20); + const hash = await mod$1.hash.sha1(cleartext); + + if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { + throw new Error('Incorrect key passphrase'); + } + } + + try { + const { privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + this.privateParams = privateParams; + } catch (err) { + throw new Error('Error reading MPIs'); + } + this.isEncrypted = false; + this.keyMaterial = null; + this.s2kUsage = 0; + this.aead = null; + this.symmetric = null; + this.isLegacyAEAD = null; + } + + /** + * Checks that the key parameters are consistent + * @throws {Error} if validation was not successful + * @async + */ + async validate() { + if (this.isDummy()) { + return; + } + + if (!this.isDecrypted()) { + throw new Error('Key is not decrypted'); + } + + if (this.usedModernAEAD) { + // key integrity confirmed by successful AEAD decryption + return; + } + + let validParams; + try { + // this can throw if some parameters are undefined + validParams = await mod$1.validateParams(this.algorithm, this.publicParams, this.privateParams); + } catch (_) { + validParams = false; + } + if (!validParams) { + throw new Error('Key is invalid'); + } + } + + async generate(bits, curve) { + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if (this.version === 6 && ( + (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) || + this.algorithm === enums.publicKey.eddsaLegacy + )) { + throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`); + } + const { privateParams, publicParams } = await mod$1.generateParams(this.algorithm, bits, curve); + this.privateParams = privateParams; + this.publicParams = publicParams; + this.isEncrypted = false; + } + + /** + * Clear private key parameters + */ + clearPrivateParams() { + if (this.isMissingSecretKeyMaterial()) { + return; + } + + Object.keys(this.privateParams).forEach(name => { + const param = this.privateParams[name]; + param.fill(0); + delete this.privateParams[name]; + }); + this.privateParams = null; + this.isEncrypted = true; + } +} + +/** + * Derive encryption key + * @param {Number} keyVersion - key derivation differs for v5 keys + * @param {module:type/s2k} s2k + * @param {String} passphrase + * @param {module:enums.symmetric} cipherAlgo + * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5) + * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5) + * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only) + * @returns encryption key + */ +async function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) { + if (s2k.type === 'argon2' && !aeadMode) { + throw new Error('Using Argon2 S2K without AEAD is not allowed'); + } + if (s2k.type === 'simple' && keyVersion === 6) { + throw new Error('Using Simple S2K with version 6 keys is not allowed'); + } + const { keySize } = mod$1.getCipherParams(cipherAlgo); + const derivedKey = await s2k.produceKey(passphrase, keySize); + if (!aeadMode || keyVersion === 5 || isLegacyAEAD) { + return derivedKey; + } + const info = util.concatUint8Array([ + serializedPacketTag, + new Uint8Array([keyVersion, cipherAlgo, aeadMode]) + ]); + return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize); +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the User ID Packet (Tag 13) + * + * A User ID packet consists of UTF-8 text that is intended to represent + * the name and email address of the key holder. By convention, it + * includes an RFC 2822 [RFC2822] mail name-addr, but there are no + * restrictions on its content. The packet length in the header + * specifies the length of the User ID. + */ +class UserIDPacket { + static get tag() { + return enums.packet.userID; + } + + constructor() { + /** A string containing the user id. Usually in the form + * John Doe + * @type {String} + */ + this.userID = ''; + + this.name = ''; + this.email = ''; + this.comment = ''; + } + + /** + * Create UserIDPacket instance from object + * @param {Object} userID - Object specifying userID name, email and comment + * @returns {UserIDPacket} + * @static + */ + static fromObject(userID) { + if (util.isString(userID) || + (userID.name && !util.isString(userID.name)) || + (userID.email && !util.isEmailAddress(userID.email)) || + (userID.comment && !util.isString(userID.comment))) { + throw new Error('Invalid user ID format'); + } + const packet = new UserIDPacket(); + Object.assign(packet, userID); + const components = []; + if (packet.name) components.push(packet.name); + if (packet.comment) components.push(`(${packet.comment})`); + if (packet.email) components.push(`<${packet.email}>`); + packet.userID = components.join(' '); + return packet; + } + + /** + * Parsing function for a user id packet (tag 13). + * @param {Uint8Array} input - Payload of a tag 13 packet + */ + read(bytes, config$1 = config) { + const userID = util.decodeUTF8(bytes); + if (userID.length > config$1.maxUserIDLength) { + throw new Error('User ID string is too long'); + } + + /** + * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1, + * as well comments placed between the name (if present) and the bracketed email address: + * - name (comment) + * - email + * In the first case, the `email` is the only required part, and it must contain the `@` symbol. + * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`, + * since they interfere with `comment` parsing. + */ + const re = /^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/; + const matches = re.exec(userID); + if (matches !== null) { + const { name, comment, email } = matches.groups; + this.comment = comment?.replace(/^\(|\)|\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace + this.name = name?.trim() || ''; + this.email = email.substring(1, email.length - 1); // remove brackets + } else if (/^[^\s@]+@[^\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace + this.email = userID; + } + + this.userID = userID; + } + + /** + * Creates a binary representation of the user id packet + * @returns {Uint8Array} Binary representation. + */ + write() { + return util.encodeUTF8(this.userID); + } + + equals(otherUserID) { + return otherUserID && otherUserID.userID === this.userID; + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret + * Key packet and has exactly the same format. + * @extends SecretKeyPacket + */ +class SecretSubkeyPacket extends SecretKeyPacket { + static get tag() { + return enums.packet.secretSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); + } +} + +/** + * Implementation of the Trust Packet (Tag 12) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: + * The Trust packet is used only within keyrings and is not normally + * exported. Trust packets contain data that record the user's + * specifications of which key holders are trustworthy introducers, + * along with other information that implementing software uses for + * trust information. The format of Trust packets is defined by a given + * implementation. + * + * Trust packets SHOULD NOT be emitted to output streams that are + * transferred to other users, and they SHOULD be ignored on any input + * other than local keyring files. + */ +class TrustPacket { + static get tag() { + return enums.packet.trust; + } + + /** + * Parsing function for a trust packet (tag 12). + * Currently not implemented as we ignore trust packets + */ + read() { + throw new UnsupportedError('Trust packets are not supported'); + } + + write() { + throw new UnsupportedError('Trust packets are not supported'); + } +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2022 Proton AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Padding Packet + * + * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}: + * Padding Packet + */ +class PaddingPacket { + static get tag() { + return enums.packet.padding; + } + + constructor() { + this.padding = null; + } + + /** + * Read a padding packet + * @param {Uint8Array | ReadableStream} bytes + */ + read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars + // Padding packets are ignored, so this function is never called. + } + + /** + * Write the padding packet + * @returns {Uint8Array} The padding packet. + */ + write() { + return this.padding; + } + + /** + * Create random padding. + * @param {Number} length - The length of padding to be generated. + * @throws {Error} if padding generation was not successful + * @async + */ + async createPadding(length) { + this.padding = await mod$1.random.getRandomBytes(length); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Signature can contain the following packets +const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + +/** + * Class that represents an OpenPGP signature. + */ +class Signature { + /** + * @param {PacketList} packetlist - The signature packets + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } + + /** + * Returns binary encoded signature + * @returns {ReadableStream} Binary signature. + */ + write() { + return this.packets.write(); + } + + /** + * Returns ASCII armored text of signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config$1); + } + + /** + * Returns an array of KeyIDs of all of the issuers who created this signature + * @returns {Array} The Key IDs of the signing keys + */ + getSigningKeyIDs() { + return this.packets.map(packet => packet.issuerKeyID); + } +} + +/** + * reads an (optionally armored) OpenPGP signature and returns a signature object + * @param {Object} options + * @param {String} [options.armoredSignature] - Armored signature to be parsed + * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New signature object. + * @async + * @static + */ +async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredSignature || binarySignature; + if (!input) { + throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); + } + if (armoredSignature && !util.isString(armoredSignature)) { + throw new Error('readSignature: options.armoredSignature must be a string'); + } + if (binarySignature && !util.isUint8Array(binarySignature)) { + throw new Error('readSignature: options.binarySignature must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (armoredSignature) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.signature) { + throw new Error('Armored text not of type signature'); + } + input = data; + } + const packetlist = await PacketList.fromBinary(input, allowedPackets$1, config$1); + return new Signature(packetlist); +} + +/** + * @fileoverview Provides helpers methods for key module + * @module key/helper + */ + + +async function generateSecretSubkey(options, config) { + const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); + secretSubkeyPacket.packets = null; + secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretSubkeyPacket.generate(options.rsaBits, options.curve); + await secretSubkeyPacket.computeFingerprintAndKeyID(); + return secretSubkeyPacket; +} + +async function generateSecretKey(options, config) { + const secretKeyPacket = new SecretKeyPacket(options.date, config); + secretKeyPacket.packets = null; + secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); + await secretKeyPacket.computeFingerprintAndKeyID(); + return secretKeyPacket; +} + +/** + * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. + * @param {Array} signatures - List of signatures + * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature + * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures, + * `enums.signatures.certGeneric` should be given regardless of the actual trust level) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - full configuration + * @returns {Promise} The latest valid signature. + * @async + */ +async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { + let latestValid; + let exception; + for (let i = signatures.length - 1; i >= 0; i--) { + try { + if ( + (!latestValid || signatures[i].created >= latestValid.created) + ) { + await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); + latestValid = signatures[i]; + } + } catch (e) { + exception = e; + } + } + if (!latestValid) { + throw util.wrapError( + `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` + .replace('certGeneric ', 'self-') + .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), + exception); + } + return latestValid; +} + +function isDataExpired(keyPacket, signature, date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + const expirationTime = getKeyExpirationTime(keyPacket, signature); + return !(keyPacket.created <= normDate && normDate < expirationTime); + } + return false; +} + +/** + * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} + * @param {SecretSubkeyPacket} subkey - Subkey key packet + * @param {SecretKeyPacket} primaryKey - Primary key packet + * @param {Object} options + * @param {Object} config - Full configuration + */ +async function createBindingSignature(subkey, primaryKey, options, config) { + const dataToSign = {}; + dataToSign.key = primaryKey; + dataToSign.bind = subkey; + const signatureProperties = { signatureType: enums.signature.subkeyBinding }; + if (options.sign) { + signatureProperties.keyFlags = [enums.keyFlags.signData]; + signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, { + signatureType: enums.signature.keyBinding + }, options.date, undefined, undefined, undefined, config); + } else { + signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; + } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; + } + const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); + return subkeySignaturePacket; +} + +/** + * Returns the preferred signature hash algorithm for a set of keys. + * @param {Array} [targetKeys] - The keys to get preferences from + * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from + * @param {Object} config - full configuration + * @returns {Promise} + * @async + */ +async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { + /** + * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the + * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). + * if no keys are available, `preferredSenderAlgo` is returned. + * For ECC signing key, the curve preferred hash is taken into account as well (see logic below). + */ + const defaultAlgo = enums.hash.sha256; // MUST implement + const preferredSenderAlgo = config.preferredHashAlgorithm; + + const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => { + const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config); + const targetPrefs = selfCertification.preferredHashAlgorithms; + return targetPrefs; + })); + const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys + for (const supportedAlgos of supportedAlgosPerTarget) { + for (const hashAlgo of supportedAlgos) { + try { + // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on + const supportedAlgo = enums.write(enums.hash, hashAlgo); + supportedAlgosMap.set( + supportedAlgo, + supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1 + ); + } catch {} + } + } + const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo; + const getStrongestSupportedHashAlgo = () => { + if (supportedAlgosMap.size === 0) { + return defaultAlgo; + } + const sortedHashAlgos = Array.from(supportedAlgosMap.keys()) + .filter(hashAlgo => isSupportedHashAlgo(hashAlgo)) + .sort((algoA, algoB) => mod$1.hash.getHashByteLength(algoA) - mod$1.hash.getHashByteLength(algoB)); + const strongestHashAlgo = sortedHashAlgos[0]; + // defaultAlgo is always implicilty supported, and might be stronger than the rest + return mod$1.hash.getHashByteLength(strongestHashAlgo) >= mod$1.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo; + }; + + const eccAlgos = new Set([ + enums.publicKey.ecdsa, + enums.publicKey.eddsaLegacy, + enums.publicKey.ed25519, + enums.publicKey.ed448 + ]); + + if (eccAlgos.has(signingKeyPacket.algorithm)) { + // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: + // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 + // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough; + // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve + // preferred algo, even if not supported by all targets. + const preferredCurveAlgo = mod$1.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid); + + const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo); + const preferredSenderAlgoStrongerThanCurveAlgo = mod$1.hash.getHashByteLength(preferredSenderAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo); + + if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) { + return preferredSenderAlgo; + } else { + const strongestSupportedAlgo = getStrongestSupportedHashAlgo(); + return mod$1.hash.getHashByteLength(strongestSupportedAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo) ? + strongestSupportedAlgo : + preferredCurveAlgo; + } + } + + // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this, + // since it was manually set by the sender. + return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo(); +} + +/** + * Returns the preferred compression algorithm for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Preferred compression algorithm + * @async + */ +async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const defaultAlgo = enums.compression.uncompressed; + const preferredSenderAlgo = config$1.preferredCompressionAlgorithm; + + // if preferredSenderAlgo appears in the prefs of all recipients, we pick it + // otherwise we use the default algo + // if no keys are available, preferredSenderAlgo is returned + const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { + const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config$1); + const recipientPrefs = selfCertification.preferredCompressionAlgorithms; + return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; + })); + return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; +} + +/** + * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred + * @async + */ +async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1))); + const withAEAD = keys.length ? + selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) : + config$1.aeadProtect; + + if (withAEAD) { + const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb }; + const desiredCipherSuites = [ + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: config$1.preferredAEADAlgorithm }, + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb }, + { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config$1.preferredAEADAlgorithm } + ]; + for (const desiredCipherSuite of desiredCipherSuites) { + if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some( + cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo + ))) { + return desiredCipherSuite; + } + } + return defaultCipherSuite; + } + const defaultSymAlgo = enums.symmetric.aes128; + const desiredSymAlgo = config$1.preferredSymmetricAlgorithm; + return { + symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ? + desiredSymAlgo : + defaultSymAlgo, + aeadAlgo: undefined + }; +} + +/** + * Create signature packet + * @param {Object} dataToSign - Contains packets to be signed + * @param {Array} recipientKeys - keys to get preferences from + * @param {SecretKeyPacket| + * SecretSubkeyPacket} signingKeyPacket secret key packet for signing + * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing + * @param {Date} [date] - Override the creationtime of the signature + * @param {Object} [userID] - User ID + * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [detached] - Whether to create a detached signature packet + * @param {Object} config - full configuration + * @returns {Promise} Signature packet. + */ +async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) { + if (signingKeyPacket.isDummy()) { + throw new Error('Cannot sign with a gnu-dummy key.'); + } + if (!signingKeyPacket.isDecrypted()) { + throw new Error('Signing key is not decrypted.'); + } + const signaturePacket = new SignaturePacket(); + Object.assign(signaturePacket, signatureProperties); + signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; + signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config); + signaturePacket.rawNotations = [...notations]; + await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config); + return signaturePacket; +} + +/** + * Merges signatures from source[attr] to dest[attr] + * @param {Object} source + * @param {Object} dest + * @param {String} attr + * @param {Date} [date] - date to use for signature expiration check, instead of the current time + * @param {Function} [checkFn] - signature only merged if true + */ +async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { + source = source[attr]; + if (source) { + if (!dest[attr].length) { + dest[attr] = source; + } else { + await Promise.all(source.map(async function(sourceSig) { + if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && + !dest[attr].some(function(destSig) { + return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); + })) { + dest[attr].push(sourceSig); + } + })); + } + } +} + +/** + * Checks if a given certificate or binding signature is revoked + * @param {SecretKeyPacket| + * PublicKeyPacket} primaryKey The primary key packet + * @param {Object} dataToVerify - The data to check + * @param {Array} revocations - The revocation signatures to check + * @param {SignaturePacket} signature - The certificate or signature to check + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the signature revokes the data. + * @async + */ +async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { + key = key || primaryKey; + const revocationKeyIDs = []; + await Promise.all(revocations.map(async function(revocationSignature) { + try { + if ( + // Note: a third-party revocation signature could legitimately revoke a + // self-signature if the signature has an authorized revocation key. + // However, we don't support passing authorized revocation keys, nor + // verifying such revocation signatures. Instead, we indicate an error + // when parsing a key with an authorized revocation key, and ignore + // third-party revocation signatures here. (It could also be revoking a + // third-party key certification, which should only affect + // `verifyAllCertifications`.) + !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) + ) { + const isHardRevocation = ![ + enums.reasonForRevocation.keyRetired, + enums.reasonForRevocation.keySuperseded, + enums.reasonForRevocation.userIDInvalid + ].includes(revocationSignature.reasonForRevocationFlag); + + await revocationSignature.verify( + key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config + ); + + // TODO get an identifier of the revoked object instead + revocationKeyIDs.push(revocationSignature.issuerKeyID); + } + } catch (e) {} + })); + // TODO further verify that this is the signature that should be revoked + if (signature) { + signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : + signature.revoked || false; + return signature.revoked; + } + return revocationKeyIDs.length > 0; +} + +/** + * Returns key expiration time based on the given certification signature. + * The expiration time of the signature is ignored. + * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check + * @param {SignaturePacket} signature - signature to process + * @returns {Date|Infinity} expiration time or infinity if the key does not expire + */ +function getKeyExpirationTime(keyPacket, signature) { + let expirationTime; + // check V4 expiration time + if (signature.keyNeverExpires === false) { + expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; + } + return expirationTime ? new Date(expirationTime) : Infinity; +} + +function sanitizeKeyOptions(options, subkeyDefaults = {}) { + options.type = options.type || subkeyDefaults.type; + options.curve = options.curve || subkeyDefaults.curve; + options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; + options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; + + options.sign = options.sign || false; + + switch (options.type) { + case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve` + try { + options.curve = enums.write(enums.curve, options.curve); + } catch (e) { + throw new Error('Unknown curve'); + } + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy || + options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now + options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; + } + if (options.sign) { + options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; + } else { + options.algorithm = enums.publicKey.ecdh; + } + break; + case 'curve25519': + options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519; + break; + case 'curve448': + options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448; + break; + case 'rsa': + options.algorithm = enums.publicKey.rsaEncryptSign; + break; + default: + throw new Error(`Unsupported key type ${options.type}`); + } + return options; +} + +function validateSigningKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + default: + return false; + } +} + +function validateEncryptionKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + default: + return false; + } +} + +function validateDecryptionKeyPacket(keyPacket, signature, config) { + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) { + // This is only relevant for RSA keys, all other signing algorithms cannot decrypt + return true; + } + + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + } + default: + return false; + } +} + +/** + * Check key against blacklisted algorithms and minimum strength requirements. + * @param {SecretKeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket + * @param {Config} config + * @throws {Error} if the key packet does not meet the requirements + */ +function checkKeyRequirements(keyPacket, config) { + const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); + const algoInfo = keyPacket.getAlgorithmInfo(); + if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { + throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); + } + switch (keyAlgo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.rsaEncrypt: + if (algoInfo.bits < config.minRSABits) { + throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); + } + break; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ecdh: + if (config.rejectCurves.has(algoInfo.curve)) { + throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); + } + break; + } +} + +/** + * @module key/User + */ + + +/** + * Class that represents an user ID or attribute packet and the relevant signatures. + * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info + * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + */ +class User { + constructor(userPacket, mainKey) { + this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; + this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; + this.selfCertifications = []; + this.otherCertifications = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } + + /** + * Transforms structured user data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.userID || this.userAttribute); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.selfCertifications); + packetlist.push(...this.otherCertifications); + return packetlist; + } + + /** + * Shallow clone + * @returns {User} + */ + clone() { + const user = new User(this.userID || this.userAttribute, this.mainKey); + user.selfCertifications = [...this.selfCertifications]; + user.otherCertifications = [...this.otherCertifications]; + user.revocationSignatures = [...this.revocationSignatures]; + return user; + } + + /** + * Generate third-party certifications over this user and its primary key + * @param {Array} signingKeys - Decrypted private keys for signing + * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} New user with new certifications. + * @async + */ + async certify(signingKeys, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { + if (!privateKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + if (privateKey.hasSameFingerprintAs(primaryKey)) { + throw new Error("The user's own key can only be used for self-certifications"); + } + const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); + return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, { + // Most OpenPGP implementations use generic certification (0x10) + signatureType: enums.signature.certGeneric, + keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] + }, date, undefined, undefined, undefined, config); + })); + await user.update(this, date, config); + return user; + } + + /** + * Checks if a given certificate of the user is revoked + * @param {SignaturePacket} certificate - The certificate to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked(primaryKey, enums.signature.certRevocation, { + key: primaryKey, + userID: this.userID, + userAttribute: this.userAttribute + }, this.revocationSignatures, certificate, keyPacket, date, config$1); + } + + /** + * Verifies the user certificate. + * @param {SignaturePacket} certificate - A certificate of this user + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate + * @throws if the user certificate is invalid. + * @async + */ + async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const { issuerKeyID } = certificate; + const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); + if (issuerKeys.length === 0) { + return null; + } + await Promise.all(issuerKeys.map(async key => { + const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); + if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { + throw new Error('User certificate is revoked'); + } + try { + await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('User certificate is invalid', e); + } + })); + return true; + } + + /** + * Verifies all user certificates + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllCertifications(verificationKeys, date = new Date(), config) { + const that = this; + const certifications = this.selfCertifications.concat(this.otherCertifications); + return Promise.all(certifications.map(async certification => ({ + keyID: certification.issuerKeyID, + valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) + }))); + } + + /** + * Verify User. Checks for existence of self signatures, revocation signatures + * and validity of self signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} Status of user. + * @throws {Error} if there are no valid self signatures. + * @async + */ + async verify(date = new Date(), config) { + if (!this.selfCertifications.length) { + throw new Error('No self-certifications found'); + } + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // TODO replace when Promise.some or Promise.any are implemented + let exception; + for (let i = this.selfCertifications.length - 1; i >= 0; i--) { + try { + const selfCertification = this.selfCertifications[i]; + if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { + throw new Error('Self-certification is revoked'); + } + try { + await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('Self-certification is invalid', e); + } + return true; + } catch (e) { + exception = e; + } + } + throw exception; + } + + /** + * Update user with new components from specified user + * @param {User} sourceUser - Source user to merge + * @param {Date} date - Date to verify the validity of signatures + * @param {Object} config - Full configuration + * @returns {Promise} + * @async + */ + async update(sourceUser, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // self signatures + await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { + try { + await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); + return true; + } catch (e) { + return false; + } + }); + // other signatures + await mergeSignatures(sourceUser, this, 'otherCertifications', date); + // revocation signatures + await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); + }); + } + + /** + * Revokes the user + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New user with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.certRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await user.update(this); + return user; + } +} + +/** + * @module key/Subkey + */ + + +/** + * Class that represents a subkey packet and the relevant signatures. + * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID + * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint + * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs + * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo + * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime + * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + */ +class Subkey { + /** + * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey + * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey + */ + constructor(subkeyPacket, mainKey) { + this.keyPacket = subkeyPacket; + this.bindingSignatures = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } + + /** + * Transforms structured subkey data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.bindingSignatures); + return packetlist; + } + + /** + * Shallow clone + * @return {Subkey} + */ + clone() { + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.bindingSignatures = [...this.bindingSignatures]; + subkey.revocationSignatures = [...this.revocationSignatures]; + return subkey; + } + + /** + * Checks if a binding signature of a subkey is revoked + * @param {SignaturePacket} signature - The binding signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the binding signature is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked( + primaryKey, enums.signature.subkeyRevocation, { + key: primaryKey, + bind: this.keyPacket + }, this.revocationSignatures, signature, key, date, config$1 + ); + } + + /** + * Verify subkey. Checks for revocation signatures, expiration time + * and valid binding signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} if the subkey is invalid. + * @async + */ + async verify(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + // check subkey binding signatures + const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + // check binding signature is not revoked + if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { + throw new Error('Subkey is revoked'); + } + // check for expiration time + if (isDataExpired(this.keyPacket, bindingSignature, date)) { + throw new Error('Subkey is expired'); + } + return bindingSignature; + } + + /** + * Returns the expiration time of the subkey or Infinity if key does not expire. + * Returns null if the subkey is invalid. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + let bindingSignature; + try { + bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + } catch (e) { + return null; + } + const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); + const sigExpiry = bindingSignature.getExpirationTime(); + return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; + } + + /** + * Update subkey with new components from specified subkey + * @param {Subkey} subkey - Source subkey to merge + * @param {Date} [date] - Date to verify validity of signatures + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if update failed + * @async + */ + async update(subkey, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + if (!this.hasSameFingerprintAs(subkey)) { + throw new Error('Subkey update method: fingerprints of subkeys not equal'); + } + // key packet + if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && + subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { + this.keyPacket = subkey.keyPacket; + } + // update missing binding signatures + const that = this; + const dataToVerify = { key: primaryKey, bind: that.keyPacket }; + await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { + for (let i = 0; i < that.bindingSignatures.length; i++) { + if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { + if (srcBindSig.created > that.bindingSignatures[i].created) { + that.bindingSignatures[i] = srcBindSig; + } + return false; + } + } + try { + await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); + return true; + } catch (e) { + return false; + } + }); + // revocation signatures + await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); + }); + } + + /** + * Revokes the subkey + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New subkey with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { key: primaryKey, bind: this.keyPacket }; + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.subkeyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await subkey.update(this); + return subkey; + } + + hasSameFingerprintAs(other) { + return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + } +} + +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { + Subkey.prototype[name] = + function() { + return this.keyPacket[name](); + }; +}); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A key revocation certificate can contain the following packets +const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); +const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); +const keyPacketTags = new Set([ + enums.packet.publicKey, enums.packet.privateKey, + enums.packet.publicSubkey, enums.packet.privateSubkey +]); + +/** + * Abstract class that represents an OpenPGP key. Must contain a primary key. + * Can contain additional subkeys, signatures, user ids, user attributes. + * @borrows PublicKeyPacket#getKeyID as Key#getKeyID + * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint + * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs + * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo + * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + */ +class Key { + /** + * Transforms packetlist to structured key data + * @param {PacketList} packetlist - The packets that form a key + * @param {Set} disallowedPackets - disallowed packet tags + */ + packetListToStructure(packetlist, disallowedPackets = new Set()) { + let user; + let primaryKeyID; + let subkey; + let ignoreUntil; + + for (const packet of packetlist) { + + if (packet instanceof UnparseablePacket) { + const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); + if (isUnparseableKeyPacket && !ignoreUntil) { + // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must + // discard all non-key packets that follow, until another (sub)key packet is found. + if (mainKeyPacketTags.has(packet.tag)) { + ignoreUntil = mainKeyPacketTags; + } else { + ignoreUntil = keyPacketTags; + } + } + continue; + } + + const tag = packet.constructor.tag; + if (ignoreUntil) { + if (!ignoreUntil.has(tag)) continue; + ignoreUntil = null; + } + if (disallowedPackets.has(tag)) { + throw new Error(`Unexpected packet type: ${tag}`); + } + switch (tag) { + case enums.packet.publicKey: + case enums.packet.secretKey: + if (this.keyPacket) { + throw new Error('Key block contains multiple keys'); + } + this.keyPacket = packet; + primaryKeyID = this.getKeyID(); + if (!primaryKeyID) { + throw new Error('Missing Key ID'); + } + break; + case enums.packet.userID: + case enums.packet.userAttribute: + user = new User(packet, this); + this.users.push(user); + break; + case enums.packet.publicSubkey: + case enums.packet.secretSubkey: + user = null; + subkey = new Subkey(packet, this); + this.subkeys.push(subkey); + break; + case enums.packet.signature: + switch (packet.signatureType) { + case enums.signature.certGeneric: + case enums.signature.certPersona: + case enums.signature.certCasual: + case enums.signature.certPositive: + if (!user) { + util.printDebug('Dropping certification signatures without preceding user packet'); + continue; + } + if (packet.issuerKeyID.equals(primaryKeyID)) { + user.selfCertifications.push(packet); + } else { + user.otherCertifications.push(packet); + } + break; + case enums.signature.certRevocation: + if (user) { + user.revocationSignatures.push(packet); + } else { + this.directSignatures.push(packet); + } + break; + case enums.signature.key: + this.directSignatures.push(packet); + break; + case enums.signature.subkeyBinding: + if (!subkey) { + util.printDebug('Dropping subkey binding signature without preceding subkey packet'); + continue; + } + subkey.bindingSignatures.push(packet); + break; + case enums.signature.keyRevocation: + this.revocationSignatures.push(packet); + break; + case enums.signature.subkeyRevocation: + if (!subkey) { + util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); + continue; + } + subkey.revocationSignatures.push(packet); + break; + } + break; + } + } + } + + /** + * Transforms structured key data to packetlist + * @returns {PacketList} The packets that form a key. + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.directSignatures); + this.users.map(user => packetlist.push(...user.toPacketList())); + this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); + return packetlist; + } + + /** + * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. + * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. + * @returns {Promise} Clone of the key. + */ + clone(clonePrivateParams = false) { + const key = new this.constructor(this.toPacketList()); + if (clonePrivateParams) { + key.getKeys().forEach(k => { + // shallow clone the key packets + k.keyPacket = Object.create( + Object.getPrototypeOf(k.keyPacket), + Object.getOwnPropertyDescriptors(k.keyPacket) + ); + if (!k.keyPacket.isDecrypted()) return; + // deep clone the private params, which are cleared during encryption + const privateParams = {}; + Object.keys(k.keyPacket.privateParams).forEach(name => { + privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); + }); + k.keyPacket.privateParams = privateParams; + }); + } + return key; + } + + /** + * Returns an array containing all public or private subkeys matching keyID; + * If no keyID is given, returns all subkeys. + * @param {type/keyID} [keyID] - key ID to look for + * @returns {Array} array of subkeys + */ + getSubkeys(keyID = null) { + const subkeys = this.subkeys.filter(subkey => ( + !keyID || subkey.getKeyID().equals(keyID, true) + )); + return subkeys; + } + + /** + * Returns an array containing all public or private keys matching keyID. + * If no keyID is given, returns all keys, starting with the primary key. + * @param {type/keyid~KeyID} [keyID] - key ID to look for + * @returns {Array} array of keys + */ + getKeys(keyID = null) { + const keys = []; + if (!keyID || this.getKeyID().equals(keyID, true)) { + keys.push(this); + } + return keys.concat(this.getSubkeys(keyID)); + } + + /** + * Returns key IDs of all keys + * @returns {Array} + */ + getKeyIDs() { + return this.getKeys().map(key => key.getKeyID()); + } + + /** + * Returns userIDs + * @returns {Array} Array of userIDs. + */ + getUserIDs() { + return this.users.map(user => { + return user.userID ? user.userID.userID : null; + }).filter(userID => userID !== null); + } + + /** + * Returns binary encoded key + * @returns {Uint8Array} Binary key. + */ + write() { + return this.toPacketList().write(); + } + + /** + * Returns last created key or key by given keyID that is available for signing and verification + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} signing key + * @throws if no valid signing key was found + * @async + */ + async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); + } + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature( + subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 + ); + if (!validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + continue; + } + if (!bindingSignature.embeddedSignature) { + throw new Error('Missing embedded signature'); + } + // verify embedded signature + await getLatestValidSignature( + [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 + ); + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } catch (e) { + exception = e; + } + } + } + + try { + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateSigningKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; + } + throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); + } + + /** + * Returns last created key or key by given keyID that is available for encryption or decryption + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} encryption key + * @throws if no valid encryption key was found + * @async + */ + async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); + } + // V4: by convention subkeys are preferred for encryption service + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } + } catch (e) { + exception = e; + } + } + } + + try { + // if no valid subkey for encryption, evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateEncryptionKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; + } + throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + } + + /** + * Checks if a signature on a key is revoked + * @param {SignaturePacket} signature - The signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + return isDataRevoked( + this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 + ); + } + + /** + * Verify primary key. Checks for revocation signatures, expiration time + * and valid self signature. Throws if the primary key is invalid. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} If key verification failed + * @async + */ + async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + // check for key revocation signatures + if (await this.isRevoked(null, null, date, config$1)) { + throw new Error('Primary key is revoked'); + } + // check for valid, unrevoked, unexpired self signature + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + // check for expiration time in binding signatures + if (isDataExpired(primaryKey, selfCertification, date)) { + throw new Error('Primary key is expired'); + } + if (primaryKey.version !== 6) { + // check for expiration time in direct signatures (for V6 keys, the above already did so) + const directSignature = await getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key + + if (directSignature && isDataExpired(primaryKey, directSignature, date)) { + throw new Error('Primary key is expired'); + } + } + } + + /** + * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. + * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. + * @param {Object} [userID] - User ID to consider instead of the primary user + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(userID, config$1 = config) { + let primaryKeyExpiry; + try { + const selfCertification = await this.getPrimarySelfSignature(null, userID, config$1); + const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); + const selfSigExpiry = selfCertification.getExpirationTime(); + const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature. + await getLatestValidSignature( + this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 + ).catch(() => {}); + if (directSignature) { + const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); + // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, + // causing a discountinous validy period for the key + primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); + } else { + primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; + } + } catch (e) { + primaryKeyExpiry = null; + } + + return util.normalizeDate(primaryKeyExpiry); + } + + + /** + * For V4 keys, returns the self-signature of the primary user. + * For V5 keys, returns the latest valid direct-key self-signature. + * This self-signature is to be used to check the key expiration, + * algorithm preferences, and so on. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} The primary self-signature + * @async + */ + async getPrimarySelfSignature(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + if (primaryKey.version === 6) { + return getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ); + } + const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + return selfCertification; + } + + /** + * Returns primary user and most significant (latest valid) self signature + * - if multiple primary users exist, returns the one with the latest self signature + * - otherwise, returns the user with the latest self signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * user: User, + * selfCertification: SignaturePacket + * }>} The primary user and the self signature + * @async + */ + async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const users = []; + let exception; + for (let i = 0; i < this.users.length; i++) { + try { + const user = this.users[i]; + if (!user.userID) { + continue; + } + if ( + (userID.name !== undefined && user.userID.name !== userID.name) || + (userID.email !== undefined && user.userID.email !== userID.email) || + (userID.comment !== undefined && user.userID.comment !== userID.comment) + ) { + throw new Error('Could not find user that matches that user ID'); + } + const dataToVerify = { userID: user.userID, key: primaryKey }; + const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); + users.push({ index: i, user, selfCertification }); + } catch (e) { + exception = e; + } + } + if (!users.length) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('Could not find primary user'); + } + await Promise.all(users.map(async function (a) { + return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); + })); + // sort by primary user flag and signature creation time + const primaryUser = users.sort(function(a, b) { + const A = a.selfCertification; + const B = b.selfCertification; + return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; + }).pop(); + const { user, selfCertification: cert } = primaryUser; + if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { + throw new Error('Primary user is revoked'); + } + return primaryUser; + } + + /** + * Update key with new components from specified key with same key ID: + * users, subkeys, certificates are merged into the destination key, + * duplicates and expired signatures are ignored. + * + * If the source key is a private key and the destination key is public, + * a private key is returned. + * @param {Key} sourceKey - Source key to merge + * @param {Date} [date] - Date to verify validity of signatures and keys + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} updated key + * @async + */ + async update(sourceKey, date = new Date(), config$1 = config) { + if (!this.hasSameFingerprintAs(sourceKey)) { + throw new Error('Primary key fingerprints must be equal to update the key'); + } + if (!this.isPrivate() && sourceKey.isPrivate()) { + // check for equal subkey packets + const equal = (this.subkeys.length === sourceKey.subkeys.length) && + (this.subkeys.every(destSubkey => { + return sourceKey.subkeys.some(srcSubkey => { + return destSubkey.hasSameFingerprintAs(srcSubkey); + }); + })); + if (!equal) { + throw new Error('Cannot update public key with private key if subkeys mismatch'); + } + + return sourceKey.update(this, config$1); + } + // from here on, either: + // - destination key is private, source key is public + // - the keys are of the same type + // hence we don't need to convert the destination key type + const updatedKey = this.clone(); + // revocation signatures + await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { + return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); + }); + // direct signatures + await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); + // update users + await Promise.all(sourceKey.users.map(async srcUser => { + // multiple users with the same ID/attribute are not explicitly disallowed by the spec + // hence we support them, just in case + const usersToUpdate = updatedKey.users.filter(dstUser => ( + (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || + (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) + )); + if (usersToUpdate.length > 0) { + await Promise.all( + usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) + ); + } else { + const newUser = srcUser.clone(); + newUser.mainKey = updatedKey; + updatedKey.users.push(newUser); + } + })); + // update subkeys + await Promise.all(sourceKey.subkeys.map(async srcSubkey => { + // multiple subkeys with same fingerprint might be preset + const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( + dstSubkey.hasSameFingerprintAs(srcSubkey) + )); + if (subkeysToUpdate.length > 0) { + await Promise.all( + subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) + ); + } else { + const newSubkey = srcSubkey.clone(); + newSubkey.mainKey = updatedKey; + updatedKey.subkeys.push(newSubkey); + } + })); + + return updatedKey; + } + + /** + * Get revocation certificate from a revoked key. + * (To get a revocation certificate for an unrevoked key, call revoke() first.) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Armored revocation certificate. + * @async + */ + async getRevocationCertificate(date = new Date(), config$1 = config) { + const dataToVerify = { key: this.keyPacket }; + const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); + const packetlist = new PacketList(); + packetlist.push(revocationSignature); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config$1); + } + + /** + * Applies a revocation certificate to a key + * This adds the first signature packet in the armored text to the key, + * if it is a valid revocation signature. + * @param {String} revocationCertificate - armored revocation certificate + * @param {Date} [date] - Date to verify the certificate + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Revoked key. + * @async + */ + async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { + const input = await unarmor(revocationCertificate); + const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); + const revocationSignature = packetlist.findPacket(enums.packet.signature); + if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { + throw new Error('Could not find revocation signature packet'); + } + if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { + throw new Error('Revocation signature does not match key'); + } + try { + await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); + } catch (e) { + throw util.wrapError('Could not verify revocation signature', e); + } + const key = this.clone(); + key.revocationSignatures.push(revocationSignature); + return key; + } + + /** + * Signs primary user of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signPrimaryUser(privateKeys, date, userID, config$1 = config) { + const { index, user } = await this.getPrimaryUser(date, userID, config$1); + const userSign = await user.certify(privateKeys, date, config$1); + const key = this.clone(); + key.users[index] = userSign; + return key; + } + + /** + * Signs all users of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for signing, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signAllUsers(privateKeys, date = new Date(), config$1 = config) { + const key = this.clone(); + key.users = await Promise.all(this.users.map(function(user) { + return user.certify(privateKeys, date, config$1); + })); + return key; + } + + /** + * Verifies primary user of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { + const primaryKey = this.keyPacket; + const { user } = await this.getPrimaryUser(date, userID, config$1); + const results = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + return results; + } + + /** + * Verifies all users of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of userID, signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { + const primaryKey = this.keyPacket; + const results = []; + await Promise.all(this.users.map(async user => { + const signatures = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + + results.push(...signatures.map( + signature => ({ + userID: user.userID ? user.userID.userID : null, + userAttribute: user.userAttribute, + keyID: signature.keyID, + valid: signature.valid + })) + ); + })); + return results; + } +} + +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { + Key.prototype[name] = + Subkey.prototype[name]; +}); + +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Class that represents an OpenPGP Public Key + */ +class PublicKey extends Key { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.keyPacket = null; + this.revocationSignatures = []; + this.directSignatures = []; + this.users = []; + this.subkeys = []; + if (packetlist) { + this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing public-key packet'); + } + } + } + + /** + * Returns true if this is a private key + * @returns {false} + */ + isPrivate() { + return false; + } + + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + return this; + } + + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } +} + +/** + * Class that represents an OpenPGP Private key + */ +class PrivateKey extends PublicKey { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing private-key packet'); + } + } + + /** + * Returns true if this is a private key + * @returns {Boolean} + */ + isPrivate() { + return true; + } + + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + const packetlist = new PacketList(); + const keyPackets = this.toPacketList(); + for (const keyPacket of keyPackets) { + switch (keyPacket.constructor.tag) { + case enums.packet.secretKey: { + const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); + packetlist.push(pubKeyPacket); + break; + } + case enums.packet.secretSubkey: { + const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); + packetlist.push(pubSubkeyPacket); + break; + } + default: + packetlist.push(keyPacket); + } + } + return new PublicKey(packetlist); + } + + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } + + /** + * Returns all keys that are available for decryption, matching the keyID when given + * This is useful to retrieve keys for session key decryption + * @param {module:type/keyid~KeyID} keyID, optional + * @param {Date} date, optional + * @param {String} userID, optional + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} Array of decryption keys. + * @throws {Error} if no decryption key is found + * @async + */ + async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const keys = []; + let exception = null; + for (let i = 0; i < this.subkeys.length; i++) { + if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { + if (this.subkeys[i].keyPacket.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + continue; + } + + try { + const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; + const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config$1)) { + keys.push(this.subkeys[i]); + } + } catch (e) { + exception = e; + } + } + } + + // evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && validateDecryptionKeyPacket(primaryKey, selfCertification, config$1)) { + if (primaryKey.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + } else { + keys.push(this); + } + } + + if (keys.length === 0) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('No decryption key packets found'); + } + + return keys; + } + + /** + * Returns true if the primary key or any subkey is decrypted. + * A dummy key is considered encrypted. + */ + isDecrypted() { + return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); + } + + /** + * Check whether the private and public primary key parameters correspond + * Together with verification of binding signatures, this guarantees key integrity + * In case of gnu-dummy primary key, it is enough to validate any signing subkeys + * otherwise all encryption subkeys are validated + * If only gnu-dummy keys are found, we cannot properly validate so we throw an error + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if validation was not successful and the key cannot be trusted + * @async + */ + async validate(config$1 = config) { + if (!this.isPrivate()) { + throw new Error('Cannot validate a public key'); + } + + let signingKeyPacket; + if (!this.keyPacket.isDummy()) { + signingKeyPacket = this.keyPacket; + } else { + /** + * It is enough to validate any signing keys + * since its binding signatures are also checked + */ + const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); + // This could again be a dummy key + if (signingKey && !signingKey.keyPacket.isDummy()) { + signingKeyPacket = signingKey.keyPacket; + } + } + + if (signingKeyPacket) { + return signingKeyPacket.validate(); + } else { + const keys = this.getKeys(); + const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); + if (allDummies) { + throw new Error('Cannot validate an all-gnu-dummy key'); + } + + return Promise.all(keys.map(async key => key.keyPacket.validate())); + } + } + + /** + * Clear private key parameters + */ + clearPrivateParams() { + this.getKeys().forEach(({ keyPacket }) => { + if (keyPacket.isDecrypted()) { + keyPacket.clearPrivateParams(); + } + }); + } + + /** + * Revokes the key + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New key with revocation signature. + * @async + */ + async revoke( + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + if (!this.isPrivate()) { + throw new Error('Need private key for revoking'); + } + const dataToSign = { key: this.keyPacket }; + const key = this.clone(); + key.revocationSignatures.push(await createSignaturePacket(dataToSign, [], this.keyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, undefined, config$1)); + return key; + } + + + /** + * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. + * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519. + * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. + * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format). + * Note: Curve448 and Curve25519 are not widely supported yet. + * @param {String} options.curve (optional) Elliptic curve for ECC keys + * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date (optional) Override the creation date of the key and the key signatures + * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false + * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} + * @async + */ + async addSubkey(options = {}) { + const config$1 = { ...config, ...options.config }; + if (options.passphrase) { + throw new Error('Subkey could not be encrypted here, please encrypt whole key'); + } + if (options.rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); + } + const secretKeyPacket = this.keyPacket; + if (secretKeyPacket.isDummy()) { + throw new Error('Cannot add subkey to gnu-dummy primary key'); + } + if (!secretKeyPacket.isDecrypted()) { + throw new Error('Key is not decrypted'); + } + const defaultOptions = secretKeyPacket.getAlgorithmInfo(); + defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm); + defaultOptions.rsaBits = defaultOptions.bits || 4096; + defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy'; + options = sanitizeKeyOptions(options, defaultOptions); + // Every subkey for a v4 primary key MUST be a v4 subkey. + // Every subkey for a v6 primary key MUST be a v6 subkey. + // For v5 keys, since we dropped generation support, a v4 subkey is added. + // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user. + const keyPacket = await generateSecretSubkey(options, { ...config$1, v6Keys: this.keyPacket.version === 6 }); + checkKeyRequirements(keyPacket, config$1); + const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); + const packetList = this.toPacketList(); + packetList.push(keyPacket, bindingSignature); + return new PrivateKey(packetList); + } +} + +function getDefaultSubkeyType(algoName) { + const algo = enums.write(enums.publicKey, algoName); + // NB: no encryption-only algos, since they cannot be in primary keys + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + return 'rsa'; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return 'ecc'; + case enums.publicKey.ed25519: + return 'curve25519'; + case enums.publicKey.ed448: + return 'curve448'; + default: + throw new Error('Unsupported algorithm'); + } +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Key can contain the following packets +const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ + PublicKeyPacket, + PublicSubkeyPacket, + SecretKeyPacket, + SecretSubkeyPacket, + UserIDPacket, + UserAttributePacket, + SignaturePacket +]); + +/** + * Creates a PublicKey or PrivateKey depending on the packetlist in input + * @param {PacketList} - packets to parse + * @return {Key} parsed key + * @throws if no key packet was found + */ +function createKey(packetlist) { + for (const packet of packetlist) { + switch (packet.constructor.tag) { + case enums.packet.secretKey: + return new PrivateKey(packetlist); + case enums.packet.publicKey: + return new PublicKey(packetlist); + } + } + throw new Error('No key packet found'); +} + + +/** + * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format). + * @param {String} options.curve Elliptic curve for ECC keys + * @param {Integer} options.rsaBits Number of bits for RSA keys + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Creation date of the key and the key signatures + * @param {Object} config - Full configuration + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function generate(options, config) { + options.sign = true; // primary key is always a signing key + options = sanitizeKeyOptions(options); + options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); + let promises = [generateSecretKey(options, config)]; + promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); + const packets = await Promise.all(promises); + + const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; +} + +/** + * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. + * @param {PrivateKey} options.privateKey The private key to reformat + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Override the creation date of the key signatures + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * @param {Object} config - Full configuration + * + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function reformat(options, config) { + options = sanitize(options); + const { privateKey } = options; + + if (!privateKey.isPrivate()) { + throw new Error('Cannot reformat a public key'); + } + + if (privateKey.keyPacket.isDummy()) { + throw new Error('Cannot reformat a gnu-dummy primary key'); + } + + const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); + if (!isDecrypted) { + throw new Error('Key is not decrypted'); + } + + const secretKeyPacket = privateKey.keyPacket; + + if (!options.subkeys) { + options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { + const secretSubkeyPacket = subkey.keyPacket; + const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; + const bindingSignature = await ( + getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) + ).catch(() => ({})); + return { + sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) + }; + })); + } + + const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); + if (options.subkeys.length !== secretSubkeyPackets.length) { + throw new Error('Number of subkey options does not match number of subkeys'); + } + + options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); + + const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; + + function sanitize(options, subkeyDefaults = {}) { + options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; + + return options; + } +} + +/** + * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection + * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. + * @param {SecretKeyPacket} secretKeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPackets + * @param {Object} options + * @param {Object} config - Full configuration + * @returns {PrivateKey} + */ +async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { + // set passphrase protection + if (options.passphrase) { + await secretKeyPacket.encrypt(options.passphrase, config); + } + + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + await secretSubkeyPacket.encrypt(subkeyPassphrase, config); + } + })); + + const packetlist = new PacketList(); + packetlist.push(secretKeyPacket); + + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } + + function getKeySignatureProperties() { + const signatureProperties = {}; + signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; + const symmetricAlgorithms = createPreferredAlgos([ + // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support) + enums.symmetric.aes256, + enums.symmetric.aes128 + ], config.preferredSymmetricAlgorithm); + signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms; + if (config.aeadProtect) { + const aeadAlgorithms = createPreferredAlgos([ + enums.aead.gcm, + enums.aead.eax, + enums.aead.ocb + ], config.preferredAEADAlgorithm); + signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => { + return symmetricAlgorithms.map(symmetricAlgorithm => { + return [symmetricAlgorithm, aeadAlgorithm]; + }); + }); + } + signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ + // prefer fast asm.js implementations (SHA-256) + enums.hash.sha256, + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 + ], config.preferredHashAlgorithm); + signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ + enums.compression.uncompressed, + enums.compression.zlib, + enums.compression.zip + ], config.preferredCompressionAlgorithm); + // integrity protection always enabled + signatureProperties.features = [0]; + signatureProperties.features[0] |= enums.features.modificationDetection; + if (config.aeadProtect) { + signatureProperties.features[0] |= enums.features.seipdv2; + } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; + } + return signatureProperties; + } + + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; + + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; + + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } + + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certPositive; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; + } + + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + + return { userIDPacket, signaturePacket }; + })).then(list => { + list.forEach(({ userIDPacket, signaturePacket }) => { + packetlist.push(userIDPacket); + packetlist.push(signaturePacket); + }); + }); + + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyOptions = options.subkeys[index]; + const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); + return { secretSubkeyPacket, subkeySignaturePacket }; + })).then(packets => { + packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { + packetlist.push(secretSubkeyPacket); + packetlist.push(subkeySignaturePacket); + }); + }); + + // Add revocation signature packet for creating a revocation certificate. + // This packet should be removed before returning the key. + const dataToSign = { key: secretKeyPacket }; + packetlist.push(await createSignaturePacket(dataToSign, [], secretKeyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.reasonForRevocation.noReason, + reasonForRevocationString: '' + }, options.date, undefined, undefined, undefined, config)); + + if (options.passphrase) { + secretKeyPacket.clearPrivateParams(); + } + + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + secretSubkeyPacket.clearPrivateParams(); + } + })); + + return new PrivateKey(packetlist); +} + +/** + * Reads an (optionally armored) OpenPGP key and returns a key object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { + throw new Error('Armored text not of type key'); + } + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]); + return createKey(firstKeyPacketList); +} + +/** + * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readPrivateKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.privateKey)) { + throw new Error('Armored text not of type private key'); + } + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } + const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + return new PrivateKey(firstPrivateKeyList); + } + throw new Error('No secret key packet found'); +} + +/** + * Reads an (optionally armored) OpenPGP key block and returns a list of key objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { + throw new Error('Armored text not of type key'); + } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + for (let i = 0; i < keyIndex.length; i++) { + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = createKey(oneKeyList); + keys.push(newKey); + } + return keys; +} + +/** + * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readPrivateKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); + } + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.privateKey) { + throw new Error('Armored text not of type private key'); + } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = new PrivateKey(oneKeyList); + keys.push(newKey); + } + if (keys.length === 0) { + throw new Error('No secret key packet found'); + } + return keys; +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Message can contain the following packets +const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + AEADEncryptedDataPacket, + SymEncryptedIntegrityProtectedDataPacket, + SymmetricallyEncryptedDataPacket, + PublicKeyEncryptedSessionKeyPacket, + SymEncryptedSessionKeyPacket, + OnePassSignaturePacket, + SignaturePacket +]); +// A SKESK packet can contain the following packets +const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); +// A detached signature can contain the following packets +const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + +/** + * Class that represents an OpenPGP message. + * Can be an encrypted message, signed message, compressed message or literal message + * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + */ +class Message { + /** + * @param {PacketList} packetlist - The packets that form this message + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } + + /** + * Returns the key IDs of the keys to which the session key is encrypted + * @returns {Array} Array of keyID objects. + */ + getEncryptionKeyIDs() { + const keyIDs = []; + const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + pkESKeyPacketlist.forEach(function(packet) { + keyIDs.push(packet.publicKeyID); + }); + return keyIDs; + } + + /** + * Returns the key IDs of the keys that signed the message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const msg = this.unwrapCompressed(); + // search for one pass signatures + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); + if (onePassSigList.length > 0) { + return onePassSigList.map(packet => packet.issuerKeyID); + } + // if nothing found look for signature packets + const signatureList = msg.packets.filterByTag(enums.packet.signature); + return signatureList.map(packet => packet.issuerKeyID); + } + + /** + * Decrypt the message. Either a private key, a session key, or a password must be specified. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Date} [date] - Use the given date for key verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with decrypted content. + * @async + */ + async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { + const symEncryptedPacketlist = this.packets.filterByTag( + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ); + + if (symEncryptedPacketlist.length === 0) { + throw new Error('No encrypted data found'); + } + + const symEncryptedPacket = symEncryptedPacketlist[0]; + const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm; + + const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config$1); + + let exception = null; + const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { + if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) { + throw new Error('Invalid session key for decryption.'); + } + + try { + const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.decrypt(algo, data, config$1); + } catch (e) { + util.printDebugError(e); + exception = e; + } + })); + // We don't await stream.cancel here because it only returns when the other copy is canceled too. + cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. + symEncryptedPacket.encrypted = null; + await decryptedPromise; + + if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { + throw exception || new Error('Decryption failed.'); + } + + const resultMsg = new Message(symEncryptedPacket.packets); + symEncryptedPacket.packets = new PacketList(); // remove packets after decryption + + return resultMsg; + } + + /** + * Decrypt encrypted session keys either with private keys or passwords. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable) + * @param {Date} [date] - Use the given date for key verification, instead of current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * @async + */ + async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config$1 = config) { + let decryptedSessionKeyPackets = []; + + let exception; + if (passwords) { + const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); + if (skeskPackets.length === 0) { + throw new Error('No symmetrically encrypted session key packet found.'); + } + await Promise.all(passwords.map(async function(password, i) { + let packets; + if (i) { + packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); + } else { + packets = skeskPackets; + } + await Promise.all(packets.map(async function(skeskPacket) { + try { + await skeskPacket.decrypt(password); + decryptedSessionKeyPackets.push(skeskPacket); + } catch (err) { + util.printDebugError(err); + if (err instanceof Argon2OutOfMemoryError) { + exception = err; + } + } + })); + })); + } else if (decryptionKeys) { + const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + if (pkeskPackets.length === 0) { + throw new Error('No public key encrypted session key packet found.'); + } + await Promise.all(pkeskPackets.map(async function(pkeskPacket) { + await Promise.all(decryptionKeys.map(async function(decryptionKey) { + let decryptionKeyPackets; + try { + // do not check key expiration to allow decryption of old messages + decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); + } catch (err) { + exception = err; + return; + } + + let algos = [ + enums.symmetric.aes256, // Old OpenPGP.js default fallback + enums.symmetric.aes128, // RFC4880bis fallback + enums.symmetric.tripledes, // RFC4880 fallback + enums.symmetric.cast5 // Golang OpenPGP fallback + ]; + try { + const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config$1); // TODO: Pass userID from somewhere. + if (selfCertification.preferredSymmetricAlgorithms) { + algos = algos.concat(selfCertification.preferredSymmetricAlgorithms); + } + } catch (e) {} + + await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { + if (!decryptionKeyPacket.isDecrypted()) { + throw new Error('Decryption key is not decrypted.'); + } + + // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. + const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal + ); + + if (doConstantTimeDecryption) { + // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, + // either with the successfully decrypted session key, or with a randomly generated one. + // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on + // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: + // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the + // randomly generated keys of the remaining key types. + // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly + // generated session keys. + // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. + + const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times + await Promise.all(( + expectedSymmetricAlgorithm ? + [expectedSymmetricAlgorithm] : + Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms) + ).map(async sessionKeyAlgorithm => { + const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); + pkeskPacketCopy.read(serialisedPKESK); + const randomSessionKey = { + sessionKeyAlgorithm, + sessionKey: mod$1.generateSessionKey(sessionKeyAlgorithm) + }; + try { + await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); + decryptedSessionKeyPackets.push(pkeskPacketCopy); + } catch (err) { + // `decrypt` can still throw some non-security-sensitive errors + util.printDebugError(err); + exception = err; + } + })); + + } else { + try { + await pkeskPacket.decrypt(decryptionKeyPacket); + const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm; + if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) { + throw new Error('A non-preferred symmetric algorithm was used.'); + } + decryptedSessionKeyPackets.push(pkeskPacket); + } catch (err) { + util.printDebugError(err); + exception = err; + } + } + })); + })); + cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. + pkeskPacket.encrypted = null; + })); + } else { + throw new Error('No key or password specified.'); + } + + if (decryptedSessionKeyPackets.length > 0) { + // Return only unique session keys + if (decryptedSessionKeyPackets.length > 1) { + const seen = new Set(); + decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { + const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); + if (seen.has(k)) { + return false; + } + seen.add(k); + return true; + }); + } + + return decryptedSessionKeyPackets.map(packet => ({ + data: packet.sessionKey, + algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm) + })); + } + throw exception || new Error('Session key decryption failed.'); + } + + /** + * Get literal data that is the body of the message + * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + */ + getLiteralData() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getBytes()) || null; + } + + /** + * Get filename from literal data packet + * @returns {(String|null)} Filename of literal data packet as string. + */ + getFilename() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getFilename()) || null; + } + + /** + * Get literal data as text + * @returns {(String|null)} Literal body of the message interpreted as text. + */ + getText() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + if (literal) { + return literal.getText(); + } + return null; + } + + /** + * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. + * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for + * @param {Date} [date] - Date to select algorithm preferences at + * @param {Array} [userIDs] - User IDs to select algorithm preferences for + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. + * @async + */ + static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { + const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config$1); + const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo); + const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined; + + await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() + .catch(() => null) // ignore key strength requirements + .then(maybeKey => { + if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) && + !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted + throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); + } + }) + )); + + const sessionKeyData = mod$1.generateSessionKey(symmetricAlgo); + return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName }; + } + + /** + * Encrypt the message either with public keys, passwords, or both at once. + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - Password(s) for message encryption + * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] + * @param {Date} [date] - Override the creation date of the literal package + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + if (sessionKey) { + if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { + throw new Error('Invalid session key for encryption.'); + } + } else if (encryptionKeys && encryptionKeys.length) { + sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); + } else if (passwords && passwords.length) { + sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); + } else { + throw new Error('No keys, passwords, or session key provided.'); + } + + const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; + + const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); + + const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({ + version: aeadAlgorithmName ? 2 : 1, + aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null + }); + symEncryptedPacket.packets = this.packets; + + const algorithm = enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); + + msg.packets.push(symEncryptedPacket); + symEncryptedPacket.packets = new PacketList(); // remove packets after encryption + return msg; + } + + /** + * Encrypt a session key either with public keys, passwords, or both at once. + * @param {Uint8Array} sessionKey - session key for encryption + * @param {String} algorithmName - session key algorithm + * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - For message encryption + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [date] - Override the date + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + const packetlist = new PacketList(); + const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName); + const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); + + if (encryptionKeys) { + const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { + const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); + + const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({ + version: aeadAlgorithm ? 6 : 3, + encryptionKeyPacket: encryptionKey.keyPacket, + anonymousRecipient: wildcard, + sessionKey, + sessionKeyAlgorithm: symmetricAlgorithm + }); + + await pkESKeyPacket.encrypt(encryptionKey.keyPacket); + delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption + return pkESKeyPacket; + })); + packetlist.push(...results); + } + if (passwords) { + const testDecrypt = async function(keyPacket, password) { + try { + await keyPacket.decrypt(password); + return 1; + } catch (e) { + return 0; + } + }; + + const sum = (accumulator, currentValue) => accumulator + currentValue; + + const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { + const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); + symEncryptedSessionKeyPacket.sessionKey = sessionKey; + symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; + if (aeadAlgorithm) { + symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; + } + await symEncryptedSessionKeyPacket.encrypt(password, config$1); + + if (config$1.passwordCollisionCheck) { + const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); + if (results.reduce(sum) !== 1) { + return encryptPassword(sessionKey, algorithm, password); + } + } + + delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption + return symEncryptedSessionKeyPacket; + }; + + const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd))); + packetlist.push(...results); + } + + return new Message(packetlist); + } + + /** + * Sign the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to add to the message + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with signed content. + * @async + */ + async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const packetlist = new PacketList(); + + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); + } + + const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config$1); // this returns the existing signature packets as well + const onePassSignaturePackets = signaturePackets.map( + (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0)) + .reverse(); // innermost OPS refers to the first signature packet + + packetlist.push(...onePassSignaturePackets); + packetlist.push(literalDataPacket); + packetlist.push(...signaturePackets); + + return new Message(packetlist); + } + + /** + * Compresses the message (the literal and -if signed- signature data packets of the message) + * @param {module:enums.compression} algo - compression algorithm + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Message} New message with compressed content. + */ + compress(algo, config$1 = config) { + if (algo === enums.compression.uncompressed) { + return this; + } + + const compressed = new CompressedDataPacket(config$1); + compressed.algorithm = algo; + compressed.packets = this.packets; + + const packetList = new PacketList(); + packetList.push(compressed); + + return new Message(packetList); + } + + /** + * Create a detached signature for the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New detached signature of message content. + * @async + */ + async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); + } + return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config$1)); + } + + /** + * Verify message signatures + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signatures. + * @async + */ + async verify(verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + if (isArrayStream(msg.packets.stream)) { + msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + } + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); + const signatureList = msg.packets.filterByTag(enums.packet.signature); + if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { + await Promise.all(onePassSigList.map(async onePassSig => { + onePassSig.correspondingSig = new Promise((resolve, reject) => { + onePassSig.correspondingSigResolve = resolve; + onePassSig.correspondingSigReject = reject; + }); + onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); + onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); + onePassSig.hashed.catch(() => {}); + })); + msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { + const reader = getReader(readable); + const writer = getWriter(writable); + try { + for (let i = 0; i < onePassSigList.length; i++) { + const { value: signature } = await reader.read(); + onePassSigList[i].correspondingSigResolve(signature); + } + await reader.readToEnd(); + await writer.ready; + await writer.close(); + } catch (e) { + onePassSigList.forEach(onePassSig => { + onePassSig.correspondingSigReject(e); + }); + await writer.abort(e); + } + }); + return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + } + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); + } + + /** + * Verify detached message signature + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Signature} signature + * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); + } + + /** + * Unwrap compressed message + * @returns {Message} Message Content of compressed message. + */ + unwrapCompressed() { + const compressed = this.packets.filterByTag(enums.packet.compressedData); + if (compressed.length) { + return new Message(compressed[0].packets); + } + return this; + } + + /** + * Append signature to unencrypted message object + * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async appendSignature(detachedSignature, config$1 = config) { + await this.packets.read( + util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, + allowedDetachedSignaturePackets, + config$1 + ); + } + + /** + * Returns binary encoded message + * @returns {ReadableStream} Binary message. + */ + write() { + return this.packets.write(); + } + + /** + * Returns ASCII armored text of message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config$1); + } +} + +/** + * Create signature packets for the message + * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign + * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing + * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to append + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creationtime of the signature + * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures + * @param {Boolean} [detached] - Whether to create detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} List of signature packets. + * @async + * @private + */ +async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config$1 = config) { + const packetlist = new PacketList(); + + // If data packet was created from Uint8Array, use binary, otherwise use text + const signatureType = literalDataPacket.text === null ? + enums.signature.binary : enums.signature.text; + + await Promise.all(signingKeys.map(async (primaryKey, i) => { + const signingUserID = signingUserIDs[i]; + if (!primaryKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config$1); + return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config$1); + })).then(signatureList => { + packetlist.push(...signatureList); + }); + + if (signature) { + const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); + packetlist.push(...existingSigPacketlist); + } + return packetlist; +} + +/** + * Create object containing signer's keyID and validity of signature + * @param {SignaturePacket} signature - Signature packet + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Check signature validity with respect to the given date + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * keyID: module:type/keyid~KeyID, + * signature: Promise, + * verified: Promise + * }>} signer's keyID and validity of signature + * @async + * @private + */ +async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + let primaryKey; + let unverifiedSigningKey; + + for (const key of verificationKeys) { + const issuerKeys = key.getKeys(signature.issuerKeyID); + if (issuerKeys.length > 0) { + primaryKey = key; + unverifiedSigningKey = issuerKeys[0]; + break; + } + } + + const isOnePassSignature = signature instanceof OnePassSignaturePacket; + const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; + + const verifiedSig = { + keyID: signature.issuerKeyID, + verified: (async () => { + if (!unverifiedSigningKey) { + throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + } + + await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); + const signaturePacket = await signaturePacketPromise; + if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { + throw new Error('Key is newer than the signature'); + } + // We pass the signature creation time to check whether the key was expired at the time of signing. + // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before + try { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); + } catch (e) { + // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, + // making the key invalid at the time of signing. + // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. + // Note: we do not support the edge case of a key that was reformatted and it has expired. + if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + } else { + throw e; + } + } + return true; + })(), + signature: (async () => { + const signaturePacket = await signaturePacketPromise; + const packetlist = new PacketList(); + signaturePacket && packetlist.push(signaturePacket); + return new Signature(packetlist); + })() + }; + + // Mark potential promise rejections as "handled". This is needed because in + // some cases, we reject them before the user has a reasonable chance to + // handle them (e.g. `await readToEnd(result.data); await result.verified` and + // the data stream errors). + verifiedSig.signature.catch(() => {}); + verifiedSig.verified.catch(() => {}); + + return verifiedSig; +} + +/** + * Create list of objects containing signer's keyID and validity of signature + * @param {Array} signatureList - Array of signature packets + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} date - Verify the signature against the given date, + * i.e. check signature creation time < date < expiration time + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) + * @async + * @private + */ +async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + return Promise.all(signatureList.filter(function(signature) { + return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); + }).map(async function(signature) { + return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); + })); +} + +/** + * Reads an (optionally armored) OpenPGP message and returns a Message object + * @param {Object} options + * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed + * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New message object. + * @async + * @static + */ +async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredMessage || binaryMessage; + if (!input) { + throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); + } + if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { + throw new Error('readMessage: options.armoredMessage must be a string or stream'); + } + if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { + throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + const streamType = util.isStream(input); + if (armoredMessage) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.message) { + throw new Error('Armored text not of type message'); + } + input = data; + } + const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); + const message = new Message(packetlist); + message.fromStream = streamType; + return message; +} + +/** + * Creates new message object from text or binary data. + * @param {Object} options + * @param {String | ReadableStream} [options.text] - The text message contents + * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents + * @param {String} [options.filename=""] - Name of the file (if any) + * @param {Date} [options.date=current date] - Date of the message, or modification date of the file + * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type + * @returns {Promise} New message object. + * @async + * @static + */ +async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { + const input = text !== undefined ? text : binary; + if (input === undefined) { + throw new Error('createMessage: must pass options object containing `text` or `binary`'); + } + if (text && !util.isString(text) && !util.isStream(text)) { + throw new Error('createMessage: options.text must be a string or stream'); + } + if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { + throw new Error('createMessage: options.binary must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + const streamType = util.isStream(input); + const literalDataPacket = new LiteralDataPacket(date); + if (text !== undefined) { + literalDataPacket.setText(input, enums.write(enums.literal, format)); + } else { + literalDataPacket.setBytes(input, enums.write(enums.literal, format)); + } + if (filename !== undefined) { + literalDataPacket.setFilename(filename); + } + const literalDataPacketlist = new PacketList(); + literalDataPacketlist.push(literalDataPacket); + const message = new Message(literalDataPacketlist); + message.fromStream = streamType; + return message; +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Cleartext message can contain the following packets +const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + +/** + * Class that represents an OpenPGP cleartext signed message. + * See {@link https://tools.ietf.org/html/rfc4880#section-7} + */ +class CleartextMessage { + /** + * @param {String} text - The cleartext of the signed message + * @param {Signature} signature - The detached signature or an empty signature for unsigned messages + */ + constructor(text, signature) { + // remove trailing whitespace and normalize EOL to canonical form + this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); + if (signature && !(signature instanceof Signature)) { + throw new Error('Invalid signature input'); + } + this.signature = signature || new Signature(new PacketList()); + } + + /** + * Returns the key IDs of the keys that signed the cleartext message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const keyIDs = []; + const signatureList = this.signature.packets; + signatureList.forEach(function(packet) { + keyIDs.push(packet.issuerKeyID); + }); + return keyIDs; + } + + /** + * Sign the cleartext message + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] + * @param {Date} [date] - The creation time of the signature that should be created + * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New cleartext message with signed content. + * @async + */ + async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const literalDataPacket = new LiteralDataPacket(); + literalDataPacket.setText(this.text); + const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config$1)); + return new CleartextMessage(this.text, newSignature); + } + + /** + * Verify signatures of cleartext signed message + * @param {Array} keys - Array of keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verify(keys, date = new Date(), config$1 = config) { + const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + const literalDataPacket = new LiteralDataPacket(); + // we assume that cleartext signature is generated based on UTF8 cleartext + literalDataPacket.setText(this.text); + return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + } + + /** + * Get cleartext + * @returns {String} Cleartext of message. + */ + getText() { + // normalize end of line to \n + return this.text.replace(/\r\n/g, '\n'); + } + + /** + * Returns ASCII armored text of cleartext signed message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {String | ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? + Array.from(new Set(this.signature.packets.map( + packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() + ))).join() : + null; + + const body = { + hash, + text: this.text, + data: this.signature.packets.write() + }; + + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config$1); + } +} + +/** + * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object + * @param {Object} options + * @param {String} options.cleartextMessage - Text to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New cleartext message object. + * @async + * @static + */ +async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!cleartextMessage) { + throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); + } + if (!util.isString(cleartextMessage)) { + throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + const input = await unarmor(cleartextMessage); + if (input.type !== enums.armor.signed) { + throw new Error('No cleartext signed message.'); + } + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config$1); + verifyHeaders(input.headers, packetlist); + const signature = new Signature(packetlist); + return new CleartextMessage(input.text, signature); +} + +/** + * Compare hash algorithm specified in the armor header with signatures + * @param {Array} headers - Armor headers + * @param {PacketList} packetlist - The packetlist with signature packets + * @private + */ +function verifyHeaders(headers, packetlist) { + const checkHashAlgos = function(hashAlgos) { + const check = packet => algo => packet.hashAlgorithm === algo; + + for (let i = 0; i < packetlist.length; i++) { + if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { + return false; + } + } + return true; + }; + + const hashAlgos = []; + headers.forEach(header => { + const hashHeader = header.match(/^Hash: (.+)$/); // get header value + if (hashHeader) { + const parsedHashIDs = hashHeader[1] + .replace(/\s/g, '') // remove whitespace + .split(',') + .map(hashName => { + try { + return enums.write(enums.hash, hashName.toLowerCase()); + } catch (e) { + throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase()); + } + }); + hashAlgos.push(...parsedHashIDs); + } else { + throw new Error('Only "Hash" header allowed in cleartext signed message'); + } + }); + + if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { + throw new Error('Hash algorithm mismatch in armor header and signature'); + } +} + +/** + * Creates a new CleartextMessage object from text + * @param {Object} options + * @param {String} options.text + * @static + * @async + */ +async function createCleartextMessage({ text, ...rest }) { + if (!text) { + throw new Error('createCleartextMessage: must pass options object containing `text`'); + } + if (!util.isString(text)) { + throw new Error('createCleartextMessage: options.text must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + return new CleartextMessage(text); +} + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +////////////////////// +// // +// Key handling // +// // +////////////////////// + + +/** + * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. + * @param {Object} options + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys). + * Note: Curve448 and Curve25519 (new format) are not widely supported yet. + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys + * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys: + * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1, + * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 + * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` + * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + if (!type && !curve) { + type = config$1.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them) + curve = 'curve25519Legacy'; // unused with type != 'ecc' + } else { + type = type || 'ecc'; + curve = curve || 'curve25519Legacy'; + } + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (userIDs.length === 0 && !config$1.v6Keys) { + throw new Error('UserIDs are required for V4 keys'); + } + if (type === 'rsa' && rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + } + + const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; + + try { + const { key, revocationCertificate } = await generate(options, config$1); + key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); + + return { + privateKey: formatObject(key, format, config$1), + publicKey: formatObject(key.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error generating keypair', err); + } +} + +/** + * Reformats signature packets for a key and rewraps key object. + * @param {Object} options + * @param {PrivateKey} options.privateKey - Private key to reformat + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended + * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) { + throw new Error('UserIDs are required for V4 keys'); + } + const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; + + try { + const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); + + return { + privateKey: formatObject(reformattedKey, format, config$1), + publicKey: formatObject(reformattedKey.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error reformatting keypair', err); + } +} + +/** + * Revokes a key. Requires either a private key or a revocation certificate. + * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. + * @param {Object} options + * @param {Key} options.key - Public or private key to revoke + * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with + * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation + * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation + * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The revoked key in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or + * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise + * @async + * @static + */ +async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + try { + const revokedKey = revocationCertificate ? + await key.applyRevocationCertificate(revocationCertificate, date, config$1) : + await key.revoke(reasonForRevocation, date, config$1); + + return revokedKey.isPrivate() ? { + privateKey: formatObject(revokedKey, format, config$1), + publicKey: formatObject(revokedKey.toPublic(), format, config$1) + } : { + privateKey: null, + publicKey: formatObject(revokedKey, format, config$1) + }; + } catch (err) { + throw util.wrapError('Error revoking key', err); + } +} + +/** + * Unlock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to decrypt + * @param {String|Array} options.passphrase - The user's passphrase(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The unlocked key object. + * @async + */ +async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (!privateKey.isPrivate()) { + throw new Error('Cannot decrypt a public key'); + } + const clonedPrivateKey = privateKey.clone(true); + const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; + + try { + await Promise.all(clonedPrivateKey.getKeys().map(key => ( + // try to decrypt each key with any of the given passphrases + util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) + ))); + + await clonedPrivateKey.validate(config$1); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error decrypting private key', err); + } +} + +/** + * Lock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to encrypt + * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The locked key object. + * @async + */ +async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (!privateKey.isPrivate()) { + throw new Error('Cannot encrypt a public key'); + } + const clonedPrivateKey = privateKey.clone(true); + + const keys = clonedPrivateKey.getKeys(); + const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); + if (passphrases.length !== keys.length) { + throw new Error('Invalid number of passphrases given for key encryption'); + } + + try { + await Promise.all(keys.map(async (key, i) => { + const { keyPacket } = key; + await keyPacket.encrypt(passphrases[i], config$1); + keyPacket.clearPrivateParams(); + })); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error encrypting private key', err); + } +} + + +/////////////////////////////////////////// +// // +// Message encryption and decryption // +// // +/////////////////////////////////////////// + + +/** + * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` + * must be specified. If signing keys are specified, those will be used to sign the message. + * @param {Object} options + * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message + * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed + * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message + * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Signature} [options.signature] - A detached signature to add to the encrypted message + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` + * @param {Date} [options.date=current date] - Override the creation date of the message signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); + signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations); + if (rest.detached) { + throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); + } + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (!signingKeys) { + signingKeys = []; + } + + try { + if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified + message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config$1); + } + message = message.compress( + await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config$1), + config$1 + ); + message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + if (format === 'object') return message; + // serialize data + const armor = format === 'armored'; + const data = armor ? message.armor(config$1) : message.write(); + return await convertStream(data); + } catch (err) { + throw util.wrapError('Error encrypting message', err); + } +} + +/** + * Decrypts a message with the user's private key, a session key or a password. + * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). + * @param {Object} options + * @param {Message} options.message - The message object with the encrypted data + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key + * @param {String|String[]} [options.passwords] - Passwords to decrypt the message + * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } + * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing decrypted and verified message in the form: + * + * { + * data: MaybeStream, (if format was 'utf8', the default) + * data: MaybeStream, (if format was 'binary') + * filename: String, + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static + */ +async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + try { + const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); + if (!verificationKeys) { + verificationKeys = []; + } + + const result = {}; + result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); + result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); + result.filename = decrypted.getFilename(); + linkStreams(result, message); + if (expectSigned) { + if (verificationKeys.length === 0) { + throw new Error('Verification keys are required to verify message signatures'); + } + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error decrypting message', err); + } +} + + +////////////////////////////////////////// +// // +// Message signing and verification // +// // +////////////////////////////////////////// + + +/** + * Signs a message. + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed + * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext + * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [options.date=current date] - Override the creation date of the signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); checkOutputMessageFormat(format); + signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations); + + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); + if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); + + if (!signingKeys || signingKeys.length === 0) { + throw new Error('No signing keys provided'); + } + + try { + let signature; + if (detached) { + signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } else { + signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } + if (format === 'object') return signature; + + const armor = format === 'armored'; + signature = armor ? signature.armor(config$1) : signature.write(); + if (detached) { + signature = transformPair(message.packets.write(), async (readable, writable) => { + await Promise.all([ + pipe(signature, writable), + readToEnd(readable).catch(() => {}) + ]); + }); + } + return await convertStream(signature); + } catch (err) { + throw util.wrapError('Error signing message', err); + } +} + +/** + * Verifies signatures of cleartext signed message + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures + * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing verified message in the form: + * + * { + * data: MaybeStream, (if `message` was a CleartextMessage) + * data: MaybeStream, (if `message` was a Message) + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static + */ +async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); + if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); + + try { + const result = {}; + if (signature) { + result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); + } else { + result.signatures = await message.verify(verificationKeys, date, config$1); + } + result.data = format === 'binary' ? message.getLiteralData() : message.getText(); + if (message.fromStream && !signature) linkStreams(result, message); + if (expectSigned) { + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error verifying signed message', err); + } +} + + +/////////////////////////////////////////////// +// // +// Session key encryption and decryption // +// // +/////////////////////////////////////////////// + +/** + * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. + * @param {Object} options + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} + * @param {Date} [options.date=current date] - Date to select algorithm preferences at + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. + * @async + * @static + */ +async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + try { + const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error generating session key', err); + } +} + +/** + * Encrypt a symmetric session key with public keys, passwords, or both at once. + * At least one of `encryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) + * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' + * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key + * @param {String|String[]} [options.passwords] - Passwords for the message + * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [options.date=current date] - Override the date + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { + throw new Error('No encryption keys or passwords provided.'); + } + + try { + const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + return formatObject(message, format, config$1); + } catch (err) { + throw util.wrapError('Error encrypting session key', err); + } +} + +/** + * Decrypt symmetric session keys using private keys or passwords (not both). + * One of `decryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Message} options.message - A message object containing the encrypted session key packets + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data + * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key + * @param {Date} [options.date] - Date to use for key verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: + * { data:Uint8Array, algorithm:String } + * @throws if no session key could be found or decrypted + * @async + * @static + */ +async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + try { + const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error decrypting session keys', err); + } +} + + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + + +/** + * Input validation + * @private + */ +function checkString(data, name) { + if (!util.isString(data)) { + throw new Error('Parameter [' + (name) + '] must be of type String'); + } +} +function checkBinary(data, name) { + if (!util.isUint8Array(data)) { + throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array'); + } +} +function checkMessage(message) { + if (!(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message'); + } +} +function checkCleartextOrMessage(message) { + if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); + } +} +function checkOutputMessageFormat(format) { + if (format !== 'armored' && format !== 'binary' && format !== 'object') { + throw new Error(`Unsupported format ${format}`); + } +} +const defaultConfigPropsCount = Object.keys(config).length; +function checkConfig(config$1) { + const inputConfigProps = Object.keys(config$1); + if (inputConfigProps.length !== defaultConfigPropsCount) { + for (const inputProp of inputConfigProps) { + if (config[inputProp] === undefined) { + throw new Error(`Unknown config property: ${inputProp}`); + } + } + } +} + +/** + * Normalize parameter to an array if it is not undefined. + * @param {Object} param - the parameter to be normalized + * @returns {Array|undefined} The resulting array or undefined. + * @private + */ +function toArray(param) { + if (param && !util.isArray(param)) { + param = [param]; + } + return param; +} + +/** + * Convert data to or from Stream + * @param {Object} data - the data to convert + * @returns {Promise} The data in the respective format. + * @async + * @private + */ +async function convertStream(data) { + const streamType = util.isStream(data); + if (streamType === 'array') { + return readToEnd(data); + } + return data; +} + +/** + * Link result.data to the message stream for cancellation. + * Also, forward errors in the message to result.data. + * @param {Object} result - the data to convert + * @param {Message} message - message object + * @returns {Object} + * @private + */ +function linkStreams(result, message) { + result.data = transformPair(message.packets.stream, async (readable, writable) => { + await pipe(result.data, writable, { + preventClose: true + }); + const writer = getWriter(writable); + try { + // Forward errors in the message stream to result.data. + await readToEnd(readable, _ => _); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + }); +} + +/** + * Convert the object to the given format + * @param {Key|Message} object + * @param {'armored'|'binary'|'object'} format + * @param {Object} config - Full configuration + * @returns {String|Uint8Array|Object} + */ +function formatObject(object, format, config) { + switch (format) { + case 'object': + return object; + case 'armored': + return object.armor(config); + case 'binary': + return object.write(); + default: + throw new Error(`Unsupported format ${format}`); + } +} + +function number(n) { + if (!Number.isSafeInteger(n) || n < 0) + throw new Error(`positive integer expected, not ${n}`); +} +// copied from utils +function isBytes$1(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes(b, ...lengths) { + if (!isBytes$1(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function hash(h) { + if (typeof h !== 'function' || typeof h.create !== 'function') + throw new Error('Hash should be wrapped by utils.wrapConstructor'); + number(h.outputLen); + number(h.blockLen); +} +function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +// We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+. +// Falls back to Node.js built-in crypto for Node.js <=v14 +// See utils.ts for details. +// @ts-ignore +const crypto$1 = nc__namespace && typeof nc__namespace === 'object' && 'webcrypto' in nc__namespace + ? nc__namespace.webcrypto + : nc__namespace && typeof nc__namespace === 'object' && 'randomBytes' in nc__namespace + ? nc__namespace + : undefined; + +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// node.js versions earlier than v19 don't declare it in global scope. +// For node.js, package.json#exports field mapping rewrites import +// from `crypto` to `cryptoNode`, which imports native module. +// Makes the utils un-importable in browsers without a bundler. +// Once node.js 18 is deprecated (2025-04-30), we can just drop the import. +const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// The rotate right (circular right shift) operation for uint32 +const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift); +// The rotate left (circular left shift) operation for uint32 +const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0); +const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +// The byte swap operation for uint32 +const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// In place byte swap for Uint32Array +function byteSwap32(arr) { + for (let i = 0; i < arr.length; i++) { + arr[i] = byteSwap(arr[i]); + } +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$1(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes$1(data); + bytes(data); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$1(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// For runtime check if class implements interface +class Hash { + // Safe version that clones internal state + clone() { + return this._cloneInto(); + } +} +function wrapConstructor(hashCons) { + const hashC = (msg) => hashCons().update(toBytes(msg)).digest(); + const tmp = hashCons(); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = () => hashCons(); + return hashC; +} +function wrapXOFConstructorWithOpts(hashCons) { + const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest(); + const tmp = hashCons({}); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (opts) => hashCons(opts); + return hashC; +} +/** + * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS. + */ +function randomBytes(bytesLength = 32) { + if (crypto$1 && typeof crypto$1.getRandomValues === 'function') { + return crypto$1.getRandomValues(new Uint8Array(bytesLength)); + } + // Legacy Node.js compatibility + if (crypto$1 && typeof crypto$1.randomBytes === 'function') { + return crypto$1.randomBytes(bytesLength); + } + throw new Error('crypto.getRandomValues must be defined'); +} + +/** + * Polyfill for Safari 14 + */ +function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = isLE ? 4 : 0; + const l = isLE ? 0 : 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +/** + * Choice: a ? b : c + */ +const Chi = (a, b, c) => (a & b) ^ (~a & c); +/** + * Majority function, true if any two inputs is true + */ +const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c); +/** + * Merkle-Damgard hash construction base class. + * Could be used to create MD5, RIPEMD, SHA1, SHA2. + */ +class HashMD extends Hash { + constructor(blockLen, outputLen, padOffset, isLE) { + super(); + this.blockLen = blockLen; + this.outputLen = outputLen; + this.padOffset = padOffset; + this.isLE = isLE; + this.finished = false; + this.length = 0; + this.pos = 0; + this.destroyed = false; + this.buffer = new Uint8Array(blockLen); + this.view = createView(this.buffer); + } + update(data) { + exists(this); + const { view, buffer, blockLen } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + // Fast path: we have at least one block in input, cast it to view and process + if (take === blockLen) { + const dataView = createView(data); + for (; blockLen <= len - pos; pos += blockLen) + this.process(dataView, pos); + continue; + } + buffer.set(data.subarray(pos, pos + take), this.pos); + this.pos += take; + pos += take; + if (this.pos === blockLen) { + this.process(view, 0); + this.pos = 0; + } + } + this.length += data.length; + this.roundClean(); + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // Padding + // We can avoid allocation of buffer for padding completely if it + // was previously not allocated here. But it won't change performance. + const { buffer, view, blockLen, isLE } = this; + let { pos } = this; + // append the bit '1' to the message + buffer[pos++] = 0b10000000; + this.buffer.subarray(pos).fill(0); + // we have less than padOffset left in buffer, so we cannot put length in + // current block, need process it and pad again + if (this.padOffset > blockLen - pos) { + this.process(view, 0); + pos = 0; + } + // Pad until full block byte with zeros + for (let i = pos; i < blockLen; i++) + buffer[i] = 0; + // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that + // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen. + // So we just write lowest 64 bits of that value. + setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE); + this.process(view, 0); + const oview = createView(out); + const len = this.outputLen; + // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT + if (len % 4) + throw new Error('_sha2: outputLen should be aligned to 32bit'); + const outLen = len / 4; + const state = this.get(); + if (outLen > state.length) + throw new Error('_sha2: outputLen bigger than state'); + for (let i = 0; i < outLen; i++) + oview.setUint32(4 * i, state[i], isLE); + } + digest() { + const { buffer, outputLen } = this; + this.digestInto(buffer); + const res = buffer.slice(0, outputLen); + this.destroy(); + return res; + } + _cloneInto(to) { + to || (to = new this.constructor()); + to.set(...this.get()); + const { blockLen, buffer, length, finished, destroyed, pos } = this; + to.length = length; + to.pos = pos; + to.finished = finished; + to.destroyed = destroyed; + if (length % blockLen) + to.buffer.set(buffer); + return to; + } +} + +// SHA2-256 need to try 2^128 hashes to execute birthday attack. +// BTC network is doing 2^67 hashes/sec as per early 2023. +// Round constants: +// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) +// prettier-ignore +const SHA256_K = /* @__PURE__ */ new Uint32Array([ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +]); +// Initial state: +// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19 +// prettier-ignore +const SHA256_IV = /* @__PURE__ */ new Uint32Array([ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA256_W = /* @__PURE__ */ new Uint32Array(64); +class SHA256 extends HashMD { + constructor() { + super(64, 32, 8, false); + // We cannot use array here since array allows indexing by variable + // which means optimizer/compiler cannot use registers. + this.A = SHA256_IV[0] | 0; + this.B = SHA256_IV[1] | 0; + this.C = SHA256_IV[2] | 0; + this.D = SHA256_IV[3] | 0; + this.E = SHA256_IV[4] | 0; + this.F = SHA256_IV[5] | 0; + this.G = SHA256_IV[6] | 0; + this.H = SHA256_IV[7] | 0; + } + get() { + const { A, B, C, D, E, F, G, H } = this; + return [A, B, C, D, E, F, G, H]; + } + // prettier-ignore + set(A, B, C, D, E, F, G, H) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + this.F = F | 0; + this.G = G | 0; + this.H = H | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) + SHA256_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 64; i++) { + const W15 = SHA256_W[i - 15]; + const W2 = SHA256_W[i - 2]; + const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3); + const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10); + SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0; + } + // Compression function main loop, 64 rounds + let { A, B, C, D, E, F, G, H } = this; + for (let i = 0; i < 64; i++) { + const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25); + const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22); + const T2 = (sigma0 + Maj(A, B, C)) | 0; + H = G; + G = F; + F = E; + E = (D + T1) | 0; + D = C; + C = B; + B = A; + A = (T1 + T2) | 0; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + F = (F + this.F) | 0; + G = (G + this.G) | 0; + H = (H + this.H) | 0; + this.set(A, B, C, D, E, F, G, H); + } + roundClean() { + SHA256_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf +class SHA224 extends SHA256 { + constructor() { + super(); + this.A = 0xc1059ed8 | 0; + this.B = 0x367cd507 | 0; + this.C = 0x3070dd17 | 0; + this.D = 0xf70e5939 | 0; + this.E = 0xffc00b31 | 0; + this.F = 0x68581511 | 0; + this.G = 0x64f98fa7 | 0; + this.H = 0xbefa4fa4 | 0; + this.outputLen = 28; + } +} +/** + * SHA2-256 hash function + * @param message - data that would be hashed + */ +const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256()); +/** + * SHA2-224 hash function + */ +const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224()); + +// HMAC (RFC 2104) +class HMAC extends Hash { + constructor(hash$1, _key) { + super(); + this.finished = false; + this.destroyed = false; + hash(hash$1); + const key = toBytes(_key); + this.iHash = hash$1.create(); + if (typeof this.iHash.update !== 'function') + throw new Error('Expected instance of class which extends utils.Hash'); + this.blockLen = this.iHash.blockLen; + this.outputLen = this.iHash.outputLen; + const blockLen = this.blockLen; + const pad = new Uint8Array(blockLen); + // blockLen can be bigger than outputLen + pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key); + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36; + this.iHash.update(pad); + // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone + this.oHash = hash$1.create(); + // Undo internal XOR && apply outer XOR + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36 ^ 0x5c; + this.oHash.update(pad); + pad.fill(0); + } + update(buf) { + exists(this); + this.iHash.update(buf); + return this; + } + digestInto(out) { + exists(this); + bytes(out, this.outputLen); + this.finished = true; + this.iHash.digestInto(out); + this.oHash.update(out); + this.oHash.digestInto(out); + this.destroy(); + } + digest() { + const out = new Uint8Array(this.oHash.outputLen); + this.digestInto(out); + return out; + } + _cloneInto(to) { + // Create new instance without calling constructor since key already in state and we don't know it. + to || (to = Object.create(Object.getPrototypeOf(this), {})); + const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this; + to = to; + to.finished = finished; + to.destroyed = destroyed; + to.blockLen = blockLen; + to.outputLen = outputLen; + to.oHash = oHash._cloneInto(to.oHash); + to.iHash = iHash._cloneInto(to.iHash); + return to; + } + destroy() { + this.destroyed = true; + this.oHash.destroy(); + this.iHash.destroy(); + } +} +/** + * HMAC: RFC2104 message authentication code. + * @param hash - function that would be used e.g. sha256 + * @param key - message key + * @param message - message data + * @example + * import { hmac } from '@noble/hashes/hmac'; + * import { sha256 } from '@noble/hashes/sha2'; + * const mac1 = hmac(sha256, 'key', 'message'); + */ +const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); +hmac.create = (hash, key) => new HMAC(hash, key); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// 100 lines of code in the file are duplicated from noble-hashes (utils). +// This is OK: `abstract` directory does not use noble-hashes. +// User may opt-in into using different hashing library. This way, noble-hashes +// won't be included into their bundle. +const _0n$6 = /* @__PURE__ */ BigInt(0); +const _1n$8 = /* @__PURE__ */ BigInt(1); +const _2n$5 = /* @__PURE__ */ BigInt(2); +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function abytes(item) { + if (!isBytes(item)) + throw new Error('Uint8Array expected'); +} +function abool(title, value) { + if (typeof value !== 'boolean') + throw new Error(`${title} must be valid boolean, got "${value}".`); +} +// Array where index 0xf0 (240) is mapped to string 'f0' +const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); +/** + * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123' + */ +function bytesToHex(bytes) { + abytes(bytes); + // pre-caching improves the speed 6x + let hex = ''; + for (let i = 0; i < bytes.length; i++) { + hex += hexes[bytes[i]]; + } + return hex; +} +function numberToHexUnpadded(num) { + const hex = num.toString(16); + return hex.length & 1 ? `0${hex}` : hex; +} +function hexToNumber(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + // Big Endian + return BigInt(hex === '' ? '0' : `0x${hex}`); +} +// We use optimized technique to convert hex string to byte array +const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; +function asciiToBase16(char) { + if (char >= asciis._0 && char <= asciis._9) + return char - asciis._0; + if (char >= asciis._A && char <= asciis._F) + return char - (asciis._A - 10); + if (char >= asciis._a && char <= asciis._f) + return char - (asciis._a - 10); + return; +} +/** + * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23]) + */ +function hexToBytes(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + const hl = hex.length; + const al = hl / 2; + if (hl % 2) + throw new Error('padded hex string expected, got unpadded hex of length ' + hl); + const array = new Uint8Array(al); + for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) { + const n1 = asciiToBase16(hex.charCodeAt(hi)); + const n2 = asciiToBase16(hex.charCodeAt(hi + 1)); + if (n1 === undefined || n2 === undefined) { + const char = hex[hi] + hex[hi + 1]; + throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi); + } + array[ai] = n1 * 16 + n2; + } + return array; +} +// BE: Big Endian, LE: Little Endian +function bytesToNumberBE(bytes) { + return hexToNumber(bytesToHex(bytes)); +} +function bytesToNumberLE(bytes) { + abytes(bytes); + return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse())); +} +function numberToBytesBE(n, len) { + return hexToBytes(n.toString(16).padStart(len * 2, '0')); +} +function numberToBytesLE(n, len) { + return numberToBytesBE(n, len).reverse(); +} +// Unpadded, rarely used +function numberToVarBytesBE(n) { + return hexToBytes(numberToHexUnpadded(n)); +} +/** + * Takes hex string or Uint8Array, converts to Uint8Array. + * Validates output length. + * Will throw error for other types. + * @param title descriptive title for an error e.g. 'private key' + * @param hex hex string or Uint8Array + * @param expectedLength optional, will compare to result array's length + * @returns + */ +function ensureBytes(title, hex, expectedLength) { + let res; + if (typeof hex === 'string') { + try { + res = hexToBytes(hex); + } + catch (e) { + throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`); + } + } + else if (isBytes(hex)) { + // Uint8Array.from() instead of hash.slice() because node.js Buffer + // is instance of Uint8Array, and its slice() creates **mutable** copy + res = Uint8Array.from(hex); + } + else { + throw new Error(`${title} must be hex string or Uint8Array`); + } + const len = res.length; + if (typeof expectedLength === 'number' && len !== expectedLength) + throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`); + return res; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + abytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +// Is positive bigint +const isPosBig = (n) => typeof n === 'bigint' && _0n$6 <= n; +function inRange(n, min, max) { + return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max; +} +/** + * Asserts min <= n < max. NOTE: It's < max and not <= max. + * @example + * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n) + */ +function aInRange(title, n, min, max) { + // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)? + // consider P=256n, min=0n, max=P + // - a for min=0 would require -1: `inRange('x', x, -1n, P)` + // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)` + // - our way is the cleanest: `inRange('x', x, 0n, P) + if (!inRange(n, min, max)) + throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`); +} +// Bit operations +/** + * Calculates amount of bits in a bigint. + * Same as `n.toString(2).length` + */ +function bitLen(n) { + let len; + for (len = 0; n > _0n$6; n >>= _1n$8, len += 1) + ; + return len; +} +/** + * Gets single bit at position. + * NOTE: first bit position is 0 (same as arrays) + * Same as `!!+Array.from(n.toString(2)).reverse()[pos]` + */ +function bitGet(n, pos) { + return (n >> BigInt(pos)) & _1n$8; +} +/** + * Sets single bit at position. + */ +function bitSet(n, pos, value) { + return n | ((value ? _1n$8 : _0n$6) << BigInt(pos)); +} +/** + * Calculate mask for N bits. Not using ** operator with bigints because of old engines. + * Same as BigInt(`0b${Array(i).fill('1').join('')}`) + */ +const bitMask = (n) => (_2n$5 << BigInt(n - 1)) - _1n$8; +// DRBG +const u8n = (data) => new Uint8Array(data); // creates Uint8Array +const u8fr = (arr) => Uint8Array.from(arr); // another shortcut +/** + * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + * @returns function that will call DRBG until 2nd arg returns something meaningful + * @example + * const drbg = createHmacDRBG(32, 32, hmac); + * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined + */ +function createHmacDrbg(hashLen, qByteLen, hmacFn) { + if (typeof hashLen !== 'number' || hashLen < 2) + throw new Error('hashLen must be a number'); + if (typeof qByteLen !== 'number' || qByteLen < 2) + throw new Error('qByteLen must be a number'); + if (typeof hmacFn !== 'function') + throw new Error('hmacFn must be a function'); + // Step B, Step C: set hashLen to 8*ceil(hlen/8) + let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same + let i = 0; // Iterations counter, will throw when over 1000 + const reset = () => { + v.fill(1); + k.fill(0); + i = 0; + }; + const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values) + const reseed = (seed = u8n()) => { + // HMAC-DRBG reseed() function. Steps D-G + k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed) + v = h(); // v = hmac(k || v) + if (seed.length === 0) + return; + k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed) + v = h(); // v = hmac(k || v) + }; + const gen = () => { + // HMAC-DRBG generate() function + if (i++ >= 1000) + throw new Error('drbg: tried 1000 values'); + let len = 0; + const out = []; + while (len < qByteLen) { + v = h(); + const sl = v.slice(); + out.push(sl); + len += v.length; + } + return concatBytes(...out); + }; + const genUntil = (seed, pred) => { + reset(); + reseed(seed); // Steps D-G + let res = undefined; // Step H: grind until k is in [1..n-1] + while (!(res = pred(gen()))) + reseed(); + reset(); + return res; + }; + return genUntil; +} +// Validating curves and fields +const validatorFns = { + bigint: (val) => typeof val === 'bigint', + function: (val) => typeof val === 'function', + boolean: (val) => typeof val === 'boolean', + string: (val) => typeof val === 'string', + stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val), + isSafeInteger: (val) => Number.isSafeInteger(val), + array: (val) => Array.isArray(val), + field: (val, object) => object.Fp.isValid(val), + hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen), +}; +// type Record = { [P in K]: T; } +function validateObject(object, validators, optValidators = {}) { + const checkField = (fieldName, type, isOptional) => { + const checkVal = validatorFns[type]; + if (typeof checkVal !== 'function') + throw new Error(`Invalid validator "${type}", expected function`); + const val = object[fieldName]; + if (isOptional && val === undefined) + return; + if (!checkVal(val, object)) { + throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`); + } + }; + for (const [fieldName, type] of Object.entries(validators)) + checkField(fieldName, type, false); + for (const [fieldName, type] of Object.entries(optValidators)) + checkField(fieldName, type, true); + return object; +} +// validate type tests +// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; +// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok! +// // Should fail type-check +// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' }); +// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' }); +// const z3 = validateObject(o, { test: 'boolean', z: 'bug' }); +// const z4 = validateObject(o, { a: 'boolean', z: 'bug' }); +/** + * throws not implemented error + */ +const notImplemented = () => { + throw new Error('not implemented'); +}; +/** + * Memoizes (caches) computation result. + * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed. + */ +function memoized(fn) { + const map = new WeakMap(); + return (arg, ...args) => { + const val = map.get(arg); + if (val !== undefined) + return val; + const computed = fn(arg, ...args); + map.set(arg, computed); + return computed; + }; +} + +var ut = /*#__PURE__*/Object.freeze({ + __proto__: null, + aInRange: aInRange, + abool: abool, + abytes: abytes, + bitGet: bitGet, + bitLen: bitLen, + bitMask: bitMask, + bitSet: bitSet, + bytesToHex: bytesToHex, + bytesToNumberBE: bytesToNumberBE, + bytesToNumberLE: bytesToNumberLE, + concatBytes: concatBytes, + createHmacDrbg: createHmacDrbg, + ensureBytes: ensureBytes, + equalBytes: equalBytes, + hexToBytes: hexToBytes, + hexToNumber: hexToNumber, + inRange: inRange, + isBytes: isBytes, + memoized: memoized, + notImplemented: notImplemented, + numberToBytesBE: numberToBytesBE, + numberToBytesLE: numberToBytesLE, + numberToHexUnpadded: numberToHexUnpadded, + numberToVarBytesBE: numberToVarBytesBE, + utf8ToBytes: utf8ToBytes, + validateObject: validateObject +}); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Utilities for modular arithmetics and finite fields +// prettier-ignore +const _0n$5 = BigInt(0), _1n$7 = BigInt(1), _2n$4 = BigInt(2), _3n$2 = BigInt(3); +// prettier-ignore +const _4n = BigInt(4), _5n = BigInt(5), _8n$1 = BigInt(8); +// prettier-ignore +BigInt(9); BigInt(16); +// Calculates a modulo b +function mod(a, b) { + const result = a % b; + return result >= _0n$5 ? result : b + result; +} +/** + * Efficiently raise num to power and do modular division. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + * @example + * pow(2n, 6n, 11n) // 64n % 11n == 9n + */ +// TODO: use field version && remove +function pow(num, power, modulo) { + if (modulo <= _0n$5 || power < _0n$5) + throw new Error('Expected power/modulo > 0'); + if (modulo === _1n$7) + return _0n$5; + let res = _1n$7; + while (power > _0n$5) { + if (power & _1n$7) + res = (res * num) % modulo; + num = (num * num) % modulo; + power >>= _1n$7; + } + return res; +} +// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) +function pow2(x, power, modulo) { + let res = x; + while (power-- > _0n$5) { + res *= res; + res %= modulo; + } + return res; +} +// Inverses number over modulo +function invert(number, modulo) { + if (number === _0n$5 || modulo <= _0n$5) { + throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); + } + // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/ + // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower. + let a = mod(number, modulo); + let b = modulo; + // prettier-ignore + let x = _0n$5, u = _1n$7; + while (a !== _0n$5) { + // JIT applies optimization if those two lines follow each other + const q = b / a; + const r = b % a; + const m = x - u * q; + // prettier-ignore + b = a, a = r, x = u, u = m; + } + const gcd = b; + if (gcd !== _1n$7) + throw new Error('invert: does not exist'); + return mod(x, modulo); +} +/** + * Tonelli-Shanks square root search algorithm. + * 1. https://eprint.iacr.org/2012/685.pdf (page 12) + * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks + * Will start an infinite loop if field order P is not prime. + * @param P field order + * @returns function that takes field Fp (created from P) and number n + */ +function tonelliShanks(P) { + // Legendre constant: used to calculate Legendre symbol (a | p), + // which denotes the value of a^((p-1)/2) (mod p). + // (a | p) ≡ 1 if a is a square (mod p) + // (a | p) ≡ -1 if a is not a square (mod p) + // (a | p) ≡ 0 if a ≡ 0 (mod p) + const legendreC = (P - _1n$7) / _2n$4; + let Q, S, Z; + // Step 1: By factoring out powers of 2 from p - 1, + // find q and s such that p - 1 = q*(2^s) with q odd + for (Q = P - _1n$7, S = 0; Q % _2n$4 === _0n$5; Q /= _2n$4, S++) + ; + // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq + for (Z = _2n$4; Z < P && pow(Z, legendreC, P) !== P - _1n$7; Z++) + ; + // Fast-path + if (S === 1) { + const p1div4 = (P + _1n$7) / _4n; + return function tonelliFast(Fp, n) { + const root = Fp.pow(n, p1div4); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Slow-path + const Q1div2 = (Q + _1n$7) / _2n$4; + return function tonelliSlow(Fp, n) { + // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1 + if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) + throw new Error('Cannot find square root'); + let r = S; + // TODO: will fail at Fp2/etc + let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b + let x = Fp.pow(n, Q1div2); // first guess at the square root + let b = Fp.pow(n, Q); // first guess at the fudge factor + while (!Fp.eql(b, Fp.ONE)) { + if (Fp.eql(b, Fp.ZERO)) + return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0) + // Find m such b^(2^m)==1 + let m = 1; + for (let t2 = Fp.sqr(b); m < r; m++) { + if (Fp.eql(t2, Fp.ONE)) + break; + t2 = Fp.sqr(t2); // t2 *= t2 + } + // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow + const ge = Fp.pow(g, _1n$7 << BigInt(r - m - 1)); // ge = 2^(r-m-1) + g = Fp.sqr(ge); // g = ge * ge + x = Fp.mul(x, ge); // x *= ge + b = Fp.mul(b, g); // b *= g + r = m; + } + return x; + }; +} +function FpSqrt(P) { + // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. + // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve). + // P ≡ 3 (mod 4) + // √n = n^((P+1)/4) + if (P % _4n === _3n$2) { + // Not all roots possible! + // const ORDER = + // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn; + // const NUM = 72057594037927816n; + const p1div4 = (P + _1n$7) / _4n; + return function sqrt3mod4(Fp, n) { + const root = Fp.pow(n, p1div4); + // Throw if root**2 != n + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10) + if (P % _8n$1 === _5n) { + const c1 = (P - _5n) / _8n$1; + return function sqrt5mod8(Fp, n) { + const n2 = Fp.mul(n, _2n$4); + const v = Fp.pow(n2, c1); + const nv = Fp.mul(n, v); + const i = Fp.mul(Fp.mul(nv, _2n$4), v); + const root = Fp.mul(nv, Fp.sub(i, Fp.ONE)); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Other cases: Tonelli-Shanks algorithm + return tonelliShanks(P); +} +// prettier-ignore +const FIELD_FIELDS = [ + 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr', + 'eql', 'add', 'sub', 'mul', 'pow', 'div', + 'addN', 'subN', 'mulN', 'sqrN' +]; +function validateField(field) { + const initial = { + ORDER: 'bigint', + MASK: 'bigint', + BYTES: 'isSafeInteger', + BITS: 'isSafeInteger', + }; + const opts = FIELD_FIELDS.reduce((map, val) => { + map[val] = 'function'; + return map; + }, initial); + return validateObject(field, opts); +} +// Generic field functions +/** + * Same as `pow` but for Fp: non-constant-time. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + */ +function FpPow(f, num, power) { + // Should have same speed as pow for bigints + // TODO: benchmark! + if (power < _0n$5) + throw new Error('Expected power > 0'); + if (power === _0n$5) + return f.ONE; + if (power === _1n$7) + return num; + let p = f.ONE; + let d = num; + while (power > _0n$5) { + if (power & _1n$7) + p = f.mul(p, d); + d = f.sqr(d); + power >>= _1n$7; + } + return p; +} +/** + * Efficiently invert an array of Field elements. + * `inv(0)` will return `undefined` here: make sure to throw an error. + */ +function FpInvertBatch(f, nums) { + const tmp = new Array(nums.length); + // Walk from first to last, multiply them by each other MOD p + const lastMultiplied = nums.reduce((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = acc; + return f.mul(acc, num); + }, f.ONE); + // Invert last element + const inverted = f.inv(lastMultiplied); + // Walk from last to first, multiply them by inverted each other MOD p + nums.reduceRight((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = f.mul(acc, tmp[i]); + return f.mul(acc, num); + }, inverted); + return tmp; +} +// CURVE.n lengths +function nLength(n, nBitLength) { + // Bit size, byte size of CURVE.n + const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; + const nByteLength = Math.ceil(_nBitLength / 8); + return { nBitLength: _nBitLength, nByteLength }; +} +/** + * Initializes a finite field over prime. **Non-primes are not supported.** + * Do not init in loop: slow. Very fragile: always run a benchmark on a change. + * Major performance optimizations: + * * a) denormalized operations like mulN instead of mul + * * b) same object shape: never add or remove keys + * * c) Object.freeze + * NOTE: operations don't check 'isValid' for all elements for performance reasons, + * it is caller responsibility to check this. + * This is low-level code, please make sure you know what you doing. + * @param ORDER prime positive bigint + * @param bitLen how many bits the field consumes + * @param isLE (def: false) if encoding / decoding should be in little-endian + * @param redef optional faster redefinitions of sqrt and other methods + */ +function Field(ORDER, bitLen, isLE = false, redef = {}) { + if (ORDER <= _0n$5) + throw new Error(`Expected Field ORDER > 0, got ${ORDER}`); + const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen); + if (BYTES > 2048) + throw new Error('Field lengths over 2048 bytes are not supported'); + const sqrtP = FpSqrt(ORDER); + const f = Object.freeze({ + ORDER, + BITS, + BYTES, + MASK: bitMask(BITS), + ZERO: _0n$5, + ONE: _1n$7, + create: (num) => mod(num, ORDER), + isValid: (num) => { + if (typeof num !== 'bigint') + throw new Error(`Invalid field element: expected bigint, got ${typeof num}`); + return _0n$5 <= num && num < ORDER; // 0 is valid element, but it's not invertible + }, + is0: (num) => num === _0n$5, + isOdd: (num) => (num & _1n$7) === _1n$7, + neg: (num) => mod(-num, ORDER), + eql: (lhs, rhs) => lhs === rhs, + sqr: (num) => mod(num * num, ORDER), + add: (lhs, rhs) => mod(lhs + rhs, ORDER), + sub: (lhs, rhs) => mod(lhs - rhs, ORDER), + mul: (lhs, rhs) => mod(lhs * rhs, ORDER), + pow: (num, power) => FpPow(f, num, power), + div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), + // Same as above, but doesn't normalize + sqrN: (num) => num * num, + addN: (lhs, rhs) => lhs + rhs, + subN: (lhs, rhs) => lhs - rhs, + mulN: (lhs, rhs) => lhs * rhs, + inv: (num) => invert(num, ORDER), + sqrt: redef.sqrt || ((n) => sqrtP(f, n)), + invertBatch: (lst) => FpInvertBatch(f, lst), + // TODO: do we really need constant cmov? + // We don't have const-time bigints anyway, so probably will be not very useful + cmov: (a, b, c) => (c ? b : a), + toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)), + fromBytes: (bytes) => { + if (bytes.length !== BYTES) + throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`); + return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes); + }, + }); + return Object.freeze(f); +} +/** + * Returns total number of bytes consumed by the field element. + * For example, 32 bytes for usual 256-bit weierstrass curve. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of field + */ +function getFieldBytesLength(fieldOrder) { + if (typeof fieldOrder !== 'bigint') + throw new Error('field order must be bigint'); + const bitLength = fieldOrder.toString(2).length; + return Math.ceil(bitLength / 8); +} +/** + * Returns minimal amount of bytes that can be safely reduced + * by field order. + * Should be 2^-128 for 128-bit curve such as P256. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of target hash + */ +function getMinHashLength(fieldOrder) { + const length = getFieldBytesLength(fieldOrder); + return length + Math.ceil(length / 2); +} +/** + * "Constant-time" private key generation utility. + * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF + * and convert them into private scalar, with the modulo bias being negligible. + * Needs at least 48 bytes of input for 32-byte private key. + * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/ + * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final + * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5 + * @param hash hash output from SHA3 or a similar function + * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n) + * @param isLE interpret hash bytes as LE num + * @returns valid private scalar + */ +function mapHashToField(key, fieldOrder, isLE = false) { + const len = key.length; + const fieldLen = getFieldBytesLength(fieldOrder); + const minLen = getMinHashLength(fieldOrder); + // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings. + if (len < 16 || len < minLen || len > 1024) + throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`); + const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key); + // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0 + const reduced = mod(num, fieldOrder - _1n$7) + _1n$7; + return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Abelian group utilities +const _0n$4 = BigInt(0); +const _1n$6 = BigInt(1); +// Since points in different groups cannot be equal (different object constructor), +// we can have single place to store precomputes +const pointPrecomputes = new WeakMap(); +const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside) +// Elliptic curve multiplication of Point by scalar. Fragile. +// Scalars should always be less than curve order: this should be checked inside of a curve itself. +// Creates precomputation tables for fast multiplication: +// - private scalar is split by fixed size windows of W bits +// - every window point is collected from window's table & added to accumulator +// - since windows are different, same point inside tables won't be accessed more than once per calc +// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar) +// - +1 window is neccessary for wNAF +// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication +// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow +// windows to be in different memory locations +function wNAF(c, bits) { + const constTimeNegate = (condition, item) => { + const neg = item.negate(); + return condition ? neg : item; + }; + const validateW = (W) => { + if (!Number.isSafeInteger(W) || W <= 0 || W > bits) + throw new Error(`Wrong window size=${W}, should be [1..${bits}]`); + }; + const opts = (W) => { + validateW(W); + const windows = Math.ceil(bits / W) + 1; // +1, because + const windowSize = 2 ** (W - 1); // -1 because we skip zero + return { windows, windowSize }; + }; + return { + constTimeNegate, + // non-const time multiplication ladder + unsafeLadder(elm, n) { + let p = c.ZERO; + let d = elm; + while (n > _0n$4) { + if (n & _1n$6) + p = p.add(d); + d = d.double(); + n >>= _1n$6; + } + return p; + }, + /** + * Creates a wNAF precomputation window. Used for caching. + * Default window size is set by `utils.precompute()` and is equal to 8. + * Number of precomputed points depends on the curve size: + * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: + * - 𝑊 is the window size + * - 𝑛 is the bitlength of the curve order. + * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. + * @returns precomputed point tables flattened to a single array + */ + precomputeWindow(elm, W) { + const { windows, windowSize } = opts(W); + const points = []; + let p = elm; + let base = p; + for (let window = 0; window < windows; window++) { + base = p; + points.push(base); + // =1, because we skip zero + for (let i = 1; i < windowSize; i++) { + base = base.add(p); + points.push(base); + } + p = base.double(); + } + return points; + }, + /** + * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. + * @param W window size + * @param precomputes precomputed tables + * @param n scalar (we don't check here, but should be less than curve order) + * @returns real and fake (for const-time) points + */ + wNAF(W, precomputes, n) { + // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise + // But need to carefully remove other checks before wNAF. ORDER == bits here + const { windows, windowSize } = opts(W); + let p = c.ZERO; + let f = c.BASE; + const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc. + const maxNumber = 2 ** W; + const shiftBy = BigInt(W); + for (let window = 0; window < windows; window++) { + const offset = window * windowSize; + // Extract W bits. + let wbits = Number(n & mask); + // Shift number by W bits. + n >>= shiftBy; + // If the bits are bigger than max size, we'll split those. + // +224 => 256 - 32 + if (wbits > windowSize) { + wbits -= maxNumber; + n += _1n$6; + } + // This code was first written with assumption that 'f' and 'p' will never be infinity point: + // since each addition is multiplied by 2 ** W, it cannot cancel each other. However, + // there is negate now: it is possible that negated element from low value + // would be the same as high element, which will create carry into next window. + // It's not obvious how this can fail, but still worth investigating later. + // Check if we're onto Zero point. + // Add random point inside current window to f. + const offset1 = offset; + const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero + const cond1 = window % 2 !== 0; + const cond2 = wbits < 0; + if (wbits === 0) { + // The most important part for const-time getPublicKey + f = f.add(constTimeNegate(cond1, precomputes[offset1])); + } + else { + p = p.add(constTimeNegate(cond2, precomputes[offset2])); + } + } + // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ() + // Even if the variable is still unused, there are some checks which will + // throw an exception, so compiler needs to prove they won't happen, which is hard. + // At this point there is a way to F be infinity-point even if p is not, + // which makes it less const-time: around 1 bigint multiply. + return { p, f }; + }, + wNAFCached(P, n, transform) { + const W = pointWindowSizes.get(P) || 1; + // Calculate precomputes on a first run, reuse them after + let comp = pointPrecomputes.get(P); + if (!comp) { + comp = this.precomputeWindow(P, W); + if (W !== 1) + pointPrecomputes.set(P, transform(comp)); + } + return this.wNAF(W, comp, n); + }, + // We calculate precomputes for elliptic curve point multiplication + // using windowed method. This specifies window size and + // stores precomputed values. Usually only base point would be precomputed. + setWindowSize(P, W) { + validateW(W); + pointWindowSizes.set(P, W); + pointPrecomputes.delete(P); + }, + }; +} +/** + * Pippenger algorithm for multi-scalar multiplication (MSM). + * MSM is basically (Pa + Qb + Rc + ...). + * 30x faster vs naive addition on L=4096, 10x faster with precomputes. + * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL. + * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0. + * @param c Curve Point constructor + * @param field field over CURVE.N - important that it's not over CURVE.P + * @param points array of L curve points + * @param scalars array of L scalars (aka private keys / bigints) + */ +function pippenger(c, field, points, scalars) { + // If we split scalars by some window (let's say 8 bits), every chunk will only + // take 256 buckets even if there are 4096 scalars, also re-uses double. + // TODO: + // - https://eprint.iacr.org/2024/750.pdf + // - https://tches.iacr.org/index.php/TCHES/article/view/10287 + // 0 is accepted in scalars + if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length) + throw new Error('arrays of points and scalars must have equal length'); + scalars.forEach((s, i) => { + if (!field.isValid(s)) + throw new Error(`wrong scalar at index ${i}`); + }); + points.forEach((p, i) => { + if (!(p instanceof c)) + throw new Error(`wrong point at index ${i}`); + }); + const wbits = bitLen(BigInt(points.length)); + const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits + const MASK = (1 << windowSize) - 1; + const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array + const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize; + let sum = c.ZERO; + for (let i = lastBits; i >= 0; i -= windowSize) { + buckets.fill(c.ZERO); + for (let j = 0; j < scalars.length; j++) { + const scalar = scalars[j]; + const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK)); + buckets[wbits] = buckets[wbits].add(points[j]); + } + let resI = c.ZERO; // not using this will do small speed-up, but will lose ct + // Skip first bucket, because it is zero + for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) { + sumI = sumI.add(buckets[j]); + resI = resI.add(sumI); + } + sum = sum.add(resI); + if (i !== 0) + for (let j = 0; j < windowSize; j++) + sum = sum.double(); + } + return sum; +} +function validateBasic(curve) { + validateField(curve.Fp); + validateObject(curve, { + n: 'bigint', + h: 'bigint', + Gx: 'field', + Gy: 'field', + }, { + nBitLength: 'isSafeInteger', + nByteLength: 'isSafeInteger', + }); + // Set defaults + return Object.freeze({ + ...nLength(curve.n, curve.nBitLength), + ...curve, + ...{ p: curve.Fp.ORDER }, + }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Short Weierstrass curve. The formula is: y² = x³ + ax + b +function validateSigVerOpts(opts) { + if (opts.lowS !== undefined) + abool('lowS', opts.lowS); + if (opts.prehash !== undefined) + abool('prehash', opts.prehash); +} +function validatePointOpts(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + a: 'field', + b: 'field', + }, { + allowedPrivateKeyLengths: 'array', + wrapPrivateKey: 'boolean', + isTorsionFree: 'function', + clearCofactor: 'function', + allowInfinityPoint: 'boolean', + fromBytes: 'function', + toBytes: 'function', + }); + const { endo, Fp, a } = opts; + if (endo) { + if (!Fp.eql(a, Fp.ZERO)) { + throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0'); + } + if (typeof endo !== 'object' || + typeof endo.beta !== 'bigint' || + typeof endo.splitScalar !== 'function') { + throw new Error('Expected endomorphism with beta: bigint and splitScalar: function'); + } + } + return Object.freeze({ ...opts }); +} +const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut; +/** + * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format: + * + * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S] + * + * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html + */ +const DER = { + // asn.1 DER encoding utils + Err: class DERErr extends Error { + constructor(m = '') { + super(m); + } + }, + // Basic building block is TLV (Tag-Length-Value) + _tlv: { + encode: (tag, data) => { + const { Err: E } = DER; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length & 1) + throw new E('tlv.encode: unpadded data'); + const dataLen = data.length / 2; + const len = numberToHexUnpadded(dataLen); + if ((len.length / 2) & 128) + throw new E('tlv.encode: long form length too big'); + // length of length with long form flag + const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : ''; + return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`; + }, + // v - value, l - left bytes (unparsed) + decode(tag, data) { + const { Err: E } = DER; + let pos = 0; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length < 2 || data[pos++] !== tag) + throw new E('tlv.decode: wrong tlv'); + const first = data[pos++]; + const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form + let length = 0; + if (!isLong) + length = first; + else { + // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)] + const lenLen = first & 127; + if (!lenLen) + throw new E('tlv.decode(long): indefinite length not supported'); + if (lenLen > 4) + throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js + const lengthBytes = data.subarray(pos, pos + lenLen); + if (lengthBytes.length !== lenLen) + throw new E('tlv.decode: length bytes not complete'); + if (lengthBytes[0] === 0) + throw new E('tlv.decode(long): zero leftmost byte'); + for (const b of lengthBytes) + length = (length << 8) | b; + pos += lenLen; + if (length < 128) + throw new E('tlv.decode(long): not minimal encoding'); + } + const v = data.subarray(pos, pos + length); + if (v.length !== length) + throw new E('tlv.decode: wrong value length'); + return { v, l: data.subarray(pos + length) }; + }, + }, + // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, + // since we always use positive integers here. It must always be empty: + // - add zero byte if exists + // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) + _int: { + encode(num) { + const { Err: E } = DER; + if (num < _0n$3) + throw new E('integer: negative integers are not allowed'); + let hex = numberToHexUnpadded(num); + // Pad with zero byte if negative flag is present + if (Number.parseInt(hex[0], 16) & 0b1000) + hex = '00' + hex; + if (hex.length & 1) + throw new E('unexpected assertion'); + return hex; + }, + decode(data) { + const { Err: E } = DER; + if (data[0] & 128) + throw new E('Invalid signature integer: negative'); + if (data[0] === 0x00 && !(data[1] & 128)) + throw new E('Invalid signature integer: unnecessary leading zero'); + return b2n(data); + }, + }, + toSig(hex) { + // parse DER signature + const { Err: E, _int: int, _tlv: tlv } = DER; + const data = typeof hex === 'string' ? h2b(hex) : hex; + abytes(data); + const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data); + if (seqLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes); + const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes); + if (sLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + return { r: int.decode(rBytes), s: int.decode(sBytes) }; + }, + hexFromSig(sig) { + const { _tlv: tlv, _int: int } = DER; + const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`; + return tlv.encode(0x30, seq); + }, +}; +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$3 = BigInt(0), _1n$5 = BigInt(1); BigInt(2); const _3n$1 = BigInt(3); BigInt(4); +function weierstrassPoints(opts) { + const CURVE = validatePointOpts(opts); + const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ + const Fn = Field(CURVE.n, CURVE.nBitLength); + const toBytes = CURVE.toBytes || + ((_c, point, _isCompressed) => { + const a = point.toAffine(); + return concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y)); + }); + const fromBytes = CURVE.fromBytes || + ((bytes) => { + // const head = bytes[0]; + const tail = bytes.subarray(1); + // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported'); + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + }); + /** + * y² = x³ + ax + b: Short weierstrass curve formula + * @returns y² + */ + function weierstrassEquation(x) { + const { a, b } = CURVE; + const x2 = Fp.sqr(x); // x * x + const x3 = Fp.mul(x2, x); // x2 * x + return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b + } + // Validate whether the passed curve params are valid. + // We check if curve equation works for generator point. + // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381. + // ProjectivePoint class has not been initialized yet. + if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx))) + throw new Error('bad generator point: equation left != right'); + // Valid group elements reside in range 1..n-1 + function isWithinCurveOrder(num) { + return inRange(num, _1n$5, CURVE.n); + } + // Validates if priv key is valid and converts it to bigint. + // Supports options allowedPrivateKeyLengths and wrapPrivateKey. + function normPrivateKeyToScalar(key) { + const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE; + if (lengths && typeof key !== 'bigint') { + if (isBytes(key)) + key = bytesToHex(key); + // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes + if (typeof key !== 'string' || !lengths.includes(key.length)) + throw new Error('Invalid key'); + key = key.padStart(nByteLength * 2, '0'); + } + let num; + try { + num = + typeof key === 'bigint' + ? key + : bytesToNumberBE(ensureBytes('private key', key, nByteLength)); + } + catch (error) { + throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`); + } + if (wrapPrivateKey) + num = mod(num, N); // disabled by default, enabled for BLS + aInRange('private key', num, _1n$5, N); // num in range [1..N-1] + return num; + } + function assertPrjPoint(other) { + if (!(other instanceof Point)) + throw new Error('ProjectivePoint expected'); + } + // Memoized toAffine / validity check. They are heavy. Points are immutable. + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + const toAffineMemo = memoized((p, iz) => { + const { px: x, py: y, pz: z } = p; + // Fast-path for normalized points + if (Fp.eql(z, Fp.ONE)) + return { x, y }; + const is0 = p.is0(); + // If invZ was 0, we return zero point. However we still want to execute + // all operations, so we replace invZ with a random number, 1. + if (iz == null) + iz = is0 ? Fp.ONE : Fp.inv(z); + const ax = Fp.mul(x, iz); + const ay = Fp.mul(y, iz); + const zz = Fp.mul(z, iz); + if (is0) + return { x: Fp.ZERO, y: Fp.ZERO }; + if (!Fp.eql(zz, Fp.ONE)) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + // NOTE: on exception this will crash 'cached' and no value will be set. + // Otherwise true will be return + const assertValidMemo = memoized((p) => { + if (p.is0()) { + // (0, 1, 0) aka ZERO is invalid in most contexts. + // In BLS, ZERO can be serialized, so we allow it. + // (0, 0, 0) is wrong representation of ZERO and is always invalid. + if (CURVE.allowInfinityPoint && !Fp.is0(p.py)) + return; + throw new Error('bad point: ZERO'); + } + // Some 3rd-party test vectors require different wording between here & `fromCompressedHex` + const { x, y } = p.toAffine(); + // Check if x, y are valid field elements + if (!Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('bad point: x or y not FE'); + const left = Fp.sqr(y); // y² + const right = weierstrassEquation(x); // x³ + ax + b + if (!Fp.eql(left, right)) + throw new Error('bad point: equation left != right'); + if (!p.isTorsionFree()) + throw new Error('bad point: not in prime-order subgroup'); + return true; + }); + /** + * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z) + * Default Point works in 2d / affine coordinates: (x, y) + * We're doing calculations in projective, because its operations don't require costly inversion. + */ + class Point { + constructor(px, py, pz) { + this.px = px; + this.py = py; + this.pz = pz; + if (px == null || !Fp.isValid(px)) + throw new Error('x required'); + if (py == null || !Fp.isValid(py)) + throw new Error('y required'); + if (pz == null || !Fp.isValid(pz)) + throw new Error('z required'); + Object.freeze(this); + } + // Does not validate if the point is on-curve. + // Use fromHex instead, or call assertValidity() later. + static fromAffine(p) { + const { x, y } = p || {}; + if (!p || !Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('invalid affine point'); + if (p instanceof Point) + throw new Error('projective point not allowed'); + const is0 = (i) => Fp.eql(i, Fp.ZERO); + // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0) + if (is0(x) && is0(y)) + return Point.ZERO; + return new Point(x, y, Fp.ONE); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + /** + * Takes a bunch of Projective Points but executes only one + * inversion on all of them. Inversion is very slow operation, + * so this improves performance massively. + * Optimization: converts a list of projective points to a list of identical points with Z=1. + */ + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.pz)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + /** + * Converts hash string or Uint8Array to Point. + * @param hex short/long ECDSA hex + */ + static fromHex(hex) { + const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex))); + P.assertValidity(); + return P; + } + // Multiplies generator point by privateKey. + static fromPrivateKey(privateKey) { + return Point.BASE.multiply(normPrivateKeyToScalar(privateKey)); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // A point on curve is valid if it conforms to equation. + assertValidity() { + assertValidMemo(this); + } + hasEvenY() { + const { y } = this.toAffine(); + if (Fp.isOdd) + return !Fp.isOdd(y); + throw new Error("Field doesn't support isOdd"); + } + /** + * Compare one point to another. + */ + equals(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1)); + const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1)); + return U1 && U2; + } + /** + * Flips point to one corresponding to (x, -y) in Affine coordinates. + */ + negate() { + return new Point(this.px, Fp.neg(this.py), this.pz); + } + // Renes-Costello-Batina exception-free doubling formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 3 + // Cost: 8M + 3S + 3*a + 2*b3 + 15add. + double() { + const { a, b } = CURVE; + const b3 = Fp.mul(b, _3n$1); + const { px: X1, py: Y1, pz: Z1 } = this; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + let t0 = Fp.mul(X1, X1); // step 1 + let t1 = Fp.mul(Y1, Y1); + let t2 = Fp.mul(Z1, Z1); + let t3 = Fp.mul(X1, Y1); + t3 = Fp.add(t3, t3); // step 5 + Z3 = Fp.mul(X1, Z1); + Z3 = Fp.add(Z3, Z3); + X3 = Fp.mul(a, Z3); + Y3 = Fp.mul(b3, t2); + Y3 = Fp.add(X3, Y3); // step 10 + X3 = Fp.sub(t1, Y3); + Y3 = Fp.add(t1, Y3); + Y3 = Fp.mul(X3, Y3); + X3 = Fp.mul(t3, X3); + Z3 = Fp.mul(b3, Z3); // step 15 + t2 = Fp.mul(a, t2); + t3 = Fp.sub(t0, t2); + t3 = Fp.mul(a, t3); + t3 = Fp.add(t3, Z3); + Z3 = Fp.add(t0, t0); // step 20 + t0 = Fp.add(Z3, t0); + t0 = Fp.add(t0, t2); + t0 = Fp.mul(t0, t3); + Y3 = Fp.add(Y3, t0); + t2 = Fp.mul(Y1, Z1); // step 25 + t2 = Fp.add(t2, t2); + t0 = Fp.mul(t2, t3); + X3 = Fp.sub(X3, t0); + Z3 = Fp.mul(t2, t1); + Z3 = Fp.add(Z3, Z3); // step 30 + Z3 = Fp.add(Z3, Z3); + return new Point(X3, Y3, Z3); + } + // Renes-Costello-Batina exception-free addition formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 1 + // Cost: 12M + 0S + 3*a + 3*b3 + 23add. + add(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + const a = CURVE.a; + const b3 = Fp.mul(CURVE.b, _3n$1); + let t0 = Fp.mul(X1, X2); // step 1 + let t1 = Fp.mul(Y1, Y2); + let t2 = Fp.mul(Z1, Z2); + let t3 = Fp.add(X1, Y1); + let t4 = Fp.add(X2, Y2); // step 5 + t3 = Fp.mul(t3, t4); + t4 = Fp.add(t0, t1); + t3 = Fp.sub(t3, t4); + t4 = Fp.add(X1, Z1); + let t5 = Fp.add(X2, Z2); // step 10 + t4 = Fp.mul(t4, t5); + t5 = Fp.add(t0, t2); + t4 = Fp.sub(t4, t5); + t5 = Fp.add(Y1, Z1); + X3 = Fp.add(Y2, Z2); // step 15 + t5 = Fp.mul(t5, X3); + X3 = Fp.add(t1, t2); + t5 = Fp.sub(t5, X3); + Z3 = Fp.mul(a, t4); + X3 = Fp.mul(b3, t2); // step 20 + Z3 = Fp.add(X3, Z3); + X3 = Fp.sub(t1, Z3); + Z3 = Fp.add(t1, Z3); + Y3 = Fp.mul(X3, Z3); + t1 = Fp.add(t0, t0); // step 25 + t1 = Fp.add(t1, t0); + t2 = Fp.mul(a, t2); + t4 = Fp.mul(b3, t4); + t1 = Fp.add(t1, t2); + t2 = Fp.sub(t0, t2); // step 30 + t2 = Fp.mul(a, t2); + t4 = Fp.add(t4, t2); + t0 = Fp.mul(t1, t4); + Y3 = Fp.add(Y3, t0); + t0 = Fp.mul(t5, t4); // step 35 + X3 = Fp.mul(t3, X3); + X3 = Fp.sub(X3, t0); + t0 = Fp.mul(t3, t1); + Z3 = Fp.mul(t5, Z3); + Z3 = Fp.add(Z3, t0); // step 40 + return new Point(X3, Y3, Z3); + } + subtract(other) { + return this.add(other.negate()); + } + is0() { + return this.equals(Point.ZERO); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + /** + * Non-constant-time multiplication. Uses double-and-add algorithm. + * It's faster, but should only be used when you don't care about + * an exposed private key e.g. sig verification, which works over *public* keys. + */ + multiplyUnsafe(sc) { + aInRange('scalar', sc, _0n$3, CURVE.n); + const I = Point.ZERO; + if (sc === _0n$3) + return I; + if (sc === _1n$5) + return this; + const { endo } = CURVE; + if (!endo) + return wnaf.unsafeLadder(this, sc); + // Apply endomorphism + let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc); + let k1p = I; + let k2p = I; + let d = this; + while (k1 > _0n$3 || k2 > _0n$3) { + if (k1 & _1n$5) + k1p = k1p.add(d); + if (k2 & _1n$5) + k2p = k2p.add(d); + d = d.double(); + k1 >>= _1n$5; + k2 >>= _1n$5; + } + if (k1neg) + k1p = k1p.negate(); + if (k2neg) + k2p = k2p.negate(); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + return k1p.add(k2p); + } + /** + * Constant time multiplication. + * Uses wNAF method. Windowed method may be 10% faster, + * but takes 2x longer to generate and consumes 2x memory. + * Uses precomputes when available. + * Uses endomorphism for Koblitz curves. + * @param scalar by which the point would be multiplied + * @returns New point + */ + multiply(scalar) { + const { endo, n: N } = CURVE; + aInRange('scalar', scalar, _1n$5, N); + let point, fake; // Fake point is used to const-time mult + if (endo) { + const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar); + let { p: k1p, f: f1p } = this.wNAF(k1); + let { p: k2p, f: f2p } = this.wNAF(k2); + k1p = wnaf.constTimeNegate(k1neg, k1p); + k2p = wnaf.constTimeNegate(k2neg, k2p); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + point = k1p.add(k2p); + fake = f1p.add(f2p); + } + else { + const { p, f } = this.wNAF(scalar); + point = p; + fake = f; + } + // Normalize `z` for both points, but return only real one + return Point.normalizeZ([point, fake])[0]; + } + /** + * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly. + * Not using Strauss-Shamir trick: precomputation tables are faster. + * The trick could be useful if both P and Q are not G (not in our case). + * @returns non-zero affine point + */ + multiplyAndAddUnsafe(Q, a, b) { + const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes + const mul = (P, a // Select faster multiply() method + ) => (a === _0n$3 || a === _1n$5 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a)); + const sum = mul(this, a).add(mul(Q, b)); + return sum.is0() ? undefined : sum; + } + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + toAffine(iz) { + return toAffineMemo(this, iz); + } + isTorsionFree() { + const { h: cofactor, isTorsionFree } = CURVE; + if (cofactor === _1n$5) + return true; // No subgroups, always torsion-free + if (isTorsionFree) + return isTorsionFree(Point, this); + throw new Error('isTorsionFree() has not been declared for the elliptic curve'); + } + clearCofactor() { + const { h: cofactor, clearCofactor } = CURVE; + if (cofactor === _1n$5) + return this; // Fast-path + if (clearCofactor) + return clearCofactor(Point, this); + return this.multiplyUnsafe(CURVE.h); + } + toRawBytes(isCompressed = true) { + abool('isCompressed', isCompressed); + this.assertValidity(); + return toBytes(Point, this, isCompressed); + } + toHex(isCompressed = true) { + abool('isCompressed', isCompressed); + return bytesToHex(this.toRawBytes(isCompressed)); + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); + Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); + const _bits = CURVE.nBitLength; + const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); + // Validate if generator point is on curve + return { + CURVE, + ProjectivePoint: Point, + normPrivateKeyToScalar, + weierstrassEquation, + isWithinCurveOrder, + }; +} +function validateOpts$2(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + hash: 'hash', + hmac: 'function', + randomBytes: 'function', + }, { + bits2int: 'function', + bits2int_modN: 'function', + lowS: 'boolean', + }); + return Object.freeze({ lowS: true, ...opts }); +} +/** + * Creates short weierstrass curve and ECDSA signature methods for it. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, b, p, n, Gx, Gy + * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n }) + */ +function weierstrass(curveDef) { + const CURVE = validateOpts$2(curveDef); + const { Fp, n: CURVE_ORDER } = CURVE; + const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32 + const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32 + function modN(a) { + return mod(a, CURVE_ORDER); + } + function invN(a) { + return invert(a, CURVE_ORDER); + } + const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({ + ...CURVE, + toBytes(_c, point, isCompressed) { + const a = point.toAffine(); + const x = Fp.toBytes(a.x); + const cat = concatBytes; + abool('isCompressed', isCompressed); + if (isCompressed) { + return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x); + } + else { + return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y)); + } + }, + fromBytes(bytes) { + const len = bytes.length; + const head = bytes[0]; + const tail = bytes.subarray(1); + // this.assertValidity() is done inside of fromHex + if (len === compressedLen && (head === 0x02 || head === 0x03)) { + const x = bytesToNumberBE(tail); + if (!inRange(x, _1n$5, Fp.ORDER)) + throw new Error('Point is not on curve'); + const y2 = weierstrassEquation(x); // y² = x³ + ax + b + let y; + try { + y = Fp.sqrt(y2); // y = y² ^ (p+1)/4 + } + catch (sqrtError) { + const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : ''; + throw new Error('Point is not on curve' + suffix); + } + const isYOdd = (y & _1n$5) === _1n$5; + // ECDSA + const isHeadOdd = (head & 1) === 1; + if (isHeadOdd !== isYOdd) + y = Fp.neg(y); + return { x, y }; + } + else if (len === uncompressedLen && head === 0x04) { + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + } + else { + throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`); + } + }, + }); + const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength)); + function isBiggerThanHalfOrder(number) { + const HALF = CURVE_ORDER >> _1n$5; + return number > HALF; + } + function normalizeS(s) { + return isBiggerThanHalfOrder(s) ? modN(-s) : s; + } + // slice bytes num + const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to)); + /** + * ECDSA signature with its (r, s) properties. Supports DER & compact representations. + */ + class Signature { + constructor(r, s, recovery) { + this.r = r; + this.s = s; + this.recovery = recovery; + this.assertValidity(); + } + // pair (bytes of r, bytes of s) + static fromCompact(hex) { + const l = CURVE.nByteLength; + hex = ensureBytes('compactSignature', hex, l * 2); + return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l)); + } + // DER encoded ECDSA signature + // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script + static fromDER(hex) { + const { r, s } = DER.toSig(ensureBytes('DER', hex)); + return new Signature(r, s); + } + assertValidity() { + aInRange('r', this.r, _1n$5, CURVE_ORDER); // r in [1..N] + aInRange('s', this.s, _1n$5, CURVE_ORDER); // s in [1..N] + } + addRecoveryBit(recovery) { + return new Signature(this.r, this.s, recovery); + } + recoverPublicKey(msgHash) { + const { r, s, recovery: rec } = this; + const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash + if (rec == null || ![0, 1, 2, 3].includes(rec)) + throw new Error('recovery id invalid'); + const radj = rec === 2 || rec === 3 ? r + CURVE.n : r; + if (radj >= Fp.ORDER) + throw new Error('recovery id 2 or 3 invalid'); + const prefix = (rec & 1) === 0 ? '02' : '03'; + const R = Point.fromHex(prefix + numToNByteStr(radj)); + const ir = invN(radj); // r^-1 + const u1 = modN(-h * ir); // -hr^-1 + const u2 = modN(s * ir); // sr^-1 + const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1) + if (!Q) + throw new Error('point at infinify'); // unsafe is fine: no priv data leaked + Q.assertValidity(); + return Q; + } + // Signatures should be low-s, to prevent malleability. + hasHighS() { + return isBiggerThanHalfOrder(this.s); + } + normalizeS() { + return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this; + } + // DER-encoded + toDERRawBytes() { + return hexToBytes(this.toDERHex()); + } + toDERHex() { + return DER.hexFromSig({ r: this.r, s: this.s }); + } + // padded bytes of r, then padded bytes of s + toCompactRawBytes() { + return hexToBytes(this.toCompactHex()); + } + toCompactHex() { + return numToNByteStr(this.r) + numToNByteStr(this.s); + } + } + const utils = { + isValidPrivateKey(privateKey) { + try { + normPrivateKeyToScalar(privateKey); + return true; + } + catch (error) { + return false; + } + }, + normPrivateKeyToScalar: normPrivateKeyToScalar, + /** + * Produces cryptographically secure private key from random of size + * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible. + */ + randomPrivateKey: () => { + const length = getMinHashLength(CURVE.n); + return mapHashToField(CURVE.randomBytes(length), CURVE.n); + }, + /** + * Creates precompute table for an arbitrary EC point. Makes point "cached". + * Allows to massively speed-up `point.multiply(scalar)`. + * @returns cached point + * @example + * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey)); + * fast.multiply(privKey); // much faster ECDH now + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here + return point; + }, + }; + /** + * Computes public key for a private key. Checks for validity of the private key. + * @param privateKey private key + * @param isCompressed whether to return compact (default), or full key + * @returns Public key, full when isCompressed=false; short when isCompressed=true + */ + function getPublicKey(privateKey, isCompressed = true) { + return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed); + } + /** + * Quick and dirty check for item being public key. Does not validate hex, or being on-curve. + */ + function isProbPub(item) { + const arr = isBytes(item); + const str = typeof item === 'string'; + const len = (arr || str) && item.length; + if (arr) + return len === compressedLen || len === uncompressedLen; + if (str) + return len === 2 * compressedLen || len === 2 * uncompressedLen; + if (item instanceof Point) + return true; + return false; + } + /** + * ECDH (Elliptic Curve Diffie Hellman). + * Computes shared public key from private key and public key. + * Checks: 1) private key validity 2) shared key is on-curve. + * Does NOT hash the result. + * @param privateA private key + * @param publicB different public key + * @param isCompressed whether to return compact (default), or full key + * @returns shared public key + */ + function getSharedSecret(privateA, publicB, isCompressed = true) { + if (isProbPub(privateA)) + throw new Error('first arg must be private key'); + if (!isProbPub(publicB)) + throw new Error('second arg must be public key'); + const b = Point.fromHex(publicB); // check for being on-curve + return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed); + } + // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets. + // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int. + // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same. + // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors + const bits2int = CURVE.bits2int || + function (bytes) { + // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m) + // for some cases, since bytes.length * 8 is not actual bitLength. + const num = bytesToNumberBE(bytes); // check for == u8 done here + const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits + return delta > 0 ? num >> BigInt(delta) : num; + }; + const bits2int_modN = CURVE.bits2int_modN || + function (bytes) { + return modN(bits2int(bytes)); // can't use bytesToNumberBE here + }; + // NOTE: pads output with zero as per spec + const ORDER_MASK = bitMask(CURVE.nBitLength); + /** + * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`. + */ + function int2octets(num) { + aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n$3, ORDER_MASK); + // works with order, can have different size than numToField! + return numberToBytesBE(num, CURVE.nByteLength); + } + // Steps A, D of RFC6979 3.2 + // Creates RFC6979 seed; converts msg/privKey to numbers. + // Used only in sign, not in verify. + // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521. + // Also it can be bigger for P224 + SHA256 + function prepSig(msgHash, privateKey, opts = defaultSigOpts) { + if (['recovered', 'canonical'].some((k) => k in opts)) + throw new Error('sign() legacy options not supported'); + const { hash, randomBytes } = CURVE; + let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default + if (lowS == null) + lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash + msgHash = ensureBytes('msgHash', msgHash); + validateSigVerOpts(opts); + if (prehash) + msgHash = ensureBytes('prehashed msgHash', hash(msgHash)); + // We can't later call bits2octets, since nested bits2int is broken for curves + // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call. + // const bits2octets = (bits) => int2octets(bits2int_modN(bits)) + const h1int = bits2int_modN(msgHash); + const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint + const seedArgs = [int2octets(d), int2octets(h1int)]; + // extraEntropy. RFC6979 3.6: additional k' (optional). + if (ent != null && ent !== false) { + // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') + const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is + seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes + } + const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2 + const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash! + // Converts signature params into point w r/s, checks result for validity. + function k2sig(kBytes) { + // RFC 6979 Section 3.2, step 3: k = bits2int(T) + const k = bits2int(kBytes); // Cannot use fields methods, since it is group element + if (!isWithinCurveOrder(k)) + return; // Important: all mod() calls here must be done over N + const ik = invN(k); // k^-1 mod n + const q = Point.BASE.multiply(k).toAffine(); // q = Gk + const r = modN(q.x); // r = q.x mod n + if (r === _0n$3) + return; + // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to + // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it: + // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT + const s = modN(ik * modN(m + r * d)); // Not using blinding here + if (s === _0n$3) + return; + let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$5); // recovery bit (2 or 3, when q.x > n) + let normS = s; + if (lowS && isBiggerThanHalfOrder(s)) { + normS = normalizeS(s); // if lowS was passed, ensure s is always + recovery ^= 1; // // in the bottom half of N + } + return new Signature(r, normS, recovery); // use normS, not s + } + return { seed, k2sig }; + } + const defaultSigOpts = { lowS: CURVE.lowS, prehash: false }; + const defaultVerOpts = { lowS: CURVE.lowS, prehash: false }; + /** + * Signs message hash with a private key. + * ``` + * sign(m, d, k) where + * (x, y) = G × k + * r = x mod n + * s = (m + dr)/k mod n + * ``` + * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`. + * @param privKey private key + * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg. + * @returns signature with recovery param + */ + function sign(msgHash, privKey, opts = defaultSigOpts) { + const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2. + const C = CURVE; + const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac); + return drbg(seed, k2sig); // Steps B, C, D, E, F, G + } + // Enable precomputes. Slows down first publicKey computation by 20ms. + Point.BASE._setWindowSize(8); + // utils.precompute(8, ProjectivePoint.BASE) + /** + * Verifies a signature against message hash and public key. + * Rejects lowS signatures by default: to override, + * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf: + * + * ``` + * verify(r, s, h, P) where + * U1 = hs^-1 mod n + * U2 = rs^-1 mod n + * R = U1⋅G - U2⋅P + * mod(R.x, n) == r + * ``` + */ + function verify(signature, msgHash, publicKey, opts = defaultVerOpts) { + const sg = signature; + msgHash = ensureBytes('msgHash', msgHash); + publicKey = ensureBytes('publicKey', publicKey); + if ('strict' in opts) + throw new Error('options.strict was renamed to lowS'); + validateSigVerOpts(opts); + const { lowS, prehash } = opts; + let _sig = undefined; + let P; + try { + if (typeof sg === 'string' || isBytes(sg)) { + // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). + // Since DER can also be 2*nByteLength bytes, we check for it first. + try { + _sig = Signature.fromDER(sg); + } + catch (derError) { + if (!(derError instanceof DER.Err)) + throw derError; + _sig = Signature.fromCompact(sg); + } + } + else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') { + const { r, s } = sg; + _sig = new Signature(r, s); + } + else { + throw new Error('PARSE'); + } + P = Point.fromHex(publicKey); + } + catch (error) { + if (error.message === 'PARSE') + throw new Error(`signature must be Signature instance, Uint8Array or hex string`); + return false; + } + if (lowS && _sig.hasHighS()) + return false; + if (prehash) + msgHash = CURVE.hash(msgHash); + const { r, s } = _sig; + const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element + const is = invN(s); // s^-1 + const u1 = modN(h * is); // u1 = hs^-1 mod n + const u2 = modN(r * is); // u2 = rs^-1 mod n + const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P + if (!R) + return false; + const v = modN(R.x); + return v === r; + } + return { + CURVE, + getPublicKey, + getSharedSecret, + sign, + verify, + ProjectivePoint: Point, + Signature, + utils, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// connects noble-curves to noble-hashes +function getHash(hash) { + return { + hash, + hmac: (key, ...msgs) => hmac(hash, key, concatBytes$1(...msgs)), + randomBytes, + }; +} +function createCurve(curveDef, defHash) { + const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); + return Object.freeze({ ...create(defHash), create }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp256r1 aka p256 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 +const Fp$7 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')); +const CURVE_A$4 = Fp$7.create(BigInt('-3')); +const CURVE_B$4 = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'); +// prettier-ignore +const p256 = createCurve({ + a: CURVE_A$4, // Equation params: a, b + b: CURVE_B$4, + Fp: Fp$7, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n + // Curve order, total count of valid points in the field + n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'), + // Base (generator) point (x, y) + Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'), + Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'), + h: BigInt(1), + lowS: false, +}, sha256); + +const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1); +const _32n = /* @__PURE__ */ BigInt(32); +// We are not using BigUint64Array, because they are extremely slow as per 2022 +function fromBig(n, le = false) { + if (le) + return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) }; + return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 }; +} +function split(lst, le = false) { + let Ah = new Uint32Array(lst.length); + let Al = new Uint32Array(lst.length); + for (let i = 0; i < lst.length; i++) { + const { h, l } = fromBig(lst[i], le); + [Ah[i], Al[i]] = [h, l]; + } + return [Ah, Al]; +} +const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0); +// for Shift in [0, 32) +const shrSH = (h, _l, s) => h >>> s; +const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in [1, 32) +const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s)); +const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32)); +const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s)); +// Right rotate for shift===32 (just swaps l&h) +const rotr32H = (_h, l) => l; +const rotr32L = (h, _l) => h; +// Left rotate for Shift in [1, 32) +const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s)); +const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s)); +// Left rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s)); +const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s)); +// JS uses 32-bit signed integers for bitwise operations which means we cannot +// simple take carry out of low bit sum by shift, we need to use division. +function add(Ah, Al, Bh, Bl) { + const l = (Al >>> 0) + (Bl >>> 0); + return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 }; +} +// Addition with more than 2 elements +const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0); +const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0; +const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0); +const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0; +const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0); +const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0; +// prettier-ignore +const u64 = { + fromBig, split, toBig, + shrSH, shrSL, + rotrSH, rotrSL, rotrBH, rotrBL, + rotr32H, rotr32L, + rotlSH, rotlSL, rotlBH, rotlBL, + add, add3L, add3H, add4L, add4H, add5H, add5L, +}; + +// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409): +// prettier-ignore +const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([ + '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc', + '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118', + '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2', + '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694', + '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65', + '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5', + '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4', + '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70', + '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df', + '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b', + '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30', + '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8', + '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8', + '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3', + '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec', + '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b', + '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178', + '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b', + '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c', + '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817' +].map(n => BigInt(n))))(); +// Temporary buffer, not used to store anything between runs +const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80); +const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80); +class SHA512 extends HashMD { + constructor() { + super(128, 64, 16, false); + // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers. + // Also looks cleaner and easier to verify with spec. + // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19): + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0x6a09e667 | 0; + this.Al = 0xf3bcc908 | 0; + this.Bh = 0xbb67ae85 | 0; + this.Bl = 0x84caa73b | 0; + this.Ch = 0x3c6ef372 | 0; + this.Cl = 0xfe94f82b | 0; + this.Dh = 0xa54ff53a | 0; + this.Dl = 0x5f1d36f1 | 0; + this.Eh = 0x510e527f | 0; + this.El = 0xade682d1 | 0; + this.Fh = 0x9b05688c | 0; + this.Fl = 0x2b3e6c1f | 0; + this.Gh = 0x1f83d9ab | 0; + this.Gl = 0xfb41bd6b | 0; + this.Hh = 0x5be0cd19 | 0; + this.Hl = 0x137e2179 | 0; + } + // prettier-ignore + get() { + const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl]; + } + // prettier-ignore + set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) { + this.Ah = Ah | 0; + this.Al = Al | 0; + this.Bh = Bh | 0; + this.Bl = Bl | 0; + this.Ch = Ch | 0; + this.Cl = Cl | 0; + this.Dh = Dh | 0; + this.Dl = Dl | 0; + this.Eh = Eh | 0; + this.El = El | 0; + this.Fh = Fh | 0; + this.Fl = Fl | 0; + this.Gh = Gh | 0; + this.Gl = Gl | 0; + this.Hh = Hh | 0; + this.Hl = Hl | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) { + SHA512_W_H[i] = view.getUint32(offset); + SHA512_W_L[i] = view.getUint32((offset += 4)); + } + for (let i = 16; i < 80; i++) { + // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7) + const W15h = SHA512_W_H[i - 15] | 0; + const W15l = SHA512_W_L[i - 15] | 0; + const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7); + const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7); + // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6) + const W2h = SHA512_W_H[i - 2] | 0; + const W2l = SHA512_W_L[i - 2] | 0; + const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6); + const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6); + // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16]; + const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]); + const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]); + SHA512_W_H[i] = SUMh | 0; + SHA512_W_L[i] = SUMl | 0; + } + let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + // Compression function main loop, 80 rounds + for (let i = 0; i < 80; i++) { + // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41) + const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41); + const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41); + //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const CHIh = (Eh & Fh) ^ (~Eh & Gh); + const CHIl = (El & Fl) ^ (~El & Gl); + // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i] + // prettier-ignore + const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]); + const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]); + const T1l = T1ll | 0; + // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39) + const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39); + const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39); + const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch); + const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl); + Hh = Gh | 0; + Hl = Gl | 0; + Gh = Fh | 0; + Gl = Fl | 0; + Fh = Eh | 0; + Fl = El | 0; + ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0)); + Dh = Ch | 0; + Dl = Cl | 0; + Ch = Bh | 0; + Cl = Bl | 0; + Bh = Ah | 0; + Bl = Al | 0; + const All = u64.add3L(T1l, sigma0l, MAJl); + Ah = u64.add3H(All, T1h, sigma0h, MAJh); + Al = All | 0; + } + // Add the compressed chunk to the current hash value + ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0)); + ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0)); + ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0)); + ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0)); + ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0)); + ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0)); + ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0)); + ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0)); + this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl); + } + roundClean() { + SHA512_W_H.fill(0); + SHA512_W_L.fill(0); + } + destroy() { + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + } +} +class SHA384 extends SHA512 { + constructor() { + super(); + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0xcbbb9d5d | 0; + this.Al = 0xc1059ed8 | 0; + this.Bh = 0x629a292a | 0; + this.Bl = 0x367cd507 | 0; + this.Ch = 0x9159015a | 0; + this.Cl = 0x3070dd17 | 0; + this.Dh = 0x152fecd8 | 0; + this.Dl = 0xf70e5939 | 0; + this.Eh = 0x67332667 | 0; + this.El = 0xffc00b31 | 0; + this.Fh = 0x8eb44a87 | 0; + this.Fl = 0x68581511 | 0; + this.Gh = 0xdb0c2e0d | 0; + this.Gl = 0x64f98fa7 | 0; + this.Hh = 0x47b5481d | 0; + this.Hl = 0xbefa4fa4 | 0; + this.outputLen = 48; + } +} +const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512()); +const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384()); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp384r1 aka p384 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 +// Field over which we'll do calculations. +// prettier-ignore +const P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'); +const Fp$6 = Field(P$1); +const CURVE_A$3 = Fp$6.create(BigInt('-3')); +// prettier-ignore +const CURVE_B$3 = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'); +// prettier-ignore +const p384 = createCurve({ + a: CURVE_A$3, // Equation params: a, b + b: CURVE_B$3, + Fp: Fp$6, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n + // Curve order, total count of valid points in the field. + n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'), + // Base (generator) point (x, y) + Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'), + Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'), + h: BigInt(1), + lowS: false, +}, sha384); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp521r1 aka p521 +// Note that it's 521, which differs from 512 of its hash function. +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521 +// Field over which we'll do calculations. +// prettier-ignore +const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); +const Fp$5 = Field(P); +const CURVE = { + a: Fp$5.create(BigInt('-3')), + b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'), + Fp: Fp$5, + n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'), + Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'), + Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'), + h: BigInt(1), +}; +// prettier-ignore +const p521 = createCurve({ + a: CURVE.a, // Equation params: a, b + b: CURVE.b, + Fp: Fp$5, // Field: 2n**521n - 1n + // Curve order, total count of valid points in the field + n: CURVE.n, + Gx: CURVE.Gx, // Base point (x, y) aka generator point + Gy: CURVE.Gy, + h: CURVE.h, + lowS: false, + allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b +}, sha512); + +// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size. +// It's called a sponge function. +// Various per round constants calculations +const SHA3_PI = []; +const SHA3_ROTL = []; +const _SHA3_IOTA = []; +const _0n$2 = /* @__PURE__ */ BigInt(0); +const _1n$4 = /* @__PURE__ */ BigInt(1); +const _2n$3 = /* @__PURE__ */ BigInt(2); +const _7n = /* @__PURE__ */ BigInt(7); +const _256n = /* @__PURE__ */ BigInt(256); +const _0x71n = /* @__PURE__ */ BigInt(0x71); +for (let round = 0, R = _1n$4, x = 1, y = 0; round < 24; round++) { + // Pi + [x, y] = [y, (2 * x + 3 * y) % 5]; + SHA3_PI.push(2 * (5 * y + x)); + // Rotational + SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64); + // Iota + let t = _0n$2; + for (let j = 0; j < 7; j++) { + R = ((R << _1n$4) ^ ((R >> _7n) * _0x71n)) % _256n; + if (R & _2n$3) + t ^= _1n$4 << ((_1n$4 << /* @__PURE__ */ BigInt(j)) - _1n$4); + } + _SHA3_IOTA.push(t); +} +const [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true); +// Left rotation (without 0, 32, 64) +const rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s)); +const rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s)); +// Same as keccakf1600, but allows to skip some rounds +function keccakP(s, rounds = 24) { + const B = new Uint32Array(5 * 2); + // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js) + for (let round = 24 - rounds; round < 24; round++) { + // Theta θ + for (let x = 0; x < 10; x++) + B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40]; + for (let x = 0; x < 10; x += 2) { + const idx1 = (x + 8) % 10; + const idx0 = (x + 2) % 10; + const B0 = B[idx0]; + const B1 = B[idx0 + 1]; + const Th = rotlH(B0, B1, 1) ^ B[idx1]; + const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1]; + for (let y = 0; y < 50; y += 10) { + s[x + y] ^= Th; + s[x + y + 1] ^= Tl; + } + } + // Rho (ρ) and Pi (π) + let curH = s[2]; + let curL = s[3]; + for (let t = 0; t < 24; t++) { + const shift = SHA3_ROTL[t]; + const Th = rotlH(curH, curL, shift); + const Tl = rotlL(curH, curL, shift); + const PI = SHA3_PI[t]; + curH = s[PI]; + curL = s[PI + 1]; + s[PI] = Th; + s[PI + 1] = Tl; + } + // Chi (χ) + for (let y = 0; y < 50; y += 10) { + for (let x = 0; x < 10; x++) + B[x] = s[y + x]; + for (let x = 0; x < 10; x++) + s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10]; + } + // Iota (ι) + s[0] ^= SHA3_IOTA_H[round]; + s[1] ^= SHA3_IOTA_L[round]; + } + B.fill(0); +} +class Keccak extends Hash { + // NOTE: we accept arguments in bytes instead of bits here. + constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) { + super(); + this.blockLen = blockLen; + this.suffix = suffix; + this.outputLen = outputLen; + this.enableXOF = enableXOF; + this.rounds = rounds; + this.pos = 0; + this.posOut = 0; + this.finished = false; + this.destroyed = false; + // Can be passed from user as dkLen + number(outputLen); + // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes + if (0 >= this.blockLen || this.blockLen >= 200) + throw new Error('Sha3 supports only keccak-f1600 function'); + this.state = new Uint8Array(200); + this.state32 = u32(this.state); + } + keccak() { + if (!isLE) + byteSwap32(this.state32); + keccakP(this.state32, this.rounds); + if (!isLE) + byteSwap32(this.state32); + this.posOut = 0; + this.pos = 0; + } + update(data) { + exists(this); + const { blockLen, state } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + for (let i = 0; i < take; i++) + state[this.pos++] ^= data[pos++]; + if (this.pos === blockLen) + this.keccak(); + } + return this; + } + finish() { + if (this.finished) + return; + this.finished = true; + const { state, suffix, pos, blockLen } = this; + // Do the padding + state[pos] ^= suffix; + if ((suffix & 0x80) !== 0 && pos === blockLen - 1) + this.keccak(); + state[blockLen - 1] ^= 0x80; + this.keccak(); + } + writeInto(out) { + exists(this, false); + bytes(out); + this.finish(); + const bufferOut = this.state; + const { blockLen } = this; + for (let pos = 0, len = out.length; pos < len;) { + if (this.posOut >= blockLen) + this.keccak(); + const take = Math.min(blockLen - this.posOut, len - pos); + out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos); + this.posOut += take; + pos += take; + } + return out; + } + xofInto(out) { + // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF + if (!this.enableXOF) + throw new Error('XOF is not possible for this instance'); + return this.writeInto(out); + } + xof(bytes) { + number(bytes); + return this.xofInto(new Uint8Array(bytes)); + } + digestInto(out) { + output(out, this); + if (this.finished) + throw new Error('digest() was already called'); + this.writeInto(out); + this.destroy(); + return out; + } + digest() { + return this.digestInto(new Uint8Array(this.outputLen)); + } + destroy() { + this.destroyed = true; + this.state.fill(0); + } + _cloneInto(to) { + const { blockLen, suffix, outputLen, rounds, enableXOF } = this; + to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds)); + to.state32.set(this.state32); + to.pos = this.pos; + to.posOut = this.posOut; + to.finished = this.finished; + to.rounds = rounds; + // Suffix can change in cSHAKE + to.suffix = suffix; + to.outputLen = outputLen; + to.enableXOF = enableXOF; + to.destroyed = this.destroyed; + return to; + } +} +const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen)); +/** + * SHA3-256 hash function + * @param message - that would be hashed + */ +const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8); +const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8); +const genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true)); +const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n = BigInt(8); +// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex: +const VERIFY_DEFAULT = { zip215: true }; +function validateOpts$1(curve) { + const opts = validateBasic(curve); + validateObject(curve, { + hash: 'function', + a: 'bigint', + d: 'bigint', + randomBytes: 'function', + }, { + adjustScalarBytes: 'function', + domain: 'function', + uvRatio: 'function', + mapToCurve: 'function', + }); + // Set defaults + return Object.freeze({ ...opts }); +} +/** + * Creates Twisted Edwards curve with EdDSA signatures. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h + * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h }) + */ +function twistedEdwards(curveDef) { + const CURVE = validateOpts$1(curveDef); + const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE; + const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3); + const modP = Fp.create; // Function overrides + const Fn = Field(CURVE.n, CURVE.nBitLength); + // sqrt(u/v) + const uvRatio = CURVE.uvRatio || + ((u, v) => { + try { + return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) }; + } + catch (e) { + return { isValid: false, value: _0n$1 }; + } + }); + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP + const domain = CURVE.domain || + ((data, ctx, phflag) => { + abool('phflag', phflag); + if (ctx.length || phflag) + throw new Error('Contexts/pre-hash are not supported'); + return data; + }); // NOOP + // 0 <= n < MASK + // Coordinates larger than Fp.ORDER are allowed for zip215 + function aCoordinate(title, n) { + aInRange('coordinate ' + title, n, _0n$1, MASK); + } + function assertPoint(other) { + if (!(other instanceof Point)) + throw new Error('ExtendedPoint expected'); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + const toAffineMemo = memoized((p, iz) => { + const { ex: x, ey: y, ez: z } = p; + const is0 = p.is0(); + if (iz == null) + iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily + const ax = modP(x * iz); + const ay = modP(y * iz); + const zz = modP(z * iz); + if (is0) + return { x: _0n$1, y: _1n$3 }; + if (zz !== _1n$3) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + const assertValidMemo = memoized((p) => { + const { a, d } = CURVE; + if (p.is0()) + throw new Error('bad point: ZERO'); // TODO: optimize, with vars below? + // Equation in affine coordinates: ax² + y² = 1 + dx²y² + // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y² + const { ex: X, ey: Y, ez: Z, et: T } = p; + const X2 = modP(X * X); // X² + const Y2 = modP(Y * Y); // Y² + const Z2 = modP(Z * Z); // Z² + const Z4 = modP(Z2 * Z2); // Z⁴ + const aX2 = modP(X2 * a); // aX² + const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z² + const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y² + if (left !== right) + throw new Error('bad point: equation left != right (1)'); + // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T + const XY = modP(X * Y); + const ZT = modP(Z * T); + if (XY !== ZT) + throw new Error('bad point: equation left != right (2)'); + return true; + }); + // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy). + // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates + class Point { + constructor(ex, ey, ez, et) { + this.ex = ex; + this.ey = ey; + this.ez = ez; + this.et = et; + aCoordinate('x', ex); + aCoordinate('y', ey); + aCoordinate('z', ez); + aCoordinate('t', et); + Object.freeze(this); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + static fromAffine(p) { + if (p instanceof Point) + throw new Error('extended point not allowed'); + const { x, y } = p || {}; + aCoordinate('x', x); + aCoordinate('y', y); + return new Point(x, y, _1n$3, modP(x * y)); + } + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.ez)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // Not required for fromHex(), which always creates valid points. + // Could be useful for fromAffine(). + assertValidity() { + assertValidMemo(this); + } + // Compare one point to another. + equals(other) { + assertPoint(other); + const { ex: X1, ey: Y1, ez: Z1 } = this; + const { ex: X2, ey: Y2, ez: Z2 } = other; + const X1Z2 = modP(X1 * Z2); + const X2Z1 = modP(X2 * Z1); + const Y1Z2 = modP(Y1 * Z2); + const Y2Z1 = modP(Y2 * Z1); + return X1Z2 === X2Z1 && Y1Z2 === Y2Z1; + } + is0() { + return this.equals(Point.ZERO); + } + negate() { + // Flips point sign to a negative one (-x, y in affine coords) + return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et)); + } + // Fast algo for doubling Extended Point. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd + // Cost: 4M + 4S + 1*a + 6add + 1*2. + double() { + const { a } = CURVE; + const { ex: X1, ey: Y1, ez: Z1 } = this; + const A = modP(X1 * X1); // A = X12 + const B = modP(Y1 * Y1); // B = Y12 + const C = modP(_2n$2 * modP(Z1 * Z1)); // C = 2*Z12 + const D = modP(a * A); // D = a*A + const x1y1 = X1 + Y1; + const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B + const G = D + B; // G = D+B + const F = G - C; // F = G-C + const H = D - B; // H = D-B + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + // Fast algo for adding 2 Extended Points. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd + // Cost: 9M + 1*a + 1*d + 7add. + add(other) { + assertPoint(other); + const { a, d } = CURVE; + const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this; + const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other; + // Faster algo for adding 2 Extended Points when curve's a=-1. + // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4 + // Cost: 8M + 8add + 2*2. + // Note: It does not check whether the `other` point is valid. + if (a === BigInt(-1)) { + const A = modP((Y1 - X1) * (Y2 + X2)); + const B = modP((Y1 + X1) * (Y2 - X2)); + const F = modP(B - A); + if (F === _0n$1) + return this.double(); // Same point. Tests say it doesn't affect timing + const C = modP(Z1 * _2n$2 * T2); + const D = modP(T1 * _2n$2 * Z2); + const E = D + C; + const G = B + A; + const H = D - C; + const X3 = modP(E * F); + const Y3 = modP(G * H); + const T3 = modP(E * H); + const Z3 = modP(F * G); + return new Point(X3, Y3, Z3, T3); + } + const A = modP(X1 * X2); // A = X1*X2 + const B = modP(Y1 * Y2); // B = Y1*Y2 + const C = modP(T1 * d * T2); // C = T1*d*T2 + const D = modP(Z1 * Z2); // D = Z1*Z2 + const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B + const F = D - C; // F = D-C + const G = D + C; // G = D+C + const H = modP(B - a * A); // H = B-a*A + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + subtract(other) { + return this.add(other.negate()); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + // Constant-time multiplication. + multiply(scalar) { + const n = scalar; + aInRange('scalar', n, _1n$3, CURVE_ORDER); // 1 <= scalar < L + const { p, f } = this.wNAF(n); + return Point.normalizeZ([p, f])[0]; + } + // Non-constant-time multiplication. Uses double-and-add algorithm. + // It's faster, but should only be used when you don't care about + // an exposed private key e.g. sig verification. + // Does NOT allow scalars higher than CURVE.n. + multiplyUnsafe(scalar) { + const n = scalar; + aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L + if (n === _0n$1) + return I; + if (this.equals(I) || n === _1n$3) + return this; + if (this.equals(G)) + return this.wNAF(n).p; + return wnaf.unsafeLadder(this, n); + } + // Checks if point is of small order. + // If you add something to small order point, you will have "dirty" + // point with torsion component. + // Multiplies point by cofactor and checks if the result is 0. + isSmallOrder() { + return this.multiplyUnsafe(cofactor).is0(); + } + // Multiplies point by curve order and checks if the result is 0. + // Returns `false` is the point is dirty. + isTorsionFree() { + return wnaf.unsafeLadder(this, CURVE_ORDER).is0(); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + toAffine(iz) { + return toAffineMemo(this, iz); + } + clearCofactor() { + const { h: cofactor } = CURVE; + if (cofactor === _1n$3) + return this; + return this.multiplyUnsafe(cofactor); + } + // Converts hash string or Uint8Array to Point. + // Uses algo from RFC8032 5.1.3. + static fromHex(hex, zip215 = false) { + const { d, a } = CURVE; + const len = Fp.BYTES; + hex = ensureBytes('pointHex', hex, len); // copy hex to a new array + abool('zip215', zip215); + const normed = hex.slice(); // copy again, we'll manipulate it + const lastByte = hex[len - 1]; // select last byte + normed[len - 1] = lastByte & ~0x80; // clear last bit + const y = bytesToNumberLE(normed); + // RFC8032 prohibits >= p, but ZIP215 doesn't + // zip215=true: 0 <= y < MASK (2^256 for ed25519) + // zip215=false: 0 <= y < P (2^255-19 for ed25519) + const max = zip215 ? MASK : Fp.ORDER; + aInRange('pointHex.y', y, _0n$1, max); + // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case: + // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a) + const y2 = modP(y * y); // denominator is always non-0 mod p. + const u = modP(y2 - _1n$3); // u = y² - 1 + const v = modP(d * y2 - a); // v = d y² + 1. + let { isValid, value: x } = uvRatio(u, v); // √(u/v) + if (!isValid) + throw new Error('Point.fromHex: invalid y coordinate'); + const isXOdd = (x & _1n$3) === _1n$3; // There are 2 square roots. Use x_0 bit to select proper + const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit + if (!zip215 && x === _0n$1 && isLastByteOdd) + // if x=0 and x_0 = 1, fail + throw new Error('Point.fromHex: x=0 and x_0=1'); + if (isLastByteOdd !== isXOdd) + x = modP(-x); // if x_0 != x mod 2, set x = p-x + return Point.fromAffine({ x, y }); + } + static fromPrivateKey(privKey) { + return getExtendedPublicKey(privKey).point; + } + toRawBytes() { + const { x, y } = this.toAffine(); + const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y) + bytes[bytes.length - 1] |= x & _1n$3 ? 0x80 : 0; // when compressing, it's enough to store y + return bytes; // and use the last byte to encode sign of x + } + toHex() { + return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string. + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n$3, modP(CURVE.Gx * CURVE.Gy)); + Point.ZERO = new Point(_0n$1, _1n$3, _1n$3, _0n$1); // 0, 1, 1, 0 + const { BASE: G, ZERO: I } = Point; + const wnaf = wNAF(Point, nByteLength * 8); + function modN(a) { + return mod(a, CURVE_ORDER); + } + // Little-endian SHA512 with modulo n + function modN_LE(hash) { + return modN(bytesToNumberLE(hash)); + } + /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */ + function getExtendedPublicKey(key) { + const len = nByteLength; + key = ensureBytes('private key', key, len); + // Hash private key with curve's hash function to produce uniformingly random input + // Check byte lengths: ensure(64, h(ensure(32, key))) + const hashed = ensureBytes('hashed private key', cHash(key), 2 * len); + const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE + const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6) + const scalar = modN_LE(head); // The actual private scalar + const point = G.multiply(scalar); // Point on Edwards curve aka public key + const pointBytes = point.toRawBytes(); // Uint8Array representation + return { head, prefix, scalar, point, pointBytes }; + } + // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared + function getPublicKey(privKey) { + return getExtendedPublicKey(privKey).pointBytes; + } + // int('LE', SHA512(dom2(F, C) || msgs)) mod N + function hashDomainToScalar(context = new Uint8Array(), ...msgs) { + const msg = concatBytes(...msgs); + return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash))); + } + /** Signs message with privateKey. RFC8032 5.1.6 */ + function sign(msg, privKey, options = {}) { + msg = ensureBytes('message', msg); + if (prehash) + msg = prehash(msg); // for ed25519ph etc. + const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey); + const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M) + const R = G.multiply(r).toRawBytes(); // R = rG + const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M) + const s = modN(r + k * scalar); // S = (r + k * s) mod L + aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l + const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES)); + return ensureBytes('result', res, nByteLength * 2); // 64-byte signature + } + const verifyOpts = VERIFY_DEFAULT; + function verify(sig, msg, publicKey, options = verifyOpts) { + const { context, zip215 } = options; + const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7. + sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked. + msg = ensureBytes('message', msg); + if (zip215 !== undefined) + abool('zip215', zip215); + if (prehash) + msg = prehash(msg); // for ed25519ph, etc + const s = bytesToNumberLE(sig.slice(len, 2 * len)); + // zip215: true is good for consensus-critical apps and allows points < 2^256 + // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p + let A, R, SB; + try { + A = Point.fromHex(publicKey, zip215); + R = Point.fromHex(sig.slice(0, len), zip215); + SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside + } + catch (error) { + return false; + } + if (!zip215 && A.isSmallOrder()) + return false; + const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); + const RkA = R.add(A.multiplyUnsafe(k)); + // [8][S]B = [8]R + [8][k]A' + return RkA.subtract(SB).clearCofactor().equals(Point.ZERO); + } + G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms. + const utils = { + getExtendedPublicKey, + // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1. + randomPrivateKey: () => randomBytes(Fp.BYTES), + /** + * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT + * values. This slows down first getPublicKey() by milliseconds (see Speed section), + * but allows to speed-up subsequent getPublicKey() calls up to 20x. + * @param windowSize 2, 4, 8, 16 + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); + return point; + }, + }; + return { + CURVE, + getPublicKey, + sign, + verify, + ExtendedPoint: Point, + utils, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const _0n = BigInt(0); +const _1n$2 = BigInt(1); +function validateOpts(curve) { + validateObject(curve, { + a: 'bigint', + }, { + montgomeryBits: 'isSafeInteger', + nByteLength: 'isSafeInteger', + adjustScalarBytes: 'function', + domain: 'function', + powPminus2: 'function', + Gu: 'bigint', + }); + // Set defaults + return Object.freeze({ ...curve }); +} +// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748) +// Uses only one coordinate instead of two +function montgomery(curveDef) { + const CURVE = validateOpts(curveDef); + const { P } = CURVE; + const modP = (n) => mod(n, P); + const montgomeryBits = CURVE.montgomeryBits; + const montgomeryBytes = Math.ceil(montgomeryBits / 8); + const fieldLen = CURVE.nByteLength; + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); + const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P)); + // cswap from RFC7748. But it is not from RFC7748! + /* + cswap(swap, x_2, x_3): + dummy = mask(swap) AND (x_2 XOR x_3) + x_2 = x_2 XOR dummy + x_3 = x_3 XOR dummy + Return (x_2, x_3) + Where mask(swap) is the all-1 or all-0 word of the same length as x_2 + and x_3, computed, e.g., as mask(swap) = 0 - swap. + */ + function cswap(swap, x_2, x_3) { + const dummy = modP(swap * (x_2 - x_3)); + x_2 = modP(x_2 - dummy); + x_3 = modP(x_3 + dummy); + return [x_2, x_3]; + } + // x25519 from 4 + // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 + const a24 = (CURVE.a - BigInt(2)) / BigInt(4); + /** + * + * @param pointU u coordinate (x) on Montgomery Curve 25519 + * @param scalar by which the point would be multiplied + * @returns new Point on Montgomery curve + */ + function montgomeryLadder(u, scalar) { + aInRange('u', u, _0n, P); + aInRange('scalar', scalar, _0n, P); + // Section 5: Implementations MUST accept non-canonical values and process them as + // if they had been reduced modulo the field prime. + const k = scalar; + const x_1 = u; + let x_2 = _1n$2; + let z_2 = _0n; + let x_3 = u; + let z_3 = _1n$2; + let swap = _0n; + let sw; + for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) { + const k_t = (k >> t) & _1n$2; + swap ^= k_t; + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + swap = k_t; + const A = x_2 + z_2; + const AA = modP(A * A); + const B = x_2 - z_2; + const BB = modP(B * B); + const E = AA - BB; + const C = x_3 + z_3; + const D = x_3 - z_3; + const DA = modP(D * A); + const CB = modP(C * B); + const dacb = DA + CB; + const da_cb = DA - CB; + x_3 = modP(dacb * dacb); + z_3 = modP(x_1 * modP(da_cb * da_cb)); + x_2 = modP(AA * BB); + z_2 = modP(E * (AA + modP(a24 * E))); + } + // (x_2, x_3) = cswap(swap, x_2, x_3) + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + // (z_2, z_3) = cswap(swap, z_2, z_3) + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + // z_2^(p - 2) + const z2 = powPminus2(z_2); + // Return x_2 * (z_2^(p - 2)) + return modP(x_2 * z2); + } + function encodeUCoordinate(u) { + return numberToBytesLE(modP(u), montgomeryBytes); + } + function decodeUCoordinate(uEnc) { + // Section 5: When receiving such an array, implementations of X25519 + // MUST mask the most significant bit in the final byte. + const u = ensureBytes('u coordinate', uEnc, montgomeryBytes); + if (fieldLen === 32) + u[31] &= 127; // 0b0111_1111 + return bytesToNumberLE(u); + } + function decodeScalar(n) { + const bytes = ensureBytes('scalar', n); + const len = bytes.length; + if (len !== montgomeryBytes && len !== fieldLen) + throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`); + return bytesToNumberLE(adjustScalarBytes(bytes)); + } + function scalarMult(scalar, u) { + const pointU = decodeUCoordinate(u); + const _scalar = decodeScalar(scalar); + const pu = montgomeryLadder(pointU, _scalar); + // The result was not contributory + // https://cr.yp.to/ecdh.html#validate + if (pu === _0n) + throw new Error('Invalid private or public key received'); + return encodeUCoordinate(pu); + } + // Computes public key from private. By doing scalar multiplication of base point. + const GuBytes = encodeUCoordinate(CURVE.Gu); + function scalarMultBase(scalar) { + return scalarMult(scalar, GuBytes); + } + return { + scalarMult, + scalarMultBase, + getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey), + getPublicKey: (privateKey) => scalarMultBase(privateKey), + utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) }, + GuBytes: GuBytes, + }; +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +/** + * Edwards448 (not Ed448-Goldilocks) curve with following addons: + * - X448 ECDH + * - Decaf cofactor elimination + * - Elligator hash-to-group / point indistinguishability + * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2 + */ +const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); +const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); +const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); +// prettier-ignore +const _1n$1 = BigInt(1), _2n$1 = BigInt(2), _3n = BigInt(3); BigInt(4); const _11n = BigInt(11); +// prettier-ignore +const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223); +// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. +// Used for efficient square root calculation. +// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1] +function ed448_pow_Pminus3div4(x) { + const P = ed448P; + const b2 = (x * x * x) % P; + const b3 = (b2 * b2 * x) % P; + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n$1, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b222 = (pow2(b220, _2n$1, P) * b2) % P; + const b223 = (pow2(b222, _1n$1, P) * x) % P; + return (pow2(b223, _223n, P) * b222) % P; +} +function adjustScalarBytes(bytes) { + // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most + // significant bit of the last byte to 1. + bytes[0] &= 252; // 0b11111100 + // and the most significant bit of the last byte to 1. + bytes[55] |= 128; // 0b10000000 + // NOTE: is is NOOP for 56 bytes scalars (X25519/X448) + bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits) + return bytes; +} +// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. +// Uses algo from RFC8032 5.1.3. +function uvRatio(u, v) { + const P = ed448P; + // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3 + // To compute the square root of (u/v), the first step is to compute the + // candidate root x = (u/v)^((p+1)/4). This can be done using the + // following trick, to use a single modular powering for both the + // inversion of v and the square root: + // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p) + const u2v = mod(u * u * v, P); // u²v + const u3v = mod(u2v * u, P); // u³v + const u5v3 = mod(u3v * u2v * v, P); // u⁵v³ + const root = ed448_pow_Pminus3div4(u5v3); + const x = mod(u3v * root, P); + // Verify that root is exists + const x2 = mod(x * x, P); // x² + // If vx² = u, the recovered x-coordinate is x. Otherwise, no + // square root exists, and the decoding fails. + return { isValid: mod(x2 * v, P) === u, value: x }; +} +const Fp$4 = Field(ed448P, 456, true); +const ED448_DEF = { + // Param: a + a: BigInt(1), + // -39081. Negative number is P - number + d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'), + // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n + Fp: Fp$4, + // Subgroup order: how many points curve has; + // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n + n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + nBitLength: 456, + // Cofactor + h: BigInt(4), + // Base point (x, y) aka generator point + Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'), + Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'), + // SHAKE256(dom4(phflag,context)||x, 114) + hash: shake256_114, + randomBytes, + adjustScalarBytes, + // dom4 + domain: (data, ctx, phflag) => { + if (ctx.length > 255) + throw new Error(`Context is too big: ${ctx.length}`); + return concatBytes$1(utf8ToBytes$1('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); + }, + uvRatio, +}; +const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF); +// NOTE: there is no ed448ctx, since ed448 supports ctx by default +/* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 }); +const x448 = /* @__PURE__ */ (() => montgomery({ + a: BigInt(156326), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + montgomeryBits: 448, + nByteLength: 56, + P: ed448P, + Gu: BigInt(5), + powPminus2: (x) => { + const P = ed448P; + const Pminus3div4 = ed448_pow_Pminus3div4(x); + const Pminus3 = pow2(Pminus3div4, BigInt(2), P); + return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 + }, + adjustScalarBytes, + randomBytes, +}))(); +// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version +// Hash To Curve Elligator2 Map +(Fp$4.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic +BigInt(156326); +// 1-d +BigInt('39082'); +// 1-2d +BigInt('78163'); +// √(-d) +BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214'); +// 1 / √(-d) +BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716'); +BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); +const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); +const _1n = BigInt(1); +const _2n = BigInt(2); +const divNearest = (a, b) => (a + b / _2n) / b; +/** + * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit. + * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00] + */ +function sqrtMod(y) { + const P = secp256k1P; + // prettier-ignore + const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22); + // prettier-ignore + const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88); + const b2 = (y * y * y) % P; // x^3, 11 + const b3 = (b2 * b2 * y) % P; // x^7 + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b223 = (pow2(b220, _3n, P) * b3) % P; + const t1 = (pow2(b223, _23n, P) * b22) % P; + const t2 = (pow2(t1, _6n, P) * b2) % P; + const root = pow2(t2, _2n, P); + if (!Fp$3.eql(Fp$3.sqr(root), y)) + throw new Error('Cannot find square root'); + return root; +} +const Fp$3 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod }); +/** + * secp256k1 short weierstrass curve and ECDSA signatures over it. + */ +const secp256k1 = createCurve({ + a: BigInt(0), // equation params: a, b + b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 + Fp: Fp$3, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n + n: secp256k1N, // Curve order, total count of valid points in the field + // Base point (x, y) aka generator point + Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'), + Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'), + h: BigInt(1), // Cofactor + lowS: true, // Allow only low-S signatures by default in sign() and verify() + /** + * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism. + * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%. + * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit. + * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066 + */ + endo: { + beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'), + splitScalar: (k) => { + const n = secp256k1N; + const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15'); + const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'); + const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'); + const b2 = a1; + const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16) + const c1 = divNearest(b2 * k, n); + const c2 = divNearest(-b1 * k, n); + let k1 = mod(k - c1 * a1 - c2 * a2, n); + let k2 = mod(-c1 * b1 - c2 * b2, n); + const k1neg = k1 > POW_2_128; + const k2neg = k2 > POW_2_128; + if (k1neg) + k1 = n - k1; + if (k2neg) + k2 = n - k2; + if (k1 > POW_2_128 || k2 > POW_2_128) { + throw new Error('splitScalar: Endomorphism failed, k=' + k); + } + return { k1neg, k1, k2neg, k2 }; + }, + }, +}, sha256); +// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code. +// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki +BigInt(0); +secp256k1.ProjectivePoint; + +// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4 +// eslint-disable-next-line new-cap +const Fp$2 = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377')); +const CURVE_A$2 = Fp$2.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9')); +const CURVE_B$2 = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'); +// prettier-ignore +const brainpoolP256r1 = createCurve({ + a: CURVE_A$2, // Equation params: a, b + b: CURVE_B$2, + Fp: Fp$2, + // Curve order (q), total count of valid points in the field + n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'), + // Base (generator) point (x, y) + Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'), + Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'), + h: BigInt(1), + lowS: false +}, sha256); + +// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6 +// eslint-disable-next-line new-cap +const Fp$1 = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53')); +const CURVE_A$1 = Fp$1.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826')); +const CURVE_B$1 = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'); +// prettier-ignore +const brainpoolP384r1 = createCurve({ + a: CURVE_A$1, // Equation params: a, b + b: CURVE_B$1, + Fp: Fp$1, + // Curve order (q), total count of valid points in the field + n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'), + // Base (generator) point (x, y) + Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'), + Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'), + h: BigInt(1), + lowS: false +}, sha384); + +// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7 +// eslint-disable-next-line new-cap +const Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3')); +const CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca')); +const CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'); +// prettier-ignore +const brainpoolP512r1 = createCurve({ + a: CURVE_A, // Equation params: a, b + b: CURVE_B, + Fp, + // Curve order (q), total count of valid points in the field + n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'), + // Base (generator) point (x, y) + Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'), + Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'), + h: BigInt(1), + lowS: false +}, sha512); + +/** + * This file is needed to dynamic import the noble-curves. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleCurves = new Map(Object.entries({ + nistP256: p256, + nistP384: p384, + nistP521: p521, + brainpoolP256r1, + brainpoolP384r1, + brainpoolP512r1, + secp256k1, + x448, + ed448 +})); + +var noble_curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleCurves: nobleCurves +}); + +//Paul Tero, July 2001 +//http://www.tero.co.uk/des/ +// +//Optimised for performance with large blocks by Michael Hayworth, November 2001 +//http://www.netdealing.com +// +// Modified by Recurity Labs GmbH + +//THIS SOFTWARE IS PROVIDED "AS IS" AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. + +//des +//this takes the key, the message, and whether to encrypt or decrypt + +function des(keys, message, encrypt, mode, iv, padding) { + //declaring this locally speeds things up a bit + const spfunction1 = [ + 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, + 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, + 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, + 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, + 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, + 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 + ]; + const spfunction2 = [ + -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, + -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, + -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, + -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, + -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, + 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, + -0x7fef7fe0, 0x108000 + ]; + const spfunction3 = [ + 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, + 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, + 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, + 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, + 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, + 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 + ]; + const spfunction4 = [ + 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, + 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, + 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, + 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, + 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 + ]; + const spfunction5 = [ + 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, + 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, + 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, + 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, + 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, + 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, + 0x40080000, 0x2080100, 0x40000100 + ]; + const spfunction6 = [ + 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, + 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, + 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, + 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, + 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, + 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 + ]; + const spfunction7 = [ + 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, + 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, + 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, + 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, + 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, + 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 + ]; + const spfunction8 = [ + 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, + 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, + 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, + 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, + 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 + ]; + + //create the 16 or 48 subkeys we will need + let m = 0; + let i; + let j; + let temp; + let right1; + let right2; + let left; + let right; + let looping; + let endloop; + let loopinc; + let len = message.length; + + //set up the loops for single and triple des + const iterations = keys.length === 32 ? 3 : 9; //single or triple des + if (iterations === 3) { + looping = encrypt ? [0, 32, 2] : [30, -2, -2]; + } else { + looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; + } + + //pad the message depending on the padding parameter + //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt + if (encrypt) { + message = desAddPadding(message); + len = message.length; + } + + //store the result here + let result = new Uint8Array(len); + let k = 0; + + //loop through each 64 bit chunk of the message + while (m < len) { + left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + + //first each 64 but chunk of the message must be permuted according to IP + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + + left = ((left << 1) | (left >>> 31)); + right = ((right << 1) | (right >>> 31)); + + //do this either 1 or 3 times for each chunk of the message + for (j = 0; j < iterations; j += 3) { + endloop = looping[j + 1]; + loopinc = looping[j + 2]; + //now go through and perform the encryption or decryption + for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency + right1 = right ^ keys[i]; + right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; + //the result is attained by passing these bytes through the S selection functions + temp = left; + left = right; + right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> + 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & + 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); + } + temp = left; + left = right; + right = temp; //unreverse left and right + } //for either 1 or 3 iterations + + //move then each one bit to the right + left = ((left >>> 1) | (left << 31)); + right = ((right >>> 1) | (right << 31)); + + //now perform IP-1, which is IP in the opposite direction + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + + result[k++] = (left >>> 24); + result[k++] = ((left >>> 16) & 0xff); + result[k++] = ((left >>> 8) & 0xff); + result[k++] = (left & 0xff); + result[k++] = (right >>> 24); + result[k++] = ((right >>> 16) & 0xff); + result[k++] = ((right >>> 8) & 0xff); + result[k++] = (right & 0xff); + } //for every 8 characters, or 64 bits in the message + + //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt + if (!encrypt) { + result = desRemovePadding(result); + } + + return result; +} //end of des + + +//desCreateKeys +//this takes as input a 64 bit key (even though only 56 bits are used) +//as an array of 2 integers, and returns 16 48 bit keys + +function desCreateKeys(key) { + //declaring this locally speeds things up a bit + const pc2bytes0 = [ + 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, + 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 + ]; + const pc2bytes1 = [ + 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, + 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 + ]; + const pc2bytes2 = [ + 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, + 0x1000000, 0x1000008, 0x1000800, 0x1000808 + ]; + const pc2bytes3 = [ + 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, + 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 + ]; + const pc2bytes4 = [ + 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, + 0x41000, 0x1010, 0x41010 + ]; + const pc2bytes5 = [ + 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, + 0x2000000, 0x2000400, 0x2000020, 0x2000420 + ]; + const pc2bytes6 = [ + 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, + 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 + ]; + const pc2bytes7 = [ + 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, + 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 + ]; + const pc2bytes8 = [ + 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, + 0x2000002, 0x2040002, 0x2000002, 0x2040002 + ]; + const pc2bytes9 = [ + 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, + 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 + ]; + const pc2bytes10 = [ + 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, + 0x102000, 0x102020, 0x102000, 0x102020 + ]; + const pc2bytes11 = [ + 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, + 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 + ]; + const pc2bytes12 = [ + 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, + 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 + ]; + const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; + + //how many iterations (1 for des, 3 for triple des) + const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys + //stores the return keys + const keys = new Array(32 * iterations); + //now define the left shifts which need to be done + const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + //other variables + let lefttemp; + let righttemp; + let m = 0; + let n = 0; + let temp; + + for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations + let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 2) ^ right) & 0x33333333; + right ^= temp; + left ^= (temp << 2); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + + //the right side needs to be shifted and to get the last four bits of the left side + temp = (left << 8) | ((right >>> 20) & 0x000000f0); + //left needs to be put upside down + left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); + right = temp; + + //now go through and perform these shifts on the left and right keys + for (let i = 0; i < shifts.length; i++) { + //shift the keys either one or two bits to the left + if (shifts[i]) { + left = (left << 2) | (left >>> 26); + right = (right << 2) | (right >>> 26); + } else { + left = (left << 1) | (left >>> 27); + right = (right << 1) | (right >>> 27); + } + left &= -0xf; + right &= -0xf; + + //now apply PC-2, in such a way that E is easier when encrypting or decrypting + //this conversion will look like PC-2 except only the last 6 bits of each byte are used + //rather than 48 consecutive bits and the order of lines will be according to + //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 + lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( + left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & + 0xf]; + righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | + pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | + pc2bytes13[(right >>> 4) & 0xf]; + temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; + keys[n++] = lefttemp ^ temp; + keys[n++] = righttemp ^ (temp << 16); + } + } //for each iterations + //return the keys we've created + return keys; +} //end of desCreateKeys + + +function desAddPadding(message, padding) { + const padLength = 8 - (message.length % 8); + + let pad; + if ((padLength < 8)) { //pad the message out with null bytes + pad = 0; + } else if (padLength === 8) { + return message; + } else { + throw new Error('des: invalid padding'); + } + + const paddedMessage = new Uint8Array(message.length + padLength); + for (let i = 0; i < message.length; i++) { + paddedMessage[i] = message[i]; + } + for (let j = 0; j < padLength; j++) { + paddedMessage[message.length + j] = pad; + } + + return paddedMessage; +} + +function desRemovePadding(message, padding) { + let padLength = null; + let pad; + { // null padding + pad = 0; + } + + if (!padLength) { + padLength = 1; + while (message[message.length - padLength] === pad) { + padLength++; + } + padLength--; + } + + return message.subarray(0, message.length - padLength); +} + +// added by Recurity Labs + +function TripleDES(key) { + this.key = []; + + for (let i = 0; i < 3; i++) { + this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); + } + + this.encrypt = function(block) { + return des( + desCreateKeys(this.key[2]), + des( + desCreateKeys(this.key[1]), + des( + desCreateKeys(this.key[0]), + block, true, 0, null, null + ), + false, 0, null, null + ), true); + }; +} + +TripleDES.keySize = TripleDES.prototype.keySize = 24; +TripleDES.blockSize = TripleDES.prototype.blockSize = 8; + +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Copyright 2010 pjacobs@xeekr.com . All rights reserved. + +// Modified by Recurity Labs GmbH + +// fixed/modified by Herbert Hanewinkel, www.haneWIN.de +// check www.haneWIN.de for the latest version + +// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. +// CAST-128 is a common OpenPGP cipher. + + +// CAST5 constructor + +function OpenPGPSymEncCAST5() { + this.BlockSize = 8; + this.KeySize = 16; + + this.setKey = function(key) { + this.masking = new Array(16); + this.rotate = new Array(16); + + this.reset(); + + if (key.length === this.KeySize) { + this.keySchedule(key); + } else { + throw new Error('CAST-128: keys must be 16 bytes'); + } + return true; + }; + + this.reset = function() { + for (let i = 0; i < 16; i++) { + this.masking[i] = 0; + this.rotate[i] = 0; + } + }; + + this.getBlockSize = function() { + return this.BlockSize; + }; + + this.encrypt = function(src) { + const dst = new Array(src.length); + + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; + + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >>> 16) & 255; + dst[i + 6] = (l >>> 8) & 255; + dst[i + 7] = l & 255; + } + + return dst; + }; + + this.decrypt = function(src) { + const dst = new Array(src.length); + + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; + + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >> 16) & 255; + dst[i + 6] = (l >> 8) & 255; + dst[i + 7] = l & 255; + } + + return dst; + }; + const scheduleA = new Array(4); + + scheduleA[0] = new Array(4); + scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; + scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + + scheduleA[1] = new Array(4); + scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + + scheduleA[2] = new Array(4); + scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; + scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + + + scheduleA[3] = new Array(4); + scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + + const scheduleB = new Array(4); + + scheduleB[0] = new Array(4); + scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; + scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; + scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; + scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; + + scheduleB[1] = new Array(4); + scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; + scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; + scheduleB[1][2] = [7, 6, 8, 9, 3]; + scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; + + + scheduleB[2] = new Array(4); + scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; + scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; + scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; + scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; + + + scheduleB[3] = new Array(4); + scheduleB[3][0] = [8, 9, 7, 6, 3]; + scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; + scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; + scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; + + // changed 'in' to 'inn' (in javascript 'in' is a reserved word) + this.keySchedule = function(inn) { + const t = new Array(8); + const k = new Array(32); + + let j; + + for (let i = 0; i < 4; i++) { + j = i * 4; + t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + } + + const x = [6, 7, 4, 5]; + let ki = 0; + let w; + + for (let half = 0; half < 2; half++) { + for (let round = 0; round < 4; round++) { + for (j = 0; j < 4; j++) { + const a = scheduleA[round][j]; + w = t[a[1]]; + + w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; + w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; + w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; + w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; + w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; + t[a[0]] = w; + } + + for (j = 0; j < 4; j++) { + const b = scheduleB[round][j]; + w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; + + w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; + w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; + w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; + w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; + k[ki] = w; + ki++; + } + } + } + + for (let i = 0; i < 16; i++) { + this.masking[i] = k[i]; + this.rotate[i] = k[16 + i] & 0x1f; + } + }; + + // These are the three 'f' functions. See RFC 2144, section 2.2. + + function f1(d, m, r) { + const t = m + d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; + } + + function f2(d, m, r) { + const t = m ^ d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; + } + + function f3(d, m, r) { + const t = m - d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; + } + + const sBox = new Array(8); + sBox[0] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf + ]; + + sBox[1] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 + ]; + + sBox[2] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 + ]; + + sBox[3] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 + ]; + + sBox[4] = [ + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 + ]; + + sBox[5] = [ + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f + ]; + + sBox[6] = [ + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 + ]; + + sBox[7] = [ + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e + ]; +} + +function CAST5(key) { + this.cast5 = new OpenPGPSymEncCAST5(); + this.cast5.setKey(key); + + this.encrypt = function(block) { + return this.cast5.encrypt(block); + }; +} + +CAST5.blockSize = CAST5.prototype.blockSize = 8; +CAST5.keySize = CAST5.prototype.keySize = 16; + +/* eslint-disable no-mixed-operators, no-fallthrough */ + + +/* Modified by Recurity Labs GmbH + * + * Cipher.js + * A block-cipher algorithm implementation on JavaScript + * See Cipher.readme.txt for further information. + * + * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] + * This script file is distributed under the LGPL + * + * ACKNOWLEDGMENT + * + * The main subroutines are written by Michiel van Everdingen. + * + * Michiel van Everdingen + * http://home.versatel.nl/MAvanEverdingen/index.html + * + * All rights for these routines are reserved to Michiel van Everdingen. + * + */ + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//Math +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +const MAXINT = 0xFFFFFFFF; + +function rotw(w, n) { + return (w << n | w >>> (32 - n)) & MAXINT; +} + +function getW(a, i) { + return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +} + +function setW(a, i, w) { + a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +} + +function getB(x, n) { + return (x >>> (n * 8)) & 0xFF; +} + +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// Twofish +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +function createTwofish() { + // + let keyBytes = null; + let dataBytes = null; + let dataOffset = -1; + // var dataLength = -1; + // var idx2 = -1; + // + + let tfsKey = []; + let tfsM = [ + [], + [], + [], + [] + ]; + + function tfsInit(key) { + keyBytes = key; + let i; + let a; + let b; + let c; + let d; + const meKey = []; + const moKey = []; + const inKey = []; + let kLen; + const sKey = []; + let f01; + let f5b; + let fef; + + const q0 = [ + [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], + [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] + ]; + const q1 = [ + [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], + [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] + ]; + const q2 = [ + [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], + [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] + ]; + const q3 = [ + [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], + [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] + ]; + const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; + const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; + const q = [ + [], + [] + ]; + const m = [ + [], + [], + [], + [] + ]; + + function ffm5b(x) { + return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + } + + function ffmEf(x) { + return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + } + + function mdsRem(p, q) { + let i; + let t; + let u; + for (i = 0; i < 8; i++) { + t = q >>> 24; + q = ((q << 8) & MAXINT) | p >>> 24; + p = (p << 8) & MAXINT; + u = t << 1; + if (t & 128) { + u ^= 333; + } + q ^= t ^ (u << 16); + u ^= t >>> 1; + if (t & 1) { + u ^= 166; + } + q ^= u << 24 | u << 8; + } + return q; + } + + function qp(n, x) { + const a = x >> 4; + const b = x & 15; + const c = q0[n][a ^ b]; + const d = q1[n][ror4[b] ^ ashx[a]]; + return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; + } + + function hFun(x, key) { + let a = getB(x, 0); + let b = getB(x, 1); + let c = getB(x, 2); + let d = getB(x, 3); + switch (kLen) { + case 4: + a = q[1][a] ^ getB(key[3], 0); + b = q[0][b] ^ getB(key[3], 1); + c = q[0][c] ^ getB(key[3], 2); + d = q[1][d] ^ getB(key[3], 3); + case 3: + a = q[1][a] ^ getB(key[2], 0); + b = q[1][b] ^ getB(key[2], 1); + c = q[0][c] ^ getB(key[2], 2); + d = q[0][d] ^ getB(key[2], 3); + case 2: + a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); + b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); + c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); + d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); + } + return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; + } + + keyBytes = keyBytes.slice(0, 32); + i = keyBytes.length; + while (i !== 16 && i !== 24 && i !== 32) { + keyBytes[i++] = 0; + } + + for (i = 0; i < keyBytes.length; i += 4) { + inKey[i >> 2] = getW(keyBytes, i); + } + for (i = 0; i < 256; i++) { + q[0][i] = qp(0, i); + q[1][i] = qp(1, i); + } + for (i = 0; i < 256; i++) { + f01 = q[1][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); + m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); + f01 = q[0][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); + m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); + } + + kLen = inKey.length / 2; + for (i = 0; i < kLen; i++) { + a = inKey[i + i]; + meKey[i] = a; + b = inKey[i + i + 1]; + moKey[i] = b; + sKey[kLen - i - 1] = mdsRem(a, b); + } + for (i = 0; i < 40; i += 2) { + a = 0x1010101 * i; + b = a + 0x1010101; + a = hFun(a, meKey); + b = rotw(hFun(b, moKey), 8); + tfsKey[i] = (a + b) & MAXINT; + tfsKey[i + 1] = rotw(a + 2 * b, 9); + } + for (i = 0; i < 256; i++) { + a = b = c = d = i; + switch (kLen) { + case 4: + a = q[1][a] ^ getB(sKey[3], 0); + b = q[0][b] ^ getB(sKey[3], 1); + c = q[0][c] ^ getB(sKey[3], 2); + d = q[1][d] ^ getB(sKey[3], 3); + case 3: + a = q[1][a] ^ getB(sKey[2], 0); + b = q[1][b] ^ getB(sKey[2], 1); + c = q[0][c] ^ getB(sKey[2], 2); + d = q[0][d] ^ getB(sKey[2], 3); + case 2: + tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; + tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; + tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; + tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + } + } + } + + function tfsG0(x) { + return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; + } + + function tfsG1(x) { + return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; + } + + function tfsFrnd(r, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); + blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); + blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + } + + function tfsIrnd(i, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; + blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; + blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + } + + function tfsClose() { + tfsKey = []; + tfsM = [ + [], + [], + [], + [] + ]; + } + + function tfsEncrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], + getW(dataBytes, dataOffset + 4) ^ tfsKey[1], + getW(dataBytes, dataOffset + 8) ^ tfsKey[2], + getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; + for (let j = 0; j < 8; j++) { + tfsFrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); + dataOffset += 16; + return dataBytes; + } + + function tfsDecrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], + getW(dataBytes, dataOffset + 4) ^ tfsKey[5], + getW(dataBytes, dataOffset + 8) ^ tfsKey[6], + getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; + for (let j = 7; j >= 0; j--) { + tfsIrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); + dataOffset += 16; + } + + // added by Recurity Labs + + function tfsFinal() { + return dataBytes; + } + + return { + name: 'twofish', + blocksize: 128 / 8, + open: tfsInit, + close: tfsClose, + encrypt: tfsEncrypt, + decrypt: tfsDecrypt, + // added by Recurity Labs + finalize: tfsFinal + }; +} + +// added by Recurity Labs + +function TF(key) { + this.tf = createTwofish(); + this.tf.open(Array.from(key), 0); + + this.encrypt = function(block) { + return this.tf.encrypt(Array.from(block), 0); + }; +} + +TF.keySize = TF.prototype.keySize = 32; +TF.blockSize = TF.prototype.blockSize = 16; + +/* Modified by Recurity Labs GmbH + * + * Originally written by nklein software (nklein.com) + */ + +/* + * Javascript implementation based on Bruce Schneier's reference implementation. + * + * + * The constructor doesn't do much of anything. It's just here + * so we can start defining properties and methods and such. + */ +function Blowfish() {} + +/* + * Declare the block size so that protocols know what size + * Initialization Vector (IV) they will need. + */ +Blowfish.prototype.BLOCKSIZE = 8; + +/* + * These are the default SBOXES. + */ +Blowfish.prototype.SBOXES = [ + [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + ], + [ + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + ], + [ + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + ], + [ + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ] +]; + +//* +//* This is the default PARRAY +//* +Blowfish.prototype.PARRAY = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b +]; + +//* +//* This is the number of rounds the cipher will go +//* +Blowfish.prototype.NN = 16; + +//* +//* This function is needed to get rid of problems +//* with the high-bit getting set. If we don't do +//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not +//* equal to ( bb & 0x00FFFFFFFF ) even when they +//* agree bit-for-bit for the first 32 bits. +//* +Blowfish.prototype._clean = function(xx) { + if (xx < 0) { + const yy = xx & 0x7FFFFFFF; + xx = yy + 0x80000000; + } + return xx; +}; + +//* +//* This is the mixing function that uses the sboxes +//* +Blowfish.prototype._F = function(xx) { + let yy; + + const dd = xx & 0x00FF; + xx >>>= 8; + const cc = xx & 0x00FF; + xx >>>= 8; + const bb = xx & 0x00FF; + xx >>>= 8; + const aa = xx & 0x00FF; + + yy = this.sboxes[0][aa] + this.sboxes[1][bb]; + yy ^= this.sboxes[2][cc]; + yy += this.sboxes[3][dd]; + + return yy; +}; + +//* +//* This method takes an array with two values, left and right +//* and does NN rounds of Blowfish on them. +//* +Blowfish.prototype._encryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; + + let ii; + + for (ii = 0; ii < this.NN; ++ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; + + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } + + dataL ^= this.parray[this.NN + 0]; + dataR ^= this.parray[this.NN + 1]; + + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); +}; + +//* +//* This method takes a vector of numbers and turns them +//* into long words so that they can be processed by the +//* real algorithm. +//* +//* Maybe I should make the real algorithm above take a vector +//* instead. That will involve more looping, but it won't require +//* the F() method to deconstruct the vector. +//* +Blowfish.prototype.encryptBlock = function(vector) { + let ii; + const vals = [0, 0]; + const off = this.BLOCKSIZE / 2; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); + vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); + } + + this._encryptBlock(vals); + + const ret = []; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); + ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); + // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); + // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + } + + return ret; +}; + +//* +//* This method takes an array with two values, left and right +//* and undoes NN rounds of Blowfish on them. +//* +Blowfish.prototype._decryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; + + let ii; + + for (ii = this.NN + 1; ii > 1; --ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; + + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } + + dataL ^= this.parray[1]; + dataR ^= this.parray[0]; + + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); +}; + +//* +//* This method takes a key array and initializes the +//* sboxes and parray for this encryption. +//* +Blowfish.prototype.init = function(key) { + let ii; + let jj = 0; + + this.parray = []; + for (ii = 0; ii < this.NN + 2; ++ii) { + let data = 0x00000000; + for (let kk = 0; kk < 4; ++kk) { + data = (data << 8) | (key[jj] & 0x00FF); + if (++jj >= key.length) { + jj = 0; + } + } + this.parray[ii] = this.PARRAY[ii] ^ data; + } + + this.sboxes = []; + for (ii = 0; ii < 4; ++ii) { + this.sboxes[ii] = []; + for (jj = 0; jj < 256; ++jj) { + this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + } + } + + const vals = [0x00000000, 0x00000000]; + + for (ii = 0; ii < this.NN + 2; ii += 2) { + this._encryptBlock(vals); + this.parray[ii + 0] = vals[0]; + this.parray[ii + 1] = vals[1]; + } + + for (ii = 0; ii < 4; ++ii) { + for (jj = 0; jj < 256; jj += 2) { + this._encryptBlock(vals); + this.sboxes[ii][jj + 0] = vals[0]; + this.sboxes[ii][jj + 1] = vals[1]; + } + } +}; + +// added by Recurity Labs +function BF(key) { + this.bf = new Blowfish(); + this.bf.init(key); + + this.encrypt = function(block) { + return this.bf.encryptBlock(block); + }; +} + +BF.keySize = BF.prototype.keySize = 16; +BF.blockSize = BF.prototype.blockSize = 8; + +/** + * This file is needed to dynamic import the legacy ciphers. + * Separate dynamic imports are not convenient as they result in multiple chunks. + */ + + +const legacyCiphers = new Map([ + [enums.symmetric.tripledes, TripleDES], + [enums.symmetric.cast5, CAST5], + [enums.symmetric.blowfish, BF], + [enums.symmetric.twofish, TF] +]); + +var legacy_ciphers = /*#__PURE__*/Object.freeze({ + __proto__: null, + legacyCiphers: legacyCiphers +}); + +// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms. +// Initial state +const SHA1_IV = /* @__PURE__ */ new Uint32Array([ + 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0, +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA1_W = /* @__PURE__ */ new Uint32Array(80); +class SHA1 extends HashMD { + constructor() { + super(64, 20, 8, false); + this.A = SHA1_IV[0] | 0; + this.B = SHA1_IV[1] | 0; + this.C = SHA1_IV[2] | 0; + this.D = SHA1_IV[3] | 0; + this.E = SHA1_IV[4] | 0; + } + get() { + const { A, B, C, D, E } = this; + return [A, B, C, D, E]; + } + set(A, B, C, D, E) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + SHA1_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 80; i++) + SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1); + // Compression function main loop, 80 rounds + let { A, B, C, D, E } = this; + for (let i = 0; i < 80; i++) { + let F, K; + if (i < 20) { + F = Chi(B, C, D); + K = 0x5a827999; + } + else if (i < 40) { + F = B ^ C ^ D; + K = 0x6ed9eba1; + } + else if (i < 60) { + F = Maj(B, C, D); + K = 0x8f1bbcdc; + } + else { + F = B ^ C ^ D; + K = 0xca62c1d6; + } + const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0; + E = D; + D = C; + C = rotl(B, 30); + B = A; + A = T; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + this.set(A, B, C, D, E); + } + roundClean() { + SHA1_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +/** + * SHA1 (RFC 3174) hash function. + * It was cryptographically broken: prefer newer algorithms. + * @param message - data that would be hashed + */ +const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1()); + +// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html +// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf +const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]); +const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i)); +const Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16); +let idxL = [Id]; +let idxR = [Pi]; +for (let i = 0; i < 4; i++) + for (let j of [idxL, idxR]) + j.push(j[i].map((k) => Rho[k])); +const shifts = /* @__PURE__ */ [ + [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], + [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7], + [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9], + [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6], + [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5], +].map((i) => new Uint8Array(i)); +const shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j])); +const shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j])); +const Kl = /* @__PURE__ */ new Uint32Array([ + 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e, +]); +const Kr = /* @__PURE__ */ new Uint32Array([ + 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000, +]); +// It's called f() in spec. +function f(group, x, y, z) { + if (group === 0) + return x ^ y ^ z; + else if (group === 1) + return (x & y) | (~x & z); + else if (group === 2) + return (x | ~y) ^ z; + else if (group === 3) + return (x & z) | (y & ~z); + else + return x ^ (y | ~z); +} +// Temporary buffer, not used to store anything between runs +const R_BUF = /* @__PURE__ */ new Uint32Array(16); +class RIPEMD160 extends HashMD { + constructor() { + super(64, 20, 8, true); + this.h0 = 0x67452301 | 0; + this.h1 = 0xefcdab89 | 0; + this.h2 = 0x98badcfe | 0; + this.h3 = 0x10325476 | 0; + this.h4 = 0xc3d2e1f0 | 0; + } + get() { + const { h0, h1, h2, h3, h4 } = this; + return [h0, h1, h2, h3, h4]; + } + set(h0, h1, h2, h3, h4) { + this.h0 = h0 | 0; + this.h1 = h1 | 0; + this.h2 = h2 | 0; + this.h3 = h3 | 0; + this.h4 = h4 | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + R_BUF[i] = view.getUint32(offset, true); + // prettier-ignore + let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el; + // Instead of iterating 0 to 80, we split it into 5 groups + // And use the groups in constants, functions, etc. Much simpler + for (let group = 0; group < 5; group++) { + const rGroup = 4 - group; + const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore + const rl = idxL[group], rr = idxR[group]; // prettier-ignore + const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore + for (let i = 0; i < 16; i++) { + const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0; + al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore + } + // 2 loops are 10% faster + for (let i = 0; i < 16; i++) { + const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0; + ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore + } + } + // Add the compressed chunk to the current hash value + this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0); + } + roundClean() { + R_BUF.fill(0); + } + destroy() { + this.destroyed = true; + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0); + } +} +/** + * RIPEMD-160 - a hash function from 1990s. + * @param message - msg that would be hashed + */ +const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160()); + +/** + * This file is needed to dynamic import the noble-hashes. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleHashes = new Map(Object.entries({ + sha1, + sha224, + sha256, + sha384, + sha512, + sha3_256, + sha3_512, + ripemd160 +})); + +var noble_hashes = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleHashes: nobleHashes +}); + +// Adapted from the reference implementation in RFC7693 +// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes + +// Uint64 values are represented using two Uint32s, stored as little endian +// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays +// need to be manually handled + +// 64-bit unsigned addition (little endian, in place) +// Sets a[i,i+1] += b[j,j+1] +// `a` and `b` must be Uint32Array(2) +function ADD64 (a, i, b, j) { + a[i] += b[j]; + a[i+1] += b[j+1] + (a[i] < b[j]); // add carry +} + +// Increment 64-bit little-endian unsigned value by `c` (in place) +// `a` must be Uint32Array(2) +function INC64 (a, c) { + a[0] += c; + a[1] += (a[0] < c); +} + +// G Mixing function +// The ROTRs are inlined for speed +function G$1 (v, m, a, b, c, d, ix, iy) { + ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1] + ADD64(v, a, m, ix); // v[a, a+1] += x ... x0 + + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits + let xor0 = v[d] ^ v[a]; + let xor1 = v[d + 1] ^ v[a + 1]; + v[d] = xor1; + v[d + 1] = xor0; + + ADD64(v, c, v, d); + + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor0 >>> 24) ^ (xor1 << 8); + v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8); + + ADD64(v, a, v, b); + ADD64(v, a, m, iy); + + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits + xor0 = v[d] ^ v[a]; + xor1 = v[d + 1] ^ v[a + 1]; + v[d] = (xor0 >>> 16) ^ (xor1 << 16); + v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16); + + ADD64(v, c, v, d); + + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor1 >>> 31) ^ (xor0 << 1); + v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1); +} + +// Initialization Vector +const BLAKE2B_IV32 = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 +]); + +// These are offsets into a Uint64 buffer. +// Multiply them all by 2 to make them offsets into a Uint32 buffer +const SIGMA = new Uint8Array([ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 +].map(x => x * 2)); + +// Compression function. 'last' flag indicates last block. +// Note: we're representing 16 uint64s as 32 uint32s +function compress(S, last) { + const v = new Uint32Array(32); + const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32); + + // init work variables + for (let i = 0; i < 16; i++) { + v[i] = S.h[i]; + v[i + 16] = BLAKE2B_IV32[i]; + } + + // low 64 bits of offset + v[24] ^= S.t0[0]; + v[25] ^= S.t0[1]; + // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1 + + // if last block + const f0 = last ? 0xFFFFFFFF : 0; + v[28] ^= f0; + v[29] ^= f0; + + // twelve rounds of mixing + for (let i = 0; i < 12; i++) { + // ROUND(r) + const i16 = i << 4; + G$1(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1]); + G$1(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]); + G$1(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]); + G$1(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]); + G$1(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]); + G$1(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]); + G$1(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]); + G$1(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15]); + } + + for (let i = 0; i < 16; i++) { + S.h[i] ^= v[i] ^ v[i + 16]; + } +} + +// Creates a BLAKE2b hashing context +// Requires an output length between 1 and 64 bytes +// Takes an optional Uint8Array key +class Blake2b { + constructor(outlen, key, salt, personal) { + const params = new Uint8Array(64); + // 0: outlen, keylen, fanout, depth + // 4: leaf length, sequential mode + // 8: node offset + // 12: node offset + // 16: node depth, inner length, rfu + // 20: rfu + // 24: rfu + // 28: rfu + // 32: salt + // 36: salt + // 40: salt + // 44: salt + // 48: personal + // 52: personal + // 56: personal + // 60: personal + + // init internal state + this.S = { + b: new Uint8Array(BLOCKBYTES), + h: new Uint32Array(OUTBYTES_MAX / 4), + t0: new Uint32Array(2), // input counter `t`, lower 64-bits only + c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES` + outlen // output length in bytes + }; + + // init parameter block + params[0] = outlen; + if (key) params[1] = key.length; + params[2] = 1; // fanout + params[3] = 1; // depth + if (salt) params.set(salt, 32); + if (personal) params.set(personal, 48); + const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT); + + // initialize hash state + for (let i = 0; i < 16; i++) { + this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i]; + } + + // key the hash, if applicable + if (key) { + const block = new Uint8Array(BLOCKBYTES); + block.set(key); + this.update(block); + } + } + + // Updates a BLAKE2b streaming hash + // Requires Uint8Array (byte array) + update(input) { + if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer') + // for (let i = 0; i < input.length; i++) { + // if (this.S.c === BLOCKBYTES) { // buffer full + // INC64(this.S.t0, this.S.c) // add counters + // compress(this.S, false) + // this.S.c = 0 // empty buffer + // } + // this.S.b[this.S.c++] = input[i] + // } + let i = 0; + while(i < input.length) { + if (this.S.c === BLOCKBYTES) { // buffer full + INC64(this.S.t0, this.S.c); // add counters + compress(this.S, false); + this.S.c = 0; // empty buffer + } + let left = BLOCKBYTES - this.S.c; + this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds + const fill = Math.min(left, input.length - i); + this.S.c += fill; + i += fill; + } + return this + } + + /** + * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one + * @param {Uint8Array} [prealloc] - optional preallocated buffer + * @returns {ArrayBuffer} message digest + */ + digest(prealloc) { + INC64(this.S.t0, this.S.c); // mark last block offset + + // final block, padded + this.S.b.fill(0, this.S.c); + this.S.c = BLOCKBYTES; + compress(this.S, true); + + const out = prealloc || new Uint8Array(this.S.outlen); + for (let i = 0; i < this.S.outlen; i++) { + // must be loaded individually since default Uint32 endianness is platform dependant + out[i] = this.S.h[i >> 2] >> (8 * (i & 3)); + } + this.S.h = null; // prevent calling `update` after `digest` + return out.buffer; + } +} + + +function createHash(outlen, key, salt, personal) { + if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`) + + return new Blake2b(outlen, key, salt, personal) +} + +const OUTBYTES_MAX = 64; +const BLOCKBYTES = 128; + +const TYPE = 2; // Argon2id +const VERSION = 0x13; +const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1; +const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const SALTBYTES_MIN = 8; +const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const passwordBYTES_MIN = 8; +const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional) +const SECRETBYTES_MAX = 32; // key (optional) + +const ARGON2_BLOCK_SIZE = 1024; +const ARGON2_PREHASH_DIGEST_LENGTH = 64; + +const isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd; + +// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3]) +function LE32(buf, n, i) { + buf[i+0] = n; + buf[i+1] = n >> 8; + buf[i+2] = n >> 16; + buf[i+3] = n >> 24; + return buf; +} + +/** + * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7]) + * @param {Uint8Array} buf + * @param {Number} n + * @param {Number} i + */ +function LE64(buf, n, i) { + if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported"); + // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations + // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps) + // so we manually extract each byte + let remainder = n; + for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER + buf[offset] = remainder; // implicit & 0xff + remainder = (remainder - buf[offset]) / 256; + } + return buf; +} + +/** + * Variable-Length Hash Function H' + * @param {Number} outlen - T + * @param {Uint8Array} X - value to hash + * @param {Uint8Array} res - output buffer, of length `outlength` or larger + */ +function H_(outlen, X, res) { + const V = new Uint8Array(64); // no need to keep around all V_i + + const V1_in = new Uint8Array(4 + X.length); + LE32(V1_in, outlen, 0); + V1_in.set(X, 4); + if (outlen <= 64) { + // H'^T(A) = H^T(LE32(T)||A) + createHash(outlen).update(V1_in).digest(res); + return res + } + + const r = Math.ceil(outlen / 32) - 2; + + // Let V_i be a 64-byte block and W_i be its first 32 bytes. + // V_1 = H^(64)(LE32(T)||A) + // V_2 = H^(64)(V_1) + // ... + // V_r = H^(64)(V_{r-1}) + // V_{r+1} = H^(T-32*r)(V_{r}) + // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1} + for (let i = 0; i < r; i++) { + createHash(64).update(i === 0 ? V1_in : V).digest(V); + // store W_i in result buffer already + res.set(V.subarray(0, 32), i*32); + } + // V_{r+1} + const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest()); + res.set(V_r1, r*32); + + return res; +} + +// compute buf = xs ^ ys +function XOR(wasmContext, buf, xs, ys) { + wasmContext.fn.XOR( + buf.byteOffset, + xs.byteOffset, + ys.byteOffset, + ); + return buf +} + +/** + * @param {Uint8Array} X (read-only) + * @param {Uint8Array} Y (read-only) + * @param {Uint8Array} R - output buffer + * @returns + */ +function G(wasmContext, X, Y, R) { + wasmContext.fn.G( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +function G2(wasmContext, X, Y, R) { + wasmContext.fn.G2( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values. +function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) { + // For each segment, we do the following. First, we compute the value Z as: + // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) ) + wasmContext.refs.prngTmp.fill(0); + const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8); + LE64(Z, pass, 0); + LE64(Z, lane, 8); + LE64(Z, slice, 16); + LE64(Z, m_, 24); + LE64(Z, totalPasses, 32); + LE64(Z, TYPE, 40); + + // Then we compute q/(128*SL) 1024-byte values + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ), + // ..., + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )), + for(let i = 1; i <= segmentLength; i++) { + // tmp.set(Z); // no need to re-copy + LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed + const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR ); + + // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2 + // NB: the first generated pair must be used for the first block of the segment, and so on. + // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset. + for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) { + yield g2.subarray(k, k+8); + } + } + return []; +} + +function validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) { + const assertLength = (name, value, min, max) => { + if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); } + }; + + if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version'); + assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX); + assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX); + assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX); + assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX); + // optional fields + ad && assertLength('associated data', ad, 0, ADBYTES_MAX); + secret && assertLength('secret', secret, 0, SECRETBYTES_MAX); + + return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes }; +} + +const KB = 1024; +const WASM_PAGE_SIZE = 64 * KB; + +function argon2id(params, { memory, instance: wasmInstance }) { + if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system + + const ctx = validateParams({ type: TYPE, version: VERSION, ...params }); + + const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports; + const wasmRefs = {}; + const wasmFn = {}; + wasmFn.G = wasmG; + wasmFn.G2 = wasmG2; + wasmFn.XOR = wasmXOR; + + // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p. + const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes)); + const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references + if (memory.buffer.byteLength < requiredMemory) { + const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE); + // If enough memory is available, the `memory.buffer` is internally detached and the reference updated. + // Otherwise, the operation fails, and the original memory can still be used. + memory.grow(missing); + } + + let offset = 0; + // Init wasm memory needed in other functions + wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length; + wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length; + wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length; + wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length; + // Init wasm memory needed locally + const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT; + const wasmContext = { fn: wasmFn, refs: wasmRefs }; + const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length; + const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE); + const allocatedMemory = new Uint8Array(memory.buffer, 0, offset); + + // 1. Establish H_0 + const H0 = getH0(ctx); + + // 2. Allocate the memory as m' 1024-byte blocks + // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns. + const q = m_ / ctx.lanes; + const B = new Array(ctx.lanes).fill(null).map(() => new Array(q)); + const initBlock = (i, j) => { + B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE); + return B[i][j]; + }; + + for (let i = 0; i < ctx.lanes; i++) { + // const LEi = LE0; // since p = 1 for us + const tmp = new Uint8Array(H0.length + 8); + // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p + // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i)) + tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0)); + // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p + // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i)) + LE32(tmp, 1, H0.length); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1)); + } + + // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2 + // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes + // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc. + const SL = 4; // vertical slices + const segmentLength = q / SL; + for (let pass = 0; pass < ctx.passes; pass++) { + // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel + for (let sl = 0; sl < SL; sl++) { + const isDataIndependent = pass === 0 && sl <= 1; + for (let i = 0; i < ctx.lanes; i++) { // lane + // On the first slice of the first pass, blocks 0 and 1 are already filled + let segmentOffset = sl === 0 && pass === 0 ? 2 : 0; + // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory) + const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null; + for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) { + const j = sl * segmentLength + segmentOffset; + const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q] + + // we can assume the PRNG is never done + const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength); + const l = lz[0]; const z = lz[1]; + // for (let i = 0; i < p; i++ ) + // B[i][j] = G(B[i][j-1], B[l][z]) + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + if (pass === 0) initBlock(i, j); + G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]); + + // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one + if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]); + } + } + } + } + + // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column: + // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1] + const C = B[0][q-1]; + for(let i = 1; i < ctx.lanes; i++) { + XOR(wasmContext, C, C, B[i][q-1]); + } + + const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength)); + // clear memory since the module might be cached + allocatedMemory.fill(0); // clear sensitive contents + memory.grow(0); // allow deallocation + // 8. The output tag is computed as H'^T(C). + return tag; + +} + +function getH0(ctx) { + const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH); + const ZERO32 = new Uint8Array(4); + const params = new Uint8Array(24); + LE32(params, ctx.lanes, 0); + LE32(params, ctx.tagLength, 4); + LE32(params, ctx.memorySize, 8); + LE32(params, ctx.passes, 12); + LE32(params, ctx.version, 16); + LE32(params, ctx.type, 20); + + const toHash = [params]; + if (ctx.password) { + toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0)); + toHash.push(ctx.password); + } else { + toHash.push(ZERO32); // context.password.length + } + + if (ctx.salt) { + toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0)); + toHash.push(ctx.salt); + } else { + toHash.push(ZERO32); // context.salt.length + } + + if (ctx.secret) { + toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0)); + toHash.push(ctx.secret); + // todo clear secret? + } else { + toHash.push(ZERO32); // context.secret.length + } + + if (ctx.ad) { + toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0)); + toHash.push(ctx.ad); + } else { + toHash.push(ZERO32); // context.ad.length + } + H.update(concatArrays(toHash)); + + const outputBuffer = H.digest(); + return new Uint8Array(outputBuffer); +} + +function concatArrays(arrays) { + if (arrays.length === 1) return arrays[0]; + + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!(arrays[i] instanceof Uint8Array)) { + throw new Error('concatArrays: Data must be in the form of a Uint8Array'); + } + + totalLength += arrays[i].length; + } + + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach((element) => { + result.set(element, pos); + pos += element.length; + }); + + return result; +} + +let isSIMDSupported; +async function wasmLoader(memory, getSIMD, getNonSIMD) { + const importObject = { env: { memory } }; + if (isSIMDSupported === undefined) { + try { + const loaded = await getSIMD(importObject); + isSIMDSupported = true; + return loaded; + } catch(e) { + isSIMDSupported = false; + } + } + + const loader = isSIMDSupported ? getSIMD : getNonSIMD; + return loader(importObject); +} + +async function setupWasm(getSIMD, getNonSIMD) { + const memory = new WebAssembly.Memory({ + // in pages of 64KiB each + // these values need to be compatible with those declared when building in `build-wasm` + initial: 1040, // 65MB + maximum: 65536, // 4GB + }); + const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD); + + /** + * Argon2id hash function + * @callback computeHash + * @param {Object} params + * @param {Uint8Array} params.password - password + * @param {Uint8Array} params.salt - salt + * @param {Integer} params.parallelism + * @param {Integer} params.passes + * @param {Integer} params.memorySize - in kibibytes + * @param {Integer} params.tagLength - output tag length + * @param {Uint8Array} [params.ad] - associated data (optional) + * @param {Uint8Array} [params.secret] - secret data (optional) + * @return {Uint8Array} argon2id hash + */ + const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory }); + + return computeHash; +} + +function _loadWasmModule (sync, filepath, src, imports) { + function _instantiateOrCompile(source, imports, stream) { + var instantiateFunc = WebAssembly.instantiate; + var compileFunc = WebAssembly.compile; + + if (imports) { + return instantiateFunc(source, imports) + } else { + return compileFunc(source) + } + } + + +var buf = null; + + +buf = Buffer.from(src, 'base64'); + + + + { + return _instantiateOrCompile(buf, imports) + } +} + +function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)} + +function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)} + +const loadWasm = async () => setupWasm( + (instanceObject) => wasmSIMD(instanceObject), + (instanceObject) => wasmNonSIMD(instanceObject), +); + +var index$1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + default: loadWasm +}); + +/* +node-bzip - a pure-javascript Node.JS module for decoding bzip2 data + +Copyright (C) 2012 Eli Skeggs + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html + +Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). + +Based on micro-bunzip by Rob Landley (rob@landley.net). + +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ + +var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; + +// offset in bytes +var BitReader$1 = function(stream) { + this.stream = stream; + this.bitOffset = 0; + this.curByte = 0; + this.hasByte = false; +}; + +BitReader$1.prototype._ensureByte = function() { + if (!this.hasByte) { + this.curByte = this.stream.readByte(); + this.hasByte = true; + } +}; + +// reads bits from the buffer +BitReader$1.prototype.read = function(bits) { + var result = 0; + while (bits > 0) { + this._ensureByte(); + var remaining = 8 - this.bitOffset; + // if we're in a byte + if (bits >= remaining) { + result <<= remaining; + result |= BITMASK[remaining] & this.curByte; + this.hasByte = false; + this.bitOffset = 0; + bits -= remaining; + } else { + result <<= bits; + var shift = remaining - bits; + result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; + this.bitOffset += bits; + bits = 0; + } + } + return result; +}; + +// seek to an arbitrary point in the buffer (expressed in bits) +BitReader$1.prototype.seek = function(pos) { + var n_bit = pos % 8; + var n_byte = (pos - n_bit) / 8; + this.bitOffset = n_bit; + this.stream.seek(n_byte); + this.hasByte = false; +}; + +// reads 6 bytes worth of data using the read method +BitReader$1.prototype.pi = function() { + var buf = new Uint8Array(6), i; + for (i = 0; i < buf.length; i++) { + buf[i] = this.read(8); + } + return bufToHex(buf); +}; + +function bufToHex(buf) { + return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); +} + +var bitreader = BitReader$1; + +/* very simple input/output stream interface */ + +var Stream$1 = function() { +}; + +// input streams ////////////// +/** Returns the next byte, or -1 for EOF. */ +Stream$1.prototype.readByte = function() { + throw new Error("abstract method readByte() not implemented"); +}; +/** Attempts to fill the buffer; returns number of bytes read, or + * -1 for EOF. */ +Stream$1.prototype.read = function(buffer, bufOffset, length) { + var bytesRead = 0; + while (bytesRead < length) { + var c = this.readByte(); + if (c < 0) { // EOF + return (bytesRead===0) ? -1 : bytesRead; + } + buffer[bufOffset++] = c; + bytesRead++; + } + return bytesRead; +}; +Stream$1.prototype.seek = function(new_pos) { + throw new Error("abstract method seek() not implemented"); +}; + +// output streams /////////// +Stream$1.prototype.writeByte = function(_byte) { + throw new Error("abstract method readByte() not implemented"); +}; +Stream$1.prototype.write = function(buffer, bufOffset, length) { + var i; + for (i=0; i>> 0; // return an unsigned value + }; + + /** + * Update the CRC with a single byte + * @param value The value to update the CRC with + */ + this.updateCRC = function(value) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + }; + + /** + * Update the CRC with a sequence of identical bytes + * @param value The value to update the CRC with + * @param count The number of bytes + */ + this.updateCRCRun = function(value, count) { + while (count-- > 0) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + } + }; + }; + return CRC32; +})(); + +/* +seek-bzip - a pure-javascript module for seeking within bzip2 data + +Copyright (C) 2013 C. Scott Ananian +Copyright (C) 2012 Eli Skeggs +Copyright (C) 2011 Kevin Kwok + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html + +Adapted from node-bzip, copyright 2012 Eli Skeggs. +Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). + +Based on micro-bunzip by Rob Landley (rob@landley.net). + +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ + +var BitReader = bitreader; +var Stream = stream; +var CRC32 = crc32; + +var MAX_HUFCODE_BITS = 20; +var MAX_SYMBOLS = 258; +var SYMBOL_RUNA = 0; +var SYMBOL_RUNB = 1; +var MIN_GROUPS = 2; +var MAX_GROUPS = 6; +var GROUP_SIZE = 50; + +var WHOLEPI = "314159265359"; +var SQRTPI = "177245385090"; + +var mtf = function(array, index) { + var src = array[index], i; + for (i = index; i > 0; i--) { + array[i] = array[i-1]; + } + array[0] = src; + return src; +}; + +var Err = { + OK: 0, + LAST_BLOCK: -1, + NOT_BZIP_DATA: -2, + UNEXPECTED_INPUT_EOF: -3, + UNEXPECTED_OUTPUT_EOF: -4, + DATA_ERROR: -5, + OUT_OF_MEMORY: -6, + OBSOLETE_INPUT: -7, + END_OF_BLOCK: -8 +}; +var ErrorMessages = {}; +ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; +ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; +ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; +ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; +ErrorMessages[Err.DATA_ERROR] = "Data error"; +ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; +ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; + +var _throw = function(status, optDetail) { + var msg = ErrorMessages[status] || 'unknown error'; + if (optDetail) { msg += ': '+optDetail; } + var e = new TypeError(msg); + e.errorCode = status; + throw e; +}; + +var Bunzip = function(inputStream, outputStream) { + this.writePos = this.writeCurrent = this.writeCount = 0; + + this._start_bunzip(inputStream, outputStream); +}; +Bunzip.prototype._init_block = function() { + var moreBlocks = this._get_next_block(); + if ( !moreBlocks ) { + this.writeCount = -1; + return false; /* no more blocks */ + } + this.blockCRC = new CRC32(); + return true; +}; +/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ +Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { + /* Ensure that file starts with "BZh['1'-'9']." */ + var buf = new Uint8Array(4); + if (inputStream.read(buf, 0, 4) !== 4 || + String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') + _throw(Err.NOT_BZIP_DATA, 'bad magic'); + + var level = buf[3] - 0x30; + if (level < 1 || level > 9) + _throw(Err.NOT_BZIP_DATA, 'level out of range'); + + this.reader = new BitReader(inputStream); + + /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of + uncompressed data. Allocate intermediate buffer for block. */ + this.dbufSize = 100000 * level; + this.nextoutput = 0; + this.outputStream = outputStream; + this.streamCRC = 0; +}; +Bunzip.prototype._get_next_block = function() { + var i, j, k; + var reader = this.reader; + // this is get_next_block() function from micro-bunzip: + /* Read in header signature and CRC, then validate signature. + (last block signature means CRC is for whole file, return now) */ + var h = reader.pi(); + if (h === SQRTPI) { // last block + return false; /* no more blocks */ + } + if (h !== WHOLEPI) + _throw(Err.NOT_BZIP_DATA); + this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) + this.streamCRC = (this.targetBlockCRC ^ + ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; + /* We can add support for blockRandomised if anybody complains. There was + some code for this in busybox 1.0.0-pre3, but nobody ever noticed that + it didn't actually work. */ + if (reader.read(1)) + _throw(Err.OBSOLETE_INPUT); + var origPointer = reader.read(24); + if (origPointer > this.dbufSize) + _throw(Err.DATA_ERROR, 'initial position out of bounds'); + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer + symbols to deal with, and writes a sparse bitfield indicating which + values were present. We make a translation table to convert the symbols + back to the corresponding bytes. */ + var t = reader.read(16); + var symToByte = new Uint8Array(256), symTotal = 0; + for (i = 0; i < 16; i++) { + if (t & (1 << (0xF - i))) { + var o = i * 16; + k = reader.read(16); + for (j = 0; j < 16; j++) + if (k & (1 << (0xF - j))) + symToByte[symTotal++] = o + j; + } + } + + /* How many different huffman coding groups does this block use? */ + var groupCount = reader.read(3); + if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) + _throw(Err.DATA_ERROR); + /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding + group. Read in the group selector list, which is stored as MTF encoded + bit runs. (MTF=Move To Front, as each value is used it's moved to the + start of the list.) */ + var nSelectors = reader.read(15); + if (nSelectors === 0) + _throw(Err.DATA_ERROR); + + var mtfSymbol = new Uint8Array(256); + for (i = 0; i < groupCount; i++) + mtfSymbol[i] = i; + + var selectors = new Uint8Array(nSelectors); // was 32768... + + for (i = 0; i < nSelectors; i++) { + /* Get next value */ + for (j = 0; reader.read(1); j++) + if (j >= groupCount) _throw(Err.DATA_ERROR); + /* Decode MTF to get the next selector */ + selectors[i] = mtf(mtfSymbol, j); + } + + /* Read the huffman coding tables for each group, which code for symTotal + literal symbols, plus two run symbols (RUNA, RUNB) */ + var symCount = symTotal + 2; + var groups = [], hufGroup; + for (j = 0; j < groupCount; j++) { + var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); + /* Read huffman code lengths for each symbol. They're stored in + a way similar to mtf; record a starting value for the first symbol, + and an offset from the previous value for everys symbol after that. */ + t = reader.read(5); // lengths + for (i = 0; i < symCount; i++) { + for (;;) { + if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); + /* If first bit is 0, stop. Else second bit indicates whether + to increment or decrement the value. */ + if(!reader.read(1)) + break; + if(!reader.read(1)) + t++; + else + t--; + } + length[i] = t; + } + + /* Find largest and smallest lengths in this group */ + var minLen, maxLen; + minLen = maxLen = length[0]; + for (i = 1; i < symCount; i++) { + if (length[i] > maxLen) + maxLen = length[i]; + else if (length[i] < minLen) + minLen = length[i]; + } + + /* Calculate permute[], base[], and limit[] tables from length[]. + * + * permute[] is the lookup table for converting huffman coded symbols + * into decoded symbols. base[] is the amount to subtract from the + * value of a huffman symbol of a given length when using permute[]. + * + * limit[] indicates the largest numerical value a symbol with a given + * number of bits can have. This is how the huffman codes can vary in + * length: each code with a value>limit[length] needs another bit. + */ + hufGroup = {}; + groups.push(hufGroup); + hufGroup.permute = new Uint16Array(MAX_SYMBOLS); + hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); + hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); + hufGroup.minLen = minLen; + hufGroup.maxLen = maxLen; + /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ + var pp = 0; + for (i = minLen; i <= maxLen; i++) { + temp[i] = hufGroup.limit[i] = 0; + for (t = 0; t < symCount; t++) + if (length[t] === i) + hufGroup.permute[pp++] = t; + } + /* Count symbols coded for at each bit length */ + for (i = 0; i < symCount; i++) + temp[length[i]]++; + /* Calculate limit[] (the largest symbol-coding value at each bit + * length, which is (previous limit<<1)+symbols at this level), and + * base[] (number of symbols to ignore at each bit length, which is + * limit minus the cumulative count of symbols coded for already). */ + pp = t = 0; + for (i = minLen; i < maxLen; i++) { + pp += temp[i]; + /* We read the largest possible symbol size and then unget bits + after determining how many we need, and those extra bits could + be set to anything. (They're noise from future symbols.) At + each level we're really only interested in the first few bits, + so here we set all the trailing to-be-ignored bits to 1 so they + don't affect the value>limit[length] comparison. */ + hufGroup.limit[i] = pp - 1; + pp <<= 1; + t += temp[i]; + hufGroup.base[i + 1] = pp - t; + } + hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ + hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; + hufGroup.base[minLen] = 0; + } + /* We've finished reading and digesting the block header. Now read this + block's huffman coded symbols from the file and undo the huffman coding + and run length encoding, saving the result into dbuf[dbufCount++]=uc */ + + /* Initialize symbol occurrence counters and symbol Move To Front table */ + var byteCount = new Uint32Array(256); + for (i = 0; i < 256; i++) + mtfSymbol[i] = i; + /* Loop through compressed symbols. */ + var runPos = 0, dbufCount = 0, selector = 0, uc; + var dbuf = this.dbuf = new Uint32Array(this.dbufSize); + symCount = 0; + for (;;) { + /* Determine which huffman coding group to use. */ + if (!(symCount--)) { + symCount = GROUP_SIZE - 1; + if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } + hufGroup = groups[selectors[selector++]]; + } + /* Read next huffman-coded symbol. */ + i = hufGroup.minLen; + j = reader.read(i); + for (;;i++) { + if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } + if (j <= hufGroup.limit[i]) + break; + j = (j << 1) | reader.read(1); + } + /* Huffman decode value to get nextSym (with bounds checking) */ + j -= hufGroup.base[i]; + if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } + var nextSym = hufGroup.permute[j]; + /* We have now decoded the symbol, which indicates either a new literal + byte, or a repeated run of the most recent literal byte. First, + check if nextSym indicates a repeated run, and if so loop collecting + how many times to repeat the last literal. */ + if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { + /* If this is the start of a new run, zero out counter */ + if (!runPos){ + runPos = 1; + t = 0; + } + /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at + each bit position, add 1 or 2 instead. For example, + 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. + You can make any bit pattern that way using 1 less symbol than + the basic or 0/1 method (except all bits 0, which would use no + symbols, but a run of length 0 doesn't mean anything in this + context). Thus space is saved. */ + if (nextSym === SYMBOL_RUNA) + t += runPos; + else + t += 2 * runPos; + runPos <<= 1; + continue; + } + /* When we hit the first non-run symbol after a run, we now know + how many times to repeat the last literal, so append that many + copies to our buffer of decoded symbols (dbuf) now. (The last + literal used is the one at the head of the mtfSymbol array.) */ + if (runPos){ + runPos = 0; + if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } + uc = symToByte[mtfSymbol[0]]; + byteCount[uc] += t; + while (t--) + dbuf[dbufCount++] = uc; + } + /* Is this the terminating symbol? */ + if (nextSym > symTotal) + break; + /* At this point, nextSym indicates a new literal character. Subtract + one to get the position in the MTF array at which this literal is + currently to be found. (Note that the result can't be -1 or 0, + because 0 and 1 are RUNA and RUNB. But another instance of the + first symbol in the mtf array, position 0, would have been handled + as part of a run above. Therefore 1 unused mtf position minus + 2 non-literal nextSym values equals -1.) */ + if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } + i = nextSym - 1; + uc = mtf(mtfSymbol, i); + uc = symToByte[uc]; + /* We have our literal byte. Save it into dbuf. */ + byteCount[uc]++; + dbuf[dbufCount++] = uc; + } + /* At this point, we've read all the huffman-coded symbols (and repeated + runs) for this block from the input stream, and decoded them into the + intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. + Now undo the Burrows-Wheeler transform on dbuf. + See http://dogma.net/markn/articles/bwt/bwt.htm + */ + if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } + /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ + j = 0; + for (i = 0; i < 256; i++) { + k = j + byteCount[i]; + byteCount[i] = j; + j = k; + } + /* Figure out what order dbuf would be in if we sorted it. */ + for (i = 0; i < dbufCount; i++) { + uc = dbuf[i] & 0xff; + dbuf[byteCount[uc]] |= (i << 8); + byteCount[uc]++; + } + /* Decode first byte by hand to initialize "previous" byte. Note that it + doesn't get output, and if the first three characters are identical + it doesn't qualify as a run (hence writeRunCountdown=5). */ + var pos = 0, current = 0, run = 0; + if (dbufCount) { + pos = dbuf[origPointer]; + current = (pos & 0xff); + pos >>= 8; + run = -1; + } + this.writePos = pos; + this.writeCurrent = current; + this.writeCount = dbufCount; + this.writeRun = run; + + return true; /* more blocks to come */ +}; +/* Undo burrows-wheeler transform on intermediate buffer to produce output. + If start_bunzip was initialized with out_fd=-1, then up to len bytes of + data are written to outbuf. Return value is number of bytes written or + error (all errors are negative numbers). If out_fd!=-1, outbuf and len + are ignored, data is written to out_fd and return is RETVAL_OK or error. +*/ +Bunzip.prototype._read_bunzip = function(outputBuffer, len) { + var copies, previous, outbyte; + /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully + decoded, which results in this returning RETVAL_LAST_BLOCK, also + equal to -1... Confusing, I'm returning 0 here to indicate no + bytes written into the buffer */ + if (this.writeCount < 0) { return 0; } + var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; + var dbufCount = this.writeCount; this.outputsize; + var run = this.writeRun; + + while (dbufCount) { + dbufCount--; + previous = current; + pos = dbuf[pos]; + current = pos & 0xff; + pos >>= 8; + if (run++ === 3){ + copies = current; + outbyte = previous; + current = -1; + } else { + copies = 1; + outbyte = current; + } + this.blockCRC.updateCRCRun(outbyte, copies); + while (copies--) { + this.outputStream.writeByte(outbyte); + this.nextoutput++; + } + if (current != previous) + run = 0; + } + this.writeCount = dbufCount; + // check CRC + if (this.blockCRC.getCRC() !== this.targetBlockCRC) { + _throw(Err.DATA_ERROR, "Bad block CRC "+ + "(got "+this.blockCRC.getCRC().toString(16)+ + " expected "+this.targetBlockCRC.toString(16)+")"); + } + return this.nextoutput; +}; + +var coerceInputStream = function(input) { + if ('readByte' in input) { return input; } + var inputStream = new Stream(); + inputStream.pos = 0; + inputStream.readByte = function() { return input[this.pos++]; }; + inputStream.seek = function(pos) { this.pos = pos; }; + inputStream.eof = function() { return this.pos >= input.length; }; + return inputStream; +}; +var coerceOutputStream = function(output) { + var outputStream = new Stream(); + var resizeOk = true; + if (output) { + if (typeof(output)==='number') { + outputStream.buffer = new Uint8Array(output); + resizeOk = false; + } else if ('writeByte' in output) { + return output; + } else { + outputStream.buffer = output; + resizeOk = false; + } + } else { + outputStream.buffer = new Uint8Array(16384); + } + outputStream.pos = 0; + outputStream.writeByte = function(_byte) { + if (resizeOk && this.pos >= this.buffer.length) { + var newBuffer = new Uint8Array(this.buffer.length*2); + newBuffer.set(this.buffer); + this.buffer = newBuffer; + } + this.buffer[this.pos++] = _byte; + }; + outputStream.getBuffer = function() { + // trim buffer + if (this.pos !== this.buffer.length) { + if (!resizeOk) + throw new TypeError('outputsize does not match decoded input'); + var newBuffer = new Uint8Array(this.pos); + newBuffer.set(this.buffer.subarray(0, this.pos)); + this.buffer = newBuffer; + } + return this.buffer; + }; + outputStream._coerced = true; + return outputStream; +}; + +/* Static helper functions */ +// 'input' can be a stream or a buffer +// 'output' can be a stream or a buffer or a number (buffer size) +const decode = function(input, output, multistream) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + + var bz = new Bunzip(inputStream, outputStream); + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + if (bz._init_block()) { + bz._read_bunzip(); + } else { + var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) + if (targetStreamCRC !== bz.streamCRC) { + _throw(Err.DATA_ERROR, "Bad stream CRC "+ + "(got "+bz.streamCRC.toString(16)+ + " expected "+targetStreamCRC.toString(16)+")"); + } + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + } else break; + } + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); +}; +const decodeBlock = function(input, pos, output) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + var bz = new Bunzip(inputStream, outputStream); + bz.reader.seek(pos); + /* Fill the decode buffer for the block */ + var moreBlocks = bz._get_next_block(); + if (moreBlocks) { + /* Init the CRC for writing */ + bz.blockCRC = new CRC32(); + + /* Zero this so the current byte from before the seek is not written */ + bz.writeCopies = 0; + + /* Decompress the block and write to stdout */ + bz._read_bunzip(); + // XXX keep writing? + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); +}; +/* Reads bzip2 file from stream or buffer `input`, and invoke + * `callback(position, size)` once for each bzip2 block, + * where position gives the starting position (in *bits*) + * and size gives uncompressed size of the block (in *bytes*). */ +const table = function(input, callback, multistream) { + // make a stream from a buffer, if necessary + var inputStream = new Stream(); + inputStream.delegate = coerceInputStream(input); + inputStream.pos = 0; + inputStream.readByte = function() { + this.pos++; + return this.delegate.readByte(); + }; + if (inputStream.delegate.eof) { + inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); + } + var outputStream = new Stream(); + outputStream.pos = 0; + outputStream.writeByte = function() { this.pos++; }; + + var bz = new Bunzip(inputStream, outputStream); + var blockSize = bz.dbufSize; + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + + var position = inputStream.pos*8 + bz.reader.bitOffset; + if (bz.reader.hasByte) { position -= 8; } + + if (bz._init_block()) { + var start = outputStream.pos; + bz._read_bunzip(); + callback(position, outputStream.pos - start); + } else { + bz.reader.read(32); // (but we ignore the crc) + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + console.assert(bz.dbufSize === blockSize, + "shouldn't change block size within multistream file"); + } else break; + } + } +}; + +var lib = { + Bunzip, + Stream, + Err, + decode, + decodeBlock, + table +}; + +var index = /*#__PURE__*/_mergeNamespaces({ + __proto__: null +}, [lib]); + +exports.AEADEncryptedDataPacket = AEADEncryptedDataPacket; +exports.CleartextMessage = CleartextMessage; +exports.CompressedDataPacket = CompressedDataPacket; +exports.LiteralDataPacket = LiteralDataPacket; +exports.MarkerPacket = MarkerPacket; +exports.Message = Message; +exports.OnePassSignaturePacket = OnePassSignaturePacket; +exports.PacketList = PacketList; +exports.PaddingPacket = PaddingPacket; +exports.PrivateKey = PrivateKey; +exports.PublicKey = PublicKey; +exports.PublicKeyEncryptedSessionKeyPacket = PublicKeyEncryptedSessionKeyPacket; +exports.PublicKeyPacket = PublicKeyPacket; +exports.PublicSubkeyPacket = PublicSubkeyPacket; +exports.SecretKeyPacket = SecretKeyPacket; +exports.SecretSubkeyPacket = SecretSubkeyPacket; +exports.Signature = Signature; +exports.SignaturePacket = SignaturePacket; +exports.Subkey = Subkey; +exports.SymEncryptedIntegrityProtectedDataPacket = SymEncryptedIntegrityProtectedDataPacket; +exports.SymEncryptedSessionKeyPacket = SymEncryptedSessionKeyPacket; +exports.SymmetricallyEncryptedDataPacket = SymmetricallyEncryptedDataPacket; +exports.TrustPacket = TrustPacket; +exports.UnparseablePacket = UnparseablePacket; +exports.UserAttributePacket = UserAttributePacket; +exports.UserIDPacket = UserIDPacket; +exports.armor = armor; +exports.config = config; +exports.createCleartextMessage = createCleartextMessage; +exports.createMessage = createMessage; +exports.decrypt = decrypt; +exports.decryptKey = decryptKey; +exports.decryptSessionKeys = decryptSessionKeys; +exports.encrypt = encrypt; +exports.encryptKey = encryptKey; +exports.encryptSessionKey = encryptSessionKey; +exports.enums = enums; +exports.generateKey = generateKey; +exports.generateSessionKey = generateSessionKey; +exports.readCleartextMessage = readCleartextMessage; +exports.readKey = readKey; +exports.readKeys = readKeys; +exports.readMessage = readMessage; +exports.readPrivateKey = readPrivateKey; +exports.readPrivateKeys = readPrivateKeys; +exports.readSignature = readSignature; +exports.reformatKey = reformatKey; +exports.revokeKey = revokeKey; +exports.sign = sign; +exports.unarmor = unarmor; +exports.verify = verify; diff --git a/app/node_modules/openpgp/dist/node/openpgp.js b/app/node_modules/openpgp/dist/node/openpgp.js deleted file mode 100644 index 72a0ea578..000000000 --- a/app/node_modules/openpgp/dist/node/openpgp.js +++ /dev/null @@ -1,44142 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -'use strict'; - -const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -Object.defineProperty(exports, '__esModule', { value: true }); - -var buffer = require('buffer'); -var stream$1 = require('stream'); -var crypto$3 = require('crypto'); -var zlib = require('zlib'); -var os = require('os'); -var util$1 = require('util'); -var asn1$2 = require('asn1.js'); - -function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } - -var buffer__default = /*#__PURE__*/_interopDefaultLegacy(buffer); -var stream__default = /*#__PURE__*/_interopDefaultLegacy(stream$1); -var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto$3); -var zlib__default = /*#__PURE__*/_interopDefaultLegacy(zlib); -var os__default = /*#__PURE__*/_interopDefaultLegacy(os); -var util__default = /*#__PURE__*/_interopDefaultLegacy(util$1); -var asn1__default = /*#__PURE__*/_interopDefaultLegacy(asn1$2); - -const doneWritingPromise = Symbol('doneWritingPromise'); -const doneWritingResolve = Symbol('doneWritingResolve'); -const doneWritingReject = Symbol('doneWritingReject'); - -const readingIndex = Symbol('readingIndex'); - -class ArrayStream extends Array { - constructor() { - super(); - this[doneWritingPromise] = new Promise((resolve, reject) => { - this[doneWritingResolve] = resolve; - this[doneWritingReject] = reject; - }); - this[doneWritingPromise].catch(() => {}); - } -} - -ArrayStream.prototype.getReader = function() { - if (this[readingIndex] === undefined) { - this[readingIndex] = 0; - } - return { - read: async () => { - await this[doneWritingPromise]; - if (this[readingIndex] === this.length) { - return { value: undefined, done: true }; - } - return { value: this[this[readingIndex]++], done: false }; - } - }; -}; - -ArrayStream.prototype.readToEnd = async function(join) { - await this[doneWritingPromise]; - const result = join(this.slice(this[readingIndex])); - this.length = 0; - return result; -}; - -ArrayStream.prototype.clone = function() { - const clone = new ArrayStream(); - clone[doneWritingPromise] = this[doneWritingPromise].then(() => { - clone.push(...this); - }); - return clone; -}; - -/** - * Check whether data is an ArrayStream - * @param {Any} input data to check - * @returns {boolean} - */ -function isArrayStream(input) { - return input && input.getReader && Array.isArray(input); -} - -/** - * A wrapper class over the native WritableStreamDefaultWriter. - * It also lets you "write data to" array streams instead of streams. - * @class - */ -function Writer(input) { - if (!isArrayStream(input)) { - const writer = input.getWriter(); - const releaseLock = writer.releaseLock; - writer.releaseLock = () => { - writer.closed.catch(function() {}); - releaseLock.call(writer); - }; - return writer; - } - this.stream = input; -} - -/** - * Write a chunk of data. - * @returns {Promise} - * @async - */ -Writer.prototype.write = async function(chunk) { - this.stream.push(chunk); -}; - -/** - * Close the stream. - * @returns {Promise} - * @async - */ -Writer.prototype.close = async function() { - this.stream[doneWritingResolve](); -}; - -/** - * Error the stream. - * @returns {Promise} - * @async - */ -Writer.prototype.abort = async function(reason) { - this.stream[doneWritingReject](reason); - return reason; -}; - -/** - * Release the writer's lock. - * @returns {undefined} - * @async - */ -Writer.prototype.releaseLock = function() {}; - -const isNode = typeof globalThis.process === 'object' && - typeof globalThis.process.versions === 'object'; - -const NodeReadableStream = isNode && stream__default['default'].Readable; - -/** - * Check whether data is a Stream, and if so of which type - * @param {Any} input data to check - * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false} - */ -function isStream(input) { - if (isArrayStream(input)) { - return 'array'; - } - if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { - return 'web'; - } - if (ReadableStream && ReadableStream.prototype.isPrototypeOf(input)) { - return 'ponyfill'; - } - if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) { - return 'node'; - } - if (input && input.getReader) { - return 'web-like'; - } - return false; -} - -/** - * Check whether data is a Uint8Array - * @param {Any} input data to check - * @returns {Boolean} - */ -function isUint8Array(input) { - return Uint8Array.prototype.isPrototypeOf(input); -} - -/** - * Concat Uint8Arrays - * @param {Array} Array of Uint8Arrays to concatenate - * @returns {Uint8array} Concatenated array - */ -function concatUint8Array(arrays) { - if (arrays.length === 1) return arrays[0]; - - let totalLength = 0; - for (let i = 0; i < arrays.length; i++) { - if (!isUint8Array(arrays[i])) { - throw new Error('concatUint8Array: Data must be in the form of a Uint8Array'); - } - - totalLength += arrays[i].length; - } - - const result = new Uint8Array(totalLength); - let pos = 0; - arrays.forEach(function (element) { - result.set(element, pos); - pos += element.length; - }); - - return result; -} - -const NodeBuffer = isNode && buffer__default['default'].Buffer; -const NodeReadableStream$1 = isNode && stream__default['default'].Readable; - -/** - * Web / node stream conversion functions - * From https://github.com/gwicke/node-web-streams - */ - -let nodeToWeb; -let webToNode; - -if (NodeReadableStream$1) { - - /** - * Convert a Node Readable Stream to a Web ReadableStream - * @param {Readable} nodeStream - * @returns {ReadableStream} - */ - nodeToWeb = function(nodeStream) { - let canceled = false; - return new ReadableStream({ - start(controller) { - nodeStream.pause(); - nodeStream.on('data', chunk => { - if (canceled) { - return; - } - if (NodeBuffer.isBuffer(chunk)) { - chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength); - } - controller.enqueue(chunk); - nodeStream.pause(); - }); - nodeStream.on('end', () => { - if (canceled) { - return; - } - controller.close(); - }); - nodeStream.on('error', e => controller.error(e)); - }, - pull() { - nodeStream.resume(); - }, - cancel(reason) { - canceled = true; - nodeStream.destroy(reason); - } - }); - }; - - - class NodeReadable extends NodeReadableStream$1 { - constructor(webStream, options) { - super(options); - this._reader = getReader(webStream); - } - - async _read(size) { - try { - while (true) { - const { done, value } = await this._reader.read(); - if (done) { - this.push(null); - break; - } - if (!this.push(value)) { - break; - } - } - } catch (e) { - this.destroy(e); - } - } - - async _destroy(error, callback) { - this._reader.cancel(error).then(callback, callback); - } - } - - /** - * Convert a Web ReadableStream to a Node Readable Stream - * @param {ReadableStream} webStream - * @param {Object} options - * @returns {Readable} - */ - webToNode = function(webStream, options) { - return new NodeReadable(webStream, options); - }; - -} - -const doneReadingSet = new WeakSet(); -const externalBuffer = Symbol('externalBuffer'); - -/** - * A wrapper class over the native ReadableStreamDefaultReader. - * This additionally implements pushing back data on the stream, which - * lets us implement peeking and a host of convenience functions. - * It also lets you read data other than streams, such as a Uint8Array. - * @class - */ -function Reader(input) { - this.stream = input; - if (input[externalBuffer]) { - this[externalBuffer] = input[externalBuffer].slice(); - } - if (isArrayStream(input)) { - const reader = input.getReader(); - this._read = reader.read.bind(reader); - this._releaseLock = () => {}; - this._cancel = async () => {}; - return; - } - let streamType = isStream(input); - if (streamType === 'node') { - input = nodeToWeb(input); - } - if (streamType) { - const reader = input.getReader(); - this._read = reader.read.bind(reader); - this._releaseLock = () => { - reader.closed.catch(function() {}); - reader.releaseLock(); - }; - this._cancel = reader.cancel.bind(reader); - return; - } - let doneReading = false; - this._read = async () => { - if (doneReading || doneReadingSet.has(input)) { - return { value: undefined, done: true }; - } - doneReading = true; - return { value: input, done: false }; - }; - this._releaseLock = () => { - if (doneReading) { - try { - doneReadingSet.add(input); - } catch(e) {} - } - }; -} - -/** - * Read a chunk of data. - * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined } - * @async - */ -Reader.prototype.read = async function() { - if (this[externalBuffer] && this[externalBuffer].length) { - const value = this[externalBuffer].shift(); - return { done: false, value }; - } - return this._read(); -}; - -/** - * Allow others to read the stream. - */ -Reader.prototype.releaseLock = function() { - if (this[externalBuffer]) { - this.stream[externalBuffer] = this[externalBuffer]; - } - this._releaseLock(); -}; - -/** - * Cancel the stream. - */ -Reader.prototype.cancel = function(reason) { - return this._cancel(reason); -}; - -/** - * Read up to and including the first \n character. - * @returns {Promise} - * @async - */ -Reader.prototype.readLine = async function() { - let buffer = []; - let returnVal; - while (!returnVal) { - let { done, value } = await this.read(); - value += ''; - if (done) { - if (buffer.length) return concat(buffer); - return; - } - const lineEndIndex = value.indexOf('\n') + 1; - if (lineEndIndex) { - returnVal = concat(buffer.concat(value.substr(0, lineEndIndex))); - buffer = []; - } - if (lineEndIndex !== value.length) { - buffer.push(value.substr(lineEndIndex)); - } - } - this.unshift(...buffer); - return returnVal; -}; - -/** - * Read a single byte/character. - * @returns {Promise} - * @async - */ -Reader.prototype.readByte = async function() { - const { done, value } = await this.read(); - if (done) return; - const byte = value[0]; - this.unshift(slice(value, 1)); - return byte; -}; - -/** - * Read a specific amount of bytes/characters, unless the stream ends before that amount. - * @returns {Promise} - * @async - */ -Reader.prototype.readBytes = async function(length) { - const buffer = []; - let bufferLength = 0; - while (true) { - const { done, value } = await this.read(); - if (done) { - if (buffer.length) return concat(buffer); - return; - } - buffer.push(value); - bufferLength += value.length; - if (bufferLength >= length) { - const bufferConcat = concat(buffer); - this.unshift(slice(bufferConcat, length)); - return slice(bufferConcat, 0, length); - } - } -}; - -/** - * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount. - * @returns {Promise} - * @async - */ -Reader.prototype.peekBytes = async function(length) { - const bytes = await this.readBytes(length); - this.unshift(bytes); - return bytes; -}; - -/** - * Push data to the front of the stream. - * Data must have been read in the last call to read*. - * @param {...(Uint8Array|String|Undefined)} values - */ -Reader.prototype.unshift = function(...values) { - if (!this[externalBuffer]) { - this[externalBuffer] = []; - } - if ( - values.length === 1 && isUint8Array(values[0]) && - this[externalBuffer].length && values[0].length && - this[externalBuffer][0].byteOffset >= values[0].length - ) { - this[externalBuffer][0] = new Uint8Array( - this[externalBuffer][0].buffer, - this[externalBuffer][0].byteOffset - values[0].length, - this[externalBuffer][0].byteLength + values[0].length - ); - return; - } - this[externalBuffer].unshift(...values.filter(value => value && value.length)); -}; - -/** - * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat). - * @param {Function} join - * @returns {Promise} the return value of join() - * @async - */ -Reader.prototype.readToEnd = async function(join=concat) { - const result = []; - while (true) { - const { done, value } = await this.read(); - if (done) break; - result.push(value); - } - return join(result); -}; - -let { ReadableStream, WritableStream, TransformStream } = globalThis; - -let toPonyfillReadable, toNativeReadable; - -async function loadStreamsPonyfill() { - if (TransformStream) { - return; - } - - const [ponyfill, adapter] = await Promise.all([ - Promise.resolve().then(function () { return ponyfill_es6; }), - Promise.resolve().then(function () { return webStreamsAdapter; }) - ]); - - ({ ReadableStream, WritableStream, TransformStream } = ponyfill); - - const { createReadableStreamWrapper } = adapter; - - if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) { - toPonyfillReadable = createReadableStreamWrapper(ReadableStream); - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } -} - -const NodeBuffer$1 = isNode && buffer__default['default'].Buffer; - -/** - * Convert data to Stream - * @param {ReadableStream|Uint8array|String} input data to convert - * @returns {ReadableStream} Converted data - */ -function toStream(input) { - let streamType = isStream(input); - if (streamType === 'node') { - return nodeToWeb(input); - } - if (streamType === 'web' && toPonyfillReadable) { - return toPonyfillReadable(input); - } - if (streamType) { - return input; - } - return new ReadableStream({ - start(controller) { - controller.enqueue(input); - controller.close(); - } - }); -} - -/** - * Convert data to ArrayStream - * @param {Object} input data to convert - * @returns {ArrayStream} Converted data - */ -function toArrayStream(input) { - if (isStream(input)) { - return input; - } - const stream = new ArrayStream(); - (async () => { - const writer = getWriter(stream); - await writer.write(input); - await writer.close(); - })(); - return stream; -} - -/** - * Concat a list of Uint8Arrays, Strings or Streams - * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams. - * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate - * @returns {Uint8array|String|ReadableStream} Concatenated array - */ -function concat(list) { - if (list.some(stream => isStream(stream) && !isArrayStream(stream))) { - return concatStream(list); - } - if (list.some(stream => isArrayStream(stream))) { - return concatArrayStream(list); - } - if (typeof list[0] === 'string') { - return list.join(''); - } - if (NodeBuffer$1 && NodeBuffer$1.isBuffer(list[0])) { - return NodeBuffer$1.concat(list); - } - return concatUint8Array(list); -} - -/** - * Concat a list of Streams - * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate - * @returns {ReadableStream} Concatenated list - */ -function concatStream(list) { - list = list.map(toStream); - const transform = transformWithCancel(async function(reason) { - await Promise.all(transforms.map(stream => cancel(stream, reason))); - }); - let prev = Promise.resolve(); - const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => { - prev = prev.then(() => pipe(readable, transform.writable, { - preventClose: i !== list.length - 1 - })); - return prev; - })); - return transform.readable; -} - -/** - * Concat a list of ArrayStreams - * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate - * @returns {ArrayStream} Concatenated streams - */ -function concatArrayStream(list) { - const result = new ArrayStream(); - let prev = Promise.resolve(); - list.forEach((stream, i) => { - prev = prev.then(() => pipe(stream, result, { - preventClose: i !== list.length - 1 - })); - return prev; - }); - return result; -} - -/** - * Get a Reader - * @param {ReadableStream|Uint8array|String} input - * @returns {Reader} - */ -function getReader(input) { - return new Reader(input); -} - -/** - * Get a Writer - * @param {WritableStream} input - * @returns {Writer} - */ -function getWriter(input) { - return new Writer(input); -} - -/** - * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. - * @param {ReadableStream|Uint8array|String} input - * @param {WritableStream} target - * @param {Object} (optional) options - * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored) - * @async - */ -async function pipe(input, target, { - preventClose = false, - preventAbort = false, - preventCancel = false -} = {}) { - if (isStream(input) && !isArrayStream(input)) { - input = toStream(input); - try { - if (input[externalBuffer]) { - const writer = getWriter(target); - for (let i = 0; i < input[externalBuffer].length; i++) { - await writer.ready; - await writer.write(input[externalBuffer][i]); - } - writer.releaseLock(); - } - await input.pipeTo(target, { - preventClose, - preventAbort, - preventCancel - }); - } catch(e) {} - return; - } - input = toArrayStream(input); - const reader = getReader(input); - const writer = getWriter(target); - try { - while (true) { - await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (!preventClose) await writer.close(); - break; - } - await writer.write(value); - } - } catch (e) { - if (!preventAbort) await writer.abort(e); - } finally { - reader.releaseLock(); - writer.releaseLock(); - } -} - -/** - * Pipe a readable stream through a transform stream. - * @param {ReadableStream|Uint8array|String} input - * @param {Object} (optional) options - * @returns {ReadableStream} transformed stream - */ -function transformRaw(input, options) { - const transformStream = new TransformStream(options); - pipe(input, transformStream.writable); - return transformStream.readable; -} - -/** - * Create a cancelable TransformStream. - * @param {Function} cancel - * @returns {TransformStream} - */ -function transformWithCancel(customCancel) { - let pulled = false; - let cancelled = false; - let backpressureChangePromiseResolve, backpressureChangePromiseReject; - let outputController; - return { - readable: new ReadableStream({ - start(controller) { - outputController = controller; - }, - pull() { - if (backpressureChangePromiseResolve) { - backpressureChangePromiseResolve(); - } else { - pulled = true; - } - }, - async cancel(reason) { - cancelled = true; - if (customCancel) { - await customCancel(reason); - } - if (backpressureChangePromiseReject) { - backpressureChangePromiseReject(reason); - } - } - }, {highWaterMark: 0}), - writable: new WritableStream({ - write: async function(chunk) { - if (cancelled) { - throw new Error('Stream is cancelled'); - } - outputController.enqueue(chunk); - if (!pulled) { - await new Promise((resolve, reject) => { - backpressureChangePromiseResolve = resolve; - backpressureChangePromiseReject = reject; - }); - backpressureChangePromiseResolve = null; - backpressureChangePromiseReject = null; - } else { - pulled = false; - } - }, - close: outputController.close.bind(outputController), - abort: outputController.error.bind(outputController) - }) - }; -} - -/** - * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively. - * @param {ReadableStream|Uint8array|String} input - * @param {Function} process - * @param {Function} finish - * @returns {ReadableStream|Uint8array|String} - */ -function transform(input, process = () => undefined, finish = () => undefined) { - if (isArrayStream(input)) { - const output = new ArrayStream(); - (async () => { - const writer = getWriter(output); - try { - const data = await readToEnd(input); - const result1 = process(data); - const result2 = finish(); - let result; - if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]); - else result = result1 !== undefined ? result1 : result2; - await writer.write(result); - await writer.close(); - } catch (e) { - await writer.abort(e); - } - })(); - return output; - } - if (isStream(input)) { - return transformRaw(input, { - async transform(value, controller) { - try { - const result = await process(value); - if (result !== undefined) controller.enqueue(result); - } catch(e) { - controller.error(e); - } - }, - async flush(controller) { - try { - const result = await finish(); - if (result !== undefined) controller.enqueue(result); - } catch(e) { - controller.error(e); - } - } - }); - } - const result1 = process(input); - const result2 = finish(); - if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]); - return result1 !== undefined ? result1 : result2; -} - -/** - * Transform a stream using a helper function which is passed a readable and a writable stream. - * This function also maintains the possibility to cancel the input stream, - * and does so on cancelation of the output stream, despite cancelation - * normally being impossible when the input stream is being read from. - * @param {ReadableStream|Uint8array|String} input - * @param {Function} fn - * @returns {ReadableStream} - */ -function transformPair(input, fn) { - if (isStream(input) && !isArrayStream(input)) { - let incomingTransformController; - const incoming = new TransformStream({ - start(controller) { - incomingTransformController = controller; - } - }); - - const pipeDonePromise = pipe(input, incoming.writable); - - const outgoing = transformWithCancel(async function(reason) { - incomingTransformController.error(reason); - await pipeDonePromise; - await new Promise(setTimeout); - }); - fn(incoming.readable, outgoing.writable); - return outgoing.readable; - } - input = toArrayStream(input); - const output = new ArrayStream(); - fn(input, output); - return output; -} - -/** - * Parse a stream using a helper function which is passed a Reader. - * The reader additionally has a remainder() method which returns a - * stream pointing to the remainder of input, and is linked to input - * for cancelation. - * @param {ReadableStream|Uint8array|String} input - * @param {Function} fn - * @returns {Any} the return value of fn() - */ -function parse(input, fn) { - let returnValue; - const transformed = transformPair(input, (readable, writable) => { - const reader = getReader(readable); - reader.remainder = () => { - reader.releaseLock(); - pipe(readable, writable); - return transformed; - }; - returnValue = fn(reader); - }); - return returnValue; -} - -/** - * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing. - * Reading either of the two returned streams will pull from the input stream. - * The input stream will only be canceled if both of the returned streams are canceled. - * @param {ReadableStream|Uint8array|String} input - * @returns {Array} array containing two copies of input - */ -function tee(input) { - if (isArrayStream(input)) { - throw new Error('ArrayStream cannot be tee()d, use clone() instead'); - } - if (isStream(input)) { - const teed = toStream(input).tee(); - teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer]; - return teed; - } - return [slice(input), slice(input)]; -} - -/** - * Clone a Stream for reading it twice. The input stream can still be read after clone()ing. - * Reading from the clone will pull from the input stream. - * The input stream will only be canceled if both the clone and the input stream are canceled. - * @param {ReadableStream|Uint8array|String} input - * @returns {ReadableStream|Uint8array|String} cloned input - */ -function clone(input) { - if (isArrayStream(input)) { - return input.clone(); - } - if (isStream(input)) { - const teed = tee(input); - overwrite(input, teed[0]); - return teed[1]; - } - return slice(input); -} - -/** - * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read. - * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream. - * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled. - * If the input stream is canceled, the clone will be errored. - * @param {ReadableStream|Uint8array|String} input - * @returns {ReadableStream|Uint8array|String} cloned input - */ -function passiveClone(input) { - if (isArrayStream(input)) { - return clone(input); - } - if (isStream(input)) { - return new ReadableStream({ - start(controller) { - const transformed = transformPair(input, async (readable, writable) => { - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const { done, value } = await reader.read(); - if (done) { - try { controller.close(); } catch(e) {} - await writer.close(); - return; - } - try { controller.enqueue(value); } catch(e) {} - await writer.write(value); - } - } catch(e) { - controller.error(e); - await writer.abort(e); - } - }); - overwrite(input, transformed); - } - }); - } - return slice(input); -} - -/** - * Modify a stream object to point to a different stream object. - * This is used internally by clone() and passiveClone() to provide an abstraction over tee(). - * @param {ReadableStream} input - * @param {ReadableStream} clone - */ -function overwrite(input, clone) { - // Overwrite input.getReader, input.locked, etc to point to clone - Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => { - if (name === 'constructor') { - return; - } - if (descriptor.value) { - descriptor.value = descriptor.value.bind(clone); - } else { - descriptor.get = descriptor.get.bind(clone); - } - Object.defineProperty(input, name, descriptor); - }); -} - -/** - * Return a stream pointing to a part of the input stream. - * @param {ReadableStream|Uint8array|String} input - * @returns {ReadableStream|Uint8array|String} clone - */ -function slice(input, begin=0, end=Infinity) { - if (isArrayStream(input)) { - throw new Error('Not implemented'); - } - if (isStream(input)) { - if (begin >= 0 && end >= 0) { - let bytesRead = 0; - return transformRaw(input, { - transform(value, controller) { - if (bytesRead < end) { - if (bytesRead + value.length >= begin) { - controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead)); - } - bytesRead += value.length; - } else { - controller.terminate(); - } - } - }); - } - if (begin < 0 && (end < 0 || end === Infinity)) { - let lastBytes = []; - return transform(input, value => { - if (value.length >= -begin) lastBytes = [value]; - else lastBytes.push(value); - }, () => slice(concat(lastBytes), begin, end)); - } - if (begin === 0 && end < 0) { - let lastBytes; - return transform(input, value => { - const returnValue = lastBytes ? concat([lastBytes, value]) : value; - if (returnValue.length >= -end) { - lastBytes = slice(returnValue, end); - return slice(returnValue, begin, end); - } else { - lastBytes = returnValue; - } - }); - } - console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); - return fromAsync(async () => slice(await readToEnd(input), begin, end)); - } - if (input[externalBuffer]) { - input = concat(input[externalBuffer].concat([input])); - } - if (isUint8Array(input) && !(NodeBuffer$1 && NodeBuffer$1.isBuffer(input))) { - if (end === Infinity) end = input.length; - return input.subarray(begin, end); - } - return input.slice(begin, end); -} - -/** - * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat). - * @param {ReadableStream|Uint8array|String} input - * @param {Function} join - * @returns {Promise} the return value of join() - * @async - */ -async function readToEnd(input, join=concat) { - if (isArrayStream(input)) { - return input.readToEnd(join); - } - if (isStream(input)) { - return getReader(input).readToEnd(join); - } - return input; -} - -/** - * Cancel a stream. - * @param {ReadableStream|Uint8array|String} input - * @param {Any} reason - * @returns {Promise} indicates when the stream has been canceled - * @async - */ -async function cancel(input, reason) { - if (isStream(input)) { - if (input.cancel) { - return input.cancel(reason); - } - if (input.destroy) { - input.destroy(reason); - await new Promise(setTimeout); - return reason; - } - } -} - -/** - * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream. - * @param {Function} fn - * @returns {ArrayStream} - */ -function fromAsync(fn) { - const arrayStream = new ArrayStream(); - (async () => { - const writer = getWriter(arrayStream); - try { - await writer.write(await fn()); - await writer.close(); - } catch (e) { - await writer.abort(e); - } - })(); - return arrayStream; -} - -/* eslint-disable new-cap */ - -/** - * @fileoverview - * BigInteger implementation of basic operations - * that wraps the native BigInt library. - * Operations are not constant time, - * but we try and limit timing leakage where we can - * @module biginteger/native - * @private - */ - -/** - * @private - */ -class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on null or undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - - if (n instanceof Uint8Array) { - const bytes = n; - const hex = new Array(bytes.length); - for (let i = 0; i < bytes.length; i++) { - const hexByte = bytes[i].toString(16); - hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte; - } - this.value = BigInt('0x0' + hex.join('')); - } else { - this.value = BigInt(n); - } - } - - clone() { - return new BigInteger(this.value); - } - - /** - * BigInteger increment in place - */ - iinc() { - this.value++; - return this; - } - - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - - /** - * BigInteger decrement in place - */ - idec() { - this.value--; - return this; - } - - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } - - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value += x.value; - return this; - } - - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } - - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value -= x.value; - return this; - } - - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } - - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value *= x.value; - return this; - } - - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); - } - - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value %= m.value; - if (this.isNegative()) { - this.iadd(m); - } - return this; - } - - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } - - /** - * Compute modular exponentiation using square and multiply - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - if (n.isZero()) throw Error('Modulo cannot be zero'); - if (n.isOne()) return new BigInteger(0); - if (e.isNegative()) throw Error('Unsopported negative exponent'); - - let exp = e.value; - let x = this.value; - - x %= n.value; - let r = BigInt(1); - while (exp > BigInt(0)) { - const lsb = exp & BigInt(1); - exp >>= BigInt(1); // e / 2 - // Always compute multiplication step, to reduce timing leakage - const rx = (r * x) % n.value; - // Update r only if lsb is 1 (odd exponent) - r = lsb ? rx : r; - x = (x * x) % n.value; // Square - } - return new BigInteger(r); - } - - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - const { gcd, x } = this._egcd(n); - if (!gcd.isOne()) { - throw new Error('Inverse does not exist'); - } - return x.add(n).mod(n); - } - - /** - * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) - * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b) - * @param {BigInteger} b - Second operand - * @returns {{ gcd, x, y: BigInteger }} - */ - _egcd(b) { - let x = BigInt(0); - let y = BigInt(1); - let xPrev = BigInt(1); - let yPrev = BigInt(0); - - let a = this.value; - b = b.value; - - while (b !== BigInt(0)) { - const q = a / b; - let tmp = x; - x = xPrev - q * x; - xPrev = tmp; - - tmp = y; - y = yPrev - q * y; - yPrev = tmp; - - tmp = b; - b = a % b; - a = tmp; - } - - return { - x: new BigInteger(xPrev), - y: new BigInteger(yPrev), - gcd: new BigInteger(a) - }; - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} b - Operand - * @returns {BigInteger} gcd - */ - gcd(b) { - let a = this.value; - b = b.value; - while (b !== BigInt(0)) { - const tmp = b; - b = a % b; - a = tmp; - } - return new BigInteger(a); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value <<= x.value; - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value >>= x.value; - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value === x.value; - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value < x.value; - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value <= x.value; - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value > x.value; - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value >= x.value; - } - - isZero() { - return this.value === BigInt(0); - } - - isOne() { - return this.value === BigInt(1); - } - - isNegative() { - return this.value < BigInt(0); - } - - isEven() { - return !(this.value & BigInt(1)); - } - - abs() { - const res = this.clone(); - if (this.isNegative()) { - res.value = -res.value; - } - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - const number = Number(this.value); - if (number > Number.MAX_SAFE_INTEGER) { - // We throw and error to conform with the bn.js implementation - throw new Error('Number can only safely store up to 53 bits'); - } - return number; - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - const bit = (this.value >> BigInt(i)) & BigInt(1); - return (bit === BigInt(0)) ? 0 : 1; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - const zero = new BigInteger(0); - const one = new BigInteger(1); - const negOne = new BigInteger(-1); - - // -1n >> -1n is -1n - // 1n >> 1n is 0n - const target = this.isNegative() ? negOne : zero; - let bitlen = 1; - const tmp = this.clone(); - while (!tmp.irightShift(one).equal(target)) { - bitlen++; - } - return bitlen; - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - const zero = new BigInteger(0); - const negOne = new BigInteger(-1); - - const target = this.isNegative() ? negOne : zero; - const eight = new BigInteger(8); - let len = 1; - const tmp = this.clone(); - while (!tmp.irightShift(eight).equal(target)) { - len++; - } - return len; - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) - // this is faster than shift+mod iterations - let hex = this.value.toString(16); - if (hex.length % 2 === 1) { - hex = '0' + hex; - } - - const rawLength = hex.length / 2; - const bytes = new Uint8Array(length || rawLength); - // parse hex - const offset = length ? (length - rawLength) : 0; - let i = 0; - while (i < rawLength) { - bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); - i++; - } - - if (endian !== 'be') { - bytes.reverse(); - } - - return bytes; - } -} - -const detectBigInt = () => typeof BigInt !== 'undefined'; - -async function getBigInteger() { - if (detectBigInt()) { - return BigInteger; - } else { - const { default: BigInteger } = await Promise.resolve().then(function () { return bn_interface; }); - return BigInteger; - } -} - -/** - * @module enums - */ - -const byValue = Symbol('byValue'); - -var enums = { - - /** Maps curve names under various standards to one - * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} - * @enum {String} - * @readonly - */ - curve: { - /** NIST P-256 Curve */ - 'p256': 'p256', - 'P-256': 'p256', - 'secp256r1': 'p256', - 'prime256v1': 'p256', - '1.2.840.10045.3.1.7': 'p256', - '2a8648ce3d030107': 'p256', - '2A8648CE3D030107': 'p256', - - /** NIST P-384 Curve */ - 'p384': 'p384', - 'P-384': 'p384', - 'secp384r1': 'p384', - '1.3.132.0.34': 'p384', - '2b81040022': 'p384', - '2B81040022': 'p384', - - /** NIST P-521 Curve */ - 'p521': 'p521', - 'P-521': 'p521', - 'secp521r1': 'p521', - '1.3.132.0.35': 'p521', - '2b81040023': 'p521', - '2B81040023': 'p521', - - /** SECG SECP256k1 Curve */ - 'secp256k1': 'secp256k1', - '1.3.132.0.10': 'secp256k1', - '2b8104000a': 'secp256k1', - '2B8104000A': 'secp256k1', - - /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ - 'ed25519Legacy': 'ed25519', - 'ED25519': 'ed25519', - /** @deprecated use `ed25519Legacy` instead */ - 'ed25519': 'ed25519', - 'Ed25519': 'ed25519', - '1.3.6.1.4.1.11591.15.1': 'ed25519', - '2b06010401da470f01': 'ed25519', - '2B06010401DA470F01': 'ed25519', - - /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ - 'curve25519Legacy': 'curve25519', - 'X25519': 'curve25519', - 'cv25519': 'curve25519', - /** @deprecated use `curve25519Legacy` instead */ - 'curve25519': 'curve25519', - 'Curve25519': 'curve25519', - '1.3.6.1.4.1.3029.1.5.1': 'curve25519', - '2b060104019755010501': 'curve25519', - '2B060104019755010501': 'curve25519', - - /** BrainpoolP256r1 Curve */ - 'brainpoolP256r1': 'brainpoolP256r1', - '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1', - '2b2403030208010107': 'brainpoolP256r1', - '2B2403030208010107': 'brainpoolP256r1', - - /** BrainpoolP384r1 Curve */ - 'brainpoolP384r1': 'brainpoolP384r1', - '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1', - '2b240303020801010b': 'brainpoolP384r1', - '2B240303020801010B': 'brainpoolP384r1', - - /** BrainpoolP512r1 Curve */ - 'brainpoolP512r1': 'brainpoolP512r1', - '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1', - '2b240303020801010d': 'brainpoolP512r1', - '2B240303020801010D': 'brainpoolP512r1' - }, - - /** A string to key specifier type - * @enum {Integer} - * @readonly - */ - s2k: { - simple: 0, - salted: 1, - iterated: 3, - gnu: 101 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} - * @enum {Integer} - * @readonly - */ - publicKey: { - /** RSA (Encrypt or Sign) [HAC] */ - rsaEncryptSign: 1, - /** RSA (Encrypt only) [HAC] */ - rsaEncrypt: 2, - /** RSA (Sign only) [HAC] */ - rsaSign: 3, - /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ - elgamal: 16, - /** DSA (Sign only) [FIPS186] [HAC] */ - dsa: 17, - /** ECDH (Encrypt only) [RFC6637] */ - ecdh: 18, - /** ECDSA (Sign only) [RFC6637] */ - ecdsa: 19, - /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) - * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility - /** @deprecated use `eddsaLegacy` instead */ - ed25519Legacy: 22, - /** @deprecated use `eddsaLegacy` instead */ - eddsa: 22, - /** Reserved for AEDH */ - aedh: 23, - /** Reserved for AEDSA */ - aedsa: 24, - /** X25519 (Encrypt only) */ - x25519: 25, - /** X448 (Encrypt only) */ - x448: 26, - /** Ed25519 (Sign only) */ - ed25519: 27, - /** Ed448 (Sign only) */ - ed448: 28 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} - * @enum {Integer} - * @readonly - */ - symmetric: { - plaintext: 0, - /** Not implemented! */ - idea: 1, - tripledes: 2, - cast5: 3, - blowfish: 4, - aes128: 7, - aes192: 8, - aes256: 9, - twofish: 10 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} - * @enum {Integer} - * @readonly - */ - compression: { - uncompressed: 0, - /** RFC1951 */ - zip: 1, - /** RFC1950 */ - zlib: 2, - bzip2: 3 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} - * @enum {Integer} - * @readonly - */ - hash: { - md5: 1, - sha1: 2, - ripemd: 3, - sha256: 8, - sha384: 9, - sha512: 10, - sha224: 11 - }, - - /** A list of hash names as accepted by webCrypto functions. - * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo} - * @enum {String} - */ - webHash: { - 'SHA-1': 2, - 'SHA-256': 8, - 'SHA-384': 9, - 'SHA-512': 10 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6} - * @enum {Integer} - * @readonly - */ - aead: { - eax: 1, - ocb: 2, - experimentalGCM: 100 // Private algorithm - }, - - /** A list of packet types and numeric tags associated with them. - * @enum {Integer} - * @readonly - */ - packet: { - publicKeyEncryptedSessionKey: 1, - signature: 2, - symEncryptedSessionKey: 3, - onePassSignature: 4, - secretKey: 5, - publicKey: 6, - secretSubkey: 7, - compressedData: 8, - symmetricallyEncryptedData: 9, - marker: 10, - literalData: 11, - trust: 12, - userID: 13, - publicSubkey: 14, - userAttribute: 17, - symEncryptedIntegrityProtectedData: 18, - modificationDetectionCode: 19, - aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 - }, - - /** Data types in the literal packet - * @enum {Integer} - * @readonly - */ - literal: { - /** Binary data 'b' */ - binary: 'b'.charCodeAt(), - /** Text data 't' */ - text: 't'.charCodeAt(), - /** Utf8 data 'u' */ - utf8: 'u'.charCodeAt(), - /** MIME message body part 'm' */ - mime: 'm'.charCodeAt() - }, - - - /** One pass signature packet type - * @enum {Integer} - * @readonly - */ - signature: { - /** 0x00: Signature of a binary document. */ - binary: 0, - /** 0x01: Signature of a canonical text document. - * - * Canonicalyzing the document by converting line endings. */ - text: 1, - /** 0x02: Standalone signature. - * - * This signature is a signature of only its own subpacket contents. - * It is calculated identically to a signature over a zero-lengh - * binary document. Note that it doesn't make sense to have a V3 - * standalone signature. */ - standalone: 2, - /** 0x10: Generic certification of a User ID and Public-Key packet. - * - * The issuer of this certification does not make any particular - * assertion as to how well the certifier has checked that the owner - * of the key is in fact the person described by the User ID. */ - certGeneric: 16, - /** 0x11: Persona certification of a User ID and Public-Key packet. - * - * The issuer of this certification has not done any verification of - * the claim that the owner of this key is the User ID specified. */ - certPersona: 17, - /** 0x12: Casual certification of a User ID and Public-Key packet. - * - * The issuer of this certification has done some casual - * verification of the claim of identity. */ - certCasual: 18, - /** 0x13: Positive certification of a User ID and Public-Key packet. - * - * The issuer of this certification has done substantial - * verification of the claim of identity. - * - * Most OpenPGP implementations make their "key signatures" as 0x10 - * certifications. Some implementations can issue 0x11-0x13 - * certifications, but few differentiate between the types. */ - certPositive: 19, - /** 0x30: Certification revocation signature - * - * This signature revokes an earlier User ID certification signature - * (signature class 0x10 through 0x13) or direct-key signature - * (0x1F). It should be issued by the same key that issued the - * revoked signature or an authorized revocation key. The signature - * is computed over the same data as the certificate that it - * revokes, and should have a later creation date than that - * certificate. */ - certRevocation: 48, - /** 0x18: Subkey Binding Signature - * - * This signature is a statement by the top-level signing key that - * indicates that it owns the subkey. This signature is calculated - * directly on the primary key and subkey, and not on any User ID or - * other packets. A signature that binds a signing subkey MUST have - * an Embedded Signature subpacket in this binding signature that - * contains a 0x19 signature made by the signing subkey on the - * primary key and subkey. */ - subkeyBinding: 24, - /** 0x19: Primary Key Binding Signature - * - * This signature is a statement by a signing subkey, indicating - * that it is owned by the primary key and subkey. This signature - * is calculated the same way as a 0x18 signature: directly on the - * primary key and subkey, and not on any User ID or other packets. - * - * When a signature is made over a key, the hash data starts with the - * octet 0x99, followed by a two-octet length of the key, and then body - * of the key packet. (Note that this is an old-style packet header for - * a key packet with two-octet length.) A subkey binding signature - * (type 0x18) or primary key binding signature (type 0x19) then hashes - * the subkey using the same format as the main key (also using 0x99 as - * the first octet). */ - keyBinding: 25, - /** 0x1F: Signature directly on a key - * - * This signature is calculated directly on a key. It binds the - * information in the Signature subpackets to the key, and is - * appropriate to be used for subpackets that provide information - * about the key, such as the Revocation Key subpacket. It is also - * appropriate for statements that non-self certifiers want to make - * about the key itself, rather than the binding between a key and a - * name. */ - key: 31, - /** 0x20: Key revocation signature - * - * The signature is calculated directly on the key being revoked. A - * revoked key is not to be used. Only revocation signatures by the - * key being revoked, or by an authorized revocation key, should be - * considered valid revocation signatures.a */ - keyRevocation: 32, - /** 0x28: Subkey revocation signature - * - * The signature is calculated directly on the subkey being revoked. - * A revoked subkey is not to be used. Only revocation signatures - * by the top-level signature key that is bound to this subkey, or - * by an authorized revocation key, should be considered valid - * revocation signatures. - * - * Key revocation signatures (types 0x20 and 0x28) - * hash only the key being revoked. */ - subkeyRevocation: 40, - /** 0x40: Timestamp signature. - * This signature is only meaningful for the timestamp contained in - * it. */ - timestamp: 64, - /** 0x50: Third-Party Confirmation signature. - * - * This signature is a signature over some other OpenPGP Signature - * packet(s). It is analogous to a notary seal on the signed data. - * A third-party signature SHOULD include Signature Target - * subpacket(s) to give easy identification. Note that we really do - * mean SHOULD. There are plausible uses for this (such as a blind - * party that only sees the signature, not the key or source - * document) that cannot include a target subpacket. */ - thirdParty: 80 - }, - - /** Signature subpacket type - * @enum {Integer} - * @readonly - */ - signatureSubpacket: { - signatureCreationTime: 2, - signatureExpirationTime: 3, - exportableCertification: 4, - trustSignature: 5, - regularExpression: 6, - revocable: 7, - keyExpirationTime: 9, - placeholderBackwardsCompatibility: 10, - preferredSymmetricAlgorithms: 11, - revocationKey: 12, - issuer: 16, - notationData: 20, - preferredHashAlgorithms: 21, - preferredCompressionAlgorithms: 22, - keyServerPreferences: 23, - preferredKeyServer: 24, - primaryUserID: 25, - policyURI: 26, - keyFlags: 27, - signersUserID: 28, - reasonForRevocation: 29, - features: 30, - signatureTarget: 31, - embeddedSignature: 32, - issuerFingerprint: 33, - preferredAEADAlgorithms: 34 - }, - - /** Key flags - * @enum {Integer} - * @readonly - */ - keyFlags: { - /** 0x01 - This key may be used to certify other keys. */ - certifyKeys: 1, - /** 0x02 - This key may be used to sign data. */ - signData: 2, - /** 0x04 - This key may be used to encrypt communications. */ - encryptCommunication: 4, - /** 0x08 - This key may be used to encrypt storage. */ - encryptStorage: 8, - /** 0x10 - The private component of this key may have been split - * by a secret-sharing mechanism. */ - splitPrivateKey: 16, - /** 0x20 - This key may be used for authentication. */ - authentication: 32, - /** 0x80 - The private component of this key may be in the - * possession of more than one person. */ - sharedPrivateKey: 128 - }, - - /** Armor type - * @enum {Integer} - * @readonly - */ - armor: { - multipartSection: 0, - multipartLast: 1, - signed: 2, - message: 3, - publicKey: 4, - privateKey: 5, - signature: 6 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23} - * @enum {Integer} - * @readonly - */ - reasonForRevocation: { - /** No reason specified (key revocations or cert revocations) */ - noReason: 0, - /** Key is superseded (key revocations) */ - keySuperseded: 1, - /** Key material has been compromised (key revocations) */ - keyCompromised: 2, - /** Key is retired and no longer used (key revocations) */ - keyRetired: 3, - /** User ID information is no longer valid (cert revocations) */ - userIDInvalid: 32 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25} - * @enum {Integer} - * @readonly - */ - features: { - /** 0x01 - Modification Detection (packets 18 and 19) */ - modificationDetection: 1, - /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5 - * Symmetric-Key Encrypted Session Key Packets (packet 3) */ - aead: 2, - /** 0x04 - Version 5 Public-Key Packet format and corresponding new - * fingerprint format */ - v5Keys: 4 - }, - - /** - * Asserts validity of given value and converts from string/integer to integer. - * @param {Object} type target enum type - * @param {String|Integer} e value to check and/or convert - * @returns {Integer} enum value if it exists - * @throws {Error} if the value is invalid - */ - write: function(type, e) { - if (typeof e === 'number') { - e = this.read(type, e); - } - - if (type[e] !== undefined) { - return type[e]; - } - - throw new Error('Invalid enum value.'); - }, - - /** - * Converts enum integer value to the corresponding string, if it exists. - * @param {Object} type target enum type - * @param {Integer} e value to convert - * @returns {String} name of enum value if it exists - * @throws {Error} if the value is invalid - */ - read: function(type, e) { - if (!type[byValue]) { - type[byValue] = []; - Object.entries(type).forEach(([key, value]) => { - type[byValue][value] = key; - }); - } - - if (type[byValue][e] !== undefined) { - return type[byValue][e]; - } - - throw new Error('Invalid enum value.'); - } -}; - -const debugMode = (() => { - try { - return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env - } catch (e) {} - return false; -})(); - -const util = { - isString: function(data) { - return typeof data === 'string' || data instanceof String; - }, - - isArray: function(data) { - return data instanceof Array; - }, - - isUint8Array: isUint8Array, - - isStream: isStream, - - readNumber: function (bytes) { - let n = 0; - for (let i = 0; i < bytes.length; i++) { - n += (256 ** i) * bytes[bytes.length - 1 - i]; - } - return n; - }, - - writeNumber: function (n, bytes) { - const b = new Uint8Array(bytes); - for (let i = 0; i < bytes; i++) { - b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF; - } - - return b; - }, - - readDate: function (bytes) { - const n = util.readNumber(bytes); - const d = new Date(n * 1000); - return d; - }, - - writeDate: function (time) { - const numeric = Math.floor(time.getTime() / 1000); - - return util.writeNumber(numeric, 4); - }, - - normalizeDate: function (time = Date.now()) { - return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000); - }, - - /** - * Read one MPI from bytes in input - * @param {Uint8Array} bytes - Input data to parse - * @returns {Uint8Array} Parsed MPI. - */ - readMPI: function (bytes) { - const bits = (bytes[0] << 8) | bytes[1]; - const bytelen = (bits + 7) >>> 3; - return bytes.subarray(2, 2 + bytelen); - }, - - /** - * Left-pad Uint8Array to length by adding 0x0 bytes - * @param {Uint8Array} bytes - Data to pad - * @param {Number} length - Padded length - * @returns {Uint8Array} Padded bytes. - */ - leftPad(bytes, length) { - const padded = new Uint8Array(length); - const offset = length - bytes.length; - padded.set(bytes, offset); - return padded; - }, - - /** - * Convert a Uint8Array to an MPI-formatted Uint8Array. - * @param {Uint8Array} bin - An array of 8-bit integers to convert - * @returns {Uint8Array} MPI-formatted Uint8Array. - */ - uint8ArrayToMPI: function (bin) { - const bitSize = util.uint8ArrayBitLength(bin); - if (bitSize === 0) { - throw new Error('Zero MPI'); - } - const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8)); - const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]); - return util.concatUint8Array([prefix, stripped]); - }, - - /** - * Return bit length of the input data - * @param {Uint8Array} bin input data (big endian) - * @returns bit length - */ - uint8ArrayBitLength: function (bin) { - let i; // index of leading non-zero byte - for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break; - if (i === bin.length) { - return 0; - } - const stripped = bin.subarray(i); - return (stripped.length - 1) * 8 + util.nbits(stripped[0]); - }, - - /** - * Convert a hex string to an array of 8-bit integers - * @param {String} hex - A hex string to convert - * @returns {Uint8Array} An array of 8-bit integers. - */ - hexToUint8Array: function (hex) { - const result = new Uint8Array(hex.length >> 1); - for (let k = 0; k < hex.length >> 1; k++) { - result[k] = parseInt(hex.substr(k << 1, 2), 16); - } - return result; - }, - - /** - * Convert an array of 8-bit integers to a hex string - * @param {Uint8Array} bytes - Array of 8-bit integers to convert - * @returns {String} Hexadecimal representation of the array. - */ - uint8ArrayToHex: function (bytes) { - const r = []; - const e = bytes.length; - let c = 0; - let h; - while (c < e) { - h = bytes[c++].toString(16); - while (h.length < 2) { - h = '0' + h; - } - r.push('' + h); - } - return r.join(''); - }, - - /** - * Convert a string to an array of 8-bit integers - * @param {String} str - String to convert - * @returns {Uint8Array} An array of 8-bit integers. - */ - stringToUint8Array: function (str) { - return transform(str, str => { - if (!util.isString(str)) { - throw new Error('stringToUint8Array: Data must be in the form of a string'); - } - - const result = new Uint8Array(str.length); - for (let i = 0; i < str.length; i++) { - result[i] = str.charCodeAt(i); - } - return result; - }); - }, - - /** - * Convert an array of 8-bit integers to a string - * @param {Uint8Array} bytes - An array of 8-bit integers to convert - * @returns {String} String representation of the array. - */ - uint8ArrayToString: function (bytes) { - bytes = new Uint8Array(bytes); - const result = []; - const bs = 1 << 14; - const j = bytes.length; - - for (let i = 0; i < j; i += bs) { - result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j))); - } - return result.join(''); - }, - - /** - * Convert a native javascript string to a Uint8Array of utf8 bytes - * @param {String|ReadableStream} str - The string to convert - * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes. - */ - encodeUTF8: function (str) { - const encoder = new TextEncoder('utf-8'); - // eslint-disable-next-line no-inner-declarations - function process(value, lastChunk = false) { - return encoder.encode(value, { stream: !lastChunk }); - } - return transform(str, process, () => process('', true)); - }, - - /** - * Convert a Uint8Array of utf8 bytes to a native javascript string - * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes - * @returns {String|ReadableStream} A native javascript string. - */ - decodeUTF8: function (utf8) { - const decoder = new TextDecoder('utf-8'); - // eslint-disable-next-line no-inner-declarations - function process(value, lastChunk = false) { - return decoder.decode(value, { stream: !lastChunk }); - } - return transform(utf8, process, () => process(new Uint8Array(), true)); - }, - - /** - * Concat a list of Uint8Arrays, Strings or Streams - * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams. - * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate - * @returns {Uint8Array|String|ReadableStream} Concatenated array. - */ - concat: concat, - - /** - * Concat Uint8Arrays - * @param {Array} Array - Of Uint8Arrays to concatenate - * @returns {Uint8Array} Concatenated array. - */ - concatUint8Array: concatUint8Array, - - /** - * Check Uint8Array equality - * @param {Uint8Array} array1 - First array - * @param {Uint8Array} array2 - Second array - * @returns {Boolean} Equality. - */ - equalsUint8Array: function (array1, array2) { - if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) { - throw new Error('Data must be in the form of a Uint8Array'); - } - - if (array1.length !== array2.length) { - return false; - } - - for (let i = 0; i < array1.length; i++) { - if (array1[i] !== array2[i]) { - return false; - } - } - return true; - }, - - /** - * Calculates a 16bit sum of a Uint8Array by adding each character - * codes modulus 65535 - * @param {Uint8Array} Uint8Array - To create a sum of - * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535. - */ - writeChecksum: function (text) { - let s = 0; - for (let i = 0; i < text.length; i++) { - s = (s + text[i]) & 0xFFFF; - } - return util.writeNumber(s, 2); - }, - - /** - * Helper function to print a debug message. Debug - * messages are only printed if - * @param {String} str - String of the debug message - */ - printDebug: function (str) { - if (debugMode) { - console.log('[OpenPGP.js debug]', str); - } - }, - - /** - * Helper function to print a debug error. Debug - * messages are only printed if - * @param {String} str - String of the debug message - */ - printDebugError: function (error) { - if (debugMode) { - console.error('[OpenPGP.js debug]', error); - } - }, - - // returns bit length of the integer x - nbits: function (x) { - let r = 1; - let t = x >>> 16; - if (t !== 0) { - x = t; - r += 16; - } - t = x >> 8; - if (t !== 0) { - x = t; - r += 8; - } - t = x >> 4; - if (t !== 0) { - x = t; - r += 4; - } - t = x >> 2; - if (t !== 0) { - x = t; - r += 2; - } - t = x >> 1; - if (t !== 0) { - x = t; - r += 1; - } - return r; - }, - - /** - * If S[1] == 0, then double(S) == (S[2..128] || 0); - * otherwise, double(S) == (S[2..128] || 0) xor - * (zeros(120) || 10000111). - * - * Both OCB and EAX (through CMAC) require this function to be constant-time. - * - * @param {Uint8Array} data - */ - double: function(data) { - const doubleVar = new Uint8Array(data.length); - const last = data.length - 1; - for (let i = 0; i < last; i++) { - doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7); - } - doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87); - return doubleVar; - }, - - /** - * Shift a Uint8Array to the right by n bits - * @param {Uint8Array} array - The array to shift - * @param {Integer} bits - Amount of bits to shift (MUST be smaller - * than 8) - * @returns {String} Resulting array. - */ - shiftRight: function (array, bits) { - if (bits) { - for (let i = array.length - 1; i >= 0; i--) { - array[i] >>= bits; - if (i > 0) { - array[i] |= (array[i - 1] << (8 - bits)); - } - } - } - return array; - }, - - /** - * Get native Web Cryptography api, only the current version of the spec. - * @returns {Object} The SubtleCrypto api or 'undefined'. - */ - getWebCrypto: function() { - return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; - }, - - /** - * Get BigInteger class - * It wraps the native BigInt type if it's available - * Otherwise it relies on bn.js - * @returns {BigInteger} - * @async - */ - getBigInteger, - - /** - * Get native Node.js crypto api. - * @returns {Object} The crypto module or 'undefined'. - */ - getNodeCrypto: function() { - return crypto__default['default']; - }, - - getNodeZlib: function() { - return zlib__default['default']; - }, - - /** - * Get native Node.js Buffer constructor. This should be used since - * Buffer is not available under browserify. - * @returns {Function} The Buffer constructor or 'undefined'. - */ - getNodeBuffer: function() { - return (buffer__default['default'] || {}).Buffer; - }, - - getHardwareConcurrency: function() { - if (typeof navigator !== 'undefined') { - return navigator.hardwareConcurrency || 1; - } - - const os = os__default['default']; // Assume we're on Node.js. - return os.cpus().length; - }, - - isEmailAddress: function(data) { - if (!util.isString(data)) { - return false; - } - const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/; - return re.test(data); - }, - - /** - * Normalize line endings to - * Support any encoding where CR=0x0D, LF=0x0A - */ - canonicalizeEOL: function(data) { - const CR = 13; - const LF = 10; - let carryOverCR = false; - - return transform(data, bytes => { - if (carryOverCR) { - bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]); - } - - if (bytes[bytes.length - 1] === CR) { - carryOverCR = true; - bytes = bytes.subarray(0, -1); - } else { - carryOverCR = false; - } - - let index; - const indices = []; - for (let i = 0; ; i = index) { - index = bytes.indexOf(LF, i) + 1; - if (index) { - if (bytes[index - 2] !== CR) indices.push(index); - } else { - break; - } - } - if (!indices.length) { - return bytes; - } - - const normalized = new Uint8Array(bytes.length + indices.length); - let j = 0; - for (let i = 0; i < indices.length; i++) { - const sub = bytes.subarray(indices[i - 1] || 0, indices[i]); - normalized.set(sub, j); - j += sub.length; - normalized[j - 1] = CR; - normalized[j] = LF; - j++; - } - normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j); - return normalized; - }, () => (carryOverCR ? new Uint8Array([CR]) : undefined)); - }, - - /** - * Convert line endings from canonicalized to native - * Support any encoding where CR=0x0D, LF=0x0A - */ - nativeEOL: function(data) { - const CR = 13; - const LF = 10; - let carryOverCR = false; - - return transform(data, bytes => { - if (carryOverCR && bytes[0] !== LF) { - bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]); - } else { - bytes = new Uint8Array(bytes); // Don't mutate passed bytes - } - - if (bytes[bytes.length - 1] === CR) { - carryOverCR = true; - bytes = bytes.subarray(0, -1); - } else { - carryOverCR = false; - } - - let index; - let j = 0; - for (let i = 0; i !== bytes.length; i = index) { - index = bytes.indexOf(CR, i) + 1; - if (!index) index = bytes.length; - const last = index - (bytes[index] === LF ? 1 : 0); - if (i) bytes.copyWithin(j, i, last); - j += last - i; - } - return bytes.subarray(0, j); - }, () => (carryOverCR ? new Uint8Array([CR]) : undefined)); - }, - - /** - * Remove trailing spaces, carriage returns and tabs from each line - */ - removeTrailingSpaces: function(text) { - return text.split('\n').map(line => { - let i = line.length - 1; - for (; i >= 0 && (line[i] === ' ' || line[i] === '\t' || line[i] === '\r'); i--); - return line.substr(0, i + 1); - }).join('\n'); - }, - - wrapError: function(message, error) { - if (!error) { - return new Error(message); - } - - // update error message - try { - error.message = message + ': ' + error.message; - } catch (e) {} - - return error; - }, - - /** - * Map allowed packet tags to corresponding classes - * Meant to be used to format `allowedPacket` for Packetlist.read - * @param {Array} allowedClasses - * @returns {Object} map from enum.packet to corresponding *Packet class - */ - constructAllowedPackets: function(allowedClasses) { - const map = {}; - allowedClasses.forEach(PacketClass => { - if (!PacketClass.tag) { - throw new Error('Invalid input: expected a packet class'); - } - map[PacketClass.tag] = PacketClass; - }); - return map; - }, - - /** - * Return a Promise that will resolve as soon as one of the promises in input resolves - * or will reject if all input promises all rejected - * (similar to Promise.any, but with slightly different error handling) - * @param {Array} promises - * @return {Promise} Promise resolving to the result of the fastest fulfilled promise - * or rejected with the Error of the last resolved Promise (if all promises are rejected) - */ - anyPromise: function(promises) { - // eslint-disable-next-line no-async-promise-executor - return new Promise(async (resolve, reject) => { - let exception; - await Promise.all(promises.map(async promise => { - try { - resolve(await promise); - } catch (e) { - exception = e; - } - })); - reject(exception); - }); - }, - - /** - * Return either `a` or `b` based on `cond`, in algorithmic constant time. - * @param {Boolean} cond - * @param {Uint8Array} a - * @param {Uint8Array} b - * @returns `a` if `cond` is true, `b` otherwise - */ - selectUint8Array: function(cond, a, b) { - const length = Math.max(a.length, b.length); - const result = new Uint8Array(length); - let end = 0; - for (let i = 0; i < result.length; i++) { - result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond)); - end += (cond & i < a.length) | ((1 - cond) & i < b.length); - } - return result.subarray(0, end); - }, - /** - * Return either `a` or `b` based on `cond`, in algorithmic constant time. - * NB: it only supports `a, b` with values between 0-255. - * @param {Boolean} cond - * @param {Uint8} a - * @param {Uint8} b - * @returns `a` if `cond` is true, `b` otherwise - */ - selectUint8: function(cond, a, b) { - return (a & (256 - cond)) | (b & (255 + cond)); - }, - /** - * @param {module:enums.symmetric} cipherAlgo - */ - isAES: function(cipherAlgo) { - return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256; - } -}; - -/* OpenPGP radix-64/base64 string encoding/decoding - * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de - * version 1.0, check www.haneWIN.de for the latest version - * - * This software is provided as-is, without express or implied warranty. - * Permission to use, copy, modify, distribute or sell this software, with or - * without fee, for any purpose and by any individual or organization, is hereby - * granted, provided that the above copyright notice and this paragraph appear - * in all copies. Distribution as a part of an application or binary must - * include the above copyright notice in the documentation and/or other materials - * provided with the application or distribution. - */ - -const Buffer = util.getNodeBuffer(); - -let encodeChunk; -let decodeChunk; -if (Buffer) { - encodeChunk = buf => Buffer.from(buf).toString('base64'); - decodeChunk = str => { - const b = Buffer.from(str, 'base64'); - return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); - }; -} else { - encodeChunk = buf => btoa(util.uint8ArrayToString(buf)); - decodeChunk = str => util.stringToUint8Array(atob(str)); -} - -/** - * Convert binary array to radix-64 - * @param {Uint8Array | ReadableStream} data - Uint8Array to convert - * @returns {String | ReadableStream} Radix-64 version of input string. - * @static - */ -function encode(data) { - let buf = new Uint8Array(); - return transform(data, value => { - buf = util.concatUint8Array([buf, value]); - const r = []; - const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64). - const lines = Math.floor(buf.length / bytesPerLine); - const bytes = lines * bytesPerLine; - const encoded = encodeChunk(buf.subarray(0, bytes)); - for (let i = 0; i < lines; i++) { - r.push(encoded.substr(i * 60, 60)); - r.push('\n'); - } - buf = buf.subarray(bytes); - return r.join(''); - }, () => (buf.length ? encodeChunk(buf) + '\n' : '')); -} - -/** - * Convert radix-64 to binary array - * @param {String | ReadableStream} data - Radix-64 string to convert - * @returns {Uint8Array | ReadableStream} Binary array version of input string. - * @static - */ -function decode(data) { - let buf = ''; - return transform(data, value => { - buf += value; - - // Count how many whitespace characters there are in buf - let spaces = 0; - const spacechars = [' ', '\t', '\r', '\n']; - for (let i = 0; i < spacechars.length; i++) { - const spacechar = spacechars[i]; - for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) { - spaces++; - } - } - - // Backtrack until we have 4n non-whitespace characters - // that we can safely base64-decode - let length = buf.length; - for (; length > 0 && (length - spaces) % 4 !== 0; length--) { - if (spacechars.includes(buf[length])) spaces--; - } - - const decoded = decodeChunk(buf.substr(0, length)); - buf = buf.substr(length); - return decoded; - }, () => decodeChunk(buf)); -} - -/** - * Convert a Base-64 encoded string an array of 8-bit integer - * - * Note: accepts both Radix-64 and URL-safe strings - * @param {String} base64 - Base-64 encoded string to convert - * @returns {Uint8Array} An array of 8-bit integers. - */ -function b64ToUint8Array(base64) { - return decode(base64.replace(/-/g, '+').replace(/_/g, '/')); -} - -/** - * Convert an array of 8-bit integer to a Base-64 encoded string - * @param {Uint8Array} bytes - An array of 8-bit integers to convert - * @param {bool} url - If true, output is URL-safe - * @returns {String} Base-64 encoded string. - */ -function uint8ArrayToB64(bytes, url) { - let encoded = encode(bytes).replace(/[\r\n]/g, ''); - if (url) { - encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); - } - return encoded; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -var config = { - /** - * @memberof module:config - * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} - */ - preferredHashAlgorithm: enums.hash.sha256, - /** - * @memberof module:config - * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} - */ - preferredSymmetricAlgorithm: enums.symmetric.aes256, - /** - * @memberof module:config - * @property {Integer} compression Default compression algorithm {@link module:enums.compression} - */ - preferredCompressionAlgorithm: enums.compression.uncompressed, - /** - * @memberof module:config - * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9 - */ - deflateLevel: 6, - - /** - * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07} - * @memberof module:config - * @property {Boolean} aeadProtect - */ - aeadProtect: false, - /** - * Default Authenticated Encryption with Additional Data (AEAD) encryption mode - * Only has an effect when aeadProtect is set to true. - * @memberof module:config - * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} - */ - preferredAEADAlgorithm: enums.aead.eax, - /** - * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode - * Only has an effect when aeadProtect is set to true. - * Must be an integer value from 0 to 56. - * @memberof module:config - * @property {Integer} aeadChunkSizeByte - */ - aeadChunkSizeByte: 12, - /** - * Use V5 keys. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @memberof module:config - * @property {Boolean} v5Keys - */ - v5Keys: false, - /** - * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: - * Iteration Count Byte for S2K (String to Key) - * @memberof module:config - * @property {Integer} s2kIterationCountByte - */ - s2kIterationCountByte: 224, - /** - * Allow decryption of messages without integrity protection. - * This is an **insecure** setting: - * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. - * - it enables downgrade attacks against integrity-protected messages. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedMessages - */ - allowUnauthenticatedMessages: false, - /** - * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to - * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible - * and deferring checking their integrity until the decrypted stream has been read in full. - * - * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedStream - */ - allowUnauthenticatedStream: false, - /** - * @memberof module:config - * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum - */ - checksumRequired: false, - /** - * Minimum RSA key size allowed for key generation and message signing, verification and encryption. - * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. - * @memberof module:config - * @property {Number} minRSABits - */ - minRSABits: 2047, - /** - * Work-around for rare GPG decryption bug when encrypting with multiple passwords. - * **Slower and slightly less secure** - * @memberof module:config - * @property {Boolean} passwordCollisionCheck - */ - passwordCollisionCheck: false, - /** - * @memberof module:config - * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored - */ - revocationsExpire: false, - /** - * Allow decryption using RSA keys without `encrypt` flag. - * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug - * where key flags were ignored when selecting a key for encryption. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureDecryptionWithSigningKeys: false, - /** - * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. - * Instead, a verification key will also be consider valid as long as it is valid at the current time. - * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, - * and have self-signature's creation date that does not match the primary key creation date. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureVerificationWithReformattedKeys: false, - - /** - * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). - * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: - * - new/incoming messages are automatically decrypted (without user interaction); - * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). - * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. - * @memberof module:config - * @property {Boolean} constantTimePKCS1Decryption - */ - constantTimePKCS1Decryption: false, - /** - * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. - * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. - * However, the more algorithms are added, the slower the decryption procedure becomes. - * @memberof module:config - * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} - */ - constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), - - /** - * @memberof module:config - * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available - */ - minBytesForWebCrypto: 1000, - /** - * @memberof module:config - * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error - */ - ignoreUnsupportedPackets: true, - /** - * @memberof module:config - * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error - */ - ignoreMalformedPackets: false, - /** - * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only - * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable - * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). - * @memberof module:config - * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] - */ - additionalAllowedPackets: [], - /** - * @memberof module:config - * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages - */ - showVersion: false, - /** - * @memberof module:config - * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages - */ - showComment: false, - /** - * @memberof module:config - * @property {String} versionString A version string to be included in armored messages - */ - versionString: 'OpenPGP.js 5.11.2', - /** - * @memberof module:config - * @property {String} commentString A comment string to be included in armored messages - */ - commentString: 'https://openpgpjs.org', - - /** - * Max userID string length (used for parsing) - * @memberof module:config - * @property {Integer} maxUserIDLength - */ - maxUserIDLength: 1024 * 5, - /** - * Contains notatations that are considered "known". Known notations do not trigger - * validation error when the notation is marked as critical. - * @memberof module:config - * @property {Array} knownNotations - */ - knownNotations: [], - /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. - * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. - * @memberof module:config - * @property {Boolean} useIndutnyElliptic - */ - useIndutnyElliptic: true, - /** - * Reject insecure hash algorithms - * @memberof module:config - * @property {Set} rejectHashAlgorithms {@link module:enums.hash} - */ - rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), - /** - * Reject insecure message hash algorithms - * @memberof module:config - * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} - */ - rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), - /** - * Reject insecure public key algorithms for key generation and message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} - */ - rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), - /** - * Reject non-standard curves for key generation, message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectCurves {@link module:enums.curve} - */ - rejectCurves: new Set([enums.curve.secp256k1]) -}; - -/** - * @fileoverview This object contains global configuration values. - * @see module:config/config - * @module config - */ - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Finds out which Ascii Armoring type is used. Throws error if unknown type. - * @param {String} text - ascii armored text - * @returns {Integer} 0 = MESSAGE PART n of m. - * 1 = MESSAGE PART n - * 2 = SIGNED MESSAGE - * 3 = PGP MESSAGE - * 4 = PUBLIC KEY BLOCK - * 5 = PRIVATE KEY BLOCK - * 6 = SIGNATURE - * @private - */ -function getType(text) { - const reHeader = /^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m; - - const header = text.match(reHeader); - - if (!header) { - throw new Error('Unknown ASCII armor type'); - } - - // BEGIN PGP MESSAGE, PART X/Y - // Used for multi-part messages, where the armor is split amongst Y - // parts, and this is the Xth part out of Y. - if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { - return enums.armor.multipartSection; - } else - // BEGIN PGP MESSAGE, PART X - // Used for multi-part messages, where this is the Xth part of an - // unspecified number of parts. Requires the MESSAGE-ID Armor - // Header to be used. - if (/MESSAGE, PART \d+/.test(header[1])) { - return enums.armor.multipartLast; - } else - // BEGIN PGP SIGNED MESSAGE - if (/SIGNED MESSAGE/.test(header[1])) { - return enums.armor.signed; - } else - // BEGIN PGP MESSAGE - // Used for signed, encrypted, or compressed files. - if (/MESSAGE/.test(header[1])) { - return enums.armor.message; - } else - // BEGIN PGP PUBLIC KEY BLOCK - // Used for armoring public keys. - if (/PUBLIC KEY BLOCK/.test(header[1])) { - return enums.armor.publicKey; - } else - // BEGIN PGP PRIVATE KEY BLOCK - // Used for armoring private keys. - if (/PRIVATE KEY BLOCK/.test(header[1])) { - return enums.armor.privateKey; - } else - // BEGIN PGP SIGNATURE - // Used for detached signatures, OpenPGP/MIME signatures, and - // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE - // for detached signatures. - if (/SIGNATURE/.test(header[1])) { - return enums.armor.signature; - } -} - -/** - * Add additional information to the armor version of an OpenPGP binary - * packet block. - * @author Alex - * @version 2011-12-16 - * @param {String} [customComment] - Additional comment to add to the armored string - * @returns {String} The header information. - * @private - */ -function addheader(customComment, config) { - let result = ''; - if (config.showVersion) { - result += 'Version: ' + config.versionString + '\n'; - } - if (config.showComment) { - result += 'Comment: ' + config.commentString + '\n'; - } - if (customComment) { - result += 'Comment: ' + customComment + '\n'; - } - result += '\n'; - return result; -} - - -/** - * Calculates a checksum over the given data and returns it base64 encoded - * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for - * @returns {String | ReadableStream} Base64 encoded checksum. - * @private - */ -function getCheckSum(data) { - const crc = createcrc24(data); - return encode(crc); -} - -// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview - -const crc_table = [ - new Array(0xFF), - new Array(0xFF), - new Array(0xFF), - new Array(0xFF) -]; - -for (let i = 0; i <= 0xFF; i++) { - let crc = i << 16; - for (let j = 0; j < 8; j++) { - crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0); - } - crc_table[0][i] = - ((crc & 0xFF0000) >> 16) | - (crc & 0x00FF00) | - ((crc & 0x0000FF) << 16); -} -for (let i = 0; i <= 0xFF; i++) { - crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF]; -} -for (let i = 0; i <= 0xFF; i++) { - crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF]; -} -for (let i = 0; i <= 0xFF; i++) { - crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF]; -} - -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness -const isLittleEndian = (function() { - const buffer = new ArrayBuffer(2); - new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */); - // Int16Array uses the platform's endianness. - return new Int16Array(buffer)[0] === 0xFF; -}()); - -/** - * Internal function to calculate a CRC-24 checksum over a given string (data) - * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for - * @returns {Uint8Array | ReadableStream} The CRC-24 checksum. - * @private - */ -function createcrc24(input) { - let crc = 0xCE04B7; - return transform(input, value => { - const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0; - const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32); - for (let i = 0; i < len32; i++) { - crc ^= arr32[i]; - crc = - crc_table[0][(crc >> 24) & 0xFF] ^ - crc_table[1][(crc >> 16) & 0xFF] ^ - crc_table[2][(crc >> 8) & 0xFF] ^ - crc_table[3][(crc >> 0) & 0xFF]; - } - for (let i = len32 * 4; i < value.length; i++) { - crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]]; - } - }, () => new Uint8Array([crc, crc >> 8, crc >> 16])); -} - -/** - * Verify armored headers. crypto-refresh-06, section 6.2: - * "An OpenPGP implementation may consider improperly formatted Armor - * Headers to be corruption of the ASCII Armor, but SHOULD make an - * effort to recover." - * @private - * @param {Array} headers - Armor headers - */ -function verifyHeaders(headers) { - for (let i = 0; i < headers.length; i++) { - if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { - util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); - } - if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) { - util.printDebugError(new Error('Unknown header: ' + headers[i])); - } - } -} - -/** - * Splits a message into two parts, the body and the checksum. This is an internal function - * @param {String} text - OpenPGP armored message part - * @returns {Object} An object with attribute "body" containing the body. - * and an attribute "checksum" containing the checksum. - * @private - */ -function splitChecksum(text) { - let body = text; - let checksum = ''; - - const lastEquals = text.lastIndexOf('='); - - if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum - body = text.slice(0, lastEquals); - checksum = text.slice(lastEquals + 1).substr(0, 4); - } - - return { body: body, checksum: checksum }; -} - -/** - * Dearmor an OpenPGP armored message; verify the checksum and return - * the encoded bytes - * @param {String} input - OpenPGP armored message - * @returns {Promise} An object with attribute "text" containing the message text, - * an attribute "data" containing a stream of bytes and "type" for the ASCII armor type - * @async - * @static - */ -function unarmor(input, config$1 = config) { - // eslint-disable-next-line no-async-promise-executor - return new Promise(async (resolve, reject) => { - try { - const reSplit = /^-----[^-]+-----$/m; - const reEmptyLine = /^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/; - - let type; - const headers = []; - let lastHeaders = headers; - let headersDone; - let text = []; - let textDone; - let checksum; - let data = decode(transformPair(input, async (readable, writable) => { - const reader = getReader(readable); - try { - while (true) { - let line = await reader.readLine(); - if (line === undefined) { - throw new Error('Misformed armored text'); - } - // remove trailing whitespace at end of lines - line = util.removeTrailingSpaces(line.replace(/[\r\n]/g, '')); - if (!type) { - if (reSplit.test(line)) { - type = getType(line); - } - } else if (!headersDone) { - if (reSplit.test(line)) { - reject(new Error('Mandatory blank line missing between armor headers and armor data')); - } - if (!reEmptyLine.test(line)) { - lastHeaders.push(line); - } else { - verifyHeaders(lastHeaders); - headersDone = true; - if (textDone || type !== 2) { - resolve({ text, data, headers, type }); - break; - } - } - } else if (!textDone && type === 2) { - if (!reSplit.test(line)) { - // Reverse dash-escaping for msg - text.push(line.replace(/^- /, '')); - } else { - text = text.join('\r\n'); - textDone = true; - verifyHeaders(lastHeaders); - lastHeaders = []; - headersDone = false; - } - } - } - } catch (e) { - reject(e); - return; - } - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const { done, value } = await reader.read(); - if (done) { - throw new Error('Misformed armored text'); - } - const line = value + ''; - if (line.indexOf('=') === -1 && line.indexOf('-') === -1) { - await writer.write(line); - } else { - let remainder = await reader.readToEnd(); - if (!remainder.length) remainder = ''; - remainder = line + remainder; - remainder = util.removeTrailingSpaces(remainder.replace(/\r/g, '')); - const parts = remainder.split(reSplit); - if (parts.length === 1) { - throw new Error('Misformed armored text'); - } - const split = splitChecksum(parts[0].slice(0, -1)); - checksum = split.checksum; - await writer.write(split.body); - break; - } - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - })); - data = transformPair(data, async (readable, writable) => { - const checksumVerified = readToEnd(getCheckSum(passiveClone(readable))); - checksumVerified.catch(() => {}); - await pipe(readable, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - const checksumVerifiedString = (await checksumVerified).replace('\n', ''); - if (checksum !== checksumVerifiedString && (checksum || config$1.checksumRequired)) { - throw new Error('Ascii armor integrity check failed'); - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); - } catch (e) { - reject(e); - } - }).then(async result => { - if (isArrayStream(result.data)) { - result.data = await readToEnd(result.data); - } - return result; - }); -} - - -/** - * Armor an OpenPGP binary packet block - * @param {module:enums.armor} messageType - Type of the message - * @param {Uint8Array | ReadableStream} body - The message body to armor - * @param {Integer} [partIndex] - * @param {Integer} [partTotal] - * @param {String} [customComment] - Additional comment to add to the armored string - * @returns {String | ReadableStream} Armored text. - * @static - */ -function armor(messageType, body, partIndex, partTotal, customComment, config$1 = config) { - let text; - let hash; - if (messageType === enums.armor.signed) { - text = body.text; - hash = body.hash; - body = body.data; - } - const bodyClone = passiveClone(body); - const result = []; - switch (messageType) { - case enums.armor.multipartSection: - result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); - break; - case enums.armor.multipartLast: - result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); - break; - case enums.armor.signed: - result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); - result.push('Hash: ' + hash + '\n\n'); - result.push(text.replace(/^-/mg, '- -')); - result.push('\n-----BEGIN PGP SIGNATURE-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP SIGNATURE-----\n'); - break; - case enums.armor.message: - result.push('-----BEGIN PGP MESSAGE-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP MESSAGE-----\n'); - break; - case enums.armor.publicKey: - result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); - break; - case enums.armor.privateKey: - result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); - break; - case enums.armor.signature: - result.push('-----BEGIN PGP SIGNATURE-----\n'); - result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); - result.push('-----END PGP SIGNATURE-----\n'); - break; - } - - return util.concat(result); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of type key id - * - * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: - * A Key ID is an eight-octet scalar that identifies a key. - * Implementations SHOULD NOT assume that Key IDs are unique. The - * section "Enhanced Key Formats" below describes how Key IDs are - * formed. - */ -class KeyID { - constructor() { - this.bytes = ''; - } - - /** - * Parsing method for a key id - * @param {Uint8Array} bytes - Input to read the key id from - */ - read(bytes) { - this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); - return this.bytes.length; - } - - /** - * Serializes the Key ID - * @returns {Uint8Array} Key ID as a Uint8Array. - */ - write() { - return util.stringToUint8Array(this.bytes); - } - - /** - * Returns the Key ID represented as a hexadecimal string - * @returns {String} Key ID as a hexadecimal string. - */ - toHex() { - return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); - } - - /** - * Checks equality of Key ID's - * @param {KeyID} keyID - * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard - */ - equals(keyID, matchWildcard = false) { - return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; - } - - /** - * Checks to see if the Key ID is unset - * @returns {Boolean} True if the Key ID is null. - */ - isNull() { - return this.bytes === ''; - } - - /** - * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) - * @returns {Boolean} True if this is a wildcard Key ID. - */ - isWildcard() { - return /^0+$/.test(this.toHex()); - } - - static mapToHex(keyID) { - return keyID.toHex(); - } - - static fromID(hex) { - const keyID = new KeyID(); - keyID.read(util.hexToUint8Array(hex)); - return keyID; - } - - static wildcard() { - const keyID = new KeyID(); - keyID.read(new Uint8Array(8)); - return keyID; - } -} - -/** - * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}. - * @author Artem S Vybornov - * @license MIT - */ -var AES_asm = function () { - - /** - * Galois Field stuff init flag - */ - var ginit_done = false; - - /** - * Galois Field exponentiation and logarithm tables for 3 (the generator) - */ - var gexp3, glog3; - - /** - * Init Galois Field tables - */ - function ginit() { - gexp3 = [], - glog3 = []; - - var a = 1, c, d; - for (c = 0; c < 255; c++) { - gexp3[c] = a; - - // Multiply by three - d = a & 0x80, a <<= 1, a &= 255; - if (d === 0x80) a ^= 0x1b; - a ^= gexp3[c]; - - // Set the log table value - glog3[gexp3[c]] = c; - } - gexp3[255] = gexp3[0]; - glog3[0] = 0; - - ginit_done = true; - } - - /** - * Galois Field multiplication - * @param {number} a - * @param {number} b - * @return {number} - */ - function gmul(a, b) { - var c = gexp3[(glog3[a] + glog3[b]) % 255]; - if (a === 0 || b === 0) c = 0; - return c; - } - - /** - * Galois Field reciprocal - * @param {number} a - * @return {number} - */ - function ginv(a) { - var i = gexp3[255 - glog3[a]]; - if (a === 0) i = 0; - return i; - } - - /** - * AES stuff init flag - */ - var aes_init_done = false; - - /** - * Encryption, Decryption, S-Box and KeyTransform tables - * - * @type {number[]} - */ - var aes_sbox; - - /** - * @type {number[]} - */ - var aes_sinv; - - /** - * @type {number[][]} - */ - var aes_enc; - - /** - * @type {number[][]} - */ - var aes_dec; - - /** - * Init AES tables - */ - function aes_init() { - if (!ginit_done) ginit(); - - // Calculates AES S-Box value - function _s(a) { - var c, s, x; - s = x = ginv(a); - for (c = 0; c < 4; c++) { - s = ((s << 1) | (s >>> 7)) & 255; - x ^= s; - } - x ^= 99; - return x; - } - - // Tables - aes_sbox = [], - aes_sinv = [], - aes_enc = [[], [], [], []], - aes_dec = [[], [], [], []]; - - for (var i = 0; i < 256; i++) { - var s = _s(i); - - // S-Box and its inverse - aes_sbox[i] = s; - aes_sinv[s] = i; - - // Ecryption and Decryption tables - aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s); - aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i); - // Rotate tables - for (var t = 1; t < 4; t++) { - aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24); - aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24); - } - } - - aes_init_done = true; - } - - /** - * Asm.js module constructor. - * - *

- * Heap buffer layout by offset: - * 

-   * 0x0000   encryption key schedule
-   * 0x0400   decryption key schedule
-   * 0x0800   sbox
-   * 0x0c00   inv sbox
-   * 0x1000   encryption tables
-   * 0x2000   decryption tables
-   * 0x3000   reserved (future GCM multiplication lookup table)
-   * 0x4000   data
-   *
- * Don't touch anything before 0x400. - *

- * - * @alias AES_asm - * @class - * @param foreign - ignored - * @param buffer - heap buffer to link with - */ - var wrapper = function (foreign, buffer) { - // Init AES stuff for the first time - if (!aes_init_done) aes_init(); - - // Fill up AES tables - var heap = new Uint32Array(buffer); - heap.set(aes_sbox, 0x0800 >> 2); - heap.set(aes_sinv, 0x0c00 >> 2); - for (var i = 0; i < 4; i++) { - heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2); - heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2); - } - - /** - * Calculate AES key schedules. - * @instance - * @memberof AES_asm - * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly) - * @param {number} k0 - key vector components - * @param {number} k1 - key vector components - * @param {number} k2 - key vector components - * @param {number} k3 - key vector components - * @param {number} k4 - key vector components - * @param {number} k5 - key vector components - * @param {number} k6 - key vector components - * @param {number} k7 - key vector components - */ - function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) { - var ekeys = heap.subarray(0x000, 60), - dkeys = heap.subarray(0x100, 0x100 + 60); - - // Encryption key schedule - ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]); - for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) { - var k = ekeys[i - 1]; - if ((i % ks === 0) || (ks === 8 && i % ks === 4)) { - k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255]; - } - if (i % ks === 0) { - k = (k << 8) ^ (k >>> 24) ^ (rcon << 24); - rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0); - } - ekeys[i] = ekeys[i - ks] ^ k; - } - - // Decryption key schedule - for (var j = 0; j < i; j += 4) { - for (var jj = 0; jj < 4; jj++) { - var k = ekeys[i - (4 + j) + (4 - jj) % 4]; - if (j < 4 || j >= i - 4) { - dkeys[j + jj] = k; - } else { - dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]] - ^ aes_dec[1][aes_sbox[k >>> 16 & 255]] - ^ aes_dec[2][aes_sbox[k >>> 8 & 255]] - ^ aes_dec[3][aes_sbox[k & 255]]; - } - } - } - - // Set rounds number - asm.set_rounds(ks + 5); - } - - // create library object with necessary properties - var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array}; - - var asm = function (stdlib, foreign, buffer) { - "use asm"; - - var S0 = 0, S1 = 0, S2 = 0, S3 = 0, - I0 = 0, I1 = 0, I2 = 0, I3 = 0, - N0 = 0, N1 = 0, N2 = 0, N3 = 0, - M0 = 0, M1 = 0, M2 = 0, M3 = 0, - H0 = 0, H1 = 0, H2 = 0, H3 = 0, - R = 0; - - var HEAP = new stdlib.Uint32Array(buffer), - DATA = new stdlib.Uint8Array(buffer); - - /** - * AES core - * @param {number} k - precomputed key schedule offset - * @param {number} s - precomputed sbox table offset - * @param {number} t - precomputed round table offset - * @param {number} r - number of inner rounds to perform - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _core(k, s, t, r, x0, x1, x2, x3) { - k = k | 0; - s = s | 0; - t = t | 0; - r = r | 0; - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t1 = 0, t2 = 0, t3 = 0, - y0 = 0, y1 = 0, y2 = 0, y3 = 0, - i = 0; - - t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00; - - // round 0 - x0 = x0 ^ HEAP[(k | 0) >> 2], - x1 = x1 ^ HEAP[(k | 4) >> 2], - x2 = x2 ^ HEAP[(k | 8) >> 2], - x3 = x3 ^ HEAP[(k | 12) >> 2]; - - // round 1..r - for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) { - y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - x0 = y0, x1 = y1, x2 = y2, x3 = y3; - } - - // final round - S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - } - - /** - * ECB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - x0, - x1, - x2, - x3 - ); - } - - /** - * ECB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - } - - - /** - * CBC mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0 ^ x0, - I1 ^ x1, - I2 ^ x2, - I3 ^ x3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - } - - /** - * CBC mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - - S0 = S0 ^ I0, - S1 = S1 ^ I1, - S2 = S2 ^ I2, - S3 = S3 ^ I3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * CFB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0 = S0 ^ x0, - I1 = S1 = S1 ^ x1, - I2 = S2 = S2 ^ x2, - I3 = S3 = S3 ^ x3; - } - - - /** - * CFB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * OFB mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ofb(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - } - - /** - * CTR mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ctr(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - N0, - N1, - N2, - N3 - ); - - N3 = (~M3 & N3) | M3 & (N3 + 1); - N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0)); - N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0)); - N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0)); - - S0 = S0 ^ x0; - S1 = S1 ^ x1; - S2 = S2 ^ x2; - S3 = S3 ^ x3; - } - - /** - * GCM mode MAC calculation - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _gcm_mac(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var y0 = 0, y1 = 0, y2 = 0, y3 = 0, - z0 = 0, z1 = 0, z2 = 0, z3 = 0, - i = 0, c = 0; - - x0 = x0 ^ I0, - x1 = x1 ^ I1, - x2 = x2 ^ I2, - x3 = x3 ^ I3; - - y0 = H0 | 0, - y1 = H1 | 0, - y2 = H2 | 0, - y3 = H3 | 0; - - for (; (i | 0) < 128; i = (i + 1) | 0) { - if (y0 >>> 31) { - z0 = z0 ^ x0, - z1 = z1 ^ x1, - z2 = z2 ^ x2, - z3 = z3 ^ x3; - } - - y0 = (y0 << 1) | (y1 >>> 31), - y1 = (y1 << 1) | (y2 >>> 31), - y2 = (y2 << 1) | (y3 >>> 31), - y3 = (y3 << 1); - - c = x3 & 1; - - x3 = (x3 >>> 1) | (x2 << 31), - x2 = (x2 >>> 1) | (x1 << 31), - x1 = (x1 >>> 1) | (x0 << 31), - x0 = (x0 >>> 1); - - if (c) x0 = x0 ^ 0xe1000000; - } - - I0 = z0, - I1 = z1, - I2 = z2, - I3 = z3; - } - - /** - * Set the internal rounds number. - * @instance - * @memberof AES_asm - * @param {number} r - number if inner AES rounds - */ - function set_rounds(r) { - r = r | 0; - R = r; - } - - /** - * Populate the internal state of the module. - * @instance - * @memberof AES_asm - * @param {number} s0 - state vector - * @param {number} s1 - state vector - * @param {number} s2 - state vector - * @param {number} s3 - state vector - */ - function set_state(s0, s1, s2, s3) { - s0 = s0 | 0; - s1 = s1 | 0; - s2 = s2 | 0; - s3 = s3 | 0; - - S0 = s0, - S1 = s1, - S2 = s2, - S3 = s3; - } - - /** - * Populate the internal iv of the module. - * @instance - * @memberof AES_asm - * @param {number} i0 - iv vector - * @param {number} i1 - iv vector - * @param {number} i2 - iv vector - * @param {number} i3 - iv vector - */ - function set_iv(i0, i1, i2, i3) { - i0 = i0 | 0; - i1 = i1 | 0; - i2 = i2 | 0; - i3 = i3 | 0; - - I0 = i0, - I1 = i1, - I2 = i2, - I3 = i3; - } - - /** - * Set nonce for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} n0 - nonce vector - * @param {number} n1 - nonce vector - * @param {number} n2 - nonce vector - * @param {number} n3 - nonce vector - */ - function set_nonce(n0, n1, n2, n3) { - n0 = n0 | 0; - n1 = n1 | 0; - n2 = n2 | 0; - n3 = n3 | 0; - - N0 = n0, - N1 = n1, - N2 = n2, - N3 = n3; - } - - /** - * Set counter mask for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} m0 - counter mask vector - * @param {number} m1 - counter mask vector - * @param {number} m2 - counter mask vector - * @param {number} m3 - counter mask vector - */ - function set_mask(m0, m1, m2, m3) { - m0 = m0 | 0; - m1 = m1 | 0; - m2 = m2 | 0; - m3 = m3 | 0; - - M0 = m0, - M1 = m1, - M2 = m2, - M3 = m3; - } - - /** - * Set counter for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} c0 - counter vector - * @param {number} c1 - counter vector - * @param {number} c2 - counter vector - * @param {number} c3 - counter vector - */ - function set_counter(c0, c1, c2, c3) { - c0 = c0 | 0; - c1 = c1 | 0; - c2 = c2 | 0; - c3 = c3 | 0; - - N3 = (~M3 & N3) | M3 & c3, - N2 = (~M2 & N2) | M2 & c2, - N1 = (~M1 & N1) | M1 & c1, - N0 = (~M0 & N0) | M0 & c0; - } - - /** - * Store the internal state vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_state(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - return 16; - } - - /** - * Store the internal iv vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_iv(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = I0 >>> 24, - DATA[pos | 1] = I0 >>> 16 & 255, - DATA[pos | 2] = I0 >>> 8 & 255, - DATA[pos | 3] = I0 & 255, - DATA[pos | 4] = I1 >>> 24, - DATA[pos | 5] = I1 >>> 16 & 255, - DATA[pos | 6] = I1 >>> 8 & 255, - DATA[pos | 7] = I1 & 255, - DATA[pos | 8] = I2 >>> 24, - DATA[pos | 9] = I2 >>> 16 & 255, - DATA[pos | 10] = I2 >>> 8 & 255, - DATA[pos | 11] = I2 & 255, - DATA[pos | 12] = I3 >>> 24, - DATA[pos | 13] = I3 >>> 16 & 255, - DATA[pos | 14] = I3 >>> 8 & 255, - DATA[pos | 15] = I3 & 255; - - return 16; - } - - /** - * GCM initialization. - * @instance - * @memberof AES_asm - */ - function gcm_init() { - _ecb_enc(0, 0, 0, 0); - H0 = S0, - H1 = S1, - H2 = S2, - H3 = S3; - } - - /** - * Perform ciphering operation on the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function cipher(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; - - var ret = 0; - - if (pos & 15) return -1; - - while ((len | 0) >= 16) { - _cipher_modes[mode & 7]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } - - return ret | 0; - } - - /** - * Calculates MAC of the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function mac(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; - - var ret = 0; - - if (pos & 15) return -1; - - while ((len | 0) >= 16) { - _mac_modes[mode & 1]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } - - return ret | 0; - } - - /** - * AES cipher modes table (virual methods) - */ - var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr]; - - /** - * AES MAC modes table (virual methods) - */ - var _mac_modes = [_cbc_enc, _gcm_mac]; - - /** - * Asm.js module exports - */ - return { - set_rounds: set_rounds, - set_state: set_state, - set_iv: set_iv, - set_nonce: set_nonce, - set_mask: set_mask, - set_counter: set_counter, - get_state: get_state, - get_iv: get_iv, - gcm_init: gcm_init, - cipher: cipher, - mac: mac, - }; - }(stdlib, foreign, buffer); - - asm.set_key = set_key; - - return asm; - }; - - /** - * AES enciphering mode constants - * @enum {number} - * @const - */ - wrapper.ENC = { - ECB: 0, - CBC: 2, - CFB: 4, - OFB: 6, - CTR: 7, - }, - - /** - * AES deciphering mode constants - * @enum {number} - * @const - */ - wrapper.DEC = { - ECB: 1, - CBC: 3, - CFB: 5, - OFB: 6, - CTR: 7, - }, - - /** - * AES MAC mode constants - * @enum {number} - * @const - */ - wrapper.MAC = { - CBC: 0, - GCM: 1, - }; - - /** - * Heap data offset - * @type {number} - * @const - */ - wrapper.HEAP_DATA = 0x4000; - - return wrapper; -}(); - -function is_bytes(a) { - return a instanceof Uint8Array; -} -function _heap_init(heap, heapSize) { - const size = heap ? heap.byteLength : heapSize || 65536; - if (size & 0xfff || size <= 0) - throw new Error('heap size must be a positive integer and a multiple of 4096'); - heap = heap || new Uint8Array(new ArrayBuffer(size)); - return heap; -} -function _heap_write(heap, hpos, data, dpos, dlen) { - const hlen = heap.length - hpos; - const wlen = hlen < dlen ? hlen : dlen; - heap.set(data.subarray(dpos, dpos + wlen), hpos); - return wlen; -} -function joinBytes(...arg) { - const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0); - const ret = new Uint8Array(totalLenght); - let cursor = 0; - for (let i = 0; i < arg.length; i++) { - ret.set(arg[i], cursor); - cursor += arg[i].length; - } - return ret; -} - -class IllegalStateError extends Error { - constructor(...args) { - super(...args); - } -} -class IllegalArgumentError extends Error { - constructor(...args) { - super(...args); - } -} -class SecurityError extends Error { - constructor(...args) { - super(...args); - } -} - -const heap_pool = []; -const asm_pool = []; -class AES { - constructor(key, iv, padding = true, mode, heap, asm) { - this.pos = 0; - this.len = 0; - this.mode = mode; - // The AES object state - this.pos = 0; - this.len = 0; - this.key = key; - this.iv = iv; - this.padding = padding; - // The AES "worker" - this.acquire_asm(heap, asm); - } - acquire_asm(heap, asm) { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA); - this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer); - this.reset(this.key, this.iv); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool.push(this.heap); - asm_pool.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - reset(key, iv) { - const { asm } = this.acquire_asm(); - // Key - const keylen = key.length; - if (keylen !== 16 && keylen !== 24 && keylen !== 32) - throw new IllegalArgumentError('illegal key size'); - const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength); - asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0); - // IV - if (iv !== undefined) { - if (iv.length !== 16) - throw new IllegalArgumentError('illegal iv size'); - let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); - asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12)); - } - else { - asm.set_iv(0, 0, 0, 0); - } - } - AES_Encrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - let result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.pos = pos; - this.len = len; - return result; - } - AES_Encrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let plen = 16 - (len % 16); - let rlen = len; - if (this.hasOwnProperty('padding')) { - if (this.padding) { - for (let p = 0; p < plen; ++p) { - heap[pos + len + p] = plen; - } - len += plen; - rlen = len; - } - else if (len % 16) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - } - else { - len += plen; - } - const result = new Uint8Array(rlen); - if (len) - asm.cipher(amode, hpos + pos, len); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - AES_Decrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let plen = 0; - let wlen = 0; - if (this.padding) { - plen = len + dlen - rlen || 16; - rlen -= plen; - } - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0)); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.pos = pos; - this.len = len; - return result; - } - AES_Decrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let rlen = len; - if (len > 0) { - if (len % 16) { - if (this.hasOwnProperty('padding')) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - else { - len += 16 - (len % 16); - } - } - asm.cipher(amode, hpos + pos, len); - if (this.hasOwnProperty('padding') && this.padding) { - let pad = heap[pos + rlen - 1]; - if (pad < 1 || pad > 16 || pad > rlen) - throw new SecurityError('bad padding'); - let pcheck = 0; - for (let i = pad; i > 1; i--) - pcheck |= pad ^ heap[pos + rlen - i]; - if (pcheck) - throw new SecurityError('bad padding'); - rlen -= pad; - } - } - const result = new Uint8Array(rlen); - if (rlen > 0) { - result.set(heap.subarray(pos, pos + rlen)); - } - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } -} - -class AES_ECB { - static encrypt(data, key, padding = false) { - return new AES_ECB(key, padding).encrypt(data); - } - static decrypt(data, key, padding = false) { - return new AES_ECB(key, padding).decrypt(data); - } - constructor(key, padding = false, aes) { - this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * Javascript AES implementation. - * This is used as fallback if the native Crypto APIs are not available. - */ -function aes(length) { - const C = function(key) { - const aesECB = new AES_ECB(key); - - this.encrypt = function(block) { - return aesECB.encrypt(block); - }; - - this.decrypt = function(block) { - return aesECB.decrypt(block); - }; - }; - - C.blockSize = C.prototype.blockSize = 16; - C.keySize = C.prototype.keySize = length / 8; - - return C; -} - -//Paul Tero, July 2001 -//http://www.tero.co.uk/des/ -// -//Optimised for performance with large blocks by Michael Hayworth, November 2001 -//http://www.netdealing.com -// -// Modified by Recurity Labs GmbH - -//THIS SOFTWARE IS PROVIDED "AS IS" AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. - -//des -//this takes the key, the message, and whether to encrypt or decrypt - -function des(keys, message, encrypt, mode, iv, padding) { - //declaring this locally speeds things up a bit - const spfunction1 = [ - 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, - 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, - 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, - 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, - 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, - 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 - ]; - const spfunction2 = [ - -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, - 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - -0x7fef7fe0, 0x108000 - ]; - const spfunction3 = [ - 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, - 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, - 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, - 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, - 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, - 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 - ]; - const spfunction4 = [ - 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, - 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, - 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, - 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, - 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 - ]; - const spfunction5 = [ - 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, - 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, - 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, - 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, - 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, - 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, - 0x40080000, 0x2080100, 0x40000100 - ]; - const spfunction6 = [ - 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, - 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, - 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, - 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, - 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, - 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 - ]; - const spfunction7 = [ - 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, - 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, - 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, - 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, - 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, - 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 - ]; - const spfunction8 = [ - 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, - 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, - 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, - 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, - 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 - ]; - - //create the 16 or 48 subkeys we will need - let m = 0; - let i; - let j; - let temp; - let right1; - let right2; - let left; - let right; - let looping; - let cbcleft; - let cbcleft2; - let cbcright; - let cbcright2; - let endloop; - let loopinc; - let len = message.length; - - //set up the loops for single and triple des - const iterations = keys.length === 32 ? 3 : 9; //single or triple des - if (iterations === 3) { - looping = encrypt ? [0, 32, 2] : [30, -2, -2]; - } else { - looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; - } - - //pad the message depending on the padding parameter - //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt - if (encrypt) { - message = desAddPadding(message, padding); - len = message.length; - } - - //store the result here - let result = new Uint8Array(len); - let k = 0; - - if (mode === 1) { //CBC mode - cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - m = 0; - } - - //loop through each 64 bit chunk of the message - while (m < len) { - left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - left ^= cbcleft; - right ^= cbcright; - } else { - cbcleft2 = cbcleft; - cbcright2 = cbcright; - cbcleft = left; - cbcright = right; - } - } - - //first each 64 but chunk of the message must be permuted according to IP - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - - left = ((left << 1) | (left >>> 31)); - right = ((right << 1) | (right >>> 31)); - - //do this either 1 or 3 times for each chunk of the message - for (j = 0; j < iterations; j += 3) { - endloop = looping[j + 1]; - loopinc = looping[j + 2]; - //now go through and perform the encryption or decryption - for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency - right1 = right ^ keys[i]; - right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; - //the result is attained by passing these bytes through the S selection functions - temp = left; - left = right; - right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> - 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & - 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); - } - temp = left; - left = right; - right = temp; //unreverse left and right - } //for either 1 or 3 iterations - - //move then each one bit to the right - left = ((left >>> 1) | (left << 31)); - right = ((right >>> 1) | (right << 31)); - - //now perform IP-1, which is IP in the opposite direction - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - cbcleft = left; - cbcright = right; - } else { - left ^= cbcleft2; - right ^= cbcright2; - } - } - - result[k++] = (left >>> 24); - result[k++] = ((left >>> 16) & 0xff); - result[k++] = ((left >>> 8) & 0xff); - result[k++] = (left & 0xff); - result[k++] = (right >>> 24); - result[k++] = ((right >>> 16) & 0xff); - result[k++] = ((right >>> 8) & 0xff); - result[k++] = (right & 0xff); - } //for every 8 characters, or 64 bits in the message - - //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt - if (!encrypt) { - result = desRemovePadding(result, padding); - } - - return result; -} //end of des - - -//desCreateKeys -//this takes as input a 64 bit key (even though only 56 bits are used) -//as an array of 2 integers, and returns 16 48 bit keys - -function desCreateKeys(key) { - //declaring this locally speeds things up a bit - const pc2bytes0 = [ - 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, - 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 - ]; - const pc2bytes1 = [ - 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, - 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 - ]; - const pc2bytes2 = [ - 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, - 0x1000000, 0x1000008, 0x1000800, 0x1000808 - ]; - const pc2bytes3 = [ - 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, - 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 - ]; - const pc2bytes4 = [ - 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, - 0x41000, 0x1010, 0x41010 - ]; - const pc2bytes5 = [ - 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, - 0x2000000, 0x2000400, 0x2000020, 0x2000420 - ]; - const pc2bytes6 = [ - 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, - 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 - ]; - const pc2bytes7 = [ - 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, - 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 - ]; - const pc2bytes8 = [ - 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, - 0x2000002, 0x2040002, 0x2000002, 0x2040002 - ]; - const pc2bytes9 = [ - 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, - 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 - ]; - const pc2bytes10 = [ - 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, - 0x102000, 0x102020, 0x102000, 0x102020 - ]; - const pc2bytes11 = [ - 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, - 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 - ]; - const pc2bytes12 = [ - 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, - 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 - ]; - const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; - - //how many iterations (1 for des, 3 for triple des) - const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys - //stores the return keys - const keys = new Array(32 * iterations); - //now define the left shifts which need to be done - const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - //other variables - let lefttemp; - let righttemp; - let m = 0; - let n = 0; - let temp; - - for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations - let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 2) ^ right) & 0x33333333; - right ^= temp; - left ^= (temp << 2); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - - //the right side needs to be shifted and to get the last four bits of the left side - temp = (left << 8) | ((right >>> 20) & 0x000000f0); - //left needs to be put upside down - left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); - right = temp; - - //now go through and perform these shifts on the left and right keys - for (let i = 0; i < shifts.length; i++) { - //shift the keys either one or two bits to the left - if (shifts[i]) { - left = (left << 2) | (left >>> 26); - right = (right << 2) | (right >>> 26); - } else { - left = (left << 1) | (left >>> 27); - right = (right << 1) | (right >>> 27); - } - left &= -0xf; - right &= -0xf; - - //now apply PC-2, in such a way that E is easier when encrypting or decrypting - //this conversion will look like PC-2 except only the last 6 bits of each byte are used - //rather than 48 consecutive bits and the order of lines will be according to - //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 - lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( - left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & - 0xf]; - righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | - pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | - pc2bytes13[(right >>> 4) & 0xf]; - temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; - keys[n++] = lefttemp ^ temp; - keys[n++] = righttemp ^ (temp << 16); - } - } //for each iterations - //return the keys we've created - return keys; -} //end of desCreateKeys - - -function desAddPadding(message, padding) { - const padLength = 8 - (message.length % 8); - - let pad; - if (padding === 2 && (padLength < 8)) { //pad the message with spaces - pad = ' '.charCodeAt(0); - } else if (padding === 1) { //PKCS7 padding - pad = padLength; - } else if (!padding && (padLength < 8)) { //pad the message out with null bytes - pad = 0; - } else if (padLength === 8) { - return message; - } else { - throw new Error('des: invalid padding'); - } - - const paddedMessage = new Uint8Array(message.length + padLength); - for (let i = 0; i < message.length; i++) { - paddedMessage[i] = message[i]; - } - for (let j = 0; j < padLength; j++) { - paddedMessage[message.length + j] = pad; - } - - return paddedMessage; -} - -function desRemovePadding(message, padding) { - let padLength = null; - let pad; - if (padding === 2) { // space padded - pad = ' '.charCodeAt(0); - } else if (padding === 1) { // PKCS7 - padLength = message[message.length - 1]; - } else if (!padding) { // null padding - pad = 0; - } else { - throw new Error('des: invalid padding'); - } - - if (!padLength) { - padLength = 1; - while (message[message.length - padLength] === pad) { - padLength++; - } - padLength--; - } - - return message.subarray(0, message.length - padLength); -} - -// added by Recurity Labs - -function TripleDES(key) { - this.key = []; - - for (let i = 0; i < 3; i++) { - this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); - } - - this.encrypt = function(block) { - return des( - desCreateKeys(this.key[2]), - des( - desCreateKeys(this.key[1]), - des( - desCreateKeys(this.key[0]), - block, true, 0, null, null - ), - false, 0, null, null - ), true, 0, null, null - ); - }; -} - -TripleDES.keySize = TripleDES.prototype.keySize = 24; -TripleDES.blockSize = TripleDES.prototype.blockSize = 8; - -// This is "original" DES - -function DES(key) { - this.key = key; - - this.encrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, true, 0, null, padding); - }; - - this.decrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, false, 0, null, padding); - }; -} - -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Copyright 2010 pjacobs@xeekr.com . All rights reserved. - -// Modified by Recurity Labs GmbH - -// fixed/modified by Herbert Hanewinkel, www.haneWIN.de -// check www.haneWIN.de for the latest version - -// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. -// CAST-128 is a common OpenPGP cipher. - - -// CAST5 constructor - -function OpenPGPSymEncCAST5() { - this.BlockSize = 8; - this.KeySize = 16; - - this.setKey = function(key) { - this.masking = new Array(16); - this.rotate = new Array(16); - - this.reset(); - - if (key.length === this.KeySize) { - this.keySchedule(key); - } else { - throw new Error('CAST-128: keys must be 16 bytes'); - } - return true; - }; - - this.reset = function() { - for (let i = 0; i < 16; i++) { - this.masking[i] = 0; - this.rotate[i] = 0; - } - }; - - this.getBlockSize = function() { - return this.BlockSize; - }; - - this.encrypt = function(src) { - const dst = new Array(src.length); - - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; - - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >>> 16) & 255; - dst[i + 6] = (l >>> 8) & 255; - dst[i + 7] = l & 255; - } - - return dst; - }; - - this.decrypt = function(src) { - const dst = new Array(src.length); - - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; - - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >> 16) & 255; - dst[i + 6] = (l >> 8) & 255; - dst[i + 7] = l & 255; - } - - return dst; - }; - const scheduleA = new Array(4); - - scheduleA[0] = new Array(4); - scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; - scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - - scheduleA[1] = new Array(4); - scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - - scheduleA[2] = new Array(4); - scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; - scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - - - scheduleA[3] = new Array(4); - scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - - const scheduleB = new Array(4); - - scheduleB[0] = new Array(4); - scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; - scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; - scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; - scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; - - scheduleB[1] = new Array(4); - scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; - scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; - scheduleB[1][2] = [7, 6, 8, 9, 3]; - scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; - - - scheduleB[2] = new Array(4); - scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; - scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; - scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; - scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; - - - scheduleB[3] = new Array(4); - scheduleB[3][0] = [8, 9, 7, 6, 3]; - scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; - scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; - scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; - - // changed 'in' to 'inn' (in javascript 'in' is a reserved word) - this.keySchedule = function(inn) { - const t = new Array(8); - const k = new Array(32); - - let j; - - for (let i = 0; i < 4; i++) { - j = i * 4; - t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; - } - - const x = [6, 7, 4, 5]; - let ki = 0; - let w; - - for (let half = 0; half < 2; half++) { - for (let round = 0; round < 4; round++) { - for (j = 0; j < 4; j++) { - const a = scheduleA[round][j]; - w = t[a[1]]; - - w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; - w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; - w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; - w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; - w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; - t[a[0]] = w; - } - - for (j = 0; j < 4; j++) { - const b = scheduleB[round][j]; - w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - - w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; - w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; - w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; - w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; - k[ki] = w; - ki++; - } - } - } - - for (let i = 0; i < 16; i++) { - this.masking[i] = k[i]; - this.rotate[i] = k[16 + i] & 0x1f; - } - }; - - // These are the three 'f' functions. See RFC 2144, section 2.2. - - function f1(d, m, r) { - const t = m + d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; - } - - function f2(d, m, r) { - const t = m ^ d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; - } - - function f3(d, m, r) { - const t = m - d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; - } - - const sBox = new Array(8); - sBox[0] = [ - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf - ]; - - sBox[1] = [ - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 - ]; - - sBox[2] = [ - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 - ]; - - sBox[3] = [ - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 - ]; - - sBox[4] = [ - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 - ]; - - sBox[5] = [ - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f - ]; - - sBox[6] = [ - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 - ]; - - sBox[7] = [ - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e - ]; -} - -function CAST5(key) { - this.cast5 = new OpenPGPSymEncCAST5(); - this.cast5.setKey(key); - - this.encrypt = function(block) { - return this.cast5.encrypt(block); - }; -} - -CAST5.blockSize = CAST5.prototype.blockSize = 8; -CAST5.keySize = CAST5.prototype.keySize = 16; - -/* eslint-disable no-mixed-operators, no-fallthrough */ - - -/* Modified by Recurity Labs GmbH - * - * Cipher.js - * A block-cipher algorithm implementation on JavaScript - * See Cipher.readme.txt for further information. - * - * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] - * This script file is distributed under the LGPL - * - * ACKNOWLEDGMENT - * - * The main subroutines are written by Michiel van Everdingen. - * - * Michiel van Everdingen - * http://home.versatel.nl/MAvanEverdingen/index.html - * - * All rights for these routines are reserved to Michiel van Everdingen. - * - */ - -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -//Math -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - -const MAXINT = 0xFFFFFFFF; - -function rotw(w, n) { - return (w << n | w >>> (32 - n)) & MAXINT; -} - -function getW(a, i) { - return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; -} - -function setW(a, i, w) { - a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); -} - -function getB(x, n) { - return (x >>> (n * 8)) & 0xFF; -} - -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Twofish -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - -function createTwofish() { - // - let keyBytes = null; - let dataBytes = null; - let dataOffset = -1; - // var dataLength = -1; - // var idx2 = -1; - // - - let tfsKey = []; - let tfsM = [ - [], - [], - [], - [] - ]; - - function tfsInit(key) { - keyBytes = key; - let i; - let a; - let b; - let c; - let d; - const meKey = []; - const moKey = []; - const inKey = []; - let kLen; - const sKey = []; - let f01; - let f5b; - let fef; - - const q0 = [ - [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], - [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] - ]; - const q1 = [ - [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], - [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] - ]; - const q2 = [ - [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], - [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] - ]; - const q3 = [ - [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], - [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] - ]; - const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; - const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; - const q = [ - [], - [] - ]; - const m = [ - [], - [], - [], - [] - ]; - - function ffm5b(x) { - return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; - } - - function ffmEf(x) { - return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; - } - - function mdsRem(p, q) { - let i; - let t; - let u; - for (i = 0; i < 8; i++) { - t = q >>> 24; - q = ((q << 8) & MAXINT) | p >>> 24; - p = (p << 8) & MAXINT; - u = t << 1; - if (t & 128) { - u ^= 333; - } - q ^= t ^ (u << 16); - u ^= t >>> 1; - if (t & 1) { - u ^= 166; - } - q ^= u << 24 | u << 8; - } - return q; - } - - function qp(n, x) { - const a = x >> 4; - const b = x & 15; - const c = q0[n][a ^ b]; - const d = q1[n][ror4[b] ^ ashx[a]]; - return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; - } - - function hFun(x, key) { - let a = getB(x, 0); - let b = getB(x, 1); - let c = getB(x, 2); - let d = getB(x, 3); - switch (kLen) { - case 4: - a = q[1][a] ^ getB(key[3], 0); - b = q[0][b] ^ getB(key[3], 1); - c = q[0][c] ^ getB(key[3], 2); - d = q[1][d] ^ getB(key[3], 3); - case 3: - a = q[1][a] ^ getB(key[2], 0); - b = q[1][b] ^ getB(key[2], 1); - c = q[0][c] ^ getB(key[2], 2); - d = q[0][d] ^ getB(key[2], 3); - case 2: - a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); - b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); - c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); - d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); - } - return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; - } - - keyBytes = keyBytes.slice(0, 32); - i = keyBytes.length; - while (i !== 16 && i !== 24 && i !== 32) { - keyBytes[i++] = 0; - } - - for (i = 0; i < keyBytes.length; i += 4) { - inKey[i >> 2] = getW(keyBytes, i); - } - for (i = 0; i < 256; i++) { - q[0][i] = qp(0, i); - q[1][i] = qp(1, i); - } - for (i = 0; i < 256; i++) { - f01 = q[1][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); - m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); - f01 = q[0][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); - m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); - } - - kLen = inKey.length / 2; - for (i = 0; i < kLen; i++) { - a = inKey[i + i]; - meKey[i] = a; - b = inKey[i + i + 1]; - moKey[i] = b; - sKey[kLen - i - 1] = mdsRem(a, b); - } - for (i = 0; i < 40; i += 2) { - a = 0x1010101 * i; - b = a + 0x1010101; - a = hFun(a, meKey); - b = rotw(hFun(b, moKey), 8); - tfsKey[i] = (a + b) & MAXINT; - tfsKey[i + 1] = rotw(a + 2 * b, 9); - } - for (i = 0; i < 256; i++) { - a = b = c = d = i; - switch (kLen) { - case 4: - a = q[1][a] ^ getB(sKey[3], 0); - b = q[0][b] ^ getB(sKey[3], 1); - c = q[0][c] ^ getB(sKey[3], 2); - d = q[1][d] ^ getB(sKey[3], 3); - case 3: - a = q[1][a] ^ getB(sKey[2], 0); - b = q[1][b] ^ getB(sKey[2], 1); - c = q[0][c] ^ getB(sKey[2], 2); - d = q[0][d] ^ getB(sKey[2], 3); - case 2: - tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; - tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; - tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; - tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; - } - } - } - - function tfsG0(x) { - return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; - } - - function tfsG1(x) { - return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; - } - - function tfsFrnd(r, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); - blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); - blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; - } - - function tfsIrnd(i, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; - blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; - blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); - } - - function tfsClose() { - tfsKey = []; - tfsM = [ - [], - [], - [], - [] - ]; - } - - function tfsEncrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], - getW(dataBytes, dataOffset + 4) ^ tfsKey[1], - getW(dataBytes, dataOffset + 8) ^ tfsKey[2], - getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; - for (let j = 0; j < 8; j++) { - tfsFrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); - dataOffset += 16; - return dataBytes; - } - - function tfsDecrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], - getW(dataBytes, dataOffset + 4) ^ tfsKey[5], - getW(dataBytes, dataOffset + 8) ^ tfsKey[6], - getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; - for (let j = 7; j >= 0; j--) { - tfsIrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); - dataOffset += 16; - } - - // added by Recurity Labs - - function tfsFinal() { - return dataBytes; - } - - return { - name: 'twofish', - blocksize: 128 / 8, - open: tfsInit, - close: tfsClose, - encrypt: tfsEncrypt, - decrypt: tfsDecrypt, - // added by Recurity Labs - finalize: tfsFinal - }; -} - -// added by Recurity Labs - -function TF(key) { - this.tf = createTwofish(); - this.tf.open(Array.from(key), 0); - - this.encrypt = function(block) { - return this.tf.encrypt(Array.from(block), 0); - }; -} - -TF.keySize = TF.prototype.keySize = 32; -TF.blockSize = TF.prototype.blockSize = 16; - -/* Modified by Recurity Labs GmbH - * - * Originally written by nklein software (nklein.com) - */ - -/* - * Javascript implementation based on Bruce Schneier's reference implementation. - * - * - * The constructor doesn't do much of anything. It's just here - * so we can start defining properties and methods and such. - */ -function Blowfish() {} - -/* - * Declare the block size so that protocols know what size - * Initialization Vector (IV) they will need. - */ -Blowfish.prototype.BLOCKSIZE = 8; - -/* - * These are the default SBOXES. - */ -Blowfish.prototype.SBOXES = [ - [ - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, - 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, - 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, - 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, - 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, - 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, - 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, - 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, - 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, - 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, - 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, - 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, - 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, - 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, - 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, - 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, - 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, - 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, - 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, - 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, - 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, - 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a - ], - [ - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 - ], - [ - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 - ], - [ - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 - ] -]; - -//* -//* This is the default PARRAY -//* -Blowfish.prototype.PARRAY = [ - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b -]; - -//* -//* This is the number of rounds the cipher will go -//* -Blowfish.prototype.NN = 16; - -//* -//* This function is needed to get rid of problems -//* with the high-bit getting set. If we don't do -//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not -//* equal to ( bb & 0x00FFFFFFFF ) even when they -//* agree bit-for-bit for the first 32 bits. -//* -Blowfish.prototype._clean = function(xx) { - if (xx < 0) { - const yy = xx & 0x7FFFFFFF; - xx = yy + 0x80000000; - } - return xx; -}; - -//* -//* This is the mixing function that uses the sboxes -//* -Blowfish.prototype._F = function(xx) { - let yy; - - const dd = xx & 0x00FF; - xx >>>= 8; - const cc = xx & 0x00FF; - xx >>>= 8; - const bb = xx & 0x00FF; - xx >>>= 8; - const aa = xx & 0x00FF; - - yy = this.sboxes[0][aa] + this.sboxes[1][bb]; - yy ^= this.sboxes[2][cc]; - yy += this.sboxes[3][dd]; - - return yy; -}; - -//* -//* This method takes an array with two values, left and right -//* and does NN rounds of Blowfish on them. -//* -Blowfish.prototype._encryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; - - let ii; - - for (ii = 0; ii < this.NN; ++ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; - - const tmp = dataL; - dataL = dataR; - dataR = tmp; - } - - dataL ^= this.parray[this.NN + 0]; - dataR ^= this.parray[this.NN + 1]; - - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; - -//* -//* This method takes a vector of numbers and turns them -//* into long words so that they can be processed by the -//* real algorithm. -//* -//* Maybe I should make the real algorithm above take a vector -//* instead. That will involve more looping, but it won't require -//* the F() method to deconstruct the vector. -//* -Blowfish.prototype.encryptBlock = function(vector) { - let ii; - const vals = [0, 0]; - const off = this.BLOCKSIZE / 2; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); - vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); - } - - this._encryptBlock(vals); - - const ret = []; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); - ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); - // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); - // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); - } - - return ret; -}; - -//* -//* This method takes an array with two values, left and right -//* and undoes NN rounds of Blowfish on them. -//* -Blowfish.prototype._decryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; - - let ii; - - for (ii = this.NN + 1; ii > 1; --ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; - - const tmp = dataL; - dataL = dataR; - dataR = tmp; - } - - dataL ^= this.parray[1]; - dataR ^= this.parray[0]; - - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; - -//* -//* This method takes a key array and initializes the -//* sboxes and parray for this encryption. -//* -Blowfish.prototype.init = function(key) { - let ii; - let jj = 0; - - this.parray = []; - for (ii = 0; ii < this.NN + 2; ++ii) { - let data = 0x00000000; - for (let kk = 0; kk < 4; ++kk) { - data = (data << 8) | (key[jj] & 0x00FF); - if (++jj >= key.length) { - jj = 0; - } - } - this.parray[ii] = this.PARRAY[ii] ^ data; - } - - this.sboxes = []; - for (ii = 0; ii < 4; ++ii) { - this.sboxes[ii] = []; - for (jj = 0; jj < 256; ++jj) { - this.sboxes[ii][jj] = this.SBOXES[ii][jj]; - } - } - - const vals = [0x00000000, 0x00000000]; - - for (ii = 0; ii < this.NN + 2; ii += 2) { - this._encryptBlock(vals); - this.parray[ii + 0] = vals[0]; - this.parray[ii + 1] = vals[1]; - } - - for (ii = 0; ii < 4; ++ii) { - for (jj = 0; jj < 256; jj += 2) { - this._encryptBlock(vals); - this.sboxes[ii][jj + 0] = vals[0]; - this.sboxes[ii][jj + 1] = vals[1]; - } - } -}; - -// added by Recurity Labs -function BF(key) { - this.bf = new Blowfish(); - this.bf.init(key); - - this.encrypt = function(block) { - return this.bf.encryptBlock(block); - }; -} - -BF.keySize = BF.prototype.keySize = 16; -BF.blockSize = BF.prototype.blockSize = 8; - -/** - * @fileoverview Symmetric cryptography functions - * @module crypto/cipher - * @private - */ - -/** - * AES-128 encryption and decryption (ID 7) - * @function - * @param {String} key - 128-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes128 = aes(128); -/** - * AES-128 Block Cipher (ID 8) - * @function - * @param {String} key - 192-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes192 = aes(192); -/** - * AES-128 Block Cipher (ID 9) - * @function - * @param {String} key - 256-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes256 = aes(256); -// Not in OpenPGP specifications -const des$1 = DES; -/** - * Triple DES Block Cipher (ID 2) - * @function - * @param {String} key - 192-bit key - * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67} - * @returns {Object} - */ -const tripledes = TripleDES; -/** - * CAST-128 Block Cipher (ID 3) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm} - * @returns {Object} - */ -const cast5 = CAST5; -/** - * Twofish Block Cipher (ID 10) - * @function - * @param {String} key - 256-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH} - * @returns {Object} - */ -const twofish = TF; -/** - * Blowfish Block Cipher (ID 4) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH} - * @returns {Object} - */ -const blowfish = BF; -/** - * Not implemented - * @function - * @throws {Error} - */ -const idea = function() { - throw new Error('IDEA symmetric-key algorithm not implemented'); -}; - -var cipher = /*#__PURE__*/Object.freeze({ - __proto__: null, - aes128: aes128, - aes192: aes192, - aes256: aes256, - des: des$1, - tripledes: tripledes, - cast5: cast5, - twofish: twofish, - blowfish: blowfish, - idea: idea -}); - -var sha1_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0, - w16 = 0, w17 = 0, w18 = 0, w19 = 0, - w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0, - w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0, - w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0, - w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0, - w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0, - w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - - // 0 - t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 1 - t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 2 - t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 3 - t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 4 - t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 5 - t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 6 - t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 7 - t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 8 - t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 9 - t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 10 - t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 11 - t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 12 - t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 13 - t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 14 - t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 15 - t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 16 - n = w13 ^ w8 ^ w2 ^ w0; - w16 = (n << 1) | (n >>> 31); - t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 17 - n = w14 ^ w9 ^ w3 ^ w1; - w17 = (n << 1) | (n >>> 31); - t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 18 - n = w15 ^ w10 ^ w4 ^ w2; - w18 = (n << 1) | (n >>> 31); - t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 19 - n = w16 ^ w11 ^ w5 ^ w3; - w19 = (n << 1) | (n >>> 31); - t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 20 - n = w17 ^ w12 ^ w6 ^ w4; - w20 = (n << 1) | (n >>> 31); - t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 21 - n = w18 ^ w13 ^ w7 ^ w5; - w21 = (n << 1) | (n >>> 31); - t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 22 - n = w19 ^ w14 ^ w8 ^ w6; - w22 = (n << 1) | (n >>> 31); - t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 23 - n = w20 ^ w15 ^ w9 ^ w7; - w23 = (n << 1) | (n >>> 31); - t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 24 - n = w21 ^ w16 ^ w10 ^ w8; - w24 = (n << 1) | (n >>> 31); - t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 25 - n = w22 ^ w17 ^ w11 ^ w9; - w25 = (n << 1) | (n >>> 31); - t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 26 - n = w23 ^ w18 ^ w12 ^ w10; - w26 = (n << 1) | (n >>> 31); - t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 27 - n = w24 ^ w19 ^ w13 ^ w11; - w27 = (n << 1) | (n >>> 31); - t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 28 - n = w25 ^ w20 ^ w14 ^ w12; - w28 = (n << 1) | (n >>> 31); - t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 29 - n = w26 ^ w21 ^ w15 ^ w13; - w29 = (n << 1) | (n >>> 31); - t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 30 - n = w27 ^ w22 ^ w16 ^ w14; - w30 = (n << 1) | (n >>> 31); - t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 31 - n = w28 ^ w23 ^ w17 ^ w15; - w31 = (n << 1) | (n >>> 31); - t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 32 - n = w29 ^ w24 ^ w18 ^ w16; - w32 = (n << 1) | (n >>> 31); - t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 33 - n = w30 ^ w25 ^ w19 ^ w17; - w33 = (n << 1) | (n >>> 31); - t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 34 - n = w31 ^ w26 ^ w20 ^ w18; - w34 = (n << 1) | (n >>> 31); - t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 35 - n = w32 ^ w27 ^ w21 ^ w19; - w35 = (n << 1) | (n >>> 31); - t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 36 - n = w33 ^ w28 ^ w22 ^ w20; - w36 = (n << 1) | (n >>> 31); - t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 37 - n = w34 ^ w29 ^ w23 ^ w21; - w37 = (n << 1) | (n >>> 31); - t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 38 - n = w35 ^ w30 ^ w24 ^ w22; - w38 = (n << 1) | (n >>> 31); - t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 39 - n = w36 ^ w31 ^ w25 ^ w23; - w39 = (n << 1) | (n >>> 31); - t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 40 - n = w37 ^ w32 ^ w26 ^ w24; - w40 = (n << 1) | (n >>> 31); - t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 41 - n = w38 ^ w33 ^ w27 ^ w25; - w41 = (n << 1) | (n >>> 31); - t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 42 - n = w39 ^ w34 ^ w28 ^ w26; - w42 = (n << 1) | (n >>> 31); - t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 43 - n = w40 ^ w35 ^ w29 ^ w27; - w43 = (n << 1) | (n >>> 31); - t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 44 - n = w41 ^ w36 ^ w30 ^ w28; - w44 = (n << 1) | (n >>> 31); - t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 45 - n = w42 ^ w37 ^ w31 ^ w29; - w45 = (n << 1) | (n >>> 31); - t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 46 - n = w43 ^ w38 ^ w32 ^ w30; - w46 = (n << 1) | (n >>> 31); - t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 47 - n = w44 ^ w39 ^ w33 ^ w31; - w47 = (n << 1) | (n >>> 31); - t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 48 - n = w45 ^ w40 ^ w34 ^ w32; - w48 = (n << 1) | (n >>> 31); - t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 49 - n = w46 ^ w41 ^ w35 ^ w33; - w49 = (n << 1) | (n >>> 31); - t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 50 - n = w47 ^ w42 ^ w36 ^ w34; - w50 = (n << 1) | (n >>> 31); - t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 51 - n = w48 ^ w43 ^ w37 ^ w35; - w51 = (n << 1) | (n >>> 31); - t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 52 - n = w49 ^ w44 ^ w38 ^ w36; - w52 = (n << 1) | (n >>> 31); - t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 53 - n = w50 ^ w45 ^ w39 ^ w37; - w53 = (n << 1) | (n >>> 31); - t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 54 - n = w51 ^ w46 ^ w40 ^ w38; - w54 = (n << 1) | (n >>> 31); - t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 55 - n = w52 ^ w47 ^ w41 ^ w39; - w55 = (n << 1) | (n >>> 31); - t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 56 - n = w53 ^ w48 ^ w42 ^ w40; - w56 = (n << 1) | (n >>> 31); - t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 57 - n = w54 ^ w49 ^ w43 ^ w41; - w57 = (n << 1) | (n >>> 31); - t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 58 - n = w55 ^ w50 ^ w44 ^ w42; - w58 = (n << 1) | (n >>> 31); - t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 59 - n = w56 ^ w51 ^ w45 ^ w43; - w59 = (n << 1) | (n >>> 31); - t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 60 - n = w57 ^ w52 ^ w46 ^ w44; - w60 = (n << 1) | (n >>> 31); - t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 61 - n = w58 ^ w53 ^ w47 ^ w45; - w61 = (n << 1) | (n >>> 31); - t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 62 - n = w59 ^ w54 ^ w48 ^ w46; - w62 = (n << 1) | (n >>> 31); - t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 63 - n = w60 ^ w55 ^ w49 ^ w47; - w63 = (n << 1) | (n >>> 31); - t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 64 - n = w61 ^ w56 ^ w50 ^ w48; - w64 = (n << 1) | (n >>> 31); - t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 65 - n = w62 ^ w57 ^ w51 ^ w49; - w65 = (n << 1) | (n >>> 31); - t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 66 - n = w63 ^ w58 ^ w52 ^ w50; - w66 = (n << 1) | (n >>> 31); - t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 67 - n = w64 ^ w59 ^ w53 ^ w51; - w67 = (n << 1) | (n >>> 31); - t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 68 - n = w65 ^ w60 ^ w54 ^ w52; - w68 = (n << 1) | (n >>> 31); - t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 69 - n = w66 ^ w61 ^ w55 ^ w53; - w69 = (n << 1) | (n >>> 31); - t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 70 - n = w67 ^ w62 ^ w56 ^ w54; - w70 = (n << 1) | (n >>> 31); - t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 71 - n = w68 ^ w63 ^ w57 ^ w55; - w71 = (n << 1) | (n >>> 31); - t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 72 - n = w69 ^ w64 ^ w58 ^ w56; - w72 = (n << 1) | (n >>> 31); - t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 73 - n = w70 ^ w65 ^ w59 ^ w57; - w73 = (n << 1) | (n >>> 31); - t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 74 - n = w71 ^ w66 ^ w60 ^ w58; - w74 = (n << 1) | (n >>> 31); - t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 75 - n = w72 ^ w67 ^ w61 ^ w59; - w75 = (n << 1) | (n >>> 31); - t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 76 - n = w73 ^ w68 ^ w62 ^ w60; - w76 = (n << 1) | (n >>> 31); - t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 77 - n = w74 ^ w69 ^ w63 ^ w61; - w77 = (n << 1) | (n >>> 31); - t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 78 - n = w75 ^ w70 ^ w64 ^ w62; - w78 = (n << 1) | (n >>> 31); - t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 79 - n = w76 ^ w71 ^ w65 ^ w63; - w79 = (n << 1) | (n >>> 31); - t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - } - - function reset () { - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA1 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA1 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA1 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; - -class Hash { - constructor() { - this.pos = 0; - this.len = 0; - } - reset() { - const { asm } = this.acquire_asm(); - this.result = null; - this.pos = 0; - this.len = 0; - asm.reset(); - return this; - } - process(data) { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - let hpos = this.pos; - let hlen = this.len; - let dpos = 0; - let dlen = data.length; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen); - hlen += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.process(hpos, hlen); - hpos += wlen; - hlen -= wlen; - if (!hlen) - hpos = 0; - } - this.pos = hpos; - this.len = hlen; - return this; - } - finish() { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - asm.finish(this.pos, this.len, 0); - this.result = new Uint8Array(this.HASH_SIZE); - this.result.set(heap.subarray(0, this.HASH_SIZE)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return this; - } -} - -const _sha1_block_size = 64; -const _sha1_hash_size = 20; -const heap_pool$1 = []; -const asm_pool$1 = []; -class Sha1 extends Hash { - constructor() { - super(); - this.NAME = 'sha1'; - this.BLOCK_SIZE = _sha1_block_size; - this.HASH_SIZE = _sha1_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$1.pop() || _heap_init(); - this.asm = asm_pool$1.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$1.push(this.heap); - asm_pool$1.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha1().process(data).finish().result; - } -} -Sha1.NAME = 'sha1'; -Sha1.heap_pool = []; -Sha1.asm_pool = []; -Sha1.asm_function = sha1_asm; - -var sha256_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - f = H5; - g = H6; - h = H7; - - // 0 - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 1 - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 2 - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 3 - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 4 - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 5 - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 6 - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 7 - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 8 - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 9 - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 10 - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 11 - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 12 - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 13 - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 14 - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 15 - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 16 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 17 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 18 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 19 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 20 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 21 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 22 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 23 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 24 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 25 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 26 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 27 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 28 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 29 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 30 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 31 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 32 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 33 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 34 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 35 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 36 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 37 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 38 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 39 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 40 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 41 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 42 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 43 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 44 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 45 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 46 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 47 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 48 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 49 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 50 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 51 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 52 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 53 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 54 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 55 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 56 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 57 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 58 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 59 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 60 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 61 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 62 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 63 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - H5 = ( H5 + f )|0; - H6 = ( H6 + g )|0; - H7 = ( H7 + h )|0; - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - HEAP[output|20] = H5>>>24; - HEAP[output|21] = H5>>>16&255; - HEAP[output|22] = H5>>>8&255; - HEAP[output|23] = H5&255; - HEAP[output|24] = H6>>>24; - HEAP[output|25] = H6>>>16&255; - HEAP[output|26] = H6>>>8&255; - HEAP[output|27] = H6&255; - HEAP[output|28] = H7>>>24; - HEAP[output|29] = H7>>>16&255; - HEAP[output|30] = H7>>>8&255; - HEAP[output|31] = H7&255; - } - - function reset () { - H0 = 0x6a09e667; - H1 = 0xbb67ae85; - H2 = 0x3c6ef372; - H3 = 0xa54ff53a; - H4 = 0x510e527f; - H5 = 0x9b05688c; - H6 = 0x1f83d9ab; - H7 = 0x5be0cd19; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - h5 = h5|0; - h6 = h6|0; - h7 = h7|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - H5 = I5; - H6 = I6; - H7 = I7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - H5 = O5; - H6 = O6; - H7 = O7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - O5 = H5; - O6 = H6; - O7 = H7; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - I5 = H5; - I6 = H6; - I7 = H7; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - h5 = h5 ^ H5; - h6 = h6 ^ H6; - h7 = h7 ^ H7; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA256 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA256 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA256 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; - -const _sha256_block_size = 64; -const _sha256_hash_size = 32; -const heap_pool$2 = []; -const asm_pool$2 = []; -class Sha256 extends Hash { - constructor() { - super(); - this.NAME = 'sha256'; - this.BLOCK_SIZE = _sha256_block_size; - this.HASH_SIZE = _sha256_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$2.pop() || _heap_init(); - this.asm = asm_pool$2.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$2.push(this.heap); - asm_pool$2.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha256().process(data).finish().result; - } -} -Sha256.NAME = 'sha256'; - -var minimalisticAssert = assert; - -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} - -assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); -}; - -var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -function createCommonjsModule(fn, module) { - return module = { exports: {} }, fn(module, module.exports), module.exports; -} - -function commonjsRequire () { - throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs'); -} - -var inherits_browser = createCommonjsModule(function (module) { -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - }; -} -}); - -var inherits = createCommonjsModule(function (module) { -try { - var util = util__default['default']; - if (typeof util.inherits !== 'function') throw ''; - module.exports = util.inherits; -} catch (e) { - module.exports = inherits_browser; -} -}); - -var inherits_1 = inherits; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; -} -var toArray_1 = toArray; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -var toHex_1 = toHex; - -function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; -} -var htonl_1 = htonl; - -function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); - } - return res; -} -var toHex32_1 = toHex32; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -var zero2_1 = zero2; - -function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; -} -var zero8_1 = zero8; - -function join32(msg, start, end, endian) { - var len = end - start; - minimalisticAssert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; - } - return res; -} -var join32_1 = join32; - -function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; - } - } - return res; -} -var split32_1 = split32; - -function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); -} -var rotr32_1 = rotr32; - -function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); -} -var rotl32_1 = rotl32; - -function sum32(a, b) { - return (a + b) >>> 0; -} -var sum32_1 = sum32; - -function sum32_3(a, b, c) { - return (a + b + c) >>> 0; -} -var sum32_3_1 = sum32_3; - -function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; -} -var sum32_4_1 = sum32_4; - -function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; -} -var sum32_5_1 = sum32_5; - -function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; - - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; -} -var sum64_1 = sum64; - -function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; -} -var sum64_hi_1 = sum64_hi; - -function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; -} -var sum64_lo_1 = sum64_lo; - -function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; -} -var sum64_4_hi_1 = sum64_4_hi; - -function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; -} -var sum64_4_lo_1 = sum64_4_lo; - -function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; - - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; -} -var sum64_5_hi_1 = sum64_5_hi; - -function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; - - return lo >>> 0; -} -var sum64_5_lo_1 = sum64_5_lo; - -function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; -} -var rotr64_hi_1 = rotr64_hi; - -function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var rotr64_lo_1 = rotr64_lo; - -function shr64_hi(ah, al, num) { - return ah >>> num; -} -var shr64_hi_1 = shr64_hi; - -function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var shr64_lo_1 = shr64_lo; - -var utils = { - inherits: inherits_1, - toArray: toArray_1, - toHex: toHex_1, - htonl: htonl_1, - toHex32: toHex32_1, - zero2: zero2_1, - zero8: zero8_1, - join32: join32_1, - split32: split32_1, - rotr32: rotr32_1, - rotl32: rotl32_1, - sum32: sum32_1, - sum32_3: sum32_3_1, - sum32_4: sum32_4_1, - sum32_5: sum32_5_1, - sum64: sum64_1, - sum64_hi: sum64_hi_1, - sum64_lo: sum64_lo_1, - sum64_4_hi: sum64_4_hi_1, - sum64_4_lo: sum64_4_lo_1, - sum64_5_hi: sum64_5_hi_1, - sum64_5_lo: sum64_5_lo_1, - rotr64_hi: rotr64_hi_1, - rotr64_lo: rotr64_lo_1, - shr64_hi: shr64_hi_1, - shr64_lo: shr64_lo_1 -}; - -function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; - - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; -} -var BlockHash_1 = BlockHash; - -BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; - - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; - - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; - - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); - } - - return this; -}; - -BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - minimalisticAssert(this.pending === null); - - return this._digest(enc); -}; - -BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; - } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (t = 8; t < this.padLength; t++) - res[i++] = 0; - } - - return res; -}; - -var common = { - BlockHash: BlockHash_1 -}; - -var rotr32$1 = utils.rotr32; - -function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); -} -var ft_1_1 = ft_1; - -function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); -} -var ch32_1 = ch32; - -function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); -} -var maj32_1 = maj32; - -function p32(x, y, z) { - return x ^ y ^ z; -} -var p32_1 = p32; - -function s0_256(x) { - return rotr32$1(x, 2) ^ rotr32$1(x, 13) ^ rotr32$1(x, 22); -} -var s0_256_1 = s0_256; - -function s1_256(x) { - return rotr32$1(x, 6) ^ rotr32$1(x, 11) ^ rotr32$1(x, 25); -} -var s1_256_1 = s1_256; - -function g0_256(x) { - return rotr32$1(x, 7) ^ rotr32$1(x, 18) ^ (x >>> 3); -} -var g0_256_1 = g0_256; - -function g1_256(x) { - return rotr32$1(x, 17) ^ rotr32$1(x, 19) ^ (x >>> 10); -} -var g1_256_1 = g1_256; - -var common$1 = { - ft_1: ft_1_1, - ch32: ch32_1, - maj32: maj32_1, - p32: p32_1, - s0_256: s0_256_1, - s1_256: s1_256_1, - g0_256: g0_256_1, - g1_256: g1_256_1 -}; - -var sum32$1 = utils.sum32; -var sum32_4$1 = utils.sum32_4; -var sum32_5$1 = utils.sum32_5; -var ch32$1 = common$1.ch32; -var maj32$1 = common$1.maj32; -var s0_256$1 = common$1.s0_256; -var s1_256$1 = common$1.s1_256; -var g0_256$1 = common$1.g0_256; -var g1_256$1 = common$1.g1_256; - -var BlockHash$1 = common.BlockHash; - -var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; - -function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); - - BlockHash$1.call(this); - this.h = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 - ]; - this.k = sha256_K; - this.W = new Array(64); -} -utils.inherits(SHA256, BlockHash$1); -var _256 = SHA256; - -SHA256.blockSize = 512; -SHA256.outSize = 256; -SHA256.hmacStrength = 192; -SHA256.padLength = 64; - -SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4$1(g1_256$1(W[i - 2]), W[i - 7], g0_256$1(W[i - 15]), W[i - 16]); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; - - minimalisticAssert(this.k.length === W.length); - for (i = 0; i < W.length; i++) { - var T1 = sum32_5$1(h, s1_256$1(e), ch32$1(e, f, g), this.k[i], W[i]); - var T2 = sum32$1(s0_256$1(a), maj32$1(a, b, c)); - h = g; - g = f; - f = e; - e = sum32$1(d, T1); - d = c; - c = b; - b = a; - a = sum32$1(T1, T2); - } - - this.h[0] = sum32$1(this.h[0], a); - this.h[1] = sum32$1(this.h[1], b); - this.h[2] = sum32$1(this.h[2], c); - this.h[3] = sum32$1(this.h[3], d); - this.h[4] = sum32$1(this.h[4], e); - this.h[5] = sum32$1(this.h[5], f); - this.h[6] = sum32$1(this.h[6], g); - this.h[7] = sum32$1(this.h[7], h); -}; - -SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - - _256.call(this); - this.h = [ - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; -} -utils.inherits(SHA224, _256); -var _224 = SHA224; - -SHA224.blockSize = 512; -SHA224.outSize = 224; -SHA224.hmacStrength = 192; -SHA224.padLength = 64; - -SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); -}; - -var rotr64_hi$1 = utils.rotr64_hi; -var rotr64_lo$1 = utils.rotr64_lo; -var shr64_hi$1 = utils.shr64_hi; -var shr64_lo$1 = utils.shr64_lo; -var sum64$1 = utils.sum64; -var sum64_hi$1 = utils.sum64_hi; -var sum64_lo$1 = utils.sum64_lo; -var sum64_4_hi$1 = utils.sum64_4_hi; -var sum64_4_lo$1 = utils.sum64_4_lo; -var sum64_5_hi$1 = utils.sum64_5_hi; -var sum64_5_lo$1 = utils.sum64_5_lo; - -var BlockHash$2 = common.BlockHash; - -var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 -]; - -function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - - BlockHash$2.call(this); - this.h = [ - 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); -} -utils.inherits(SHA512, BlockHash$2); -var _512 = SHA512; - -SHA512.blockSize = 1024; -SHA512.outSize = 512; -SHA512.hmacStrength = 192; -SHA512.padLength = 128; - -SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; - - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - - W[i] = sum64_4_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - } -}; - -SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; - - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; - - minimalisticAssert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; - - var T1_hi = sum64_5_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - - c0_hi = s0_512_hi(ah, al); - c0_lo = s0_512_lo(ah, al); - c1_hi = maj64_hi(ah, al, bh, bl, ch); - c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); - - var T2_hi = sum64_hi$1(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo$1(c0_hi, c0_lo, c1_hi, c1_lo); - - hh = gh; - hl = gl; - - gh = fh; - gl = fl; - - fh = eh; - fl = el; - - eh = sum64_hi$1(dh, dl, T1_hi, T1_lo); - el = sum64_lo$1(dl, dl, T1_hi, T1_lo); - - dh = ch; - dl = cl; - - ch = bh; - cl = bl; - - bh = ah; - bl = al; - - ah = sum64_hi$1(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo$1(T1_hi, T1_lo, T2_hi, T2_lo); - } - - sum64$1(this.h, 0, ah, al); - sum64$1(this.h, 2, bh, bl); - sum64$1(this.h, 4, ch, cl); - sum64$1(this.h, 6, dh, dl); - sum64$1(this.h, 8, eh, el); - sum64$1(this.h, 10, fh, fl); - sum64$1(this.h, 12, gh, gl); - sum64$1(this.h, 14, hh, hl); -}; - -SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function ch64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 28); - var c1_hi = rotr64_hi$1(xl, xh, 2); // 34 - var c2_hi = rotr64_hi$1(xl, xh, 7); // 39 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 28); - var c1_lo = rotr64_lo$1(xl, xh, 2); // 34 - var c2_lo = rotr64_lo$1(xl, xh, 7); // 39 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 14); - var c1_hi = rotr64_hi$1(xh, xl, 18); - var c2_hi = rotr64_hi$1(xl, xh, 9); // 41 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 14); - var c1_lo = rotr64_lo$1(xh, xl, 18); - var c2_lo = rotr64_lo$1(xl, xh, 9); // 41 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 1); - var c1_hi = rotr64_hi$1(xh, xl, 8); - var c2_hi = shr64_hi$1(xh, xl, 7); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 1); - var c1_lo = rotr64_lo$1(xh, xl, 8); - var c2_lo = shr64_lo$1(xh, xl, 7); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 19); - var c1_hi = rotr64_hi$1(xl, xh, 29); // 61 - var c2_hi = shr64_hi$1(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 19); - var c1_lo = rotr64_lo$1(xl, xh, 29); // 61 - var c2_lo = shr64_lo$1(xh, xl, 6); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - _512.call(this); - this.h = [ - 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; -} -utils.inherits(SHA384, _512); -var _384 = SHA384; - -SHA384.blockSize = 1024; -SHA384.outSize = 384; -SHA384.hmacStrength = 192; -SHA384.padLength = 128; - -SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); -}; - -var rotl32$1 = utils.rotl32; -var sum32$2 = utils.sum32; -var sum32_3$1 = utils.sum32_3; -var sum32_4$2 = utils.sum32_4; -var BlockHash$3 = common.BlockHash; - -function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash$3.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; -} -utils.inherits(RIPEMD160, BlockHash$3); -var ripemd160 = RIPEMD160; - -RIPEMD160.blockSize = 512; -RIPEMD160.outSize = 160; -RIPEMD160.hmacStrength = 192; -RIPEMD160.padLength = 64; - -RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32$2( - rotl32$1( - sum32_4$2(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32$1(C, 10); - C = B; - B = T; - T = sum32$2( - rotl32$1( - sum32_4$2(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32$1(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3$1(this.h[1], C, Dh); - this.h[1] = sum32_3$1(this.h[2], D, Eh); - this.h[2] = sum32_3$1(this.h[3], E, Ah); - this.h[3] = sum32_3$1(this.h[4], A, Bh); - this.h[4] = sum32_3$1(this.h[0], B, Ch); - this.h[0] = T; -}; - -RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); -}; - -function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); -} - -function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; -} - -function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; -} - -var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -]; - -var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -]; - -var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -]; - -var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -]; - -var ripemd = { - ripemd160: ripemd160 -}; - -/** - * A fast MD5 JavaScript implementation - * Copyright (c) 2012 Joseph Myers - * http://www.myersdaily.org/joseph/javascript/md5-text.html - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purposes and without - * fee is hereby granted provided that this copyright notice - * appears in all copies. - * - * Of course, this soft is provided "as is" without express or implied - * warranty of any kind. - */ - -// MD5 Digest -async function md5(entree) { - const digest = md51(util.uint8ArrayToString(entree)); - return util.hexToUint8Array(hex(digest)); -} - -function md5cycle(x, k) { - let a = x[0]; - let b = x[1]; - let c = x[2]; - let d = x[3]; - - a = ff(a, b, c, d, k[0], 7, -680876936); - d = ff(d, a, b, c, k[1], 12, -389564586); - c = ff(c, d, a, b, k[2], 17, 606105819); - b = ff(b, c, d, a, k[3], 22, -1044525330); - a = ff(a, b, c, d, k[4], 7, -176418897); - d = ff(d, a, b, c, k[5], 12, 1200080426); - c = ff(c, d, a, b, k[6], 17, -1473231341); - b = ff(b, c, d, a, k[7], 22, -45705983); - a = ff(a, b, c, d, k[8], 7, 1770035416); - d = ff(d, a, b, c, k[9], 12, -1958414417); - c = ff(c, d, a, b, k[10], 17, -42063); - b = ff(b, c, d, a, k[11], 22, -1990404162); - a = ff(a, b, c, d, k[12], 7, 1804603682); - d = ff(d, a, b, c, k[13], 12, -40341101); - c = ff(c, d, a, b, k[14], 17, -1502002290); - b = ff(b, c, d, a, k[15], 22, 1236535329); - - a = gg(a, b, c, d, k[1], 5, -165796510); - d = gg(d, a, b, c, k[6], 9, -1069501632); - c = gg(c, d, a, b, k[11], 14, 643717713); - b = gg(b, c, d, a, k[0], 20, -373897302); - a = gg(a, b, c, d, k[5], 5, -701558691); - d = gg(d, a, b, c, k[10], 9, 38016083); - c = gg(c, d, a, b, k[15], 14, -660478335); - b = gg(b, c, d, a, k[4], 20, -405537848); - a = gg(a, b, c, d, k[9], 5, 568446438); - d = gg(d, a, b, c, k[14], 9, -1019803690); - c = gg(c, d, a, b, k[3], 14, -187363961); - b = gg(b, c, d, a, k[8], 20, 1163531501); - a = gg(a, b, c, d, k[13], 5, -1444681467); - d = gg(d, a, b, c, k[2], 9, -51403784); - c = gg(c, d, a, b, k[7], 14, 1735328473); - b = gg(b, c, d, a, k[12], 20, -1926607734); - - a = hh(a, b, c, d, k[5], 4, -378558); - d = hh(d, a, b, c, k[8], 11, -2022574463); - c = hh(c, d, a, b, k[11], 16, 1839030562); - b = hh(b, c, d, a, k[14], 23, -35309556); - a = hh(a, b, c, d, k[1], 4, -1530992060); - d = hh(d, a, b, c, k[4], 11, 1272893353); - c = hh(c, d, a, b, k[7], 16, -155497632); - b = hh(b, c, d, a, k[10], 23, -1094730640); - a = hh(a, b, c, d, k[13], 4, 681279174); - d = hh(d, a, b, c, k[0], 11, -358537222); - c = hh(c, d, a, b, k[3], 16, -722521979); - b = hh(b, c, d, a, k[6], 23, 76029189); - a = hh(a, b, c, d, k[9], 4, -640364487); - d = hh(d, a, b, c, k[12], 11, -421815835); - c = hh(c, d, a, b, k[15], 16, 530742520); - b = hh(b, c, d, a, k[2], 23, -995338651); - - a = ii(a, b, c, d, k[0], 6, -198630844); - d = ii(d, a, b, c, k[7], 10, 1126891415); - c = ii(c, d, a, b, k[14], 15, -1416354905); - b = ii(b, c, d, a, k[5], 21, -57434055); - a = ii(a, b, c, d, k[12], 6, 1700485571); - d = ii(d, a, b, c, k[3], 10, -1894986606); - c = ii(c, d, a, b, k[10], 15, -1051523); - b = ii(b, c, d, a, k[1], 21, -2054922799); - a = ii(a, b, c, d, k[8], 6, 1873313359); - d = ii(d, a, b, c, k[15], 10, -30611744); - c = ii(c, d, a, b, k[6], 15, -1560198380); - b = ii(b, c, d, a, k[13], 21, 1309151649); - a = ii(a, b, c, d, k[4], 6, -145523070); - d = ii(d, a, b, c, k[11], 10, -1120210379); - c = ii(c, d, a, b, k[2], 15, 718787259); - b = ii(b, c, d, a, k[9], 21, -343485551); - - x[0] = add32(a, x[0]); - x[1] = add32(b, x[1]); - x[2] = add32(c, x[2]); - x[3] = add32(d, x[3]); -} - -function cmn(q, a, b, x, s, t) { - a = add32(add32(a, q), add32(x, t)); - return add32((a << s) | (a >>> (32 - s)), b); -} - -function ff(a, b, c, d, x, s, t) { - return cmn((b & c) | ((~b) & d), a, b, x, s, t); -} - -function gg(a, b, c, d, x, s, t) { - return cmn((b & d) | (c & (~d)), a, b, x, s, t); -} - -function hh(a, b, c, d, x, s, t) { - return cmn(b ^ c ^ d, a, b, x, s, t); -} - -function ii(a, b, c, d, x, s, t) { - return cmn(c ^ (b | (~d)), a, b, x, s, t); -} - -function md51(s) { - const n = s.length; - const state = [1732584193, -271733879, -1732584194, 271733878]; - let i; - for (i = 64; i <= s.length; i += 64) { - md5cycle(state, md5blk(s.substring(i - 64, i))); - } - s = s.substring(i - 64); - const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (i = 0; i < s.length; i++) { - tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); - } - tail[i >> 2] |= 0x80 << ((i % 4) << 3); - if (i > 55) { - md5cycle(state, tail); - for (i = 0; i < 16; i++) { - tail[i] = 0; - } - } - tail[14] = n * 8; - md5cycle(state, tail); - return state; -} - -/* there needs to be support for Unicode here, - * unless we pretend that we can redefine the MD-5 - * algorithm for multi-byte characters (perhaps - * by adding every four 16-bit characters and - * shortening the sum to 32 bits). Otherwise - * I suggest performing MD-5 as if every character - * was two bytes--e.g., 0040 0025 = @%--but then - * how will an ordinary MD-5 sum be matched? - * There is no way to standardize text to something - * like UTF-8 before transformation; speed cost is - * utterly prohibitive. The JavaScript standard - * itself needs to look at this: it should start - * providing access to strings as preformed UTF-8 - * 8-bit unsigned value arrays. - */ -function md5blk(s) { /* I figured global was faster. */ - const md5blks = []; - let i; /* Andy King said do it this way. */ - for (i = 0; i < 64; i += 4) { - md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << - 24); - } - return md5blks; -} - -const hex_chr = '0123456789abcdef'.split(''); - -function rhex(n) { - let s = ''; - let j = 0; - for (; j < 4; j++) { - s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; - } - return s; -} - -function hex(x) { - for (let i = 0; i < x.length; i++) { - x[i] = rhex(x[i]); - } - return x.join(''); -} - -/* this function is much faster, -so if possible we use it. Some IEs -are the only ones I know of that -need the idiotic second function, -generated by an if clause. */ - -function add32(a, b) { - return (a + b) & 0xFFFFFFFF; -} - -/** - * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://github.com/indutny/hash.js|hash.js} - * @module crypto/hash - * @private - */ - -const webCrypto = util.getWebCrypto(); -const nodeCrypto = util.getNodeCrypto(); -const nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes(); - -function nodeHash(type) { - if (!nodeCrypto || !nodeCryptoHashes.includes(type)) { - return; - } - return async function (data) { - const shasum = nodeCrypto.createHash(type); - return transform(data, value => { - shasum.update(value); - }, () => new Uint8Array(shasum.digest())); - }; -} - -function hashjsHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } - const hashInstance = hash(); - return transform(data, value => { - hashInstance.update(value); - }, () => new Uint8Array(hashInstance.digest())); - }; -} - -function asmcryptoHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (util.isStream(data)) { - const hashInstance = new hash(); - return transform(data, value => { - hashInstance.process(value); - }, () => hashInstance.finish().result); - } else if (webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } else { - return hash.bytes(data); - } - }; -} - -const hashFunctions = { - md5: nodeHash('md5') || md5, - sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'), - sha224: nodeHash('sha224') || hashjsHash(_224), - sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'), - sha384: nodeHash('sha384') || hashjsHash(_384, 'SHA-384'), - sha512: nodeHash('sha512') || hashjsHash(_512, 'SHA-512'), // asmcrypto sha512 is huge. - ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160) -}; - -var hash = { - - /** @see module:md5 */ - md5: hashFunctions.md5, - /** @see asmCrypto */ - sha1: hashFunctions.sha1, - /** @see hash.js */ - sha224: hashFunctions.sha224, - /** @see asmCrypto */ - sha256: hashFunctions.sha256, - /** @see hash.js */ - sha384: hashFunctions.sha384, - /** @see asmCrypto */ - sha512: hashFunctions.sha512, - /** @see hash.js */ - ripemd: hashFunctions.ripemd, - - /** - * Create a hash on the specified data using the specified algorithm - * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @param {Uint8Array} data - Data to be hashed - * @returns {Promise} Hash value. - */ - digest: function(algo, data) { - switch (algo) { - case enums.hash.md5: - return this.md5(data); - case enums.hash.sha1: - return this.sha1(data); - case enums.hash.ripemd: - return this.ripemd(data); - case enums.hash.sha256: - return this.sha256(data); - case enums.hash.sha384: - return this.sha384(data); - case enums.hash.sha512: - return this.sha512(data); - case enums.hash.sha224: - return this.sha224(data); - default: - throw new Error('Invalid hash function.'); - } - }, - - /** - * Returns the hash size in bytes of the specified hash algorithm type - * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @returns {Integer} Size in bytes of the resulting hash. - */ - getHashByteLength: function(algo) { - switch (algo) { - case enums.hash.md5: - return 16; - case enums.hash.sha1: - case enums.hash.ripemd: - return 20; - case enums.hash.sha256: - return 32; - case enums.hash.sha384: - return 48; - case enums.hash.sha512: - return 64; - case enums.hash.sha224: - return 28; - default: - throw new Error('Invalid hash algorithm.'); - } - } -}; - -class AES_CFB { - static encrypt(data, key, iv) { - return new AES_CFB(key, iv).encrypt(data); - } - static decrypt(data, key, iv) { - return new AES_CFB(key, iv).decrypt(data); - } - constructor(key, iv, aes) { - this.aes = aes ? aes : new AES(key, iv, true, 'CFB'); - delete this.aes.padding; - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * Get implementation of the given cipher - * @param {enums.symmetric} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getCipher(algo) { - const algoName = enums.read(enums.symmetric, algo); - return cipher[algoName]; -} - -// Modified by ProtonTech AG - -const webCrypto$1 = util.getWebCrypto(); -const nodeCrypto$1 = util.getNodeCrypto(); - -const knownAlgos = nodeCrypto$1 ? nodeCrypto$1.getCiphers() : []; -const nodeAlgos = { - idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ - tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, - cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, - blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, - aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, - aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, - aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined - /* twofish is not implemented in OpenSSL */ -}; - -/** - * CFB encryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} plaintext - * @param {Uint8Array} iv - * @param {Object} config - full configuration, defaults to openpgp.config - * @returns MaybeStream - */ -async function encrypt(algo, key, plaintext, iv, config) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeEncrypt(algo, key, plaintext, iv); - } - if (util.isAES(algo)) { - return aesEncrypt(algo, key, plaintext, iv, config); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - const blockc = iv.slice(); - let pt = new Uint8Array(); - const process = chunk => { - if (chunk) { - pt = util.concatUint8Array([pt, chunk]); - } - const ciphertext = new Uint8Array(pt.length); - let i; - let j = 0; - while (chunk ? pt.length >= block_size : pt.length) { - const encblock = cipherfn.encrypt(blockc); - for (i = 0; i < block_size; i++) { - blockc[i] = pt[i] ^ encblock[i]; - ciphertext[j++] = blockc[i]; - } - pt = pt.subarray(block_size); - } - return ciphertext.subarray(0, j); - }; - return transform(plaintext, process, process); -} - -/** - * CFB decryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} ciphertext - * @param {Uint8Array} iv - * @returns MaybeStream - */ -async function decrypt(algo, key, ciphertext, iv) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeDecrypt(algo, key, ciphertext, iv); - } - if (util.isAES(algo)) { - return aesDecrypt(algo, key, ciphertext, iv); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - let blockp = iv; - let ct = new Uint8Array(); - const process = chunk => { - if (chunk) { - ct = util.concatUint8Array([ct, chunk]); - } - const plaintext = new Uint8Array(ct.length); - let i; - let j = 0; - while (chunk ? ct.length >= block_size : ct.length) { - const decblock = cipherfn.encrypt(blockp); - blockp = ct.subarray(0, block_size); - for (i = 0; i < block_size; i++) { - plaintext[j++] = blockp[i] ^ decblock[i]; - } - ct = ct.subarray(block_size); - } - return plaintext.subarray(0, j); - }; - return transform(ciphertext, process, process); -} - -function aesEncrypt(algo, key, pt, iv, config) { - if ( - util.getWebCrypto() && - key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support - !util.isStream(pt) && - pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2 - ) { // Web Crypto - return webEncrypt(algo, key, pt, iv); - } - // asm.js fallback - const cfb = new AES_CFB(key, iv); - return transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish()); -} - -function aesDecrypt(algo, key, ct, iv) { - if (util.isStream(ct)) { - const cfb = new AES_CFB(key, iv); - return transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish()); - } - return AES_CFB.decrypt(ct, key, iv); -} - -function xorMut(a, b) { - for (let i = 0; i < a.length; i++) { - a[i] = a[i] ^ b[i]; - } -} - -async function webEncrypt(algo, key, pt, iv) { - const ALGO = 'AES-CBC'; - const _key = await webCrypto$1.importKey('raw', key, { name: ALGO }, false, ['encrypt']); - const { blockSize } = getCipher(algo); - const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]); - const ct = new Uint8Array(await webCrypto$1.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length); - xorMut(ct, pt); - return ct; -} - -function nodeEncrypt(algo, key, pt, iv) { - const algoName = enums.read(enums.symmetric, algo); - const cipherObj = new nodeCrypto$1.createCipheriv(nodeAlgos[algoName], key, iv); - return transform(pt, value => new Uint8Array(cipherObj.update(value))); -} - -function nodeDecrypt(algo, key, ct, iv) { - const algoName = enums.read(enums.symmetric, algo); - const decipherObj = new nodeCrypto$1.createDecipheriv(nodeAlgos[algoName], key, iv); - return transform(ct, value => new Uint8Array(decipherObj.update(value))); -} - -var cfb = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt, - decrypt: decrypt -}); - -class AES_CTR { - static encrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - static decrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - constructor(key, nonce, aes) { - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - delete this.aes.padding; - this.AES_CTR_set_options(nonce); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - AES_CTR_set_options(nonce, counter, size) { - let { asm } = this.aes.acquire_asm(); - if (size !== undefined) { - if (size < 8 || size > 48) - throw new IllegalArgumentError('illegal counter size'); - let mask = Math.pow(2, size) - 1; - asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0); - } - else { - size = 48; - asm.set_mask(0, 0, 0xffff, 0xffffffff); - } - if (nonce !== undefined) { - let len = nonce.length; - if (!len || len > 16) - throw new IllegalArgumentError('illegal nonce size'); - let view = new DataView(new ArrayBuffer(16)); - new Uint8Array(view.buffer).set(nonce); - asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12)); - } - else { - throw new Error('nonce is required'); - } - if (counter !== undefined) { - if (counter < 0 || counter >= Math.pow(2, size)) - throw new IllegalArgumentError('illegal counter value'); - asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0); - } - } -} - -class AES_CBC { - static encrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).encrypt(data); - } - static decrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).decrypt(data); - } - constructor(key, iv, padding = true, aes) { - this.aes = aes ? aes : new AES(key, iv, padding, 'CBC'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * @fileoverview This module implements AES-CMAC on top of - * native AES-CBC using either the WebCrypto API or Node.js' crypto API. - * @module crypto/cmac - * @private - */ - -const webCrypto$2 = util.getWebCrypto(); -const nodeCrypto$2 = util.getNodeCrypto(); - - -/** - * This implementation of CMAC is based on the description of OMAC in - * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that - * document: - * - * We have made a small modification to the OMAC algorithm as it was - * originally presented, changing one of its two constants. - * Specifically, the constant 4 at line 85 was the constant 1/2 (the - * multiplicative inverse of 2) in the original definition of OMAC [14]. - * The OMAC authors indicate that they will promulgate this modification - * [15], which slightly simplifies implementations. - */ - -const blockLength = 16; - - -/** - * xor `padding` into the end of `data`. This function implements "the - * operation xor→ [which] xors the shorter string into the end of longer - * one". Since data is always as least as long as padding, we can - * simplify the implementation. - * @param {Uint8Array} data - * @param {Uint8Array} padding - */ -function rightXORMut(data, padding) { - const offset = data.length - blockLength; - for (let i = 0; i < blockLength; i++) { - data[i + offset] ^= padding[i]; - } - return data; -} - -function pad(data, padding, padding2) { - // if |M| in {n, 2n, 3n, ...} - if (data.length && data.length % blockLength === 0) { - // then return M xor→ B, - return rightXORMut(data, padding); - } - // else return (M || 10^(n−1−(|M| mod n))) xor→ P - const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength))); - padded.set(data); - padded[data.length] = 0b10000000; - return rightXORMut(padded, padding2); -} - -const zeroBlock = new Uint8Array(blockLength); - -async function CMAC(key) { - const cbc = await CBC(key); - - // L ← E_K(0^n); B ← 2L; P ← 4L - const padding = util.double(await cbc(zeroBlock)); - const padding2 = util.double(padding); - - return async function(data) { - // return CBC_K(pad(M; B, P)) - return (await cbc(pad(data, padding, padding2))).subarray(-blockLength); - }; -} - -async function CBC(key) { - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - key = await webCrypto$2.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); - return async function(pt) { - const ct = await webCrypto$2.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt); - return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt) { - const en = new nodeCrypto$2.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock); - const ct = en.update(pt); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt) { - return AES_CBC.encrypt(pt, key, false, zeroBlock); - }; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$3 = util.getWebCrypto(); -const nodeCrypto$3 = util.getNodeCrypto(); -const Buffer$1 = util.getNodeBuffer(); - - -const blockLength$1 = 16; -const ivLength = blockLength$1; -const tagLength = blockLength$1; - -const zero = new Uint8Array(blockLength$1); -const one = new Uint8Array(blockLength$1); one[blockLength$1 - 1] = 1; -const two = new Uint8Array(blockLength$1); two[blockLength$1 - 1] = 2; - -async function OMAC(key) { - const cmac = await CMAC(key); - return function(t, message) { - return cmac(util.concatUint8Array([t, message])); - }; -} - -async function CTR(key) { - if ( - util.getWebCrypto() && - key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - ) { - key = await webCrypto$3.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); - return async function(pt, iv) { - const ct = await webCrypto$3.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$1 * 8 }, key, pt); - return new Uint8Array(ct); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt, iv) { - const en = new nodeCrypto$3.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); - const ct = Buffer$1.concat([en.update(pt), en.final()]); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt, iv) { - return AES_CTR.encrypt(pt, key, iv); - }; -} - - -/** - * Class to en/decrypt using EAX mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function EAX(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('EAX mode supports only AES cipher'); - } - - const [ - omac, - ctr - ] = await Promise.all([ - OMAC(key), - CTR(key) - ]); - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - const [ - omacNonce, - omacAdata - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata) - ]); - const ciphered = await ctr(plaintext, omacNonce); - const omacCiphered = await omac(two, ciphered); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - return util.concatUint8Array([ciphered, tag]); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to verify - * @returns {Promise} The plaintext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext'); - const ciphered = ciphertext.subarray(0, -tagLength); - const ctTag = ciphertext.subarray(-tagLength); - const [ - omacNonce, - omacAdata, - omacCiphered - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata), - omac(two, ciphered) - ]); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); - const plaintext = await ctr(ciphered, omacNonce); - return plaintext; - } - }; -} - - -/** - * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. - * @param {Uint8Array} iv - The initialization vector (16 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -EAX.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[8 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -EAX.blockLength = blockLength$1; -EAX.ivLength = ivLength; -EAX.tagLength = tagLength; - -// OpenPGP.js - An OpenPGP implementation in javascript - -const blockLength$2 = 16; -const ivLength$1 = 15; - -// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: -// While OCB [RFC7253] allows the authentication tag length to be of any -// number up to 128 bits long, this document requires a fixed -// authentication tag length of 128 bits (16 octets) for simplicity. -const tagLength$1 = 16; - - -function ntz(n) { - let ntz = 0; - for (let i = 1; (n & i) === 0; i <<= 1) { - ntz++; - } - return ntz; -} - -function xorMut$1(S, T) { - for (let i = 0; i < S.length; i++) { - S[i] ^= T[i]; - } - return S; -} - -function xor(S, T) { - return xorMut$1(S.slice(), T); -} - -const zeroBlock$1 = new Uint8Array(blockLength$2); -const one$1 = new Uint8Array([1]); - -/** - * Class to en/decrypt using OCB mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function OCB(cipher$1, key) { - - let maxNtz = 0; - let encipher; - let decipher; - let mask; - - constructKeyVariables(cipher$1, key); - - function constructKeyVariables(cipher$1, key) { - const cipherName = enums.read(enums.symmetric, cipher$1); - const aes = new cipher[cipherName](key); - encipher = aes.encrypt.bind(aes); - decipher = aes.decrypt.bind(aes); - - const mask_x = encipher(zeroBlock$1); - const mask_$ = util.double(mask_x); - mask = []; - mask[0] = util.double(mask_$); - - - mask.x = mask_x; - mask.$ = mask_$; - } - - function extendKeyVariables(text, adata) { - const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$2 | 0) - 1; - for (let i = maxNtz + 1; i <= newMaxNtz; i++) { - mask[i] = util.double(mask[i - 1]); - } - maxNtz = newMaxNtz; - } - - function hash(adata) { - if (!adata.length) { - // Fast path - return zeroBlock$1; - } - - // - // Consider A as a sequence of 128-bit blocks - // - const m = adata.length / blockLength$2 | 0; - - const offset = new Uint8Array(blockLength$2); - const sum = new Uint8Array(blockLength$2); - for (let i = 0; i < m; i++) { - xorMut$1(offset, mask[ntz(i + 1)]); - xorMut$1(sum, encipher(xor(offset, adata))); - adata = adata.subarray(blockLength$2); - } - - // - // Process any final partial block; compute final hash value - // - if (adata.length) { - xorMut$1(offset, mask.x); - - const cipherInput = new Uint8Array(blockLength$2); - cipherInput.set(adata, 0); - cipherInput[adata.length] = 0b10000000; - xorMut$1(cipherInput, offset); - - xorMut$1(sum, encipher(cipherInput)); - } - - return sum; - } - - /** - * Encrypt/decrypt data. - * @param {encipher|decipher} fn - Encryption/decryption block cipher function - * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. - */ - function crypt(fn, text, nonce, adata) { - // - // Consider P as a sequence of 128-bit blocks - // - const m = text.length / blockLength$2 | 0; - - // - // Key-dependent variables - // - extendKeyVariables(text, adata); - - // - // Nonce-dependent and per-encryption variables - // - // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N - // Note: We assume here that tagLength mod 16 == 0. - const paddedNonce = util.concatUint8Array([zeroBlock$1.subarray(0, ivLength$1 - nonce.length), one$1, nonce]); - // bottom = str2num(Nonce[123..128]) - const bottom = paddedNonce[blockLength$2 - 1] & 0b111111; - // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) - paddedNonce[blockLength$2 - 1] &= 0b11000000; - const kTop = encipher(paddedNonce); - // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) - const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); - // Offset_0 = Stretch[1+bottom..128+bottom] - const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); - // Checksum_0 = zeros(128) - const checksum = new Uint8Array(blockLength$2); - - const ct = new Uint8Array(text.length + tagLength$1); - - // - // Process any whole blocks - // - let i; - let pos = 0; - for (i = 0; i < m; i++) { - // Offset_i = Offset_{i-1} xor L_{ntz(i)} - xorMut$1(offset, mask[ntz(i + 1)]); - // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) - // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) - ct.set(xorMut$1(fn(xor(offset, text)), offset), pos); - // Checksum_i = Checksum_{i-1} xor P_i - xorMut$1(checksum, fn === encipher ? text : ct.subarray(pos)); - - text = text.subarray(blockLength$2); - pos += blockLength$2; - } - - // - // Process any final partial block and compute raw tag - // - if (text.length) { - // Offset_* = Offset_m xor L_* - xorMut$1(offset, mask.x); - // Pad = ENCIPHER(K, Offset_*) - const padding = encipher(offset); - // C_* = P_* xor Pad[1..bitlen(P_*)] - ct.set(xor(text, padding), pos); - - // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) - const xorInput = new Uint8Array(blockLength$2); - xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); - xorInput[text.length] = 0b10000000; - xorMut$1(checksum, xorInput); - pos += text.length; - } - // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - const tag = xorMut$1(encipher(xorMut$1(xorMut$1(checksum, offset), mask.$)), hash(adata)); - - // - // Assemble ciphertext - // - // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] - ct.set(tag, pos); - return ct; - } - - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - return crypt(encipher, plaintext, nonce, adata); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); - - const tag = ciphertext.subarray(-tagLength$1); - ciphertext = ciphertext.subarray(0, -tagLength$1); - - const crypted = crypt(decipher, ciphertext, nonce, adata); - // if (Tag[1..TAGLEN] == T) - if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { - return crypted.subarray(0, -tagLength$1); - } - throw new Error('Authentication tag mismatch'); - } - }; -} - - -/** - * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. - * @param {Uint8Array} iv - The initialization vector (15 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -OCB.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[7 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -OCB.blockLength = blockLength$2; -OCB.ivLength = ivLength$1; -OCB.tagLength = tagLength$1; - -const _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5 -class AES_GCM { - constructor(key, nonce, adata, tagSize = 16, aes) { - this.tagSize = tagSize; - this.gamma0 = 0; - this.counter = 1; - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - let { asm, heap } = this.aes.acquire_asm(); - // Init GCM - asm.gcm_init(); - // Tag size - if (this.tagSize < 4 || this.tagSize > 16) - throw new IllegalArgumentError('illegal tagSize value'); - // Nonce - const noncelen = nonce.length || 0; - const noncebuf = new Uint8Array(16); - if (noncelen !== 12) { - this._gcm_mac_process(nonce); - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = 0; - heap[4] = 0; - heap[5] = 0; - heap[6] = 0; - heap[7] = 0; - heap[8] = 0; - heap[9] = 0; - heap[10] = 0; - heap[11] = noncelen >>> 29; - heap[12] = (noncelen >>> 21) & 255; - heap[13] = (noncelen >>> 13) & 255; - heap[14] = (noncelen >>> 5) & 255; - heap[15] = (noncelen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_iv(0, 0, 0, 0); - noncebuf.set(heap.subarray(0, 16)); - } - else { - noncebuf.set(nonce); - noncebuf[15] = 1; - } - const nonceview = new DataView(noncebuf.buffer); - this.gamma0 = nonceview.getUint32(12); - asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0); - asm.set_mask(0, 0, 0, 0xffffffff); - // Associated data - if (adata !== undefined) { - if (adata.length > _AES_GCM_data_maxLength) - throw new IllegalArgumentError('illegal adata length'); - if (adata.length) { - this.adata = adata; - this._gcm_mac_process(adata); - } - else { - this.adata = undefined; - } - } - else { - this.adata = undefined; - } - // Counter - if (this.counter < 1 || this.counter > 0xffffffff) - throw new RangeError('counter must be a positive 32-bit integer'); - asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0); - } - static encrypt(cleartext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext); - } - static decrypt(ciphertext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext); - } - encrypt(data) { - return this.AES_GCM_encrypt(data); - } - decrypt(data) { - return this.AES_GCM_decrypt(data); - } - AES_GCM_Encrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len); - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Encrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let adata = this.adata; - let pos = this.aes.pos; - let len = this.aes.len; - const result = new Uint8Array(len + tagSize); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16); - if (len) - result.set(heap.subarray(pos, pos + len)); - let i = len; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - result.set(heap.subarray(0, tagSize), len); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_Decrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0; - let tlen = len + dlen - rlen; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > tlen) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - pos = 0; - len = 0; - } - if (dlen > 0) { - len += _heap_write(heap, 0, data, dpos, dlen); - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Decrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let tagSize = this.tagSize; - let adata = this.adata; - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rlen = len - tagSize; - if (len < tagSize) - throw new IllegalStateError('authentication tag not found'); - const result = new Uint8Array(rlen); - const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len)); - let i = rlen; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len - tagSize; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - let acheck = 0; - for (let i = 0; i < tagSize; ++i) - acheck |= atag[i] ^ heap[i]; - if (acheck) - throw new SecurityError('data integrity check failed'); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_decrypt(data) { - const result1 = this.AES_GCM_Decrypt_process(data); - const result2 = this.AES_GCM_Decrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - AES_GCM_encrypt(data) { - const result1 = this.AES_GCM_Encrypt_process(data); - const result2 = this.AES_GCM_Encrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - _gcm_mac_process(data) { - let { asm, heap } = this.aes.acquire_asm(); - let dpos = 0; - let dlen = data.length || 0; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, 0, data, dpos, dlen); - dpos += wlen; - dlen -= wlen; - while (wlen & 15) - heap[wlen++] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$4 = util.getWebCrypto(); -const nodeCrypto$4 = util.getNodeCrypto(); -const Buffer$2 = util.getNodeBuffer(); - -const blockLength$3 = 16; -const ivLength$2 = 12; // size of the IV in bytes -const tagLength$2 = 16; // size of the tag in bytes -const ALGO = 'AES-GCM'; - -/** - * Class to en/decrypt using GCM mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function GCM(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('GCM mode supports only AES cipher'); - } - - if (util.getNodeCrypto()) { // Node crypto library - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - const en = new nodeCrypto$4.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - en.setAAD(adata); - const ct = Buffer$2.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - const de = new nodeCrypto$4.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - de.setAAD(adata); - de.setAuthTag(ct.slice(ct.length - tagLength$2, ct.length)); // read auth tag at end of ciphertext - const pt = Buffer$2.concat([de.update(ct.slice(0, ct.length - tagLength$2)), de.final()]); - return new Uint8Array(pt); - } - }; - } - - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - const _key = await webCrypto$4.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); - - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.encrypt(pt, key, iv, adata); - } - const ct = await webCrypto$4.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, pt); - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - if (ct.length === tagLength$2) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.decrypt(ct, key, iv, adata); - } - const pt = await webCrypto$4.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, ct); - return new Uint8Array(pt); - } - }; - } - - return { - encrypt: async function(pt, iv, adata) { - return AES_GCM.encrypt(pt, key, iv, adata); - }, - - decrypt: async function(ct, iv, adata) { - return AES_GCM.decrypt(ct, key, iv, adata); - } - }; -} - - -/** - * Get GCM nonce. Note: this operation is not defined by the standard. - * A future version of the standard may define GCM mode differently, - * hopefully under a different ID (we use Private/Experimental algorithm - * ID 100) so that we can maintain backwards compatibility. - * @param {Uint8Array} iv - The initialization vector (12 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -GCM.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[4 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -GCM.blockLength = blockLength$3; -GCM.ivLength = ivLength$2; -GCM.tagLength = tagLength$2; - -/** - * @fileoverview Cipher modes - * @module crypto/mode - * @private - */ - -var mode = { - /** @see module:crypto/mode/cfb */ - cfb: cfb, - /** @see module:crypto/mode/gcm */ - gcm: GCM, - experimentalGCM: GCM, - /** @see module:crypto/mode/eax */ - eax: EAX, - /** @see module:crypto/mode/ocb */ - ocb: OCB -}; - -var naclFastLight = createCommonjsModule(function (module) { -/*jshint bitwise: false*/ - -(function(nacl) { - -// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. -// Public domain. -// -// Implementation derived from TweetNaCl version 20140427. -// See for details: http://tweetnacl.cr.yp.to/ - -var gf = function(init) { - var i, r = new Float64Array(16); - if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; - return r; -}; - -// Pluggable, initialized in high-level API below. -var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - -var _9 = new Uint8Array(32); _9[0] = 9; - -var gf0 = gf(), - gf1 = gf([1]), - _121665 = gf([0xdb41, 1]), - D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), - D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), - X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), - Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), - I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - -function vn(x, xi, y, yi, n) { - var i,d = 0; - for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; - return (1 & ((d - 1) >>> 8)) - 1; -} - -function crypto_verify_32(x, xi, y, yi) { - return vn(x,xi,y,yi,32); -} - -function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) r[i] = a[i]|0; -} - -function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; i++) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c-1 + 37 * (c-1); -} - -function sel25519(p, q, b) { - var t, c = ~(b-1); - for (var i = 0; i < 16; i++) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } -} - -function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; i++) t[i] = n[i]; - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; j++) { - m[0] = t[0] - 0xffed; - for (i = 1; i < 15; i++) { - m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); - m[i-1] &= 0xffff; - } - m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); - b = (m[15]>>16) & 1; - m[14] &= 0xffff; - sel25519(t, m, 1-b); - } - for (i = 0; i < 16; i++) { - o[2*i] = t[i] & 0xff; - o[2*i+1] = t[i]>>8; - } -} - -function neq25519(a, b) { - var c = new Uint8Array(32), d = new Uint8Array(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); -} - -function par25519(a) { - var d = new Uint8Array(32); - pack25519(d, a); - return d[0] & 1; -} - -function unpack25519(o, n) { - var i; - for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); - o[15] &= 0x7fff; -} - -function A(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; -} - -function Z(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; -} - -function M(o, a, b) { - var v, c, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, - t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, - t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, - b0 = b[0], - b1 = b[1], - b2 = b[2], - b3 = b[3], - b4 = b[4], - b5 = b[5], - b6 = b[6], - b7 = b[7], - b8 = b[8], - b9 = b[9], - b10 = b[10], - b11 = b[11], - b12 = b[12], - b13 = b[13], - b14 = b[14], - b15 = b[15]; - - v = a[0]; - t0 += v * b0; - t1 += v * b1; - t2 += v * b2; - t3 += v * b3; - t4 += v * b4; - t5 += v * b5; - t6 += v * b6; - t7 += v * b7; - t8 += v * b8; - t9 += v * b9; - t10 += v * b10; - t11 += v * b11; - t12 += v * b12; - t13 += v * b13; - t14 += v * b14; - t15 += v * b15; - v = a[1]; - t1 += v * b0; - t2 += v * b1; - t3 += v * b2; - t4 += v * b3; - t5 += v * b4; - t6 += v * b5; - t7 += v * b6; - t8 += v * b7; - t9 += v * b8; - t10 += v * b9; - t11 += v * b10; - t12 += v * b11; - t13 += v * b12; - t14 += v * b13; - t15 += v * b14; - t16 += v * b15; - v = a[2]; - t2 += v * b0; - t3 += v * b1; - t4 += v * b2; - t5 += v * b3; - t6 += v * b4; - t7 += v * b5; - t8 += v * b6; - t9 += v * b7; - t10 += v * b8; - t11 += v * b9; - t12 += v * b10; - t13 += v * b11; - t14 += v * b12; - t15 += v * b13; - t16 += v * b14; - t17 += v * b15; - v = a[3]; - t3 += v * b0; - t4 += v * b1; - t5 += v * b2; - t6 += v * b3; - t7 += v * b4; - t8 += v * b5; - t9 += v * b6; - t10 += v * b7; - t11 += v * b8; - t12 += v * b9; - t13 += v * b10; - t14 += v * b11; - t15 += v * b12; - t16 += v * b13; - t17 += v * b14; - t18 += v * b15; - v = a[4]; - t4 += v * b0; - t5 += v * b1; - t6 += v * b2; - t7 += v * b3; - t8 += v * b4; - t9 += v * b5; - t10 += v * b6; - t11 += v * b7; - t12 += v * b8; - t13 += v * b9; - t14 += v * b10; - t15 += v * b11; - t16 += v * b12; - t17 += v * b13; - t18 += v * b14; - t19 += v * b15; - v = a[5]; - t5 += v * b0; - t6 += v * b1; - t7 += v * b2; - t8 += v * b3; - t9 += v * b4; - t10 += v * b5; - t11 += v * b6; - t12 += v * b7; - t13 += v * b8; - t14 += v * b9; - t15 += v * b10; - t16 += v * b11; - t17 += v * b12; - t18 += v * b13; - t19 += v * b14; - t20 += v * b15; - v = a[6]; - t6 += v * b0; - t7 += v * b1; - t8 += v * b2; - t9 += v * b3; - t10 += v * b4; - t11 += v * b5; - t12 += v * b6; - t13 += v * b7; - t14 += v * b8; - t15 += v * b9; - t16 += v * b10; - t17 += v * b11; - t18 += v * b12; - t19 += v * b13; - t20 += v * b14; - t21 += v * b15; - v = a[7]; - t7 += v * b0; - t8 += v * b1; - t9 += v * b2; - t10 += v * b3; - t11 += v * b4; - t12 += v * b5; - t13 += v * b6; - t14 += v * b7; - t15 += v * b8; - t16 += v * b9; - t17 += v * b10; - t18 += v * b11; - t19 += v * b12; - t20 += v * b13; - t21 += v * b14; - t22 += v * b15; - v = a[8]; - t8 += v * b0; - t9 += v * b1; - t10 += v * b2; - t11 += v * b3; - t12 += v * b4; - t13 += v * b5; - t14 += v * b6; - t15 += v * b7; - t16 += v * b8; - t17 += v * b9; - t18 += v * b10; - t19 += v * b11; - t20 += v * b12; - t21 += v * b13; - t22 += v * b14; - t23 += v * b15; - v = a[9]; - t9 += v * b0; - t10 += v * b1; - t11 += v * b2; - t12 += v * b3; - t13 += v * b4; - t14 += v * b5; - t15 += v * b6; - t16 += v * b7; - t17 += v * b8; - t18 += v * b9; - t19 += v * b10; - t20 += v * b11; - t21 += v * b12; - t22 += v * b13; - t23 += v * b14; - t24 += v * b15; - v = a[10]; - t10 += v * b0; - t11 += v * b1; - t12 += v * b2; - t13 += v * b3; - t14 += v * b4; - t15 += v * b5; - t16 += v * b6; - t17 += v * b7; - t18 += v * b8; - t19 += v * b9; - t20 += v * b10; - t21 += v * b11; - t22 += v * b12; - t23 += v * b13; - t24 += v * b14; - t25 += v * b15; - v = a[11]; - t11 += v * b0; - t12 += v * b1; - t13 += v * b2; - t14 += v * b3; - t15 += v * b4; - t16 += v * b5; - t17 += v * b6; - t18 += v * b7; - t19 += v * b8; - t20 += v * b9; - t21 += v * b10; - t22 += v * b11; - t23 += v * b12; - t24 += v * b13; - t25 += v * b14; - t26 += v * b15; - v = a[12]; - t12 += v * b0; - t13 += v * b1; - t14 += v * b2; - t15 += v * b3; - t16 += v * b4; - t17 += v * b5; - t18 += v * b6; - t19 += v * b7; - t20 += v * b8; - t21 += v * b9; - t22 += v * b10; - t23 += v * b11; - t24 += v * b12; - t25 += v * b13; - t26 += v * b14; - t27 += v * b15; - v = a[13]; - t13 += v * b0; - t14 += v * b1; - t15 += v * b2; - t16 += v * b3; - t17 += v * b4; - t18 += v * b5; - t19 += v * b6; - t20 += v * b7; - t21 += v * b8; - t22 += v * b9; - t23 += v * b10; - t24 += v * b11; - t25 += v * b12; - t26 += v * b13; - t27 += v * b14; - t28 += v * b15; - v = a[14]; - t14 += v * b0; - t15 += v * b1; - t16 += v * b2; - t17 += v * b3; - t18 += v * b4; - t19 += v * b5; - t20 += v * b6; - t21 += v * b7; - t22 += v * b8; - t23 += v * b9; - t24 += v * b10; - t25 += v * b11; - t26 += v * b12; - t27 += v * b13; - t28 += v * b14; - t29 += v * b15; - v = a[15]; - t15 += v * b0; - t16 += v * b1; - t17 += v * b2; - t18 += v * b3; - t19 += v * b4; - t20 += v * b5; - t21 += v * b6; - t22 += v * b7; - t23 += v * b8; - t24 += v * b9; - t25 += v * b10; - t26 += v * b11; - t27 += v * b12; - t28 += v * b13; - t29 += v * b14; - t30 += v * b15; - - t0 += 38 * t16; - t1 += 38 * t17; - t2 += 38 * t18; - t3 += 38 * t19; - t4 += 38 * t20; - t5 += 38 * t21; - t6 += 38 * t22; - t7 += 38 * t23; - t8 += 38 * t24; - t9 += 38 * t25; - t10 += 38 * t26; - t11 += 38 * t27; - t12 += 38 * t28; - t13 += 38 * t29; - t14 += 38 * t30; - // t15 left as is - - // first car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - // second car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - o[ 0] = t0; - o[ 1] = t1; - o[ 2] = t2; - o[ 3] = t3; - o[ 4] = t4; - o[ 5] = t5; - o[ 6] = t6; - o[ 7] = t7; - o[ 8] = t8; - o[ 9] = t9; - o[10] = t10; - o[11] = t11; - o[12] = t12; - o[13] = t13; - o[14] = t14; - o[15] = t15; -} - -function S(o, a) { - M(o, a, a); -} - -function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 253; a >= 0; a--) { - S(c, c); - if(a !== 2 && a !== 4) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 250; a >= 0; a--) { - S(c, c); - if(a !== 1) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function crypto_scalarmult(q, n, p) { - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; -} - -function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); -} - -function crypto_box_keypair(y, x) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); -} - -function add(p, q) { - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(), - g = gf(), h = gf(), t = gf(); - - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); -} - -function cswap(p, q, b) { - var i; - for (i = 0; i < 4; i++) { - sel25519(p[i], q[i], b); - } -} - -function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; -} - -function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = (s[(i/8)|0] >> (i&7)) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } -} - -function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); -} - -function crypto_sign_keypair(pk, sk, seeded) { - var d; - var p = [gf(), gf(), gf(), gf()]; - var i; - - if (!seeded) randombytes(sk, 32); - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - scalarbase(p, d); - pack(pk, p); - - for (i = 0; i < 32; i++) sk[i+32] = pk[i]; - return 0; -} - -var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - -function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = Math.floor((x[j] + 128) / 256); - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; j++) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; j++) x[j] -= carry * L[j]; - for (i = 0; i < 32; i++) { - x[i+1] += x[i] >> 8; - r[i] = x[i] & 255; - } -} - -function reduce(r) { - var x = new Float64Array(64), i; - for (i = 0; i < 64; i++) x[i] = r[i]; - for (i = 0; i < 64; i++) r[i] = 0; - modL(r, x); -} - -// Note: difference from C - smlen returned, not passed as argument. -function crypto_sign(sm, m, n, sk) { - var d, h, r; - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - var smlen = n + 64; - for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - - r = nacl.hash(sm.subarray(32, smlen)); - reduce(r); - scalarbase(p, r); - pack(sm, p); - - for (i = 32; i < 64; i++) sm[i] = sk[i]; - h = nacl.hash(sm.subarray(0, smlen)); - reduce(h); - - for (i = 0; i < 64; i++) x[i] = 0; - for (i = 0; i < 32; i++) x[i] = r[i]; - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - x[i+j] += h[i] * d[j]; - } - } - - modL(sm.subarray(32), x); - return smlen; -} - -function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), - den = gf(), den2 = gf(), den4 = gf(), - den6 = gf(); - - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) M(r[0], r[0], I); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) return -1; - - if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); - - M(r[3], r[0], r[1]); - return 0; -} - -function crypto_sign_open(m, sm, n, pk) { - var i; - var t = new Uint8Array(32), h; - var p = [gf(), gf(), gf(), gf()], - q = [gf(), gf(), gf(), gf()]; - - if (n < 64) return -1; - - if (unpackneg(q, pk)) return -1; - - for (i = 0; i < n; i++) m[i] = sm[i]; - for (i = 0; i < 32; i++) m[i+32] = pk[i]; - h = nacl.hash(m.subarray(0, n)); - reduce(h); - scalarmult(p, q, h); - - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; i++) m[i] = 0; - return -1; - } - - for (i = 0; i < n; i++) m[i] = sm[i + 64]; - return n; -} - -var crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_sign_BYTES = 64, - crypto_sign_PUBLICKEYBYTES = 32, - crypto_sign_SECRETKEYBYTES = 64, - crypto_sign_SEEDBYTES = 32; - -function checkArrayTypes() { - for (var i = 0; i < arguments.length; i++) { - if (!(arguments[i] instanceof Uint8Array)) - throw new TypeError('unexpected type, use Uint8Array'); - } -} - -function cleanup(arr) { - for (var i = 0; i < arr.length; i++) arr[i] = 0; -} - -nacl.scalarMult = function(n, p) { - checkArrayTypes(n, p); - if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); - if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); - var q = new Uint8Array(crypto_scalarmult_BYTES); - crypto_scalarmult(q, n, p); - return q; -}; - -nacl.box = {}; - -nacl.box.keyPair = function() { - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.box.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign = function(msg, secretKey) { - checkArrayTypes(msg, secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); - crypto_sign(signedMsg, msg, msg.length, secretKey); - return signedMsg; -}; - -nacl.sign.detached = function(msg, secretKey) { - var signedMsg = nacl.sign(msg, secretKey); - var sig = new Uint8Array(crypto_sign_BYTES); - for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; - return sig; -}; - -nacl.sign.detached.verify = function(msg, sig, publicKey) { - checkArrayTypes(msg, sig, publicKey); - if (sig.length !== crypto_sign_BYTES) - throw new Error('bad signature size'); - if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) - throw new Error('bad public key size'); - var sm = new Uint8Array(crypto_sign_BYTES + msg.length); - var m = new Uint8Array(crypto_sign_BYTES + msg.length); - var i; - for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; - for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; - return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); -}; - -nacl.sign.keyPair = function() { - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.sign.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign.keyPair.fromSeed = function(seed) { - checkArrayTypes(seed); - if (seed.length !== crypto_sign_SEEDBYTES) - throw new Error('bad seed size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - for (var i = 0; i < 32; i++) sk[i] = seed[i]; - crypto_sign_keypair(pk, sk, true); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.setPRNG = function(fn) { - randombytes = fn; -}; - -(function() { - // Initialize PRNG if environment provides CSPRNG. - // If not, methods calling randombytes will throw. - var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; - if (crypto && crypto.getRandomValues) { - // Browsers. - var QUOTA = 65536; - nacl.setPRNG(function(x, n) { - var i, v = new Uint8Array(n); - for (i = 0; i < n; i += QUOTA) { - crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); - } - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } else if (typeof commonjsRequire !== 'undefined') { - // Node.js. - crypto = crypto__default['default']; - if (crypto && crypto.randomBytes) { - nacl.setPRNG(function(x, n) { - var i, v = crypto.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } - } -})(); - -})(module.exports ? module.exports : (self.nacl = self.nacl || {})); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const nodeCrypto$5 = util.getNodeCrypto(); - -/** - * Retrieve secure random byte array of the specified length - * @param {Integer} length - Length in bytes to generate - * @returns {Uint8Array} Random byte array. - */ -function getRandomBytes(length) { - const buf = new Uint8Array(length); - if (nodeCrypto$5) { - const bytes = nodeCrypto$5.randomBytes(buf.length); - buf.set(bytes); - } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) { - crypto.getRandomValues(buf); - } else { - throw new Error('No secure random number generator available.'); - } - return buf; -} - -/** - * Create a secure random BigInteger that is greater than or equal to min and less than max. - * @param {module:BigInteger} min - Lower bound, included - * @param {module:BigInteger} max - Upper bound, excluded - * @returns {Promise} Random BigInteger. - * @async - */ -async function getRandomBigInteger(min, max) { - const BigInteger = await util.getBigInteger(); - - if (max.lt(min)) { - throw new Error('Illegal parameter value: max <= min'); - } - - const modulus = max.sub(min); - const bytes = modulus.byteLength(); - - // Using a while loop is necessary to avoid bias introduced by the mod operation. - // However, we request 64 extra random bits so that the bias is negligible. - // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - const r = new BigInteger(await getRandomBytes(bytes + 8)); - return r.mod(modulus).add(min); -} - -var random = /*#__PURE__*/Object.freeze({ - __proto__: null, - getRandomBytes: getRandomBytes, - getRandomBigInteger: getRandomBigInteger -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Generate a probably prime random number - * @param {Integer} bits - Bit length of the prime - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns BigInteger - * @async - */ -async function randomProbablePrime(bits, e, k) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - const min = one.leftShift(new BigInteger(bits - 1)); - const thirty = new BigInteger(30); - /* - * We can avoid any multiples of 3 and 5 by looking at n mod 30 - * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 - * the next possible prime is mod 30: - * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 - */ - const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; - - const n = await getRandomBigInteger(min, min.leftShift(one)); - let i = n.mod(thirty).toNumber(); - - do { - n.iadd(new BigInteger(adds[i])); - i = (i + adds[i]) % adds.length; - // If reached the maximum, go back to the minimum. - if (n.bitLength() > bits) { - n.imod(min.leftShift(one)).iadd(min); - i = n.mod(thirty).toNumber(); - } - } while (!await isProbablePrime(n, e, k)); - return n; -} - -/** - * Probabilistic primality testing - * @param {BigInteger} n - Number to test - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns {boolean} - * @async - */ -async function isProbablePrime(n, e, k) { - if (e && !n.dec().gcd(e).isOne()) { - return false; - } - if (!await divisionTest(n)) { - return false; - } - if (!await fermat(n)) { - return false; - } - if (!await millerRabin(n, k)) { - return false; - } - // TODO implement the Lucas test - // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - return true; -} - -/** - * Tests whether n is probably prime or not using Fermat's test with b = 2. - * Fails if b^(n-1) mod n != 1. - * @param {BigInteger} n - Number to test - * @param {BigInteger} b - Optional Fermat test base - * @returns {boolean} - */ -async function fermat(n, b) { - const BigInteger = await util.getBigInteger(); - b = b || new BigInteger(2); - return b.modExp(n.dec(), n).isOne(); -} - -async function divisionTest(n) { - const BigInteger = await util.getBigInteger(); - return smallPrimes.every(m => { - return n.mod(new BigInteger(m)) !== 0; - }); -} - -// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c -const smallPrimes = [ - 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 -]; - - -// Miller-Rabin - Miller Rabin algorithm for primality test -// Copyright Fedor Indutny, 2014. -// -// This software is licensed under the MIT License. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin - -// Sample syntax for Fixed-Base Miller-Rabin: -// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) - -/** - * Tests whether n is probably prime or not using the Miller-Rabin test. - * See HAC Remark 4.28. - * @param {BigInteger} n - Number to test - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @param {Function} rand - Optional function to generate potential witnesses - * @returns {boolean} - * @async - */ -async function millerRabin(n, k, rand) { - const BigInteger = await util.getBigInteger(); - const len = n.bitLength(); - - if (!k) { - k = Math.max(1, (len / 48) | 0); - } - - const n1 = n.dec(); // n - 1 - - // Find d and s, (n - 1) = (2 ^ s) * d; - let s = 0; - while (!n1.getBit(s)) { s++; } - const d = n.rightShift(new BigInteger(s)); - - for (; k > 0; k--) { - const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1); - - let x = a.modExp(d, n); - if (x.isOne() || x.equal(n1)) { - continue; - } - - let i; - for (i = 1; i < s; i++) { - x = x.mul(x).mod(n); - - if (x.isOne()) { - return false; - } - if (x.equal(n1)) { - break; - } - } - - if (i === s) { - return false; - } - } - - return true; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ASN1 object identifiers for hashes - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} - */ -const hash_headers = []; -hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, - 0x10]; -hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; -hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; -hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, - 0x04, 0x20]; -hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, - 0x04, 0x30]; -hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, - 0x00, 0x04, 0x40]; -hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, - 0x00, 0x04, 0x1C]; - -/** - * Create padding with secure random data - * @private - * @param {Integer} length - Length of the padding in bytes - * @returns {Uint8Array} Random padding. - */ -function getPKCS1Padding(length) { - const result = new Uint8Array(length); - let count = 0; - while (count < length) { - const randomBytes = getRandomBytes(length - count); - for (let i = 0; i < randomBytes.length; i++) { - if (randomBytes[i] !== 0) { - result[count++] = randomBytes[i]; - } - } - } - return result; -} - -/** - * Create a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} - * @param {Uint8Array} message - Message to be encoded - * @param {Integer} keyLength - The length in octets of the key modulus - * @returns {Uint8Array} EME-PKCS1 padded message. - */ -function emeEncode(message, keyLength) { - const mLength = message.length; - // length checking - if (mLength > keyLength - 11) { - throw new Error('Message too long'); - } - // Generate an octet string PS of length k - mLen - 3 consisting of - // pseudo-randomly generated nonzero octets - const PS = getPKCS1Padding(keyLength - mLength - 3); - // Concatenate PS, the message M, and other padding to form an - // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. - const encoded = new Uint8Array(keyLength); - // 0x00 byte - encoded[1] = 2; - encoded.set(PS, 2); - // 0x00 bytes - encoded.set(message, keyLength - mLength); - return encoded; -} - -/** - * Decode a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} - * @param {Uint8Array} encoded - Encoded message bytes - * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) - * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) - * @throws {Error} on decoding failure, unless `randomPayload` is provided - */ -function emeDecode(encoded, randomPayload) { - // encoded format: 0x00 0x02 0x00 - let offset = 2; - let separatorNotFound = 1; - for (let j = offset; j < encoded.length; j++) { - separatorNotFound &= encoded[j] !== 0; - offset += separatorNotFound; - } - - const psLen = offset - 2; - const payload = encoded.subarray(offset + 1); // discard the 0x00 separator - const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - - if (randomPayload) { - return util.selectUint8Array(isValidPadding, payload, randomPayload); - } - - if (isValidPadding) { - return payload; - } - - throw new Error('Decryption error'); -} - -/** - * Create a EMSA-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} - * @param {Integer} algo - Hash algorithm type used - * @param {Uint8Array} hashed - Message to be encoded - * @param {Integer} emLen - Intended length in octets of the encoded message - * @returns {Uint8Array} Encoded message. - */ -async function emsaEncode(algo, hashed, emLen) { - let i; - if (hashed.length !== hash.getHashByteLength(algo)) { - throw new Error('Invalid hash length'); - } - // produce an ASN.1 DER value for the hash function used. - // Let T be the full hash prefix - const hashPrefix = new Uint8Array(hash_headers[algo].length); - for (i = 0; i < hash_headers[algo].length; i++) { - hashPrefix[i] = hash_headers[algo][i]; - } - // and let tLen be the length in octets prefix and hashed data - const tLen = hashPrefix.length + hashed.length; - if (emLen < tLen + 11) { - throw new Error('Intended encoded message length too short'); - } - // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF - // The length of PS will be at least 8 octets - const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - - // Concatenate PS, the hash prefix, hashed data, and other padding to form the - // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed - const EM = new Uint8Array(emLen); - EM[1] = 0x01; - EM.set(PS, 2); - EM.set(hashPrefix, emLen - tLen); - EM.set(hashed, emLen - hashed.length); - return EM; -} - -var pkcs1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - emeEncode: emeEncode, - emeDecode: emeDecode, - emsaEncode: emsaEncode -}); - -const webCrypto$5 = util.getWebCrypto(); -const nodeCrypto$6 = util.getNodeCrypto(); -const asn1 = nodeCrypto$6 ? asn1__default['default'] : undefined; - -/* eslint-disable no-invalid-this */ -const RSAPrivateKey = nodeCrypto$6 ? asn1.define('RSAPrivateKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('version').int(), // 0 - this.key('modulus').int(), // n - this.key('publicExponent').int(), // e - this.key('privateExponent').int(), // d - this.key('prime1').int(), // p - this.key('prime2').int(), // q - this.key('exponent1').int(), // dp - this.key('exponent2').int(), // dq - this.key('coefficient').int() // u - ); -}) : undefined; - -const RSAPublicKey = nodeCrypto$6 ? asn1.define('RSAPubliceKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('modulus').int(), // n - this.key('publicExponent').int() // e - ); -}) : undefined; -/* eslint-enable no-invalid-this */ - -/** Create signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} hashed - Hashed message - * @returns {Promise} RSA Signature. - * @async - */ -async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeSign(hashAlgo, data, n, e, d, p, q, u); - } - } - return bnSign(hashAlgo, n, d, hashed); -} - -/** - * Verify signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} s - Signature - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} hashed - Hashed message - * @returns {Boolean} - * @async - */ -async function verify(hashAlgo, data, s, n, e, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeVerify(hashAlgo, data, s, n, e); - } - } - return bnVerify(hashAlgo, s, n, e, hashed); -} - -/** - * Encrypt message - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @returns {Promise} RSA Ciphertext. - * @async - */ -async function encrypt$1(data, n, e) { - if (util.getNodeCrypto()) { - return nodeEncrypt$1(data, n, e); - } - return bnEncrypt(data, n, e); -} - -/** - * Decrypt RSA message - * @param {Uint8Array} m - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} RSA Plaintext. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$1(data, n, e, d, p, q, u, randomPayload) { - // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, - // and we want to avoid checking the error type to decide if the random payload - // should indeed be returned. - if (util.getNodeCrypto() && !randomPayload) { - try { - return await nodeDecrypt$1(data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } - return bnDecrypt(data, n, e, d, p, q, u, randomPayload); -} - -/** - * Generate a new random private key B bits long with public exponent E. - * - * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using - * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. - * @see module:crypto/public_key/prime - * @param {Integer} bits - RSA bit length - * @param {Integer} e - RSA public exponent - * @returns {{n, e, d, - * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, - * RSA private prime p, RSA private prime q, u = p ** -1 mod q - * @async - */ -async function generate(bits, e) { - const BigInteger = await util.getBigInteger(); - - e = new BigInteger(e); - - // Native RSA keygen using Web Crypto - if (util.getWebCrypto()) { - const keyGenOpt = { - name: 'RSASSA-PKCS1-v1_5', - modulusLength: bits, // the specified keysize in bits - publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent - hash: { - name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' - } - }; - const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - - // export the generated keys as JsonWebKey (JWK) - // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 - const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); - // map JWK parameters to corresponding OpenPGP names - return { - n: b64ToUint8Array(jwk.n), - e: e.toUint8Array(), - d: b64ToUint8Array(jwk.d), - // switch p and q - p: b64ToUint8Array(jwk.q), - q: b64ToUint8Array(jwk.p), - // Since p and q are switched in places, u is the inverse of jwk.q - u: b64ToUint8Array(jwk.qi) - }; - } else if (util.getNodeCrypto() && nodeCrypto$6.generateKeyPair && RSAPrivateKey) { - const opts = { - modulusLength: bits, - publicExponent: e.toNumber(), - publicKeyEncoding: { type: 'pkcs1', format: 'der' }, - privateKeyEncoding: { type: 'pkcs1', format: 'der' } - }; - const prv = await new Promise((resolve, reject) => { - nodeCrypto$6.generateKeyPair('rsa', opts, (err, _, der) => { - if (err) { - reject(err); - } else { - resolve(RSAPrivateKey.decode(der, 'der')); - } - }); - }); - /** - * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`. - * @link https://tools.ietf.org/html/rfc3447#section-3.2 - * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1 - */ - return { - n: prv.modulus.toArrayLike(Uint8Array), - e: prv.publicExponent.toArrayLike(Uint8Array), - d: prv.privateExponent.toArrayLike(Uint8Array), - // switch p and q - p: prv.prime2.toArrayLike(Uint8Array), - q: prv.prime1.toArrayLike(Uint8Array), - // Since p and q are switched in places, we can keep u as defined by DER - u: prv.coefficient.toArrayLike(Uint8Array) - }; - } - - // RSA keygen fallback using 40 iterations of the Miller-Rabin test - // See https://stackoverflow.com/a/6330138 for justification - // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST - let p; - let q; - let n; - do { - q = await randomProbablePrime(bits - (bits >> 1), e, 40); - p = await randomProbablePrime(bits >> 1, e, 40); - n = p.mul(q); - } while (n.bitLength() !== bits); - - const phi = p.dec().imul(q.dec()); - - if (q.lt(p)) { - [p, q] = [q, p]; - } - - return { - n: n.toUint8Array(), - e: e.toUint8Array(), - d: e.modInv(phi).toUint8Array(), - p: p.toUint8Array(), - q: q.toUint8Array(), - // dp: d.mod(p.subn(1)), - // dq: d.mod(q.subn(1)), - u: p.modInv(q).toUint8Array() - }; -} - -/** - * Validate RSA parameters - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA inverse of p w.r.t. q - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - p = new BigInteger(p); - q = new BigInteger(q); - - // expect pq = n - if (!p.mul(q).equal(n)) { - return false; - } - - const two = new BigInteger(2); - // expect p*u = 1 mod q - u = new BigInteger(u); - if (!p.mul(u).mod(q).isOne()) { - return false; - } - - e = new BigInteger(e); - d = new BigInteger(d); - /** - * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) - * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] - * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] - * - * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) - */ - const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3)); - const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q - const rde = r.mul(d).mul(e); - - const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r); - if (!areInverses) { - return false; - } - - return true; -} - -async function bnSign(hashAlgo, n, d, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength())); - d = new BigInteger(d); - if (m.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return m.modExp(d, n).toUint8Array('be', n.byteLength()); -} - -async function webSign(hashName, data, n, e, d, p, q, u) { - /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. - * We swap them in privateToJWK, so it usually works out, but nevertheless, - * not all OpenPGP keys are compatible with this requirement. - * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still - * does if the underlying Web Crypto does so (though the tested implementations - * don't do so). - */ - const jwk = await privateToJWK(n, e, d, p, q, u); - const algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }; - const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); - return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); -} - -async function nodeSign(hashAlgo, data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const sign = nodeCrypto$6.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(data); - sign.end(); - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPrivateKey.encode(keyObject, 'der'); - return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' })); - } - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - return new Uint8Array(sign.sign(pem)); -} - -async function bnVerify(hashAlgo, s, n, e, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - s = new BigInteger(s); - e = new BigInteger(e); - if (s.gte(n)) { - throw new Error('Signature size cannot exceed modulus size'); - } - const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength()); - const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength()); - return util.equalsUint8Array(EM1, EM2); -} - -async function webVerify(hashName, data, s, n, e) { - const jwk = publicToJWK(n, e); - const key = await webCrypto$5.importKey('jwk', jwk, { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }, false, ['verify']); - return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); -} - -async function nodeVerify(hashAlgo, data, s, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$6.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(data); - verify.end(); - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1' }; - } else { - key = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - } - try { - return await verify.verify(key, s); - } catch (err) { - return false; - } -} - -async function nodeEncrypt$1(data, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - return new Uint8Array(nodeCrypto$6.publicEncrypt(key, data)); -} - -async function bnEncrypt(data, n, e) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - data = new BigInteger(emeEncode(data, n.byteLength())); - e = new BigInteger(e); - if (data.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return data.modExp(e, n).toUint8Array('be', n.byteLength()); -} - -async function nodeDecrypt$1(data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPrivateKey.encode(keyObject, 'der'); - key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - try { - return new Uint8Array(nodeCrypto$6.privateDecrypt(key, data)); - } catch (err) { - throw new Error('Decryption error'); - } -} - -async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { - const BigInteger = await util.getBigInteger(); - data = new BigInteger(data); - n = new BigInteger(n); - e = new BigInteger(e); - d = new BigInteger(d); - p = new BigInteger(p); - q = new BigInteger(q); - u = new BigInteger(u); - if (data.gte(n)) { - throw new Error('Data too large.'); - } - const dq = d.mod(q.dec()); // d mod (q-1) - const dp = d.mod(p.dec()); // d mod (p-1) - - const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n); - const blinder = unblinder.modInv(n).modExp(e, n); - data = data.mul(blinder).mod(n); - - - const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p - const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q - const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q) - - let result = h.mul(p).add(mp); // result < n due to relations above - - result = result.mul(unblinder).mod(n); - - - return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload); -} - -/** Convert Openpgp private key params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - * @param {Uint8Array} d - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} u - */ -async function privateToJWK(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - const pNum = new BigInteger(p); - const qNum = new BigInteger(q); - const dNum = new BigInteger(d); - - let dq = dNum.mod(qNum.dec()); // d mod (q-1) - let dp = dNum.mod(pNum.dec()); // d mod (p-1) - dp = dp.toUint8Array(); - dq = dq.toUint8Array(); - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - d: uint8ArrayToB64(d, true), - // switch p and q - p: uint8ArrayToB64(q, true), - q: uint8ArrayToB64(p, true), - // switch dp and dq - dp: uint8ArrayToB64(dq, true), - dq: uint8ArrayToB64(dp, true), - qi: uint8ArrayToB64(u, true), - ext: true - }; -} - -/** Convert Openpgp key public params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - */ -function publicToJWK(n, e) { - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - ext: true - }; -} - -var rsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign, - verify: verify, - encrypt: encrypt$1, - decrypt: decrypt$1, - generate: generate, - validateParams: validateParams -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ElGamal Encryption function - * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) - * @param {Uint8Array} data - To be padded and encrypted - * @param {Uint8Array} p - * @param {Uint8Array} g - * @param {Uint8Array} y - * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} - * @async - */ -async function encrypt$2(data, p, g, y) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const padded = emeEncode(data, p.byteLength()); - const m = new BigInteger(padded); - - // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* - // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] - const k = await getRandomBigInteger(new BigInteger(1), p.dec()); - return { - c1: g.modExp(k, p).toUint8Array(), - c2: y.modExp(k, p).imul(m).imod(p).toUint8Array() - }; -} - -/** - * ElGamal Encryption function - * @param {Uint8Array} c1 - * @param {Uint8Array} c2 - * @param {Uint8Array} p - * @param {Uint8Array} x - * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} Unpadded message. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$2(c1, c2, p, x, randomPayload) { - const BigInteger = await util.getBigInteger(); - c1 = new BigInteger(c1); - c2 = new BigInteger(c2); - p = new BigInteger(p); - x = new BigInteger(x); - - const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p); - return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload); -} - -/** - * Validate ElGamal parameters - * @param {Uint8Array} p - ElGamal prime - * @param {Uint8Array} g - ElGamal group generator - * @param {Uint8Array} y - ElGamal public key - * @param {Uint8Array} x - ElGamal private exponent - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$1(p, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - // Expect p-1 to be large - const pSize = new BigInteger(p.bitLength()); - const n1023 = new BigInteger(1023); - if (pSize.lt(n1023)) { - return false; - } - - /** - * g should have order p-1 - * Check that g ** (p-1) = 1 mod p - */ - if (!g.modExp(p.dec(), p).isOne()) { - return false; - } - - /** - * Since p-1 is not prime, g might have a smaller order that divides p-1 - * We want to make sure that the order is large enough to hinder a small subgroup attack - * - * We just check g**i != 1 for all i up to a threshold - */ - let res = g; - const i = new BigInteger(1); - const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold - while (i.lt(threshold)) { - res = res.mul(g).imod(p); - if (res.isOne()) { - return false; - } - i.iinc(); - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{r(p-1) + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1 - const rqx = p.dec().imul(r).iadd(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var elgamal = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt$2, - decrypt: decrypt$2, - validateParams: validateParams$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class OID { - constructor(oid) { - if (oid instanceof OID) { - this.oid = oid.oid; - } else if (util.isArray(oid) || - util.isUint8Array(oid)) { - oid = new Uint8Array(oid); - if (oid[0] === 0x06) { // DER encoded oid byte array - if (oid[1] !== oid.length - 2) { - throw new Error('Length mismatch in DER encoded oid'); - } - oid = oid.subarray(2); - } - this.oid = oid; - } else { - this.oid = ''; - } - } - - /** - * Method to read an OID object - * @param {Uint8Array} input - Where to read the OID from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length >= 1) { - const length = input[0]; - if (input.length >= 1 + length) { - this.oid = input.subarray(1, 1 + length); - return 1 + this.oid.length; - } - } - throw new Error('Invalid oid'); - } - - /** - * Serialize an OID object - * @returns {Uint8Array} Array with the serialized value the OID. - */ - write() { - return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); - } - - /** - * Serialize an OID object as a hex string - * @returns {string} String with the hex value of the OID. - */ - toHex() { - return util.uint8ArrayToHex(this.oid); - } - - /** - * If a known curve object identifier, return the canonical name of the curve - * @returns {string} String with the canonical name of the curve. - */ - getName() { - const hex = this.toHex(); - if (enums.curve[hex]) { - return enums.write(enums.curve, hex); - } else { - throw new Error('Unknown curve object identifier.'); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -function keyFromPrivate(indutnyCurve, priv) { - const keyPair = indutnyCurve.keyPair({ priv: priv }); - return keyPair; -} - -function keyFromPublic(indutnyCurve, pub) { - const keyPair = indutnyCurve.keyPair({ pub: pub }); - if (keyPair.validate().result !== true) { - throw new Error('Invalid elliptic public key'); - } - return keyPair; -} - -async function getIndutnyCurve(name) { - if (!config.useIndutnyElliptic) { - throw new Error('This curve is only supported in the full build of OpenPGP.js'); - } - const { default: elliptic } = await Promise.resolve().then(function () { return elliptic$1; }); - return new elliptic.ec(name); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -function readSimpleLength(bytes) { - let len = 0; - let offset; - const type = bytes[0]; - - - if (type < 192) { - [len] = bytes; - offset = 1; - } else if (type < 255) { - len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; - offset = 2; - } else if (type === 255) { - len = util.readNumber(bytes.subarray(1, 1 + 4)); - offset = 5; - } - - return { - len: len, - offset: offset - }; -} - -/** - * Encodes a given integer of length to the openpgp length specifier to a - * string - * - * @param {Integer} length - The length to encode - * @returns {Uint8Array} String with openpgp length representation. - */ -function writeSimpleLength(length) { - if (length < 192) { - return new Uint8Array([length]); - } else if (length > 191 && length < 8384) { - /* - * let a = (total data packet length) - 192 let bc = two octet - * representation of a let d = b + 192 - */ - return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); - } - return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); -} - -function writePartialLength(power) { - if (power < 0 || power > 30) { - throw new Error('Partial Length power must be between 1 and 30'); - } - return new Uint8Array([224 + power]); -} - -function writeTag(tag_type) { - /* we're only generating v4 packet headers here */ - return new Uint8Array([0xC0 | tag_type]); -} - -/** - * Writes a packet header version 4 with the given tag_type and length to a - * string - * - * @param {Integer} tag_type - Tag type - * @param {Integer} length - Length of the payload - * @returns {String} String of the header. - */ -function writeHeader(tag_type, length) { - /* we're only generating v4 packet headers here */ - return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); -} - -/** - * Whether the packet type supports partial lengths per RFC4880 - * @param {Integer} tag - Tag type - * @returns {Boolean} String of the header. - */ -function supportsStreaming(tag) { - return [ - enums.packet.literalData, - enums.packet.compressedData, - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ].includes(tag); -} - -/** - * Generic static Packet Parser function - * - * @param {Uint8Array | ReadableStream} input - Input stream as string - * @param {Function} callback - Function to call with the parsed packet - * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. - */ -async function readPackets(input, callback) { - const reader = getReader(input); - let writer; - let callbackReturned; - try { - const peekedBytes = await reader.peekBytes(2); - // some sanity checks - if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { - throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); - } - const headerByte = await reader.readByte(); - let tag = -1; - let format = -1; - let packetLength; - - format = 0; // 0 = old format; 1 = new format - if ((headerByte & 0x40) !== 0) { - format = 1; - } - - let packetLengthType; - if (format) { - // new format header - tag = headerByte & 0x3F; // bit 5-0 - } else { - // old format header - tag = (headerByte & 0x3F) >> 2; // bit 5-2 - packetLengthType = headerByte & 0x03; // bit 1-0 - } - - const packetSupportsStreaming = supportsStreaming(tag); - let packet = null; - if (packetSupportsStreaming) { - if (util.isStream(input) === 'array') { - const arrayStream = new ArrayStream(); - writer = getWriter(arrayStream); - packet = arrayStream; - } else { - const transform = new TransformStream(); - writer = getWriter(transform.writable); - packet = transform.readable; - } - // eslint-disable-next-line callback-return - callbackReturned = callback({ tag, packet }); - } else { - packet = []; - } - - let wasPartialLength; - do { - if (!format) { - // 4.2.1. Old Format Packet Lengths - switch (packetLengthType) { - case 0: - // The packet has a one-octet length. The header is 2 octets - // long. - packetLength = await reader.readByte(); - break; - case 1: - // The packet has a two-octet length. The header is 3 octets - // long. - packetLength = (await reader.readByte() << 8) | await reader.readByte(); - break; - case 2: - // The packet has a four-octet length. The header is 5 - // octets long. - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - break; - default: - // 3 - The packet is of indeterminate length. The header is 1 - // octet long, and the implementation must determine how long - // the packet is. If the packet is in a file, this means that - // the packet extends until the end of the file. In general, - // an implementation SHOULD NOT use indeterminate-length - // packets except where the end of the data will be clear - // from the context, and even then it is better to use a - // definite length, or a new format header. The new format - // headers described below have a mechanism for precisely - // encoding data of indeterminate length. - packetLength = Infinity; - break; - } - } else { // 4.2.2. New Format Packet Lengths - // 4.2.2.1. One-Octet Lengths - const lengthByte = await reader.readByte(); - wasPartialLength = false; - if (lengthByte < 192) { - packetLength = lengthByte; - // 4.2.2.2. Two-Octet Lengths - } else if (lengthByte >= 192 && lengthByte < 224) { - packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; - // 4.2.2.4. Partial Body Lengths - } else if (lengthByte > 223 && lengthByte < 255) { - packetLength = 1 << (lengthByte & 0x1F); - wasPartialLength = true; - if (!packetSupportsStreaming) { - throw new TypeError('This packet type does not support partial lengths.'); - } - // 4.2.2.3. Five-Octet Lengths - } else { - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - } - } - if (packetLength > 0) { - let bytesRead = 0; - while (true) { - if (writer) await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (packetLength === Infinity) break; - throw new Error('Unexpected end of packet'); - } - const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); - if (writer) await writer.write(chunk); - else packet.push(chunk); - bytesRead += value.length; - if (bytesRead >= packetLength) { - reader.unshift(value.subarray(packetLength - bytesRead + value.length)); - break; - } - } - } - } while (wasPartialLength); - - // If this was not a packet that "supports streaming", we peek to check - // whether it is the last packet in the message. We peek 2 bytes instead - // of 1 because the beginning of this function also peeks 2 bytes, and we - // want to cut a `subarray` of the correct length into `web-stream-tools`' - // `externalBuffer` as a tiny optimization here. - // - // If it *was* a streaming packet (i.e. the data packets), we peek at the - // entire remainder of the stream, in order to forward errors in the - // remainder of the stream to the packet data. (Note that this means we - // read/peek at all signature packets before closing the literal data - // packet, for example.) This forwards MDC errors to the literal data - // stream, for example, so that they don't get lost / forgotten on - // decryptedMessage.packets.stream, which we never look at. - // - // An example of what we do when stream-parsing a message containing - // [ one-pass signature packet, literal data packet, signature packet ]: - // 1. Read the one-pass signature packet - // 2. Peek 2 bytes of the literal data packet - // 3. Parse the one-pass signature packet - // - // 4. Read the literal data packet, simultaneously stream-parsing it - // 5. Peek until the end of the message - // 6. Finish parsing the literal data packet - // - // 7. Read the signature packet again (we already peeked at it in step 5) - // 8. Peek at the end of the stream again (`peekBytes` returns undefined) - // 9. Parse the signature packet - // - // Note that this means that if there's an error in the very end of the - // stream, such as an MDC error, we throw in step 5 instead of in step 8 - // (or never), which is the point of this exercise. - const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); - if (writer) { - await writer.ready; - await writer.close(); - } else { - packet = util.concatUint8Array(packet); - // eslint-disable-next-line callback-return - await callback({ tag, packet }); - } - return !nextPacket || !nextPacket.length; - } catch (e) { - if (writer) { - await writer.abort(e); - return true; - } else { - throw e; - } - } finally { - if (writer) { - await callbackReturned; - } - reader.releaseLock(); - } -} - -class UnsupportedError extends Error { - constructor(...params) { - super(...params); - - if (Error.captureStackTrace) { - Error.captureStackTrace(this, UnsupportedError); - } - - this.name = 'UnsupportedError'; - } -} - -class UnparseablePacket { - constructor(tag, rawContent) { - this.tag = tag; - this.rawContent = rawContent; - } - - write() { - return this.rawContent; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$6 = util.getWebCrypto(); -const nodeCrypto$7 = util.getNodeCrypto(); - -const webCurves = { - 'p256': 'P-256', - 'p384': 'P-384', - 'p521': 'P-521' -}; -const knownCurves = nodeCrypto$7 ? nodeCrypto$7.getCurves() : []; -const nodeCurves = nodeCrypto$7 ? { - secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, - p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, - p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, - p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, - ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined, - curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined, - brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, - brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, - brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined -} : {}; - -const curves = { - p256: { - oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.p256, - web: webCurves.p256, - payloadSize: 32, - sharedSize: 256 - }, - p384: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.p384, - web: webCurves.p384, - payloadSize: 48, - sharedSize: 384 - }, - p521: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.p521, - web: webCurves.p521, - payloadSize: 66, - sharedSize: 528 - }, - secp256k1: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.secp256k1, - payloadSize: 32 - }, - ed25519: { - oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], - keyType: enums.publicKey.eddsaLegacy, - hash: enums.hash.sha512, - node: false, // nodeCurves.ed25519 TODO - payloadSize: 32 - }, - curve25519: { - oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], - keyType: enums.publicKey.ecdh, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: false, // nodeCurves.curve25519 TODO - payloadSize: 32 - }, - brainpoolP256r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.brainpoolP256r1, - payloadSize: 32 - }, - brainpoolP384r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.brainpoolP384r1, - payloadSize: 48 - }, - brainpoolP512r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.brainpoolP512r1, - payloadSize: 64 - } -}; - -class CurveWithOID { - constructor(oidOrName, params) { - try { - if (util.isArray(oidOrName) || - util.isUint8Array(oidOrName)) { - // by oid byte array - oidOrName = new OID(oidOrName); - } - if (oidOrName instanceof OID) { - // by curve OID - oidOrName = oidOrName.getName(); - } - // by curve name or oid string - this.name = enums.write(enums.curve, oidOrName); - } catch (err) { - throw new UnsupportedError('Unknown curve'); - } - params = params || curves[this.name]; - - this.keyType = params.keyType; - - this.oid = params.oid; - this.hash = params.hash; - this.cipher = params.cipher; - this.node = params.node && curves[this.name]; - this.web = params.web && curves[this.name]; - this.payloadSize = params.payloadSize; - if (this.web && util.getWebCrypto()) { - this.type = 'web'; - } else if (this.node && util.getNodeCrypto()) { - this.type = 'node'; - } else if (this.name === 'curve25519') { - this.type = 'curve25519'; - } else if (this.name === 'ed25519') { - this.type = 'ed25519'; - } - } - - async genKeyPair() { - let keyPair; - switch (this.type) { - case 'web': - try { - return await webGenKeyPair(this.name); - } catch (err) { - util.printDebugError('Browser did not support generating ec key ' + err.message); - break; - } - case 'node': - return nodeGenKeyPair(this.name); - case 'curve25519': { - const privateKey = getRandomBytes(32); - privateKey[0] = (privateKey[0] & 127) | 64; - privateKey[31] &= 248; - const secretKey = privateKey.slice().reverse(); - keyPair = naclFastLight.box.keyPair.fromSecretKey(secretKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - case 'ed25519': { - const privateKey = getRandomBytes(32); - const keyPair = naclFastLight.sign.keyPair.fromSeed(privateKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - } - const indutnyCurve = await getIndutnyCurve(this.name); - keyPair = await indutnyCurve.genKeyPair({ - entropy: util.uint8ArrayToString(getRandomBytes(32)) - }); - return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) }; - } -} - -async function generate$1(curve) { - const BigInteger = await util.getBigInteger(); - - curve = new CurveWithOID(curve); - const keyPair = await curve.genKeyPair(); - const Q = new BigInteger(keyPair.publicKey).toUint8Array(); - const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize); - return { - oid: curve.oid, - Q, - secret, - hash: curve.hash, - cipher: curve.cipher - }; -} - -/** - * Get preferred hash algo to use with the given curve - * @param {module:type/oid} oid - curve oid - * @returns {enums.hash} hash algorithm - */ -function getPreferredHashAlgo(oid) { - return curves[enums.write(enums.curve, oid.toHex())].hash; -} - -/** - * Validate ECDH and ECDSA parameters - * Not suitable for EdDSA (different secret key format) - * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves - * @param {module:type/oid} oid - EC object identifier - * @param {Uint8Array} Q - EC public point - * @param {Uint8Array} d - EC secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateStandardParams(algo, oid, Q, d) { - const supportedCurves = { - p256: true, - p384: true, - p521: true, - secp256k1: true, - curve25519: algo === enums.publicKey.ecdh, - brainpoolP256r1: true, - brainpoolP384r1: true, - brainpoolP512r1: true - }; - - // Check whether the given curve is supported - const curveName = oid.getName(); - if (!supportedCurves[curveName]) { - return false; - } - - if (curveName === 'curve25519') { - d = d.slice().reverse(); - // Re-derive public point Q' - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(d); - - Q = new Uint8Array(Q); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - if (!util.equalsUint8Array(dG, Q)) { - return false; - } - - return true; - } - - const curve = await getIndutnyCurve(curveName); - try { - // Parse Q and check that it is on the curve but not at infinity - Q = keyFromPublic(curve, Q).getPublic(); - } catch (validationErrors) { - return false; - } - - /** - * Re-derive public point Q' = dG from private key - * Expect Q == Q' - */ - const dG = keyFromPrivate(curve, d).getPublic(); - if (!dG.eq(Q)) { - return false; - } - - return true; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -async function webGenKeyPair(name) { - // Note: keys generated with ECDSA and ECDH are structurally equivalent - const webCryptoKey = await webCrypto$6.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - - const privateKey = await webCrypto$6.exportKey('jwk', webCryptoKey.privateKey); - const publicKey = await webCrypto$6.exportKey('jwk', webCryptoKey.publicKey); - - return { - publicKey: jwkToRawPublic(publicKey), - privateKey: b64ToUint8Array(privateKey.d) - }; -} - -async function nodeGenKeyPair(name) { - // Note: ECDSA and ECDH key generation is structurally equivalent - const ecdh = nodeCrypto$7.createECDH(nodeCurves[name]); - await ecdh.generateKeys(); - return { - publicKey: new Uint8Array(ecdh.getPublicKey()), - privateKey: new Uint8Array(ecdh.getPrivateKey()) - }; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -/** - * @param {JsonWebKey} jwk - key for conversion - * - * @returns {Uint8Array} Raw public key. - */ -function jwkToRawPublic(jwk) { - const bufX = b64ToUint8Array(jwk.x); - const bufY = b64ToUint8Array(jwk.y); - const publicKey = new Uint8Array(bufX.length + bufY.length + 1); - publicKey[0] = 0x04; - publicKey.set(bufX, 1); - publicKey.set(bufY, bufX.length + 1); - return publicKey; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * - * @returns {JsonWebKey} Public key in jwk format. - */ -function rawPublicToJWK(payloadSize, name, publicKey) { - const len = payloadSize; - const bufX = publicKey.slice(1, len + 1); - const bufY = publicKey.slice(len + 1, len * 2 + 1); - // https://www.rfc-editor.org/rfc/rfc7518.txt - const jwk = { - kty: 'EC', - crv: name, - x: uint8ArrayToB64(bufX, true), - y: uint8ArrayToB64(bufY, true), - ext: true - }; - return jwk; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * @param {Uint8Array} privateKey - private key - * - * @returns {JsonWebKey} Private key in jwk format. - */ -function privateToJWK$1(payloadSize, name, publicKey, privateKey) { - const jwk = rawPublicToJWK(payloadSize, name, publicKey); - jwk.d = uint8ArrayToB64(privateKey, true); - return jwk; -} - -const webCrypto$7 = util.getWebCrypto(); -const nodeCrypto$8 = util.getNodeCrypto(); - -/** - * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$1(oid, hashAlgo, message, publicKey, privateKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - const keyPair = { publicKey, privateKey }; - switch (curve.type) { - case 'web': { - // If browser doesn't support a curve, we'll catch it - try { - // Need to await to make sure browser succeeds - return await webSign$1(curve, hashAlgo, message, keyPair); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunaley Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support signing: ' + err.message); - } - break; - } - case 'node': { - const signature = await nodeSign$1(curve, hashAlgo, message, keyPair); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - } - } - return ellipticSign(curve, hashed, privateKey); -} - -/** - * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify - * @param {Uint8Array} message - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$1(oid, hashAlgo, signature, message, publicKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - switch (curve.type) { - case 'web': - try { - // Need to await to make sure browser succeeds - return await webVerify$1(curve, hashAlgo, signature, message, publicKey); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunately Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support verifying: ' + err.message); - } - break; - case 'node': - return nodeVerify$1(curve, hashAlgo, signature, message, publicKey); - } - } - const digest = (typeof hashAlgo === 'undefined') ? message : hashed; - return ellipticVerify(curve, signature, digest, publicKey); -} - -/** - * Validate ECDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDSA public point - * @param {Uint8Array} d - ECDSA secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$2(oid, Q, d) { - const curve = new CurveWithOID(oid); - // Reject curves x25519 and ed25519 - if (curve.keyType !== enums.publicKey.ecdsa) { - return false; - } - - // To speed up the validation, we try to use node- or webcrypto when available - // and sign + verify a random message - switch (curve.type) { - case 'web': - case 'node': { - const message = getRandomBytes(8); - const hashAlgo = enums.hash.sha256; - const hashed = await hash.digest(hashAlgo, message); - try { - const signature = await sign$1(oid, hashAlgo, message, Q, d, hashed); - return await verify$1(oid, hashAlgo, signature, message, Q, hashed); - } catch (err) { - return false; - } - } - default: - return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); - } -} - - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -async function ellipticSign(curve, hashed, privateKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPrivate(indutnyCurve, privateKey); - const signature = key.sign(hashed); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; -} - -async function ellipticVerify(curve, signature, digest, publicKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPublic(indutnyCurve, publicKey); - return key.verify(digest, signature); -} - -async function webSign$1(curve, hashAlgo, message, keyPair) { - const len = curve.payloadSize; - const jwk = privateToJWK$1(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['sign'] - ); - - const signature = new Uint8Array(await webCrypto$7.sign( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - message - )); - - return { - r: signature.slice(0, len), - s: signature.slice(len, len << 1) - }; -} - -async function webVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['verify'] - ); - - const signature = util.concatUint8Array([r, s]).buffer; - - return webCrypto$7.verify( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - signature, - message - ); -} - -async function nodeSign$1(curve, hashAlgo, message, keyPair) { - const sign = nodeCrypto$8.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(message); - sign.end(); - const key = ECPrivateKey.encode({ - version: 1, - parameters: curve.oid, - privateKey: Array.from(keyPair.privateKey), - publicKey: { unused: 0, data: Array.from(keyPair.publicKey) } - }, 'pem', { - label: 'EC PRIVATE KEY' - }); - - return ECDSASignature.decode(sign.sign(key), 'der'); -} - -async function nodeVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$8.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(message); - verify.end(); - const key = SubjectPublicKeyInfo.encode({ - algorithm: { - algorithm: [1, 2, 840, 10045, 2, 1], - parameters: curve.oid - }, - subjectPublicKey: { unused: 0, data: Array.from(publicKey) } - }, 'pem', { - label: 'PUBLIC KEY' - }); - const signature = ECDSASignature.encode({ - r: new BN(r), s: new BN(s) - }, 'der'); - - try { - return verify.verify(key, signature); - } catch (err) { - return false; - } -} - -// Originally written by Owen Smith https://github.com/omsmith -// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/ - -/* eslint-disable no-invalid-this */ - -const asn1$1 = nodeCrypto$8 ? asn1__default['default'] : undefined; - -const ECDSASignature = nodeCrypto$8 ? - asn1$1.define('ECDSASignature', function() { - this.seq().obj( - this.key('r').int(), - this.key('s').int() - ); - }) : undefined; - -const ECPrivateKey = nodeCrypto$8 ? - asn1$1.define('ECPrivateKey', function() { - this.seq().obj( - this.key('version').int(), - this.key('privateKey').octstr(), - this.key('parameters').explicit(0).optional().any(), - this.key('publicKey').explicit(1).optional().bitstr() - ); - }) : undefined; - -const AlgorithmIdentifier = nodeCrypto$8 ? - asn1$1.define('AlgorithmIdentifier', function() { - this.seq().obj( - this.key('algorithm').objid(), - this.key('parameters').optional().any() - ); - }) : undefined; - -const SubjectPublicKeyInfo = nodeCrypto$8 ? - asn1$1.define('SubjectPublicKeyInfo', function() { - this.seq().obj( - this.key('algorithm').use(AlgorithmIdentifier), - this.key('subjectPublicKey').bitstr() - ); - }) : undefined; - -var ecdsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$1, - verify: verify$1, - validateParams: validateParams$2 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Sign a message using the provided legacy EdDSA key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$2(oid, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; -} - -/** - * Verifies if a legacy EdDSA signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$2(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const signature = util.concatUint8Array([r, s]); - return naclFastLight.sign.detached.verify(hashed, signature, publicKey.subarray(1)); -} -/** - * Validate legacy EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point - * @param {Uint8Array} k - EdDSA secret seed - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$3(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } - - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); - -} - -var eddsa_legacy = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$2, - verify: verify$2, - validateParams: validateParams$3 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Generate (non-legacy) EdDSA key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} - */ -async function generate$2(algo) { - switch (algo) { - case enums.publicKey.ed25519: { - const seed = getRandomBytes(32); - const { publicKey: A } = naclFastLight.sign.keyPair.fromSeed(seed); - return { A, seed }; - } - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} - -/** - * Sign a message using the provided key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * RS: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$3(algo, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - const secretKey = util.concatUint8Array([privateKey, publicKey]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - return { RS: signature }; - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - -} - -/** - * Verifies if a signature is valid for a message - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{ RS: Uint8Array }} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$3(algo, hashAlgo, { RS }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - return naclFastLight.sign.detached.verify(hashed, RS, publicKey); - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} -/** - * Validate (non-legacy) EdDSA parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - EdDSA public point - * @param {Uint8Array} seed - EdDSA secret seed - * @param {Uint8Array} oid - (legacy only) EdDSA OID - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$4(algo, A, seed) { - switch (algo) { - case enums.publicKey.ed25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(seed); - return util.equalsUint8Array(A, publicKey); - } - - case enums.publicKey.ed448: // unsupported - default: - return false; - } -} - -function getPreferredHashAlgo$1(algo) { - switch (algo) { - case enums.publicKey.ed25519: - return enums.hash.sha256; - default: - throw new Error('Unknown EdDSA algo'); - } -} - -var eddsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$2, - sign: sign$3, - verify: verify$3, - validateParams: validateParams$4, - getPreferredHashAlgo: getPreferredHashAlgo$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * AES key wrap - * @function - * @param {Uint8Array} key - * @param {Uint8Array} data - * @returns {Uint8Array} - */ -function wrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const P = unpack(data); - let A = IV; - const R = P; - const n = P.length / 2; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 0; j <= 5; ++j) { - for (let i = 0; i < n; ++i) { - t[1] = n * j + (1 + i); - // B = A - B[0] = A[0]; - B[1] = A[1]; - // B = A || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES(K, B) - B = unpack(aes.encrypt(pack(B))); - // A = MSB(64, B) ^ t - A = B.subarray(0, 2); - A[0] ^= t[0]; - A[1] ^= t[1]; - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - return pack(A, R); -} - -/** - * AES key unwrap - * @function - * @param {String} key - * @param {String} data - * @returns {Uint8Array} - * @throws {Error} - */ -function unwrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const C = unpack(data); - let A = C.subarray(0, 2); - const R = C.subarray(2); - const n = C.length / 2 - 1; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 5; j >= 0; --j) { - for (let i = n - 1; i >= 0; --i) { - t[1] = n * j + (i + 1); - // B = A ^ t - B[0] = A[0] ^ t[0]; - B[1] = A[1] ^ t[1]; - // B = (A ^ t) || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES-1(B) - B = unpack(aes.decrypt(pack(B))); - // A = MSB(64, B) - A = B.subarray(0, 2); - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - if (A[0] === IV[0] && A[1] === IV[1]) { - return pack(R); - } - throw new Error('Key Data Integrity failed'); -} - -function createArrayBuffer(data) { - if (util.isString(data)) { - const { length } = data; - const buffer = new ArrayBuffer(length); - const view = new Uint8Array(buffer); - for (let j = 0; j < length; ++j) { - view[j] = data.charCodeAt(j); - } - return buffer; - } - return new Uint8Array(data).buffer; -} - -function unpack(data) { - const { length } = data; - const buffer = createArrayBuffer(data); - const view = new DataView(buffer); - const arr = new Uint32Array(length / 4); - for (let i = 0; i < length / 4; ++i) { - arr[i] = view.getUint32(4 * i); - } - return arr; -} - -function pack() { - let length = 0; - for (let k = 0; k < arguments.length; ++k) { - length += 4 * arguments[k].length; - } - const buffer = new ArrayBuffer(length); - const view = new DataView(buffer); - let offset = 0; - for (let i = 0; i < arguments.length; ++i) { - for (let j = 0; j < arguments[i].length; ++j) { - view.setUint32(offset + 4 * j, arguments[i][j]); - } - offset += 4 * arguments[i].length; - } - return new Uint8Array(buffer); -} - -var aesKW = /*#__PURE__*/Object.freeze({ - __proto__: null, - wrap: wrap, - unwrap: unwrap -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * @fileoverview Functions to add and remove PKCS5 padding - * @see PublicKeyEncryptedSessionKeyPacket - * @module crypto/pkcs5 - * @private - */ - -/** - * Add pkcs5 padding to a message - * @param {Uint8Array} message - message to pad - * @returns {Uint8Array} Padded message. - */ -function encode$1(message) { - const c = 8 - (message.length % 8); - const padded = new Uint8Array(message.length + c).fill(c); - padded.set(message); - return padded; -} - -/** - * Remove pkcs5 padding from a message - * @param {Uint8Array} message - message to remove padding from - * @returns {Uint8Array} Message without padding. - */ -function decode$1(message) { - const len = message.length; - if (len > 0) { - const c = message[len - 1]; - if (c >= 1) { - const provided = message.subarray(len - c); - const computed = new Uint8Array(c).fill(c); - if (util.equalsUint8Array(provided, computed)) { - return message.subarray(0, len - c); - } - } - } - throw new Error('Invalid padding'); -} - -var pkcs5 = /*#__PURE__*/Object.freeze({ - __proto__: null, - encode: encode$1, - decode: decode$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$8 = util.getWebCrypto(); -const nodeCrypto$9 = util.getNodeCrypto(); - -/** - * Validate ECDH parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDH public point - * @param {Uint8Array} d - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$5(oid, Q, d) { - return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); -} - -// Build Param for ECDH algorithm (RFC 6637) -function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { - return util.concatUint8Array([ - oid.write(), - new Uint8Array([public_algo]), - kdfParams.write(), - util.stringToUint8Array('Anonymous Sender '), - fingerprint.subarray(0, 20) - ]); -} - -// Key Derivation Function (RFC 6637) -async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { - // Note: X is little endian for Curve25519, big-endian for all others. - // This is not ideal, but the RFC's are unclear - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - let i; - if (stripLeading) { - // Work around old go crypto bug - for (i = 0; i < X.length && X[i] === 0; i++); - X = X.subarray(i); - } - if (stripTrailing) { - // Work around old OpenPGP.js bug - for (i = X.length - 1; i >= 0 && X[i] === 0; i--); - X = X.subarray(0, i + 1); - } - const digest = await hash.digest(hashAlgo, util.concatUint8Array([ - new Uint8Array([0, 0, 0, 1]), - X, - param - ])); - return digest.subarray(0, length); -} - -/** - * Generate ECDHE ephemeral key and secret from public key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPublicEphemeralKey(curve, Q) { - switch (curve.type) { - case 'curve25519': { - const d = getRandomBytes(32); - const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d); - let { publicKey } = naclFastLight.box.keyPair.fromSecretKey(secretKey); - publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]); - return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPublicEphemeralKey(curve, Q); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePublicEphemeralKey(curve, Q); - } - return ellipticPublicEphemeralKey(curve, Q); -} - -/** - * Encrypt and wrap a session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} data - Unpadded session key data - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} - * @async - */ -async function encrypt$3(oid, kdfParams, data, Q, fingerprint) { - const m = encode$1(data); - - const curve = new CurveWithOID(oid); - const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); - const wrappedKey = wrap(Z, m); - return { publicKey, wrappedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPrivateEphemeralKey(curve, V, Q, d) { - if (d.length !== curve.payloadSize) { - const privateKey = new Uint8Array(curve.payloadSize); - privateKey.set(d, curve.payloadSize - d.length); - d = privateKey; - } - switch (curve.type) { - case 'curve25519': { - const secretKey = d.slice().reverse(); - const sharedKey = naclFastLight.scalarMult(secretKey, V.subarray(1)); - return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPrivateEphemeralKey(curve, V, Q, d); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePrivateEphemeralKey(curve, V, d); - } - return ellipticPrivateEphemeralKey(curve, V, d); -} - -/** - * Decrypt and unwrap the value derived from session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} C - Encrypted and wrapped value derived from session key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Value derived from session key. - * @async - */ -async function decrypt$3(oid, kdfParams, V, C, Q, d, fingerprint) { - const curve = new CurveWithOID(oid); - const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - let err; - for (let i = 0; i < 3; i++) { - try { - // Work around old go crypto bug and old OpenPGP.js bug, respectively. - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); - return decode$1(unwrap(Z, C)); - } catch (e) { - err = e; - } - } - throw err; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPrivateEphemeralKey(curve, V, Q, d) { - const recipient = privateToJWK$1(curve.payloadSize, curve.web.web, Q, d); - let privateKey = webCrypto$8.importKey( - 'jwk', - recipient, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V); - let sender = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - [] - ); - [privateKey, sender] = await Promise.all([privateKey, sender]); - let S = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: sender - }, - privateKey, - curve.web.sharedSize - ); - let secret = webCrypto$8.exportKey( - 'jwk', - privateKey - ); - [S, secret] = await Promise.all([S, secret]); - const sharedKey = new Uint8Array(S); - const secretKey = b64ToUint8Array(secret.d); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPublicEphemeralKey(curve, Q) { - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q); - let keyPair = webCrypto$8.generateKey( - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - let recipient = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - false, - [] - ); - [keyPair, recipient] = await Promise.all([keyPair, recipient]); - let s = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: recipient - }, - keyPair.privateKey, - curve.web.sharedSize - ); - let p = webCrypto$8.exportKey( - 'jwk', - keyPair.publicKey - ); - [s, p] = await Promise.all([s, p]); - const sharedKey = new Uint8Array(s); - const publicKey = new Uint8Array(jwkToRawPublic(p)); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPrivateEphemeralKey(curve, V, d) { - const indutnyCurve = await getIndutnyCurve(curve.name); - V = keyFromPublic(indutnyCurve, V); - d = keyFromPrivate(indutnyCurve, d); - const secretKey = new Uint8Array(d.getPrivate()); - const S = d.derive(V.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPublicEphemeralKey(curve, Q) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const v = await curve.genKeyPair(); - Q = keyFromPublic(indutnyCurve, Q); - const V = keyFromPrivate(indutnyCurve, v.privateKey); - const publicKey = v.publicKey; - const S = V.derive(Q.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePrivateEphemeralKey(curve, V, d) { - const recipient = nodeCrypto$9.createECDH(curve.node.node); - recipient.setPrivateKey(d); - const sharedKey = new Uint8Array(recipient.computeSecret(V)); - const secretKey = new Uint8Array(recipient.getPrivateKey()); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePublicEphemeralKey(curve, Q) { - const sender = nodeCrypto$9.createECDH(curve.node.node); - sender.generateKeys(); - const sharedKey = new Uint8Array(sender.computeSecret(Q)); - const publicKey = new Uint8Array(sender.getPublicKey()); - return { publicKey, sharedKey }; -} - -var ecdh = /*#__PURE__*/Object.freeze({ - __proto__: null, - validateParams: validateParams$5, - encrypt: encrypt$3, - decrypt: decrypt$3 -}); - -/** - * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. - * @module crypto/hkdf - * @private - */ - -const webCrypto$9 = util.getWebCrypto(); -const nodeCrypto$a = util.getNodeCrypto(); -const nodeSubtleCrypto = nodeCrypto$a && nodeCrypto$a.webcrypto && nodeCrypto$a.webcrypto.subtle; - -async function HKDF(hashAlgo, inputKey, salt, info, outLen) { - const hash = enums.read(enums.webHash, hashAlgo); - if (!hash) throw new Error('Hash algo not supported with HKDF'); - - if (webCrypto$9 || nodeSubtleCrypto) { - const crypto = webCrypto$9 || nodeSubtleCrypto; - const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); - const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); - return new Uint8Array(bits); - } - - if (nodeCrypto$a) { - const hashAlgoName = enums.read(enums.hash, hashAlgo); - // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869 - - const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto$a.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest(); - // Step 1: Extract - // PRK = HMAC-Hash(salt, IKM) - const pseudoRandomKey = computeHMAC(salt, inputKey); - - const hashLen = pseudoRandomKey.length; - - // Step 2: Expand - // HKDF-Expand(PRK, info, L) -> OKM - const n = Math.ceil(outLen / hashLen); - const outputKeyingMaterial = new Uint8Array(n * hashLen); - - // HMAC input buffer updated at each iteration - const roundInput = new Uint8Array(hashLen + info.length + 1); - // T_i and last byte are updated at each iteration, but `info` remains constant - roundInput.set(info, hashLen); - - for (let i = 0; i < n; i++) { - // T(0) = empty string (zero length) - // T(i) = HMAC-Hash(PRK, T(i-1) | info | i) - roundInput[roundInput.length - 1] = i + 1; - // t = T(i+1) - const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen)); - roundInput.set(t, 0); - - outputKeyingMaterial.set(t, i * hashLen); - } - - return outputKeyingMaterial.subarray(0, outLen); - } - - throw new Error('No HKDF implementation available'); -} - -/** - * @fileoverview Key encryption and decryption for RFC 6637 ECDH - * @module crypto/public_key/elliptic/ecdh - * @private - */ - -const HKDF_INFO = { - x25519: util.encodeUTF8('OpenPGP X25519') -}; - -/** - * Generate ECDH key for Montgomery curves - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} - */ -async function generate$3(algo) { - switch (algo) { - case enums.publicKey.x25519: { - // k stays in little-endian, unlike legacy ECDH over curve25519 - const k = getRandomBytes(32); - const { publicKey: A } = naclFastLight.box.keyPair.fromSecretKey(k); - return { A, k }; - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** -* Validate ECDH parameters -* @param {module:enums.publicKey} algo - Algorithm identifier -* @param {Uint8Array} A - ECDH public point -* @param {Uint8Array} k - ECDH secret scalar -* @returns {Promise} Whether params are valid. -* @async -*/ -async function validateParams$6(algo, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(k); - return util.equalsUint8Array(A, publicKey); - } - - default: - return false; - } -} - -/** - * Wrap and encrypt a session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} data - session key data to be encrypted - * @param {Uint8Array} recipientA - Recipient public key (K_B) - * @returns {Promise<{ - * ephemeralPublicKey: Uint8Array, - * wrappedKey: Uint8Array - * }>} ephemeral public key (K_A) and encrypted key - * @async - */ -async function encrypt$4(algo, data, recipientA) { - switch (algo) { - case enums.publicKey.x25519: { - const ephemeralSecretKey = getRandomBytes(32); - const sharedSecret = naclFastLight.scalarMult(ephemeralSecretKey, recipientA); - const { publicKey: ephemeralPublicKey } = naclFastLight.box.keyPair.fromSecretKey(ephemeralSecretKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - recipientA, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - const wrappedKey = wrap(encryptionKey, data); - return { ephemeralPublicKey, wrappedKey }; - } - - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** - * Decrypt and unwrap the session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} ephemeralPublicKey - (K_A) - * @param {Uint8Array} wrappedKey, - * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF - * @param {Uint8Array} k - Recipient secret key (b) - * @returns {Promise} decrypted session key data - * @async - */ -async function decrypt$4(algo, ephemeralPublicKey, wrappedKey, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - const sharedSecret = naclFastLight.scalarMult(k, ephemeralPublicKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - A, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - return unwrap(encryptionKey, wrappedKey); - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -var ecdh_x = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$3, - validateParams: validateParams$6, - encrypt: encrypt$4, - decrypt: decrypt$4 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -var elliptic = /*#__PURE__*/Object.freeze({ - __proto__: null, - CurveWithOID: CurveWithOID, - ecdh: ecdh, - ecdhX: ecdh_x, - ecdsa: ecdsa, - eddsaLegacy: eddsa_legacy, - eddsa: eddsa, - generate: generate$1, - getPreferredHashAlgo: getPreferredHashAlgo -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/* - TODO regarding the hash function, read: - https://tools.ietf.org/html/rfc4880#section-13.6 - https://tools.ietf.org/html/rfc4880#section-14 -*/ - -/** - * DSA Sign function - * @param {Integer} hashAlgo - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} x - * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} - * @async - */ -async function sign$4(hashAlgo, hashed, g, p, q, x) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - x = new BigInteger(x); - - let k; - let r; - let s; - let t; - g = g.mod(p); - x = x.mod(q); - // If the output size of the chosen hash is larger than the number of - // bits of q, the hash result is truncated to fit by taking the number - // of leftmost bits equal to the number of bits of q. This (possibly - // truncated) hash function result is treated as a number and used - // directly in the DSA signature algorithm. - const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q); - // FIPS-186-4, section 4.6: - // The values of r and s shall be checked to determine if r = 0 or s = 0. - // If either r = 0 or s = 0, a new value of k shall be generated, and the - // signature shall be recalculated. It is extremely unlikely that r = 0 - // or s = 0 if signatures are generated properly. - while (true) { - // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - k = await getRandomBigInteger(one, q); // returns in [1, q-1] - r = g.modExp(k, p).imod(q); // (g**k mod p) mod q - if (r.isZero()) { - continue; - } - const xr = x.mul(r).imod(q); - t = h.add(xr).imod(q); // H(m) + x*r mod q - s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q - if (s.isZero()) { - continue; - } - break; - } - return { - r: r.toUint8Array('be', q.byteLength()), - s: s.toUint8Array('be', q.byteLength()) - }; -} - -/** - * DSA Verify function - * @param {Integer} hashAlgo - * @param {Uint8Array} r - * @param {Uint8Array} s - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} y - * @returns {boolean} - * @async - */ -async function verify$4(hashAlgo, r, s, hashed, g, p, q, y) { - const BigInteger = await util.getBigInteger(); - const zero = new BigInteger(0); - r = new BigInteger(r); - s = new BigInteger(s); - - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - - if (r.lte(zero) || r.gte(q) || - s.lte(zero) || s.gte(q)) { - util.printDebug('invalid DSA Signature'); - return false; - } - const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q); - const w = s.modInv(q); // s**-1 mod q - if (w.isZero()) { - util.printDebug('invalid DSA Signature'); - return false; - } - - g = g.mod(p); - y = y.mod(p); - const u1 = h.mul(w).imod(q); // H(m) * w mod q - const u2 = r.mul(w).imod(q); // r * w mod q - const t1 = g.modExp(u1, p); // g**u1 mod p - const t2 = y.modExp(u2, p); // y**u2 mod p - const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q - return v.equal(r); -} - -/** - * Validate DSA parameters - * @param {Uint8Array} p - DSA prime - * @param {Uint8Array} q - DSA group order - * @param {Uint8Array} g - DSA sub-group generator - * @param {Uint8Array} y - DSA public key - * @param {Uint8Array} x - DSA private key - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$7(p, q, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - /** - * Check that subgroup order q divides p-1 - */ - if (!p.dec().mod(q).isZero()) { - return false; - } - - /** - * g has order q - * Check that g ** q = 1 mod p - */ - if (!g.modExp(q, p).isOne()) { - return false; - } - - /** - * Check q is large and probably prime (we mainly want to avoid small factors) - */ - const qSize = new BigInteger(q.bitLength()); - const n150 = new BigInteger(150); - if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) { - return false; - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{rq + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q - const rqx = q.mul(r).add(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var dsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$4, - verify: verify$4, - validateParams: validateParams$7 -}); - -/** - * @fileoverview Asymmetric cryptography functions - * @module crypto/public_key - * @private - */ - -var publicKey = { - /** @see module:crypto/public_key/rsa */ - rsa: rsa, - /** @see module:crypto/public_key/elgamal */ - elgamal: elgamal, - /** @see module:crypto/public_key/elliptic */ - elliptic: elliptic, - /** @see module:crypto/public_key/dsa */ - dsa: dsa, - /** @see tweetnacl */ - nacl: naclFastLight -}; - -/** - * @fileoverview Provides functions for asymmetric signing and signature verification - * @module crypto/signature - * @private - */ - -/** - * Parse signature in binary form to get the parameters. - * The returned values are only padded for EdDSA, since in the other cases their expected length - * depends on the key params, hence we delegate the padding to the signature verification function. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Uint8Array} signature - Data for which the signature was created - * @returns {Promise} True if signature is valid. - * @async - */ -function parseSignatureParams(algo, signature) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA signatures: - // - MPI of RSA signature value m**d mod n. - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const s = util.readMPI(signature.subarray(read)); - // The signature needs to be the same length as the public key modulo n. - // We pad s on signature verification, where we have access to n. - return { s }; - } - // Algorithm-Specific Fields for DSA or ECDSA signatures: - // - MPI of DSA or ECDSA value r. - // - MPI of DSA or ECDSA value s. - case enums.publicKey.dsa: - case enums.publicKey.ecdsa: - { - const r = util.readMPI(signature.subarray(read)); read += r.length + 2; - const s = util.readMPI(signature.subarray(read)); - return { r, s }; - } - // Algorithm-Specific Fields for legacy EdDSA signatures: - // - MPI of an EC point r. - // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsaLegacy: { - // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: - // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 - let r = util.readMPI(signature.subarray(read)); read += r.length + 2; - r = util.leftPad(r, 32); - let s = util.readMPI(signature.subarray(read)); - s = util.leftPad(s, 32); - return { r, s }; - } - // Algorithm-Specific Fields for Ed25519 signatures: - // - 64 octets of the native signature - case enums.publicKey.ed25519: { - const RS = signature.subarray(read, read + 64); read += RS.length; - return { RS }; - } - default: - throw new UnsupportedError('Unknown signature algorithm.'); - } -} - -/** - * Verifies the signature provided for data using specified algorithms and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} signature - Named algorithm-specific signature parameters - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Data for which the signature was created - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} True if signature is valid. - * @async - */ -async function verify$5(algo, hashAlgo, signature, publicParams, data, hashed) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto - return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); - } - case enums.publicKey.dsa: { - const { g, p, q, y } = publicParams; - const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers - return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicParams; - const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; - // padding needed for webcrypto - const r = util.leftPad(signature.r, curveSize); - const s = util.leftPad(signature.s, curveSize); - return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicParams; - // signature already padded on parsing - return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -/** - * Creates a signature on data using specified algorithms and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters - * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters - * @param {Uint8Array} data - Data to be signed - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} Signature Object containing named signature parameters. - * @async - */ -async function sign$5(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { - if (!publicKeyParams || !privateKeyParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); - return { s }; - } - case enums.publicKey.dsa: { - const { g, p, q } = publicKeyParams; - const { x } = privateKeyParams; - return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); - } - case enums.publicKey.elgamal: { - throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicKeyParams; - const { d } = privateKeyParams; - return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -var signature = /*#__PURE__*/Object.freeze({ - __proto__: null, - parseSignatureParams: parseSignatureParams, - verify: verify$5, - sign: sign$5 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class ECDHSymmetricKey { - constructor(data) { - if (data) { - this.data = data; - } - } - - /** - * Read an ECDHSymmetricKey from an Uint8Array: - * - 1 octect for the length `l` - * - `l` octects of encoded session key data - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - if (bytes.length >= 1) { - const length = bytes[0]; - if (bytes.length >= 1 + length) { - this.data = bytes.subarray(1, 1 + length); - return 1 + this.data.length; - } - } - throw new Error('Invalid symmetric key'); - } - - /** - * Write an ECDHSymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Implementation of type KDF parameters - * - * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: - * A key derivation function (KDF) is necessary to implement the EC - * encryption. The Concatenation Key Derivation Function (Approved - * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is - * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. - * @module type/kdf_params - * @private - */ - -class KDFParams { - /** - * @param {enums.hash} hash - Hash algorithm - * @param {enums.symmetric} cipher - Symmetric algorithm - */ - constructor(data) { - if (data) { - const { hash, cipher } = data; - this.hash = hash; - this.cipher = cipher; - } else { - this.hash = null; - this.cipher = null; - } - } - - /** - * Read KDFParams from an Uint8Array - * @param {Uint8Array} input - Where to read the KDFParams from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { - throw new UnsupportedError('Cannot read KDFParams'); - } - this.hash = input[2]; - this.cipher = input[3]; - return 4; - } - - /** - * Write KDFParams to an Uint8Array - * @returns {Uint8Array} Array with the KDFParams value - */ - write() { - return new Uint8Array([3, 1, this.hash, this.cipher]); - } -} - -/** - * Encoded symmetric key for x25519 and x448 - * The payload format varies for v3 and v6 PKESK: - * the former includes an algorithm byte preceeding the encrypted session key. - * - * @module type/x25519x448_symkey - */ - -class ECDHXSymmetricKey { - static fromObject({ wrappedKey, algorithm }) { - const instance = new ECDHXSymmetricKey(); - instance.wrappedKey = wrappedKey; - instance.algorithm = algorithm; - return instance; - } - - /** - * - 1 octect for the length `l` - * - `l` octects of encoded session key data (with optional leading algorithm byte) - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - let read = 0; - let followLength = bytes[read++]; - this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even - followLength -= followLength % 2; - this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength; - } - - /** - * Write an MontgomerySymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([ - this.algorithm ? - new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : - new Uint8Array([this.wrappedKey.length]), - this.wrappedKey - ]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Encrypts data using specified algorithm and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. - * @param {module:enums.publicKey} keyAlgo - Public key algorithm - * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Session key data to be encrypted - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Encrypted session key parameters. - * @async - */ -async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const { n, e } = publicParams; - const c = await publicKey.rsa.encrypt(data, n, e); - return { c }; - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - return publicKey.elgamal.encrypt(data, p, g, y); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicParams; - const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( - oid, kdfParams, data, Q, fingerprint); - return { V, C: new ECDHSymmetricKey(C) }; - } - case enums.publicKey.x25519: { - if (!util.isAES(symmetricAlgo)) { - // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 - throw new Error('X25519 keys can only encrypt AES session keys'); - } - const { A } = publicParams; - const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( - keyAlgo, data, A); - const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); - return { ephemeralPublicKey, C }; - } - default: - return []; - } -} - -/** - * Decrypts data using specified algorithm and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Object} publicKeyParams - Algorithm-specific public key parameters - * @param {Object} privateKeyParams - Algorithm-specific private key parameters - * @param {Object} sessionKeyParams - Encrypted session key parameters - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing - * (needed for constant-time processing in RSA and ElGamal) - * @returns {Promise} Decrypted data. - * @throws {Error} on sensitive decryption error, unless `randomPayload` is given - * @async - */ -async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: { - const { c } = sessionKeyParams; - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); - } - case enums.publicKey.elgamal: { - const { c1, c2 } = sessionKeyParams; - const p = publicKeyParams.p; - const x = privateKeyParams.x; - return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicKeyParams; - const { d } = privateKeyParams; - const { V, C } = sessionKeyParams; - return publicKey.elliptic.ecdh.decrypt( - oid, kdfParams, V, C.data, Q, d, fingerprint); - } - case enums.publicKey.x25519: { - const { A } = publicKeyParams; - const { k } = privateKeyParams; - const { ephemeralPublicKey, C } = sessionKeyParams; - if (!util.isAES(C.algorithm)) { - throw new Error('AES session key expected'); - } - return publicKey.elliptic.ecdhX.decrypt( - algo, ephemeralPublicKey, C.wrappedKey, A, k); - } - default: - throw new Error('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse public key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. - */ -function parsePublicKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; - const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; - return { read, publicParams: { n, e } }; - } - case enums.publicKey.dsa: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, q, g, y } }; - } - case enums.publicKey.elgamal: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, g, y } }; - } - case enums.publicKey.ecdsa: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.eddsaLegacy: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - Q = util.leftPad(Q, 33); - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.ecdh: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); - return { read: read, publicParams: { oid, Q, kdfParams } }; - } - case enums.publicKey.ed25519: - case enums.publicKey.x25519: { - const A = bytes.subarray(read, read + 32); read += A.length; - return { read, publicParams: { A } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse private key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @param {Object} publicParams - (ECC only) public params, needed to format some private params - * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. - */ -function parsePrivateKeyParams(algo, bytes, publicParams) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; - return { read, privateParams: { d, p, q, u } }; - } - case enums.publicKey.dsa: - case enums.publicKey.elgamal: { - const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; - return { read, privateParams: { x } }; - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const curve = new CurveWithOID(publicParams.oid); - let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - d = util.leftPad(d, curve.payloadSize); - return { read, privateParams: { d } }; - } - case enums.publicKey.eddsaLegacy: { - const curve = new CurveWithOID(publicParams.oid); - let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; - seed = util.leftPad(seed, curve.payloadSize); - return { read, privateParams: { seed } }; - } - case enums.publicKey.ed25519: { - const seed = bytes.subarray(read, read + 32); read += seed.length; - return { read, privateParams: { seed } }; - } - case enums.publicKey.x25519: { - const k = bytes.subarray(read, read + 32); read += k.length; - return { read, privateParams: { k } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** Returns the types comprising the encrypted session key of an algorithm - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {Object} The session key parameters referenced by name. - */ -function parseEncSessionKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA encrypted session keys: - // - MPI of RSA encrypted value m**e mod n. - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const c = util.readMPI(bytes.subarray(read)); - return { c }; - } - - // Algorithm-Specific Fields for Elgamal encrypted session keys: - // - MPI of Elgamal value g**k mod p - // - MPI of Elgamal value m * y**k mod p - case enums.publicKey.elgamal: { - const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; - const c2 = util.readMPI(bytes.subarray(read)); - return { c1, c2 }; - } - // Algorithm-Specific Fields for ECDH encrypted session keys: - // - MPI containing the ephemeral key used to establish the shared secret - // - ECDH Symmetric Key - case enums.publicKey.ecdh: { - const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; - const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); - return { V, C }; - } - // Algorithm-Specific Fields for X25519 encrypted session keys: - // - 32 octets representing an ephemeral X25519 public key. - // - A one-octet size of the following fields. - // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - // - The encrypted session key. - case enums.publicKey.x25519: { - const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length; - const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); - return { ephemeralPublicKey, C }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Convert params to MPI and serializes them in the proper order - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} params - The key parameters indexed by name - * @returns {Uint8Array} The array containing the MPIs. - */ -function serializeParams(algo, params) { - // Some algorithms do not rely on MPIs to store the binary params - const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]); - const orderedParams = Object.keys(params).map(name => { - const param = params[name]; - if (!util.isUint8Array(param)) return param.write(); - return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); - }); - return util.concatUint8Array(orderedParams); -} - -/** - * Generate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Integer} bits - Bit length for RSA keys - * @param {module:type/oid} oid - Object identifier for ECC keys - * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. - * @async - */ -function generateParams(algo, bits, oid) { - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ - privateParams: { d, p, q, u }, - publicParams: { n, e } - })); - } - case enums.publicKey.ecdsa: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { d: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { seed: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.ecdh: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ - privateParams: { d: secret }, - publicParams: { - oid: new OID(oid), - Q, - kdfParams: new KDFParams({ hash, cipher }) - } - })); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ - privateParams: { seed }, - publicParams: { A } - })); - case enums.publicKey.x25519: - return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ - privateParams: { k }, - publicParams: { A } - })); - case enums.publicKey.dsa: - case enums.publicKey.elgamal: - throw new Error('Unsupported algorithm for key generation.'); - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Validate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Object} privateParams - Algorithm-specific private key parameters - * @returns {Promise} Whether the parameters are valid. - * @async - */ -async function validateParams$8(algo, publicParams, privateParams) { - if (!publicParams || !privateParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const { d, p, q, u } = privateParams; - return publicKey.rsa.validateParams(n, e, d, p, q, u); - } - case enums.publicKey.dsa: { - const { p, q, g, y } = publicParams; - const { x } = privateParams; - return publicKey.dsa.validateParams(p, q, g, y, x); - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - const { x } = privateParams; - return publicKey.elgamal.validateParams(p, g, y, x); - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; - const { oid, Q } = publicParams; - const { d } = privateParams; - return algoModule.validateParams(oid, Q, d); - } - case enums.publicKey.eddsaLegacy: { - const { Q, oid } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(algo, A, seed); - } - case enums.publicKey.x25519: { - const { A } = publicParams; - const { k } = privateParams; - return publicKey.elliptic.ecdhX.validateParams(algo, A, k); - } - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Generates a random byte prefix for the specified algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. - * @async - */ -async function getPrefixRandom(algo) { - const { blockSize } = getCipher(algo); - const prefixrandom = await getRandomBytes(blockSize); - const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); - return util.concat([prefixrandom, repeat]); -} - -/** - * Generating a session key for the specified symmetric algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Uint8Array} Random bytes as a string to be used as a key. - */ -function generateSessionKey(algo) { - const { keySize } = getCipher(algo); - return getRandomBytes(keySize); -} - -/** - * Get implementation of the given AEAD mode - * @param {enums.aead} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getAEADMode(algo) { - const algoName = enums.read(enums.aead, algo); - return mode[algoName]; -} - -/** - * Check whether the given curve OID is supported - * @param {module:type/oid} oid - EC object identifier - * @throws {UnsupportedError} if curve is not supported - */ -function checkSupportedCurve(oid) { - try { - oid.getName(); - } catch (e) { - throw new UnsupportedError('Unknown curve OID'); - } -} - -/** - * Get preferred hash algo for a given elliptic algo - * @param {module:enums.publicKey} algo - alrogithm identifier - * @param {module:type/oid} [oid] - curve OID if needed by algo - */ -function getPreferredCurveHashAlgo(algo, oid) { - switch (algo) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.getPreferredHashAlgo(oid); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); - default: - throw new Error('Unknown elliptic signing algo'); - } -} - -var crypto$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - publicKeyEncrypt: publicKeyEncrypt, - publicKeyDecrypt: publicKeyDecrypt, - parsePublicKeyParams: parsePublicKeyParams, - parsePrivateKeyParams: parsePrivateKeyParams, - parseEncSessionKeyParams: parseEncSessionKeyParams, - serializeParams: serializeParams, - generateParams: generateParams, - validateParams: validateParams$8, - getPrefixRandom: getPrefixRandom, - generateSessionKey: generateSessionKey, - getAEADMode: getAEADMode, - getCipher: getCipher, - getPreferredCurveHashAlgo: getPreferredCurveHashAlgo -}); - -/** - * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js - * @see module:crypto/crypto - * @see module:crypto/signature - * @see module:crypto/public_key - * @see module:crypto/cipher - * @see module:crypto/random - * @see module:crypto/hash - * @module crypto - * @private - */ - -// TODO move cfb and gcm to cipher -const mod = { - /** @see module:crypto/cipher */ - cipher: cipher, - /** @see module:crypto/hash */ - hash: hash, - /** @see module:crypto/mode */ - mode: mode, - /** @see module:crypto/public_key */ - publicKey: publicKey, - /** @see module:crypto/signature */ - signature: signature, - /** @see module:crypto/random */ - random: random, - /** @see module:crypto/pkcs1 */ - pkcs1: pkcs1, - /** @see module:crypto/pkcs5 */ - pkcs5: pkcs5, - /** @see module:crypto/aes_kw */ - aesKW: aesKW -}; - -Object.assign(mod, crypto$1); - -var TYPED_OK = typeof Uint8Array !== "undefined" && - typeof Uint16Array !== "undefined" && - typeof Int32Array !== "undefined"; - - -// reduce buffer size, avoiding mem copy -function shrinkBuf(buf, size) { - if (buf.length === size) { - return buf; - } - if (buf.subarray) { - return buf.subarray(0, size); - } - buf.length = size; - return buf; -} - - -const fnTyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - if (src.subarray && dest.subarray) { - dest.set(src.subarray(src_offs, src_offs + len), dest_offs); - return; - } - // Fallback to ordinary array - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - let i, l, len, pos, chunk; - - // calculate data length - len = 0; - for (i = 0, l = chunks.length; i < l; i++) { - len += chunks[i].length; - } - - // join chunks - const result = new Uint8Array(len); - pos = 0; - for (i = 0, l = chunks.length; i < l; i++) { - chunk = chunks[i]; - result.set(chunk, pos); - pos += chunk.length; - } - - return result; - } -}; - -const fnUntyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - return [].concat.apply([], chunks); - } -}; - - -// Enable/Disable typed arrays use, for testing -// - -let Buf8 = TYPED_OK ? Uint8Array : Array; -let Buf16 = TYPED_OK ? Uint16Array : Array; -let Buf32 = TYPED_OK ? Int32Array : Array; -let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks; -let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet; - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -/* Allowed flush values; see deflate() and inflate() below for details */ -const Z_NO_FLUSH = 0; -const Z_PARTIAL_FLUSH = 1; -const Z_SYNC_FLUSH = 2; -const Z_FULL_FLUSH = 3; -const Z_FINISH = 4; -const Z_BLOCK = 5; -const Z_TREES = 6; - -/* Return codes for the compression/decompression functions. Negative values - * are errors, positive values are used for special but normal events. - */ -const Z_OK = 0; -const Z_STREAM_END = 1; -const Z_NEED_DICT = 2; -const Z_STREAM_ERROR = -2; -const Z_DATA_ERROR = -3; -//export const Z_MEM_ERROR = -4; -const Z_BUF_ERROR = -5; -const Z_DEFAULT_COMPRESSION = -1; - - -const Z_FILTERED = 1; -const Z_HUFFMAN_ONLY = 2; -const Z_RLE = 3; -const Z_FIXED = 4; -const Z_DEFAULT_STRATEGY = 0; - -/* Possible values of the data_type field (though see inflate()) */ -const Z_BINARY = 0; -const Z_TEXT = 1; -//export const Z_ASCII = 1; // = Z_TEXT (deprecated) -const Z_UNKNOWN = 2; - -/* The deflate compression method */ -const Z_DEFLATED = 8; -//export const Z_NULL = null // Use -1 or null inline, depending on var type - -/*============================================================================*/ - - -function zero$1(buf) { - let len = buf.length; while (--len >= 0) { - buf[len] = 0; - } -} - -// From zutil.h - -const STORED_BLOCK = 0; -const STATIC_TREES = 1; -const DYN_TREES = 2; -/* The three kinds of block type */ - -const MIN_MATCH = 3; -const MAX_MATCH = 258; -/* The minimum and maximum match lengths */ - -// From deflate.h -/* =========================================================================== - * Internal compression state. - */ - -const LENGTH_CODES = 29; -/* number of length codes, not counting the special END_BLOCK code */ - -const LITERALS = 256; -/* number of literal bytes 0..255 */ - -const L_CODES = LITERALS + 1 + LENGTH_CODES; -/* number of Literal or Length codes, including the END_BLOCK code */ - -const D_CODES = 30; -/* number of distance codes */ - -const BL_CODES = 19; -/* number of codes used to transfer the bit lengths */ - -const HEAP_SIZE = 2 * L_CODES + 1; -/* maximum heap size */ - -const MAX_BITS = 15; -/* All codes must not exceed MAX_BITS bits */ - -const Buf_size = 16; -/* size of bit buffer in bi_buf */ - - -/* =========================================================================== - * Constants - */ - -const MAX_BL_BITS = 7; -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -const END_BLOCK = 256; -/* end of block literal code */ - -const REP_3_6 = 16; -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -const REPZ_3_10 = 17; -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -const REPZ_11_138 = 18; -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -/* eslint-disable comma-spacing,array-bracket-spacing */ -const extra_lbits = /* extra bits for each length code */ - [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]; - -const extra_dbits = /* extra bits for each distance code */ - [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]; - -const extra_blbits = /* extra bits for each bit length code */ - [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]; - -const bl_order = - [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]; -/* eslint-enable comma-spacing,array-bracket-spacing */ - -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -/* =========================================================================== - * Local data. These are initialized only once. - */ - -// We pre-fill arrays with 0 to avoid uninitialized gaps - -const DIST_CODE_LEN = 512; /* see definition of array dist_code below */ - -// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1 -const static_ltree = new Array((L_CODES + 2) * 2); -zero$1(static_ltree); -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - -const static_dtree = new Array(D_CODES * 2); -zero$1(static_dtree); -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -const _dist_code = new Array(DIST_CODE_LEN); -zero$1(_dist_code); -/* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -const _length_code = new Array(MAX_MATCH - MIN_MATCH + 1); -zero$1(_length_code); -/* length code for each normalized match length (0 == MIN_MATCH) */ - -const base_length = new Array(LENGTH_CODES); -zero$1(base_length); -/* First normalized length for each code (0 = MIN_MATCH) */ - -const base_dist = new Array(D_CODES); -zero$1(base_dist); -/* First normalized distance for each code (0 = distance of 1) */ - - -function StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) { - - this.static_tree = static_tree; /* static tree or NULL */ - this.extra_bits = extra_bits; /* extra bits for each code or NULL */ - this.extra_base = extra_base; /* base index for extra_bits */ - this.elems = elems; /* max number of elements in the tree */ - this.max_length = max_length; /* max bit length for the codes */ - - // show if `static_tree` has data or dummy - needed for monomorphic objects - this.has_stree = static_tree && static_tree.length; -} - - -let static_l_desc; -let static_d_desc; -let static_bl_desc; - - -function TreeDesc(dyn_tree, stat_desc) { - this.dyn_tree = dyn_tree; /* the dynamic tree */ - this.max_code = 0; /* largest code with non zero frequency */ - this.stat_desc = stat_desc; /* the corresponding static tree */ -} - - - -function d_code(dist) { - return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)]; -} - - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -function put_short(s, w) { -// put_byte(s, (uch)((w) & 0xff)); -// put_byte(s, (uch)((ush)(w) >> 8)); - s.pending_buf[s.pending++] = w & 0xff; - s.pending_buf[s.pending++] = w >>> 8 & 0xff; -} - - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -function send_bits(s, value, length) { - if (s.bi_valid > Buf_size - length) { - s.bi_buf |= value << s.bi_valid & 0xffff; - put_short(s, s.bi_buf); - s.bi_buf = value >> Buf_size - s.bi_valid; - s.bi_valid += length - Buf_size; - } else { - s.bi_buf |= value << s.bi_valid & 0xffff; - s.bi_valid += length; - } -} - - -function send_code(s, c, tree) { - send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/); -} - - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -function bi_reverse(code, len) { - let res = 0; - do { - res |= code & 1; - code >>>= 1; - res <<= 1; - } while (--len > 0); - return res >>> 1; -} - - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -function bi_flush(s) { - if (s.bi_valid === 16) { - put_short(s, s.bi_buf); - s.bi_buf = 0; - s.bi_valid = 0; - - } else if (s.bi_valid >= 8) { - s.pending_buf[s.pending++] = s.bi_buf & 0xff; - s.bi_buf >>= 8; - s.bi_valid -= 8; - } -} - - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -function gen_bitlen(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const max_code = desc.max_code; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const extra = desc.stat_desc.extra_bits; - const base = desc.stat_desc.extra_base; - const max_length = desc.stat_desc.max_length; - let h; /* heap index */ - let n, m; /* iterate over the tree elements */ - let bits; /* bit length */ - let xbits; /* extra bits */ - let f; /* frequency */ - let overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) { - s.bl_count[bits] = 0; - } - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */ - - for (h = s.heap_max + 1; h < HEAP_SIZE; h++) { - n = s.heap[h]; - bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1; - if (bits > max_length) { - bits = max_length; - overflow++; - } - tree[n * 2 + 1]/*.Len*/ = bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) { - continue; - } /* not a leaf node */ - - s.bl_count[bits]++; - xbits = 0; - if (n >= base) { - xbits = extra[n - base]; - } - f = tree[n * 2]/*.Freq*/; - s.opt_len += f * (bits + xbits); - if (has_stree) { - s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits); - } - } - if (overflow === 0) { - return; - } - - // Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length - 1; - while (s.bl_count[bits] === 0) { - bits--; - } - s.bl_count[bits]--; /* move one leaf down the tree */ - s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */ - s.bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits !== 0; bits--) { - n = s.bl_count[bits]; - while (n !== 0) { - m = s.heap[--h]; - if (m > max_code) { - continue; - } - if (tree[m * 2 + 1]/*.Len*/ !== bits) { - // Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/; - tree[m * 2 + 1]/*.Len*/ = bits; - } - n--; - } - } -} - - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -function gen_codes(tree, max_code, bl_count) -// ct_data *tree; /* the tree to decorate */ -// int max_code; /* largest code with non zero frequency */ -// ushf *bl_count; /* number of codes at each bit length */ -{ - const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */ - let code = 0; /* running code value */ - let bits; /* bit index */ - let n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = code + bl_count[bits - 1] << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES - 1; code++) { - base_length[code] = length; - for (n = 0; n < 1 << extra_lbits[code]; n++) { - _length_code[length++] = code; - } - } - //Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - _length_code[length - 1] = code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < 1 << extra_dbits[code]; n++) { - _dist_code[dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for (; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < 1 << extra_dbits[code] - 7; n++) { - _dist_code[256 + dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) { - bl_count[bits] = 0; - } - - n = 0; - while (n <= 143) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - while (n <= 255) { - static_ltree[n * 2 + 1]/*.Len*/ = 9; - n++; - bl_count[9]++; - } - while (n <= 279) { - static_ltree[n * 2 + 1]/*.Len*/ = 7; - n++; - bl_count[7]++; - } - while (n <= 287) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes(static_ltree, L_CODES + 1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n * 2 + 1]/*.Len*/ = 5; - static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5); - } - - // Now data ready and we can init static trees - static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS); - static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS); - static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS); - - //static_init_done = true; -} - - -/* =========================================================================== - * Initialize a new block. - */ -function init_block(s) { - let n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) { - s.dyn_ltree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < D_CODES; n++) { - s.dyn_dtree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < BL_CODES; n++) { - s.bl_tree[n * 2]/*.Freq*/ = 0; - } - - s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1; - s.opt_len = s.static_len = 0; - s.last_lit = s.matches = 0; -} - - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -function bi_windup(s) { - if (s.bi_valid > 8) { - put_short(s, s.bi_buf); - } else if (s.bi_valid > 0) { - //put_byte(s, (Byte)s->bi_buf); - s.pending_buf[s.pending++] = s.bi_buf; - } - s.bi_buf = 0; - s.bi_valid = 0; -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -function copy_block(s, buf, len, header) -//DeflateState *s; -//charf *buf; /* the input data */ -//unsigned len; /* its length */ -//int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - - if (header) { - put_short(s, len); - put_short(s, ~len); - } - // while (len--) { - // put_byte(s, *buf++); - // } - arraySet(s.pending_buf, s.window, buf, len, s.pending); - s.pending += len; -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -function smaller(tree, n, m, depth) { - const _n2 = n * 2; - const _m2 = m * 2; - return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ || - tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m]; -} - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -function pqdownheap(s, tree, k) -// deflate_state *s; -// ct_data *tree; /* the tree to restore */ -// int k; /* node to move down */ -{ - const v = s.heap[k]; - let j = k << 1; /* left son of k */ - while (j <= s.heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s.heap_len && - smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s.heap[j], s.depth)) { - break; - } - - /* Exchange v with the smallest son */ - s.heap[k] = s.heap[j]; - k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s.heap[k] = v; -} - - -// inlined manually -// var SMALLEST = 1; - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -function compress_block(s, ltree, dtree) -// deflate_state *s; -// const ct_data *ltree; /* literal tree */ -// const ct_data *dtree; /* distance tree */ -{ - let dist; /* distance of matched string */ - let lc; /* match length or unmatched char (if dist == 0) */ - let lx = 0; /* running index in l_buf */ - let code; /* the code to send */ - let extra; /* number of extra bits to send */ - - if (s.last_lit !== 0) { - do { - dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1]; - lc = s.pending_buf[s.l_buf + lx]; - lx++; - - if (dist === 0) { - send_code(s, lc, ltree); /* send a literal byte */ - //Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code + LITERALS + 1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra !== 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - //Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra !== 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - // "pendingBuf overflow"); - - } while (lx < s.last_lit); - } - - send_code(s, END_BLOCK, ltree); -} - - -/* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ -function build_tree(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const elems = desc.stat_desc.elems; - let n, m; /* iterate over heap elements */ - let max_code = -1; /* largest code with non zero frequency */ - let node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s.heap_len = 0; - s.heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n * 2]/*.Freq*/ !== 0) { - s.heap[++s.heap_len] = max_code = n; - s.depth[n] = 0; - - } else { - tree[n * 2 + 1]/*.Len*/ = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s.heap_len < 2) { - node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0; - tree[node * 2]/*.Freq*/ = 1; - s.depth[node] = 0; - s.opt_len--; - - if (has_stree) { - s.static_len -= stree[node * 2 + 1]/*.Len*/; - } - /* node is 0 or 1 so it does not have extra bits */ - } - desc.max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) { - pqdownheap(s, tree, n); - } - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - //pqremove(s, tree, n); /* n = node of least frequency */ - /*** pqremove ***/ - n = s.heap[1/*SMALLEST*/]; - s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--]; - pqdownheap(s, tree, 1/*SMALLEST*/); - /***/ - - m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */ - - s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */ - s.heap[--s.heap_max] = m; - - /* Create a new node father of n and m */ - tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/; - s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1; - tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node; - - /* and insert the new node in the heap */ - s.heap[1/*SMALLEST*/] = node++; - pqdownheap(s, tree, 1/*SMALLEST*/); - - } while (s.heap_len >= 2); - - s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes(tree, max_code, s.bl_count); -} - - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -function scan_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - s.bl_tree[curlen * 2]/*.Freq*/ += count; - - } else if (curlen !== 0) { - - if (curlen !== prevlen) { - s.bl_tree[curlen * 2]/*.Freq*/++; - } - s.bl_tree[REP_3_6 * 2]/*.Freq*/++; - - } else if (count <= 10) { - s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++; - - } else { - s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++; - } - - count = 0; - prevlen = curlen; - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -function send_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - do { - send_code(s, curlen, s.bl_tree); - } while (--count !== 0); - - } else if (curlen !== 0) { - if (curlen !== prevlen) { - send_code(s, curlen, s.bl_tree); - count--; - } - //Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s.bl_tree); - send_bits(s, count - 3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s.bl_tree); - send_bits(s, count - 3, 3); - - } else { - send_code(s, REPZ_11_138, s.bl_tree); - send_bits(s, count - 11, 7); - } - - count = 0; - prevlen = curlen; - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -function build_bl_tree(s) { - let max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, s.dyn_ltree, s.l_desc.max_code); - scan_tree(s, s.dyn_dtree, s.d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, s.bl_desc); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) { - if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) { - break; - } - } - /* Update opt_len to include the bit length tree and counts */ - s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4; - //Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - // s->opt_len, s->static_len)); - - return max_blindex; -} - - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -function send_all_trees(s, lcodes, dcodes, blcodes) -// deflate_state *s; -// int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - let rank; /* index in bl_order */ - - //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - // "too many codes"); - //Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes - 1, 5); - send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - //Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3); - } - //Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */ - //Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */ - //Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - - -/* =========================================================================== - * Check if the data type is TEXT or BINARY, using the following algorithm: - * - TEXT if the two conditions below are satisfied: - * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). - * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). - * - BINARY otherwise. - * - The following partially-portable control characters form a - * "gray list" that is ignored in this detection algorithm: - * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). - * IN assertion: the fields Freq of dyn_ltree are set. - */ -function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes - * set bits 0..6, 14..25, and 28..31 - * 0xf3ffc07f = binary 11110011111111111100000001111111 - */ - let black_mask = 0xf3ffc07f; - let n; - - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_BINARY; - } - } - - /* Check for textual ("white-listed") bytes. */ - if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || - s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - for (n = 32; n < LITERALS; n++) { - if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - } - - /* There are no "black-listed" or "white-listed" bytes: - * this stream either is empty or has tolerated ("gray-listed") bytes only. - */ - return Z_BINARY; -} - - -let static_init_done = false; - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -function _tr_init(s) { - - if (!static_init_done) { - tr_static_init(); - static_init_done = true; - } - - s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc); - s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc); - s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc); - - s.bi_buf = 0; - s.bi_valid = 0; - - /* Initialize the first block of the first file: */ - init_block(s); -} - - -/* =========================================================================== - * Send a stored block - */ -function _tr_stored_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */ - copy_block(s, buf, stored_len, true); /* with header */ -} - - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - */ -function _tr_align(s) { - send_bits(s, STATIC_TREES << 1, 3); - send_code(s, END_BLOCK, static_ltree); - bi_flush(s); -} - - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. - */ -function _tr_flush_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block, or NULL if too old */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - let opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - let max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s.level > 0) { - - /* Check if the file is binary or text */ - if (s.strm.data_type === Z_UNKNOWN) { - s.strm.data_type = detect_data_type(s); - } - - /* Construct the literal and distance trees */ - build_tree(s, s.l_desc); - // Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - - build_tree(s, s.d_desc); - // Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute the block lengths in bytes. */ - opt_lenb = s.opt_len + 3 + 7 >>> 3; - static_lenb = s.static_len + 3 + 7 >>> 3; - - // Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - // s->last_lit)); - - if (static_lenb <= opt_lenb) { - opt_lenb = static_lenb; - } - - } else { - // Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - - if (stored_len + 4 <= opt_lenb && buf !== -1) { - /* 4: two words for the lengths */ - - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, last); - - } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) { - - send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3); - compress_block(s, static_ltree, static_dtree); - - } else { - send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3); - send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1); - compress_block(s, s.dyn_ltree, s.dyn_dtree); - } - // Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); - - if (last) { - bi_windup(s); - } - // Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - // s->compressed_len-7*last)); -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -function _tr_tally(s, dist, lc) -// deflate_state *s; -// unsigned dist; /* distance of matched string */ -// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - //var out_length, in_length, dcode; - - s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff; - s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff; - - s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff; - s.last_lit++; - - if (dist === 0) { - /* lc is the unmatched char */ - s.dyn_ltree[lc * 2]/*.Freq*/++; - } else { - s.matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - //Assert((ush)dist < (ush)MAX_DIST(s) && - // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - // (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++; - s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - - //#ifdef TRUNCATE_BLOCK - // /* Try to guess if it is profitable to stop the current block here */ - // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) { - // /* Compute an upper bound for the compressed length */ - // out_length = s.last_lit*8; - // in_length = s.strstart - s.block_start; - // - // for (dcode = 0; dcode < D_CODES; dcode++) { - // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]); - // } - // out_length >>>= 3; - // //Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - // // s->last_lit, in_length, out_length, - // // 100L - out_length*100L/in_length)); - // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) { - // return true; - // } - // } - //#endif - - return s.last_lit === s.lit_bufsize - 1; - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -// Note: adler32 takes 12% for level 0 and 2% for level 6. -// It isn't worth it to make additional optimizations as in original. -// Small size is preferable. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -function adler32(adler, buf, len, pos) { - let s1 = adler & 0xffff |0, - s2 = adler >>> 16 & 0xffff |0, - n = 0; - - while (len !== 0) { - // Set limit ~ twice less than 5552, to keep - // s2 in 31-bits, because we force signed ints. - // in other case %= will fail. - n = len > 2000 ? 2000 : len; - len -= n; - - do { - s1 = s1 + buf[pos++] |0; - s2 = s2 + s1 |0; - } while (--n); - - s1 %= 65521; - s2 %= 65521; - } - - return s1 | s2 << 16 |0; -} - -// Note: we can't get significant speed boost here. -// So write code to minimize size - no pregenerated tables -// and array tools dependencies. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// Use ordinary array, since untyped makes no boost here -function makeTable() { - let c; - const table = []; - - for (let n = 0; n < 256; n++) { - c = n; - for (let k = 0; k < 8; k++) { - c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1; - } - table[n] = c; - } - - return table; -} - -// Create table on load. Just 255 signed longs. Not a problem. -const crcTable = makeTable(); - - -function crc32(crc, buf, len, pos) { - const t = crcTable, - end = pos + len; - - crc ^= -1; - - for (let i = pos; i < end; i++) { - crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF]; - } - - return crc ^ -1; // >>> 0; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -var msg = { - 2: "need dictionary", /* Z_NEED_DICT 2 */ - 1: "stream end", /* Z_STREAM_END 1 */ - 0: "", /* Z_OK 0 */ - "-1": "file error", /* Z_ERRNO (-1) */ - "-2": "stream error", /* Z_STREAM_ERROR (-2) */ - "-3": "data error", /* Z_DATA_ERROR (-3) */ - "-4": "insufficient memory", /* Z_MEM_ERROR (-4) */ - "-5": "buffer error", /* Z_BUF_ERROR (-5) */ - "-6": "incompatible version" /* Z_VERSION_ERROR (-6) */ -}; - -/*============================================================================*/ - - -const MAX_MEM_LEVEL = 9; - - -const LENGTH_CODES$1 = 29; -/* number of length codes, not counting the special END_BLOCK code */ -const LITERALS$1 = 256; -/* number of literal bytes 0..255 */ -const L_CODES$1 = LITERALS$1 + 1 + LENGTH_CODES$1; -/* number of Literal or Length codes, including the END_BLOCK code */ -const D_CODES$1 = 30; -/* number of distance codes */ -const BL_CODES$1 = 19; -/* number of codes used to transfer the bit lengths */ -const HEAP_SIZE$1 = 2 * L_CODES$1 + 1; -/* maximum heap size */ -const MAX_BITS$1 = 15; -/* All codes must not exceed MAX_BITS bits */ - -const MIN_MATCH$1 = 3; -const MAX_MATCH$1 = 258; -const MIN_LOOKAHEAD = (MAX_MATCH$1 + MIN_MATCH$1 + 1); - -const PRESET_DICT = 0x20; - -const INIT_STATE = 42; -const EXTRA_STATE = 69; -const NAME_STATE = 73; -const COMMENT_STATE = 91; -const HCRC_STATE = 103; -const BUSY_STATE = 113; -const FINISH_STATE = 666; - -const BS_NEED_MORE = 1; /* block not completed, need more input or more output */ -const BS_BLOCK_DONE = 2; /* block flush performed */ -const BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */ -const BS_FINISH_DONE = 4; /* finish done, accept no more input or output */ - -const OS_CODE = 0x03; // Unix :) . Don't detect, use this default. - -function err(strm, errorCode) { - strm.msg = msg[errorCode]; - return errorCode; -} - -function rank(f) { - return ((f) << 1) - ((f) > 4 ? 9 : 0); -} - -function zero$2(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } } - - -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->output buffer and copying into it. - * (See also read_buf()). - */ -function flush_pending(strm) { - const s = strm.state; - - //_tr_flush_bits(s); - let len = s.pending; - if (len > strm.avail_out) { - len = strm.avail_out; - } - if (len === 0) { return; } - - arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out); - strm.next_out += len; - s.pending_out += len; - strm.total_out += len; - strm.avail_out -= len; - s.pending -= len; - if (s.pending === 0) { - s.pending_out = 0; - } -} - - -function flush_block_only(s, last) { - _tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last); - s.block_start = s.strstart; - flush_pending(s.strm); -} - - -function put_byte(s, b) { - s.pending_buf[s.pending++] = b; -} - - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -function putShortMSB(s, b) { - // put_byte(s, (Byte)(b >> 8)); - // put_byte(s, (Byte)(b & 0xff)); - s.pending_buf[s.pending++] = (b >>> 8) & 0xff; - s.pending_buf[s.pending++] = b & 0xff; -} - - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->input buffer and copying from it. - * (See also flush_pending()). - */ -function read_buf(strm, buf, start, size) { - let len = strm.avail_in; - - if (len > size) { len = size; } - if (len === 0) { return 0; } - - strm.avail_in -= len; - - // zmemcpy(buf, strm->next_in, len); - arraySet(buf, strm.input, strm.next_in, len, start); - if (strm.state.wrap === 1) { - strm.adler = adler32(strm.adler, buf, len, start); - } - - else if (strm.state.wrap === 2) { - strm.adler = crc32(strm.adler, buf, len, start); - } - - strm.next_in += len; - strm.total_in += len; - - return len; -} - - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -function longest_match(s, cur_match) { - let chain_length = s.max_chain_length; /* max hash chain length */ - let scan = s.strstart; /* current string */ - let match; /* matched string */ - let len; /* length of current match */ - let best_len = s.prev_length; /* best match length so far */ - let nice_match = s.nice_match; /* stop if match long enough */ - const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ? - s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/; - - const _win = s.window; // shortcut - - const wmask = s.w_mask; - const prev = s.prev; - - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - - const strend = s.strstart + MAX_MATCH$1; - let scan_end1 = _win[scan + best_len - 1]; - let scan_end = _win[scan + best_len]; - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s.prev_length >= s.good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if (nice_match > s.lookahead) { nice_match = s.lookahead; } - - // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - // Assert(cur_match < s->strstart, "no future"); - match = cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2. Note that the checks below - * for insufficient lookahead only occur occasionally for performance - * reasons. Therefore uninitialized memory will be accessed, and - * conditional jumps will be made that depend on those values. - * However the length of the match is limited to the lookahead, so - * the output of deflate is not affected by the uninitialized values. - */ - - if (_win[match + best_len] !== scan_end || - _win[match + best_len - 1] !== scan_end1 || - _win[match] !== _win[scan] || - _win[++match] !== _win[scan + 1]) { - continue; - } - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2; - match++; - // Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - /*jshint noempty:false*/ - } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - scan < strend); - - // Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH$1 - (strend - scan); - scan = strend - MAX_MATCH$1; - - if (len > best_len) { - s.match_start = cur_match; - best_len = len; - if (len >= nice_match) { - break; - } - scan_end1 = _win[scan + best_len - 1]; - scan_end = _win[scan + best_len]; - } - } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0); - - if (best_len <= s.lookahead) { - return best_len; - } - return s.lookahead; -} - - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -function fill_window(s) { - const _w_size = s.w_size; - let p, n, m, more, str; - - //Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); - - do { - more = s.window_size - s.lookahead - s.strstart; - - // JS ints have 32 bit, block below not needed - /* Deal with !@#$% 64K limit: */ - //if (sizeof(int) <= 2) { - // if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - // more = wsize; - // - // } else if (more == (unsigned)(-1)) { - // /* Very unlikely, but possible on 16 bit machine if - // * strstart == 0 && lookahead == 1 (input done a byte at time) - // */ - // more--; - // } - //} - - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) { - - arraySet(s.window, s.window, _w_size, _w_size, 0); - s.match_start -= _w_size; - s.strstart -= _w_size; - /* we now have strstart >= MAX_DIST */ - s.block_start -= _w_size; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - - n = s.hash_size; - p = n; - do { - m = s.head[--p]; - s.head[p] = (m >= _w_size ? m - _w_size : 0); - } while (--n); - - n = _w_size; - p = n; - do { - m = s.prev[--p]; - s.prev[p] = (m >= _w_size ? m - _w_size : 0); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += _w_size; - } - if (s.strm.avail_in === 0) { - break; - } - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - //Assert(more >= 2, "more < 2"); - n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more); - s.lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s.lookahead + s.insert >= MIN_MATCH$1) { - str = s.strstart - s.insert; - s.ins_h = s.window[str]; - - /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask; - //#if MIN_MATCH != 3 - // Call update_hash() MIN_MATCH-3 more times - //#endif - while (s.insert) { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = str; - str++; - s.insert--; - if (s.lookahead + s.insert < MIN_MATCH$1) { - break; - } - } - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0); - - /* If the WIN_INIT bytes after the end of the current data have never been - * written, then zero those bytes in order to avoid memory check reports of - * the use of uninitialized (or uninitialised as Julian writes) bytes by - * the longest match routines. Update the high water mark for the next - * time through here. WIN_INIT is set to MAX_MATCH since the longest match - * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. - */ - // if (s.high_water < s.window_size) { - // var curr = s.strstart + s.lookahead; - // var init = 0; - // - // if (s.high_water < curr) { - // /* Previous high water mark below current data -- zero WIN_INIT - // * bytes or up to end of window, whichever is less. - // */ - // init = s.window_size - curr; - // if (init > WIN_INIT) - // init = WIN_INIT; - // zmemzero(s->window + curr, (unsigned)init); - // s->high_water = curr + init; - // } - // else if (s->high_water < (ulg)curr + WIN_INIT) { - // /* High water mark at or above current data, but below current data - // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up - // * to end of window, whichever is less. - // */ - // init = (ulg)curr + WIN_INIT - s->high_water; - // if (init > s->window_size - s->high_water) - // init = s->window_size - s->high_water; - // zmemzero(s->window + s->high_water, (unsigned)init); - // s->high_water += init; - // } - // } - // - // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, - // "not enough room for search"); -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ -function deflate_stored(s, flush) { - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - let max_block_size = 0xffff; - - if (max_block_size > s.pending_buf_size - 5) { - max_block_size = s.pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (; ;) { - /* Fill the window as much as possible: */ - if (s.lookahead <= 1) { - - //Assert(s->strstart < s->w_size+MAX_DIST(s) || - // s->block_start >= (long)s->w_size, "slide too late"); - // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) || - // s.block_start >= s.w_size)) { - // throw new Error("slide too late"); - // } - - fill_window(s); - if (s.lookahead === 0 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - - if (s.lookahead === 0) { - break; - } - /* flush the current block */ - } - //Assert(s->block_start >= 0L, "block gone"); - // if (s.block_start < 0) throw new Error("block gone"); - - s.strstart += s.lookahead; - s.lookahead = 0; - - /* Emit a stored block if pending_buf will be full: */ - const max_start = s.block_start + max_block_size; - - if (s.strstart === 0 || s.strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s.lookahead = s.strstart - max_start; - s.strstart = max_start; - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - - - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - - s.insert = 0; - - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - - if (s.strstart > s.block_start) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_NEED_MORE; -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -function deflate_fast(s, flush) { - let hash_head; /* head of the hash chain */ - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { - break; /* flush the current block */ - } - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - } - if (s.match_length >= MIN_MATCH$1) { - // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only - - /*** _tr_tally_dist(s, s.strstart - s.match_start, - s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH$1) { - s.match_length--; /* string at strstart already in table */ - do { - s.strstart++; - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s.match_length !== 0); - s.strstart++; - } else { - s.strstart += s.match_length; - s.match_length = 0; - s.ins_h = s.window[s.strstart]; - /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask; - - //#if MIN_MATCH != 3 - // Call UPDATE_HASH() MIN_MATCH-3 more times - //#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s.window[s.strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = ((s.strstart < (MIN_MATCH$1 - 1)) ? s.strstart : MIN_MATCH$1 - 1); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -function deflate_slow(s, flush) { - let hash_head; /* head of hash chain */ - let bflush; /* set if current block must be flushed */ - - let max_insert; - - /* Process the input block. */ - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - */ - s.prev_length = s.match_length; - s.prev_match = s.match_start; - s.match_length = MIN_MATCH$1 - 1; - - if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match && - s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - - if (s.match_length <= 5 && - (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH$1 && s.strstart - s.match_start > 4096/*TOO_FAR*/))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s.match_length = MIN_MATCH$1 - 1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s.prev_length >= MIN_MATCH$1 && s.match_length <= s.prev_length) { - max_insert = s.strstart + s.lookahead - MIN_MATCH$1; - /* Do not insert strings in hash table beyond this. */ - - //check_match(s, s.strstart-1, s.prev_match, s.prev_length); - - /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match, - s.prev_length - MIN_MATCH, bflush);***/ - bflush = _tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH$1); - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s.lookahead -= s.prev_length - 1; - s.prev_length -= 2; - do { - if (++s.strstart <= max_insert) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - } while (--s.prev_length !== 0); - s.match_available = 0; - s.match_length = MIN_MATCH$1 - 1; - s.strstart++; - - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - } else if (s.match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - if (bflush) { - /*** FLUSH_BLOCK_ONLY(s, 0) ***/ - flush_block_only(s, false); - /***/ - } - s.strstart++; - s.lookahead--; - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s.match_available = 1; - s.strstart++; - s.lookahead--; - } - } - //Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s.match_available) { - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - s.match_available = 0; - } - s.insert = s.strstart < MIN_MATCH$1 - 1 ? s.strstart : MIN_MATCH$1 - 1; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_BLOCK_DONE; -} - - -/* =========================================================================== - * For Z_RLE, simply look for runs of bytes, generate matches only of distance - * one. Do not maintain a hash table. (It will be regenerated if this run of - * deflate switches away from Z_RLE.) - */ -function deflate_rle(s, flush) { - let bflush; /* set if current block must be flushed */ - let prev; /* byte at distance one to match */ - let scan, strend; /* scan goes up to strend for length of run */ - - const _win = s.window; - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the longest run, plus one for the unrolled loop. - */ - if (s.lookahead <= MAX_MATCH$1) { - fill_window(s); - if (s.lookahead <= MAX_MATCH$1 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* See how many times the previous byte repeats */ - s.match_length = 0; - if (s.lookahead >= MIN_MATCH$1 && s.strstart > 0) { - scan = s.strstart - 1; - prev = _win[scan]; - if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) { - strend = s.strstart + MAX_MATCH$1; - do { - /*jshint noempty:false*/ - } while (prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - scan < strend); - s.match_length = MAX_MATCH$1 - (strend - scan); - if (s.match_length > s.lookahead) { - s.match_length = s.lookahead; - } - } - //Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); - } - - /* Emit match if have run of MIN_MATCH or longer, else emit literal */ - if (s.match_length >= MIN_MATCH$1) { - //check_match(s, s.strstart, s.strstart - 1, s.match_length); - - /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, 1, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - s.strstart += s.match_length; - s.match_length = 0; - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. - * (It will be regenerated if this run of deflate switches away from Huffman.) - */ -function deflate_huff(s, flush) { - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we have a literal to write. */ - if (s.lookahead === 0) { - fill_window(s); - if (s.lookahead === 0) { - if (flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - break; /* flush the current block */ - } - } - - /* Output a literal byte */ - s.match_length = 0; - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - s.lookahead--; - s.strstart++; - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ -class Config { - constructor(good_length, max_lazy, nice_length, max_chain, func) { - this.good_length = good_length; - this.max_lazy = max_lazy; - this.nice_length = nice_length; - this.max_chain = max_chain; - this.func = func; - } -} -const configuration_table = [ - /* good lazy nice chain */ - new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */ - new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */ - new Config(4, 5, 16, 8, deflate_fast), /* 2 */ - new Config(4, 6, 32, 32, deflate_fast), /* 3 */ - - new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */ - new Config(8, 16, 32, 32, deflate_slow), /* 5 */ - new Config(8, 16, 128, 128, deflate_slow), /* 6 */ - new Config(8, 32, 128, 256, deflate_slow), /* 7 */ - new Config(32, 128, 258, 1024, deflate_slow), /* 8 */ - new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */ -]; - - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -function lm_init(s) { - s.window_size = 2 * s.w_size; - - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - - /* Set the default configuration parameters: - */ - s.max_lazy_match = configuration_table[s.level].max_lazy; - s.good_match = configuration_table[s.level].good_length; - s.nice_match = configuration_table[s.level].nice_length; - s.max_chain_length = configuration_table[s.level].max_chain; - - s.strstart = 0; - s.block_start = 0; - s.lookahead = 0; - s.insert = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - s.ins_h = 0; -} - -class DeflateState { - constructor() { - this.strm = null; /* pointer back to this zlib stream */ - this.status = 0; /* as the name implies */ - this.pending_buf = null; /* output still pending */ - this.pending_buf_size = 0; /* size of pending_buf */ - this.pending_out = 0; /* next pending byte to output to the stream */ - this.pending = 0; /* nb of bytes in the pending buffer */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.gzhead = null; /* gzip header information to write */ - this.gzindex = 0; /* where in extra, name, or comment */ - this.method = Z_DEFLATED; /* can only be DEFLATED */ - this.last_flush = -1; /* value of flush param for previous deflate call */ - - this.w_size = 0; /* LZ77 window size (32K by default) */ - this.w_bits = 0; /* log2(w_size) (8..16) */ - this.w_mask = 0; /* w_size - 1 */ - - this.window = null; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. - */ - - this.window_size = 0; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - this.prev = null; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - this.head = null; /* Heads of the hash chains or NIL. */ - - this.ins_h = 0; /* hash index of string to be inserted */ - this.hash_size = 0; /* number of elements in hash table */ - this.hash_bits = 0; /* log2(hash_size) */ - this.hash_mask = 0; /* hash_size-1 */ - - this.hash_shift = 0; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - this.block_start = 0; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - this.match_length = 0; /* length of best match */ - this.prev_match = 0; /* previous match */ - this.match_available = 0; /* set if previous match exists */ - this.strstart = 0; /* start of string to insert */ - this.match_start = 0; /* start of matching string */ - this.lookahead = 0; /* number of valid bytes ahead in window */ - - this.prev_length = 0; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - this.max_chain_length = 0; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - this.max_lazy_match = 0; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ - // That's alias to max_lazy_match, don't use directly - //this.max_insert_length = 0; - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - this.level = 0; /* compression level (1..9) */ - this.strategy = 0; /* favor or force Huffman coding*/ - - this.good_match = 0; - /* Use a faster search when the previous match is longer than this */ - - this.nice_match = 0; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - - /* Didn't use ct_data typedef below to suppress compiler warning */ - - // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - // Use flat array of DOUBLE size, with interleaved fata, - // because JS does not support effective - this.dyn_ltree = new Buf16(HEAP_SIZE$1 * 2); - this.dyn_dtree = new Buf16((2 * D_CODES$1 + 1) * 2); - this.bl_tree = new Buf16((2 * BL_CODES$1 + 1) * 2); - zero$2(this.dyn_ltree); - zero$2(this.dyn_dtree); - zero$2(this.bl_tree); - - this.l_desc = null; /* desc. for literal tree */ - this.d_desc = null; /* desc. for distance tree */ - this.bl_desc = null; /* desc. for bit length tree */ - - //ush bl_count[MAX_BITS+1]; - this.bl_count = new Buf16(MAX_BITS$1 + 1); - /* number of codes at each bit length for an optimal tree */ - - //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - this.heap = new Buf16(2 * L_CODES$1 + 1); /* heap used to build the Huffman trees */ - zero$2(this.heap); - - this.heap_len = 0; /* number of elements in the heap */ - this.heap_max = 0; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - this.depth = new Buf16(2 * L_CODES$1 + 1); //uch depth[2*L_CODES+1]; - zero$2(this.depth); - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - this.l_buf = 0; /* buffer index for literals or lengths */ - - this.lit_bufsize = 0; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - this.last_lit = 0; /* running index in l_buf */ - - this.d_buf = 0; - /* Buffer index for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - this.opt_len = 0; /* bit length of current block with optimal trees */ - this.static_len = 0; /* bit length of current block with static trees */ - this.matches = 0; /* number of string matches in current block */ - this.insert = 0; /* bytes at end of window left to insert */ - - - this.bi_buf = 0; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - this.bi_valid = 0; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - - // Used for window memory init. We safely ignore it for JS. That makes - // sense only for pointers and memory check tools. - //this.high_water = 0; - /* High water mark offset in window for initialized bytes -- bytes above - * this are set to zero in order to avoid memory check warnings when - * longest match routines access bytes past the input. This is then - * updated to the new high water mark. - */ - } -} - -function deflateResetKeep(strm) { - let s; - - if (!strm || !strm.state) { - return err(strm, Z_STREAM_ERROR); - } - - strm.total_in = strm.total_out = 0; - strm.data_type = Z_UNKNOWN; - - s = strm.state; - s.pending = 0; - s.pending_out = 0; - - if (s.wrap < 0) { - s.wrap = -s.wrap; - /* was made negative by deflate(..., Z_FINISH); */ - } - s.status = (s.wrap ? INIT_STATE : BUSY_STATE); - strm.adler = (s.wrap === 2) ? - 0 // crc32(0, Z_NULL, 0) - : - 1; // adler32(0, Z_NULL, 0) - s.last_flush = Z_NO_FLUSH; - _tr_init(s); - return Z_OK; -} - - -function deflateReset(strm) { - const ret = deflateResetKeep(strm); - if (ret === Z_OK) { - lm_init(strm.state); - } - return ret; -} - - -function deflateSetHeader(strm, head) { - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; } - strm.state.gzhead = head; - return Z_OK; -} - - -function deflateInit2(strm, level, method, windowBits, memLevel, strategy) { - if (!strm) { // === Z_NULL - return Z_STREAM_ERROR; - } - let wrap = 1; - - if (level === Z_DEFAULT_COMPRESSION) { - level = 6; - } - - if (windowBits < 0) { /* suppress zlib wrapper */ - wrap = 0; - windowBits = -windowBits; - } - - else if (windowBits > 15) { - wrap = 2; /* write gzip wrapper instead */ - windowBits -= 16; - } - - - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_FIXED) { - return err(strm, Z_STREAM_ERROR); - } - - - if (windowBits === 8) { - windowBits = 9; - } - /* until 256-byte window bug fixed */ - - const s = new DeflateState(); - - strm.state = s; - s.strm = strm; - - s.wrap = wrap; - s.gzhead = null; - s.w_bits = windowBits; - s.w_size = 1 << s.w_bits; - s.w_mask = s.w_size - 1; - - s.hash_bits = memLevel + 7; - s.hash_size = 1 << s.hash_bits; - s.hash_mask = s.hash_size - 1; - s.hash_shift = ~~((s.hash_bits + MIN_MATCH$1 - 1) / MIN_MATCH$1); - s.window = new Buf8(s.w_size * 2); - s.head = new Buf16(s.hash_size); - s.prev = new Buf16(s.w_size); - - // Don't need mem init magic for JS. - //s.high_water = 0; /* nothing written to s->window yet */ - - s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s.pending_buf_size = s.lit_bufsize * 4; - - //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - //s->pending_buf = (uchf *) overlay; - s.pending_buf = new Buf8(s.pending_buf_size); - - // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`) - //s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s.d_buf = 1 * s.lit_bufsize; - - //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - s.l_buf = (1 + 2) * s.lit_bufsize; - - s.level = level; - s.strategy = strategy; - s.method = method; - - return deflateReset(strm); -} - - -function deflate(strm, flush) { - let old_flush, s; - let beg, val; // for gzip header write only - - if (!strm || !strm.state || - flush > Z_BLOCK || flush < 0) { - return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR; - } - - s = strm.state; - - if (!strm.output || - (!strm.input && strm.avail_in !== 0) || - (s.status === FINISH_STATE && flush !== Z_FINISH)) { - return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR); - } - - s.strm = strm; /* just in case */ - old_flush = s.last_flush; - s.last_flush = flush; - - /* Write the header */ - if (s.status === INIT_STATE) { - - if (s.wrap === 2) { // GZIP header - strm.adler = 0; //crc32(0L, Z_NULL, 0); - put_byte(s, 31); - put_byte(s, 139); - put_byte(s, 8); - if (!s.gzhead) { // s->gzhead == Z_NULL - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, OS_CODE); - s.status = BUSY_STATE; - } - else { - put_byte(s, (s.gzhead.text ? 1 : 0) + - (s.gzhead.hcrc ? 2 : 0) + - (!s.gzhead.extra ? 0 : 4) + - (!s.gzhead.name ? 0 : 8) + - (!s.gzhead.comment ? 0 : 16) - ); - put_byte(s, s.gzhead.time & 0xff); - put_byte(s, (s.gzhead.time >> 8) & 0xff); - put_byte(s, (s.gzhead.time >> 16) & 0xff); - put_byte(s, (s.gzhead.time >> 24) & 0xff); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, s.gzhead.os & 0xff); - if (s.gzhead.extra && s.gzhead.extra.length) { - put_byte(s, s.gzhead.extra.length & 0xff); - put_byte(s, (s.gzhead.extra.length >> 8) & 0xff); - } - if (s.gzhead.hcrc) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0); - } - s.gzindex = 0; - s.status = EXTRA_STATE; - } - } - else // DEFLATE header - { - let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8; - let level_flags = -1; - - if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) { - level_flags = 0; - } else if (s.level < 6) { - level_flags = 1; - } else if (s.level === 6) { - level_flags = 2; - } else { - level_flags = 3; - } - header |= (level_flags << 6); - if (s.strstart !== 0) { header |= PRESET_DICT; } - header += 31 - (header % 31); - - s.status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s.strstart !== 0) { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - strm.adler = 1; // adler32(0L, Z_NULL, 0); - } - } - - //#ifdef GZIP - if (s.status === EXTRA_STATE) { - if (s.gzhead.extra/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - - while (s.gzindex < (s.gzhead.extra.length & 0xffff)) { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - break; - } - } - put_byte(s, s.gzhead.extra[s.gzindex] & 0xff); - s.gzindex++; - } - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (s.gzindex === s.gzhead.extra.length) { - s.gzindex = 0; - s.status = NAME_STATE; - } - } - else { - s.status = NAME_STATE; - } - } - if (s.status === NAME_STATE) { - if (s.gzhead.name/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.name.length) { - val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.gzindex = 0; - s.status = COMMENT_STATE; - } - } - else { - s.status = COMMENT_STATE; - } - } - if (s.status === COMMENT_STATE) { - if (s.gzhead.comment/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.comment.length) { - val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.status = HCRC_STATE; - } - } - else { - s.status = HCRC_STATE; - } - } - if (s.status === HCRC_STATE) { - if (s.gzhead.hcrc) { - if (s.pending + 2 > s.pending_buf_size) { - flush_pending(strm); - } - if (s.pending + 2 <= s.pending_buf_size) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - strm.adler = 0; //crc32(0L, Z_NULL, 0); - s.status = BUSY_STATE; - } - } - else { - s.status = BUSY_STATE; - } - } - //#endif - - /* Flush as much pending output as possible */ - if (s.pending !== 0) { - flush_pending(strm); - if (strm.avail_out === 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s.last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUF_ERROR. - */ - } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) && - flush !== Z_FINISH) { - return err(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s.status === FINISH_STATE && strm.avail_in !== 0) { - return err(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm.avail_in !== 0 || s.lookahead !== 0 || - (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) { - var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) : - (s.strategy === Z_RLE ? deflate_rle(s, flush) : - configuration_table[s.level].func(s, flush)); - - if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) { - s.status = FINISH_STATE; - } - if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) { - if (strm.avail_out === 0) { - s.last_flush = -1; - /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate === BS_BLOCK_DONE) { - if (flush === Z_PARTIAL_FLUSH) { - _tr_align(s); - } - else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ - - _tr_stored_block(s, 0, 0, false); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush === Z_FULL_FLUSH) { - /*** CLEAR_HASH(s); ***/ /* forget history */ - zero$2(s.head); // Fill with NIL (= 0); - - if (s.lookahead === 0) { - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - } - } - flush_pending(strm); - if (strm.avail_out === 0) { - s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - //Assert(strm->avail_out > 0, "bug2"); - //if (strm.avail_out <= 0) { throw new Error("bug2");} - - if (flush !== Z_FINISH) { return Z_OK; } - if (s.wrap <= 0) { return Z_STREAM_END; } - - /* Write the trailer */ - if (s.wrap === 2) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - put_byte(s, (strm.adler >> 16) & 0xff); - put_byte(s, (strm.adler >> 24) & 0xff); - put_byte(s, strm.total_in & 0xff); - put_byte(s, (strm.total_in >> 8) & 0xff); - put_byte(s, (strm.total_in >> 16) & 0xff); - put_byte(s, (strm.total_in >> 24) & 0xff); - } - else { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - if (s.wrap > 0) { s.wrap = -s.wrap; } - /* write the trailer only once! */ - return s.pending !== 0 ? Z_OK : Z_STREAM_END; -} - -function deflateEnd(strm) { - let status; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - status = strm.state.status; - if (status !== INIT_STATE && - status !== EXTRA_STATE && - status !== NAME_STATE && - status !== COMMENT_STATE && - status !== HCRC_STATE && - status !== BUSY_STATE && - status !== FINISH_STATE - ) { - return err(strm, Z_STREAM_ERROR); - } - - strm.state = null; - - return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK; -} - - -/* ========================================================================= - * Initializes the compression dictionary from the given byte - * sequence without producing any compressed output. - */ -function deflateSetDictionary(strm, dictionary) { - let dictLength = dictionary.length; - - let s; - let str, n; - let wrap; - let avail; - let next; - let input; - let tmpDict; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - s = strm.state; - wrap = s.wrap; - - if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) { - return Z_STREAM_ERROR; - } - - /* when using zlib wrappers, compute Adler-32 for provided dictionary */ - if (wrap === 1) { - /* adler32(strm->adler, dictionary, dictLength); */ - strm.adler = adler32(strm.adler, dictionary, dictLength, 0); - } - - s.wrap = 0; /* avoid computing Adler-32 in read_buf */ - - /* if dictionary would fill window, just replace the history */ - if (dictLength >= s.w_size) { - if (wrap === 0) { /* already empty otherwise */ - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - /* use the tail */ - // dictionary = dictionary.slice(dictLength - s.w_size); - tmpDict = new Buf8(s.w_size); - arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0); - dictionary = tmpDict; - dictLength = s.w_size; - } - /* insert dictionary into window and hash */ - avail = strm.avail_in; - next = strm.next_in; - input = strm.input; - strm.avail_in = dictLength; - strm.next_in = 0; - strm.input = dictionary; - fill_window(s); - while (s.lookahead >= MIN_MATCH$1) { - str = s.strstart; - n = s.lookahead - (MIN_MATCH$1 - 1); - do { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - - s.head[s.ins_h] = str; - str++; - } while (--n); - s.strstart = str; - s.lookahead = MIN_MATCH$1 - 1; - fill_window(s); - } - s.strstart += s.lookahead; - s.block_start = s.strstart; - s.insert = s.lookahead; - s.lookahead = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - strm.next_in = next; - strm.input = input; - strm.avail_in = avail; - s.wrap = wrap; - return Z_OK; -} - -/* Not implemented -exports.deflateBound = deflateBound; -exports.deflateCopy = deflateCopy; -exports.deflateParams = deflateParams; -exports.deflatePending = deflatePending; -exports.deflatePrime = deflatePrime; -exports.deflateTune = deflateTune; -*/ - -// String encode/decode helpers - -try { - String.fromCharCode.apply(null, [ 0 ]); -} catch (__) { -} -try { - String.fromCharCode.apply(null, new Uint8Array(1)); -} catch (__) { -} - - -// Table with utf8 lengths (calculated by first byte of sequence) -// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS, -// because max possible codepoint is 0x10ffff -const _utf8len = new Buf8(256); -for (let q = 0; q < 256; q++) { - _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1; -} -_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start - - -// convert string to array (typed, when possible) -function string2buf (str) { - let c, c2, m_pos, i, buf_len = 0; - const str_len = str.length; - - // count binary size - for (m_pos = 0; m_pos < str_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4; - } - - // allocate buffer - const buf = new Buf8(buf_len); - - // convert - for (i = 0, m_pos = 0; i < buf_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - if (c < 0x80) { - /* one byte */ - buf[i++] = c; - } else if (c < 0x800) { - /* two bytes */ - buf[i++] = 0xC0 | c >>> 6; - buf[i++] = 0x80 | c & 0x3f; - } else if (c < 0x10000) { - /* three bytes */ - buf[i++] = 0xE0 | c >>> 12; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } else { - /* four bytes */ - buf[i++] = 0xf0 | c >>> 18; - buf[i++] = 0x80 | c >>> 12 & 0x3f; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } - } - - return buf; -} - - -// Convert binary string (typed, when possible) -function binstring2buf (str) { - const buf = new Buf8(str.length); - for (let i = 0, len = buf.length; i < len; i++) { - buf[i] = str.charCodeAt(i); - } - return buf; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class ZStream { - constructor() { - /* next input byte */ - this.input = null; // JS specific, because we have no pointers - this.next_in = 0; - /* number of bytes available at input */ - this.avail_in = 0; - /* total number of input bytes read so far */ - this.total_in = 0; - /* next output byte should be put there */ - this.output = null; // JS specific, because we have no pointers - this.next_out = 0; - /* remaining free space at output */ - this.avail_out = 0; - /* total number of bytes output so far */ - this.total_out = 0; - /* last error message, NULL if no error */ - this.msg = ''/*Z_NULL*/; - /* not visible by applications */ - this.state = null; - /* best guess about the data type: binary or text */ - this.data_type = 2/*Z_UNKNOWN*/; - /* adler32 value of the uncompressed data */ - this.adler = 0; - } -} - -/* ===========================================================================*/ - - -/** - * class Deflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[deflate]], - * [[deflateRaw]] and [[gzip]]. - **/ - -/* internal - * Deflate.chunks -> Array - * - * Chunks of output data, if [[Deflate#onData]] not overridden. - **/ - -/** - * Deflate.result -> Uint8Array|Array - * - * Compressed result, generated by default [[Deflate#onData]] - * and [[Deflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Deflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Deflate.err -> Number - * - * Error code after deflate finished. 0 (Z_OK) on success. - * You will not need it in real life, because deflate errors - * are possible only on wrong options or bad `onData` / `onEnd` - * custom handlers. - **/ - -/** - * Deflate.msg -> String - * - * Error message, if [[Deflate.err]] != 0 - **/ - - -/** - * new Deflate(options) - * - options (Object): zlib deflate options. - * - * Creates new deflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `level` - * - `windowBits` - * - `memLevel` - * - `strategy` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw deflate - * - `gzip` (Boolean) - create gzip wrapper - * - `to` (String) - if equal to 'string', then result will be "binary string" - * (each char code [0..255]) - * - `header` (Object) - custom header for gzip - * - `text` (Boolean) - true if compressed data believed to be text - * - `time` (Number) - modification time, unix timestamp - * - `os` (Number) - operation system code - * - `extra` (Array) - array of bytes with extra data (max 65536) - * - `name` (String) - file name (binary string) - * - `comment` (String) - comment (binary string) - * - `hcrc` (Boolean) - true if header crc should be added - * - * ##### Example: - * - * ```javascript - * var pako = require('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var deflate = new pako.Deflate({ level: 3}); - * - * deflate.push(chunk1, false); - * deflate.push(chunk2, true); // true -> last chunk - * - * if (deflate.err) { throw new Error(deflate.err); } - * - * console.log(deflate.result); - * ``` - **/ - -class Deflate { - constructor(options) { - this.options = { - level: Z_DEFAULT_COMPRESSION, - method: Z_DEFLATED, - chunkSize: 16384, - windowBits: 15, - memLevel: 8, - strategy: Z_DEFAULT_STRATEGY, - ...(options || {}) - }; - - const opt = this.options; - - if (opt.raw && (opt.windowBits > 0)) { - opt.windowBits = -opt.windowBits; - } - - else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) { - opt.windowBits += 16; - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - var status = deflateInit2( - this.strm, - opt.level, - opt.method, - opt.windowBits, - opt.memLevel, - opt.strategy - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - if (opt.header) { - deflateSetHeader(this.strm, opt.header); - } - - if (opt.dictionary) { - let dict; - // Convert data if needed - if (typeof opt.dictionary === 'string') { - // If we need to compress text, change encoding to utf8. - dict = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - dict = new Uint8Array(opt.dictionary); - } else { - dict = opt.dictionary; - } - - status = deflateSetDictionary(this.strm, dict); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this._dict_set = true; - } - } - - /** - * Deflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be - * converted to utf8 byte sequence. - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with - * new compressed chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the compression context. - * - * On fail call [[Deflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * array format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize } } = this; - var status, _mode; - - if (this.ended) { return false; } - - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // If we need to compress text, change encoding to utf8. - strm.input = string2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = deflate(strm, _mode); /* no bad return value */ - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = deflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - /** - * Deflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - /** - * Deflate#onEnd(status) -> Void - * - status (Number): deflate status. 0 (Z_OK) on success, - * other if not. - * - * Called once after you tell deflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// See state defs from inflate.js -const BAD = 30; /* got a data error -- remain here until reset */ -const TYPE = 12; /* i: waiting for type bits, including last-flag bit */ - -/* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is - available, an end-of-block is encountered, or a data error is encountered. - When large enough input and output buffers are supplied to inflate(), for - example, a 16K input buffer and a 64K output buffer, more than 95% of the - inflate execution time is spent in this routine. - - Entry assumptions: - - state.mode === LEN - strm.avail_in >= 6 - strm.avail_out >= 258 - start >= strm.avail_out - state.bits < 8 - - On return, state.mode is one of: - - LEN -- ran out of enough output space or enough available input - TYPE -- reached end of block code, inflate() to interpret next block - BAD -- error in block data - - Notes: - - - The maximum input bits used by a length/distance pair is 15 bits for the - length code, 5 bits for the length extra, 15 bits for the distance code, - and 13 bits for the distance extra. This totals 48 bits, or six bytes. - Therefore if strm.avail_in >= 6, then there is enough input to avoid - checking for available input while decoding. - - - The maximum bytes that a single length/distance pair can output is 258 - bytes, which is the maximum length that can be coded. inflate_fast() - requires strm.avail_out >= 258 for each loop to avoid checking for - output space. - */ -function inflate_fast(strm, start) { - let _in; /* local strm.input */ - let _out; /* local strm.output */ - // Use `s_window` instead `window`, avoid conflict with instrumentation tools - let hold; /* local strm.hold */ - let bits; /* local strm.bits */ - let here; /* retrieved table entry */ - let op; /* code bits, operation, extra bits, or */ - /* window position, window bytes to copy */ - let len; /* match length, unused bytes */ - let dist; /* match distance */ - let from; /* where to copy match from */ - let from_source; - - - - /* copy state to local variables */ - const state = strm.state; - //here = state.here; - _in = strm.next_in; - const input = strm.input; - const last = _in + (strm.avail_in - 5); - _out = strm.next_out; - const output = strm.output; - const beg = _out - (start - strm.avail_out); - const end = _out + (strm.avail_out - 257); - //#ifdef INFLATE_STRICT - const dmax = state.dmax; - //#endif - const wsize = state.wsize; - const whave = state.whave; - const wnext = state.wnext; - const s_window = state.window; - hold = state.hold; - bits = state.bits; - const lcode = state.lencode; - const dcode = state.distcode; - const lmask = (1 << state.lenbits) - 1; - const dmask = (1 << state.distbits) - 1; - - - /* decode literals and length/distances until end-of-block or not enough - input data or output space */ - - top: - do { - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - - here = lcode[hold & lmask]; - - dolen: - for (;;) { // Goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - if (op === 0) { /* literal */ - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - output[_out++] = here & 0xffff/*here.val*/; - } else if (op & 16) { /* length base */ - len = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - len += hold & (1 << op) - 1; - hold >>>= op; - bits -= op; - } - //Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - here = dcode[hold & dmask]; - - dodist: - for (;;) { // goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - - if (op & 16) { /* distance base */ - dist = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - } - dist += hold & (1 << op) - 1; - //#ifdef INFLATE_STRICT - if (dist > dmax) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - //#endif - hold >>>= op; - bits -= op; - //Tracevv((stderr, "inflate: distance %u\n", dist)); - op = _out - beg; /* max distance in output */ - if (dist > op) { /* see if copy from window */ - op = dist - op; /* distance back in window */ - if (op > whave) { - if (state.sane) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // if (len <= op - whave) { - // do { - // output[_out++] = 0; - // } while (--len); - // continue top; - // } - // len -= op - whave; - // do { - // output[_out++] = 0; - // } while (--op > whave); - // if (op === 0) { - // from = _out - dist; - // do { - // output[_out++] = output[from++]; - // } while (--len); - // continue top; - // } - //#endif - } - from = 0; // window index - from_source = s_window; - if (wnext === 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; - if (op < len) { /* some from end of window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = 0; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - } else { /* contiguous in window */ - from += wnext - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - while (len > 2) { - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - len -= 3; - } - if (len) { - output[_out++] = from_source[from++]; - if (len > 1) { - output[_out++] = from_source[from++]; - } - } - } else { - from = _out - dist; /* copy direct from output */ - do { /* minimum length is three */ - output[_out++] = output[from++]; - output[_out++] = output[from++]; - output[_out++] = output[from++]; - len -= 3; - } while (len > 2); - if (len) { - output[_out++] = output[from++]; - if (len > 1) { - output[_out++] = output[from++]; - } - } - } - } else if ((op & 64) === 0) { /* 2nd level distance code */ - here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dodist; - } else { - strm.msg = "invalid distance code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } else if ((op & 64) === 0) { /* 2nd level length code */ - here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dolen; - } else if (op & 32) { /* end-of-block */ - //Tracevv((stderr, "inflate: end of block\n")); - state.mode = TYPE; - break top; - } else { - strm.msg = "invalid literal/length code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } while (_in < last && _out < end); - - /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ - len = bits >> 3; - _in -= len; - bits -= len << 3; - hold &= (1 << bits) - 1; - - /* update state and return */ - strm.next_in = _in; - strm.next_out = _out; - strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last); - strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end); - state.hold = hold; - state.bits = bits; - return; -} - -const MAXBITS = 15; -const ENOUGH_LENS = 852; -const ENOUGH_DISTS = 592; -//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS); - -const CODES = 0; -const LENS = 1; -const DISTS = 2; - -const lbase = [ /* Length codes 257..285 base */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 -]; - -const lext = [ /* Length codes 257..285 extra */ - 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78 -]; - -const dbase = [ /* Distance codes 0..29 base */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577, 0, 0 -]; - -const dext = [ /* Distance codes 0..29 extra */ - 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, - 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, - 28, 28, 29, 29, 64, 64 -]; - -function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) { - const bits = opts.bits; - //here = opts.here; /* table entry for duplication */ - - let len = 0; /* a code's length in bits */ - let sym = 0; /* index of code symbols */ - let min = 0, max = 0; /* minimum and maximum code lengths */ - let root = 0; /* number of index bits for root table */ - let curr = 0; /* number of index bits for current table */ - let drop = 0; /* code bits to drop for sub-table */ - let left = 0; /* number of prefix codes available */ - let used = 0; /* code entries in table used */ - let huff = 0; /* Huffman code */ - let incr; /* for incrementing code, index */ - let fill; /* index for replicating entries */ - let low; /* low bits for current root entry */ - let next; /* next available space in table */ - let base = null; /* base value table to use */ - let base_index = 0; - // var shoextra; /* extra bits table to use */ - let end; /* use base and extra for symbol > end */ - const count = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */ - const offs = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */ - let extra = null; - let extra_index = 0; - - let here_bits, here_op, here_val; - - /* - Process a set of code lengths to create a canonical Huffman code. The - code lengths are lens[0..codes-1]. Each length corresponds to the - symbols 0..codes-1. The Huffman code is generated by first sorting the - symbols by length from short to long, and retaining the symbol order - for codes with equal lengths. Then the code starts with all zero bits - for the first code of the shortest length, and the codes are integer - increments for the same length, and zeros are appended as the length - increases. For the deflate format, these bits are stored backwards - from their more natural integer increment ordering, and so when the - decoding tables are built in the large loop below, the integer codes - are incremented backwards. - - This routine assumes, but does not check, that all of the entries in - lens[] are in the range 0..MAXBITS. The caller must assure this. - 1..MAXBITS is interpreted as that code length. zero means that that - symbol does not occur in this code. - - The codes are sorted by computing a count of codes for each length, - creating from that a table of starting indices for each length in the - sorted table, and then entering the symbols in order in the sorted - table. The sorted table is work[], with that space being provided by - the caller. - - The length counts are used for other purposes as well, i.e. finding - the minimum and maximum length codes, determining if there are any - codes at all, checking for a valid set of lengths, and looking ahead - at length counts to determine sub-table sizes when building the - decoding tables. - */ - - /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ - for (len = 0; len <= MAXBITS; len++) { - count[len] = 0; - } - for (sym = 0; sym < codes; sym++) { - count[lens[lens_index + sym]]++; - } - - /* bound code lengths, force root to be within code lengths */ - root = bits; - for (max = MAXBITS; max >= 1; max--) { - if (count[max] !== 0) { - break; - } - } - if (root > max) { - root = max; - } - if (max === 0) { /* no symbols to code at all */ - //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */ - //table.bits[opts.table_index] = 1; //here.bits = (var char)1; - //table.val[opts.table_index++] = 0; //here.val = (var short)0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - - //table.op[opts.table_index] = 64; - //table.bits[opts.table_index] = 1; - //table.val[opts.table_index++] = 0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - opts.bits = 1; - return 0; /* no symbols, but wait for decoding to report error */ - } - for (min = 1; min < max; min++) { - if (count[min] !== 0) { - break; - } - } - if (root < min) { - root = min; - } - - /* check for an over-subscribed or incomplete set of lengths */ - left = 1; - for (len = 1; len <= MAXBITS; len++) { - left <<= 1; - left -= count[len]; - if (left < 0) { - return -1; - } /* over-subscribed */ - } - if (left > 0 && (type === CODES || max !== 1)) { - return -1; /* incomplete set */ - } - - /* generate offsets into symbol table for each length for sorting */ - offs[1] = 0; - for (len = 1; len < MAXBITS; len++) { - offs[len + 1] = offs[len] + count[len]; - } - - /* sort symbols by length, by symbol order within each length */ - for (sym = 0; sym < codes; sym++) { - if (lens[lens_index + sym] !== 0) { - work[offs[lens[lens_index + sym]]++] = sym; - } - } - - /* - Create and fill in decoding tables. In this loop, the table being - filled is at next and has curr index bits. The code being used is huff - with length len. That code is converted to an index by dropping drop - bits off of the bottom. For codes where len is less than drop + curr, - those top drop + curr - len bits are incremented through all values to - fill the table with replicated entries. - - root is the number of index bits for the root table. When len exceeds - root, sub-tables are created pointed to by the root entry with an index - of the low root bits of huff. This is saved in low to check for when a - new sub-table should be started. drop is zero when the root table is - being filled, and drop is root when sub-tables are being filled. - - When a new sub-table is needed, it is necessary to look ahead in the - code lengths to determine what size sub-table is needed. The length - counts are used for this, and so count[] is decremented as codes are - entered in the tables. - - used keeps track of how many table entries have been allocated from the - provided *table space. It is checked for LENS and DIST tables against - the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in - the initial root table size constants. See the comments in inftrees.h - for more information. - - sym increments through all symbols, and the loop terminates when - all codes of length max, i.e. all codes, have been processed. This - routine permits incomplete codes, so another loop after this one fills - in the rest of the decoding tables with invalid code markers. - */ - - /* set up for code type */ - // poor man optimization - use if-else instead of switch, - // to avoid deopts in old v8 - if (type === CODES) { - base = extra = work; /* dummy value--not used */ - end = 19; - - } else if (type === LENS) { - base = lbase; - base_index -= 257; - extra = lext; - extra_index -= 257; - end = 256; - - } else { /* DISTS */ - base = dbase; - extra = dext; - end = -1; - } - - /* initialize opts for loop */ - huff = 0; /* starting code */ - sym = 0; /* starting code symbol */ - len = min; /* starting code length */ - next = table_index; /* current table to fill in */ - curr = root; /* current table index bits */ - drop = 0; /* current bits to drop from code for index */ - low = -1; /* trigger new sub-table when len > root */ - used = 1 << root; /* use root table entries */ - const mask = used - 1; /* mask for comparing low */ - - /* check available table space */ - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* process all codes and make table entries */ - for (;;) { - /* create table entry */ - here_bits = len - drop; - if (work[sym] < end) { - here_op = 0; - here_val = work[sym]; - } else if (work[sym] > end) { - here_op = extra[extra_index + work[sym]]; - here_val = base[base_index + work[sym]]; - } else { - here_op = 32 + 64; /* end of block */ - here_val = 0; - } - - /* replicate for those indices with low len bits equal to huff */ - incr = 1 << len - drop; - fill = 1 << curr; - min = fill; /* save offset to next table */ - do { - fill -= incr; - table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0; - } while (fill !== 0); - - /* backwards increment the len-bit code huff */ - incr = 1 << len - 1; - while (huff & incr) { - incr >>= 1; - } - if (incr !== 0) { - huff &= incr - 1; - huff += incr; - } else { - huff = 0; - } - - /* go to next symbol, update count, len */ - sym++; - if (--count[len] === 0) { - if (len === max) { - break; - } - len = lens[lens_index + work[sym]]; - } - - /* create new sub-table if needed */ - if (len > root && (huff & mask) !== low) { - /* if first time, transition to sub-tables */ - if (drop === 0) { - drop = root; - } - - /* increment past last table */ - next += min; /* here min is 1 << curr */ - - /* determine length of next table */ - curr = len - drop; - left = 1 << curr; - while (curr + drop < max) { - left -= count[curr + drop]; - if (left <= 0) { - break; - } - curr++; - left <<= 1; - } - - /* check for enough space */ - used += 1 << curr; - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* point entry in root table to sub-table */ - low = huff & mask; - /*table.op[low] = curr; - table.bits[low] = root; - table.val[low] = next - opts.table_index;*/ - table[low] = root << 24 | curr << 16 | next - table_index |0; - } - } - - /* fill in remaining table entry if code is incomplete (guaranteed to have - at most one remaining entry, since if the code is incomplete, the - maximum code length that was allowed to get this far is one bit) */ - if (huff !== 0) { - //table.op[next + huff] = 64; /* invalid code marker */ - //table.bits[next + huff] = len - drop; - //table.val[next + huff] = 0; - table[next + huff] = len - drop << 24 | 64 << 16 |0; - } - - /* set return parameters */ - //opts.table_index += used; - opts.bits = root; - return 0; -} - -const CODES$1 = 0; -const LENS$1 = 1; -const DISTS$1 = 2; - -/* STATES ====================================================================*/ -/* ===========================================================================*/ - - -const HEAD = 1; /* i: waiting for magic header */ -const FLAGS = 2; /* i: waiting for method and flags (gzip) */ -const TIME = 3; /* i: waiting for modification time (gzip) */ -const OS = 4; /* i: waiting for extra flags and operating system (gzip) */ -const EXLEN = 5; /* i: waiting for extra length (gzip) */ -const EXTRA = 6; /* i: waiting for extra bytes (gzip) */ -const NAME = 7; /* i: waiting for end of file name (gzip) */ -const COMMENT = 8; /* i: waiting for end of comment (gzip) */ -const HCRC = 9; /* i: waiting for header crc (gzip) */ -const DICTID = 10; /* i: waiting for dictionary check value */ -const DICT = 11; /* waiting for inflateSetDictionary() call */ -const TYPE$1 = 12; /* i: waiting for type bits, including last-flag bit */ -const TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */ -const STORED = 14; /* i: waiting for stored size (length and complement) */ -const COPY_ = 15; /* i/o: same as COPY below, but only first time in */ -const COPY = 16; /* i/o: waiting for input or output to copy stored block */ -const TABLE = 17; /* i: waiting for dynamic block table lengths */ -const LENLENS = 18; /* i: waiting for code length code lengths */ -const CODELENS = 19; /* i: waiting for length/lit and distance code lengths */ -const LEN_ = 20; /* i: same as LEN below, but only first time in */ -const LEN = 21; /* i: waiting for length/lit/eob code */ -const LENEXT = 22; /* i: waiting for length extra bits */ -const DIST = 23; /* i: waiting for distance code */ -const DISTEXT = 24; /* i: waiting for distance extra bits */ -const MATCH = 25; /* o: waiting for output space to copy string */ -const LIT = 26; /* o: waiting for output space to write literal */ -const CHECK = 27; /* i: waiting for 32-bit check value */ -const LENGTH = 28; /* i: waiting for 32-bit length (gzip) */ -const DONE = 29; /* finished check, done -- remain here until reset */ -const BAD$1 = 30; /* got a data error -- remain here until reset */ -//const MEM = 31; /* got an inflate() memory error -- remain here until reset */ -const SYNC = 32; /* looking for synchronization bytes to restart inflate() */ - -/* ===========================================================================*/ - - - -const ENOUGH_LENS$1 = 852; -const ENOUGH_DISTS$1 = 592; - - -function zswap32(q) { - return (((q >>> 24) & 0xff) + - ((q >>> 8) & 0xff00) + - ((q & 0xff00) << 8) + - ((q & 0xff) << 24)); -} - - -class InflateState { - constructor() { - this.mode = 0; /* current inflate mode */ - this.last = false; /* true if processing last block */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.havedict = false; /* true if dictionary provided */ - this.flags = 0; /* gzip header method and flags (0 if zlib) */ - this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */ - this.check = 0; /* protected copy of check value */ - this.total = 0; /* protected copy of output count */ - // TODO: may be {} - this.head = null; /* where to save gzip header information */ - - /* sliding window */ - this.wbits = 0; /* log base 2 of requested window size */ - this.wsize = 0; /* window size or zero if not using window */ - this.whave = 0; /* valid bytes in the window */ - this.wnext = 0; /* window write index */ - this.window = null; /* allocated sliding window, if needed */ - - /* bit accumulator */ - this.hold = 0; /* input bit accumulator */ - this.bits = 0; /* number of bits in "in" */ - - /* for string and stored block copying */ - this.length = 0; /* literal or length of data to copy */ - this.offset = 0; /* distance back to copy string from */ - - /* for table and code decoding */ - this.extra = 0; /* extra bits needed */ - - /* fixed and dynamic code tables */ - this.lencode = null; /* starting table for length/literal codes */ - this.distcode = null; /* starting table for distance codes */ - this.lenbits = 0; /* index bits for lencode */ - this.distbits = 0; /* index bits for distcode */ - - /* dynamic table building */ - this.ncode = 0; /* number of code length code lengths */ - this.nlen = 0; /* number of length code lengths */ - this.ndist = 0; /* number of distance code lengths */ - this.have = 0; /* number of code lengths in lens[] */ - this.next = null; /* next available space in codes[] */ - - this.lens = new Buf16(320); /* temporary storage for code lengths */ - this.work = new Buf16(288); /* work area for code table building */ - - /* - because we don't have pointers in js, we use lencode and distcode directly - as buffers so we don't need codes - */ - //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */ - this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */ - this.distdyn = null; /* dynamic table for distance codes (JS specific) */ - this.sane = 0; /* if false, allow invalid distance too far */ - this.back = 0; /* bits back of last unprocessed length/lit */ - this.was = 0; /* initial length of match */ - } -} - -function inflateResetKeep(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - strm.total_in = strm.total_out = state.total = 0; - strm.msg = ''; /*Z_NULL*/ - if (state.wrap) { /* to support ill-conceived Java test suite */ - strm.adler = state.wrap & 1; - } - state.mode = HEAD; - state.last = 0; - state.havedict = 0; - state.dmax = 32768; - state.head = null/*Z_NULL*/; - state.hold = 0; - state.bits = 0; - //state.lencode = state.distcode = state.next = state.codes; - state.lencode = state.lendyn = new Buf32(ENOUGH_LENS$1); - state.distcode = state.distdyn = new Buf32(ENOUGH_DISTS$1); - - state.sane = 1; - state.back = -1; - //Tracev((stderr, "inflate: reset\n")); - return Z_OK; -} - -function inflateReset(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - state.wsize = 0; - state.whave = 0; - state.wnext = 0; - return inflateResetKeep(strm); - -} - -function inflateReset2(strm, windowBits) { - let wrap; - let state; - - /* get the state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - - /* extract wrap request from windowBits parameter */ - if (windowBits < 0) { - wrap = 0; - windowBits = -windowBits; - } - else { - wrap = (windowBits >> 4) + 1; - if (windowBits < 48) { - windowBits &= 15; - } - } - - /* set number of window bits, free window if different */ - if (windowBits && (windowBits < 8 || windowBits > 15)) { - return Z_STREAM_ERROR; - } - if (state.window !== null && state.wbits !== windowBits) { - state.window = null; - } - - /* update state and reset the rest of it */ - state.wrap = wrap; - state.wbits = windowBits; - return inflateReset(strm); -} - -function inflateInit2(strm, windowBits) { - let ret; - let state; - - if (!strm) { return Z_STREAM_ERROR; } - //strm.msg = Z_NULL; /* in case we return an error */ - - state = new InflateState(); - - //if (state === Z_NULL) return Z_MEM_ERROR; - //Tracev((stderr, "inflate: allocated\n")); - strm.state = state; - state.window = null/*Z_NULL*/; - ret = inflateReset2(strm, windowBits); - if (ret !== Z_OK) { - strm.state = null/*Z_NULL*/; - } - return ret; -} - - -/* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ -let virgin = true; - -let lenfix, distfix; // We have no pointers in JS, so keep tables separate - -function fixedtables(state) { - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - let sym; - - lenfix = new Buf32(512); - distfix = new Buf32(32); - - /* literal/length table */ - sym = 0; - while (sym < 144) { state.lens[sym++] = 8; } - while (sym < 256) { state.lens[sym++] = 9; } - while (sym < 280) { state.lens[sym++] = 7; } - while (sym < 288) { state.lens[sym++] = 8; } - - inflate_table(LENS$1, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 }); - - /* distance table */ - sym = 0; - while (sym < 32) { state.lens[sym++] = 5; } - - inflate_table(DISTS$1, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 }); - - /* do this just once */ - virgin = false; - } - - state.lencode = lenfix; - state.lenbits = 9; - state.distcode = distfix; - state.distbits = 5; -} - - -/* - Update the window with the last wsize (normally 32K) bytes written before - returning. If window does not exist yet, create it. This is only called - when a window is already in use, or when output has been written during this - inflate call, but the end of the deflate stream has not been reached yet. - It is also called to create a window for dictionary data when a dictionary - is loaded. - - Providing output buffers larger than 32K to inflate() should provide a speed - advantage, since only the last 32K of output is copied to the sliding window - upon return from inflate(), and since all distances after the first 32K of - output will fall in the output data, making match copies simpler and faster. - The advantage may be dependent on the size of the processor's data caches. - */ -function updatewindow(strm, src, end, copy) { - let dist; - const state = strm.state; - - /* if it hasn't been done already, allocate space for the window */ - if (state.window === null) { - state.wsize = 1 << state.wbits; - state.wnext = 0; - state.whave = 0; - - state.window = new Buf8(state.wsize); - } - - /* copy state->wsize or less output bytes into the circular window */ - if (copy >= state.wsize) { - arraySet(state.window, src, end - state.wsize, state.wsize, 0); - state.wnext = 0; - state.whave = state.wsize; - } - else { - dist = state.wsize - state.wnext; - if (dist > copy) { - dist = copy; - } - //zmemcpy(state->window + state->wnext, end - copy, dist); - arraySet(state.window, src, end - copy, dist, state.wnext); - copy -= dist; - if (copy) { - //zmemcpy(state->window, end - copy, copy); - arraySet(state.window, src, end - copy, copy, 0); - state.wnext = copy; - state.whave = state.wsize; - } - else { - state.wnext += dist; - if (state.wnext === state.wsize) { state.wnext = 0; } - if (state.whave < state.wsize) { state.whave += dist; } - } - } - return 0; -} - -function inflate(strm, flush) { - let state; - let input, output; // input/output buffers - let next; /* next input INDEX */ - let put; /* next output INDEX */ - let have, left; /* available input and output */ - let hold; /* bit buffer */ - let bits; /* bits in bit buffer */ - let _in, _out; /* save starting available input and output */ - let copy; /* number of stored or match bytes to copy */ - let from; /* where to copy match bytes from */ - let from_source; - let here = 0; /* current decoding table entry */ - let here_bits, here_op, here_val; // paked "here" denormalized (JS specific) - //var last; /* parent table entry */ - let last_bits, last_op, last_val; // paked "last" denormalized (JS specific) - let len; /* length to copy for repeats, bits to drop */ - let ret; /* return code */ - let hbuf = new Buf8(4); /* buffer for gzip header crc calculation */ - let opts; - - let n; // temporary var for NEED_BITS - - const order = /* permutation of code lengths */ - [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ]; - - - if (!strm || !strm.state || !strm.output || - (!strm.input && strm.avail_in !== 0)) { - return Z_STREAM_ERROR; - } - - state = strm.state; - if (state.mode === TYPE$1) { state.mode = TYPEDO; } /* skip check */ - - - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - _in = have; - _out = left; - ret = Z_OK; - - inf_leave: // goto emulation - for (;;) { - switch (state.mode) { - case HEAD: - if (state.wrap === 0) { - state.mode = TYPEDO; - break; - } - //=== NEEDBITS(16); - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */ - state.check = 0/*crc32(0L, Z_NULL, 0)*/; - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = FLAGS; - break; - } - state.flags = 0; /* expect zlib header */ - if (state.head) { - state.head.done = false; - } - if (!(state.wrap & 1) || /* check if zlib header allowed */ - (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) { - strm.msg = 'incorrect header check'; - state.mode = BAD$1; - break; - } - if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - len = (hold & 0x0f)/*BITS(4)*/ + 8; - if (state.wbits === 0) { - state.wbits = len; - } - else if (len > state.wbits) { - strm.msg = 'invalid window size'; - state.mode = BAD$1; - break; - } - state.dmax = 1 << len; - //Tracev((stderr, "inflate: zlib header ok\n")); - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = hold & 0x200 ? DICTID : TYPE$1; - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - break; - case FLAGS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.flags = hold; - if ((state.flags & 0xff) !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - if (state.flags & 0xe000) { - strm.msg = 'unknown header flags set'; - state.mode = BAD$1; - break; - } - if (state.head) { - state.head.text = ((hold >> 8) & 1); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = TIME; - /* falls through */ - case TIME: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.time = hold; - } - if (state.flags & 0x0200) { - //=== CRC4(state.check, hold) - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - hbuf[2] = (hold >>> 16) & 0xff; - hbuf[3] = (hold >>> 24) & 0xff; - state.check = crc32(state.check, hbuf, 4, 0); - //=== - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = OS; - /* falls through */ - case OS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.xflags = (hold & 0xff); - state.head.os = (hold >> 8); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = EXLEN; - /* falls through */ - case EXLEN: - if (state.flags & 0x0400) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length = hold; - if (state.head) { - state.head.extra_len = hold; - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - else if (state.head) { - state.head.extra = null/*Z_NULL*/; - } - state.mode = EXTRA; - /* falls through */ - case EXTRA: - if (state.flags & 0x0400) { - copy = state.length; - if (copy > have) { copy = have; } - if (copy) { - if (state.head) { - len = state.head.extra_len - state.length; - if (!state.head.extra) { - // Use untyped array for more convenient processing later - state.head.extra = new Array(state.head.extra_len); - } - arraySet( - state.head.extra, - input, - next, - // extra field is limited to 65536 bytes - // - no need for additional size check - copy, - /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/ - len - ); - //zmemcpy(state.head.extra + len, next, - // len + copy > state.head.extra_max ? - // state.head.extra_max - len : copy); - } - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - state.length -= copy; - } - if (state.length) { break inf_leave; } - } - state.length = 0; - state.mode = NAME; - /* falls through */ - case NAME: - if (state.flags & 0x0800) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - // TODO: 2 or 1 bytes? - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.name_max*/)) { - state.head.name += String.fromCharCode(len); - } - } while (len && copy < have); - - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.name = null; - } - state.length = 0; - state.mode = COMMENT; - /* falls through */ - case COMMENT: - if (state.flags & 0x1000) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.comm_max*/)) { - state.head.comment += String.fromCharCode(len); - } - } while (len && copy < have); - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.comment = null; - } - state.mode = HCRC; - /* falls through */ - case HCRC: - if (state.flags & 0x0200) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.check & 0xffff)) { - strm.msg = 'header crc mismatch'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - if (state.head) { - state.head.hcrc = ((state.flags >> 9) & 1); - state.head.done = true; - } - strm.adler = state.check = 0; - state.mode = TYPE$1; - break; - case DICTID: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - strm.adler = state.check = zswap32(hold); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = DICT; - /* falls through */ - case DICT: - if (state.havedict === 0) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - return Z_NEED_DICT; - } - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = TYPE$1; - /* falls through */ - case TYPE$1: - if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; } - /* falls through */ - case TYPEDO: - if (state.last) { - //--- BYTEBITS() ---// - hold >>>= bits & 7; - bits -= bits & 7; - //---// - state.mode = CHECK; - break; - } - //=== NEEDBITS(3); */ - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.last = (hold & 0x01)/*BITS(1)*/; - //--- DROPBITS(1) ---// - hold >>>= 1; - bits -= 1; - //---// - - switch ((hold & 0x03)/*BITS(2)*/) { - case 0: /* stored block */ - //Tracev((stderr, "inflate: stored block%s\n", - // state.last ? " (last)" : "")); - state.mode = STORED; - break; - case 1: /* fixed block */ - fixedtables(state); - //Tracev((stderr, "inflate: fixed codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = LEN_; /* decode codes */ - if (flush === Z_TREES) { - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break inf_leave; - } - break; - case 2: /* dynamic block */ - //Tracev((stderr, "inflate: dynamic codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = TABLE; - break; - case 3: - strm.msg = 'invalid block type'; - state.mode = BAD$1; - } - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break; - case STORED: - //--- BYTEBITS() ---// /* go to byte boundary */ - hold >>>= bits & 7; - bits -= bits & 7; - //---// - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) { - strm.msg = 'invalid stored block lengths'; - state.mode = BAD$1; - break; - } - state.length = hold & 0xffff; - //Tracev((stderr, "inflate: stored length %u\n", - // state.length)); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = COPY_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case COPY_: - state.mode = COPY; - /* falls through */ - case COPY: - copy = state.length; - if (copy) { - if (copy > have) { copy = have; } - if (copy > left) { copy = left; } - if (copy === 0) { break inf_leave; } - //--- zmemcpy(put, next, copy); --- - arraySet(output, input, next, copy, put); - //---// - have -= copy; - next += copy; - left -= copy; - put += copy; - state.length -= copy; - break; - } - //Tracev((stderr, "inflate: stored end\n")); - state.mode = TYPE$1; - break; - case TABLE: - //=== NEEDBITS(14); */ - while (bits < 14) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4; - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// -//#ifndef PKZIP_BUG_WORKAROUND - if (state.nlen > 286 || state.ndist > 30) { - strm.msg = 'too many length or distance symbols'; - state.mode = BAD$1; - break; - } -//#endif - //Tracev((stderr, "inflate: table sizes ok\n")); - state.have = 0; - state.mode = LENLENS; - /* falls through */ - case LENLENS: - while (state.have < state.ncode) { - //=== NEEDBITS(3); - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.lens[order[state.have++]] = (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - while (state.have < 19) { - state.lens[order[state.have++]] = 0; - } - // We have separate tables & no pointers. 2 commented lines below not needed. - //state.next = state.codes; - //state.lencode = state.next; - // Switch to use dynamic table - state.lencode = state.lendyn; - state.lenbits = 7; - - opts = { bits: state.lenbits }; - ret = inflate_table(CODES$1, state.lens, 0, 19, state.lencode, 0, state.work, opts); - state.lenbits = opts.bits; - - if (ret) { - strm.msg = 'invalid code lengths set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, "inflate: code lengths ok\n")); - state.have = 0; - state.mode = CODELENS; - /* falls through */ - case CODELENS: - while (state.have < state.nlen + state.ndist) { - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_val < 16) { - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.lens[state.have++] = here_val; - } - else { - if (here_val === 16) { - //=== NEEDBITS(here.bits + 2); - n = here_bits + 2; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - if (state.have === 0) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - len = state.lens[state.have - 1]; - copy = 3 + (hold & 0x03);//BITS(2); - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - } - else if (here_val === 17) { - //=== NEEDBITS(here.bits + 3); - n = here_bits + 3; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 3 + (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - else { - //=== NEEDBITS(here.bits + 7); - n = here_bits + 7; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 11 + (hold & 0x7f);//BITS(7); - //--- DROPBITS(7) ---// - hold >>>= 7; - bits -= 7; - //---// - } - if (state.have + copy > state.nlen + state.ndist) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - while (copy--) { - state.lens[state.have++] = len; - } - } - } - - /* handle error breaks in while */ - if (state.mode === BAD$1) { break; } - - /* check for end-of-block code (better have one) */ - if (state.lens[256] === 0) { - strm.msg = 'invalid code -- missing end-of-block'; - state.mode = BAD$1; - break; - } - - /* build code tables -- note: do not change the lenbits or distbits - values here (9 and 6) without reading the comments in inftrees.h - concerning the ENOUGH constants, which depend on those values */ - state.lenbits = 9; - - opts = { bits: state.lenbits }; - ret = inflate_table(LENS$1, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.lenbits = opts.bits; - // state.lencode = state.next; - - if (ret) { - strm.msg = 'invalid literal/lengths set'; - state.mode = BAD$1; - break; - } - - state.distbits = 6; - //state.distcode.copy(state.codes); - // Switch to use dynamic table - state.distcode = state.distdyn; - opts = { bits: state.distbits }; - ret = inflate_table(DISTS$1, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.distbits = opts.bits; - // state.distcode = state.next; - - if (ret) { - strm.msg = 'invalid distances set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, 'inflate: codes ok\n')); - state.mode = LEN_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case LEN_: - state.mode = LEN; - /* falls through */ - case LEN: - if (have >= 6 && left >= 258) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - inflate_fast(strm, _out); - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - if (state.mode === TYPE$1) { - state.back = -1; - } - break; - } - state.back = 0; - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if (here_bits <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_op && (here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.lencode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - state.length = here_val; - if (here_op === 0) { - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - state.mode = LIT; - break; - } - if (here_op & 32) { - //Tracevv((stderr, "inflate: end of block\n")); - state.back = -1; - state.mode = TYPE$1; - break; - } - if (here_op & 64) { - strm.msg = 'invalid literal/length code'; - state.mode = BAD$1; - break; - } - state.extra = here_op & 15; - state.mode = LENEXT; - /* falls through */ - case LENEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //Tracevv((stderr, "inflate: length %u\n", state.length)); - state.was = state.length; - state.mode = DIST; - /* falls through */ - case DIST: - for (;;) { - here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if ((here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.distcode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - if (here_op & 64) { - strm.msg = 'invalid distance code'; - state.mode = BAD$1; - break; - } - state.offset = here_val; - state.extra = (here_op) & 15; - state.mode = DISTEXT; - /* falls through */ - case DISTEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } -//#ifdef INFLATE_STRICT - if (state.offset > state.dmax) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -//#endif - //Tracevv((stderr, "inflate: distance %u\n", state.offset)); - state.mode = MATCH; - /* falls through */ - case MATCH: - if (left === 0) { break inf_leave; } - copy = _out - left; - if (state.offset > copy) { /* copy from window */ - copy = state.offset - copy; - if (copy > state.whave) { - if (state.sane) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -// (!) This block is disabled in zlib defaults, -// don't enable it for binary compatibility -//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR -// Trace((stderr, "inflate.c too far\n")); -// copy -= state.whave; -// if (copy > state.length) { copy = state.length; } -// if (copy > left) { copy = left; } -// left -= copy; -// state.length -= copy; -// do { -// output[put++] = 0; -// } while (--copy); -// if (state.length === 0) { state.mode = LEN; } -// break; -//#endif - } - if (copy > state.wnext) { - copy -= state.wnext; - from = state.wsize - copy; - } - else { - from = state.wnext - copy; - } - if (copy > state.length) { copy = state.length; } - from_source = state.window; - } - else { /* copy from output */ - from_source = output; - from = put - state.offset; - copy = state.length; - } - if (copy > left) { copy = left; } - left -= copy; - state.length -= copy; - do { - output[put++] = from_source[from++]; - } while (--copy); - if (state.length === 0) { state.mode = LEN; } - break; - case LIT: - if (left === 0) { break inf_leave; } - output[put++] = state.length; - left--; - state.mode = LEN; - break; - case CHECK: - if (state.wrap) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - // Use '|' instead of '+' to make sure that result is signed - hold |= input[next++] << bits; - bits += 8; - } - //===// - _out -= left; - strm.total_out += _out; - state.total += _out; - if (_out) { - strm.adler = state.check = - /*UPDATE(state.check, put - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out)); - - } - _out = left; - // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too - if ((state.flags ? hold : zswap32(hold)) !== state.check) { - strm.msg = 'incorrect data check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: check matches trailer\n")); - } - state.mode = LENGTH; - /* falls through */ - case LENGTH: - if (state.wrap && state.flags) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.total & 0xffffffff)) { - strm.msg = 'incorrect length check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: length matches trailer\n")); - } - state.mode = DONE; - /* falls through */ - case DONE: - ret = Z_STREAM_END; - break inf_leave; - case BAD$1: - ret = Z_DATA_ERROR; - break inf_leave; - // case MEM: - // return Z_MEM_ERROR; - case SYNC: - /* falls through */ - default: - return Z_STREAM_ERROR; - } - } - - // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave" - - /* - Return from inflate(), updating the total counts and the check value. - If there was no progress during the inflate() call, return a buffer - error. Call updatewindow() to create and/or update the window state. - Note: a memory error from inflate() is non-recoverable. - */ - - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - - if (state.wsize || (_out !== strm.avail_out && state.mode < BAD$1 && - (state.mode < CHECK || flush !== Z_FINISH))) { - if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) ; - } - _in -= strm.avail_in; - _out -= strm.avail_out; - strm.total_in += _in; - strm.total_out += _out; - state.total += _out; - if (state.wrap && _out) { - strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out)); - } - strm.data_type = state.bits + (state.last ? 64 : 0) + - (state.mode === TYPE$1 ? 128 : 0) + - (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0); - if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) { - ret = Z_BUF_ERROR; - } - return ret; -} - -function inflateEnd(strm) { - - if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) { - return Z_STREAM_ERROR; - } - - const state = strm.state; - if (state.window) { - state.window = null; - } - strm.state = null; - return Z_OK; -} - -function inflateGetHeader(strm, head) { - let state; - - /* check state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; } - - /* save header structure */ - state.head = head; - head.done = false; - return Z_OK; -} - -function inflateSetDictionary(strm, dictionary) { - const dictLength = dictionary.length; - - let state; - let dictid; - - /* check state */ - if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; } - state = strm.state; - - if (state.wrap !== 0 && state.mode !== DICT) { - return Z_STREAM_ERROR; - } - - /* check for correct dictionary identifier */ - if (state.mode === DICT) { - dictid = 1; /* adler32(0, null, 0)*/ - /* dictid = adler32(dictid, dictionary, dictLength); */ - dictid = adler32(dictid, dictionary, dictLength, 0); - if (dictid !== state.check) { - return Z_DATA_ERROR; - } - } - /* copy dictionary to window using updatewindow(), which will amend the - existing dictionary if appropriate */ - updatewindow(strm, dictionary, dictLength, dictLength); - // if (ret) { - // state.mode = MEM; - // return Z_MEM_ERROR; - // } - state.havedict = 1; - // Tracev((stderr, "inflate: dictionary set\n")); - return Z_OK; -} - -/* Not implemented -exports.inflateCopy = inflateCopy; -exports.inflateGetDictionary = inflateGetDictionary; -exports.inflateMark = inflateMark; -exports.inflatePrime = inflatePrime; -exports.inflateSync = inflateSync; -exports.inflateSyncPoint = inflateSyncPoint; -exports.inflateUndermine = inflateUndermine; -*/ - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class GZheader { - constructor() { - /* true if compressed data believed to be text */ - this.text = 0; - /* modification time */ - this.time = 0; - /* extra flags (not used when writing a gzip file) */ - this.xflags = 0; - /* operating system */ - this.os = 0; - /* pointer to extra field or Z_NULL if none */ - this.extra = null; - /* extra field length (valid if extra != Z_NULL) */ - this.extra_len = 0; // Actually, we don't need it in JS, - // but leave for few code modifications - - // - // Setup limits is not necessary because in js we should not preallocate memory - // for inflate use constant limit in 65536 bytes - // - - /* space at extra (only when reading header) */ - // this.extra_max = 0; - /* pointer to zero-terminated file name or Z_NULL */ - this.name = ''; - /* space at name (only when reading header) */ - // this.name_max = 0; - /* pointer to zero-terminated comment or Z_NULL */ - this.comment = ''; - /* space at comment (only when reading header) */ - // this.comm_max = 0; - /* true if there was or will be a header crc */ - this.hcrc = 0; - /* true when done reading gzip header (not used when writing a gzip file) */ - this.done = false; - } -} - -/** - * class Inflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[inflate]] - * and [[inflateRaw]]. - **/ - -/* internal - * inflate.chunks -> Array - * - * Chunks of output data, if [[Inflate#onData]] not overridden. - **/ - -/** - * Inflate.result -> Uint8Array|Array|String - * - * Uncompressed result, generated by default [[Inflate#onData]] - * and [[Inflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Inflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Inflate.err -> Number - * - * Error code after inflate finished. 0 (Z_OK) on success. - * Should be checked if broken data possible. - **/ - -/** - * Inflate.msg -> String - * - * Error message, if [[Inflate.err]] != 0 - **/ - - -/** - * new Inflate(options) - * - options (Object): zlib inflate options. - * - * Creates new inflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `windowBits` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw inflate - * - `to` (String) - if equal to 'string', then result will be converted - * from utf8 to utf16 (javascript) string. When string output requested, - * chunk length can differ from `chunkSize`, depending on content. - * - * By default, when no options set, autodetect deflate/gzip data format via - * wrapper header. - * - * ##### Example: - * - * ```javascript - * var pako = require('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var inflate = new pako.Inflate({ level: 3}); - * - * inflate.push(chunk1, false); - * inflate.push(chunk2, true); // true -> last chunk - * - * if (inflate.err) { throw new Error(inflate.err); } - * - * console.log(inflate.result); - * ``` - **/ -class Inflate { - constructor(options) { - this.options = { - chunkSize: 16384, - windowBits: 0, - ...(options || {}) - }; - - const opt = this.options; - - // Force window size for `raw` data, if not set directly, - // because we have no header for autodetect. - if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) { - opt.windowBits = -opt.windowBits; - if (opt.windowBits === 0) { opt.windowBits = -15; } - } - - // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate - if ((opt.windowBits >= 0) && (opt.windowBits < 16) && - !(options && options.windowBits)) { - opt.windowBits += 32; - } - - // Gzip header has no info about windows size, we can do autodetect only - // for deflate. So, if window size not set, force it to max when gzip possible - if ((opt.windowBits > 15) && (opt.windowBits < 48)) { - // bit 3 (16) -> gzipped data - // bit 4 (32) -> autodetect gzip/deflate - if ((opt.windowBits & 15) === 0) { - opt.windowBits |= 15; - } - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - let status = inflateInit2( - this.strm, - opt.windowBits - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this.header = new GZheader(); - - inflateGetHeader(this.strm, this.header); - - // Setup dictionary - if (opt.dictionary) { - // Convert data if needed - if (typeof opt.dictionary === 'string') { - opt.dictionary = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - opt.dictionary = new Uint8Array(opt.dictionary); - } - if (opt.raw) { //In raw mode we need to set the dictionary early - status = inflateSetDictionary(this.strm, opt.dictionary); - if (status !== Z_OK) { - throw new Error(msg[status]); - } - } - } - } - /** - * Inflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with - * new output chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the decompression context. - * - * On fail call [[Inflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize, dictionary } } = this; - let status, _mode; - - // Flag to properly process Z_BUF_ERROR on testing inflate call - // when we check that all output data was flushed. - let allowBufError = false; - - if (this.ended) { return false; } - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // Only binary strings can be decompressed on practice - strm.input = binstring2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - - status = inflate(strm, Z_NO_FLUSH); /* no bad return value */ - - if (status === Z_NEED_DICT && dictionary) { - status = inflateSetDictionary(this.strm, dictionary); - } - - if (status === Z_BUF_ERROR && allowBufError === true) { - status = Z_OK; - allowBufError = false; - } - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - - if (strm.next_out) { - if (strm.avail_out === 0 || status === Z_STREAM_END || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } - - // When no more input data, we should check that internal inflate buffers - // are flushed. The only way to do it when avail_out = 0 - run one more - // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR. - // Here we set flag to process this error properly. - // - // NOTE. Deflate does not return error in this case and does not needs such - // logic. - if (strm.avail_in === 0 && strm.avail_out === 0) { - allowBufError = true; - } - - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - if (status === Z_STREAM_END) { - _mode = Z_FINISH; - } - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = inflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - - /** - * Inflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - - - /** - * Inflate#onEnd(status) -> Void - * - status (Number): inflate status. 0 (Z_OK) on success, - * other if not. - * - * Called either after you tell inflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -/* -node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - -Copyright (C) 2012 Eli Skeggs - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - -var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; - -// offset in bytes -var BitReader = function(stream) { - this.stream = stream; - this.bitOffset = 0; - this.curByte = 0; - this.hasByte = false; -}; - -BitReader.prototype._ensureByte = function() { - if (!this.hasByte) { - this.curByte = this.stream.readByte(); - this.hasByte = true; - } -}; - -// reads bits from the buffer -BitReader.prototype.read = function(bits) { - var result = 0; - while (bits > 0) { - this._ensureByte(); - var remaining = 8 - this.bitOffset; - // if we're in a byte - if (bits >= remaining) { - result <<= remaining; - result |= BITMASK[remaining] & this.curByte; - this.hasByte = false; - this.bitOffset = 0; - bits -= remaining; - } else { - result <<= bits; - var shift = remaining - bits; - result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; - this.bitOffset += bits; - bits = 0; - } - } - return result; -}; - -// seek to an arbitrary point in the buffer (expressed in bits) -BitReader.prototype.seek = function(pos) { - var n_bit = pos % 8; - var n_byte = (pos - n_bit) / 8; - this.bitOffset = n_bit; - this.stream.seek(n_byte); - this.hasByte = false; -}; - -// reads 6 bytes worth of data using the read method -BitReader.prototype.pi = function() { - var buf = new Uint8Array(6), i; - for (i = 0; i < buf.length; i++) { - buf[i] = this.read(8); - } - return bufToHex(buf); -}; - -function bufToHex(buf) { - return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); -} - -var bitreader = BitReader; - -/* very simple input/output stream interface */ -var Stream = function() { -}; - -// input streams ////////////// -/** Returns the next byte, or -1 for EOF. */ -Stream.prototype.readByte = function() { - throw new Error("abstract method readByte() not implemented"); -}; -/** Attempts to fill the buffer; returns number of bytes read, or - * -1 for EOF. */ -Stream.prototype.read = function(buffer, bufOffset, length) { - var bytesRead = 0; - while (bytesRead < length) { - var c = this.readByte(); - if (c < 0) { // EOF - return (bytesRead===0) ? -1 : bytesRead; - } - buffer[bufOffset++] = c; - bytesRead++; - } - return bytesRead; -}; -Stream.prototype.seek = function(new_pos) { - throw new Error("abstract method seek() not implemented"); -}; - -// output streams /////////// -Stream.prototype.writeByte = function(_byte) { - throw new Error("abstract method readByte() not implemented"); -}; -Stream.prototype.write = function(buffer, bufOffset, length) { - var i; - for (i=0; i>> 0; // return an unsigned value - }; - - /** - * Update the CRC with a single byte - * @param value The value to update the CRC with - */ - this.updateCRC = function(value) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - }; - - /** - * Update the CRC with a sequence of identical bytes - * @param value The value to update the CRC with - * @param count The number of bytes - */ - this.updateCRCRun = function(value, count) { - while (count-- > 0) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - } - }; - }; - return CRC32; -})(); - -/* -seek-bzip - a pure-javascript module for seeking within bzip2 data - -Copyright (C) 2013 C. Scott Ananian -Copyright (C) 2012 Eli Skeggs -Copyright (C) 2011 Kevin Kwok - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from node-bzip, copyright 2012 Eli Skeggs. -Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - - - - - -var MAX_HUFCODE_BITS = 20; -var MAX_SYMBOLS = 258; -var SYMBOL_RUNA = 0; -var SYMBOL_RUNB = 1; -var MIN_GROUPS = 2; -var MAX_GROUPS = 6; -var GROUP_SIZE = 50; - -var WHOLEPI = "314159265359"; -var SQRTPI = "177245385090"; - -var mtf = function(array, index) { - var src = array[index], i; - for (i = index; i > 0; i--) { - array[i] = array[i-1]; - } - array[0] = src; - return src; -}; - -var Err = { - OK: 0, - LAST_BLOCK: -1, - NOT_BZIP_DATA: -2, - UNEXPECTED_INPUT_EOF: -3, - UNEXPECTED_OUTPUT_EOF: -4, - DATA_ERROR: -5, - OUT_OF_MEMORY: -6, - OBSOLETE_INPUT: -7, - END_OF_BLOCK: -8 -}; -var ErrorMessages = {}; -ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; -ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; -ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; -ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; -ErrorMessages[Err.DATA_ERROR] = "Data error"; -ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; -ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - -var _throw = function(status, optDetail) { - var msg = ErrorMessages[status] || 'unknown error'; - if (optDetail) { msg += ': '+optDetail; } - var e = new TypeError(msg); - e.errorCode = status; - throw e; -}; - -var Bunzip = function(inputStream, outputStream) { - this.writePos = this.writeCurrent = this.writeCount = 0; - - this._start_bunzip(inputStream, outputStream); -}; -Bunzip.prototype._init_block = function() { - var moreBlocks = this._get_next_block(); - if ( !moreBlocks ) { - this.writeCount = -1; - return false; /* no more blocks */ - } - this.blockCRC = new crc32$1(); - return true; -}; -/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ -Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { - /* Ensure that file starts with "BZh['1'-'9']." */ - var buf = new Uint8Array(4); - if (inputStream.read(buf, 0, 4) !== 4 || - String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') - _throw(Err.NOT_BZIP_DATA, 'bad magic'); - - var level = buf[3] - 0x30; - if (level < 1 || level > 9) - _throw(Err.NOT_BZIP_DATA, 'level out of range'); - - this.reader = new bitreader(inputStream); - - /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of - uncompressed data. Allocate intermediate buffer for block. */ - this.dbufSize = 100000 * level; - this.nextoutput = 0; - this.outputStream = outputStream; - this.streamCRC = 0; -}; -Bunzip.prototype._get_next_block = function() { - var i, j, k; - var reader = this.reader; - // this is get_next_block() function from micro-bunzip: - /* Read in header signature and CRC, then validate signature. - (last block signature means CRC is for whole file, return now) */ - var h = reader.pi(); - if (h === SQRTPI) { // last block - return false; /* no more blocks */ - } - if (h !== WHOLEPI) - _throw(Err.NOT_BZIP_DATA); - this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) - this.streamCRC = (this.targetBlockCRC ^ - ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; - /* We can add support for blockRandomised if anybody complains. There was - some code for this in busybox 1.0.0-pre3, but nobody ever noticed that - it didn't actually work. */ - if (reader.read(1)) - _throw(Err.OBSOLETE_INPUT); - var origPointer = reader.read(24); - if (origPointer > this.dbufSize) - _throw(Err.DATA_ERROR, 'initial position out of bounds'); - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer - symbols to deal with, and writes a sparse bitfield indicating which - values were present. We make a translation table to convert the symbols - back to the corresponding bytes. */ - var t = reader.read(16); - var symToByte = new Uint8Array(256), symTotal = 0; - for (i = 0; i < 16; i++) { - if (t & (1 << (0xF - i))) { - var o = i * 16; - k = reader.read(16); - for (j = 0; j < 16; j++) - if (k & (1 << (0xF - j))) - symToByte[symTotal++] = o + j; - } - } - - /* How many different huffman coding groups does this block use? */ - var groupCount = reader.read(3); - if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) - _throw(Err.DATA_ERROR); - /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding - group. Read in the group selector list, which is stored as MTF encoded - bit runs. (MTF=Move To Front, as each value is used it's moved to the - start of the list.) */ - var nSelectors = reader.read(15); - if (nSelectors === 0) - _throw(Err.DATA_ERROR); - - var mtfSymbol = new Uint8Array(256); - for (i = 0; i < groupCount; i++) - mtfSymbol[i] = i; - - var selectors = new Uint8Array(nSelectors); // was 32768... - - for (i = 0; i < nSelectors; i++) { - /* Get next value */ - for (j = 0; reader.read(1); j++) - if (j >= groupCount) _throw(Err.DATA_ERROR); - /* Decode MTF to get the next selector */ - selectors[i] = mtf(mtfSymbol, j); - } - - /* Read the huffman coding tables for each group, which code for symTotal - literal symbols, plus two run symbols (RUNA, RUNB) */ - var symCount = symTotal + 2; - var groups = [], hufGroup; - for (j = 0; j < groupCount; j++) { - var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); - /* Read huffman code lengths for each symbol. They're stored in - a way similar to mtf; record a starting value for the first symbol, - and an offset from the previous value for everys symbol after that. */ - t = reader.read(5); // lengths - for (i = 0; i < symCount; i++) { - for (;;) { - if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); - /* If first bit is 0, stop. Else second bit indicates whether - to increment or decrement the value. */ - if(!reader.read(1)) - break; - if(!reader.read(1)) - t++; - else - t--; - } - length[i] = t; - } - - /* Find largest and smallest lengths in this group */ - var minLen, maxLen; - minLen = maxLen = length[0]; - for (i = 1; i < symCount; i++) { - if (length[i] > maxLen) - maxLen = length[i]; - else if (length[i] < minLen) - minLen = length[i]; - } - - /* Calculate permute[], base[], and limit[] tables from length[]. - * - * permute[] is the lookup table for converting huffman coded symbols - * into decoded symbols. base[] is the amount to subtract from the - * value of a huffman symbol of a given length when using permute[]. - * - * limit[] indicates the largest numerical value a symbol with a given - * number of bits can have. This is how the huffman codes can vary in - * length: each code with a value>limit[length] needs another bit. - */ - hufGroup = {}; - groups.push(hufGroup); - hufGroup.permute = new Uint16Array(MAX_SYMBOLS); - hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); - hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); - hufGroup.minLen = minLen; - hufGroup.maxLen = maxLen; - /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ - var pp = 0; - for (i = minLen; i <= maxLen; i++) { - temp[i] = hufGroup.limit[i] = 0; - for (t = 0; t < symCount; t++) - if (length[t] === i) - hufGroup.permute[pp++] = t; - } - /* Count symbols coded for at each bit length */ - for (i = 0; i < symCount; i++) - temp[length[i]]++; - /* Calculate limit[] (the largest symbol-coding value at each bit - * length, which is (previous limit<<1)+symbols at this level), and - * base[] (number of symbols to ignore at each bit length, which is - * limit minus the cumulative count of symbols coded for already). */ - pp = t = 0; - for (i = minLen; i < maxLen; i++) { - pp += temp[i]; - /* We read the largest possible symbol size and then unget bits - after determining how many we need, and those extra bits could - be set to anything. (They're noise from future symbols.) At - each level we're really only interested in the first few bits, - so here we set all the trailing to-be-ignored bits to 1 so they - don't affect the value>limit[length] comparison. */ - hufGroup.limit[i] = pp - 1; - pp <<= 1; - t += temp[i]; - hufGroup.base[i + 1] = pp - t; - } - hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ - hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; - hufGroup.base[minLen] = 0; - } - /* We've finished reading and digesting the block header. Now read this - block's huffman coded symbols from the file and undo the huffman coding - and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - - /* Initialize symbol occurrence counters and symbol Move To Front table */ - var byteCount = new Uint32Array(256); - for (i = 0; i < 256; i++) - mtfSymbol[i] = i; - /* Loop through compressed symbols. */ - var runPos = 0, dbufCount = 0, selector = 0, uc; - var dbuf = this.dbuf = new Uint32Array(this.dbufSize); - symCount = 0; - for (;;) { - /* Determine which huffman coding group to use. */ - if (!(symCount--)) { - symCount = GROUP_SIZE - 1; - if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } - hufGroup = groups[selectors[selector++]]; - } - /* Read next huffman-coded symbol. */ - i = hufGroup.minLen; - j = reader.read(i); - for (;;i++) { - if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } - if (j <= hufGroup.limit[i]) - break; - j = (j << 1) | reader.read(1); - } - /* Huffman decode value to get nextSym (with bounds checking) */ - j -= hufGroup.base[i]; - if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } - var nextSym = hufGroup.permute[j]; - /* We have now decoded the symbol, which indicates either a new literal - byte, or a repeated run of the most recent literal byte. First, - check if nextSym indicates a repeated run, and if so loop collecting - how many times to repeat the last literal. */ - if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { - /* If this is the start of a new run, zero out counter */ - if (!runPos){ - runPos = 1; - t = 0; - } - /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at - each bit position, add 1 or 2 instead. For example, - 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. - You can make any bit pattern that way using 1 less symbol than - the basic or 0/1 method (except all bits 0, which would use no - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - if (nextSym === SYMBOL_RUNA) - t += runPos; - else - t += 2 * runPos; - runPos <<= 1; - continue; - } - /* When we hit the first non-run symbol after a run, we now know - how many times to repeat the last literal, so append that many - copies to our buffer of decoded symbols (dbuf) now. (The last - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos){ - runPos = 0; - if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } - uc = symToByte[mtfSymbol[0]]; - byteCount[uc] += t; - while (t--) - dbuf[dbufCount++] = uc; - } - /* Is this the terminating symbol? */ - if (nextSym > symTotal) - break; - /* At this point, nextSym indicates a new literal character. Subtract - one to get the position in the MTF array at which this literal is - currently to be found. (Note that the result can't be -1 or 0, - because 0 and 1 are RUNA and RUNB. But another instance of the - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ - if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } - i = nextSym - 1; - uc = mtf(mtfSymbol, i); - uc = symToByte[uc]; - /* We have our literal byte. Save it into dbuf. */ - byteCount[uc]++; - dbuf[dbufCount++] = uc; - } - /* At this point, we've read all the huffman-coded symbols (and repeated - runs) for this block from the input stream, and decoded them into the - intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. - Now undo the Burrows-Wheeler transform on dbuf. - See http://dogma.net/markn/articles/bwt/bwt.htm - */ - if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } - /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ - j = 0; - for (i = 0; i < 256; i++) { - k = j + byteCount[i]; - byteCount[i] = j; - j = k; - } - /* Figure out what order dbuf would be in if we sorted it. */ - for (i = 0; i < dbufCount; i++) { - uc = dbuf[i] & 0xff; - dbuf[byteCount[uc]] |= (i << 8); - byteCount[uc]++; - } - /* Decode first byte by hand to initialize "previous" byte. Note that it - doesn't get output, and if the first three characters are identical - it doesn't qualify as a run (hence writeRunCountdown=5). */ - var pos = 0, current = 0, run = 0; - if (dbufCount) { - pos = dbuf[origPointer]; - current = (pos & 0xff); - pos >>= 8; - run = -1; - } - this.writePos = pos; - this.writeCurrent = current; - this.writeCount = dbufCount; - this.writeRun = run; - - return true; /* more blocks to come */ -}; -/* Undo burrows-wheeler transform on intermediate buffer to produce output. - If start_bunzip was initialized with out_fd=-1, then up to len bytes of - data are written to outbuf. Return value is number of bytes written or - error (all errors are negative numbers). If out_fd!=-1, outbuf and len - are ignored, data is written to out_fd and return is RETVAL_OK or error. -*/ -Bunzip.prototype._read_bunzip = function(outputBuffer, len) { - var copies, previous, outbyte; - /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully - decoded, which results in this returning RETVAL_LAST_BLOCK, also - equal to -1... Confusing, I'm returning 0 here to indicate no - bytes written into the buffer */ - if (this.writeCount < 0) { return 0; } - var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; - var dbufCount = this.writeCount; this.outputsize; - var run = this.writeRun; - - while (dbufCount) { - dbufCount--; - previous = current; - pos = dbuf[pos]; - current = pos & 0xff; - pos >>= 8; - if (run++ === 3){ - copies = current; - outbyte = previous; - current = -1; - } else { - copies = 1; - outbyte = current; - } - this.blockCRC.updateCRCRun(outbyte, copies); - while (copies--) { - this.outputStream.writeByte(outbyte); - this.nextoutput++; - } - if (current != previous) - run = 0; - } - this.writeCount = dbufCount; - // check CRC - if (this.blockCRC.getCRC() !== this.targetBlockCRC) { - _throw(Err.DATA_ERROR, "Bad block CRC "+ - "(got "+this.blockCRC.getCRC().toString(16)+ - " expected "+this.targetBlockCRC.toString(16)+")"); - } - return this.nextoutput; -}; - -var coerceInputStream = function(input) { - if ('readByte' in input) { return input; } - var inputStream = new stream(); - inputStream.pos = 0; - inputStream.readByte = function() { return input[this.pos++]; }; - inputStream.seek = function(pos) { this.pos = pos; }; - inputStream.eof = function() { return this.pos >= input.length; }; - return inputStream; -}; -var coerceOutputStream = function(output) { - var outputStream = new stream(); - var resizeOk = true; - if (output) { - if (typeof(output)==='number') { - outputStream.buffer = new Uint8Array(output); - resizeOk = false; - } else if ('writeByte' in output) { - return output; - } else { - outputStream.buffer = output; - resizeOk = false; - } - } else { - outputStream.buffer = new Uint8Array(16384); - } - outputStream.pos = 0; - outputStream.writeByte = function(_byte) { - if (resizeOk && this.pos >= this.buffer.length) { - var newBuffer = new Uint8Array(this.buffer.length*2); - newBuffer.set(this.buffer); - this.buffer = newBuffer; - } - this.buffer[this.pos++] = _byte; - }; - outputStream.getBuffer = function() { - // trim buffer - if (this.pos !== this.buffer.length) { - if (!resizeOk) - throw new TypeError('outputsize does not match decoded input'); - var newBuffer = new Uint8Array(this.pos); - newBuffer.set(this.buffer.subarray(0, this.pos)); - this.buffer = newBuffer; - } - return this.buffer; - }; - outputStream._coerced = true; - return outputStream; -}; - -/* Static helper functions */ -// 'input' can be a stream or a buffer -// 'output' can be a stream or a buffer or a number (buffer size) -const decode$2 = function(input, output, multistream) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - - var bz = new Bunzip(inputStream, outputStream); - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - if (bz._init_block()) { - bz._read_bunzip(); - } else { - var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) - if (targetStreamCRC !== bz.streamCRC) { - _throw(Err.DATA_ERROR, "Bad stream CRC "+ - "(got "+bz.streamCRC.toString(16)+ - " expected "+targetStreamCRC.toString(16)+")"); - } - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - } else break; - } - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -const decodeBlock = function(input, pos, output) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - var bz = new Bunzip(inputStream, outputStream); - bz.reader.seek(pos); - /* Fill the decode buffer for the block */ - var moreBlocks = bz._get_next_block(); - if (moreBlocks) { - /* Init the CRC for writing */ - bz.blockCRC = new crc32$1(); - - /* Zero this so the current byte from before the seek is not written */ - bz.writeCopies = 0; - - /* Decompress the block and write to stdout */ - bz._read_bunzip(); - // XXX keep writing? - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -/* Reads bzip2 file from stream or buffer `input`, and invoke - * `callback(position, size)` once for each bzip2 block, - * where position gives the starting position (in *bits*) - * and size gives uncompressed size of the block (in *bytes*). */ -const table = function(input, callback, multistream) { - // make a stream from a buffer, if necessary - var inputStream = new stream(); - inputStream.delegate = coerceInputStream(input); - inputStream.pos = 0; - inputStream.readByte = function() { - this.pos++; - return this.delegate.readByte(); - }; - if (inputStream.delegate.eof) { - inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); - } - var outputStream = new stream(); - outputStream.pos = 0; - outputStream.writeByte = function() { this.pos++; }; - - var bz = new Bunzip(inputStream, outputStream); - var blockSize = bz.dbufSize; - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - - var position = inputStream.pos*8 + bz.reader.bitOffset; - if (bz.reader.hasByte) { position -= 8; } - - if (bz._init_block()) { - var start = outputStream.pos; - bz._read_bunzip(); - callback(position, outputStream.pos - start); - } else { - bz.reader.read(32); // (but we ignore the crc) - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - console.assert(bz.dbufSize === blockSize, - "shouldn't change block size within multistream file"); - } else break; - } - } -}; - -var lib = { - Bunzip, - Stream: stream, - Err, - decode: decode$2, - decodeBlock, - table -}; -var lib_4 = lib.decode; - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the Literal Data Packet (Tag 11) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: - * A Literal Data packet contains the body of a message; data that is not to be - * further interpreted. - */ -class LiteralDataPacket { - static get tag() { - return enums.packet.literalData; - } - - /** - * @param {Date} date - The creation date of the literal package - */ - constructor(date = new Date()) { - this.format = enums.literal.utf8; // default format for literal data packets - this.date = util.normalizeDate(date); - this.text = null; // textual data representation - this.data = null; // literal data representation - this.filename = ''; - } - - /** - * Set the packet data to a javascript native string, end of line - * will be normalized to \r\n and by default text is converted to UTF8 - * @param {String | ReadableStream} text - Any native javascript string - * @param {enums.literal} [format] - The format of the string of bytes - */ - setText(text, format = enums.literal.utf8) { - this.format = format; - this.text = text; - this.data = null; - } - - /** - * Returns literal data packets as native JavaScript string - * with normalized end of line to \n - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {String | ReadableStream} Literal data as text. - */ - getText(clone = false) { - if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read - this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); - } - return this.text; - } - - /** - * Set the packet data to value represented by the provided string of bytes. - * @param {Uint8Array | ReadableStream} bytes - The string of bytes - * @param {enums.literal} format - The format of the string of bytes - */ - setBytes(bytes, format) { - this.format = format; - this.data = bytes; - this.text = null; - } - - - /** - * Get the byte sequence representing the literal packet data - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {Uint8Array | ReadableStream} A sequence of bytes. - */ - getBytes(clone = false) { - if (this.data === null) { - // encode UTF8 and normalize EOL to \r\n - this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); - } - if (clone) { - return passiveClone(this.data); - } - return this.data; - } - - - /** - * Sets the filename of the literal packet data - * @param {String} filename - Any native javascript string - */ - setFilename(filename) { - this.filename = filename; - } - - - /** - * Get the filename of the literal packet data - * @returns {String} Filename. - */ - getFilename() { - return this.filename; - } - - /** - * Parsing function for a literal data packet (tag 11). - * - * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet - * @returns {Promise} Object representation. - * @async - */ - async read(bytes) { - await parse(bytes, async reader => { - // - A one-octet field that describes how the data is formatted. - const format = await reader.readByte(); // enums.literal - - const filename_len = await reader.readByte(); - this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - - this.date = util.readDate(await reader.readBytes(4)); - - let data = reader.remainder(); - if (isArrayStream(data)) data = await readToEnd(data); - this.setBytes(data, format); - }); - } - - /** - * Creates a Uint8Array representation of the packet, excluding the data - * - * @returns {Uint8Array} Uint8Array representation of the packet. - */ - writeHeader() { - const filename = util.encodeUTF8(this.filename); - const filename_length = new Uint8Array([filename.length]); - - const format = new Uint8Array([this.format]); - const date = util.writeDate(this.date); - - return util.concatUint8Array([format, filename_length, filename, date]); - } - - /** - * Creates a Uint8Array representation of the packet - * - * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. - */ - write() { - const header = this.writeHeader(); - const data = this.getBytes(); - - return util.concat([header, data]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. -const verified = Symbol('verified'); - -// GPG puts the Issuer and Signature subpackets in the unhashed area. -// Tampering with those invalidates the signature, so we still trust them and parse them. -// All other unhashed subpackets are ignored. -const allowedUnhashedSubpackets = new Set([ - enums.signatureSubpacket.issuer, - enums.signatureSubpacket.issuerFingerprint, - enums.signatureSubpacket.embeddedSignature -]); - -/** - * Implementation of the Signature Packet (Tag 2) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: - * A Signature packet describes a binding between some public key and - * some data. The most common signatures are a signature of a file or a - * block of text, and a signature that is a certification of a User ID. - */ -class SignaturePacket { - static get tag() { - return enums.packet.signature; - } - - constructor() { - this.version = null; - /** @type {enums.signature} */ - this.signatureType = null; - /** @type {enums.hash} */ - this.hashAlgorithm = null; - /** @type {enums.publicKey} */ - this.publicKeyAlgorithm = null; - - this.signatureData = null; - this.unhashedSubpackets = []; - this.signedHashValue = null; - - this.created = null; - this.signatureExpirationTime = null; - this.signatureNeverExpires = true; - this.exportable = null; - this.trustLevel = null; - this.trustAmount = null; - this.regularExpression = null; - this.revocable = null; - this.keyExpirationTime = null; - this.keyNeverExpires = null; - this.preferredSymmetricAlgorithms = null; - this.revocationKeyClass = null; - this.revocationKeyAlgorithm = null; - this.revocationKeyFingerprint = null; - this.issuerKeyID = new KeyID(); - this.rawNotations = []; - this.notations = {}; - this.preferredHashAlgorithms = null; - this.preferredCompressionAlgorithms = null; - this.keyServerPreferences = null; - this.preferredKeyServer = null; - this.isPrimaryUserID = null; - this.policyURI = null; - this.keyFlags = null; - this.signersUserID = null; - this.reasonForRevocationFlag = null; - this.reasonForRevocationString = null; - this.features = null; - this.signatureTargetPublicKeyAlgorithm = null; - this.signatureTargetHashAlgorithm = null; - this.signatureTargetHash = null; - this.embeddedSignature = null; - this.issuerKeyVersion = null; - this.issuerFingerprint = null; - this.preferredAEADAlgorithms = null; - - this.revoked = null; - this[verified] = null; - } - - /** - * parsing function for a signature packet (tag 2). - * @param {String} bytes - Payload of a tag 2 packet - * @returns {SignaturePacket} Object representation. - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); - } - - this.signatureType = bytes[i++]; - this.publicKeyAlgorithm = bytes[i++]; - this.hashAlgorithm = bytes[i++]; - - // hashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), true); - if (!this.created) { - throw new Error('Missing signature creation time subpacket.'); - } - - // A V4 signature hashes the packet body - // starting from its first field, the version number, through the end - // of the hashed subpacket data. Thus, the fields hashed are the - // signature version, the signature type, the public-key algorithm, the - // hash algorithm, the hashed subpacket length, and the hashed - // subpacket body. - this.signatureData = bytes.subarray(0, i); - - // unhashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - - // Two-octet field holding left 16 bits of signed hash value. - this.signedHashValue = bytes.subarray(i, i + 2); - i += 2; - - this.params = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length)); - } - - /** - * @returns {Uint8Array | ReadableStream} - */ - writeParams() { - if (this.params instanceof Promise) { - return fromAsync( - async () => mod.serializeParams(this.publicKeyAlgorithm, await this.params) - ); - } - return mod.serializeParams(this.publicKeyAlgorithm, this.params); - } - - write() { - const arr = []; - arr.push(this.signatureData); - arr.push(this.writeUnhashedSubPackets()); - arr.push(this.signedHashValue); - arr.push(this.writeParams()); - return util.concat(arr); - } - - /** - * Signs provided data. This needs to be done prior to serialization. - * @param {SecretKeyPacket} key - Private key used to sign the message. - * @param {Object} data - Contains packets to be signed. - * @param {Date} [date] - The signature creation time. - * @param {Boolean} [detached] - Whether to create a detached signature - * @throws {Error} if signing failed - * @async - */ - async sign(key, data, date = new Date(), detached = false) { - if (key.version === 5) { - this.version = 5; - } else { - this.version = 4; - } - const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; - - this.created = util.normalizeDate(date); - this.issuerKeyVersion = key.version; - this.issuerFingerprint = key.getFingerprintBytes(); - this.issuerKeyID = key.getKeyID(); - - // Add hashed subpackets - arr.push(this.writeHashedSubPackets()); - - // Remove unhashed subpackets, in case some allowed unhashed - // subpackets existed, in order not to duplicate them (in both - // the hashed and unhashed subpackets) when re-signing. - this.unhashedSubpackets = []; - - this.signatureData = util.concat(arr); - - const toHash = this.toHash(this.signatureType, data, detached); - const hash = await this.hash(this.signatureType, data, toHash, detached); - - this.signedHashValue = slice(clone(hash), 0, 2); - const signed = async () => mod.signature.sign( - this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) - ); - if (util.isStream(hash)) { - this.params = signed(); - } else { - this.params = await signed(); - - // Store the fact that this signature is valid, e.g. for when we call `await - // getLatestValidSignature(this.revocationSignatures, key, data)` later. - // Note that this only holds up if the key and data passed to verify are the - // same as the ones passed to sign. - this[verified] = true; - } - } - - /** - * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeHashedSubPackets() { - const sub = enums.signatureSubpacket; - const arr = []; - let bytes; - if (this.created === null) { - throw new Error('Missing signature creation time'); - } - arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); - if (this.signatureExpirationTime !== null) { - arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); - } - if (this.exportable !== null) { - arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); - } - if (this.trustLevel !== null) { - bytes = new Uint8Array([this.trustLevel, this.trustAmount]); - arr.push(writeSubPacket(sub.trustSignature, true, bytes)); - } - if (this.regularExpression !== null) { - arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); - } - if (this.revocable !== null) { - arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); - } - if (this.keyExpirationTime !== null) { - arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); - } - if (this.preferredSymmetricAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); - arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); - } - if (this.revocationKeyClass !== null) { - bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); - bytes = util.concat([bytes, this.revocationKeyFingerprint]); - arr.push(writeSubPacket(sub.revocationKey, false, bytes)); - } - if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { - // If the version of [the] key is greater than 4, this subpacket - // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write())); - } - this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { - bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; - const encodedName = util.encodeUTF8(name); - // 2 octets of name length - bytes.push(util.writeNumber(encodedName.length, 2)); - // 2 octets of value length - bytes.push(util.writeNumber(value.length, 2)); - bytes.push(encodedName); - bytes.push(value); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.notationData, critical, bytes)); - }); - if (this.preferredHashAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); - arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); - } - if (this.preferredCompressionAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); - arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); - } - if (this.keyServerPreferences !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); - arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); - } - if (this.preferredKeyServer !== null) { - arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); - } - if (this.isPrimaryUserID !== null) { - arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); - } - if (this.policyURI !== null) { - arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); - } - if (this.keyFlags !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); - arr.push(writeSubPacket(sub.keyFlags, true, bytes)); - } - if (this.signersUserID !== null) { - arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); - } - if (this.reasonForRevocationFlag !== null) { - bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); - arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); - } - if (this.features !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); - arr.push(writeSubPacket(sub.features, false, bytes)); - } - if (this.signatureTargetPublicKeyAlgorithm !== null) { - bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; - bytes.push(util.stringToUint8Array(this.signatureTargetHash)); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); - } - if (this.embeddedSignature !== null) { - arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); - } - if (this.issuerFingerprint !== null) { - bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes)); - } - if (this.preferredAEADAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); - arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); - } - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - /** - * Creates an Uint8Array containing the unhashed subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeUnhashedSubPackets() { - const arr = []; - this.unhashedSubpackets.forEach(data => { - arr.push(writeSimpleLength(data.length)); - arr.push(data); - }); - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - // V4 signature sub packets - readSubPacket(bytes, hashed = true) { - let mypos = 0; - - // The leftmost bit denotes a "critical" packet - const critical = !!(bytes[mypos] & 0x80); - const type = bytes[mypos] & 0x7F; - - if (!hashed) { - this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); - if (!allowedUnhashedSubpackets.has(type)) { - return; - } - } - - mypos++; - - // subpacket type - switch (type) { - case enums.signatureSubpacket.signatureCreationTime: - // Signature Creation Time - this.created = util.readDate(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.signatureExpirationTime: { - // Signature Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.signatureNeverExpires = seconds === 0; - this.signatureExpirationTime = seconds; - - break; - } - case enums.signatureSubpacket.exportableCertification: - // Exportable Certification - this.exportable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.trustSignature: - // Trust Signature - this.trustLevel = bytes[mypos++]; - this.trustAmount = bytes[mypos++]; - break; - case enums.signatureSubpacket.regularExpression: - // Regular Expression - this.regularExpression = bytes[mypos]; - break; - case enums.signatureSubpacket.revocable: - // Revocable - this.revocable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.keyExpirationTime: { - // Key Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.keyExpirationTime = seconds; - this.keyNeverExpires = seconds === 0; - - break; - } - case enums.signatureSubpacket.preferredSymmetricAlgorithms: - // Preferred Symmetric Algorithms - this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.revocationKey: - // Revocation Key - // (1 octet of class, 1 octet of public-key algorithm ID, 20 - // octets of - // fingerprint) - this.revocationKeyClass = bytes[mypos++]; - this.revocationKeyAlgorithm = bytes[mypos++]; - this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); - break; - - case enums.signatureSubpacket.issuer: - // Issuer - this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); - break; - - case enums.signatureSubpacket.notationData: { - // Notation Data - const humanReadable = !!(bytes[mypos] & 0x80); - - // We extract key/value tuple from the byte stream. - mypos += 4; - const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - - const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); - const value = bytes.subarray(mypos + m, mypos + m + n); - - this.rawNotations.push({ name, humanReadable, value, critical }); - - if (humanReadable) { - this.notations[name] = util.decodeUTF8(value); - } - break; - } - case enums.signatureSubpacket.preferredHashAlgorithms: - // Preferred Hash Algorithms - this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredCompressionAlgorithms: - // Preferred Compression Algorithms - this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.keyServerPreferences: - // Key Server Preferences - this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredKeyServer: - // Preferred Key Server - this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.primaryUserID: - // Primary User ID - this.isPrimaryUserID = bytes[mypos++] !== 0; - break; - case enums.signatureSubpacket.policyURI: - // Policy URI - this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.keyFlags: - // Key Flags - this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signersUserID: - // Signer's User ID - this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.reasonForRevocation: - // Reason for Revocation - this.reasonForRevocationFlag = bytes[mypos++]; - this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.features: - // Features - this.features = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signatureTarget: { - // Signature Target - // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) - this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; - this.signatureTargetHashAlgorithm = bytes[mypos++]; - - const len = mod.getHashByteLength(this.signatureTargetHashAlgorithm); - - this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); - break; - } - case enums.signatureSubpacket.embeddedSignature: - // Embedded Signature - this.embeddedSignature = new SignaturePacket(); - this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.issuerFingerprint: - // Issuer Fingerprint - this.issuerKeyVersion = bytes[mypos++]; - this.issuerFingerprint = bytes.subarray(mypos, bytes.length); - if (this.issuerKeyVersion === 5) { - this.issuerKeyID.read(this.issuerFingerprint); - } else { - this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); - } - break; - case enums.signatureSubpacket.preferredAEADAlgorithms: - // Preferred AEAD Algorithms - this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - default: { - const err = new Error(`Unknown signature subpacket type ${type}`); - if (critical) { - throw err; - } else { - util.printDebug(err); - } - } - } - } - - readSubPackets(bytes, trusted = true, config) { - // Two-octet scalar octet count for following subpacket data. - const subpacketLength = util.readNumber(bytes.subarray(0, 2)); - - let i = 2; - - // subpacket data set (zero or more subpackets) - while (i < 2 + subpacketLength) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); - - i += len.len; - } - - return i; - } - - // Produces data to produce signature on - toSign(type, data) { - const t = enums.signature; - - switch (type) { - case t.binary: - if (data.text !== null) { - return util.encodeUTF8(data.getText(true)); - } - return data.getBytes(true); - - case t.text: { - const bytes = data.getBytes(true); - // normalize EOL to \r\n - return util.canonicalizeEOL(bytes); - } - case t.standalone: - return new Uint8Array(0); - - case t.certGeneric: - case t.certPersona: - case t.certCasual: - case t.certPositive: - case t.certRevocation: { - let packet; - let tag; - - if (data.userID) { - tag = 0xB4; - packet = data.userID; - } else if (data.userAttribute) { - tag = 0xD1; - packet = data.userAttribute; - } else { - throw new Error('Either a userID or userAttribute packet needs to be ' + - 'supplied for certification.'); - } - - const bytes = packet.write(); - - return util.concat([this.toSign(t.key, data), - new Uint8Array([tag]), - util.writeNumber(bytes.length, 4), - bytes]); - } - case t.subkeyBinding: - case t.subkeyRevocation: - case t.keyBinding: - return util.concat([this.toSign(t.key, data), this.toSign(t.key, { - key: data.bind - })]); - - case t.key: - if (data.key === undefined) { - throw new Error('Key packet is required for this signature.'); - } - return data.key.writeForHash(this.version); - - case t.keyRevocation: - return this.toSign(t.key, data); - case t.timestamp: - return new Uint8Array(0); - case t.thirdParty: - throw new Error('Not implemented'); - default: - throw new Error('Unknown signature type.'); - } - } - - calculateTrailer(data, detached) { - let length = 0; - return transform(clone(this.signatureData), value => { - length += value.length; - }, () => { - const arr = []; - if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { - if (detached) { - arr.push(new Uint8Array(6)); - } else { - arr.push(data.writeHeader()); - } - } - arr.push(new Uint8Array([this.version, 0xFF])); - if (this.version === 5) { - arr.push(new Uint8Array(4)); - } - arr.push(util.writeNumber(length, 4)); - // For v5, this should really be writeNumber(length, 8) rather than the - // hardcoded 4 zero bytes above - return util.concat(arr); - }); - } - - toHash(signatureType, data, detached = false) { - const bytes = this.toSign(signatureType, data); - - return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]); - } - - async hash(signatureType, data, toHash, detached = false) { - if (!toHash) toHash = this.toHash(signatureType, data, detached); - return mod.hash.digest(this.hashAlgorithm, toHash); - } - - /** - * verifies the signature packet. Note: not all signature types are implemented - * @param {PublicSubkeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature - * @param {module:enums.signature} signatureType - Expected signature type - * @param {Uint8Array|Object} data - Data which on the signature applies - * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration - * @param {Boolean} [detached] - Whether to verify a detached signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if signature validation failed - * @async - */ - async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { - if (!this.issuerKeyID.equals(key.getKeyID())) { - throw new Error('Signature was not issued by the given public key'); - } - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); - } - - const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; - // Cryptographic validity is cached after one successful verification. - // However, for message signatures, we always re-verify, since the passed `data` can change - const skipVerify = this[verified] && !isMessageSignature; - if (!skipVerify) { - let toHash; - let hash; - if (this.hashed) { - hash = await this.hashed; - } else { - toHash = this.toHash(signatureType, data, detached); - hash = await this.hash(signatureType, data, toHash); - } - hash = await readToEnd(hash); - if (this.signedHashValue[0] !== hash[0] || - this.signedHashValue[1] !== hash[1]) { - throw new Error('Signed digest did not match'); - } - - this.params = await this.params; - - this[verified] = await mod.signature.verify( - this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, - toHash, hash - ); - - if (!this[verified]) { - throw new Error('Signature verification failed'); - } - } - - const normDate = util.normalizeDate(date); - if (normDate && this.created > normDate) { - throw new Error('Signature creation time is in the future'); - } - if (normDate && normDate >= this.getExpirationTime()) { - throw new Error('Signature is expired'); - } - if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { - throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && - [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { - throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - this.rawNotations.forEach(({ name, critical }) => { - if (critical && (config$1.knownNotations.indexOf(name) < 0)) { - throw new Error(`Unknown critical notation: ${name}`); - } - }); - if (this.revocationKeyClass !== null) { - throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); - } - } - - /** - * Verifies signature expiration date - * @param {Date} [date] - Use the given date for verification instead of the current time - * @returns {Boolean} True if expired. - */ - isExpired(date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - return !(this.created <= normDate && normDate < this.getExpirationTime()); - } - return false; - } - - /** - * Returns the expiration time of the signature or Infinity if signature does not expire - * @returns {Date | Infinity} Expiration time. - */ - getExpirationTime() { - return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); - } -} - -/** - * Creates a Uint8Array representation of a sub signature packet - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} - * @param {Integer} type - Subpacket signature type. - * @param {Boolean} critical - Whether the subpacket should be critical. - * @param {String} data - Data to be included - * @returns {Uint8Array} The signature subpacket. - * @private - */ -function writeSubPacket(type, critical, data) { - const arr = []; - arr.push(writeSimpleLength(data.length + 1)); - arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); - arr.push(data); - return util.concat(arr); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -const VERSION = 3; - -/** - * Implementation of the One-Pass Signature Packets (Tag 4) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: - * The One-Pass Signature packet precedes the signed data and contains - * enough information to allow the receiver to begin calculating any - * hashes needed to verify the signature. It allows the Signature - * packet to be placed at the end of the message, so that the signer - * can compute the entire signed message in one pass. - */ -class OnePassSignaturePacket { - static get tag() { - return enums.packet.onePassSignature; - } - - constructor() { - /** A one-octet version number. The current version is 3. */ - this.version = null; - /** - * A one-octet signature type. - * Signature types are described in - * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. - * @type {enums.signature} - - */ - this.signatureType = null; - /** - * A one-octet number describing the hash algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} - * @type {enums.hash} - */ - this.hashAlgorithm = null; - /** - * A one-octet number describing the public-key algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} - * @type {enums.publicKey} - */ - this.publicKeyAlgorithm = null; - /** An eight-octet number holding the Key ID of the signing key. */ - this.issuerKeyID = null; - /** - * A one-octet number holding a flag showing whether the signature is nested. - * A zero value indicates that the next packet is another One-Pass Signature packet - * that describes another signature to be applied to the same message data. - */ - this.flags = null; - } - - /** - * parsing function for a one-pass signature packet (tag 4). - * @param {Uint8Array} bytes - Payload of a tag 4 packet - * @returns {OnePassSignaturePacket} Object representation. - */ - read(bytes) { - let mypos = 0; - // A one-octet version number. The current version is 3. - this.version = bytes[mypos++]; - if (this.version !== VERSION) { - throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); - } - - // A one-octet signature type. Signature types are described in - // Section 5.2.1. - this.signatureType = bytes[mypos++]; - - // A one-octet number describing the hash algorithm used. - this.hashAlgorithm = bytes[mypos++]; - - // A one-octet number describing the public-key algorithm used. - this.publicKeyAlgorithm = bytes[mypos++]; - - // An eight-octet number holding the Key ID of the signing key. - this.issuerKeyID = new KeyID(); - this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); - mypos += 8; - - // A one-octet number holding a flag showing whether the signature - // is nested. A zero value indicates that the next packet is - // another One-Pass Signature packet that describes another - // signature to be applied to the same message data. - this.flags = bytes[mypos++]; - return this; - } - - /** - * creates a string representation of a one-pass signature packet - * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. - */ - write() { - const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]); - - const end = new Uint8Array([this.flags]); - - return util.concatUint8Array([start, this.issuerKeyID.write(), end]); - } - - calculateTrailer(...args) { - return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); - } - - async verify() { - const correspondingSig = await this.correspondingSig; - if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { - throw new Error('Corresponding signature packet missing'); - } - if ( - correspondingSig.signatureType !== this.signatureType || - correspondingSig.hashAlgorithm !== this.hashAlgorithm || - correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || - !correspondingSig.issuerKeyID.equals(this.issuerKeyID) - ) { - throw new Error('Corresponding signature packet does not match one-pass signature packet'); - } - correspondingSig.hashed = this.hashed; - return correspondingSig.verify.apply(correspondingSig, arguments); - } -} - -OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; -OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; -OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; - -/** - * Instantiate a new packet given its tag - * @function newPacketFromTag - * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @returns {Object} New packet object with type based on tag - * @throws {Error|UnsupportedError} for disallowed or unknown packets - */ -function newPacketFromTag(tag, allowedPackets) { - if (!allowedPackets[tag]) { - // distinguish between disallowed packets and unknown ones - let packetType; - try { - packetType = enums.read(enums.packet, tag); - } catch (e) { - throw new UnsupportedError(`Unknown packet type with tag: ${tag}`); - } - throw new Error(`Packet not allowed in this context: ${packetType}`); - } - return new allowedPackets[tag](); -} - -/** - * This class represents a list of openpgp packets. - * Take care when iterating over it - the packets themselves - * are stored as numerical indices. - * @extends Array - */ -class PacketList extends Array { - /** - * Parses the given binary data and returns a list of packets. - * Equivalent to calling `read` on an empty PacketList instance. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @returns {PacketList} parsed list of packets - * @throws on parsing errors - * @async - */ - static async fromBinary(bytes, allowedPackets, config$1 = config) { - const packets = new PacketList(); - await packets.read(bytes, allowedPackets, config$1); - return packets; - } - - /** - * Reads a stream of binary data and interprets it as a list of packets. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @throws on parsing errors - * @async - */ - async read(bytes, allowedPackets, config$1 = config) { - if (config$1.additionalAllowedPackets.length) { - allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; - } - this.stream = transformPair(bytes, async (readable, writable) => { - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const done = await readPackets(readable, async parsed => { - try { - if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) { - // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: - // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 - // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 - return; - } - const packet = newPacketFromTag(parsed.tag, allowedPackets); - packet.packets = new PacketList(); - packet.fromStream = util.isStream(parsed.packet); - await packet.read(parsed.packet, config$1); - await writer.write(packet); - } catch (e) { - const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; - const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); - if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { - // The packets that support streaming are the ones that contain message data. - // Those are also the ones we want to be more strict about and throw on parse errors - // (since we likely cannot process the message without these packets anyway). - await writer.abort(e); - } else { - const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); - await writer.write(unparsedPacket); - } - util.printDebugError(e); - } - }); - if (done) { - await writer.ready; - await writer.close(); - return; - } - } - } catch (e) { - await writer.abort(e); - } - }); - - // Wait until first few packets have been read - const reader = getReader(this.stream); - while (true) { - const { done, value } = await reader.read(); - if (!done) { - this.push(value); - } else { - this.stream = null; - } - if (done || supportsStreaming(value.constructor.tag)) { - break; - } - } - reader.releaseLock(); - } - - /** - * Creates a binary representation of openpgp objects contained within the - * class instance. - * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. - */ - write() { - const arr = []; - - for (let i = 0; i < this.length; i++) { - const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; - const packetbytes = this[i].write(); - if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { - let buffer = []; - let bufferLength = 0; - const minLength = 512; - arr.push(writeTag(tag)); - arr.push(transform(packetbytes, value => { - buffer.push(value); - bufferLength += value.length; - if (bufferLength >= minLength) { - const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); - const chunkSize = 2 ** powerOf2; - const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); - buffer = [bufferConcat.subarray(1 + chunkSize)]; - bufferLength = buffer[0].length; - return bufferConcat.subarray(0, 1 + chunkSize); - } - }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); - } else { - if (util.isStream(packetbytes)) { - let length = 0; - arr.push(transform(clone(packetbytes), value => { - length += value.length; - }, () => writeHeader(tag, length))); - } else { - arr.push(writeHeader(tag, packetbytes.length)); - } - arr.push(packetbytes); - } - } - - return util.concat(arr); - } - - /** - * Creates a new PacketList with all packets matching the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {PacketList} - */ - filterByTag(...tags) { - const filtered = new PacketList(); - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(this[i].constructor.tag))) { - filtered.push(this[i]); - } - } - - return filtered; - } - - /** - * Traverses packet list and returns first packet with matching tag - * @param {module:enums.packet} tag - The packet tag - * @returns {Packet|undefined} - */ - findPacket(tag) { - return this.find(packet => packet.constructor.tag === tag); - } - - /** - * Find indices of packets with the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {Integer[]} packet indices - */ - indexOfTag(...tags) { - const tagIndex = []; - const that = this; - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(that[i].constructor.tag))) { - tagIndex.push(i); - } - } - return tagIndex; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Compressed Data packet can contain the following packet types -const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -/** - * Implementation of the Compressed Data Packet (Tag 8) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: - * The Compressed Data packet contains compressed data. Typically, - * this packet is found as the contents of an encrypted packet, or following - * a Signature or One-Pass Signature packet, and contains a literal data packet. - */ -class CompressedDataPacket { - static get tag() { - return enums.packet.compressedData; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * List of packets - * @type {PacketList} - */ - this.packets = null; - /** - * Compression algorithm - * @type {enums.compression} - */ - this.algorithm = config$1.preferredCompressionAlgorithm; - - /** - * Compressed packet data - * @type {Uint8Array | ReadableStream} - */ - this.compressed = null; - - /** - * zip/zlib compression level, between 1 and 9 - */ - this.deflateLevel = config$1.deflateLevel; - } - - /** - * Parsing function for the packet. - * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async read(bytes, config$1 = config) { - await parse(bytes, async reader => { - - // One octet that gives the algorithm used to compress the packet. - this.algorithm = await reader.readByte(); - - // Compressed data, which makes up the remainder of the packet. - this.compressed = reader.remainder(); - - await this.decompress(config$1); - }); - } - - - /** - * Return the compressed packet. - * @returns {Uint8Array | ReadableStream} Binary compressed packet. - */ - write() { - if (this.compressed === null) { - this.compress(); - } - - return util.concat([new Uint8Array([this.algorithm]), this.compressed]); - } - - - /** - * Decompression method for decompressing the compressed data - * read by read_packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async decompress(config$1 = config) { - const compressionName = enums.read(enums.compression, this.algorithm); - const decompressionFn = decompress_fns[compressionName]; - if (!decompressionFn) { - throw new Error(`${compressionName} decompression not supported`); - } - - this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config$1); - } - - /** - * Compress the packet data (member decompressedData) - */ - compress() { - const compressionName = enums.read(enums.compression, this.algorithm); - const compressionFn = compress_fns[compressionName]; - if (!compressionFn) { - throw new Error(`${compressionName} compression not supported`); - } - - this.compressed = compressionFn(this.packets.write(), this.deflateLevel); - } -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -const nodeZlib = util.getNodeZlib(); - -function uncompressed(data) { - return data; -} - -function node_zlib(func, create, options = {}) { - return function (data) { - if (!util.isStream(data) || isArrayStream(data)) { - return fromAsync(() => readToEnd(data).then(data => { - return new Promise((resolve, reject) => { - func(data, options, (err, result) => { - if (err) return reject(err); - resolve(result); - }); - }); - })); - } - return nodeToWeb(webToNode(data).pipe(create(options))); - }; -} - -function pako_zlib(constructor, options = {}) { - return function(data) { - const obj = new constructor(options); - return transform(data, value => { - if (value.length) { - obj.push(value, Z_SYNC_FLUSH); - return obj.result; - } - }, () => { - if (constructor === Deflate) { - obj.push([], Z_FINISH); - return obj.result; - } - }); - }; -} - -function bzip2(func) { - return function(data) { - return fromAsync(async () => func(await readToEnd(data))); - }; -} - -const compress_fns = nodeZlib ? { - zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed) -} : { - zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed) -}; - -const decompress_fns = nodeZlib ? { - uncompressed: uncompressed, - zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw), - zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -} : { - uncompressed: uncompressed, - zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }), - zlib: /*#__PURE__*/ pako_zlib(Inflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -}; - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A SEIP packet can contain the following packet types -const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$1 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: - * The Symmetrically Encrypted Integrity Protected Data packet is - * a variant of the Symmetrically Encrypted Data packet. It is a new feature - * created for OpenPGP that addresses the problem of detecting a modification to - * encrypted data. It is used in combination with a Modification Detection Code - * packet. - */ -class SymEncryptedIntegrityProtectedDataPacket { - static get tag() { - return enums.packet.symEncryptedIntegrityProtectedData; - } - - constructor() { - this.version = VERSION$1; - this.encrypted = null; - this.packets = null; - } - - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - // - A one-octet version number. The only currently defined value is 1. - if (version !== VERSION$1) { - throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`); - } - - // - Encrypted data, the output of the selected symmetric-key cipher - // operating in Cipher Feedback mode with shift amount equal to the - // block size of the cipher (CFB-n where n is the block size). - this.encrypted = reader.remainder(); - }); - } - - write() { - return util.concat([new Uint8Array([VERSION$1]), this.encrypted]); - } - - /** - * Encrypt the payload in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on encryption failure - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - - let bytes = this.packets.write(); - if (isArrayStream(bytes)) bytes = await readToEnd(bytes); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet - - const tohash = util.concat([prefix, bytes, mdc]); - const hash = await mod.hash.sha1(passiveClone(tohash)); - const plaintext = util.concat([tohash, hash]); - - this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); - return true; - } - - /** - * Decrypts the encrypted data contained in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on decryption failure - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - let encrypted = clone(this.encrypted); - if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); - - // there must be a modification detection code packet as the - // last packet and everything gets hashed except the hash itself - const realHash = slice(passiveClone(decrypted), -20); - const tohash = slice(decrypted, 0, -20); - const verifyHash = Promise.all([ - readToEnd(await mod.hash.sha1(passiveClone(tohash))), - readToEnd(realHash) - ]).then(([hash, mdc]) => { - if (!util.equalsUint8Array(hash, mdc)) { - throw new Error('Modification detected.'); - } - return new Uint8Array(); - }); - const bytes = slice(tohash, blockSize + 2); // Remove random prefix - let packetbytes = slice(bytes, 0, -2); // Remove MDC packet - packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); - if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { - packetbytes = await readToEnd(packetbytes); - } - this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$1, config$1); - return true; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -// An AEAD-encrypted Data packet can contain the following packet types -const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$2 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Symmetrically Encrypted Authenticated Encryption with - * Additional Data (AEAD) Protected Data Packet - * - * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: - * AEAD Protected Data Packet - */ -class AEADEncryptedDataPacket { - static get tag() { - return enums.packet.aeadEncryptedData; - } - - constructor() { - this.version = VERSION$2; - /** @type {enums.symmetric} */ - this.cipherAlgorithm = null; - /** @type {enums.aead} */ - this.aeadAlgorithm = enums.aead.eax; - this.chunkSizeByte = null; - this.iv = null; - this.encrypted = null; - this.packets = null; - } - - /** - * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @param {Uint8Array | ReadableStream} bytes - * @throws {Error} on parsing failure - */ - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - if (version !== VERSION$2) { // The only currently defined value is 1. - throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); - } - this.cipherAlgorithm = await reader.readByte(); - this.aeadAlgorithm = await reader.readByte(); - this.chunkSizeByte = await reader.readByte(); - - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = await reader.readBytes(mode.ivLength); - this.encrypted = reader.remainder(); - }); - } - - /** - * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @returns {Uint8Array | ReadableStream} The encrypted payload. - */ - write() { - return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); - } - - /** - * Decrypt the encrypted payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.packets = await PacketList.fromBinary( - await this.crypt('decrypt', key, clone(this.encrypted)), - allowedPackets$2, - config$1 - ); - } - - /** - * Encrypt the packet payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.cipherAlgorithm = sessionKeyAlgorithm; - - const { ivLength } = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(ivLength); // generate new random IV - this.chunkSizeByte = config$1.aeadChunkSizeByte; - const data = this.packets.write(); - this.encrypted = await this.crypt('encrypt', key, data); - } - - /** - * En/decrypt the payload. - * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt - * @param {Uint8Array} key - The session key used to en/decrypt the payload - * @param {Uint8Array | ReadableStream} data - The data to en/decrypt - * @returns {Promise>} - * @async - */ - async crypt(fn, key, data) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const modeInstance = await mode(this.cipherAlgorithm, key); - const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; - const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; - const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) - const adataBuffer = new ArrayBuffer(21); - const adataArray = new Uint8Array(adataBuffer, 0, 13); - const adataTagArray = new Uint8Array(adataBuffer); - const adataView = new DataView(adataBuffer); - const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); - adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0); - let chunkIndex = 0; - let latestPromise = Promise.resolve(); - let cryptedBytes = 0; - let queuedBytes = 0; - const iv = this.iv; - return transformPair(data, async (readable, writable) => { - if (util.isStream(readable) !== 'array') { - const buffer = new TransformStream({}, { - highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6), - size: array => array.length - }); - pipe(buffer.readable, writable); - writable = buffer.writable; - } - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); - const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); - chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); - let cryptedPromise; - let done; - if (!chunkIndex || chunk.length) { - reader.unshift(finalChunk); - cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray); - queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; - } else { - // After the last chunk, we either encrypt a final, empty - // data chunk to get the final authentication tag or - // validate that final authentication tag. - adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...) - cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray); - queuedBytes += tagLengthIfEncrypting; - done = true; - } - cryptedBytes += chunk.length - tagLengthIfDecrypting; - // eslint-disable-next-line no-loop-func - latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { - await writer.ready; - await writer.write(crypted); - queuedBytes -= crypted.length; - }).catch(err => writer.abort(err)); - if (done || queuedBytes > writer.desiredSize) { - await latestPromise; // Respect backpressure - } - if (!done) { - adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) - } else { - await writer.close(); - break; - } - } - } catch (e) { - await writer.abort(e); - } - }); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -const VERSION$3 = 3; - -/** - * Public-Key Encrypted Session Key Packets (Tag 1) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: - * A Public-Key Encrypted Session Key packet holds the session key - * used to encrypt a message. Zero or more Public-Key Encrypted Session Key - * packets and/or Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data Packet, which holds an encrypted message. The - * message is encrypted with the session key, and the session key is itself - * encrypted and stored in the Encrypted Session Key packet(s). The - * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted - * Session Key packet for each OpenPGP key to which the message is encrypted. - * The recipient of the message finds a session key that is encrypted to their - * public key, decrypts the session key, and then uses the session key to - * decrypt the message. - */ -class PublicKeyEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.publicKeyEncryptedSessionKey; - } - - constructor() { - this.version = 3; - - this.publicKeyID = new KeyID(); - this.publicKeyAlgorithm = null; - - this.sessionKey = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = null; - - /** @type {Object} */ - this.encrypted = {}; - } - - /** - * Parsing function for a publickey encrypted session key packet (tag 1). - * - * @param {Uint8Array} bytes - Payload of a tag 1 packet - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - if (this.version !== VERSION$3) { - throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); - } - i += this.publicKeyID.read(bytes.subarray(i)); - this.publicKeyAlgorithm = bytes[i++]; - this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version); - if (this.publicKeyAlgorithm === enums.publicKey.x25519) { - this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); - } - } - - /** - * Create a binary representation of a tag 1 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const arr = [ - new Uint8Array([this.version]), - this.publicKeyID.write(), - new Uint8Array([this.publicKeyAlgorithm]), - mod.serializeParams(this.publicKeyAlgorithm, this.encrypted) - ]; - - return util.concatUint8Array(arr); - } - - /** - * Encrypt session key packet - * @param {PublicKeyPacket} key - Public key - * @throws {Error} if encryption failed - * @async - */ - async encrypt(key) { - const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); - const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey); - this.encrypted = await mod.publicKeyEncrypt( - algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes()); - } - - /** - * Decrypts the session key (only for public key encrypted session key packets (tag 1) - * @param {SecretKeyPacket} key - decrypted private key - * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. - * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } - * @throws {Error} if decryption failed, unless `randomSessionKey` is given - * @async - */ - async decrypt(key, randomSessionKey) { - // check that session key algo matches the secret key algo - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Decryption error'); - } - - const randomPayload = randomSessionKey ? - encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : - null; - const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload); - - const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); - - // v3 Montgomery curves have cleartext cipher algo - if (this.publicKeyAlgorithm !== enums.publicKey.x25519) { - this.sessionKeyAlgorithm = sessionKeyAlgorithm; - } - this.sessionKey = sessionKey; - } -} - - -function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // add checksum - return util.concatUint8Array([ - new Uint8Array([cipherAlgo]), - sessionKeyData, - util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) - ]); - } - case enums.publicKey.x25519: - return sessionKeyData; - default: - throw new Error('Unsupported public key algorithm'); - } -} - - -function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // verify checksum in constant time - const result = decryptedData.subarray(0, decryptedData.length - 2); - const checksum = decryptedData.subarray(decryptedData.length - 2); - const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); - const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; - const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; - if (randomSessionKey) { - // We must not leak info about the validity of the decrypted checksum or cipher algo. - // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. - const isValidPayload = isValidChecksum & - decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & - decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; - return { - sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), - sessionKeyAlgorithm: util.selectUint8( - isValidPayload, - decryptedSessionKey.sessionKeyAlgorithm, - randomSessionKey.sessionKeyAlgorithm - ) - }; - } else { - const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm); - if (isValidPayload) { - return decryptedSessionKey; - } else { - throw new Error('Decryption error'); - } - } - } - case enums.publicKey.x25519: - return { - sessionKey: decryptedData - }; - default: - throw new Error('Unsupported public key algorithm'); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -class S2K { - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * Hash function identifier, or 0 for gnu-dummy keys - * @type {module:enums.hash | 0} - */ - this.algorithm = enums.hash.sha256; - /** - * enums.s2k identifier or 'gnu-dummy' - * @type {String} - */ - this.type = 'iterated'; - /** @type {Integer} */ - this.c = config$1.s2kIterationCountByte; - /** Eight bytes of salt in a binary string. - * @type {Uint8Array} - */ - this.salt = null; - } - - getCount() { - // Exponent bias, defined in RFC4880 - const expbias = 6; - - return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); - } - - /** - * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). - * @param {Uint8Array} bytes - Payload of string-to-key specifier - * @returns {Integer} Actual length of the object. - */ - read(bytes) { - let i = 0; - try { - this.type = enums.read(enums.s2k, bytes[i++]); - } catch (err) { - throw new UnsupportedError('Unknown S2K type.'); - } - this.algorithm = bytes[i++]; - - switch (this.type) { - case 'simple': - break; - - case 'salted': - this.salt = bytes.subarray(i, i + 8); - i += 8; - break; - - case 'iterated': - this.salt = bytes.subarray(i, i + 8); - i += 8; - - // Octet 10: count, a one-octet, coded value - this.c = bytes[i++]; - break; - - case 'gnu': - if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { - i += 3; // GNU - const gnuExtType = 1000 + bytes[i++]; - if (gnuExtType === 1001) { - this.type = 'gnu-dummy'; - // GnuPG extension mode 1001 -- don't write secret key at all - } else { - throw new UnsupportedError('Unknown s2k gnu protection mode.'); - } - } else { - throw new UnsupportedError('Unknown s2k type.'); - } - break; - - default: - throw new UnsupportedError('Unknown s2k type.'); // unreachable - } - - return i; - } - - /** - * Serializes s2k information - * @returns {Uint8Array} Binary representation of s2k. - */ - write() { - if (this.type === 'gnu-dummy') { - return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); - } - const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; - - switch (this.type) { - case 'simple': - break; - case 'salted': - arr.push(this.salt); - break; - case 'iterated': - arr.push(this.salt); - arr.push(new Uint8Array([this.c])); - break; - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - - return util.concatUint8Array(arr); - } - - /** - * Produces a key using the specified passphrase and the defined - * hashAlgorithm - * @param {String} passphrase - Passphrase containing user input - * @returns {Promise} Produced key with a length corresponding to. - * hashAlgorithm hash length - * @async - */ - async produceKey(passphrase, numBytes) { - passphrase = util.encodeUTF8(passphrase); - - const arr = []; - let rlength = 0; - - let prefixlen = 0; - while (rlength < numBytes) { - let toHash; - switch (this.type) { - case 'simple': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); - break; - case 'salted': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); - break; - case 'iterated': { - const data = util.concatUint8Array([this.salt, passphrase]); - let datalen = data.length; - const count = Math.max(this.getCount(), datalen); - toHash = new Uint8Array(prefixlen + count); - toHash.set(data, prefixlen); - for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { - toHash.copyWithin(pos, prefixlen, pos); - } - break; - } - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - const result = await mod.hash.digest(this.algorithm, toHash); - arr.push(result); - rlength += result.length; - prefixlen++; - } - - return util.concatUint8Array(arr).subarray(0, numBytes); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Symmetric-Key Encrypted Session Key Packets (Tag 3) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: - * The Symmetric-Key Encrypted Session Key packet holds the - * symmetric-key encryption of a session key used to encrypt a message. - * Zero or more Public-Key Encrypted Session Key packets and/or - * Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data packet that holds an encrypted message. - * The message is encrypted with a session key, and the session key is - * itself encrypted and stored in the Encrypted Session Key packet or - * the Symmetric-Key Encrypted Session Key packet. - */ -class SymEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.symEncryptedSessionKey; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - this.version = config$1.aeadProtect ? 5 : 4; - this.sessionKey = null; - /** - * Algorithm to encrypt the session key with - * @type {enums.symmetric} - */ - this.sessionKeyEncryptionAlgorithm = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = enums.symmetric.aes256; - /** - * AEAD mode to encrypt the session key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); - this.encrypted = null; - this.s2k = null; - this.iv = null; - } - - /** - * Parsing function for a symmetric encrypted session key packet (tag 3). - * - * @param {Uint8Array} bytes - Payload of a tag 3 packet - */ - read(bytes) { - let offset = 0; - - // A one-octet version number. The only currently defined version is 4. - this.version = bytes[offset++]; - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); - } - - // A one-octet number describing the symmetric algorithm used. - const algo = bytes[offset++]; - - if (this.version === 5) { - // A one-octet AEAD algorithm. - this.aeadAlgorithm = bytes[offset++]; - } - - // A string-to-key (S2K) specifier, length as defined above. - this.s2k = new S2K(); - offset += this.s2k.read(bytes.subarray(offset, bytes.length)); - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - - // A starting initialization vector of size specified by the AEAD - // algorithm. - this.iv = bytes.subarray(offset, offset += mode.ivLength); - } - - // The encrypted session key itself, which is decrypted with the - // string-to-key object. This is optional in version 4. - if (this.version === 5 || offset < bytes.length) { - this.encrypted = bytes.subarray(offset, bytes.length); - this.sessionKeyEncryptionAlgorithm = algo; - } else { - this.sessionKeyAlgorithm = algo; - } - } - - /** - * Create a binary representation of a tag 3 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const algo = this.encrypted === null ? - this.sessionKeyAlgorithm : - this.sessionKeyEncryptionAlgorithm; - - let bytes; - - if (this.version === 5) { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]); - } else { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]); - - if (this.encrypted !== null) { - bytes = util.concatUint8Array([bytes, this.encrypted]); - } - } - - return bytes; - } - - /** - * Decrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(passphrase) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; - - const { blockSize, keySize } = mod.getCipher(algo); - const key = await this.s2k.produceKey(passphrase, keySize); - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, key); - this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); - } else if (this.encrypted !== null) { - const decrypted = await mod.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); - - this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); - this.sessionKey = decrypted.subarray(1, decrypted.length); - } else { - this.sessionKey = key; - } - } - - /** - * Encrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; - - this.sessionKeyEncryptionAlgorithm = algo; - - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - - const { blockSize, keySize } = mod.getCipher(algo); - const encryptionKey = await this.s2k.produceKey(passphrase, keySize); - - if (this.sessionKey === null) { - this.sessionKey = mod.generateSessionKey(this.sessionKeyAlgorithm); - } - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(mode.ivLength); // generate new random IV - const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, encryptionKey); - this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData); - } else { - const toEncrypt = util.concatUint8Array([ - new Uint8Array([this.sessionKeyAlgorithm]), - this.sessionKey - ]); - this.encrypted = await mod.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config$1); - } - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the Key Material Packet (Tag 5,6,7,14) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: - * A key material packet contains all the information about a public or - * private key. There are four variants of this packet type, and two - * major versions. - * - * A Public-Key packet starts a series of packets that forms an OpenPGP - * key (sometimes called an OpenPGP certificate). - */ -class PublicKeyPacket { - static get tag() { - return enums.packet.publicKey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - /** - * Packet version - * @type {Integer} - */ - this.version = config$1.v5Keys ? 5 : 4; - /** - * Key creation date. - * @type {Date} - */ - this.created = util.normalizeDate(date); - /** - * Public key algorithm. - * @type {enums.publicKey} - */ - this.algorithm = null; - /** - * Algorithm specific public params - * @type {Object} - */ - this.publicParams = null; - /** - * Time until expiration in days (V3 only) - * @type {Integer} - */ - this.expirationTimeV3 = 0; - /** - * Fingerprint bytes - * @type {Uint8Array} - */ - this.fingerprint = null; - /** - * KeyID - * @type {module:type/keyid~KeyID} - */ - this.keyID = null; - } - - /** - * Create a PublicKeyPacket from a SecretKeyPacket - * @param {SecretKeyPacket} secretKeyPacket - key packet to convert - * @returns {PublicKeyPacket} public key packet - * @static - */ - static fromSecretKeyPacket(secretKeyPacket) { - const keyPacket = new PublicKeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } - - /** - * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} - * @param {Uint8Array} bytes - Input array to read the packet from - * @returns {Object} This object with attributes set by the parser - * @async - */ - async read(bytes) { - let pos = 0; - // A one-octet version number (3, 4 or 5). - this.version = bytes[pos++]; - - if (this.version === 4 || this.version === 5) { - // - A four-octet number denoting the time that the key was created. - this.created = util.readDate(bytes.subarray(pos, pos + 4)); - pos += 4; - - // - A one-octet number denoting the public-key algorithm of this key. - this.algorithm = bytes[pos++]; - - if (this.version === 5) { - // - A four-octet scalar octet count for the following key material. - pos += 4; - } - - // - A series of values comprising the key material. - const { read, publicParams } = mod.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); - this.publicParams = publicParams; - pos += read; - - // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor - await this.computeFingerprintAndKeyID(); - return pos; - } - throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); - } - - /** - * Creates an OpenPGP public key packet for the given key. - * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. - */ - write() { - const arr = []; - // Version - arr.push(new Uint8Array([this.version])); - arr.push(util.writeDate(this.created)); - // A one-octet number denoting the public-key algorithm of this key - arr.push(new Uint8Array([this.algorithm])); - - const params = mod.serializeParams(this.algorithm, this.publicParams); - if (this.version === 5) { - // A four-octet scalar octet count for the following key material - arr.push(util.writeNumber(params.length, 4)); - } - // Algorithm-specific params - arr.push(params); - return util.concatUint8Array(arr); - } - - /** - * Write packet in order to be hashed; either for a signature or a fingerprint - * @param {Integer} version - target version of signature or key - */ - writeForHash(version) { - const bytes = this.writePublicKey(); - - if (version === 5) { - return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]); - } - return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]); - } - - /** - * Check whether secret-key data is available in decrypted form. Returns null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return null; - } - - /** - * Returns the creation time of the key - * @returns {Date} - */ - getCreationTime() { - return this.created; - } - - /** - * Return the key ID of the key - * @returns {module:type/keyid~KeyID} The 8-byte key ID - */ - getKeyID() { - return this.keyID; - } - - /** - * Computes and set the key ID and fingerprint of the key - * @async - */ - async computeFingerprintAndKeyID() { - await this.computeFingerprint(); - this.keyID = new KeyID(); - - if (this.version === 5) { - this.keyID.read(this.fingerprint.subarray(0, 8)); - } else if (this.version === 4) { - this.keyID.read(this.fingerprint.subarray(12, 20)); - } else { - throw new Error('Unsupported key version'); - } - } - - /** - * Computes and set the fingerprint of the key - */ - async computeFingerprint() { - const toHash = this.writeForHash(this.version); - - if (this.version === 5) { - this.fingerprint = await mod.hash.sha256(toHash); - } else if (this.version === 4) { - this.fingerprint = await mod.hash.sha1(toHash); - } else { - throw new Error('Unsupported key version'); - } - } - - /** - * Returns the fingerprint of the key, as an array of bytes - * @returns {Uint8Array} A Uint8Array containing the fingerprint - */ - getFingerprintBytes() { - return this.fingerprint; - } - - /** - * Calculates and returns the fingerprint of the key, as a string - * @returns {String} A string containing the fingerprint in lowercase hex - */ - getFingerprint() { - return util.uint8ArrayToHex(this.getFingerprintBytes()); - } - - /** - * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint - * @returns {Boolean} Whether the two keys have the same version and public key data. - */ - hasSameFingerprintAs(other) { - return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); - } - - /** - * Returns algorithm information - * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. - */ - getAlgorithmInfo() { - const result = {}; - result.algorithm = enums.read(enums.publicKey, this.algorithm); - // RSA, DSA or ElGamal public modulo - const modulo = this.publicParams.n || this.publicParams.p; - if (modulo) { - result.bits = util.uint8ArrayBitLength(modulo); - } else if (this.publicParams.oid) { - result.curve = this.publicParams.oid.getName(); - } - return result; - } -} - -/** - * Alias of read() - * @see PublicKeyPacket#read - */ -PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; - -/** - * Alias of write() - * @see PublicKeyPacket#write - */ -PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A SE packet can contain the following packet types -const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -/** - * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: - * The Symmetrically Encrypted Data packet contains data encrypted with a - * symmetric-key algorithm. When it has been decrypted, it contains other - * packets (usually a literal data packet or compressed data packet, but in - * theory other Symmetrically Encrypted Data packets or sequences of packets - * that form whole OpenPGP messages). - */ -class SymmetricallyEncryptedDataPacket { - static get tag() { - return enums.packet.symmetricallyEncryptedData; - } - - constructor() { - /** - * Encrypted secret-key data - */ - this.encrypted = null; - /** - * Decrypted packets contained within. - * @type {PacketList} - */ - this.packets = null; - } - - read(bytes) { - this.encrypted = bytes; - } - - write() { - return this.encrypted; - } - - /** - * Decrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error - if (!config$1.allowUnauthenticatedMessages) { - throw new Error('Message is not authenticated.'); - } - - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - const encrypted = await readToEnd(clone(this.encrypted)); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, - encrypted.subarray(blockSize + 2), - encrypted.subarray(2, blockSize + 2) - ); - - this.packets = await PacketList.fromBinary(decrypted, allowedPackets$3, config$1); - } - - /** - * Encrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const data = this.packets.write(); - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const FRE = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); - const ciphertext = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); - this.encrypted = util.concat([FRE, ciphertext]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the strange "Marker packet" (Tag 10) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: - * An experimental version of PGP used this packet as the Literal - * packet, but no released version of PGP generated Literal packets with this - * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as - * the Marker packet. - * - * The body of this packet consists of: - * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). - * - * Such a packet MUST be ignored when received. It may be placed at the - * beginning of a message that uses features not available in PGP - * version 2.6 in order to cause that version to report that newer - * software is necessary to process the message. - */ -class MarkerPacket { - static get tag() { - return enums.packet.marker; - } - - /** - * Parsing function for a marker data packet (tag 10). - * @param {Uint8Array} bytes - Payload of a tag 10 packet - * @returns {Boolean} whether the packet payload contains "PGP" - */ - read(bytes) { - if (bytes[0] === 0x50 && // P - bytes[1] === 0x47 && // G - bytes[2] === 0x50) { // P - return true; - } - return false; - } - - write() { - return new Uint8Array([0x50, 0x47, 0x50]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * A Public-Subkey packet (tag 14) has exactly the same format as a - * Public-Key packet, but denotes a subkey. One or more subkeys may be - * associated with a top-level key. By convention, the top-level key - * provides signature services, and the subkeys provide encryption - * services. - * @extends PublicKeyPacket - */ -class PublicSubkeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.publicSubkey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - // eslint-disable-next-line no-useless-constructor - constructor(date, config) { - super(date, config); - } - - /** - * Create a PublicSubkeyPacket from a SecretSubkeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert - * @returns {SecretSubkeyPacket} public key packet - * @static - */ - static fromSecretSubkeyPacket(secretSubkeyPacket) { - const keyPacket = new PublicSubkeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the User Attribute Packet (Tag 17) - * - * The User Attribute packet is a variation of the User ID packet. It - * is capable of storing more types of data than the User ID packet, - * which is limited to text. Like the User ID packet, a User Attribute - * packet may be certified by the key owner ("self-signed") or any other - * key owner who cares to certify it. Except as noted, a User Attribute - * packet may be used anywhere that a User ID packet may be used. - * - * While User Attribute packets are not a required part of the OpenPGP - * standard, implementations SHOULD provide at least enough - * compatibility to properly handle a certification signature on the - * User Attribute packet. A simple way to do this is by treating the - * User Attribute packet as a User ID packet with opaque contents, but - * an implementation may use any method desired. - */ -class UserAttributePacket { - static get tag() { - return enums.packet.userAttribute; - } - - constructor() { - this.attributes = []; - } - - /** - * parsing function for a user attribute packet (tag 17). - * @param {Uint8Array} input - Payload of a tag 17 packet - */ - read(bytes) { - let i = 0; - while (i < bytes.length) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); - i += len.len; - } - } - - /** - * Creates a binary representation of the user attribute packet - * @returns {Uint8Array} String representation. - */ - write() { - const arr = []; - for (let i = 0; i < this.attributes.length; i++) { - arr.push(writeSimpleLength(this.attributes[i].length)); - arr.push(util.stringToUint8Array(this.attributes[i])); - } - return util.concatUint8Array(arr); - } - - /** - * Compare for equality - * @param {UserAttributePacket} usrAttr - * @returns {Boolean} True if equal. - */ - equals(usrAttr) { - if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { - return false; - } - return this.attributes.every(function(attr, index) { - return attr === usrAttr.attributes[index]; - }); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * A Secret-Key packet contains all the information that is found in a - * Public-Key packet, including the public-key material, but also - * includes the secret-key material after all the public-key fields. - * @extends PublicKeyPacket - */ -class SecretKeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.secretKey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - /** - * Secret-key data - */ - this.keyMaterial = null; - /** - * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. - */ - this.isEncrypted = null; - /** - * S2K usage - * @type {enums.symmetric} - */ - this.s2kUsage = 0; - /** - * S2K object - * @type {type/s2k} - */ - this.s2k = null; - /** - * Symmetric algorithm to encrypt the key with - * @type {enums.symmetric} - */ - this.symmetric = null; - /** - * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aead = null; - /** - * Decrypted private parameters, referenced by name - * @type {Object} - */ - this.privateParams = null; - } - - // 5.5.3. Secret-Key Packet Formats - - /** - * Internal parser for private keys as specified in - * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} - * @param {Uint8Array} bytes - Input string to read the packet from - * @async - */ - async read(bytes) { - // - A Public-Key or Public-Subkey packet, as described above. - let i = await this.readPublicKey(bytes); - const startOfSecretKeyData = i; - - // - One octet indicating string-to-key usage conventions. Zero - // indicates that the secret-key data is not encrypted. 255 or 254 - // indicates that a string-to-key specifier is being given. Any - // other value is a symmetric-key encryption algorithm identifier. - this.s2kUsage = bytes[i++]; - - // - Only for a version 5 packet, a one-octet scalar octet count of - // the next 4 optional fields. - if (this.version === 5) { - i++; - } - - try { - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one-octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - this.symmetric = bytes[i++]; - - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - this.aead = bytes[i++]; - } - - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - this.s2k = new S2K(); - i += this.s2k.read(bytes.subarray(i, bytes.length)); - - if (this.s2k.type === 'gnu-dummy') { - return; - } - } else if (this.s2kUsage) { - this.symmetric = this.s2kUsage; - } - - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage) { - this.iv = bytes.subarray( - i, - i + mod.getCipher(this.symmetric).blockSize - ); - - i += this.iv.length; - } - } catch (e) { - // if the s2k is unsupported, we still want to support encrypting and verifying with the given key - if (!this.s2kUsage) throw e; // always throw for decrypted keys - this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); - this.isEncrypted = true; - } - - // - Only for a version 5 packet, a four-octet scalar octet count for - // the following key material. - if (this.version === 5) { - i += 4; - } - - // - Plain or encrypted multiprecision integers comprising the secret - // key data. These algorithm-specific fields are as described - // below. - this.keyMaterial = bytes.subarray(i); - this.isEncrypted = !!this.s2kUsage; - - if (!this.isEncrypted) { - const cleartext = this.keyMaterial.subarray(0, -2); - if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { - throw new Error('Key checksum mismatch'); - } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - if (err instanceof UnsupportedError) throw err; - // avoid throwing potentially sensitive errors - throw new Error('Error reading MPIs'); - } - } - } - - /** - * Creates an OpenPGP key packet for the given key. - * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. - */ - write() { - const serializedPublicKey = this.writePublicKey(); - if (this.unparseableKeyMaterial) { - return util.concatUint8Array([ - serializedPublicKey, - this.unparseableKeyMaterial - ]); - } - - const arr = [serializedPublicKey]; - arr.push(new Uint8Array([this.s2kUsage])); - - const optionalFieldsArr = []; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one- octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - optionalFieldsArr.push(this.symmetric); - - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - optionalFieldsArr.push(this.aead); - } - - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - optionalFieldsArr.push(...this.s2k.write()); - } - - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { - optionalFieldsArr.push(...this.iv); - } - - if (this.version === 5) { - arr.push(new Uint8Array([optionalFieldsArr.length])); - } - arr.push(new Uint8Array(optionalFieldsArr)); - - if (!this.isDummy()) { - if (!this.s2kUsage) { - this.keyMaterial = mod.serializeParams(this.algorithm, this.privateParams); - } - - if (this.version === 5) { - arr.push(util.writeNumber(this.keyMaterial.length, 4)); - } - arr.push(this.keyMaterial); - - if (!this.s2kUsage) { - arr.push(util.writeChecksum(this.keyMaterial)); - } - } - - return util.concatUint8Array(arr); - } - - /** - * Check whether secret-key data is available in decrypted form. - * Returns false for gnu-dummy keys and null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return this.isEncrypted === false; - } - - /** - * Check whether the key includes secret key material. - * Some secret keys do not include it, and can thus only be used - * for public-key operations (encryption and verification). - * Such keys are: - * - GNU-dummy keys, where the secret material has been stripped away - * - encrypted keys with unsupported S2K or cipher - */ - isMissingSecretKeyMaterial() { - return this.unparseableKeyMaterial !== undefined || this.isDummy(); - } - - /** - * Check whether this is a gnu-dummy key - * @returns {Boolean} - */ - isDummy() { - return !!(this.s2k && this.s2k.type === 'gnu-dummy'); - } - - /** - * Remove private key material, converting the key to a dummy one. - * The resulting key cannot be used for signing/decrypting but can still verify signatures. - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - makeDummy(config$1 = config) { - if (this.isDummy()) { - return; - } - if (this.isDecrypted()) { - this.clearPrivateParams(); - } - delete this.unparseableKeyMaterial; - this.isEncrypted = null; - this.keyMaterial = null; - this.s2k = new S2K(config$1); - this.s2k.algorithm = 0; - this.s2k.c = 0; - this.s2k.type = 'gnu-dummy'; - this.s2kUsage = 254; - this.symmetric = enums.symmetric.aes256; - } - - /** - * Encrypt the payload. By default, we use aes256 and iterated, salted string - * to key specifier. If the key is in a decrypted state (isEncrypted === false) - * and the passphrase is empty or undefined, the key will be set as not encrypted. - * This can be used to remove passphrase protection after calling decrypt(). - * @param {String} passphrase - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - if (this.isDummy()) { - return; - } - - if (!this.isDecrypted()) { - throw new Error('Key packet is already encrypted'); - } - - if (!passphrase) { - throw new Error('A non-empty passphrase is required for key encryption.'); - } - - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - const cleartext = mod.serializeParams(this.algorithm, this.privateParams); - this.symmetric = enums.symmetric.aes256; - const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - - const { blockSize } = mod.getCipher(this.symmetric); - this.iv = mod.random.getRandomBytes(blockSize); - - if (config$1.aeadProtect) { - this.s2kUsage = 253; - this.aead = enums.aead.eax; - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } else { - this.s2kUsage = 254; - this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ - cleartext, - await mod.hash.sha1(cleartext, config$1) - ]), this.iv, config$1); - } - } - - /** - * Decrypts the private key params which are needed to use the key. - * Successful decryption does not imply key integrity, call validate() to confirm that. - * {@link SecretKeyPacket.isDecrypted} should be false, as - * otherwise calls to this function will throw an error. - * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if the key is already decrypted, or if decryption was not successful - * @async - */ - async decrypt(passphrase) { - if (this.isDummy()) { - return false; - } - - if (this.unparseableKeyMaterial) { - throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); - } - - if (this.isDecrypted()) { - throw new Error('Key packet is already decrypted.'); - } - - let key; - if (this.s2kUsage === 254 || this.s2kUsage === 253) { - key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - } else if (this.s2kUsage === 255) { - throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); - } else { - throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); - } - - let cleartext; - if (this.s2kUsage === 253) { - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - try { - cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } catch (err) { - if (err.message === 'Authentication tag mismatch') { - throw new Error('Incorrect key passphrase: ' + err.message); - } - throw err; - } - } else { - const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); - - cleartext = cleartextWithHash.subarray(0, -20); - const hash = await mod.hash.sha1(cleartext); - - if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { - throw new Error('Incorrect key passphrase'); - } - } - - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - throw new Error('Error reading MPIs'); - } - this.isEncrypted = false; - this.keyMaterial = null; - this.s2kUsage = 0; - } - - /** - * Checks that the key parameters are consistent - * @throws {Error} if validation was not successful - * @async - */ - async validate() { - if (this.isDummy()) { - return; - } - - if (!this.isDecrypted()) { - throw new Error('Key is not decrypted'); - } - - let validParams; - try { - // this can throw if some parameters are undefined - validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); - } catch (_) { - validParams = false; - } - if (!validParams) { - throw new Error('Key is invalid'); - } - } - - async generate(bits, curve) { - const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); - this.privateParams = privateParams; - this.publicParams = publicParams; - this.isEncrypted = false; - } - - /** - * Clear private key parameters - */ - clearPrivateParams() { - if (this.isMissingSecretKeyMaterial()) { - return; - } - - Object.keys(this.privateParams).forEach(name => { - const param = this.privateParams[name]; - param.fill(0); - delete this.privateParams[name]; - }); - this.privateParams = null; - this.isEncrypted = true; - } -} - -async function produceEncryptionKey(s2k, passphrase, algorithm) { - const { keySize } = mod.getCipher(algorithm); - return s2k.produceKey(passphrase, keySize); -} - -var emailAddresses = createCommonjsModule(function (module) { -// email-addresses.js - RFC 5322 email address parser -// v 3.1.0 -// -// http://tools.ietf.org/html/rfc5322 -// -// This library does not validate email addresses. -// emailAddresses attempts to parse addresses using the (fairly liberal) -// grammar specified in RFC 5322. -// -// email-addresses returns { -// ast: , -// addresses: [{ -// node: , -// name: , -// address: , -// local: , -// domain: -// }, ...] -// } -// -// emailAddresses.parseOneAddress and emailAddresses.parseAddressList -// work as you might expect. Try it out. -// -// Many thanks to Dominic Sayers and his documentation on the is_email function, -// http://code.google.com/p/isemail/ , which helped greatly in writing this parser. - -(function (global) { - -function parse5322(opts) { - - // tokenizing functions - - function inStr() { return pos < len; } - function curTok() { return parseString[pos]; } - function getPos() { return pos; } - function setPos(i) { pos = i; } - function nextTok() { pos += 1; } - function initialize() { - pos = 0; - len = parseString.length; - } - - // parser helper functions - - function o(name, value) { - return { - name: name, - tokens: value || "", - semantic: value || "", - children: [] - }; - } - - function wrap(name, ast) { - var n; - if (ast === null) { return null; } - n = o(name); - n.tokens = ast.tokens; - n.semantic = ast.semantic; - n.children.push(ast); - return n; - } - - function add(parent, child) { - if (child !== null) { - parent.tokens += child.tokens; - parent.semantic += child.semantic; - } - parent.children.push(child); - return parent; - } - - function compareToken(fxnCompare) { - var tok; - if (!inStr()) { return null; } - tok = curTok(); - if (fxnCompare(tok)) { - nextTok(); - return o('token', tok); - } - return null; - } - - function literal(lit) { - return function literalFunc() { - return wrap('literal', compareToken(function (tok) { - return tok === lit; - })); - }; - } - - function and() { - var args = arguments; - return function andFunc() { - var i, s, result, start; - start = getPos(); - s = o('and'); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result === null) { - setPos(start); - return null; - } - add(s, result); - } - return s; - }; - } - - function or() { - var args = arguments; - return function orFunc() { - var i, result, start; - start = getPos(); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result !== null) { - return result; - } - setPos(start); - } - return null; - }; - } - - function opt(prod) { - return function optFunc() { - var result, start; - start = getPos(); - result = prod(); - if (result !== null) { - return result; - } - else { - setPos(start); - return o('opt'); - } - }; - } - - function invis(prod) { - return function invisFunc() { - var result = prod(); - if (result !== null) { - result.semantic = ""; - } - return result; - }; - } - - function colwsp(prod) { - return function collapseSemanticWhitespace() { - var result = prod(); - if (result !== null && result.semantic.length > 0) { - result.semantic = " "; - } - return result; - }; - } - - function star(prod, minimum) { - return function starFunc() { - var s, result, count, start, min; - start = getPos(); - s = o('star'); - count = 0; - min = minimum === undefined ? 0 : minimum; - while ((result = prod()) !== null) { - count = count + 1; - add(s, result); - } - if (count >= min) { - return s; - } - else { - setPos(start); - return null; - } - }; - } - - // One expects names to get normalized like this: - // " First Last " -> "First Last" - // "First Last" -> "First Last" - // "First Last" -> "First Last" - function collapseWhitespace(s) { - return s.replace(/([ \t]|\r\n)+/g, ' ').replace(/^\s*/, '').replace(/\s*$/, ''); - } - - // UTF-8 pseudo-production (RFC 6532) - // RFC 6532 extends RFC 5322 productions to include UTF-8 - // using the following productions: - // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4 - // UTF8-2 = - // UTF8-3 = - // UTF8-4 = - // - // For reference, the extended RFC 5322 productions are: - // VCHAR =/ UTF8-non-ascii - // ctext =/ UTF8-non-ascii - // atext =/ UTF8-non-ascii - // qtext =/ UTF8-non-ascii - // dtext =/ UTF8-non-ascii - function isUTF8NonAscii(tok) { - // In JavaScript, we just deal directly with Unicode code points, - // so we aren't checking individual bytes for UTF-8 encoding. - // Just check that the character is non-ascii. - return tok.charCodeAt(0) >= 128; - } - - - // common productions (RFC 5234) - // http://tools.ietf.org/html/rfc5234 - // B.1. Core Rules - - // CR = %x0D - // ; carriage return - function cr() { return wrap('cr', literal('\r')()); } - - // CRLF = CR LF - // ; Internet standard newline - function crlf() { return wrap('crlf', and(cr, lf)()); } - - // DQUOTE = %x22 - // ; " (Double Quote) - function dquote() { return wrap('dquote', literal('"')()); } - - // HTAB = %x09 - // ; horizontal tab - function htab() { return wrap('htab', literal('\t')()); } - - // LF = %x0A - // ; linefeed - function lf() { return wrap('lf', literal('\n')()); } - - // SP = %x20 - function sp() { return wrap('sp', literal(' ')()); } - - // VCHAR = %x21-7E - // ; visible (printing) characters - function vchar() { - return wrap('vchar', compareToken(function vcharFunc(tok) { - var code = tok.charCodeAt(0); - var accept = (0x21 <= code && code <= 0x7E); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } - - // WSP = SP / HTAB - // ; white space - function wsp() { return wrap('wsp', or(sp, htab)()); } - - - // email productions (RFC 5322) - // http://tools.ietf.org/html/rfc5322 - // 3.2.1. Quoted characters - - // quoted-pair = ("\" (VCHAR / WSP)) / obs-qp - function quotedPair() { - var qp = wrap('quoted-pair', - or( - and(literal('\\'), or(vchar, wsp)), - obsQP - )()); - if (qp === null) { return null; } - // a quoted pair will be two characters, and the "\" character - // should be semantically "invisible" (RFC 5322 3.2.1) - qp.semantic = qp.semantic[1]; - return qp; - } - - // 3.2.2. Folding White Space and Comments - - // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS - function fws() { - return wrap('fws', or( - obsFws, - and( - opt(and( - star(wsp), - invis(crlf) - )), - star(wsp, 1) - ) - )()); - } - - // ctext = %d33-39 / ; Printable US-ASCII - // %d42-91 / ; characters not including - // %d93-126 / ; "(", ")", or "\" - // obs-ctext - function ctext() { - return wrap('ctext', or( - function ctextFunc1() { - return compareToken(function ctextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 39) || - (42 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsCtext - )()); - } - - // ccontent = ctext / quoted-pair / comment - function ccontent() { - return wrap('ccontent', or(ctext, quotedPair, comment)()); - } - - // comment = "(" *([FWS] ccontent) [FWS] ")" - function comment() { - return wrap('comment', and( - literal('('), - star(and(opt(fws), ccontent)), - opt(fws), - literal(')') - )()); - } - - // CFWS = (1*([FWS] comment) [FWS]) / FWS - function cfws() { - return wrap('cfws', or( - and( - star( - and(opt(fws), comment), - 1 - ), - opt(fws) - ), - fws - )()); - } - - // 3.2.3. Atom - - //atext = ALPHA / DIGIT / ; Printable US-ASCII - // "!" / "#" / ; characters not including - // "$" / "%" / ; specials. Used for atoms. - // "&" / "'" / - // "*" / "+" / - // "-" / "/" / - // "=" / "?" / - // "^" / "_" / - // "`" / "{" / - // "|" / "}" / - // "~" - function atext() { - return wrap('atext', compareToken(function atextFunc(tok) { - var accept = - ('a' <= tok && tok <= 'z') || - ('A' <= tok && tok <= 'Z') || - ('0' <= tok && tok <= '9') || - (['!', '#', '$', '%', '&', '\'', '*', '+', '-', '/', - '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } - - // atom = [CFWS] 1*atext [CFWS] - function atom() { - return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))()); - } - - // dot-atom-text = 1*atext *("." 1*atext) - function dotAtomText() { - var s, maybeText; - s = wrap('dot-atom-text', star(atext, 1)()); - if (s === null) { return s; } - maybeText = star(and(literal('.'), star(atext, 1)))(); - if (maybeText !== null) { - add(s, maybeText); - } - return s; - } - - // dot-atom = [CFWS] dot-atom-text [CFWS] - function dotAtom() { - return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))()); - } - - // 3.2.4. Quoted Strings - - // qtext = %d33 / ; Printable US-ASCII - // %d35-91 / ; characters not including - // %d93-126 / ; "\" or the quote character - // obs-qtext - function qtext() { - return wrap('qtext', or( - function qtextFunc1() { - return compareToken(function qtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 === code) || - (35 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsQtext - )()); - } - - // qcontent = qtext / quoted-pair - function qcontent() { - return wrap('qcontent', or(qtext, quotedPair)()); - } - - // quoted-string = [CFWS] - // DQUOTE *([FWS] qcontent) [FWS] DQUOTE - // [CFWS] - function quotedString() { - return wrap('quoted-string', and( - invis(opt(cfws)), - invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote), - invis(opt(cfws)) - )()); - } - - // 3.2.5 Miscellaneous Tokens - - // word = atom / quoted-string - function word() { - return wrap('word', or(atom, quotedString)()); - } - - // phrase = 1*word / obs-phrase - function phrase() { - return wrap('phrase', or(obsPhrase, star(word, 1))()); - } - - // 3.4. Address Specification - // address = mailbox / group - function address() { - return wrap('address', or(mailbox, group)()); - } - - // mailbox = name-addr / addr-spec - function mailbox() { - return wrap('mailbox', or(nameAddr, addrSpec)()); - } - - // name-addr = [display-name] angle-addr - function nameAddr() { - return wrap('name-addr', and(opt(displayName), angleAddr)()); - } - - // angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / - // obs-angle-addr - function angleAddr() { - return wrap('angle-addr', or( - and( - invis(opt(cfws)), - literal('<'), - addrSpec, - literal('>'), - invis(opt(cfws)) - ), - obsAngleAddr - )()); - } - - // group = display-name ":" [group-list] ";" [CFWS] - function group() { - return wrap('group', and( - displayName, - literal(':'), - opt(groupList), - literal(';'), - invis(opt(cfws)) - )()); - } - - // display-name = phrase - function displayName() { - return wrap('display-name', function phraseFixedSemantic() { - var result = phrase(); - if (result !== null) { - result.semantic = collapseWhitespace(result.semantic); - } - return result; - }()); - } - - // mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list - function mailboxList() { - return wrap('mailbox-list', or( - and( - mailbox, - star(and(literal(','), mailbox)) - ), - obsMboxList - )()); - } - - // address-list = (address *("," address)) / obs-addr-list - function addressList() { - return wrap('address-list', or( - and( - address, - star(and(literal(','), address)) - ), - obsAddrList - )()); - } - - // group-list = mailbox-list / CFWS / obs-group-list - function groupList() { - return wrap('group-list', or( - mailboxList, - invis(cfws), - obsGroupList - )()); - } - - // 3.4.1 Addr-Spec Specification - - // local-part = dot-atom / quoted-string / obs-local-part - function localPart() { - // note: quoted-string, dotAtom are proper subsets of obs-local-part - // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree - return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)()); - } - - // dtext = %d33-90 / ; Printable US-ASCII - // %d94-126 / ; characters not including - // obs-dtext ; "[", "]", or "\" - function dtext() { - return wrap('dtext', or( - function dtextFunc1() { - return compareToken(function dtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 90) || - (94 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsDtext - )() - ); - } - - // domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS] - function domainLiteral() { - return wrap('domain-literal', and( - invis(opt(cfws)), - literal('['), - star(and(opt(fws), dtext)), - opt(fws), - literal(']'), - invis(opt(cfws)) - )()); - } - - // domain = dot-atom / domain-literal / obs-domain - function domain() { - return wrap('domain', function domainCheckTLD() { - var result = or(obsDomain, dotAtom, domainLiteral)(); - if (opts.rejectTLD) { - if (result && result.semantic && result.semantic.indexOf('.') < 0) { - return null; - } - } - // strip all whitespace from domains - if (result) { - result.semantic = result.semantic.replace(/\s+/g, ''); - } - return result; - }()); - } - - // addr-spec = local-part "@" domain - function addrSpec() { - return wrap('addr-spec', and( - localPart, literal('@'), domain - )()); - } - - // 3.6.2 Originator Fields - // Below we only parse the field body, not the name of the field - // like "From:", "Sender:", or "Reply-To:". Other libraries that - // parse email headers can parse those and defer to these productions - // for the "RFC 5322" part. - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // from = "From:" (mailbox-list / address-list) CRLF - function fromSpec() { - return wrap('from', or( - mailboxList, - addressList - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // sender = "Sender:" (mailbox / address) CRLF - function senderSpec() { - return wrap('sender', or( - mailbox, - address - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // reply-to = "Reply-To:" address-list CRLF - function replyToSpec() { - return wrap('reply-to', addressList()); - } - - // 4.1. Miscellaneous Obsolete Tokens - - // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control - // %d11 / ; characters that do not - // %d12 / ; include the carriage - // %d14-31 / ; return, line feed, and - // %d127 ; white space characters - function obsNoWsCtl() { - return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) { - var code = tok.charCodeAt(0); - return ((1 <= code && code <= 8) || - (11 === code || 12 === code) || - (14 <= code && code <= 31) || - (127 === code)); - })); - } - - // obs-ctext = obs-NO-WS-CTL - function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); } - - // obs-qtext = obs-NO-WS-CTL - function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); } - - // obs-qp = "\" (%d0 / obs-NO-WS-CTL / LF / CR) - function obsQP() { - return opts.strict ? null : wrap('obs-qp', and( - literal('\\'), - or(literal('\0'), obsNoWsCtl, lf, cr) - )()); - } - - // obs-phrase = word *(word / "." / CFWS) - function obsPhrase() { - if (opts.strict ) return null; - return opts.atInDisplayName ? wrap('obs-phrase', and( - word, - star(or(word, literal('.'), literal('@'), colwsp(cfws))) - )()) : - wrap('obs-phrase', and( - word, - star(or(word, literal('.'), colwsp(cfws))) - )()); - } - - // 4.2. Obsolete Folding White Space - - // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908 - // obs-FWS = 1*([CRLF] WSP) - function obsFws() { - return opts.strict ? null : wrap('obs-FWS', star( - and(invis(opt(crlf)), wsp), - 1 - )()); - } - - // 4.4. Obsolete Addressing - - // obs-angle-addr = [CFWS] "<" obs-route addr-spec ">" [CFWS] - function obsAngleAddr() { - return opts.strict ? null : wrap('obs-angle-addr', and( - invis(opt(cfws)), - literal('<'), - obsRoute, - addrSpec, - literal('>'), - invis(opt(cfws)) - )()); - } - - // obs-route = obs-domain-list ":" - function obsRoute() { - return opts.strict ? null : wrap('obs-route', and( - obsDomainList, - literal(':') - )()); - } - - // obs-domain-list = *(CFWS / ",") "@" domain - // *("," [CFWS] ["@" domain]) - function obsDomainList() { - return opts.strict ? null : wrap('obs-domain-list', and( - star(or(invis(cfws), literal(','))), - literal('@'), - domain, - star(and( - literal(','), - invis(opt(cfws)), - opt(and(literal('@'), domain)) - )) - )()); - } - - // obs-mbox-list = *([CFWS] ",") mailbox *("," [mailbox / CFWS]) - function obsMboxList() { - return opts.strict ? null : wrap('obs-mbox-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - mailbox, - star(and( - literal(','), - opt(and( - mailbox, - invis(cfws) - )) - )) - )()); - } - - // obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) - function obsAddrList() { - return opts.strict ? null : wrap('obs-addr-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - address, - star(and( - literal(','), - opt(and( - address, - invis(cfws) - )) - )) - )()); - } - - // obs-group-list = 1*([CFWS] ",") [CFWS] - function obsGroupList() { - return opts.strict ? null : wrap('obs-group-list', and( - star(and( - invis(opt(cfws)), - literal(',') - ), 1), - invis(opt(cfws)) - )()); - } - - // obs-local-part = word *("." word) - function obsLocalPart() { - return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))()); - } - - // obs-domain = atom *("." atom) - function obsDomain() { - return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))()); - } - - // obs-dtext = obs-NO-WS-CTL / quoted-pair - function obsDtext() { - return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)()); - } - - ///////////////////////////////////////////////////// - - // ast analysis - - function findNode(name, root) { - var i, stack, node; - if (root === null || root === undefined) { return null; } - stack = [root]; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - return node; - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return null; - } - - function findAllNodes(name, root) { - var i, stack, node, result; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - result.push(node); - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return result; - } - - function findAllNodesNoChildren(names, root) { - var i, stack, node, result, namesLookup; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - namesLookup = {}; - for (i = 0; i < names.length; i += 1) { - namesLookup[names[i]] = true; - } - - while (stack.length > 0) { - node = stack.pop(); - if (node.name in namesLookup) { - result.push(node); - // don't look at children (hence findAllNodesNoChildren) - } else { - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - } - return result; - } - - function giveResult(ast) { - var addresses, groupsAndMailboxes, i, groupOrMailbox, result; - if (ast === null) { - return null; - } - addresses = []; - - // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'. - groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast); - for (i = 0; i < groupsAndMailboxes.length; i += 1) { - groupOrMailbox = groupsAndMailboxes[i]; - if (groupOrMailbox.name === 'group') { - addresses.push(giveResultGroup(groupOrMailbox)); - } else if (groupOrMailbox.name === 'mailbox') { - addresses.push(giveResultMailbox(groupOrMailbox)); - } - } - - result = { - ast: ast, - addresses: addresses, - }; - if (opts.simple) { - result = simplifyResult(result); - } - if (opts.oneResult) { - return oneResult(result); - } - if (opts.simple) { - return result && result.addresses; - } else { - return result; - } - } - - function giveResultGroup(group) { - var i; - var groupName = findNode('display-name', group); - var groupResultMailboxes = []; - var mailboxes = findAllNodesNoChildren(['mailbox'], group); - for (i = 0; i < mailboxes.length; i += 1) { - groupResultMailboxes.push(giveResultMailbox(mailboxes[i])); - } - return { - node: group, - parts: { - name: groupName, - }, - type: group.name, // 'group' - name: grabSemantic(groupName), - addresses: groupResultMailboxes, - }; - } - - function giveResultMailbox(mailbox) { - var name = findNode('display-name', mailbox); - var aspec = findNode('addr-spec', mailbox); - var cfws = findAllNodes('cfws', mailbox); - var comments = findAllNodesNoChildren(['comment'], mailbox); - - - var local = findNode('local-part', aspec); - var domain = findNode('domain', aspec); - return { - node: mailbox, - parts: { - name: name, - address: aspec, - local: local, - domain: domain, - comments: cfws - }, - type: mailbox.name, // 'mailbox' - name: grabSemantic(name), - address: grabSemantic(aspec), - local: grabSemantic(local), - domain: grabSemantic(domain), - comments: concatComments(comments), - groupName: grabSemantic(mailbox.groupName), - }; - } - - function grabSemantic(n) { - return n !== null && n !== undefined ? n.semantic : null; - } - - function simplifyResult(result) { - var i; - if (result && result.addresses) { - for (i = 0; i < result.addresses.length; i += 1) { - delete result.addresses[i].node; - } - } - return result; - } - - function concatComments(comments) { - var result = ''; - if (comments) { - for (var i = 0; i < comments.length; i += 1) { - result += grabSemantic(comments[i]); - } - } - return result; - } - - function oneResult(result) { - if (!result) { return null; } - if (!opts.partial && result.addresses.length > 1) { return null; } - return result.addresses && result.addresses[0]; - } - - ///////////////////////////////////////////////////// - - var parseString, pos, len, parsed, startProduction; - - opts = handleOpts(opts, {}); - if (opts === null) { return null; } - - parseString = opts.input; - - startProduction = { - 'address': address, - 'address-list': addressList, - 'angle-addr': angleAddr, - 'from': fromSpec, - 'group': group, - 'mailbox': mailbox, - 'mailbox-list': mailboxList, - 'reply-to': replyToSpec, - 'sender': senderSpec, - }[opts.startAt] || addressList; - - if (!opts.strict) { - initialize(); - opts.strict = true; - parsed = startProduction(parseString); - if (opts.partial || !inStr()) { - return giveResult(parsed); - } - opts.strict = false; - } - - initialize(); - parsed = startProduction(parseString); - if (!opts.partial && inStr()) { return null; } - return giveResult(parsed); -} - -function parseOneAddressSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} - -function parseAddressListSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} - -function parseFromSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'from', - })); -} - -function parseSenderSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'sender', - })); -} - -function parseReplyToSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'reply-to', - })); -} - -function handleOpts(opts, defs) { - function isString(str) { - return Object.prototype.toString.call(str) === '[object String]'; - } - - function isObject(o) { - return o === Object(o); - } - - function isNullUndef(o) { - return o === null || o === undefined; - } - - var defaults, o; - - if (isString(opts)) { - opts = { input: opts }; - } else if (!isObject(opts)) { - return null; - } - - if (!isString(opts.input)) { return null; } - if (!defs) { return null; } - - defaults = { - oneResult: false, - partial: false, - rejectTLD: false, - rfc6532: false, - simple: false, - startAt: 'address-list', - strict: false, - atInDisplayName: false - }; - - for (o in defaults) { - if (isNullUndef(opts[o])) { - opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o]; - } - } - return opts; -} - -parse5322.parseOneAddress = parseOneAddressSimple; -parse5322.parseAddressList = parseAddressListSimple; -parse5322.parseFrom = parseFromSimple; -parse5322.parseSender = parseSenderSimple; -parse5322.parseReplyTo = parseReplyToSimple; - -{ - module.exports = parse5322; -} - -}()); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the User ID Packet (Tag 13) - * - * A User ID packet consists of UTF-8 text that is intended to represent - * the name and email address of the key holder. By convention, it - * includes an RFC 2822 [RFC2822] mail name-addr, but there are no - * restrictions on its content. The packet length in the header - * specifies the length of the User ID. - */ -class UserIDPacket { - static get tag() { - return enums.packet.userID; - } - - constructor() { - /** A string containing the user id. Usually in the form - * John Doe - * @type {String} - */ - this.userID = ''; - - this.name = ''; - this.email = ''; - this.comment = ''; - } - - /** - * Create UserIDPacket instance from object - * @param {Object} userID - Object specifying userID name, email and comment - * @returns {UserIDPacket} - * @static - */ - static fromObject(userID) { - if (util.isString(userID) || - (userID.name && !util.isString(userID.name)) || - (userID.email && !util.isEmailAddress(userID.email)) || - (userID.comment && !util.isString(userID.comment))) { - throw new Error('Invalid user ID format'); - } - const packet = new UserIDPacket(); - Object.assign(packet, userID); - const components = []; - if (packet.name) components.push(packet.name); - if (packet.comment) components.push(`(${packet.comment})`); - if (packet.email) components.push(`<${packet.email}>`); - packet.userID = components.join(' '); - return packet; - } - - /** - * Parsing function for a user id packet (tag 13). - * @param {Uint8Array} input - Payload of a tag 13 packet - */ - read(bytes, config$1 = config) { - const userID = util.decodeUTF8(bytes); - if (userID.length > config$1.maxUserIDLength) { - throw new Error('User ID string is too long'); - } - try { - const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true }); - this.comment = comments.replace(/^\(|\)$/g, ''); - this.name = name; - this.email = email; - } catch (e) {} - this.userID = userID; - } - - /** - * Creates a binary representation of the user id packet - * @returns {Uint8Array} Binary representation. - */ - write() { - return util.encodeUTF8(this.userID); - } - - equals(otherUserID) { - return otherUserID && otherUserID.userID === this.userID; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret - * Key packet and has exactly the same format. - * @extends SecretKeyPacket - */ -class SecretSubkeyPacket extends SecretKeyPacket { - static get tag() { - return enums.packet.secretSubkey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - } -} - -/** - * Implementation of the Trust Packet (Tag 12) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: - * The Trust packet is used only within keyrings and is not normally - * exported. Trust packets contain data that record the user's - * specifications of which key holders are trustworthy introducers, - * along with other information that implementing software uses for - * trust information. The format of Trust packets is defined by a given - * implementation. - * - * Trust packets SHOULD NOT be emitted to output streams that are - * transferred to other users, and they SHOULD be ignored on any input - * other than local keyring files. - */ -class TrustPacket { - static get tag() { - return enums.packet.trust; - } - - /** - * Parsing function for a trust packet (tag 12). - * Currently not implemented as we ignore trust packets - */ - read() { - throw new UnsupportedError('Trust packets are not supported'); - } - - write() { - throw new UnsupportedError('Trust packets are not supported'); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Signature can contain the following packets -const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - -/** - * Class that represents an OpenPGP signature. - */ -class Signature { - /** - * @param {PacketList} packetlist - The signature packets - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); - } - - /** - * Returns binary encoded signature - * @returns {ReadableStream} Binary signature. - */ - write() { - return this.packets.write(); - } - - /** - * Returns ASCII armored text of signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config$1); - } - - /** - * Returns an array of KeyIDs of all of the issuers who created this signature - * @returns {Array} The Key IDs of the signing keys - */ - getSigningKeyIDs() { - return this.packets.map(packet => packet.issuerKeyID); - } -} - -/** - * reads an (optionally armored) OpenPGP signature and returns a signature object - * @param {Object} options - * @param {String} [options.armoredSignature] - Armored signature to be parsed - * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New signature object. - * @async - * @static - */ -async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredSignature || binarySignature; - if (!input) { - throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); - } - if (armoredSignature && !util.isString(armoredSignature)) { - throw new Error('readSignature: options.armoredSignature must be a string'); - } - if (binarySignature && !util.isUint8Array(binarySignature)) { - throw new Error('readSignature: options.binarySignature must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (armoredSignature) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.signature) { - throw new Error('Armored text not of type signature'); - } - input = data; - } - const packetlist = await PacketList.fromBinary(input, allowedPackets$4, config$1); - return new Signature(packetlist); -} - -/** - * @fileoverview Provides helpers methods for key module - * @module key/helper - * @private - */ - -async function generateSecretSubkey(options, config) { - const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); - secretSubkeyPacket.packets = null; - secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretSubkeyPacket.generate(options.rsaBits, options.curve); - await secretSubkeyPacket.computeFingerprintAndKeyID(); - return secretSubkeyPacket; -} - -async function generateSecretKey(options, config) { - const secretKeyPacket = new SecretKeyPacket(options.date, config); - secretKeyPacket.packets = null; - secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); - await secretKeyPacket.computeFingerprintAndKeyID(); - return secretKeyPacket; -} - -/** - * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. - * @param {Array} signatures - List of signatures - * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - full configuration - * @returns {Promise} The latest valid signature. - * @async - */ -async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { - let latestValid; - let exception; - for (let i = signatures.length - 1; i >= 0; i--) { - try { - if ( - (!latestValid || signatures[i].created >= latestValid.created) - ) { - await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); - latestValid = signatures[i]; - } - } catch (e) { - exception = e; - } - } - if (!latestValid) { - throw util.wrapError( - `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` - .replace('certGeneric ', 'self-') - .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), - exception); - } - return latestValid; -} - -function isDataExpired(keyPacket, signature, date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - const expirationTime = getKeyExpirationTime(keyPacket, signature); - return !(keyPacket.created <= normDate && normDate < expirationTime); - } - return false; -} - -/** - * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} - * @param {SecretSubkeyPacket} subkey - Subkey key packet - * @param {SecretKeyPacket} primaryKey - Primary key packet - * @param {Object} options - * @param {Object} config - Full configuration - */ -async function createBindingSignature(subkey, primaryKey, options, config) { - const dataToSign = {}; - dataToSign.key = primaryKey; - dataToSign.bind = subkey; - const signatureProperties = { signatureType: enums.signature.subkeyBinding }; - if (options.sign) { - signatureProperties.keyFlags = [enums.keyFlags.signData]; - signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, { - signatureType: enums.signature.keyBinding - }, options.date, undefined, undefined, undefined, config); - } else { - signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; - } - const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); - return subkeySignaturePacket; -} - -/** - * Returns the preferred signature hash algorithm of a key - * @param {Key} [key] - The key to get preferences from - * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} config - full configuration - * @returns {Promise} - * @async - */ -async function getPreferredHashAlgo$2(key, keyPacket, date = new Date(), userID = {}, config) { - let hashAlgo = config.preferredHashAlgorithm; - let prefAlgo = hashAlgo; - if (key) { - const primaryUser = await key.getPrimaryUser(date, userID, config); - if (primaryUser.selfCertification.preferredHashAlgorithms) { - [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms; - hashAlgo = mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; - } - } - switch (keyPacket.algorithm) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ed25519: - prefAlgo = mod.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid); - } - return mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; -} - -/** - * Returns the preferred symmetric/aead/compression algorithm for a set of keys - * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return - * @param {Array} [keys] - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Preferred algorithm - * @async - */ -async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config$1 = config) { - const defaultAlgo = { // these are all must-implement in rfc4880bis - 'symmetric': enums.symmetric.aes128, - 'aead': enums.aead.eax, - 'compression': enums.compression.uncompressed - }[type]; - const preferredSenderAlgo = { - 'symmetric': config$1.preferredSymmetricAlgorithm, - 'aead': config$1.preferredAEADAlgorithm, - 'compression': config$1.preferredCompressionAlgorithm - }[type]; - const prefPropertyName = { - 'symmetric': 'preferredSymmetricAlgorithms', - 'aead': 'preferredAEADAlgorithms', - 'compression': 'preferredCompressionAlgorithms' - }[type]; - - // if preferredSenderAlgo appears in the prefs of all recipients, we pick it - // otherwise we use the default algo - // if no keys are available, preferredSenderAlgo is returned - const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - const recipientPrefs = primaryUser.selfCertification[prefPropertyName]; - return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; - })); - return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; -} - -/** - * Create signature packet - * @param {Object} dataToSign - Contains packets to be signed - * @param {PrivateKey} privateKey - key to get preferences from - * @param {SecretKeyPacket| - * SecretSubkeyPacket} signingKeyPacket secret key packet for signing - * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing - * @param {Date} [date] - Override the creationtime of the signature - * @param {Object} [userID] - User ID - * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [detached] - Whether to create a detached signature packet - * @param {Object} config - full configuration - * @returns {Promise} Signature packet. - */ -async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) { - if (signingKeyPacket.isDummy()) { - throw new Error('Cannot sign with a gnu-dummy key.'); - } - if (!signingKeyPacket.isDecrypted()) { - throw new Error('Signing key is not decrypted.'); - } - const signaturePacket = new SignaturePacket(); - Object.assign(signaturePacket, signatureProperties); - signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; - signaturePacket.hashAlgorithm = await getPreferredHashAlgo$2(privateKey, signingKeyPacket, date, userID, config); - signaturePacket.rawNotations = notations; - await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached); - return signaturePacket; -} - -/** - * Merges signatures from source[attr] to dest[attr] - * @param {Object} source - * @param {Object} dest - * @param {String} attr - * @param {Date} [date] - date to use for signature expiration check, instead of the current time - * @param {Function} [checkFn] - signature only merged if true - */ -async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { - source = source[attr]; - if (source) { - if (!dest[attr].length) { - dest[attr] = source; - } else { - await Promise.all(source.map(async function(sourceSig) { - if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && - !dest[attr].some(function(destSig) { - return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); - })) { - dest[attr].push(sourceSig); - } - })); - } - } -} - -/** - * Checks if a given certificate or binding signature is revoked - * @param {SecretKeyPacket| - * PublicKeyPacket} primaryKey The primary key packet - * @param {Object} dataToVerify - The data to check - * @param {Array} revocations - The revocation signatures to check - * @param {SignaturePacket} signature - The certificate or signature to check - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the signature revokes the data. - * @async - */ -async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { - key = key || primaryKey; - const revocationKeyIDs = []; - await Promise.all(revocations.map(async function(revocationSignature) { - try { - if ( - // Note: a third-party revocation signature could legitimately revoke a - // self-signature if the signature has an authorized revocation key. - // However, we don't support passing authorized revocation keys, nor - // verifying such revocation signatures. Instead, we indicate an error - // when parsing a key with an authorized revocation key, and ignore - // third-party revocation signatures here. (It could also be revoking a - // third-party key certification, which should only affect - // `verifyAllCertifications`.) - !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) - ) { - await revocationSignature.verify( - key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config - ); - - // TODO get an identifier of the revoked object instead - revocationKeyIDs.push(revocationSignature.issuerKeyID); - } - } catch (e) {} - })); - // TODO further verify that this is the signature that should be revoked - if (signature) { - signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : - signature.revoked || false; - return signature.revoked; - } - return revocationKeyIDs.length > 0; -} - -/** - * Returns key expiration time based on the given certification signature. - * The expiration time of the signature is ignored. - * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check - * @param {SignaturePacket} signature - signature to process - * @returns {Date|Infinity} expiration time or infinity if the key does not expire - */ -function getKeyExpirationTime(keyPacket, signature) { - let expirationTime; - // check V4 expiration time - if (signature.keyNeverExpires === false) { - expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; - } - return expirationTime ? new Date(expirationTime) : Infinity; -} - -/** - * Returns whether aead is supported by all keys in the set - * @param {Array} keys - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} config - full configuration - * @returns {Promise} - * @async - */ -async function isAEADSupported(keys, date = new Date(), userIDs = [], config$1 = config) { - let supported = true; - // TODO replace when Promise.some or Promise.any are implemented - await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - if (!primaryUser.selfCertification.features || - !(primaryUser.selfCertification.features[0] & enums.features.aead)) { - supported = false; - } - })); - return supported; -} - -function sanitizeKeyOptions(options, subkeyDefaults = {}) { - options.type = options.type || subkeyDefaults.type; - options.curve = options.curve || subkeyDefaults.curve; - options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; - options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; - - options.sign = options.sign || false; - - switch (options.type) { - case 'ecc': - try { - options.curve = enums.write(enums.curve, options.curve); - } catch (e) { - throw new Error('Unknown curve'); - } - if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) { - options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; - } - if (options.sign) { - options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; - } else { - options.algorithm = enums.publicKey.ecdh; - } - break; - case 'rsa': - options.algorithm = enums.publicKey.rsaEncryptSign; - break; - default: - throw new Error(`Unsupported key type ${options.type}`); - } - return options; -} - -function isValidSigningKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.rsaEncrypt && - keyAlgo !== enums.publicKey.elgamal && - keyAlgo !== enums.publicKey.ecdh && - keyAlgo !== enums.publicKey.x25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.signData) !== 0); -} - -function isValidEncryptionKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.dsa && - keyAlgo !== enums.publicKey.rsaSign && - keyAlgo !== enums.publicKey.ecdsa && - keyAlgo !== enums.publicKey.eddsaLegacy && - keyAlgo !== enums.publicKey.ed25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0); -} - -function isValidDecryptionKeyPacket(signature, config) { - if (config.allowInsecureDecryptionWithSigningKeys) { - // This is only relevant for RSA keys, all other signing algorithms cannot decrypt - return true; - } - - return !signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; -} - -/** - * Check key against blacklisted algorithms and minimum strength requirements. - * @param {SecretKeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket - * @param {Config} config - * @throws {Error} if the key packet does not meet the requirements - */ -function checkKeyRequirements(keyPacket, config) { - const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); - const algoInfo = keyPacket.getAlgorithmInfo(); - if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { - throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); - } - switch (keyAlgo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: - case enums.publicKey.rsaEncrypt: - if (algoInfo.bits < config.minRSABits) { - throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); - } - break; - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ecdh: - if (config.rejectCurves.has(algoInfo.curve)) { - throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); - } - break; - } -} - -/** - * @module key/User - * @private - */ - -/** - * Class that represents an user ID or attribute packet and the relevant signatures. - * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info - * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with - */ -class User { - constructor(userPacket, mainKey) { - this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; - this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; - this.selfCertifications = []; - this.otherCertifications = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } - - /** - * Transforms structured user data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.userID || this.userAttribute); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.selfCertifications); - packetlist.push(...this.otherCertifications); - return packetlist; - } - - /** - * Shallow clone - * @returns {User} - */ - clone() { - const user = new User(this.userID || this.userAttribute, this.mainKey); - user.selfCertifications = [...this.selfCertifications]; - user.otherCertifications = [...this.otherCertifications]; - user.revocationSignatures = [...this.revocationSignatures]; - return user; - } - - /** - * Generate third-party certifications over this user and its primary key - * @param {Array} signingKeys - Decrypted private keys for signing - * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} New user with new certifications. - * @async - */ - async certify(signingKeys, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { - if (!privateKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - if (privateKey.hasSameFingerprintAs(primaryKey)) { - throw new Error("The user's own key can only be used for self-certifications"); - } - const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); - return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, { - // Most OpenPGP implementations use generic certification (0x10) - signatureType: enums.signature.certGeneric, - keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] - }, date, undefined, undefined, undefined, config); - })); - await user.update(this, date, config); - return user; - } - - /** - * Checks if a given certificate of the user is revoked - * @param {SignaturePacket} certificate - The certificate to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked(primaryKey, enums.signature.certRevocation, { - key: primaryKey, - userID: this.userID, - userAttribute: this.userAttribute - }, this.revocationSignatures, certificate, keyPacket, date, config$1); - } - - /** - * Verifies the user certificate. - * @param {SignaturePacket} certificate - A certificate of this user - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate - * @throws if the user certificate is invalid. - * @async - */ - async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const { issuerKeyID } = certificate; - const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); - if (issuerKeys.length === 0) { - return null; - } - await Promise.all(issuerKeys.map(async key => { - const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); - if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { - throw new Error('User certificate is revoked'); - } - try { - await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('User certificate is invalid', e); - } - })); - return true; - } - - /** - * Verifies all user certificates - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllCertifications(verificationKeys, date = new Date(), config) { - const that = this; - const certifications = this.selfCertifications.concat(this.otherCertifications); - return Promise.all(certifications.map(async certification => ({ - keyID: certification.issuerKeyID, - valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) - }))); - } - - /** - * Verify User. Checks for existence of self signatures, revocation signatures - * and validity of self signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} Status of user. - * @throws {Error} if there are no valid self signatures. - * @async - */ - async verify(date = new Date(), config) { - if (!this.selfCertifications.length) { - throw new Error('No self-certifications found'); - } - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // TODO replace when Promise.some or Promise.any are implemented - let exception; - for (let i = this.selfCertifications.length - 1; i >= 0; i--) { - try { - const selfCertification = this.selfCertifications[i]; - if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { - throw new Error('Self-certification is revoked'); - } - try { - await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('Self-certification is invalid', e); - } - return true; - } catch (e) { - exception = e; - } - } - throw exception; - } - - /** - * Update user with new components from specified user - * @param {User} sourceUser - Source user to merge - * @param {Date} date - Date to verify the validity of signatures - * @param {Object} config - Full configuration - * @returns {Promise} - * @async - */ - async update(sourceUser, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // self signatures - await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { - try { - await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); - return true; - } catch (e) { - return false; - } - }); - // other signatures - await mergeSignatures(sourceUser, this, 'otherCertifications', date); - // revocation signatures - await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); - }); - } - - /** - * Revokes the user - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New user with revocation signature. - * @async - */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.certRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await user.update(this); - return user; - } -} - -/** - * @module key/Subkey - * @private - */ - -/** - * Class that represents a subkey packet and the relevant signatures. - * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID - * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint - * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs - * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo - * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime - * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted - */ -class Subkey { - /** - * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey - * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey - */ - constructor(subkeyPacket, mainKey) { - this.keyPacket = subkeyPacket; - this.bindingSignatures = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } - - /** - * Transforms structured subkey data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.bindingSignatures); - return packetlist; - } - - /** - * Shallow clone - * @return {Subkey} - */ - clone() { - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.bindingSignatures = [...this.bindingSignatures]; - subkey.revocationSignatures = [...this.revocationSignatures]; - return subkey; - } - - /** - * Checks if a binding signature of a subkey is revoked - * @param {SignaturePacket} signature - The binding signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the binding signature is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked( - primaryKey, enums.signature.subkeyRevocation, { - key: primaryKey, - bind: this.keyPacket - }, this.revocationSignatures, signature, key, date, config$1 - ); - } - - /** - * Verify subkey. Checks for revocation signatures, expiration time - * and valid binding signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} if the subkey is invalid. - * @async - */ - async verify(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - // check subkey binding signatures - const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - // check binding signature is not revoked - if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { - throw new Error('Subkey is revoked'); - } - // check for expiration time - if (isDataExpired(this.keyPacket, bindingSignature, date)) { - throw new Error('Subkey is expired'); - } - return bindingSignature; - } - - /** - * Returns the expiration time of the subkey or Infinity if key does not expire. - * Returns null if the subkey is invalid. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async - */ - async getExpirationTime(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - let bindingSignature; - try { - bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - } catch (e) { - return null; - } - const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); - const sigExpiry = bindingSignature.getExpirationTime(); - return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; - } - - /** - * Update subkey with new components from specified subkey - * @param {Subkey} subkey - Source subkey to merge - * @param {Date} [date] - Date to verify validity of signatures - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if update failed - * @async - */ - async update(subkey, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - if (!this.hasSameFingerprintAs(subkey)) { - throw new Error('Subkey update method: fingerprints of subkeys not equal'); - } - // key packet - if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && - subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { - this.keyPacket = subkey.keyPacket; - } - // update missing binding signatures - const that = this; - const dataToVerify = { key: primaryKey, bind: that.keyPacket }; - await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { - for (let i = 0; i < that.bindingSignatures.length; i++) { - if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { - if (srcBindSig.created > that.bindingSignatures[i].created) { - that.bindingSignatures[i] = srcBindSig; - } - return false; - } - } - try { - await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); - return true; - } catch (e) { - return false; - } - }); - // revocation signatures - await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); - }); - } - - /** - * Revokes the subkey - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New subkey with revocation signature. - * @async - */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { key: primaryKey, bind: this.keyPacket }; - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.subkeyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await subkey.update(this); - return subkey; - } - - hasSameFingerprintAs(other) { - return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); - } -} - -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { - Subkey.prototype[name] = - function() { - return this.keyPacket[name](); - }; -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A key revocation certificate can contain the following packets -const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); -const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); -const keyPacketTags = new Set([ - enums.packet.publicKey, enums.packet.privateKey, - enums.packet.publicSubkey, enums.packet.privateSubkey -]); - -/** - * Abstract class that represents an OpenPGP key. Must contain a primary key. - * Can contain additional subkeys, signatures, user ids, user attributes. - * @borrows PublicKeyPacket#getKeyID as Key#getKeyID - * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint - * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs - * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo - * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime - */ -class Key { - /** - * Transforms packetlist to structured key data - * @param {PacketList} packetlist - The packets that form a key - * @param {Set} disallowedPackets - disallowed packet tags - */ - packetListToStructure(packetlist, disallowedPackets = new Set()) { - let user; - let primaryKeyID; - let subkey; - let ignoreUntil; - - for (const packet of packetlist) { - - if (packet instanceof UnparseablePacket) { - const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); - if (isUnparseableKeyPacket && !ignoreUntil) { - // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must - // discard all non-key packets that follow, until another (sub)key packet is found. - if (mainKeyPacketTags.has(packet.tag)) { - ignoreUntil = mainKeyPacketTags; - } else { - ignoreUntil = keyPacketTags; - } - } - continue; - } - - const tag = packet.constructor.tag; - if (ignoreUntil) { - if (!ignoreUntil.has(tag)) continue; - ignoreUntil = null; - } - if (disallowedPackets.has(tag)) { - throw new Error(`Unexpected packet type: ${tag}`); - } - switch (tag) { - case enums.packet.publicKey: - case enums.packet.secretKey: - if (this.keyPacket) { - throw new Error('Key block contains multiple keys'); - } - this.keyPacket = packet; - primaryKeyID = this.getKeyID(); - if (!primaryKeyID) { - throw new Error('Missing Key ID'); - } - break; - case enums.packet.userID: - case enums.packet.userAttribute: - user = new User(packet, this); - this.users.push(user); - break; - case enums.packet.publicSubkey: - case enums.packet.secretSubkey: - user = null; - subkey = new Subkey(packet, this); - this.subkeys.push(subkey); - break; - case enums.packet.signature: - switch (packet.signatureType) { - case enums.signature.certGeneric: - case enums.signature.certPersona: - case enums.signature.certCasual: - case enums.signature.certPositive: - if (!user) { - util.printDebug('Dropping certification signatures without preceding user packet'); - continue; - } - if (packet.issuerKeyID.equals(primaryKeyID)) { - user.selfCertifications.push(packet); - } else { - user.otherCertifications.push(packet); - } - break; - case enums.signature.certRevocation: - if (user) { - user.revocationSignatures.push(packet); - } else { - this.directSignatures.push(packet); - } - break; - case enums.signature.key: - this.directSignatures.push(packet); - break; - case enums.signature.subkeyBinding: - if (!subkey) { - util.printDebug('Dropping subkey binding signature without preceding subkey packet'); - continue; - } - subkey.bindingSignatures.push(packet); - break; - case enums.signature.keyRevocation: - this.revocationSignatures.push(packet); - break; - case enums.signature.subkeyRevocation: - if (!subkey) { - util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); - continue; - } - subkey.revocationSignatures.push(packet); - break; - } - break; - } - } - } - - /** - * Transforms structured key data to packetlist - * @returns {PacketList} The packets that form a key. - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.directSignatures); - this.users.map(user => packetlist.push(...user.toPacketList())); - this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); - return packetlist; - } - - /** - * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. - * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. - * @returns {Promise} Clone of the key. - */ - clone(clonePrivateParams = false) { - const key = new this.constructor(this.toPacketList()); - if (clonePrivateParams) { - key.getKeys().forEach(k => { - // shallow clone the key packets - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - if (!k.keyPacket.isDecrypted()) return; - // deep clone the private params, which are cleared during encryption - const privateParams = {}; - Object.keys(k.keyPacket.privateParams).forEach(name => { - privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); - }); - k.keyPacket.privateParams = privateParams; - }); - } - return key; - } - - /** - * Returns an array containing all public or private subkeys matching keyID; - * If no keyID is given, returns all subkeys. - * @param {type/keyID} [keyID] - key ID to look for - * @returns {Array} array of subkeys - */ - getSubkeys(keyID = null) { - const subkeys = this.subkeys.filter(subkey => ( - !keyID || subkey.getKeyID().equals(keyID, true) - )); - return subkeys; - } - - /** - * Returns an array containing all public or private keys matching keyID. - * If no keyID is given, returns all keys, starting with the primary key. - * @param {type/keyid~KeyID} [keyID] - key ID to look for - * @returns {Array} array of keys - */ - getKeys(keyID = null) { - const keys = []; - if (!keyID || this.getKeyID().equals(keyID, true)) { - keys.push(this); - } - return keys.concat(this.getSubkeys(keyID)); - } - - /** - * Returns key IDs of all keys - * @returns {Array} - */ - getKeyIDs() { - return this.getKeys().map(key => key.getKeyID()); - } - - /** - * Returns userIDs - * @returns {Array} Array of userIDs. - */ - getUserIDs() { - return this.users.map(user => { - return user.userID ? user.userID.userID : null; - }).filter(userID => userID !== null); - } - - /** - * Returns binary encoded key - * @returns {Uint8Array} Binary key. - */ - write() { - return this.toPacketList().write(); - } - - /** - * Returns last created key or key by given keyID that is available for signing and verification - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} signing key - * @throws if no valid signing key was found - * @async - */ - async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature( - subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 - ); - if (!isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) { - continue; - } - if (!bindingSignature.embeddedSignature) { - throw new Error('Missing embedded signature'); - } - // verify embedded signature - await getLatestValidSignature( - [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 - ); - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } catch (e) { - exception = e; - } - } - } - - try { - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config$1)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; - } - throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); - } - - /** - * Returns last created key or key by given keyID that is available for encryption or decryption - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} encryption key - * @throws if no valid encryption key was found - * @async - */ - async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - // V4: by convention subkeys are preferred for encryption service - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) { - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } - } catch (e) { - exception = e; - } - } - } - - try { - // if no valid subkey for encryption, evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; - } - throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); - } - - /** - * Checks if a signature on a key is revoked - * @param {SignaturePacket} signature - The signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - return isDataRevoked( - this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 - ); - } - - /** - * Verify primary key. Checks for revocation signatures, expiration time - * and valid self signature. Throws if the primary key is invalid. - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} If key verification failed - * @async - */ - async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - // check for key revocation signatures - if (await this.isRevoked(null, null, date, config$1)) { - throw new Error('Primary key is revoked'); - } - // check for valid, unrevoked, unexpired self signature - const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); - // check for expiration time in binding signatures - if (isDataExpired(primaryKey, selfCertification, date)) { - throw new Error('Primary key is expired'); - } - // check for expiration time in direct signatures - const directSignature = await getLatestValidSignature( - this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 - ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key - - if (directSignature && isDataExpired(primaryKey, directSignature, date)) { - throw new Error('Primary key is expired'); - } - } - - /** - * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. - * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. - * @param {Object} [userID] - User ID to consider instead of the primary user - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async - */ - async getExpirationTime(userID, config$1 = config) { - let primaryKeyExpiry; - try { - const { selfCertification } = await this.getPrimaryUser(null, userID, config$1); - const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); - const selfSigExpiry = selfCertification.getExpirationTime(); - const directSignature = await getLatestValidSignature( - this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 - ).catch(() => {}); - if (directSignature) { - const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); - // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, - // causing a discountinous validy period for the key - primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); - } else { - primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; - } - } catch (e) { - primaryKeyExpiry = null; - } - - return util.normalizeDate(primaryKeyExpiry); - } - - - /** - * Returns primary user and most significant (latest valid) self signature - * - if multiple primary users exist, returns the one with the latest self signature - * - otherwise, returns the user with the latest self signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * user: User, - * selfCertification: SignaturePacket - * }>} The primary user and the self signature - * @async - */ - async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const users = []; - let exception; - for (let i = 0; i < this.users.length; i++) { - try { - const user = this.users[i]; - if (!user.userID) { - continue; - } - if ( - (userID.name !== undefined && user.userID.name !== userID.name) || - (userID.email !== undefined && user.userID.email !== userID.email) || - (userID.comment !== undefined && user.userID.comment !== userID.comment) - ) { - throw new Error('Could not find user that matches that user ID'); - } - const dataToVerify = { userID: user.userID, key: primaryKey }; - const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); - users.push({ index: i, user, selfCertification }); - } catch (e) { - exception = e; - } - } - if (!users.length) { - throw exception || new Error('Could not find primary user'); - } - await Promise.all(users.map(async function (a) { - return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); - })); - // sort by primary user flag and signature creation time - const primaryUser = users.sort(function(a, b) { - const A = a.selfCertification; - const B = b.selfCertification; - return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; - }).pop(); - const { user, selfCertification: cert } = primaryUser; - if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { - throw new Error('Primary user is revoked'); - } - return primaryUser; - } - - /** - * Update key with new components from specified key with same key ID: - * users, subkeys, certificates are merged into the destination key, - * duplicates and expired signatures are ignored. - * - * If the source key is a private key and the destination key is public, - * a private key is returned. - * @param {Key} sourceKey - Source key to merge - * @param {Date} [date] - Date to verify validity of signatures and keys - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} updated key - * @async - */ - async update(sourceKey, date = new Date(), config$1 = config) { - if (!this.hasSameFingerprintAs(sourceKey)) { - throw new Error('Primary key fingerprints must be equal to update the key'); - } - if (!this.isPrivate() && sourceKey.isPrivate()) { - // check for equal subkey packets - const equal = (this.subkeys.length === sourceKey.subkeys.length) && - (this.subkeys.every(destSubkey => { - return sourceKey.subkeys.some(srcSubkey => { - return destSubkey.hasSameFingerprintAs(srcSubkey); - }); - })); - if (!equal) { - throw new Error('Cannot update public key with private key if subkeys mismatch'); - } - - return sourceKey.update(this, config$1); - } - // from here on, either: - // - destination key is private, source key is public - // - the keys are of the same type - // hence we don't need to convert the destination key type - const updatedKey = this.clone(); - // revocation signatures - await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { - return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); - }); - // direct signatures - await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); - // update users - await Promise.all(sourceKey.users.map(async srcUser => { - // multiple users with the same ID/attribute are not explicitly disallowed by the spec - // hence we support them, just in case - const usersToUpdate = updatedKey.users.filter(dstUser => ( - (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || - (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) - )); - if (usersToUpdate.length > 0) { - await Promise.all( - usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) - ); - } else { - const newUser = srcUser.clone(); - newUser.mainKey = updatedKey; - updatedKey.users.push(newUser); - } - })); - // update subkeys - await Promise.all(sourceKey.subkeys.map(async srcSubkey => { - // multiple subkeys with same fingerprint might be preset - const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( - dstSubkey.hasSameFingerprintAs(srcSubkey) - )); - if (subkeysToUpdate.length > 0) { - await Promise.all( - subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) - ); - } else { - const newSubkey = srcSubkey.clone(); - newSubkey.mainKey = updatedKey; - updatedKey.subkeys.push(newSubkey); - } - })); - - return updatedKey; - } - - /** - * Get revocation certificate from a revoked key. - * (To get a revocation certificate for an unrevoked key, call revoke() first.) - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Armored revocation certificate. - * @async - */ - async getRevocationCertificate(date = new Date(), config$1 = config) { - const dataToVerify = { key: this.keyPacket }; - const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); - const packetlist = new PacketList(); - packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); - } - - /** - * Applies a revocation certificate to a key - * This adds the first signature packet in the armored text to the key, - * if it is a valid revocation signature. - * @param {String} revocationCertificate - armored revocation certificate - * @param {Date} [date] - Date to verify the certificate - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Revoked key. - * @async - */ - async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { - const input = await unarmor(revocationCertificate, config$1); - const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); - const revocationSignature = packetlist.findPacket(enums.packet.signature); - if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { - throw new Error('Could not find revocation signature packet'); - } - if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { - throw new Error('Revocation signature does not match key'); - } - try { - await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); - } catch (e) { - throw util.wrapError('Could not verify revocation signature', e); - } - const key = this.clone(); - key.revocationSignatures.push(revocationSignature); - return key; - } - - /** - * Signs primary user of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signPrimaryUser(privateKeys, date, userID, config$1 = config) { - const { index, user } = await this.getPrimaryUser(date, userID, config$1); - const userSign = await user.certify(privateKeys, date, config$1); - const key = this.clone(); - key.users[index] = userSign; - return key; - } - - /** - * Signs all users of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for signing, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signAllUsers(privateKeys, date = new Date(), config$1 = config) { - const key = this.clone(); - key.users = await Promise.all(this.users.map(function(user) { - return user.certify(privateKeys, date, config$1); - })); - return key; - } - - /** - * Verifies primary user of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { - const primaryKey = this.keyPacket; - const { user } = await this.getPrimaryUser(date, userID, config$1); - const results = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - return results; - } - - /** - * Verifies all users of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of userID, signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { - const primaryKey = this.keyPacket; - const results = []; - await Promise.all(this.users.map(async user => { - const signatures = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - - results.push(...signatures.map( - signature => ({ - userID: user.userID ? user.userID.userID : null, - userAttribute: user.userAttribute, - keyID: signature.keyID, - valid: signature.valid - })) - ); - })); - return results; - } -} - -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { - Key.prototype[name] = - Subkey.prototype[name]; -}); - -// This library is free software; you can redistribute it and/or - -/** - * Class that represents an OpenPGP Public Key - */ -class PublicKey extends Key { - /** - * @param {PacketList} packetlist - The packets that form this key - */ - constructor(packetlist) { - super(); - this.keyPacket = null; - this.revocationSignatures = []; - this.directSignatures = []; - this.users = []; - this.subkeys = []; - if (packetlist) { - this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing public-key packet'); - } - } - } - - /** - * Returns true if this is a private key - * @returns {false} - */ - isPrivate() { - return false; - } - - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - return this; - } - - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); - } -} - -/** - * Class that represents an OpenPGP Private key - */ -class PrivateKey extends PublicKey { - /** - * @param {PacketList} packetlist - The packets that form this key - */ - constructor(packetlist) { - super(); - this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing private-key packet'); - } - } - - /** - * Returns true if this is a private key - * @returns {Boolean} - */ - isPrivate() { - return true; - } - - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - const packetlist = new PacketList(); - const keyPackets = this.toPacketList(); - for (const keyPacket of keyPackets) { - switch (keyPacket.constructor.tag) { - case enums.packet.secretKey: { - const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); - packetlist.push(pubKeyPacket); - break; - } - case enums.packet.secretSubkey: { - const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); - packetlist.push(pubSubkeyPacket); - break; - } - default: - packetlist.push(keyPacket); - } - } - return new PublicKey(packetlist); - } - - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); - } - - /** - * Returns all keys that are available for decryption, matching the keyID when given - * This is useful to retrieve keys for session key decryption - * @param {module:type/keyid~KeyID} keyID, optional - * @param {Date} date, optional - * @param {String} userID, optional - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} Array of decryption keys. - * @async - */ - async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const keys = []; - for (let i = 0; i < this.subkeys.length; i++) { - if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { - try { - const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; - const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidDecryptionKeyPacket(bindingSignature, config$1)) { - keys.push(this.subkeys[i]); - } - } catch (e) {} - } - } - - // evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && - isValidDecryptionKeyPacket(primaryUser.selfCertification, config$1)) { - keys.push(this); - } - - return keys; - } - - /** - * Returns true if the primary key or any subkey is decrypted. - * A dummy key is considered encrypted. - */ - isDecrypted() { - return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); - } - - /** - * Check whether the private and public primary key parameters correspond - * Together with verification of binding signatures, this guarantees key integrity - * In case of gnu-dummy primary key, it is enough to validate any signing subkeys - * otherwise all encryption subkeys are validated - * If only gnu-dummy keys are found, we cannot properly validate so we throw an error - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if validation was not successful and the key cannot be trusted - * @async - */ - async validate(config$1 = config) { - if (!this.isPrivate()) { - throw new Error('Cannot validate a public key'); - } - - let signingKeyPacket; - if (!this.keyPacket.isDummy()) { - signingKeyPacket = this.keyPacket; - } else { - /** - * It is enough to validate any signing keys - * since its binding signatures are also checked - */ - const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); - // This could again be a dummy key - if (signingKey && !signingKey.keyPacket.isDummy()) { - signingKeyPacket = signingKey.keyPacket; - } - } - - if (signingKeyPacket) { - return signingKeyPacket.validate(); - } else { - const keys = this.getKeys(); - const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); - if (allDummies) { - throw new Error('Cannot validate an all-gnu-dummy key'); - } - - return Promise.all(keys.map(async key => key.keyPacket.validate())); - } - } - - /** - * Clear private key parameters - */ - clearPrivateParams() { - this.getKeys().forEach(({ keyPacket }) => { - if (keyPacket.isDecrypted()) { - keyPacket.clearPrivateParams(); - } - }); - } - - /** - * Revokes the key - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New key with revocation signature. - * @async - */ - async revoke( - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - if (!this.isPrivate()) { - throw new Error('Need private key for revoking'); - } - const dataToSign = { key: this.keyPacket }; - const key = this.clone(); - key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.keyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, undefined, config$1)); - return key; - } - - - /** - * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. - * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. - * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA - * @param {String} options.curve (optional) Elliptic curve for ECC keys - * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date (optional) Override the creation date of the key and the key signatures - * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false - * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} - * @async - */ - async addSubkey(options = {}) { - const config$1 = { ...config, ...options.config }; - if (options.passphrase) { - throw new Error('Subkey could not be encrypted here, please encrypt whole key'); - } - if (options.rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); - } - const secretKeyPacket = this.keyPacket; - if (secretKeyPacket.isDummy()) { - throw new Error('Cannot add subkey to gnu-dummy primary key'); - } - if (!secretKeyPacket.isDecrypted()) { - throw new Error('Key is not decrypted'); - } - const defaultOptions = secretKeyPacket.getAlgorithmInfo(); - defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA - defaultOptions.rsaBits = defaultOptions.bits || 4096; - defaultOptions.curve = defaultOptions.curve || 'curve25519'; - options = sanitizeKeyOptions(options, defaultOptions); - const keyPacket = await generateSecretSubkey(options); - checkKeyRequirements(keyPacket, config$1); - const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); - const packetList = this.toPacketList(); - packetList.push(keyPacket, bindingSignature); - return new PrivateKey(packetList); - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -// A Key can contain the following packets -const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ - PublicKeyPacket, - PublicSubkeyPacket, - SecretKeyPacket, - SecretSubkeyPacket, - UserIDPacket, - UserAttributePacket, - SignaturePacket -]); - -/** - * Creates a PublicKey or PrivateKey depending on the packetlist in input - * @param {PacketList} - packets to parse - * @return {Key} parsed key - * @throws if no key packet was found - */ -function createKey(packetlist) { - for (const packet of packetlist) { - switch (packet.constructor.tag) { - case enums.packet.secretKey: - return new PrivateKey(packetlist); - case enums.packet.publicKey: - return new PublicKey(packetlist); - } - } - throw new Error('No key packet found'); -} - - -/** - * Generates a new OpenPGP key. Supports RSA and ECC keys. - * By default, primary and subkeys will be of same type. - * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA - * @param {String} options.curve Elliptic curve for ECC keys - * @param {Integer} options.rsaBits Number of bits for RSA keys - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Creation date of the key and the key signatures - * @param {Object} config - Full configuration - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ -async function generate$4(options, config) { - options.sign = true; // primary key is always a signing key - options = sanitizeKeyOptions(options); - options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); - let promises = [generateSecretKey(options, config)]; - promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); - const packets = await Promise.all(promises); - - const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; -} - -/** - * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. - * @param {PrivateKey} options.privateKey The private key to reformat - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Override the creation date of the key signatures - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * @param {Object} config - Full configuration - * - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ -async function reformat(options, config) { - options = sanitize(options); - const { privateKey } = options; - - if (!privateKey.isPrivate()) { - throw new Error('Cannot reformat a public key'); - } - - if (privateKey.keyPacket.isDummy()) { - throw new Error('Cannot reformat a gnu-dummy primary key'); - } - - const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); - if (!isDecrypted) { - throw new Error('Key is not decrypted'); - } - - const secretKeyPacket = privateKey.keyPacket; - - if (!options.subkeys) { - options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { - const secretSubkeyPacket = subkey.keyPacket; - const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; - const bindingSignature = await ( - getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) - ).catch(() => ({})); - return { - sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) - }; - })); - } - - const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); - if (options.subkeys.length !== secretSubkeyPackets.length) { - throw new Error('Number of subkey options does not match number of subkeys'); - } - - options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); - - const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; - - function sanitize(options, subkeyDefaults = {}) { - options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; - - return options; - } -} - -/** - * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection - * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. - * @param {SecretKeyPacket} secretKeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPackets - * @param {Object} options - * @param {Object} config - Full configuration - * @returns {PrivateKey} - */ -async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { - // set passphrase protection - if (options.passphrase) { - await secretKeyPacket.encrypt(options.passphrase, config); - } - - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - await secretSubkeyPacket.encrypt(subkeyPassphrase, config); - } - })); - - const packetlist = new PacketList(); - packetlist.push(secretKeyPacket); - - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; - } - - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; - - const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; - signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; - signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ - // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) - enums.symmetric.aes256, - enums.symmetric.aes128, - enums.symmetric.aes192 - ], config.preferredSymmetricAlgorithm); - if (config.aeadProtect) { - signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([ - enums.aead.eax, - enums.aead.ocb - ], config.preferredAEADAlgorithm); - } - signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ - // prefer fast asm.js implementations (SHA-256) - enums.hash.sha256, - enums.hash.sha512 - ], config.preferredHashAlgorithm); - signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ - enums.compression.zlib, - enums.compression.zip, - enums.compression.uncompressed - ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } - // integrity protection always enabled - signatureProperties.features = [0]; - signatureProperties.features[0] |= enums.features.modificationDetection; - if (config.aeadProtect) { - signatureProperties.features[0] |= enums.features.aead; - } - if (config.v5Keys) { - signatureProperties.features[0] |= enums.features.v5Keys; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; - } - - const signaturePacket = await createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); - - return { userIDPacket, signaturePacket }; - })).then(list => { - list.forEach(({ userIDPacket, signaturePacket }) => { - packetlist.push(userIDPacket); - packetlist.push(signaturePacket); - }); - }); - - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyOptions = options.subkeys[index]; - const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); - return { secretSubkeyPacket, subkeySignaturePacket }; - })).then(packets => { - packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { - packetlist.push(secretSubkeyPacket); - packetlist.push(subkeySignaturePacket); - }); - }); - - // Add revocation signature packet for creating a revocation certificate. - // This packet should be removed before returning the key. - const dataToSign = { key: secretKeyPacket }; - packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.reasonForRevocation.noReason, - reasonForRevocationString: '' - }, options.date, undefined, undefined, undefined, config)); - - if (options.passphrase) { - secretKeyPacket.clearPrivateParams(); - } - - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - secretSubkeyPacket.clearPrivateParams(); - } - })); - - return new PrivateKey(packetlist); -} - -/** - * Reads an (optionally armored) OpenPGP key and returns a key object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static - */ -async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { - throw new Error('Armored text not of type key'); - } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return createKey(packetlist); -} - -/** - * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static - */ -async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readPrivateKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.privateKey)) { - throw new Error('Armored text not of type private key'); - } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return new PrivateKey(packetlist); -} - -/** - * Reads an (optionally armored) OpenPGP key block and returns a list of key objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static - */ -async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { - throw new Error('Armored text not of type key'); - } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = createKey(oneKeyList); - keys.push(newKey); - } - return keys; -} - -/** - * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static - */ -async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readPrivateKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); - } - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.privateKey) { - throw new Error('Armored text not of type private key'); - } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No secret key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = new PrivateKey(oneKeyList); - keys.push(newKey); - } - return keys; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Message can contain the following packets -const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - AEADEncryptedDataPacket, - SymEncryptedIntegrityProtectedDataPacket, - SymmetricallyEncryptedDataPacket, - PublicKeyEncryptedSessionKeyPacket, - SymEncryptedSessionKeyPacket, - OnePassSignaturePacket, - SignaturePacket -]); -// A SKESK packet can contain the following packets -const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); -// A detached signature can contain the following packets -const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - -/** - * Class that represents an OpenPGP message. - * Can be an encrypted message, signed message, compressed message or literal message - * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} - */ -class Message { - /** - * @param {PacketList} packetlist - The packets that form this message - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); - } - - /** - * Returns the key IDs of the keys to which the session key is encrypted - * @returns {Array} Array of keyID objects. - */ - getEncryptionKeyIDs() { - const keyIDs = []; - const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - pkESKeyPacketlist.forEach(function(packet) { - keyIDs.push(packet.publicKeyID); - }); - return keyIDs; - } - - /** - * Returns the key IDs of the keys that signed the message - * @returns {Array} Array of keyID objects. - */ - getSigningKeyIDs() { - const msg = this.unwrapCompressed(); - // search for one pass signatures - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); - if (onePassSigList.length > 0) { - return onePassSigList.map(packet => packet.issuerKeyID); - } - // if nothing found look for signature packets - const signatureList = msg.packets.filterByTag(enums.packet.signature); - return signatureList.map(packet => packet.issuerKeyID); - } - - /** - * Decrypt the message. Either a private key, a session key, or a password must be specified. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Date} [date] - Use the given date for key verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with decrypted content. - * @async - */ - async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { - const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - - const symEncryptedPacketlist = this.packets.filterByTag( - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ); - - if (symEncryptedPacketlist.length === 0) { - throw new Error('No encrypted data found'); - } - - const symEncryptedPacket = symEncryptedPacketlist[0]; - let exception = null; - const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { - if (!util.isUint8Array(data) || !util.isString(algorithmName)) { - throw new Error('Invalid session key for decryption.'); - } - - try { - const algo = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.decrypt(algo, data, config$1); - } catch (e) { - util.printDebugError(e); - exception = e; - } - })); - // We don't await stream.cancel here because it only returns when the other copy is canceled too. - cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. - symEncryptedPacket.encrypted = null; - await decryptedPromise; - - if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { - throw exception || new Error('Decryption failed.'); - } - - const resultMsg = new Message(symEncryptedPacket.packets); - symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - - return resultMsg; - } - - /** - * Decrypt encrypted session keys either with private keys or passwords. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Date} [date] - Use the given date for key verification, instead of current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} array of object with potential sessionKey, algorithm pairs - * @async - */ - async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config$1 = config) { - let decryptedSessionKeyPackets = []; - - let exception; - if (passwords) { - const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); - if (skeskPackets.length === 0) { - throw new Error('No symmetrically encrypted session key packet found.'); - } - await Promise.all(passwords.map(async function(password, i) { - let packets; - if (i) { - packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); - } else { - packets = skeskPackets; - } - await Promise.all(packets.map(async function(skeskPacket) { - try { - await skeskPacket.decrypt(password); - decryptedSessionKeyPackets.push(skeskPacket); - } catch (err) { - util.printDebugError(err); - } - })); - })); - } else if (decryptionKeys) { - const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - if (pkeskPackets.length === 0) { - throw new Error('No public key encrypted session key packet found.'); - } - await Promise.all(pkeskPackets.map(async function(pkeskPacket) { - await Promise.all(decryptionKeys.map(async function(decryptionKey) { - let algos = [ - enums.symmetric.aes256, // Old OpenPGP.js default fallback - enums.symmetric.aes128, // RFC4880bis fallback - enums.symmetric.tripledes, // RFC4880 fallback - enums.symmetric.cast5 // Golang OpenPGP fallback - ]; - try { - const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config$1); // TODO: Pass userID from somewhere. - if (primaryUser.selfCertification.preferredSymmetricAlgorithms) { - algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms); - } - } catch (e) {} - - // do not check key expiration to allow decryption of old messages - const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); - await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { - if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) { - return; - } - if (!decryptionKeyPacket.isDecrypted()) { - throw new Error('Decryption key is not decrypted.'); - } - - // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. - const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal - ); - - if (doConstantTimeDecryption) { - // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, - // either with the successfully decrypted session key, or with a randomly generated one. - // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on - // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: - // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the - // randomly generated keys of the remaining key types. - // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly - // generated session keys. - // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. - - const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times - await Promise.all(Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => { - const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); - pkeskPacketCopy.read(serialisedPKESK); - const randomSessionKey = { - sessionKeyAlgorithm, - sessionKey: mod.generateSessionKey(sessionKeyAlgorithm) - }; - try { - await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); - decryptedSessionKeyPackets.push(pkeskPacketCopy); - } catch (err) { - // `decrypt` can still throw some non-security-sensitive errors - util.printDebugError(err); - exception = err; - } - })); - - } else { - try { - await pkeskPacket.decrypt(decryptionKeyPacket); - if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) { - throw new Error('A non-preferred symmetric algorithm was used.'); - } - decryptedSessionKeyPackets.push(pkeskPacket); - } catch (err) { - util.printDebugError(err); - exception = err; - } - } - })); - })); - cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. - pkeskPacket.encrypted = null; - })); - } else { - throw new Error('No key or password specified.'); - } - - if (decryptedSessionKeyPackets.length > 0) { - // Return only unique session keys - if (decryptedSessionKeyPackets.length > 1) { - const seen = new Set(); - decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { - const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); - if (seen.has(k)) { - return false; - } - seen.add(k); - return true; - }); - } - - return decryptedSessionKeyPackets.map(packet => ({ - data: packet.sessionKey, - algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm) - })); - } - throw exception || new Error('Session key decryption failed.'); - } - - /** - * Get literal data that is the body of the message - * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. - */ - getLiteralData() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getBytes()) || null; - } - - /** - * Get filename from literal data packet - * @returns {(String|null)} Filename of literal data packet as string. - */ - getFilename() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getFilename()) || null; - } - - /** - * Get literal data as text - * @returns {(String|null)} Literal body of the message interpreted as text. - */ - getText() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - if (literal) { - return literal.getText(); - } - return null; - } - - /** - * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. - * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for - * @param {Date} [date] - Date to select algorithm preferences at - * @param {Array} [userIDs] - User IDs to select algorithm preferences for - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. - * @async - */ - static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { - const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config$1); - const algorithmName = enums.read(enums.symmetric, algo); - const aeadAlgorithmName = config$1.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config$1) ? - enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config$1)) : - undefined; - - await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() - .catch(() => null) // ignore key strength requirements - .then(maybeKey => { - if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { - throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); - } - }) - )); - - const sessionKeyData = mod.generateSessionKey(algo); - return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName }; - } - - /** - * Encrypt the message either with public keys, passwords, or both at once. - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - Password(s) for message encryption - * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] - * @param {Date} [date] - Override the creation date of the literal package - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async - */ - async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - if (sessionKey) { - if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { - throw new Error('Invalid session key for encryption.'); - } - } else if (encryptionKeys && encryptionKeys.length) { - sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); - } else if (passwords && passwords.length) { - sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); - } else { - throw new Error('No keys, passwords, or session key provided.'); - } - - const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; - - const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); - - let symEncryptedPacket; - if (aeadAlgorithmName) { - symEncryptedPacket = new AEADEncryptedDataPacket(); - symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName); - } else { - symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket(); - } - symEncryptedPacket.packets = this.packets; - - const algorithm = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); - - msg.packets.push(symEncryptedPacket); - symEncryptedPacket.packets = new PacketList(); // remove packets after encryption - return msg; - } - - /** - * Encrypt a session key either with public keys, passwords, or both at once. - * @param {Uint8Array} sessionKey - session key for encryption - * @param {String} algorithmName - session key algorithm - * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - For message encryption - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [date] - Override the date - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async - */ - static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - const packetlist = new PacketList(); - const algorithm = enums.write(enums.symmetric, algorithmName); - const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); - - if (encryptionKeys) { - const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { - const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket(); - pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID(); - pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm; - pkESKeyPacket.sessionKey = sessionKey; - pkESKeyPacket.sessionKeyAlgorithm = algorithm; - await pkESKeyPacket.encrypt(encryptionKey.keyPacket); - delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption - return pkESKeyPacket; - })); - packetlist.push(...results); - } - if (passwords) { - const testDecrypt = async function(keyPacket, password) { - try { - await keyPacket.decrypt(password); - return 1; - } catch (e) { - return 0; - } - }; - - const sum = (accumulator, currentValue) => accumulator + currentValue; - - const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { - const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); - symEncryptedSessionKeyPacket.sessionKey = sessionKey; - symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; - if (aeadAlgorithm) { - symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; - } - await symEncryptedSessionKeyPacket.encrypt(password, config$1); - - if (config$1.passwordCollisionCheck) { - const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); - if (results.reduce(sum) !== 1) { - return encryptPassword(sessionKey, algorithm, password); - } - } - - delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption - return symEncryptedSessionKeyPacket; - }; - - const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd))); - packetlist.push(...results); - } - - return new Message(packetlist); - } - - /** - * Sign the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to add to the message - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with signed content. - * @async - */ - async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const packetlist = new PacketList(); - - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); - } - - let i; - let existingSigPacketlist; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; - - if (signature) { - existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - for (i = existingSigPacketlist.length - 1; i >= 0; i--) { - const signaturePacket = existingSigPacketlist[i]; - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signaturePacket.signatureType; - onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; - onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; - onePassSig.issuerKeyID = signaturePacket.issuerKeyID; - if (!signingKeys.length && i === 0) { - onePassSig.flags = 1; - } - packetlist.push(onePassSig); - } - } - - await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; - const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config$1); - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signatureType; - onePassSig.hashAlgorithm = await getPreferredHashAlgo$2(primaryKey, signingKey.keyPacket, date, userIDs, config$1); - onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm; - onePassSig.issuerKeyID = signingKey.getKeyID(); - if (i === signingKeys.length - 1) { - onePassSig.flags = 1; - } - return onePassSig; - })).then(onePassSignatureList => { - onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig)); - }); - - packetlist.push(literalDataPacket); - packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config$1))); - - return new Message(packetlist); - } - - /** - * Compresses the message (the literal and -if signed- signature data packets of the message) - * @param {module:enums.compression} algo - compression algorithm - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Message} New message with compressed content. - */ - compress(algo, config$1 = config) { - if (algo === enums.compression.uncompressed) { - return this; - } - - const compressed = new CompressedDataPacket(config$1); - compressed.algorithm = algo; - compressed.packets = this.packets; - - const packetList = new PacketList(); - packetList.push(compressed); - - return new Message(packetList); - } - - /** - * Create a detached signature for the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New detached signature of message content. - * @async - */ - async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); - } - return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - } - - /** - * Verify message signatures - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signatures. - * @async - */ - async verify(verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); - } - if (isArrayStream(msg.packets.stream)) { - msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); - } - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); - const signatureList = msg.packets.filterByTag(enums.packet.signature); - if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { - await Promise.all(onePassSigList.map(async onePassSig => { - onePassSig.correspondingSig = new Promise((resolve, reject) => { - onePassSig.correspondingSigResolve = resolve; - onePassSig.correspondingSigReject = reject; - }); - onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); - onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); - onePassSig.hashed.catch(() => {}); - })); - msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { - const reader = getReader(readable); - const writer = getWriter(writable); - try { - for (let i = 0; i < onePassSigList.length; i++) { - const { value: signature } = await reader.read(); - onePassSigList[i].correspondingSigResolve(signature); - } - await reader.readToEnd(); - await writer.ready; - await writer.close(); - } catch (e) { - onePassSigList.forEach(onePassSig => { - onePassSig.correspondingSigReject(e); - }); - await writer.abort(e); - } - }); - return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); - } - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); - } - - /** - * Verify detached message signature - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Signature} signature - * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); - } - const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); - } - - /** - * Unwrap compressed message - * @returns {Message} Message Content of compressed message. - */ - unwrapCompressed() { - const compressed = this.packets.filterByTag(enums.packet.compressedData); - if (compressed.length) { - return new Message(compressed[0].packets); - } - return this; - } - - /** - * Append signature to unencrypted message object - * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async appendSignature(detachedSignature, config$1 = config) { - await this.packets.read( - util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, - allowedDetachedSignaturePackets, - config$1 - ); - } - - /** - * Returns binary encoded message - * @returns {ReadableStream} Binary message. - */ - write() { - return this.packets.write(); - } - - /** - * Returns ASCII armored text of message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.message, this.write(), null, null, null, config$1); - } -} - -/** - * Create signature packets for the message - * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign - * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to append - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creationtime of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Boolean} [detached] - Whether to create detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} List of signature packets. - * @async - * @private - */ -async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config$1 = config) { - const packetlist = new PacketList(); - - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; - - await Promise.all(signingKeys.map(async (primaryKey, i) => { - const userID = userIDs[i]; - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config$1); - return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config$1); - })).then(signatureList => { - packetlist.push(...signatureList); - }); - - if (signature) { - const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - packetlist.push(...existingSigPacketlist); - } - return packetlist; -} - -/** - * Create object containing signer's keyID and validity of signature - * @param {SignaturePacket} signature - Signature packet - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Check signature validity with respect to the given date - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * keyID: module:type/keyid~KeyID, - * signature: Promise, - * verified: Promise - * }>} signer's keyID and validity of signature - * @async - * @private - */ -async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - let primaryKey; - let unverifiedSigningKey; - - for (const key of verificationKeys) { - const issuerKeys = key.getKeys(signature.issuerKeyID); - if (issuerKeys.length > 0) { - primaryKey = key; - unverifiedSigningKey = issuerKeys[0]; - break; - } - } - - const isOnePassSignature = signature instanceof OnePassSignaturePacket; - const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; - - const verifiedSig = { - keyID: signature.issuerKeyID, - verified: (async () => { - if (!unverifiedSigningKey) { - throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); - } - - await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); - const signaturePacket = await signaturePacketPromise; - if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { - throw new Error('Key is newer than the signature'); - } - // We pass the signature creation time to check whether the key was expired at the time of signing. - // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before - try { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); - } catch (e) { - // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, - // making the key invalid at the time of signing. - // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. - // Note: we do not support the edge case of a key that was reformatted and it has expired. - if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); - } else { - throw e; - } - } - return true; - })(), - signature: (async () => { - const signaturePacket = await signaturePacketPromise; - const packetlist = new PacketList(); - signaturePacket && packetlist.push(signaturePacket); - return new Signature(packetlist); - })() - }; - - // Mark potential promise rejections as "handled". This is needed because in - // some cases, we reject them before the user has a reasonable chance to - // handle them (e.g. `await readToEnd(result.data); await result.verified` and - // the data stream errors). - verifiedSig.signature.catch(() => {}); - verifiedSig.verified.catch(() => {}); - - return verifiedSig; -} - -/** - * Create list of objects containing signer's keyID and validity of signature - * @param {Array} signatureList - Array of signature packets - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} date - Verify the signature against the given date, - * i.e. check signature creation time < date < expiration time - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) - * @async - * @private - */ -async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - return Promise.all(signatureList.filter(function(signature) { - return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); - }).map(async function(signature) { - return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); - })); -} - -/** - * Reads an (optionally armored) OpenPGP message and returns a Message object - * @param {Object} options - * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed - * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New message object. - * @async - * @static - */ -async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredMessage || binaryMessage; - if (!input) { - throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); - } - if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { - throw new Error('readMessage: options.armoredMessage must be a string or stream'); - } - if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { - throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - if (armoredMessage) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.message) { - throw new Error('Armored text not of type message'); - } - input = data; - } - const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); - const message = new Message(packetlist); - message.fromStream = streamType; - return message; -} - -/** - * Creates new message object from text or binary data. - * @param {Object} options - * @param {String | ReadableStream} [options.text] - The text message contents - * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents - * @param {String} [options.filename=""] - Name of the file (if any) - * @param {Date} [options.date=current date] - Date of the message, or modification date of the file - * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type - * @returns {Promise} New message object. - * @async - * @static - */ -async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { - let input = text !== undefined ? text : binary; - if (input === undefined) { - throw new Error('createMessage: must pass options object containing `text` or `binary`'); - } - if (text && !util.isString(text) && !util.isStream(text)) { - throw new Error('createMessage: options.text must be a string or stream'); - } - if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { - throw new Error('createMessage: options.binary must be a Uint8Array or stream'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - const literalDataPacket = new LiteralDataPacket(date); - if (text !== undefined) { - literalDataPacket.setText(input, enums.write(enums.literal, format)); - } else { - literalDataPacket.setBytes(input, enums.write(enums.literal, format)); - } - if (filename !== undefined) { - literalDataPacket.setFilename(filename); - } - const literalDataPacketlist = new PacketList(); - literalDataPacketlist.push(literalDataPacket); - const message = new Message(literalDataPacketlist); - message.fromStream = streamType; - return message; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Cleartext message can contain the following packets -const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - -/** - * Class that represents an OpenPGP cleartext signed message. - * See {@link https://tools.ietf.org/html/rfc4880#section-7} - */ -class CleartextMessage { - /** - * @param {String} text - The cleartext of the signed message - * @param {Signature} signature - The detached signature or an empty signature for unsigned messages - */ - constructor(text, signature) { - // remove trailing whitespace and normalize EOL to canonical form - this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); - if (signature && !(signature instanceof Signature)) { - throw new Error('Invalid signature input'); - } - this.signature = signature || new Signature(new PacketList()); - } - - /** - * Returns the key IDs of the keys that signed the cleartext message - * @returns {Array} Array of keyID objects. - */ - getSigningKeyIDs() { - const keyIDs = []; - const signatureList = this.signature.packets; - signatureList.forEach(function(packet) { - keyIDs.push(packet.issuerKeyID); - }); - return keyIDs; - } - - /** - * Sign the cleartext message - * @param {Array} privateKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] - * @param {Date} [date] - The creation time of the signature that should be created - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New cleartext message with signed content. - * @async - */ - async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = new LiteralDataPacket(); - literalDataPacket.setText(this.text); - const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - return new CleartextMessage(this.text, newSignature); - } - - /** - * Verify signatures of cleartext signed message - * @param {Array} keys - Array of keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verify(keys, date = new Date(), config$1 = config) { - const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - const literalDataPacket = new LiteralDataPacket(); - // we assume that cleartext signature is generated based on UTF8 cleartext - literalDataPacket.setText(this.text); - return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); - } - - /** - * Get cleartext - * @returns {String} Cleartext of message. - */ - getText() { - // normalize end of line to \n - return this.text.replace(/\r\n/g, '\n'); - } - - /** - * Returns ASCII armored text of cleartext signed message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {String | ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - let hashes = this.signature.packets.map(function(packet) { - return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase(); - }); - hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; }); - const body = { - hash: hashes.join(), - text: this.text, - data: this.signature.packets.write() - }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config$1); - } -} - -/** - * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object - * @param {Object} options - * @param {String} options.cleartextMessage - Text to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New cleartext message object. - * @async - * @static - */ -async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!cleartextMessage) { - throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); - } - if (!util.isString(cleartextMessage)) { - throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - const input = await unarmor(cleartextMessage); - if (input.type !== enums.armor.signed) { - throw new Error('No cleartext signed message.'); - } - const packetlist = await PacketList.fromBinary(input.data, allowedPackets$5, config$1); - verifyHeaders$1(input.headers, packetlist); - const signature = new Signature(packetlist); - return new CleartextMessage(input.text, signature); -} - -/** - * Compare hash algorithm specified in the armor header with signatures - * @param {Array} headers - Armor headers - * @param {PacketList} packetlist - The packetlist with signature packets - * @private - */ -function verifyHeaders$1(headers, packetlist) { - const checkHashAlgos = function(hashAlgos) { - const check = packet => algo => packet.hashAlgorithm === algo; - - for (let i = 0; i < packetlist.length; i++) { - if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { - return false; - } - } - return true; - }; - - let oneHeader = null; - let hashAlgos = []; - headers.forEach(function(header) { - oneHeader = header.match(/^Hash: (.+)$/); // get header value - if (oneHeader) { - oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace - oneHeader = oneHeader.split(','); - oneHeader = oneHeader.map(function(hash) { - hash = hash.toLowerCase(); - try { - return enums.write(enums.hash, hash); - } catch (e) { - throw new Error('Unknown hash algorithm in armor header: ' + hash); - } - }); - hashAlgos = hashAlgos.concat(oneHeader); - } else { - throw new Error('Only "Hash" header allowed in cleartext signed message'); - } - }); - - if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { - throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); - } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { - throw new Error('Hash algorithm mismatch in armor header and signature'); - } -} - -/** - * Creates a new CleartextMessage object from text - * @param {Object} options - * @param {String} options.text - * @static - * @async - */ -async function createCleartextMessage({ text, ...rest }) { - if (!text) { - throw new Error('createCleartextMessage: must pass options object containing `text`'); - } - if (!util.isString(text)) { - throw new Error('createCleartextMessage: options.text must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - return new CleartextMessage(text); -} - -// OpenPGP.js - An OpenPGP implementation in javascript - - -////////////////////// -// // -// Key handling // -// // -////////////////////// - - -/** - * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. - * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. - * @param {Object} options - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys - * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: - * curve25519 (default), p256, p384, p521, secp256k1, - * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 - * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` - * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static - */ -async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key generation'); - } - if (type === 'rsa' && rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); - } - - const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; - - try { - const { key, revocationCertificate } = await generate$4(options, config$1); - key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); - - return { - privateKey: formatObject(key, format, config$1), - publicKey: formatObject(key.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error generating keypair', err); - } -} - -/** - * Reformats signature packets for a key and rewraps key object. - * @param {Object} options - * @param {PrivateKey} options.privateKey - Private key to reformat - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended - * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static - */ -async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key reformat'); - } - const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - - try { - const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); - - return { - privateKey: formatObject(reformattedKey, format, config$1), - publicKey: formatObject(reformattedKey.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error reformatting keypair', err); - } -} - -/** - * Revokes a key. Requires either a private key or a revocation certificate. - * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. - * @param {Object} options - * @param {Key} options.key - Public or private key to revoke - * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with - * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation - * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation - * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The revoked key in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or - * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise - * @async - * @static - */ -async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - try { - const revokedKey = revocationCertificate ? - await key.applyRevocationCertificate(revocationCertificate, date, config$1) : - await key.revoke(reasonForRevocation, date, config$1); - - return revokedKey.isPrivate() ? { - privateKey: formatObject(revokedKey, format, config$1), - publicKey: formatObject(revokedKey.toPublic(), format, config$1) - } : { - privateKey: null, - publicKey: formatObject(revokedKey, format, config$1) - }; - } catch (err) { - throw util.wrapError('Error revoking key', err); - } -} - -/** - * Unlock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to decrypt - * @param {String|Array} options.passphrase - The user's passphrase(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The unlocked key object. - * @async - */ -async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (!privateKey.isPrivate()) { - throw new Error('Cannot decrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); - const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; - - try { - await Promise.all(clonedPrivateKey.getKeys().map(key => ( - // try to decrypt each key with any of the given passphrases - util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) - ))); - - await clonedPrivateKey.validate(config$1); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error decrypting private key', err); - } -} - -/** - * Lock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to encrypt - * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The locked key object. - * @async - */ -async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (!privateKey.isPrivate()) { - throw new Error('Cannot encrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); - - const keys = clonedPrivateKey.getKeys(); - const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); - if (passphrases.length !== keys.length) { - throw new Error('Invalid number of passphrases given for key encryption'); - } - - try { - await Promise.all(keys.map(async (key, i) => { - const { keyPacket } = key; - await keyPacket.encrypt(passphrases[i], config$1); - keyPacket.clearPrivateParams(); - })); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error encrypting private key', err); - } -} - - -/////////////////////////////////////////// -// // -// Message encryption and decryption // -// // -/////////////////////////////////////////// - - -/** - * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` - * must be specified. If signing keys are specified, those will be used to sign the message. - * @param {Object} options - * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message - * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed - * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message - * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Signature} [options.signature] - A detached signature to add to the encrypted message - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` - * @param {Date} [options.date=current date] - Override the creation date of the message signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); signingKeys = toArray$1(signingKeys); passwords = toArray$1(passwords); - signingKeyIDs = toArray$1(signingKeyIDs); encryptionKeyIDs = toArray$1(encryptionKeyIDs); signingUserIDs = toArray$1(signingUserIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); signatureNotations = toArray$1(signatureNotations); - if (rest.detached) { - throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); - } - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (!signingKeys) { - signingKeys = []; - } - const streaming = message.fromStream; - try { - if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified - message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - message = message.compress( - await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config$1), - config$1 - ); - message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - if (format === 'object') return message; - // serialize data - const armor = format === 'armored'; - const data = armor ? message.armor(config$1) : message.write(); - return convertStream(data, streaming, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error encrypting message', err); - } -} - -/** - * Decrypts a message with the user's private key, a session key or a password. - * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). - * @param {Object} options - * @param {Message} options.message - The message object with the encrypted data - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key - * @param {String|String[]} [options.passwords] - Passwords to decrypt the message - * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } - * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing decrypted and verified message in the form: - * - * { - * data: MaybeStream, (if format was 'utf8', the default) - * data: MaybeStream, (if format was 'binary') - * filename: String, - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static - */ -async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); verificationKeys = toArray$1(verificationKeys); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); sessionKeys = toArray$1(sessionKeys); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - try { - const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); - if (!verificationKeys) { - verificationKeys = []; - } - - const result = {}; - result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); - result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); - result.filename = decrypted.getFilename(); - linkStreams(result, message); - if (expectSigned) { - if (verificationKeys.length === 0) { - throw new Error('Verification keys are required to verify message signatures'); - } - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); - } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); - } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error decrypting message', err); - } -} - - -////////////////////////////////////////// -// // -// Message signing and verification // -// // -////////////////////////////////////////// - - -/** - * Signs a message. - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed - * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [options.date=current date] - Override the creation date of the signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function sign$6({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); checkOutputMessageFormat(format); - signingKeys = toArray$1(signingKeys); signingKeyIDs = toArray$1(signingKeyIDs); signingUserIDs = toArray$1(signingUserIDs); signatureNotations = toArray$1(signatureNotations); - - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); - if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); - - if (!signingKeys || signingKeys.length === 0) { - throw new Error('No signing keys provided'); - } - - try { - let signature; - if (detached) { - signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } else { - signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - if (format === 'object') return signature; - - const armor = format === 'armored'; - signature = armor ? signature.armor(config$1) : signature.write(); - if (detached) { - signature = transformPair(message.packets.write(), async (readable, writable) => { - await Promise.all([ - pipe(signature, writable), - readToEnd(readable).catch(() => {}) - ]); - }); - } - return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error signing message', err); - } -} - -/** - * Verifies signatures of cleartext signed message - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures - * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing verified message in the form: - * - * { - * data: MaybeStream, (if `message` was a CleartextMessage) - * data: MaybeStream, (if `message` was a Message) - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static - */ -async function verify$6({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); verificationKeys = toArray$1(verificationKeys); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); - if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); - - try { - const result = {}; - if (signature) { - result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); - } else { - result.signatures = await message.verify(verificationKeys, date, config$1); - } - result.data = format === 'binary' ? message.getLiteralData() : message.getText(); - if (message.fromStream && !signature) linkStreams(result, message); - if (expectSigned) { - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); - } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); - } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error verifying signed message', err); - } -} - - -/////////////////////////////////////////////// -// // -// Session key encryption and decryption // -// // -/////////////////////////////////////////////// - -/** - * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. - * @param {Object} options - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} - * @param {Date} [options.date=current date] - Date to select algorithm preferences at - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. - * @async - * @static - */ -async function generateSessionKey$1({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - encryptionKeys = toArray$1(encryptionKeys); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - try { - const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error generating session key', err); - } -} - -/** - * Encrypt a symmetric session key with public keys, passwords, or both at once. - * At least one of `encryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) - * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' - * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key - * @param {String|String[]} [options.passwords] - Passwords for the message - * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [options.date=current date] - Override the date - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); passwords = toArray$1(passwords); encryptionKeyIDs = toArray$1(encryptionKeyIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { - throw new Error('No encryption keys or passwords provided.'); - } - - try { - const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - return formatObject(message, format, config$1); - } catch (err) { - throw util.wrapError('Error encrypting session key', err); - } -} - -/** - * Decrypt symmetric session keys using private keys or passwords (not both). - * One of `decryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Message} options.message - A message object containing the encrypted session key packets - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data - * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key - * @param {Date} [options.date] - Date to use for key verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: - * { data:Uint8Array, algorithm:String } - * @throws if no session key could be found or decrypted - * @async - * @static - */ -async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - try { - const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error decrypting session keys', err); - } -} - - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -/** - * Input validation - * @private - */ -function checkString(data, name) { - if (!util.isString(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type String'); - } -} -function checkBinary(data, name) { - if (!util.isUint8Array(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array'); - } -} -function checkMessage(message) { - if (!(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message'); - } -} -function checkCleartextOrMessage(message) { - if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); - } -} -function checkOutputMessageFormat(format) { - if (format !== 'armored' && format !== 'binary' && format !== 'object') { - throw new Error(`Unsupported format ${format}`); - } -} -const defaultConfigPropsCount = Object.keys(config).length; -function checkConfig(config$1) { - const inputConfigProps = Object.keys(config$1); - if (inputConfigProps.length !== defaultConfigPropsCount) { - for (const inputProp of inputConfigProps) { - if (config[inputProp] === undefined) { - throw new Error(`Unknown config property: ${inputProp}`); - } - } - } -} - -/** - * Normalize parameter to an array if it is not undefined. - * @param {Object} param - the parameter to be normalized - * @returns {Array|undefined} The resulting array or undefined. - * @private - */ -function toArray$1(param) { - if (param && !util.isArray(param)) { - param = [param]; - } - return param; -} - -/** - * Convert data to or from Stream - * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams - * @returns {Promise} The data in the respective format. - * @async - * @private - */ -async function convertStream(data, streaming, encoding = 'utf8') { - const streamType = util.isStream(data); - if (streamType === 'array') { - return readToEnd(data); - } - if (streaming === 'node') { - data = webToNode(data); - if (encoding !== 'binary') data.setEncoding(encoding); - return data; - } - if (streaming === 'web' && streamType === 'ponyfill') { - return toNativeReadable(data); - } - return data; -} - -/** - * Link result.data to the message stream for cancellation. - * Also, forward errors in the message to result.data. - * @param {Object} result - the data to convert - * @param {Message} message - message object - * @returns {Object} - * @private - */ -function linkStreams(result, message) { - result.data = transformPair(message.packets.stream, async (readable, writable) => { - await pipe(result.data, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - // Forward errors in the message stream to result.data. - await readToEnd(readable, _ => _); - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); -} - -/** - * Convert the object to the given format - * @param {Key|Message} object - * @param {'armored'|'binary'|'object'} format - * @param {Object} config - Full configuration - * @returns {String|Uint8Array|Object} - */ -function formatObject(object, format, config) { - switch (format) { - case 'object': - return object; - case 'armored': - return object.armor(config); - case 'binary': - return object.write(); - default: - throw new Error(`Unsupported format ${format}`); - } -} - -/** - * web-streams-polyfill v3.0.3 - */ -/// -const SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? - Symbol : - description => `Symbol(${description})`; - -/// -function noop() { - return undefined; -} -function getGlobals() { - if (typeof self !== 'undefined') { - return self; - } - else if (typeof window !== 'undefined') { - return window; - } - else if (typeof global !== 'undefined') { - return global; - } - return undefined; -} -const globals = getGlobals(); - -function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -const rethrowAssertionErrorRejection = noop; - -const originalPromise = Promise; -const originalPromiseThen = Promise.prototype.then; -const originalPromiseResolve = Promise.resolve.bind(originalPromise); -const originalPromiseReject = Promise.reject.bind(originalPromise); -function newPromise(executor) { - return new originalPromise(executor); -} -function promiseResolvedWith(value) { - return originalPromiseResolve(value); -} -function promiseRejectedWith(reason) { - return originalPromiseReject(reason); -} -function PerformPromiseThen(promise, onFulfilled, onRejected) { - // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an - // approximation. - return originalPromiseThen.call(promise, onFulfilled, onRejected); -} -function uponPromise(promise, onFulfilled, onRejected) { - PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection); -} -function uponFulfillment(promise, onFulfilled) { - uponPromise(promise, onFulfilled); -} -function uponRejection(promise, onRejected) { - uponPromise(promise, undefined, onRejected); -} -function transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) { - return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler); -} -function setPromiseIsHandledToTrue(promise) { - PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection); -} -const queueMicrotask = (() => { - const globalQueueMicrotask = globals && globals.queueMicrotask; - if (typeof globalQueueMicrotask === 'function') { - return globalQueueMicrotask; - } - const resolvedPromise = promiseResolvedWith(undefined); - return (fn) => PerformPromiseThen(resolvedPromise, fn); -})(); -function reflectCall(F, V, args) { - if (typeof F !== 'function') { - throw new TypeError('Argument is not a function'); - } - return Function.prototype.apply.call(F, V, args); -} -function promiseCall(F, V, args) { - try { - return promiseResolvedWith(reflectCall(F, V, args)); - } - catch (value) { - return promiseRejectedWith(value); - } -} - -// Original from Chromium -// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js -const QUEUE_MAX_ARRAY_SIZE = 16384; -/** - * Simple queue structure. - * - * Avoids scalability issues with using a packed array directly by using - * multiple arrays in a linked list and keeping the array size bounded. - */ -class SimpleQueue { - constructor() { - this._cursor = 0; - this._size = 0; - // _front and _back are always defined. - this._front = { - _elements: [], - _next: undefined - }; - this._back = this._front; - // The cursor is used to avoid calling Array.shift(). - // It contains the index of the front element of the array inside the - // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE). - this._cursor = 0; - // When there is only one node, size === elements.length - cursor. - this._size = 0; - } - get length() { - return this._size; - } - // For exception safety, this method is structured in order: - // 1. Read state - // 2. Calculate required state mutations - // 3. Perform state mutations - push(element) { - const oldBack = this._back; - let newBack = oldBack; - if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) { - newBack = { - _elements: [], - _next: undefined - }; - } - // push() is the mutation most likely to throw an exception, so it - // goes first. - oldBack._elements.push(element); - if (newBack !== oldBack) { - this._back = newBack; - oldBack._next = newBack; - } - ++this._size; - } - // Like push(), shift() follows the read -> calculate -> mutate pattern for - // exception safety. - shift() { // must not be called on an empty queue - const oldFront = this._front; - let newFront = oldFront; - const oldCursor = this._cursor; - let newCursor = oldCursor + 1; - const elements = oldFront._elements; - const element = elements[oldCursor]; - if (newCursor === QUEUE_MAX_ARRAY_SIZE) { - newFront = oldFront._next; - newCursor = 0; - } - // No mutations before this point. - --this._size; - this._cursor = newCursor; - if (oldFront !== newFront) { - this._front = newFront; - } - // Permit shifted element to be garbage collected. - elements[oldCursor] = undefined; - return element; - } - // The tricky thing about forEach() is that it can be called - // re-entrantly. The queue may be mutated inside the callback. It is easy to - // see that push() within the callback has no negative effects since the end - // of the queue is checked for on every iteration. If shift() is called - // repeatedly within the callback then the next iteration may return an - // element that has been removed. In this case the callback will be called - // with undefined values until we either "catch up" with elements that still - // exist or reach the back of the queue. - forEach(callback) { - let i = this._cursor; - let node = this._front; - let elements = node._elements; - while (i !== elements.length || node._next !== undefined) { - if (i === elements.length) { - node = node._next; - elements = node._elements; - i = 0; - if (elements.length === 0) { - break; - } - } - callback(elements[i]); - ++i; - } - } - // Return the element that would be returned if shift() was called now, - // without modifying the queue. - peek() { // must not be called on an empty queue - const front = this._front; - const cursor = this._cursor; - return front._elements[cursor]; - } -} - -function ReadableStreamReaderGenericInitialize(reader, stream) { - reader._ownerReadableStream = stream; - stream._reader = reader; - if (stream._state === 'readable') { - defaultReaderClosedPromiseInitialize(reader); - } - else if (stream._state === 'closed') { - defaultReaderClosedPromiseInitializeAsResolved(reader); - } - else { - defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError); - } -} -// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state -// check. -function ReadableStreamReaderGenericCancel(reader, reason) { - const stream = reader._ownerReadableStream; - return ReadableStreamCancel(stream, reason); -} -function ReadableStreamReaderGenericRelease(reader) { - if (reader._ownerReadableStream._state === 'readable') { - defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - else { - defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - reader._ownerReadableStream._reader = undefined; - reader._ownerReadableStream = undefined; -} -// Helper functions for the readers. -function readerLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released reader'); -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderClosedPromiseInitialize(reader) { - reader._closedPromise = newPromise((resolve, reject) => { - reader._closedPromise_resolve = resolve; - reader._closedPromise_reject = reject; - }); -} -function defaultReaderClosedPromiseInitializeAsRejected(reader, reason) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseReject(reader, reason); -} -function defaultReaderClosedPromiseInitializeAsResolved(reader) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseResolve(reader); -} -function defaultReaderClosedPromiseReject(reader, reason) { - if (reader._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(reader._closedPromise); - reader._closedPromise_reject(reason); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -function defaultReaderClosedPromiseResetToRejected(reader, reason) { - defaultReaderClosedPromiseInitializeAsRejected(reader, reason); -} -function defaultReaderClosedPromiseResolve(reader) { - if (reader._closedPromise_resolve === undefined) { - return; - } - reader._closedPromise_resolve(undefined); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} - -const AbortSteps = SymbolPolyfill('[[AbortSteps]]'); -const ErrorSteps = SymbolPolyfill('[[ErrorSteps]]'); -const CancelSteps = SymbolPolyfill('[[CancelSteps]]'); -const PullSteps = SymbolPolyfill('[[PullSteps]]'); - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill -const NumberIsFinite = Number.isFinite || function (x) { - return typeof x === 'number' && isFinite(x); -}; - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill -const MathTrunc = Math.trunc || function (v) { - return v < 0 ? Math.ceil(v) : Math.floor(v); -}; - -// https://heycam.github.io/webidl/#idl-dictionaries -function isDictionary(x) { - return typeof x === 'object' || typeof x === 'function'; -} -function assertDictionary(obj, context) { - if (obj !== undefined && !isDictionary(obj)) { - throw new TypeError(`${context} is not an object.`); - } -} -// https://heycam.github.io/webidl/#idl-callback-functions -function assertFunction(x, context) { - if (typeof x !== 'function') { - throw new TypeError(`${context} is not a function.`); - } -} -// https://heycam.github.io/webidl/#idl-object -function isObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -function assertObject(x, context) { - if (!isObject(x)) { - throw new TypeError(`${context} is not an object.`); - } -} -function assertRequiredArgument(x, position, context) { - if (x === undefined) { - throw new TypeError(`Parameter ${position} is required in '${context}'.`); - } -} -function assertRequiredField(x, field, context) { - if (x === undefined) { - throw new TypeError(`${field} is required in '${context}'.`); - } -} -// https://heycam.github.io/webidl/#idl-unrestricted-double -function convertUnrestrictedDouble(value) { - return Number(value); -} -function censorNegativeZero(x) { - return x === 0 ? 0 : x; -} -function integerPart(x) { - return censorNegativeZero(MathTrunc(x)); -} -// https://heycam.github.io/webidl/#idl-unsigned-long-long -function convertUnsignedLongLongWithEnforceRange(value, context) { - const lowerBound = 0; - const upperBound = Number.MAX_SAFE_INTEGER; - let x = Number(value); - x = censorNegativeZero(x); - if (!NumberIsFinite(x)) { - throw new TypeError(`${context} is not a finite number`); - } - x = integerPart(x); - if (x < lowerBound || x > upperBound) { - throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`); - } - if (!NumberIsFinite(x) || x === 0) { - return 0; - } - // TODO Use BigInt if supported? - // let xBigInt = BigInt(integerPart(x)); - // xBigInt = BigInt.asUintN(64, xBigInt); - // return Number(xBigInt); - return x; -} - -function assertReadableStream(x, context) { - if (!IsReadableStream(x)) { - throw new TypeError(`${context} is not a ReadableStream.`); - } -} - -// Abstract operations for the ReadableStream. -function AcquireReadableStreamDefaultReader(stream) { - return new ReadableStreamDefaultReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadRequest(stream, readRequest) { - stream._reader._readRequests.push(readRequest); -} -function ReadableStreamFulfillReadRequest(stream, chunk, done) { - const reader = stream._reader; - const readRequest = reader._readRequests.shift(); - if (done) { - readRequest._closeSteps(); - } - else { - readRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadRequests(stream) { - return stream._reader._readRequests.length; -} -function ReadableStreamHasDefaultReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamDefaultReader(reader)) { - return false; - } - return true; -} -/** - * A default reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamDefaultReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, - * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } - /** - * Returns a promise that allows access to the next chunk from the stream's internal queue, if available. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('read')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: () => resolvePromise({ value: undefined, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamDefaultReaderRead(this, readRequest); - return promise; - } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamDefaultReader(this)) { - throw defaultReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamDefaultReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamDefaultReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) { - return false; - } - return true; -} -function ReadableStreamDefaultReaderRead(reader, readRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'closed') { - readRequest._closeSteps(); - } - else if (stream._state === 'errored') { - readRequest._errorSteps(stream._storedError); - } - else { - stream._readableStreamController[PullSteps](readRequest); - } -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`); -} - -/// -let AsyncIteratorPrototype; -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - // We're running inside a ES2018+ environment, but we're compiling to an older syntax. - // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it. - AsyncIteratorPrototype = { - // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( ) - // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator - [SymbolPolyfill.asyncIterator]() { - return this; - } - }; - Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false }); -} - -/// -class ReadableStreamAsyncIteratorImpl { - constructor(reader, preventCancel) { - this._ongoingPromise = undefined; - this._isFinished = false; - this._reader = reader; - this._preventCancel = preventCancel; - } - next() { - const nextSteps = () => this._nextSteps(); - this._ongoingPromise = this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) : - nextSteps(); - return this._ongoingPromise; - } - return(value) { - const returnSteps = () => this._returnSteps(value); - return this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) : - returnSteps(); - } - _nextSteps() { - if (this._isFinished) { - return Promise.resolve({ value: undefined, done: true }); - } - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('iterate')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => { - this._ongoingPromise = undefined; - // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test. - // FIXME Is this a bug in the specification, or in the test? - queueMicrotask(() => resolvePromise({ value: chunk, done: false })); - }, - _closeSteps: () => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - resolvePromise({ value: undefined, done: true }); - }, - _errorSteps: reason => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - rejectPromise(reason); - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promise; - } - _returnSteps(value) { - if (this._isFinished) { - return Promise.resolve({ value, done: true }); - } - this._isFinished = true; - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('finish iterating')); - } - if (!this._preventCancel) { - const result = ReadableStreamReaderGenericCancel(reader, value); - ReadableStreamReaderGenericRelease(reader); - return transformPromiseWith(result, () => ({ value, done: true })); - } - ReadableStreamReaderGenericRelease(reader); - return promiseResolvedWith({ value, done: true }); - } -} -const ReadableStreamAsyncIteratorPrototype = { - next() { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next')); - } - return this._asyncIteratorImpl.next(); - }, - return(value) { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return')); - } - return this._asyncIteratorImpl.return(value); - } -}; -if (AsyncIteratorPrototype !== undefined) { - Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype); -} -// Abstract operations for the ReadableStream. -function AcquireReadableStreamAsyncIterator(stream, preventCancel) { - const reader = AcquireReadableStreamDefaultReader(stream); - const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel); - const iterator = Object.create(ReadableStreamAsyncIteratorPrototype); - iterator._asyncIteratorImpl = impl; - return iterator; -} -function IsReadableStreamAsyncIterator(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) { - return false; - } - return true; -} -// Helper functions for the ReadableStream. -function streamAsyncIteratorBrandCheckException(name) { - return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`); -} - -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill -const NumberIsNaN = Number.isNaN || function (x) { - // eslint-disable-next-line no-self-compare - return x !== x; -}; - -function IsFiniteNonNegativeNumber(v) { - if (!IsNonNegativeNumber(v)) { - return false; - } - if (v === Infinity) { - return false; - } - return true; -} -function IsNonNegativeNumber(v) { - if (typeof v !== 'number') { - return false; - } - if (NumberIsNaN(v)) { - return false; - } - if (v < 0) { - return false; - } - return true; -} - -function DequeueValue(container) { - const pair = container._queue.shift(); - container._queueTotalSize -= pair.size; - if (container._queueTotalSize < 0) { - container._queueTotalSize = 0; - } - return pair.value; -} -function EnqueueValueWithSize(container, value, size) { - size = Number(size); - if (!IsFiniteNonNegativeNumber(size)) { - throw new RangeError('Size must be a finite, non-NaN, non-negative number.'); - } - container._queue.push({ value, size }); - container._queueTotalSize += size; -} -function PeekQueueValue(container) { - const pair = container._queue.peek(); - return pair.value; -} -function ResetQueue(container) { - container._queue = new SimpleQueue(); - container._queueTotalSize = 0; -} - -function CreateArrayFromList(elements) { - // We use arrays to represent lists, so this is basically a no-op. - // Do a slice though just in case we happen to depend on the unique-ness. - return elements.slice(); -} -function CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) { - new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset); -} -// Not implemented correctly -function TransferArrayBuffer(O) { - return O; -} -// Not implemented correctly -function IsDetachedBuffer(O) { - return false; -} - -/** - * A pull-into request in a {@link ReadableByteStreamController}. - * - * @public - */ -class ReadableStreamBYOBRequest { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the view for writing in to, or `null` if the BYOB request has already been responded to. - */ - get view() { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('view'); - } - return this._view; - } - respond(bytesWritten) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respond'); - } - assertRequiredArgument(bytesWritten, 1, 'respond'); - bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter'); - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - if (IsDetachedBuffer(this._view.buffer)) ; - ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten); - } - respondWithNewView(view) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respondWithNewView'); - } - assertRequiredArgument(view, 1, 'respondWithNewView'); - if (!ArrayBuffer.isView(view)) { - throw new TypeError('You can only respond with array buffer views'); - } - if (view.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (view.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view); - } -} -Object.defineProperties(ReadableStreamBYOBRequest.prototype, { - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, - view: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBRequest', - configurable: true - }); -} -/** - * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue. - * - * @public - */ -class ReadableByteStreamController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the current BYOB pull request, or `null` if there isn't one. - */ - get byobRequest() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('byobRequest'); - } - if (this._byobRequest === null && this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled); - const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype); - SetUpReadableStreamBYOBRequest(byobRequest, this, view); - this._byobRequest = byobRequest; - } - return this._byobRequest; - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('desiredSize'); - } - return ReadableByteStreamControllerGetDesiredSize(this); - } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('close'); - } - if (this._closeRequested) { - throw new TypeError('The stream has already been closed; do not close it again!'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`); - } - ReadableByteStreamControllerClose(this); - } - enqueue(chunk) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('enqueue'); - } - assertRequiredArgument(chunk, 1, 'enqueue'); - if (!ArrayBuffer.isView(chunk)) { - throw new TypeError('chunk must be an array buffer view'); - } - if (chunk.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (chunk.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._closeRequested) { - throw new TypeError('stream is closed or draining'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`); - } - ReadableByteStreamControllerEnqueue(this, chunk); - } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('error'); - } - ReadableByteStreamControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - if (this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - firstDescriptor.bytesFilled = 0; - } - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableByteStreamControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableByteStream; - if (this._queueTotalSize > 0) { - const entry = this._queue.shift(); - this._queueTotalSize -= entry.byteLength; - ReadableByteStreamControllerHandleQueueDrain(this); - const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength); - readRequest._chunkSteps(view); - return; - } - const autoAllocateChunkSize = this._autoAllocateChunkSize; - if (autoAllocateChunkSize !== undefined) { - let buffer; - try { - buffer = new ArrayBuffer(autoAllocateChunkSize); - } - catch (bufferE) { - readRequest._errorSteps(bufferE); - return; - } - const pullIntoDescriptor = { - buffer, - byteOffset: 0, - byteLength: autoAllocateChunkSize, - bytesFilled: 0, - elementSize: 1, - viewConstructor: Uint8Array, - readerType: 'default' - }; - this._pendingPullIntos.push(pullIntoDescriptor); - } - ReadableStreamAddReadRequest(stream, readRequest); - ReadableByteStreamControllerCallPullIfNeeded(this); - } -} -Object.defineProperties(ReadableByteStreamController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableByteStreamController', - configurable: true - }); -} -// Abstract operations for the ReadableByteStreamController. -function IsReadableByteStreamController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) { - return false; - } - return true; -} -function IsReadableStreamBYOBRequest(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) { - return false; - } - return true; -} -function ReadableByteStreamControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableByteStreamControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - // TODO: Test controller argument - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableByteStreamControllerError(controller, e); - }); -} -function ReadableByteStreamControllerClearPendingPullIntos(controller) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - controller._pendingPullIntos = new SimpleQueue(); -} -function ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) { - let done = false; - if (stream._state === 'closed') { - done = true; - } - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - if (pullIntoDescriptor.readerType === 'default') { - ReadableStreamFulfillReadRequest(stream, filledView, done); - } - else { - ReadableStreamFulfillReadIntoRequest(stream, filledView, done); - } -} -function ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) { - const bytesFilled = pullIntoDescriptor.bytesFilled; - const elementSize = pullIntoDescriptor.elementSize; - return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize); -} -function ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) { - controller._queue.push({ buffer, byteOffset, byteLength }); - controller._queueTotalSize += byteLength; -} -function ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) { - const elementSize = pullIntoDescriptor.elementSize; - const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize; - const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled); - const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy; - const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize; - let totalBytesToCopyRemaining = maxBytesToCopy; - let ready = false; - if (maxAlignedBytes > currentAlignedBytes) { - totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled; - ready = true; - } - const queue = controller._queue; - while (totalBytesToCopyRemaining > 0) { - const headOfQueue = queue.peek(); - const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength); - const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy); - if (headOfQueue.byteLength === bytesToCopy) { - queue.shift(); - } - else { - headOfQueue.byteOffset += bytesToCopy; - headOfQueue.byteLength -= bytesToCopy; - } - controller._queueTotalSize -= bytesToCopy; - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor); - totalBytesToCopyRemaining -= bytesToCopy; - } - return ready; -} -function ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - pullIntoDescriptor.bytesFilled += size; -} -function ReadableByteStreamControllerHandleQueueDrain(controller) { - if (controller._queueTotalSize === 0 && controller._closeRequested) { - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(controller._controlledReadableByteStream); - } - else { - ReadableByteStreamControllerCallPullIfNeeded(controller); - } -} -function ReadableByteStreamControllerInvalidateBYOBRequest(controller) { - if (controller._byobRequest === null) { - return; - } - controller._byobRequest._associatedReadableByteStreamController = undefined; - controller._byobRequest._view = null; - controller._byobRequest = null; -} -function ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) { - while (controller._pendingPullIntos.length > 0) { - if (controller._queueTotalSize === 0) { - return; - } - const pullIntoDescriptor = controller._pendingPullIntos.peek(); - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) { - const stream = controller._controlledReadableByteStream; - let elementSize = 1; - if (view.constructor !== DataView) { - elementSize = view.constructor.BYTES_PER_ELEMENT; - } - const ctor = view.constructor; - const buffer = TransferArrayBuffer(view.buffer); - const pullIntoDescriptor = { - buffer, - byteOffset: view.byteOffset, - byteLength: view.byteLength, - bytesFilled: 0, - elementSize, - viewConstructor: ctor, - readerType: 'byob' - }; - if (controller._pendingPullIntos.length > 0) { - controller._pendingPullIntos.push(pullIntoDescriptor); - // No ReadableByteStreamControllerCallPullIfNeeded() call since: - // - No change happens on desiredSize - // - The source has already been notified of that there's at least 1 pending read(view) - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - return; - } - if (stream._state === 'closed') { - const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0); - readIntoRequest._closeSteps(emptyView); - return; - } - if (controller._queueTotalSize > 0) { - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - ReadableByteStreamControllerHandleQueueDrain(controller); - readIntoRequest._chunkSteps(filledView); - return; - } - if (controller._closeRequested) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - readIntoRequest._errorSteps(e); - return; - } - } - controller._pendingPullIntos.push(pullIntoDescriptor); - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) { - firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer); - const stream = controller._controlledReadableByteStream; - if (ReadableStreamHasBYOBReader(stream)) { - while (ReadableStreamGetNumReadIntoRequests(stream) > 0) { - const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) { - if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) { - throw new RangeError('bytesWritten out of range'); - } - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor); - if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) { - // TODO: Figure out whether we should detach the buffer or not here. - return; - } - ReadableByteStreamControllerShiftPendingPullInto(controller); - const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize; - if (remainderSize > 0) { - const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end); - ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength); - } - pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer); - pullIntoDescriptor.bytesFilled -= remainderSize; - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); -} -function ReadableByteStreamControllerRespondInternal(controller, bytesWritten) { - const firstDescriptor = controller._pendingPullIntos.peek(); - const state = controller._controlledReadableByteStream._state; - if (state === 'closed') { - if (bytesWritten !== 0) { - throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream'); - } - ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor); - } - else { - ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerShiftPendingPullInto(controller) { - const descriptor = controller._pendingPullIntos.shift(); - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - return descriptor; -} -function ReadableByteStreamControllerShouldCallPull(controller) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return false; - } - if (controller._closeRequested) { - return false; - } - if (!controller._started) { - return false; - } - if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; - } - return false; -} -function ReadableByteStreamControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; -} -// A client of ReadableByteStreamController may use these functions directly to bypass state check. -function ReadableByteStreamControllerClose(controller) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; - } - if (controller._queueTotalSize > 0) { - controller._closeRequested = true; - return; - } - if (controller._pendingPullIntos.length > 0) { - const firstPendingPullInto = controller._pendingPullIntos.peek(); - if (firstPendingPullInto.bytesFilled > 0) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - throw e; - } - } - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(stream); -} -function ReadableByteStreamControllerEnqueue(controller, chunk) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; - } - const buffer = chunk.buffer; - const byteOffset = chunk.byteOffset; - const byteLength = chunk.byteLength; - const transferredBuffer = TransferArrayBuffer(buffer); - if (ReadableStreamHasDefaultReader(stream)) { - if (ReadableStreamGetNumReadRequests(stream) === 0) { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - else { - const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength); - ReadableStreamFulfillReadRequest(stream, transferredView, false); - } - } - else if (ReadableStreamHasBYOBReader(stream)) { - // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully. - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); - } - else { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerError(controller, e) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return; - } - ReadableByteStreamControllerClearPendingPullIntos(controller); - ResetQueue(controller); - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableByteStreamControllerGetDesiredSize(controller) { - const state = controller._controlledReadableByteStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -function ReadableByteStreamControllerRespond(controller, bytesWritten) { - bytesWritten = Number(bytesWritten); - if (!IsFiniteNonNegativeNumber(bytesWritten)) { - throw new RangeError('bytesWritten must be a finite'); - } - ReadableByteStreamControllerRespondInternal(controller, bytesWritten); -} -function ReadableByteStreamControllerRespondWithNewView(controller, view) { - const firstDescriptor = controller._pendingPullIntos.peek(); - if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) { - throw new RangeError('The region specified by view does not match byobRequest'); - } - if (firstDescriptor.byteLength !== view.byteLength) { - throw new RangeError('The buffer of view has different capacity than byobRequest'); - } - firstDescriptor.buffer = view.buffer; - ReadableByteStreamControllerRespondInternal(controller, view.byteLength); -} -function SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) { - controller._controlledReadableByteStream = stream; - controller._pullAgain = false; - controller._pulling = false; - controller._byobRequest = null; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._closeRequested = false; - controller._started = false; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - controller._autoAllocateChunkSize = autoAllocateChunkSize; - controller._pendingPullIntos = new SimpleQueue(); - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableByteStreamControllerCallPullIfNeeded(controller); - }, r => { - ReadableByteStreamControllerError(controller, r); - }); -} -function SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) { - const controller = Object.create(ReadableByteStreamController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingByteSource.start !== undefined) { - startAlgorithm = () => underlyingByteSource.start(controller); - } - if (underlyingByteSource.pull !== undefined) { - pullAlgorithm = () => underlyingByteSource.pull(controller); - } - if (underlyingByteSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingByteSource.cancel(reason); - } - const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize; - if (autoAllocateChunkSize === 0) { - throw new TypeError('autoAllocateChunkSize must be greater than 0'); - } - SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize); -} -function SetUpReadableStreamBYOBRequest(request, controller, view) { - request._associatedReadableByteStreamController = controller; - request._view = view; -} -// Helper functions for the ReadableStreamBYOBRequest. -function byobRequestBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`); -} -// Helper functions for the ReadableByteStreamController. -function byteStreamControllerBrandCheckException(name) { - return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`); -} - -// Abstract operations for the ReadableStream. -function AcquireReadableStreamBYOBReader(stream) { - return new ReadableStreamBYOBReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadIntoRequest(stream, readIntoRequest) { - stream._reader._readIntoRequests.push(readIntoRequest); -} -function ReadableStreamFulfillReadIntoRequest(stream, chunk, done) { - const reader = stream._reader; - const readIntoRequest = reader._readIntoRequests.shift(); - if (done) { - readIntoRequest._closeSteps(chunk); - } - else { - readIntoRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadIntoRequests(stream) { - return stream._reader._readIntoRequests.length; -} -function ReadableStreamHasBYOBReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamBYOBReader(reader)) { - return false; - } - return true; -} -/** - * A BYOB reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamBYOBReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - if (!IsReadableByteStreamController(stream._readableStreamController)) { - throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' + - 'source'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readIntoRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } - /** - * Attempts to reads bytes into view, and returns a promise resolved with the result. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read(view) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('read')); - } - if (!ArrayBuffer.isView(view)) { - return promiseRejectedWith(new TypeError('view must be an array buffer view')); - } - if (view.byteLength === 0) { - return promiseRejectedWith(new TypeError('view must have non-zero byteLength')); - } - if (view.buffer.byteLength === 0) { - return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`)); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readIntoRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: chunk => resolvePromise({ value: chunk, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamBYOBReaderRead(this, view, readIntoRequest); - return promise; - } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamBYOBReader(this)) { - throw byobReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readIntoRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamBYOBReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamBYOBReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) { - return false; - } - return true; -} -function ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'errored') { - readIntoRequest._errorSteps(stream._storedError); - } - else { - ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest); - } -} -// Helper functions for the ReadableStreamBYOBReader. -function byobReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`); -} - -function ExtractHighWaterMark(strategy, defaultHWM) { - const { highWaterMark } = strategy; - if (highWaterMark === undefined) { - return defaultHWM; - } - if (NumberIsNaN(highWaterMark) || highWaterMark < 0) { - throw new RangeError('Invalid highWaterMark'); - } - return highWaterMark; -} -function ExtractSizeAlgorithm(strategy) { - const { size } = strategy; - if (!size) { - return () => 1; - } - return size; -} - -function convertQueuingStrategy(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - const size = init === null || init === void 0 ? void 0 : init.size; - return { - highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark), - size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`) - }; -} -function convertQueuingStrategySize(fn, context) { - assertFunction(fn, context); - return chunk => convertUnrestrictedDouble(fn(chunk)); -} - -function convertUnderlyingSink(original, context) { - assertDictionary(original, context); - const abort = original === null || original === void 0 ? void 0 : original.abort; - const close = original === null || original === void 0 ? void 0 : original.close; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - const write = original === null || original === void 0 ? void 0 : original.write; - return { - abort: abort === undefined ? - undefined : - convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`), - close: close === undefined ? - undefined : - convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`), - start: start === undefined ? - undefined : - convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`), - write: write === undefined ? - undefined : - convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`), - type - }; -} -function convertUnderlyingSinkAbortCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSinkCloseCallback(fn, original, context) { - assertFunction(fn, context); - return () => promiseCall(fn, original, []); -} -function convertUnderlyingSinkStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertUnderlyingSinkWriteCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} - -function assertWritableStream(x, context) { - if (!IsWritableStream(x)) { - throw new TypeError(`${context} is not a WritableStream.`); - } -} - -/** - * A writable stream represents a destination for data, into which you can write. - * - * @public - */ -class WritableStream$1 { - constructor(rawUnderlyingSink = {}, rawStrategy = {}) { - if (rawUnderlyingSink === undefined) { - rawUnderlyingSink = null; - } - else { - assertObject(rawUnderlyingSink, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter'); - InitializeWritableStream(this); - const type = underlyingSink.type; - if (type !== undefined) { - throw new RangeError('Invalid type is specified'); - } - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm); - } - /** - * Returns whether or not the writable stream is locked to a writer. - */ - get locked() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('locked'); - } - return IsWritableStreamLocked(this); - } - /** - * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be - * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort - * mechanism of the underlying sink. - * - * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled - * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel - * the stream) if the stream is currently locked. - */ - abort(reason = undefined) { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('abort')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer')); - } - return WritableStreamAbort(this, reason); - } - /** - * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its - * close behavior. During this time any further attempts to write will fail (without erroring the stream). - * - * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream - * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with - * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked. - */ - close() { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('close')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer')); - } - if (WritableStreamCloseQueuedOrInFlight(this)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamClose(this); - } - /** - * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream - * is locked, no other writer can be acquired until this one is released. - * - * This functionality is especially useful for creating abstractions that desire the ability to write to a stream - * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at - * the same time, which would cause the resulting written data to be unpredictable and probably useless. - */ - getWriter() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('getWriter'); - } - return AcquireWritableStreamDefaultWriter(this); - } -} -Object.defineProperties(WritableStream$1.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStream', - configurable: true - }); -} -// Abstract operations for the WritableStream. -function AcquireWritableStreamDefaultWriter(stream) { - return new WritableStreamDefaultWriter(stream); -} -// Throws if and only if startAlgorithm throws. -function CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(WritableStream$1.prototype); - InitializeWritableStream(stream); - const controller = Object.create(WritableStreamDefaultController.prototype); - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeWritableStream(stream) { - stream._state = 'writable'; - // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is - // 'erroring' or 'errored'. May be set to an undefined value. - stream._storedError = undefined; - stream._writer = undefined; - // Initialize to undefined first because the constructor of the controller checks this - // variable to validate the caller. - stream._writableStreamController = undefined; - // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data - // producer without waiting for the queued writes to finish. - stream._writeRequests = new SimpleQueue(); - // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents - // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here. - stream._inFlightWriteRequest = undefined; - // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer - // has been detached. - stream._closeRequest = undefined; - // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it - // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here. - stream._inFlightCloseRequest = undefined; - // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached. - stream._pendingAbortRequest = undefined; - // The backpressure signal set by the controller. - stream._backpressure = false; -} -function IsWritableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) { - return false; - } - return true; -} -function IsWritableStreamLocked(stream) { - if (stream._writer === undefined) { - return false; - } - return true; -} -function WritableStreamAbort(stream, reason) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseResolvedWith(undefined); - } - if (stream._pendingAbortRequest !== undefined) { - return stream._pendingAbortRequest._promise; - } - let wasAlreadyErroring = false; - if (state === 'erroring') { - wasAlreadyErroring = true; - // reason will not be used, so don't keep a reference to it. - reason = undefined; - } - const promise = newPromise((resolve, reject) => { - stream._pendingAbortRequest = { - _promise: undefined, - _resolve: resolve, - _reject: reject, - _reason: reason, - _wasAlreadyErroring: wasAlreadyErroring - }; - }); - stream._pendingAbortRequest._promise = promise; - if (!wasAlreadyErroring) { - WritableStreamStartErroring(stream, reason); - } - return promise; -} -function WritableStreamClose(stream) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`)); - } - const promise = newPromise((resolve, reject) => { - const closeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._closeRequest = closeRequest; - }); - const writer = stream._writer; - if (writer !== undefined && stream._backpressure && state === 'writable') { - defaultWriterReadyPromiseResolve(writer); - } - WritableStreamDefaultControllerClose(stream._writableStreamController); - return promise; -} -// WritableStream API exposed for controllers. -function WritableStreamAddWriteRequest(stream) { - const promise = newPromise((resolve, reject) => { - const writeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._writeRequests.push(writeRequest); - }); - return promise; -} -function WritableStreamDealWithRejection(stream, error) { - const state = stream._state; - if (state === 'writable') { - WritableStreamStartErroring(stream, error); - return; - } - WritableStreamFinishErroring(stream); -} -function WritableStreamStartErroring(stream, reason) { - const controller = stream._writableStreamController; - stream._state = 'erroring'; - stream._storedError = reason; - const writer = stream._writer; - if (writer !== undefined) { - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason); - } - if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) { - WritableStreamFinishErroring(stream); - } -} -function WritableStreamFinishErroring(stream) { - stream._state = 'errored'; - stream._writableStreamController[ErrorSteps](); - const storedError = stream._storedError; - stream._writeRequests.forEach(writeRequest => { - writeRequest._reject(storedError); - }); - stream._writeRequests = new SimpleQueue(); - if (stream._pendingAbortRequest === undefined) { - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const abortRequest = stream._pendingAbortRequest; - stream._pendingAbortRequest = undefined; - if (abortRequest._wasAlreadyErroring) { - abortRequest._reject(storedError); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const promise = stream._writableStreamController[AbortSteps](abortRequest._reason); - uponPromise(promise, () => { - abortRequest._resolve(); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }, (reason) => { - abortRequest._reject(reason); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }); -} -function WritableStreamFinishInFlightWrite(stream) { - stream._inFlightWriteRequest._resolve(undefined); - stream._inFlightWriteRequest = undefined; -} -function WritableStreamFinishInFlightWriteWithError(stream, error) { - stream._inFlightWriteRequest._reject(error); - stream._inFlightWriteRequest = undefined; - WritableStreamDealWithRejection(stream, error); -} -function WritableStreamFinishInFlightClose(stream) { - stream._inFlightCloseRequest._resolve(undefined); - stream._inFlightCloseRequest = undefined; - const state = stream._state; - if (state === 'erroring') { - // The error was too late to do anything, so it is ignored. - stream._storedError = undefined; - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._resolve(); - stream._pendingAbortRequest = undefined; - } - } - stream._state = 'closed'; - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseResolve(writer); - } -} -function WritableStreamFinishInFlightCloseWithError(stream, error) { - stream._inFlightCloseRequest._reject(error); - stream._inFlightCloseRequest = undefined; - // Never execute sink abort() after sink close(). - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._reject(error); - stream._pendingAbortRequest = undefined; - } - WritableStreamDealWithRejection(stream, error); -} -// TODO(ricea): Fix alphabetical order. -function WritableStreamCloseQueuedOrInFlight(stream) { - if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamHasOperationMarkedInFlight(stream) { - if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamMarkCloseRequestInFlight(stream) { - stream._inFlightCloseRequest = stream._closeRequest; - stream._closeRequest = undefined; -} -function WritableStreamMarkFirstWriteRequestInFlight(stream) { - stream._inFlightWriteRequest = stream._writeRequests.shift(); -} -function WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) { - if (stream._closeRequest !== undefined) { - stream._closeRequest._reject(stream._storedError); - stream._closeRequest = undefined; - } - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseReject(writer, stream._storedError); - } -} -function WritableStreamUpdateBackpressure(stream, backpressure) { - const writer = stream._writer; - if (writer !== undefined && backpressure !== stream._backpressure) { - if (backpressure) { - defaultWriterReadyPromiseReset(writer); - } - else { - defaultWriterReadyPromiseResolve(writer); - } - } - stream._backpressure = backpressure; -} -/** - * A default writer vended by a {@link WritableStream}. - * - * @public - */ -class WritableStreamDefaultWriter { - constructor(stream) { - assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter'); - assertWritableStream(stream, 'First parameter'); - if (IsWritableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive writing by another writer'); - } - this._ownerWritableStream = stream; - stream._writer = this; - const state = stream._state; - if (state === 'writable') { - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) { - defaultWriterReadyPromiseInitialize(this); - } - else { - defaultWriterReadyPromiseInitializeAsResolved(this); - } - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'erroring') { - defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError); - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'closed') { - defaultWriterReadyPromiseInitializeAsResolved(this); - defaultWriterClosedPromiseInitializeAsResolved(this); - } - else { - const storedError = stream._storedError; - defaultWriterReadyPromiseInitializeAsRejected(this, storedError); - defaultWriterClosedPromiseInitializeAsRejected(this, storedError); - } - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the writer’s lock is released before the stream finishes closing. - */ - get closed() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full. - * A producer can use this information to determine the right amount of data to write. - * - * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort - * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when - * the writer’s lock is released. - */ - get desiredSize() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('desiredSize'); - } - if (this._ownerWritableStream === undefined) { - throw defaultWriterLockException('desiredSize'); - } - return WritableStreamDefaultWriterGetDesiredSize(this); - } - /** - * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions - * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips - * back to zero or below, the getter will return a new promise that stays pending until the next transition. - * - * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become - * rejected. - */ - get ready() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('ready')); - } - return this._readyPromise; - } - /** - * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}. - */ - abort(reason = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('abort')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('abort')); - } - return WritableStreamDefaultWriterAbort(this, reason); - } - /** - * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}. - */ - close() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('close')); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return promiseRejectedWith(defaultWriterLockException('close')); - } - if (WritableStreamCloseQueuedOrInFlight(stream)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamDefaultWriterClose(this); - } - /** - * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active. - * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from - * now on; otherwise, the writer will appear closed. - * - * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the - * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled). - * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents - * other producers from writing in an interleaved manner. - */ - releaseLock() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('releaseLock'); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return; - } - WritableStreamDefaultWriterRelease(this); - } - write(chunk = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('write')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - return WritableStreamDefaultWriterWrite(this, chunk); - } -} -Object.defineProperties(WritableStreamDefaultWriter.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, - closed: { enumerable: true }, - desiredSize: { enumerable: true }, - ready: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultWriter', - configurable: true - }); -} -// Abstract operations for the WritableStreamDefaultWriter. -function IsWritableStreamDefaultWriter(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) { - return false; - } - return true; -} -// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check. -function WritableStreamDefaultWriterAbort(writer, reason) { - const stream = writer._ownerWritableStream; - return WritableStreamAbort(stream, reason); -} -function WritableStreamDefaultWriterClose(writer) { - const stream = writer._ownerWritableStream; - return WritableStreamClose(stream); -} -function WritableStreamDefaultWriterCloseWithErrorPropagation(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseResolvedWith(undefined); - } - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - return WritableStreamDefaultWriterClose(writer); -} -function WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) { - if (writer._closedPromiseState === 'pending') { - defaultWriterClosedPromiseReject(writer, error); - } - else { - defaultWriterClosedPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) { - if (writer._readyPromiseState === 'pending') { - defaultWriterReadyPromiseReject(writer, error); - } - else { - defaultWriterReadyPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterGetDesiredSize(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (state === 'errored' || state === 'erroring') { - return null; - } - if (state === 'closed') { - return 0; - } - return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController); -} -function WritableStreamDefaultWriterRelease(writer) { - const stream = writer._ownerWritableStream; - const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`); - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError); - // The state transitions to "errored" before the sink abort() method runs, but the writer.closed promise is not - // rejected until afterwards. This means that simply testing state will not work. - WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError); - stream._writer = undefined; - writer._ownerWritableStream = undefined; -} -function WritableStreamDefaultWriterWrite(writer, chunk) { - const stream = writer._ownerWritableStream; - const controller = stream._writableStreamController; - const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk); - if (stream !== writer._ownerWritableStream) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - const state = stream._state; - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to')); - } - if (state === 'erroring') { - return promiseRejectedWith(stream._storedError); - } - const promise = WritableStreamAddWriteRequest(stream); - WritableStreamDefaultControllerWrite(controller, chunk, chunkSize); - return promise; -} -const closeSentinel = {}; -/** - * Allows control of a {@link WritableStream | writable stream}'s state and internal queue. - * - * @public - */ -class WritableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`. - * - * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying - * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the - * normal lifecycle of interactions with the underlying sink. - */ - error(e = undefined) { - if (!IsWritableStreamDefaultController(this)) { - throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController'); - } - const state = this._controlledWritableStream._state; - if (state !== 'writable') { - // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so - // just treat it as a no-op. - return; - } - WritableStreamDefaultControllerError(this, e); - } - /** @internal */ - [AbortSteps](reason) { - const result = this._abortAlgorithm(reason); - WritableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [ErrorSteps]() { - ResetQueue(this); - } -} -Object.defineProperties(WritableStreamDefaultController.prototype, { - error: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultController', - configurable: true - }); -} -// Abstract operations implementing interface required by the WritableStream. -function IsWritableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) { - return false; - } - return true; -} -function SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledWritableStream = stream; - stream._writableStreamController = controller; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._writeAlgorithm = writeAlgorithm; - controller._closeAlgorithm = closeAlgorithm; - controller._abortAlgorithm = abortAlgorithm; - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - const startResult = startAlgorithm(); - const startPromise = promiseResolvedWith(startResult); - uponPromise(startPromise, () => { - controller._started = true; - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, r => { - controller._started = true; - WritableStreamDealWithRejection(stream, r); - }); -} -function SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) { - const controller = Object.create(WritableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let writeAlgorithm = () => promiseResolvedWith(undefined); - let closeAlgorithm = () => promiseResolvedWith(undefined); - let abortAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSink.start !== undefined) { - startAlgorithm = () => underlyingSink.start(controller); - } - if (underlyingSink.write !== undefined) { - writeAlgorithm = chunk => underlyingSink.write(chunk, controller); - } - if (underlyingSink.close !== undefined) { - closeAlgorithm = () => underlyingSink.close(); - } - if (underlyingSink.abort !== undefined) { - abortAlgorithm = reason => underlyingSink.abort(reason); - } - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); -} -// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls. -function WritableStreamDefaultControllerClearAlgorithms(controller) { - controller._writeAlgorithm = undefined; - controller._closeAlgorithm = undefined; - controller._abortAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -function WritableStreamDefaultControllerClose(controller) { - EnqueueValueWithSize(controller, closeSentinel, 0); - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -function WritableStreamDefaultControllerGetChunkSize(controller, chunk) { - try { - return controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE); - return 1; - } -} -function WritableStreamDefaultControllerGetDesiredSize(controller) { - return controller._strategyHWM - controller._queueTotalSize; -} -function WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) { - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE); - return; - } - const stream = controller._controlledWritableStream; - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -// Abstract operations for the WritableStreamDefaultController. -function WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) { - const stream = controller._controlledWritableStream; - if (!controller._started) { - return; - } - if (stream._inFlightWriteRequest !== undefined) { - return; - } - const state = stream._state; - if (state === 'erroring') { - WritableStreamFinishErroring(stream); - return; - } - if (controller._queue.length === 0) { - return; - } - const value = PeekQueueValue(controller); - if (value === closeSentinel) { - WritableStreamDefaultControllerProcessClose(controller); - } - else { - WritableStreamDefaultControllerProcessWrite(controller, value); - } -} -function WritableStreamDefaultControllerErrorIfNeeded(controller, error) { - if (controller._controlledWritableStream._state === 'writable') { - WritableStreamDefaultControllerError(controller, error); - } -} -function WritableStreamDefaultControllerProcessClose(controller) { - const stream = controller._controlledWritableStream; - WritableStreamMarkCloseRequestInFlight(stream); - DequeueValue(controller); - const sinkClosePromise = controller._closeAlgorithm(); - WritableStreamDefaultControllerClearAlgorithms(controller); - uponPromise(sinkClosePromise, () => { - WritableStreamFinishInFlightClose(stream); - }, reason => { - WritableStreamFinishInFlightCloseWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerProcessWrite(controller, chunk) { - const stream = controller._controlledWritableStream; - WritableStreamMarkFirstWriteRequestInFlight(stream); - const sinkWritePromise = controller._writeAlgorithm(chunk); - uponPromise(sinkWritePromise, () => { - WritableStreamFinishInFlightWrite(stream); - const state = stream._state; - DequeueValue(controller); - if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, reason => { - if (stream._state === 'writable') { - WritableStreamDefaultControllerClearAlgorithms(controller); - } - WritableStreamFinishInFlightWriteWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerGetBackpressure(controller) { - const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller); - return desiredSize <= 0; -} -// A client of WritableStreamDefaultController may use these functions directly to bypass state check. -function WritableStreamDefaultControllerError(controller, error) { - const stream = controller._controlledWritableStream; - WritableStreamDefaultControllerClearAlgorithms(controller); - WritableStreamStartErroring(stream, error); -} -// Helper functions for the WritableStream. -function streamBrandCheckException$2(name) { - return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`); -} -// Helper functions for the WritableStreamDefaultWriter. -function defaultWriterBrandCheckException(name) { - return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`); -} -function defaultWriterLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released writer'); -} -function defaultWriterClosedPromiseInitialize(writer) { - writer._closedPromise = newPromise((resolve, reject) => { - writer._closedPromise_resolve = resolve; - writer._closedPromise_reject = reject; - writer._closedPromiseState = 'pending'; - }); -} -function defaultWriterClosedPromiseInitializeAsRejected(writer, reason) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseReject(writer, reason); -} -function defaultWriterClosedPromiseInitializeAsResolved(writer) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseResolve(writer); -} -function defaultWriterClosedPromiseReject(writer, reason) { - if (writer._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._closedPromise); - writer._closedPromise_reject(reason); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'rejected'; -} -function defaultWriterClosedPromiseResetToRejected(writer, reason) { - defaultWriterClosedPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterClosedPromiseResolve(writer) { - if (writer._closedPromise_resolve === undefined) { - return; - } - writer._closedPromise_resolve(undefined); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'resolved'; -} -function defaultWriterReadyPromiseInitialize(writer) { - writer._readyPromise = newPromise((resolve, reject) => { - writer._readyPromise_resolve = resolve; - writer._readyPromise_reject = reject; - }); - writer._readyPromiseState = 'pending'; -} -function defaultWriterReadyPromiseInitializeAsRejected(writer, reason) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseReject(writer, reason); -} -function defaultWriterReadyPromiseInitializeAsResolved(writer) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseResolve(writer); -} -function defaultWriterReadyPromiseReject(writer, reason) { - if (writer._readyPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._readyPromise); - writer._readyPromise_reject(reason); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'rejected'; -} -function defaultWriterReadyPromiseReset(writer) { - defaultWriterReadyPromiseInitialize(writer); -} -function defaultWriterReadyPromiseResetToRejected(writer, reason) { - defaultWriterReadyPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterReadyPromiseResolve(writer) { - if (writer._readyPromise_resolve === undefined) { - return; - } - writer._readyPromise_resolve(undefined); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'fulfilled'; -} - -function isAbortSignal(value) { - if (typeof value !== 'object' || value === null) { - return false; - } - try { - return typeof value.aborted === 'boolean'; - } - catch (_a) { - // AbortSignal.prototype.aborted throws if its brand check fails - return false; - } -} - -/// -const NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined; - -/// -function isDOMExceptionConstructor(ctor) { - if (!(typeof ctor === 'function' || typeof ctor === 'object')) { - return false; - } - try { - new ctor(); - return true; - } - catch (_a) { - return false; - } -} -function createDOMExceptionPolyfill() { - // eslint-disable-next-line no-shadow - const ctor = function DOMException(message, name) { - this.message = message || ''; - this.name = name || 'Error'; - if (Error.captureStackTrace) { - Error.captureStackTrace(this, this.constructor); - } - }; - ctor.prototype = Object.create(Error.prototype); - Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true }); - return ctor; -} -// eslint-disable-next-line no-redeclare -const DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill(); - -function ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) { - const reader = AcquireReadableStreamDefaultReader(source); - const writer = AcquireWritableStreamDefaultWriter(dest); - source._disturbed = true; - let shuttingDown = false; - // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown. - let currentWrite = promiseResolvedWith(undefined); - return newPromise((resolve, reject) => { - let abortAlgorithm; - if (signal !== undefined) { - abortAlgorithm = () => { - const error = new DOMException$1('Aborted', 'AbortError'); - const actions = []; - if (!preventAbort) { - actions.push(() => { - if (dest._state === 'writable') { - return WritableStreamAbort(dest, error); - } - return promiseResolvedWith(undefined); - }); - } - if (!preventCancel) { - actions.push(() => { - if (source._state === 'readable') { - return ReadableStreamCancel(source, error); - } - return promiseResolvedWith(undefined); - }); - } - shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error); - }; - if (signal.aborted) { - abortAlgorithm(); - return; - } - signal.addEventListener('abort', abortAlgorithm); - } - // Using reader and writer, read all chunks from this and write them to dest - // - Backpressure must be enforced - // - Shutdown must stop all activity - function pipeLoop() { - return newPromise((resolveLoop, rejectLoop) => { - function next(done) { - if (done) { - resolveLoop(); - } - else { - // Use `PerformPromiseThen` instead of `uponPromise` to avoid - // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers - PerformPromiseThen(pipeStep(), next, rejectLoop); - } - } - next(false); - }); - } - function pipeStep() { - if (shuttingDown) { - return promiseResolvedWith(true); - } - return PerformPromiseThen(writer._readyPromise, () => { - return newPromise((resolveRead, rejectRead) => { - ReadableStreamDefaultReaderRead(reader, { - _chunkSteps: chunk => { - currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop); - resolveRead(false); - }, - _closeSteps: () => resolveRead(true), - _errorSteps: rejectRead - }); - }); - }); - } - // Errors must be propagated forward - isOrBecomesErrored(source, reader._closedPromise, storedError => { - if (!preventAbort) { - shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Errors must be propagated backward - isOrBecomesErrored(dest, writer._closedPromise, storedError => { - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Closing must be propagated forward - isOrBecomesClosed(source, reader._closedPromise, () => { - if (!preventClose) { - shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer)); - } - else { - shutdown(); - } - }); - // Closing must be propagated backward - if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') { - const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it'); - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed); - } - else { - shutdown(true, destClosed); - } - } - setPromiseIsHandledToTrue(pipeLoop()); - function waitForWritesToFinish() { - // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait - // for that too. - const oldCurrentWrite = currentWrite; - return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined); - } - function isOrBecomesErrored(stream, promise, action) { - if (stream._state === 'errored') { - action(stream._storedError); - } - else { - uponRejection(promise, action); - } - } - function isOrBecomesClosed(stream, promise, action) { - if (stream._state === 'closed') { - action(); - } - else { - uponFulfillment(promise, action); - } - } - function shutdownWithAction(action, originalIsError, originalError) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), doTheRest); - } - else { - doTheRest(); - } - function doTheRest() { - uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError)); - } - } - function shutdown(isError, error) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error)); - } - else { - finalize(isError, error); - } - } - function finalize(isError, error) { - WritableStreamDefaultWriterRelease(writer); - ReadableStreamReaderGenericRelease(reader); - if (signal !== undefined) { - signal.removeEventListener('abort', abortAlgorithm); - } - if (isError) { - reject(error); - } - else { - resolve(undefined); - } - } - }); -} - -/** - * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue. - * - * @public - */ -class ReadableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('desiredSize'); - } - return ReadableStreamDefaultControllerGetDesiredSize(this); - } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('close'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits close'); - } - ReadableStreamDefaultControllerClose(this); - } - enqueue(chunk = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('enqueue'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits enqueue'); - } - return ReadableStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('error'); - } - ReadableStreamDefaultControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableStream; - if (this._queue.length > 0) { - const chunk = DequeueValue(this); - if (this._closeRequested && this._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(this); - ReadableStreamClose(stream); - } - else { - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - readRequest._chunkSteps(chunk); - } - else { - ReadableStreamAddReadRequest(stream, readRequest); - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - } -} -Object.defineProperties(ReadableStreamDefaultController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultController', - configurable: true - }); -} -// Abstract operations for the ReadableStreamDefaultController. -function IsReadableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) { - return false; - } - return true; -} -function ReadableStreamDefaultControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableStreamDefaultControllerError(controller, e); - }); -} -function ReadableStreamDefaultControllerShouldCallPull(controller) { - const stream = controller._controlledReadableStream; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return false; - } - if (!controller._started) { - return false; - } - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; - } - return false; -} -function ReadableStreamDefaultControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -// A client of ReadableStreamDefaultController may use these functions directly to bypass state check. -function ReadableStreamDefaultControllerClose(controller) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; - } - const stream = controller._controlledReadableStream; - controller._closeRequested = true; - if (controller._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamClose(stream); - } -} -function ReadableStreamDefaultControllerEnqueue(controller, chunk) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; - } - const stream = controller._controlledReadableStream; - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - ReadableStreamFulfillReadRequest(stream, chunk, false); - } - else { - let chunkSize; - try { - chunkSize = controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - ReadableStreamDefaultControllerError(controller, chunkSizeE); - throw chunkSizeE; - } - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - ReadableStreamDefaultControllerError(controller, enqueueE); - throw enqueueE; - } - } - ReadableStreamDefaultControllerCallPullIfNeeded(controller); -} -function ReadableStreamDefaultControllerError(controller, e) { - const stream = controller._controlledReadableStream; - if (stream._state !== 'readable') { - return; - } - ResetQueue(controller); - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableStreamDefaultControllerGetDesiredSize(controller) { - const state = controller._controlledReadableStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -// This is used in the implementation of TransformStream. -function ReadableStreamDefaultControllerHasBackpressure(controller) { - if (ReadableStreamDefaultControllerShouldCallPull(controller)) { - return false; - } - return true; -} -function ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) { - const state = controller._controlledReadableStream._state; - if (!controller._closeRequested && state === 'readable') { - return true; - } - return false; -} -function SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledReadableStream = stream; - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._closeRequested = false; - controller._pullAgain = false; - controller._pulling = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - }, r => { - ReadableStreamDefaultControllerError(controller, r); - }); -} -function SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) { - const controller = Object.create(ReadableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSource.start !== undefined) { - startAlgorithm = () => underlyingSource.start(controller); - } - if (underlyingSource.pull !== undefined) { - pullAlgorithm = () => underlyingSource.pull(controller); - } - if (underlyingSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingSource.cancel(reason); - } - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); -} -// Helper functions for the ReadableStreamDefaultController. -function defaultControllerBrandCheckException$1(name) { - return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`); -} - -function ReadableStreamTee(stream, cloneForBranch2) { - const reader = AcquireReadableStreamDefaultReader(stream); - let reading = false; - let canceled1 = false; - let canceled2 = false; - let reason1; - let reason2; - let branch1; - let branch2; - let resolveCancelPromise; - const cancelPromise = newPromise(resolve => { - resolveCancelPromise = resolve; - }); - function pullAlgorithm() { - if (reading) { - return promiseResolvedWith(undefined); - } - reading = true; - const readRequest = { - _chunkSteps: value => { - // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using - // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let - // successful synchronously-available reads get ahead of asynchronously-available errors. - queueMicrotask(() => { - reading = false; - const value1 = value; - const value2 = value; - // There is no way to access the cloning code right now in the reference implementation. - // If we add one then we'll need an implementation for serializable objects. - // if (!canceled2 && cloneForBranch2) { - // value2 = StructuredDeserialize(StructuredSerialize(value2)); - // } - if (!canceled1) { - ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1); - } - if (!canceled2) { - ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2); - } - }); - }, - _closeSteps: () => { - reading = false; - if (!canceled1) { - ReadableStreamDefaultControllerClose(branch1._readableStreamController); - } - if (!canceled2) { - ReadableStreamDefaultControllerClose(branch2._readableStreamController); - } - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }, - _errorSteps: () => { - reading = false; - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promiseResolvedWith(undefined); - } - function cancel1Algorithm(reason) { - canceled1 = true; - reason1 = reason; - if (canceled2) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function cancel2Algorithm(reason) { - canceled2 = true; - reason2 = reason; - if (canceled1) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function startAlgorithm() { - // do nothing - } - branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm); - branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm); - uponRejection(reader._closedPromise, (r) => { - ReadableStreamDefaultControllerError(branch1._readableStreamController, r); - ReadableStreamDefaultControllerError(branch2._readableStreamController, r); - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }); - return [branch1, branch2]; -} - -function convertUnderlyingDefaultOrByteSource(source, context) { - assertDictionary(source, context); - const original = source; - const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize; - const cancel = original === null || original === void 0 ? void 0 : original.cancel; - const pull = original === null || original === void 0 ? void 0 : original.pull; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - return { - autoAllocateChunkSize: autoAllocateChunkSize === undefined ? - undefined : - convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`), - cancel: cancel === undefined ? - undefined : - convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`), - pull: pull === undefined ? - undefined : - convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`), - start: start === undefined ? - undefined : - convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`), - type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`) - }; -} -function convertUnderlyingSourceCancelCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSourcePullCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertUnderlyingSourceStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertReadableStreamType(type, context) { - type = `${type}`; - if (type !== 'bytes') { - throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`); - } - return type; -} - -function convertReaderOptions(options, context) { - assertDictionary(options, context); - const mode = options === null || options === void 0 ? void 0 : options.mode; - return { - mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`) - }; -} -function convertReadableStreamReaderMode(mode, context) { - mode = `${mode}`; - if (mode !== 'byob') { - throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`); - } - return mode; -} - -function convertIteratorOptions(options, context) { - assertDictionary(options, context); - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - return { preventCancel: Boolean(preventCancel) }; -} - -function convertPipeOptions(options, context) { - assertDictionary(options, context); - const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort; - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - const preventClose = options === null || options === void 0 ? void 0 : options.preventClose; - const signal = options === null || options === void 0 ? void 0 : options.signal; - if (signal !== undefined) { - assertAbortSignal(signal, `${context} has member 'signal' that`); - } - return { - preventAbort: Boolean(preventAbort), - preventCancel: Boolean(preventCancel), - preventClose: Boolean(preventClose), - signal - }; -} -function assertAbortSignal(signal, context) { - if (!isAbortSignal(signal)) { - throw new TypeError(`${context} is not an AbortSignal.`); - } -} - -function convertReadableWritablePair(pair, context) { - assertDictionary(pair, context); - const readable = pair === null || pair === void 0 ? void 0 : pair.readable; - assertRequiredField(readable, 'readable', 'ReadableWritablePair'); - assertReadableStream(readable, `${context} has member 'readable' that`); - const writable = pair === null || pair === void 0 ? void 0 : pair.writable; - assertRequiredField(writable, 'writable', 'ReadableWritablePair'); - assertWritableStream(writable, `${context} has member 'writable' that`); - return { readable, writable }; -} - -/** - * A readable stream represents a source of data, from which you can read. - * - * @public - */ -class ReadableStream$1 { - constructor(rawUnderlyingSource = {}, rawStrategy = {}) { - if (rawUnderlyingSource === undefined) { - rawUnderlyingSource = null; - } - else { - assertObject(rawUnderlyingSource, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter'); - InitializeReadableStream(this); - if (underlyingSource.type === 'bytes') { - if (strategy.size !== undefined) { - throw new RangeError('The strategy for a byte stream cannot have a size function'); - } - const highWaterMark = ExtractHighWaterMark(strategy, 0); - SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark); - } - else { - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm); - } - } - /** - * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}. - */ - get locked() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('locked'); - } - return IsReadableStreamLocked(this); - } - /** - * Cancels the stream, signaling a loss of interest in the stream by a consumer. - * - * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()} - * method, which might or might not use it. - */ - cancel(reason = undefined) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('cancel')); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader')); - } - return ReadableStreamCancel(this, reason); - } - getReader(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('getReader'); - } - const options = convertReaderOptions(rawOptions, 'First parameter'); - if (options.mode === undefined) { - return AcquireReadableStreamDefaultReader(this); - } - return AcquireReadableStreamBYOBReader(this); - } - pipeThrough(rawTransform, rawOptions = {}) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('pipeThrough'); - } - assertRequiredArgument(rawTransform, 1, 'pipeThrough'); - const transform = convertReadableWritablePair(rawTransform, 'First parameter'); - const options = convertPipeOptions(rawOptions, 'Second parameter'); - if (IsReadableStreamLocked(this)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream'); - } - if (IsWritableStreamLocked(transform.writable)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream'); - } - const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - setPromiseIsHandledToTrue(promise); - return transform.readable; - } - pipeTo(destination, rawOptions = {}) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('pipeTo')); - } - if (destination === undefined) { - return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`); - } - if (!IsWritableStream(destination)) { - return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`)); - } - let options; - try { - options = convertPipeOptions(rawOptions, 'Second parameter'); - } - catch (e) { - return promiseRejectedWith(e); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream')); - } - if (IsWritableStreamLocked(destination)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream')); - } - return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - } - /** - * Tees this readable stream, returning a two-element array containing the two resulting branches as - * new {@link ReadableStream} instances. - * - * Teeing a stream will lock it, preventing any other consumer from acquiring a reader. - * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be - * propagated to the stream's underlying source. - * - * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable, - * this could allow interference between the two branches. - */ - tee() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('tee'); - } - const branches = ReadableStreamTee(this); - return CreateArrayFromList(branches); - } - values(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('values'); - } - const options = convertIteratorOptions(rawOptions, 'First parameter'); - return AcquireReadableStreamAsyncIterator(this, options.preventCancel); - } -} -Object.defineProperties(ReadableStream$1.prototype, { - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, - values: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStream', - configurable: true - }); -} -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.asyncIterator, { - value: ReadableStream$1.prototype.values, - writable: true, - configurable: true - }); -} -// Abstract operations for the ReadableStream. -// Throws if and only if startAlgorithm throws. -function CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(ReadableStream$1.prototype); - InitializeReadableStream(stream); - const controller = Object.create(ReadableStreamDefaultController.prototype); - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeReadableStream(stream) { - stream._state = 'readable'; - stream._reader = undefined; - stream._storedError = undefined; - stream._disturbed = false; -} -function IsReadableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) { - return false; - } - return true; -} -function IsReadableStreamLocked(stream) { - if (stream._reader === undefined) { - return false; - } - return true; -} -// ReadableStream API exposed for controllers. -function ReadableStreamCancel(stream, reason) { - stream._disturbed = true; - if (stream._state === 'closed') { - return promiseResolvedWith(undefined); - } - if (stream._state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - ReadableStreamClose(stream); - const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason); - return transformPromiseWith(sourceCancelPromise, noop); -} -function ReadableStreamClose(stream) { - stream._state = 'closed'; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseResolve(reader); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._closeSteps(); - }); - reader._readRequests = new SimpleQueue(); - } -} -function ReadableStreamError(stream, e) { - stream._state = 'errored'; - stream._storedError = e; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseReject(reader, e); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._errorSteps(e); - }); - reader._readRequests = new SimpleQueue(); - } - else { - reader._readIntoRequests.forEach(readIntoRequest => { - readIntoRequest._errorSteps(e); - }); - reader._readIntoRequests = new SimpleQueue(); - } -} -// Helper functions for the ReadableStream. -function streamBrandCheckException$1(name) { - return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`); -} - -function convertQueuingStrategyInit(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit'); - return { - highWaterMark: convertUnrestrictedDouble(highWaterMark) - }; -} - -const byteLengthSizeFunction = function size(chunk) { - return chunk.byteLength; -}; -/** - * A queuing strategy that counts the number of bytes in each chunk. - * - * @public - */ -class ByteLengthQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('highWaterMark'); - } - return this._byteLengthQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by returning the value of its `byteLength` property. - */ - get size() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('size'); - } - return byteLengthSizeFunction; - } -} -Object.defineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'ByteLengthQueuingStrategy', - configurable: true - }); -} -// Helper functions for the ByteLengthQueuingStrategy. -function byteLengthBrandCheckException(name) { - return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`); -} -function IsByteLengthQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) { - return false; - } - return true; -} - -const countSizeFunction = function size() { - return 1; -}; -/** - * A queuing strategy that counts the number of chunks. - * - * @public - */ -class CountQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'CountQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._countQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('highWaterMark'); - } - return this._countQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by always returning 1. - * This ensures that the total queue size is a count of the number of chunks in the queue. - */ - get size() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('size'); - } - return countSizeFunction; - } -} -Object.defineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'CountQueuingStrategy', - configurable: true - }); -} -// Helper functions for the CountQueuingStrategy. -function countBrandCheckException(name) { - return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`); -} -function IsCountQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) { - return false; - } - return true; -} - -function convertTransformer(original, context) { - assertDictionary(original, context); - const flush = original === null || original === void 0 ? void 0 : original.flush; - const readableType = original === null || original === void 0 ? void 0 : original.readableType; - const start = original === null || original === void 0 ? void 0 : original.start; - const transform = original === null || original === void 0 ? void 0 : original.transform; - const writableType = original === null || original === void 0 ? void 0 : original.writableType; - return { - flush: flush === undefined ? - undefined : - convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`), - readableType, - start: start === undefined ? - undefined : - convertTransformerStartCallback(start, original, `${context} has member 'start' that`), - transform: transform === undefined ? - undefined : - convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`), - writableType - }; -} -function convertTransformerFlushCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertTransformerStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertTransformerTransformCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} - -// Class TransformStream -/** - * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream}, - * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side. - * In a manner specific to the transform stream in question, writes to the writable side result in new data being - * made available for reading from the readable side. - * - * @public - */ -class TransformStream$1 { - constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) { - if (rawTransformer === undefined) { - rawTransformer = null; - } - const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter'); - const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter'); - const transformer = convertTransformer(rawTransformer, 'First parameter'); - if (transformer.readableType !== undefined) { - throw new RangeError('Invalid readableType specified'); - } - if (transformer.writableType !== undefined) { - throw new RangeError('Invalid writableType specified'); - } - const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0); - const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy); - const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1); - const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy); - let startPromise_resolve; - const startPromise = newPromise(resolve => { - startPromise_resolve = resolve; - }); - InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - SetUpTransformStreamDefaultControllerFromTransformer(this, transformer); - if (transformer.start !== undefined) { - startPromise_resolve(transformer.start(this._transformStreamController)); - } - else { - startPromise_resolve(undefined); - } - } - /** - * The readable side of the transform stream. - */ - get readable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('readable'); - } - return this._readable; - } - /** - * The writable side of the transform stream. - */ - get writable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('writable'); - } - return this._writable; - } -} -Object.defineProperties(TransformStream$1.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStream', - configurable: true - }); -} -function InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) { - function startAlgorithm() { - return startPromise; - } - function writeAlgorithm(chunk) { - return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk); - } - function abortAlgorithm(reason) { - return TransformStreamDefaultSinkAbortAlgorithm(stream, reason); - } - function closeAlgorithm() { - return TransformStreamDefaultSinkCloseAlgorithm(stream); - } - stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm); - function pullAlgorithm() { - return TransformStreamDefaultSourcePullAlgorithm(stream); - } - function cancelAlgorithm(reason) { - TransformStreamErrorWritableAndUnblockWrite(stream, reason); - return promiseResolvedWith(undefined); - } - stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure. - stream._backpressure = undefined; - stream._backpressureChangePromise = undefined; - stream._backpressureChangePromise_resolve = undefined; - TransformStreamSetBackpressure(stream, true); - stream._transformStreamController = undefined; -} -function IsTransformStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) { - return false; - } - return true; -} -// This is a no-op if both sides are already errored. -function TransformStreamError(stream, e) { - ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e); - TransformStreamErrorWritableAndUnblockWrite(stream, e); -} -function TransformStreamErrorWritableAndUnblockWrite(stream, e) { - TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController); - WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e); - if (stream._backpressure) { - // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure() - // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time - // _backpressure is set. - TransformStreamSetBackpressure(stream, false); - } -} -function TransformStreamSetBackpressure(stream, backpressure) { - // Passes also when called during construction. - if (stream._backpressureChangePromise !== undefined) { - stream._backpressureChangePromise_resolve(); - } - stream._backpressureChangePromise = newPromise(resolve => { - stream._backpressureChangePromise_resolve = resolve; - }); - stream._backpressure = backpressure; -} -// Class TransformStreamDefaultController -/** - * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}. - * - * @public - */ -class TransformStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full. - */ - get desiredSize() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('desiredSize'); - } - const readableController = this._controlledTransformStream._readable._readableStreamController; - return ReadableStreamDefaultControllerGetDesiredSize(readableController); - } - enqueue(chunk = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('enqueue'); - } - TransformStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors both the readable side and the writable side of the controlled transform stream, making all future - * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded. - */ - error(reason = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('error'); - } - TransformStreamDefaultControllerError(this, reason); - } - /** - * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the - * transformer only needs to consume a portion of the chunks written to the writable side. - */ - terminate() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('terminate'); - } - TransformStreamDefaultControllerTerminate(this); - } -} -Object.defineProperties(TransformStreamDefaultController.prototype, { - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStreamDefaultController', - configurable: true - }); -} -// Transform Stream Default Controller Abstract Operations -function IsTransformStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) { - return false; - } - return true; -} -function SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) { - controller._controlledTransformStream = stream; - stream._transformStreamController = controller; - controller._transformAlgorithm = transformAlgorithm; - controller._flushAlgorithm = flushAlgorithm; -} -function SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) { - const controller = Object.create(TransformStreamDefaultController.prototype); - let transformAlgorithm = (chunk) => { - try { - TransformStreamDefaultControllerEnqueue(controller, chunk); - return promiseResolvedWith(undefined); - } - catch (transformResultE) { - return promiseRejectedWith(transformResultE); - } - }; - let flushAlgorithm = () => promiseResolvedWith(undefined); - if (transformer.transform !== undefined) { - transformAlgorithm = chunk => transformer.transform(chunk, controller); - } - if (transformer.flush !== undefined) { - flushAlgorithm = () => transformer.flush(controller); - } - SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm); -} -function TransformStreamDefaultControllerClearAlgorithms(controller) { - controller._transformAlgorithm = undefined; - controller._flushAlgorithm = undefined; -} -function TransformStreamDefaultControllerEnqueue(controller, chunk) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) { - throw new TypeError('Readable side is not in a state that permits enqueue'); - } - // We throttle transform invocations based on the backpressure of the ReadableStream, but we still - // accept TransformStreamDefaultControllerEnqueue() calls. - try { - ReadableStreamDefaultControllerEnqueue(readableController, chunk); - } - catch (e) { - // This happens when readableStrategy.size() throws. - TransformStreamErrorWritableAndUnblockWrite(stream, e); - throw stream._readable._storedError; - } - const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController); - if (backpressure !== stream._backpressure) { - TransformStreamSetBackpressure(stream, true); - } -} -function TransformStreamDefaultControllerError(controller, e) { - TransformStreamError(controller._controlledTransformStream, e); -} -function TransformStreamDefaultControllerPerformTransform(controller, chunk) { - const transformPromise = controller._transformAlgorithm(chunk); - return transformPromiseWith(transformPromise, undefined, r => { - TransformStreamError(controller._controlledTransformStream, r); - throw r; - }); -} -function TransformStreamDefaultControllerTerminate(controller) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - ReadableStreamDefaultControllerClose(readableController); - const error = new TypeError('TransformStream terminated'); - TransformStreamErrorWritableAndUnblockWrite(stream, error); -} -// TransformStreamDefaultSink Algorithms -function TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) { - const controller = stream._transformStreamController; - if (stream._backpressure) { - const backpressureChangePromise = stream._backpressureChangePromise; - return transformPromiseWith(backpressureChangePromise, () => { - const writable = stream._writable; - const state = writable._state; - if (state === 'erroring') { - throw writable._storedError; - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - }); - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); -} -function TransformStreamDefaultSinkAbortAlgorithm(stream, reason) { - // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already - // errored. - TransformStreamError(stream, reason); - return promiseResolvedWith(undefined); -} -function TransformStreamDefaultSinkCloseAlgorithm(stream) { - // stream._readable cannot change after construction, so caching it across a call to user code is safe. - const readable = stream._readable; - const controller = stream._transformStreamController; - const flushPromise = controller._flushAlgorithm(); - TransformStreamDefaultControllerClearAlgorithms(controller); - // Return a promise that is fulfilled with undefined on success. - return transformPromiseWith(flushPromise, () => { - if (readable._state === 'errored') { - throw readable._storedError; - } - ReadableStreamDefaultControllerClose(readable._readableStreamController); - }, r => { - TransformStreamError(stream, r); - throw readable._storedError; - }); -} -// TransformStreamDefaultSource Algorithms -function TransformStreamDefaultSourcePullAlgorithm(stream) { - // Invariant. Enforced by the promises returned by start() and pull(). - TransformStreamSetBackpressure(stream, false); - // Prevent the next pull() call until there is backpressure. - return stream._backpressureChangePromise; -} -// Helper functions for the TransformStreamDefaultController. -function defaultControllerBrandCheckException(name) { - return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`); -} -// Helper functions for the TransformStream. -function streamBrandCheckException(name) { - return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`); -} - -var ponyfill_es6 = /*#__PURE__*/Object.freeze({ - __proto__: null, - ByteLengthQueuingStrategy: ByteLengthQueuingStrategy, - CountQueuingStrategy: CountQueuingStrategy, - ReadableByteStreamController: ReadableByteStreamController, - ReadableStream: ReadableStream$1, - ReadableStreamBYOBReader: ReadableStreamBYOBReader, - ReadableStreamBYOBRequest: ReadableStreamBYOBRequest, - ReadableStreamDefaultController: ReadableStreamDefaultController, - ReadableStreamDefaultReader: ReadableStreamDefaultReader, - TransformStream: TransformStream$1, - TransformStreamDefaultController: TransformStreamDefaultController, - WritableStream: WritableStream$1, - WritableStreamDefaultController: WritableStreamDefaultController, - WritableStreamDefaultWriter: WritableStreamDefaultWriter -}); - -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise */ - -var extendStatics = function(d, b) { - extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return extendStatics(d, b); -}; - -function __extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); -} - -function assert$1(test) { - if (!test) { - throw new TypeError('Assertion failed'); - } -} - -function noop$1() { - return; -} -function typeIsObject$1(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} - -function isStreamConstructor(ctor) { - if (typeof ctor !== 'function') { - return false; - } - var startCalled = false; - try { - new ctor({ - start: function () { - startCalled = true; - } - }); - } - catch (e) { - // ignore - } - return startCalled; -} -function isReadableStream(readable) { - if (!typeIsObject$1(readable)) { - return false; - } - if (typeof readable.getReader !== 'function') { - return false; - } - return true; -} -function isReadableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isReadableStream(new ctor())) { - return false; - } - return true; -} -function isWritableStream(writable) { - if (!typeIsObject$1(writable)) { - return false; - } - if (typeof writable.getWriter !== 'function') { - return false; - } - return true; -} -function isWritableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isWritableStream(new ctor())) { - return false; - } - return true; -} -function isTransformStream(transform) { - if (!typeIsObject$1(transform)) { - return false; - } - if (!isReadableStream(transform.readable)) { - return false; - } - if (!isWritableStream(transform.writable)) { - return false; - } - return true; -} -function isTransformStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isTransformStream(new ctor())) { - return false; - } - return true; -} -function supportsByobReader(readable) { - try { - var reader = readable.getReader({ mode: 'byob' }); - reader.releaseLock(); - return true; - } - catch (_a) { - return false; - } -} -function supportsByteSource(ctor) { - try { - new ctor({ type: 'bytes' }); - return true; - } - catch (_a) { - return false; - } -} - -function createReadableStreamWrapper(ctor) { - assert$1(isReadableStreamConstructor(ctor)); - var byteSourceSupported = supportsByteSource(ctor); - return function (readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - type = parseReadableType(type); - if (type === 'bytes' && !byteSourceSupported) { - type = undefined; - } - if (readable.constructor === ctor) { - if (type !== 'bytes' || supportsByobReader(readable)) { - return readable; - } - } - if (type === 'bytes') { - var source = createWrappingReadableSource(readable, { type: type }); - return new ctor(source); - } - else { - var source = createWrappingReadableSource(readable); - return new ctor(source); - } - }; -} -function createWrappingReadableSource(readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - assert$1(isReadableStream(readable)); - assert$1(readable.locked === false); - type = parseReadableType(type); - var source; - if (type === 'bytes') { - source = new WrappingReadableByteStreamSource(readable); - } - else { - source = new WrappingReadableStreamDefaultSource(readable); - } - return source; -} -function parseReadableType(type) { - var typeString = String(type); - if (typeString === 'bytes') { - return typeString; - } - else if (type === undefined) { - return type; - } - else { - throw new RangeError('Invalid type is specified'); - } -} -var AbstractWrappingReadableStreamSource = /** @class */ (function () { - function AbstractWrappingReadableStreamSource(underlyingStream) { - this._underlyingReader = undefined; - this._readerMode = undefined; - this._readableStreamController = undefined; - this._pendingRead = undefined; - this._underlyingStream = underlyingStream; - // always keep a reader attached to detect close/error - this._attachDefaultReader(); - } - AbstractWrappingReadableStreamSource.prototype.start = function (controller) { - this._readableStreamController = controller; - }; - AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) { - assert$1(this._underlyingReader !== undefined); - return this._underlyingReader.cancel(reason); - }; - AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () { - if (this._readerMode === "default" /* DEFAULT */) { - return; - } - this._detachReader(); - var reader = this._underlyingStream.getReader(); - this._readerMode = "default" /* DEFAULT */; - this._attachReader(reader); - }; - AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) { - var _this = this; - assert$1(this._underlyingReader === undefined); - this._underlyingReader = reader; - var closed = this._underlyingReader.closed; - if (!closed) { - return; - } - closed - .then(function () { return _this._finishPendingRead(); }) - .then(function () { - if (reader === _this._underlyingReader) { - _this._readableStreamController.close(); - } - }, function (reason) { - if (reader === _this._underlyingReader) { - _this._readableStreamController.error(reason); - } - }) - .catch(noop$1); - }; - AbstractWrappingReadableStreamSource.prototype._detachReader = function () { - if (this._underlyingReader === undefined) { - return; - } - this._underlyingReader.releaseLock(); - this._underlyingReader = undefined; - this._readerMode = undefined; - }; - AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () { - var _this = this; - this._attachDefaultReader(); - // TODO Backpressure? - var read = this._underlyingReader.read() - .then(function (result) { - var controller = _this._readableStreamController; - if (result.done) { - _this._tryClose(); - } - else { - controller.enqueue(result.value); - } - }); - this._setPendingRead(read); - return read; - }; - AbstractWrappingReadableStreamSource.prototype._tryClose = function () { - try { - this._readableStreamController.close(); - } - catch (_a) { - // already errored or closed - } - }; - AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) { - var _this = this; - var pendingRead; - var finishRead = function () { - if (_this._pendingRead === pendingRead) { - _this._pendingRead = undefined; - } - }; - this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead); - }; - AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () { - var _this = this; - if (!this._pendingRead) { - return undefined; - } - var afterRead = function () { return _this._finishPendingRead(); }; - return this._pendingRead.then(afterRead, afterRead); - }; - return AbstractWrappingReadableStreamSource; -}()); -var WrappingReadableStreamDefaultSource = /** @class */ (function (_super) { - __extends(WrappingReadableStreamDefaultSource, _super); - function WrappingReadableStreamDefaultSource() { - return _super !== null && _super.apply(this, arguments) || this; - } - WrappingReadableStreamDefaultSource.prototype.pull = function () { - return this._pullWithDefaultReader(); - }; - return WrappingReadableStreamDefaultSource; -}(AbstractWrappingReadableStreamSource)); -function toUint8Array(view) { - return new Uint8Array(view.buffer, view.byteOffset, view.byteLength); -} -function copyArrayBufferView(from, to) { - var fromArray = toUint8Array(from); - var toArray = toUint8Array(to); - toArray.set(fromArray, 0); -} -var WrappingReadableByteStreamSource = /** @class */ (function (_super) { - __extends(WrappingReadableByteStreamSource, _super); - function WrappingReadableByteStreamSource(underlyingStream) { - var _this = this; - var supportsByob = supportsByobReader(underlyingStream); - _this = _super.call(this, underlyingStream) || this; - _this._supportsByob = supportsByob; - return _this; - } - Object.defineProperty(WrappingReadableByteStreamSource.prototype, "type", { - get: function () { - return 'bytes'; - }, - enumerable: false, - configurable: true - }); - WrappingReadableByteStreamSource.prototype._attachByobReader = function () { - if (this._readerMode === "byob" /* BYOB */) { - return; - } - assert$1(this._supportsByob); - this._detachReader(); - var reader = this._underlyingStream.getReader({ mode: 'byob' }); - this._readerMode = "byob" /* BYOB */; - this._attachReader(reader); - }; - WrappingReadableByteStreamSource.prototype.pull = function () { - if (this._supportsByob) { - var byobRequest = this._readableStreamController.byobRequest; - if (byobRequest) { - return this._pullWithByobRequest(byobRequest); - } - } - return this._pullWithDefaultReader(); - }; - WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) { - var _this = this; - this._attachByobReader(); - // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly - // create a separate buffer to read into, then copy that to byobRequest.view - var buffer = new Uint8Array(byobRequest.view.byteLength); - // TODO Backpressure? - var read = this._underlyingReader.read(buffer) - .then(function (result) { - _this._readableStreamController; - if (result.done) { - _this._tryClose(); - byobRequest.respond(0); - } - else { - copyArrayBufferView(result.value, byobRequest.view); - byobRequest.respond(result.value.byteLength); - } - }); - this._setPendingRead(read); - return read; - }; - return WrappingReadableByteStreamSource; -}(AbstractWrappingReadableStreamSource)); - -function createWritableStreamWrapper(ctor) { - assert$1(isWritableStreamConstructor(ctor)); - return function (writable) { - if (writable.constructor === ctor) { - return writable; - } - var sink = createWrappingWritableSink(writable); - return new ctor(sink); - }; -} -function createWrappingWritableSink(writable) { - assert$1(isWritableStream(writable)); - assert$1(writable.locked === false); - var writer = writable.getWriter(); - return new WrappingWritableStreamSink(writer); -} -var WrappingWritableStreamSink = /** @class */ (function () { - function WrappingWritableStreamSink(underlyingWriter) { - var _this = this; - this._writableStreamController = undefined; - this._pendingWrite = undefined; - this._state = "writable" /* WRITABLE */; - this._storedError = undefined; - this._underlyingWriter = underlyingWriter; - this._errorPromise = new Promise(function (resolve, reject) { - _this._errorPromiseReject = reject; - }); - this._errorPromise.catch(noop$1); - } - WrappingWritableStreamSink.prototype.start = function (controller) { - var _this = this; - this._writableStreamController = controller; - this._underlyingWriter.closed - .then(function () { - _this._state = "closed" /* CLOSED */; - }) - .catch(function (reason) { return _this._finishErroring(reason); }); - }; - WrappingWritableStreamSink.prototype.write = function (chunk) { - var _this = this; - var writer = this._underlyingWriter; - // Detect past errors - if (writer.desiredSize === null) { - return writer.ready; - } - var writeRequest = writer.write(chunk); - // Detect future errors - writeRequest.catch(function (reason) { return _this._finishErroring(reason); }); - writer.ready.catch(function (reason) { return _this._startErroring(reason); }); - // Reject write when errored - var write = Promise.race([writeRequest, this._errorPromise]); - this._setPendingWrite(write); - return write; - }; - WrappingWritableStreamSink.prototype.close = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return this._underlyingWriter.close(); - } - return this._finishPendingWrite().then(function () { return _this.close(); }); - }; - WrappingWritableStreamSink.prototype.abort = function (reason) { - if (this._state === "errored" /* ERRORED */) { - return undefined; - } - var writer = this._underlyingWriter; - return writer.abort(reason); - }; - WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) { - var _this = this; - var pendingWrite; - var finishWrite = function () { - if (_this._pendingWrite === pendingWrite) { - _this._pendingWrite = undefined; - } - }; - this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite); - }; - WrappingWritableStreamSink.prototype._finishPendingWrite = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return Promise.resolve(); - } - var afterWrite = function () { return _this._finishPendingWrite(); }; - return this._pendingWrite.then(afterWrite, afterWrite); - }; - WrappingWritableStreamSink.prototype._startErroring = function (reason) { - var _this = this; - if (this._state === "writable" /* WRITABLE */) { - this._state = "erroring" /* ERRORING */; - this._storedError = reason; - var afterWrite = function () { return _this._finishErroring(reason); }; - if (this._pendingWrite === undefined) { - afterWrite(); - } - else { - this._finishPendingWrite().then(afterWrite, afterWrite); - } - this._writableStreamController.error(reason); - } - }; - WrappingWritableStreamSink.prototype._finishErroring = function (reason) { - if (this._state === "writable" /* WRITABLE */) { - this._startErroring(reason); - } - if (this._state === "erroring" /* ERRORING */) { - this._state = "errored" /* ERRORED */; - this._errorPromiseReject(this._storedError); - } - }; - return WrappingWritableStreamSink; -}()); - -function createTransformStreamWrapper(ctor) { - assert$1(isTransformStreamConstructor(ctor)); - return function (transform) { - if (transform.constructor === ctor) { - return transform; - } - var transformer = createWrappingTransformer(transform); - return new ctor(transformer); - }; -} -function createWrappingTransformer(transform) { - assert$1(isTransformStream(transform)); - var readable = transform.readable, writable = transform.writable; - assert$1(readable.locked === false); - assert$1(writable.locked === false); - var reader = readable.getReader(); - var writer; - try { - writer = writable.getWriter(); - } - catch (e) { - reader.releaseLock(); // do not leak reader - throw e; - } - return new WrappingTransformStreamTransformer(reader, writer); -} -var WrappingTransformStreamTransformer = /** @class */ (function () { - function WrappingTransformStreamTransformer(reader, writer) { - var _this = this; - this._transformStreamController = undefined; - this._onRead = function (result) { - if (result.done) { - return; - } - _this._transformStreamController.enqueue(result.value); - return _this._reader.read().then(_this._onRead); - }; - this._onError = function (reason) { - _this._flushReject(reason); - _this._transformStreamController.error(reason); - _this._reader.cancel(reason).catch(noop$1); - _this._writer.abort(reason).catch(noop$1); - }; - this._onTerminate = function () { - _this._flushResolve(); - _this._transformStreamController.terminate(); - var error = new TypeError('TransformStream terminated'); - _this._writer.abort(error).catch(noop$1); - }; - this._reader = reader; - this._writer = writer; - this._flushPromise = new Promise(function (resolve, reject) { - _this._flushResolve = resolve; - _this._flushReject = reject; - }); - } - WrappingTransformStreamTransformer.prototype.start = function (controller) { - this._transformStreamController = controller; - this._reader.read() - .then(this._onRead) - .then(this._onTerminate, this._onError); - var readerClosed = this._reader.closed; - if (readerClosed) { - readerClosed - .then(this._onTerminate, this._onError); - } - }; - WrappingTransformStreamTransformer.prototype.transform = function (chunk) { - return this._writer.write(chunk); - }; - WrappingTransformStreamTransformer.prototype.flush = function () { - var _this = this; - return this._writer.close() - .then(function () { return _this._flushPromise; }); - }; - return WrappingTransformStreamTransformer; -}()); - -var webStreamsAdapter = /*#__PURE__*/Object.freeze({ - __proto__: null, - createReadableStreamWrapper: createReadableStreamWrapper, - createTransformStreamWrapper: createTransformStreamWrapper, - createWrappingReadableSource: createWrappingReadableSource, - createWrappingTransformer: createWrappingTransformer, - createWrappingWritableSink: createWrappingWritableSink, - createWritableStreamWrapper: createWritableStreamWrapper -}); - -var bn = createCommonjsModule(function (module) { -(function (module, exports) { - - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); - } - - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - } - - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; - } - - this.negative = 0; - this.words = null; - this.length = 0; - - // Reduction context - this.red = null; - - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; - } - - this._init(number || 0, base || 10, endian || 'be'); - } - } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; - } - - BN.BN = BN; - BN.wordSize = 26; - - var Buffer; - try { - Buffer = buffer__default['default'].Buffer; - } catch (e) { - } - - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; - - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; - - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); - } - - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } - - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - } - - if (base === 16) { - this._parseHex(number, start); - } else { - this._parseBase(number, base, start); - } - - if (number[0] === '-') { - this.negative = 1; - } - - this.strip(); - - if (endian !== 'le') return; - - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } - - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } - return this.strip(); - }; - - function parseHex (str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r <<= 4; - - // 'a' - 'f' - if (c >= 49 && c <= 54) { - r |= c - 49 + 0xa; - - // 'A' - 'F' - } else if (c >= 17 && c <= 22) { - r |= c - 17 + 0xa; - - // '0' - '9' - } else { - r |= c & 0xf; - } - } - return r; - } - - BN.prototype._parseHex = function _parseHex (number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (i = number.length - 6, j = 0; i >= start; i -= 6) { - w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - if (i + 6 !== start) { - w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - } - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; - - // '0' - '9' - } else { - r += c; - } - } - return r; - } - - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; - } - limbLen--; - limbPow = (limbPow / base) | 0; - - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; - - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); - - for (i = 0; i < mod; i++) { - pow *= base; - } - - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - }; - - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; - } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; - } - return this; - }; - - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; - } - return this._normSign(); - }; - - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; - } - return this; - }; - - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; - - /* - - var zeros = []; - var groupSizes = []; - var groupBases = []; - - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; - } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } - - */ - - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; - - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; - - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; - - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; - } - } - if (this.isZero()) { - out = '0' + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - assert(false, 'Base should be between 2 and 36'); - }; - - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; - - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; - - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; - - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; - - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); - - res[i] = b; - } - - for (; i < reqLength; i++) { - res[i] = 0; - } - } - - return res; - }; - - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; - } - if (t >= 0x8) { - r += 4; - t >>>= 4; - } - if (t >= 0x02) { - r += 2; - t >>>= 2; - } - return r + t; - }; - } - - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; - - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; - } - if ((t & 0x1) === 0) { - r++; - } - return r; - }; - - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; - - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; - } - - return w; - } - - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; - - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; - } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); - } - return this.clone(); - }; - - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); - } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; - - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; - } - - return this; - }; - - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; - } - - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; - } - - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; - - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; - } - - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; - - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; - - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; - - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; - } - - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; - } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); - } - - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); - } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - return this; - }; - - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; - } - - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; - - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } - - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } - - this.length = Math.max(this.length, i); - - if (a !== this) { - this.negative = 1; - } - - return this.strip(); - }; - - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; - - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; - } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; - } - - return out.strip(); - } - - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); - } - - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; - } - - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; - - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; - } - - return rb; - }; - - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; - } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; - - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; - - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; - - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; - } - } - } - } - }; - - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; - } - - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; - - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; - - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; - - t = iws[i]; - - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; - } - }; - - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; - - ws[i] = w & 0x3ffffff; - - if (w < 0x4000000) { - carry = 0; - } else { - carry = w / 0x4000000 | 0; - } - } - - return ws; - }; - - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; - } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; - } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; - } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; - } - - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; - - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; - - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; - - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; - - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); - - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; - } - - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; - - res = res.mul(q); - } - } - - return res; - }; - - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); - } - - if (carry) { - this.words[i] = carry; - this.length++; - } - } - - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } - - for (i = 0; i < s; i++) { - this.words[i] = 0; - } - - this.length += s; - } - - return this.strip(); - }; - - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; - - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; - } - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; - } - - if (s === 0) ; else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; - } - - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; - } - - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; - } - - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } - - return this.strip(); - }; - - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; - - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; - - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; - - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; - - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; - - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; - - // Check bit and return - var w = this.words[s]; - - return !!(w & q); - }; - - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - - assert(this.negative === 0, 'imaskn works only with positive numbers'); - - if (this.length <= s) { - return this; - } - - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); - - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } - - return this.strip(); - }; - - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; - - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } - - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; - } - - // Add without checks - return this._iaddn(num); - }; - - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; - - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } - } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); - - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; - } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } - } - - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; - - return this; - }; - - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; - - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; - - this._expand(len); - - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; - } - - if (carry === 0) return this.strip(); - - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; - } - this.negative = 1; - - return this.strip(); - }; - - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; - - var a = this.clone(); - var b = num; - - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; - } - - // Initialize quotient - var m = a.length - b.length; - var q; - - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; - } - } - - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; - } - } - - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); - - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); - - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } - } - if (q) { - q.words[j] = qj; - } - } - if (q) { - q.strip(); - } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); - } - - return { - div: q || null, - mod: a - }; - }; - - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); - - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; - } - - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } - - return { - div: div, - mod: mod - }; - } - - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } - - return { - div: div, - mod: res.mod - }; - } - - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } - - return { - div: res.div, - mod: mod - }; - } - - // Both numbers are positive at this point - - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } - - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; - } - - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; - } - - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; - } - - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; - - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); - - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; - - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; - - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; - - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; - } - - return acc; - }; - - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); - - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; - } - - return this.strip(); - }; - - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; - - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var x = this; - var y = p.clone(); - - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); - } - - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); - - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); - - var g = 0; - - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; - } - - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } - - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); - } - - C.iushrn(1); - D.iushrn(1); - } - } - - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } - } - - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; - - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); - - var a = this; - var b = p.clone(); - - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); - } - - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } - - x1.iushrn(1); - } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); - } - - x2.iushrn(1); - } - } - - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); - } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; - } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); - } - - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } - - a.isub(b); - } while (true); - - return b.iushln(shift); - }; - - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; - - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; - - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; - - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; - - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; - } - - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; - } - return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; - - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; - - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; - - this.strip(); - - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } - - assert(num <= 0x3ffffff, 'Number is too big'); - - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; - } - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; - - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; - - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } - break; - } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; - - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; - - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; - - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; - - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; - - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; - - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; - - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; - - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; - - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; - - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; - return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; - - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; - - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; - - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; - - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; - - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; - - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; - - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; - - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; - - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; - - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; - - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; - - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); - }; - - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; - - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; - - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); - - this.tmp = this._tmp(); - } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); - } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; - - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } - } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); - } - inherits(P224, MPrime); - - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); - } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); - } - inherits(P25519, MPrime); - - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; - - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; - - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - - return prime; - }; - - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; - } - } - - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; - - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; - - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; - - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } - - return this.m.sub(a)._forceRed(this); - }; - - Red.prototype.add = function add (a, b) { - this._verify2(a, b); - - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); - - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; - - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); - - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res._forceRed(this); - }; - - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); - } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; - - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; - - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; - - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); - - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); - - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } - - return r; - }; - - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; - - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); - - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } - - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } - - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } - - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } - - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; - - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } - - return res; - }; - - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); - - return r === num ? r.clone() : r; - }; - - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; - - // - // Montgomery method engine - // - - BN.mont = function mont (num) { - return new Mont(num); - }; - - function Mont (m) { - Red.call(this, m); - - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } - - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); - - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); - } - inherits(Mont, Red); - - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; - - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; - - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); - - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; -})(module, commonjsGlobal); -}); - -var bn$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': bn, - __moduleExports: bn -}); - -/** - * @fileoverview - * BigInteger implementation of basic operations - * Wrapper of bn.js library (wwww.github.com/indutny/bn.js) - * @module biginteger/bn - * @private - */ - -/** - * @private - */ -class BigInteger$1 { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - - this.value = new bn(n); - } - - clone() { - const clone = new BigInteger$1(null); - this.value.copy(clone.value); - return clone; - } - - /** - * BigInteger increment in place - */ - iinc() { - this.value.iadd(new bn(1)); - return this; - } - - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - - /** - * BigInteger decrement in place - */ - idec() { - this.value.isub(new bn(1)); - return this; - } - - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } - - - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value.iadd(x.value); - return this; - } - - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } - - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value.isub(x.value); - return this; - } - - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } - - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value.imul(x.value); - return this; - } - - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); - } - - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value = this.value.umod(m.value); - return this; - } - - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } - - /** - * Compute modular exponentiation - * Much faster than this.exp(e).mod(n) - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - // We use either Montgomery or normal reduction context - // Montgomery requires coprime n and R (montogmery multiplier) - // bn.js picks R as power of 2, so n must be odd - const nred = n.isEven() ? bn.red(n.value) : bn.mont(n.value); - const x = this.clone(); - x.value = x.value.toRed(nred).redPow(e.value).fromRed(); - return x; - } - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - // invm returns a wrong result if the inverse does not exist - if (!this.gcd(n).isOne()) { - throw new Error('Inverse does not exist'); - } - return new BigInteger$1(this.value.invm(n.value)); - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} n - Operand - * @returns {BigInteger} gcd - */ - gcd(n) { - return new BigInteger$1(this.value.gcd(n.value)); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value.ishln(x.value.toNumber()); - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value.ishrn(x.value.toNumber()); - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value.eq(x.value); - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value.lt(x.value); - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value.lte(x.value); - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value.gt(x.value); - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value.gte(x.value); - } - - isZero() { - return this.value.isZero(); - } - - isOne() { - return this.value.eq(new bn(1)); - } - - isNegative() { - return this.value.isNeg(); - } - - isEven() { - return this.value.isEven(); - } - - abs() { - const res = this.clone(); - res.value = res.value.abs(); - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - return this.value.toNumber(); - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - return this.value.testn(i) ? 1 : 0; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - return this.value.bitLength(); - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - return this.value.byteLength(); - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - return this.value.toArrayLike(Uint8Array, endian, length); - } -} - -var bn_interface = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': BigInteger$1 -}); - -var utils_1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - return res; - } - if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } else { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } - return res; -} -utils.toArray = toArray; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -utils.zero2 = zero2; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -utils.toHex = toHex; - -utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; -}; -}); - -var utils_1$1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - - - - -utils.assert = minimalisticAssert; -utils.toArray = utils_1.toArray; -utils.zero2 = utils_1.zero2; -utils.toHex = utils_1.toHex; -utils.encode = utils_1.encode; - -// Represent num in a w-NAF form -function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; - } - naf.push(z); - - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.iushrn(shift); - } - - return naf; -} -utils.getNAF = getNAF; - -// Represent k1, k2 in a Joint Sparse Form -function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; - } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; - } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.iushrn(1); - k2.iushrn(1); - } - - return jsf; -} -utils.getJSF = getJSF; - -function cachedProperty(obj, name, computer) { - var key = '_' + name; - obj.prototype[name] = function cachedProperty() { - return this[key] !== undefined ? this[key] : - this[key] = computer.call(this); - }; -} -utils.cachedProperty = cachedProperty; - -function parseBytes(bytes) { - return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') : - bytes; -} -utils.parseBytes = parseBytes; - -function intFromLE(bytes) { - return new bn(bytes, 'hex', 'le'); -} -utils.intFromLE = intFromLE; -}); - -var r$1; - -var brorand = function rand(len) { - if (!r$1) - r$1 = new Rand(null); - - return r$1.generate(len); -}; - -function Rand(rand) { - this.rand = rand; -} -var Rand_1 = Rand; - -Rand.prototype.generate = function generate(len) { - return this._rand(len); -}; - -// Emulate crypto API using randy -Rand.prototype._rand = function _rand(n) { - if (this.rand.getBytes) - return this.rand.getBytes(n); - - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; -}; - -if (typeof self === 'object') { - if (self.crypto && self.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.crypto.getRandomValues(arr); - return arr; - }; - } else if (self.msCrypto && self.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.msCrypto.getRandomValues(arr); - return arr; - }; - - // Safari's WebWorkers do not have `crypto` - } else if (typeof window === 'object') { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; - } -} else { - // Node.js or Web worker with no crypto support - try { - var crypto$2 = crypto__default['default']; - if (typeof crypto$2.randomBytes !== 'function') - throw new Error('Not supported'); - - Rand.prototype._rand = function _rand(n) { - return crypto$2.randomBytes(n); - }; - } catch (e) { - } -} -brorand.Rand = Rand_1; - -var getNAF = utils_1$1.getNAF; -var getJSF = utils_1$1.getJSF; -var assert$2 = utils_1$1.assert; - -function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); - - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); - - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); - - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); - - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); - - // Generalized Greg Maxwell's trick - var adjustCount = this.n && this.p.div(this.n); - if (!adjustCount || adjustCount.cmpn(100) > 0) { - this.redN = null; - } else { - this._maxwellTrick = true; - this.redN = this.n.toRed(this.red); - } -} -var base = BaseCurve; - -BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); -}; - -BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); -}; - -BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - assert$2(p.precomputed); - var doubles = p._getDoubles(); - - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; - - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); - } - - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); - } - a = a.add(b); - } - return a.toP(); -}; - -BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; - - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; - - // Get NAF form - var naf = getNAF(k, w); - - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); - - if (i < 0) - break; - var z = naf[i]; - assert$2(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } - } - return p.type === 'affine' ? acc.toP() : acc; -}; - -BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len, - jacobianResult) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; - - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; - } - - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; - } - - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; - - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } - - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; - - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; - - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } - } - - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; - - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; - - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); - - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); - } - } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - - if (jacobianResult) - return acc; - else - return acc.toP(); -}; - -function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; -} -BaseCurve.BasePoint = BasePoint; - -BasePoint.prototype.eq = function eq(/*other*/) { - throw new Error('Not implemented'); -}; - -BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); -}; - -BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - bytes = utils_1$1.toArray(bytes, enc); - - var len = this.p.byteLength(); - - // uncompressed, hybrid-odd, hybrid-even - if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) && - bytes.length - 1 === 2 * len) { - if (bytes[0] === 0x06) - assert$2(bytes[bytes.length - 1] % 2 === 0); - else if (bytes[0] === 0x07) - assert$2(bytes[bytes.length - 1] % 2 === 1); - - var res = this.point(bytes.slice(1, 1 + len), - bytes.slice(1 + len, 1 + 2 * len)); - - return res; - } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) && - bytes.length - 1 === len) { - return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03); - } - throw new Error('Unknown point format'); -}; - -BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) { - return this.encode(enc, true); -}; - -BasePoint.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - var x = this.getX().toArray('be', len); - - if (compact) - return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); - - return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; -}; - -BasePoint.prototype.encode = function encode(enc, compact) { - return utils_1$1.encode(this._encode(compact), enc); -}; - -BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; - - var precomputed = { - doubles: null, - naf: null, - beta: null - }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; - - return this; -}; - -BasePoint.prototype._hasDoubles = function _hasDoubles(k) { - if (!this.precomputed) - return false; - - var doubles = this.precomputed.doubles; - if (!doubles) - return false; - - return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); -}; - -BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; - - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; -}; - -BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; - - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; -}; - -BasePoint.prototype._getBeta = function _getBeta() { - return null; -}; - -BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; -}; - -var assert$3 = utils_1$1.assert; - -function ShortCurve(conf) { - base.call(this, 'short', conf); - - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); - - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; - - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); -} -inherits(ShortCurve, base); -var short_1 = ShortCurve; - -ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; - - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; - } else { - lambda = lambdas[1]; - assert$3(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); - } - } - - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); - } else { - basis = this._getEndoBasis(lambda); - } - - return { - beta: beta, - lambda: lambda, - basis: basis - }; -}; - -ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); - - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; -}; - -ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2)); - - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); - - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; - - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); - - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; - } - prevR = r; - - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; - } - a2 = r.neg(); - b2 = x; - - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; - } - - // Normalize signs - if (a1.negative) { - a1 = a1.neg(); - b1 = b1.neg(); - } - if (a2.negative) { - a2 = a2.neg(); - b2 = b2.neg(); - } - - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; -}; - -ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); - - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; -}; - -ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; - -ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; - - var x = point.x; - var y = point.y; - - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; -}; - -ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs, jacobianResult) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); - - if (split.k1.negative) { - split.k1.ineg(); - p = p.neg(true); - } - if (split.k2.negative) { - split.k2.ineg(); - beta = beta.neg(true); - } - - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); - - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; - } - return res; -}; - -function Point(curve, x, y, isRed) { - base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); - } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; - } -} -inherits(Point, base.BasePoint); - -ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); -}; - -ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); -}; - -Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; - - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; - - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; -}; - -Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; - - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; -}; - -Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; - - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); - } - - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) - } - }; - return res; -}; - -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point.prototype.isInfinity = function isInfinity() { - return this.inf; -}; - -Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; - - // P + O = P - if (p.inf) - return this; - - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); - - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); - - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; - -Point.prototype.dbl = function dbl() { - if (this.inf) - return this; - - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - - var a = this.curve.a; - - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; - -Point.prototype.getX = function getX() { - return this.x.fromRed(); -}; - -Point.prototype.getY = function getY() { - return this.y.fromRed(); -}; - -Point.prototype.mul = function mul(k) { - k = new bn(k, 16); - if (this.isInfinity()) - return this; - else if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); -}; - -Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); -}; - -Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs, true); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2, true); -}; - -Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); -}; - -Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; - - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) - } - }; - } - return res; -}; - -Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); - - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; -}; - -function JPoint(curve, x, y, z) { - base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); - } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - - this.zOne = this.z === this.curve.one; -} -inherits(JPoint, base.BasePoint); - -ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); -}; - -JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); - - return this.curve.point(ax, ay); -}; - -JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); -}; - -JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; - - // P + O = P - if (p.isInfinity()) - return this; - - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } - - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); - - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); - - // P + O = P - if (p.isInfinity()) - return this; - - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } - - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); - - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); - - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; - } - - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; - - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); - - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); - - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); - - jx = nx; - jz = nz; - jyd = dny; - } - - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); -}; - -JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); -}; - -JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); - - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); - - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); - - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; - - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); - - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); - - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); - - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); - - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); - - return this.curve._wnafMul(this, k); -}; - -JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); - - if (this === p) - return true; - - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; - - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; -}; - -JPoint.prototype.eqXToP = function eqXToP(x) { - var zs = this.z.redSqr(); - var rx = x.toRed(this.curve.red).redMul(zs); - if (this.x.cmp(rx) === 0) - return true; - - var xc = x.clone(); - var t = this.curve.redN.redMul(zs); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; - - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; - -JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; - -function MontCurve(conf) { - base.call(this, 'mont', conf); - - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - // Note: this implementation is according to the original paper - // by P. Montgomery, NOT the one by D. J. Bernstein. - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); -} -inherits(MontCurve, base); -var mont = MontCurve; - -MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); - - return y.redSqr().cmp(rhs) === 0; -}; - -function Point$1(curve, x, z) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } -} -inherits(Point$1, base.BasePoint); - -MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - var bytes = utils_1$1.toArray(bytes, enc); - - // TODO Curve448 - // Montgomery curve points must be represented in the compressed format - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (bytes.length === 33 && bytes[0] === 0x40) - bytes = bytes.slice(1, 33).reverse(); // point must be little-endian - if (bytes.length !== 32) - throw new Error('Unknown point compression format'); - return this.point(bytes, 1); -}; - -MontCurve.prototype.point = function point(x, z) { - return new Point$1(this, x, z); -}; - -MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$1.fromJSON(this, obj); -}; - -Point$1.prototype.precompute = function precompute() { - // No-op -}; - -Point$1.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - - // Note: the output should always be little-endian - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (compact) { - return [ 0x40 ].concat(this.getX().toArray('le', len)); - } else { - return this.getX().toArray('be', len); - } -}; - -Point$1.fromJSON = function fromJSON(curve, obj) { - return new Point$1(curve, obj[0], obj[1] || curve.one); -}; - -Point$1.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point$1.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; - -Point$1.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A - - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); -}; - -Point$1.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A - - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); -}; - -Point$1.prototype.mul = function mul(k) { - k = new bn(k, 16); - - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q - - for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1)) - bits.push(t.andln(1)); - - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); - } - } - return b; -}; - -Point$1.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.jumlAdd = function jumlAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.eq = function eq(other) { - return this.getX().cmp(other.getX()) === 0; -}; - -Point$1.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; -}; - -Point$1.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); - - return this.x.fromRed(); -}; - -var assert$4 = utils_1$1.assert; - -function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - - base.call(this, 'edwards', conf); - - this.a = new bn(conf.a, 16).umod(this.red.m); - this.a = this.a.toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); - - assert$4(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; -} -inherits(EdwardsCurve, base); -var edwards = EdwardsCurve; - -EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); -}; - -EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); -}; - -// Just for compatibility with Short curve -EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); -}; - -EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); - - var y2 = rhs.redMul(lhs.redInvm()); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; - -EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) { - y = new bn(y, 16); - if (!y.red) - y = y.toRed(this.red); - - // x^2 = (y^2 - c^2) / (c^2 d y^2 - a) - var y2 = y.redSqr(); - var lhs = y2.redSub(this.c2); - var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a); - var x2 = lhs.redMul(rhs.redInvm()); - - if (x2.cmp(this.zero) === 0) { - if (odd) - throw new Error('invalid point'); - else - return this.point(this.zero, y); - } - - var x = x2.redSqrt(); - if (x.redSqr().redSub(x2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - if (x.fromRed().isOdd() !== odd) - x = x.redNeg(); - - return this.point(x, y); -}; - -EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; - - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); - - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - - return lhs.cmp(rhs) === 0; -}; - -function Point$2(curve, x, y, z, t) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; - - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } -} -inherits(Point$2, base.BasePoint); - -EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$2.fromJSON(this, obj); -}; - -EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point$2(this, x, y, z, t); -}; - -Point$2.fromJSON = function fromJSON(curve, obj) { - return new Point$2(curve, obj[0], obj[1], obj[2]); -}; - -Point$2.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; - -Point$2.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - (this.y.cmp(this.z) === 0 || - (this.zOne && this.y.cmp(this.curve.c) === 0)); -}; - -Point$2.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S - - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); - - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); - } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.z).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); -}; - -Point$2.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M - - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; - - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); -}; - -Point$2.prototype.mul = function mul(k) { - if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); -}; - -Point$2.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false); -}; - -Point$2.prototype.jmulAdd = function jmulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true); -}; - -Point$2.prototype.normalize = function normalize() { - if (this.zOne) - return this; - - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; -}; - -Point$2.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); -}; - -Point$2.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); -}; - -Point$2.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); -}; - -Point$2.prototype.eq = function eq(other) { - return this === other || - this.getX().cmp(other.getX()) === 0 && - this.getY().cmp(other.getY()) === 0; -}; - -Point$2.prototype.eqXToP = function eqXToP(x) { - var rx = x.toRed(this.curve.red).redMul(this.z); - if (this.x.cmp(rx) === 0) - return true; - - var xc = x.clone(); - var t = this.curve.redN.redMul(this.z); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; - - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; - -// Compatibility with BaseCurve -Point$2.prototype.toP = Point$2.prototype.normalize; -Point$2.prototype.mixedAdd = Point$2.prototype.add; - -var curve_1 = createCommonjsModule(function (module, exports) { - -var curve = exports; - -curve.base = base; -curve.short = short_1; -curve.mont = mont; -curve.edwards = edwards; -}); - -var rotl32$2 = utils.rotl32; -var sum32$3 = utils.sum32; -var sum32_5$2 = utils.sum32_5; -var ft_1$1 = common$1.ft_1; -var BlockHash$4 = common.BlockHash; - -var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 -]; - -function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); - - BlockHash$4.call(this); - this.h = [ - 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); -} - -utils.inherits(SHA1, BlockHash$4); -var _1 = SHA1; - -SHA1.blockSize = 512; -SHA1.outSize = 160; -SHA1.hmacStrength = 80; -SHA1.padLength = 64; - -SHA1.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - - for(; i < W.length; i++) - W[i] = rotl32$2(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - - for (i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5$2(rotl32$2(a, 5), ft_1$1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32$2(b, 30); - b = a; - a = t; - } - - this.h[0] = sum32$3(this.h[0], a); - this.h[1] = sum32$3(this.h[1], b); - this.h[2] = sum32$3(this.h[2], c); - this.h[3] = sum32$3(this.h[3], d); - this.h[4] = sum32$3(this.h[4], e); -}; - -SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -var sha1 = _1; -var sha224 = _224; -var sha256 = _256; -var sha384 = _384; -var sha512 = _512; - -var sha = { - sha1: sha1, - sha224: sha224, - sha256: sha256, - sha384: sha384, - sha512: sha512 -}; - -function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; - - this._init(utils.toArray(key, enc)); -} -var hmac = Hmac; - -Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - minimalisticAssert(key.length <= this.blockSize); - - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); - - for (i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); - - // 0x36 ^ 0x5c = 0x6a - for (i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); -}; - -Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); - return this; -}; - -Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); -}; - -var hash_1 = createCommonjsModule(function (module, exports) { -var hash = exports; - -hash.utils = utils; -hash.common = common; -hash.sha = sha; -hash.ripemd = ripemd; -hash.hmac = hmac; - -// Proxy hash functions to the main object -hash.sha1 = hash.sha.sha1; -hash.sha256 = hash.sha.sha256; -hash.sha224 = hash.sha.sha224; -hash.sha384 = hash.sha.sha384; -hash.sha512 = hash.sha.sha512; -hash.ripemd160 = hash.ripemd.ripemd160; -}); - -var secp256k1 = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] - } -}; - -var curves_1 = createCommonjsModule(function (module, exports) { - -var curves = exports; - - - - - -var assert = utils_1$1.assert; - -function PresetCurve(options) { - if (options.type === 'short') - this.curve = new curve_1.short(options); - else if (options.type === 'edwards') - this.curve = new curve_1.edwards(options); - else if (options.type === 'mont') - this.curve = new curve_1.mont(options); - else throw new Error('Unknown curve type.'); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; - - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O'); -} -curves.PresetCurve = PresetCurve; - -function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } - }); -} - -defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash_1.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] -}); - -defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash_1.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] -}); - -defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash_1.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] -}); - -defineCurve('p384', { - type: 'short', - prime: null, - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 ffffffff', - a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 fffffffc', - b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' + - '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef', - n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' + - 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973', - hash: hash_1.sha384, - gRed: false, - g: [ - 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' + - '5502f25d bf55296c 3a545e38 72760ab7', - '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' + - '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f' - ] -}); - -defineCurve('p521', { - type: 'short', - prime: null, - p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff', - a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff fffffffc', - b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' + - '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' + - '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00', - n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' + - 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409', - hash: hash_1.sha512, - gRed: false, - g: [ - '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' + - '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' + - 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66', - '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' + - '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' + - '3fad0761 353c7086 a272c240 88be9476 9fd16650' - ] -}); - -// https://tools.ietf.org/html/rfc7748#section-4.1 -defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '1', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '9' - ] -}); - -defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.4 -defineCurve('brainpoolP256r1', { - type: 'short', - prime: null, - p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377', - a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9', - b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6', - n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7', - hash: hash_1.sha256, // or 384, or 512 - gRed: false, - g: [ - '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', - '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.6 -defineCurve('brainpoolP384r1', { - type: 'short', - prime: null, - p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' + - 'ACD3A729 901D1A71 87470013 3107EC53', - a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' + - '8AA5814A 503AD4EB 04A8C7DD 22CE2826', - b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' + - '7CB43902 95DBC994 3AB78696 FA504C11', - n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' + - 'CF3AB6AF 6B7FC310 3B883202 E9046565', - hash: hash_1.sha384, // or 512 - gRed: false, - g: [ - '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' + - 'E8E826E03436D646AAEF87B2E247D4AF1E', - '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' + - '280E4646217791811142820341263C5315' - ] -}); - -// https://tools.ietf.org/html/rfc5639#section-3.7 -defineCurve('brainpoolP512r1', { - type: 'short', - prime: null, - p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' + - '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3', - a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' + - '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA', - b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' + - '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723', - n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' + - '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069', - hash: hash_1.sha512, - gRed: false, - g: [ - '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' + - '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', - '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' + - '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892' - ] -}); - -// https://en.bitcoin.it/wiki/Secp256k1 -var pre; -try { - pre = secp256k1; -} catch (e) { - pre = undefined; -} - -defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash_1.sha256, - - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' - } - ], - - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] -}); -}); - -function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; - - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; - - this._reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; - - var entropy = utils_1.toArray(options.entropy, options.entropyEnc || 'hex'); - var nonce = utils_1.toArray(options.nonce, options.nonceEnc || 'hex'); - var pers = utils_1.toArray(options.pers, options.persEnc || 'hex'); - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); -} -var hmacDrbg = HmacDRBG; - -HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); - - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; - } - - this._update(seed); - this._reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 -}; - -HmacDRBG.prototype._hmac = function hmac() { - return new hash_1.hmac(this.hash, this.K); -}; - -HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; - - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); -}; - -HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; - } - - entropy = utils_1.toArray(entropy, entropyEnc); - add = utils_1.toArray(add, addEnc); - - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - - this._update(entropy.concat(add || [])); - this._reseed = 1; -}; - -HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this._reseed > this.reseedInterval) - throw new Error('Reseed is required'); - - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; - } - - // Optional additional data - if (add) { - add = utils_1.toArray(add, addEnc || 'hex'); - this._update(add); - } - - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); - } - - var res = temp.slice(0, len); - this._update(add); - this._reseed++; - return utils_1.encode(res, enc); -}; - -var assert$5 = utils_1$1.assert; - -function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; - - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); -} -var key = KeyPair; - -KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; - - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); -}; - -KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; - - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); -}; - -// TODO: should not validate for X25519 -KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); - - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; - - return { result: true, reason: null }; -}; - -KeyPair.prototype.getPublic = function getPublic(enc, compact) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); - - if (!enc) - return this.pub; - - return this.pub.encode(enc, compact); -}; - -KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; -}; - -KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // For Curve25519/Curve448 we have a specific procedure. - // TODO Curve448 - if (this.ec.curve.type === 'mont') { - var one = this.ec.curve.one; - var mask = one.ushln(255 - 3).sub(one).ushln(3); - this.priv = this.priv.or(one.ushln(255 - 1)); - this.priv = this.priv.and(mask); - } else - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.umod(this.ec.curve.n); -}; - -KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - // Montgomery points only have an `x` coordinate. - // Weierstrass/Edwards points on the other hand have both `x` and - // `y` coordinates. - if (this.ec.curve.type === 'mont') { - assert$5(key.x, 'Need x coordinate'); - } else if (this.ec.curve.type === 'short' || - this.ec.curve.type === 'edwards') { - assert$5(key.x && key.y, 'Need both x and y coordinate'); - } - this.pub = this.ec.curve.point(key.x, key.y); - return; - } - this.pub = this.ec.curve.decodePoint(key, enc); -}; - -// ECDH -KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); -}; - -// ECDSA -KeyPair.prototype.sign = function sign(msg, enc, options) { - return this.ec.sign(msg, this, enc, options); -}; - -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); -}; - -KeyPair.prototype.inspect = function inspect() { - return ''; -}; - -var assert$6 = utils_1$1.assert; - -function Signature$1(options, enc) { - if (options instanceof Signature$1) - return options; - - if (this._importDER(options, enc)) - return; - - assert$6(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); - if (options.recoveryParam === undefined) - this.recoveryParam = null; - else - this.recoveryParam = options.recoveryParam; -} -var signature$1 = Signature$1; - -function Position() { - this.place = 0; -} - -function getLength(buf, p) { - var initial = buf[p.place++]; - if (!(initial & 0x80)) { - return initial; - } - var octetLen = initial & 0xf; - var val = 0; - for (var i = 0, off = p.place; i < octetLen; i++, off++) { - val <<= 8; - val |= buf[off]; - } - p.place = off; - return val; -} - -function rmPadding(buf) { - var i = 0; - var len = buf.length - 1; - while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) { - i++; - } - if (i === 0) { - return buf; - } - return buf.slice(i); -} - -Signature$1.prototype._importDER = function _importDER(data, enc) { - data = utils_1$1.toArray(data, enc); - var p = new Position(); - if (data[p.place++] !== 0x30) { - return false; - } - var len = getLength(data, p); - if ((len + p.place) !== data.length) { - return false; - } - if (data[p.place++] !== 0x02) { - return false; - } - var rlen = getLength(data, p); - var r = data.slice(p.place, rlen + p.place); - p.place += rlen; - if (data[p.place++] !== 0x02) { - return false; - } - var slen = getLength(data, p); - if (data.length !== slen + p.place) { - return false; - } - var s = data.slice(p.place, slen + p.place); - if (r[0] === 0 && (r[1] & 0x80)) { - r = r.slice(1); - } - if (s[0] === 0 && (s[1] & 0x80)) { - s = s.slice(1); - } - - this.r = new bn(r); - this.s = new bn(s); - this.recoveryParam = null; - - return true; -}; - -function constructLength(arr, len) { - if (len < 0x80) { - arr.push(len); - return; - } - var octets = 1 + (Math.log(len) / Math.LN2 >>> 3); - arr.push(octets | 0x80); - while (--octets) { - arr.push((len >>> (octets << 3)) & 0xff); - } - arr.push(len); -} - -Signature$1.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); - - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); - - r = rmPadding(r); - s = rmPadding(s); - - while (!s[0] && !(s[1] & 0x80)) { - s = s.slice(1); - } - var arr = [ 0x02 ]; - constructLength(arr, r.length); - arr = arr.concat(r); - arr.push(0x02); - constructLength(arr, s.length); - var backHalf = arr.concat(s); - var res = [ 0x30 ]; - constructLength(res, backHalf.length); - res = res.concat(backHalf); - return utils_1$1.encode(res, enc); -}; - -var assert$7 = utils_1$1.assert; - - - - -function EC(options) { - if (!(this instanceof EC)) - return new EC(options); - - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert$7(curves_1.hasOwnProperty(options), 'Unknown curve ' + options); - - options = curves_1[options]; - } - - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof curves_1.PresetCurve) - options = { curve: options }; - - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.ushrn(1); - this.g = this.curve.g; - - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); - - // Hash function for DRBG - this.hash = options.hash || options.curve.hash; -} -var ec = EC; - -EC.prototype.keyPair = function keyPair(options) { - return new key(this, options); -}; - -EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return key.fromPrivate(this, priv, enc); -}; - -EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return key.fromPublic(this, pub, enc); -}; - -EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.n.toArray() - }); - - // Key generation for curve25519 is simpler - if (this.curve.type === 'mont') { - var priv = new bn(drbg.generate(32)); - return this.keyFromPrivate(priv); - } - - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; - - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); -}; - -EC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) { - bitSize = bitSize || msg.byteLength() * 8; - var delta = bitSize - this.n.bitLength(); - if (delta > 0) - msg = msg.ushrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; -}; - -EC.prototype.truncateMsg = function truncateMSG(msg) { - // Bit size is only determined correctly for Uint8Arrays and hex strings - var bitSize; - if (msg instanceof Uint8Array) { - bitSize = msg.byteLength * 8; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else if (typeof msg === 'string') { - bitSize = msg.length * 4; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else { - msg = this._truncateToN(new bn(msg, 16)); - } - return msg; -}; - -EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this.truncateMsg(msg); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray('be', bytes); - - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray('be', bytes); - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - entropy: bkey, - nonce: nonce, - pers: options.pers, - persEnc: options.persEnc || 'utf8' - }); - - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); - - for (var iter = 0; true; iter++) { - var k = options.k ? - options.k(iter) : - new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; - - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; - - var kpX = kp.getX(); - var r = kpX.umod(this.n); - if (r.cmpn(0) === 0) - continue; - - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); - s = s.umod(this.n); - if (s.cmpn(0) === 0) - continue; - - var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | - (kpX.cmp(r) !== 0 ? 2 : 0); - - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) { - s = this.n.sub(s); - recoveryParam ^= 1; - } - - return new signature$1({ r: r, s: s, recoveryParam: recoveryParam }); - } -}; - -EC.prototype.verify = function verify(msg, signature, key, enc) { - key = this.keyFromPublic(key, enc); - signature = new signature$1(signature, 'hex'); - // Fallback to the old code - var ret = this._verify(this.truncateMsg(msg), signature, key) || - this._verify(this._truncateToN(new bn(msg, 16)), signature, key); - return ret; -}; - -EC.prototype._verify = function _verify(msg, signature, key) { - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; - - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).umod(this.n); - var u2 = sinv.mul(r).umod(this.n); - - if (!this.curve._maxwellTrick) { - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - return p.getX().umod(this.n).cmp(r) === 0; - } - - // NOTE: Greg Maxwell's trick, inspired by: - // https://git.io/vad3K - - var p = this.g.jmulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - // Compare `p.x` of Jacobian point with `r`, - // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the - // inverse of `p.z^2` - return p.eqXToP(r); -}; - -EC.prototype.recoverPubKey = function(msg, signature, j, enc) { - assert$7((3 & j) === j, 'The recovery param is more than two bits'); - signature = new signature$1(signature, enc); - - var n = this.n; - var e = new bn(msg); - var r = signature.r; - var s = signature.s; - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = j & 1; - var isSecondKey = j >> 1; - if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) - throw new Error('Unable to find sencond key candinate'); - - // 1.1. Let x = r + jn. - if (isSecondKey) - r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); - else - r = this.curve.pointFromX(r, isYOdd); - - var rInv = signature.r.invm(n); - var s1 = n.sub(e).mul(rInv).umod(n); - var s2 = s.mul(rInv).umod(n); - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - return this.g.mulAdd(s1, r, s2); -}; - -EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) { - signature = new signature$1(signature, enc); - if (signature.recoveryParam !== null) - return signature.recoveryParam; - - for (var i = 0; i < 4; i++) { - var Qprime; - try { - Qprime = this.recoverPubKey(e, signature, i); - } catch (e) { - continue; - } - - if (Qprime.eq(Q)) - return i; - } - throw new Error('Unable to find valid recovery factor'); -}; - -var assert$8 = utils_1$1.assert; -var parseBytes = utils_1$1.parseBytes; -var cachedProperty = utils_1$1.cachedProperty; - -/** -* @param {EDDSA} eddsa - instance -* @param {Object} params - public/private key parameters -* -* @param {Array} [params.secret] - secret seed bytes -* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms) -* @param {Array} [params.pub] - public key point encoded as bytes -* -*/ -function KeyPair$1(eddsa, params) { - this.eddsa = eddsa; - if (params.hasOwnProperty('secret')) - this._secret = parseBytes(params.secret); - if (eddsa.isPoint(params.pub)) - this._pub = params.pub; - else { - this._pubBytes = parseBytes(params.pub); - if (this._pubBytes && this._pubBytes.length === 33 && - this._pubBytes[0] === 0x40) - this._pubBytes = this._pubBytes.slice(1, 33); - if (this._pubBytes && this._pubBytes.length !== 32) - throw new Error('Unknown point compression format'); - } -} - -KeyPair$1.fromPublic = function fromPublic(eddsa, pub) { - if (pub instanceof KeyPair$1) - return pub; - return new KeyPair$1(eddsa, { pub: pub }); -}; - -KeyPair$1.fromSecret = function fromSecret(eddsa, secret) { - if (secret instanceof KeyPair$1) - return secret; - return new KeyPair$1(eddsa, { secret: secret }); -}; - -KeyPair$1.prototype.secret = function secret() { - return this._secret; -}; - -cachedProperty(KeyPair$1, 'pubBytes', function pubBytes() { - return this.eddsa.encodePoint(this.pub()); -}); - -cachedProperty(KeyPair$1, 'pub', function pub() { - if (this._pubBytes) - return this.eddsa.decodePoint(this._pubBytes); - return this.eddsa.g.mul(this.priv()); -}); - -cachedProperty(KeyPair$1, 'privBytes', function privBytes() { - var eddsa = this.eddsa; - var hash = this.hash(); - var lastIx = eddsa.encodingLength - 1; - - // https://tools.ietf.org/html/rfc8032#section-5.1.5 - var a = hash.slice(0, eddsa.encodingLength); - a[0] &= 248; - a[lastIx] &= 127; - a[lastIx] |= 64; - - return a; -}); - -cachedProperty(KeyPair$1, 'priv', function priv() { - return this.eddsa.decodeInt(this.privBytes()); -}); - -cachedProperty(KeyPair$1, 'hash', function hash() { - return this.eddsa.hash().update(this.secret()).digest(); -}); - -cachedProperty(KeyPair$1, 'messagePrefix', function messagePrefix() { - return this.hash().slice(this.eddsa.encodingLength); -}); - -KeyPair$1.prototype.sign = function sign(message) { - assert$8(this._secret, 'KeyPair can only verify'); - return this.eddsa.sign(message, this); -}; - -KeyPair$1.prototype.verify = function verify(message, sig) { - return this.eddsa.verify(message, sig, this); -}; - -KeyPair$1.prototype.getSecret = function getSecret(enc) { - assert$8(this._secret, 'KeyPair is public only'); - return utils_1$1.encode(this.secret(), enc); -}; - -KeyPair$1.prototype.getPublic = function getPublic(enc, compact) { - return utils_1$1.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc); -}; - -var key$1 = KeyPair$1; - -var assert$9 = utils_1$1.assert; -var cachedProperty$1 = utils_1$1.cachedProperty; -var parseBytes$1 = utils_1$1.parseBytes; - -/** -* @param {EDDSA} eddsa - eddsa instance -* @param {Array|Object} sig - -* @param {Array|Point} [sig.R] - R point as Point or bytes -* @param {Array|bn} [sig.S] - S scalar as bn or bytes -* @param {Array} [sig.Rencoded] - R point encoded -* @param {Array} [sig.Sencoded] - S scalar encoded -*/ -function Signature$2(eddsa, sig) { - this.eddsa = eddsa; - - if (typeof sig !== 'object') - sig = parseBytes$1(sig); - - if (Array.isArray(sig)) { - sig = { - R: sig.slice(0, eddsa.encodingLength), - S: sig.slice(eddsa.encodingLength) - }; - } - - assert$9(sig.R && sig.S, 'Signature without R or S'); - - if (eddsa.isPoint(sig.R)) - this._R = sig.R; - if (sig.S instanceof bn) - this._S = sig.S; - - this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded; - this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded; -} - -cachedProperty$1(Signature$2, 'S', function S() { - return this.eddsa.decodeInt(this.Sencoded()); -}); - -cachedProperty$1(Signature$2, 'R', function R() { - return this.eddsa.decodePoint(this.Rencoded()); -}); - -cachedProperty$1(Signature$2, 'Rencoded', function Rencoded() { - return this.eddsa.encodePoint(this.R()); -}); - -cachedProperty$1(Signature$2, 'Sencoded', function Sencoded() { - return this.eddsa.encodeInt(this.S()); -}); - -Signature$2.prototype.toBytes = function toBytes() { - return this.Rencoded().concat(this.Sencoded()); -}; - -Signature$2.prototype.toHex = function toHex() { - return utils_1$1.encode(this.toBytes(), 'hex').toUpperCase(); -}; - -var signature$2 = Signature$2; - -var assert$a = utils_1$1.assert; -var parseBytes$2 = utils_1$1.parseBytes; - - - -function EDDSA(curve) { - assert$a(curve === 'ed25519', 'only tested with ed25519 so far'); - - if (!(this instanceof EDDSA)) - return new EDDSA(curve); - - var curve = curves_1[curve].curve; - this.curve = curve; - this.g = curve.g; - this.g.precompute(curve.n.bitLength() + 1); - - this.pointClass = curve.point().constructor; - this.encodingLength = Math.ceil(curve.n.bitLength() / 8); - this.hash = hash_1.sha512; -} - -var eddsa$1 = EDDSA; - -/** -* @param {Array|String} message - message bytes -* @param {Array|String|KeyPair} secret - secret bytes or a keypair -* @returns {Signature} - signature -*/ -EDDSA.prototype.sign = function sign(message, secret) { - message = parseBytes$2(message); - var key = this.keyFromSecret(secret); - var r = this.hashInt(key.messagePrefix(), message); - var R = this.g.mul(r); - var Rencoded = this.encodePoint(R); - var s_ = this.hashInt(Rencoded, key.pubBytes(), message) - .mul(key.priv()); - var S = r.add(s_).umod(this.curve.n); - return this.makeSignature({ R: R, S: S, Rencoded: Rencoded }); -}; - -/** -* @param {Array} message - message bytes -* @param {Array|String|Signature} sig - sig bytes -* @param {Array|String|Point|KeyPair} pub - public key -* @returns {Boolean} - true if public key matches sig of message -*/ -EDDSA.prototype.verify = function verify(message, sig, pub) { - message = parseBytes$2(message); - sig = this.makeSignature(sig); - var key = this.keyFromPublic(pub); - var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message); - var SG = this.g.mul(sig.S()); - var RplusAh = sig.R().add(key.pub().mul(h)); - return RplusAh.eq(SG); -}; - -EDDSA.prototype.hashInt = function hashInt() { - var hash = this.hash(); - for (var i = 0; i < arguments.length; i++) - hash.update(arguments[i]); - return utils_1$1.intFromLE(hash.digest()).umod(this.curve.n); -}; - -EDDSA.prototype.keyPair = function keyPair(options) { - return new key$1(this, options); -}; - -EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) { - return key$1.fromPublic(this, pub); -}; - -EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) { - return key$1.fromSecret(this, secret); -}; - -EDDSA.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.curve.n.toArray() - }); - - return this.keyFromSecret(drbg.generate(32)); -}; - -EDDSA.prototype.makeSignature = function makeSignature(sig) { - if (sig instanceof signature$2) - return sig; - return new signature$2(this, sig); -}; - -/** -* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2 -* -* EDDSA defines methods for encoding and decoding points and integers. These are -* helper convenience methods, that pass along to utility functions implied -* parameters. -* -*/ -EDDSA.prototype.encodePoint = function encodePoint(point) { - var enc = point.getY().toArray('le', this.encodingLength); - enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0; - return enc; -}; - -EDDSA.prototype.decodePoint = function decodePoint(bytes) { - bytes = utils_1$1.parseBytes(bytes); - - var lastIx = bytes.length - 1; - var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80); - var xIsOdd = (bytes[lastIx] & 0x80) !== 0; - - var y = utils_1$1.intFromLE(normed); - return this.curve.pointFromY(y, xIsOdd); -}; - -EDDSA.prototype.encodeInt = function encodeInt(num) { - return num.toArray('le', this.encodingLength); -}; - -EDDSA.prototype.decodeInt = function decodeInt(bytes) { - return utils_1$1.intFromLE(bytes); -}; - -EDDSA.prototype.isPoint = function isPoint(val) { - return val instanceof this.pointClass; -}; - -var elliptic_1 = createCommonjsModule(function (module, exports) { - -var elliptic = exports; - -elliptic.utils = utils_1$1; -elliptic.rand = brorand; -elliptic.curve = curve_1; -elliptic.curves = curves_1; - -// Protocols -elliptic.ec = ec; -elliptic.eddsa = eddsa$1; -}); - -var elliptic$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': elliptic_1, - __moduleExports: elliptic_1 -}); - -exports.AEADEncryptedDataPacket = AEADEncryptedDataPacket; -exports.CleartextMessage = CleartextMessage; -exports.CompressedDataPacket = CompressedDataPacket; -exports.LiteralDataPacket = LiteralDataPacket; -exports.MarkerPacket = MarkerPacket; -exports.Message = Message; -exports.OnePassSignaturePacket = OnePassSignaturePacket; -exports.PacketList = PacketList; -exports.PrivateKey = PrivateKey; -exports.PublicKey = PublicKey; -exports.PublicKeyEncryptedSessionKeyPacket = PublicKeyEncryptedSessionKeyPacket; -exports.PublicKeyPacket = PublicKeyPacket; -exports.PublicSubkeyPacket = PublicSubkeyPacket; -exports.SecretKeyPacket = SecretKeyPacket; -exports.SecretSubkeyPacket = SecretSubkeyPacket; -exports.Signature = Signature; -exports.SignaturePacket = SignaturePacket; -exports.Subkey = Subkey; -exports.SymEncryptedIntegrityProtectedDataPacket = SymEncryptedIntegrityProtectedDataPacket; -exports.SymEncryptedSessionKeyPacket = SymEncryptedSessionKeyPacket; -exports.SymmetricallyEncryptedDataPacket = SymmetricallyEncryptedDataPacket; -exports.TrustPacket = TrustPacket; -exports.UnparseablePacket = UnparseablePacket; -exports.UserAttributePacket = UserAttributePacket; -exports.UserIDPacket = UserIDPacket; -exports.armor = armor; -exports.config = config; -exports.createCleartextMessage = createCleartextMessage; -exports.createMessage = createMessage; -exports.decrypt = decrypt$5; -exports.decryptKey = decryptKey; -exports.decryptSessionKeys = decryptSessionKeys; -exports.encrypt = encrypt$5; -exports.encryptKey = encryptKey; -exports.encryptSessionKey = encryptSessionKey; -exports.enums = enums; -exports.generateKey = generateKey; -exports.generateSessionKey = generateSessionKey$1; -exports.readCleartextMessage = readCleartextMessage; -exports.readKey = readKey; -exports.readKeys = readKeys; -exports.readMessage = readMessage; -exports.readPrivateKey = readPrivateKey; -exports.readPrivateKeys = readPrivateKeys; -exports.readSignature = readSignature; -exports.reformatKey = reformatKey; -exports.revokeKey = revokeKey; -exports.sign = sign$6; -exports.unarmor = unarmor; -exports.verify = verify$6; diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.cjs b/app/node_modules/openpgp/dist/node/openpgp.min.cjs new file mode 100644 index 000000000..a9090f4e6 --- /dev/null +++ b/app/node_modules/openpgp/dist/node/openpgp.min.cjs @@ -0,0 +1,16 @@ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +"use strict";const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};var t=require("module"),r=require("node:crypto"),n="undefined"!=typeof document?document.currentScript:null;function i(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(r){if("default"!==r){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}})),t.default=e,Object.freeze(t)}function s(e,t){return t.forEach((function(t){t&&"string"!=typeof t&&!Array.isArray(t)&&Object.keys(t).forEach((function(r){if("default"!==r&&!(r in e)){var n=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(e,r,n.get?n:{enumerable:!0,get:function(){return t[r]}})}}))})),Object.freeze(e)}var a=/*#__PURE__*/i(r);const o=Symbol("doneWritingPromise"),c=Symbol("doneWritingResolve"),h=Symbol("doneWritingReject"),u=Symbol("readingIndex");class l extends Array{constructor(){super(),Object.setPrototypeOf(this,l.prototype),this[o]=new Promise(((e,t)=>{this[c]=e,this[h]=t})),this[o].catch((()=>{}))}}function y(e){return e&&e.getReader&&Array.isArray(e)}function f(e){if(!y(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function g(t){if(y(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function p(e){return Uint8Array.prototype.isPrototypeOf(e)}function d(e){if(1===e.length)return e[0];let t=0;for(let r=0;r(await this[o],this[u]===this.length?{value:void 0,done:!0}:{value:this[this[u]++],done:!1})}},l.prototype.readToEnd=async function(e){await this[o];const t=e(this.slice(this[u]));return this.length=0,t},l.prototype.clone=function(){const e=new l;return e[o]=this[o].then((()=>{e.push(...this)})),e},f.prototype.write=async function(e){this.stream.push(e)},f.prototype.close=async function(){this.stream[c]()},f.prototype.abort=async function(e){return this.stream[h](e),e},f.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const A=new WeakSet,w=Symbol("externalBuffer");function m(e){if(this.stream=e,e[w]&&(this[w]=e[w].slice()),y(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(g(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||A.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{A.add(e)}catch(e){}}}function b(e){return g(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function k(e){if(g(e))return e;const t=new l;return(async()=>{const r=M(t);await r.write(e),await r.close()})(),t}function E(e){return e.some((e=>g(e)&&!y(e)))?function(e){e=e.map(b);const t=I((async function(e){await Promise.all(n.map((t=>R(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>K(n,((n,s)=>(r=r.then((()=>v(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>y(e)))?function(e){const t=new l;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>v(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):d(e)}async function v(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(g(e)&&!y(e)){e=b(e);try{if(e[w]){const r=M(t);for(let t=0;t{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function S(e,t=()=>{},r=()=>{}){if(y(e)){const n=new l;return(async()=>{const i=M(n);try{const n=await Q(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?E([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(g(e))return B(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?E([n,i]):void 0!==n?n:i}function K(e,t){if(g(e)&&!y(e)){let r;const n=new TransformStream({start(e){r=e}}),i=v(e,n.writable),s=I((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=k(e);const r=new l;return t(e,r),r}function C(e,t){let r;const n=K(e,((e,i)=>{const s=T(e);s.remainder=()=>(s.releaseLock(),v(e,i),n),r=t(s)}));return r}function P(e){if(y(e))return e.clone();if(g(e)){const t=function(e){if(y(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(g(e)){const t=b(e).tee();return t[0][w]=t[1][w]=e[w],t}return[x(e),x(e)]}(e);return U(e,t[0]),t[1]}return x(e)}function D(e){return y(e)?P(e):g(e)?new ReadableStream({start(t){const r=K(e,(async(e,r)=>{const n=T(e),i=M(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));U(e,r)}}):x(e)}function U(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function x(e,t=0,r=1/0){if(y(e))throw Error("Not implemented");if(g(e)){if(t>=0&&r>=0){let n=0;return B(e,{transform(e,i){n=t&&i.enqueue(x(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return S(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>x(E(n),t,r)))}if(0===t&&r<0){let n;return S(e,(e=>{const i=n?E([n,e]):e;if(i.length>=-r)return n=x(i,r),x(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),L((async()=>x(await Q(e),t,r)))}return e[w]&&(e=E(e[w].concat([e]))),p(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function Q(e,t=E){return y(e)?e.readToEnd(t):g(e)?T(e).readToEnd(t):e}async function R(e,t){if(g(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function L(e){const t=new l;return(async()=>{const r=M(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function T(e){return new m(e)}function M(e){return new f(e)}m.prototype.read=async function(){if(this[w]&&this[w].length){return{done:!1,value:this[w].shift()}}return this._read()},m.prototype.releaseLock=function(){this[w]&&(this.stream[w]=this[w]),this._releaseLock()},m.prototype.cancel=function(e){return this._cancel(e)},m.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?E(t):void 0;const i=n.indexOf("\n")+1;i&&(e=E(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},m.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(x(t,1)),r},m.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?E(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=E(t);return this.unshift(x(r,e)),x(r,0,e)}}},m.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},m.prototype.unshift=function(...e){this[w]||(this[w]=[]),1===e.length&&p(e[0])&&this[w].length&&e[0].length&&this[w][0].byteOffset>=e[0].length?this[w][0]=new Uint8Array(this[w][0].buffer,this[w][0].byteOffset-e[0].length,this[w][0].byteLength+e[0].length):this[w].unshift(...e.filter((e=>e&&e.length)))},m.prototype.readToEnd=async function(e=E){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const N=Symbol("byValue");var F={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[N]||(e[N]=[],Object.entries(e).forEach((([t,r])=>{e[N][r]=t}))),void 0!==e[N][t])return e[N][t];throw Error("Invalid enum value.")}},O={preferredHashAlgorithm:F.hash.sha512,preferredSymmetricAlgorithm:F.symmetric.aes256,preferredCompressionAlgorithm:F.compression.uncompressed,aeadProtect:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:F.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:F.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([F.symmetric.aes128,F.symmetric.aes192,F.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.0.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([F.hash.md5,F.hash.ripemd]),rejectMessageHashAlgorithms:new Set([F.hash.md5,F.hash.ripemd,F.hash.sha1]),rejectPublicKeyAlgorithms:new Set([F.publicKey.elgamal,F.publicKey.dsa]),rejectCurves:new Set([F.curve.secp256k1])};const H=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),z={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:t.createRequire("undefined"==typeof document?require("url").pathToFileURL(__filename).href:n&&"SCRIPT"===n.tagName.toUpperCase()&&n.src||new URL("openpgp.min.cjs",document.baseURI).href),isArray:function(e){return e instanceof Array},isUint8Array:p,isStream:g,getNobleCurve:async(e,t)=>{if(!O.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return $u}));switch(e){case F.publicKey.ecdh:case F.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case F.publicKey.x448:return r.get("x448");case F.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r>8*(t-n-1)&255;return r},readDate:function(e){const t=z.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return z.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return z.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.lengtht)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=z.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return z.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return S(e,(e=>{if(!z.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return S(e,r,(()=>r(new Uint8Array,!0)))},concat:E,concatUint8Array:d,equalsUint8Array:function(e,t){if(!z.isUint8Array(e)||!z.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!z.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return S(e,(e=>{let r;t&&(e=z.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return S(e,(e=>{let r;13===(e=t&&10!==e[0]?z.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n{t=z.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=G(t.subarray(0,i));for(let e=0;et.length?G(t)+"\n":""))}function V(e){let t="";return S(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=j(t.substr(0,i));return t=t.substr(i),s}),(()=>j(t)))}function J(e){return V(e.replace(/-/g,"+").replace(/_/g,"/"))}function Y(e,t){let r=q(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function W(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?F.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?F.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?F.armor.signed:/MESSAGE/.test(t[1])?F.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?F.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?F.armor.privateKey:/SIGNATURE/.test(t[1])?F.armor.signature:void 0}function Z(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function $(e){const t=function(e){let t=13501623;return S(e,(e=>{const r=ee?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^X[1][t>>16&255]^X[2][t>>8&255]^X[3][255&t];for(let n=4*r;n>8^X[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return q(t)}_?(G=e=>_.from(e).toString("base64"),j=e=>{const t=_.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(G=e=>btoa(z.uint8ArrayToString(e)),j=e=>z.stringToUint8Array(atob(e)));const X=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);X[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)X[1][e]=X[0][e]>>8^X[0][255&X[0][e]];for(let e=0;e<=255;e++)X[2][e]=X[1][e]>>8^X[0][255&X[1][e]];for(let e=0;e<=255;e++)X[3][e]=X[2][e]>>8^X[0][255&X[2][e]];const ee=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function te(e){for(let t=0;t=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function ne(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,h=a,u=[];const l=V(K(e,(async(e,y)=>{const f=T(e);try{for(;;){let e=await f.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=z.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==F.armor.signed||(n.test(e)?(u=u.join("\r\n"),c=!0,te(h),h=[],o=!1):u.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if(te(h),o=!0,c||s!==F.armor.signed){t({text:u,data:l,headers:a,type:s});break}}else h.push(e);else n.test(e)&&(s=W(e))}}catch(e){return void r(e)}const g=M(y);try{for(;;){await g.ready;const{done:e,value:t}=await f.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await f.readToEnd();e.length||(e=""),e=r+e,e=z.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=re(t[0].slice(0,-1));await g.write(i);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(y(e.data)&&(e.data=await Q(e.data)),e)))}function ie(e,t,r,n,i,s=!1,a=O){let o,c;e===F.armor.signed&&(o=t.text,c=t.hash,t=t.data);const h=s&&D(t),u=[];switch(e){case F.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case F.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case F.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push(c?`Hash: ${c}\n\n`:"\n"),u.push(o.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP SIGNATURE-----\n");break;case F.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP MESSAGE-----\n");break;case F.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case F.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case F.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(Z(i,a)),u.push(q(t)),h&&u.push("=",$(h)),u.push("-----END PGP SIGNATURE-----\n")}return z.concat(u)}async function se(e){switch(e){case F.symmetric.aes128:case F.symmetric.aes192:case F.symmetric.aes256:throw Error("Not a legacy cipher");case F.symmetric.cast5:case F.symmetric.blowfish:case F.symmetric.twofish:case F.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return fl})),r=t.get(e);if(!r)throw Error("Unsupported cipher algorithm");return r}default:throw Error("Unsupported cipher algorithm")}}function ae(e){switch(e){case F.symmetric.aes128:case F.symmetric.aes192:case F.symmetric.aes256:case F.symmetric.twofish:return 16;case F.symmetric.blowfish:case F.symmetric.cast5:case F.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function oe(e){switch(e){case F.symmetric.aes128:case F.symmetric.blowfish:case F.symmetric.cast5:return 16;case F.symmetric.aes192:case F.symmetric.tripledes:return 24;case F.symmetric.aes256:case F.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function ce(e){return{keySize:oe(e),blockSize:ae(e)}}var he=/*#__PURE__*/Object.freeze({__proto__:null,getCipherParams:ce,getLegacyCipher:se});function ue(e,t){let r=e[0],n=e[1],i=e[2],s=e[3];r=ye(r,n,i,s,t[0],7,-680876936),s=ye(s,r,n,i,t[1],12,-389564586),i=ye(i,s,r,n,t[2],17,606105819),n=ye(n,i,s,r,t[3],22,-1044525330),r=ye(r,n,i,s,t[4],7,-176418897),s=ye(s,r,n,i,t[5],12,1200080426),i=ye(i,s,r,n,t[6],17,-1473231341),n=ye(n,i,s,r,t[7],22,-45705983),r=ye(r,n,i,s,t[8],7,1770035416),s=ye(s,r,n,i,t[9],12,-1958414417),i=ye(i,s,r,n,t[10],17,-42063),n=ye(n,i,s,r,t[11],22,-1990404162),r=ye(r,n,i,s,t[12],7,1804603682),s=ye(s,r,n,i,t[13],12,-40341101),i=ye(i,s,r,n,t[14],17,-1502002290),n=ye(n,i,s,r,t[15],22,1236535329),r=fe(r,n,i,s,t[1],5,-165796510),s=fe(s,r,n,i,t[6],9,-1069501632),i=fe(i,s,r,n,t[11],14,643717713),n=fe(n,i,s,r,t[0],20,-373897302),r=fe(r,n,i,s,t[5],5,-701558691),s=fe(s,r,n,i,t[10],9,38016083),i=fe(i,s,r,n,t[15],14,-660478335),n=fe(n,i,s,r,t[4],20,-405537848),r=fe(r,n,i,s,t[9],5,568446438),s=fe(s,r,n,i,t[14],9,-1019803690),i=fe(i,s,r,n,t[3],14,-187363961),n=fe(n,i,s,r,t[8],20,1163531501),r=fe(r,n,i,s,t[13],5,-1444681467),s=fe(s,r,n,i,t[2],9,-51403784),i=fe(i,s,r,n,t[7],14,1735328473),n=fe(n,i,s,r,t[12],20,-1926607734),r=ge(r,n,i,s,t[5],4,-378558),s=ge(s,r,n,i,t[8],11,-2022574463),i=ge(i,s,r,n,t[11],16,1839030562),n=ge(n,i,s,r,t[14],23,-35309556),r=ge(r,n,i,s,t[1],4,-1530992060),s=ge(s,r,n,i,t[4],11,1272893353),i=ge(i,s,r,n,t[7],16,-155497632),n=ge(n,i,s,r,t[10],23,-1094730640),r=ge(r,n,i,s,t[13],4,681279174),s=ge(s,r,n,i,t[0],11,-358537222),i=ge(i,s,r,n,t[3],16,-722521979),n=ge(n,i,s,r,t[6],23,76029189),r=ge(r,n,i,s,t[9],4,-640364487),s=ge(s,r,n,i,t[12],11,-421815835),i=ge(i,s,r,n,t[15],16,530742520),n=ge(n,i,s,r,t[2],23,-995338651),r=pe(r,n,i,s,t[0],6,-198630844),s=pe(s,r,n,i,t[7],10,1126891415),i=pe(i,s,r,n,t[14],15,-1416354905),n=pe(n,i,s,r,t[5],21,-57434055),r=pe(r,n,i,s,t[12],6,1700485571),s=pe(s,r,n,i,t[3],10,-1894986606),i=pe(i,s,r,n,t[10],15,-1051523),n=pe(n,i,s,r,t[1],21,-2054922799),r=pe(r,n,i,s,t[8],6,1873313359),s=pe(s,r,n,i,t[15],10,-30611744),i=pe(i,s,r,n,t[6],15,-1560198380),n=pe(n,i,s,r,t[13],21,1309151649),r=pe(r,n,i,s,t[4],6,-145523070),s=pe(s,r,n,i,t[11],10,-1120210379),i=pe(i,s,r,n,t[2],15,718787259),n=pe(n,i,s,r,t[9],21,-343485551),e[0]=me(r,e[0]),e[1]=me(n,e[1]),e[2]=me(i,e[2]),e[3]=me(s,e[3])}function le(e,t,r,n,i,s){return t=me(me(t,e),me(n,s)),me(t<>>32-i,r)}function ye(e,t,r,n,i,s,a){return le(t&r|~t&n,e,t,i,s,a)}function fe(e,t,r,n,i,s,a){return le(t&n|r&~n,e,t,i,s,a)}function ge(e,t,r,n,i,s,a){return le(t^r^n,e,t,i,s,a)}function pe(e,t,r,n,i,s,a){return le(r^(t|~n),e,t,i,s,a)}function de(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const Ae="0123456789abcdef".split("");function we(e){let t="",r=0;for(;r<4;r++)t+=Ae[e>>8*r+4&15]+Ae[e>>8*r&15];return t}function me(e,t){return e+t&4294967295}const be=z.getWebCrypto(),ke=z.getNodeCrypto(),Ee=ke&&ke.getHashes();function ve(e){if(ke&&Ee.includes(e))return async function(t){const r=ke.createHash(e);return S(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Be(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return xl})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(y(e)&&(e=await Q(e)),z.isStream(e)){const t=(await r()).create();return S(e,(e=>{t.update(e)}),(()=>t.digest()))}if(be&&t)return new Uint8Array(await be.digest(t,e));return(await r())(e)}}var Ie={md5:ve("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let n;for(n=64;n<=e.length;n+=64)ue(r,de(e.substring(n-64,n)));e=e.substring(n-64);const i=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(n=0;n>2]|=e.charCodeAt(n)<<(n%4<<3);if(i[n>>2]|=128<<(n%4<<3),n>55)for(ue(r,i),n=0;n<16;n++)i[n]=0;return i[14]=8*t,ue(r,i),r}(z.uint8ArrayToString(e));return z.hexToUint8Array(function(e){for(let t=0;t0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Ce(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Pe(e,t){Ke(e);const r=t.outputLen;if(e.lengthnew Uint8Array(e.buffer,e.byteOffset,e.byteLength),Ue=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),xe=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function Qe(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!Se(e))throw Error("Uint8Array expected, got "+typeof e);e=Ne(e)}return e}function Re(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n(Object.assign(t,e),t);function Te(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function Me(e){return e.byteOffset%4==0}function Ne(e){return Uint8Array.from(e)}function Fe(...e){for(let t=0;t(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Ge{constructor(e,t){this.blockLen=Oe,this.outputLen=Oe,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Ke(e=Qe(e),16);const r=xe(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:_e(n),s1:_e(i),s2:_e(s),s3:_e(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(u=s)<<31|(l=a)>>>1,s2:(h=i)<<31|u>>>1,s1:(c=n)<<31|h>>>1,s0:c>>>1^225<<24&-(1&l)});var c,h,u,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const f=128/y,g=this.windowSize=2**y,p=[];for(let e=0;e>>y-a-1&1))continue;const{s0:c,s1:h,s2:u,s3:l}=o[y*e+a];r^=c,n^=h,i^=u,s^=l}p.push({s0:r,s1:n,s2:i,s3:s})}this.t=p}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,h=0,u=0;const l=(1<>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:f,s2:g,s3:p}=s[y*a+r];o^=n,c^=f,h^=g,u^=p,y+=1}}this.s0=o,this.s1=c,this.s2=h,this.s3=u}update(e){e=Qe(e),Ce(this);const t=Ue(e),r=Math.floor(e.length/Oe),n=e.length%Oe;for(let e=0;e>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Ne(e=Qe(e)));super(r,t),Fe(r)}update(e){e=Qe(e),Ce(this);const t=Ue(e),r=e.length%Oe,n=Math.floor(e.length/Oe);for(let e=0;ee(r,t.length).update(Qe(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ve=qe(((e,t)=>new Ge(e,t)));qe(((e,t)=>new je(e,t)));const Je=16,Ye=new Uint8Array(Je),We=283;function Ze(e){return e<<1^We&-(e>>7)}function $e(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ze(e);return r}const Xe=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ze(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return Fe(e),t})(),et=/* @__PURE__ */Xe.map(((e,t)=>Xe.indexOf(t))),tt=e=>e<<24|e>>>8,rt=e=>e<<8|e>>>24,nt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function it(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map(rt),i=n.map(rt),s=i.map(rt),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let h=0;h<256;h++){const u=256*t+h;a[u]=r[t]^n[h],o[u]=i[t]^s[h],c[u]=e[t]<<8|e[h]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const st=/* @__PURE__ */it(Xe,(e=>$e(e,3)<<24|e<<16|e<<8|$e(e,2))),at=/* @__PURE__ */it(et,(e=>$e(e,11)<<24|$e(e,13)<<16|$e(e,9)<<8|$e(e,14))),ot=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ze(r))e[t]=r;return e})();function ct(e){Ke(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=st,n=[];Me(e)||n.push(e=Ne(e));const i=Ue(e),s=i.length,a=e=>lt(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}return Fe(...n),o}function ht(e){const t=ct(e),r=t.slice(),n=t.length,{sbox2:i}=st,{T0:s,T1:a,T2:o,T3:c}=at;for(let e=0;e>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function ut(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function lt(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function yt(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=st;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const h=e.length/4-2;for(let s=0;s=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:h,s3:u}=yt(e,a[0],a[1],a[2],a[3]))}const f=Je*Math.floor(l.length/4);if(f>>0,o.setUint32(u,y,t),({s0:f,s1:g,s2:p,s3:d}=yt(e,a[0],a[1],a[2],a[3]));const A=Je*Math.floor(c.length/4);if(Ar(e,t),decrypt:(e,t)=>r(e,t)}}));const wt=Le({blockSize:16,nonceLength:16},(function(e,t,r={}){Ke(e),Ke(t,16);const n=!r.disablePadding;return{encrypt(r,i){const s=ct(e),{b:a,o,out:c}=function(e,t,r){Ke(e);let n=e.length;const i=n%Je;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Me(e)||(e=Ne(e));const s=Ue(e);if(t){let e=Je-i;e||(e=Je),n+=e}const a=gt(n,r);return{b:s,o:Ue(a),out:a}}(r,n,i);let h=t;const u=[s];Me(h)||u.push(h=Ne(h));const l=Ue(h);let y=l[0],f=l[1],g=l[2],p=l[3],d=0;for(;d+4<=a.length;)y^=a[d+0],f^=a[d+1],g^=a[d+2],p^=a[d+3],({s0:y,s1:f,s2:g,s3:p}=yt(s,y,f,g,p)),o[d++]=y,o[d++]=f,o[d++]=g,o[d++]=p;if(n){const e=function(e){const t=new Uint8Array(16),r=Ue(t);t.set(e);const n=Je-e.length;for(let e=Je-n;e16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;tr(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const bt=Le({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Ke(e),Ke(t),void 0!==r&&Ke(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const n=16;function i(e,t,n){const i=function(e,t,r,n,i){const s=null==i?0:i.length,a=e.create(r,n.length+s);i&&a.update(i),a.update(n);const o=new Uint8Array(16),c=xe(o);i&&Te(c,0,BigInt(8*s),t),Te(c,8,BigInt(8*n.length),t),a.update(o);const h=a.digest();return Fe(o),h}(Ve,!1,e,n,r);for(let e=0;e=2**32)throw Error("plaintext should be less than 4gb");const r=ct(e);if(16===t.length)Et(r,t);else{const e=Ue(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t=2**32)throw Error("ciphertext should be less than 4gb");const r=ht(e),n=t.length/8-1;if(1===n)vt(r,t);else{const e=Ue(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=nt(a);const{s0:n,s1:o,s2:c,s3:h}=ft(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=h}e[0]=i,e[1]=s}r.fill(0)}},It=new Uint8Array(8).fill(166),St=Le({blockSize:8},(e=>({encrypt(t){if(Ke(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Ct.importKey("raw",this.key,r,!1,["encrypt"]);const n=await Ct.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=z.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=z.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return Rt(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),Rt(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Rt(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(z.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Rt(t,e),this.clearSensitiveData(),t}}class Qt{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=ce(t);this.key=Kt.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=Lt(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=Lt(e),r=new Uint8Array(e.length),n=Lt(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=Kt.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=z.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Rt(e,t){const r=Math.min(e.length,t.length);for(let n=0;nnew Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));var Tt=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n){const i=F.read(F.symmetric,e);if(Pt&&Ut[i])return function(e,t,r,n){const i=F.read(F.symmetric,e),s=new Pt.createDecipheriv(Ut[i],t,n);return S(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(z.isAES(e))return async function(e,t,r,n){if(z.isStream(r)){const i=new Qt(!1,e,t,n);return S(r,(e=>i.processChunk(e)),(()=>i.finish()))}return mt(t,n).decrypt(r)}(e,t,r,n);const s=new(await se(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const h=e=>{e&&(c=z.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;rnew Uint8Array(s.update(e))))}(e,t,r,n);if(z.isAES(e))return async function(e,t,r,n){if(Ct&&await xt.isSupported(e)){const i=new xt(e,t,n);return z.isStream(r)?S(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(z.isStream(r)){const i=new Qt(!0,e,t,n);return S(r,(e=>i.processChunk(e)),(()=>i.finish()))}return mt(t,n).encrypt(r)}(e,t,r,n);const a=new(await se(e))(t),o=a.blockSize,c=n.slice();let h=new Uint8Array;const u=e=>{e&&(h=z.concatUint8Array([h,e]));const t=new Uint8Array(h.length);let r,n=0;for(;e?h.length>=o:h.length;){const e=a.encrypt(c);for(r=0;ri.encrypt(e),a=e=>i.decrypt(e);let o;function c(e,t,r,i){const a=t.length/rr|0;!function(e,t){const r=z.nbits(Math.max(e.length,t.length)/rr|0)-1;for(let e=n+1;e<=r;e++)o[e]=z.double(o[e-1]);n=r}(t,i);const c=z.concatUint8Array([or.subarray(0,15-r.length),cr,r]),h=63&c[15];c[15]&=192;const u=s(c),l=z.concatUint8Array([u,ar(u.subarray(0,8),u.subarray(1,9))]),y=z.shiftRight(l.subarray(0+(h>>3),17+(h>>3)),8-(7&h)).subarray(1),f=new Uint8Array(rr),g=new Uint8Array(t.length+nr);let p,d=0;for(p=0;p{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function br(e,t){const r=e%t;return rAr;){const e=n≀n>>=wr;s=e?s*i%r:s,i=i*i%r}return s}function Er(e){return e>=Ar?e:-e}function vr(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=Er(e),o=Er(t);const c=eNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function Ir(e,t){return(e>>BigInt(t)&wr)===Ar?0:1}function Sr(e){const t=e>=wr)!==t;)r++;return r}function Kr(e){const t=e>=r)!==t;)n++;return n}function Cr(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;oe&&(a=br(a,i<br(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return kr(t,e-Qr,e)===Qr}(e)&&!!function(e,t){const r=Sr(e);t||(t=Math.max(1,r/48|0));const n=e-Qr;let i=0;for(;!Ir(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=kr(Ur(BigInt(2),n),s,e);if(r!==Qr&&r!==n){for(t=1;tBigInt(e)));const Mr=[];function Nr(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!n;if(t)return z.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Or(e,t,r){let n;if(t.length!==Ie.getHashByteLength(e))throw Error("Invalid hash length");const i=new Uint8Array(Mr[e].length);for(n=0;n=t)throw Error("Data too large.");const c=br(n,s-Gr),h=br(n,i-Gr),u=Ur(BigInt(2),t),l=kr(vr(u,t),r,t);e=br(e*l,t);const y=kr(e,h,i),f=kr(e,c,s),g=br(a*(f-y),s);let p=g*i+y;return p=br(p*u,t),Fr(Cr(p,"be",Kr(t)),o)}(e,t,r,n,i,s,a,o)},encrypt:async function(e,t,r){return z.getNodeCrypto()?async function(e,t,r){const n=qr(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:_r.constants.RSA_PKCS1_PADDING};return new Uint8Array(_r.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=mr(t),e=mr(Nr(e,Kr(t))),r=mr(r),e>=t)throw Error("Message size cannot exceed modulus size");return Cr(kr(e,r,t),"be",Kr(t))}(e,t,r)},generate:async function(e,t){if(t=BigInt(t),z.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:Cr(t),hash:{name:"SHA-1"}},n=await zr.generateKey(r,!0,["sign","verify"]);return Vr(await zr.exportKey("jwk",n.privateKey),t)}if(z.getNodeCrypto()){const r={modulusLength:e,publicExponent:Br(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{_r.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return Vr(n,t)}let r,n,i;do{n=Rr(e-(e>>1),t,40),r=Rr(e>>1,t,40),i=r*n}while(Sr(i)!==e);const s=(r-Gr)*(n-Gr);return n=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!z.isStream(t))if(z.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await jr(r,n,i,s,a,o),h={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},u=await zr.importKey("jwk",c,h,!1,["sign"]);return new Uint8Array(await zr.sign("RSASSA-PKCS1-v1_5",u,t))}(F.read(F.webHash,e),t,r,n,i,s,a,o)}catch(e){z.printDebugError(e)}else if(z.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=_r.createSign(F.read(F.hash,e));c.write(t),c.end();const h=await jr(r,n,i,s,a,o);return new Uint8Array(c.sign({key:h,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=mr(t);const i=mr(Or(e,n,Kr(t)));return r=mr(r),Cr(kr(i,r,t),"be",Kr(t))}(e,r,i,c)},validateParams:async function(e,t,r,n,i,s){if(e=mr(e),(n=mr(n))*(i=mr(i))!==e)return!1;const a=BigInt(2);if(br(n*(s=mr(s)),i)!==BigInt(1))return!1;t=mr(t),r=mr(r);const o=Ur(a,a<=r)throw Error("Signature size cannot exceed modulus size");const s=Cr(kr(t,n,r),"be",Kr(r)),a=Or(e,i,Kr(r));return z.equalsUint8Array(s,a)}(e,r,n,i,s)}});const Yr=BigInt(1);var Wr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i){return e=mr(e),t=mr(t),r=mr(r),Fr(Cr(br(vr(kr(e,n=mr(n),r),r)*t,r),"be",Kr(r)),i)},encrypt:async function(e,t,r,n){t=mr(t),r=mr(r),n=mr(n);const i=mr(Nr(e,Kr(t))),s=Ur(Yr,t-Yr);return{c1:Cr(kr(r,s,t)),c2:Cr(br(kr(n,s,t)*i,t))}},validateParams:async function(e,t,r,n){if(e=mr(e),t=mr(t),r=mr(r),t<=Yr||t>=e)return!1;const i=BigInt(Sr(e));if(i>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=n>>24&255,e[t+5]=n>>16&255,e[t+6]=n>>8&255,e[t+7]=255&n}function yn(e,t,r,n){return function(e,t,r,n,i){var s,a=0;for(s=0;s>>8)-1}(e,t,r,n,32)}function fn(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function gn(e){var t,r,n=1;for(t=0;t<16;t++)r=e[t]+n+65535,n=Math.floor(r/65536),e[t]=r-65536*n;e[0]+=n-1+37*(n-1)}function pn(e,t,r){for(var n,i=~(r-1),s=0;s<16;s++)n=i&(e[s]^t[s]),e[s]^=n,t[s]^=n}function dn(e,t){var r,n,i,s=Xr(),a=Xr();for(r=0;r<16;r++)a[r]=t[r];for(gn(a),gn(a),gn(a),n=0;n<2;n++){for(s[0]=a[0]-65517,r=1;r<15;r++)s[r]=a[r]-65535-(s[r-1]>>16&1),s[r-1]&=65535;s[15]=a[15]-32767-(s[14]>>16&1),i=s[15]>>16&1,s[14]&=65535,pn(a,s,1-i)}for(r=0;r<16;r++)e[2*r]=255&a[r],e[2*r+1]=a[r]>>8}function An(e,t){var r=new Uint8Array(32),n=new Uint8Array(32);return dn(r,e),dn(n,t),yn(r,0,n,0)}function wn(e){var t=new Uint8Array(32);return dn(t,e),1&t[0]}function mn(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function bn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]+r[n]}function kn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]-r[n]}function En(e,t,r){var n,i,s=0,a=0,o=0,c=0,h=0,u=0,l=0,y=0,f=0,g=0,p=0,d=0,A=0,w=0,m=0,b=0,k=0,E=0,v=0,B=0,I=0,S=0,K=0,C=0,P=0,D=0,U=0,x=0,Q=0,R=0,L=0,T=r[0],M=r[1],N=r[2],F=r[3],O=r[4],H=r[5],z=r[6],_=r[7],G=r[8],j=r[9],q=r[10],V=r[11],J=r[12],Y=r[13],W=r[14],Z=r[15];s+=(n=t[0])*T,a+=n*M,o+=n*N,c+=n*F,h+=n*O,u+=n*H,l+=n*z,y+=n*_,f+=n*G,g+=n*j,p+=n*q,d+=n*V,A+=n*J,w+=n*Y,m+=n*W,b+=n*Z,a+=(n=t[1])*T,o+=n*M,c+=n*N,h+=n*F,u+=n*O,l+=n*H,y+=n*z,f+=n*_,g+=n*G,p+=n*j,d+=n*q,A+=n*V,w+=n*J,m+=n*Y,b+=n*W,k+=n*Z,o+=(n=t[2])*T,c+=n*M,h+=n*N,u+=n*F,l+=n*O,y+=n*H,f+=n*z,g+=n*_,p+=n*G,d+=n*j,A+=n*q,w+=n*V,m+=n*J,b+=n*Y,k+=n*W,E+=n*Z,c+=(n=t[3])*T,h+=n*M,u+=n*N,l+=n*F,y+=n*O,f+=n*H,g+=n*z,p+=n*_,d+=n*G,A+=n*j,w+=n*q,m+=n*V,b+=n*J,k+=n*Y,E+=n*W,v+=n*Z,h+=(n=t[4])*T,u+=n*M,l+=n*N,y+=n*F,f+=n*O,g+=n*H,p+=n*z,d+=n*_,A+=n*G,w+=n*j,m+=n*q,b+=n*V,k+=n*J,E+=n*Y,v+=n*W,B+=n*Z,u+=(n=t[5])*T,l+=n*M,y+=n*N,f+=n*F,g+=n*O,p+=n*H,d+=n*z,A+=n*_,w+=n*G,m+=n*j,b+=n*q,k+=n*V,E+=n*J,v+=n*Y,B+=n*W,I+=n*Z,l+=(n=t[6])*T,y+=n*M,f+=n*N,g+=n*F,p+=n*O,d+=n*H,A+=n*z,w+=n*_,m+=n*G,b+=n*j,k+=n*q,E+=n*V,v+=n*J,B+=n*Y,I+=n*W,S+=n*Z,y+=(n=t[7])*T,f+=n*M,g+=n*N,p+=n*F,d+=n*O,A+=n*H,w+=n*z,m+=n*_,b+=n*G,k+=n*j,E+=n*q,v+=n*V,B+=n*J,I+=n*Y,S+=n*W,K+=n*Z,f+=(n=t[8])*T,g+=n*M,p+=n*N,d+=n*F,A+=n*O,w+=n*H,m+=n*z,b+=n*_,k+=n*G,E+=n*j,v+=n*q,B+=n*V,I+=n*J,S+=n*Y,K+=n*W,C+=n*Z,g+=(n=t[9])*T,p+=n*M,d+=n*N,A+=n*F,w+=n*O,m+=n*H,b+=n*z,k+=n*_,E+=n*G,v+=n*j,B+=n*q,I+=n*V,S+=n*J,K+=n*Y,C+=n*W,P+=n*Z,p+=(n=t[10])*T,d+=n*M,A+=n*N,w+=n*F,m+=n*O,b+=n*H,k+=n*z,E+=n*_,v+=n*G,B+=n*j,I+=n*q,S+=n*V,K+=n*J,C+=n*Y,P+=n*W,D+=n*Z,d+=(n=t[11])*T,A+=n*M,w+=n*N,m+=n*F,b+=n*O,k+=n*H,E+=n*z,v+=n*_,B+=n*G,I+=n*j,S+=n*q,K+=n*V,C+=n*J,P+=n*Y,D+=n*W,U+=n*Z,A+=(n=t[12])*T,w+=n*M,m+=n*N,b+=n*F,k+=n*O,E+=n*H,v+=n*z,B+=n*_,I+=n*G,S+=n*j,K+=n*q,C+=n*V,P+=n*J,D+=n*Y,U+=n*W,x+=n*Z,w+=(n=t[13])*T,m+=n*M,b+=n*N,k+=n*F,E+=n*O,v+=n*H,B+=n*z,I+=n*_,S+=n*G,K+=n*j,C+=n*q,P+=n*V,D+=n*J,U+=n*Y,x+=n*W,Q+=n*Z,m+=(n=t[14])*T,b+=n*M,k+=n*N,E+=n*F,v+=n*O,B+=n*H,I+=n*z,S+=n*_,K+=n*G,C+=n*j,P+=n*q,D+=n*V,U+=n*J,x+=n*Y,Q+=n*W,R+=n*Z,b+=(n=t[15])*T,a+=38*(E+=n*N),o+=38*(v+=n*F),c+=38*(B+=n*O),h+=38*(I+=n*H),u+=38*(S+=n*z),l+=38*(K+=n*_),y+=38*(C+=n*G),f+=38*(P+=n*j),g+=38*(D+=n*q),p+=38*(U+=n*V),d+=38*(x+=n*J),A+=38*(Q+=n*Y),w+=38*(R+=n*W),m+=38*(L+=n*Z),s=(n=(s+=38*(k+=n*M))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s=(n=(s+=i-1+37*(i-1))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s+=i-1+37*(i-1),e[0]=s,e[1]=a,e[2]=o,e[3]=c,e[4]=h,e[5]=u,e[6]=l,e[7]=y,e[8]=f,e[9]=g,e[10]=p,e[11]=d,e[12]=A,e[13]=w,e[14]=m,e[15]=b}function vn(e,t){En(e,t,t)}function Bn(e,t){var r,n=Xr();for(r=0;r<16;r++)n[r]=t[r];for(r=253;r>=0;r--)vn(n,n),2!==r&&4!==r&&En(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}function In(e,t,r){var n,i,s=new Uint8Array(32),a=new Float64Array(80),o=Xr(),c=Xr(),h=Xr(),u=Xr(),l=Xr(),y=Xr();for(i=0;i<31;i++)s[i]=t[i];for(s[31]=127&t[31]|64,s[0]&=248,mn(a,r),i=0;i<16;i++)c[i]=a[i],u[i]=o[i]=h[i]=0;for(o[0]=u[0]=1,i=254;i>=0;--i)pn(o,c,n=s[i>>>3]>>>(7&i)&1),pn(h,u,n),bn(l,o,h),kn(o,o,h),bn(h,c,u),kn(c,c,u),vn(u,l),vn(y,o),En(o,h,o),En(h,c,l),bn(l,o,h),kn(o,o,h),vn(c,o),kn(h,u,y),En(o,h,sn),bn(o,o,u),En(h,h,o),En(o,u,y),En(u,c,a),vn(c,l),pn(o,c,n),pn(h,u,n);for(i=0;i<16;i++)a[i+16]=o[i],a[i+32]=h[i],a[i+48]=c[i],a[i+64]=u[i];var f=a.subarray(32),g=a.subarray(16);return Bn(f,f),En(g,g,f),dn(e,g),0}function Sn(e,t){return In(e,t,tn)}var Kn=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function Cn(e,t,r,n){for(var i,s,a,o,c,h,u,l,y,f,g,p,d,A,w,m,b,k,E,v,B,I,S,K,C,P,D=new Int32Array(16),U=new Int32Array(16),x=e[0],Q=e[1],R=e[2],L=e[3],T=e[4],M=e[5],N=e[6],F=e[7],O=t[0],H=t[1],z=t[2],_=t[3],G=t[4],j=t[5],q=t[6],V=t[7],J=0;n>=128;){for(E=0;E<16;E++)v=8*E+J,D[E]=r[v+0]<<24|r[v+1]<<16|r[v+2]<<8|r[v+3],U[E]=r[v+4]<<24|r[v+5]<<16|r[v+6]<<8|r[v+7];for(E=0;E<80;E++)if(i=x,s=Q,a=R,o=L,c=T,h=M,u=N,F,y=O,f=H,g=z,p=_,d=G,A=j,w=q,V,S=65535&(I=V),K=I>>>16,C=65535&(B=F),P=B>>>16,S+=65535&(I=(G>>>14|T<<18)^(G>>>18|T<<14)^(T>>>9|G<<23)),K+=I>>>16,C+=65535&(B=(T>>>14|G<<18)^(T>>>18|G<<14)^(G>>>9|T<<23)),P+=B>>>16,S+=65535&(I=G&j^~G&q),K+=I>>>16,C+=65535&(B=T&M^~T&N),P+=B>>>16,B=Kn[2*E],S+=65535&(I=Kn[2*E+1]),K+=I>>>16,C+=65535&B,P+=B>>>16,B=D[E%16],K+=(I=U[E%16])>>>16,C+=65535&B,P+=B>>>16,C+=(K+=(S+=65535&I)>>>16)>>>16,S=65535&(I=k=65535&S|K<<16),K=I>>>16,C=65535&(B=b=65535&C|(P+=C>>>16)<<16),P=B>>>16,S+=65535&(I=(O>>>28|x<<4)^(x>>>2|O<<30)^(x>>>7|O<<25)),K+=I>>>16,C+=65535&(B=(x>>>28|O<<4)^(O>>>2|x<<30)^(O>>>7|x<<25)),P+=B>>>16,K+=(I=O&H^O&z^H&z)>>>16,C+=65535&(B=x&Q^x&R^Q&R),P+=B>>>16,l=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(P+=C>>>16)<<16,m=65535&S|K<<16,S=65535&(I=p),K=I>>>16,C=65535&(B=o),P=B>>>16,K+=(I=k)>>>16,C+=65535&(B=b),P+=B>>>16,Q=i,R=s,L=a,T=o=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(P+=C>>>16)<<16,M=c,N=h,F=u,x=l,H=y,z=f,_=g,G=p=65535&S|K<<16,j=d,q=A,V=w,O=m,E%16==15)for(v=0;v<16;v++)B=D[v],S=65535&(I=U[v]),K=I>>>16,C=65535&B,P=B>>>16,B=D[(v+9)%16],S+=65535&(I=U[(v+9)%16]),K+=I>>>16,C+=65535&B,P+=B>>>16,b=D[(v+1)%16],S+=65535&(I=((k=U[(v+1)%16])>>>1|b<<31)^(k>>>8|b<<24)^(k>>>7|b<<25)),K+=I>>>16,C+=65535&(B=(b>>>1|k<<31)^(b>>>8|k<<24)^b>>>7),P+=B>>>16,b=D[(v+14)%16],K+=(I=((k=U[(v+14)%16])>>>19|b<<13)^(b>>>29|k<<3)^(k>>>6|b<<26))>>>16,C+=65535&(B=(b>>>19|k<<13)^(k>>>29|b<<3)^b>>>6),P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,D[v]=65535&C|P<<16,U[v]=65535&S|K<<16;S=65535&(I=O),K=I>>>16,C=65535&(B=x),P=B>>>16,B=e[0],K+=(I=t[0])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[0]=x=65535&C|P<<16,t[0]=O=65535&S|K<<16,S=65535&(I=H),K=I>>>16,C=65535&(B=Q),P=B>>>16,B=e[1],K+=(I=t[1])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[1]=Q=65535&C|P<<16,t[1]=H=65535&S|K<<16,S=65535&(I=z),K=I>>>16,C=65535&(B=R),P=B>>>16,B=e[2],K+=(I=t[2])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[2]=R=65535&C|P<<16,t[2]=z=65535&S|K<<16,S=65535&(I=_),K=I>>>16,C=65535&(B=L),P=B>>>16,B=e[3],K+=(I=t[3])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[3]=L=65535&C|P<<16,t[3]=_=65535&S|K<<16,S=65535&(I=G),K=I>>>16,C=65535&(B=T),P=B>>>16,B=e[4],K+=(I=t[4])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[4]=T=65535&C|P<<16,t[4]=G=65535&S|K<<16,S=65535&(I=j),K=I>>>16,C=65535&(B=M),P=B>>>16,B=e[5],K+=(I=t[5])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[5]=M=65535&C|P<<16,t[5]=j=65535&S|K<<16,S=65535&(I=q),K=I>>>16,C=65535&(B=N),P=B>>>16,B=e[6],K+=(I=t[6])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[6]=N=65535&C|P<<16,t[6]=q=65535&S|K<<16,S=65535&(I=V),K=I>>>16,C=65535&(B=F),P=B>>>16,B=e[7],K+=(I=t[7])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[7]=F=65535&C|P<<16,t[7]=V=65535&S|K<<16,J+=128,n-=128}return n}function Pn(e,t,r){var n,i=new Int32Array(8),s=new Int32Array(8),a=new Uint8Array(256),o=r;for(i[0]=1779033703,i[1]=3144134277,i[2]=1013904242,i[3]=2773480762,i[4]=1359893119,i[5]=2600822924,i[6]=528734635,i[7]=1541459225,s[0]=4089235720,s[1]=2227873595,s[2]=4271175723,s[3]=1595750129,s[4]=2917565137,s[5]=725511199,s[6]=4215389547,s[7]=327033209,Cn(i,s,t,r),r%=128,n=0;n=0;--i)Un(e,t,n=r[i/8|0]>>(7&i)&1),Dn(t,e),Dn(e,e),Un(e,t,n)}function Rn(e,t){var r=[Xr(),Xr(),Xr(),Xr()];fn(r[0],cn),fn(r[1],hn),fn(r[2],nn),En(r[3],cn,hn),Qn(e,r,t)}function Ln(e,t,r){var n,i=new Uint8Array(64),s=[Xr(),Xr(),Xr(),Xr()];for(r||en(t,32),Pn(i,t,32),i[0]&=248,i[31]&=127,i[31]|=64,Rn(s,i),xn(e,s),n=0;n<32;n++)t[n+32]=e[n];return 0}var Tn=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Mn(e,t){var r,n,i,s;for(n=63;n>=32;--n){for(r=0,i=n-32,s=n-12;i>4)*Tn[i],r=t[i]>>8,t[i]&=255;for(i=0;i<32;i++)t[i]-=r*Tn[i];for(n=0;n<32;n++)t[n+1]+=t[n]>>8,e[n]=255&t[n]}function Nn(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Mn(e,r)}function Fn(e,t){var r=Xr(),n=Xr(),i=Xr(),s=Xr(),a=Xr(),o=Xr(),c=Xr();return fn(e[2],nn),mn(e[1],t),vn(i,e[1]),En(s,i,an),kn(i,i,e[2]),bn(s,e[2],s),vn(a,s),vn(o,a),En(c,o,a),En(r,c,i),En(r,r,s),function(e,t){var r,n=Xr();for(r=0;r<16;r++)n[r]=t[r];for(r=250;r>=0;r--)vn(n,n),1!==r&&En(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}(r,r),En(r,r,i),En(r,r,s),En(r,r,s),En(e[0],r,s),vn(n,e[0]),En(n,n,s),An(n,i)&&En(e[0],e[0],un),vn(n,e[0]),En(n,n,s),An(n,i)?-1:(wn(e[0])===t[31]>>7&&kn(e[0],rn,e[0]),En(e[3],e[0],e[1]),0)}var On=64;function Hn(){for(var e=0;e=0},$r.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Ln(e,t),{publicKey:e,secretKey:t}},$r.sign.keyPair.fromSecretKey=function(e){if(Hn(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return z.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return z.uint8ArrayToHex(this.oid)}getName(){const e=zn[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Gn(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=z.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function jn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):z.concatUint8Array([new Uint8Array([255]),z.writeNumber(e,4)])}function qn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Vn(e){return new Uint8Array([192|e])}function Jn(e,t){return z.concatUint8Array([Vn(e),jn(t)])}function Yn(e){return[F.packet.literalData,F.packet.compressedData,F.packet.symmetricallyEncryptedData,F.packet.symEncryptedIntegrityProtectedData,F.packet.aeadEncryptedData].includes(e)}async function Wn(e,t){const r=T(e);let n,i;try{const s=await r.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const a=await r.readByte();let o,c,h=-1,u=-1;u=0,64&a&&(u=1),u?h=63&a:(h=(63&a)>>2,c=3&a);const y=Yn(h);let f,g=null;if(y){if("array"===z.isStream(e)){const e=new l;n=M(e),g=e}else{const e=new TransformStream;n=M(e.writable),g=e.readable}i=t({tag:h,packet:g})}else g=[];do{if(u){const e=await r.readByte();if(f=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),f=!0,!y)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){n&&await n.ready;const{done:t,value:i}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const s=o===1/0?i:i.subarray(0,o-e);if(n?await n.write(s):g.push(s),e+=i.length,e>=o){r.unshift(i.subarray(o-e+i.length));break}}}}while(f);const p=await r.peekBytes(y?1/0:2);return n?(await n.ready,await n.close()):(g=z.concatUint8Array(g),await t({tag:h,packet:g})),!p||!p.length}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i,r.releaseLock()}}class Zn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Zn),this.name="UnsupportedError"}}class $n extends Zn{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Zn),this.name="UnknownPacketError"}}class Xn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ei(e){switch(e){case F.publicKey.ed25519:try{const e=z.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(J(n.x)),seed:J(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=Dr(ni(e)),{publicKey:n}=$r.sign.keyPair.fromSeed(r);return{A:n,seed:r}}case F.publicKey.ed448:{const e=await z.getNobleCurve(F.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ti(e,t,r,n,i,s){if(Ie.getHashByteLength(t){if(e===F.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:Y(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},ai=(e,t,r)=>{if(e===F.publicKey.ed25519){const n=si(e,t);return n.d=Y(r),n}throw Error("Unsupported EdDSA algorithm")};var oi=/*#__PURE__*/Object.freeze({__proto__:null,generate:ei,getPayloadSize:ni,getPreferredHashAlgo:ii,sign:ti,validateParams:async function(e,t,r){switch(e){case F.publicKey.ed25519:{const{publicKey:e}=$r.sign.keyPair.fromSeed(r);return z.equalsUint8Array(t,e)}case F.publicKey.ed448:{const e=(await z.getNobleCurve(F.publicKey.ed448)).getPublicKey(r);return z.equalsUint8Array(t,e)}default:return!1}},verify:ri});const ci=z.getWebCrypto();async function hi(e,t,r){const{keySize:n}=ce(e);if(!z.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await ci.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await ci.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await ci.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;z.printDebugError("Browser did not support operation: "+e.message)}return St(t).encrypt(r)}async function ui(e,t,r){const{keySize:n}=ce(e);if(!z.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await ci.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return z.printDebugError("Browser did not support operation: "+e.message),St(t).decrypt(r)}try{const e=await ci.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await ci.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}var li=/*#__PURE__*/Object.freeze({__proto__:null,unwrap:ui,wrap:hi});const yi=z.getWebCrypto();async function fi(e,t,r,n,i){const s=F.read(F.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const a=await yi.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await yi.deriveBits({name:"HKDF",hash:s,salt:r,info:n},a,8*i);return new Uint8Array(o)}const gi={x25519:z.encodeUTF8("OpenPGP X25519"),x448:z.encodeUTF8("OpenPGP X448")};async function pi(e){switch(e){case F.publicKey.x25519:{const e=Dr(32),{publicKey:t}=$r.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case F.publicKey.x448:{const e=await z.getNobleCurve(F.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}function di(e){switch(e){case F.publicKey.x25519:return 32;case F.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Ai(e,t){switch(e){case F.publicKey.x25519:{const r=Dr(di(e)),n=$r.scalarMult(r,t);mi(n);const{publicKey:i}=$r.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:i,sharedSecret:n}}case F.publicKey.x448:{const e=await z.getNobleCurve(F.publicKey.x448),r=e.utils.randomPrivateKey(),n=e.getSharedSecret(r,t);mi(n);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:n}}default:throw Error("Unsupported ECDH algorithm")}}async function wi(e,t,r,n){switch(e){case F.publicKey.x25519:{const e=$r.scalarMult(n,t);return mi(e),e}case F.publicKey.x448:{const e=(await z.getNobleCurve(F.publicKey.x448)).getSharedSecret(n,t);return mi(e),e}default:throw Error("Unsupported ECDH algorithm")}}function mi(e){let t=0;for(let r=0;r0===s[0]&&Ni(a,r,s.subarray(1),i);if(n&&!z.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=xi(e.payloadSize,vi[e.name],s),o=await Ri.importKey("jwk",a,{name:"ECDSA",namedCurve:vi[e.name],hash:{name:F.read(F.webHash,e.hash)}},!1,["verify"]),c=z.concatUint8Array([r,n]).buffer;return Ri.verify({name:"ECDSA",namedCurve:vi[e.name],hash:{name:F.read(F.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;z.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=z.nodeRequire("eckey-utils"),o=z.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:Ii[e.name],publicKey:o.from(s)}),h=Li.createVerify(F.read(F.hash,t));h.write(i),h.end();const u=z.concatUint8Array([r,n]);try{return h.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},u)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await Ni(a,r,s,i)||o()}async function Ni(e,t,r,n){return(await z.getNobleCurve(F.publicKey.ecdsa,e.name)).verify(z.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var Fi=/*#__PURE__*/Object.freeze({__proto__:null,sign:Ti,validateParams:async function(e,t,r){const n=new Ki(e);if(n.keyType!==F.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=Dr(8),i=F.hash.sha256,s=await Ie.digest(i,n);try{const a=await Ti(e,i,n,t,r,s);return await Mi(e,i,a,n,t,s)}catch(e){return!1}}default:return Ci(F.publicKey.ecdsa,e,t,r)}},verify:Mi});var Oi=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){if(Pi(new Ki(e),n),Ie.getHashByteLength(t)0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(z.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var _i=/*#__PURE__*/Object.freeze({__proto__:null,decode:zi,encode:Hi});const Gi=z.getWebCrypto(),ji=z.getNodeCrypto();function qi(e,t,r,n){return z.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),z.stringToUint8Array("Anonymous Sender "),n])}async function Vi(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await Ie.digest(e,z.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function Ji(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await Ai(F.publicKey.x25519,t.subarray(1));return{publicKey:z.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&z.getWebCrypto())try{return await async function(e,t){const r=xi(e.payloadSize,e.web,t);let n=Gi.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),i=Gi.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[n,i]=await Promise.all([n,i]);let s=Gi.deriveBits({name:"ECDH",namedCurve:e.web,public:i},n.privateKey,e.sharedSize),a=Gi.exportKey("jwk",n.publicKey);[s,a]=await Promise.all([s,a]);const o=new Uint8Array(s),c=new Uint8Array(Ui(a,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return z.printDebugError(r),Zi(e,t)}break;case"node":return async function(e,t){const r=ji.createECDH(e.node);r.generateKeys();const n=new Uint8Array(r.computeSecret(t)),i=new Uint8Array(r.getPublicKey());return{publicKey:i,sharedKey:n}}(e,t);default:return Zi(e,t)}}async function Yi(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await wi(F.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&z.getWebCrypto())try{return await async function(e,t,r,n){const i=Qi(e.payloadSize,e.web,r,n);let s=Gi.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const a=xi(e.payloadSize,e.web,t);let o=Gi.importKey("jwk",a,{name:"ECDH",namedCurve:e.web},!0,[]);[s,o]=await Promise.all([s,o]);let c=Gi.deriveBits({name:"ECDH",namedCurve:e.web,public:o},s,e.sharedSize),h=Gi.exportKey("jwk",s);[c,h]=await Promise.all([c,h]);const u=new Uint8Array(c);return{secretKey:J(h.d),sharedKey:u}}(e,t,r,n)}catch(r){return z.printDebugError(r),Wi(e,t,n)}break;case"node":return async function(e,t,r){const n=ji.createECDH(e.node);n.setPrivateKey(r);const i=new Uint8Array(n.computeSecret(t));return{secretKey:new Uint8Array(n.getPrivateKey()),sharedKey:i}}(e,t,n);default:return Wi(e,t,n)}}async function Wi(e,t,r){return{secretKey:r,sharedKey:(await z.getNobleCurve(F.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Zi(e,t){const r=await z.getNobleCurve(F.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var $i=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i,s,a){const o=new Ki(e);Pi(o,i),Pi(o,r);const{sharedKey:c}=await Yi(o,r,i,s),h=qi(F.publicKey.ecdh,e,t,a),{keySize:u}=ce(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await Vi(t.hash,c,u,h,1===e,2===e);return zi(await ui(t.cipher,r,n))}catch(e){l=e}throw l},encrypt:async function(e,t,r,n,i){const s=Hi(r),a=new Ki(e);Pi(a,n);const{publicKey:o,sharedKey:c}=await Ji(a,n),h=qi(F.publicKey.ecdh,e,t,i),{keySize:u}=ce(t.cipher),l=await Vi(t.hash,c,u,h);return{publicKey:o,wrappedKey:await hi(t.cipher,l,s)}},validateParams:async function(e,t,r){return Ci(F.publicKey.ecdh,e,t,r)}}),Xi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Ki,ecdh:$i,ecdhX:bi,ecdsa:Fi,eddsa:oi,eddsaLegacy:Oi,generate:async function(e){const t=new Ki(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:z.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}},getPreferredHashAlgo:function(e){return Si[e.getName()].hash}});const es=BigInt(0),ts=BigInt(1);var rs=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,h,u;n=mr(n),i=mr(i),r=mr(r),s=mr(s),r=br(r,n),s=br(s,i);const l=br(mr(t.subarray(0,Kr(i))),i);for(;;){if(o=Ur(ts,i),c=br(kr(r,o,n),i),c===a)continue;const e=br(s*c,i);if(u=br(l+e,i),h=br(vr(o,i)*u,i),h!==a)break}return{r:Cr(c,"be",Kr(n)),s:Cr(h,"be",Kr(n))}},validateParams:async function(e,t,r,n,i){if(e=mr(e),t=mr(t),r=mr(r),n=mr(n),r<=ts||r>=e)return!1;if(br(e-ts,t)!==es)return!1;if(kr(r,t,e)!==ts)return!1;const s=BigInt(Sr(t));if(s=a||r<=es||r>=a)return z.printDebug("invalid DSA Signature"),!1;const c=br(mr(n.subarray(0,Kr(a))),a),h=vr(r,a);if(h===es)return z.printDebug("invalid DSA Signature"),!1;i=br(i,s),o=br(o,s);const u=br(c*h,a),l=br(t*h,a);return br(br(kr(i,u,s)*kr(o,l,s),s),a)===t}}),ns={rsa:Jr,elgamal:Wr,elliptic:Xi,dsa:rs};var is=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:case F.publicKey.rsaSign:{const e=z.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case F.publicKey.dsa:case F.publicKey.ecdsa:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=z.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case F.publicKey.eddsaLegacy:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=z.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case F.publicKey.ed25519:case F.publicKey.ed448:{const n=2*ns.elliptic.eddsa.getPayloadSize(e),i=z.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}default:throw new Zn("Unknown signature algorithm.")}},sign:async function(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:case F.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:h,u}=n;return{s:await ns.rsa.sign(t,i,e,a,o,c,h,u,s)}}case F.publicKey.dsa:{const{g:e,p:i,q:a}=r,{x:o}=n;return ns.dsa.sign(t,s,e,i,a,o)}case F.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case F.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return ns.elliptic.ecdsa.sign(e,t,i,a,o,s)}case F.publicKey.eddsaLegacy:{const{oid:e,Q:a}=r,{seed:o}=n;return ns.elliptic.eddsaLegacy.sign(e,t,i,a,o,s)}case F.publicKey.ed25519:case F.publicKey.ed448:{const{A:a}=r,{seed:o}=n;return ns.elliptic.eddsa.sign(e,t,i,a,o,s)}default:throw Error("Unknown signature algorithm.")}},verify:async function(e,t,r,n,i,s){switch(e){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:case F.publicKey.rsaSign:{const{n:e,e:a}=n,o=z.leftPad(r.s,e.length);return ns.rsa.verify(t,i,o,e,a,s)}case F.publicKey.dsa:{const{g:e,p:i,q:a,y:o}=n,{r:c,s:h}=r;return ns.dsa.verify(t,c,h,s,e,i,a,o)}case F.publicKey.ecdsa:{const{oid:e,Q:a}=n,o=new ns.elliptic.CurveWithOID(e).payloadSize,c=z.leftPad(r.r,o),h=z.leftPad(r.s,o);return ns.elliptic.ecdsa.verify(e,t,{r:c,s:h},i,a,s)}case F.publicKey.eddsaLegacy:{const{oid:e,Q:a}=n,o=new ns.elliptic.CurveWithOID(e).payloadSize,c=z.leftPad(r.r,o),h=z.leftPad(r.s,o);return ns.elliptic.eddsaLegacy.verify(e,t,{r:c,s:h},i,a,s)}case F.publicKey.ed25519:case F.publicKey.ed448:{const{A:a}=n;return ns.elliptic.eddsa.verify(e,t,r,i,a,s)}default:throw Error("Unknown signature algorithm.")}}});class ss{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return z.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class as{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Zn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class os{static fromObject({wrappedKey:e,algorithm:t}){const r=new os;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=z.readExactSubarray(e,t,t+r),t+=r}write(){return z.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function cs(e){try{e.getName()}catch(e){throw new Zn("Unknown curve OID")}}function hs(e,t){switch(e){case F.publicKey.ecdsa:case F.publicKey.ecdh:case F.publicKey.eddsaLegacy:return new ns.elliptic.CurveWithOID(t).payloadSize;case F.publicKey.ed25519:case F.publicKey.ed448:return ns.elliptic.eddsa.getPayloadSize(e);case F.publicKey.x25519:case F.publicKey.x448:return ns.elliptic.ecdhX.getPayloadSize(e);default:throw Error("Unknown elliptic algo")}}var us=/*#__PURE__*/Object.freeze({__proto__:null,generateParams:function(e,t,r){switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:return ns.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case F.publicKey.ecdsa:return ns.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new _n(e),Q:t}})));case F.publicKey.eddsaLegacy:return ns.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new _n(e),Q:t}})));case F.publicKey.ecdh:return ns.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new _n(e),Q:t,kdfParams:new as({hash:n,cipher:i})}})));case F.publicKey.ed25519:case F.publicKey.ed448:return ns.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case F.publicKey.x25519:case F.publicKey.x448:return ns.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case F.publicKey.dsa:case F.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},generateSessionKey:function(e){const{keySize:t}=ce(e);return Dr(t)},getAEADMode:function(e){const t=F.read(F.aead,e);return dr[t]},getCipherParams:ce,getCurvePayloadSize:hs,getPreferredCurveHashAlgo:function(e,t){switch(e){case F.publicKey.ecdsa:case F.publicKey.eddsaLegacy:return ns.elliptic.getPreferredHashAlgo(t);case F.publicKey.ed25519:case F.publicKey.ed448:return ns.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}},getPrefixRandom:async function(e){const{blockSize:t}=ce(e),r=await Dr(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return z.concat([r,n])},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:return{c:z.readMPI(t.subarray(r))};case F.publicKey.elgamal:{const e=z.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:z.readMPI(t.subarray(r))}}case F.publicKey.ecdh:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=new ss;return n.read(t.subarray(r)),{V:e,C:n}}case F.publicKey.x25519:case F.publicKey.x448:{const n=hs(e),i=z.readExactSubarray(t,r,r+n);r+=i.length;const s=new os;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}default:throw new Zn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let n=0;switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:{const e=z.readMPI(t.subarray(n));n+=e.length+2;const r=z.readMPI(t.subarray(n));n+=r.length+2;const i=z.readMPI(t.subarray(n));n+=i.length+2;const s=z.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case F.publicKey.dsa:case F.publicKey.elgamal:{const e=z.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case F.publicKey.ecdsa:case F.publicKey.ecdh:{const i=hs(e,r.oid);let s=z.readMPI(t.subarray(n));return n+=s.length+2,s=z.leftPad(s,i),{read:n,privateParams:{d:s}}}case F.publicKey.eddsaLegacy:{const i=hs(e,r.oid);if(r.oid.getName()!==F.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=z.readMPI(t.subarray(n));return n+=s.length+2,s=z.leftPad(s,i),{read:n,privateParams:{seed:s}}}case F.publicKey.ed25519:case F.publicKey.ed448:{const r=hs(e),i=z.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case F.publicKey.x25519:case F.publicKey.x448:{const r=hs(e),i=z.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}default:throw new Zn("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=z.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case F.publicKey.dsa:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=z.readMPI(t.subarray(r));r+=n.length+2;const i=z.readMPI(t.subarray(r));r+=i.length+2;const s=z.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case F.publicKey.elgamal:{const e=z.readMPI(t.subarray(r));r+=e.length+2;const n=z.readMPI(t.subarray(r));r+=n.length+2;const i=z.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case F.publicKey.ecdsa:{const e=new _n;r+=e.read(t),cs(e);const n=z.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case F.publicKey.eddsaLegacy:{const e=new _n;if(r+=e.read(t),cs(e),e.getName()!==F.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=z.readMPI(t.subarray(r));return r+=n.length+2,n=z.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case F.publicKey.ecdh:{const e=new _n;r+=e.read(t),cs(e);const n=z.readMPI(t.subarray(r));r+=n.length+2;const i=new as;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case F.publicKey.ed25519:case F.publicKey.ed448:case F.publicKey.x25519:case F.publicKey.x448:{const n=z.readExactSubarray(t,r,r+hs(e));return r+=n.length,{read:r,publicParams:{A:n}}}default:throw new Zn("Unknown public key encryption algorithm.")}},publicKeyDecrypt:async function(e,t,r,n,i,s){switch(e){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:h,u}=r;return ns.rsa.decrypt(e,i,a,o,c,h,u,s)}case F.publicKey.elgamal:{const{c1:e,c2:i}=n,a=t.p,o=r.x;return ns.elgamal.decrypt(e,i,a,o,s)}case F.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:h}=n;return ns.elliptic.ecdh.decrypt(e,a,c,h.data,s,o,i)}case F.publicKey.x25519:case F.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!z.isAES(o.algorithm))throw Error("AES session key expected");return ns.elliptic.ecdhX.decrypt(e,a,o.wrappedKey,i,s)}default:throw Error("Unknown public key encryption algorithm.")}},publicKeyEncrypt:async function(e,t,r,n,i){switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await ns.rsa.encrypt(n,e,t)}}case F.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return ns.elgamal.encrypt(n,e,t,i)}case F.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:s}=r,{publicKey:a,wrappedKey:o}=await ns.elliptic.ecdh.encrypt(e,s,n,t,i);return{V:a,C:new ss(o)}}case F.publicKey.x25519:case F.publicKey.x448:{if(t&&!z.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:s,wrappedKey:a}=await ns.elliptic.ecdhX.encrypt(e,n,i);return{ephemeralPublicKey:s,C:os.fromObject({algorithm:t,wrappedKey:a})}}default:return[]}},serializeParams:function(e,t){const r=new Set([F.publicKey.ed25519,F.publicKey.x25519,F.publicKey.ed448,F.publicKey.x448]),n=Object.keys(t).map((n=>{const i=t[n];return z.isUint8Array(i)?r.has(e)?i:z.uint8ArrayToMPI(i):i.write()}));return z.concatUint8Array(n)},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return ns.rsa.validateParams(e,n,i,s,a,o)}case F.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return ns.dsa.validateParams(e,n,i,s,a)}case F.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return ns.elgamal.validateParams(e,n,i,s)}case F.publicKey.ecdsa:case F.publicKey.ecdh:{const n=ns.elliptic[F.read(F.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case F.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return ns.elliptic.eddsaLegacy.validateParams(n,e,i)}case F.publicKey.ed25519:case F.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return ns.elliptic.eddsa.validateParams(e,n,i)}case F.publicKey.x25519:case F.publicKey.x448:{const{A:n}=t,{k:i}=r;return ns.elliptic.ecdhX.validateParams(e,n,i)}default:throw Error("Unknown public key algorithm.")}}});const ls={cipher:he,hash:Ie,mode:dr,publicKey:ns,signature:is,random:xr,pkcs1:Hr,pkcs5:_i,aesKW:li};Object.assign(ls,us);class ys extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,ys),this.name="Argon2OutOfMemoryError"}}let fs,gs;class ps{constructor(e=O){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=ls.random.getRandomBytes(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([F.write(F.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return z.concatUint8Array(e)}async produceKey(e,t){const r=2<1048576&&(gs=fs(),gs.catch((()=>{}))),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new ys("Could not allocate required memory for Argon2"):e}}}class ds{constructor(e,t=O){this.algorithm=F.hash.sha256,this.type=F.read(F.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=ls.random.getRandomBytes(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==z.uint8ArrayToString(e.subarray(t,t+3)))throw new Zn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Zn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Zn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...z.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([F.write(F.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return z.concatUint8Array(e)}async produceKey(e,t){e=z.encodeUTF8(e);const r=[];let n=0,i=0;for(;n>>1|(21845&Ls)<<1;Ts=(61680&(Ts=(52428&Ts)>>>2|(13107&Ts)<<2))>>>4|(3855&Ts)<<4,Rs[Ls]=((65280&Ts)>>>8|(255&Ts)<<8)>>>1}var Ms=function(e,t,r){for(var n=e.length,i=0,s=new Es(t);i>>c]=h}else for(a=new Es(n),i=0;i>>15-e[i]);return a},Ns=new ks(288);for(Ls=0;Ls<144;++Ls)Ns[Ls]=8;for(Ls=144;Ls<256;++Ls)Ns[Ls]=9;for(Ls=256;Ls<280;++Ls)Ns[Ls]=7;for(Ls=280;Ls<288;++Ls)Ns[Ls]=8;var Fs=new ks(32);for(Ls=0;Ls<32;++Ls)Fs[Ls]=5;var Os=/*#__PURE__*/Ms(Ns,9,0),Hs=/*#__PURE__*/Ms(Ns,9,1),zs=/*#__PURE__*/Ms(Fs,5,0),_s=/*#__PURE__*/Ms(Fs,5,1),Gs=function(e){for(var t=e[0],r=1;rt&&(t=e[r]);return t},js=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},qs=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Vs=function(e){return(e+7)/8|0},Js=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var n=new(2==e.BYTES_PER_ELEMENT?Es:4==e.BYTES_PER_ELEMENT?vs:ks)(r-t);return n.set(e.subarray(t,r)),n},Ys=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Ws=function(e,t,r){var n=Error(t||Ys[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,Ws),!r)throw n;return n},Zs=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8},$s=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8,e[n+2]|=r>>>16},Xs=function(e,t){for(var r=[],n=0;ny&&(y=s[n].s);var f=new Es(y+1),g=ea(r[u-1],f,0);if(g>t){n=0;var p=0,d=g-t,A=1<t))break;p+=A-(1<>>=d;p>0;){var m=s[n].s;f[m]=0&&p;--n){var b=s[n].s;f[b]==t&&(--f[b],++p)}g=t}return[new ks(f),g]},ea=function(e,t,r){return-1==e.s?Math.max(ea(e.l,t,r+1),ea(e.r,t,r+1)):t[e.s]=r},ta=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new Es(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return[r.subarray(0,n),t]},ra=function(e,t){for(var r=0,n=0;n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s4&&!S[Ss[C-1]];--C);var P,D,U,x,Q=h+5<<3,R=ra(i,Ns)+ra(s,Fs)+a,L=ra(i,y)+ra(s,p)+a+14+3*C+ra(v,S)+(2*v[16]+3*v[17]+7*v[18]);if(Q<=R&&Q<=L)return na(t,u,e.subarray(c,c+h));if(Zs(t,u,1+(L15&&(Zs(t,u,F[B]>>>5&127),u+=F[B]>>>12)}}}else P=Os,D=Ns,U=zs,x=Fs;for(B=0;B255){O=n[B]>>>18&31;$s(t,u,P[O+257]),u+=D[O+257],O>7&&(Zs(t,u,n[B]>>>23&31),u+=Bs[O]);var H=31&n[B];$s(t,u,U[H]),u+=x[H],H>3&&($s(t,u,n[B]>>>5&8191),u+=Is[H])}else $s(t,u,P[n[B]]),u+=D[n[B]];return $s(t,u,P[256]),u+D[256]},sa=/*#__PURE__*/new vs([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),aa=/*#__PURE__*/new ks(0),oa=function(e,t,r,n,i){return function(e,t,r,n,i,s){var a=e.length,o=new ks(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),h=0;if(!t||a<8)for(var u=0;u<=a;u+=65535){var l=u+65535;l>=a&&(c[h>>3]=s),h=na(c,h+1,e.subarray(u,l))}else{for(var y=sa[t-1],f=y>>>13,g=8191&y,p=(1<7e3||S>24576)&&x>423){h=ia(e,c,0,k,E,v,I,S,C,u-C,h),S=B=I=0,C=u;for(var Q=0;Q<286;++Q)E[Q]=0;for(Q=0;Q<30;++Q)v[Q]=0}var R=2,L=0,T=g,M=D-U&32767;if(x>2&&P==b(u-M))for(var N=Math.min(f,x)-1,F=Math.min(32767,u),O=Math.min(258,x);M<=F&&--T&&D!=U;){if(e[u+R]==e[u+R-M]){for(var H=0;HR){if(R=H,L=M,H>N)break;var z=Math.min(M,H-2),_=0;for(Q=0;Q_&&(_=j,U=G)}}}M+=(D=U)-(U=d[D])+32768&32767}if(L){k[S++]=268435456|Ds[R]<<18|Qs[L];var q=31&Ds[R],V=31&Qs[L];I+=Bs[q]+Is[V],++E[257+q],++v[V],K=u+R,++B}else k[S++]=e[u],++E[e[u]]}}h=ia(e,c,s,k,E,v,I,S,C,u-C,h),!s&&7&h&&(h=na(c,h+1,aa))}return Js(o,0,n+Vs(h)+i)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,n,!i)},ca=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(oa(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||Ws(5),this.d&&Ws(4),this.d=t,this.p(e,t||!1)},e}(),ha=/*#__PURE__*/function(){function e(e){this.s={},this.p=new ks(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||Ws(5),this.d&&Ws(4);var t=this.p.length,r=new ks(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var n=e.length;if(!n||r&&r.f&&!r.l)return t||new ks(0);var i=!t||r,s=!r||r.i;r||(r={}),t||(t=new ks(3*n));var a=function(e){var r=t.length;if(e>r){var n=new ks(Math.max(2*r,e));n.set(t),t=n}},o=r.f||0,c=r.p||0,h=r.b||0,u=r.l,l=r.d,y=r.m,f=r.n,g=8*n;do{if(!u){o=js(e,c,1);var p=js(e,c+1,3);if(c+=3,!p){var d=e[(K=Vs(c)+4)-4]|e[K-3]<<8,A=K+d;if(A>n){s&&Ws(0);break}i&&a(h+d),t.set(e.subarray(K,A),h),r.b=h+=d,r.p=c=8*A,r.f=o;continue}if(1==p)u=Hs,l=_s,y=9,f=5;else if(2==p){var w=js(e,c,31)+257,m=js(e,c+10,15)+4,b=w+js(e,c+5,31)+1;c+=14;for(var k=new ks(b),E=new ks(19),v=0;v>>4)<16)k[v++]=K;else{var P=0,D=0;for(16==K?(D=3+js(e,c,3),c+=2,P=k[v-1]):17==K?(D=3+js(e,c,7),c+=3):18==K&&(D=11+js(e,c,127),c+=7);D--;)k[v++]=P}}var U=k.subarray(0,w),x=k.subarray(w);y=Gs(U),f=Gs(x),u=Ms(U,y,1),l=Ms(x,f,1)}else Ws(1);if(c>g){s&&Ws(0);break}}i&&a(h+131072);for(var Q=(1<>>4;if((c+=15&P)>g){s&&Ws(0);break}if(P||Ws(2),T<256)t[h++]=T;else{if(256==T){L=c,u=null;break}var M=T-254;if(T>264){var N=Bs[v=T-257];M=js(e,c,(1<>>4;if(F||Ws(3),c+=15&F,x=xs[O],O>3&&(N=Is[O],x+=qs(e,c)&(1<g){s&&Ws(0);break}i&&a(h+131072);for(var H=h+M;h>16),i=(65535&i)+15*(i>>16)}r=t,n=i},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(n%=65521))<<8|n>>>8}}),this.v=1,ca.call(this,e,t)}return e.prototype.push=function(e,t){ca.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=oa(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=n<<6|(n?32-2*n:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),la=/*#__PURE__*/function(){function e(e){this.v=1,ha.call(this,e)}return e.prototype.push=function(e,t){if(ha.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&Ws(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),ha.prototype.c.call(this,t)},e}(),ya="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{ya.decode(aa,{stream:!0}),1}catch(e){}class fa{static get tag(){return F.packet.literalData}constructor(e=new Date){this.format=F.literal.utf8,this.date=z.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=F.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||z.isStream(this.text))&&(this.text=z.decodeUTF8(z.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=z.canonicalizeEOL(z.encodeUTF8(this.text))),e?D(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await C(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=z.decodeUTF8(await e.readBytes(r)),this.date=z.readDate(await e.readBytes(4));let n=e.remainder();y(n)&&(n=await Q(n)),this.setBytes(n,t)}))}writeHeader(){const e=z.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=z.writeDate(this.date);return z.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return z.concat([e,t])}}class ga{constructor(){this.bytes=""}read(e){return this.bytes=z.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return z.stringToUint8Array(this.bytes)}toHex(){return z.uint8ArrayToHex(z.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ga;return t.read(z.hexToUint8Array(e)),t}static wildcard(){const e=new ga;return e.read(new Uint8Array(8)),e}}const pa=Symbol("verified"),da="salt@notations.openpgpjs.org",Aa=new Set([F.signatureSubpacket.issuerKeyID,F.signatureSubpacket.issuerFingerprint,F.signatureSubpacket.embeddedSignature]);class wa{static get tag(){return F.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ga,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[pa]=null}read(e,t=O){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Zn("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Zn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=ls.signature.parseSignatureParams(this.publicKeyAlgorithm,n);if(ils.serializeParams(this.publicKeyAlgorithm,await this.params))):ls.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),z.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=z.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=ba(this.hashAlgorithm);if(null===this.salt)this.salt=ls.random.getRandomBytes(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===da)).length)throw Error("Unexpected existing salt notation");{const e=ls.random.getRandomBytes(ba(this.hashAlgorithm));this.rawNotations.push({name:da,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=z.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=x(P(o),0,2);const c=async()=>ls.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await Q(o));z.isStream(o)?this.params=c():(this.params=await c(),this[pa]=!0)}writeHashedSubPackets(){const e=F.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(ma(e.signatureCreationTime,!0,z.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(ma(e.signatureExpirationTime,!0,z.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(ma(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(ma(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(ma(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(ma(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(ma(e.keyExpirationTime,!0,z.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(ma(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=z.concat([r,this.revocationKeyFingerprint]),t.push(ma(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(ma(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=z.encodeUTF8(n);r.push(z.writeNumber(o.length,2)),r.push(z.writeNumber(i.length,2)),r.push(o),r.push(i),r=z.concat(r),t.push(ma(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(ma(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(ma(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.keyServerPreferences)),t.push(ma(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(ma(e.preferredKeyServer,!1,z.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(ma(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(ma(e.policyURI,!1,z.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.keyFlags)),t.push(ma(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(ma(e.signersUserID,!1,z.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=z.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(ma(e.reasonForRevocation,!0,r))),null!==this.features&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.features)),t.push(ma(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(z.stringToUint8Array(this.signatureTargetHash)),r=z.concat(r),t.push(ma(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(ma(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=z.concat(r),t.push(ma(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=z.stringToUint8Array(z.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(ma(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(ma(e.preferredCipherSuites,!1,r)));const n=z.concat(t),i=z.writeNumber(n.length,6===this.version?4:2);return z.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>ma(e,t,r))),t=z.concat(e),r=z.writeNumber(t.length,6===this.version?4:2);return z.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),Aa.has(i)))switch(i){case F.signatureSubpacket.signatureCreationTime:this.created=z.readDate(e.subarray(r,e.length));break;case F.signatureSubpacket.signatureExpirationTime:{const t=z.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case F.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case F.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case F.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case F.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case F.signatureSubpacket.keyExpirationTime:{const t=z.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case F.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case F.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case F.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=z.readNumber(e.subarray(r,r+2));r+=2;const s=z.readNumber(e.subarray(r,r+2));r+=2;const a=z.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=z.decodeUTF8(o));break}case F.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=z.decodeUTF8(e.subarray(r,e.length));break;case F.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case F.signatureSubpacket.policyURI:this.policyURI=z.decodeUTF8(e.subarray(r,e.length));break;case F.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.signersUserID:this.signersUserID=z.decodeUTF8(e.subarray(r,e.length));break;case F.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=z.decodeUTF8(e.subarray(r,e.length));break;case F.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=ls.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=z.uint8ArrayToString(e.subarray(r,r+t));break}case F.signatureSubpacket.embeddedSignature:this.embeddedSignature=new wa,this.embeddedSignature.read(e.subarray(r,e.length));break;case F.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case F.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case F.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==F.signature.binary&&this.signatureType!==F.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(z.writeNumber(r,4)),z.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return z.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==ba(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),ls.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=O){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===F.signature.binary||t===F.signature.text;if(!(this[pa]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await Q(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[pa]=await ls.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,n,s),!this[pa])throw Error("Signature verification failed")}const o=z.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+F.read(F.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[F.signature.binary,F.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+F.read(F.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=z.normalizeDate(e);return null!==t&&!(this.created<=t&&twa.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==F.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!z.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!z.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function Ea(e,t){if(!t[e]){let t;try{t=F.read(F.packet,e)}catch(t){throw new $n("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ka.prototype.hash=wa.prototype.hash,ka.prototype.toHash=wa.prototype.toHash,ka.prototype.toSign=wa.prototype.toSign;class va extends Array{static async fromBinary(e,t,r=O){const n=new va;return await n.read(e,t,r),n}async read(e,t,r=O){r.additionalAllowedPackets.length&&(t={...t,...z.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=K(e,(async(e,n)=>{const i=M(n);try{for(;;){await i.ready;if(await Wn(e,(async e=>{try{if(e.tag===F.packet.marker||e.tag===F.packet.trust||e.tag===F.packet.padding)return;const n=Ea(e.tag,t);n.packets=new va,n.fromStream=z.isStream(e.packet),await n.read(e.packet,r),await i.write(n)}catch(t){if(t instanceof $n){if(!(e.tag<=39))return;await i.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof Zn,s=!(r.ignoreMalformedPackets||t instanceof Zn);if(n||s||Yn(e.tag))await i.abort(t);else{const t=new Xn(e.tag,e.packet);await i.write(t)}z.printDebugError(t)}})))return await i.ready,void await i.close()}}catch(e){await i.abort(e)}}));const n=T(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||Yn(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=z.concat([qn(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>z.concat([jn(i)].concat(t)))))}else{if(z.isStream(n)){let t=0;e.push(S(P(n),(e=>{t+=e.length}),(()=>Jn(r,t))))}else e.push(Jn(r,n.length));e.push(n)}}return z.concat(e)}filterByTag(...e){const t=new va,r=e=>t=>e===t;for(let n=0;nt.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),z.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=O){const t=F.read(F.compression,this.algorithm),r=Da[t];if(!r)throw Error(t+" decompression not supported");this.packets=await va.fromBinary(await r(this.compressed),Ba,e)}compress(){const e=F.read(F.compression,this.algorithm),t=Pa[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function Sa(e,t){return r=>{if(!z.isStream(r)||y(r))return L((()=>Q(r).then((e=>new Promise(((r,n)=>{const i=new t;i.ondata=e=>{r(e)};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function Ka(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return Ly}));return L((async()=>t(await Q(e))))}}const Ca=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Pa={zip:/*#__PURE__*/Sa(Ca("deflate-raw").compressor,ca),zlib:/*#__PURE__*/Sa(Ca("deflate").compressor,ua)},Da={uncompressed:e=>e,zip:/*#__PURE__*/Sa(Ca("deflate-raw").decompressor,ha),zlib:/*#__PURE__*/Sa(Ca("deflate").decompressor,la),bzip2:/*#__PURE__*/Ka()},Ua=/*#__PURE__*/z.constructAllowedPackets([fa,Ia,ka,wa]);class xa{static get tag(){return F.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new xa;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await C(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Zn(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?z.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):z.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=O){const{blockSize:n,keySize:i}=ls.getCipherParams(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(y(s)&&(s=await Q(s)),2===this.version)this.cipherAlgorithm=e,this.salt=ls.random.getRandomBytes(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Qa(this,"encrypt",t,s);else{const i=await ls.getPrefixRandom(e),a=new Uint8Array([211,20]),o=z.concat([i,s,a]),c=await ls.hash.sha1(D(o)),h=z.concat([o,c]);this.encrypted=await ls.mode.cfb.encrypt(e,t,h,new Uint8Array(n),r)}return!0}async decrypt(e,t,r=O){if(t.length!==ls.getCipherParams(e).keySize)throw Error("Unexpected session key size");let n,i=P(this.encrypted);if(y(i)&&(i=await Q(i)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Qa(this,"decrypt",t,i)}else{const{blockSize:s}=ls.getCipherParams(e),a=await ls.mode.cfb.decrypt(e,t,i,new Uint8Array(s)),o=x(D(a),-20),c=x(a,0,-20),h=Promise.all([Q(await ls.hash.sha1(D(c))),Q(o)]).then((([e,t])=>{if(!z.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=x(c,s+2);n=x(u,0,-2),n=E([n,L((()=>h))]),z.isStream(i)&&r.allowUnauthenticatedStream||(n=await Q(n))}return this.packets=await va.fromBinary(n,Ua,r),!0}}async function Qa(e,t,r,n){const i=e instanceof xa&&2===e.version,s=!i&&e.constructor.tag===F.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=ls.getAEADMode(e.aeadAlgorithm),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,h=2**(e.chunkSizeByte+6)+o,u=s?8:0,l=new ArrayBuffer(13+u),y=new Uint8Array(l,0,5+u),f=new Uint8Array(l),g=new DataView(l),p=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let d,A,w=0,m=Promise.resolve(),b=0,k=0;if(i){const{keySize:t}=ls.getCipherParams(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await fi(F.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),d=s.subarray(t),d.fill(0,d.length-8),A=new DataView(d.buffer,d.byteOffset,d.byteLength)}else d=e.iv;const E=await a(e.cipherAlgorithm,r);return K(n,(async(r,n)=>{if("array"!==z.isStream(r)){const t=new TransformStream({},{highWaterMark:z.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});v(t.readable,n),n=t.writable}const s=T(r),a=M(n);try{for(;;){let e=await s.readBytes(h+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,v;if(e=e.subarray(0,e.length-o),i)v=d;else{v=d.slice();for(let e=0;e<8;e++)v[d.length-8+e]^=p[e]}if(!w||e.length?(s.unshift(r),n=E[t](e,v,y),n.catch((()=>{})),k+=e.length-o+c):(g.setInt32(5+u+4,b),n=E[t](r,v,f),n.catch((()=>{})),k+=c,l=!0),b+=e.length-o,m=m.then((()=>n)).then((async e=>{await a.ready,await a.write(e),k-=e.length})).catch((e=>a.abort(e))),(l||k>a.desiredSize)&&await m,l){await a.close();break}i?A.setInt32(d.length-4,++w):g.setInt32(9,++w)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const Ra=/*#__PURE__*/z.constructAllowedPackets([fa,Ia,ka,wa]);class La{static get tag(){return F.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=F.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await C(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Zn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=ls.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return z.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=O){this.packets=await va.fromBinary(await Qa(this,"decrypt",t,P(this.encrypted)),Ra,r)}async encrypt(e,t,r=O){this.cipherAlgorithm=e;const{ivLength:n}=ls.getAEADMode(this.aeadAlgorithm);this.iv=ls.random.getRandomBytes(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Qa(this,"encrypt",t,i)}}class Ta{static get tag(){return F.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new ga,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Ta;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?ga.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Zn(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=ga.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=ls.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t)),this.publicKeyAlgorithm===F.publicKey.x25519||this.publicKeyAlgorithm===F.publicKey.x448)if(3===this.version)this.sessionKeyAlgorithm=F.write(F.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),ls.serializeParams(this.publicKeyAlgorithm,this.encrypted)),z.concatUint8Array(e)}async encrypt(e){const t=F.write(F.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=Ma(this.version,t,r,this.sessionKey);this.encrypted=await ls.publicKeyEncrypt(t,r,e.publicParams,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ma(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await ls.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.elgamal:case F.publicKey.ecdh:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=z.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:z.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:z.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||F.read(F.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case F.publicKey.x25519:case F.publicKey.x448:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=this.publicKeyAlgorithm!==F.publicKey.x25519&&this.publicKeyAlgorithm!==F.publicKey.x448;if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==ls.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ma(e,t,r,n){switch(t){case F.publicKey.rsaEncrypt:case F.publicKey.rsaEncryptSign:case F.publicKey.elgamal:case F.publicKey.ecdh:return z.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,z.writeChecksum(n.subarray(n.length%8))]);case F.publicKey.x25519:case F.publicKey.x448:return n;default:throw Error("Unsupported public key algorithm")}}class Na{static get tag(){return F.packet.symEncryptedSessionKey}constructor(e=O){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=F.write(F.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Zn(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=ws(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=ls.getAEADMode(this.aeadAlgorithm);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t=5){const e=ls.getAEADMode(this.aeadAlgorithm),r=new Uint8Array([192|Na.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await fi(F.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await ls.mode.cfb.decrypt(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=F.write(F.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==ls.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=O){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=ms(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=ls.getCipherParams(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=ls.generateSessionKey(this.sessionKeyAlgorithm)),this.version>=5){const e=ls.getAEADMode(this.aeadAlgorithm);this.iv=ls.random.getRandomBytes(e.ivLength);const t=new Uint8Array([192|Na.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await fi(F.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=z.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await ls.mode.cfb.encrypt(r,s,e,new Uint8Array(n),t)}}}class Fa{static get tag(){return F.packet.publicKey}constructor(e=new Date,t=O){this.version=t.v6Keys?6:4,this.created=z.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Fa,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=O){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Zn("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=z.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=ls.parsePublicKeyParams(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===F.curve.curve25519Legacy||n.oid.getName()===F.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Zn(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(z.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=ls.serializeParams(this.algorithm,this.publicParams);return this.version>=5&&e.push(z.writeNumber(t.length,4)),e.push(t),z.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return z.concatUint8Array([new Uint8Array([r]),z.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new ga,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await ls.hash.sha256(e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await ls.hash.sha1(e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return z.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&z.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=F.read(F.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=z.uint8ArrayBitLength(t):this.publicParams.oid&&(e.curve=this.publicParams.oid.getName()),e}}Fa.prototype.readPublicKey=Fa.prototype.read,Fa.prototype.writePublicKey=Fa.prototype.write;const Oa=/*#__PURE__*/z.constructAllowedPackets([fa,Ia,ka,wa]);class Ha{static get tag(){return F.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=O){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=ls.getCipherParams(e),i=await Q(P(this.encrypted)),s=await ls.mode.cfb.decrypt(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await va.fromBinary(s,Oa,r)}async encrypt(e,t,r=O){const n=this.packets.write(),{blockSize:i}=ls.getCipherParams(e),s=await ls.getPrefixRandom(e),a=await ls.mode.cfb.encrypt(e,t,s,new Uint8Array(i),r),o=await ls.mode.cfb.encrypt(e,t,n,a.subarray(2),r);this.encrypted=z.concat([a,o])}}class za extends Fa{static get tag(){return F.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new za,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class _a{static get tag(){return F.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function ja(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=ls.getCipherParams(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const h=z.concatUint8Array([s,new Uint8Array([e,n,i])]);return fi(F.hash.sha256,c,new Uint8Array,h,o)}class qa{static get tag(){return F.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(z.isString(e)||e.name&&!z.isString(e.name)||e.email&&!z.isEmailAddress(e.email)||e.comment&&!z.isString(e.comment))throw Error("Invalid user ID format");const t=new qa;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=O){const r=z.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=/^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/.exec(r);if(null!==n){const{name:e,comment:t,email:r}=n.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return z.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Va extends Ga{static get tag(){return F.packet.secretSubkey}constructor(e=new Date,t=O){super(e,t)}}const Ja=/*#__PURE__*/z.constructAllowedPackets([wa]);class Ya{constructor(e){this.packets=e||new va}write(){return this.packets.write()}armor(e=O){const t=this.packets.some((e=>e.constructor.tag===wa.tag&&6!==e.version));return ie(F.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Wa(e,t){const r=new Va(e.date,t);return r.packets=null,r.algorithm=F.write(F.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function Za(e,t){const r=new Ga(e.date,t);return r.packets=null,r.algorithm=F.write(F.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function $a(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw z.wrapError(`Could not find valid ${F.read(F.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Xa(e,t,r=new Date){const n=z.normalizeDate(r);if(null!==n){const r=io(e,t);return!(e.created<=n&&n0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await to(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function to(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const h=new wa;return Object.assign(h,n),h.publicKeyAlgorithm=r.algorithm,h.hashAlgorithm=await async function(e,t,r=new Date,n=[],i){const s=F.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms))),c=new Map;for(const e of o)for(const t of e)try{const e=F.write(F.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const h=t=>0===e.length||c.get(t)===e.length||t===s,u=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>h(e))).sort(((e,t)=>ls.hash.getHashByteLength(e)-ls.hash.getHashByteLength(t)))[0];return ls.hash.getHashByteLength(e)>=ls.hash.getHashByteLength(s)?e:s};if(new Set([F.publicKey.ecdsa,F.publicKey.eddsaLegacy,F.publicKey.ed25519,F.publicKey.ed448]).has(t.algorithm)){const e=ls.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid),r=h(a),n=ls.hash.getHashByteLength(a)>=ls.hash.getHashByteLength(e);if(r&&n)return a;{const t=u();return ls.hash.getHashByteLength(t)>=ls.hash.getHashByteLength(e)?t:e}}return h(a)?a:u()}(t,r,i,s,c),h.rawNotations=[...a],await h.sign(r,e,i,o,c),h}async function ro(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return z.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function no(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![F.reasonForRevocation.keyRetired,F.reasonForRevocation.keySuperseded,F.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function io(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function so(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=z.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=F.write(F.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==F.curve.ed25519Legacy&&e.curve!==F.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?F.curve.ed25519Legacy:F.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===F.curve.ed25519Legacy?F.publicKey.eddsaLegacy:F.publicKey.ecdsa:e.algorithm=F.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?F.publicKey.ed25519:F.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?F.publicKey.ed448:F.publicKey.x448;break;case"rsa":e.algorithm=F.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function ao(e,t,r){switch(e.algorithm){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:case F.publicKey.dsa:case F.publicKey.ecdsa:case F.publicKey.eddsaLegacy:case F.publicKey.ed25519:case F.publicKey.ed448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&F.keyFlags.signData);default:return!1}}function oo(e,t,r){switch(e.algorithm){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:case F.publicKey.elgamal:case F.publicKey.ecdh:case F.publicKey.x25519:case F.publicKey.x448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&F.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&F.keyFlags.encryptStorage);default:return!1}}function co(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaEncrypt:case F.publicKey.elgamal:case F.publicKey.ecdh:case F.publicKey.x25519:case F.publicKey.x448:return!(!(!t.keyFlags||!!(t.keyFlags[0]&F.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&F.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&F.keyFlags.encryptStorage));default:return!1}}function ho(e,t){const r=F.write(F.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case F.publicKey.rsaEncryptSign:case F.publicKey.rsaSign:case F.publicKey.rsaEncrypt:if(n.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,F.signature.certGeneric,a,r,void 0,n)}catch(e){throw z.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,F.signature.certGeneric,i,e,void 0,t)}catch(e){throw z.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await ro(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,F.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await ro(e,this,"otherCertifications",t),await ro(e,this,"revocationSignatures",t,(function(e){return no(n,F.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=F.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=O){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new uo(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await to(s,[],e,{signatureType:F.signature.certRevocation,reasonForRevocationFlag:F.write(F.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class lo{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new va;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new lo(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=O){const i=this.mainKey.keyPacket;return no(i,F.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=O){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await $a(this.bindingSignatures,r,F.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(Xa(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=O){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await $a(this.bindingSignatures,r,F.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=io(this.keyPacket,i),a=i.getExpirationTime();return si.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,F.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await ro(e,this,"revocationSignatures",t,(function(e){return no(n,F.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=F.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=O){const s={key:e,bind:this.keyPacket},a=new lo(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await to(s,[],e,{signatureType:F.signature.subkeyRevocation,reasonForRevocationFlag:F.write(F.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{lo.prototype[e]=function(){return this.keyPacket[e]()}}));const yo=/*#__PURE__*/z.constructAllowedPackets([wa]),fo=new Set([F.packet.publicKey,F.packet.privateKey]),go=new Set([F.packet.publicKey,F.packet.privateKey,F.packet.publicSubkey,F.packet.privateSubkey]);class po{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof Xn){go.has(a.tag)&&!s&&(s=fo.has(a.tag)?fo:go);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case F.packet.publicKey:case F.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case F.packet.userID:case F.packet.userAttribute:r=new uo(a,this),this.users.push(r);break;case F.packet.publicSubkey:case F.packet.secretSubkey:r=null,i=new lo(a,this),this.subkeys.push(i);break;case F.packet.signature:switch(a.signatureType){case F.signature.certGeneric:case F.signature.certPersona:case F.signature.certCasual:case F.signature.certPositive:if(!r){z.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case F.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case F.signature.key:this.directSignatures.push(a);break;case F.signature.subkeyBinding:if(!i){z.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case F.signature.keyRevocation:this.revocationSignatures.push(a);break;case F.signature.subkeyRevocation:if(!i){z.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new va;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=O){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{ho(i,n)}catch(e){throw z.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await $a(r.bindingSignatures,i,F.signature.subkeyBinding,e,t,n);if(!ao(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await $a([s.embeddedSignature],r.keyPacket,F.signature.keyBinding,e,t,n),ho(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&ao(i,s,n))return ho(i,n),this}catch(e){a=e}throw z.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=O){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{ho(i,n)}catch(e){throw z.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await $a(r.bindingSignatures,i,F.signature.subkeyBinding,e,t,n);if(oo(r.keyPacket,s,n))return ho(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&oo(i,s,n))return ho(i,n),this}catch(e){a=e}throw z.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=O){return no(this.keyPacket,F.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=O){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Xa(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await $a(this.directSignatures,n,F.signature.key,{key:n},e,r).catch((()=>{}));if(t&&Xa(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=O){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=io(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await $a(this.directSignatures,this.keyPacket,F.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=io(this.keyPacket,a);r=Math.min(i,s,e)}else r=ie.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await ro(e,n,"revocationSignatures",t,(i=>no(n.keyPacket,F.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await ro(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=O){const r={key:this.keyPacket},n=await $a(this.revocationSignatures,this.keyPacket,F.signature.keyRevocation,r,e,t),i=new va;i.push(n);const s=6!==this.keyPacket.version;return ie(F.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=O){const n=await ne(e),i=(await va.fromBinary(n.data,yo,r)).findPacket(F.packet.signature);if(!i||i.signatureType!==F.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,F.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw z.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=O){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=O){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=O){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=O){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{po.prototype[e]=lo.prototype[e]}));class Ao extends po{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([F.packet.secretKey,F.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=O){const t=6!==this.keyPacket.version;return ie(F.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class wo extends Ao{constructor(e){if(super(),this.packetListToStructure(e,new Set([F.packet.publicKey,F.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new va,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case F.packet.secretKey:{const t=Fa.fromSecretKeyPacket(r);e.push(t);break}case F.packet.secretSubkey:{const t=za.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new Ao(e)}armor(e=O){const t=6!==this.keyPacket.version;return ie(F.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=O){const i=this.keyPacket,s=[];let a=null;for(let r=0;re.isDecrypted()))}async validate(e=O){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=F.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=O){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await to(i,[],this.keyPacket,{signatureType:F.signature.keyRevocation,reasonForRevocationFlag:F.write(F.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...O,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}function a(){const e={};e.keyFlags=[F.keyFlags.certifyKeys|F.keyFlags.signData];const t=s([F.symmetric.aes256,F.symmetric.aes128],n.preferredSymmetricAlgorithm);if(e.preferredSymmetricAlgorithms=t,n.aeadProtect){const r=s([F.aead.gcm,F.aead.eax,F.aead.ocb],n.preferredAEADAlgorithm);e.preferredCipherSuites=r.flatMap((e=>t.map((t=>[t,e]))))}return e.preferredHashAlgorithms=s([F.hash.sha256,F.hash.sha512,F.hash.sha3_256,F.hash.sha3_512],n.preferredHashAlgorithm),e.preferredCompressionAlgorithms=s([F.compression.uncompressed,F.compression.zlib,F.compression.zip],n.preferredCompressionAlgorithm),e.features=[0],e.features[0]|=F.features.modificationDetection,n.aeadProtect&&(e.features[0]|=F.features.seipdv2),r.keyExpirationTime>0&&(e.keyExpirationTime=r.keyExpirationTime,e.keyNeverExpires=!1),e}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=F.signature.key;const o=await to(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=qa.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=F.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await to(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await eo(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await to(o,[],e,{signatureType:F.signature.keyRevocation,reasonForRevocationFlag:F.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new wo(i)}const Eo=/*#__PURE__*/z.constructAllowedPackets([fa,Ia,La,xa,Ha,Ta,Na,ka,wa]),vo=/*#__PURE__*/z.constructAllowedPackets([Na]),Bo=/*#__PURE__*/z.constructAllowedPackets([wa]);class Io{constructor(e){this.packets=e||new va}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(F.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(F.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(F.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=O){const s=this.packets.filterByTag(F.packet.symmetricallyEncryptedData,F.packet.symEncryptedIntegrityProtectedData,F.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let h=null;const u=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!z.isUint8Array(t)||!a.cipherAlgorithm&&!z.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||F.write(F.symmetric,e);await a.decrypt(r,t,i)}catch(e){z.printDebugError(e),h=e}})));if(R(a.encrypted),a.encrypted=null,await u,!a.packets||!a.packets.length)throw h||Error("Decryption failed.");const l=new Io(a.packets);return a.packets=new va,l}async decryptSessionKeys(e,t,r,n=new Date,i=O){let s,a=[];if(t){const e=this.packets.filterByTag(F.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await va.fromBinary(e.write(),vo,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){z.printDebugError(e),e instanceof ys&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(F.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[F.symmetric.aes256,F.symmetric.aes128,F.symmetric.tripledes,F.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===F.publicKey.rsaEncrypt||t.publicKeyAlgorithm===F.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===F.publicKey.rsaSign||t.publicKeyAlgorithm===F.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Ta;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:ls.generateSessionKey(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){z.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(F.write(F.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){z.printDebugError(e),s=e}})))}))),R(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+z.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&F.read(F.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(F.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(F.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(F.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=O){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=O){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?i.every((e=>e.features&&e.features[0]&F.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:F.symmetric.aes128,aeadAlgo:F.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:F.aead.ocb},{symmetricAlgo:F.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=F.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=F.read(F.symmetric,i),o=s?F.read(F.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===F.publicKey.x25519||e.keyPacket.algorithm===F.publicKey.x448)&&!o&&!z.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ls.generateSessionKey(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=O){if(r){if(!z.isUint8Array(r.data)||!z.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Io.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Io.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:h,aeadAlgorithm:u}=r,l=await Io.encryptSessionKey(c,h,u,e,t,n,i,s,a,o),y=xa.fromObject({version:u?2:1,aeadAlgorithm:u?F.write(F.aead,u):null});y.packets=this.packets;const f=F.write(F.symmetric,h);return await y.encrypt(f,c,o),l.packets.push(y),y.packets=new va,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],h=O){const u=new va,l=F.write(F.symmetric,t),y=r&&F.write(F.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,h),i=Ta.fromObject({version:y?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));u.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new Na(h);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,h),h.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,y,t))));u.push(...s)}return new Io(u)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=O){const h=new va,u=this.packets.findPacket(F.packet.literalData);if(!u)throw Error("No literal data packet to sign.");const l=await So(u,e,t,r,n,i,s,a,o,!1,c),y=l.map(((e,t)=>ka.fromSignaturePacket(e,0===t))).reverse();return h.push(...y),h.push(u),h.push(...l),new Io(h)}compress(e,t=O){if(e===F.compression.uncompressed)return this;const r=new Ia(t);r.algorithm=e,r.packets=this.packets;const n=new va;return n.push(r),new Io(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=O){const h=this.packets.findPacket(F.packet.literalData);if(!h)throw Error("No literal data packet to sign.");return new Ya(await So(h,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=O){const n=this.unwrapCompressed(),i=n.packets.filterByTag(F.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");y(n.packets.stream)&&n.packets.push(...await Q(n.packets.stream,(e=>e||[])));const s=n.packets.filterByTag(F.packet.onePassSignature).reverse(),a=n.packets.filterByTag(F.packet.signature);return s.length&&!a.length&&z.isStream(n.packets.stream)&&!y(n.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=L((async()=>(await e.correspondingSig).signatureData)),e.hashed=Q(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),n.packets.stream=K(n.packets.stream,(async(e,t)=>{const r=T(e),n=M(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await n.abort(e)}})),Ko(s,i,e,t,!1,r)):Ko(a,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=O){const i=this.unwrapCompressed().packets.filterByTag(F.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return Ko(e.packets.filterByTag(F.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(F.packet.compressedData);return e.length?new Io(e[0].packets):this}async appendSignature(e,t=O){await this.packets.read(z.isUint8Array(e)?e:(await ne(e)).data,Bo,t)}write(){return this.packets.write()}armor(e=O){const t=this.packets[this.packets.length-1],r=t.constructor.tag===xa.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===wa.tag&&6!==e.version));return ie(F.armor.message,this.write(),null,null,null,r,e)}}async function So(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],h=!1,u=O){const l=new va,y=null===e.text?F.signature.binary:F.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const f=await t.getSigningKey(i[n],s,l,u);return to(e,r.length?r:[t],f.keyPacket,{signatureType:y},s,o,c,h,u)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(F.packet.signature);l.push(...e)}return l}async function Ko(e,t,r,n=new Date,i=!1,s=O){return Promise.all(e.filter((function(e){return["text","binary"].includes(F.read(F.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=O){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof ka?e.correspondingSig:e,h={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new va;return e&&t.push(e),new Ya(t)})()};return h.signature.catch((()=>{})),h.verified.catch((()=>{})),h}(e,t,r,n,i,s)})))}const Co=/*#__PURE__*/z.constructAllowedPackets([wa]);class Po{constructor(e,t){if(this.text=z.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Ya))throw Error("Invalid signature input");this.signature=t||new Ya(new va)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=O){const h=new fa;h.setText(this.text);const u=new Ya(await So(h,e,t,r,n,i,s,a,o,!0,c));return new Po(this.text,u)}verify(e,t=new Date,r=O){const n=this.signature.packets.filterByTag(F.packet.signature),i=new fa;return i.setText(this.text),Ko(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=O){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>F.read(F.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return ie(F.armor.signed,r,void 0,void 0,void 0,t,e)}}function Do(e){if(!(e instanceof Io))throw Error("Parameter [message] needs to be of type Message")}function Uo(e){if(!(e instanceof Po||e instanceof Io))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function xo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Qo=Object.keys(O).length;function Ro(e){const t=Object.keys(e);if(t.length!==Qo)for(const e of t)if(void 0===O[e])throw Error("Unknown config property: "+e)}function Lo(e){return e&&!z.isArray(e)&&(e=[e]),e}async function To(e){return"array"===z.isStream(e)?Q(e):e}function Mo(e,t){e.data=K(t.packets.stream,(async(t,r)=>{await v(e.data,r,{preventClose:!0});const n=M(r);try{await Q(t,(e=>e)),await n.close()}catch(e){await n.abort(e)}}))}function No(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}function Fo(e){if(!Number.isSafeInteger(e)||e<0)throw Error("positive integer expected, not "+e)}function Oo(e,...t){if(!((r=e)instanceof Uint8Array||null!=r&&"object"==typeof r&&"Uint8Array"===r.constructor.name))throw Error("Uint8Array expected");var r;if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Ho(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function zo(e,t){Oo(e);const r=t.outputLen;if(e.lengthnew DataView(e.buffer,e.byteOffset,e.byteLength),jo=(e,t)=>e<<32-t|e>>>t,qo=(e,t)=>e<>>32-t>>>0,Vo=68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]; +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Jo(e){for(let r=0;r>>8&65280|t>>>24&255;var t}function Yo(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}function Wo(e){return"string"==typeof e&&(e=Yo(e)),Oo(e),e}function Zo(...e){let t=0;for(let r=0;re().update(Wo(t)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function ec(e=32){if(_o&&"function"==typeof _o.getRandomValues)return _o.getRandomValues(new Uint8Array(e));if(_o&&"function"==typeof _o.randomBytes)return _o.randomBytes(e);throw Error("crypto.getRandomValues must be defined")}const tc=(e,t,r)=>e&t^~e&r,rc=(e,t,r)=>e&t^e&r^t&r;class nc extends $o{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=Go(this.buffer)}update(e){Ho(this);const{view:t,buffer:r,blockLen:n}=this,i=(e=Wo(e)).length;for(let s=0;sn-s&&(this.process(r,0),s=0);for(let e=s;e>i&s),o=Number(r&s),c=n?4:0,h=n?0:4;e.setUint32(t+c,a,n),e.setUint32(t+h,o,n)}(r,n-8,BigInt(8*this.length),i),this.process(r,0);const a=Go(e),o=this.outputLen;if(o%4)throw Error("_sha2: outputLen should be aligned to 32bit");const c=o/4,h=this.get();if(c>h.length)throw Error("_sha2: outputLen bigger than state");for(let e=0;e>>3,i=jo(r,17)^jo(r,19)^r>>>10;ac[e]=i+ac[e-7]+n+ac[e-16]|0}let{A:r,B:n,C:i,D:s,E:a,F:o,G:c,H:h}=this;for(let e=0;e<64;e++){const t=h+(jo(a,6)^jo(a,11)^jo(a,25))+tc(a,o,c)+ic[e]+ac[e]|0,u=(jo(r,2)^jo(r,13)^jo(r,22))+rc(r,n,i)|0;h=c,c=o,o=a,a=s+t|0,s=i,i=n,n=r,r=t+u|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,s=s+this.D|0,a=a+this.E|0,o=o+this.F|0,c=c+this.G|0,h=h+this.H|0,this.set(r,n,i,s,a,o,c,h)}roundClean(){ac.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}}class cc extends oc{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}const hc=/* @__PURE__ */Xo((()=>new oc)),uc=/* @__PURE__ */Xo((()=>new cc));class lc extends $o{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,function(e){if("function"!=typeof e||"function"!=typeof e.create)throw Error("Hash should be wrapped by utils.wrapConstructor");Fo(e.outputLen),Fo(e.blockLen)}(e);const r=Wo(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const n=this.blockLen,i=new Uint8Array(n);i.set(r.length>n?e.create().update(r).digest():r);for(let e=0;enew lc(e,t).update(r).digest();yc.create=(e,t)=>new lc(e,t) +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const fc=/* @__PURE__ */BigInt(0),gc=/* @__PURE__ */BigInt(1),pc=/* @__PURE__ */BigInt(2);function dc(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Ac(e){if(!dc(e))throw Error("Uint8Array expected")}function wc(e,t){if("boolean"!=typeof t)throw Error(`${e} must be valid boolean, got "${t}".`)}const mc=/* @__PURE__ */Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function bc(e){Ac(e);let t="";for(let r=0;r=vc._0&&e<=vc._9?e-vc._0:e>=vc._A&&e<=vc._F?e-(vc._A-10):e>=vc._a&&e<=vc._f?e-(vc._a-10):void 0}function Ic(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);const t=e.length,r=t/2;if(t%2)throw Error("padded hex string expected, got unpadded hex of length "+t);const n=new Uint8Array(r);for(let t=0,i=0;t"bigint"==typeof e&&fc<=e;function Qc(e,t,r){return xc(e)&&xc(t)&&xc(r)&&t<=e&&efc;e>>=gc,t+=1);return t}const Tc=e=>(pc<new Uint8Array(e),Nc=e=>Uint8Array.from(e);function Fc(e,t,r){if("number"!=typeof e||e<2)throw Error("hashLen must be a number");if("number"!=typeof t||t<2)throw Error("qByteLen must be a number");if("function"!=typeof r)throw Error("hmacFn must be a function");let n=Mc(e),i=Mc(e),s=0;const a=()=>{n.fill(1),i.fill(0),s=0},o=(...e)=>r(i,n,...e),c=(e=Mc())=>{i=o(Nc([0]),e),n=o(),0!==e.length&&(i=o(Nc([1]),e),n=o())},h=()=>{if(s++>=1e3)throw Error("drbg: tried 1000 values");let e=0;const r=[];for(;e{let r;for(a(),c(e);!(r=t(h()));)c();return a(),r}}const Oc={bigint:e=>"bigint"==typeof e,function:e=>"function"==typeof e,boolean:e=>"boolean"==typeof e,string:e=>"string"==typeof e,stringOrUint8Array:e=>"string"==typeof e||dc(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>"function"==typeof e&&Number.isSafeInteger(e.outputLen)};function Hc(e,t,r={}){const n=(t,r,n)=>{const i=Oc[r];if("function"!=typeof i)throw Error(`Invalid validator "${r}", expected function`);const s=e[t];if(!(n&&void 0===s||i(s,e)))throw Error(`Invalid param ${t+""}=${s} (${typeof s}), expected ${r}`)};for(const[e,r]of Object.entries(t))n(e,r,!1);for(const[e,t]of Object.entries(r))n(e,t,!0);return e}function zc(e){const t=new WeakMap;return(r,...n)=>{const i=t.get(r);if(void 0!==i)return i;const s=e(r,...n);return t.set(r,s),s}}var _c=/*#__PURE__*/Object.freeze({__proto__:null,aInRange:Rc,abool:wc,abytes:Ac,bitGet:function(e,t){return e>>BigInt(t)&gc},bitLen:Lc,bitMask:Tc,bitSet:function(e,t,r){return e|(r?gc:fc)<{throw Error("not implemented")},numberToBytesBE:Cc,numberToBytesLE:Pc,numberToHexUnpadded:kc,numberToVarBytesBE:function(e){return Ic(kc(e))},utf8ToBytes:function(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))},validateObject:Hc}); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Gc=BigInt(0),jc=BigInt(1),qc=BigInt(2),Vc=BigInt(3),Jc=BigInt(4),Yc=BigInt(5),Wc=BigInt(8);function Zc(e,t){const r=e%t;return r>=Gc?r:t+r}function $c(e,t,r){if(r<=Gc||t 0");if(r===jc)return Gc;let n=jc;for(;t>Gc;)t&jc&&(n=n*e%r),e=e*e%r,t>>=jc;return n}function Xc(e,t,r){let n=e;for(;t-- >Gc;)n*=n,n%=r;return n}function eh(e,t){if(e===Gc||t<=Gc)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=Zc(e,t),n=t,i=Gc,s=jc;for(;r!==Gc;){const e=n%r,t=i-s*(n/r);n=r,r=e,i=s,s=t}if(n!==jc)throw Error("invert: does not exist");return Zc(i,t)}function th(e){if(e%Jc===Vc){const t=(e+jc)/Jc;return function(e,r){const n=e.pow(r,t);if(!e.eql(e.sqr(n),r))throw Error("Cannot find square root");return n}}if(e%Wc===Yc){const t=(e-Yc)/Wc;return function(e,r){const n=e.mul(r,qc),i=e.pow(n,t),s=e.mul(r,i),a=e.mul(e.mul(s,qc),i),o=e.mul(s,e.sub(a,e.ONE));if(!e.eql(e.sqr(o),r))throw Error("Cannot find square root");return o}}return function(e){const t=(e-jc)/qc;let r,n,i;for(r=e-jc,n=0;r%qc===Gc;r/=qc,n++);for(i=qc;i 0, got "+e);const{nBitLength:i,nByteLength:s}=nh(e,t);if(s>2048)throw Error("Field lengths over 2048 bytes are not supported");const a=th(e),o=Object.freeze({ORDER:e,BITS:i,BYTES:s,MASK:Tc(i),ZERO:Gc,ONE:jc,create:t=>Zc(t,e),isValid:t=>{if("bigint"!=typeof t)throw Error("Invalid field element: expected bigint, got "+typeof t);return Gc<=t&&te===Gc,isOdd:e=>(e&jc)===jc,neg:t=>Zc(-t,e),eql:(e,t)=>e===t,sqr:t=>Zc(t*t,e),add:(t,r)=>Zc(t+r,e),sub:(t,r)=>Zc(t-r,e),mul:(t,r)=>Zc(t*r,e),pow:(e,t)=>function(e,t,r){if(r 0");if(r===Gc)return e.ONE;if(r===jc)return t;let n=e.ONE,i=t;for(;r>Gc;)r&jc&&(n=e.mul(n,i)),i=e.sqr(i),r>>=jc;return n}(o,e,t),div:(t,r)=>Zc(t*eh(r,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>eh(t,e),sqrt:n.sqrt||(e=>a(o,e)),invertBatch:e=>function(e,t){const r=Array(t.length),n=t.reduce(((t,n,i)=>e.is0(n)?t:(r[i]=t,e.mul(t,n))),e.ONE),i=e.inv(n);return t.reduceRight(((t,n,i)=>e.is0(n)?t:(r[i]=e.mul(t,r[i]),e.mul(t,n))),i),r}(o,e),cmov:(e,t,r)=>r?t:e,toBytes:e=>r?Pc(e,s):Cc(e,s),fromBytes:e=>{if(e.length!==s)throw Error(`Fp.fromBytes: expected ${s}, got ${e.length}`);return r?Kc(e):Sc(e)}});return Object.freeze(o)}function sh(e){if("bigint"!=typeof e)throw Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function ah(e){const t=sh(e);return t+Math.ceil(t/2)} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const oh=BigInt(0),ch=BigInt(1),hh=new WeakMap,uh=new WeakMap;function lh(e,t){const r=(e,t)=>{const r=t.negate();return e?r:t},n=e=>{if(!Number.isSafeInteger(e)||e<=0||e>t)throw Error(`Wrong window size=${e}, should be [1..${t}]`)},i=e=>{n(e);return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1)}};return{constTimeNegate:r,unsafeLadder(t,r){let n=e.ZERO,i=t;for(;r>oh;)r&ch&&(n=n.add(i)),i=i.double(),r>>=ch;return n},precomputeWindow(e,t){const{windows:r,windowSize:n}=i(t),s=[];let a=e,o=a;for(let e=0;e>=y,i>o&&(i-=l,s+=ch);const a=t,f=t+Math.abs(i)-1,g=e%2!=0,p=i<0;0===i?h=h.add(r(g,n[a])):c=c.add(r(p,n[f]))}return{p:c,f:h}},wNAFCached(e,t,r){const n=uh.get(e)||1;let i=hh.get(e);return i||(i=this.precomputeWindow(e,n),1!==n&&hh.set(e,r(i))),this.wNAF(n,i,t)},setWindowSize(e,t){n(t),uh.set(e,t),hh.delete(e)}}}function yh(e,t,r,n){if(!Array.isArray(r)||!Array.isArray(n)||n.length!==r.length)throw Error("arrays of points and scalars must have equal length");n.forEach(((e,r)=>{if(!t.isValid(e))throw Error("wrong scalar at index "+r)})),r.forEach(((t,r)=>{if(!(t instanceof e))throw Error("wrong point at index "+r)}));const i=Lc(BigInt(r.length)),s=i>12?i-3:i>4?i-2:i?2:1,a=(1<=0;t-=s){o.fill(e.ZERO);for(let e=0;e>BigInt(t)&BigInt(a));o[s]=o[s].add(r[e])}let i=e.ZERO;for(let t=o.length-1,r=e.ZERO;t>0;t--)r=r.add(o[t]),i=i.add(r);if(h=h.add(i),0!==t)for(let e=0;e(e[t]="function",e)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"})),Hc(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...nh(e.n,e.nBitLength),...e,p:e.Fp.ORDER})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function gh(e){void 0!==e.lowS&&wc("lowS",e.lowS),void 0!==e.prehash&&wc("prehash",e.prehash)}const{bytesToNumberBE:ph,hexToBytes:dh}=_c,Ah={Err:class extends Error{constructor(e=""){super(e)}},_tlv:{encode:(e,t)=>{const{Err:r}=Ah;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(1&t.length)throw new r("tlv.encode: unpadded data");const n=t.length/2,i=kc(n);if(i.length/2&128)throw new r("tlv.encode: long form length too big");const s=n>127?kc(i.length/2|128):"";return`${kc(e)}${s}${i}${t}`},decode(e,t){const{Err:r}=Ah;let n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");const i=t[n++];let s=0;if(!!(128&i)){const e=127&i;if(!e)throw new r("tlv.decode(long): indefinite length not supported");if(e>4)throw new r("tlv.decode(long): byte length is too big");const a=t.subarray(n,n+e);if(a.length!==e)throw new r("tlv.decode: length bytes not complete");if(0===a[0])throw new r("tlv.decode(long): zero leftmost byte");for(const e of a)s=s<<8|e;if(n+=e,s<128)throw new r("tlv.decode(long): not minimal encoding")}else s=i;const a=t.subarray(n,n+s);if(a.length!==s)throw new r("tlv.decode: wrong value length");return{v:a,l:t.subarray(n+s)}}},_int:{encode(e){const{Err:t}=Ah;if(e{const i=t.toAffine();return Uc(Uint8Array.from([4]),r.toBytes(i.x),r.toBytes(i.y))}),s=t.fromBytes||(e=>{const t=e.subarray(1);return{x:r.fromBytes(t.subarray(0,r.BYTES)),y:r.fromBytes(t.subarray(r.BYTES,2*r.BYTES))}});function a(e){const{a:n,b:i}=t,s=r.sqr(e),a=r.mul(s,e);return r.add(r.add(a,r.mul(e,n)),i)}if(!r.eql(r.sqr(t.Gy),a(t.Gx)))throw Error("bad generator point: equation left != right");function o(e){const{allowedPrivateKeyLengths:r,nByteLength:n,wrapPrivateKey:i,n:s}=t;if(r&&"bigint"!=typeof e){if(dc(e)&&(e=bc(e)),"string"!=typeof e||!r.includes(e.length))throw Error("Invalid key");e=e.padStart(2*n,"0")}let a;try{a="bigint"==typeof e?e:Sc(Dc("private key",e,n))}catch(t){throw Error(`private key must be ${n} bytes, hex or bigint, not ${typeof e}`)}return i&&(a=Zc(a,s)),Rc("private key",a,mh,s),a}function c(e){if(!(e instanceof l))throw Error("ProjectivePoint expected")}const h=zc(((e,t)=>{const{px:n,py:i,pz:s}=e;if(r.eql(s,r.ONE))return{x:n,y:i};const a=e.is0();null==t&&(t=a?r.ONE:r.inv(s));const o=r.mul(n,t),c=r.mul(i,t),h=r.mul(s,t);if(a)return{x:r.ZERO,y:r.ZERO};if(!r.eql(h,r.ONE))throw Error("invZ was invalid");return{x:o,y:c}})),u=zc((e=>{if(e.is0()){if(t.allowInfinityPoint&&!r.is0(e.py))return;throw Error("bad point: ZERO")}const{x:n,y:i}=e.toAffine();if(!r.isValid(n)||!r.isValid(i))throw Error("bad point: x or y not FE");const s=r.sqr(i),o=a(n);if(!r.eql(s,o))throw Error("bad point: equation left != right");if(!e.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));class l{constructor(e,t,n){if(this.px=e,this.py=t,this.pz=n,null==e||!r.isValid(e))throw Error("x required");if(null==t||!r.isValid(t))throw Error("y required");if(null==n||!r.isValid(n))throw Error("z required");Object.freeze(this)}static fromAffine(e){const{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw Error("invalid affine point");if(e instanceof l)throw Error("projective point not allowed");const i=e=>r.eql(e,r.ZERO);return i(t)&&i(n)?l.ZERO:new l(t,n,r.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.pz)));return e.map(((e,r)=>e.toAffine(t[r]))).map(l.fromAffine)}static fromHex(e){const t=l.fromAffine(s(Dc("pointHex",e)));return t.assertValidity(),t}static fromPrivateKey(e){return l.BASE.multiply(o(e))}static msm(e,t){return yh(l,n,e,t)}_setWindowSize(e){f.setWindowSize(this,e)}assertValidity(){u(this)}hasEvenY(){const{y:e}=this.toAffine();if(r.isOdd)return!r.isOdd(e);throw Error("Field doesn't support isOdd")}equals(e){c(e);const{px:t,py:n,pz:i}=this,{px:s,py:a,pz:o}=e,h=r.eql(r.mul(t,o),r.mul(s,i)),u=r.eql(r.mul(n,o),r.mul(a,i));return h&&u}negate(){return new l(this.px,r.neg(this.py),this.pz)}double(){const{a:e,b:n}=t,i=r.mul(n,bh),{px:s,py:a,pz:o}=this;let c=r.ZERO,h=r.ZERO,u=r.ZERO,y=r.mul(s,s),f=r.mul(a,a),g=r.mul(o,o),p=r.mul(s,a);return p=r.add(p,p),u=r.mul(s,o),u=r.add(u,u),c=r.mul(e,u),h=r.mul(i,g),h=r.add(c,h),c=r.sub(f,h),h=r.add(f,h),h=r.mul(c,h),c=r.mul(p,c),u=r.mul(i,u),g=r.mul(e,g),p=r.sub(y,g),p=r.mul(e,p),p=r.add(p,u),u=r.add(y,y),y=r.add(u,y),y=r.add(y,g),y=r.mul(y,p),h=r.add(h,y),g=r.mul(a,o),g=r.add(g,g),y=r.mul(g,p),c=r.sub(c,y),u=r.mul(g,f),u=r.add(u,u),u=r.add(u,u),new l(c,h,u)}add(e){c(e);const{px:n,py:i,pz:s}=this,{px:a,py:o,pz:h}=e;let u=r.ZERO,y=r.ZERO,f=r.ZERO;const g=t.a,p=r.mul(t.b,bh);let d=r.mul(n,a),A=r.mul(i,o),w=r.mul(s,h),m=r.add(n,i),b=r.add(a,o);m=r.mul(m,b),b=r.add(d,A),m=r.sub(m,b),b=r.add(n,s);let k=r.add(a,h);return b=r.mul(b,k),k=r.add(d,w),b=r.sub(b,k),k=r.add(i,s),u=r.add(o,h),k=r.mul(k,u),u=r.add(A,w),k=r.sub(k,u),f=r.mul(g,b),u=r.mul(p,w),f=r.add(u,f),u=r.sub(A,f),f=r.add(A,f),y=r.mul(u,f),A=r.add(d,d),A=r.add(A,d),w=r.mul(g,w),b=r.mul(p,b),A=r.add(A,w),w=r.sub(d,w),w=r.mul(g,w),b=r.add(b,w),d=r.mul(A,b),y=r.add(y,d),d=r.mul(k,b),u=r.mul(m,u),u=r.sub(u,d),d=r.mul(m,A),f=r.mul(k,f),f=r.add(f,d),new l(u,y,f)}subtract(e){return this.add(e.negate())}is0(){return this.equals(l.ZERO)}wNAF(e){return f.wNAFCached(this,e,l.normalizeZ)}multiplyUnsafe(e){Rc("scalar",e,wh,t.n);const n=l.ZERO;if(e===wh)return n;if(e===mh)return this;const{endo:i}=t;if(!i)return f.unsafeLadder(this,e);let{k1neg:s,k1:a,k2neg:o,k2:c}=i.splitScalar(e),h=n,u=n,y=this;for(;a>wh||c>wh;)a&mh&&(h=h.add(y)),c&mh&&(u=u.add(y)),y=y.double(),a>>=mh,c>>=mh;return s&&(h=h.negate()),o&&(u=u.negate()),u=new l(r.mul(u.px,i.beta),u.py,u.pz),h.add(u)}multiply(e){const{endo:n,n:i}=t;let s,a;if(Rc("scalar",e,mh,i),n){const{k1neg:t,k1:i,k2neg:o,k2:c}=n.splitScalar(e);let{p:h,f:u}=this.wNAF(i),{p:y,f:g}=this.wNAF(c);h=f.constTimeNegate(t,h),y=f.constTimeNegate(o,y),y=new l(r.mul(y.px,n.beta),y.py,y.pz),s=h.add(y),a=u.add(g)}else{const{p:t,f:r}=this.wNAF(e);s=t,a=r}return l.normalizeZ([s,a])[0]}multiplyAndAddUnsafe(e,t,r){const n=l.BASE,i=(e,t)=>t!==wh&&t!==mh&&e.equals(n)?e.multiply(t):e.multiplyUnsafe(t),s=i(this,t).add(i(e,r));return s.is0()?void 0:s}toAffine(e){return h(this,e)}isTorsionFree(){const{h:e,isTorsionFree:r}=t;if(e===mh)return!0;if(r)return r(l,this);throw Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:e,clearCofactor:r}=t;return e===mh?this:r?r(l,this):this.multiplyUnsafe(t.h)}toRawBytes(e=!0){return wc("isCompressed",e),this.assertValidity(),i(l,this,e)}toHex(e=!0){return wc("isCompressed",e),bc(this.toRawBytes(e))}}l.BASE=new l(t.Gx,t.Gy,r.ONE),l.ZERO=new l(r.ZERO,r.ONE,r.ZERO);const y=t.nBitLength,f=lh(l,t.endo?Math.ceil(y/2):y);return{CURVE:t,ProjectivePoint:l,normPrivateKeyToScalar:o,weierstrassEquation:a,isWithinCurveOrder:function(e){return Qc(e,mh,t.n)}}}function Eh(e){const t=function(e){const t=fh(e);return Hc(t,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...t})}(e),{Fp:r,n}=t,i=r.BYTES+1,s=2*r.BYTES+1;function a(e){return Zc(e,n)}function o(e){return eh(e,n)}const{ProjectivePoint:c,normPrivateKeyToScalar:h,weierstrassEquation:u,isWithinCurveOrder:l}=kh({...t,toBytes(e,t,n){const i=t.toAffine(),s=r.toBytes(i.x),a=Uc;return wc("isCompressed",n),n?a(Uint8Array.from([t.hasEvenY()?2:3]),s):a(Uint8Array.from([4]),s,r.toBytes(i.y))},fromBytes(e){const t=e.length,n=e[0],a=e.subarray(1);if(t!==i||2!==n&&3!==n){if(t===s&&4===n){return{x:r.fromBytes(a.subarray(0,r.BYTES)),y:r.fromBytes(a.subarray(r.BYTES,2*r.BYTES))}}throw Error(`Point of length ${t} was invalid. Expected ${i} compressed bytes or ${s} uncompressed bytes`)}{const e=Sc(a);if(!Qc(e,mh,r.ORDER))throw Error("Point is not on curve");const t=u(e);let i;try{i=r.sqrt(t)}catch(e){const t=e instanceof Error?": "+e.message:"";throw Error("Point is not on curve"+t)}return!(1&~n)!==((i&mh)===mh)&&(i=r.neg(i)),{x:e,y:i}}}}),y=e=>bc(Cc(e,t.nByteLength));function f(e){return e>n>>mh}const g=(e,t,r)=>Sc(e.slice(t,r));class p{constructor(e,t,r){this.r=e,this.s=t,this.recovery=r,this.assertValidity()}static fromCompact(e){const r=t.nByteLength;return e=Dc("compactSignature",e,2*r),new p(g(e,0,r),g(e,r,2*r))}static fromDER(e){const{r:t,s:r}=Ah.toSig(Dc("DER",e));return new p(t,r)}assertValidity(){Rc("r",this.r,mh,n),Rc("s",this.s,mh,n)}addRecoveryBit(e){return new p(this.r,this.s,e)}recoverPublicKey(e){const{r:n,s:i,recovery:s}=this,h=m(Dc("msgHash",e));if(null==s||![0,1,2,3].includes(s))throw Error("recovery id invalid");const u=2===s||3===s?n+t.n:n;if(u>=r.ORDER)throw Error("recovery id 2 or 3 invalid");const l=1&s?"03":"02",f=c.fromHex(l+y(u)),g=o(u),p=a(-h*g),d=a(i*g),A=c.BASE.multiplyAndAddUnsafe(f,p,d);if(!A)throw Error("point at infinify");return A.assertValidity(),A}hasHighS(){return f(this.s)}normalizeS(){return this.hasHighS()?new p(this.r,a(-this.s),this.recovery):this}toDERRawBytes(){return Ic(this.toDERHex())}toDERHex(){return Ah.hexFromSig({r:this.r,s:this.s})}toCompactRawBytes(){return Ic(this.toCompactHex())}toCompactHex(){return y(this.r)+y(this.s)}}const d={isValidPrivateKey(e){try{return h(e),!0}catch(e){return!1}},normPrivateKeyToScalar:h,randomPrivateKey:()=>{const e=ah(t.n);return function(e,t,r=!1){const n=e.length,i=sh(t),s=ah(t);if(n<16||n1024)throw Error(`expected ${s}-1024 bytes of input, got ${n}`);const a=Zc(r?Sc(e):Kc(e),t-jc)+jc;return r?Pc(a,i):Cc(a,i)}(t.randomBytes(e),t.n)},precompute:(e=8,t=c.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)};function A(e){const t=dc(e),r="string"==typeof e,n=(t||r)&&e.length;return t?n===i||n===s:r?n===2*i||n===2*s:e instanceof c}const w=t.bits2int||function(e){const r=Sc(e),n=8*e.length-t.nBitLength;return n>0?r>>BigInt(n):r},m=t.bits2int_modN||function(e){return a(w(e))},b=Tc(t.nBitLength);function k(e){return Rc("num < 2^"+t.nBitLength,e,wh,b),Cc(e,t.nByteLength)}function E(e,n,i=v){if(["recovered","canonical"].some((e=>e in i)))throw Error("sign() legacy options not supported");const{hash:s,randomBytes:u}=t;let{lowS:y,prehash:g,extraEntropy:d}=i;null==y&&(y=!0),e=Dc("msgHash",e),gh(i),g&&(e=Dc("prehashed msgHash",s(e)));const A=m(e),b=h(n),E=[k(b),k(A)];if(null!=d&&!1!==d){const e=!0===d?u(r.BYTES):d;E.push(Dc("extraEntropy",e))}const B=Uc(...E),I=A;return{seed:B,k2sig:function(e){const t=w(e);if(!l(t))return;const r=o(t),n=c.BASE.multiply(t).toAffine(),i=a(n.x);if(i===wh)return;const s=a(r*a(I+i*b));if(s===wh)return;let h=(n.x===i?0:2)|Number(n.y&mh),u=s;return y&&f(s)&&(u=function(e){return f(e)?a(-e):e}(s),h^=1),new p(i,u,h)}}}const v={lowS:t.lowS,prehash:!1},B={lowS:t.lowS,prehash:!1};return c.BASE._setWindowSize(8),{CURVE:t,getPublicKey:function(e,t=!0){return c.fromPrivateKey(e).toRawBytes(t)},getSharedSecret:function(e,t,r=!0){if(A(e))throw Error("first arg must be private key");if(!A(t))throw Error("second arg must be public key");return c.fromHex(t).multiply(h(e)).toRawBytes(r)},sign:function(e,r,n=v){const{seed:i,k2sig:s}=E(e,r,n),a=t;return Fc(a.hash.outputLen,a.nByteLength,a.hmac)(i,s)},verify:function(e,r,n,i=B){const s=e;if(r=Dc("msgHash",r),n=Dc("publicKey",n),"strict"in i)throw Error("options.strict was renamed to lowS");gh(i);const{lowS:h,prehash:u}=i;let l,y;try{if("string"==typeof s||dc(s))try{l=p.fromDER(s)}catch(e){if(!(e instanceof Ah.Err))throw e;l=p.fromCompact(s)}else{if("object"!=typeof s||"bigint"!=typeof s.r||"bigint"!=typeof s.s)throw Error("PARSE");{const{r:e,s:t}=s;l=new p(e,t)}}y=c.fromHex(n)}catch(e){if("PARSE"===e.message)throw Error("signature must be Signature instance, Uint8Array or hex string");return!1}if(h&&l.hasHighS())return!1;u&&(r=t.hash(r));const{r:f,s:g}=l,d=m(r),A=o(g),w=a(d*A),b=a(f*A),k=c.BASE.multiplyAndAddUnsafe(y,w,b)?.toAffine();return!!k&&a(k.x)===f},ProjectivePoint:c,Signature:p,utils:d}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function vh(e){return{hash:e,hmac:(t,...r)=>yc(e,t,Zo(...r)),randomBytes:ec}}function Bh(e,t){const r=t=>Eh({...e,...vh(t)});return Object.freeze({...r(t),create:r})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */BigInt(4);const Ih=ih(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff")),Sh=Bh({a:Ih.create(BigInt("-3")),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Fp:Ih,n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),h:BigInt(1),lowS:!1},hc),Kh=/* @__PURE__ */BigInt(2**32-1),Ch=/* @__PURE__ */BigInt(32);function Ph(e,t=!1){return t?{h:Number(e&Kh),l:Number(e>>Ch&Kh)}:{h:0|Number(e>>Ch&Kh),l:0|Number(e&Kh)}}function Dh(e,t=!1){let r=new Uint32Array(e.length),n=new Uint32Array(e.length);for(let i=0;ie<>>32-r,xh=(e,t,r)=>t<>>32-r,Qh=(e,t,r)=>t<>>64-r,Rh=(e,t,r)=>e<>>64-r;const Lh={fromBig:Ph,split:Dh,toBig:(e,t)=>BigInt(e>>>0)<>>0),shrSH:(e,t,r)=>e>>>r,shrSL:(e,t,r)=>e<<32-r|t>>>r,rotrSH:(e,t,r)=>e>>>r|t<<32-r,rotrSL:(e,t,r)=>e<<32-r|t>>>r,rotrBH:(e,t,r)=>e<<64-r|t>>>r-32,rotrBL:(e,t,r)=>e>>>r-32|t<<64-r,rotr32H:(e,t)=>t,rotr32L:(e,t)=>e,rotlSH:Uh,rotlSL:xh,rotlBH:Qh,rotlBL:Rh,add:function(e,t,r,n){const i=(t>>>0)+(n>>>0);return{h:e+r+(i/2**32|0)|0,l:0|i}},add3L:(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),add3H:(e,t,r,n)=>t+r+n+(e/2**32|0)|0,add4L:(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),add4H:(e,t,r,n,i)=>t+r+n+i+(e/2**32|0)|0,add5H:(e,t,r,n,i,s)=>t+r+n+i+s+(e/2**32|0)|0,add5L:(e,t,r,n,i)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(i>>>0)},[Th,Mh]=/* @__PURE__ */(()=>Lh.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((e=>BigInt(e)))))(),Nh=/* @__PURE__ */new Uint32Array(80),Fh=/* @__PURE__ */new Uint32Array(80);class Oh extends nc{constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}get(){const{Ah:e,Al:t,Bh:r,Bl:n,Ch:i,Cl:s,Dh:a,Dl:o,Eh:c,El:h,Fh:u,Fl:l,Gh:y,Gl:f,Hh:g,Hl:p}=this;return[e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p]}set(e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p){this.Ah=0|e,this.Al=0|t,this.Bh=0|r,this.Bl=0|n,this.Ch=0|i,this.Cl=0|s,this.Dh=0|a,this.Dl=0|o,this.Eh=0|c,this.El=0|h,this.Fh=0|u,this.Fl=0|l,this.Gh=0|y,this.Gl=0|f,this.Hh=0|g,this.Hl=0|p}process(e,t){for(let r=0;r<16;r++,t+=4)Nh[r]=e.getUint32(t),Fh[r]=e.getUint32(t+=4);for(let e=16;e<80;e++){const t=0|Nh[e-15],r=0|Fh[e-15],n=Lh.rotrSH(t,r,1)^Lh.rotrSH(t,r,8)^Lh.shrSH(t,r,7),i=Lh.rotrSL(t,r,1)^Lh.rotrSL(t,r,8)^Lh.shrSL(t,r,7),s=0|Nh[e-2],a=0|Fh[e-2],o=Lh.rotrSH(s,a,19)^Lh.rotrBH(s,a,61)^Lh.shrSH(s,a,6),c=Lh.rotrSL(s,a,19)^Lh.rotrBL(s,a,61)^Lh.shrSL(s,a,6),h=Lh.add4L(i,c,Fh[e-7],Fh[e-16]),u=Lh.add4H(h,n,o,Nh[e-7],Nh[e-16]);Nh[e]=0|u,Fh[e]=0|h}let{Ah:r,Al:n,Bh:i,Bl:s,Ch:a,Cl:o,Dh:c,Dl:h,Eh:u,El:l,Fh:y,Fl:f,Gh:g,Gl:p,Hh:d,Hl:A}=this;for(let e=0;e<80;e++){const t=Lh.rotrSH(u,l,14)^Lh.rotrSH(u,l,18)^Lh.rotrBH(u,l,41),w=Lh.rotrSL(u,l,14)^Lh.rotrSL(u,l,18)^Lh.rotrBL(u,l,41),m=u&y^~u&g,b=l&f^~l&p,k=Lh.add5L(A,w,b,Mh[e],Fh[e]),E=Lh.add5H(k,d,t,m,Th[e],Nh[e]),v=0|k,B=Lh.rotrSH(r,n,28)^Lh.rotrBH(r,n,34)^Lh.rotrBH(r,n,39),I=Lh.rotrSL(r,n,28)^Lh.rotrBL(r,n,34)^Lh.rotrBL(r,n,39),S=r&i^r&a^i&a,K=n&s^n&o^s&o;d=0|g,A=0|p,g=0|y,p=0|f,y=0|u,f=0|l,({h:u,l}=Lh.add(0|c,0|h,0|E,0|v)),c=0|a,h=0|o,a=0|i,o=0|s,i=0|r,s=0|n;const C=Lh.add3L(v,I,K);r=Lh.add3H(C,E,B,S),n=0|C}({h:r,l:n}=Lh.add(0|this.Ah,0|this.Al,0|r,0|n)),({h:i,l:s}=Lh.add(0|this.Bh,0|this.Bl,0|i,0|s)),({h:a,l:o}=Lh.add(0|this.Ch,0|this.Cl,0|a,0|o)),({h:c,l:h}=Lh.add(0|this.Dh,0|this.Dl,0|c,0|h)),({h:u,l}=Lh.add(0|this.Eh,0|this.El,0|u,0|l)),({h:y,l:f}=Lh.add(0|this.Fh,0|this.Fl,0|y,0|f)),({h:g,l:p}=Lh.add(0|this.Gh,0|this.Gl,0|g,0|p)),({h:d,l:A}=Lh.add(0|this.Hh,0|this.Hl,0|d,0|A)),this.set(r,n,i,s,a,o,c,h,u,l,y,f,g,p,d,A)}roundClean(){Nh.fill(0),Fh.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class Hh extends Oh{constructor(){super(),this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const zh=/* @__PURE__ */Xo((()=>new Oh)),_h=/* @__PURE__ */Xo((()=>new Hh)),Gh=ih(BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff")),jh=Bh({a:Gh.create(BigInt("-3")),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Fp:Gh,n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),h:BigInt(1),lowS:!1},_h),qh=ih(BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")),Vh={a:qh.create(BigInt("-3")),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Fp:qh,n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"),h:BigInt(1)},Jh=Bh({a:Vh.a,b:Vh.b,Fp:qh,n:Vh.n,Gx:Vh.Gx,Gy:Vh.Gy,h:Vh.h,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},zh),Yh=[],Wh=[],Zh=[],$h=/* @__PURE__ */BigInt(0),Xh=/* @__PURE__ */BigInt(1),eu=/* @__PURE__ */BigInt(2),tu=/* @__PURE__ */BigInt(7),ru=/* @__PURE__ */BigInt(256),nu=/* @__PURE__ */BigInt(113);for(let e=0,t=Xh,r=1,n=0;e<24;e++){[r,n]=[n,(2*r+3*n)%5],Yh.push(2*(5*n+r)),Wh.push((e+1)*(e+2)/2%64);let i=$h;for(let e=0;e<7;e++)t=(t<>tu)*nu)%ru,t&eu&&(i^=Xh<<(Xh<r>32?Qh(e,t,r):Uh(e,t,r),ou=(e,t,r)=>r>32?Rh(e,t,r):xh(e,t,r);class cu extends $o{constructor(e,t,r,n=!1,i=24){if(super(),this.blockLen=e,this.suffix=t,this.outputLen=r,this.enableXOF=n,this.rounds=i,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,Fo(r),0>=this.blockLen||this.blockLen>=200)throw Error("Sha3 supports only keccak-f1600 function");var s;this.state=new Uint8Array(200),this.state32=(s=this.state,new Uint32Array(s.buffer,s.byteOffset,Math.floor(s.byteLength/4)))}keccak(){Vo||Jo(this.state32),function(e,t=24){const r=new Uint32Array(10);for(let n=24-t;n<24;n++){for(let t=0;t<10;t++)r[t]=e[t]^e[t+10]^e[t+20]^e[t+30]^e[t+40];for(let t=0;t<10;t+=2){const n=(t+8)%10,i=(t+2)%10,s=r[i],a=r[i+1],o=au(s,a,1)^r[n],c=ou(s,a,1)^r[n+1];for(let r=0;r<50;r+=10)e[t+r]^=o,e[t+r+1]^=c}let t=e[2],i=e[3];for(let r=0;r<24;r++){const n=Wh[r],s=au(t,i,n),a=ou(t,i,n),o=Yh[r];t=e[o],i=e[o+1],e[o]=s,e[o+1]=a}for(let t=0;t<50;t+=10){for(let n=0;n<10;n++)r[n]=e[t+n];for(let n=0;n<10;n++)e[t+n]^=~r[(n+2)%10]&r[(n+4)%10]}e[0]^=iu[n],e[1]^=su[n]}r.fill(0)}(this.state32,this.rounds),Vo||Jo(this.state32),this.posOut=0,this.pos=0}update(e){Ho(this);const{blockLen:t,state:r}=this,n=(e=Wo(e)).length;for(let i=0;i=r&&this.keccak();const s=Math.min(r-this.posOut,i-n);e.set(t.subarray(this.posOut,this.posOut+s),n),this.posOut+=s,n+=s}return e}xofInto(e){if(!this.enableXOF)throw Error("XOF is not possible for this instance");return this.writeInto(e)}xof(e){return Fo(e),this.xofInto(new Uint8Array(e))}digestInto(e){if(zo(e,this),this.finished)throw Error("digest() was already called");return this.writeInto(e),this.destroy(),e}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(e){const{blockLen:t,suffix:r,outputLen:n,rounds:i,enableXOF:s}=this;return e||(e=new cu(t,r,n,s,i)),e.state32.set(this.state32),e.pos=this.pos,e.posOut=this.posOut,e.finished=this.finished,e.rounds=i,e.suffix=r,e.outputLen=n,e.enableXOF=s,e.destroyed=this.destroyed,e}}const hu=(e,t,r)=>Xo((()=>new cu(t,e,r))),uu=/* @__PURE__ */hu(6,136,32),lu=/* @__PURE__ */hu(6,72,64),yu=/* @__PURE__ */((e,t,r)=>function(e){const t=(t,r)=>e(r).update(Wo(t)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=t=>e(t),t}(((n={})=>new cu(t,e,void 0===n.dkLen?r:n.dkLen,!0))))(31,136,32),fu=BigInt(0),gu=BigInt(1),pu=BigInt(2),du=BigInt(8),Au={zip215:!0};function wu(e){const t=function(e){const t=fh(e);return Hc(e,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...t})}(e),{Fp:r,n,prehash:i,hash:s,randomBytes:a,nByteLength:o,h:c}=t,h=pu<{try{return{isValid:!0,value:r.sqrt(e*r.inv(t))}}catch(e){return{isValid:!1,value:fu}}}),f=t.adjustScalarBytes||(e=>e),g=t.domain||((e,t,r)=>{if(wc("phflag",r),t.length||r)throw Error("Contexts/pre-hash are not supported");return e});function p(e,t){Rc("coordinate "+e,t,fu,h)}function d(e){if(!(e instanceof m))throw Error("ExtendedPoint expected")}const A=zc(((e,t)=>{const{ex:n,ey:i,ez:s}=e,a=e.is0();null==t&&(t=a?du:r.inv(s));const o=u(n*t),c=u(i*t),h=u(s*t);if(a)return{x:fu,y:gu};if(h!==gu)throw Error("invZ was invalid");return{x:o,y:c}})),w=zc((e=>{const{a:r,d:n}=t;if(e.is0())throw Error("bad point: ZERO");const{ex:i,ey:s,ez:a,et:o}=e,c=u(i*i),h=u(s*s),l=u(a*a),y=u(l*l),f=u(c*r);if(u(l*u(f+h))!==u(y+u(n*u(c*h))))throw Error("bad point: equation left != right (1)");if(u(i*s)!==u(a*o))throw Error("bad point: equation left != right (2)");return!0}));class m{constructor(e,t,r,n){this.ex=e,this.ey=t,this.ez=r,this.et=n,p("x",e),p("y",t),p("z",r),p("t",n),Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(e){if(e instanceof m)throw Error("extended point not allowed");const{x:t,y:r}=e||{};return p("x",t),p("y",r),new m(t,r,gu,u(t*r))}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.ez)));return e.map(((e,r)=>e.toAffine(t[r]))).map(m.fromAffine)}static msm(e,t){return yh(m,l,e,t)}_setWindowSize(e){E.setWindowSize(this,e)}assertValidity(){w(this)}equals(e){d(e);const{ex:t,ey:r,ez:n}=this,{ex:i,ey:s,ez:a}=e,o=u(t*a),c=u(i*n),h=u(r*a),l=u(s*n);return o===c&&h===l}is0(){return this.equals(m.ZERO)}negate(){return new m(u(-this.ex),this.ey,this.ez,u(-this.et))}double(){const{a:e}=t,{ex:r,ey:n,ez:i}=this,s=u(r*r),a=u(n*n),o=u(pu*u(i*i)),c=u(e*s),h=r+n,l=u(u(h*h)-s-a),y=c+a,f=y-o,g=c-a,p=u(l*f),d=u(y*g),A=u(l*g),w=u(f*y);return new m(p,d,w,A)}add(e){d(e);const{a:r,d:n}=t,{ex:i,ey:s,ez:a,et:o}=this,{ex:c,ey:h,ez:l,et:y}=e;if(r===BigInt(-1)){const e=u((s-i)*(h+c)),t=u((s+i)*(h-c)),r=u(t-e);if(r===fu)return this.double();const n=u(a*pu*y),f=u(o*pu*l),g=f+n,p=t+e,d=f-n,A=u(g*r),w=u(p*d),b=u(g*d),k=u(r*p);return new m(A,w,k,b)}const f=u(i*c),g=u(s*h),p=u(o*n*y),A=u(a*l),w=u((i+s)*(c+h)-f-g),b=A-p,k=A+p,E=u(g-r*f),v=u(w*b),B=u(k*E),I=u(w*E),S=u(b*k);return new m(v,B,S,I)}subtract(e){return this.add(e.negate())}wNAF(e){return E.wNAFCached(this,e,m.normalizeZ)}multiply(e){const t=e;Rc("scalar",t,gu,n);const{p:r,f:i}=this.wNAF(t);return m.normalizeZ([r,i])[0]}multiplyUnsafe(e){const t=e;return Rc("scalar",t,fu,n),t===fu?k:this.equals(k)||t===gu?this:this.equals(b)?this.wNAF(t).p:E.unsafeLadder(this,t)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}isTorsionFree(){return E.unsafeLadder(this,n).is0()}toAffine(e){return A(this,e)}clearCofactor(){const{h:e}=t;return e===gu?this:this.multiplyUnsafe(e)}static fromHex(e,n=!1){const{d:i,a:s}=t,a=r.BYTES;e=Dc("pointHex",e,a),wc("zip215",n);const o=e.slice(),c=e[a-1];o[a-1]=-129&c;const l=Kc(o),f=n?h:r.ORDER;Rc("pointHex.y",l,fu,f);const g=u(l*l),p=u(g-gu),d=u(i*g-s);let{isValid:A,value:w}=y(p,d);if(!A)throw Error("Point.fromHex: invalid y coordinate");const b=(w&gu)===gu,k=!!(128&c);if(!n&&w===fu&&k)throw Error("Point.fromHex: x=0 and x_0=1");return k!==b&&(w=u(-w)),m.fromAffine({x:w,y:l})}static fromPrivateKey(e){return I(e).point}toRawBytes(){const{x:e,y:t}=this.toAffine(),n=Pc(t,r.BYTES);return n[n.length-1]|=e&gu?128:0,n}toHex(){return bc(this.toRawBytes())}}m.BASE=new m(t.Gx,t.Gy,gu,u(t.Gx*t.Gy)),m.ZERO=new m(fu,gu,gu,fu);const{BASE:b,ZERO:k}=m,E=lh(m,8*o);function v(e){return Zc(e,n)}function B(e){return v(Kc(e))}function I(e){const t=o;e=Dc("private key",e,t);const r=Dc("hashed private key",s(e),2*t),n=f(r.slice(0,t)),i=r.slice(t,2*t),a=B(n),c=b.multiply(a),h=c.toRawBytes();return{head:n,prefix:i,scalar:a,point:c,pointBytes:h}}function S(e=new Uint8Array,...t){const r=Uc(...t);return B(s(g(r,Dc("context",e),!!i)))}const K=Au;b._setWindowSize(8);return{CURVE:t,getPublicKey:function(e){return I(e).pointBytes},sign:function(e,t,s={}){e=Dc("message",e),i&&(e=i(e));const{prefix:a,scalar:c,pointBytes:h}=I(t),u=S(s.context,a,e),l=b.multiply(u).toRawBytes(),y=v(u+S(s.context,l,h,e)*c);return Rc("signature.s",y,fu,n),Dc("result",Uc(l,Pc(y,r.BYTES)),2*o)},verify:function(e,t,n,s=K){const{context:a,zip215:o}=s,c=r.BYTES;e=Dc("signature",e,2*c),t=Dc("message",t),void 0!==o&&wc("zip215",o),i&&(t=i(t));const h=Kc(e.slice(c,2*c));let u,l,y;try{u=m.fromHex(n,o),l=m.fromHex(e.slice(0,c),o),y=b.multiplyUnsafe(h)}catch(e){return!1}if(!o&&u.isSmallOrder())return!1;const f=S(a,l.toRawBytes(),u.toRawBytes(),t);return l.add(u.multiplyUnsafe(f)).subtract(y).clearCofactor().equals(m.ZERO)},ExtendedPoint:m,utils:{getExtendedPublicKey:I,randomPrivateKey:()=>a(r.BYTES),precompute:(e=8,t=m.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)}}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const mu=BigInt(0),bu=BigInt(1);function ku(e){const t=(Hc(r=e,{a:"bigint"},{montgomeryBits:"isSafeInteger",nByteLength:"isSafeInteger",adjustScalarBytes:"function",domain:"function",powPminus2:"function",Gu:"bigint"}),Object.freeze({...r}));var r;const{P:n}=t,i=e=>Zc(e,n),s=t.montgomeryBits,a=Math.ceil(s/8),o=t.nByteLength,c=t.adjustScalarBytes||(e=>e),h=t.powPminus2||(e=>$c(e,n-BigInt(2),n));function u(e,t,r){const n=i(e*(t-r));return[t=i(t-n),r=i(r+n)]}const l=(t.a-BigInt(2))/BigInt(4);function y(e){return Pc(i(e),a)}function f(e,t){const r=function(e){const t=Dc("u coordinate",e,a);return 32===o&&(t[31]&=127),Kc(t)}(t),f=function(e){const t=Dc("scalar",e),r=t.length;if(r!==a&&r!==o)throw Error(`Expected ${a} or ${o} bytes, got ${r}`);return Kc(c(t))}(e),g=function(e,t){Rc("u",e,mu,n),Rc("scalar",t,mu,n);const r=t,a=e;let o,c=bu,y=mu,f=e,g=bu,p=mu;for(let e=BigInt(s-1);e>=mu;e--){const t=r>>e&bu;p^=t,o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1],p=t;const n=c+y,s=i(n*n),h=c-y,d=i(h*h),A=s-d,w=f+g,m=i((f-g)*n),b=i(w*h),k=m+b,E=m-b;f=i(k*k),g=i(a*i(E*E)),c=i(s*d),y=i(A*(s+i(l*A)))}o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1];const d=h(y);return i(c*d)}(r,f);if(g===mu)throw Error("Invalid private or public key received");return y(g)}const g=y(t.Gu);function p(e){return f(e,g)}return{scalarMult:f,scalarMultBase:p,getSharedSecret:(e,t)=>f(e,t),getPublicKey:e=>p(e),utils:{randomPrivateKey:()=>t.randomBytes(t.nByteLength)},GuBytes:g}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Eu=Xo((()=>yu.create({dkLen:114}))),vu=(Xo((()=>yu.create({dkLen:64}))),BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439")),Bu=BigInt(1),Iu=BigInt(2),Su=BigInt(3);BigInt(4);const Ku=BigInt(11),Cu=BigInt(22),Pu=BigInt(44),Du=BigInt(88),Uu=BigInt(223);function xu(e){const t=vu,r=e*e*e%t,n=r*r*e%t,i=Xc(n,Su,t)*n%t,s=Xc(i,Su,t)*n%t,a=Xc(s,Iu,t)*r%t,o=Xc(a,Ku,t)*a%t,c=Xc(o,Cu,t)*o%t,h=Xc(c,Pu,t)*c%t,u=Xc(h,Du,t)*h%t,l=Xc(u,Pu,t)*c%t,y=Xc(l,Iu,t)*r%t,f=Xc(y,Bu,t)*e%t;return Xc(f,Uu,t)*y%t}function Qu(e){return e[0]&=252,e[55]|=128,e[56]=0,e}const Ru=ih(vu,456,!0),Lu={a:BigInt(1),d:BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358"),Fp:Ru,n:BigInt("181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779"),nBitLength:456,h:BigInt(4),Gx:BigInt("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710"),Gy:BigInt("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660"),hash:Eu,randomBytes:ec,adjustScalarBytes:Qu,domain:(e,t,r)=>{if(t.length>255)throw Error("Context is too big: "+t.length);return Zo(Yo("SigEd448"),new Uint8Array([r?1:0,t.length]),t,e)},uvRatio:function(e,t){const r=vu,n=Zc(e*e*t,r),i=Zc(n*e,r),s=Zc(i*n*t,r),a=Zc(i*xu(s),r),o=Zc(a*a,r);return{isValid:Zc(o*t,r)===e,value:a}}},Tu=/* @__PURE__ */wu(Lu),Mu=/* @__PURE__ */(()=>ku({a:BigInt(156326),montgomeryBits:448,nByteLength:56,P:vu,Gu:BigInt(5),powPminus2:e=>{const t=vu;return Zc(Xc(xu(e),BigInt(2),t)*e,t)},adjustScalarBytes:Qu,randomBytes:ec}))();Ru.ORDER,BigInt(3),BigInt(4),BigInt(156326),BigInt("39082"),BigInt("78163"),BigInt("98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214"),BigInt("315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716"),BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const Nu=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),Fu=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),Ou=BigInt(1),Hu=BigInt(2),zu=(e,t)=>(e+t/Hu)/t;const _u=ih(Nu,void 0,void 0,{sqrt:function(e){const t=Nu,r=BigInt(3),n=BigInt(6),i=BigInt(11),s=BigInt(22),a=BigInt(23),o=BigInt(44),c=BigInt(88),h=e*e*e%t,u=h*h*e%t,l=Xc(u,r,t)*u%t,y=Xc(l,r,t)*u%t,f=Xc(y,Hu,t)*h%t,g=Xc(f,i,t)*f%t,p=Xc(g,s,t)*g%t,d=Xc(p,o,t)*p%t,A=Xc(d,c,t)*d%t,w=Xc(A,o,t)*p%t,m=Xc(w,r,t)*u%t,b=Xc(m,a,t)*g%t,k=Xc(b,n,t)*h%t,E=Xc(k,Hu,t);if(!_u.eql(_u.sqr(E),e))throw Error("Cannot find square root");return E}}),Gu=Bh({a:BigInt(0),b:BigInt(7),Fp:_u,n:Fu,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const t=Fu,r=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),n=-Ou*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=r,a=BigInt("0x100000000000000000000000000000000"),o=zu(s*e,t),c=zu(-n*e,t);let h=Zc(e-o*r-c*i,t),u=Zc(-o*n-c*s,t);const l=h>a,y=u>a;if(l&&(h=t-h),y&&(u=t-u),h>a||u>a)throw Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:l,k1:h,k2neg:y,k2:u}}}},hc);BigInt(0),Gu.ProjectivePoint;const ju=ih(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),qu=Bh({a:ju.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:ju,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},hc),Vu=ih(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),Ju=Bh({a:Vu.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:Vu,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},_h),Yu=ih(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),Wu=Bh({a:Yu.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:Yu,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},zh),Zu=new Map(Object.entries({nistP256:Sh,nistP384:jh,nistP521:Jh,brainpoolP256r1:qu,brainpoolP384r1:Ju,brainpoolP512r1:Wu,secp256k1:Gu,x448:Mu,ed448:Tu}));var $u=/*#__PURE__*/Object.freeze({__proto__:null,nobleCurves:Zu});function Xu(e,t,r,n,i,s){const a=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],h=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],u=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],y=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],f=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let g,p,d,A,w,m,b,k,E,v,B=0,I=t.length;const S=32===e.length?3:9;k=3===S?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e){const t=8-e.length%8;let r;if(!(t<8)){if(8===t)return e;throw Error("des: invalid padding")}r=0;const n=new Uint8Array(e.length+t);for(let t=0;t>>4^b),b^=d,m^=d<<4,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,m=m<<1|m>>>31,b=b<<1|b>>>31,p=0;p>>4|b<<28)^e[g+1],d=m,m=b,b=d^(o[A>>>24&63]|h[A>>>16&63]|l[A>>>8&63]|f[63&A]|a[w>>>24&63]|c[w>>>16&63]|u[w>>>8&63]|y[63&w]);d=m,m=b,b=d}m=m>>>1|m<<31,b=b>>>1|b<<31,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=252645135&(m>>>4^b),b^=d,m^=d<<4,K[C++]=m>>>24,K[C++]=m>>>16&255,K[C++]=m>>>8&255,K[C++]=255&m,K[C++]=b>>>24,K[C++]=b>>>16&255,K[C++]=b>>>8&255,K[C++]=255&b}return r||(K=function(e){let t,r=null;if(t=0,!r){for(r=1;e[e.length-r]===t;)r++;r--}return e.subarray(0,e.length-r)}(K)),K}function el(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],i=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],s=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],a=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],h=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],u=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],y=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],f=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],g=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],p=e.length>8?3:1,d=Array(32*p),A=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let w,m,b,k=0,E=0;for(let v=0;v>>4^v),v^=b,p^=b<<4,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=858993459&(p>>>2^v),v^=b,p^=b<<2,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=16711935&(v>>>8^p),p^=b,v^=b<<8,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=p<<8|v>>>20&240,p=v<<24|v<<8&16711680|v>>>8&65280|v>>>24&240,v=b;for(let e=0;e<16;e++)A[e]?(p=p<<2|p>>>26,v=v<<2|v>>>26):(p=p<<1|p>>>27,v=v<<1|v>>>27),p&=-15,v&=-15,w=t[p>>>28]|r[p>>>24&15]|n[p>>>20&15]|i[p>>>16&15]|s[p>>>12&15]|a[p>>>8&15]|o[p>>>4&15],m=c[v>>>28]|h[v>>>24&15]|u[v>>>20&15]|l[v>>>16&15]|y[v>>>12&15]|f[v>>>8&15]|g[v>>>4&15],b=65535&(m>>>16^w),d[E++]=w^b,d[E++]=m^b<<16}return d}function tl(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Xu(el(this.key[2]),Xu(el(this.key[1]),Xu(el(this.key[0]),e,!0),!1),!0)}}function rl(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>>16&255,t[s+6]=o>>>8&255,t[s+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>16&255,t[s+6]=o>>8&255,t[s+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const n=t+e,i=n<>>32-r;return(s[0][i>>>24]^s[1][i>>>16&255])-s[2][i>>>8&255]+s[3][255&i]}function n(e,t,r){const n=t^e,i=n<>>32-r;return s[0][i>>>24]-s[1][i>>>16&255]+s[2][i>>>8&255]^s[3][255&i]}function i(e,t,r){const n=t-e,i=n<>>32-r;return(s[0][i>>>24]+s[1][i>>>16&255]^s[2][i>>>8&255])-s[3][255&i]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const n=[,,,,,,,,],i=Array(32);let a;for(let e=0;e<4;e++)a=4*e,n[e]=r[a]<<24|r[a+1]<<16|r[a+2]<<8|r[a+3];const o=[6,7,4,5];let c,h=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(a=0;a<4;a++){const t=e[r][a];c=n[t[1]],c^=s[4][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=s[5][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=s[6][n[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=s[7][n[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=s[o[a]][n[t[6]>>>2]>>>24-8*(3&t[6])&255],n[t[0]]=c}for(a=0;a<4;a++){const e=t[r][a];c=s[4][n[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=s[5][n[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=s[6][n[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=s[7][n[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=s[4+a][n[e[4]>>>2]>>>24-8*(3&e[4])&255],i[h]=c,h++}}for(let e=0;e<16;e++)this.masking[e]=i[e],this.rotate[e]=31&i[16+e]};const s=[,,,,,,,,];s[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],s[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],s[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],s[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],s[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],s[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],s[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],s[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function nl(e){this.cast5=new rl,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}tl.keySize=tl.prototype.keySize=24,tl.blockSize=tl.prototype.blockSize=8,nl.blockSize=nl.prototype.blockSize=8,nl.keySize=nl.prototype.keySize=16;const il=4294967295;function sl(e,t){return(e<>>32-t)&il}function al(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function ol(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function cl(e,t){return e>>>8*t&255}function hl(e){this.tf=function(){let e=null,t=null,r=-1,n=[],i=[[],[],[],[]];function s(e){return i[0][cl(e,0)]^i[1][cl(e,1)]^i[2][cl(e,2)]^i[3][cl(e,3)]}function a(e){return i[0][cl(e,3)]^i[1][cl(e,0)]^i[2][cl(e,1)]^i[3][cl(e,2)]}function o(e,t){let r=s(t[0]),i=a(t[1]);t[2]=sl(t[2]^r+i+n[4*e+8]&il,31),t[3]=sl(t[3],1)^r+2*i+n[4*e+9]&il,r=s(t[2]),i=a(t[3]),t[0]=sl(t[0]^r+i+n[4*e+10]&il,31),t[1]=sl(t[1],1)^r+2*i+n[4*e+11]&il}function c(e,t){let r=s(t[0]),i=a(t[1]);t[2]=sl(t[2],1)^r+i+n[4*e+10]&il,t[3]=sl(t[3]^r+2*i+n[4*e+11]&il,31),r=s(t[2]),i=a(t[3]),t[0]=sl(t[0],1)^r+i+n[4*e+8]&il,t[1]=sl(t[1]^r+2*i+n[4*e+9]&il,31)}return{name:"twofish",blocksize:16,open:function(t){let r,s,a,o,c;e=t;const h=[],u=[],l=[];let y;const f=[];let g,p,d;const A=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],m=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],b=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],k=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],E=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],v=[[],[]],B=[[],[],[],[]];function I(e){return e^e>>2^[0,90,180,238][3&e]}function S(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function K(e,t){let r,n,i;for(r=0;r<8;r++)n=t>>>24,t=t<<8&il|e>>>24,e=e<<8&il,i=n<<1,128&n&&(i^=333),t^=n^i<<16,i^=n>>>1,1&n&&(i^=166),t^=i<<24|i<<8;return t}function C(e,t){const r=t>>4,n=15&t,i=A[e][r^n],s=w[e][k[n]^E[r]];return b[e][k[s]^E[i]]<<4|m[e][i^s]}function P(e,t){let r=cl(e,0),n=cl(e,1),i=cl(e,2),s=cl(e,3);switch(y){case 4:r=v[1][r]^cl(t[3],0),n=v[0][n]^cl(t[3],1),i=v[0][i]^cl(t[3],2),s=v[1][s]^cl(t[3],3);case 3:r=v[1][r]^cl(t[2],0),n=v[1][n]^cl(t[2],1),i=v[0][i]^cl(t[2],2),s=v[0][s]^cl(t[2],3);case 2:r=v[0][v[0][r]^cl(t[1],0)]^cl(t[0],0),n=v[0][v[1][n]^cl(t[1],1)]^cl(t[0],1),i=v[1][v[0][i]^cl(t[1],2)]^cl(t[0],2),s=v[1][v[1][s]^cl(t[1],3)]^cl(t[0],3)}return B[0][r]^B[1][n]^B[2][i]^B[3][s]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=al(e,r);for(r=0;r<256;r++)v[0][r]=C(0,r),v[1][r]=C(1,r);for(r=0;r<256;r++)g=v[1][r],p=I(g),d=S(g),B[0][r]=g+(p<<8)+(d<<16)+(d<<24),B[2][r]=p+(d<<8)+(g<<16)+(d<<24),g=v[0][r],p=I(g),d=S(g),B[1][r]=d+(d<<8)+(p<<16)+(g<<24),B[3][r]=p+(g<<8)+(d<<16)+(p<<24);for(y=l.length/2,r=0;r=0;e--)c(e,s);ol(t,r,s[2]^n[0]),ol(t,r+4,s[3]^n[1]),ol(t,r+8,s[0]^n[2]),ol(t,r+12,s[1]^n[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function ul(){}function ll(e){this.bf=new ul,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}hl.keySize=hl.prototype.keySize=32,hl.blockSize=hl.prototype.blockSize=16,ul.prototype.BLOCKSIZE=8,ul.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],ul.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],ul.prototype.NN=16,ul.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},ul.prototype._F=function(e){let t;const r=255&e,n=255&(e>>>=8),i=255&(e>>>=8),s=255&(e>>>=8);return t=this.sboxes[0][s]+this.sboxes[1][i],t^=this.sboxes[2][n],t+=this.sboxes[3][r],t},ul.prototype._encryptBlock=function(e){let t,r=e[0],n=e[1];for(t=0;t>>24-8*t&255,i[t+n]=r[1]>>>24-8*t&255;return i},ul.prototype._decryptBlock=function(e){let t,r=e[0],n=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],n=this._F(r)^n;const e=r;r=n,n=e}r^=this.parray[1],n^=this.parray[0],e[0]=this._clean(n),e[1]=this._clean(r)},ul.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^n}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const n=[0,0];for(t=0;tnew dl)),wl=/* @__PURE__ */new Uint8Array([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),ml=/* @__PURE__ */new Uint8Array(Array(16).fill(0).map(((e,t)=>t))),bl=/* @__PURE__ */ml.map((e=>(9*e+5)%16));let kl=[ml],El=[bl];for(let e=0;e<4;e++)for(let t of[kl,El])t.push(t[e].map((e=>wl[e])));const vl=/* @__PURE__ */[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map((e=>new Uint8Array(e))),Bl=/* @__PURE__ */kl.map(((e,t)=>e.map((e=>vl[t][e])))),Il=/* @__PURE__ */El.map(((e,t)=>e.map((e=>vl[t][e])))),Sl=/* @__PURE__ */new Uint32Array([0,1518500249,1859775393,2400959708,2840853838]),Kl=/* @__PURE__ */new Uint32Array([1352829926,1548603684,1836072691,2053994217,0]);function Cl(e,t,r,n){return 0===e?t^r^n:1===e?t&r|~t&n:2===e?(t|~r)^n:3===e?t&n|r&~n:t^(r|~n)}const Pl=/* @__PURE__ */new Uint32Array(16);class Dl extends nc{constructor(){super(64,20,8,!0),this.h0=1732584193,this.h1=-271733879,this.h2=-1732584194,this.h3=271733878,this.h4=-1009589776}get(){const{h0:e,h1:t,h2:r,h3:n,h4:i}=this;return[e,t,r,n,i]}set(e,t,r,n,i){this.h0=0|e,this.h1=0|t,this.h2=0|r,this.h3=0|n,this.h4=0|i}process(e,t){for(let r=0;r<16;r++,t+=4)Pl[r]=e.getUint32(t,!0);let r=0|this.h0,n=r,i=0|this.h1,s=i,a=0|this.h2,o=a,c=0|this.h3,h=c,u=0|this.h4,l=u;for(let e=0;e<5;e++){const t=4-e,y=Sl[e],f=Kl[e],g=kl[e],p=El[e],d=Bl[e],A=Il[e];for(let t=0;t<16;t++){const n=qo(r+Cl(e,i,a,c)+Pl[g[t]]+y,d[t])+u|0;r=u,u=c,c=0|qo(a,10),a=i,i=n}for(let e=0;e<16;e++){const r=qo(n+Cl(t,s,o,h)+Pl[p[e]]+f,A[e])+l|0;n=l,l=h,h=0|qo(o,10),o=s,s=r}}this.set(this.h1+a+h|0,this.h2+c+l|0,this.h3+u+n|0,this.h4+r+s|0,this.h0+i+o|0)}roundClean(){Pl.fill(0)}destroy(){this.destroyed=!0,this.buffer.fill(0),this.set(0,0,0,0,0)}}const Ul=new Map(Object.entries({sha1:Al,sha224:uc,sha256:hc,sha384:_h,sha512:zh,sha3_256:uu,sha3_512:lu,ripemd160:/* @__PURE__ */Xo((()=>new Dl))}));var xl=/*#__PURE__*/Object.freeze({__proto__:null,nobleHashes:Ul});function Ql(e,t,r,n){e[t]+=r[n],e[t+1]+=r[n+1]+(e[t]>>24^h<<8,e[n+1]=h>>>24^c<<8,Ql(e,r,e,n),Ql(e,r,t,o),c=e[s]^e[r],h=e[s+1]^e[r+1],e[s]=c>>>16^h<<16,e[s+1]=h>>>16^c<<16,Ql(e,i,e,s),c=e[n]^e[i],h=e[n+1]^e[i+1],e[n]=h>>>31^c<<1,e[n+1]=c>>>31^h<<1}const Tl=new Uint32Array([4089235720,1779033703,2227873595,3144134277,4271175723,1013904242,1595750129,2773480762,2917565137,1359893119,725511199,2600822924,4215389547,528734635,327033209,1541459225]),Ml=new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3].map((e=>2*e)));function Nl(e,t){const r=new Uint32Array(32),n=new Uint32Array(e.b.buffer,e.b.byteOffset,32);for(let t=0;t<16;t++)r[t]=e.h[t],r[t+16]=Tl[t];r[24]^=e.t0[0],r[25]^=e.t0[1];const i=t?4294967295:0;r[28]^=i,r[29]^=i;for(let e=0;e<12;e++){const t=e<<4;Ll(r,n,0,8,16,24,Ml[t+0],Ml[t+1]),Ll(r,n,2,10,18,26,Ml[t+2],Ml[t+3]),Ll(r,n,4,12,20,28,Ml[t+4],Ml[t+5]),Ll(r,n,6,14,22,30,Ml[t+6],Ml[t+7]),Ll(r,n,0,10,20,30,Ml[t+8],Ml[t+9]),Ll(r,n,2,12,22,24,Ml[t+10],Ml[t+11]),Ll(r,n,4,14,16,26,Ml[t+12],Ml[t+13]),Ll(r,n,6,8,18,28,Ml[t+14],Ml[t+15])}for(let t=0;t<16;t++)e.h[t]^=r[t]^r[t+16]}class Fl{constructor(e,t,r,n){const i=new Uint8Array(64);this.S={b:new Uint8Array(zl),h:new Uint32Array(Hl/4),t0:new Uint32Array(2),c:0,outlen:e},i[0]=e,t&&(i[1]=t.length),i[2]=1,i[3]=1,r&&i.set(r,32),n&&i.set(n,48);const s=new Uint32Array(i.buffer,i.byteOffset,i.length/Uint32Array.BYTES_PER_ELEMENT);for(let e=0;e<16;e++)this.S.h[e]=Tl[e]^s[e];if(t){const e=new Uint8Array(zl);e.set(t),this.update(e)}}update(e){if(!(e instanceof Uint8Array))throw Error("Input must be Uint8Array or Buffer");let t=0;for(;t>2]>>8*(3&e);return this.S.h=null,t.buffer}}function Ol(e,t,r,n){if(e>Hl)throw Error(`outlen must be at most ${Hl} (given: ${e})`);return new Fl(e,t,r,n)}const Hl=64,zl=128,_l=2,Gl=19,jl=4294967295,ql=4,Vl=4294967295,Jl=8,Yl=4294967295,Wl=8,Zl=4294967295,$l=4294967295,Xl=32,ey=1024,ty=64,ry=205===new Uint8Array(new Uint16Array([43981]).buffer)[0];function ny(e,t,r){return e[r+0]=t,e[r+1]=t>>8,e[r+2]=t>>16,e[r+3]=t>>24,e}function iy(e,t,r){if(t>Number.MAX_SAFE_INTEGER)throw Error("LE64: large numbers unsupported");let n=t;for(let t=r;t{if(tn)throw Error(`${e} size should be between ${r} and ${n} bytes`)};if(e!==_l||t!==Gl)throw Error("Unsupported type or version");return u("password",n,Wl,Yl),u("salt",i,Jl,Vl),u("tag",r,ql,jl),u("memory",c,8*o,Zl),s&&u("associated data",s,0,$l),a&&u("secret",a,0,Xl),{type:e,version:t,tagLength:r,password:n,salt:i,ad:s,secret:a,lanes:o,memorySize:c,passes:h}}({type:_l,version:Gl,...e}),{G:i,G2:s,xor:a,getLZ:o}=r.exports,c={},h={};h.G=i,h.G2=s,h.XOR=a;const u=4*n.lanes*Math.floor(n.memorySize/(4*n.lanes)),l=u*ey+10*uy;if(t.buffer.byteLength{r.set(e,n),n+=e.length})),r}(i));const s=t.digest();return new Uint8Array(s)}(n),m=u/n.lanes,b=Array(n.lanes).fill(null).map((()=>Array(m))),k=(e,t)=>(b[e][t]=d.subarray(e*m*1024+1024*t,e*m*1024+1024*t+ey),b[e][t]);for(let e=0;e0?b[i][c-1]:b[i][m-1],u=r?a.next().value:h;o(f.byteOffset,u.byteOffset,i,n.lanes,e,t,s,4,E);const l=f[0],y=f[1];0===e&&k(i,c),oy(g,h,b[l][y],e>0?p:b[i][c]),e>0&&ay(g,b[i][c],p,b[i][c])}}}const v=b[0][m-1];for(let e=1;eyy(e,{instance:n.instance,memory:r})}function py(e,t,r,n){return function(e,t){var r=WebAssembly.instantiate,n=WebAssembly.compile;return t?r(e,t):n(e)}(Buffer.from(r,"base64"),n)}var dy=/*#__PURE__*/Object.freeze({__proto__:null,default:async()=>gy((e=>py(0,0,"AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL",e)),(e=>py(0,0,"AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==",e)))}),Ay=[0,1,3,7,15,31,63,127,255],wy=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};wy.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},wy.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Ay[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var n=r-e;t|=(this.curByte&Ay[e]<>n,this.bitOffset+=e,e=0}}return t},wy.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},wy.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var my=wy,by=function(){};by.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},by.prototype.read=function(e,t,r){for(var n=0;n>>0},this.updateCRC=function(t){e=e<<8^ky[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^ky[255&(e>>>24^t)]}}),By=my,Iy=Ey,Sy=vy,Ky=function(e,t){var r,n=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=n,n},Cy={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},Py={};Py[Cy.LAST_BLOCK]="Bad file checksum",Py[Cy.NOT_BZIP_DATA]="Not bzip data",Py[Cy.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",Py[Cy.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",Py[Cy.DATA_ERROR]="Data error",Py[Cy.OUT_OF_MEMORY]="Out of memory",Py[Cy.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var Dy=function(e,t){var r=Py[e]||"unknown error";t&&(r+=": "+t);var n=new TypeError(r);throw n.errorCode=e,n},Uy=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};Uy.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Sy,!0):(this.writeCount=-1,!1)},Uy.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||Dy(Cy.NOT_BZIP_DATA,"bad magic");var n=r[3]-48;(n<1||n>9)&&Dy(Cy.NOT_BZIP_DATA,"level out of range"),this.reader=new By(e),this.dbufSize=1e5*n,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},Uy.prototype._get_next_block=function(){var e,t,r,n=this.reader,i=n.pi();if("177245385090"===i)return!1;"314159265359"!==i&&Dy(Cy.NOT_BZIP_DATA),this.targetBlockCRC=n.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,n.read(1)&&Dy(Cy.OBSOLETE_INPUT);var s=n.read(24);s>this.dbufSize&&Dy(Cy.DATA_ERROR,"initial position out of bounds");var a=n.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(a&1<<15-e){var h=16*e;for(r=n.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=h+t)}var u=n.read(3);(u<2||u>6)&&Dy(Cy.DATA_ERROR);var l=n.read(15);0===l&&Dy(Cy.DATA_ERROR);var y=new Uint8Array(256);for(e=0;e=u&&Dy(Cy.DATA_ERROR);f[e]=Ky(y,t)}var g,p=c+2,d=[];for(t=0;t20)&&Dy(Cy.DATA_ERROR),n.read(1);)n.read(1)?a--:a++;m[e]=a}for(A=w=m[0],e=1;ew?w=m[e]:m[e]=l&&Dy(Cy.DATA_ERROR),g=d[f[S++]]),e=g.minLen,t=n.read(e);e>g.maxLen&&Dy(Cy.DATA_ERROR),!(t<=g.limit[e]);e++)t=t<<1|n.read(1);((t-=g.base[e])<0||t>=258)&&Dy(Cy.DATA_ERROR);var C=g.permute[t];if(0!==C&&1!==C){if(B)for(B=0,I+a>this.dbufSize&&Dy(Cy.DATA_ERROR),E[v=o[y[0]]]+=a;a--;)K[I++]=v;if(C>c)break;I>=this.dbufSize&&Dy(Cy.DATA_ERROR),E[v=o[v=Ky(y,e=C-1)]]++,K[I++]=v}else B||(B=1,a=0),a+=0===C?B:2*B,B<<=1}for((s<0||s>=I)&&Dy(Cy.DATA_ERROR),t=0,e=0;e<256;e++)r=t+E[e],E[e]=t,t=r;for(e=0;e>=8,U=-1),this.writePos=P,this.writeCurrent=D,this.writeCount=I,this.writeRun=U,!0},Uy.prototype._read_bunzip=function(e,t){var r,n,i;if(this.writeCount<0)return 0;var s=this.dbuf,a=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var h=this.writeRun;c;){for(c--,n=o,o=255&(a=s[a]),a>>=8,3==h++?(r=o,i=n,o=-1):(r=1,i=o),this.blockCRC.updateCRCRun(i,r);r--;)this.outputStream.writeByte(i),this.nextoutput++;o!=n&&(h=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&Dy(Cy.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var xy=function(e){if("readByte"in e)return e;var t=new Iy;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},Qy=function(e){var t=new Iy,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var Ry={Bunzip:Uy,Stream:Iy,Err:Cy,decode:function(e,t,r){for(var n=xy(e),i=Qy(t),s=new Uy(n,i);!("eof"in n)||!n.eof();)if(s._init_block())s._read_bunzip();else{var a=s.reader.read(32)>>>0;if(a!==s.streamCRC&&Dy(Cy.DATA_ERROR,"Bad stream CRC (got "+s.streamCRC.toString(16)+" expected "+a.toString(16)+")"),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i)}if("getBuffer"in i)return i.getBuffer()},decodeBlock:function(e,t,r){var n=xy(e),i=Qy(r),s=new Uy(n,i);if(s.reader.seek(t),s._get_next_block()&&(s.blockCRC=new Sy,s.writeCopies=0,s._read_bunzip()),"getBuffer"in i)return i.getBuffer()},table:function(e,t,r){var n=new Iy;n.delegate=xy(e),n.pos=0,n.readByte=function(){return this.pos++,this.delegate.readByte()},n.delegate.eof&&(n.eof=n.delegate.eof.bind(n.delegate));var i=new Iy;i.pos=0,i.writeByte=function(){this.pos++};for(var s=new Uy(n,i),a=s.dbufSize;!("eof"in n)||!n.eof();){var o=8*n.pos+s.reader.bitOffset;if(s.reader.hasByte&&(o-=8),s._init_block()){var c=i.pos;s._read_bunzip(),t(o,i.pos-c)}else{if(s.reader.read(32),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i),console.assert(s.dbufSize===a,"shouldn't change block size within multistream file")}}}},Ly=/*#__PURE__*/s({__proto__:null},[Ry]);exports.AEADEncryptedDataPacket=La,exports.CleartextMessage=Po,exports.CompressedDataPacket=Ia,exports.LiteralDataPacket=fa,exports.MarkerPacket=class{static get tag(){return F.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}},exports.Message=Io,exports.OnePassSignaturePacket=ka,exports.PacketList=va,exports.PaddingPacket=class{static get tag(){return F.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await ls.random.getRandomBytes(e)}},exports.PrivateKey=wo,exports.PublicKey=Ao,exports.PublicKeyEncryptedSessionKeyPacket=Ta,exports.PublicKeyPacket=Fa,exports.PublicSubkeyPacket=za,exports.SecretKeyPacket=Ga,exports.SecretSubkeyPacket=Va,exports.Signature=Ya,exports.SignaturePacket=wa,exports.Subkey=lo,exports.SymEncryptedIntegrityProtectedDataPacket=xa,exports.SymEncryptedSessionKeyPacket=Na,exports.SymmetricallyEncryptedDataPacket=Ha,exports.TrustPacket=class{static get tag(){return F.packet.trust}read(){throw new Zn("Trust packets are not supported")}write(){throw new Zn("Trust packets are not supported")}},exports.UnparseablePacket=Xn,exports.UserAttributePacket=_a,exports.UserIDPacket=qa,exports.armor=ie,exports.config=O,exports.createCleartextMessage=async function({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!z.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Po(e)},exports.createMessage=async function({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!z.isString(e)&&!z.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!z.isUint8Array(t)&&!z.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=z.isStream(a),h=new fa(n);void 0!==e?h.setText(a,F.write(F.literal,i)):h.setBytes(a,F.write(F.literal,i)),void 0!==r&&h.setFilename(r);const u=new va;u.push(h);const l=new Io(u);return l.fromStream=c,l},exports.decrypt=async function({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:h,...u}){if(Ro(h={...O,...h}),Do(e),i=Lo(i),t=Lo(t),r=Lo(r),n=Lo(n),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(u.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const u=await e.decrypt(t,r,n,c,h);i||(i=[]);const l={};if(l.signatures=o?await u.verifyDetached(o,i,c,h):await u.verify(i,c,h),l.data="binary"===a?u.getLiteralData():u.getText(),l.filename=u.getFilename(),Mo(l,e),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=E([l.data,L((async()=>{await z.anyPromise(l.signatures.map((e=>e.verified)))}))])}return l.data=await To(l.data),l}catch(e){throw z.wrapError("Error decrypting message",e)}},exports.decryptKey=async function({privateKey:e,passphrase:t,config:r,...n}){Ro(r={...O,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=z.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>z.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),z.wrapError("Error decrypting private key",e)}},exports.decryptSessionKeys=async function({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if(Ro(i={...O,...i}),Do(e),t=Lo(t),r=Lo(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw z.wrapError("Error decrypting session keys",e)}},exports.encrypt=async function({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:h=[],date:u=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:f=[],config:g,...p}){if(Ro(g={...O,...g}),Do(e),xo(s),t=Lo(t),r=Lo(r),n=Lo(n),c=Lo(c),h=Lo(h),l=Lo(l),y=Lo(y),f=Lo(f),p.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(p.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(p.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==p.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const d=Object.keys(p);if(d.length>0)throw Error("Unknown option: "+d.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,u,l,h,f,g)),e=e.compress(await async function(e=[],t=new Date,r=[],n=O){const i=F.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,u,y,g),g),e=await e.encrypt(t,n,i,o,h,u,y,g),"object"===s)return e;const p="armored"===s?e.armor(g):e.write();return await To(p)}catch(e){throw z.wrapError("Error encrypting message",e)}},exports.encryptKey=async function({privateKey:e,passphrase:t,config:r,...n}){Ro(r={...O,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=z.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),z.wrapError("Error encrypting private key",e)}},exports.encryptSessionKey=async function({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:h=[],config:u,...l}){if(Ro(u={...O,...u}),function(e){if(!z.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!z.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),xo(s),n=Lo(n),i=Lo(i),o=Lo(o),h=Lo(h),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return No(await Io.encryptSessionKey(e,t,r,n,i,a,o,c,h,u),s,u)}catch(e){throw z.wrapError("Error encrypting session key",e)}},exports.enums=F,exports.generateKey=async function({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,keyExpirationTime:s=0,date:a=new Date,subkeys:o=[{}],format:c="armored",config:h,...u}){Ro(h={...O,...h}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=h.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=Lo(e);const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(0===e.length&&!h.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&iso(e.subkeys[r],e)));let r=[Za(e,t)];r=r.concat(e.subkeys.map((e=>Wa(e,t))));const n=await Promise.all(r),i=await ko(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(y,h);return e.getKeys().forEach((({keyPacket:e})=>ho(e,h))),{privateKey:No(e,c,h),publicKey:No(e.toPublic(),c,h),revocationCertificate:t}}catch(e){throw z.wrapError("Error generating keypair",e)}},exports.generateSessionKey=async function({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(Ro(n={...O,...n}),e=Lo(e),r=Lo(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Io.generateSessionKey(e,t,r,n)}catch(e){throw z.wrapError("Error generating session key",e)}},exports.readCleartextMessage=async function({cleartextMessage:e,config:t,...r}){if(t={...O,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!z.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await ne(e);if(i.type!==F.armor.signed)throw Error("No cleartext signed message.");const s=await va.fromBinary(i.data,Co,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return F.write(F.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new Ya(s);return new Po(i.text,a)},exports.readKey=async function({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...O,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!z.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!z.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await ne(e);if(t!==F.armor.publicKey&&t!==F.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await va.fromBinary(s,mo,r),o=a.indexOfTag(F.packet.publicKey,F.packet.secretKey);if(0===o.length)throw Error("No key packet found");return bo(a.slice(o[0],o[1]))},exports.readKeys=async function({armoredKeys:e,binaryKeys:t,config:r,...n}){r={...O,...r};let i=e||t;if(!i)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!z.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!z.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await ne(e);if(t!==F.armor.publicKey&&t!==F.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await va.fromBinary(i,mo,r),c=o.indexOfTag(F.packet.publicKey,F.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));const a=z.isStream(i);if(e){const{type:e,data:t}=await ne(i);if(e!==F.armor.message)throw Error("Armored text not of type message");i=t}const o=await va.fromBinary(i,Eo,r),c=new Io(o);return c.fromStream=a,c},exports.readPrivateKey=async function({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...O,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!z.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!z.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await ne(e);if(t!==F.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await va.fromBinary(s,mo,r),o=a.indexOfTag(F.packet.publicKey,F.packet.secretKey);for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await ne(i);if(e!==F.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await va.fromBinary(i,Ja,r);return new Ya(a)},exports.reformatKey=async function({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){Ro(a={...O,...a}),t=Lo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const h={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await $a(e.bindingSignatures,n,F.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&F.keyFlags.signData}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await ko(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=z.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(h,a);return{privateKey:No(e,s,a),publicKey:No(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw z.wrapError("Error reformatting keypair",e)}},exports.revokeKey=async function({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){Ro(s={...O,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:No(a,i,s),publicKey:No(a.toPublic(),i,s)}:{privateKey:null,publicKey:No(a,i,s)}}catch(e){throw z.wrapError("Error revoking key",e)}},exports.sign=async function({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:h=[],config:u,...l}){if(Ro(u={...O,...u}),Uo(e),xo(n),t=Lo(t),s=Lo(s),o=Lo(o),r=Lo(r),c=Lo(c),h=Lo(h),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Po&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,h,u):await e.sign(t,r,void 0,s,a,o,c,h,u),"object"===n)return l;return l="armored"===n?l.armor(u):l.write(),i&&(l=K(e.packets.write(),(async(e,t)=>{await Promise.all([v(l,t),Q(e).catch((()=>{}))])}))),await To(l)}catch(e){throw z.wrapError("Error signing message",e)}},exports.unarmor=ne,exports.verify=async function({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if(Ro(a={...O,...a}),Uo(e),t=Lo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Po&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&Mo(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=E([o.data,L((async()=>{await z.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await To(o.data),o}catch(e){throw z.wrapError("Error verifying signed message",e)}}; +//# sourceMappingURL=openpgp.min.cjs.map diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.cjs.map b/app/node_modules/openpgp/dist/node/openpgp.min.cjs.map new file mode 100644 index 000000000..57e3500cd --- /dev/null +++ b/app/node_modules/openpgp/dist/node/openpgp.min.cjs.map @@ -0,0 +1 @@ +{"version":3,"file":"openpgp.min.cjs","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/enums.js","../../src/config/config.js","../../src/util.js","../../src/encoding/base64.js","../../src/encoding/armor.js","../../src/crypto/cipher/index.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@noble/ciphers/esm/_assert.js","../../node_modules/@noble/ciphers/esm/utils.js","../../node_modules/@noble/ciphers/esm/_polyval.js","../../node_modules/@noble/ciphers/esm/aes.js","../../src/crypto/mode/cfb.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../../../src/crypto/biginteger.ts","../../src/crypto/random.js","../../../../src/crypto/public_key/prime.ts","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../node_modules/@openpgp/tweetnacl/crypto.js","../../node_modules/@openpgp/tweetnacl/nacl-fast.js","../../src/type/oid.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../src/type/s2k/argon2.js","../../src/type/s2k/generic.js","../../src/type/s2k/index.js","../../node_modules/fflate/esm/index.mjs","../../src/packet/literal_data.js","../../src/type/keyid.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js","../../node_modules/@noble/hashes/esm/_assert.js","../../node_modules/@noble/hashes/esm/cryptoNode.js","../../node_modules/@noble/hashes/esm/utils.js","../../node_modules/@noble/hashes/esm/_md.js","../../node_modules/@noble/hashes/esm/sha256.js","../../node_modules/@noble/hashes/esm/hmac.js","../../node_modules/@noble/curves/esm/abstract/utils.js","../../node_modules/@noble/curves/esm/abstract/modular.js","../../node_modules/@noble/curves/esm/abstract/curve.js","../../node_modules/@noble/curves/esm/abstract/weierstrass.js","../../node_modules/@noble/curves/esm/_shortw_utils.js","../../node_modules/@noble/curves/esm/p256.js","../../node_modules/@noble/hashes/esm/_u64.js","../../node_modules/@noble/hashes/esm/sha512.js","../../node_modules/@noble/curves/esm/p384.js","../../node_modules/@noble/curves/esm/p521.js","../../node_modules/@noble/hashes/esm/sha3.js","../../node_modules/@noble/curves/esm/abstract/edwards.js","../../node_modules/@noble/curves/esm/abstract/montgomery.js","../../node_modules/@noble/curves/esm/ed448.js","../../node_modules/@noble/curves/esm/secp256k1.js","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP256r1.ts","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP384r1.ts","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP512r1.ts","../../src/crypto/public_key/elliptic/noble_curves.js","../../src/crypto/cipher/des.js","../../src/crypto/cipher/cast5.js","../../src/crypto/cipher/twofish.js","../../src/crypto/cipher/blowfish.js","../../src/crypto/cipher/legacy_ciphers.js","../../node_modules/@noble/hashes/esm/sha1.js","../../node_modules/@noble/hashes/esm/ripemd160.js","../../src/crypto/hash/noble_hashes.js","../../node_modules/argon2id/lib/blake2b.js","../../node_modules/argon2id/lib/argon2id.js","../../node_modules/argon2id/lib/setup.js","../../node_modules/argon2id/index.js","../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js","../../src/packet/marker.js","../../src/packet/padding.js","../../src/packet/trust.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work\n Object.setPrototypeOf(this, ArrayStream.prototype);\n\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","/* eslint-disable no-prototype-builtins */\nimport { isArrayStream } from './writer.js';\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n // try and detect a node native stream without having to import its class\n if (input &&\n !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) &&\n typeof input._read === 'function' && typeof input._readableState === 'object') {\n throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`');\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isUint8Array, isStream, isArrayStream } from './util.js';\nimport * as streams from './streams.js';\n\nconst doneReadingSet = new WeakSet();\n/**\n * The external buffer is used to store values that have been peeked or unshifted from the original stream.\n * Because of how streams are implemented, such values cannot be \"put back\" in the original stream,\n * but they need to be returned first when reading from the input again.\n */\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = () => {};\n return;\n }\n let streamType = isStream(input);\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isStream, isArrayStream, isUint8Array, concatUint8Array } from './util.js';\nimport { Reader, externalBuffer } from './reader.js';\nimport { ArrayStream, Writer } from './writer.js';\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream.\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n }\n lastBytes = returnValue;\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input)) {\n return input.subarray(begin, end === Infinity ? input.length : end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n const cancelled = await input.cancel(reason);\n // the stream is not always cancelled at this point, so we wait some more\n await new Promise(setTimeout);\n return cancelled;\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n\nexport {\n ArrayStream,\n toStream,\n concatStream,\n concat,\n getReader,\n getWriter,\n pipe,\n transformRaw,\n transform,\n transformPair,\n parse,\n clone,\n passiveClone,\n slice,\n readToEnd,\n cancel,\n fromAsync\n};\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'nistP256': 'nistP256',\n /** @deprecated use `nistP256` instead */\n 'p256': 'nistP256',\n\n /** NIST P-384 Curve */\n 'nistP384': 'nistP384',\n /** @deprecated use `nistP384` instead */\n 'p384': 'nistP384',\n\n /** NIST P-521 Curve */\n 'nistP521': 'nistP521',\n /** @deprecated use `nistP521` instead */\n 'p521': 'nistP521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519Legacy',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519Legacy',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519Legacy',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519Legacy',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n argon2: 4,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11,\n sha3_256: 12,\n sha3_512: 14\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n gcm: 3,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n padding: 21\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuerKeyID: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34,\n preferredCipherSuites: 39\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4,\n seipdv2: 8\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha512,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * This option is applicable to:\n * - key generation (encryption key preferences),\n * - password-based message encryption, and\n * - private key encryption.\n * In the case of message encryption using public keys, the encryption key preferences are respected instead.\n * Note: not all OpenPGP implementations are compatible with this option.\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)\n * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,\n * this option must be set, otherwise key parsing and/or key decryption will fail.\n * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys\n * will be processed incorrectly.\n */\n parseAEADEncryptedV4KeysAsLegacy: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.gcm,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use v6 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v6Keys\n */\n v6Keys: false,\n /**\n * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet).\n * These are non-standard entities, which in the crypto-refresh have been superseded\n * by v6 keys and v6 signatures, respectively.\n * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries,\n * hence parsing them might be necessary in some cases.\n */\n enableParsingV5Entities: false,\n /**\n * S2K (String to Key) type, used for key derivation in the context of secret key encryption\n * and password-encrypted data. Weaker s2k options are not allowed.\n * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it\n * (pending standardisation).\n * @memberof module:config\n * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}\n */\n s2kType: enums.s2k.iterated,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:\n * Iteration Count Byte for Iterated and Salted S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.\n * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:\n * Argon2 parameters for S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.\n * Default settings correspond to the second recommendation from RFC9106 (\"uniformly safe option\"),\n * to ensure compatibility with memory-constrained environments.\n * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.\n * @memberof module:config\n * @property {Object} params\n * @property {Integer} params.passes - number of iterations t\n * @property {Integer} params.parallelism - degree of parallelism p\n * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.\n */\n s2kArgon2Params: {\n passes: 3,\n parallelism: 4, // lanes\n memoryExponent: 16 // 64 MiB of RAM\n },\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:\n * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL\n * (see https://efail.de/).\n * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.\n *\n * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n /**\n * Allow using keys that do not have any key flags set.\n * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages\n * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).\n * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.\n * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.\n */\n allowMissingKeyFlags: false,\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design).\n * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur\n * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of\n * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.\n * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases.\n */\n nonDeterministicSignaturesViaNotation: true,\n /**\n * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * @memberof module:config\n * @property {Boolean} useEllipticFallback\n */\n useEllipticFallback: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { createRequire } from 'module'; // Must be stripped in browser built\nimport enums from './enums';\nimport defaultConfig from './config';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n nodeRequire: createRequire(import.meta.url),\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n /**\n * Load noble-curves lib on demand and return the requested curve function\n * @param {enums.publicKey} publicKeyAlgo\n * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA)\n * @returns curve implementation\n * @throws on unrecognized curve, or curve not implemented by noble-curve\n */\n getNobleCurve: async (publicKeyAlgo, curveName) => {\n if (!defaultConfig.useEllipticFallback) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n\n const { nobleCurves } = await import('./crypto/public_key/elliptic/noble_curves');\n switch (publicKeyAlgo) {\n case enums.publicKey.ecdh:\n case enums.publicKey.ecdsa: {\n const curve = nobleCurves.get(curveName);\n if (!curve) throw new Error('Unsupported curve');\n return curve;\n }\n case enums.publicKey.x448:\n return nobleCurves.get('x448');\n case enums.publicKey.ed448:\n return nobleCurves.get('ed448');\n default:\n throw new Error('Unsupported curve');\n }\n },\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures,\n // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed\n // has not been authenticated (yet).\n // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues.\n // Also, AEAD is also not affected.\n return util.readExactSubarray(bytes, 2, 2 + bytelen);\n },\n\n /**\n * Read exactly `end - start` bytes from input.\n * This is a stricter version of `.subarray`.\n * @param {Uint8Array} input - Input data to parse\n * @returns {Uint8Array} subarray of size always equal to `end - start`\n * @throws if the input array is too short.\n */\n readExactSubarray: function (input, start, end) {\n if (input.length < (end - start)) {\n throw new Error('Input array too short');\n }\n return input.subarray(start, end);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n if (bytes.length > length) {\n throw new Error('Input array too long');\n }\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const hexAlphabet = '0123456789abcdef';\n let s = '';\n bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; });\n return s;\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography API.\n * @returns {Object} The SubtleCrypto API\n * @throws if the API is not available\n */\n getWebCrypto: function() {\n const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n // Fallback for Node 16, which does not expose WebCrypto as a global\n const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle;\n if (!webCrypto) {\n throw new Error('The WebCrypto API is not available');\n }\n return webCrypto;\n },\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return this.nodeRequire('crypto');\n },\n\n getNodeZlib: function() {\n return this.nodeRequire('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (this.nodeRequire('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = this.nodeRequire('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n /**\n * Test email format to ensure basic compliance:\n * - must include a single @\n * - no control or space unicode chars allowed\n * - no backslash and square brackets (as the latter can mess with the userID parsing)\n * - cannot end with a punctuation char\n * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation,\n * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)).\n */\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^[^\\p{C}\\p{Z}@<>\\\\]+@[^\\p{C}\\p{Z}@<>\\\\]+[^\\p{C}\\p{Z}\\p{P}]$/u;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n }\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n }\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n }\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n }\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n }\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n }\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Remove the (optional) checksum from an armored message.\n * @param {String} text - OpenPGP armored message\n * @returns {String} The body of the armored message.\n * @private\n */\nfunction removeChecksum(text) {\n let body = text;\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n }\n\n return body;\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n const data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== enums.armor.signed) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === enums.armor.signed) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const body = removeChecksum(parts[0].slice(0, -1));\n await writer.write(body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum\n * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug\n // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)\n const maybeBodyClone = emitChecksum && stream.passiveClone(body);\n\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push(hash ? `Hash: ${hash}\\n\\n` : '\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","import enums from '../../enums';\n\nexport async function getLegacyCipher(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n throw new Error('Not a legacy cipher');\n case enums.symmetric.cast5:\n case enums.symmetric.blowfish:\n case enums.symmetric.twofish:\n case enums.symmetric.tripledes: {\n const { legacyCiphers } = await import('./legacy_ciphers');\n const cipher = legacyCiphers.get(algo);\n if (!cipher) {\n throw new Error('Unsupported cipher algorithm');\n }\n return cipher;\n }\n default:\n throw new Error('Unsupported cipher algorithm');\n }\n}\n\n/**\n * Get block size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherBlockSize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 16;\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n case enums.symmetric.tripledes:\n return 8;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherKeySize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n return 16;\n case enums.symmetric.aes192:\n case enums.symmetric.tripledes:\n return 24;\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 32;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get block and key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nexport function getCipherParams(algo) {\n return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) };\n}\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction nobleHash(nobleHashName, webCryptoHashName) {\n const getNobleHash = async () => {\n const { nobleHashes } = await import('./noble_hashes');\n const hash = nobleHashes.get(nobleHashName);\n if (!hash) throw new Error('Unsupported hash');\n return hash;\n };\n\n return async function(data) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hash = await getNobleHash();\n\n const hashInstance = hash.create();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => hashInstance.digest());\n } else if (webCrypto && webCryptoHashName) {\n return new Uint8Array(await webCrypto.digest(webCryptoHashName, data));\n } else {\n const hash = await getNobleHash();\n\n return hash(data);\n }\n };\n}\n\nexport default {\n\n /** @see module:md5 */\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),\n sha224: nodeHash('sha224') || nobleHash('sha224'),\n sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),\n sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),\n sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),\n ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),\n sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),\n sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n case enums.hash.sha3_256:\n return this.sha3_256(data);\n case enums.hash.sha3_512:\n return this.sha3_512(data);\n default:\n throw new Error('Unsupported hash function');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n case enums.hash.sha3_256:\n return 32;\n case enums.hash.sha3_512:\n return 64;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(hash) {\n if (typeof hash !== 'function' || typeof hash.create !== 'function')\n throw new Error('hash must be wrapped by utils.wrapConstructor');\n number(hash.outputLen);\n number(hash.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\nimport { bytes as abytes, isBytes } from './_assert.js';\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u16 = (arr) => new Uint16Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 2));\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// big-endian hardware is rare. Just in case someone still decides to run ciphers:\n// early-throw an error because we don't support BE yet.\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\nif (!isLE)\n throw new Error('Non little-endian hardware is not supported');\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`string expected, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n else if (isBytes(data))\n data = copyBytes(data);\n else\n throw new Error(`Uint8Array expected, got ${typeof data}`);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n// For runtime check if class implements interface\nexport class Hash {\n}\n/**\n * @__NO_SIDE_EFFECTS__\n */\nexport const wrapCipher = (params, c) => {\n Object.assign(c, params);\n return c;\n};\n// Polyfill for Safari 14\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\nexport function u64Lengths(ciphertext, AAD) {\n const num = new Uint8Array(16);\n const view = createView(num);\n setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);\n setBigUint64(view, 8, BigInt(ciphertext.length), true);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n//# sourceMappingURL=utils.js.map","import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';\nimport { clean, copyBytes, createView, toBytes, u32 } from './utils.js';\n// GHash from AES-GCM and its little-endian \"mirror image\" Polyval from AES-SIV.\n// Implemented in terms of GHash with conversion function for keys\n// GCM GHASH from NIST SP800-38d, SIV from RFC 8452.\n// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf\n// GHASH modulo: x^128 + x^7 + x^2 + x + 1\n// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1\nconst BLOCK_SIZE = 16;\n// TODO: rewrite\n// temporary padding buffer\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\nconst ZEROS32 = u32(ZEROS16);\nconst POLY = 0xe1; // v = 2*v % POLY\n// v = 2*v % POLY\n// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x\n// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor)\nconst mul2 = (s0, s1, s2, s3) => {\n const hiBit = s3 & 1;\n return {\n s3: (s2 << 31) | (s3 >>> 1),\n s2: (s1 << 31) | (s2 >>> 1),\n s1: (s0 << 31) | (s1 >>> 1),\n s0: (s0 >>> 1) ^ ((POLY << 24) & -(hiBit & 1)), // reduce % poly\n };\n};\nconst swapLE = (n) => (((n >>> 0) & 0xff) << 24) |\n (((n >>> 8) & 0xff) << 16) |\n (((n >>> 16) & 0xff) << 8) |\n ((n >>> 24) & 0xff) |\n 0;\n/**\n * `mulX_POLYVAL(ByteReverse(H))` from spec\n * @param k mutated in place\n */\nexport function _toGHASHKey(k) {\n k.reverse();\n const hiBit = k[15] & 1;\n // k >>= 1\n let carry = 0;\n for (let i = 0; i < k.length; i++) {\n const t = k[i];\n k[i] = (t >>> 1) | carry;\n carry = (t & 1) << 7;\n }\n k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000;\n return k;\n}\nconst estimateWindow = (bytes) => {\n if (bytes > 64 * 1024)\n return 8;\n if (bytes > 1024)\n return 4;\n return 2;\n};\nclass GHASH {\n // We select bits per window adaptively based on expectedLength\n constructor(key, expectedLength) {\n this.blockLen = BLOCK_SIZE;\n this.outputLen = BLOCK_SIZE;\n this.s0 = 0;\n this.s1 = 0;\n this.s2 = 0;\n this.s3 = 0;\n this.finished = false;\n key = toBytes(key);\n abytes(key, 16);\n const kView = createView(key);\n let k0 = kView.getUint32(0, false);\n let k1 = kView.getUint32(4, false);\n let k2 = kView.getUint32(8, false);\n let k3 = kView.getUint32(12, false);\n // generate table of doubled keys (half of montgomery ladder)\n const doubles = [];\n for (let i = 0; i < 128; i++) {\n doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });\n ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));\n }\n const W = estimateWindow(expectedLength || 1024);\n if (![1, 2, 4, 8].includes(W))\n throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);\n this.W = W;\n const bits = 128; // always 128 bits;\n const windows = bits / W;\n const windowSize = (this.windowSize = 2 ** W);\n const items = [];\n // Create precompute table for window of W bits\n for (let w = 0; w < windows; w++) {\n // truth table: 00, 01, 10, 11\n for (let byte = 0; byte < windowSize; byte++) {\n // prettier-ignore\n let s0 = 0, s1 = 0, s2 = 0, s3 = 0;\n for (let j = 0; j < W; j++) {\n const bit = (byte >>> (W - j - 1)) & 1;\n if (!bit)\n continue;\n const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];\n (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3);\n }\n items.push({ s0, s1, s2, s3 });\n }\n }\n this.t = items;\n }\n _updateBlock(s0, s1, s2, s3) {\n (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3);\n const { W, t, windowSize } = this;\n // prettier-ignore\n let o0 = 0, o1 = 0, o2 = 0, o3 = 0;\n const mask = (1 << W) - 1; // 2**W will kill performance.\n let w = 0;\n for (const num of [s0, s1, s2, s3]) {\n for (let bytePos = 0; bytePos < 4; bytePos++) {\n const byte = (num >>> (8 * bytePos)) & 0xff;\n for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {\n const bit = (byte >>> (W * bitPos)) & mask;\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];\n (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3);\n w += 1;\n }\n }\n }\n this.s0 = o0;\n this.s1 = o1;\n this.s2 = o2;\n this.s3 = o3;\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n const left = data.length % BLOCK_SIZE;\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);\n clean(ZEROS32); // clean tmp buffer\n }\n return this;\n }\n destroy() {\n const { t } = this;\n // clean precompute table\n for (const elm of t) {\n (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0);\n }\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out;\n }\n digest() {\n const res = new Uint8Array(BLOCK_SIZE);\n this.digestInto(res);\n this.destroy();\n return res;\n }\n}\nclass Polyval extends GHASH {\n constructor(key, expectedLength) {\n key = toBytes(key);\n const ghKey = _toGHASHKey(copyBytes(key));\n super(ghKey, expectedLength);\n clean(ghKey);\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const left = data.length % BLOCK_SIZE;\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));\n clean(ZEROS32);\n }\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // tmp ugly hack\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out.reverse();\n }\n}\nfunction wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest();\n const tmp = hashCons(new Uint8Array(16), 0);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key, expectedLength) => hashCons(key, expectedLength);\n return hashC;\n}\nexport const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));\nexport const polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));\n//# sourceMappingURL=_polyval.js.map","// prettier-ignore\nimport { bytes as abytes } from './_assert.js';\nimport { ghash, polyval } from './_polyval.js';\nimport { clean, concatBytes, copyBytes, createView, equalBytes, isAligned32, setBigUint64, u32, u8, wrapCipher, } from './utils.js';\n/*\nAES (Advanced Encryption Standard) aka Rijndael block cipher.\n\nData is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round:\n1. **S-box**, table substitution\n2. **Shift rows**, cyclic shift left of all rows of data array\n3. **Mix columns**, multiplying every column by fixed polynomial\n4. **Add round key**, round_key xor i-th column of array\n\nResources:\n- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf\n- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf\n*/\nconst BLOCK_SIZE = 16;\nconst BLOCK_SIZE32 = 4;\nconst EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE);\nconst POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8\n// TODO: remove multiplication, binary ops only\nfunction mul2(n) {\n return (n << 1) ^ (POLY & -(n >> 7));\n}\nfunction mul(a, b) {\n let res = 0;\n for (; b > 0; b >>= 1) {\n // Montgomery ladder\n res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time).\n a = mul2(a); // a = 2*a\n }\n return res;\n}\n// AES S-box is generated using finite field inversion,\n// an affine transform, and xor of a constant 0x63.\nconst sbox = /* @__PURE__ */ (() => {\n const t = new Uint8Array(256);\n for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x))\n t[i] = x;\n const box = new Uint8Array(256);\n box[0] = 0x63; // first elm\n for (let i = 0; i < 255; i++) {\n let x = t[255 - i];\n x |= x << 8;\n box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff;\n }\n clean(t);\n return box;\n})();\n// Inverted S-box\nconst invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));\n// Rotate u32 by 8\nconst rotr32_8 = (n) => (n << 24) | (n >>> 8);\nconst rotl32_8 = (n) => (n << 8) | (n >>> 24);\n// The byte swap operation for uint32 (LE<->BE)\nconst byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes:\n// - LE instead of BE\n// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23;\n// so index is u16, instead of u8. This speeds up things, unexpectedly\nfunction genTtable(sbox, fn) {\n if (sbox.length !== 256)\n throw new Error('Wrong sbox length');\n const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j]));\n const T1 = T0.map(rotl32_8);\n const T2 = T1.map(rotl32_8);\n const T3 = T2.map(rotl32_8);\n const T01 = new Uint32Array(256 * 256);\n const T23 = new Uint32Array(256 * 256);\n const sbox2 = new Uint16Array(256 * 256);\n for (let i = 0; i < 256; i++) {\n for (let j = 0; j < 256; j++) {\n const idx = i * 256 + j;\n T01[idx] = T0[i] ^ T1[j];\n T23[idx] = T2[i] ^ T3[j];\n sbox2[idx] = (sbox[i] << 8) | sbox[j];\n }\n }\n return { sbox, sbox2, T0, T1, T2, T3, T01, T23 };\n}\nconst tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2));\nconst tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14));\nconst xPowers = /* @__PURE__ */ (() => {\n const p = new Uint8Array(16);\n for (let i = 0, x = 1; i < 16; i++, x = mul2(x))\n p[i] = x;\n return p;\n})();\nexport function expandKeyLE(key) {\n abytes(key);\n const len = key.length;\n if (![16, 24, 32].includes(len))\n throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);\n const { sbox2 } = tableEncoding;\n const toClean = [];\n if (!isAligned32(key))\n toClean.push((key = copyBytes(key)));\n const k32 = u32(key);\n const Nk = k32.length;\n const subByte = (n) => applySbox(sbox2, n, n, n, n);\n const xk = new Uint32Array(len + 28); // expanded key\n xk.set(k32);\n // 4.3.1 Key expansion\n for (let i = Nk; i < xk.length; i++) {\n let t = xk[i - 1];\n if (i % Nk === 0)\n t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1];\n else if (Nk > 6 && i % Nk === 4)\n t = subByte(t);\n xk[i] = xk[i - Nk] ^ t;\n }\n clean(...toClean);\n return xk;\n}\nexport function expandKeyDecLE(key) {\n const encKey = expandKeyLE(key);\n const xk = encKey.slice();\n const Nk = encKey.length;\n const { sbox2 } = tableEncoding;\n const { T0, T1, T2, T3 } = tableDecoding;\n // Inverse key by chunks of 4 (rounds)\n for (let i = 0; i < Nk; i += 4) {\n for (let j = 0; j < 4; j++)\n xk[i + j] = encKey[Nk - i - 4 + j];\n }\n clean(encKey);\n // apply InvMixColumn except first & last round\n for (let i = 4; i < Nk - 4; i++) {\n const x = xk[i];\n const w = applySbox(sbox2, x, x, x, x);\n xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24];\n }\n return xk;\n}\n// Apply tables\nfunction apply0123(T01, T23, s0, s1, s2, s3) {\n return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^\n T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]);\n}\nfunction applySbox(sbox2, s0, s1, s2, s3) {\n return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] |\n (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16));\n}\nfunction encrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableEncoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // last round (without mixcolumns, so using SBOX2 table)\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\n// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different\nfunction decrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableDecoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // Last round\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\nfunction getDst(len, dst) {\n if (dst === undefined)\n return new Uint8Array(len);\n abytes(dst);\n if (dst.length < len)\n throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);\n if (!isAligned32(dst))\n throw new Error('unaligned dst');\n return dst;\n}\n// TODO: investigate merging with ctr32\nfunction ctrCounter(xk, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const ctr = nonce;\n const c32 = u32(ctr);\n // Fill block (empty, ctr=0)\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n const src32 = u32(src);\n const dst32 = u32(dst);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n // Full 128 bit counter with wrap around\n let carry = 1;\n for (let i = ctr.length - 1; i >= 0; i--) {\n carry = (carry + (ctr[i] & 0xff)) | 0;\n ctr[i] = carry & 0xff;\n carry >>>= 8;\n }\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than block)\n // It's possible to handle > u32 fast, but is it worth it?\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n// AES CTR with overflowing 32 bit counter\n// It's possible to do 32le significantly simpler (and probably faster) by using u32.\n// But, we need both, and perf bottleneck is in ghash anyway.\nfunction ctr32(xk, isLE, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n dst = getDst(src.length, dst);\n const ctr = nonce; // write new value to nonce, so it can be re-used\n const c32 = u32(ctr);\n const view = createView(ctr);\n const src32 = u32(src);\n const dst32 = u32(dst);\n const ctrPos = isLE ? 0 : 12;\n const srcLen = src.length;\n // Fill block (empty, ctr=0)\n let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n ctrNum = (ctrNum + 1) >>> 0; // u32 wrap\n view.setUint32(ctrPos, ctrNum, isLE);\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than a block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n/**\n * CTR: counter mode. Creates stream cipher.\n * Requires good IV. Parallelizable. OK, but no MAC.\n */\nexport const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) {\n abytes(key);\n abytes(nonce, BLOCK_SIZE);\n function processCtr(buf, dst) {\n abytes(buf);\n if (dst !== undefined) {\n abytes(dst);\n if (!isAligned32(dst))\n throw new Error('unaligned destination');\n }\n const xk = expandKeyLE(key);\n const n = copyBytes(nonce); // align + avoid changing\n const toClean = [xk, n];\n if (!isAligned32(buf))\n toClean.push((buf = copyBytes(buf)));\n const out = ctrCounter(xk, n, buf, dst);\n clean(...toClean);\n return out;\n }\n return {\n encrypt: (plaintext, dst) => processCtr(plaintext, dst),\n decrypt: (ciphertext, dst) => processCtr(ciphertext, dst),\n };\n});\nfunction validateBlockDecrypt(data) {\n abytes(data);\n if (data.length % BLOCK_SIZE !== 0) {\n throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`);\n }\n}\nfunction validateBlockEncrypt(plaintext, pcks5, dst) {\n abytes(plaintext);\n let outLen = plaintext.length;\n const remaining = outLen % BLOCK_SIZE;\n if (!pcks5 && remaining !== 0)\n throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding');\n if (!isAligned32(plaintext))\n plaintext = copyBytes(plaintext);\n const b = u32(plaintext);\n if (pcks5) {\n let left = BLOCK_SIZE - remaining;\n if (!left)\n left = BLOCK_SIZE; // if no bytes left, create empty padding block\n outLen = outLen + left;\n }\n const out = getDst(outLen, dst);\n const o = u32(out);\n return { b, o, out };\n}\nfunction validatePCKS(data, pcks5) {\n if (!pcks5)\n return data;\n const len = data.length;\n if (!len)\n throw new Error('aes/pcks5: empty ciphertext not allowed');\n const lastByte = data[len - 1];\n if (lastByte <= 0 || lastByte > 16)\n throw new Error('aes/pcks5: wrong padding');\n const out = data.subarray(0, -lastByte);\n for (let i = 0; i < lastByte; i++)\n if (data[len - i - 1] !== lastByte)\n throw new Error('aes/pcks5: wrong padding');\n return out;\n}\nfunction padPCKS(left) {\n const tmp = new Uint8Array(16);\n const tmp32 = u32(tmp);\n tmp.set(left);\n const paddingByte = BLOCK_SIZE - left.length;\n for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++)\n tmp[i] = paddingByte;\n return tmp32;\n}\n/**\n * ECB: Electronic CodeBook. Simple deterministic replacement.\n * Dangerous: always map x to y. See [AES Penguin](https://words.filippo.io/the-ecb-penguin/).\n */\nexport const ecb = wrapCipher({ blockSize: 16 }, function ecb(key, opts = {}) {\n abytes(key);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n const xk = expandKeyLE(key);\n let i = 0;\n for (; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = encrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(xk);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n const out = getDst(ciphertext.length, dst);\n const toClean = [xk];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n for (let i = 0; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = decrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CBC: Cipher-Block-Chaining. Key is previous round’s block.\n * Fragile: needs proper padding. Unauthenticated: needs MAC.\n */\nexport const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) {\n abytes(key);\n abytes(iv, 16);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const xk = expandKeyLE(key);\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n let i = 0;\n for (; i + 4 <= b.length;) {\n (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n const out = getDst(ciphertext.length, dst);\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= b.length;) {\n // prettier-ignore\n const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;\n (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]);\n const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);\n (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output.\n * Unauthenticated: needs MAC.\n */\nexport const cfb = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) {\n abytes(key);\n abytes(iv, 16);\n function processCfb(src, isEncrypt, dst) {\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const xk = expandKeyLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n if (!isAligned32(src))\n toClean.push((src = copyBytes(src)));\n const src32 = u32(src);\n const dst32 = u32(dst);\n const next32 = isEncrypt ? dst32 : src32;\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= src32.length;) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt(xk, s0, s1, s2, s3);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]);\n }\n // leftovers (less than block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n const buf = u8(new Uint32Array([s0, s1, s2, s3]));\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(buf);\n }\n clean(...toClean);\n return dst;\n }\n return {\n encrypt: (plaintext, dst) => processCfb(plaintext, true, dst),\n decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst),\n };\n});\n// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen\nfunction computeTag(fn, isLE, key, data, AAD) {\n const aadLength = AAD == null ? 0 : AAD.length;\n const h = fn.create(key, data.length + aadLength);\n if (AAD)\n h.update(AAD);\n h.update(data);\n const num = new Uint8Array(16);\n const view = createView(num);\n if (AAD)\n setBigUint64(view, 0, BigInt(aadLength * 8), isLE);\n setBigUint64(view, 8, BigInt(data.length * 8), isLE);\n h.update(num);\n const res = h.digest();\n clean(num);\n return res;\n}\n/**\n * GCM: Galois/Counter Mode.\n * Modern, parallel version of CTR, with MAC.\n * Be careful: MACs can be forged.\n * Unsafe to use random nonces under the same key, due to collision chance.\n * As for nonce size, prefer 12-byte, instead of 8-byte.\n */\nexport const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) {\n abytes(key);\n abytes(nonce);\n if (AAD !== undefined)\n abytes(AAD);\n // NIST 800-38d doesn't enforce minimum nonce length.\n // We enforce 8 bytes for compat with openssl.\n // 12 bytes are recommended. More than 12 bytes would be converted into 12.\n if (nonce.length < 8)\n throw new Error('aes/gcm: invalid nonce length');\n const tagLength = 16;\n function _computeTag(authKey, tagMask, data) {\n const tag = computeTag(ghash, false, authKey, data, AAD);\n for (let i = 0; i < tagMask.length; i++)\n tag[i] ^= tagMask[i];\n return tag;\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const authKey = EMPTY_BLOCK.slice();\n const counter = EMPTY_BLOCK.slice();\n ctr32(xk, false, counter, counter, authKey);\n // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces\n if (nonce.length === 12) {\n counter.set(nonce);\n }\n else {\n const nonceLen = EMPTY_BLOCK.slice();\n const view = createView(nonceLen);\n setBigUint64(view, 8, BigInt(nonce.length * 8), false);\n // ghash(nonce || u64be(0) || u64be(nonceLen*8))\n const g = ghash.create(authKey).update(nonce).update(nonceLen);\n g.digestInto(counter); // digestInto doesn't trigger '.destroy'\n g.destroy();\n }\n const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);\n return { xk, authKey, counter, tagMask };\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const out = new Uint8Array(plaintext.length + tagLength);\n const toClean = [xk, authKey, counter, tagMask];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n ctr32(xk, false, counter, plaintext, out);\n const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));\n toClean.push(tag);\n out.set(tag, plaintext.length);\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n if (ciphertext.length < tagLength)\n throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const toClean = [xk, authKey, tagMask, counter];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = _computeTag(authKey, tagMask, data);\n toClean.push(tag);\n if (!equalBytes(tag, passedTag))\n throw new Error('aes/gcm: invalid ghash tag');\n const out = ctr32(xk, false, counter, data);\n clean(...toClean);\n return out;\n },\n };\n});\nconst limit = (name, min, max) => (value) => {\n if (!Number.isSafeInteger(value) || min > value || value > max)\n throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);\n};\n/**\n * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.\n * Guarantees that, when a nonce is repeated, the only security loss is that identical\n * plaintexts will produce identical ciphertexts.\n * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452\n */\nexport const siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv(key, nonce, AAD) {\n const tagLength = 16;\n // From RFC 8452: Section 6\n const AAD_LIMIT = limit('AAD', 0, 2 ** 36);\n const PLAIN_LIMIT = limit('plaintext', 0, 2 ** 36);\n const NONCE_LIMIT = limit('nonce', 12, 12);\n const CIPHER_LIMIT = limit('ciphertext', 16, 2 ** 36 + 16);\n abytes(key, 16, 24, 32);\n abytes(nonce);\n NONCE_LIMIT(nonce.length);\n if (AAD !== undefined) {\n abytes(AAD);\n AAD_LIMIT(AAD.length);\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const encKey = new Uint8Array(key.length);\n const authKey = new Uint8Array(16);\n const toClean = [xk, encKey];\n let _nonce = nonce;\n if (!isAligned32(_nonce))\n toClean.push((_nonce = copyBytes(_nonce)));\n const n32 = u32(_nonce);\n // prettier-ignore\n let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];\n let counter = 0;\n for (const derivedKey of [authKey, encKey].map(u32)) {\n const d32 = u32(derivedKey);\n for (let i = 0; i < d32.length; i += 2) {\n // aes(u32le(0) || nonce)[:8] || aes(u32le(1) || nonce)[:8] ...\n const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);\n d32[i + 0] = o0;\n d32[i + 1] = o1;\n s0 = ++counter; // increment counter inside state\n }\n }\n const res = { authKey, encKey: expandKeyLE(encKey) };\n // Cleanup\n clean(...toClean);\n return res;\n }\n function _computeTag(encKey, authKey, data) {\n const tag = computeTag(polyval, true, authKey, data, AAD);\n // Compute the expected tag by XORing S_s and the nonce, clearing the\n // most significant bit of the last byte and encrypting with the\n // message-encryption key.\n for (let i = 0; i < 12; i++)\n tag[i] ^= nonce[i];\n tag[15] &= 0x7f; // Clear the highest bit\n // encrypt tag as block\n const t32 = u32(tag);\n // prettier-ignore\n let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];\n ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));\n (t32[0] = s0), (t32[1] = s1), (t32[2] = s2), (t32[3] = s3);\n return tag;\n }\n // actual decrypt/encrypt of message.\n function processSiv(encKey, tag, input) {\n let block = copyBytes(tag);\n block[15] |= 0x80; // Force highest bit\n const res = ctr32(encKey, true, block, input);\n // Cleanup\n clean(block);\n return res;\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n PLAIN_LIMIT(plaintext.length);\n const { encKey, authKey } = deriveKeys();\n const tag = _computeTag(encKey, authKey, plaintext);\n const toClean = [encKey, authKey, tag];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n const out = new Uint8Array(plaintext.length + tagLength);\n out.set(tag, plaintext.length);\n out.set(processSiv(encKey, tag, plaintext));\n // Cleanup\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n CIPHER_LIMIT(ciphertext.length);\n const tag = ciphertext.subarray(-tagLength);\n const { encKey, authKey } = deriveKeys();\n const toClean = [encKey, authKey];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));\n const expectedTag = _computeTag(encKey, authKey, plaintext);\n toClean.push(expectedTag);\n if (!equalBytes(tag, expectedTag)) {\n clean(...toClean);\n throw new Error('invalid polyval tag');\n }\n // Cleanup\n clean(...toClean);\n return plaintext;\n },\n };\n});\nfunction isBytes32(a) {\n return (a != null &&\n typeof a === 'object' &&\n (a instanceof Uint32Array || a.constructor.name === 'Uint32Array'));\n}\nfunction encryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_encryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = encrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\nfunction decryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_decryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = decrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\n/**\n * AES-W (base for AESKW/AESKWP).\n * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf),\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/).\n */\nconst AESW = {\n /*\n High-level pseudocode:\n ```\n A: u64 = IV\n out = []\n for (let i=0, ctr = 0; i<6; i++) {\n for (const chunk of chunks(plaintext, 8)) {\n A ^= swapEndianess(ctr++)\n [A, res] = chunks(encrypt(A || chunk), 8);\n out ||= res\n }\n }\n out = A || out\n ```\n Decrypt is the same, but reversed.\n */\n encrypt(kek, out) {\n // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints.\n // If you need it larger, open an issue.\n if (out.length >= 2 ** 32)\n throw new Error('plaintext should be less than 4gb');\n const xk = expandKeyLE(kek);\n if (out.length === 16)\n encryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = 1; j < 6; j++) {\n for (let pos = 2; pos < o32.length; pos += 2, ctr++) {\n const { s0, s1, s2, s3 } = encrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n // A = MSB(64, B) ^ t where t = (n*j)+i\n (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1); // out = A || out\n }\n xk.fill(0);\n },\n decrypt(kek, out) {\n if (out.length - 8 >= 2 ** 32)\n throw new Error('ciphertext should be less than 4gb');\n const xk = expandKeyDecLE(kek);\n const chunks = out.length / 8 - 1; // first chunk is IV\n if (chunks === 1)\n decryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = chunks * 6; j < 6; j++) {\n for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) {\n a1 ^= byteSwap(ctr);\n const { s0, s1, s2, s3 } = decrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1);\n }\n xk.fill(0);\n },\n};\nconst AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6\n/**\n * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times.\n * Reduces block size from 16 to 8 bytes.\n * For padded version, use aeskwp.\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf).\n */\nexport const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length || plaintext.length % 8 !== 0)\n throw new Error('invalid plaintext length');\n if (plaintext.length === 8)\n throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead');\n const out = concatBytes(AESKW_IV, plaintext);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // ciphertext must be at least 24 bytes and a multiple of 8 bytes\n // 24 because should have at least two block (1 iv + 2).\n // Replace with 16 to enable '8-byte keys'\n if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n AESW.decrypt(kek, out);\n if (!equalBytes(out.subarray(0, 8), AESKW_IV))\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8);\n },\n}));\n/*\nWe don't support 8-byte keys. The rabbit hole:\n\n- Wycheproof says: \"NIST SP 800-38F does not define the wrapping of 8 byte keys.\n RFC 3394 Section 2 on the other hand specifies that 8 byte keys are wrapped\n by directly encrypting one block with AES.\"\n - https://github.com/C2SP/wycheproof/blob/master/doc/key_wrap.md\n - \"RFC 3394 specifies in Section 2, that the input for the key wrap\n algorithm must be at least two blocks and otherwise the constant\n field and key are simply encrypted with ECB as a single block\"\n- What RFC 3394 actually says (in Section 2):\n - \"Before being wrapped, the key data is parsed into n blocks of 64 bits.\n The only restriction the key wrap algorithm places on n is that n be\n at least two\"\n - \"For key data with length less than or equal to 64 bits, the constant\n field used in this specification and the key data form a single\n 128-bit codebook input making this key wrap unnecessary.\"\n- Which means \"assert(n >= 2)\" and \"use something else for 8 byte keys\"\n- NIST SP800-38F actually prohibits 8-byte in \"5.3.1 Mandatory Limits\".\n It states that plaintext for KW should be \"2 to 2^54 -1 semiblocks\".\n- So, where does \"directly encrypt single block with AES\" come from?\n - Not RFC 3394. Pseudocode of key wrap in 2.2 explicitly uses\n loop of 6 for any code path\n - There is a weird W3C spec:\n https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#kw-aes128\n - This spec is outdated, as admitted by Wycheproof authors\n - There is RFC 5649 for padded key wrap, which is padding construction on\n top of AESKW. In '4.1.2' it says: \"If the padded plaintext contains exactly\n eight octets, then prepend the AIV as defined in Section 3 above to P[1] and\n encrypt the resulting 128-bit block using AES in ECB mode [Modes] with key\n K (the KEK). In this case, the output is two 64-bit blocks C[0] and C[1]:\"\n - Browser subtle crypto is actually crashes on wrapping keys less than 16 bytes:\n `Error: error:1C8000E6:Provider routines::invalid input length] { opensslErrorStack: [ 'error:030000BD:digital envelope routines::update error' ]`\n\nIn the end, seems like a bug in Wycheproof.\nThe 8-byte check can be easily disabled inside of AES_W.\n*/\nconst AESKWP_IV = 0xa65959a6; // single u32le value\n/**\n * AES-KW, but with padding and allows random keys.\n * Second u32 of IV is used as counter for length.\n * [RFC 5649](https://www.rfc-editor.org/rfc/rfc5649)\n */\nexport const aeskwp = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length)\n throw new Error('invalid plaintext length');\n const padded = Math.ceil(plaintext.length / 8) * 8;\n const out = new Uint8Array(8 + padded);\n out.set(plaintext, 8);\n const out32 = u32(out);\n out32[0] = AESKWP_IV;\n out32[1] = byteSwap(plaintext.length);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // 16 because should have at least one block\n if (ciphertext.length < 16)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n const o32 = u32(out);\n AESW.decrypt(kek, out);\n const len = byteSwap(o32[1]) >>> 0;\n const padded = Math.ceil(len / 8) * 8;\n if (o32[0] !== AESKWP_IV || out.length - 8 !== padded)\n throw new Error('integrity check failed');\n for (let i = len; i < padded; i++)\n if (out[8 + i] !== 0)\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8, 8 + len);\n },\n}));\n// Private, unsafe low-level methods. Can change at any time.\nexport const unsafe = {\n expandKeyLE,\n expandKeyDecLE,\n encrypt,\n decrypt,\n encryptBlock,\n decryptBlock,\n ctrCounter,\n ctr32,\n};\n//# sourceMappingURL=aes.js.map","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n */\n\nimport { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../../util';\nimport enums from '../../enums';\nimport { getLegacyCipher, getCipherParams } from '../cipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (nodeCrypto && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nclass WebCryptoEncryptor {\n constructor(algo, key, iv) {\n const { blockSize } = getCipherParams(algo);\n this.key = key;\n this.prevBlock = iv;\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n this.zeroBlock = new Uint8Array(this.blockSize);\n }\n\n static async isSupported(algo) {\n const { keySize } = getCipherParams(algo);\n return webCrypto.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt'])\n .then(() => true, () => false);\n }\n\n async _runCBC(plaintext, nonZeroIV) {\n const mode = 'AES-CBC';\n this.keyRef = this.keyRef || await webCrypto.importKey('raw', this.key, mode, false, ['encrypt']);\n const ciphertext = await webCrypto.encrypt(\n { name: mode, iv: nonZeroIV || this.zeroBlock },\n this.keyRef,\n plaintext\n );\n return new Uint8Array(ciphertext).subarray(0, plaintext.length);\n }\n\n async encryptChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const plaintext = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n const toEncrypt = util.concatUint8Array([\n this.prevBlock,\n plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block \"early\", since we only need to xor the plaintext and pass it over as prevBlock\n ]);\n\n const encryptedBlocks = await this._runCBC(toEncrypt);\n xorMut(encryptedBlocks, plaintext);\n this.prevBlock = encryptedBlocks.slice(-this.blockSize);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return encryptedBlocks;\n }\n\n this.i += added.length;\n let encryptedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n const curBlock = this.nextBlock;\n encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n this.prevBlock = encryptedBlock.slice();\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n encryptedBlock = new Uint8Array();\n }\n\n return encryptedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n this.nextBlock = this.nextBlock.subarray(0, this.i);\n const curBlock = this.nextBlock;\n const encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n result = encryptedBlock.subarray(0, curBlock.length);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.keyRef = null;\n this.key = null;\n }\n\n async encrypt(plaintext) {\n // plaintext is internally padded to block length before encryption\n const encryptedWithPadding = await this._runCBC(\n util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]),\n this.iv\n );\n // drop encrypted padding\n const ct = encryptedWithPadding.subarray(0, plaintext.length);\n xorMut(ct, plaintext);\n this.clearSensitiveData();\n return ct;\n }\n}\n\nclass NobleStreamProcessor {\n constructor(forEncryption, algo, key, iv) {\n this.forEncryption = forEncryption;\n const { blockSize } = getCipherParams(algo);\n this.key = nobleAesHelpers.expandKeyLE(key);\n\n if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers\n this.prevBlock = getUint32Array(iv);\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n }\n\n _runCFB(src) {\n const src32 = getUint32Array(src);\n const dst = new Uint8Array(src.length);\n const dst32 = getUint32Array(dst);\n for (let i = 0; i + 4 <= dst32.length; i += 4) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = nobleAesHelpers.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4);\n }\n return dst;\n }\n\n async processChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const toProcess = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n\n const processedBlocks = this._runCFB(toProcess);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return processedBlocks;\n }\n\n this.i += added.length;\n\n let processedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n processedBlock = this._runCFB(this.nextBlock);\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n processedBlock = new Uint8Array();\n }\n\n return processedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n const processedBlock = this._runCFB(this.nextBlock);\n\n result = processedBlock.subarray(0, this.i);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.key.fill(0);\n }\n}\n\n\nasync function aesEncrypt(algo, key, pt, iv) {\n if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys\n const cfb = new WebCryptoEncryptor(algo, key, iv);\n return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);\n } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream\n const cfb = new NobleStreamProcessor(true, algo, key, iv);\n return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).encrypt(pt);\n}\n\nasync function aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new NobleStreamProcessor(false, algo, key, iv);\n return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).decrypt(ct);\n}\n\nfunction xorMut(a, b) {\n const aLength = Math.min(a.length, b.length);\n for (let i = 0; i < aLength; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nconst getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt) {\n return nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(pt);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n */\n\nimport { ctr as nobleAesCtr } from '@noble/ciphers/aes';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const keyRef = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, keyRef, pt);\n return new Uint8Array(ct);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt, iv) {\n return nobleAesCtr(key, iv).encrypt(pt);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport { getCipherParams } from '../cipher';\nimport util from '../../util';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n const { keySize } = getCipherParams(cipher);\n // sanity checks\n if (!util.isAES(cipher) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let maxNtz = 0;\n\n // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,\n // hence its execution cannot be broken up.\n // As a result, WebCrypto cannot currently be used for `encipher`.\n const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });\n const encipher = block => aes.encrypt(block);\n const decipher = block => aes.decrypt(block);\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables() {\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n */\n\nimport { gcm as nobleAesGcm } from '@noble/ciphers/aes';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages\n const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\\/13\\.\\d(\\.\\d)* Safari/) ||\n navigator.userAgent.match(/Version\\/(13|14)\\.\\d(\\.\\d)* Mobile\\/\\S* Safari/);\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && !pt.length) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n try {\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n } catch (e) {\n if (e.name === 'OperationError') {\n throw new Error('Authentication tag mismatch');\n }\n }\n }\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n },\n\n decrypt: async function(ct, iv, adata) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","// Operations are not constant time, but we try and limit timing leakage where we can\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\nexport function uint8ArrayToBigInt(bytes: Uint8Array) {\n const hexAlphabet = '0123456789ABCDEF';\n let s = '';\n bytes.forEach(v => {\n s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];\n });\n return BigInt('0x0' + s);\n}\n\nexport function mod(a: bigint, m: bigint) {\n const reduced = a % m;\n return reduced < _0n ? reduced + m : reduced;\n}\n\n/**\n * Compute modular exponentiation using square and multiply\n * @param {BigInt} a - Base\n * @param {BigInt} e - Exponent\n * @param {BigInt} n - Modulo\n * @returns {BigInt} b ** e mod n.\n */\nexport function modExp(b: bigint, e: bigint, n: bigint) {\n if (n === _0n) throw Error('Modulo cannot be zero');\n if (n === _1n) return BigInt(0);\n if (e < _0n) throw Error('Unsopported negative exponent');\n\n let exp = e;\n let x = b;\n\n x %= n;\n let r = BigInt(1);\n while (exp > _0n) {\n const lsb = exp & _1n;\n exp >>= _1n; // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n; // Square\n }\n return r;\n}\n\n\nfunction abs(x: bigint) {\n return x >= _0n ? x : -x;\n}\n\n/**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a and b, compute (x, y) such that ax + by = gdc(a, b).\n * Negative numbers are also supported.\n * @param {BigInt} a - First operand\n * @param {BigInt} b - Second operand\n * @returns {{ gcd, x, y: bigint }}\n */\nfunction _egcd(aInput: bigint, bInput: bigint) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n // Deal with negative numbers: run algo over absolute values,\n // and \"move\" the sign to the returned x and/or y.\n // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers\n let a = abs(aInput);\n let b = abs(bInput);\n const aNegated = aInput < _0n;\n const bNegated = bInput < _0n;\n\n while (b !== _0n) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: aNegated ? -xPrev : xPrev,\n y: bNegated ? -yPrev : yPrev,\n gcd: a\n };\n}\n\n/**\n * Compute the inverse of `a` modulo `n`\n * Note: `a` and and `n` must be relatively prime\n * @param {BigInt} a\n * @param {BigInt} n - Modulo\n * @returns {BigInt} x such that a*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\nexport function modInv(a: bigint, n: bigint) {\n const { gcd, x } = _egcd(a, n);\n if (gcd !== _1n) {\n throw new Error('Inverse does not exist');\n }\n return mod(x + n, n);\n}\n\n/**\n * Compute greatest common divisor between this and n\n * @param {BigInt} aInput - Operand\n * @param {BigInt} bInput - Operand\n * @returns {BigInt} gcd\n */\nexport function gcd(aInput: bigint, bInput: bigint) {\n let a = aInput;\n let b = bInput;\n while (b !== _0n) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return a;\n}\n\n/**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\nexport function bigIntToNumber(x: bigint) {\n const number = Number(x);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n}\n\n/**\n * Get value of i-th bit\n * @param {BigInt} x\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\nexport function getBit(x:bigint, i: number) {\n const bit = (x >> BigInt(i)) & _1n;\n return bit === _0n ? 0 : 1;\n}\n\n/**\n * Compute bit length\n */\nexport function bitLength(x: bigint) {\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = x < _0n ? BigInt(-1) : _0n;\n let bitlen = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _1n) !== target) {\n bitlen++;\n }\n return bitlen;\n}\n\n/**\n * Compute byte length\n */\nexport function byteLength(x: bigint) {\n const target = x < _0n ? BigInt(-1) : _0n;\n const _8n = BigInt(8);\n let len = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _8n) !== target) {\n len++;\n }\n return len;\n}\n\n/**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\nexport function bigIntToUint8Array(x: bigint, endian = 'be', length: number) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = x.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? length - rawLength : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n */\nimport { byteLength, mod, uint8ArrayToBigInt } from './biginteger';\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto?.webcrypto;\n if (webcrypto?.getRandomValues) {\n const buf = new Uint8Array(length);\n return webcrypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n}\n\n/**\n * Create a secure random BigInt that is greater than or equal to min and less than max.\n * @param {bigint} min - Lower bound, included\n * @param {bigint} max - Upper bound, excluded\n * @returns {bigint} Random BigInt.\n * @async\n */\nexport function getRandomBigInteger(min, max) {\n if (max < min) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max - min;\n const bytes = byteLength(modulus);\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));\n return mod(r, modulus) + min;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n */\nimport { bigIntToNumber, bitLength, gcd, getBit, mod, modExp } from '../biginteger';\nimport { getRandomBigInteger } from '../random';\n\nconst _1n = BigInt(1);\n\n/**\n * Generate a probably prime random number\n * @param bits - Bit length of the prime\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function randomProbablePrime(bits: number, e: bigint, k: number) {\n const _30n = BigInt(30);\n const min = _1n << BigInt(bits - 1);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n let n = getRandomBigInteger(min, min << _1n);\n let i = bigIntToNumber(mod(n, _30n));\n\n do {\n n += BigInt(adds[i]);\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (bitLength(n) > bits) {\n n = mod(n, min << _1n); n += min;\n i = bigIntToNumber(mod(n, _30n));\n }\n } while (!isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param n - Number to test\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function isProbablePrime(n: bigint, e: bigint, k: number) {\n if (e && gcd(n - _1n, e) !== _1n) {\n return false;\n }\n if (!divisionTest(n)) {\n return false;\n }\n if (!fermat(n)) {\n return false;\n }\n if (!millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param n - Number to test\n * @param b - Optional Fermat test base\n */\nexport function fermat(n: bigint, b = BigInt(2)) {\n return modExp(b, n - _1n, n) === _1n;\n}\n\nexport function divisionTest(n: bigint) {\n const _0n = BigInt(0);\n return smallPrimes.every(m => mod(n, m) !== _0n);\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n].map(n => BigInt(n));\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param n - Number to test\n * @param k - Optional number of iterations of Miller-Rabin test\n * @param rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport function millerRabin(n: bigint, k: number, rand?: () => bigint) {\n const len = bitLength(n);\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n - _1n; // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!getBit(n1, s)) { s++; }\n const d = n >> BigInt(s);\n\n for (; k > 0; k--) {\n const a = rand ? rand() : getRandomBigInteger(BigInt(2), n1);\n\n let x = modExp(a, d, n);\n if (x === _1n || x === n1) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = mod(x * x, n);\n\n if (x === _1n) {\n return false;\n }\n if (x === n1) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n */\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\nimport { bigIntToNumber, bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\nimport hash from '../hash';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst _1n = BigInt(1);\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (hash.getHashByteLength(hashAlgo) >= n.length) {\n // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error\n // e.g. if a 512-bit RSA key is used with a SHA-512 digest.\n // The size limit is actually slightly different but here we only care about throwing\n // on common key sizes.\n throw new Error('Digest size cannot exceed key modulus size');\n }\n\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n e = BigInt(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return jwkToPrivate(jwk, e);\n } else if (util.getNodeCrypto()) {\n const opts = {\n modulusLength: bits,\n publicExponent: bigIntToNumber(e),\n publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },\n privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }\n };\n const jwk = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => {\n if (err) {\n reject(err);\n } else {\n resolve(jwkPrivateKey);\n }\n });\n });\n return jwkToPrivate(jwk, e);\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = randomProbablePrime(bits - (bits >> 1), e, 40);\n p = randomProbablePrime(bits >> 1, e, 40);\n n = p * q;\n } while (bitLength(n) !== bits);\n\n const phi = (p - _1n) * (q - _1n);\n\n if (q < p) {\n [p, q] = [q, p];\n }\n\n return {\n n: bigIntToUint8Array(n),\n e: bigIntToUint8Array(e),\n d: bigIntToUint8Array(modInv(e, phi)),\n p: bigIntToUint8Array(p),\n q: bigIntToUint8Array(q),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: bigIntToUint8Array(modInv(p, q))\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n n = uint8ArrayToBigInt(n);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n\n // expect pq = n\n if ((p * q) !== n) {\n return false;\n }\n\n const _2n = BigInt(2);\n // expect p*u = 1 mod q\n u = uint8ArrayToBigInt(u);\n if (mod(p * u, q) !== BigInt(1)) {\n return false;\n }\n\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));\n const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r * d * e;\n\n const areInverses = mod(rde, p - _1n) === r && mod(rde, q - _1n) === r;\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n n = uint8ArrayToBigInt(n);\n const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));\n d = uint8ArrayToBigInt(d);\n return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n\n const jwk = await privateToJWK(n, e, d, p, q, u);\n return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' }));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n n = uint8ArrayToBigInt(n);\n s = uint8ArrayToBigInt(s);\n e = uint8ArrayToBigInt(e);\n if (s >= n) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));\n const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1' };\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n\n try {\n return verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n n = uint8ArrayToBigInt(n);\n data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));\n e = uint8ArrayToBigInt(e);\n if (data >= n) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n data = uint8ArrayToBigInt(data);\n n = uint8ArrayToBigInt(n);\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n u = uint8ArrayToBigInt(u);\n if (data >= n) {\n throw new Error('Data too large.');\n }\n const dq = mod(d, q - _1n); // d mod (q-1)\n const dp = mod(d, p - _1n); // d mod (p-1)\n\n const unblinder = getRandomBigInteger(BigInt(2), n);\n const blinder = modExp(modInv(unblinder, n), e, n);\n data = mod(data * blinder, n);\n\n const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p\n const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q\n const h = mod(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h * p + mp; // result < n due to relations above\n\n result = mod(result * unblinder, n);\n\n return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const pNum = uint8ArrayToBigInt(p);\n const qNum = uint8ArrayToBigInt(q);\n const dNum = uint8ArrayToBigInt(d);\n\n let dq = mod(dNum, qNum - _1n); // d mod (q-1)\n let dp = mod(dNum, pNum - _1n); // d mod (p-1)\n dp = bigIntToUint8Array(dp);\n dq = bigIntToUint8Array(dq);\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n\n/** Convert JWK private key to OpenPGP private key params */\nfunction jwkToPrivate(jwk, e) {\n return {\n n: b64ToUint8Array(jwk.n),\n e: bigIntToUint8Array(e),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n */\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\nconst _1n = BigInt(1);\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n const padded = emeEncode(data, byteLength(p));\n const m = uint8ArrayToBigInt(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = getRandomBigInteger(_1n, p - _1n);\n return {\n c1: bigIntToUint8Array(modExp(g, k, p)),\n c2: bigIntToUint8Array(mod(modExp(y, k, p) * m, p))\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n c1 = uint8ArrayToBigInt(c1);\n c2 = uint8ArrayToBigInt(c2);\n p = uint8ArrayToBigInt(p);\n x = uint8ArrayToBigInt(x);\n\n const padded = mod(modInv(modExp(c1, x, p), p) * c2, p);\n return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = BigInt(bitLength(p));\n const _1023n = BigInt(1023);\n if (pSize < _1023n) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (modExp(g, p - _1n, p) !== _1n) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n let i = BigInt(1);\n const _2n = BigInt(2);\n const threshold = _2n << BigInt(17); // we want order > threshold\n while (i < threshold) {\n res = mod(res * g, p);\n if (res === _1n) {\n return false;\n }\n i++;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const r = getRandomBigInteger(_2n << (pSize - _1n), _2n << pSize); // draw r of same size as p-1\n const rqx = (p - _1n) * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\nimport * as nc from 'node:crypto';\nexport const crypto =\n nc && typeof nc === 'object' && 'webcrypto' in nc ? nc.webcrypto : undefined;\n","import { crypto } from './crypto.js';\n\n'use strict';\nconst nacl = {};\nexport default nacl;\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction ts64(x, i, h, l) {\n x[i] = (h >> 24) & 0xff;\n x[i+1] = (h >> 16) & 0xff;\n x[i+2] = (h >> 8) & 0xff;\n x[i+3] = h & 0xff;\n x[i+4] = (l >> 24) & 0xff;\n x[i+5] = (l >> 16) & 0xff;\n x[i+6] = (l >> 8) & 0xff;\n x[i+7] = l & 0xff;\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nvar K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction crypto_hashblocks_hl(hh, hl, m, n) {\n var wh = new Int32Array(16), wl = new Int32Array(16),\n bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\n bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\n th, tl, i, j, h, l, a, b, c, d;\n\n var ah0 = hh[0],\n ah1 = hh[1],\n ah2 = hh[2],\n ah3 = hh[3],\n ah4 = hh[4],\n ah5 = hh[5],\n ah6 = hh[6],\n ah7 = hh[7],\n\n al0 = hl[0],\n al1 = hl[1],\n al2 = hl[2],\n al3 = hl[3],\n al4 = hl[4],\n al5 = hl[5],\n al6 = hl[6],\n al7 = hl[7];\n\n var pos = 0;\n while (n >= 128) {\n for (i = 0; i < 16; i++) {\n j = 8 * i + pos;\n wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];\n wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];\n }\n for (i = 0; i < 80; i++) {\n bh0 = ah0;\n bh1 = ah1;\n bh2 = ah2;\n bh3 = ah3;\n bh4 = ah4;\n bh5 = ah5;\n bh6 = ah6;\n bh7 = ah7;\n\n bl0 = al0;\n bl1 = al1;\n bl2 = al2;\n bl3 = al3;\n bl4 = al4;\n bl5 = al5;\n bl6 = al6;\n bl7 = al7;\n\n // add\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma1\n h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\n l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Ch\n h = (ah4 & ah5) ^ (~ah4 & ah6);\n l = (al4 & al5) ^ (~al4 & al6);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // K\n h = K[i*2];\n l = K[i*2+1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // w\n h = wh[i%16];\n l = wl[i%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n th = c & 0xffff | d << 16;\n tl = a & 0xffff | b << 16;\n\n // add\n h = th;\n l = tl;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma0\n h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\n l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Maj\n h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\n l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh7 = (c & 0xffff) | (d << 16);\n bl7 = (a & 0xffff) | (b << 16);\n\n // add\n h = bh3;\n l = bl3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = th;\n l = tl;\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh3 = (c & 0xffff) | (d << 16);\n bl3 = (a & 0xffff) | (b << 16);\n\n ah1 = bh0;\n ah2 = bh1;\n ah3 = bh2;\n ah4 = bh3;\n ah5 = bh4;\n ah6 = bh5;\n ah7 = bh6;\n ah0 = bh7;\n\n al1 = bl0;\n al2 = bl1;\n al3 = bl2;\n al4 = bl3;\n al5 = bl4;\n al6 = bl5;\n al7 = bl6;\n al0 = bl7;\n\n if (i%16 === 15) {\n for (j = 0; j < 16; j++) {\n // add\n h = wh[j];\n l = wl[j];\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = wh[(j+9)%16];\n l = wl[(j+9)%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma0\n th = wh[(j+1)%16];\n tl = wl[(j+1)%16];\n h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\n l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma1\n th = wh[(j+14)%16];\n tl = wl[(j+14)%16];\n h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\n l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n wh[j] = (c & 0xffff) | (d << 16);\n wl[j] = (a & 0xffff) | (b << 16);\n }\n }\n }\n\n // add\n h = ah0;\n l = al0;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[0];\n l = hl[0];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[0] = ah0 = (c & 0xffff) | (d << 16);\n hl[0] = al0 = (a & 0xffff) | (b << 16);\n\n h = ah1;\n l = al1;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[1];\n l = hl[1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[1] = ah1 = (c & 0xffff) | (d << 16);\n hl[1] = al1 = (a & 0xffff) | (b << 16);\n\n h = ah2;\n l = al2;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[2];\n l = hl[2];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[2] = ah2 = (c & 0xffff) | (d << 16);\n hl[2] = al2 = (a & 0xffff) | (b << 16);\n\n h = ah3;\n l = al3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[3];\n l = hl[3];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[3] = ah3 = (c & 0xffff) | (d << 16);\n hl[3] = al3 = (a & 0xffff) | (b << 16);\n\n h = ah4;\n l = al4;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[4];\n l = hl[4];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[4] = ah4 = (c & 0xffff) | (d << 16);\n hl[4] = al4 = (a & 0xffff) | (b << 16);\n\n h = ah5;\n l = al5;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[5];\n l = hl[5];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[5] = ah5 = (c & 0xffff) | (d << 16);\n hl[5] = al5 = (a & 0xffff) | (b << 16);\n\n h = ah6;\n l = al6;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[6];\n l = hl[6];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[6] = ah6 = (c & 0xffff) | (d << 16);\n hl[6] = al6 = (a & 0xffff) | (b << 16);\n\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[7];\n l = hl[7];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[7] = ah7 = (c & 0xffff) | (d << 16);\n hl[7] = al7 = (a & 0xffff) | (b << 16);\n\n pos += 128;\n n -= 128;\n }\n\n return n;\n}\n\nfunction crypto_hash(out, m, n) {\n var hh = new Int32Array(8),\n hl = new Int32Array(8),\n x = new Uint8Array(256),\n i, b = n;\n\n hh[0] = 0x6a09e667;\n hh[1] = 0xbb67ae85;\n hh[2] = 0x3c6ef372;\n hh[3] = 0xa54ff53a;\n hh[4] = 0x510e527f;\n hh[5] = 0x9b05688c;\n hh[6] = 0x1f83d9ab;\n hh[7] = 0x5be0cd19;\n\n hl[0] = 0xf3bcc908;\n hl[1] = 0x84caa73b;\n hl[2] = 0xfe94f82b;\n hl[3] = 0x5f1d36f1;\n hl[4] = 0xade682d1;\n hl[5] = 0x2b3e6c1f;\n hl[6] = 0xfb41bd6b;\n hl[7] = 0x137e2179;\n\n crypto_hashblocks_hl(hh, hl, m, n);\n n %= 128;\n\n for (i = 0; i < n; i++) x[i] = m[b-n+i];\n x[n] = 128;\n\n n = 256-128*(n<112?1:0);\n x[n-9] = 0;\n ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\n crypto_hashblocks_hl(hh, hl, x, n);\n\n for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\n\n return 0;\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n crypto_hash(r, sm.subarray(32), n+32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n crypto_hash(h, sm, n + 64);\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n crypto_hash(h, m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n if (crypto && crypto.getRandomValues) {\n // Browsers and Node v16+\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n})();\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nconst knownOIDs = {\n '2a8648ce3d030107': enums.curve.nistP256,\n '2b81040022': enums.curve.nistP384,\n '2b81040023': enums.curve.nistP521,\n '2b8104000a': enums.curve.secp256k1,\n '2b06010401da470f01': enums.curve.ed25519Legacy,\n '2b060104019755010501': enums.curve.curve25519Legacy,\n '2b2403030208010107': enums.curve.brainpoolP256r1,\n '2b240303020801010b': enums.curve.brainpoolP384r1,\n '2b240303020801010d': enums.curve.brainpoolP512r1\n};\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {enums.curve} String with the canonical name of the curve\n * @throws if unknown\n */\n getName() {\n const name = knownOIDs[this.toHex()];\n if (!name) {\n throw new Error('Unknown curve object identifier.');\n }\n\n return name;\n }\n}\n\nexport default OID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\n// unknown packet types are handled differently depending on the packet criticality\nexport class UnknownPacketError extends UnsupportedError {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnknownPacketError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n */\n\nimport ed25519 from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\nimport { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';\n\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n A: new Uint8Array(b64ToUint8Array(publicKey.x)),\n seed: b64ToUint8Array(privateKey.d, true)\n };\n } catch (err) {\n if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux\n throw err;\n }\n const seed = getRandomBytes(getPayloadSize(algo));\n const { publicKey: A } = ed25519.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const seed = ed448.utils.randomPrivateKey();\n const A = ed448.getPublicKey(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = privateKeyToJWK(algo, publicKey, privateKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']);\n\n const signature = new Uint8Array(\n await webCrypto.sign('Ed25519', key, hashed)\n );\n\n return { RS: signature };\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = ed25519.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const signature = ed448.sign(hashed, privateKey);\n return { RS: signature };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = publicKeyToJWK(algo, publicKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']);\n const verified = await webCrypto.verify('Ed25519', key, RS, hashed);\n return verified;\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n return ed25519.sign.detached.verify(hashed, RS, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n return ed448.verify(RS, hashed, publicKey);\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented\n */\n const { publicKey } = ed25519.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n\n const publicKey = ed448.getPublicKey(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n default:\n return false;\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return 32;\n\n case enums.publicKey.ed448:\n return 57;\n\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n case enums.publicKey.ed448:\n return enums.hash.sha512;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n\nconst publicKeyToJWK = (algo, publicKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = {\n kty: 'OKP',\n crv: 'Ed25519',\n x: uint8ArrayToB64(publicKey, true),\n ext: true\n };\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n\nconst privateKeyToJWK = (algo, publicKey, privateKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = publicKeyToJWK(algo, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n */\n\nimport { aeskw as nobleAesKW } from '@noble/ciphers/aes';\nimport { getCipherParams } from './cipher';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n/**\n * AES key wrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} dataToWrap\n * @returns {Uint8Array} wrapped key\n */\nexport async function wrap(algo, key, dataToWrap) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n try {\n const wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']);\n // Import data as HMAC key, as it has no key length requirements\n const keyToWrap = await webCrypto.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n const wrapped = await webCrypto.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' });\n return new Uint8Array(wrapped);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n\n return nobleAesKW(key).encrypt(dataToWrap);\n}\n\n/**\n * AES key unwrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} wrappedData\n * @returns {Uint8Array} unwrapped data\n */\nexport async function unwrap(algo, key, wrappedData) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let wrappingKey;\n try {\n wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n return nobleAesKW(key).decrypt(wrappedData);\n }\n\n try {\n const unwrapped = await webCrypto.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n return new Uint8Array(await webCrypto.exportKey('raw', unwrapped));\n } catch (err) {\n if (err.name === 'OperationError') {\n throw new Error('Key Data Integrity failed');\n }\n throw err;\n }\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n\nexport default async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n const importedKey = await webCrypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await webCrypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport x25519 from '@openpgp/tweetnacl';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport computeHKDF from '../../hkdf';\nimport { getCipherParams } from '../../cipher';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519'),\n x448: util.encodeUTF8('OpenPGP X448')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const k = x448.utils.randomPrivateKey();\n const A = x448.getPublicKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = x25519.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const publicKey = x448.getPublicKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.x25519:\n return 32;\n\n case enums.publicKey.x448:\n return 56;\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Generate shared secret and ephemeral public key for encryption\n * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret\n * @async\n */\nexport async function generateEphemeralEncryptionMaterial(algo, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));\n const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const ephemeralSecretKey = x448.utils.randomPrivateKey();\n const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * x25519 and x448 produce an all-zero value when given as input a point with small order.\n * This does not lead to a security issue in the context of ECDH, but it is still unexpected,\n * hence we throw.\n * @param {Uint8Array} sharedSecret\n */\nfunction assertNonZeroArray(sharedSecret) {\n let acc = 0;\n for (let i = 0; i < sharedSecret.length; i++) {\n acc |= sharedSecret[i];\n }\n if (acc === 0) {\n throw new Error('Unexpected low order point');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n */\nimport nacl from '@openpgp/tweetnacl';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { UnsupportedError } from '../../../packet/packet';\nimport { generate as eddsaGenerate } from './eddsa';\nimport { generate as ecdhXGenerate } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n [enums.curve.nistP256]: 'P-256',\n [enums.curve.nistP384]: 'P-384',\n [enums.curve.nistP521]: 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,\n [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n [enums.curve.nistP256]: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.nistP256],\n web: webCurves[enums.curve.nistP256],\n payloadSize: 32,\n sharedSize: 256,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP384]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.nistP384],\n web: webCurves[enums.curve.nistP384],\n payloadSize: 48,\n sharedSize: 384,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP521]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.nistP521],\n web: webCurves[enums.curve.nistP521],\n payloadSize: 66,\n sharedSize: 528,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.secp256k1]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.secp256k1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.ed25519Legacy]: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.curve25519Legacy]: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.brainpoolP256r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.brainpoolP256r1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP384r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.brainpoolP384r1],\n payloadSize: 48,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP512r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.brainpoolP512r1],\n payloadSize: 64,\n wireFormatLeadingByte: 0x04\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName) {\n try {\n this.name = oidOrName instanceof OID ?\n oidOrName.getName() :\n enums.write(enums.curve,oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n const params = curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node;\n this.web = params.web;\n this.payloadSize = params.payloadSize;\n this.sharedSize = params.sharedSize;\n this.wireFormatLeadingByte = params.wireFormatLeadingByte;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === enums.curve.curve25519Legacy) {\n this.type = 'curve25519Legacy';\n } else if (this.name === enums.curve.ed25519Legacy) {\n this.type = 'ed25519Legacy';\n }\n }\n\n async genKeyPair() {\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name, this.wireFormatLeadingByte);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n return jsGenKeyPair(this.name);\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519Legacy': {\n // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3\n const { k, A } = await ecdhXGenerate(enums.publicKey.x25519);\n const privateKey = k.slice().reverse();\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n case 'ed25519Legacy': {\n const { seed: privateKey, A } = await eddsaGenerate(enums.publicKey.ed25519);\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n default:\n return jsGenKeyPair(this.name);\n }\n }\n}\n\nasync function generate(curveName) {\n const curve = new CurveWithOID(curveName);\n const { oid, hash, cipher } = curve;\n const keyPair = await curve.genKeyPair();\n return {\n oid,\n Q: keyPair.publicKey,\n secret: util.leftPad(keyPair.privateKey, curve.payloadSize),\n hash,\n cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[oid.getName()].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n [enums.curve.nistP256]: true,\n [enums.curve.nistP384]: true,\n [enums.curve.nistP521]: true,\n [enums.curve.secp256k1]: true,\n [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh,\n [enums.curve.brainpoolP256r1]: true,\n [enums.curve.brainpoolP384r1]: true,\n [enums.curve.brainpoolP512r1]: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === enums.curve.curve25519Legacy) {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n /*\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = nobleCurve.getPublicKey(d, false);\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n}\n\n/**\n * Check whether the public point has a valid encoding.\n * NB: this function does not check e.g. whether the point belongs to the curve.\n */\nfunction checkPublicPointEnconding(curve, V) {\n const { payloadSize, wireFormatLeadingByte, name: curveName } = curve;\n\n const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2;\n\n if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) {\n throw new Error('Invalid point encoding');\n }\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\nasync function jsGenKeyPair(name) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n const privateKey = nobleCurve.utils.randomPrivateKey();\n const publicKey = nobleCurve.getPublicKey(privateKey, false);\n return { publicKey, privateKey };\n}\n\nasync function webGenKeyPair(name, wireFormatLeadingByte) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk, wireFormatLeadingByte) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = wireFormatLeadingByte;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';\nimport { bigIntToUint8Array } from '../../biginteger';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web':\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n case 'node':\n return nodeSign(curve, hashAlgo, message, privateKey);\n }\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });\n return {\n r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),\n s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)\n };\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n // See https://github.com/openpgpjs/openpgpjs/pull/948.\n // NB: the impact was more likely limited to Brainpool curves, since thanks\n // to WebCrypto availability, NIST curve should not have been affected.\n // Similarly, secp256k1 should have been used rarely enough.\n // However, we implement the fix for all curves, since it's only needed in case of\n // verification failure, which is unexpected, hence a minor slowdown is acceptable.\n const tryFallbackVerificationForOldBug = async () => (\n hashed[0] === 0 ?\n jsVerify(curve, signature, hashed.subarray(1), publicKey) :\n false\n );\n\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n const verified = await webVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node': {\n const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n }\n }\n }\n\n const verified = await jsVerify(curve, signature, hashed, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n // eslint-disable-next-line @typescript-eslint/return-await\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Fallback javascript implementation of ECDSA verification.\n * To be used if no native implementation is available for the given curve/operation.\n */\nasync function jsVerify(curve, signature, hashed, publicKey) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false });\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, privateKey) {\n // JWT encoding cannot be used for now, as Brainpool curves are not supported\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n privateKey: nodeBuffer.from(privateKey)\n });\n\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n\n const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' }));\n const len = curve.payloadSize;\n\n return {\n r: signature.subarray(0, len),\n s: signature.subarray(len, len << 1)\n };\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { publicKey: derPublicKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n publicKey: nodeBuffer.from(publicKey)\n });\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n\n const signature = util.concatUint8Array([r, s]);\n\n try {\n return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature);\n } catch (err) {\n return false;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n */\n\nimport nacl from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { CurveWithOID, checkPublicPointEnconding } from './oid_curves';\nimport { sign as eddsaSign, verify as eddsaVerify } from './eddsa';\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const { RS: signature } = await eddsaSign(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const RS = util.concatUint8Array([r, s]);\n return eddsaVerify(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed);\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { getCipherParams } from '../../cipher';\nimport { generateEphemeralEncryptionMaterial as ecdhXGenerateEphemeralEncryptionMaterial, recomputeSharedSecret as ecdhXRecomputeSharedSecret } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519Legacy': {\n const { sharedSecret: sharedKey, ephemeralPublicKey } = await ecdhXGenerateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1));\n const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n return jsPublicEphemeralKey(curve, Q);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n default:\n return jsPublicEphemeralKey(curve, Q);\n\n }\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = await aesKW.wrap(kdfParams.cipher, Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519Legacy': {\n const secretKey = d.slice().reverse();\n const sharedKey = await ecdhXRecomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey);\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n return jsPrivateEphemeralKey(curve, V, d);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n default:\n return jsPrivateEphemeralKey(curve, V, d);\n }\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n checkPublicPointEnconding(curve, V);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(await aesKW.unwrap(kdfParams.cipher, Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\nasync function jsPrivateEphemeralKey(curve, V, d) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { secretKey: d, sharedKey };\n}\n\nasync function jsPublicEphemeralKey(curve, Q) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n const { publicKey: V, privateKey: v } = await curve.genKeyPair();\n\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { publicKey: V, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: sender\n },\n privateKey,\n curve.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const _0n = BigInt(0);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n x = uint8ArrayToBigInt(x);\n\n let k;\n let r;\n let s;\n let t;\n g = mod(g, p);\n x = mod(x, q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = getRandomBigInteger(_1n, q); // returns in [1, q-1]\n r = mod(modExp(g, k, p), q); // (g**k mod p) mod q\n if (r === _0n) {\n continue;\n }\n const xr = mod(x * r, q);\n t = mod(h + xr, q); // H(m) + x*r mod q\n s = mod(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q\n if (s === _0n) {\n continue;\n }\n break;\n }\n return {\n r: bigIntToUint8Array(r, 'be', byteLength(p)),\n s: bigIntToUint8Array(s, 'be', byteLength(p))\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n r = uint8ArrayToBigInt(r);\n s = uint8ArrayToBigInt(s);\n\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n if (r <= _0n || r >= q ||\n s <= _0n || s >= q) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n const w = modInv(s, q); // s**-1 mod q\n if (w === _0n) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = mod(g, p);\n y = mod(y, p);\n const u1 = mod(h * w, q); // H(m) * w mod q\n const u2 = mod(r * w, q); // r * w mod q\n const t1 = modExp(g, u1, p); // g**u1 mod p\n const t2 = modExp(y, u2, p); // y**u2 mod p\n const v = mod(mod(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q\n return v === r;\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (mod(p - _1n, q) !== _0n) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (modExp(g, q, p) !== _1n) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = BigInt(bitLength(q));\n const _150n = BigInt(150);\n if (qSize < _150n || !isProbablePrime(q, null, 32)) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const _2n = BigInt(2);\n const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q\n const rqx = q * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n */\n\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { read, signatureParams: { s } };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n // If the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature\n // verification: if the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n // Algorithm-Specific Fields for Ed448 signatures:\n // - 114 octets of the native signature\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo);\n const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length;\n return { read, signatureParams: { RS } };\n }\n\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal:\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport { getCipherParams } from './cipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only)\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n if (symmetricAlgo && !util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 and X448 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (C.algorithm !== null && !util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const payloadSize = getCurvePayloadSize(algo);\n const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const payloadSize = getCurvePayloadSize(algo);\n const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 or X448 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448).\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const pointSize = getCurvePayloadSize(algo);\n const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([\n enums.publicKey.ed25519,\n enums.publicKey.x25519,\n enums.publicKey.ed448,\n enums.publicKey.x448\n ]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipherParams(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipherParams(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get encoded secret size for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getCurvePayloadSize(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh:\n case enums.publicKey.eddsaLegacy:\n return new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPayloadSize(algo);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.getPayloadSize(algo);\n default:\n throw new Error('Unknown elliptic algo');\n }\n}\n\n/**\n * Get preferred signing hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n\n\nexport { getCipherParams };\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","import defaultConfig from '../../config';\nimport enums from '../../enums';\nimport util from '../../util';\nimport crypto from '../../crypto';\n\nconst ARGON2_TYPE = 0x02; // id\nconst ARGON2_VERSION = 0x13;\nconst ARGON2_SALT_SIZE = 16;\n\nexport class Argon2OutOfMemoryError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Argon2OutOfMemoryError);\n }\n\n this.name = 'Argon2OutOfMemoryError';\n }\n}\n\n// cache argon wasm module\nlet loadArgonWasmModule;\nlet argon2Promise;\n// reload wasm module above this treshold, to deallocated used memory\nconst ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;\n\nclass Argon2S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n const { passes, parallelism, memoryExponent } = config.s2kArgon2Params;\n\n this.type = 'argon2';\n /**\n * 16 bytes of salt\n * @type {Uint8Array}\n */\n this.salt = null;\n /**\n * number of passes\n * @type {Integer}\n */\n this.t = passes;\n /**\n * degree of parallelism (lanes)\n * @type {Integer}\n */\n this.p = parallelism;\n /**\n * exponent indicating memory size\n * @type {Integer}\n */\n this.encodedM = memoryExponent;\n }\n\n generateSalt() {\n this.salt = crypto.random.getRandomBytes(ARGON2_SALT_SIZE);\n }\n\n /**\n * Parsing function for argon2 string-to-key specifier.\n * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n\n this.salt = bytes.subarray(i, i + 16);\n i += 16;\n\n this.t = bytes[i++];\n this.p = bytes[i++];\n this.encodedM = bytes[i++]; // memory size exponent, one-octect\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n const arr = [\n new Uint8Array([enums.write(enums.s2k, this.type)]),\n this.salt,\n new Uint8Array([this.t, this.p, this.encodedM])\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to `keySize`\n * @throws {Argon2OutOfMemoryError|Errors}\n * @async\n */\n async produceKey(passphrase, keySize) {\n const decodedM = 2 << (this.encodedM - 1);\n\n try {\n // on first load, the argon2 lib is imported and the WASM module is initialized.\n // the two steps need to be atomic to avoid race conditions causing multiple wasm modules\n // being loaded when `argon2Promise` is not initialized.\n loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;\n argon2Promise = argon2Promise || loadArgonWasmModule();\n\n // important to keep local ref to argon2 in case the module is reloaded by another instance\n const argon2 = await argon2Promise;\n\n const passwordBytes = util.encodeUTF8(passphrase);\n const hash = argon2({\n version: ARGON2_VERSION,\n type: ARGON2_TYPE,\n password: passwordBytes,\n salt: this.salt,\n tagLength: keySize,\n memorySize: decodedM,\n parallelism: this.p,\n passes: this.t\n });\n\n // a lot of memory was used, reload to deallocate\n if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {\n // it will be awaited if needed at the next `produceKey` invocation\n argon2Promise = loadArgonWasmModule();\n argon2Promise.catch(() => {});\n }\n return hash;\n } catch (e) {\n if (e.message && (\n e.message.includes('Unable to grow instance memory') || // Chrome\n e.message.includes('failed to grow memory') || // Firefox\n e.message.includes('WebAssembly.Memory.grow') || // Safari\n e.message.includes('Out of memory') // Safari iOS\n )) {\n throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');\n } else {\n throw e;\n }\n }\n }\n}\n\nexport default Argon2S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n */\n\nimport defaultConfig from '../../config';\nimport crypto from '../../crypto';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\nimport util from '../../util';\n\nclass GenericS2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(s2kType, config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = enums.read(enums.s2k, s2kType);\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n generateSalt() {\n switch (this.type) {\n case 'salted':\n case 'iterated':\n this.salt = crypto.random.getRandomBytes(8);\n }\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default GenericS2K;\n","import defaultConfig from '../../config';\nimport Argon2S2K, { Argon2OutOfMemoryError } from './argon2';\nimport GenericS2K from './generic';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\n\nconst allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);\n\n/**\n * Instantiate a new S2K instance of the given type\n * @param {module:enums.s2k} type\n * @oaram {Object} [config]\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromType(type, config = defaultConfig) {\n switch (type) {\n case enums.s2k.argon2:\n return new Argon2S2K(config);\n case enums.s2k.iterated:\n case enums.s2k.gnu:\n case enums.s2k.salted:\n case enums.s2k.simple:\n return new GenericS2K(type, config);\n default:\n throw new UnsupportedError('Unsupported S2K type');\n }\n}\n\n/**\n * Instantiate a new S2K instance based on the config settings\n * @oaram {Object} config\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromConfig(config) {\n const { s2kType } = config;\n\n if (!allowedS2KTypesForEncryption.has(s2kType)) {\n throw new Error('The provided `config.s2kType` value is not allowed');\n }\n\n return newS2KFromType(s2kType, config);\n}\n\nexport { Argon2OutOfMemoryError };\n","import { createRequire } from 'module';\nvar require = createRequire('/');\n// DEFLATE is a complex format; to read this code, you should probably check the RFC first:\n// https://tools.ietf.org/html/rfc1951\n// You may also wish to take a look at the guide I made about this program:\n// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad\n// Some of the following code is similar to that of UZIP.js:\n// https://github.com/photopea/UZIP.js\n// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size.\n// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint\n// is better for memory in most engines (I *think*).\n// Mediocre shim\nvar Worker;\nvar workerAdd = \";var __w=require('worker_threads');__w.parentPort.on('message',function(m){onmessage({data:m})}),postMessage=function(m,t){__w.parentPort.postMessage(m,t)},close=process.exit;self=global\";\ntry {\n Worker = require('worker_threads').Worker;\n}\ncatch (e) {\n}\nvar wk = Worker ? function (c, _, msg, transfer, cb) {\n var done = false;\n var w = new Worker(c + workerAdd, { eval: true })\n .on('error', function (e) { return cb(e, null); })\n .on('message', function (m) { return cb(null, m); })\n .on('exit', function (c) {\n if (c && !done)\n cb(new Error('exited with code ' + c), null);\n });\n w.postMessage(msg, transfer);\n w.terminate = function () {\n done = true;\n return Worker.prototype.terminate.call(w);\n };\n return w;\n} : function (_, __, ___, ____, cb) {\n setImmediate(function () { return cb(new Error('async operations unsupported - update to Node 12+ (or Node 10-11 with the --experimental-worker CLI flag)'), null); });\n var NOP = function () { };\n return {\n terminate: NOP,\n postMessage: NOP\n };\n};\n\n// aliases for shorter compressed code (most minifers don't do this)\nvar u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array;\n// fixed length extra bits\nvar fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]);\n// fixed distance extra bits\n// see fleb note\nvar fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]);\n// code length index map\nvar clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);\n// get base, reverse index map from extra bits\nvar freb = function (eb, start) {\n var b = new u16(31);\n for (var i = 0; i < 31; ++i) {\n b[i] = start += 1 << eb[i - 1];\n }\n // numbers here are at max 18 bits\n var r = new u32(b[30]);\n for (var i = 1; i < 30; ++i) {\n for (var j = b[i]; j < b[i + 1]; ++j) {\n r[j] = ((j - b[i]) << 5) | i;\n }\n }\n return [b, r];\n};\nvar _a = freb(fleb, 2), fl = _a[0], revfl = _a[1];\n// we can ignore the fact that the other numbers are wrong; they never happen anyway\nfl[28] = 258, revfl[258] = 28;\nvar _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1];\n// map of value to reverse (assuming 16 bits)\nvar rev = new u16(32768);\nfor (var i = 0; i < 32768; ++i) {\n // reverse table algorithm from SO\n var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1);\n x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2);\n x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4);\n rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1;\n}\n// create huffman tree from u8 \"map\": index -> code length for code index\n// mb (max bits) must be at most 15\n// TODO: optimize/split up?\nvar hMap = (function (cd, mb, r) {\n var s = cd.length;\n // index\n var i = 0;\n // u16 \"map\": index -> # of codes with bit length = index\n var l = new u16(mb);\n // length of cd must be 288 (total # of codes)\n for (; i < s; ++i) {\n if (cd[i])\n ++l[cd[i] - 1];\n }\n // u16 \"map\": index -> minimum code for bit length = index\n var le = new u16(mb);\n for (i = 0; i < mb; ++i) {\n le[i] = (le[i - 1] + l[i - 1]) << 1;\n }\n var co;\n if (r) {\n // u16 \"map\": index -> number of actual bits, symbol for code\n co = new u16(1 << mb);\n // bits to remove for reverser\n var rvb = 15 - mb;\n for (i = 0; i < s; ++i) {\n // ignore 0 lengths\n if (cd[i]) {\n // num encoding both symbol and bits read\n var sv = (i << 4) | cd[i];\n // free bits\n var r_1 = mb - cd[i];\n // start value\n var v = le[cd[i] - 1]++ << r_1;\n // m is end value\n for (var m = v | ((1 << r_1) - 1); v <= m; ++v) {\n // every 16 bit value starting with the code yields the same result\n co[rev[v] >>> rvb] = sv;\n }\n }\n }\n }\n else {\n co = new u16(s);\n for (i = 0; i < s; ++i) {\n if (cd[i]) {\n co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]);\n }\n }\n }\n return co;\n});\n// fixed length tree\nvar flt = new u8(288);\nfor (var i = 0; i < 144; ++i)\n flt[i] = 8;\nfor (var i = 144; i < 256; ++i)\n flt[i] = 9;\nfor (var i = 256; i < 280; ++i)\n flt[i] = 7;\nfor (var i = 280; i < 288; ++i)\n flt[i] = 8;\n// fixed distance tree\nvar fdt = new u8(32);\nfor (var i = 0; i < 32; ++i)\n fdt[i] = 5;\n// fixed length map\nvar flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1);\n// fixed distance map\nvar fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1);\n// find max of array\nvar max = function (a) {\n var m = a[0];\n for (var i = 1; i < a.length; ++i) {\n if (a[i] > m)\n m = a[i];\n }\n return m;\n};\n// read d, starting at bit p and mask with m\nvar bits = function (d, p, m) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m;\n};\n// read d, starting at bit p continuing for at least 16 bits\nvar bits16 = function (d, p) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7));\n};\n// get end of byte\nvar shft = function (p) { return ((p + 7) / 8) | 0; };\n// typed array slice - allows garbage collector to free original reference,\n// while being more compatible than .slice\nvar slc = function (v, s, e) {\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n // can't use .constructor in case user-supplied\n var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\n/**\n * Codes for errors generated within this library\n */\nexport var FlateErrorCode = {\n UnexpectedEOF: 0,\n InvalidBlockType: 1,\n InvalidLengthLiteral: 2,\n InvalidDistance: 3,\n StreamFinished: 4,\n NoStreamHandler: 5,\n InvalidHeader: 6,\n NoCallback: 7,\n InvalidUTF8: 8,\n ExtraFieldTooLong: 9,\n InvalidDate: 10,\n FilenameTooLong: 11,\n StreamFinishing: 12,\n InvalidZipData: 13,\n UnknownCompressionMethod: 14\n};\n// error codes\nvar ec = [\n 'unexpected EOF',\n 'invalid block type',\n 'invalid length/literal',\n 'invalid distance',\n 'stream finished',\n 'no stream handler',\n ,\n 'no callback',\n 'invalid UTF-8 data',\n 'extra field too long',\n 'date not in range 1980-2099',\n 'filename too long',\n 'stream finishing',\n 'invalid zip data'\n // determined by unknown compression method\n];\n;\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\n// expands raw DEFLATE data\nvar inflt = function (dat, buf, st) {\n // source length\n var sl = dat.length;\n if (!sl || (st && st.f && !st.l))\n return buf || new u8(0);\n // have to estimate size\n var noBuf = !buf || st;\n // no state\n var noSt = !st || st.i;\n if (!st)\n st = {};\n // Assumes roughly 33% compression ratio average\n if (!buf)\n buf = new u8(sl * 3);\n // ensure buffer can fit at least l elements\n var cbuf = function (l) {\n var bl = buf.length;\n // need to increase size to fit\n if (l > bl) {\n // Double or set to necessary, whichever is greater\n var nbuf = new u8(Math.max(bl * 2, l));\n nbuf.set(buf);\n buf = nbuf;\n }\n };\n // last chunk bitpos bytes\n var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;\n // total bits\n var tbts = sl * 8;\n do {\n if (!lm) {\n // BFINAL - this is only 1 when last chunk is next\n final = bits(dat, pos, 1);\n // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman\n var type = bits(dat, pos + 1, 3);\n pos += 3;\n if (!type) {\n // go to end of byte boundary\n var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l;\n if (t > sl) {\n if (noSt)\n err(0);\n break;\n }\n // ensure size\n if (noBuf)\n cbuf(bt + l);\n // Copy over uncompressed data\n buf.set(dat.subarray(s, t), bt);\n // Get new bitpos, update byte count\n st.b = bt += l, st.p = pos = t * 8, st.f = final;\n continue;\n }\n else if (type == 1)\n lm = flrm, dm = fdrm, lbt = 9, dbt = 5;\n else if (type == 2) {\n // literal lengths\n var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;\n var tl = hLit + bits(dat, pos + 5, 31) + 1;\n pos += 14;\n // length+distance tree\n var ldt = new u8(tl);\n // code length tree\n var clt = new u8(19);\n for (var i = 0; i < hcLen; ++i) {\n // use index map to get real code\n clt[clim[i]] = bits(dat, pos + i * 3, 7);\n }\n pos += hcLen * 3;\n // code lengths bits\n var clb = max(clt), clbmsk = (1 << clb) - 1;\n // code lengths map\n var clm = hMap(clt, clb, 1);\n for (var i = 0; i < tl;) {\n var r = clm[bits(dat, pos, clbmsk)];\n // bits read\n pos += r & 15;\n // symbol\n var s = r >>> 4;\n // code length to copy\n if (s < 16) {\n ldt[i++] = s;\n }\n else {\n // copy count\n var c = 0, n = 0;\n if (s == 16)\n n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1];\n else if (s == 17)\n n = 3 + bits(dat, pos, 7), pos += 3;\n else if (s == 18)\n n = 11 + bits(dat, pos, 127), pos += 7;\n while (n--)\n ldt[i++] = c;\n }\n }\n // length tree distance tree\n var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);\n // max length bits\n lbt = max(lt);\n // max dist bits\n dbt = max(dt);\n lm = hMap(lt, lbt, 1);\n dm = hMap(dt, dbt, 1);\n }\n else\n err(1);\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n }\n // Make sure the buffer can hold this + the largest possible addition\n // Maximum chunk size (practically, theoretically infinite) is 2^17;\n if (noBuf)\n cbuf(bt + 131072);\n var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;\n var lpos = pos;\n for (;; lpos = pos) {\n // bits read, code\n var c = lm[bits16(dat, pos) & lms], sym = c >>> 4;\n pos += c & 15;\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (!c)\n err(2);\n if (sym < 256)\n buf[bt++] = sym;\n else if (sym == 256) {\n lpos = pos, lm = null;\n break;\n }\n else {\n var add = sym - 254;\n // no extra bits needed if less\n if (sym > 264) {\n // index\n var i = sym - 257, b = fleb[i];\n add = bits(dat, pos, (1 << b) - 1) + fl[i];\n pos += b;\n }\n // dist\n var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4;\n if (!d)\n err(3);\n pos += d & 15;\n var dt = fd[dsym];\n if (dsym > 3) {\n var b = fdeb[dsym];\n dt += bits16(dat, pos) & ((1 << b) - 1), pos += b;\n }\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (noBuf)\n cbuf(bt + 131072);\n var end = bt + add;\n for (; bt < end; bt += 4) {\n buf[bt] = buf[bt - dt];\n buf[bt + 1] = buf[bt + 1 - dt];\n buf[bt + 2] = buf[bt + 2 - dt];\n buf[bt + 3] = buf[bt + 3 - dt];\n }\n bt = end;\n }\n }\n st.l = lm, st.p = lpos, st.b = bt, st.f = final;\n if (lm)\n final = 1, st.m = lbt, st.d = dm, st.n = dbt;\n } while (!final);\n return bt == buf.length ? buf : slc(buf, 0, bt);\n};\n// starting at p, write the minimum number of bits that can hold v to d\nvar wbits = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n};\n// starting at p, write the minimum number of bits (>8) that can hold v to d\nvar wbits16 = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n d[o + 2] |= v >>> 16;\n};\n// creates code lengths from a frequency table\nvar hTree = function (d, mb) {\n // Need extra info to make a tree\n var t = [];\n for (var i = 0; i < d.length; ++i) {\n if (d[i])\n t.push({ s: i, f: d[i] });\n }\n var s = t.length;\n var t2 = t.slice();\n if (!s)\n return [et, 0];\n if (s == 1) {\n var v = new u8(t[0].s + 1);\n v[t[0].s] = 1;\n return [v, 1];\n }\n t.sort(function (a, b) { return a.f - b.f; });\n // after i2 reaches last ind, will be stopped\n // freq must be greater than largest possible number of symbols\n t.push({ s: -1, f: 25001 });\n var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2;\n t[0] = { s: -1, f: l.f + r.f, l: l, r: r };\n // efficient algorithm from UZIP.js\n // i0 is lookbehind, i2 is lookahead - after processing two low-freq\n // symbols that combined have high freq, will start processing i2 (high-freq,\n // non-composite) symbols instead\n // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/\n while (i1 != s - 1) {\n l = t[t[i0].f < t[i2].f ? i0++ : i2++];\n r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++];\n t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r };\n }\n var maxSym = t2[0].s;\n for (var i = 1; i < s; ++i) {\n if (t2[i].s > maxSym)\n maxSym = t2[i].s;\n }\n // code lengths\n var tr = new u16(maxSym + 1);\n // max bits in tree\n var mbt = ln(t[i1 - 1], tr, 0);\n if (mbt > mb) {\n // more algorithms from UZIP.js\n // TODO: find out how this code works (debt)\n // ind debt\n var i = 0, dt = 0;\n // left cost\n var lft = mbt - mb, cst = 1 << lft;\n t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; });\n for (; i < s; ++i) {\n var i2_1 = t2[i].s;\n if (tr[i2_1] > mb) {\n dt += cst - (1 << (mbt - tr[i2_1]));\n tr[i2_1] = mb;\n }\n else\n break;\n }\n dt >>>= lft;\n while (dt > 0) {\n var i2_2 = t2[i].s;\n if (tr[i2_2] < mb)\n dt -= 1 << (mb - tr[i2_2]++ - 1);\n else\n ++i;\n }\n for (; i >= 0 && dt; --i) {\n var i2_3 = t2[i].s;\n if (tr[i2_3] == mb) {\n --tr[i2_3];\n ++dt;\n }\n }\n mbt = mb;\n }\n return [new u8(tr), mbt];\n};\n// get the max length and assign length codes\nvar ln = function (n, l, d) {\n return n.s == -1\n ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1))\n : (l[n.s] = d);\n};\n// length codes generation\nvar lc = function (c) {\n var s = c.length;\n // Note that the semicolon was intentional\n while (s && !c[--s])\n ;\n var cl = new u16(++s);\n // ind num streak\n var cli = 0, cln = c[0], cls = 1;\n var w = function (v) { cl[cli++] = v; };\n for (var i = 1; i <= s; ++i) {\n if (c[i] == cln && i != s)\n ++cls;\n else {\n if (!cln && cls > 2) {\n for (; cls > 138; cls -= 138)\n w(32754);\n if (cls > 2) {\n w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305);\n cls = 0;\n }\n }\n else if (cls > 3) {\n w(cln), --cls;\n for (; cls > 6; cls -= 6)\n w(8304);\n if (cls > 2)\n w(((cls - 3) << 5) | 8208), cls = 0;\n }\n while (cls--)\n w(cln);\n cls = 1;\n cln = c[i];\n }\n }\n return [cl.subarray(0, cli), s];\n};\n// calculate the length of output from tree, code lengths\nvar clen = function (cf, cl) {\n var l = 0;\n for (var i = 0; i < cl.length; ++i)\n l += cf[i] * cl[i];\n return l;\n};\n// writes a fixed block\n// returns the new bit pos\nvar wfblk = function (out, pos, dat) {\n // no need to write 00 as type: TypedArray defaults to 0\n var s = dat.length;\n var o = shft(pos + 2);\n out[o] = s & 255;\n out[o + 1] = s >>> 8;\n out[o + 2] = out[o] ^ 255;\n out[o + 3] = out[o + 1] ^ 255;\n for (var i = 0; i < s; ++i)\n out[o + i + 4] = dat[i];\n return (o + 4 + s) * 8;\n};\n// writes a block\nvar wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) {\n wbits(out, p++, final);\n ++lf[256];\n var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1];\n var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1];\n var _c = lc(dlt), lclt = _c[0], nlc = _c[1];\n var _d = lc(ddt), lcdt = _d[0], ndc = _d[1];\n var lcfreq = new u16(19);\n for (var i = 0; i < lclt.length; ++i)\n lcfreq[lclt[i] & 31]++;\n for (var i = 0; i < lcdt.length; ++i)\n lcfreq[lcdt[i] & 31]++;\n var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1];\n var nlcc = 19;\n for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc)\n ;\n var flen = (bl + 5) << 3;\n var ftlen = clen(lf, flt) + clen(df, fdt) + eb;\n var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]);\n if (flen <= ftlen && flen <= dtlen)\n return wfblk(out, p, dat.subarray(bs, bs + bl));\n var lm, ll, dm, dl;\n wbits(out, p, 1 + (dtlen < ftlen)), p += 2;\n if (dtlen < ftlen) {\n lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt;\n var llm = hMap(lct, mlcb, 0);\n wbits(out, p, nlc - 257);\n wbits(out, p + 5, ndc - 1);\n wbits(out, p + 10, nlcc - 4);\n p += 14;\n for (var i = 0; i < nlcc; ++i)\n wbits(out, p + 3 * i, lct[clim[i]]);\n p += 3 * nlcc;\n var lcts = [lclt, lcdt];\n for (var it = 0; it < 2; ++it) {\n var clct = lcts[it];\n for (var i = 0; i < clct.length; ++i) {\n var len = clct[i] & 31;\n wbits(out, p, llm[len]), p += lct[len];\n if (len > 15)\n wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12;\n }\n }\n }\n else {\n lm = flm, ll = flt, dm = fdm, dl = fdt;\n }\n for (var i = 0; i < li; ++i) {\n if (syms[i] > 255) {\n var len = (syms[i] >>> 18) & 31;\n wbits16(out, p, lm[len + 257]), p += ll[len + 257];\n if (len > 7)\n wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len];\n var dst = syms[i] & 31;\n wbits16(out, p, dm[dst]), p += dl[dst];\n if (dst > 3)\n wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst];\n }\n else {\n wbits16(out, p, lm[syms[i]]), p += ll[syms[i]];\n }\n }\n wbits16(out, p, lm[256]);\n return p + ll[256];\n};\n// deflate options (nice << 13) | chain\nvar deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]);\n// empty\nvar et = /*#__PURE__*/ new u8(0);\n// compresses data into a raw DEFLATE buffer\nvar dflt = function (dat, lvl, plvl, pre, post, lst) {\n var s = dat.length;\n var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post);\n // writing to this writes to the output buffer\n var w = o.subarray(pre, o.length - post);\n var pos = 0;\n if (!lvl || s < 8) {\n for (var i = 0; i <= s; i += 65535) {\n // end\n var e = i + 65535;\n if (e >= s) {\n // write final block\n w[pos >> 3] = lst;\n }\n pos = wfblk(w, pos + 1, dat.subarray(i, e));\n }\n }\n else {\n var opt = deo[lvl - 1];\n var n = opt >>> 13, c = opt & 8191;\n var msk_1 = (1 << plvl) - 1;\n // prev 2-byte val map curr 2-byte val map\n var prev = new u16(32768), head = new u16(msk_1 + 1);\n var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1;\n var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; };\n // 24576 is an arbitrary number of maximum symbols per block\n // 424 buffer for last block\n var syms = new u32(25000);\n // length/literal freq distance freq\n var lf = new u16(288), df = new u16(32);\n // l/lcnt exbits index l/lind waitdx bitpos\n var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0;\n for (; i < s; ++i) {\n // hash value\n // deopt when i > s - 3 - at end, deopt acceptable\n var hv = hsh(i);\n // index mod 32768 previous index mod\n var imod = i & 32767, pimod = head[hv];\n prev[imod] = pimod;\n head[hv] = imod;\n // We always should modify head and prev, but only add symbols if\n // this data is not yet processed (\"wait\" for wait index)\n if (wi <= i) {\n // bytes remaining\n var rem = s - i;\n if ((lc_1 > 7000 || li > 24576) && rem > 423) {\n pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos);\n li = lc_1 = eb = 0, bs = i;\n for (var j = 0; j < 286; ++j)\n lf[j] = 0;\n for (var j = 0; j < 30; ++j)\n df[j] = 0;\n }\n // len dist chain\n var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767;\n if (rem > 2 && hv == hsh(i - dif)) {\n var maxn = Math.min(n, rem) - 1;\n var maxd = Math.min(32767, i);\n // max possible length\n // not capped at dif because decompressors implement \"rolling\" index population\n var ml = Math.min(258, rem);\n while (dif <= maxd && --ch_1 && imod != pimod) {\n if (dat[i + l] == dat[i + l - dif]) {\n var nl = 0;\n for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl)\n ;\n if (nl > l) {\n l = nl, d = dif;\n // break out early when we reach \"nice\" (we are satisfied enough)\n if (nl > maxn)\n break;\n // now, find the rarest 2-byte sequence within this\n // length of literals and search for that instead.\n // Much faster than just using the start\n var mmd = Math.min(dif, nl - 2);\n var md = 0;\n for (var j = 0; j < mmd; ++j) {\n var ti = (i - dif + j + 32768) & 32767;\n var pti = prev[ti];\n var cd = (ti - pti + 32768) & 32767;\n if (cd > md)\n md = cd, pimod = ti;\n }\n }\n }\n // check the previous match\n imod = pimod, pimod = prev[imod];\n dif += (imod - pimod + 32768) & 32767;\n }\n }\n // d will be nonzero only when a match was found\n if (d) {\n // store both dist and len data in one Uint32\n // Make sure this is recognized as a len/dist with 28th bit (2^28)\n syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d];\n var lin = revfl[l] & 31, din = revfd[d] & 31;\n eb += fleb[lin] + fdeb[din];\n ++lf[257 + lin];\n ++df[din];\n wi = i + l;\n ++lc_1;\n }\n else {\n syms[li++] = dat[i];\n ++lf[dat[i]];\n }\n }\n }\n pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos);\n // this is the easiest way to avoid needing to maintain state\n if (!lst && pos & 7)\n pos = wfblk(w, pos + 1, et);\n }\n return slc(o, 0, pre + shft(pos) + post);\n};\n// CRC32 table\nvar crct = /*#__PURE__*/ (function () {\n var t = new Int32Array(256);\n for (var i = 0; i < 256; ++i) {\n var c = i, k = 9;\n while (--k)\n c = ((c & 1) && -306674912) ^ (c >>> 1);\n t[i] = c;\n }\n return t;\n})();\n// CRC32\nvar crc = function () {\n var c = -1;\n return {\n p: function (d) {\n // closures have awful performance\n var cr = c;\n for (var i = 0; i < d.length; ++i)\n cr = crct[(cr & 255) ^ d[i]] ^ (cr >>> 8);\n c = cr;\n },\n d: function () { return ~c; }\n };\n};\n// Alder32\nvar adler = function () {\n var a = 1, b = 0;\n return {\n p: function (d) {\n // closures have awful performance\n var n = a, m = b;\n var l = d.length | 0;\n for (var i = 0; i != l;) {\n var e = Math.min(i + 2655, l);\n for (; i < e; ++i)\n m += n += d[i];\n n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16);\n }\n a = n, b = m;\n },\n d: function () {\n a %= 65521, b %= 65521;\n return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8);\n }\n };\n};\n;\n// deflate with opts\nvar dopt = function (dat, opt, pre, post, st) {\n return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st);\n};\n// Walmart object spread\nvar mrg = function (a, b) {\n var o = {};\n for (var k in a)\n o[k] = a[k];\n for (var k in b)\n o[k] = b[k];\n return o;\n};\n// worker clone\n// This is possibly the craziest part of the entire codebase, despite how simple it may seem.\n// The only parameter to this function is a closure that returns an array of variables outside of the function scope.\n// We're going to try to figure out the variable names used in the closure as strings because that is crucial for workerization.\n// We will return an object mapping of true variable name to value (basically, the current scope as a JS object).\n// The reason we can't just use the original variable names is minifiers mangling the toplevel scope.\n// This took me three weeks to figure out how to do.\nvar wcln = function (fn, fnStr, td) {\n var dt = fn();\n var st = fn.toString();\n var ks = st.slice(st.indexOf('[') + 1, st.lastIndexOf(']')).replace(/\\s+/g, '').split(',');\n for (var i = 0; i < dt.length; ++i) {\n var v = dt[i], k = ks[i];\n if (typeof v == 'function') {\n fnStr += ';' + k + '=';\n var st_1 = v.toString();\n if (v.prototype) {\n // for global objects\n if (st_1.indexOf('[native code]') != -1) {\n var spInd = st_1.indexOf(' ', 8) + 1;\n fnStr += st_1.slice(spInd, st_1.indexOf('(', spInd));\n }\n else {\n fnStr += st_1;\n for (var t in v.prototype)\n fnStr += ';' + k + '.prototype.' + t + '=' + v.prototype[t].toString();\n }\n }\n else\n fnStr += st_1;\n }\n else\n td[k] = v;\n }\n return [fnStr, td];\n};\nvar ch = [];\n// clone bufs\nvar cbfs = function (v) {\n var tl = [];\n for (var k in v) {\n if (v[k].buffer) {\n tl.push((v[k] = new v[k].constructor(v[k])).buffer);\n }\n }\n return tl;\n};\n// use a worker to execute code\nvar wrkr = function (fns, init, id, cb) {\n var _a;\n if (!ch[id]) {\n var fnStr = '', td_1 = {}, m = fns.length - 1;\n for (var i = 0; i < m; ++i)\n _a = wcln(fns[i], fnStr, td_1), fnStr = _a[0], td_1 = _a[1];\n ch[id] = wcln(fns[m], fnStr, td_1);\n }\n var td = mrg({}, ch[id][1]);\n return wk(ch[id][0] + ';onmessage=function(e){for(var k in e.data)self[k]=e.data[k];onmessage=' + init.toString() + '}', id, td, cbfs(td), cb);\n};\n// base async inflate fn\nvar bInflt = function () { return [u8, u16, u32, fleb, fdeb, clim, fl, fd, flrm, fdrm, rev, ec, hMap, max, bits, bits16, shft, slc, err, inflt, inflateSync, pbf, gu8]; };\nvar bDflt = function () { return [u8, u16, u32, fleb, fdeb, clim, revfl, revfd, flm, flt, fdm, fdt, rev, deo, et, hMap, wbits, wbits16, hTree, ln, lc, clen, wfblk, wblk, shft, slc, dflt, dopt, deflateSync, pbf]; };\n// gzip extra\nvar gze = function () { return [gzh, gzhl, wbytes, crc, crct]; };\n// gunzip extra\nvar guze = function () { return [gzs, gzl]; };\n// zlib extra\nvar zle = function () { return [zlh, wbytes, adler]; };\n// unzlib extra\nvar zule = function () { return [zlv]; };\n// post buf\nvar pbf = function (msg) { return postMessage(msg, [msg.buffer]); };\n// get u8\nvar gu8 = function (o) { return o && o.size && new u8(o.size); };\n// async helper\nvar cbify = function (dat, opts, fns, init, id, cb) {\n var w = wrkr(fns, init, id, function (err, dat) {\n w.terminate();\n cb(err, dat);\n });\n w.postMessage([dat, opts], opts.consume ? [dat.buffer] : []);\n return function () { w.terminate(); };\n};\n// auto stream\nvar astrm = function (strm) {\n strm.ondata = function (dat, final) { return postMessage([dat, final], [dat.buffer]); };\n return function (ev) { return strm.push(ev.data[0], ev.data[1]); };\n};\n// async stream attach\nvar astrmify = function (fns, strm, opts, init, id) {\n var t;\n var w = wrkr(fns, init, id, function (err, dat) {\n if (err)\n w.terminate(), strm.ondata.call(strm, err);\n else {\n if (dat[1])\n w.terminate();\n strm.ondata.call(strm, err, dat[0], dat[1]);\n }\n });\n w.postMessage(opts);\n strm.push = function (d, f) {\n if (!strm.ondata)\n err(5);\n if (t)\n strm.ondata(err(4, 0, 1), null, !!f);\n w.postMessage([d, t = f], [d.buffer]);\n };\n strm.terminate = function () { w.terminate(); };\n};\n// read 2 bytes\nvar b2 = function (d, b) { return d[b] | (d[b + 1] << 8); };\n// read 4 bytes\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\nvar b8 = function (d, b) { return b4(d, b) + (b4(d, b + 4) * 4294967296); };\n// write bytes\nvar wbytes = function (d, b, v) {\n for (; v; ++b)\n d[b] = v, v >>>= 8;\n};\n// gzip header\nvar gzh = function (c, o) {\n var fn = o.filename;\n c[0] = 31, c[1] = 139, c[2] = 8, c[8] = o.level < 2 ? 4 : o.level == 9 ? 2 : 0, c[9] = 3; // assume Unix\n if (o.mtime != 0)\n wbytes(c, 4, Math.floor(new Date(o.mtime || Date.now()) / 1000));\n if (fn) {\n c[3] = 8;\n for (var i = 0; i <= fn.length; ++i)\n c[i + 10] = fn.charCodeAt(i);\n }\n};\n// gzip footer: -8 to -4 = CRC, -4 to -0 is length\n// gzip start\nvar gzs = function (d) {\n if (d[0] != 31 || d[1] != 139 || d[2] != 8)\n err(6, 'invalid gzip data');\n var flg = d[3];\n var st = 10;\n if (flg & 4)\n st += d[10] | (d[11] << 8) + 2;\n for (var zs = (flg >> 3 & 1) + (flg >> 4 & 1); zs > 0; zs -= !d[st++])\n ;\n return st + (flg & 2);\n};\n// gzip length\nvar gzl = function (d) {\n var l = d.length;\n return ((d[l - 4] | d[l - 3] << 8 | d[l - 2] << 16) | (d[l - 1] << 24)) >>> 0;\n};\n// gzip header length\nvar gzhl = function (o) { return 10 + ((o.filename && (o.filename.length + 1)) || 0); };\n// zlib header\nvar zlh = function (c, o) {\n var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2;\n c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1);\n};\n// zlib valid\nvar zlv = function (d) {\n if ((d[0] & 15) != 8 || (d[0] >>> 4) > 7 || ((d[0] << 8 | d[1]) % 31))\n err(6, 'invalid zlib data');\n if (d[1] & 32)\n err(6, 'invalid zlib data: preset dictionaries not supported');\n};\nfunction AsyncCmpStrm(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n return opts;\n}\n// zlib footer: -4 to -0 is Adler32\n/**\n * Streaming DEFLATE compression\n */\nvar Deflate = /*#__PURE__*/ (function () {\n function Deflate(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n this.o = opts || {};\n }\n Deflate.prototype.p = function (c, f) {\n this.ondata(dopt(c, this.o, 0, 0, !f), f);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Deflate.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.d = final;\n this.p(chunk, final || false);\n };\n return Deflate;\n}());\nexport { Deflate };\n/**\n * Asynchronous streaming DEFLATE compression\n */\nvar AsyncDeflate = /*#__PURE__*/ (function () {\n function AsyncDeflate(opts, cb) {\n astrmify([\n bDflt,\n function () { return [astrm, Deflate]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Deflate(ev.data);\n onmessage = astrm(strm);\n }, 6);\n }\n return AsyncDeflate;\n}());\nexport { AsyncDeflate };\nexport function deflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n ], function (ev) { return pbf(deflateSync(ev.data[0], ev.data[1])); }, 0, cb);\n}\n/**\n * Compresses data with DEFLATE without any wrapper\n * @param data The data to compress\n * @param opts The compression options\n * @returns The deflated version of the data\n */\nexport function deflateSync(data, opts) {\n return dopt(data, opts || {}, 0, 0);\n}\n/**\n * Streaming DEFLATE decompression\n */\nvar Inflate = /*#__PURE__*/ (function () {\n /**\n * Creates an inflation stream\n * @param cb The callback to call whenever data is inflated\n */\n function Inflate(cb) {\n this.s = {};\n this.p = new u8(0);\n this.ondata = cb;\n }\n Inflate.prototype.e = function (c) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n var l = this.p.length;\n var n = new u8(l + c.length);\n n.set(this.p), n.set(c, l), this.p = n;\n };\n Inflate.prototype.c = function (final) {\n this.d = this.s.i = final || false;\n var bts = this.s.b;\n var dt = inflt(this.p, this.o, this.s);\n this.ondata(slc(dt, bts, this.s.b), this.d);\n this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length;\n this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7;\n };\n /**\n * Pushes a chunk to be inflated\n * @param chunk The chunk to push\n * @param final Whether this is the final chunk\n */\n Inflate.prototype.push = function (chunk, final) {\n this.e(chunk), this.c(final);\n };\n return Inflate;\n}());\nexport { Inflate };\n/**\n * Asynchronous streaming DEFLATE decompression\n */\nvar AsyncInflate = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous inflation stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncInflate(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n function () { return [astrm, Inflate]; }\n ], this, 0, function () {\n var strm = new Inflate();\n onmessage = astrm(strm);\n }, 7);\n }\n return AsyncInflate;\n}());\nexport { AsyncInflate };\nexport function inflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt\n ], function (ev) { return pbf(inflateSync(ev.data[0], gu8(ev.data[1]))); }, 1, cb);\n}\n/**\n * Expands DEFLATE data with no wrapper\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function inflateSync(data, out) {\n return inflt(data, out);\n}\n// before you yell at me for not just using extends, my reason is that TS inheritance is hard to workerize.\n/**\n * Streaming GZIP compression\n */\nvar Gzip = /*#__PURE__*/ (function () {\n function Gzip(opts, cb) {\n this.c = crc();\n this.l = 0;\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be GZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gzip.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Gzip.prototype.p = function (c, f) {\n this.c.p(c);\n this.l += c.length;\n var raw = dopt(c, this.o, this.v && gzhl(this.o), f && 8, !f);\n if (this.v)\n gzh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 8, this.c.d()), wbytes(raw, raw.length - 4, this.l);\n this.ondata(raw, f);\n };\n return Gzip;\n}());\nexport { Gzip };\n/**\n * Asynchronous streaming GZIP compression\n */\nvar AsyncGzip = /*#__PURE__*/ (function () {\n function AsyncGzip(opts, cb) {\n astrmify([\n bDflt,\n gze,\n function () { return [astrm, Deflate, Gzip]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Gzip(ev.data);\n onmessage = astrm(strm);\n }, 8);\n }\n return AsyncGzip;\n}());\nexport { AsyncGzip };\nexport function gzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n gze,\n function () { return [gzipSync]; }\n ], function (ev) { return pbf(gzipSync(ev.data[0], ev.data[1])); }, 2, cb);\n}\n/**\n * Compresses data with GZIP\n * @param data The data to compress\n * @param opts The compression options\n * @returns The gzipped version of the data\n */\nexport function gzipSync(data, opts) {\n if (!opts)\n opts = {};\n var c = crc(), l = data.length;\n c.p(data);\n var d = dopt(data, opts, gzhl(opts), 8), s = d.length;\n return gzh(d, opts), wbytes(d, s - 8, c.d()), wbytes(d, s - 4, l), d;\n}\n/**\n * Streaming GZIP decompression\n */\nvar Gunzip = /*#__PURE__*/ (function () {\n /**\n * Creates a GUNZIP stream\n * @param cb The callback to call whenever data is inflated\n */\n function Gunzip(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be GUNZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gunzip.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n var s = this.p.length > 3 ? gzs(this.p) : 4;\n if (s >= this.p.length && !final)\n return;\n this.p = this.p.subarray(s), this.v = 0;\n }\n if (final) {\n if (this.p.length < 8)\n err(6, 'invalid gzip data');\n this.p = this.p.subarray(0, -8);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Gunzip;\n}());\nexport { Gunzip };\n/**\n * Asynchronous streaming GZIP decompression\n */\nvar AsyncGunzip = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous GUNZIP stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncGunzip(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n guze,\n function () { return [astrm, Inflate, Gunzip]; }\n ], this, 0, function () {\n var strm = new Gunzip();\n onmessage = astrm(strm);\n }, 9);\n }\n return AsyncGunzip;\n}());\nexport { AsyncGunzip };\nexport function gunzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n guze,\n function () { return [gunzipSync]; }\n ], function (ev) { return pbf(gunzipSync(ev.data[0])); }, 3, cb);\n}\n/**\n * Expands GZIP data\n * @param data The data to decompress\n * @param out Where to write the data. GZIP already encodes the output size, so providing this doesn't save memory.\n * @returns The decompressed version of the data\n */\nexport function gunzipSync(data, out) {\n return inflt(data.subarray(gzs(data), -8), out || new u8(gzl(data)));\n}\n/**\n * Streaming Zlib compression\n */\nvar Zlib = /*#__PURE__*/ (function () {\n function Zlib(opts, cb) {\n this.c = adler();\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be zlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Zlib.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Zlib.prototype.p = function (c, f) {\n this.c.p(c);\n var raw = dopt(c, this.o, this.v && 2, f && 4, !f);\n if (this.v)\n zlh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 4, this.c.d());\n this.ondata(raw, f);\n };\n return Zlib;\n}());\nexport { Zlib };\n/**\n * Asynchronous streaming Zlib compression\n */\nvar AsyncZlib = /*#__PURE__*/ (function () {\n function AsyncZlib(opts, cb) {\n astrmify([\n bDflt,\n zle,\n function () { return [astrm, Deflate, Zlib]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Zlib(ev.data);\n onmessage = astrm(strm);\n }, 10);\n }\n return AsyncZlib;\n}());\nexport { AsyncZlib };\nexport function zlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n zle,\n function () { return [zlibSync]; }\n ], function (ev) { return pbf(zlibSync(ev.data[0], ev.data[1])); }, 4, cb);\n}\n/**\n * Compress data with Zlib\n * @param data The data to compress\n * @param opts The compression options\n * @returns The zlib-compressed version of the data\n */\nexport function zlibSync(data, opts) {\n if (!opts)\n opts = {};\n var a = adler();\n a.p(data);\n var d = dopt(data, opts, 2, 4);\n return zlh(d, opts), wbytes(d, d.length - 4, a.d()), d;\n}\n/**\n * Streaming Zlib decompression\n */\nvar Unzlib = /*#__PURE__*/ (function () {\n /**\n * Creates a Zlib decompression stream\n * @param cb The callback to call whenever data is inflated\n */\n function Unzlib(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be unzlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzlib.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n if (this.p.length < 2 && !final)\n return;\n this.p = this.p.subarray(2), this.v = 0;\n }\n if (final) {\n if (this.p.length < 4)\n err(6, 'invalid zlib data');\n this.p = this.p.subarray(0, -4);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Unzlib;\n}());\nexport { Unzlib };\n/**\n * Asynchronous streaming Zlib decompression\n */\nvar AsyncUnzlib = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous Zlib decompression stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncUnzlib(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n zule,\n function () { return [astrm, Inflate, Unzlib]; }\n ], this, 0, function () {\n var strm = new Unzlib();\n onmessage = astrm(strm);\n }, 11);\n }\n return AsyncUnzlib;\n}());\nexport { AsyncUnzlib };\nexport function unzlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n zule,\n function () { return [unzlibSync]; }\n ], function (ev) { return pbf(unzlibSync(ev.data[0], gu8(ev.data[1]))); }, 5, cb);\n}\n/**\n * Expands Zlib data\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function unzlibSync(data, out) {\n return inflt((zlv(data), data.subarray(2, -4)), out);\n}\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzip as compress, AsyncGzip as AsyncCompress };\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzipSync as compressSync, Gzip as Compress };\n/**\n * Streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function Decompress(cb) {\n this.G = Gunzip;\n this.I = Inflate;\n this.Z = Unzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Decompress.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (!this.s) {\n if (this.p && this.p.length) {\n var n = new u8(this.p.length + chunk.length);\n n.set(this.p), n.set(chunk, this.p.length);\n }\n else\n this.p = chunk;\n if (this.p.length > 2) {\n var _this_1 = this;\n var cb = function () { _this_1.ondata.apply(_this_1, arguments); };\n this.s = (this.p[0] == 31 && this.p[1] == 139 && this.p[2] == 8)\n ? new this.G(cb)\n : ((this.p[0] & 15) != 8 || (this.p[0] >> 4) > 7 || ((this.p[0] << 8 | this.p[1]) % 31))\n ? new this.I(cb)\n : new this.Z(cb);\n this.s.push(this.p, final);\n this.p = null;\n }\n }\n else\n this.s.push(chunk, final);\n };\n return Decompress;\n}());\nexport { Decompress };\n/**\n * Asynchronous streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar AsyncDecompress = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function AsyncDecompress(cb) {\n this.G = AsyncGunzip;\n this.I = AsyncInflate;\n this.Z = AsyncUnzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncDecompress.prototype.push = function (chunk, final) {\n Decompress.prototype.push.call(this, chunk, final);\n };\n return AsyncDecompress;\n}());\nexport { AsyncDecompress };\nexport function decompress(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzip(data, opts, cb)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflate(data, opts, cb)\n : unzlib(data, opts, cb);\n}\n/**\n * Expands compressed GZIP, Zlib, or raw DEFLATE data, automatically detecting the format\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function decompressSync(data, out) {\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzipSync(data, out)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflateSync(data, out)\n : unzlibSync(data, out);\n}\n// flatten a directory structure\nvar fltn = function (d, p, t, o) {\n for (var k in d) {\n var val = d[k], n = p + k, op = o;\n if (Array.isArray(val))\n op = mrg(o, val[1]), val = val[0];\n if (val instanceof u8)\n t[n] = [val, op];\n else {\n t[n += '/'] = [new u8(0), op];\n fltn(val, n, t, o);\n }\n }\n};\n// text encoder\nvar te = typeof TextEncoder != 'undefined' && /*#__PURE__*/ new TextEncoder();\n// text decoder\nvar td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder();\n// text decoder stream\nvar tds = 0;\ntry {\n td.decode(et, { stream: true });\n tds = 1;\n}\ncatch (e) { }\n// decode UTF8\nvar dutf8 = function (d) {\n for (var r = '', i = 0;;) {\n var c = d[i++];\n var eb = (c > 127) + (c > 223) + (c > 239);\n if (i + eb > d.length)\n return [r, slc(d, i - 1)];\n if (!eb)\n r += String.fromCharCode(c);\n else if (eb == 3) {\n c = ((c & 15) << 18 | (d[i++] & 63) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63)) - 65536,\n r += String.fromCharCode(55296 | (c >> 10), 56320 | (c & 1023));\n }\n else if (eb & 1)\n r += String.fromCharCode((c & 31) << 6 | (d[i++] & 63));\n else\n r += String.fromCharCode((c & 15) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63));\n }\n};\n/**\n * Streaming UTF-8 decoding\n */\nvar DecodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is decoded\n */\n function DecodeUTF8(cb) {\n this.ondata = cb;\n if (tds)\n this.t = new TextDecoder();\n else\n this.p = et;\n }\n /**\n * Pushes a chunk to be decoded from UTF-8 binary\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n DecodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n final = !!final;\n if (this.t) {\n this.ondata(this.t.decode(chunk, { stream: true }), final);\n if (final) {\n if (this.t.decode().length)\n err(8);\n this.t = null;\n }\n return;\n }\n if (!this.p)\n err(4);\n var dat = new u8(this.p.length + chunk.length);\n dat.set(this.p);\n dat.set(chunk, this.p.length);\n var _a = dutf8(dat), ch = _a[0], np = _a[1];\n if (final) {\n if (np.length)\n err(8);\n this.p = null;\n }\n else\n this.p = np;\n this.ondata(ch, final);\n };\n return DecodeUTF8;\n}());\nexport { DecodeUTF8 };\n/**\n * Streaming UTF-8 encoding\n */\nvar EncodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is encoded\n */\n function EncodeUTF8(cb) {\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be encoded to UTF-8\n * @param chunk The string data to push\n * @param final Whether this is the last chunk\n */\n EncodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.ondata(strToU8(chunk), this.d = final || false);\n };\n return EncodeUTF8;\n}());\nexport { EncodeUTF8 };\n/**\n * Converts a string into a Uint8Array for use with compression/decompression methods\n * @param str The string to encode\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless decoding a binary string.\n * @returns The string encoded in UTF-8/Latin-1 binary\n */\nexport function strToU8(str, latin1) {\n if (latin1) {\n var ar_1 = new u8(str.length);\n for (var i = 0; i < str.length; ++i)\n ar_1[i] = str.charCodeAt(i);\n return ar_1;\n }\n if (te)\n return te.encode(str);\n var l = str.length;\n var ar = new u8(str.length + (str.length >> 1));\n var ai = 0;\n var w = function (v) { ar[ai++] = v; };\n for (var i = 0; i < l; ++i) {\n if (ai + 5 > ar.length) {\n var n = new u8(ai + 8 + ((l - i) << 1));\n n.set(ar);\n ar = n;\n }\n var c = str.charCodeAt(i);\n if (c < 128 || latin1)\n w(c);\n else if (c < 2048)\n w(192 | (c >> 6)), w(128 | (c & 63));\n else if (c > 55295 && c < 57344)\n c = 65536 + (c & 1023 << 10) | (str.charCodeAt(++i) & 1023),\n w(240 | (c >> 18)), w(128 | ((c >> 12) & 63)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n else\n w(224 | (c >> 12)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n }\n return slc(ar, 0, ai);\n}\n/**\n * Converts a Uint8Array to a string\n * @param dat The data to decode to string\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless encoding to binary string.\n * @returns The original UTF-8/Latin-1 string\n */\nexport function strFromU8(dat, latin1) {\n if (latin1) {\n var r = '';\n for (var i = 0; i < dat.length; i += 16384)\n r += String.fromCharCode.apply(null, dat.subarray(i, i + 16384));\n return r;\n }\n else if (td)\n return td.decode(dat);\n else {\n var _a = dutf8(dat), out = _a[0], ext = _a[1];\n if (ext.length)\n err(8);\n return out;\n }\n}\n;\n// deflate bit flag\nvar dbf = function (l) { return l == 1 ? 3 : l < 6 ? 2 : l == 9 ? 1 : 0; };\n// skip local zip header\nvar slzh = function (d, b) { return b + 30 + b2(d, b + 26) + b2(d, b + 28); };\n// read zip header\nvar zh = function (d, b, z) {\n var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);\n var _a = z && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a[0], su = _a[1], off = _a[2];\n return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];\n};\n// read zip64 extra field\nvar z64e = function (d, b) {\n for (; b2(d, b) != 1; b += 4 + b2(d, b + 2))\n ;\n return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];\n};\n// extra field length\nvar exfl = function (ex) {\n var le = 0;\n if (ex) {\n for (var k in ex) {\n var l = ex[k].length;\n if (l > 65535)\n err(9);\n le += l + 4;\n }\n }\n return le;\n};\n// write zip header\nvar wzh = function (d, b, f, fn, u, c, ce, co) {\n var fl = fn.length, ex = f.extra, col = co && co.length;\n var exl = exfl(ex);\n wbytes(d, b, ce != null ? 0x2014B50 : 0x4034B50), b += 4;\n if (ce != null)\n d[b++] = 20, d[b++] = f.os;\n d[b] = 20, b += 2; // spec compliance? what's that?\n d[b++] = (f.flag << 1) | (c < 0 && 8), d[b++] = u && 8;\n d[b++] = f.compression & 255, d[b++] = f.compression >> 8;\n var dt = new Date(f.mtime == null ? Date.now() : f.mtime), y = dt.getFullYear() - 1980;\n if (y < 0 || y > 119)\n err(10);\n wbytes(d, b, (y << 25) | ((dt.getMonth() + 1) << 21) | (dt.getDate() << 16) | (dt.getHours() << 11) | (dt.getMinutes() << 5) | (dt.getSeconds() >>> 1)), b += 4;\n if (c != -1) {\n wbytes(d, b, f.crc);\n wbytes(d, b + 4, c < 0 ? -c - 2 : c);\n wbytes(d, b + 8, f.size);\n }\n wbytes(d, b + 12, fl);\n wbytes(d, b + 14, exl), b += 16;\n if (ce != null) {\n wbytes(d, b, col);\n wbytes(d, b + 6, f.attrs);\n wbytes(d, b + 10, ce), b += 14;\n }\n d.set(fn, b);\n b += fl;\n if (exl) {\n for (var k in ex) {\n var exf = ex[k], l = exf.length;\n wbytes(d, b, +k);\n wbytes(d, b + 2, l);\n d.set(exf, b + 4), b += 4 + l;\n }\n }\n if (col)\n d.set(co, b), b += col;\n return b;\n};\n// write zip footer (end of central directory)\nvar wzf = function (o, b, c, d, e) {\n wbytes(o, b, 0x6054B50); // skip disk\n wbytes(o, b + 8, c);\n wbytes(o, b + 10, c);\n wbytes(o, b + 12, d);\n wbytes(o, b + 16, e);\n};\n/**\n * A pass-through stream to keep data uncompressed in a ZIP archive.\n */\nvar ZipPassThrough = /*#__PURE__*/ (function () {\n /**\n * Creates a pass-through stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n */\n function ZipPassThrough(filename) {\n this.filename = filename;\n this.c = crc();\n this.size = 0;\n this.compression = 0;\n }\n /**\n * Processes a chunk and pushes to the output stream. You can override this\n * method in a subclass for custom behavior, but by default this passes\n * the data through. You must call this.ondata(err, chunk, final) at some\n * point in this method.\n * @param chunk The chunk to process\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.process = function (chunk, final) {\n this.ondata(null, chunk, final);\n };\n /**\n * Pushes a chunk to be added. If you are subclassing this with a custom\n * compression algorithm, note that you must push data from the source\n * file only, pre-compression.\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n this.c.p(chunk);\n this.size += chunk.length;\n if (final)\n this.crc = this.c.d();\n this.process(chunk, final || false);\n };\n return ZipPassThrough;\n}());\nexport { ZipPassThrough };\n// I don't extend because TypeScript extension adds 1kB of runtime bloat\n/**\n * Streaming DEFLATE compression for ZIP archives. Prefer using AsyncZipDeflate\n * for better performance\n */\nvar ZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function ZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new Deflate(opts, function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n }\n ZipDeflate.prototype.process = function (chunk, final) {\n try {\n this.d.push(chunk, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return ZipDeflate;\n}());\nexport { ZipDeflate };\n/**\n * Asynchronous streaming DEFLATE compression for ZIP archives\n */\nvar AsyncZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function AsyncZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new AsyncDeflate(opts, function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n this.terminate = this.d.terminate;\n }\n AsyncZipDeflate.prototype.process = function (chunk, final) {\n this.d.push(chunk, final);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return AsyncZipDeflate;\n}());\nexport { AsyncZipDeflate };\n// TODO: Better tree shaking\n/**\n * A zippable archive to which files can incrementally be added\n */\nvar Zip = /*#__PURE__*/ (function () {\n /**\n * Creates an empty ZIP archive to which files can be added\n * @param cb The callback to call whenever data for the generated ZIP archive\n * is available\n */\n function Zip(cb) {\n this.ondata = cb;\n this.u = [];\n this.d = 1;\n }\n /**\n * Adds a file to the ZIP archive\n * @param file The file stream to add\n */\n Zip.prototype.add = function (file) {\n var _this_1 = this;\n if (!this.ondata)\n err(5);\n // finishing or finished\n if (this.d & 2)\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, false);\n else {\n var f = strToU8(file.filename), fl_1 = f.length;\n var com = file.comment, o = com && strToU8(com);\n var u = fl_1 != file.filename.length || (o && (com.length != o.length));\n var hl_1 = fl_1 + exfl(file.extra) + 30;\n if (fl_1 > 65535)\n this.ondata(err(11, 0, 1), null, false);\n var header = new u8(hl_1);\n wzh(header, 0, file, f, u, -1);\n var chks_1 = [header];\n var pAll_1 = function () {\n for (var _i = 0, chks_2 = chks_1; _i < chks_2.length; _i++) {\n var chk = chks_2[_i];\n _this_1.ondata(null, chk, false);\n }\n chks_1 = [];\n };\n var tr_1 = this.d;\n this.d = 0;\n var ind_1 = this.u.length;\n var uf_1 = mrg(file, {\n f: f,\n u: u,\n o: o,\n t: function () {\n if (file.terminate)\n file.terminate();\n },\n r: function () {\n pAll_1();\n if (tr_1) {\n var nxt = _this_1.u[ind_1 + 1];\n if (nxt)\n nxt.r();\n else\n _this_1.d = 1;\n }\n tr_1 = 1;\n }\n });\n var cl_1 = 0;\n file.ondata = function (err, dat, final) {\n if (err) {\n _this_1.ondata(err, dat, final);\n _this_1.terminate();\n }\n else {\n cl_1 += dat.length;\n chks_1.push(dat);\n if (final) {\n var dd = new u8(16);\n wbytes(dd, 0, 0x8074B50);\n wbytes(dd, 4, file.crc);\n wbytes(dd, 8, cl_1);\n wbytes(dd, 12, file.size);\n chks_1.push(dd);\n uf_1.c = cl_1, uf_1.b = hl_1 + cl_1 + 16, uf_1.crc = file.crc, uf_1.size = file.size;\n if (tr_1)\n uf_1.r();\n tr_1 = 1;\n }\n else if (tr_1)\n pAll_1();\n }\n };\n this.u.push(uf_1);\n }\n };\n /**\n * Ends the process of adding files and prepares to emit the final chunks.\n * This *must* be called after adding all desired files for the resulting\n * ZIP file to work properly.\n */\n Zip.prototype.end = function () {\n var _this_1 = this;\n if (this.d & 2) {\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, true);\n return;\n }\n if (this.d)\n this.e();\n else\n this.u.push({\n r: function () {\n if (!(_this_1.d & 1))\n return;\n _this_1.u.splice(-1, 1);\n _this_1.e();\n },\n t: function () { }\n });\n this.d = 3;\n };\n Zip.prototype.e = function () {\n var bt = 0, l = 0, tl = 0;\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n tl += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0);\n }\n var out = new u8(tl + 22);\n for (var _b = 0, _c = this.u; _b < _c.length; _b++) {\n var f = _c[_b];\n wzh(out, bt, f, f.f, f.u, -f.c - 2, l, f.o);\n bt += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0), l += f.b;\n }\n wzf(out, bt, this.u.length, tl, l);\n this.ondata(null, out, true);\n this.d = 2;\n };\n /**\n * A method to terminate any internal workers used by the stream. Subsequent\n * calls to add() will fail.\n */\n Zip.prototype.terminate = function () {\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n f.t();\n }\n this.d = 2;\n };\n return Zip;\n}());\nexport { Zip };\nexport function zip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var r = {};\n fltn(data, '', r, opts);\n var k = Object.keys(r);\n var lft = k.length, o = 0, tot = 0;\n var slft = lft, files = new Array(lft);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var cbf = function () {\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n tot = 0;\n for (var i = 0; i < slft; ++i) {\n var f = files[i];\n try {\n var l = f.c.length;\n wzh(out, tot, f, f.f, f.u, l);\n var badd = 30 + f.f.length + exfl(f.extra);\n var loc = tot + badd;\n out.set(f.c, loc);\n wzh(out, o, f, f.f, f.u, l, tot, f.m), o += 16 + badd + (f.m ? f.m.length : 0), tot = loc + l;\n }\n catch (e) {\n return cbd(e, null);\n }\n }\n wzf(out, o, files.length, cdl, oe);\n cbd(null, out);\n };\n if (!lft)\n cbf();\n var _loop_1 = function (i) {\n var fn = k[i];\n var _a = r[fn], file = _a[0], p = _a[1];\n var c = crc(), size = file.length;\n c.p(file);\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n var compression = p.level == 0 ? 0 : 8;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n var l = d.length;\n files[i] = mrg(p, {\n size: size,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n compression: compression\n });\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n if (!--lft)\n cbf();\n }\n };\n if (s > 65535)\n cbl(err(11, 0, 1), null);\n if (!compression)\n cbl(null, file);\n else if (size < 160000) {\n try {\n cbl(null, deflateSync(file, p));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(deflate(file, p, cbl));\n };\n // Cannot use lft because it can decrease\n for (var i = 0; i < slft; ++i) {\n _loop_1(i);\n }\n return tAll;\n}\n/**\n * Synchronously creates a ZIP file. Prefer using `zip` for better performance\n * with more than one file.\n * @param data The directory structure for the ZIP archive\n * @param opts The main options, merged with per-file options\n * @returns The generated ZIP archive\n */\nexport function zipSync(data, opts) {\n if (!opts)\n opts = {};\n var r = {};\n var files = [];\n fltn(data, '', r, opts);\n var o = 0;\n var tot = 0;\n for (var fn in r) {\n var _a = r[fn], file = _a[0], p = _a[1];\n var compression = p.level == 0 ? 0 : 8;\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n if (s > 65535)\n err(11);\n var d = compression ? deflateSync(file, p) : file, l = d.length;\n var c = crc();\n c.p(file);\n files.push(mrg(p, {\n size: file.length,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n o: o,\n compression: compression\n }));\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n }\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n for (var i = 0; i < files.length; ++i) {\n var f = files[i];\n wzh(out, f.o, f, f.f, f.u, f.c.length);\n var badd = 30 + f.f.length + exfl(f.extra);\n out.set(f.c, f.o + badd);\n wzh(out, o, f, f.f, f.u, f.c.length, f.o, f.m), o += 16 + badd + (f.m ? f.m.length : 0);\n }\n wzf(out, o, files.length, cdl, oe);\n return out;\n}\n/**\n * Streaming pass-through decompression for ZIP archives\n */\nvar UnzipPassThrough = /*#__PURE__*/ (function () {\n function UnzipPassThrough() {\n }\n UnzipPassThrough.prototype.push = function (data, final) {\n this.ondata(null, data, final);\n };\n UnzipPassThrough.compression = 0;\n return UnzipPassThrough;\n}());\nexport { UnzipPassThrough };\n/**\n * Streaming DEFLATE decompression for ZIP archives. Prefer AsyncZipInflate for\n * better performance.\n */\nvar UnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function UnzipInflate() {\n var _this_1 = this;\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n UnzipInflate.prototype.push = function (data, final) {\n try {\n this.i.push(data, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n UnzipInflate.compression = 8;\n return UnzipInflate;\n}());\nexport { UnzipInflate };\n/**\n * Asynchronous streaming DEFLATE decompression for ZIP archives\n */\nvar AsyncUnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function AsyncUnzipInflate(_, sz) {\n var _this_1 = this;\n if (sz < 320000) {\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n else {\n this.i = new AsyncInflate(function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.terminate = this.i.terminate;\n }\n }\n AsyncUnzipInflate.prototype.push = function (data, final) {\n if (this.i.terminate)\n data = slc(data, 0);\n this.i.push(data, final);\n };\n AsyncUnzipInflate.compression = 8;\n return AsyncUnzipInflate;\n}());\nexport { AsyncUnzipInflate };\n/**\n * A ZIP archive decompression stream that emits files as they are discovered\n */\nvar Unzip = /*#__PURE__*/ (function () {\n /**\n * Creates a ZIP decompression stream\n * @param cb The callback to call whenever a file in the ZIP archive is found\n */\n function Unzip(cb) {\n this.onfile = cb;\n this.k = [];\n this.o = {\n 0: UnzipPassThrough\n };\n this.p = et;\n }\n /**\n * Pushes a chunk to be unzipped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzip.prototype.push = function (chunk, final) {\n var _this_1 = this;\n if (!this.onfile)\n err(5);\n if (!this.p)\n err(4);\n if (this.c > 0) {\n var len = Math.min(this.c, chunk.length);\n var toAdd = chunk.subarray(0, len);\n this.c -= len;\n if (this.d)\n this.d.push(toAdd, !this.c);\n else\n this.k[0].push(toAdd);\n chunk = chunk.subarray(len);\n if (chunk.length)\n return this.push(chunk, final);\n }\n else {\n var f = 0, i = 0, is = void 0, buf = void 0;\n if (!this.p.length)\n buf = chunk;\n else if (!chunk.length)\n buf = this.p;\n else {\n buf = new u8(this.p.length + chunk.length);\n buf.set(this.p), buf.set(chunk, this.p.length);\n }\n var l = buf.length, oc = this.c, add = oc && this.d;\n var _loop_2 = function () {\n var _a;\n var sig = b4(buf, i);\n if (sig == 0x4034B50) {\n f = 1, is = i;\n this_1.d = null;\n this_1.c = 0;\n var bf = b2(buf, i + 6), cmp_1 = b2(buf, i + 8), u = bf & 2048, dd = bf & 8, fnl = b2(buf, i + 26), es = b2(buf, i + 28);\n if (l > i + 30 + fnl + es) {\n var chks_3 = [];\n this_1.k.unshift(chks_3);\n f = 2;\n var sc_1 = b4(buf, i + 18), su_1 = b4(buf, i + 22);\n var fn_1 = strFromU8(buf.subarray(i + 30, i += 30 + fnl), !u);\n if (sc_1 == 4294967295) {\n _a = dd ? [-2] : z64e(buf, i), sc_1 = _a[0], su_1 = _a[1];\n }\n else if (dd)\n sc_1 = -1;\n i += es;\n this_1.c = sc_1;\n var d_1;\n var file_1 = {\n name: fn_1,\n compression: cmp_1,\n start: function () {\n if (!file_1.ondata)\n err(5);\n if (!sc_1)\n file_1.ondata(null, et, true);\n else {\n var ctr = _this_1.o[cmp_1];\n if (!ctr)\n file_1.ondata(err(14, 'unknown compression type ' + cmp_1, 1), null, false);\n d_1 = sc_1 < 0 ? new ctr(fn_1) : new ctr(fn_1, sc_1, su_1);\n d_1.ondata = function (err, dat, final) { file_1.ondata(err, dat, final); };\n for (var _i = 0, chks_4 = chks_3; _i < chks_4.length; _i++) {\n var dat = chks_4[_i];\n d_1.push(dat, false);\n }\n if (_this_1.k[0] == chks_3 && _this_1.c)\n _this_1.d = d_1;\n else\n d_1.push(et, true);\n }\n },\n terminate: function () {\n if (d_1 && d_1.terminate)\n d_1.terminate();\n }\n };\n if (sc_1 >= 0)\n file_1.size = sc_1, file_1.originalSize = su_1;\n this_1.onfile(file_1);\n }\n return \"break\";\n }\n else if (oc) {\n if (sig == 0x8074B50) {\n is = i += 12 + (oc == -2 && 8), f = 3, this_1.c = 0;\n return \"break\";\n }\n else if (sig == 0x2014B50) {\n is = i -= 4, f = 3, this_1.c = 0;\n return \"break\";\n }\n }\n };\n var this_1 = this;\n for (; i < l - 4; ++i) {\n var state_1 = _loop_2();\n if (state_1 === \"break\")\n break;\n }\n this.p = et;\n if (oc < 0) {\n var dat = f ? buf.subarray(0, is - 12 - (oc == -2 && 8) - (b4(buf, is - 16) == 0x8074B50 && 4)) : buf.subarray(0, i);\n if (add)\n add.push(dat, !!f);\n else\n this.k[+(f == 2)].push(dat);\n }\n if (f & 2)\n return this.push(buf.subarray(i), final);\n this.p = buf.subarray(i);\n }\n if (final) {\n if (this.c)\n err(13);\n this.p = null;\n }\n };\n /**\n * Registers a decoder with the stream, allowing for files compressed with\n * the compression type provided to be expanded correctly\n * @param decoder The decoder constructor\n */\n Unzip.prototype.register = function (decoder) {\n this.o[decoder.compression] = decoder;\n };\n return Unzip;\n}());\nexport { Unzip };\nvar mt = typeof queueMicrotask == 'function' ? queueMicrotask : typeof setTimeout == 'function' ? setTimeout : function (fn) { fn(); };\nexport function unzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var files = {};\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558) {\n cbd(err(13, 0, 1), null);\n return tAll;\n }\n }\n ;\n var lft = b2(data, e + 8);\n if (lft) {\n var c = lft;\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = lft = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n var _loop_3 = function (i) {\n var _a = zh(data, o, z), c_1 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n if (d)\n files[fn] = d;\n if (!--lft)\n cbd(null, files);\n }\n };\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_1\n })) {\n if (!c_1)\n cbl(null, slc(data, b, b + sc));\n else if (c_1 == 8) {\n var infl = data.subarray(b, b + sc);\n if (sc < 320000) {\n try {\n cbl(null, inflateSync(infl, new u8(su)));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(inflate(infl, { size: su }, cbl));\n }\n else\n cbl(err(14, 'unknown compression type ' + c_1, 1), null);\n }\n else\n cbl(null, null);\n };\n for (var i = 0; i < c; ++i) {\n _loop_3(i);\n }\n }\n else\n cbd(null, {});\n return tAll;\n}\n/**\n * Synchronously decompresses a ZIP archive. Prefer using `unzip` for better\n * performance with more than one file.\n * @param data The raw compressed ZIP file\n * @param opts The ZIP extraction options\n * @returns The decompressed files\n */\nexport function unzipSync(data, opts) {\n var files = {};\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558)\n err(13);\n }\n ;\n var c = b2(data, e + 8);\n if (!c)\n return {};\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n for (var i = 0; i < c; ++i) {\n var _a = zh(data, o, z), c_2 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_2\n })) {\n if (!c_2)\n files[fn] = slc(data, b, b + sc);\n else if (c_2 == 8)\n files[fn] = inflateSync(data.subarray(b, b + sc), new u8(su));\n else\n err(14, 'unknown compression type ' + c_2);\n }\n }\n return files;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// A salt notation is used to randomize signatures.\n// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks\n// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).\n// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.\n// some chosen-prefix attacks.\n// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.\nconst SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org';\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuerKeyID,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.unknownSubpackets = [];\n this.signedHashValue = null;\n this.salt = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n this.preferredCipherSuites = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes, config = defaultConfig) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n // Only for v6 signatures, a variable-length field containing:\n if (this.version === 6) {\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[i++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(i, i + saltLength);\n i += saltLength;\n }\n\n const signatureMaterial = bytes.subarray(i, bytes.length);\n const { read, signatureParams } = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial);\n if (read < signatureMaterial.length) {\n throw new Error('Error reading MPIs');\n }\n this.params = signatureParams;\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n if (this.version === 6) {\n arr.push(new Uint8Array([this.salt.length]));\n arr.push(this.salt);\n }\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false, config) {\n this.version = key.version;\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n // add randomness to the signature\n if (this.version === 6) {\n const saltLength = saltLengthForHash(this.hashAlgorithm);\n if (this.salt === null) {\n this.salt = crypto.random.getRandomBytes(saltLength);\n } else if (saltLength !== this.salt.length) {\n throw new Error('Provided salt does not have the required length');\n }\n } else if (config.nonDeterministicSignaturesViaNotation) {\n const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME));\n // since re-signing the same object is not supported, it's not expected to have multiple salt notations,\n // but we guard against it as a sanity check\n if (saltNotations.length === 0) {\n const saltValue = crypto.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm));\n this.rawNotations.push({\n name: SALT_NOTATION_NAME,\n value: saltValue,\n humanReadable: false,\n critical: false\n });\n } else {\n throw new Error('Unexpected existing salt notation');\n }\n }\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n if (this.preferredCipherSuites !== null) {\n bytes = new Uint8Array([].concat(...this.preferredCipherSuites));\n arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = this.unhashedSubpackets.map(({ type, critical, body }) => {\n return writeSubPacket(type, critical, body);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n // Signature subpackets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n mypos++;\n\n if (!hashed) {\n this.unhashedSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuerKeyID:\n // Issuer\n if (this.version === 4) {\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n } else if (hashed) {\n // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature,\n // since the Issuer Fingerprint subpacket is to be used instead.\n // The `issuerKeyID` value will be set when reading the issuerFingerprint packet.\n // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it,\n // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed)\n // issuerFingerprint.\n // If the packet is hashed, then we reject the signature, to avoid verifying data different from\n // what was parsed.\n throw new Error('Unexpected Issuer Key ID subpacket');\n }\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion >= 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCipherSuites:\n // Preferred AEAD Cipher Suites\n this.preferredCipherSuites = [];\n for (let i = mypos; i < bytes.length; i += 2) {\n this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);\n }\n break;\n default:\n this.unknownSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n break;\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n const subpacketLengthBytes = this.version === 6 ? 4 : 2;\n\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes));\n\n let i = subpacketLengthBytes;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) {\n // avoid hashing unexpected salt size\n throw new Error('Signature salt does not have the expected length');\n }\n\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.unknownSubpackets.forEach(({ type, critical }) => {\n if (critical) {\n throw new Error(`Unknown critical signature subpacket type ${type}`);\n }\n });\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n\n/**\n * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh.\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5}\n * @param {enums.hash} hashAlgorithm - Hash algorithm.\n * @returns {Integer} Salt length.\n * @private\n */\nfunction saltLengthForHash(hashAlgorithm) {\n switch (hashAlgorithm) {\n case enums.hash.sha256: return 16;\n case enums.hash.sha384: return 24;\n case enums.hash.sha512: return 32;\n case enums.hash.sha224: return 16;\n case enums.hash.sha3_256: return 16;\n case enums.hash.sha3_512: return 32;\n default: throw new Error('Unsupported hash function');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n static fromSignaturePacket(signaturePacket, isLast) {\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.version = signaturePacket.version === 6 ? 6 : 3;\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n onePassSig.salt = signaturePacket.salt; // v6 only\n onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only\n\n onePassSig.flags = isLast ? 1 : 0;\n return onePassSig;\n }\n\n constructor() {\n /** A one-octet version number. The current versions are 3 and 6. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** Only for v6, a variable-length field containing the salt. */\n this.salt = null;\n /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */\n this.issuerFingerprint = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current versions are 3 or 6.\n this.version = bytes[mypos++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n if (this.version === 6) {\n // Only for v6 signatures, a variable-length field containing:\n\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[mypos++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(mypos, mypos + saltLength);\n mypos += saltLength;\n\n // Only for v6 packets, 32 octets of the fingerprint of the signing key.\n this.issuerFingerprint = bytes.subarray(mypos, mypos + 32);\n mypos += 32;\n this.issuerKeyID = new KeyID();\n // For v6 the Key ID is the high-order 64 bits of the fingerprint.\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n // Only for v3 packets, an eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n }\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const arr = [new Uint8Array([\n this.version,\n this.signatureType,\n this.hashAlgorithm,\n this.publicKeyAlgorithm\n ])];\n if (this.version === 6) {\n arr.push(\n new Uint8Array([this.salt.length]),\n this.salt,\n this.issuerFingerprint\n );\n } else {\n arr.push(this.issuerKeyID.write());\n }\n arr.push(new Uint8Array([this.flags]));\n return util.concatUint8Array(arr);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID) ||\n (this.version === 3 && correspondingSig.version === 6) ||\n (this.version === 6 && correspondingSig.version !== 6) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt))\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError,\n UnknownPacketError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence,\n // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored.\n // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical.\n if (e instanceof UnknownPacketError) {\n if (parsed.tag <= 39) {\n await writer.abort(e);\n } else {\n return;\n }\n }\n\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Inflate, Deflate, Zlib, Unzlib } from 'fflate';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write());\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise.\n * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator\n * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor\n * @returns {ReadableStream} compressed or decompressed data\n */\nfunction zlib(compressionStreamInstantiator, ZlibStreamedConstructor) {\n return data => {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(inputData => {\n return new Promise((resolve, reject) => {\n const zlibStream = new ZlibStreamedConstructor();\n zlibStream.ondata = processedData => {\n resolve(processedData);\n };\n try {\n zlibStream.push(inputData, true); // only one chunk to push\n } catch (err) {\n reject(err);\n }\n });\n }));\n }\n\n // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API)\n if (compressionStreamInstantiator) {\n try {\n const compressorOrDecompressor = compressionStreamInstantiator();\n return data.pipeThrough(compressorOrDecompressor);\n } catch (err) {\n // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate.\n if (err.name !== 'TypeError') {\n throw err;\n }\n }\n }\n\n // JS fallback\n const inputReader = data.getReader();\n const zlibStream = new ZlibStreamedConstructor();\n\n return new ReadableStream({\n async start(controller) {\n zlibStream.ondata = async (value, isLast) => {\n controller.enqueue(value);\n if (isLast) {\n controller.close();\n }\n };\n\n while (true) {\n const { done, value } = await inputReader.read();\n if (done) {\n zlibStream.push(new Uint8Array(), true);\n return;\n } else if (value.length) {\n zlibStream.push(value);\n }\n }\n }\n });\n };\n}\n\nfunction bzip2Decompress() {\n return async function(data) {\n const { decode: bunzipDecode } = await import('@openpgp/seek-bzip');\n return stream.fromAsync(async () => bunzipDecode(await stream.readToEnd(data)));\n };\n}\n\n/**\n * Get Compression Stream API instatiators if the constructors are implemented.\n * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported\n * (supported formats cannot be determined in advance).\n * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat\n * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }}\n */\nconst getCompressionStreamInstantiators = compressionFormat => ({\n compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)),\n decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat))\n});\n\nconst compress_fns = {\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib)\n};\n\nconst decompress_fns = {\n uncompressed: data => data,\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib),\n bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n static fromObject({ version, aeadAlgorithm }) {\n if (version !== 1 && version !== 2) {\n throw new Error('Unsupported SEIPD version');\n }\n\n const seip = new SymEncryptedIntegrityProtectedDataPacket();\n seip.version = version;\n if (version === 2) {\n seip.aeadAlgorithm = aeadAlgorithm;\n }\n\n return seip;\n }\n\n constructor() {\n this.version = null;\n\n // The following 4 fields are for V2 only.\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = null;\n this.chunkSizeByte = null;\n this.salt = null;\n\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n this.version = await reader.readByte();\n // - A one-octet version number with value 1 or 2.\n if (this.version !== 1 && this.version !== 2) {\n throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`);\n }\n\n if (this.version === 2) {\n // - A one-octet cipher algorithm.\n this.cipherAlgorithm = await reader.readByte();\n // - A one-octet AEAD algorithm.\n this.aeadAlgorithm = await reader.readByte();\n // - A one-octet chunk size.\n this.chunkSizeByte = await reader.readByte();\n // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique.\n this.salt = await reader.readBytes(32);\n }\n\n // For V1:\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n // For V2:\n // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode.\n // - A final, summary authentication tag for the AEAD mode.\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n if (this.version === 2) {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]);\n }\n return util.concat([new Uint8Array([this.version]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n const { blockSize, keySize } = crypto.getCipherParams(sessionKeyAlgorithm);\n if (key.length !== keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n\n if (this.version === 2) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n this.salt = crypto.random.getRandomBytes(32);\n this.chunkSizeByte = config.aeadChunkSizeByte;\n this.encrypted = await runAEAD(this, 'encrypt', key, bytes);\n } else {\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n }\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n if (key.length !== crypto.getCipherParams(sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n\n let packetbytes;\n if (this.version === 2) {\n if (this.cipherAlgorithm !== sessionKeyAlgorithm) {\n // sanity check\n throw new Error('Unexpected session key algorithm');\n }\n packetbytes = await runAEAD(this, 'decrypt', key, encrypted);\n } else {\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n }\n\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n\n/**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\nexport async function runAEAD(packet, fn, key, data) {\n const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2;\n const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import)\n if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type');\n\n const mode = crypto.getAEADMode(packet.aeadAlgorithm);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0;\n const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP);\n const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n let iv;\n let ivView;\n if (isSEIPDv2) {\n const { keySize } = crypto.getCipherParams(packet.cipherAlgorithm);\n const { ivLength } = mode;\n const info = new Uint8Array(adataBuffer, 0, 5);\n const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength);\n key = derived.subarray(0, keySize);\n iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy.\n iv.fill(0, iv.length - 8);\n ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n } else { // AEADEncryptedDataPacket\n iv = packet.iv;\n // ivView is unused in this case\n }\n const modeInstance = await mode(packet.cipherAlgorithm, key);\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n let nonce;\n if (isSEIPDv2) { // SEIPD V2\n nonce = iv;\n } else { // AEADEncryptedDataPacket\n nonce = iv.slice();\n for (let i = 0; i < 8; i++) {\n nonce[iv.length - 8 + i] ^= chunkIndexArray[i];\n }\n }\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, nonce, adataArray);\n cryptedPromise.catch(() => {});\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...)\n cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray);\n cryptedPromise.catch(() => {});\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line @typescript-eslint/no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n if (isSEIPDv2) { // SEIPD V2\n ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...)\n } else { // AEADEncryptedDataPacket\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n }\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.ready.catch(() => {});\n await writer.abort(e);\n }\n });\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\nimport { runAEAD } from './sym_encrypted_integrity_protected_data';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await runAEAD(this, 'decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await runAEAD(this, 'encrypt', key, data);\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = null;\n\n // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()`\n this.publicKeyID = new KeyID();\n\n // For version 6:\n this.publicKeyVersion = null;\n this.publicKeyFingerprint = null;\n\n // For all versions:\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n static fromObject({\n version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm\n }) {\n const pkesk = new PublicKeyEncryptedSessionKeyPacket();\n\n if (version !== 3 && version !== 6) {\n throw new Error('Unsupported PKESK version');\n }\n\n pkesk.version = version;\n\n if (version === 6) {\n pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version;\n pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes();\n }\n\n pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID();\n pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm;\n pkesk.sessionKey = sessionKey;\n pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm;\n\n return pkesk;\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let offset = 0;\n this.version = bytes[offset++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n if (this.version === 6) {\n // A one-octet size of the following two fields:\n // - A one octet key version number.\n // - The fingerprint of the public key or subkey to which the session key is encrypted.\n // The size may also be zero.\n const versionAndFingerprintLength = bytes[offset++];\n if (versionAndFingerprintLength) {\n this.publicKeyVersion = bytes[offset++];\n const fingerprintLength = versionAndFingerprintLength - 1;\n this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength;\n if (this.publicKeyVersion >= 5) {\n // For v5/6 the Key ID is the high-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint);\n } else {\n // For v4 The Key ID is the low-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8));\n }\n } else {\n // The size may also be zero, and the key version and\n // fingerprint omitted for an \"anonymous recipient\"\n this.publicKeyID = KeyID.wildcard();\n }\n } else {\n offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8));\n }\n this.publicKeyAlgorithm = bytes[offset++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset));\n if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) {\n if (this.version === 3) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n } else if (this.encrypted.C.algorithm !== null) {\n throw new Error('Unexpected cleartext symmetric algorithm');\n }\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version])\n ];\n\n if (this.version === 6) {\n if (this.publicKeyFingerprint !== null) {\n arr.push(new Uint8Array([\n this.publicKeyFingerprint.length + 1,\n this.publicKeyVersion]\n ));\n arr.push(this.publicKeyFingerprint);\n } else {\n arr.push(new Uint8Array([0]));\n }\n } else {\n arr.push(this.publicKeyID.write());\n }\n\n arr.push(\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n );\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a\n // v6 PKESK packet, as it is included in the v2 SEIPD packet.\n const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n if (this.version === 3) {\n // v3 Montgomery curves have cleartext cipher algo\n const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448;\n this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm;\n\n if (sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n // add checksum\n return util.concatUint8Array([\n new Uint8Array(version === 6 ? [] : [cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = version === 6 ?\n { sessionKeyAlgorithm: null, sessionKey: result } :\n { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: version === 6 ? null : util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && (\n version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm));\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return {\n sessionKeyAlgorithm: null,\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 6 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number with value 4, 5 or 6.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following 5 fields.\n offset++;\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version >= 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following field.\n offset++;\n }\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n const s2kType = bytes[offset++];\n this.s2k = newS2KFromType(s2kType);\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version >= 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n const s2k = this.s2k.write();\n if (this.version === 6) {\n const s2kLen = s2k.length;\n const fieldsLen = 3 + s2kLen + this.iv.length;\n bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]);\n } else if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n if (this.sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n } else {\n // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v6Keys ? 6 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes, config = defaultConfig) {\n let pos = 0;\n // A one-octet version number (4, 5 or 6).\n this.version = bytes[pos++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version === 4 || this.version === 5 || this.version === 6) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version >= 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (\n this.version === 6 &&\n publicParams.oid && (\n publicParams.oid.getName() === enums.curve.curve25519Legacy ||\n publicParams.oid.getName() === enums.curve.ed25519Legacy\n )\n ) {\n throw new Error('Legacy curve25519 cannot be used with v6 keys');\n }\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version >= 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n const versionOctet = 0x95 + version;\n const lengthOctets = version >= 5 ? 4 : 2;\n return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version >= 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version >= 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line @typescript-eslint/no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError, writeTag } from './packet';\nimport computeHKDF from '../crypto/hkdf';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis\n * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older).\n * This value is only relevant to know how to decrypt the key:\n * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism.\n * @type {Boolean}\n * @private\n */\n this.isLegacyAEAD = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n /**\n * `true` for keys whose integrity is already confirmed, based on\n * the AEAD encryption mechanism\n * @type {Boolean}\n * @private\n */\n this.usedModernAEAD = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes, config = defaultConfig) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes, config);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n // - Only for a version 6 packet where the secret key material is\n // encrypted (that is, where the previous octet is not zero), a one-\n // octet scalar octet count of the cumulative length of all the\n // following optional string-to-key parameter fields.\n if (this.version === 6 && this.s2kUsage) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n i++;\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n const s2kType = bytes[i++];\n this.s2k = newS2KFromType(s2kType);\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n\n if (this.s2kUsage) {\n // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5).\n // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format).\n // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always\n // fail if the key was parsed according to the wrong format, since the keys are processed differently.\n // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag.\n this.isLegacyAEAD = this.s2kUsage === 253 && (\n this.version === 5 || (this.version === 4 && config.parseAEADEncryptedV4KeysAsLegacy));\n // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV)\n // of the same length as the cipher's block size.\n // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the\n // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm.\n // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero\n if (this.s2kUsage !== 253 || this.isLegacyAEAD) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipherParams(this.symmetric).blockSize\n );\n this.usedModernAEAD = false;\n } else {\n // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted),\n // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which\n // is used as the nonce for the AEAD algorithm.\n this.iv = bytes.subarray(\n i,\n i + crypto.getAEADMode(this.aead).ivLength\n );\n // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation.\n this.usedModernAEAD = true;\n }\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n let cleartext;\n if (this.version === 6) {\n cleartext = this.keyMaterial;\n } else {\n cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n }\n try {\n const { read, privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n if (read < cleartext.length) {\n throw new Error('Error reading MPIs');\n }\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n const s2k = this.s2k.write();\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n optionalFieldsArr.push(s2k.length);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...s2k);\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5 || (this.version === 6 && this.s2kUsage)) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage && this.version !== 6) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = newS2KFromType(enums.s2k.gnu, config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n this.isLegacyAEAD = null;\n this.usedModernAEAD = null;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n\n const { blockSize } = crypto.getCipherParams(this.symmetric);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = config.preferredAEADAlgorithm;\n const mode = crypto.getAEADMode(this.aead);\n this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead.\n this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material\n\n const serializedPacketTag = writeTag(this.constructor.tag);\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n\n const modeInstance = await mode(this.symmetric, key);\n this.iv = this.isLegacyAEAD ? crypto.random.getRandomBytes(blockSize) : crypto.random.getRandomBytes(mode.ivLength);\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData);\n } else {\n this.s2kUsage = 254;\n this.usedModernAEAD = false;\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(\n this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData);\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n this.aead = null;\n this.symmetric = null;\n this.isLegacyAEAD = null;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n if (this.usedModernAEAD) {\n // key integrity confirmed by successful AEAD decryption\n return;\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (this.version === 6 && (\n (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||\n this.algorithm === enums.publicKey.eddsaLegacy\n )) {\n throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);\n }\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\n/**\n * Derive encryption key\n * @param {Number} keyVersion - key derivation differs for v5 keys\n * @param {module:type/s2k} s2k\n * @param {String} passphrase\n * @param {module:enums.symmetric} cipherAlgo\n * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5)\n * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5)\n * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only)\n * @returns encryption key\n */\nasync function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) {\n if (s2k.type === 'argon2' && !aeadMode) {\n throw new Error('Using Argon2 S2K without AEAD is not allowed');\n }\n if (s2k.type === 'simple' && keyVersion === 6) {\n throw new Error('Using Simple S2K with version 6 keys is not allowed');\n }\n const { keySize } = crypto.getCipherParams(cipherAlgo);\n const derivedKey = await s2k.produceKey(passphrase, keySize);\n if (!aeadMode || keyVersion === 5 || isLegacyAEAD) {\n return derivedKey;\n }\n const info = util.concatUint8Array([\n serializedPacketTag,\n new Uint8Array([keyVersion, cipherAlgo, aeadMode])\n ]);\n return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize);\n}\n\nexport default SecretKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n\n /**\n * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1,\n * as well comments placed between the name (if present) and the bracketed email address:\n * - name (comment) \n * - email\n * In the first case, the `email` is the only required part, and it must contain the `@` symbol.\n * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`,\n * since they interfere with `comment` parsing.\n */\n const re = /^(?[^()]+\\s+)?(?\\([^()]+\\)\\s+)?(?<\\S+@\\S+>)$/;\n const matches = re.exec(userID);\n if (matches !== null) {\n const { name, comment, email } = matches.groups;\n this.comment = comment?.replace(/^\\(|\\)|\\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace\n this.name = name?.trim() || '';\n this.email = email.substring(1, email.length - 1); // remove brackets\n } else if (/^[^\\s@]+@[^\\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace\n this.email = userID;\n }\n\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures,\n * `enums.signatures.certGeneric` should be given regardless of the actual trust level)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm for a set of keys.\n * @param {Array} [targetKeys] - The keys to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {\n /**\n * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the\n * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).\n * if no keys are available, `preferredSenderAlgo` is returned.\n * For ECC signing key, the curve preferred hash is taken into account as well (see logic below).\n */\n const defaultAlgo = enums.hash.sha256; // MUST implement\n const preferredSenderAlgo = config.preferredHashAlgorithm;\n\n const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => {\n const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config);\n const targetPrefs = selfCertification.preferredHashAlgorithms;\n return targetPrefs;\n }));\n const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys\n for (const supportedAlgos of supportedAlgosPerTarget) {\n for (const hashAlgo of supportedAlgos) {\n try {\n // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on\n const supportedAlgo = enums.write(enums.hash, hashAlgo);\n supportedAlgosMap.set(\n supportedAlgo,\n supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1\n );\n } catch {}\n }\n }\n const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo;\n const getStrongestSupportedHashAlgo = () => {\n if (supportedAlgosMap.size === 0) {\n return defaultAlgo;\n }\n const sortedHashAlgos = Array.from(supportedAlgosMap.keys())\n .filter(hashAlgo => isSupportedHashAlgo(hashAlgo))\n .sort((algoA, algoB) => crypto.hash.getHashByteLength(algoA) - crypto.hash.getHashByteLength(algoB));\n const strongestHashAlgo = sortedHashAlgos[0];\n // defaultAlgo is always implicilty supported, and might be stronger than the rest\n return crypto.hash.getHashByteLength(strongestHashAlgo) >= crypto.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo;\n };\n\n const eccAlgos = new Set([\n enums.publicKey.ecdsa,\n enums.publicKey.eddsaLegacy,\n enums.publicKey.ed25519,\n enums.publicKey.ed448\n ]);\n\n if (eccAlgos.has(signingKeyPacket.algorithm)) {\n // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:\n // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5\n // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough;\n // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve\n // preferred algo, even if not supported by all targets.\n const preferredCurveAlgo = crypto.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid);\n\n const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo);\n const preferredSenderAlgoStrongerThanCurveAlgo = crypto.hash.getHashByteLength(preferredSenderAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo);\n\n if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) {\n return preferredSenderAlgo;\n } else {\n const strongestSupportedAlgo = getStrongestSupportedHashAlgo();\n return crypto.hash.getHashByteLength(strongestSupportedAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo) ?\n strongestSupportedAlgo :\n preferredCurveAlgo;\n }\n }\n\n // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this,\n // since it was manually set by the sender.\n return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo();\n}\n\n/**\n * Returns the preferred compression algorithm for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred compression algorithm\n * @async\n */\nexport async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = enums.compression.uncompressed;\n const preferredSenderAlgo = config.preferredCompressionAlgorithm;\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config);\n const recipientPrefs = selfCertification.preferredCompressionAlgorithms;\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred\n * @async\n */\nexport async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));\n const withAEAD = keys.length ?\n selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :\n config.aeadProtect;\n\n if (withAEAD) {\n const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };\n const desiredCipherSuites = [\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },\n { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }\n ];\n for (const desiredCipherSuite of desiredCipherSuites) {\n if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(\n cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo\n ))) {\n return desiredCipherSuite;\n }\n }\n return defaultCipherSuite;\n }\n const defaultSymAlgo = enums.symmetric.aes128;\n const desiredSymAlgo = config.preferredSymmetricAlgorithm;\n return {\n symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ?\n desiredSymAlgo :\n defaultSymAlgo,\n aeadAlgo: undefined\n };\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {Array} recipientKeys - keys to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config);\n signaturePacket.rawNotations = [...notations];\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n const isHardRevocation = ![\n enums.reasonForRevocation.keyRetired,\n enums.reasonForRevocation.keySuperseded,\n enums.reasonForRevocation.userIDInvalid\n ].includes(revocationSignature.reasonForRevocationFlag);\n\n await revocationSignature.verify(\n key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve`\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy ||\n options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'curve25519':\n options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519;\n break;\n case 'curve448':\n options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448;\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function validateSigningKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateEncryptionKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateDecryptionKeyPacket(keyPacket, signature, config) {\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateSigningKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateEncryptionKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n if (primaryKey.version !== 6) {\n // check for expiration time in direct signatures (for V6 keys, the above already did so)\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const selfCertification = await this.getPrimarySelfSignature(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature.\n await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * For V4 keys, returns the self-signature of the primary user.\n * For V5 keys, returns the latest valid direct-key self-signature.\n * This self-signature is to be used to check the key expiration,\n * algorithm preferences, and so on.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} The primary self-signature\n * @async\n */\n async getPrimarySelfSignature(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n if (primaryKey.version === 6) {\n return helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n );\n }\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n return selfCertification;\n }\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config);\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @throws {Error} if no decryption key is found\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n let exception = null;\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n if (this.subkeys[i].keyPacket.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n continue;\n }\n\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n // evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && helper.validateDecryptionKeyPacket(primaryKey, selfCertification, config)) {\n if (primaryKey.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n } else {\n keys.push(this);\n }\n }\n\n if (keys.length === 0) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('No decryption key packets found');\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.\n * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).\n * Note: Curve448 and Curve25519 are not widely supported yet.\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n // Every subkey for a v4 primary key MUST be a v4 subkey.\n // Every subkey for a v6 primary key MUST be a v6 subkey.\n // For v5 keys, since we dropped generation support, a v4 subkey is added.\n // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.\n const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nfunction getDefaultSubkeyType(algoName) {\n const algo = enums.write(enums.publicKey, algoName);\n // NB: no encryption-only algos, since they cannot be in primary keys\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n return 'rsa';\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return 'ecc';\n case enums.publicKey.ed25519:\n return 'curve25519';\n case enums.publicKey.ed448:\n return 'curve448';\n default:\n throw new Error('Unsupported algorithm');\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format).\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n function getKeySignatureProperties() {\n const signatureProperties = {};\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n const symmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128\n ], config.preferredSymmetricAlgorithm);\n signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;\n if (config.aeadProtect) {\n const aeadAlgorithms = createPreferredAlgos([\n enums.aead.gcm,\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {\n return symmetricAlgorithms.map(symmetricAlgorithm => {\n return [symmetricAlgorithm, aeadAlgorithm];\n });\n });\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512,\n enums.hash.sha3_256,\n enums.hash.sha3_512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.uncompressed,\n enums.compression.zlib,\n enums.compression.zip\n ], config.preferredCompressionAlgorithm);\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.seipdv2;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n return signatureProperties;\n }\n\n if (secretKeyPacket.version === 6) { // add direct key signature with key prefs\n const dataToSign = {\n key: secretKeyPacket\n };\n\n const signatureProperties = getKeySignatureProperties();\n signatureProperties.signatureType = enums.signature.key;\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n packetlist.push(signaturePacket);\n }\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {\n userID: userIDPacket,\n key: secretKeyPacket\n };\n const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};\n signatureProperties.signatureType = enums.signature.certPositive;\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);\n return createKey(firstKeyPacketList);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n return new PrivateKey(firstPrivateKeyList);\n }\n throw new Error('No secret key packet found');\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n if (keys.length === 0) {\n throw new Error('No secret key packet found');\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport { Argon2OutOfMemoryError } from './type/s2k';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredCipherSuite, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm;\n\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config);\n\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable)\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n if (err instanceof Argon2OutOfMemoryError) {\n exception = err;\n }\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let decryptionKeyPackets;\n try {\n // do not check key expiration to allow decryption of old messages\n decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n } catch (err) {\n exception = err;\n return;\n }\n\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config); // TODO: Pass userID from somewhere.\n if (selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all((\n expectedSymmetricAlgorithm ?\n [expectedSymmetricAlgorithm] :\n Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)\n ).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm;\n if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config);\n const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo);\n const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) &&\n !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(symmetricAlgo);\n return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({\n version: aeadAlgorithmName ? 2 : 1,\n aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null\n });\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n\n const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({\n version: aeadAlgorithm ? 6 : 3,\n encryptionKeyPacket: encryptionKey.keyPacket,\n anonymousRecipient: wildcard,\n sessionKey,\n sessionKeyAlgorithm: symmetricAlgorithm\n });\n\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config); // this returns the existing signature packets as well\n const onePassSignaturePackets = signaturePackets.map(\n (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0))\n .reverse(); // innermost OPS refers to the first signature packet\n\n packetlist.push(...onePassSignaturePackets);\n packetlist.push(literalDataPacket);\n packetlist.push(...signaturePackets);\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n const trailingPacket = this.packets[this.packets.length - 1];\n // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer.\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ?\n trailingPacket.version !== 2 :\n this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const signingUserID = signingUserIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config);\n return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n const input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // emit header and checksum if one of the signatures has a version not 6\n const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6);\n const hash = emitHeaderAndChecksum ?\n Array.from(new Set(this.signature.packets.map(\n packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase()\n ))).join() :\n null;\n\n const body = {\n hash,\n text: this.text,\n data: this.signature.packets.write()\n };\n\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n const hashAlgos = [];\n headers.forEach(header => {\n const hashHeader = header.match(/^Hash: (.+)$/); // get header value\n if (hashHeader) {\n const parsedHashIDs = hashHeader[1]\n .replace(/\\s/g, '') // remove whitespace\n .split(',')\n .map(hashName => {\n try {\n return enums.write(enums.hash, hashName.toLowerCase());\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase());\n }\n });\n hashAlgos.push(...parsedHashIDs);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredCompressionAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).\n * Note: Curve448 and Curve25519 (new format) are not widely supported yet.\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:\n * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n if (!type && !curve) {\n type = config.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them)\n curve = 'curve25519Legacy'; // unused with type != 'ecc'\n } else {\n type = type || 'ecc';\n curve = curve || 'curve25519Legacy';\n }\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && !config.v6Keys) {\n throw new Error('UserIDs are required for V4 keys');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) {\n throw new Error('UserIDs are required for V4 keys');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return await convertStream(data);\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return await convertStream(signature);\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data) {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\n// copied from utils\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(h) {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.wrapConstructor');\n number(h.outputLen);\n number(h.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","// We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+.\n// Falls back to Node.js built-in crypto for Node.js <=v14\n// See utils.ts for details.\n// @ts-ignore\nimport * as nc from 'node:crypto';\nexport const crypto = nc && typeof nc === 'object' && 'webcrypto' in nc\n ? nc.webcrypto\n : nc && typeof nc === 'object' && 'randomBytes' in nc\n ? nc\n : undefined;\n//# sourceMappingURL=cryptoNode.js.map","/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0);\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// For runtime check if class implements interface\nexport class Hash {\n // Safe version that clones internal state\n clone() {\n return this._cloneInto();\n }\n}\nconst toStr = {}.toString;\nexport function checkOpts(defaults, opts) {\n if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n throw new Error('Options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\nexport function wrapConstructor(hashCons) {\n const hashC = (msg) => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\nexport function wrapConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\nexport function wrapXOFConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32) {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return crypto.randomBytes(bytesLength);\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n//# sourceMappingURL=utils.js.map","import { exists, output } from './_assert.js';\nimport { Hash, createView, toBytes } from './utils.js';\n/**\n * Polyfill for Safari 14\n */\nfunction setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/**\n * Choice: a ? b : c\n */\nexport const Chi = (a, b, c) => (a & b) ^ (~a & c);\n/**\n * Majority function, true if any two inputs is true\n */\nexport const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n */\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n exists(this);\n const { view, buffer, blockLen } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n exists(this);\n output(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n this.buffer.subarray(pos).fill(0);\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to || (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.length = length;\n to.pos = pos;\n to.finished = finished;\n to.destroyed = destroyed;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n}\n//# sourceMappingURL=_md.js.map","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotr, wrapConstructor } from './utils.js';\n// SHA2-256 need to try 2^128 hashes to execute birthday attack.\n// BTC network is doing 2^67 hashes/sec as per early 2023.\n// Round constants:\n// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ new Uint32Array([\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n// Initial state:\n// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19\n// prettier-ignore\nconst SHA256_IV = /* @__PURE__ */ new Uint32Array([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\nexport class SHA256 extends HashMD {\n constructor() {\n super(64, 32, 8, false);\n // We cannot use array here since array allows indexing by variable\n // which means optimizer/compiler cannot use registers.\n this.A = SHA256_IV[0] | 0;\n this.B = SHA256_IV[1] | 0;\n this.C = SHA256_IV[2] | 0;\n this.D = SHA256_IV[3] | 0;\n this.E = SHA256_IV[4] | 0;\n this.F = SHA256_IV[5] | 0;\n this.G = SHA256_IV[6] | 0;\n this.H = SHA256_IV[7] | 0;\n }\n get() {\n const { A, B, C, D, E, F, G, H } = this;\n return [A, B, C, D, E, F, G, H];\n }\n // prettier-ignore\n set(A, B, C, D, E, F, G, H) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n this.F = F | 0;\n this.G = G | 0;\n this.H = H | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4)\n SHA256_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 64; i++) {\n const W15 = SHA256_W[i - 15];\n const W2 = SHA256_W[i - 2];\n const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n }\n // Compression function main loop, 64 rounds\n let { A, B, C, D, E, F, G, H } = this;\n for (let i = 0; i < 64; i++) {\n const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n const T2 = (sigma0 + Maj(A, B, C)) | 0;\n H = G;\n G = F;\n F = E;\n E = (D + T1) | 0;\n D = C;\n C = B;\n B = A;\n A = (T1 + T2) | 0;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n F = (F + this.F) | 0;\n G = (G + this.G) | 0;\n H = (H + this.H) | 0;\n this.set(A, B, C, D, E, F, G, H);\n }\n roundClean() {\n SHA256_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\nclass SHA224 extends SHA256 {\n constructor() {\n super();\n this.A = 0xc1059ed8 | 0;\n this.B = 0x367cd507 | 0;\n this.C = 0x3070dd17 | 0;\n this.D = 0xf70e5939 | 0;\n this.E = 0xffc00b31 | 0;\n this.F = 0x68581511 | 0;\n this.G = 0x64f98fa7 | 0;\n this.H = 0xbefa4fa4 | 0;\n this.outputLen = 28;\n }\n}\n/**\n * SHA2-256 hash function\n * @param message - data that would be hashed\n */\nexport const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());\n/**\n * SHA2-224 hash function\n */\nexport const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224());\n//# sourceMappingURL=sha256.js.map","import { hash as assertHash, bytes as assertBytes, exists as assertExists } from './_assert.js';\nimport { Hash, toBytes } from './utils.js';\n// HMAC (RFC 2104)\nexport class HMAC extends Hash {\n constructor(hash, _key) {\n super();\n this.finished = false;\n this.destroyed = false;\n assertHash(hash);\n const key = toBytes(_key);\n this.iHash = hash.create();\n if (typeof this.iHash.update !== 'function')\n throw new Error('Expected instance of class which extends utils.Hash');\n this.blockLen = this.iHash.blockLen;\n this.outputLen = this.iHash.outputLen;\n const blockLen = this.blockLen;\n const pad = new Uint8Array(blockLen);\n // blockLen can be bigger than outputLen\n pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36;\n this.iHash.update(pad);\n // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone\n this.oHash = hash.create();\n // Undo internal XOR && apply outer XOR\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36 ^ 0x5c;\n this.oHash.update(pad);\n pad.fill(0);\n }\n update(buf) {\n assertExists(this);\n this.iHash.update(buf);\n return this;\n }\n digestInto(out) {\n assertExists(this);\n assertBytes(out, this.outputLen);\n this.finished = true;\n this.iHash.digestInto(out);\n this.oHash.update(out);\n this.oHash.digestInto(out);\n this.destroy();\n }\n digest() {\n const out = new Uint8Array(this.oHash.outputLen);\n this.digestInto(out);\n return out;\n }\n _cloneInto(to) {\n // Create new instance without calling constructor since key already in state and we don't know it.\n to || (to = Object.create(Object.getPrototypeOf(this), {}));\n const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;\n to = to;\n to.finished = finished;\n to.destroyed = destroyed;\n to.blockLen = blockLen;\n to.outputLen = outputLen;\n to.oHash = oHash._cloneInto(to.oHash);\n to.iHash = iHash._cloneInto(to.iHash);\n return to;\n }\n destroy() {\n this.destroyed = true;\n this.oHash.destroy();\n this.iHash.destroy();\n }\n}\n/**\n * HMAC: RFC2104 message authentication code.\n * @param hash - function that would be used e.g. sha256\n * @param key - message key\n * @param message - message data\n * @example\n * import { hmac } from '@noble/hashes/hmac';\n * import { sha256 } from '@noble/hashes/sha2';\n * const mac1 = hmac(sha256, 'key', 'message');\n */\nexport const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();\nhmac.create = (hash, key) => new HMAC(hash, key);\n//# sourceMappingURL=hmac.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// 100 lines of code in the file are duplicated from noble-hashes (utils).\n// This is OK: `abstract` directory does not use noble-hashes.\n// User may opt-in into using different hashing library. This way, noble-hashes\n// won't be included into their bundle.\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nexport function abytes(item) {\n if (!isBytes(item))\n throw new Error('Uint8Array expected');\n}\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(`${title} must be valid boolean, got \"${value}\".`);\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? `0${hex}` : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes(bytes);\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'private key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes(hex);\n }\n catch (e) {\n throw new Error(`${title} must be valid hex string, got \"${hex}\". Cause: ${e}`);\n }\n }\n else if (isBytes(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(`${title} must be hex string or Uint8Array`);\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);\n return res;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;\n// DRBG\nconst u8n = (data) => new Uint8Array(data); // creates Uint8Array\nconst u8fr = (arr) => Uint8Array.from(arr); // another shortcut\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n()) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error(`Invalid validator \"${type}\", expected function`);\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Utilities for modular arithmetics and finite fields\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js';\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);\n// prettier-ignore\nconst _9n = BigInt(9), _16n = BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/**\n * Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n */\n// TODO: use field version && remove\nexport function pow(num, power, modulo) {\n if (modulo <= _0n || power < _0n)\n throw new Error('Expected power/modulo > 0');\n if (modulo === _1n)\n return _0n;\n let res = _1n;\n while (power > _0n) {\n if (power & _1n)\n res = (res * num) % modulo;\n num = (num * num) % modulo;\n power >>= _1n;\n }\n return res;\n}\n// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res *= res;\n res %= modulo;\n }\n return res;\n}\n// Inverses number over modulo\nexport function invert(number, modulo) {\n if (number === _0n || modulo <= _0n) {\n throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);\n }\n // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u * q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n/**\n * Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * Will start an infinite loop if field order P is not prime.\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n */\nexport function tonelliShanks(P) {\n // Legendre constant: used to calculate Legendre symbol (a | p),\n // which denotes the value of a^((p-1)/2) (mod p).\n // (a | p) ≡ 1 if a is a square (mod p)\n // (a | p) ≡ -1 if a is not a square (mod p)\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreC = (P - _1n) / _2n;\n let Q, S, Z;\n // Step 1: By factoring out powers of 2 from p - 1,\n // find q and s such that p - 1 = q*(2^s) with q odd\n for (Q = P - _1n, S = 0; Q % _2n === _0n; Q /= _2n, S++)\n ;\n // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq\n for (Z = _2n; Z < P && pow(Z, legendreC, P) !== P - _1n; Z++)\n ;\n // Fast-path\n if (S === 1) {\n const p1div4 = (P + _1n) / _4n;\n return function tonelliFast(Fp, n) {\n const root = Fp.pow(n, p1div4);\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Slow-path\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1\n if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))\n throw new Error('Cannot find square root');\n let r = S;\n // TODO: will fail at Fp2/etc\n let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b\n let x = Fp.pow(n, Q1div2); // first guess at the square root\n let b = Fp.pow(n, Q); // first guess at the fudge factor\n while (!Fp.eql(b, Fp.ONE)) {\n if (Fp.eql(b, Fp.ZERO))\n return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0)\n // Find m such b^(2^m)==1\n let m = 1;\n for (let t2 = Fp.sqr(b); m < r; m++) {\n if (Fp.eql(t2, Fp.ONE))\n break;\n t2 = Fp.sqr(t2); // t2 *= t2\n }\n // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow\n const ge = Fp.pow(g, _1n << BigInt(r - m - 1)); // ge = 2^(r-m-1)\n g = Fp.sqr(ge); // g = ge * ge\n x = Fp.mul(x, ge); // x *= ge\n b = Fp.mul(b, g); // b *= g\n r = m;\n }\n return x;\n };\n}\nexport function FpSqrt(P) {\n // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.\n // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n // P ≡ 3 (mod 4)\n // √n = n^((P+1)/4)\n if (P % _4n === _3n) {\n // Not all roots possible!\n // const ORDER =\n // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn;\n // const NUM = 72057594037927816n;\n const p1div4 = (P + _1n) / _4n;\n return function sqrt3mod4(Fp, n) {\n const root = Fp.pow(n, p1div4);\n // Throw if root**2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10)\n if (P % _8n === _5n) {\n const c1 = (P - _5n) / _8n;\n return function sqrt5mod8(Fp, n) {\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, c1);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // P ≡ 9 (mod 16)\n if (P % _16n === _9n) {\n // NOTE: tonelli is too slow for bls-Fp2 calculations even on start\n // Means we cannot use sqrt for constants at all!\n //\n // const c1 = Fp.sqrt(Fp.negate(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n // const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n // const c3 = Fp.sqrt(Fp.negate(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n // const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n // sqrt = (x) => {\n // let tv1 = Fp.pow(x, c4); // 1. tv1 = x^c4\n // let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n // const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n // let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n // const e1 = Fp.equals(Fp.square(tv2), x); // 5. e1 = (tv2^2) == x\n // const e2 = Fp.equals(Fp.square(tv3), x); // 6. e2 = (tv3^2) == x\n // tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n // tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n // const e3 = Fp.equals(Fp.square(tv2), x); // 9. e3 = (tv2^2) == x\n // return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n // }\n }\n // Other cases: Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/**\n * Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n */\nexport function FpPow(f, num, power) {\n // Should have same speed as pow for bigints\n // TODO: benchmark!\n if (power < _0n)\n throw new Error('Expected power > 0');\n if (power === _0n)\n return f.ONE;\n if (power === _1n)\n return num;\n let p = f.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = f.mul(p, d);\n d = f.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/**\n * Efficiently invert an array of Field elements.\n * `inv(0)` will return `undefined` here: make sure to throw an error.\n */\nexport function FpInvertBatch(f, nums) {\n const tmp = new Array(nums.length);\n // Walk from first to last, multiply them by each other MOD p\n const lastMultiplied = nums.reduce((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = acc;\n return f.mul(acc, num);\n }, f.ONE);\n // Invert last element\n const inverted = f.inv(lastMultiplied);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = f.mul(acc, tmp[i]);\n return f.mul(acc, num);\n }, inverted);\n return tmp;\n}\nexport function FpDiv(f, lhs, rhs) {\n return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));\n}\nexport function FpLegendre(order) {\n // (a | p) ≡ 1 if a is a square (mod p), quadratic residue\n // (a | p) ≡ -1 if a is not a square (mod p), quadratic non residue\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreConst = (order - _1n) / _2n; // Integer arithmetic\n return (f, x) => f.pow(x, legendreConst);\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(f) {\n const legendre = FpLegendre(f.ORDER);\n return (x) => {\n const p = legendre(f, x);\n return f.eql(p, f.ZERO) || f.eql(p, f.ONE);\n };\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/**\n * Initializes a finite field over prime. **Non-primes are not supported.**\n * Do not init in loop: slow. Very fragile: always run a benchmark on a change.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * NOTE: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n */\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('Field lengths over 2048 bytes are not supported');\n const sqrtP = FpSqrt(ORDER);\n const f = Object.freeze({\n ORDER,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num * num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt || ((n) => sqrtP(f, n)),\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // TODO: do we really need constant cmov?\n // We don't have const-time bigints anyway, so probably will be not very useful\n cmov: (a, b, c) => (c ? b : a),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use mapKeyToField instead\n */\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 || hashLen < minLen || hashLen > 1024)\n throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/**\n * Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n */\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/**\n * Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n */\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 || len < minLen || len > 1024)\n throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);\n const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Abelian group utilities\nimport { validateField, nLength } from './modular.js';\nimport { validateObject, bitLen } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)\n// Elliptic curve multiplication of Point by scalar. Fragile.\n// Scalars should always be less than curve order: this should be checked inside of a curve itself.\n// Creates precomputation tables for fast multiplication:\n// - private scalar is split by fixed size windows of W bits\n// - every window point is collected from window's table & added to accumulator\n// - since windows are different, same point inside tables won't be accessed more than once per calc\n// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n// - +1 window is neccessary for wNAF\n// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow\n// windows to be in different memory locations\nexport function wNAF(c, bits) {\n const constTimeNegate = (condition, item) => {\n const neg = item.negate();\n return condition ? neg : item;\n };\n const validateW = (W) => {\n if (!Number.isSafeInteger(W) || W <= 0 || W > bits)\n throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);\n };\n const opts = (W) => {\n validateW(W);\n const windows = Math.ceil(bits / W) + 1; // +1, because\n const windowSize = 2 ** (W - 1); // -1 because we skip zero\n return { windows, windowSize };\n };\n return {\n constTimeNegate,\n // non-const time multiplication ladder\n unsafeLadder(elm, n) {\n let p = c.ZERO;\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /**\n * Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @returns precomputed point tables flattened to a single array\n */\n precomputeWindow(elm, W) {\n const { windows, windowSize } = opts(W);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // =1, because we skip zero\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /**\n * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n */\n wNAF(W, precomputes, n) {\n // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise\n // But need to carefully remove other checks before wNAF. ORDER == bits here\n const { windows, windowSize } = opts(W);\n let p = c.ZERO;\n let f = c.BASE;\n const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.\n const maxNumber = 2 ** W;\n const shiftBy = BigInt(W);\n for (let window = 0; window < windows; window++) {\n const offset = window * windowSize;\n // Extract W bits.\n let wbits = Number(n & mask);\n // Shift number by W bits.\n n >>= shiftBy;\n // If the bits are bigger than max size, we'll split those.\n // +224 => 256 - 32\n if (wbits > windowSize) {\n wbits -= maxNumber;\n n += _1n;\n }\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 ** W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n // Check if we're onto Zero point.\n // Add random point inside current window to f.\n const offset1 = offset;\n const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero\n const cond1 = window % 2 !== 0;\n const cond2 = wbits < 0;\n if (wbits === 0) {\n // The most important part for const-time getPublicKey\n f = f.add(constTimeNegate(cond1, precomputes[offset1]));\n }\n else {\n p = p.add(constTimeNegate(cond2, precomputes[offset2]));\n }\n }\n // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ()\n // Even if the variable is still unused, there are some checks which will\n // throw an exception, so compiler needs to prove they won't happen, which is hard.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n wNAFCached(P, n, transform) {\n const W = pointWindowSizes.get(P) || 1;\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return this.wNAF(W, comp, n);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/**\n * Pippenger algorithm for multi-scalar multiplication (MSM).\n * MSM is basically (Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster with precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param field field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n */\nexport function pippenger(c, field, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)\n throw new Error('arrays of points and scalars must have equal length');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error(`wrong scalar at index ${i}`);\n });\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error(`wrong point at index ${i}`);\n });\n const wbits = bitLen(BigInt(points.length));\n const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits\n const MASK = (1 << windowSize) - 1;\n const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array\n const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;\n let sum = c.ZERO;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(c.ZERO);\n for (let j = 0; j < scalars.length; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = c.ZERO; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Short Weierstrass curve. The formula is: y² = x³ + ax + b\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport * as mod from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\nfunction validateSigVerOpts(opts) {\n if (opts.lowS !== undefined)\n abool('lowS', opts.lowS);\n if (opts.prehash !== undefined)\n abool('prehash', opts.prehash);\n}\nfunction validatePointOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n a: 'field',\n b: 'field',\n }, {\n allowedPrivateKeyLengths: 'array',\n wrapPrivateKey: 'boolean',\n isTorsionFree: 'function',\n clearCofactor: 'function',\n allowInfinityPoint: 'boolean',\n fromBytes: 'function',\n toBytes: 'function',\n });\n const { endo, Fp, a } = opts;\n if (endo) {\n if (!Fp.eql(a, Fp.ZERO)) {\n throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');\n }\n if (typeof endo !== 'object' ||\n typeof endo.beta !== 'bigint' ||\n typeof endo.splitScalar !== 'function') {\n throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');\n }\n }\n return Object.freeze({ ...opts });\n}\nconst { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;\n/**\n * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:\n *\n * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]\n *\n * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html\n */\nexport const DER = {\n // asn.1 DER encoding utils\n Err: class DERErr extends Error {\n constructor(m = '') {\n super(m);\n }\n },\n // Basic building block is TLV (Tag-Length-Value)\n _tlv: {\n encode: (tag, data) => {\n const { Err: E } = DER;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length & 1)\n throw new E('tlv.encode: unpadded data');\n const dataLen = data.length / 2;\n const len = ut.numberToHexUnpadded(dataLen);\n if ((len.length / 2) & 128)\n throw new E('tlv.encode: long form length too big');\n // length of length with long form flag\n const lenLen = dataLen > 127 ? ut.numberToHexUnpadded((len.length / 2) | 128) : '';\n return `${ut.numberToHexUnpadded(tag)}${lenLen}${len}${data}`;\n },\n // v - value, l - left bytes (unparsed)\n decode(tag, data) {\n const { Err: E } = DER;\n let pos = 0;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length < 2 || data[pos++] !== tag)\n throw new E('tlv.decode: wrong tlv');\n const first = data[pos++];\n const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form\n let length = 0;\n if (!isLong)\n length = first;\n else {\n // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]\n const lenLen = first & 127;\n if (!lenLen)\n throw new E('tlv.decode(long): indefinite length not supported');\n if (lenLen > 4)\n throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js\n const lengthBytes = data.subarray(pos, pos + lenLen);\n if (lengthBytes.length !== lenLen)\n throw new E('tlv.decode: length bytes not complete');\n if (lengthBytes[0] === 0)\n throw new E('tlv.decode(long): zero leftmost byte');\n for (const b of lengthBytes)\n length = (length << 8) | b;\n pos += lenLen;\n if (length < 128)\n throw new E('tlv.decode(long): not minimal encoding');\n }\n const v = data.subarray(pos, pos + length);\n if (v.length !== length)\n throw new E('tlv.decode: wrong value length');\n return { v, l: data.subarray(pos + length) };\n },\n },\n // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,\n // since we always use positive integers here. It must always be empty:\n // - add zero byte if exists\n // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)\n _int: {\n encode(num) {\n const { Err: E } = DER;\n if (num < _0n)\n throw new E('integer: negative integers are not allowed');\n let hex = ut.numberToHexUnpadded(num);\n // Pad with zero byte if negative flag is present\n if (Number.parseInt(hex[0], 16) & 0b1000)\n hex = '00' + hex;\n if (hex.length & 1)\n throw new E('unexpected assertion');\n return hex;\n },\n decode(data) {\n const { Err: E } = DER;\n if (data[0] & 128)\n throw new E('Invalid signature integer: negative');\n if (data[0] === 0x00 && !(data[1] & 128))\n throw new E('Invalid signature integer: unnecessary leading zero');\n return b2n(data);\n },\n },\n toSig(hex) {\n // parse DER signature\n const { Err: E, _int: int, _tlv: tlv } = DER;\n const data = typeof hex === 'string' ? h2b(hex) : hex;\n ut.abytes(data);\n const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);\n if (seqLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);\n const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);\n if (sLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n return { r: int.decode(rBytes), s: int.decode(sBytes) };\n },\n hexFromSig(sig) {\n const { _tlv: tlv, _int: int } = DER;\n const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;\n return tlv.encode(0x30, seq);\n },\n};\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4);\nexport function weierstrassPoints(opts) {\n const CURVE = validatePointOpts(opts);\n const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ\n const Fn = mod.Field(CURVE.n, CURVE.nBitLength);\n const toBytes = CURVE.toBytes ||\n ((_c, point, _isCompressed) => {\n const a = point.toAffine();\n return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));\n });\n const fromBytes = CURVE.fromBytes ||\n ((bytes) => {\n // const head = bytes[0];\n const tail = bytes.subarray(1);\n // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n });\n /**\n * y² = x³ + ax + b: Short weierstrass curve formula\n * @returns y²\n */\n function weierstrassEquation(x) {\n const { a, b } = CURVE;\n const x2 = Fp.sqr(x); // x * x\n const x3 = Fp.mul(x2, x); // x2 * x\n return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b\n }\n // Validate whether the passed curve params are valid.\n // We check if curve equation works for generator point.\n // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381.\n // ProjectivePoint class has not been initialized yet.\n if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))\n throw new Error('bad generator point: equation left != right');\n // Valid group elements reside in range 1..n-1\n function isWithinCurveOrder(num) {\n return ut.inRange(num, _1n, CURVE.n);\n }\n // Validates if priv key is valid and converts it to bigint.\n // Supports options allowedPrivateKeyLengths and wrapPrivateKey.\n function normPrivateKeyToScalar(key) {\n const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;\n if (lengths && typeof key !== 'bigint') {\n if (ut.isBytes(key))\n key = ut.bytesToHex(key);\n // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes\n if (typeof key !== 'string' || !lengths.includes(key.length))\n throw new Error('Invalid key');\n key = key.padStart(nByteLength * 2, '0');\n }\n let num;\n try {\n num =\n typeof key === 'bigint'\n ? key\n : ut.bytesToNumberBE(ensureBytes('private key', key, nByteLength));\n }\n catch (error) {\n throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);\n }\n if (wrapPrivateKey)\n num = mod.mod(num, N); // disabled by default, enabled for BLS\n ut.aInRange('private key', num, _1n, N); // num in range [1..N-1]\n return num;\n }\n function assertPrjPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ProjectivePoint expected');\n }\n // Memoized toAffine / validity check. They are heavy. Points are immutable.\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n const toAffineMemo = memoized((p, iz) => {\n const { px: x, py: y, pz: z } = p;\n // Fast-path for normalized points\n if (Fp.eql(z, Fp.ONE))\n return { x, y };\n const is0 = p.is0();\n // If invZ was 0, we return zero point. However we still want to execute\n // all operations, so we replace invZ with a random number, 1.\n if (iz == null)\n iz = is0 ? Fp.ONE : Fp.inv(z);\n const ax = Fp.mul(x, iz);\n const ay = Fp.mul(y, iz);\n const zz = Fp.mul(z, iz);\n if (is0)\n return { x: Fp.ZERO, y: Fp.ZERO };\n if (!Fp.eql(zz, Fp.ONE))\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n // NOTE: on exception this will crash 'cached' and no value will be set.\n // Otherwise true will be return\n const assertValidMemo = memoized((p) => {\n if (p.is0()) {\n // (0, 1, 0) aka ZERO is invalid in most contexts.\n // In BLS, ZERO can be serialized, so we allow it.\n // (0, 0, 0) is wrong representation of ZERO and is always invalid.\n if (CURVE.allowInfinityPoint && !Fp.is0(p.py))\n return;\n throw new Error('bad point: ZERO');\n }\n // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`\n const { x, y } = p.toAffine();\n // Check if x, y are valid field elements\n if (!Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('bad point: x or y not FE');\n const left = Fp.sqr(y); // y²\n const right = weierstrassEquation(x); // x³ + ax + b\n if (!Fp.eql(left, right))\n throw new Error('bad point: equation left != right');\n if (!p.isTorsionFree())\n throw new Error('bad point: not in prime-order subgroup');\n return true;\n });\n /**\n * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)\n * Default Point works in 2d / affine coordinates: (x, y)\n * We're doing calculations in projective, because its operations don't require costly inversion.\n */\n class Point {\n constructor(px, py, pz) {\n this.px = px;\n this.py = py;\n this.pz = pz;\n if (px == null || !Fp.isValid(px))\n throw new Error('x required');\n if (py == null || !Fp.isValid(py))\n throw new Error('y required');\n if (pz == null || !Fp.isValid(pz))\n throw new Error('z required');\n Object.freeze(this);\n }\n // Does not validate if the point is on-curve.\n // Use fromHex instead, or call assertValidity() later.\n static fromAffine(p) {\n const { x, y } = p || {};\n if (!p || !Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('invalid affine point');\n if (p instanceof Point)\n throw new Error('projective point not allowed');\n const is0 = (i) => Fp.eql(i, Fp.ZERO);\n // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)\n if (is0(x) && is0(y))\n return Point.ZERO;\n return new Point(x, y, Fp.ONE);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n /**\n * Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n */\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.pz));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n /**\n * Converts hash string or Uint8Array to Point.\n * @param hex short/long ECDSA hex\n */\n static fromHex(hex) {\n const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));\n P.assertValidity();\n return P;\n }\n // Multiplies generator point by privateKey.\n static fromPrivateKey(privateKey) {\n return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // A point on curve is valid if it conforms to equation.\n assertValidity() {\n assertValidMemo(this);\n }\n hasEvenY() {\n const { y } = this.toAffine();\n if (Fp.isOdd)\n return !Fp.isOdd(y);\n throw new Error(\"Field doesn't support isOdd\");\n }\n /**\n * Compare one point to another.\n */\n equals(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));\n const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));\n return U1 && U2;\n }\n /**\n * Flips point to one corresponding to (x, -y) in Affine coordinates.\n */\n negate() {\n return new Point(this.px, Fp.neg(this.py), this.pz);\n }\n // Renes-Costello-Batina exception-free doubling formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 3\n // Cost: 8M + 3S + 3*a + 2*b3 + 15add.\n double() {\n const { a, b } = CURVE;\n const b3 = Fp.mul(b, _3n);\n const { px: X1, py: Y1, pz: Z1 } = this;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n let t0 = Fp.mul(X1, X1); // step 1\n let t1 = Fp.mul(Y1, Y1);\n let t2 = Fp.mul(Z1, Z1);\n let t3 = Fp.mul(X1, Y1);\n t3 = Fp.add(t3, t3); // step 5\n Z3 = Fp.mul(X1, Z1);\n Z3 = Fp.add(Z3, Z3);\n X3 = Fp.mul(a, Z3);\n Y3 = Fp.mul(b3, t2);\n Y3 = Fp.add(X3, Y3); // step 10\n X3 = Fp.sub(t1, Y3);\n Y3 = Fp.add(t1, Y3);\n Y3 = Fp.mul(X3, Y3);\n X3 = Fp.mul(t3, X3);\n Z3 = Fp.mul(b3, Z3); // step 15\n t2 = Fp.mul(a, t2);\n t3 = Fp.sub(t0, t2);\n t3 = Fp.mul(a, t3);\n t3 = Fp.add(t3, Z3);\n Z3 = Fp.add(t0, t0); // step 20\n t0 = Fp.add(Z3, t0);\n t0 = Fp.add(t0, t2);\n t0 = Fp.mul(t0, t3);\n Y3 = Fp.add(Y3, t0);\n t2 = Fp.mul(Y1, Z1); // step 25\n t2 = Fp.add(t2, t2);\n t0 = Fp.mul(t2, t3);\n X3 = Fp.sub(X3, t0);\n Z3 = Fp.mul(t2, t1);\n Z3 = Fp.add(Z3, Z3); // step 30\n Z3 = Fp.add(Z3, Z3);\n return new Point(X3, Y3, Z3);\n }\n // Renes-Costello-Batina exception-free addition formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 1\n // Cost: 12M + 0S + 3*a + 3*b3 + 23add.\n add(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n const a = CURVE.a;\n const b3 = Fp.mul(CURVE.b, _3n);\n let t0 = Fp.mul(X1, X2); // step 1\n let t1 = Fp.mul(Y1, Y2);\n let t2 = Fp.mul(Z1, Z2);\n let t3 = Fp.add(X1, Y1);\n let t4 = Fp.add(X2, Y2); // step 5\n t3 = Fp.mul(t3, t4);\n t4 = Fp.add(t0, t1);\n t3 = Fp.sub(t3, t4);\n t4 = Fp.add(X1, Z1);\n let t5 = Fp.add(X2, Z2); // step 10\n t4 = Fp.mul(t4, t5);\n t5 = Fp.add(t0, t2);\n t4 = Fp.sub(t4, t5);\n t5 = Fp.add(Y1, Z1);\n X3 = Fp.add(Y2, Z2); // step 15\n t5 = Fp.mul(t5, X3);\n X3 = Fp.add(t1, t2);\n t5 = Fp.sub(t5, X3);\n Z3 = Fp.mul(a, t4);\n X3 = Fp.mul(b3, t2); // step 20\n Z3 = Fp.add(X3, Z3);\n X3 = Fp.sub(t1, Z3);\n Z3 = Fp.add(t1, Z3);\n Y3 = Fp.mul(X3, Z3);\n t1 = Fp.add(t0, t0); // step 25\n t1 = Fp.add(t1, t0);\n t2 = Fp.mul(a, t2);\n t4 = Fp.mul(b3, t4);\n t1 = Fp.add(t1, t2);\n t2 = Fp.sub(t0, t2); // step 30\n t2 = Fp.mul(a, t2);\n t4 = Fp.add(t4, t2);\n t0 = Fp.mul(t1, t4);\n Y3 = Fp.add(Y3, t0);\n t0 = Fp.mul(t5, t4); // step 35\n X3 = Fp.mul(t3, X3);\n X3 = Fp.sub(X3, t0);\n t0 = Fp.mul(t3, t1);\n Z3 = Fp.mul(t5, Z3);\n Z3 = Fp.add(Z3, t0); // step 40\n return new Point(X3, Y3, Z3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n /**\n * Non-constant-time multiplication. Uses double-and-add algorithm.\n * It's faster, but should only be used when you don't care about\n * an exposed private key e.g. sig verification, which works over *public* keys.\n */\n multiplyUnsafe(sc) {\n ut.aInRange('scalar', sc, _0n, CURVE.n);\n const I = Point.ZERO;\n if (sc === _0n)\n return I;\n if (sc === _1n)\n return this;\n const { endo } = CURVE;\n if (!endo)\n return wnaf.unsafeLadder(this, sc);\n // Apply endomorphism\n let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);\n let k1p = I;\n let k2p = I;\n let d = this;\n while (k1 > _0n || k2 > _0n) {\n if (k1 & _1n)\n k1p = k1p.add(d);\n if (k2 & _1n)\n k2p = k2p.add(d);\n d = d.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n if (k1neg)\n k1p = k1p.negate();\n if (k2neg)\n k2p = k2p.negate();\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n return k1p.add(k2p);\n }\n /**\n * Constant time multiplication.\n * Uses wNAF method. Windowed method may be 10% faster,\n * but takes 2x longer to generate and consumes 2x memory.\n * Uses precomputes when available.\n * Uses endomorphism for Koblitz curves.\n * @param scalar by which the point would be multiplied\n * @returns New point\n */\n multiply(scalar) {\n const { endo, n: N } = CURVE;\n ut.aInRange('scalar', scalar, _1n, N);\n let point, fake; // Fake point is used to const-time mult\n if (endo) {\n const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);\n let { p: k1p, f: f1p } = this.wNAF(k1);\n let { p: k2p, f: f2p } = this.wNAF(k2);\n k1p = wnaf.constTimeNegate(k1neg, k1p);\n k2p = wnaf.constTimeNegate(k2neg, k2p);\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n point = k1p.add(k2p);\n fake = f1p.add(f2p);\n }\n else {\n const { p, f } = this.wNAF(scalar);\n point = p;\n fake = f;\n }\n // Normalize `z` for both points, but return only real one\n return Point.normalizeZ([point, fake])[0];\n }\n /**\n * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.\n * Not using Strauss-Shamir trick: precomputation tables are faster.\n * The trick could be useful if both P and Q are not G (not in our case).\n * @returns non-zero affine point\n */\n multiplyAndAddUnsafe(Q, a, b) {\n const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes\n const mul = (P, a // Select faster multiply() method\n ) => (a === _0n || a === _1n || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));\n const sum = mul(this, a).add(mul(Q, b));\n return sum.is0() ? undefined : sum;\n }\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n isTorsionFree() {\n const { h: cofactor, isTorsionFree } = CURVE;\n if (cofactor === _1n)\n return true; // No subgroups, always torsion-free\n if (isTorsionFree)\n return isTorsionFree(Point, this);\n throw new Error('isTorsionFree() has not been declared for the elliptic curve');\n }\n clearCofactor() {\n const { h: cofactor, clearCofactor } = CURVE;\n if (cofactor === _1n)\n return this; // Fast-path\n if (clearCofactor)\n return clearCofactor(Point, this);\n return this.multiplyUnsafe(CURVE.h);\n }\n toRawBytes(isCompressed = true) {\n abool('isCompressed', isCompressed);\n this.assertValidity();\n return toBytes(Point, this, isCompressed);\n }\n toHex(isCompressed = true) {\n abool('isCompressed', isCompressed);\n return ut.bytesToHex(this.toRawBytes(isCompressed));\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);\n Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO);\n const _bits = CURVE.nBitLength;\n const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits);\n // Validate if generator point is on curve\n return {\n CURVE,\n ProjectivePoint: Point,\n normPrivateKeyToScalar,\n weierstrassEquation,\n isWithinCurveOrder,\n };\n}\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n hash: 'hash',\n hmac: 'function',\n randomBytes: 'function',\n }, {\n bits2int: 'function',\n bits2int_modN: 'function',\n lowS: 'boolean',\n });\n return Object.freeze({ lowS: true, ...opts });\n}\n/**\n * Creates short weierstrass curve and ECDSA signature methods for it.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, b, p, n, Gx, Gy\n * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })\n */\nexport function weierstrass(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER } = CURVE;\n const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32\n const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32\n function modN(a) {\n return mod.mod(a, CURVE_ORDER);\n }\n function invN(a) {\n return mod.invert(a, CURVE_ORDER);\n }\n const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({\n ...CURVE,\n toBytes(_c, point, isCompressed) {\n const a = point.toAffine();\n const x = Fp.toBytes(a.x);\n const cat = ut.concatBytes;\n abool('isCompressed', isCompressed);\n if (isCompressed) {\n return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);\n }\n else {\n return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));\n }\n },\n fromBytes(bytes) {\n const len = bytes.length;\n const head = bytes[0];\n const tail = bytes.subarray(1);\n // this.assertValidity() is done inside of fromHex\n if (len === compressedLen && (head === 0x02 || head === 0x03)) {\n const x = ut.bytesToNumberBE(tail);\n if (!ut.inRange(x, _1n, Fp.ORDER))\n throw new Error('Point is not on curve');\n const y2 = weierstrassEquation(x); // y² = x³ + ax + b\n let y;\n try {\n y = Fp.sqrt(y2); // y = y² ^ (p+1)/4\n }\n catch (sqrtError) {\n const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';\n throw new Error('Point is not on curve' + suffix);\n }\n const isYOdd = (y & _1n) === _1n;\n // ECDSA\n const isHeadOdd = (head & 1) === 1;\n if (isHeadOdd !== isYOdd)\n y = Fp.neg(y);\n return { x, y };\n }\n else if (len === uncompressedLen && head === 0x04) {\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n }\n else {\n throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);\n }\n },\n });\n const numToNByteStr = (num) => ut.bytesToHex(ut.numberToBytesBE(num, CURVE.nByteLength));\n function isBiggerThanHalfOrder(number) {\n const HALF = CURVE_ORDER >> _1n;\n return number > HALF;\n }\n function normalizeS(s) {\n return isBiggerThanHalfOrder(s) ? modN(-s) : s;\n }\n // slice bytes num\n const slcNum = (b, from, to) => ut.bytesToNumberBE(b.slice(from, to));\n /**\n * ECDSA signature with its (r, s) properties. Supports DER & compact representations.\n */\n class Signature {\n constructor(r, s, recovery) {\n this.r = r;\n this.s = s;\n this.recovery = recovery;\n this.assertValidity();\n }\n // pair (bytes of r, bytes of s)\n static fromCompact(hex) {\n const l = CURVE.nByteLength;\n hex = ensureBytes('compactSignature', hex, l * 2);\n return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));\n }\n // DER encoded ECDSA signature\n // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script\n static fromDER(hex) {\n const { r, s } = DER.toSig(ensureBytes('DER', hex));\n return new Signature(r, s);\n }\n assertValidity() {\n ut.aInRange('r', this.r, _1n, CURVE_ORDER); // r in [1..N]\n ut.aInRange('s', this.s, _1n, CURVE_ORDER); // s in [1..N]\n }\n addRecoveryBit(recovery) {\n return new Signature(this.r, this.s, recovery);\n }\n recoverPublicKey(msgHash) {\n const { r, s, recovery: rec } = this;\n const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash\n if (rec == null || ![0, 1, 2, 3].includes(rec))\n throw new Error('recovery id invalid');\n const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;\n if (radj >= Fp.ORDER)\n throw new Error('recovery id 2 or 3 invalid');\n const prefix = (rec & 1) === 0 ? '02' : '03';\n const R = Point.fromHex(prefix + numToNByteStr(radj));\n const ir = invN(radj); // r^-1\n const u1 = modN(-h * ir); // -hr^-1\n const u2 = modN(s * ir); // sr^-1\n const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n if (!Q)\n throw new Error('point at infinify'); // unsafe is fine: no priv data leaked\n Q.assertValidity();\n return Q;\n }\n // Signatures should be low-s, to prevent malleability.\n hasHighS() {\n return isBiggerThanHalfOrder(this.s);\n }\n normalizeS() {\n return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;\n }\n // DER-encoded\n toDERRawBytes() {\n return ut.hexToBytes(this.toDERHex());\n }\n toDERHex() {\n return DER.hexFromSig({ r: this.r, s: this.s });\n }\n // padded bytes of r, then padded bytes of s\n toCompactRawBytes() {\n return ut.hexToBytes(this.toCompactHex());\n }\n toCompactHex() {\n return numToNByteStr(this.r) + numToNByteStr(this.s);\n }\n }\n const utils = {\n isValidPrivateKey(privateKey) {\n try {\n normPrivateKeyToScalar(privateKey);\n return true;\n }\n catch (error) {\n return false;\n }\n },\n normPrivateKeyToScalar: normPrivateKeyToScalar,\n /**\n * Produces cryptographically secure private key from random of size\n * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.\n */\n randomPrivateKey: () => {\n const length = mod.getMinHashLength(CURVE.n);\n return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);\n },\n /**\n * Creates precompute table for an arbitrary EC point. Makes point \"cached\".\n * Allows to massively speed-up `point.multiply(scalar)`.\n * @returns cached point\n * @example\n * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));\n * fast.multiply(privKey); // much faster ECDH now\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here\n return point;\n },\n };\n /**\n * Computes public key for a private key. Checks for validity of the private key.\n * @param privateKey private key\n * @param isCompressed whether to return compact (default), or full key\n * @returns Public key, full when isCompressed=false; short when isCompressed=true\n */\n function getPublicKey(privateKey, isCompressed = true) {\n return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);\n }\n /**\n * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.\n */\n function isProbPub(item) {\n const arr = ut.isBytes(item);\n const str = typeof item === 'string';\n const len = (arr || str) && item.length;\n if (arr)\n return len === compressedLen || len === uncompressedLen;\n if (str)\n return len === 2 * compressedLen || len === 2 * uncompressedLen;\n if (item instanceof Point)\n return true;\n return false;\n }\n /**\n * ECDH (Elliptic Curve Diffie Hellman).\n * Computes shared public key from private key and public key.\n * Checks: 1) private key validity 2) shared key is on-curve.\n * Does NOT hash the result.\n * @param privateA private key\n * @param publicB different public key\n * @param isCompressed whether to return compact (default), or full key\n * @returns shared public key\n */\n function getSharedSecret(privateA, publicB, isCompressed = true) {\n if (isProbPub(privateA))\n throw new Error('first arg must be private key');\n if (!isProbPub(publicB))\n throw new Error('second arg must be public key');\n const b = Point.fromHex(publicB); // check for being on-curve\n return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);\n }\n // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.\n // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.\n // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.\n // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors\n const bits2int = CURVE.bits2int ||\n function (bytes) {\n // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)\n // for some cases, since bytes.length * 8 is not actual bitLength.\n const num = ut.bytesToNumberBE(bytes); // check for == u8 done here\n const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits\n return delta > 0 ? num >> BigInt(delta) : num;\n };\n const bits2int_modN = CURVE.bits2int_modN ||\n function (bytes) {\n return modN(bits2int(bytes)); // can't use bytesToNumberBE here\n };\n // NOTE: pads output with zero as per spec\n const ORDER_MASK = ut.bitMask(CURVE.nBitLength);\n /**\n * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.\n */\n function int2octets(num) {\n ut.aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);\n // works with order, can have different size than numToField!\n return ut.numberToBytesBE(num, CURVE.nByteLength);\n }\n // Steps A, D of RFC6979 3.2\n // Creates RFC6979 seed; converts msg/privKey to numbers.\n // Used only in sign, not in verify.\n // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.\n // Also it can be bigger for P224 + SHA256\n function prepSig(msgHash, privateKey, opts = defaultSigOpts) {\n if (['recovered', 'canonical'].some((k) => k in opts))\n throw new Error('sign() legacy options not supported');\n const { hash, randomBytes } = CURVE;\n let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default\n if (lowS == null)\n lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash\n msgHash = ensureBytes('msgHash', msgHash);\n validateSigVerOpts(opts);\n if (prehash)\n msgHash = ensureBytes('prehashed msgHash', hash(msgHash));\n // We can't later call bits2octets, since nested bits2int is broken for curves\n // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.\n // const bits2octets = (bits) => int2octets(bits2int_modN(bits))\n const h1int = bits2int_modN(msgHash);\n const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint\n const seedArgs = [int2octets(d), int2octets(h1int)];\n // extraEntropy. RFC6979 3.6: additional k' (optional).\n if (ent != null && ent !== false) {\n // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is\n seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes\n }\n const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2\n const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!\n // Converts signature params into point w r/s, checks result for validity.\n function k2sig(kBytes) {\n // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n const k = bits2int(kBytes); // Cannot use fields methods, since it is group element\n if (!isWithinCurveOrder(k))\n return; // Important: all mod() calls here must be done over N\n const ik = invN(k); // k^-1 mod n\n const q = Point.BASE.multiply(k).toAffine(); // q = Gk\n const r = modN(q.x); // r = q.x mod n\n if (r === _0n)\n return;\n // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to\n // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:\n // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT\n const s = modN(ik * modN(m + r * d)); // Not using blinding here\n if (s === _0n)\n return;\n let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)\n let normS = s;\n if (lowS && isBiggerThanHalfOrder(s)) {\n normS = normalizeS(s); // if lowS was passed, ensure s is always\n recovery ^= 1; // // in the bottom half of N\n }\n return new Signature(r, normS, recovery); // use normS, not s\n }\n return { seed, k2sig };\n }\n const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };\n const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };\n /**\n * Signs message hash with a private key.\n * ```\n * sign(m, d, k) where\n * (x, y) = G × k\n * r = x mod n\n * s = (m + dr)/k mod n\n * ```\n * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.\n * @param privKey private key\n * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.\n * @returns signature with recovery param\n */\n function sign(msgHash, privKey, opts = defaultSigOpts) {\n const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.\n const C = CURVE;\n const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);\n return drbg(seed, k2sig); // Steps B, C, D, E, F, G\n }\n // Enable precomputes. Slows down first publicKey computation by 20ms.\n Point.BASE._setWindowSize(8);\n // utils.precompute(8, ProjectivePoint.BASE)\n /**\n * Verifies a signature against message hash and public key.\n * Rejects lowS signatures by default: to override,\n * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf:\n *\n * ```\n * verify(r, s, h, P) where\n * U1 = hs^-1 mod n\n * U2 = rs^-1 mod n\n * R = U1⋅G - U2⋅P\n * mod(R.x, n) == r\n * ```\n */\n function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {\n const sg = signature;\n msgHash = ensureBytes('msgHash', msgHash);\n publicKey = ensureBytes('publicKey', publicKey);\n if ('strict' in opts)\n throw new Error('options.strict was renamed to lowS');\n validateSigVerOpts(opts);\n const { lowS, prehash } = opts;\n let _sig = undefined;\n let P;\n try {\n if (typeof sg === 'string' || ut.isBytes(sg)) {\n // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).\n // Since DER can also be 2*nByteLength bytes, we check for it first.\n try {\n _sig = Signature.fromDER(sg);\n }\n catch (derError) {\n if (!(derError instanceof DER.Err))\n throw derError;\n _sig = Signature.fromCompact(sg);\n }\n }\n else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {\n const { r, s } = sg;\n _sig = new Signature(r, s);\n }\n else {\n throw new Error('PARSE');\n }\n P = Point.fromHex(publicKey);\n }\n catch (error) {\n if (error.message === 'PARSE')\n throw new Error(`signature must be Signature instance, Uint8Array or hex string`);\n return false;\n }\n if (lowS && _sig.hasHighS())\n return false;\n if (prehash)\n msgHash = CURVE.hash(msgHash);\n const { r, s } = _sig;\n const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element\n const is = invN(s); // s^-1\n const u1 = modN(h * is); // u1 = hs^-1 mod n\n const u2 = modN(r * is); // u2 = rs^-1 mod n\n const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P\n if (!R)\n return false;\n const v = modN(R.x);\n return v === r;\n }\n return {\n CURVE,\n getPublicKey,\n getSharedSecret,\n sign,\n verify,\n ProjectivePoint: Point,\n Signature,\n utils,\n };\n}\n/**\n * Implementation of the Shallue and van de Woestijne method for any weierstrass curve.\n * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.\n * b = True and y = sqrt(u / v) if (u / v) is square in F, and\n * b = False and y = sqrt(Z * (u / v)) otherwise.\n * @param Fp\n * @param Z\n * @returns\n */\nexport function SWUFpSqrtRatio(Fp, Z) {\n // Generic implementation\n const q = Fp.ORDER;\n let l = _0n;\n for (let o = q - _1n; o % _2n === _0n; o /= _2n)\n l += _1n;\n const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.\n // We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.\n // 2n ** c1 == 2n << (c1-1)\n const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);\n const _2n_pow_c1 = _2n_pow_c1_1 * _2n;\n const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic\n const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic\n const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic\n const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic\n const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2\n const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)\n let sqrtRatio = (u, v) => {\n let tv1 = c6; // 1. tv1 = c6\n let tv2 = Fp.pow(v, c4); // 2. tv2 = v^c4\n let tv3 = Fp.sqr(tv2); // 3. tv3 = tv2^2\n tv3 = Fp.mul(tv3, v); // 4. tv3 = tv3 * v\n let tv5 = Fp.mul(u, tv3); // 5. tv5 = u * tv3\n tv5 = Fp.pow(tv5, c3); // 6. tv5 = tv5^c3\n tv5 = Fp.mul(tv5, tv2); // 7. tv5 = tv5 * tv2\n tv2 = Fp.mul(tv5, v); // 8. tv2 = tv5 * v\n tv3 = Fp.mul(tv5, u); // 9. tv3 = tv5 * u\n let tv4 = Fp.mul(tv3, tv2); // 10. tv4 = tv3 * tv2\n tv5 = Fp.pow(tv4, c5); // 11. tv5 = tv4^c5\n let isQR = Fp.eql(tv5, Fp.ONE); // 12. isQR = tv5 == 1\n tv2 = Fp.mul(tv3, c7); // 13. tv2 = tv3 * c7\n tv5 = Fp.mul(tv4, tv1); // 14. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, isQR); // 15. tv3 = CMOV(tv2, tv3, isQR)\n tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)\n // 17. for i in (c1, c1 - 1, ..., 2):\n for (let i = c1; i > _1n; i--) {\n let tv5 = i - _2n; // 18. tv5 = i - 2\n tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5\n let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5\n const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1\n tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1\n tv1 = Fp.mul(tv1, tv1); // 23. tv1 = tv1 * tv1\n tvv5 = Fp.mul(tv4, tv1); // 24. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, e1); // 25. tv3 = CMOV(tv2, tv3, e1)\n tv4 = Fp.cmov(tvv5, tv4, e1); // 26. tv4 = CMOV(tv5, tv4, e1)\n }\n return { isValid: isQR, value: tv3 };\n };\n if (Fp.ORDER % _4n === _3n) {\n // sqrt_ratio_3mod4(u, v)\n const c1 = (Fp.ORDER - _3n) / _4n; // 1. c1 = (q - 3) / 4 # Integer arithmetic\n const c2 = Fp.sqrt(Fp.neg(Z)); // 2. c2 = sqrt(-Z)\n sqrtRatio = (u, v) => {\n let tv1 = Fp.sqr(v); // 1. tv1 = v^2\n const tv2 = Fp.mul(u, v); // 2. tv2 = u * v\n tv1 = Fp.mul(tv1, tv2); // 3. tv1 = tv1 * tv2\n let y1 = Fp.pow(tv1, c1); // 4. y1 = tv1^c1\n y1 = Fp.mul(y1, tv2); // 5. y1 = y1 * tv2\n const y2 = Fp.mul(y1, c2); // 6. y2 = y1 * c2\n const tv3 = Fp.mul(Fp.sqr(y1), v); // 7. tv3 = y1^2; 8. tv3 = tv3 * v\n const isQR = Fp.eql(tv3, u); // 9. isQR = tv3 == u\n let y = Fp.cmov(y2, y1, isQR); // 10. y = CMOV(y2, y1, isQR)\n return { isValid: isQR, value: y }; // 11. return (isQR, y) isQR ? y : y*c2\n };\n }\n // No curves uses that\n // if (Fp.ORDER % _8n === _5n) // sqrt_ratio_5mod8\n return sqrtRatio;\n}\n/**\n * Simplified Shallue-van de Woestijne-Ulas Method\n * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2\n */\nexport function mapToCurveSimpleSWU(Fp, opts) {\n mod.validateField(Fp);\n if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))\n throw new Error('mapToCurveSimpleSWU: invalid opts');\n const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);\n if (!Fp.isOdd)\n throw new Error('Fp.isOdd is not implemented!');\n // Input: u, an element of F.\n // Output: (x, y), a point on E.\n return (u) => {\n // prettier-ignore\n let tv1, tv2, tv3, tv4, tv5, tv6, x, y;\n tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, opts.Z); // 2. tv1 = Z * tv1\n tv2 = Fp.sqr(tv1); // 3. tv2 = tv1^2\n tv2 = Fp.add(tv2, tv1); // 4. tv2 = tv2 + tv1\n tv3 = Fp.add(tv2, Fp.ONE); // 5. tv3 = tv2 + 1\n tv3 = Fp.mul(tv3, opts.B); // 6. tv3 = B * tv3\n tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO)); // 7. tv4 = CMOV(Z, -tv2, tv2 != 0)\n tv4 = Fp.mul(tv4, opts.A); // 8. tv4 = A * tv4\n tv2 = Fp.sqr(tv3); // 9. tv2 = tv3^2\n tv6 = Fp.sqr(tv4); // 10. tv6 = tv4^2\n tv5 = Fp.mul(tv6, opts.A); // 11. tv5 = A * tv6\n tv2 = Fp.add(tv2, tv5); // 12. tv2 = tv2 + tv5\n tv2 = Fp.mul(tv2, tv3); // 13. tv2 = tv2 * tv3\n tv6 = Fp.mul(tv6, tv4); // 14. tv6 = tv6 * tv4\n tv5 = Fp.mul(tv6, opts.B); // 15. tv5 = B * tv6\n tv2 = Fp.add(tv2, tv5); // 16. tv2 = tv2 + tv5\n x = Fp.mul(tv1, tv3); // 17. x = tv1 * tv3\n const { isValid, value } = sqrtRatio(tv2, tv6); // 18. (is_gx1_square, y1) = sqrt_ratio(tv2, tv6)\n y = Fp.mul(tv1, u); // 19. y = tv1 * u -> Z * u^3 * y1\n y = Fp.mul(y, value); // 20. y = y * y1\n x = Fp.cmov(x, tv3, isValid); // 21. x = CMOV(x, tv3, is_gx1_square)\n y = Fp.cmov(y, value, isValid); // 22. y = CMOV(y, y1, is_gx1_square)\n const e1 = Fp.isOdd(u) === Fp.isOdd(y); // 23. e1 = sgn0(u) == sgn0(y)\n y = Fp.cmov(Fp.neg(y), y, e1); // 24. y = CMOV(-y, y, e1)\n x = Fp.div(x, tv4); // 25. x = x / tv4\n return { x, y };\n };\n}\n//# sourceMappingURL=weierstrass.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { hmac } from '@noble/hashes/hmac';\nimport { concatBytes, randomBytes } from '@noble/hashes/utils';\nimport { weierstrass } from './abstract/weierstrass.js';\n// connects noble-curves to noble-hashes\nexport function getHash(hash) {\n return {\n hash,\n hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),\n randomBytes,\n };\n}\nexport function createCurve(curveDef, defHash) {\n const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });\n return Object.freeze({ ...create(defHash), create });\n}\n//# sourceMappingURL=_shortw_utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp256r1 aka p256\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256\nconst Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));\nconst CURVE_A = Fp.create(BigInt('-3'));\nconst CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');\n// prettier-ignore\nexport const p256 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n\n // Curve order, total count of valid points in the field\n n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),\n Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),\n h: BigInt(1),\n lowS: false,\n}, sha256);\nexport const secp256r1 = p256;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-10')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P256_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p256.js.map","const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\n// We are not using BigUint64Array, because they are extremely slow as per 2022\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };\n}\nfunction split(lst, le = false) {\n let Ah = new Uint32Array(lst.length);\n let Al = new Uint32Array(lst.length);\n for (let i = 0; i < lst.length; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { fromBig, split, toBig, shrSH, shrSL, rotrSH, rotrSL, rotrBH, rotrBL, rotr32H, rotr32L, rotlSH, rotlSL, rotlBH, rotlBL, add, add3L, add3H, add4L, add4H, add5H, add5L, };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map","import { HashMD } from './_md.js';\nimport u64 from './_u64.js';\nimport { wrapConstructor } from './utils.js';\n// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):\n// prettier-ignore\nconst [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([\n '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\n// Temporary buffer, not used to store anything between runs\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA512 extends HashMD {\n constructor() {\n super(128, 64, 16, false);\n // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.\n // Also looks cleaner and easier to verify with spec.\n // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x6a09e667 | 0;\n this.Al = 0xf3bcc908 | 0;\n this.Bh = 0xbb67ae85 | 0;\n this.Bl = 0x84caa73b | 0;\n this.Ch = 0x3c6ef372 | 0;\n this.Cl = 0xfe94f82b | 0;\n this.Dh = 0xa54ff53a | 0;\n this.Dl = 0x5f1d36f1 | 0;\n this.Eh = 0x510e527f | 0;\n this.El = 0xade682d1 | 0;\n this.Fh = 0x9b05688c | 0;\n this.Fl = 0x2b3e6c1f | 0;\n this.Gh = 0x1f83d9ab | 0;\n this.Gl = 0xfb41bd6b | 0;\n this.Hh = 0x5be0cd19 | 0;\n this.Hl = 0x137e2179 | 0;\n }\n // prettier-ignore\n get() {\n const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n }\n // prettier-ignore\n set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {\n this.Ah = Ah | 0;\n this.Al = Al | 0;\n this.Bh = Bh | 0;\n this.Bl = Bl | 0;\n this.Ch = Ch | 0;\n this.Cl = Cl | 0;\n this.Dh = Dh | 0;\n this.Dl = Dl | 0;\n this.Eh = Eh | 0;\n this.El = El | 0;\n this.Fh = Fh | 0;\n this.Fl = Fl | 0;\n this.Gh = Gh | 0;\n this.Gl = Gl | 0;\n this.Hh = Hh | 0;\n this.Hl = Hl | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4) {\n SHA512_W_H[i] = view.getUint32(offset);\n SHA512_W_L[i] = view.getUint32((offset += 4));\n }\n for (let i = 16; i < 80; i++) {\n // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n const W15h = SHA512_W_H[i - 15] | 0;\n const W15l = SHA512_W_L[i - 15] | 0;\n const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n const W2h = SHA512_W_H[i - 2] | 0;\n const W2l = SHA512_W_L[i - 2] | 0;\n const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];\n const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n SHA512_W_H[i] = SUMh | 0;\n SHA512_W_L[i] = SUMl | 0;\n }\n let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n // Compression function main loop, 80 rounds\n for (let i = 0; i < 80; i++) {\n // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n const CHIl = (El & Fl) ^ (~El & Gl);\n // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n // prettier-ignore\n const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n const T1l = T1ll | 0;\n // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n Hh = Gh | 0;\n Hl = Gl | 0;\n Gh = Fh | 0;\n Gl = Fl | 0;\n Fh = Eh | 0;\n Fl = El | 0;\n ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n Dh = Ch | 0;\n Dl = Cl | 0;\n Ch = Bh | 0;\n Cl = Bl | 0;\n Bh = Ah | 0;\n Bl = Al | 0;\n const All = u64.add3L(T1l, sigma0l, MAJl);\n Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n Al = All | 0;\n }\n // Add the compressed chunk to the current hash value\n ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n }\n roundClean() {\n SHA512_W_H.fill(0);\n SHA512_W_L.fill(0);\n }\n destroy() {\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n }\n}\nexport class SHA512_224 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x8c3d37c8 | 0;\n this.Al = 0x19544da2 | 0;\n this.Bh = 0x73e19966 | 0;\n this.Bl = 0x89dcd4d6 | 0;\n this.Ch = 0x1dfab7ae | 0;\n this.Cl = 0x32ff9c82 | 0;\n this.Dh = 0x679dd514 | 0;\n this.Dl = 0x582f9fcf | 0;\n this.Eh = 0x0f6d2b69 | 0;\n this.El = 0x7bd44da8 | 0;\n this.Fh = 0x77e36f73 | 0;\n this.Fl = 0x04c48942 | 0;\n this.Gh = 0x3f9d85a8 | 0;\n this.Gl = 0x6a1d36c8 | 0;\n this.Hh = 0x1112e6ad | 0;\n this.Hl = 0x91d692a1 | 0;\n this.outputLen = 28;\n }\n}\nexport class SHA512_256 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x22312194 | 0;\n this.Al = 0xfc2bf72c | 0;\n this.Bh = 0x9f555fa3 | 0;\n this.Bl = 0xc84c64c2 | 0;\n this.Ch = 0x2393b86b | 0;\n this.Cl = 0x6f53b151 | 0;\n this.Dh = 0x96387719 | 0;\n this.Dl = 0x5940eabd | 0;\n this.Eh = 0x96283ee2 | 0;\n this.El = 0xa88effe3 | 0;\n this.Fh = 0xbe5e1e25 | 0;\n this.Fl = 0x53863992 | 0;\n this.Gh = 0x2b0199fc | 0;\n this.Gl = 0x2c85b8aa | 0;\n this.Hh = 0x0eb72ddc | 0;\n this.Hl = 0x81c52ca2 | 0;\n this.outputLen = 32;\n }\n}\nexport class SHA384 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0xcbbb9d5d | 0;\n this.Al = 0xc1059ed8 | 0;\n this.Bh = 0x629a292a | 0;\n this.Bl = 0x367cd507 | 0;\n this.Ch = 0x9159015a | 0;\n this.Cl = 0x3070dd17 | 0;\n this.Dh = 0x152fecd8 | 0;\n this.Dl = 0xf70e5939 | 0;\n this.Eh = 0x67332667 | 0;\n this.El = 0xffc00b31 | 0;\n this.Fh = 0x8eb44a87 | 0;\n this.Fl = 0x68581511 | 0;\n this.Gh = 0xdb0c2e0d | 0;\n this.Gl = 0x64f98fa7 | 0;\n this.Hh = 0x47b5481d | 0;\n this.Hl = 0xbefa4fa4 | 0;\n this.outputLen = 48;\n }\n}\nexport const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());\nexport const sha512_224 = /* @__PURE__ */ wrapConstructor(() => new SHA512_224());\nexport const sha512_256 = /* @__PURE__ */ wrapConstructor(() => new SHA512_256());\nexport const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384());\n//# sourceMappingURL=sha512.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha384 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp384r1 aka p384\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');\nconst Fp = Field(P);\nconst CURVE_A = Fp.create(BigInt('-3'));\n// prettier-ignore\nconst CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');\n// prettier-ignore\nexport const p384 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n\n // Curve order, total count of valid points in the field.\n n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),\n // Base (generator) point (x, y)\n Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),\n Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),\n h: BigInt(1),\n lowS: false,\n}, sha384);\nexport const secp384r1 = p384;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-12')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P384_XMD:SHA-384_SSWU_RO_',\n encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 192,\n expand: 'xmd',\n hash: sha384,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p384.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha512 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp521r1 aka p521\n// Note that it's 521, which differs from 512 of its hash function.\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst Fp = Field(P);\nconst CURVE = {\n a: Fp.create(BigInt('-3')),\n b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),\n Fp,\n n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),\n Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),\n Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),\n h: BigInt(1),\n};\n// prettier-ignore\nexport const p521 = createCurve({\n a: CURVE.a, // Equation params: a, b\n b: CURVE.b,\n Fp, // Field: 2n**521n - 1n\n // Curve order, total count of valid points in the field\n n: CURVE.n,\n Gx: CURVE.Gx, // Base point (x, y) aka generator point\n Gy: CURVE.Gy,\n h: CURVE.h,\n lowS: false,\n allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b\n}, sha512);\nexport const secp521r1 = p521;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE.a,\n B: CURVE.b,\n Z: Fp.create(BigInt('-4')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P521_XMD:SHA-512_SSWU_RO_',\n encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 256,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p521.js.map","import { bytes, exists, number, output } from './_assert.js';\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';\nimport { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';\n// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.\n// It's called a sponge function.\n// Various per round constants calculations\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nconst _7n = /* @__PURE__ */ BigInt(7);\nconst _256n = /* @__PURE__ */ BigInt(256);\nconst _0x71n = /* @__PURE__ */ BigInt(0x71);\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true);\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n// Same as keccakf1600, but allows to skip some rounds\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n B.fill(0);\n}\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n // Can be passed from user as dkLen\n number(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n if (0 >= this.blockLen || this.blockLen >= 200)\n throw new Error('Sha3 supports only keccak-f1600 function');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n keccak() {\n if (!isLE)\n byteSwap32(this.state32);\n keccakP(this.state32, this.rounds);\n if (!isLE)\n byteSwap32(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n exists(this);\n const { blockLen, state } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n exists(this, false);\n bytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n number(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n output(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n this.state.fill(0);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));\nexport const sha3_224 = /* @__PURE__ */ gen(0x06, 144, 224 / 8);\n/**\n * SHA3-256 hash function\n * @param message - that would be hashed\n */\nexport const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8);\nexport const sha3_384 = /* @__PURE__ */ gen(0x06, 104, 384 / 8);\nexport const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8);\nexport const keccak_224 = /* @__PURE__ */ gen(0x01, 144, 224 / 8);\n/**\n * keccak-256 hash function. Different from SHA3-256.\n * @param message - that would be hashed\n */\nexport const keccak_256 = /* @__PURE__ */ gen(0x01, 136, 256 / 8);\nexport const keccak_384 = /* @__PURE__ */ gen(0x01, 104, 384 / 8);\nexport const keccak_512 = /* @__PURE__ */ gen(0x01, 72, 512 / 8);\nconst genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\nexport const shake128 = /* @__PURE__ */ genShake(0x1f, 168, 128 / 8);\nexport const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8);\n//# sourceMappingURL=sha3.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport { mod, Field } from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/**\n * Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n */\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n const MASK = _2n << (BigInt(nByteLength * 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio ||\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP\n const domain = CURVE.domain ||\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length || phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n) {\n ut.aInRange('coordinate ' + title, n, _0n, MASK);\n }\n function assertPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T\n const XY = modP(X * Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez);\n aCoordinate('t', et);\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p || {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n assertPoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1*a + 6add + 1*2.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12\n const D = modP(a * A); // D = a*A\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1*a + 1*d + 7add.\n add(other) {\n assertPoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n // Faster algo for adding 2 Extended Points when curve's a=-1.\n // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4\n // Cost: 8M + 8add + 2*2.\n // Note: It does not check whether the `other` point is valid.\n if (a === BigInt(-1)) {\n const A = modP((Y1 - X1) * (Y2 + X2));\n const B = modP((Y1 + X1) * (Y2 - X2));\n const F = modP(B - A);\n if (F === _0n)\n return this.double(); // Same point. Tests say it doesn't affect timing\n const C = modP(Z1 * _2n * T2);\n const D = modP(T1 * _2n * Z2);\n const E = D + C;\n const G = B + A;\n const H = D - C;\n const X3 = modP(E * F);\n const Y3 = modP(G * H);\n const T3 = modP(E * H);\n const Z3 = modP(F * G);\n return new Point(X3, Y3, Z3, T3);\n }\n const A = modP(X1 * X2); // A = X1*X2\n const B = modP(Y1 * Y2); // B = Y1*Y2\n const C = modP(T1 * d * T2); // C = T1*d*T2\n const D = modP(Z1 * Z2); // D = Z1*Z2\n const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a * A); // H = B-a*A\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n multiplyUnsafe(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.equals(I) || n === _1n)\n return this;\n if (this.equals(G))\n return this.wNAF(n).p;\n return wnaf.unsafeLadder(this, n);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = ut.bytesToNumberLE(normed);\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n ut.aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n return getExtendedPublicKey(privKey).point;\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(ut.bytesToNumberLE(hash));\n }\n /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */\n function getExtendedPublicKey(key) {\n const len = nByteLength;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) || msgs)) mod N\n function hashDomainToScalar(context = new Uint8Array(), ...msgs) {\n const msg = ut.concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 */\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)\n const s = modN(r + k * scalar); // S = (r + k * s) mod L\n ut.aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, nByteLength * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));\n // zip215: true is good for consensus-critical apps and allows points < 2^256\n // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p\n let A, R, SB;\n try {\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /**\n * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { mod, pow } from './modular.js';\nimport { aInRange, bytesToNumberLE, ensureBytes, numberToBytesLE, validateObject, } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction validateOpts(curve) {\n validateObject(curve, {\n a: 'bigint',\n }, {\n montgomeryBits: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n adjustScalarBytes: 'function',\n domain: 'function',\n powPminus2: 'function',\n Gu: 'bigint',\n });\n // Set defaults\n return Object.freeze({ ...curve });\n}\n// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748)\n// Uses only one coordinate instead of two\nexport function montgomery(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { P } = CURVE;\n const modP = (n) => mod(n, P);\n const montgomeryBits = CURVE.montgomeryBits;\n const montgomeryBytes = Math.ceil(montgomeryBits / 8);\n const fieldLen = CURVE.nByteLength;\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes);\n const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P));\n // cswap from RFC7748. But it is not from RFC7748!\n /*\n cswap(swap, x_2, x_3):\n dummy = mask(swap) AND (x_2 XOR x_3)\n x_2 = x_2 XOR dummy\n x_3 = x_3 XOR dummy\n Return (x_2, x_3)\n Where mask(swap) is the all-1 or all-0 word of the same length as x_2\n and x_3, computed, e.g., as mask(swap) = 0 - swap.\n */\n function cswap(swap, x_2, x_3) {\n const dummy = modP(swap * (x_2 - x_3));\n x_2 = modP(x_2 - dummy);\n x_3 = modP(x_3 + dummy);\n return [x_2, x_3];\n }\n // x25519 from 4\n // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519\n const a24 = (CURVE.a - BigInt(2)) / BigInt(4);\n /**\n *\n * @param pointU u coordinate (x) on Montgomery Curve 25519\n * @param scalar by which the point would be multiplied\n * @returns new Point on Montgomery curve\n */\n function montgomeryLadder(u, scalar) {\n aInRange('u', u, _0n, P);\n aInRange('scalar', scalar, _0n, P);\n // Section 5: Implementations MUST accept non-canonical values and process them as\n // if they had been reduced modulo the field prime.\n const k = scalar;\n const x_1 = u;\n let x_2 = _1n;\n let z_2 = _0n;\n let x_3 = u;\n let z_3 = _1n;\n let swap = _0n;\n let sw;\n for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {\n const k_t = (k >> t) & _1n;\n swap ^= k_t;\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n swap = k_t;\n const A = x_2 + z_2;\n const AA = modP(A * A);\n const B = x_2 - z_2;\n const BB = modP(B * B);\n const E = AA - BB;\n const C = x_3 + z_3;\n const D = x_3 - z_3;\n const DA = modP(D * A);\n const CB = modP(C * B);\n const dacb = DA + CB;\n const da_cb = DA - CB;\n x_3 = modP(dacb * dacb);\n z_3 = modP(x_1 * modP(da_cb * da_cb));\n x_2 = modP(AA * BB);\n z_2 = modP(E * (AA + modP(a24 * E)));\n }\n // (x_2, x_3) = cswap(swap, x_2, x_3)\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n // (z_2, z_3) = cswap(swap, z_2, z_3)\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n // z_2^(p - 2)\n const z2 = powPminus2(z_2);\n // Return x_2 * (z_2^(p - 2))\n return modP(x_2 * z2);\n }\n function encodeUCoordinate(u) {\n return numberToBytesLE(modP(u), montgomeryBytes);\n }\n function decodeUCoordinate(uEnc) {\n // Section 5: When receiving such an array, implementations of X25519\n // MUST mask the most significant bit in the final byte.\n const u = ensureBytes('u coordinate', uEnc, montgomeryBytes);\n if (fieldLen === 32)\n u[31] &= 127; // 0b0111_1111\n return bytesToNumberLE(u);\n }\n function decodeScalar(n) {\n const bytes = ensureBytes('scalar', n);\n const len = bytes.length;\n if (len !== montgomeryBytes && len !== fieldLen)\n throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`);\n return bytesToNumberLE(adjustScalarBytes(bytes));\n }\n function scalarMult(scalar, u) {\n const pointU = decodeUCoordinate(u);\n const _scalar = decodeScalar(scalar);\n const pu = montgomeryLadder(pointU, _scalar);\n // The result was not contributory\n // https://cr.yp.to/ecdh.html#validate\n if (pu === _0n)\n throw new Error('Invalid private or public key received');\n return encodeUCoordinate(pu);\n }\n // Computes public key from private. By doing scalar multiplication of base point.\n const GuBytes = encodeUCoordinate(CURVE.Gu);\n function scalarMultBase(scalar) {\n return scalarMult(scalar, GuBytes);\n }\n return {\n scalarMult,\n scalarMultBase,\n getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),\n getPublicKey: (privateKey) => scalarMultBase(privateKey),\n utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },\n GuBytes: GuBytes,\n };\n}\n//# sourceMappingURL=montgomery.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3';\nimport { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';\nimport { twistedEdwards } from './abstract/edwards.js';\nimport { createHasher, expand_message_xof } from './abstract/hash-to-curve.js';\nimport { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js';\nimport { montgomery } from './abstract/montgomery.js';\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js';\n/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n */\nconst shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));\nconst ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448P;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most\n // significant bit of the last byte to 1.\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448P;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\nconst Fp = Field(ed448P, 456, true);\nconst ED448_DEF = {\n // Param: a\n a: BigInt(1),\n // -39081. Negative number is P - number\n d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),\n // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n\n Fp,\n // Subgroup order: how many points curve has;\n // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\n n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n nBitLength: 456,\n // Cofactor\n h: BigInt(4),\n // Base point (x, y) aka generator point\n Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),\n Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),\n // SHAKE256(dom4(phflag,context)||x, 114)\n hash: shake256_114,\n randomBytes,\n adjustScalarBytes,\n // dom4\n domain: (data, ctx, phflag) => {\n if (ctx.length > 255)\n throw new Error(`Context is too big: ${ctx.length}`);\n return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n },\n uvRatio,\n};\nexport const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF);\n// NOTE: there is no ed448ctx, since ed448 supports ctx by default\nexport const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 });\nexport const x448 = /* @__PURE__ */ (() => montgomery({\n a: BigInt(156326),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n montgomeryBits: 448,\n nByteLength: 56,\n P: ed448P,\n Gu: BigInt(5),\n powPminus2: (x) => {\n const P = ed448P;\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, BigInt(2), P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/**\n * Converts edwards448 public key to x448 public key. Uses formula:\n * * `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`\n * * `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`\n * @example\n * const aPub = ed448.getPublicKey(utils.randomPrivateKey());\n * x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))\n */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = Fp.invertBatch([xEd, yEd]); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\nconst htf = /* @__PURE__ */ (() => createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\nfunction assertDcfPoint(other) {\n if (!(other instanceof DcfPoint))\n throw new Error('DecafPoint expected');\n}\n// 1-d\nconst ONE_MINUS_D = BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_448B = BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes448ToNumberLE = (bytes) => ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);\n// Computes Elligator map for Decaf\n// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/**\n * Each ed448/ExtendedPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448\n */\nclass DcfPoint {\n // Private property to discourage combining ExtendedPoint + DecafPoint\n // Always use Decaf encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));\n }\n /**\n * Takes uniform output of 112-byte hash function like shake256 and converts it to `DecafPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * **Note:** this is one-way map, there is no conversion from point to hash.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\n * @param hex 112-byte output of a hash function\n */\n static hashToCurve(hex) {\n hex = ensureBytes('decafHash', hex, 112);\n const r1 = bytes448ToNumberLE(hex.slice(0, 56));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = bytes448ToNumberLE(hex.slice(56, 112));\n const R2 = calcElligatorDecafMap(r2);\n return new DcfPoint(R1.add(R2));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-decode-2\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n hex = ensureBytes('decafHex', hex, 56);\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';\n const s = bytes448ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 56), hex) || isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error(emsg);\n return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));\n }\n /**\n * Encodes decaf point to Uint8Array.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-encode-2\n */\n toRawBytes() {\n let { ex: x, ey: _y, ez: z, et: t } = this.ep;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const u1 = mod(mod(x + t) * mod(x - t)); // 1\n const x2 = mod(x * x);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * z - t); // 4\n let s = mod(ONE_MINUS_D * invsqrt * x * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 56);\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n // Compare one point to another.\n // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-equals-2\n equals(other) {\n assertDcfPoint(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed448.CURVE.Fp.create;\n // (x1 * y2 == y1 * x2)\n return mod(X1 * Y2) === mod(Y1 * X2);\n }\n add(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new DcfPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new DcfPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new DcfPoint(this.ep.double());\n }\n negate() {\n return new DcfPoint(this.ep.negate());\n }\n}\nexport const DecafPoint = /* @__PURE__ */ (() => {\n // decaf448 base point is ed448 base x 2\n // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699\n if (!DcfPoint.BASE)\n DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);\n if (!DcfPoint.ZERO)\n DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);\n return DcfPoint;\n})();\n// Hashing to decaf448. https://www.rfc-editor.org/rfc/rfc9380#appendix-C\nexport const hashToDecaf448 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xof(msg, DST, 112, 224, shake256);\n const P = DcfPoint.hashToCurve(uniform_bytes);\n return P;\n};\nexport const hash_to_decaf448 = hashToDecaf448; // legacy\n//# sourceMappingURL=ed448.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher, isogenyMap } from './abstract/hash-to-curve.js';\nimport { Field, mod, pow2 } from './abstract/modular.js';\nimport { inRange, aInRange, bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE, } from './abstract/utils.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\nconst secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');\nconst secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst divNearest = (a, b) => (a + b / _2n) / b;\n/**\n * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.\n * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]\n */\nfunction sqrtMod(y) {\n const P = secp256k1P;\n // prettier-ignore\n const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);\n // prettier-ignore\n const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);\n const b2 = (y * y * y) % P; // x^3, 11\n const b3 = (b2 * b2 * y) % P; // x^7\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b223 = (pow2(b220, _3n, P) * b3) % P;\n const t1 = (pow2(b223, _23n, P) * b22) % P;\n const t2 = (pow2(t1, _6n, P) * b2) % P;\n const root = pow2(t2, _2n, P);\n if (!Fp.eql(Fp.sqr(root), y))\n throw new Error('Cannot find square root');\n return root;\n}\nconst Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });\n/**\n * secp256k1 short weierstrass curve and ECDSA signatures over it.\n */\nexport const secp256k1 = createCurve({\n a: BigInt(0), // equation params: a, b\n b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975\n Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n\n n: secp256k1N, // Curve order, total count of valid points in the field\n // Base point (x, y) aka generator point\n Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),\n Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),\n h: BigInt(1), // Cofactor\n lowS: true, // Allow only low-S signatures by default in sign() and verify()\n /**\n * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.\n * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.\n * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.\n * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066\n */\n endo: {\n beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),\n splitScalar: (k) => {\n const n = secp256k1N;\n const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');\n const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');\n const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');\n const b2 = a1;\n const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)\n const c1 = divNearest(b2 * k, n);\n const c2 = divNearest(-b1 * k, n);\n let k1 = mod(k - c1 * a1 - c2 * a2, n);\n let k2 = mod(-c1 * b1 - c2 * b2, n);\n const k1neg = k1 > POW_2_128;\n const k2neg = k2 > POW_2_128;\n if (k1neg)\n k1 = n - k1;\n if (k2neg)\n k2 = n - k2;\n if (k1 > POW_2_128 || k2 > POW_2_128) {\n throw new Error('splitScalar: Endomorphism failed, k=' + k);\n }\n return { k1neg, k1, k2neg, k2 };\n },\n },\n}, sha256);\n// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.\n// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki\nconst _0n = BigInt(0);\n/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */\nconst TAGGED_HASH_PREFIXES = {};\nfunction taggedHash(tag, ...messages) {\n let tagP = TAGGED_HASH_PREFIXES[tag];\n if (tagP === undefined) {\n const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));\n tagP = concatBytes(tagH, tagH);\n TAGGED_HASH_PREFIXES[tag] = tagP;\n }\n return sha256(concatBytes(tagP, ...messages));\n}\n// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03\nconst pointToBytes = (point) => point.toRawBytes(true).slice(1);\nconst numTo32b = (n) => numberToBytesBE(n, 32);\nconst modP = (x) => mod(x, secp256k1P);\nconst modN = (x) => mod(x, secp256k1N);\nconst Point = secp256k1.ProjectivePoint;\nconst GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);\n// Calculate point, scalar and bytes\nfunction schnorrGetExtPubKey(priv) {\n let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey\n let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside\n const scalar = p.hasEvenY() ? d_ : modN(-d_);\n return { scalar: scalar, bytes: pointToBytes(p) };\n}\n/**\n * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.\n * @returns valid point checked for being on-curve\n */\nfunction lift_x(x) {\n aInRange('x', x, _1n, secp256k1P); // Fail if x ≥ p.\n const xx = modP(x * x);\n const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.\n let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.\n if (y % _2n !== _0n)\n y = modP(-y); // Return the unique point P such that x(P) = x and\n const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.\n p.assertValidity();\n return p;\n}\nconst num = bytesToNumberBE;\n/**\n * Create tagged hash, convert it to bigint, reduce modulo-n.\n */\nfunction challenge(...args) {\n return modN(num(taggedHash('BIP0340/challenge', ...args)));\n}\n/**\n * Schnorr public key is just `x` coordinate of Point as per BIP340.\n */\nfunction schnorrGetPublicKey(privateKey) {\n return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)\n}\n/**\n * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.\n * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.\n */\nfunction schnorrSign(message, privateKey, auxRand = randomBytes(32)) {\n const m = ensureBytes('message', message);\n const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder\n const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array\n const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)\n const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)\n const k_ = modN(num(rand)); // Let k' = int(rand) mod n\n if (k_ === _0n)\n throw new Error('sign failed: k is zero'); // Fail if k' = 0.\n const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.\n const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.\n const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).\n sig.set(rx, 0);\n sig.set(numTo32b(modN(k + e * d)), 32);\n // If Verify(bytes(P), m, sig) (see below) returns failure, abort\n if (!schnorrVerify(sig, m, px))\n throw new Error('sign: Invalid signature produced');\n return sig;\n}\n/**\n * Verifies Schnorr signature.\n * Will swallow errors & return false except for initial type validation of arguments.\n */\nfunction schnorrVerify(signature, message, publicKey) {\n const sig = ensureBytes('signature', signature, 64);\n const m = ensureBytes('message', message);\n const pub = ensureBytes('publicKey', publicKey, 32);\n try {\n const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails\n const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.\n if (!inRange(r, _1n, secp256k1P))\n return false;\n const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.\n if (!inRange(s, _1n, secp256k1N))\n return false;\n const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n\n const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P\n if (!R || !R.hasEvenY() || R.toAffine().x !== r)\n return false; // -eP == (n-e)P\n return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.\n }\n catch (error) {\n return false;\n }\n}\n/**\n * Schnorr signatures over secp256k1.\n */\nexport const schnorr = /* @__PURE__ */ (() => ({\n getPublicKey: schnorrGetPublicKey,\n sign: schnorrSign,\n verify: schnorrVerify,\n utils: {\n randomPrivateKey: secp256k1.utils.randomPrivateKey,\n lift_x,\n pointToBytes,\n numberToBytesBE,\n bytesToNumberBE,\n taggedHash,\n mod,\n },\n}))();\nconst isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [\n // xNum\n [\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',\n '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',\n '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',\n ],\n // xDen\n [\n '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',\n '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n // yNum\n [\n '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',\n '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',\n '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',\n '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',\n ],\n // yDen\n [\n '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',\n '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',\n '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n].map((i) => i.map((j) => BigInt(j)))))();\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),\n B: BigInt('1771'),\n Z: Fp.create(BigInt('-11')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {\n const { x, y } = mapSWU(Fp.create(scalars[0]));\n return isoMap(x, y);\n}, {\n DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=secp256k1.js.map","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'));\nconst CURVE_A = Fp.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'));\nconst CURVE_B = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6');\n\n// prettier-ignore\nexport const brainpoolP256r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),\n Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),\n h: BigInt(1),\n lowS: false\n} as const, sha256);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha384 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'));\nconst CURVE_A = Fp.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'));\nconst CURVE_B = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11');\n\n// prettier-ignore\nexport const brainpoolP384r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),\n Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),\n h: BigInt(1),\n lowS: false\n} as const, sha384);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha512 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'));\nconst CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'));\nconst CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723');\n\n// prettier-ignore\nexport const brainpoolP512r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),\n Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),\n h: BigInt(1),\n lowS: false\n} as const, sha512);\n","/**\n * This file is needed to dynamic import the noble-curves.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { p256 as nistP256 } from '@noble/curves/p256';\nimport { p384 as nistP384 } from '@noble/curves/p384';\nimport { p521 as nistP521 } from '@noble/curves/p521';\nimport { x448, ed448 } from '@noble/curves/ed448';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { brainpoolP256r1 } from './brainpool/brainpoolP256r1';\nimport { brainpoolP384r1 } from './brainpool/brainpoolP384r1';\nimport { brainpoolP512r1 } from './brainpool/brainpoolP512r1';\n\nexport const nobleCurves = new Map(Object.entries({\n nistP256,\n nistP384,\n nistP521,\n brainpoolP256r1,\n brainpoolP384r1,\n brainpoolP512r1,\n secp256k1,\n x448,\n ed448\n}));\n\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * This file is needed to dynamic import the legacy ciphers.\n * Separate dynamic imports are not convenient as they result in multiple chunks.\n */\n\nimport { TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TwoFish from './twofish';\nimport BlowFish from './blowfish';\nimport enums from '../../enums';\n\nexport const legacyCiphers = new Map([\n [enums.symmetric.tripledes, TripleDES],\n [enums.symmetric.cast5, CAST5],\n [enums.symmetric.blowfish, BlowFish],\n [enums.symmetric.twofish, TwoFish]\n]);\n","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms.\n// Initial state\nconst SHA1_IV = /* @__PURE__ */ new Uint32Array([\n 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA1_W = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA1 extends HashMD {\n constructor() {\n super(64, 20, 8, false);\n this.A = SHA1_IV[0] | 0;\n this.B = SHA1_IV[1] | 0;\n this.C = SHA1_IV[2] | 0;\n this.D = SHA1_IV[3] | 0;\n this.E = SHA1_IV[4] | 0;\n }\n get() {\n const { A, B, C, D, E } = this;\n return [A, B, C, D, E];\n }\n set(A, B, C, D, E) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n SHA1_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 80; i++)\n SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);\n // Compression function main loop, 80 rounds\n let { A, B, C, D, E } = this;\n for (let i = 0; i < 80; i++) {\n let F, K;\n if (i < 20) {\n F = Chi(B, C, D);\n K = 0x5a827999;\n }\n else if (i < 40) {\n F = B ^ C ^ D;\n K = 0x6ed9eba1;\n }\n else if (i < 60) {\n F = Maj(B, C, D);\n K = 0x8f1bbcdc;\n }\n else {\n F = B ^ C ^ D;\n K = 0xca62c1d6;\n }\n const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0;\n E = D;\n D = C;\n C = rotl(B, 30);\n B = A;\n A = T;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n this.set(A, B, C, D, E);\n }\n roundClean() {\n SHA1_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n/**\n * SHA1 (RFC 3174) hash function.\n * It was cryptographically broken: prefer newer algorithms.\n * @param message - data that would be hashed\n */\nexport const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1());\n//# sourceMappingURL=sha1.js.map","import { HashMD } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf\nconst Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);\nconst Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));\nconst Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16);\nlet idxL = [Id];\nlet idxR = [Pi];\nfor (let i = 0; i < 4; i++)\n for (let j of [idxL, idxR])\n j.push(j[i].map((k) => Rho[k]));\nconst shifts = /* @__PURE__ */ [\n [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],\n [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],\n [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],\n [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],\n [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],\n].map((i) => new Uint8Array(i));\nconst shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst Kl = /* @__PURE__ */ new Uint32Array([\n 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e,\n]);\nconst Kr = /* @__PURE__ */ new Uint32Array([\n 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000,\n]);\n// It's called f() in spec.\nfunction f(group, x, y, z) {\n if (group === 0)\n return x ^ y ^ z;\n else if (group === 1)\n return (x & y) | (~x & z);\n else if (group === 2)\n return (x | ~y) ^ z;\n else if (group === 3)\n return (x & z) | (y & ~z);\n else\n return x ^ (y | ~z);\n}\n// Temporary buffer, not used to store anything between runs\nconst R_BUF = /* @__PURE__ */ new Uint32Array(16);\nexport class RIPEMD160 extends HashMD {\n constructor() {\n super(64, 20, 8, true);\n this.h0 = 0x67452301 | 0;\n this.h1 = 0xefcdab89 | 0;\n this.h2 = 0x98badcfe | 0;\n this.h3 = 0x10325476 | 0;\n this.h4 = 0xc3d2e1f0 | 0;\n }\n get() {\n const { h0, h1, h2, h3, h4 } = this;\n return [h0, h1, h2, h3, h4];\n }\n set(h0, h1, h2, h3, h4) {\n this.h0 = h0 | 0;\n this.h1 = h1 | 0;\n this.h2 = h2 | 0;\n this.h3 = h3 | 0;\n this.h4 = h4 | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n R_BUF[i] = view.getUint32(offset, true);\n // prettier-ignore\n let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;\n // Instead of iterating 0 to 80, we split it into 5 groups\n // And use the groups in constants, functions, etc. Much simpler\n for (let group = 0; group < 5; group++) {\n const rGroup = 4 - group;\n const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore\n const rl = idxL[group], rr = idxR[group]; // prettier-ignore\n const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore\n for (let i = 0; i < 16; i++) {\n const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0;\n al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore\n }\n // 2 loops are 10% faster\n for (let i = 0; i < 16; i++) {\n const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0;\n ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore\n }\n }\n // Add the compressed chunk to the current hash value\n this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);\n }\n roundClean() {\n R_BUF.fill(0);\n }\n destroy() {\n this.destroyed = true;\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0);\n }\n}\n/**\n * RIPEMD-160 - a hash function from 1990s.\n * @param message - msg that would be hashed\n */\nexport const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160());\n//# sourceMappingURL=ripemd160.js.map","/**\n * This file is needed to dynamic import the noble-hashes.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { sha1 } from '@noble/hashes/sha1';\nimport { sha224, sha256 } from '@noble/hashes/sha256';\nimport { sha384, sha512 } from '@noble/hashes/sha512';\nimport { sha3_256, sha3_512 } from '@noble/hashes/sha3';\nimport { ripemd160 } from '@noble/hashes/ripemd160';\n\nexport const nobleHashes = new Map(Object.entries({\n sha1,\n sha224,\n sha256,\n sha384,\n sha512,\n sha3_256,\n sha3_512,\n ripemd160\n}));\n","// Adapted from the reference implementation in RFC7693\n// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes\n\n// Uint64 values are represented using two Uint32s, stored as little endian\n// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays\n// need to be manually handled\n\n// 64-bit unsigned addition (little endian, in place)\n// Sets a[i,i+1] += b[j,j+1]\n// `a` and `b` must be Uint32Array(2)\nfunction ADD64 (a, i, b, j) {\n a[i] += b[j];\n a[i+1] += b[j+1] + (a[i] < b[j]); // add carry\n}\n\n// Increment 64-bit little-endian unsigned value by `c` (in place)\n// `a` must be Uint32Array(2)\nfunction INC64 (a, c) {\n a[0] += c;\n a[1] += (a[0] < c);\n}\n\n// G Mixing function\n// The ROTRs are inlined for speed\nfunction G (v, m, a, b, c, d, ix, iy) {\n ADD64(v, a, v, b) // v[a,a+1] += v[b,b+1]\n ADD64(v, a, m, ix) // v[a, a+1] += x ... x0\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits\n let xor0 = v[d] ^ v[a]\n let xor1 = v[d + 1] ^ v[a + 1]\n v[d] = xor1\n v[d + 1] = xor0\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor0 >>> 24) ^ (xor1 << 8)\n v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8)\n\n ADD64(v, a, v, b)\n ADD64(v, a, m, iy)\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits\n xor0 = v[d] ^ v[a]\n xor1 = v[d + 1] ^ v[a + 1]\n v[d] = (xor0 >>> 16) ^ (xor1 << 16)\n v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16)\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor1 >>> 31) ^ (xor0 << 1)\n v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1)\n}\n\n// Initialization Vector\nconst BLAKE2B_IV32 = new Uint32Array([\n 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,\n 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,\n 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,\n 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19\n])\n\n// These are offsets into a Uint64 buffer.\n// Multiply them all by 2 to make them offsets into a Uint32 buffer\nconst SIGMA = new Uint8Array([\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,\n 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,\n 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,\n 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,\n 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,\n 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,\n 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,\n 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,\n 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3\n].map(x => x * 2))\n\n// Compression function. 'last' flag indicates last block.\n// Note: we're representing 16 uint64s as 32 uint32s\nfunction compress(S, last) {\n const v = new Uint32Array(32)\n const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32)\n\n // init work variables\n for (let i = 0; i < 16; i++) {\n v[i] = S.h[i]\n v[i + 16] = BLAKE2B_IV32[i]\n }\n\n // low 64 bits of offset\n v[24] ^= S.t0[0]\n v[25] ^= S.t0[1]\n // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1\n\n // if last block\n const f0 = last ? 0xFFFFFFFF : 0;\n v[28] ^= f0;\n v[29] ^= f0;\n\n // twelve rounds of mixing\n for (let i = 0; i < 12; i++) {\n // ROUND(r)\n const i16 = i << 4;\n G(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1])\n G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3])\n G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5])\n G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7])\n G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9])\n G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11])\n G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13])\n G(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15])\n }\n\n for (let i = 0; i < 16; i++) {\n S.h[i] ^= v[i] ^ v[i + 16]\n }\n}\n\n// Creates a BLAKE2b hashing context\n// Requires an output length between 1 and 64 bytes\n// Takes an optional Uint8Array key\nclass Blake2b {\n constructor(outlen, key, salt, personal) {\n const params = new Uint8Array(64)\n // 0: outlen, keylen, fanout, depth\n // 4: leaf length, sequential mode\n // 8: node offset\n // 12: node offset\n // 16: node depth, inner length, rfu\n // 20: rfu\n // 24: rfu\n // 28: rfu\n // 32: salt\n // 36: salt\n // 40: salt\n // 44: salt\n // 48: personal\n // 52: personal\n // 56: personal\n // 60: personal\n\n // init internal state\n this.S = {\n b: new Uint8Array(BLOCKBYTES),\n h: new Uint32Array(OUTBYTES_MAX / 4),\n t0: new Uint32Array(2), // input counter `t`, lower 64-bits only\n c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`\n outlen // output length in bytes\n }\n\n // init parameter block\n params[0] = outlen\n if (key) params[1] = key.length\n params[2] = 1 // fanout\n params[3] = 1 // depth\n if (salt) params.set(salt, 32)\n if (personal) params.set(personal, 48)\n const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);\n\n // initialize hash state\n for (let i = 0; i < 16; i++) {\n this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];\n }\n\n // key the hash, if applicable\n if (key) {\n const block = new Uint8Array(BLOCKBYTES)\n block.set(key)\n this.update(block)\n }\n }\n\n // Updates a BLAKE2b streaming hash\n // Requires Uint8Array (byte array)\n update(input) {\n if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')\n // for (let i = 0; i < input.length; i++) {\n // if (this.S.c === BLOCKBYTES) { // buffer full\n // INC64(this.S.t0, this.S.c) // add counters\n // compress(this.S, false)\n // this.S.c = 0 // empty buffer\n // }\n // this.S.b[this.S.c++] = input[i]\n // }\n let i = 0\n while(i < input.length) {\n if (this.S.c === BLOCKBYTES) { // buffer full\n INC64(this.S.t0, this.S.c) // add counters\n compress(this.S, false)\n this.S.c = 0 // empty buffer\n }\n let left = BLOCKBYTES - this.S.c\n this.S.b.set(input.subarray(i, i + left), this.S.c) // end index can be out of bounds\n const fill = Math.min(left, input.length - i)\n this.S.c += fill\n i += fill\n }\n return this\n }\n\n /**\n * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one\n * @param {Uint8Array} [prealloc] - optional preallocated buffer\n * @returns {ArrayBuffer} message digest\n */\n digest(prealloc) {\n INC64(this.S.t0, this.S.c) // mark last block offset\n\n // final block, padded\n this.S.b.fill(0, this.S.c);\n this.S.c = BLOCKBYTES;\n compress(this.S, true)\n\n const out = prealloc || new Uint8Array(this.S.outlen);\n for (let i = 0; i < this.S.outlen; i++) {\n // must be loaded individually since default Uint32 endianness is platform dependant\n out[i] = this.S.h[i >> 2] >> (8 * (i & 3))\n }\n this.S.h = null; // prevent calling `update` after `digest`\n return out.buffer;\n }\n}\n\n\nexport default function createHash(outlen, key, salt, personal) {\n if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)\n if (key) {\n if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')\n if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)\n }\n if (salt) {\n if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')\n if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)\n }\n if (personal) {\n if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')\n if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)\n }\n\n return new Blake2b(outlen, key, salt, personal)\n}\n\nconst OUTBYTES_MAX = 64;\nconst KEYBYTES_MAX = 64;\nconst SALTBYTES = 16;\nconst PERSONALBYTES = 16;\nconst BLOCKBYTES = 128;\n\n","import blake2b from \"./blake2b.js\"\nconst TYPE = 2; // Argon2id\nconst VERSION = 0x13;\nconst TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MIN = 8;\nconst passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst passwordBYTES_MIN = 8;\nconst MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)\nconst SECRETBYTES_MAX = 32; // key (optional)\n\nconst ARGON2_BLOCK_SIZE = 1024;\nconst ARGON2_PREHASH_DIGEST_LENGTH = 64;\n\nconst isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;\n\n// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])\nfunction LE32(buf, n, i) {\n buf[i+0] = n;\n buf[i+1] = n >> 8;\n buf[i+2] = n >> 16;\n buf[i+3] = n >> 24;\n return buf;\n}\n\n/**\n * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])\n * @param {Uint8Array} buf\n * @param {Number} n\n * @param {Number} i\n */\nfunction LE64(buf, n, i) {\n if (n > Number.MAX_SAFE_INTEGER) throw new Error(\"LE64: large numbers unsupported\");\n // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations\n // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)\n // so we manually extract each byte\n let remainder = n;\n for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER\n buf[offset] = remainder; // implicit & 0xff\n remainder = (remainder - buf[offset]) / 256;\n }\n return buf;\n}\n\n/**\n * Variable-Length Hash Function H'\n * @param {Number} outlen - T\n * @param {Uint8Array} X - value to hash\n * @param {Uint8Array} res - output buffer, of length `outlength` or larger\n */\nfunction H_(outlen, X, res) {\n const V = new Uint8Array(64); // no need to keep around all V_i\n\n const V1_in = new Uint8Array(4 + X.length);\n LE32(V1_in, outlen, 0);\n V1_in.set(X, 4);\n if (outlen <= 64) {\n // H'^T(A) = H^T(LE32(T)||A)\n blake2b(outlen).update(V1_in).digest(res);\n return res\n }\n\n const r = Math.ceil(outlen / 32) - 2;\n\n // Let V_i be a 64-byte block and W_i be its first 32 bytes.\n // V_1 = H^(64)(LE32(T)||A)\n // V_2 = H^(64)(V_1)\n // ...\n // V_r = H^(64)(V_{r-1})\n // V_{r+1} = H^(T-32*r)(V_{r})\n // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}\n for (let i = 0; i < r; i++) {\n blake2b(64).update(i === 0 ? V1_in : V).digest(V);\n // store W_i in result buffer already\n res.set(V.subarray(0, 32), i*32)\n }\n // V_{r+1}\n const V_r1 = new Uint8Array(blake2b(outlen - 32*r).update(V).digest());\n res.set(V_r1, r*32);\n\n return res;\n}\n\n// compute buf = xs ^ ys\nfunction XOR(wasmContext, buf, xs, ys) {\n wasmContext.fn.XOR(\n buf.byteOffset,\n xs.byteOffset,\n ys.byteOffset,\n );\n return buf\n}\n\n/**\n * @param {Uint8Array} X (read-only)\n * @param {Uint8Array} Y (read-only)\n * @param {Uint8Array} R - output buffer\n * @returns\n */\nfunction G(wasmContext, X, Y, R) {\n wasmContext.fn.G(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\nfunction G2(wasmContext, X, Y, R) {\n wasmContext.fn.G2(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\n// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.\nfunction* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {\n // For each segment, we do the following. First, we compute the value Z as:\n // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )\n wasmContext.refs.prngTmp.fill(0);\n const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);\n LE64(Z, pass, 0);\n LE64(Z, lane, 8);\n LE64(Z, slice, 16);\n LE64(Z, m_, 24);\n LE64(Z, totalPasses, 32);\n LE64(Z, TYPE, 40);\n\n // Then we compute q/(128*SL) 1024-byte values\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),\n // ...,\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),\n for(let i = 1; i <= segmentLength; i++) {\n // tmp.set(Z); // no need to re-copy\n LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed\n const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );\n\n // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2\n // NB: the first generated pair must be used for the first block of the segment, and so on.\n // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.\n for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {\n yield g2.subarray(k, k+8);\n }\n }\n return [];\n}\n\nfunction validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {\n const assertLength = (name, value, min, max) => {\n if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }\n }\n\n if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version');\n assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);\n assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);\n assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);\n assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);\n // optional fields\n ad && assertLength('associated data', ad, 0, ADBYTES_MAX);\n secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);\n\n return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };\n}\n\nconst KB = 1024;\nconst WASM_PAGE_SIZE = 64 * KB;\n\nexport default function argon2id(params, { memory, instance: wasmInstance }) {\n if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system\n\n const ctx = validateParams({ type: TYPE, version: VERSION, ...params });\n\n const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;\n const wasmRefs = {};\n const wasmFn = {};\n wasmFn.G = wasmG;\n wasmFn.G2 = wasmG2;\n wasmFn.XOR = wasmXOR;\n\n // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.\n const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));\n const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references\n if (memory.buffer.byteLength < requiredMemory) {\n const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE)\n // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.\n // Otherwise, the operation fails, and the original memory can still be used.\n memory.grow(missing)\n }\n\n let offset = 0;\n // Init wasm memory needed in other functions\n wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;\n wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;\n wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;\n wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;\n // Init wasm memory needed locally\n const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;\n const wasmContext = { fn: wasmFn, refs: wasmRefs };\n const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;\n const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);\n const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);\n\n // 1. Establish H_0\n const H0 = getH0(ctx);\n\n // 2. Allocate the memory as m' 1024-byte blocks\n // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.\n const q = m_ / ctx.lanes;\n const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));\n const initBlock = (i, j) => {\n B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);\n return B[i][j];\n }\n\n for (let i = 0; i < ctx.lanes; i++) {\n // const LEi = LE0; // since p = 1 for us\n const tmp = new Uint8Array(H0.length + 8);\n // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p\n // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))\n tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));\n // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p\n // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))\n LE32(tmp, 1, H0.length);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));\n }\n\n // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2\n // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes\n // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.\n const SL = 4; // vertical slices\n const segmentLength = q / SL;\n for (let pass = 0; pass < ctx.passes; pass++) {\n // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel\n for (let sl = 0; sl < SL; sl++) {\n const isDataIndependent = pass === 0 && sl <= 1;\n for (let i = 0; i < ctx.lanes; i++) { // lane\n // On the first slice of the first pass, blocks 0 and 1 are already filled\n let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;\n // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)\n const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;\n for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {\n const j = sl * segmentLength + segmentOffset;\n const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]\n\n // we can assume the PRNG is never done\n const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength)\n const l = lz[0]; const z = lz[1];\n // for (let i = 0; i < p; i++ )\n // B[i][j] = G(B[i][j-1], B[l][z])\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n if (pass === 0) initBlock(i, j);\n G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);\n\n // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one\n if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j])\n }\n }\n }\n }\n\n // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:\n // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]\n const C = B[0][q-1];\n for(let i = 1; i < ctx.lanes; i++) {\n XOR(wasmContext, C, C, B[i][q-1])\n }\n\n const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));\n // clear memory since the module might be cached\n allocatedMemory.fill(0) // clear sensitive contents\n memory.grow(0) // allow deallocation\n // 8. The output tag is computed as H'^T(C).\n return tag;\n\n}\n\nfunction getH0(ctx) {\n const H = blake2b(ARGON2_PREHASH_DIGEST_LENGTH);\n const ZERO32 = new Uint8Array(4);\n const params = new Uint8Array(24);\n LE32(params, ctx.lanes, 0);\n LE32(params, ctx.tagLength, 4);\n LE32(params, ctx.memorySize, 8);\n LE32(params, ctx.passes, 12);\n LE32(params, ctx.version, 16);\n LE32(params, ctx.type, 20);\n\n const toHash = [params];\n if (ctx.password) {\n toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0))\n toHash.push(ctx.password)\n } else {\n toHash.push(ZERO32) // context.password.length\n }\n\n if (ctx.salt) {\n toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0))\n toHash.push(ctx.salt)\n } else {\n toHash.push(ZERO32) // context.salt.length\n }\n\n if (ctx.secret) {\n toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0))\n toHash.push(ctx.secret)\n // todo clear secret?\n } else {\n toHash.push(ZERO32) // context.secret.length\n }\n\n if (ctx.ad) {\n toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0))\n toHash.push(ctx.ad)\n } else {\n toHash.push(ZERO32) // context.ad.length\n }\n H.update(concatArrays(toHash))\n\n const outputBuffer = H.digest();\n return new Uint8Array(outputBuffer);\n}\n\nfunction concatArrays(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!(arrays[i] instanceof Uint8Array)) {\n throw new Error('concatArrays: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach((element) => {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n","import argon2id from \"./argon2id.js\";\n\nlet isSIMDSupported;\nasync function wasmLoader(memory, getSIMD, getNonSIMD) {\n const importObject = { env: { memory } };\n if (isSIMDSupported === undefined) {\n try {\n const loaded = await getSIMD(importObject);\n isSIMDSupported = true;\n return loaded;\n } catch(e) {\n isSIMDSupported = false;\n }\n }\n\n const loader = isSIMDSupported ? getSIMD : getNonSIMD;\n return loader(importObject);\n}\n\nexport default async function setupWasm(getSIMD, getNonSIMD) {\n const memory = new WebAssembly.Memory({\n // in pages of 64KiB each\n // these values need to be compatible with those declared when building in `build-wasm`\n initial: 1040, // 65MB\n maximum: 65536, // 4GB\n });\n const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);\n\n /**\n * Argon2id hash function\n * @callback computeHash\n * @param {Object} params\n * @param {Uint8Array} params.password - password\n * @param {Uint8Array} params.salt - salt\n * @param {Integer} params.parallelism\n * @param {Integer} params.passes\n * @param {Integer} params.memorySize - in kibibytes\n * @param {Integer} params.tagLength - output tag length\n * @param {Uint8Array} [params.ad] - associated data (optional)\n * @param {Uint8Array} [params.secret] - secret data (optional)\n * @return {Uint8Array} argon2id hash\n */\n const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });\n\n return computeHash;\n}\n","import setupWasm from './lib/setup.js';\nimport wasmSIMD from './dist/simd.wasm';\nimport wasmNonSIMD from './dist/no-simd.wasm';\n\nconst loadWasm = async () => setupWasm(\n (instanceObject) => wasmSIMD(instanceObject),\n (instanceObject) => wasmNonSIMD(instanceObject),\n);\n\nexport default loadWasm;\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2022 Proton AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport crypto from '../crypto';\nimport enums from '../enums';\n\n/**\n * Implementation of the Padding Packet\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}:\n * Padding Packet\n */\nclass PaddingPacket {\n static get tag() {\n return enums.packet.padding;\n }\n\n constructor() {\n this.padding = null;\n }\n\n /**\n * Read a padding packet\n * @param {Uint8Array | ReadableStream} bytes\n */\n read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars\n // Padding packets are ignored, so this function is never called.\n }\n\n /**\n * Write the padding packet\n * @returns {Uint8Array} The padding packet.\n */\n write() {\n return this.padding;\n }\n\n /**\n * Create random padding.\n * @param {Number} length - The length of padding to be generated.\n * @throws {Error} if padding generation was not successful\n * @async\n */\n async createPadding(length) {\n this.padding = await crypto.random.getRandomBytes(length);\n }\n}\n\nexport default PaddingPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","Object","setPrototypeOf","this","prototype","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","isStream","globalThis","ReadableStream","isPrototypeOf","_read","_readableState","Error","isUint8Array","Uint8Array","concatUint8Array","arrays","length","totalLength","i","result","pos","forEach","element","set","undefined","read","async","value","done","readToEnd","join","slice","clone","then","push","write","chunk","close","abort","reason","process","versions","doneReadingSet","WeakSet","externalBuffer","Reader","reader","bind","_releaseLock","_cancel","cancel","doneReading","has","add","e","toStream","start","controller","enqueue","toArrayStream","concat","list","some","map","transform","transformWithCancel","all","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","options","transformStream","TransformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","pull","highWaterMark","WritableStream","error","finish","output","data","result1","result2","flush","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","destroy","arrayStream","shift","readLine","returnVal","buffer","streams.concat","lineEndIndex","indexOf","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","byteOffset","byteLength","filter","byValue","enums","curve","nistP256","p256","nistP384","p384","nistP521","p521","secp256k1","ed25519Legacy","ed25519","curve25519Legacy","curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","argon2","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","aedh","aedsa","x25519","x448","ed448","symmetric","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","sha3_256","sha3_512","webHash","aead","eax","ocb","gcm","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","padding","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuerKeyID","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","preferredCipherSuites","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","seipdv2","type","config","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","aeadProtect","parseAEADEncryptedV4KeysAsLegacy","preferredAEADAlgorithm","aeadChunkSizeByte","v6Keys","enableParsingV5Entities","s2kType","s2kIterationCountByte","s2kArgon2Params","passes","parallelism","memoryExponent","allowUnauthenticatedMessages","allowUnauthenticatedStream","minRSABits","passwordCollisionCheck","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","allowMissingKeyFlags","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","nonDeterministicSignaturesViaNotation","useEllipticFallback","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","debugMode","env","NODE_ENV","util","isString","String","nodeRequire","createRequire","stream.isUint8Array","stream.isStream","getNobleCurve","publicKeyAlgo","curveName","defaultConfig","nobleCurves","noble_curves","readNumber","n","writeNumber","b","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","readExactSubarray","leftPad","padded","offset","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","hex","k","parseInt","uint8ArrayToHex","hexAlphabet","s","v","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","printDebug","log","printDebugError","x","r","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","webCrypto","crypto","subtle","getNodeCrypto","webcrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","sub","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","a","selectUint8","isAES","cipherAlgo","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","getType","header","match","addheader","customComment","getCheckSum","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","base64.encode","from","toString","btoa","atob","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","removeChecksum","body","lastEquals","lastIndexOf","unarmor","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","stream.isArrayStream","stream.readToEnd","messageType","partIndex","partTotal","emitChecksum","maybeBodyClone","stream.passiveClone","getLegacyCipher","algo","legacyCiphers","legacy_ciphers","cipher","getCipherBlockSize","getCipherKeySize","getCipherParams","keySize","blockSize","md5cycle","c","d","ff","gg","hh","ii","add32","cmn","q","md5blk","md5blks","hex_chr","rhex","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","update","digest","nobleHash","nobleHashName","webCryptoHashName","getNobleHash","nobleHashes","noble_hashes","hashInstance","create","hash$1","entree","state","substring","tail","md51","getHashByteLength","isBytes","lengths","exists","instance","checkFinished","destroyed","finished","out","min","outputLen","u8","arr","u32","createView","toBytes","utf8ToBytes","copyBytes","equalBytes","diff","wrapCipher","params","assign","setBigUint64","view","isLE","_32n","BigInt","_u32_max","wh","Number","wl","setUint32","isAligned32","clean","fill","BLOCK_SIZE","ZEROS16","ZEROS32","swapLE","GHASH","expectedLength","blockLen","s0","s1","s2","s3","abytes","kView","k0","getUint32","k1","k2","k3","doubles","W","estimateWindow","windows","windowSize","items","w","d0","d1","d2","d3","_updateBlock","o0","o1","o2","o3","mask","num","bytePos","bitPos","bit","e0","e1","e2","e3","aexists","b32","blocks","left","elm","digestInto","aoutput","o32","res","Polyval","ghKey","reverse","hiBit","carry","_toGHASHKey","wrapConstructorWithKey","hashCons","hashC","msg","tmp","ghash","EMPTY_BLOCK","POLY","mul2","mul","sbox","box","invSbox","_","rotr32_8","rotl32_8","byteSwap","word","genTtable","T0","T1","T2","T3","T01","T23","sbox2","Uint16Array","idx","tableEncoding","tableDecoding","xPowers","p","expandKeyLE","len","toClean","k32","Nk","subByte","applySbox","xk","expandKeyDecLE","encKey","apply0123","encrypt","rounds","t0","t1","t2","t3","decrypt","getDst","dst","ctrCounter","nonce","src","srcLen","ctr","c32","src32","dst32","ctr32","ctrPos","ctrNum","nonceLength","processCtr","plaintext","ciphertext","cbc","iv","opts","pcks5","disablePadding","o","_out","outLen","remaining","validateBlockEncrypt","_iv","n32","tmp32","paddingByte","padPCKS","validateBlockDecrypt","ps0","ps1","ps2","ps3","lastByte","validatePCKS","cfb","processCfb","isEncrypt","next32","tagLength","AAD","_computeTag","authKey","tagMask","aadLength","h","computeTag","deriveKeys","counter","nonceLen","g","passedTag","isBytes32","encryptBlock","block","decryptBlock","AESW","kek","a0","a1","chunks","AESKW_IV","aeskw","sum","pad","concatBytes","unsafe","knownAlgos","getCiphers","nodeAlgos","WebCryptoEncryptor","prevBlock","nextBlock","zeroBlock","isSupported","importKey","_runCBC","nonZeroIV","mode","keyRef","encryptChunk","missing","added","leftover","toEncrypt","encryptedBlocks","xorMut","encryptedBlock","curBlock","clearSensitiveData","ct","NobleStreamProcessor","forEncryption","nobleAesHelpers","getUint32Array","_runCFB","processChunk","toProcess","processedBlocks","processedBlock","aLength","algoName","decipherObj","createDecipheriv","nodeDecrypt","nobleAesCfb","aesDecrypt","cipherfn","block_size","blockp","decblock","pt","cipherObj","createCipheriv","nodeEncrypt","aesEncrypt","blockc","encblock","blockLength","rightXORMut","CMAC","CBC","padding2","err","nobleAesCbc","ivLength","zero","one","two","OMAC","cmac","CTR","en","final","nobleAesCtr","EAX","omac","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","T","xor","OCB","maxNtz","aes","encipher","decipher","crypt","m","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","checksum","xorInput","$","cipherInput","mask_x","mask_$","constructKeyVariables","crypted","ALGO","GCM","setAAD","getAuthTag","de","setAuthTag","_key","webcryptoEmptyMessagesUnsupported","userAgent","nobleAesGcm","additionalData","_0n","_1n","uint8ArrayToBigInt","mod","reduced","modExp","exp","lsb","abs","modInv","gcd","aInput","bInput","y","xPrev","yPrev","aNegated","bNegated","_egcd","bigIntToNumber","number","MAX_SAFE_INTEGER","getBit","bitLength","bitlen","_8n","bigIntToUint8Array","endian","rawLength","getRandomBytes","getRandomValues","getRandomBigInteger","modulus","randomProbablePrime","_30n","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","n1","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","count","randomBytes","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","hashed","emLen","hashPrefix","tLen","EM","privateToJWK","u","pNum","qNum","dNum","dq","dp","kty","qi","ext","publicToJWK","jwkToPrivate","jwk","format","constants","RSA_PKCS1_PADDING","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","publicEncrypt","bnEncrypt","keyGenOpt","modulusLength","publicExponent","keyPair","generateKey","exportKey","publicKeyEncoding","privateKeyEncoding","generateKeyPair","jwkPrivateKey","phi","hashAlgo","hashName","sign","webSign","createSign","nodeSign","bnSign","_2n","rde","verify","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","c1","c2","pSize","threshold","nc","nacl","gf","init","Float64Array","randombytes","_9","gf0","gf1","_121665","D","D2","X","Y","I","ts64","l","crypto_verify_32","xi","yi","vn","set25519","car25519","sel25519","pack25519","neq25519","par25519","unpack25519","A","Z","M","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","z","f","x32","x16","crypto_scalarmult_base","K","crypto_hashblocks_hl","hl","bh0","bh1","bh2","bh3","bh4","bh5","bh6","bh7","bl0","bl1","bl2","bl3","bl4","bl5","bl6","bl7","th","tl","Int32Array","ah0","ah1","ah2","ah3","ah4","ah5","ah6","ah7","al0","al1","al2","al3","al4","al5","al6","al7","crypto_hash","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","reduce","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","TypeError","scalarMult","crypto_box_keypair","fromSecretKey","signedMsg","sm","smlen","crypto_sign","detached","sig","crypto_sign_open","fromSeed","seed","setPRNG","cleanup","knownOIDs","OID","oid","toHex","getName","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callback","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","lengthByte","nextPacket","UnsupportedError","captureStackTrace","UnknownPacketError","UnparseablePacket","rawContent","generate","webCryptoKey","getPayloadSize","utils","randomPrivateKey","getPublicKey","getPreferredHashAlgo","privateKeyToJWK","RS","publicKeyToJWK","crv","wrap","dataToWrap","wrappingKey","keyToWrap","wrapped","wrapKey","nobleAesKW","unwrap","wrappedData","unwrapped","unwrapKey","computeHKDF","inputKey","salt","info","importedKey","deriveBits","HKDF_INFO","generateEphemeralEncryptionMaterial","recipientA","ephemeralSecretKey","sharedSecret","assertNonZeroArray","ephemeralPublicKey","getSharedSecret","recomputeSharedSecret","acc","wrappedKey","hkdfInput","aesKW.unwrap","encryptionKey","aesKW.wrap","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","wireFormatLeadingByte","CurveWithOID","oidOrName","genKeyPair","namedCurve","jwkToRawPublic","webGenKeyPair","jsGenKeyPair","createECDH","generateKeys","getPrivateKey","nodeGenKeyPair","ecdhXGenerate","eddsaGenerate","validateStandardParams","Q","supportedCurves","dG","checkPublicPointEnconding","V","pointSize","nobleCurve","bufX","bufY","rawPublicToJWK","ecKeyUtils","nodeBuffer","derPrivateKey","generateDer","dsaEncoding","lowS","tryFallbackVerificationForOldBug","jsVerify","verified","derPublicKey","eddsaSign","eddsaVerify","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","ecdhXGenerateEphemeralEncryptionMaterial","recipient","public","webPublicEphemeralKey","jsPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","genPrivateEphemeralKey","ecdhXRecomputeSharedSecret","secret","webPrivateEphemeralKey","jsPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","C","pkcs5.decode","pkcs5.encode","xr","qSize","u1","u2","rsa","elliptic","signatureParams","rsSize","eddsa","publicKeyParams","privateKeyParams","publicParams","curveSize","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","fromObject","algorithm","followLength","checkSupportedCurve","getCurvePayloadSize","ecdhX","privateParams","prefixrandom","repeat","ECDHSymkey","sessionKeyParams","keyAlgo","symmetricAlgo","algosWithNativeRepresentation","orderedParams","keys","validateParams","algoModule","random","pkcs1","pkcs5","aesKW","Argon2OutOfMemoryError","loadArgonWasmModule","argon2Promise","Argon2S2K","encodedM","generateSalt","produceKey","passphrase","decodedM","index$1","default","version","password","memorySize","GenericS2K","getCount","numBytes","rlength","prefixlen","toHash","datalen","allowedS2KTypesForEncryption","newS2KFromType","newS2KFromConfig","require","Worker","u16","fleb","fdeb","clim","freb","eb","_a","fl","revfl","_b","fd","revfd","rev","hMap","cd","mb","co","le","rvb","sv","r_1","flt","fdt","flm","flrm","fdm","fdrm","bits16","shft","slc","BYTES_PER_ELEMENT","ec","ind","nt","code","wbits","wbits16","hTree","et","sort","i0","i1","i2","maxSym","tr","mbt","ln","dt","lft","cst","i2_1","i2_2","i2_3","lc","cl","cli","cln","cls","clen","cf","wfblk","dat","wblk","syms","lf","df","li","bl","dlt","mlb","ddt","mdb","_c","lclt","nlc","_d","lcdt","ndc","lcfreq","_e","lct","mlcb","nlcc","lm","ll","dm","dl","flen","ftlen","dtlen","llm","lcts","it","clct","deo","dopt","opt","pre","post","st","lvl","plvl","lst","msk_1","head","bs1_1","bs2_1","hsh","lc_1","wi","hv","imod","pimod","rem","ch_1","dif","maxn","maxd","ml","nl","mmd","md","ti","lin","din","dflt","level","mem","Deflate","cb","ondata","Inflate","bts","sl","noBuf","noSt","cbuf","nbuf","bt","lbt","dbt","tbts","hLit","hcLen","ldt","clt","clb","clbmsk","clm","lt","lms","dms","lpos","sym","dsym","inflt","Zlib","raw","lv","zlh","wbytes","Unzlib","td","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","KeyID","equals","keyID","matchWildcard","isWildcard","isNull","mapToHex","fromID","wildcard","SALT_NOTATION_NAME","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","unknownSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","saltLength","signatureMaterial","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","saltLengthForHash","saltValue","humanReadable","critical","writeHashedSubPackets","stream.slice","stream.clone","writeSubPacket","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLengthBytes","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","fromSignaturePacket","signaturePacket","isLast","onePassSig","flags","args","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","fromBinary","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","chunkSize","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","compressionFn","compress_fns","compressionStreamInstantiator","ZlibStreamedConstructor","inputData","zlibStream","processedData","compressorOrDecompressor","pipeThrough","inputReader","bzip2Decompress","bunzipDecode","getCompressionStreamInstantiators","compressionFormat","compressor","CompressionStream","decompressor","DecompressionStream","SymEncryptedIntegrityProtectedDataPacket","aeadAlgorithm","seip","cipherAlgorithm","chunkSizeByte","encrypted","sessionKeyAlgorithm","runAEAD","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","isSEIPDv2","isAEADP","getAEADMode","tagLengthIfDecrypting","tagLengthIfEncrypting","chunkIndexSizeIfAEADEP","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","ivView","latestPromise","cryptedBytes","queuedBytes","derived","modeInstance","size","stream.pipe","finalChunk","cryptedPromise","setInt32","desiredSize","AEADEncryptedDataPacket","PublicKeyEncryptedSessionKeyPacket","publicKeyID","publicKeyVersion","publicKeyFingerprint","sessionKey","encryptionKeyPacket","anonymousRecipient","pkesk","versionAndFingerprintLength","fingerprintLength","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","hasEncryptedAlgo","sessionKeyData","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","s2kLen","fieldsLen","generateSessionKey","PublicKeyPacket","expirationTimeV3","fromSecretKeyPacket","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","versionOctet","lengthOctets","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","PublicSubkeyPacket","fromSecretSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","isLegacyAEAD","usedModernAEAD","startOfSecretKeyData","unparseableKeyMaterial","cleartext","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","serializedPacketTag","produceEncryptionKey","associateData","cleartextWithHash","validate","validParams","generateParams","keyVersion","aeadMode","derivedKey","UserIDPacket","email","comment","components","matches","exec","groups","trim","otherUserID","SecretSubkeyPacket","Signature","packetlist","getSigningKeyIDs","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","recipientKeys","signingKeyPacket","recipientUserIDs","targetKeys","targetUserIDs","defaultAlgo","preferredSenderAlgo","supportedAlgosPerTarget","getPrimarySelfSignature","supportedAlgosMap","Map","supportedAlgos","supportedAlgo","isSupportedHashAlgo","getStrongestSupportedHashAlgo","strongestHashAlgo","algoA","algoB","preferredCurveAlgo","getPreferredCurveHashAlgo","preferredSenderAlgoIsSupported","preferredSenderAlgoStrongerThanCurveAlgo","strongestSupportedAlgo","mergeSignatures","source","dest","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","isHardRevocation","sanitizeKeyOptions","subkeyDefaults","validateSigningKeyPacket","validateEncryptionKeyPacket","validateDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","certify","signingKeys","isPrivate","signingKey","getSigningKey","isRevoked","certificate","verifyCertificate","verificationKeys","issuerKeys","getKeys","verifyAllCertifications","certifications","certification","valid","selfCertification","sourceUser","srcSelfSig","srcRevSig","revoke","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","helper.checkKeyRequirements","helper.validateSigningKeyPacket","getEncryptionKey","helper.validateEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","getPrimaryUser","primaryUser","B","pop","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","getRevocationCertificate","applyRevocationCertificate","revocationCertificate","signPrimaryUser","privateKeys","userSign","signAllUsers","verifyPrimaryUser","verifyAllUsers","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","pubSubkeyPacket","getDecryptionKeys","helper.validateDecryptionKeyPacket","Boolean","addSubkey","defaultOptions","getDefaultSubkeyType","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","getKeySignatureProperties","symmetricAlgorithms","aeadAlgorithms","flatMap","symmetricAlgorithm","userIDs","userIDPacket","subkeyOptions","subkeySignaturePacket","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","symEncryptedPacketlist","symEncryptedPacket","expectedSymmetricAlgorithm","sessionKeyObjects","decryptSessionKeys","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgo","selfSigs","selfSig","defaultCipherSuite","desiredCipherSuites","desiredCipherSuite","cipherSuite","defaultSymAlgo","desiredSymAlgo","getPreferredCipherSuite","symmetricAlgoName","aeadAlgoName","maybeKey","encryptionKeyIDs","aeadAlgorithmName","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","signingUserIDs","literalDataPacket","signaturePackets","createSignaturePackets","onePassSignaturePackets","signDetached","recipientKeyIDs","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","appendSignature","detachedSignature","trailingPacket","signingUserID","existingSigPacketlist","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","CleartextMessage","newSignature","emitHeaderAndChecksum","checkMessage","checkCleartextOrMessage","checkOutputMessageFormat","defaultConfigPropsCount","checkConfig","inputConfigProps","inputProp","toArray","convertStream","linkStreams","formatObject","object","isSafeInteger","rotr","rotl","byteSwap32","Hash","_cloneInto","wrapConstructor","bytesLength","Chi","Maj","HashMD","padOffset","take","dataView","roundClean","oview","to","SHA256_K","SHA256_IV","SHA256_W","SHA256","E","F","G","H","W15","W2","SHA224","HMAC","assertHash","iHash","oHash","assertExists","assertBytes","hmac","abool","title","hexes","padStart","bytesToHex","numberToHexUnpadded","hexToNumber","asciis","_0","_A","_F","_f","asciiToBase16","char","hexToBytes","al","ai","hi","n2","bytesToNumberBE","bytesToNumberLE","numberToBytesBE","numberToBytesLE","ensureBytes","isPosBig","inRange","aInRange","bitLen","bitMask","u8n","u8fr","createHmacDrbg","hashLen","qByteLen","hmacFn","reset","reseed","gen","pred","validatorFns","bigint","val","function","boolean","stringOrUint8Array","field","Fp","isValid","validateObject","validators","optValidators","checkField","fieldName","isOptional","checkVal","memoized","WeakMap","arg","_3n","_4n","_5n","pow","pow2","invert","FpSqrt","P","p1div4","root","eql","sqr","nv","ONE","legendreC","Q1div2","neg","ZERO","ge","tonelliShanks","FIELD_FIELDS","nLength","nBitLength","_nBitLength","nByteLength","Field","ORDER","redef","BITS","BYTES","sqrtP","freeze","MASK","is0","isOdd","lhs","rhs","FpPow","div","sqrN","addN","subN","mulN","inv","sqrt","invertBatch","nums","lastMultiplied","inverted","reduceRight","FpInvertBatch","cmov","fromBytes","getFieldBytesLength","fieldOrder","getMinHashLength","pointPrecomputes","pointWindowSizes","wNAF","constTimeNegate","condition","negate","validateW","unsafeLadder","precomputeWindow","points","base","window","precomputes","BASE","maxNumber","shiftBy","offset1","offset2","cond1","cond2","wNAFCached","comp","setWindowSize","delete","pippenger","scalars","buckets","lastBits","scalar","resI","sumI","validateBasic","Gx","Gy","validateSigVerOpts","prehash","b2n","h2b","ut","DER","Err","_tlv","dataLen","ut.numberToHexUnpadded","lenLen","first","lengthBytes","_int","toSig","int","tlv","ut.abytes","seqBytes","seqLeftBytes","rBytes","rLeftBytes","sBytes","sLeftBytes","hexFromSig","seq","weierstrassPoints","CURVE","ut.validateObject","allowedPrivateKeyLengths","wrapPrivateKey","isTorsionFree","clearCofactor","allowInfinityPoint","endo","beta","splitScalar","validatePointOpts","Fn","mod.Field","point","_isCompressed","toAffine","ut.concatBytes","weierstrassEquation","x2","x3","normPrivateKeyToScalar","N","ut.isBytes","ut.bytesToHex","ut.bytesToNumberBE","mod.mod","ut.aInRange","assertPrjPoint","Point","toAffineMemo","iz","px","py","pz","ax","ay","zz","assertValidMemo","right","fromAffine","normalizeZ","toInv","fromHex","assertValidity","fromPrivateKey","multiply","msm","_setWindowSize","wnaf","hasEvenY","X1","Y1","Z1","X2","Y2","Z2","U1","U2","X3","Y3","Z3","subtract","multiplyUnsafe","sc","k1neg","k2neg","k1p","k2p","fake","f1p","f2p","multiplyAndAddUnsafe","cofactor","toRawBytes","isCompressed","_bits","ProjectivePoint","isWithinCurveOrder","ut.inRange","weierstrass","curveDef","bits2int","bits2int_modN","validateOpts","compressedLen","uncompressedLen","modN","CURVE_ORDER","invN","mod.invert","cat","y2","sqrtError","suffix","numToNByteStr","ut.numberToBytesBE","isBiggerThanHalfOrder","slcNum","recovery","fromCompact","fromDER","addRecoveryBit","recoverPublicKey","msgHash","rec","radj","R","ir","hasHighS","normalizeS","toDERRawBytes","ut.hexToBytes","toDERHex","toCompactRawBytes","toCompactHex","isValidPrivateKey","mod.getMinHashLength","fieldLen","minLen","mod.mapHashToField","precompute","isProbPub","delta","ORDER_MASK","ut.bitMask","int2octets","prepSig","defaultSigOpts","extraEntropy","ent","h1int","seedArgs","k2sig","kBytes","ik","normS","defaultVerOpts","privateA","publicB","privKey","ut.createHmacDrbg","drbg","sg","_sig","derError","is","getHash","msgs","createCurve","defHash","U32_MASK64","fromBig","Ah","Al","rotlSH","rotlSL","rotlBH","rotlBL","u64","toBig","shrSH","_l","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","rotr32H","_h","rotr32L","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5H","Eh","add5L","El","SHA512_Kh","SHA512_Kl","SHA512_W_H","SHA512_W_L","SHA512","Fh","Fl","Gh","Gl","Hh","Hl","W15h","W15l","s0h","s0l","W2h","W2l","s1h","s1l","SUMl","SUMh","sigma1h","sigma1l","CHIh","CHIl","T1ll","T1h","T1l","sigma0h","sigma0l","MAJh","MAJl","All","SHA384","SHA3_PI","SHA3_ROTL","_SHA3_IOTA","_7n","_256n","_0x71n","round","SHA3_IOTA_H","SHA3_IOTA_L","rotlH","rotlL","Keccak","enableXOF","posOut","state32","keccak","idx1","idx0","B0","B1","Th","Tl","curH","curL","PI","keccakP","writeInto","bufferOut","xofInto","xof","shake256","wrapXOFConstructorWithOpts","dkLen","genShake","VERIFY_DEFAULT","zip215","twistedEdwards","adjustScalarBytes","domain","uvRatio","mapToCurve","cHash","modP","ctx","phflag","aCoordinate","assertPoint","ex","ey","ez","Z4","aX2","X1Z2","X2Z1","Y1Z2","Y2Z1","x1y1","isSmallOrder","normed","ut.bytesToNumberLE","isXOdd","isLastByteOdd","getExtendedPublicKey","ut.numberToBytesLE","modN_LE","pointBytes","hashDomainToScalar","context","verifyOpts","SB","ExtendedPoint","montgomery","montgomeryBits","powPminus2","Gu","montgomeryBytes","swap","x_2","x_3","dummy","a24","encodeUCoordinate","pointU","uEnc","decodeUCoordinate","_scalar","decodeScalar","pu","x_1","sw","z_2","z_3","k_t","AA","BB","DA","CB","dacb","da_cb","z2","montgomeryLadder","GuBytes","scalarMultBase","shake256_114","ed448P","_11n","_22n","_44n","_88n","_223n","ed448_pow_Pminus3div4","b22","b44","b88","b176","b220","b222","b223","ED448_DEF","u2v","u3v","u5v3","secp256k1P","secp256k1N","divNearest","_6n","_23n","a2","POW_2_128","des","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","looping","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","f1","f2","f3","scheduleA","scheduleB","sBox","inn","ki","half","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","dataL","dataR","parray","vector","off","ret","_decryptBlock","jj","kk","BlowFish","TwoFish","SHA1_IV","SHA1_W","SHA1","Rho","Id","Pi","idxL","idxR","shiftsL","shiftsR","Kl","Kr","group","R_BUF","RIPEMD160","h0","h1","h2","h3","h4","ar","br","cr","dr","el","er","rGroup","hbl","hbr","rl","rr","sr","ripemd160","ADD64","INC64","ix","iy","xor0","xor1","BLAKE2B_IV32","SIGMA","f0","i16","Blake2b","outlen","personal","BLOCKBYTES","OUTBYTES_MAX","params32","prealloc","TYPE","VERSION","TAGBYTES_MAX","TAGBYTES_MIN","SALTBYTES_MAX","SALTBYTES_MIN","passwordBYTES_MAX","passwordBYTES_MIN","MEMBYTES_MAX","ADBYTES_MAX","SECRETBYTES_MAX","ARGON2_BLOCK_SIZE","ARGON2_PREHASH_DIGEST_LENGTH","LE32","LE64","H_","V1_in","blake2b","V_r1","XOR","wasmContext","xs","ys","refs","gZ","G2","makePRNG","pass","lane","m_","totalPasses","segmentLength","segmentOffset","prngTmp","g2","ZERO1024","prngR","KB","WASM_PAGE_SIZE","argon2id","memory","wasmInstance","ad","assertLength","lanes","wasmG","wasmG2","wasmXOR","getLZ","wasmLZ","exports","wasmRefs","wasmFn","requiredMemory","grow","lz","newBlock","blockMemory","allocatedMemory","H0","ZERO32","concatArrays","outputBuffer","getH0","initBlock","isDataIndependent","PRNG","J1J2","next","isSIMDSupported","setupWasm","getSIMD","getNonSIMD","WebAssembly","Memory","initial","maximum","wasmModule","importObject","loaded","wasmLoader","instanceObject","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","seek","n_bit","n_byte","pi","bufToHex","bitreader","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","crc32","getCRC","updateCRC","updateCRCRun","require$$0","require$$1","CRC32","require$$2","mtf","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","status","optDetail","errorCode","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","maxLen","MAX_HUFCODE_BITS","permute","limit","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","lib","multistream","bz","targetStreamCRC","decodeBlock","writeCopies","table","delegate","position","assert","createPadding","rest","unknownOptions","streamType","literalDataPacketlist","expectSigned","publicKeys","clonedPrivateKey","passphrases","encryptionUserIDs","signatureNotations","senderAlgoSupport","recipientPrefs","getPreferredCompressionAlgo","checkBinary","checkString","helper.generateSecretKey","cleartextMessage","checkHashAlgos","hashAlgos","check","hashHeader","parsedHashIDs","armoredKey","binaryKey","keyIndex","armoredKeys","binaryKeys","newKey","armoredMessage","binaryMessage","firstPrivateKeyList","oneKeyList","armoredSignature","binarySignature","reformattedKey","sanitize","reformat","revokedKey"],"mappings":";4yBAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxB,WAAAC,GACEC,QAEAC,OAAOC,eAAeC,KAAMN,EAAYO,WAExCD,KAAKX,GAAsB,IAAIa,SAAQ,CAACC,EAASC,KAC/CJ,KAAKT,GAAsBY,EAC3BH,KAAKR,GAAqBY,CAAM,IAElCJ,KAAKX,GAAoBgB,OAAM,QACnC,EAsCA,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAab,MAAMc,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,CACX,CACEX,KAAKgB,OAAST,CAChB,CCjEA,SAASU,EAASV,GAChB,GAAID,EAAcC,GAChB,MAAO,QAET,GAAIW,EAAWC,gBAAkBD,EAAWC,eAAelB,UAAUmB,cAAcb,GACjF,MAAO,MAGT,GAAIA,KACAW,EAAWC,gBAAkBZ,aAAiBW,EAAWC,iBACpC,mBAAhBZ,EAAMc,OAAwD,iBAAzBd,EAAMe,eAClD,MAAUC,MAAM,sIAElB,SAAIhB,IAASA,EAAMC,YACV,UAGX,CAOA,SAASgB,EAAajB,GACpB,OAAOkB,WAAWxB,UAAUmB,cAAcb,EAC5C,CAOA,SAASmB,EAAiBC,GACxB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACtC,IAAKN,EAAaG,EAAOG,IACvB,MAAUP,MAAM,8DAGlBM,GAAeF,EAAOG,GAAGF,MAC7B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAAQ,SAAUC,GACvBH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MACnB,IAESG,CACT,CD3CArC,EAAYO,UAAUO,UAAY,WAIhC,YAH2B4B,IAAvBpC,KAAKP,KACPO,KAAKP,GAAgB,GAEhB,CACL4C,KAAMC,gBACEtC,KAAKX,GACPW,KAAKP,KAAkBO,KAAK4B,OACvB,CAAEW,WAAOH,EAAWI,MAAM,GAE5B,CAAED,MAAOvC,KAAKA,KAAKP,MAAkB+C,MAAM,IAGxD,EAEA9C,EAAYO,UAAUwC,UAAYH,eAAeI,SACzC1C,KAAKX,GACX,MAAM0C,EAASW,EAAK1C,KAAK2C,MAAM3C,KAAKP,KAEpC,OADAO,KAAK4B,OAAS,EACPG,CACT,EAEArC,EAAYO,UAAU2C,MAAQ,WAC5B,MAAMA,EAAQ,IAAIlD,EAIlB,OAHAkD,EAAMvD,GAAsBW,KAAKX,GAAoBwD,MAAK,KACxDD,EAAME,QAAQ9C,KAAK,IAEd4C,CACT,EAkCAlC,EAAOT,UAAU8C,MAAQT,eAAeU,GACtChD,KAAKgB,OAAO8B,KAAKE,EACnB,EAOAtC,EAAOT,UAAUgD,MAAQX,iBACvBtC,KAAKgB,OAAOzB,IACd,EAOAmB,EAAOT,UAAUiD,MAAQZ,eAAea,GAEtC,OADAnD,KAAKgB,OAAOxB,GAAmB2D,GACxBA,CACT,EAOAzC,EAAOT,UAAUY,YAAc,WAAa,EC5GC,iBAAvBK,EAAWkC,SACxBlC,EAAWkC,QAAQC,SCA5B,MAAMC,EAAiB,IAAIC,QAMrBC,EAAiBlE,OAAO,kBAS9B,SAASmE,EAAOlD,GAKd,GAJAP,KAAKgB,OAAST,EACVA,EAAMiD,KACRxD,KAAKwD,GAAkBjD,EAAMiD,GAAgBb,SAE3CrC,EAAcC,GAAQ,CACxB,MAAMmD,EAASnD,EAAMC,YAIrB,OAHAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,YACpB5D,KAAK6D,QAAU,OAEnB,CAEE,GADiB5C,EAASV,GACV,CACd,MAAMmD,EAASnD,EAAMC,YAOrB,OANAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,KAClBF,EAAO5C,OAAOT,OAAM,eACpBqD,EAAO7C,aAAa,OAEtBb,KAAK6D,QAAUH,EAAOI,OAAOH,KAAKD,GAEtC,CACE,IAAIK,GAAc,EAClB/D,KAAKqB,MAAQiB,SACPyB,GAAeT,EAAeU,IAAIzD,GAC7B,CAAEgC,WAAOH,EAAWI,MAAM,IAEnCuB,GAAc,EACP,CAAExB,MAAOhC,EAAOiC,MAAM,IAE/BxC,KAAK4D,aAAe,KAClB,GAAIG,EACF,IACET,EAAeW,IAAI1D,EACpB,CAAC,MAAM2D,GAAG,CACjB,CAEA,CC/CA,SAASC,EAAS5D,GAEhB,OADiBU,EAASV,GAEjBA,EAEF,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJA,EAAWC,QAAQ/D,GACnB8D,EAAWpB,OACjB,GAEA,CAOA,SAASsB,EAAchE,GACrB,GAAIU,EAASV,GACX,OAAOA,EAET,MAAMS,EAAS,IAAItB,EAMnB,MALA,WACE,MAAMiB,EAASC,EAAUI,SACnBL,EAAOoC,MAAMxC,SACbI,EAAOsC,OACd,EAJD,GAKOjC,CACT,CAQA,SAASwD,EAAOC,GACd,OAAIA,EAAKC,MAAK1D,GAAUC,EAASD,KAAYV,EAAcU,KAiB7D,SAAsByD,GACpBA,EAAOA,EAAKE,IAAIR,GAChB,MAAMS,EAAYC,GAAoBvC,eAAea,SAC7CjD,QAAQ4E,IAAIC,EAAWJ,KAAI3D,GAAU8C,EAAO9C,EAAQmC,KAC9D,IACE,IAAI6B,EAAO9E,QAAQC,UACnB,MAAM4E,EAAaN,EAAKE,KAAI,CAAC3D,EAAQc,IAAMmD,EAAcjE,GAAQ,CAACkE,EAAUC,KAC1EH,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKF,EAAUN,EAAUO,SAAU,CACxDE,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,OAET,OAAOJ,EAAUM,QACnB,CA7BWI,CAAab,GAElBA,EAAKC,MAAK1D,GAAUV,EAAcU,KAkCxC,SAA2ByD,GACzB,MAAM1C,EAAS,IAAIrC,EACnB,IAAIsF,EAAO9E,QAAQC,UAOnB,OANAsE,EAAKxC,SAAQ,CAACjB,EAAQc,KACpBkD,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKpE,EAAQe,EAAQ,CAC1CsD,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,KAEFjD,CACT,CA3CWwD,CAAkBd,GAEJ,iBAAZA,EAAK,GACPA,EAAK/B,KAAK,IAEZhB,EAAiB+C,EAC1B,CA+CAnC,eAAe8C,EAAK7E,EAAOiF,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzE,EAASV,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4D,EAAS5D,GACjB,IACE,GAAIA,EAAMiD,GAAiB,CACzB,MAAM7C,EAASC,EAAU4E,GACzB,IAAK,IAAI1D,EAAI,EAAGA,EAAIvB,EAAMiD,GAAgB5B,OAAQE,UAC1CnB,EAAOgF,YACPhF,EAAOoC,MAAMxC,EAAMiD,GAAgB1B,IAE3CnB,EAAOE,aACf,OACYN,EAAMqF,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,iBAEH,CAAC,MAAMxB,GAAG,CACX,MACJ,CAEE,MAAMR,EAASlD,EADfD,EAAQgE,EAAchE,IAEhBI,EAASC,EAAU4E,GACzB,IAEE,OAAa,OACL7E,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACH6C,SAAoB1E,EAAOsC,QAChC,KACR,OACYtC,EAAOoC,MAAMR,EACzB,CACG,CAAC,MAAO2B,GACFuB,SAAoB9E,EAAOuC,MAAMgB,EAC1C,CAAY,QACRR,EAAO7C,cACPF,EAAOE,aACX,CACA,CAQA,SAASgF,EAAatF,EAAOuF,GAC3B,MAAMC,EAAkB,IAAIC,gBAAgBF,GAE5C,OADAV,EAAK7E,EAAOwF,EAAgBZ,UACrBY,EAAgBb,QACzB,CAOA,SAASL,EAAoBoB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLpB,SAAU,IAAI/D,eAAe,CAC3B,KAAAiD,CAAMC,GACJ+B,EAAmB/B,CACpB,EACD,IAAAkC,GACML,EACFA,IAEAG,GAAS,CAEZ,EACD,YAAMvC,CAAOX,GACXmD,GAAY,EACRL,SACIA,EAAa9C,GAEjBgD,GACFA,EAAgChD,EAE1C,GACO,CAACqD,cAAe,IACnBrB,SAAU,IAAIsB,eAAe,CAC3B1D,MAAOT,eAAeU,GACpB,GAAIsD,EACF,MAAU/E,MAAM,uBAElB6E,EAAiB9B,QAAQtB,GACpBqD,EAQHA,GAAS,SAPH,IAAInG,SAAQ,CAACC,EAASC,KAC1B8F,EAAmC/F,EACnCgG,EAAkC/F,CAAM,IAE1C8F,EAAmC,KACnCC,EAAkC,KAIrC,EACDlD,MAAOmD,EAAiBnD,MAAMU,KAAKyC,GACnClD,MAAOkD,EAAiBM,MAAM/C,KAAKyC,KAGzC,CASA,SAASxB,EAAUrE,EAAO6C,EAAU,KAAe,EAAEuD,EAAS,KAAe,GAC3E,GAAIrG,EAAcC,GAAQ,CACxB,MAAMqG,EAAS,IAAIlH,EAgBnB,MAfA,WACE,MAAMiB,EAASC,EAAUgG,GACzB,IACE,MAAMC,QAAapE,EAAUlC,GACvBuG,EAAU1D,EAAQyD,GAClBE,EAAUJ,IAChB,IAAI5E,EACgDA,OAApCK,IAAZ0E,QAAqC1E,IAAZ2E,EAAgCvC,EAAO,CAACsC,EAASC,SACpD3E,IAAZ0E,EAAwBA,EAAUC,QAC1CpG,EAAOoC,MAAMhB,SACbpB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,CACK,EAdD,GAeO0C,CACX,CACE,GAAI3F,EAASV,GACX,OAAOsF,EAAatF,EAAO,CACzB,eAAMqE,CAAUrC,EAAO8B,GACrB,IACE,MAAMtC,QAAeqB,EAAQb,QACdH,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACO,EACD,WAAM8C,CAAM3C,GACV,IACE,MAAMtC,QAAe4E,SACNvE,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACA,IAGE,MAAM4C,EAAU1D,EAAQ7C,GAClBwG,EAAUJ,IAChB,YAAgBvE,IAAZ0E,QAAqC1E,IAAZ2E,EAA8BvC,EAAO,CAACsC,EAASC,SACzD3E,IAAZ0E,EAAwBA,EAAUC,CAC3C,CAWA,SAAS9B,EAAc1E,EAAO0G,GAC5B,GAAIhG,EAASV,KAAWD,EAAcC,GAAQ,CAC5C,IAAI2G,EACJ,MAAMC,EAAW,IAAInB,gBAAgB,CACnC,KAAA5B,CAAMC,GACJ6C,EAA8B7C,CACtC,IAGU+C,EAAkBhC,EAAK7E,EAAO4G,EAAShC,UAEvCkC,EAAWxC,GAAoBvC,eAAea,GAClD+D,EAA4BR,MAAMvD,SAC5BiE,QACA,IAAIlH,QAAQoH,WACxB,IAEI,OADAL,EAAGE,EAASjC,SAAUmC,EAASlC,UACxBkC,EAASnC,QACpB,CACE3E,EAAQgE,EAAchE,GACtB,MAAMqG,EAAS,IAAIlH,EAEnB,OADAuH,EAAG1G,EAAOqG,GACHA,CACT,CAWA,SAASW,EAAMhH,EAAO0G,GACpB,IAAIO,EACJ,MAAMC,EAAcxC,EAAc1E,GAAO,CAAC2E,EAAUC,KAClD,MAAMzB,EAASlD,EAAU0E,GACzBxB,EAAOgE,UAAY,KACjBhE,EAAO7C,cACPuE,EAAKF,EAAUC,GACRsC,GAETD,EAAcP,EAAGvD,EAAO,IAE1B,OAAO8D,CACT,CA4BA,SAAS5E,EAAMrC,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqC,QAEf,GAAI3B,EAASV,GAAQ,CACnB,MAAMoH,EAxBV,SAAapH,GACX,GAAID,EAAcC,GAChB,MAAUgB,MAAM,qDAElB,GAAIN,EAASV,GAAQ,CACnB,MAAMoH,EAAOxD,EAAS5D,GAAOqH,MAE7B,OADAD,EAAK,GAAGnE,GAAkBmE,EAAK,GAAGnE,GAAkBjD,EAAMiD,GACnDmE,CACX,CACE,MAAO,CAAChF,EAAMpC,GAAQoC,EAAMpC,GAC9B,CAciBqH,CAAIrH,GAEjB,OADAsH,EAAUtH,EAAOoH,EAAK,IACfA,EAAK,EAChB,CACE,OAAOhF,EAAMpC,EACf,CAUA,SAASuH,EAAavH,GACpB,OAAID,EAAcC,GACTqC,EAAMrC,GAEXU,EAASV,GACJ,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJ,MAAMoD,EAAcxC,EAAc1E,GAAO+B,MAAO4C,EAAUC,KACxD,MAAMzB,EAASlD,EAAU0E,GACnBvE,EAASC,EAAUuE,GACzB,IAEE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,IAAM6B,EAAWpB,OAAU,CAAC,MAAMiB,GAAG,CAErC,kBADMvD,EAAOsC,OAE7B,CACc,IAAMoB,EAAWC,QAAQ/B,EAAO,CAAG,MAAM2B,GAAG,OACtCvD,EAAOoC,MAAMR,EACjC,CACW,CAAC,MAAM2B,GACNG,EAAWqC,MAAMxC,SACXvD,EAAOuC,MAAMgB,EAC/B,KAEQ2D,EAAUtH,EAAOkH,EACzB,IAGS9E,EAAMpC,EACf,CAQA,SAASsH,EAAUtH,EAAOqC,GAExB9C,OAAOiI,QAAQjI,OAAOkI,0BAA0BzH,EAAMX,YAAYK,YAAYgC,SAAQ,EAAEgG,EAAMC,MAC/E,gBAATD,IAGAC,EAAW3F,MACb2F,EAAW3F,MAAQ2F,EAAW3F,MAAMoB,KAAKf,GAEzCsF,EAAWC,IAAMD,EAAWC,IAAIxE,KAAKf,GAEvC9C,OAAOsI,eAAe7H,EAAO0H,EAAMC,GAAW,GAElD,CAOA,SAASvF,EAAMpC,EAAO8H,EAAM,EAAGC,EAAIC,KACjC,GAAIjI,EAAcC,GAChB,MAAUgB,MAAM,mBAElB,GAAIN,EAASV,GAAQ,CACnB,GAAI8H,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAO3C,EAAatF,EAAO,CACzB,SAAAqE,CAAUrC,EAAO8B,GACXmE,EAAYF,GACVE,EAAYjG,EAAMX,QAAUyG,GAC9BhE,EAAWC,QAAQ3B,EAAMJ,EAAOkG,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAajG,EAAMX,QAEnByC,EAAWsE,WAEvB,GAEA,CACI,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAOhE,EAAUrE,GAAOgC,IAClBA,EAAMX,SAAWyG,EAAOO,EAAY,CAACrG,GACpCqG,EAAU9F,KAAKP,EAAM,IACzB,IAAMI,EAAM6B,EAAOoE,GAAYP,EAAOC,IAC/C,CACI,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAOhE,EAAUrE,GAAOgC,IACtB,MAAMiF,EAAcoB,EAAYpE,EAAO,CAACoE,EAAWrG,IAAUA,EAC7D,GAAIiF,EAAY5F,SAAW0G,EAEzB,OADAM,EAAYjG,EAAM6E,EAAac,GACxB3F,EAAM6E,EAAaa,EAAOC,GAEjCM,EAAYpB,CAAW,GAEjC,CAEI,OADAqB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUzG,SAAYK,QAAYF,EAAUlC,GAAQ8H,EAAOC,IACtE,CAIE,OAHI/H,EAAMiD,KACRjD,EAAQiE,EAAOjE,EAAMiD,GAAgBgB,OAAO,CAACjE,MAE3CiB,EAAajB,GACRA,EAAMyI,SAASX,EAAOC,IAAQC,IAAWhI,EAAMqB,OAAS0G,GAE1D/H,EAAMoC,MAAM0F,EAAOC,EAC5B,CASAhG,eAAeG,EAAUlC,EAAOmC,EAAK8B,GACnC,OAAIlE,EAAcC,GACTA,EAAMkC,UAAUC,GAErBzB,EAASV,GACJC,EAAUD,GAAOkC,UAAUC,GAE7BnC,CACT,CASA+B,eAAewB,EAAOvD,EAAO4C,GAC3B,GAAIlC,EAASV,GAAQ,CACnB,GAAIA,EAAMuD,OAAQ,CAChB,MAAMwC,QAAkB/F,EAAMuD,OAAOX,GAGrC,aADM,IAAIjD,QAAQoH,YACXhB,CACb,CACI,GAAI/F,EAAM0I,QAGR,OAFA1I,EAAM0I,QAAQ9F,SACR,IAAIjD,QAAQoH,YACXnE,CAEb,CACA,CAOA,SAAS4F,EAAU9B,GACjB,MAAMiC,EAAc,IAAIxJ,EAUxB,MATA,WACE,MAAMiB,EAASC,EAAUsI,GACzB,UACQvI,EAAOoC,YAAYkE,WACnBtG,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,CACG,EARD,GASOgF,CACT,CAOA,SAAS1I,EAAUD,GACjB,OAAO,IAAIkD,EAAOlD,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CDhfAkD,EAAOxD,UAAUoC,KAAOC,iBACtB,GAAItC,KAAKwD,IAAmBxD,KAAKwD,GAAgB5B,OAAQ,CAEvD,MAAO,CAAEY,MAAM,EAAOD,MADRvC,KAAKwD,GAAgB2F,QAEvC,CACE,OAAOnJ,KAAKqB,OACd,EAKAoC,EAAOxD,UAAUY,YAAc,WACzBb,KAAKwD,KACPxD,KAAKgB,OAAOwC,GAAkBxD,KAAKwD,IAErCxD,KAAK4D,cACP,EAKAH,EAAOxD,UAAU6D,OAAS,SAASX,GACjC,OAAOnD,KAAK6D,QAAQV,EACtB,EAOAM,EAAOxD,UAAUmJ,SAAW9G,iBAC1B,IACI+G,EADAC,EAAS,GAEb,MAAQD,GAAW,CACjB,IAAI7G,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OAEjC,GADAE,GAAS,GACLC,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAEF,MAAME,EAAejH,EAAMkH,QAAQ,MAAQ,EACvCD,IACFH,EAAYE,EAAeD,EAAO9E,OAAOjC,EAAMmH,OAAO,EAAGF,KACzDF,EAAS,IAEPE,IAAiBjH,EAAMX,QACzB0H,EAAOxG,KAAKP,EAAMmH,OAAOF,GAE/B,CAEE,OADAxJ,KAAK2J,WAAWL,GACTD,CACT,EAOA5F,EAAOxD,UAAU2J,SAAWtH,iBAC1B,MAAME,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,OACV,MAAMqH,EAAOtH,EAAM,GAEnB,OADAvC,KAAK2J,QAAQG,EAAcvH,EAAO,IAC3BsH,CACT,EAOApG,EAAOxD,UAAU8J,UAAYzH,eAAeV,GAC1C,MAAM0H,EAAS,GACf,IAAIU,EAAe,EAEnB,OAAa,CACX,MAAMxH,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAIF,GAFAA,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBpI,EAAQ,CAC1B,MAAMqI,EAAeV,EAAeD,GAEpC,OADAtJ,KAAK2J,QAAQG,EAAcG,EAAcrI,IAClCkI,EAAcG,EAAc,EAAGrI,EAC5C,CACA,CACA,EAOA6B,EAAOxD,UAAUiK,UAAY5H,eAAeV,GAC1C,MAAMuI,QAAcnK,KAAK+J,UAAUnI,GAEnC,OADA5B,KAAK2J,QAAQQ,GACNA,CACT,EAOA1G,EAAOxD,UAAU0J,QAAU,YAAYS,GAChCpK,KAAKwD,KACRxD,KAAKwD,GAAkB,IAGL,IAAlB4G,EAAOxI,QAAgBJ,EAAa4I,EAAO,KAC3CpK,KAAKwD,GAAgB5B,QAAUwI,EAAO,GAAGxI,QACzC5B,KAAKwD,GAAgB,GAAG6G,YAAcD,EAAO,GAAGxI,OAEhD5B,KAAKwD,GAAgB,GAAK,IAAI/B,WAC5BzB,KAAKwD,GAAgB,GAAG8F,OACxBtJ,KAAKwD,GAAgB,GAAG6G,WAAaD,EAAO,GAAGxI,OAC/C5B,KAAKwD,GAAgB,GAAG8G,WAAaF,EAAO,GAAGxI,QAInD5B,KAAKwD,GAAgBmG,WAAWS,EAAOG,QAAOhI,GAASA,GAASA,EAAMX,SACxE,EAQA6B,EAAOxD,UAAUwC,UAAYH,eAAeI,EAAK6G,GAC/C,MAAMxH,EAAS,GAEf,OAAa,CACX,MAAMS,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,MACVT,EAAOe,KAAKP,EAChB,CACE,OAAOG,EAAKX,EACd,EExMA,MAAMyI,EAAUlL,OAAO,WAEvB,IAAemL,EAAA,CAObC,MAAO,CAELC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,UAA0B,YAG1BC,cAA0B,gBAE1BC,QAA0B,gBAG1BC,iBAA0B,mBAE1BC,WAA0B,mBAG1BC,gBAAyB,kBAGzBC,gBAAyB,kBAGzBC,gBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,OAAQ,EACRC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAENxB,QAAS,GAETyB,MAAO,IAOTC,UAAW,CAETC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,GACRC,SAAU,GACVC,SAAU,IAOZC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXjD,UAAW,EACXkD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,GACnBC,QAAS,IAOXC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRrB,UAAW,CAETkB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,YAAa,GACbC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,GACzBC,sBAAuB,IAOzBR,SAAU,CAERS,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTxH,UAAW,EACXyH,WAAY,EACZ3E,UAAW,GAObwD,oBAAqB,CAEnBoB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBvB,SAAU,CAERwB,sBAAuB,EAGvBxF,KAAM,EAGNyF,OAAQ,EACRC,QAAS,GAUXjR,MAAO,SAASkR,EAAM/P,GAKpB,GAJiB,iBAANA,IACTA,EAAIlE,KAAKqC,KAAK4R,EAAM/P,SAGN9B,IAAZ6R,EAAK/P,GACP,OAAO+P,EAAK/P,GAGd,MAAU3C,MAAM,sBACjB,EASDc,KAAM,SAAS4R,EAAM/P,GAQnB,GAPK+P,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChB1K,OAAOiI,QAAQkM,GAAMhS,SAAQ,EAAE0O,EAAKpO,MAClC0R,EAAKzJ,GAASjI,GAASoO,CAAG,UAILvO,IAArB6R,EAAKzJ,GAAStG,GAChB,OAAO+P,EAAKzJ,GAAStG,GAGvB,MAAU3C,MAAM,sBACpB,GCnce2S,EAAA,CAKbC,uBAAwB1J,EAAMkD,KAAKM,OAKnCmG,4BAA6B3J,EAAMoC,UAAUO,OAK7CiH,8BAA+B5J,EAAM6C,YAAYC,aAajD+G,aAAa,EAQbC,kCAAkC,EAOlCC,uBAAwB/J,EAAM6D,KAAKG,IAQnCgG,kBAAmB,GAQnBC,QAAQ,EAQRC,yBAAyB,EASzBC,QAASnK,EAAMgB,IAAIG,SASnBiJ,sBAAuB,IAcvBC,gBAAiB,CACfC,OAAQ,EACRC,YAAa,EACbC,eAAgB,IAUlBC,8BAA8B,EAe9BC,4BAA4B,EAO5BC,WAAY,KAOZC,wBAAwB,EAQxBC,wCAAwC,EASxCC,8CAA8C,EAQ9CC,sBAAsB,EAUtBC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAAClL,EAAMoC,UAAUK,OAAQzC,EAAMoC,UAAUM,OAAQ1C,EAAMoC,UAAUO,SAKlIwI,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,mBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,uCAAuC,EAOvCC,qBAAqB,EAMrBC,qBAAsB,IAAIZ,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,SAM1D0I,4BAA6B,IAAIb,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,OAAQrD,EAAMkD,KAAKE,OAMpF4I,0BAA2B,IAAId,IAAI,CAAClL,EAAMsB,UAAUI,QAAS1B,EAAMsB,UAAUK,MAM7EsK,aAAc,IAAIf,IAAI,CAAClL,EAAMC,MAAMO,aC7QrC,MAAM0L,EAAY,MAChB,IACE,MAAgC,gBAAzBvT,QAAQwT,IAAIC,QACpB,CAAC,MAAO3S,GAAG,CACZ,OAAO,CACR,EALiB,GAOZ4S,EAAO,CACXC,SAAU,SAASlQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBmQ,MACpD,EAEDC,YAAaC,EAAaA,yLAE1BzW,QAAS,SAASoG,GAChB,OAAOA,aAAgBlH,KACxB,EAED6B,aAAc2V,EAEdlW,SAAUmW,EASVC,cAAe/U,MAAOgV,EAAeC,KACnC,IAAKC,EAAclB,oBACjB,MAAU/U,MAAM,gEAGlB,MAAMkW,YAAEA,SAAsBvX,QAAmDC,UAAA0C,MAAA,WAAA,OAAA6U,EAAA,IACjF,OAAQJ,GACN,KAAK7M,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUO,MAAO,CAC1B,MAAM5B,EAAQ+M,EAAYtP,IAAIoP,GAC9B,IAAK7M,EAAO,MAAUnJ,MAAM,qBAC5B,OAAOmJ,CACf,CACM,KAAKD,EAAMsB,UAAUY,KACnB,OAAO8K,EAAYtP,IAAI,QACzB,KAAKsC,EAAMsB,UAAUa,MACnB,OAAO6K,EAAYtP,IAAI,SACzB,QACE,MAAU5G,MAAM,qBACxB,EAGEoW,WAAY,SAAUxN,GACpB,IAAIyN,EAAI,EACR,IAAK,IAAI9V,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAChC8V,GAAM,KAAO9V,EAAKqI,EAAMA,EAAMvI,OAAS,EAAIE,GAE7C,OAAO8V,CACR,EAEDC,YAAa,SAAUD,EAAGzN,GACxB,MAAM2N,EAAI,IAAIrW,WAAW0I,GACzB,IAAK,IAAIrI,EAAI,EAAGA,EAAIqI,EAAOrI,IACzBgW,EAAEhW,GAAM8V,GAAM,GAAKzN,EAAQrI,EAAI,GAAO,IAGxC,OAAOgW,CACR,EAEDC,SAAU,SAAU5N,GAClB,MAAMyN,EAAId,EAAKa,WAAWxN,GAE1B,OADU,IAAI6N,KAAS,IAAJJ,EAEpB,EAEDK,UAAW,SAAUC,GACnB,MAAMC,EAAU1P,KAAK2P,MAAMF,EAAKG,UAAY,KAE5C,OAAOvB,EAAKe,YAAYM,EAAS,EAClC,EAEDG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAS3P,IAAW2P,EAAO,IAAIF,KAAgC,IAA3BvP,KAAK2P,OAAOF,EAAO,KAChF,EAODM,QAAS,SAAUrO,GACjB,MACMsO,GADQtO,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAM/B,OAAO2M,EAAK4B,kBAAkBvO,EAAO,EAAG,EAAIsO,EAC7C,EASDC,kBAAmB,SAAUnY,EAAO6D,EAAOkE,GACzC,GAAI/H,EAAMqB,OAAU0G,EAAMlE,EACxB,MAAU7C,MAAM,yBAElB,OAAOhB,EAAMyI,SAAS5E,EAAOkE,EAC9B,EAQD,OAAAqQ,CAAQxO,EAAOvI,GACb,GAAIuI,EAAMvI,OAASA,EACjB,MAAUL,MAAM,wBAElB,MAAMqX,EAAS,IAAInX,WAAWG,GACxBiX,EAASjX,EAASuI,EAAMvI,OAE9B,OADAgX,EAAOzW,IAAIgI,EAAO0O,GACXD,CACR,EAODE,gBAAiB,SAAUC,GACzB,MAAMC,EAAUlC,EAAKmC,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUzX,MAAM,YAElB,MAAM2X,EAAWH,EAAI/P,SAAS+P,EAAInX,OAAS6G,KAAK0Q,KAAKH,EAAU,IACzDI,EAAS,IAAI3X,WAAW,EAAY,MAAVuX,IAAqB,EAAa,IAAVA,IACxD,OAAOlC,EAAKpV,iBAAiB,CAAC0X,EAAQF,GACvC,EAODD,oBAAqB,SAAUF,GAC7B,IAAIjX,EACJ,IAAKA,EAAI,EAAGA,EAAIiX,EAAInX,QAA4B,IAAXmX,EAAIjX,GAAbA,KAC5B,GAAIA,IAAMiX,EAAInX,OACZ,OAAO,EAET,MAAMsX,EAAWH,EAAI/P,SAASlH,GAC9B,OAA+B,GAAvBoX,EAAStX,OAAS,GAASkV,EAAKuC,MAAMH,EAAS,GACxD,EAODI,gBAAiB,SAAUC,GACzB,MAAMxX,EAAS,IAAIN,WAAW8X,EAAI3X,QAAU,GAC5C,IAAK,IAAI4X,EAAI,EAAGA,EAAID,EAAI3X,QAAU,EAAG4X,IACnCzX,EAAOyX,GAAKC,SAASF,EAAI7P,OAAO8P,GAAK,EAAG,GAAI,IAE9C,OAAOzX,CACR,EAOD2X,gBAAiB,SAAUvP,GACzB,MAAMwP,EAAc,mBACpB,IAAIC,EAAI,GAER,OADAzP,EAAMlI,SAAQ4X,IAAOD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAC5DD,CACR,EAODE,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKjD,EAAKC,SAASgD,GACjB,MAAUxY,MAAM,4DAGlB,MAAMQ,EAAS,IAAIN,WAAWsY,EAAInY,QAClC,IAAK,IAAIE,EAAI,EAAGA,EAAIiY,EAAInY,OAAQE,IAC9BC,EAAOD,GAAKiY,EAAIE,WAAWnY,GAE7B,OAAOC,CAAM,GAEhB,EAODmY,mBAAoB,SAAU/P,GAE5B,MAAMpI,EAAS,GACToY,EAAK,MACLC,GAHNjQ,EAAQ,IAAI1I,WAAW0I,IAGPvI,OAEhB,IAAK,IAAIE,EAAI,EAAGA,EAAIsY,EAAGtY,GAAKqY,EAC1BpY,EAAOe,KAAKkU,OAAOqD,aAAaC,MAAMtD,OAAQ7M,EAAMnB,SAASlH,EAAGA,EAAIqY,EAAKC,EAAItY,EAAIqY,EAAKC,KAExF,OAAOrY,EAAOW,KAAK,GACpB,EAOD6X,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAASrX,EAAQb,EAAOmY,GAAY,GAClC,OAAOF,EAAQG,OAAOpY,EAAO,CAAEvB,QAAS0Z,GAC9C,CACI,OAAOV,EAAiBD,EAAK3W,GAAS,IAAMA,EAAQ,IAAI,IACzD,EAODwX,WAAY,SAAU3K,GACpB,MAAM4K,EAAU,IAAIC,YAAY,SAEhC,SAAS1X,EAAQb,EAAOmY,GAAY,GAClC,OAAOG,EAAQE,OAAOxY,EAAO,CAAEvB,QAAS0Z,GAC9C,CACI,OAAOV,EAAiB/J,EAAM7M,GAAS,IAAMA,EAAQ,IAAI3B,YAAc,IACxE,EAQD+C,OAAQwW,EAORtZ,iBAAkBuZ,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKtE,EAAKtV,aAAa2Z,KAAYrE,EAAKtV,aAAa4Z,GACnD,MAAU7Z,MAAM,4CAGlB,GAAI4Z,EAAOvZ,SAAWwZ,EAAOxZ,OAC3B,OAAO,EAGT,IAAK,IAAIE,EAAI,EAAGA,EAAIqZ,EAAOvZ,OAAQE,IACjC,GAAIqZ,EAAOrZ,KAAOsZ,EAAOtZ,GACvB,OAAO,EAGX,OAAO,CACR,EAQDuZ,cAAe,SAAUrL,GACvB,IAAI4J,EAAI,EACR,IAAK,IAAI9X,EAAI,EAAGA,EAAIkO,EAAKpO,OAAQE,IAC/B8X,EAAKA,EAAI5J,EAAKlO,GAAM,MAEtB,OAAOgV,EAAKe,YAAY+B,EAAG,EAC5B,EAOD0B,WAAY,SAAUvB,GAChBpD,GACF9N,QAAQ0S,IAAI,qBAAsBxB,EAErC,EAODyB,gBAAiB,SAAU9U,GACrBiQ,GACF9N,QAAQnC,MAAM,qBAAsBA,EAEvC,EAGD2S,MAAO,SAAUoC,GACf,IAAIC,EAAI,EACJC,EAAIF,IAAM,GAyBd,OAxBU,IAANE,IACFF,EAAIE,EACJD,GAAK,IAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEAA,CACR,EAWDE,OAAQ,SAAS/U,GACf,MAAMgV,EAAY,IAAIpa,WAAWoF,EAAKjF,QAChCka,EAAOjV,EAAKjF,OAAS,EAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAIga,EAAMha,IACxB+Z,EAAU/Z,GAAM+E,EAAK/E,IAAM,EAAM+E,EAAK/E,EAAI,IAAM,EAGlD,OADA+Z,EAAUC,GAASjV,EAAKiV,IAAS,EAAuB,KAAhBjV,EAAK,IAAM,GAC5CgV,CACR,EASDE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIna,EAAIka,EAAMpa,OAAS,EAAGE,GAAK,EAAGA,IACrCka,EAAMla,KAAOma,EACTna,EAAI,IACNka,EAAMla,IAAOka,EAAMla,EAAI,IAAO,EAAIma,GAIxC,OAAOD,CACR,EAODE,aAAc,WACZ,MAEMC,OAFwC,IAAfjb,GAA8BA,EAAWkb,QAAUlb,EAAWkb,OAAOC,QAE/Drc,KAAKsc,iBAAiBC,UAAUF,OACrE,IAAKF,EACH,MAAU5a,MAAM,sCAElB,OAAO4a,CACR,EAMDG,cAAe,WACb,OAAOtc,KAAKiX,YAAY,SACzB,EAEDuF,YAAa,WACX,OAAOxc,KAAKiX,YAAY,OACzB,EAODwF,cAAe,WACb,OAAQzc,KAAKiX,YAAY,WAAa,CAAE,GAAEyF,MAC3C,EAEDC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADW7c,KAAKiX,YAAY,MAClB6F,OAAOlb,MAClB,EAWDmb,eAAgB,SAASlW,GACvB,IAAKiQ,EAAKC,SAASlQ,GACjB,OAAO,EAGT,MADW,+DACDmW,KAAKnW,EAChB,EAMDoW,gBAAiB,SAASpW,GAGxB,IAAIqW,GAAc,EAElB,OAAOlD,EAAiBnT,GAAMsD,IAY5B,IAAIgT,EAXAD,IACF/S,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,KAN9C,KASLA,EAAMA,EAAMvI,OAAS,IACvBsb,GAAc,EACd/S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BkU,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAItb,EAAI,EACXqb,EAAQhT,EAAMV,QAlBP,GAkBmB3H,GAAK,EAC3Bqb,EAFYrb,EAAIqb,EAlBb,KAqBDhT,EAAMgT,EAAQ,IAAWC,EAAQta,KAAKqa,GAK9C,IAAKC,EAAQxb,OACX,OAAOuI,EAGT,MAAMkT,EAAa,IAAI5b,WAAW0I,EAAMvI,OAASwb,EAAQxb,QACzD,IAAIwY,EAAI,EACR,IAAK,IAAItY,EAAI,EAAGA,EAAIsb,EAAQxb,OAAQE,IAAK,CACvC,MAAMwb,EAAMnT,EAAMnB,SAASoU,EAAQtb,EAAI,IAAM,EAAGsb,EAAQtb,IACxDub,EAAWlb,IAAImb,EAAKlD,GACpBA,GAAKkD,EAAI1b,OACTyb,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,GACR,CAEM,OADAiD,EAAWlb,IAAIgI,EAAMnB,SAASoU,EAAQA,EAAQxb,OAAS,IAAM,GAAIwY,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAIzb,WAAW,CA1C5B,UA0CoCW,GAChD,EAMDmb,UAAW,SAAS1W,GAGlB,IAAIqW,GAAc,EAElB,OAAOlD,EAAiBnT,GAAMsD,IAc5B,IAAIgT,EAlBK,MAMPhT,EADE+S,GAJK,KAIU/S,EAAM,GACf2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,IAE7C,IAAI1I,WAAW0I,IAGfA,EAAMvI,OAAS,IACvBsb,GAAc,EACd/S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BkU,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAItY,EAAI,EAAGA,IAAMqI,EAAMvI,OAAQE,EAAIqb,EAAO,CAC7CA,EAAQhT,EAAMV,QArBP,GAqBmB3H,GAAK,EAC1Bqb,IAAOA,EAAQhT,EAAMvI,QAC1B,MAAMka,EAAOqB,GAtBN,KAsBehT,EAAMgT,GAAgB,EAAI,GAC5Crb,GAAGqI,EAAMqT,WAAWpD,EAAGtY,EAAGga,GAC9B1B,GAAK0B,EAAOha,CACpB,CACM,OAAOqI,EAAMnB,SAAS,EAAGoR,EAAE,IAC1B,IAAO8C,EAAc,IAAIzb,WAAW,CA5B5B,UA4BoCW,GAChD,EAKDqb,qBAAsB,SAASzN,GAC7B,OAAOA,EAAK0N,MAAM,MAAM/Y,KAAIgZ,IAC1B,IAAI7b,EAAI6b,EAAK/b,OAAS,EACtB,KAAOE,GAAK,IAAkB,MAAZ6b,EAAK7b,IAA0B,OAAZ6b,EAAK7b,IAA2B,OAAZ6b,EAAK7b,IAAcA,KAC5E,OAAO6b,EAAKjU,OAAO,EAAG5H,EAAI,EAAE,IAC3BY,KAAK,KACT,EAEDkb,UAAW,SAASrK,EAAS7M,GAC3B,IAAKA,EACH,OAAWnF,MAAMgS,GAInB,IACE7M,EAAM6M,QAAUA,EAAU,KAAO7M,EAAM6M,OACxC,CAAC,MAAOrP,GAAG,CAEZ,OAAOwC,CACR,EAQDmX,wBAAyB,SAASC,GAChC,MAAMnZ,EAAM,CAAE,EAOd,OANAmZ,EAAe7b,SAAQ8b,IACrB,IAAKA,EAAYC,IACf,MAAUzc,MAAM,0CAElBoD,EAAIoZ,EAAYC,KAAOD,CAAW,IAE7BpZ,CACR,EAUDsZ,WAAY,SAASC,GAEnB,OAAO,IAAIhe,SAAQoC,MAAOnC,EAASC,KACjC,IAAI+d,QACEje,QAAQ4E,IAAIoZ,EAASvZ,KAAIrC,UAC7B,IACEnC,QAAcie,EACf,CAAC,MAAOla,GACPia,EAAYja,CACtB,MAEM9D,EAAO+d,EAAU,GAEpB,EASDE,iBAAkB,SAASC,EAAMC,EAAGzG,GAClC,MAAMlW,EAAS6G,KAAKC,IAAI6V,EAAE3c,OAAQkW,EAAElW,QAC9BG,EAAS,IAAIN,WAAWG,GAC9B,IAAI0G,EAAM,EACV,IAAK,IAAIxG,EAAI,EAAGA,EAAIC,EAAOH,OAAQE,IACjCC,EAAOD,GAAMyc,EAAEzc,GAAM,IAAMwc,EAAUxG,EAAEhW,GAAM,IAAMwc,EACnDhW,GAAQgW,EAAOxc,EAAIyc,EAAE3c,OAAY,EAAI0c,EAAQxc,EAAIgW,EAAElW,OAErD,OAAOG,EAAOiH,SAAS,EAAGV,EAC3B,EASDkW,YAAa,SAASF,EAAMC,EAAGzG,GAC7B,OAAQyG,EAAK,IAAMD,EAAUxG,EAAK,IAAMwG,CACzC,EAIDG,MAAO,SAASC,GACd,OAAOA,IAAejU,EAAMoC,UAAUK,QAAUwR,IAAejU,EAAMoC,UAAUM,QAAUuR,IAAejU,EAAMoC,UAAUO,MAC5H,GCtoBMsP,EAAS5F,EAAK2F,gBAEpB,IAAIkC,EACAC,EAkBG,SAASjE,EAAO9T,GACrB,IAAIgY,EAAM,IAAIpd,WACd,OAAOuY,EAAiBnT,GAAMtE,IAC5Bsc,EAAM/H,EAAKpV,iBAAiB,CAACmd,EAAKtc,IAClC,MAAMmZ,EAAI,GAEJoD,EAAQrW,KAAK2P,MAAMyG,EAAIjd,OADR,IAEfuI,EAFe,GAEP2U,EACRC,EAAUJ,EAAYE,EAAI7V,SAAS,EAAGmB,IAC5C,IAAK,IAAIrI,EAAI,EAAGA,EAAIgd,EAAOhd,IACzB4Z,EAAE5Y,KAAKic,EAAQrV,OAAW,GAAJ5H,EAAQ,KAC9B4Z,EAAE5Y,KAAK,MAGT,OADA+b,EAAMA,EAAI7V,SAASmB,GACZuR,EAAEhZ,KAAK,GAAG,IAChB,IAAOmc,EAAIjd,OAAS+c,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS9D,EAAOlU,GACrB,IAAIgY,EAAM,GACV,OAAO7E,EAAiBnT,GAAMtE,IAC5Bsc,GAAOtc,EAGP,IAAIyc,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAInd,EAAI,EAAGA,EAAImd,EAAWrd,OAAQE,IAAK,CAC1C,MAAMod,EAAYD,EAAWnd,GAC7B,IAAK,IAAIE,EAAM6c,EAAIpV,QAAQyV,IAAqB,IAATld,EAAYA,EAAM6c,EAAIpV,QAAQyV,EAAWld,EAAM,GACpFgd,GAER,CAII,IAAIpd,EAASid,EAAIjd,OACjB,KAAOA,EAAS,IAAMA,EAASod,GAAU,GAAM,EAAGpd,IAC5Cqd,EAAWE,SAASN,EAAIjd,KAAUod,IAGxC,MAAMI,EAAUR,EAAYC,EAAInV,OAAO,EAAG9H,IAE1C,OADAid,EAAMA,EAAInV,OAAO9H,GACVwd,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,EAAgBC,GAC9B,OAAOvE,EAAOuE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,EAAgBrV,EAAOsV,GACrC,IAAIV,EAAUpE,EAAOxQ,GAAOoV,QAAQ,UAAW,IAI/C,OAFER,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,IAEvER,CACT,CCjFA,SAASW,EAAQ1P,GACf,MAEM2P,EAAS3P,EAAK4P,MAFH,yIAIjB,IAAKD,EACH,MAAUpe,MAAM,4BAMlB,MAAI,yBAAyByb,KAAK2C,EAAO,IAChClV,EAAM0I,MAAMC,iBAMjB,oBAAoB4J,KAAK2C,EAAO,IAC3BlV,EAAM0I,MAAME,cAGjB,iBAAiB2J,KAAK2C,EAAO,IACxBlV,EAAM0I,MAAMG,OAIjB,UAAU0J,KAAK2C,EAAO,IACjBlV,EAAM0I,MAAMI,QAIjB,mBAAmByJ,KAAK2C,EAAO,IAC1BlV,EAAM0I,MAAMpH,UAIjB,oBAAoBiR,KAAK2C,EAAO,IAC3BlV,EAAM0I,MAAMK,WAMjB,YAAYwJ,KAAK2C,EAAO,IACnBlV,EAAM0I,MAAMtE,eADrB,CAGF,CAWA,SAASgR,EAAUC,EAAe5L,GAChC,IAAInS,EAAS,GAWb,OAVImS,EAAO6B,cACThU,GAAU,YAAcmS,EAAO+B,cAAgB,MAE7C/B,EAAO8B,cACTjU,GAAU,YAAcmS,EAAOgC,cAAgB,MAE7C4J,IACF/d,GAAU,YAAc+d,EAAgB,MAE1C/d,GAAU,KACHA,CACT,CAQA,SAASge,EAAYlZ,GACnB,MAAMmZ,EA+CR,SAAqBzf,GACnB,IAAIyf,EAAM,SACV,OAAOhG,EAAiBzZ,GAAOgC,IAC7B,MAAM0d,EAAQC,GAAiBzX,KAAK2P,MAAM7V,EAAMX,OAAS,GAAK,EACxDue,EAAQ,IAAIC,YAAY7d,EAAM+G,OAAQ/G,EAAM8H,WAAY4V,GAC9D,IAAK,IAAIne,EAAI,EAAGA,EAAIme,EAAOne,IACzBke,GAAOG,EAAMre,GACbke,EACEK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,EAAK,KAC1BK,EAAU,GAAgB,IAAZL,GAElB,IAAK,IAAIle,EAAY,EAARme,EAAWne,EAAIS,EAAMX,OAAQE,IACxCke,EAAOA,GAAO,EAAKK,EAAU,GAAU,IAANL,EAAczd,EAAMT,GAC3D,IACK,IAAM,IAAIL,WAAW,CAACue,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYzZ,GACxB,OAAO0Z,EAAcP,EACvB,CD9FItD,GACFiC,EAAcE,GAAOnC,EAAO8D,KAAK3B,GAAK4B,SAAS,UAC/C7B,EAAc7E,IACZ,MAAMjC,EAAI4E,EAAO8D,KAAKzG,EAAK,UAC3B,OAAO,IAAItY,WAAWqW,EAAExO,OAAQwO,EAAEzN,WAAYyN,EAAExN,WAAW,IAG7DqU,EAAcE,GAAO6B,KAAK5J,EAAKoD,mBAAmB2E,IAClDD,EAAc7E,GAAOjD,EAAKgD,mBAAmB6G,KAAK5G,KC0FpD,MAAMsG,EAAY,CACZ1gB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAImC,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAIke,EAAMle,GAAK,GACf,IAAK,IAAIsY,EAAI,EAAGA,EAAI,EAAGA,IACrB4F,EAAOA,GAAO,GAAa,QAANA,EAAwB,QAAW,GAE1DK,EAAU,GAAGve,IACH,SAANke,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAIle,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAIvE,MAAMoe,GAAkB,WACtB,MAAM5W,EAAS,IAAIsX,YAAY,GAG/B,OAFA,IAAIC,SAASvX,GAAQwX,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWzX,GAAQ,EAChC,IAmCA,SAAS0X,GAAcC,GACrB,IAAK,IAAInf,EAAI,EAAGA,EAAImf,EAAQrf,OAAQE,IAC7B,mCAAmCkb,KAAKiE,EAAQnf,KACnDgV,EAAK0E,gBAAoBja,MAAM,sCAAwC0f,EAAQnf,KAE5E,iDAAiDkb,KAAKiE,EAAQnf,KACjEgV,EAAK0E,gBAAoBja,MAAM,mBAAqB0f,EAAQnf,IAGlE,CAQA,SAASof,GAAelR,GACtB,IAAImR,EAAOnR,EAEX,MAAMoR,EAAapR,EAAKqR,YAAY,KAMpC,OAJID,GAAc,GAAKA,IAAepR,EAAKpO,OAAS,IAClDuf,EAAOnR,EAAKrN,MAAM,EAAGye,IAGhBD,CACT,CAWO,SAASG,GAAQ/gB,GAEtB,OAAO,IAAIL,SAAQoC,MAAOnC,EAASC,KACjC,IACE,MAAMmhB,EAAU,qBACVC,EAAc,oDAEpB,IAAIvN,EACJ,MAAMgN,EAAU,GAChB,IACIQ,EAEAC,EAHAC,EAAcV,EAEdjR,EAAO,GAEX,MAAMnJ,EAAO+a,EAAcC,EAAqBthB,GAAO+B,MAAO4C,EAAUC,KACtE,MAAMzB,EAASoe,EAAiB5c,GAChC,IACE,OAAa,CACX,IAAIyY,QAAaja,EAAO0F,WACxB,QAAahH,IAATub,EACF,MAAUpc,MAAM,0BAIlB,GADAoc,EAAO7G,EAAK2G,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpDtL,EAIE,GAAKwN,EAcAC,GAAYzN,IAASxJ,EAAM0I,MAAMG,SACtCiO,EAAQvE,KAAKW,IAIhB3N,EAAOA,EAAKtN,KAAK,QACjBgf,GAAW,EACXV,GAAcW,GACdA,EAAc,GACdF,GAAc,GANdzR,EAAKlN,KAAK6a,EAAK4B,QAAQ,MAAO,WAbhC,GAHIgC,EAAQvE,KAAKW,IACfvd,EAAWmB,MAAM,sEAEdigB,EAAYxE,KAAKW,IAKpB,GAFAqD,GAAcW,GACdF,GAAc,EACVC,GAAYzN,IAASxJ,EAAM0I,MAAMG,OAAQ,CAC3CnT,EAAQ,CAAE6P,OAAMnJ,OAAMoa,UAAShN,SAC/B,KAClB,OAPgB0N,EAAY7e,KAAK6a,QARf4D,EAAQvE,KAAKW,KACf1J,EAAOyL,EAAQ/B,GA4B/B,CACS,CAAC,MAAOzZ,GAEP,YADA9D,EAAO8D,EAEjB,CACQ,MAAMvD,EAASohB,EAAiB5c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EACF,MAAUjB,MAAM,0BAElB,MAAMoc,EAAOpb,EAAQ,GACrB,IAA2B,IAAvBob,EAAKlU,QAAQ,OAAsC,IAAvBkU,EAAKlU,QAAQ,KAEtC,CACL,IAAI/B,QAAkBhE,EAAOjB,YACxBiF,EAAU9F,SAAQ8F,EAAY,IACnCA,EAAYiW,EAAOjW,EACnBA,EAAYoP,EAAK2G,qBAAqB/V,EAAU6X,QAAQ,MAAO,KAC/D,MAAMyC,EAAQta,EAAUgW,MAAM6D,GAC9B,GAAqB,IAAjBS,EAAMpgB,OACR,MAAUL,MAAM,0BAElB,MAAM4f,EAAOD,GAAec,EAAM,GAAGrf,MAAM,GAAI,UACzChC,EAAOoC,MAAMoe,GACnB,KACd,OAboBxgB,EAAOoC,MAAM4a,EAcjC,OACgBhd,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC7B,KAEK,CAAC,MAAOA,GACP9D,EAAO8D,EACb,KACKrB,MAAKP,UACF2f,EAAqBlgB,EAAO8E,QAC9B9E,EAAO8E,WAAaqb,EAAiBngB,EAAO8E,OAEvC9E,IAEX,CAgBO,SAASoR,GAAMgP,EAAahB,EAAMiB,EAAWC,EAAWvC,EAAewC,GAAe,EAAOpO,EAASsD,GAC3G,IAAIxH,EACArC,EACAwU,IAAgB1X,EAAM0I,MAAMG,SAC9BtD,EAAOmR,EAAKnR,KACZrC,EAAOwT,EAAKxT,KACZwT,EAAOA,EAAKta,MAId,MAAM0b,EAAiBD,GAAgBE,EAAoBrB,GAErDpf,EAAS,GACf,OAAQogB,GACN,KAAK1X,EAAM0I,MAAMC,iBACfrR,EAAOe,KAAK,gCAAkCsf,EAAY,IAAMC,EAAY,WAC5EtgB,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,8BAAgCsf,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAK5X,EAAM0I,MAAME,cACftR,EAAOe,KAAK,gCAAkCsf,EAAY,WAC1DrgB,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,8BAAgCsf,EAAY,WACxD,MACF,KAAK3X,EAAM0I,MAAMG,OACfvR,EAAOe,KAAK,wCACZf,EAAOe,KAAK6K,EAAO,SAASA,QAAa,MACzC5L,EAAOe,KAAKkN,EAAKuP,QAAQ,OAAQ,QACjCxd,EAAOe,KAAK,qCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,iCACZ,MACF,KAAK2H,EAAM0I,MAAMI,QACfxR,EAAOe,KAAK,iCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,+BACZ,MACF,KAAK2H,EAAM0I,MAAMpH,UACfhK,EAAOe,KAAK,0CACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,wCACZ,MACF,KAAK2H,EAAM0I,MAAMK,WACfzR,EAAOe,KAAK,2CACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,yCACZ,MACF,KAAK2H,EAAM0I,MAAMtE,UACf9M,EAAOe,KAAK,mCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,iCAIhB,OAAOgU,EAAKtS,OAAOzC,EACrB,CCzZOO,eAAemgB,GAAgBC,GACpC,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACnB,MAAU7L,MAAM,uBAClB,KAAKkJ,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUQ,QACrB,KAAK5C,EAAMoC,UAAUE,UAAW,CAC9B,MAAM4V,cAAEA,SAAwBziB,QAA0BC,UAAA0C,MAAA,WAAA,OAAA+f,EAAA,IACpDC,EAASF,EAAcxa,IAAIua,GACjC,IAAKG,EACH,MAAUthB,MAAM,gCAElB,OAAOshB,CACb,CACI,QACE,MAAUthB,MAAM,gCAEtB,CAMA,SAASuhB,GAAmBJ,GAC1B,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,KAAK5C,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUE,UACnB,OAAO,EACT,QACE,MAAUxL,MAAM,sBAEtB,CAMA,SAASwhB,GAAiBL,GACxB,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACnB,OAAO,GACT,KAAKvC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUE,UACnB,OAAO,GACT,KAAKtC,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,QACE,MAAU9L,MAAM,sBAEtB,CAMO,SAASyhB,GAAgBN,GAC9B,MAAO,CAAEO,QAASF,GAAiBL,GAAOQ,UAAWJ,GAAmBJ,GAC1E,2FCjDA,SAASS,GAAS1H,EAAGjC,GACnB,IAAI+E,EAAI9C,EAAE,GACN3D,EAAI2D,EAAE,GACN2H,EAAI3H,EAAE,GACN4H,EAAI5H,EAAE,GAEV8C,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,OAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAE9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,EAAG,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,WAC/B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,WAC5B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,GAAI,YAC9B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,YAC7B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,GAAI,YAC9B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,YAC7B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAE/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,QAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,YAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,UAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,YAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,UAC7B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,WAC/B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,SAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,YAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9BiC,EAAE,GAAKiI,GAAMnF,EAAG9C,EAAE,IAClBA,EAAE,GAAKiI,GAAM5L,EAAG2D,EAAE,IAClBA,EAAE,GAAKiI,GAAMN,EAAG3H,EAAE,IAClBA,EAAE,GAAKiI,GAAML,EAAG5H,EAAE,GACpB,CAEA,SAASkI,GAAIC,EAAGrF,EAAGzG,EAAG2D,EAAG7B,EAAG+B,GAE1B,OADA4C,EAAImF,GAAMA,GAAMnF,EAAGqF,GAAIF,GAAMjI,EAAGE,IACzB+H,GAAOnF,GAAK3E,EAAM2E,IAAO,GAAK3E,EAAK9B,EAC5C,CAEA,SAASwL,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIsL,GAAQtL,EAAKuL,EAAI9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS4H,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIuL,EAAMD,GAAMC,EAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS6H,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAI7L,EAAIsL,EAAIC,EAAG9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACpC,CAEA,SAAS8H,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAIP,GAAKtL,GAAMuL,GAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACzC,CAyCA,SAASkI,GAAOjK,GACd,MAAMkK,EAAU,GAChB,IAAIhiB,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBgiB,EAAQhiB,GAAK,GAAK8X,EAAEK,WAAWnY,IAAM8X,EAAEK,WAAWnY,EAAI,IAAM,IAAM8X,EAAEK,WAAWnY,EAAI,IAAM,KAAO8X,EAAEK,WAAWnY,EAAI,IAC/G,IAEJ,OAAOgiB,CACT,CAEA,MAAMC,GAAU,mBAAmBrG,MAAM,IAEzC,SAASsG,GAAKpM,GACZ,IAAIgC,EAAI,GACJQ,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZR,GAAKmK,GAASnM,GAAU,EAAJwC,EAAQ,EAAM,IAAQ2J,GAASnM,GAAU,EAAJwC,EAAU,IAErE,OAAOR,CACT,CAeA,SAAS8J,GAAMnF,EAAGzG,GAChB,OAAQyG,EAAIzG,EAAK,UACnB,CC1LA,MAAMqE,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAClB4H,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAASnQ,GAChB,GAAKgQ,IAAeC,GAAiB/E,SAASlL,GAG9C,OAAO3R,eAAgBuE,GACrB,MAAMwd,EAASJ,GAAWK,WAAWrQ,GACrC,OAAO+F,EAAiBnT,GAAMtE,IAC5B8hB,EAAOE,OAAOhiB,EAAM,IACnB,IAAM,IAAId,WAAW4iB,EAAOG,WAChC,CACH,CAEA,SAASC,GAAUC,EAAeC,GAChC,MAAMC,EAAetiB,UACnB,MAAMuiB,YAAEA,SAAsB3kB,QAAwBC,UAAA0C,MAAA,WAAA,OAAAiiB,EAAA,IAChDnX,EAAOkX,EAAY1c,IAAIuc,GAC7B,IAAK/W,EAAM,MAAUpM,MAAM,oBAC3B,OAAOoM,CAAI,EAGb,OAAOrL,eAAeuE,GAIpB,GAHIob,EAAqBpb,KACvBA,QAAaqb,EAAiBrb,IAE5BiQ,EAAK7V,SAAS4F,GAAO,CACvB,MAEMke,SAFaH,KAEOI,SAC1B,OAAOhL,EAAiBnT,GAAMtE,IAC5BwiB,EAAaR,OAAOhiB,EAAM,IACzB,IAAMwiB,EAAaP,UAC5B,CAAW,GAAIrI,IAAawI,EACtB,OAAO,IAAIljB,iBAAiB0a,GAAUqI,OAAOG,EAAmB9d,IAIhE,aAFmB+d,KAEP/d,EAEf,CACH,CAEA,IAAeoe,GAAA,CAGbrX,IAAKwW,GAAS,QD3ChB9hB,eAAmB4iB,GACjB,MAAMV,EAyGR,SAAc5K,GACZ,MAAMhC,EAAIgC,EAAEhY,OACNujB,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIrjB,EACJ,IAAKA,EAAI,GAAIA,GAAK8X,EAAEhY,OAAQE,GAAK,GAC/BqhB,GAASgC,EAAOtB,GAAOjK,EAAEwL,UAAUtjB,EAAI,GAAIA,KAE7C8X,EAAIA,EAAEwL,UAAUtjB,EAAI,IACpB,MAAMujB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKvjB,EAAI,EAAGA,EAAI8X,EAAEhY,OAAQE,IACxBujB,EAAKvjB,GAAK,IAAM8X,EAAEK,WAAWnY,KAAQA,EAAI,GAAM,GAGjD,GADAujB,EAAKvjB,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADAqhB,GAASgC,EAAOE,GACXvjB,EAAI,EAAGA,EAAI,GAAIA,IAClBujB,EAAKvjB,GAAK,EAKd,OAFAujB,EAAK,IAAU,EAAJzN,EACXuL,GAASgC,EAAOE,GACTF,CACT,CA/HiBG,CAAKxO,EAAKoD,mBAAmBgL,IAC5C,OAAOpO,EAAKwC,gBAoKd,SAAamC,GACX,IAAK,IAAI3Z,EAAI,EAAGA,EAAI2Z,EAAE7Z,OAAQE,IAC5B2Z,EAAE3Z,GAAKkiB,GAAKvI,EAAE3Z,IAEhB,OAAO2Z,EAAE/Y,KAAK,GAChB,CAzK8B6W,CAAIiL,GAClC,ECyCE3W,KAAMuW,GAAS,SAAWK,GAAU,OAAQ,SAC5CvW,OAAQkW,GAAS,WAAaK,GAAU,UACxC1W,OAAQqW,GAAS,WAAaK,GAAU,SAAU,WAClDzW,OAAQoW,GAAS,WAAaK,GAAU,SAAU,WAClDxW,OAAQmW,GAAS,WAAaK,GAAU,SAAU,WAClD3W,OAAQsW,GAAS,cAAgBK,GAAU,aAC3CtW,SAAUiW,GAAS,aAAeK,GAAU,YAC5CrW,SAAUgW,GAAS,aAAeK,GAAU,YAQ5CD,OAAQ,SAAS9B,EAAM7b,GACrB,OAAQ6b,GACN,KAAKjY,EAAMkD,KAAKC,IACd,OAAO5N,KAAK4N,IAAI/G,GAClB,KAAK4D,EAAMkD,KAAKE,KACd,OAAO7N,KAAK6N,KAAKhH,GACnB,KAAK4D,EAAMkD,KAAKG,OACd,OAAO9N,KAAK8N,OAAOjH,GACrB,KAAK4D,EAAMkD,KAAKI,OACd,OAAO/N,KAAK+N,OAAOlH,GACrB,KAAK4D,EAAMkD,KAAKK,OACd,OAAOhO,KAAKgO,OAAOnH,GACrB,KAAK4D,EAAMkD,KAAKM,OACd,OAAOjO,KAAKiO,OAAOpH,GACrB,KAAK4D,EAAMkD,KAAKO,OACd,OAAOlO,KAAKkO,OAAOrH,GACrB,KAAK4D,EAAMkD,KAAKQ,SACd,OAAOnO,KAAKmO,SAAStH,GACvB,KAAK4D,EAAMkD,KAAKS,SACd,OAAOpO,KAAKoO,SAASvH,GACvB,QACE,MAAUtF,MAAM,6BAErB,EAODgkB,kBAAmB,SAAS7C,GAC1B,OAAQA,GACN,KAAKjY,EAAMkD,KAAKC,IACd,OAAO,GACT,KAAKnD,EAAMkD,KAAKE,KAChB,KAAKpD,EAAMkD,KAAKG,OACd,OAAO,GACT,KAAKrD,EAAMkD,KAAKI,OACd,OAAO,GACT,KAAKtD,EAAMkD,KAAKK,OACd,OAAO,GACT,KAAKvD,EAAMkD,KAAKM,OACd,OAAO,GACT,KAAKxD,EAAMkD,KAAKO,OACd,OAAO,GACT,KAAKzD,EAAMkD,KAAKQ,SACd,OAAO,GACT,KAAK1D,EAAMkD,KAAKS,SACd,OAAO,GACT,QACE,MAAU7M,MAAM,2BAExB,GCxHO,SAASikB,GAAQjH,GACpB,OAAQA,aAAa9c,YACX,MAAL8c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE3e,YAAYqI,IAC7D,CACA,SAASkC,GAAM2N,KAAM2N,GACjB,IAAKD,GAAQ1N,GACT,MAAUvW,MAAM,uBACpB,GAAIkkB,EAAQ7jB,OAAS,IAAM6jB,EAAQtG,SAASrH,EAAElW,QAC1C,MAAUL,MAAM,iCAAiCkkB,oBAA0B3N,EAAElW,SACrF,CAOA,SAAS8jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUtkB,MAAM,oCACpB,GAAIqkB,GAAiBD,EAASG,SAC1B,MAAUvkB,MAAM,wCACxB,CACA,SAASqF,GAAOmf,EAAKJ,GACjBxb,GAAM4b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAInkB,OAASokB,EACb,MAAUzkB,MAAM,yDAAyDykB,EAEjF;uECjCO,MAAME,GAAMC,GAAQ,IAAI1kB,WAAW0kB,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAE7D8b,GAAOD,GAAQ,IAAI/F,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK2P,MAAM+N,EAAI7b,WAAa,IAEvF+b,GAAcF,GAAQ,IAAItF,SAASsF,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAIhF,KADgF,KAA5D,IAAI7I,WAAW,IAAI2e,YAAY,CAAC,YAAa9W,QAAQ,IAErE,MAAU/H,MAAM,+CAiGb,SAAS+kB,GAAQzf,GACpB,GAAoB,iBAATA,EACPA,EAlBD,SAAqBkT,GACxB,GAAmB,iBAARA,EACP,MAAUxY,MAAM,+BAA+BwY,GACnD,OAAO,IAAItY,YAAW,IAAIgZ,aAAcE,OAAOZ,GACnD,CAcewM,CAAY1f,OAClB,KAAI2e,GAAQ3e,GAGb,MAAUtF,MAAM,mCAAmCsF,GAFnDA,EAAO2f,GAAU3f,EAEyC,CAC9D,OAAOA,CACX,CA0BO,SAAS4f,GAAWlI,EAAGzG,GAC1B,GAAIyG,EAAE3c,SAAWkW,EAAElW,OACf,OAAO,EACX,IAAI8kB,EAAO,EACX,IAAK,IAAI5kB,EAAI,EAAGA,EAAIyc,EAAE3c,OAAQE,IAC1B4kB,GAAQnI,EAAEzc,GAAKgW,EAAEhW,GACrB,OAAgB,IAAT4kB,CACX,CAOO,MAAMC,GAAa,CAACC,EAAQxD,KAC/BtjB,OAAO+mB,OAAOzD,EAAGwD,GACVxD,GAGJ,SAAS0D,GAAaC,EAAM1c,EAAY9H,EAAOykB,GAClD,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAazc,EAAY9H,EAAOykB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ9kB,GAAS0kB,EAAQE,GAC9BG,EAAKD,OAAO9kB,EAAQ4kB,GAG1BJ,EAAKQ,UAAUld,EAFM,EAEU+c,EAAIJ,GACnCD,EAAKQ,UAAUld,EAFM,EAEUid,EAAIN,EACvC,CASO,SAASQ,GAAYrd,GACxB,OAAOA,EAAME,WAAa,GAAM,CACpC,CAEO,SAASmc,GAAUrc,GACtB,OAAO1I,WAAW+e,KAAKrW,EAC3B,CACO,SAASsd,MAAS9lB,GACrB,IAAK,IAAIG,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAC/BH,EAAOG,GAAG4lB,KAAK,EAEvB,CCzLA,MAAMC,GAAa,GAGbC,kBAA0B,IAAInmB,WAAW,IACzComB,GAAUzB,GAAIwB,IAcdE,GAAUlQ,IAASA,IAAM,EAAK,MAAS,IACtCA,IAAM,EAAK,MAAS,IACpBA,IAAM,GAAM,MAAS,EACtBA,IAAM,GAAM,IA0BlB,MAAMmQ,GAEF,WAAAnoB,CAAY+Q,EAAKqX,GACbhoB,KAAKioB,SAAWN,GAChB3nB,KAAKimB,UAAY0B,GACjB3nB,KAAKkoB,GAAK,EACVloB,KAAKmoB,GAAK,EACVnoB,KAAKooB,GAAK,EACVpoB,KAAKqoB,GAAK,EACVroB,KAAK8lB,UAAW,EAEhBwC,GADA3X,EAAM2V,GAAQ3V,GACF,IACZ,MAAM4X,EAAQlC,GAAW1V,GACzB,IAAI6X,EAAKD,EAAME,UAAU,GAAG,GACxBC,EAAKH,EAAME,UAAU,GAAG,GACxBE,EAAKJ,EAAME,UAAU,GAAG,GACxBG,EAAKL,EAAME,UAAU,IAAI,GAE7B,MAAMI,EAAU,GAChB,IAAK,IAAI/mB,EAAI,EAAGA,EAAI,IAAKA,IACrB+mB,EAAQ/lB,KAAK,CAAEolB,GAAIJ,GAAOU,GAAKL,GAAIL,GAAOY,GAAKN,GAAIN,GAAOa,GAAKN,GAAIP,GAAOc,OACvEV,GAAIM,EAAIL,GAAIO,EAAIN,GAAIO,EAAIN,GAAIO,GAzDhC,CACHP,IAHcD,EA2DyCO,IAxD5C,IAHON,EA2DyCO,KAxDlC,EACzBR,IAJUD,EA2DyCO,IAvDxC,GAAON,IAAO,EACzBD,IALMD,EA2DyCM,IAtDpC,GAAOL,IAAO,EACzBD,GAAKA,IAAO,EAVP,KAUsB,KAAgB,EALjCG,KADL,IAACH,EAAIC,EAAIC,EAAIC,EA6DlB,MAAMS,EA9BS,CAAC3e,GAChBA,EAAQ,MACD,EACPA,EAAQ,KACD,EACJ,EAyBO4e,CAAef,GAAkB,MAC3C,IAAK,CAAC,EAAG,EAAG,EAAG,GAAG7I,SAAS2J,GACvB,MAAUvnB,MAAM,4BAA4BunB,0BAChD9oB,KAAK8oB,EAAIA,EACT,MACME,EADO,IACUF,EACjBG,EAAcjpB,KAAKipB,WAAa,GAAKH,EACrCI,EAAQ,GAEd,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAASG,IAEzB,IAAK,IAAItf,EAAO,EAAGA,EAAOof,EAAYpf,IAAQ,CAE1C,IAAIqe,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,IAAK,IAAIjO,EAAI,EAAGA,EAAI0O,EAAG1O,IAAK,CAExB,KADavQ,IAAUif,EAAI1O,EAAI,EAAM,GAEjC,SACJ,MAAQ8N,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,GAAOV,EAAQC,EAAIK,EAAI/O,GAC1D8N,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,CAC/D,CACgBL,EAAMpmB,KAAK,CAAEolB,KAAIC,KAAIC,KAAIC,MACzC,CAEQroB,KAAK2b,EAAIuN,CACjB,CACI,YAAAM,CAAatB,EAAIC,EAAIC,EAAIC,GACpBH,GAAMloB,KAAKkoB,GAAMC,GAAMnoB,KAAKmoB,GAAMC,GAAMpoB,KAAKooB,GAAMC,GAAMroB,KAAKqoB,GAC/D,MAAMS,EAAEA,EAACnN,EAAEA,EAACsN,WAAEA,GAAejpB,KAE7B,IAAIypB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,MAAMC,GAAQ,GAAKf,GAAK,EACxB,IAAIK,EAAI,EACR,IAAK,MAAMW,IAAO,CAAC5B,EAAIC,EAAIC,EAAIC,GAC3B,IAAK,IAAI0B,EAAU,EAAGA,EAAU,EAAGA,IAAW,CAC1C,MAAMlgB,EAAQigB,IAAS,EAAIC,EAAY,IACvC,IAAK,IAAIC,EAAS,EAAIlB,EAAI,EAAGkB,GAAU,EAAGA,IAAU,CAChD,MAAMC,EAAOpgB,IAAUif,EAAIkB,EAAWH,GAC9B3B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO1O,EAAEwN,EAAIF,EAAagB,GAC7DR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAC3ClB,GAAK,CACzB,CACA,CAEQnpB,KAAKkoB,GAAKuB,EACVzpB,KAAKmoB,GAAKuB,EACV1pB,KAAKooB,GAAKuB,EACV3pB,KAAKqoB,GAAKuB,CAClB,CACI,MAAArF,CAAO1d,GACHA,EAAOyf,GAAQzf,GACfyjB,GAAQtqB,MACR,MAAMuqB,EAAMnE,GAAIvf,GACV2jB,EAAS/hB,KAAK2P,MAAMvR,EAAKjF,OAAS+lB,IAClC8C,EAAO5jB,EAAKjF,OAAS+lB,GAC3B,IAAK,IAAI7lB,EAAI,EAAGA,EAAI0oB,EAAQ1oB,IACxB9B,KAAKwpB,aAAae,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,IAOlF,OALI2oB,IACA7C,GAAQzlB,IAAI0E,EAAKmC,SAASwhB,EAAS7C,KACnC3nB,KAAKwpB,aAAa3B,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,IAC9DJ,GAAMI,KAEH7nB,IACf,CACI,OAAAiJ,GACI,MAAM0S,EAAEA,GAAM3b,KAEd,IAAK,MAAM0qB,KAAO/O,EACb+O,EAAIxC,GAAK,EAAKwC,EAAIvC,GAAK,EAAKuC,EAAItC,GAAK,EAAKsC,EAAIrC,GAAK,CAEhE,CACI,UAAAsC,CAAW5E,GACPuE,GAAQtqB,MACR4qB,GAAQ7E,EAAK/lB,MACbA,KAAK8lB,UAAW,EAChB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOroB,KACrB6qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,CACf,CACI,MAAAvB,GACI,MAAMsG,EAAM,IAAIrpB,WAAWkmB,IAG3B,OAFA3nB,KAAK2qB,WAAWG,GAChB9qB,KAAKiJ,UACE6hB,CACf,EAEA,MAAMC,WAAgBhD,GAClB,WAAAnoB,CAAY+Q,EAAKqX,GAEb,MAAMgD,EAzIP,SAAqBxR,GACxBA,EAAEyR,UACF,MAAMC,EAAgB,EAAR1R,EAAE,IAEhB,IAAI2R,EAAQ,EACZ,IAAK,IAAIrpB,EAAI,EAAGA,EAAI0X,EAAE5X,OAAQE,IAAK,CAC/B,MAAM6Z,EAAInC,EAAE1X,GACZ0X,EAAE1X,GAAM6Z,IAAM,EAAKwP,EACnBA,GAAa,EAAJxP,IAAU,CAC3B,CAEI,OADAnC,EAAE,IAAe,KAAR0R,EACF1R,CACX,CA6HsB4R,CAAY5E,GAD1B7V,EAAM2V,GAAQ3V,KAEd9Q,MAAMmrB,EAAOhD,GACbP,GAAMuD,EACd,CACI,MAAAzG,CAAO1d,GACHA,EAAOyf,GAAQzf,GACfyjB,GAAQtqB,MACR,MAAMuqB,EAAMnE,GAAIvf,GACV4jB,EAAO5jB,EAAKjF,OAAS+lB,GACrB6C,EAAS/hB,KAAK2P,MAAMvR,EAAKjF,OAAS+lB,IACxC,IAAK,IAAI7lB,EAAI,EAAGA,EAAI0oB,EAAQ1oB,IACxB9B,KAAKwpB,aAAa1B,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,KAOjH,OALI2oB,IACA7C,GAAQzlB,IAAI0E,EAAKmC,SAASwhB,EAAS7C,KACnC3nB,KAAKwpB,aAAa1B,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,KAC7FJ,GAAMI,KAEH7nB,IACf,CACI,UAAA2qB,CAAW5E,GACPuE,GAAQtqB,MACR4qB,GAAQ7E,EAAK/lB,MACbA,KAAK8lB,UAAW,EAEhB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOroB,KACrB6qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,EAAIkF,SACnB,EAEA,SAASI,GAAuBC,GAC5B,MAAMC,EAAQ,CAACC,EAAK7a,IAAQ2a,EAAS3a,EAAK6a,EAAI5pB,QAAQ2iB,OAAO+B,GAAQkF,IAAMhH,SACrEiH,EAAMH,EAAS,IAAI7pB,WAAW,IAAK,GAIzC,OAHA8pB,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,CAACrU,EAAKqX,IAAmBsD,EAAS3a,EAAKqX,GAC/CuD,CACX,CACO,MAAMG,GAAQL,IAAuB,CAAC1a,EAAKqX,IAAmB,IAAID,GAAMpX,EAAKqX,KAC7DqD,IAAuB,CAAC1a,EAAKqX,IAAmB,IAAI+C,GAAQpa,EAAKqX,KCtMxF,MAAML,GAAa,GAEbgE,GAAc,IAAIlqB,WAAWkmB,IAC7BiE,GAAO,IAEb,SAASC,GAAKjU,GACV,OAAQA,GAAK,EAAMgU,KAAShU,GAAK,EACrC,CACA,SAASkU,GAAIvN,EAAGzG,GACZ,IAAIgT,EAAM,EACV,KAAOhT,EAAI,EAAGA,IAAM,EAEhBgT,GAAOvM,IAAU,EAAJzG,GACbyG,EAAIsN,GAAKtN,GAEb,OAAOuM,CACX,CAGA,MAAMiB,kBAAuB,MACzB,MAAMpQ,EAAI,IAAIla,WAAW,KACzB,IAAK,IAAIK,EAAI,EAAG2Z,EAAI,EAAG3Z,EAAI,IAAKA,IAAK2Z,GAAKoQ,GAAKpQ,GAC3CE,EAAE7Z,GAAK2Z,EACX,MAAMuQ,EAAM,IAAIvqB,WAAW,KAC3BuqB,EAAI,GAAK,GACT,IAAK,IAAIlqB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,IAAI2Z,EAAIE,EAAE,IAAM7Z,GAChB2Z,GAAKA,GAAK,EACVuQ,EAAIrQ,EAAE7Z,IAA+D,KAAxD2Z,EAAKA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAK,GACrE,CAEI,OADAgM,GAAM9L,GACCqQ,CACV,EAb4B,GAevBC,kBAA0BF,GAAKpnB,KAAI,CAACunB,EAAG9R,IAAM2R,GAAKtiB,QAAQ2Q,KAE1D+R,GAAYvU,GAAOA,GAAK,GAAOA,IAAM,EACrCwU,GAAYxU,GAAOA,GAAK,EAAMA,IAAM,GAEpCyU,GAAYC,GAAWA,GAAQ,GAAM,WACrCA,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAKrB,SAASC,GAAUR,EAAM9kB,GACrB,GAAoB,MAAhB8kB,EAAKnqB,OACL,MAAUL,MAAM,qBACpB,MAAMirB,EAAK,IAAIpM,YAAY,KAAKzb,KAAI,CAACunB,EAAG9R,IAAMnT,EAAG8kB,EAAK3R,MAChDqS,EAAKD,EAAG7nB,IAAIynB,IACZM,EAAKD,EAAG9nB,IAAIynB,IACZO,EAAKD,EAAG/nB,IAAIynB,IACZQ,EAAM,IAAIxM,YAAY,OACtByM,EAAM,IAAIzM,YAAY,OACtB0M,EAAQ,IAAIC,YAAY,OAC9B,IAAK,IAAIjrB,EAAI,EAAGA,EAAI,IAAKA,IACrB,IAAK,IAAIsY,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,MAAM4S,EAAU,IAAJlrB,EAAUsY,EACtBwS,EAAII,GAAOR,EAAG1qB,GAAK2qB,EAAGrS,GACtByS,EAAIG,GAAON,EAAG5qB,GAAK6qB,EAAGvS,GACtB0S,EAAME,GAAQjB,EAAKjqB,IAAM,EAAKiqB,EAAK3R,EAC/C,CAEI,MAAO,CAAE2R,OAAMe,QAAON,KAAIC,KAAIC,KAAIC,KAAIC,MAAKC,MAC/C,CACA,MAAMI,kBAAgCV,GAAUR,IAAOnS,GAAOkS,GAAIlS,EAAG,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKkS,GAAIlS,EAAG,KACzGsT,kBAAgCX,GAAUN,IAAUrS,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,IAAM,EAAKkS,GAAIlS,EAAG,MAC9HuT,kBAA0B,MAC5B,MAAMC,EAAI,IAAI3rB,WAAW,IACzB,IAAK,IAAIK,EAAI,EAAG2Z,EAAI,EAAG3Z,EAAI,GAAIA,IAAK2Z,EAAIoQ,GAAKpQ,GACzC2R,EAAEtrB,GAAK2Z,EACX,OAAO2R,CACV,EAL+B,GAMzB,SAASC,GAAY1c,GACxB2X,GAAO3X,GACP,MAAM2c,EAAM3c,EAAI/O,OAChB,IAAK,CAAC,GAAI,GAAI,IAAIud,SAASmO,GACvB,MAAU/rB,MAAM,qDAAqD+rB,GACzE,MAAMR,MAAEA,GAAUG,GACZM,EAAU,GACX/F,GAAY7W,IACb4c,EAAQzqB,KAAM6N,EAAM6V,GAAU7V,IAClC,MAAM6c,EAAMpH,GAAIzV,GACV8c,EAAKD,EAAI5rB,OACT8rB,EAAW9V,GAAM+V,GAAUb,EAAOlV,EAAGA,EAAGA,EAAGA,GAC3CgW,EAAK,IAAIxN,YAAYkN,EAAM,IACjCM,EAAGzrB,IAAIqrB,GAEP,IAAK,IAAI1rB,EAAI2rB,EAAI3rB,EAAI8rB,EAAGhsB,OAAQE,IAAK,CACjC,IAAI6Z,EAAIiS,EAAG9rB,EAAI,GACXA,EAAI2rB,GAAO,EACX9R,EAAI+R,EAAQvB,GAASxQ,IAAMwR,GAAQrrB,EAAI2rB,EAAK,GACvCA,EAAK,GAAK3rB,EAAI2rB,GAAO,IAC1B9R,EAAI+R,EAAQ/R,IAChBiS,EAAG9rB,GAAK8rB,EAAG9rB,EAAI2rB,GAAM9R,CAC7B,CAEI,OADA8L,MAAS8F,GACFK,CACX,CACO,SAASC,GAAeld,GAC3B,MAAMmd,EAAST,GAAY1c,GACrBid,EAAKE,EAAOnrB,QACZ8qB,EAAKK,EAAOlsB,QACZkrB,MAAEA,GAAUG,IACZT,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOO,GAE3B,IAAK,IAAIprB,EAAI,EAAGA,EAAI2rB,EAAI3rB,GAAK,EACzB,IAAK,IAAIsY,EAAI,EAAGA,EAAI,EAAGA,IACnBwT,EAAG9rB,EAAIsY,GAAK0T,EAAOL,EAAK3rB,EAAI,EAAIsY,GAExCqN,GAAMqG,GAEN,IAAK,IAAIhsB,EAAI,EAAGA,EAAI2rB,EAAK,EAAG3rB,IAAK,CAC7B,MAAM2Z,EAAImS,EAAG9rB,GACPqnB,EAAIwE,GAAUb,EAAOrR,EAAGA,EAAGA,EAAGA,GACpCmS,EAAG9rB,GAAK0qB,EAAO,IAAJrD,GAAYsD,EAAItD,IAAM,EAAK,KAAQuD,EAAIvD,IAAM,GAAM,KAAQwD,EAAGxD,IAAM,GACvF,CACI,OAAOyE,CACX,CAEA,SAASG,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GACrC,OAAQuE,EAAM1E,GAAM,EAAK,MAAYC,IAAO,EAAK,KAC7C0E,EAAMzE,IAAO,EAAK,MAAYC,IAAO,GAAM,IACnD,CACA,SAASsF,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAClC,OAAQyE,EAAY,IAAL5E,EAAmB,MAALC,GACxB2E,EAAQ1E,IAAO,GAAM,IAAUC,IAAO,GAAM,QAAY,EACjE,CACA,SAAS2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQI,GAC5B,IAAIzT,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAGhsB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAImsB,EAAQnsB,IAAK,CAC7B,MAAMosB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GAC/C8F,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAIC,EAAIC,EAAIH,GAC/CkG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAIC,EAAIH,EAAIC,GAC/CkG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAIH,EAAIC,EAAIC,GACpDF,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAIjCF,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAIC,EAAIC,EAAIH,GAGzBE,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAIC,EAAIH,EAAIC,GAEjBE,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAIH,EAAIC,EAAIC,GAEtD,CAEA,SAASkG,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQK,GAC5B,IAAI1T,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAGhsB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAImsB,EAAQnsB,IAAK,CAC7B,MAAMosB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIG,EAAID,EAAID,GAC/CgG,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAID,EAAIG,EAAID,GAC/CgG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAID,EAAID,EAAIG,GAC/CgG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAID,EAAID,EAAID,GACpDA,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIG,EAAID,EAAID,GAIjCA,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAID,EAAIG,EAAID,GAGzBA,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAID,EAAID,EAAIG,GAEjBA,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAID,EAAID,EAAID,GAEtD,CACA,SAASqG,GAAOjB,EAAKkB,GACjB,QAAYpsB,IAARosB,EACA,OAAO,IAAI/sB,WAAW6rB,GAE1B,GADAhF,GAAOkG,GACHA,EAAI5sB,OAAS0rB,EACb,MAAU/rB,MAAM,oDAAoD+rB,WAAakB,EAAI5sB,UACzF,IAAK4lB,GAAYgH,GACb,MAAUjtB,MAAM,iBACpB,OAAOitB,CACX,CAEA,SAASC,GAAWb,EAAIc,EAAOC,EAAKH,GAChClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACP,MAAMC,EAASD,EAAI/sB,OACnB4sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GAEhB,IAAI3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACjE,MAAMC,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GAElB,IAAK,IAAI1sB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EAAG,CAC3CktB,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKomB,EAC9B8G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqmB,EAC9B6G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsmB,EAC9B4G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKumB,EAE9B,IAAI8C,EAAQ,EACZ,IAAK,IAAIrpB,EAAI+sB,EAAIjtB,OAAS,EAAGE,GAAK,EAAGA,IACjCqpB,EAASA,GAAkB,IAAT0D,EAAI/sB,IAAc,EACpC+sB,EAAI/sB,GAAa,IAARqpB,EACTA,KAAW,IAEZjD,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACtE,CAGI,MAAM1qB,EAAQujB,GAAalf,KAAK2P,MAAM2W,EAAMntB,OA/M3B,GAgNjB,GAAIwC,EAAQwqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIzoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAK+c,EAAI7c,GAC1BylB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAIA,SAASS,GAAMrB,EAAI5G,EAAM0H,EAAOC,EAAKH,GACjClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACPH,EAAMD,GAAOI,EAAI/sB,OAAQ4sB,GACzB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GACV9H,EAAOV,GAAWwI,GAClBE,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZU,EAASlI,EAAO,EAAI,GACpB4H,EAASD,EAAI/sB,OAEnB,IAAIutB,EAASpI,EAAK0B,UAAUyG,EAAQlI,IAChCkB,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,IAAK,IAAIhtB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EACxCktB,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKomB,EAC9B8G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqmB,EAC9B6G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsmB,EAC9B4G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKumB,EAC9B8G,EAAUA,EAAS,IAAO,EAC1BpI,EAAKQ,UAAU2H,EAAQC,EAAQnI,KAC5BkB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAGlE,MAAM1qB,EAAQujB,GAAalf,KAAK2P,MAAM2W,EAAMntB,OArP3B,GAsPjB,GAAIwC,EAAQwqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIzoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAK+c,EAAI7c,GAC1BylB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAKO,MAAMK,GAAMlI,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK+d,GAGhF,SAASW,EAAWxQ,EAAK2P,GAErB,GADAlG,GAAOzJ,QACKzc,IAARosB,IACAlG,GAAOkG,IACFhH,GAAYgH,IACb,MAAUjtB,MAAM,yBAExB,MAAMqsB,EAAKP,GAAY1c,GACjBiH,EAAI4O,GAAUkI,GACdnB,EAAU,CAACK,EAAIhW,GAChB4P,GAAY3I,IACb0O,EAAQzqB,KAAM+b,EAAM2H,GAAU3H,IAClC,MAAMkH,EAAM0I,GAAWb,EAAIhW,EAAGiH,EAAK2P,GAEnC,OADA/G,MAAS8F,GACFxH,CACf,CACI,OAlBAuC,GAAO3X,GACP2X,GAAOoG,EAAO/G,IAiBP,CACHqG,QAAS,CAACsB,EAAWd,IAAQa,EAAWC,EAAWd,GACnDF,QAAS,CAACiB,EAAYf,IAAQa,EAAWE,EAAYf,GAE7D,IAgGO,MAAMgB,GAAM7I,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK8e,EAAIC,EAAO,CAAA,GAC3FpH,GAAO3X,GACP2X,GAAOmH,EAAI,IACX,MAAME,GAASD,EAAKE,eACpB,MAAO,CACH,OAAA5B,CAAQsB,EAAWd,GACf,MAAMZ,EAAKP,GAAY1c,IACjBmH,EAAEA,EAAC+X,EAAK9J,IAAK+J,GAhG/B,SAA8BR,EAAWK,EAAOnB,GAC5ClG,GAAOgH,GACP,IAAIS,EAAST,EAAU1tB,OACvB,MAAMouB,EAAYD,EAASpI,GAC3B,IAAKgI,GAAuB,IAAdK,EACV,MAAUzuB,MAAM,2DACfimB,GAAY8H,KACbA,EAAY9I,GAAU8I,IAC1B,MAAMxX,EAAIsO,GAAIkJ,GACd,GAAIK,EAAO,CACP,IAAIlF,EAAO9C,GAAaqI,EACnBvF,IACDA,EAAO9C,IACXoI,GAAkBtF,CAC1B,CACI,MAAM1E,EAAMwI,GAAOwB,EAAQvB,GAE3B,MAAO,CAAE1W,IAAG+X,EADFzJ,GAAIL,GACCA,MACnB,CA8EwCkK,CAAqBX,EAAWK,EAAOnB,GACnE,IAAI0B,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GAChDruB,EAAI,EACR,KAAOA,EAAI,GAAKgW,EAAElW,QACbsmB,GAAMpQ,EAAEhW,EAAI,GAAMqmB,GAAMrQ,EAAEhW,EAAI,GAAMsmB,GAAMtQ,EAAEhW,EAAI,GAAMumB,GAAMvQ,EAAEhW,EAAI,KAChEomB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE/tB,KAAOomB,EAAM2H,EAAE/tB,KAAOqmB,EAAM0H,EAAE/tB,KAAOsmB,EAAMyH,EAAE/tB,KAAOumB,EAE3D,GAAIsH,EAAO,CACP,MAAMS,EA7EtB,SAAiB3F,GACb,MAAMgB,EAAM,IAAIhqB,WAAW,IACrB2uB,EAAQhK,GAAIqF,GAClBA,EAAItpB,IAAIsoB,GACR,MAAM4F,EAAc1I,GAAa8C,EAAK7oB,OACtC,IAAK,IAAIE,EAAI6lB,GAAa0I,EAAavuB,EAAI6lB,GAAY7lB,IACnD2pB,EAAI3pB,GAAKuuB,EACb,OAAOD,CACX,CAqE8BE,CAAQhB,EAAUtmB,SAAa,EAAJlH,IACxComB,GAAMkI,EAAM,GAAMjI,GAAMiI,EAAM,GAAMhI,GAAMgI,EAAM,GAAM/H,GAAM+H,EAAM,KAChElI,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE/tB,KAAOomB,EAAM2H,EAAE/tB,KAAOqmB,EAAM0H,EAAE/tB,KAAOsmB,EAAMyH,EAAE/tB,KAAOumB,CACvE,CAEY,OADAZ,MAAS8F,GACFuC,CACV,EACD,OAAAxB,CAAQiB,EAAYf,IA7H5B,SAA8B3nB,GAE1B,GADAyhB,GAAOzhB,GACHA,EAAKjF,OAAS+lB,IAAe,EAC7B,MAAUpmB,MAAM,yEAExB,CAyHYgvB,CAAqBhB,GACrB,MAAM3B,EAAKC,GAAeld,GAC1B,IAAIuf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GACVnK,EAAMwI,GAAOgB,EAAW3tB,OAAQ4sB,GACjChH,GAAY+H,IACbhC,EAAQzqB,KAAMysB,EAAa/I,GAAU+I,IACzC,MAAMzX,EAAIsO,GAAImJ,GACRM,EAAIzJ,GAAIL,GAEd,IAAImC,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAKgW,EAAElW,QAAS,CAEhC,MAAM4uB,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EACzCH,EAAKpQ,EAAEhW,EAAI,GAAMqmB,EAAKrQ,EAAEhW,EAAI,GAAMsmB,EAAKtQ,EAAEhW,EAAI,GAAMumB,EAAKvQ,EAAEhW,EAAI,GAC/D,MAAQomB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAO0E,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAClEwH,EAAE/tB,KAAO2nB,EAAK+G,EAAOX,EAAE/tB,KAAO4nB,EAAK+G,EAAOZ,EAAE/tB,KAAO6nB,EAAK+G,EAAOb,EAAE/tB,KAAO8nB,EAAK+G,CAC9F,CAEY,OADAlJ,MAAS8F,GA1HrB,SAAsB1mB,EAAM8oB,GACxB,IAAKA,EACD,OAAO9oB,EACX,MAAMymB,EAAMzmB,EAAKjF,OACjB,IAAK0rB,EACD,MAAU/rB,MAAM,2CACpB,MAAMqvB,EAAW/pB,EAAKymB,EAAM,GAC5B,GAAIsD,GAAY,GAAKA,EAAW,GAC5B,MAAUrvB,MAAM,4BACpB,MAAMwkB,EAAMlf,EAAKmC,SAAS,GAAI4nB,GAC9B,IAAK,IAAI9uB,EAAI,EAAGA,EAAI8uB,EAAU9uB,IAC1B,GAAI+E,EAAKymB,EAAMxrB,EAAI,KAAO8uB,EACtB,MAAUrvB,MAAM,4BACxB,OAAOwkB,CACX,CA6GmB8K,CAAa9K,EAAK4J,EAC5B,EAET,IAKamB,GAAMnK,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK8e,GAGhF,SAASsB,EAAWpC,EAAKqC,EAAWxC,GAChClG,GAAOqG,GACP,MAAMC,EAASD,EAAI/sB,OACnB4sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMZ,EAAKP,GAAY1c,GACvB,IAAIuf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAC7B1I,GAAYmH,IACbpB,EAAQzqB,KAAM6rB,EAAMnI,GAAUmI,IAClC,MAAMI,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZyC,EAASD,EAAYhC,EAAQD,EAC7BoB,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,QAAS,CACpC,MAAQsmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO2D,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GACnE2G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKooB,EAC9B8E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqoB,EAC9B6E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsoB,EAC9B4E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKuoB,EAC7BnC,EAAK+I,EAAOnvB,KAAQqmB,EAAK8I,EAAOnvB,KAAQsmB,EAAK6I,EAAOnvB,KAAQumB,EAAK4I,EAAOnvB,IACrF,CAEQ,MAAMsC,EAAQujB,GAAalf,KAAK2P,MAAM2W,EAAMntB,OApd/B,GAqdb,GAAIwC,EAAQwqB,EAAQ,GACb1G,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC9C,MAAMxJ,EAAMqH,GAAG,IAAI9F,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,KAC5C,IAAK,IAAIvmB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAK+c,EAAI7c,GAC1BylB,GAAM5I,EAClB,CAEQ,OADA4I,MAAS8F,GACFiB,CACf,CACI,OAvCAlG,GAAO3X,GACP2X,GAAOmH,EAAI,IAsCJ,CACHzB,QAAS,CAACsB,EAAWd,IAAQuC,EAAWzB,GAAW,EAAMd,GACzDF,QAAS,CAACiB,EAAYf,IAAQuC,EAAWxB,GAAY,EAAOf,GAEpE,IAyBO,MAAM/f,GAAMkY,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,GAAI8B,UAAW,KAAM,SAAavgB,EAAK+d,EAAOyC,GAQtG,GAPA7I,GAAO3X,GACP2X,GAAOoG,QACKtsB,IAAR+uB,GACA7I,GAAO6I,GAIPzC,EAAM9sB,OAAS,EACf,MAAUL,MAAM,iCACpB,MAAM2vB,EAAY,GAClB,SAASE,EAAYC,EAASC,EAASzqB,GACnC,MAAMmX,EAnCd,SAAoB/W,EAAI+f,EAAMrW,EAAK9J,EAAMsqB,GACrC,MAAMI,EAAmB,MAAPJ,EAAc,EAAIA,EAAIvvB,OAClC4vB,EAAIvqB,EAAG+d,OAAOrU,EAAK9J,EAAKjF,OAAS2vB,GACnCJ,GACAK,EAAEjN,OAAO4M,GACbK,EAAEjN,OAAO1d,GACT,MAAMijB,EAAM,IAAIroB,WAAW,IACrBslB,EAAOV,GAAWyD,GACpBqH,GACArK,GAAaC,EAAM,EAAGG,OAAmB,EAAZqK,GAAgBvK,GACjDF,GAAaC,EAAM,EAAGG,OAAqB,EAAdrgB,EAAKjF,QAAaolB,GAC/CwK,EAAEjN,OAAOuF,GACT,MAAMgB,EAAM0G,EAAEhN,SAEd,OADAiD,GAAMqC,GACCgB,CACX,CAoBoB2G,CAAW/F,IAAO,EAAO2F,EAASxqB,EAAMsqB,GACpD,IAAK,IAAIrvB,EAAI,EAAGA,EAAIwvB,EAAQ1vB,OAAQE,IAChCkc,EAAIlc,IAAMwvB,EAAQxvB,GACtB,OAAOkc,CACf,CACI,SAAS0T,IACL,MAAM9D,EAAKP,GAAY1c,GACjB0gB,EAAU1F,GAAYhpB,QACtBgvB,EAAUhG,GAAYhpB,QAG5B,GAFAssB,GAAMrB,GAAI,EAAO+D,EAASA,EAASN,GAEd,KAAjB3C,EAAM9sB,OACN+vB,EAAQxvB,IAAIusB,OAEX,CACD,MAAMkD,EAAWjG,GAAYhpB,QAE7BmkB,GADaT,GAAWuL,GACL,EAAG1K,OAAsB,EAAfwH,EAAM9sB,SAAa,GAEhD,MAAMiwB,EAAInG,GAAM1G,OAAOqM,GAAS9M,OAAOmK,GAAOnK,OAAOqN,GACrDC,EAAElH,WAAWgH,GACbE,EAAE5oB,SACd,CAEQ,MAAO,CAAE2kB,KAAIyD,UAASM,UAASL,QADfrC,GAAMrB,GAAI,EAAO+D,EAAShG,IAElD,CACI,MAAO,CACH,OAAAqC,CAAQsB,GACJhH,GAAOgH,GACP,MAAM1B,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpC3L,EAAM,IAAItkB,WAAW6tB,EAAU1tB,OAASsvB,GACxC3D,EAAU,CAACK,EAAIyD,EAASM,EAASL,GAClC9J,GAAY8H,IACb/B,EAAQzqB,KAAMwsB,EAAY9I,GAAU8I,IACxCL,GAAMrB,GAAI,EAAO+D,EAASrC,EAAWvJ,GACrC,MAAM/H,EAAMoT,EAAYC,EAASC,EAASvL,EAAI/c,SAAS,EAAG+c,EAAInkB,OAASsvB,IAIvE,OAHA3D,EAAQzqB,KAAKkb,GACb+H,EAAI5jB,IAAI6b,EAAKsR,EAAU1tB,QACvB6lB,MAAS8F,GACFxH,CACV,EACD,OAAAuI,CAAQiB,GAEJ,GADAjH,GAAOiH,GACHA,EAAW3tB,OAASsvB,EACpB,MAAU3vB,MAAM,6CACpB,MAAMqsB,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpCnE,EAAU,CAACK,EAAIyD,EAASC,EAASK,GAClCnK,GAAY+H,IACbhC,EAAQzqB,KAAMysB,EAAa/I,GAAU+I,IACzC,MAAM1oB,EAAO0oB,EAAWvmB,SAAS,GAAG,IAC9B8oB,EAAYvC,EAAWvmB,UAAS,IAChCgV,EAAMoT,EAAYC,EAASC,EAASzqB,GAE1C,GADA0mB,EAAQzqB,KAAKkb,IACRyI,GAAWzI,EAAK8T,GACjB,MAAUvwB,MAAM,8BACpB,MAAMwkB,EAAMkJ,GAAMrB,GAAI,EAAO+D,EAAS9qB,GAEtC,OADA4gB,MAAS8F,GACFxH,CACV,EAET,IAkHA,SAASgM,GAAUxT,GACf,OAAa,MAALA,GACS,iBAANA,IACNA,aAAa6B,aAAsC,gBAAvB7B,EAAE3e,YAAYqI,KACnD,CACA,SAAS+pB,GAAapE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUrsB,MAAM,+CACpB,MAAMgpB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CACA,SAASC,GAAatE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUrsB,MAAM,+CACpB,MAAMgpB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CAOA,MAAME,GAAO,CAiBT,OAAAnE,CAAQoE,EAAKrM,GAGT,GAAIA,EAAInkB,QAAU,GAAK,GACnB,MAAUL,MAAM,qCACpB,MAAMqsB,EAAKP,GAAY+E,GACvB,GAAmB,KAAfrM,EAAInkB,OACJowB,GAAapE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAM,EAAGzU,EAAI,EAAGA,IAC5B,IAAK,IAAIpY,EAAM,EAAGA,EAAM6oB,EAAIjpB,OAAQI,GAAO,EAAG6sB,IAAO,CACjD,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIyE,EAAIC,EAAIzH,EAAI7oB,GAAM6oB,EAAI7oB,EAAM,IAElEqwB,EAAKnK,EAAMoK,EAAKnK,EAAKkE,GAASwC,GAAQhE,EAAI7oB,GAAOomB,EAAMyC,EAAI7oB,EAAM,GAAKqmB,CAC3F,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,EACD,OAAA4G,CAAQ8D,EAAKrM,GACT,GAAIA,EAAInkB,OAAS,GAAK,GAAK,GACvB,MAAUL,MAAM,sCACpB,MAAMqsB,EAAKC,GAAeuE,GACpBG,EAASxM,EAAInkB,OAAS,EAAI,EAChC,GAAe,IAAX2wB,EACAL,GAAatE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAe,EAAT0D,EAAYnY,EAAI,EAAGA,IACrC,IAAK,IAAIpY,EAAe,EAATuwB,EAAYvwB,GAAO,EAAGA,GAAO,EAAG6sB,IAAO,CAClDyD,GAAMjG,GAASwC,GACf,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIyE,EAAIC,EAAIzH,EAAI7oB,GAAM6oB,EAAI7oB,EAAM,IAClEqwB,EAAKnK,EAAMoK,EAAKnK,EAAM0C,EAAI7oB,GAAOomB,EAAMyC,EAAI7oB,EAAM,GAAKqmB,CAC3E,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,GAEC8K,GAAW,IAAI/wB,WAAW,GAAGimB,KAAK,KAQ3B+K,GAAQ9L,GAAW,CAAEzD,UAAW,IAAMkP,IAAS,CACxD,OAAApE,CAAQsB,GAEJ,GADAhH,GAAOgH,IACFA,EAAU1tB,QAAU0tB,EAAU1tB,OAAS,GAAM,EAC9C,MAAUL,MAAM,4BACpB,GAAyB,IAArB+tB,EAAU1tB,OACV,MAAUL,MAAM,wDACpB,MAAMwkB,EF1rBP,YAAwBpkB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMyc,EAAI5c,EAAOG,GACjBwmB,GAAO/J,GACPmU,GAAOnU,EAAE3c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMyc,EAAI5c,EAAOG,GACjBgpB,EAAI3oB,IAAIoc,EAAGoU,GACXA,GAAOpU,EAAE3c,MACjB,CACI,OAAOkpB,CACX,CE4qBoB8H,CAAYJ,GAAUlD,GAElC,OADA6C,GAAKnE,QAAQoE,EAAKrM,GACXA,CACV,EACD,OAAAuI,CAAQiB,GAKJ,GAJAjH,GAAOiH,GAIHA,EAAW3tB,OAAS,GAAM,GAAK2tB,EAAW3tB,OAAS,GACnD,MAAUL,MAAM,6BACpB,MAAMwkB,EAAMS,GAAU+I,GAEtB,GADA4C,GAAK7D,QAAQ8D,EAAKrM,IACbU,GAAWV,EAAI/c,SAAS,EAAG,GAAIwpB,IAChC,MAAUjxB,MAAM,0BAEpB,OADAwkB,EAAI/c,SAAS,EAAG,GAAG0e,KAAK,GACjB3B,EAAI/c,SAAS,EACvB,MA+EQ6pB,GAAS,CAClBxF,eACAQ,kBACJG,QAAIA,GACJM,QAAIA,GACA0D,gBACAE,gBACAzD,cACAQ,UC73BE9S,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAElBwW,GAAa7O,GAAaA,GAAW8O,aAAe,GACpDC,GAAY,CAChBlmB,KAAMgmB,GAAW3T,SAAS,YAAc,gBAAa/c,EACrD2K,UAAW+lB,GAAW3T,SAAS,gBAAkB,oBAAiB/c,EAClE4K,MAAO8lB,GAAW3T,SAAS,aAAe,iBAAc/c,EACxD6K,SAAU6lB,GAAW3T,SAAS,UAAY,cAAW/c,EACrD8K,OAAQ4lB,GAAW3T,SAAS,eAAiB,mBAAgB/c,EAC7D+K,OAAQ2lB,GAAW3T,SAAS,eAAiB,mBAAgB/c,EAC7DgL,OAAQ0lB,GAAW3T,SAAS,eAAiB,mBAAgB/c,GA2F/D,MAAM6wB,GACJ,WAAArzB,CAAY8iB,EAAM/R,EAAK8e,GACrB,MAAMvM,UAAEA,GAAcF,GAAgBN,GACtC1iB,KAAK2Q,IAAMA,EACX3Q,KAAKkzB,UAAYzD,EACjBzvB,KAAKmzB,UAAY,IAAI1xB,WAAWyhB,GAChCljB,KAAK8B,EAAI,EACT9B,KAAKkjB,UAAYA,EACjBljB,KAAKozB,UAAY,IAAI3xB,WAAWzB,KAAKkjB,UACzC,CAEE,wBAAamQ,CAAY3Q,GACvB,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOvG,GAAUmX,UAAU,MAAO,IAAI7xB,WAAWwhB,GAAU,WAAW,EAAO,CAAC,YAC3EpgB,MAAK,KAAM,IAAM,KAAM,GAC9B,CAEE,aAAM0wB,CAAQjE,EAAWkE,GACvB,MAAMC,EAAO,UACbzzB,KAAK0zB,OAAS1zB,KAAK0zB,cAAgBvX,GAAUmX,UAAU,MAAOtzB,KAAK2Q,IAAK8iB,GAAM,EAAO,CAAC,YACtF,MAAMlE,QAAmBpT,GAAU6R,QACjC,CAAE/lB,KAAMwrB,EAAMhE,GAAI+D,GAAaxzB,KAAKozB,WACpCpzB,KAAK0zB,OACLpE,GAEF,OAAO,IAAI7tB,WAAW8tB,GAAYvmB,SAAS,EAAGsmB,EAAU1tB,OAC5D,CAEE,kBAAM+xB,CAAapxB,GACjB,MAAMqxB,EAAU5zB,KAAKmzB,UAAUvxB,OAAS5B,KAAK8B,EACvC+xB,EAAQtxB,EAAMyG,SAAS,EAAG4qB,GAEhC,GADA5zB,KAAKmzB,UAAUhxB,IAAI0xB,EAAO7zB,KAAK8B,GAC1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKkjB,UAAY,CACnD,MAAM4Q,GAAYvxB,EAAMX,OAASgyB,GAAW5zB,KAAKkjB,UAC3CoM,EAAYxY,EAAKpV,iBAAiB,CACtC1B,KAAKmzB,UACL5wB,EAAMyG,SAAS4qB,EAASrxB,EAAMX,OAASkyB,KAEnCC,EAAYjd,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL5D,EAAUtmB,SAAS,EAAGsmB,EAAU1tB,OAAS5B,KAAKkjB,aAG1C8Q,QAAwBh0B,KAAKuzB,QAAQQ,GAQ3C,OAPAE,GAAOD,EAAiB1E,GACxBtvB,KAAKkzB,UAAYc,EAAgBrxB,OAAO3C,KAAKkjB,WAGzC4Q,EAAW,GAAG9zB,KAAKmzB,UAAUhxB,IAAII,EAAMyG,UAAU8qB,IACrD9zB,KAAK8B,EAAIgyB,EAEFE,CACb,CAGI,IAAIE,EACJ,GAFAl0B,KAAK8B,GAAK+xB,EAAMjyB,OAEZ5B,KAAK8B,IAAM9B,KAAKmzB,UAAUvxB,OAAQ,CACpC,MAAMuyB,EAAWn0B,KAAKmzB,UACtBe,QAAuBl0B,KAAKuzB,QAAQvzB,KAAKkzB,WACzCe,GAAOC,EAAgBC,GACvBn0B,KAAKkzB,UAAYgB,EAAevxB,QAChC3C,KAAK8B,EAAI,EAET,MAAMkuB,EAAYztB,EAAMyG,SAAS6qB,EAAMjyB,QACvC5B,KAAKmzB,UAAUhxB,IAAI6tB,EAAWhwB,KAAK8B,GACnC9B,KAAK8B,GAAKkuB,EAAUpuB,MAC1B,MACMsyB,EAAiB,IAAIzyB,WAGvB,OAAOyyB,CACX,CAEE,YAAMvtB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CACLzB,KAAKmzB,UAAYnzB,KAAKmzB,UAAUnqB,SAAS,EAAGhJ,KAAK8B,GACjD,MAAMqyB,EAAWn0B,KAAKmzB,UAChBe,QAAuBl0B,KAAKuzB,QAAQvzB,KAAKkzB,WAC/Ce,GAAOC,EAAgBC,GACvBpyB,EAASmyB,EAAelrB,SAAS,EAAGmrB,EAASvyB,OACnD,CAGI,OADA5B,KAAKo0B,qBACEryB,CACX,CAEE,kBAAAqyB,GACEp0B,KAAKmzB,UAAUzL,KAAK,GACpB1nB,KAAKkzB,UAAUxL,KAAK,GACpB1nB,KAAK0zB,OAAS,KACd1zB,KAAK2Q,IAAM,IACf,CAEE,aAAMqd,CAAQsB,GAEZ,MAKM+E,SAL6Br0B,KAAKuzB,QACtCzc,EAAKpV,iBAAiB,CAAC,IAAID,WAAWzB,KAAKkjB,WAAYoM,IACvDtvB,KAAKyvB,KAGyBzmB,SAAS,EAAGsmB,EAAU1tB,QAGtD,OAFAqyB,GAAOI,EAAI/E,GACXtvB,KAAKo0B,qBACEC,CACX,EAGA,MAAMC,GACJ,WAAA10B,CAAY20B,EAAe7R,EAAM/R,EAAK8e,GACpCzvB,KAAKu0B,cAAgBA,EACrB,MAAMrR,UAAEA,GAAcF,GAAgBN,GACtC1iB,KAAK2Q,IAAM6jB,GAAgBnH,YAAY1c,GAEnC8e,EAAGplB,WAAa,GAAM,IAAGolB,EAAKA,EAAG9sB,SACrC3C,KAAKkzB,UAAYuB,GAAehF,GAChCzvB,KAAKmzB,UAAY,IAAI1xB,WAAWyhB,GAChCljB,KAAK8B,EAAI,EACT9B,KAAKkjB,UAAYA,CACrB,CAEE,OAAAwR,CAAQ/F,GACN,MAAMI,EAAQ0F,GAAe9F,GACvBH,EAAM,IAAI/sB,WAAWktB,EAAI/sB,QACzBotB,EAAQyF,GAAejG,GAC7B,IAAK,IAAI1sB,EAAI,EAAGA,EAAI,GAAKktB,EAAMptB,OAAQE,GAAK,EAAG,CAC7C,MAAQomB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOmK,GAAgBxG,QAAQhuB,KAAK2Q,IAAK3Q,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,IACrJlE,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKooB,EAC9B8E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqoB,EAC9B6E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsoB,EAC9B4E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKuoB,EAC9BrqB,KAAKkzB,WAAalzB,KAAKu0B,cAAgBvF,EAAQD,GAAOpsB,MAAMb,EAAGA,EAAI,EACzE,CACI,OAAO0sB,CACX,CAEE,kBAAMmG,CAAapyB,GACjB,MAAMqxB,EAAU5zB,KAAKmzB,UAAUvxB,OAAS5B,KAAK8B,EACvC+xB,EAAQtxB,EAAMyG,SAAS,EAAG4qB,GAGhC,GAFA5zB,KAAKmzB,UAAUhxB,IAAI0xB,EAAO7zB,KAAK8B,GAE1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKkjB,UAAY,CACnD,MAAM4Q,GAAYvxB,EAAMX,OAASgyB,GAAW5zB,KAAKkjB,UAC3C0R,EAAY9d,EAAKpV,iBAAiB,CACtC1B,KAAKmzB,UACL5wB,EAAMyG,SAAS4qB,EAASrxB,EAAMX,OAASkyB,KAGnCe,EAAkB70B,KAAK00B,QAAQE,GAMrC,OAHId,EAAW,GAAG9zB,KAAKmzB,UAAUhxB,IAAII,EAAMyG,UAAU8qB,IACrD9zB,KAAK8B,EAAIgyB,EAEFe,CACb,CAII,IAAIC,EACJ,GAHA90B,KAAK8B,GAAK+xB,EAAMjyB,OAGZ5B,KAAK8B,IAAM9B,KAAKmzB,UAAUvxB,OAAQ,CACpCkzB,EAAiB90B,KAAK00B,QAAQ10B,KAAKmzB,WACnCnzB,KAAK8B,EAAI,EAET,MAAMkuB,EAAYztB,EAAMyG,SAAS6qB,EAAMjyB,QACvC5B,KAAKmzB,UAAUhxB,IAAI6tB,EAAWhwB,KAAK8B,GACnC9B,KAAK8B,GAAKkuB,EAAUpuB,MAC1B,MACMkzB,EAAiB,IAAIrzB,WAGvB,OAAOqzB,CACX,CAEE,YAAMnuB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CAGLM,EAFuB/B,KAAK00B,QAAQ10B,KAAKmzB,WAEjBnqB,SAAS,EAAGhJ,KAAK8B,EAC/C,CAGI,OADA9B,KAAKo0B,qBACEryB,CACX,CAEE,kBAAAqyB,GACEp0B,KAAKmzB,UAAUzL,KAAK,GACpB1nB,KAAKkzB,UAAUxL,KAAK,GACpB1nB,KAAK2Q,IAAI+W,KAAK,EAClB,EAuBA,SAASuM,GAAO1V,EAAGzG,GACjB,MAAMid,EAAUtsB,KAAKud,IAAIzH,EAAE3c,OAAQkW,EAAElW,QACrC,IAAK,IAAIE,EAAI,EAAGA,EAAIizB,EAASjzB,IAC3Byc,EAAEzc,GAAKyc,EAAEzc,GAAKgW,EAAEhW,EAEpB,CAEA,MAAM2yB,GAAiBtO,GAAO,IAAI/F,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK2P,MAAM+N,EAAI7b,WAAa,8DAnQ/FhI,eAAuBogB,EAAM/R,EAAK4e,EAAYE,GACnD,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GAC7C,GAAIuB,IAAc+O,GAAUgC,GAC1B,OAwQJ,SAAqBtS,EAAM/R,EAAK0jB,EAAI5E,GAClC,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GACvCuS,EAAc,IAAIhR,GAAWiR,iBAAiBlC,GAAUgC,GAAWrkB,EAAK8e,GAC9E,OAAOzV,EAAiBqa,GAAI9xB,GAAS,IAAId,WAAWwzB,EAAY1Q,OAAOhiB,KACzE,CA5QW4yB,CAAYzS,EAAM/R,EAAK4e,EAAYE,GAE5C,GAAI3Y,EAAK2H,MAAMiE,GACb,OA8OJpgB,eAA0BogB,EAAM/R,EAAK0jB,EAAI5E,GACvC,GAAI3Y,EAAK7V,SAASozB,GAAK,CACrB,MAAMvD,EAAM,IAAIwD,IAAqB,EAAO5R,EAAM/R,EAAK8e,GACvD,OAAOzV,EAAiBqa,GAAI9xB,GAASuuB,EAAI6D,aAAapyB,KAAQ,IAAMuuB,EAAInqB,UAC5E,CACE,OAAOyuB,GAAYzkB,EAAK8e,GAAInB,QAAQ+F,EACtC,CApPWgB,CAAW3S,EAAM/R,EAAK4e,EAAYE,GAG3C,MACM6F,EAAW,UADU7S,GAAgBC,IACT/R,GAC5B4kB,EAAaD,EAASpS,UAE5B,IAAIsS,EAAS/F,EACT4E,EAAK,IAAI5yB,WACb,MAAM2B,EAAUJ,IACVA,IACFqxB,EAAKvd,EAAKpV,iBAAiB,CAAC2yB,EAAIrxB,KAElC,MAAMssB,EAAY,IAAI7tB,WAAW4yB,EAAGzyB,QACpC,IAAIE,EACAsY,EAAI,EACR,KAAOpX,EAAQqxB,EAAGzyB,QAAU2zB,EAAalB,EAAGzyB,QAAQ,CAClD,MAAM6zB,EAAWH,EAAStH,QAAQwH,GAElC,IADAA,EAASnB,EAAGrrB,SAAS,EAAGusB,GACnBzzB,EAAI,EAAGA,EAAIyzB,EAAYzzB,IAC1BwtB,EAAUlV,KAAOob,EAAO1zB,GAAK2zB,EAAS3zB,GAExCuyB,EAAKA,EAAGrrB,SAASusB,EACvB,CACI,OAAOjG,EAAUtmB,SAAS,EAAGoR,EAAE,EAEjC,OAAOJ,EAAiBuV,EAAYnsB,EAASA,EAC/C,UA5EOd,eAAuBogB,EAAM/R,EAAK2e,EAAWG,EAAIvb,GACtD,MAAM8gB,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GAC7C,GAAI5L,EAAKwF,iBAAmB0W,GAAUgC,GACpC,OA6SJ,SAAqBtS,EAAM/R,EAAK+kB,EAAIjG,GAClC,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GACvCiT,EAAY,IAAI1R,GAAW2R,eAAe5C,GAAUgC,GAAWrkB,EAAK8e,GAC1E,OAAOzV,EAAiB0b,GAAInzB,GAAS,IAAId,WAAWk0B,EAAUpR,OAAOhiB,KACvE,CAjTWszB,CAAYnT,EAAM/R,EAAK2e,EAAWG,GAE3C,GAAI3Y,EAAK2H,MAAMiE,GACb,OA8QJpgB,eAA0BogB,EAAM/R,EAAK+kB,EAAIjG,GACvC,GAAItT,UAAmB8W,GAAmBI,YAAY3Q,GAAO,CAC3D,MAAMoO,EAAM,IAAImC,GAAmBvQ,EAAM/R,EAAK8e,GAC9C,OAAO3Y,EAAK7V,SAASy0B,GAAM1b,EAAiB0b,GAAInzB,GAASuuB,EAAI6C,aAAapxB,KAAQ,IAAMuuB,EAAInqB,WAAYmqB,EAAI9C,QAAQ0H,EACrH,CAAM,GAAI5e,EAAK7V,SAASy0B,GAAK,CAC5B,MAAM5E,EAAM,IAAIwD,IAAqB,EAAM5R,EAAM/R,EAAK8e,GACtD,OAAOzV,EAAiB0b,GAAInzB,GAASuuB,EAAI6D,aAAapyB,KAAQ,IAAMuuB,EAAInqB,UAC5E,CACE,OAAOyuB,GAAYzkB,EAAK8e,GAAIzB,QAAQ0H,EACtC,CAvRWI,CAAWpT,EAAM/R,EAAK2e,EAAWG,GAG1C,MACM6F,EAAW,UADU7S,GAAgBC,IACT/R,GAC5B4kB,EAAaD,EAASpS,UAEtB6S,EAAStG,EAAG9sB,QAClB,IAAI+yB,EAAK,IAAIj0B,WACb,MAAM2B,EAAUJ,IACVA,IACF0yB,EAAK5e,EAAKpV,iBAAiB,CAACg0B,EAAI1yB,KAElC,MAAMusB,EAAa,IAAI9tB,WAAWi0B,EAAG9zB,QACrC,IAAIE,EACAsY,EAAI,EACR,KAAOpX,EAAQ0yB,EAAG9zB,QAAU2zB,EAAaG,EAAG9zB,QAAQ,CAClD,MAAMo0B,EAAWV,EAAStH,QAAQ+H,GAClC,IAAKj0B,EAAI,EAAGA,EAAIyzB,EAAYzzB,IAC1Bi0B,EAAOj0B,GAAK4zB,EAAG5zB,GAAKk0B,EAASl0B,GAC7BytB,EAAWnV,KAAO2b,EAAOj0B,GAE3B4zB,EAAKA,EAAG1sB,SAASusB,EACvB,CACI,OAAOhG,EAAWvmB,SAAS,EAAGoR,EAAE,EAElC,OAAOJ,EAAiBsV,EAAWlsB,EAASA,EAC9C,IC9EA,MAAM+Y,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAgBlB2Z,GAAc,GAWpB,SAASC,GAAYrvB,EAAMgJ,GACzB,MAAMgJ,EAAShS,EAAKjF,OAASq0B,GAC7B,IAAK,IAAIn0B,EAAI,EAAGA,EAAIm0B,GAAan0B,IAC/B+E,EAAK/E,EAAI+W,IAAWhJ,EAAQ/N,GAE9B,OAAO+E,CACT,CAeA,MAAMusB,GAAY,IAAI3xB,WAAWw0B,IAElB3zB,eAAe6zB,GAAKxlB,GACjC,MAAM6e,QAAY4G,GAAIzlB,GAGhBd,EAAUiH,EAAK8E,aAAa4T,EAAI4D,KAChCiD,EAAWvf,EAAK8E,OAAO/L,GAE7B,OAAOvN,eAAeuE,GAEpB,aAAc2oB,EAxBlB,SAAa3oB,EAAMgJ,EAASwmB,GAE1B,GAAIxvB,EAAKjF,QAAUiF,EAAKjF,OAASq0B,IAAgB,EAE/C,OAAOC,GAAYrvB,EAAMgJ,GAG3B,MAAM+I,EAAS,IAAInX,WAAWoF,EAAKjF,QAAUq0B,GAAepvB,EAAKjF,OAASq0B,KAG1E,OAFArd,EAAOzW,IAAI0E,GACX+R,EAAO/R,EAAKjF,QAAU,IACfs0B,GAAYtd,EAAQyd,EAC7B,CAasB1D,CAAI9rB,EAAMgJ,EAASwmB,KAAYrtB,UAAUitB,GAC5D,CACH,CAEA3zB,eAAe8zB,GAAIzlB,GACjB,GAAImG,EAAKwF,gBACP,OAAOha,eAAeozB,GACpB,MACMrB,EADK,IAAIpQ,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAKyiB,IACpE7O,OAAOmR,GACrB,OAAO,IAAIj0B,WAAW4yB,EACvB,EAGH,GAAIvd,EAAKoF,eACP,IAEE,OADAvL,QAAYwL,GAAUmX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1FU,eAAeozB,GACpB,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE/lB,KAAM,UAAWwnB,GAAI2D,GAAWxxB,OAAsB,EAAdq0B,IAAmBtlB,EAAK+kB,GACrG,OAAO,IAAIj0B,WAAW4yB,GAAIrrB,SAAS,EAAGqrB,EAAG/pB,WAAa2rB,GACvD,CACF,CAAC,MAAOK,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,QACvE,CAGE,OAAOjR,eAAeozB,GACpB,OAAOa,GAAY5lB,EAAKyiB,GAAW,CAAExD,gBAAgB,IAAQ5B,QAAQ0H,EACtE,CACH,CC1EA,MAAMvZ,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAClBI,GAAS5F,EAAK2F,gBAGdwZ,GAAc,GACdO,GAAWP,GACX/E,GAAY+E,GAEZQ,GAAO,IAAIh1B,WAAWw0B,IACtBS,GAAM,IAAIj1B,WAAWw0B,IAAcS,GAAIT,GAAc,GAAK,EAChE,MAAMU,GAAM,IAAIl1B,WAAWw0B,IAE3B3zB,eAAes0B,GAAKjmB,GAClB,MAAMkmB,QAAaV,GAAKxlB,GACxB,OAAO,SAASgL,EAAGpI,GACjB,OAAOsjB,EAAK/f,EAAKpV,iBAAiB,CAACia,EAAGpI,IACvC,CACH,CAEAjR,eAAew0B,GAAInmB,GACjB,GAAImG,EAAKwF,gBACP,OAAOha,eAAeozB,EAAIjG,GACxB,MAAMsH,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GAC5E4E,EAAK3X,GAAOlY,OAAO,CAACuyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,UAC5C,OAAO,IAAIv1B,WAAW4yB,EACvB,EAGH,GAAIvd,EAAKoF,eACP,IACE,MAAMwX,QAAevX,GAAUmX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1G,OAAOU,eAAeozB,EAAIjG,GACxB,MAAM4E,QAAWlY,GAAU6R,QAAQ,CAAE/lB,KAAM,UAAW0pB,QAASlC,EAAI7tB,OAAsB,EAAdq0B,IAAmBvC,EAAQgC,GACtG,OAAO,IAAIj0B,WAAW4yB,EACvB,CACF,CAAC,MAAOiC,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,QACvE,CAGE,OAAOjR,eAAeozB,EAAIjG,GACxB,OAAOwH,GAAYtmB,EAAK8e,GAAIzB,QAAQ0H,EACrC,CACH,CAQApzB,eAAe40B,GAAIrU,EAAQlS,GACzB,GAAIkS,IAAWpY,EAAMoC,UAAUK,QAC7B2V,IAAWpY,EAAMoC,UAAUM,QAC3B0V,IAAWpY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,MACE41B,EACAtI,SACQ3uB,QAAQ4E,IAAI,CACpB8xB,GAAKjmB,GACLmmB,GAAInmB,KAGN,MAAO,CAQLqd,QAAS1rB,eAAegtB,EAAWZ,EAAO0I,GACxC,MACEC,EACAC,SACQp3B,QAAQ4E,IAAI,CACpBqyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,KAENG,QAAiB1I,EAAIS,EAAW+H,GAEhCrZ,QADqBmZ,EAAKR,GAAKY,GAErC,IAAK,IAAIz1B,EAAI,EAAGA,EAAIovB,GAAWpvB,IAC7Bkc,EAAIlc,IAAMw1B,EAAUx1B,GAAKu1B,EAAUv1B,GAErC,OAAOgV,EAAKpV,iBAAiB,CAAC61B,EAAUvZ,GACzC,EASDsQ,QAAShsB,eAAeitB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW3tB,OAASsvB,GAAW,MAAU3vB,MAAM,0BACnD,MAAMg2B,EAAWhI,EAAWvmB,SAAS,GAAIkoB,IACnCsG,EAAQjI,EAAWvmB,UAAUkoB,KAEjCmG,EACAC,EACAG,SACQv3B,QAAQ4E,IAAI,CACpBqyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,GACVD,EAAKR,GAAKY,KAENvZ,EAAMyZ,EACZ,IAAK,IAAI31B,EAAI,EAAGA,EAAIovB,GAAWpvB,IAC7Bkc,EAAIlc,IAAMw1B,EAAUx1B,GAAKu1B,EAAUv1B,GAErC,IAAKgV,EAAKoE,iBAAiBsc,EAAOxZ,GAAM,MAAUzc,MAAM,+BAExD,aADwBstB,EAAI0I,EAAUF,EAE5C,EAEA,CAnHyCV,GAAIV,GAAc,GAAK,EA2HhEiB,GAAIQ,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEAwI,GAAIjB,YAAcA,GAClBiB,GAAIV,SAAWA,GACfU,GAAIhG,UAAYA,GClJhB,MAAM+E,GAAc,GAOd/E,GAAY,GAGlB,SAAS0G,GAAIhgB,GACX,IAAIggB,EAAM,EACV,IAAK,IAAI91B,EAAI,IAAI8V,EAAI9V,GAAUA,IAAM,EACnC81B,IAEF,OAAOA,CACT,CAEA,SAAS3D,GAAO4D,EAAGC,GACjB,IAAK,IAAIh2B,EAAI,EAAGA,EAAI+1B,EAAEj2B,OAAQE,IAC5B+1B,EAAE/1B,IAAMg2B,EAAEh2B,GAEZ,OAAO+1B,CACT,CAEA,SAASE,GAAIF,EAAGC,GACd,OAAO7D,GAAO4D,EAAEl1B,QAASm1B,EAC3B,CAEA,MAAM1E,GAAY,IAAI3xB,WAAWw0B,IAC3BS,GAAM,IAAIj1B,WAAW,CAAC,IAO5Ba,eAAe01B,GAAInV,EAAQlS,GACzB,MAAMsS,QAAEA,GAAYD,GAAgBH,GAEpC,IAAK/L,EAAK2H,MAAMoE,IAAWlS,EAAI/O,SAAWqhB,EACxC,MAAU1hB,MAAM,oCAGlB,IAAI02B,EAAS,EAKb,MAAMC,EAAM3B,GAAY5lB,EAAKyiB,GAAW,CAAExD,gBAAgB,IACpDuI,EAAWlG,GAASiG,EAAIlK,QAAQiE,GAChCmG,EAAWnG,GAASiG,EAAI5J,QAAQ2D,GACtC,IAAIpI,EAmEJ,SAASwO,EAAMpxB,EAAI+I,EAAM0e,EAAO0I,GAI9B,MAAMkB,EAAItoB,EAAKpO,OAASq0B,GAAc,GAxDxC,SAA4BjmB,EAAMonB,GAChC,MAAMmB,EAAYzhB,EAAKuC,MAAM5Q,KAAKC,IAAIsH,EAAKpO,OAAQw1B,EAAMx1B,QAAUq0B,GAAc,GAAK,EACtF,IAAK,IAAIn0B,EAAIm2B,EAAS,EAAGn2B,GAAKy2B,EAAWz2B,IACvC+nB,EAAK/nB,GAAKgV,EAAK8E,OAAOiO,EAAK/nB,EAAI,IAEjCm2B,EAASM,CACb,CAuDIC,CAAmBxoB,EAAMonB,GAOzB,MAAMqB,EAAc3hB,EAAKpV,iBAAiB,CAAC0xB,GAAUpqB,SAAS,EAtIjD,GAsI+D0lB,EAAM9sB,QAAS80B,GAAKhI,IAE1FgK,EAAwC,GAA/BD,EAAYxC,IAE3BwC,EAAYxC,KAAoB,IAChC,MAAM0C,EAAOR,EAASM,GAEhBG,EAAY9hB,EAAKpV,iBAAiB,CAACi3B,EAAMZ,GAAIY,EAAK3vB,SAAS,EAAG,GAAI2vB,EAAK3vB,SAAS,EAAG,MAEnF6P,EAAS/B,EAAKiF,WAAW6c,EAAU5vB,SAAS,GAAK0vB,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAa1vB,SAAS,GAE/G6vB,EAAW,IAAIp3B,WAAWw0B,IAE1B5B,EAAK,IAAI5yB,WAAWuO,EAAKpO,OAASsvB,IAKxC,IAAIpvB,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIw2B,EAAGx2B,IAEjBmyB,GAAOpb,EAAQgR,EAAK+N,GAAI91B,EAAI,KAG5BuyB,EAAGlyB,IAAI8xB,GAAOhtB,EAAG8wB,GAAIlf,EAAQ7I,IAAQ6I,GAAS7W,GAE9CiyB,GAAO4E,EAAU5xB,IAAOkxB,EAAWnoB,EAAOqkB,EAAGrrB,SAAShH,IAEtDgO,EAAOA,EAAKhH,SAASitB,IACrBj0B,GAAOi0B,GAMT,GAAIjmB,EAAKpO,OAAQ,CAEfqyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAM5L,EAAUsoB,EAAStf,GAEzBwb,EAAGlyB,IAAI41B,GAAI/nB,EAAMH,GAAU7N,GAG3B,MAAM82B,EAAW,IAAIr3B,WAAWw0B,IAChC6C,EAAS32B,IAAI8E,IAAOkxB,EAAWnoB,EAAOqkB,EAAGrrB,SAAShH,GAAK,IAAa,GACpE82B,EAAS9oB,EAAKpO,QAAU,IACxBqyB,GAAO4E,EAAUC,GACjB92B,GAAOgO,EAAKpO,MAClB,CAEI,MAAMoc,EAAMiW,GAAOkE,EAASlE,GAAOA,GAAO4E,EAAUhgB,GAASgR,EAAKkP,IAhHpE,SAAc3B,GACZ,IAAKA,EAAMx1B,OAET,OAAOwxB,GAMT,MAAMkF,EAAIlB,EAAMx1B,OAASq0B,GAAc,EAEjCpd,EAAS,IAAIpX,WAAWw0B,IACxBvD,EAAM,IAAIjxB,WAAWw0B,IAC3B,IAAK,IAAIn0B,EAAI,EAAGA,EAAIw2B,EAAGx2B,IACrBmyB,GAAOpb,EAAQgR,EAAK+N,GAAI91B,EAAI,KAC5BmyB,GAAOvB,EAAKyF,EAASJ,GAAIlf,EAAQue,KACjCA,EAAQA,EAAMpuB,SAASitB,IAMzB,GAAImB,EAAMx1B,OAAQ,CAChBqyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAMud,EAAc,IAAIv3B,WAAWw0B,IACnC+C,EAAY72B,IAAIi1B,EAAO,GACvB4B,EAAY5B,EAAMx1B,QAAU,IAC5BqyB,GAAO+E,EAAangB,GAEpBob,GAAOvB,EAAKyF,EAASa,GAC3B,CAEI,OAAOtG,CACX,CA8E2E/kB,CAAKypB,IAO5E,OADA/C,EAAGlyB,IAAI6b,EAAKhc,GACLqyB,CACX,CAGE,OA9IA,WACE,MAAM4E,EAASd,EAAS/E,IAClB8F,EAASpiB,EAAK8E,OAAOqd,GAC3BpP,EAAO,GACPA,EAAK,GAAK/S,EAAK8E,OAAOsd,GAGtBrP,EAAKpO,EAAIwd,EACTpP,EAAKkP,EAAIG,CACb,CAXEC,GAgJO,CAQLnL,QAAS1rB,eAAegtB,EAAWZ,EAAO0I,GACxC,OAAOiB,EAAMF,EAAU7I,EAAWZ,EAAO0I,EAC1C,EASD9I,QAAShsB,eAAeitB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW3tB,OAASsvB,GAAW,MAAU3vB,MAAM,0BAEnD,MAAMyc,EAAMuR,EAAWvmB,UAAS,IAChCumB,EAAaA,EAAWvmB,SAAS,GAAG,IAEpC,MAAMowB,EAAUf,EAAMD,EAAU7I,EAAYb,EAAO0I,GAEnD,GAAItgB,EAAKoE,iBAAiB8C,EAAKob,EAAQpwB,UAAS,KAC9C,OAAOowB,EAAQpwB,SAAS,GAAG,IAE7B,MAAUzH,MAAM,8BACtB,EAEA,CAQAy2B,GAAIN,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEAsJ,GAAI/B,YAAcA,GAClB+B,GAAIxB,SAvPa,GAwPjBwB,GAAI9G,UAAYA,GCxPhB,MAAM/U,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAClBI,GAAS5F,EAAK2F,gBAIdyU,GAAY,GACZmI,GAAO,UAOb/2B,eAAeg3B,GAAIzW,EAAQlS,GACzB,GAAIkS,IAAWpY,EAAMoC,UAAUK,QAC7B2V,IAAWpY,EAAMoC,UAAUM,QAC3B0V,IAAWpY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,GAAIuV,EAAKwF,gBACP,MAAO,CACL0R,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,EAAQ,IAAI31B,YAC1C,MAAMs1B,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GAClFsH,EAAGwC,OAAOnC,GACV,MAAM/C,EAAK3X,GAAOlY,OAAO,CAACuyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,QAASD,EAAGyC,eACxD,OAAO,IAAI/3B,WAAW4yB,EACvB,EAED/F,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,EAAQ,IAAI31B,YAC1C,MAAMg4B,EAAK,IAAIxV,GAAWiR,iBAAiB,OAAuB,EAAbvkB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GACpFgK,EAAGF,OAAOnC,GACVqC,EAAGC,WAAWrF,EAAG1xB,MAAM0xB,EAAGzyB,OAASsvB,GAAWmD,EAAGzyB,SACjD,MAAM8zB,EAAKhZ,GAAOlY,OAAO,CAACi1B,EAAGlV,OAAO8P,EAAG1xB,MAAM,EAAG0xB,EAAGzyB,OAASsvB,KAAauI,EAAGzC,UAC5E,OAAO,IAAIv1B,WAAWi0B,EAC9B,GAIE,GAAI5e,EAAKoF,eACP,IACE,MAAMyd,QAAaxd,GAAUmX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAMoxB,KAAQ,EAAO,CAAC,UAAW,YAEhFO,EAAoChd,UAAUid,UAAUja,MAAM,kCAClEhD,UAAUid,UAAUja,MAAM,kDAC5B,MAAO,CACLoO,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,EAAQ,IAAI31B,YAC1C,GAAIm4B,IAAsClE,EAAG9zB,OAC3C,OAAOk4B,GAAYnpB,EAAK8e,EAAI2H,GAAOpJ,QAAQ0H,GAE7C,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE/lB,KAAMoxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMjE,GAC9G,OAAO,IAAIj0B,WAAW4yB,EACvB,EAED/F,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,EAAQ,IAAI31B,YAC1C,GAAIm4B,GAAqCvF,EAAGzyB,SAAWsvB,GACrD,OAAO4I,GAAYnpB,EAAK8e,EAAI2H,GAAO9I,QAAQ+F,GAE7C,IACE,MAAMqB,QAAWvZ,GAAUmS,QAAQ,CAAErmB,KAAMoxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMtF,GAC9G,OAAO,IAAI5yB,WAAWi0B,EACvB,CAAC,MAAOxxB,GACP,GAAe,mBAAXA,EAAE+D,KACJ,MAAU1G,MAAM,8BAE9B,CACA,EAEK,CAAC,MAAO+0B,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,QACvE,CAGE,MAAO,CACLya,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,GAC9B,OAAO0C,GAAYnpB,EAAK8e,EAAI2H,GAAOpJ,QAAQ0H,EAC5C,EAEDpH,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,GAC9B,OAAO0C,GAAYnpB,EAAK8e,EAAI2H,GAAO9I,QAAQ+F,EACjD,EAEA,CAWAiF,GAAI5B,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEA4K,GAAIrD,YAvGgB,GAwGpBqD,GAAI9C,SAvGa,GAwGjB8C,GAAIpI,UAAYA,GC9HhB,IAAeuC,GAAA,CAEb3C,IAAKA,GAELriB,IAAKA,GACLC,gBAAiBD,GAEjBF,IAAKA,GAELC,IAAKA,ICjBP,MAAMwrB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAEb,SAAUgT,GAAmB/vB,GACjC,MAAMwP,EAAc,mBACpB,IAAIC,EAAI,GAIR,OAHAzP,EAAMlI,SAAQ4X,IACZD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAEzCqN,OAAO,MAAQtN,EACxB,CAEgB,SAAAugB,GAAI5b,EAAW+Z,GAC7B,MAAM8B,EAAU7b,EAAI+Z,EACpB,OAAO8B,EAAUJ,GAAMI,EAAU9B,EAAI8B,CACvC,UASgBC,GAAOviB,EAAW5T,EAAW0T,GAC3C,GAAIA,IAAMoiB,GAAK,MAAMz4B,MAAM,yBAC3B,GAAIqW,IAAMqiB,GAAK,OAAO/S,OAAO,GAC7B,GAAIhjB,EAAI81B,GAAK,MAAMz4B,MAAM,iCAEzB,IAAI+4B,EAAMp2B,EACNuX,EAAI3D,EAER2D,GAAK7D,EACL,IAAI8D,EAAIwL,OAAO,GACf,KAAOoT,EAAMN,IAAK,CAChB,MAAMO,EAAMD,EAAML,GAClBK,IAAQL,GAIRve,EAAI6e,EAFQ7e,EAAID,EAAK7D,EAEN8D,EACfD,EAAKA,EAAIA,EAAK7D,EAEhB,OAAO8D,CACT,CAGA,SAAS8e,GAAI/e,GACX,OAAOA,GAAKue,GAAMve,GAAKA,CACzB,CAsDgB,SAAAgf,GAAOlc,EAAW3G,GAChC,MAAM8iB,IAAEA,EAAGjf,EAAEA,GA7Cf,SAAekf,EAAgBC,GAC7B,IAAInf,EAAIyL,OAAO,GACX2T,EAAI3T,OAAO,GACX4T,EAAQ5T,OAAO,GACf6T,EAAQ7T,OAAO,GAKf3I,EAAIic,GAAIG,GACR7iB,EAAI0iB,GAAII,GACZ,MAAMI,EAAWL,EAASX,GACpBiB,EAAWL,EAASZ,GAE1B,KAAOliB,IAAMkiB,IAAK,CAChB,MAAMpW,EAAIrF,EAAIzG,EACd,IAAI2T,EAAMhQ,EACVA,EAAIqf,EAAQlX,EAAInI,EAChBqf,EAAQrP,EAERA,EAAMoP,EACNA,EAAIE,EAAQnX,EAAIiX,EAChBE,EAAQtP,EAERA,EAAM3T,EACNA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAGN,MAAO,CACLhQ,EAAGuf,GAAYF,EAAQA,EACvBD,EAAGI,GAAYF,EAAQA,EACvBL,IAAKnc,EAET,CAWqB2c,CAAM3c,EAAG3G,GAC5B,GAAI8iB,IAAQT,GACV,MAAU14B,MAAM,0BAElB,OAAO44B,GAAI1e,EAAI7D,EAAGA,EACpB,CAwBM,SAAUujB,GAAe1f,GAC7B,MAAM2f,EAAS/T,OAAO5L,GACtB,GAAI2f,EAAS/T,OAAOgU,iBAElB,MAAU95B,MAAM,8CAElB,OAAO65B,CACT,CAQgB,SAAAE,GAAO7f,EAAU3Z,GAE/B,OADa2Z,GAAKyL,OAAOplB,GAAMm4B,MAChBD,GAAM,EAAI,CAC3B,CAKM,SAAUuB,GAAU9f,GAGxB,MAAMjW,EAASiW,EAAIue,GAAM9S,QAAQ,GAAK8S,GACtC,IAAIwB,EAAS,EACT/P,EAAMhQ,EAEV,MAAQgQ,IAAQwO,MAASz0B,GACvBg2B,IAEF,OAAOA,CACT,CAKM,SAAUlxB,GAAWmR,GACzB,MAAMjW,EAASiW,EAAIue,GAAM9S,QAAQ,GAAK8S,GAChCyB,EAAMvU,OAAO,GACnB,IAAIoG,EAAM,EACN7B,EAAMhQ,EAEV,MAAQgQ,IAAQgQ,KAASj2B,GACvB8nB,IAEF,OAAOA,CACT,CAQM,SAAUoO,GAAmBjgB,EAAWkgB,EAAS,KAAM/5B,GAG3D,IAAI2X,EAAMkC,EAAEgF,SAAS,IACjBlH,EAAI3X,OAAS,GAAM,IACrB2X,EAAM,IAAMA,GAGd,MAAMqiB,EAAYriB,EAAI3X,OAAS,EACzBuI,EAAQ,IAAI1I,WAAWG,GAAUg6B,GAEjC/iB,EAASjX,EAASA,EAASg6B,EAAY,EAC7C,IAAI95B,EAAI,EACR,KAAOA,EAAI85B,GACTzxB,EAAMrI,EAAI+W,GAAUY,SAASF,EAAI5W,MAAM,EAAIb,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAX65B,GACFxxB,EAAM8gB,UAGD9gB,CACT,CC7LA,MAAM8Z,GAAanN,EAAKwF,gBAOjB,SAASuf,GAAej6B,GAC7B,MAAM2a,EAA8B,oBAAXH,OAAyBA,OAAS6H,IAAY1H,UACvE,GAAIA,GAAWuf,gBAAiB,CAC9B,MAAMjd,EAAM,IAAIpd,WAAWG,GAC3B,OAAO2a,EAAUuf,gBAAgBjd,EACrC,CACI,MAAUtd,MAAM,+CAEpB,CASO,SAASw6B,GAAoB/V,EAAKtd,GACvC,GAAIA,EAAMsd,EACR,MAAUzkB,MAAM,uCAGlB,MAAMy6B,EAAUtzB,EAAMsd,EAOtB,OAAOmU,GADGD,GAAmB2B,GALfvxB,GAAW0xB,GAK2B,IACtCA,GAAWhW,CAC3B,8FCvCA,MAAMiU,GAAM/S,OAAO,YAQH+U,GAAoBhgB,EAAc/X,EAAWsV,GAC3D,MAAM0iB,EAAOhV,OAAO,IACdlB,EAAMiU,IAAO/S,OAAOjL,EAAO,GAO3BkgB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAErG,IAAIvkB,EAAImkB,GAAoB/V,EAAKA,GAAOiU,IACpCn4B,EAAIq5B,GAAehB,GAAIviB,EAAGskB,IAE9B,GACEtkB,GAAKsP,OAAOiV,EAAKr6B,IACjBA,GAAKA,EAAIq6B,EAAKr6B,IAAMq6B,EAAKv6B,OAErB25B,GAAU3jB,GAAKqE,IACjBrE,EAAIuiB,GAAIviB,EAAGoO,GAAOiU,IAAMriB,GAAKoO,EAC7BlkB,EAAIq5B,GAAehB,GAAIviB,EAAGskB,YAEpBE,GAAgBxkB,EAAG1T,EAAGsV,IAChC,OAAO5B,CACT,UAQgBwkB,GAAgBxkB,EAAW1T,EAAWsV,GACpD,QAAItV,GFsDU,SAAIy2B,EAAgBC,GAClC,IAAIrc,EAAIoc,EACJ7iB,EAAI8iB,EACR,KAAO9iB,IAAMkiB,IAAK,CAChB,MAAMvO,EAAM3T,EACZA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAEN,OAAOlN,CACT,CE/DWmc,CAAI9iB,EAAIqiB,GAAK/1B,KAAO+1B,QA2BzB,SAAuBriB,GAC3B,MAAMoiB,EAAM9S,OAAO,GACnB,OAAOmV,GAAYC,OAAMhE,GAAK6B,GAAIviB,EAAG0gB,KAAO0B,GAC9C,CA3BOuC,CAAa3kB,OAoBd,SAAiBA,EAAWE,EAAIoP,OAAO,IAC3C,OAAOmT,GAAOviB,EAAGF,EAAIqiB,GAAKriB,KAAOqiB,EACnC,CAnBOuC,CAAO5kB,eAoJcA,EAAW4B,GACrC,MAAM8T,EAAMiO,GAAU3jB,GAEjB4B,IACHA,EAAI/Q,KAAKC,IAAI,EAAI4kB,EAAM,GAAM,IAG/B,MAAMmP,EAAK7kB,EAAIqiB,GAGf,IAAIrgB,EAAI,EACR,MAAQ0hB,GAAOmB,EAAI7iB,IAAMA,IACzB,MAAMyJ,EAAIzL,GAAKsP,OAAOtN,GAEtB,KAAOJ,EAAI,EAAGA,IAAK,CAGjB,IAKI1X,EALA2Z,EAAI4e,GAFkB0B,GAAoB7U,OAAO,GAAIuV,GAEvCpZ,EAAGzL,GACrB,GAAI6D,IAAMwe,IAAOxe,IAAMghB,EAAvB,CAKA,IAAK36B,EAAI,EAAGA,EAAI8X,EAAG9X,IAAK,CAGtB,GAFA2Z,EAAI0e,GAAI1e,EAAIA,EAAG7D,GAEX6D,IAAMwe,GACR,OAAO,EAET,GAAIxe,IAAMghB,EACR,MAIJ,GAAI36B,IAAM8X,EACR,OAAO,GAIX,OAAO,CACT,CAzLO8iB,CAAY9kB,EAAG4B,IAMtB,CAkBA,MAAM6iB,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MACpC13B,KAAIiT,GAAKsP,OAAOtP,KCjJlB,MAAM+kB,GAAe,GAyCd,SAASC,GAAUrpB,EAASspB,GACjC,MAAMC,EAAUvpB,EAAQ3R,OAExB,GAAIk7B,EAAUD,EAAY,GACxB,MAAUt7B,MAAM,oBAIlB,MAAMw7B,EA7BR,SAAyBn7B,GACvB,MAAMG,EAAS,IAAIN,WAAWG,GAC9B,IAAIo7B,EAAQ,EACZ,KAAOA,EAAQp7B,GAAQ,CACrB,MAAMq7B,EAAcpB,GAAej6B,EAASo7B,GAC5C,IAAK,IAAIl7B,EAAI,EAAGA,EAAIm7B,EAAYr7B,OAAQE,IACf,IAAnBm7B,EAAYn7B,KACdC,EAAOi7B,KAAWC,EAAYn7B,GAGtC,CACE,OAAOC,CACT,CAiBam7B,CAAgBL,EAAYC,EAAU,GAG3C/d,EAAU,IAAItd,WAAWo7B,GAM/B,OAJA9d,EAAQ,GAAK,EACbA,EAAQ5c,IAAI46B,EAAI,GAEhBhe,EAAQ5c,IAAIoR,EAASspB,EAAYC,GAC1B/d,CACT,CAUO,SAASoe,GAAUpe,EAASqe,GAEjC,IAAIvkB,EAAS,EACTwkB,EAAoB,EACxB,IAAK,IAAIjjB,EAAIvB,EAAQuB,EAAI2E,EAAQnd,OAAQwY,IACvCijB,GAAoC,IAAfte,EAAQ3E,GAC7BvB,GAAUwkB,EAGZ,MAAMC,EAAQzkB,EAAS,EACjB0kB,EAAUxe,EAAQ/V,SAAS6P,EAAS,GACpC2kB,EAAgC,IAAfze,EAAQ,GAA0B,IAAfA,EAAQ,GAAWue,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOtmB,EAAKuH,iBAAiBmf,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUh8B,MAAM,mBAClB,CAUO,SAASk8B,GAAW/a,EAAMgb,EAAQC,GACvC,IAAI77B,EACJ,GAAI47B,EAAO97B,SAAW+L,GAAK4X,kBAAkB7C,GAC3C,MAAUnhB,MAAM,uBAIlB,MAAMq8B,EAAa,IAAIn8B,WAAWk7B,GAAaja,GAAM9gB,QACrD,IAAKE,EAAI,EAAGA,EAAI66B,GAAaja,GAAM9gB,OAAQE,IACzC87B,EAAW97B,GAAK66B,GAAaja,GAAM5gB,GAGrC,MAAM+7B,EAAOD,EAAWh8B,OAAS87B,EAAO97B,OACxC,GAAI+7B,EAAQE,EAAO,GACjB,MAAUt8B,MAAM,6CAIlB,MAAMw7B,EAAK,IAAIt7B,WAAWk8B,EAAQE,EAAO,GAAGnW,KAAK,KAI3CoW,EAAK,IAAIr8B,WAAWk8B,GAK1B,OAJAG,EAAG,GAAK,EACRA,EAAG37B,IAAI46B,EAAI,GACXe,EAAG37B,IAAIy7B,EAAYD,EAAQE,GAC3BC,EAAG37B,IAAIu7B,EAAQC,EAAQD,EAAO97B,QACvBk8B,CACT,CAhIAnB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGCfd,MAAMxgB,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAClB2d,GAAM/S,OAAO,GAuXnB5kB,eAAey7B,GAAanmB,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACzC,MAAMC,EAAO/D,GAAmB9M,GAC1B8Q,EAAOhE,GAAmBtW,GAC1Bua,EAAOjE,GAAmB7W,GAEhC,IAAI+a,EAAKjE,GAAIgE,EAAMD,EAAOjE,IACtBoE,EAAKlE,GAAIgE,EAAMF,EAAOhE,IAG1B,OAFAoE,EAAK3C,GAAmB2C,GACxBD,EAAK1C,GAAmB0C,GACjB,CACLE,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnB1T,EAAGsb,EAAgBtb,GACnBmf,EAAG7D,EAAgB6D,GAEnB+J,EAAG5N,EAAgBoE,GACnBA,EAAGpE,EAAgB4N,GAEnBiR,GAAI7e,EAAgB4e,GACpBA,GAAI5e,EAAgB6e,GACpBE,GAAI/e,EAAgBwe,GACpBQ,KAAK,EAET,CAQA,SAASC,GAAY7mB,EAAG1T,GACtB,MAAO,CACLo6B,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnB1T,EAAGsb,EAAgBtb,GACnBs6B,KAAK,EAET,CAGA,SAASE,GAAaC,EAAKz6B,GACzB,MAAO,CACL0T,EAAGyH,EAAgBsf,EAAI/mB,GACvB1T,EAAGw3B,GAAmBx3B,GACtBmf,EAAGhE,EAAgBsf,EAAItb,GAEvB+J,EAAG/N,EAAgBsf,EAAI/a,GACvBA,EAAGvE,EAAgBsf,EAAIvR,GAEvB4Q,EAAG3e,EAAgBsf,EAAIJ,IAE3B,2DA7UOj8B,eAAuBuE,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAIpD,GAAItmB,EAAKwF,kBAAoB8gB,EAC3B,IACE,aAiON96B,eAA2BuE,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,MAAMW,QAAYZ,GAAanmB,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACxCrtB,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAQ3qB,KAAM,QAASpE,QAASoU,GAAW4a,UAAUC,mBAErF,IACE,OAAO,IAAIr9B,WAAWwiB,GAAW8a,eAAepuB,EAAK9J,GACtD,CAAC,MAAOyvB,GACP,MAAU/0B,MAAM,mBACpB,CACA,CA1OmB4zB,CAAYtuB,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAC/C,CAAC,MAAO1H,GACPxf,EAAK0E,gBAAgB8a,EAC3B,CAEE,OAuOFh0B,eAAyBuE,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAQ/C,GAPAv2B,EAAOqzB,GAAmBrzB,GAC1B+Q,EAAIsiB,GAAmBtiB,GACvB1T,EAAIg2B,GAAmBh2B,GACvBmf,EAAI6W,GAAmB7W,GACvB+J,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBoa,EAAI9D,GAAmB8D,GACnBn3B,GAAQ+Q,EACV,MAAUrW,MAAM,mBAElB,MAAM68B,EAAKjE,GAAI9W,EAAGO,EAAIqW,IAChBoE,EAAKlE,GAAI9W,EAAG+J,EAAI6M,IAEhB+E,EAAYjD,GAAoB7U,OAAO,GAAItP,GAC3CqnB,EAAU5E,GAAOI,GAAOuE,EAAWpnB,GAAI1T,EAAG0T,GAChD/Q,EAAOszB,GAAItzB,EAAOo4B,EAASrnB,GAE3B,MAAMsnB,EAAK7E,GAAOxzB,EAAMw3B,EAAIjR,GACtB+R,EAAK9E,GAAOxzB,EAAMu3B,EAAIxa,GACtB4N,EAAI2I,GAAI6D,GAAKmB,EAAKD,GAAKtb,GAE7B,IAAI7hB,EAASyvB,EAAIpE,EAAI8R,EAIrB,OAFAn9B,EAASo4B,GAAIp4B,EAASi9B,EAAWpnB,GAE1BulB,GAAUzB,GAAmB35B,EAAQ,KAAMuI,GAAWsN,IAAKwlB,EACpE,CAlQSgC,CAAUv4B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EAC3C,UAlCO96B,eAAuBuE,EAAM+Q,EAAG1T,GACrC,OAAI4S,EAAKwF,gBA2OXha,eAA2BuE,EAAM+Q,EAAG1T,GAClC,MAAMy6B,EAAMF,GAAY7mB,EAAG1T,GACrByM,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,QAASpE,QAASoU,GAAW4a,UAAUC,mBAEpF,OAAO,IAAIr9B,WAAWwiB,GAAWob,cAAc1uB,EAAK9J,GACtD,CA/OWgvB,CAAYhvB,EAAM+Q,EAAG1T,GAiPhC5B,eAAyBuE,EAAM+Q,EAAG1T,GAIhC,GAHA0T,EAAIsiB,GAAmBtiB,GACvB/Q,EAAOqzB,GAAmB0C,GAAU/1B,EAAMyD,GAAWsN,KACrD1T,EAAIg2B,GAAmBh2B,GACnB2C,GAAQ+Q,EACV,MAAUrW,MAAM,2CAElB,OAAOm6B,GAAmBrB,GAAOxzB,EAAM3C,EAAG0T,GAAI,KAAMtN,GAAWsN,GACjE,CAvPS0nB,CAAUz4B,EAAM+Q,EAAG1T,EAC5B,WA4CO5B,eAAwB2Z,EAAM/X,GAInC,GAHAA,EAAIgjB,OAAOhjB,GAGP4S,EAAKoF,eAAgB,CACvB,MAAMqjB,EAAY,CAChBt3B,KAAM,oBACNu3B,cAAevjB,EACfwjB,eAAgB/D,GAAmBx3B,GACnCyJ,KAAM,CACJ1F,KAAM,UAGJy3B,QAAgBvjB,GAAUwjB,YAAYJ,GAAW,EAAM,CAAC,OAAQ,WAMtE,OAAOb,SAFWviB,GAAUyjB,UAAU,MAAOF,EAAQlsB,YAE5BtP,EAC7B,CAAS,GAAI4S,EAAKwF,gBAAiB,CAC/B,MAAMoT,EAAO,CACX8P,cAAevjB,EACfwjB,eAAgBtE,GAAej3B,GAC/B27B,kBAAmB,CAAE5rB,KAAM,QAAS2qB,OAAQ,OAC5CkB,mBAAoB,CAAE7rB,KAAM,QAAS2qB,OAAQ,QAEzCD,QAAY,IAAIz+B,SAAQ,CAACC,EAASC,KACtC6jB,GAAW8b,gBAAgB,MAAOrQ,GAAM,CAAC4G,EAAKpK,EAAG8T,KAC3C1J,EACFl2B,EAAOk2B,GAEPn2B,EAAQ6/B,EAClB,GACQ,IAEJ,OAAOtB,GAAaC,EAAKz6B,EAC7B,CAKE,IAAIkpB,EACAxJ,EACAhM,EACJ,GACEgM,EAAIqY,GAAoBhgB,GAAQA,GAAQ,GAAI/X,EAAG,IAC/CkpB,EAAI6O,GAAoBhgB,GAAQ,EAAG/X,EAAG,IACtC0T,EAAIwV,EAAIxJ,QACD2X,GAAU3jB,KAAOqE,GAE1B,MAAMgkB,GAAO7S,EAAI6M,KAAQrW,EAAIqW,IAM7B,OAJIrW,EAAIwJ,KACLA,EAAGxJ,GAAK,CAACA,EAAGwJ,IAGR,CACLxV,EAAG8jB,GAAmB9jB,GACtB1T,EAAGw3B,GAAmBx3B,GACtBmf,EAAGqY,GAAmBjB,GAAOv2B,EAAG+7B,IAChC7S,EAAGsO,GAAmBtO,GACtBxJ,EAAG8X,GAAmB9X,GAGtBoa,EAAGtC,GAAmBjB,GAAOrN,EAAGxJ,IAEpC,OA7KOthB,eAAoB49B,EAAUr5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAC3D,GAAI/vB,GAAK4X,kBAAkB2a,IAAatoB,EAAEhW,OAKxC,MAAUL,MAAM,8CAGlB,GAAIsF,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKoF,eACP,IACE,aA2NR5Z,eAAuB69B,EAAUt5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAQpD,MAAMW,QAAYZ,GAAanmB,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACxCtb,EAAO,CACXza,KAAM,oBACN0F,KAAM,CAAE1F,KAAMk4B,IAEVxvB,QAAYwL,GAAUmX,UAAU,MAAOqL,EAAKjc,GAAM,EAAO,CAAC,SAChE,OAAO,IAAIjhB,iBAAiB0a,GAAUikB,KAAK,oBAAqBzvB,EAAK9J,GACvE,CA1OqBw5B,CAAQ51B,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GAAWr5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAChF,CAAC,MAAO1H,GACPxf,EAAK0E,gBAAgB8a,EAC7B,MACW,GAAIxf,EAAKwF,gBACd,OAuONha,eAAwB49B,EAAUr5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACrD,MAAMoC,EAAOnc,GAAWqc,WAAW71B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC1DE,EAAKr9B,MAAM8D,GACXu5B,EAAK93B,MAEL,MAAMq2B,QAAYZ,GAAanmB,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,OAAO,IAAIv8B,WAAW2+B,EAAKA,KAAK,CAAEzvB,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,UACnE,CA9OassB,CAASL,EAAUr5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAGnD,OA4MF17B,eAAsB49B,EAAUtoB,EAAGyL,EAAGqa,GACpC9lB,EAAIsiB,GAAmBtiB,GACvB,MAAM0gB,EAAI4B,GAAmBuD,GAAWyC,EAAUxC,EAAQpzB,GAAWsN,KAErE,OADAyL,EAAI6W,GAAmB7W,GAChBqY,GAAmBrB,GAAO/B,EAAGjV,EAAGzL,GAAI,KAAMtN,GAAWsN,GAC9D,CAjNS4oB,CAAON,EAAUtoB,EAAGyL,EAAGqa,EAChC,iBAqKOp7B,eAA8BsV,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAMlD,GALApmB,EAAIsiB,GAAmBtiB,IACvBwV,EAAI8M,GAAmB9M,KACvBxJ,EAAIsW,GAAmBtW,MAGPhM,EACd,OAAO,EAGT,MAAM6oB,EAAMvZ,OAAO,GAGnB,GAAIiT,GAAI/M,GADR4Q,EAAI9D,GAAmB8D,IACRpa,KAAOsD,OAAO,GAC3B,OAAO,EAGThjB,EAAIg2B,GAAmBh2B,GACvBmf,EAAI6W,GAAmB7W,GAQvB,MACM3H,EAAIqgB,GAAoB0E,EAAKA,GADhBvZ,OAAOze,KAAK2P,MAAMmjB,GAAU3jB,GAAK,KAE9C8oB,EAAMhlB,EAAI2H,EAAInf,EAGpB,QADoBi2B,GAAIuG,EAAKtT,EAAI6M,MAASve,GAAKye,GAAIuG,EAAK9c,EAAIqW,MAASve,EAMvE,SA5LOpZ,eAAsB49B,EAAUr5B,EAAM+S,EAAGhC,EAAG1T,EAAGw5B,GACpD,GAAI72B,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKoF,eACP,IACE,aAuOR5Z,eAAyB69B,EAAUt5B,EAAM+S,EAAGhC,EAAG1T,GAC7C,MAAMy6B,EAAMF,GAAY7mB,EAAG1T,GACrByM,QAAYwL,GAAUmX,UAAU,MAAOqL,EAAK,CAChD12B,KAAM,oBACN0F,KAAM,CAAE1F,KAAOk4B,KACd,EAAO,CAAC,WACX,OAAOhkB,GAAUwkB,OAAO,oBAAqBhwB,EAAKiJ,EAAG/S,EACvD,CA9OqB+5B,CAAUn2B,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GAAWr5B,EAAM+S,EAAGhC,EAAG1T,EACzE,CAAC,MAAOoyB,GACPxf,EAAK0E,gBAAgB8a,EAC7B,MACW,GAAIxf,EAAKwF,gBACd,OA2ONha,eAA0B49B,EAAUr5B,EAAM+S,EAAGhC,EAAG1T,GAC9C,MAAMy6B,EAAMF,GAAY7mB,EAAG1T,GACrByM,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,SAEvC0sB,EAAS1c,GAAW4c,aAAap2B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC9DS,EAAO59B,MAAM8D,GACb85B,EAAOr4B,MAEP,IACE,OAAOq4B,EAAOA,OAAOhwB,EAAKiJ,EAC3B,CAAC,MAAO0c,GACP,OAAO,CACX,CACA,CAxPawK,CAAWZ,EAAUr5B,EAAM+S,EAAGhC,EAAG1T,GAG5C,OAmNF5B,eAAwB49B,EAAUtmB,EAAGhC,EAAG1T,EAAGw5B,GAIzC,GAHA9lB,EAAIsiB,GAAmBtiB,GACvBgC,EAAIsgB,GAAmBtgB,GACvB1V,EAAIg2B,GAAmBh2B,GACnB0V,GAAKhC,EACP,MAAUrW,MAAM,6CAElB,MAAMw/B,EAAMrF,GAAmBrB,GAAOzgB,EAAG1V,EAAG0T,GAAI,KAAMtN,GAAWsN,IAC3DopB,EAAMvD,GAAWyC,EAAUxC,EAAQpzB,GAAWsN,IACpD,OAAOd,EAAKoE,iBAAiB6lB,EAAKC,EACpC,CA7NSC,CAASf,EAAUtmB,EAAGhC,EAAG1T,EAAGw5B,EACrC,ICrEA,MAAMzD,GAAM/S,OAAO,6DAyCZ5kB,eAAuB4+B,EAAIC,EAAI/T,EAAG3R,EAAG2hB,GAO1C,OANA8D,EAAKhH,GAAmBgH,GACxBC,EAAKjH,GAAmBiH,GACxB/T,EAAI8M,GAAmB9M,GAIhB+P,GAAUzB,GADFvB,GAAIM,GAAOJ,GAAO6G,EAFjCzlB,EAAIye,GAAmBze,GAEiB2R,GAAIA,GAAK+T,EAAI/T,GACT,KAAM9iB,GAAW8iB,IAAKgQ,EACpE,UArCO96B,eAAuBuE,EAAMumB,EAAGyE,EAAGgJ,GACxCzN,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEvB,MACMvC,EAAI4B,GADK0C,GAAU/1B,EAAMyD,GAAW8iB,KAKpC5T,EAAIuiB,GAAoB9B,GAAK7M,EAAI6M,IACvC,MAAO,CACLiH,GAAIxF,GAAmBrB,GAAOxI,EAAGrY,EAAG4T,IACpC+T,GAAIzF,GAAmBvB,GAAIE,GAAOQ,EAAGrhB,EAAG4T,GAAKkL,EAAGlL,IAEpD,iBAiCO9qB,eAA8B8qB,EAAGyE,EAAGgJ,EAAGpf,GAM5C,GALA2R,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAGnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAIT,MAAMgU,EAAQla,OAAOqU,GAAUnO,IAE/B,GAAIgU,EADWla,OAAO,MAEpB,OAAO,EAOT,GAAImT,GAAOxI,EAAGzE,EAAI6M,GAAK7M,KAAO6M,GAC5B,OAAO,EAST,IAAInP,EAAM+G,EACN/vB,EAAIolB,OAAO,GACf,MAAMuZ,EAAMvZ,OAAO,GACbma,EAAYZ,GAAOvZ,OAAO,IAChC,KAAOplB,EAAIu/B,GAAW,CAEpB,GADAvW,EAAMqP,GAAIrP,EAAM+G,EAAGzE,GACftC,IAAQmP,GACV,OAAO,EAETn4B,GACJ,CAQE2Z,EAAIye,GAAmBze,GACvB,MAAMC,EAAIqgB,GAAoB0E,GAAQW,EAAQnH,GAAMwG,GAAOW,GAE3D,OAAIvG,IAAMR,GAAOxI,GADJzE,EAAI6M,IAAOve,EAAID,EACH2R,EAK3B,IC3IO,MAAMhR,GACXklB,GAAoB,iBAAPA,GAAmB,cAAeA,EAAKA,EAAG/kB,eAAYna,ECD/Dm/B,GAAO,CAAE,EASf,IAAIC,GAAK,SAASC,GAChB,IAAI3/B,EAAG4Z,EAAI,IAAIgmB,aAAa,IAC5B,GAAID,EAAM,IAAK3/B,EAAI,EAAGA,EAAI2/B,EAAK7/B,OAAQE,IAAK4Z,EAAE5Z,GAAK2/B,EAAK3/B,GACxD,OAAO4Z,CACT,EAGIimB,GAAc,WAAuB,MAAUpgC,MAAM,UAAa,EAElEqgC,GAAK,IAAIngC,WAAW,IAAKmgC,GAAG,GAAK,EAErC,IAAIC,GAAML,KACNM,GAAMN,GAAG,CAAC,IACVO,GAAUP,GAAG,CAAC,MAAQ,IACtBQ,GAAIR,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIS,GAAKT,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIU,GAAIV,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIW,GAAIX,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIY,GAAIZ,GAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAEpI,SAASa,GAAK5mB,EAAG3Z,EAAG0vB,EAAG8Q,GACrB7mB,EAAE3Z,GAAQ0vB,GAAK,GAAM,IACrB/V,EAAE3Z,EAAE,GAAM0vB,GAAK,GAAM,IACrB/V,EAAE3Z,EAAE,GAAM0vB,GAAM,EAAK,IACrB/V,EAAE3Z,EAAE,GAAS,IAAJ0vB,EACT/V,EAAE3Z,EAAE,GAAMwgC,GAAK,GAAO,IACtB7mB,EAAE3Z,EAAE,GAAMwgC,GAAK,GAAO,IACtB7mB,EAAE3Z,EAAE,GAAMwgC,GAAM,EAAM,IACtB7mB,EAAE3Z,EAAE,GAAS,IAAJwgC,CACX,CAQA,SAASC,GAAiB9mB,EAAG+mB,EAAI3H,EAAG4H,GAClC,OAPF,SAAYhnB,EAAG+mB,EAAI3H,EAAG4H,EAAI7qB,GACxB,IAAI9V,EAAEuhB,EAAI,EACV,IAAKvhB,EAAI,EAAGA,EAAI8V,EAAG9V,IAAKuhB,GAAK5H,EAAE+mB,EAAG1gC,GAAG+4B,EAAE4H,EAAG3gC,GAC1C,OAAQ,EAAMuhB,EAAI,IAAO,GAAM,CACjC,CAGSqf,CAAGjnB,EAAE+mB,EAAG3H,EAAE4H,EAAG,GACtB,CAEA,SAASE,GAASjnB,EAAG6C,GACnB,IAAIzc,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAU,EAALyc,EAAEzc,EACpC,CAEA,SAAS8gC,GAAS/S,GAChB,IAAI/tB,EAAG+X,EAAGuJ,EAAI,EACd,IAAKthB,EAAI,EAAGA,EAAI,GAAIA,IAClB+X,EAAIgW,EAAE/tB,GAAKshB,EAAI,MACfA,EAAI3a,KAAK2P,MAAMyB,EAAI,OACnBgW,EAAE/tB,GAAK+X,EAAQ,MAAJuJ,EAEbyM,EAAE,IAAMzM,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAASyf,GAASzV,EAAGxJ,EAAG9L,GAEtB,IADA,IAAI6D,EAAGyH,IAAMtL,EAAE,GACNhW,EAAI,EAAGA,EAAI,GAAIA,IACtB6Z,EAAIyH,GAAKgK,EAAEtrB,GAAK8hB,EAAE9hB,IAClBsrB,EAAEtrB,IAAM6Z,EACRiI,EAAE9hB,IAAM6Z,CAEZ,CAEA,SAASmnB,GAAUjT,EAAGjY,GACpB,IAAI9V,EAAGsY,EAAGtC,EACNwgB,EAAIkJ,KAAM7lB,EAAI6lB,KAClB,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAK6Z,EAAE7Z,GAAK8V,EAAE9V,GAIlC,IAHA8gC,GAASjnB,GACTinB,GAASjnB,GACTinB,GAASjnB,GACJvB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAke,EAAE,GAAK3c,EAAE,GAAK,MACT7Z,EAAI,EAAGA,EAAI,GAAIA,IAClBw2B,EAAEx2B,GAAK6Z,EAAE7Z,GAAK,OAAWw2B,EAAEx2B,EAAE,IAAI,GAAM,GACvCw2B,EAAEx2B,EAAE,IAAM,MAEZw2B,EAAE,IAAM3c,EAAE,IAAM,OAAW2c,EAAE,KAAK,GAAM,GACxCxgB,EAAKwgB,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACTuK,GAASlnB,EAAG2c,EAAG,EAAExgB,EACrB,CACE,IAAKhW,EAAI,EAAGA,EAAI,GAAIA,IAClB+tB,EAAE,EAAE/tB,GAAY,IAAP6Z,EAAE7Z,GACX+tB,EAAE,EAAE/tB,EAAE,GAAK6Z,EAAE7Z,IAAI,CAErB,CAEA,SAASihC,GAASxkB,EAAGzG,GACnB,IAAIsL,EAAI,IAAI3hB,WAAW,IAAK4hB,EAAI,IAAI5hB,WAAW,IAG/C,OAFAqhC,GAAU1f,EAAG7E,GACbukB,GAAUzf,EAAGvL,GACNyqB,GAAiBnf,EAAG,EAAGC,EAAG,EACnC,CAEA,SAAS2f,GAASzkB,GAChB,IAAI8E,EAAI,IAAI5hB,WAAW,IAEvB,OADAqhC,GAAUzf,EAAG9E,GACC,EAAP8E,EAAE,EACX,CAEA,SAAS4f,GAAYpT,EAAGjY,GACtB,IAAI9V,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAK8V,EAAE,EAAE9V,IAAM8V,EAAE,EAAE9V,EAAE,IAAM,GACtD+tB,EAAE,KAAO,KACX,CAEA,SAASqT,GAAErT,EAAGtR,EAAGzG,GACf,IAAK,IAAIhW,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAKyc,EAAEzc,GAAKgW,EAAEhW,EAC/C,CAEA,SAASqhC,GAAEtT,EAAGtR,EAAGzG,GACf,IAAK,IAAIhW,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAKyc,EAAEzc,GAAKgW,EAAEhW,EAC/C,CAEA,SAASshC,GAAEvT,EAAGtR,EAAGzG,GACf,IAAI+B,EAAGuJ,EACJ8K,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIgV,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAKltB,EAAE,GACPmtB,EAAKntB,EAAE,GACPotB,EAAKptB,EAAE,GACPqtB,EAAKrtB,EAAE,GACPstB,EAAKttB,EAAE,GACPutB,EAAKvtB,EAAE,GACPwtB,EAAKxtB,EAAE,GACPytB,EAAKztB,EAAE,GACP0tB,EAAK1tB,EAAE,GACP2tB,EAAK3tB,EAAE,GACP4tB,EAAM5tB,EAAE,IACR6tB,EAAM7tB,EAAE,IACR8tB,EAAM9tB,EAAE,IACR+tB,EAAM/tB,EAAE,IACRguB,EAAMhuB,EAAE,IACRiuB,EAAMjuB,EAAE,IAGVoW,IADArU,EAAI0E,EAAE,IACIymB,EACV7W,GAAMtU,EAAIorB,EACV7W,GAAMvU,EAAIqrB,EACV7W,GAAMxU,EAAIsrB,EACV9B,GAAMxpB,EAAIurB,EACV9B,GAAMzpB,EAAIwrB,EACV9B,GAAM1pB,EAAIyrB,EACV9B,GAAM3pB,EAAI0rB,EACV9B,GAAM5pB,EAAI2rB,EACV9B,GAAM7pB,EAAI4rB,EACV9B,GAAO9pB,EAAI6rB,EACX9B,GAAO/pB,EAAI8rB,EACX9B,GAAOhqB,EAAI+rB,EACX9B,GAAOjqB,EAAIgsB,EACX9B,GAAOlqB,EAAIisB,EACX9B,GAAOnqB,EAAIksB,EAEX5X,IADAtU,EAAI0E,EAAE,IACIymB,EACV5W,GAAMvU,EAAIorB,EACV5W,GAAMxU,EAAIqrB,EACV7B,GAAMxpB,EAAIsrB,EACV7B,GAAMzpB,EAAIurB,EACV7B,GAAM1pB,EAAIwrB,EACV7B,GAAM3pB,EAAIyrB,EACV7B,GAAM5pB,EAAI0rB,EACV7B,GAAM7pB,EAAI2rB,EACV7B,GAAO9pB,EAAI4rB,EACX7B,GAAO/pB,EAAI6rB,EACX7B,GAAOhqB,EAAI8rB,EACX7B,GAAOjqB,EAAI+rB,EACX7B,GAAOlqB,EAAIgsB,EACX7B,GAAOnqB,EAAIisB,EACX7B,GAAOpqB,EAAIksB,EAEX3X,IADAvU,EAAI0E,EAAE,IACIymB,EACV3W,GAAMxU,EAAIorB,EACV5B,GAAMxpB,EAAIqrB,EACV5B,GAAMzpB,EAAIsrB,EACV5B,GAAM1pB,EAAIurB,EACV5B,GAAM3pB,EAAIwrB,EACV5B,GAAM5pB,EAAIyrB,EACV5B,GAAM7pB,EAAI0rB,EACV5B,GAAO9pB,EAAI2rB,EACX5B,GAAO/pB,EAAI4rB,EACX5B,GAAOhqB,EAAI6rB,EACX5B,GAAOjqB,EAAI8rB,EACX5B,GAAOlqB,EAAI+rB,EACX5B,GAAOnqB,EAAIgsB,EACX5B,GAAOpqB,EAAIisB,EACX5B,GAAOrqB,EAAIksB,EAEX1X,IADAxU,EAAI0E,EAAE,IACIymB,EACV3B,GAAMxpB,EAAIorB,EACV3B,GAAMzpB,EAAIqrB,EACV3B,GAAM1pB,EAAIsrB,EACV3B,GAAM3pB,EAAIurB,EACV3B,GAAM5pB,EAAIwrB,EACV3B,GAAM7pB,EAAIyrB,EACV3B,GAAO9pB,EAAI0rB,EACX3B,GAAO/pB,EAAI2rB,EACX3B,GAAOhqB,EAAI4rB,EACX3B,GAAOjqB,EAAI6rB,EACX3B,GAAOlqB,EAAI8rB,EACX3B,GAAOnqB,EAAI+rB,EACX3B,GAAOpqB,EAAIgsB,EACX3B,GAAOrqB,EAAIisB,EACX3B,GAAOtqB,EAAIksB,EAEX1C,IADAxpB,EAAI0E,EAAE,IACIymB,EACV1B,GAAMzpB,EAAIorB,EACV1B,GAAM1pB,EAAIqrB,EACV1B,GAAM3pB,EAAIsrB,EACV1B,GAAM5pB,EAAIurB,EACV1B,GAAM7pB,EAAIwrB,EACV1B,GAAO9pB,EAAIyrB,EACX1B,GAAO/pB,EAAI0rB,EACX1B,GAAOhqB,EAAI2rB,EACX1B,GAAOjqB,EAAI4rB,EACX1B,GAAOlqB,EAAI6rB,EACX1B,GAAOnqB,EAAI8rB,EACX1B,GAAOpqB,EAAI+rB,EACX1B,GAAOrqB,EAAIgsB,EACX1B,GAAOtqB,EAAIisB,EACX1B,GAAOvqB,EAAIksB,EAEXzC,IADAzpB,EAAI0E,EAAE,IACIymB,EACVzB,GAAM1pB,EAAIorB,EACVzB,GAAM3pB,EAAIqrB,EACVzB,GAAM5pB,EAAIsrB,EACVzB,GAAM7pB,EAAIurB,EACVzB,GAAO9pB,EAAIwrB,EACXzB,GAAO/pB,EAAIyrB,EACXzB,GAAOhqB,EAAI0rB,EACXzB,GAAOjqB,EAAI2rB,EACXzB,GAAOlqB,EAAI4rB,EACXzB,GAAOnqB,EAAI6rB,EACXzB,GAAOpqB,EAAI8rB,EACXzB,GAAOrqB,EAAI+rB,EACXzB,GAAOtqB,EAAIgsB,EACXzB,GAAOvqB,EAAIisB,EACXzB,GAAOxqB,EAAIksB,EAEXxC,IADA1pB,EAAI0E,EAAE,IACIymB,EACVxB,GAAM3pB,EAAIorB,EACVxB,GAAM5pB,EAAIqrB,EACVxB,GAAM7pB,EAAIsrB,EACVxB,GAAO9pB,EAAIurB,EACXxB,GAAO/pB,EAAIwrB,EACXxB,GAAOhqB,EAAIyrB,EACXxB,GAAOjqB,EAAI0rB,EACXxB,GAAOlqB,EAAI2rB,EACXxB,GAAOnqB,EAAI4rB,EACXxB,GAAOpqB,EAAI6rB,EACXxB,GAAOrqB,EAAI8rB,EACXxB,GAAOtqB,EAAI+rB,EACXxB,GAAOvqB,EAAIgsB,EACXxB,GAAOxqB,EAAIisB,EACXxB,GAAOzqB,EAAIksB,EAEXvC,IADA3pB,EAAI0E,EAAE,IACIymB,EACVvB,GAAM5pB,EAAIorB,EACVvB,GAAM7pB,EAAIqrB,EACVvB,GAAO9pB,EAAIsrB,EACXvB,GAAO/pB,EAAIurB,EACXvB,GAAOhqB,EAAIwrB,EACXvB,GAAOjqB,EAAIyrB,EACXvB,GAAOlqB,EAAI0rB,EACXvB,GAAOnqB,EAAI2rB,EACXvB,GAAOpqB,EAAI4rB,EACXvB,GAAOrqB,EAAI6rB,EACXvB,GAAOtqB,EAAI8rB,EACXvB,GAAOvqB,EAAI+rB,EACXvB,GAAOxqB,EAAIgsB,EACXvB,GAAOzqB,EAAIisB,EACXvB,GAAO1qB,EAAIksB,EAEXtC,IADA5pB,EAAI0E,EAAE,IACIymB,EACVtB,GAAM7pB,EAAIorB,EACVtB,GAAO9pB,EAAIqrB,EACXtB,GAAO/pB,EAAIsrB,EACXtB,GAAOhqB,EAAIurB,EACXtB,GAAOjqB,EAAIwrB,EACXtB,GAAOlqB,EAAIyrB,EACXtB,GAAOnqB,EAAI0rB,EACXtB,GAAOpqB,EAAI2rB,EACXtB,GAAOrqB,EAAI4rB,EACXtB,GAAOtqB,EAAI6rB,EACXtB,GAAOvqB,EAAI8rB,EACXtB,GAAOxqB,EAAI+rB,EACXtB,GAAOzqB,EAAIgsB,EACXtB,GAAO1qB,EAAIisB,EACXtB,GAAO3qB,EAAIksB,EAEXrC,IADA7pB,EAAI0E,EAAE,IACIymB,EACVrB,GAAO9pB,EAAIorB,EACXrB,GAAO/pB,EAAIqrB,EACXrB,GAAOhqB,EAAIsrB,EACXrB,GAAOjqB,EAAIurB,EACXrB,GAAOlqB,EAAIwrB,EACXrB,GAAOnqB,EAAIyrB,EACXrB,GAAOpqB,EAAI0rB,EACXrB,GAAOrqB,EAAI2rB,EACXrB,GAAOtqB,EAAI4rB,EACXrB,GAAOvqB,EAAI6rB,EACXrB,GAAOxqB,EAAI8rB,EACXrB,GAAOzqB,EAAI+rB,EACXrB,GAAO1qB,EAAIgsB,EACXrB,GAAO3qB,EAAIisB,EACXrB,GAAO5qB,EAAIksB,EAEXpC,IADA9pB,EAAI0E,EAAE,KACKymB,EACXpB,GAAO/pB,EAAIorB,EACXpB,GAAOhqB,EAAIqrB,EACXpB,GAAOjqB,EAAIsrB,EACXpB,GAAOlqB,EAAIurB,EACXpB,GAAOnqB,EAAIwrB,EACXpB,GAAOpqB,EAAIyrB,EACXpB,GAAOrqB,EAAI0rB,EACXpB,GAAOtqB,EAAI2rB,EACXpB,GAAOvqB,EAAI4rB,EACXpB,GAAOxqB,EAAI6rB,EACXpB,GAAOzqB,EAAI8rB,EACXpB,GAAO1qB,EAAI+rB,EACXpB,GAAO3qB,EAAIgsB,EACXpB,GAAO5qB,EAAIisB,EACXpB,GAAO7qB,EAAIksB,EAEXnC,IADA/pB,EAAI0E,EAAE,KACKymB,EACXnB,GAAOhqB,EAAIorB,EACXnB,GAAOjqB,EAAIqrB,EACXnB,GAAOlqB,EAAIsrB,EACXnB,GAAOnqB,EAAIurB,EACXnB,GAAOpqB,EAAIwrB,EACXnB,GAAOrqB,EAAIyrB,EACXnB,GAAOtqB,EAAI0rB,EACXnB,GAAOvqB,EAAI2rB,EACXnB,GAAOxqB,EAAI4rB,EACXnB,GAAOzqB,EAAI6rB,EACXnB,GAAO1qB,EAAI8rB,EACXnB,GAAO3qB,EAAI+rB,EACXnB,GAAO5qB,EAAIgsB,EACXnB,GAAO7qB,EAAIisB,EACXnB,GAAO9qB,EAAIksB,EAEXlC,IADAhqB,EAAI0E,EAAE,KACKymB,EACXlB,GAAOjqB,EAAIorB,EACXlB,GAAOlqB,EAAIqrB,EACXlB,GAAOnqB,EAAIsrB,EACXlB,GAAOpqB,EAAIurB,EACXlB,GAAOrqB,EAAIwrB,EACXlB,GAAOtqB,EAAIyrB,EACXlB,GAAOvqB,EAAI0rB,EACXlB,GAAOxqB,EAAI2rB,EACXlB,GAAOzqB,EAAI4rB,EACXlB,GAAO1qB,EAAI6rB,EACXlB,GAAO3qB,EAAI8rB,EACXlB,GAAO5qB,EAAI+rB,EACXlB,GAAO7qB,EAAIgsB,EACXlB,GAAO9qB,EAAIisB,EACXlB,GAAO/qB,EAAIksB,EAEXjC,IADAjqB,EAAI0E,EAAE,KACKymB,EACXjB,GAAOlqB,EAAIorB,EACXjB,GAAOnqB,EAAIqrB,EACXjB,GAAOpqB,EAAIsrB,EACXjB,GAAOrqB,EAAIurB,EACXjB,GAAOtqB,EAAIwrB,EACXjB,GAAOvqB,EAAIyrB,EACXjB,GAAOxqB,EAAI0rB,EACXjB,GAAOzqB,EAAI2rB,EACXjB,GAAO1qB,EAAI4rB,EACXjB,GAAO3qB,EAAI6rB,EACXjB,GAAO5qB,EAAI8rB,EACXjB,GAAO7qB,EAAI+rB,EACXjB,GAAO9qB,EAAIgsB,EACXjB,GAAO/qB,EAAIisB,EACXjB,GAAOhrB,EAAIksB,EAEXhC,IADAlqB,EAAI0E,EAAE,KACKymB,EACXhB,GAAOnqB,EAAIorB,EACXhB,GAAOpqB,EAAIqrB,EACXhB,GAAOrqB,EAAIsrB,EACXhB,GAAOtqB,EAAIurB,EACXhB,GAAOvqB,EAAIwrB,EACXhB,GAAOxqB,EAAIyrB,EACXhB,GAAOzqB,EAAI0rB,EACXhB,GAAO1qB,EAAI2rB,EACXhB,GAAO3qB,EAAI4rB,EACXhB,GAAO5qB,EAAI6rB,EACXhB,GAAO7qB,EAAI8rB,EACXhB,GAAO9qB,EAAI+rB,EACXhB,GAAO/qB,EAAIgsB,EACXhB,GAAOhrB,EAAIisB,EACXhB,GAAOjrB,EAAIksB,EAEX/B,IADAnqB,EAAI0E,EAAE,KACKymB,EAkBX7W,GAAO,IAhBP+V,GAAOrqB,EAAIqrB,GAiBX9W,GAAO,IAhBP+V,GAAOtqB,EAAIsrB,GAiBX9W,GAAO,IAhBP+V,GAAOvqB,EAAIurB,GAiBX/B,GAAO,IAhBPgB,GAAOxqB,EAAIwrB,GAiBX/B,GAAO,IAhBPgB,GAAOzqB,EAAIyrB,GAiBX/B,GAAO,IAhBPgB,GAAO1qB,EAAI0rB,GAiBX/B,GAAO,IAhBPgB,GAAO3qB,EAAI2rB,GAiBX/B,GAAO,IAhBPgB,GAAO5qB,EAAI4rB,GAiBX/B,GAAO,IAhBPgB,GAAO7qB,EAAI6rB,GAiBX/B,GAAO,IAhBPgB,GAAO9qB,EAAI8rB,GAiBX/B,GAAO,IAhBPgB,GAAO/qB,EAAI+rB,GAiBX/B,GAAO,IAhBPgB,GAAOhrB,EAAIgsB,GAiBX/B,GAAO,IAhBPgB,GAAOjrB,EAAIisB,GAiBX/B,GAAO,IAhBPgB,GAAOlrB,EAAIksB,GAqBsC7X,GAAjDrU,GAnBAqU,GAAO,IAhBP+V,GAAOpqB,EAAIorB,KAkCX7hB,EAAI,GACU,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS6pB,GAAjD7pB,EAAK6pB,EAAKtgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQmqB,GAAhDnqB,EAAImqB,EAAM5gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QAKSqU,GAAjDrU,GAJAqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACS6pB,GAAjD7pB,EAAK6pB,EAAKtgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACQmqB,GAAhDnqB,EAAImqB,EAAM5gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK2P,MAAMyB,EAAI,QACxCqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,GAEpByM,EAAG,GAAK3B,EACR2B,EAAG,GAAK1B,EACR0B,EAAG,GAAKzB,EACRyB,EAAG,GAAKxB,EACRwB,EAAG,GAAKwT,EACRxT,EAAG,GAAKyT,EACRzT,EAAG,GAAK0T,EACR1T,EAAG,GAAK2T,EACR3T,EAAG,GAAK4T,EACR5T,EAAG,GAAK6T,EACR7T,EAAE,IAAM8T,EACR9T,EAAE,IAAM+T,EACR/T,EAAE,IAAMgU,EACRhU,EAAE,IAAMiU,EACRjU,EAAE,IAAMkU,EACRlU,EAAE,IAAMmU,CACV,CAEA,SAASnM,GAAEhI,EAAGtR,GACZ6kB,GAAEvT,EAAGtR,EAAGA,EACV,CAEA,SAASynB,GAASnW,EAAG/tB,GACnB,IACIyc,EADA6E,EAAIoe,KAER,IAAKjjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKzc,EAAEyc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAiB,IAANA,GAAS6kB,GAAEhgB,EAAGA,EAAGthB,GAEjC,IAAKyc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAaA,SAAS0nB,GAAkBriB,EAAGhM,EAAGwV,GAC/B,IAC8B1R,EAAG5Z,EAD7BokC,EAAI,IAAIzkC,WAAW,IACnBga,EAAI,IAAIimB,aAAa,IACrBnjB,EAAIijB,KAAM1pB,EAAI0pB,KAAMpe,EAAIoe,KACxBne,EAAIme,KAAMt9B,EAAIs9B,KAAM2E,EAAI3E,KAC5B,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAKokC,EAAEpkC,GAAK8V,EAAE9V,GAIlC,IAHAokC,EAAE,IAAW,IAANtuB,EAAE,IAAS,GAClBsuB,EAAE,IAAI,IACNjD,GAAYxnB,EAAE2R,GACTtrB,EAAI,EAAGA,EAAI,GAAIA,IAClBgW,EAAEhW,GAAG2Z,EAAE3Z,GACPuhB,EAAEvhB,GAAGyc,EAAEzc,GAAGshB,EAAEthB,GAAG,EAGjB,IADAyc,EAAE,GAAG8E,EAAE,GAAG,EACLvhB,EAAE,IAAKA,GAAG,IAAKA,EAElB+gC,GAAStkB,EAAEzG,EADX4D,EAAGwqB,EAAEpkC,IAAI,MAAQ,EAAFA,GAAM,GAErB+gC,GAASzf,EAAEC,EAAE3H,GACbwnB,GAAEh/B,EAAEqa,EAAE6E,GACN+f,GAAE5kB,EAAEA,EAAE6E,GACN8f,GAAE9f,EAAEtL,EAAEuL,GACN8f,GAAErrB,EAAEA,EAAEuL,GACNwU,GAAExU,EAAEnf,GACJ2zB,GAAEsO,EAAE5nB,GACJ6kB,GAAE7kB,EAAE6E,EAAE7E,GACN6kB,GAAEhgB,EAAEtL,EAAE5T,GACNg/B,GAAEh/B,EAAEqa,EAAE6E,GACN+f,GAAE5kB,EAAEA,EAAE6E,GACNyU,GAAE/f,EAAEyG,GACJ4kB,GAAE/f,EAAEC,EAAE8iB,GACN/C,GAAE7kB,EAAE6E,EAAE2e,IACNmB,GAAE3kB,EAAEA,EAAE8E,GACN+f,GAAEhgB,EAAEA,EAAE7E,GACN6kB,GAAE7kB,EAAE8E,EAAE8iB,GACN/C,GAAE/f,EAAEvL,EAAE2D,GACNoc,GAAE/f,EAAE5T,GACJ2+B,GAAStkB,EAAEzG,EAAE4D,GACbmnB,GAASzf,EAAEC,EAAE3H,GAEf,IAAK5Z,EAAI,EAAGA,EAAI,GAAIA,IAClB2Z,EAAE3Z,EAAE,IAAIyc,EAAEzc,GACV2Z,EAAE3Z,EAAE,IAAIshB,EAAEthB,GACV2Z,EAAE3Z,EAAE,IAAIgW,EAAEhW,GACV2Z,EAAE3Z,EAAE,IAAIuhB,EAAEvhB,GAEZ,IAAIskC,EAAM3qB,EAAEzS,SAAS,IACjBq9B,EAAM5qB,EAAEzS,SAAS,IAIrB,OAHAg9B,GAASI,EAAIA,GACbhD,GAAEiD,EAAIA,EAAID,GACVtD,GAAUlf,EAAEyiB,GACL,CACT,CAEA,SAASC,GAAuB1iB,EAAGhM,GACjC,OAAOquB,GAAkBriB,EAAGhM,EAAGgqB,GACjC,CAOA,IAAI2E,GAAI,CACN,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,GAAqBhjB,EAAIijB,EAAInO,EAAG1gB,GAyBvC,IAxBA,IACI8uB,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAIC,EAAI7lC,EAAGsY,EAAGoX,EAAG8Q,EAAG/jB,EAAGzG,EAAGsL,EAAGC,EAH7B+D,EAAK,IAAIwgB,WAAW,IAAKtgB,EAAK,IAAIsgB,WAAW,IAK7CC,EAAMrkB,EAAG,GACTskB,EAAMtkB,EAAG,GACTukB,EAAMvkB,EAAG,GACTwkB,EAAMxkB,EAAG,GACTykB,EAAMzkB,EAAG,GACT0kB,EAAM1kB,EAAG,GACT2kB,EAAM3kB,EAAG,GACT4kB,EAAM5kB,EAAG,GAET6kB,EAAM5B,EAAG,GACT6B,EAAM7B,EAAG,GACT8B,EAAM9B,EAAG,GACT+B,EAAM/B,EAAG,GACTgC,EAAMhC,EAAG,GACTiC,EAAMjC,EAAG,GACTkC,EAAMlC,EAAG,GACTmC,EAAMnC,EAAG,GAETzkC,EAAM,EACH4V,GAAK,KAAK,CACf,IAAK9V,EAAI,EAAGA,EAAI,GAAIA,IAClBsY,EAAI,EAAItY,EAAIE,EACZolB,EAAGtlB,GAAMw2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAC9DkN,EAAGxlB,GAAMw2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAEhE,IAAKtY,EAAI,EAAGA,EAAI,GAAIA,IA+HlB,GA9HA4kC,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAENlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAMNrqB,EAAQ,OAFR+jB,EAAIsG,GAEY9wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI4W,GAIY/kB,EAAImO,IAAM,GAM1BjT,GAAS,OAFT+jB,GAAMmG,IAAQ,GAAOR,GAAQ,KAAaQ,IAAQ,GAAOR,GAAQ,KAAaA,IAAG,EAAiBQ,GAAG,KAEpF3wB,GAAKwqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMyW,IAAQ,GAAOQ,GAAQ,KAAaR,IAAQ,GAAOQ,GAAQ,KAAaA,IAAG,EAAiBR,GAAG,KAIpF5kB,GAAKmO,IAAM,GAM5BjT,GAAS,OAFT+jB,EAAKmG,EAAMC,GAASD,EAAME,GAET7wB,GAAKwqB,IAAM,GAC5Blf,GAAS,OAJToO,EAAKyW,EAAMC,GAASD,EAAME,GAIT9kB,GAAKmO,IAAM,GAG5BA,EAAI+U,GAAI,EAAFzkC,GAGNyc,GAAS,OAFT+jB,EAAIiE,GAAI,EAAFzkC,EAAI,IAEOgW,GAAKwqB,IAAM,GAC5Blf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BA,EAAIpK,EAAGtlB,EAAE,IAGQgW,IAFjBwqB,EAAIhb,EAAGxlB,EAAE,OAEmB,GAC5BshB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BpO,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,GAUX/jB,EAAQ,OAFR+jB,EAJAqF,EAAS,MAAJppB,EAAazG,GAAK,IAMPA,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAJAkW,EAAS,MAAJtkB,GAFLC,GAAKD,IAAM,KAEY,IAQPC,EAAImO,IAAM,GAM1BjT,GAAS,OAFT+jB,GAAM+F,IAAQ,GAAOR,GAAG,IAAkBA,IAAG,EAAiBQ,GAAQ,KAAkBR,IAAG,EAAiBQ,GAAG,KAE9FvwB,GAAKwqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMqW,IAAQ,GAAOQ,GAAG,IAAkBA,IAAG,EAAiBR,GAAQ,KAAkBQ,IAAG,EAAiBR,GAAG,KAI9FxkB,GAAKmO,IAAM,GAMX1Z,IAFjBwqB,EAAK+F,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,KAEX,GAC5BnlB,GAAS,OAJToO,EAAKqW,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,GAItB1kB,GAAKmO,IAAM,GAM5ByV,EAAW,OAHX7jB,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,KACXjf,GAAKD,IAAM,KAEgB,GAC3BqkB,EAAW,MAAJlpB,EAAezG,GAAK,GAM3ByG,EAAQ,OAFR+jB,EAAI+E,GAEYvvB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIqV,GAIYxjB,EAAImO,IAAM,GAKT1Z,IAFjBwqB,EAAIqF,KAEwB,GAC5BvkB,GAAS,OAJToO,EAAIkW,GAIarkB,GAAKmO,IAAM,GAS5BsW,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EANApB,EAAW,OAHXzjB,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,KACXjf,GAAKD,IAAM,KAEgB,GAO3B8kB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAENqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAdApB,EAAW,MAAJ9oB,EAAezG,GAAK,GAe3B4wB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAEF3lC,EAAE,IAAO,GACX,IAAKsY,EAAI,EAAGA,EAAI,GAAIA,IAElBoX,EAAIpK,EAAGhN,GAGPmE,EAAQ,OAFR+jB,EAAIhb,EAAGlN,IAEStC,EAAIwqB,IAAM,GAC1Blf,EAAQ,MAAJoO,EAAYnO,EAAImO,IAAM,GAE1BA,EAAIpK,GAAIhN,EAAE,GAAG,IAGbmE,GAAS,OAFT+jB,EAAIhb,GAAIlN,EAAE,GAAG,KAEItC,GAAKwqB,IAAM,GAC5Blf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BkW,EAAKtgB,GAAIhN,EAAE,GAAG,IAKdmE,GAAS,OAFT+jB,IAFAqF,EAAKrgB,GAAIlN,EAAE,GAAG,OAED,EAAMstB,QAAmBC,IAAO,EAAMD,GAAE,KAAiBC,IAAO,EAAMD,GAAO,KAEzE5vB,GAAKwqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMkW,IAAO,EAAMC,GAAO,KAAYD,IAAO,EAAMC,OAAkBD,IAAO,GAI3DrkB,GAAKmO,IAAM,GAG5BkW,EAAKtgB,GAAIhN,EAAE,IAAI,IAKEtC,IAFjBwqB,IAFAqF,EAAKrgB,GAAIlN,EAAE,IAAI,OAEF,GAAOstB,GAAO,KAAaA,IAAQ,GAAWC,GAAO,IAAkBA,IAAO,EAAMD,GAAE,OAEvE,GAC5BtkB,GAAS,OAJToO,GAAMkW,IAAO,GAAOC,GAAE,KAAkBA,IAAE,GAAiBD,GAAO,GAAiBA,IAAO,GAIzErkB,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEXlb,EAAGhN,GAAU,MAAJgJ,EAAeC,GAAK,GAC7BiE,EAAGlN,GAAU,MAAJmE,EAAezG,GAAK,GASnCyG,EAAQ,OAFR+jB,EAAI+F,GAEYvwB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIqW,GAIYxkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKqkB,EAAW,MAAJzkB,EAAeC,GAAK,GACnCojB,EAAG,GAAK4B,EAAW,MAAJ9pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIgG,GAEYxwB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIsW,GAIYzkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKskB,EAAW,MAAJ1kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK6B,EAAW,MAAJ/pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIiG,GAEYzwB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIuW,GAIY1kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKukB,EAAW,MAAJ3kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK8B,EAAW,MAAJhqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIkG,GAEY1wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIwW,GAIY3kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKwkB,EAAW,MAAJ5kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK+B,EAAW,MAAJjqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAImG,GAEY3wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIyW,GAIY5kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKykB,EAAW,MAAJ7kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKgC,EAAW,MAAJlqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIoG,GAEY5wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI0W,GAIY7kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK0kB,EAAW,MAAJ9kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKiC,EAAW,MAAJnqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIqG,GAEY7wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK2kB,EAAW,MAAJ/kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKkC,EAAW,MAAJpqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR+jB,EAAIsG,GAEY9wB,EAAIwqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI4W,GAIY/kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBwqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ+jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK4kB,EAAW,MAAJhlB,EAAeC,GAAK,GACnCojB,EAAG,GAAKmC,EAAW,MAAJrqB,EAAezG,GAAK,GAEnC9V,GAAO,IACP4V,GAAK,GACT,CAEE,OAAOA,CACT,CAEA,SAASixB,GAAY9iB,EAAKuS,EAAG1gB,GAC3B,IAGI9V,EAHA0hB,EAAK,IAAIokB,WAAW,GACpBnB,EAAK,IAAImB,WAAW,GACpBnsB,EAAI,IAAIha,WAAW,KAChBqW,EAAIF,EAuBX,IArBA4L,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WAERijB,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UAERD,GAAqBhjB,EAAIijB,EAAInO,EAAG1gB,GAChCA,GAAK,IAEA9V,EAAI,EAAGA,EAAI8V,EAAG9V,IAAK2Z,EAAE3Z,GAAKw2B,EAAExgB,EAAEF,EAAE9V,GAQrC,IAPA2Z,EAAE7D,GAAK,IAGP6D,GADA7D,EAAI,IAAI,KAAKA,EAAE,IAAI,EAAE,IACjB,GAAK,EACTyqB,GAAK5mB,EAAG7D,EAAE,EAAKE,EAAI,UAAc,EAAGA,GAAK,GACzC0uB,GAAqBhjB,EAAIijB,EAAIhrB,EAAG7D,GAE3B9V,EAAI,EAAGA,EAAI,EAAGA,IAAKugC,GAAKtc,EAAK,EAAEjkB,EAAG0hB,EAAG1hB,GAAI2kC,EAAG3kC,IAEjD,OAAO,CACT,CAEA,SAASmC,GAAImpB,EAAGxJ,GACd,IAAIrF,EAAIijB,KAAM1pB,EAAI0pB,KAAMpe,EAAIoe,KACxBne,EAAIme,KAAMt9B,EAAIs9B,KAAM2E,EAAI3E,KACxB3P,EAAI2P,KAAMhQ,EAAIgQ,KAAM7lB,EAAI6lB,KAE5B2B,GAAE5kB,EAAG6O,EAAE,GAAIA,EAAE,IACb+V,GAAExnB,EAAGiI,EAAE,GAAIA,EAAE,IACbwf,GAAE7kB,EAAGA,EAAG5C,GACRunB,GAAEprB,EAAGsV,EAAE,GAAIA,EAAE,IACb8V,GAAEvnB,EAAGiI,EAAE,GAAIA,EAAE,IACbwf,GAAEtrB,EAAGA,EAAG6D,GACRynB,GAAEhgB,EAAGgK,EAAE,GAAIxJ,EAAE,IACbwf,GAAEhgB,EAAGA,EAAG6e,IACRmB,GAAE/f,EAAG+J,EAAE,GAAIxJ,EAAE,IACbsf,GAAE7f,EAAGA,EAAGA,GACR8f,GAAEj/B,EAAG4T,EAAGyG,GACR4kB,GAAEgD,EAAG9iB,EAAGD,GACR8f,GAAErR,EAAGxO,EAAGD,GACR8f,GAAE1R,EAAG1Z,EAAGyG,GAER6kB,GAAEhW,EAAE,GAAIlpB,EAAGiiC,GACX/C,GAAEhW,EAAE,GAAIoE,EAAGK,GACXuR,GAAEhW,EAAE,GAAIyE,EAAGsU,GACX/C,GAAEhW,EAAE,GAAIlpB,EAAGstB,EACb,CAEA,SAASsX,GAAM1b,EAAGxJ,EAAG9L,GACnB,IAAIhW,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB+gC,GAASzV,EAAEtrB,GAAI8hB,EAAE9hB,GAAIgW,EAEzB,CAEA,SAASixB,GAAKrtB,EAAG0R,GACf,IAAI4b,EAAKxH,KAAMyH,EAAKzH,KAAM0H,EAAK1H,KAC/BwE,GAASkD,EAAI9b,EAAE,IACfgW,GAAE4F,EAAI5b,EAAE,GAAI8b,GACZ9F,GAAE6F,EAAI7b,EAAE,GAAI8b,GACZpG,GAAUpnB,EAAGutB,GACbvtB,EAAE,KAAOsnB,GAASgG,IAAO,CAC3B,CAEA,SAASG,GAAW/b,EAAGxJ,EAAGhK,GACxB,IAAI9B,EAAGhW,EAKP,IAJA6gC,GAASvV,EAAE,GAAIyU,IACfc,GAASvV,EAAE,GAAI0U,IACfa,GAASvV,EAAE,GAAI0U,IACfa,GAASvV,EAAE,GAAIyU,IACV//B,EAAI,IAAKA,GAAK,IAAKA,EAEtBgnC,GAAM1b,EAAGxJ,EADT9L,EAAK8B,EAAG9X,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BmC,GAAI2f,EAAGwJ,GACPnpB,GAAImpB,EAAGA,GACP0b,GAAM1b,EAAGxJ,EAAG9L,EAEhB,CAEA,SAASsxB,GAAWhc,EAAGxT,GACrB,IAAIgK,EAAI,CAAC4d,KAAMA,KAAMA,KAAMA,MAC3BmB,GAAS/e,EAAE,GAAIse,IACfS,GAAS/e,EAAE,GAAIue,IACfQ,GAAS/e,EAAE,GAAIke,IACfsB,GAAExf,EAAE,GAAIse,GAAGC,IACXgH,GAAW/b,EAAGxJ,EAAGhK,EACnB,CAEA,SAASyvB,GAAoBC,EAAIC,EAAIC,GACnC,IAEI1nC,EAFAuhB,EAAI,IAAI5hB,WAAW,IACnB2rB,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MAY3B,IATKgI,GAAQ7H,GAAY4H,EAAI,IAC7BV,GAAYxlB,EAAGkmB,EAAI,IACnBlmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET+lB,GAAWhc,EAAG/J,GACd0lB,GAAKO,EAAIlc,GAEJtrB,EAAI,EAAGA,EAAI,GAAIA,IAAKynC,EAAGznC,EAAE,IAAMwnC,EAAGxnC,GACvC,OAAO,CACT,CAEA,IAAI2nC,GAAI,IAAI/H,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgI,GAAKhuB,EAAGD,GACf,IAAI0P,EAAOrpB,EAAGsY,EAAGZ,EACjB,IAAK1X,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAqpB,EAAQ,EACH/Q,EAAItY,EAAI,GAAI0X,EAAI1X,EAAI,GAAIsY,EAAIZ,IAAKY,EACpCqB,EAAErB,IAAM+Q,EAAQ,GAAK1P,EAAE3Z,GAAK2nC,GAAErvB,GAAKtY,EAAI,KACvCqpB,EAAQ1iB,KAAK2P,OAAOqD,EAAErB,GAAK,KAAO,KAClCqB,EAAErB,IAAc,IAAR+Q,EAEV1P,EAAErB,IAAM+Q,EACR1P,EAAE3Z,GAAK,CACX,CAEE,IADAqpB,EAAQ,EACH/Q,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAErB,IAAM+Q,GAAS1P,EAAE,KAAO,GAAKguB,GAAErvB,GACjC+Q,EAAQ1P,EAAErB,IAAM,EAChBqB,EAAErB,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqB,EAAErB,IAAM+Q,EAAQse,GAAErvB,GAC3C,IAAKtY,EAAI,EAAGA,EAAI,GAAIA,IAClB2Z,EAAE3Z,EAAE,IAAM2Z,EAAE3Z,IAAM,EAClB4Z,EAAE5Z,GAAY,IAAP2Z,EAAE3Z,EAEb,CAEA,SAAS6nC,GAAOjuB,GACd,IAA8B5Z,EAA1B2Z,EAAI,IAAIimB,aAAa,IACzB,IAAK5/B,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK4Z,EAAE5Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK,EAChC4nC,GAAKhuB,EAAGD,EACV,CAsCA,SAASmuB,GAAUluB,EAAG0R,GACpB,IAAIzR,EAAI6lB,KAAMqI,EAAMrI,KAAM1X,EAAM0X,KAC5BsI,EAAMtI,KAAMuI,EAAOvI,KAAMwI,EAAOxI,KAChCyI,EAAOzI,KA2BX,OAzBAmB,GAASjnB,EAAE,GAAIomB,IACfmB,GAAYvnB,EAAE,GAAI0R,GAClByK,GAAE/N,EAAKpO,EAAE,IACT0nB,GAAE0G,EAAKhgB,EAAKkY,IACZmB,GAAErZ,EAAKA,EAAKpO,EAAE,IACdwnB,GAAE4G,EAAKpuB,EAAE,GAAIouB,GAEbjS,GAAEkS,EAAMD,GACRjS,GAAEmS,EAAMD,GACR3G,GAAE6G,EAAMD,EAAMD,GACd3G,GAAEznB,EAAGsuB,EAAMngB,GACXsZ,GAAEznB,EAAGA,EAAGmuB,GA/qBV,SAAiBja,EAAG/tB,GAClB,IACIyc,EADA6E,EAAIoe,KAER,IAAKjjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKzc,EAAEyc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAS6kB,GAAEhgB,EAAGA,EAAGthB,GAExB,IAAKyc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAwqBE2rB,CAAQvuB,EAAGA,GACXynB,GAAEznB,EAAGA,EAAGmO,GACRsZ,GAAEznB,EAAGA,EAAGmuB,GACR1G,GAAEznB,EAAGA,EAAGmuB,GACR1G,GAAE1nB,EAAE,GAAIC,EAAGmuB,GAEXjS,GAAEgS,EAAKnuB,EAAE,IACT0nB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK/f,IAAMsZ,GAAE1nB,EAAE,GAAIA,EAAE,GAAI0mB,IAEtCvK,GAAEgS,EAAKnuB,EAAE,IACT0nB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK/f,IAAc,GAE5BkZ,GAAStnB,EAAE,MAAS0R,EAAE,KAAK,GAAI+V,GAAEznB,EAAE,GAAImmB,GAAKnmB,EAAE,IAElD0nB,GAAE1nB,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAIIyuB,GAAoB,GAKxB,SAASC,KACP,IAAK,IAAItoC,EAAI,EAAGA,EAAIuoC,UAAUzoC,OAAQE,IACpC,KAAMuoC,UAAUvoC,aAAcL,YAC5B,MAAM,IAAI6oC,UAAU,kCAE1B,CAMA/I,GAAKgJ,WAAa,SAAS3yB,EAAGwV,GAE5B,GADAgd,GAAgBxyB,EAAGwV,GApBe,KAqB9BxV,EAAEhW,OAA0C,MAAUL,MAAM,cAChE,GAvB4B,KAuBxB6rB,EAAExrB,OAAoC,MAAUL,MAAM,cAC1D,IAAIqiB,EAAI,IAAIniB,WAxBgB,IA0B5B,OADAwkC,GAAkBriB,EAAGhM,EAAGwV,GACjBxJ,CACT,EAEA2d,GAAKvV,IAAM,CAAE,EAEbuV,GAAKvV,IAAI0T,QAAU,WACjB,IAAI4J,EAAK,IAAI7nC,WA9BiB,IA+B1B8nC,EAAK,IAAI9nC,WA9BiB,IAgC9B,OAlsBF,SAA4Bo5B,EAAGpf,GAC7BkmB,GAAYlmB,EAAG,IACR6qB,GAAuBzL,EAAGpf,EACnC,CA8rBE+uB,CAAmBlB,EAAIC,GAChB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAKvV,IAAI0T,QAAQ+K,cAAgB,SAASz7B,GAExC,GADAo7B,GAAgBp7B,GApCc,KAqC1BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI+nC,EAAK,IAAI7nC,WAxCiB,IA0C9B,OADA6kC,GAAuBgD,EAAIt6B,GACpB,CAACjD,UAAWu9B,EAAIt6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAuyB,GAAKnB,KAAO,SAAS5U,EAAKxc,GAExB,GADAo7B,GAAgB5e,EAAKxc,GA1CU,KA2C3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAImpC,EAAY,IAAIjpC,WAAW0oC,GAAkB3e,EAAI5pB,QAErD,OA5JF,SAAqB+oC,EAAIrS,EAAG1gB,EAAG2xB,GAC7B,IACIznC,EAAGsY,EADHiJ,EAAI,IAAI5hB,WAAW,IAAK+vB,EAAI,IAAI/vB,WAAW,IAAKia,EAAI,IAAIja,WAAW,IAC7Dga,EAAI,IAAIimB,aAAa,IAC3BtU,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MAE3BqH,GAAYxlB,EAAGkmB,EAAI,IACnBlmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIunB,EAAQhzB,EAAI,GAChB,IAAK9V,EAAI,EAAGA,EAAI8V,EAAG9V,IAAK6oC,EAAG,GAAK7oC,GAAKw2B,EAAEx2B,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6oC,EAAG,GAAK7oC,GAAKuhB,EAAE,GAAKvhB,GAO7C,IALA+mC,GAAYntB,EAAGivB,EAAG3hC,SAAS,IAAK4O,EAAE,IAClC+xB,GAAOjuB,GACP0tB,GAAWhc,EAAG1R,GACdqtB,GAAK4B,EAAIvd,GAEJtrB,EAAI,GAAIA,EAAI,GAAIA,IAAK6oC,EAAG7oC,GAAKynC,EAAGznC,GAIrC,IAHA+mC,GAAYrX,EAAGmZ,EAAI/yB,EAAI,IACvB+xB,GAAOnY,GAEF1vB,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK4Z,EAAE5Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAKsY,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAE3Z,EAAEsY,IAAMoX,EAAE1vB,GAAKuhB,EAAEjJ,GAIvBsvB,GAAKiB,EAAG3hC,SAAS,IAAKyS,EAExB,CA0HEovB,CAAYH,EAAWlf,EAAKA,EAAI5pB,OAAQoN,GACjC07B,CACT,EAEAnJ,GAAKnB,KAAK0K,SAAW,SAAStf,EAAKxc,GAGjC,IAFA,IAAI07B,EAAYnJ,GAAKnB,KAAK5U,EAAKxc,GAC3B+7B,EAAM,IAAItpC,WAAW0oC,IAChBroC,EAAI,EAAGA,EAAIipC,EAAInpC,OAAQE,IAAKipC,EAAIjpC,GAAK4oC,EAAU5oC,GACxD,OAAOipC,CACT,EAEAxJ,GAAKnB,KAAK0K,SAASnK,OAAS,SAASnV,EAAKuf,EAAKh/B,GAE7C,GADAq+B,GAAgB5e,EAAKuf,EAAKh/B,GACtBg/B,EAAInpC,SAAWuoC,GACjB,MAAU5oC,MAAM,sBAClB,GA9D+B,KA8D3BwK,EAAUnK,OACZ,MAAUL,MAAM,uBAClB,IAEIO,EAFA6oC,EAAK,IAAIlpC,WAAW0oC,GAAoB3e,EAAI5pB,QAC5C02B,EAAI,IAAI72B,WAAW0oC,GAAoB3e,EAAI5pB,QAE/C,IAAKE,EAAI,EAAGA,EAAIqoC,GAAmBroC,IAAK6oC,EAAG7oC,GAAKipC,EAAIjpC,GACpD,IAAKA,EAAI,EAAGA,EAAI0pB,EAAI5pB,OAAQE,IAAK6oC,EAAG7oC,EAAEqoC,IAAqB3e,EAAI1pB,GAC/D,OAxGF,SAA0Bw2B,EAAGqS,EAAI/yB,EAAG0xB,GAClC,IAAIxnC,EACA6Z,EAAI,IAAIla,WAAW,IAAK+vB,EAAI,IAAI/vB,WAAW,IAC3C2rB,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MACvB5d,EAAI,CAAC4d,KAAMA,KAAMA,KAAMA,MAE3B,GAAI5pB,EAAI,GAAI,OAAQ,EAEpB,GAAIgyB,GAAUhmB,EAAG0lB,GAAK,OAAQ,EAE9B,IAAKxnC,EAAI,EAAGA,EAAI8V,EAAG9V,IAAKw2B,EAAEx2B,GAAK6oC,EAAG7oC,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKw2B,EAAEx2B,EAAE,IAAMwnC,EAAGxnC,GAUtC,GATA+mC,GAAYrX,EAAG8G,EAAG1gB,GAClB+xB,GAAOnY,GACP2X,GAAW/b,EAAGxJ,EAAG4N,GAEjB4X,GAAWxlB,EAAG+mB,EAAG3hC,SAAS,KAC1B/E,GAAImpB,EAAGxJ,GACPmlB,GAAKptB,EAAGyR,GAERxV,GAAK,GACD2qB,GAAiBoI,EAAI,EAAGhvB,EAAG,GAAI,CACjC,IAAK7Z,EAAI,EAAGA,EAAI8V,EAAG9V,IAAKw2B,EAAEx2B,GAAK,EAC/B,OAAQ,CACZ,CAEE,IAAKA,EAAI,EAAGA,EAAI8V,EAAG9V,IAAKw2B,EAAEx2B,GAAK6oC,EAAG7oC,EAAI,IACtC,OAAO8V,CACT,CA4EUozB,CAAiB1S,EAAGqS,EAAIA,EAAG/oC,OAAQmK,IAAc,CAC3D,EAEAw1B,GAAKnB,KAAKV,QAAU,WAClB,IAAI4J,EAAK,IAAI7nC,WAzEkB,IA0E3B8nC,EAAK,IAAI9nC,WAzEkB,IA2E/B,OADA4nC,GAAoBC,EAAIC,GACjB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAKnB,KAAKV,QAAQ+K,cAAgB,SAASz7B,GAEzC,GADAo7B,GAAgBp7B,GA/Ee,KAgF3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAElB,IADA,IAAI+nC,EAAK,IAAI7nC,WAnFkB,IAoFtBK,EAAI,EAAGA,EAAIwnC,EAAG1nC,OAAQE,IAAKwnC,EAAGxnC,GAAKkN,EAAU,GAAGlN,GACzD,MAAO,CAACiK,UAAWu9B,EAAIt6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAuyB,GAAKnB,KAAKV,QAAQuL,SAAW,SAASC,GAEpC,GADAd,GAAgBc,GAvFU,KAwFtBA,EAAKtpC,OACP,MAAUL,MAAM,iBAGlB,IAFA,IAAI+nC,EAAK,IAAI7nC,WA5FkB,IA6F3B8nC,EAAK,IAAI9nC,WA5FkB,IA6FtBK,EAAI,EAAGA,EAAI,GAAIA,IAAKynC,EAAGznC,GAAKopC,EAAKppC,GAE1C,OADAunC,GAAoBC,EAAIC,GAAI,GACrB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAK4J,QAAU,SAASlkC,GACtB06B,GAAc16B,CAChB,EAEA,WAGE,GAAImV,IAAUA,GAAO0f,gBAAiB,CAGpCyF,GAAK4J,SAAQ,SAAS1vB,EAAG7D,GACvB,IAAI9V,EAAG+X,EAAI,IAAIpY,WAAWmW,GAC1B,IAAK9V,EAAI,EAAGA,EAAI8V,EAAG9V,GAHT,MAIRsa,GAAO0f,gBAAgBjiB,EAAE7Q,SAASlH,EAAGA,EAAI2G,KAAKud,IAAIpO,EAAI9V,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAI8V,EAAG9V,IAAK2Z,EAAE3Z,GAAK+X,EAAE/X,IAvGvC,SAAiBqkB,GACf,IAAK,IAAIrkB,EAAI,EAAGA,EAAIqkB,EAAIvkB,OAAQE,IAAKqkB,EAAIrkB,GAAK,CAChD,CAsGMspC,CAAQvxB,EACd,GACA,CACC,CAfD,GC5yCA,MAAMwxB,GAAY,CAChB,mBAAoB5gC,EAAMC,MAAMC,SAChC,aAAcF,EAAMC,MAAMG,SAC1B,aAAcJ,EAAMC,MAAMK,SAC1B,aAAcN,EAAMC,MAAMO,UAC1B,qBAAsBR,EAAMC,MAAMQ,cAClC,uBAAwBT,EAAMC,MAAMU,iBACpC,qBAAsBX,EAAMC,MAAMY,gBAClC,qBAAsBb,EAAMC,MAAMa,gBAClC,qBAAsBd,EAAMC,MAAMc,iBAGpC,MAAM8/B,GACJ,WAAA1rC,CAAY2rC,GACV,GAAIA,aAAeD,GACjBtrC,KAAKurC,IAAMA,EAAIA,SACV,GAAIz0B,EAAKrW,QAAQ8qC,IACbz0B,EAAKtV,aAAa+pC,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAI9pC,WAAW8pC,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAI3pC,OAAS,EAC1B,MAAUL,MAAM,sCAElBgqC,EAAMA,EAAIviC,SAAS,EAC3B,CACMhJ,KAAKurC,IAAMA,CACjB,MACMvrC,KAAKurC,IAAM,EAEjB,CAOE,IAAAlpC,CAAK9B,GACH,GAAIA,EAAMqB,QAAU,EAAG,CACrB,MAAMA,EAASrB,EAAM,GACrB,GAAIA,EAAMqB,QAAU,EAAIA,EAEtB,OADA5B,KAAKurC,IAAMhrC,EAAMyI,SAAS,EAAG,EAAIpH,GAC1B,EAAI5B,KAAKurC,IAAI3pC,MAE5B,CACI,MAAUL,MAAM,cACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKurC,IAAI3pC,SAAU5B,KAAKurC,KAC1E,CAME,KAAAC,GACE,OAAO10B,EAAK4C,gBAAgB1Z,KAAKurC,IACrC,CAOE,OAAAE,GACE,MAAMxjC,EAAOojC,GAAUrrC,KAAKwrC,SAC5B,IAAKvjC,EACH,MAAU1G,MAAM,oCAGlB,OAAO0G,CACX,ECtFO,SAASyjC,GAAiBvhC,GAC/B,IACI0O,EADAyU,EAAM,EAEV,MAAMrZ,EAAO9J,EAAM,GAcnB,OAXI8J,EAAO,MACRqZ,GAAOnjB,EACR0O,EAAS,GACA5E,EAAO,KAChBqZ,GAAQnjB,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7C0O,EAAS,GACS,MAAT5E,IACTqZ,EAAMxW,EAAKa,WAAWxN,EAAMnB,SAAS,EAAG,IACxC6P,EAAS,GAGJ,CACLyU,IAAKA,EACLzU,OAAQA,EAEZ,CASO,SAAS8yB,GAAkB/pC,GAChC,OAAIA,EAAS,IACJ,IAAIH,WAAW,CAACG,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIH,WAAW,CAAyB,KAAtBG,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEkV,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOqV,EAAKe,YAAYjW,EAAQ,IAChF,CAEO,SAASgqC,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAUtqC,MAAM,iDAElB,OAAO,IAAIE,WAAW,CAAC,IAAMoqC,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAItqC,WAAW,CAAC,IAAOsqC,GAChC,CAUO,SAASC,GAAYD,EAAUnqC,GAEpC,OAAOkV,EAAKpV,iBAAiB,CAACoqC,GAASC,GAAWJ,GAAkB/pC,IACtE,CAOO,SAASqqC,GAAkBjuB,GAChC,MAAO,CACLvT,EAAMkE,OAAOU,YACb5E,EAAMkE,OAAOO,eACbzE,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBACbuP,SAASnB,EACb,CASO1b,eAAe4pC,GAAY3rC,EAAO4rC,GACvC,MAAMzoC,EAASoe,EAAiBvhB,GAChC,IAAII,EACAyrC,EACJ,IACE,MAAMC,QAAoB3oC,EAAOwG,UAAU,GAE3C,IAAKmiC,GAAeA,EAAYzqC,OAAS,KAAuB,IAAjByqC,EAAY,IACzD,MAAU9qC,MAAM,iGAElB,MAAM+qC,QAAmB5oC,EAAOkG,WAChC,IAEI2iC,EAOAC,EATAxuB,GAAO,EACP4gB,GAAU,EAGdA,EAAS,EACS,GAAb0N,IACH1N,EAAS,GAIPA,EAEF5gB,EAAmB,GAAbsuB,GAGNtuB,GAAoB,GAAbsuB,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BR,GAAkBjuB,GAClD,IAiBI0uB,EAjBA/9B,EAAS,KACb,GAAI89B,EAAyB,CAC3B,GAA6B,UAAzB31B,EAAK7V,SAASV,GAAoB,CACpC,MAAM2I,EAAc,IAAIyjC,EACxBhsC,EAASohB,EAAiB7Y,GAC1ByF,EAASzF,CACjB,KAAa,CACL,MAAMtE,EAAY,IAAIoB,gBACtBrF,EAASohB,EAAiBnd,EAAUO,UACpCwJ,EAAS/J,EAAUM,QAC3B,CAEMknC,EAAmBD,EAAS,CAAEnuB,MAAKrP,UACzC,MACMA,EAAS,GAIX,EAAG,CACD,GAAKiwB,EAiCE,CAEL,MAAMgO,QAAmBlpC,EAAOkG,WAEhC,GADA8iC,GAAmB,EACfE,EAAa,IACfL,EAAeK,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CL,GAAiBK,EAAa,KAAQ,SAAYlpC,EAAOkG,WAAc,SAElE,GAAIgjC,EAAa,KAAOA,EAAa,KAG1C,GAFAL,EAAe,IAAmB,GAAbK,GACrBF,GAAmB,GACdD,EACH,MAAM,IAAInC,UAAU,2DAItBiC,QAAsB7oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,UAE9B,MApDQ,OAAQ4iC,GACN,KAAK,EAGHD,QAAqB7oC,EAAOkG,WAC5B,MACF,KAAK,EAGH2iC,QAAsB7oC,EAAOkG,YAAc,QAAWlG,EAAOkG,WAC7D,MACF,KAAK,EAGH2iC,QAAsB7oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,WACpB,MACF,QAWE2iC,EAAehkC,IAyBrB,GAAIgkC,EAAe,EAAG,CACpB,IAAI/jC,EAAY,EAChB,OAAa,CACP7H,SAAcA,EAAOgF,MACzB,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,GAAI+pC,IAAiBhkC,IAAU,MAC/B,MAAUhH,MAAM,2BAC5B,CACU,MAAMyB,EAAQupC,IAAiBhkC,IAAWhG,EAAQA,EAAMyG,SAAS,EAAGujC,EAAe/jC,GAInF,GAHI7H,QAAcA,EAAOoC,MAAMC,GAC1B2L,EAAO7L,KAAKE,GACjBwF,GAAajG,EAAMX,OACf4G,GAAa+jC,EAAc,CAC7B7oC,EAAOiG,QAAQpH,EAAMyG,SAASujC,EAAe/jC,EAAYjG,EAAMX,SAC/D,KACZ,CACA,CACA,CACA,OAAa8qC,GAiCT,MAAMG,QAAmBnpC,EAAOwG,UAAUuiC,EAA0BlkC,IAAW,GAS/E,OARI5H,SACIA,EAAOgF,YACPhF,EAAOsC,UAEb0L,EAASmI,EAAKpV,iBAAiBiN,SAEzBw9B,EAAS,CAAEnuB,MAAKrP,aAEhBk+B,IAAeA,EAAWjrC,MACnC,CAAC,MAAOsC,GACP,GAAIvD,EAEF,aADMA,EAAOuC,MAAMgB,IACZ,EAEP,MAAMA,CAEZ,CAAY,QACJvD,SACIyrC,EAER1oC,EAAO7C,aACX,CACA,CAEO,MAAMisC,WAAyBvrC,MACpC,WAAA3B,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAM8sC,IAGhC9sC,KAAKiI,KAAO,kBAChB,EAIO,MAAM+kC,WAA2BF,GACtC,WAAAltC,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAM8sC,IAGhC9sC,KAAKiI,KAAO,oBAChB,EAGO,MAAMglC,GACX,WAAArtC,CAAYoe,EAAKkvB,GACfltC,KAAKge,IAAMA,EACXhe,KAAKktC,WAAaA,CACtB,CAEE,KAAAnqC,GACE,OAAO/C,KAAKktC,UAChB,ECxSO5qC,eAAe6qC,GAASzqB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMgR,EAAYrF,EAAKoF,eACjBkxB,QAAqBjxB,EAAUwjB,YAAY,WAAW,EAAM,CAAC,OAAQ,WAErEnsB,QAAmB2I,EAAUyjB,UAAU,MAAOwN,EAAa55B,YAC3DzH,QAAkBoQ,EAAUyjB,UAAU,MAAOwN,EAAarhC,WAEhE,MAAO,CACLm3B,EAAG,IAAIzhC,WAAW4d,EAAgBtT,EAAU0P,IAC5CyvB,KAAM7rB,EAAgB7L,EAAW6P,GAEpC,CAAC,MAAOiT,GACP,GAAiB,sBAAbA,EAAIruB,MAA6C,mBAAbquB,EAAIruB,KAC1C,MAAMquB,EAER,MAAM4U,EAAOrP,GAAewR,GAAe3qB,KACnC3W,UAAWm3B,GAAM/3B,GAAQi1B,KAAKV,QAAQuL,SAASC,GACvD,MAAO,CAAEhI,IAAGgI,OACpB,CAEI,KAAKzgC,EAAMsB,UAAUa,MAAO,CAC1B,MAAMA,QAAckK,EAAKO,cAAc5M,EAAMsB,UAAUa,OACjDs+B,EAAOt+B,EAAM0gC,MAAMC,mBAEzB,MAAO,CAAErK,EADCt2B,EAAM4gC,aAAatC,GACjBA,OAClB,CACI,QACE,MAAU3pC,MAAM,+BAEtB,CAeOe,eAAe89B,GAAK1d,EAAMwd,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GACzE,GAAI/vB,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkBkoB,GAAqB/qB,IAIjF,MAAUnhB,MAAM,sCAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMgR,EAAYrF,EAAKoF,eACjByiB,EAAM+O,GAAgBhrB,EAAM3W,EAAWyH,GACvC7C,QAAYwL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,SAMrE,MAAO,CAAEgP,GAJS,IAAIlsC,iBACd0a,EAAUikB,KAAK,UAAWzvB,EAAK+sB,IAIxC,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIruB,KACN,MAAMquB,EAER,MAAMtnB,EAAY8H,EAAKpV,iBAAiB,CAAC8R,EAAYzH,IAErD,MAAO,CAAE4hC,GADSxiC,GAAQi1B,KAAK0K,SAASpN,EAAQ1uB,GAExD,CAEI,KAAKvE,EAAMsB,UAAUa,MAGnB,MAAO,CAAE+gC,UAFW72B,EAAKO,cAAc5M,EAAMsB,UAAUa,QAC/BwzB,KAAK1C,EAAQlqB,IAGvC,QACE,MAAUjS,MAAM,+BAGtB,CAaOe,eAAeq+B,GAAOje,EAAMwd,GAAUyN,GAAEA,GAAMrV,EAAGvsB,EAAW2xB,GACjE,GAAI/vB,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkBkoB,GAAqB/qB,IAIjF,MAAUnhB,MAAM,sCAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMgR,EAAYrF,EAAKoF,eACjByiB,EAAMiP,GAAelrB,EAAM3W,GAC3B4E,QAAYwL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,WAErE,aADuBxiB,EAAUwkB,OAAO,UAAWhwB,EAAKg9B,EAAIjQ,EAE7D,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIruB,KACN,MAAMquB,EAER,OAAOnrB,GAAQi1B,KAAK0K,SAASnK,OAAOjD,EAAQiQ,EAAI5hC,EACxD,CAEI,KAAKtB,EAAMsB,UAAUa,MAEnB,aADoBkK,EAAKO,cAAc5M,EAAMsB,UAAUa,QAC1C+zB,OAAOgN,EAAIjQ,EAAQ3xB,GAElC,QACE,MAAUxK,MAAM,+BAEtB,CAiCO,SAAS8rC,GAAe3qB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,OAAO,GAET,KAAKV,EAAMsB,UAAUa,MACnB,OAAO,GAET,QACE,MAAUrL,MAAM,+BAEtB,CAEO,SAASksC,GAAqB/qB,GACnC,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,OAAOV,EAAMkD,KAAKI,OACpB,KAAKtD,EAAMsB,UAAUa,MACnB,OAAOnC,EAAMkD,KAAKM,OACpB,QACE,MAAU1M,MAAM,sBAEtB,CAEA,MAAMqsC,GAAiB,CAAClrB,EAAM3W,KAC5B,GAAQ2W,IACDjY,EAAMsB,UAAUZ,QAAS,CAO5B,MANY,CACVmzB,IAAK,MACLuP,IAAK,UACLpyB,EAAG+D,EAAgBzT,GACnByyB,KAAK,EAGb,CAEM,MAAUj9B,MAAM,8BACtB,EAGMmsC,GAAkB,CAAChrB,EAAM3W,EAAWyH,KACxC,GAAQkP,IACDjY,EAAMsB,UAAUZ,QAAS,CAC5B,MAAMwzB,EAAMiP,GAAelrB,EAAM3W,GAEjC,OADA4yB,EAAItb,EAAI7D,EAAgBhM,GACjBmrB,CACb,CAEM,MAAUp9B,MAAM,8BACtB,iIAxEOe,eAA8BogB,EAAMwgB,EAAGgI,GAC5C,OAAQxoB,GACN,KAAKjY,EAAMsB,UAAUZ,QAAS,CAM5B,MAAMY,UAAEA,GAAcZ,GAAQi1B,KAAKV,QAAQuL,SAASC,GACpD,OAAOp0B,EAAKoE,iBAAiBgoB,EAAGn3B,EACtC,CAEI,KAAKtB,EAAMsB,UAAUa,MAAO,CAC1B,MAEMb,SAFc+K,EAAKO,cAAc5M,EAAMsB,UAAUa,QAE/B4gC,aAAatC,GACrC,OAAOp0B,EAAKoE,iBAAiBgoB,EAAGn3B,EACtC,CACI,QACE,OAAO,EAEb,cCrKA,MAAMoQ,GAAYrF,EAAKoF,eAQhB5Z,eAAewrC,GAAKprB,EAAM/R,EAAKo9B,GACpC,MAAM9qB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK5L,EAAK2H,MAAMiE,IAAS/R,EAAI/O,SAAWqhB,EACtC,MAAU1hB,MAAM,oCAGlB,IACE,MAAMysC,QAAoB7xB,GAAUmX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,YAEhFgmC,QAAkB9xB,GAAUmX,UAAU,MAAOya,EAAY,CAAE9lC,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SACnGugC,QAAgB/xB,GAAUgyB,QAAQ,MAAOF,EAAWD,EAAa,CAAE/lC,KAAM,WAC/E,OAAO,IAAIxG,WAAWysC,EACvB,CAAC,MAAO5X,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,QACrE,CAEE,OAAO66B,GAAWz9B,GAAKqd,QAAQ+f,EACjC,CASOzrC,eAAe+rC,GAAO3rB,EAAM/R,EAAK29B,GACtC,MAAMrrB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK5L,EAAK2H,MAAMiE,IAAS/R,EAAI/O,SAAWqhB,EACtC,MAAU1hB,MAAM,oCAGlB,IAAIysC,EACJ,IACEA,QAAoB7xB,GAAUmX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,aACjF,CAAC,MAAOquB,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAGR,OADAxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,SAC1D66B,GAAWz9B,GAAK2d,QAAQggB,EACnC,CAEE,IACE,MAAMC,QAAkBpyB,GAAUqyB,UAAU,MAAOF,EAAaN,EAAa,CAAE/lC,KAAM,UAAY,CAAEA,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SAC3I,OAAO,IAAIlM,iBAAiB0a,GAAUyjB,UAAU,MAAO2O,GACxD,CAAC,MAAOjY,GACP,GAAiB,mBAAbA,EAAIruB,KACN,MAAU1G,MAAM,6BAElB,MAAM+0B,CACV,CACA,uECxFA,MAAMna,GAAYrF,EAAKoF,eAER5Z,eAAemsC,GAAYvO,EAAUwO,EAAUC,EAAMC,EAAM7e,GACxE,MAAMpiB,EAAOlD,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GACvC,IAAKvyB,EAAM,MAAUpM,MAAM,qCAE3B,MAAMstC,QAAoB1yB,GAAUmX,UAAU,MAAOob,EAAU,QAAQ,EAAO,CAAC,eACzEzyB,QAAaE,GAAU2yB,WAAW,CAAE7mC,KAAM,OAAQ0F,OAAMghC,OAAMC,QAAQC,EAAsB,EAAT9e,GACzF,OAAO,IAAItuB,WAAWwa,EACxB,CCHA,MAAM8yB,GAAY,CAChBriC,OAAQoK,EAAKyD,WAAW,kBACxB5N,KAAMmK,EAAKyD,WAAW,iBAQjBjY,eAAe6qC,GAASzqB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAE3B,MAAM8M,EAAIqiB,GAAe,KACjB9vB,UAAWm3B,GAAMx2B,GAAOsf,IAAI0T,QAAQ+K,cAAcjxB,GAC1D,MAAO,CAAE0pB,IAAG1pB,IAClB,CAEI,KAAK/O,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKO,cAAc5M,EAAMsB,UAAUY,MAChD6M,EAAI7M,EAAK2gC,MAAMC,mBAErB,MAAO,CAAErK,EADCv2B,EAAK6gC,aAAah0B,GAChBA,IAClB,CACI,QACE,MAAUjY,MAAM,8BAEtB,CA+GO,SAAS8rC,GAAe3qB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUW,OACnB,OAAO,GAET,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO,GAET,QACE,MAAUpL,MAAM,8BAEtB,CAOOe,eAAe0sC,GAAoCtsB,EAAMusB,GAC9D,OAAQvsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMwiC,EAAqBrT,GAAewR,GAAe3qB,IACnDysB,EAAeziC,GAAO69B,WAAW2E,EAAoBD,GAC3DG,GAAmBD,GACnB,MAAQpjC,UAAWsjC,GAAuB3iC,GAAOsf,IAAI0T,QAAQ+K,cAAcyE,GAC3E,MAAO,CAAEG,qBAAoBF,eACnC,CACI,KAAK1kC,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKO,cAAc5M,EAAMsB,UAAUY,MAChDuiC,EAAqBviC,EAAK2gC,MAAMC,mBAChC4B,EAAexiC,EAAK2iC,gBAAgBJ,EAAoBD,GAC9DG,GAAmBD,GAEnB,MAAO,CAAEE,mBADkB1iC,EAAK6gC,aAAa0B,GAChBC,eACnC,CACI,QACE,MAAU5tC,MAAM,8BAEtB,CAEOe,eAAeitC,GAAsB7sB,EAAM2sB,EAAoBnM,EAAG1pB,GACvE,OAAQkJ,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMyiC,EAAeziC,GAAO69B,WAAW/wB,EAAG61B,GAE1C,OADAD,GAAmBD,GACZA,CACb,CACI,KAAK1kC,EAAMsB,UAAUY,KAAM,CACzB,MACMwiC,SADar4B,EAAKO,cAAc5M,EAAMsB,UAAUY,OAC5B2iC,gBAAgB91B,EAAG61B,GAE7C,OADAD,GAAmBD,GACZA,CACb,CACI,QACE,MAAU5tC,MAAM,8BAEtB,CAQA,SAAS6tC,GAAmBD,GAC1B,IAAIK,EAAM,EACV,IAAK,IAAI1tC,EAAI,EAAGA,EAAIqtC,EAAavtC,OAAQE,IACvC0tC,GAAOL,EAAartC,GAEtB,GAAY,IAAR0tC,EACF,MAAUjuC,MAAM,6BAEpB,2DAjGOe,eAAuBogB,EAAM2sB,EAAoBI,EAAYvM,EAAG1pB,GACrE,MAAM21B,QAAqBI,GAAsB7sB,EAAM2sB,EAAoBnM,EAAG1pB,GACxEk2B,EAAY54B,EAAKpV,iBAAiB,CACtC2tC,EACAnM,EACAiM,IAEF,OAAQzsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMgS,EAAajU,EAAMoC,UAAUK,QAC7B+V,QAAEA,GAAYD,GAAgBtE,GAEpC,OAAOixB,GAAajxB,QADQ+vB,GAAYhkC,EAAMkD,KAAKI,OAAQ2hC,EAAW,IAAIjuC,WAAcstC,GAAUriC,OAAQuW,GAC3DwsB,EACrD,CACI,KAAKhlC,EAAMsB,UAAUY,KAAM,CACzB,MAAM+R,EAAajU,EAAMoC,UAAUO,QAC7B6V,QAAEA,GAAYD,GAAgBvY,EAAMoC,UAAUO,QAEpD,OAAOuiC,GAAajxB,QADQ+vB,GAAYhkC,EAAMkD,KAAKM,OAAQyhC,EAAW,IAAIjuC,WAAcstC,GAAUpiC,KAAMsW,GACzDwsB,EACrD,CACI,QACE,MAAUluC,MAAM,8BAEtB,UA9DOe,eAAuBogB,EAAM7b,EAAMooC,GACxC,MAAMI,mBAAEA,EAAkBF,aAAEA,SAAuBH,GAAoCtsB,EAAMusB,GACvFS,EAAY54B,EAAKpV,iBAAiB,CACtC2tC,EACAJ,EACAE,IAEF,OAAQzsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMgS,EAAajU,EAAMoC,UAAUK,QAC7B+V,QAAEA,GAAYD,GAAgBtE,GAC9BkxB,QAAsBnB,GAAYhkC,EAAMkD,KAAKI,OAAQ2hC,EAAW,IAAIjuC,WAAcstC,GAAUriC,OAAQuW,GAE1G,MAAO,CAAEosB,qBAAoBI,iBADJI,GAAWnxB,EAAYkxB,EAAe/oC,GAErE,CACI,KAAK4D,EAAMsB,UAAUY,KAAM,CACzB,MAAM+R,EAAajU,EAAMoC,UAAUO,QAC7B6V,QAAEA,GAAYD,GAAgBvY,EAAMoC,UAAUO,QAC9CwiC,QAAsBnB,GAAYhkC,EAAMkD,KAAKM,OAAQyhC,EAAW,IAAIjuC,WAAcstC,GAAUpiC,KAAMsW,GAExG,MAAO,CAAEosB,qBAAoBI,iBADJI,GAAWnxB,EAAYkxB,EAAe/oC,GAErE,CAEI,QACE,MAAUtF,MAAM,8BAEtB,+GA/DOe,eAA8BogB,EAAMwgB,EAAG1pB,GAC5C,OAAQkJ,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAK3B,MAAMX,UAAEA,GAAcW,GAAOsf,IAAI0T,QAAQ+K,cAAcjxB,GACvD,OAAO1C,EAAKoE,iBAAiBgoB,EAAGn3B,EACtC,CACI,KAAKtB,EAAMsB,UAAUY,KAAM,CACzB,MAKMZ,SALa+K,EAAKO,cAAc5M,EAAMsB,UAAUY,OAK/B6gC,aAAah0B,GACpC,OAAO1C,EAAKoE,iBAAiBgoB,EAAGn3B,EACtC,CAEI,QACE,OAAO,EAEb,IC7CA,MAAMoQ,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAElBwzB,GAAY,CAChB,CAACrlC,EAAMC,MAAMC,UAAW,QACxB,CAACF,EAAMC,MAAMG,UAAW,QACxB,CAACJ,EAAMC,MAAMK,UAAW,SAEpBglC,GAAc9rB,GAAaA,GAAW+rB,YAAc,GACpDC,GAAahsB,GAAa,CAC9B,CAACxZ,EAAMC,MAAMO,WAAY8kC,GAAY5wB,SAAS,aAAe,iBAAc/c,EAC3E,CAACqI,EAAMC,MAAMC,UAAWolC,GAAY5wB,SAAS,cAAgB,kBAAe/c,EAC5E,CAACqI,EAAMC,MAAMG,UAAWklC,GAAY5wB,SAAS,aAAe,iBAAc/c,EAC1E,CAACqI,EAAMC,MAAMK,UAAWglC,GAAY5wB,SAAS,aAAe,iBAAc/c,EAC1E,CAACqI,EAAMC,MAAMQ,eAAgB6kC,GAAY5wB,SAAS,WAAa,eAAY/c,EAC3E,CAACqI,EAAMC,MAAMU,kBAAmB2kC,GAAY5wB,SAAS,UAAY,cAAW/c,EAC5E,CAACqI,EAAMC,MAAMY,iBAAkBykC,GAAY5wB,SAAS,mBAAqB,uBAAoB/c,EAC7F,CAACqI,EAAMC,MAAMa,iBAAkBwkC,GAAY5wB,SAAS,mBAAqB,uBAAoB/c,EAC7F,CAACqI,EAAMC,MAAMc,iBAAkBukC,GAAY5wB,SAAS,mBAAqB,uBAAoB/c,GAC3F,CAAE,EAEA8tC,GAAS,CACb,CAACzlC,EAAMC,MAAMC,UAAW,CACtB4gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5D4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMC,UAC7B0lC,IAAKP,GAAUrlC,EAAMC,MAAMC,UAC3B2lC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMG,UAAW,CACtB0gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB6U,OAAQpY,EAAMoC,UAAUM,OACxBijC,KAAMH,GAAWxlC,EAAMC,MAAMG,UAC7BwlC,IAAKP,GAAUrlC,EAAMC,MAAMG,UAC3BylC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMK,UAAW,CACtBwgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB4U,OAAQpY,EAAMoC,UAAUO,OACxBgjC,KAAMH,GAAWxlC,EAAMC,MAAMK,UAC7BslC,IAAKP,GAAUrlC,EAAMC,MAAMK,UAC3BulC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMO,WAAY,CACvBsgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMO,WAC7BqlC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMQ,eAAgB,CAC3BqgC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClE4E,QAAS1lC,EAAMsB,UAAUQ,YACzBoB,KAAMlD,EAAMkD,KAAKM,OACjBmiC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC/lC,EAAMC,MAAMU,kBAAmB,CAC9BmgC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxE4E,QAAS1lC,EAAMsB,UAAUM,KACzBsB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC/lC,EAAMC,MAAMY,iBAAkB,CAC7BigC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMY,iBAC7BglC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMa,iBAAkB,CAC7BggC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB6U,OAAQpY,EAAMoC,UAAUM,OACxBijC,KAAMH,GAAWxlC,EAAMC,MAAMa,iBAC7B+kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMc,iBAAkB,CAC7B+/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB4U,OAAQpY,EAAMoC,UAAUO,OACxBgjC,KAAMH,GAAWxlC,EAAMC,MAAMc,iBAC7B8kC,YAAa,GACbE,sBAAuB,IAI3B,MAAMC,GACJ,WAAA7wC,CAAY8wC,GACV,IACE1wC,KAAKiI,KAAOyoC,aAAqBpF,GAC/BoF,EAAUjF,UACVhhC,EAAM1H,MAAM0H,EAAMC,MAAMgmC,EAC3B,CAAC,MAAOpa,GACP,MAAM,IAAIwW,GAAiB,gBACjC,CACI,MAAMlmB,EAASspB,GAAOlwC,KAAKiI,MAE3BjI,KAAKmwC,QAAUvpB,EAAOupB,QAEtBnwC,KAAKurC,IAAM3kB,EAAO2kB,IAClBvrC,KAAK2N,KAAOiZ,EAAOjZ,KACnB3N,KAAK6iB,OAAS+D,EAAO/D,OACrB7iB,KAAKowC,KAAOxpB,EAAOwpB,KACnBpwC,KAAKqwC,IAAMzpB,EAAOypB,IAClBrwC,KAAKswC,YAAc1pB,EAAO0pB,YAC1BtwC,KAAKuwC,WAAa3pB,EAAO2pB,WACzBvwC,KAAKwwC,sBAAwB5pB,EAAO4pB,sBAChCxwC,KAAKqwC,KAAOv5B,EAAKoF,eACnBlc,KAAKiU,KAAO,MACHjU,KAAKowC,MAAQt5B,EAAKwF,gBAC3Btc,KAAKiU,KAAO,OACHjU,KAAKiI,OAASwC,EAAMC,MAAMU,iBACnCpL,KAAKiU,KAAO,mBACHjU,KAAKiI,OAASwC,EAAMC,MAAMQ,gBACnClL,KAAKiU,KAAO,gBAElB,CAEE,gBAAM08B,GACJ,OAAQ3wC,KAAKiU,MACX,IAAK,MACH,IACE,aAsIV3R,eAA6B2F,EAAMuoC,GAEjC,MAAMpD,QAAqBjxB,GAAUwjB,YAAY,CAAE13B,KAAM,QAAS2oC,WAAYd,GAAU7nC,KAAS,EAAM,CAAC,OAAQ,WAE1GuL,QAAmB2I,GAAUyjB,UAAU,MAAOwN,EAAa55B,YAC3DzH,QAAkBoQ,GAAUyjB,UAAU,MAAOwN,EAAarhC,WAEhE,MAAO,CACLA,UAAW8kC,GAAe9kC,EAAWykC,GACrCh9B,WAAY6L,EAAgB7L,EAAW6P,GAE3C,CAjJuBytB,CAAc9wC,KAAKiI,KAAMjI,KAAKwwC,sBAC5C,CAAC,MAAOla,GAEP,OADAxf,EAAK0E,gBAAgB,6CAA+C8a,EAAI/iB,SACjEw9B,GAAa/wC,KAAKiI,KACnC,CACM,IAAK,OACH,OA6IR3F,eAA8B2F,GAE5B,MAAMoE,EAAO4X,GAAW+sB,WAAWf,GAAWhoC,IAE9C,aADMoE,EAAK4kC,eACJ,CACLllC,UAAW,IAAItK,WAAW4K,EAAKmhC,gBAC/Bh6B,WAAY,IAAI/R,WAAW4K,EAAK6kC,iBAEpC,CArJeC,CAAenxC,KAAKiI,MAC7B,IAAK,mBAAoB,CAEvB,MAAMuR,EAAEA,EAAC0pB,EAAEA,SAAYkO,GAAc3mC,EAAMsB,UAAUW,QAC/C8G,EAAagG,EAAE7W,QAAQsoB,UAC7BzX,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAElB,MAAO,CAAEzH,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKwwC,wBAAyBtN,IACnE1vB,aAC5B,CACM,IAAK,gBAAiB,CACpB,MAAQ03B,KAAM13B,EAAU0vB,EAAEA,SAAYmO,GAAc5mC,EAAMsB,UAAUZ,SAEpE,MAAO,CAAEY,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKwwC,wBAAyBtN,IACnE1vB,aAC5B,CACM,QACE,OAAOu9B,GAAa/wC,KAAKiI,MAEjC,EAmCA3F,eAAegvC,GAAuB5uB,EAAM6oB,EAAKgG,EAAGluB,GAClD,MAAMmuB,EAAkB,CACtB,CAAC/mC,EAAMC,MAAMC,WAAW,EACxB,CAACF,EAAMC,MAAMG,WAAW,EACxB,CAACJ,EAAMC,MAAMK,WAAW,EACxB,CAACN,EAAMC,MAAMO,YAAY,EACzB,CAACR,EAAMC,MAAMU,kBAAmBsX,IAASjY,EAAMsB,UAAUM,KACzD,CAAC5B,EAAMC,MAAMY,kBAAkB,EAC/B,CAACb,EAAMC,MAAMa,kBAAkB,EAC/B,CAACd,EAAMC,MAAMc,kBAAkB,GAI3B+L,EAAYg0B,EAAIE,UACtB,IAAK+F,EAAgBj6B,GACnB,OAAO,EAGT,GAAIA,IAAc9M,EAAMC,MAAMU,iBAAkB,CAC9CiY,EAAIA,EAAE1gB,QAAQsoB,UAEd,MAAMlf,UAAEA,GAAcw1B,GAAKvV,IAAI0T,QAAQ+K,cAAcpnB,GAErDkuB,EAAI,IAAI9vC,WAAW8vC,GACnB,MAAME,EAAK,IAAIhwC,WAAW,CAAC,MAASsK,IACpC,QAAK+K,EAAKoE,iBAAiBu2B,EAAIF,EAKnC,CAEE,MAKME,SALmB36B,EAAKO,cAAc5M,EAAMsB,UAAUO,MAAOiL,IAK7Ci2B,aAAanqB,GAAG,GACtC,QAAKvM,EAAKoE,iBAAiBu2B,EAAIF,EAKjC,CAMA,SAASG,GAA0BhnC,EAAOinC,GACxC,MAAMrB,YAAEA,EAAWE,sBAAEA,EAAuBvoC,KAAMsP,GAAc7M,EAE1DknC,EAAar6B,IAAc9M,EAAMC,MAAMU,kBAAoBmM,IAAc9M,EAAMC,MAAMQ,cAAiBolC,EAA4B,EAAdA,EAE1H,GAAIqB,EAAE,KAAOnB,GAAyBmB,EAAE/vC,SAAWgwC,EAAY,EAC7D,MAAUrwC,MAAM,yBAEpB,CAWAe,eAAeyuC,GAAa9oC,GAC1B,MAAM4pC,QAAmB/6B,EAAKO,cAAc5M,EAAMsB,UAAUO,MAAOrE,GAC7DuL,EAAaq+B,EAAWvE,MAAMC,mBAEpC,MAAO,CAAExhC,UADS8lC,EAAWrE,aAAah6B,GAAY,GAClCA,aACtB,CAoCA,SAASq9B,GAAelS,EAAK6R,GAC3B,MAAMsB,EAAOzyB,EAAgBsf,EAAIljB,GAC3Bs2B,EAAO1yB,EAAgBsf,EAAI9D,GAC3B9uB,EAAY,IAAItK,WAAWqwC,EAAKlwC,OAASmwC,EAAKnwC,OAAS,GAI7D,OAHAmK,EAAU,GAAKykC,EACfzkC,EAAU5J,IAAI2vC,EAAM,GACpB/lC,EAAU5J,IAAI4vC,EAAMD,EAAKlwC,OAAS,GAC3BmK,CACT,CASA,SAASimC,GAAe1B,EAAaroC,EAAM8D,GACzC,MAAMuhB,EAAMgjB,EACNwB,EAAO/lC,EAAUpJ,MAAM,EAAG2qB,EAAM,GAChCykB,EAAOhmC,EAAUpJ,MAAM2qB,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgR,IAAK,KACLuP,IAAK5lC,EACLwT,EAAG+D,EAAgBsyB,GACnBjX,EAAGrb,EAAgBuyB,GACnBvT,KAAK,EAGT,CAUA,SAAST,GAAauS,EAAaroC,EAAM8D,EAAWyH,GAClD,MAAMmrB,EAAMqT,GAAe1B,EAAaroC,EAAM8D,GAE9C,OADA4yB,EAAItb,EAAI7D,EAAgBhM,GACjBmrB,CACT,CCvWA,MAAMxiB,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAgBjBha,eAAe89B,GAAKmL,EAAKrL,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GACxE,MAAMhzB,EAAQ,IAAI+lC,GAAalF,GAE/B,GADAmG,GAA0BhnC,EAAOqB,GAC7BwH,IAAYuD,EAAK7V,SAASsS,GAAU,CACtC,MAAMmsB,EAAU,CAAE3zB,YAAWyH,cAC7B,OAAQ9I,EAAMuJ,MACZ,IAAK,MAEH,IAEE,aAqIV3R,eAAuBoI,EAAOw1B,EAAU3sB,EAASmsB,GAC/C,MAAMpS,EAAM5iB,EAAM4lC,YACZ3R,EAAMZ,GAAarzB,EAAM4lC,YAAaR,GAAUplC,EAAMzC,MAAOy3B,EAAQ3zB,UAAW2zB,EAAQlsB,YACxF7C,QAAYwL,GAAUmX,UAC1B,MACAqL,EACA,CACE12B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,SAGGkB,EAAY,IAAIpN,iBAAiB0a,GAAUikB,KAC/C,CACEn4B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,KAE5CvvB,EACA4C,IAGF,MAAO,CACLmI,EAAG7M,EAAUlM,MAAM,EAAG2qB,GACtB1T,EAAG/K,EAAUlM,MAAM2qB,EAAKA,GAAO,GAEnC,CAlKuB+S,CAAQ31B,EAAOw1B,EAAU3sB,EAASmsB,EAChD,CAAC,MAAOpJ,GAIP,GAAmB,aAAf5rB,EAAMzC,OAAqC,cAAbquB,EAAIruB,MAAqC,mBAAbquB,EAAIruB,MAChE,MAAMquB,EAERxf,EAAK0E,gBAAgB,oCAAsC8a,EAAI/iB,QACzE,CACQ,MACF,IAAK,OACH,OAoLRjR,eAAwBoI,EAAOw1B,EAAU3sB,EAASC,GAEhD,MAAMy+B,EAAan7B,EAAKG,YAAY,eAC9Bi7B,EAAap7B,EAAK2F,iBAChBjJ,WAAY2+B,GAAkBF,EAAWG,YAAY,CAC3D76B,UAAW04B,GAAWvlC,EAAMzC,MAC5BuL,WAAY0+B,EAAW1xB,KAAKhN,KAGxB4sB,EAAOnc,GAAWqc,WAAW71B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC1DE,EAAKr9B,MAAMwQ,GACX6sB,EAAK93B,MAEL,MAAMuG,EAAY,IAAIpN,WAAW2+B,EAAKA,KAAK,CAAEzvB,IAAKwhC,EAAevT,OAAQ,MAAO3qB,KAAM,OAAQo+B,YAAa,gBACrG/kB,EAAM5iB,EAAM4lC,YAElB,MAAO,CACL50B,EAAG7M,EAAU7F,SAAS,EAAGskB,GACzB1T,EAAG/K,EAAU7F,SAASskB,EAAKA,GAAO,GAEtC,CAxMeiT,CAAS71B,EAAOw1B,EAAU3sB,EAASC,GAElD,CAEE,MAEM3E,SAFmBiI,EAAKO,cAAc5M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAE5Cm4B,KAAK1C,EAAQlqB,EAAY,CAAE8+B,MAAM,IAC9D,MAAO,CACL52B,EAAGggB,GAAmB7sB,EAAU6M,EAAG,KAAMhR,EAAM4lC,aAC/C12B,EAAG8hB,GAAmB7sB,EAAU+K,EAAG,KAAMlP,EAAM4lC,aAEnD,CAcOhuC,eAAeq+B,GAAO4K,EAAKrL,EAAUrxB,EAAW0E,EAASxH,EAAW2xB,GACzE,MAAMhzB,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAOqB,GAOjC,MAAMwmC,EAAmCjwC,SACzB,IAAdo7B,EAAO,IACL8U,GAAS9nC,EAAOmE,EAAW6uB,EAAO10B,SAAS,GAAI+C,GAInD,GAAIwH,IAAYuD,EAAK7V,SAASsS,GAC5B,OAAQ7I,EAAMuJ,MACZ,IAAK,MACH,IAEE,MAAMw+B,QA2GhBnwC,eAAyBoI,EAAOw1B,GAAUxkB,EAAG9B,EAAEA,GAAKrG,EAASxH,GAC3D,MAAM4yB,EAAMqT,GAAetnC,EAAM4lC,YAAaR,GAAUplC,EAAMzC,MAAO8D,GAC/D4E,QAAYwL,GAAUmX,UAC1B,MACAqL,EACA,CACE12B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,WAGGkB,EAAYiI,EAAKpV,iBAAiB,CAACga,EAAG9B,IAAItQ,OAEhD,OAAO6S,GAAUwkB,OACf,CACE14B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,KAE5CvvB,EACA9B,EACA0E,EAEJ,CArIiCqtB,CAAUl2B,EAAOw1B,EAAUrxB,EAAW0E,EAASxH,GACtE,OAAO0mC,GAAYF,GACpB,CAAC,MAAOjc,GAIP,GAAmB,aAAf5rB,EAAMzC,OAAqC,cAAbquB,EAAIruB,MAAqC,mBAAbquB,EAAIruB,MAChE,MAAMquB,EAERxf,EAAK0E,gBAAgB,sCAAwC8a,EAAI/iB,QAC3E,CACQ,MACF,IAAK,OAAQ,CACX,MAAMk/B,QAgJdnwC,eAA0BoI,EAAOw1B,GAAUxkB,EAAG9B,EAAEA,GAAKrG,EAASxH,GAC5D,MAAMkmC,EAAan7B,EAAKG,YAAY,eAC9Bi7B,EAAap7B,EAAK2F,iBAChB1Q,UAAW2mC,GAAiBT,EAAWG,YAAY,CACzD76B,UAAW04B,GAAWvlC,EAAMzC,MAC5B8D,UAAWmmC,EAAW1xB,KAAKzU,KAGvB40B,EAAS1c,GAAW4c,aAAap2B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC9DS,EAAO59B,MAAMwQ,GACbotB,EAAOr4B,MAEP,MAAMuG,EAAYiI,EAAKpV,iBAAiB,CAACga,EAAG9B,IAE5C,IACE,OAAO+mB,EAAOA,OAAO,CAAEhwB,IAAK+hC,EAAc9T,OAAQ,MAAO3qB,KAAM,OAAQo+B,YAAa,cAAgBxjC,EACrG,CAAC,MAAOynB,GACP,OAAO,CACX,CACA,CAnK+BwK,CAAWp2B,EAAOw1B,EAAUrxB,EAAW0E,EAASxH,GACvE,OAAO0mC,GAAYF,GAC3B,EAKE,aADuBC,GAAS9nC,EAAOmE,EAAW6uB,EAAQ3xB,IACvCwmC,GACrB,CAiDAjwC,eAAekwC,GAAS9nC,EAAOmE,EAAW6uB,EAAQ3xB,GAGhD,aAFyB+K,EAAKO,cAAc5M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAEvD04B,OAAO7pB,EAAKpV,iBAAiB,CAACmN,EAAU6M,EAAG7M,EAAU+K,IAAK8jB,EAAQ3xB,EAAW,CAAEumC,MAAM,GACzG,0EA3COhwC,eAA8BipC,EAAKgG,EAAGluB,GAC3C,MAAM3Y,EAAQ,IAAI+lC,GAAalF,GAE/B,GAAI7gC,EAAMylC,UAAY1lC,EAAMsB,UAAUO,MACpC,OAAO,EAKT,OAAQ5B,EAAMuJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMV,EAAUsoB,GAAe,GACzBqE,EAAWz1B,EAAMkD,KAAKI,OACtB2vB,QAAe/vB,GAAK6W,OAAO0b,EAAU3sB,GAC3C,IACE,MAAM1E,QAAkBuxB,GAAKmL,EAAKrL,EAAU3sB,EAASg+B,EAAGluB,EAAGqa,GAE3D,aAAaiD,GAAO4K,EAAKrL,EAAUrxB,EAAW0E,EAASg+B,EAAG7T,EAC3D,CAAC,MAAOpH,GACP,OAAO,CACf,CACA,CACI,QACE,OAAOgb,GAAuB7mC,EAAMsB,UAAUO,MAAOi/B,EAAKgG,EAAGluB,GAEnE,qEC9HO/gB,eAAoBipC,EAAKrL,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GAGxE,GADAgU,GADc,IAAIjB,GAAalF,GACEx/B,GAC7B4B,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkB9a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAQosC,GAAI9+B,SAAoB8jC,GAAUloC,EAAMsB,UAAUZ,QAAS+0B,EAAU3sB,EAASxH,EAAU/C,SAAS,GAAIwK,EAAYkqB,GAEzH,MAAO,CACLhiB,EAAG7M,EAAU7F,SAAS,EAAG,IACzB4Q,EAAG/K,EAAU7F,SAAS,IAE1B,iBAkCO1G,eAA8BipC,EAAKgG,EAAG/3B,GAE3C,GAAI+xB,EAAIE,YAAchhC,EAAMC,MAAMQ,cAChC,OAAO,EAOT,MAAMa,UAAEA,GAAcw1B,GAAKnB,KAAKV,QAAQuL,SAASzxB,GAC3Ci4B,EAAK,IAAIhwC,WAAW,CAAC,MAASsK,IACpC,OAAO+K,EAAKoE,iBAAiBq2B,EAAGE,EAElC,SAlCOnvC,eAAsBipC,EAAKrL,GAAUxkB,EAAG9B,EAAEA,GAAK0e,EAAGvsB,EAAW2xB,GAGlE,GADAgU,GADc,IAAIjB,GAAalF,GACEx/B,GAC7B4B,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkB9a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAMosC,EAAK72B,EAAKpV,iBAAiB,CAACga,EAAG9B,IACrC,OAAOg5B,GAAYnoC,EAAMsB,UAAUZ,QAAS+0B,EAAU,CAAEyN,MAAMrV,EAAGvsB,EAAU/C,SAAS,GAAI00B,EAC1F,ICrDO,SAAS/iB,GAAOpH,GACrB,MAAM6P,EAAI,EAAK7P,EAAQ3R,OAAS,EAC1BgX,EAAS,IAAInX,WAAW8R,EAAQ3R,OAASwhB,GAAGsE,KAAKtE,GAEvD,OADAxK,EAAOzW,IAAIoR,GACJqF,CACT,CAOO,SAASmC,GAAOxH,GACrB,MAAM+Z,EAAM/Z,EAAQ3R,OACpB,GAAI0rB,EAAM,EAAG,CACX,MAAMlK,EAAI7P,EAAQ+Z,EAAM,GACxB,GAAIlK,GAAK,EAAG,CACV,MAAMyvB,EAAWt/B,EAAQvK,SAASskB,EAAMlK,GAClC0vB,EAAW,IAAIrxC,WAAW2hB,GAAGsE,KAAKtE,GACxC,GAAItM,EAAKoE,iBAAiB23B,EAAUC,GAClC,OAAOv/B,EAAQvK,SAAS,EAAGskB,EAAMlK,EAEzC,CACA,CACE,MAAU7hB,MAAM,kBAClB,yECxBA,MAAM4a,GAAYrF,EAAKoF,eACjB+H,GAAanN,EAAKwF,gBAexB,SAASy2B,GAAeC,EAAazH,EAAK0H,EAAWC,GACnD,OAAOp8B,EAAKpV,iBAAiB,CAC3B6pC,EAAIxoC,QACJ,IAAItB,WAAW,CAACuxC,IAChBC,EAAUlwC,QACV+T,EAAKgD,mBAAmB,wBACxBo5B,GAEJ,CAGA5wC,eAAe6wC,GAAIjT,EAAUgC,EAAGtgC,EAAQwxC,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAIxxC,EACJ,GAAIuxC,EAAc,CAEhB,IAAKvxC,EAAI,EAAGA,EAAIogC,EAAEtgC,QAAmB,IAATsgC,EAAEpgC,GAAUA,KACxCogC,EAAIA,EAAEl5B,SAASlH,EACnB,CACE,GAAIwxC,EAAe,CAEjB,IAAKxxC,EAAIogC,EAAEtgC,OAAS,EAAGE,GAAK,GAAc,IAATogC,EAAEpgC,GAAUA,KAC7CogC,EAAIA,EAAEl5B,SAAS,EAAGlH,EAAI,EAC1B,CAME,aALqB6L,GAAK6W,OAAO0b,EAAUppB,EAAKpV,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBygC,EACAkR,MAEYpqC,SAAS,EAAGpH,EAC5B,CAUAU,eAAeixC,GAAsB7oC,EAAO6mC,GAC1C,OAAQ7mC,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAQk7B,aAAcqE,EAASnE,mBAAEA,SAA6BoE,GAAyChpC,EAAMsB,UAAUW,OAAQ6kC,EAAEvoC,SAAS,IAE1I,MAAO,CAAE+C,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACiJ,EAAM8lC,wBAAyBnB,IACpEmE,YAC1B,CACI,IAAK,MACH,GAAI9oC,EAAM2lC,KAAOv5B,EAAKoF,eACpB,IACE,aA8LV5Z,eAAqCoI,EAAO6mC,GAC1C,MAAM5S,EAAMqT,GAAetnC,EAAM4lC,YAAa5lC,EAAM2lC,IAAKkB,GACzD,IAAI7R,EAAUvjB,GAAUwjB,YACtB,CACE13B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,CAAC,YAAa,eAEZqD,EAAYv3B,GAAUmX,UACxB,MACAqL,EACA,CACE12B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,KAED3Q,EAASgU,SAAmBxzC,QAAQ4E,IAAI,CAAC46B,EAASgU,IACnD,IAAI95B,EAAIuC,GAAU2yB,WAChB,CACE7mC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,IAClBsD,OAAQD,GAEVhU,EAAQlsB,WACR9I,EAAM6lC,YAEJnjB,EAAIjR,GAAUyjB,UAChB,MACAF,EAAQ3zB,YAET6N,EAAGwT,SAAWltB,QAAQ4E,IAAI,CAAC8U,EAAGwT,IAC/B,MAAMomB,EAAY,IAAI/xC,WAAWmY,GAC3B7N,EAAY,IAAItK,WAAWovC,GAAezjB,EAAG1iB,EAAM8lC,wBACzD,MAAO,CAAEzkC,YAAWynC,YACtB,CApOuBI,CAAsBlpC,EAAO6mC,EAC3C,CAAC,MAAOjb,GAEP,OADAxf,EAAK0E,gBAAgB8a,GACdud,GAAqBnpC,EAAO6mC,EAC7C,CAEM,MACF,IAAK,OACH,OAuPNjvC,eAAsCoI,EAAO6mC,GAC3C,MAAMuC,EAAS7vB,GAAW+sB,WAAWtmC,EAAM0lC,MAC3C0D,EAAO7C,eACP,MAAMuC,EAAY,IAAI/xC,WAAWqyC,EAAOC,cAAcxC,IAChDxlC,EAAY,IAAItK,WAAWqyC,EAAOtG,gBACxC,MAAO,CAAEzhC,YAAWynC,YACtB,CA7PaQ,CAAuBtpC,EAAO6mC,GACvC,QACE,OAAOsC,GAAqBnpC,EAAO6mC,GAGzC,CAoCAjvC,eAAe2xC,GAAuBvpC,EAAOinC,EAAGJ,EAAGluB,GACjD,GAAIA,EAAEzhB,SAAW8I,EAAM4lC,YAAa,CAClC,MAAM98B,EAAa,IAAI/R,WAAWiJ,EAAM4lC,aACxC98B,EAAWrR,IAAIkhB,EAAG3Y,EAAM4lC,YAAcjtB,EAAEzhB,QACxCyhB,EAAI7P,CACR,CACE,OAAQ9I,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAMjF,EAAYqU,EAAE1gB,QAAQsoB,UAE5B,MAAO,CAAEjc,YAAWwkC,gBADIU,GAA2BzpC,EAAMsB,UAAUW,OAAQilC,EAAE3oC,SAAS,GAAIuoC,EAAEvoC,SAAS,GAAIgG,GAE/G,CACI,IAAK,MACH,GAAItE,EAAM2lC,KAAOv5B,EAAKoF,eACpB,IACE,aA2EV5Z,eAAsCoI,EAAOinC,EAAGJ,EAAGluB,GACjD,MAAMqwB,EAAY3V,GAAarzB,EAAM4lC,YAAa5lC,EAAM2lC,IAAKkB,EAAGluB,GAChE,IAAI7P,EAAa2I,GAAUmX,UACzB,MACAogB,EACA,CACEzrC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,CAAC,YAAa,eAEhB,MAAM1R,EAAMqT,GAAetnC,EAAM4lC,YAAa5lC,EAAM2lC,IAAKsB,GACzD,IAAImC,EAAS33B,GAAUmX,UACrB,MACAqL,EACA,CACE12B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,KAED78B,EAAYsgC,SAAgB5zC,QAAQ4E,IAAI,CAAC0O,EAAYsgC,IACtD,IAAIjc,EAAI1b,GAAU2yB,WAChB,CACE7mC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,IAClBsD,OAAQG,GAEVtgC,EACA9I,EAAM6lC,YAEJ4D,EAASh4B,GAAUyjB,UACrB,MACApsB,IAEDqkB,EAAGsc,SAAgBj0C,QAAQ4E,IAAI,CAAC+yB,EAAGsc,IACpC,MAAMX,EAAY,IAAI/xC,WAAWo2B,GAEjC,MAAO,CAAE7oB,UADSqQ,EAAgB80B,EAAO9wB,GACrBmwB,YACtB,CApHuBY,CAAuB1pC,EAAOinC,EAAGJ,EAAGluB,EAClD,CAAC,MAAOiT,GAEP,OADAxf,EAAK0E,gBAAgB8a,GACd+d,GAAsB3pC,EAAOinC,EAAGtuB,EACjD,CAEM,MACF,IAAK,OACH,OAuKN/gB,eAAuCoI,EAAOinC,EAAGtuB,GAC/C,MAAMqwB,EAAYzvB,GAAW+sB,WAAWtmC,EAAM0lC,MAC9CsD,EAAUY,cAAcjxB,GACxB,MAAMmwB,EAAY,IAAI/xC,WAAWiyC,EAAUK,cAAcpC,IAEzD,MAAO,CAAE3iC,UADS,IAAIvN,WAAWiyC,EAAUxC,iBACvBsC,YACtB,CA7Kae,CAAwB7pC,EAAOinC,EAAGtuB,GAC3C,QACE,OAAOgxB,GAAsB3pC,EAAOinC,EAAGtuB,GAE7C,CAmCA/gB,eAAe+xC,GAAsB3pC,EAAOinC,EAAGtuB,GAK7C,MAAO,CAAErU,UAAWqU,EAAGmwB,iBAJE18B,EAAKO,cAAc5M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAE9BqnC,gBAAgBjsB,EAAGsuB,GACpB3oC,SAAS,GAEpD,CAEA1G,eAAeuxC,GAAqBnpC,EAAO6mC,GACzC,MAAMM,QAAmB/6B,EAAKO,cAAc5M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAChE8D,UAAW4lC,EAAGn+B,WAAYqG,SAAYnP,EAAMimC,aAKpD,MAAO,CAAE5kC,UAAW4lC,EAAG6B,UAFQ3B,EAAWvC,gBAAgBz1B,EAAG03B,GACpBvoC,SAAS,GAEpD,2DApCO1G,eAAuBipC,EAAK0H,EAAWtB,EAAG6C,EAAGjD,EAAGluB,EAAG6vB,GACxD,MAAMxoC,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAO6mC,GACjCG,GAA0BhnC,EAAOinC,GACjC,MAAM6B,UAAEA,SAAoBS,GAAuBvpC,EAAOinC,EAAGJ,EAAGluB,GAC1D+vB,EAAQL,GAAetoC,EAAMsB,UAAUM,KAAMk/B,EAAK0H,EAAWC,IAC7DjwB,QAAEA,GAAYD,GAAgBiwB,EAAUpwB,QAC9C,IAAIyT,EACJ,IAAK,IAAIx0B,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAEE,MAAMqhC,QAAUgQ,GAAIF,EAAUtlC,KAAM6lC,EAAWvwB,EAASmwB,EAAa,IAANtxC,EAAe,IAANA,GACxE,OAAO2yC,SAAmB9E,GAAasD,EAAUpwB,OAAQsgB,EAAGqR,GAC7D,CAAC,MAAOtwC,GACPoyB,EAAMpyB,CACZ,CAEE,MAAMoyB,CACR,UAnFOh0B,eAAuBipC,EAAK0H,EAAWpsC,EAAM0qC,EAAG2B,GACrD,MAAM5a,EAAIoc,GAAa7tC,GAEjB6D,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAO6mC,GACjC,MAAMxlC,UAAEA,EAASynC,UAAEA,SAAoBD,GAAsB7oC,EAAO6mC,GAC9D6B,EAAQL,GAAetoC,EAAMsB,UAAUM,KAAMk/B,EAAK0H,EAAWC,IAC7DjwB,QAAEA,GAAYD,GAAgBiwB,EAAUpwB,QACxCsgB,QAAUgQ,GAAIF,EAAUtlC,KAAM6lC,EAAWvwB,EAASmwB,GAExD,MAAO,CAAErnC,YAAW0jC,iBADKI,GAAWoD,EAAUpwB,OAAQsgB,EAAG7K,GAE3D,iBA9FOh2B,eAA8BipC,EAAKgG,EAAGluB,GAC3C,OAAOiuB,GAAuB7mC,EAAMsB,UAAUM,KAAMk/B,EAAKgG,EAAGluB,EAC9D,6HJ8JA/gB,eAAwBiV,GACtB,MAAM7M,EAAQ,IAAI+lC,GAAal5B,IACzBg0B,IAAEA,EAAG59B,KAAEA,EAAIkV,OAAEA,GAAWnY,EACxBg1B,QAAgBh1B,EAAMimC,aAC5B,MAAO,CACLpF,MACAgG,EAAG7R,EAAQ3zB,UACXooC,OAAQr9B,EAAK6B,QAAQ+mB,EAAQlsB,WAAY9I,EAAM4lC,aAC/C3iC,OACAkV,SAEJ,uBAOA,SAA8B0oB,GAC5B,OAAO2E,GAAO3E,EAAIE,WAAW99B,IAC/B,IK/LA,MAAMqsB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,0DAaZ5kB,eAAoB49B,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,GACpD,MAAMue,EAAM9S,OAAO,GAMnB,IAAI1N,EACAkC,EACA9B,EACA+B,EARJyR,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBpW,EAAIye,GAAmBze,GAMvBoW,EAAIsI,GAAItI,EAAGzE,GACX3R,EAAI0e,GAAI1e,EAAGmI,GAMX,MAAM4N,EAAI2I,GAAID,GAAmBwD,EAAO10B,SAAS,EAAGsB,GAAWsZ,KAAMA,GAMrE,OAAa,CAIX,GAFApK,EAAIuiB,GAAoB9B,GAAKrW,GAC7BlI,EAAIye,GAAIE,GAAOxI,EAAGrY,EAAG4T,GAAIxJ,GACrBlI,IAAMse,EACR,SAEF,MAAM2a,EAAKxa,GAAI1e,EAAIC,EAAGkI,GAGtB,GAFAjI,EAAIwe,GAAI3I,EAAImjB,EAAI/wB,GAChBhK,EAAIugB,GAAIM,GAAOjhB,EAAGoK,GAAKjI,EAAGiI,GACtBhK,IAAMogB,EAGV,KACJ,CACE,MAAO,CACLte,EAAGggB,GAAmBhgB,EAAG,KAAMpR,GAAW8iB,IAC1CxT,EAAG8hB,GAAmB9hB,EAAG,KAAMtP,GAAW8iB,IAE9C,iBAwDO9qB,eAA8B8qB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,GAM/C,GALA2R,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAMT,GAAI+M,GAAI/M,EAAI6M,GAAKrW,KAAOoW,GACtB,OAAO,EAOT,GAAIK,GAAOxI,EAAGjO,EAAGwJ,KAAO6M,GACtB,OAAO,EAMT,MAAM2a,EAAQ1tB,OAAOqU,GAAU3X,IAE/B,GAAIgxB,EADU1tB,OAAO,OACCkV,GAAgBxY,EAAG,KAAM,IAC7C,OAAO,EASTnI,EAAIye,GAAmBze,GACvB,MAAMglB,EAAMvZ,OAAO,GAGnB,OAAI2T,IAAMR,GAAOxI,EADLjO,EADFmY,GAAoB0E,GAAQmU,EAAQ3a,GAAMwG,GAAOmU,GACvCn5B,EACK2R,EAK3B,SA1FO9qB,eAAsB49B,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,GAS5D,GARAnf,EAAIwe,GAAmBxe,GACvB9B,EAAIsgB,GAAmBtgB,GAEvBwT,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBnf,GAAKse,IAAOte,GAAKkI,GACjBhK,GAAKogB,IAAOpgB,GAAKgK,EAEnB,OADA9M,EAAKwE,WAAW,0BACT,EAET,MAAMkW,EAAI2I,GAAID,GAAmBwD,EAAO10B,SAAS,EAAGsB,GAAWsZ,KAAMA,GAC/DuF,EAAIsR,GAAO7gB,EAAGgK,GACpB,GAAIuF,IAAM6Q,GAER,OADAljB,EAAKwE,WAAW,0BACT,EAGTuW,EAAIsI,GAAItI,EAAGzE,GACXyN,EAAIV,GAAIU,EAAGzN,GACX,MAAMynB,EAAK1a,GAAI3I,EAAIrI,EAAGvF,GAChBkxB,EAAK3a,GAAIze,EAAIyN,EAAGvF,GAItB,OADUuW,GAAIA,GAFHE,GAAOxI,EAAGgjB,EAAIznB,GACdiN,GAAOQ,EAAGia,EAAI1nB,GACEA,GAAIxJ,KAClBlI,CACf,IC3He3P,GAAA,CAEbgpC,IAAKA,GAEL5oC,QAASA,GAET6oC,SAAUA,GAEV5oC,IAAKA,2ECGA,SAA8BsW,EAAM7T,GACzC,IAAIxM,EAAO,EACX,OAAQqgB,GAGN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM0N,EAAI9C,EAAK0B,QAAQ3J,EAAU7F,SAAS3G,IAG1C,OAHkDA,GAAQuX,EAAEhY,OAAS,EAG9D,CAAES,OAAM4yC,gBAAiB,CAAEr7B,KACxC,CAII,KAAKnP,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,CAGE,MAAMoP,EAAI5E,EAAK0B,QAAQ3J,EAAU7F,SAAS3G,IAAQA,GAAQqZ,EAAE9Z,OAAS,EACrE,MAAMgY,EAAI9C,EAAK0B,QAAQ3J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQuX,EAAEhY,OAAS,EAC9D,CAAES,OAAM4yC,gBAAiB,CAAEv5B,IAAG9B,KAC3C,CAII,KAAKnP,EAAMsB,UAAUQ,YAAa,CAIhC,MAAMmP,EAAI5E,EAAK0B,QAAQ3J,EAAU7F,SAAS3G,IAAQA,GAAQqZ,EAAE9Z,OAAS,EACrE,MAAMgY,EAAI9C,EAAK0B,QAAQ3J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQuX,EAAEhY,OAAS,EAC9D,CAAES,OAAM4yC,gBAAiB,CAAEv5B,IAAG9B,KAC3C,CAKI,KAAKnP,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMsoC,EAAS,EAAInpC,GAAUipC,SAASG,MAAM9H,eAAe3qB,GACrDirB,EAAK72B,EAAK4B,kBAAkB7J,EAAWxM,EAAMA,EAAO6yC,GAC1D,OADmE7yC,GAAQsrC,EAAG/rC,OACvE,CAAES,OAAM4yC,gBAAiB,CAAEtH,MACxC,CAEI,QACE,MAAM,IAAIb,GAAiB,gCAEjC,OAuEOxqC,eAAoBogB,EAAMwd,EAAUkV,EAAiBC,EAAkBxuC,EAAM62B,GAClF,IAAK0X,IAAoBC,EACvB,MAAU9zC,MAAM,0BAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM0L,EAAEA,EAAC1T,EAAEA,GAAMkxC,GACX/xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQqX,EAEvB,MAAO,CAAEz7B,QADO7N,GAAUgpC,IAAI3U,KAAKF,EAAUr5B,EAAM+Q,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAE3E,CACI,KAAKjzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMylB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,GAAMwxB,GACd35B,EAAEA,GAAM45B,EACd,OAAOtpC,GAAUK,IAAIg0B,KAAKF,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,EAC3D,CACI,KAAKhR,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,gEAClB,KAAKkJ,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACb/xB,EAAEA,GAAMgyB,EACd,OAAOtpC,GAAUipC,SAAS1oC,MAAM8zB,KAAKmL,EAAKrL,EAAUr5B,EAAM0qC,EAAGluB,EAAGqa,EACtE,CACI,KAAKjzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACblK,KAAEA,GAASmK,EACjB,OAAOtpC,GAAUipC,SAASzoC,YAAY6zB,KAAKmL,EAAKrL,EAAUr5B,EAAM0qC,EAAGrG,EAAMxN,EAC/E,CACI,KAAKjzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMkS,GACRlK,KAAEA,GAASmK,EACjB,OAAOtpC,GAAUipC,SAASG,MAAM/U,KAAK1d,EAAMwd,EAAUr5B,EAAMq8B,EAAGgI,EAAMxN,EAC1E,CACI,QACE,MAAUn8B,MAAM,gCAEtB,SA9FOe,eAAsBogB,EAAMwd,EAAUrxB,EAAWymC,EAAczuC,EAAM62B,GAC1E,OAAQhb,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM0L,EAAEA,EAAC1T,EAAEA,GAAMoxC,EACX17B,EAAI9C,EAAK6B,QAAQ9J,EAAU+K,EAAGhC,EAAEhW,QACtC,OAAOmK,GAAUgpC,IAAIpU,OAAOT,EAAUr5B,EAAM+S,EAAGhC,EAAG1T,EAAGw5B,EAC3D,CACI,KAAKjzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMylB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,EAACiX,EAAEA,GAAMya,GACjB55B,EAAEA,EAAC9B,EAAEA,GAAM/K,EACjB,OAAO9C,GAAUK,IAAIu0B,OAAOT,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,EACnE,CACI,KAAKpwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAIxpC,GAAUipC,SAASvE,aAAalF,GAAK+E,YAErD50B,EAAI5E,EAAK6B,QAAQ9J,EAAU6M,EAAG65B,GAC9B37B,EAAI9C,EAAK6B,QAAQ9J,EAAU+K,EAAG27B,GACpC,OAAOxpC,GAAUipC,SAAS1oC,MAAMq0B,OAAO4K,EAAKrL,EAAU,CAAExkB,IAAG9B,KAAK/S,EAAM0qC,EAAG7T,EAC/E,CACI,KAAKjzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAIxpC,GAAUipC,SAASvE,aAAalF,GAAK+E,YAGrD50B,EAAI5E,EAAK6B,QAAQ9J,EAAU6M,EAAG65B,GAC9B37B,EAAI9C,EAAK6B,QAAQ9J,EAAU+K,EAAG27B,GACpC,OAAOxpC,GAAUipC,SAASzoC,YAAYo0B,OAAO4K,EAAKrL,EAAU,CAAExkB,IAAG9B,KAAK/S,EAAM0qC,EAAG7T,EACrF,CACI,KAAKjzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMoS,EACd,OAAOvpC,GAAUipC,SAASG,MAAMxU,OAAOje,EAAMwd,EAAUrxB,EAAWhI,EAAMq8B,EAAGxF,EACjF,CACI,QACE,MAAUn8B,MAAM,gCAEtB,ICrGA,MAAMi0C,GACJ,WAAA51C,CAAYiH,GACNA,IACF7G,KAAK6G,KAAOA,EAElB,CASE,IAAAxE,CAAK8H,GACH,GAAIA,EAAMvI,QAAU,EAAG,CACrB,MAAMA,EAASuI,EAAM,GACrB,GAAIA,EAAMvI,QAAU,EAAIA,EAEtB,OADA5B,KAAK6G,KAAOsD,EAAMnB,SAAS,EAAG,EAAIpH,GAC3B,EAAI5B,KAAK6G,KAAKjF,MAE7B,CACI,MAAUL,MAAM,wBACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK6G,KAAKjF,SAAU5B,KAAK6G,MAC3E,ECzBA,MAAM4uC,GAKJ,WAAA71C,CAAYiH,GACV,GAAIA,EAAM,CACR,MAAM8G,KAAEA,EAAIkV,OAAEA,GAAWhc,EACzB7G,KAAK2N,KAAOA,EACZ3N,KAAK6iB,OAASA,CACpB,MACM7iB,KAAK2N,KAAO,KACZ3N,KAAK6iB,OAAS,IAEpB,CAOE,IAAAxgB,CAAK9B,GACH,GAAIA,EAAMqB,OAAS,GAAkB,IAAbrB,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIusC,GAAiB,yBAI7B,OAFA9sC,KAAK2N,KAAOpN,EAAM,GAClBP,KAAK6iB,OAAStiB,EAAM,GACb,CACX,CAME,KAAAwC,GACE,OAAO,IAAItB,WAAW,CAAC,EAAG,EAAGzB,KAAK2N,KAAM3N,KAAK6iB,QACjD,ECzDA,MAAM6yB,GACJ,iBAAOC,EAAWlG,WAAEA,EAAUmG,UAAEA,IAC9B,MAAMjwB,EAAW,IAAI+vB,GAGrB,OAFA/vB,EAAS8pB,WAAaA,EACtB9pB,EAASiwB,UAAYA,EACdjwB,CACX,CAQE,IAAAtjB,CAAK8H,GACH,IAAI9H,EAAO,EACPwzC,EAAe1rC,EAAM9H,KACzBrC,KAAK41C,UAAYC,EAAe,EAAI1rC,EAAM9H,KAAU,KACpDwzC,GAAgBA,EAAe,EAC/B71C,KAAKyvC,WAAa34B,EAAK4B,kBAAkBvO,EAAO9H,EAAMA,EAAOwzC,GAAexzC,GAAQwzC,CACxF,CAME,KAAA9yC,GACE,OAAO+T,EAAKpV,iBAAiB,CAC3B1B,KAAK41C,UACH,IAAIn0C,WAAW,CAACzB,KAAKyvC,WAAW7tC,OAAS,EAAG5B,KAAK41C,YACjD,IAAIn0C,WAAW,CAACzB,KAAKyvC,WAAW7tC,SAClC5B,KAAKyvC,YAEX,ECwbA,SAASqG,GAAoBvK,GAC3B,IACEA,EAAIE,SACL,CAAC,MAAOvnC,GACP,MAAM,IAAI4oC,GAAiB,oBAC/B,CACA,CAOO,SAASiJ,GAAoBrzB,EAAM6oB,GACxC,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUQ,YACnB,OAAO,IAAIR,GAAUipC,SAASvE,aAAalF,GAAK+E,YAClD,KAAK7lC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAM9H,eAAe3qB,GACjD,KAAKjY,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAUipC,SAASgB,MAAM3I,eAAe3qB,GACjD,QACE,MAAUnhB,MAAM,yBAEtB,kEAhLO,SAAwBmhB,EAAMzG,EAAMsvB,GACzC,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACnB,OAAOH,GAAUgpC,IAAI5H,SAASlxB,EAAM,OAAOpZ,MAAK,EAAG+U,IAAG1T,IAAGmf,IAAG+J,IAAGxJ,IAAGoa,QAAS,CACzEiY,cAAe,CAAE5yB,IAAG+J,IAAGxJ,IAAGoa,KAC1BsX,aAAc,CAAE19B,IAAG1T,SAEvB,KAAKuG,EAAMsB,UAAUO,MACnB,OAAOP,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE5yB,EAAG8wB,GACpBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK9mC,EAAMsB,UAAUQ,YACnB,OAAOR,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE/K,KAAMiJ,GACvBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK9mC,EAAMsB,UAAUM,KACnB,OAAON,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,SAAQxmC,OAAMkV,aAAc,CAClFozB,cAAe,CAAE5yB,EAAG8wB,GACpBmB,aAAc,CACZ/J,IAAK,IAAID,GAAIC,GACbgG,IACA0B,UAAW,IAAIwC,GAAU,CAAE9nC,OAAMkV,gBAGvC,KAAKpY,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAMhI,SAASzqB,GAAM7f,MAAK,EAAGqgC,IAAGgI,WAAY,CACpE+K,cAAe,CAAE/K,QACjBoK,aAAc,CAAEpS,SAEpB,KAAKz4B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAUipC,SAASgB,MAAM7I,SAASzqB,GAAM7f,MAAK,EAAGqgC,IAAG1pB,QAAS,CACjEy8B,cAAe,CAAEz8B,KACjB87B,aAAc,CAAEpS,SAEpB,KAAKz4B,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,qBAiFO,SAA4BmhB,GACjC,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOmZ,GAAe5Y,EACxB,cAQO,SAAqBP,GAC1B,MAAMsS,EAAWvqB,EAAMpI,KAAKoI,EAAM6D,KAAMoU,GACxC,OAAO+Q,GAAKuB,EACd,sEA0CO,SAAmCtS,EAAM6oB,GAC9C,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,OAAOR,GAAUipC,SAASvH,qBAAqBlC,GACjD,KAAK9gC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAM1H,qBAAqB/qB,GACvD,QACE,MAAUnhB,MAAM,iCAEtB,kBAhFOe,eAA+BogB,GACpC,MAAMQ,UAAEA,GAAcF,GAAgBN,GAChCwzB,QAAqBra,GAAe3Y,GACpCizB,EAAS,IAAI10C,WAAW,CAACy0C,EAAaA,EAAat0C,OAAS,GAAIs0C,EAAaA,EAAat0C,OAAS,KACzG,OAAOkV,EAAKtS,OAAO,CAAC0xC,EAAcC,GACpC,2BAjMO,SAAkCzzB,EAAMvY,GAC7C,IAAI9H,EAAO,EACX,OAAQqgB,GAGN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAEnB,MAAO,CAAEoX,EADCtM,EAAK0B,QAAQrO,EAAMnB,SAAS3G,KAOxC,KAAKoI,EAAMsB,UAAUI,QAAS,CAC5B,MAAM+0B,EAAKpqB,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQ6+B,EAAGt/B,OAAS,EAEnE,MAAO,CAAEs/B,KAAIC,GADFrqB,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAE7C,CAII,KAAKoI,EAAMsB,UAAUM,KAAM,CACzB,MAAMslC,EAAI76B,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQsvC,EAAE/vC,OAAS,EACjE,MAAM4yC,EAAI,IAAI4B,GACd,OAD4B5B,EAAEnyC,KAAK8H,EAAMnB,SAAS3G,IAC3C,CAAEsvC,IAAG6C,IAClB,CAMI,KAAK/pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMilC,EAAYmE,GAAoBrzB,GAChC2sB,EAAqBv4B,EAAK4B,kBAAkBvO,EAAO9H,EAAMA,EAAOuvC,GAAYvvC,GAAQgtC,EAAmBztC,OAC7G,MAAM4yC,EAAI,IAAIkB,GACd,OADmClB,EAAEnyC,KAAK8H,EAAMnB,SAAS3G,IAClD,CAAEgtC,qBAAoBmF,IACnC,CACI,QACE,MAAM,IAAI1H,GAAiB,4CAEjC,wBAjGO,SAA+BpqB,EAAMvY,EAAOmrC,GACjD,IAAIjzC,EAAO,EACX,OAAQqgB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMmX,EAAIvM,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQghB,EAAEzhB,OAAS,EACjE,MAAMwrB,EAAItW,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMgiB,EAAI9M,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQuhB,EAAEhiB,OAAS,EACjE,MAAMo8B,EAAIlnB,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ27B,EAAEp8B,OAAS,EAC1D,CAAES,OAAM4zC,cAAe,CAAE5yB,IAAG+J,IAAGxJ,IAAGoa,KAC/C,CACI,KAAKvzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QAAS,CAC5B,MAAMsP,EAAI3E,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQoZ,EAAE7Z,OAAS,EAC1D,CAAES,OAAM4zC,cAAe,CAAEx6B,KACtC,CACI,KAAKhR,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMikC,EAAcyF,GAAoBrzB,EAAM4yB,EAAa/J,KAC3D,IAAIloB,EAAIvM,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQghB,EAAEzhB,OAAS,EAC/DyhB,EAAIvM,EAAK6B,QAAQ0K,EAAGitB,GACb,CAAEjuC,OAAM4zC,cAAe,CAAE5yB,KACtC,CACI,KAAK5Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM+jC,EAAcyF,GAAoBrzB,EAAM4yB,EAAa/J,KAC3D,GAAI+J,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMQ,cAC7C,MAAU3J,MAAM,kCAElB,IAAI2pC,EAAOp0B,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAEvC,OAF+CA,GAAQ6oC,EAAKtpC,OAAS,EACrEspC,EAAOp0B,EAAK6B,QAAQuyB,EAAMoF,GACnB,CAAEjuC,OAAM4zC,cAAe,CAAE/K,QACtC,CACI,KAAKzgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAM0jC,EAAcyF,GAAoBrzB,GAClCwoB,EAAOp0B,EAAK4B,kBAAkBvO,EAAO9H,EAAMA,EAAOiuC,GACxD,OADsEjuC,GAAQ6oC,EAAKtpC,OAC5E,CAAES,OAAM4zC,cAAe,CAAE/K,QACtC,CACI,KAAKzgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAM2jC,EAAcyF,GAAoBrzB,GAClClJ,EAAI1C,EAAK4B,kBAAkBvO,EAAO9H,EAAMA,EAAOiuC,GACrD,OADmEjuC,GAAQmX,EAAE5X,OACtE,CAAES,OAAM4zC,cAAe,CAAEz8B,KACtC,CACI,QACE,MAAM,IAAIszB,GAAiB,4CAEjC,uBAjHO,SAA8BpqB,EAAMvY,GACzC,IAAI9H,EAAO,EACX,OAAQqgB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM0L,EAAId,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQuV,EAAEhW,OAAS,EACjE,MAAMsC,EAAI4S,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6B,EAAEtC,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAE19B,IAAG1T,KACxC,CACI,KAAKuG,EAAMsB,UAAUK,IAAK,CACxB,MAAMghB,EAAItW,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMgiB,EAAI9M,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQuhB,EAAEhiB,OAAS,EACjE,MAAMiwB,EAAI/a,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQwvB,EAAEjwB,OAAS,EACjE,MAAMi5B,EAAI/jB,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQw4B,EAAEj5B,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAEloB,IAAGxJ,IAAGiO,IAAGgJ,KAC9C,CACI,KAAKpwB,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAItW,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMiwB,EAAI/a,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQwvB,EAAEjwB,OAAS,EACjE,MAAMi5B,EAAI/jB,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQw4B,EAAEj5B,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAEloB,IAAGyE,IAAGgJ,KAC3C,CACI,KAAKpwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,EAAM,IAAID,GAAOjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GACpB,MAAMgG,EAAIz6B,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQkvC,EAAE3vC,OAAS,EAC1D,CAAES,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK9mC,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,EAAM,IAAID,GAEhB,GAFuBjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GAChBA,EAAIE,YAAchhC,EAAMC,MAAMQ,cAChC,MAAU3J,MAAM,kCAElB,IAAIgwC,EAAIz6B,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQkvC,EAAE3vC,OAAS,EAC/D2vC,EAAIz6B,EAAK6B,QAAQ44B,EAAG,IACb,CAAElvC,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK9mC,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,EAAM,IAAID,GAAOjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GACpB,MAAMgG,EAAIz6B,EAAK0B,QAAQrO,EAAMnB,SAAS3G,IAAQA,GAAQkvC,EAAE3vC,OAAS,EACjE,MAAMqxC,EAAY,IAAIwC,GACtB,OADmCpzC,GAAQ4wC,EAAU5wC,KAAK8H,EAAMnB,SAAS3G,IAClE,CAAEA,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,IAAG0B,aACnD,CACI,KAAKxoC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACrB,KAAKnC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAIpsB,EAAK4B,kBAAkBvO,EAAO9H,EAAMA,EAAO0zC,GAAoBrzB,IACzE,OADiFrgB,GAAQ6gC,EAAEthC,OACpF,CAAES,OAAMizC,aAAc,CAAEpS,KACrC,CACI,QACE,MAAM,IAAI4J,GAAiB,4CAEjC,mBApGOxqC,eAAgCogB,EAAM0yB,EAAiBC,EAAkBgB,EAAkBnD,EAAa9V,GAC7G,OAAQ1a,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WAAY,CAC/B,MAAMmX,EAAEA,GAAMizB,GACRz+B,EAAEA,EAAC1T,EAAEA,GAAMkxC,GACX/xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQqX,EACvB,OAAOtpC,GAAUgpC,IAAIzmB,QAAQlL,EAAGxL,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EACxD,CACI,KAAK3yB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM+0B,GAAEA,EAAEC,GAAEA,GAAOkV,EACbjpB,EAAIgoB,EAAgBhoB,EACpB3R,EAAI45B,EAAiB55B,EAC3B,OAAO1P,GAAUI,QAAQmiB,QAAQ4S,EAAIC,EAAI/T,EAAG3R,EAAG2hB,EACrD,CACI,KAAK3yB,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcmC,GACxB/xB,EAAEA,GAAMgyB,GACR1D,EAAEA,EAAC6C,EAAEA,GAAM6B,EACjB,OAAOtqC,GAAUipC,SAAS3oC,KAAKiiB,QAC7Bid,EAAK0H,EAAWtB,EAAG6C,EAAE3tC,KAAM0qC,EAAGluB,EAAG6vB,EACzC,CACI,KAAKzoC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAEA,GAAMkS,GACR57B,EAAEA,GAAM67B,GACRhG,mBAAEA,EAAkBmF,EAAEA,GAAM6B,EAClC,GAAoB,OAAhB7B,EAAEoB,YAAuB9+B,EAAK2H,MAAM+1B,EAAEoB,WACxC,MAAUr0C,MAAM,4BAElB,OAAOwK,GAAUipC,SAASgB,MAAM1nB,QAC9B5L,EAAM2sB,EAAoBmF,EAAE/E,WAAYvM,EAAG1pB,EACnD,CACI,QACE,MAAUjY,MAAM,4CAEtB,mBArFOe,eAAgCg0C,EAASC,EAAejB,EAAczuC,EAAMqsC,GACjF,OAAQoD,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAAgB,CACnC,MAAM4L,EAAEA,EAAC1T,EAAEA,GAAMoxC,EAEjB,MAAO,CAAElyB,QADOrX,GAAUgpC,IAAI/mB,QAAQnnB,EAAM+Q,EAAG1T,GAErD,CACI,KAAKuG,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMya,EACpB,OAAOvpC,GAAUI,QAAQ6hB,QAAQnnB,EAAMumB,EAAGyE,EAAGgJ,EACnD,CACI,KAAKpwB,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcqC,GACtBvpC,UAAW4lC,EAAGlC,WAAY+E,SAAYzoC,GAAUipC,SAAS3oC,KAAK2hB,QACpEud,EAAK0H,EAAWpsC,EAAM0qC,EAAG2B,GAC3B,MAAO,CAAEvB,IAAG6C,EAAG,IAAI4B,GAAW5B,GACpC,CACI,KAAK/pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,GAAI4pC,IAAkBz/B,EAAK2H,MAAM83B,GAE/B,MAAUh1C,MAAM,0DAElB,MAAM2hC,EAAEA,GAAMoS,GACRjG,mBAAEA,EAAkBI,WAAEA,SAAqB1jC,GAAUipC,SAASgB,MAAMhoB,QACxEsoB,EAASzvC,EAAMq8B,GAEjB,MAAO,CAAEmM,qBAAoBmF,EADnBkB,GAAkBC,WAAW,CAAEC,UAAWW,EAAe9G,eAEzE,CACI,QACE,MAAO,GAEb,kBAsOO,SAAyB/sB,EAAMkE,GAEpC,MAAM4vB,EAAgC,IAAI7gC,IAAI,CAC5ClL,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUW,OAChBjC,EAAMsB,UAAUa,MAChBnC,EAAMsB,UAAUY,OAEZ8pC,EAAgB32C,OAAO42C,KAAK9vB,GAAQjiB,KAAIsD,IAC5C,MAAMmrC,EAAQxsB,EAAO3e,GACrB,OAAK6O,EAAKtV,aAAa4xC,GAChBoD,EAA8BxyC,IAAI0e,GAAQ0wB,EAAQt8B,EAAKgC,gBAAgBs6B,GADxCA,EAAMrwC,OACwC,IAEtF,OAAO+T,EAAKpV,iBAAiB+0C,EAC/B,iBAkEOn0C,eAA8BogB,EAAM4yB,EAAcW,GACvD,IAAKX,IAAiBW,EACpB,MAAU10C,MAAM,0BAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM0L,EAAEA,EAAC1T,EAAEA,GAAMoxC,GACXjyB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,EAAEA,GAAMiY,EACvB,OAAOlqC,GAAUgpC,IAAI4B,eAAe/+B,EAAG1T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EACzD,CACI,KAAKvzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMghB,EAAEA,EAACxJ,EAAEA,EAACiO,EAAEA,EAACgJ,EAAEA,GAAMya,GACjB75B,EAAEA,GAAMw6B,EACd,OAAOlqC,GAAUK,IAAIuqC,eAAevpB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,EACtD,CACI,KAAKhR,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMya,GACd75B,EAAEA,GAAMw6B,EACd,OAAOlqC,GAAUI,QAAQwqC,eAAevpB,EAAGyE,EAAGgJ,EAAGpf,EACvD,CACI,KAAKhR,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMuqC,EAAa7qC,GAAUipC,SAASvqC,EAAMpI,KAAKoI,EAAMsB,UAAW2W,KAC5D6oB,IAAEA,EAAGgG,EAAEA,GAAM+D,GACbjyB,EAAEA,GAAM4yB,EACd,OAAOW,EAAWD,eAAepL,EAAKgG,EAAGluB,EAC/C,CACI,KAAK5Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAMglC,EAAEA,EAAChG,IAAEA,GAAQ+J,GACbpK,KAAEA,GAAS+K,EACjB,OAAOlqC,GAAUipC,SAASzoC,YAAYoqC,eAAepL,EAAKgG,EAAGrG,EACnE,CACI,KAAKzgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMoS,GACRpK,KAAEA,GAAS+K,EACjB,OAAOlqC,GAAUipC,SAASG,MAAMwB,eAAej0B,EAAMwgB,EAAGgI,EAC9D,CACI,KAAKzgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAEA,GAAMoS,GACR97B,EAAEA,GAAMy8B,EACd,OAAOlqC,GAAUipC,SAASgB,MAAMW,eAAej0B,EAAMwgB,EAAG1pB,EAC9D,CACI,QACE,MAAUjY,MAAM,iCAEtB,ICjaA,MAAM44B,GAAM,CAEVtX,OAAQA,GAERlV,KAAMA,GAEN8lB,KAAMA,GAEN1nB,UAAWA,GAEX8C,UAAWA,GAEXgoC,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGTl3C,OAAO+mB,OAAOsT,GAAK/d,ICnCZ,MAAM66B,WAA+B11C,MAC1C,WAAA3B,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAMi3C,IAGhCj3C,KAAKiI,KAAO,wBAChB,EAIA,IAAIivC,GACAC,GAIJ,MAAMC,GAIJ,WAAAx3C,CAAYsU,EAASsD,GACnB,MAAMzC,OAAEA,EAAMC,YAAEA,EAAWC,eAAEA,GAAmBf,EAAOY,gBAEvD9U,KAAKiU,KAAO,SAKZjU,KAAK2uC,KAAO,KAKZ3uC,KAAK2b,EAAI5G,EAKT/U,KAAKotB,EAAIpY,EAKThV,KAAKq3C,SAAWpiC,CACpB,CAEE,YAAAqiC,GACEt3C,KAAK2uC,KAAOvyB,GAAOy6B,OAAOhb,eAnDL,GAoDzB,CAOE,IAAAx5B,CAAK8H,GACH,IAAIrI,EAAI,EASR,OAPA9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,IAClCA,GAAK,GAEL9B,KAAK2b,EAAIxR,EAAMrI,KACf9B,KAAKotB,EAAIjjB,EAAMrI,KACf9B,KAAKq3C,SAAWltC,EAAMrI,KAEfA,CACX,CAME,KAAAiB,GACE,MAAMojB,EAAM,CACV,IAAI1kB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,QAC5CjU,KAAK2uC,KACL,IAAIltC,WAAW,CAACzB,KAAK2b,EAAG3b,KAAKotB,EAAGptB,KAAKq3C,YAGvC,OAAOvgC,EAAKpV,iBAAiBykB,EACjC,CAUE,gBAAMoxB,CAAWC,EAAYv0B,GAC3B,MAAMw0B,EAAW,GAAMz3C,KAAKq3C,SAAW,EAEvC,IAIEH,GAAsBA,WAA8Bh3C,QAAAC,UAAA0C,MAAA,WAAA,OAAA60C,EAAA,KAAoBC,QACxER,GAAgBA,IAAiBD,KAGjC,MAAMrrC,QAAesrC,GAGfxpC,EAAO9B,EAAO,CAClB+rC,QA9Ge,GA+Gf3jC,KAhHY,EAiHZ4jC,SAJoB/gC,EAAKyD,WAAWi9B,GAKpC7I,KAAM3uC,KAAK2uC,KACXzd,UAAWjO,EACX60B,WAAYL,EACZziC,YAAahV,KAAKotB,EAClBrY,OAAQ/U,KAAK2b,IASf,OALI87B,EAtGkC,UAwGpCN,GAAgBD,KAChBC,GAAc92C,OAAM,UAEfsN,CACR,CAAC,MAAOzJ,GACP,MAAIA,EAAEqP,UACJrP,EAAEqP,QAAQ4L,SAAS,mCACnBjb,EAAEqP,QAAQ4L,SAAS,0BACnBjb,EAAEqP,QAAQ4L,SAAS,4BACnBjb,EAAEqP,QAAQ4L,SAAS,kBAEb,IAAI83B,GAAuB,iDAE3B/yC,CAEd,CACA,EC9GA,MAAM6zC,GAIJ,WAAAn4C,CAAYgV,EAASV,EAASsD,GAK5BxX,KAAK41C,UAAYnrC,EAAMkD,KAAKI,OAK5B/N,KAAKiU,KAAOxJ,EAAMpI,KAAKoI,EAAMgB,IAAKmJ,GAElC5U,KAAKojB,EAAIlP,EAAOW,sBAIhB7U,KAAK2uC,KAAO,IAChB,CAEE,YAAA2I,GACE,OAAQt3C,KAAKiU,MACX,IAAK,SACL,IAAK,WACHjU,KAAK2uC,KAAOvyB,GAAOy6B,OAAOhb,eAAe,GAEjD,CAEE,QAAAmc,GAIE,OAAQ,IAAe,GAATh4C,KAAKojB,IAFH,GAEiBpjB,KAAKojB,GAAK,EAC/C,CAOE,IAAA/gB,CAAK8H,GACH,IAAIrI,EAAI,EAGR,OAFA9B,KAAK41C,UAAYzrC,EAAMrI,KAEf9B,KAAKiU,MACX,IAAK,SACH,MAEF,IAAK,SACHjU,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACH9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EAGL9B,KAAKojB,EAAIjZ,EAAMrI,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDgV,EAAKoD,mBAAmB/P,EAAMnB,SAASlH,EAAGA,EAAI,IAUhD,MAAM,IAAIgrC,GAAiB,qBAT3BhrC,GAAK,EAEL,GAAmB,OADA,IAAOqI,EAAMrI,KAK9B,MAAM,IAAIgrC,GAAiB,oCAH3B9sC,KAAKiU,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI64B,GAAiB,qBAG/B,OAAOhrC,CACX,CAME,KAAAiB,GACE,GAAkB,cAAd/C,KAAKiU,KACP,OAAO,IAAIxS,WAAW,CAAC,IAAK,KAAMqV,EAAKgD,mBAAmB,OAAQ,IAEpE,MAAMqM,EAAM,CAAC,IAAI1kB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,MAAOjU,KAAK41C,aAErE,OAAQ51C,KAAKiU,MACX,IAAK,SACH,MACF,IAAK,SACHkS,EAAIrjB,KAAK9C,KAAK2uC,MACd,MACF,IAAK,WACHxoB,EAAIrjB,KAAK9C,KAAK2uC,MACdxoB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKojB,KAC9B,MACF,IAAK,MACH,MAAU7hB,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOuV,EAAKpV,iBAAiBykB,EACjC,CAUE,gBAAMoxB,CAAWC,EAAYS,GAC3BT,EAAa1gC,EAAKyD,WAAWi9B,GAE7B,MAAMrxB,EAAM,GACZ,IAAI+xB,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIG,EACJ,OAAQp4C,KAAKiU,MACX,IAAK,SACHmkC,EAASthC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW02C,GAAYX,IAC3D,MACF,IAAK,SACHY,EAASthC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW02C,GAAYn4C,KAAK2uC,KAAM6I,IACtE,MACF,IAAK,WAAY,CACf,MAAM3wC,EAAOiQ,EAAKpV,iBAAiB,CAAC1B,KAAK2uC,KAAM6I,IAC/C,IAAIa,EAAUxxC,EAAKjF,OACnB,MAAMo7B,EAAQv0B,KAAKC,IAAI1I,KAAKg4C,WAAYK,GACxCD,EAAS,IAAI32C,WAAW02C,EAAYnb,GACpCob,EAAOj2C,IAAI0E,EAAMsxC,GACjB,IAAK,IAAIn2C,EAAMm2C,EAAYE,EAASr2C,EAAMg7B,EAAOh7B,GAAOq2C,EAASA,GAAW,EAC1ED,EAAO56B,WAAWxb,EAAKm2C,EAAWn2C,GAEpC,KACV,CACQ,IAAK,MACH,MAAUT,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMQ,QAAeqa,GAAOzO,KAAK6W,OAAOxkB,KAAK41C,UAAWwC,GACxDjyB,EAAIrjB,KAAKf,GACTm2C,GAAWn2C,EAAOH,OAClBu2C,GACN,CAEI,OAAOrhC,EAAKpV,iBAAiBykB,GAAKnd,SAAS,EAAGivC,EAClD,EC/LA,MAAMK,GAA+B,IAAI3iC,IAAI,CAAClL,EAAMgB,IAAII,OAAQpB,EAAMgB,IAAIG,WASnE,SAAS2sC,GAAetkC,EAAMC,EAASsD,GAC5C,OAAQvD,GACN,KAAKxJ,EAAMgB,IAAII,OACb,OAAO,IAAIurC,GAAUljC,GACvB,KAAKzJ,EAAMgB,IAAIG,SACf,KAAKnB,EAAMgB,IAAIK,IACf,KAAKrB,EAAMgB,IAAIE,OACf,KAAKlB,EAAMgB,IAAIC,OACb,OAAO,IAAIqsC,GAAW9jC,EAAMC,GAC9B,QACE,MAAM,IAAI44B,GAAiB,wBAEjC,CAQO,SAAS0L,GAAiBtkC,GAC/B,MAAMU,QAAEA,GAAYV,EAEpB,IAAKokC,GAA6Bt0C,IAAI4Q,GACpC,MAAUrT,MAAM,sDAGlB,OAAOg3C,GAAe3jC,EAASV,EACjC,CC1CA,IAAIukC,GAAUvhC,EAAaA,cAAC,KAa5B,IACauhC,GAAQ,kBAAkBC,MACvC,CACA,MAAOx0C,GACP,CA0BA,IAAIgiB,GAAKzkB,WAAYk3C,GAAM5rB,YAAa3G,GAAMhG,YAE1Cw4B,GAAO,IAAI1yB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAgB,EAAG,EAAoB,IAG1I2yB,GAAO,IAAI3yB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAiB,EAAG,IAEjI4yB,GAAO,IAAI5yB,GAAG,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,KAE7E6yB,GAAO,SAAUC,EAAI50C,GAErB,IADA,IAAI0T,EAAI,IAAI6gC,GAAI,IACP72C,EAAI,EAAGA,EAAI,KAAMA,EACtBgW,EAAEhW,GAAKsC,GAAS,GAAK40C,EAAGl3C,EAAI,GAGhC,IAAI4Z,EAAI,IAAI0K,GAAItO,EAAE,KAClB,IAAShW,EAAI,EAAGA,EAAI,KAAMA,EACtB,IAAK,IAAIsY,EAAItC,EAAEhW,GAAIsY,EAAItC,EAAEhW,EAAI,KAAMsY,EAC/BsB,EAAEtB,GAAOA,EAAItC,EAAEhW,IAAO,EAAKA,EAGnC,MAAO,CAACgW,EAAG4D,EACf,EACIu9B,GAAKF,GAAKH,GAAM,GAAIM,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE/CC,GAAG,IAAM,IAAKC,GAAM,KAAO,GAI3B,IAHA,IAAIC,GAAKL,GAAKF,GAAM,GAAIQ,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE3CG,GAAM,IAAIZ,GAAI,OACT72C,GAAI,EAAGA,GAAI,QAASA,GAAG,CAE5B,IAAI2Z,IAAU,MAAJ3Z,MAAgB,GAAW,MAAJA,KAAe,EAEhD2Z,IAAU,OADVA,IAAU,MAAJA,MAAgB,GAAW,MAAJA,KAAe,MACtB,GAAW,KAAJA,KAAe,EAC5C89B,GAAIz3C,MAAY,MAAJ2Z,MAAgB,GAAW,IAAJA,KAAe,KAAQ,CAC9D,CAIA,IAAI+9B,YAAkBC,EAAIC,EAAIh+B,GAO1B,IANA,IAAI9B,EAAI6/B,EAAG73C,OAEPE,EAAI,EAEJwgC,EAAI,IAAIqW,GAAIe,GAET53C,EAAI8X,IAAK9X,EACR23C,EAAG33C,MACDwgC,EAAEmX,EAAG33C,GAAK,GAGpB,IAII63C,EAJAC,EAAK,IAAIjB,GAAIe,GACjB,IAAK53C,EAAI,EAAGA,EAAI43C,IAAM53C,EAClB83C,EAAG93C,GAAM83C,EAAG93C,EAAI,GAAKwgC,EAAExgC,EAAI,IAAO,EAGtC,GAAI4Z,EAAG,CAEHi+B,EAAK,IAAIhB,GAAI,GAAKe,GAElB,IAAIG,EAAM,GAAKH,EACf,IAAK53C,EAAI,EAAGA,EAAI8X,IAAK9X,EAEjB,GAAI23C,EAAG33C,GAQH,IANA,IAAIg4C,EAAMh4C,GAAK,EAAK23C,EAAG33C,GAEnBi4C,EAAML,EAAKD,EAAG33C,GAEd+X,EAAI+/B,EAAGH,EAAG33C,GAAK,MAAQi4C,EAElBzhB,EAAIze,GAAM,GAAKkgC,GAAO,EAAIlgC,GAAKye,IAAKze,EAEzC8/B,EAAGJ,GAAI1/B,KAAOggC,GAAOC,CAIzC,MAGQ,IADAH,EAAK,IAAIhB,GAAI/+B,GACR9X,EAAI,EAAGA,EAAI8X,IAAK9X,EACb23C,EAAG33C,KACH63C,EAAG73C,GAAKy3C,GAAIK,EAAGH,EAAG33C,GAAK,QAAW,GAAK23C,EAAG33C,IAItD,OAAO63C,CACV,EAEGK,GAAM,IAAI9zB,GAAG,KACjB,IAASpkB,GAAI,EAAGA,GAAI,MAAOA,GACvBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EAEb,IAAIm4C,GAAM,IAAI/zB,GAAG,IACjB,IAASpkB,GAAI,EAAGA,GAAI,KAAMA,GACtBm4C,GAAIn4C,IAAK,EAEb,IAAIo4C,gBAAoBV,GAAKQ,GAAK,EAAG,GAAIG,gBAAqBX,GAAKQ,GAAK,EAAG,GAEvEI,gBAAoBZ,GAAKS,GAAK,EAAG,GAAII,gBAAqBb,GAAKS,GAAK,EAAG,GAEvEvxC,GAAM,SAAU6V,GAEhB,IADA,IAAI+Z,EAAI/Z,EAAE,GACDzc,EAAI,EAAGA,EAAIyc,EAAE3c,SAAUE,EACxByc,EAAEzc,GAAKw2B,IACPA,EAAI/Z,EAAEzc,IAEd,OAAOw2B,CACX,EAEIrc,GAAO,SAAUoH,EAAG+J,EAAGkL,GACvB,IAAIzI,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,KAAY,EAAJzC,GAAUkL,CACnD,EAEIgiB,GAAS,SAAUj3B,EAAG+J,GACtB,IAAIyC,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,EAAMxM,EAAEwM,EAAI,IAAM,MAAa,EAAJzC,EAC5D,EAEImtB,GAAO,SAAUntB,GAAK,OAASA,EAAI,GAAK,EAAK,CAAI,EAGjDotB,GAAM,SAAU3gC,EAAGD,EAAG1V,IACb,MAAL0V,GAAaA,EAAI,KACjBA,EAAI,IACC,MAAL1V,GAAaA,EAAI2V,EAAEjY,UACnBsC,EAAI2V,EAAEjY,QAEV,IAAIgW,EAAI,IAA4B,GAAvBiC,EAAE4gC,kBAAyB9B,GAA6B,GAAvB9+B,EAAE4gC,kBAAyBr0B,GAAMF,IAAIhiB,EAAI0V,GAEvF,OADAhC,EAAEzV,IAAI0X,EAAE7Q,SAAS4Q,EAAG1V,IACb0T,CACX,EAsBI8iC,GAAK,CACL,iBACA,qBACA,yBACA,mBACA,kBACA,oBACJ,CACI,cACA,qBACA,uBACA,8BACA,oBACA,mBACA,oBAIApkB,GAAM,SAAUqkB,EAAKnvB,EAAKovB,GAC1B,IAAI12C,EAAQ3C,MAAMiqB,GAAOkvB,GAAGC,IAI5B,GAHAz2C,EAAE22C,KAAOF,EACLp5C,MAAMwrC,mBACNxrC,MAAMwrC,kBAAkB7oC,EAAGoyB,KAC1BskB,EACD,MAAM12C,EACV,OAAOA,CACX,EAqLI42C,GAAQ,SAAUz3B,EAAG+J,EAAGvT,GACxBA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,CACtB,EAEIkhC,GAAU,SAAU13B,EAAG+J,EAAGvT,GAC1BA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,EAClBwJ,EAAEwM,EAAI,IAAMhW,IAAM,EACtB,EAEImhC,GAAQ,SAAU33B,EAAGq2B,GAGrB,IADA,IAAI/9B,EAAI,GACC7Z,EAAI,EAAGA,EAAIuhB,EAAEzhB,SAAUE,EACxBuhB,EAAEvhB,IACF6Z,EAAE7Y,KAAK,CAAE8W,EAAG9X,EAAGqkC,EAAG9iB,EAAEvhB,KAE5B,IAAI8X,EAAI+B,EAAE/Z,OACNwsB,EAAKzS,EAAEhZ,QACX,IAAKiX,EACD,MAAO,CAACqhC,GAAI,GAChB,GAAS,GAALrhC,EAAQ,CACR,IAAIC,EAAI,IAAIqM,GAAGvK,EAAE,GAAG/B,EAAI,GAExB,OADAC,EAAE8B,EAAE,GAAG/B,GAAK,EACL,CAACC,EAAG,EACnB,CACI8B,EAAEu/B,MAAK,SAAU38B,EAAGzG,GAAK,OAAOyG,EAAE4nB,EAAIruB,EAAEquB,KAGxCxqB,EAAE7Y,KAAK,CAAE8W,GAAI,EAAGusB,EAAG,QACnB,IAAI7D,EAAI3mB,EAAE,GAAID,EAAIC,EAAE,GAAIw/B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAO7C,IANA1/B,EAAE,GAAK,CAAE/B,GAAI,EAAGusB,EAAG7D,EAAE6D,EAAIzqB,EAAEyqB,EAAG7D,EAAGA,EAAG5mB,EAAGA,GAMhC0/B,GAAMxhC,EAAI,GACb0oB,EAAI3mB,EAAEA,EAAEw/B,GAAIhV,EAAIxqB,EAAE0/B,GAAIlV,EAAIgV,IAAOE,KACjC3/B,EAAIC,EAAEw/B,GAAMC,GAAMz/B,EAAEw/B,GAAIhV,EAAIxqB,EAAE0/B,GAAIlV,EAAIgV,IAAOE,KAC7C1/B,EAAEy/B,KAAQ,CAAExhC,GAAI,EAAGusB,EAAG7D,EAAE6D,EAAIzqB,EAAEyqB,EAAG7D,EAAGA,EAAG5mB,EAAGA,GAE9C,IAAI4/B,EAASltB,EAAG,GAAGxU,EACnB,IAAS9X,EAAI,EAAGA,EAAI8X,IAAK9X,EACjBssB,EAAGtsB,GAAG8X,EAAI0hC,IACVA,EAASltB,EAAGtsB,GAAG8X,GAGvB,IAAI2hC,EAAK,IAAI5C,GAAI2C,EAAS,GAEtBE,EAAMC,GAAG9/B,EAAEy/B,EAAK,GAAIG,EAAI,GAC5B,GAAIC,EAAM9B,EAAI,CAIN53C,EAAI,EAAR,IAAW45C,EAAK,EAEZC,EAAMH,EAAM9B,EAAIkC,EAAM,GAAKD,EAE/B,IADAvtB,EAAG8sB,MAAK,SAAU38B,EAAGzG,GAAK,OAAOyjC,EAAGzjC,EAAE8B,GAAK2hC,EAAGh9B,EAAE3E,IAAM2E,EAAE4nB,EAAIruB,EAAEquB,KACvDrkC,EAAI8X,IAAK9X,EAAG,CACf,IAAI+5C,EAAOztB,EAAGtsB,GAAG8X,EACjB,KAAI2hC,EAAGM,GAAQnC,GAKX,MAJAgC,GAAME,GAAO,GAAMJ,EAAMD,EAAGM,IAC5BN,EAAGM,GAAQnC,CAI3B,CAEQ,IADAgC,KAAQC,EACDD,EAAK,GAAG,CACX,IAAII,EAAO1tB,EAAGtsB,GAAG8X,EACb2hC,EAAGO,GAAQpC,EACXgC,GAAM,GAAMhC,EAAK6B,EAAGO,KAAU,IAE5Bh6C,CAClB,CACQ,KAAOA,GAAK,GAAK45C,IAAM55C,EAAG,CACtB,IAAIi6C,EAAO3tB,EAAGtsB,GAAG8X,EACb2hC,EAAGQ,IAASrC,MACV6B,EAAGQ,KACHL,EAElB,CACQF,EAAM9B,CACd,CACI,MAAO,CAAC,IAAIxzB,GAAGq1B,GAAKC,EACxB,EAEIC,GAAK,SAAU7jC,EAAG0qB,EAAGjf,GACrB,OAAe,GAARzL,EAAEgC,EACHnR,KAAKC,IAAI+yC,GAAG7jC,EAAE0qB,EAAGA,EAAGjf,EAAI,GAAIo4B,GAAG7jC,EAAE8D,EAAG4mB,EAAGjf,EAAI,IAC1Cif,EAAE1qB,EAAEgC,GAAKyJ,CACpB,EAEI24B,GAAK,SAAU54B,GAGf,IAFA,IAAIxJ,EAAIwJ,EAAExhB,OAEHgY,IAAMwJ,IAAIxJ,KAMjB,IAJA,IAAIqiC,EAAK,IAAItD,KAAM/+B,GAEfsiC,EAAM,EAAGC,EAAM/4B,EAAE,GAAIg5B,EAAM,EAC3BjzB,EAAI,SAAUtP,GAAKoiC,EAAGC,KAASriC,CAAI,EAC9B/X,EAAI,EAAGA,GAAK8X,IAAK9X,EACtB,GAAIshB,EAAEthB,IAAMq6C,GAAOr6C,GAAK8X,IAClBwiC,MACD,CACD,IAAKD,GAAOC,EAAM,EAAG,CACjB,KAAOA,EAAM,IAAKA,GAAO,IACrBjzB,EAAE,OACFizB,EAAM,IACNjzB,EAAEizB,EAAM,GAAOA,EAAM,IAAO,EAAK,MAAUA,EAAM,GAAM,EAAK,OAC5DA,EAAM,EAE1B,MACiB,GAAIA,EAAM,EAAG,CAEd,IADAjzB,EAAEgzB,KAAQC,EACHA,EAAM,EAAGA,GAAO,EACnBjzB,EAAE,MACFizB,EAAM,IACNjzB,EAAIizB,EAAM,GAAM,EAAK,MAAOA,EAAM,EACtD,CACY,KAAOA,KACHjzB,EAAEgzB,GACNC,EAAM,EACND,EAAM/4B,EAAEthB,EACpB,CAEI,MAAO,CAACm6C,EAAGjzC,SAAS,EAAGkzC,GAAMtiC,EACjC,EAEIyiC,GAAO,SAAUC,EAAIL,GAErB,IADA,IAAI3Z,EAAI,EACCxgC,EAAI,EAAGA,EAAIm6C,EAAGr6C,SAAUE,EAC7BwgC,GAAKga,EAAGx6C,GAAKm6C,EAAGn6C,GACpB,OAAOwgC,CACX,EAGIia,GAAQ,SAAUx2B,EAAK/jB,EAAKw6C,GAE5B,IAAI5iC,EAAI4iC,EAAI56C,OACRiuB,EAAI0qB,GAAKv4C,EAAM,GACnB+jB,EAAI8J,GAAS,IAAJjW,EACTmM,EAAI8J,EAAI,GAAKjW,IAAM,EACnBmM,EAAI8J,EAAI,GAAc,IAAT9J,EAAI8J,GACjB9J,EAAI8J,EAAI,GAAkB,IAAb9J,EAAI8J,EAAI,GACrB,IAAK,IAAI/tB,EAAI,EAAGA,EAAI8X,IAAK9X,EACrBikB,EAAI8J,EAAI/tB,EAAI,GAAK06C,EAAI16C,GACzB,OAAqB,GAAb+tB,EAAI,EAAIjW,EACpB,EAEI6iC,GAAO,SAAUD,EAAKz2B,EAAKiR,EAAO0lB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAI1iC,EAAI2iC,EAAI1vB,GAChE0tB,GAAM/0B,EAAKqH,IAAK4J,KACd2lB,EAAG,KAML,IALA,IAAI1D,EAAK+B,GAAM2B,EAAI,IAAKI,EAAM9D,EAAG,GAAI+D,EAAM/D,EAAG,GAC1CG,EAAK4B,GAAM4B,EAAI,IAAKK,EAAM7D,EAAG,GAAI8D,EAAM9D,EAAG,GAC1C+D,EAAKnB,GAAGe,GAAMK,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAKtB,GAAGiB,GAAMM,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAS,IAAI9E,GAAI,IACZ72C,EAAI,EAAGA,EAAIs7C,EAAKx7C,SAAUE,EAC/B27C,EAAiB,GAAVL,EAAKt7C,MAChB,IAASA,EAAI,EAAGA,EAAIy7C,EAAK37C,SAAUE,EAC/B27C,EAAiB,GAAVF,EAAKz7C,MAGhB,IAFA,IAAI47C,EAAK1C,GAAMyC,EAAQ,GAAIE,EAAMD,EAAG,GAAIE,EAAOF,EAAG,GAC9CG,EAAO,GACJA,EAAO,IAAMF,EAAI7E,GAAK+E,EAAO,MAAOA,GAE3C,IAKIC,EAAIC,EAAIC,EAAIC,EALZC,EAAQpB,EAAK,GAAM,EACnBqB,EAAQ9B,GAAKM,EAAI3C,IAAOqC,GAAKO,EAAI3C,IAAOjB,EACxCoF,EAAQ/B,GAAKM,EAAII,GAAOV,GAAKO,EAAIK,GAAOjE,EAAK,GAAK,EAAI6E,EAAOxB,GAAKoB,EAAQE,IAAQ,EAAIF,EAAO,IAAM,EAAIA,EAAO,IAAM,EAAIA,EAAO,KACnI,GAAIS,GAAQC,GAASD,GAAQE,EACzB,OAAO7B,GAAMx2B,EAAKqH,EAAGovB,EAAIxzC,SAASmR,EAAIA,EAAK2iC,IAG/C,GADAhC,GAAM/0B,EAAKqH,EAAG,GAAKgxB,EAAQD,IAAS/wB,GAAK,EACrCgxB,EAAQD,EAAO,CACfL,EAAKtE,GAAKuD,EAAKC,EAAK,GAAIe,EAAKhB,EAAKiB,EAAKxE,GAAKyD,EAAKC,EAAK,GAAIe,EAAKhB,EAC/D,IAAIoB,EAAM7E,GAAKmE,EAAKC,EAAM,GAC1B9C,GAAM/0B,EAAKqH,EAAGiwB,EAAM,KACpBvC,GAAM/0B,EAAKqH,EAAI,EAAGowB,EAAM,GACxB1C,GAAM/0B,EAAKqH,EAAI,GAAIywB,EAAO,GAC1BzwB,GAAK,GACL,IAAStrB,EAAI,EAAGA,EAAI+7C,IAAQ/7C,EACxBg5C,GAAM/0B,EAAKqH,EAAI,EAAItrB,EAAG67C,EAAI7E,GAAKh3C,KACnCsrB,GAAK,EAAIywB,EAET,IADA,IAAIS,EAAO,CAAClB,EAAMG,GACTgB,EAAK,EAAGA,EAAK,IAAKA,EACvB,KAAIC,EAAOF,EAAKC,GAChB,IAASz8C,EAAI,EAAGA,EAAI08C,EAAK58C,SAAUE,EAAG,CAClC,IAAIwrB,EAAgB,GAAVkxB,EAAK18C,GACfg5C,GAAM/0B,EAAKqH,EAAGixB,EAAI/wB,IAAOF,GAAKuwB,EAAIrwB,GAC9BA,EAAM,KACNwtB,GAAM/0B,EAAKqH,EAAIoxB,EAAK18C,KAAO,EAAK,KAAMsrB,GAAKoxB,EAAK18C,KAAO,GAC3E,CAN+B,CAQ/B,MAEQg8C,EAAK5D,GAAK6D,EAAK/D,GAAKgE,EAAK5D,GAAK6D,EAAKhE,GAEvC,IAASn4C,EAAI,EAAGA,EAAI+6C,IAAM/6C,EACtB,GAAI46C,EAAK56C,GAAK,IAAK,CACXwrB,EAAOovB,EAAK56C,KAAO,GAAM,GAC7Bi5C,GAAQh1B,EAAKqH,EAAG0wB,EAAGxwB,EAAM,MAAOF,GAAK2wB,EAAGzwB,EAAM,KAC1CA,EAAM,IACNwtB,GAAM/0B,EAAKqH,EAAIsvB,EAAK56C,KAAO,GAAM,IAAKsrB,GAAKwrB,GAAKtrB,IACpD,IAAIkB,EAAgB,GAAVkuB,EAAK56C,GACfi5C,GAAQh1B,EAAKqH,EAAG4wB,EAAGxvB,IAAOpB,GAAK6wB,EAAGzvB,GAC9BA,EAAM,IACNusB,GAAQh1B,EAAKqH,EAAIsvB,EAAK56C,KAAO,EAAK,MAAOsrB,GAAKyrB,GAAKrqB,GACnE,MAEYusB,GAAQh1B,EAAKqH,EAAG0wB,EAAGpB,EAAK56C,KAAMsrB,GAAK2wB,EAAGrB,EAAK56C,IAInD,OADAi5C,GAAQh1B,EAAKqH,EAAG0wB,EAAG,MACZ1wB,EAAI2wB,EAAG,IAClB,EAEIU,gBAAoB,IAAIr4B,GAAI,CAAC,MAAO,OAAQ,OAAQ,OAAQ,OAAQ,QAAS,QAAS,QAAS,UAE/F60B,gBAAmB,IAAI/0B,GAAG,GAsK1Bw4B,GAAO,SAAUlC,EAAKmC,EAAKC,EAAKC,EAAMC,GACtC,OArKO,SAAUtC,EAAKuC,EAAKC,EAAMJ,EAAKC,EAAMI,GAC5C,IAAIrlC,EAAI4iC,EAAI56C,OACRiuB,EAAI,IAAI3J,GAAG04B,EAAMhlC,EAAI,GAAK,EAAInR,KAAK0Q,KAAKS,EAAI,MAASilC,GAErD11B,EAAI0G,EAAE7mB,SAAS41C,EAAK/uB,EAAEjuB,OAASi9C,GAC/B78C,EAAM,EACV,IAAK+8C,GAAOnlC,EAAI,EACZ,IAAK,IAAI9X,EAAI,EAAGA,GAAK8X,EAAG9X,GAAK,MAAO,CAEhC,IAAIoC,EAAIpC,EAAI,MACRoC,GAAK0V,IAELuP,EAAEnnB,GAAO,GAAKi9C,GAElBj9C,EAAMu6C,GAAMpzB,EAAGnnB,EAAM,EAAGw6C,EAAIxzC,SAASlH,EAAGoC,GACpD,KAES,CAeD,IAdA,IAAIy6C,EAAMF,GAAIM,EAAM,GAChBnnC,EAAI+mC,IAAQ,GAAIv7B,EAAU,KAANu7B,EACpBO,GAAS,GAAKF,GAAQ,EAEtBh6C,EAAO,IAAI2zC,GAAI,OAAQwG,EAAO,IAAIxG,GAAIuG,EAAQ,GAC9CE,EAAQ32C,KAAK0Q,KAAK6lC,EAAO,GAAIK,EAAQ,EAAID,EACzCE,EAAM,SAAUx9C,GAAK,OAAQ06C,EAAI16C,GAAM06C,EAAI16C,EAAI,IAAMs9C,EAAU5C,EAAI16C,EAAI,IAAMu9C,GAAUH,CAAQ,EAG/FxC,EAAO,IAAIt2B,GAAI,MAEfu2B,EAAK,IAAIhE,GAAI,KAAMiE,EAAK,IAAIjE,GAAI,IAEhC4G,EAAO,EAAGvG,EAAK,EAAU6D,GAAP/6C,EAAI,EAAQ,GAAG09C,EAAK,EAAGrlC,EAAK,EAC3CrY,EAAI8X,IAAK9X,EAAG,CAGf,IAAI29C,EAAKH,EAAIx9C,GAET49C,EAAW,MAAJ59C,EAAW69C,EAAQR,EAAKM,GAKnC,GAJAz6C,EAAK06C,GAAQC,EACbR,EAAKM,GAAMC,EAGPF,GAAM19C,EAAG,CAET,IAAI89C,EAAMhmC,EAAI9X,EACd,IAAKy9C,EAAO,KAAQ1C,EAAK,QAAU+C,EAAM,IAAK,CAC1C59C,EAAMy6C,GAAKD,EAAKrzB,EAAG,EAAGuzB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAI1iC,EAAIrY,EAAIqY,EAAInY,GACxD66C,EAAK0C,EAAOvG,EAAK,EAAG7+B,EAAKrY,EACzB,IAAK,IAAIsY,EAAI,EAAGA,EAAI,MAAOA,EACvBuiC,EAAGviC,GAAK,EACZ,IAASA,EAAI,EAAGA,EAAI,KAAMA,EACtBwiC,EAAGxiC,GAAK,CAChC,CAEgB,IAAIkoB,EAAI,EAAGjf,EAAI,EAAGw8B,EAAOz8B,EAAG08B,EAAOJ,EAAOC,EAAS,MACnD,GAAIC,EAAM,GAAKH,GAAMH,EAAIx9C,EAAIg+C,GAMzB,IALA,IAAIC,EAAOt3C,KAAKud,IAAIpO,EAAGgoC,GAAO,EAC1BI,EAAOv3C,KAAKud,IAAI,MAAOlkB,GAGvBm+C,EAAKx3C,KAAKud,IAAI,IAAK45B,GAChBE,GAAOE,KAAUH,GAAQH,GAAQC,GAAO,CAC3C,GAAInD,EAAI16C,EAAIwgC,IAAMka,EAAI16C,EAAIwgC,EAAIwd,GAAM,CAEhC,IADA,IAAII,EAAK,EACFA,EAAKD,GAAMzD,EAAI16C,EAAIo+C,IAAO1D,EAAI16C,EAAIo+C,EAAKJ,KAAQI,GAEtD,GAAIA,EAAK5d,EAAG,CAGR,GAFAA,EAAI4d,EAAI78B,EAAIy8B,EAERI,EAAKH,EACL,MAIJ,IAAII,EAAM13C,KAAKud,IAAI85B,EAAKI,EAAK,GACzBE,EAAK,EACT,IAAShmC,EAAI,EAAGA,EAAI+lC,IAAO/lC,EAAG,CAC1B,IAAIimC,EAAMv+C,EAAIg+C,EAAM1lC,EAAI,MAAS,MAE7Bq/B,EAAM4G,EADAr7C,EAAKq7C,GACM,MAAS,MAC1B5G,EAAK2G,IACLA,EAAK3G,EAAIkG,EAAQU,EACzD,CACA,CACA,CAGwBP,IADAJ,EAAOC,IAAOA,EAAQ36C,EAAK06C,IACJ,MAAS,KACxD,CAGgB,GAAIr8B,EAAG,CAGHq5B,EAAKG,KAAQ,UAAa1D,GAAM7W,IAAM,GAAMgX,GAAMj2B,GAClD,IAAIi9B,EAAiB,GAAXnH,GAAM7W,GAASie,EAAiB,GAAXjH,GAAMj2B,GACrC21B,GAAMJ,GAAK0H,GAAOzH,GAAK0H,KACrB5D,EAAG,IAAM2D,KACT1D,EAAG2D,GACLf,EAAK19C,EAAIwgC,IACPid,CACtB,MAEoB7C,EAAKG,KAAQL,EAAI16C,KACf66C,EAAGH,EAAI16C,GAE7B,CACA,CACQE,EAAMy6C,GAAKD,EAAKrzB,EAAG81B,EAAKvC,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAI1iC,EAAIrY,EAAIqY,EAAInY,IAErDi9C,GAAa,EAANj9C,IACRA,EAAMu6C,GAAMpzB,EAAGnnB,EAAM,EAAGi5C,IACpC,CACI,OAAOT,GAAI3qB,EAAG,EAAG+uB,EAAMrE,GAAKv4C,GAAO68C,EACvC,CAmDW2B,CAAKhE,EAAkB,MAAbmC,EAAI8B,MAAgB,EAAI9B,EAAI8B,MAAkB,MAAX9B,EAAI+B,IAAcj4C,KAAK0Q,KAAuD,IAAlD1Q,KAAKC,IAAI,EAAGD,KAAKud,IAAI,GAAIvd,KAAK8S,IAAIihC,EAAI56C,WAAoB,GAAK+8C,EAAI+B,IAAM9B,EAAKC,GAAOC,EACzK,EAwLI6B,gBAAyB,WACzB,SAASA,EAAQjxB,EAAMkxB,GACdA,GAAqB,mBAARlxB,IACdkxB,EAAKlxB,EAAMA,EAAO,CAAE,GACxB1vB,KAAK6gD,OAASD,EACd5gD,KAAK6vB,EAAIH,GAAQ,CAAE,CAC3B,CAiBI,OAhBAixB,EAAQ1gD,UAAUmtB,EAAI,SAAUhK,EAAG+iB,GAC/BnmC,KAAK6gD,OAAOnC,GAAKt7B,EAAGpjB,KAAK6vB,EAAG,EAAG,GAAIsW,GAAIA,EAC1C,EAMDwa,EAAQ1gD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACjCh3B,KAAK6gD,QACNvqB,GAAI,GACJt2B,KAAKqjB,GACLiT,GAAI,GACRt2B,KAAKqjB,EAAI2T,EACTh3B,KAAKotB,EAAEpqB,EAAOg0B,IAAS,EAC1B,EACM2pB,CACX,IAuCIG,gBAAyB,WAKzB,SAASA,EAAQF,GACb5gD,KAAK4Z,EAAI,CAAE,EACX5Z,KAAKotB,EAAI,IAAIlH,GAAG,GAChBlmB,KAAK6gD,OAASD,CACtB,CA0BI,OAzBAE,EAAQ7gD,UAAUiE,EAAI,SAAUkf,GACvBpjB,KAAK6gD,QACNvqB,GAAI,GACJt2B,KAAKqjB,GACLiT,GAAI,GACR,IAAIgM,EAAItiC,KAAKotB,EAAExrB,OACXgW,EAAI,IAAIsO,GAAGoc,EAAIlf,EAAExhB,QACrBgW,EAAEzV,IAAInC,KAAKotB,GAAIxV,EAAEzV,IAAIihB,EAAGkf,GAAItiC,KAAKotB,EAAIxV,CACxC,EACDkpC,EAAQ7gD,UAAUmjB,EAAI,SAAU4T,GAC5Bh3B,KAAKqjB,EAAIrjB,KAAK4Z,EAAE9X,EAAIk1B,IAAS,EAC7B,IAAI+pB,EAAM/gD,KAAK4Z,EAAE9B,EACb4jC,EAz0BA,SAAUc,EAAK39B,EAAKigC,GAE5B,IAAIkC,EAAKxE,EAAI56C,OACb,IAAKo/C,GAAOlC,GAAMA,EAAG3Y,IAAM2Y,EAAGxc,EAC1B,OAAOzjB,GAAO,IAAIqH,GAAG,GAEzB,IAAI+6B,GAASpiC,GAAOigC,EAEhBoC,GAAQpC,GAAMA,EAAGh9C,EAChBg9C,IACDA,EAAK,CAAE,GAENjgC,IACDA,EAAM,IAAIqH,GAAQ,EAAL86B,IAEjB,IAAIG,EAAO,SAAU7e,GACjB,IAAIwa,EAAKj+B,EAAIjd,OAEb,GAAI0gC,EAAIwa,EAAI,CAER,IAAIsE,EAAO,IAAIl7B,GAAGzd,KAAKC,IAAS,EAALo0C,EAAQxa,IACnC8e,EAAKj/C,IAAI0c,GACTA,EAAMuiC,CAClB,CACK,EAEGpqB,EAAQ8nB,EAAG3Y,GAAK,EAAGnkC,EAAM88C,EAAG1xB,GAAK,EAAGi0B,EAAKvC,EAAGhnC,GAAK,EAAGgmC,EAAKgB,EAAGxc,EAAG0b,EAAKc,EAAGz7B,EAAGi+B,EAAMxC,EAAGxmB,EAAGipB,EAAMzC,EAAGlnC,EAE/F4pC,EAAY,EAALR,EACX,EAAG,CACC,IAAKlD,EAAI,CAEL9mB,EAAQ/a,GAAKugC,EAAKx6C,EAAK,GAEvB,IAAIiS,EAAOgI,GAAKugC,EAAKx6C,EAAM,EAAG,GAE9B,GADAA,GAAO,GACFiS,EAAM,CAEP,IAAuBquB,EAAIka,GAAvB5iC,EAAI2gC,GAAKv4C,GAAO,GAAe,GAAMw6C,EAAI5iC,EAAI,IAAM,EAAI+B,EAAI/B,EAAI0oB,EACnE,GAAI3mB,EAAIqlC,EAAI,CACJE,GACA5qB,GAAI,GACR,KACpB,CAEoB2qB,GACAE,EAAKE,EAAK/e,GAEdzjB,EAAI1c,IAAIq6C,EAAIxzC,SAAS4Q,EAAG+B,GAAI0lC,GAE5BvC,EAAGhnC,EAAIupC,GAAM/e,EAAGwc,EAAG1xB,EAAIprB,EAAU,EAAJ2Z,EAAOmjC,EAAG3Y,EAAInP,EAC3C,QAChB,CACiB,GAAY,GAAR/iB,EACL6pC,EAAK3D,GAAM6D,EAAK3D,GAAMiH,EAAM,EAAGC,EAAM,OACpC,GAAY,GAARttC,EAAW,CAEhB,IAAIwtC,EAAOxlC,GAAKugC,EAAKx6C,EAAK,IAAM,IAAK0/C,EAAQzlC,GAAKugC,EAAKx6C,EAAM,GAAI,IAAM,EACnE2lC,EAAK8Z,EAAOxlC,GAAKugC,EAAKx6C,EAAM,EAAG,IAAM,EACzCA,GAAO,GAKP,IAHA,IAAI2/C,EAAM,IAAIz7B,GAAGyhB,GAEbia,EAAM,IAAI17B,GAAG,IACRpkB,EAAI,EAAGA,EAAI4/C,IAAS5/C,EAEzB8/C,EAAI9I,GAAKh3C,IAAMma,GAAKugC,EAAKx6C,EAAU,EAAJF,EAAO,GAE1CE,GAAe,EAAR0/C,EAEP,IAAIG,EAAMn5C,GAAIk5C,GAAME,GAAU,GAAKD,GAAO,EAEtCE,EAAMvI,GAAKoI,EAAKC,EAAK,GACzB,IAAS//C,EAAI,EAAGA,EAAI6lC,GAAK,CACrB,IAII/tB,EAJA8B,EAAIqmC,EAAI9lC,GAAKugC,EAAKx6C,EAAK8/C,IAM3B,GAJA9/C,GAAW,GAAJ0Z,GAEH9B,EAAI8B,IAAM,GAEN,GACJimC,EAAI7/C,KAAO8X,MAEV,CAED,IAAIwJ,EAAI,EAAGxL,EAAI,EAOf,IANS,IAALgC,GACAhC,EAAI,EAAIqE,GAAKugC,EAAKx6C,EAAK,GAAIA,GAAO,EAAGohB,EAAIu+B,EAAI7/C,EAAI,IACvC,IAAL8X,GACLhC,EAAI,EAAIqE,GAAKugC,EAAKx6C,EAAK,GAAIA,GAAO,GACxB,IAAL4X,IACLhC,EAAI,GAAKqE,GAAKugC,EAAKx6C,EAAK,KAAMA,GAAO,GAClC4V,KACH+pC,EAAI7/C,KAAOshB,CACvC,CACA,CAEgB,IAAI4+B,EAAKL,EAAI34C,SAAS,EAAGy4C,GAAO/F,EAAKiG,EAAI34C,SAASy4C,GAElDH,EAAM54C,GAAIs5C,GAEVT,EAAM74C,GAAIgzC,GACVoC,EAAKtE,GAAKwI,EAAIV,EAAK,GACnBtD,EAAKxE,GAAKkC,EAAI6F,EAAK,EACnC,MAEgBjrB,GAAI,GACR,GAAIt0B,EAAMw/C,EAAM,CACRN,GACA5qB,GAAI,GACR,KAChB,CACA,CAGY2qB,GACAE,EAAKE,EAAK,QAGd,IAFA,IAAIY,GAAO,GAAKX,GAAO,EAAGY,GAAO,GAAKX,GAAO,EACzCY,EAAOngD,GACHmgD,EAAOngD,EAAK,CAEhB,IAAoCogD,GAAhCh/B,EAAI06B,EAAGxD,GAAOkC,EAAKx6C,GAAOigD,MAAkB,EAEhD,IADAjgD,GAAW,GAAJohB,GACGo+B,EAAM,CACRN,GACA5qB,GAAI,GACR,KAChB,CAGY,GAFKlT,GACDkT,GAAI,GACJ8rB,EAAM,IACNvjC,EAAIwiC,KAAQe,MACX,IAAW,KAAPA,EAAY,CACjBD,EAAOngD,EAAK87C,EAAK,KACjB,KAChB,CAEgB,IAAI75C,EAAMm+C,EAAM,IAEhB,GAAIA,EAAM,IAAK,CAEX,IAAmBtqC,EAAI8gC,GAAnB92C,EAAIsgD,EAAM,KACdn+C,EAAMgY,GAAKugC,EAAKx6C,GAAM,GAAK8V,GAAK,GAAKohC,GAAGp3C,GACxCE,GAAO8V,CAC3B,CAEgB,IAAIuL,EAAI26B,EAAG1D,GAAOkC,EAAKx6C,GAAOkgD,GAAMG,EAAOh/B,IAAM,EASjD,GARKA,GACDiT,GAAI,GACRt0B,GAAW,GAAJqhB,EACHq4B,EAAKrC,GAAGgJ,GACRA,EAAO,IACHvqC,EAAI+gC,GAAKwJ,GACb3G,GAAMpB,GAAOkC,EAAKx6C,IAAS,GAAK8V,GAAK,EAAI9V,GAAO8V,GAEhD9V,EAAMw/C,EAAM,CACRN,GACA5qB,GAAI,GACR,KACpB,CACoB2qB,GACAE,EAAKE,EAAK,QAEd,IADA,IAAI/4C,EAAM+4C,EAAKp9C,EACRo9C,EAAK/4C,EAAK+4C,GAAM,EACnBxiC,EAAIwiC,GAAMxiC,EAAIwiC,EAAK3F,GACnB78B,EAAIwiC,EAAK,GAAKxiC,EAAIwiC,EAAK,EAAI3F,GAC3B78B,EAAIwiC,EAAK,GAAKxiC,EAAIwiC,EAAK,EAAI3F,GAC3B78B,EAAIwiC,EAAK,GAAKxiC,EAAIwiC,EAAK,EAAI3F,GAE/B2F,EAAK/4C,CACrB,CACA,CACQw2C,EAAGxc,EAAIwb,EAAIgB,EAAG1xB,EAAI+0B,EAAMrD,EAAGhnC,EAAIupC,EAAIvC,EAAG3Y,EAAInP,EACtC8mB,IACA9mB,EAAQ,EAAG8nB,EAAGxmB,EAAIgpB,EAAKxC,EAAGz7B,EAAI26B,EAAIc,EAAGlnC,EAAI2pC,EAChD,QAASvqB,GACV,OAAOqqB,GAAMxiC,EAAIjd,OAASid,EAAM27B,GAAI37B,EAAK,EAAGwiC,EAChD,CAwpBiBiB,CAAMtiD,KAAKotB,EAAGptB,KAAK6vB,EAAG7vB,KAAK4Z,GACpC5Z,KAAK6gD,OAAOrG,GAAIkB,EAAIqF,EAAK/gD,KAAK4Z,EAAE9B,GAAI9X,KAAKqjB,GACzCrjB,KAAK6vB,EAAI2qB,GAAIkB,EAAI17C,KAAK4Z,EAAE9B,EAAI,OAAQ9X,KAAK4Z,EAAE9B,EAAI9X,KAAK6vB,EAAEjuB,OACtD5B,KAAKotB,EAAIotB,GAAIx6C,KAAKotB,EAAIptB,KAAK4Z,EAAEwT,EAAI,EAAK,GAAIptB,KAAK4Z,EAAEwT,GAAK,CACzD,EAMD0zB,EAAQ7gD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACtCh3B,KAAKkE,EAAElB,GAAQhD,KAAKojB,EAAE4T,EACzB,EACM8pB,CACX,IAqMIyB,gBAAsB,WACtB,SAASA,EAAK7yB,EAAMkxB,GA1fZ,IACJriC,EAAOzG,EA0fP9X,KAAKojB,GA1fL7E,EAAI,EAAGzG,EAAI,EACR,CACHsV,EAAG,SAAU/J,GAIT,IAFA,IAAIzL,EAAI2G,EAAG+Z,EAAIxgB,EACXwqB,EAAe,EAAXjf,EAAEzhB,OACDE,EAAI,EAAGA,GAAKwgC,GAAI,CAErB,IADA,IAAIp+B,EAAIuE,KAAKud,IAAIlkB,EAAI,KAAMwgC,GACpBxgC,EAAIoC,IAAKpC,EACZw2B,GAAK1gB,GAAKyL,EAAEvhB,GAChB8V,GAAS,MAAJA,GAAa,IAAMA,GAAK,IAAK0gB,GAAS,MAAJA,GAAa,IAAMA,GAAK,GAC/E,CACY/Z,EAAI3G,EAAGE,EAAIwgB,CACd,EACDjV,EAAG,WAEC,OAAY,KADZ9E,GAAK,SACe,GAAMA,IAAM,GAAM,IAAU,KADpCzG,GAAK,SACuC,EAAKA,IAAM,CAC/E,IA0eQ9X,KAAK6Z,EAAI,EACT8mC,GAAQ5/C,KAAKf,KAAM0vB,EAAMkxB,EACjC,CAkBI,OAZA2B,EAAKtiD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACnC2pB,GAAQ1gD,UAAU6C,KAAK/B,KAAKf,KAAMgD,EAAOg0B,EAC5C,EACDurB,EAAKtiD,UAAUmtB,EAAI,SAAUhK,EAAG+iB,GAC5BnmC,KAAKojB,EAAEgK,EAAEhK,GACT,IAAIo/B,EAAM9D,GAAKt7B,EAAGpjB,KAAK6vB,EAAG7vB,KAAK6Z,GAAK,EAAGssB,GAAK,GAAIA,GAC5CnmC,KAAK6Z,IA9UP,SAAUuJ,EAAGyM,GACnB,IAAI4yB,EAAK5yB,EAAE4wB,MAAOvH,EAAW,GAANuJ,EAAU,EAAIA,EAAK,EAAI,EAAU,GAANA,EAAU,EAAI,EAChEr/B,EAAE,GAAK,IAAKA,EAAE,GAAM81B,GAAM,GAAMA,EAAM,GAAK,EAAIA,EAAM,EACzD,CA4UYwJ,CAAIF,EAAKxiD,KAAK6vB,GAAI7vB,KAAK6Z,EAAI,GAC3BssB,GArXC,SAAU9iB,EAAGvL,EAAG+B,GACzB,KAAOA,IAAK/B,EACRuL,EAAEvL,GAAK+B,EAAGA,KAAO,CACzB,CAmXY8oC,CAAOH,EAAKA,EAAI5gD,OAAS,EAAG5B,KAAKojB,EAAEC,KACvCrjB,KAAK6gD,OAAO2B,EAAKrc,EACpB,EACMoc,CACX,IA+CIK,gBAAwB,WAKxB,SAASA,EAAOhC,GACZ5gD,KAAK6Z,EAAI,EACTinC,GAAQ//C,KAAKf,KAAM4gD,EAC3B,CAsBI,OAhBAgC,EAAO3iD,UAAU6C,KAAO,SAAUE,EAAOg0B,GAErC,GADA8pB,GAAQ7gD,UAAUiE,EAAEnD,KAAKf,KAAMgD,GAC3BhD,KAAK6Z,EAAG,CACR,GAAI7Z,KAAKotB,EAAExrB,OAAS,IAAMo1B,EACtB,OACJh3B,KAAKotB,EAAIptB,KAAKotB,EAAEpkB,SAAS,GAAIhJ,KAAK6Z,EAAI,CAClD,CACYmd,IACIh3B,KAAKotB,EAAExrB,OAAS,GAChB00B,GAAI,EAAG,qBACXt2B,KAAKotB,EAAIptB,KAAKotB,EAAEpkB,SAAS,GAAI,IAIjC83C,GAAQ7gD,UAAUmjB,EAAEriB,KAAKf,KAAMg3B,EAClC,EACM4rB,CACX,IAiKIC,GAA2B,oBAAf/nC,0BAA4C,IAAIA,YAGhE,IACI+nC,GAAG9nC,OAAOkgC,GAAI,CAAEj6C,QAAQ,IAClB,CACV,CACA,MAAOkD,GAAG,CCt/CV,MAAM4+C,GACJ,cAAW9kC,GACT,OAAOvT,EAAMkE,OAAOU,WACxB,CAKE,WAAAzP,CAAYmjD,EAAO,IAAI/qC,MACrBhY,KAAK4+B,OAASn0B,EAAMqF,QAAQG,KAC5BjQ,KAAK+iD,KAAOjsC,EAAKwB,cAAcyqC,GAC/B/iD,KAAKgQ,KAAO,KACZhQ,KAAK6G,KAAO,KACZ7G,KAAKgjD,SAAW,EACpB,CAQE,OAAAC,CAAQjzC,EAAM4uB,EAASn0B,EAAMqF,QAAQG,MACnCjQ,KAAK4+B,OAASA,EACd5+B,KAAKgQ,KAAOA,EACZhQ,KAAK6G,KAAO,IAChB,CAQE,OAAAq8C,CAAQtgD,GAAQ,GAId,OAHkB,OAAd5C,KAAKgQ,MAAiB8G,EAAK7V,SAASjB,KAAKgQ,SAC3ChQ,KAAKgQ,KAAO8G,EAAK8D,WAAW9D,EAAKyG,UAAUvd,KAAKmjD,SAASvgD,MAEpD5C,KAAKgQ,IAChB,CAOE,QAAAozC,CAASj5C,EAAOy0B,GACd5+B,KAAK4+B,OAASA,EACd5+B,KAAK6G,KAAOsD,EACZnK,KAAKgQ,KAAO,IAChB,CAQE,QAAAmzC,CAASvgD,GAAQ,GAKf,OAJkB,OAAd5C,KAAK6G,OAEP7G,KAAK6G,KAAOiQ,EAAKmG,gBAAgBnG,EAAKyD,WAAWva,KAAKgQ,QAEpDpN,EACK4f,EAAoBxiB,KAAK6G,MAE3B7G,KAAK6G,IAChB,CAOE,WAAAw8C,CAAYL,GACVhjD,KAAKgjD,SAAWA,CACpB,CAOE,WAAAM,GACE,OAAOtjD,KAAKgjD,QAChB,CASE,UAAM3gD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UAExB,MAAMs8B,QAAel7B,EAAOkG,WAEtB45C,QAAqB9/C,EAAOkG,WAClC5J,KAAKgjD,SAAWlsC,EAAK8D,iBAAiBlX,EAAOqG,UAAUy5C,IAEvDxjD,KAAK+iD,KAAOjsC,EAAKiB,eAAerU,EAAOqG,UAAU,IAEjD,IAAIlD,EAAOnD,EAAOgE,YACdua,EAAqBpb,KAAOA,QAAaqb,EAAiBrb,IAC9D7G,KAAKojD,SAASv8C,EAAM+3B,EAAO,GAEjC,CAOE,WAAAoN,GACE,MAAMgX,EAAWlsC,EAAKyD,WAAWva,KAAKgjD,UAChCS,EAAkB,IAAIhiD,WAAW,CAACuhD,EAASphD,SAE3Cg9B,EAAS,IAAIn9B,WAAW,CAACzB,KAAK4+B,SAC9BmkB,EAAOjsC,EAAKmB,UAAUjY,KAAK+iD,MAEjC,OAAOjsC,EAAKpV,iBAAiB,CAACk9B,EAAQ6kB,EAAiBT,EAAUD,GACrE,CAOE,KAAAhgD,GACE,MAAM4c,EAAS3f,KAAKgsC,cACdnlC,EAAO7G,KAAKmjD,WAElB,OAAOrsC,EAAKtS,OAAO,CAACmb,EAAQ9Y,GAChC,ECnIA,MAAM68C,GACJ,WAAA9jD,GACEI,KAAKmK,MAAQ,EACjB,CAME,IAAA9H,CAAK8H,GAEH,OADAnK,KAAKmK,MAAQ2M,EAAKoD,mBAAmB/P,EAAMnB,SAAS,EAAG,IAChDhJ,KAAKmK,MAAMvI,MACtB,CAME,KAAAmB,GACE,OAAO+T,EAAKgD,mBAAmB9Z,KAAKmK,MACxC,CAME,KAAAqhC,GACE,OAAO10B,EAAK4C,gBAAgB5C,EAAKgD,mBAAmB9Z,KAAKmK,OAC7D,CAOE,MAAAw5C,CAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB9jD,KAAK8jD,eAAkB9jD,KAAKmK,QAAUy5C,EAAMz5C,KAChG,CAME,MAAA45C,GACE,MAAsB,KAAf/jD,KAAKmK,KAChB,CAME,UAAA25C,GACE,MAAO,OAAO9mC,KAAKhd,KAAKwrC,QAC5B,CAEE,eAAOwY,CAASJ,GACd,OAAOA,EAAMpY,OACjB,CAEE,aAAOyY,CAAO1qC,GACZ,MAAMqqC,EAAQ,IAAIF,GAElB,OADAE,EAAMvhD,KAAKyU,EAAKwC,gBAAgBC,IACzBqqC,CACX,CAEE,eAAOM,GACL,MAAMN,EAAQ,IAAIF,GAElB,OADAE,EAAMvhD,KAAK,IAAIZ,WAAW,IACnBmiD,CACX,EC3EA,MAAMnR,GAAWnzC,OAAO,YAQlB6kD,GAAqB,+BAKrBC,GAA4B,IAAIzuC,IAAI,CACxClL,EAAMuG,mBAAmBW,YACzBlH,EAAMuG,mBAAmByB,kBACzBhI,EAAMuG,mBAAmBwB,oBAW3B,MAAM6xC,GACJ,cAAWrmC,GACT,OAAOvT,EAAMkE,OAAOE,SACxB,CAEE,WAAAjP,GACEI,KAAK43C,QAAU,KAEf53C,KAAKskD,cAAgB,KAErBtkD,KAAKukD,cAAgB,KAErBvkD,KAAKwkD,mBAAqB,KAE1BxkD,KAAKykD,cAAgB,KACrBzkD,KAAK0kD,mBAAqB,GAC1B1kD,KAAK2kD,kBAAoB,GACzB3kD,KAAK4kD,gBAAkB,KACvB5kD,KAAK2uC,KAAO,KAEZ3uC,KAAK6kD,QAAU,KACf7kD,KAAKkR,wBAA0B,KAC/BlR,KAAK8kD,uBAAwB,EAC7B9kD,KAAK+kD,WAAa,KAClB/kD,KAAKglD,WAAa,KAClBhlD,KAAKilD,YAAc,KACnBjlD,KAAKqR,kBAAoB,KACzBrR,KAAKsR,UAAY,KACjBtR,KAAKuR,kBAAoB,KACzBvR,KAAKklD,gBAAkB,KACvBllD,KAAKyR,6BAA+B,KACpCzR,KAAKmlD,mBAAqB,KAC1BnlD,KAAKolD,uBAAyB,KAC9BplD,KAAKqlD,yBAA2B,KAChCrlD,KAAK2R,YAAc,IAAI+xC,GACvB1jD,KAAKslD,aAAe,GACpBtlD,KAAKulD,UAAY,CAAE,EACnBvlD,KAAK6R,wBAA0B,KAC/B7R,KAAK8R,+BAAiC,KACtC9R,KAAK+R,qBAAuB,KAC5B/R,KAAKgS,mBAAqB,KAC1BhS,KAAKwlD,gBAAkB,KACvBxlD,KAAKkS,UAAY,KACjBlS,KAAKmS,SAAW,KAChBnS,KAAKoS,cAAgB,KACrBpS,KAAKylD,wBAA0B,KAC/BzlD,KAAK0lD,0BAA4B,KACjC1lD,KAAKsS,SAAW,KAChBtS,KAAK2lD,kCAAoC,KACzC3lD,KAAK4lD,6BAA+B,KACpC5lD,KAAK6lD,oBAAsB,KAC3B7lD,KAAKwS,kBAAoB,KACzBxS,KAAK8lD,iBAAmB,KACxB9lD,KAAKyS,kBAAoB,KACzBzS,KAAK0S,wBAA0B,KAC/B1S,KAAK2S,sBAAwB,KAE7B3S,KAAK+lD,QAAU,KACf/lD,KAAKyyC,IAAY,IACrB,CAOE,IAAApwC,CAAK8H,EAAO+J,EAASsD,GACnB,IAAI1V,EAAI,EAER,GADA9B,KAAK43C,QAAUztC,EAAMrI,KACA,IAAjB9B,KAAK43C,UAAkB1jC,EAAOS,wBAChC,MAAM,IAAIm4B,GAAiB,2FAG7B,GAAqB,IAAjB9sC,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QACnD,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,mDAS7C,GANA53C,KAAKskD,cAAgBn6C,EAAMrI,KAC3B9B,KAAKwkD,mBAAqBr6C,EAAMrI,KAChC9B,KAAKukD,cAAgBp6C,EAAMrI,KAG3BA,GAAK9B,KAAKgmD,eAAe77C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,IACrD5B,KAAK6kD,QACR,MAAUtjD,MAAM,8CAmBlB,GAVAvB,KAAKykD,cAAgBt6C,EAAMnB,SAAS,EAAGlH,GAGvCA,GAAK9B,KAAKgmD,eAAe77C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,GAG1D5B,KAAK4kD,gBAAkBz6C,EAAMnB,SAASlH,EAAGA,EAAI,GAC7CA,GAAK,EAGgB,IAAjB9B,KAAK43C,QAAe,CAItB,MAAMqO,EAAa97C,EAAMrI,KAGzB9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAImkD,GAClCnkD,GAAKmkD,CACX,CAEI,MAAMC,EAAoB/7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAC5CS,KAAEA,EAAI4yC,gBAAEA,GAAoB74B,GAAOvN,UAAUs3C,qBAAqBnmD,KAAKwkD,mBAAoB0B,GACjG,GAAI7jD,EAAO6jD,EAAkBtkD,OAC3B,MAAUL,MAAM,sBAElBvB,KAAK4mB,OAASquB,CAClB,CAKE,WAAAmR,GACE,OAAIpmD,KAAK4mB,kBAAkB1mB,QAClBmmD,GACL/jD,SAAY8Z,GAAOkqC,gBAAgBtmD,KAAKwkD,yBAA0BxkD,KAAK4mB,UAGpExK,GAAOkqC,gBAAgBtmD,KAAKwkD,mBAAoBxkD,KAAK4mB,OAChE,CAEE,KAAA7jB,GACE,MAAMojB,EAAM,GASZ,OARAA,EAAIrjB,KAAK9C,KAAKykD,eACdt+B,EAAIrjB,KAAK9C,KAAKumD,2BACdpgC,EAAIrjB,KAAK9C,KAAK4kD,iBACO,IAAjB5kD,KAAK43C,UACPzxB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK2uC,KAAK/sC,UACnCukB,EAAIrjB,KAAK9C,KAAK2uC,OAEhBxoB,EAAIrjB,KAAK9C,KAAKomD,eACPtvC,EAAKtS,OAAO2hB,EACvB,CAWE,UAAMia,CAAKzvB,EAAK9J,EAAMk8C,EAAO,IAAI/qC,KAAQ8yB,GAAW,EAAO52B,GACzDlU,KAAK43C,QAAUjnC,EAAIinC,QAEnB53C,KAAK6kD,QAAU/tC,EAAKwB,cAAcyqC,GAClC/iD,KAAK8lD,iBAAmBn1C,EAAIinC,QAC5B53C,KAAKyS,kBAAoB9B,EAAI61C,sBAC7BxmD,KAAK2R,YAAchB,EAAI81C,WAEvB,MAAMtgC,EAAM,CAAC,IAAI1kB,WAAW,CAACzB,KAAK43C,QAAS53C,KAAKskD,cAAetkD,KAAKwkD,mBAAoBxkD,KAAKukD,iBAG7F,GAAqB,IAAjBvkD,KAAK43C,QAAe,CACtB,MAAMqO,EAAaS,GAAkB1mD,KAAKukD,eAC1C,GAAkB,OAAdvkD,KAAK2uC,KACP3uC,KAAK2uC,KAAOvyB,GAAOy6B,OAAOhb,eAAeoqB,QACpC,GAAIA,IAAejmD,KAAK2uC,KAAK/sC,OAClC,MAAUL,MAAM,kDAExB,MAAW,GAAI2S,EAAOmC,sCAAuC,CAIvD,GAA6B,IAHPrW,KAAKslD,aAAa/6C,QAAO,EAAGtC,UAAYA,IAASk8C,KAGrDviD,OAShB,MAAUL,MAAM,qCATc,CAC9B,MAAMolD,EAAYvqC,GAAOy6B,OAAOhb,eAAe6qB,GAAkB1mD,KAAKukD,gBACtEvkD,KAAKslD,aAAaxiD,KAAK,CACrBmF,KAAMk8C,GACN5hD,MAAOokD,EACPC,eAAe,EACfC,UAAU,GAEpB,CAGA,CAGI1gC,EAAIrjB,KAAK9C,KAAK8mD,yBAKd9mD,KAAK0kD,mBAAqB,GAE1B1kD,KAAKykD,cAAgB3tC,EAAKtS,OAAO2hB,GAEjC,MAAMiyB,EAASp4C,KAAKo4C,OAAOp4C,KAAKskD,cAAez9C,EAAMikC,GAC/Cn9B,QAAa3N,KAAK2N,KAAK3N,KAAKskD,cAAez9C,EAAMuxC,EAAQtN,GAE/D9qC,KAAK4kD,gBAAkBmC,EAAaC,EAAar5C,GAAO,EAAG,GAC3D,MAAM2F,EAAShR,SAAY8Z,GAAOvN,UAAUuxB,KAC1CpgC,KAAKwkD,mBAAoBxkD,KAAKukD,cAAe5zC,EAAI2kC,aAAc3kC,EAAIslC,cAAemC,QAAcl2B,EAAiBvU,IAE/GmJ,EAAK7V,SAAS0M,GAChB3N,KAAK4mB,OAAStT,KAEdtT,KAAK4mB,aAAetT,IAMpBtT,KAAKyyC,KAAY,EAEvB,CAME,qBAAAqU,GACE,MAAMxpC,EAAM7S,EAAMuG,mBACZmV,EAAM,GACZ,IAAIhc,EACJ,GAAqB,OAAjBnK,KAAK6kD,QACP,MAAUtjD,MAAM,mCAElB4kB,EAAIrjB,KAAKmkD,GAAe3pC,EAAIrM,uBAAuB,EAAM6F,EAAKmB,UAAUjY,KAAK6kD,WACxC,OAAjC7kD,KAAKkR,yBACPiV,EAAIrjB,KAAKmkD,GAAe3pC,EAAIpM,yBAAyB,EAAM4F,EAAKe,YAAY7X,KAAKkR,wBAAyB,KAEpF,OAApBlR,KAAK+kD,YACP5+B,EAAIrjB,KAAKmkD,GAAe3pC,EAAInM,yBAAyB,EAAM,IAAI1P,WAAW,CAACzB,KAAK+kD,WAAa,EAAI,MAE3E,OAApB/kD,KAAKglD,aACP76C,EAAQ,IAAI1I,WAAW,CAACzB,KAAKglD,WAAYhlD,KAAKilD,cAC9C9+B,EAAIrjB,KAAKmkD,GAAe3pC,EAAIlM,gBAAgB,EAAMjH,KAErB,OAA3BnK,KAAKqR,mBACP8U,EAAIrjB,KAAKmkD,GAAe3pC,EAAIjM,mBAAmB,EAAMrR,KAAKqR,oBAErC,OAAnBrR,KAAKsR,WACP6U,EAAIrjB,KAAKmkD,GAAe3pC,EAAIhM,WAAW,EAAM,IAAI7P,WAAW,CAACzB,KAAKsR,UAAY,EAAI,MAErD,OAA3BtR,KAAKuR,mBACP4U,EAAIrjB,KAAKmkD,GAAe3pC,EAAI/L,mBAAmB,EAAMuF,EAAKe,YAAY7X,KAAKuR,kBAAmB,KAEtD,OAAtCvR,KAAKyR,+BACPtH,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAKyR,+BAC7D0U,EAAIrjB,KAAKmkD,GAAe3pC,EAAI7L,8BAA8B,EAAOtH,KAEnC,OAA5BnK,KAAKmlD,qBACPh7C,EAAQ,IAAI1I,WAAW,CAACzB,KAAKmlD,mBAAoBnlD,KAAKolD,yBACtDj7C,EAAQ2M,EAAKtS,OAAO,CAAC2F,EAAOnK,KAAKqlD,2BACjCl/B,EAAIrjB,KAAKmkD,GAAe3pC,EAAI5L,eAAe,EAAOvH,MAE/CnK,KAAK2R,YAAYoyC,UAAY/jD,KAAK8lD,iBAAmB,GAGxD3/B,EAAIrjB,KAAKmkD,GAAe3pC,EAAI3L,aAAa,EAAM3R,KAAK2R,YAAY5O,UAElE/C,KAAKslD,aAAarjD,SAAQ,EAAGgG,OAAM1F,QAAOqkD,gBAAeC,eACvD18C,EAAQ,CAAC,IAAI1I,WAAW,CAACmlD,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAMM,EAAcpwC,EAAKyD,WAAWtS,GAEpCkC,EAAMrH,KAAKgU,EAAKe,YAAYqvC,EAAYtlD,OAAQ,IAEhDuI,EAAMrH,KAAKgU,EAAKe,YAAYtV,EAAMX,OAAQ,IAC1CuI,EAAMrH,KAAKokD,GACX/8C,EAAMrH,KAAKP,GACX4H,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe3pC,EAAI1L,aAAci1C,EAAU18C,GAAO,IAExB,OAAjCnK,KAAK6R,0BACP1H,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAK6R,0BAC7DsU,EAAIrjB,KAAKmkD,GAAe3pC,EAAIzL,yBAAyB,EAAO1H,KAElB,OAAxCnK,KAAK8R,iCACP3H,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAK8R,iCAC7DqU,EAAIrjB,KAAKmkD,GAAe3pC,EAAIxL,gCAAgC,EAAO3H,KAEnC,OAA9BnK,KAAK+R,uBACP5H,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAK+R,uBAC7DoU,EAAIrjB,KAAKmkD,GAAe3pC,EAAIvL,sBAAsB,EAAO5H,KAE3B,OAA5BnK,KAAKgS,oBACPmU,EAAIrjB,KAAKmkD,GAAe3pC,EAAItL,oBAAoB,EAAO8E,EAAKyD,WAAWva,KAAKgS,sBAEjD,OAAzBhS,KAAKwlD,iBACPr/B,EAAIrjB,KAAKmkD,GAAe3pC,EAAIrL,eAAe,EAAO,IAAIxQ,WAAW,CAACzB,KAAKwlD,gBAAkB,EAAI,MAExE,OAAnBxlD,KAAKkS,WACPiU,EAAIrjB,KAAKmkD,GAAe3pC,EAAIpL,WAAW,EAAO4E,EAAKyD,WAAWva,KAAKkS,aAE/C,OAAlBlS,KAAKmS,WACPhI,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAKmS,WAC7DgU,EAAIrjB,KAAKmkD,GAAe3pC,EAAInL,UAAU,EAAMhI,KAEnB,OAAvBnK,KAAKoS,eACP+T,EAAIrjB,KAAKmkD,GAAe3pC,EAAIlL,eAAe,EAAO0E,EAAKyD,WAAWva,KAAKoS,iBAEpC,OAAjCpS,KAAKylD,0BACPt7C,EAAQ2M,EAAKgD,mBAAmB9C,OAAOqD,aAAara,KAAKylD,yBAA2BzlD,KAAK0lD,2BACzFv/B,EAAIrjB,KAAKmkD,GAAe3pC,EAAIjL,qBAAqB,EAAMlI,KAEnC,OAAlBnK,KAAKsS,WACPnI,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAKsS,WAC7D6T,EAAIrjB,KAAKmkD,GAAe3pC,EAAIhL,UAAU,EAAOnI,KAEA,OAA3CnK,KAAK2lD,oCACPx7C,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK2lD,kCAAmC3lD,KAAK4lD,gCACtEz7C,EAAMrH,KAAKgU,EAAKgD,mBAAmB9Z,KAAK6lD,sBACxC17C,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe3pC,EAAI/K,iBAAiB,EAAMpI,KAEtB,OAA3BnK,KAAKwS,mBACP2T,EAAIrjB,KAAKmkD,GAAe3pC,EAAI9K,mBAAmB,EAAMxS,KAAKwS,kBAAkBzP,UAE/C,OAA3B/C,KAAKyS,oBACPtI,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK8lD,mBAAoB9lD,KAAKyS,mBACvDtI,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe3pC,EAAI7K,kBAAmBzS,KAAK43C,SAAW,EAAGztC,KAE/B,OAAjCnK,KAAK0S,0BACPvI,EAAQ2M,EAAKgD,mBAAmBhD,EAAKoD,mBAAmBla,KAAK0S,0BAC7DyT,EAAIrjB,KAAKmkD,GAAe3pC,EAAI5K,yBAAyB,EAAOvI,KAE3B,OAA/BnK,KAAK2S,wBACPxI,EAAQ,IAAI1I,WAAW,GAAG+C,UAAUxE,KAAK2S,wBACzCwT,EAAIrjB,KAAKmkD,GAAe3pC,EAAI3K,uBAAuB,EAAOxI,KAG5D,MAAMpI,EAAS+U,EAAKtS,OAAO2hB,GACrBvkB,EAASkV,EAAKe,YAAY9V,EAAOH,OAAyB,IAAjB5B,KAAK43C,QAAgB,EAAI,GAExE,OAAO9gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAME,uBAAAwkD,GACE,MAAMpgC,EAAMnmB,KAAK0kD,mBAAmB//C,KAAI,EAAGsP,OAAM4yC,WAAU1lC,UAClD8lC,GAAehzC,EAAM4yC,EAAU1lC,KAGlCpf,EAAS+U,EAAKtS,OAAO2hB,GACrBvkB,EAASkV,EAAKe,YAAY9V,EAAOH,OAAyB,IAAjB5B,KAAK43C,QAAgB,EAAI,GAExE,OAAO9gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAGE,aAAAolD,CAAch9C,EAAOuzB,GAAS,GAC5B,IAAI0pB,EAAQ,EAGZ,MAAMP,KAA6B,IAAf18C,EAAMi9C,IACpBnzC,EAAsB,IAAf9J,EAAMi9C,GAInB,GAFAA,IAEK1pB,IACH19B,KAAK0kD,mBAAmB5hD,KAAK,CAC3BmR,OACA4yC,WACA1lC,KAAMhX,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,UAE/BwiD,GAA0BpgD,IAAIiQ,IAMrC,OAAQA,GACN,KAAKxJ,EAAMuG,mBAAmBC,sBAE5BjR,KAAK6kD,QAAU/tC,EAAKiB,SAAS5N,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACzD,MACF,KAAK6I,EAAMuG,mBAAmBE,wBAAyB,CAErD,MAAMm2C,EAAUvwC,EAAKa,WAAWxN,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAE5D5B,KAAK8kD,sBAAoC,IAAZuC,EAC7BrnD,KAAKkR,wBAA0Bm2C,EAE/B,KACR,CACM,KAAK58C,EAAMuG,mBAAmBG,wBAE5BnR,KAAK+kD,WAAgC,IAAnB56C,EAAMi9C,KACxB,MACF,KAAK38C,EAAMuG,mBAAmBI,eAE5BpR,KAAKglD,WAAa76C,EAAMi9C,KACxBpnD,KAAKilD,YAAc96C,EAAMi9C,KACzB,MACF,KAAK38C,EAAMuG,mBAAmBK,kBAE5BrR,KAAKqR,kBAAoBlH,EAAMi9C,GAC/B,MACF,KAAK38C,EAAMuG,mBAAmBM,UAE5BtR,KAAKsR,UAA+B,IAAnBnH,EAAMi9C,KACvB,MACF,KAAK38C,EAAMuG,mBAAmBO,kBAAmB,CAE/C,MAAM81C,EAAUvwC,EAAKa,WAAWxN,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAE5D5B,KAAKuR,kBAAoB81C,EACzBrnD,KAAKklD,gBAA8B,IAAZmC,EAEvB,KACR,CACM,KAAK58C,EAAMuG,mBAAmBS,6BAE5BzR,KAAKyR,6BAA+B,IAAItH,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACpE,MACF,KAAK6I,EAAMuG,mBAAmBU,cAK5B1R,KAAKmlD,mBAAqBh7C,EAAMi9C,KAChCpnD,KAAKolD,uBAAyBj7C,EAAMi9C,KACpCpnD,KAAKqlD,yBAA2Bl7C,EAAMnB,SAASo+C,EAAOA,EAAQ,IAC9D,MAEF,KAAK38C,EAAMuG,mBAAmBW,YAE5B,GAAqB,IAAjB3R,KAAK43C,QACP53C,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,cAC7C,GAAI87B,EAST,MAAUn8B,MAAM,sCAElB,MAEF,KAAKkJ,EAAMuG,mBAAmBY,aAAc,CAE1C,MAAMg1C,KAAkC,IAAfz8C,EAAMi9C,IAG/BA,GAAS,EACT,MAAM9uB,EAAIxhB,EAAKa,WAAWxN,EAAMnB,SAASo+C,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAMxvC,EAAId,EAAKa,WAAWxN,EAAMnB,SAASo+C,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAMn/C,EAAO6O,EAAK8D,WAAWzQ,EAAMnB,SAASo+C,EAAOA,EAAQ9uB,IACrD/1B,EAAQ4H,EAAMnB,SAASo+C,EAAQ9uB,EAAG8uB,EAAQ9uB,EAAI1gB,GAEpD5X,KAAKslD,aAAaxiD,KAAK,CAAEmF,OAAM2+C,gBAAerkD,QAAOskD,aAEjDD,IACF5mD,KAAKulD,UAAUt9C,GAAQ6O,EAAK8D,WAAWrY,IAEzC,KACR,CACM,KAAKkI,EAAMuG,mBAAmBa,wBAE5B7R,KAAK6R,wBAA0B,IAAI1H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmBc,+BAE5B9R,KAAK8R,+BAAiC,IAAI3H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBe,qBAE5B/R,KAAK+R,qBAAuB,IAAI5H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC5D,MACF,KAAK6I,EAAMuG,mBAAmBgB,mBAE5BhS,KAAKgS,mBAAqB8E,EAAK8D,WAAWzQ,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBiB,cAE5BjS,KAAKwlD,gBAAqC,IAAnBr7C,EAAMi9C,KAC7B,MACF,KAAK38C,EAAMuG,mBAAmBkB,UAE5BlS,KAAKkS,UAAY4E,EAAK8D,WAAWzQ,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC7D,MACF,KAAK6I,EAAMuG,mBAAmBmB,SAE5BnS,KAAKmS,SAAW,IAAIhI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBoB,cAE5BpS,KAAKoS,cAAgB0E,EAAK8D,WAAWzQ,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACjE,MACF,KAAK6I,EAAMuG,mBAAmBqB,oBAE5BrS,KAAKylD,wBAA0Bt7C,EAAMi9C,KACrCpnD,KAAK0lD,0BAA4B5uC,EAAK8D,WAAWzQ,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC7E,MACF,KAAK6I,EAAMuG,mBAAmBsB,SAE5BtS,KAAKsS,SAAW,IAAInI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBuB,gBAAiB,CAG7CvS,KAAK2lD,kCAAoCx7C,EAAMi9C,KAC/CpnD,KAAK4lD,6BAA+Bz7C,EAAMi9C,KAE1C,MAAM95B,EAAMlR,GAAOmJ,kBAAkBvlB,KAAK4lD,8BAE1C5lD,KAAK6lD,oBAAsB/uC,EAAKoD,mBAAmB/P,EAAMnB,SAASo+C,EAAOA,EAAQ95B,IACjF,KACR,CACM,KAAK7iB,EAAMuG,mBAAmBwB,kBAE5BxS,KAAKwS,kBAAoB,IAAI6xC,GAC7BrkD,KAAKwS,kBAAkBnQ,KAAK8H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACxD,MACF,KAAK6I,EAAMuG,mBAAmByB,kBAE5BzS,KAAK8lD,iBAAmB37C,EAAMi9C,KAC9BpnD,KAAKyS,kBAAoBtI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,QACjD5B,KAAK8lD,kBAAoB,EAC3B9lD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,mBAE3BzS,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBAAkBzJ,UAAU,IAEzD,MACF,KAAKyB,EAAMuG,mBAAmB0B,wBAE5B1S,KAAK0S,wBAA0B,IAAIvI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmB2B,sBAE5B3S,KAAK2S,sBAAwB,GAC7B,IAAK,IAAI7Q,EAAIslD,EAAOtlD,EAAIqI,EAAMvI,OAAQE,GAAK,EACzC9B,KAAK2S,sBAAsB7P,KAAK,CAACqH,EAAMrI,GAAIqI,EAAMrI,EAAI,KAEvD,MACF,QACE9B,KAAK2kD,kBAAkB7hD,KAAK,CAC1BmR,OACA4yC,WACA1lC,KAAMhX,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,UAI5C,CAEE,cAAAokD,CAAe77C,EAAOm9C,GAAU,EAAMpzC,GACpC,MAAMqzC,EAAwC,IAAjBvnD,KAAK43C,QAAgB,EAAI,EAGhD4P,EAAkB1wC,EAAKa,WAAWxN,EAAMnB,SAAS,EAAGu+C,IAE1D,IAAIzlD,EAAIylD,EAGR,KAAOzlD,EAAI,EAAI0lD,GAAiB,CAC9B,MAAMl6B,EAAMoe,GAAiBvhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKwrB,EAAIzU,OAET7Y,KAAKmnD,cAAch9C,EAAMnB,SAASlH,EAAGA,EAAIwrB,EAAIA,KAAMg6B,EAASpzC,GAE5DpS,GAAKwrB,EAAIA,GACf,CAEI,OAAOxrB,CACX,CAGE,MAAA2lD,CAAOxzC,EAAMpN,GACX,MAAM8U,EAAIlR,EAAMoE,UAEhB,OAAQoF,GACN,KAAK0H,EAAE5L,OACL,OAAkB,OAAdlJ,EAAKmJ,KACA8G,EAAKyD,WAAW1T,EAAKq8C,SAAQ,IAE/Br8C,EAAKs8C,UAAS,GAEvB,KAAKxnC,EAAE3L,KAAM,CACX,MAAM7F,EAAQtD,EAAKs8C,UAAS,GAE5B,OAAOrsC,EAAKmG,gBAAgB9S,EACpC,CACM,KAAKwR,EAAExL,WACL,OAAO,IAAI1O,WAAW,GAExB,KAAKka,EAAEvL,YACP,KAAKuL,EAAEtL,YACP,KAAKsL,EAAErL,WACP,KAAKqL,EAAEpL,aACP,KAAKoL,EAAEnL,eAAgB,CACrB,IAAI7B,EACAqP,EAEJ,GAAInX,EAAK0I,OACPyO,EAAM,IACNrP,EAAS9H,EAAK0I,WACT,KAAI1I,EAAK4I,cAId,MAAUlO,MAAM,mFAHhByc,EAAM,IACNrP,EAAS9H,EAAK4I,aAIxB,CAEQ,MAAMtF,EAAQwE,EAAO5L,QAErB,OAAO+T,EAAKtS,OAAO,CAACxE,KAAKynD,OAAO9rC,EAAEhL,IAAK9J,GACrC,IAAIpF,WAAW,CAACuc,IAChBlH,EAAKe,YAAY1N,EAAMvI,OAAQ,GAC/BuI,GACV,CACM,KAAKwR,EAAElL,cACP,KAAKkL,EAAE9K,iBACP,KAAK8K,EAAEjL,WACL,OAAOoG,EAAKtS,OAAO,CAACxE,KAAKynD,OAAO9rC,EAAEhL,IAAK9J,GAAO7G,KAAKynD,OAAO9rC,EAAEhL,IAAK,CAC/DA,IAAK9J,EAAKlD,SAGd,KAAKgY,EAAEhL,IACL,QAAiBvO,IAAbyE,EAAK8J,IACP,MAAUpP,MAAM,8CAElB,OAAOsF,EAAK8J,IAAI+2C,aAAa1nD,KAAK43C,SAEpC,KAAKj8B,EAAE/K,cACL,OAAO5Q,KAAKynD,OAAO9rC,EAAEhL,IAAK9J,GAC5B,KAAK8U,EAAE7K,UACL,OAAO,IAAIrP,WAAW,GACxB,KAAKka,EAAE5K,WACL,MAAUxP,MAAM,mBAClB,QACE,MAAUA,MAAM,2BAExB,CAEE,gBAAAomD,CAAiB9gD,EAAMikC,GACrB,IAAIlpC,EAAS,EACb,OAAOoY,EAAiBgtC,EAAahnD,KAAKykD,gBAAgBliD,IACxDX,GAAUW,EAAMX,MAAM,IACrB,KACD,MAAMukB,EAAM,GAeZ,OAdqB,IAAjBnmB,KAAK43C,SAAkB53C,KAAKskD,gBAAkB75C,EAAMoE,UAAUkB,QAAU/P,KAAKskD,gBAAkB75C,EAAMoE,UAAUmB,OAC7G86B,EACF3kB,EAAIrjB,KAAK,IAAIrB,WAAW,IAExB0kB,EAAIrjB,KAAK+D,EAAKmlC,gBAGlB7lB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK43C,QAAS,OAClB,IAAjB53C,KAAK43C,SACPzxB,EAAIrjB,KAAK,IAAIrB,WAAW,IAE1B0kB,EAAIrjB,KAAKgU,EAAKe,YAAYjW,EAAQ,IAG3BkV,EAAKtS,OAAO2hB,EAAI,GAE7B,CAEE,MAAAiyB,CAAOkM,EAAez9C,EAAMikC,GAAW,GACrC,MAAM3gC,EAAQnK,KAAKynD,OAAOnD,EAAez9C,GAEzC,OAAOiQ,EAAKtS,OAAO,CAACxE,KAAK2uC,MAAQ,IAAIltC,WAAc0I,EAAOnK,KAAKykD,cAAezkD,KAAK2nD,iBAAiB9gD,EAAMikC,IAC9G,CAEE,UAAMn9B,CAAK22C,EAAez9C,EAAMuxC,EAAQtN,GAAW,GACjD,GAAqB,IAAjB9qC,KAAK43C,SAAiB53C,KAAK2uC,KAAK/sC,SAAW8kD,GAAkB1mD,KAAKukD,eAEpE,MAAUhjD,MAAM,oDAIlB,OADK62C,IAAQA,EAASp4C,KAAKo4C,OAAOkM,EAAez9C,EAAMikC,IAChD1uB,GAAOzO,KAAK6W,OAAOxkB,KAAKukD,cAAenM,EAClD,CAcE,YAAMzX,CAAOhwB,EAAK2zC,EAAez9C,EAAMk8C,EAAO,IAAI/qC,KAAQ8yB,GAAW,EAAO52B,EAASsD,GACnF,IAAKxX,KAAK2R,YAAYgyC,OAAOhzC,EAAI81C,YAC/B,MAAUllD,MAAM,oDAElB,GAAIvB,KAAKwkD,qBAAuB7zC,EAAIilC,UAClC,MAAUr0C,MAAM,oFAGlB,MAAMqmD,EAAqBtD,IAAkB75C,EAAMoE,UAAUkB,QAAUu0C,IAAkB75C,EAAMoE,UAAUmB,KAIzG,KADmBhQ,KAAKyyC,MAAcmV,GACrB,CACf,IAAIxP,EACAzqC,EAQJ,GAPI3N,KAAK09B,OACP/vB,QAAa3N,KAAK09B,QAElB0a,EAASp4C,KAAKo4C,OAAOkM,EAAez9C,EAAMikC,GAC1Cn9B,QAAa3N,KAAK2N,KAAK22C,EAAez9C,EAAMuxC,IAE9CzqC,QAAauU,EAAiBvU,GAC1B3N,KAAK4kD,gBAAgB,KAAOj3C,EAAK,IACjC3N,KAAK4kD,gBAAgB,KAAOj3C,EAAK,GACnC,MAAUpM,MAAM,+BAUlB,GAPAvB,KAAK4mB,aAAe5mB,KAAK4mB,OAEzB5mB,KAAKyyC,UAAkBr2B,GAAOvN,UAAU8xB,OACtC3gC,KAAKwkD,mBAAoBxkD,KAAKukD,cAAevkD,KAAK4mB,OAAQjW,EAAI2kC,aAC9D8C,EAAQzqC,IAGL3N,KAAKyyC,IACR,MAAUlxC,MAAM,gCAExB,CAEI,MAAMsmD,EAAW/wC,EAAKwB,cAAcyqC,GACpC,GAAI8E,GAAY7nD,KAAK6kD,QAAUgD,EAC7B,MAAUtmD,MAAM,4CAElB,GAAIsmD,GAAYA,GAAY7nD,KAAK8nD,oBAC/B,MAAUvmD,MAAM,wBAElB,GAAI2S,EAAOqC,qBAAqBvS,IAAIhE,KAAKukD,eACvC,MAAUhjD,MAAM,4BAA8BkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKukD,eAAewD,eAE3F,GAAI7zC,EAAOsC,4BAA4BxS,IAAIhE,KAAKukD,gBAC9C,CAAC95C,EAAMoE,UAAUkB,OAAQtF,EAAMoE,UAAUmB,MAAMmP,SAASnf,KAAKskD,eAC7D,MAAU/iD,MAAM,oCAAsCkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKukD,eAAewD,eAYnG,GAVA/nD,KAAK2kD,kBAAkB1iD,SAAQ,EAAGgS,OAAM4yC,eACtC,GAAIA,EACF,MAAUtlD,MAAM,6CAA6C0S,EACrE,IAEIjU,KAAKslD,aAAarjD,SAAQ,EAAGgG,OAAM4+C,eACjC,GAAIA,GAAa3yC,EAAOkC,eAAe3M,QAAQxB,GAAQ,EACrD,MAAU1G,MAAM,8BAA8B0G,EACtD,IAEoC,OAA5BjI,KAAKmlD,mBACP,MAAU5jD,MAAM,gGAEtB,CAOE,SAAAymD,CAAUjF,EAAO,IAAI/qC,MACnB,MAAM6vC,EAAW/wC,EAAKwB,cAAcyqC,GACpC,OAAiB,OAAb8E,KACO7nD,KAAK6kD,SAAWgD,GAAYA,EAAW7nD,KAAK8nD,oBAG3D,CAME,iBAAAA,GACE,OAAO9nD,KAAK8kD,sBAAwBv8C,IAAW,IAAIyP,KAAKhY,KAAK6kD,QAAQxsC,UAA2C,IAA/BrY,KAAKkR,wBAC1F,EAeA,SAAS+1C,GAAehzC,EAAM4yC,EAAUhgD,GACtC,MAAMsf,EAAM,GAIZ,OAHAA,EAAIrjB,KAAK6oC,GAAkB9kC,EAAKjF,OAAS,IACzCukB,EAAIrjB,KAAK,IAAIrB,WAAW,EAAEolD,EAAW,IAAO,GAAK5yC,KACjDkS,EAAIrjB,KAAK+D,GACFiQ,EAAKtS,OAAO2hB,EACrB,CASA,SAASugC,GAAkBnC,GACzB,OAAQA,GACN,KAAK95C,EAAMkD,KAAKI,OAAQ,OAAO,GAC/B,KAAKtD,EAAMkD,KAAKK,OAAQ,OAAO,GAC/B,KAAKvD,EAAMkD,KAAKM,OAAQ,OAAO,GAC/B,KAAKxD,EAAMkD,KAAKO,OAChB,KAAKzD,EAAMkD,KAAKQ,SAAU,OAAO,GACjC,KAAK1D,EAAMkD,KAAKS,SAAU,OAAO,GACjC,QAAS,MAAU7M,MAAM,6BAE7B,CCh1BA,MAAM0mD,GACJ,cAAWjqC,GACT,OAAOvT,EAAMkE,OAAOI,gBACxB,CAEE,0BAAOm5C,CAAoBC,EAAiBC,GAC1C,MAAMC,EAAa,IAAIJ,GAUvB,OATAI,EAAWzQ,QAAsC,IAA5BuQ,EAAgBvQ,QAAgB,EAAI,EACzDyQ,EAAW/D,cAAgB6D,EAAgB7D,cAC3C+D,EAAW9D,cAAgB4D,EAAgB5D,cAC3C8D,EAAW7D,mBAAqB2D,EAAgB3D,mBAChD6D,EAAW12C,YAAcw2C,EAAgBx2C,YACzC02C,EAAW1Z,KAAOwZ,EAAgBxZ,KAClC0Z,EAAW51C,kBAAoB01C,EAAgB11C,kBAE/C41C,EAAWC,MAAQF,EAAS,EAAI,EACzBC,CACX,CAEE,WAAAzoD,GAEEI,KAAK43C,QAAU,KAQf53C,KAAKskD,cAAgB,KAMrBtkD,KAAKukD,cAAgB,KAMrBvkD,KAAKwkD,mBAAqB,KAE1BxkD,KAAK2uC,KAAO,KAEZ3uC,KAAK2R,YAAc,KAEnB3R,KAAKyS,kBAAoB,KAMzBzS,KAAKsoD,MAAQ,IACjB,CAOE,IAAAjmD,CAAK8H,GACH,IAAIi9C,EAAQ,EAGZ,GADApnD,KAAK43C,QAAUztC,EAAMi9C,KACA,IAAjBpnD,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,4DAa7C,GARA53C,KAAKskD,cAAgBn6C,EAAMi9C,KAG3BpnD,KAAKukD,cAAgBp6C,EAAMi9C,KAG3BpnD,KAAKwkD,mBAAqBr6C,EAAMi9C,KAEX,IAAjBpnD,KAAK43C,QAAe,CAMtB,MAAMqO,EAAa97C,EAAMi9C,KAGzBpnD,KAAK2uC,KAAOxkC,EAAMnB,SAASo+C,EAAOA,EAAQnB,GAC1CmB,GAASnB,EAGTjmD,KAAKyS,kBAAoBtI,EAAMnB,SAASo+C,EAAOA,EAAQ,IACvDA,GAAS,GACTpnD,KAAK2R,YAAc,IAAI+xC,GAEvB1jD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBACjC,MAEMzS,KAAK2R,YAAc,IAAI+xC,GACvB1jD,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASo+C,EAAOA,EAAQ,IACpDA,GAAS,EAQX,OADApnD,KAAKsoD,MAAQn+C,EAAMi9C,KACZpnD,IACX,CAME,KAAA+C,GACE,MAAMojB,EAAM,CAAC,IAAI1kB,WAAW,CAC1BzB,KAAK43C,QACL53C,KAAKskD,cACLtkD,KAAKukD,cACLvkD,KAAKwkD,sBAYP,OAVqB,IAAjBxkD,KAAK43C,QACPzxB,EAAIrjB,KACF,IAAIrB,WAAW,CAACzB,KAAK2uC,KAAK/sC,SAC1B5B,KAAK2uC,KACL3uC,KAAKyS,mBAGP0T,EAAIrjB,KAAK9C,KAAK2R,YAAY5O,SAE5BojB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKsoD,SACvBxxC,EAAKpV,iBAAiBykB,EACjC,CAEE,gBAAAwhC,IAAoBY,GAClB,OAAOlC,GAAiB/jD,SAAY+hD,GAAgBpkD,UAAU0nD,iBAAiBrtC,YAAYta,KAAKwoD,iBAAkBD,IACtH,CAEE,YAAM5nB,GACJ,MAAM6nB,QAAyBxoD,KAAKwoD,iBACpC,IAAKA,GAAoBA,EAAiB5oD,YAAYoe,MAAQvT,EAAMkE,OAAOE,UACzE,MAAUtN,MAAM,0CAElB,GACEinD,EAAiBlE,gBAAkBtkD,KAAKskD,eACxCkE,EAAiBjE,gBAAkBvkD,KAAKukD,eACxCiE,EAAiBhE,qBAAuBxkD,KAAKwkD,qBAC5CgE,EAAiB72C,YAAYgyC,OAAO3jD,KAAK2R,cACxB,IAAjB3R,KAAK43C,SAA8C,IAA7B4Q,EAAiB5Q,SACtB,IAAjB53C,KAAK43C,SAA8C,IAA7B4Q,EAAiB5Q,SACtB,IAAjB53C,KAAK43C,UAAkB9gC,EAAKoE,iBAAiBstC,EAAiB/1C,kBAAmBzS,KAAKyS,oBACrE,IAAjBzS,KAAK43C,UAAkB9gC,EAAKoE,iBAAiBstC,EAAiB7Z,KAAM3uC,KAAK2uC,MAE1E,MAAUptC,MAAM,2EAGlB,OADAinD,EAAiB9qB,OAAS19B,KAAK09B,OACxB8qB,EAAiB7nB,OAAOrmB,MAAMkuC,EAAkBne,UAC3D,EC5KO,SAASoe,GAAiBzqC,EAAK0qC,GACpC,IAAKA,EAAe1qC,GAAM,CAExB,IAAI2qC,EACJ,IACEA,EAAal+C,EAAMpI,KAAKoI,EAAMkE,OAAQqP,EACvC,CAAC,MAAO9Z,GACP,MAAM,IAAI8oC,GAAmB,iCAAiChvB,EACpE,CACI,MAAUzc,MAAM,uCAAuConD,EAC3D,CACE,OAAO,IAAID,EAAe1qC,EAC5B,CDmKAiqC,GAAuBhoD,UAAU0N,KAAO02C,GAAgBpkD,UAAU0N,KAClEs6C,GAAuBhoD,UAAUm4C,OAASiM,GAAgBpkD,UAAUm4C,OACpE6P,GAAuBhoD,UAAUwnD,OAASpD,GAAgBpkD,UAAUwnD,OC7JpE,MAAMmB,WAAmBjpD,MAWvB,uBAAakpD,CAAW1+C,EAAOu+C,EAAgBx0C,EAASsD,GACtD,MAAMsxC,EAAU,IAAIF,GAEpB,aADME,EAAQzmD,KAAK8H,EAAOu+C,EAAgBx0C,GACnC40C,CACX,CAUE,UAAMzmD,CAAK8H,EAAOu+C,EAAgBx0C,EAASsD,GACrCtD,EAAO4B,yBAAyBlU,SAClC8mD,EAAiB,IAAKA,KAAmB5xC,EAAK+G,wBAAwB3J,EAAO4B,4BAE/E9V,KAAKgB,OAAS6gB,EAAqB1X,GAAO7H,MAAO4C,EAAUC,KACzD,MAAMxE,EAASohB,EAAiB5c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MAyCb,SAxCmBumC,GAAYhnC,GAAU5C,UACvC,IACE,GAAIymD,EAAO/qC,MAAQvT,EAAMkE,OAAOS,QAAU25C,EAAO/qC,MAAQvT,EAAMkE,OAAOW,OAASy5C,EAAO/qC,MAAQvT,EAAMkE,OAAOkB,QAKzG,OAEF,MAAMlB,EAAS85C,GAAiBM,EAAO/qC,IAAK0qC,GAC5C/5C,EAAOm6C,QAAU,IAAIF,GACrBj6C,EAAOq6C,WAAalyC,EAAK7V,SAAS8nD,EAAOp6C,cACnCA,EAAOtM,KAAK0mD,EAAOp6C,OAAQuF,SAC3BvT,EAAOoC,MAAM4L,EACpB,CAAC,MAAOzK,GAIP,GAAIA,aAAa8oC,GAAoB,CACnC,KAAI+b,EAAO/qC,KAAO,IAGhB,aAFMrd,EAAOuC,MAAMgB,EAIrC,CAEc,MAAM+kD,GAAyB/0C,EAAO0B,0BAA4B1R,aAAa4oC,GACzEoc,IAAuBh1C,EAAO2B,wBAA4B3R,aAAa4oC,IAC7E,GAAImc,GAAyBC,GAAuBjd,GAAkB8c,EAAO/qC,WAIrErd,EAAOuC,MAAMgB,OACd,CACL,MAAMilD,EAAiB,IAAIlc,GAAkB8b,EAAO/qC,IAAK+qC,EAAOp6C,cAC1DhO,EAAOoC,MAAMomD,EACnC,CACcryC,EAAK0E,gBAAgBtX,EACnC,KAKY,aAFMvD,EAAOgF,iBACPhF,EAAOsC,OAGzB,CACO,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,KAII,MAAMR,EAASoe,EAAiB9hB,KAAKgB,QACrC,OAAa,CACX,MAAMwB,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OAMrC,GALKG,EAGHxC,KAAKgB,OAAS,KAFdhB,KAAK8C,KAAKP,GAIRC,GAAQypC,GAAkB1pC,EAAM3C,YAAYoe,KAC9C,KAER,CACIta,EAAO7C,aACX,CAOE,KAAAkC,GACE,MAAMojB,EAAM,GAEZ,IAAK,IAAIrkB,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAAK,CACpC,MAAMkc,EAAMhe,KAAK8B,aAAcmrC,GAAoBjtC,KAAK8B,GAAGkc,IAAMhe,KAAK8B,GAAGlC,YAAYoe,IAC/EorC,EAAcppD,KAAK8B,GAAGiB,QAC5B,GAAI+T,EAAK7V,SAASmoD,IAAgBnd,GAAkBjsC,KAAK8B,GAAGlC,YAAYoe,KAAM,CAC5E,IAAI1U,EAAS,GACTU,EAAe,EACnB,MAAMq/C,EAAY,IAClBljC,EAAIrjB,KAAKgpC,GAAS9tB,IAClBmI,EAAIrjB,KAAKkX,EAAiBovC,GAAa7mD,IAGrC,GAFA+G,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBq/C,EAAW,CAC7B,MAAMC,EAAW7gD,KAAKud,IAAIvd,KAAK8S,IAAIvR,GAAgBvB,KAAK8gD,IAAM,EAAG,IAC3DC,EAAY,GAAKF,EACjBr/C,EAAe6M,EAAKtS,OAAO,CAAConC,GAAmB0d,IAAW9kD,OAAO8E,IAGvE,OAFAA,EAAS,CAACW,EAAajB,SAAS,EAAIwgD,IACpCx/C,EAAeV,EAAO,GAAG1H,OAClBqI,EAAajB,SAAS,EAAG,EAAIwgD,EAChD,KACW,IAAM1yC,EAAKtS,OAAO,CAACmnC,GAAkB3hC,IAAexF,OAAO8E,MACtE,KAAa,CACL,GAAIwN,EAAK7V,SAASmoD,GAAc,CAC9B,IAAIxnD,EAAS,EACbukB,EAAIrjB,KAAKkX,EAAiBgtC,EAAaoC,IAAc7mD,IACnDX,GAAUW,EAAMX,MAAM,IACrB,IAAMoqC,GAAYhuB,EAAKpc,KACpC,MACUukB,EAAIrjB,KAAKkpC,GAAYhuB,EAAKorC,EAAYxnD,SAExCukB,EAAIrjB,KAAKsmD,EACjB,CACA,CAEI,OAAOtyC,EAAKtS,OAAO2hB,EACvB,CAOE,WAAAsjC,IAAeC,GACb,MAAMC,EAAW,IAAIf,GAEfgB,EAAS5rC,GAAO2qC,GAAc3qC,IAAQ2qC,EAE5C,IAAK,IAAI7mD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3B4nD,EAAKhlD,KAAKklD,EAAO5pD,KAAK8B,GAAGlC,YAAYoe,OACvC2rC,EAAS7mD,KAAK9C,KAAK8B,IAIvB,OAAO6nD,CACX,CAOE,UAAAE,CAAW7rC,GACT,OAAOhe,KAAK8pD,MAAKn7C,GAAUA,EAAO/O,YAAYoe,MAAQA,GAC1D,CAOE,UAAA+rC,IAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOjqD,KAEP4pD,EAAS5rC,GAAO2qC,GAAc3qC,IAAQ2qC,EAE5C,IAAK,IAAI7mD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3B4nD,EAAKhlD,KAAKklD,EAAOK,EAAKnoD,GAAGlC,YAAYoe,OACvCgsC,EAASlnD,KAAKhB,GAGlB,OAAOkoD,CACX,EC1MA,MAAMtB,gBAA+B5xC,EAAK+G,wBAAwB,CAChEilC,GACAmF,GACA5D,KAWF,MAAM6F,GACJ,cAAWlsC,GACT,OAAOvT,EAAMkE,OAAOO,cACxB,CAKE,WAAAtP,CAAYsU,EAASsD,GAKnBxX,KAAK8oD,QAAU,KAKf9oD,KAAK41C,UAAY1hC,EAAOG,8BAMxBrU,KAAKmqD,WAAa,IACtB,CAOE,UAAM9nD,CAAK8H,EAAO+J,EAASsD,SACnB+rC,EAAap5C,GAAO7H,UAGxBtC,KAAK41C,gBAAkBlyC,EAAOkG,WAG9B5J,KAAKmqD,WAAazmD,EAAOgE,kBAEnB1H,KAAKoqD,WAAWl2C,EAAO,GAEnC,CAOE,KAAAnR,GAKE,OAJwB,OAApB/C,KAAKmqD,YACPnqD,KAAKqqD,WAGAvzC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK41C,YAAa51C,KAAKmqD,YAC/D,CAQE,gBAAMC,CAAWl2C,EAASsD,GACxB,MAAM8yC,EAAkB7/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK41C,WACrD2U,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUhpD,MAAS+oD,EAAH,gCAGlBtqD,KAAK8oD,cAAgBF,GAAWC,iBAAiB0B,EAAgBvqD,KAAKmqD,YAAazB,GAAgBx0C,EACvG,CAKE,QAAAm2C,GACE,MAAMC,EAAkB7/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK41C,WACrD6U,EAAgBC,GAAaJ,GACnC,IAAKG,EACH,MAAUlpD,MAAS+oD,EAAH,8BAGlBtqD,KAAKmqD,WAAaM,EAAczqD,KAAK8oD,QAAQ/lD,QACjD,EAiBA,SAAS0K,GAAKk9C,EAA+BC,GAC3C,OAAO/jD,IACL,IAAKiQ,EAAK7V,SAAS4F,IAASob,EAAqBpb,GAC/C,OAAOw/C,GAAiB,IAAMnkC,EAAiBrb,GAAMhE,MAAKgoD,GACjD,IAAI3qD,SAAQ,CAACC,EAASC,KAC3B,MAAM0qD,EAAa,IAAIF,EACvBE,EAAWjK,OAASkK,IAClB5qD,EAAQ4qD,EAAc,EAExB,IACED,EAAWhoD,KAAK+nD,GAAW,EAC5B,CAAC,MAAOv0B,GACPl2B,EAAOk2B,EACnB,SAMI,GAAIq0B,EACF,IACE,MAAMK,EAA2BL,IACjC,OAAO9jD,EAAKokD,YAAYD,EACzB,CAAC,MAAO10B,GAEP,GAAiB,cAAbA,EAAIruB,KACN,MAAMquB,CAEhB,CAII,MAAM40B,EAAcrkD,EAAKrG,YACnBsqD,EAAa,IAAIF,EAEvB,OAAO,IAAIzpD,eAAe,CACxB,WAAMiD,CAAMC,GAQV,IAPAymD,EAAWjK,OAASv+C,MAAOC,EAAO6lD,KAChC/jD,EAAWC,QAAQ/B,GACf6lD,GACF/jD,EAAWpB,OACvB,IAGqB,CACX,MAAMT,KAAEA,EAAID,MAAEA,SAAgB2oD,EAAY7oD,OAC1C,GAAIG,EAEF,YADAsoD,EAAWhoD,KAAK,IAAIrB,YAAc,GAEzBc,EAAMX,QACfkpD,EAAWhoD,KAAKP,EAE5B,CACA,GACM,CAEN,CAEA,SAAS4oD,KACP,OAAO7oD,eAAeuE,GACpB,MAAQkU,OAAQqwC,SAAuBlrD,QAA4BC,UAAA0C,MAAA,WAAA,OAAAsa,EAAA,IACnE,OAAOkpC,GAAiB/jD,SAAY8oD,QAAmBlpC,EAAiBrb,KACzE,CACH,CASA,MAAMwkD,GAAoCC,IAAsB,CAC9DC,WAAyC,oBAAtBC,mBAAsC,KAAM,IAAIA,kBAAkBF,IACrFG,aAA6C,oBAAxBC,qBAAwC,KAAM,IAAIA,oBAAoBJ,MAGvFZ,GAAe,CACnBl9C,iBAAmBC,GAAK49C,GAAkC,eAAeE,WAAY5K,IACrFlzC,kBAAoBA,GAAK49C,GAAkC,WAAWE,WAAYhJ,KAG9EiI,GAAiB,CACrBj9C,aAAc1G,GAAQA,EACtB2G,iBAAmBC,GAAK49C,GAAkC,eAAeI,aAAc3K,IACvFrzC,kBAAoBA,GAAK49C,GAAkC,WAAWI,aAAc7I,IACpFl1C,mBAAqBy9C,MCvMjBzC,gBAA+B5xC,EAAK+G,wBAAwB,CAChEilC,GACAoH,GACAjC,GACA5D,KAaF,MAAMsH,GACJ,cAAW3tC,GACT,OAAOvT,EAAMkE,OAAOe,kCACxB,CAEE,iBAAOimC,EAAWiC,QAAEA,EAAOgU,cAAEA,IAC3B,GAAgB,IAAZhU,GAA6B,IAAZA,EACnB,MAAUr2C,MAAM,6BAGlB,MAAMsqD,EAAO,IAAIF,GAMjB,OALAE,EAAKjU,QAAUA,EACC,IAAZA,IACFiU,EAAKD,cAAgBA,GAGhBC,CACX,CAEE,WAAAjsD,GACEI,KAAK43C,QAAU,KAIf53C,KAAK8rD,gBAAkB,KAEvB9rD,KAAK4rD,cAAgB,KACrB5rD,KAAK+rD,cAAgB,KACrB/rD,KAAK2uC,KAAO,KAEZ3uC,KAAKgsD,UAAY,KACjBhsD,KAAK8oD,QAAU,IACnB,CAEE,UAAMzmD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UAGxB,GAFAtC,KAAK43C,cAAgBl0C,EAAOkG,WAEP,IAAjB5J,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,8CAGxB,IAAjB53C,KAAK43C,UAEP53C,KAAK8rD,sBAAwBpoD,EAAOkG,WAEpC5J,KAAK4rD,oBAAsBloD,EAAOkG,WAElC5J,KAAK+rD,oBAAsBroD,EAAOkG,WAElC5J,KAAK2uC,WAAajrC,EAAOqG,UAAU,KAUrC/J,KAAKgsD,UAAYtoD,EAAOgE,WAAW,GAEzC,CAEE,KAAA3E,GACE,OAAqB,IAAjB/C,KAAK43C,QACA9gC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,QAAS53C,KAAK8rD,gBAAiB9rD,KAAK4rD,cAAe5rD,KAAK+rD,gBAAiB/rD,KAAK2uC,KAAM3uC,KAAKgsD,YAE7Hl1C,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,UAAW53C,KAAKgsD,WAC7D,CAWE,aAAMh+B,CAAQi+B,EAAqBt7C,EAAKuD,EAASsD,GAM/C,MAAM0L,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBipC,GACtD,GAAIt7C,EAAI/O,SAAWqhB,EACjB,MAAU1hB,MAAM,+BAGlB,IAAI4I,EAAQnK,KAAK8oD,QAAQ/lD,QAGzB,GAFIkf,EAAqB9X,KAAQA,QAAc+X,EAAiB/X,IAE3C,IAAjBnK,KAAK43C,QACP53C,KAAK8rD,gBAAkBG,EAEvBjsD,KAAK2uC,KAAOvyB,GAAOy6B,OAAOhb,eAAe,IACzC77B,KAAK+rD,cAAgB73C,EAAOO,kBAC5BzU,KAAKgsD,gBAAkBE,GAAQlsD,KAAM,UAAW2Q,EAAKxG,OAChD,CACL,MAAMiP,QAAegD,GAAO+vC,gBAAgBF,GACtCG,EAAM,IAAI3qD,WAAW,CAAC,IAAM,KAE5B4qD,EAASv1C,EAAKtS,OAAO,CAAC4U,EAAQjP,EAAOiiD,IACrCz+C,QAAayO,GAAOzO,KAAKE,KAAK2U,EAAoB6pC,IAClD/8B,EAAYxY,EAAKtS,OAAO,CAAC6nD,EAAQ1+C,IAEvC3N,KAAKgsD,gBAAkB5vC,GAAOqX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAK2e,EAAW,IAAI7tB,WAAWyhB,GAAYhP,EACrH,CACI,OAAO,CACX,CAWE,aAAMoa,CAAQ29B,EAAqBt7C,EAAKuD,EAASsD,GAM/C,GAAI7G,EAAI/O,SAAWwa,GAAO4G,gBAAgBipC,GAAqBhpC,QAC7D,MAAU1hB,MAAM,+BAGlB,IAGI6nD,EAHA4C,EAAYhF,EAAahnD,KAAKgsD,WAIlC,GAHI/pC,EAAqB+pC,KAAYA,QAAkB9pC,EAAiB8pC,IAGnD,IAAjBhsD,KAAK43C,QAAe,CACtB,GAAI53C,KAAK8rD,kBAAoBG,EAE3B,MAAU1qD,MAAM,oCAElB6nD,QAAoB8C,GAAQlsD,KAAM,UAAW2Q,EAAKq7C,EACxD,KAAW,CACL,MAAM9oC,UAAEA,GAAc9G,GAAO4G,gBAAgBipC,GACvCK,QAAkBlwC,GAAOqX,KAAK3C,IAAIxC,QAAQ29B,EAAqBt7C,EAAKq7C,EAAW,IAAIvqD,WAAWyhB,IAI9FqpC,EAAWxF,EAAavkC,EAAoB8pC,IAAa,IACzDD,EAAStF,EAAauF,EAAW,GAAI,IACrCE,EAAatsD,QAAQ4E,IAAI,CAC7Bod,QAAuB9F,GAAOzO,KAAKE,KAAK2U,EAAoB6pC,KAC5DnqC,EAAiBqqC,KAChB1pD,MAAK,EAAE8K,EAAMy+C,MACd,IAAKt1C,EAAKoE,iBAAiBvN,EAAMy+C,GAC/B,MAAU7qD,MAAM,0BAElB,OAAO,IAAIE,UAAY,IAEnB0I,EAAQ48C,EAAasF,EAAQnpC,EAAY,GAC/CkmC,EAAcrC,EAAa58C,EAAO,GAAI,GACtCi/C,EAAcpuC,EAAc,CAACouC,EAAa/C,GAAiB,IAAMmG,MAC5D11C,EAAK7V,SAAS+qD,IAAe93C,EAAOiB,6BACvCi0C,QAAoBlnC,EAAiBknC,GAE7C,CAGI,OADAppD,KAAK8oD,cAAgBF,GAAWC,WAAWO,EAAaV,GAAgBx0C,IACjE,CACX,EAaO5R,eAAe4pD,GAAQv9C,EAAQ1H,EAAI0J,EAAK9J,GAC7C,MAAM4lD,EAAY99C,aAAkBg9C,IAA+D,IAAnBh9C,EAAOipC,QACjF8U,GAAWD,GAAa99C,EAAO/O,YAAYoe,MAAQvT,EAAMkE,OAAOiB,kBACtE,IAAK68C,IAAcC,EAAS,MAAUnrD,MAAM,0BAE5C,MAAMkyB,EAAOrX,GAAOuwC,YAAYh+C,EAAOi9C,eACjCgB,EAA+B,YAAP3lD,EAAmBwsB,EAAKvC,UAAY,EAC5D27B,EAA+B,YAAP5lD,EAAmBwsB,EAAKvC,UAAY,EAC5Ds4B,EAAY,IAAM76C,EAAOo9C,cAAgB,GAAKa,EAC9CE,EAAyBJ,EAAU,EAAI,EACvCK,EAAc,IAAInsC,YAAY,GAAKksC,GACnCE,EAAa,IAAIvrD,WAAWsrD,EAAa,EAAG,EAAID,GAChDG,EAAgB,IAAIxrD,WAAWsrD,GAC/BG,EAAY,IAAIrsC,SAASksC,GACzBI,EAAkB,IAAI1rD,WAAWsrD,EAAa,EAAG,GACvDC,EAAW7qD,IAAI,CAAC,IAAOwM,EAAO/O,YAAYoe,IAAKrP,EAAOipC,QAASjpC,EAAOm9C,gBAAiBn9C,EAAOi9C,cAAej9C,EAAOo9C,eAAgB,GACpI,IAIIt8B,EACA29B,EALAz1B,EAAa,EACb01B,EAAgBntD,QAAQC,UACxBmtD,EAAe,EACfC,EAAc,EAGlB,GAAId,EAAW,CACb,MAAMxpC,QAAEA,GAAY7G,GAAO4G,gBAAgBrU,EAAOm9C,kBAC5Ct1B,SAAEA,GAAa/C,EACfmb,EAAO,IAAIntC,WAAWsrD,EAAa,EAAG,GACtCS,QAAgB/e,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAKhC,EAAOggC,KAAMC,EAAM3rB,EAAUuT,GACvF7lB,EAAM68C,EAAQxkD,SAAS,EAAGia,GAC1BwM,EAAK+9B,EAAQxkD,SAASia,GACtBwM,EAAG/H,KAAK,EAAG+H,EAAG7tB,OAAS,GACvBwrD,EAAS,IAAIvsC,SAAS4O,EAAGnmB,OAAQmmB,EAAGplB,WAAYolB,EAAGnlB,WACvD,MACImlB,EAAK9gB,EAAO8gB,GAGd,MAAMg+B,QAAqBh6B,EAAK9kB,EAAOm9C,gBAAiBn7C,GACxD,OAAOkR,EAAqBhb,GAAMvE,MAAO4C,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7V,SAASiE,GAAuB,CACvC,MAAMoE,EAAS,IAAItD,gBAAgB,GAAI,CACrCQ,cAAesQ,EAAK6F,yBAA2B,IAAMhO,EAAOo9C,cAAgB,GAC5E2B,KAAM1xC,GAASA,EAAMpa,SAEvB+rD,EAAYrkD,EAAOpE,SAAUC,GAC7BA,EAAWmE,EAAOnE,QACxB,CACI,MAAMzB,EAASoe,EAAiB5c,GAC1BvE,EAASohB,EAAiB5c,GAChC,IACE,OAAa,CACX,IAAInC,QAAcU,EAAOqG,UAAUy/C,EAAYoD,IAA0B,IAAInrD,WAC7E,MAAMmsD,EAAa5qD,EAAMgG,SAAShG,EAAMpB,OAASgrD,GAEjD,IAAIiB,EACArrD,EACAksB,EACJ,GAJA1rB,EAAQA,EAAMgG,SAAS,EAAGhG,EAAMpB,OAASgrD,GAIrCH,EACF/9B,EAAQe,MACH,CACLf,EAAQe,EAAG9sB,QACX,IAAK,IAAIb,EAAI,EAAGA,EAAI,EAAGA,IACrB4sB,EAAMe,EAAG7tB,OAAS,EAAIE,IAAMqrD,EAAgBrrD,EAExD,CA0BQ,IAzBK61B,GAAc30B,EAAMpB,QACvB8B,EAAOiG,QAAQikD,GACfC,EAAiBJ,EAAaxmD,GAAIjE,EAAO0rB,EAAOs+B,GAChDa,EAAextD,OAAM,SACrBktD,GAAevqD,EAAMpB,OAASgrD,EAAwBC,IAKtDK,EAAUY,SAAS,EAAIhB,EAAyB,EAAGQ,GACnDO,EAAiBJ,EAAaxmD,GAAI2mD,EAAYl/B,EAAOu+B,GACrDY,EAAextD,OAAM,SACrBktD,GAAeV,EACfrqD,GAAO,GAET8qD,GAAgBtqD,EAAMpB,OAASgrD,EAE/BS,EAAgBA,EAAcxqD,MAAK,IAAMgrD,IAAgBhrD,MAAKP,gBACtD3B,EAAOgF,YACPhF,EAAOoC,MAAMq2B,GACnBm0B,GAAen0B,EAAQx3B,MAAM,IAC5BvB,OAAMi2B,GAAO31B,EAAOuC,MAAMozB,MACzB9zB,GAAQ+qD,EAAc5sD,EAAOotD,oBACzBV,EAEH7qD,EAME,OACC7B,EAAOsC,QACb,KACV,CARcwpD,EACFW,EAAOU,SAASr+B,EAAG7tB,OAAS,IAAK+1B,GAEjCu1B,EAAUY,SAAS,IAASn2B,EAMxC,CACK,CAAC,MAAOzzB,SACDvD,EAAOgF,MAAMtF,OAAM,eACnBM,EAAOuC,MAAMgB,EACzB,IAEA,CC/SA,MAAMwkD,gBAA+B5xC,EAAK+G,wBAAwB,CAChEilC,GACAoH,GACAjC,GACA5D,KAYF,MAAM2J,GACJ,cAAWhwC,GACT,OAAOvT,EAAMkE,OAAOiB,iBACxB,CAEE,WAAAhQ,GACEI,KAAK43C,QAfO,EAiBZ53C,KAAK8rD,gBAAkB,KAEvB9rD,KAAK4rD,cAAgBnhD,EAAM6D,KAAKC,IAChCvO,KAAK+rD,cAAgB,KACrB/rD,KAAKyvB,GAAK,KACVzvB,KAAKgsD,UAAY,KACjBhsD,KAAK8oD,QAAU,IACnB,CAOE,UAAMzmD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UACxB,MAAMs1C,QAAgBl0C,EAAOkG,WAC7B,GAlCU,IAkCNguC,EACF,MAAM,IAAI9K,GAAiB,WAAW8K,yDAExC53C,KAAK8rD,sBAAwBpoD,EAAOkG,WACpC5J,KAAK4rD,oBAAsBloD,EAAOkG,WAClC5J,KAAK+rD,oBAAsBroD,EAAOkG,WAElC,MAAM6pB,EAAOrX,GAAOuwC,YAAY3sD,KAAK4rD,eACrC5rD,KAAKyvB,SAAW/rB,EAAOqG,UAAU0pB,EAAK+C,UACtCx2B,KAAKgsD,UAAYtoD,EAAOgE,WAAW,GAEzC,CAME,KAAA3E,GACE,OAAO+T,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,QAAS53C,KAAK8rD,gBAAiB9rD,KAAK4rD,cAAe5rD,KAAK+rD,gBAAiB/rD,KAAKyvB,GAAIzvB,KAAKgsD,WACpI,CAUE,aAAM19B,CAAQ29B,EAAqBt7C,EAAKuD,EAASsD,GAC/CxX,KAAK8oD,cAAgBF,GAAWC,iBACxBqD,GAAQlsD,KAAM,UAAW2Q,EAAKq2C,EAAahnD,KAAKgsD,YACtDtD,GACAx0C,EAEN,CAUE,aAAM8Z,CAAQi+B,EAAqBt7C,EAAKuD,EAASsD,GAC/CxX,KAAK8rD,gBAAkBG,EAEvB,MAAMz1B,SAAEA,GAAapa,GAAOuwC,YAAY3sD,KAAK4rD,eAC7C5rD,KAAKyvB,GAAKrT,GAAOy6B,OAAOhb,eAAerF,GACvCx2B,KAAK+rD,cAAgB73C,EAAOO,kBAC5B,MAAM5N,EAAO7G,KAAK8oD,QAAQ/lD,QAC1B/C,KAAKgsD,gBAAkBE,GAAQlsD,KAAM,UAAW2Q,EAAK9J,EACzD,ECvFA,MAAMonD,GACJ,cAAWjwC,GACT,OAAOvT,EAAMkE,OAAOC,4BACxB,CAEE,WAAAhP,GACEI,KAAK43C,QAAU,KAGf53C,KAAKkuD,YAAc,IAAIxK,GAGvB1jD,KAAKmuD,iBAAmB,KACxBnuD,KAAKouD,qBAAuB,KAG5BpuD,KAAKwkD,mBAAqB,KAE1BxkD,KAAKquD,WAAa,KAKlBruD,KAAKisD,oBAAsB,KAG3BjsD,KAAKgsD,UAAY,CAAE,CACvB,CAEE,iBAAOrW,EAAWiC,QAChBA,EAAO0W,oBAAEA,EAAmBC,mBAAEA,EAAkBF,WAAEA,EAAUpC,oBAAEA,IAE9D,MAAMuC,EAAQ,IAAIP,GAElB,GAAgB,IAAZrW,GAA6B,IAAZA,EACnB,MAAUr2C,MAAM,6BAelB,OAZAitD,EAAM5W,QAAUA,EAEA,IAAZA,IACF4W,EAAML,iBAAmBI,EAAqB,KAAOD,EAAoB1W,QACzE4W,EAAMJ,qBAAuBG,EAAqB,KAAOD,EAAoB9H,uBAG/EgI,EAAMN,YAAcK,EAAqB7K,GAAMQ,WAAaoK,EAAoB7H,WAChF+H,EAAMhK,mBAAqB8J,EAAoB1Y,UAC/C4Y,EAAMH,WAAaA,EACnBG,EAAMvC,oBAAsBA,EAErBuC,CACX,CAOE,IAAAnsD,CAAK8H,GACH,IAAI0O,EAAS,EAEb,GADA7Y,KAAK43C,QAAUztC,EAAM0O,KACA,IAAjB7Y,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,+CAE7C,GAAqB,IAAjB53C,KAAK43C,QAAe,CAKtB,MAAM6W,EAA8BtkD,EAAM0O,KAC1C,GAAI41C,EAA6B,CAC/BzuD,KAAKmuD,iBAAmBhkD,EAAM0O,KAC9B,MAAM61C,EAAoBD,EAA8B,EACxDzuD,KAAKouD,qBAAuBjkD,EAAMnB,SAAS6P,EAAQA,EAAS61C,GAAoB71C,GAAU61C,EACtF1uD,KAAKmuD,kBAAoB,EAE3BnuD,KAAKkuD,YAAY7rD,KAAKrC,KAAKouD,sBAG3BpuD,KAAKkuD,YAAY7rD,KAAKrC,KAAKouD,qBAAqBplD,UAAU,GAEpE,MAGQhJ,KAAKkuD,YAAcxK,GAAMQ,UAEjC,MACMrrC,GAAU7Y,KAAKkuD,YAAY7rD,KAAK8H,EAAMnB,SAAS6P,EAAQA,EAAS,IAIlE,GAFA7Y,KAAKwkD,mBAAqBr6C,EAAM0O,KAChC7Y,KAAKgsD,UAAY5vC,GAAOuyC,yBAAyB3uD,KAAKwkD,mBAAoBr6C,EAAMnB,SAAS6P,IACrF7Y,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUW,QAAU1M,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUY,KACpG,GAAqB,IAAjB3M,KAAK43C,QACP53C,KAAKisD,oBAAsBxhD,EAAM1H,MAAM0H,EAAMoC,UAAW7M,KAAKgsD,UAAUxX,EAAEoB,gBACpE,GAAmC,OAA/B51C,KAAKgsD,UAAUxX,EAAEoB,UAC1B,MAAUr0C,MAAM,2CAGxB,CAOE,KAAAwB,GACE,MAAMojB,EAAM,CACV,IAAI1kB,WAAW,CAACzB,KAAK43C,WAsBvB,OAnBqB,IAAjB53C,KAAK43C,QAC2B,OAA9B53C,KAAKouD,sBACPjoC,EAAIrjB,KAAK,IAAIrB,WAAW,CACtBzB,KAAKouD,qBAAqBxsD,OAAS,EACnC5B,KAAKmuD,oBAEPhoC,EAAIrjB,KAAK9C,KAAKouD,uBAEdjoC,EAAIrjB,KAAK,IAAIrB,WAAW,CAAC,KAG3B0kB,EAAIrjB,KAAK9C,KAAKkuD,YAAYnrD,SAG5BojB,EAAIrjB,KACF,IAAIrB,WAAW,CAACzB,KAAKwkD,qBACrBpoC,GAAOkqC,gBAAgBtmD,KAAKwkD,mBAAoBxkD,KAAKgsD,YAGhDl1C,EAAKpV,iBAAiBykB,EACjC,CAQE,aAAM6H,CAAQrd,GACZ,MAAM+R,EAAOjY,EAAM1H,MAAM0H,EAAMsB,UAAW/L,KAAKwkD,oBAGzCyH,EAAuC,IAAjBjsD,KAAK43C,QAAgB53C,KAAKisD,oBAAsB,KACtE/Y,EAA8B,IAAhBviC,EAAIinC,QAAgBjnC,EAAI61C,sBAAsBx9C,SAAS,EAAG,IAAM2H,EAAI61C,sBAClFznC,EAAU6vC,GAAiB5uD,KAAK43C,QAASl1B,EAAMupC,EAAqBjsD,KAAKquD,YAC/EruD,KAAKgsD,gBAAkB5vC,GAAOyyC,iBAC5BnsC,EAAMupC,EAAqBt7C,EAAI2kC,aAAcv2B,EAASm0B,EAC5D,CAUE,aAAM5kB,CAAQ3d,EAAKm+C,GAEjB,GAAI9uD,KAAKwkD,qBAAuB7zC,EAAIilC,UAClC,MAAUr0C,MAAM,oBAGlB,MAAM67B,EAAgB0xB,EACpBF,GAAiB5uD,KAAK43C,QAAS53C,KAAKwkD,mBAAoBsK,EAAiB7C,oBAAqB6C,EAAiBT,YAC/G,KACInb,EAA8B,IAAhBviC,EAAIinC,QAAgBjnC,EAAI61C,sBAAsBx9C,SAAS,EAAG,IAAM2H,EAAI61C,sBAClFuI,QAAsB3yC,GAAO4yC,iBAAiBhvD,KAAKwkD,mBAAoB7zC,EAAI2kC,aAAc3kC,EAAIslC,cAAej2C,KAAKgsD,UAAW9Y,EAAa9V,IAEzIixB,WAAEA,EAAUpC,oBAAEA,GAuCxB,SAA0BrU,EAAStB,EAASyY,EAAeD,GACzD,OAAQxY,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAAM,CAEzB,MAAMtK,EAASgtD,EAAc/lD,SAAS,EAAG+lD,EAAcntD,OAAS,GAC1Di3B,EAAWk2B,EAAc/lD,SAAS+lD,EAAcntD,OAAS,GACzDqtD,EAAmBn4C,EAAKuE,cAActZ,EAAOiH,SAASjH,EAAOH,OAAS,IACtEstD,EAAkBD,EAAiB,KAAOp2B,EAAS,GAAKo2B,EAAiB,KAAOp2B,EAAS,GACzFs2B,EAAkC,IAAZvX,EAC1B,CAAEqU,oBAAqB,KAAMoC,WAAYtsD,GACzC,CAAEkqD,oBAAqBlqD,EAAO,GAAIssD,WAAYtsD,EAAOiH,SAAS,IAChE,GAAI8lD,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBlD,sBAAwB6C,EAAiB7C,oBAC7DkD,EAAoBd,WAAWzsD,SAAWktD,EAAiBT,WAAWzsD,OACxE,MAAO,CACLysD,WAAYv3C,EAAKuH,iBAAiB+wC,EAAgBD,EAAoBd,WAAYS,EAAiBT,YACnGpC,oBAAiC,IAAZrU,EAAgB,KAAO9gC,EAAK0H,YAC/C4wC,EACAD,EAAoBlD,oBACpB6C,EAAiB7C,qBAG7B,CAGQ,GAFuBiD,IACT,IAAZtX,GAAiBntC,EAAMpI,KAAKoI,EAAMoC,UAAWsiD,EAAoBlD,sBAEjE,OAAOkD,EAEP,MAAU5tD,MAAM,mBAG1B,CACI,KAAKkJ,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,MAAO,CACLs/C,oBAAqB,KACrBoC,WAAYU,GAEhB,QACE,MAAUxtD,MAAM,oCAEtB,CAtFgD8tD,CAAiBrvD,KAAK43C,QAAS53C,KAAKwkD,mBAAoBuK,EAAeD,GAEnH,GAAqB,IAAjB9uD,KAAK43C,QAAe,CAEtB,MAAM0X,EAAmBtvD,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUW,QAAU1M,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUY,KAG3H,GAFA3M,KAAKisD,oBAAsBqD,EAAmBrD,EAAsBjsD,KAAKisD,oBAErEoC,EAAWzsD,SAAWwa,GAAO4G,gBAAgBhjB,KAAKisD,qBAAqBhpC,QACzE,MAAU1hB,MAAM,8BAExB,CACIvB,KAAKquD,WAAaA,CACtB,EAMA,SAASO,GAAiBhX,EAAStB,EAAS53B,EAAY6wC,GACtD,OAAQjZ,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAEnB,OAAOyK,EAAKpV,iBAAiB,CAC3B,IAAID,WAAuB,IAAZm2C,EAAgB,GAAK,CAACl5B,IACrC6wC,EACAz4C,EAAKuE,cAAck0C,EAAevmD,SAASumD,EAAe3tD,OAAS,MAEvE,KAAK6I,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO4iD,EACT,QACE,MAAUhuD,MAAM,oCAEtB,CC9MA,MAAMiuD,GACJ,cAAWxxC,GACT,OAAOvT,EAAMkE,OAAOG,sBACxB,CAKE,WAAAlP,CAAYsU,EAASsD,GACnBxX,KAAK43C,QAAU1jC,EAAOI,YAAc,EAAI,EACxCtU,KAAKquD,WAAa,KAKlBruD,KAAKyvD,8BAAgC,KAKrCzvD,KAAKisD,oBAAsB,KAK3BjsD,KAAK4rD,cAAgBnhD,EAAM1H,MAAM0H,EAAM6D,KAAM4F,EAAOM,wBACpDxU,KAAKgsD,UAAY,KACjBhsD,KAAKyL,IAAM,KACXzL,KAAKyvB,GAAK,IACd,CAOE,IAAAptB,CAAK8H,GACH,IAAI0O,EAAS,EAIb,GADA7Y,KAAK43C,QAAUztC,EAAM0O,KACA,IAAjB7Y,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QACnD,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,+CAGxB,IAAjB53C,KAAK43C,SAEP/+B,IAIF,MAAM6J,EAAOvY,EAAM0O,KAEf7Y,KAAK43C,SAAW,IAElB53C,KAAK4rD,cAAgBzhD,EAAM0O,KAEN,IAAjB7Y,KAAK43C,SAEP/+B,KAKJ,MAAMjE,EAAUzK,EAAM0O,KAItB,GAHA7Y,KAAKyL,IAAM8sC,GAAe3jC,GAC1BiE,GAAU7Y,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAAS6P,EAAQ1O,EAAMvI,SAEjD5B,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOrX,GAAOuwC,YAAY3sD,KAAK4rD,eAIrC5rD,KAAKyvB,GAAKtlB,EAAMnB,SAAS6P,EAAQA,GAAU4a,EAAK+C,SACtD,CAIQx2B,KAAK43C,SAAW,GAAK/+B,EAAS1O,EAAMvI,QACtC5B,KAAKgsD,UAAY7hD,EAAMnB,SAAS6P,EAAQ1O,EAAMvI,QAC9C5B,KAAKyvD,8BAAgC/sC,GAErC1iB,KAAKisD,oBAAsBvpC,CAEjC,CAOE,KAAA3f,GACE,MAAM2f,EAA0B,OAAnB1iB,KAAKgsD,UAChBhsD,KAAKisD,oBACLjsD,KAAKyvD,8BAEP,IAAItlD,EAEJ,MAAMsB,EAAMzL,KAAKyL,IAAI1I,QACrB,GAAqB,IAAjB/C,KAAK43C,QAAe,CACtB,MAAM8X,EAASjkD,EAAI7J,OACb+tD,EAAY,EAAID,EAAS1vD,KAAKyvB,GAAG7tB,OACvCuI,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAAS+X,EAAWjtC,EAAM1iB,KAAK4rD,cAAe8D,IAAUjkD,EAAKzL,KAAKyvB,GAAIzvB,KAAKgsD,WACrI,MAAgC,IAAjBhsD,KAAK43C,QACdztC,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAASl1B,EAAM1iB,KAAK4rD,gBAAiBngD,EAAKzL,KAAKyvB,GAAIzvB,KAAKgsD,aAE5G7hD,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAASl1B,IAAQjX,IAE9C,OAAnBzL,KAAKgsD,YACP7hD,EAAQ2M,EAAKpV,iBAAiB,CAACyI,EAAOnK,KAAKgsD,cAI/C,OAAO7hD,CACX,CAQE,aAAMmkB,CAAQkpB,GACZ,MAAM90B,EAA8C,OAAvC1iB,KAAKyvD,8BAChBzvD,KAAKyvD,8BACLzvD,KAAKisD,qBAED/oC,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD/R,QAAY3Q,KAAKyL,IAAI8rC,WAAWC,EAAYv0B,GAElD,GAAIjjB,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOrX,GAAOuwC,YAAY3sD,KAAK4rD,eAC/Bx0B,EAAQ,IAAI31B,WAAW,CAAC,IAAO+tD,GAA6BxxC,IAAKhe,KAAK43C,QAAS53C,KAAKyvD,8BAA+BzvD,KAAK4rD,gBACxHhc,EAAiC,IAAjB5vC,KAAK43C,cAAsBnJ,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc21B,EAAOnU,GAAWtS,EACnH88C,QAAqBh6B,EAAK/Q,EAAMktB,GACtC5vC,KAAKquD,iBAAmBZ,EAAan/B,QAAQtuB,KAAKgsD,UAAWhsD,KAAKyvB,GAAI2H,EAC5E,MAAW,GAAuB,OAAnBp3B,KAAKgsD,UAAoB,CAClC,MAAMM,QAAkBlwC,GAAOqX,KAAK3C,IAAIxC,QAAQ5L,EAAM/R,EAAK3Q,KAAKgsD,UAAW,IAAIvqD,WAAWyhB,IAI1F,GAFAljB,KAAKisD,oBAAsBxhD,EAAM1H,MAAM0H,EAAMoC,UAAWy/C,EAAU,IAClEtsD,KAAKquD,WAAa/B,EAAUtjD,SAAS,EAAGsjD,EAAU1qD,QAC9C5B,KAAKquD,WAAWzsD,SAAWwa,GAAO4G,gBAAgBhjB,KAAKisD,qBAAqBhpC,QAC9E,MAAU1hB,MAAM,8BAExB,MAEMvB,KAAKquD,WAAa19C,CAExB,CASE,aAAMqd,CAAQwpB,EAAYtjC,EAASsD,GACjC,MAAMkL,EAA8C,OAAvC1iB,KAAKyvD,8BAChBzvD,KAAKyvD,8BACLzvD,KAAKisD,oBAEPjsD,KAAKyvD,8BAAgC/sC,EAErC1iB,KAAKyL,IAAM+sC,GAAiBtkC,GAC5BlU,KAAKyL,IAAI6rC,eAET,MAAMp0B,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD/R,QAAY3Q,KAAKyL,IAAI8rC,WAAWC,EAAYv0B,GAMlD,GAJwB,OAApBjjB,KAAKquD,aACPruD,KAAKquD,WAAajyC,GAAOwzC,mBAAmB5vD,KAAKisD,sBAG/CjsD,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOrX,GAAOuwC,YAAY3sD,KAAK4rD,eACrC5rD,KAAKyvB,GAAKrT,GAAOy6B,OAAOhb,eAAepI,EAAK+C,UAC5C,MAAMY,EAAQ,IAAI31B,WAAW,CAAC,IAAO+tD,GAA6BxxC,IAAKhe,KAAK43C,QAAS53C,KAAKyvD,8BAA+BzvD,KAAK4rD,gBACxHhc,EAAiC,IAAjB5vC,KAAK43C,cAAsBnJ,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc21B,EAAOnU,GAAWtS,EACnH88C,QAAqBh6B,EAAK/Q,EAAMktB,GACtC5vC,KAAKgsD,gBAAkByB,EAAaz/B,QAAQhuB,KAAKquD,WAAYruD,KAAKyvB,GAAI2H,EAC5E,KAAW,CACL,MAAMrD,EAAYjd,EAAKpV,iBAAiB,CACtC,IAAID,WAAW,CAACzB,KAAKisD,sBACrBjsD,KAAKquD,aAEPruD,KAAKgsD,gBAAkB5vC,GAAOqX,KAAK3C,IAAI9C,QAAQtL,EAAM/R,EAAKojB,EAAW,IAAItyB,WAAWyhB,GAAYhP,EACtG,CACA,EC/LA,MAAM27C,GACJ,cAAW7xC,GACT,OAAOvT,EAAMkE,OAAO5C,SACxB,CAME,WAAAnM,CAAYmjD,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAKtCxX,KAAK43C,QAAU1jC,EAAOQ,OAAS,EAAI,EAKnC1U,KAAK6kD,QAAU/tC,EAAKwB,cAAcyqC,GAKlC/iD,KAAK41C,UAAY,KAKjB51C,KAAKs1C,aAAe,KAKpBt1C,KAAK8vD,iBAAmB,EAKxB9vD,KAAKkzC,YAAc,KAKnBlzC,KAAK4jD,MAAQ,IACjB,CAQE,0BAAOmM,CAAoBC,GACzB,MAAMC,EAAY,IAAIJ,IAChBjY,QAAEA,EAAOiN,QAAEA,EAAOjP,UAAEA,EAASN,aAAEA,EAAYsO,MAAEA,EAAK1Q,YAAEA,GAAgB8c,EAO1E,OANAC,EAAUrY,QAAUA,EACpBqY,EAAUpL,QAAUA,EACpBoL,EAAUra,UAAYA,EACtBqa,EAAU3a,aAAeA,EACzB2a,EAAUrM,MAAQA,EAClBqM,EAAU/c,YAAcA,EACjB+c,CACX,CAQE,UAAM5tD,CAAK8H,EAAO+J,EAASsD,GACzB,IAAIxV,EAAM,EAGV,GADAhC,KAAK43C,QAAUztC,EAAMnI,KACA,IAAjBhC,KAAK43C,UAAkB1jC,EAAOS,wBAChC,MAAM,IAAIm4B,GAAiB,mGAG7B,GAAqB,IAAjB9sC,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAAe,CAElE53C,KAAK6kD,QAAU/tC,EAAKiB,SAAS5N,EAAMnB,SAAShH,EAAKA,EAAM,IACvDA,GAAO,EAGPhC,KAAK41C,UAAYzrC,EAAMnI,KAEnBhC,KAAK43C,SAAW,IAElB51C,GAAO,GAIT,MAAMK,KAAEA,EAAIizC,aAAEA,GAAiBl5B,GAAO8zC,qBAAqBlwD,KAAK41C,UAAWzrC,EAAMnB,SAAShH,IAG1F,GACmB,IAAjBhC,KAAK43C,SACLtC,EAAa/J,MACX+J,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMU,kBAC3CkqC,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMQ,eAG7C,MAAU3J,MAAM,iDAOlB,OALAvB,KAAKs1C,aAAeA,EACpBtzC,GAAOK,QAGDrC,KAAKmwD,6BACJnuD,CACb,CACI,MAAM,IAAI8qC,GAAiB,WAAW9sC,KAAK43C,4CAC/C,CAME,KAAA70C,GACE,MAAMojB,EAAM,GAEZA,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK43C,WAC9BzxB,EAAIrjB,KAAKgU,EAAKmB,UAAUjY,KAAK6kD,UAE7B1+B,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK41C,aAE9B,MAAMhvB,EAASxK,GAAOkqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKs1C,cAO3D,OANIt1C,KAAK43C,SAAW,GAElBzxB,EAAIrjB,KAAKgU,EAAKe,YAAY+O,EAAOhlB,OAAQ,IAG3CukB,EAAIrjB,KAAK8jB,GACF9P,EAAKpV,iBAAiBykB,EACjC,CAME,YAAAuhC,CAAa9P,GACX,MAAMztC,EAAQnK,KAAKowD,iBAEbC,EAAe,IAAOzY,EACtB0Y,EAAe1Y,GAAW,EAAI,EAAI,EACxC,OAAO9gC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC4uD,IAAgBv5C,EAAKe,YAAY1N,EAAMvI,OAAQ0uD,GAAenmD,GAChH,CAME,WAAAomD,GACE,OAAO,IACX,CAME,eAAAC,GACE,OAAOxwD,KAAK6kD,OAChB,CAME,QAAA4B,GACE,OAAOzmD,KAAK4jD,KAChB,CAME,gCAAMuM,GAIJ,SAHMnwD,KAAKywD,qBACXzwD,KAAK4jD,MAAQ,IAAIF,GAEb1jD,KAAK43C,SAAW,EAClB53C,KAAK4jD,MAAMvhD,KAAKrC,KAAKkzC,YAAYlqC,SAAS,EAAG,QACxC,IAAqB,IAAjBhJ,KAAK43C,QAGd,MAAUr2C,MAAM,2BAFhBvB,KAAK4jD,MAAMvhD,KAAKrC,KAAKkzC,YAAYlqC,SAAS,GAAI,IAGpD,CACA,CAKE,wBAAMynD,GACJ,MAAMrY,EAASp4C,KAAK0nD,aAAa1nD,KAAK43C,SAEtC,GAAI53C,KAAK43C,SAAW,EAClB53C,KAAKkzC,kBAAoB92B,GAAOzO,KAAKI,OAAOqqC,OACvC,IAAqB,IAAjBp4C,KAAK43C,QAGd,MAAUr2C,MAAM,2BAFhBvB,KAAKkzC,kBAAoB92B,GAAOzO,KAAKE,KAAKuqC,EAGhD,CACA,CAME,mBAAAoO,GACE,OAAOxmD,KAAKkzC,WAChB,CAME,cAAAwd,GACE,OAAO55C,EAAK4C,gBAAgB1Z,KAAKwmD,sBACrC,CAME,oBAAAmK,CAAqBC,GACnB,OAAO5wD,KAAK43C,UAAYgZ,EAAMhZ,SAAW9gC,EAAKoE,iBAAiBlb,KAAKowD,iBAAkBQ,EAAMR,iBAChG,CAME,gBAAAS,GACE,MAAM9uD,EAAS,CAAE,EACjBA,EAAO6zC,UAAYnrC,EAAMpI,KAAKoI,EAAMsB,UAAW/L,KAAK41C,WAEpD,MAAMkb,EAAS9wD,KAAKs1C,aAAa19B,GAAK5X,KAAKs1C,aAAaloB,EAMxD,OALI0jC,EACF/uD,EAAOka,KAAOnF,EAAKmC,oBAAoB63C,GAC9B9wD,KAAKs1C,aAAa/J,MAC3BxpC,EAAO2I,MAAQ1K,KAAKs1C,aAAa/J,IAAIE,WAEhC1pC,CACX,EAOA8tD,GAAgB5vD,UAAU8wD,cAAgBlB,GAAgB5vD,UAAUoC,KAMpEwtD,GAAgB5vD,UAAUmwD,eAAiBP,GAAgB5vD,UAAU8C,MCtQrE,MAAM2lD,gBAA+B5xC,EAAK+G,wBAAwB,CAChEilC,GACAoH,GACAjC,GACA5D,KAaF,MAAM2M,GACJ,cAAWhzC,GACT,OAAOvT,EAAMkE,OAAOQ,0BACxB,CAEE,WAAAvP,GAIEI,KAAKgsD,UAAY,KAKjBhsD,KAAK8oD,QAAU,IACnB,CAEE,IAAAzmD,CAAK8H,GACHnK,KAAKgsD,UAAY7hD,CACrB,CAEE,KAAApH,GACE,OAAO/C,KAAKgsD,SAChB,CAYE,aAAM19B,CAAQ29B,EAAqBt7C,EAAKuD,EAASsD,GAE/C,IAAKtD,EAAOgB,6BACV,MAAU3T,MAAM,iCAGlB,MAAM2hB,UAAEA,GAAc9G,GAAO4G,gBAAgBipC,GACvCD,QAAkB9pC,EAAiB8kC,EAAahnD,KAAKgsD,YACrDM,QAAkBlwC,GAAOqX,KAAK3C,IAAIxC,QAAQ29B,EAAqBt7C,EACnEq7C,EAAUhjD,SAASka,EAAY,GAC/B8oC,EAAUhjD,SAAS,EAAGka,EAAY,IAGpCljB,KAAK8oD,cAAgBF,GAAWC,WAAWyD,EAAW5D,GAAgBx0C,EAC1E,CAWE,aAAM8Z,CAAQi+B,EAAqBt7C,EAAKuD,EAASsD,GAC/C,MAAM3Q,EAAO7G,KAAK8oD,QAAQ/lD,SACpBmgB,UAAEA,GAAc9G,GAAO4G,gBAAgBipC,GAEvC7yC,QAAegD,GAAO+vC,gBAAgBF,GACtCgF,QAAY70C,GAAOqX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAKyI,EAAQ,IAAI3X,WAAWyhB,GAAYhP,GACjGqb,QAAmBnT,GAAOqX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAK9J,EAAMoqD,EAAIjoD,SAAS,GAAIkL,GAClGlU,KAAKgsD,UAAYl1C,EAAKtS,OAAO,CAACysD,EAAK1hC,GACvC,ECvFA,MAAM2hC,WAA2BrB,GAC/B,cAAW7xC,GACT,OAAOvT,EAAMkE,OAAOa,YACxB,CAOE,WAAA5P,CAAYmjD,EAAM7uC,GAChBrU,MAAMkjD,EAAM7uC,EAChB,CAQE,6BAAOi9C,CAAuBC,GAC5B,MAAMnB,EAAY,IAAIiB,IAChBtZ,QAAEA,EAAOiN,QAAEA,EAAOjP,UAAEA,EAASN,aAAEA,EAAYsO,MAAEA,EAAK1Q,YAAEA,GAAgBke,EAO1E,OANAnB,EAAUrY,QAAUA,EACpBqY,EAAUpL,QAAUA,EACpBoL,EAAUra,UAAYA,EACtBqa,EAAU3a,aAAeA,EACzB2a,EAAUrM,MAAQA,EAClBqM,EAAU/c,YAAcA,EACjB+c,CACX,ECpBA,MAAMoB,GACJ,cAAWrzC,GACT,OAAOvT,EAAMkE,OAAOc,aACxB,CAEE,WAAA7P,GACEI,KAAKsxD,WAAa,EACtB,CAME,IAAAjvD,CAAK8H,GACH,IAAIrI,EAAI,EACR,KAAOA,EAAIqI,EAAMvI,QAAQ,CACvB,MAAM0rB,EAAMoe,GAAiBvhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKwrB,EAAIzU,OAET7Y,KAAKsxD,WAAWxuD,KAAKgU,EAAKoD,mBAAmB/P,EAAMnB,SAASlH,EAAGA,EAAIwrB,EAAIA,OACvExrB,GAAKwrB,EAAIA,GACf,CACA,CAME,KAAAvqB,GACE,MAAMojB,EAAM,GACZ,IAAK,IAAIrkB,EAAI,EAAGA,EAAI9B,KAAKsxD,WAAW1vD,OAAQE,IAC1CqkB,EAAIrjB,KAAK6oC,GAAkB3rC,KAAKsxD,WAAWxvD,GAAGF,SAC9CukB,EAAIrjB,KAAKgU,EAAKgD,mBAAmB9Z,KAAKsxD,WAAWxvD,KAEnD,OAAOgV,EAAKpV,iBAAiBykB,EACjC,CAOE,MAAAw9B,CAAO4N,GACL,SAAKA,GAAaA,aAAmBF,KAG9BrxD,KAAKsxD,WAAWh1B,OAAM,SAASk1B,EAAMr0C,GAC1C,OAAOq0C,IAASD,EAAQD,WAAWn0C,EACzC,GACA,ECvDA,MAAMs0C,WAAwB5B,GAC5B,cAAW7xC,GACT,OAAOvT,EAAMkE,OAAOK,SACxB,CAME,WAAApP,CAAYmjD,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACtC3X,MAAMkjD,EAAM7uC,GAIZlU,KAAK0xD,YAAc,KAInB1xD,KAAK2xD,YAAc,KAKnB3xD,KAAK4xD,SAAW,EAKhB5xD,KAAKyL,IAAM,KAKXzL,KAAK6M,UAAY,KAKjB7M,KAAKsO,KAAO,KASZtO,KAAK6xD,aAAe,KAKpB7xD,KAAKi2C,cAAgB,KAOrBj2C,KAAK8xD,eAAiB,IAC1B,CAUE,UAAMzvD,CAAK8H,EAAO+J,EAASsD,GAEzB,IAAI1V,QAAU9B,KAAK+wD,cAAc5mD,EAAO+J,GACxC,MAAM69C,EAAuBjwD,EAM7B9B,KAAK4xD,SAAWznD,EAAMrI,KAID,IAAjB9B,KAAK43C,SACP91C,IAOmB,IAAjB9B,KAAK43C,SAAiB53C,KAAK4xD,UAC7B9vD,IAGF,IAGE,GAAsB,MAAlB9B,KAAK4xD,UAAsC,MAAlB5xD,KAAK4xD,UAAsC,MAAlB5xD,KAAK4xD,SAAkB,CAC3E5xD,KAAK6M,UAAY1C,EAAMrI,KAID,MAAlB9B,KAAK4xD,WACP5xD,KAAKsO,KAAOnE,EAAMrI,MAKC,IAAjB9B,KAAK43C,SACP91C,IAMF,MAAM8S,EAAUzK,EAAMrI,KAItB,GAHA9B,KAAKyL,IAAM8sC,GAAe3jC,GAC1B9S,GAAK9B,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAErB,cAAlB5B,KAAKyL,IAAIwI,KACX,MAEV,MAAiBjU,KAAK4xD,WACd5xD,KAAK6M,UAAY7M,KAAK4xD,UAIpB5xD,KAAK4xD,WAMP5xD,KAAK6xD,aAAiC,MAAlB7xD,KAAK4xD,WACN,IAAjB5xD,KAAK43C,SAAmC,IAAjB53C,KAAK43C,SAAiB1jC,EAAOK,kCAMhC,MAAlBvU,KAAK4xD,UAAoB5xD,KAAK6xD,cAChC7xD,KAAKyvB,GAAKtlB,EAAMnB,SACdlH,EACAA,EAAIsa,GAAO4G,gBAAgBhjB,KAAK6M,WAAWqW,WAE7CljB,KAAK8xD,gBAAiB,IAKtB9xD,KAAKyvB,GAAKtlB,EAAMnB,SACdlH,EACAA,EAAIsa,GAAOuwC,YAAY3sD,KAAKsO,MAAMkoB,UAGpCx2B,KAAK8xD,gBAAiB,GAGxBhwD,GAAK9B,KAAKyvB,GAAG7tB,OAEhB,CAAC,MAAOsC,GAEP,IAAKlE,KAAK4xD,SAAU,MAAM1tD,EAC1BlE,KAAKgyD,uBAAyB7nD,EAAMnB,SAAS+oD,GAC7C/xD,KAAK2xD,aAAc,CACzB,CAcI,GAVqB,IAAjB3xD,KAAK43C,UACP91C,GAAK,GAMP9B,KAAK0xD,YAAcvnD,EAAMnB,SAASlH,GAClC9B,KAAK2xD,cAAgB3xD,KAAK4xD,UAErB5xD,KAAK2xD,YAAa,CACrB,IAAIM,EACJ,GAAqB,IAAjBjyD,KAAK43C,QACPqa,EAAYjyD,KAAK0xD,iBAGjB,GADAO,EAAYjyD,KAAK0xD,YAAY1oD,SAAS,GAAI,IACrC8N,EAAKoE,iBAAiBpE,EAAKuE,cAAc42C,GAAYjyD,KAAK0xD,YAAY1oD,UAAU,IACnF,MAAUzH,MAAM,yBAGpB,IACE,MAAMc,KAAEA,EAAI4zC,cAAEA,GAAkB75B,GAAO81C,sBAAsBlyD,KAAK41C,UAAWqc,EAAWjyD,KAAKs1C,cAC7F,GAAIjzC,EAAO4vD,EAAUrwD,OACnB,MAAUL,MAAM,sBAElBvB,KAAKi2C,cAAgBA,CACtB,CAAC,MAAO3f,GACP,GAAIA,aAAewW,GAAkB,MAAMxW,EAE3C,MAAU/0B,MAAM,qBACxB,CACA,CACA,CAME,KAAAwB,GACE,MAAMovD,EAAsBnyD,KAAKowD,iBACjC,GAAIpwD,KAAKgyD,uBACP,OAAOl7C,EAAKpV,iBAAiB,CAC3BywD,EACAnyD,KAAKgyD,yBAIT,MAAM7rC,EAAM,CAACgsC,GACbhsC,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK4xD,YAE9B,MAAMQ,EAAoB,GAG1B,GAAsB,MAAlBpyD,KAAK4xD,UAAsC,MAAlB5xD,KAAK4xD,UAAsC,MAAlB5xD,KAAK4xD,SAAkB,CAC3EQ,EAAkBtvD,KAAK9C,KAAK6M,WAIN,MAAlB7M,KAAK4xD,UACPQ,EAAkBtvD,KAAK9C,KAAKsO,MAG9B,MAAM7C,EAAMzL,KAAKyL,IAAI1I,QAIA,IAAjB/C,KAAK43C,SACPwa,EAAkBtvD,KAAK2I,EAAI7J,QAM7BwwD,EAAkBtvD,QAAQ2I,EAChC,CA6BI,OAxBIzL,KAAK4xD,UAA8B,cAAlB5xD,KAAKyL,IAAIwI,MAC5Bm+C,EAAkBtvD,QAAQ9C,KAAKyvB,KAGZ,IAAjBzvB,KAAK43C,SAAmC,IAAjB53C,KAAK43C,SAAiB53C,KAAK4xD,WACpDzrC,EAAIrjB,KAAK,IAAIrB,WAAW,CAAC2wD,EAAkBxwD,UAE7CukB,EAAIrjB,KAAK,IAAIrB,WAAW2wD,IAEnBpyD,KAAKqyD,YACHryD,KAAK4xD,WACR5xD,KAAK0xD,YAAct1C,GAAOkqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKi2C,gBAG5C,IAAjBj2C,KAAK43C,SACPzxB,EAAIrjB,KAAKgU,EAAKe,YAAY7X,KAAK0xD,YAAY9vD,OAAQ,IAErDukB,EAAIrjB,KAAK9C,KAAK0xD,aAET1xD,KAAK4xD,UAA6B,IAAjB5xD,KAAK43C,SACzBzxB,EAAIrjB,KAAKgU,EAAKuE,cAAcrb,KAAK0xD,eAI9B56C,EAAKpV,iBAAiBykB,EACjC,CAOE,WAAAoqC,GACE,OAA4B,IAArBvwD,KAAK2xD,WAChB,CAUE,0BAAAW,GACE,YAAuClwD,IAAhCpC,KAAKgyD,wBAAwChyD,KAAKqyD,SAC7D,CAME,OAAAA,GACE,SAAUryD,KAAKyL,KAAyB,cAAlBzL,KAAKyL,IAAIwI,KACnC,CAOE,SAAAs+C,CAAUr+C,EAASsD,GACbxX,KAAKqyD,YAGLryD,KAAKuwD,eACPvwD,KAAKwyD,4BAEAxyD,KAAKgyD,uBACZhyD,KAAK2xD,YAAc,KACnB3xD,KAAK0xD,YAAc,KACnB1xD,KAAKyL,IAAM8sC,GAAe9tC,EAAMgB,IAAIK,IAAKoI,GACzClU,KAAKyL,IAAImqC,UAAY,EACrB51C,KAAKyL,IAAI2X,EAAI,EACbpjB,KAAKyL,IAAIwI,KAAO,YAChBjU,KAAK4xD,SAAW,IAChB5xD,KAAK6M,UAAYpC,EAAMoC,UAAUO,OACjCpN,KAAK6xD,aAAe,KACpB7xD,KAAK8xD,eAAiB,KAC1B,CAYE,aAAM9jC,CAAQwpB,EAAYtjC,EAASsD,GACjC,GAAIxX,KAAKqyD,UACP,OAGF,IAAKryD,KAAKuwD,cACR,MAAUhvD,MAAM,mCAGlB,IAAKi2C,EACH,MAAUj2C,MAAM,0DAGlBvB,KAAKyL,IAAM+sC,GAAiBtkC,GAC5BlU,KAAKyL,IAAI6rC,eACT,MAAM2a,EAAY71C,GAAOkqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKi2C,eAC9Dj2C,KAAK6M,UAAYpC,EAAMoC,UAAUO,OAEjC,MAAM8V,UAAEA,GAAc9G,GAAO4G,gBAAgBhjB,KAAK6M,WAElD,GAAIqH,EAAOI,YAAa,CACtBtU,KAAK4xD,SAAW,IAChB5xD,KAAKsO,KAAO4F,EAAOM,uBACnB,MAAMif,EAAOrX,GAAOuwC,YAAY3sD,KAAKsO,MACrCtO,KAAK6xD,aAAgC,IAAjB7xD,KAAK43C,QACzB53C,KAAK8xD,gBAAkB9xD,KAAK6xD,aAE5B,MAAMY,EAAsB3mB,GAAS9rC,KAAKJ,YAAYoe,KAChDrN,QAAY+hD,GAAqB1yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,UAAW7M,KAAKsO,KAAMmkD,EAAqBzyD,KAAK6xD,cAE1HpE,QAAqBh6B,EAAKzzB,KAAK6M,UAAW8D,GAChD3Q,KAAKyvB,GAAKzvB,KAAK6xD,aAAez1C,GAAOy6B,OAAOhb,eAAe3Y,GAAa9G,GAAOy6B,OAAOhb,eAAepI,EAAK+C,UAC1G,MAAMm8B,EAAgB3yD,KAAK6xD,aACzB,IAAIpwD,WACJqV,EAAKpV,iBAAiB,CAAC+wD,EAAqBzyD,KAAKowD,mBAEnDpwD,KAAK0xD,kBAAoBjE,EAAaz/B,QAAQikC,EAAWjyD,KAAKyvB,GAAGzmB,SAAS,EAAGyqB,EAAK+C,UAAWm8B,EACnG,KAAW,CACL3yD,KAAK4xD,SAAW,IAChB5xD,KAAK8xD,gBAAiB,EACtB,MAAMnhD,QAAY+hD,GAAqB1yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,WAChF7M,KAAKyvB,GAAKrT,GAAOy6B,OAAOhb,eAAe3Y,GACvCljB,KAAK0xD,kBAAoBt1C,GAAOqX,KAAK3C,IAAI9C,QAAQhuB,KAAK6M,UAAW8D,EAAKmG,EAAKpV,iBAAiB,CAC1FuwD,QACM71C,GAAOzO,KAAKE,KAAKokD,EAAW/9C,KAChClU,KAAKyvB,GAAIvb,EACnB,CACA,CAWE,aAAMoa,CAAQkpB,GACZ,GAAIx3C,KAAKqyD,UACP,OAAO,EAGT,GAAIryD,KAAKgyD,uBACP,MAAUzwD,MAAM,kEAGlB,GAAIvB,KAAKuwD,cACP,MAAUhvD,MAAM,oCAGlB,IAAIoP,EACJ,MAAM8hD,EAAsB3mB,GAAS9rC,KAAKJ,YAAYoe,KACtD,GAAsB,MAAlBhe,KAAK4xD,UAAsC,MAAlB5xD,KAAK4xD,SAG3B,MAAsB,MAAlB5xD,KAAK4xD,SACJrwD,MAAM,0EAENA,MAAM,yEAGlB,IAAI0wD,EACJ,GATEthD,QAAY+hD,GACV1yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,UAAW7M,KAAKsO,KAAMmkD,EAAqBzyD,KAAK6xD,cAQvE,MAAlB7xD,KAAK4xD,SAAkB,CACzB,MAAMn+B,EAAOrX,GAAOuwC,YAAY3sD,KAAKsO,MAC/Bm/C,QAAqBh6B,EAAKzzB,KAAK6M,UAAW8D,GAChD,IACE,MAAMgiD,EAAgB3yD,KAAK6xD,aACzB,IAAIpwD,WACJqV,EAAKpV,iBAAiB,CAAC+wD,EAAqBzyD,KAAKowD,mBACnD6B,QAAkBxE,EAAan/B,QAAQtuB,KAAK0xD,YAAa1xD,KAAKyvB,GAAGzmB,SAAS,EAAGyqB,EAAK+C,UAAWm8B,EAC9F,CAAC,MAAOr8B,GACP,GAAoB,gCAAhBA,EAAI/iB,QACN,MAAUhS,MAAM,6BAA+B+0B,EAAI/iB,SAErD,MAAM+iB,CACd,CACA,KAAW,CACL,MAAMs8B,QAA0Bx2C,GAAOqX,KAAK3C,IAAIxC,QAAQtuB,KAAK6M,UAAW8D,EAAK3Q,KAAK0xD,YAAa1xD,KAAKyvB,IAEpGwiC,EAAYW,EAAkB5pD,SAAS,GAAI,IAC3C,MAAM2E,QAAayO,GAAOzO,KAAKE,KAAKokD,GAEpC,IAAKn7C,EAAKoE,iBAAiBvN,EAAMilD,EAAkB5pD,UAAU,KAC3D,MAAUzH,MAAM,2BAExB,CAEI,IACE,MAAM00C,cAAEA,GAAkB75B,GAAO81C,sBAAsBlyD,KAAK41C,UAAWqc,EAAWjyD,KAAKs1C,cACvFt1C,KAAKi2C,cAAgBA,CACtB,CAAC,MAAO3f,GACP,MAAU/0B,MAAM,qBACtB,CACIvB,KAAK2xD,aAAc,EACnB3xD,KAAK0xD,YAAc,KACnB1xD,KAAK4xD,SAAW,EAChB5xD,KAAKsO,KAAO,KACZtO,KAAK6M,UAAY,KACjB7M,KAAK6xD,aAAe,IACxB,CAOE,cAAMgB,GACJ,GAAI7yD,KAAKqyD,UACP,OAGF,IAAKryD,KAAKuwD,cACR,MAAUhvD,MAAM,wBAGlB,GAAIvB,KAAK8xD,eAEP,OAGF,IAAIgB,EACJ,IAEEA,QAAoB12C,GAAOu6B,eAAe32C,KAAK41C,UAAW51C,KAAKs1C,aAAct1C,KAAKi2C,cACnF,CAAC,MAAO/pB,GACP4mC,GAAc,CACpB,CACI,IAAKA,EACH,MAAUvxD,MAAM,iBAEtB,CAEE,cAAM4rC,CAASlxB,EAAMvR,GAGnB,GAAqB,IAAjB1K,KAAK43C,UACN53C,KAAK41C,YAAcnrC,EAAMsB,UAAUM,MAAQ3B,IAAUD,EAAMC,MAAMU,kBAClEpL,KAAK41C,YAAcnrC,EAAMsB,UAAUQ,aAEnC,MAAUhL,MAAM,oDAAoDmJ,kDAEtE,MAAMurC,cAAEA,EAAaX,aAAEA,SAAuBl5B,GAAO22C,eAAe/yD,KAAK41C,UAAW35B,EAAMvR,GAC1F1K,KAAKi2C,cAAgBA,EACrBj2C,KAAKs1C,aAAeA,EACpBt1C,KAAK2xD,aAAc,CACvB,CAKE,kBAAAa,GACMxyD,KAAKsyD,+BAITxyD,OAAO42C,KAAK12C,KAAKi2C,eAAeh0C,SAAQgG,IACxBjI,KAAKi2C,cAAchuC,GAC3Byf,KAAK,UACJ1nB,KAAKi2C,cAAchuC,EAAK,IAEjCjI,KAAKi2C,cAAgB,KACrBj2C,KAAK2xD,aAAc,EACvB,EAcArvD,eAAeowD,GAAqBM,EAAYvnD,EAAK+rC,EAAY94B,EAAYu0C,EAAUR,EAAqBZ,GAC1G,GAAiB,WAAbpmD,EAAIwI,OAAsBg/C,EAC5B,MAAU1xD,MAAM,gDAElB,GAAiB,WAAbkK,EAAIwI,MAAoC,IAAf++C,EAC3B,MAAUzxD,MAAM,uDAElB,MAAM0hB,QAAEA,GAAY7G,GAAO4G,gBAAgBtE,GACrCw0C,QAAmBznD,EAAI8rC,WAAWC,EAAYv0B,GACpD,IAAKgwC,GAA2B,IAAfD,GAAoBnB,EACnC,OAAOqB,EAET,MAAMtkB,EAAO93B,EAAKpV,iBAAiB,CACjC+wD,EACA,IAAIhxD,WAAW,CAACuxD,EAAYt0C,EAAYu0C,MAE1C,OAAOxkB,GAAYhkC,EAAMkD,KAAKI,OAAQmlD,EAAY,IAAIzxD,WAAcmtC,EAAM3rB,EAC5E,CC5iBA,MAAMkwC,GACJ,cAAWn1C,GACT,OAAOvT,EAAMkE,OAAOY,MACxB,CAEE,WAAA3P,GAKEI,KAAKuP,OAAS,GAEdvP,KAAKiI,KAAO,GACZjI,KAAKozD,MAAQ,GACbpzD,KAAKqzD,QAAU,EACnB,CAQE,iBAAO1d,CAAWpmC,GAChB,GAAIuH,EAAKC,SAASxH,IACfA,EAAOtH,OAAS6O,EAAKC,SAASxH,EAAOtH,OACrCsH,EAAO6jD,QAAUt8C,EAAKiG,eAAexN,EAAO6jD,QAC5C7jD,EAAO8jD,UAAYv8C,EAAKC,SAASxH,EAAO8jD,SACzC,MAAU9xD,MAAM,0BAElB,MAAMoN,EAAS,IAAIwkD,GACnBrzD,OAAO+mB,OAAOlY,EAAQY,GACtB,MAAM+jD,EAAa,GAKnB,OAJI3kD,EAAO1G,MAAMqrD,EAAWxwD,KAAK6L,EAAO1G,MACpC0G,EAAO0kD,SAASC,EAAWxwD,KAAK,IAAI6L,EAAO0kD,YAC3C1kD,EAAOykD,OAAOE,EAAWxwD,KAAK,IAAI6L,EAAOykD,UAC7CzkD,EAAOY,OAAS+jD,EAAW5wD,KAAK,KACzBiM,CACX,CAME,IAAAtM,CAAK8H,EAAO+J,EAASsD,GACnB,MAAMjI,EAASuH,EAAK8D,WAAWzQ,GAC/B,GAAIoF,EAAO3N,OAASsS,EAAOiC,gBACzB,MAAU5U,MAAM,8BAYlB,MACMgyD,EADK,qEACQC,KAAKjkD,GACxB,GAAgB,OAAZgkD,EAAkB,CACpB,MAAMtrD,KAAEA,EAAIorD,QAAEA,EAAOD,MAAEA,GAAUG,EAAQE,OACzCzzD,KAAKqzD,QAAUA,GAAS9zC,QAAQ,cAAe,IAAIm0C,QAAU,GAC7D1zD,KAAKiI,KAAOA,GAAMyrD,QAAU,GAC5B1zD,KAAKozD,MAAQA,EAAMhuC,UAAU,EAAGguC,EAAMxxD,OAAS,EAChD,KAAU,oBAAoBob,KAAKzN,KAClCvP,KAAKozD,MAAQ7jD,GAGfvP,KAAKuP,OAASA,CAClB,CAME,KAAAxM,GACE,OAAO+T,EAAKyD,WAAWva,KAAKuP,OAChC,CAEE,MAAAo0C,CAAOgQ,GACL,OAAOA,GAAeA,EAAYpkD,SAAWvP,KAAKuP,MACtD,ECvFA,MAAMqkD,WAA2BnC,GAC/B,cAAWzzC,GACT,OAAOvT,EAAMkE,OAAOM,YACxB,CAME,WAAArP,CAAYmjD,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACtC3X,MAAMkjD,EAAM7uC,EAChB,ECbA,MAAMw0C,gBAA+B5xC,EAAK+G,wBAAwB,CAACwmC,KAK5D,MAAMwP,GAIX,WAAAj0D,CAAYk0D,GACV9zD,KAAK8oD,QAAUgL,GAAc,IAAIlL,EACrC,CAME,KAAA7lD,GACE,OAAO/C,KAAK8oD,QAAQ/lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASsD,GAEb,MAAM8K,EAAetiB,KAAK8oD,QAAQpkD,MAAKiK,GAAUA,EAAO/O,YAAYoe,MAAQqmC,GAAgBrmC,KAA0B,IAAnBrP,EAAOipC,UAC1G,OAAOzkC,GAAM1I,EAAM0I,MAAMtE,UAAW7O,KAAK+C,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACrG,CAME,gBAAA6/C,GACE,OAAO/zD,KAAK8oD,QAAQnkD,KAAIgK,GAAUA,EAAOgD,aAC7C,EC/COrP,eAAe0xD,GAAqBluD,EAASoO,GAClD,MAAMk9C,EAAqB,IAAIwC,GAAmB9tD,EAAQi9C,KAAM7uC,GAKhE,OAJAk9C,EAAmBtI,QAAU,KAC7BsI,EAAmBxb,UAAYnrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ8vC,iBAC9Dwb,EAAmBjkB,SAASrnC,EAAQmuD,QAASnuD,EAAQ4E,aACrD0mD,EAAmBjB,6BAClBiB,CACT,CAEO9uD,eAAe4xD,GAAkBpuD,EAASoO,GAC/C,MAAM87C,EAAkB,IAAIyB,GAAgB3rD,EAAQi9C,KAAM7uC,GAK1D,OAJA87C,EAAgBlH,QAAU,KAC1BkH,EAAgBpa,UAAYnrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ8vC,iBAC3Doa,EAAgB7iB,SAASrnC,EAAQmuD,QAASnuD,EAAQ4E,MAAO5E,EAAQoO,cACjE87C,EAAgBG,6BACfH,CACT,CAaO1tD,eAAe6xD,GAAwBC,EAAYroD,EAAWu4C,EAAe+P,EAActR,EAAO,IAAI/qC,KAAQ9D,GACnH,IAAIogD,EACAn2C,EACJ,IAAK,IAAIrc,EAAIsyD,EAAWxyD,OAAS,EAAGE,GAAK,EAAGA,IAC1C,MAEMwyD,GAAeF,EAAWtyD,GAAG+iD,SAAWyP,EAAYzP,iBAEhDuP,EAAWtyD,GAAG6+B,OAAO50B,EAAWu4C,EAAe+P,EAActR,OAAM3gD,EAAW8R,GACpFogD,EAAcF,EAAWtyD,GAE5B,CAAC,MAAOoC,GACPia,EAAYja,CAClB,CAEE,IAAKowD,EACH,MAAMx9C,EAAK8G,UACT,wBAAwBnT,EAAMpI,KAAKoI,EAAMoE,UAAWy1C,uBAAmCv4C,EAAU06C,WAAWjb,UACzGjsB,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAAC2M,EAAGqoC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3Dt2C,GAEJ,OAAOm2C,CACT,CAEO,SAASI,GAAczE,EAAWphD,EAAWk0C,EAAO,IAAI/qC,MAC7D,MAAM6vC,EAAW/wC,EAAKwB,cAAcyqC,GACpC,GAAiB,OAAb8E,EAAmB,CACrB,MAAM8M,EAAiBC,GAAqB3E,EAAWphD,GACvD,QAASohD,EAAUpL,SAAWgD,GAAYA,EAAW8M,EACzD,CACE,OAAO,CACT,CASOryD,eAAeuyD,GAAuBC,EAAQC,EAAYjvD,EAASoO,GACxE,MAAM8gD,EAAa,CAAE,EACrBA,EAAWrkD,IAAMokD,EACjBC,EAAWrxD,KAAOmxD,EAClB,MAAMG,EAAsB,CAAE3Q,cAAe75C,EAAMoE,UAAU4B,eACzD3K,EAAQs6B,MACV60B,EAAoB9iD,SAAW,CAAC1H,EAAM0H,SAASU,UAC/CoiD,EAAoBziD,wBAA0B0iD,GAAsBF,EAAY,GAAIF,EAAQ,CAC1FxQ,cAAe75C,EAAMoE,UAAU6B,YAC9B5K,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,IAElD+gD,EAAoB9iD,SAAW,CAAC1H,EAAM0H,SAASW,qBAAuBrI,EAAM0H,SAASY,gBAEnFjN,EAAQyL,kBAAoB,IAC9B0jD,EAAoB1jD,kBAAoBzL,EAAQyL,kBAChD0jD,EAAoB/P,iBAAkB,GAGxC,aADoCgQ,GAAsBF,EAAY,GAAID,EAAYE,EAAqBnvD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,EAE5J,CAwKO5R,eAAe4yD,GAAsBF,EAAYG,EAAeC,EAAkBH,EAAqBlS,EAAMsS,EAAkB9P,EAAY,GAAIza,GAAW,EAAO52B,GACtK,GAAIkhD,EAAiB/C,UACnB,MAAU9wD,MAAM,qCAElB,IAAK6zD,EAAiB7E,cACpB,MAAUhvD,MAAM,iCAElB,MAAM4mD,EAAkB,IAAI9D,GAM5B,OALAvkD,OAAO+mB,OAAOshC,EAAiB8M,GAC/B9M,EAAgB3D,mBAAqB4Q,EAAiBxf,UACtDuS,EAAgB5D,oBAtKXjiD,eAAoCgzD,EAAYF,EAAkBrS,EAAO,IAAI/qC,KAAQu9C,EAAgB,GAAIrhD,GAO9G,MAAMshD,EAAc/qD,EAAMkD,KAAKI,OACzB0nD,EAAsBvhD,EAAOC,uBAE7BuhD,QAAgCx1D,QAAQ4E,IAAIwwD,EAAW3wD,KAAIrC,MAAOqO,EAAK7O,WAC3C6O,EAAIglD,wBAAwB5S,EAAMwS,EAAczzD,GAAIoS,IAC9CrC,2BAGlC+jD,EAAoB,IAAIC,IAC9B,IAAK,MAAMC,KAAkBJ,EAC3B,IAAK,MAAMx1B,KAAY41B,EACrB,IAEE,MAAMC,EAAgBtrD,EAAM1H,MAAM0H,EAAMkD,KAAMuyB,GAC9C01B,EAAkBzzD,IAChB4zD,EACAH,EAAkB5xD,IAAI+xD,GAAiBH,EAAkBztD,IAAI4tD,GAAiB,EAAI,EAE5F,CAAQ,MAAM,CAGZ,MAAMC,EAAsB91B,GAAkC,IAAtBo1B,EAAW1zD,QAAgBg0D,EAAkBztD,IAAI+3B,KAAco1B,EAAW1zD,QAAUs+B,IAAas1B,EACnIS,EAAgC,KACpC,GAA+B,IAA3BL,EAAkBlI,KACpB,OAAO8H,EAET,MAGMU,EAHkBv2D,MAAM6gB,KAAKo1C,EAAkBlf,QAClDnsC,QAAO21B,GAAY81B,EAAoB91B,KACvCgb,MAAK,CAACib,EAAOC,IAAUh6C,GAAOzO,KAAK4X,kBAAkB4wC,GAAS/5C,GAAOzO,KAAK4X,kBAAkB6wC,KACrD,GAE1C,OAAOh6C,GAAOzO,KAAK4X,kBAAkB2wC,IAAsB95C,GAAOzO,KAAK4X,kBAAkBiwC,GAAeU,EAAoBV,CAAW,EAUzI,GAPiB,IAAI7/C,IAAI,CACvBlL,EAAMsB,UAAUO,MAChB7B,EAAMsB,UAAUQ,YAChB9B,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUa,QAGL5I,IAAIoxD,EAAiBxf,WAAY,CAS5C,MAAMygB,EAAqBj6C,GAAOk6C,0BAA0BlB,EAAiBxf,UAAWwf,EAAiB9f,aAAa/J,KAEhHgrB,EAAiCP,EAAoBP,GACrDe,EAA2Cp6C,GAAOzO,KAAK4X,kBAAkBkwC,IAAwBr5C,GAAOzO,KAAK4X,kBAAkB8wC,GAErI,GAAIE,GAAkCC,EACpC,OAAOf,EACF,CACL,MAAMgB,EAAyBR,IAC/B,OAAO75C,GAAOzO,KAAK4X,kBAAkBkxC,IAA2Br6C,GAAOzO,KAAK4X,kBAAkB8wC,GAC5FI,EACAJ,CACR,CACA,CAIE,OAAOL,EAAoBP,GAAuBA,EAAsBQ,GAC1E,CA2FwCxoB,CAAqB0nB,EAAeC,EAAkBrS,EAAMsS,EAAkBnhD,GACpHi0C,EAAgB7C,aAAe,IAAIC,SAC7B4C,EAAgB/nB,KAAKg1B,EAAkBJ,EAAYjS,EAAMjY,EAAU52B,GAClEi0C,CACT,CAUO7lD,eAAeo0D,GAAgBC,EAAQC,EAAMpF,EAAMzO,EAAO,IAAI/qC,KAAQ6+C,IAC3EF,EAASA,EAAOnF,MAEToF,EAAKpF,GAAM5vD,aAGR1B,QAAQ4E,IAAI6xD,EAAOhyD,KAAIrC,eAAew0D,GACrCA,EAAU9O,UAAUjF,IAAW8T,UAAiBA,EAAQC,IACxDF,EAAKpF,GAAM9sD,MAAK,SAASqyD,GACxB,OAAOjgD,EAAKoE,iBAAiB67C,EAAQ3Q,cAAe0Q,EAAU1Q,cAC5E,KACUwQ,EAAKpF,GAAM1uD,KAAKg0D,EAE1B,KATMF,EAAKpF,GAAQmF,EAYnB,CAkBOr0D,eAAe00D,GAAcjC,EAAYzQ,EAAe+P,EAAc4C,EAAapoD,EAAW8B,EAAKoyC,EAAO,IAAI/qC,KAAQ9D,GAC3HvD,EAAMA,GAAOokD,EACb,MAAMmC,EAAmB,GA8BzB,aA7BMh3D,QAAQ4E,IAAImyD,EAAYtyD,KAAIrC,eAAe60D,GAC/C,IACE,IASGtoD,GAAasoD,EAAoBxlD,YAAYgyC,OAAO90C,EAAU8C,aAC/D,CACA,MAAMylD,GAAoB,CACxB3sD,EAAM4H,oBAAoBuB,WAC1BnJ,EAAM4H,oBAAoBqB,cAC1BjJ,EAAM4H,oBAAoBwB,eAC1BsL,SAASg4C,EAAoB1R,+BAEzB0R,EAAoBx2B,OACxBhwB,EAAK2zC,EAAe+P,EAAc+C,EAAmB,KAAOrU,GAAM,EAAO7uC,GAI3EgjD,EAAiBp0D,KAAKq0D,EAAoBxlD,YAClD,CACK,CAAC,MAAOzN,GAAG,CAChB,KAEM2K,GACFA,EAAUk3C,UAAUmR,EAAiBxyD,MAAKk/C,GAASA,EAAMD,OAAO90C,EAAU8C,iBACxE9C,EAAUk3C,UAAW,GAChBl3C,EAAUk3C,SAEZmR,EAAiBt1D,OAAS,CACnC,CASO,SAASgzD,GAAqB3E,EAAWphD,GAC9C,IAAI8lD,EAKJ,OAHkC,IAA9B9lD,EAAUq2C,kBACZyP,EAAiB1E,EAAUpL,QAAQxsC,UAA0C,IAA9BxJ,EAAU0C,mBAEpDojD,EAAiB,IAAI38C,KAAK28C,GAAkBpsD,GACrD,CAEO,SAAS8uD,GAAmBvxD,EAASwxD,EAAiB,IAU3D,OATAxxD,EAAQmO,KAAOnO,EAAQmO,MAAQqjD,EAAerjD,KAC9CnO,EAAQ4E,MAAQ5E,EAAQ4E,OAAS4sD,EAAe5sD,MAChD5E,EAAQmuD,QAAUnuD,EAAQmuD,SAAWqD,EAAerD,QACpDnuD,EAAQyL,uBAAkDnP,IAA9B0D,EAAQyL,kBAAkCzL,EAAQyL,kBAAoB+lD,EAAe/lD,kBACjHzL,EAAQ0xC,WAAa1gC,EAAKC,SAASjR,EAAQ0xC,YAAc1xC,EAAQ0xC,WAAa8f,EAAe9f,WAC7F1xC,EAAQi9C,KAAOj9C,EAAQi9C,MAAQuU,EAAevU,KAE9Cj9C,EAAQs6B,KAAOt6B,EAAQs6B,OAAQ,EAEvBt6B,EAAQmO,MACd,IAAK,MACH,IACEnO,EAAQ4E,MAAQD,EAAM1H,MAAM0H,EAAMC,MAAO5E,EAAQ4E,MAClD,CAAC,MAAOxG,GACP,MAAU3C,MAAM,gBACxB,CACUuE,EAAQ4E,QAAUD,EAAMC,MAAMQ,eAAiBpF,EAAQ4E,QAAUD,EAAMC,MAAMU,kBAC7D,YAAlBtF,EAAQ4E,OAAyC,eAAlB5E,EAAQ4E,QACvC5E,EAAQ4E,MAAQ5E,EAAQs6B,KAAO31B,EAAMC,MAAMQ,cAAgBT,EAAMC,MAAMU,kBAErEtF,EAAQs6B,KACVt6B,EAAQ8vC,UAAY9vC,EAAQ4E,QAAUD,EAAMC,MAAMQ,cAAgBT,EAAMsB,UAAUQ,YAAc9B,EAAMsB,UAAUO,MAEhHxG,EAAQ8vC,UAAYnrC,EAAMsB,UAAUM,KAEtC,MACF,IAAK,aACHvG,EAAQ8vC,UAAY9vC,EAAQs6B,KAAO31B,EAAMsB,UAAUZ,QAAUV,EAAMsB,UAAUW,OAC7E,MACF,IAAK,WACH5G,EAAQ8vC,UAAY9vC,EAAQs6B,KAAO31B,EAAMsB,UAAUa,MAAQnC,EAAMsB,UAAUY,KAC3E,MACF,IAAK,MACH7G,EAAQ8vC,UAAYnrC,EAAMsB,UAAUC,eACpC,MACF,QACE,MAAUzK,MAAM,wBAAwBuE,EAAQmO,MAEpD,OAAOnO,CACT,CAEO,SAASyxD,GAAyBtH,EAAWphD,EAAWqF,GAC7D,OAAQ+7C,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,IAAKiC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,UAC5C,QACE,OAAO,EAEb,CAEO,SAAS2kD,GAA4BvH,EAAWphD,EAAWqF,GAChE,OAAQ+7C,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,IAAKkC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,gBAC5C,QACE,OAAO,EAEb,CAEO,SAAS0kD,GAA4BxH,EAAWphD,EAAWqF,GAChE,IAAKrF,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAGlB,OAAQ0uD,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAEnB,WADiCkC,EAAUsD,aAAatD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,aAChEqB,EAAOoB,2CAK9BzG,EAAUsD,aACjBtD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,iBAE1C,QACE,OAAO,EAEb,CASO,SAAS2kD,GAAqBzH,EAAW/7C,GAC9C,MAAMoiC,EAAU7rC,EAAM1H,MAAM0H,EAAMsB,UAAWkkD,EAAUra,WACjD+hB,EAAW1H,EAAUY,mBAC3B,GAAI38C,EAAOuC,0BAA0BzS,IAAIsyC,GACvC,MAAU/0C,MAASo2D,EAAS/hB,UAAZ,kCAElB,OAAQU,GACN,KAAK7rC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUE,WACnB,GAAI0rD,EAAS17C,KAAO/H,EAAOkB,WACzB,MAAU7T,MAAM,yBAAyB2S,EAAOkB,4CAElD,MACF,KAAK3K,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUM,KACnB,GAAI6H,EAAOwC,aAAa1S,IAAI2zD,EAASjtD,OACnC,MAAUnJ,MAAM,eAAeo2D,EAAS/hB,8BAA8B+hB,EAASjtD,sBAMvF,CC7fA,MAAMktD,GACJ,WAAAh4D,CAAYi4D,EAAYC,GACtB93D,KAAKuP,OAASsoD,EAAWj4D,YAAYoe,MAAQvT,EAAMkE,OAAOY,OAASsoD,EAAa,KAChF73D,KAAKyP,cAAgBooD,EAAWj4D,YAAYoe,MAAQvT,EAAMkE,OAAOc,cAAgBooD,EAAa,KAC9F73D,KAAK+3D,mBAAqB,GAC1B/3D,KAAKg4D,oBAAsB,GAC3Bh4D,KAAKi4D,qBAAuB,GAC5Bj4D,KAAK83D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMpE,EAAa,IAAIlL,GAKvB,OAJAkL,EAAWhxD,KAAK9C,KAAKuP,QAAUvP,KAAKyP,eACpCqkD,EAAWhxD,QAAQ9C,KAAKi4D,sBACxBnE,EAAWhxD,QAAQ9C,KAAK+3D,oBACxBjE,EAAWhxD,QAAQ9C,KAAKg4D,qBACjBlE,CACX,CAME,KAAAlxD,GACE,MAAMu1D,EAAO,IAAIP,GAAK53D,KAAKuP,QAAUvP,KAAKyP,cAAezP,KAAK83D,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAI/3D,KAAK+3D,oBACnCI,EAAKH,oBAAsB,IAAIh4D,KAAKg4D,qBACpCG,EAAKF,qBAAuB,IAAIj4D,KAAKi4D,sBAC9BE,CACX,CAUE,aAAMC,CAAQC,EAAatV,EAAM7uC,GAC/B,MAAM6gD,EAAa/0D,KAAK83D,QAAQ7H,UAC1B+E,EAAa,CACjBzlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKokD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWzlD,QAAUylD,EAAWvlD,cAAezP,KAAK83D,SAgB1E,OAfAK,EAAKH,0BAA4B93D,QAAQ4E,IAAIuzD,EAAY1zD,KAAIrC,eAAekR,GAC1E,IAAKA,EAAW8kD,YACd,MAAU/2D,MAAM,gCAElB,GAAIiS,EAAWm9C,qBAAqBoE,GAClC,MAAUxzD,MAAM,+DAElB,MAAMg3D,QAAmB/kD,EAAWglD,mBAAcp2D,EAAW2gD,OAAM3gD,EAAW8R,GAC9E,OAAOghD,GAAsBF,EAAY,CAACxhD,GAAa+kD,EAAWtI,UAAW,CAE3E3L,cAAe75C,EAAMoE,UAAUuB,YAC/B+B,SAAU,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,WACtDkwC,OAAM3gD,OAAWA,OAAWA,EAAW8R,EAChD,WACUikD,EAAK5zC,OAAOvkB,KAAM+iD,EAAM7uC,GACvBikD,CACX,CAcE,eAAMM,CAAUC,EAAazI,EAAWlN,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAClE,MAAMu9C,EAAa/0D,KAAK83D,QAAQ7H,UAChC,OAAO+G,GAAcjC,EAAYtqD,EAAMoE,UAAU2B,eAAgB,CAC/DG,IAAKokD,EACLxlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,eACnBzP,KAAKi4D,qBAAsBS,EAAazI,EAAWlN,EAAM7uC,EAChE,CAYE,uBAAMykD,CAAkBD,EAAaE,EAAkB7V,EAAO,IAAI/qC,KAAQ9D,GACxE,MAAM+1C,EAAOjqD,KACP+0D,EAAa/0D,KAAK83D,QAAQ7H,UAC1BoE,EAAe,CACnB9kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKokD,IAEDpjD,YAAEA,GAAgB+mD,EAClBG,EAAaD,EAAiBruD,QAAOoG,GAAOA,EAAImoD,QAAQnnD,GAAa/P,OAAS,IACpF,OAA0B,IAAtBi3D,EAAWj3D,OACN,YAEH1B,QAAQ4E,IAAI+zD,EAAWl0D,KAAIrC,UAC/B,MAAMi2D,QAAmB5nD,EAAI6nD,cAAc7mD,EAAa+mD,EAAY7T,aAASziD,EAAW8R,GACxF,GAAIwkD,EAAY3S,eAAiBkE,EAAKwO,UAAUC,EAAaH,EAAWtI,UAAWlN,EAAM7uC,GACvF,MAAU3S,MAAM,+BAElB,UACQm3D,EAAY/3B,OAAO43B,EAAWtI,UAAWxlD,EAAMoE,UAAUuB,YAAaikD,EAActR,OAAM3gD,EAAW8R,EAC5G,CAAC,MAAOhQ,GACP,MAAM4S,EAAK8G,UAAU,8BAA+B1Z,EAC5D,OAEW,EACX,CAcE,6BAAM60D,CAAwBH,EAAkB7V,EAAO,IAAI/qC,KAAQ9D,GACjE,MAAM+1C,EAAOjqD,KACPg5D,EAAiBh5D,KAAK+3D,mBAAmBvzD,OAAOxE,KAAKg4D,qBAC3D,OAAO93D,QAAQ4E,IAAIk0D,EAAer0D,KAAIrC,UAAwB,CAC5DshD,MAAOqV,EAActnD,YACrBunD,YAAajP,EAAK0O,kBAAkBM,EAAeL,EAAkB7V,EAAM7uC,GAAQ7T,OAAM,KAAM,QAErG,CAWE,YAAMsgC,CAAOoiB,EAAO,IAAI/qC,KAAQ9D,GAC9B,IAAKlU,KAAK+3D,mBAAmBn2D,OAC3B,MAAUL,MAAM,gCAElB,MAAM0oD,EAAOjqD,KACP+0D,EAAa/0D,KAAK83D,QAAQ7H,UAC1BoE,EAAe,CACnB9kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKokD,GAGP,IAAI52C,EACJ,IAAK,IAAIrc,EAAI9B,KAAK+3D,mBAAmBn2D,OAAS,EAAGE,GAAK,EAAGA,IACvD,IACE,MAAMq3D,EAAoBn5D,KAAK+3D,mBAAmBj2D,GAClD,GAAIq3D,EAAkBpT,eAAiBkE,EAAKwO,UAAUU,OAAmB/2D,EAAW2gD,EAAM7uC,GACxF,MAAU3S,MAAM,iCAElB,UACQ43D,EAAkBx4B,OAAOo0B,EAAYtqD,EAAMoE,UAAUuB,YAAaikD,EAActR,OAAM3gD,EAAW8R,EACxG,CAAC,MAAOhQ,GACP,MAAM4S,EAAK8G,UAAU,gCAAiC1Z,EAChE,CACQ,OAAO,CACR,CAAC,MAAOA,GACPia,EAAYja,CACpB,CAEI,MAAMia,CACV,CAUE,YAAMoG,CAAO60C,EAAYrW,EAAM7uC,GAC7B,MAAM6gD,EAAa/0D,KAAK83D,QAAQ7H,UAC1BoE,EAAe,CACnB9kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKokD,SAGD2B,GAAgB0C,EAAYp5D,KAAM,qBAAsB+iD,GAAMzgD,eAAe+2D,GACjF,IAEE,aADMA,EAAW14B,OAAOo0B,EAAYtqD,EAAMoE,UAAUuB,YAAaikD,EAActR,GAAM,EAAO7uC,IACrF,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUwyD,GAAgB0C,EAAYp5D,KAAM,sBAAuB+iD,SAEzD2T,GAAgB0C,EAAYp5D,KAAM,uBAAwB+iD,GAAM,SAASuW,GAC7E,OAAOtC,GAAcjC,EAAYtqD,EAAMoE,UAAU2B,eAAgB6jD,EAAc,CAACiF,QAAYl3D,OAAWA,EAAW2gD,EAAM7uC,EAC9H,GACA,CAaE,YAAMqlD,CACJxE,GAEEyE,KAAM/T,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DgmD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI/qC,KACX9D,EAASsD,GAET,MAAMw9C,EAAa,CACjBzlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKokD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWzlD,QAAUylD,EAAWvlD,cAAezP,KAAK83D,SAO1E,OANAK,EAAKF,qBAAqBn1D,WAAWoyD,GAAsBF,EAAY,GAAID,EAAY,CACrFzQ,cAAe75C,EAAMoE,UAAU2B,eAC/Bi1C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,GAAW,EAAO8R,UAChCikD,EAAK5zC,OAAOvkB,MACXm4D,CACX,EC3PA,MAAMuB,GAKJ,WAAA95D,CAAY+5D,EAAc7B,GACxB93D,KAAKiwD,UAAY0J,EACjB35D,KAAK45D,kBAAoB,GACzB55D,KAAKi4D,qBAAuB,GAC5Bj4D,KAAK83D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMpE,EAAa,IAAIlL,GAIvB,OAHAkL,EAAWhxD,KAAK9C,KAAKiwD,WACrB6D,EAAWhxD,QAAQ9C,KAAKi4D,sBACxBnE,EAAWhxD,QAAQ9C,KAAK45D,mBACjB9F,CACX,CAME,KAAAlxD,GACE,MAAMkyD,EAAS,IAAI4E,GAAO15D,KAAKiwD,UAAWjwD,KAAK83D,SAG/C,OAFAhD,EAAO8E,kBAAoB,IAAI55D,KAAK45D,mBACpC9E,EAAOmD,qBAAuB,IAAIj4D,KAAKi4D,sBAChCnD,CACX,CAcE,eAAM2D,CAAU5pD,EAAW8B,EAAKoyC,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAC1D,MAAMu9C,EAAa/0D,KAAK83D,QAAQ7H,UAChC,OAAO4J,GACL9E,EAAYtqD,EAAMoE,UAAUgC,iBAAkB,CAC5CF,IAAKokD,EACLpxD,KAAM3D,KAAKiwD,WACVjwD,KAAKi4D,qBAAsBppD,EAAW8B,EAAKoyC,EAAM7uC,EAE1D,CAWE,YAAMysB,CAAOoiB,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACvC,MAAMu9C,EAAa/0D,KAAK83D,QAAQ7H,UAC1BoE,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAM3D,KAAKiwD,WAE7C6J,QAAyBC,GAA+B/5D,KAAK45D,kBAAmB7E,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,EAAM7uC,GAErJ,GAAI4lD,EAAiB/T,eAAiB/lD,KAAKy4D,UAAUqB,EAAkB,KAAM/W,EAAM7uC,GACjF,MAAU3S,MAAM,qBAGlB,GAAIy4D,GAAqBh6D,KAAKiwD,UAAW6J,EAAkB/W,GACzD,MAAUxhD,MAAM,qBAElB,OAAOu4D,CACX,CAUE,uBAAMhS,CAAkB/E,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAClD,MAAMu9C,EAAa/0D,KAAK83D,QAAQ7H,UAC1BoE,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAM3D,KAAKiwD,WACnD,IAAI6J,EACJ,IACEA,QAAyBC,GAA+B/5D,KAAK45D,kBAAmB7E,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,EAAM7uC,EAChJ,CAAC,MAAOhQ,GACP,OAAO,IACb,CACI,MAAM+1D,EAAYC,GAA4Bl6D,KAAKiwD,UAAW6J,GACxDK,EAAYL,EAAiBhS,oBACnC,OAAOmS,EAAYE,EAAYF,EAAYE,CAC/C,CAUE,YAAM51C,CAAOuwC,EAAQ/R,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAC/C,MAAMu9C,EAAa/0D,KAAK83D,QAAQ7H,UAChC,IAAKjwD,KAAK2wD,qBAAqBmE,GAC7B,MAAUvzD,MAAM,2DAGdvB,KAAKiwD,UAAUrwD,YAAYoe,MAAQvT,EAAMkE,OAAOa,cAChDslD,EAAO7E,UAAUrwD,YAAYoe,MAAQvT,EAAMkE,OAAOM,eACpDjP,KAAKiwD,UAAY6E,EAAO7E,WAG1B,MAAMhG,EAAOjqD,KACPq0D,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAMsmD,EAAKgG,iBAC7CmK,GAAuBtF,EAAQ90D,KAAM,oBAAqB+iD,GAAMzgD,eAAe+3D,GACnF,IAAK,IAAIv4D,EAAI,EAAGA,EAAImoD,EAAK2P,kBAAkBh4D,OAAQE,IACjD,GAAImoD,EAAK2P,kBAAkB93D,GAAG6P,YAAYgyC,OAAO0W,EAAW1oD,aAI1D,OAHI0oD,EAAWxV,QAAUoF,EAAK2P,kBAAkB93D,GAAG+iD,UACjDoF,EAAK2P,kBAAkB93D,GAAKu4D,IAEvB,EAGX,IAEE,aADMA,EAAW15B,OAAOo0B,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,OAAM3gD,EAAW8R,IAC3F,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUk2D,GAAuBtF,EAAQ90D,KAAM,uBAAwB+iD,GAAM,SAASuW,GAChF,OAAOO,GAAqB9E,EAAYtqD,EAAMoE,UAAUgC,iBAAkBwjD,EAAc,CAACiF,QAAYl3D,OAAWA,EAAW2gD,EAAM7uC,EACvI,GACA,CAaE,YAAMqlD,CACJxE,GAEEyE,KAAM/T,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DgmD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI/qC,KACX9D,EAASsD,GAET,MAAMw9C,EAAa,CAAErkD,IAAKokD,EAAYpxD,KAAM3D,KAAKiwD,WAC3C6E,EAAS,IAAI4E,GAAO15D,KAAKiwD,UAAWjwD,KAAK83D,SAO/C,OANAhD,EAAOmD,qBAAqBn1D,WAAWw3D,GAA6BtF,EAAY,GAAID,EAAY,CAC9FzQ,cAAe75C,EAAMoE,UAAUgC,iBAC/B40C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,GAAW,EAAO8R,UAChC4gD,EAAOvwC,OAAOvkB,MACb80D,CACX,CAEE,oBAAAnE,CAAqBC,GACnB,OAAO5wD,KAAKiwD,UAAUU,qBAAqBC,EAAMX,WAAaW,EAClE,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe3uD,SAAQgG,IAC3FyxD,GAAOz5D,UAAUgI,GACf,WACE,OAAOjI,KAAKiwD,UAAUhoD,IACvB,CAAA,IC9KL,MAAMsyD,gBAAyCzjD,EAAK+G,wBAAwB,CAACwmC,KACvEmW,GAAoB,IAAI7kD,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,aAClEinD,GAAgB,IAAI9kD,IAAI,CAC5BlL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,WACrC/I,EAAMkE,OAAOa,aAAc/E,EAAMkE,OAAO+rD,gBAY1C,MAAMC,GAMJ,qBAAAC,CAAsB9G,EAAY+G,EAAoB,IAAIllD,KACxD,IAAIwiD,EACA2C,EACAhG,EACAiG,EAEJ,IAAK,MAAMpsD,KAAUmlD,EAAY,CAE/B,GAAInlD,aAAkBs+B,GAAmB,CACRwtB,GAAcz2D,IAAI2K,EAAOqP,OACzB+8C,IAI3BA,EADEP,GAAkBx2D,IAAI2K,EAAOqP,KACjBw8C,GAEAC,IAGlB,QACR,CAEM,MAAMz8C,EAAMrP,EAAO/O,YAAYoe,IAC/B,GAAI+8C,EAAa,CACf,IAAKA,EAAY/2D,IAAIga,GAAM,SAC3B+8C,EAAc,IACtB,CACM,GAAIF,EAAkB72D,IAAIga,GACxB,MAAUzc,MAAM,2BAA2Byc,GAE7C,OAAQA,GACN,KAAKvT,EAAMkE,OAAO5C,UAClB,KAAKtB,EAAMkE,OAAOK,UAChB,GAAIhP,KAAKiwD,UACP,MAAU1uD,MAAM,oCAIlB,GAFAvB,KAAKiwD,UAAYthD,EACjBmsD,EAAe96D,KAAKymD,YACfqU,EACH,MAAUv5D,MAAM,kBAElB,MACF,KAAKkJ,EAAMkE,OAAOY,OAClB,KAAK9E,EAAMkE,OAAOc,cAChB0oD,EAAO,IAAIP,GAAKjpD,EAAQ3O,MACxBA,KAAKg7D,MAAMl4D,KAAKq1D,GAChB,MACF,KAAK1tD,EAAMkE,OAAOa,aAClB,KAAK/E,EAAMkE,OAAOM,aAChBkpD,EAAO,KACPrD,EAAS,IAAI4E,GAAO/qD,EAAQ3O,MAC5BA,KAAKi7D,QAAQn4D,KAAKgyD,GAClB,MACF,KAAKrqD,EAAMkE,OAAOE,UAChB,OAAQF,EAAO21C,eACb,KAAK75C,EAAMoE,UAAUuB,YACrB,KAAK3F,EAAMoE,UAAUwB,YACrB,KAAK5F,EAAMoE,UAAUyB,WACrB,KAAK7F,EAAMoE,UAAU0B,aACnB,IAAK4nD,EAAM,CACTrhD,EAAKwE,WAAW,mEAChB,QAChB,CACkB3M,EAAOgD,YAAYgyC,OAAOmX,GAC5B3C,EAAKJ,mBAAmBj1D,KAAK6L,GAE7BwpD,EAAKH,oBAAoBl1D,KAAK6L,GAEhC,MACF,KAAKlE,EAAMoE,UAAU2B,eACf2nD,EACFA,EAAKF,qBAAqBn1D,KAAK6L,GAE/B3O,KAAKk7D,iBAAiBp4D,KAAK6L,GAE7B,MACF,KAAKlE,EAAMoE,UAAU8B,IACnB3Q,KAAKk7D,iBAAiBp4D,KAAK6L,GAC3B,MACF,KAAKlE,EAAMoE,UAAU4B,cACnB,IAAKqkD,EAAQ,CACXh+C,EAAKwE,WAAW,qEAChB,QAChB,CACcw5C,EAAO8E,kBAAkB92D,KAAK6L,GAC9B,MACF,KAAKlE,EAAMoE,UAAU+B,cACnB5Q,KAAKi4D,qBAAqBn1D,KAAK6L,GAC/B,MACF,KAAKlE,EAAMoE,UAAUgC,iBACnB,IAAKikD,EAAQ,CACXh+C,EAAKwE,WAAW,wEAChB,QAChB,CACcw5C,EAAOmD,qBAAqBn1D,KAAK6L,IAK/C,CACA,CAME,YAAAupD,GACE,MAAMpE,EAAa,IAAIlL,GAMvB,OALAkL,EAAWhxD,KAAK9C,KAAKiwD,WACrB6D,EAAWhxD,QAAQ9C,KAAKi4D,sBACxBnE,EAAWhxD,QAAQ9C,KAAKk7D,kBACxBl7D,KAAKg7D,MAAMr2D,KAAIwzD,GAAQrE,EAAWhxD,QAAQq1D,EAAKD,kBAC/Cl4D,KAAKi7D,QAAQt2D,KAAImwD,GAAUhB,EAAWhxD,QAAQgyD,EAAOoD,kBAC9CpE,CACX,CAOE,KAAAlxD,CAAMu4D,GAAqB,GACzB,MAAMxqD,EAAM,IAAI3Q,KAAKJ,YAAYI,KAAKk4D,gBAiBtC,OAhBIiD,GACFxqD,EAAImoD,UAAU72D,SAAQuX,IAMpB,GAJAA,EAAEy2C,UAAYnwD,OAAOklB,OACnBllB,OAAOs7D,eAAe5hD,EAAEy2C,WACxBnwD,OAAOkI,0BAA0BwR,EAAEy2C,aAEhCz2C,EAAEy2C,UAAUM,cAAe,OAEhC,MAAMta,EAAgB,CAAE,EACxBn2C,OAAO42C,KAAKl9B,EAAEy2C,UAAUha,eAAeh0C,SAAQgG,IAC7CguC,EAAchuC,GAAQ,IAAIxG,WAAW+X,EAAEy2C,UAAUha,cAAchuC,GAAM,IAEvEuR,EAAEy2C,UAAUha,cAAgBA,CAAa,IAGtCtlC,CACX,CAQE,UAAA0qD,CAAWzX,EAAQ,MAIjB,OAHgB5jD,KAAKi7D,QAAQ1wD,QAAOuqD,IACjClR,GAASkR,EAAOrO,WAAW9C,OAAOC,GAAO,IAGhD,CAQE,OAAAkV,CAAQlV,EAAQ,MACd,MAAMlN,EAAO,GAIb,OAHKkN,IAAS5jD,KAAKymD,WAAW9C,OAAOC,GAAO,IAC1ClN,EAAK5zC,KAAK9C,MAEL02C,EAAKlyC,OAAOxE,KAAKq7D,WAAWzX,GACvC,CAME,SAAA0X,GACE,OAAOt7D,KAAK84D,UAAUn0D,KAAIgM,GAAOA,EAAI81C,YACzC,CAME,UAAA8U,GACE,OAAOv7D,KAAKg7D,MAAMr2D,KAAIwzD,GACbA,EAAK5oD,OAAS4oD,EAAK5oD,OAAOA,OAAS,OACzChF,QAAOgF,GAAqB,OAAXA,GACxB,CAME,KAAAxM,GACE,OAAO/C,KAAKk4D,eAAen1D,OAC/B,CAYE,mBAAMy1D,CAAc5U,EAAQ,KAAMb,EAAO,IAAI/qC,KAAQzI,EAAS,CAAA,EAAI2E,EAASsD,SACnExX,KAAKw7D,iBAAiBzY,EAAMxzC,EAAQ2E,GAC1C,MAAM6gD,EAAa/0D,KAAKiwD,UACxB,IACEwL,GAA4B1G,EAAY7gD,EACzC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,+BAAgC0Y,EAC3D,CACI,MAAM2kC,EAAUj7D,KAAKi7D,QAAQt4D,QAAQu4C,MAAK,CAAC38B,EAAGzG,IAAMA,EAAEm4C,UAAUpL,QAAUtmC,EAAE0xC,UAAUpL,UACtF,IAAI1mC,EACJ,IAAK,MAAM22C,KAAUmG,EACnB,IAAKrX,GAASkR,EAAOrO,WAAW9C,OAAOC,GACrC,UACQkR,EAAOn0B,OAAOoiB,EAAM7uC,GAC1B,MAAMmgD,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAMmxD,EAAO7E,WAC/C6J,QAAyBC,GAC7BjF,EAAO8E,kBAAmB7E,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,EAAM7uC,GAE3F,IAAKwnD,GAAgC5G,EAAO7E,UAAW6J,EAAkB5lD,GACvE,SAEF,IAAK4lD,EAAiBtnD,kBACpB,MAAUjR,MAAM,8BAOlB,aAJMw4D,GACJ,CAACD,EAAiBtnD,mBAAoBsiD,EAAO7E,UAAWxlD,EAAMoE,UAAU6B,WAAY2jD,EAActR,EAAM7uC,GAE1GunD,GAA4B3G,EAAO7E,UAAW/7C,GACvC4gD,CACR,CAAC,MAAO5wD,GACPia,EAAYja,CACtB,CAII,IACE,MAAMi1D,QAA0Bn5D,KAAK21D,wBAAwB5S,EAAMxzC,EAAQ2E,GAC3E,KAAM0vC,GAASmR,EAAWtO,WAAW9C,OAAOC,KACxC8X,GAAgC3G,EAAYoE,EAAmBjlD,GAEjE,OADAunD,GAA4B1G,EAAY7gD,GACjClU,IAEV,CAAC,MAAOkE,GACPia,EAAYja,CAClB,CACI,MAAM4S,EAAK8G,UAAU,kDAAoD5d,KAAKymD,WAAWjb,QAASrtB,EACtG,CAYE,sBAAMw9C,CAAiB/X,EAAOb,EAAO,IAAI/qC,KAAQzI,EAAS,CAAA,EAAI2E,EAASsD,SAC/DxX,KAAKw7D,iBAAiBzY,EAAMxzC,EAAQ2E,GAC1C,MAAM6gD,EAAa/0D,KAAKiwD,UACxB,IACEwL,GAA4B1G,EAAY7gD,EACzC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,+BAAgC0Y,EAC3D,CAEI,MAAM2kC,EAAUj7D,KAAKi7D,QAAQt4D,QAAQu4C,MAAK,CAAC38B,EAAGzG,IAAMA,EAAEm4C,UAAUpL,QAAUtmC,EAAE0xC,UAAUpL,UACtF,IAAI1mC,EACJ,IAAK,MAAM22C,KAAUmG,EACnB,IAAKrX,GAASkR,EAAOrO,WAAW9C,OAAOC,GACrC,UACQkR,EAAOn0B,OAAOoiB,EAAM7uC,GAC1B,MAAMmgD,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAMmxD,EAAO7E,WAC/C6J,QAAyBC,GAA+BjF,EAAO8E,kBAAmB7E,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,EAAM7uC,GACvJ,GAAI0nD,GAAmC9G,EAAO7E,UAAW6J,EAAkB5lD,GAEzE,OADAunD,GAA4B3G,EAAO7E,UAAW/7C,GACvC4gD,CAEV,CAAC,MAAO5wD,GACPia,EAAYja,CACtB,CAII,IAEE,MAAMi1D,QAA0Bn5D,KAAK21D,wBAAwB5S,EAAMxzC,EAAQ2E,GAC3E,KAAM0vC,GAASmR,EAAWtO,WAAW9C,OAAOC,KACxCgY,GAAmC7G,EAAYoE,EAAmBjlD,GAEpE,OADAunD,GAA4B1G,EAAY7gD,GACjClU,IAEV,CAAC,MAAOkE,GACPia,EAAYja,CAClB,CACI,MAAM4S,EAAK8G,UAAU,qDAAuD5d,KAAKymD,WAAWjb,QAASrtB,EACzG,CAcE,eAAMs6C,CAAU5pD,EAAW8B,EAAKoyC,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAC1D,OAAOqiD,GACL75D,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKiwD,WAAajwD,KAAKi4D,qBAAsBppD,EAAW8B,EAAKoyC,EAAM7uC,EAE/H,CAWE,sBAAMsnD,CAAiBzY,EAAO,IAAI/qC,KAAQzI,EAAS,CAAE,EAAE2E,EAASsD,GAC9D,MAAMu9C,EAAa/0D,KAAKiwD,UAExB,SAAUjwD,KAAKy4D,UAAU,KAAM,KAAM1V,EAAM7uC,GACzC,MAAU3S,MAAM,0BAKlB,GAAIy4D,GAAqBjF,QAFO/0D,KAAK21D,wBAAwB5S,EAAMxzC,EAAQ2E,GAEnB6uC,GACtD,MAAUxhD,MAAM,0BAElB,GAA2B,IAAvBwzD,EAAWnd,QAAe,CAE5B,MAAMikB,QAAwB9B,GAC5B/5D,KAAKk7D,iBAAkBnG,EAAYtqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKokD,GAAchS,EAAM7uC,GACnF7T,OAAM,SAER,GAAIw7D,GAAmB7B,GAAqBjF,EAAY8G,EAAiB9Y,GACvE,MAAUxhD,MAAM,yBAExB,CACA,CAUE,uBAAMumD,CAAkBv4C,EAAQ2E,EAASsD,GACvC,IAAIskD,EACJ,IACE,MAAM3C,QAA0Bn5D,KAAK21D,wBAAwB,KAAMpmD,EAAQ2E,GACrE6nD,EAAmB7B,GAA4Bl6D,KAAKiwD,UAAWkJ,GAC/D6C,EAAgB7C,EAAkBrR,oBAClC+T,EAA6C,IAA3B77D,KAAKiwD,UAAUrY,eAC/BmiB,GACJ/5D,KAAKk7D,iBAAkBl7D,KAAKiwD,UAAWxlD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK3Q,KAAKiwD,WAAa,KAAM/7C,GAC3F7T,OAAM,SACV,GAAIw7D,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4Bl6D,KAAKiwD,UAAW4L,GAGvEC,EAAmBrzD,KAAKud,IAAI+1C,EAAkBC,EAAeC,EACrE,MACQH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,CAE5E,CAAC,MAAO93D,GACP43D,EAAmB,IACzB,CAEI,OAAOhlD,EAAKwB,cAAcwjD,EAC9B,CAcE,6BAAMnG,CAAwB5S,EAAO,IAAI/qC,KAAQzI,EAAS,CAAE,EAAE2E,EAASsD,GACrE,MAAMu9C,EAAa/0D,KAAKiwD,UACxB,GAA2B,IAAvB8E,EAAWnd,QACb,OAAOmiB,GACL/5D,KAAKk7D,iBAAkBnG,EAAYtqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKokD,GAAchS,EAAM7uC,GAGvF,MAAMilD,kBAAEA,SAA4Bn5D,KAAKk8D,eAAenZ,EAAMxzC,EAAQ2E,GACtE,OAAOilD,CACX,CAeE,oBAAM+C,CAAenZ,EAAO,IAAI/qC,KAAQzI,EAAS,CAAE,EAAE2E,EAASsD,GAC5D,MAAMu9C,EAAa/0D,KAAKiwD,UAClB+K,EAAQ,GACd,IAAI78C,EACJ,IAAK,IAAIrc,EAAI,EAAGA,EAAI9B,KAAKg7D,MAAMp5D,OAAQE,IACrC,IACE,MAAMq2D,EAAOn4D,KAAKg7D,MAAMl5D,GACxB,IAAKq2D,EAAK5oD,OACR,SAEF,QACmBnN,IAAhBmN,EAAOtH,MAAsBkwD,EAAK5oD,OAAOtH,OAASsH,EAAOtH,WACxC7F,IAAjBmN,EAAO6jD,OAAuB+E,EAAK5oD,OAAO6jD,QAAU7jD,EAAO6jD,YACxChxD,IAAnBmN,EAAO8jD,SAAyB8E,EAAK5oD,OAAO8jD,UAAY9jD,EAAO8jD,QAEhE,MAAU9xD,MAAM,iDAElB,MAAM8yD,EAAe,CAAE9kD,OAAQ4oD,EAAK5oD,OAAQoB,IAAKokD,GAC3CoE,QAA0BY,GAA+B5B,EAAKJ,mBAAoBhD,EAAYtqD,EAAMoE,UAAUuB,YAAaikD,EAActR,EAAM7uC,GACrJ8mD,EAAMl4D,KAAK,CAAEqa,MAAOrb,EAAGq2D,OAAMgB,qBAC9B,CAAC,MAAOj1D,GACPia,EAAYja,CACpB,CAEI,IAAK82D,EAAMp5D,OAET,MAAMuc,GAAiB5c,MAAM,qCAEzBrB,QAAQ4E,IAAIk2D,EAAMr2D,KAAIrC,eAAgBic,GAC1C,OAAOA,EAAE46C,kBAAkBpT,SAAWxnC,EAAE45C,KAAKM,UAAUl6C,EAAE46C,kBAAmB,KAAMpW,EAAM7uC,EAC9F,KAEI,MAAMioD,EAAcnB,EAAM9f,MAAK,SAAS38B,EAAGzG,GACzC,MAAMorB,EAAI3kB,EAAE46C,kBACNiD,EAAItkD,EAAEqhD,kBACZ,OAAOiD,EAAErW,QAAU7iB,EAAE6iB,SAAW7iB,EAAEsiB,gBAAkB4W,EAAE5W,iBAAmBtiB,EAAE2hB,QAAUuX,EAAEvX,OACxF,IAAEwX,OACGlE,KAAEA,EAAMgB,kBAAmBmD,GAASH,EAC1C,GAAIG,EAAKvW,eAAiBoS,EAAKM,UAAU6D,EAAM,KAAMvZ,EAAM7uC,GACzD,MAAU3S,MAAM,2BAElB,OAAO46D,CACX,CAeE,YAAM53C,CAAOg4C,EAAWxZ,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAClD,IAAKxX,KAAK2wD,qBAAqB4L,GAC7B,MAAUh7D,MAAM,4DAElB,IAAKvB,KAAKs4D,aAAeiE,EAAUjE,YAAa,CAQ9C,KANet4D,KAAKi7D,QAAQr5D,SAAW26D,EAAUtB,QAAQr5D,QAClD5B,KAAKi7D,QAAQ3+B,OAAMkgC,GACXD,EAAUtB,QAAQv2D,MAAK+3D,GACrBD,EAAW7L,qBAAqB8L,QAI/C,MAAUl7D,MAAM,iEAGlB,OAAOg7D,EAAUh4C,OAAOvkB,KAAMkU,EACpC,CAKI,MAAMwoD,EAAa18D,KAAK4C,QA0CxB,aAxCMw3D,GAAuBmC,EAAWG,EAAY,uBAAwB3Z,GAAMuW,GACzEO,GAAqB6C,EAAWzM,UAAWxlD,EAAMoE,UAAU+B,cAAe8rD,EAAY,CAACpD,GAAY,KAAMiD,EAAUtM,UAAWlN,EAAM7uC,WAGvIkmD,GAAuBmC,EAAWG,EAAY,mBAAoB3Z,SAElE7iD,QAAQ4E,IAAIy3D,EAAUvB,MAAMr2D,KAAIrC,UAGpC,MAAMq6D,EAAgBD,EAAW1B,MAAMzwD,QAAOqyD,GAC3CC,EAAQttD,QAAUstD,EAAQttD,OAAOo0C,OAAOiZ,EAAQrtD,SAChDstD,EAAQptD,eAAiBotD,EAAQptD,cAAck0C,OAAOiZ,EAAQntD,iBAEjE,GAAIktD,EAAc/6D,OAAS,QACnB1B,QAAQ4E,IACZ63D,EAAch4D,KAAIm4D,GAAgBA,EAAav4C,OAAOs4C,EAAS9Z,EAAM7uC,UAElE,CACL,MAAM6oD,EAAUF,EAAQj6D,QACxBm6D,EAAQjF,QAAU4E,EAClBA,EAAW1B,MAAMl4D,KAAKi6D,EAC9B,YAGU78D,QAAQ4E,IAAIy3D,EAAUtB,QAAQt2D,KAAIrC,UAEtC,MAAM06D,EAAkBN,EAAWzB,QAAQ1wD,QAAO0yD,GAChDA,EAAUtM,qBAAqB8L,KAEjC,GAAIO,EAAgBp7D,OAAS,QACrB1B,QAAQ4E,IACZk4D,EAAgBr4D,KAAIu4D,GAAkBA,EAAe34C,OAAOk4C,EAAW1Z,EAAM7uC,UAE1E,CACL,MAAMipD,EAAYV,EAAU75D,QAC5Bu6D,EAAUrF,QAAU4E,EACpBA,EAAWzB,QAAQn4D,KAAKq6D,EAChC,MAGWT,CACX,CAUE,8BAAMU,CAAyBra,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACzD,MAAM68C,EAAe,CAAE1jD,IAAK3Q,KAAKiwD,WAC3BkH,QAA4B4C,GAA+B/5D,KAAKi4D,qBAAsBj4D,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAeyjD,EAActR,EAAM7uC,GACzJ4/C,EAAa,IAAIlL,GACvBkL,EAAWhxD,KAAKq0D,GAEhB,MAAM70C,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMpH,UAAW+nD,EAAW/wD,QAAS,KAAM,KAAM,mCAAoCuf,EAAcpO,EAC1H,CAYE,gCAAMmpD,CAA2BC,EAAuBva,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAClF,MAAMjX,QAAc+gB,GAAQg8C,GAEtBnG,SADmBvO,GAAWC,WAAWtoD,EAAMsG,KAAM0zD,GAA0BrmD,IAC9C21C,WAAWp/C,EAAMkE,OAAOE,WAC/D,IAAKsoD,GAAuBA,EAAoB7S,gBAAkB75C,EAAMoE,UAAU+B,cAChF,MAAUrP,MAAM,8CAElB,IAAK41D,EAAoBxlD,YAAYgyC,OAAO3jD,KAAKymD,YAC/C,MAAUllD,MAAM,2CAElB,UACQ41D,EAAoBx2B,OAAO3gC,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKiwD,WAAalN,OAAM3gD,EAAW8R,EAC3H,CAAC,MAAOhQ,GACP,MAAM4S,EAAK8G,UAAU,wCAAyC1Z,EACpE,CACI,MAAMyM,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIsnD,qBAAqBn1D,KAAKq0D,GACvBxmD,CACX,CAWE,qBAAM4sD,CAAgBC,EAAaza,EAAMxzC,EAAQ2E,EAASsD,GACxD,MAAM2F,MAAEA,EAAKg7C,KAAEA,SAAen4D,KAAKk8D,eAAenZ,EAAMxzC,EAAQ2E,GAC1DupD,QAAiBtF,EAAKC,QAAQoF,EAAaza,EAAM7uC,GACjDvD,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIqqD,MAAM79C,GAASsgD,EACZ9sD,CACX,CAUE,kBAAM+sD,CAAaF,EAAaza,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAC1D,MAAM7G,EAAM3Q,KAAK4C,QAIjB,OAHA+N,EAAIqqD,YAAc96D,QAAQ4E,IAAI9E,KAAKg7D,MAAMr2D,KAAI,SAASwzD,GACpD,OAAOA,EAAKC,QAAQoF,EAAaza,EAAM7uC,EAC7C,KACWvD,CACX,CAiBE,uBAAMgtD,CAAkB/E,EAAkB7V,EAAO,IAAI/qC,KAAQzI,EAAQ2E,EAASsD,GAC5E,MAAMu9C,EAAa/0D,KAAKiwD,WAClBkI,KAAEA,SAAen4D,KAAKk8D,eAAenZ,EAAMxzC,EAAQ2E,GAIzD,OAHgB0kD,QACRT,EAAKY,wBAAwBH,EAAkB7V,EAAM7uC,GAC3D,CAAC,CAAE0vC,MAAOmR,EAAWtO,WAAYyS,YAAaf,EAAKx3B,OAAOoiB,EAAM7uC,GAAQ7T,OAAM,KAAM,KAE1F,CAiBE,oBAAMu9D,CAAehF,EAAkB7V,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACjE,MAAMu9C,EAAa/0D,KAAKiwD,UAClB4N,EAAU,GAehB,aAdM39D,QAAQ4E,IAAI9E,KAAKg7D,MAAMr2D,KAAIrC,UAC/B,MAAM8xD,EAAawE,QACXT,EAAKY,wBAAwBH,EAAkB7V,EAAM7uC,GAC3D,CAAC,CAAE0vC,MAAOmR,EAAWtO,WAAYyS,YAAaf,EAAKx3B,OAAOoiB,EAAM7uC,GAAQ7T,OAAM,KAAM,MAEtFw9D,EAAQ/6D,QAAQsxD,EAAWzvD,KACzBkK,IAAc,CACZU,OAAQ4oD,EAAK5oD,OAAS4oD,EAAK5oD,OAAOA,OAAS,KAC3CE,cAAe0oD,EAAK1oD,cACpBm0C,MAAO/0C,EAAU+0C,MACjBsV,MAAOrqD,EAAUqqD,UAEpB,KAEI2E,CACX,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwB57D,SAAQgG,IACpG0yD,GAAI16D,UAAUgI,GACdyxD,GAAOz5D,UAAUgI,EAAK,ICntBxB,MAAM61D,WAAkBnD,GAItB,WAAA/6D,CAAYk0D,GAOV,GANAj0D,QACAG,KAAKiwD,UAAY,KACjBjwD,KAAKi4D,qBAAuB,GAC5Bj4D,KAAKk7D,iBAAmB,GACxBl7D,KAAKg7D,MAAQ,GACbh7D,KAAKi7D,QAAU,GACXnH,IACF9zD,KAAK46D,sBAAsB9G,EAAY,IAAIn+C,IAAI,CAAClL,EAAMkE,OAAOK,UAAWvE,EAAMkE,OAAOM,iBAChFjP,KAAKiwD,WACR,MAAU1uD,MAAM,yCAGxB,CAME,SAAA+2D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,OAAO/9D,IACX,CAOE,KAAAmT,CAAMe,EAASsD,GAEb,MAAM8K,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMpH,UAAW/L,KAAKk4D,eAAen1D,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACpH,ECpDA,MAAM8pD,WAAmBF,GAIvB,WAAAl+D,CAAYk0D,GAGV,GAFAj0D,QACAG,KAAK46D,sBAAsB9G,EAAY,IAAIn+C,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOa,iBAChFxP,KAAKiwD,UACR,MAAU1uD,MAAM,0CAEtB,CAME,SAAA+2D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,MAAMjK,EAAa,IAAIlL,GACjBqV,EAAaj+D,KAAKk4D,eACxB,IAAK,MAAMjI,KAAagO,EACtB,OAAQhO,EAAUrwD,YAAYoe,KAC5B,KAAKvT,EAAMkE,OAAOK,UAAW,CAC3B,MAAMkvD,EAAerO,GAAgBE,oBAAoBE,GACzD6D,EAAWhxD,KAAKo7D,GAChB,KACV,CACQ,KAAKzzD,EAAMkE,OAAOM,aAAc,CAC9B,MAAMkvD,EAAkBjN,GAAmBC,uBAAuBlB,GAClE6D,EAAWhxD,KAAKq7D,GAChB,KACV,CACQ,QACErK,EAAWhxD,KAAKmtD,GAGtB,OAAO,IAAI6N,GAAUhK,EACzB,CAOE,KAAA3gD,CAAMe,EAASsD,GAEb,MAAM8K,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMK,WAAYxT,KAAKk4D,eAAen1D,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACrH,CAaE,uBAAMkqD,CAAkBxa,EAAOb,EAAO,IAAI/qC,KAAQzI,EAAS,CAAA,EAAI2E,EAASsD,GACtE,MAAMu9C,EAAa/0D,KAAKiwD,UAClBvZ,EAAO,GACb,IAAIv4B,EAAY,KAChB,IAAK,IAAIrc,EAAI,EAAGA,EAAI9B,KAAKi7D,QAAQr5D,OAAQE,IACvC,IAAK8hD,GAAS5jD,KAAKi7D,QAAQn5D,GAAG2kD,WAAW9C,OAAOC,GAAO,GAAO,CAC5D,GAAI5jD,KAAKi7D,QAAQn5D,GAAGmuD,UAAUoC,UAAW,CACvCl0C,EAAYA,GAAiB5c,MAAM,uDACnC,QACV,CAEQ,IACE,MAAM8yD,EAAe,CAAE1jD,IAAKokD,EAAYpxD,KAAM3D,KAAKi7D,QAAQn5D,GAAGmuD,WACxD6J,QAAyBC,GAA+B/5D,KAAKi7D,QAAQn5D,GAAG83D,kBAAmB7E,EAAYtqD,EAAMoE,UAAU4B,cAAe4jD,EAActR,EAAM7uC,GAC5JmqD,GAAmCr+D,KAAKi7D,QAAQn5D,GAAGmuD,UAAW6J,EAAkB5lD,IAClFwiC,EAAK5zC,KAAK9C,KAAKi7D,QAAQn5D,GAE1B,CAAC,MAAOoC,GACPia,EAAYja,CACtB,CACA,CAII,MAAMi1D,QAA0Bn5D,KAAK21D,wBAAwB5S,EAAMxzC,EAAQ2E,GAS3E,GARM0vC,IAASmR,EAAWtO,WAAW9C,OAAOC,GAAO,KAAUya,GAAmCtJ,EAAYoE,EAAmBjlD,KACzH6gD,EAAW1C,UACbl0C,EAAYA,GAAiB5c,MAAM,uDAEnCm1C,EAAK5zC,KAAK9C,OAIM,IAAhB02C,EAAK90C,OAEP,MAAMuc,GAAiB5c,MAAM,mCAG/B,OAAOm1C,CACX,CAME,WAAA6Z,GACE,OAAOvwD,KAAK84D,UAAUp0D,MAAK,EAAGurD,eAAgBA,EAAUM,eAC5D,CAYE,cAAMsC,CAAS3+C,EAASsD,GACtB,IAAKxX,KAAKs4D,YACR,MAAU/2D,MAAM,gCAGlB,IAAI6zD,EACJ,GAAKp1D,KAAKiwD,UAAUoC,UAEb,CAKL,MAAMkG,QAAmBv4D,KAAKw4D,cAAc,KAAM,UAAMp2D,EAAW,IAAK8R,EAAQuC,0BAA2B,IAAId,IAAOP,WAAY,IAE9HmjD,IAAeA,EAAWtI,UAAUoC,YACtC+C,EAAmBmD,EAAWtI,UAEtC,MAXMmF,EAAmBp1D,KAAKiwD,UAa1B,GAAImF,EACF,OAAOA,EAAiBvC,WACnB,CACL,MAAMnc,EAAO12C,KAAK84D,UAElB,GADmBpiB,EAAK/xC,KAAIgM,GAAOA,EAAIs/C,UAAUoC,YAAW/1B,MAAMgiC,SAEhE,MAAU/8D,MAAM,wCAGlB,OAAOrB,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,SAAaqO,EAAIs/C,UAAU4C,aAC7D,CACA,CAKE,kBAAAL,GACExyD,KAAK84D,UAAU72D,SAAQ,EAAGguD,gBACpBA,EAAUM,eACZN,EAAUuC,oBAClB,GAEA,CAYE,YAAM+G,EAEFC,KAAM/T,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DgmD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI/qC,KACX9D,EAASsD,GAET,IAAKxX,KAAKs4D,YACR,MAAU/2D,MAAM,iCAElB,MAAMyzD,EAAa,CAAErkD,IAAK3Q,KAAKiwD,WACzBt/C,EAAM3Q,KAAK4C,QAMjB,OALA+N,EAAIsnD,qBAAqBn1D,WAAWw3D,GAA6BtF,EAAY,GAAIh1D,KAAKiwD,UAAW,CAC/F3L,cAAe75C,EAAMoE,UAAU+B,cAC/B60C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,OAAWA,EAAW8R,IACnCvD,CACX,CAkBE,eAAM4tD,CAAUz4D,EAAU,IACxB,MAAMoO,EAAS,IAAKsD,KAAkB1R,EAAQoO,QAC9C,GAAIpO,EAAQ0xC,WACV,MAAUj2C,MAAM,gEAElB,GAAIuE,EAAQmuD,QAAU//C,EAAOkB,WAC3B,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBtP,EAAQmuD,WAEnF,MAAMjE,EAAkBhwD,KAAKiwD,UAC7B,GAAID,EAAgBqC,UAClB,MAAU9wD,MAAM,8CAElB,IAAKyuD,EAAgBO,cACnB,MAAUhvD,MAAM,wBAElB,MAAMi9D,EAAiBxO,EAAgBa,mBACvC2N,EAAevqD,KAiBnB,SAA8B+gB,GAG5B,OAFavqB,EAAM1H,MAAM0H,EAAMsB,UAAWipB,IAGxC,KAAKvqB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACnB,MAAO,MACT,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,MAAO,MACT,KAAK9B,EAAMsB,UAAUZ,QACnB,MAAO,aACT,KAAKV,EAAMsB,UAAUa,MACnB,MAAO,WACT,QACE,MAAUrL,MAAM,yBAEtB,CApC0Bk9D,CAAqBD,EAAe5oB,WAC1D4oB,EAAevK,QAAUuK,EAAeviD,MAAQ,KAChDuiD,EAAe9zD,MAAQ8zD,EAAe9zD,OAAS,mBAC/C5E,EAAU44D,GAA0B54D,EAAS04D,GAK7C,MAAMvO,QAAkB0O,GAA4B74D,EAAS,IAAKoO,EAAQQ,OAAmC,IAA3B1U,KAAKiwD,UAAUrY,UACjG6jB,GAA4BxL,EAAW/7C,GACvC,MAAM4lD,QAAyB8E,GAA8B3O,EAAWD,EAAiBlqD,EAASoO,GAC5F2qD,EAAa7+D,KAAKk4D,eAExB,OADA2G,EAAW/7D,KAAKmtD,EAAW6J,GACpB,IAAIkE,GAAWa,EAC1B,EClOA,MAAMC,gBAAkChoD,EAAK+G,wBAAwB,CACnEgyC,GACAqB,GACAO,GACAmC,GACAT,GACA9B,GACAhN,KASF,SAAS0a,GAAUjL,GACjB,IAAK,MAAMnlD,KAAUmlD,EACnB,OAAQnlD,EAAO/O,YAAYoe,KACzB,KAAKvT,EAAMkE,OAAOK,UAChB,OAAO,IAAIgvD,GAAWlK,GACxB,KAAKrpD,EAAMkE,OAAO5C,UAChB,OAAO,IAAI+xD,GAAUhK,GAG3B,MAAUvyD,MAAM,sBAClB,CAgHAe,eAAe08D,GAAchP,EAAiBiP,EAAqBn5D,EAASoO,GAEtEpO,EAAQ0xC,kBACJwY,EAAgBhiC,QAAQloB,EAAQ0xC,WAAYtjC,SAG9ChU,QAAQ4E,IAAIm6D,EAAoBt6D,KAAIrC,eAAe8uD,EAAoBj0C,GAC3E,MAAM+hD,EAAmBp5D,EAAQm1D,QAAQ99C,GAAOq6B,WAC5C0nB,SACI9N,EAAmBpjC,QAAQkxC,EAAkBhrD,EAEzD,KAEE,MAAM4/C,EAAa,IAAIlL,GAGvB,SAASuW,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAM70D,QAAOmY,GAAQA,IAAS28C,IAC5D,CAEE,SAASC,IACP,MAAMrK,EAAsB,CAAE,EAC9BA,EAAoB9iD,SAAW,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,UAC5E,MAAM0sD,EAAsBJ,EAAqB,CAE/C10D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,QACfgH,EAAOE,6BAEV,GADA6gD,EAAoBxjD,6BAA+B8tD,EAC/CrrD,EAAOI,YAAa,CACtB,MAAMkrD,EAAiBL,EAAqB,CAC1C10D,EAAM6D,KAAKG,IACXhE,EAAM6D,KAAKC,IACX9D,EAAM6D,KAAKE,KACV0F,EAAOM,wBACVygD,EAAoBtiD,sBAAwB6sD,EAAeC,SAAQ7T,GAC1D2T,EAAoB56D,KAAI+6D,GACtB,CAACA,EAAoB9T,MAGtC,CAuBI,OAtBAqJ,EAAoBpjD,wBAA0BstD,EAAqB,CAEjE10D,EAAMkD,KAAKI,OACXtD,EAAMkD,KAAKM,OACXxD,EAAMkD,KAAKQ,SACX1D,EAAMkD,KAAKS,UACV8F,EAAOC,wBACV8gD,EAAoBnjD,+BAAiCqtD,EAAqB,CACxE10D,EAAM6C,YAAYC,aAClB9C,EAAM6C,YAAYG,KAClBhD,EAAM6C,YAAYE,KACjB0G,EAAOG,+BAEV4gD,EAAoB3iD,SAAW,CAAC,GAChC2iD,EAAoB3iD,SAAS,IAAM7H,EAAM6H,SAASwB,sBAC9CI,EAAOI,cACT2gD,EAAoB3iD,SAAS,IAAM7H,EAAM6H,SAAS0B,SAEhDlO,EAAQyL,kBAAoB,IAC9B0jD,EAAoB1jD,kBAAoBzL,EAAQyL,kBAChD0jD,EAAoB/P,iBAAkB,GAEjC+P,CACX,CAEE,GApDAnB,EAAWhxD,KAAKktD,GAoDgB,IAA5BA,EAAgBpY,QAAe,CACjC,MAAMod,EAAa,CACjBrkD,IAAKq/C,GAGDiF,EAAsBqK,IAC5BrK,EAAoB3Q,cAAgB75C,EAAMoE,UAAU8B,IAEpD,MAAMw3C,QAAwBmS,GAA6BtF,EAAY,GAAIhF,EAAiBiF,EAAqBnvD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,GAChK4/C,EAAWhxD,KAAKqlD,EACpB,OAEQjoD,QAAQ4E,IAAIgB,EAAQ65D,QAAQh7D,KAAIrC,eAAeiN,EAAQ4N,GAC3D,MAAMyiD,EAAezM,GAAaxd,WAAWpmC,GACvCylD,EAAa,CACjBzlD,OAAQqwD,EACRjvD,IAAKq/C,GAEDiF,EAAkD,IAA5BjF,EAAgBpY,QAAgB0nB,IAA8B,CAAE,EAC5FrK,EAAoB3Q,cAAgB75C,EAAMoE,UAAU0B,aACtC,IAAV4M,IACF83C,EAAoBzP,iBAAkB,GAKxC,MAAO,CAAEoa,eAAczX,sBAFOmS,GAA6BtF,EAAY,GAAIhF,EAAiBiF,EAAqBnvD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,GAGpK,KAAMrR,MAAK4B,IACPA,EAAKxC,SAAQ,EAAG29D,eAAczX,sBAC5B2L,EAAWhxD,KAAK88D,GAChB9L,EAAWhxD,KAAKqlD,EAAgB,GAChC,UAGEjoD,QAAQ4E,IAAIm6D,EAAoBt6D,KAAIrC,eAAe8uD,EAAoBj0C,GAC3E,MAAM0iD,EAAgB/5D,EAAQm1D,QAAQ99C,GAEtC,MAAO,CAAEi0C,qBAAoB0O,4BADOlB,GAA8BxN,EAAoBpB,EAAiB6P,EAAe3rD,GAE1H,KAAMrR,MAAKimD,IACPA,EAAQ7mD,SAAQ,EAAGmvD,qBAAoB0O,4BACrChM,EAAWhxD,KAAKsuD,GAChB0C,EAAWhxD,KAAKg9D,EAAsB,GACtC,IAKJ,MAAM9K,EAAa,CAAErkD,IAAKq/C,GAkB1B,OAjBA8D,EAAWhxD,WAAWw3D,GAA6BtF,EAAY,GAAIhF,EAAiB,CAClF1L,cAAe75C,EAAMoE,UAAU+B,cAC/B60C,wBAAyBh7C,EAAM4H,oBAAoBoB,SACnDiyC,0BAA2B,IAC1B5/C,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,IAE9CpO,EAAQ0xC,YACVwY,EAAgBwC,2BAGZtyD,QAAQ4E,IAAIm6D,EAAoBt6D,KAAIrC,eAAe8uD,EAAoBj0C,GAClDrX,EAAQm1D,QAAQ99C,GAAOq6B,YAE9C4Z,EAAmBoB,oBAEzB,KAES,IAAIwL,GAAWlK,EACxB,CC1QA,MAAMiM,gBAAsCjpD,EAAK+G,wBAAwB,CACvEilC,GACAoH,GACA8D,GACArC,GACAqF,GACA/C,GACAuB,GACAvH,GACA5D,KAGI2b,gBAA4ClpD,EAAK+G,wBAAwB,CAAC2xC,KAE1EyQ,gBAAgDnpD,EAAK+G,wBAAwB,CAACwmC,KAO7E,MAAM6b,GAIX,WAAAtgE,CAAYk0D,GACV9zD,KAAK8oD,QAAUgL,GAAc,IAAIlL,EACrC,CAME,mBAAAuX,GACE,MAAMC,EAAS,GAKf,OAJ0BpgE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOC,8BAC9C3M,SAAQ,SAAS0M,GACjCyxD,EAAOt9D,KAAK6L,EAAOu/C,YACzB,IACWkS,CACX,CAME,gBAAArM,GACE,MAAMvoC,EAAMxrB,KAAKqgE,mBAEXC,EAAiB90C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOI,kBAC5D,GAAIuxD,EAAe1+D,OAAS,EAC1B,OAAO0+D,EAAe37D,KAAIgK,GAAUA,EAAOgD,cAI7C,OADsB6Z,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACtClK,KAAIgK,GAAUA,EAAOgD,aAC9C,CAYE,aAAM2c,CAAQiyC,EAAgBC,EAAWC,EAAa1d,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAChF,MAAMkpD,EAAyB1gE,KAAK8oD,QAAQW,YAC1Ch/C,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBAGf,GAAsC,IAAlC8wD,EAAuB9+D,OACzB,MAAUL,MAAM,2BAGlB,MAAMo/D,EAAqBD,EAAuB,GAC5CE,EAA6BD,EAAmB7U,gBAEhD+U,EAAoBJ,SAAqBzgE,KAAK8gE,mBAAmBP,EAAgBC,EAAWI,EAA4B7d,EAAM7uC,GAEpI,IAAIiK,EAAY,KAChB,MAAM4iD,EAAmB7gE,QAAQ4E,IAAI+7D,EAAkBl8D,KAAIrC,OAASszC,UAAWorB,EAAen6D,WAC5F,IAAKiQ,EAAKtV,aAAaqF,KAAW85D,EAAmB7U,kBAAoBh1C,EAAKC,SAASiqD,GACrF,MAAUz/D,MAAM,uCAGlB,IACE,MAAMmhB,EAAOi+C,EAAmB7U,iBAAmBrhD,EAAM1H,MAAM0H,EAAMoC,UAAWm0D,SAC1EL,EAAmBryC,QAAQ5L,EAAM7b,EAAMqN,EAC9C,CAAC,MAAOhQ,GACP4S,EAAK0E,gBAAgBtX,GACrBia,EAAYja,CACpB,MAOI,GAJA+8D,EAAcN,EAAmB3U,WACjC2U,EAAmB3U,UAAY,WACzB+U,GAEDJ,EAAmB7X,UAAY6X,EAAmB7X,QAAQlnD,OAC7D,MAAMuc,GAAiB5c,MAAM,sBAG/B,MAAM2/D,EAAY,IAAIhB,GAAQS,EAAmB7X,SAGjD,OAFA6X,EAAmB7X,QAAU,IAAIF,GAE1BsY,CACX,CAeE,wBAAMJ,CAAmBP,EAAgBC,EAAWI,EAA4B7d,EAAO,IAAI/qC,KAAQ9D,EAASsD,GAC1G,IAEI2G,EAFAgjD,EAA6B,GAGjC,GAAIX,EAAW,CACb,MAAMY,EAAephE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOG,wBAC3D,GAA4B,IAAxBsyD,EAAax/D,OACf,MAAUL,MAAM,8DAEZrB,QAAQ4E,IAAI07D,EAAU77D,KAAIrC,eAAeu1C,EAAU/1C,GACvD,IAAIgnD,EAEFA,EADEhnD,QACc8mD,GAAWC,WAAWuY,EAAar+D,QAASi9D,GAA6B9rD,GAE/EktD,QAENlhE,QAAQ4E,IAAIgkD,EAAQnkD,KAAIrC,eAAe++D,GAC3C,UACQA,EAAY/yC,QAAQupB,GAC1BspB,EAA2Br+D,KAAKu+D,EACjC,CAAC,MAAO/qC,GACPxf,EAAK0E,gBAAgB8a,GACjBA,aAAe2gB,KACjB94B,EAAYmY,EAE1B,CACA,IACA,IACK,KAAM,KAAIiqC,EA8FT,MAAUh/D,MAAM,iCA9FS,CACzB,MAAM+/D,EAAethE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOC,8BAC3D,GAA4B,IAAxB0yD,EAAa1/D,OACf,MAAUL,MAAM,2DAEZrB,QAAQ4E,IAAIw8D,EAAa38D,KAAIrC,eAAei/D,SAC1CrhE,QAAQ4E,IAAIy7D,EAAe57D,KAAIrC,eAAek/D,GAClD,IAAIC,EACJ,IAEEA,SAA8BD,EAAcpD,kBAAkBmD,EAAYrT,YAAa,UAAM9rD,EAAW8R,IAASvP,KAAIgM,GAAOA,EAAIs/C,WACjI,CAAC,MAAO35B,GAEP,YADAnY,EAAYmY,EAExB,CAEU,IAAI8oC,EAAQ,CACV30D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,OAChBzC,EAAMoC,UAAUE,UAChBtC,EAAMoC,UAAUG,OAElB,IACE,MAAMmsD,QAA0BqI,EAAc7L,wBAAwB5S,OAAM3gD,EAAW8R,GACnFilD,EAAkB1nD,+BACpB2tD,EAAQA,EAAM56D,OAAO20D,EAAkB1nD,8BAE1C,CAAC,MAAOvN,GAAG,OAENhE,QAAQ4E,IAAI28D,EAAqB98D,KAAIrC,eAAeo/D,GACxD,IAAKA,EAAoBnR,cACvB,MAAUhvD,MAAM,oCAWlB,GAPiC2S,EAAOuB,8BACtC8rD,EAAY/c,qBAAuB/5C,EAAMsB,UAAUE,YACnDs1D,EAAY/c,qBAAuB/5C,EAAMsB,UAAUC,gBACnDu1D,EAAY/c,qBAAuB/5C,EAAMsB,UAAUG,SACnDq1D,EAAY/c,qBAAuB/5C,EAAMsB,UAAUI,SAGvB,CAW5B,MAAMw1D,EAAkBJ,EAAYx+D,cAC9B7C,QAAQ4E,KACZ87D,EACE,CAACA,GACDjhE,MAAM6gB,KAAKtM,EAAOwB,0DACpB/Q,KAAIrC,UACJ,MAAMs/D,EAAkB,IAAI3T,GAC5B2T,EAAgBv/D,KAAKs/D,GACrB,MAAM7S,EAAmB,CACvB7C,sBACAoC,WAAYjyC,GAAOwzC,mBAAmB3D,IAExC,UACQ2V,EAAgBtzC,QAAQozC,EAAqB5S,GACnDqS,EAA2Br+D,KAAK8+D,EACjC,CAAC,MAAOtrC,GAEPxf,EAAK0E,gBAAgB8a,GACrBnY,EAAYmY,CAC9B,KAGA,MACc,UACQirC,EAAYjzC,QAAQozC,GAC1B,MAAMhC,EAAqBkB,GAA8BW,EAAYtV,oBACrE,GAAIyT,IAAuBN,EAAMjgD,SAAS1U,EAAM1H,MAAM0H,EAAMoC,UAAW6yD,IACrE,MAAUn+D,MAAM,iDAElB4/D,EAA2Br+D,KAAKy+D,EACjC,CAAC,MAAOjrC,GACPxf,EAAK0E,gBAAgB8a,GACrBnY,EAAYmY,CAC5B,CAEA,IACA,KACQ2qC,EAAcM,EAAYvV,WAC1BuV,EAAYvV,UAAY,IAChC,IACA,CAEA,CAEI,GAAImV,EAA2Bv/D,OAAS,EAAG,CAEzC,GAAIu/D,EAA2Bv/D,OAAS,EAAG,CACzC,MAAMigE,EAAO,IAAIlsD,IACjBwrD,EAA6BA,EAA2B52D,QAAOu3D,IAC7D,MAAMtoD,EAAIsoD,EAAK7V,oBAAsBn1C,EAAKoD,mBAAmB4nD,EAAKzT,YAClE,OAAIwT,EAAK79D,IAAIwV,KAGbqoD,EAAK59D,IAAIuV,IACF,EAAI,GAErB,CAEM,OAAO2nD,EAA2Bx8D,KAAIgK,IAAW,CAC/C9H,KAAM8H,EAAO0/C,WACbzY,UAAWjnC,EAAOs9C,qBAAuBxhD,EAAMpI,KAAKoI,EAAMoC,UAAW8B,EAAOs9C,wBAEpF,CACI,MAAM9tC,GAAiB5c,MAAM,iCACjC,CAME,cAAAwgE,GACE,MACMjyD,EADM9P,KAAKqgE,mBACGvX,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQqzC,YAAe,IAC9C,CAME,WAAAG,GACE,MACMxzC,EADM9P,KAAKqgE,mBACGvX,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQwzC,eAAkB,IACjD,CAME,OAAAJ,GACE,MACMpzC,EADM9P,KAAKqgE,mBACGvX,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAIS,EACKA,EAAQozC,UAEV,IACX,CAWE,+BAAa0M,CAAmBoS,EAAiB,GAAIjf,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIzrD,EAASsD,GAC7F,MAAM++B,cAAEA,EAAa0rB,SAAEA,SPlIpB3/D,eAAuCo0C,EAAO,GAAIqM,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIzrD,EAASsD,GACjG,MAAM0qD,QAAiBhiE,QAAQ4E,IAAI4xC,EAAK/xC,KAAI,CAACgM,EAAK7O,IAAM6O,EAAIglD,wBAAwB5S,EAAM4c,EAAQ79D,GAAIoS,MAKtG,GAJiBwiC,EAAK90C,OACpBsgE,EAAS5lC,OAAM6lC,GAAWA,EAAQ7vD,UAAa6vD,EAAQ7vD,SAAS,GAAK7H,EAAM6H,SAAS0B,UACpFE,EAAOI,YAEK,CACZ,MAAM8tD,EAAqB,CAAE7rB,cAAe9rC,EAAMoC,UAAUK,OAAQ+0D,SAAUx3D,EAAM6D,KAAKE,KACnF6zD,EAAsB,CAC1B,CAAE9rB,cAAeriC,EAAOE,4BAA6B6tD,SAAU/tD,EAAOM,wBACtE,CAAE+hC,cAAeriC,EAAOE,4BAA6B6tD,SAAUx3D,EAAM6D,KAAKE,KAC1E,CAAE+nC,cAAe9rC,EAAMoC,UAAUK,OAAQ+0D,SAAU/tD,EAAOM,yBAE5D,IAAK,MAAM8tD,KAAsBD,EAC/B,GAAIH,EAAS5lC,OAAM6lC,GAAWA,EAAQxvD,uBAAyBwvD,EAAQxvD,sBAAsBjO,MAC3F69D,GAAeA,EAAY,KAAOD,EAAmB/rB,eAAiBgsB,EAAY,KAAOD,EAAmBL,aAE5G,OAAOK,EAGX,OAAOF,CACX,CACE,MAAMI,EAAiB/3D,EAAMoC,UAAUK,OACjCu1D,EAAiBvuD,EAAOE,4BAC9B,MAAO,CACLmiC,cAAe2rB,EAAS5lC,OAAM6lC,GAAWA,EAAQ1wD,8BAAgC0wD,EAAQ1wD,6BAA6B0N,SAASsjD,KAC7HA,EACAD,EACFP,cAAU7/D,EAEd,COoG8CsgE,CAAwBV,EAAgBjf,EAAM4c,EAASzrD,GAC3FyuD,EAAoBl4D,EAAMpI,KAAKoI,EAAMoC,UAAW0pC,GAChDqsB,EAAeX,EAAWx3D,EAAMpI,KAAKoI,EAAM6D,KAAM2zD,QAAY7/D,QAE7DlC,QAAQ4E,IAAIk9D,EAAer9D,KAAIgM,GAAOA,EAAIgrD,mBAC7Ct7D,OAAM,IAAM,OACZwC,MAAKggE,IACJ,GAAIA,IAAaA,EAAS5S,UAAUra,YAAcnrC,EAAMsB,UAAUW,QAAUm2D,EAAS5S,UAAUra,YAAcnrC,EAAMsB,UAAUY,QAC1Hi2D,IAAiB9rD,EAAK2H,MAAM83B,GAC7B,MAAUh1C,MAAM,2MAC1B,OAKI,MAAO,CAAEsF,KADcuV,GAAOwzC,mBAAmBrZ,GAClBX,UAAW+sB,EAAmB/W,cAAegX,EAChF,CAeE,aAAM50C,CAAQg0C,EAAgBxB,EAAWnS,EAAYnK,GAAW,EAAO4e,EAAmB,GAAI/f,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIzrD,EAASsD,GACtI,GAAI62C,GACF,IAAKv3C,EAAKtV,aAAa6sD,EAAWxnD,QAAUiQ,EAAKC,SAASs3C,EAAWzY,WACnE,MAAUr0C,MAAM,4CAEb,GAAIygE,GAAkBA,EAAepgE,OAC1CysD,QAAmB6R,GAAQtQ,mBAAmBoS,EAAgBjf,EAAM4c,EAASzrD,OACxE,KAAIssD,IAAaA,EAAU5+D,OAGhC,MAAUL,MAAM,gDAFhB8sD,QAAmB6R,GAAQtQ,wBAAmBxtD,OAAWA,OAAWA,EAAW8R,EAGrF,CAEI,MAAQrN,KAAM0oD,EAAgB3Z,UAAWorB,EAAepV,cAAemX,GAAsB1U,EAEvF7iC,QAAY00C,GAAQ8C,kBAAkBzT,EAAgByR,EAAe+B,EAAmBf,EAAgBxB,EAAWtc,EAAU4e,EAAkB/f,EAAM4c,EAASzrD,GAE9JysD,EAAqBhV,GAAyChW,WAAW,CAC7EiC,QAASmrB,EAAoB,EAAI,EACjCnX,cAAemX,EAAoBt4D,EAAM1H,MAAM0H,EAAM6D,KAAMy0D,GAAqB,OAElFpC,EAAmB7X,QAAU9oD,KAAK8oD,QAElC,MAAMlT,EAAYnrC,EAAM1H,MAAM0H,EAAMoC,UAAWm0D,GAK/C,aAJML,EAAmB3yC,QAAQ4nB,EAAW2Z,EAAgBr7C,GAE5DsX,EAAIs9B,QAAQhmD,KAAK69D,GACjBA,EAAmB7X,QAAU,IAAIF,GAC1Bp9B,CACX,CAiBE,8BAAaw3C,CAAkB3U,EAAY2S,EAAe+B,EAAmBf,EAAgBxB,EAAWtc,GAAW,EAAO4e,EAAmB,GAAI/f,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIzrD,EAASsD,GACzL,MAAMs8C,EAAa,IAAIlL,GACjB8W,EAAqBj1D,EAAM1H,MAAM0H,EAAMoC,UAAWm0D,GAClDpV,EAAgBmX,GAAqBt4D,EAAM1H,MAAM0H,EAAM6D,KAAMy0D,GAEnE,GAAIf,EAAgB,CAClB,MAAMnE,QAAgB39D,QAAQ4E,IAAIk9D,EAAer9D,KAAIrC,eAAeyyD,EAAYjzD,GAC9E,MAAM8tC,QAAsBmlB,EAAW4G,iBAAiBmH,EAAiBhhE,GAAIihD,EAAM4c,EAASzrD,GAEtF+uD,EAAgBhV,GAAmCtY,WAAW,CAClEiC,QAASgU,EAAgB,EAAI,EAC7B0C,oBAAqB1e,EAAcqgB,UACnC1B,mBAAoBrK,EACpBmK,aACApC,oBAAqByT,IAKvB,aAFMuD,EAAcj1C,QAAQ4hB,EAAcqgB,kBACnCgT,EAAc5U,WACd4U,CACf,KACMnP,EAAWhxD,QAAQ+6D,EACzB,CACI,GAAI2C,EAAW,CACb,MAAM0C,EAAc5gE,eAAe2tD,EAAWpY,GAC5C,IAEE,aADMoY,EAAU3hC,QAAQupB,GACjB,CACR,CAAC,MAAO3zC,GACP,OAAO,CACjB,CACO,EAEKwuB,EAAM,CAACywC,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB/gE,eAAe+rD,EAAYzY,EAAWgW,EAAe/T,GAC3E,MAAMyrB,EAA+B,IAAI9T,GAA6Bt7C,GAQtE,GAPAovD,EAA6BjV,WAAaA,EAC1CiV,EAA6BrX,oBAAsBrW,EAC/CgW,IACF0X,EAA6B1X,cAAgBA,SAEzC0X,EAA6Bt1C,QAAQ6pB,EAAU3jC,GAEjDA,EAAOmB,uBAAwB,CAEjC,GAA4B,WADNnV,QAAQ4E,IAAI07D,EAAU77D,KAAI4+D,GAAOL,EAAYI,EAA8BC,OACrF55B,OAAOjX,GACjB,OAAO2wC,EAAgBhV,EAAYzY,EAAWiC,EAE1D,CAGQ,cADOyrB,EAA6BjV,WAC7BiV,CACR,EAEKzF,QAAgB39D,QAAQ4E,IAAI07D,EAAU77D,KAAI4+D,GAAOF,EAAgBhV,EAAYqR,EAAoB9T,EAAe2X,MACtHzP,EAAWhxD,QAAQ+6D,EACzB,CAEI,OAAO,IAAIqC,GAAQpM,EACvB,CAgBE,UAAM1zB,CAAKi4B,EAAc,GAAIlD,EAAgB,GAAItmD,EAAY,KAAM20D,EAAgB,GAAIzgB,EAAO,IAAI/qC,KAAQyrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIrxC,EAASsD,GAC7K,MAAMs8C,EAAa,IAAIlL,GAEjB8a,EAAoB1jE,KAAK8oD,QAAQe,WAAWp/C,EAAMkE,OAAOU,aAC/D,IAAKq0D,EACH,MAAUniE,MAAM,mCAGlB,MAAMoiE,QAAyBC,GAAuBF,EAAmBrL,EAAalD,EAAetmD,EAAW20D,EAAezgB,EAAM0gB,EAAgBpO,EAAkB9P,GAAW,EAAOrxC,GACnL2vD,EAA0BF,EAAiBh/D,KAC/C,CAACwjD,EAAiBrmD,IAAMmmD,GAAuBC,oBAAoBC,EAAuB,IAANrmD,KACnFmpB,UAMH,OAJA6oC,EAAWhxD,QAAQ+gE,GACnB/P,EAAWhxD,KAAK4gE,GAChB5P,EAAWhxD,QAAQ6gE,GAEZ,IAAIzD,GAAQpM,EACvB,CAQE,QAAAzJ,CAAS3nC,EAAMxO,EAASsD,GACtB,GAAIkL,IAASjY,EAAM6C,YAAYC,aAC7B,OAAOvN,KAGT,MAAMmqD,EAAa,IAAID,GAAqBh2C,GAC5Ci2C,EAAWvU,UAAYlzB,EACvBynC,EAAWrB,QAAU9oD,KAAK8oD,QAE1B,MAAM+V,EAAa,IAAIjW,GAGvB,OAFAiW,EAAW/7D,KAAKqnD,GAET,IAAI+V,GAAQrB,EACvB,CAgBE,kBAAMiF,CAAazL,EAAc,GAAIlD,EAAgB,GAAItmD,EAAY,KAAM20D,EAAgB,GAAIO,EAAkB,GAAIhhB,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIpa,EAAY,GAAIrxC,EAASsD,GAC7K,MAAMksD,EAAoB1jE,KAAK8oD,QAAQe,WAAWp/C,EAAMkE,OAAOU,aAC/D,IAAKq0D,EACH,MAAUniE,MAAM,mCAElB,OAAO,IAAIsyD,SAAgB+P,GAAuBF,EAAmBrL,EAAalD,EAAetmD,EAAW20D,EAAeO,EAAiBhhB,EAAM4c,EAASpa,GAAW,EAAMrxC,GAChL,CAcE,YAAMysB,CAAOi4B,EAAkB7V,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACzD,MAAMgU,EAAMxrB,KAAKqgE,mBACX2D,EAAkBx4C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3B20D,EAAgBpiE,OAClB,MAAUL,MAAM,yDAEd0gB,EAAqBuJ,EAAIs9B,QAAQ9nD,SACnCwqB,EAAIs9B,QAAQhmD,cAAcof,EAAiBsJ,EAAIs9B,QAAQ9nD,QAAQkrB,GAAKA,GAAK,MAE3E,MAAMo0C,EAAiB90C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOI,kBAAkBkc,UACxEg5C,EAAgBz4C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOE,WAC3D,OAAIyxD,EAAe1+D,SAAWqiE,EAAcriE,QAAUkV,EAAK7V,SAASuqB,EAAIs9B,QAAQ9nD,UAAYihB,EAAqBuJ,EAAIs9B,QAAQ9nD,eACrHd,QAAQ4E,IAAIw7D,EAAe37D,KAAIrC,UACnC+lD,EAAWG,iBAAmB,IAAItoD,SAAQ,CAACC,EAASC,KAClDioD,EAAW6b,wBAA0B/jE,EACrCkoD,EAAW8b,uBAAyB/jE,CAAM,IAE5CioD,EAAW5D,cAAgB4B,GAAiB/jD,gBAAmB+lD,EAAWG,kBAAkB/D,gBAC5F4D,EAAW3qB,OAASxb,QAAuBmmC,EAAW16C,KAAK06C,EAAW/D,cAAe0f,EAAgB,QAAI5hE,GAAW,IACpHimD,EAAW3qB,OAAOr9B,OAAM,QAAS,KAEnCmrB,EAAIs9B,QAAQ9nD,OAAS6gB,EAAqB2J,EAAIs9B,QAAQ9nD,QAAQsB,MAAO4C,EAAUC,KAC7E,MAAMzB,EAASoe,EAAiB5c,GAC1BvE,EAASohB,EAAiB5c,GAChC,IACE,IAAK,IAAIrD,EAAI,EAAGA,EAAIw+D,EAAe1+D,OAAQE,IAAK,CAC9C,MAAQS,MAAOsM,SAAoBnL,EAAOrB,OAC1Ci+D,EAAex+D,GAAGoiE,wBAAwBr1D,EACtD,OACgBnL,EAAOjB,kBACP9B,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,GACPo8D,EAAer+D,SAAQomD,IACrBA,EAAW8b,uBAAuBjgE,EAAE,UAEhCvD,EAAOuC,MAAMgB,EAC7B,KAEakgE,GAA0B9D,EAAgB0D,EAAiBpL,EAAkB7V,GAAM,EAAO7uC,IAE5FkwD,GAA0BH,EAAeD,EAAiBpL,EAAkB7V,GAAM,EAAO7uC,EACpG,CAeE,cAAAmwD,CAAex1D,EAAW+pD,EAAkB7V,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACtE,MACMwsD,EADMhkE,KAAKqgE,mBACWvX,QAAQW,YAAYh/C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3B20D,EAAgBpiE,OAClB,MAAUL,MAAM,yDAGlB,OAAO6iE,GADev1D,EAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACjBm1D,EAAiBpL,EAAkB7V,GAAM,EAAM7uC,EACnG,CAME,gBAAAmsD,GACE,MAAMlW,EAAanqD,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOO,gBACzD,OAAIi7C,EAAWvoD,OACN,IAAIs+D,GAAQ/V,EAAW,GAAGrB,SAE5B9oD,IACX,CAOE,qBAAMskE,CAAgBC,EAAmBrwD,EAASsD,SAC1CxX,KAAK8oD,QAAQzmD,KACjByU,EAAKtV,aAAa+iE,GAAqBA,SAA2BjjD,GAAQijD,IAAoB19D,KAC9Fo5D,GACA/rD,EAEN,CAME,KAAAnR,GACE,OAAO/C,KAAK8oD,QAAQ/lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASsD,GACb,MAAMgtD,EAAiBxkE,KAAK8oD,QAAQ9oD,KAAK8oD,QAAQlnD,OAAS,GAGpD0gB,EAAekiD,EAAe5kE,YAAYoe,MAAQ2tC,GAAyC3tC,IACpE,IAA3BwmD,EAAe5sB,QACf53C,KAAK8oD,QAAQpkD,MAAKiK,GAAUA,EAAO/O,YAAYoe,MAAQqmC,GAAgBrmC,KAA0B,IAAnBrP,EAAOipC,UACvF,OAAOzkC,GAAM1I,EAAM0I,MAAMI,QAASvT,KAAK+C,QAAS,KAAM,KAAM,KAAMuf,EAAcpO,EACpF,EAqBO5R,eAAeshE,GAAuBF,EAAmBrL,EAAalD,EAAgB,GAAItmD,EAAY,KAAM20D,EAAgB,GAAIzgB,EAAO,IAAI/qC,KAAQyrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIza,GAAW,EAAO52B,EAASsD,GAC/O,MAAMs8C,EAAa,IAAIlL,GAGjBtE,EAA2C,OAA3Bof,EAAkB1zD,KACtCvF,EAAMoE,UAAUkB,OAAStF,EAAMoE,UAAUmB,KAa3C,SAXM9P,QAAQ4E,IAAIuzD,EAAY1zD,KAAIrC,MAAOyyD,EAAYjzD,KACnD,MAAM2iE,EAAgBhB,EAAe3hE,GACrC,IAAKizD,EAAWuD,YACd,MAAU/2D,MAAM,gCAElB,MAAMg3D,QAAmBxD,EAAWyD,cAAcgL,EAAc1hE,GAAIihD,EAAM0hB,EAAevwD,GACzF,OAAOghD,GAAsBwO,EAAmBvO,EAAcvzD,OAASuzD,EAAgB,CAACJ,GAAawD,EAAWtI,UAAW,CAAE3L,iBAAiBvB,EAAMsS,EAAkB9P,EAAWza,EAAU52B,EAAO,KAChMrR,MAAKohE,IACPnQ,EAAWhxD,QAAQmhE,EAAc,IAG/Bp1D,EAAW,CACb,MAAM61D,EAAwB71D,EAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACzEilD,EAAWhxD,QAAQ4hE,EACvB,CACE,OAAO5Q,CACT,CAkGOxxD,eAAe8hE,GAA0BH,EAAeD,EAAiBpL,EAAkB7V,EAAO,IAAI/qC,KAAQ8yB,GAAW,EAAO52B,EAASsD,GAC9I,OAAOtX,QAAQ4E,IAAIm/D,EAAc15D,QAAO,SAASsE,GAC/C,MAAO,CAAC,OAAQ,UAAUsQ,SAAS1U,EAAMpI,KAAKoI,EAAMoE,UAAWA,EAAUy1C,eAC7E,IAAK3/C,KAAIrC,eAAeuM,GACpB,OApFJvM,eAAwCuM,EAAWm1D,EAAiBpL,EAAkB7V,EAAO,IAAI/qC,KAAQ8yB,GAAW,EAAO52B,EAASsD,GAClI,IAAIu9C,EACA4P,EAEJ,IAAK,MAAMh0D,KAAOioD,EAAkB,CAClC,MAAMC,EAAaloD,EAAImoD,QAAQjqD,EAAU8C,aACzC,GAAIknD,EAAWj3D,OAAS,EAAG,CACzBmzD,EAAapkD,EACbg0D,EAAuB9L,EAAW,GAClC,KACN,CACA,CAEE,MACM+L,EADqB/1D,aAAqBo5C,GACIp5C,EAAU25C,iBAAmB35C,EAE3Eg2D,EAAc,CAClBjhB,MAAO/0C,EAAU8C,YACjB8gC,SAAU,WACR,IAAKkyB,EACH,MAAUpjE,MAAM,0CAA0CsN,EAAU8C,YAAY65B,eAG5E38B,EAAU8xB,OAAOgkC,EAAqB1U,UAAWphD,EAAUy1C,cAAe0f,EAAgB,GAAIjhB,EAAMjY,EAAU52B,GACpH,MAAMi0C,QAAwByc,EAC9B,GAAID,EAAqBnU,kBAAoBrI,EAAgBtD,QAC3D,MAAUtjD,MAAM,mCAIlB,UACQwzD,EAAWyD,cAAcmM,EAAqBle,WAAY0B,EAAgBtD,aAASziD,EAAW8R,EACrG,CAAC,MAAOhQ,GAKP,IAAIgQ,EAAOqB,+CAAgDrR,EAAEqP,QAAQqM,MAAM,4CAGzE,MAAM1b,QAFA6wD,EAAWyD,cAAcmM,EAAqBle,WAAY1D,OAAM3gD,EAAW8R,EAI3F,CACM,OAAO,CACR,EA1BS,GA2BVrF,UAAW,WACT,MAAMs5C,QAAwByc,EACxB9Q,EAAa,IAAIlL,GAEvB,OADAT,GAAmB2L,EAAWhxD,KAAKqlD,GAC5B,IAAI0L,GAAUC,EACtB,EALU,IAeb,OAHA+Q,EAAYh2D,UAAUxO,OAAM,SAC5BwkE,EAAYpyB,SAASpyC,OAAM,SAEpBwkE,CACT,CAuBWC,CAAyBj2D,EAAWm1D,EAAiBpL,EAAkB7V,EAAMjY,EAAU52B,EAClG,IACA,CCnzBA,MAAMw0C,gBAA+B5xC,EAAK+G,wBAAwB,CAACwmC,KAM5D,MAAM0gB,GAKX,WAAAnlE,CAAYoQ,EAAMnB,GAGhB,GADA7O,KAAKgQ,KAAO8G,EAAK2G,qBAAqBzN,GAAMuP,QAAQ,SAAU,QAC1D1Q,KAAeA,aAAqBglD,IACtC,MAAUtyD,MAAM,2BAElBvB,KAAK6O,UAAYA,GAAa,IAAIglD,GAAU,IAAIjL,GACpD,CAME,gBAAAmL,GACE,MAAMqM,EAAS,GAKf,OAJsBpgE,KAAK6O,UAAUi6C,QACvB7mD,SAAQ,SAAS0M,GAC7ByxD,EAAOt9D,KAAK6L,EAAOgD,YACzB,IACWyuD,CACX,CAgBE,UAAMhgC,CAAKi4B,EAAalD,EAAgB,GAAItmD,EAAY,KAAM20D,EAAgB,GAAIzgB,EAAO,IAAI/qC,KAAQyrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIrxC,EAASsD,GACxK,MAAMksD,EAAoB,IAAI5gB,GAC9B4gB,EAAkBzgB,QAAQjjD,KAAKgQ,MAC/B,MAAMg1D,EAAe,IAAInR,SAAgB+P,GAAuBF,EAAmBrL,EAAalD,EAAetmD,EAAW20D,EAAezgB,EAAM0gB,EAAgBpO,EAAkB9P,GAAW,EAAMrxC,IAClM,OAAO,IAAI6wD,GAAiB/kE,KAAKgQ,KAAMg1D,EAC3C,CAcE,MAAArkC,CAAO+V,EAAMqM,EAAO,IAAI/qC,KAAQ9D,EAASsD,GACvC,MAAMysD,EAAgBjkE,KAAK6O,UAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WAChE60D,EAAoB,IAAI5gB,GAG9B,OADA4gB,EAAkBzgB,QAAQjjD,KAAKgQ,MACxBo0D,GAA0BH,EAAe,CAACP,GAAoBhtB,EAAMqM,GAAM,EAAM7uC,EAC3F,CAME,OAAAgvC,GAEE,OAAOljD,KAAKgQ,KAAKuP,QAAQ,QAAS,KACtC,CAOE,KAAApM,CAAMe,EAASsD,GAEb,MAAMytD,EAAwBjlE,KAAK6O,UAAUi6C,QAAQpkD,MAAKiK,GAA6B,IAAnBA,EAAOipC,UAOrEz2B,EAAO,CACXxT,KAPWs3D,EACXtlE,MAAM6gB,KAAK,IAAI7K,IAAI3V,KAAK6O,UAAUi6C,QAAQnkD,KACxCgK,GAAUlE,EAAMpI,KAAKoI,EAAMkD,KAAMgB,EAAO41C,eAAewD,kBACrDrlD,OACJ,KAIAsN,KAAMhQ,KAAKgQ,KACXnJ,KAAM7G,KAAK6O,UAAUi6C,QAAQ/lD,SAI/B,OAAOoQ,GAAM1I,EAAM0I,MAAMG,OAAQ6N,OAAM/e,OAAWA,OAAWA,EAAW6iE,EAAuB/wD,EACnG,ECsfA,SAASgxD,GAAa3xD,GACpB,KAAMA,aAAmB2sD,IACvB,MAAU3+D,MAAM,kDAEpB,CACA,SAAS4jE,GAAwB5xD,GAC/B,KAAMA,aAAmBwxD,IAAuBxxD,aAAmB2sD,IACjE,MAAU3+D,MAAM,sEAEpB,CACA,SAAS6jE,GAAyBxmC,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUr9B,MAAM,sBAAsBq9B,EAE1C,CACA,MAAMymC,GAA0BvlE,OAAO42C,KAAKl/B,GAAe5V,OAC3D,SAAS0jE,GAAYpxD,GACnB,MAAMqxD,EAAmBzlE,OAAO42C,KAAKxiC,GACrC,GAAIqxD,EAAiB3jE,SAAWyjE,GAC9B,IAAK,MAAMG,KAAaD,EACtB,QAAiCnjE,IAA7BoV,EAAcguD,GAChB,MAAUjkE,MAAM,4BAA4BikE,EAIpD,CAQA,SAASC,GAAQryB,GAIf,OAHIA,IAAUt8B,EAAKrW,QAAQ2yC,KACzBA,EAAQ,CAACA,IAEJA,CACT,CASA9wC,eAAeojE,GAAc7+D,GAE3B,MAAmB,UADAiQ,EAAK7V,SAAS4F,GAExBqb,EAAiBrb,GAEnBA,CACT,CAUA,SAAS8+D,GAAY5jE,EAAQwR,GAC3BxR,EAAO8E,KAAOgb,EAAqBtO,EAAQu1C,QAAQ9nD,QAAQsB,MAAO4C,EAAUC,WACpEwoD,EAAY5rD,EAAO8E,KAAM1B,EAAU,CACvCE,cAAc,IAEhB,MAAM1E,EAASohB,EAAiB5c,GAChC,UAEQ+c,EAAiBhd,GAAUgnB,GAAKA,UAChCvrB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,IAEA,CASA,SAAS0hE,GAAaC,EAAQjnC,EAAQ1qB,GACpC,OAAQ0qB,GACN,IAAK,SACH,OAAOinC,EACT,IAAK,UACH,OAAOA,EAAO1yD,MAAMe,GACtB,IAAK,SACH,OAAO2xD,EAAO9iE,QAChB,QACE,MAAUxB,MAAM,sBAAsBq9B,GAE5C,CC1tBA,SAASxD,GAAOxjB,GACZ,IAAKyP,OAAOy+C,cAAcluD,IAAMA,EAAI,EAChC,MAAUrW,MAAM,kCAAkCqW,EAC1D,CAUA,SAASzN,GAAM2N,KAAM2N,GACjB,MALoBlH,EAKPzG,aAJQrW,YACX,MAAL8c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE3e,YAAYqI,MAIrD,MAAU1G,MAAM,uBANjB,IAAiBgd,EAOpB,GAAIkH,EAAQ7jB,OAAS,IAAM6jB,EAAQtG,SAASrH,EAAElW,QAC1C,MAAUL,MAAM,iCAAiCkkB,oBAA0B3N,EAAElW,SACrF,CAOA,SAAS8jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUtkB,MAAM,oCACpB,GAAIqkB,GAAiBD,EAASG,SAC1B,MAAUvkB,MAAM,wCACxB,CACA,SAASqF,GAAOmf,EAAKJ,GACjBxb,GAAM4b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAInkB,OAASokB,EACb,MAAUzkB,MAAM,yDAAyDykB,EAEjF,CChCO,MAAM5J,GAASklB,GAAoB,iBAAPA,GAAmB,cAAeA,EAC/DA,EAAG/kB,UACH+kB,GAAoB,iBAAPA,GAAmB,gBAAiBA,EAC7CA,OACAl/B,ECUGikB,GAAcF,GAAQ,IAAItF,SAASsF,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAEnEy7D,GAAO,CAACz5C,EAAMnjB,IAAWmjB,GAAS,GAAKnjB,EAAWmjB,IAASnjB,EAE3D68D,GAAO,CAAC15C,EAAMnjB,IAAWmjB,GAAQnjB,EAAWmjB,IAAU,GAAKnjB,IAAY,EACvE6d,GAAmE,KAA5D,IAAIvlB,WAAW,IAAI2e,YAAY,CAAC,YAAa9W,QAAQ;sEASlE,SAAS28D,GAAW9/C,GACvB,IAAK,IAAIrkB,EAAI,EAAGA,EAAIqkB,EAAIvkB,OAAQE,IAC5BqkB,EAAIrkB,IATawqB,EASCnG,EAAIrkB,KATc,GAAM,WAC5CwqB,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAHG,IAACA,CAWzB,CAoEO,SAAS/F,GAAYxM,GACxB,GAAmB,iBAARA,EACP,MAAUxY,MAAM,2CAA2CwY,GAC/D,OAAO,IAAItY,YAAW,IAAIgZ,aAAcE,OAAOZ,GACnD,CAMO,SAASuM,GAAQzf,GAIpB,MAHoB,iBAATA,IACPA,EAAO0f,GAAY1f,IACvByhB,GAAOzhB,GACAA,CACX,CAIO,SAAS+rB,MAAejxB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMyc,EAAI5c,EAAOG,GACjBwmB,GAAO/J,GACPmU,GAAOnU,EAAE3c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMyc,EAAI5c,EAAOG,GACjBgpB,EAAI3oB,IAAIoc,EAAGoU,GACXA,GAAOpU,EAAE3c,MACjB,CACI,OAAOkpB,CACX,CAEO,MAAMo7C,GAET,KAAAtjE,GACI,OAAO5C,KAAKmmE,YACpB,EASO,SAASC,GAAgB96C,GAC5B,MAAMC,EAASC,GAAQF,IAAW/G,OAAO+B,GAAQkF,IAAMhH,SACjDiH,EAAMH,IAIZ,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,IAAMsG,IACdC,CACX,CAoBO,SAAS0R,GAAYopC,EAAc,IACtC,GAAIjqD,IAA4C,mBAA3BA,GAAO0f,gBACxB,OAAO1f,GAAO0f,gBAAgB,IAAIr6B,WAAW4kE,IAGjD,GAAIjqD,IAAwC,mBAAvBA,GAAO6gB,YACxB,OAAO7gB,GAAO6gB,YAAYopC,GAE9B,MAAU9kE,MAAM,yCACpB,CCzKO,MAAM+kE,GAAM,CAAC/nD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,GAAOyG,EAAI6E,EAInCmjD,GAAM,CAAChoD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,EAAMyG,EAAI6E,EAAMtL,EAAIsL,EAKlD,MAAMojD,WAAeN,GACxB,WAAAtmE,CAAYqoB,EAAUhC,EAAWwgD,EAAWz/C,GACxCnnB,QACAG,KAAKioB,SAAWA,EAChBjoB,KAAKimB,UAAYA,EACjBjmB,KAAKymE,UAAYA,EACjBzmE,KAAKgnB,KAAOA,EACZhnB,KAAK8lB,UAAW,EAChB9lB,KAAK4B,OAAS,EACd5B,KAAKgC,IAAM,EACXhC,KAAK6lB,WAAY,EACjB7lB,KAAKsJ,OAAS,IAAI7H,WAAWwmB,GAC7BjoB,KAAK+mB,KAAOV,GAAWrmB,KAAKsJ,OACpC,CACI,MAAAib,CAAO1d,GACH6e,GAAO1lB,MACP,MAAM+mB,KAAEA,EAAIzd,OAAEA,EAAM2e,SAAEA,GAAajoB,KAE7BstB,GADNzmB,EAAOyf,GAAQzf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMsrB,GAAM,CAC1B,MAAMo5C,EAAOj+D,KAAKud,IAAIiC,EAAWjoB,KAAKgC,IAAKsrB,EAAMtrB,GAEjD,GAAI0kE,IAASz+C,EAMb3e,EAAOnH,IAAI0E,EAAKmC,SAAShH,EAAKA,EAAM0kE,GAAO1mE,KAAKgC,KAChDhC,KAAKgC,KAAO0kE,EACZ1kE,GAAO0kE,EACH1mE,KAAKgC,MAAQimB,IACbjoB,KAAKoD,QAAQ2jB,EAAM,GACnB/mB,KAAKgC,IAAM,OAXf,CACI,MAAM2kE,EAAWtgD,GAAWxf,GAC5B,KAAOohB,GAAYqF,EAAMtrB,EAAKA,GAAOimB,EACjCjoB,KAAKoD,QAAQujE,EAAU3kE,EAE3C,CAQA,CAGQ,OAFAhC,KAAK4B,QAAUiF,EAAKjF,OACpB5B,KAAK4mE,aACE5mE,IACf,CACI,UAAA2qB,CAAW5E,GACPL,GAAO1lB,MACP4G,GAAOmf,EAAK/lB,MACZA,KAAK8lB,UAAW,EAIhB,MAAMxc,OAAEA,EAAMyd,KAAEA,EAAIkB,SAAEA,EAAQjB,KAAEA,GAAShnB,KACzC,IAAIgC,IAAEA,GAAQhC,KAEdsJ,EAAOtH,KAAS,IAChBhC,KAAKsJ,OAAON,SAAShH,GAAK0lB,KAAK,GAG3B1nB,KAAKymE,UAAYx+C,EAAWjmB,IAC5BhC,KAAKoD,QAAQ2jB,EAAM,GACnB/kB,EAAM,GAGV,IAAK,IAAIF,EAAIE,EAAKF,EAAImmB,EAAUnmB,IAC5BwH,EAAOxH,GAAK,GApFxB,SAAsBilB,EAAM1c,EAAY9H,EAAOykB,GAC3C,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAazc,EAAY9H,EAAOykB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ9kB,GAAS0kB,EAAQE,GAC9BG,EAAKD,OAAO9kB,EAAQ4kB,GACpBqK,EAAIxK,EAAO,EAAI,EACfsb,EAAItb,EAAO,EAAI,EACrBD,EAAKQ,UAAUld,EAAamnB,EAAGpK,EAAIJ,GACnCD,EAAKQ,UAAUld,EAAai4B,EAAGhb,EAAIN,EACvC,CA6EQF,CAAaC,EAAMkB,EAAW,EAAGf,OAAqB,EAAdlnB,KAAK4B,QAAaolB,GAC1DhnB,KAAKoD,QAAQ2jB,EAAM,GACnB,MAAM8/C,EAAQxgD,GAAWN,GACnBuH,EAAMttB,KAAKimB,UAEjB,GAAIqH,EAAM,EACN,MAAU/rB,MAAM,+CACpB,MAAMwuB,EAASzC,EAAM,EACfnI,EAAQnlB,KAAKmI,MACnB,GAAI4nB,EAAS5K,EAAMvjB,OACf,MAAUL,MAAM,sCACpB,IAAK,IAAIO,EAAI,EAAGA,EAAIiuB,EAAQjuB,IACxB+kE,EAAMt/C,UAAU,EAAIzlB,EAAGqjB,EAAMrjB,GAAIklB,EAC7C,CACI,MAAAxC,GACI,MAAMlb,OAAEA,EAAM2c,UAAEA,GAAcjmB,KAC9BA,KAAK2qB,WAAWrhB,GAChB,MAAMwhB,EAAMxhB,EAAO3G,MAAM,EAAGsjB,GAE5B,OADAjmB,KAAKiJ,UACE6hB,CACf,CACI,UAAAq7C,CAAWW,GACPA,IAAOA,EAAK,IAAI9mE,KAAKJ,aACrBknE,EAAG3kE,OAAOnC,KAAKmI,OACf,MAAM8f,SAAEA,EAAQ3e,OAAEA,EAAM1H,OAAEA,EAAMkkB,SAAEA,EAAQD,UAAEA,EAAS7jB,IAAEA,GAAQhC,KAO/D,OANA8mE,EAAGllE,OAASA,EACZklE,EAAG9kE,IAAMA,EACT8kE,EAAGhhD,SAAWA,EACdghD,EAAGjhD,UAAYA,EACXjkB,EAASqmB,GACT6+C,EAAGx9D,OAAOnH,IAAImH,GACXw9D,CACf,ECtHA,MAAMC,kBAA2B,IAAI3mD,YAAY,CAC7C,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAKlF4mD,kBAA4B,IAAI5mD,YAAY,CAC9C,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAIlF6mD,kBAA2B,IAAI7mD,YAAY,IAC1C,MAAM8mD,WAAeV,GACxB,WAAA5mE,GACIC,MAAM,GAAI,GAAI,GAAG,GAGjBG,KAAKkjC,EAAmB,EAAf8jC,GAAU,GACnBhnE,KAAKo8D,EAAmB,EAAf4K,GAAU,GACnBhnE,KAAKw0C,EAAmB,EAAfwyB,GAAU,GACnBhnE,KAAKgiC,EAAmB,EAAfglC,GAAU,GACnBhnE,KAAKmnE,EAAmB,EAAfH,GAAU,GACnBhnE,KAAKonE,EAAmB,EAAfJ,GAAU,GACnBhnE,KAAKqnE,EAAmB,EAAfL,GAAU,GACnBhnE,KAAKsnE,EAAmB,EAAfN,GAAU,EAC3B,CACI,GAAA7+D,GACI,MAAM+6B,EAAEA,EAACk5B,EAAEA,EAAC5nB,EAAEA,EAACxS,EAAEA,EAACmlC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMtnE,KACnC,MAAO,CAACkjC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,EAAGC,EAAGC,EAAGC,EACrC,CAEI,GAAAnlE,CAAI+gC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,EAAGC,EAAGC,EAAGC,GACrBtnE,KAAKkjC,EAAQ,EAAJA,EACTljC,KAAKo8D,EAAQ,EAAJA,EACTp8D,KAAKw0C,EAAQ,EAAJA,EACTx0C,KAAKgiC,EAAQ,EAAJA,EACThiC,KAAKmnE,EAAQ,EAAJA,EACTnnE,KAAKonE,EAAQ,EAAJA,EACTpnE,KAAKqnE,EAAQ,EAAJA,EACTrnE,KAAKsnE,EAAQ,EAAJA,CACjB,CACI,OAAAlkE,CAAQ2jB,EAAMlO,GAEV,IAAK,IAAI/W,EAAI,EAAGA,EAAI,GAAIA,IAAK+W,GAAU,EACnCouD,GAASnlE,GAAKilB,EAAK0B,UAAU5P,GAAQ,GACzC,IAAK,IAAI/W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAC1B,MAAMylE,EAAMN,GAASnlE,EAAI,IACnB0lE,EAAKP,GAASnlE,EAAI,GAClBomB,EAAK69C,GAAKwB,EAAK,GAAKxB,GAAKwB,EAAK,IAAOA,IAAQ,EAC7Cp/C,EAAK49C,GAAKyB,EAAI,IAAMzB,GAAKyB,EAAI,IAAOA,IAAO,GACjDP,GAASnlE,GAAMqmB,EAAK8+C,GAASnlE,EAAI,GAAKomB,EAAK++C,GAASnlE,EAAI,IAAO,CAC3E,CAEQ,IAAIohC,EAAEA,EAACk5B,EAAEA,EAAC5nB,EAAEA,EAACxS,EAAEA,EAACmlC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMtnE,KACjC,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MACM2qB,EAAM66C,GADGvB,GAAKoB,EAAG,GAAKpB,GAAKoB,EAAG,IAAMpB,GAAKoB,EAAG,KACzBb,GAAIa,EAAGC,EAAGC,GAAKN,GAASjlE,GAAKmlE,GAASnlE,GAAM,EAE/D4qB,GADSq5C,GAAK7iC,EAAG,GAAK6iC,GAAK7iC,EAAG,IAAM6iC,GAAK7iC,EAAG,KAC7BqjC,GAAIrjC,EAAGk5B,EAAG5nB,GAAM,EACrC8yB,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAKnlC,EAAIvV,EAAM,EACfuV,EAAIwS,EACJA,EAAI4nB,EACJA,EAAIl5B,EACJA,EAAKzW,EAAKC,EAAM,CAC5B,CAEQwW,EAAKA,EAAIljC,KAAKkjC,EAAK,EACnBk5B,EAAKA,EAAIp8D,KAAKo8D,EAAK,EACnB5nB,EAAKA,EAAIx0C,KAAKw0C,EAAK,EACnBxS,EAAKA,EAAIhiC,KAAKgiC,EAAK,EACnBmlC,EAAKA,EAAInnE,KAAKmnE,EAAK,EACnBC,EAAKA,EAAIpnE,KAAKonE,EAAK,EACnBC,EAAKA,EAAIrnE,KAAKqnE,EAAK,EACnBC,EAAKA,EAAItnE,KAAKsnE,EAAK,EACnBtnE,KAAKmC,IAAI+gC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,EAAGC,EAAGC,EAAGC,EACtC,CACI,UAAAV,GACIK,GAASv/C,KAAK,EACtB,CACI,OAAAze,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC9BnC,KAAKsJ,OAAOoe,KAAK,EACzB,EAGA,MAAM+/C,WAAeP,GACjB,WAAAtnE,GACIC,QACAG,KAAKkjC,GAAI,WACTljC,KAAKo8D,EAAI,UACTp8D,KAAKw0C,EAAI,UACTx0C,KAAKgiC,GAAI,UACThiC,KAAKmnE,GAAI,QACTnnE,KAAKonE,EAAI,WACTpnE,KAAKqnE,EAAI,WACTrnE,KAAKsnE,GAAI,WACTtnE,KAAKimB,UAAY,EACzB,EAMO,MAAMlY,kBAAyBq4D,IAAgB,IAAM,IAAIc,KAInDh5D,kBAAyBk4D,IAAgB,IAAM,IAAIqB,KCzHzD,MAAMC,WAAaxB,GACtB,WAAAtmE,CAAY+N,EAAMgsB,GACd95B,QACAG,KAAK8lB,UAAW,EAChB9lB,KAAK6lB,WAAY,ELYzB,SAAc2L,GACV,GAAiB,mBAANA,GAAwC,mBAAbA,EAAExM,OACpC,MAAUzjB,MAAM,mDACpB65B,GAAO5J,EAAEvL,WACTmV,GAAO5J,EAAEvJ,SACb,CKhBQ0/C,CAAWh6D,GACX,MAAMgD,EAAM2V,GAAQqT,GAEpB,GADA35B,KAAK4nE,MAAQj6D,EAAKqX,SACe,mBAAtBhlB,KAAK4nE,MAAMrjD,OAClB,MAAUhjB,MAAM,uDACpBvB,KAAKioB,SAAWjoB,KAAK4nE,MAAM3/C,SAC3BjoB,KAAKimB,UAAYjmB,KAAK4nE,MAAM3hD,UAC5B,MAAMgC,EAAWjoB,KAAKioB,SAChB0K,EAAM,IAAIlxB,WAAWwmB,GAE3B0K,EAAIxwB,IAAIwO,EAAI/O,OAASqmB,EAAWta,EAAKqX,SAAST,OAAO5T,GAAK6T,SAAW7T,GACrE,IAAK,IAAI7O,EAAI,EAAGA,EAAI6wB,EAAI/wB,OAAQE,IAC5B6wB,EAAI7wB,IAAM,GACd9B,KAAK4nE,MAAMrjD,OAAOoO,GAElB3yB,KAAK6nE,MAAQl6D,EAAKqX,SAElB,IAAK,IAAIljB,EAAI,EAAGA,EAAI6wB,EAAI/wB,OAAQE,IAC5B6wB,EAAI7wB,IAAM,IACd9B,KAAK6nE,MAAMtjD,OAAOoO,GAClBA,EAAIjL,KAAK,EACjB,CACI,MAAAnD,CAAO1F,GAGH,OAFAipD,GAAa9nE,MACbA,KAAK4nE,MAAMrjD,OAAO1F,GACX7e,IACf,CACI,UAAA2qB,CAAW5E,GACP+hD,GAAa9nE,MACb+nE,GAAYhiD,EAAK/lB,KAAKimB,WACtBjmB,KAAK8lB,UAAW,EAChB9lB,KAAK4nE,MAAMj9C,WAAW5E,GACtB/lB,KAAK6nE,MAAMtjD,OAAOwB,GAClB/lB,KAAK6nE,MAAMl9C,WAAW5E,GACtB/lB,KAAKiJ,SACb,CACI,MAAAub,GACI,MAAMuB,EAAM,IAAItkB,WAAWzB,KAAK6nE,MAAM5hD,WAEtC,OADAjmB,KAAK2qB,WAAW5E,GACTA,CACf,CACI,UAAAogD,CAAWW,GAEPA,IAAOA,EAAKhnE,OAAOklB,OAAOllB,OAAOs7D,eAAep7D,MAAO,CAAA,IACvD,MAAM6nE,MAAEA,EAAKD,MAAEA,EAAK9hD,SAAEA,EAAQD,UAAEA,EAASoC,SAAEA,EAAQhC,UAAEA,GAAcjmB,KAQnE,OANA8mE,EAAGhhD,SAAWA,EACdghD,EAAGjhD,UAAYA,EACfihD,EAAG7+C,SAAWA,EACd6+C,EAAG7gD,UAAYA,EACf6gD,EAAGe,MAAQA,EAAM1B,WAAWW,EAAGe,OAC/Bf,EAAGc,MAAQA,EAAMzB,WAAWW,EAAGc,OACxBd,CACf,CACI,OAAA79D,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAK6nE,MAAM5+D,UACXjJ,KAAK4nE,MAAM3+D,SACnB,EAYO,MAAM++D,GAAO,CAACr6D,EAAMgD,EAAK4C,IAAY,IAAIm0D,GAAK/5D,EAAMgD,GAAK4T,OAAOhR,GAASiR,SAChFwjD,GAAKhjD,OAAS,CAACrX,EAAMgD,IAAQ,IAAI+2D,GAAK/5D,EAAMgD;uEC1E5C,MAAMqpB,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC5B,SAAS1B,GAAQjH,GACpB,OAAQA,aAAa9c,YACX,MAAL8c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE3e,YAAYqI,IAC7D,CACO,SAASqgB,GAAOw5C,GACnB,IAAKt8C,GAAQs8C,GACT,MAAUvgE,MAAM,sBACxB,CACO,SAAS0mE,GAAMC,EAAO3lE,GACzB,GAAqB,kBAAVA,EACP,MAAUhB,MAAM,GAAG2mE,iCAAqC3lE,MAChE,CAEA,MAAM4lE,kBAAwBxoE,MAAM6gB,KAAK,CAAE5e,OAAQ,MAAO,CAACsqB,EAAGpqB,IAAMA,EAAE2e,SAAS,IAAI2nD,SAAS,EAAG,OAIxF,SAASC,GAAWl+D,GACvBme,GAAOne,GAEP,IAAIoP,EAAM,GACV,IAAK,IAAIzX,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAC9ByX,GAAO4uD,GAAMh+D,EAAMrI,IAEvB,OAAOyX,CACX,CACO,SAAS+uD,GAAoBx+C,GAChC,MAAMvQ,EAAMuQ,EAAIrJ,SAAS,IACzB,OAAoB,EAAblH,EAAI3X,OAAa,IAAI2X,EAAQA,CACxC,CACO,SAASgvD,GAAYhvD,GACxB,GAAmB,iBAARA,EACP,MAAUhY,MAAM,mCAAqCgY,GAEzD,OAAO2N,OAAe,KAAR3N,EAAa,IAAM,KAAKA,EAC1C,CAEA,MAAMivD,GAAS,CAAEC,GAAI,GAAI7mC,GAAI,GAAI8mC,GAAI,GAAIC,GAAI,GAAI1vB,GAAI,GAAI2vB,GAAI,KAC7D,SAASC,GAAcC,GACnB,OAAIA,GAAQN,GAAOC,IAAMK,GAAQN,GAAO5mC,GAC7BknC,EAAON,GAAOC,GACrBK,GAAQN,GAAOE,IAAMI,GAAQN,GAAOG,GAC7BG,GAAQN,GAAOE,GAAK,IAC3BI,GAAQN,GAAOvvB,IAAM6vB,GAAQN,GAAOI,GAC7BE,GAAQN,GAAOvvB,GAAK,SAD/B,CAGJ,CAIO,SAAS8vB,GAAWxvD,GACvB,GAAmB,iBAARA,EACP,MAAUhY,MAAM,mCAAqCgY,GACzD,MAAMktB,EAAKltB,EAAI3X,OACTonE,EAAKviC,EAAK,EAChB,GAAIA,EAAK,EACL,MAAUllC,MAAM,0DAA4DklC,GAChF,MAAMzqB,EAAQ,IAAIva,WAAWunE,GAC7B,IAAK,IAAIC,EAAK,EAAGC,EAAK,EAAGD,EAAKD,EAAIC,IAAMC,GAAM,EAAG,CAC7C,MAAMzsC,EAAKosC,GAActvD,EAAIU,WAAWivD,IAClCC,EAAKN,GAActvD,EAAIU,WAAWivD,EAAK,IAC7C,QAAW9mE,IAAPq6B,QAA2Br6B,IAAP+mE,EAAkB,CACtC,MAAML,EAAOvvD,EAAI2vD,GAAM3vD,EAAI2vD,EAAK,GAChC,MAAU3nE,MAAM,+CAAiDunE,EAAO,cAAgBI,EACpG,CACQltD,EAAMitD,GAAW,GAALxsC,EAAU0sC,CAC9B,CACI,OAAOntD,CACX,CAEO,SAASotD,GAAgBj/D,GAC5B,OAAOo+D,GAAYF,GAAWl+D,GAClC,CACO,SAASk/D,GAAgBl/D,GAE5B,OADAme,GAAOne,GACAo+D,GAAYF,GAAW5mE,WAAW+e,KAAKrW,GAAO8gB,WACzD,CACO,SAASq+C,GAAgB1xD,EAAG0V,GAC/B,OAAOy7C,GAAWnxD,EAAE6I,SAAS,IAAI2nD,SAAe,EAAN96C,EAAS,KACvD,CACO,SAASi8C,GAAgB3xD,EAAG0V,GAC/B,OAAOg8C,GAAgB1xD,EAAG0V,GAAKrC,SACnC,CAcO,SAASu+C,GAAYtB,EAAO3uD,EAAKyO,GACpC,IAAI8C,EACJ,GAAmB,iBAARvR,EACP,IACIuR,EAAMi+C,GAAWxvD,EAC7B,CACQ,MAAOrV,GACH,MAAU3C,MAAM,GAAG2mE,oCAAwC3uD,cAAgBrV,IACvF,KAES,KAAIshB,GAAQjM,GAMb,MAAUhY,MAAS2mE,EAAH,qCAHhBp9C,EAAMrpB,WAAW+e,KAAKjH,EAI9B,CACI,MAAM+T,EAAMxC,EAAIlpB,OAChB,GAA8B,iBAAnBomB,GAA+BsF,IAAQtF,EAC9C,MAAUzmB,MAAM,GAAG2mE,cAAkBlgD,gBAA6BsF,KACtE,OAAOxC,CACX,CAIO,SAAS8H,MAAejxB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMyc,EAAI5c,EAAOG,GACjBwmB,GAAO/J,GACPmU,GAAOnU,EAAE3c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMyc,EAAI5c,EAAOG,GACjBgpB,EAAI3oB,IAAIoc,EAAGoU,GACXA,GAAOpU,EAAE3c,MACjB,CACI,OAAOkpB,CACX,CAmBA,MAAM2+C,GAAY7xD,GAAmB,iBAANA,GAAkBoiB,IAAOpiB,EACjD,SAAS8xD,GAAQ9xD,EAAGoO,EAAKtd,GAC5B,OAAO+gE,GAAS7xD,IAAM6xD,GAASzjD,IAAQyjD,GAAS/gE,IAAQsd,GAAOpO,GAAKA,EAAIlP,CAC5E,CAMO,SAASihE,GAASzB,EAAOtwD,EAAGoO,EAAKtd,GAMpC,IAAKghE,GAAQ9xD,EAAGoO,EAAKtd,GACjB,MAAUnH,MAAM,kBAAkB2mE,MAAUliD,YAActd,iBAAmBkP,KAAKA,IAC1F,CAMO,SAASgyD,GAAOhyD,GACnB,IAAI0V,EACJ,IAAKA,EAAM,EAAG1V,EAAIoiB,GAAKpiB,IAAMqiB,GAAK3M,GAAO,GAEzC,OAAOA,CACX,CAmBO,MAAMu8C,GAAWjyD,IAAO6oB,IAAOvZ,OAAOtP,EAAI,IAAMqiB,GAEjD6vC,GAAOjjE,GAAS,IAAIpF,WAAWoF,GAC/BkjE,GAAQ5jD,GAAQ1kB,WAAW+e,KAAK2F,GAQ/B,SAAS6jD,GAAeC,EAASC,EAAUC,GAC9C,GAAuB,iBAAZF,GAAwBA,EAAU,EACzC,MAAU1oE,MAAM,4BACpB,GAAwB,iBAAb2oE,GAAyBA,EAAW,EAC3C,MAAU3oE,MAAM,6BACpB,GAAsB,mBAAX4oE,EACP,MAAU5oE,MAAM,6BAEpB,IAAIsY,EAAIiwD,GAAIG,GACRzwD,EAAIswD,GAAIG,GACRnoE,EAAI,EACR,MAAMsoE,EAAQ,KACVvwD,EAAE6N,KAAK,GACPlO,EAAEkO,KAAK,GACP5lB,EAAI,CAAC,EAEH0vB,EAAI,IAAI1Z,IAAMqyD,EAAO3wD,EAAGK,KAAM/B,GAC9BuyD,EAAS,CAACn/B,EAAO4+B,QAEnBtwD,EAAIgY,EAAEu4C,GAAK,CAAC,IAAQ7+B,GACpBrxB,EAAI2X,IACgB,IAAhB0Z,EAAKtpC,SAET4X,EAAIgY,EAAEu4C,GAAK,CAAC,IAAQ7+B,GACpBrxB,EAAI2X,IAAG,EAEL84C,EAAM,KAER,GAAIxoE,KAAO,IACP,MAAUP,MAAM,2BACpB,IAAI+rB,EAAM,EACV,MAAMvH,EAAM,GACZ,KAAOuH,EAAM48C,GAAU,CACnBrwD,EAAI2X,IACJ,MAAMwvB,EAAKnnC,EAAElX,QACbojB,EAAIjjB,KAAKk+C,GACT1zB,GAAOzT,EAAEjY,MACrB,CACQ,OAAOgxB,MAAe7M,EAAI,EAW9B,MATiB,CAACmlB,EAAMq/B,KAGpB,IAAIz/C,EACJ,IAHAs/C,IACAC,EAAOn/B,KAEEpgB,EAAMy/C,EAAKD,OAChBD,IAEJ,OADAD,IACOt/C,CAAG,CAGlB,CAEA,MAAM0/C,GAAe,CACjBC,OAASC,GAAuB,iBAARA,EACxBC,SAAWD,GAAuB,mBAARA,EAC1BE,QAAUF,GAAuB,kBAARA,EACzBjR,OAASiR,GAAuB,iBAARA,EACxBG,mBAAqBH,GAAuB,iBAARA,GAAoBllD,GAAQklD,GAChE5E,cAAgB4E,GAAQrjD,OAAOy+C,cAAc4E,GAC7C1uD,MAAQ0uD,GAAQ/qE,MAAMc,QAAQiqE,GAC9BI,MAAO,CAACJ,EAAK7E,IAAWA,EAAOkF,GAAGC,QAAQN,GAC1C/8D,KAAO+8D,GAAuB,mBAARA,GAAsBrjD,OAAOy+C,cAAc4E,EAAIzkD,YAGlE,SAASglD,GAAepF,EAAQqF,EAAYC,EAAgB,CAAA,GAC/D,MAAMC,EAAa,CAACC,EAAWp3D,EAAMq3D,KACjC,MAAMC,EAAWf,GAAav2D,GAC9B,GAAwB,mBAAbs3D,EACP,MAAUhqE,MAAM,sBAAsB0S,yBAC1C,MAAMy2D,EAAM7E,EAAOwF,GACnB,KAAIC,QAAsBlpE,IAARsoE,GAEba,EAASb,EAAK7E,IACf,MAAUtkE,MAAM,iBAAwB8pE,EAAPr0D,MAAqB0zD,aAAeA,gBAAkBz2D,IACnG,EAEI,IAAK,MAAOo3D,EAAWp3D,KAASnU,OAAOiI,QAAQmjE,GAC3CE,EAAWC,EAAWp3D,GAAM,GAChC,IAAK,MAAOo3D,EAAWp3D,KAASnU,OAAOiI,QAAQojE,GAC3CC,EAAWC,EAAWp3D,GAAM,GAChC,OAAO4xD,CACX,CAmBO,SAAS2F,GAASvkE,GACrB,MAAMtC,EAAM,IAAI8mE,QAChB,MAAO,CAACC,KAAQnjB,KACZ,MAAMmiB,EAAM/lE,EAAIwD,IAAIujE,GACpB,QAAYtpE,IAARsoE,EACA,OAAOA,EACX,MAAM53B,EAAW7rC,EAAGykE,KAAQnjB,GAE5B,OADA5jD,EAAIxC,IAAIupE,EAAK54B,GACNA,CAAQ,CAEvB,yFAtIO,SAAgBl7B,EAAG5V,GACtB,OAAQ4V,GAAKsP,OAAOllB,GAAQi4B,EAChC,8BAIO,SAAgBriB,EAAG5V,EAAKO,GAC3B,OAAOqV,GAAMrV,EAAQ03B,GAAMD,KAAQ9S,OAAOllB,EAC9C,iHA3DO,SAAoBuc,EAAGzG,GAC1B,GAAIyG,EAAE3c,SAAWkW,EAAElW,OACf,OAAO,EACX,IAAI8kB,EAAO,EACX,IAAK,IAAI5kB,EAAI,EAAGA,EAAIyc,EAAE3c,OAAQE,IAC1B4kB,GAAQnI,EAAEzc,GAAKgW,EAAEhW,GACrB,OAAgB,IAAT4kB,CACX,gFAiK8B,KAC1B,MAAUnlB,MAAM,kBAAkB,kFA/N/B,SAA4BqW,GAC/B,OAAOmxD,GAAWT,GAAoB1wD,GAC1C,cA+DO,SAAqBmC,GACxB,GAAmB,iBAARA,EACP,MAAUxY,MAAM,2CAA2CwY,GAC/D,OAAO,IAAItY,YAAW,IAAIgZ,aAAcE,OAAOZ,GACnD;sEC7JA,MAAMigB,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIykD,GAAMzkD,OAAO,GAEhE0kD,GAAM1kD,OAAO,GAAI2kD,GAAM3kD,OAAO,GAAIuU,GAAMvU,OAAO,GAI9C,SAASiT,GAAI5b,EAAGzG,GACnB,MAAM/V,EAASwc,EAAIzG,EACnB,OAAO/V,GAAUi4B,GAAMj4B,EAAS+V,EAAI/V,CACxC,CAQO,SAAS+pE,GAAIhiD,EAAK+hB,EAAOilB,GAC5B,GAAIA,GAAU92B,IAAO6R,EAAQ7R,GACzB,MAAUz4B,MAAM,6BACpB,GAAIuvD,IAAW72B,GACX,OAAOD,GACX,IAAIlP,EAAMmP,GACV,KAAO4R,EAAQ7R,IACP6R,EAAQ5R,KACRnP,EAAOA,EAAMhB,EAAOgnC,GACxBhnC,EAAOA,EAAMA,EAAOgnC,EACpBjlB,IAAU5R,GAEd,OAAOnP,CACX,CAEO,SAASihD,GAAKtwD,EAAGowB,EAAOilB,GAC3B,IAAIhmC,EAAMrP,EACV,KAAOowB,KAAU7R,IACblP,GAAOA,EACPA,GAAOgmC,EAEX,OAAOhmC,CACX,CAEO,SAASkhD,GAAO5wC,EAAQ01B,GAC3B,GAAI11B,IAAWpB,IAAO82B,GAAU92B,GAC5B,MAAUz4B,MAAM,6CAA6C65B,SAAc01B,KAI/E,IAAIvyC,EAAI4b,GAAIiB,EAAQ01B,GAChBh5C,EAAIg5C,EAEJr1C,EAAIue,GAAcgE,EAAI/D,GAC1B,KAAO1b,IAAMyb,IAAK,CAEd,MACMte,EAAI5D,EAAIyG,EACR+Z,EAAI7c,EAAIuiB,GAFJlmB,EAAIyG,GAKdzG,EAAIyG,EAAGA,EAAI7C,EAAGD,EAAIuiB,EAAUA,EAAI1F,CACxC,CAEI,GADYxgB,IACAmiB,GACR,MAAU14B,MAAM,0BACpB,OAAO44B,GAAI1e,EAAGq1C,EAClB,CAiEO,SAASmb,GAAOC,GAKnB,GAAIA,EAAIN,KAAQD,GAAK,CAKjB,MAAMQ,GAAUD,EAAIjyC,IAAO2xC,GAC3B,OAAO,SAAmBb,EAAInzD,GAC1B,MAAMw0D,EAAOrB,EAAGe,IAAIl0D,EAAGu0D,GAEvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOx0D,GACtB,MAAUrW,MAAM,2BACpB,OAAO6qE,CACV,CACT,CAEI,GAAIF,EAAIzwC,KAAQowC,GAAK,CACjB,MAAM3qC,GAAMgrC,EAAIL,IAAOpwC,GACvB,OAAO,SAAmBsvC,EAAInzD,GAC1B,MAAMuxD,EAAK4B,EAAGj/C,IAAIlU,EAAG6oB,IACf5mB,EAAIkxD,EAAGe,IAAI3C,EAAIjoC,GACfqrC,EAAKxB,EAAGj/C,IAAIlU,EAAGiC,GACf/X,EAAIipE,EAAGj/C,IAAIi/C,EAAGj/C,IAAIygD,EAAI9rC,IAAM5mB,GAC5BuyD,EAAOrB,EAAGj/C,IAAIygD,EAAIxB,EAAGztD,IAAIxb,EAAGipE,EAAGyB,MACrC,IAAKzB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOx0D,GACtB,MAAUrW,MAAM,2BACpB,OAAO6qE,CACV,CACT,CAwBI,OAhHG,SAAuBF,GAM1B,MAAMO,GAAaP,EAAIjyC,IAAOwG,GAC9B,IAAI8Q,EAAG1Z,EAAGsL,EAGV,IAAKoO,EAAI26B,EAAIjyC,GAAKpC,EAAI,EAAG0Z,EAAI9Q,KAAQzG,GAAKuX,GAAK9Q,GAAK5I,KAGpD,IAAKsL,EAAI1C,GAAK0C,EAAI+oC,GAAKJ,GAAI3oC,EAAGspC,EAAWP,KAAOA,EAAIjyC,GAAKkJ,KAGzD,GAAU,IAANtL,EAAS,CACT,MAAMs0C,GAAUD,EAAIjyC,IAAO2xC,GAC3B,OAAO,SAAqBb,EAAInzD,GAC5B,MAAMw0D,EAAOrB,EAAGe,IAAIl0D,EAAGu0D,GACvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOx0D,GACtB,MAAUrW,MAAM,2BACpB,OAAO6qE,CACV,CACT,CAEI,MAAMM,GAAUn7B,EAAItX,IAAOwG,GAC3B,OAAO,SAAqBsqC,EAAInzD,GAE5B,GAAImzD,EAAGe,IAAIl0D,EAAG60D,KAAe1B,EAAG4B,IAAI5B,EAAGyB,KACnC,MAAUjrE,MAAM,2BACpB,IAAIma,EAAImc,EAEJhG,EAAIk5C,EAAGe,IAAIf,EAAGj/C,IAAIi/C,EAAGyB,IAAKrpC,GAAIoO,GAC9B91B,EAAIsvD,EAAGe,IAAIl0D,EAAG80D,GACd50D,EAAIizD,EAAGe,IAAIl0D,EAAG25B,GAClB,MAAQw5B,EAAGsB,IAAIv0D,EAAGizD,EAAGyB,MAAM,CACvB,GAAIzB,EAAGsB,IAAIv0D,EAAGizD,EAAG6B,MACb,OAAO7B,EAAG6B,KAEd,IAAIt0C,EAAI,EACR,IAAK,IAAIlK,EAAK28C,EAAGuB,IAAIx0D,GAAIwgB,EAAI5c,IACrBqvD,EAAGsB,IAAIj+C,EAAI28C,EAAGyB,KADUl0C,IAG5BlK,EAAK28C,EAAGuB,IAAIl+C,GAGhB,MAAMy+C,EAAK9B,EAAGe,IAAIj6C,EAAGoI,IAAO/S,OAAOxL,EAAI4c,EAAI,IAC3CzG,EAAIk5C,EAAGuB,IAAIO,GACXpxD,EAAIsvD,EAAGj/C,IAAIrQ,EAAGoxD,GACd/0D,EAAIizD,EAAGj/C,IAAIhU,EAAG+Z,GACdnW,EAAI4c,CAChB,CACQ,OAAO7c,CACV,CACL,CAyDWqxD,CAAcZ,EACzB,CAtLYhlD,OAAO,GAAWA,OAAO,IA0LrC,MAAM6lD,GAAe,CACjB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAkFrB,SAASC,GAAQp1D,EAAGq1D,GAEvB,MAAMC,OAA6B9qE,IAAf6qE,EAA2BA,EAAar1D,EAAE6I,SAAS,GAAG7e,OAE1E,MAAO,CAAEqrE,WAAYC,EAAaC,YADd1kE,KAAK0Q,KAAK+zD,EAAc,GAEhD,CAgBO,SAASE,GAAMC,EAAOzD,EAAQ5iD,GAAO,EAAOsmD,EAAQ,IACvD,GAAID,GAASrzC,GACT,MAAUz4B,MAAM,iCAAiC8rE,GACrD,MAAQJ,WAAYM,EAAMJ,YAAaK,GAAUR,GAAQK,EAAOzD,GAChE,GAAI4D,EAAQ,KACR,MAAUjsE,MAAM,mDACpB,MAAMksE,EAAQxB,GAAOoB,GACflnC,EAAIrmC,OAAO4tE,OAAO,CACpBL,QACAE,OACAC,QACAG,KAAM9D,GAAQ0D,GACdX,KAAM5yC,GACNwyC,IAAKvyC,GACLjV,OAAS8E,GAAQqQ,GAAIrQ,EAAKujD,GAC1BrC,QAAUlhD,IACN,GAAmB,iBAARA,EACP,MAAUvoB,MAAM,sDAAsDuoB,GAC1E,OAAOkQ,IAAOlQ,GAAOA,EAAMujD,CAAK,EAEpCO,IAAM9jD,GAAQA,IAAQkQ,GACtB6zC,MAAQ/jD,IAASA,EAAMmQ,MAASA,GAChC0yC,IAAM7iD,GAAQqQ,IAAKrQ,EAAKujD,GACxBhB,IAAK,CAACyB,EAAKC,IAAQD,IAAQC,EAC3BzB,IAAMxiD,GAAQqQ,GAAIrQ,EAAMA,EAAKujD,GAC7BppE,IAAK,CAAC6pE,EAAKC,IAAQ5zC,GAAI2zC,EAAMC,EAAKV,GAClC/vD,IAAK,CAACwwD,EAAKC,IAAQ5zC,GAAI2zC,EAAMC,EAAKV,GAClCvhD,IAAK,CAACgiD,EAAKC,IAAQ5zC,GAAI2zC,EAAMC,EAAKV,GAClCvB,IAAK,CAAChiD,EAAK+hB,IA/GZ,SAAe1F,EAAGrc,EAAK+hB,GAG1B,GAAIA,EAAQ7R,GACR,MAAUz4B,MAAM,sBACpB,GAAIsqC,IAAU7R,GACV,OAAOmM,EAAEqmC,IACb,GAAI3gC,IAAU5R,GACV,OAAOnQ,EACX,IAAIsD,EAAI+Y,EAAEqmC,IACNnpD,EAAIyG,EACR,KAAO+hB,EAAQ7R,IACP6R,EAAQ5R,KACR7M,EAAI+Y,EAAEra,IAAIsB,EAAG/J,IACjBA,EAAI8iB,EAAEmmC,IAAIjpD,GACVwoB,IAAU5R,GAEd,OAAO7M,CACX,CA6F6B4gD,CAAM7nC,EAAGrc,EAAK+hB,GACnCoiC,IAAK,CAACH,EAAKC,IAAQ5zC,GAAI2zC,EAAM9B,GAAO+B,EAAKV,GAAQA,GAEjDa,KAAOpkD,GAAQA,EAAMA,EACrBqkD,KAAM,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAM,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAM,CAACP,EAAKC,IAAQD,EAAMC,EAC1BO,IAAMxkD,GAAQkiD,GAAOliD,EAAKujD,GAC1BkB,KAAMjB,EAAMiB,MAAS,CAAC32D,GAAM61D,EAAMtnC,EAAGvuB,IACrC42D,YAAcvvB,GAjGf,SAAuB9Y,EAAGsoC,GAC7B,MAAMhjD,EAAU9rB,MAAM8uE,EAAK7sE,QAErB8sE,EAAiBD,EAAK9kC,QAAO,CAAC6F,EAAK1lB,EAAKhoB,IACtCqkC,EAAEynC,IAAI9jD,GACC0lB,GACX/jB,EAAI3pB,GAAK0tC,EACFrJ,EAAEra,IAAI0jB,EAAK1lB,KACnBqc,EAAEqmC,KAECmC,EAAWxoC,EAAEmoC,IAAII,GAQvB,OANAD,EAAKG,aAAY,CAACp/B,EAAK1lB,EAAKhoB,IACpBqkC,EAAEynC,IAAI9jD,GACC0lB,GACX/jB,EAAI3pB,GAAKqkC,EAAEra,IAAI0jB,EAAK/jB,EAAI3pB,IACjBqkC,EAAEra,IAAI0jB,EAAK1lB,KACnB6kD,GACIljD,CACX,CA8E8BojD,CAAc1oC,EAAG8Y,GAGvC6vB,KAAM,CAACvwD,EAAGzG,EAAGsL,IAAOA,EAAItL,EAAIyG,EAC5B+H,QAAUwD,GAAS9C,EAAOuiD,GAAgBz/C,EAAK0jD,GAASlE,GAAgBx/C,EAAK0jD,GAC7EuB,UAAY5kE,IACR,GAAIA,EAAMvI,SAAW4rE,EACjB,MAAUjsE,MAAM,0BAA0BisE,UAAcrjE,EAAMvI,UAClE,OAAOolB,EAAOqiD,GAAgBl/D,GAASi/D,GAAgBj/D,EAAM,IAGrE,OAAOrK,OAAO4tE,OAAOvnC,EACzB,CAkCO,SAAS6oC,GAAoBC,GAChC,GAA0B,iBAAfA,EACP,MAAU1tE,MAAM,8BACpB,MAAMg6B,EAAY0zC,EAAWxuD,SAAS,GAAG7e,OACzC,OAAO6G,KAAK0Q,KAAKoiB,EAAY,EACjC,CAQO,SAAS2zC,GAAiBD,GAC7B,MAAMrtE,EAASotE,GAAoBC,GACnC,OAAOrtE,EAAS6G,KAAK0Q,KAAKvX,EAAS,EACvC;;AC3YA,MAAMo4B,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAGbioD,GAAmB,IAAI1D,QACvB2D,GAAmB,IAAI3D,QAYtB,SAAS4D,GAAKjsD,EAAGnH,GACpB,MAAMqzD,EAAkB,CAACC,EAAWzN,KAChC,MAAM6K,EAAM7K,EAAK0N,SACjB,OAAOD,EAAY5C,EAAM7K,CAAI,EAE3B2N,EAAa3mD,IACf,IAAKzB,OAAOy+C,cAAch9C,IAAMA,GAAK,GAAKA,EAAI7M,EAC1C,MAAU1a,MAAM,qBAAqBunB,oBAAoB7M,KAAQ,EAEnEyT,EAAQ5G,IACV2mD,EAAU3mD,GAGV,MAAO,CAAEE,QAFOvgB,KAAK0Q,KAAK8C,EAAO6M,GAAK,EAEpBG,WADC,IAAMH,EAAI,GACC,EAElC,MAAO,CACHwmD,kBAEA,YAAAI,CAAahlD,EAAK9S,GACd,IAAIwV,EAAIhK,EAAEwpD,KACNvpD,EAAIqH,EACR,KAAO9S,EAAIoiB,IACHpiB,EAAIqiB,KACJ7M,EAAIA,EAAEnpB,IAAIof,IACdA,EAAIA,EAAEzH,SACNhE,IAAMqiB,GAEV,OAAO7M,CACV,EAWD,gBAAAuiD,CAAiBjlD,EAAK5B,GAClB,MAAME,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GAC/B8mD,EAAS,GACf,IAAIxiD,EAAI1C,EACJmlD,EAAOziD,EACX,IAAK,IAAI0iD,EAAS,EAAGA,EAAS9mD,EAAS8mD,IAAU,CAC7CD,EAAOziD,EACPwiD,EAAO9sE,KAAK+sE,GAEZ,IAAK,IAAI/tE,EAAI,EAAGA,EAAImnB,EAAYnnB,IAC5B+tE,EAAOA,EAAK5rE,IAAImpB,GAChBwiD,EAAO9sE,KAAK+sE,GAEhBziD,EAAIyiD,EAAKj0D,QACzB,CACY,OAAOg0D,CACV,EAQD,IAAAP,CAAKvmD,EAAGinD,EAAan4D,GAGjB,MAAMoR,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GACrC,IAAIsE,EAAIhK,EAAEwpD,KACNzmC,EAAI/iB,EAAE4sD,KACV,MAAMnmD,EAAO3C,OAAO,GAAK4B,EAAI,GACvBmnD,EAAY,GAAKnnD,EACjBonD,EAAUhpD,OAAO4B,GACvB,IAAK,IAAIgnD,EAAS,EAAGA,EAAS9mD,EAAS8mD,IAAU,CAC7C,MAAMj3D,EAASi3D,EAAS7mD,EAExB,IAAI6xB,EAAQzzB,OAAOzP,EAAIiS,GAEvBjS,IAAMs4D,EAGFp1B,EAAQ7xB,IACR6xB,GAASm1B,EACTr4D,GAAKqiB,IAST,MAAMk2C,EAAUt3D,EACVu3D,EAAUv3D,EAASpQ,KAAK+xB,IAAIsgB,GAAS,EACrCu1B,EAAQP,EAAS,GAAM,EACvBQ,EAAQx1B,EAAQ,EACR,IAAVA,EAEA3U,EAAIA,EAAEliC,IAAIqrE,EAAgBe,EAAON,EAAYI,KAG7C/iD,EAAIA,EAAEnpB,IAAIqrE,EAAgBgB,EAAOP,EAAYK,IAEjE,CAMY,MAAO,CAAEhjD,IAAG+Y,IACf,EACD,UAAAoqC,CAAWrE,EAAGt0D,EAAGhT,GACb,MAAMkkB,EAAIsmD,GAAiBjnE,IAAI+jE,IAAM,EAErC,IAAIsE,EAAOrB,GAAiBhnE,IAAI+jE,GAMhC,OALKsE,IACDA,EAAOxwE,KAAK2vE,iBAAiBzD,EAAGpjD,GACtB,IAANA,GACAqmD,GAAiBhtE,IAAI+pE,EAAGtnE,EAAU4rE,KAEnCxwE,KAAKqvE,KAAKvmD,EAAG0nD,EAAM54D,EAC7B,EAID,aAAA64D,CAAcvE,EAAGpjD,GACb2mD,EAAU3mD,GACVsmD,GAAiBjtE,IAAI+pE,EAAGpjD,GACxBqmD,GAAiBuB,OAAOxE,EAC3B,EAET,CAYO,SAASyE,GAAUvtD,EAAG0nD,EAAO8E,EAAQgB,GAOxC,IAAKjxE,MAAMc,QAAQmvE,KAAYjwE,MAAMc,QAAQmwE,IAAYA,EAAQhvE,SAAWguE,EAAOhuE,OAC/E,MAAUL,MAAM,uDACpBqvE,EAAQ3uE,SAAQ,CAAC2X,EAAG9X,KAChB,IAAKgpE,EAAME,QAAQpxD,GACf,MAAUrY,MAAM,yBAAyBO,EAAI,IAErD8tE,EAAO3tE,SAAQ,CAACmrB,EAAGtrB,KACf,KAAMsrB,aAAahK,GACf,MAAU7hB,MAAM,wBAAwBO,EAAI,IAEpD,MAAMg5C,EAAQ8uB,GAAO1iD,OAAO0oD,EAAOhuE,SAC7BqnB,EAAa6xB,EAAQ,GAAKA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAI,EAC1E6yB,GAAQ,GAAK1kD,GAAc,EAC3B4nD,EAAclxE,MAAMguE,EAAO,GAAGjmD,KAAKtE,EAAEwpD,MACrCkE,EAAWroE,KAAK2P,OAAO0yD,EAAMyC,KAAO,GAAKtkD,GAAcA,EAC7D,IAAIyJ,EAAMtP,EAAEwpD,KACZ,IAAK,IAAI9qE,EAAIgvE,EAAUhvE,GAAK,EAAGA,GAAKmnB,EAAY,CAC5C4nD,EAAQnpD,KAAKtE,EAAEwpD,MACf,IAAK,IAAIxyD,EAAI,EAAGA,EAAIw2D,EAAQhvE,OAAQwY,IAAK,CACrC,MAAM22D,EAASH,EAAQx2D,GACjB0gC,EAAQzzB,OAAQ0pD,GAAU7pD,OAAOplB,GAAMolB,OAAOymD,IACpDkD,EAAQ/1B,GAAS+1B,EAAQ/1B,GAAO72C,IAAI2rE,EAAOx1D,GACvD,CACQ,IAAI42D,EAAO5tD,EAAEwpD,KAEb,IAAK,IAAIxyD,EAAIy2D,EAAQjvE,OAAS,EAAGqvE,EAAO7tD,EAAEwpD,KAAMxyD,EAAI,EAAGA,IACnD62D,EAAOA,EAAKhtE,IAAI4sE,EAAQz2D,IACxB42D,EAAOA,EAAK/sE,IAAIgtE,GAGpB,GADAv+C,EAAMA,EAAIzuB,IAAI+sE,GACJ,IAANlvE,EACA,IAAK,IAAIsY,EAAI,EAAGA,EAAI6O,EAAY7O,IAC5BsY,EAAMA,EAAI9W,QAC1B,CACI,OAAO8W,CACX,CACO,SAASw+C,GAAcxmE,GAY1B,ODROugE,GCHOvgE,EAAMqgE,GDDPgC,GAAapjC,QAAO,CAAChlC,EAAK+lE,KACnC/lE,EAAI+lE,GAAO,WACJ/lE,IARK,CACZ0oE,MAAO,SACPM,KAAM,SACNH,MAAO,gBACPD,KAAM,mBCIVtC,GAAevgE,EAAO,CAClBkN,EAAG,SACH4Z,EAAG,SACH2/C,GAAI,QACJC,GAAI,SACL,CACCnE,WAAY,gBACZE,YAAa,kBAGVrtE,OAAO4tE,OAAO,IACdV,GAAQtiE,EAAMkN,EAAGlN,EAAMuiE,eACvBviE,EACE0iB,EAAG1iB,EAAMqgE,GAAGsC,OAEzB;sECzNA,SAASgE,GAAmB3hD,QACNttB,IAAdstB,EAAK4iB,MACL21B,GAAM,OAAQv4C,EAAK4iB,WACFlwC,IAAjBstB,EAAK4hD,SACLrJ,GAAM,UAAWv4C,EAAK4hD,QAC9B,CA4BA,MAAQlI,gBAAiBmI,GAAKxI,WAAYyI,IAAQC,GAQrCC,GAAM,CAEfC,IAAK,cAAqBpwE,MACtB,WAAA3B,CAAY04B,EAAI,IACZz4B,MAAMy4B,EAClB,GAGIs5C,KAAM,CACFj3D,OAAQ,CAACqD,EAAKnX,KACV,MAAQ8qE,IAAKxK,GAAMuK,GACnB,GAAI1zD,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAImpD,EAAE,yBAChB,GAAkB,EAAdtgE,EAAKjF,OACL,MAAM,IAAIulE,EAAE,6BAChB,MAAM0K,EAAUhrE,EAAKjF,OAAS,EACxB0rB,EAAMwkD,GAAuBD,GACnC,GAAKvkD,EAAI1rB,OAAS,EAAK,IACnB,MAAM,IAAIulE,EAAE,wCAEhB,MAAM4K,EAASF,EAAU,IAAMC,GAAwBxkD,EAAI1rB,OAAS,EAAK,KAAO,GAChF,MAAO,GAAGkwE,GAAuB9zD,KAAO+zD,IAASzkD,IAAMzmB,GAAM,EAGjE,MAAAkU,CAAOiD,EAAKnX,GACR,MAAQ8qE,IAAKxK,GAAMuK,GACnB,IAAI1vE,EAAM,EACV,GAAIgc,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAImpD,EAAE,yBAChB,GAAItgE,EAAKjF,OAAS,GAAKiF,EAAK7E,OAAWgc,EACnC,MAAM,IAAImpD,EAAE,yBAChB,MAAM6K,EAAQnrE,EAAK7E,KAEnB,IAAIJ,EAAS,EACb,MAF0B,IAARowE,GAIb,CAED,MAAMD,EAAiB,IAARC,EACf,IAAKD,EACD,MAAM,IAAI5K,EAAE,qDAChB,GAAI4K,EAAS,EACT,MAAM,IAAI5K,EAAE,4CAChB,MAAM8K,EAAcprE,EAAKmC,SAAShH,EAAKA,EAAM+vE,GAC7C,GAAIE,EAAYrwE,SAAWmwE,EACvB,MAAM,IAAI5K,EAAE,yCAChB,GAAuB,IAAnB8K,EAAY,GACZ,MAAM,IAAI9K,EAAE,wCAChB,IAAK,MAAMrvD,KAAKm6D,EACZrwE,EAAUA,GAAU,EAAKkW,EAE7B,GADA9V,GAAO+vE,EACHnwE,EAAS,IACT,MAAM,IAAIulE,EAAE,yCAChC,MAlBgBvlE,EAASowE,EAmBb,MAAMn4D,EAAIhT,EAAKmC,SAAShH,EAAKA,EAAMJ,GACnC,GAAIiY,EAAEjY,SAAWA,EACb,MAAM,IAAIulE,EAAE,kCAChB,MAAO,CAAEttD,IAAGyoB,EAAGz7B,EAAKmC,SAAShH,EAAMJ,GACtC,GAMLswE,KAAM,CACF,MAAAv3D,CAAOmP,GACH,MAAQ6nD,IAAKxK,GAAMuK,GACnB,GAAI5nD,EAAMkQ,GACN,MAAM,IAAImtC,EAAE,8CAChB,IAAI5tD,EAAMu4D,GAAuBhoD,GAIjC,GAFkC,EAA9BzC,OAAO5N,SAASF,EAAI,GAAI,MACxBA,EAAM,KAAOA,GACA,EAAbA,EAAI3X,OACJ,MAAM,IAAIulE,EAAE,wBAChB,OAAO5tD,CACV,EACD,MAAAwB,CAAOlU,GACH,MAAQ8qE,IAAKxK,GAAMuK,GACnB,GAAc,IAAV7qE,EAAK,GACL,MAAM,IAAIsgE,EAAE,uCAChB,GAAgB,IAAZtgE,EAAK,MAA2B,IAAVA,EAAK,IAC3B,MAAM,IAAIsgE,EAAE,uDAChB,OAAOoK,GAAI1qE,EACd,GAEL,KAAAsrE,CAAM54D,GAEF,MAAQo4D,IAAKxK,EAAG+K,KAAME,EAAKR,KAAMS,GAAQX,GACnC7qE,EAAsB,iBAAR0S,EAAmBi4D,GAAIj4D,GAAOA,EAClD+4D,GAAUzrE,GACV,MAAQgT,EAAG04D,EAAUjwC,EAAGkwC,GAAiBH,EAAIt3D,OAAO,GAAMlU,GAC1D,GAAI2rE,EAAa5wE,OACb,MAAM,IAAIulE,EAAE,+CAChB,MAAQttD,EAAG44D,EAAQnwC,EAAGowC,GAAeL,EAAIt3D,OAAO,EAAMw3D,IAC9C14D,EAAG84D,EAAQrwC,EAAGswC,GAAeP,EAAIt3D,OAAO,EAAM23D,GACtD,GAAIE,EAAWhxE,OACX,MAAM,IAAIulE,EAAE,+CAChB,MAAO,CAAEzrD,EAAG02D,EAAIr3D,OAAO03D,GAAS74D,EAAGw4D,EAAIr3D,OAAO43D,GACjD,EACD,UAAAE,CAAW9nC,GACP,MAAQ6mC,KAAMS,EAAKH,KAAME,GAAQV,GAC3BoB,EAAM,GAAGT,EAAI13D,OAAO,EAAMy3D,EAAIz3D,OAAOowB,EAAIrvB,MAAM22D,EAAI13D,OAAO,EAAMy3D,EAAIz3D,OAAOowB,EAAInxB,MACrF,OAAOy4D,EAAI13D,OAAO,GAAMm4D,EAC3B,GAIC94C,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAUA,OAAO,GAAG,MAACykD,GAAMzkD,OAAO,GAC/D,SAAS6rD,GAAkBrjD,GAC9B,MAAMsjD,EAjJV,SAA2BtoE,GACvB,MAAMglB,EAAOwhD,GAAcxmE,GAC3BuoE,GAAkBvjD,EAAM,CACpBnR,EAAG,QACHzG,EAAG,SACJ,CACCo7D,yBAA0B,QAC1BC,eAAgB,UAChBC,cAAe,WACfC,cAAe,WACfC,mBAAoB,UACpBvE,UAAW,WACXzoD,QAAS,aAEb,MAAMitD,KAAEA,EAAIxI,GAAEA,EAAExsD,EAAEA,GAAMmR,EACxB,GAAI6jD,EAAM,CACN,IAAKxI,EAAGsB,IAAI9tD,EAAGwsD,EAAG6B,MACd,MAAUrrE,MAAM,qEAEpB,GAAoB,iBAATgyE,GACc,iBAAdA,EAAKC,MACgB,mBAArBD,EAAKE,YACZ,MAAUlyE,MAAM,oEAE5B,CACI,OAAOzB,OAAO4tE,OAAO,IAAKh+C,GAC9B,CAuHkBgkD,CAAkBhkD,IAC1Bq7C,GAAEA,GAAOiI,EACTW,EAAKC,GAAUZ,EAAMp7D,EAAGo7D,EAAM/F,YAC9B3mD,EAAU0sD,EAAM1sD,SAC1B,EAAU62B,EAAI02B,EAAOC,KACT,MAAMv1D,EAAIs1D,EAAME,WAChB,OAAOC,GAAevyE,WAAW+e,KAAK,CAAC,IAAQuqD,EAAGzkD,QAAQ/H,EAAE9C,GAAIsvD,EAAGzkD,QAAQ/H,EAAEsc,GAChF,GACCk0C,EAAYiE,EAAMjE,WACnB,CAAC5kE,IAEE,MAAMkb,EAAOlb,EAAMnB,SAAS,GAI5B,MAAO,CAAEyS,EAFCsvD,EAAGgE,UAAU1pD,EAAKrc,SAAS,EAAG+hE,EAAGyC,QAE/B3yC,EADFkwC,EAAGgE,UAAU1pD,EAAKrc,SAAS+hE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEzD,GAKL,SAASyG,EAAoBx4D,GACzB,MAAM8C,EAAEA,EAACzG,EAAEA,GAAMk7D,EACXkB,EAAKnJ,EAAGuB,IAAI7wD,GACZ04D,EAAKpJ,EAAGj/C,IAAIooD,EAAIz4D,GACtB,OAAOsvD,EAAG9mE,IAAI8mE,EAAG9mE,IAAIkwE,EAAIpJ,EAAGj/C,IAAIrQ,EAAG8C,IAAKzG,EAChD,CAKI,IAAKizD,EAAGsB,IAAItB,EAAGuB,IAAI0G,EAAM5B,IAAK6C,EAAoBjB,EAAM7B,KACpD,MAAU5vE,MAAM,+CAOpB,SAAS6yE,EAAuBzjE,GAC5B,MAAQuiE,yBAA0BztD,EAAO0nD,YAAEA,EAAWgG,eAAEA,EAAgBv7D,EAAGy8D,GAAMrB,EACjF,GAAIvtD,GAA0B,iBAAR9U,EAAkB,CAIpC,GAHI2jE,GAAW3jE,KACXA,EAAM4jE,GAAc5jE,IAEL,iBAARA,IAAqB8U,EAAQtG,SAASxO,EAAI/O,QACjD,MAAUL,MAAM,eACpBoP,EAAMA,EAAIy3D,SAAuB,EAAd+E,EAAiB,IAChD,CACQ,IAAIrjD,EACJ,IACIA,EACmB,iBAARnZ,EACDA,EACA6jE,GAAmBhL,GAAY,cAAe74D,EAAKw8D,GACzE,CACQ,MAAOzmE,GACH,MAAUnF,MAAM,uBAAuB4rE,sCAAgDx8D,IACnG,CAIQ,OAHIwiE,IACArpD,EAAM2qD,GAAQ3qD,EAAKuqD,IACvBK,GAAY,cAAe5qD,EAAKmQ,GAAKo6C,GAC9BvqD,CACf,CACI,SAAS6qD,EAAe/jB,GACpB,KAAMA,aAAiBgkB,GACnB,MAAUrzE,MAAM,2BAC5B,CAKI,MAAMszE,EAAerJ,IAAS,CAACp+C,EAAG0nD,KAC9B,MAAQC,GAAIt5D,EAAGu5D,GAAIn6C,EAAGo6C,GAAI/uC,GAAM9Y,EAEhC,GAAI29C,EAAGsB,IAAInmC,EAAG6kC,EAAGyB,KACb,MAAO,CAAE/wD,IAAGof,KAChB,MAAM+yC,EAAMxgD,EAAEwgD,MAGJ,MAANkH,IACAA,EAAKlH,EAAM7C,EAAGyB,IAAMzB,EAAGuD,IAAIpoC,IAC/B,MAAMgvC,EAAKnK,EAAGj/C,IAAIrQ,EAAGq5D,GACfK,EAAKpK,EAAGj/C,IAAI+O,EAAGi6C,GACfM,EAAKrK,EAAGj/C,IAAIoa,EAAG4uC,GACrB,GAAIlH,EACA,MAAO,CAAEnyD,EAAGsvD,EAAG6B,KAAM/xC,EAAGkwC,EAAG6B,MAC/B,IAAK7B,EAAGsB,IAAI+I,EAAIrK,EAAGyB,KACf,MAAUjrE,MAAM,oBACpB,MAAO,CAAEka,EAAGy5D,EAAIr6C,EAAGs6C,EAAI,IAIrBE,EAAkB7J,IAAUp+C,IAC9B,GAAIA,EAAEwgD,MAAO,CAIT,GAAIoF,EAAMM,qBAAuBvI,EAAG6C,IAAIxgD,EAAE4nD,IACtC,OACJ,MAAUzzE,MAAM,kBAC5B,CAEQ,MAAMka,EAAEA,EAACof,EAAEA,GAAMzN,EAAE2mD,WAEnB,IAAKhJ,EAAGC,QAAQvvD,KAAOsvD,EAAGC,QAAQnwC,GAC9B,MAAUt5B,MAAM,4BACpB,MAAMkpB,EAAOsgD,EAAGuB,IAAIzxC,GACdy6C,EAAQrB,EAAoBx4D,GAClC,IAAKsvD,EAAGsB,IAAI5hD,EAAM6qD,GACd,MAAU/zE,MAAM,qCACpB,IAAK6rB,EAAEgmD,gBACH,MAAU7xE,MAAM,0CACpB,OAAO,CAAI,IAOf,MAAMqzE,EACF,WAAAh1E,CAAYm1E,EAAIC,EAAIC,GAIhB,GAHAj1E,KAAK+0E,GAAKA,EACV/0E,KAAKg1E,GAAKA,EACVh1E,KAAKi1E,GAAKA,EACA,MAANF,IAAehK,EAAGC,QAAQ+J,GAC1B,MAAUxzE,MAAM,cACpB,GAAU,MAANyzE,IAAejK,EAAGC,QAAQgK,GAC1B,MAAUzzE,MAAM,cACpB,GAAU,MAAN0zE,IAAelK,EAAGC,QAAQiK,GAC1B,MAAU1zE,MAAM,cACpBzB,OAAO4tE,OAAO1tE,KAC1B,CAGQ,iBAAOu1E,CAAWnoD,GACd,MAAM3R,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EACxB,IAAKA,IAAM29C,EAAGC,QAAQvvD,KAAOsvD,EAAGC,QAAQnwC,GACpC,MAAUt5B,MAAM,wBACpB,GAAI6rB,aAAawnD,EACb,MAAUrzE,MAAM,gCACpB,MAAMqsE,EAAO9rE,GAAMipE,EAAGsB,IAAIvqE,EAAGipE,EAAG6B,MAEhC,OAAIgB,EAAInyD,IAAMmyD,EAAI/yC,GACP+5C,EAAMhI,KACV,IAAIgI,EAAMn5D,EAAGof,EAAGkwC,EAAGyB,IACtC,CACQ,KAAI/wD,GACA,OAAOzb,KAAK+zE,WAAWt4D,CACnC,CACQ,KAAIof,GACA,OAAO76B,KAAK+zE,WAAWl5C,CACnC,CAOQ,iBAAO26C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOjrE,KAAKyoB,GAAMA,EAAE6nD,MACjD,OAAOrF,EAAOjrE,KAAI,CAACyoB,EAAGtrB,IAAMsrB,EAAE2mD,SAAS0B,EAAM3zE,MAAK6C,IAAIiwE,EAAMW,WACxE,CAKQ,cAAOG,CAAQn8D,GACX,MAAM2yD,EAAI0I,EAAMW,WAAWxG,EAAUvF,GAAY,WAAYjwD,KAE7D,OADA2yD,EAAEyJ,iBACKzJ,CACnB,CAEQ,qBAAO0J,CAAepiE,GAClB,OAAOohE,EAAM5E,KAAK6F,SAASzB,EAAuB5gE,GAC9D,CAEQ,UAAOsiE,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAe9sD,GACX+sD,EAAKvF,cAAczwE,KAAMipB,EACrC,CAEQ,cAAA0sD,GACIN,EAAgBr1E,KAC5B,CACQ,QAAAi2E,GACI,MAAMp7C,EAAEA,GAAM76B,KAAK+zE,WACnB,GAAIhJ,EAAG8C,MACH,OAAQ9C,EAAG8C,MAAMhzC,GACrB,MAAUt5B,MAAM,8BAC5B,CAIQ,MAAAoiD,CAAOiN,GACH+jB,EAAe/jB,GACf,MAAQmkB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOp2E,MAC3B+0E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAO3lB,EAC7B4lB,EAAKzL,EAAGsB,IAAItB,EAAGj/C,IAAIoqD,EAAIK,GAAKxL,EAAGj/C,IAAIuqD,EAAID,IACvCK,EAAK1L,EAAGsB,IAAItB,EAAGj/C,IAAIqqD,EAAII,GAAKxL,EAAGj/C,IAAIwqD,EAAIF,IAC7C,OAAOI,GAAMC,CACzB,CAIQ,MAAAjH,GACI,OAAO,IAAIoF,EAAM50E,KAAK+0E,GAAIhK,EAAG4B,IAAI3sE,KAAKg1E,IAAKh1E,KAAKi1E,GAC5D,CAKQ,MAAAr5D,GACI,MAAM2C,EAAEA,EAACzG,EAAEA,GAAMk7D,EACX7tC,EAAK4lC,EAAGj/C,IAAIhU,EAAG6zD,KACboJ,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOp2E,KACnC,IAAI02E,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACpC1+C,EAAK68C,EAAGj/C,IAAIoqD,EAAIA,GAChB/nD,EAAK48C,EAAGj/C,IAAIqqD,EAAIA,GAChB/nD,EAAK28C,EAAGj/C,IAAIsqD,EAAIA,GAChB/nD,EAAK08C,EAAGj/C,IAAIoqD,EAAIC,GA4BpB,OA3BA9nD,EAAK08C,EAAG9mE,IAAIoqB,EAAIA,GAChBuoD,EAAK7L,EAAGj/C,IAAIoqD,EAAIE,GAChBQ,EAAK7L,EAAG9mE,IAAI2yE,EAAIA,GAChBF,EAAK3L,EAAGj/C,IAAIvN,EAAGq4D,GACfD,EAAK5L,EAAGj/C,IAAIqZ,EAAI/W,GAChBuoD,EAAK5L,EAAG9mE,IAAIyyE,EAAIC,GAChBD,EAAK3L,EAAGztD,IAAI6Q,EAAIwoD,GAChBA,EAAK5L,EAAG9mE,IAAIkqB,EAAIwoD,GAChBA,EAAK5L,EAAGj/C,IAAI4qD,EAAIC,GAChBD,EAAK3L,EAAGj/C,IAAIuC,EAAIqoD,GAChBE,EAAK7L,EAAGj/C,IAAIqZ,EAAIyxC,GAChBxoD,EAAK28C,EAAGj/C,IAAIvN,EAAG6P,GACfC,EAAK08C,EAAGztD,IAAI4Q,EAAIE,GAChBC,EAAK08C,EAAGj/C,IAAIvN,EAAG8P,GACfA,EAAK08C,EAAG9mE,IAAIoqB,EAAIuoD,GAChBA,EAAK7L,EAAG9mE,IAAIiqB,EAAIA,GAChBA,EAAK68C,EAAG9mE,IAAI2yE,EAAI1oD,GAChBA,EAAK68C,EAAG9mE,IAAIiqB,EAAIE,GAChBF,EAAK68C,EAAGj/C,IAAIoC,EAAIG,GAChBsoD,EAAK5L,EAAG9mE,IAAI0yE,EAAIzoD,GAChBE,EAAK28C,EAAGj/C,IAAIqqD,EAAIC,GAChBhoD,EAAK28C,EAAG9mE,IAAImqB,EAAIA,GAChBF,EAAK68C,EAAGj/C,IAAIsC,EAAIC,GAChBqoD,EAAK3L,EAAGztD,IAAIo5D,EAAIxoD,GAChB0oD,EAAK7L,EAAGj/C,IAAIsC,EAAID,GAChByoD,EAAK7L,EAAG9mE,IAAI2yE,EAAIA,GAChBA,EAAK7L,EAAG9mE,IAAI2yE,EAAIA,GACT,IAAIhC,EAAM8B,EAAIC,EAAIC,EACrC,CAKQ,GAAA3yE,CAAI2sD,GACA+jB,EAAe/jB,GACf,MAAQmkB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOp2E,MAC3B+0E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAO3lB,EACnC,IAAI8lB,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACxC,MAAMruD,EAAIy0D,EAAMz0D,EACV4mB,EAAK4lC,EAAGj/C,IAAIknD,EAAMl7D,EAAG6zD,IAC3B,IAAIz9C,EAAK68C,EAAGj/C,IAAIoqD,EAAIG,GAChBloD,EAAK48C,EAAGj/C,IAAIqqD,EAAIG,GAChBloD,EAAK28C,EAAGj/C,IAAIsqD,EAAIG,GAChBloD,EAAK08C,EAAG9mE,IAAIiyE,EAAIC,GAChB9yC,EAAK0nC,EAAG9mE,IAAIoyE,EAAIC,GACpBjoD,EAAK08C,EAAGj/C,IAAIuC,EAAIgV,GAChBA,EAAK0nC,EAAG9mE,IAAIiqB,EAAIC,GAChBE,EAAK08C,EAAGztD,IAAI+Q,EAAIgV,GAChBA,EAAK0nC,EAAG9mE,IAAIiyE,EAAIE,GAChB,IAAI9yC,EAAKynC,EAAG9mE,IAAIoyE,EAAIE,GA+BpB,OA9BAlzC,EAAK0nC,EAAGj/C,IAAIuX,EAAIC,GAChBA,EAAKynC,EAAG9mE,IAAIiqB,EAAIE,GAChBiV,EAAK0nC,EAAGztD,IAAI+lB,EAAIC,GAChBA,EAAKynC,EAAG9mE,IAAIkyE,EAAIC,GAChBM,EAAK3L,EAAG9mE,IAAIqyE,EAAIC,GAChBjzC,EAAKynC,EAAGj/C,IAAIwX,EAAIozC,GAChBA,EAAK3L,EAAG9mE,IAAIkqB,EAAIC,GAChBkV,EAAKynC,EAAGztD,IAAIgmB,EAAIozC,GAChBE,EAAK7L,EAAGj/C,IAAIvN,EAAG8kB,GACfqzC,EAAK3L,EAAGj/C,IAAIqZ,EAAI/W,GAChBwoD,EAAK7L,EAAG9mE,IAAIyyE,EAAIE,GAChBF,EAAK3L,EAAGztD,IAAI6Q,EAAIyoD,GAChBA,EAAK7L,EAAG9mE,IAAIkqB,EAAIyoD,GAChBD,EAAK5L,EAAGj/C,IAAI4qD,EAAIE,GAChBzoD,EAAK48C,EAAG9mE,IAAIiqB,EAAIA,GAChBC,EAAK48C,EAAG9mE,IAAIkqB,EAAID,GAChBE,EAAK28C,EAAGj/C,IAAIvN,EAAG6P,GACfiV,EAAK0nC,EAAGj/C,IAAIqZ,EAAI9B,GAChBlV,EAAK48C,EAAG9mE,IAAIkqB,EAAIC,GAChBA,EAAK28C,EAAGztD,IAAI4Q,EAAIE,GAChBA,EAAK28C,EAAGj/C,IAAIvN,EAAG6P,GACfiV,EAAK0nC,EAAG9mE,IAAIo/B,EAAIjV,GAChBF,EAAK68C,EAAGj/C,IAAIqC,EAAIkV,GAChBszC,EAAK5L,EAAG9mE,IAAI0yE,EAAIzoD,GAChBA,EAAK68C,EAAGj/C,IAAIwX,EAAID,GAChBqzC,EAAK3L,EAAGj/C,IAAIuC,EAAIqoD,GAChBA,EAAK3L,EAAGztD,IAAIo5D,EAAIxoD,GAChBA,EAAK68C,EAAGj/C,IAAIuC,EAAIF,GAChByoD,EAAK7L,EAAGj/C,IAAIwX,EAAIszC,GAChBA,EAAK7L,EAAG9mE,IAAI2yE,EAAI1oD,GACT,IAAI0mD,EAAM8B,EAAIC,EAAIC,EACrC,CACQ,QAAAC,CAASjmB,GACL,OAAO5wD,KAAKiE,IAAI2sD,EAAM4e,SAClC,CACQ,GAAA5B,GACI,OAAO5tE,KAAK2jD,OAAOixB,EAAMhI,KACrC,CACQ,IAAAyC,CAAKz3D,GACD,OAAOo+D,EAAKzF,WAAWvwE,KAAM4X,EAAGg9D,EAAMY,WAClD,CAMQ,cAAAsB,CAAeC,GACXrC,GAAY,SAAUqC,EAAI/8C,GAAKg5C,EAAMp7D,GACrC,MAAMwqB,EAAIwyC,EAAMhI,KAChB,GAAImK,IAAO/8C,GACP,OAAOoI,EACX,GAAI20C,IAAO98C,GACP,OAAOj6B,KACX,MAAMuzE,KAAEA,GAASP,EACjB,IAAKO,EACD,OAAOyC,EAAKtG,aAAa1vE,KAAM+2E,GAEnC,IAAIC,MAAEA,EAAKtuD,GAAEA,EAAEuuD,MAAEA,EAAKtuD,GAAEA,GAAO4qD,EAAKE,YAAYsD,GAC5CG,EAAM90C,EACN+0C,EAAM/0C,EACN/e,EAAIrjB,KACR,KAAO0oB,EAAKsR,IAAOrR,EAAKqR,IAChBtR,EAAKuR,KACLi9C,EAAMA,EAAIjzE,IAAIof,IACdsF,EAAKsR,KACLk9C,EAAMA,EAAIlzE,IAAIof,IAClBA,EAAIA,EAAEzH,SACN8M,IAAOuR,GACPtR,IAAOsR,GAOX,OALI+8C,IACAE,EAAMA,EAAI1H,UACVyH,IACAE,EAAMA,EAAI3H,UACd2H,EAAM,IAAIvC,EAAM7J,EAAGj/C,IAAIqrD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IAChDiC,EAAIjzE,IAAIkzE,EAC3B,CAUQ,QAAAtB,CAAS9E,GACL,MAAMwC,KAAEA,EAAM37D,EAAGy8D,GAAMrB,EAEvB,IAAIa,EAAOuD,EACX,GAFA1C,GAAY,SAAU3D,EAAQ92C,GAAKo6C,GAE/Bd,EAAM,CACN,MAAMyD,MAAEA,EAAKtuD,GAAEA,EAAEuuD,MAAEA,EAAKtuD,GAAEA,GAAO4qD,EAAKE,YAAY1C,GAClD,IAAM3jD,EAAG8pD,EAAK/wC,EAAGkxC,GAAQr3E,KAAKqvE,KAAK3mD,IAC7B0E,EAAG+pD,EAAKhxC,EAAGmxC,GAAQt3E,KAAKqvE,KAAK1mD,GACnCuuD,EAAMlB,EAAK1G,gBAAgB0H,EAAOE,GAClCC,EAAMnB,EAAK1G,gBAAgB2H,EAAOE,GAClCA,EAAM,IAAIvC,EAAM7J,EAAGj/C,IAAIqrD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IACvDpB,EAAQqD,EAAIjzE,IAAIkzE,GAChBC,EAAOC,EAAIpzE,IAAIqzE,EAC/B,KACiB,CACD,MAAMlqD,EAAEA,EAAC+Y,EAAEA,GAAMnmC,KAAKqvE,KAAK0B,GAC3B8C,EAAQzmD,EACRgqD,EAAOjxC,CACvB,CAEY,OAAOyuC,EAAMY,WAAW,CAAC3B,EAAOuD,IAAO,EACnD,CAOQ,oBAAAG,CAAqBhmC,EAAGhzB,EAAGzG,GACvB,MAAMuvD,EAAIuN,EAAM5E,KACVlkD,EAAM,CAACogD,EAAG3tD,IACVA,IAAMyb,IAAOzb,IAAM0b,IAAQiyC,EAAEvoB,OAAO0jB,GAA2B6E,EAAE2J,SAASt3D,GAAjC2tD,EAAE4K,eAAev4D,GAC1DmU,EAAM5G,EAAI9rB,KAAMue,GAAGta,IAAI6nB,EAAIylB,EAAGz5B,IACpC,OAAO4a,EAAIk7C,WAAQxrE,EAAYswB,CAC3C,CAIQ,QAAAqhD,CAASe,GACL,OAAOD,EAAa70E,KAAM80E,EACtC,CACQ,aAAA1B,GACI,MAAQ5hD,EAAGgmD,EAAQpE,cAAEA,GAAkBJ,EACvC,GAAIwE,IAAav9C,GACb,OAAO,EACX,GAAIm5C,EACA,OAAOA,EAAcwB,EAAO50E,MAChC,MAAUuB,MAAM,+DAC5B,CACQ,aAAA8xE,GACI,MAAQ7hD,EAAGgmD,EAAQnE,cAAEA,GAAkBL,EACvC,OAAIwE,IAAav9C,GACNj6B,KACPqzE,EACOA,EAAcuB,EAAO50E,MACzBA,KAAK82E,eAAe9D,EAAMxhD,EAC7C,CACQ,UAAAimD,CAAWC,GAAe,GAGtB,OAFAzP,GAAM,eAAgByP,GACtB13E,KAAK21E,iBACErvD,EAAQsuD,EAAO50E,KAAM03E,EACxC,CACQ,KAAAlsC,CAAMksC,GAAe,GAEjB,OADAzP,GAAM,eAAgByP,GACfnD,GAAcv0E,KAAKy3E,WAAWC,GACjD,EAEI9C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIrG,EAAGyB,KAC9CoI,EAAMhI,KAAO,IAAIgI,EAAM7J,EAAG6B,KAAM7B,EAAGyB,IAAKzB,EAAG6B,MAC3C,MAAM+K,EAAQ3E,EAAM/F,WACd+I,EAAO3G,GAAKuF,EAAO5B,EAAMO,KAAO9qE,KAAK0Q,KAAKw+D,EAAQ,GAAKA,GAE7D,MAAO,CACH3E,QACA4E,gBAAiBhD,EACjBR,yBACAH,sBACA4D,mBAnZJ,SAA4B/tD,GACxB,OAAOguD,GAAWhuD,EAAKmQ,GAAK+4C,EAAMp7D,EAC1C,EAmZA,CAqBO,SAASmgE,GAAYC,GACxB,MAAMhF,EArBV,SAAsBtoE,GAClB,MAAMglB,EAAOwhD,GAAcxmE,GAU3B,OATAuoE,GAAkBvjD,EAAM,CACpB/hB,KAAM,OACNq6D,KAAM,WACN/qC,YAAa,YACd,CACCg7C,SAAU,WACVC,cAAe,WACf5lC,KAAM,YAEHxyC,OAAO4tE,OAAO,CAAEp7B,MAAM,KAAS5iB,GAC1C,CASkByoD,CAAaH,IACrBjN,GAAEA,EAAInzD,GAAmBo7D,EACzBoF,EAAgBrN,EAAGyC,MAAQ,EAC3B6K,EAAkB,EAAItN,EAAGyC,MAAQ,EACvC,SAAS8K,EAAK/5D,GACV,OAAOk2D,GAAQl2D,EAAGg6D,EAC1B,CACI,SAASC,EAAKj6D,GACV,OAAOk6D,GAAWl6D,EAAGg6D,EAC7B,CACI,MAAQX,gBAAiBhD,EAAKR,uBAAEA,EAAsBH,oBAAEA,EAAmB4D,mBAAEA,GAAwB9E,GAAkB,IAChHC,EACH,OAAA1sD,CAAQ62B,EAAI02B,EAAO6D,GACf,MAAMn5D,EAAIs1D,EAAME,WACVt4D,EAAIsvD,EAAGzkD,QAAQ/H,EAAE9C,GACjBi9D,EAAM1E,GAEZ,OADA/L,GAAM,eAAgByP,GAClBA,EACOgB,EAAIj3E,WAAW+e,KAAK,CAACqzD,EAAMoC,WAAa,EAAO,IAAQx6D,GAGvDi9D,EAAIj3E,WAAW+e,KAAK,CAAC,IAAQ/E,EAAGsvD,EAAGzkD,QAAQ/H,EAAEsc,GAE3D,EACD,SAAAk0C,CAAU5kE,GACN,MAAMmjB,EAAMnjB,EAAMvI,OACZu9C,EAAOh1C,EAAM,GACbkb,EAAOlb,EAAMnB,SAAS,GAE5B,GAAIskB,IAAQ8qD,GAA2B,IAATj5B,GAA0B,IAATA,EAoB1C,IAAI7xB,IAAQ+qD,GAA4B,IAATl5B,EAAe,CAG/C,MAAO,CAAE1jC,EAFCsvD,EAAGgE,UAAU1pD,EAAKrc,SAAS,EAAG+hE,EAAGyC,QAE/B3yC,EADFkwC,EAAGgE,UAAU1pD,EAAKrc,SAAS+hE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEtE,CAEgB,MAAUjsE,MAAM,mBAAmB+rB,2BAA6B8qD,yBAAqCC,uBACrH,CA3B2E,CAC3D,MAAM58D,EAAI+4D,GAAmBnvD,GAC7B,IAAKyyD,GAAWr8D,EAAGwe,GAAK8wC,EAAGsC,OACvB,MAAU9rE,MAAM,yBACpB,MAAMo3E,EAAK1E,EAAoBx4D,GAC/B,IAAIof,EACJ,IACIA,EAAIkwC,EAAGwD,KAAKoK,EAChC,CACgB,MAAOC,GACH,MAAMC,EAASD,aAAqBr3E,MAAQ,KAAOq3E,EAAUrlE,QAAU,GACvE,MAAUhS,MAAM,wBAA0Bs3E,EAC9D,CAMgB,QAHiC,GAAd15B,OAFHtkB,EAAIZ,MAASA,MAIzBY,EAAIkwC,EAAG4B,IAAI9xC,IACR,CAAEpf,IAAGof,IAC5B,CASS,IAECi+C,EAAiBhvD,GAAQyqD,GAAcwE,GAAmBjvD,EAAKkpD,EAAM7F,cAC3E,SAAS6L,EAAsB59C,GAE3B,OAAOA,EADMm9C,GAAet+C,EAEpC,CAKI,MAAMg/C,EAAS,CAACnhE,EAAG0I,EAAMsmD,IAAO0N,GAAmB18D,EAAEnV,MAAM6d,EAAMsmD,IAIjE,MAAMjT,EACF,WAAAj0D,CAAY8b,EAAG9B,EAAGs/D,GACdl5E,KAAK0b,EAAIA,EACT1b,KAAK4Z,EAAIA,EACT5Z,KAAKk5E,SAAWA,EAChBl5E,KAAK21E,gBACjB,CAEQ,kBAAOwD,CAAY5/D,GACf,MAAM+oB,EAAI0wC,EAAM7F,YAEhB,OADA5zD,EAAMiwD,GAAY,mBAAoBjwD,EAAS,EAAJ+oB,GACpC,IAAIuxB,EAAUolB,EAAO1/D,EAAK,EAAG+oB,GAAI22C,EAAO1/D,EAAK+oB,EAAG,EAAIA,GACvE,CAGQ,cAAO82C,CAAQ7/D,GACX,MAAMmC,EAAEA,EAAC9B,EAAEA,GAAM83D,GAAIS,MAAM3I,GAAY,MAAOjwD,IAC9C,OAAO,IAAIs6C,EAAUn4C,EAAG9B,EACpC,CACQ,cAAA+7D,GACIjB,GAAY,IAAK10E,KAAK0b,EAAGue,GAAKs+C,GAC9B7D,GAAY,IAAK10E,KAAK4Z,EAAGqgB,GAAKs+C,EAC1C,CACQ,cAAAc,CAAeH,GACX,OAAO,IAAIrlB,EAAU7zD,KAAK0b,EAAG1b,KAAK4Z,EAAGs/D,EACjD,CACQ,gBAAAI,CAAiBC,GACb,MAAM79D,EAAEA,EAAC9B,EAAEA,EAAGs/D,SAAUM,GAAQx5E,KAC1BwxB,EAAI0mD,EAAc1O,GAAY,UAAW+P,IAC/C,GAAW,MAAPC,IAAgB,CAAC,EAAG,EAAG,EAAG,GAAGr6D,SAASq6D,GACtC,MAAUj4E,MAAM,uBACpB,MAAMk4E,EAAe,IAARD,GAAqB,IAARA,EAAY99D,EAAIs3D,EAAMp7D,EAAI8D,EACpD,GAAI+9D,GAAQ1O,EAAGsC,MACX,MAAU9rE,MAAM,8BACpB,MAAM6X,EAAgB,EAANogE,EAAwB,KAAP,KAC3BE,EAAI9E,EAAMc,QAAQt8D,EAAS0/D,EAAcW,IACzCE,EAAKnB,EAAKiB,GACV5kC,EAAKyjC,GAAM9mD,EAAImoD,GACf7kC,EAAKwjC,EAAK1+D,EAAI+/D,GACdpoC,EAAIqjC,EAAM5E,KAAKuH,qBAAqBmC,EAAG7kC,EAAIC,GACjD,IAAKvD,EACD,MAAUhwC,MAAM,qBAEpB,OADAgwC,EAAEokC,iBACKpkC,CACnB,CAEQ,QAAAqoC,GACI,OAAOZ,EAAsBh5E,KAAK4Z,EAC9C,CACQ,UAAAigE,GACI,OAAO75E,KAAK45E,WAAa,IAAI/lB,EAAU7zD,KAAK0b,EAAG48D,GAAMt4E,KAAK4Z,GAAI5Z,KAAKk5E,UAAYl5E,IAC3F,CAEQ,aAAA85E,GACI,OAAOC,GAAc/5E,KAAKg6E,WACtC,CACQ,QAAAA,GACI,OAAOtI,GAAImB,WAAW,CAAEn3D,EAAG1b,KAAK0b,EAAG9B,EAAG5Z,KAAK4Z,GACvD,CAEQ,iBAAAqgE,GACI,OAAOF,GAAc/5E,KAAKk6E,eACtC,CACQ,YAAAA,GACI,OAAOpB,EAAc94E,KAAK0b,GAAKo9D,EAAc94E,KAAK4Z,EAC9D,EAEI,MAAM0zB,EAAQ,CACV,iBAAA6sC,CAAkB3mE,GACd,IAEI,OADA4gE,EAAuB5gE,IAChB,CACvB,CACY,MAAO9M,GACH,OAAO,CACvB,CACS,EACD0tE,uBAAwBA,EAKxB7mC,iBAAkB,KACd,MAAM3rC,EAASw4E,GAAqBpH,EAAMp7D,GAC1C,OFzWL,SAAwBjH,EAAKs+D,EAAYjoD,GAAO,GACnD,MAAMsG,EAAM3c,EAAI/O,OACVy4E,EAAWrL,GAAoBC,GAC/BqL,EAASpL,GAAiBD,GAEhC,GAAI3hD,EAAM,IAAMA,EAAMgtD,GAAUhtD,EAAM,KAClC,MAAU/rB,MAAM,YAAY+4E,8BAAmChtD,KACnE,MAEM8M,EAAUD,GAFJnT,EAAOoiD,GAAgBz4D,GAAO04D,GAAgB14D,GAEjCs+D,EAAah1C,IAAOA,GAC7C,OAAOjT,EAAOuiD,GAAgBnvC,EAASigD,GAAY/Q,GAAgBlvC,EAASigD,EAChF,CE8VmBE,CAAmBvH,EAAM/1C,YAAYr7B,GAASoxE,EAAMp7D,EAAE,EAUjE4iE,WAAU,CAACvxD,EAAa,EAAG4qD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAe9sD,GACrB4qD,EAAMgC,SAAS3uD,OAAO,IACf2sD,IAef,SAAS4G,EAAU3Y,GACf,MAAM37C,EAAMmuD,GAAWxS,GACjB/nD,EAAsB,iBAAT+nD,EACbx0C,GAAOnH,GAAOpM,IAAQ+nD,EAAKlgE,OACjC,OAAIukB,EACOmH,IAAQ8qD,GAAiB9qD,IAAQ+qD,EACxCt+D,EACOuT,IAAQ,EAAI8qD,GAAiB9qD,IAAQ,EAAI+qD,EAChDvW,aAAgB8S,CAG5B,CAuBI,MAAMqD,EAAWjF,EAAMiF,UACnB,SAAU9tE,GAGN,MAAM2f,EAAM0qD,GAAmBrqE,GACzBuwE,EAAuB,EAAfvwE,EAAMvI,OAAaoxE,EAAM/F,WACvC,OAAOyN,EAAQ,EAAI5wD,GAAO5C,OAAOwzD,GAAS5wD,CAC7C,EACCouD,EAAgBlF,EAAMkF,eACxB,SAAU/tE,GACN,OAAOmuE,EAAKL,EAAS9tE,GACxB,EAECwwE,EAAaC,GAAW5H,EAAM/F,YAIpC,SAAS4N,EAAW/wD,GAGhB,OAFA4qD,GAAY,WAAW1B,EAAM/F,WAAcnjD,EAAKkQ,GAAK2gD,GAE9C5B,GAAmBjvD,EAAKkpD,EAAM7F,YAC7C,CAMI,SAAS2N,EAAQvB,EAAS/lE,EAAYkc,EAAOqrD,GACzC,GAAI,CAAC,YAAa,aAAar2E,MAAM8U,GAAMA,KAAKkW,IAC5C,MAAUnuB,MAAM,uCACpB,MAAMoM,KAAEA,EAAIsvB,YAAEA,GAAgB+1C,EAC9B,IAAI1gC,KAAEA,EAAIg/B,QAAEA,EAAS0J,aAAcC,GAAQvrD,EAC/B,MAAR4iB,IACAA,GAAO,GACXinC,EAAU/P,GAAY,UAAW+P,GACjClI,GAAmB3hD,GACf4hD,IACAiI,EAAU/P,GAAY,oBAAqB77D,EAAK4rE,KAIpD,MAAM2B,EAAQhD,EAAcqB,GACtBl2D,EAAI+wD,EAAuB5gE,GAC3B2nE,EAAW,CAACN,EAAWx3D,GAAIw3D,EAAWK,IAE5C,GAAW,MAAPD,IAAuB,IAARA,EAAe,CAE9B,MAAM/2E,GAAY,IAAR+2E,EAAeh+C,EAAY8tC,EAAGyC,OAASyN,EACjDE,EAASr4E,KAAK0mE,GAAY,eAAgBtlE,GACtD,CACQ,MAAMgnC,EAAO8oC,MAAkBmH,GACzB7iD,EAAI4iD,EA0BV,MAAO,CAAEhwC,OAAMkwC,MAxBf,SAAeC,GAEX,MAAM7hE,EAAIy+D,EAASoD,GACnB,IAAKxD,EAAmBr+D,GACpB,OACJ,MAAM8hE,EAAK9C,EAAKh/D,GACVoK,EAAIgxD,EAAM5E,KAAK6F,SAASr8D,GAAGu6D,WAC3Br4D,EAAI48D,EAAK10D,EAAEnI,GACjB,GAAIC,IAAMse,GACN,OAIJ,MAAMpgB,EAAI0+D,EAAKgD,EAAKhD,EAAKhgD,EAAI5c,EAAI2H,IACjC,GAAIzJ,IAAMogB,GACN,OACJ,IAAIk/C,GAAYt1D,EAAEnI,IAAMC,EAAI,EAAI,GAAK2L,OAAOzD,EAAEiX,EAAIZ,IAC9CshD,EAAQ3hE,EAKZ,OAJI04B,GAAQ0mC,EAAsBp/D,KAC9B2hE,EAlOZ,SAAoB3hE,GAChB,OAAOo/D,EAAsBp/D,GAAK0+D,GAAM1+D,GAAKA,CACrD,CAgOwBigE,CAAWjgE,GACnBs/D,GAAY,GAET,IAAIrlB,EAAUn4C,EAAG6/D,EAAOrC,EAC3C,EAEA,CACI,MAAM6B,EAAiB,CAAEzoC,KAAM0gC,EAAM1gC,KAAMg/B,SAAS,GAC9CkK,EAAiB,CAAElpC,KAAM0gC,EAAM1gC,KAAMg/B,SAAS,GAwFpD,OAnEAsD,EAAM5E,KAAK+F,eAAe,GAmEnB,CACH/C,QACAxlC,aAlNJ,SAAsBh6B,EAAYkkE,GAAe,GAC7C,OAAO9C,EAAMgB,eAAepiE,GAAYikE,WAAWC,EAC3D,EAiNQpoC,gBAvLJ,SAAyBmsC,EAAUC,EAAShE,GAAe,GACvD,GAAI+C,EAAUgB,GACV,MAAUl6E,MAAM,iCACpB,IAAKk5E,EAAUiB,GACX,MAAUn6E,MAAM,iCAEpB,OADUqzE,EAAMc,QAAQgG,GACf7F,SAASzB,EAAuBqH,IAAWhE,WAAWC,EACvE,EAiLQt3C,KA9EJ,SAAcm5C,EAASoC,EAASjsD,EAAOqrD,GACnC,MAAM7vC,KAAEA,EAAIkwC,MAAEA,GAAUN,EAAQvB,EAASoC,EAASjsD,GAC5C8kB,EAAIw+B,EAEV,OADa4I,GAAkBpnC,EAAE7mC,KAAKsY,UAAWuuB,EAAE24B,YAAa34B,EAAEwzB,KAC3D6T,CAAK3wC,EAAMkwC,EAC1B,EA0EQz6C,OAzDJ,SAAgB9xB,EAAW0qE,EAASxtE,EAAW2jB,EAAO8rD,GAClD,MAAMM,EAAKjtE,EAGX,GAFA0qE,EAAU/P,GAAY,UAAW+P,GACjCxtE,EAAYy9D,GAAY,YAAaz9D,GACjC,WAAY2jB,EACZ,MAAUnuB,MAAM,sCACpB8vE,GAAmB3hD,GACnB,MAAM4iB,KAAEA,EAAIg/B,QAAEA,GAAY5hD,EAC1B,IAAIqsD,EACA7P,EACJ,IACI,GAAkB,iBAAP4P,GAAmBxH,GAAWwH,GAGrC,IACIC,EAAOloB,EAAUulB,QAAQ0C,EAC7C,CACgB,MAAOE,GACH,KAAMA,aAAoBtK,GAAIC,KAC1B,MAAMqK,EACVD,EAAOloB,EAAUslB,YAAY2C,EACjD,KAEiB,IAAkB,iBAAPA,GAAmC,iBAATA,EAAGpgE,GAAkC,iBAATogE,EAAGliE,EAKrE,MAAUrY,MAAM,SALqE,CACrF,MAAMma,EAAEA,EAAC9B,EAAEA,GAAMkiE,EACjBC,EAAO,IAAIloB,EAAUn4C,EAAG9B,EACxC,CAGA,CACYsyD,EAAI0I,EAAMc,QAAQ3pE,EAC9B,CACQ,MAAOrF,GACH,GAAsB,UAAlBA,EAAM6M,QACN,MAAUhS,MAAM,kEACpB,OAAO,CACnB,CACQ,GAAI+wC,GAAQypC,EAAKnC,WACb,OAAO,EACPtI,IACAiI,EAAUvG,EAAMrlE,KAAK4rE,IACzB,MAAM79D,EAAEA,EAAC9B,EAAEA,GAAMmiE,EACXvqD,EAAI0mD,EAAcqB,GAClB0C,EAAKzD,EAAK5+D,GACVi7B,EAAKyjC,EAAK9mD,EAAIyqD,GACdnnC,EAAKwjC,EAAK58D,EAAIugE,GACdvC,EAAI9E,EAAM5E,KAAKuH,qBAAqBrL,EAAGr3B,EAAIC,IAAKi/B,WACtD,QAAK2F,GAEKpB,EAAKoB,EAAEj+D,KACJC,CACrB,EAOQk8D,gBAAiBhD,EACjB/gB,YACAvmB,QAER;sECj/BO,SAAS4uC,GAAQvuE,GACpB,MAAO,CACHA,OACAq6D,KAAM,CAACr3D,KAAQwrE,IAASnU,GAAKr6D,EAAMgD,EAAKiiB,MAAeupD,IACvDl/C,eAER,CACO,SAASm/C,GAAYpE,EAAUqE,GAClC,MAAMr3D,EAAUrX,GAASoqE,GAAY,IAAKC,KAAakE,GAAQvuE,KAC/D,OAAO7N,OAAO4tE,OAAO,IAAK1oD,EAAOq3D,GAAUr3D,UAC/C;sED4IgFkC,OAAO,GEnJvF,MAAM6jD,GAAKqC,GAAMlmD,OAAO,uEAIXtc,GAAOwxE,GAAY,CAC5B79D,EAJYwsD,GAAG/lD,OAAOkC,OAAO,OAK7BpP,EAJYoP,OAAO,sEAKvB6jD,GAAIA,GAEAnzD,EAAGsP,OAAO,sEAEViqD,GAAIjqD,OAAO,sEACXkqD,GAAIlqD,OAAO,sEACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACPvkC,ICvBGuuE,kBAA6Bp1D,OAAO,GAAK,GAAK,GAC9CD,kBAAuBC,OAAO,IAEpC,SAASq1D,GAAQ3kE,EAAGgiC,GAAK,GACrB,OAAIA,EACO,CAAEpoB,EAAGnK,OAAOzP,EAAI0kE,IAAah6C,EAAGjb,OAAQzP,GAAKqP,GAAQq1D,KACzD,CAAE9qD,EAAsC,EAAnCnK,OAAQzP,GAAKqP,GAAQq1D,IAAiBh6C,EAA4B,EAAzBjb,OAAOzP,EAAI0kE,IACpE,CACA,SAAS5+D,GAAMuhC,EAAKrF,GAAK,GACrB,IAAI4iC,EAAK,IAAIp8D,YAAY6+B,EAAIr9C,QACzB66E,EAAK,IAAIr8D,YAAY6+B,EAAIr9C,QAC7B,IAAK,IAAIE,EAAI,EAAGA,EAAIm9C,EAAIr9C,OAAQE,IAAK,CACjC,MAAM0vB,EAAEA,EAAC8Q,EAAEA,GAAMi6C,GAAQt9B,EAAIn9C,GAAI83C,IAChC4iC,EAAG16E,GAAI26E,EAAG36E,IAAM,CAAC0vB,EAAG8Q,EAC7B,CACI,MAAO,CAACk6C,EAAIC,EAChB,CACA,MAcMC,GAAS,CAAClrD,EAAG8Q,EAAG1oB,IAAO4X,GAAK5X,EAAM0oB,IAAO,GAAK1oB,EAC9C+iE,GAAS,CAACnrD,EAAG8Q,EAAG1oB,IAAO0oB,GAAK1oB,EAAM4X,IAAO,GAAK5X,EAE9CgjE,GAAS,CAACprD,EAAG8Q,EAAG1oB,IAAO0oB,GAAM1oB,EAAI,GAAQ4X,IAAO,GAAK5X,EACrDijE,GAAS,CAACrrD,EAAG8Q,EAAG1oB,IAAO4X,GAAM5X,EAAI,GAAQ0oB,IAAO,GAAK1oB,EAQ3D,MASMkjE,GAAM,CACRP,WAAS7+D,SAAOq/D,MApCN,CAACvrD,EAAG8Q,IAAOpb,OAAOsK,IAAM,IAAMvK,GAAQC,OAAOob,IAAM,GAqC7D06C,MAnCU,CAACxrD,EAAGyrD,EAAIrjE,IAAM4X,IAAM5X,EAmCvBsjE,MAlCG,CAAC1rD,EAAG8Q,EAAG1oB,IAAO4X,GAAM,GAAK5X,EAAO0oB,IAAM1oB,EAmChDujE,OAjCW,CAAC3rD,EAAG8Q,EAAG1oB,IAAO4X,IAAM5X,EAAM0oB,GAAM,GAAK1oB,EAiCxCwjE,OAhCG,CAAC5rD,EAAG8Q,EAAG1oB,IAAO4X,GAAM,GAAK5X,EAAO0oB,IAAM1oB,EAgCjCyjE,OA9BL,CAAC7rD,EAAG8Q,EAAG1oB,IAAO4X,GAAM,GAAK5X,EAAO0oB,IAAO1oB,EAAI,GA8B9B0jE,OA7Bb,CAAC9rD,EAAG8Q,EAAG1oB,IAAO4X,IAAO5X,EAAI,GAAQ0oB,GAAM,GAAK1oB,EA8BvD2jE,QA5BY,CAACC,EAAIl7C,IAAMA,EA4Bdm7C,QA3BG,CAACjsD,EAAGyrD,IAAOzrD,EA4BvBkrD,UAAQC,UAAQC,UAAQC,UACxB54E,IApBJ,SAAau4E,EAAIC,EAAIiB,EAAIC,GACrB,MAAMr7C,GAAKm6C,IAAO,IAAMkB,IAAO,GAC/B,MAAO,CAAEnsD,EAAIgrD,EAAKkB,GAAOp7C,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACxD,EAiBSs7C,MAfK,CAACnB,EAAIkB,EAAIE,KAAQpB,IAAO,IAAMkB,IAAO,IAAME,IAAO,GAehDC,MAdF,CAACC,EAAKvB,EAAIkB,EAAIM,IAAQxB,EAAKkB,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EAcrDE,MAbT,CAACxB,EAAIkB,EAAIE,EAAIK,KAAQzB,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,GAanDC,MAZhB,CAACJ,EAAKvB,EAAIkB,EAAIM,EAAII,IAAQ5B,EAAKkB,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAYhDM,MAVvB,CAACN,EAAKvB,EAAIkB,EAAIM,EAAII,EAAIE,IAAQ9B,EAAKkB,EAAKM,EAAKI,EAAKE,GAAOP,EAAM,GAAK,GAAM,GAAM,EAUlDQ,MAX9B,CAAC9B,EAAIkB,EAAIE,EAAIK,EAAIM,KAAQ/B,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMM,IAAO,KC1C3FC,GAAWC,mBAA6B,KAAO5B,GAAIp/D,MAAM,CAC5D,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,sBACpE/Y,KAAIiT,GAAKsP,OAAOtP,MArB6B,GAuBzC+mE,kBAA6B,IAAIv+D,YAAY,IAC7Cw+D,kBAA6B,IAAIx+D,YAAY,IAC5C,MAAMy+D,WAAerY,GACxB,WAAA5mE,GACIC,MAAM,IAAK,GAAI,IAAI,GAKnBG,KAAKw8E,GAAK,WACVx8E,KAAKy8E,IAAK,UACVz8E,KAAK09E,IAAK,WACV19E,KAAK29E,IAAK,WACV39E,KAAKg+E,GAAK,WACVh+E,KAAK69E,IAAK,SACV79E,KAAKo+E,IAAK,WACVp+E,KAAKk+E,GAAK,WACVl+E,KAAKs+E,GAAK,WACVt+E,KAAKw+E,IAAK,WACVx+E,KAAK8+E,IAAK,WACV9+E,KAAK++E,GAAK,UACV/+E,KAAKg/E,GAAK,UACVh/E,KAAKi/E,IAAK,SACVj/E,KAAKk/E,GAAK,WACVl/E,KAAKm/E,GAAK,SAClB,CAEI,GAAAh3E,GACI,MAAMq0E,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOn/E,KAC3E,MAAO,CAACw8E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC5E,CAEI,GAAAh9E,CAAIq6E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC5Dn/E,KAAKw8E,GAAU,EAALA,EACVx8E,KAAKy8E,GAAU,EAALA,EACVz8E,KAAK09E,GAAU,EAALA,EACV19E,KAAK29E,GAAU,EAALA,EACV39E,KAAKg+E,GAAU,EAALA,EACVh+E,KAAK69E,GAAU,EAALA,EACV79E,KAAKo+E,GAAU,EAALA,EACVp+E,KAAKk+E,GAAU,EAALA,EACVl+E,KAAKs+E,GAAU,EAALA,EACVt+E,KAAKw+E,GAAU,EAALA,EACVx+E,KAAK8+E,GAAU,EAALA,EACV9+E,KAAK++E,GAAU,EAALA,EACV/+E,KAAKg/E,GAAU,EAALA,EACVh/E,KAAKi/E,GAAU,EAALA,EACVj/E,KAAKk/E,GAAU,EAALA,EACVl/E,KAAKm/E,GAAU,EAALA,CAClB,CACI,OAAA/7E,CAAQ2jB,EAAMlO,GAEV,IAAK,IAAI/W,EAAI,EAAGA,EAAI,GAAIA,IAAK+W,GAAU,EACnC8lE,GAAW78E,GAAKilB,EAAK0B,UAAU5P,GAC/B+lE,GAAW98E,GAAKilB,EAAK0B,UAAW5P,GAAU,GAE9C,IAAK,IAAI/W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAE1B,MAAMs9E,EAA4B,EAArBT,GAAW78E,EAAI,IACtBu9E,EAA4B,EAArBT,GAAW98E,EAAI,IACtBw9E,EAAMxC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIE,MAAMoC,EAAMC,EAAM,GACpFE,EAAMzC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAII,MAAMkC,EAAMC,EAAM,GAEpFG,EAA0B,EAApBb,GAAW78E,EAAI,GACrB29E,EAA0B,EAApBb,GAAW98E,EAAI,GACrB49E,EAAM5C,GAAIK,OAAOqC,EAAKC,EAAK,IAAM3C,GAAIO,OAAOmC,EAAKC,EAAK,IAAM3C,GAAIE,MAAMwC,EAAKC,EAAK,GAChFE,EAAM7C,GAAIM,OAAOoC,EAAKC,EAAK,IAAM3C,GAAIQ,OAAOkC,EAAKC,EAAK,IAAM3C,GAAII,MAAMsC,EAAKC,EAAK,GAEhFG,EAAO9C,GAAImB,MAAMsB,EAAKI,EAAKf,GAAW98E,EAAI,GAAI88E,GAAW98E,EAAI,KAC7D+9E,EAAO/C,GAAIqB,MAAMyB,EAAMN,EAAKI,EAAKf,GAAW78E,EAAI,GAAI68E,GAAW78E,EAAI,KACzE68E,GAAW78E,GAAY,EAAP+9E,EAChBjB,GAAW98E,GAAY,EAAP89E,CAC5B,CACQ,IAAIpD,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOn/E,KAEzE,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAEzB,MAAMg+E,EAAUhD,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIO,OAAOiB,EAAIE,EAAI,IAC/EuB,EAAUjD,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIQ,OAAOgB,EAAIE,EAAI,IAE/EwB,EAAQ1B,EAAKQ,GAAQR,EAAKU,EAC1BiB,EAAQzB,EAAKO,GAAQP,EAAKS,EAG1BiB,EAAOpD,GAAIyB,MAAMY,EAAIY,EAASE,EAAMvB,GAAU58E,GAAI88E,GAAW98E,IAC7Dq+E,EAAMrD,GAAIuB,MAAM6B,EAAMhB,EAAIY,EAASE,EAAMvB,GAAU38E,GAAI68E,GAAW78E,IAClEs+E,EAAa,EAAPF,EAENG,EAAUvD,GAAIK,OAAOX,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAC/E6D,EAAUxD,GAAIM,OAAOZ,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAC/E8D,EAAQ/D,EAAKkB,EAAOlB,EAAKwB,EAAON,EAAKM,EACrCwC,EAAQ/D,EAAKkB,EAAOlB,EAAKoB,EAAOF,EAAKE,EAC3CqB,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALR,EACLS,EAAU,EAALP,IACFhtD,EAAG8sD,EAAIh8C,GAAUw6C,GAAI74E,IAAS,EAALm6E,EAAa,EAALF,EAAc,EAANiC,EAAe,EAANC,IACrDhC,EAAU,EAALJ,EACLE,EAAU,EAALL,EACLG,EAAU,EAALN,EACLG,EAAU,EAALF,EACLD,EAAU,EAALlB,EACLmB,EAAU,EAALlB,EACL,MAAMgE,EAAM3D,GAAIc,MAAMwC,EAAKE,EAASE,GACpChE,EAAKM,GAAIgB,MAAM2C,EAAKN,EAAKE,EAASE,GAClC9D,EAAW,EAANgE,CACjB,GAEWjvD,EAAGgrD,EAAIl6C,EAAGm6C,GAAOK,GAAI74E,IAAc,EAAVjE,KAAKw8E,GAAkB,EAAVx8E,KAAKy8E,GAAa,EAALD,EAAa,EAALC,MAC3DjrD,EAAGksD,EAAIp7C,EAAGq7C,GAAOb,GAAI74E,IAAc,EAAVjE,KAAK09E,GAAkB,EAAV19E,KAAK29E,GAAa,EAALD,EAAa,EAALC,MAC3DnsD,EAAGwsD,EAAI17C,EAAGu7C,GAAOf,GAAI74E,IAAc,EAAVjE,KAAKg+E,GAAkB,EAAVh+E,KAAK69E,GAAa,EAALG,EAAa,EAALH,MAC3DrsD,EAAG4sD,EAAI97C,EAAG47C,GAAOpB,GAAI74E,IAAc,EAAVjE,KAAKo+E,GAAkB,EAAVp+E,KAAKk+E,GAAa,EAALE,EAAa,EAALF,MAC3D1sD,EAAG8sD,EAAIh8C,GAAUw6C,GAAI74E,IAAc,EAAVjE,KAAKs+E,GAAkB,EAAVt+E,KAAKw+E,GAAa,EAALF,EAAa,EAALE,MAC3DhtD,EAAGstD,EAAIx8C,EAAGy8C,GAAOjC,GAAI74E,IAAc,EAAVjE,KAAK8+E,GAAkB,EAAV9+E,KAAK++E,GAAa,EAALD,EAAa,EAALC,MAC3DvtD,EAAGwtD,EAAI18C,EAAG28C,GAAOnC,GAAI74E,IAAc,EAAVjE,KAAKg/E,GAAkB,EAAVh/E,KAAKi/E,GAAa,EAALD,EAAa,EAALC,MAC3DztD,EAAG0tD,EAAI58C,EAAG68C,GAAOrC,GAAI74E,IAAc,EAAVjE,KAAKk/E,GAAkB,EAAVl/E,KAAKm/E,GAAa,EAALD,EAAa,EAALC,IAC9Dn/E,KAAKmC,IAAIq6E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC7E,CACI,UAAAvY,GACI+X,GAAWj3D,KAAK,GAChBk3D,GAAWl3D,KAAK,EACxB,CACI,OAAAze,GACIjJ,KAAKsJ,OAAOoe,KAAK,GACjB1nB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC9D,EAgDO,MAAMu+E,WAAe7B,GACxB,WAAAj/E,GACIC,QAEAG,KAAKw8E,IAAK,UACVx8E,KAAKy8E,IAAK,WACVz8E,KAAK09E,GAAK,WACV19E,KAAK29E,GAAK,UACV39E,KAAKg+E,IAAK,WACVh+E,KAAK69E,GAAK,UACV79E,KAAKo+E,GAAK,UACVp+E,KAAKk+E,IAAK,UACVl+E,KAAKs+E,GAAK,WACVt+E,KAAKw+E,IAAK,QACVx+E,KAAK8+E,IAAK,WACV9+E,KAAK++E,GAAK,WACV/+E,KAAKg/E,IAAK,UACVh/E,KAAKi/E,GAAK,WACVj/E,KAAKk/E,GAAK,WACVl/E,KAAKm/E,IAAK,WACVn/E,KAAKimB,UAAY,EACzB,EAEO,MAAMhY,kBAAyBm4D,IAAgB,IAAM,IAAIyY,KAGnD7wE,kBAAyBo4D,IAAgB,IAAM,IAAIsa,KC1N1D3V,GAAKqC,GADDlmD,OAAO,uGAMJpc,GAAOsxE,GAAY,CAC5B79D,EALYwsD,GAAG/lD,OAAOkC,OAAO,OAM7BpP,EAJYoP,OAAO,sGAKvB6jD,GAAIA,GAEAnzD,EAAGsP,OAAO,sGAEViqD,GAAIjqD,OAAO,sGACXkqD,GAAIlqD,OAAO,sGACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACPtkC,ICfG+8D,GAAKqC,GADDlmD,OAAO,0IAEX8rD,GAAQ,CACVz0D,EAAGwsD,GAAG/lD,OAAOkC,OAAO,OACpBpP,EAAGoP,OAAO,0IACd6jD,GAAIA,GACAnzD,EAAGsP,OAAO,0IACViqD,GAAIjqD,OAAO,0IACXkqD,GAAIlqD,OAAO,0IACXsK,EAAGtK,OAAO,IAGDlc,GAAOoxE,GAAY,CAC5B79D,EAAGy0D,GAAMz0D,EACTzG,EAAGk7D,GAAMl7D,EACbizD,GAAIA,GAEAnzD,EAAGo7D,GAAMp7D,EACTu5D,GAAI6B,GAAM7B,GACVC,GAAI4B,GAAM5B,GACV5/C,EAAGwhD,GAAMxhD,EACT8gB,MAAM,EACN4gC,yBAA0B,CAAC,IAAK,IAAK,MACtCjlE,IC5BG0yE,GAAU,GACVC,GAAY,GACZC,GAAa,GACb7mD,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC7B45D,kBAAsB55D,OAAO,GAC7B65D,kBAAwB75D,OAAO,KAC/B85D,kBAAyB95D,OAAO,KACtC,IAAK,IAAI+5D,EAAQ,EAAGvH,EAAIz/C,GAAKxe,EAAI,EAAGof,EAAI,EAAGomD,EAAQ,GAAIA,IAAS,EAE3DxlE,EAAGof,GAAK,CAACA,GAAI,EAAIpf,EAAI,EAAIof,GAAK,GAC/B8lD,GAAQ79E,KAAK,GAAK,EAAI+3B,EAAIpf,IAE1BmlE,GAAU99E,MAAQm+E,EAAQ,IAAMA,EAAQ,GAAM,EAAK,IAEnD,IAAItlE,EAAIqe,GACR,IAAK,IAAI5f,EAAI,EAAGA,EAAI,EAAGA,IACnBs/D,GAAMA,GAAKz/C,IAASy/C,GAAKoH,IAAOE,IAAWD,GACvCrH,EAAIj5C,KACJ9kB,GAAKse,KAASA,mBAAuB/S,OAAO9M,IAAM6f,IAE1D4mD,GAAW/9E,KAAK6Y,EACpB,CACA,MAAOulE,GAAaC,mBAA+BzjE,GAAMmjE,IAAY,GAE/DO,GAAQ,CAAC5vD,EAAG8Q,EAAG1oB,IAAOA,EAAI,GAAKgjE,GAAOprD,EAAG8Q,EAAG1oB,GAAK8iE,GAAOlrD,EAAG8Q,EAAG1oB,GAC9DynE,GAAQ,CAAC7vD,EAAG8Q,EAAG1oB,IAAOA,EAAI,GAAKijE,GAAOrrD,EAAG8Q,EAAG1oB,GAAK+iE,GAAOnrD,EAAG8Q,EAAG1oB,GA+C7D,MAAM0nE,WAAepb,GAExB,WAAAtmE,CAAYqoB,EAAU4wD,EAAQ5yD,EAAWs7D,GAAY,EAAOtzD,EAAS,IAcjE,GAbApuB,QACAG,KAAKioB,SAAWA,EAChBjoB,KAAK64E,OAASA,EACd74E,KAAKimB,UAAYA,EACjBjmB,KAAKuhF,UAAYA,EACjBvhF,KAAKiuB,OAASA,EACdjuB,KAAKgC,IAAM,EACXhC,KAAKwhF,OAAS,EACdxhF,KAAK8lB,UAAW,EAChB9lB,KAAK6lB,WAAY,EAEjBuV,GAAOnV,GAEH,GAAKjmB,KAAKioB,UAAYjoB,KAAKioB,UAAY,IACvC,MAAU1mB,MAAM,4CdhFT,IAAC4kB,EciFZnmB,KAAKmlB,MAAQ,IAAI1jB,WAAW,KAC5BzB,KAAKyhF,SdlFOt7D,EckFOnmB,KAAKmlB,MdlFJ,IAAI/E,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK2P,MAAM+N,EAAI7b,WAAa,IcmFpG,CACI,MAAAo3E,GACS16D,IACDi/C,GAAWjmE,KAAKyhF,SApErB,SAAiB7nE,EAAGqU,EAAS,IAChC,MAAMmuC,EAAI,IAAIh8C,YAAY,IAE1B,IAAK,IAAI6gE,EAAQ,GAAKhzD,EAAQgzD,EAAQ,GAAIA,IAAS,CAE/C,IAAK,IAAIxlE,EAAI,EAAGA,EAAI,GAAIA,IACpB2gD,EAAE3gD,GAAK7B,EAAE6B,GAAK7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAC5D,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EAAG,CAC5B,MAAMkmE,GAAQlmE,EAAI,GAAK,GACjBmmE,GAAQnmE,EAAI,GAAK,GACjBomE,EAAKzlB,EAAEwlB,GACPE,EAAK1lB,EAAEwlB,EAAO,GACdG,EAAKX,GAAMS,EAAIC,EAAI,GAAK1lB,EAAEulB,GAC1BK,EAAKX,GAAMQ,EAAIC,EAAI,GAAK1lB,EAAEulB,EAAO,GACvC,IAAK,IAAI9mD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GACzBjhB,EAAE6B,EAAIof,IAAMknD,EACZnoE,EAAE6B,EAAIof,EAAI,IAAMmnD,CAEhC,CAEQ,IAAIC,EAAOroE,EAAE,GACTsoE,EAAOtoE,EAAE,GACb,IAAK,IAAI+B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMxS,EAAQy3E,GAAUjlE,GAClBomE,EAAKX,GAAMa,EAAMC,EAAM/4E,GACvB64E,EAAKX,GAAMY,EAAMC,EAAM/4E,GACvBg5E,EAAKxB,GAAQhlE,GACnBsmE,EAAOroE,EAAEuoE,GACTD,EAAOtoE,EAAEuoE,EAAK,GACdvoE,EAAEuoE,GAAMJ,EACRnoE,EAAEuoE,EAAK,GAAKH,CACxB,CAEQ,IAAK,IAAInnD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GAAI,CAC7B,IAAK,IAAIpf,EAAI,EAAGA,EAAI,GAAIA,IACpB2gD,EAAE3gD,GAAK7B,EAAEihB,EAAIpf,GACjB,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACpB7B,EAAEihB,EAAIpf,KAAO2gD,GAAG3gD,EAAI,GAAK,IAAM2gD,GAAG3gD,EAAI,GAAK,GAC3D,CAEQ7B,EAAE,IAAMsnE,GAAYD,GACpBrnE,EAAE,IAAMunE,GAAYF,EAC5B,CACI7kB,EAAE10C,KAAK,EACX,CAyBQ06D,CAAQpiF,KAAKyhF,QAASzhF,KAAKiuB,QACtBjH,IACDi/C,GAAWjmE,KAAKyhF,SACpBzhF,KAAKwhF,OAAS,EACdxhF,KAAKgC,IAAM,CACnB,CACI,MAAAuiB,CAAO1d,GACH6e,GAAO1lB,MACP,MAAMioB,SAAEA,EAAQ9C,MAAEA,GAAUnlB,KAEtBstB,GADNzmB,EAAOyf,GAAQzf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMsrB,GAAM,CAC1B,MAAMo5C,EAAOj+D,KAAKud,IAAIiC,EAAWjoB,KAAKgC,IAAKsrB,EAAMtrB,GACjD,IAAK,IAAIF,EAAI,EAAGA,EAAI4kE,EAAM5kE,IACtBqjB,EAAMnlB,KAAKgC,QAAU6E,EAAK7E,KAC1BhC,KAAKgC,MAAQimB,GACbjoB,KAAK0hF,QACrB,CACQ,OAAO1hF,IACf,CACI,MAAA2G,GACI,GAAI3G,KAAK8lB,SACL,OACJ9lB,KAAK8lB,UAAW,EAChB,MAAMX,MAAEA,EAAK0zD,OAAEA,EAAM72E,IAAEA,EAAGimB,SAAEA,GAAajoB,KAEzCmlB,EAAMnjB,IAAQ62E,EACA,IAATA,GAAwB72E,IAAQimB,EAAW,GAC5CjoB,KAAK0hF,SACTv8D,EAAM8C,EAAW,IAAM,IACvBjoB,KAAK0hF,QACb,CACI,SAAAW,CAAUt8D,GACNL,GAAO1lB,MAAM,GACbmK,GAAM4b,GACN/lB,KAAK2G,SACL,MAAM27E,EAAYtiF,KAAKmlB,OACjB8C,SAAEA,GAAajoB,KACrB,IAAK,IAAIgC,EAAM,EAAGsrB,EAAMvH,EAAInkB,OAAQI,EAAMsrB,GAAM,CACxCttB,KAAKwhF,QAAUv5D,GACfjoB,KAAK0hF,SACT,MAAMhb,EAAOj+D,KAAKud,IAAIiC,EAAWjoB,KAAKwhF,OAAQl0D,EAAMtrB,GACpD+jB,EAAI5jB,IAAImgF,EAAUt5E,SAAShJ,KAAKwhF,OAAQxhF,KAAKwhF,OAAS9a,GAAO1kE,GAC7DhC,KAAKwhF,QAAU9a,EACf1kE,GAAO0kE,CACnB,CACQ,OAAO3gD,CACf,CACI,OAAAw8D,CAAQx8D,GAEJ,IAAK/lB,KAAKuhF,UACN,MAAUhgF,MAAM,yCACpB,OAAOvB,KAAKqiF,UAAUt8D,EAC9B,CACI,GAAAy8D,CAAIr4E,GAEA,OADAixB,GAAOjxB,GACAnK,KAAKuiF,QAAQ,IAAI9gF,WAAW0I,GAC3C,CACI,UAAAwgB,CAAW5E,GAEP,GADAnf,GAAOmf,EAAK/lB,MACRA,KAAK8lB,SACL,MAAUvkB,MAAM,+BAGpB,OAFAvB,KAAKqiF,UAAUt8D,GACf/lB,KAAKiJ,UACE8c,CACf,CACI,MAAAvB,GACI,OAAOxkB,KAAK2qB,WAAW,IAAIlpB,WAAWzB,KAAKimB,WACnD,CACI,OAAAhd,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAKmlB,MAAMuC,KAAK,EACxB,CACI,UAAAy+C,CAAWW,GACP,MAAM7+C,SAAEA,EAAQ4wD,OAAEA,EAAM5yD,UAAEA,EAASgI,OAAEA,EAAMszD,UAAEA,GAAcvhF,KAY3D,OAXA8mE,IAAOA,EAAK,IAAIwa,GAAOr5D,EAAU4wD,EAAQ5yD,EAAWs7D,EAAWtzD,IAC/D64C,EAAG2a,QAAQt/E,IAAInC,KAAKyhF,SACpB3a,EAAG9kE,IAAMhC,KAAKgC,IACd8kE,EAAG0a,OAASxhF,KAAKwhF,OACjB1a,EAAGhhD,SAAW9lB,KAAK8lB,SACnBghD,EAAG74C,OAASA,EAEZ64C,EAAG+R,OAASA,EACZ/R,EAAG7gD,UAAYA,EACf6gD,EAAGya,UAAYA,EACfza,EAAGjhD,UAAY7lB,KAAK6lB,UACbihD,CACf,EAEA,MAAMwD,GAAM,CAACuO,EAAQ5wD,EAAUhC,IAAcmgD,IAAgB,IAAM,IAAIkb,GAAOr5D,EAAU4wD,EAAQ5yD,KAMnF9X,kBAA2Bm8D,GAAI,EAAM,IAAK,IAE1Cl8D,kBAA2Bk8D,GAAI,EAAM,GAAI,IAWzCmY,kBAFI,EAAC5J,EAAQ5wD,EAAUhC,IdzC7B,SAAoCqF,GACvC,MAAMC,EAAQ,CAACC,EAAKkE,IAASpE,EAASoE,GAAMnL,OAAO+B,GAAQkF,IAAMhH,SAC3DiH,EAAMH,EAAS,IAIrB,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAU0K,GAASpE,EAASoE,GAC3BnE,CACX,CckCkDm3D,EAA2B,CAAChzD,EAAO,CAAA,IAAO,IAAI4xD,GAAOr5D,EAAU4wD,OAAuBz2E,IAAfstB,EAAKizD,MAAsB18D,EAAYyJ,EAAKizD,OAAO,KAEpIC,CAAS,GAAM,IAAK,IC5MtD5oD,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIuU,GAAMvU,OAAO,GAEhE27D,GAAiB,CAAEC,QAAQ,GAwB1B,SAASC,GAAe/K,GAC3B,MAAMhF,EAxBV,SAAsBtoE,GAClB,MAAMglB,EAAOwhD,GAAcxmE,GAa3B,OAZAuoE,GAAkBvoE,EAAO,CACrBiD,KAAM,WACN4Q,EAAG,SACH8E,EAAG,SACH4Z,YAAa,YACd,CACC+lD,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAGTrjF,OAAO4tE,OAAO,IAAKh+C,GAC9B,CASkByoD,CAAaH,IACrBjN,GAAEA,EAAInzD,EAAgB05D,QAASA,EAAS3jE,KAAMy1E,EAAKnmD,YAAEA,EAAWkwC,YAAEA,EAAa37C,EAAGgmD,GAAcxE,EAChGrF,EAAOltC,IAAQvZ,OAAqB,EAAdimD,GAAmBlzC,GACzCopD,EAAOtY,EAAG/lD,OACV2uD,EAAKvG,GAAM4F,EAAMp7D,EAAGo7D,EAAM/F,YAE1BiW,EAAUlQ,EAAMkQ,SAC1B,EAAUllD,EAAGnkB,KACD,IACI,MAAO,CAAEmxD,SAAS,EAAMzoE,MAAOwoE,EAAGwD,KAAKvwC,EAAI+sC,EAAGuD,IAAIz0D,IAClE,CACY,MAAO3V,GACH,MAAO,CAAE8mE,SAAS,EAAOzoE,MAAOy3B,GAChD,CACS,GACCgpD,EAAoBhQ,EAAMgQ,mBAAsB,CAAC74E,GAAUA,GAC3D84E,EAASjQ,EAAMiQ,QACzB,EAAUp8E,EAAMy8E,EAAKC,KAET,GADAtb,GAAM,SAAUsb,GACZD,EAAI1hF,QAAU2hF,EACd,MAAUhiF,MAAM,uCACpB,OAAOsF,CACV,GAGL,SAAS28E,EAAYtb,EAAOtwD,GACxB88D,GAAY,cAAgBxM,EAAOtwD,EAAGoiB,GAAK2zC,EACnD,CACI,SAAS8V,EAAY7yB,GACjB,KAAMA,aAAiBgkB,GACnB,MAAUrzE,MAAM,yBAC5B,CAGI,MAAMszE,EAAerJ,IAAS,CAACp+C,EAAG0nD,KAC9B,MAAQ4O,GAAIjoE,EAAGkoE,GAAI9oD,EAAG+oD,GAAI19C,GAAM9Y,EAC1BwgD,EAAMxgD,EAAEwgD,MACJ,MAANkH,IACAA,EAAKlH,EAAMnyC,GAAMsvC,EAAGuD,IAAIpoC,IAC5B,MAAMgvC,EAAKmO,EAAK5nE,EAAIq5D,GACdK,EAAKkO,EAAKxoD,EAAIi6C,GACdM,EAAKiO,EAAKn9C,EAAI4uC,GACpB,GAAIlH,EACA,MAAO,CAAEnyD,EAAGue,GAAKa,EAAGZ,IACxB,GAAIm7C,IAAOn7C,GACP,MAAU14B,MAAM,oBACpB,MAAO,CAAEka,EAAGy5D,EAAIr6C,EAAGs6C,EAAI,IAErBE,EAAkB7J,IAAUp+C,IAC9B,MAAM7O,EAAEA,EAAC8E,EAAEA,GAAM2vD,EACjB,GAAI5lD,EAAEwgD,MACF,MAAUrsE,MAAM,mBAGpB,MAAQmiF,GAAIxhD,EAAGyhD,GAAIxhD,EAAGyhD,GAAIzgD,EAAG8X,GAAInjB,GAAM1K,EACjCipD,EAAKgN,EAAKnhD,EAAIA,GACdo0C,EAAK+M,EAAKlhD,EAAIA,GACdo0C,EAAK8M,EAAKlgD,EAAIA,GACd0gD,EAAKR,EAAK9M,EAAKA,GACfuN,EAAMT,EAAKhN,EAAK93D,GAGtB,GAFa8kE,EAAK9M,EAAK8M,EAAKS,EAAMxN,MACpB+M,EAAKQ,EAAKR,EAAKhgE,EAAIggE,EAAKhN,EAAKC,KAEvC,MAAU/0E,MAAM,yCAIpB,GAFW8hF,EAAKnhD,EAAIC,KACTkhD,EAAKlgD,EAAIrL,GAEhB,MAAUv2B,MAAM,yCACpB,OAAO,CAAI,IAIf,MAAMqzE,EACF,WAAAh1E,CAAY8jF,EAAIC,EAAIC,EAAI3oC,GACpBj7C,KAAK0jF,GAAKA,EACV1jF,KAAK2jF,GAAKA,EACV3jF,KAAK4jF,GAAKA,EACV5jF,KAAKi7C,GAAKA,EACVuoC,EAAY,IAAKE,GACjBF,EAAY,IAAKG,GACjBH,EAAY,IAAKI,GACjBJ,EAAY,IAAKvoC,GACjBn7C,OAAO4tE,OAAO1tE,KAC1B,CACQ,KAAIyb,GACA,OAAOzb,KAAK+zE,WAAWt4D,CACnC,CACQ,KAAIof,GACA,OAAO76B,KAAK+zE,WAAWl5C,CACnC,CACQ,iBAAO06C,CAAWnoD,GACd,GAAIA,aAAawnD,EACb,MAAUrzE,MAAM,8BACpB,MAAMka,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EAGxB,OAFAo2D,EAAY,IAAK/nE,GACjB+nE,EAAY,IAAK3oD,GACV,IAAI+5C,EAAMn5D,EAAGof,EAAGZ,GAAKopD,EAAK5nE,EAAIof,GACjD,CACQ,iBAAO26C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOjrE,KAAKyoB,GAAMA,EAAEw2D,MACjD,OAAOhU,EAAOjrE,KAAI,CAACyoB,EAAGtrB,IAAMsrB,EAAE2mD,SAAS0B,EAAM3zE,MAAK6C,IAAIiwE,EAAMW,WACxE,CAEQ,UAAOO,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAe9sD,GACX+sD,EAAKvF,cAAczwE,KAAMipB,EACrC,CAGQ,cAAA0sD,GACIN,EAAgBr1E,KAC5B,CAEQ,MAAA2jD,CAAOiN,GACH6yB,EAAY7yB,GACZ,MAAQ8yB,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOp2E,MAC3B0jF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,GAAO3lB,EAC7BmzB,EAAOV,EAAKnN,EAAKK,GACjByN,EAAOX,EAAKhN,EAAKD,GACjB6N,EAAOZ,EAAKlN,EAAKI,GACjB2N,EAAOb,EAAK/M,EAAKF,GACvB,OAAO2N,IAASC,GAAQC,IAASC,CAC7C,CACQ,GAAAtW,GACI,OAAO5tE,KAAK2jD,OAAOixB,EAAMhI,KACrC,CACQ,MAAA4C,GAEI,OAAO,IAAIoF,EAAMyO,GAAMrjF,KAAK0jF,IAAK1jF,KAAK2jF,GAAI3jF,KAAK4jF,GAAIP,GAAMrjF,KAAKi7C,IAC1E,CAIQ,MAAAr/B,GACI,MAAM2C,EAAEA,GAAMy0D,GACN0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOp2E,KAC7BkjC,EAAImgD,EAAKnN,EAAKA,GACd9Z,EAAIinB,EAAKlN,EAAKA,GACd3hC,EAAI6uC,EAAK5iD,GAAM4iD,EAAKjN,EAAKA,IACzBp0C,EAAIqhD,EAAK9kE,EAAI2kB,GACbihD,EAAOjO,EAAKC,EACZhP,EAAIkc,EAAKA,EAAKc,EAAOA,GAAQjhD,EAAIk5B,GACjCiL,EAAIrlC,EAAIo6B,EACRgL,EAAIC,EAAI7yB,EACR8yB,EAAItlC,EAAIo6B,EACRsa,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd36C,EAAK02D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIjqD,EACzC,CAIQ,GAAA1oB,CAAI2sD,GACA6yB,EAAY7yB,GACZ,MAAMryC,EAAEA,EAAC8E,EAAEA,GAAM2vD,GACT0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,EAAIn7B,GAAIxuB,GAAOzsB,MACnC0jF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,EAAIt7B,GAAIvuB,GAAOkkC,EAK3C,GAAIryC,IAAM2I,QAAQ,GAAI,CAClB,MAAMgc,EAAImgD,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3Bja,EAAIinB,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3BjP,EAAIic,EAAKjnB,EAAIl5B,GACnB,GAAIkkC,IAAMptC,GACN,OAAOh6B,KAAK4b,SAChB,MAAM44B,EAAI6uC,EAAKjN,EAAK31C,GAAM/T,GACpBsV,EAAIqhD,EAAK52D,EAAKgU,GAAM81C,GACpBpP,EAAInlC,EAAIwS,EACR6yB,EAAIjL,EAAIl5B,EACRokC,EAAItlC,EAAIwS,EACRkiC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd36C,EAAK02D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIjqD,EAC7C,CACY,MAAMuW,EAAImgD,EAAKnN,EAAKG,GACdja,EAAIinB,EAAKlN,EAAKG,GACd9hC,EAAI6uC,EAAK52D,EAAKpJ,EAAIqJ,GAClBsV,EAAIqhD,EAAKjN,EAAKG,GACdpP,EAAIkc,GAAMnN,EAAKC,IAAOE,EAAKC,GAAMpzC,EAAIk5B,GACrCgL,EAAIplC,EAAIwS,EACR6yB,EAAIrlC,EAAIwS,EACR8yB,EAAI+b,EAAKjnB,EAAI79C,EAAI2kB,GACjBwzC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd36C,EAAK02D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIjqD,EACzC,CACQ,QAAAkqD,CAASjmB,GACL,OAAO5wD,KAAKiE,IAAI2sD,EAAM4e,SAClC,CACQ,IAAAH,CAAKz3D,GACD,OAAOo+D,EAAKzF,WAAWvwE,KAAM4X,EAAGg9D,EAAMY,WAClD,CAEQ,QAAAK,CAAS9E,GACL,MAAMn5D,EAAIm5D,EACV2D,GAAY,SAAU98D,EAAGqiB,GAAKs+C,GAC9B,MAAMnrD,EAAEA,EAAC+Y,EAAEA,GAAMnmC,KAAKqvE,KAAKz3D,GAC3B,OAAOg9D,EAAMY,WAAW,CAACpoD,EAAG+Y,IAAI,EAC5C,CAKQ,cAAA2wC,CAAe/F,GACX,MAAMn5D,EAAIm5D,EAEV,OADA2D,GAAY,SAAU98D,EAAGoiB,GAAKu+C,GAC1B3gE,IAAMoiB,GACCoI,EACPpiC,KAAK2jD,OAAOvhB,IAAMxqB,IAAMqiB,GACjBj6B,KACPA,KAAK2jD,OAAO0jB,GACLrnE,KAAKqvE,KAAKz3D,GAAGwV,EACjB4oD,EAAKtG,aAAa1vE,KAAM4X,EAC3C,CAKQ,YAAAwsE,GACI,OAAOpkF,KAAK82E,eAAeU,GAAU5J,KACjD,CAGQ,aAAAwF,GACI,OAAO4C,EAAKtG,aAAa1vE,KAAMu4E,GAAa3K,KACxD,CAGQ,QAAAmG,CAASe,GACL,OAAOD,EAAa70E,KAAM80E,EACtC,CACQ,aAAAzB,GACI,MAAQ7hD,EAAGgmD,GAAaxE,EACxB,OAAIwE,IAAav9C,GACNj6B,KACJA,KAAK82E,eAAeU,EACvC,CAGQ,cAAO9B,CAAQn8D,EAAKupE,GAAS,GACzB,MAAMz/D,EAAEA,EAAC9E,EAAEA,GAAMy0D,EACX1lD,EAAMy9C,EAAGyC,MACfj0D,EAAMiwD,GAAY,WAAYjwD,EAAK+T,GACnC26C,GAAM,SAAU6a,GAChB,MAAMuB,EAAS9qE,EAAI5W,QACbiuB,EAAWrX,EAAI+T,EAAM,GAC3B+2D,EAAO/2D,EAAM,IAAgB,IAAXsD,EAClB,MAAMiK,EAAIypD,GAAmBD,GAIvB37E,EAAMo6E,EAASnV,EAAO5C,EAAGsC,MAC/BqH,GAAY,aAAc75C,EAAGb,GAAKtxB,GAGlC,MAAMiwE,EAAK0K,EAAKxoD,EAAIA,GACdmD,EAAIqlD,EAAK1K,EAAK1+C,IACdpgB,EAAIwpE,EAAKhgE,EAAIs1D,EAAKp6D,GACxB,IAAIysD,QAAEA,EAASzoE,MAAOkZ,GAAMynE,EAAQllD,EAAGnkB,GACvC,IAAKmxD,EACD,MAAUzpE,MAAM,uCACpB,MAAMgjF,GAAU9oE,EAAIwe,MAASA,GACvBuqD,KAA4B,IAAX5zD,GACvB,IAAKkyD,GAAUrnE,IAAMue,IAAOwqD,EAExB,MAAUjjF,MAAM,gCAGpB,OAFIijF,IAAkBD,IAClB9oE,EAAI4nE,GAAM5nE,IACPm5D,EAAMW,WAAW,CAAE95D,IAAGof,KACzC,CACQ,qBAAO+6C,CAAe+F,GAClB,OAAO8I,EAAqB9I,GAAS9H,KACjD,CACQ,UAAA4D,GACI,MAAMh8D,EAAEA,EAACof,EAAEA,GAAM76B,KAAK+zE,WAChB5pE,EAAQu6E,GAAmB7pD,EAAGkwC,EAAGyC,OAEvC,OADArjE,EAAMA,EAAMvI,OAAS,IAAM6Z,EAAIwe,GAAM,IAAO,EACrC9vB,CACnB,CACQ,KAAAqhC,GACI,OAAO+oC,GAAcv0E,KAAKy3E,aACtC,EAEI7C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIn3C,GAAKopD,EAAKrQ,EAAM7B,GAAK6B,EAAM5B,KACtEwD,EAAMhI,KAAO,IAAIgI,EAAM56C,GAAKC,GAAKA,GAAKD,IACtC,MAAQg2C,KAAM3I,EAAGuF,KAAMxqC,GAAMwyC,EACvBoB,EAAO3G,GAAKuF,EAAqB,EAAdzH,GACzB,SAASmL,EAAK/5D,GACV,OAAO4b,GAAI5b,EAAGg6D,EACtB,CAEI,SAASoM,EAAQh3E,GACb,OAAO2qE,EAAKgM,GAAmB32E,GACvC,CAEI,SAAS82E,EAAqB9zE,GAC1B,MAAM2c,EAAM6/C,EACZx8D,EAAM64D,GAAY,cAAe74D,EAAK2c,GAGtC,MAAMoQ,EAAS8rC,GAAY,qBAAsB4Z,EAAMzyE,GAAM,EAAI2c,GAC3D6xB,EAAO6jC,EAAkBtlD,EAAO/6B,MAAM,EAAG2qB,IACzClU,EAASskB,EAAO/6B,MAAM2qB,EAAK,EAAIA,GAC/ByjD,EAAS4T,EAAQxlC,GACjB00B,EAAQxM,EAAEwO,SAAS9E,GACnB6T,EAAa/Q,EAAM4D,aACzB,MAAO,CAAEt4B,OAAM/lC,SAAQ23D,SAAQ8C,QAAO+Q,aAC9C,CAMI,SAASC,EAAmBC,EAAU,IAAIrjF,cAAiB06E,GACvD,MAAM3wD,EAAMwoD,MAAkBmI,GAC9B,OAAOwI,EAAQvB,EAAMH,EAAOz3D,EAAKg+C,GAAY,UAAWsb,KAAYxT,IAC5E,CAeI,MAAMyT,EAAalC,GA6BnBxb,EAAE0O,eAAe,GAiBjB,MAAO,CACH/C,QACAxlC,aAtEJ,SAAsBmuC,GAClB,OAAO8I,EAAqB9I,GAASiJ,UAC7C,EAqEQxkD,KA9DJ,SAAc5U,EAAKmwD,EAAS71E,EAAU,CAAA,GAClC0lB,EAAMg+C,GAAY,UAAWh+C,GACzB8lD,IACA9lD,EAAM8lD,EAAQ9lD,IAClB,MAAMpS,OAAEA,EAAM23D,OAAEA,EAAM6T,WAAEA,GAAeH,EAAqB9I,GACtDjgE,EAAImpE,EAAmB/+E,EAAQg/E,QAAS1rE,EAAQoS,GAChDkuD,EAAIrS,EAAEwO,SAASn6D,GAAG+7D,aAElB79D,EAAI0+D,EAAK58D,EADLmpE,EAAmB/+E,EAAQg/E,QAASpL,EAAGkL,EAAYp5D,GACtCulD,GAGvB,OAFA2D,GAAY,cAAe96D,EAAGogB,GAAKu+C,GAE5B/O,GAAY,SADPwK,GAAe0F,EAAGgL,GAAmB9qE,EAAGmxD,EAAGyC,QACP,EAAdL,EAC1C,EAmDQxsC,OAjDJ,SAAgBoK,EAAKvf,EAAKzf,EAAWjG,EAAUi/E,GAC3C,MAAMD,QAAEA,EAAOhC,OAAEA,GAAWh9E,EACtBwnB,EAAMy9C,EAAGyC,MACfziC,EAAMy+B,GAAY,YAAaz+B,EAAK,EAAIzd,GACxC9B,EAAMg+C,GAAY,UAAWh+C,QACdppB,IAAX0gF,GACA7a,GAAM,SAAU6a,GAChBxR,IACA9lD,EAAM8lD,EAAQ9lD,IAClB,MAAM5R,EAAI0qE,GAAmBv5C,EAAIpoC,MAAM2qB,EAAK,EAAIA,IAGhD,IAAI4V,EAAGw2C,EAAGsL,EACV,IACI9hD,EAAI0xC,EAAMc,QAAQ3pE,EAAW+2E,GAC7BpJ,EAAI9E,EAAMc,QAAQ3qC,EAAIpoC,MAAM,EAAG2qB,GAAMw1D,GACrCkC,EAAK3d,EAAEyP,eAAel9D,EAClC,CACQ,MAAOlT,GACH,OAAO,CACnB,CACQ,IAAKo8E,GAAU5/C,EAAEkhD,eACb,OAAO,EACX,MAAM5qE,EAAIqrE,EAAmBC,EAASpL,EAAEjC,aAAcv0C,EAAEu0C,aAAcjsD,GAGtE,OAFYkuD,EAAEz1E,IAAIi/B,EAAE4zC,eAAet9D,IAExBq9D,SAASmO,GAAI3R,gBAAgB1vB,OAAOixB,EAAMhI,KAC7D,EAuBQqY,cAAerQ,EACftnC,MAtBU,CACVm3C,uBAEAl3C,iBAAkB,IAAMtQ,EAAY8tC,EAAGyC,OAOvCgN,WAAU,CAACvxD,EAAa,EAAG4qD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAe9sD,GACrB4qD,EAAMgC,SAAS3uD,OAAO,IACf2sD,IAWnB;sEC7aA,MAAM75C,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAiBZ,SAASg+D,GAAWlN,GACvB,MAAMhF,GAhBN/H,GADkBvgE,EAiBSstE,EAhBL,CAClBz5D,EAAG,UACJ,CACC4mE,eAAgB,gBAChBhY,YAAa,gBACb6V,kBAAmB,WACnBC,OAAQ,WACRmC,WAAY,WACZC,GAAI,WAGDvlF,OAAO4tE,OAAO,IAAKhjE,KAZ9B,IAAsBA,EAkBlB,MAAMwhE,EAAEA,GAAM8G,EACRqQ,EAAQzrE,GAAMuiB,GAAIviB,EAAGs0D,GACrBiZ,EAAiBnS,EAAMmS,eACvBG,EAAkB78E,KAAK0Q,KAAKgsE,EAAiB,GAC7C9K,EAAWrH,EAAM7F,YACjB6V,EAAoBhQ,EAAMgQ,mBAAiB,CAAM74E,GAAUA,GAC3Di7E,EAAapS,EAAMoS,YAAU,CAAM3pE,GAAMqwD,GAAIrwD,EAAGywD,EAAIhlD,OAAO,GAAIglD,IAWrE,SAASpjC,EAAMy8C,EAAMC,EAAKC,GACtB,MAAMC,EAAQrC,EAAKkC,GAAQC,EAAMC,IAGjC,MAAO,CAFPD,EAAMnC,EAAKmC,EAAME,GACjBD,EAAMpC,EAAKoC,EAAMC,GAEzB,CAGI,MAAMC,GAAO3S,EAAMz0D,EAAI2I,OAAO,IAAMA,OAAO,GA2D3C,SAAS0+D,EAAkB5nD,GACvB,OAAOurC,GAAgB8Z,EAAKrlD,GAAIsnD,EACxC,CAgBI,SAAS/6C,EAAWwmC,EAAQ/yC,GACxB,MAAM6nD,EAhBV,SAA2BC,GAGvB,MAAM9nD,EAAIwrC,GAAY,eAAgBsc,EAAMR,GAG5C,OAFiB,KAAbjL,IACAr8C,EAAE,KAAO,KACNqrC,GAAgBrrC,EAC/B,CASuB+nD,CAAkB/nD,GAC3BgoD,EATV,SAAsBpuE,GAClB,MAAMzN,EAAQq/D,GAAY,SAAU5xD,GAC9B0V,EAAMnjB,EAAMvI,OAClB,GAAI0rB,IAAQg4D,GAAmBh4D,IAAQ+sD,EACnC,MAAU94E,MAAM,YAAY+jF,QAAsBjL,gBAAuB/sD,KAC7E,OAAO+7C,GAAgB2Z,EAAkB74E,GACjD,CAGwB87E,CAAalV,GACvBmV,EAzEV,SAA0BloD,EAAG+yC,GACzBpH,GAAS,IAAK3rC,EAAGhE,GAAKkyC,GACtBvC,GAAS,SAAUoH,EAAQ/2C,GAAKkyC,GAGhC,MAAM1yD,EAAIu3D,EACJoV,EAAMnoD,EACZ,IAKIooD,EALAZ,EAAMvrD,GACNosD,EAAMrsD,GACNyrD,EAAMznD,EACNsoD,EAAMrsD,GACNsrD,EAAOvrD,GAEX,IAAK,IAAIre,EAAIuL,OAAOi+D,EAAiB,GAAIxpE,GAAKqe,GAAKre,IAAK,CACpD,MAAM4qE,EAAO/sE,GAAKmC,EAAKse,GACvBsrD,GAAQgB,EACRH,EAAKt9C,EAAMy8C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GACTA,EAAKt9C,EAAMy8C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GACTb,EAAOgB,EACP,MAAMrjD,EAAIsiD,EAAMa,EACVG,EAAKnD,EAAKngD,EAAIA,GACdk5B,EAAIopB,EAAMa,EACVI,EAAKpD,EAAKjnB,EAAIA,GACd+K,EAAIqf,EAAKC,EACTjyC,EAAIixC,EAAMa,EAEVI,EAAKrD,GADDoC,EAAMa,GACIpjD,GACdyjD,EAAKtD,EAAK7uC,EAAI4nB,GACdwqB,EAAOF,EAAKC,EACZE,EAAQH,EAAKC,EACnBlB,EAAMpC,EAAKuD,EAAOA,GAClBN,EAAMjD,EAAK8C,EAAM9C,EAAKwD,EAAQA,IAC9BrB,EAAMnC,EAAKmD,EAAKC,GAChBJ,EAAMhD,EAAKlc,GAAKqf,EAAKnD,EAAKsC,EAAMxe,IAC5C,CAEQif,EAAKt9C,EAAMy8C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GAETA,EAAKt9C,EAAMy8C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GAET,MAAMU,EAAK1B,EAAWiB,GAEtB,OAAOhD,EAAKmC,EAAMsB,EAC1B,CAsBmBC,CAAiBlB,EAAQG,GAGpC,GAAIE,IAAOlsD,GACP,MAAUz4B,MAAM,0CACpB,OAAOqkF,EAAkBM,EACjC,CAEI,MAAMc,EAAUpB,EAAkB5S,EAAMqS,IACxC,SAAS4B,EAAelW,GACpB,OAAOxmC,EAAWwmC,EAAQiW,EAClC,CACI,MAAO,CACHz8C,aACA08C,iBACA33C,gBAAiB,CAAC97B,EAAYzH,IAAcw+B,EAAW/2B,EAAYzH,GACnEyhC,aAAeh6B,GAAeyzE,EAAezzE,GAC7C85B,MAAO,CAAEC,iBAAkB,IAAMylC,EAAM/1C,YAAY+1C,EAAM7F,cACzD6Z,QAASA,EAEjB;sECrIA,MAAME,GAAe9gB,IAAgB,IAAMqc,GAASz9D,OAAO,CAAE29D,MAAO,QAE9DwE,IADc/gB,IAAgB,IAAMqc,GAASz9D,OAAO,CAAE29D,MAAO,OACpDz7D,OAAO,4IAEhB+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIykD,GAAMzkD,OAAO,GAAUA,OAAO,GAAI,MAAAkgE,GAAOlgE,OAAO,IAElFmgE,GAAOngE,OAAO,IAAKogE,GAAOpgE,OAAO,IAAKqgE,GAAOrgE,OAAO,IAAKsgE,GAAQtgE,OAAO,KAI9E,SAASugE,GAAsBhsE,GAC3B,MAAMywD,EAAIib,GACJjiD,EAAMzpB,EAAIA,EAAIA,EAAKywD,EACnB/mC,EAAMD,EAAKA,EAAKzpB,EAAKywD,EACrB5mC,EAAMymC,GAAK5mC,EAAIwmC,GAAKO,GAAK/mC,EAAM+mC,EAC/BzmC,EAAMsmC,GAAKzmC,EAAIqmC,GAAKO,GAAK/mC,EAAM+mC,EAC/BvmC,EAAOomC,GAAKtmC,EAAIhF,GAAKyrC,GAAKhnC,EAAMgnC,EAChCwb,EAAO3b,GAAKpmC,EAAKyhD,GAAMlb,GAAKvmC,EAAOumC,EACnCyb,EAAO5b,GAAK2b,EAAKL,GAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,GAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,GAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,GAAMpb,GAAKyb,EAAOzb,EACrC6b,EAAQhc,GAAK+b,EAAMrnD,GAAKyrC,GAAKhnC,EAAMgnC,EACnC8b,EAAQjc,GAAKgc,EAAM9tD,GAAKiyC,GAAKzwD,EAAKywD,EACxC,OAAQH,GAAKic,EAAMR,GAAOtb,GAAK6b,EAAQ7b,CAC3C,CACA,SAAS8W,GAAkB74E,GAQvB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,IAAM,EACLA,CACX,CAsBA,MAAM4gE,GAAKqC,GAAM+Z,GAAQ,KAAK,GACxBc,GAAY,CAEd1pE,EAAG2I,OAAO,GAEV7D,EAAG6D,OAAO,2IAEd6jD,GAAIA,GAGAnzD,EAAGsP,OAAO,2IAEV+lD,WAAY,IAEZz7C,EAAGtK,OAAO,GAEViqD,GAAIjqD,OAAO,2IACXkqD,GAAIlqD,OAAO,2IAEXvZ,KAAMu5E,GACNjqD,eACA+lD,qBAEAC,OAAQ,CAACp8E,EAAMy8E,EAAKC,KAChB,GAAID,EAAI1hF,OAAS,IACb,MAAUL,MAAM,uBAAuB+hF,EAAI1hF,QAC/C,OAAOgxB,GAAYrM,GAAY,YAAa,IAAI9kB,WAAW,CAAC8hF,EAAS,EAAI,EAAGD,EAAI1hF,SAAU0hF,EAAKz8E,EAAK,EAExGq8E,QA/CJ,SAAiBllD,EAAGnkB,GAChB,MAAMqyD,EAAIib,GAOJe,EAAM/tD,GAAI6D,EAAIA,EAAInkB,EAAGqyD,GACrBic,EAAMhuD,GAAI+tD,EAAMlqD,EAAGkuC,GACnBkc,EAAOjuD,GAAIguD,EAAMD,EAAMruE,EAAGqyD,GAE1BzwD,EAAI0e,GAAIguD,EADDV,GAAsBW,GACTlc,GAEpBgI,EAAK/5C,GAAI1e,EAAIA,EAAGywD,GAGtB,MAAO,CAAElB,QAAS7wC,GAAI+5C,EAAKr6D,EAAGqyD,KAAOluC,EAAGz7B,MAAOkZ,EACnD,GA+Ba7O,kBAAwBm2E,GAAekF,IAGvCt7E,kBAAuB,KAAOu4E,GAAW,CAClD3mE,EAAG2I,OAAO,QAEVi+D,eAAgB,IAChBhY,YAAa,GACbjB,EAAGib,GACH9B,GAAIn+D,OAAO,GACXk+D,WAAa3pE,IACT,MAAMywD,EAAIib,GAGV,OAAOhtD,GADS4xC,GADI0b,GAAsBhsE,GACRyL,OAAO,GAAIglD,GACxBzwD,EAAGywD,EAAE,EAE9B8W,qBACA/lD,iBAdgC,GAgCnB8tC,GAAGsC,MAAQnmD,OAAO,GAAMA,OAAO,GACjCA,OAAO,QAuFFA,OAAO,SAEHA,OAAO,SAEVA,OAAO,0IAEJA,OAAO,2IAGdA,OAAO;;AClOxB,MAAMmhE,GAAanhE,OAAO,sEACpBohE,GAAaphE,OAAO,sEACpB+S,GAAM/S,OAAO,GACbuZ,GAAMvZ,OAAO,GACbqhE,GAAa,CAAChqE,EAAGzG,KAAOyG,EAAIzG,EAAI2oB,IAAO3oB,EA6B7C,MAAMizD,GAAKqC,GAAMib,QAAYjmF,OAAWA,EAAW,CAAEmsE,KAxBrD,SAAiB1zC,GACb,MAAMqxC,EAAImc,GAEJ1c,EAAMzkD,OAAO,GAAIshE,EAAMthE,OAAO,GAAIkgE,EAAOlgE,OAAO,IAAKmgE,EAAOngE,OAAO,IAEnEuhE,EAAOvhE,OAAO,IAAKogE,EAAOpgE,OAAO,IAAKqgE,EAAOrgE,OAAO,IACpDge,EAAMrK,EAAIA,EAAIA,EAAKqxC,EACnB/mC,EAAMD,EAAKA,EAAKrK,EAAKqxC,EACrB5mC,EAAMymC,GAAK5mC,EAAIwmC,EAAKO,GAAK/mC,EAAM+mC,EAC/BzmC,EAAMsmC,GAAKzmC,EAAIqmC,EAAKO,GAAK/mC,EAAM+mC,EAC/BvmC,EAAOomC,GAAKtmC,EAAIhF,GAAKyrC,GAAKhnC,EAAMgnC,EAChCwb,EAAO3b,GAAKpmC,EAAKyhD,EAAMlb,GAAKvmC,EAAOumC,EACnCyb,EAAO5b,GAAK2b,EAAKL,EAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,EAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,EAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,EAAMpb,GAAKyb,EAAOzb,EACrC8b,EAAQjc,GAAK+b,EAAMnc,EAAKO,GAAK/mC,EAAM+mC,EACnC/9C,EAAM49C,GAAKic,EAAMS,EAAMvc,GAAKwb,EAAOxb,EACnC99C,EAAM29C,GAAK59C,EAAIq6D,EAAKtc,GAAKhnC,EAAMgnC,EAC/BE,EAAOL,GAAK39C,EAAIqS,GAAKyrC,GAC3B,IAAKnB,GAAGsB,IAAItB,GAAGuB,IAAIF,GAAOvxC,GACtB,MAAUt5B,MAAM,2BACpB,OAAO6qE,CACX,IAKanhE,GAAYmxE,GAAY,CACjC79D,EAAG2I,OAAO,GACVpP,EAAGoP,OAAO,GACd6jD,GAAIA,GACAnzD,EAAG0wE,GAEHnX,GAAIjqD,OAAO,iFACXkqD,GAAIlqD,OAAO,iFACXsK,EAAGtK,OAAO,GACVorB,MAAM,EAONihC,KAAM,CACFC,KAAMtsD,OAAO,sEACbusD,YAAcj6D,IACV,MAAM5B,EAAI0wE,GACJh2D,EAAKpL,OAAO,sCACZ+d,GAAMhL,GAAM/S,OAAO,sCACnBwhE,EAAKxhE,OAAO,uCACZge,EAAK5S,EACLq2D,EAAYzhE,OAAO,uCACnBga,EAAKqnD,GAAWrjD,EAAK1rB,EAAG5B,GACxBupB,EAAKonD,IAAYtjD,EAAKzrB,EAAG5B,GAC/B,IAAI8Q,EAAKyR,GAAI3gB,EAAI0nB,EAAK5O,EAAK6O,EAAKunD,EAAI9wE,GAChC+Q,EAAKwR,IAAK+G,EAAK+D,EAAK9D,EAAK+D,EAAIttB,GACjC,MAAMo/D,EAAQtuD,EAAKigE,EACb1R,EAAQtuD,EAAKggE,EAKnB,GAJI3R,IACAtuD,EAAK9Q,EAAI8Q,GACTuuD,IACAtuD,EAAK/Q,EAAI+Q,GACTD,EAAKigE,GAAahgE,EAAKggE,EACvB,MAAUpnF,MAAM,uCAAyCiY,GAE7D,MAAO,CAAEw9D,QAAOtuD,KAAIuuD,QAAOtuD,KAAI,IAGxC5a,IAGSmZ,OAAO,GAiBLjc,GAAU2sE,gBCnGxB,MAAM7M,GAAKqC,GAAMlmD,OAAO,uEAKX5b,GAAkB8wE,GAAY,CACzC79D,EALcwsD,GAAG/lD,OAAOkC,OAAO,uEAM/BpP,EALcoP,OAAO,yEAMrB6jD,GAEAnzD,EAAGsP,OAAO,sEAEViqD,GAAIjqD,OAAO,sEACXkqD,GAAIlqD,OAAO,sEACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACIvkC,IChBNg9D,GAAKqC,GAAMlmD,OAAO,uGAKX3b,GAAkB6wE,GAAY,CACzC79D,EALcwsD,GAAG/lD,OAAOkC,OAAO,uGAM/BpP,EALcoP,OAAO,yGAMrB6jD,GAEAnzD,EAAGsP,OAAO,sGAEViqD,GAAIjqD,OAAO,sGACXkqD,GAAIlqD,OAAO,sGACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACItkC,IChBN+8D,GAAKqC,GAAMlmD,OAAO,uIAKX1b,GAAkB4wE,GAAY,CACzC79D,EALcwsD,GAAG/lD,OAAOkC,OAAO,uIAM/BpP,EALcoP,OAAO,sIAMrB6jD,MAEAnzD,EAAGsP,OAAO,sIAEViqD,GAAIjqD,OAAO,sIACXkqD,GAAIlqD,OAAO,sIACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACIrkC,ICRCwJ,GAAc,IAAIo+C,IAAI/1D,OAAOiI,QAAQ,CAClD4C,SAAEA,GACFE,SAAEA,GACFE,SAAEA,GACAO,mBACAC,mBACAC,mBACAP,aACA0B,QACAC,+ECDF,SAASg8E,GAAIlyC,EAAMnjC,EAASya,EAASyF,EAAMhE,EAAI5f,GAE7C,MAAMg5E,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACItnF,EACAsY,EACAivE,EACAC,EACAC,EACA9+D,EACA6qD,EACAkU,EAKAC,EACAC,EAdApxD,EAAI,EAeJhL,EAAM/Z,EAAQ3R,OAGlB,MAAM+nF,EAA6B,KAAhBjzC,EAAK90C,OAAgB,EAAI,EAE1C4nF,EADiB,IAAfG,EACQ37D,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFza,EAqQJ,SAAuBA,GACrB,MAAMq2E,EAAY,EAAKr2E,EAAQ3R,OAAS,EAExC,IAAI+wB,EAKG,KAAiBi3D,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOr2E,EAEP,MAAUhS,MAAM,uBACpB,CALIoxB,EAAM,EAOR,MAAMk3D,EAAgB,IAAIpoF,WAAW8R,EAAQ3R,OAASgoF,GACtD,IAAK,IAAI9nF,EAAI,EAAGA,EAAIyR,EAAQ3R,OAAQE,IAClC+nF,EAAc/nF,GAAKyR,EAAQzR,GAE7B,IAAK,IAAIsY,EAAI,EAAGA,EAAIwvE,EAAWxvE,IAC7ByvE,EAAct2E,EAAQ3R,OAASwY,GAAKuY,EAGtC,OAAOk3D,CACT,CA9RcC,CAAcv2E,GACxB+Z,EAAM/Z,EAAQ3R,QAIhB,IAAIG,EAAS,IAAIN,WAAW6rB,GACxB9T,EAAI,EASR,KAAO8e,EAAIhL,GAAK,CAsCd,IArCA7C,EAAQlX,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,EAAK/kB,EAAQ+kB,KACnFg9C,EAAS/hE,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,EAAK/kB,EAAQ+kB,KAgBpF+wD,EAAgC,WAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EACjBA,EAAiC,OAAxB5+D,IAAS,GAAM6qD,GACxBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,GACjBA,EAAgC,WAAvB/T,IAAU,EAAK7qD,GACxBA,GAAQ4+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,UAAvB/T,IAAU,EAAK7qD,GACxBA,GAAQ4+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EAEjB5+D,EAASA,GAAQ,EAAMA,IAAS,GAChC6qD,EAAUA,GAAS,EAAMA,IAAU,GAG9Bl7D,EAAI,EAAGA,EAAIuvE,EAAYvvE,GAAK,EAAG,CAIlC,IAHAqvE,EAAUD,EAAQpvE,EAAI,GACtBsvE,EAAUF,EAAQpvE,EAAI,GAEjBtY,EAAI0nF,EAAQpvE,GAAItY,IAAM2nF,EAAS3nF,GAAK4nF,EACvCJ,EAAShU,EAAQ5+B,EAAK50C,GACtBynF,GAAWjU,IAAU,EAAMA,GAAS,IAAO5+B,EAAK50C,EAAI,GAEpDunF,EAAO5+D,EACPA,EAAO6qD,EACPA,EAAQ+T,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAO5+D,EACPA,EAAO6qD,EACPA,EAAQ+T,CACT,CAGD5+D,EAASA,IAAS,EAAMA,GAAQ,GAChC6qD,EAAUA,IAAU,EAAMA,GAAS,GAGnC+T,EAAgC,YAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAK7qD,GACxBA,GAAQ4+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,WAAvB/T,IAAU,EAAK7qD,GACxBA,GAAQ4+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAiC,OAAxB5+D,IAAS,GAAM6qD,GACxBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,GACjBA,EAAgC,WAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EAajBtnF,EAAOyX,KAAQiR,IAAS,GACxB1oB,EAAOyX,KAASiR,IAAS,GAAM,IAC/B1oB,EAAOyX,KAASiR,IAAS,EAAK,IAC9B1oB,EAAOyX,KAAe,IAAPiR,EACf1oB,EAAOyX,KAAQ87D,IAAU,GACzBvzE,EAAOyX,KAAS87D,IAAU,GAAM,IAChCvzE,EAAOyX,KAAS87D,IAAU,EAAK,IAC/BvzE,EAAOyX,KAAgB,IAAR87D,CAChB,CAOD,OAJKtnD,IACHjsB,EA4KJ,SAA0BwR,GACxB,IACIof,EADAi3D,EAAY,KAYhB,GALEj3D,EAAM,GAKHi3D,EAAW,CAEd,IADAA,EAAY,EACLr2E,EAAQA,EAAQ3R,OAASgoF,KAAej3D,GAC7Ci3D,IAEFA,GACJ,CAEE,OAAOr2E,EAAQvK,SAAS,EAAGuK,EAAQ3R,OAASgoF,EAC9C,CAlMaG,CAAiBhoF,IAGrBA,CACT,CAOA,SAASioF,GAAcr5E,GAErB,MAAMs5E,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAah5E,EAAI/O,OAAS,EAAI,EAAI,EAElC80C,EAAW/2C,MAAM,GAAKgqF,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGA5B,EAFA/wD,EAAI,EACJ1gB,EAAI,EAGR,IAAK,IAAIwC,EAAI,EAAGA,EAAIuvE,EAAYvvE,IAAK,CACnC,IAAIqQ,EAAQ9Z,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,EAAK3nB,EAAI2nB,KACnEg9C,EAAS3kE,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,EAAK3nB,EAAI2nB,KAExE+wD,EAAgC,WAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAM7qD,GAC1BA,GAAQ4+D,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,WAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAM7qD,GAC1BA,GAAQ4+D,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,YAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAK7qD,GACxBA,GAAQ4+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvB5+D,IAAS,EAAK6qD,GACvBA,GAAS+T,EACT5+D,GAAS4+D,GAAQ,EAGjBA,EAAQ5+D,GAAQ,EAAO6qD,IAAU,GAAM,IAEvC7qD,EAAQ6qD,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQ+T,EAGR,IAAK,IAAIvnF,EAAI,EAAGA,EAAIipF,GAAejpF,IAE7BipF,EAAOjpF,IACT2oB,EAAQA,GAAQ,EAAMA,IAAS,GAC/B6qD,EAASA,GAAS,EAAMA,IAAU,KAElC7qD,EAAQA,GAAQ,EAAMA,IAAS,GAC/B6qD,EAASA,GAAS,EAAMA,IAAU,IAEpC7qD,IAAS,GACT6qD,IAAU,GAMV0V,EAAWf,EAAUx/D,IAAS,IAAMy/D,EAAWz/D,IAAS,GAAM,IAAO0/D,EAAW1/D,IAAS,GAAM,IAAO2/D,EACpG3/D,IAAS,GAAM,IAAO4/D,EAAW5/D,IAAS,GAAM,IAAO6/D,EAAW7/D,IAAS,EAAK,IAAO8/D,EAAW9/D,IAAS,EAC3G,IACFwgE,EAAYT,EAAUlV,IAAU,IAAMmV,EAAWnV,IAAU,GAAM,IAAOoV,EAAWpV,IAAU,GAAM,IACjGqV,EAAYrV,IAAU,GAAM,IAAOsV,EAAYtV,IAAU,GAAM,IAAOuV,EAAYvV,IAAU,EAAK,IACjGwV,EAAYxV,IAAU,EAAK,IAC7B+T,EAAyC,OAAhC4B,IAAc,GAAMD,GAC7Bt0C,EAAK9+B,KAAOozE,EAAW3B,EACvB3yC,EAAK9+B,KAAOqzE,EAAa5B,GAAQ,EAEpC,CAED,OAAO3yC,CACT,CAwDO,SAASw0C,GAAUv6E,GACxB3Q,KAAK2Q,IAAM,GAEX,IAAK,IAAI7O,EAAI,EAAGA,EAAI,EAAGA,IACrB9B,KAAK2Q,IAAI7N,KAAK,IAAIrB,WAAWkP,EAAI3H,SAAa,EAAJlH,EAAY,EAAJA,EAAS,KAG7D9B,KAAKguB,QAAU,SAASiE,GACtB,OAAO22D,GACLoB,GAAchqF,KAAK2Q,IAAI,IACvBi4E,GACEoB,GAAchqF,KAAK2Q,IAAI,IACvBi4E,GACEoB,GAAchqF,KAAK2Q,IAAI,IACvBshB,GAAO,IAET,IACC,EAEN,CACH,CCtbA,SAASk5D,KACPnrF,KAAKorF,UAAY,EACjBprF,KAAKqrF,QAAU,GAEfrrF,KAAKsrF,OAAS,SAAS36E,GAMrB,GALA3Q,KAAKurF,QAAc5rF,MAAM,IACzBK,KAAKwrF,OAAa7rF,MAAM,IAExBK,KAAKoqE,QAEDz5D,EAAI/O,SAAW5B,KAAKqrF,QAGtB,MAAU9pF,MAAM,mCAElB,OAJEvB,KAAKyrF,YAAY96E,IAIZ,CACR,EAED3Q,KAAKoqE,MAAQ,WACX,IAAK,IAAItoE,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAKurF,QAAQzpF,GAAK,EAClB9B,KAAKwrF,OAAO1pF,GAAK,CAEpB,EAED9B,KAAK0rF,aAAe,WAClB,OAAO1rF,KAAKorF,SACb,EAEDprF,KAAKguB,QAAU,SAASW,GACtB,MAAMH,EAAU7uB,MAAMgvB,EAAI/sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI6sB,EAAI/sB,OAAQE,GAAK,EAAG,CACtC,IAEI6Z,EAFA2mB,EAAK3T,EAAI7sB,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GACtE4Z,EAAKiT,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GAG9E6Z,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EAEJ6S,EAAI1sB,GAAM4Z,IAAM,GAAM,IACtB8S,EAAI1sB,EAAI,GAAM4Z,IAAM,GAAM,IAC1B8S,EAAI1sB,EAAI,GAAM4Z,IAAM,EAAK,IACzB8S,EAAI1sB,EAAI,GAAS,IAAJ4Z,EACb8S,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,IAAM,EAAK,IACzB9T,EAAI1sB,EAAI,GAAS,IAAJwgC,CACnB,CAEI,OAAO9T,CACR,EAEDxuB,KAAKsuB,QAAU,SAASK,GACtB,MAAMH,EAAU7uB,MAAMgvB,EAAI/sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI6sB,EAAI/sB,OAAQE,GAAK,EAAG,CACtC,IAEI6Z,EAFA2mB,EAAK3T,EAAI7sB,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GACtE4Z,EAAKiT,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GAG9E6Z,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,IAAKvrF,KAAKwrF,OAAO,KAC5ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EAEJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIupD,EAAGnwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIspD,EAAGlwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EACJA,EAAID,EACJA,EAAI4mB,EAAIqpD,EAAGjwE,EAAG1b,KAAKurF,QAAQ,GAAIvrF,KAAKwrF,OAAO,IAC3ClpD,EAAI3mB,EAEJ6S,EAAI1sB,GAAM4Z,IAAM,GAAM,IACtB8S,EAAI1sB,EAAI,GAAM4Z,IAAM,GAAM,IAC1B8S,EAAI1sB,EAAI,GAAM4Z,IAAM,EAAK,IACzB8S,EAAI1sB,EAAI,GAAS,IAAJ4Z,EACb8S,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,GAAK,GAAM,IACzB9T,EAAI1sB,EAAI,GAAMwgC,GAAK,EAAK,IACxB9T,EAAI1sB,EAAI,GAAS,IAAJwgC,CACnB,CAEI,OAAO9T,CACR,EACD,MAAMs9D,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGtoE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR+e,EAAKzmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASswE,EAAK,GAAG5pD,IAAM,IAAM4pD,EAAK,GAAI5pD,IAAM,GAAM,MAAQ4pD,EAAK,GAAI5pD,IAAM,EAAK,KAAQ4pD,EAAK,GAAO,IAAJ5pD,EAClG,CAEE,SAASwpD,EAAGvoE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR+e,EAAKzmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASswE,EAAK,GAAG5pD,IAAM,IAAM4pD,EAAK,GAAI5pD,IAAM,GAAM,KAAQ4pD,EAAK,GAAI5pD,IAAM,EAAK,KAAQ4pD,EAAK,GAAO,IAAJ5pD,EAClG,CAEE,SAASypD,EAAGxoE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR+e,EAAKzmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASswE,EAAK,GAAG5pD,IAAM,IAAM4pD,EAAK,GAAI5pD,IAAM,GAAM,KAAQ4pD,EAAK,GAAI5pD,IAAM,EAAK,MAAQ4pD,EAAK,GAAO,IAAJ5pD,EAClG,CA9FE2pD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnC/rF,KAAKyrF,YAAc,SAASQ,GAC1B,MAAMtwE,aACAnC,EAAQ7Z,MAAM,IAEpB,IAAIya,EAEJ,IAAK,IAAItY,EAAI,EAAGA,EAAI,EAAGA,IACrBsY,EAAQ,EAAJtY,EACJ6Z,EAAE7Z,GAAMmqF,EAAI7xE,IAAM,GAAO6xE,EAAI7xE,EAAI,IAAM,GAAO6xE,EAAI7xE,EAAI,IAAM,EAAK6xE,EAAI7xE,EAAI,GAG3E,MAAMqB,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACI0N,EADA+iE,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIlL,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK7mE,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMmE,EAAIutE,EAAU7K,GAAO7mE,GAC3B+O,EAAIxN,EAAE4C,EAAE,IAER4K,GAAK6iE,EAAK,GAAIrwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK6iE,EAAK,GAAIrwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK6iE,EAAK,GAAIrwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK6iE,EAAK,GAAIrwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK6iE,EAAKvwE,EAAErB,IAAKuB,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D5C,EAAE4C,EAAE,IAAM4K,CACpB,CAEQ,IAAK/O,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtC,EAAIi0E,EAAU9K,GAAO7mE,GAC3B+O,EAAI6iE,EAAK,GAAIrwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDqR,GAAK6iE,EAAK,GAAIrwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK6iE,EAAK,GAAIrwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK6iE,EAAK,GAAIrwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK6iE,EAAK,EAAI5xE,GAAIuB,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7D0B,EAAE0yE,GAAM/iE,EACR+iE,GACV,CACA,CAGI,IAAK,IAAIpqF,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAKurF,QAAQzpF,GAAK0X,EAAE1X,GACpB9B,KAAKwrF,OAAO1pF,GAAiB,GAAZ0X,EAAE,GAAK1X,EAE3B,EAsBD,MAAMkqF,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASI,GAAMz7E,GACb3Q,KAAKgN,MAAQ,IAAIm+E,GACjBnrF,KAAKgN,MAAMs+E,OAAO36E,GAElB3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAKgN,MAAMghB,QAAQiE,EAC3B,CACH,CDpJAi5D,GAAUjoE,QAAUioE,GAAUjrF,UAAUgjB,QAAU,GAClDioE,GAAUhoE,UAAYgoE,GAAUjrF,UAAUijB,UAAY,ECqJtDkpE,GAAMlpE,UAAYkpE,GAAMnsF,UAAUijB,UAAY,EAC9CkpE,GAAMnpE,QAAUmpE,GAAMnsF,UAAUgjB,QAAU,GCpkB1C,MAAMopE,GAAS,WAEf,SAASC,GAAKnjE,EAAGvR,GACf,OAAQuR,GAAKvR,EAAIuR,IAAO,GAAKvR,GAAMy0E,EACrC,CAEA,SAASE,GAAKhuE,EAAGzc,GACf,OAAOyc,EAAEzc,GAAKyc,EAAEzc,EAAI,IAAM,EAAIyc,EAAEzc,EAAI,IAAM,GAAKyc,EAAEzc,EAAI,IAAM,EAC7D,CAEA,SAAS0qF,GAAKjuE,EAAGzc,EAAGqnB,GAClB5K,EAAEkuE,OAAO3qF,EAAG,EAAO,IAAJqnB,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASujE,GAAKjxE,EAAG7D,GACf,OAAQ6D,IAAW,EAAJ7D,EAAU,GAC3B,CAkSA,SAAS+0E,GAAGh8E,GACV3Q,KAAK4sF,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMzxE,GACb,OAAOwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,GAC7F,CAEE,SAAS0xE,EAAM1xE,GACb,OAAOwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,IAAMwxE,EAAK,GAAGP,GAAKjxE,EAAG,GAC7F,CAEE,SAAS2xE,EAAQ1xE,EAAG2xE,GAClB,IAAI9uE,EAAI2uE,EAAMG,EAAI,IACdv1E,EAAIq1E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAM9uE,EAAIzG,EAAIk1E,EAAO,EAAItxE,EAAI,GAAM2wE,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM9uE,EAAI,EAAIzG,EAAIk1E,EAAO,EAAItxE,EAAI,GAAM2wE,GAC7D9tE,EAAI2uE,EAAMG,EAAI,IACdv1E,EAAIq1E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAM9uE,EAAIzG,EAAIk1E,EAAO,EAAItxE,EAAI,IAAO2wE,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM9uE,EAAI,EAAIzG,EAAIk1E,EAAO,EAAItxE,EAAI,IAAO2wE,EAClE,CAEE,SAASiB,EAAQxrF,EAAGurF,GAClB,IAAI9uE,EAAI2uE,EAAMG,EAAI,IACdv1E,EAAIq1E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM9uE,EAAIzG,EAAIk1E,EAAO,EAAIlrF,EAAI,IAAOuqF,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAM9uE,EAAI,EAAIzG,EAAIk1E,EAAO,EAAIlrF,EAAI,IAAOuqF,GAAQ,IAClE9tE,EAAI2uE,EAAMG,EAAI,IACdv1E,EAAIq1E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM9uE,EAAIzG,EAAIk1E,EAAO,EAAIlrF,EAAI,GAAMuqF,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAM9uE,EAAI,EAAIzG,EAAIk1E,EAAO,EAAIlrF,EAAI,GAAMuqF,GAAQ,GACrE,CAqDE,MAAO,CACLpkF,KAAM,UACNslF,UAAW,GACXC,KAhQF,SAAiB78E,GAEf,IAAI7O,EACAyc,EACAzG,EACAsL,EACAC,EALJwpE,EAAWl8E,EAMX,MAAM88E,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3D1qE,EAAI,CACR,GACA,IAEI0U,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASi2D,EAAM9yE,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,EAC9C,CAEI,SAAS+yE,EAAM/yE,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,EACzD,CAEI,SAASgzE,EAAOrhE,EAAGxJ,GACjB,IAAI9hB,EACA6Z,EACAqiB,EACJ,IAAKl8B,EAAI,EAAGA,EAAI,EAAGA,IACjB6Z,EAAIiI,IAAM,GACVA,EAAMA,GAAK,EAAKyoE,GAAUj/D,IAAM,GAChCA,EAAKA,GAAK,EAAKi/D,GACfruD,EAAIriB,GAAK,EACD,IAAJA,IACFqiB,GAAK,KAEPpa,GAAKjI,EAAKqiB,GAAK,GACfA,GAAKriB,IAAM,EACH,EAAJA,IACFqiB,GAAK,KAEPpa,GAAKoa,GAAK,GAAKA,GAAK,EAEtB,OAAOpa,CACb,CAEI,SAAS8qE,EAAG92E,EAAG6D,GACb,MAAM8C,EAAI9C,GAAK,EACT3D,EAAQ,GAAJ2D,EACJ2H,EAAI6qE,EAAGr2E,GAAG2G,EAAIzG,GACduL,EAAI6qE,EAAGt2E,GAAGy2E,EAAKv2E,GAAKw2E,EAAK/vE,IAC/B,OAAO6vE,EAAGx2E,GAAGy2E,EAAKhrE,GAAKirE,EAAKlrE,KAAO,EAAI+qE,EAAGv2E,GAAGwL,EAAIC,EACvD,CAEI,SAASsrE,EAAKlzE,EAAG9K,GACf,IAAI4N,EAAImuE,GAAKjxE,EAAG,GACZ3D,EAAI40E,GAAKjxE,EAAG,GACZ2H,EAAIspE,GAAKjxE,EAAG,GACZ4H,EAAIqpE,GAAKjxE,EAAG,GAChB,OAAQmyE,GACN,KAAK,EACHrvE,EAAIqF,EAAE,GAAGrF,GAAKmuE,GAAK/7E,EAAI,GAAI,GAC3BmH,EAAI8L,EAAE,GAAG9L,GAAK40E,GAAK/7E,EAAI,GAAI,GAC3ByS,EAAIQ,EAAE,GAAGR,GAAKspE,GAAK/7E,EAAI,GAAI,GAC3B0S,EAAIO,EAAE,GAAGP,GAAKqpE,GAAK/7E,EAAI,GAAI,GAC7B,KAAK,EACH4N,EAAIqF,EAAE,GAAGrF,GAAKmuE,GAAK/7E,EAAI,GAAI,GAC3BmH,EAAI8L,EAAE,GAAG9L,GAAK40E,GAAK/7E,EAAI,GAAI,GAC3ByS,EAAIQ,EAAE,GAAGR,GAAKspE,GAAK/7E,EAAI,GAAI,GAC3B0S,EAAIO,EAAE,GAAGP,GAAKqpE,GAAK/7E,EAAI,GAAI,GAC7B,KAAK,EACH4N,EAAIqF,EAAE,GAAGA,EAAE,GAAGrF,GAAKmuE,GAAK/7E,EAAI,GAAI,IAAM+7E,GAAK/7E,EAAI,GAAI,GACnDmH,EAAI8L,EAAE,GAAGA,EAAE,GAAG9L,GAAK40E,GAAK/7E,EAAI,GAAI,IAAM+7E,GAAK/7E,EAAI,GAAI,GACnDyS,EAAIQ,EAAE,GAAGA,EAAE,GAAGR,GAAKspE,GAAK/7E,EAAI,GAAI,IAAM+7E,GAAK/7E,EAAI,GAAI,GACnD0S,EAAIO,EAAE,GAAGA,EAAE,GAAGP,GAAKqpE,GAAK/7E,EAAI,GAAI,IAAM+7E,GAAK/7E,EAAI,GAAI,GAEvD,OAAO2nB,EAAE,GAAG/Z,GAAK+Z,EAAE,GAAGxgB,GAAKwgB,EAAE,GAAGlV,GAAKkV,EAAE,GAAGjV,EAChD,CAII,IAFAwpE,EAAWA,EAASlqF,MAAM,EAAG,IAC7Bb,EAAI+qF,EAASjrF,OACA,KAANE,GAAkB,KAANA,GAAkB,KAANA,GAC7B+qF,EAAS/qF,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAI+qF,EAASjrF,OAAQE,GAAK,EACpC6rF,EAAM7rF,GAAK,GAAKyqF,GAAKM,EAAU/qF,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnB8hB,EAAE,GAAG9hB,GAAK4sF,EAAG,EAAG5sF,GAChB8hB,EAAE,GAAG9hB,GAAK4sF,EAAG,EAAG5sF,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBgsF,EAAMlqE,EAAE,GAAG9hB,GACXisF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZx1D,EAAE,GAAGx2B,GAAKgsF,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnD11D,EAAE,GAAGx2B,GAAKisF,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAMlqE,EAAE,GAAG9hB,GACXisF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZx1D,EAAE,GAAGx2B,GAAKksF,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnDx1D,EAAE,GAAGx2B,GAAKisF,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM/rF,OAAS,EACjBE,EAAI,EAAGA,EAAI8rF,EAAM9rF,IACpByc,EAAIovE,EAAM7rF,EAAIA,GACd2rF,EAAM3rF,GAAKyc,EACXzG,EAAI61E,EAAM7rF,EAAIA,EAAI,GAClB4rF,EAAM5rF,GAAKgW,EACX+1E,EAAKD,EAAO9rF,EAAI,GAAK2sF,EAAOlwE,EAAGzG,GAEjC,IAAKhW,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvByc,EAAI,SAAYzc,EAChBgW,EAAIyG,EAAI,SACRA,EAAIowE,EAAKpwE,EAAGkvE,GACZ31E,EAAIw0E,GAAKqC,EAAK72E,EAAG41E,GAAQ,GACzBV,EAAOlrF,GAAMyc,EAAIzG,EAAKu0E,GACtBW,EAAOlrF,EAAI,GAAKwqF,GAAK/tE,EAAI,EAAIzG,EAAG,GAElC,IAAKhW,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAyc,EAAIzG,EAAIsL,EAAIC,EAAIvhB,EACR8rF,GACN,KAAK,EACHrvE,EAAIqF,EAAE,GAAGrF,GAAKmuE,GAAKmB,EAAK,GAAI,GAC5B/1E,EAAI8L,EAAE,GAAG9L,GAAK40E,GAAKmB,EAAK,GAAI,GAC5BzqE,EAAIQ,EAAE,GAAGR,GAAKspE,GAAKmB,EAAK,GAAI,GAC5BxqE,EAAIO,EAAE,GAAGP,GAAKqpE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHtvE,EAAIqF,EAAE,GAAGrF,GAAKmuE,GAAKmB,EAAK,GAAI,GAC5B/1E,EAAI8L,EAAE,GAAG9L,GAAK40E,GAAKmB,EAAK,GAAI,GAC5BzqE,EAAIQ,EAAE,GAAGR,GAAKspE,GAAKmB,EAAK,GAAI,GAC5BxqE,EAAIO,EAAE,GAAGP,GAAKqpE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGnrF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGrF,GAAKmuE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGnrF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAG9L,GAAK40E,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGnrF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGR,GAAKspE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGnrF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGP,GAAKqpE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IAG7E,EAuFI5qF,MAvDF,WACE+pF,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,GAEN,EAgDIj/D,QA9CF,SAAoBnnB,EAAMgS,GACxBi0E,EAAYjmF,EACZkmF,EAAal0E,EACb,MAAMw0E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAI5yE,EAAI,EAAGA,EAAI,EAAGA,IACrBgzE,EAAQhzE,EAAGizE,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,CACX,EA+BIx+D,QA7BF,SAAoBznB,EAAMgS,GACxBi0E,EAAYjmF,EACZkmF,EAAal0E,EACb,MAAMw0E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAI5yE,EAAI,EAAGA,GAAK,EAAGA,IACtBkzE,EAAQlzE,EAAGizE,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,EAClB,EAgBI6B,SAZF,WACE,OAAO9B,CACX,EAYA,CAKY+B,GACV7uF,KAAK4sF,GAAGY,KAAK7tF,MAAM6gB,KAAK7P,GAAM,GAE9B3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAK4sF,GAAG5+D,QAAQruB,MAAM6gB,KAAKyR,GAAQ,EAC3C,CACH,CCxUA,SAAS68D,KAAW,CAqXpB,SAASC,GAAGp+E,GACV3Q,KAAKgvF,GAAK,IAAIF,GACd9uF,KAAKgvF,GAAGvtD,KAAK9wB,GAEb3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAKgvF,GAAGh9D,aAAaC,EAC7B,CACH,CDlDA06D,GAAG1pE,QAAU0pE,GAAG1sF,UAAUgjB,QAAU,GACpC0pE,GAAGzpE,UAAYypE,GAAG1sF,UAAUijB,UAAY,GCrUxC4rE,GAAS7uF,UAAUgvF,UAAY,EAK/BH,GAAS7uF,UAAUivF,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCJ,GAAS7uF,UAAUkvF,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DL,GAAS7uF,UAAUmvF,GAAK,GASxBN,GAAS7uF,UAAUovF,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,UACd,CACE,OAAOA,CACT,EAKAR,GAAS7uF,UAAU0oE,GAAK,SAAS2mB,GAC/B,IAAIC,EAEJ,MAAMC,EAAU,IAALF,EAELG,EAAU,KADhBH,KAAQ,GAGFI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAOR,OAJAC,EAAKvvF,KAAK4vF,OAAO,GAAGD,GAAM3vF,KAAK4vF,OAAO,GAAGF,GACzCH,GAAMvvF,KAAK4vF,OAAO,GAAGH,GACrBF,GAAMvvF,KAAK4vF,OAAO,GAAGJ,GAEdD,CACT,EAMAT,GAAS7uF,UAAU4vF,cAAgB,SAASC,GAC1C,IAGIrsE,EAHAssE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKrsE,EAAK,EAAGA,EAAKzjB,KAAKovF,KAAM3rE,EAAI,CAC/BssE,GAAS/vF,KAAKiwF,OAAOxsE,GACrBusE,EAAQhwF,KAAK2oE,GAAGonB,GAASC,EAEzB,MAAMvkE,EAAMskE,EACZA,EAAQC,EACRA,EAAQvkE,CACZ,CAEEskE,GAAS/vF,KAAKiwF,OAAOjwF,KAAKovF,GAAK,GAC/BY,GAAShwF,KAAKiwF,OAAOjwF,KAAKovF,GAAK,GAE/BU,EAAK,GAAK9vF,KAAKqvF,OAAOW,GACtBF,EAAK,GAAK9vF,KAAKqvF,OAAOU,EACxB,EAWAjB,GAAS7uF,UAAU+xB,aAAe,SAASk+D,GACzC,IAAIzsE,EACJ,MAAMqsE,EAAO,CAAC,EAAG,GACXK,EAAMnwF,KAAKivF,UAAY,EAC7B,IAAKxrE,EAAK,EAAGA,EAAKzjB,KAAKivF,UAAY,IAAKxrE,EACtCqsE,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBI,EAAOzsE,EAAK,GACxCqsE,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBI,EAAOzsE,EAAK0sE,GAG1CnwF,KAAK6vF,cAAcC,GAEnB,MAAMM,EAAM,GACZ,IAAK3sE,EAAK,EAAGA,EAAKzjB,KAAKivF,UAAY,IAAKxrE,EACtC2sE,EAAI3sE,EAAK,GAAOqsE,EAAK,KAAQ,GAAK,EAAC,EAAY,IAC/CM,EAAI3sE,EAAK0sE,GAASL,EAAK,KAAQ,GAAK,EAAC,EAAY,IAKnD,OAAOM,CACT,EAMAtB,GAAS7uF,UAAUowF,cAAgB,SAASP,GAC1C,IAGIrsE,EAHAssE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKrsE,EAAKzjB,KAAKovF,GAAK,EAAG3rE,EAAK,IAAKA,EAAI,CACnCssE,GAAS/vF,KAAKiwF,OAAOxsE,GACrBusE,EAAQhwF,KAAK2oE,GAAGonB,GAASC,EAEzB,MAAMvkE,EAAMskE,EACZA,EAAQC,EACRA,EAAQvkE,CACZ,CAEEskE,GAAS/vF,KAAKiwF,OAAO,GACrBD,GAAShwF,KAAKiwF,OAAO,GAErBH,EAAK,GAAK9vF,KAAKqvF,OAAOW,GACtBF,EAAK,GAAK9vF,KAAKqvF,OAAOU,EACxB,EAMAjB,GAAS7uF,UAAUwhC,KAAO,SAAS9wB,GACjC,IAAI8S,EACA6sE,EAAK,EAGT,IADAtwF,KAAKiwF,OAAS,GACTxsE,EAAK,EAAGA,EAAKzjB,KAAKovF,GAAK,IAAK3rE,EAAI,CACnC,IAAI5c,EAAO,EACX,IAAK,IAAI0pF,EAAK,EAAGA,EAAK,IAAKA,EACzB1pF,EAAQA,GAAQ,EAAgB,IAAV8J,EAAI2/E,KACpBA,GAAM3/E,EAAI/O,SACd0uF,EAAK,GAGTtwF,KAAKiwF,OAAOxsE,GAAMzjB,KAAKmvF,OAAO1rE,GAAM5c,CACxC,CAGE,IADA7G,KAAK4vF,OAAS,GACTnsE,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAzjB,KAAK4vF,OAAOnsE,GAAM,GACb6sE,EAAK,EAAGA,EAAK,MAAOA,EACvBtwF,KAAK4vF,OAAOnsE,GAAI6sE,GAAMtwF,KAAKkvF,OAAOzrE,GAAI6sE,GAI1C,MAAMR,EAAO,CAAC,EAAY,GAE1B,IAAKrsE,EAAK,EAAGA,EAAKzjB,KAAKovF,GAAK,EAAG3rE,GAAM,EACnCzjB,KAAK6vF,cAAcC,GACnB9vF,KAAKiwF,OAAOxsE,EAAK,GAAKqsE,EAAK,GAC3B9vF,KAAKiwF,OAAOxsE,EAAK,GAAKqsE,EAAK,GAG7B,IAAKrsE,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAK6sE,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BtwF,KAAK6vF,cAAcC,GACnB9vF,KAAK4vF,OAAOnsE,GAAI6sE,EAAK,GAAKR,EAAK,GAC/B9vF,KAAK4vF,OAAOnsE,GAAI6sE,EAAK,GAAKR,EAAK,EAGrC,EAYAf,GAAG9rE,QAAU8rE,GAAG9uF,UAAUgjB,QAAU,GACpC8rE,GAAG7rE,UAAY6rE,GAAG9uF,UAAUijB,UAAY,EChYjC,MAAMP,GAAgB,IAAIkzC,IAAI,CACnC,CAACprD,EAAMoC,UAAUE,UAAWm+E,IAC5B,CAACzgF,EAAMoC,UAAUG,MAAOo/E,IACxB,CAAC3hF,EAAMoC,UAAUI,SAAUujF,IAC3B,CAAC/lF,EAAMoC,UAAUQ,QAASojF,2ECX5B,MAAMC,kBAA0B,IAAItwE,YAAY,CAC5C,WAAY,WAAY,WAAY,UAAY,aAI9CuwE,kBAAyB,IAAIvwE,YAAY,IACxC,MAAMwwE,WAAapqB,GACtB,WAAA5mE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKkjC,EAAiB,EAAbwtD,GAAQ,GACjB1wF,KAAKo8D,EAAiB,EAAbs0B,GAAQ,GACjB1wF,KAAKw0C,EAAiB,EAAbk8C,GAAQ,GACjB1wF,KAAKgiC,EAAiB,EAAb0uD,GAAQ,GACjB1wF,KAAKmnE,EAAiB,EAAbupB,GAAQ,EACzB,CACI,GAAAvoF,GACI,MAAM+6B,EAAEA,EAACk5B,EAAEA,EAAC5nB,EAAEA,EAACxS,EAAEA,EAACmlC,EAAEA,GAAMnnE,KAC1B,MAAO,CAACkjC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,EAC5B,CACI,GAAAhlE,CAAI+gC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,GACZnnE,KAAKkjC,EAAQ,EAAJA,EACTljC,KAAKo8D,EAAQ,EAAJA,EACTp8D,KAAKw0C,EAAQ,EAAJA,EACTx0C,KAAKgiC,EAAQ,EAAJA,EACThiC,KAAKmnE,EAAQ,EAAJA,CACjB,CACI,OAAA/jE,CAAQ2jB,EAAMlO,GACV,IAAK,IAAI/W,EAAI,EAAGA,EAAI,GAAIA,IAAK+W,GAAU,EACnC83E,GAAO7uF,GAAKilB,EAAK0B,UAAU5P,GAAQ,GACvC,IAAK,IAAI/W,EAAI,GAAIA,EAAI,GAAIA,IACrB6uF,GAAO7uF,GAAKkkE,GAAK2qB,GAAO7uF,EAAI,GAAK6uF,GAAO7uF,EAAI,GAAK6uF,GAAO7uF,EAAI,IAAM6uF,GAAO7uF,EAAI,IAAK,GAEtF,IAAIohC,EAAEA,EAACk5B,EAAEA,EAAC5nB,EAAEA,EAACxS,EAAEA,EAACmlC,EAAEA,GAAMnnE,KACxB,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,IAAIslE,EAAG7gC,EACHzkC,EAAI,IACJslE,EAAId,GAAIlK,EAAG5nB,EAAGxS,GACduE,EAAI,YAECzkC,EAAI,IACTslE,EAAIhL,EAAI5nB,EAAIxS,EACZuE,EAAI,YAECzkC,EAAI,IACTslE,EAAIb,GAAInK,EAAG5nB,EAAGxS,GACduE,EAAI,aAGJ6gC,EAAIhL,EAAI5nB,EAAIxS,EACZuE,EAAI,YAER,MAAMzO,EAAKkuC,GAAK9iC,EAAG,GAAKkkC,EAAID,EAAI5gC,EAAIoqD,GAAO7uF,GAAM,EACjDqlE,EAAInlC,EACJA,EAAIwS,EACJA,EAAIwxB,GAAK5J,EAAG,IACZA,EAAIl5B,EACJA,EAAIpL,CAChB,CAEQoL,EAAKA,EAAIljC,KAAKkjC,EAAK,EACnBk5B,EAAKA,EAAIp8D,KAAKo8D,EAAK,EACnB5nB,EAAKA,EAAIx0C,KAAKw0C,EAAK,EACnBxS,EAAKA,EAAIhiC,KAAKgiC,EAAK,EACnBmlC,EAAKA,EAAInnE,KAAKmnE,EAAK,EACnBnnE,KAAKmC,IAAI+gC,EAAGk5B,EAAG5nB,EAAGxS,EAAGmlC,EAC7B,CACI,UAAAP,GACI+pB,GAAOjpE,KAAK,EACpB,CACI,OAAAze,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,GACrBnC,KAAKsJ,OAAOoe,KAAK,EACzB,EAOO,MAAM7Z,kBAAuBu4D,IAAgB,IAAM,IAAIwqB,KC/ExDC,kBAAsB,IAAIpvF,WAAW,CAAC,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IACzFqvF,kBAAqB,IAAIrvF,WAAe9B,MAAM,IAAI+nB,KAAK,GAAG/iB,KAAI,CAACunB,EAAGpqB,IAAMA,KACxEivF,kBAAqBD,GAAGnsF,KAAK7C,IAAO,EAAIA,EAAI,GAAK,KACvD,IAAIkvF,GAAO,CAACF,IACRG,GAAO,CAACF,IACZ,IAAK,IAAIjvF,EAAI,EAAGA,EAAI,EAAGA,IACnB,IAAK,IAAIsY,IAAK,CAAC42E,GAAMC,IACjB72E,EAAEtX,KAAKsX,EAAEtY,GAAG6C,KAAK6U,GAAMq3E,GAAIr3E,MACnC,MAAMuxE,kBAAyB,CAC3B,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,IACxDpmF,KAAK7C,GAAM,IAAIL,WAAWK,KACtBovF,kBAA0BF,GAAKrsF,KAAI,CAACqoB,EAAKlrB,IAAMkrB,EAAIroB,KAAKyV,GAAM2wE,GAAOjpF,GAAGsY,OACxE+2E,kBAA0BF,GAAKtsF,KAAI,CAACqoB,EAAKlrB,IAAMkrB,EAAIroB,KAAKyV,GAAM2wE,GAAOjpF,GAAGsY,OACxEg3E,kBAAqB,IAAIhxE,YAAY,CACvC,EAAY,WAAY,WAAY,WAAY,aAE9CixE,kBAAqB,IAAIjxE,YAAY,CACvC,WAAY,WAAY,WAAY,WAAY,IAGpD,SAAS+lB,GAAEmrD,EAAO71E,EAAGof,EAAGqL,GACpB,OAAc,IAAVorD,EACO71E,EAAIof,EAAIqL,EACA,IAAVorD,EACG71E,EAAIof,GAAOpf,EAAIyqB,EACR,IAAVorD,GACG71E,GAAKof,GAAKqL,EACH,IAAVorD,EACG71E,EAAIyqB,EAAMrL,GAAKqL,EAEhBzqB,GAAKof,GAAKqL,EACzB,CAEA,MAAMqrD,kBAAwB,IAAInxE,YAAY,IACvC,MAAMoxE,WAAkBhrB,GAC3B,WAAA5mE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKyxF,GAAK,WACVzxF,KAAK0xF,IAAK,UACV1xF,KAAK2xF,IAAK,WACV3xF,KAAK4xF,GAAK,UACV5xF,KAAK6xF,IAAK,UAClB,CACI,GAAA1pF,GACI,MAAMspF,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO7xF,KAC/B,MAAO,CAACyxF,EAAIC,EAAIC,EAAIC,EAAIC,EAChC,CACI,GAAA1vF,CAAIsvF,EAAIC,EAAIC,EAAIC,EAAIC,GAChB7xF,KAAKyxF,GAAU,EAALA,EACVzxF,KAAK0xF,GAAU,EAALA,EACV1xF,KAAK2xF,GAAU,EAALA,EACV3xF,KAAK4xF,GAAU,EAALA,EACV5xF,KAAK6xF,GAAU,EAALA,CAClB,CACI,OAAAzuF,CAAQ2jB,EAAMlO,GACV,IAAK,IAAI/W,EAAI,EAAGA,EAAI,GAAIA,IAAK+W,GAAU,EACnC04E,GAAMzvF,GAAKilB,EAAK0B,UAAU5P,GAAQ,GAEtC,IAAImwD,EAAe,EAAVhpE,KAAKyxF,GAAQK,EAAK9oB,EAAIlsB,EAAe,EAAV98C,KAAK0xF,GAAQK,EAAKj1C,EAAIb,EAAe,EAAVj8C,KAAK2xF,GAAQK,EAAK/1C,EAAIgC,EAAe,EAAVj+C,KAAK4xF,GAAQK,EAAKh0C,EAAIi0C,EAAe,EAAVlyF,KAAK6xF,GAAQM,EAAKD,EAGvI,IAAK,IAAIZ,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACpC,MAAMc,EAAS,EAAId,EACbe,EAAMjB,GAAGE,GAAQgB,EAAMjB,GAAGC,GAC1BiB,EAAKvB,GAAKM,GAAQkB,EAAKvB,GAAKK,GAC5BtwC,EAAKkwC,GAAQI,GAAQmB,EAAKtB,GAAQG,GACxC,IAAK,IAAIxvF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM6lC,EAAMq+B,GAAKgD,EAAK7iC,GAAEmrD,EAAOx0C,EAAIb,EAAIgC,GAAMszC,GAAMgB,EAAGzwF,IAAMuwF,EAAKrxC,EAAGl/C,IAAMowF,EAAM,EAChFlpB,EAAKkpB,EAAIA,EAAKj0C,EAAIA,EAAoB,EAAf+nB,GAAK/pB,EAAI,IAASA,EAAKa,EAAIA,EAAKnV,CACvE,CAEY,IAAK,IAAI7lC,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMy5C,EAAMyqB,GAAK8rB,EAAK3rD,GAAEisD,EAAQL,EAAIC,EAAIC,GAAMV,GAAMiB,EAAG1wF,IAAMwwF,EAAKG,EAAG3wF,IAAMqwF,EAAM,EACjFL,EAAKK,EAAIA,EAAKF,EAAIA,EAAoB,EAAfjsB,GAAKgsB,EAAI,IAASA,EAAKD,EAAIA,EAAKx2C,CACvE,CACA,CAEQv7C,KAAKmC,IAAKnC,KAAK0xF,GAAKz1C,EAAKg2C,EAAM,EAAIjyF,KAAK2xF,GAAK1zC,EAAKk0C,EAAM,EAAInyF,KAAK4xF,GAAKM,EAAKJ,EAAM,EAAI9xF,KAAK6xF,GAAK7oB,EAAK+oB,EAAM,EAAI/xF,KAAKyxF,GAAK30C,EAAKk1C,EAAM,EAC3I,CACI,UAAAprB,GACI2qB,GAAM7pE,KAAK,EACnB,CACI,OAAAze,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAKsJ,OAAOoe,KAAK,GACjB1nB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAC7B,EAMO,MCxFM0iB,GAAc,IAAIgxC,IAAI/1D,OAAOiI,QAAQ,CAChD8F,QACAK,UACAH,UACAC,UACAC,UACAE,YACAC,YACAskF,yBDgFuCtsB,IAAgB,IAAM,IAAIorB,2EE1FnE,SAASmB,GAAOp0E,EAAGzc,EAAGgW,EAAGsC,GACvBmE,EAAEzc,IAAMgW,EAAEsC,GACVmE,EAAEzc,EAAE,IAAMgW,EAAEsC,EAAE,IAAMmE,EAAEzc,GAAKgW,EAAEsC,GAC/B,CAIA,SAASw4E,GAAOr0E,EAAG6E,GACjB7E,EAAE,IAAM6E,EACR7E,EAAE,IAAOA,EAAE,GAAK6E,CAClB,CAIA,SAASikD,GAAGxtD,EAAGye,EAAG/Z,EAAGzG,EAAGsL,EAAGC,EAAGwvE,EAAIC,GAChCH,GAAM94E,EAAG0E,EAAG1E,EAAG/B,GACf66E,GAAM94E,EAAG0E,EAAG+Z,EAAGu6D,GAGf,IAAIE,EAAOl5E,EAAEwJ,GAAKxJ,EAAE0E,GAChBy0E,EAAOn5E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GAC5B1E,EAAEwJ,GAAK2vE,EACPn5E,EAAEwJ,EAAI,GAAK0vE,EAEXJ,GAAM94E,EAAGuJ,EAAGvJ,EAAGwJ,GAGf0vE,EAAOl5E,EAAE/B,GAAK+B,EAAEuJ,GAChB4vE,EAAOn5E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAMi7E,IAAS,GAAOC,GAAQ,EAChCn5E,EAAE/B,EAAI,GAAMk7E,IAAS,GAAOD,GAAQ,EAEpCJ,GAAM94E,EAAG0E,EAAG1E,EAAG/B,GACf66E,GAAM94E,EAAG0E,EAAG+Z,EAAGw6D,GAGfC,EAAOl5E,EAAEwJ,GAAKxJ,EAAE0E,GAChBy0E,EAAOn5E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GACxB1E,EAAEwJ,GAAM0vE,IAAS,GAAOC,GAAQ,GAChCn5E,EAAEwJ,EAAI,GAAM2vE,IAAS,GAAOD,GAAQ,GAEpCJ,GAAM94E,EAAGuJ,EAAGvJ,EAAGwJ,GAGf0vE,EAAOl5E,EAAE/B,GAAK+B,EAAEuJ,GAChB4vE,EAAOn5E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAMk7E,IAAS,GAAOD,GAAQ,EAChCl5E,EAAE/B,EAAI,GAAMi7E,IAAS,GAAOC,GAAQ,CACtC,CAGA,MAAMC,GAAe,IAAI7yE,YAAY,CACnC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,WAAY,UAAY,UAAY,aAKhC8yE,GAAQ,IAAIzxF,WAAW,CAC3B,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EACnD,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EACnD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAClD,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GACnDkD,KAAI8W,GAAS,EAAJA,KAIX,SAAS4uC,GAASxyB,EAAG/b,GACnB,MAAMjC,EAAI,IAAIuG,YAAY,IACpBkY,EAAI,IAAIlY,YAAYyX,EAAE/f,EAAExO,OAAQuuB,EAAE/f,EAAEzN,WAAY,IAGtD,IAAK,IAAIvI,EAAI,EAAGA,EAAI,GAAIA,IACtB+X,EAAE/X,GAAK+1B,EAAErG,EAAE1vB,GACX+X,EAAE/X,EAAI,IAAMmxF,GAAanxF,GAI3B+X,EAAE,KAAOge,EAAE3J,GAAG,GACdrU,EAAE,KAAOge,EAAE3J,GAAG,GAId,MAAMilE,EAAKr3E,EAAO,WAAa,EAC/BjC,EAAE,KAAOs5E,EACTt5E,EAAE,KAAOs5E,EAGT,IAAK,IAAIrxF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAE3B,MAAMsxF,EAAMtxF,GAAK,EACjBulE,GAAExtD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAK46D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAExtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAI46D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAExtD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAK46D,GAAME,EAAM,IAAKF,GAAME,EAAM,IACxD,CAEE,IAAK,IAAItxF,EAAI,EAAGA,EAAI,GAAIA,IACtB+1B,EAAErG,EAAE1vB,IAAM+X,EAAE/X,GAAK+X,EAAE/X,EAAI,GAE3B,CAKA,MAAMuxF,GACJ,WAAAzzF,CAAY0zF,EAAQ3iF,EAAKg+B,EAAM4kD,GAC7B,MAAM3sE,EAAS,IAAInlB,WAAW,IAmB9BzB,KAAK63B,EAAI,CACP/f,EAAG,IAAIrW,WAAW+xF,IAClBhiE,EAAG,IAAIpR,YAAYqzE,GAAe,GAClCvlE,GAAI,IAAI9N,YAAY,GACpBgD,EAAG,EACHkwE,UAIF1sE,EAAO,GAAK0sE,EACR3iF,IAAKiW,EAAO,GAAKjW,EAAI/O,QACzBglB,EAAO,GAAK,EACZA,EAAO,GAAK,EACR+nB,GAAM/nB,EAAOzkB,IAAIwsC,EAAM,IACvB4kD,GAAU3sE,EAAOzkB,IAAIoxF,EAAU,IACnC,MAAMG,EAAW,IAAItzE,YAAYwG,EAAOtd,OAAQsd,EAAOvc,WAAYuc,EAAOhlB,OAASwe,YAAYq6B,mBAG/F,IAAK,IAAI34C,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK63B,EAAErG,EAAE1vB,GAAKmxF,GAAanxF,GAAK4xF,EAAS5xF,GAI3C,GAAI6O,EAAK,CACP,MAAMshB,EAAQ,IAAIxwB,WAAW+xF,IAC7BvhE,EAAM9vB,IAAIwO,GACV3Q,KAAKukB,OAAO0N,EAClB,CACA,CAIE,MAAA1N,CAAOhkB,GACL,KAAMA,aAAiBkB,YAAa,MAAUF,MAAM,sCASpD,IAAIO,EAAI,EACR,KAAMA,EAAIvB,EAAMqB,QAAQ,CAClB5B,KAAK63B,EAAEzU,IAAMowE,KACfZ,GAAM5yF,KAAK63B,EAAE3J,GAAIluB,KAAK63B,EAAEzU,GACxBinC,GAASrqD,KAAK63B,GAAG,GACjB73B,KAAK63B,EAAEzU,EAAI,GAEb,IAAIqH,EAAO+oE,GAAaxzF,KAAK63B,EAAEzU,EAC/BpjB,KAAK63B,EAAE/f,EAAE3V,IAAI5B,EAAMyI,SAASlH,EAAGA,EAAI2oB,GAAOzqB,KAAK63B,EAAEzU,GACjD,MAAMsE,EAAOjf,KAAKud,IAAIyE,EAAMlqB,EAAMqB,OAASE,GAC3C9B,KAAK63B,EAAEzU,GAAKsE,EACZ5lB,GAAK4lB,CACX,CACI,OAAO1nB,IACX,CAOE,MAAAwkB,CAAOmvE,GACLf,GAAM5yF,KAAK63B,EAAE3J,GAAIluB,KAAK63B,EAAEzU,GAGxBpjB,KAAK63B,EAAE/f,EAAE4P,KAAK,EAAG1nB,KAAK63B,EAAEzU,GACxBpjB,KAAK63B,EAAEzU,EAAIowE,GACXnpC,GAASrqD,KAAK63B,GAAG,GAEjB,MAAM9R,EAAM4tE,GAAY,IAAIlyF,WAAWzB,KAAK63B,EAAEy7D,QAC9C,IAAK,IAAIxxF,EAAI,EAAGA,EAAI9B,KAAK63B,EAAEy7D,OAAQxxF,IAEjCikB,EAAIjkB,GAAK9B,KAAK63B,EAAErG,EAAE1vB,GAAK,IAAO,GAAS,EAAJA,GAGrC,OADA9B,KAAK63B,EAAErG,EAAI,KACJzL,EAAIzc,MACf,EAIe,SAASgb,GAAWgvE,EAAQ3iF,EAAKg+B,EAAM4kD,GACpD,GAAID,EAASG,GAAc,MAAUlyF,MAAM,0BAA0BkyF,cAAwBH,MAc7F,OAAO,IAAID,GAAQC,EAAQ3iF,EAAKg+B,EAAM4kD,EACxC,CAEA,MAAME,GAAe,GAIfD,GAAa,IC7PbI,GAAO,EACPC,GAAU,GACVC,GAAe,WACfC,GAAe,EACfC,GAAgB,WAChBC,GAAgB,EAChBC,GAAoB,WACpBC,GAAoB,EACpBC,GAAe,WACfC,GAAc,WACdC,GAAkB,GAElBC,GAAoB,KACpBC,GAA+B,GAE/Bt0E,GAAyE,MAAxD,IAAIze,WAAW,IAAIsrB,YAAY,CAAC,QAASzjB,QAAQ,GAGxE,SAASmrF,GAAK51E,EAAKjH,EAAG9V,GAKpB,OAJA+c,EAAI/c,EAAE,GAAK8V,EACXiH,EAAI/c,EAAE,GAAK8V,GAAM,EACjBiH,EAAI/c,EAAE,GAAK8V,GAAK,GAChBiH,EAAI/c,EAAE,GAAK8V,GAAK,GACTiH,CACT,CAQA,SAAS61E,GAAK71E,EAAKjH,EAAG9V,GACpB,GAAI8V,EAAIyP,OAAOgU,iBAAkB,MAAU95B,MAAM,mCAIjD,IAAImG,EAAYkQ,EAChB,IAAK,IAAIiB,EAAS/W,EAAG+W,EAAS/W,EAAE,EAAG+W,IACjCgG,EAAIhG,GAAUnR,EACdA,GAAaA,EAAYmX,EAAIhG,IAAW,IAE1C,OAAOgG,CACT,CAQA,SAAS81E,GAAGrB,EAAQpxD,EAAGpX,GACrB,MAAM6mB,EAAI,IAAIlwC,WAAW,IAEnBmzF,EAAQ,IAAInzF,WAAW,EAAIygC,EAAEtgC,QAGnC,GAFA6yF,GAAKG,EAAOtB,EAAQ,GACpBsB,EAAMzyF,IAAI+/B,EAAG,GACToxD,GAAU,GAGZ,OADAuB,GAAQvB,GAAQ/uE,OAAOqwE,GAAOpwE,OAAOsG,GAC9BA,EAGT,MAAMpP,EAAIjT,KAAK0Q,KAAKm6E,EAAS,IAAM,EASnC,IAAK,IAAIxxF,EAAI,EAAGA,EAAI4Z,EAAG5Z,IACrB+yF,GAAQ,IAAItwE,OAAa,IAANziB,EAAU8yF,EAAQjjD,GAAGntB,OAAOmtB,GAE/C7mB,EAAI3oB,IAAIwvC,EAAE3oC,SAAS,EAAG,IAAO,GAAFlH,GAG7B,MAAMgzF,EAAO,IAAIrzF,WAAWozF,GAAQvB,EAAS,GAAG53E,GAAG6I,OAAOotB,GAAGntB,UAG7D,OAFAsG,EAAI3oB,IAAI2yF,EAAQ,GAAFp5E,GAEPoP,CACT,CAGA,SAASiqE,GAAIC,EAAan2E,EAAKo2E,EAAIC,GAMjC,OALAF,EAAY/tF,GAAG8tF,IACbl2E,EAAIxU,WACJ4qF,EAAG5qF,WACH6qF,EAAG7qF,YAEEwU,CACT,CAQA,SAASwoD,GAAE2tB,EAAa9yD,EAAGC,EAAGu3C,GAO5B,OANAsb,EAAY/tF,GAAGogE,EACbnlC,EAAE73B,WACF83B,EAAE93B,WACFqvE,EAAErvE,WACF2qF,EAAYG,KAAKC,GAAG/qF,YAEfqvE,CACT,CAEA,SAAS2b,GAAGL,EAAa9yD,EAAGC,EAAGu3C,GAO7B,OANAsb,EAAY/tF,GAAGouF,GACbnzD,EAAE73B,WACF83B,EAAE93B,WACFqvE,EAAErvE,WACF2qF,EAAYG,KAAKC,GAAG/qF,YAEfqvE,CACT,CAGA,SAAU4b,GAASN,EAAaO,EAAMC,EAAM7yF,EAAO8yF,EAAIC,EAAaC,EAAeC,GAGjFZ,EAAYG,KAAKU,QAAQnuE,KAAK,GAC9B,MAAMyb,EAAI6xD,EAAYG,KAAKU,QAAQ7sF,SAAS,EAAG,IAC/C0rF,GAAKvxD,EAAGoyD,EAAM,GACdb,GAAKvxD,EAAGqyD,EAAM,GACdd,GAAKvxD,EAAGxgC,EAAO,IACf+xF,GAAKvxD,EAAGsyD,EAAI,IACZf,GAAKvxD,EAAGuyD,EAAa,IACrBhB,GAAKvxD,EAAGywD,GAAM,IAQd,IAAI,IAAI9xF,EAAI,EAAGA,GAAK6zF,EAAe7zF,IAAK,CAEtC4yF,GAAKM,EAAYG,KAAKU,QAAS/zF,EAAGqhC,EAAEvhC,QACpC,MAAMk0F,EAAKT,GAAGL,EAAaA,EAAYG,KAAKY,SAAUf,EAAYG,KAAKU,QAASb,EAAYG,KAAKa,OAKjG,IAAI,IAAIx8E,EAAU,IAAN1X,EAAwB,EAAd8zF,EAAkB,EAAGp8E,EAAIs8E,EAAGl0F,OAAQ4X,GAAK,QACtDs8E,EAAG9sF,SAASwQ,EAAGA,EAAE,EAE9B,CACE,MAAO,EACT,CAmBA,MAAMy8E,GAAK,KACLC,GAAiB,GAAKD,GAEb,SAASE,GAASvvE,GAAQwvE,OAAEA,EAAQzwE,SAAU0wE,IAC3D,IAAKn2E,GAAgB,MAAU3e,MAAM,kCAErC,MAAM+hF,EAvBR,UAAwBrvE,KAAEA,EAAI2jC,QAAEA,EAAO1mB,UAAEA,EAAS2mB,SAAEA,EAAQlJ,KAAEA,EAAI2nD,GAAEA,EAAEniD,OAAEA,EAAMn/B,YAAEA,EAAW8iC,WAAEA,EAAU/iC,OAAEA,IACvG,MAAMwhF,EAAe,CAACtuF,EAAM1F,EAAOyjB,EAAKtd,KACtC,GAAInG,EAAQyjB,GAAOzjB,EAAQmG,EAAO,MAAUnH,MAAM,GAAG0G,4BAA+B+d,SAAWtd,UAAa,EAG9G,GAAIuL,IAAS2/E,IAAQh8C,IAAYi8C,GAAS,MAAUtyF,MAAM,+BAS1D,OARAg1F,EAAa,WAAY1+C,EAAUs8C,GAAmBD,IACtDqC,EAAa,OAAQ5nD,EAAMslD,GAAeD,IAC1CuC,EAAa,MAAOrlE,EAAW6iE,GAAcD,IAC7CyC,EAAa,SAAUz+C,EAAY,EAAE9iC,EAAao/E,IAElDkC,GAAMC,EAAa,kBAAmBD,EAAI,EAAGjC,IAC7ClgD,GAAUoiD,EAAa,SAAUpiD,EAAQ,EAAGmgD,IAErC,CAAErgF,OAAM2jC,UAAS1mB,YAAW2mB,WAAUlJ,OAAM2nD,KAAIniD,SAAQqiD,MAAOxhF,EAAa8iC,aAAY/iC,SACjG,CAQc4hC,CAAe,CAAE1iC,KAAM2/E,GAAMh8C,QAASi8C,MAAYjtE,KAEtDygD,EAAEovB,EAAOpB,GAAGqB,EAAQ3+D,IAAI4+D,EAASC,MAAMC,GAAWR,EAAaS,QACjEC,EAAW,CAAE,EACbC,EAAS,CAAE,EACjBA,EAAO3vB,EAAIovB,EACXO,EAAO3B,GAAKqB,EACZM,EAAOjC,IAAM4B,EAGb,MAAMlB,EAAK,EAAInS,EAAIkT,MAAQ/tF,KAAK2P,MAAMkrE,EAAIxrC,YAAc,EAAIwrC,EAAIkT,QAC1DS,EAAiBxB,EAAKlB,GAAoB,GAAK0B,GACrD,GAAIG,EAAO9sF,OAAOgB,WAAa2sF,EAAgB,CAC7C,MAAMrjE,EAAUnrB,KAAK0Q,MAAM89E,EAAiBb,EAAO9sF,OAAOgB,YAAc4rF,IAGxEE,EAAOc,KAAKtjE,EAChB,CAEE,IAAI/a,EAAS,EAEbk+E,EAAS3B,GAAK,IAAI3zF,WAAW20F,EAAO9sF,OAAQuP,EAAQ07E,IAAoB17E,GAASk+E,EAAS3B,GAAGxzF,OAC7Fm1F,EAASf,MAAQ,IAAIv0F,WAAW20F,EAAO9sF,OAAQuP,EAAQ07E,IAAoB17E,GAAQk+E,EAASf,MAAMp0F,OAClGm1F,EAASlB,QAAU,IAAIp0F,WAAW20F,EAAO9sF,OAAQuP,EAAQ07E,IAAoB17E,GAAQk+E,EAASlB,QAAQj0F,OACtGm1F,EAAShB,SAAW,IAAIt0F,WAAW20F,EAAO9sF,OAAQuP,EAAQ,MAAOA,GAAQk+E,EAAShB,SAASn0F,OAE3F,MAAMu1F,EAAK,IAAI/2E,YAAYg2E,EAAO9sF,OAAQuP,EAAQ,GAAIA,GAAQs+E,EAAGv1F,OAASwe,YAAYq6B,kBACtF,MAAMu6C,EAAc,CAAE/tF,GAAI+vF,EAAQ7B,KAAM4B,GAClCK,EAAW,IAAI31F,WAAW20F,EAAO9sF,OAAQuP,EAAQ07E,IAAoB17E,GAAQu+E,EAASx1F,OAC5F,MAAMy1F,EAAc,IAAI51F,WAAW20F,EAAO9sF,OAAQuP,EAAQyqE,EAAIxrC,WAAay8C,IACrE+C,EAAkB,IAAI71F,WAAW20F,EAAO9sF,OAAQ,EAAGuP,GAGnD0+E,EA4ER,SAAejU,GACb,MAAMhc,EAAIutB,GAAQL,IACZgD,EAAS,IAAI/1F,WAAW,GACxBmlB,EAAS,IAAInlB,WAAW,IAC9BgzF,GAAK7tE,EAAQ08D,EAAIkT,MAAO,GACxB/B,GAAK7tE,EAAQ08D,EAAIpyD,UAAW,GAC5BujE,GAAK7tE,EAAQ08D,EAAIxrC,WAAY,GAC7B28C,GAAK7tE,EAAQ08D,EAAIvuE,OAAQ,IACzB0/E,GAAK7tE,EAAQ08D,EAAI1rC,QAAS,IAC1B68C,GAAK7tE,EAAQ08D,EAAIrvE,KAAM,IAEvB,MAAMmkC,EAAS,CAACxxB,GACZ08D,EAAIzrC,UACNO,EAAOt1C,KAAK2xF,GAAK,IAAIhzF,WAAW,GAAI6hF,EAAIzrC,SAASj2C,OAAQ,IACzDw2C,EAAOt1C,KAAKwgF,EAAIzrC,WAEhBO,EAAOt1C,KAAK00F,GAGVlU,EAAI30C,MACNyJ,EAAOt1C,KAAK2xF,GAAK,IAAIhzF,WAAW,GAAI6hF,EAAI30C,KAAK/sC,OAAQ,IACrDw2C,EAAOt1C,KAAKwgF,EAAI30C,OAEhByJ,EAAOt1C,KAAK00F,GAGVlU,EAAInvC,QACNiE,EAAOt1C,KAAK2xF,GAAK,IAAIhzF,WAAW,GAAI6hF,EAAInvC,OAAOvyC,OAAQ,IACvDw2C,EAAOt1C,KAAKwgF,EAAInvC,SAGhBiE,EAAOt1C,KAAK00F,GAGVlU,EAAIgT,IACNl+C,EAAOt1C,KAAK2xF,GAAK,IAAIhzF,WAAW,GAAI6hF,EAAIgT,GAAG10F,OAAQ,IACnDw2C,EAAOt1C,KAAKwgF,EAAIgT,KAEhBl+C,EAAOt1C,KAAK00F,GAEdlwB,EAAE/iD,OAMJ,SAAsB5iB,GACpB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,KAAMH,EAAOG,aAAcL,YACvB,MAAUF,MAAM,0DAGpBM,GAAeF,EAAOG,GAAGF,MAC/B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAASC,IACZH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MAAM,IAGlBG,CACT,CA1BW01F,CAAar/C,IAEtB,MAAMs/C,EAAepwB,EAAE9iD,SACvB,OAAO,IAAI/iB,WAAWi2F,EACxB,CAxHaC,CAAMrU,GAIX1/D,EAAI6xE,EAAKnS,EAAIkT,MACbp6B,EAAQz8D,MAAM2jF,EAAIkT,OAAO9uE,KAAK,MAAM/iB,KAAI,IAAUhF,MAAMikB,KACxDg0E,EAAY,CAAC91F,EAAGsY,KACpBgiD,EAAEt6D,GAAGsY,GAAKi9E,EAAYruF,SAASlH,EAAE8hB,EAAE,KAAS,KAAFxJ,EAAStY,EAAE8hB,EAAE,KAAS,KAAFxJ,EAAUm6E,IACjEn4B,EAAEt6D,GAAGsY,IAGd,IAAK,IAAItY,EAAI,EAAGA,EAAIwhF,EAAIkT,MAAO10F,IAAK,CAElC,MAAM2pB,EAAM,IAAIhqB,WAAW81F,EAAG31F,OAAS,GAGvC6pB,EAAItpB,IAAIo1F,GAAK9C,GAAKhpE,EAAK,EAAG8rE,EAAG31F,QAAS6yF,GAAKhpE,EAAK3pB,EAAGy1F,EAAG31F,OAAS,GAC/D+yF,GAAGJ,GAAmB9oE,EAAKmsE,EAAU91F,EAAG,IAGxC2yF,GAAKhpE,EAAK,EAAG8rE,EAAG31F,QAChB+yF,GAAGJ,GAAmB9oE,EAAKmsE,EAAU91F,EAAG,GAC5C,CAKE,MACM6zF,EAAgB/xE,EADX,EAEX,IAAK,IAAI2xE,EAAO,EAAGA,EAAOjS,EAAIvuE,OAAQwgF,IAEpC,IAAK,IAAIv0C,EAAK,EAAGA,EAJR,EAIiBA,IAAM,CAC9B,MAAM62C,EAA6B,IAATtC,GAAcv0C,GAAM,EAC9C,IAAK,IAAIl/C,EAAI,EAAGA,EAAIwhF,EAAIkT,MAAO10F,IAAK,CAElC,IAAI8zF,EAAuB,IAAP50C,GAAqB,IAATu0C,EAAa,EAAI,EAEjD,MAAMuC,EAAOD,EAAoBvC,GAASN,EAAaO,EAAMzzF,EAAGk/C,EAAIy0C,EAAInS,EAAIvuE,OAAQ4gF,EAAeC,GAAiB,KACpH,KAAoBA,EAAgBD,EAAeC,IAAiB,CAClE,MAAMx7E,EAAI4mC,EAAK20C,EAAgBC,EACzB1iE,EAAY9Y,EAAI,EAAIgiD,EAAEt6D,GAAGsY,EAAE,GAAKgiD,EAAEt6D,GAAG8hB,EAAE,GAGvCm0E,EAAOF,EAAoBC,EAAKE,OAAOz1F,MAAQ2wB,EAErD2jE,EAAOM,EAAG9sF,WAAY0tF,EAAK1tF,WAAYvI,EAAGwhF,EAAIkT,MAAOjB,EAAMv0C,EAAI40C,EAlB5D,EAkB+ED,GAClF,MAAMrzD,EAAI60D,EAAG,GAAUjxD,EAAIixD,EAAG,GAIjB,IAAT5B,GAAYqC,EAAU91F,EAAGsY,GAC7BitD,GAAE2tB,EAAa9hE,EAAWkpC,EAAE95B,GAAG4D,GAAIqvD,EAAO,EAAI6B,EAAWh7B,EAAEt6D,GAAGsY,IAG1Dm7E,EAAO,GAAGR,GAAIC,EAAa54B,EAAEt6D,GAAGsY,GAAIg9E,EAAUh7B,EAAEt6D,GAAGsY,GACjE,CACA,CACA,CAKE,MAAMo6B,EAAI4nB,EAAE,GAAGx4C,EAAE,GACjB,IAAI,IAAI9hB,EAAI,EAAGA,EAAIwhF,EAAIkT,MAAO10F,IAC5BizF,GAAIC,EAAaxgD,EAAGA,EAAG4nB,EAAEt6D,GAAG8hB,EAAE,IAGhC,MAAM5F,EAAM22E,GAAGrR,EAAIpyD,UAAWsjB,EAAG,IAAI/yC,WAAW6hF,EAAIpyD,YAKpD,OAHAomE,EAAgB5vE,KAAK,GACrB0uE,EAAOc,KAAK,GAELl5E,CAET,CC3RA,IAAIi6E,GAiBW31F,eAAe41F,GAAUC,EAASC,GAC/C,MAAMhC,EAAS,IAAIiC,YAAYC,OAAO,CAGpCC,QAAS,KACTC,QAAS,QAELC,QAvBRn2F,eAA0B8zF,EAAQ+B,EAASC,GACzC,MAAMM,EAAe,CAAE9hF,IAAK,CAAEw/E,WAC9B,QAAwBh0F,IAApB61F,GACF,IACE,MAAMU,QAAeR,EAAQO,GAE7B,OADAT,IAAkB,EACXU,CACR,CAAC,MAAMz0F,GACN+zF,IAAkB,CACxB,CAIE,OADeA,GAAkBE,EAAUC,GAC7BM,EAChB,CAS2BE,CAAWxC,EAAQ+B,EAASC,GAkBrD,OAFqBxxE,GAAWuvE,GAASvvE,EAAQ,CAAEjB,SAAU8yE,EAAW9yE,SAAUywE,UAGpF,0MCzCiB9zF,SAAY41F,IAC1BW,6wLAA4BA,KAC5BA,yyJAA+BA,OCuB9BC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS/3F,GACvBhB,KAAKgB,OAASA,EACdhB,KAAKg5F,UAAY,EACjBh5F,KAAKi5F,QAAU,EACfj5F,KAAKk5F,SAAU,CACjB,EAEAH,GAAU94F,UAAUk5F,YAAc,WAC3Bn5F,KAAKk5F,UACRl5F,KAAKi5F,QAAUj5F,KAAKgB,OAAO4I,WAC3B5J,KAAKk5F,SAAU,EAEnB,EAGAH,GAAU94F,UAAUoC,KAAO,SAAS4Z,GAElC,IADA,IAAIla,EAAS,EACNka,EAAO,GAAG,CACfjc,KAAKm5F,cACL,IAAInpE,EAAY,EAAIhwB,KAAKg5F,UAEzB,GAAI/8E,GAAQ+T,EACVjuB,IAAWiuB,EACXjuB,GAAU+2F,GAAQ9oE,GAAahwB,KAAKi5F,QACpCj5F,KAAKk5F,SAAU,EACfl5F,KAAKg5F,UAAY,EACjB/8E,GAAQ+T,MACH,CACLjuB,IAAWka,EACX,IAAI9S,EAAQ6mB,EAAY/T,EACxBla,IAAW/B,KAAKi5F,QAAWH,GAAQ78E,IAAS9S,IAAWA,EACvDnJ,KAAKg5F,WAAa/8E,EAClBA,EAAO,CACb,CACA,CACE,OAAOla,CACT,EAGAg3F,GAAU94F,UAAUm5F,KAAO,SAASp3F,GAClC,IAAIq3F,EAAQr3F,EAAM,EACds3F,GAAUt3F,EAAMq3F,GAAS,EAC7Br5F,KAAKg5F,UAAYK,EACjBr5F,KAAKgB,OAAOo4F,KAAKE,GACjBt5F,KAAKk5F,SAAU,CACjB,EAGAH,GAAU94F,UAAUs5F,GAAK,WACvB,IAA6Bz3F,EAAzB+c,EAAM,IAAIpd,WAAW,GACzB,IAAKK,EAAI,EAAGA,EAAI+c,EAAIjd,OAAQE,IAC1B+c,EAAI/c,GAAK9B,KAAKqC,KAAK,GAErB,OAGF,SAAkBwc,GAChB,OAAOlf,MAAMM,UAAU0E,IAAI5D,KAAK8d,GAAKpD,IAAM,KAAOA,EAAEgF,SAAS,KAAK9d,OAAO,KAAID,KAAK,GACpF,CALS82F,CAAS36E,EAClB,EAMA,IAAA46E,GAAiBV,GC3FbW,GAAS,WACb,EAIAA,GAAOz5F,UAAU2J,SAAW,WAC1B,MAAUrI,MAAM,6CAClB,EAGAm4F,GAAOz5F,UAAUoC,KAAO,SAASiH,EAAQqwF,EAAW/3F,GAElD,IADA,IAAI4G,EAAY,EACTA,EAAY5G,GAAQ,CACzB,IAAIwhB,EAAIpjB,KAAK4J,WACb,GAAIwZ,EAAI,EACN,OAAoB,IAAZ5a,GAAkB,EAAIA,EAEhCc,EAAOqwF,KAAev2E,EACtB5a,GACJ,CACE,OAAOA,CACT,EACAkxF,GAAOz5F,UAAUm5F,KAAO,SAASQ,GAC/B,MAAUr4F,MAAM,yCAClB,EAGAm4F,GAAOz5F,UAAU45F,UAAY,SAASC,GACpC,MAAUv4F,MAAM,6CAClB,EACAm4F,GAAOz5F,UAAU8C,MAAQ,SAASuG,EAAQqwF,EAAW/3F,GACnD,IAAIE,EACJ,IAAKA,EAAE,EAAGA,EAAEF,EAAQE,IAClB9B,KAAK65F,UAAUvwF,EAAOqwF,MAExB,OAAO/3F,CACT,EACA83F,GAAOz5F,UAAU+G,MAAQ,WACzB,EAEA,ICNM+yF,GDMN/4F,GAAiB04F,GCXjBM,IAKMD,GAAc,IAAI35E,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKVhgB,KAAKi6F,OAAS,WACZ,OAASj6E,IAAS,CACnB,EAMDhgB,KAAKk6F,UAAY,SAAS33F,GACxByd,EAAOA,GAAO,EAAK+5E,GAAqC,KAAvB/5E,IAAQ,GAAMzd,GAChD,EAODvC,KAAKm6F,aAAe,SAAS53F,EAAOy6B,GAClC,KAAOA,KAAU,GACfhd,EAAOA,GAAO,EAAK+5E,GAAqC,KAAvB/5E,IAAQ,GAAMzd,GAElD,CACF,GCrECw2F,GAAYqB,GACZV,GAASW,GACTC,GAAQC,GAaRC,GAAM,SAASx+E,EAAOmB,GACxB,IAAwBrb,EAApB6sB,EAAM3S,EAAMmB,GAChB,IAAKrb,EAAIqb,EAAOrb,EAAI,EAAGA,IACrBka,EAAMla,GAAKka,EAAMla,EAAE,GAGrB,OADAka,EAAM,GAAK2S,EACJA,CACT,EAEIgjD,GAAM,CACR8oB,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,CAAE,EACtBA,GAAcvpB,GAAI+oB,YAAyB,oBAC3CQ,GAAcvpB,GAAIgpB,eAAyB,gBAC3CO,GAAcvpB,GAAIipB,sBAAyB,uBAC3CM,GAAcvpB,GAAIkpB,uBAAyB,wBAC3CK,GAAcvpB,GAAImpB,YAAyB,aAC3CI,GAAcvpB,GAAIopB,eAAyB,gBAC3CG,GAAcvpB,GAAIqpB,gBAAkB,kDAEpC,IAAIG,GAAS,SAASC,EAAQC,GAC5B,IAAI7vE,EAAM0vE,GAAcE,IAAW,gBAC/BC,IAAa7vE,GAAO,KAAK6vE,GAC7B,IAAIn3F,EAAI,IAAIomC,UAAU9e,GAEtB,MADAtnB,EAAEo3F,UAAYF,EACRl3F,CACR,EAEIq3F,GAAS,SAASC,EAAaC,GACjCz7F,KAAK07F,SAAW17F,KAAK27F,aAAe37F,KAAK47F,WAAa,EAEtD57F,KAAK67F,cAAcL,EAAaC,EAClC,EACAF,GAAOt7F,UAAU67F,YAAc,WAE7B,OADiB97F,KAAK+7F,mBAKtB/7F,KAAKg8F,SAAW,IAAI1B,IACb,IAJLt6F,KAAK47F,YAAc,GACZ,EAIX,EAEAL,GAAOt7F,UAAU47F,cAAgB,SAASL,EAAaC,GAErD,IAAI58E,EAAM,IAAIpd,WAAW,GACW,IAAhC+5F,EAAYn5F,KAAKwc,EAAK,EAAG,IACuB,QAAhD7H,OAAOqD,aAAawE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1Cs8E,GAAOxpB,GAAIgpB,cAAe,aAE5B,IAAIl6C,EAAQ5hC,EAAI,GAAK,IACjB4hC,EAAQ,GAAKA,EAAQ,IACvB06C,GAAOxpB,GAAIgpB,cAAe,sBAE5B36F,KAAK0D,OAAS,IAAIq1F,GAAUyC,GAI5Bx7F,KAAKi8F,SAAW,IAASx7C,EACzBzgD,KAAKk8F,WAAa,EAClBl8F,KAAKy7F,aAAeA,EACpBz7F,KAAKm8F,UAAY,CACnB,EACAZ,GAAOt7F,UAAU87F,gBAAkB,WACjC,IAAIj6F,EAAGsY,EAAGZ,EACN9V,EAAS1D,KAAK0D,OAId8tB,EAAI9tB,EAAO61F,KACf,GAjFW,iBAiFP/nE,EACF,OAAO,EAnFG,iBAqFRA,GACF2pE,GAAOxpB,GAAIgpB,eACb36F,KAAKo8F,eAAiB14F,EAAOrB,KAAK,MAAQ,EAC1CrC,KAAKm8F,WAAan8F,KAAKo8F,gBACHp8F,KAAKm8F,WAAa,EAAMn8F,KAAKm8F,YAAY,OAAU,EAInEz4F,EAAOrB,KAAK,IACd84F,GAAOxpB,GAAIqpB,gBACb,IAAIqB,EAAc34F,EAAOrB,KAAK,IAC1Bg6F,EAAcr8F,KAAKi8F,UACrBd,GAAOxpB,GAAImpB,WAAY,kCAMzB,IAAIn/E,EAAIjY,EAAOrB,KAAK,IAChBi6F,EAAY,IAAI76F,WAAW,KAAM86F,EAAW,EAChD,IAAKz6F,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAI6Z,EAAK,GAAM,GAAM7Z,EAAK,CACxB,IAAI+tB,EAAQ,GAAJ/tB,EAER,IADA0X,EAAI9V,EAAOrB,KAAK,IACX+X,EAAI,EAAGA,EAAI,GAAIA,IACdZ,EAAK,GAAM,GAAMY,IACnBkiF,EAAUC,KAAc1sE,EAAIzV,EACtC,CAIE,IAAIoiF,EAAa94F,EAAOrB,KAAK,IACzBm6F,EAzHW,GAyHgBA,EAxHhB,IAyHbrB,GAAOxpB,GAAImpB,YAKb,IAAI2B,EAAa/4F,EAAOrB,KAAK,IACV,IAAfo6F,GACFtB,GAAOxpB,GAAImpB,YAEb,IAAI4B,EAAY,IAAIj7F,WAAW,KAC/B,IAAKK,EAAI,EAAGA,EAAI06F,EAAY16F,IAC1B46F,EAAU56F,GAAKA,EAEjB,IAAI66F,EAAY,IAAIl7F,WAAWg7F,GAE/B,IAAK36F,EAAI,EAAGA,EAAI26F,EAAY36F,IAAK,CAE/B,IAAKsY,EAAI,EAAG1W,EAAOrB,KAAK,GAAI+X,IACtBA,GAAKoiF,GAAYrB,GAAOxpB,GAAImpB,YAElC6B,EAAU76F,GAAK04F,GAAIkC,EAAWtiF,EAClC,CAIE,IACiBwiF,EADbC,EAAWN,EAAW,EACtB9oC,EAAS,GACb,IAAKr5C,EAAI,EAAGA,EAAIoiF,EAAYpiF,IAAK,CAC/B,IAqBIkgE,EAASwiB,EArBTl7F,EAAS,IAAIH,WAAWo7F,GAAWxT,EAAO,IAAIt8D,YAAYgwE,IAK9D,IADAphF,EAAIjY,EAAOrB,KAAK,GACXP,EAAI,EAAGA,EAAI+6F,EAAU/6F,IAAK,CAC7B,MACM6Z,EAAI,GAAKA,EAjKE,KAiKoBw/E,GAAOxpB,GAAImpB,YAG1Cp3F,EAAOrB,KAAK,IAEZqB,EAAOrB,KAAK,GAGdsZ,IAFAA,IAIJ/Z,EAAOE,GAAK6Z,CAClB,CAKI,IADA2+D,EAASwiB,EAASl7F,EAAO,GACpBE,EAAI,EAAGA,EAAI+6F,EAAU/6F,IACpBF,EAAOE,GAAKg7F,EACdA,EAASl7F,EAAOE,GACTF,EAAOE,GAAKw4E,IACnBA,EAAS14E,EAAOE,IAapB86F,EAAW,CAAE,EACbnpC,EAAO3wD,KAAK85F,GACZA,EAASI,QAAU,IAAIjwE,YAnMT,KAoMd6vE,EAASK,MAAQ,IAAI78E,YAAY28E,IACjCH,EAAS/sB,KAAO,IAAIzvD,YAAY28E,IAChCH,EAAStiB,OAASA,EAClBsiB,EAASE,OAASA,EAElB,IAAII,EAAK,EACT,IAAKp7F,EAAIw4E,EAAQx4E,GAAKg7F,EAAQh7F,IAE5B,IADAunF,EAAKvnF,GAAK86F,EAASK,MAAMn7F,GAAK,EACzB6Z,EAAI,EAAGA,EAAIkhF,EAAUlhF,IACpB/Z,EAAO+Z,KAAO7Z,IAChB86F,EAASI,QAAQE,KAAQvhF,GAG/B,IAAK7Z,EAAI,EAAGA,EAAI+6F,EAAU/6F,IACxBunF,EAAKznF,EAAOE,MAMd,IADAo7F,EAAKvhF,EAAI,EACJ7Z,EAAIw4E,EAAQx4E,EAAIg7F,EAAQh7F,IAC3Bo7F,GAAM7T,EAAKvnF,GAOX86F,EAASK,MAAMn7F,GAAKo7F,EAAK,EACzBA,IAAO,EACPvhF,GAAK0tE,EAAKvnF,GACV86F,EAAS/sB,KAAK/tE,EAAI,GAAKo7F,EAAKvhF,EAE9BihF,EAASK,MAAMH,EAAS,GAAKz1E,OAAO81E,UACpCP,EAASK,MAAMH,GAAUI,EAAK7T,EAAKyT,GAAU,EAC7CF,EAAS/sB,KAAKyK,GAAU,CAC5B,CAME,IAAI8iB,EAAY,IAAIh9E,YAAY,KAChC,IAAKte,EAAI,EAAGA,EAAI,IAAKA,IACnB46F,EAAU56F,GAAKA,EAEjB,IAA6Cu7F,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOz9F,KAAKy9F,KAAO,IAAIr9E,YAAYpgB,KAAKi8F,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWa,GACPF,GAAYf,GAActB,GAAOxpB,GAAImpB,YACzC8B,EAAWnpC,EAAOkpC,EAAUa,OAG9B17F,EAAI86F,EAAStiB,OACblgE,EAAI1W,EAAOrB,KAAKP,GAEVA,EAAI86F,EAASE,QAAU3B,GAAOxpB,GAAImpB,cAClC1gF,GAAKwiF,EAASK,MAAMn7F,IAFnBA,IAILsY,EAAKA,GAAK,EAAK1W,EAAOrB,KAAK,KAG7B+X,GAAKwiF,EAAS/sB,KAAK/tE,IACX,GAAKsY,GAvQC,MAuQmB+gF,GAAOxpB,GAAImpB,YAC5C,IAAI6C,EAAUf,EAASI,QAAQ5iF,GAK/B,GA5Qc,IA4QVujF,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY5hF,EAAI3b,KAAKi8F,UAAYd,GAAOxpB,GAAImpB,YAEhDsC,EADAC,EAAKf,EAAUI,EAAU,MACR/gF,EACVA,KACL8hF,EAAKF,KAAeF,EAGxB,GAAIM,EAAUpB,EACZ,MAQEgB,GAAav9F,KAAKi8F,UAAYd,GAAOxpB,GAAImpB,YAK7CsC,EAFAC,EAAKf,EADLe,EAAK7C,GAAIkC,EADT56F,EAAI67F,EAAU,OAKdF,EAAKF,KAAeF,CA7BxB,MAjBWC,IACHA,EAAS,EACT3hF,EAAI,GAUJA,GA1RU,IAyRRgiF,EACGL,EAEA,EAAIA,EACXA,IAAW,CAgCjB,CAUE,KAHIjB,EAAc,GAAKA,GAAekB,IAAapC,GAAOxpB,GAAImpB,YAE9D1gF,EAAI,EACCtY,EAAI,EAAGA,EAAI,IAAKA,IACnB0X,EAAIY,EAAIgjF,EAAUt7F,GAClBs7F,EAAUt7F,GAAKsY,EACfA,EAAIZ,EAGN,IAAK1X,EAAI,EAAGA,EAAIy7F,EAAWz7F,IAEzB27F,EAAKL,EADLC,EAAe,IAAVI,EAAK37F,MACcA,GAAK,EAC7Bs7F,EAAUC,KAKZ,IAAIr7F,EAAM,EAAG47F,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjB57F,EAAMy7F,EAAKpB,IAEXr6F,IAAQ,EACR67F,GAAO,GAET79F,KAAK07F,SAAW15F,EAChBhC,KAAK27F,aAAeiC,EACpB59F,KAAK47F,WAAa2B,EAClBv9F,KAAK89F,SAAWD,GAET,CACT,EAOAtC,GAAOt7F,UAAU89F,aAAe,SAASrG,EAAcpqE,GACnD,IAAI0wE,EAAQC,EAAUC,EAKxB,GAAIl+F,KAAK47F,WAAa,EAAK,OAAO,EAGlC,IAAI6B,EAAOz9F,KAAKy9F,KAAMz7F,EAAMhC,KAAK07F,SAAUkC,EAAU59F,KAAK27F,aACtD4B,EAAYv9F,KAAK47F,WAAyB57F,KAAKm+F,WAGnD,IAFA,IAAIN,EAAM79F,KAAK89F,SAERP,GAAW,CAehB,IAdAA,IACAU,EAAWL,EAEXA,EAAgB,KADhB57F,EAAMy7F,EAAKz7F,IAEXA,IAAQ,EACM,GAAV67F,KACFG,EAASJ,EACTM,EAAUD,EACVL,GAAW,IAEXI,EAAS,EACTE,EAAUN,GAEZ59F,KAAKg8F,SAAS7B,aAAa+D,EAASF,GAC7BA,KACLh+F,KAAKy7F,aAAa5B,UAAUqE,GAC5Bl+F,KAAKk8F,aAEH0B,GAAWK,IACbJ,EAAM,EACZ,CAQE,OAPA79F,KAAK47F,WAAa2B,EAEdv9F,KAAKg8F,SAAS/B,WAAaj6F,KAAKo8F,gBAClCjB,GAAOxpB,GAAImpB,WAAY,sBACR96F,KAAKg8F,SAAS/B,SAASx5E,SAAS,IACxC,aAAazgB,KAAKo8F,eAAe37E,SAAS,IAAI,KAEhDzgB,KAAKk8F,UACd,EAEA,IAAIkC,GAAoB,SAAS79F,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIi7F,EAAc,IAAI9B,GAKtB,OAJA8B,EAAYx5F,IAAM,EAClBw5F,EAAY5xF,SAAW,WAAa,OAAOrJ,EAAMP,KAAKgC,MAAS,EAC/Dw5F,EAAYpC,KAAO,SAASp3F,GAAOhC,KAAKgC,IAAMA,CAAM,EACpDw5F,EAAY6C,IAAM,WAAa,OAAOr+F,KAAKgC,KAAOzB,EAAMqB,MAAS,EAC1D45F,CACT,EACI8C,GAAqB,SAAS13F,GAChC,IAAI60F,EAAe,IAAI/B,GACnB6E,GAAW,EACf,GAAI33F,EACF,GAAqB,iBAAV,EACT60F,EAAanyF,OAAS,IAAI7H,WAAWmF,GACrC23F,GAAW,MACN,IAAI,cAAe33F,EACxB,OAAOA,EAEP60F,EAAanyF,OAAS1C,EACtB23F,GAAW,CACjB,MAEI9C,EAAanyF,OAAS,IAAI7H,WAAW,OAuBvC,OArBAg6F,EAAaz5F,IAAM,EACnBy5F,EAAa5B,UAAY,SAASC,GAChC,GAAIyE,GAAYv+F,KAAKgC,KAAOhC,KAAKsJ,OAAO1H,OAAQ,CAC9C,IAAI48F,EAAY,IAAI/8F,WAA8B,EAAnBzB,KAAKsJ,OAAO1H,QAC3C48F,EAAUr8F,IAAInC,KAAKsJ,QACnBtJ,KAAKsJ,OAASk1F,CACpB,CACIx+F,KAAKsJ,OAAOtJ,KAAKgC,OAAS83F,CAC3B,EACD2B,EAAagD,UAAY,WAEvB,GAAIz+F,KAAKgC,MAAQhC,KAAKsJ,OAAO1H,OAAQ,CACnC,IAAK28F,EACH,MAAM,IAAIj0D,UAAU,2CACtB,IAAIk0D,EAAY,IAAI/8F,WAAWzB,KAAKgC,KACpCw8F,EAAUr8F,IAAInC,KAAKsJ,OAAON,SAAS,EAAGhJ,KAAKgC,MAC3ChC,KAAKsJ,OAASk1F,CACpB,CACI,OAAOx+F,KAAKsJ,MACb,EACDmyF,EAAaiD,UAAW,EACjBjD,CACT,EAqGA,IAAAkD,GAAiB,CACfpD,UACA7B,UACA/nB,OACA52D,OApGa,SAASxa,EAAOqG,EAAQg4F,GAMrC,IAJA,IAAIpD,EAAc4C,GAAkB79F,GAChCk7F,EAAe6C,GAAmB13F,GAElCi4F,EAAK,IAAItD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAY6C,OACxC,GAAIQ,EAAG/C,cACL+C,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAGn7F,OAAOrB,KAAK,MAAQ,EAM7C,GALIy8F,IAAoBD,EAAG1C,WACzBhB,GAAOxpB,GAAImpB,WAAY,uBACR+D,EAAG1C,UAAU17E,SAAS,IAC9B,aAAaq+E,EAAgBr+E,SAAS,IAAI,MAE/Cm+E,KACA,QAASpD,IACRA,EAAY6C,MAGV,MADLQ,EAAGhD,cAAcL,EAAaC,EAEtC,CAEE,GAAI,cAAeA,EACjB,OAAOA,EAAagD,WACxB,EA0EEM,YAzEkB,SAASx+F,EAAOyB,EAAK4E,GAEvC,IAAI40F,EAAc4C,GAAkB79F,GAChCk7F,EAAe6C,GAAmB13F,GAClCi4F,EAAK,IAAItD,GAAOC,EAAaC,GAejC,GAdAoD,EAAGn7F,OAAO01F,KAAKp3F,GAEE68F,EAAG9C,oBAGlB8C,EAAG7C,SAAW,IAAI1B,GAGlBuE,EAAGG,YAAc,EAGjBH,EAAGd,gBAGD,cAAetC,EACjB,OAAOA,EAAagD,WACxB,EAqDEQ,MAhDY,SAAS1+F,EAAO4rC,EAAUyyD,GAEtC,IAAIpD,EAAc,IAAI9B,GACtB8B,EAAY0D,SAAWd,GAAkB79F,GACzCi7F,EAAYx5F,IAAM,EAClBw5F,EAAY5xF,SAAW,WAErB,OADA5J,KAAKgC,MACEhC,KAAKk/F,SAASt1F,UACtB,EACG4xF,EAAY0D,SAASb,MACvB7C,EAAY6C,IAAM7C,EAAY0D,SAASb,IAAI16F,KAAK63F,EAAY0D,WAE9D,IAAIzD,EAAe,IAAI/B,GACvB+B,EAAaz5F,IAAM,EACnBy5F,EAAa5B,UAAY,WAAa75F,KAAKgC,KAAQ,EAInD,IAFA,IAAI68F,EAAK,IAAItD,GAAOC,EAAaC,GAC7Bv4E,EAAY27E,EAAG5C,WAEb,QAAST,KAAeA,EAAY6C,OAD7B,CAGX,IAAIc,EAA2B,EAAhB3D,EAAYx5F,IAAQ68F,EAAGn7F,OAAOs1F,UAG7C,GAFI6F,EAAGn7F,OAAOw1F,UAAWiG,GAAY,GAEjCN,EAAG/C,cAAe,CACpB,IAAI13F,EAAQq3F,EAAaz5F,IACzB68F,EAAGd,eACH5xD,EAASgzD,EAAU1D,EAAaz5F,IAAMoC,EAC5C,KAAW,CAEL,GADUy6F,EAAGn7F,OAAOrB,KAAK,KACrBu8F,KACA,QAASpD,IACRA,EAAY6C,MAKV,MAHLQ,EAAGhD,cAAcL,EAAaC,GAC9B5yF,QAAQu2F,OAAOP,EAAG5C,WAAa/4E,EAChB,sDAEvB,CACA,CACA,6LC1iBA,MACE,cAAWlF,GACT,OAAOvT,EAAMkE,OAAOS,MACxB,CAOE,IAAA/M,CAAK8H,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,EAId,CAEE,KAAApH,GACE,OAAO,IAAItB,WAAW,CAAC,GAAM,GAAM,IACvC,oGC/BA,MACE,cAAWuc,GACT,OAAOvT,EAAMkE,OAAOkB,OACxB,CAEE,WAAAjQ,GACEI,KAAK6P,QAAU,IACnB,CAME,IAAAxN,CAAK8H,GAEP,CAME,KAAApH,GACE,OAAO/C,KAAK6P,OAChB,CAQE,mBAAMwvF,CAAcz9F,GAClB5B,KAAK6P,cAAgBuM,GAAOy6B,OAAOhb,eAAej6B,EACtD,4aCzCA,MACE,cAAWoc,GACT,OAAOvT,EAAMkE,OAAOW,KACxB,CAME,IAAAjN,GACE,MAAM,IAAIyqC,GAAiB,kCAC/B,CAEE,KAAA/pC,GACE,MAAM,IAAI+pC,GAAiB,kCAC/B,wJ7CoLOxqC,gBAAsC0N,KAAEA,KAASsvF,IACtD,IAAKtvF,EACH,MAAUzO,MAAM,sEAElB,IAAKuV,EAAKC,SAAS/G,GACjB,MAAUzO,MAAM,yDAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,OAAO,IAAIqiE,GAAiB/0D,EAC9B,wBDkqBO1N,gBAA6B0N,KAAEA,EAAID,OAAEA,EAAMizC,SAAEA,EAAQD,KAAEA,EAAO,IAAI/qC,KAAM4mB,OAAEA,QAAkBx8B,IAAT4N,EAAqB,OAAS,aAAasvF,IACnI,MAAM/+F,OAAiB6B,IAAT4N,EAAqBA,EAAOD,EAC1C,QAAc3N,IAAV7B,EACF,MAAUgB,MAAM,yEAElB,GAAIyO,IAAS8G,EAAKC,SAAS/G,KAAU8G,EAAK7V,SAAS+O,GACjD,MAAUzO,MAAM,0DAElB,GAAIwO,IAAW+G,EAAKtV,aAAauO,KAAY+G,EAAK7V,SAAS8O,GACzD,MAAUxO,MAAM,gEAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,MAAM88F,EAAa1oF,EAAK7V,SAASV,GAC3BmjE,EAAoB,IAAI5gB,GAAkBC,QACnC3gD,IAAT4N,EACF0zD,EAAkBzgB,QAAQ1iD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS8uB,IAE5D8kC,EAAkBtgB,SAAS7iD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS8uB,SAE9Cx8B,IAAb4gD,GACF0gB,EAAkBrgB,YAAYL,GAEhC,MAAMy8C,EAAwB,IAAI72C,GAClC62C,EAAsB38F,KAAK4gE,GAC3B,MAAMnwD,EAAU,IAAI2sD,GAAQu/B,GAE5B,OADAlsF,EAAQy1C,WAAaw2C,EACdjsF,CACT,kBEvkBOjR,gBAAuBiR,QAAEA,EAAOgtD,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAW7H,iBAAEA,EAAgB8mC,aAAEA,GAAe,EAAK9gE,OAAEA,EAAS,OAAM/vB,UAAEA,EAAY,KAAIk0C,KAAEA,EAAO,IAAI/qC,YAAQ9D,KAAWorF,IAGxL,GAF0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCgxD,GAAa3xD,GAAUqlD,EAAmB6M,GAAQ7M,GAAmB2H,EAAiBkF,GAAQlF,GAAiBC,EAAYiF,GAAQjF,GAAYC,EAAcgF,GAAQhF,GACjK6+B,EAAK9hC,YAAa,MAAUj8D,MAAM,iGACtC,GAAI+9F,EAAKK,WAAY,MAAUp+F,MAAM,kGACrC,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IACE,MAAM4pD,QAAkB/4C,EAAQ+a,QAAQiyC,EAAgBC,EAAWC,EAAa1d,EAAM7uC,GACjF0kD,IACHA,EAAmB,IAGrB,MAAM72D,EAAS,CAAE,EAKjB,GAJAA,EAAOqyD,WAAavlD,QAAkBy9C,EAAU+X,eAAex1D,EAAW+pD,EAAkB7V,EAAM7uC,SAAgBo4C,EAAU3rB,OAAOi4B,EAAkB7V,EAAM7uC,GAC3JnS,EAAO8E,KAAkB,WAAX+3B,EAAsB0tB,EAAUyV,iBAAmBzV,EAAUpJ,UAC3EnhD,EAAOihD,SAAWsJ,EAAUhJ,cAC5BqiB,GAAY5jE,EAAQwR,GAChBmsF,EAAc,CAChB,GAAgC,IAA5B9mC,EAAiBh3D,OACnB,MAAUL,MAAM,+DAElB,GAAiC,IAA7BQ,EAAOqyD,WAAWxyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOmU,EAAc,CAC1BjZ,EAAO8E,KACPw/C,GAAiB/jD,gBACTwU,EAAKmH,WAAWlc,EAAOqyD,WAAWzvD,KAAIomC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADA1wC,EAAO8E,WAAa6+D,GAAc3jE,EAAO8E,MAClC9E,CACR,CAAC,MAAOu0B,GACP,MAAMxf,EAAK8G,UAAU,2BAA4B0Y,EACrD,CACA,qBAvMOh0B,gBAA0BkR,WAAEA,EAAUgkC,WAAEA,EAAYtjC,OAAAA,KAAWorF,IAC1Bh6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChC,MAAMqrF,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAAK8Q,EAAW8kD,YACd,MAAU/2D,MAAM,+BAElB,MAAMq+F,EAAmBpsF,EAAW5Q,OAAM,GACpCi9F,EAAc/oF,EAAKrW,QAAQ+2C,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMt3C,QAAQ4E,IAAI86F,EAAiB9mC,UAAUn0D,KAAIgM,GAE/CmG,EAAKmH,WAAW4hF,EAAYl7F,KAAI6yC,GAAc7mC,EAAIs/C,UAAU3hC,QAAQkpB,eAGhEooD,EAAiB/sC,SAAS3+C,GACzB0rF,CACR,CAAC,MAAOtpE,GAEP,MADAspE,EAAiBptC,qBACX17C,EAAK8G,UAAU,+BAAgC0Y,EACzD,CACA,6BA2YOh0B,gBAAkCiR,QAAEA,EAAOgtD,eAAEA,EAAcC,UAAEA,EAASzd,KAAEA,EAAO,IAAI/qC,KAAQ9D,OAAAA,KAAWorF,IAG3G,GAF0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCgxD,GAAa3xD,GAAUgtD,EAAiBkF,GAAQlF,GAAiBC,EAAYiF,GAAQjF,GACjF8+B,EAAK9hC,YAAa,MAAUj8D,MAAM,4GACtC,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAEE,aAD0B6Q,EAAQutD,mBAAmBP,EAAgBC,OAAWp+D,EAAW2gD,EAAM7uC,EAElG,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,gCAAiC0Y,EAC1D,CACA,kBAhVOh0B,gBAAuBiR,QAAEA,EAAOyuD,eAAEA,EAAc3J,YAAEA,EAAWmI,UAAEA,EAASnS,WAAEA,EAAUzvB,OAAEA,EAAS,UAAS/vB,UAAEA,EAAY,KAAIq1C,SAAEA,GAAW,EAAKsf,cAAEA,EAAgB,GAAEV,iBAAEA,EAAmB,GAAE/f,KAAEA,EAAO,IAAI/qC,KAAMyrD,eAAEA,EAAiB,GAAEq8B,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,GAAI7rF,OAAAA,KAAWorF,IAKlS,GAJ0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCgxD,GAAa3xD,GAAU6xD,GAAyBxmC,GAChDojC,EAAiByD,GAAQzD,GAAiB3J,EAAcoN,GAAQpN,GAAcmI,EAAYiF,GAAQjF,GAClGgD,EAAgBiC,GAAQjC,GAAgBV,EAAmB2C,GAAQ3C,GAAmBW,EAAiBgC,GAAQhC,GAAiBq8B,EAAoBr6B,GAAQq6B,GAAoBC,EAAqBt6B,GAAQs6B,GACzMT,EAAKx0D,SACP,MAAUvpC,MAAM,+JAElB,GAAI+9F,EAAKK,WAAY,MAAUp+F,MAAM,gGACrC,GAAI+9F,EAAK9hC,YAAa,MAAUj8D,MAAM,8FACtC,QAAmBa,IAAfk9F,EAAKnsF,MAAqB,MAAU5R,MAAM,oFAC9C,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAE3H21D,IACHA,EAAc,IAGhB,IASE,IARIA,EAAYz2D,QAAUiN,KACxB0E,QAAgBA,EAAQ6sB,KAAKi4B,EAAa2J,EAAgBnzD,EAAW20D,EAAezgB,EAAM0gB,EAAgBX,EAAkBi9B,EAAoB7rF,IAElJX,EAAUA,EAAQ82C,eT5Ff/nD,eAA2Co0C,EAAO,GAAIqM,EAAO,IAAI/qC,KAAQ2nD,EAAU,GAAIzrD,EAASsD,GACrG,MAAMg+C,EAAc/qD,EAAM6C,YAAYC,aAChCkoD,EAAsBvhD,EAAOG,8BAK7B2rF,QAA0B9/F,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,eAAeqO,EAAK7O,GACvE,MACMm+F,SAD0BtvF,EAAIglD,wBAAwB5S,EAAM4c,EAAQ79D,GAAIoS,IACrCpC,+BACzC,QAASmuF,GAAkBA,EAAex2F,QAAQgsD,IAAwB,CAC9E,KACE,OAAOuqC,EAAkB1jE,MAAMgiC,SAAW7I,EAAsBD,CAClE,CSgFY0qC,CAA4Bl+B,EAAgBjf,EAAM+8C,EAAmB5rF,GAC3EA,GAEFX,QAAgBA,EAAQya,QAAQg0C,EAAgBxB,EAAWnS,EAAYnK,EAAU4e,EAAkB/f,EAAM+8C,EAAmB5rF,GAC7G,WAAX0qB,EAAqB,OAAOrrB,EAEhC,MACM1M,EADmB,YAAX+3B,EACOrrB,EAAQJ,MAAMe,GAAUX,EAAQxQ,QACrD,aAAa2iE,GAAc7+D,EAC5B,CAAC,MAAOyvB,GACP,MAAMxf,EAAK8G,UAAU,2BAA4B0Y,EACrD,CACA,qBA7FOh0B,gBAA0BkR,WAAEA,EAAUgkC,WAAEA,EAAYtjC,OAAAA,KAAWorF,IAC1Bh6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChC,MAAMqrF,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAAK8Q,EAAW8kD,YACd,MAAU/2D,MAAM,+BAElB,MAAMq+F,EAAmBpsF,EAAW5Q,OAAM,GAEpC8zC,EAAOkpD,EAAiB9mC,UACxB+mC,EAAc/oF,EAAKrW,QAAQ+2C,GAAcA,EAAiB73C,MAAM+2C,EAAK90C,QAAQ8lB,KAAK8vB,GACxF,GAAIqoD,EAAYj+F,SAAW80C,EAAK90C,OAC9B,MAAUL,MAAM,0DAGlB,IAME,aALMrB,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,MAAOqO,EAAK7O,KACrC,MAAMmuD,UAAEA,GAAct/C,QAChBs/C,EAAUjiC,QAAQ6xE,EAAY/9F,GAAIoS,GACxC+7C,EAAUuC,oBAAoB,KAEzBotC,CACR,CAAC,MAAOtpE,GAEP,MADAspE,EAAiBptC,qBACX17C,EAAK8G,UAAU,+BAAgC0Y,EACzD,CACA,4BAmUOh0B,gBAAiCuE,KAAEA,EAAI+uC,UAAEA,EAASgW,cAAEA,EAAaoW,eAAEA,EAAcxB,UAAEA,EAAS5hC,OAAEA,EAAS,UAASslB,SAAEA,GAAW,EAAK4e,iBAAEA,EAAmB,GAAE/f,KAAEA,EAAO,IAAI/qC,KAAM8nF,kBAAEA,EAAoB,GAAI5rF,OAAAA,KAAWorF,IAItN,GAH0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAgElC,SAAqBrN,GACnB,IAAKiQ,EAAKtV,aAAaqF,GACrB,MAAUtF,MAAM,8CAEpB,CAnEE4+F,CAAYt5F,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAK6O,EAAKC,SAASlQ,GACjB,MAAUtF,MAAM,gBAAmC,2BAEvD,CA9DqB6+F,CAAYxqD,EAAW,aAAcwvB,GAAyBxmC,GACjFojC,EAAiByD,GAAQzD,GAAiBxB,EAAYiF,GAAQjF,GAAYsC,EAAmB2C,GAAQ3C,GAAmBg9B,EAAoBr6B,GAAQq6B,GAChJR,EAAKK,WAAY,MAAUp+F,MAAM,0GACrC,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,KAAMs/D,GAA4C,IAA1BA,EAAepgE,QAAmB4+D,GAAkC,IAArBA,EAAU5+D,QAC/E,MAAUL,MAAM,6CAGlB,IAEE,OAAOqkE,SADe1F,GAAQ8C,kBAAkBn8D,EAAM+uC,EAAWgW,EAAeoW,EAAgBxB,EAAWtc,EAAU4e,EAAkB/f,EAAM+8C,EAAmB5rF,GACnI0qB,EAAQ1qB,EACtC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,+BAAgC0Y,EACzD,CACA,sCA3gBOh0B,gBAA2Bq9D,QAAEA,EAAU,GAAEnoB,WAAEA,EAAUvjC,KAAEA,EAAIvJ,MAAEA,EAAKupD,QAAEA,EAAU,KAAI1iD,kBAAEA,EAAoB,EAACwxC,KAAEA,EAAO,IAAI/qC,KAAMijD,QAAEA,EAAU,CAAC,CAAE,GAACr8B,OAAEA,EAAS,UAAW1qB,OAAAA,KAAWorF,IACxIh6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAC3BD,GAASvJ,GAIZuJ,EAAOA,GAAQ,MACfvJ,EAAQA,GAAS,qBAJjBuJ,EAAOC,EAAOQ,OAAS,aAAe,MACtChK,EAAQ,oBAKVi1D,EAAU8F,GAAQ9F,GAClB,MAAM4/B,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAuB,IAAnBi9D,EAAQ/9D,SAAiBsS,EAAOQ,OAClC,MAAUnT,MAAM,oCAElB,GAAa,QAAT0S,GAAkBggD,EAAU//C,EAAOkB,WACrC,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoB6+C,KAG3E,MAAMnuD,EAAU,CAAE65D,UAASnoB,aAAYvjC,OAAMggD,UAASvpD,QAAO6G,oBAAmBwxC,OAAMkY,WAEtF,IACE,MAAMtqD,IAAEA,EAAG2sD,sBAAEA,SHIVh7D,eAAwBwD,EAASoO,GACtCpO,EAAQs6B,MAAO,GACft6B,EAAU44D,GAA0B54D,IAC5Bm1D,QAAUn1D,EAAQm1D,QAAQt2D,KAAI,CAACmwD,EAAQ33C,IAAUuhD,GAA0B54D,EAAQm1D,QAAQ99C,GAAQrX,KAC3G,IAAIoY,EAAW,CAACmiF,GAAyBv6F,EAASoO,IAClDgK,EAAWA,EAAS1Z,OAAOsB,EAAQm1D,QAAQt2D,KAAImB,GAAW64D,GAA4B74D,EAASoO,MAC/F,MAAM40C,QAAgB5oD,QAAQ4E,IAAIoZ,GAE5BvN,QAAYquD,GAAclW,EAAQ,GAAIA,EAAQnmD,MAAM,GAAImD,EAASoO,GACjEopD,QAA8B3sD,EAAIysD,yBAAyBt3D,EAAQi9C,KAAM7uC,GAE/E,OADAvD,EAAIsnD,qBAAuB,GACpB,CAAEtnD,MAAK2sD,wBAChB,CGhBiDnwB,CAASrnC,EAASoO,GAG/D,OAFAvD,EAAImoD,UAAU72D,SAAQ,EAAGguD,eAAgByH,GAAqBzH,EAAW/7C,KAElE,CACLV,WAAYoyD,GAAaj1D,EAAKiuB,EAAQ1qB,GACtCnI,UAAW65D,GAAaj1D,EAAIotD,WAAYn/B,EAAQ1qB,GAChDopD,wBAEH,CAAC,MAAOhnC,GACP,MAAMxf,EAAK8G,UAAU,2BAA4B0Y,EACrD,CACA,6BAwbOh0B,gBAAkC0/D,eAAEA,EAAcjf,KAAEA,EAAO,IAAI/qC,KAAM8nF,kBAAEA,EAAoB,GAAI5rF,OAAAA,KAAWorF,IAG/G,GAF0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChC8tD,EAAiByD,GAAQzD,GAAiB89B,EAAoBr6B,GAAQq6B,GAClER,EAAKK,WAAY,MAAUp+F,MAAM,2GACrC,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAEE,aAD0Bw9D,GAAQtQ,mBAAmBoS,EAAgBjf,EAAM+8C,EAAmB5rF,EAE/F,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,+BAAgC0Y,EACzD,CACA,+BD/YOh0B,gBAAoCg+F,iBAAEA,EAAgBpsF,OAAEA,KAAWorF,IAExE,GADAprF,EAAS,IAAKsD,KAAkBtD,IAC3BosF,EACH,MAAU/+F,MAAM,gFAElB,IAAKuV,EAAKC,SAASupF,GACjB,MAAU/+F,MAAM,mEAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,MAAMnC,QAAc+gB,GAAQg/E,GAC5B,GAAI//F,EAAM0T,OAASxJ,EAAM0I,MAAMG,OAC7B,MAAU/R,MAAM,gCAElB,MAAMuyD,QAAmBlL,GAAWC,WAAWtoD,EAAMsG,KAAM6hD,GAAgBx0C,IAY7E,SAAuB+M,EAAS6yC,GAC9B,MAAMysC,EAAiB,SAASC,GAC9B,MAAMC,EAAQ9xF,GAAU+T,GAAQ/T,EAAO41C,gBAAkB7hC,EAEzD,IAAK,IAAI5gB,EAAI,EAAGA,EAAIgyD,EAAWlyD,OAAQE,IACrC,GAAIgyD,EAAWhyD,GAAGlC,YAAYoe,MAAQvT,EAAMkE,OAAOE,YAAc2xF,EAAU97F,KAAK+7F,EAAM3sC,EAAWhyD,KAC/F,OAAO,EAGX,OAAO,CACR,EAEK0+F,EAAY,GAoBlB,GAnBAv/E,EAAQhf,SAAQ0d,IACd,MAAM+gF,EAAa/gF,EAAOC,MAAM,gBAChC,IAAI8gF,EAaF,MAAUn/F,MAAM,0DAbF,CACd,MAAMo/F,EAAgBD,EAAW,GAC9BnhF,QAAQ,MAAO,IACf7B,MAAM,KACN/Y,KAAIw7B,IACH,IACE,OAAO11B,EAAM1H,MAAM0H,EAAMkD,KAAMwyB,EAASs0B,cACzC,CAAC,MAAOvwD,GACP,MAAU3C,MAAM,2CAA6C4+B,EAASs0B,cAClF,KAEM+rC,EAAU19F,QAAQ69F,EACxB,CAEA,IAGMH,EAAU5+F,SAAW2+F,EAAeC,GACtC,MAAUj/F,MAAM,wDAEpB,CA9CEyf,CAAczgB,EAAM0gB,QAAS6yC,GAC7B,MAAMjlD,EAAY,IAAIglD,GAAUC,GAChC,OAAO,IAAIiR,GAAiBxkE,EAAMyP,KAAMnB,EAC1C,kBF6JOvM,gBAAuBs+F,WAAEA,EAAUC,UAAEA,EAAW3sF,OAAAA,KAAWorF,IAEhE,GADAprF,EAAS,IAAKsD,KAAkBtD,IAC3B0sF,IAAeC,EAClB,MAAUt/F,MAAM,4EAElB,GAAIq/F,IAAe9pF,EAAKC,SAAS6pF,GAC/B,MAAUr/F,MAAM,gDAElB,GAAIs/F,IAAc/pF,EAAKtV,aAAaq/F,GAClC,MAAUt/F,MAAM,mDAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAAInC,EACJ,GAAIqgG,EAAY,CACd,MAAM3sF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQs/E,GACrC,GAAM3sF,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WAC3D,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,MACItG,EAAQsgG,EAEV,MAAM/sC,QAAmBlL,GAAWC,WAAWtoD,EAAOu+D,GAAmB5qD,GACnE4sF,EAAWhtC,EAAW/J,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB8xF,EAASl/F,OACX,MAAUL,MAAM,uBAGlB,OAAOw9D,GADoBjL,EAAWnxD,MAAMm+F,EAAS,GAAIA,EAAS,IAEpE,mBAyDOx+F,gBAAwBy+F,YAAEA,EAAWC,WAAEA,EAAY9sF,OAAAA,KAAWorF,IACnEprF,EAAS,IAAKsD,KAAkBtD,GAChC,IAAI3T,EAAQwgG,GAAeC,EAC3B,IAAKzgG,EACH,MAAUgB,MAAM,+EAElB,GAAIw/F,IAAgBjqF,EAAKC,SAASgqF,GAChC,MAAUx/F,MAAM,kDAElB,GAAIy/F,IAAelqF,EAAKtV,aAAaw/F,GACnC,MAAUz/F,MAAM,qDAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAIq+F,EAAa,CACf,MAAM9sF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQy/E,GACrC,GAAI9sF,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WACzD,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,CACE,MAAM6vC,EAAO,GACPod,QAAmBlL,GAAWC,WAAWtoD,EAAOu+D,GAAmB5qD,GACnE4sF,EAAWhtC,EAAW/J,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB8xF,EAASl/F,OACX,MAAUL,MAAM,uBAElB,IAAK,IAAIO,EAAI,EAAGA,EAAIg/F,EAASl/F,OAAQE,IAAK,CACxC,MACMm/F,EAASliC,GADIjL,EAAWnxD,MAAMm+F,EAASh/F,GAAIg/F,EAASh/F,EAAI,KAE9D40C,EAAK5zC,KAAKm+F,EACd,CACE,OAAOvqD,CACT,sBCmaOp0C,gBAA2B4+F,eAAEA,EAAcC,cAAEA,EAAejtF,OAAAA,KAAWorF,IAC5EprF,EAAS,IAAKsD,KAAkBtD,GAChC,IAAI3T,EAAQ2gG,GAAkBC,EAC9B,IAAK5gG,EACH,MAAUgB,MAAM,wFAElB,GAAI2/F,IAAmBpqF,EAAKC,SAASmqF,KAAoBpqF,EAAK7V,SAASigG,GACrE,MAAU3/F,MAAM,kEAElB,GAAI4/F,IAAkBrqF,EAAKtV,aAAa2/F,KAAmBrqF,EAAK7V,SAASkgG,GACvE,MAAU5/F,MAAM,qEAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,MAAM88F,EAAa1oF,EAAK7V,SAASV,GACjC,GAAI2gG,EAAgB,CAClB,MAAMjtF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQ/gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMI,QACvB,MAAUhS,MAAM,oCAElBhB,EAAQsG,CACZ,CACE,MAAMitD,QAAmBlL,GAAWC,WAAWtoD,EAAOw/D,GAAuB7rD,GACvEX,EAAU,IAAI2sD,GAAQpM,GAE5B,OADAvgD,EAAQy1C,WAAaw2C,EACdjsF,CACT,yBD3gBOjR,gBAA8Bs+F,WAAEA,EAAUC,UAAEA,EAAW3sF,OAAAA,KAAWorF,IAEvE,GADAprF,EAAS,IAAKsD,KAAkBtD,IAC3B0sF,IAAeC,EAClB,MAAUt/F,MAAM,mFAElB,GAAIq/F,IAAe9pF,EAAKC,SAAS6pF,GAC/B,MAAUr/F,MAAM,uDAElB,GAAIs/F,IAAc/pF,EAAKtV,aAAaq/F,GAClC,MAAUt/F,MAAM,0DAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IAAInC,EACJ,GAAIqgG,EAAY,CACd,MAAM3sF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQs/E,GACrC,GAAM3sF,IAASxJ,EAAM0I,MAAMK,WACzB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,MACItG,EAAQsgG,EAEV,MAAM/sC,QAAmBlL,GAAWC,WAAWtoD,EAAOu+D,GAAmB5qD,GACnE4sF,EAAWhtC,EAAW/J,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIg/F,EAASl/F,OAAQE,IAAK,CACxC,GAAIgyD,EAAWgtC,EAASh/F,IAAIlC,YAAYoe,MAAQvT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMq1F,EAAsBttC,EAAWnxD,MAAMm+F,EAASh/F,GAAIg/F,EAASh/F,EAAI,IACvE,OAAO,IAAIk8D,GAAWojC,EAC1B,CACE,MAAU7/F,MAAM,6BAClB,0BAyDOe,gBAA+By+F,YAAEA,EAAWC,WAAEA,EAAU9sF,OAAEA,IAC/DA,EAAS,IAAKsD,KAAkBtD,GAChC,IAAI3T,EAAQwgG,GAAeC,EAC3B,IAAKzgG,EACH,MAAUgB,MAAM,sFAElB,GAAIw/F,IAAgBjqF,EAAKC,SAASgqF,GAChC,MAAUx/F,MAAM,yDAElB,GAAIy/F,IAAelqF,EAAKtV,aAAaw/F,GACnC,MAAUz/F,MAAM,4DAElB,GAAIw/F,EAAa,CACf,MAAM9sF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQy/E,GACrC,GAAI9sF,IAASxJ,EAAM0I,MAAMK,WACvB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,CACE,MAAM6vC,EAAO,GACPod,QAAmBlL,GAAWC,WAAWtoD,EAAOu+D,GAAmB5qD,GACnE4sF,EAAWhtC,EAAW/J,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIg/F,EAASl/F,OAAQE,IAAK,CACxC,GAAIgyD,EAAWgtC,EAASh/F,IAAIlC,YAAYoe,MAAQvT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMs1F,EAAavtC,EAAWnxD,MAAMm+F,EAASh/F,GAAIg/F,EAASh/F,EAAI,IACxDm/F,EAAS,IAAIjjC,GAAWqjC,GAC9B3qD,EAAK5zC,KAAKm+F,EACd,CACE,GAAoB,IAAhBvqD,EAAK90C,OACP,MAAUL,MAAM,8BAElB,OAAOm1C,CACT,wBPzZOp0C,gBAA6Bg/F,iBAAEA,EAAgBC,gBAAEA,EAAiBrtF,OAAAA,KAAWorF,IAClFprF,EAAS,IAAKsD,KAAkBtD,GAChC,IAAI3T,EAAQ+gG,GAAoBC,EAChC,IAAKhhG,EACH,MAAUgB,MAAM,8FAElB,GAAI+/F,IAAqBxqF,EAAKC,SAASuqF,GACrC,MAAU//F,MAAM,4DAElB,GAAIggG,IAAoBzqF,EAAKtV,aAAa+/F,GACxC,MAAUhgG,MAAM,+DAElB,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAI4+F,EAAkB,CACpB,MAAMrtF,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQ/gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMtE,UACvB,MAAUtN,MAAM,sCAElBhB,EAAQsG,CACZ,CACE,MAAMitD,QAAmBlL,GAAWC,WAAWtoD,EAAOmoD,GAAgBx0C,GACtE,OAAO,IAAI2/C,GAAUC,EACvB,sBUUOxxD,gBAA2BkR,WAAEA,EAAUmsD,QAAEA,EAAU,GAAEnoB,WAAEA,EAAUjmC,kBAAEA,EAAoB,EAACwxC,KAAEA,EAAInkB,OAAEA,EAAS,UAAW1qB,OAAAA,KAAWorF,IAC1Fh6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCyrD,EAAU8F,GAAQ9F,GAClB,MAAM4/B,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAuB,IAAnBi9D,EAAQ/9D,QAAiD,IAAjC4R,EAAWy8C,UAAUrY,QAC/C,MAAUr2C,MAAM,oCAElB,MAAMuE,EAAU,CAAE0N,aAAYmsD,UAASnoB,aAAYjmC,oBAAmBwxC,QAEtE,IACE,MAAQpyC,IAAK6wF,EAAclkC,sBAAEA,SHP1Bh7D,eAAwBwD,EAASoO,GACtCpO,EAAU27F,EAAS37F,GACnB,MAAM0N,WAAEA,GAAe1N,EAEvB,IAAK0N,EAAW8kD,YACd,MAAU/2D,MAAM,gCAGlB,GAAIiS,EAAWy8C,UAAUoC,UACvB,MAAU9wD,MAAM,2CAIlB,IADoBiS,EAAWslD,UAAUx8B,OAAM,EAAG2zB,eAAgBA,EAAUM,gBAE1E,MAAUhvD,MAAM,wBAGlB,MAAMyuD,EAAkBx8C,EAAWy8C,UAE9BnqD,EAAQm1D,UACXn1D,EAAQm1D,cAAgB/6D,QAAQ4E,IAAI0O,EAAWynD,QAAQt2D,KAAIrC,UACzD,MAAM8uD,EAAqB0D,EAAO7E,UAC5BoE,EAAe,CAAE1jD,IAAKq/C,EAAiBrsD,KAAMytD,GAC7C0I,QACJC,GAA+BjF,EAAO8E,kBAAmB5J,EAAiBvlD,EAAMoE,UAAU4B,cAAe4jD,EAAc,KAAMngD,GAC7H7T,OAAM,KAAO,CAAE,KACjB,MAAO,CACL+/B,KAAM05B,EAAiB3nD,UAAa2nD,EAAiB3nD,SAAS,GAAK1H,EAAM0H,SAASU,SACnF,MAIL,MAAMosD,EAAsBzrD,EAAWynD,QAAQt2D,KAAImwD,GAAUA,EAAO7E,YACpE,GAAInqD,EAAQm1D,QAAQr5D,SAAWq9D,EAAoBr9D,OACjD,MAAUL,MAAM,6DAGlBuE,EAAQm1D,QAAUn1D,EAAQm1D,QAAQt2D,KAAIk7D,GAAiB4hC,EAAS5hC,EAAe/5D,KAE/E,MAAM6K,QAAYquD,GAAchP,EAAiBiP,EAAqBn5D,EAASoO,GACzEopD,QAA8B3sD,EAAIysD,yBAAyBt3D,EAAQi9C,KAAM7uC,GAE/E,OADAvD,EAAIsnD,qBAAuB,GACpB,CAAEtnD,MAAK2sD,yBAEd,SAASmkC,EAAS37F,EAASwxD,EAAiB,IAK1C,OAJAxxD,EAAQyL,kBAAoBzL,EAAQyL,mBAAqB+lD,EAAe/lD,kBACxEzL,EAAQ0xC,WAAa1gC,EAAKC,SAASjR,EAAQ0xC,YAAc1xC,EAAQ0xC,WAAa8f,EAAe9f,WAC7F1xC,EAAQi9C,KAAOj9C,EAAQi9C,MAAQuU,EAAevU,KAEvCj9C,CACX,CACA,CG5CiE47F,CAAS57F,EAASoO,GAE/E,MAAO,CACLV,WAAYoyD,GAAa47B,EAAgB5iE,EAAQ1qB,GACjDnI,UAAW65D,GAAa47B,EAAezjC,WAAYn/B,EAAQ1qB,GAC3DopD,wBAEH,CAAC,MAAOhnC,GACP,MAAMxf,EAAK8G,UAAU,6BAA8B0Y,EACvD,CACA,oBAoBOh0B,gBAAyBqO,IAAEA,EAAG2sD,sBAAEA,EAAqBjrD,oBAAEA,EAAmB0wC,KAAEA,EAAO,IAAI/qC,KAAM4mB,OAAEA,EAAS,UAAS1qB,OAAEA,KAAWorF,IACzFh6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChC,MAAMqrF,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,IACE,MAAMi/F,EAAarkC,QACX3sD,EAAI0sD,2BAA2BC,EAAuBva,EAAM7uC,SAC5DvD,EAAI4oD,OAAOlnD,EAAqB0wC,EAAM7uC,GAE9C,OAAOytF,EAAWrpC,YAAc,CAC9B9kD,WAAYoyD,GAAa+7B,EAAY/iE,EAAQ1qB,GAC7CnI,UAAW65D,GAAa+7B,EAAW5jC,WAAYn/B,EAAQ1qB,IACrD,CACFV,WAAY,KACZzH,UAAW65D,GAAa+7B,EAAY/iE,EAAQ1qB,GAE/C,CAAC,MAAOoiB,GACP,MAAMxf,EAAK8G,UAAU,qBAAsB0Y,EAC/C,CACA,eA+OOh0B,gBAAoBiR,QAAEA,EAAO8kD,YAAEA,EAAWlD,cAAEA,EAAgB,GAAEv2B,OAAEA,EAAS,UAASkM,SAAEA,GAAW,EAAK04B,cAAEA,EAAgB,GAAEzgB,KAAEA,EAAO,IAAI/qC,KAAMyrD,eAAEA,EAAiB,GAAEpO,iBAAEA,EAAmB,GAAE0qC,mBAAEA,EAAqB,GAAE7rF,OAAEA,KAAWorF,IAKlO,GAJ0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCixD,GAAwB5xD,GAAU6xD,GAAyBxmC,GAC3Dy5B,EAAcoN,GAAQpN,GAAcmL,EAAgBiC,GAAQjC,GAAgBC,EAAiBgC,GAAQhC,GAAiBtO,EAAgBsQ,GAAQtQ,GAAgBE,EAAmBoQ,GAAQpQ,GAAmB0qC,EAAqBt6B,GAAQs6B,GAErOT,EAAK9hC,YAAa,MAAUj8D,MAAM,2FACtC,QAAmBa,IAAfk9F,EAAKnsF,MAAqB,MAAU5R,MAAM,iFAC9C,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAI6Q,aAAmBwxD,IAA+B,WAAXnmC,EAAqB,MAAUr9B,MAAM,2DAChF,GAAIgS,aAAmBwxD,IAAoBj6B,EAAU,MAAUvpC,MAAM,0CAErE,IAAK82D,GAAsC,IAAvBA,EAAYz2D,OAC9B,MAAUL,MAAM,4BAGlB,IACE,IAAIsN,EAMJ,GAJEA,EADEi8B,QACgBv3B,EAAQuwD,aAAazL,EAAalD,OAAe/yD,EAAWohE,EAAezgB,EAAM0gB,EAAgBpO,EAAkB0qC,EAAoB7rF,SAEvIX,EAAQ6sB,KAAKi4B,EAAalD,OAAe/yD,EAAWohE,EAAezgB,EAAM0gB,EAAgBpO,EAAkB0qC,EAAoB7rF,GAEpI,WAAX0qB,EAAqB,OAAO/vB,EAYhC,OATAA,EADyB,YAAX+vB,EACM/vB,EAAUsE,MAAMe,GAAUrF,EAAU9L,QACpD+nC,IACFj8B,EAAYgT,EAAqBtO,EAAQu1C,QAAQ/lD,SAAST,MAAO4C,EAAUC,WACnEjF,QAAQ4E,IAAI,CAChB6oD,EAAY9+C,EAAW1J,GACvB+c,EAAiBhd,GAAU7E,OAAM,UACjC,WAGOqlE,GAAc72D,EAC5B,CAAC,MAAOynB,GACP,MAAMxf,EAAK8G,UAAU,wBAAyB0Y,EAClD,CACA,oCA8BOh0B,gBAAsBiR,QAAEA,EAAOqlD,iBAAEA,EAAgB8mC,aAAEA,GAAe,EAAK9gE,OAAEA,EAAS,OAAM/vB,UAAEA,EAAY,KAAIk0C,KAAEA,EAAO,IAAI/qC,KAAM9D,OAAEA,KAAWorF,IAG/I,GAF0Ch6B,GAA1CpxD,EAAS,IAAKsD,KAAkBtD,IAChCixD,GAAwB5xD,GAAUqlD,EAAmB6M,GAAQ7M,GACzD0mC,EAAKK,WAAY,MAAUp+F,MAAM,iGACrC,MAAMg+F,EAAiBz/F,OAAO42C,KAAK4oD,GAAO,GAAIC,EAAe39F,OAAS,EAAG,MAAUL,MAAM,mBAAmBg+F,EAAe78F,KAAK,OAEhI,GAAI6Q,aAAmBwxD,IAA+B,WAAXnmC,EAAqB,MAAUr9B,MAAM,iDAChF,GAAIgS,aAAmBwxD,IAAoBl2D,EAAW,MAAUtN,MAAM,6CAEtE,IACE,MAAMQ,EAAS,CAAE,EAQjB,GANEA,EAAOqyD,WADLvlD,QACwB0E,EAAQ8wD,eAAex1D,EAAW+pD,EAAkB7V,EAAM7uC,SAE1DX,EAAQotB,OAAOi4B,EAAkB7V,EAAM7uC,GAEnEnS,EAAO8E,KAAkB,WAAX+3B,EAAsBrrB,EAAQwuD,iBAAmBxuD,EAAQ2vC,UACnE3vC,EAAQy1C,aAAen6C,GAAW82D,GAAY5jE,EAAQwR,GACtDmsF,EAAc,CAChB,GAAiC,IAA7B39F,EAAOqyD,WAAWxyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOmU,EAAc,CAC1BjZ,EAAO8E,KACPw/C,GAAiB/jD,gBACTwU,EAAKmH,WAAWlc,EAAOqyD,WAAWzvD,KAAIomC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADA1wC,EAAO8E,WAAa6+D,GAAc3jE,EAAO8E,MAClC9E,CACR,CAAC,MAAOu0B,GACP,MAAMxf,EAAK8G,UAAU,iCAAkC0Y,EAC3D,CACA","x_google_ignoreList":[0,1,2,3,12,13,14,15,28,29,52,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,111,112,114,115,116,117,118,119,120,121]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.js b/app/node_modules/openpgp/dist/node/openpgp.min.js deleted file mode 100644 index b2f777186..000000000 --- a/app/node_modules/openpgp/dist/node/openpgp.min.js +++ /dev/null @@ -1,17 +0,0 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -"use strict";const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};Object.defineProperty(exports,"__esModule",{value:!0});var t=require("buffer"),r=require("stream"),i=require("crypto"),n=require("zlib"),a=require("os"),s=require("util"),o=require("asn1.js");function c(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var u=/*#__PURE__*/c(t),h=/*#__PURE__*/c(r),d=/*#__PURE__*/c(i),f=/*#__PURE__*/c(n),l=/*#__PURE__*/c(a),p=/*#__PURE__*/c(s),y=/*#__PURE__*/c(o);const b=Symbol("doneWritingPromise"),g=Symbol("doneWritingResolve"),m=Symbol("doneWritingReject"),w=Symbol("readingIndex");class v extends Array{constructor(){super(),this[b]=new Promise(((e,t)=>{this[g]=e,this[m]=t})),this[b].catch((()=>{}))}}function _(e){return e&&e.getReader&&Array.isArray(e)}function k(e){if(!_(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}v.prototype.getReader=function(){return void 0===this[w]&&(this[w]=0),{read:async()=>(await this[b],this[w]===this.length?{value:void 0,done:!0}:{value:this[this[w]++],done:!1})}},v.prototype.readToEnd=async function(e){await this[b];const t=e(this.slice(this[w]));return this.length=0,t},v.prototype.clone=function(){const e=new v;return e[b]=this[b].then((()=>{e.push(...this)})),e},k.prototype.write=async function(e){this.stream.push(e)},k.prototype.close=async function(){this.stream[g]()},k.prototype.abort=async function(e){return this.stream[m](e),e},k.prototype.releaseLock=function(){};const A="object"==typeof e.process&&"object"==typeof e.process.versions,S=A&&h.default.Readable;function E(t){return _(t)?"array":e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t)?"web":z&&z.prototype.isPrototypeOf(t)?"ponyfill":S&&S.prototype.isPrototypeOf(t)?"node":!(!t||!t.getReader)&&"web-like"}function P(e){return Uint8Array.prototype.isPrototypeOf(e)}function x(e){if(1===e.length)return e[0];let t=0;for(let r=0;r{t||(M.isBuffer(i)&&(i=new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r.enqueue(i),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends K{constructor(e,t){super(t),this._reader=W(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t))break}}catch(e){this.destroy(e)}}async _destroy(e,t){this._reader.cancel(e).then(t,t)}}D=function(t,r){return new e(t,r)}}const U=new WeakSet,R=Symbol("externalBuffer");function I(e){if(this.stream=e,e[R]&&(this[R]=e[R].slice()),_(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=async()=>{})}let t=E(e);if("node"===t&&(e=C(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||U.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{U.add(e)}catch(e){}}}I.prototype.read=async function(){if(this[R]&&this[R].length){return{done:!1,value:this[R].shift()}}return this._read()},I.prototype.releaseLock=function(){this[R]&&(this.stream[R]=this[R]),this._releaseLock()},I.prototype.cancel=function(e){return this._cancel(e)},I.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?H(t):void 0;const n=i.indexOf("\n")+1;n&&(e=H(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},I.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(re(t,1)),r},I.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?H(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=H(t);return this.unshift(re(r,e)),re(r,0,e)}}},I.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},I.prototype.unshift=function(...e){this[R]||(this[R]=[]),1===e.length&&P(e[0])&&this[R].length&&e[0].length&&this[R][0].byteOffset>=e[0].length?this[R][0]=new Uint8Array(this[R][0].buffer,this[R][0].byteOffset-e[0].length,this[R][0].byteLength+e[0].length):this[R].unshift(...e.filter((e=>e&&e.length)))},I.prototype.readToEnd=async function(e=H){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};let B,T,{ReadableStream:z,WritableStream:q,TransformStream:F}=e;async function O(){if(F)return;const[t,r]=await Promise.all([Promise.resolve().then((function(){return Cp})),Promise.resolve().then((function(){return Yp}))]);({ReadableStream:z,WritableStream:q,TransformStream:F}=t);const{createReadableStreamWrapper:i}=r;e.ReadableStream&&z!==e.ReadableStream&&(B=i(z),T=i(e.ReadableStream))}const L=A&&u.default.Buffer;function N(e){let t=E(e);return"node"===t?C(e):"web"===t&&B?B(e):t?e:new z({start(t){t.enqueue(e),t.close()}})}function j(e){if(E(e))return e;const t=new v;return(async()=>{const r=G(t);await r.write(e),await r.close()})(),t}function H(e){return e.some((e=>E(e)&&!_(e)))?function(e){e=e.map(N);const t=Z((async function(e){await Promise.all(i.map((t=>ne(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>Y(i,((i,a)=>(r=r.then((()=>V(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>_(e)))?function(e){const t=new v;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>V(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):L&&L.isBuffer(e[0])?L.concat(e):x(e)}function W(e){return new I(e)}function G(e){return new k(e)}async function V(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(E(e)&&!_(e)){e=N(e);try{if(e[R]){const r=G(t);for(let t=0;t{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function X(e,t=(()=>{}),r=(()=>{})){if(_(e)){const i=new v;return(async()=>{const n=G(i);try{const i=await ie(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?H([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(E(e))return $(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?H([i,n]):void 0!==i?i:n}function Y(e,t){if(E(e)&&!_(e)){let r;const i=new F({start(e){r=e}}),n=V(e,i.writable),a=Z((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=j(e);const r=new v;return t(e,r),r}function Q(e,t){let r;const i=Y(e,((e,n)=>{const a=W(e);a.remainder=()=>(a.releaseLock(),V(e,n),i),r=t(a)}));return r}function J(e){if(_(e))return e.clone();if(E(e)){const t=function(e){if(_(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(E(e)){const t=N(e).tee();return t[0][R]=t[1][R]=e[R],t}return[re(e),re(e)]}(e);return te(e,t[0]),t[1]}return re(e)}function ee(e){return _(e)?J(e):E(e)?new z({start(t){const r=Y(e,(async(e,r)=>{const i=W(e),n=G(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));te(e,r)}}):re(e)}function te(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function re(e,t=0,r=1/0){if(_(e))throw Error("Not implemented");if(E(e)){if(t>=0&&r>=0){let i=0;return $(e,{transform(e,n){i=t&&n.enqueue(re(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return X(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>re(H(i),t,r)))}if(0===t&&r<0){let i;return X(e,(e=>{const n=i?H([i,e]):e;if(n.length>=-r)return i=re(n,r),re(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),ae((async()=>re(await ie(e),t,r)))}return e[R]&&(e=H(e[R].concat([e]))),!P(e)||L&&L.isBuffer(e)?e.slice(t,r):(r===1/0&&(r=e.length),e.subarray(t,r))}async function ie(e,t=H){return _(e)?e.readToEnd(t):E(e)?W(e).readToEnd(t):e}async function ne(e,t){if(E(e)){if(e.cancel)return e.cancel(t);if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function ae(e){const t=new v;return(async()=>{const r=G(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}class se{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");if(e instanceof Uint8Array){const t=e,r=Array(t.length);for(let e=0;eBigInt(0);){const e=r&BigInt(1);r>>=BigInt(1);const a=n*i%t.value;n=e?a:n,i=i*i%t.value}return new se(n)}modInv(e){const{gcd:t,x:r}=this._egcd(e);if(!t.isOne())throw Error("Inverse does not exist");return r.add(e).mod(e)}_egcd(e){let t=BigInt(0),r=BigInt(1),i=BigInt(1),n=BigInt(0),a=this.value;for(e=e.value;e!==BigInt(0);){const s=a/e;let o=t;t=i-s*t,i=o,o=r,r=n-s*r,n=o,o=e,e=a%e,a=o}return{x:new se(i),y:new se(n),gcd:new se(a)}}gcd(e){let t=this.value;for(e=e.value;e!==BigInt(0);){const r=e;e=t%e,t=r}return new se(t)}ileftShift(e){return this.value<<=e.value,this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value>>=e.value,this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value===e.value}lt(e){return this.valuee.value}gte(e){return this.value>=e.value}isZero(){return this.value===BigInt(0)}isOne(){return this.value===BigInt(1)}isNegative(){return this.valueNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return e}getBit(e){return(this.value>>BigInt(e)&BigInt(1))===BigInt(0)?0:1}bitLength(){const e=new se(0),t=new se(1),r=new se(-1),i=this.isNegative()?r:e;let n=1;const a=this.clone();for(;!a.irightShift(t).equal(i);)n++;return n}byteLength(){const e=new se(0),t=new se(-1),r=this.isNegative()?t:e,i=new se(8);let n=1;const a=this.clone();for(;!a.irightShift(i).equal(r);)n++;return n}toUint8Array(e="be",t){let r=this.value.toString(16);r.length%2==1&&(r="0"+r);const i=r.length/2,n=new Uint8Array(t||i),a=t?t-i:0;let s=0;for(;s"undefined"!=typeof BigInt;const ce=Symbol("byValue");var ue={curve:{p256:"p256","P-256":"p256",secp256r1:"p256",prime256v1:"p256","1.2.840.10045.3.1.7":"p256","2a8648ce3d030107":"p256","2A8648CE3D030107":"p256",p384:"p384","P-384":"p384",secp384r1:"p384","1.3.132.0.34":"p384","2b81040022":"p384","2B81040022":"p384",p521:"p521","P-521":"p521",secp521r1:"p521","1.3.132.0.35":"p521","2b81040023":"p521","2B81040023":"p521",secp256k1:"secp256k1","1.3.132.0.10":"secp256k1","2b8104000a":"secp256k1","2B8104000A":"secp256k1",ed25519Legacy:"ed25519",ED25519:"ed25519",ed25519:"ed25519",Ed25519:"ed25519","1.3.6.1.4.1.11591.15.1":"ed25519","2b06010401da470f01":"ed25519","2B06010401DA470F01":"ed25519",curve25519Legacy:"curve25519",X25519:"curve25519",cv25519:"curve25519",curve25519:"curve25519",Curve25519:"curve25519","1.3.6.1.4.1.3029.1.5.1":"curve25519","2b060104019755010501":"curve25519","2B060104019755010501":"curve25519",brainpoolP256r1:"brainpoolP256r1","1.3.36.3.3.2.8.1.1.7":"brainpoolP256r1","2b2403030208010107":"brainpoolP256r1","2B2403030208010107":"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1","1.3.36.3.3.2.8.1.1.11":"brainpoolP384r1","2b240303020801010b":"brainpoolP384r1","2B240303020801010B":"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1","1.3.36.3.3.2.8.1.1.13":"brainpoolP512r1","2b240303020801010d":"brainpoolP512r1","2B240303020801010D":"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,ed25519Legacy:22,eddsa:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{plaintext:0,idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuer:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[ce]||(e[ce]=[],Object.entries(e).forEach((([t,r])=>{e[ce][r]=t}))),void 0!==e[ce][t])return e[ce][t];throw Error("Invalid enum value.")}};const he=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),de={isString:function(e){return"string"==typeof e||e instanceof String},isArray:function(e){return e instanceof Array},isUint8Array:P,isStream:E,readNumber:function(e){let t=0;for(let r=0;r>8*(t-i-1)&255;return r},readDate:function(e){const t=de.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return de.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return e.subarray(2,2+t)},leftPad(e,t){const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=de.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return de.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t=[],r=e.length;let i,n=0;for(;n{if(!de.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return X(e,r,(()=>r(new Uint8Array,!0)))},concat:H,concatUint8Array:x,equalsUint8Array:function(e,t){if(!de.isUint8Array(e)||!de.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){return void 0!==e&&e.crypto&&e.crypto.subtle},getBigInteger:async function(){if(oe())return se;{const{default:e}=await Promise.resolve().then((function(){return ry}));return e}},getNodeCrypto:function(){return d.default},getNodeZlib:function(){return f.default},getNodeBuffer:function(){return(u.default||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return l.default.cpus().length},isEmailAddress:function(e){if(!de.isString(e))return!1;return/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/.test(e)},canonicalizeEOL:function(e){let t=!1;return X(e,(e=>{let r;t&&(e=de.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return X(e,(e=>{let r;13===(e=t&&10!==e[0]?de.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i{t=de.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=le(t.subarray(0,n));for(let e=0;et.length?le(t)+"\n":""))}function be(e){let t="";return X(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=pe(t.substr(0,n));return t=t.substr(n),a}),(()=>pe(t)))}function ge(e){return be(e.replace(/-/g,"+").replace(/_/g,"/"))}function me(e,t){let r=ye(e).replace(/[\r\n]/g,"");return t&&(r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,"")),r}fe?(le=e=>fe.from(e).toString("base64"),pe=e=>{const t=fe.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(le=e=>btoa(de.uint8ArrayToString(e)),pe=e=>de.stringToUint8Array(atob(e)));var we={preferredHashAlgorithm:ue.hash.sha256,preferredSymmetricAlgorithm:ue.symmetric.aes256,preferredCompressionAlgorithm:ue.compression.uncompressed,deflateLevel:6,aeadProtect:!1,preferredAEADAlgorithm:ue.aead.eax,aeadChunkSizeByte:12,v5Keys:!1,s2kIterationCountByte:224,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,checksumRequired:!1,minRSABits:2047,passwordCollisionCheck:!1,revocationsExpire:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([ue.symmetric.aes128,ue.symmetric.aes192,ue.symmetric.aes256]),minBytesForWebCrypto:1e3,ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 5.11.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],useIndutnyElliptic:!0,rejectHashAlgorithms:new Set([ue.hash.md5,ue.hash.ripemd]),rejectMessageHashAlgorithms:new Set([ue.hash.md5,ue.hash.ripemd,ue.hash.sha1]),rejectPublicKeyAlgorithms:new Set([ue.publicKey.elgamal,ue.publicKey.dsa]),rejectCurves:new Set([ue.curve.secp256k1])};function ve(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?ue.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?ue.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?ue.armor.signed:/MESSAGE/.test(t[1])?ue.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?ue.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?ue.armor.privateKey:/SIGNATURE/.test(t[1])?ue.armor.signature:void 0}function _e(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function ke(e){return ye(function(e){let t=13501623;return X(e,(e=>{const r=Se?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^Ae[1][t>>16&255]^Ae[2][t>>8&255]^Ae[3][t>>0&255];for(let i=4*r;i>8^Ae[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e))}const Ae=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(0!=(8388608&t)?8801531:0);Ae[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)Ae[1][e]=Ae[0][e]>>8^Ae[0][255&Ae[0][e]];for(let e=0;e<=255;e++)Ae[2][e]=Ae[1][e]>>8^Ae[0][255&Ae[1][e]];for(let e=0;e<=255;e++)Ae[3][e]=Ae[2][e]>>8^Ae[0][255&Ae[2][e]];const Se=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Ee(e){for(let t=0;t=0&&i!==e.length-1&&(t=e.slice(0,i),r=e.slice(i+1).substr(0,4)),{body:t,checksum:r}}function xe(e,t=we){return new Promise((async(r,i)=>{try{const n=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const o=[];let c,u,h,d=o,f=[],l=be(Y(e,(async(e,t)=>{const p=W(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=de.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(c)u||2!==s||(n.test(e)?(f=f.join("\r\n"),u=!0,Ee(d),d=[],c=!1):f.push(e.replace(/^- /,"")));else if(n.test(e)&&i(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(Ee(d),c=!0,u||2!==s){r({text:f,data:l,headers:o,type:s});break}}else d.push(e);else n.test(e)&&(s=ve(e))}}catch(e){return void i(e)}const y=G(t);try{for(;;){await y.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=de.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=Pe(t[0].slice(0,-1));h=i.checksum,await y.write(i.body);break}await y.write(r)}await y.ready,await y.close()}catch(e){await y.abort(e)}})));l=Y(l,(async(e,r)=>{const i=ie(ke(ee(e)));i.catch((()=>{})),await V(e,r,{preventClose:!0});const n=G(r);try{const e=(await i).replace("\n","");if(h!==e&&(h||t.checksumRequired))throw Error("Ascii armor integrity check failed");await n.ready,await n.close()}catch(e){await n.abort(e)}}))}catch(e){i(e)}})).then((async e=>(_(e.data)&&(e.data=await ie(e.data)),e)))}function Me(e,t,r,i,n,a=we){let s,o;e===ue.armor.signed&&(s=t.text,o=t.hash,t=t.data);const c=ee(t),u=[];switch(e){case ue.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case ue.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case ue.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push("Hash: "+o+"\n\n"),u.push(s.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP SIGNATURE-----\n");break;case ue.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP MESSAGE-----\n");break;case ue.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case ue.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case ue.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(_e(n,a)),u.push(ye(t)),u.push("=",ke(c)),u.push("-----END PGP SIGNATURE-----\n")}return de.concat(u)}class Ke{constructor(){this.bytes=""}read(e){return this.bytes=de.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return de.stringToUint8Array(this.bytes)}toHex(){return de.uint8ArrayToHex(de.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Ke;return t.read(de.hexToUint8Array(e)),t}static wildcard(){const e=new Ke;return e.read(new Uint8Array(8)),e}}var Ce=function(){var e,t,r=!1;function i(r,i){var n=e[(t[r]+t[i])%255];return 0!==r&&0!==i||(n=0),n}var n,a,s,o,c=!1;function u(){function u(r){var i,n,a;for(n=a=function(r){var i=e[255-t[r]];return 0===r&&(i=0),i}(r),i=0;i<4;i++)a^=n=255&(n<<1|n>>>7);return a^=99}r||function(){e=[],t=[];var i,n,a=1;for(i=0;i<255;i++)e[i]=a,n=128&a,a<<=1,a&=255,128===n&&(a^=27),a^=e[i],t[e[i]]=i;e[255]=e[0],t[0]=0,r=!0}(),n=[],a=[],s=[[],[],[],[]],o=[[],[],[],[]];for(var h=0;h<256;h++){var d=u(h);n[h]=d,a[d]=h,s[0][h]=i(2,d)<<24|d<<16|d<<8|i(3,d),o[0][d]=i(14,h)<<24|i(9,h)<<16|i(13,h)<<8|i(11,h);for(var f=1;f<4;f++)s[f][h]=s[f-1][h]>>>8|s[f-1][h]<<24,o[f][d]=o[f-1][d]>>>8|o[f-1][d]<<24}c=!0}var h=function(e,t){c||u();var r=new Uint32Array(t);r.set(n,512),r.set(a,768);for(var i=0;i<4;i++)r.set(s[i],4096+1024*i>>2),r.set(o[i],8192+1024*i>>2);var h=function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0;var S=new e.Uint32Array(r),E=new e.Uint8Array(r);function P(e,t,r,o,c,u,h,d){e=e|0;t=t|0;r=r|0;o=o|0;c=c|0;u=u|0;h=h|0;d=d|0;var f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;f=r|0x400,l=r|0x800,p=r|0xc00;c=c^S[(e|0)>>2],u=u^S[(e|4)>>2],h=h^S[(e|8)>>2],d=d^S[(e|12)>>2];for(w=16;(w|0)<=o<<4;w=w+16|0){y=S[(r|c>>22&1020)>>2]^S[(f|u>>14&1020)>>2]^S[(l|h>>6&1020)>>2]^S[(p|d<<2&1020)>>2]^S[(e|w|0)>>2],b=S[(r|u>>22&1020)>>2]^S[(f|h>>14&1020)>>2]^S[(l|d>>6&1020)>>2]^S[(p|c<<2&1020)>>2]^S[(e|w|4)>>2],g=S[(r|h>>22&1020)>>2]^S[(f|d>>14&1020)>>2]^S[(l|c>>6&1020)>>2]^S[(p|u<<2&1020)>>2]^S[(e|w|8)>>2],m=S[(r|d>>22&1020)>>2]^S[(f|c>>14&1020)>>2]^S[(l|u>>6&1020)>>2]^S[(p|h<<2&1020)>>2]^S[(e|w|12)>>2];c=y,u=b,h=g,d=m}i=S[(t|c>>22&1020)>>2]<<24^S[(t|u>>14&1020)>>2]<<16^S[(t|h>>6&1020)>>2]<<8^S[(t|d<<2&1020)>>2]^S[(e|w|0)>>2],n=S[(t|u>>22&1020)>>2]<<24^S[(t|h>>14&1020)>>2]<<16^S[(t|d>>6&1020)>>2]<<8^S[(t|c<<2&1020)>>2]^S[(e|w|4)>>2],a=S[(t|h>>22&1020)>>2]<<24^S[(t|d>>14&1020)>>2]<<16^S[(t|c>>6&1020)>>2]<<8^S[(t|u<<2&1020)>>2]^S[(e|w|8)>>2],s=S[(t|d>>22&1020)>>2]<<24^S[(t|c>>14&1020)>>2]<<16^S[(t|u>>6&1020)>>2]<<8^S[(t|h<<2&1020)>>2]^S[(e|w|12)>>2]}function x(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;P(0x0000,0x0800,0x1000,A,e,t,r,i)}function M(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var a=0;P(0x0400,0x0c00,0x2000,A,e,i,r,t);a=n,n=s,s=a}function K(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o^e,c^t,u^r,h^d);o=i,c=n,u=a,h=s}function C(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;var f=0;P(0x0400,0x0c00,0x2000,A,e,d,r,t);f=n,n=s,s=f;i=i^o,n=n^c,a=a^u,s=s^h;o=e,c=t,u=r,h=d}function D(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i=i^e,c=n=n^t,u=a=a^r,h=s=s^d}function U(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);i=i^e,n=n^t,a=a^r,s=s^d;o=e,c=t,u=r,h=d}function R(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i,c=n,u=a,h=s;i=i^e,n=n^t,a=a^r,s=s^d}function I(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;P(0x0000,0x0800,0x1000,A,d,f,l,p);p=~m&p|m&p+1;l=~g&l|g&l+((p|0)==0);f=~b&f|b&f+((l|0)==0);d=~y&d|y&d+((f|0)==0);i=i^e;n=n^t;a=a^r;s=s^o}function B(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var n=0,a=0,s=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0;e=e^o,t=t^c,r=r^u,i=i^h;n=w|0,a=v|0,s=_|0,d=k|0;for(;(b|0)<128;b=b+1|0){if(n>>>31){f=f^e,l=l^t,p=p^r,y=y^i}n=n<<1|a>>>31,a=a<<1|s>>>31,s=s<<1|d>>>31,d=d<<1;g=i&1;i=i>>>1|r<<31,r=r>>>1|t<<31,t=t>>>1|e<<31,e=e>>>1;if(g)e=e^0xe1000000}o=f,c=l,u=p,h=y}function T(e){e=e|0;A=e}function z(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;i=e,n=t,a=r,s=o}function q(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;o=e,c=t,u=r,h=i}function F(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;d=e,f=t,l=r,p=i}function O(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;y=e,b=t,g=r,m=i}function L(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;p=~m&p|m&i,l=~g&l|g&r,f=~b&f|b&t,d=~y&d|y&e}function N(e){e=e|0;if(e&15)return-1;E[e|0]=i>>>24,E[e|1]=i>>>16&255,E[e|2]=i>>>8&255,E[e|3]=i&255,E[e|4]=n>>>24,E[e|5]=n>>>16&255,E[e|6]=n>>>8&255,E[e|7]=n&255,E[e|8]=a>>>24,E[e|9]=a>>>16&255,E[e|10]=a>>>8&255,E[e|11]=a&255,E[e|12]=s>>>24,E[e|13]=s>>>16&255,E[e|14]=s>>>8&255,E[e|15]=s&255;return 16}function j(e){e=e|0;if(e&15)return-1;E[e|0]=o>>>24,E[e|1]=o>>>16&255,E[e|2]=o>>>8&255,E[e|3]=o&255,E[e|4]=c>>>24,E[e|5]=c>>>16&255,E[e|6]=c>>>8&255,E[e|7]=c&255,E[e|8]=u>>>24,E[e|9]=u>>>16&255,E[e|10]=u>>>8&255,E[e|11]=u&255,E[e|12]=h>>>24,E[e|13]=h>>>16&255,E[e|14]=h>>>8&255,E[e|15]=h&255;return 16}function H(){x(0,0,0,0);w=i,v=n,_=a,k=s}function W(e,t,r){e=e|0;t=t|0;r=r|0;var o=0;if(t&15)return-1;while((r|0)>=16){V[e&7](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);E[t|0]=i>>>24,E[t|1]=i>>>16&255,E[t|2]=i>>>8&255,E[t|3]=i&255,E[t|4]=n>>>24,E[t|5]=n>>>16&255,E[t|6]=n>>>8&255,E[t|7]=n&255,E[t|8]=a>>>24,E[t|9]=a>>>16&255,E[t|10]=a>>>8&255,E[t|11]=a&255,E[t|12]=s>>>24,E[t|13]=s>>>16&255,E[t|14]=s>>>8&255,E[t|15]=s&255;o=o+16|0,t=t+16|0,r=r-16|0}return o|0}function G(e,t,r){e=e|0;t=t|0;r=r|0;var i=0;if(t&15)return-1;while((r|0)>=16){$[e&1](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);i=i+16|0,t=t+16|0,r=r-16|0}return i|0}var V=[x,M,K,C,D,U,R,I];var $=[K,B];return{set_rounds:T,set_state:z,set_iv:q,set_nonce:F,set_mask:O,set_counter:L,get_state:N,get_iv:j,gcm_init:H,cipher:W,mac:G}}({Uint8Array,Uint32Array},e,t);return h.set_key=function(e,t,i,a,s,c,u,d,f){var l=r.subarray(0,60),p=r.subarray(256,316);l.set([t,i,a,s,c,u,d,f]);for(var y=e,b=1;y<4*e+28;y++){var g=l[y-1];(y%e==0||8===e&&y%e==4)&&(g=n[g>>>24]<<24^n[g>>>16&255]<<16^n[g>>>8&255]<<8^n[255&g]),y%e==0&&(g=g<<8^g>>>24^b<<24,b=b<<1^(128&b?27:0)),l[y]=l[y-e]^g}for(var m=0;m=y-4?g:o[0][n[g>>>24]]^o[1][n[g>>>16&255]]^o[2][n[g>>>8&255]]^o[3][n[255&g]]}h.set_rounds(e+5)},h};return h.ENC={ECB:0,CBC:2,CFB:4,OFB:6,CTR:7},h.DEC={ECB:1,CBC:3,CFB:5,OFB:6,CTR:7},h.MAC={CBC:0,GCM:1},h.HEAP_DATA=16384,h}();function De(e){return e instanceof Uint8Array}function Ue(e,t){const r=e?e.byteLength:t||65536;if(4095&r||r<=0)throw Error("heap size must be a positive integer and a multiple of 4096");return e=e||new Uint8Array(new ArrayBuffer(r))}function Re(e,t,r,i,n){const a=e.length-t,s=ae+t.length),0),r=new Uint8Array(t);let i=0;for(let t=0;t>2,n.getUint32(0),n.getUint32(4),n.getUint32(8),n.getUint32(12),i>16?n.getUint32(16):0,i>16?n.getUint32(20):0,i>24?n.getUint32(24):0,i>24?n.getUint32(28):0),void 0!==t){if(16!==t.length)throw new Te("illegal iv size");let e=new DataView(t.buffer,t.byteOffset,t.byteLength);r.set_iv(e.getUint32(0),e.getUint32(4),e.getUint32(8),e.getUint32(12))}else r.set_iv(0,0,0,0)}AES_Encrypt_process(e){if(!De(e))throw new TypeError("data isn't of expected type");let{heap:t,asm:r}=this.acquire_asm(),i=Ce.ENC[this.mode],n=Ce.HEAP_DATA,a=this.pos,s=this.len,o=0,c=e.length||0,u=0,h=0,d=new Uint8Array(s+c&-16);for(;c>0;)h=Re(t,a+s,e,o,c),s+=h,o+=h,c-=h,h=r.cipher(i,n+a,s),h&&d.set(t.subarray(a,a+h),u),u+=h,h0;)f=Re(t,a+s,e,o,c),s+=f,o+=f,c-=f,f=r.cipher(i,n+a,s-(c?0:d)),f&&l.set(t.subarray(a,a+f),u),u+=f,f0){if(a%16){if(this.hasOwnProperty("padding"))throw new Te("data length must be a multiple of the block size");a+=16-a%16}if(t.cipher(r,i+n,a),this.hasOwnProperty("padding")&&this.padding){let t=e[n+s-1];if(t<1||t>16||t>s)throw new ze("bad padding");let r=0;for(let i=t;i>1;i--)r|=t^e[n+s-i];if(r)throw new ze("bad padding");s-=t}}const o=new Uint8Array(s);return s>0&&o.set(e.subarray(n,n+s)),this.pos=0,this.len=0,this.release_asm(),o}}class Le{static encrypt(e,t,r=!1){return new Le(t,r).encrypt(e)}static decrypt(e,t,r=!1){return new Le(t,r).decrypt(e)}constructor(e,t=!1,r){this.aes=r||new Oe(e,void 0,t,"ECB")}encrypt(e){return Ie(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return Ie(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}function Ne(e){const t=function(e){const t=new Le(e);this.encrypt=function(e){return t.encrypt(e)},this.decrypt=function(e){return t.decrypt(e)}};return t.blockSize=t.prototype.blockSize=16,t.keySize=t.prototype.keySize=e/8,t}function je(e,t,r,i,n,a){const s=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],u=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],h=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],d=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],f=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],l=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,y,b,g,m,w,v,_,k,A,S,E,P,x,M=0,K=t.length;const C=32===e.length?3:9;_=3===C?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e,t){const r=8-e.length%8;let i;if(2===t&&r<8)i=32;else if(1===t)i=r;else{if(t||!(r<8)){if(8===r)return e;throw Error("des: invalid padding")}i=0}const n=new Uint8Array(e.length+r);for(let t=0;t>>4^v),v^=b,w^=b<<4,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,w=w<<1|w>>>31,v=v<<1|v>>>31,y=0;y>>4|v<<28)^e[p+1],b=w,w=v,v=b^(o[g>>>24&63]|u[g>>>16&63]|d[g>>>8&63]|l[63&g]|s[m>>>24&63]|c[m>>>16&63]|h[m>>>8&63]|f[63&m]);b=w,w=v,v=b}w=w>>>1|w<<31,v=v>>>1|v<<31,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=252645135&(w>>>4^v),v^=b,w^=b<<4,1===i&&(r?(k=w,S=v):(w^=A,v^=E)),D[U++]=w>>>24,D[U++]=w>>>16&255,D[U++]=w>>>8&255,D[U++]=255&w,D[U++]=v>>>24,D[U++]=v>>>16&255,D[U++]=v>>>8&255,D[U++]=255&v}return r||(D=function(e,t){let r,i=null;if(2===t)r=32;else if(1===t)i=e[e.length-1];else{if(t)throw Error("des: invalid padding");r=0}if(!i){for(i=1;e[e.length-i]===r;)i++;i--}return e.subarray(0,e.length-i)}(D,a)),D}function He(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],i=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],n=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],a=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],s=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],u=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],h=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],d=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],f=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],l=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],y=e.length>8?3:1,b=Array(32*y),g=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let m,w,v,_=0,k=0;for(let A=0;A>>4^A),A^=v,y^=v<<4,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=858993459&(y>>>2^A),A^=v,y^=v<<2,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=16711935&(A>>>8^y),y^=v,A^=v<<8,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=y<<8|A>>>20&240,y=A<<24|A<<8&16711680|A>>>8&65280|A>>>24&240,A=v;for(let e=0;e<16;e++)g[e]?(y=y<<2|y>>>26,A=A<<2|A>>>26):(y=y<<1|y>>>27,A=A<<1|A>>>27),y&=-15,A&=-15,m=t[y>>>28]|r[y>>>24&15]|i[y>>>20&15]|n[y>>>16&15]|a[y>>>12&15]|s[y>>>8&15]|o[y>>>4&15],w=c[A>>>28]|u[A>>>24&15]|h[A>>>20&15]|d[A>>>16&15]|f[A>>>12&15]|l[A>>>8&15]|p[A>>>4&15],v=65535&(w>>>16^m),b[k++]=m^v,b[k++]=w^v<<16}return b}function We(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return je(He(this.key[2]),je(He(this.key[1]),je(He(this.key[0]),e,!0,0,null,null),!1,0,null,null),!0,0,null,null)}}function Ge(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>>16&255,t[a+6]=o>>>8&255,t[a+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>16&255,t[a+6]=o>>8&255,t[a+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const i=t+e,n=i<>>32-r;return(a[0][n>>>24]^a[1][n>>>16&255])-a[2][n>>>8&255]+a[3][255&n]}function i(e,t,r){const i=t^e,n=i<>>32-r;return a[0][n>>>24]-a[1][n>>>16&255]+a[2][n>>>8&255]^a[3][255&n]}function n(e,t,r){const i=t-e,n=i<>>32-r;return(a[0][n>>>24]+a[1][n>>>16&255]^a[2][n>>>8&255])-a[3][255&n]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const i=[,,,,,,,,],n=Array(32);let s;for(let e=0;e<4;e++)s=4*e,i[e]=r[s]<<24|r[s+1]<<16|r[s+2]<<8|r[s+3];const o=[6,7,4,5];let c,u=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(s=0;s<4;s++){const t=e[r][s];c=i[t[1]],c^=a[4][i[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=a[5][i[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=a[6][i[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=a[7][i[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=a[o[s]][i[t[6]>>>2]>>>24-8*(3&t[6])&255],i[t[0]]=c}for(s=0;s<4;s++){const e=t[r][s];c=a[4][i[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=a[5][i[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=a[6][i[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=a[7][i[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=a[4+s][i[e[4]>>>2]>>>24-8*(3&e[4])&255],n[u]=c,u++}}for(let e=0;e<16;e++)this.masking[e]=n[e],this.rotate[e]=31&n[16+e]};const a=[,,,,,,,,];a[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],a[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],a[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],a[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],a[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],a[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],a[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],a[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Ve(e){this.cast5=new Ge,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}We.keySize=We.prototype.keySize=24,We.blockSize=We.prototype.blockSize=8,Ve.blockSize=Ve.prototype.blockSize=8,Ve.keySize=Ve.prototype.keySize=16;const $e=4294967295;function Ze(e,t){return(e<>>32-t)&$e}function Xe(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function Ye(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function Qe(e,t){return e>>>8*t&255}function Je(e){this.tf=function(){let e=null,t=null,r=-1,i=[],n=[[],[],[],[]];function a(e){return n[0][Qe(e,0)]^n[1][Qe(e,1)]^n[2][Qe(e,2)]^n[3][Qe(e,3)]}function s(e){return n[0][Qe(e,3)]^n[1][Qe(e,0)]^n[2][Qe(e,1)]^n[3][Qe(e,2)]}function o(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Ze(t[2]^r+n+i[4*e+8]&$e,31),t[3]=Ze(t[3],1)^r+2*n+i[4*e+9]&$e,r=a(t[2]),n=s(t[3]),t[0]=Ze(t[0]^r+n+i[4*e+10]&$e,31),t[1]=Ze(t[1],1)^r+2*n+i[4*e+11]&$e}function c(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Ze(t[2],1)^r+n+i[4*e+10]&$e,t[3]=Ze(t[3]^r+2*n+i[4*e+11]&$e,31),r=a(t[2]),n=s(t[3]),t[0]=Ze(t[0],1)^r+n+i[4*e+8]&$e,t[1]=Ze(t[1]^r+2*n+i[4*e+9]&$e,31)}return{name:"twofish",blocksize:16,open:function(t){let r,a,s,o,c;e=t;const u=[],h=[],d=[];let f;const l=[];let p,y,b;const g=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],m=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],w=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],v=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],_=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],k=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],A=[[],[]],S=[[],[],[],[]];function E(e){return e^e>>2^[0,90,180,238][3&e]}function P(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function x(e,t){let r,i,n;for(r=0;r<8;r++)i=t>>>24,t=t<<8&$e|e>>>24,e=e<<8&$e,n=i<<1,128&i&&(n^=333),t^=i^n<<16,n^=i>>>1,1&i&&(n^=166),t^=n<<24|n<<8;return t}function M(e,t){const r=t>>4,i=15&t,n=g[e][r^i],a=m[e][_[i]^k[r]];return v[e][_[a]^k[n]]<<4|w[e][n^a]}function K(e,t){let r=Qe(e,0),i=Qe(e,1),n=Qe(e,2),a=Qe(e,3);switch(f){case 4:r=A[1][r]^Qe(t[3],0),i=A[0][i]^Qe(t[3],1),n=A[0][n]^Qe(t[3],2),a=A[1][a]^Qe(t[3],3);case 3:r=A[1][r]^Qe(t[2],0),i=A[1][i]^Qe(t[2],1),n=A[0][n]^Qe(t[2],2),a=A[0][a]^Qe(t[2],3);case 2:r=A[0][A[0][r]^Qe(t[1],0)]^Qe(t[0],0),i=A[0][A[1][i]^Qe(t[1],1)]^Qe(t[0],1),n=A[1][A[0][n]^Qe(t[1],2)]^Qe(t[0],2),a=A[1][A[1][a]^Qe(t[1],3)]^Qe(t[0],3)}return S[0][r]^S[1][i]^S[2][n]^S[3][a]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Xe(e,r);for(r=0;r<256;r++)A[0][r]=M(0,r),A[1][r]=M(1,r);for(r=0;r<256;r++)p=A[1][r],y=E(p),b=P(p),S[0][r]=p+(y<<8)+(b<<16)+(b<<24),S[2][r]=y+(b<<8)+(p<<16)+(b<<24),p=A[0][r],y=E(p),b=P(p),S[1][r]=b+(b<<8)+(y<<16)+(p<<24),S[3][r]=y+(p<<8)+(b<<16)+(y<<24);for(f=d.length/2,r=0;r=0;e--)c(e,a);Ye(t,r,a[2]^i[0]),Ye(t,r+4,a[3]^i[1]),Ye(t,r+8,a[0]^i[2]),Ye(t,r+12,a[1]^i[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function et(){}function tt(e){this.bf=new et,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}Je.keySize=Je.prototype.keySize=32,Je.blockSize=Je.prototype.blockSize=16,et.prototype.BLOCKSIZE=8,et.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],et.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],et.prototype.NN=16,et.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},et.prototype._F=function(e){let t;const r=255&e,i=255&(e>>>=8),n=255&(e>>>=8),a=255&(e>>>=8);return t=this.sboxes[0][a]+this.sboxes[1][n],t^=this.sboxes[2][i],t+=this.sboxes[3][r],t},et.prototype._encryptBlock=function(e){let t,r=e[0],i=e[1];for(t=0;t>>24-8*t&255,n[t+i]=r[1]>>>24-8*t&255;return n},et.prototype._decryptBlock=function(e){let t,r=e[0],i=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],i=this._F(r)^i;const e=r;r=i,i=e}r^=this.parray[1],i^=this.parray[0],e[0]=this._clean(i),e[1]=this._clean(r)},et.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^i}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const i=[0,0];for(t=0;t>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=t+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=r+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=c+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=u+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=h+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=d+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=f+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=l+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=p+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=y+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=b+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=g+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=m+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=w+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=v+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=m^l^r^e;M=P<<1|P>>>31;x=M+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=w^p^c^t;K=P<<1|P>>>31;x=K+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=v^y^u^r;C=P<<1|P>>>31;x=C+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=M^b^h^c;D=P<<1|P>>>31;x=D+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=K^g^d^u;U=P<<1|P>>>31;x=U+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=C^m^f^h;R=P<<1|P>>>31;x=R+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=D^w^l^d;I=P<<1|P>>>31;x=I+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=U^v^p^f;B=P<<1|P>>>31;x=B+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=R^M^y^l;T=P<<1|P>>>31;x=T+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=I^K^b^p;z=P<<1|P>>>31;x=z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=B^C^g^y;q=P<<1|P>>>31;x=q+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=T^D^m^b;F=P<<1|P>>>31;x=F+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=z^U^w^g;O=P<<1|P>>>31;x=O+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=q^R^v^m;L=P<<1|P>>>31;x=L+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=F^I^M^w;N=P<<1|P>>>31;x=N+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=O^B^K^v;j=P<<1|P>>>31;x=j+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=L^T^C^M;H=P<<1|P>>>31;x=H+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=N^z^D^K;W=P<<1|P>>>31;x=W+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=j^q^U^C;G=P<<1|P>>>31;x=G+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=H^F^R^D;V=P<<1|P>>>31;x=V+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=W^O^I^U;$=P<<1|P>>>31;x=$+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=G^L^B^R;Z=P<<1|P>>>31;x=Z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=V^N^T^I;X=P<<1|P>>>31;x=X+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=$^j^z^B;Y=P<<1|P>>>31;x=Y+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Z^H^q^T;Q=P<<1|P>>>31;x=Q+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=X^W^F^z;J=P<<1|P>>>31;x=J+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Y^G^O^q;ee=P<<1|P>>>31;x=ee+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Q^V^L^F;te=P<<1|P>>>31;x=te+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=J^$^N^O;re=P<<1|P>>>31;x=re+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ee^Z^j^L;ie=P<<1|P>>>31;x=ie+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=te^X^H^N;ne=P<<1|P>>>31;x=ne+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=re^Y^W^j;ae=P<<1|P>>>31;x=ae+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ie^Q^G^H;se=P<<1|P>>>31;x=se+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ne^J^V^W;oe=P<<1|P>>>31;x=oe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ae^ee^$^G;ce=P<<1|P>>>31;x=ce+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=se^te^Z^V;ue=P<<1|P>>>31;x=ue+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=oe^re^X^$;he=P<<1|P>>>31;x=he+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ce^ie^Y^Z;de=P<<1|P>>>31;x=de+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ue^ne^Q^X;fe=P<<1|P>>>31;x=fe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=he^ae^J^Y;le=P<<1|P>>>31;x=le+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=de^se^ee^Q;pe=P<<1|P>>>31;x=pe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=fe^oe^te^J;ye=P<<1|P>>>31;x=ye+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=le^ce^re^ee;be=P<<1|P>>>31;x=be+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=pe^ue^ie^te;ge=P<<1|P>>>31;x=ge+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ye^he^ne^re;me=P<<1|P>>>31;x=me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=be^de^ae^ie;we=P<<1|P>>>31;x=we+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ge^fe^se^ne;ve=P<<1|P>>>31;x=ve+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=me^le^oe^ae;_e=P<<1|P>>>31;x=_e+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=we^pe^ce^se;ke=P<<1|P>>>31;x=ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ve^ye^ue^oe;Ae=P<<1|P>>>31;x=Ae+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=_e^be^he^ce;Se=P<<1|P>>>31;x=Se+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ke^ge^de^ue;Ee=P<<1|P>>>31;x=Ee+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ae^me^fe^he;Pe=P<<1|P>>>31;x=Pe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Se^we^le^de;xe=P<<1|P>>>31;x=xe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ee^ve^pe^fe;Me=P<<1|P>>>31;x=Me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Pe^_e^ye^le;Ke=P<<1|P>>>31;x=Ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=xe^ke^be^pe;Ce=P<<1|P>>>31;x=Ce+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Me^Ae^ge^ye;De=P<<1|P>>>31;x=De+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ke^Se^me^be;Ue=P<<1|P>>>31;x=Ue+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ce^Ee^we^ge;Re=P<<1|P>>>31;x=Re+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=De^Pe^ve^me;Ie=P<<1|P>>>31;x=Ie+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ue^xe^_e^we;Be=P<<1|P>>>31;x=Be+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Re^Me^ke^ve;Te=P<<1|P>>>31;x=Te+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ie^Ke^Ae^_e;ze=P<<1|P>>>31;x=ze+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;i=i+_|0;n=n+k|0;a=a+A|0;s=s+S|0;o=o+E|0}function k(e){e=e|0;_(v[e|0]<<24|v[e|1]<<16|v[e|2]<<8|v[e|3],v[e|4]<<24|v[e|5]<<16|v[e|6]<<8|v[e|7],v[e|8]<<24|v[e|9]<<16|v[e|10]<<8|v[e|11],v[e|12]<<24|v[e|13]<<16|v[e|14]<<8|v[e|15],v[e|16]<<24|v[e|17]<<16|v[e|18]<<8|v[e|19],v[e|20]<<24|v[e|21]<<16|v[e|22]<<8|v[e|23],v[e|24]<<24|v[e|25]<<16|v[e|26]<<8|v[e|27],v[e|28]<<24|v[e|29]<<16|v[e|30]<<8|v[e|31],v[e|32]<<24|v[e|33]<<16|v[e|34]<<8|v[e|35],v[e|36]<<24|v[e|37]<<16|v[e|38]<<8|v[e|39],v[e|40]<<24|v[e|41]<<16|v[e|42]<<8|v[e|43],v[e|44]<<24|v[e|45]<<16|v[e|46]<<8|v[e|47],v[e|48]<<24|v[e|49]<<16|v[e|50]<<8|v[e|51],v[e|52]<<24|v[e|53]<<16|v[e|54]<<8|v[e|55],v[e|56]<<24|v[e|57]<<16|v[e|58]<<8|v[e|59],v[e|60]<<24|v[e|61]<<16|v[e|62]<<8|v[e|63])}function A(e){e=e|0;v[e|0]=i>>>24;v[e|1]=i>>>16&255;v[e|2]=i>>>8&255;v[e|3]=i&255;v[e|4]=n>>>24;v[e|5]=n>>>16&255;v[e|6]=n>>>8&255;v[e|7]=n&255;v[e|8]=a>>>24;v[e|9]=a>>>16&255;v[e|10]=a>>>8&255;v[e|11]=a&255;v[e|12]=s>>>24;v[e|13]=s>>>16&255;v[e|14]=s>>>8&255;v[e|15]=s&255;v[e|16]=o>>>24;v[e|17]=o>>>16&255;v[e|18]=o>>>8&255;v[e|19]=o&255}function S(){i=0x67452301;n=0xefcdab89;a=0x98badcfe;s=0x10325476;o=0xc3d2e1f0;c=u=0}function E(e,t,r,h,d,f,l){e=e|0;t=t|0;r=r|0;h=h|0;d=d|0;f=f|0;l=l|0;i=e;n=t;a=r;s=h;o=d;c=f;u=l}function P(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){k(e);e=e+64|0;t=t-64|0;r=r+64|0}c=c+r|0;if(c>>>0>>0)u=u+1|0;return r|0}function x(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=P(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;c=c+t|0;if(c>>>0>>0)u=u+1|0;v[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)v[e|n]=0x00;k(e);t=0;v[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)v[e|n]=0;v[e|56]=u>>>21&255;v[e|57]=u>>>13&255;v[e|58]=u>>>5&255;v[e|59]=u<<3&255|c>>>29;v[e|60]=c>>>21&255;v[e|61]=c>>>13&255;v[e|62]=c>>>5&255;v[e|63]=c<<3&255;k(e);if(~r)A(r);return i|0}function M(){i=h;n=d;a=f;s=l;o=p;c=64;u=0}function K(){i=y;n=b;a=g;s=m;o=w;c=64;u=0}function C(e,t,r,v,k,A,E,P,x,M,K,C,D,U,R,I){e=e|0;t=t|0;r=r|0;v=v|0;k=k|0;A=A|0;E=E|0;P=P|0;x=x|0;M=M|0;K=K|0;C=C|0;D=D|0;U=U|0;R=R|0;I=I|0;S();_(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,v^0x5c5c5c5c,k^0x5c5c5c5c,A^0x5c5c5c5c,E^0x5c5c5c5c,P^0x5c5c5c5c,x^0x5c5c5c5c,M^0x5c5c5c5c,K^0x5c5c5c5c,C^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,R^0x5c5c5c5c,I^0x5c5c5c5c);y=i;b=n;g=a;m=s;w=o;S();_(e^0x36363636,t^0x36363636,r^0x36363636,v^0x36363636,k^0x36363636,A^0x36363636,E^0x36363636,P^0x36363636,x^0x36363636,M^0x36363636,K^0x36363636,C^0x36363636,D^0x36363636,U^0x36363636,R^0x36363636,I^0x36363636);h=i;d=n;f=a;l=s;p=o;c=64;u=0}function D(e,t,r){e=e|0;t=t|0;r=r|0;var c=0,u=0,h=0,d=0,f=0,l=0;if(e&63)return-1;if(~r)if(r&31)return-1;l=x(e,t,-1)|0;c=i,u=n,h=a,d=s,f=o;K();_(c,u,h,d,f,0x80000000,0,0,0,0,0,0,0,0,0,672);if(~r)A(r);return l|0}function U(e,t,r,c,u){e=e|0;t=t|0;r=r|0;c=c|0;u=u|0;var h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;if(e&63)return-1;if(~u)if(u&31)return-1;v[e+t|0]=r>>>24;v[e+t+1|0]=r>>>16&255;v[e+t+2|0]=r>>>8&255;v[e+t+3|0]=r&255;D(e,t+4|0,-1)|0;h=y=i,d=b=n,f=g=a,l=m=s,p=w=o;c=c-1|0;while((c|0)>0){M();_(y,b,g,m,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,g=a,m=s,w=o;K();_(y,b,g,m,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,g=a,m=s,w=o;h=h^i;d=d^n;f=f^a;l=l^s;p=p^o;c=c-1|0}i=h;n=d;a=f;s=l;o=p;if(~u)A(u);return 0}return{reset:S,init:E,process:P,finish:x,hmac_reset:M,hmac_init:C,hmac_finish:D,pbkdf2_generate_block:U}};class ct{constructor(){this.pos=0,this.len=0}reset(){const{asm:e}=this.acquire_asm();return this.result=null,this.pos=0,this.len=0,e.reset(),this}process(e){if(null!==this.result)throw new Be("state must be reset before processing new data");const{asm:t,heap:r}=this.acquire_asm();let i=this.pos,n=this.len,a=0,s=e.length,o=0;for(;s>0;)o=Re(r,i+n,e,a,s),n+=o,a+=o,s-=o,o=t.process(i,n),i+=o,n-=o,n||(i=0);return this.pos=i,this.len=n,this}finish(){if(null!==this.result)throw new Be("state must be reset before processing new data");const{asm:e,heap:t}=this.acquire_asm();return e.finish(this.pos,this.len,0),this.result=new Uint8Array(this.HASH_SIZE),this.result.set(t.subarray(0,this.HASH_SIZE)),this.pos=0,this.len=0,this.release_asm(),this}}const ut=[],ht=[];class dt extends ct{constructor(){super(),this.NAME="sha1",this.BLOCK_SIZE=64,this.HASH_SIZE=20,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=ut.pop()||Ue(),this.asm=ht.pop()||ot({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(ut.push(this.heap),ht.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new dt).process(e).finish().result}}dt.NAME="sha1",dt.heap_pool=[],dt.asm_pool=[],dt.asm_function=ot;const ft=[],lt=[];class pt extends ct{constructor(){super(),this.NAME="sha256",this.BLOCK_SIZE=64,this.HASH_SIZE=32,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=ft.pop()||Ue(),this.asm=lt.pop()||function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=new e.Uint8Array(r);function C(e,t,r,d,f,l,p,y,b,g,m,w,v,_,k,A){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;l=l|0;p=p|0;y=y|0;b=b|0;g=g|0;m=m|0;w=w|0;v=v|0;_=_|0;k=k|0;A=A|0;var S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0;S=i;E=n;P=a;x=s;M=o;K=c;C=u;D=h;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x428a2f98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x71374491|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb5c0fbcf|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xe9b5dba5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x3956c25b|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x59f111f1|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x923f82a4|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xab1c5ed5|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xd807aa98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x12835b01|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x243185be|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x550c7dc3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x72be5d74|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x80deb1fe|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x9bdc06a7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc19bf174|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xe49b69c1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xefbe4786|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x0fc19dc6|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x240ca1cc|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x2de92c6f|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4a7484aa|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5cb0a9dc|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x76f988da|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x983e5152|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa831c66d|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb00327c8|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xbf597fc7|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xc6e00bf3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd5a79147|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x06ca6351|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x14292967|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x27b70a85|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x2e1b2138|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x4d2c6dfc|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x53380d13|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x650a7354|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x766a0abb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x81c2c92e|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x92722c85|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xa2bfe8a1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa81a664b|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xc24b8b70|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xc76c51a3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xd192e819|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd6990624|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xf40e3585|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x106aa070|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x19a4c116|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x1e376c08|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x2748774c|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x34b0bcb5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x391c0cb3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4ed8aa4a|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5b9cca4f|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x682e6ff3|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x748f82ee|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x78a5636f|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x84c87814|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x8cc70208|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x90befffa|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xa4506ceb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xbef9a3f7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc67178f2|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;i=i+S|0;n=n+E|0;a=a+P|0;s=s+x|0;o=o+M|0;c=c+K|0;u=u+C|0;h=h+D|0}function D(e){e=e|0;C(K[e|0]<<24|K[e|1]<<16|K[e|2]<<8|K[e|3],K[e|4]<<24|K[e|5]<<16|K[e|6]<<8|K[e|7],K[e|8]<<24|K[e|9]<<16|K[e|10]<<8|K[e|11],K[e|12]<<24|K[e|13]<<16|K[e|14]<<8|K[e|15],K[e|16]<<24|K[e|17]<<16|K[e|18]<<8|K[e|19],K[e|20]<<24|K[e|21]<<16|K[e|22]<<8|K[e|23],K[e|24]<<24|K[e|25]<<16|K[e|26]<<8|K[e|27],K[e|28]<<24|K[e|29]<<16|K[e|30]<<8|K[e|31],K[e|32]<<24|K[e|33]<<16|K[e|34]<<8|K[e|35],K[e|36]<<24|K[e|37]<<16|K[e|38]<<8|K[e|39],K[e|40]<<24|K[e|41]<<16|K[e|42]<<8|K[e|43],K[e|44]<<24|K[e|45]<<16|K[e|46]<<8|K[e|47],K[e|48]<<24|K[e|49]<<16|K[e|50]<<8|K[e|51],K[e|52]<<24|K[e|53]<<16|K[e|54]<<8|K[e|55],K[e|56]<<24|K[e|57]<<16|K[e|58]<<8|K[e|59],K[e|60]<<24|K[e|61]<<16|K[e|62]<<8|K[e|63])}function U(e){e=e|0;K[e|0]=i>>>24;K[e|1]=i>>>16&255;K[e|2]=i>>>8&255;K[e|3]=i&255;K[e|4]=n>>>24;K[e|5]=n>>>16&255;K[e|6]=n>>>8&255;K[e|7]=n&255;K[e|8]=a>>>24;K[e|9]=a>>>16&255;K[e|10]=a>>>8&255;K[e|11]=a&255;K[e|12]=s>>>24;K[e|13]=s>>>16&255;K[e|14]=s>>>8&255;K[e|15]=s&255;K[e|16]=o>>>24;K[e|17]=o>>>16&255;K[e|18]=o>>>8&255;K[e|19]=o&255;K[e|20]=c>>>24;K[e|21]=c>>>16&255;K[e|22]=c>>>8&255;K[e|23]=c&255;K[e|24]=u>>>24;K[e|25]=u>>>16&255;K[e|26]=u>>>8&255;K[e|27]=u&255;K[e|28]=h>>>24;K[e|29]=h>>>16&255;K[e|30]=h>>>8&255;K[e|31]=h&255}function R(){i=0x6a09e667;n=0xbb67ae85;a=0x3c6ef372;s=0xa54ff53a;o=0x510e527f;c=0x9b05688c;u=0x1f83d9ab;h=0x5be0cd19;d=f=0}function I(e,t,r,l,p,y,b,g,m,w){e=e|0;t=t|0;r=r|0;l=l|0;p=p|0;y=y|0;b=b|0;g=g|0;m=m|0;w=w|0;i=e;n=t;a=r;s=l;o=p;c=y;u=b;h=g;d=m;f=w}function B(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){D(e);e=e+64|0;t=t-64|0;r=r+64|0}d=d+r|0;if(d>>>0>>0)f=f+1|0;return r|0}function T(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=B(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;d=d+t|0;if(d>>>0>>0)f=f+1|0;K[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)K[e|n]=0x00;D(e);t=0;K[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)K[e|n]=0;K[e|56]=f>>>21&255;K[e|57]=f>>>13&255;K[e|58]=f>>>5&255;K[e|59]=f<<3&255|d>>>29;K[e|60]=d>>>21&255;K[e|61]=d>>>13&255;K[e|62]=d>>>5&255;K[e|63]=d<<3&255;D(e);if(~r)U(r);return i|0}function z(){i=l;n=p;a=y;s=b;o=g;c=m;u=w;h=v;d=64;f=0}function q(){i=_;n=k;a=A;s=S;o=E;c=P;u=x;h=M;d=64;f=0}function F(e,t,r,K,D,U,I,B,T,z,q,F,O,L,N,j){e=e|0;t=t|0;r=r|0;K=K|0;D=D|0;U=U|0;I=I|0;B=B|0;T=T|0;z=z|0;q=q|0;F=F|0;O=O|0;L=L|0;N=N|0;j=j|0;R();C(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,K^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,I^0x5c5c5c5c,B^0x5c5c5c5c,T^0x5c5c5c5c,z^0x5c5c5c5c,q^0x5c5c5c5c,F^0x5c5c5c5c,O^0x5c5c5c5c,L^0x5c5c5c5c,N^0x5c5c5c5c,j^0x5c5c5c5c);_=i;k=n;A=a;S=s;E=o;P=c;x=u;M=h;R();C(e^0x36363636,t^0x36363636,r^0x36363636,K^0x36363636,D^0x36363636,U^0x36363636,I^0x36363636,B^0x36363636,T^0x36363636,z^0x36363636,q^0x36363636,F^0x36363636,O^0x36363636,L^0x36363636,N^0x36363636,j^0x36363636);l=i;p=n;y=a;b=s;g=o;m=c;w=u;v=h;d=64;f=0}function O(e,t,r){e=e|0;t=t|0;r=r|0;var d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;if(e&63)return-1;if(~r)if(r&31)return-1;w=T(e,t,-1)|0;d=i,f=n,l=a,p=s,y=o,b=c,g=u,m=h;q();C(d,f,l,p,y,b,g,m,0x80000000,0,0,0,0,0,0,768);if(~r)U(r);return w|0}function L(e,t,r,d,f){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;var l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0;if(e&63)return-1;if(~f)if(f&31)return-1;K[e+t|0]=r>>>24;K[e+t+1|0]=r>>>16&255;K[e+t+2|0]=r>>>8&255;K[e+t+3|0]=r&255;O(e,t+4|0,-1)|0;l=_=i,p=k=n,y=A=a,b=S=s,g=E=o,m=P=c,w=x=u,v=M=h;d=d-1|0;while((d|0)>0){z();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;q();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;l=l^i;p=p^n;y=y^a;b=b^s;g=g^o;m=m^c;w=w^u;v=v^h;d=d-1|0}i=l;n=p;a=y;s=b;o=g;c=m;u=w;h=v;if(~f)U(f);return 0}return{reset:R,init:I,process:B,finish:T,hmac_reset:z,hmac_init:F,hmac_finish:O,pbkdf2_generate_block:L}}({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(ft.push(this.heap),lt.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new pt).process(e).finish().result}}pt.NAME="sha256";var yt=bt;function bt(e,t){if(!e)throw Error(t||"Assertion failed")}bt.equal=function(e,t,r){if(e!=t)throw Error(r||"Assertion failed: "+e+" != "+t)};var gt=void 0!==e?e:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function mt(e,t){return e(t={exports:{}},t.exports),t.exports}function wt(){throw Error("Dynamic requires are not currently supported by @rollup/plugin-commonjs")}var vt=mt((function(e){e.exports="function"==typeof Object.create?function(e,t){e.super_=t,e.prototype=Object.create(t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}})}:function(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}})),_t=mt((function(e){try{var t=p.default;if("function"!=typeof t.inherits)throw"";e.exports=t.inherits}catch(t){e.exports=vt}}));var kt=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var r=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),i=0;i>8,s=255&n;a?r.push(a,s):r.push(s)}else for(i=0;i>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}var Et=function(e,t){for(var r="",i=0;i>>0}return a};var Kt=function(e,t){for(var r=Array(4*e.length),i=0,n=0;i>>24,r[n+1]=a>>>16&255,r[n+2]=a>>>8&255,r[n+3]=255&a):(r[n+3]=a>>>24,r[n+2]=a>>>16&255,r[n+1]=a>>>8&255,r[n]=255&a)}return r};var Ct={inherits:_t,toArray:kt,toHex:At,htonl:St,toHex32:Et,zero2:Pt,zero8:xt,join32:Mt,split32:Kt,rotr32:function(e,t){return e>>>t|e<<32-t},rotl32:function(e,t){return e<>>32-t},sum32:function(e,t){return e+t>>>0},sum32_3:function(e,t,r){return e+t+r>>>0},sum32_4:function(e,t,r,i){return e+t+r+i>>>0},sum32_5:function(e,t,r,i,n){return e+t+r+i+n>>>0},sum64:function(e,t,r,i){var n=e[t],a=i+e[t+1]>>>0,s=(a>>0,e[t+1]=a},sum64_hi:function(e,t,r,i){return(t+i>>>0>>0},sum64_lo:function(e,t,r,i){return t+i>>>0},sum64_4_hi:function(e,t,r,i,n,a,s,o){var c=0,u=t;return c+=(u=u+i>>>0)>>0)>>0)>>0},sum64_4_lo:function(e,t,r,i,n,a,s,o){return t+i+a+o>>>0},sum64_5_hi:function(e,t,r,i,n,a,s,o,c,u){var h=0,d=t;return h+=(d=d+i>>>0)>>0)>>0)>>0)>>0},sum64_5_lo:function(e,t,r,i,n,a,s,o,c,u){return t+i+a+o+u>>>0},rotr64_hi:function(e,t,r){return(t<<32-r|e>>>r)>>>0},rotr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0},shr64_hi:function(e,t,r){return e>>>r},shr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0}};function Dt(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}var Ut=Dt;Dt.prototype.update=function(e,t){if(e=Ct.toArray(e,t),this.pending?this.pending=this.pending.concat(e):this.pending=e,this.pendingTotal+=e.length,this.pending.length>=this._delta8){var r=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-r,e.length),0===this.pending.length&&(this.pending=null),e=Ct.join32(e,0,e.length-r,this.endian);for(var i=0;i>>24&255,i[n++]=e>>>16&255,i[n++]=e>>>8&255,i[n++]=255&e}else for(i[n++]=255&e,i[n++]=e>>>8&255,i[n++]=e>>>16&255,i[n++]=e>>>24&255,i[n++]=0,i[n++]=0,i[n++]=0,i[n++]=0,a=8;a>>3},g1_256:function(e){return It(e,17)^It(e,19)^e>>>10}},Ot=Ct.sum32,Lt=Ct.sum32_4,Nt=Ct.sum32_5,jt=Ft.ch32,Ht=Ft.maj32,Wt=Ft.s0_256,Gt=Ft.s1_256,Vt=Ft.g0_256,$t=Ft.g1_256,Zt=Rt.BlockHash,Xt=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function Yt(){if(!(this instanceof Yt))return new Yt;Zt.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=Xt,this.W=Array(64)}Ct.inherits(Yt,Zt);var Qt=Yt;function Jt(){if(!(this instanceof Jt))return new Jt;Qt.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}Yt.blockSize=512,Yt.outSize=256,Yt.hmacStrength=192,Yt.padLength=64,Yt.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;i>>32-n,r)}function Vr(e,t,r,i,n,a,s){return Gr(t&r|~t&i,e,t,n,a,s)}function $r(e,t,r,i,n,a,s){return Gr(t&i|r&~i,e,t,n,a,s)}function Zr(e,t,r,i,n,a,s){return Gr(t^r^i,e,t,n,a,s)}function Xr(e,t,r,i,n,a,s){return Gr(r^(t|~i),e,t,n,a,s)}function Yr(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const Qr="0123456789abcdef".split("");function Jr(e){let t="",r=0;for(;r<4;r++)t+=Qr[e>>8*r+4&15]+Qr[e>>8*r&15];return t}function ei(e,t){return e+t&4294967295}const ti=de.getWebCrypto(),ri=de.getNodeCrypto(),ii=ri&&ri.getHashes();function ni(e){if(ri&&ii.includes(e))return async function(t){const r=ri.createHash(e);return X(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ai(e,t){return async function(r,i=we){if(_(r)&&(r=await ie(r)),!de.isStream(r)&&ti&&t&&r.length>=i.minBytesForWebCrypto)return new Uint8Array(await ti.digest(t,r));const n=e();return X(r,(e=>{n.update(e)}),(()=>new Uint8Array(n.digest())))}}function si(e,t){return async function(r,i=we){if(_(r)&&(r=await ie(r)),de.isStream(r)){const t=new e;return X(r,(e=>{t.process(e)}),(()=>t.finish().result))}return ti&&t&&r.length>=i.minBytesForWebCrypto?new Uint8Array(await ti.digest(t,r)):e.bytes(r)}}const oi={md5:ni("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let i;for(i=64;i<=e.length;i+=64)Wr(r,Yr(e.substring(i-64,i)));e=e.substring(i-64);const n=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(i=0;i>2]|=e.charCodeAt(i)<<(i%4<<3);if(n[i>>2]|=128<<(i%4<<3),i>55)for(Wr(r,n),i=0;i<16;i++)n[i]=0;return n[14]=8*t,Wr(r,n),r}(de.uint8ArrayToString(e));return de.hexToUint8Array(function(e){for(let t=0;tnew Uint8Array(a.update(e))))}(e,t,r,i);if(de.isAES(e))return function(e,t,r,i,n){if(de.getWebCrypto()&&24!==t.length&&!de.isStream(r)&&r.length>=3e3*n.minBytesForWebCrypto)return async function(e,t,r,i){const n="AES-CBC",a=await di.importKey("raw",t,{name:n},!1,["encrypt"]),{blockSize:s}=hi(e),o=de.concatUint8Array([new Uint8Array(s),r]),c=new Uint8Array(await di.encrypt({name:n,iv:i},a,o)).subarray(0,r.length);return function(e,t){for(let r=0;ra.aes.AES_Encrypt_process(e)),(()=>a.aes.AES_Encrypt_finish()))}(e,t,r,i,n);const s=new(hi(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=de.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;rnew Uint8Array(a.update(e))))}(e,t,r,i);if(de.isAES(e))return function(e,t,r,i){if(de.isStream(r)){const e=new ui(t,i);return X(r,(t=>e.aes.AES_Decrypt_process(t)),(()=>e.aes.AES_Decrypt_finish()))}return ui.decrypt(r,t,i)}(0,t,r,i);const a=new(hi(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=de.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r48)throw new Te("illegal counter size");let e=Math.pow(2,r)-1;i.set_mask(0,0,e/4294967296|0,0|e)}else r=48,i.set_mask(0,0,65535,4294967295);if(void 0===e)throw Error("nonce is required");{let t=e.length;if(!t||t>16)throw new Te("illegal nonce size");let r=new DataView(new ArrayBuffer(16));new Uint8Array(r.buffer).set(e),i.set_nonce(r.getUint32(0),r.getUint32(4),r.getUint32(8),r.getUint32(12))}if(void 0!==t){if(t<0||t>=Math.pow(2,r))throw new Te("illegal counter value");i.set_counter(0,0,t/4294967296|0,0|t)}}}class gi{static encrypt(e,t,r=!0,i){return new gi(t,i,r).encrypt(e)}static decrypt(e,t,r=!0,i){return new gi(t,i,r).decrypt(e)}constructor(e,t,r=!0,i){this.aes=i||new Oe(e,t,r,"CBC")}encrypt(e){return Ie(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return Ie(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}const mi=de.getWebCrypto(),wi=de.getNodeCrypto(),vi=16;function _i(e,t){const r=e.length-vi;for(let i=0;i>3),17+(u>>3)),8-(7&u)).subarray(1),l=new Uint8Array(Ti),p=new Uint8Array(t.length+qi);let y,b=0;for(y=0;y16)throw new Te("illegal tagSize value");const o=t.length||0,c=new Uint8Array(16);12!==o?(this._gcm_mac_process(t),s[0]=0,s[1]=0,s[2]=0,s[3]=0,s[4]=0,s[5]=0,s[6]=0,s[7]=0,s[8]=0,s[9]=0,s[10]=0,s[11]=o>>>29,s[12]=o>>>21&255,s[13]=o>>>13&255,s[14]=o>>>5&255,s[15]=o<<3&255,a.mac(Ce.MAC.GCM,Ce.HEAP_DATA,16),a.get_iv(Ce.HEAP_DATA),a.set_iv(0,0,0,0),c.set(s.subarray(0,16))):(c.set(t),c[15]=1);const u=new DataView(c.buffer);if(this.gamma0=u.getUint32(12),a.set_nonce(u.getUint32(0),u.getUint32(4),u.getUint32(8),0),a.set_mask(0,0,0,4294967295),void 0!==r){if(r.length>Wi)throw new Te("illegal adata length");r.length?(this.adata=r,this._gcm_mac_process(r)):this.adata=void 0}else this.adata=void 0;if(this.counter<1||this.counter>4294967295)throw new RangeError("counter must be a positive 32-bit integer");a.set_counter(0,0,0,this.gamma0+this.counter|0)}static encrypt(e,t,r,i,n){return new Gi(t,r,i,n).encrypt(e)}static decrypt(e,t,r,i,n){return new Gi(t,r,i,n).decrypt(e)}encrypt(e){return this.AES_GCM_encrypt(e)}decrypt(e){return this.AES_GCM_decrypt(e)}AES_GCM_Encrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.aes.pos,o=this.aes.len,c=0,u=o+r&-16,h=0;if((a-1<<4)+o+r>Wi)throw new RangeError("counter overflow");const d=new Uint8Array(u);for(;r>0;)h=Re(n,s+o,e,t,r),o+=h,t+=h,r-=h,h=i.cipher(Ce.ENC.CTR,Ce.HEAP_DATA+s,o),h=i.mac(Ce.MAC.GCM,Ce.HEAP_DATA+s,h),h&&d.set(n.subarray(s,s+h),c),a+=h>>>4,c+=h,h>>29,t[4]=u>>>21,t[5]=u>>>13&255,t[6]=u>>>5&255,t[7]=u<<3&255,t[8]=t[9]=t[10]=0,t[11]=h>>>29,t[12]=h>>>21&255,t[13]=h>>>13&255,t[14]=h>>>5&255,t[15]=h<<3&255,e.mac(Ce.MAC.GCM,Ce.HEAP_DATA,16),e.get_iv(Ce.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(Ce.ENC.CTR,Ce.HEAP_DATA,16),o.set(t.subarray(0,i),s),this.counter=1,this.aes.pos=0,this.aes.len=0,o}AES_GCM_Decrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.tagSize,o=this.aes.pos,c=this.aes.len,u=0,h=c+r>s?c+r-s&-16:0,d=c+r-h,f=0;if((a-1<<4)+c+r>Wi)throw new RangeError("counter overflow");const l=new Uint8Array(h);for(;r>d;)f=Re(n,o+c,e,t,r-d),c+=f,t+=f,r-=f,f=i.mac(Ce.MAC.GCM,Ce.HEAP_DATA+o,f),f=i.cipher(Ce.DEC.CTR,Ce.HEAP_DATA+o,f),f&&l.set(n.subarray(o,o+f),u),a+=f>>>4,u+=f,o=0,c=0;return r>0&&(c+=Re(n,0,e,t,r)),this.counter=a,this.aes.pos=o,this.aes.len=c,l}AES_GCM_Decrypt_finish(){let{asm:e,heap:t}=this.aes.acquire_asm(),r=this.tagSize,i=this.adata,n=this.counter,a=this.aes.pos,s=this.aes.len,o=s-r;if(s>>29,t[4]=d>>>21,t[5]=d>>>13&255,t[6]=d>>>5&255,t[7]=d<<3&255,t[8]=t[9]=t[10]=0,t[11]=f>>>29,t[12]=f>>>21&255,t[13]=f>>>13&255,t[14]=f>>>5&255,t[15]=f<<3&255,e.mac(Ce.MAC.GCM,Ce.HEAP_DATA,16),e.get_iv(Ce.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(Ce.ENC.CTR,Ce.HEAP_DATA,16);let l=0;for(let e=0;e0;){for(a=Re(r,0,e,i,n),i+=a,n-=a;15&a;)r[a++]=0;t.mac(Ce.MAC.GCM,Ce.HEAP_DATA,a)}}}const Vi=de.getWebCrypto(),$i=de.getNodeCrypto(),Zi=de.getNodeBuffer(),Xi=16,Yi="AES-GCM";async function Qi(e,t){if(e!==ue.symmetric.aes128&&e!==ue.symmetric.aes192&&e!==ue.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(de.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new $i.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=Zi.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new $i.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-Xi,e.length));const a=Zi.concat([n.update(e.slice(0,e.length-Xi)),n.final()]);return new Uint8Array(a)}};if(de.getWebCrypto()&&24!==t.length){const e=await Vi.importKey("raw",t,{name:Yi},!1,["encrypt","decrypt"]);return{encrypt:async function(r,i,n=new Uint8Array){if(!r.length)return Gi.encrypt(r,t,i,n);const a=await Vi.encrypt({name:Yi,iv:i,additionalData:n,tagLength:8*Xi},e,r);return new Uint8Array(a)},decrypt:async function(r,i,n=new Uint8Array){if(r.length===Xi)return Gi.decrypt(r,t,i,n);const a=await Vi.decrypt({name:Yi,iv:i,additionalData:n,tagLength:8*Xi},e,r);return new Uint8Array(a)}}}return{encrypt:async function(e,r,i){return Gi.encrypt(e,t,r,i)},decrypt:async function(e,r,i){return Gi.decrypt(e,t,r,i)}}}Qi.getNonce=function(e,t){const r=e.slice();for(let e=0;e>>8)-1}(e,t,r,i,32)}function p(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function y(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function b(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function g(e,r){var i,n,a,s=t(),o=t();for(i=0;i<16;i++)o[i]=r[i];for(y(o),y(o),y(o),n=0;n<2;n++){for(s[0]=o[0]-65517,i=1;i<15;i++)s[i]=o[i]-65535-(s[i-1]>>16&1),s[i-1]&=65535;s[15]=o[15]-32767-(s[14]>>16&1),a=s[15]>>16&1,s[14]&=65535,b(o,s,1-a)}for(i=0;i<16;i++)e[2*i]=255&o[i],e[2*i+1]=o[i]>>8}function m(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return g(r,e),g(i,t),l(r,0,i,0)}function w(e){var t=new Uint8Array(32);return g(t,e),1&t[0]}function v(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function _(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function k(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function A(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0,U=0,R=0,I=0,B=0,T=r[0],z=r[1],q=r[2],F=r[3],O=r[4],L=r[5],N=r[6],j=r[7],H=r[8],W=r[9],G=r[10],V=r[11],$=r[12],Z=r[13],X=r[14],Y=r[15];a+=(i=t[0])*T,s+=i*z,o+=i*q,c+=i*F,u+=i*O,h+=i*L,d+=i*N,f+=i*j,l+=i*H,p+=i*W,y+=i*G,b+=i*V,g+=i*$,m+=i*Z,w+=i*X,v+=i*Y,s+=(i=t[1])*T,o+=i*z,c+=i*q,u+=i*F,h+=i*O,d+=i*L,f+=i*N,l+=i*j,p+=i*H,y+=i*W,b+=i*G,g+=i*V,m+=i*$,w+=i*Z,v+=i*X,_+=i*Y,o+=(i=t[2])*T,c+=i*z,u+=i*q,h+=i*F,d+=i*O,f+=i*L,l+=i*N,p+=i*j,y+=i*H,b+=i*W,g+=i*G,m+=i*V,w+=i*$,v+=i*Z,_+=i*X,k+=i*Y,c+=(i=t[3])*T,u+=i*z,h+=i*q,d+=i*F,f+=i*O,l+=i*L,p+=i*N,y+=i*j,b+=i*H,g+=i*W,m+=i*G,w+=i*V,v+=i*$,_+=i*Z,k+=i*X,A+=i*Y,u+=(i=t[4])*T,h+=i*z,d+=i*q,f+=i*F,l+=i*O,p+=i*L,y+=i*N,b+=i*j,g+=i*H,m+=i*W,w+=i*G,v+=i*V,_+=i*$,k+=i*Z,A+=i*X,S+=i*Y,h+=(i=t[5])*T,d+=i*z,f+=i*q,l+=i*F,p+=i*O,y+=i*L,b+=i*N,g+=i*j,m+=i*H,w+=i*W,v+=i*G,_+=i*V,k+=i*$,A+=i*Z,S+=i*X,E+=i*Y,d+=(i=t[6])*T,f+=i*z,l+=i*q,p+=i*F,y+=i*O,b+=i*L,g+=i*N,m+=i*j,w+=i*H,v+=i*W,_+=i*G,k+=i*V,A+=i*$,S+=i*Z,E+=i*X,P+=i*Y,f+=(i=t[7])*T,l+=i*z,p+=i*q,y+=i*F,b+=i*O,g+=i*L,m+=i*N,w+=i*j,v+=i*H,_+=i*W,k+=i*G,A+=i*V,S+=i*$,E+=i*Z,P+=i*X,x+=i*Y,l+=(i=t[8])*T,p+=i*z,y+=i*q,b+=i*F,g+=i*O,m+=i*L,w+=i*N,v+=i*j,_+=i*H,k+=i*W,A+=i*G,S+=i*V,E+=i*$,P+=i*Z,x+=i*X,M+=i*Y,p+=(i=t[9])*T,y+=i*z,b+=i*q,g+=i*F,m+=i*O,w+=i*L,v+=i*N,_+=i*j,k+=i*H,A+=i*W,S+=i*G,E+=i*V,P+=i*$,x+=i*Z,M+=i*X,K+=i*Y,y+=(i=t[10])*T,b+=i*z,g+=i*q,m+=i*F,w+=i*O,v+=i*L,_+=i*N,k+=i*j,A+=i*H,S+=i*W,E+=i*G,P+=i*V,x+=i*$,M+=i*Z,K+=i*X,C+=i*Y,b+=(i=t[11])*T,g+=i*z,m+=i*q,w+=i*F,v+=i*O,_+=i*L,k+=i*N,A+=i*j,S+=i*H,E+=i*W,P+=i*G,x+=i*V,M+=i*$,K+=i*Z,C+=i*X,D+=i*Y,g+=(i=t[12])*T,m+=i*z,w+=i*q,v+=i*F,_+=i*O,k+=i*L,A+=i*N,S+=i*j,E+=i*H,P+=i*W,x+=i*G,M+=i*V,K+=i*$,C+=i*Z,D+=i*X,U+=i*Y,m+=(i=t[13])*T,w+=i*z,v+=i*q,_+=i*F,k+=i*O,A+=i*L,S+=i*N,E+=i*j,P+=i*H,x+=i*W,M+=i*G,K+=i*V,C+=i*$,D+=i*Z,U+=i*X,R+=i*Y,w+=(i=t[14])*T,v+=i*z,_+=i*q,k+=i*F,A+=i*O,S+=i*L,E+=i*N,P+=i*j,x+=i*H,M+=i*W,K+=i*G,C+=i*V,D+=i*$,U+=i*Z,R+=i*X,I+=i*Y,v+=(i=t[15])*T,s+=38*(k+=i*q),o+=38*(A+=i*F),c+=38*(S+=i*O),u+=38*(E+=i*L),h+=38*(P+=i*N),d+=38*(x+=i*j),f+=38*(M+=i*H),l+=38*(K+=i*W),p+=38*(C+=i*G),y+=38*(D+=i*V),b+=38*(U+=i*$),g+=38*(R+=i*Z),m+=38*(I+=i*X),w+=38*(B+=i*Y),a=(i=(a+=38*(_+=i*z))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=d,e[7]=f,e[8]=l,e[9]=p,e[10]=y,e[11]=b,e[12]=g,e[13]=m,e[14]=w,e[15]=v}function S(e,t){A(e,t,t)}function E(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=253;i>=0;i--)S(n,n),2!==i&&4!==i&&A(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}function P(e,r,i){var n,a,o=new Uint8Array(32),c=new Float64Array(80),u=t(),h=t(),d=t(),f=t(),l=t(),p=t();for(a=0;a<31;a++)o[a]=r[a];for(o[31]=127&r[31]|64,o[0]&=248,v(c,i),a=0;a<16;a++)h[a]=c[a],f[a]=u[a]=d[a]=0;for(u[0]=f[0]=1,a=254;a>=0;--a)b(u,h,n=o[a>>>3]>>>(7&a)&1),b(d,f,n),_(l,u,d),k(u,u,d),_(d,h,f),k(h,h,f),S(f,l),S(p,u),A(u,d,u),A(d,h,l),_(l,u,d),k(u,u,d),S(h,u),k(d,f,p),A(u,d,s),_(u,u,f),A(d,d,u),A(u,f,p),A(f,h,c),S(h,l),b(u,h,n),b(d,f,n);for(a=0;a<16;a++)c[a+16]=u[a],c[a+32]=d[a],c[a+48]=h[a],c[a+64]=f[a];var y=c.subarray(32),m=c.subarray(16);return E(y,y),A(m,m,y),g(e,m),0}function x(e,t){return P(e,t,i)}function M(e,r){var i=t(),n=t(),a=t(),s=t(),o=t(),u=t(),h=t(),d=t(),f=t();k(i,e[1],e[0]),k(f,r[1],r[0]),A(i,i,f),_(n,e[0],e[1]),_(f,r[0],r[1]),A(n,n,f),A(a,e[3],r[3]),A(a,a,c),A(s,e[2],r[2]),_(s,s,s),k(o,n,i),k(u,s,a),_(h,s,a),_(d,n,i),A(e[0],o,u),A(e[1],d,h),A(e[2],h,u),A(e[3],o,d)}function K(e,t,r){var i;for(i=0;i<4;i++)b(e[i],t[i],r)}function C(e,r){var i=t(),n=t(),a=t();E(a,r[2]),A(i,r[0],a),A(n,r[1],a),g(e,n),e[31]^=w(i)<<7}function D(e,t,r){var i,s;for(p(e[0],n),p(e[1],a),p(e[2],a),p(e[3],n),s=255;s>=0;--s)K(e,t,i=r[s/8|0]>>(7&s)&1),M(t,e),M(e,e),K(e,t,i)}function U(e,r){var i=[t(),t(),t(),t()];p(i[0],u),p(i[1],h),p(i[2],a),A(i[3],u,h),D(e,i,r)}function R(i,n,a){var s,o,c=[t(),t(),t(),t()];for(a||r(n,32),(s=e.hash(n.subarray(0,32)))[0]&=248,s[31]&=127,s[31]|=64,U(c,s),C(i,c),o=0;o<32;o++)n[o+32]=i[o];return 0}var I=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function B(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n>4)*I[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*I[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function T(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;B(e,r)}function z(e,r){var i=t(),s=t(),c=t(),u=t(),h=t(),d=t(),l=t();return p(e[2],a),v(e[1],r),S(c,e[1]),A(u,c,o),k(c,c,e[2]),_(u,e[2],u),S(h,u),S(d,h),A(l,d,h),A(i,l,c),A(i,i,u),function(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=250;i>=0;i--)S(n,n),1!==i&&A(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}(i,i),A(i,i,c),A(i,i,u),A(i,i,u),A(e[0],i,u),S(s,e[0]),A(s,s,u),m(s,c)&&A(e[0],e[0],f),S(s,e[0]),A(s,s,u),m(s,c)?-1:(w(e[0])===r[31]>>7&&k(e[0],n,e[0]),A(e[3],e[0],e[1]),0)}var q=64;function F(){for(var e=0;e=0},e.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return R(e,t),{publicKey:e,secretKey:t}},e.sign.keyPair.fromSecretKey=function(e){if(F(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;re&&(c.imod(a.leftShift(n)).iadd(a),u=c.mod(s).toNumber())}while(!await on(c,t,r));return c}async function on(e,t,r){return!(t&&!e.dec().gcd(t).isOne())&&(!!await async function(e){const t=await de.getBigInteger();return cn.every((r=>0!==e.mod(new t(r))))}(e)&&(!!await async function(e,t){const r=await de.getBigInteger();return t=t||new r(2),t.modExp(e.dec(),e).isOne()}(e)&&!!await async function(e,t,r){const i=await de.getBigInteger(),n=e.bitLength();t||(t=Math.max(1,n/48|0));const a=e.dec();let s=0;for(;!a.getBit(s);)s++;const o=e.rightShift(new i(s));for(;t>0;t--){let t,n=(r?r():await nn(new i(2),a)).modExp(o,e);if(!n.isOne()&&!n.equal(a)){for(t=1;tt-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!i;if(t)return de.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}async function fn(e,t,r){let i;if(t.length!==ci.getHashByteLength(e))throw Error("Invalid hash length");const n=new Uint8Array(un[e].length);for(i=0;i{yn.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(gn.decode(n,"der"))}))}));return{n:i.modulus.toArrayLike(Uint8Array),e:i.publicExponent.toArrayLike(Uint8Array),d:i.privateExponent.toArrayLike(Uint8Array),p:i.prime2.toArrayLike(Uint8Array),q:i.prime1.toArrayLike(Uint8Array),u:i.coefficient.toArrayLike(Uint8Array)}}let r,i,n;do{i=await sn(e-(e>>1),t,40),r=await sn(e>>1,t,40),n=r.mul(i)}while(n.bitLength()!==e);const a=r.dec().imul(i.dec());return i.lt(r)&&([r,i]=[i,r]),{n:n.toUint8Array(),e:t.toUint8Array(),d:t.modInv(a).toUint8Array(),p:r.toUint8Array(),q:i.toUint8Array(),u:r.modInv(i).toUint8Array()}},validateParams:async function(e,t,r,i,n,a){const s=await de.getBigInteger();if(e=new s(e),i=new s(i),n=new s(n),!i.mul(n).equal(e))return!1;const o=new s(2);if(a=new s(a),!i.mul(a).mod(n).isOne())return!1;t=new s(t),r=new s(r);const c=new s(Math.floor(e.bitLength()/3)),u=await nn(o,o.leftShift(c)),h=u.mul(r).mul(t);return!(!h.mod(i.dec()).equal(u)||!h.mod(n.dec()).equal(u))}});var vn=/*#__PURE__*/Object.freeze({__proto__:null,encrypt:async function(e,t,r,i){const n=await de.getBigInteger();t=new n(t),r=new n(r),i=new n(i);const a=new n(hn(e,t.byteLength())),s=await nn(new n(1),t.dec());return{c1:r.modExp(s,t).toUint8Array(),c2:i.modExp(s,t).imul(a).imod(t).toUint8Array()}},decrypt:async function(e,t,r,i,n){const a=await de.getBigInteger();return e=new a(e),t=new a(t),r=new a(r),i=new a(i),dn(e.modExp(i,r).modInv(r).imul(t).imod(r).toUint8Array("be",r.byteLength()),n)},validateParams:async function(e,t,r,i){const n=await de.getBigInteger();e=new n(e),t=new n(t),r=new n(r);const a=new n(1);if(t.lte(a)||t.gte(e))return!1;const s=new n(e.bitLength()),o=new n(1023);if(s.lt(o))return!1;if(!t.modExp(e.dec(),e).isOne())return!1;let c=t;const u=new n(1),h=new n(2).leftShift(new n(17));for(;u.lt(h);){if(c=c.mul(t).imod(e),c.isOne())return!1;u.iinc()}i=new n(i);const d=new n(2),f=await nn(d.leftShift(s.dec()),d.leftShift(s)),l=e.dec().imul(f).iadd(i);return!!r.equal(t.modExp(l,e))}});class _n{constructor(e){if(e instanceof _n)this.oid=e.oid;else if(de.isArray(e)||de.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return de.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return de.uint8ArrayToHex(this.oid)}getName(){const e=this.toHex();if(ue.curve[e])return ue.write(ue.curve,e);throw Error("Unknown curve object identifier.")}}function kn(e,t){return e.keyPair({priv:t})}function An(e,t){const r=e.keyPair({pub:t});if(!0!==r.validate().result)throw Error("Invalid elliptic public key");return r}async function Sn(e){if(!we.useIndutnyElliptic)throw Error("This curve is only supported in the full build of OpenPGP.js");const{default:t}=await Promise.resolve().then((function(){return mb}));return new t.ec(e)}function En(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=de.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Pn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):de.concatUint8Array([new Uint8Array([255]),de.writeNumber(e,4)])}function xn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Mn(e){return new Uint8Array([192|e])}function Kn(e,t){return de.concatUint8Array([Mn(e),Pn(t)])}function Cn(e){return[ue.packet.literalData,ue.packet.compressedData,ue.packet.symmetricallyEncryptedData,ue.packet.symEncryptedIntegrityProtectedData,ue.packet.aeadEncryptedData].includes(e)}async function Dn(e,t){const r=W(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||0==(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await r.readByte();let o,c,u=-1,h=-1;h=0,0!=(64&s)&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const d=Cn(u);let f,l=null;if(d){if("array"===de.isStream(e)){const e=new v;i=G(e),l=e}else{const e=new F;i=G(e.writable),l=e.readable}n=t({tag:u,packet:l})}else l=[];do{if(h){const e=await r.readByte();if(f=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),f=!0,!d)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const a=o===1/0?n:n.subarray(0,o-e);if(i?await i.write(a):l.push(a),e+=n.length,e>=o){r.unshift(n.subarray(o-e+n.length));break}}}}while(f);const p=await r.peekBytes(d?1/0:2);return i?(await i.ready,await i.close()):(l=de.concatUint8Array(l),await t({tag:u,packet:l})),!p||!p.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Un extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Un),this.name="UnsupportedError"}}class Rn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}const In=de.getWebCrypto(),Bn=de.getNodeCrypto(),Tn={p256:"P-256",p384:"P-384",p521:"P-521"},zn=Bn?Bn.getCurves():[],qn=Bn?{secp256k1:zn.includes("secp256k1")?"secp256k1":void 0,p256:zn.includes("prime256v1")?"prime256v1":void 0,p384:zn.includes("secp384r1")?"secp384r1":void 0,p521:zn.includes("secp521r1")?"secp521r1":void 0,ed25519:zn.includes("ED25519")?"ED25519":void 0,curve25519:zn.includes("X25519")?"X25519":void 0,brainpoolP256r1:zn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,brainpoolP384r1:zn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,brainpoolP512r1:zn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Fn={p256:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha256,cipher:ue.symmetric.aes128,node:qn.p256,web:Tn.p256,payloadSize:32,sharedSize:256},p384:{oid:[6,5,43,129,4,0,34],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha384,cipher:ue.symmetric.aes192,node:qn.p384,web:Tn.p384,payloadSize:48,sharedSize:384},p521:{oid:[6,5,43,129,4,0,35],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha512,cipher:ue.symmetric.aes256,node:qn.p521,web:Tn.p521,payloadSize:66,sharedSize:528},secp256k1:{oid:[6,5,43,129,4,0,10],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha256,cipher:ue.symmetric.aes128,node:qn.secp256k1,payloadSize:32},ed25519:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:ue.publicKey.eddsaLegacy,hash:ue.hash.sha512,node:!1,payloadSize:32},curve25519:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:ue.publicKey.ecdh,hash:ue.hash.sha256,cipher:ue.symmetric.aes128,node:!1,payloadSize:32},brainpoolP256r1:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha256,cipher:ue.symmetric.aes128,node:qn.brainpoolP256r1,payloadSize:32},brainpoolP384r1:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha384,cipher:ue.symmetric.aes192,node:qn.brainpoolP384r1,payloadSize:48},brainpoolP512r1:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:ue.publicKey.ecdsa,hash:ue.hash.sha512,cipher:ue.symmetric.aes256,node:qn.brainpoolP512r1,payloadSize:64}};class On{constructor(e,t){try{(de.isArray(e)||de.isUint8Array(e))&&(e=new _n(e)),e instanceof _n&&(e=e.getName()),this.name=ue.write(ue.curve,e)}catch(e){throw new Un("Unknown curve")}t=t||Fn[this.name],this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node&&Fn[this.name],this.web=t.web&&Fn[this.name],this.payloadSize=t.payloadSize,this.web&&de.getWebCrypto()?this.type="web":this.node&&de.getNodeCrypto()?this.type="node":"curve25519"===this.name?this.type="curve25519":"ed25519"===this.name&&(this.type="ed25519")}async genKeyPair(){let e;switch(this.type){case"web":try{return await async function(e){const t=await In.generateKey({name:"ECDSA",namedCurve:Tn[e]},!0,["sign","verify"]),r=await In.exportKey("jwk",t.privateKey),i=await In.exportKey("jwk",t.publicKey);return{publicKey:Nn(i),privateKey:ge(r.d)}}(this.name)}catch(e){de.printDebugError("Browser did not support generating ec key "+e.message);break}case"node":return async function(e){const t=Bn.createECDH(qn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519":{const t=rn(32);t[0]=127&t[0]|64,t[31]&=248;const r=t.slice().reverse();e=en.box.keyPair.fromSecretKey(r);return{publicKey:de.concatUint8Array([new Uint8Array([64]),e.publicKey]),privateKey:t}}case"ed25519":{const e=rn(32),t=en.sign.keyPair.fromSeed(e);return{publicKey:de.concatUint8Array([new Uint8Array([64]),t.publicKey]),privateKey:e}}}const t=await Sn(this.name);return e=await t.genKeyPair({entropy:de.uint8ArrayToString(rn(32))}),{publicKey:new Uint8Array(e.getPublic("array",!1)),privateKey:e.getPrivate().toArrayLike(Uint8Array)}}}async function Ln(e,t,r,i){const n={p256:!0,p384:!0,p521:!0,secp256k1:!0,curve25519:e===ue.publicKey.ecdh,brainpoolP256r1:!0,brainpoolP384r1:!0,brainpoolP512r1:!0},a=t.getName();if(!n[a])return!1;if("curve25519"===a){i=i.slice().reverse();const{publicKey:e}=en.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!de.equalsUint8Array(t,r)}const s=await Sn(a);try{r=An(s,r).getPublic()}catch(e){return!1}return!!kn(s,i).getPublic().eq(r)}function Nn(e){const t=ge(e.x),r=ge(e.y),i=new Uint8Array(t.length+r.length+1);return i[0]=4,i.set(t,1),i.set(r,t.length+1),i}function jn(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:me(n,!0),y:me(a,!0),ext:!0}}function Hn(e,t,r,i){const n=jn(e,t,r);return n.d=me(i,!0),n}const Wn=de.getWebCrypto(),Gn=de.getNodeCrypto();async function Vn(e,t,r,i,n,a){const s=new On(e);if(r&&!de.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Hn(e.payloadSize,Tn[e.name],i.publicKey,i.privateKey),s=await Wn.importKey("jwk",a,{name:"ECDSA",namedCurve:Tn[e.name],hash:{name:ue.read(ue.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Wn.sign({name:"ECDSA",namedCurve:Tn[e.name],hash:{name:ue.read(ue.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;de.printDebugError("Browser did not support signing: "+e.message)}break;case"node":{const i=await async function(e,t,r,i){const n=Gn.createSign(ue.read(ue.hash,t));n.write(r),n.end();const a=Yn.encode({version:1,parameters:e.oid,privateKey:Array.from(i.privateKey),publicKey:{unused:0,data:Array.from(i.publicKey)}},"pem",{label:"EC PRIVATE KEY"});return Xn.decode(n.sign(a),"der")}(s,t,r,e);return{r:i.r.toArrayLike(Uint8Array),s:i.s.toArrayLike(Uint8Array)}}}}return async function(e,t,r){const i=await Sn(e.name),n=kn(i,r),a=n.sign(t);return{r:a.r.toArrayLike(Uint8Array),s:a.s.toArrayLike(Uint8Array)}}(s,a,n)}async function $n(e,t,r,i,n,a){const s=new On(e);if(i&&!de.isStream(i))switch(s.type){case"web":try{return await async function(e,t,{r,s:i},n,a){const s=jn(e.payloadSize,Tn[e.name],a),o=await Wn.importKey("jwk",s,{name:"ECDSA",namedCurve:Tn[e.name],hash:{name:ue.read(ue.webHash,e.hash)}},!1,["verify"]),c=de.concatUint8Array([r,i]).buffer;return Wn.verify({name:"ECDSA",namedCurve:Tn[e.name],hash:{name:ue.read(ue.webHash,t)}},o,c,n)}(s,t,r,i,n)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;de.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":return async function(e,t,{r,s:i},n,a){const{default:s}=await Promise.resolve().then((function(){return Jp})),o=Gn.createVerify(ue.read(ue.hash,t));o.write(n),o.end();const c=Jn.encode({algorithm:{algorithm:[1,2,840,10045,2,1],parameters:e.oid},subjectPublicKey:{unused:0,data:Array.from(a)}},"pem",{label:"PUBLIC KEY"}),u=Xn.encode({r:new s(r),s:new s(i)},"der");try{return o.verify(c,u)}catch(e){return!1}}(s,t,r,i,n)}return async function(e,t,r,i){const n=await Sn(e.name),a=An(n,i);return a.verify(r,t)}(s,r,void 0===t?i:a,n)}const Zn=Gn?y.default:void 0,Xn=Gn?Zn.define("ECDSASignature",(function(){this.seq().obj(this.key("r").int(),this.key("s").int())})):void 0,Yn=Gn?Zn.define("ECPrivateKey",(function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").explicit(0).optional().any(),this.key("publicKey").explicit(1).optional().bitstr())})):void 0,Qn=Gn?Zn.define("AlgorithmIdentifier",(function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional().any())})):void 0,Jn=Gn?Zn.define("SubjectPublicKeyInfo",(function(){this.seq().obj(this.key("algorithm").use(Qn),this.key("subjectPublicKey").bitstr())})):void 0;var ea=/*#__PURE__*/Object.freeze({__proto__:null,sign:Vn,verify:$n,validateParams:async function(e,t,r){const i=new On(e);if(i.keyType!==ue.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=rn(8),n=ue.hash.sha256,a=await ci.digest(n,i);try{const s=await Vn(e,n,i,t,r,a);return await $n(e,n,s,i,t,a)}catch(e){return!1}}default:return Ln(ue.publicKey.ecdsa,e,t,r)}}});en.hash=e=>new Uint8Array(yr().update(e).digest());var ta=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){if(ci.getHashByteLength(t)new Uint8Array(yr().update(e).digest());var ia=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===ue.publicKey.ed25519){const e=rn(32),{publicKey:t}=en.sign.keyPair.fromSeed(e);return{A:t,seed:e}}throw Error("Unsupported EdDSA algorithm")},sign:async function(e,t,r,i,n,a){if(ci.getHashByteLength(t)=0;--e)for(let t=o-1;t>=0;--t)c[1]=o*e+(t+1),u[0]=a[0]^c[0],u[1]=a[1]^c[1],u[2]=s[2*t],u[3]=s[2*t+1],u=sa(r.decrypt(oa(u))),a=u.subarray(0,2),s[2*t]=u[2],s[2*t+1]=u[3];if(a[0]===i[0]&&a[1]===i[1])return oa(s);throw Error("Key Data Integrity failed")}function sa(e){const{length:t}=e,r=function(e){if(de.isString(e)){const{length:t}=e,r=new ArrayBuffer(t),i=new Uint8Array(r);for(let r=0;r0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(de.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var da=/*#__PURE__*/Object.freeze({__proto__:null,encode:ua,decode:ha});const fa=de.getWebCrypto(),la=de.getNodeCrypto();function pa(e,t,r,i){return de.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),de.stringToUint8Array("Anonymous Sender "),i.subarray(0,20)])}async function ya(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await ci.digest(e,de.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function ba(e,t){switch(e.type){case"curve25519":{const r=rn(32),{secretKey:i,sharedKey:n}=await ga(e,t,null,r);let{publicKey:a}=en.box.keyPair.fromSecretKey(i);return a=de.concatUint8Array([new Uint8Array([64]),a]),{publicKey:a,sharedKey:n}}case"web":if(e.web&&de.getWebCrypto())try{return await async function(e,t){const r=jn(e.payloadSize,e.web.web,t);let i=fa.generateKey({name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]),n=fa.importKey("jwk",r,{name:"ECDH",namedCurve:e.web.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=fa.deriveBits({name:"ECDH",namedCurve:e.web.web,public:n},i.privateKey,e.web.sharedSize),s=fa.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(Nn(s));return{publicKey:c,sharedKey:o}}(e,t)}catch(e){de.printDebugError(e)}break;case"node":return async function(e,t){const r=la.createECDH(e.node.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t)),n=new Uint8Array(r.getPublicKey());return{publicKey:n,sharedKey:i}}(e,t)}return async function(e,t){const r=await Sn(e.name),i=await e.genKeyPair();t=An(r,t);const n=kn(r,i.privateKey),a=i.publicKey,s=n.derive(t.getPublic()),o=r.curve.p.byteLength(),c=s.toArrayLike(Uint8Array,"be",o);return{publicKey:a,sharedKey:c}}(e,t)}async function ga(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519":{const e=i.slice().reverse();return{secretKey:e,sharedKey:en.scalarMult(e,t.subarray(1))}}case"web":if(e.web&&de.getWebCrypto())try{return await async function(e,t,r,i){const n=Hn(e.payloadSize,e.web.web,r,i);let a=fa.importKey("jwk",n,{name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]);const s=jn(e.payloadSize,e.web.web,t);let o=fa.importKey("jwk",s,{name:"ECDH",namedCurve:e.web.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=fa.deriveBits({name:"ECDH",namedCurve:e.web.web,public:o},a,e.web.sharedSize),u=fa.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:ge(u.d),sharedKey:h}}(e,t,r,i)}catch(e){de.printDebugError(e)}break;case"node":return async function(e,t,r){const i=la.createECDH(e.node.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i)}return async function(e,t,r){const i=await Sn(e.name);t=An(i,t),r=kn(i,r);const n=new Uint8Array(r.getPrivate()),a=r.derive(t.getPublic()),s=i.curve.p.byteLength(),o=a.toArrayLike(Uint8Array,"be",s);return{secretKey:n,sharedKey:o}}(e,t,i)}var ma=/*#__PURE__*/Object.freeze({__proto__:null,validateParams:async function(e,t,r){return Ln(ue.publicKey.ecdh,e,t,r)},encrypt:async function(e,t,r,i,n){const a=ua(r),s=new On(e),{publicKey:o,sharedKey:c}=await ba(s,i),u=pa(ue.publicKey.ecdh,e,t,n),{keySize:h}=hi(t.cipher);return{publicKey:o,wrappedKey:na(await ya(t.hash,c,h,u),a)}},decrypt:async function(e,t,r,i,n,a,s){const o=new On(e),{sharedKey:c}=await ga(o,r,n,a),u=pa(ue.publicKey.ecdh,e,t,s),{keySize:h}=hi(t.cipher);let d;for(let e=0;e<3;e++)try{return ha(aa(await ya(t.hash,c,h,u,1===e,2===e),i))}catch(e){d=e}throw d}});const wa=de.getWebCrypto(),va=de.getNodeCrypto(),_a=va&&va.webcrypto&&va.webcrypto.subtle;async function ka(e,t,r,i,n){const a=ue.read(ue.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");if(wa||_a){const e=wa||_a,s=await e.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await e.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}if(va){const a=ue.read(ue.hash,e),s=(e,t)=>va.createHmac(a,e).update(t).digest(),o=s(r,t),c=o.length,u=Math.ceil(n/c),h=new Uint8Array(u*c),d=new Uint8Array(c+i.length+1);d.set(i,c);for(let e=0;e0?d:d.subarray(c));d.set(t,0),h.set(t,e*c)}return h.subarray(0,n)}throw Error("No HKDF implementation available")}const Aa={x25519:de.encodeUTF8("OpenPGP X25519")};var Sa=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===ue.publicKey.x25519){const e=rn(32),{publicKey:t}=en.box.keyPair.fromSecretKey(e);return{A:t,k:e}}throw Error("Unsupported ECDH algorithm")},validateParams:async function(e,t,r){if(e===ue.publicKey.x25519){const{publicKey:e}=en.box.keyPair.fromSecretKey(r);return de.equalsUint8Array(t,e)}return!1},encrypt:async function(e,t,r){if(e===ue.publicKey.x25519){const e=rn(32),i=en.scalarMult(e,r),{publicKey:n}=en.box.keyPair.fromSecretKey(e),a=de.concatUint8Array([n,r,i]),{keySize:s}=hi(ue.symmetric.aes128);return{ephemeralPublicKey:n,wrappedKey:na(await ka(ue.hash.sha256,a,new Uint8Array,Aa.x25519,s),t)}}throw Error("Unsupported ECDH algorithm")},decrypt:async function(e,t,r,i,n){if(e===ue.publicKey.x25519){const e=en.scalarMult(n,t),a=de.concatUint8Array([t,i,e]),{keySize:s}=hi(ue.symmetric.aes128);return aa(await ka(ue.hash.sha256,a,new Uint8Array,Aa.x25519,s),r)}throw Error("Unsupported ECDH algorithm")}}),Ea=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:On,ecdh:ma,ecdhX:Sa,ecdsa:ea,eddsaLegacy:ta,eddsa:ia,generate:async function(e){const t=await de.getBigInteger();e=new On(e);const r=await e.genKeyPair(),i=new t(r.publicKey).toUint8Array(),n=new t(r.privateKey).toUint8Array("be",e.payloadSize);return{oid:e.oid,Q:i,secret:n,hash:e.hash,cipher:e.cipher}},getPreferredHashAlgo:function(e){return Fn[ue.write(ue.curve,e.toHex())].hash}});var Pa=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){const s=await de.getBigInteger(),o=new s(1);let c,u,h,d;i=new s(i),n=new s(n),r=new s(r),a=new s(a),r=r.mod(i),a=a.mod(n);const f=new s(t.subarray(0,n.byteLength())).mod(n);for(;;){if(c=await nn(o,n),u=r.modExp(c,i).imod(n),u.isZero())continue;const e=a.mul(u).imod(n);if(d=f.add(e).imod(n),h=c.modInv(n).imul(d).imod(n),!h.isZero())break}return{r:u.toUint8Array("be",n.byteLength()),s:h.toUint8Array("be",n.byteLength())}},verify:async function(e,t,r,i,n,a,s,o){const c=await de.getBigInteger(),u=new c(0);if(t=new c(t),r=new c(r),a=new c(a),s=new c(s),n=new c(n),o=new c(o),t.lte(u)||t.gte(s)||r.lte(u)||r.gte(s))return de.printDebug("invalid DSA Signature"),!1;const h=new c(i.subarray(0,s.byteLength())).imod(s),d=r.modInv(s);if(d.isZero())return de.printDebug("invalid DSA Signature"),!1;n=n.mod(a),o=o.mod(a);const f=h.mul(d).imod(s),l=t.mul(d).imod(s),p=n.modExp(f,a),y=o.modExp(l,a);return p.mul(y).imod(a).imod(s).equal(t)},validateParams:async function(e,t,r,i,n){const a=await de.getBigInteger();e=new a(e),t=new a(t),r=new a(r),i=new a(i);const s=new a(1);if(r.lte(s)||r.gte(e))return!1;if(!e.dec().mod(t).isZero())return!1;if(!r.modExp(t,e).isOne())return!1;const o=new a(t.bitLength()),c=new a(150);if(o.lt(c)||!await on(t,null,32))return!1;n=new a(n);const u=new a(2),h=await nn(u.leftShift(o.dec()),u.leftShift(o)),d=t.mul(h).add(n);return!!i.equal(r.modExp(d,e))}}),xa={rsa:wn,elgamal:vn,elliptic:Ea,dsa:Pa,nacl:en};var Ma=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaSign:return{s:de.readMPI(t.subarray(r))};case ue.publicKey.dsa:case ue.publicKey.ecdsa:{const e=de.readMPI(t.subarray(r));r+=e.length+2;return{r:e,s:de.readMPI(t.subarray(r))}}case ue.publicKey.eddsaLegacy:{let e=de.readMPI(t.subarray(r));r+=e.length+2,e=de.leftPad(e,32);let i=de.readMPI(t.subarray(r));return i=de.leftPad(i,32),{r:e,s:i}}case ue.publicKey.ed25519:{const e=t.subarray(r,r+64);return r+=e.length,{RS:e}}default:throw new Un("Unknown signature algorithm.")}},verify:async function(e,t,r,i,n,a){switch(e){case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaSign:{const{n:e,e:s}=i,o=de.leftPad(r.s,e.length);return xa.rsa.verify(t,n,o,e,s,a)}case ue.publicKey.dsa:{const{g:e,p:n,q:s,y:o}=i,{r:c,s:u}=r;return xa.dsa.verify(t,c,u,a,e,n,s,o)}case ue.publicKey.ecdsa:{const{oid:e,Q:s}=i,o=new xa.elliptic.CurveWithOID(e).payloadSize,c=de.leftPad(r.r,o),u=de.leftPad(r.s,o);return xa.elliptic.ecdsa.verify(e,t,{r:c,s:u},n,s,a)}case ue.publicKey.eddsaLegacy:{const{oid:e,Q:s}=i;return xa.elliptic.eddsaLegacy.verify(e,t,r,n,s,a)}case ue.publicKey.ed25519:{const{A:s}=i;return xa.elliptic.eddsa.verify(e,t,r,n,s,a)}default:throw Error("Unknown signature algorithm.")}},sign:async function(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await xa.rsa.sign(t,n,e,s,o,c,u,h,a)}}case ue.publicKey.dsa:{const{g:e,p:n,q:s}=r,{x:o}=i;return xa.dsa.sign(t,a,e,n,s,o)}case ue.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case ue.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return xa.elliptic.ecdsa.sign(e,t,n,s,o,a)}case ue.publicKey.eddsaLegacy:{const{oid:e,Q:s}=r,{seed:o}=i;return xa.elliptic.eddsaLegacy.sign(e,t,n,s,o,a)}case ue.publicKey.ed25519:{const{A:s}=r,{seed:o}=i;return xa.elliptic.eddsa.sign(e,t,n,s,o,a)}default:throw Error("Unknown signature algorithm.")}}});class Ka{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return de.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ca{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Un("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class Da{static fromObject({wrappedKey:e,algorithm:t}){const r=new Da;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=e.subarray(t,t+r),t+=r}write(){return de.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function Ua(e){try{e.getName()}catch(e){throw new Un("Unknown curve OID")}}var Ra=/*#__PURE__*/Object.freeze({__proto__:null,publicKeyEncrypt:async function(e,t,r,i,n){switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await xa.rsa.encrypt(i,e,t)}}case ue.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return xa.elgamal.encrypt(i,e,t,n)}case ue.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:a}=r,{publicKey:s,wrappedKey:o}=await xa.elliptic.ecdh.encrypt(e,a,i,t,n);return{V:s,C:new Ka(o)}}case ue.publicKey.x25519:{if(!de.isAES(t))throw Error("X25519 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:a,wrappedKey:s}=await xa.elliptic.ecdhX.encrypt(e,i,n);return{ephemeralPublicKey:a,C:Da.fromObject({algorithm:t,wrappedKey:s})}}default:return[]}},publicKeyDecrypt:async function(e,t,r,i,n,a){switch(e){case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return xa.rsa.decrypt(e,n,s,o,c,u,h,a)}case ue.publicKey.elgamal:{const{c1:e,c2:n}=i,s=t.p,o=r.x;return xa.elgamal.decrypt(e,n,s,o,a)}case ue.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return xa.elliptic.ecdh.decrypt(e,s,c,u.data,a,o,n)}case ue.publicKey.x25519:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(!de.isAES(o.algorithm))throw Error("AES session key expected");return xa.elliptic.ecdhX.decrypt(e,s,o.wrappedKey,n,a)}default:throw Error("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaSign:{const e=de.readMPI(t.subarray(r));r+=e.length+2;const i=de.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case ue.publicKey.dsa:{const e=de.readMPI(t.subarray(r));r+=e.length+2;const i=de.readMPI(t.subarray(r));r+=i.length+2;const n=de.readMPI(t.subarray(r));r+=n.length+2;const a=de.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case ue.publicKey.elgamal:{const e=de.readMPI(t.subarray(r));r+=e.length+2;const i=de.readMPI(t.subarray(r));r+=i.length+2;const n=de.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case ue.publicKey.ecdsa:{const e=new _n;r+=e.read(t),Ua(e);const i=de.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case ue.publicKey.eddsaLegacy:{const e=new _n;r+=e.read(t),Ua(e);let i=de.readMPI(t.subarray(r));return r+=i.length+2,i=de.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case ue.publicKey.ecdh:{const e=new _n;r+=e.read(t),Ua(e);const i=de.readMPI(t.subarray(r));r+=i.length+2;const n=new Ca;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case ue.publicKey.ed25519:case ue.publicKey.x25519:{const e=t.subarray(r,r+32);return r+=e.length,{read:r,publicParams:{A:e}}}default:throw new Un("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let i=0;switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaSign:{const e=de.readMPI(t.subarray(i));i+=e.length+2;const r=de.readMPI(t.subarray(i));i+=r.length+2;const n=de.readMPI(t.subarray(i));i+=n.length+2;const a=de.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case ue.publicKey.dsa:case ue.publicKey.elgamal:{const e=de.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case ue.publicKey.ecdsa:case ue.publicKey.ecdh:{const e=new On(r.oid);let n=de.readMPI(t.subarray(i));return i+=n.length+2,n=de.leftPad(n,e.payloadSize),{read:i,privateParams:{d:n}}}case ue.publicKey.eddsaLegacy:{const e=new On(r.oid);let n=de.readMPI(t.subarray(i));return i+=n.length+2,n=de.leftPad(n,e.payloadSize),{read:i,privateParams:{seed:n}}}case ue.publicKey.ed25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{seed:e}}}case ue.publicKey.x25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{k:e}}}default:throw new Un("Unknown public key encryption algorithm.")}},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:return{c:de.readMPI(t.subarray(r))};case ue.publicKey.elgamal:{const e=de.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:de.readMPI(t.subarray(r))}}case ue.publicKey.ecdh:{const e=de.readMPI(t.subarray(r));r+=e.length+2;const i=new Ka;return i.read(t.subarray(r)),{V:e,C:i}}case ue.publicKey.x25519:{const e=t.subarray(r,r+32);r+=e.length;const i=new Da;return i.read(t.subarray(r)),{ephemeralPublicKey:e,C:i}}default:throw new Un("Unknown public key encryption algorithm.")}},serializeParams:function(e,t){const r=new Set([ue.publicKey.ed25519,ue.publicKey.x25519]),i=Object.keys(t).map((i=>{const n=t[i];return de.isUint8Array(n)?r.has(e)?n:de.uint8ArrayToMPI(n):n.write()}));return de.concatUint8Array(i)},generateParams:function(e,t,r){switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaSign:return xa.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case ue.publicKey.ecdsa:return xa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new _n(e),Q:t}})));case ue.publicKey.eddsaLegacy:return xa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new _n(e),Q:t}})));case ue.publicKey.ecdh:return xa.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new _n(e),Q:t,kdfParams:new Ca({hash:i,cipher:n})}})));case ue.publicKey.ed25519:return xa.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case ue.publicKey.x25519:return xa.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case ue.publicKey.dsa:case ue.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return xa.rsa.validateParams(e,i,n,a,s,o)}case ue.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return xa.dsa.validateParams(e,i,n,a,s)}case ue.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return xa.elgamal.validateParams(e,i,n,a)}case ue.publicKey.ecdsa:case ue.publicKey.ecdh:{const i=xa.elliptic[ue.read(ue.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case ue.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return xa.elliptic.eddsaLegacy.validateParams(i,e,n)}case ue.publicKey.ed25519:{const{A:i}=t,{seed:n}=r;return xa.elliptic.eddsa.validateParams(e,i,n)}case ue.publicKey.x25519:{const{A:i}=t,{k:n}=r;return xa.elliptic.ecdhX.validateParams(e,i,n)}default:throw Error("Unknown public key algorithm.")}},getPrefixRandom:async function(e){const{blockSize:t}=hi(e),r=await rn(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return de.concat([r,i])},generateSessionKey:function(e){const{keySize:t}=hi(e);return rn(t)},getAEADMode:function(e){const t=ue.read(ue.aead,e);return Ji[t]},getCipher:hi,getPreferredCurveHashAlgo:function(e,t){switch(e){case ue.publicKey.ecdsa:case ue.publicKey.eddsaLegacy:return xa.elliptic.getPreferredHashAlgo(t);case ue.publicKey.ed25519:return xa.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}}});const Ia={cipher:st,hash:ci,mode:Ji,publicKey:xa,signature:Ma,random:an,pkcs1:ln,pkcs5:da,aesKW:ca};Object.assign(Ia,Ra);var Ba="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function Ta(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)}const za={arraySet:function(e,t,r,i,n){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+i),n);else for(let a=0;a=0;)e[t]=0}const ls=0,ps=1,ys=2,bs=29,gs=256,ms=gs+1+bs,ws=30,vs=19,_s=2*ms+1,ks=15,As=16,Ss=7,Es=256,Ps=16,xs=17,Ms=18,Ks=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],Cs=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],Ds=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],Us=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],Rs=Array(2*(ms+2));fs(Rs);const Is=Array(2*ws);fs(Is);const Bs=Array(512);fs(Bs);const Ts=Array(256);fs(Ts);const zs=Array(bs);fs(zs);const qs=Array(ws);function Fs(e,t,r,i,n){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=i,this.max_length=n,this.has_stree=e&&e.length}let Os,Ls,Ns;function js(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function Hs(e){return e<256?Bs[e]:Bs[256+(e>>>7)]}function Ws(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function Gs(e,t,r){e.bi_valid>As-r?(e.bi_buf|=t<>As-e.bi_valid,e.bi_valid+=r-As):(e.bi_buf|=t<>>=1,r<<=1}while(--t>0);return r>>>1}function Zs(e,t,r){const i=Array(ks+1);let n,a,s=0;for(n=1;n<=ks;n++)i[n]=s=s+r[n-1]<<1;for(a=0;a<=t;a++){const t=e[2*a+1];0!==t&&(e[2*a]=$s(i[t]++,t))}}function Xs(e){let t;for(t=0;t8?Ws(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function Qs(e,t,r,i){const n=2*t,a=2*r;return e[n]>1;s>=1;s--)Js(e,r,s);c=a;do{s=e.heap[1],e.heap[1]=e.heap[e.heap_len--],Js(e,r,1),o=e.heap[1],e.heap[--e.heap_max]=s,e.heap[--e.heap_max]=o,r[2*c]=r[2*s]+r[2*o],e.depth[c]=(e.depth[s]>=e.depth[o]?e.depth[s]:e.depth[o])+1,r[2*s+1]=r[2*o+1]=c,e.heap[1]=c++,Js(e,r,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){const r=t.dyn_tree,i=t.max_code,n=t.stat_desc.static_tree,a=t.stat_desc.has_stree,s=t.stat_desc.extra_bits,o=t.stat_desc.extra_base,c=t.stat_desc.max_length;let u,h,d,f,l,p,y=0;for(f=0;f<=ks;f++)e.bl_count[f]=0;for(r[2*e.heap[e.heap_max]+1]=0,u=e.heap_max+1;u<_s;u++)h=e.heap[u],f=r[2*r[2*h+1]+1]+1,f>c&&(f=c,y++),r[2*h+1]=f,h>i||(e.bl_count[f]++,l=0,h>=o&&(l=s[h-o]),p=r[2*h],e.opt_len+=p*(f+l),a&&(e.static_len+=p*(n[2*h+1]+l)));if(0!==y){do{for(f=c-1;0===e.bl_count[f];)f--;e.bl_count[f]--,e.bl_count[f+1]+=2,e.bl_count[c]--,y-=2}while(y>0);for(f=c;0!==f;f--)for(h=e.bl_count[f];0!==h;)d=e.heap[--u],d>i||(r[2*d+1]!==f&&(e.opt_len+=(f-r[2*d+1])*r[2*d],r[2*d+1]=f),h--)}}(e,t),Zs(r,u,e.bl_count)}function ro(e,t,r){let i,n,a=-1,s=t[1],o=0,c=7,u=4;for(0===s&&(c=138,u=3),t[2*(r+1)+1]=65535,i=0;i<=r;i++)n=s,s=t[2*(i+1)+1],++o>=7;i=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}function co(e,t,r,i){let n,a,s=0;e.level>0?(e.strm.data_type===hs&&(e.strm.data_type=function(e){let t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return cs;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return us;for(t=32;t=3&&0===e.bl_tree[2*Us[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),n=e.opt_len+3+7>>>3,a=e.static_len+3+7>>>3,a<=n&&(n=a)):n=a=r+5,r+4<=n&&-1!==t?so(e,t,r,i):e.strategy===os||a===n?(Gs(e,(ps<<1)+(i?1:0),3),eo(e,Rs,Is)):(Gs(e,(ys<<1)+(i?1:0),3),function(e,t,r,i){let n;for(Gs(e,t-257,5),Gs(e,r-1,5),Gs(e,i-4,4),n=0;n>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(Ts[r]+gs+1)]++,e.dyn_dtree[2*Hs(t)]++),e.last_lit===e.lit_bufsize-1}function ho(e,t,r,i){let n=65535&e|0,a=e>>>16&65535|0,s=0;for(;0!==r;){s=r>2e3?2e3:r,r-=s;do{n=n+t[i++]|0,a=a+n|0}while(--s);n%=65521,a%=65521}return n|a<<16|0}const fo=function(){let e;const t=[];for(let r=0;r<256;r++){e=r;for(let t=0;t<8;t++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();function lo(e,t,r,i){const n=fo,a=i+r;e^=-1;for(let r=i;r>>8^n[255&(e^t[r])];return-1^e}var po={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"};const yo=9,bo=3,go=258,mo=go+bo+1,wo=32,vo=42,_o=69,ko=73,Ao=91,So=103,Eo=113,Po=666,xo=1,Mo=2,Ko=3,Co=4,Do=3;function Uo(e,t){return e.msg=po[t],t}function Ro(e){return(e<<1)-(e>4?9:0)}function Io(e){let t=e.length;for(;--t>=0;)e[t]=0}function Bo(e){const t=e.state;let r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(ja(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function To(e,t){co(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,Bo(e.strm)}function zo(e,t){e.pending_buf[e.pending++]=t}function qo(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function Fo(e,t,r,i){let n=e.avail_in;return n>i&&(n=i),0===n?0:(e.avail_in-=n,ja(t,e.input,e.next_in,n,r),1===e.state.wrap?e.adler=ho(e.adler,t,n,r):2===e.state.wrap&&(e.adler=lo(e.adler,t,n,r)),e.next_in+=n,e.total_in+=n,n)}function Oo(e,t){let r,i,n=e.max_chain_length,a=e.strstart,s=e.prev_length,o=e.nice_match;const c=e.strstart>e.w_size-mo?e.strstart-(e.w_size-mo):0,u=e.window,h=e.w_mask,d=e.prev,f=e.strstart+go;let l=u[a+s-1],p=u[a+s];e.prev_length>=e.good_match&&(n>>=2),o>e.lookahead&&(o=e.lookahead);do{if(r=t,u[r+s]===p&&u[r+s-1]===l&&u[r]===u[a]&&u[++r]===u[a+1]){a+=2,r++;do{}while(u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&as){if(e.match_start=t,s=i,i>=o)break;l=u[a+s-1],p=u[a+s]}}}while((t=d[t&h])>c&&0!=--n);return s<=e.lookahead?s:e.lookahead}function Lo(e){const t=e.w_size;let r,i,n,a,s;do{if(a=e.window_size-e.lookahead-e.strstart,e.strstart>=t+(t-mo)){ja(e.window,e.window,t,t,0),e.match_start-=t,e.strstart-=t,e.block_start-=t,i=e.hash_size,r=i;do{n=e.head[--r],e.head[r]=n>=t?n-t:0}while(--i);i=t,r=i;do{n=e.prev[--r],e.prev[r]=n>=t?n-t:0}while(--i);a+=t}if(0===e.strm.avail_in)break;if(i=Fo(e.strm,e.window,e.strstart+e.lookahead,a),e.lookahead+=i,e.lookahead+e.insert>=bo)for(s=e.strstart-e.insert,e.ins_h=e.window[s],e.ins_h=(e.ins_h<=bo&&(e.ins_h=(e.ins_h<=bo)if(i=uo(e,e.strstart-e.match_start,e.match_length-bo),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=bo){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<=bo&&(e.ins_h=(e.ins_h<4096)&&(e.match_length=bo-1)),e.prev_length>=bo&&e.match_length<=e.prev_length){n=e.strstart+e.lookahead-bo,i=uo(e,e.strstart-1-e.prev_match,e.prev_length-bo),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=n&&(e.ins_h=(e.ins_h<e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(Lo(e),0===e.lookahead&&t===Ha)return xo;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;const i=e.block_start+r;if((0===e.strstart||e.strstart>=i)&&(e.lookahead=e.strstart-i,e.strstart=i,To(e,!1),0===e.strm.avail_out))return xo;if(e.strstart-e.block_start>=e.w_size-mo&&(To(e,!1),0===e.strm.avail_out))return xo}return e.insert=0,t===$a?(To(e,!0),0===e.strm.avail_out?Ko:Co):(e.strstart>e.block_start&&(To(e,!1),e.strm.avail_out),xo)})),new Ho(4,4,8,4,No),new Ho(4,5,16,8,No),new Ho(4,6,32,32,No),new Ho(4,4,16,16,jo),new Ho(8,16,32,32,jo),new Ho(8,16,128,128,jo),new Ho(8,32,128,256,jo),new Ho(32,128,258,1024,jo),new Ho(32,258,258,4096,jo)];class Go{constructor(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=ds,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new Oa(1146),this.dyn_dtree=new Oa(122),this.bl_tree=new Oa(78),Io(this.dyn_ltree),Io(this.dyn_dtree),Io(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new Oa(16),this.heap=new Oa(573),Io(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new Oa(573),Io(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}}function Vo(e){const t=function(e){let t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=hs,t=e.state,t.pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?vo:Eo,e.adler=2===t.wrap?0:1,t.last_flush=Ha,ao(t),Ya):Uo(e,es)}(e);return t===Ya&&function(e){e.window_size=2*e.w_size,Io(e.head),e.max_lazy_match=Wo[e.level].max_lazy,e.good_match=Wo[e.level].good_length,e.nice_match=Wo[e.level].nice_length,e.max_chain_length=Wo[e.level].max_chain,e.strstart=0,e.block_start=0,e.lookahead=0,e.insert=0,e.match_length=e.prev_length=bo-1,e.match_available=0,e.ins_h=0}(e.state),t}function $o(e,t){let r,i,n,a;if(!e||!e.state||t>Za||t<0)return e?Uo(e,es):es;if(i=e.state,!e.output||!e.input&&0!==e.avail_in||i.status===Po&&t!==$a)return Uo(e,0===e.avail_out?rs:es);if(i.strm=e,r=i.last_flush,i.last_flush=t,i.status===vo)if(2===i.wrap)e.adler=0,zo(i,31),zo(i,139),zo(i,8),i.gzhead?(zo(i,(i.gzhead.text?1:0)+(i.gzhead.hcrc?2:0)+(i.gzhead.extra?4:0)+(i.gzhead.name?8:0)+(i.gzhead.comment?16:0)),zo(i,255&i.gzhead.time),zo(i,i.gzhead.time>>8&255),zo(i,i.gzhead.time>>16&255),zo(i,i.gzhead.time>>24&255),zo(i,9===i.level?2:i.strategy>=as||i.level<2?4:0),zo(i,255&i.gzhead.os),i.gzhead.extra&&i.gzhead.extra.length&&(zo(i,255&i.gzhead.extra.length),zo(i,i.gzhead.extra.length>>8&255)),i.gzhead.hcrc&&(e.adler=lo(e.adler,i.pending_buf,i.pending,0)),i.gzindex=0,i.status=_o):(zo(i,0),zo(i,0),zo(i,0),zo(i,0),zo(i,0),zo(i,9===i.level?2:i.strategy>=as||i.level<2?4:0),zo(i,Do),i.status=Eo);else{let t=ds+(i.w_bits-8<<4)<<8,r=-1;r=i.strategy>=as||i.level<2?0:i.level<6?1:6===i.level?2:3,t|=r<<6,0!==i.strstart&&(t|=wo),t+=31-t%31,i.status=Eo,qo(i,t),0!==i.strstart&&(qo(i,e.adler>>>16),qo(i,65535&e.adler)),e.adler=1}if(i.status===_o)if(i.gzhead.extra){for(n=i.pending;i.gzindex<(65535&i.gzhead.extra.length)&&(i.pending!==i.pending_buf_size||(i.gzhead.hcrc&&i.pending>n&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),Bo(e),n=i.pending,i.pending!==i.pending_buf_size));)zo(i,255&i.gzhead.extra[i.gzindex]),i.gzindex++;i.gzhead.hcrc&&i.pending>n&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),i.gzindex===i.gzhead.extra.length&&(i.gzindex=0,i.status=ko)}else i.status=ko;if(i.status===ko)if(i.gzhead.name){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),Bo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.gzindex=0,i.status=Ao)}else i.status=Ao;if(i.status===Ao)if(i.gzhead.comment){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),Bo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=lo(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.status=So)}else i.status=So;if(i.status===So&&(i.gzhead.hcrc?(i.pending+2>i.pending_buf_size&&Bo(e),i.pending+2<=i.pending_buf_size&&(zo(i,255&e.adler),zo(i,e.adler>>8&255),e.adler=0,i.status=Eo)):i.status=Eo),0!==i.pending){if(Bo(e),0===e.avail_out)return i.last_flush=-1,Ya}else if(0===e.avail_in&&Ro(t)<=Ro(r)&&t!==$a)return Uo(e,rs);if(i.status===Po&&0!==e.avail_in)return Uo(e,rs);if(0!==e.avail_in||0!==i.lookahead||t!==Ha&&i.status!==Po){var s=i.strategy===as?function(e,t){let r;for(;;){if(0===e.lookahead&&(Lo(e),0===e.lookahead)){if(t===Ha)return xo;break}if(e.match_length=0,r=uo(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(To(e,!1),0===e.strm.avail_out))return xo}return e.insert=0,t===$a?(To(e,!0),0===e.strm.avail_out?Ko:Co):e.last_lit&&(To(e,!1),0===e.strm.avail_out)?xo:Mo}(i,t):i.strategy===ss?function(e,t){let r,i,n,a;const s=e.window;for(;;){if(e.lookahead<=go){if(Lo(e),e.lookahead<=go&&t===Ha)return xo;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=bo&&e.strstart>0&&(n=e.strstart-1,i=s[n],i===s[++n]&&i===s[++n]&&i===s[++n])){a=e.strstart+go;do{}while(i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&ne.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=bo?(r=uo(e,1,e.match_length-bo),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=uo(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(To(e,!1),0===e.strm.avail_out))return xo}return e.insert=0,t===$a?(To(e,!0),0===e.strm.avail_out?Ko:Co):e.last_lit&&(To(e,!1),0===e.strm.avail_out)?xo:Mo}(i,t):Wo[i.level].func(i,t);if(s!==Ko&&s!==Co||(i.status=Po),s===xo||s===Ko)return 0===e.avail_out&&(i.last_flush=-1),Ya;if(s===Mo&&(t===Wa?oo(i):t!==Za&&(so(i,0,0,!1),t===Va&&(Io(i.head),0===i.lookahead&&(i.strstart=0,i.block_start=0,i.insert=0))),Bo(e),0===e.avail_out))return i.last_flush=-1,Ya}return t!==$a?Ya:i.wrap<=0?Qa:(2===i.wrap?(zo(i,255&e.adler),zo(i,e.adler>>8&255),zo(i,e.adler>>16&255),zo(i,e.adler>>24&255),zo(i,255&e.total_in),zo(i,e.total_in>>8&255),zo(i,e.total_in>>16&255),zo(i,e.total_in>>24&255)):(qo(i,e.adler>>>16),qo(i,65535&e.adler)),Bo(e),i.wrap>0&&(i.wrap=-i.wrap),0!==i.pending?Ya:Qa)}try{String.fromCharCode.call(null,0)}catch(e){}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){}const Zo=new Fa(256);for(let e=0;e<256;e++)Zo[e]=e>=252?6:e>=248?5:e>=240?4:e>=224?3:e>=192?2:1;function Xo(e){let t,r,i,n,a=0;const s=e.length;for(i=0;i>>6,o[n++]=128|63&t):t<65536?(o[n++]=224|t>>>12,o[n++]=128|t>>>6&63,o[n++]=128|63&t):(o[n++]=240|t>>>18,o[n++]=128|t>>>12&63,o[n++]=128|t>>>6&63,o[n++]=128|63&t);return o}Zo[254]=Zo[254]=1;class Yo{constructor(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}}class Qo{constructor(e){this.options={level:is,method:ds,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,...e||{}};const t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Yo,this.strm.avail_out=0;var r,i,n=function(e,t,r,i,n,a){if(!e)return es;let s=1;if(t===is&&(t=6),i<0?(s=0,i=-i):i>15&&(s=2,i-=16),n<1||n>yo||r!==ds||i<8||i>15||t<0||t>9||a<0||a>os)return Uo(e,es);8===i&&(i=9);const o=new Go;return e.state=o,o.strm=e,o.wrap=s,o.gzhead=null,o.w_bits=i,o.w_size=1<=r.w_size&&(0===a&&(Io(r.head),r.strstart=0,r.block_start=0,r.insert=0),u=new Fa(r.w_size),ja(u,t,h-r.w_size,r.w_size,0),t=u,h=r.w_size),s=e.avail_in,o=e.next_in,c=e.input,e.avail_in=h,e.next_in=0,e.input=t,Lo(r);r.lookahead>=bo;){i=r.strstart,n=r.lookahead-(bo-1);do{r.ins_h=(r.ins_h<0||0===r.avail_out)&&n!==Qa);return a===$a?(n=function(e){let t;return e&&e.state?(t=e.state.status,t!==vo&&t!==_o&&t!==ko&&t!==Ao&&t!==So&&t!==Eo&&t!==Po?Uo(e,es):(e.state=null,t===Eo?Uo(e,ts):Ya)):es}(this.strm),this.onEnd(n),this.ended=!0,n===Ya):a!==Ga||(this.onEnd(Ya),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ya&&(this.result=Na(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}const Jo=30,ec=12;function tc(e,t){let r,i,n,a,s,o,c,u,h,d;const f=e.state;r=e.next_in;const l=e.input,p=r+(e.avail_in-5);i=e.next_out;const y=e.output,b=i-(t-e.avail_out),g=i+(e.avail_out-257),m=f.dmax,w=f.wsize,v=f.whave,_=f.wnext,k=f.window;n=f.hold,a=f.bits;const A=f.lencode,S=f.distcode,E=(1<>>24,n>>>=o,a-=o,o=s>>>16&255,0===o)y[i++]=65535&s;else{if(!(16&o)){if(0==(64&o)){s=A[(65535&s)+(n&(1<>>=o,a-=o),a<15&&(n+=l[r++]<>>24,n>>>=o,a-=o,o=s>>>16&255,!(16&o)){if(0==(64&o)){s=S[(65535&s)+(n&(1<m){e.msg="invalid distance too far back",f.mode=Jo;break e}if(n>>>=o,a-=o,o=i-b,u>o){if(o=u-o,o>v&&f.sane){e.msg="invalid distance too far back",f.mode=Jo;break e}if(h=0,d=k,0===_){if(h+=w-o,o2;)y[i++]=d[h++],y[i++]=d[h++],y[i++]=d[h++],c-=3;c&&(y[i++]=d[h++],c>1&&(y[i++]=d[h++]))}else{h=i-u;do{y[i++]=y[h++],y[i++]=y[h++],y[i++]=y[h++],c-=3}while(c>2);c&&(y[i++]=y[h++],c>1&&(y[i++]=y[h++]))}break}}break}}while(r>3,r-=c,a-=c<<3,n&=(1<=1&&0===P[g];g--);if(m>g&&(m=g),0===g)return n[a++]=20971520,n[a++]=20971520,o.bits=1,0;for(b=1;b0&&(e===ac||1!==g))return-1;for(x[1]=0,p=1;pic||e===oc&&k>nc)return 1;for(;;){M=p-v,s[y]l?(K=D[U+s[y]],C=S[E+s[y]]):(K=96,C=0),u=1<>v)+h]=M<<24|K<<16|C|0}while(0!==h);for(u=1<>=1;if(0!==u?(A&=u-1,A+=u):A=0,y++,0==--P[p]){if(p===g)break;p=t[r+s[y]]}if(p>m&&(A&R)!==d){for(0===v&&(v=m),f+=b,w=p-v,_=1<ic||e===oc&&k>nc)return 1;d=A&R,n[d]=m<<24|w<<16|f-a|0}}return 0!==A&&(n[f+A]=p-v<<24|64<<16|0),o.bits=m,0}const lc=0,pc=1,yc=2,bc=1,gc=2,mc=3,wc=4,vc=5,_c=6,kc=7,Ac=8,Sc=9,Ec=10,Pc=11,xc=12,Mc=13,Kc=14,Cc=15,Dc=16,Uc=17,Rc=18,Ic=19,Bc=20,Tc=21,zc=22,qc=23,Fc=24,Oc=25,Lc=26,Nc=27,jc=28,Hc=29,Wc=30,Gc=852,Vc=592;function $c(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}class Zc{constructor(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Oa(320),this.work=new Oa(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}}function Xc(e){let t;return e&&e.state?(t=e.state,t.wsize=0,t.whave=0,t.wnext=0,function(e){let t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=bc,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new La(Gc),t.distcode=t.distdyn=new La(Vc),t.sane=1,t.back=-1,Ya):es}(e)):es}function Yc(e,t){let r,i;return e?(i=new Zc,e.state=i,i.window=null,r=function(e,t){let r,i;return e&&e.state?(i=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?es:(null!==i.window&&i.wbits!==t&&(i.window=null),i.wrap=r,i.wbits=t,Xc(e))):es}(e,t),r!==Ya&&(e.state=null),r):es}let Qc,Jc,eu=!0;function tu(e){if(eu){let t;for(Qc=new La(512),Jc=new La(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(fc(pc,e.lens,0,288,Qc,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;fc(yc,e.lens,0,32,Jc,0,e.work,{bits:5}),eu=!1}e.lencode=Qc,e.lenbits=9,e.distcode=Jc,e.distbits=5}function ru(e,t,r,i){let n;const a=e.state;return null===a.window&&(a.wsize=1<=a.wsize?(ja(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):(n=a.wsize-a.wnext,n>i&&(n=i),ja(a.window,t,r-i,n,a.wnext),(i-=n)?(ja(a.window,t,r-i,i,0),a.wnext=i,a.whave=a.wsize):(a.wnext+=n,a.wnext===a.wsize&&(a.wnext=0),a.whave>>8&255,r.check=lo(r.check,x,2,0),u=0,h=0,r.mode=gc;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&u)<<8)+(u>>8))%31){e.msg="incorrect header check",r.mode=Wc;break}if((15&u)!==ds){e.msg="unknown compression method",r.mode=Wc;break}if(u>>>=4,h-=4,k=8+(15&u),0===r.wbits)r.wbits=k;else if(k>r.wbits){e.msg="invalid window size",r.mode=Wc;break}r.dmax=1<>8&1),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=lo(r.check,x,2,0)),u=0,h=0,r.mode=mc;case mc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>8&255,x[2]=u>>>16&255,x[3]=u>>>24&255,r.check=lo(r.check,x,4,0)),u=0,h=0,r.mode=wc;case wc:for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>8),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=lo(r.check,x,2,0)),u=0,h=0,r.mode=vc;case vc:if(1024&r.flags){for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>>8&255,r.check=lo(r.check,x,2,0)),u=0,h=0}else r.head&&(r.head.extra=null);r.mode=_c;case _c:if(1024&r.flags&&(l=r.length,l>o&&(l=o),l&&(r.head&&(k=r.head.extra_len-r.length,r.head.extra||(r.head.extra=Array(r.head.extra_len)),ja(r.head.extra,i,a,l,k)),512&r.flags&&(r.check=lo(r.check,i,l,a)),o-=l,a+=l,r.length-=l),r.length))break e;r.length=0,r.mode=kc;case kc:if(2048&r.flags){if(0===o)break e;l=0;do{k=i[a+l++],r.head&&k&&r.length<65536&&(r.head.name+=String.fromCharCode(k))}while(k&&l>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=xc;break;case Ec:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>=7&h,h-=7&h,r.mode=Nc;break}for(;h<3;){if(0===o)break e;o--,u+=i[a++]<>>=1,h-=1,3&u){case 0:r.mode=Kc;break;case 1:if(tu(r),r.mode=Bc,t===Xa){u>>>=2,h-=2;break e}break;case 2:r.mode=Uc;break;case 3:e.msg="invalid block type",r.mode=Wc}u>>>=2,h-=2;break;case Kc:for(u>>>=7&h,h-=7&h;h<32;){if(0===o)break e;o--,u+=i[a++]<>>16^65535)){e.msg="invalid stored block lengths",r.mode=Wc;break}if(r.length=65535&u,u=0,h=0,r.mode=Cc,t===Xa)break e;case Cc:r.mode=Dc;case Dc:if(l=r.length,l){if(l>o&&(l=o),l>c&&(l=c),0===l)break e;ja(n,i,a,l,s),o-=l,a+=l,c-=l,s+=l,r.length-=l;break}r.mode=xc;break;case Uc:for(;h<14;){if(0===o)break e;o--,u+=i[a++]<>>=5,h-=5,r.ndist=1+(31&u),u>>>=5,h-=5,r.ncode=4+(15&u),u>>>=4,h-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=Wc;break}r.have=0,r.mode=Rc;case Rc:for(;r.have>>=3,h-=3}for(;r.have<19;)r.lens[M[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,S={bits:r.lenbits},A=fc(lc,r.lens,0,19,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid code lengths set",r.mode=Wc;break}r.have=0,r.mode=Ic;case Ic:for(;r.have>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=b,h-=b,r.lens[r.have++]=m;else{if(16===m){for(E=b+2;h>>=b,h-=b,0===r.have){e.msg="invalid bit length repeat",r.mode=Wc;break}k=r.lens[r.have-1],l=3+(3&u),u>>>=2,h-=2}else if(17===m){for(E=b+3;h>>=b,h-=b,k=0,l=3+(7&u),u>>>=3,h-=3}else{for(E=b+7;h>>=b,h-=b,k=0,l=11+(127&u),u>>>=7,h-=7}if(r.have+l>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=Wc;break}for(;l--;)r.lens[r.have++]=k}}if(r.mode===Wc)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=Wc;break}if(r.lenbits=9,S={bits:r.lenbits},A=fc(pc,r.lens,0,r.nlen,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid literal/lengths set",r.mode=Wc;break}if(r.distbits=6,r.distcode=r.distdyn,S={bits:r.distbits},A=fc(yc,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,S),r.distbits=S.bits,A){e.msg="invalid distances set",r.mode=Wc;break}if(r.mode=Bc,t===Xa)break e;case Bc:r.mode=Tc;case Tc:if(o>=6&&c>=258){e.next_out=s,e.avail_out=c,e.next_in=a,e.avail_in=o,r.hold=u,r.bits=h,tc(e,f),s=e.next_out,n=e.output,c=e.avail_out,a=e.next_in,i=e.input,o=e.avail_in,u=r.hold,h=r.bits,r.mode===xc&&(r.back=-1);break}for(r.back=0;P=r.lencode[u&(1<>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,g=P>>>16&255,m=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,r.length=m,0===g){r.mode=Lc;break}if(32&g){r.back=-1,r.mode=xc;break}if(64&g){e.msg="invalid literal/length code",r.mode=Wc;break}r.extra=15&g,r.mode=zc;case zc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=qc;case qc:for(;P=r.distcode[u&(1<>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,g=P>>>16&255,m=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,64&g){e.msg="invalid distance code",r.mode=Wc;break}r.offset=m,r.extra=15&g,r.mode=Fc;case Fc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=Wc;break}r.mode=Oc;case Oc:if(0===c)break e;if(l=f-c,r.offset>l){if(l=r.offset-l,l>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=Wc;break}l>r.wnext?(l-=r.wnext,p=r.wsize-l):p=r.wnext-l,l>r.length&&(l=r.length),y=r.window}else y=n,p=s-r.offset,l=r.length;l>c&&(l=c),c-=l,r.length-=l;do{n[s++]=y[p++]}while(--l);0===r.length&&(r.mode=Tc);break;case Lc:if(0===c)break e;n[s++]=r.length,c--,r.mode=Tc;break;case Nc:if(r.wrap){for(;h<32;){if(0===o)break e;o--,u|=i[a++]<=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Yo,this.strm.avail_out=0;let r=Yc(this.strm,t.windowBits);if(r!==Ya)throw Error(po[r]);if(this.header=new au,function(e,t){let r;e&&e.state&&(r=e.state,0==(2&r.wrap)||(r.head=t,t.done=!1))}(this.strm,this.header),t.dictionary&&("string"==typeof t.dictionary?t.dictionary=Xo(t.dictionary):t.dictionary instanceof ArrayBuffer&&(t.dictionary=new Uint8Array(t.dictionary)),t.raw&&(r=nu(this.strm,t.dictionary),r!==Ya)))throw Error(po[r])}push(e,t){const{strm:r,options:{chunkSize:i,dictionary:n}}=this;let a,s,o=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?$a:Ha,"string"==typeof e?r.input=function(e){const t=new Fa(e.length);for(let r=0,i=t.length;r0||0===r.avail_out)&&a!==Qa);return a===Qa&&(s=$a),s===$a?(a=function(e){if(!e||!e.state)return es;const t=e.state;return t.window&&(t.window=null),e.state=null,Ya}(this.strm),this.onEnd(a),this.ended=!0,a===Ya):s!==Ga||(this.onEnd(Ya),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ya&&(this.result=Na(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}var ou=[0,1,3,7,15,31,63,127,255],cu=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};cu.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},cu.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=ou[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var i=r-e;t|=(this.curByte&ou[e]<>i,this.bitOffset+=e,e=0}}return t},cu.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},cu.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var uu=cu,hu=function(){};hu.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},hu.prototype.read=function(e,t,r){for(var i=0;i>>0},this.updateCRC=function(t){e=e<<8^du[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^du[255&(e>>>24^t)]}}),pu=function(e,t){var r,i=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=i,i},yu={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},bu={};bu[yu.LAST_BLOCK]="Bad file checksum",bu[yu.NOT_BZIP_DATA]="Not bzip data",bu[yu.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",bu[yu.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",bu[yu.DATA_ERROR]="Data error",bu[yu.OUT_OF_MEMORY]="Out of memory",bu[yu.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var gu=function(e,t){var r=bu[e]||"unknown error";t&&(r+=": "+t);var i=new TypeError(r);throw i.errorCode=e,i},mu=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};mu.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new lu,!0):(this.writeCount=-1,!1)},mu.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||gu(yu.NOT_BZIP_DATA,"bad magic");var i=r[3]-48;(i<1||i>9)&&gu(yu.NOT_BZIP_DATA,"level out of range"),this.reader=new uu(e),this.dbufSize=1e5*i,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},mu.prototype._get_next_block=function(){var e,t,r,i=this.reader,n=i.pi();if("177245385090"===n)return!1;"314159265359"!==n&&gu(yu.NOT_BZIP_DATA),this.targetBlockCRC=i.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,i.read(1)&&gu(yu.OBSOLETE_INPUT);var a=i.read(24);a>this.dbufSize&&gu(yu.DATA_ERROR,"initial position out of bounds");var s=i.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(s&1<<15-e){var u=16*e;for(r=i.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=u+t)}var h=i.read(3);(h<2||h>6)&&gu(yu.DATA_ERROR);var d=i.read(15);0===d&&gu(yu.DATA_ERROR);var f=new Uint8Array(256);for(e=0;e=h&&gu(yu.DATA_ERROR);l[e]=pu(f,t)}var p,y=c+2,b=[];for(t=0;t20)&&gu(yu.DATA_ERROR),i.read(1);)i.read(1)?s--:s++;w[e]=s}for(g=m=w[0],e=1;em?m=w[e]:w[e]=d&&gu(yu.DATA_ERROR),p=b[l[P++]]),e=p.minLen,t=i.read(e);e>p.maxLen&&gu(yu.DATA_ERROR),!(t<=p.limit[e]);e++)t=t<<1|i.read(1);((t-=p.base[e])<0||t>=258)&&gu(yu.DATA_ERROR);var M=p.permute[t];if(0!==M&&1!==M){if(S)for(S=0,E+s>this.dbufSize&&gu(yu.DATA_ERROR),k[A=o[f[0]]]+=s;s--;)x[E++]=A;if(M>c)break;E>=this.dbufSize&&gu(yu.DATA_ERROR),k[A=o[A=pu(f,e=M-1)]]++,x[E++]=A}else S||(S=1,s=0),s+=0===M?S:2*S,S<<=1}for((a<0||a>=E)&&gu(yu.DATA_ERROR),t=0,e=0;e<256;e++)r=t+k[e],k[e]=t,t=r;for(e=0;e>=8,D=-1),this.writePos=K,this.writeCurrent=C,this.writeCount=E,this.writeRun=D,!0},mu.prototype._read_bunzip=function(e,t){var r,i,n;if(this.writeCount<0)return 0;var a=this.dbuf,s=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var u=this.writeRun;c;){for(c--,i=o,o=255&(s=a[s]),s>>=8,3==u++?(r=o,n=i,o=-1):(r=1,n=o),this.blockCRC.updateCRCRun(n,r);r--;)this.outputStream.writeByte(n),this.nextoutput++;o!=i&&(u=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&gu(yu.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var wu=function(e){if("readByte"in e)return e;var t=new fu;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},vu=function(e){var t=new fu,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var _u=function(e,t,r){for(var i=wu(e),n=vu(t),a=new mu(i,n);!("eof"in i)||!i.eof();)if(a._init_block())a._read_bunzip();else{var s=a.reader.read(32)>>>0;if(s!==a.streamCRC&&gu(yu.DATA_ERROR,"Bad stream CRC (got "+a.streamCRC.toString(16)+" expected "+s.toString(16)+")"),!r||!("eof"in i)||i.eof())break;a._start_bunzip(i,n)}if("getBuffer"in n)return n.getBuffer()};class ku{static get tag(){return ue.packet.literalData}constructor(e=new Date){this.format=ue.literal.utf8,this.date=de.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=ue.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||de.isStream(this.text))&&(this.text=de.decodeUTF8(de.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=de.canonicalizeEOL(de.encodeUTF8(this.text))),e?ee(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await Q(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=de.decodeUTF8(await e.readBytes(r)),this.date=de.readDate(await e.readBytes(4));let i=e.remainder();_(i)&&(i=await ie(i)),this.setBytes(i,t)}))}writeHeader(){const e=de.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=de.writeDate(this.date);return de.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return de.concat([e,t])}}const Au=Symbol("verified"),Su=new Set([ue.signatureSubpacket.issuer,ue.signatureSubpacket.issuerFingerprint,ue.signatureSubpacket.embeddedSignature]);class Eu{static get tag(){return ue.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.signedHashValue=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Ke,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.revoked=null,this[Au]=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version)throw new Un(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[t++],this.publicKeyAlgorithm=e[t++],this.hashAlgorithm=e[t++],t+=this.readSubPackets(e.subarray(t,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");this.signatureData=e.subarray(0,t),t+=this.readSubPackets(e.subarray(t,e.length),!1),this.signedHashValue=e.subarray(t,t+2),t+=2,this.params=Ia.signature.parseSignatureParams(this.publicKeyAlgorithm,e.subarray(t,e.length))}writeParams(){return this.params instanceof Promise?ae((async()=>Ia.serializeParams(this.publicKeyAlgorithm,await this.params))):Ia.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),e.push(this.writeParams()),de.concat(e)}async sign(e,t,r=new Date,i=!1){5===e.version?this.version=5:this.version=4;const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];this.created=de.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID(),n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=de.concat(n);const a=this.toHash(this.signatureType,t,i),s=await this.hash(this.signatureType,t,a,i);this.signedHashValue=re(J(s),0,2);const o=async()=>Ia.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await ie(s));de.isStream(s)?this.params=o():(this.params=await o(),this[Au]=!0)}writeHashedSubPackets(){const e=ue.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(Pu(e.signatureCreationTime,!0,de.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(Pu(e.signatureExpirationTime,!0,de.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(Pu(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(Pu(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(Pu(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(Pu(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(Pu(e.keyExpirationTime,!0,de.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(Pu(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=de.concat([r,this.revocationKeyFingerprint]),t.push(Pu(e.revocationKey,!1,r))),this.issuerKeyID.isNull()||5===this.issuerKeyVersion||t.push(Pu(e.issuer,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=de.encodeUTF8(i);r.push(de.writeNumber(o.length,2)),r.push(de.writeNumber(n.length,2)),r.push(o),r.push(n),r=de.concat(r),t.push(Pu(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(Pu(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(Pu(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.keyServerPreferences)),t.push(Pu(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(Pu(e.preferredKeyServer,!1,de.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(Pu(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(Pu(e.policyURI,!1,de.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.keyFlags)),t.push(Pu(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(Pu(e.signersUserID,!1,de.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=de.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(Pu(e.reasonForRevocation,!0,r))),null!==this.features&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.features)),t.push(Pu(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(de.stringToUint8Array(this.signatureTargetHash)),r=de.concat(r),t.push(Pu(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(Pu(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=de.concat(r),t.push(Pu(e.issuerFingerprint,5===this.version,r))),null!==this.preferredAEADAlgorithms&&(r=de.stringToUint8Array(de.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(Pu(e.preferredAEADAlgorithms,!1,r)));const i=de.concat(t),n=de.writeNumber(i.length,2);return de.concat([n,i])}writeUnhashedSubPackets(){const e=[];this.unhashedSubpackets.forEach((t=>{e.push(Pn(t.length)),e.push(t)}));const t=de.concat(e),r=de.writeNumber(t.length,2);return de.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(t||(this.unhashedSubpackets.push(e.subarray(r,e.length)),Su.has(n)))switch(r++,n){case ue.signatureSubpacket.signatureCreationTime:this.created=de.readDate(e.subarray(r,e.length));break;case ue.signatureSubpacket.signatureExpirationTime:{const t=de.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case ue.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case ue.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case ue.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case ue.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case ue.signatureSubpacket.keyExpirationTime:{const t=de.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case ue.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case ue.signatureSubpacket.issuer:this.issuerKeyID.read(e.subarray(r,e.length));break;case ue.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=de.readNumber(e.subarray(r,r+2));r+=2;const a=de.readNumber(e.subarray(r,r+2));r+=2;const s=de.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=de.decodeUTF8(o));break}case ue.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=de.decodeUTF8(e.subarray(r,e.length));break;case ue.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case ue.signatureSubpacket.policyURI:this.policyURI=de.decodeUTF8(e.subarray(r,e.length));break;case ue.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.signersUserID:this.signersUserID=de.decodeUTF8(e.subarray(r,e.length));break;case ue.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=de.decodeUTF8(e.subarray(r,e.length));break;case ue.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case ue.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Ia.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=de.uint8ArrayToString(e.subarray(r,r+t));break}case ue.signatureSubpacket.embeddedSignature:this.embeddedSignature=new Eu,this.embeddedSignature.read(e.subarray(r,e.length));break;case ue.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),5===this.issuerKeyVersion?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case ue.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;default:{const e=Error("Unknown signature subpacket type "+n);if(i)throw e;de.printDebug(e)}}}readSubPackets(e,t=!0,r){const i=de.readNumber(e.subarray(0,2));let n=2;for(;n<2+i;){const i=En(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=ue.signature;switch(e){case r.binary:return null!==t.text?de.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return de.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return de.concat([this.toSign(r.key,t),new Uint8Array([i]),de.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return de.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return X(J(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==ue.signature.binary&&this.signatureType!==ue.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(de.writeNumber(r,4)),de.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return de.concat([i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){return r||(r=this.toHash(e,t,i)),Ia.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=we){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===ue.signature.binary||t===ue.signature.text;if(!(this[Au]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await ie(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[Au]=await Ia.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,i,a),!this[Au])throw Error("Signature verification failed")}const o=de.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+ue.read(ue.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[ue.signature.binary,ue.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+ue.read(ue.hash,this.hashAlgorithm).toUpperCase());if(this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=de.normalizeDate(e);return null!==t&&!(this.created<=t&&tEu.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==ue.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function Mu(e,t){if(!t[e]){let t;try{t=ue.read(ue.packet,e)}catch(t){throw new Un("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}xu.prototype.hash=Eu.prototype.hash,xu.prototype.toHash=Eu.prototype.toHash,xu.prototype.toSign=Eu.prototype.toSign;class Ku extends Array{static async fromBinary(e,t,r=we){const i=new Ku;return await i.read(e,t,r),i}async read(e,t,r=we){r.additionalAllowedPackets.length&&(t={...t,...de.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=Y(e,(async(e,i)=>{const n=G(i);try{for(;;){await n.ready;if(await Dn(e,(async e=>{try{if(e.tag===ue.packet.marker||e.tag===ue.packet.trust)return;const i=Mu(e.tag,t);i.packets=new Ku,i.fromStream=de.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){const i=!r.ignoreUnsupportedPackets&&t instanceof Un,a=!(r.ignoreMalformedPackets||t instanceof Un);if(i||a||Cn(e.tag))await n.abort(t);else{const t=new Rn(e.tag,e.packet);await n.write(t)}de.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=W(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||Cn(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=de.concat([xn(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>de.concat([Pn(n)].concat(t)))))}else{if(de.isStream(i)){let t=0;e.push(X(J(i),(e=>{t+=e.length}),(()=>Kn(r,t))))}else e.push(Kn(r,i.length));e.push(i)}}return de.concat(e)}filterByTag(...e){const t=new Ku,r=e=>t=>e===t;for(let i=0;it.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),de.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=we){const t=ue.read(ue.compression,this.algorithm),r=qu[t];if(!r)throw Error(t+" decompression not supported");this.packets=await Ku.fromBinary(r(this.compressed),Cu,e)}compress(){const e=ue.read(ue.compression,this.algorithm),t=zu[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write(),this.deflateLevel)}}const Uu=de.getNodeZlib();function Ru(e){return e}function Iu(e,t,r={}){return function(i){return!de.isStream(i)||_(i)?ae((()=>ie(i).then((t=>new Promise(((i,n)=>{e(t,r,((e,t)=>{if(e)return n(e);i(t)}))})))))):C(D(i).pipe(t(r)))}}function Bu(e,t={}){return function(r){const i=new e(t);return X(r,(e=>{if(e.length)return i.push(e,Ga),i.result}),(()=>{if(e===Qo)return i.push([],$a),i.result}))}}function Tu(e){return function(t){return ae((async()=>e(await ie(t))))}}const zu=Uu?{zip:/*#__PURE__*/(e,t)=>Iu(Uu.deflateRaw,Uu.createDeflateRaw,{level:t})(e),zlib:/*#__PURE__*/(e,t)=>Iu(Uu.deflate,Uu.createDeflate,{level:t})(e)}:{zip:/*#__PURE__*/(e,t)=>Bu(Qo,{raw:!0,level:t})(e),zlib:/*#__PURE__*/(e,t)=>Bu(Qo,{level:t})(e)},qu=Uu?{uncompressed:Ru,zip:/*#__PURE__*/Iu(Uu.inflateRaw,Uu.createInflateRaw),zlib:/*#__PURE__*/Iu(Uu.inflate,Uu.createInflate),bzip2:/*#__PURE__*/Tu(_u)}:{uncompressed:Ru,zip:/*#__PURE__*/Bu(su,{raw:!0}),zlib:/*#__PURE__*/Bu(su),bzip2:/*#__PURE__*/Tu(_u)},Fu=/*#__PURE__*/de.constructAllowedPackets([ku,Du,xu,Eu]);class Ou{static get tag(){return ue.packet.symEncryptedIntegrityProtectedData}constructor(){this.version=1,this.encrypted=null,this.packets=null}async read(e){await Q(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Un(`Version ${t} of the SEIP packet is unsupported.`);this.encrypted=e.remainder()}))}write(){return de.concat([new Uint8Array([1]),this.encrypted])}async encrypt(e,t,r=we){const{blockSize:i}=Ia.getCipher(e);let n=this.packets.write();_(n)&&(n=await ie(n));const a=await Ia.getPrefixRandom(e),s=new Uint8Array([211,20]),o=de.concat([a,n,s]),c=await Ia.hash.sha1(ee(o)),u=de.concat([o,c]);return this.encrypted=await Ia.mode.cfb.encrypt(e,t,u,new Uint8Array(i),r),!0}async decrypt(e,t,r=we){const{blockSize:i}=Ia.getCipher(e);let n=J(this.encrypted);_(n)&&(n=await ie(n));const a=await Ia.mode.cfb.decrypt(e,t,n,new Uint8Array(i)),s=re(ee(a),-20),o=re(a,0,-20),c=Promise.all([ie(await Ia.hash.sha1(ee(o))),ie(s)]).then((([e,t])=>{if(!de.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=re(o,i+2);let h=re(u,0,-2);return h=H([h,ae((()=>c))]),de.isStream(n)&&r.allowUnauthenticatedStream||(h=await ie(h)),this.packets=await Ku.fromBinary(h,Fu,r),!0}}const Lu=/*#__PURE__*/de.constructAllowedPackets([ku,Du,xu,Eu]);class Nu{static get tag(){return ue.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=ue.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await Q(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Un(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Ia.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return de.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=we){this.packets=await Ku.fromBinary(await this.crypt("decrypt",t,J(this.encrypted)),Lu,r)}async encrypt(e,t,r=we){this.cipherAlgorithm=e;const{ivLength:i}=Ia.getAEADMode(this.aeadAlgorithm);this.iv=Ia.random.getRandomBytes(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await this.crypt("encrypt",t,n)}async crypt(e,t,r){const i=Ia.getAEADMode(this.aeadAlgorithm),n=await i(this.cipherAlgorithm,t),a="decrypt"===e?i.tagLength:0,s="encrypt"===e?i.tagLength:0,o=2**(this.chunkSizeByte+6)+a,c=new ArrayBuffer(21),u=new Uint8Array(c,0,13),h=new Uint8Array(c),d=new DataView(c),f=new Uint8Array(c,5,8);u.set([192|Nu.tag,this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte],0);let l=0,p=Promise.resolve(),y=0,b=0;const g=this.iv;return Y(r,(async(t,r)=>{if("array"!==de.isStream(t)){const e=new F({},{highWaterMark:de.getHardwareConcurrency()*2**(this.chunkSizeByte+6),size:e=>e.length});V(e.readable,r),r=e.writable}const c=W(t),m=G(r);try{for(;;){let t=await c.readBytes(o+a)||new Uint8Array;const r=t.subarray(t.length-a);let w,v;if(t=t.subarray(0,t.length-a),!l||t.length?(c.unshift(r),w=n[e](t,i.getNonce(g,f),u),b+=t.length-a+s):(d.setInt32(17,y),w=n[e](r,i.getNonce(g,f),h),b+=s,v=!0),y+=t.length-a,p=p.then((()=>w)).then((async e=>{await m.ready,await m.write(e),b-=e.length})).catch((e=>m.abort(e))),(v||b>m.desiredSize)&&await p,v){await m.close();break}d.setInt32(9,++l)}}catch(e){await m.abort(e)}}))}}class ju{static get tag(){return ue.packet.publicKeyEncryptedSessionKey}constructor(){this.version=3,this.publicKeyID=new Ke,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}read(e){let t=0;if(this.version=e[t++],3!==this.version)throw new Un(`Version ${this.version} of the PKESK packet is unsupported.`);t+=this.publicKeyID.read(e.subarray(t)),this.publicKeyAlgorithm=e[t++],this.encrypted=Ia.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t),this.version),this.publicKeyAlgorithm===ue.publicKey.x25519&&(this.sessionKeyAlgorithm=ue.write(ue.symmetric,this.encrypted.C.algorithm))}write(){const e=[new Uint8Array([this.version]),this.publicKeyID.write(),new Uint8Array([this.publicKeyAlgorithm]),Ia.serializeParams(this.publicKeyAlgorithm,this.encrypted)];return de.concatUint8Array(e)}async encrypt(e){const t=ue.write(ue.publicKey,this.publicKeyAlgorithm),r=Hu(this.version,t,this.sessionKeyAlgorithm,this.sessionKey);this.encrypted=await Ia.publicKeyEncrypt(t,this.sessionKeyAlgorithm,e.publicParams,r,e.getFingerprintBytes())}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Hu(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=await Ia.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,e.getFingerprintBytes(),r),{sessionKey:n,sessionKeyAlgorithm:a}=function(e,t,r,i){switch(t){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.elgamal:case ue.publicKey.ecdh:{const e=r.subarray(0,r.length-2),t=r.subarray(r.length-2),n=de.writeChecksum(e.subarray(e.length%8)),a=n[0]===t[0]&n[1]===t[1],s={sessionKeyAlgorithm:e[0],sessionKey:e.subarray(1)};if(i){const e=a&s.sessionKeyAlgorithm===i.sessionKeyAlgorithm&s.sessionKey.length===i.sessionKey.length;return{sessionKey:de.selectUint8Array(e,s.sessionKey,i.sessionKey),sessionKeyAlgorithm:de.selectUint8(e,s.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(a&&ue.read(ue.symmetric,s.sessionKeyAlgorithm))return s;throw Error("Decryption error")}case ue.publicKey.x25519:return{sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);this.publicKeyAlgorithm!==ue.publicKey.x25519&&(this.sessionKeyAlgorithm=a),this.sessionKey=n}}function Hu(e,t,r,i){switch(t){case ue.publicKey.rsaEncrypt:case ue.publicKey.rsaEncryptSign:case ue.publicKey.elgamal:case ue.publicKey.ecdh:return de.concatUint8Array([new Uint8Array([r]),i,de.writeChecksum(i.subarray(i.length%8))]);case ue.publicKey.x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Wu{constructor(e=we){this.algorithm=ue.hash.sha256,this.type="iterated",this.c=e.s2kIterationCountByte,this.salt=null}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;try{this.type=ue.read(ue.s2k,e[t++])}catch(e){throw new Un("Unknown S2K type.")}switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==de.uint8ArrayToString(e.subarray(t,t+3)))throw new Un("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Un("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Un("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...de.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([ue.write(ue.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return de.concatUint8Array(e)}async produceKey(e,t){e=de.encodeUTF8(e);const r=[];let i=0,n=0;for(;i{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ju(e,t,r){const{keySize:i}=Ia.getCipher(r);return e.produceKey(t,i)}var eh=mt((function(e){!function(t){function r(e){function t(){return Ae0&&(t.semantic=" "),t}}function b(e,t){return function(){var i,a,o,u,h;for(u=r(),i=s("star"),o=0,h=void 0===t?0:t;null!==(a=e());)o+=1,c(i,a);return o>=h?i:(n(u),null)}}function g(e){return e.charCodeAt(0)>=128}function m(){return o("cr",h("\r")())}function w(){return o("crlf",d(m,k)())}function v(){return o("dquote",h('"')())}function _(){return o("htab",h("\t")())}function k(){return o("lf",h("\n")())}function A(){return o("sp",h(" ")())}function S(){return o("vchar",u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i})))}function E(){return o("wsp",f(A,_)())}function P(){var e=o("quoted-pair",f(d(h("\\"),f(S,E)),ie)());return null===e?null:(e.semantic=e.semantic[1],e)}function x(){return o("fws",f(ae,d(l(d(b(E),p(w))),b(E,1)))())}function M(){return o("ctext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=39||42<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),te)())}function K(){return o("ccontent",f(M,P,C)())}function C(){return o("comment",d(h("("),b(d(l(x),K)),l(x),h(")"))())}function D(){return o("cfws",f(d(b(d(l(x),C),1),l(x)),x)())}function U(){return o("atext",u((function(t){var r="a"<=t&&t<="z"||"A"<=t&&t<="Z"||"0"<=t&&t<="9"||["!","#","$","%","&","'","*","+","-","/","=","?","^","_","`","{","|","}","~"].indexOf(t)>=0;return e.rfc6532&&(r=r||g(t)),r})))}function R(){return o("atom",d(y(l(D)),b(U,1),y(l(D)))())}function I(){var e,t;return null===(e=o("dot-atom-text",b(U,1)()))||null!==(t=b(d(h("."),b(U,1)))())&&c(e,t),e}function B(){return o("dot-atom",d(p(l(D)),I,p(l(D)))())}function T(){return o("qtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33===r||35<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),re)())}function z(){return o("qcontent",f(T,P)())}function q(){return o("quoted-string",d(p(l(D)),p(v),b(d(l(y(x)),z)),l(p(x)),p(v),p(l(D)))())}function F(){return o("word",f(R,q)())}function O(){return o("address",f(L,H)())}function L(){return o("mailbox",f(N,J)())}function N(){return o("name-addr",d(l(W),j)())}function j(){return o("angle-addr",f(d(p(l(D)),h("<"),J,h(">"),p(l(D))),se)())}function H(){return o("group",d(W,h(":"),l($),h(";"),p(l(D)))())}function W(){return o("display-name",(null!==(e=o("phrase",f(ne,b(F,1))()))&&(e.semantic=function(e){return e.replace(/([ \t]|\r\n)+/g," ").replace(/^\s*/,"").replace(/\s*$/,"")}(e.semantic)),e));var e}function G(){return o("mailbox-list",f(d(L,b(d(h(","),L))),ue)())}function V(){return o("address-list",f(d(O,b(d(h(","),O))),he)())}function $(){return o("group-list",f(G,p(D),de)())}function Z(){return o("local-part",f(fe,B,q)())}function X(){return o("dtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=90||94<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),pe)())}function Y(){return o("domain-literal",d(p(l(D)),h("["),b(d(l(x),X)),l(x),h("]"),p(l(D)))())}function Q(){return o("domain",(t=f(le,B,Y)(),e.rejectTLD&&t&&t.semantic&&t.semantic.indexOf(".")<0?null:(t&&(t.semantic=t.semantic.replace(/\s+/g,"")),t)));var t}function J(){return o("addr-spec",d(Z,h("@"),Q)())}function ee(){return e.strict?null:o("obs-NO-WS-CTL",u((function(e){var t=e.charCodeAt(0);return 1<=t&&t<=8||11===t||12===t||14<=t&&t<=31||127===t})))}function te(){return e.strict?null:o("obs-ctext",ee())}function re(){return e.strict?null:o("obs-qtext",ee())}function ie(){return e.strict?null:o("obs-qp",d(h("\\"),f(h("\0"),ee,k,m))())}function ne(){return e.strict?null:e.atInDisplayName?o("obs-phrase",d(F,b(f(F,h("."),h("@"),y(D))))()):o("obs-phrase",d(F,b(f(F,h("."),y(D))))())}function ae(){return e.strict?null:o("obs-FWS",b(d(p(l(w)),E),1)())}function se(){return e.strict?null:o("obs-angle-addr",d(p(l(D)),h("<"),oe,J,h(">"),p(l(D)))())}function oe(){return e.strict?null:o("obs-route",d(ce,h(":"))())}function ce(){return e.strict?null:o("obs-domain-list",d(b(f(p(D),h(","))),h("@"),Q,b(d(h(","),p(l(D)),l(d(h("@"),Q)))))())}function ue(){return e.strict?null:o("obs-mbox-list",d(b(d(p(l(D)),h(","))),L,b(d(h(","),l(d(L,p(D))))))())}function he(){return e.strict?null:o("obs-addr-list",d(b(d(p(l(D)),h(","))),O,b(d(h(","),l(d(O,p(D))))))())}function de(){return e.strict?null:o("obs-group-list",d(b(d(p(l(D)),h(",")),1),p(l(D)))())}function fe(){return e.strict?null:o("obs-local-part",d(F,b(d(h("."),F)))())}function le(){return e.strict?null:o("obs-domain",d(R,b(d(h("."),R)))())}function pe(){return e.strict?null:o("obs-dtext",f(ee,P)())}function ye(e,t){var r,i,n;if(null==t)return null;for(i=[t];i.length>0;){if((n=i.pop()).name===e)return n;for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r])}return null}function be(e,t){var r,i,n,a,s;if(null==t)return null;for(i=[t],a=[],s={},r=0;r0;)if((n=i.pop()).name in s)a.push(n);else for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}function ge(t){var r,i,n,a,s;if(null===t)return null;for(r=[],i=be(["group","mailbox"],t),n=0;n1)return null;return t.addresses&&t.addresses[0]}(s):e.simple?s&&s.addresses:s}function me(e){var t,r=ye("display-name",e),i=[],n=be(["mailbox"],e);for(t=0;t0;)for((n=i.pop()).name===e&&a.push(n),r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}("cfws",e),n=be(["comment"],e),a=ye("local-part",r),s=ye("domain",r);return{node:e,parts:{name:t,address:r,local:a,domain:s,comments:i},type:e.name,name:ve(t),address:ve(r),local:ve(a),domain:ve(s),comments:_e(n),groupName:ve(e.groupName)}}function ve(e){return null!=e?e.semantic:null}function _e(e){var t="";if(e)for(var r=0;r`),t.userID=r.join(" "),t}read(e,t=we){const r=de.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");try{const{name:e,address:t,comments:i}=eh.parseOneAddress({input:r,atInDisplayName:!0});this.comment=i.replace(/^\(|\)$/g,""),this.name=e,this.email=t}catch(e){}this.userID=r}write(){return de.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class rh extends Qu{static get tag(){return ue.packet.secretSubkey}constructor(e=new Date,t=we){super(e,t)}}const ih=/*#__PURE__*/de.constructAllowedPackets([Eu]);class nh{constructor(e){this.packets=e||new Ku}write(){return this.packets.write()}armor(e=we){return Me(ue.armor.signature,this.write(),void 0,void 0,void 0,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function ah(e,t){const r=new rh(e.date,t);return r.packets=null,r.algorithm=ue.write(ue.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function sh(e,t){const r=new Qu(e.date,t);return r.packets=null,r.algorithm=ue.write(ue.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function oh(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw de.wrapError(`Could not find valid ${ue.read(ue.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function ch(e,t,r=new Date){const i=de.normalizeDate(r);if(null!==i){const r=yh(e,t);return!(e.created<=i&&i0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await fh(n,null,t,a,r.date,void 0,void 0,void 0,i)}async function hh(e,t,r=new Date,i={},n){let a=n.preferredHashAlgorithm,s=a;if(e){const t=await e.getPrimaryUser(r,i,n);t.selfCertification.preferredHashAlgorithms&&([s]=t.selfCertification.preferredHashAlgorithms,a=Ia.hash.getHashByteLength(a)<=Ia.hash.getHashByteLength(s)?s:a)}switch(t.algorithm){case ue.publicKey.ecdsa:case ue.publicKey.eddsaLegacy:case ue.publicKey.ed25519:s=Ia.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid)}return Ia.hash.getHashByteLength(a)<=Ia.hash.getHashByteLength(s)?s:a}async function dh(e,t=[],r=new Date,i=[],n=we){const a={symmetric:ue.symmetric.aes128,aead:ue.aead.eax,compression:ue.compression.uncompressed}[e],s={symmetric:n.preferredSymmetricAlgorithm,aead:n.preferredAEADAlgorithm,compression:n.preferredCompressionAlgorithm}[e],o={symmetric:"preferredSymmetricAlgorithms",aead:"preferredAEADAlgorithms",compression:"preferredCompressionAlgorithms"}[e],c=await Promise.all(t.map((async function(e,t){const a=(await e.getPrimaryUser(r,i[t],n)).selfCertification[o];return!!a&&a.indexOf(s)>=0})));return c.every(Boolean)?s:a}async function fh(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new Eu;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await hh(t,r,n,a,c),u.rawNotations=s,await u.sign(r,e,n,o),u}async function lh(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return de.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function ph(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{n&&!e.issuerKeyID.equals(n.issuerKeyID)||(await e.verify(a,t,r,o.revocationsExpire?s:null,!1,o),c.push(e.issuerKeyID))}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function yh(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function bh(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=de.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=ue.write(ue.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==ue.curve.ed25519Legacy&&e.curve!==ue.curve.curve25519Legacy||(e.curve=e.sign?ue.curve.ed25519Legacy:ue.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===ue.curve.ed25519Legacy?ue.publicKey.eddsaLegacy:ue.publicKey.ecdsa:e.algorithm=ue.publicKey.ecdh;break;case"rsa":e.algorithm=ue.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function gh(e,t){const r=e.algorithm;return r!==ue.publicKey.rsaEncrypt&&r!==ue.publicKey.elgamal&&r!==ue.publicKey.ecdh&&r!==ue.publicKey.x25519&&(!t.keyFlags||0!=(t.keyFlags[0]&ue.keyFlags.signData))}function mh(e,t){const r=e.algorithm;return r!==ue.publicKey.dsa&&r!==ue.publicKey.rsaSign&&r!==ue.publicKey.ecdsa&&r!==ue.publicKey.eddsaLegacy&&r!==ue.publicKey.ed25519&&(!t.keyFlags||0!=(t.keyFlags[0]&ue.keyFlags.encryptCommunication)||0!=(t.keyFlags[0]&ue.keyFlags.encryptStorage))}function wh(e,t){return!!t.allowInsecureDecryptionWithSigningKeys||(!e.keyFlags||0!=(e.keyFlags[0]&ue.keyFlags.encryptCommunication)||0!=(e.keyFlags[0]&ue.keyFlags.encryptStorage))}function vh(e,t){const r=ue.write(ue.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case ue.publicKey.rsaEncryptSign:case ue.publicKey.rsaSign:case ue.publicKey.rsaEncrypt:if(i.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,ue.signature.certGeneric,s,r,void 0,i)}catch(e){throw de.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,ue.signature.certGeneric,n,e,void 0,t)}catch(e){throw de.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await lh(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,ue.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await lh(e,this,"otherCertifications",t),await lh(e,this,"revocationSignatures",t,(function(e){return ph(i,ue.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=ue.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=we){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new _h(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await fh(a,null,e,{signatureType:ue.signature.certRevocation,reasonForRevocationFlag:ue.write(ue.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class kh{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Ku;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new kh(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=we){const n=this.mainKey.keyPacket;return ph(n,ue.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=we){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await oh(this.bindingSignatures,r,ue.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(ch(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=we){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await oh(this.bindingSignatures,r,ue.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=yh(this.keyPacket,n),s=n.getExpirationTime();return an.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,ue.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await lh(e,this,"revocationSignatures",t,(function(e){return ph(i,ue.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=ue.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=we){const a={key:e,bind:this.keyPacket},s=new kh(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await fh(a,null,e,{signatureType:ue.signature.subkeyRevocation,reasonForRevocationFlag:ue.write(ue.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{kh.prototype[e]=function(){return this.keyPacket[e]()}}));const Ah=/*#__PURE__*/de.constructAllowedPackets([Eu]),Sh=new Set([ue.packet.publicKey,ue.packet.privateKey]),Eh=new Set([ue.packet.publicKey,ue.packet.privateKey,ue.packet.publicSubkey,ue.packet.privateSubkey]);class Ph{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof Rn){Eh.has(s.tag)&&!a&&(a=Sh.has(s.tag)?Sh:Eh);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case ue.packet.publicKey:case ue.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case ue.packet.userID:case ue.packet.userAttribute:r=new _h(s,this),this.users.push(r);break;case ue.packet.publicSubkey:case ue.packet.secretSubkey:r=null,n=new kh(s,this),this.subkeys.push(n);break;case ue.packet.signature:switch(s.signatureType){case ue.signature.certGeneric:case ue.signature.certPersona:case ue.signature.certCasual:case ue.signature.certPositive:if(!r){de.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case ue.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case ue.signature.key:this.directSignatures.push(s);break;case ue.signature.subkeyBinding:if(!n){de.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case ue.signature.keyRevocation:this.revocationSignatures.push(s);break;case ue.signature.subkeyRevocation:if(!n){de.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new Ku;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=we){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await oh(r.bindingSignatures,n,ue.signature.subkeyBinding,e,t,i);if(!gh(r.keyPacket,a))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await oh([a.embeddedSignature],r.keyPacket,ue.signature.keyBinding,e,t,i),vh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&gh(n,a.selfCertification))return vh(n,i),this}catch(e){s=e}throw de.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=we){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await oh(r.bindingSignatures,n,ue.signature.subkeyBinding,e,t,i);if(mh(r.keyPacket,a))return vh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&mh(n,a.selfCertification))return vh(n,i),this}catch(e){s=e}throw de.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=we){return ph(this.keyPacket,ue.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=we){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");const{selfCertification:n}=await this.getPrimaryUser(e,t,r);if(ch(i,n,e))throw Error("Primary key is expired");const a=await oh(this.directSignatures,i,ue.signature.key,{key:i},e,r).catch((()=>{}));if(a&&ch(i,a,e))throw Error("Primary key is expired")}async getExpirationTime(e,t=we){let r;try{const{selfCertification:i}=await this.getPrimaryUser(null,e,t),n=yh(this.keyPacket,i),a=i.getExpirationTime(),s=await oh(this.directSignatures,this.keyPacket,ue.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=yh(this.keyPacket,s);r=Math.min(n,a,e)}else r=ne.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await lh(e,i,"revocationSignatures",t,(n=>ph(i.keyPacket,ue.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await lh(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=we){const r={key:this.keyPacket},i=await oh(this.revocationSignatures,this.keyPacket,ue.signature.keyRevocation,r,e,t),n=new Ku;return n.push(i),Me(ue.armor.publicKey,n.write(),null,null,"This is a revocation certificate")}async applyRevocationCertificate(e,t=new Date,r=we){const i=await xe(e,r),n=(await Ku.fromBinary(i.data,Ah,r)).findPacket(ue.packet.signature);if(!n||n.signatureType!==ue.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,ue.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw de.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=we){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=we){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=we){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=we){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{Ph.prototype[e]=kh.prototype[e]}));class xh extends Ph{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([ue.packet.secretKey,ue.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=we){return Me(ue.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,e)}}class Mh extends xh{constructor(e){if(super(),this.packetListToStructure(e,new Set([ue.packet.publicKey,ue.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new Ku,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case ue.packet.secretKey:{const t=Vu.fromSecretKeyPacket(r);e.push(t);break}case ue.packet.secretSubkey:{const t=Xu.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new xh(e)}armor(e=we){return Me(ue.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,e)}async getDecryptionKeys(e,t=new Date,r={},i=we){const n=this.keyPacket,a=[];for(let r=0;re.isDecrypted()))}async validate(e=we){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys(),t=e.map((e=>e.keyPacket.isDummy())).every(Boolean);if(t)throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=ue.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=we){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await fh(n,null,this.keyPacket,{signatureType:ue.signature.keyRevocation,reasonForRevocationFlag:ue.write(ue.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...we,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}const s=th.fromObject(t),o={};o.userID=s,o.key=e;const c={};c.signatureType=ue.signature.certGeneric,c.keyFlags=[ue.keyFlags.certifyKeys|ue.keyFlags.signData],c.preferredSymmetricAlgorithms=a([ue.symmetric.aes256,ue.symmetric.aes128,ue.symmetric.aes192],i.preferredSymmetricAlgorithm),i.aeadProtect&&(c.preferredAEADAlgorithms=a([ue.aead.eax,ue.aead.ocb],i.preferredAEADAlgorithm)),c.preferredHashAlgorithms=a([ue.hash.sha256,ue.hash.sha512],i.preferredHashAlgorithm),c.preferredCompressionAlgorithms=a([ue.compression.zlib,ue.compression.zip,ue.compression.uncompressed],i.preferredCompressionAlgorithm),0===n&&(c.isPrimaryUserID=!0),c.features=[0],c.features[0]|=ue.features.modificationDetection,i.aeadProtect&&(c.features[0]|=ue.features.aead),i.v5Keys&&(c.features[0]|=ue.features.v5Keys),r.keyExpirationTime>0&&(c.keyExpirationTime=r.keyExpirationTime,c.keyNeverExpires=!1);return{userIDPacket:s,signaturePacket:await fh(o,null,e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await uh(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const a={key:e};return n.push(await fh(a,null,e,{signatureType:ue.signature.keyRevocation,reasonForRevocationFlag:ue.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new Mh(n)}const Uh=/*#__PURE__*/de.constructAllowedPackets([ku,Du,Nu,Ou,Zu,ju,Gu,xu,Eu]),Rh=/*#__PURE__*/de.constructAllowedPackets([Gu]),Ih=/*#__PURE__*/de.constructAllowedPackets([Eu]);class Bh{constructor(e){this.packets=e||new Ku}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(ue.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(ue.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(ue.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=we){const a=r||await this.decryptSessionKeys(e,t,i,n),s=this.packets.filterByTag(ue.packet.symmetricallyEncryptedData,ue.packet.symEncryptedIntegrityProtectedData,ue.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const o=s[0];let c=null;const u=Promise.all(a.map((async({algorithm:e,data:t})=>{if(!de.isUint8Array(t)||!de.isString(e))throw Error("Invalid session key for decryption.");try{const r=ue.write(ue.symmetric,e);await o.decrypt(r,t,n)}catch(e){de.printDebugError(e),c=e}})));if(ne(o.encrypted),o.encrypted=null,await u,!o.packets||!o.packets.length)throw c||Error("Decryption failed.");const h=new Bh(o.packets);return o.packets=new Ku,h}async decryptSessionKeys(e,t,r=new Date,i=we){let n,a=[];if(t){const e=this.packets.filterByTag(ue.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await Ku.fromBinary(e.write(),Rh,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){de.printDebugError(e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(ue.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let s=[ue.symmetric.aes256,ue.symmetric.aes128,ue.symmetric.tripledes,ue.symmetric.cast5];try{const t=await e.getPrimaryUser(r,void 0,i);t.selfCertification.preferredSymmetricAlgorithms&&(s=s.concat(t.selfCertification.preferredSymmetricAlgorithms))}catch(e){}const o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket));await Promise.all(o.map((async function(e){if(!e||e.isDummy())return;if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===ue.publicKey.rsaEncrypt||t.publicKeyAlgorithm===ue.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===ue.publicKey.rsaSign||t.publicKeyAlgorithm===ue.publicKey.elgamal)){const r=t.write();await Promise.all(Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map((async t=>{const i=new ju;i.read(r);const s={sessionKeyAlgorithm:t,sessionKey:Ia.generateSessionKey(t)};try{await i.decrypt(e,s),a.push(i)}catch(e){de.printDebugError(e),n=e}})))}else try{if(await t.decrypt(e),!s.includes(ue.write(ue.symmetric,t.sessionKeyAlgorithm)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){de.printDebugError(e),n=e}})))}))),ne(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+de.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:ue.read(ue.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(ue.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(ue.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(ue.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=we){const n=await dh("symmetric",e,t,r,i),a=ue.read(ue.symmetric,n),s=i.aeadProtect&&await async function(e,t=new Date,r=[],i=we){let n=!0;return await Promise.all(e.map((async function(e,a){const s=await e.getPrimaryUser(t,r[a],i);s.selfCertification.features&&s.selfCertification.features[0]&ue.features.aead||(n=!1)}))),n}(e,t,r,i)?ue.read(ue.aead,await dh("aead",e,t,r,i)):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&e.keyPacket.algorithm===ue.publicKey.x25519&&!de.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:Ia.generateSessionKey(n),algorithm:a,aeadAlgorithm:s}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=we){if(r){if(!de.isUint8Array(r.data)||!de.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Bh.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Bh.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,d=await Bh.encryptSessionKey(c,u,h,e,t,i,n,a,s,o);let f;h?(f=new Nu,f.aeadAlgorithm=ue.write(ue.aead,h)):f=new Ou,f.packets=this.packets;const l=ue.write(ue.symmetric,u);return await f.encrypt(l,c,o),d.packets.push(f),f.packets=new Ku,d}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=we){const h=new Ku,d=ue.write(ue.symmetric,t),f=r&&ue.write(ue.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=new ju;return n.publicKeyID=a?Ke.wildcard():i.getKeyID(),n.publicKeyAlgorithm=i.keyPacket.algorithm,n.sessionKey=e,n.sessionKeyAlgorithm=d,await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new Gu(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,d,f,t))));h.push(...a)}return new Bh(h)}async sign(e=[],t=null,r=[],i=new Date,n=[],a=[],s=we){const o=new Ku,c=this.packets.findPacket(ue.packet.literalData);if(!c)throw Error("No literal data packet to sign.");let u,h;const d=null===c.text?ue.signature.binary:ue.signature.text;if(t)for(h=t.packets.filterByTag(ue.packet.signature),u=h.length-1;u>=0;u--){const t=h[u],r=new xu;r.signatureType=t.signatureType,r.hashAlgorithm=t.hashAlgorithm,r.publicKeyAlgorithm=t.publicKeyAlgorithm,r.issuerKeyID=t.issuerKeyID,e.length||0!==u||(r.flags=1),o.push(r)}return await Promise.all(Array.from(e).reverse().map((async function(t,a){if(!t.isPrivate())throw Error("Need private key for signing");const o=r[e.length-1-a],c=await t.getSigningKey(o,i,n,s),u=new xu;return u.signatureType=d,u.hashAlgorithm=await hh(t,c.keyPacket,i,n,s),u.publicKeyAlgorithm=c.keyPacket.algorithm,u.issuerKeyID=c.getKeyID(),a===e.length-1&&(u.flags=1),u}))).then((e=>{e.forEach((e=>o.push(e)))})),o.push(c),o.push(...await Th(c,e,t,r,i,n,a,!1,s)),new Bh(o)}compress(e,t=we){if(e===ue.compression.uncompressed)return this;const r=new Du(t);r.algorithm=e,r.packets=this.packets;const i=new Ku;return i.push(r),new Bh(i)}async signDetached(e=[],t=null,r=[],i=new Date,n=[],a=[],s=we){const o=this.packets.findPacket(ue.packet.literalData);if(!o)throw Error("No literal data packet to sign.");return new nh(await Th(o,e,t,r,i,n,a,!0,s))}async verify(e,t=new Date,r=we){const i=this.unwrapCompressed(),n=i.packets.filterByTag(ue.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");_(i.packets.stream)&&i.packets.push(...await ie(i.packets.stream,(e=>e||[])));const a=i.packets.filterByTag(ue.packet.onePassSignature).reverse(),s=i.packets.filterByTag(ue.packet.signature);return a.length&&!s.length&&de.isStream(i.packets.stream)&&!_(i.packets.stream)?(await Promise.all(a.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=ae((async()=>(await e.correspondingSig).signatureData)),e.hashed=ie(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=Y(i.packets.stream,(async(e,t)=>{const r=W(e),i=G(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await i.abort(e)}})),zh(a,n,e,t,!1,r)):zh(s,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=we){const n=this.unwrapCompressed().packets.filterByTag(ue.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return zh(e.packets.filterByTag(ue.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(ue.packet.compressedData);return e.length?new Bh(e[0].packets):this}async appendSignature(e,t=we){await this.packets.read(de.isUint8Array(e)?e:(await xe(e)).data,Ih,t)}write(){return this.packets.write()}armor(e=we){return Me(ue.armor.message,this.write(),null,null,null,e)}}async function Th(e,t,r=null,i=[],n=new Date,a=[],s=[],o=!1,c=we){const u=new Ku,h=null===e.text?ue.signature.binary:ue.signature.text;if(await Promise.all(t.map((async(t,r)=>{const u=a[r];if(!t.isPrivate())throw Error("Need private key for signing");const d=await t.getSigningKey(i[r],n,u,c);return fh(e,t,d.keyPacket,{signatureType:h},n,u,s,o,c)}))).then((e=>{u.push(...e)})),r){const e=r.packets.filterByTag(ue.packet.signature);u.push(...e)}return u}async function zh(e,t,r,i=new Date,n=!1,a=we){return Promise.all(e.filter((function(e){return["text","binary"].includes(ue.read(ue.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=we){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof xu?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new Ku;return e&&t.push(e),new nh(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}const qh=/*#__PURE__*/de.constructAllowedPackets([Eu]);class Fh{constructor(e,t){if(this.text=de.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof nh))throw Error("Invalid signature input");this.signature=t||new nh(new Ku)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=null,r=[],i=new Date,n=[],a=[],s=we){const o=new ku;o.setText(this.text);const c=new nh(await Th(o,e,t,r,i,n,a,!0,s));return new Fh(this.text,c)}verify(e,t=new Date,r=we){const i=this.signature.packets.filterByTag(ue.packet.signature),n=new ku;return n.setText(this.text),zh(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=we){let t=this.signature.packets.map((function(e){return ue.read(ue.hash,e.hashAlgorithm).toUpperCase()}));t=t.filter((function(e,t,r){return r.indexOf(e)===t}));const r={hash:t.join(),text:this.text,data:this.signature.packets.write()};return Me(ue.armor.signed,r,void 0,void 0,void 0,e)}}function Oh(e){if(!(e instanceof Bh))throw Error("Parameter [message] needs to be of type Message")}function Lh(e){if(!(e instanceof Fh||e instanceof Bh))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Nh(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const jh=Object.keys(we).length;function Hh(e){const t=Object.keys(e);if(t.length!==jh)for(const e of t)if(void 0===we[e])throw Error("Unknown config property: "+e)}function Wh(e){return e&&!de.isArray(e)&&(e=[e]),e}async function Gh(e,t,r="utf8"){const i=de.isStream(e);return"array"===i?ie(e):"node"===t?(e=D(e),"binary"!==r&&e.setEncoding(r),e):"web"===t&&"ponyfill"===i?T(e):e}function Vh(e,t){e.data=Y(t.packets.stream,(async(t,r)=>{await V(e.data,r,{preventClose:!0});const i=G(r);try{await ie(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function $h(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const Zh="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol:e=>`Symbol(${e})`;function Xh(){}const Yh="undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0;function Qh(e){return"object"==typeof e&&null!==e||"function"==typeof e}const Jh=Xh,ed=Promise,td=Promise.prototype.then,rd=Promise.resolve.bind(ed),id=Promise.reject.bind(ed);function nd(e){return new ed(e)}function ad(e){return rd(e)}function sd(e){return id(e)}function od(e,t,r){return td.call(e,t,r)}function cd(e,t,r){od(od(e,t,r),void 0,Jh)}function ud(e,t){cd(e,t)}function hd(e,t){cd(e,void 0,t)}function dd(e,t,r){return od(e,t,r)}function fd(e){od(e,void 0,Jh)}const ld=(()=>{const e=Yh&&Yh.queueMicrotask;if("function"==typeof e)return e;const t=ad(void 0);return e=>od(t,e)})();function pd(e,t,r){if("function"!=typeof e)throw new TypeError("Argument is not a function");return Function.prototype.apply.call(e,t,r)}function yd(e,t,r){try{return ad(pd(e,t,r))}catch(e){return sd(e)}}class bd{constructor(){this._cursor=0,this._size=0,this._front={_elements:[],_next:void 0},this._back=this._front,this._cursor=0,this._size=0}get length(){return this._size}push(e){const t=this._back;let r=t;16383===t._elements.length&&(r={_elements:[],_next:void 0}),t._elements.push(e),r!==t&&(this._back=r,t._next=r),++this._size}shift(){const e=this._front;let t=e;const r=this._cursor;let i=r+1;const n=e._elements,a=n[r];return 16384===i&&(t=e._next,i=0),--this._size,this._cursor=i,e!==t&&(this._front=t),n[r]=void 0,a}forEach(e){let t=this._cursor,r=this._front,i=r._elements;for(;!(t===i.length&&void 0===r._next||t===i.length&&(r=r._next,i=r._elements,t=0,0===i.length));)e(i[t]),++t}peek(){const e=this._front,t=this._cursor;return e._elements[t]}}function gd(e,t){e._ownerReadableStream=t,t._reader=e,"readable"===t._state?_d(e):"closed"===t._state?function(e){_d(e),Sd(e)}(e):kd(e,t._storedError)}function md(e,t){return rp(e._ownerReadableStream,t)}function wd(e){"readable"===e._ownerReadableStream._state?Ad(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")):function(e,t){kd(e,t)}(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")),e._ownerReadableStream._reader=void 0,e._ownerReadableStream=void 0}function vd(e){return new TypeError("Cannot "+e+" a stream using a released reader")}function _d(e){e._closedPromise=nd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r}))}function kd(e,t){_d(e),Ad(e,t)}function Ad(e,t){void 0!==e._closedPromise_reject&&(fd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}function Sd(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}const Ed=Zh("[[AbortSteps]]"),Pd=Zh("[[ErrorSteps]]"),xd=Zh("[[CancelSteps]]"),Md=Zh("[[PullSteps]]"),Kd=Number.isFinite||function(e){return"number"==typeof e&&isFinite(e)},Cd=Math.trunc||function(e){return e<0?Math.ceil(e):Math.floor(e)};function Dd(e,t){if(void 0!==e&&("object"!=typeof(r=e)&&"function"!=typeof r))throw new TypeError(t+" is not an object.");var r}function Ud(e,t){if("function"!=typeof e)throw new TypeError(t+" is not a function.")}function Rd(e,t){if(!function(e){return"object"==typeof e&&null!==e||"function"==typeof e}(e))throw new TypeError(t+" is not an object.")}function Id(e,t,r){if(void 0===e)throw new TypeError(`Parameter ${t} is required in '${r}'.`)}function Bd(e,t,r){if(void 0===e)throw new TypeError(`${t} is required in '${r}'.`)}function Td(e){return Number(e)}function zd(e){return 0===e?0:e}function qd(e,t){const r=Number.MAX_SAFE_INTEGER;let i=Number(e);if(i=zd(i),!Kd(i))throw new TypeError(t+" is not a finite number");if(i=function(e){return zd(Cd(e))}(i),i<0||i>r)throw new TypeError(`${t} is outside the accepted range of 0 to ${r}, inclusive`);return Kd(i)&&0!==i?i:0}function Fd(e,t){if(!ep(e))throw new TypeError(t+" is not a ReadableStream.")}function Od(e){return new Wd(e)}function Ld(e,t){e._reader._readRequests.push(t)}function Nd(e,t,r){const i=e._reader._readRequests.shift();r?i._closeSteps():i._chunkSteps(t)}function jd(e){return e._reader._readRequests.length}function Hd(e){const t=e._reader;return void 0!==t&&!!Gd(t)}class Wd{constructor(e){if(Id(e,1,"ReadableStreamDefaultReader"),Fd(e,"First parameter"),tp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");gd(this,e),this._readRequests=new bd}get closed(){return Gd(this)?this._closedPromise:sd($d("closed"))}cancel(e=undefined){return Gd(this)?void 0===this._ownerReadableStream?sd(vd("cancel")):md(this,e):sd($d("cancel"))}read(){if(!Gd(this))return sd($d("read"));if(void 0===this._ownerReadableStream)return sd(vd("read from"));let e,t;const r=nd(((r,i)=>{e=r,t=i}));return Vd(this,{_chunkSteps:t=>e({value:t,done:!1}),_closeSteps:()=>e({value:void 0,done:!0}),_errorSteps:e=>t(e)}),r}releaseLock(){if(!Gd(this))throw $d("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");wd(this)}}}function Gd(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readRequests")}function Vd(e,t){const r=e._ownerReadableStream;r._disturbed=!0,"closed"===r._state?t._closeSteps():"errored"===r._state?t._errorSteps(r._storedError):r._readableStreamController[Md](t)}function $d(e){return new TypeError(`ReadableStreamDefaultReader.prototype.${e} can only be used on a ReadableStreamDefaultReader`)}let Zd;Object.defineProperties(Wd.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(Wd.prototype,Zh.toStringTag,{value:"ReadableStreamDefaultReader",configurable:!0}),"symbol"==typeof Zh.asyncIterator&&(Zd={[Zh.asyncIterator](){return this}},Object.defineProperty(Zd,Zh.asyncIterator,{enumerable:!1}));class Xd{constructor(e,t){this._ongoingPromise=void 0,this._isFinished=!1,this._reader=e,this._preventCancel=t}next(){const e=()=>this._nextSteps();return this._ongoingPromise=this._ongoingPromise?dd(this._ongoingPromise,e,e):e(),this._ongoingPromise}return(e){const t=()=>this._returnSteps(e);return this._ongoingPromise?dd(this._ongoingPromise,t,t):t()}_nextSteps(){if(this._isFinished)return Promise.resolve({value:void 0,done:!0});const e=this._reader;if(void 0===e._ownerReadableStream)return sd(vd("iterate"));let t,r;const i=nd(((e,i)=>{t=e,r=i}));return Vd(e,{_chunkSteps:e=>{this._ongoingPromise=void 0,ld((()=>t({value:e,done:!1})))},_closeSteps:()=>{this._ongoingPromise=void 0,this._isFinished=!0,wd(e),t({value:void 0,done:!0})},_errorSteps:t=>{this._ongoingPromise=void 0,this._isFinished=!0,wd(e),r(t)}}),i}_returnSteps(e){if(this._isFinished)return Promise.resolve({value:e,done:!0});this._isFinished=!0;const t=this._reader;if(void 0===t._ownerReadableStream)return sd(vd("finish iterating"));if(!this._preventCancel){const r=md(t,e);return wd(t),dd(r,(()=>({value:e,done:!0})))}return wd(t),ad({value:e,done:!0})}}const Yd={next(){return Qd(this)?this._asyncIteratorImpl.next():sd(Jd("next"))},return(e){return Qd(this)?this._asyncIteratorImpl.return(e):sd(Jd("return"))}};function Qd(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_asyncIteratorImpl")}function Jd(e){return new TypeError(`ReadableStreamAsyncIterator.${e} can only be used on a ReadableSteamAsyncIterator`)}void 0!==Zd&&Object.setPrototypeOf(Yd,Zd);const ef=Number.isNaN||function(e){return e!=e};function tf(e){return!!function(e){if("number"!=typeof e)return!1;if(ef(e))return!1;if(e<0)return!1;return!0}(e)&&e!==1/0}function rf(e){const t=e._queue.shift();return e._queueTotalSize-=t.size,e._queueTotalSize<0&&(e._queueTotalSize=0),t.value}function nf(e,t,r){if(!tf(r=Number(r)))throw new RangeError("Size must be a finite, non-NaN, non-negative number.");e._queue.push({value:t,size:r}),e._queueTotalSize+=r}function af(e){e._queue=new bd,e._queueTotalSize=0}function sf(e){return e.slice()}class of{constructor(){throw new TypeError("Illegal constructor")}get view(){if(!hf(this))throw Pf("view");return this._view}respond(e){if(!hf(this))throw Pf("respond");if(Id(e,1,"respond"),e=qd(e,"First parameter"),void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");this._view.buffer,function(e,t){if(t=Number(t),!tf(t))throw new RangeError("bytesWritten must be a finite");vf(e,t)}(this._associatedReadableByteStreamController,e)}respondWithNewView(e){if(!hf(this))throw Pf("respondWithNewView");if(Id(e,1,"respondWithNewView"),!ArrayBuffer.isView(e))throw new TypeError("You can only respond with array buffer views");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");!function(e,t){const r=e._pendingPullIntos.peek();if(r.byteOffset+r.bytesFilled!==t.byteOffset)throw new RangeError("The region specified by view does not match byobRequest");if(r.byteLength!==t.byteLength)throw new RangeError("The buffer of view has different capacity than byobRequest");r.buffer=t.buffer,vf(e,t.byteLength)}(this._associatedReadableByteStreamController,e)}}Object.defineProperties(of.prototype,{respond:{enumerable:!0},respondWithNewView:{enumerable:!0},view:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(of.prototype,Zh.toStringTag,{value:"ReadableStreamBYOBRequest",configurable:!0});class cf{constructor(){throw new TypeError("Illegal constructor")}get byobRequest(){if(!uf(this))throw xf("byobRequest");if(null===this._byobRequest&&this._pendingPullIntos.length>0){const e=this._pendingPullIntos.peek(),t=new Uint8Array(e.buffer,e.byteOffset+e.bytesFilled,e.byteLength-e.bytesFilled),r=Object.create(of.prototype);!function(e,t,r){e._associatedReadableByteStreamController=t,e._view=r}(r,this,t),this._byobRequest=r}return this._byobRequest}get desiredSize(){if(!uf(this))throw xf("desiredSize");return Sf(this)}close(){if(!uf(this))throw xf("close");if(this._closeRequested)throw new TypeError("The stream has already been closed; do not close it again!");const e=this._controlledReadableByteStream._state;if("readable"!==e)throw new TypeError(`The stream (in ${e} state) is not in the readable state and cannot be closed`);!function(e){const t=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==t._state)return;if(e._queueTotalSize>0)return void(e._closeRequested=!0);if(e._pendingPullIntos.length>0){if(e._pendingPullIntos.peek().bytesFilled>0){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");throw Af(e,t),t}}kf(e),ip(t)}(this)}enqueue(e){if(!uf(this))throw xf("enqueue");if(Id(e,1,"enqueue"),!ArrayBuffer.isView(e))throw new TypeError("chunk must be an array buffer view");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(this._closeRequested)throw new TypeError("stream is closed or draining");const t=this._controlledReadableByteStream._state;if("readable"!==t)throw new TypeError(`The stream (in ${t} state) is not in the readable state and cannot be enqueued to`);!function(e,t){const r=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==r._state)return;const i=t.buffer,n=t.byteOffset,a=t.byteLength,s=i;if(Hd(r))if(0===jd(r))pf(e,s,n,a);else{Nd(r,new Uint8Array(s,n,a),!1)}else Cf(r)?(pf(e,s,n,a),wf(e)):pf(e,s,n,a);df(e)}(this,e)}error(e=undefined){if(!uf(this))throw xf("error");Af(this,e)}[xd](e){if(this._pendingPullIntos.length>0){this._pendingPullIntos.peek().bytesFilled=0}af(this);const t=this._cancelAlgorithm(e);return kf(this),t}[Md](e){const t=this._controlledReadableByteStream;if(this._queueTotalSize>0){const t=this._queue.shift();this._queueTotalSize-=t.byteLength,gf(this);const r=new Uint8Array(t.buffer,t.byteOffset,t.byteLength);return void e._chunkSteps(r)}const r=this._autoAllocateChunkSize;if(void 0!==r){let t;try{t=new ArrayBuffer(r)}catch(t){return void e._errorSteps(t)}const i={buffer:t,byteOffset:0,byteLength:r,bytesFilled:0,elementSize:1,viewConstructor:Uint8Array,readerType:"default"};this._pendingPullIntos.push(i)}Ld(t,e),df(this)}}function uf(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableByteStream")}function hf(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_associatedReadableByteStreamController")}function df(e){const t=function(e){const t=e._controlledReadableByteStream;if("readable"!==t._state)return!1;if(e._closeRequested)return!1;if(!e._started)return!1;if(Hd(t)&&jd(t)>0)return!0;if(Cf(t)&&Kf(t)>0)return!0;const r=Sf(e);if(r>0)return!0;return!1}(e);if(!t)return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;cd(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,df(e))}),(t=>{Af(e,t)}))}function ff(e,t){let r=!1;"closed"===e._state&&(r=!0);const i=lf(t);"default"===t.readerType?Nd(e,i,r):function(e,t,r){const i=e._reader,n=i._readIntoRequests.shift();r?n._closeSteps(t):n._chunkSteps(t)}(e,i,r)}function lf(e){const t=e.bytesFilled,r=e.elementSize;return new e.viewConstructor(e.buffer,e.byteOffset,t/r)}function pf(e,t,r,i){e._queue.push({buffer:t,byteOffset:r,byteLength:i}),e._queueTotalSize+=i}function yf(e,t){const r=t.elementSize,i=t.bytesFilled-t.bytesFilled%r,n=Math.min(e._queueTotalSize,t.byteLength-t.bytesFilled),a=t.bytesFilled+n,s=a-a%r;let o=n,c=!1;s>i&&(o=s-t.bytesFilled,c=!0);const u=e._queue;for(;o>0;){const r=u.peek(),i=Math.min(o,r.byteLength),n=t.byteOffset+t.bytesFilled;h=t.buffer,d=n,f=r.buffer,l=r.byteOffset,p=i,new Uint8Array(h).set(new Uint8Array(f,l,p),d),r.byteLength===i?u.shift():(r.byteOffset+=i,r.byteLength-=i),e._queueTotalSize-=i,bf(e,i,t),o-=i}var h,d,f,l,p;return c}function bf(e,t,r){mf(e),r.bytesFilled+=t}function gf(e){0===e._queueTotalSize&&e._closeRequested?(kf(e),ip(e._controlledReadableByteStream)):df(e)}function mf(e){null!==e._byobRequest&&(e._byobRequest._associatedReadableByteStreamController=void 0,e._byobRequest._view=null,e._byobRequest=null)}function wf(e){for(;e._pendingPullIntos.length>0;){if(0===e._queueTotalSize)return;const t=e._pendingPullIntos.peek();yf(e,t)&&(_f(e),ff(e._controlledReadableByteStream,t))}}function vf(e,t){const r=e._pendingPullIntos.peek();if("closed"===e._controlledReadableByteStream._state){if(0!==t)throw new TypeError("bytesWritten must be 0 when calling respond() on a closed stream");!function(e,t){t.buffer=t.buffer;const r=e._controlledReadableByteStream;if(Cf(r))for(;Kf(r)>0;)ff(r,_f(e))}(e,r)}else!function(e,t,r){if(r.bytesFilled+t>r.byteLength)throw new RangeError("bytesWritten out of range");if(bf(e,t,r),r.bytesFilled0){const t=r.byteOffset+r.bytesFilled,n=r.buffer.slice(t-i,t);pf(e,n,0,n.byteLength)}r.buffer=r.buffer,r.bytesFilled-=i,ff(e._controlledReadableByteStream,r),wf(e)}(e,t,r);df(e)}function _f(e){const t=e._pendingPullIntos.shift();return mf(e),t}function kf(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0}function Af(e,t){const r=e._controlledReadableByteStream;"readable"===r._state&&(!function(e){mf(e),e._pendingPullIntos=new bd}(e),af(e),kf(e),np(r,t))}function Sf(e){const t=e._controlledReadableByteStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Ef(e,t,r){const i=Object.create(cf.prototype);let n=()=>{},a=()=>ad(void 0),s=()=>ad(void 0);void 0!==t.start&&(n=()=>t.start(i)),void 0!==t.pull&&(a=()=>t.pull(i)),void 0!==t.cancel&&(s=e=>t.cancel(e));const o=t.autoAllocateChunkSize;if(0===o)throw new TypeError("autoAllocateChunkSize must be greater than 0");!function(e,t,r,i,n,a,s){t._controlledReadableByteStream=e,t._pullAgain=!1,t._pulling=!1,t._byobRequest=null,t._queue=t._queueTotalSize=void 0,af(t),t._closeRequested=!1,t._started=!1,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,t._autoAllocateChunkSize=s,t._pendingPullIntos=new bd,e._readableStreamController=t,cd(ad(r()),(()=>{t._started=!0,df(t)}),(e=>{Af(t,e)}))}(e,i,n,a,s,r,o)}function Pf(e){return new TypeError(`ReadableStreamBYOBRequest.prototype.${e} can only be used on a ReadableStreamBYOBRequest`)}function xf(e){return new TypeError(`ReadableByteStreamController.prototype.${e} can only be used on a ReadableByteStreamController`)}function Mf(e,t){e._reader._readIntoRequests.push(t)}function Kf(e){return e._reader._readIntoRequests.length}function Cf(e){const t=e._reader;return void 0!==t&&!!Uf(t)}Object.defineProperties(cf.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},byobRequest:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(cf.prototype,Zh.toStringTag,{value:"ReadableByteStreamController",configurable:!0});class Df{constructor(e){if(Id(e,1,"ReadableStreamBYOBReader"),Fd(e,"First parameter"),tp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");if(!uf(e._readableStreamController))throw new TypeError("Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte source");gd(this,e),this._readIntoRequests=new bd}get closed(){return Uf(this)?this._closedPromise:sd(Rf("closed"))}cancel(e=undefined){return Uf(this)?void 0===this._ownerReadableStream?sd(vd("cancel")):md(this,e):sd(Rf("cancel"))}read(e){if(!Uf(this))return sd(Rf("read"));if(!ArrayBuffer.isView(e))return sd(new TypeError("view must be an array buffer view"));if(0===e.byteLength)return sd(new TypeError("view must have non-zero byteLength"));if(0===e.buffer.byteLength)return sd(new TypeError("view's buffer must have non-zero byteLength"));if(void 0===this._ownerReadableStream)return sd(vd("read from"));let t,r;const i=nd(((e,i)=>{t=e,r=i}));return function(e,t,r){const i=e._ownerReadableStream;i._disturbed=!0,"errored"===i._state?r._errorSteps(i._storedError):function(e,t,r){const i=e._controlledReadableByteStream;let n=1;t.constructor!==DataView&&(n=t.constructor.BYTES_PER_ELEMENT);const a=t.constructor,s={buffer:t.buffer,byteOffset:t.byteOffset,byteLength:t.byteLength,bytesFilled:0,elementSize:n,viewConstructor:a,readerType:"byob"};if(e._pendingPullIntos.length>0)return e._pendingPullIntos.push(s),void Mf(i,r);if("closed"!==i._state){if(e._queueTotalSize>0){if(yf(e,s)){const t=lf(s);return gf(e),void r._chunkSteps(t)}if(e._closeRequested){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");return Af(e,t),void r._errorSteps(t)}}e._pendingPullIntos.push(s),Mf(i,r),df(e)}else{const e=new a(s.buffer,s.byteOffset,0);r._closeSteps(e)}}(i._readableStreamController,t,r)}(this,e,{_chunkSteps:e=>t({value:e,done:!1}),_closeSteps:e=>t({value:e,done:!0}),_errorSteps:e=>r(e)}),i}releaseLock(){if(!Uf(this))throw Rf("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readIntoRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");wd(this)}}}function Uf(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readIntoRequests")}function Rf(e){return new TypeError(`ReadableStreamBYOBReader.prototype.${e} can only be used on a ReadableStreamBYOBReader`)}function If(e,t){const{highWaterMark:r}=e;if(void 0===r)return t;if(ef(r)||r<0)throw new RangeError("Invalid highWaterMark");return r}function Bf(e){const{size:t}=e;return t||(()=>1)}function Tf(e,t){Dd(e,t);const r=null==e?void 0:e.highWaterMark,i=null==e?void 0:e.size;return{highWaterMark:void 0===r?void 0:Td(r),size:void 0===i?void 0:zf(i,t+" has member 'size' that")}}function zf(e,t){return Ud(e,t),t=>Td(e(t))}function qf(e,t,r){return Ud(e,r),r=>yd(e,t,[r])}function Ff(e,t,r){return Ud(e,r),()=>yd(e,t,[])}function Of(e,t,r){return Ud(e,r),r=>pd(e,t,[r])}function Lf(e,t,r){return Ud(e,r),(r,i)=>yd(e,t,[r,i])}function Nf(e,t){if(!Gf(e))throw new TypeError(t+" is not a WritableStream.")}Object.defineProperties(Df.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(Df.prototype,Zh.toStringTag,{value:"ReadableStreamBYOBReader",configurable:!0});class jf{constructor(e={},t={}){void 0===e?e=null:Rd(e,"First parameter");const r=Tf(t,"Second parameter"),i=function(e,t){Dd(e,t);const r=null==e?void 0:e.abort,i=null==e?void 0:e.close,n=null==e?void 0:e.start,a=null==e?void 0:e.type,s=null==e?void 0:e.write;return{abort:void 0===r?void 0:qf(r,e,t+" has member 'abort' that"),close:void 0===i?void 0:Ff(i,e,t+" has member 'close' that"),start:void 0===n?void 0:Of(n,e,t+" has member 'start' that"),write:void 0===s?void 0:Lf(s,e,t+" has member 'write' that"),type:a}}(e,"First parameter");Wf(this);if(void 0!==i.type)throw new RangeError("Invalid type is specified");const n=Bf(r);!function(e,t,r,i){const n=Object.create(hl.prototype);let a=()=>{},s=()=>ad(void 0),o=()=>ad(void 0),c=()=>ad(void 0);void 0!==t.start&&(a=()=>t.start(n));void 0!==t.write&&(s=e=>t.write(e,n));void 0!==t.close&&(o=()=>t.close());void 0!==t.abort&&(c=e=>t.abort(e));dl(e,n,a,s,o,c,r,i)}(this,i,If(r,1),n)}get locked(){if(!Gf(this))throw ml("locked");return Vf(this)}abort(e=undefined){return Gf(this)?Vf(this)?sd(new TypeError("Cannot abort a stream that already has a writer")):$f(this,e):sd(ml("abort"))}close(){return Gf(this)?Vf(this)?sd(new TypeError("Cannot close a stream that already has a writer")):Jf(this)?sd(new TypeError("Cannot close an already-closing stream")):Zf(this):sd(ml("close"))}getWriter(){if(!Gf(this))throw ml("getWriter");return Hf(this)}}function Hf(e){return new rl(e)}function Wf(e){e._state="writable",e._storedError=void 0,e._writer=void 0,e._writableStreamController=void 0,e._writeRequests=new bd,e._inFlightWriteRequest=void 0,e._closeRequest=void 0,e._inFlightCloseRequest=void 0,e._pendingAbortRequest=void 0,e._backpressure=!1}function Gf(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_writableStreamController")}function Vf(e){return void 0!==e._writer}function $f(e,t){const r=e._state;if("closed"===r||"errored"===r)return ad(void 0);if(void 0!==e._pendingAbortRequest)return e._pendingAbortRequest._promise;let i=!1;"erroring"===r&&(i=!0,t=void 0);const n=nd(((r,n)=>{e._pendingAbortRequest={_promise:void 0,_resolve:r,_reject:n,_reason:t,_wasAlreadyErroring:i}}));return e._pendingAbortRequest._promise=n,i||Yf(e,t),n}function Zf(e){const t=e._state;if("closed"===t||"errored"===t)return sd(new TypeError(`The stream (in ${t} state) is not in the writable state and cannot be closed`));const r=nd(((t,r)=>{const i={_resolve:t,_reject:r};e._closeRequest=i})),i=e._writer;var n;return void 0!==i&&e._backpressure&&"writable"===t&&Kl(i),nf(n=e._writableStreamController,ul,0),pl(n),r}function Xf(e,t){"writable"!==e._state?Qf(e):Yf(e,t)}function Yf(e,t){const r=e._writableStreamController;e._state="erroring",e._storedError=t;const i=e._writer;void 0!==i&&sl(i,t),!function(e){if(void 0===e._inFlightWriteRequest&&void 0===e._inFlightCloseRequest)return!1;return!0}(e)&&r._started&&Qf(e)}function Qf(e){e._state="errored",e._writableStreamController[Pd]();const t=e._storedError;if(e._writeRequests.forEach((e=>{e._reject(t)})),e._writeRequests=new bd,void 0===e._pendingAbortRequest)return void el(e);const r=e._pendingAbortRequest;if(e._pendingAbortRequest=void 0,r._wasAlreadyErroring)return r._reject(t),void el(e);cd(e._writableStreamController[Ed](r._reason),(()=>{r._resolve(),el(e)}),(t=>{r._reject(t),el(e)}))}function Jf(e){return void 0!==e._closeRequest||void 0!==e._inFlightCloseRequest}function el(e){void 0!==e._closeRequest&&(e._closeRequest._reject(e._storedError),e._closeRequest=void 0);const t=e._writer;void 0!==t&&Al(t,e._storedError)}function tl(e,t){const r=e._writer;void 0!==r&&t!==e._backpressure&&(t?function(e){El(e)}(r):Kl(r)),e._backpressure=t}Object.defineProperties(jf.prototype,{abort:{enumerable:!0},close:{enumerable:!0},getWriter:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(jf.prototype,Zh.toStringTag,{value:"WritableStream",configurable:!0});class rl{constructor(e){if(Id(e,1,"WritableStreamDefaultWriter"),Nf(e,"First parameter"),Vf(e))throw new TypeError("This stream has already been locked for exclusive writing by another writer");this._ownerWritableStream=e,e._writer=this;const t=e._state;if("writable"===t)!Jf(e)&&e._backpressure?El(this):xl(this),_l(this);else if("erroring"===t)Pl(this,e._storedError),_l(this);else if("closed"===t)xl(this),_l(r=this),Sl(r);else{const t=e._storedError;Pl(this,t),kl(this,t)}var r}get closed(){return il(this)?this._closedPromise:sd(wl("closed"))}get desiredSize(){if(!il(this))throw wl("desiredSize");if(void 0===this._ownerWritableStream)throw vl("desiredSize");return function(e){const t=e._ownerWritableStream,r=t._state;if("errored"===r||"erroring"===r)return null;if("closed"===r)return 0;return ll(t._writableStreamController)}(this)}get ready(){return il(this)?this._readyPromise:sd(wl("ready"))}abort(e=undefined){return il(this)?void 0===this._ownerWritableStream?sd(vl("abort")):function(e,t){const r=e._ownerWritableStream;return $f(r,t)}(this,e):sd(wl("abort"))}close(){if(!il(this))return sd(wl("close"));const e=this._ownerWritableStream;return void 0===e?sd(vl("close")):Jf(e)?sd(new TypeError("Cannot close an already-closing stream")):nl(this)}releaseLock(){if(!il(this))throw wl("releaseLock");void 0!==this._ownerWritableStream&&ol(this)}write(e=undefined){return il(this)?void 0===this._ownerWritableStream?sd(vl("write to")):cl(this,e):sd(wl("write"))}}function il(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_ownerWritableStream")}function nl(e){return Zf(e._ownerWritableStream)}function al(e,t){"pending"===e._closedPromiseState?Al(e,t):function(e,t){kl(e,t)}(e,t)}function sl(e,t){"pending"===e._readyPromiseState?Ml(e,t):function(e,t){Pl(e,t)}(e,t)}function ol(e){const t=e._ownerWritableStream,r=new TypeError("Writer was released and can no longer be used to monitor the stream's closedness");sl(e,r),al(e,r),t._writer=void 0,e._ownerWritableStream=void 0}function cl(e,t){const r=e._ownerWritableStream,i=r._writableStreamController,n=function(e,t){try{return e._strategySizeAlgorithm(t)}catch(t){return yl(e,t),1}}(i,t);if(r!==e._ownerWritableStream)return sd(vl("write to"));const a=r._state;if("errored"===a)return sd(r._storedError);if(Jf(r)||"closed"===a)return sd(new TypeError("The stream is closing or closed and cannot be written to"));if("erroring"===a)return sd(r._storedError);const s=function(e){return nd(((t,r)=>{const i={_resolve:t,_reject:r};e._writeRequests.push(i)}))}(r);return function(e,t,r){try{nf(e,t,r)}catch(t){return void yl(e,t)}const i=e._controlledWritableStream;if(!Jf(i)&&"writable"===i._state){tl(i,bl(e))}pl(e)}(i,t,n),s}Object.defineProperties(rl.prototype,{abort:{enumerable:!0},close:{enumerable:!0},releaseLock:{enumerable:!0},write:{enumerable:!0},closed:{enumerable:!0},desiredSize:{enumerable:!0},ready:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(rl.prototype,Zh.toStringTag,{value:"WritableStreamDefaultWriter",configurable:!0});const ul={};class hl{constructor(){throw new TypeError("Illegal constructor")}error(e=undefined){if(!function(e){if(!Qh(e))return!1;if(!Object.prototype.hasOwnProperty.call(e,"_controlledWritableStream"))return!1;return!0}(this))throw new TypeError("WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController");"writable"===this._controlledWritableStream._state&&gl(this,e)}[Ed](e){const t=this._abortAlgorithm(e);return fl(this),t}[Pd](){af(this)}}function dl(e,t,r,i,n,a,s,o){t._controlledWritableStream=e,e._writableStreamController=t,t._queue=void 0,t._queueTotalSize=void 0,af(t),t._started=!1,t._strategySizeAlgorithm=o,t._strategyHWM=s,t._writeAlgorithm=i,t._closeAlgorithm=n,t._abortAlgorithm=a;const c=bl(t);tl(e,c);cd(ad(r()),(()=>{t._started=!0,pl(t)}),(r=>{t._started=!0,Xf(e,r)}))}function fl(e){e._writeAlgorithm=void 0,e._closeAlgorithm=void 0,e._abortAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function ll(e){return e._strategyHWM-e._queueTotalSize}function pl(e){const t=e._controlledWritableStream;if(!e._started)return;if(void 0!==t._inFlightWriteRequest)return;if("erroring"===t._state)return void Qf(t);if(0===e._queue.length)return;const r=e._queue.peek().value;r===ul?function(e){const t=e._controlledWritableStream;(function(e){e._inFlightCloseRequest=e._closeRequest,e._closeRequest=void 0})(t),rf(e);const r=e._closeAlgorithm();fl(e),cd(r,(()=>{!function(e){e._inFlightCloseRequest._resolve(void 0),e._inFlightCloseRequest=void 0,"erroring"===e._state&&(e._storedError=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._resolve(),e._pendingAbortRequest=void 0)),e._state="closed";const t=e._writer;void 0!==t&&Sl(t)}(t)}),(e=>{!function(e,t){e._inFlightCloseRequest._reject(t),e._inFlightCloseRequest=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._reject(t),e._pendingAbortRequest=void 0),Xf(e,t)}(t,e)}))}(e):function(e,t){const r=e._controlledWritableStream;!function(e){e._inFlightWriteRequest=e._writeRequests.shift()}(r);const i=e._writeAlgorithm(t);cd(i,(()=>{!function(e){e._inFlightWriteRequest._resolve(void 0),e._inFlightWriteRequest=void 0}(r);const t=r._state;if(rf(e),!Jf(r)&&"writable"===t){const t=bl(e);tl(r,t)}pl(e)}),(t=>{"writable"===r._state&&fl(e),function(e,t){e._inFlightWriteRequest._reject(t),e._inFlightWriteRequest=void 0,Xf(e,t)}(r,t)}))}(e,r)}function yl(e,t){"writable"===e._controlledWritableStream._state&&gl(e,t)}function bl(e){return ll(e)<=0}function gl(e,t){const r=e._controlledWritableStream;fl(e),Yf(r,t)}function ml(e){return new TypeError(`WritableStream.prototype.${e} can only be used on a WritableStream`)}function wl(e){return new TypeError(`WritableStreamDefaultWriter.prototype.${e} can only be used on a WritableStreamDefaultWriter`)}function vl(e){return new TypeError("Cannot "+e+" a stream using a released writer")}function _l(e){e._closedPromise=nd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r,e._closedPromiseState="pending"}))}function kl(e,t){_l(e),Al(e,t)}function Al(e,t){void 0!==e._closedPromise_reject&&(fd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="rejected")}function Sl(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="resolved")}function El(e){e._readyPromise=nd(((t,r)=>{e._readyPromise_resolve=t,e._readyPromise_reject=r})),e._readyPromiseState="pending"}function Pl(e,t){El(e),Ml(e,t)}function xl(e){El(e),Kl(e)}function Ml(e,t){void 0!==e._readyPromise_reject&&(fd(e._readyPromise),e._readyPromise_reject(t),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="rejected")}function Kl(e){void 0!==e._readyPromise_resolve&&(e._readyPromise_resolve(void 0),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="fulfilled")}Object.defineProperties(hl.prototype,{error:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(hl.prototype,Zh.toStringTag,{value:"WritableStreamDefaultController",configurable:!0});const Cl="undefined"!=typeof DOMException?DOMException:void 0;const Dl=function(e){if("function"!=typeof e&&"object"!=typeof e)return!1;try{return new e,!0}catch(e){return!1}}(Cl)?Cl:function(){const e=function(e,t){this.message=e||"",this.name=t||"Error",Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)};return Object.defineProperty(e.prototype=Object.create(Error.prototype),"constructor",{value:e,writable:!0,configurable:!0}),e}();function Ul(e,t,r,i,n,a){const s=Od(e),o=Hf(t);e._disturbed=!0;let c=!1,u=ad(void 0);return nd(((h,d)=>{let f;if(void 0!==a){if(f=()=>{const r=new Dl("Aborted","AbortError"),a=[];i||a.push((()=>"writable"===t._state?$f(t,r):ad(void 0))),n||a.push((()=>"readable"===e._state?rp(e,r):ad(void 0))),y((()=>Promise.all(a.map((e=>e())))),!0,r)},a.aborted)return void f();a.addEventListener("abort",f)}if(p(e,s._closedPromise,(e=>{i?b(!0,e):y((()=>$f(t,e)),!0,e)})),p(t,o._closedPromise,(t=>{n?b(!0,t):y((()=>rp(e,t)),!0,t)})),function(e,t,r){"closed"===e._state?r():ud(t,r)}(e,s._closedPromise,(()=>{r?b():y((()=>function(e){const t=e._ownerWritableStream,r=t._state;return Jf(t)||"closed"===r?ad(void 0):"errored"===r?sd(t._storedError):nl(e)}(o)))})),Jf(t)||"closed"===t._state){const t=new TypeError("the destination writable stream closed before all data could be piped to it");n?b(!0,t):y((()=>rp(e,t)),!0,t)}function l(){const e=u;return od(u,(()=>e!==u?l():void 0))}function p(e,t,r){"errored"===e._state?r(e._storedError):hd(t,r)}function y(e,r,i){function n(){cd(e(),(()=>g(r,i)),(e=>g(!0,e)))}c||(c=!0,"writable"!==t._state||Jf(t)?n():ud(l(),n))}function b(e,r){c||(c=!0,"writable"!==t._state||Jf(t)?g(e,r):ud(l(),(()=>g(e,r))))}function g(e,t){ol(o),wd(s),void 0!==a&&a.removeEventListener("abort",f),e?d(t):h(void 0)}fd(nd(((e,t)=>{!function r(i){i?e():od(c?ad(!0):od(o._readyPromise,(()=>nd(((e,t)=>{Vd(s,{_chunkSteps:t=>{u=od(cl(o,t),void 0,Xh),e(!1)},_closeSteps:()=>e(!0),_errorSteps:t})})))),r,t)}(!1)})))}))}class Rl{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Il(this))throw Hl("desiredSize");return Ll(this)}close(){if(!Il(this))throw Hl("close");if(!Nl(this))throw new TypeError("The stream is not in a state that permits close");ql(this)}enqueue(e=undefined){if(!Il(this))throw Hl("enqueue");if(!Nl(this))throw new TypeError("The stream is not in a state that permits enqueue");return Fl(this,e)}error(e=undefined){if(!Il(this))throw Hl("error");Ol(this,e)}[xd](e){af(this);const t=this._cancelAlgorithm(e);return zl(this),t}[Md](e){const t=this._controlledReadableStream;if(this._queue.length>0){const r=rf(this);this._closeRequested&&0===this._queue.length?(zl(this),ip(t)):Bl(this),e._chunkSteps(r)}else Ld(t,e),Bl(this)}}function Il(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableStream")}function Bl(e){if(!Tl(e))return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;cd(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Bl(e))}),(t=>{Ol(e,t)}))}function Tl(e){const t=e._controlledReadableStream;if(!Nl(e))return!1;if(!e._started)return!1;if(tp(t)&&jd(t)>0)return!0;return Ll(e)>0}function zl(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function ql(e){if(!Nl(e))return;const t=e._controlledReadableStream;e._closeRequested=!0,0===e._queue.length&&(zl(e),ip(t))}function Fl(e,t){if(!Nl(e))return;const r=e._controlledReadableStream;if(tp(r)&&jd(r)>0)Nd(r,t,!1);else{let r;try{r=e._strategySizeAlgorithm(t)}catch(t){throw Ol(e,t),t}try{nf(e,t,r)}catch(t){throw Ol(e,t),t}}Bl(e)}function Ol(e,t){const r=e._controlledReadableStream;"readable"===r._state&&(af(e),zl(e),np(r,t))}function Ll(e){const t=e._controlledReadableStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Nl(e){const t=e._controlledReadableStream._state;return!e._closeRequested&&"readable"===t}function jl(e,t,r,i,n,a,s){t._controlledReadableStream=e,t._queue=void 0,t._queueTotalSize=void 0,af(t),t._started=!1,t._closeRequested=!1,t._pullAgain=!1,t._pulling=!1,t._strategySizeAlgorithm=s,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,e._readableStreamController=t;cd(ad(r()),(()=>{t._started=!0,Bl(t)}),(e=>{Ol(t,e)}))}function Hl(e){return new TypeError(`ReadableStreamDefaultController.prototype.${e} can only be used on a ReadableStreamDefaultController`)}function Wl(e,t,r){return Ud(e,r),r=>yd(e,t,[r])}function Gl(e,t,r){return Ud(e,r),r=>yd(e,t,[r])}function Vl(e,t,r){return Ud(e,r),r=>pd(e,t,[r])}function $l(e,t){if("bytes"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamType`);return e}function Zl(e,t){if("byob"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamReaderMode`);return e}function Xl(e,t){Dd(e,t);const r=null==e?void 0:e.preventAbort,i=null==e?void 0:e.preventCancel,n=null==e?void 0:e.preventClose,a=null==e?void 0:e.signal;return void 0!==a&&function(e,t){if(!function(e){if("object"!=typeof e||null===e)return!1;try{return"boolean"==typeof e.aborted}catch(e){return!1}}(e))throw new TypeError(t+" is not an AbortSignal.")}(a,t+" has member 'signal' that"),{preventAbort:!!r,preventCancel:!!i,preventClose:!!n,signal:a}}Object.defineProperties(Rl.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(Rl.prototype,Zh.toStringTag,{value:"ReadableStreamDefaultController",configurable:!0});class Yl{constructor(e={},t={}){void 0===e?e=null:Rd(e,"First parameter");const r=Tf(t,"Second parameter"),i=function(e,t){Dd(e,t);const r=e,i=null==r?void 0:r.autoAllocateChunkSize,n=null==r?void 0:r.cancel,a=null==r?void 0:r.pull,s=null==r?void 0:r.start,o=null==r?void 0:r.type;return{autoAllocateChunkSize:void 0===i?void 0:qd(i,t+" has member 'autoAllocateChunkSize' that"),cancel:void 0===n?void 0:Wl(n,r,t+" has member 'cancel' that"),pull:void 0===a?void 0:Gl(a,r,t+" has member 'pull' that"),start:void 0===s?void 0:Vl(s,r,t+" has member 'start' that"),type:void 0===o?void 0:$l(o,t+" has member 'type' that")}}(e,"First parameter");if(Jl(this),"bytes"===i.type){if(void 0!==r.size)throw new RangeError("The strategy for a byte stream cannot have a size function");Ef(this,i,If(r,0))}else{const e=Bf(r);!function(e,t,r,i){const n=Object.create(Rl.prototype);let a=()=>{},s=()=>ad(void 0),o=()=>ad(void 0);void 0!==t.start&&(a=()=>t.start(n)),void 0!==t.pull&&(s=()=>t.pull(n)),void 0!==t.cancel&&(o=e=>t.cancel(e)),jl(e,n,a,s,o,r,i)}(this,i,If(r,1),e)}}get locked(){if(!ep(this))throw ap("locked");return tp(this)}cancel(e=undefined){return ep(this)?tp(this)?sd(new TypeError("Cannot cancel a stream that already has a reader")):rp(this,e):sd(ap("cancel"))}getReader(e=undefined){if(!ep(this))throw ap("getReader");const t=function(e,t){Dd(e,t);const r=null==e?void 0:e.mode;return{mode:void 0===r?void 0:Zl(r,t+" has member 'mode' that")}}(e,"First parameter");return void 0===t.mode?Od(this):function(e){return new Df(e)}(this)}pipeThrough(e,t={}){if(!ep(this))throw ap("pipeThrough");Id(e,1,"pipeThrough");const r=function(e,t){Dd(e,t);const r=null==e?void 0:e.readable;Bd(r,"readable","ReadableWritablePair"),Fd(r,t+" has member 'readable' that");const i=null==e?void 0:e.writable;return Bd(i,"writable","ReadableWritablePair"),Nf(i,t+" has member 'writable' that"),{readable:r,writable:i}}(e,"First parameter"),i=Xl(t,"Second parameter");if(tp(this))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream");if(Vf(r.writable))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream");return fd(Ul(this,r.writable,i.preventClose,i.preventAbort,i.preventCancel,i.signal)),r.readable}pipeTo(e,t={}){if(!ep(this))return sd(ap("pipeTo"));if(void 0===e)return sd("Parameter 1 is required in 'pipeTo'.");if(!Gf(e))return sd(new TypeError("ReadableStream.prototype.pipeTo's first argument must be a WritableStream"));let r;try{r=Xl(t,"Second parameter")}catch(e){return sd(e)}return tp(this)?sd(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream")):Vf(e)?sd(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream")):Ul(this,e,r.preventClose,r.preventAbort,r.preventCancel,r.signal)}tee(){if(!ep(this))throw ap("tee");const e=function(e,t){const r=Od(e);let i,n,a,s,o,c=!1,u=!1,h=!1;const d=nd((e=>{o=e}));function f(){return c||(c=!0,Vd(r,{_chunkSteps:e=>{ld((()=>{c=!1;const t=e,r=e;u||Fl(a._readableStreamController,t),h||Fl(s._readableStreamController,r)}))},_closeSteps:()=>{c=!1,u||ql(a._readableStreamController),h||ql(s._readableStreamController),u&&h||o(void 0)},_errorSteps:()=>{c=!1}})),ad(void 0)}function l(){}return a=Ql(l,f,(function(t){if(u=!0,i=t,h){const t=sf([i,n]),r=rp(e,t);o(r)}return d})),s=Ql(l,f,(function(t){if(h=!0,n=t,u){const t=sf([i,n]),r=rp(e,t);o(r)}return d})),hd(r._closedPromise,(e=>{Ol(a._readableStreamController,e),Ol(s._readableStreamController,e),u&&h||o(void 0)})),[a,s]}(this);return sf(e)}values(e=undefined){if(!ep(this))throw ap("values");return function(e,t){const r=Od(e),i=new Xd(r,t),n=Object.create(Yd);return n._asyncIteratorImpl=i,n}(this,function(e,t){return Dd(e,t),{preventCancel:!!(null==e?void 0:e.preventCancel)}}(e,"First parameter").preventCancel)}}function Ql(e,t,r,i=1,n=(()=>1)){const a=Object.create(Yl.prototype);Jl(a);return jl(a,Object.create(Rl.prototype),e,t,r,i,n),a}function Jl(e){e._state="readable",e._reader=void 0,e._storedError=void 0,e._disturbed=!1}function ep(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readableStreamController")}function tp(e){return void 0!==e._reader}function rp(e,t){if(e._disturbed=!0,"closed"===e._state)return ad(void 0);if("errored"===e._state)return sd(e._storedError);ip(e);return dd(e._readableStreamController[xd](t),Xh)}function ip(e){e._state="closed";const t=e._reader;void 0!==t&&(Sd(t),Gd(t)&&(t._readRequests.forEach((e=>{e._closeSteps()})),t._readRequests=new bd))}function np(e,t){e._state="errored",e._storedError=t;const r=e._reader;void 0!==r&&(Ad(r,t),Gd(r)?(r._readRequests.forEach((e=>{e._errorSteps(t)})),r._readRequests=new bd):(r._readIntoRequests.forEach((e=>{e._errorSteps(t)})),r._readIntoRequests=new bd))}function ap(e){return new TypeError(`ReadableStream.prototype.${e} can only be used on a ReadableStream`)}function sp(e,t){Dd(e,t);const r=null==e?void 0:e.highWaterMark;return Bd(r,"highWaterMark","QueuingStrategyInit"),{highWaterMark:Td(r)}}Object.defineProperties(Yl.prototype,{cancel:{enumerable:!0},getReader:{enumerable:!0},pipeThrough:{enumerable:!0},pipeTo:{enumerable:!0},tee:{enumerable:!0},values:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(Yl.prototype,Zh.toStringTag,{value:"ReadableStream",configurable:!0}),"symbol"==typeof Zh.asyncIterator&&Object.defineProperty(Yl.prototype,Zh.asyncIterator,{value:Yl.prototype.values,writable:!0,configurable:!0});const op=function(e){return e.byteLength};class cp{constructor(e){Id(e,1,"ByteLengthQueuingStrategy"),e=sp(e,"First parameter"),this._byteLengthQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!hp(this))throw up("highWaterMark");return this._byteLengthQueuingStrategyHighWaterMark}get size(){if(!hp(this))throw up("size");return op}}function up(e){return new TypeError(`ByteLengthQueuingStrategy.prototype.${e} can only be used on a ByteLengthQueuingStrategy`)}function hp(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_byteLengthQueuingStrategyHighWaterMark")}Object.defineProperties(cp.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(cp.prototype,Zh.toStringTag,{value:"ByteLengthQueuingStrategy",configurable:!0});const dp=function(){return 1};class fp{constructor(e){Id(e,1,"CountQueuingStrategy"),e=sp(e,"First parameter"),this._countQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!pp(this))throw lp("highWaterMark");return this._countQueuingStrategyHighWaterMark}get size(){if(!pp(this))throw lp("size");return dp}}function lp(e){return new TypeError(`CountQueuingStrategy.prototype.${e} can only be used on a CountQueuingStrategy`)}function pp(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_countQueuingStrategyHighWaterMark")}function yp(e,t,r){return Ud(e,r),r=>yd(e,t,[r])}function bp(e,t,r){return Ud(e,r),r=>pd(e,t,[r])}function gp(e,t,r){return Ud(e,r),(r,i)=>yd(e,t,[r,i])}Object.defineProperties(fp.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(fp.prototype,Zh.toStringTag,{value:"CountQueuingStrategy",configurable:!0});class mp{constructor(e={},t={},r={}){void 0===e&&(e=null);const i=Tf(t,"Second parameter"),n=Tf(r,"Third parameter"),a=function(e,t){Dd(e,t);const r=null==e?void 0:e.flush,i=null==e?void 0:e.readableType,n=null==e?void 0:e.start,a=null==e?void 0:e.transform,s=null==e?void 0:e.writableType;return{flush:void 0===r?void 0:yp(r,e,t+" has member 'flush' that"),readableType:i,start:void 0===n?void 0:bp(n,e,t+" has member 'start' that"),transform:void 0===a?void 0:gp(a,e,t+" has member 'transform' that"),writableType:s}}(e,"First parameter");if(void 0!==a.readableType)throw new RangeError("Invalid readableType specified");if(void 0!==a.writableType)throw new RangeError("Invalid writableType specified");const s=If(n,0),o=Bf(n),c=If(i,1),u=Bf(i);let h;!function(e,t,r,i,n,a){function s(){return t}function o(t){return function(e,t){const r=e._transformStreamController;if(e._backpressure){return dd(e._backpressureChangePromise,(()=>{const i=e._writable;if("erroring"===i._state)throw i._storedError;return xp(r,t)}))}return xp(r,t)}(e,t)}function c(t){return function(e,t){return vp(e,t),ad(void 0)}(e,t)}function u(){return function(e){const t=e._readable,r=e._transformStreamController,i=r._flushAlgorithm();return Ep(r),dd(i,(()=>{if("errored"===t._state)throw t._storedError;ql(t._readableStreamController)}),(r=>{throw vp(e,r),t._storedError}))}(e)}function h(){return function(e){return kp(e,!1),e._backpressureChangePromise}(e)}function d(t){return _p(e,t),ad(void 0)}e._writable=function(e,t,r,i,n=1,a=(()=>1)){const s=Object.create(jf.prototype);return Wf(s),dl(s,Object.create(hl.prototype),e,t,r,i,n,a),s}(s,o,u,c,r,i),e._readable=Ql(s,h,d,n,a),e._backpressure=void 0,e._backpressureChangePromise=void 0,e._backpressureChangePromise_resolve=void 0,kp(e,!0),e._transformStreamController=void 0}(this,nd((e=>{h=e})),c,u,s,o),function(e,t){const r=Object.create(Ap.prototype);let i=e=>{try{return Pp(r,e),ad(void 0)}catch(e){return sd(e)}},n=()=>ad(void 0);void 0!==t.transform&&(i=e=>t.transform(e,r));void 0!==t.flush&&(n=()=>t.flush(r));!function(e,t,r,i){t._controlledTransformStream=e,e._transformStreamController=t,t._transformAlgorithm=r,t._flushAlgorithm=i}(e,r,i,n)}(this,a),void 0!==a.start?h(a.start(this._transformStreamController)):h(void 0)}get readable(){if(!wp(this))throw Kp("readable");return this._readable}get writable(){if(!wp(this))throw Kp("writable");return this._writable}}function wp(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_transformStreamController")}function vp(e,t){Ol(e._readable._readableStreamController,t),_p(e,t)}function _p(e,t){Ep(e._transformStreamController),yl(e._writable._writableStreamController,t),e._backpressure&&kp(e,!1)}function kp(e,t){void 0!==e._backpressureChangePromise&&e._backpressureChangePromise_resolve(),e._backpressureChangePromise=nd((t=>{e._backpressureChangePromise_resolve=t})),e._backpressure=t}Object.defineProperties(mp.prototype,{readable:{enumerable:!0},writable:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(mp.prototype,Zh.toStringTag,{value:"TransformStream",configurable:!0});class Ap{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Sp(this))throw Mp("desiredSize");return Ll(this._controlledTransformStream._readable._readableStreamController)}enqueue(e=undefined){if(!Sp(this))throw Mp("enqueue");Pp(this,e)}error(e=undefined){if(!Sp(this))throw Mp("error");var t;t=e,vp(this._controlledTransformStream,t)}terminate(){if(!Sp(this))throw Mp("terminate");!function(e){const t=e._controlledTransformStream,r=t._readable._readableStreamController;ql(r);_p(t,new TypeError("TransformStream terminated"))}(this)}}function Sp(e){return!!Qh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledTransformStream")}function Ep(e){e._transformAlgorithm=void 0,e._flushAlgorithm=void 0}function Pp(e,t){const r=e._controlledTransformStream,i=r._readable._readableStreamController;if(!Nl(i))throw new TypeError("Readable side is not in a state that permits enqueue");try{Fl(i,t)}catch(e){throw _p(r,e),r._readable._storedError}const n=function(e){return!Tl(e)}(i);n!==r._backpressure&&kp(r,!0)}function xp(e,t){return dd(e._transformAlgorithm(t),void 0,(t=>{throw vp(e._controlledTransformStream,t),t}))}function Mp(e){return new TypeError(`TransformStreamDefaultController.prototype.${e} can only be used on a TransformStreamDefaultController`)}function Kp(e){return new TypeError(`TransformStream.prototype.${e} can only be used on a TransformStream`)}Object.defineProperties(Ap.prototype,{enqueue:{enumerable:!0},error:{enumerable:!0},terminate:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Zh.toStringTag&&Object.defineProperty(Ap.prototype,Zh.toStringTag,{value:"TransformStreamDefaultController",configurable:!0});var Cp=/*#__PURE__*/Object.freeze({__proto__:null,ByteLengthQueuingStrategy:cp,CountQueuingStrategy:fp,ReadableByteStreamController:cf,ReadableStream:Yl,ReadableStreamBYOBReader:Df,ReadableStreamBYOBRequest:of,ReadableStreamDefaultController:Rl,ReadableStreamDefaultReader:Wd,TransformStream:mp,TransformStreamDefaultController:Ap,WritableStream:jf,WritableStreamDefaultController:hl,WritableStreamDefaultWriter:rl}),Dp=function(e,t){return Dp=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},Dp(e,t)}; -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */function Up(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+t+" is not a constructor or null");function r(){this.constructor=e}Dp(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}function Rp(e){if(!e)throw new TypeError("Assertion failed")}function Ip(){}function Bp(e){return"object"==typeof e&&null!==e||"function"==typeof e}function Tp(e){if("function"!=typeof e)return!1;var t=!1;try{new e({start:function(){t=!0}})}catch(e){}return t}function zp(e){return!!Bp(e)&&"function"==typeof e.getReader}function qp(e){return!!Bp(e)&&"function"==typeof e.getWriter}function Fp(e){return!!Bp(e)&&(!!zp(e.readable)&&!!qp(e.writable))}function Op(e){try{return e.getReader({mode:"byob"}).releaseLock(),!0}catch(e){return!1}}function Lp(e,t){var r=(void 0===t?{}:t).type;return Rp(zp(e)),Rp(!1===e.locked),"bytes"===(r=Np(r))?new Gp(e):new Hp(e)}function Np(e){var t=e+"";if("bytes"===t)return t;if(void 0===e)return e;throw new RangeError("Invalid type is specified")}var jp=function(){function e(e){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=e,this._attachDefaultReader()}return e.prototype.start=function(e){this._readableStreamController=e},e.prototype.cancel=function(e){return Rp(void 0!==this._underlyingReader),this._underlyingReader.cancel(e)},e.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var e=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(e)}},e.prototype._attachReader=function(e){var t=this;Rp(void 0===this._underlyingReader),this._underlyingReader=e;var r=this._underlyingReader.closed;r&&r.then((function(){return t._finishPendingRead()})).then((function(){e===t._underlyingReader&&t._readableStreamController.close()}),(function(r){e===t._underlyingReader&&t._readableStreamController.error(r)})).catch(Ip)},e.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},e.prototype._pullWithDefaultReader=function(){var e=this;this._attachDefaultReader();var t=this._underlyingReader.read().then((function(t){var r=e._readableStreamController;t.done?e._tryClose():r.enqueue(t.value)}));return this._setPendingRead(t),t},e.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(e){}},e.prototype._setPendingRead=function(e){var t,r=this,i=function(){r._pendingRead===t&&(r._pendingRead=void 0)};this._pendingRead=t=e.then(i,i)},e.prototype._finishPendingRead=function(){var e=this;if(this._pendingRead){var t=function(){return e._finishPendingRead()};return this._pendingRead.then(t,t)}},e}(),Hp=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return Up(t,e),t.prototype.pull=function(){return this._pullWithDefaultReader()},t}(jp);function Wp(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}var Gp=function(e){function t(t){var r=this,i=Op(t);return(r=e.call(this,t)||this)._supportsByob=i,r}return Up(t,e),Object.defineProperty(t.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),t.prototype._attachByobReader=function(){if("byob"!==this._readerMode){Rp(this._supportsByob),this._detachReader();var e=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(e)}},t.prototype.pull=function(){if(this._supportsByob){var e=this._readableStreamController.byobRequest;if(e)return this._pullWithByobRequest(e)}return this._pullWithDefaultReader()},t.prototype._pullWithByobRequest=function(e){var t=this;this._attachByobReader();var r=new Uint8Array(e.view.byteLength),i=this._underlyingReader.read(r).then((function(r){var i,n,a;t._readableStreamController,r.done?(t._tryClose(),e.respond(0)):(i=r.value,n=e.view,a=Wp(i),Wp(n).set(a,0),e.respond(r.value.byteLength))}));return this._setPendingRead(i),i},t}(jp);function Vp(e){Rp(qp(e)),Rp(!1===e.locked);var t=e.getWriter();return new $p(t)}var $p=function(){function e(e){var t=this;this._writableStreamController=void 0,this._pendingWrite=void 0,this._state="writable",this._storedError=void 0,this._underlyingWriter=e,this._errorPromise=new Promise((function(e,r){t._errorPromiseReject=r})),this._errorPromise.catch(Ip)}return e.prototype.start=function(e){var t=this;this._writableStreamController=e,this._underlyingWriter.closed.then((function(){t._state="closed"})).catch((function(e){return t._finishErroring(e)}))},e.prototype.write=function(e){var t=this,r=this._underlyingWriter;if(null===r.desiredSize)return r.ready;var i=r.write(e);i.catch((function(e){return t._finishErroring(e)})),r.ready.catch((function(e){return t._startErroring(e)}));var n=Promise.race([i,this._errorPromise]);return this._setPendingWrite(n),n},e.prototype.close=function(){var e=this;return void 0===this._pendingWrite?this._underlyingWriter.close():this._finishPendingWrite().then((function(){return e.close()}))},e.prototype.abort=function(e){if("errored"!==this._state)return this._underlyingWriter.abort(e)},e.prototype._setPendingWrite=function(e){var t,r=this,i=function(){r._pendingWrite===t&&(r._pendingWrite=void 0)};this._pendingWrite=t=e.then(i,i)},e.prototype._finishPendingWrite=function(){var e=this;if(void 0===this._pendingWrite)return Promise.resolve();var t=function(){return e._finishPendingWrite()};return this._pendingWrite.then(t,t)},e.prototype._startErroring=function(e){var t=this;if("writable"===this._state){this._state="erroring",this._storedError=e;var r=function(){return t._finishErroring(e)};void 0===this._pendingWrite?r():this._finishPendingWrite().then(r,r),this._writableStreamController.error(e)}},e.prototype._finishErroring=function(e){"writable"===this._state&&this._startErroring(e),"erroring"===this._state&&(this._state="errored",this._errorPromiseReject(this._storedError))},e}();function Zp(e){Rp(Fp(e));var t=e.readable,r=e.writable;Rp(!1===t.locked),Rp(!1===r.locked);var i,n=t.getReader();try{i=r.getWriter()}catch(e){throw n.releaseLock(),e}return new Xp(n,i)}var Xp=function(){function e(e,t){var r=this;this._transformStreamController=void 0,this._onRead=function(e){if(!e.done)return r._transformStreamController.enqueue(e.value),r._reader.read().then(r._onRead)},this._onError=function(e){r._flushReject(e),r._transformStreamController.error(e),r._reader.cancel(e).catch(Ip),r._writer.abort(e).catch(Ip)},this._onTerminate=function(){r._flushResolve(),r._transformStreamController.terminate();var e=new TypeError("TransformStream terminated");r._writer.abort(e).catch(Ip)},this._reader=e,this._writer=t,this._flushPromise=new Promise((function(e,t){r._flushResolve=e,r._flushReject=t}))}return e.prototype.start=function(e){this._transformStreamController=e,this._reader.read().then(this._onRead).then(this._onTerminate,this._onError);var t=this._reader.closed;t&&t.then(this._onTerminate,this._onError)},e.prototype.transform=function(e){return this._writer.write(e)},e.prototype.flush=function(){var e=this;return this._writer.close().then((function(){return e._flushPromise}))},e}(),Yp=/*#__PURE__*/Object.freeze({__proto__:null,createReadableStreamWrapper:function(e){Rp(function(e){return!!Tp(e)&&!!zp(new e)}(e));var t=function(e){try{return new e({type:"bytes"}),!0}catch(e){return!1}}(e);return function(r,i){var n=(void 0===i?{}:i).type;if("bytes"!==(n=Np(n))||t||(n=void 0),r.constructor===e&&("bytes"!==n||Op(r)))return r;if("bytes"===n){var a=Lp(r,{type:n});return new e(a)}a=Lp(r);return new e(a)}},createTransformStreamWrapper:function(e){return Rp(function(e){return!!Tp(e)&&!!Fp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=Zp(t);return new e(r)}},createWrappingReadableSource:Lp,createWrappingTransformer:Zp,createWrappingWritableSink:Vp,createWritableStreamWrapper:function(e){return Rp(function(e){return!!Tp(e)&&!!qp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=Vp(t);return new e(r)}}}),Qp=mt((function(e){!function(e,t){function r(e,t){if(!e)throw Error(t||"Assertion failed")}function i(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}function n(e,t,r){if(n.isBN(e))return e;this.negative=0,this.words=null,this.length=0,this.red=null,null!==e&&("le"!==t&&"be"!==t||(r=t,t=10),this._init(e||0,t||10,r||"be"))}var a;"object"==typeof e?e.exports=n:t.BN=n,n.BN=n,n.wordSize=26;try{a=u.default.Buffer}catch(e){}function s(e,t,r){for(var i=0,n=Math.min(e.length,r),a=t;a=49&&s<=54?s-49+10:s>=17&&s<=22?s-17+10:15&s}return i}function o(e,t,r,i){for(var n=0,a=Math.min(e.length,r),s=t;s=49?o-49+10:o>=17?o-17+10:o}return n}n.isBN=function(e){return e instanceof n||null!==e&&"object"==typeof e&&e.constructor.wordSize===n.wordSize&&Array.isArray(e.words)},n.max=function(e,t){return e.cmp(t)>0?e:t},n.min=function(e,t){return e.cmp(t)<0?e:t},n.prototype._init=function(e,t,i){if("number"==typeof e)return this._initNumber(e,t,i);if("object"==typeof e)return this._initArray(e,t,i);"hex"===t&&(t=16),r(t===(0|t)&&t>=2&&t<=36);var n=0;"-"===(e=e.toString().replace(/\s+/g,""))[0]&&n++,16===t?this._parseHex(e,n):this._parseBase(e,t,n),"-"===e[0]&&(this.negative=1),this.strip(),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initNumber=function(e,t,i){e<0&&(this.negative=1,e=-e),e<67108864?(this.words=[67108863&e],this.length=1):e<4503599627370496?(this.words=[67108863&e,e/67108864&67108863],this.length=2):(r(e<9007199254740992),this.words=[67108863&e,e/67108864&67108863,1],this.length=3),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initArray=function(e,t,i){if(r("number"==typeof e.length),e.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(e.length/3),this.words=Array(this.length);for(var n=0;n=0;n-=3)s=e[n]|e[n-1]<<8|e[n-2]<<16,this.words[a]|=s<>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);else if("le"===i)for(n=0,a=0;n>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);return this.strip()},n.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=Array(this.length);for(var r=0;r=t;r-=6)n=s(e,r,r+6),this.words[i]|=n<>>26-a&4194303,(a+=24)>=26&&(a-=26,i++);r+6!==t&&(n=s(e,t,r+6),this.words[i]|=n<>>26-a&4194303),this.strip()},n.prototype._parseBase=function(e,t,r){this.words=[0],this.length=1;for(var i=0,n=1;n<=67108863;n*=t)i++;i--,n=n/t|0;for(var a=e.length-r,s=a%i,c=Math.min(a,a-s)+r,u=0,h=r;h1&&0===this.words[this.length-1];)this.length--;return this._normSign()},n.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},n.prototype.inspect=function(){return(this.red?""};var c=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],h=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],d=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function f(e,t,r){r.negative=t.negative^e.negative;var i=e.length+t.length|0;r.length=i,i=i-1|0;var n=0|e.words[0],a=0|t.words[0],s=n*a,o=67108863&s,c=s/67108864|0;r.words[0]=o;for(var u=1;u>>26,d=67108863&c,f=Math.min(u,t.length-1),l=Math.max(0,u-e.length+1);l<=f;l++){var p=u-l|0;h+=(s=(n=0|e.words[p])*(a=0|t.words[l])+d)/67108864|0,d=67108863&s}r.words[u]=0|d,c=0|h}return 0!==c?r.words[u]=0|c:r.length--,r.strip()}n.prototype.toString=function(e,t){var i;if(t=0|t||1,16===(e=e||10)||"hex"===e){i="";for(var n=0,a=0,s=0;s>>24-n&16777215)||s!==this.length-1?c[6-u.length]+u+i:u+i,(n+=2)>=26&&(n-=26,s--)}for(0!==a&&(i=a.toString(16)+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}if(e===(0|e)&&e>=2&&e<=36){var f=h[e],l=d[e];i="";var p=this.clone();for(p.negative=0;!p.isZero();){var y=p.modn(l).toString(e);i=(p=p.idivn(l)).isZero()?y+i:c[f-y.length]+y+i}for(this.isZero()&&(i="0"+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}r(!1,"Base should be between 2 and 36")},n.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:this.length>2&&r(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-e:e},n.prototype.toJSON=function(){return this.toString(16)},n.prototype.toBuffer=function(e,t){return r(void 0!==a),this.toArrayLike(a,e,t)},n.prototype.toArray=function(e,t){return this.toArrayLike(Array,e,t)},n.prototype.toArrayLike=function(e,t,i){var n=this.byteLength(),a=i||Math.max(1,n);r(n<=a,"byte array longer than desired length"),r(a>0,"Requested array length <= 0"),this.strip();var s,o,c="le"===t,u=new e(a),h=this.clone();if(c){for(o=0;!h.isZero();o++)s=h.andln(255),h.iushrn(8),u[o]=s;for(;o=4096&&(r+=13,t>>>=13),t>=64&&(r+=7,t>>>=7),t>=8&&(r+=4,t>>>=4),t>=2&&(r+=2,t>>>=2),r+t},n.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,r=0;return 0==(8191&t)&&(r+=13,t>>>=13),0==(127&t)&&(r+=7,t>>>=7),0==(15&t)&&(r+=4,t>>>=4),0==(3&t)&&(r+=2,t>>>=2),0==(1&t)&&r++,r},n.prototype.bitLength=function(){var e=this.words[this.length-1],t=this._countBits(e);return 26*(this.length-1)+t},n.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},n.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},n.prototype.iuand=function(e){var t;t=this.length>e.length?e:this;for(var r=0;re.length?this.clone().iand(e):e.clone().iand(this)},n.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},n.prototype.iuxor=function(e){var t,r;this.length>e.length?(t=this,r=e):(t=e,r=this);for(var i=0;ie.length?this.clone().ixor(e):e.clone().ixor(this)},n.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},n.prototype.inotn=function(e){r("number"==typeof e&&e>=0);var t=0|Math.ceil(e/26),i=e%26;this._expand(t),i>0&&t--;for(var n=0;n0&&(this.words[n]=~this.words[n]&67108863>>26-i),this.strip()},n.prototype.notn=function(e){return this.clone().inotn(e)},n.prototype.setn=function(e,t){r("number"==typeof e&&e>=0);var i=e/26|0,n=e%26;return this._expand(i+1),this.words[i]=t?this.words[i]|1<e.length?(r=this,i=e):(r=e,i=this);for(var n=0,a=0;a>>26;for(;0!==n&&a>>26;if(this.length=r.length,0!==n)this.words[this.length]=n,this.length++;else if(r!==this)for(;ae.length?this.clone().iadd(e):e.clone().iadd(this)},n.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var r,i,n=this.cmp(e);if(0===n)return this.negative=0,this.length=1,this.words[0]=0,this;n>0?(r=this,i=e):(r=e,i=this);for(var a=0,s=0;s>26,this.words[s]=67108863&t;for(;0!==a&&s>26,this.words[s]=67108863&t;if(0===a&&s>>13,l=0|s[1],p=8191&l,y=l>>>13,b=0|s[2],g=8191&b,m=b>>>13,w=0|s[3],v=8191&w,_=w>>>13,k=0|s[4],A=8191&k,S=k>>>13,E=0|s[5],P=8191&E,x=E>>>13,M=0|s[6],K=8191&M,C=M>>>13,D=0|s[7],U=8191&D,R=D>>>13,I=0|s[8],B=8191&I,T=I>>>13,z=0|s[9],q=8191&z,F=z>>>13,O=0|o[0],L=8191&O,N=O>>>13,j=0|o[1],H=8191&j,W=j>>>13,G=0|o[2],V=8191&G,$=G>>>13,Z=0|o[3],X=8191&Z,Y=Z>>>13,Q=0|o[4],J=8191&Q,ee=Q>>>13,te=0|o[5],re=8191&te,ie=te>>>13,ne=0|o[6],ae=8191&ne,se=ne>>>13,oe=0|o[7],ce=8191&oe,ue=oe>>>13,he=0|o[8],de=8191&he,fe=he>>>13,le=0|o[9],pe=8191&le,ye=le>>>13;r.negative=e.negative^t.negative,r.length=19;var be=(u+(i=Math.imul(d,L))|0)+((8191&(n=(n=Math.imul(d,N))+Math.imul(f,L)|0))<<13)|0;u=((a=Math.imul(f,N))+(n>>>13)|0)+(be>>>26)|0,be&=67108863,i=Math.imul(p,L),n=(n=Math.imul(p,N))+Math.imul(y,L)|0,a=Math.imul(y,N);var ge=(u+(i=i+Math.imul(d,H)|0)|0)+((8191&(n=(n=n+Math.imul(d,W)|0)+Math.imul(f,H)|0))<<13)|0;u=((a=a+Math.imul(f,W)|0)+(n>>>13)|0)+(ge>>>26)|0,ge&=67108863,i=Math.imul(g,L),n=(n=Math.imul(g,N))+Math.imul(m,L)|0,a=Math.imul(m,N),i=i+Math.imul(p,H)|0,n=(n=n+Math.imul(p,W)|0)+Math.imul(y,H)|0,a=a+Math.imul(y,W)|0;var me=(u+(i=i+Math.imul(d,V)|0)|0)+((8191&(n=(n=n+Math.imul(d,$)|0)+Math.imul(f,V)|0))<<13)|0;u=((a=a+Math.imul(f,$)|0)+(n>>>13)|0)+(me>>>26)|0,me&=67108863,i=Math.imul(v,L),n=(n=Math.imul(v,N))+Math.imul(_,L)|0,a=Math.imul(_,N),i=i+Math.imul(g,H)|0,n=(n=n+Math.imul(g,W)|0)+Math.imul(m,H)|0,a=a+Math.imul(m,W)|0,i=i+Math.imul(p,V)|0,n=(n=n+Math.imul(p,$)|0)+Math.imul(y,V)|0,a=a+Math.imul(y,$)|0;var we=(u+(i=i+Math.imul(d,X)|0)|0)+((8191&(n=(n=n+Math.imul(d,Y)|0)+Math.imul(f,X)|0))<<13)|0;u=((a=a+Math.imul(f,Y)|0)+(n>>>13)|0)+(we>>>26)|0,we&=67108863,i=Math.imul(A,L),n=(n=Math.imul(A,N))+Math.imul(S,L)|0,a=Math.imul(S,N),i=i+Math.imul(v,H)|0,n=(n=n+Math.imul(v,W)|0)+Math.imul(_,H)|0,a=a+Math.imul(_,W)|0,i=i+Math.imul(g,V)|0,n=(n=n+Math.imul(g,$)|0)+Math.imul(m,V)|0,a=a+Math.imul(m,$)|0,i=i+Math.imul(p,X)|0,n=(n=n+Math.imul(p,Y)|0)+Math.imul(y,X)|0,a=a+Math.imul(y,Y)|0;var ve=(u+(i=i+Math.imul(d,J)|0)|0)+((8191&(n=(n=n+Math.imul(d,ee)|0)+Math.imul(f,J)|0))<<13)|0;u=((a=a+Math.imul(f,ee)|0)+(n>>>13)|0)+(ve>>>26)|0,ve&=67108863,i=Math.imul(P,L),n=(n=Math.imul(P,N))+Math.imul(x,L)|0,a=Math.imul(x,N),i=i+Math.imul(A,H)|0,n=(n=n+Math.imul(A,W)|0)+Math.imul(S,H)|0,a=a+Math.imul(S,W)|0,i=i+Math.imul(v,V)|0,n=(n=n+Math.imul(v,$)|0)+Math.imul(_,V)|0,a=a+Math.imul(_,$)|0,i=i+Math.imul(g,X)|0,n=(n=n+Math.imul(g,Y)|0)+Math.imul(m,X)|0,a=a+Math.imul(m,Y)|0,i=i+Math.imul(p,J)|0,n=(n=n+Math.imul(p,ee)|0)+Math.imul(y,J)|0,a=a+Math.imul(y,ee)|0;var _e=(u+(i=i+Math.imul(d,re)|0)|0)+((8191&(n=(n=n+Math.imul(d,ie)|0)+Math.imul(f,re)|0))<<13)|0;u=((a=a+Math.imul(f,ie)|0)+(n>>>13)|0)+(_e>>>26)|0,_e&=67108863,i=Math.imul(K,L),n=(n=Math.imul(K,N))+Math.imul(C,L)|0,a=Math.imul(C,N),i=i+Math.imul(P,H)|0,n=(n=n+Math.imul(P,W)|0)+Math.imul(x,H)|0,a=a+Math.imul(x,W)|0,i=i+Math.imul(A,V)|0,n=(n=n+Math.imul(A,$)|0)+Math.imul(S,V)|0,a=a+Math.imul(S,$)|0,i=i+Math.imul(v,X)|0,n=(n=n+Math.imul(v,Y)|0)+Math.imul(_,X)|0,a=a+Math.imul(_,Y)|0,i=i+Math.imul(g,J)|0,n=(n=n+Math.imul(g,ee)|0)+Math.imul(m,J)|0,a=a+Math.imul(m,ee)|0,i=i+Math.imul(p,re)|0,n=(n=n+Math.imul(p,ie)|0)+Math.imul(y,re)|0,a=a+Math.imul(y,ie)|0;var ke=(u+(i=i+Math.imul(d,ae)|0)|0)+((8191&(n=(n=n+Math.imul(d,se)|0)+Math.imul(f,ae)|0))<<13)|0;u=((a=a+Math.imul(f,se)|0)+(n>>>13)|0)+(ke>>>26)|0,ke&=67108863,i=Math.imul(U,L),n=(n=Math.imul(U,N))+Math.imul(R,L)|0,a=Math.imul(R,N),i=i+Math.imul(K,H)|0,n=(n=n+Math.imul(K,W)|0)+Math.imul(C,H)|0,a=a+Math.imul(C,W)|0,i=i+Math.imul(P,V)|0,n=(n=n+Math.imul(P,$)|0)+Math.imul(x,V)|0,a=a+Math.imul(x,$)|0,i=i+Math.imul(A,X)|0,n=(n=n+Math.imul(A,Y)|0)+Math.imul(S,X)|0,a=a+Math.imul(S,Y)|0,i=i+Math.imul(v,J)|0,n=(n=n+Math.imul(v,ee)|0)+Math.imul(_,J)|0,a=a+Math.imul(_,ee)|0,i=i+Math.imul(g,re)|0,n=(n=n+Math.imul(g,ie)|0)+Math.imul(m,re)|0,a=a+Math.imul(m,ie)|0,i=i+Math.imul(p,ae)|0,n=(n=n+Math.imul(p,se)|0)+Math.imul(y,ae)|0,a=a+Math.imul(y,se)|0;var Ae=(u+(i=i+Math.imul(d,ce)|0)|0)+((8191&(n=(n=n+Math.imul(d,ue)|0)+Math.imul(f,ce)|0))<<13)|0;u=((a=a+Math.imul(f,ue)|0)+(n>>>13)|0)+(Ae>>>26)|0,Ae&=67108863,i=Math.imul(B,L),n=(n=Math.imul(B,N))+Math.imul(T,L)|0,a=Math.imul(T,N),i=i+Math.imul(U,H)|0,n=(n=n+Math.imul(U,W)|0)+Math.imul(R,H)|0,a=a+Math.imul(R,W)|0,i=i+Math.imul(K,V)|0,n=(n=n+Math.imul(K,$)|0)+Math.imul(C,V)|0,a=a+Math.imul(C,$)|0,i=i+Math.imul(P,X)|0,n=(n=n+Math.imul(P,Y)|0)+Math.imul(x,X)|0,a=a+Math.imul(x,Y)|0,i=i+Math.imul(A,J)|0,n=(n=n+Math.imul(A,ee)|0)+Math.imul(S,J)|0,a=a+Math.imul(S,ee)|0,i=i+Math.imul(v,re)|0,n=(n=n+Math.imul(v,ie)|0)+Math.imul(_,re)|0,a=a+Math.imul(_,ie)|0,i=i+Math.imul(g,ae)|0,n=(n=n+Math.imul(g,se)|0)+Math.imul(m,ae)|0,a=a+Math.imul(m,se)|0,i=i+Math.imul(p,ce)|0,n=(n=n+Math.imul(p,ue)|0)+Math.imul(y,ce)|0,a=a+Math.imul(y,ue)|0;var Se=(u+(i=i+Math.imul(d,de)|0)|0)+((8191&(n=(n=n+Math.imul(d,fe)|0)+Math.imul(f,de)|0))<<13)|0;u=((a=a+Math.imul(f,fe)|0)+(n>>>13)|0)+(Se>>>26)|0,Se&=67108863,i=Math.imul(q,L),n=(n=Math.imul(q,N))+Math.imul(F,L)|0,a=Math.imul(F,N),i=i+Math.imul(B,H)|0,n=(n=n+Math.imul(B,W)|0)+Math.imul(T,H)|0,a=a+Math.imul(T,W)|0,i=i+Math.imul(U,V)|0,n=(n=n+Math.imul(U,$)|0)+Math.imul(R,V)|0,a=a+Math.imul(R,$)|0,i=i+Math.imul(K,X)|0,n=(n=n+Math.imul(K,Y)|0)+Math.imul(C,X)|0,a=a+Math.imul(C,Y)|0,i=i+Math.imul(P,J)|0,n=(n=n+Math.imul(P,ee)|0)+Math.imul(x,J)|0,a=a+Math.imul(x,ee)|0,i=i+Math.imul(A,re)|0,n=(n=n+Math.imul(A,ie)|0)+Math.imul(S,re)|0,a=a+Math.imul(S,ie)|0,i=i+Math.imul(v,ae)|0,n=(n=n+Math.imul(v,se)|0)+Math.imul(_,ae)|0,a=a+Math.imul(_,se)|0,i=i+Math.imul(g,ce)|0,n=(n=n+Math.imul(g,ue)|0)+Math.imul(m,ce)|0,a=a+Math.imul(m,ue)|0,i=i+Math.imul(p,de)|0,n=(n=n+Math.imul(p,fe)|0)+Math.imul(y,de)|0,a=a+Math.imul(y,fe)|0;var Ee=(u+(i=i+Math.imul(d,pe)|0)|0)+((8191&(n=(n=n+Math.imul(d,ye)|0)+Math.imul(f,pe)|0))<<13)|0;u=((a=a+Math.imul(f,ye)|0)+(n>>>13)|0)+(Ee>>>26)|0,Ee&=67108863,i=Math.imul(q,H),n=(n=Math.imul(q,W))+Math.imul(F,H)|0,a=Math.imul(F,W),i=i+Math.imul(B,V)|0,n=(n=n+Math.imul(B,$)|0)+Math.imul(T,V)|0,a=a+Math.imul(T,$)|0,i=i+Math.imul(U,X)|0,n=(n=n+Math.imul(U,Y)|0)+Math.imul(R,X)|0,a=a+Math.imul(R,Y)|0,i=i+Math.imul(K,J)|0,n=(n=n+Math.imul(K,ee)|0)+Math.imul(C,J)|0,a=a+Math.imul(C,ee)|0,i=i+Math.imul(P,re)|0,n=(n=n+Math.imul(P,ie)|0)+Math.imul(x,re)|0,a=a+Math.imul(x,ie)|0,i=i+Math.imul(A,ae)|0,n=(n=n+Math.imul(A,se)|0)+Math.imul(S,ae)|0,a=a+Math.imul(S,se)|0,i=i+Math.imul(v,ce)|0,n=(n=n+Math.imul(v,ue)|0)+Math.imul(_,ce)|0,a=a+Math.imul(_,ue)|0,i=i+Math.imul(g,de)|0,n=(n=n+Math.imul(g,fe)|0)+Math.imul(m,de)|0,a=a+Math.imul(m,fe)|0;var Pe=(u+(i=i+Math.imul(p,pe)|0)|0)+((8191&(n=(n=n+Math.imul(p,ye)|0)+Math.imul(y,pe)|0))<<13)|0;u=((a=a+Math.imul(y,ye)|0)+(n>>>13)|0)+(Pe>>>26)|0,Pe&=67108863,i=Math.imul(q,V),n=(n=Math.imul(q,$))+Math.imul(F,V)|0,a=Math.imul(F,$),i=i+Math.imul(B,X)|0,n=(n=n+Math.imul(B,Y)|0)+Math.imul(T,X)|0,a=a+Math.imul(T,Y)|0,i=i+Math.imul(U,J)|0,n=(n=n+Math.imul(U,ee)|0)+Math.imul(R,J)|0,a=a+Math.imul(R,ee)|0,i=i+Math.imul(K,re)|0,n=(n=n+Math.imul(K,ie)|0)+Math.imul(C,re)|0,a=a+Math.imul(C,ie)|0,i=i+Math.imul(P,ae)|0,n=(n=n+Math.imul(P,se)|0)+Math.imul(x,ae)|0,a=a+Math.imul(x,se)|0,i=i+Math.imul(A,ce)|0,n=(n=n+Math.imul(A,ue)|0)+Math.imul(S,ce)|0,a=a+Math.imul(S,ue)|0,i=i+Math.imul(v,de)|0,n=(n=n+Math.imul(v,fe)|0)+Math.imul(_,de)|0,a=a+Math.imul(_,fe)|0;var xe=(u+(i=i+Math.imul(g,pe)|0)|0)+((8191&(n=(n=n+Math.imul(g,ye)|0)+Math.imul(m,pe)|0))<<13)|0;u=((a=a+Math.imul(m,ye)|0)+(n>>>13)|0)+(xe>>>26)|0,xe&=67108863,i=Math.imul(q,X),n=(n=Math.imul(q,Y))+Math.imul(F,X)|0,a=Math.imul(F,Y),i=i+Math.imul(B,J)|0,n=(n=n+Math.imul(B,ee)|0)+Math.imul(T,J)|0,a=a+Math.imul(T,ee)|0,i=i+Math.imul(U,re)|0,n=(n=n+Math.imul(U,ie)|0)+Math.imul(R,re)|0,a=a+Math.imul(R,ie)|0,i=i+Math.imul(K,ae)|0,n=(n=n+Math.imul(K,se)|0)+Math.imul(C,ae)|0,a=a+Math.imul(C,se)|0,i=i+Math.imul(P,ce)|0,n=(n=n+Math.imul(P,ue)|0)+Math.imul(x,ce)|0,a=a+Math.imul(x,ue)|0,i=i+Math.imul(A,de)|0,n=(n=n+Math.imul(A,fe)|0)+Math.imul(S,de)|0,a=a+Math.imul(S,fe)|0;var Me=(u+(i=i+Math.imul(v,pe)|0)|0)+((8191&(n=(n=n+Math.imul(v,ye)|0)+Math.imul(_,pe)|0))<<13)|0;u=((a=a+Math.imul(_,ye)|0)+(n>>>13)|0)+(Me>>>26)|0,Me&=67108863,i=Math.imul(q,J),n=(n=Math.imul(q,ee))+Math.imul(F,J)|0,a=Math.imul(F,ee),i=i+Math.imul(B,re)|0,n=(n=n+Math.imul(B,ie)|0)+Math.imul(T,re)|0,a=a+Math.imul(T,ie)|0,i=i+Math.imul(U,ae)|0,n=(n=n+Math.imul(U,se)|0)+Math.imul(R,ae)|0,a=a+Math.imul(R,se)|0,i=i+Math.imul(K,ce)|0,n=(n=n+Math.imul(K,ue)|0)+Math.imul(C,ce)|0,a=a+Math.imul(C,ue)|0,i=i+Math.imul(P,de)|0,n=(n=n+Math.imul(P,fe)|0)+Math.imul(x,de)|0,a=a+Math.imul(x,fe)|0;var Ke=(u+(i=i+Math.imul(A,pe)|0)|0)+((8191&(n=(n=n+Math.imul(A,ye)|0)+Math.imul(S,pe)|0))<<13)|0;u=((a=a+Math.imul(S,ye)|0)+(n>>>13)|0)+(Ke>>>26)|0,Ke&=67108863,i=Math.imul(q,re),n=(n=Math.imul(q,ie))+Math.imul(F,re)|0,a=Math.imul(F,ie),i=i+Math.imul(B,ae)|0,n=(n=n+Math.imul(B,se)|0)+Math.imul(T,ae)|0,a=a+Math.imul(T,se)|0,i=i+Math.imul(U,ce)|0,n=(n=n+Math.imul(U,ue)|0)+Math.imul(R,ce)|0,a=a+Math.imul(R,ue)|0,i=i+Math.imul(K,de)|0,n=(n=n+Math.imul(K,fe)|0)+Math.imul(C,de)|0,a=a+Math.imul(C,fe)|0;var Ce=(u+(i=i+Math.imul(P,pe)|0)|0)+((8191&(n=(n=n+Math.imul(P,ye)|0)+Math.imul(x,pe)|0))<<13)|0;u=((a=a+Math.imul(x,ye)|0)+(n>>>13)|0)+(Ce>>>26)|0,Ce&=67108863,i=Math.imul(q,ae),n=(n=Math.imul(q,se))+Math.imul(F,ae)|0,a=Math.imul(F,se),i=i+Math.imul(B,ce)|0,n=(n=n+Math.imul(B,ue)|0)+Math.imul(T,ce)|0,a=a+Math.imul(T,ue)|0,i=i+Math.imul(U,de)|0,n=(n=n+Math.imul(U,fe)|0)+Math.imul(R,de)|0,a=a+Math.imul(R,fe)|0;var De=(u+(i=i+Math.imul(K,pe)|0)|0)+((8191&(n=(n=n+Math.imul(K,ye)|0)+Math.imul(C,pe)|0))<<13)|0;u=((a=a+Math.imul(C,ye)|0)+(n>>>13)|0)+(De>>>26)|0,De&=67108863,i=Math.imul(q,ce),n=(n=Math.imul(q,ue))+Math.imul(F,ce)|0,a=Math.imul(F,ue),i=i+Math.imul(B,de)|0,n=(n=n+Math.imul(B,fe)|0)+Math.imul(T,de)|0,a=a+Math.imul(T,fe)|0;var Ue=(u+(i=i+Math.imul(U,pe)|0)|0)+((8191&(n=(n=n+Math.imul(U,ye)|0)+Math.imul(R,pe)|0))<<13)|0;u=((a=a+Math.imul(R,ye)|0)+(n>>>13)|0)+(Ue>>>26)|0,Ue&=67108863,i=Math.imul(q,de),n=(n=Math.imul(q,fe))+Math.imul(F,de)|0,a=Math.imul(F,fe);var Re=(u+(i=i+Math.imul(B,pe)|0)|0)+((8191&(n=(n=n+Math.imul(B,ye)|0)+Math.imul(T,pe)|0))<<13)|0;u=((a=a+Math.imul(T,ye)|0)+(n>>>13)|0)+(Re>>>26)|0,Re&=67108863;var Ie=(u+(i=Math.imul(q,pe))|0)+((8191&(n=(n=Math.imul(q,ye))+Math.imul(F,pe)|0))<<13)|0;return u=((a=Math.imul(F,ye))+(n>>>13)|0)+(Ie>>>26)|0,Ie&=67108863,c[0]=be,c[1]=ge,c[2]=me,c[3]=we,c[4]=ve,c[5]=_e,c[6]=ke,c[7]=Ae,c[8]=Se,c[9]=Ee,c[10]=Pe,c[11]=xe,c[12]=Me,c[13]=Ke,c[14]=Ce,c[15]=De,c[16]=Ue,c[17]=Re,c[18]=Ie,0!==u&&(c[19]=u,r.length++),r};function p(e,t,r){return(new y).mulp(e,t,r)}function y(e,t){this.x=e,this.y=t}Math.imul||(l=f),n.prototype.mulTo=function(e,t){var r,i=this.length+e.length;return r=10===this.length&&10===e.length?l(this,e,t):i<63?f(this,e,t):i<1024?function(e,t,r){r.negative=t.negative^e.negative,r.length=e.length+t.length;for(var i=0,n=0,a=0;a>>26)|0)>>>26,s&=67108863}r.words[a]=o,i=s,s=n}return 0!==i?r.words[a]=i:r.length--,r.strip()}(this,e,t):p(this,e,t),r},y.prototype.makeRBT=function(e){for(var t=Array(e),r=n.prototype._countBits(e)-1,i=0;i>=1;return i},y.prototype.permute=function(e,t,r,i,n,a){for(var s=0;s>>=1)n++;return 1<>>=13,i[2*s+1]=8191&a,a>>>=13;for(s=2*t;s>=26,t+=n/67108864|0,t+=a>>>26,this.words[i]=67108863&a}return 0!==t&&(this.words[i]=t,this.length++),this},n.prototype.muln=function(e){return this.clone().imuln(e)},n.prototype.sqr=function(){return this.mul(this)},n.prototype.isqr=function(){return this.imul(this.clone())},n.prototype.pow=function(e){var t=function(e){for(var t=Array(e.bitLength()),r=0;r>>n}return t}(e);if(0===t.length)return new n(1);for(var r=this,i=0;i=0);var t,i=e%26,n=(e-i)/26,a=67108863>>>26-i<<26-i;if(0!==i){var s=0;for(t=0;t>>26-i}s&&(this.words[t]=s,this.length++)}if(0!==n){for(t=this.length-1;t>=0;t--)this.words[t+n]=this.words[t];for(t=0;t=0),n=t?(t-t%26)/26:0;var a=e%26,s=Math.min((e-a)/26,this.length),o=67108863^67108863>>>a<s)for(this.length-=s,u=0;u=0&&(0!==h||u>=n);u--){var d=0|this.words[u];this.words[u]=h<<26-a|d>>>a,h=d&o}return c&&0!==h&&(c.words[c.length++]=h),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},n.prototype.ishrn=function(e,t,i){return r(0===this.negative),this.iushrn(e,t,i)},n.prototype.shln=function(e){return this.clone().ishln(e)},n.prototype.ushln=function(e){return this.clone().iushln(e)},n.prototype.shrn=function(e){return this.clone().ishrn(e)},n.prototype.ushrn=function(e){return this.clone().iushrn(e)},n.prototype.testn=function(e){r("number"==typeof e&&e>=0);var t=e%26,i=(e-t)/26,n=1<=0);var t=e%26,i=(e-t)/26;if(r(0===this.negative,"imaskn works only with positive numbers"),this.length<=i)return this;if(0!==t&&i++,this.length=Math.min(i,this.length),0!==t){var n=67108863^67108863>>>t<=67108864;t++)this.words[t]-=67108864,t===this.length-1?this.words[t+1]=1:this.words[t+1]++;return this.length=Math.max(this.length,t+1),this},n.prototype.isubn=function(e){if(r("number"==typeof e),r(e<67108864),e<0)return this.iaddn(-e);if(0!==this.negative)return this.negative=0,this.iaddn(e),this.negative=1,this;if(this.words[0]-=e,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var t=0;t>26)-(c/67108864|0),this.words[n+i]=67108863&a}for(;n>26,this.words[n+i]=67108863&a;if(0===o)return this.strip();for(r(-1===o),o=0,n=0;n>26,this.words[n]=67108863&a;return this.negative=1,this.strip()},n.prototype._wordDiv=function(e,t){var r=(this.length,e.length),i=this.clone(),a=e,s=0|a.words[a.length-1];0!==(r=26-this._countBits(s))&&(a=a.ushln(r),i.iushln(r),s=0|a.words[a.length-1]);var o,c=i.length-a.length;if("mod"!==t){(o=new n(null)).length=c+1,o.words=Array(o.length);for(var u=0;u=0;d--){var f=67108864*(0|i.words[a.length+d])+(0|i.words[a.length+d-1]);for(f=Math.min(f/s|0,67108863),i._ishlnsubmul(a,f,d);0!==i.negative;)f--,i.negative=0,i._ishlnsubmul(a,1,d),i.isZero()||(i.negative^=1);o&&(o.words[d]=f)}return o&&o.strip(),i.strip(),"div"!==t&&0!==r&&i.iushrn(r),{div:o||null,mod:i}},n.prototype.divmod=function(e,t,i){return r(!e.isZero()),this.isZero()?{div:new n(0),mod:new n(0)}:0!==this.negative&&0===e.negative?(o=this.neg().divmod(e,t),"mod"!==t&&(a=o.div.neg()),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.iadd(e)),{div:a,mod:s}):0===this.negative&&0!==e.negative?(o=this.divmod(e.neg(),t),"mod"!==t&&(a=o.div.neg()),{div:a,mod:o.mod}):0!=(this.negative&e.negative)?(o=this.neg().divmod(e.neg(),t),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.isub(e)),{div:o.div,mod:s}):e.length>this.length||this.cmp(e)<0?{div:new n(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new n(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new n(this.modn(e.words[0]))}:this._wordDiv(e,t);var a,s,o},n.prototype.div=function(e){return this.divmod(e,"div",!1).div},n.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},n.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},n.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var r=0!==t.div.negative?t.mod.isub(e):t.mod,i=e.ushrn(1),n=e.andln(1),a=r.cmp(i);return a<0||1===n&&0===a?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},n.prototype.modn=function(e){r(e<=67108863);for(var t=(1<<26)%e,i=0,n=this.length-1;n>=0;n--)i=(t*i+(0|this.words[n]))%e;return i},n.prototype.idivn=function(e){r(e<=67108863);for(var t=0,i=this.length-1;i>=0;i--){var n=(0|this.words[i])+67108864*t;this.words[i]=n/e|0,t=n%e}return this.strip()},n.prototype.divn=function(e){return this.clone().idivn(e)},n.prototype.egcd=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a=new n(1),s=new n(0),o=new n(0),c=new n(1),u=0;t.isEven()&&i.isEven();)t.iushrn(1),i.iushrn(1),++u;for(var h=i.clone(),d=t.clone();!t.isZero();){for(var f=0,l=1;0==(t.words[0]&l)&&f<26;++f,l<<=1);if(f>0)for(t.iushrn(f);f-- >0;)(a.isOdd()||s.isOdd())&&(a.iadd(h),s.isub(d)),a.iushrn(1),s.iushrn(1);for(var p=0,y=1;0==(i.words[0]&y)&&p<26;++p,y<<=1);if(p>0)for(i.iushrn(p);p-- >0;)(o.isOdd()||c.isOdd())&&(o.iadd(h),c.isub(d)),o.iushrn(1),c.iushrn(1);t.cmp(i)>=0?(t.isub(i),a.isub(o),s.isub(c)):(i.isub(t),o.isub(a),c.isub(s))}return{a:o,b:c,gcd:i.iushln(u)}},n.prototype._invmp=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a,s=new n(1),o=new n(0),c=i.clone();t.cmpn(1)>0&&i.cmpn(1)>0;){for(var u=0,h=1;0==(t.words[0]&h)&&u<26;++u,h<<=1);if(u>0)for(t.iushrn(u);u-- >0;)s.isOdd()&&s.iadd(c),s.iushrn(1);for(var d=0,f=1;0==(i.words[0]&f)&&d<26;++d,f<<=1);if(d>0)for(i.iushrn(d);d-- >0;)o.isOdd()&&o.iadd(c),o.iushrn(1);t.cmp(i)>=0?(t.isub(i),s.isub(o)):(i.isub(t),o.isub(s))}return(a=0===t.cmpn(1)?s:o).cmpn(0)<0&&a.iadd(e),a},n.prototype.gcd=function(e){if(this.isZero())return e.abs();if(e.isZero())return this.abs();var t=this.clone(),r=e.clone();t.negative=0,r.negative=0;for(var i=0;t.isEven()&&r.isEven();i++)t.iushrn(1),r.iushrn(1);for(;;){for(;t.isEven();)t.iushrn(1);for(;r.isEven();)r.iushrn(1);var n=t.cmp(r);if(n<0){var a=t;t=r,r=a}else if(0===n||0===r.cmpn(1))break;t.isub(r)}return r.iushln(i)},n.prototype.invm=function(e){return this.egcd(e).a.umod(e)},n.prototype.isEven=function(){return 0==(1&this.words[0])},n.prototype.isOdd=function(){return 1==(1&this.words[0])},n.prototype.andln=function(e){return this.words[0]&e},n.prototype.bincn=function(e){r("number"==typeof e);var t=e%26,i=(e-t)/26,n=1<>>26,o&=67108863,this.words[s]=o}return 0!==a&&(this.words[s]=a,this.length++),this},n.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},n.prototype.cmpn=function(e){var t,i=e<0;if(0!==this.negative&&!i)return-1;if(0===this.negative&&i)return 1;if(this.strip(),this.length>1)t=1;else{i&&(e=-e),r(e<=67108863,"Number is too big");var n=0|this.words[0];t=n===e?0:ne.length)return 1;if(this.length=0;r--){var i=0|this.words[r],n=0|e.words[r];if(i!==n){in&&(t=1);break}}return t},n.prototype.gtn=function(e){return 1===this.cmpn(e)},n.prototype.gt=function(e){return 1===this.cmp(e)},n.prototype.gten=function(e){return this.cmpn(e)>=0},n.prototype.gte=function(e){return this.cmp(e)>=0},n.prototype.ltn=function(e){return-1===this.cmpn(e)},n.prototype.lt=function(e){return-1===this.cmp(e)},n.prototype.lten=function(e){return this.cmpn(e)<=0},n.prototype.lte=function(e){return this.cmp(e)<=0},n.prototype.eqn=function(e){return 0===this.cmpn(e)},n.prototype.eq=function(e){return 0===this.cmp(e)},n.red=function(e){return new k(e)},n.prototype.toRed=function(e){return r(!this.red,"Already a number in reduction context"),r(0===this.negative,"red works only with positives"),e.convertTo(this)._forceRed(e)},n.prototype.fromRed=function(){return r(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},n.prototype._forceRed=function(e){return this.red=e,this},n.prototype.forceRed=function(e){return r(!this.red,"Already a number in reduction context"),this._forceRed(e)},n.prototype.redAdd=function(e){return r(this.red,"redAdd works only with red numbers"),this.red.add(this,e)},n.prototype.redIAdd=function(e){return r(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,e)},n.prototype.redSub=function(e){return r(this.red,"redSub works only with red numbers"),this.red.sub(this,e)},n.prototype.redISub=function(e){return r(this.red,"redISub works only with red numbers"),this.red.isub(this,e)},n.prototype.redShl=function(e){return r(this.red,"redShl works only with red numbers"),this.red.shl(this,e)},n.prototype.redMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.mul(this,e)},n.prototype.redIMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.imul(this,e)},n.prototype.redSqr=function(){return r(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},n.prototype.redISqr=function(){return r(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},n.prototype.redSqrt=function(){return r(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},n.prototype.redInvm=function(){return r(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},n.prototype.redNeg=function(){return r(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},n.prototype.redPow=function(e){return r(this.red&&!e.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,e)};var b={k256:null,p224:null,p192:null,p25519:null};function g(e,t){this.name=e,this.p=new n(t,16),this.n=this.p.bitLength(),this.k=new n(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function m(){g.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function w(){g.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function v(){g.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function _(){g.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function k(e){if("string"==typeof e){var t=n._prime(e);this.m=t.p,this.prime=t}else r(e.gtn(1),"modulus must be greater than 1"),this.m=e,this.prime=null}function A(e){k.call(this,e),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new n(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}g.prototype._tmp=function(){var e=new n(null);return e.words=Array(Math.ceil(this.n/13)),e},g.prototype.ireduce=function(e){var t,r=e;do{this.split(r,this.tmp),t=(r=(r=this.imulK(r)).iadd(this.tmp)).bitLength()}while(t>this.n);var i=t0?r.isub(this.p):r.strip(),r},g.prototype.split=function(e,t){e.iushrn(this.n,0,t)},g.prototype.imulK=function(e){return e.imul(this.k)},i(m,g),m.prototype.split=function(e,t){for(var r=4194303,i=Math.min(e.length,9),n=0;n>>22,a=s}a>>>=22,e.words[n-10]=a,0===a&&e.length>10?e.length-=10:e.length-=9},m.prototype.imulK=function(e){e.words[e.length]=0,e.words[e.length+1]=0,e.length+=2;for(var t=0,r=0;r>>=26,e.words[r]=n,t=i}return 0!==t&&(e.words[e.length++]=t),e},n._prime=function(e){if(b[e])return b[e];var t;if("k256"===e)t=new m;else if("p224"===e)t=new w;else if("p192"===e)t=new v;else{if("p25519"!==e)throw Error("Unknown prime "+e);t=new _}return b[e]=t,t},k.prototype._verify1=function(e){r(0===e.negative,"red works only with positives"),r(e.red,"red works only with red numbers")},k.prototype._verify2=function(e,t){r(0==(e.negative|t.negative),"red works only with positives"),r(e.red&&e.red===t.red,"red works only with red numbers")},k.prototype.imod=function(e){return this.prime?this.prime.ireduce(e)._forceRed(this):e.umod(this.m)._forceRed(this)},k.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},k.prototype.add=function(e,t){this._verify2(e,t);var r=e.add(t);return r.cmp(this.m)>=0&&r.isub(this.m),r._forceRed(this)},k.prototype.iadd=function(e,t){this._verify2(e,t);var r=e.iadd(t);return r.cmp(this.m)>=0&&r.isub(this.m),r},k.prototype.sub=function(e,t){this._verify2(e,t);var r=e.sub(t);return r.cmpn(0)<0&&r.iadd(this.m),r._forceRed(this)},k.prototype.isub=function(e,t){this._verify2(e,t);var r=e.isub(t);return r.cmpn(0)<0&&r.iadd(this.m),r},k.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},k.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},k.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},k.prototype.isqr=function(e){return this.imul(e,e.clone())},k.prototype.sqr=function(e){return this.mul(e,e)},k.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(r(t%2==1),3===t){var i=this.m.add(new n(1)).iushrn(2);return this.pow(e,i)}for(var a=this.m.subn(1),s=0;!a.isZero()&&0===a.andln(1);)s++,a.iushrn(1);r(!a.isZero());var o=new n(1).toRed(this),c=o.redNeg(),u=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new n(2*h*h).toRed(this);0!==this.pow(h,u).cmp(c);)h.redIAdd(c);for(var d=this.pow(h,a),f=this.pow(e,a.addn(1).iushrn(1)),l=this.pow(e,a),p=s;0!==l.cmp(o);){for(var y=l,b=0;0!==y.cmp(o);b++)y=y.redSqr();r(b=0;i--){for(var u=t.words[i],h=c-1;h>=0;h--){var d=u>>h&1;a!==r[0]&&(a=this.sqr(a)),0!==d||0!==s?(s<<=1,s|=d,(4===++o||0===i&&0===h)&&(a=this.mul(a,r[s]),o=0,s=0)):o=0}c=26}return a},k.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},k.prototype.convertFrom=function(e){var t=e.clone();return t.red=null,t},n.mont=function(e){return new A(e)},i(A,k),A.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},A.prototype.convertFrom=function(e){var t=this.imod(e.mul(this.rinv));return t.red=null,t},A.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;var r=e.imul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(i).iushrn(this.shift),a=n;return n.cmp(this.m)>=0?a=n.isub(this.m):n.cmpn(0)<0&&(a=n.iadd(this.m)),a._forceRed(this)},A.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new n(0)._forceRed(this);var r=e.mul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),a=r.isub(i).iushrn(this.shift),s=a;return a.cmp(this.m)>=0?s=a.isub(this.m):a.cmpn(0)<0&&(s=a.iadd(this.m)),s._forceRed(this)},A.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(e,gt)})),Jp=/*#__PURE__*/Object.freeze({__proto__:null,default:Qp,__moduleExports:Qp});class ey{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");this.value=new Qp(e)}clone(){const e=new ey(null);return this.value.copy(e.value),e}iinc(){return this.value.iadd(new Qp(1)),this}inc(){return this.clone().iinc()}idec(){return this.value.isub(new Qp(1)),this}dec(){return this.clone().idec()}iadd(e){return this.value.iadd(e.value),this}add(e){return this.clone().iadd(e)}isub(e){return this.value.isub(e.value),this}sub(e){return this.clone().isub(e)}imul(e){return this.value.imul(e.value),this}mul(e){return this.clone().imul(e)}imod(e){return this.value=this.value.umod(e.value),this}mod(e){return this.clone().imod(e)}modExp(e,t){const r=t.isEven()?Qp.red(t.value):Qp.mont(t.value),i=this.clone();return i.value=i.value.toRed(r).redPow(e.value).fromRed(),i}modInv(e){if(!this.gcd(e).isOne())throw Error("Inverse does not exist");return new ey(this.value.invm(e.value))}gcd(e){return new ey(this.value.gcd(e.value))}ileftShift(e){return this.value.ishln(e.value.toNumber()),this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value.ishrn(e.value.toNumber()),this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value.eq(e.value)}lt(e){return this.value.lt(e.value)}lte(e){return this.value.lte(e.value)}gt(e){return this.value.gt(e.value)}gte(e){return this.value.gte(e.value)}isZero(){return this.value.isZero()}isOne(){return this.value.eq(new Qp(1))}isNegative(){return this.value.isNeg()}isEven(){return this.value.isEven()}abs(){const e=this.clone();return e.value=e.value.abs(),e}toString(){return this.value.toString()}toNumber(){return this.value.toNumber()}getBit(e){return this.value.testn(e)?1:0}bitLength(){return this.value.bitLength()}byteLength(){return this.value.byteLength()}toUint8Array(e="be",t){return this.value.toArrayLike(Uint8Array,e,t)}}var ty,ry=/*#__PURE__*/Object.freeze({__proto__:null,default:ey}),iy=mt((function(e,t){var r=t;function i(e){return 1===e.length?"0"+e:e}function n(e){for(var t="",r=0;r>8,s=255&n;a?r.push(a,s):r.push(s)}return r},r.zero2=i,r.toHex=n,r.encode=function(e,t){return"hex"===t?n(e):e}})),ny=mt((function(e,t){var r=t;r.assert=yt,r.toArray=iy.toArray,r.zero2=iy.zero2,r.toHex=iy.toHex,r.encode=iy.encode,r.getNAF=function(e,t){for(var r=[],i=1<=0;){var a;if(n.isOdd()){var s=n.andln(i-1);a=s>(i>>1)-1?(i>>1)-s:s,n.isubn(a)}else a=0;r.push(a);for(var o=0!==n.cmpn(0)&&0===n.andln(i-1)?t+1:1,c=1;c0||t.cmpn(-n)>0;){var a,s,o,c=e.andln(3)+i&3,u=t.andln(3)+n&3;if(3===c&&(c=-1),3===u&&(u=-1),0==(1&c))a=0;else a=3!==(o=e.andln(7)+i&7)&&5!==o||2!==u?c:-c;if(r[0].push(a),0==(1&u))s=0;else s=3!==(o=t.andln(7)+n&7)&&5!==o||2!==c?u:-u;r[1].push(s),2*i===a+1&&(i=1-i),2*n===s+1&&(n=1-n),e.iushrn(1),t.iushrn(1)}return r},r.cachedProperty=function(e,t,r){var i="_"+t;e.prototype[t]=function(){return void 0!==this[i]?this[i]:this[i]=r.call(this)}},r.parseBytes=function(e){return"string"==typeof e?r.toArray(e,"hex"):e},r.intFromLE=function(e){return new Qp(e,"hex","le")}})),ay=function(e){return ty||(ty=new sy(null)),ty.generate(e)};function sy(e){this.rand=e}var oy=sy;if(sy.prototype.generate=function(e){return this._rand(e)},sy.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),r=0;r0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}var ly=fy;function py(e,t){this.curve=e,this.type=t,this.precomputed=null}fy.prototype.point=function(){throw Error("Not implemented")},fy.prototype.validate=function(){throw Error("Not implemented")},fy.prototype._fixedNafMul=function(e,t){dy(e.precomputed);var r=e._getDoubles(),i=uy(t,1),n=(1<=s;t--)o=(o<<1)+i[t];a.push(o)}for(var c=this.jpoint(null,null,null),u=this.jpoint(null,null,null),h=n;h>0;h--){for(s=0;s=0;o--){for(t=0;o>=0&&0===a[o];o--)t++;if(o>=0&&t++,s=s.dblp(t),o<0)break;var c=a[o];dy(0!==c),s="affine"===e.type?c>0?s.mixedAdd(n[c-1>>1]):s.mixedAdd(n[-c-1>>1].neg()):c>0?s.add(n[c-1>>1]):s.add(n[-c-1>>1].neg())}return"affine"===e.type?s.toP():s},fy.prototype._wnafMulAdd=function(e,t,r,i,n){for(var a=this._wnafT1,s=this._wnafT2,o=this._wnafT3,c=0,u=0;u=1;u-=2){var d=u-1,f=u;if(1===a[d]&&1===a[f]){var l=[t[d],null,null,t[f]];0===t[d].y.cmp(t[f].y)?(l[1]=t[d].add(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg())):0===t[d].y.cmp(t[f].y.redNeg())?(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].add(t[f].neg())):(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg()));var p=[-3,-1,-5,-7,0,7,5,1,3],y=hy(r[d],r[f]);c=Math.max(y[0].length,c),o[d]=Array(c),o[f]=Array(c);for(var b=0;b=0;u--){for(var _=0;u>=0;){var k=!0;for(b=0;b=0&&_++,w=w.dblp(_),u<0)break;for(b=0;b0?A=s[b][S-1>>1]:S<0&&(A=s[b][-S-1>>1].neg()),w="affine"===A.type?w.mixedAdd(A):w.add(A))}}for(u=0;u=Math.ceil((e.bitLength()+1)/t.step)},py.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var r=[this],i=this,n=0;n=0&&(a=t,s=r),i.negative&&(i=i.neg(),n=n.neg()),a.negative&&(a=a.neg(),s=s.neg()),[{a:i,b:n},{a,b:s}]},by.prototype._endoSplit=function(e){var t=this.endo.basis,r=t[0],i=t[1],n=i.b.mul(e).divRound(this.n),a=r.b.neg().mul(e).divRound(this.n),s=n.mul(r.a),o=a.mul(i.a),c=n.mul(r.b),u=a.mul(i.b);return{k1:e.sub(s).sub(o),k2:c.add(u).neg()}},by.prototype.pointFromX=function(e,t){(e=new Qp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),i=r.redSqrt();if(0!==i.redSqr().redSub(r).cmp(this.zero))throw Error("invalid point");var n=i.fromRed().isOdd();return(t&&!n||!t&&n)&&(i=i.redNeg()),this.point(e,i)},by.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,r=e.y,i=this.a.redMul(t),n=t.redSqr().redMul(t).redIAdd(i).redIAdd(this.b);return 0===r.redSqr().redISub(n).cmpn(0)},by.prototype._endoWnafMulAdd=function(e,t,r){for(var i=this._endoWnafT1,n=this._endoWnafT2,a=0;a":""},my.prototype.isInfinity=function(){return this.inf},my.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y);0!==t.cmpn(0)&&(t=t.redMul(this.x.redSub(e.x).redInvm()));var r=t.redSqr().redISub(this.x).redISub(e.x),i=t.redMul(this.x.redSub(r)).redISub(this.y);return this.curve.point(r,i)},my.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,r=this.x.redSqr(),i=e.redInvm(),n=r.redAdd(r).redIAdd(r).redIAdd(t).redMul(i),a=n.redSqr().redISub(this.x.redAdd(this.x)),s=n.redMul(this.x.redSub(a)).redISub(this.y);return this.curve.point(a,s)},my.prototype.getX=function(){return this.x.fromRed()},my.prototype.getY=function(){return this.y.fromRed()},my.prototype.mul=function(e){return e=new Qp(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},my.prototype.mulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n):this.curve._wnafMulAdd(1,i,n,2)},my.prototype.jmulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n,!0):this.curve._wnafMulAdd(1,i,n,2,!0)},my.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},my.prototype.neg=function(e){if(this.inf)return this;var t=this.curve.point(this.x,this.y.redNeg());if(e&&this.precomputed){var r=this.precomputed,i=function(e){return e.neg()};t.precomputed={naf:r.naf&&{wnd:r.naf.wnd,points:r.naf.points.map(i)},doubles:r.doubles&&{step:r.doubles.step,points:r.doubles.points.map(i)}}}return t},my.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},_t(wy,ly.BasePoint),by.prototype.jpoint=function(e,t,r){return new wy(this,e,t,r)},wy.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),r=this.x.redMul(t),i=this.y.redMul(t).redMul(e);return this.curve.point(r,i)},wy.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},wy.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),r=this.z.redSqr(),i=this.x.redMul(t),n=e.x.redMul(r),a=this.y.redMul(t.redMul(e.z)),s=e.y.redMul(r.redMul(this.z)),o=i.redSub(n),c=a.redSub(s);if(0===o.cmpn(0))return 0!==c.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var u=o.redSqr(),h=u.redMul(o),d=i.redMul(u),f=c.redSqr().redIAdd(h).redISub(d).redISub(d),l=c.redMul(d.redISub(f)).redISub(a.redMul(h)),p=this.z.redMul(e.z).redMul(o);return this.curve.jpoint(f,l,p)},wy.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),r=this.x,i=e.x.redMul(t),n=this.y,a=e.y.redMul(t).redMul(this.z),s=r.redSub(i),o=n.redSub(a);if(0===s.cmpn(0))return 0!==o.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var c=s.redSqr(),u=c.redMul(s),h=r.redMul(c),d=o.redSqr().redIAdd(u).redISub(h).redISub(h),f=o.redMul(h.redISub(d)).redISub(n.redMul(u)),l=this.z.redMul(s);return this.curve.jpoint(d,f,l)},wy.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,r=0;r=0)return!1;if(r.redIAdd(n),0===this.x.cmp(r))return!0}},wy.prototype.inspect=function(){return this.isInfinity()?"":""},wy.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},_t(vy,ly);var _y=vy;function ky(e,t,r){ly.BasePoint.call(this,e,"projective"),null===t&&null===r?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new Qp(t,16),this.z=new Qp(r,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}vy.prototype.validate=function(e){var t=e.normalize().x,r=t.redSqr(),i=r.redMul(t).redAdd(r.redMul(this.a)).redAdd(t);return 0===i.redSqrt().redSqr().cmp(i)},_t(ky,ly.BasePoint),vy.prototype.decodePoint=function(e,t){if(33===(e=ny.toArray(e,t)).length&&64===e[0]&&(e=e.slice(1,33).reverse()),32!==e.length)throw Error("Unknown point compression format");return this.point(e,1)},vy.prototype.point=function(e,t){return new ky(this,e,t)},vy.prototype.pointFromJSON=function(e){return ky.fromJSON(this,e)},ky.prototype.precompute=function(){},ky.prototype._encode=function(e){var t=this.curve.p.byteLength();return e?[64].concat(this.getX().toArray("le",t)):this.getX().toArray("be",t)},ky.fromJSON=function(e,t){return new ky(e,t[0],t[1]||e.one)},ky.prototype.inspect=function(){return this.isInfinity()?"":""},ky.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},ky.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),r=e.redSub(t),i=e.redMul(t),n=r.redMul(t.redAdd(this.curve.a24.redMul(r)));return this.curve.point(i,n)},ky.prototype.add=function(){throw Error("Not supported on Montgomery curve")},ky.prototype.diffAdd=function(e,t){var r=this.x.redAdd(this.z),i=this.x.redSub(this.z),n=e.x.redAdd(e.z),a=e.x.redSub(e.z).redMul(r),s=n.redMul(i),o=t.z.redMul(a.redAdd(s).redSqr()),c=t.x.redMul(a.redISub(s).redSqr());return this.curve.point(o,c)},ky.prototype.mul=function(e){for(var t=(e=new Qp(e,16)).clone(),r=this,i=this.curve.point(null,null),n=[];0!==t.cmpn(0);t.iushrn(1))n.push(t.andln(1));for(var a=n.length-1;a>=0;a--)0===n[a]?(r=r.diffAdd(i,this),i=i.dbl()):(i=r.diffAdd(i,this),r=r.dbl());return i},ky.prototype.mulAdd=function(){throw Error("Not supported on Montgomery curve")},ky.prototype.jumlAdd=function(){throw Error("Not supported on Montgomery curve")},ky.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},ky.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},ky.prototype.getX=function(){return this.normalize(),this.x.fromRed()};var Ay=ny.assert;function Sy(e){this.twisted=1!=(0|e.a),this.mOneA=this.twisted&&-1==(0|e.a),this.extended=this.mOneA,ly.call(this,"edwards",e),this.a=new Qp(e.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new Qp(e.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new Qp(e.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),Ay(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|e.c)}_t(Sy,ly);var Ey=Sy;function Py(e,t,r,i,n){ly.BasePoint.call(this,e,"projective"),null===t&&null===r&&null===i?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new Qp(t,16),this.y=new Qp(r,16),this.z=i?new Qp(i,16):this.curve.one,this.t=n&&new Qp(n,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}Sy.prototype._mulA=function(e){return this.mOneA?e.redNeg():this.a.redMul(e)},Sy.prototype._mulC=function(e){return this.oneC?e:this.c.redMul(e)},Sy.prototype.jpoint=function(e,t,r,i){return this.point(e,t,r,i)},Sy.prototype.pointFromX=function(e,t){(e=new Qp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=this.c2.redSub(this.a.redMul(r)),n=this.one.redSub(this.c2.redMul(this.d).redMul(r)),a=i.redMul(n.redInvm()),s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");var o=s.fromRed().isOdd();return(t&&!o||!t&&o)&&(s=s.redNeg()),this.point(e,s)},Sy.prototype.pointFromY=function(e,t){(e=new Qp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=r.redSub(this.c2),n=r.redMul(this.d).redMul(this.c2).redSub(this.a),a=i.redMul(n.redInvm());if(0===a.cmp(this.zero)){if(t)throw Error("invalid point");return this.point(this.zero,e)}var s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");return s.fromRed().isOdd()!==t&&(s=s.redNeg()),this.point(s,e)},Sy.prototype.validate=function(e){if(e.isInfinity())return!0;e.normalize();var t=e.x.redSqr(),r=e.y.redSqr(),i=t.redMul(this.a).redAdd(r),n=this.c2.redMul(this.one.redAdd(this.d.redMul(t).redMul(r)));return 0===i.cmp(n)},_t(Py,ly.BasePoint),Sy.prototype.pointFromJSON=function(e){return Py.fromJSON(this,e)},Sy.prototype.point=function(e,t,r,i){return new Py(this,e,t,r,i)},Py.fromJSON=function(e,t){return new Py(e,t[0],t[1],t[2])},Py.prototype.inspect=function(){return this.isInfinity()?"":""},Py.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},Py.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),r=this.z.redSqr();r=r.redIAdd(r);var i=this.curve._mulA(e),n=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),a=i.redAdd(t),s=a.redSub(r),o=i.redSub(t),c=n.redMul(s),u=a.redMul(o),h=n.redMul(o),d=s.redMul(a);return this.curve.point(c,u,d,h)},Py.prototype._projDbl=function(){var e,t,r,i=this.x.redAdd(this.y).redSqr(),n=this.x.redSqr(),a=this.y.redSqr();if(this.curve.twisted){var s=(u=this.curve._mulA(n)).redAdd(a);if(this.zOne)e=i.redSub(n).redSub(a).redMul(s.redSub(this.curve.two)),t=s.redMul(u.redSub(a)),r=s.redSqr().redSub(s).redSub(s);else{var o=this.z.redSqr(),c=s.redSub(o).redISub(o);e=i.redSub(n).redISub(a).redMul(c),t=s.redMul(u.redSub(a)),r=s.redMul(c)}}else{var u=n.redAdd(a);o=this.curve._mulC(this.z).redSqr(),c=u.redSub(o).redSub(o);e=this.curve._mulC(i.redISub(u)).redMul(c),t=this.curve._mulC(u).redMul(n.redISub(a)),r=u.redMul(c)}return this.curve.point(e,t,r)},Py.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},Py.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),r=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),i=this.t.redMul(this.curve.dd).redMul(e.t),n=this.z.redMul(e.z.redAdd(e.z)),a=r.redSub(t),s=n.redSub(i),o=n.redAdd(i),c=r.redAdd(t),u=a.redMul(s),h=o.redMul(c),d=a.redMul(c),f=s.redMul(o);return this.curve.point(u,h,f,d)},Py.prototype._projAdd=function(e){var t,r,i=this.z.redMul(e.z),n=i.redSqr(),a=this.x.redMul(e.x),s=this.y.redMul(e.y),o=this.curve.d.redMul(a).redMul(s),c=n.redSub(o),u=n.redAdd(o),h=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(a).redISub(s),d=i.redMul(c).redMul(h);return this.curve.twisted?(t=i.redMul(u).redMul(s.redSub(this.curve._mulA(a))),r=c.redMul(u)):(t=i.redMul(u).redMul(s.redSub(a)),r=this.curve._mulC(c).redMul(u)),this.curve.point(d,t,r)},Py.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},Py.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},Py.prototype.mulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!1)},Py.prototype.jmulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!0)},Py.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},Py.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},Py.prototype.getX=function(){return this.normalize(),this.x.fromRed()},Py.prototype.getY=function(){return this.normalize(),this.y.fromRed()},Py.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},Py.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var r=e.clone(),i=this.curve.redN.redMul(this.z);;){if(r.iadd(this.curve.n),r.cmp(this.curve.p)>=0)return!1;if(t.redIAdd(i),0===this.x.cmp(t))return!0}},Py.prototype.toP=Py.prototype.normalize,Py.prototype.mixedAdd=Py.prototype.add;var xy=mt((function(e,t){var r=t;r.base=ly,r.short=gy,r.mont=_y,r.edwards=Ey})),My=Ct.rotl32,Ky=Ct.sum32,Cy=Ct.sum32_5,Dy=Ft.ft_1,Uy=Rt.BlockHash,Ry=[1518500249,1859775393,2400959708,3395469782];function Iy(){if(!(this instanceof Iy))return new Iy;Uy.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=Array(80)}Ct.inherits(Iy,Uy);var By=Iy;Iy.blockSize=512,Iy.outSize=160,Iy.hmacStrength=80,Iy.padLength=64,Iy.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;ithis.blockSize&&(e=(new this.Hash).update(e).digest()),yt(e.length<=this.blockSize);for(var t=e.length;t=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,r,i)}var jy=Ny;Ny.prototype._init=function(e,t,r){var i=e.concat(t).concat(r);this.K=Array(this.outLen/8),this.V=Array(this.outLen/8);for(var n=0;n=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(r||[])),this._reseed=1},Ny.prototype.generate=function(e,t,r,i){if(this._reseed>this.reseedInterval)throw Error("Reseed is required");"string"!=typeof t&&(i=r,r=t,t=null),r&&(r=iy.toArray(r,i||"hex"),this._update(r));for(var n=[];n.length"};var Vy=ny.assert;function $y(e,t){if(e instanceof $y)return e;this._importDER(e,t)||(Vy(e.r&&e.s,"Signature without r or s"),this.r=new Qp(e.r,16),this.s=new Qp(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}var Zy=$y;function Xy(){this.place=0}function Yy(e,t){var r=e[t.place++];if(!(128&r))return r;for(var i=15&r,n=0,a=0,s=t.place;a>>3);for(e.push(128|r);--r;)e.push(t>>>(r<<3)&255);e.push(t)}}$y.prototype._importDER=function(e,t){e=ny.toArray(e,t);var r=new Xy;if(48!==e[r.place++])return!1;if(Yy(e,r)+r.place!==e.length)return!1;if(2!==e[r.place++])return!1;var i=Yy(e,r),n=e.slice(r.place,i+r.place);if(r.place+=i,2!==e[r.place++])return!1;var a=Yy(e,r);if(e.length!==a+r.place)return!1;var s=e.slice(r.place,a+r.place);return 0===n[0]&&128&n[1]&&(n=n.slice(1)),0===s[0]&&128&s[1]&&(s=s.slice(1)),this.r=new Qp(n),this.s=new Qp(s),this.recoveryParam=null,!0},$y.prototype.toDER=function(e){var t=this.r.toArray(),r=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&r[0]&&(r=[0].concat(r)),t=Qy(t),r=Qy(r);!(r[0]||128&r[1]);)r=r.slice(1);var i=[2];Jy(i,t.length),(i=i.concat(t)).push(2),Jy(i,r.length);var n=i.concat(r),a=[48];return Jy(a,n.length),a=a.concat(n),ny.encode(a,e)};var eb=ny.assert;function tb(e){if(!(this instanceof tb))return new tb(e);"string"==typeof e&&(eb(Ly.hasOwnProperty(e),"Unknown curve "+e),e=Ly[e]),e instanceof Ly.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}var rb=tb;tb.prototype.keyPair=function(e){return new Gy(this,e)},tb.prototype.keyFromPrivate=function(e,t){return Gy.fromPrivate(this,e,t)},tb.prototype.keyFromPublic=function(e,t){return Gy.fromPublic(this,e,t)},tb.prototype.genKeyPair=function(e){e||(e={});var t=new jy({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||ay(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()});if("mont"===this.curve.type){var r=new Qp(t.generate(32));return this.keyFromPrivate(r)}for(var i=this.n.byteLength(),n=this.n.sub(new Qp(2));;){if(!((r=new Qp(t.generate(i))).cmp(n)>0))return r.iaddn(1),this.keyFromPrivate(r)}},tb.prototype._truncateToN=function(e,t,r){var i=(r=r||8*e.byteLength())-this.n.bitLength();return i>0&&(e=e.ushrn(i)),!t&&e.cmp(this.n)>=0?e.sub(this.n):e},tb.prototype.truncateMsg=function(e){var t;return e instanceof Uint8Array?(t=8*e.byteLength,e=this._truncateToN(new Qp(e,16),!1,t)):"string"==typeof e?(t=4*e.length,e=this._truncateToN(new Qp(e,16),!1,t)):e=this._truncateToN(new Qp(e,16)),e},tb.prototype.sign=function(e,t,r,i){"object"==typeof r&&(i=r,r=null),i||(i={}),t=this.keyFromPrivate(t,r),e=this.truncateMsg(e);for(var n=this.n.byteLength(),a=t.getPrivate().toArray("be",n),s=e.toArray("be",n),o=new jy({hash:this.hash,entropy:a,nonce:s,pers:i.pers,persEnc:i.persEnc||"utf8"}),c=this.n.sub(new Qp(1)),u=0;;u++){var h=i.k?i.k(u):new Qp(o.generate(this.n.byteLength()));if(!((h=this._truncateToN(h,!0)).cmpn(1)<=0||h.cmp(c)>=0)){var d=this.g.mul(h);if(!d.isInfinity()){var f=d.getX(),l=f.umod(this.n);if(0!==l.cmpn(0)){var p=h.invm(this.n).mul(l.mul(t.getPrivate()).iadd(e));if(0!==(p=p.umod(this.n)).cmpn(0)){var y=(d.getY().isOdd()?1:0)|(0!==f.cmp(l)?2:0);return i.canonical&&p.cmp(this.nh)>0&&(p=this.n.sub(p),y^=1),new Zy({r:l,s:p,recoveryParam:y})}}}}}},tb.prototype.verify=function(e,t,r,i){return r=this.keyFromPublic(r,i),t=new Zy(t,"hex"),this._verify(this.truncateMsg(e),t,r)||this._verify(this._truncateToN(new Qp(e,16)),t,r)},tb.prototype._verify=function(e,t,r){var i=t.r,n=t.s;if(i.cmpn(1)<0||i.cmp(this.n)>=0)return!1;if(n.cmpn(1)<0||n.cmp(this.n)>=0)return!1;var a,s=n.invm(this.n),o=s.mul(e).umod(this.n),c=s.mul(i).umod(this.n);return this.curve._maxwellTrick?!(a=this.g.jmulAdd(o,r.getPublic(),c)).isInfinity()&&a.eqXToP(i):!(a=this.g.mulAdd(o,r.getPublic(),c)).isInfinity()&&0===a.getX().umod(this.n).cmp(i)},tb.prototype.recoverPubKey=function(e,t,r,i){eb((3&r)===r,"The recovery param is more than two bits"),t=new Zy(t,i);var n=this.n,a=new Qp(e),s=t.r,o=t.s,c=1&r,u=r>>1;if(s.cmp(this.curve.p.umod(this.curve.n))>=0&&u)throw Error("Unable to find sencond key candinate");s=u?this.curve.pointFromX(s.add(this.curve.n),c):this.curve.pointFromX(s,c);var h=t.r.invm(n),d=n.sub(a).mul(h).umod(n),f=o.mul(h).umod(n);return this.g.mulAdd(d,s,f)},tb.prototype.getKeyRecoveryParam=function(e,t,r,i){if(null!==(t=new Zy(t,i)).recoveryParam)return t.recoveryParam;for(var n=0;n<4;n++){var a;try{a=this.recoverPubKey(e,t,n)}catch(e){continue}if(a.eq(r))return n}throw Error("Unable to find valid recovery factor")};var ib=ny.assert,nb=ny.parseBytes,ab=ny.cachedProperty;function sb(e,t){if(this.eddsa=e,t.hasOwnProperty("secret")&&(this._secret=nb(t.secret)),e.isPoint(t.pub))this._pub=t.pub;else if(this._pubBytes=nb(t.pub),this._pubBytes&&33===this._pubBytes.length&&64===this._pubBytes[0]&&(this._pubBytes=this._pubBytes.slice(1,33)),this._pubBytes&&32!==this._pubBytes.length)throw Error("Unknown point compression format")}sb.fromPublic=function(e,t){return t instanceof sb?t:new sb(e,{pub:t})},sb.fromSecret=function(e,t){return t instanceof sb?t:new sb(e,{secret:t})},sb.prototype.secret=function(){return this._secret},ab(sb,"pubBytes",(function(){return this.eddsa.encodePoint(this.pub())})),ab(sb,"pub",(function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())})),ab(sb,"privBytes",(function(){var e=this.eddsa,t=this.hash(),r=e.encodingLength-1,i=t.slice(0,e.encodingLength);return i[0]&=248,i[r]&=127,i[r]|=64,i})),ab(sb,"priv",(function(){return this.eddsa.decodeInt(this.privBytes())})),ab(sb,"hash",(function(){return this.eddsa.hash().update(this.secret()).digest()})),ab(sb,"messagePrefix",(function(){return this.hash().slice(this.eddsa.encodingLength)})),sb.prototype.sign=function(e){return ib(this._secret,"KeyPair can only verify"),this.eddsa.sign(e,this)},sb.prototype.verify=function(e,t){return this.eddsa.verify(e,t,this)},sb.prototype.getSecret=function(e){return ib(this._secret,"KeyPair is public only"),ny.encode(this.secret(),e)},sb.prototype.getPublic=function(e,t){return ny.encode((t?[64]:[]).concat(this.pubBytes()),e)};var ob=sb,cb=ny.assert,ub=ny.cachedProperty,hb=ny.parseBytes;function db(e,t){this.eddsa=e,"object"!=typeof t&&(t=hb(t)),Array.isArray(t)&&(t={R:t.slice(0,e.encodingLength),S:t.slice(e.encodingLength)}),cb(t.R&&t.S,"Signature without R or S"),e.isPoint(t.R)&&(this._R=t.R),t.S instanceof Qp&&(this._S=t.S),this._Rencoded=Array.isArray(t.R)?t.R:t.Rencoded,this._Sencoded=Array.isArray(t.S)?t.S:t.Sencoded}ub(db,"S",(function(){return this.eddsa.decodeInt(this.Sencoded())})),ub(db,"R",(function(){return this.eddsa.decodePoint(this.Rencoded())})),ub(db,"Rencoded",(function(){return this.eddsa.encodePoint(this.R())})),ub(db,"Sencoded",(function(){return this.eddsa.encodeInt(this.S())})),db.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},db.prototype.toHex=function(){return ny.encode(this.toBytes(),"hex").toUpperCase()};var fb=db,lb=ny.assert,pb=ny.parseBytes;function yb(e){if(lb("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof yb))return new yb(e);e=Ly[e].curve;this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=Fy.sha512}var bb=yb;yb.prototype.sign=function(e,t){e=pb(e);var r=this.keyFromSecret(t),i=this.hashInt(r.messagePrefix(),e),n=this.g.mul(i),a=this.encodePoint(n),s=this.hashInt(a,r.pubBytes(),e).mul(r.priv()),o=i.add(s).umod(this.curve.n);return this.makeSignature({R:n,S:o,Rencoded:a})},yb.prototype.verify=function(e,t,r){e=pb(e),t=this.makeSignature(t);var i=this.keyFromPublic(r),n=this.hashInt(t.Rencoded(),i.pubBytes(),e),a=this.g.mul(t.S());return t.R().add(i.pub().mul(n)).eq(a)},yb.prototype.hashInt=function(){for(var e=this.hash(),t=0;t0)throw Error("Unknown option: "+r.join(", "));return new Fh(e)},exports.createMessage=async function({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){let s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!de.isString(e)&&!de.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!de.isUint8Array(t)&&!de.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=de.isStream(s);c&&(await O(),s=N(s));const u=new ku(i);void 0!==e?u.setText(s,ue.write(ue.literal,n)):u.setBytes(s,ue.write(ue.literal,n)),void 0!==r&&u.setFilename(r);const h=new Ku;h.push(u);const d=new Bh(h);return d.fromStream=c,d},exports.decrypt=async function({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Hh(u={...we,...u}),Oh(e),n=Wh(n),t=Wh(t),r=Wh(r),i=Wh(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const d={};if(d.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),d.data="binary"===s?h.getLiteralData():h.getText(),d.filename=h.getFilename(),Vh(d,e),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===d.signatures.length)throw Error("Message is not signed");d.data=H([d.data,ae((async()=>{await de.anyPromise(d.signatures.map((e=>e.verified)))}))])}return d.data=await Gh(d.data,e.fromStream,s),d}catch(e){throw de.wrapError("Error decrypting message",e)}},exports.decryptKey=async function({privateKey:e,passphrase:t,config:r,...i}){Hh(r={...we,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=de.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>de.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),de.wrapError("Error decrypting private key",e)}},exports.decryptSessionKeys=async function({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Hh(n={...we,...n}),Oh(e),t=Wh(t),r=Wh(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,i,n)}catch(e){throw de.wrapError("Error decrypting session keys",e)}},exports.encrypt=async function({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:d=[],encryptionUserIDs:f=[],signatureNotations:l=[],config:p,...y}){if(Hh(p={...we,...p}),Oh(e),Nh(a),t=Wh(t),r=Wh(r),i=Wh(i),c=Wh(c),u=Wh(u),d=Wh(d),f=Wh(f),l=Wh(l),y.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(y.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(y.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==y.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const b=Object.keys(y);if(b.length>0)throw Error("Unknown option: "+b.join(", "));r||(r=[]);const g=e.fromStream;try{if((r.length||s)&&(e=await e.sign(r,s,c,h,d,l,p)),e=e.compress(await dh("compression",t,h,f,p),p),e=await e.encrypt(t,i,n,o,u,h,f,p),"object"===a)return e;const y="armored"===a;return Gh(y?e.armor(p):e.write(),g,y?"utf8":"binary")}catch(e){throw de.wrapError("Error encrypting message",e)}},exports.encryptKey=async function({privateKey:e,passphrase:t,config:r,...i}){Hh(r={...we,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=de.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),de.wrapError("Error encrypting private key",e)}},exports.encryptSessionKey=async function({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...d}){if(Hh(h={...we,...h}),function(e,t){if(!de.isUint8Array(e))throw Error("Parameter ["+(t||"data")+"] must be of type Uint8Array")}(e),function(e,t){if(!de.isString(e))throw Error("Parameter ["+(t||"data")+"] must be of type String")}(t,"algorithm"),Nh(a),i=Wh(i),n=Wh(n),o=Wh(o),u=Wh(u),d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return $h(await Bh.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw de.wrapError("Error encrypting session key",e)}},exports.enums=ue,exports.generateKey=async function({userIDs:e=[],passphrase:t,type:r="ecc",rsaBits:i=4096,curve:n="curve25519",keyExpirationTime:a=0,date:s=new Date,subkeys:o=[{}],format:c="armored",config:u,...h}){Hh(u={...we,...u}),e=Wh(e);const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));if(0===e.length)throw Error("UserIDs are required for key generation");if("rsa"===r&&ibh(e.subkeys[r],e)));let r=[sh(e,t)];r=r.concat(e.subkeys.map((e=>ah(e,t))));const i=await Promise.all(r),n=await Dh(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(f,u);return e.getKeys().forEach((({keyPacket:e})=>vh(e,u))),{privateKey:$h(e,c,u),publicKey:$h(e.toPublic(),c,u),revocationCertificate:t}}catch(e){throw de.wrapError("Error generating keypair",e)}},exports.generateSessionKey=async function({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Hh(i={...we,...i}),e=Wh(e),r=Wh(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await Bh.generateSessionKey(e,t,r,i)}catch(e){throw de.wrapError("Error generating session key",e)}},exports.readCleartextMessage=async function({cleartextMessage:e,config:t,...r}){if(t={...we,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!de.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await xe(e);if(n.type!==ue.armor.signed)throw Error("No cleartext signed message.");const a=await Ku.fromBinary(n.data,qh,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await xe(e,r);if(t!==ue.armor.publicKey&&t!==ue.armor.privateKey)throw Error("Armored text not of type key");a=i}else a=t;return Ch(await Ku.fromBinary(a,Kh,r))},exports.readKeys=async function({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...we,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!de.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!de.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:i}=await xe(e,r);if(t!==ue.armor.publicKey&&t!==ue.armor.privateKey)throw Error("Armored text not of type key");n=i}const s=[],o=await Ku.fromBinary(n,Kh,r),c=o.indexOfTag(ue.packet.publicKey,ue.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)throw Error("Unknown option: "+a.join(", "));const s=de.isStream(n);if(s&&(await O(),n=N(n)),e){const{type:e,data:t}=await xe(n,r);if(e!==ue.armor.message)throw Error("Armored text not of type message");n=t}const o=await Ku.fromBinary(n,Uh,r),c=new Bh(o);return c.fromStream=s,c},exports.readPrivateKey=async function({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...we,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!de.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!de.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await xe(e,r);if(t!==ue.armor.privateKey)throw Error("Armored text not of type private key");a=i}else a=t;const s=await Ku.fromBinary(a,Kh,r);return new Mh(s)},exports.readPrivateKeys=async function({armoredKeys:e,binaryKeys:t,config:r}){r={...we,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!de.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!de.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:n}=await xe(e,r);if(t!==ue.armor.privateKey)throw Error("Armored text not of type private key");i=n}const n=[],a=await Ku.fromBinary(i,Kh,r),s=a.indexOfTag(ue.packet.secretKey);if(0===s.length)throw Error("No secret key packet found");for(let e=0;e0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await xe(n,r);if(e!==ue.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await Ku.fromBinary(n,ih,r);return new nh(s)},exports.reformatKey=async function({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Hh(s={...we,...s}),t=Wh(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length)throw Error("UserIDs are required for key reformat");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await oh(e.bindingSignatures,i,ue.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&ue.keyFlags.signData}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await Dh(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=de.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:$h(e,a,s),publicKey:$h(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw de.wrapError("Error reformatting keypair",e)}},exports.revokeKey=async function({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Hh(a={...we,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:$h(s,n,a),publicKey:$h(s.toPublic(),n,a)}:{privateKey:null,publicKey:$h(s,n,a)}}catch(e){throw de.wrapError("Error revoking key",e)}},exports.sign=async function({message:e,signingKeys:t,format:r="armored",detached:i=!1,signingKeyIDs:n=[],date:a=new Date,signingUserIDs:s=[],signatureNotations:o=[],config:c,...u}){if(Hh(c={...we,...c}),Lh(e),Nh(r),t=Wh(t),n=Wh(n),s=Wh(s),o=Wh(o),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==u.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const h=Object.keys(u);if(h.length>0)throw Error("Unknown option: "+h.join(", "));if(e instanceof Fh&&"binary"===r)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Fh&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let u;if(u=i?await e.signDetached(t,void 0,n,a,s,o,c):await e.sign(t,void 0,n,a,s,o,c),"object"===r)return u;const h="armored"===r;return u=h?u.armor(c):u.write(),i&&(u=Y(e.packets.write(),(async(e,t)=>{await Promise.all([V(u,t),ie(e).catch((()=>{}))])}))),Gh(u,e.fromStream,h?"utf8":"binary")}catch(e){throw de.wrapError("Error signing message",e)}},exports.unarmor=xe,exports.verify=async function({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Hh(s={...we,...s}),Lh(e),t=Wh(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Fh&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Fh&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&Vh(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=H([o.data,ae((async()=>{await de.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Gh(o.data,e.fromStream,i),o}catch(e){throw de.wrapError("Error verifying signed message",e)}}; -//# sourceMappingURL=openpgp.min.js.map diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.js.map b/app/node_modules/openpgp/dist/node/openpgp.min.js.map deleted file mode 100644 index 26c47365d..000000000 --- a/app/node_modules/openpgp/dist/node/openpgp.min.js.map +++ /dev/null @@ -1 +0,0 @@ -{"version":3,"file":"openpgp.min.js","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/node-conversions.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/biginteger/native.interface.js","../../src/biginteger/index.js","../../src/enums.js","../../src/util.js","../../src/encoding/base64.js","../../src/config/config.js","../../src/encoding/armor.js","../../src/type/keyid.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/utils.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/errors.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ecb.js","../../src/crypto/cipher/aes.js","../../src/crypto/cipher/des.js","../../src/crypto/cipher/cast5.js","../../src/crypto/cipher/twofish.js","../../src/crypto/cipher/blowfish.js","../../src/crypto/cipher/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/hash.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.asm.js","../../node_modules/minimalistic-assert/index.js","../../node_modules/inherits/inherits_browser.js","../../node_modules/inherits/inherits.js","../../node_modules/hash.js/lib/hash/utils.js","../../node_modules/hash.js/lib/hash/common.js","../../node_modules/hash.js/lib/hash/sha/common.js","../../node_modules/hash.js/lib/hash/sha/256.js","../../node_modules/hash.js/lib/hash/sha/224.js","../../node_modules/hash.js/lib/hash/sha/512.js","../../node_modules/hash.js/lib/hash/sha/384.js","../../node_modules/hash.js/lib/hash/ripemd.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cfb.js","../../src/crypto/cipher/getCipher.js","../../src/crypto/mode/cfb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ctr.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cbc.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/gcm.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../node_modules/@openpgp/tweetnacl/nacl-fast-light.js","../../src/crypto/random.js","../../src/crypto/public_key/prime.js","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../src/type/oid.js","../../src/crypto/public_key/elliptic/indutnyKey.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../node_modules/@openpgp/pako/lib/utils/common.js","../../node_modules/@openpgp/pako/lib/zlib/constants.js","../../node_modules/@openpgp/pako/lib/zlib/trees.js","../../node_modules/@openpgp/pako/lib/zlib/adler32.js","../../node_modules/@openpgp/pako/lib/zlib/crc32.js","../../node_modules/@openpgp/pako/lib/zlib/messages.js","../../node_modules/@openpgp/pako/lib/zlib/deflate.js","../../node_modules/@openpgp/pako/lib/utils/strings.js","../../node_modules/@openpgp/pako/lib/zlib/zstream.js","../../node_modules/@openpgp/pako/lib/deflate.js","../../node_modules/@openpgp/pako/lib/zlib/inffast.js","../../node_modules/@openpgp/pako/lib/zlib/inftrees.js","../../node_modules/@openpgp/pako/lib/zlib/inflate.js","../../node_modules/@openpgp/pako/lib/zlib/gzheader.js","../../node_modules/@openpgp/pako/lib/inflate.js","../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js","../../src/packet/literal_data.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/type/s2k.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../node_modules/email-addresses/lib/email-addresses.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js","../../node_modules/@openpgp/web-stream-tools/node_modules/web-streams-polyfill/dist/ponyfill.es6.mjs","../../node_modules/@mattiasbuelens/web-streams-adapter/dist/web-streams-adapter.mjs","../../node_modules/bn.js/lib/bn.js","../../src/biginteger/bn.interface.js","../../node_modules/brorand/index.js","../../node_modules/minimalistic-crypto-utils/lib/utils.js","../../node_modules/@openpgp/elliptic/lib/elliptic/utils.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/base.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/short.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/mont.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/edwards.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/index.js","../../node_modules/hash.js/lib/hash/sha/1.js","../../node_modules/hash.js/lib/hash/sha.js","../../node_modules/hash.js/lib/hash/hmac.js","../../node_modules/hash.js/lib/hash.js","../../node_modules/@openpgp/elliptic/lib/elliptic/precomputed/secp256k1.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curves.js","../../node_modules/hmac-drbg/lib/hmac-drbg.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/key.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/signature.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/index.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/key.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/signature.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/index.js","../../node_modules/@openpgp/elliptic/lib/elliptic.js","../../src/packet/marker.js","../../src/packet/trust.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","import * as streams from './streams';\nimport { isArrayStream } from './writer';\n\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n if (streams.ReadableStream && streams.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'ponyfill';\n }\n if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) {\n return 'node';\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isNode } from './util';\nimport * as streams from './streams';\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Web / node stream conversion functions\n * From https://github.com/gwicke/node-web-streams\n */\n\nlet nodeToWeb;\nlet webToNode;\n\nif (NodeReadableStream) {\n\n /**\n * Convert a Node Readable Stream to a Web ReadableStream\n * @param {Readable} nodeStream\n * @returns {ReadableStream}\n */\n nodeToWeb = function(nodeStream) {\n let canceled = false;\n return new streams.ReadableStream({\n start(controller) {\n nodeStream.pause();\n nodeStream.on('data', chunk => {\n if (canceled) {\n return;\n }\n if (NodeBuffer.isBuffer(chunk)) {\n chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength);\n }\n controller.enqueue(chunk);\n nodeStream.pause();\n });\n nodeStream.on('end', () => {\n if (canceled) {\n return;\n }\n controller.close();\n });\n nodeStream.on('error', e => controller.error(e));\n },\n pull() {\n nodeStream.resume();\n },\n cancel(reason) {\n canceled = true;\n nodeStream.destroy(reason);\n }\n });\n };\n\n\n class NodeReadable extends NodeReadableStream {\n constructor(webStream, options) {\n super(options);\n this._reader = streams.getReader(webStream);\n }\n\n async _read(size) {\n try {\n while (true) {\n const { done, value } = await this._reader.read();\n if (done) {\n this.push(null);\n break;\n }\n if (!this.push(value)) {\n break;\n }\n }\n } catch (e) {\n this.destroy(e);\n }\n }\n\n async _destroy(error, callback) {\n this._reader.cancel(error).then(callback, callback);\n }\n }\n\n /**\n * Convert a Web ReadableStream to a Node Readable Stream\n * @param {ReadableStream} webStream\n * @param {Object} options\n * @returns {Readable}\n */\n webToNode = function(webStream, options) {\n return new NodeReadable(webStream, options);\n };\n\n}\n\nexport { nodeToWeb, webToNode };\n","import * as streams from './streams';\nimport { isUint8Array } from './util';\n\nconst doneReadingSet = new WeakSet();\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (streams.isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = async () => {};\n return;\n }\n let streamType = streams.isStream(input);\n if (streamType === 'node') {\n input = streams.nodeToWeb(input);\n }\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array } from './util';\nimport { nodeToWeb, webToNode } from './node-conversions';\nimport { Reader, externalBuffer } from './reader';\nimport { ArrayStream, Writer } from './writer';\n\nlet { ReadableStream, WritableStream, TransformStream } = globalThis;\n\nlet toPonyfillReadable, toNativeReadable;\n\nasync function loadStreamsPonyfill() {\n if (TransformStream) {\n return;\n }\n\n const [ponyfill, adapter] = await Promise.all([\n import('web-streams-polyfill/ponyfill/es6'),\n import('@mattiasbuelens/web-streams-adapter')\n ]);\n\n ({ ReadableStream, WritableStream, TransformStream } = ponyfill);\n\n const { createReadableStreamWrapper } = adapter;\n\n if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) {\n toPonyfillReadable = createReadableStreamWrapper(ReadableStream);\n toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream);\n }\n}\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType === 'node') {\n return nodeToWeb(input);\n }\n if (streamType === 'web' && toPonyfillReadable) {\n return toPonyfillReadable(input);\n }\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert data to ArrayStream\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n if (NodeBuffer && NodeBuffer.isBuffer(list[0])) {\n return NodeBuffer.concat(list);\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n } else {\n lastBytes = returnValue;\n }\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input) && !(NodeBuffer && NodeBuffer.isBuffer(input))) {\n if (end === Infinity) end = input.length;\n return input.subarray(begin, end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n return input.cancel(reason);\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n\nexport { ReadableStream, WritableStream, TransformStream, ArrayStream, loadStreamsPonyfill, isStream, isArrayStream, isUint8Array, toStream, toPonyfillReadable, toNativeReadable, concatUint8Array, concatStream, concat, getReader, getWriter, pipe, transformRaw, transform, transformPair, parse, clone, passiveClone, slice, readToEnd, cancel, fromAsync, nodeToWeb, webToNode };\n","/* eslint-disable new-cap */\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * that wraps the native BigInt library.\n * Operations are not constant time,\n * but we try and limit timing leakage where we can\n * @module biginteger/native\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on null or undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n if (n instanceof Uint8Array) {\n const bytes = n;\n const hex = new Array(bytes.length);\n for (let i = 0; i < bytes.length; i++) {\n const hexByte = bytes[i].toString(16);\n hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte;\n }\n this.value = BigInt('0x0' + hex.join(''));\n } else {\n this.value = BigInt(n);\n }\n }\n\n clone() {\n return new BigInteger(this.value);\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value++;\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value--;\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value += x.value;\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value -= x.value;\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value *= x.value;\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value %= m.value;\n if (this.isNegative()) {\n this.iadd(m);\n }\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation using square and multiply\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n if (n.isZero()) throw Error('Modulo cannot be zero');\n if (n.isOne()) return new BigInteger(0);\n if (e.isNegative()) throw Error('Unsopported negative exponent');\n\n let exp = e.value;\n let x = this.value;\n\n x %= n.value;\n let r = BigInt(1);\n while (exp > BigInt(0)) {\n const lsb = exp & BigInt(1);\n exp >>= BigInt(1); // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n.value;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n.value; // Square\n }\n return new BigInteger(r);\n }\n\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n const { gcd, x } = this._egcd(n);\n if (!gcd.isOne()) {\n throw new Error('Inverse does not exist');\n }\n return x.add(n).mod(n);\n }\n\n /**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b)\n * @param {BigInteger} b - Second operand\n * @returns {{ gcd, x, y: BigInteger }}\n */\n _egcd(b) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n let a = this.value;\n b = b.value;\n\n while (b !== BigInt(0)) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: new BigInteger(xPrev),\n y: new BigInteger(yPrev),\n gcd: new BigInteger(a)\n };\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} b - Operand\n * @returns {BigInteger} gcd\n */\n gcd(b) {\n let a = this.value;\n b = b.value;\n while (b !== BigInt(0)) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return new BigInteger(a);\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value <<= x.value;\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value >>= x.value;\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value === x.value;\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value < x.value;\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value <= x.value;\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value > x.value;\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value >= x.value;\n }\n\n isZero() {\n return this.value === BigInt(0);\n }\n\n isOne() {\n return this.value === BigInt(1);\n }\n\n isNegative() {\n return this.value < BigInt(0);\n }\n\n isEven() {\n return !(this.value & BigInt(1));\n }\n\n abs() {\n const res = this.clone();\n if (this.isNegative()) {\n res.value = -res.value;\n }\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n const number = Number(this.value);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n const bit = (this.value >> BigInt(i)) & BigInt(1);\n return (bit === BigInt(0)) ? 0 : 1;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n const zero = new BigInteger(0);\n const one = new BigInteger(1);\n const negOne = new BigInteger(-1);\n\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = this.isNegative() ? negOne : zero;\n let bitlen = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(one).equal(target)) {\n bitlen++;\n }\n return bitlen;\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n const zero = new BigInteger(0);\n const negOne = new BigInteger(-1);\n\n const target = this.isNegative() ? negOne : zero;\n const eight = new BigInteger(8);\n let len = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(eight).equal(target)) {\n len++;\n }\n return len;\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = this.value.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? (length - rawLength) : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n }\n}\n","import BigInteger from './native.interface';\n\nconst detectBigInt = () => typeof BigInt !== 'undefined';\n\nasync function getBigInteger() {\n if (detectBigInt()) {\n return BigInteger;\n } else {\n const { default: BigInteger } = await import('./bn.interface');\n return BigInteger;\n }\n}\n\nexport { getBigInteger };\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'p256': 'p256',\n 'P-256': 'p256',\n 'secp256r1': 'p256',\n 'prime256v1': 'p256',\n '1.2.840.10045.3.1.7': 'p256',\n '2a8648ce3d030107': 'p256',\n '2A8648CE3D030107': 'p256',\n\n /** NIST P-384 Curve */\n 'p384': 'p384',\n 'P-384': 'p384',\n 'secp384r1': 'p384',\n '1.3.132.0.34': 'p384',\n '2b81040022': 'p384',\n '2B81040022': 'p384',\n\n /** NIST P-521 Curve */\n 'p521': 'p521',\n 'P-521': 'p521',\n 'secp521r1': 'p521',\n '1.3.132.0.35': 'p521',\n '2b81040023': 'p521',\n '2B81040023': 'p521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n '1.3.132.0.10': 'secp256k1',\n '2b8104000a': 'secp256k1',\n '2B8104000A': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519',\n 'ED25519': 'ed25519',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519',\n 'Ed25519': 'ed25519',\n '1.3.6.1.4.1.11591.15.1': 'ed25519',\n '2b06010401da470f01': 'ed25519',\n '2B06010401DA470F01': 'ed25519',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519',\n 'X25519': 'curve25519',\n 'cv25519': 'curve25519',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519',\n 'Curve25519': 'curve25519',\n '1.3.6.1.4.1.3029.1.5.1': 'curve25519',\n '2b060104019755010501': 'curve25519',\n '2B060104019755010501': 'curve25519',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',\n '2b2403030208010107': 'brainpoolP256r1',\n '2B2403030208010107': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',\n '2b240303020801010b': 'brainpoolP384r1',\n '2B240303020801010B': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1',\n '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',\n '2b240303020801010d': 'brainpoolP512r1',\n '2B240303020801010D': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility\n /** @deprecated use `eddsaLegacy` instead */\n ed25519Legacy: 22,\n /** @deprecated use `eddsaLegacy` instead */\n eddsa: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n plaintext: 0,\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuer: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { getBigInteger } from './biginteger';\nimport enums from './enums';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n return bytes.subarray(2, 2 + bytelen);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const r = [];\n const e = bytes.length;\n let c = 0;\n let h;\n while (c < e) {\n h = bytes[c++].toString(16);\n while (h.length < 2) {\n h = '0' + h;\n }\n r.push('' + h);\n }\n return r.join('');\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography api, only the current version of the spec.\n * @returns {Object} The SubtleCrypto api or 'undefined'.\n */\n getWebCrypto: function() {\n return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n },\n\n /**\n * Get BigInteger class\n * It wraps the native BigInt type if it's available\n * Otherwise it relies on bn.js\n * @returns {BigInteger}\n * @async\n */\n getBigInteger,\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return require('crypto');\n },\n\n getNodeZlib: function() {\n return require('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (require('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = require('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^(([^<>()[\\]\\\\.,;:\\s@\"]+(\\.[^<>()[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\\-0-9]+)))$/;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha256,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * @memberof module:config\n * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9\n */\n deflateLevel: 6,\n\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.eax,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use V5 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v5Keys\n */\n v5Keys: false,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:\n * Iteration Count Byte for S2K (String to Key)\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * @memberof module:config\n * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum\n */\n checksumRequired: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * @memberof module:config\n * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored\n */\n revocationsExpire: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n\n /**\n * @memberof module:config\n * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available\n */\n minBytesForWebCrypto: 1000,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * Note: the indutny/elliptic curve library is not designed to be constant time.\n * @memberof module:config\n * @property {Boolean} useIndutnyElliptic\n */\n useIndutnyElliptic: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n } else\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n } else\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n } else\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n } else\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n } else\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n } else\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Splits a message into two parts, the body and the checksum. This is an internal function\n * @param {String} text - OpenPGP armored message part\n * @returns {Object} An object with attribute \"body\" containing the body.\n * and an attribute \"checksum\" containing the checksum.\n * @private\n */\nfunction splitChecksum(text) {\n let body = text;\n let checksum = '';\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n checksum = text.slice(lastEquals + 1).substr(0, 4);\n }\n\n return { body: body, checksum: checksum };\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input, config = defaultConfig) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n let checksum;\n let data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== 2) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === 2) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const split = splitChecksum(parts[0].slice(0, -1));\n checksum = split.checksum;\n await writer.write(split.body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n data = stream.transformPair(data, async (readable, writable) => {\n const checksumVerified = stream.readToEnd(getCheckSum(stream.passiveClone(readable)));\n checksumVerified.catch(() => {});\n await stream.pipe(readable, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n const checksumVerifiedString = (await checksumVerified).replace('\\n', '');\n if (checksum !== checksumVerifiedString && (checksum || config.checksumRequired)) {\n throw new Error('Ascii armor integrity check failed');\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n const bodyClone = stream.passiveClone(body);\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push('Hash: ' + hash + '\\n\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n * @private\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","/**\n * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}.\n * @author Artem S Vybornov \n * @license MIT\n */\nexport var AES_asm = function () {\n \"use strict\";\n\n /**\n * Galois Field stuff init flag\n */\n var ginit_done = false;\n\n /**\n * Galois Field exponentiation and logarithm tables for 3 (the generator)\n */\n var gexp3, glog3;\n\n /**\n * Init Galois Field tables\n */\n function ginit() {\n gexp3 = [],\n glog3 = [];\n\n var a = 1, c, d;\n for (c = 0; c < 255; c++) {\n gexp3[c] = a;\n\n // Multiply by three\n d = a & 0x80, a <<= 1, a &= 255;\n if (d === 0x80) a ^= 0x1b;\n a ^= gexp3[c];\n\n // Set the log table value\n glog3[gexp3[c]] = c;\n }\n gexp3[255] = gexp3[0];\n glog3[0] = 0;\n\n ginit_done = true;\n }\n\n /**\n * Galois Field multiplication\n * @param {number} a\n * @param {number} b\n * @return {number}\n */\n function gmul(a, b) {\n var c = gexp3[(glog3[a] + glog3[b]) % 255];\n if (a === 0 || b === 0) c = 0;\n return c;\n }\n\n /**\n * Galois Field reciprocal\n * @param {number} a\n * @return {number}\n */\n function ginv(a) {\n var i = gexp3[255 - glog3[a]];\n if (a === 0) i = 0;\n return i;\n }\n\n /**\n * AES stuff init flag\n */\n var aes_init_done = false;\n\n /**\n * Encryption, Decryption, S-Box and KeyTransform tables\n *\n * @type {number[]}\n */\n var aes_sbox;\n\n /**\n * @type {number[]}\n */\n var aes_sinv;\n\n /**\n * @type {number[][]}\n */\n var aes_enc;\n\n /**\n * @type {number[][]}\n */\n var aes_dec;\n\n /**\n * Init AES tables\n */\n function aes_init() {\n if (!ginit_done) ginit();\n\n // Calculates AES S-Box value\n function _s(a) {\n var c, s, x;\n s = x = ginv(a);\n for (c = 0; c < 4; c++) {\n s = ((s << 1) | (s >>> 7)) & 255;\n x ^= s;\n }\n x ^= 99;\n return x;\n }\n\n // Tables\n aes_sbox = [],\n aes_sinv = [],\n aes_enc = [[], [], [], []],\n aes_dec = [[], [], [], []];\n\n for (var i = 0; i < 256; i++) {\n var s = _s(i);\n\n // S-Box and its inverse\n aes_sbox[i] = s;\n aes_sinv[s] = i;\n\n // Ecryption and Decryption tables\n aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s);\n aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i);\n // Rotate tables\n for (var t = 1; t < 4; t++) {\n aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24);\n aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24);\n }\n }\n\n aes_init_done = true;\n }\n\n /**\n * Asm.js module constructor.\n *\n *

\n * Heap buffer layout by offset:\n * 

\n   * 0x0000   encryption key schedule\n   * 0x0400   decryption key schedule\n   * 0x0800   sbox\n   * 0x0c00   inv sbox\n   * 0x1000   encryption tables\n   * 0x2000   decryption tables\n   * 0x3000   reserved (future GCM multiplication lookup table)\n   * 0x4000   data\n   *
\n * Don't touch anything before 0x400.\n *

\n *\n * @alias AES_asm\n * @class\n * @param foreign - ignored\n * @param buffer - heap buffer to link with\n */\n var wrapper = function (foreign, buffer) {\n // Init AES stuff for the first time\n if (!aes_init_done) aes_init();\n\n // Fill up AES tables\n var heap = new Uint32Array(buffer);\n heap.set(aes_sbox, 0x0800 >> 2);\n heap.set(aes_sinv, 0x0c00 >> 2);\n for (var i = 0; i < 4; i++) {\n heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2);\n heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2);\n }\n\n /**\n * Calculate AES key schedules.\n * @instance\n * @memberof AES_asm\n * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly)\n * @param {number} k0 - key vector components\n * @param {number} k1 - key vector components\n * @param {number} k2 - key vector components\n * @param {number} k3 - key vector components\n * @param {number} k4 - key vector components\n * @param {number} k5 - key vector components\n * @param {number} k6 - key vector components\n * @param {number} k7 - key vector components\n */\n function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) {\n var ekeys = heap.subarray(0x000, 60),\n dkeys = heap.subarray(0x100, 0x100 + 60);\n\n // Encryption key schedule\n ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]);\n for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) {\n var k = ekeys[i - 1];\n if ((i % ks === 0) || (ks === 8 && i % ks === 4)) {\n k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255];\n }\n if (i % ks === 0) {\n k = (k << 8) ^ (k >>> 24) ^ (rcon << 24);\n rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0);\n }\n ekeys[i] = ekeys[i - ks] ^ k;\n }\n\n // Decryption key schedule\n for (var j = 0; j < i; j += 4) {\n for (var jj = 0; jj < 4; jj++) {\n var k = ekeys[i - (4 + j) + (4 - jj) % 4];\n if (j < 4 || j >= i - 4) {\n dkeys[j + jj] = k;\n } else {\n dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]]\n ^ aes_dec[1][aes_sbox[k >>> 16 & 255]]\n ^ aes_dec[2][aes_sbox[k >>> 8 & 255]]\n ^ aes_dec[3][aes_sbox[k & 255]];\n }\n }\n }\n\n // Set rounds number\n asm.set_rounds(ks + 5);\n }\n\n // create library object with necessary properties\n var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array};\n\n var asm = function (stdlib, foreign, buffer) {\n \"use asm\";\n\n var S0 = 0, S1 = 0, S2 = 0, S3 = 0,\n I0 = 0, I1 = 0, I2 = 0, I3 = 0,\n N0 = 0, N1 = 0, N2 = 0, N3 = 0,\n M0 = 0, M1 = 0, M2 = 0, M3 = 0,\n H0 = 0, H1 = 0, H2 = 0, H3 = 0,\n R = 0;\n\n var HEAP = new stdlib.Uint32Array(buffer),\n DATA = new stdlib.Uint8Array(buffer);\n\n /**\n * AES core\n * @param {number} k - precomputed key schedule offset\n * @param {number} s - precomputed sbox table offset\n * @param {number} t - precomputed round table offset\n * @param {number} r - number of inner rounds to perform\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _core(k, s, t, r, x0, x1, x2, x3) {\n k = k | 0;\n s = s | 0;\n t = t | 0;\n r = r | 0;\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t1 = 0, t2 = 0, t3 = 0,\n y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n i = 0;\n\n t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00;\n\n // round 0\n x0 = x0 ^ HEAP[(k | 0) >> 2],\n x1 = x1 ^ HEAP[(k | 4) >> 2],\n x2 = x2 ^ HEAP[(k | 8) >> 2],\n x3 = x3 ^ HEAP[(k | 12) >> 2];\n\n // round 1..r\n for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) {\n y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n x0 = y0, x1 = y1, x2 = y2, x3 = y3;\n }\n\n // final round\n S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n }\n\n /**\n * ECB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n x0,\n x1,\n x2,\n x3\n );\n }\n\n /**\n * ECB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n }\n\n\n /**\n * CBC mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0 ^ x0,\n I1 ^ x1,\n I2 ^ x2,\n I3 ^ x3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n }\n\n /**\n * CBC mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n\n S0 = S0 ^ I0,\n S1 = S1 ^ I1,\n S2 = S2 ^ I2,\n S3 = S3 ^ I3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * CFB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0 = S0 ^ x0,\n I1 = S1 = S1 ^ x1,\n I2 = S2 = S2 ^ x2,\n I3 = S3 = S3 ^ x3;\n }\n\n\n /**\n * CFB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * OFB mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ofb(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n }\n\n /**\n * CTR mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ctr(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n N0,\n N1,\n N2,\n N3\n );\n\n N3 = (~M3 & N3) | M3 & (N3 + 1);\n N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0));\n N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0));\n N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0));\n\n S0 = S0 ^ x0;\n S1 = S1 ^ x1;\n S2 = S2 ^ x2;\n S3 = S3 ^ x3;\n }\n\n /**\n * GCM mode MAC calculation\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _gcm_mac(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n z0 = 0, z1 = 0, z2 = 0, z3 = 0,\n i = 0, c = 0;\n\n x0 = x0 ^ I0,\n x1 = x1 ^ I1,\n x2 = x2 ^ I2,\n x3 = x3 ^ I3;\n\n y0 = H0 | 0,\n y1 = H1 | 0,\n y2 = H2 | 0,\n y3 = H3 | 0;\n\n for (; (i | 0) < 128; i = (i + 1) | 0) {\n if (y0 >>> 31) {\n z0 = z0 ^ x0,\n z1 = z1 ^ x1,\n z2 = z2 ^ x2,\n z3 = z3 ^ x3;\n }\n\n y0 = (y0 << 1) | (y1 >>> 31),\n y1 = (y1 << 1) | (y2 >>> 31),\n y2 = (y2 << 1) | (y3 >>> 31),\n y3 = (y3 << 1);\n\n c = x3 & 1;\n\n x3 = (x3 >>> 1) | (x2 << 31),\n x2 = (x2 >>> 1) | (x1 << 31),\n x1 = (x1 >>> 1) | (x0 << 31),\n x0 = (x0 >>> 1);\n\n if (c) x0 = x0 ^ 0xe1000000;\n }\n\n I0 = z0,\n I1 = z1,\n I2 = z2,\n I3 = z3;\n }\n\n /**\n * Set the internal rounds number.\n * @instance\n * @memberof AES_asm\n * @param {number} r - number if inner AES rounds\n */\n function set_rounds(r) {\n r = r | 0;\n R = r;\n }\n\n /**\n * Populate the internal state of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} s0 - state vector\n * @param {number} s1 - state vector\n * @param {number} s2 - state vector\n * @param {number} s3 - state vector\n */\n function set_state(s0, s1, s2, s3) {\n s0 = s0 | 0;\n s1 = s1 | 0;\n s2 = s2 | 0;\n s3 = s3 | 0;\n\n S0 = s0,\n S1 = s1,\n S2 = s2,\n S3 = s3;\n }\n\n /**\n * Populate the internal iv of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} i0 - iv vector\n * @param {number} i1 - iv vector\n * @param {number} i2 - iv vector\n * @param {number} i3 - iv vector\n */\n function set_iv(i0, i1, i2, i3) {\n i0 = i0 | 0;\n i1 = i1 | 0;\n i2 = i2 | 0;\n i3 = i3 | 0;\n\n I0 = i0,\n I1 = i1,\n I2 = i2,\n I3 = i3;\n }\n\n /**\n * Set nonce for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} n0 - nonce vector\n * @param {number} n1 - nonce vector\n * @param {number} n2 - nonce vector\n * @param {number} n3 - nonce vector\n */\n function set_nonce(n0, n1, n2, n3) {\n n0 = n0 | 0;\n n1 = n1 | 0;\n n2 = n2 | 0;\n n3 = n3 | 0;\n\n N0 = n0,\n N1 = n1,\n N2 = n2,\n N3 = n3;\n }\n\n /**\n * Set counter mask for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} m0 - counter mask vector\n * @param {number} m1 - counter mask vector\n * @param {number} m2 - counter mask vector\n * @param {number} m3 - counter mask vector\n */\n function set_mask(m0, m1, m2, m3) {\n m0 = m0 | 0;\n m1 = m1 | 0;\n m2 = m2 | 0;\n m3 = m3 | 0;\n\n M0 = m0,\n M1 = m1,\n M2 = m2,\n M3 = m3;\n }\n\n /**\n * Set counter for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} c0 - counter vector\n * @param {number} c1 - counter vector\n * @param {number} c2 - counter vector\n * @param {number} c3 - counter vector\n */\n function set_counter(c0, c1, c2, c3) {\n c0 = c0 | 0;\n c1 = c1 | 0;\n c2 = c2 | 0;\n c3 = c3 | 0;\n\n N3 = (~M3 & N3) | M3 & c3,\n N2 = (~M2 & N2) | M2 & c2,\n N1 = (~M1 & N1) | M1 & c1,\n N0 = (~M0 & N0) | M0 & c0;\n }\n\n /**\n * Store the internal state vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_state(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n return 16;\n }\n\n /**\n * Store the internal iv vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_iv(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = I0 >>> 24,\n DATA[pos | 1] = I0 >>> 16 & 255,\n DATA[pos | 2] = I0 >>> 8 & 255,\n DATA[pos | 3] = I0 & 255,\n DATA[pos | 4] = I1 >>> 24,\n DATA[pos | 5] = I1 >>> 16 & 255,\n DATA[pos | 6] = I1 >>> 8 & 255,\n DATA[pos | 7] = I1 & 255,\n DATA[pos | 8] = I2 >>> 24,\n DATA[pos | 9] = I2 >>> 16 & 255,\n DATA[pos | 10] = I2 >>> 8 & 255,\n DATA[pos | 11] = I2 & 255,\n DATA[pos | 12] = I3 >>> 24,\n DATA[pos | 13] = I3 >>> 16 & 255,\n DATA[pos | 14] = I3 >>> 8 & 255,\n DATA[pos | 15] = I3 & 255;\n\n return 16;\n }\n\n /**\n * GCM initialization.\n * @instance\n * @memberof AES_asm\n */\n function gcm_init() {\n _ecb_enc(0, 0, 0, 0);\n H0 = S0,\n H1 = S1,\n H2 = S2,\n H3 = S3;\n }\n\n /**\n * Perform ciphering operation on the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function cipher(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _cipher_modes[mode & 7](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * Calculates MAC of the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function mac(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _mac_modes[mode & 1](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * AES cipher modes table (virual methods)\n */\n var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr];\n\n /**\n * AES MAC modes table (virual methods)\n */\n var _mac_modes = [_cbc_enc, _gcm_mac];\n\n /**\n * Asm.js module exports\n */\n return {\n set_rounds: set_rounds,\n set_state: set_state,\n set_iv: set_iv,\n set_nonce: set_nonce,\n set_mask: set_mask,\n set_counter: set_counter,\n get_state: get_state,\n get_iv: get_iv,\n gcm_init: gcm_init,\n cipher: cipher,\n mac: mac,\n };\n }(stdlib, foreign, buffer);\n\n asm.set_key = set_key;\n\n return asm;\n };\n\n /**\n * AES enciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.ENC = {\n ECB: 0,\n CBC: 2,\n CFB: 4,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES deciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.DEC = {\n ECB: 1,\n CBC: 3,\n CFB: 5,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES MAC mode constants\n * @enum {number}\n * @const\n */\n wrapper.MAC = {\n CBC: 0,\n GCM: 1,\n };\n\n /**\n * Heap data offset\n * @type {number}\n * @const\n */\n wrapper.HEAP_DATA = 0x4000;\n\n return wrapper;\n}();\n","const local_atob = typeof atob === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'base64').toString('binary') : atob;\nconst local_btoa = typeof btoa === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'binary').toString('base64') : btoa;\nexport function string_to_bytes(str, utf8 = false) {\n var len = str.length, bytes = new Uint8Array(utf8 ? 4 * len : len);\n for (var i = 0, j = 0; i < len; i++) {\n var c = str.charCodeAt(i);\n if (utf8 && 0xd800 <= c && c <= 0xdbff) {\n if (++i >= len)\n throw new Error('Malformed string, low surrogate expected at position ' + i);\n c = ((c ^ 0xd800) << 10) | 0x10000 | (str.charCodeAt(i) ^ 0xdc00);\n }\n else if (!utf8 && c >>> 8) {\n throw new Error('Wide characters are not allowed.');\n }\n if (!utf8 || c <= 0x7f) {\n bytes[j++] = c;\n }\n else if (c <= 0x7ff) {\n bytes[j++] = 0xc0 | (c >> 6);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else if (c <= 0xffff) {\n bytes[j++] = 0xe0 | (c >> 12);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else {\n bytes[j++] = 0xf0 | (c >> 18);\n bytes[j++] = 0x80 | ((c >> 12) & 0x3f);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n }\n return bytes.subarray(0, j);\n}\nexport function hex_to_bytes(str) {\n var len = str.length;\n if (len & 1) {\n str = '0' + str;\n len++;\n }\n var bytes = new Uint8Array(len >> 1);\n for (var i = 0; i < len; i += 2) {\n bytes[i >> 1] = parseInt(str.substr(i, 2), 16);\n }\n return bytes;\n}\nexport function base64_to_bytes(str) {\n return string_to_bytes(local_atob(str));\n}\nexport function bytes_to_string(bytes, utf8 = false) {\n var len = bytes.length, chars = new Array(len);\n for (var i = 0, j = 0; i < len; i++) {\n var b = bytes[i];\n if (!utf8 || b < 128) {\n chars[j++] = b;\n }\n else if (b >= 192 && b < 224 && i + 1 < len) {\n chars[j++] = ((b & 0x1f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 224 && b < 240 && i + 2 < len) {\n chars[j++] = ((b & 0xf) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 240 && b < 248 && i + 3 < len) {\n var c = ((b & 7) << 18) | ((bytes[++i] & 0x3f) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n if (c <= 0xffff) {\n chars[j++] = c;\n }\n else {\n c ^= 0x10000;\n chars[j++] = 0xd800 | (c >> 10);\n chars[j++] = 0xdc00 | (c & 0x3ff);\n }\n }\n else {\n throw new Error('Malformed UTF8 character at byte offset ' + i);\n }\n }\n var str = '', bs = 16384;\n for (var i = 0; i < j; i += bs) {\n str += String.fromCharCode.apply(String, chars.slice(i, i + bs <= j ? i + bs : j));\n }\n return str;\n}\nexport function bytes_to_hex(arr) {\n var str = '';\n for (var i = 0; i < arr.length; i++) {\n var h = (arr[i] & 0xff).toString(16);\n if (h.length < 2)\n str += '0';\n str += h;\n }\n return str;\n}\nexport function bytes_to_base64(arr) {\n return local_btoa(bytes_to_string(arr));\n}\nexport function pow2_ceil(a) {\n a -= 1;\n a |= a >>> 1;\n a |= a >>> 2;\n a |= a >>> 4;\n a |= a >>> 8;\n a |= a >>> 16;\n a += 1;\n return a;\n}\nexport function is_number(a) {\n return typeof a === 'number';\n}\nexport function is_string(a) {\n return typeof a === 'string';\n}\nexport function is_buffer(a) {\n return a instanceof ArrayBuffer;\n}\nexport function is_bytes(a) {\n return a instanceof Uint8Array;\n}\nexport function is_typed_array(a) {\n return (a instanceof Int8Array ||\n a instanceof Uint8Array ||\n a instanceof Int16Array ||\n a instanceof Uint16Array ||\n a instanceof Int32Array ||\n a instanceof Uint32Array ||\n a instanceof Float32Array ||\n a instanceof Float64Array);\n}\nexport function _heap_init(heap, heapSize) {\n const size = heap ? heap.byteLength : heapSize || 65536;\n if (size & 0xfff || size <= 0)\n throw new Error('heap size must be a positive integer and a multiple of 4096');\n heap = heap || new Uint8Array(new ArrayBuffer(size));\n return heap;\n}\nexport function _heap_write(heap, hpos, data, dpos, dlen) {\n const hlen = heap.length - hpos;\n const wlen = hlen < dlen ? hlen : dlen;\n heap.set(data.subarray(dpos, dpos + wlen), hpos);\n return wlen;\n}\nexport function joinBytes(...arg) {\n const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0);\n const ret = new Uint8Array(totalLenght);\n let cursor = 0;\n for (let i = 0; i < arg.length; i++) {\n ret.set(arg[i], cursor);\n cursor += arg[i].length;\n }\n return ret;\n}\n","export class IllegalStateError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalStateError' } });\n }\n}\nexport class IllegalArgumentError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalArgumentError' } });\n }\n}\nexport class SecurityError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'SecurityError' } });\n }\n}\n","import { AES_asm } from './aes.asm';\nimport { _heap_init, _heap_write, is_bytes } from '../other/utils';\nimport { IllegalArgumentError, SecurityError } from '../other/errors';\nconst heap_pool = [];\nconst asm_pool = [];\nexport class AES {\n constructor(key, iv, padding = true, mode, heap, asm) {\n this.pos = 0;\n this.len = 0;\n this.mode = mode;\n // The AES object state\n this.pos = 0;\n this.len = 0;\n this.key = key;\n this.iv = iv;\n this.padding = padding;\n // The AES \"worker\"\n this.acquire_asm(heap, asm);\n }\n acquire_asm(heap, asm) {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA);\n this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer);\n this.reset(this.key, this.iv);\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n reset(key, iv) {\n const { asm } = this.acquire_asm();\n // Key\n const keylen = key.length;\n if (keylen !== 16 && keylen !== 24 && keylen !== 32)\n throw new IllegalArgumentError('illegal key size');\n const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength);\n asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0);\n // IV\n if (iv !== undefined) {\n if (iv.length !== 16)\n throw new IllegalArgumentError('illegal iv size');\n let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12));\n }\n else {\n asm.set_iv(0, 0, 0, 0);\n }\n }\n AES_Encrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n let result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Encrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let plen = 16 - (len % 16);\n let rlen = len;\n if (this.hasOwnProperty('padding')) {\n if (this.padding) {\n for (let p = 0; p < plen; ++p) {\n heap[pos + len + p] = plen;\n }\n len += plen;\n rlen = len;\n }\n else if (len % 16) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n }\n else {\n len += plen;\n }\n const result = new Uint8Array(rlen);\n if (len)\n asm.cipher(amode, hpos + pos, len);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n AES_Decrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let plen = 0;\n let wlen = 0;\n if (this.padding) {\n plen = len + dlen - rlen || 16;\n rlen -= plen;\n }\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0));\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Decrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let rlen = len;\n if (len > 0) {\n if (len % 16) {\n if (this.hasOwnProperty('padding')) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n else {\n len += 16 - (len % 16);\n }\n }\n asm.cipher(amode, hpos + pos, len);\n if (this.hasOwnProperty('padding') && this.padding) {\n let pad = heap[pos + rlen - 1];\n if (pad < 1 || pad > 16 || pad > rlen)\n throw new SecurityError('bad padding');\n let pcheck = 0;\n for (let i = pad; i > 1; i--)\n pcheck |= pad ^ heap[pos + rlen - i];\n if (pcheck)\n throw new SecurityError('bad padding');\n rlen -= pad;\n }\n }\n const result = new Uint8Array(rlen);\n if (rlen > 0) {\n result.set(heap.subarray(pos, pos + rlen));\n }\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_ECB {\n static encrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).encrypt(data);\n }\n static decrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).decrypt(data);\n }\n constructor(key, padding = false, aes) {\n this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import { AES_ECB } from '@openpgp/asmcrypto.js/dist_es8/aes/ecb';\n\n/**\n * Javascript AES implementation.\n * This is used as fallback if the native Crypto APIs are not available.\n */\nfunction aes(length) {\n const C = function(key) {\n const aesECB = new AES_ECB(key);\n\n this.encrypt = function(block) {\n return aesECB.encrypt(block);\n };\n\n this.decrypt = function(block) {\n return aesECB.decrypt(block);\n };\n };\n\n C.blockSize = C.prototype.blockSize = 16;\n C.keySize = C.prototype.keySize = length / 8;\n\n return C;\n}\n\nexport default aes;\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * @fileoverview Symmetric cryptography functions\n * @module crypto/cipher\n * @private\n */\n\nimport aes from './aes';\nimport { DES, TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TF from './twofish';\nimport BF from './blowfish';\n\n/**\n * AES-128 encryption and decryption (ID 7)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes128 = aes(128);\n/**\n * AES-128 Block Cipher (ID 8)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes192 = aes(192);\n/**\n * AES-128 Block Cipher (ID 9)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes256 = aes(256);\n// Not in OpenPGP specifications\nexport const des = DES;\n/**\n * Triple DES Block Cipher (ID 2)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67}\n * @returns {Object}\n */\nexport const tripledes = TripleDES;\n/**\n * CAST-128 Block Cipher (ID 3)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm}\n * @returns {Object}\n */\nexport const cast5 = CAST5;\n/**\n * Twofish Block Cipher (ID 10)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH}\n * @returns {Object}\n */\nexport const twofish = TF;\n/**\n * Blowfish Block Cipher (ID 4)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH}\n * @returns {Object}\n */\nexport const blowfish = BF;\n/**\n * Not implemented\n * @function\n * @throws {Error}\n */\nexport const idea = function() {\n throw new Error('IDEA symmetric-key algorithm not implemented');\n};\n","export var sha1_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0,\n w16 = 0, w17 = 0, w18 = 0, w19 = 0,\n w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0,\n w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0,\n w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0,\n w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0,\n w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0,\n w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n\n // 0\n t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 1\n t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 2\n t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 3\n t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 4\n t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 5\n t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 6\n t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 7\n t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 8\n t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 9\n t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 10\n t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 11\n t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 12\n t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 13\n t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 14\n t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 15\n t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 16\n n = w13 ^ w8 ^ w2 ^ w0;\n w16 = (n << 1) | (n >>> 31);\n t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 17\n n = w14 ^ w9 ^ w3 ^ w1;\n w17 = (n << 1) | (n >>> 31);\n t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 18\n n = w15 ^ w10 ^ w4 ^ w2;\n w18 = (n << 1) | (n >>> 31);\n t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 19\n n = w16 ^ w11 ^ w5 ^ w3;\n w19 = (n << 1) | (n >>> 31);\n t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 20\n n = w17 ^ w12 ^ w6 ^ w4;\n w20 = (n << 1) | (n >>> 31);\n t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 21\n n = w18 ^ w13 ^ w7 ^ w5;\n w21 = (n << 1) | (n >>> 31);\n t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 22\n n = w19 ^ w14 ^ w8 ^ w6;\n w22 = (n << 1) | (n >>> 31);\n t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 23\n n = w20 ^ w15 ^ w9 ^ w7;\n w23 = (n << 1) | (n >>> 31);\n t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 24\n n = w21 ^ w16 ^ w10 ^ w8;\n w24 = (n << 1) | (n >>> 31);\n t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 25\n n = w22 ^ w17 ^ w11 ^ w9;\n w25 = (n << 1) | (n >>> 31);\n t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 26\n n = w23 ^ w18 ^ w12 ^ w10;\n w26 = (n << 1) | (n >>> 31);\n t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 27\n n = w24 ^ w19 ^ w13 ^ w11;\n w27 = (n << 1) | (n >>> 31);\n t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 28\n n = w25 ^ w20 ^ w14 ^ w12;\n w28 = (n << 1) | (n >>> 31);\n t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 29\n n = w26 ^ w21 ^ w15 ^ w13;\n w29 = (n << 1) | (n >>> 31);\n t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 30\n n = w27 ^ w22 ^ w16 ^ w14;\n w30 = (n << 1) | (n >>> 31);\n t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 31\n n = w28 ^ w23 ^ w17 ^ w15;\n w31 = (n << 1) | (n >>> 31);\n t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 32\n n = w29 ^ w24 ^ w18 ^ w16;\n w32 = (n << 1) | (n >>> 31);\n t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 33\n n = w30 ^ w25 ^ w19 ^ w17;\n w33 = (n << 1) | (n >>> 31);\n t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 34\n n = w31 ^ w26 ^ w20 ^ w18;\n w34 = (n << 1) | (n >>> 31);\n t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 35\n n = w32 ^ w27 ^ w21 ^ w19;\n w35 = (n << 1) | (n >>> 31);\n t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 36\n n = w33 ^ w28 ^ w22 ^ w20;\n w36 = (n << 1) | (n >>> 31);\n t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 37\n n = w34 ^ w29 ^ w23 ^ w21;\n w37 = (n << 1) | (n >>> 31);\n t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 38\n n = w35 ^ w30 ^ w24 ^ w22;\n w38 = (n << 1) | (n >>> 31);\n t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 39\n n = w36 ^ w31 ^ w25 ^ w23;\n w39 = (n << 1) | (n >>> 31);\n t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 40\n n = w37 ^ w32 ^ w26 ^ w24;\n w40 = (n << 1) | (n >>> 31);\n t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 41\n n = w38 ^ w33 ^ w27 ^ w25;\n w41 = (n << 1) | (n >>> 31);\n t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 42\n n = w39 ^ w34 ^ w28 ^ w26;\n w42 = (n << 1) | (n >>> 31);\n t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 43\n n = w40 ^ w35 ^ w29 ^ w27;\n w43 = (n << 1) | (n >>> 31);\n t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 44\n n = w41 ^ w36 ^ w30 ^ w28;\n w44 = (n << 1) | (n >>> 31);\n t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 45\n n = w42 ^ w37 ^ w31 ^ w29;\n w45 = (n << 1) | (n >>> 31);\n t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 46\n n = w43 ^ w38 ^ w32 ^ w30;\n w46 = (n << 1) | (n >>> 31);\n t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 47\n n = w44 ^ w39 ^ w33 ^ w31;\n w47 = (n << 1) | (n >>> 31);\n t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 48\n n = w45 ^ w40 ^ w34 ^ w32;\n w48 = (n << 1) | (n >>> 31);\n t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 49\n n = w46 ^ w41 ^ w35 ^ w33;\n w49 = (n << 1) | (n >>> 31);\n t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 50\n n = w47 ^ w42 ^ w36 ^ w34;\n w50 = (n << 1) | (n >>> 31);\n t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 51\n n = w48 ^ w43 ^ w37 ^ w35;\n w51 = (n << 1) | (n >>> 31);\n t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 52\n n = w49 ^ w44 ^ w38 ^ w36;\n w52 = (n << 1) | (n >>> 31);\n t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 53\n n = w50 ^ w45 ^ w39 ^ w37;\n w53 = (n << 1) | (n >>> 31);\n t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 54\n n = w51 ^ w46 ^ w40 ^ w38;\n w54 = (n << 1) | (n >>> 31);\n t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 55\n n = w52 ^ w47 ^ w41 ^ w39;\n w55 = (n << 1) | (n >>> 31);\n t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 56\n n = w53 ^ w48 ^ w42 ^ w40;\n w56 = (n << 1) | (n >>> 31);\n t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 57\n n = w54 ^ w49 ^ w43 ^ w41;\n w57 = (n << 1) | (n >>> 31);\n t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 58\n n = w55 ^ w50 ^ w44 ^ w42;\n w58 = (n << 1) | (n >>> 31);\n t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 59\n n = w56 ^ w51 ^ w45 ^ w43;\n w59 = (n << 1) | (n >>> 31);\n t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 60\n n = w57 ^ w52 ^ w46 ^ w44;\n w60 = (n << 1) | (n >>> 31);\n t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 61\n n = w58 ^ w53 ^ w47 ^ w45;\n w61 = (n << 1) | (n >>> 31);\n t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 62\n n = w59 ^ w54 ^ w48 ^ w46;\n w62 = (n << 1) | (n >>> 31);\n t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 63\n n = w60 ^ w55 ^ w49 ^ w47;\n w63 = (n << 1) | (n >>> 31);\n t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 64\n n = w61 ^ w56 ^ w50 ^ w48;\n w64 = (n << 1) | (n >>> 31);\n t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 65\n n = w62 ^ w57 ^ w51 ^ w49;\n w65 = (n << 1) | (n >>> 31);\n t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 66\n n = w63 ^ w58 ^ w52 ^ w50;\n w66 = (n << 1) | (n >>> 31);\n t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 67\n n = w64 ^ w59 ^ w53 ^ w51;\n w67 = (n << 1) | (n >>> 31);\n t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 68\n n = w65 ^ w60 ^ w54 ^ w52;\n w68 = (n << 1) | (n >>> 31);\n t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 69\n n = w66 ^ w61 ^ w55 ^ w53;\n w69 = (n << 1) | (n >>> 31);\n t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 70\n n = w67 ^ w62 ^ w56 ^ w54;\n w70 = (n << 1) | (n >>> 31);\n t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 71\n n = w68 ^ w63 ^ w57 ^ w55;\n w71 = (n << 1) | (n >>> 31);\n t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 72\n n = w69 ^ w64 ^ w58 ^ w56;\n w72 = (n << 1) | (n >>> 31);\n t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 73\n n = w70 ^ w65 ^ w59 ^ w57;\n w73 = (n << 1) | (n >>> 31);\n t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 74\n n = w71 ^ w66 ^ w60 ^ w58;\n w74 = (n << 1) | (n >>> 31);\n t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 75\n n = w72 ^ w67 ^ w61 ^ w59;\n w75 = (n << 1) | (n >>> 31);\n t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 76\n n = w73 ^ w68 ^ w62 ^ w60;\n w76 = (n << 1) | (n >>> 31);\n t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 77\n n = w74 ^ w69 ^ w63 ^ w61;\n w77 = (n << 1) | (n >>> 31);\n t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 78\n n = w75 ^ w70 ^ w64 ^ w62;\n w78 = (n << 1) | (n >>> 31);\n t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 79\n n = w76 ^ w71 ^ w65 ^ w63;\n w79 = (n << 1) | (n >>> 31);\n t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n }\n\n function reset () {\n H0 = 0x67452301;\n H1 = 0xefcdab89;\n H2 = 0x98badcfe;\n H3 = 0x10325476;\n H4 = 0xc3d2e1f0;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA1\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA1\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA1\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","import { _heap_write } from '../other/utils';\nimport { IllegalStateError } from '../other/errors';\nexport class Hash {\n constructor() {\n this.pos = 0;\n this.len = 0;\n }\n reset() {\n const { asm } = this.acquire_asm();\n this.result = null;\n this.pos = 0;\n this.len = 0;\n asm.reset();\n return this;\n }\n process(data) {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n let hpos = this.pos;\n let hlen = this.len;\n let dpos = 0;\n let dlen = data.length;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen);\n hlen += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.process(hpos, hlen);\n hpos += wlen;\n hlen -= wlen;\n if (!hlen)\n hpos = 0;\n }\n this.pos = hpos;\n this.len = hlen;\n return this;\n }\n finish() {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n asm.finish(this.pos, this.len, 0);\n this.result = new Uint8Array(this.HASH_SIZE);\n this.result.set(heap.subarray(0, this.HASH_SIZE));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return this;\n }\n}\n","import { sha1_asm } from './sha1.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha1_block_size = 64;\nexport const _sha1_hash_size = 20;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha1 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha1';\n this.BLOCK_SIZE = _sha1_block_size;\n this.HASH_SIZE = _sha1_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha1().process(data).finish().result;\n }\n}\nSha1.NAME = 'sha1';\nSha1.heap_pool = [];\nSha1.asm_pool = [];\nSha1.asm_function = sha1_asm;\n","import { sha256_asm } from './sha256.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha256_block_size = 64;\nexport const _sha256_hash_size = 32;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha256 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha256';\n this.BLOCK_SIZE = _sha256_block_size;\n this.HASH_SIZE = _sha256_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha256().process(data).finish().result;\n }\n}\nSha256.NAME = 'sha256';\n","export var sha256_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n f = H5;\n g = H6;\n h = H7;\n \n // 0\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 1\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 2\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 3\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 4\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 5\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 6\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 7\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 8\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 9\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 10\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 11\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 12\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 13\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 14\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 15\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 16\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 17\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 18\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 19\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 20\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 21\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 22\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 23\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 24\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 25\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 26\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 27\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 28\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 29\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 30\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 31\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 32\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 33\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 34\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 35\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 36\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 37\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 38\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 39\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 40\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 41\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 42\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 43\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 44\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 45\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 46\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 47\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 48\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 49\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 50\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 51\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 52\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 53\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 54\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 55\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 56\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 57\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 58\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 59\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 60\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 61\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 62\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 63\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n H5 = ( H5 + f )|0;\n H6 = ( H6 + g )|0;\n H7 = ( H7 + h )|0;\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n HEAP[output|20] = H5>>>24;\n HEAP[output|21] = H5>>>16&255;\n HEAP[output|22] = H5>>>8&255;\n HEAP[output|23] = H5&255;\n HEAP[output|24] = H6>>>24;\n HEAP[output|25] = H6>>>16&255;\n HEAP[output|26] = H6>>>8&255;\n HEAP[output|27] = H6&255;\n HEAP[output|28] = H7>>>24;\n HEAP[output|29] = H7>>>16&255;\n HEAP[output|30] = H7>>>8&255;\n HEAP[output|31] = H7&255;\n }\n\n function reset () {\n H0 = 0x6a09e667;\n H1 = 0xbb67ae85;\n H2 = 0x3c6ef372;\n H3 = 0xa54ff53a;\n H4 = 0x510e527f;\n H5 = 0x9b05688c;\n H6 = 0x1f83d9ab;\n H7 = 0x5be0cd19;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n h5 = h5|0;\n h6 = h6|0;\n h7 = h7|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n H5 = I5;\n H6 = I6;\n H7 = I7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n H5 = O5;\n H6 = O6;\n H7 = O7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n O5 = H5;\n O6 = H6;\n O7 = H7;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n I5 = H5;\n I6 = H6;\n I7 = H7;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n h5 = h5 ^ H5;\n h6 = h6 ^ H6;\n h7 = h7 ^ H7;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA256\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA256\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA256\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","module.exports = assert;\n\nfunction assert(val, msg) {\n if (!val)\n throw new Error(msg || 'Assertion failed');\n}\n\nassert.equal = function assertEqual(l, r, msg) {\n if (l != r)\n throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));\n};\n","if (typeof Object.create === 'function') {\n // implementation from standard node.js 'util' module\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n ctor.prototype = Object.create(superCtor.prototype, {\n constructor: {\n value: ctor,\n enumerable: false,\n writable: true,\n configurable: true\n }\n });\n };\n} else {\n // old school shim for old browsers\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n var TempCtor = function () {}\n TempCtor.prototype = superCtor.prototype\n ctor.prototype = new TempCtor()\n ctor.prototype.constructor = ctor\n }\n}\n","try {\n var util = require('util');\n if (typeof util.inherits !== 'function') throw '';\n module.exports = util.inherits;\n} catch (e) {\n module.exports = require('./inherits_browser.js');\n}\n","'use strict';\n\nvar assert = require('minimalistic-assert');\nvar inherits = require('inherits');\n\nexports.inherits = inherits;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg === 'string') {\n if (!enc) {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n } else if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n }\n } else {\n for (i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n }\n return res;\n}\nexports.toArray = toArray;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nexports.toHex = toHex;\n\nfunction htonl(w) {\n var res = (w >>> 24) |\n ((w >>> 8) & 0xff00) |\n ((w << 8) & 0xff0000) |\n ((w & 0xff) << 24);\n return res >>> 0;\n}\nexports.htonl = htonl;\n\nfunction toHex32(msg, endian) {\n var res = '';\n for (var i = 0; i < msg.length; i++) {\n var w = msg[i];\n if (endian === 'little')\n w = htonl(w);\n res += zero8(w.toString(16));\n }\n return res;\n}\nexports.toHex32 = toHex32;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nexports.zero2 = zero2;\n\nfunction zero8(word) {\n if (word.length === 7)\n return '0' + word;\n else if (word.length === 6)\n return '00' + word;\n else if (word.length === 5)\n return '000' + word;\n else if (word.length === 4)\n return '0000' + word;\n else if (word.length === 3)\n return '00000' + word;\n else if (word.length === 2)\n return '000000' + word;\n else if (word.length === 1)\n return '0000000' + word;\n else\n return word;\n}\nexports.zero8 = zero8;\n\nfunction join32(msg, start, end, endian) {\n var len = end - start;\n assert(len % 4 === 0);\n var res = new Array(len / 4);\n for (var i = 0, k = start; i < res.length; i++, k += 4) {\n var w;\n if (endian === 'big')\n w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];\n else\n w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];\n res[i] = w >>> 0;\n }\n return res;\n}\nexports.join32 = join32;\n\nfunction split32(msg, endian) {\n var res = new Array(msg.length * 4);\n for (var i = 0, k = 0; i < msg.length; i++, k += 4) {\n var m = msg[i];\n if (endian === 'big') {\n res[k] = m >>> 24;\n res[k + 1] = (m >>> 16) & 0xff;\n res[k + 2] = (m >>> 8) & 0xff;\n res[k + 3] = m & 0xff;\n } else {\n res[k + 3] = m >>> 24;\n res[k + 2] = (m >>> 16) & 0xff;\n res[k + 1] = (m >>> 8) & 0xff;\n res[k] = m & 0xff;\n }\n }\n return res;\n}\nexports.split32 = split32;\n\nfunction rotr32(w, b) {\n return (w >>> b) | (w << (32 - b));\n}\nexports.rotr32 = rotr32;\n\nfunction rotl32(w, b) {\n return (w << b) | (w >>> (32 - b));\n}\nexports.rotl32 = rotl32;\n\nfunction sum32(a, b) {\n return (a + b) >>> 0;\n}\nexports.sum32 = sum32;\n\nfunction sum32_3(a, b, c) {\n return (a + b + c) >>> 0;\n}\nexports.sum32_3 = sum32_3;\n\nfunction sum32_4(a, b, c, d) {\n return (a + b + c + d) >>> 0;\n}\nexports.sum32_4 = sum32_4;\n\nfunction sum32_5(a, b, c, d, e) {\n return (a + b + c + d + e) >>> 0;\n}\nexports.sum32_5 = sum32_5;\n\nfunction sum64(buf, pos, ah, al) {\n var bh = buf[pos];\n var bl = buf[pos + 1];\n\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n buf[pos] = hi >>> 0;\n buf[pos + 1] = lo;\n}\nexports.sum64 = sum64;\n\nfunction sum64_hi(ah, al, bh, bl) {\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n return hi >>> 0;\n}\nexports.sum64_hi = sum64_hi;\n\nfunction sum64_lo(ah, al, bh, bl) {\n var lo = al + bl;\n return lo >>> 0;\n}\nexports.sum64_lo = sum64_lo;\n\nfunction sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n\n var hi = ah + bh + ch + dh + carry;\n return hi >>> 0;\n}\nexports.sum64_4_hi = sum64_4_hi;\n\nfunction sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {\n var lo = al + bl + cl + dl;\n return lo >>> 0;\n}\nexports.sum64_4_lo = sum64_4_lo;\n\nfunction sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n lo = (lo + el) >>> 0;\n carry += lo < el ? 1 : 0;\n\n var hi = ah + bh + ch + dh + eh + carry;\n return hi >>> 0;\n}\nexports.sum64_5_hi = sum64_5_hi;\n\nfunction sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var lo = al + bl + cl + dl + el;\n\n return lo >>> 0;\n}\nexports.sum64_5_lo = sum64_5_lo;\n\nfunction rotr64_hi(ah, al, num) {\n var r = (al << (32 - num)) | (ah >>> num);\n return r >>> 0;\n}\nexports.rotr64_hi = rotr64_hi;\n\nfunction rotr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.rotr64_lo = rotr64_lo;\n\nfunction shr64_hi(ah, al, num) {\n return ah >>> num;\n}\nexports.shr64_hi = shr64_hi;\n\nfunction shr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.shr64_lo = shr64_lo;\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction BlockHash() {\n this.pending = null;\n this.pendingTotal = 0;\n this.blockSize = this.constructor.blockSize;\n this.outSize = this.constructor.outSize;\n this.hmacStrength = this.constructor.hmacStrength;\n this.padLength = this.constructor.padLength / 8;\n this.endian = 'big';\n\n this._delta8 = this.blockSize / 8;\n this._delta32 = this.blockSize / 32;\n}\nexports.BlockHash = BlockHash;\n\nBlockHash.prototype.update = function update(msg, enc) {\n // Convert message to array, pad it, and join into 32bit blocks\n msg = utils.toArray(msg, enc);\n if (!this.pending)\n this.pending = msg;\n else\n this.pending = this.pending.concat(msg);\n this.pendingTotal += msg.length;\n\n // Enough data, try updating\n if (this.pending.length >= this._delta8) {\n msg = this.pending;\n\n // Process pending data in blocks\n var r = msg.length % this._delta8;\n this.pending = msg.slice(msg.length - r, msg.length);\n if (this.pending.length === 0)\n this.pending = null;\n\n msg = utils.join32(msg, 0, msg.length - r, this.endian);\n for (var i = 0; i < msg.length; i += this._delta32)\n this._update(msg, i, i + this._delta32);\n }\n\n return this;\n};\n\nBlockHash.prototype.digest = function digest(enc) {\n this.update(this._pad());\n assert(this.pending === null);\n\n return this._digest(enc);\n};\n\nBlockHash.prototype._pad = function pad() {\n var len = this.pendingTotal;\n var bytes = this._delta8;\n var k = bytes - ((len + this.padLength) % bytes);\n var res = new Array(k + this.padLength);\n res[0] = 0x80;\n for (var i = 1; i < k; i++)\n res[i] = 0;\n\n // Append length\n len <<= 3;\n if (this.endian === 'big') {\n for (var t = 8; t < this.padLength; t++)\n res[i++] = 0;\n\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = len & 0xff;\n } else {\n res[i++] = len & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n\n for (t = 8; t < this.padLength; t++)\n res[i++] = 0;\n }\n\n return res;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar rotr32 = utils.rotr32;\n\nfunction ft_1(s, x, y, z) {\n if (s === 0)\n return ch32(x, y, z);\n if (s === 1 || s === 3)\n return p32(x, y, z);\n if (s === 2)\n return maj32(x, y, z);\n}\nexports.ft_1 = ft_1;\n\nfunction ch32(x, y, z) {\n return (x & y) ^ ((~x) & z);\n}\nexports.ch32 = ch32;\n\nfunction maj32(x, y, z) {\n return (x & y) ^ (x & z) ^ (y & z);\n}\nexports.maj32 = maj32;\n\nfunction p32(x, y, z) {\n return x ^ y ^ z;\n}\nexports.p32 = p32;\n\nfunction s0_256(x) {\n return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);\n}\nexports.s0_256 = s0_256;\n\nfunction s1_256(x) {\n return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);\n}\nexports.s1_256 = s1_256;\n\nfunction g0_256(x) {\n return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);\n}\nexports.g0_256 = g0_256;\n\nfunction g1_256(x) {\n return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);\n}\nexports.g1_256 = g1_256;\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\nvar assert = require('minimalistic-assert');\n\nvar sum32 = utils.sum32;\nvar sum32_4 = utils.sum32_4;\nvar sum32_5 = utils.sum32_5;\nvar ch32 = shaCommon.ch32;\nvar maj32 = shaCommon.maj32;\nvar s0_256 = shaCommon.s0_256;\nvar s1_256 = shaCommon.s1_256;\nvar g0_256 = shaCommon.g0_256;\nvar g1_256 = shaCommon.g1_256;\n\nvar BlockHash = common.BlockHash;\n\nvar sha256_K = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n];\n\nfunction SHA256() {\n if (!(this instanceof SHA256))\n return new SHA256();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\n 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n ];\n this.k = sha256_K;\n this.W = new Array(64);\n}\nutils.inherits(SHA256, BlockHash);\nmodule.exports = SHA256;\n\nSHA256.blockSize = 512;\nSHA256.outSize = 256;\nSHA256.hmacStrength = 192;\nSHA256.padLength = 64;\n\nSHA256.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i++)\n W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n var f = this.h[5];\n var g = this.h[6];\n var h = this.h[7];\n\n assert(this.k.length === W.length);\n for (i = 0; i < W.length; i++) {\n var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);\n var T2 = sum32(s0_256(a), maj32(a, b, c));\n h = g;\n g = f;\n f = e;\n e = sum32(d, T1);\n d = c;\n c = b;\n b = a;\n a = sum32(T1, T2);\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n this.h[5] = sum32(this.h[5], f);\n this.h[6] = sum32(this.h[6], g);\n this.h[7] = sum32(this.h[7], h);\n};\n\nSHA256.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar SHA256 = require('./256');\n\nfunction SHA224() {\n if (!(this instanceof SHA224))\n return new SHA224();\n\n SHA256.call(this);\n this.h = [\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\n 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];\n}\nutils.inherits(SHA224, SHA256);\nmodule.exports = SHA224;\n\nSHA224.blockSize = 512;\nSHA224.outSize = 224;\nSHA224.hmacStrength = 192;\nSHA224.padLength = 64;\n\nSHA224.prototype._digest = function digest(enc) {\n // Just truncate output\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 7), 'big');\n else\n return utils.split32(this.h.slice(0, 7), 'big');\n};\n\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar assert = require('minimalistic-assert');\n\nvar rotr64_hi = utils.rotr64_hi;\nvar rotr64_lo = utils.rotr64_lo;\nvar shr64_hi = utils.shr64_hi;\nvar shr64_lo = utils.shr64_lo;\nvar sum64 = utils.sum64;\nvar sum64_hi = utils.sum64_hi;\nvar sum64_lo = utils.sum64_lo;\nvar sum64_4_hi = utils.sum64_4_hi;\nvar sum64_4_lo = utils.sum64_4_lo;\nvar sum64_5_hi = utils.sum64_5_hi;\nvar sum64_5_lo = utils.sum64_5_lo;\n\nvar BlockHash = common.BlockHash;\n\nvar sha512_K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction SHA512() {\n if (!(this instanceof SHA512))\n return new SHA512();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xf3bcc908,\n 0xbb67ae85, 0x84caa73b,\n 0x3c6ef372, 0xfe94f82b,\n 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1,\n 0x9b05688c, 0x2b3e6c1f,\n 0x1f83d9ab, 0xfb41bd6b,\n 0x5be0cd19, 0x137e2179 ];\n this.k = sha512_K;\n this.W = new Array(160);\n}\nutils.inherits(SHA512, BlockHash);\nmodule.exports = SHA512;\n\nSHA512.blockSize = 1024;\nSHA512.outSize = 512;\nSHA512.hmacStrength = 192;\nSHA512.padLength = 128;\n\nSHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {\n var W = this.W;\n\n // 32 x 32bit words\n for (var i = 0; i < 32; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i += 2) {\n var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2\n var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);\n var c1_hi = W[i - 14]; // i - 7\n var c1_lo = W[i - 13];\n var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15\n var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);\n var c3_hi = W[i - 32]; // i - 16\n var c3_lo = W[i - 31];\n\n W[i] = sum64_4_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n W[i + 1] = sum64_4_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n }\n};\n\nSHA512.prototype._update = function _update(msg, start) {\n this._prepareBlock(msg, start);\n\n var W = this.W;\n\n var ah = this.h[0];\n var al = this.h[1];\n var bh = this.h[2];\n var bl = this.h[3];\n var ch = this.h[4];\n var cl = this.h[5];\n var dh = this.h[6];\n var dl = this.h[7];\n var eh = this.h[8];\n var el = this.h[9];\n var fh = this.h[10];\n var fl = this.h[11];\n var gh = this.h[12];\n var gl = this.h[13];\n var hh = this.h[14];\n var hl = this.h[15];\n\n assert(this.k.length === W.length);\n for (var i = 0; i < W.length; i += 2) {\n var c0_hi = hh;\n var c0_lo = hl;\n var c1_hi = s1_512_hi(eh, el);\n var c1_lo = s1_512_lo(eh, el);\n var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);\n var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);\n var c3_hi = this.k[i];\n var c3_lo = this.k[i + 1];\n var c4_hi = W[i];\n var c4_lo = W[i + 1];\n\n var T1_hi = sum64_5_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n var T1_lo = sum64_5_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n\n c0_hi = s0_512_hi(ah, al);\n c0_lo = s0_512_lo(ah, al);\n c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);\n c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);\n\n var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);\n var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);\n\n hh = gh;\n hl = gl;\n\n gh = fh;\n gl = fl;\n\n fh = eh;\n fl = el;\n\n eh = sum64_hi(dh, dl, T1_hi, T1_lo);\n el = sum64_lo(dl, dl, T1_hi, T1_lo);\n\n dh = ch;\n dl = cl;\n\n ch = bh;\n cl = bl;\n\n bh = ah;\n bl = al;\n\n ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);\n al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);\n }\n\n sum64(this.h, 0, ah, al);\n sum64(this.h, 2, bh, bl);\n sum64(this.h, 4, ch, cl);\n sum64(this.h, 6, dh, dl);\n sum64(this.h, 8, eh, el);\n sum64(this.h, 10, fh, fl);\n sum64(this.h, 12, gh, gl);\n sum64(this.h, 14, hh, hl);\n};\n\nSHA512.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n\nfunction ch64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ ((~xh) & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction ch64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ ((~xl) & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 28);\n var c1_hi = rotr64_hi(xl, xh, 2); // 34\n var c2_hi = rotr64_hi(xl, xh, 7); // 39\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 28);\n var c1_lo = rotr64_lo(xl, xh, 2); // 34\n var c2_lo = rotr64_lo(xl, xh, 7); // 39\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 14);\n var c1_hi = rotr64_hi(xh, xl, 18);\n var c2_hi = rotr64_hi(xl, xh, 9); // 41\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 14);\n var c1_lo = rotr64_lo(xh, xl, 18);\n var c2_lo = rotr64_lo(xl, xh, 9); // 41\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 1);\n var c1_hi = rotr64_hi(xh, xl, 8);\n var c2_hi = shr64_hi(xh, xl, 7);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 1);\n var c1_lo = rotr64_lo(xh, xl, 8);\n var c2_lo = shr64_lo(xh, xl, 7);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 19);\n var c1_hi = rotr64_hi(xl, xh, 29); // 61\n var c2_hi = shr64_hi(xh, xl, 6);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 19);\n var c1_lo = rotr64_lo(xl, xh, 29); // 61\n var c2_lo = shr64_lo(xh, xl, 6);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n","'use strict';\n\nvar utils = require('../utils');\n\nvar SHA512 = require('./512');\n\nfunction SHA384() {\n if (!(this instanceof SHA384))\n return new SHA384();\n\n SHA512.call(this);\n this.h = [\n 0xcbbb9d5d, 0xc1059ed8,\n 0x629a292a, 0x367cd507,\n 0x9159015a, 0x3070dd17,\n 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31,\n 0x8eb44a87, 0x68581511,\n 0xdb0c2e0d, 0x64f98fa7,\n 0x47b5481d, 0xbefa4fa4 ];\n}\nutils.inherits(SHA384, SHA512);\nmodule.exports = SHA384;\n\nSHA384.blockSize = 1024;\nSHA384.outSize = 384;\nSHA384.hmacStrength = 192;\nSHA384.padLength = 128;\n\nSHA384.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 12), 'big');\n else\n return utils.split32(this.h.slice(0, 12), 'big');\n};\n","'use strict';\n\nvar utils = require('./utils');\nvar common = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_3 = utils.sum32_3;\nvar sum32_4 = utils.sum32_4;\nvar BlockHash = common.BlockHash;\n\nfunction RIPEMD160() {\n if (!(this instanceof RIPEMD160))\n return new RIPEMD160();\n\n BlockHash.call(this);\n\n this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];\n this.endian = 'little';\n}\nutils.inherits(RIPEMD160, BlockHash);\nexports.ripemd160 = RIPEMD160;\n\nRIPEMD160.blockSize = 512;\nRIPEMD160.outSize = 160;\nRIPEMD160.hmacStrength = 192;\nRIPEMD160.padLength = 64;\n\nRIPEMD160.prototype._update = function update(msg, start) {\n var A = this.h[0];\n var B = this.h[1];\n var C = this.h[2];\n var D = this.h[3];\n var E = this.h[4];\n var Ah = A;\n var Bh = B;\n var Ch = C;\n var Dh = D;\n var Eh = E;\n for (var j = 0; j < 80; j++) {\n var T = sum32(\n rotl32(\n sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),\n s[j]),\n E);\n A = E;\n E = D;\n D = rotl32(C, 10);\n C = B;\n B = T;\n T = sum32(\n rotl32(\n sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),\n sh[j]),\n Eh);\n Ah = Eh;\n Eh = Dh;\n Dh = rotl32(Ch, 10);\n Ch = Bh;\n Bh = T;\n }\n T = sum32_3(this.h[1], C, Dh);\n this.h[1] = sum32_3(this.h[2], D, Eh);\n this.h[2] = sum32_3(this.h[3], E, Ah);\n this.h[3] = sum32_3(this.h[4], A, Bh);\n this.h[4] = sum32_3(this.h[0], B, Ch);\n this.h[0] = T;\n};\n\nRIPEMD160.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'little');\n else\n return utils.split32(this.h, 'little');\n};\n\nfunction f(j, x, y, z) {\n if (j <= 15)\n return x ^ y ^ z;\n else if (j <= 31)\n return (x & y) | ((~x) & z);\n else if (j <= 47)\n return (x | (~y)) ^ z;\n else if (j <= 63)\n return (x & z) | (y & (~z));\n else\n return x ^ (y | (~z));\n}\n\nfunction K(j) {\n if (j <= 15)\n return 0x00000000;\n else if (j <= 31)\n return 0x5a827999;\n else if (j <= 47)\n return 0x6ed9eba1;\n else if (j <= 63)\n return 0x8f1bbcdc;\n else\n return 0xa953fd4e;\n}\n\nfunction Kh(j) {\n if (j <= 15)\n return 0x50a28be6;\n else if (j <= 31)\n return 0x5c4dd124;\n else if (j <= 47)\n return 0x6d703ef3;\n else if (j <= 63)\n return 0x7a6d76e9;\n else\n return 0x00000000;\n}\n\nvar r = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,\n 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,\n 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,\n 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13\n];\n\nvar rh = [\n 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,\n 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,\n 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,\n 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,\n 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11\n];\n\nvar s = [\n 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,\n 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,\n 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,\n 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,\n 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6\n];\n\nvar sh = [\n 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,\n 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,\n 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,\n 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,\n 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11\n];\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n * @private\n */\n\nimport { Sha1 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1';\nimport { Sha256 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256';\nimport sha224 from 'hash.js/lib/hash/sha/224';\nimport sha384 from 'hash.js/lib/hash/sha/384';\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport { ripemd160 } from 'hash.js/lib/hash/ripemd';\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport defaultConfig from '../../config';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction hashjsHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n }\n const hashInstance = hash();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => new Uint8Array(hashInstance.digest()));\n };\n}\n\nfunction asmcryptoHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hashInstance = new hash();\n return stream.transform(data, value => {\n hashInstance.process(value);\n }, () => hashInstance.finish().result);\n } else if (webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n } else {\n return hash.bytes(data);\n }\n };\n}\n\nconst hashFunctions = {\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'),\n sha224: nodeHash('sha224') || hashjsHash(sha224),\n sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'),\n sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),\n sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.\n ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)\n};\n\nexport default {\n\n /** @see module:md5 */\n md5: hashFunctions.md5,\n /** @see asmCrypto */\n sha1: hashFunctions.sha1,\n /** @see hash.js */\n sha224: hashFunctions.sha224,\n /** @see asmCrypto */\n sha256: hashFunctions.sha256,\n /** @see hash.js */\n sha384: hashFunctions.sha384,\n /** @see asmCrypto */\n sha512: hashFunctions.sha512,\n /** @see hash.js */\n ripemd: hashFunctions.ripemd,\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n default:\n throw new Error('Invalid hash function.');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CFB {\n static encrypt(data, key, iv) {\n return new AES_CFB(key, iv).encrypt(data);\n }\n static decrypt(data, key, iv) {\n return new AES_CFB(key, iv).decrypt(data);\n }\n constructor(key, iv, aes) {\n this.aes = aes ? aes : new AES(key, iv, true, 'CFB');\n delete this.aes.padding;\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import * as cipher from '.';\nimport enums from '../../enums';\n\n/**\n * Get implementation of the given cipher\n * @param {enums.symmetric} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport default function getCipher(algo) {\n const algoName = enums.read(enums.symmetric, algo);\n return cipher[algoName];\n}\n","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n * @private\n */\n\nimport { AES_CFB } from '@openpgp/asmcrypto.js/dist_es8/aes/cfb';\nimport * as stream from '@openpgp/web-stream-tools';\nimport getCipher from '../cipher/getCipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nfunction aesEncrypt(algo, key, pt, iv, config) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support\n !util.isStream(pt) &&\n pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2\n ) { // Web Crypto\n return webEncrypt(algo, key, pt, iv);\n }\n // asm.js fallback\n const cfb = new AES_CFB(key, iv);\n return stream.transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish());\n}\n\nfunction aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new AES_CFB(key, iv);\n return stream.transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish());\n }\n return AES_CFB.decrypt(ct, key, iv);\n}\n\nfunction xorMut(a, b) {\n for (let i = 0; i < a.length; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nasync function webEncrypt(algo, key, pt, iv) {\n const ALGO = 'AES-CBC';\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']);\n const { blockSize } = getCipher(algo);\n const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]);\n const ct = new Uint8Array(await webCrypto.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length);\n xorMut(ct, pt);\n return ct;\n}\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","import { AES } from './aes';\nimport { IllegalArgumentError } from '../other/errors';\nimport { joinBytes } from '../other/utils';\nexport class AES_CTR {\n static encrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n static decrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n constructor(key, nonce, aes) {\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n delete this.aes.padding;\n this.AES_CTR_set_options(nonce);\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n AES_CTR_set_options(nonce, counter, size) {\n let { asm } = this.aes.acquire_asm();\n if (size !== undefined) {\n if (size < 8 || size > 48)\n throw new IllegalArgumentError('illegal counter size');\n let mask = Math.pow(2, size) - 1;\n asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0);\n }\n else {\n size = 48;\n asm.set_mask(0, 0, 0xffff, 0xffffffff);\n }\n if (nonce !== undefined) {\n let len = nonce.length;\n if (!len || len > 16)\n throw new IllegalArgumentError('illegal nonce size');\n let view = new DataView(new ArrayBuffer(16));\n new Uint8Array(view.buffer).set(nonce);\n asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12));\n }\n else {\n throw new Error('nonce is required');\n }\n if (counter !== undefined) {\n if (counter < 0 || counter >= Math.pow(2, size))\n throw new IllegalArgumentError('illegal counter value');\n asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0);\n }\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CBC {\n static encrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).encrypt(data);\n }\n static decrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).decrypt(data);\n }\n constructor(key, iv, padding = true, aes) {\n this.aes = aes ? aes : new AES(key, iv, padding, 'CBC');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n * @private\n */\n\nimport { AES_CBC } from '@openpgp/asmcrypto.js/dist_es8/aes/cbc';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt) {\n return AES_CBC.encrypt(pt, key, false, zeroBlock);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n * @private\n */\n\nimport { AES_CTR } from '@openpgp/asmcrypto.js/dist_es8/aes/ctr';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n ) {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt, iv) {\n return AES_CTR.encrypt(pt, key, iv);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n * @private\n */\n\nimport * as ciphers from '../cipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n\n let maxNtz = 0;\n let encipher;\n let decipher;\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables(cipher, key) {\n const cipherName = enums.read(enums.symmetric, cipher);\n const aes = new ciphers[cipherName](key);\n encipher = aes.encrypt.bind(aes);\n decipher = aes.decrypt.bind(aes);\n\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","import { IllegalArgumentError, IllegalStateError, SecurityError } from '../other/errors';\nimport { _heap_write } from '../other/utils';\nimport { AES } from './aes';\nimport { AES_asm } from './aes.asm';\nconst _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5\nexport class AES_GCM {\n constructor(key, nonce, adata, tagSize = 16, aes) {\n this.tagSize = tagSize;\n this.gamma0 = 0;\n this.counter = 1;\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n let { asm, heap } = this.aes.acquire_asm();\n // Init GCM\n asm.gcm_init();\n // Tag size\n if (this.tagSize < 4 || this.tagSize > 16)\n throw new IllegalArgumentError('illegal tagSize value');\n // Nonce\n const noncelen = nonce.length || 0;\n const noncebuf = new Uint8Array(16);\n if (noncelen !== 12) {\n this._gcm_mac_process(nonce);\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = 0;\n heap[4] = 0;\n heap[5] = 0;\n heap[6] = 0;\n heap[7] = 0;\n heap[8] = 0;\n heap[9] = 0;\n heap[10] = 0;\n heap[11] = noncelen >>> 29;\n heap[12] = (noncelen >>> 21) & 255;\n heap[13] = (noncelen >>> 13) & 255;\n heap[14] = (noncelen >>> 5) & 255;\n heap[15] = (noncelen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_iv(0, 0, 0, 0);\n noncebuf.set(heap.subarray(0, 16));\n }\n else {\n noncebuf.set(nonce);\n noncebuf[15] = 1;\n }\n const nonceview = new DataView(noncebuf.buffer);\n this.gamma0 = nonceview.getUint32(12);\n asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0);\n asm.set_mask(0, 0, 0, 0xffffffff);\n // Associated data\n if (adata !== undefined) {\n if (adata.length > _AES_GCM_data_maxLength)\n throw new IllegalArgumentError('illegal adata length');\n if (adata.length) {\n this.adata = adata;\n this._gcm_mac_process(adata);\n }\n else {\n this.adata = undefined;\n }\n }\n else {\n this.adata = undefined;\n }\n // Counter\n if (this.counter < 1 || this.counter > 0xffffffff)\n throw new RangeError('counter must be a positive 32-bit integer');\n asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0);\n }\n static encrypt(cleartext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext);\n }\n static decrypt(ciphertext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext);\n }\n encrypt(data) {\n return this.AES_GCM_encrypt(data);\n }\n decrypt(data) {\n return this.AES_GCM_decrypt(data);\n }\n AES_GCM_Encrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len);\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Encrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let adata = this.adata;\n let pos = this.aes.pos;\n let len = this.aes.len;\n const result = new Uint8Array(len + tagSize);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16);\n if (len)\n result.set(heap.subarray(pos, pos + len));\n let i = len;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n result.set(heap.subarray(0, tagSize), len);\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_Decrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0;\n let tlen = len + dlen - rlen;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > tlen) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n pos = 0;\n len = 0;\n }\n if (dlen > 0) {\n len += _heap_write(heap, 0, data, dpos, dlen);\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Decrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let tagSize = this.tagSize;\n let adata = this.adata;\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rlen = len - tagSize;\n if (len < tagSize)\n throw new IllegalStateError('authentication tag not found');\n const result = new Uint8Array(rlen);\n const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));\n let i = rlen;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len - tagSize;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n let acheck = 0;\n for (let i = 0; i < tagSize; ++i)\n acheck |= atag[i] ^ heap[i];\n if (acheck)\n throw new SecurityError('data integrity check failed');\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_decrypt(data) {\n const result1 = this.AES_GCM_Decrypt_process(data);\n const result2 = this.AES_GCM_Decrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n AES_GCM_encrypt(data) {\n const result1 = this.AES_GCM_Encrypt_process(data);\n const result2 = this.AES_GCM_Encrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n _gcm_mac_process(data) {\n let { asm, heap } = this.aes.acquire_asm();\n let dpos = 0;\n let dlen = data.length || 0;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, 0, data, dpos, dlen);\n dpos += wlen;\n dlen -= wlen;\n while (wlen & 15)\n heap[wlen++] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen);\n }\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n * @private\n */\n\nimport { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.encrypt(pt, key, iv, adata);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (ct.length === tagLength) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n }\n };\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return AES_GCM.encrypt(pt, key, iv, adata);\n },\n\n decrypt: async function(ct, iv, adata) {\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n * @private\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","/*jshint bitwise: false*/\n\n(function(nacl) {\n'use strict';\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d;\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d, h, r;\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n r = nacl.hash(sm.subarray(32, smlen));\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n h = nacl.hash(sm.subarray(0, smlen));\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h;\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n h = nacl.hash(m.subarray(0, n));\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;\n if (crypto && crypto.getRandomValues) {\n // Browsers.\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n } else if (typeof require !== 'undefined') {\n // Node.js.\n crypto = require('crypto');\n if (crypto && crypto.randomBytes) {\n nacl.setPRNG(function(x, n) {\n var i, v = crypto.randomBytes(n);\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n }\n})();\n\n})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {}));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n * @private\n */\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const buf = new Uint8Array(length);\n if (nodeCrypto) {\n const bytes = nodeCrypto.randomBytes(buf.length);\n buf.set(bytes);\n } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n return buf;\n}\n\n/**\n * Create a secure random BigInteger that is greater than or equal to min and less than max.\n * @param {module:BigInteger} min - Lower bound, included\n * @param {module:BigInteger} max - Upper bound, excluded\n * @returns {Promise} Random BigInteger.\n * @async\n */\nexport async function getRandomBigInteger(min, max) {\n const BigInteger = await util.getBigInteger();\n\n if (max.lt(min)) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max.sub(min);\n const bytes = modulus.byteLength();\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = new BigInteger(await getRandomBytes(bytes + 8));\n return r.mod(modulus).add(min);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\n\n/**\n * Generate a probably prime random number\n * @param {Integer} bits - Bit length of the prime\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns BigInteger\n * @async\n */\nexport async function randomProbablePrime(bits, e, k) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n const min = one.leftShift(new BigInteger(bits - 1));\n const thirty = new BigInteger(30);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n const n = await getRandomBigInteger(min, min.leftShift(one));\n let i = n.mod(thirty).toNumber();\n\n do {\n n.iadd(new BigInteger(adds[i]));\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (n.bitLength() > bits) {\n n.imod(min.leftShift(one)).iadd(min);\n i = n.mod(thirty).toNumber();\n }\n } while (!await isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns {boolean}\n * @async\n */\nexport async function isProbablePrime(n, e, k) {\n if (e && !n.dec().gcd(e).isOne()) {\n return false;\n }\n if (!await divisionTest(n)) {\n return false;\n }\n if (!await fermat(n)) {\n return false;\n }\n if (!await millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} b - Optional Fermat test base\n * @returns {boolean}\n */\nexport async function fermat(n, b) {\n const BigInteger = await util.getBigInteger();\n b = b || new BigInteger(2);\n return b.modExp(n.dec(), n).isOne();\n}\n\nexport async function divisionTest(n) {\n const BigInteger = await util.getBigInteger();\n return smallPrimes.every(m => {\n return n.mod(new BigInteger(m)) !== 0;\n });\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n];\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param {BigInteger} n - Number to test\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @param {Function} rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport async function millerRabin(n, k, rand) {\n const BigInteger = await util.getBigInteger();\n const len = n.bitLength();\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n.dec(); // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!n1.getBit(s)) { s++; }\n const d = n.rightShift(new BigInteger(s));\n\n for (; k > 0; k--) {\n const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);\n\n let x = a.modExp(d, n);\n if (x.isOne() || x.equal(n1)) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = x.mul(x).mod(n);\n\n if (x.isOne()) {\n return false;\n }\n if (x.equal(n1)) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n * @private\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport async function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n * @private\n */\n\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\n/* eslint-disable no-invalid-this */\nconst RSAPrivateKey = nodeCrypto ? asn1.define('RSAPrivateKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('version').int(), // 0\n this.key('modulus').int(), // n\n this.key('publicExponent').int(), // e\n this.key('privateExponent').int(), // d\n this.key('prime1').int(), // p\n this.key('prime2').int(), // q\n this.key('exponent1').int(), // dp\n this.key('exponent2').int(), // dq\n this.key('coefficient').int() // u\n );\n}) : undefined;\n\nconst RSAPublicKey = nodeCrypto ? asn1.define('RSAPubliceKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('modulus').int(), // n\n this.key('publicExponent').int() // e\n );\n}) : undefined;\n/* eslint-enable no-invalid-this */\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n const BigInteger = await util.getBigInteger();\n\n e = new BigInteger(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return {\n n: b64ToUint8Array(jwk.n),\n e: e.toUint8Array(),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n } else if (util.getNodeCrypto() && nodeCrypto.generateKeyPair && RSAPrivateKey) {\n const opts = {\n modulusLength: bits,\n publicExponent: e.toNumber(),\n publicKeyEncoding: { type: 'pkcs1', format: 'der' },\n privateKeyEncoding: { type: 'pkcs1', format: 'der' }\n };\n const prv = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, der) => {\n if (err) {\n reject(err);\n } else {\n resolve(RSAPrivateKey.decode(der, 'der'));\n }\n });\n });\n /**\n * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`.\n * @link https://tools.ietf.org/html/rfc3447#section-3.2\n * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1\n */\n return {\n n: prv.modulus.toArrayLike(Uint8Array),\n e: prv.publicExponent.toArrayLike(Uint8Array),\n d: prv.privateExponent.toArrayLike(Uint8Array),\n // switch p and q\n p: prv.prime2.toArrayLike(Uint8Array),\n q: prv.prime1.toArrayLike(Uint8Array),\n // Since p and q are switched in places, we can keep u as defined by DER\n u: prv.coefficient.toArrayLike(Uint8Array)\n };\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = await randomProbablePrime(bits - (bits >> 1), e, 40);\n p = await randomProbablePrime(bits >> 1, e, 40);\n n = p.mul(q);\n } while (n.bitLength() !== bits);\n\n const phi = p.dec().imul(q.dec());\n\n if (q.lt(p)) {\n [p, q] = [q, p];\n }\n\n return {\n n: n.toUint8Array(),\n e: e.toUint8Array(),\n d: e.modInv(phi).toUint8Array(),\n p: p.toUint8Array(),\n q: q.toUint8Array(),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: p.modInv(q).toUint8Array()\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n p = new BigInteger(p);\n q = new BigInteger(q);\n\n // expect pq = n\n if (!p.mul(q).equal(n)) {\n return false;\n }\n\n const two = new BigInteger(2);\n // expect p*u = 1 mod q\n u = new BigInteger(u);\n if (!p.mul(u).mod(q).isOne()) {\n return false;\n }\n\n e = new BigInteger(e);\n d = new BigInteger(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));\n const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r.mul(d).mul(e);\n\n const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));\n d = new BigInteger(d);\n if (m.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return m.modExp(d, n).toUint8Array('be', n.byteLength());\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPrivateKey.encode(keyObject, 'der');\n return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' }));\n }\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n return new Uint8Array(sign.sign(pem));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n s = new BigInteger(s);\n e = new BigInteger(e);\n if (s.gte(n)) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());\n const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1' };\n } else {\n key = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n }\n try {\n return await verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const { default: BN } = await import('bn.js');\n\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n data = new BigInteger(emeEncode(data, n.byteLength()));\n e = new BigInteger(e);\n if (data.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return data.modExp(e, n).toUint8Array('be', n.byteLength());\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPrivateKey.encode(keyObject, 'der');\n key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n const BigInteger = await util.getBigInteger();\n data = new BigInteger(data);\n n = new BigInteger(n);\n e = new BigInteger(e);\n d = new BigInteger(d);\n p = new BigInteger(p);\n q = new BigInteger(q);\n u = new BigInteger(u);\n if (data.gte(n)) {\n throw new Error('Data too large.');\n }\n const dq = d.mod(q.dec()); // d mod (q-1)\n const dp = d.mod(p.dec()); // d mod (p-1)\n\n const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);\n const blinder = unblinder.modInv(n).modExp(e, n);\n data = data.mul(blinder).mod(n);\n\n\n const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p\n const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q\n const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h.mul(p).add(mp); // result < n due to relations above\n\n result = result.mul(unblinder).mod(n);\n\n\n return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n const pNum = new BigInteger(p);\n const qNum = new BigInteger(q);\n const dNum = new BigInteger(d);\n\n let dq = dNum.mod(qNum.dec()); // d mod (q-1)\n let dp = dNum.mod(pNum.dec()); // d mod (p-1)\n dp = dp.toUint8Array();\n dq = dq.toUint8Array();\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const padded = emeEncode(data, p.byteLength());\n const m = new BigInteger(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = await getRandomBigInteger(new BigInteger(1), p.dec());\n return {\n c1: g.modExp(k, p).toUint8Array(),\n c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n const BigInteger = await util.getBigInteger();\n c1 = new BigInteger(c1);\n c2 = new BigInteger(c2);\n p = new BigInteger(p);\n x = new BigInteger(x);\n\n const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);\n return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = new BigInteger(p.bitLength());\n const n1023 = new BigInteger(1023);\n if (pSize.lt(n1023)) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (!g.modExp(p.dec(), p).isOne()) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n const i = new BigInteger(1);\n const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold\n while (i.lt(threshold)) {\n res = res.mul(g).imod(p);\n if (res.isOne()) {\n return false;\n }\n i.iinc();\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1\n const rqx = p.dec().imul(r).iadd(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n * @private\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {string} String with the canonical name of the curve.\n */\n getName() {\n const hex = this.toHex();\n if (enums.curve[hex]) {\n return enums.write(enums.curve, hex);\n } else {\n throw new Error('Unknown curve object identifier.');\n }\n }\n}\n\nexport default OID;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library\n * @module crypto/public_key/elliptic/indutnyKey\n * @private\n */\n\nimport config from '../../../config';\n\nexport function keyFromPrivate(indutnyCurve, priv) {\n const keyPair = indutnyCurve.keyPair({ priv: priv });\n return keyPair;\n}\n\nexport function keyFromPublic(indutnyCurve, pub) {\n const keyPair = indutnyCurve.keyPair({ pub: pub });\n if (keyPair.validate().result !== true) {\n throw new Error('Invalid elliptic public key');\n }\n return keyPair;\n}\n\nexport async function getIndutnyCurve(name) {\n if (!config.useIndutnyElliptic) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n const { default: elliptic } = await import('@openpgp/elliptic');\n return new elliptic.ec(name);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new stream.TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { getRandomBytes } from '../../random';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport { UnsupportedError } from '../../../packet/packet';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n 'p256': 'P-256',\n 'p384': 'P-384',\n 'p521': 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined,\n brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n p256: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.p256,\n web: webCurves.p256,\n payloadSize: 32,\n sharedSize: 256\n },\n p384: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.p384,\n web: webCurves.p384,\n payloadSize: 48,\n sharedSize: 384\n },\n p521: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.p521,\n web: webCurves.p521,\n payloadSize: 66,\n sharedSize: 528\n },\n secp256k1: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.secp256k1,\n payloadSize: 32\n },\n ed25519: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32\n },\n curve25519: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32\n },\n brainpoolP256r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.brainpoolP256r1,\n payloadSize: 32\n },\n brainpoolP384r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.brainpoolP384r1,\n payloadSize: 48\n },\n brainpoolP512r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.brainpoolP512r1,\n payloadSize: 64\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName, params) {\n try {\n if (util.isArray(oidOrName) ||\n util.isUint8Array(oidOrName)) {\n // by oid byte array\n oidOrName = new OID(oidOrName);\n }\n if (oidOrName instanceof OID) {\n // by curve OID\n oidOrName = oidOrName.getName();\n }\n // by curve name or oid string\n this.name = enums.write(enums.curve, oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n params = params || curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node && curves[this.name];\n this.web = params.web && curves[this.name];\n this.payloadSize = params.payloadSize;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === 'curve25519') {\n this.type = 'curve25519';\n } else if (this.name === 'ed25519') {\n this.type = 'ed25519';\n }\n }\n\n async genKeyPair() {\n let keyPair;\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n break;\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519': {\n const privateKey = getRandomBytes(32);\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const secretKey = privateKey.slice().reverse();\n keyPair = nacl.box.keyPair.fromSecretKey(secretKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n case 'ed25519': {\n const privateKey = getRandomBytes(32);\n const keyPair = nacl.sign.keyPair.fromSeed(privateKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n }\n const indutnyCurve = await getIndutnyCurve(this.name);\n keyPair = await indutnyCurve.genKeyPair({\n entropy: util.uint8ArrayToString(getRandomBytes(32))\n });\n return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) };\n }\n}\n\nasync function generate(curve) {\n const BigInteger = await util.getBigInteger();\n\n curve = new CurveWithOID(curve);\n const keyPair = await curve.genKeyPair();\n const Q = new BigInteger(keyPair.publicKey).toUint8Array();\n const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize);\n return {\n oid: curve.oid,\n Q,\n secret,\n hash: curve.hash,\n cipher: curve.cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[enums.write(enums.curve, oid.toHex())].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n p256: true,\n p384: true,\n p521: true,\n secp256k1: true,\n curve25519: algo === enums.publicKey.ecdh,\n brainpoolP256r1: true,\n brainpoolP384r1: true,\n brainpoolP512r1: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === 'curve25519') {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const curve = await getIndutnyCurve(curveName);\n try {\n // Parse Q and check that it is on the curve but not at infinity\n Q = keyFromPublic(curve, Q).getPublic();\n } catch (validationErrors) {\n return false;\n }\n\n /**\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = keyFromPrivate(curve, d).getPublic();\n if (!dG.eq(Q)) {\n return false;\n }\n\n return true;\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nasync function webGenKeyPair(name) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = 0x04;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n * @private\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams } from './oid_curves';\nimport { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web': {\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n }\n case 'node': {\n const signature = await nodeSign(curve, hashAlgo, message, keyPair);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n }\n }\n }\n return ellipticSign(curve, hashed, privateKey);\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n return await webVerify(curve, hashAlgo, signature, message, publicKey);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node':\n return nodeVerify(curve, hashAlgo, signature, message, publicKey);\n }\n }\n const digest = (typeof hashAlgo === 'undefined') ? message : hashed;\n return ellipticVerify(curve, signature, digest, publicKey);\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\nasync function ellipticSign(curve, hashed, privateKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPrivate(indutnyCurve, privateKey);\n const signature = key.sign(hashed);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n}\n\nasync function ellipticVerify(curve, signature, digest, publicKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPublic(indutnyCurve, publicKey);\n return key.verify(digest, signature);\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, keyPair) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n const key = ECPrivateKey.encode({\n version: 1,\n parameters: curve.oid,\n privateKey: Array.from(keyPair.privateKey),\n publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }\n }, 'pem', {\n label: 'EC PRIVATE KEY'\n });\n\n return ECDSASignature.decode(sign.sign(key), 'der');\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n const key = SubjectPublicKeyInfo.encode({\n algorithm: {\n algorithm: [1, 2, 840, 10045, 2, 1],\n parameters: curve.oid\n },\n subjectPublicKey: { unused: 0, data: Array.from(publicKey) }\n }, 'pem', {\n label: 'PUBLIC KEY'\n });\n const signature = ECDSASignature.encode({\n r: new BN(r), s: new BN(s)\n }, 'der');\n\n try {\n return verify.verify(key, signature);\n } catch (err) {\n return false;\n }\n}\n\n// Originally written by Owen Smith https://github.com/omsmith\n// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/\n\n/* eslint-disable no-invalid-this */\n\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\nconst ECDSASignature = nodeCrypto ?\n asn1.define('ECDSASignature', function() {\n this.seq().obj(\n this.key('r').int(),\n this.key('s').int()\n );\n }) : undefined;\n\nconst ECPrivateKey = nodeCrypto ?\n asn1.define('ECPrivateKey', function() {\n this.seq().obj(\n this.key('version').int(),\n this.key('privateKey').octstr(),\n this.key('parameters').explicit(0).optional().any(),\n this.key('publicKey').explicit(1).optional().bitstr()\n );\n }) : undefined;\n\nconst AlgorithmIdentifier = nodeCrypto ?\n asn1.define('AlgorithmIdentifier', function() {\n this.seq().obj(\n this.key('algorithm').objid(),\n this.key('parameters').optional().any()\n );\n }) : undefined;\n\nconst SubjectPublicKeyInfo = nodeCrypto ?\n asn1.define('SubjectPublicKeyInfo', function() {\n this.seq().obj(\n this.key('algorithm').use(AlgorithmIdentifier),\n this.key('subjectPublicKey').bitstr()\n );\n }) : undefined;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);\n const signature = nacl.sign.detached(hashed, secretKey);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const signature = util.concatUint8Array([r, s]);\n return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== 'ed25519') {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const seed = getRandomBytes(32);\n const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = nacl.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n return nacl.sign.detached.verify(hashed, RS, publicKey);\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: // unsupported\n default:\n return false;\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n * @private\n */\n\nimport * as cipher from './cipher';\nimport util from '../util';\n\n/**\n * AES key wrap\n * @function\n * @param {Uint8Array} key\n * @param {Uint8Array} data\n * @returns {Uint8Array}\n */\nexport function wrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const P = unpack(data);\n let A = IV;\n const R = P;\n const n = P.length / 2;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 0; j <= 5; ++j) {\n for (let i = 0; i < n; ++i) {\n t[1] = n * j + (1 + i);\n // B = A\n B[0] = A[0];\n B[1] = A[1];\n // B = A || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES(K, B)\n B = unpack(aes.encrypt(pack(B)));\n // A = MSB(64, B) ^ t\n A = B.subarray(0, 2);\n A[0] ^= t[0];\n A[1] ^= t[1];\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n return pack(A, R);\n}\n\n/**\n * AES key unwrap\n * @function\n * @param {String} key\n * @param {String} data\n * @returns {Uint8Array}\n * @throws {Error}\n */\nexport function unwrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const C = unpack(data);\n let A = C.subarray(0, 2);\n const R = C.subarray(2);\n const n = C.length / 2 - 1;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 5; j >= 0; --j) {\n for (let i = n - 1; i >= 0; --i) {\n t[1] = n * j + (i + 1);\n // B = A ^ t\n B[0] = A[0] ^ t[0];\n B[1] = A[1] ^ t[1];\n // B = (A ^ t) || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES-1(B)\n B = unpack(aes.decrypt(pack(B)));\n // A = MSB(64, B)\n A = B.subarray(0, 2);\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n if (A[0] === IV[0] && A[1] === IV[1]) {\n return pack(R);\n }\n throw new Error('Key Data Integrity failed');\n}\n\nfunction createArrayBuffer(data) {\n if (util.isString(data)) {\n const { length } = data;\n const buffer = new ArrayBuffer(length);\n const view = new Uint8Array(buffer);\n for (let j = 0; j < length; ++j) {\n view[j] = data.charCodeAt(j);\n }\n return buffer;\n }\n return new Uint8Array(data).buffer;\n}\n\nfunction unpack(data) {\n const { length } = data;\n const buffer = createArrayBuffer(data);\n const view = new DataView(buffer);\n const arr = new Uint32Array(length / 4);\n for (let i = 0; i < length / 4; ++i) {\n arr[i] = view.getUint32(4 * i);\n }\n return arr;\n}\n\nfunction pack() {\n let length = 0;\n for (let k = 0; k < arguments.length; ++k) {\n length += 4 * arguments[k].length;\n }\n const buffer = new ArrayBuffer(length);\n const view = new DataView(buffer);\n let offset = 0;\n for (let i = 0; i < arguments.length; ++i) {\n for (let j = 0; j < arguments[i].length; ++j) {\n view.setUint32(offset + 4 * j, arguments[i][j]);\n }\n offset += 4 * arguments[i].length;\n }\n return new Uint8Array(buffer);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport getCipher from '../../cipher/getCipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint.subarray(0, 20)\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519': {\n const d = getRandomBytes(32);\n const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d);\n let { publicKey } = nacl.box.keyPair.fromSecretKey(secretKey);\n publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n }\n return ellipticPublicEphemeralKey(curve, Q);\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = aesKW.wrap(Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519': {\n const secretKey = d.slice().reverse();\n const sharedKey = nacl.scalarMult(secretKey, V.subarray(1));\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n }\n return ellipticPrivateEphemeralKey(curve, V, d);\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(aesKW.unwrap(Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: sender\n },\n privateKey,\n curve.web.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.web.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPrivateEphemeralKey(curve, V, d) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n V = keyFromPublic(indutnyCurve, V);\n d = keyFromPrivate(indutnyCurve, d);\n const secretKey = new Uint8Array(d.getPrivate());\n const S = d.derive(V.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPublicEphemeralKey(curve, Q) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const v = await curve.genKeyPair();\n Q = keyFromPublic(indutnyCurve, Q);\n const V = keyFromPrivate(indutnyCurve, v.privateKey);\n const publicKey = v.publicKey;\n const S = V.derive(Q.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle;\n\nexport default async function HKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n if (webCrypto || nodeSubtleCrypto) {\n const crypto = webCrypto || nodeSubtleCrypto;\n const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n }\n\n if (nodeCrypto) {\n const hashAlgoName = enums.read(enums.hash, hashAlgo);\n // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869\n\n const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest();\n // Step 1: Extract\n // PRK = HMAC-Hash(salt, IKM)\n const pseudoRandomKey = computeHMAC(salt, inputKey);\n\n const hashLen = pseudoRandomKey.length;\n\n // Step 2: Expand\n // HKDF-Expand(PRK, info, L) -> OKM\n const n = Math.ceil(outLen / hashLen);\n const outputKeyingMaterial = new Uint8Array(n * hashLen);\n\n // HMAC input buffer updated at each iteration\n const roundInput = new Uint8Array(hashLen + info.length + 1);\n // T_i and last byte are updated at each iteration, but `info` remains constant\n roundInput.set(info, hashLen);\n\n for (let i = 0; i < n; i++) {\n // T(0) = empty string (zero length)\n // T(i) = HMAC-Hash(PRK, T(i-1) | info | i)\n roundInput[roundInput.length - 1] = i + 1;\n // t = T(i+1)\n const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen));\n roundInput.set(t, 0);\n\n outputKeyingMaterial.set(t, i * hashLen);\n }\n\n return outputKeyingMaterial.subarray(0, outLen);\n }\n\n throw new Error('No HKDF implementation available');\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport getCipher from '../../cipher/getCipher';\nimport computeHKDF from '../../hkdf';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(32);\n const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA);\n const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = aesKW.wrap(encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n * @private\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n x = new BigInteger(x);\n\n let k;\n let r;\n let s;\n let t;\n g = g.mod(p);\n x = x.mod(q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = await getRandomBigInteger(one, q); // returns in [1, q-1]\n r = g.modExp(k, p).imod(q); // (g**k mod p) mod q\n if (r.isZero()) {\n continue;\n }\n const xr = x.mul(r).imod(q);\n t = h.add(xr).imod(q); // H(m) + x*r mod q\n s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q\n if (s.isZero()) {\n continue;\n }\n break;\n }\n return {\n r: r.toUint8Array('be', q.byteLength()),\n s: s.toUint8Array('be', q.byteLength())\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n const BigInteger = await util.getBigInteger();\n const zero = new BigInteger(0);\n r = new BigInteger(r);\n s = new BigInteger(s);\n\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n if (r.lte(zero) || r.gte(q) ||\n s.lte(zero) || s.gte(q)) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);\n const w = s.modInv(q); // s**-1 mod q\n if (w.isZero()) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = g.mod(p);\n y = y.mod(p);\n const u1 = h.mul(w).imod(q); // H(m) * w mod q\n const u2 = r.mul(w).imod(q); // r * w mod q\n const t1 = g.modExp(u1, p); // g**u1 mod p\n const t2 = y.modExp(u2, p); // y**u2 mod p\n const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q\n return v.equal(r);\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (!p.dec().mod(q).isZero()) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (!g.modExp(q, p).isOne()) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = new BigInteger(q.bitLength());\n const n150 = new BigInteger(150);\n if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q\n const rqx = q.mul(r).add(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa,\n /** @see tweetnacl */\n nacl: nacl\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n * @private\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read));\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { s };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read));\n return { r, s };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n let r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n r = util.leftPad(r, 32);\n let s = util.readMPI(signature.subarray(read));\n s = util.leftPad(s, 32);\n return { r, s };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n case enums.publicKey.ed25519: {\n const RS = signature.subarray(read, read + 64); read += RS.length;\n return { RS };\n }\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n // signature already padded on parsing\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal: {\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n * @private\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n * @private\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport getCipher from './cipher/getCipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { CurveWithOID } from './public_key/elliptic/oid_curves';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519: {\n if (!util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (!util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.x25519: {\n const A = bytes.subarray(read, read + 32); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const curve = new CurveWithOID(publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, curve.payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const curve = new CurveWithOID(publicParams.oid);\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, curve.payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519: {\n const seed = bytes.subarray(read, read + 32); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519: {\n const k = bytes.subarray(read, read + 32); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key.\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519: {\n const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n }\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipher(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipher(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\nexport { getCipher };\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get preferred hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n * @private\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","\n\n\nvar TYPED_OK = typeof Uint8Array !== \"undefined\" &&\n typeof Uint16Array !== \"undefined\" &&\n typeof Int32Array !== \"undefined\";\n\nfunction _has(obj, key) {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function assign(obj /*...args obj, from1, from2, from3, ...*/) {\n var sources = Array.prototype.slice.call(arguments, 1);\n while (sources.length) {\n var source = sources.shift();\n if (!source) {\n continue; \n }\n\n if (typeof source !== \"object\") {\n throw new TypeError(source + \"must be non-object\");\n }\n\n for (var p in source) {\n if (_has(source, p)) {\n obj[p] = source[p];\n }\n }\n }\n\n return obj;\n //return Object.assign(...args);\n}\n\n\n// reduce buffer size, avoiding mem copy\nexport function shrinkBuf(buf, size) {\n if (buf.length === size) {\n return buf; \n }\n if (buf.subarray) {\n return buf.subarray(0, size); \n }\n buf.length = size;\n return buf;\n}\n\n\nconst fnTyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n if (src.subarray && dest.subarray) {\n dest.set(src.subarray(src_offs, src_offs + len), dest_offs);\n return;\n }\n // Fallback to ordinary array\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n let i, l, len, pos, chunk;\n\n // calculate data length\n len = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n len += chunks[i].length;\n }\n\n // join chunks\n const result = new Uint8Array(len);\n pos = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n chunk = chunks[i];\n result.set(chunk, pos);\n pos += chunk.length;\n }\n\n return result;\n }\n};\n\nconst fnUntyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n return [].concat.apply([], chunks);\n }\n};\n\n\n// Enable/Disable typed arrays use, for testing\n//\n\nexport let Buf8 = TYPED_OK ? Uint8Array : Array;\nexport let Buf16 = TYPED_OK ? Uint16Array : Array;\nexport let Buf32 = TYPED_OK ? Int32Array : Array;\nexport let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks;\nexport let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet;\nexport function setTyped(on) {\n if (on) {\n Buf8 = Uint8Array;\n Buf16 = Uint16Array;\n Buf32 = Int32Array;\n ({ flattenChunks, arraySet } = fnTyped);\n } else {\n Buf8 = Array;\n Buf16 = Array;\n Buf32 = Array;\n ({ flattenChunks, arraySet } = fnUntyped);\n }\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* Allowed flush values; see deflate() and inflate() below for details */\nexport const Z_NO_FLUSH = 0;\nexport const Z_PARTIAL_FLUSH = 1;\nexport const Z_SYNC_FLUSH = 2;\nexport const Z_FULL_FLUSH = 3;\nexport const Z_FINISH = 4;\nexport const Z_BLOCK = 5;\nexport const Z_TREES = 6;\n\n/* Return codes for the compression/decompression functions. Negative values\n * are errors, positive values are used for special but normal events.\n */\nexport const Z_OK = 0;\nexport const Z_STREAM_END = 1;\nexport const Z_NEED_DICT = 2;\nexport const Z_ERRNO = -1;\nexport const Z_STREAM_ERROR = -2;\nexport const Z_DATA_ERROR = -3;\n//export const Z_MEM_ERROR = -4;\nexport const Z_BUF_ERROR = -5;\n//export const Z_VERSION_ERROR = -6;\n\n /* compression levels */\nexport const Z_NO_COMPRESSION = 0;\nexport const Z_BEST_SPEED = 1;\nexport const Z_BEST_COMPRESSION = 9;\nexport const Z_DEFAULT_COMPRESSION = -1;\n\n\nexport const Z_FILTERED = 1;\nexport const Z_HUFFMAN_ONLY = 2;\nexport const Z_RLE = 3;\nexport const Z_FIXED = 4;\nexport const Z_DEFAULT_STRATEGY = 0;\n\n/* Possible values of the data_type field (though see inflate()) */\nexport const Z_BINARY = 0;\nexport const Z_TEXT = 1;\n//export const Z_ASCII = 1; // = Z_TEXT (deprecated)\nexport const Z_UNKNOWN = 2;\n\n/* The deflate compression method */\nexport const Z_DEFLATED = 8;\n//export const Z_NULL = null // Use -1 or null inline, depending on var type\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* eslint-disable space-unary-ops */\n\nimport * as utils from \"../utils/common.js\";\nimport {\n Z_FIXED,\n Z_BINARY,\n Z_TEXT,\n Z_UNKNOWN\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nfunction zero(buf) {\n let len = buf.length; while (--len >= 0) {\n buf[len] = 0; \n } \n}\n\n// From zutil.h\n\nconst STORED_BLOCK = 0;\nconst STATIC_TREES = 1;\nconst DYN_TREES = 2;\n/* The three kinds of block type */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\n/* The minimum and maximum match lengths */\n\n// From deflate.h\n/* ===========================================================================\n * Internal compression state.\n */\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\n\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\n\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\n\nconst D_CODES = 30;\n/* number of distance codes */\n\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\n\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\n\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst Buf_size = 16;\n/* size of bit buffer in bi_buf */\n\n\n/* ===========================================================================\n * Constants\n */\n\nconst MAX_BL_BITS = 7;\n/* Bit length codes must not exceed MAX_BL_BITS bits */\n\nconst END_BLOCK = 256;\n/* end of block literal code */\n\nconst REP_3_6 = 16;\n/* repeat previous bit length 3-6 times (2 bits of repeat count) */\n\nconst REPZ_3_10 = 17;\n/* repeat a zero length 3-10 times (3 bits of repeat count) */\n\nconst REPZ_11_138 = 18;\n/* repeat a zero length 11-138 times (7 bits of repeat count) */\n\n/* eslint-disable comma-spacing,array-bracket-spacing */\nconst extra_lbits = /* extra bits for each length code */\n [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0];\n\nconst extra_dbits = /* extra bits for each distance code */\n [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13];\n\nconst extra_blbits = /* extra bits for each bit length code */\n [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7];\n\nconst bl_order =\n [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];\n/* eslint-enable comma-spacing,array-bracket-spacing */\n\n/* The lengths of the bit length codes are sent in order of decreasing\n * probability, to avoid transmitting the lengths for unused bit length codes.\n */\n\n/* ===========================================================================\n * Local data. These are initialized only once.\n */\n\n// We pre-fill arrays with 0 to avoid uninitialized gaps\n\nconst DIST_CODE_LEN = 512; /* see definition of array dist_code below */\n\n// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1\nconst static_ltree = new Array((L_CODES + 2) * 2);\nzero(static_ltree);\n/* The static literal tree. Since the bit lengths are imposed, there is no\n * need for the L_CODES extra codes used during heap construction. However\n * The codes 286 and 287 are needed to build a canonical tree (see _tr_init\n * below).\n */\n\nconst static_dtree = new Array(D_CODES * 2);\nzero(static_dtree);\n/* The static distance tree. (Actually a trivial tree since all codes use\n * 5 bits.)\n */\n\nconst _dist_code = new Array(DIST_CODE_LEN);\nzero(_dist_code);\n/* Distance codes. The first 256 values correspond to the distances\n * 3 .. 258, the last 256 values correspond to the top 8 bits of\n * the 15 bit distances.\n */\n\nconst _length_code = new Array(MAX_MATCH - MIN_MATCH + 1);\nzero(_length_code);\n/* length code for each normalized match length (0 == MIN_MATCH) */\n\nconst base_length = new Array(LENGTH_CODES);\nzero(base_length);\n/* First normalized length for each code (0 = MIN_MATCH) */\n\nconst base_dist = new Array(D_CODES);\nzero(base_dist);\n/* First normalized distance for each code (0 = distance of 1) */\n\n\nfunction StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) {\n\n this.static_tree = static_tree; /* static tree or NULL */\n this.extra_bits = extra_bits; /* extra bits for each code or NULL */\n this.extra_base = extra_base; /* base index for extra_bits */\n this.elems = elems; /* max number of elements in the tree */\n this.max_length = max_length; /* max bit length for the codes */\n\n // show if `static_tree` has data or dummy - needed for monomorphic objects\n this.has_stree = static_tree && static_tree.length;\n}\n\n\nlet static_l_desc;\nlet static_d_desc;\nlet static_bl_desc;\n\n\nfunction TreeDesc(dyn_tree, stat_desc) {\n this.dyn_tree = dyn_tree; /* the dynamic tree */\n this.max_code = 0; /* largest code with non zero frequency */\n this.stat_desc = stat_desc; /* the corresponding static tree */\n}\n\n\n\nfunction d_code(dist) {\n return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)];\n}\n\n\n/* ===========================================================================\n * Output a short LSB first on the stream.\n * IN assertion: there is enough room in pendingBuf.\n */\nfunction put_short(s, w) {\n// put_byte(s, (uch)((w) & 0xff));\n// put_byte(s, (uch)((ush)(w) >> 8));\n s.pending_buf[s.pending++] = w & 0xff;\n s.pending_buf[s.pending++] = w >>> 8 & 0xff;\n}\n\n\n/* ===========================================================================\n * Send a value on a given number of bits.\n * IN assertion: length <= 16 and value fits in length bits.\n */\nfunction send_bits(s, value, length) {\n if (s.bi_valid > Buf_size - length) {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n put_short(s, s.bi_buf);\n s.bi_buf = value >> Buf_size - s.bi_valid;\n s.bi_valid += length - Buf_size;\n } else {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n s.bi_valid += length;\n }\n}\n\n\nfunction send_code(s, c, tree) {\n send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/);\n}\n\n\n/* ===========================================================================\n * Reverse the first len bits of a code, using straightforward code (a faster\n * method would use a table)\n * IN assertion: 1 <= len <= 15\n */\nfunction bi_reverse(code, len) {\n let res = 0;\n do {\n res |= code & 1;\n code >>>= 1;\n res <<= 1;\n } while (--len > 0);\n return res >>> 1;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer, keeping at most 7 bits in it.\n */\nfunction bi_flush(s) {\n if (s.bi_valid === 16) {\n put_short(s, s.bi_buf);\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n } else if (s.bi_valid >= 8) {\n s.pending_buf[s.pending++] = s.bi_buf & 0xff;\n s.bi_buf >>= 8;\n s.bi_valid -= 8;\n }\n}\n\n\n/* ===========================================================================\n * Compute the optimal bit lengths for a tree and update the total bit length\n * for the current block.\n * IN assertion: the fields freq and dad are set, heap[heap_max] and\n * above are the tree nodes sorted by increasing frequency.\n * OUT assertions: the field len is set to the optimal bit length, the\n * array bl_count contains the frequencies for each bit length.\n * The length opt_len is updated; static_len is also updated if stree is\n * not null.\n */\nfunction gen_bitlen(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const max_code = desc.max_code;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const extra = desc.stat_desc.extra_bits;\n const base = desc.stat_desc.extra_base;\n const max_length = desc.stat_desc.max_length;\n let h; /* heap index */\n let n, m; /* iterate over the tree elements */\n let bits; /* bit length */\n let xbits; /* extra bits */\n let f; /* frequency */\n let overflow = 0; /* number of elements with bit length too large */\n\n for (bits = 0; bits <= MAX_BITS; bits++) {\n s.bl_count[bits] = 0;\n }\n\n /* In a first pass, compute the optimal bit lengths (which may\n * overflow in the case of the bit length tree).\n */\n tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */\n\n for (h = s.heap_max + 1; h < HEAP_SIZE; h++) {\n n = s.heap[h];\n bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1;\n if (bits > max_length) {\n bits = max_length;\n overflow++;\n }\n tree[n * 2 + 1]/*.Len*/ = bits;\n /* We overwrite tree[n].Dad which is no longer needed */\n\n if (n > max_code) {\n continue; \n } /* not a leaf node */\n\n s.bl_count[bits]++;\n xbits = 0;\n if (n >= base) {\n xbits = extra[n - base];\n }\n f = tree[n * 2]/*.Freq*/;\n s.opt_len += f * (bits + xbits);\n if (has_stree) {\n s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits);\n }\n }\n if (overflow === 0) {\n return; \n }\n\n // Trace((stderr,\"\\nbit length overflow\\n\"));\n /* This happens for example on obj2 and pic of the Calgary corpus */\n\n /* Find the first bit length which could increase: */\n do {\n bits = max_length - 1;\n while (s.bl_count[bits] === 0) {\n bits--; \n }\n s.bl_count[bits]--; /* move one leaf down the tree */\n s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */\n s.bl_count[max_length]--;\n /* The brother of the overflow item also moves one step up,\n * but this does not affect bl_count[max_length]\n */\n overflow -= 2;\n } while (overflow > 0);\n\n /* Now recompute all bit lengths, scanning in increasing frequency.\n * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all\n * lengths instead of fixing only the wrong ones. This idea is taken\n * from 'ar' written by Haruhiko Okumura.)\n */\n for (bits = max_length; bits !== 0; bits--) {\n n = s.bl_count[bits];\n while (n !== 0) {\n m = s.heap[--h];\n if (m > max_code) {\n continue; \n }\n if (tree[m * 2 + 1]/*.Len*/ !== bits) {\n // Trace((stderr,\"code %d bits %d->%d\\n\", m, tree[m].Len, bits));\n s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/;\n tree[m * 2 + 1]/*.Len*/ = bits;\n }\n n--;\n }\n }\n}\n\n\n/* ===========================================================================\n * Generate the codes for a given tree and bit counts (which need not be\n * optimal).\n * IN assertion: the array bl_count contains the bit length statistics for\n * the given tree and the field len is set for all tree elements.\n * OUT assertion: the field code is set for all tree elements of non\n * zero code length.\n */\nfunction gen_codes(tree, max_code, bl_count)\n// ct_data *tree; /* the tree to decorate */\n// int max_code; /* largest code with non zero frequency */\n// ushf *bl_count; /* number of codes at each bit length */\n{\n const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */\n let code = 0; /* running code value */\n let bits; /* bit index */\n let n; /* code index */\n\n /* The distribution counts are first used to generate the code values\n * without bit reversal.\n */\n for (bits = 1; bits <= MAX_BITS; bits++) {\n next_code[bits] = code = code + bl_count[bits - 1] << 1;\n }\n /* Check that the bit counts in bl_count are consistent. The last code\n * must be all ones.\n */\n //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */\n length = 0;\n for (code = 0; code < LENGTH_CODES - 1; code++) {\n base_length[code] = length;\n for (n = 0; n < 1 << extra_lbits[code]; n++) {\n _length_code[length++] = code;\n }\n }\n //Assert (length == 256, \"tr_static_init: length != 256\");\n /* Note that the length 255 (match length 258) can be represented\n * in two different ways: code 284 + 5 bits or code 285, so we\n * overwrite length_code[255] to use the best encoding:\n */\n _length_code[length - 1] = code;\n\n /* Initialize the mapping dist (0..32K) -> dist code (0..29) */\n dist = 0;\n for (code = 0; code < 16; code++) {\n base_dist[code] = dist;\n for (n = 0; n < 1 << extra_dbits[code]; n++) {\n _dist_code[dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: dist != 256\");\n dist >>= 7; /* from now on, all distances are divided by 128 */\n for (; code < D_CODES; code++) {\n base_dist[code] = dist << 7;\n for (n = 0; n < 1 << extra_dbits[code] - 7; n++) {\n _dist_code[256 + dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: 256+dist != 512\");\n\n /* Construct the codes of the static literal tree */\n for (bits = 0; bits <= MAX_BITS; bits++) {\n bl_count[bits] = 0;\n }\n\n n = 0;\n while (n <= 143) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n while (n <= 255) {\n static_ltree[n * 2 + 1]/*.Len*/ = 9;\n n++;\n bl_count[9]++;\n }\n while (n <= 279) {\n static_ltree[n * 2 + 1]/*.Len*/ = 7;\n n++;\n bl_count[7]++;\n }\n while (n <= 287) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n /* Codes 286 and 287 do not exist, but we must include them in the\n * tree construction to get a canonical Huffman tree (longest code\n * all ones)\n */\n gen_codes(static_ltree, L_CODES + 1, bl_count);\n\n /* The static distance tree is trivial: */\n for (n = 0; n < D_CODES; n++) {\n static_dtree[n * 2 + 1]/*.Len*/ = 5;\n static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5);\n }\n\n // Now data ready and we can init static trees\n static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS);\n static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS);\n static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS);\n\n //static_init_done = true;\n}\n\n\n/* ===========================================================================\n * Initialize a new block.\n */\nfunction init_block(s) {\n let n; /* iterates over tree elements */\n\n /* Initialize the trees. */\n for (n = 0; n < L_CODES; n++) {\n s.dyn_ltree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < D_CODES; n++) {\n s.dyn_dtree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < BL_CODES; n++) {\n s.bl_tree[n * 2]/*.Freq*/ = 0; \n }\n\n s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1;\n s.opt_len = s.static_len = 0;\n s.last_lit = s.matches = 0;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer and align the output on a byte boundary\n */\nfunction bi_windup(s) {\n if (s.bi_valid > 8) {\n put_short(s, s.bi_buf);\n } else if (s.bi_valid > 0) {\n //put_byte(s, (Byte)s->bi_buf);\n s.pending_buf[s.pending++] = s.bi_buf;\n }\n s.bi_buf = 0;\n s.bi_valid = 0;\n}\n\n/* ===========================================================================\n * Copy a stored block, storing first the length and its\n * one's complement if requested.\n */\nfunction copy_block(s, buf, len, header)\n//DeflateState *s;\n//charf *buf; /* the input data */\n//unsigned len; /* its length */\n//int header; /* true if block header must be written */\n{\n bi_windup(s); /* align on byte boundary */\n\n if (header) {\n put_short(s, len);\n put_short(s, ~len);\n }\n // while (len--) {\n // put_byte(s, *buf++);\n // }\n utils.arraySet(s.pending_buf, s.window, buf, len, s.pending);\n s.pending += len;\n}\n\n/* ===========================================================================\n * Compares to subtrees, using the tree depth as tie breaker when\n * the subtrees have equal frequency. This minimizes the worst case length.\n */\nfunction smaller(tree, n, m, depth) {\n const _n2 = n * 2;\n const _m2 = m * 2;\n return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ ||\n tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m];\n}\n\n/* ===========================================================================\n * Restore the heap property by moving down the tree starting at node k,\n * exchanging a node with the smallest of its two sons if necessary, stopping\n * when the heap property is re-established (each father smaller than its\n * two sons).\n */\nfunction pqdownheap(s, tree, k)\n// deflate_state *s;\n// ct_data *tree; /* the tree to restore */\n// int k; /* node to move down */\n{\n const v = s.heap[k];\n let j = k << 1; /* left son of k */\n while (j <= s.heap_len) {\n /* Set j to the smallest of the two sons: */\n if (j < s.heap_len &&\n smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) {\n j++;\n }\n /* Exit if v is smaller than both sons */\n if (smaller(tree, v, s.heap[j], s.depth)) {\n break; \n }\n\n /* Exchange v with the smallest son */\n s.heap[k] = s.heap[j];\n k = j;\n\n /* And continue down the tree, setting j to the left son of k */\n j <<= 1;\n }\n s.heap[k] = v;\n}\n\n\n// inlined manually\n// var SMALLEST = 1;\n\n/* ===========================================================================\n * Send the block data compressed using the given Huffman trees\n */\nfunction compress_block(s, ltree, dtree)\n// deflate_state *s;\n// const ct_data *ltree; /* literal tree */\n// const ct_data *dtree; /* distance tree */\n{\n let dist; /* distance of matched string */\n let lc; /* match length or unmatched char (if dist == 0) */\n let lx = 0; /* running index in l_buf */\n let code; /* the code to send */\n let extra; /* number of extra bits to send */\n\n if (s.last_lit !== 0) {\n do {\n dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1];\n lc = s.pending_buf[s.l_buf + lx];\n lx++;\n\n if (dist === 0) {\n send_code(s, lc, ltree); /* send a literal byte */\n //Tracecv(isgraph(lc), (stderr,\" '%c' \", lc));\n } else {\n /* Here, lc is the match length - MIN_MATCH */\n code = _length_code[lc];\n send_code(s, code + LITERALS + 1, ltree); /* send the length code */\n extra = extra_lbits[code];\n if (extra !== 0) {\n lc -= base_length[code];\n send_bits(s, lc, extra); /* send the extra length bits */\n }\n dist--; /* dist is now the match distance - 1 */\n code = d_code(dist);\n //Assert (code < D_CODES, \"bad d_code\");\n\n send_code(s, code, dtree); /* send the distance code */\n extra = extra_dbits[code];\n if (extra !== 0) {\n dist -= base_dist[code];\n send_bits(s, dist, extra); /* send the extra distance bits */\n }\n } /* literal or match pair ? */\n\n /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */\n //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,\n // \"pendingBuf overflow\");\n\n } while (lx < s.last_lit);\n }\n\n send_code(s, END_BLOCK, ltree);\n}\n\n\n/* ===========================================================================\n * Construct one Huffman tree and assigns the code bit strings and lengths.\n * Update the total bit length for the current block.\n * IN assertion: the field freq is set for all tree elements.\n * OUT assertions: the fields len and code are set to the optimal bit length\n * and corresponding code. The length opt_len is updated; static_len is\n * also updated if stree is not null. The field max_code is set.\n */\nfunction build_tree(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const elems = desc.stat_desc.elems;\n let n, m; /* iterate over heap elements */\n let max_code = -1; /* largest code with non zero frequency */\n let node; /* new node being created */\n\n /* Construct the initial heap, with least frequent element in\n * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].\n * heap[0] is not used.\n */\n s.heap_len = 0;\n s.heap_max = HEAP_SIZE;\n\n for (n = 0; n < elems; n++) {\n if (tree[n * 2]/*.Freq*/ !== 0) {\n s.heap[++s.heap_len] = max_code = n;\n s.depth[n] = 0;\n\n } else {\n tree[n * 2 + 1]/*.Len*/ = 0;\n }\n }\n\n /* The pkzip format requires that at least one distance code exists,\n * and that at least one bit should be sent even if there is only one\n * possible code. So to avoid special checks later on we force at least\n * two codes of non zero frequency.\n */\n while (s.heap_len < 2) {\n node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0;\n tree[node * 2]/*.Freq*/ = 1;\n s.depth[node] = 0;\n s.opt_len--;\n\n if (has_stree) {\n s.static_len -= stree[node * 2 + 1]/*.Len*/;\n }\n /* node is 0 or 1 so it does not have extra bits */\n }\n desc.max_code = max_code;\n\n /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,\n * establish sub-heaps of increasing lengths:\n */\n for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) {\n pqdownheap(s, tree, n); \n }\n\n /* Construct the Huffman tree by repeatedly combining the least two\n * frequent nodes.\n */\n node = elems; /* next internal node of the tree */\n do {\n //pqremove(s, tree, n); /* n = node of least frequency */\n /*** pqremove ***/\n n = s.heap[1/*SMALLEST*/];\n s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--];\n pqdownheap(s, tree, 1/*SMALLEST*/);\n /***/\n\n m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */\n\n s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */\n s.heap[--s.heap_max] = m;\n\n /* Create a new node father of n and m */\n tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/;\n s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1;\n tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node;\n\n /* and insert the new node in the heap */\n s.heap[1/*SMALLEST*/] = node++;\n pqdownheap(s, tree, 1/*SMALLEST*/);\n\n } while (s.heap_len >= 2);\n\n s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/];\n\n /* At this point, the fields freq and dad are set. We can now\n * generate the bit lengths.\n */\n gen_bitlen(s, desc);\n\n /* The field len is now set, we can generate the bit codes */\n gen_codes(tree, max_code, s.bl_count);\n}\n\n\n/* ===========================================================================\n * Scan a literal or distance tree to determine the frequencies of the codes\n * in the bit length tree.\n */\nfunction scan_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n s.bl_tree[curlen * 2]/*.Freq*/ += count;\n\n } else if (curlen !== 0) {\n\n if (curlen !== prevlen) {\n s.bl_tree[curlen * 2]/*.Freq*/++; \n }\n s.bl_tree[REP_3_6 * 2]/*.Freq*/++;\n\n } else if (count <= 10) {\n s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++;\n\n } else {\n s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++;\n }\n\n count = 0;\n prevlen = curlen;\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Send a literal or distance tree in compressed form, using the codes in\n * bl_tree.\n */\nfunction send_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n /* tree[max_code+1].Len = -1; */ /* guard already set */\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n do {\n send_code(s, curlen, s.bl_tree); \n } while (--count !== 0);\n\n } else if (curlen !== 0) {\n if (curlen !== prevlen) {\n send_code(s, curlen, s.bl_tree);\n count--;\n }\n //Assert(count >= 3 && count <= 6, \" 3_6?\");\n send_code(s, REP_3_6, s.bl_tree);\n send_bits(s, count - 3, 2);\n\n } else if (count <= 10) {\n send_code(s, REPZ_3_10, s.bl_tree);\n send_bits(s, count - 3, 3);\n\n } else {\n send_code(s, REPZ_11_138, s.bl_tree);\n send_bits(s, count - 11, 7);\n }\n\n count = 0;\n prevlen = curlen;\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Construct the Huffman tree for the bit lengths and return the index in\n * bl_order of the last bit length code to send.\n */\nfunction build_bl_tree(s) {\n let max_blindex; /* index of last bit length code of non zero freq */\n\n /* Determine the bit length frequencies for literal and distance trees */\n scan_tree(s, s.dyn_ltree, s.l_desc.max_code);\n scan_tree(s, s.dyn_dtree, s.d_desc.max_code);\n\n /* Build the bit length tree: */\n build_tree(s, s.bl_desc);\n /* opt_len now includes the length of the tree representations, except\n * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.\n */\n\n /* Determine the number of bit length codes to send. The pkzip format\n * requires that at least 4 bit length codes be sent. (appnote.txt says\n * 3 but the actual value used is 4.)\n */\n for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) {\n if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) {\n break;\n }\n }\n /* Update opt_len to include the bit length tree and counts */\n s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;\n //Tracev((stderr, \"\\ndyn trees: dyn %ld, stat %ld\",\n // s->opt_len, s->static_len));\n\n return max_blindex;\n}\n\n\n/* ===========================================================================\n * Send the header for a block using dynamic Huffman trees: the counts, the\n * lengths of the bit length codes, the literal tree and the distance tree.\n * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.\n */\nfunction send_all_trees(s, lcodes, dcodes, blcodes)\n// deflate_state *s;\n// int lcodes, dcodes, blcodes; /* number of codes for each tree */\n{\n let rank; /* index in bl_order */\n\n //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, \"not enough codes\");\n //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,\n // \"too many codes\");\n //Tracev((stderr, \"\\nbl counts: \"));\n send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */\n send_bits(s, dcodes - 1, 5);\n send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */\n for (rank = 0; rank < blcodes; rank++) {\n //Tracev((stderr, \"\\nbl code %2d \", bl_order[rank]));\n send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3);\n }\n //Tracev((stderr, \"\\nbl tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */\n //Tracev((stderr, \"\\nlit tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */\n //Tracev((stderr, \"\\ndist tree: sent %ld\", s->bits_sent));\n}\n\n\n/* ===========================================================================\n * Check if the data type is TEXT or BINARY, using the following algorithm:\n * - TEXT if the two conditions below are satisfied:\n * a) There are no non-portable control characters belonging to the\n * \"black list\" (0..6, 14..25, 28..31).\n * b) There is at least one printable character belonging to the\n * \"white list\" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).\n * - BINARY otherwise.\n * - The following partially-portable control characters form a\n * \"gray list\" that is ignored in this detection algorithm:\n * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).\n * IN assertion: the fields Freq of dyn_ltree are set.\n */\nfunction detect_data_type(s) {\n /* black_mask is the bit mask of black-listed bytes\n * set bits 0..6, 14..25, and 28..31\n * 0xf3ffc07f = binary 11110011111111111100000001111111\n */\n let black_mask = 0xf3ffc07f;\n let n;\n\n /* Check for non-textual (\"black-listed\") bytes. */\n for (n = 0; n <= 31; n++, black_mask >>>= 1) {\n if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_BINARY;\n }\n }\n\n /* Check for textual (\"white-listed\") bytes. */\n if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||\n s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n for (n = 32; n < LITERALS; n++) {\n if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n }\n\n /* There are no \"black-listed\" or \"white-listed\" bytes:\n * this stream either is empty or has tolerated (\"gray-listed\") bytes only.\n */\n return Z_BINARY;\n}\n\n\nlet static_init_done = false;\n\n/* ===========================================================================\n * Initialize the tree data structures for a new zlib stream.\n */\nfunction _tr_init(s) {\n\n if (!static_init_done) {\n tr_static_init();\n static_init_done = true;\n }\n\n s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc);\n s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc);\n s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc);\n\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n /* Initialize the first block of the first file: */\n init_block(s);\n}\n\n\n/* ===========================================================================\n * Send a stored block\n */\nfunction _tr_stored_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */\n copy_block(s, buf, stored_len, true); /* with header */\n}\n\n\n/* ===========================================================================\n * Send one empty static block to give enough lookahead for inflate.\n * This takes 10 bits, of which 7 may remain in the bit buffer.\n */\nfunction _tr_align(s) {\n send_bits(s, STATIC_TREES << 1, 3);\n send_code(s, END_BLOCK, static_ltree);\n bi_flush(s);\n}\n\n\n/* ===========================================================================\n * Determine the best encoding for the current block: dynamic trees, static\n * trees or store, and output the encoded block to the zip file.\n */\nfunction _tr_flush_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block, or NULL if too old */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n let opt_lenb, static_lenb; /* opt_len and static_len in bytes */\n let max_blindex = 0; /* index of last bit length code of non zero freq */\n\n /* Build the Huffman trees unless a stored block is forced */\n if (s.level > 0) {\n\n /* Check if the file is binary or text */\n if (s.strm.data_type === Z_UNKNOWN) {\n s.strm.data_type = detect_data_type(s);\n }\n\n /* Construct the literal and distance trees */\n build_tree(s, s.l_desc);\n // Tracev((stderr, \"\\nlit data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n\n build_tree(s, s.d_desc);\n // Tracev((stderr, \"\\ndist data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n /* At this point, opt_len and static_len are the total bit lengths of\n * the compressed block data, excluding the tree representations.\n */\n\n /* Build the bit length tree for the above two trees, and get the index\n * in bl_order of the last bit length code to send.\n */\n max_blindex = build_bl_tree(s);\n\n /* Determine the best encoding. Compute the block lengths in bytes. */\n opt_lenb = s.opt_len + 3 + 7 >>> 3;\n static_lenb = s.static_len + 3 + 7 >>> 3;\n\n // Tracev((stderr, \"\\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u \",\n // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,\n // s->last_lit));\n\n if (static_lenb <= opt_lenb) {\n opt_lenb = static_lenb; \n }\n\n } else {\n // Assert(buf != (char*)0, \"lost buf\");\n opt_lenb = static_lenb = stored_len + 5; /* force a stored block */\n }\n\n if (stored_len + 4 <= opt_lenb && buf !== -1) {\n /* 4: two words for the lengths */\n\n /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.\n * Otherwise we can't have processed more than WSIZE input bytes since\n * the last block flush, because compression would have been\n * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to\n * transform a block into a stored block.\n */\n _tr_stored_block(s, buf, stored_len, last);\n\n } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) {\n\n send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3);\n compress_block(s, static_ltree, static_dtree);\n\n } else {\n send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3);\n send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1);\n compress_block(s, s.dyn_ltree, s.dyn_dtree);\n }\n // Assert (s->compressed_len == s->bits_sent, \"bad compressed size\");\n /* The above check is made mod 2^32, for files larger than 512 MB\n * and uLong implemented on 32 bits.\n */\n init_block(s);\n\n if (last) {\n bi_windup(s);\n }\n // Tracev((stderr,\"\\ncomprlen %lu(%lu) \", s->compressed_len>>3,\n // s->compressed_len-7*last));\n}\n\n/* ===========================================================================\n * Save the match info and tally the frequency counts. Return true if\n * the current block must be flushed.\n */\nfunction _tr_tally(s, dist, lc)\n// deflate_state *s;\n// unsigned dist; /* distance of matched string */\n// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */\n{\n //var out_length, in_length, dcode;\n\n s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff;\n s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff;\n\n s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff;\n s.last_lit++;\n\n if (dist === 0) {\n /* lc is the unmatched char */\n s.dyn_ltree[lc * 2]/*.Freq*/++;\n } else {\n s.matches++;\n /* Here, lc is the match length - MIN_MATCH */\n dist--; /* dist = match distance - 1 */\n //Assert((ush)dist < (ush)MAX_DIST(s) &&\n // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&\n // (ush)d_code(dist) < (ush)D_CODES, \"_tr_tally: bad match\");\n\n s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++;\n s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n\n //#ifdef TRUNCATE_BLOCK\n // /* Try to guess if it is profitable to stop the current block here */\n // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) {\n // /* Compute an upper bound for the compressed length */\n // out_length = s.last_lit*8;\n // in_length = s.strstart - s.block_start;\n //\n // for (dcode = 0; dcode < D_CODES; dcode++) {\n // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]);\n // }\n // out_length >>>= 3;\n // //Tracev((stderr,\"\\nlast_lit %u, in %ld, out ~%ld(%ld%%) \",\n // // s->last_lit, in_length, out_length,\n // // 100L - out_length*100L/in_length));\n // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) {\n // return true;\n // }\n // }\n //#endif\n\n return s.last_lit === s.lit_bufsize - 1;\n /* We avoid equality with lit_bufsize because of wraparound at 64K\n * on 16 bit machines and because stored blocks are restricted to\n * 64K-1 bytes.\n */\n}\n\nexport {\n _tr_init,\n _tr_stored_block,\n _tr_flush_block,\n _tr_tally,\n _tr_align\n};","\n\n// Note: adler32 takes 12% for level 0 and 2% for level 6.\n// It isn't worth it to make additional optimizations as in original.\n// Small size is preferable.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default function adler32(adler, buf, len, pos) {\n let s1 = adler & 0xffff |0,\n s2 = adler >>> 16 & 0xffff |0,\n n = 0;\n\n while (len !== 0) {\n // Set limit ~ twice less than 5552, to keep\n // s2 in 31-bits, because we force signed ints.\n // in other case %= will fail.\n n = len > 2000 ? 2000 : len;\n len -= n;\n\n do {\n s1 = s1 + buf[pos++] |0;\n s2 = s2 + s1 |0;\n } while (--n);\n\n s1 %= 65521;\n s2 %= 65521;\n }\n\n return s1 | s2 << 16 |0;\n}\n","\n\n// Note: we can't get significant speed boost here.\n// So write code to minimize size - no pregenerated tables\n// and array tools dependencies.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// Use ordinary array, since untyped makes no boost here\nfunction makeTable() {\n let c;\n const table = [];\n\n for (let n = 0; n < 256; n++) {\n c = n;\n for (let k = 0; k < 8; k++) {\n c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1;\n }\n table[n] = c;\n }\n\n return table;\n}\n\n// Create table on load. Just 255 signed longs. Not a problem.\nconst crcTable = makeTable();\n\n\nexport default function crc32(crc, buf, len, pos) {\n const t = crcTable,\n end = pos + len;\n\n crc ^= -1;\n\n for (let i = pos; i < end; i++) {\n crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF];\n }\n\n return crc ^ -1; // >>> 0;\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default {\n 2: \"need dictionary\", /* Z_NEED_DICT 2 */\n 1: \"stream end\", /* Z_STREAM_END 1 */\n 0: \"\", /* Z_OK 0 */\n \"-1\": \"file error\", /* Z_ERRNO (-1) */\n \"-2\": \"stream error\", /* Z_STREAM_ERROR (-2) */\n \"-3\": \"data error\", /* Z_DATA_ERROR (-3) */\n \"-4\": \"insufficient memory\", /* Z_MEM_ERROR (-4) */\n \"-5\": \"buffer error\", /* Z_BUF_ERROR (-5) */\n \"-6\": \"incompatible version\" /* Z_VERSION_ERROR (-6) */\n};\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport * as trees from \"./trees.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport msg from \"./messages.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_NO_FLUSH,\n Z_PARTIAL_FLUSH,\n Z_FULL_FLUSH,\n Z_FINISH,\n Z_BLOCK,\n Z_OK,\n Z_STREAM_END,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFAULT_COMPRESSION,\n Z_FILTERED,\n Z_HUFFMAN_ONLY,\n Z_RLE,\n Z_FIXED,\n Z_DEFAULT_STRATEGY,\n Z_UNKNOWN,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nconst MAX_MEM_LEVEL = 9;\n/* Maximum value for memLevel in deflateInit2 */\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_MEM_LEVEL = 8;\n\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\nconst D_CODES = 30;\n/* number of distance codes */\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\nconst MIN_LOOKAHEAD = (MAX_MATCH + MIN_MATCH + 1);\n\nconst PRESET_DICT = 0x20;\n\nconst INIT_STATE = 42;\nconst EXTRA_STATE = 69;\nconst NAME_STATE = 73;\nconst COMMENT_STATE = 91;\nconst HCRC_STATE = 103;\nconst BUSY_STATE = 113;\nconst FINISH_STATE = 666;\n\nconst BS_NEED_MORE = 1; /* block not completed, need more input or more output */\nconst BS_BLOCK_DONE = 2; /* block flush performed */\nconst BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */\nconst BS_FINISH_DONE = 4; /* finish done, accept no more input or output */\n\nconst OS_CODE = 0x03; // Unix :) . Don't detect, use this default.\n\nfunction err(strm, errorCode) {\n strm.msg = msg[errorCode];\n return errorCode;\n}\n\nfunction rank(f) {\n return ((f) << 1) - ((f) > 4 ? 9 : 0);\n}\n\nfunction zero(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } }\n\n\n/* =========================================================================\n * Flush as much pending output as possible. All deflate() output goes\n * through this function so some applications may wish to modify it\n * to avoid allocating a large strm->output buffer and copying into it.\n * (See also read_buf()).\n */\nfunction flush_pending(strm) {\n const s = strm.state;\n\n //_tr_flush_bits(s);\n let len = s.pending;\n if (len > strm.avail_out) {\n len = strm.avail_out;\n }\n if (len === 0) { return; }\n\n utils.arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out);\n strm.next_out += len;\n s.pending_out += len;\n strm.total_out += len;\n strm.avail_out -= len;\n s.pending -= len;\n if (s.pending === 0) {\n s.pending_out = 0;\n }\n}\n\n\nfunction flush_block_only(s, last) {\n trees._tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last);\n s.block_start = s.strstart;\n flush_pending(s.strm);\n}\n\n\nfunction put_byte(s, b) {\n s.pending_buf[s.pending++] = b;\n}\n\n\n/* =========================================================================\n * Put a short in the pending buffer. The 16-bit value is put in MSB order.\n * IN assertion: the stream state is correct and there is enough room in\n * pending_buf.\n */\nfunction putShortMSB(s, b) {\n // put_byte(s, (Byte)(b >> 8));\n // put_byte(s, (Byte)(b & 0xff));\n s.pending_buf[s.pending++] = (b >>> 8) & 0xff;\n s.pending_buf[s.pending++] = b & 0xff;\n}\n\n\n/* ===========================================================================\n * Read a new buffer from the current input stream, update the adler32\n * and total number of bytes read. All deflate() input goes through\n * this function so some applications may wish to modify it to avoid\n * allocating a large strm->input buffer and copying from it.\n * (See also flush_pending()).\n */\nfunction read_buf(strm, buf, start, size) {\n let len = strm.avail_in;\n\n if (len > size) { len = size; }\n if (len === 0) { return 0; }\n\n strm.avail_in -= len;\n\n // zmemcpy(buf, strm->next_in, len);\n utils.arraySet(buf, strm.input, strm.next_in, len, start);\n if (strm.state.wrap === 1) {\n strm.adler = adler32(strm.adler, buf, len, start);\n }\n\n else if (strm.state.wrap === 2) {\n strm.adler = crc32(strm.adler, buf, len, start);\n }\n\n strm.next_in += len;\n strm.total_in += len;\n\n return len;\n}\n\n\n/* ===========================================================================\n * Set match_start to the longest match starting at the given string and\n * return its length. Matches shorter or equal to prev_length are discarded,\n * in which case the result is equal to prev_length and match_start is\n * garbage.\n * IN assertions: cur_match is the head of the hash chain for the current\n * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1\n * OUT assertion: the match length is not greater than s->lookahead.\n */\nfunction longest_match(s, cur_match) {\n let chain_length = s.max_chain_length; /* max hash chain length */\n let scan = s.strstart; /* current string */\n let match; /* matched string */\n let len; /* length of current match */\n let best_len = s.prev_length; /* best match length so far */\n let nice_match = s.nice_match; /* stop if match long enough */\n const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ?\n s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/;\n\n const _win = s.window; // shortcut\n\n const wmask = s.w_mask;\n const prev = s.prev;\n\n /* Stop when cur_match becomes <= limit. To simplify the code,\n * we prevent matches with the string of window index 0.\n */\n\n const strend = s.strstart + MAX_MATCH;\n let scan_end1 = _win[scan + best_len - 1];\n let scan_end = _win[scan + best_len];\n\n /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.\n * It is easy to get rid of this optimization if necessary.\n */\n // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, \"Code too clever\");\n\n /* Do not waste too much time if we already have a good match: */\n if (s.prev_length >= s.good_match) {\n chain_length >>= 2;\n }\n /* Do not look for matches beyond the end of the input. This is necessary\n * to make deflate deterministic.\n */\n if (nice_match > s.lookahead) { nice_match = s.lookahead; }\n\n // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, \"need lookahead\");\n\n do {\n // Assert(cur_match < s->strstart, \"no future\");\n match = cur_match;\n\n /* Skip to next match if the match length cannot increase\n * or if the match length is less than 2. Note that the checks below\n * for insufficient lookahead only occur occasionally for performance\n * reasons. Therefore uninitialized memory will be accessed, and\n * conditional jumps will be made that depend on those values.\n * However the length of the match is limited to the lookahead, so\n * the output of deflate is not affected by the uninitialized values.\n */\n\n if (_win[match + best_len] !== scan_end ||\n _win[match + best_len - 1] !== scan_end1 ||\n _win[match] !== _win[scan] ||\n _win[++match] !== _win[scan + 1]) {\n continue;\n }\n\n /* The check at best_len-1 can be removed because it will be made\n * again later. (This heuristic is not always a win.)\n * It is not necessary to compare scan[2] and match[2] since they\n * are always equal when the other bytes match, given that\n * the hash keys are equal and that HASH_BITS >= 8.\n */\n scan += 2;\n match++;\n // Assert(*scan == *match, \"match[2]?\");\n\n /* We check for insufficient lookahead only every 8th comparison;\n * the 256th check will be made at strstart+258.\n */\n do {\n /*jshint noempty:false*/\n } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n scan < strend);\n\n // Assert(scan <= s->window+(unsigned)(s->window_size-1), \"wild scan\");\n\n len = MAX_MATCH - (strend - scan);\n scan = strend - MAX_MATCH;\n\n if (len > best_len) {\n s.match_start = cur_match;\n best_len = len;\n if (len >= nice_match) {\n break;\n }\n scan_end1 = _win[scan + best_len - 1];\n scan_end = _win[scan + best_len];\n }\n } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0);\n\n if (best_len <= s.lookahead) {\n return best_len;\n }\n return s.lookahead;\n}\n\n\n/* ===========================================================================\n * Fill the window when the lookahead becomes insufficient.\n * Updates strstart and lookahead.\n *\n * IN assertion: lookahead < MIN_LOOKAHEAD\n * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD\n * At least one byte has been read, or avail_in == 0; reads are\n * performed for at least two bytes (required for the zip translate_eol\n * option -- not supported here).\n */\nfunction fill_window(s) {\n const _w_size = s.w_size;\n let p, n, m, more, str;\n\n //Assert(s->lookahead < MIN_LOOKAHEAD, \"already enough lookahead\");\n\n do {\n more = s.window_size - s.lookahead - s.strstart;\n\n // JS ints have 32 bit, block below not needed\n /* Deal with !@#$% 64K limit: */\n //if (sizeof(int) <= 2) {\n // if (more == 0 && s->strstart == 0 && s->lookahead == 0) {\n // more = wsize;\n //\n // } else if (more == (unsigned)(-1)) {\n // /* Very unlikely, but possible on 16 bit machine if\n // * strstart == 0 && lookahead == 1 (input done a byte at time)\n // */\n // more--;\n // }\n //}\n\n\n /* If the window is almost full and there is insufficient lookahead,\n * move the upper half to the lower one to make room in the upper half.\n */\n if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) {\n\n utils.arraySet(s.window, s.window, _w_size, _w_size, 0);\n s.match_start -= _w_size;\n s.strstart -= _w_size;\n /* we now have strstart >= MAX_DIST */\n s.block_start -= _w_size;\n\n /* Slide the hash table (could be avoided with 32 bit values\n at the expense of memory usage). We slide even when level == 0\n to keep the hash table consistent if we switch back to level > 0\n later. (Using level 0 permanently is not an optimal usage of\n zlib, so we don't care about this pathological case.)\n */\n\n n = s.hash_size;\n p = n;\n do {\n m = s.head[--p];\n s.head[p] = (m >= _w_size ? m - _w_size : 0);\n } while (--n);\n\n n = _w_size;\n p = n;\n do {\n m = s.prev[--p];\n s.prev[p] = (m >= _w_size ? m - _w_size : 0);\n /* If n is not on any hash chain, prev[n] is garbage but\n * its value will never be used.\n */\n } while (--n);\n\n more += _w_size;\n }\n if (s.strm.avail_in === 0) {\n break;\n }\n\n /* If there was no sliding:\n * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&\n * more == window_size - lookahead - strstart\n * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)\n * => more >= window_size - 2*WSIZE + 2\n * In the BIG_MEM or MMAP case (not yet supported),\n * window_size == input_size + MIN_LOOKAHEAD &&\n * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.\n * Otherwise, window_size == 2*WSIZE so more >= 2.\n * If there was sliding, more >= WSIZE. So in all cases, more >= 2.\n */\n //Assert(more >= 2, \"more < 2\");\n n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more);\n s.lookahead += n;\n\n /* Initialize the hash value now that we have some input: */\n if (s.lookahead + s.insert >= MIN_MATCH) {\n str = s.strstart - s.insert;\n s.ins_h = s.window[str];\n\n /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask;\n //#if MIN_MATCH != 3\n // Call update_hash() MIN_MATCH-3 more times\n //#endif\n while (s.insert) {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = str;\n str++;\n s.insert--;\n if (s.lookahead + s.insert < MIN_MATCH) {\n break;\n }\n }\n }\n /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,\n * but this is not important since only literal bytes will be emitted.\n */\n\n } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0);\n\n /* If the WIN_INIT bytes after the end of the current data have never been\n * written, then zero those bytes in order to avoid memory check reports of\n * the use of uninitialized (or uninitialised as Julian writes) bytes by\n * the longest match routines. Update the high water mark for the next\n * time through here. WIN_INIT is set to MAX_MATCH since the longest match\n * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.\n */\n // if (s.high_water < s.window_size) {\n // var curr = s.strstart + s.lookahead;\n // var init = 0;\n //\n // if (s.high_water < curr) {\n // /* Previous high water mark below current data -- zero WIN_INIT\n // * bytes or up to end of window, whichever is less.\n // */\n // init = s.window_size - curr;\n // if (init > WIN_INIT)\n // init = WIN_INIT;\n // zmemzero(s->window + curr, (unsigned)init);\n // s->high_water = curr + init;\n // }\n // else if (s->high_water < (ulg)curr + WIN_INIT) {\n // /* High water mark at or above current data, but below current data\n // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up\n // * to end of window, whichever is less.\n // */\n // init = (ulg)curr + WIN_INIT - s->high_water;\n // if (init > s->window_size - s->high_water)\n // init = s->window_size - s->high_water;\n // zmemzero(s->window + s->high_water, (unsigned)init);\n // s->high_water += init;\n // }\n // }\n //\n // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,\n // \"not enough room for search\");\n}\n\n/* ===========================================================================\n * Copy without compression as much as possible from the input stream, return\n * the current block state.\n * This function does not insert new strings in the dictionary since\n * uncompressible data is probably not useful. This function is used\n * only for the level=0 compression option.\n * NOTE: this function should be optimized to avoid extra copying from\n * window to pending_buf.\n */\nfunction deflate_stored(s, flush) {\n /* Stored blocks are limited to 0xffff bytes, pending_buf is limited\n * to pending_buf_size, and each stored block has a 5 byte header:\n */\n let max_block_size = 0xffff;\n\n if (max_block_size > s.pending_buf_size - 5) {\n max_block_size = s.pending_buf_size - 5;\n }\n\n /* Copy as much as possible from input to output: */\n for (; ;) {\n /* Fill the window as much as possible: */\n if (s.lookahead <= 1) {\n\n //Assert(s->strstart < s->w_size+MAX_DIST(s) ||\n // s->block_start >= (long)s->w_size, \"slide too late\");\n // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) ||\n // s.block_start >= s.w_size)) {\n // throw new Error(\"slide too late\");\n // }\n\n fill_window(s);\n if (s.lookahead === 0 && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n\n if (s.lookahead === 0) {\n break;\n }\n /* flush the current block */\n }\n //Assert(s->block_start >= 0L, \"block gone\");\n // if (s.block_start < 0) throw new Error(\"block gone\");\n\n s.strstart += s.lookahead;\n s.lookahead = 0;\n\n /* Emit a stored block if pending_buf will be full: */\n const max_start = s.block_start + max_block_size;\n\n if (s.strstart === 0 || s.strstart >= max_start) {\n /* strstart == 0 is possible when wraparound on 16-bit machine */\n s.lookahead = s.strstart - max_start;\n s.strstart = max_start;\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n\n\n }\n /* Flush if we may have to slide, otherwise block_start may become\n * negative and the data will be gone:\n */\n if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n\n s.insert = 0;\n\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n\n if (s.strstart > s.block_start) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_NEED_MORE;\n}\n\n/* ===========================================================================\n * Compress as much as possible from the input stream, return the current\n * block state.\n * This function does not perform lazy evaluation of matches and inserts\n * new strings in the dictionary only for unmatched strings or for short\n * matches. It is used only for the fast compression options.\n */\nfunction deflate_fast(s, flush) {\n let hash_head; /* head of the hash chain */\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) {\n break; /* flush the current block */\n }\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n * At this point we have always match_length < MIN_MATCH\n */\n if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n }\n if (s.match_length >= MIN_MATCH) {\n // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only\n\n /*** _tr_tally_dist(s, s.strstart - s.match_start,\n s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n\n /* Insert new strings in the hash table only if the match length\n * is not too large. This saves time but degrades compression.\n */\n if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH) {\n s.match_length--; /* string at strstart already in table */\n do {\n s.strstart++;\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n /* strstart never exceeds WSIZE-MAX_MATCH, so there are\n * always MIN_MATCH bytes ahead.\n */\n } while (--s.match_length !== 0);\n s.strstart++;\n } else {\n s.strstart += s.match_length;\n s.match_length = 0;\n s.ins_h = s.window[s.strstart];\n /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask;\n\n //#if MIN_MATCH != 3\n // Call UPDATE_HASH() MIN_MATCH-3 more times\n //#endif\n /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not\n * matter since it will be recomputed at next deflate call.\n */\n }\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s.window[s.strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = ((s.strstart < (MIN_MATCH - 1)) ? s.strstart : MIN_MATCH - 1);\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * Same as above, but achieves better compression. We use a lazy\n * evaluation for matches: a match is finally adopted only if there is\n * no better match at the next window position.\n */\nfunction deflate_slow(s, flush) {\n let hash_head; /* head of hash chain */\n let bflush; /* set if current block must be flushed */\n\n let max_insert;\n\n /* Process the input block. */\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n */\n s.prev_length = s.match_length;\n s.prev_match = s.match_start;\n s.match_length = MIN_MATCH - 1;\n\n if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match &&\n s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n\n if (s.match_length <= 5 &&\n (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH && s.strstart - s.match_start > 4096/*TOO_FAR*/))) {\n\n /* If prev_match is also MIN_MATCH, match_start is garbage\n * but we will ignore the current match anyway.\n */\n s.match_length = MIN_MATCH - 1;\n }\n }\n /* If there was a match at the previous step and the current\n * match is not better, output the previous match:\n */\n if (s.prev_length >= MIN_MATCH && s.match_length <= s.prev_length) {\n max_insert = s.strstart + s.lookahead - MIN_MATCH;\n /* Do not insert strings in hash table beyond this. */\n\n //check_match(s, s.strstart-1, s.prev_match, s.prev_length);\n\n /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match,\n s.prev_length - MIN_MATCH, bflush);***/\n bflush = trees._tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH);\n /* Insert in hash table all strings up to the end of the match.\n * strstart-1 and strstart are already inserted. If there is not\n * enough lookahead, the last two strings are not inserted in\n * the hash table.\n */\n s.lookahead -= s.prev_length - 1;\n s.prev_length -= 2;\n do {\n if (++s.strstart <= max_insert) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n } while (--s.prev_length !== 0);\n s.match_available = 0;\n s.match_length = MIN_MATCH - 1;\n s.strstart++;\n\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n } else if (s.match_available) {\n /* If there was no match at the previous position, output a\n * single literal. If there was a match but the current match\n * is longer, truncate the previous match to a single literal.\n */\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n if (bflush) {\n /*** FLUSH_BLOCK_ONLY(s, 0) ***/\n flush_block_only(s, false);\n /***/\n }\n s.strstart++;\n s.lookahead--;\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n } else {\n /* There is no previous match to compare with, wait for\n * the next step to decide.\n */\n s.match_available = 1;\n s.strstart++;\n s.lookahead--;\n }\n }\n //Assert (flush != Z_NO_FLUSH, \"no flush?\");\n if (s.match_available) {\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n s.match_available = 0;\n }\n s.insert = s.strstart < MIN_MATCH - 1 ? s.strstart : MIN_MATCH - 1;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_BLOCK_DONE;\n}\n\n\n/* ===========================================================================\n * For Z_RLE, simply look for runs of bytes, generate matches only of distance\n * one. Do not maintain a hash table. (It will be regenerated if this run of\n * deflate switches away from Z_RLE.)\n */\nfunction deflate_rle(s, flush) {\n let bflush; /* set if current block must be flushed */\n let prev; /* byte at distance one to match */\n let scan, strend; /* scan goes up to strend for length of run */\n\n const _win = s.window;\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the longest run, plus one for the unrolled loop.\n */\n if (s.lookahead <= MAX_MATCH) {\n fill_window(s);\n if (s.lookahead <= MAX_MATCH && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* See how many times the previous byte repeats */\n s.match_length = 0;\n if (s.lookahead >= MIN_MATCH && s.strstart > 0) {\n scan = s.strstart - 1;\n prev = _win[scan];\n if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) {\n strend = s.strstart + MAX_MATCH;\n do {\n /*jshint noempty:false*/\n } while (prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n scan < strend);\n s.match_length = MAX_MATCH - (strend - scan);\n if (s.match_length > s.lookahead) {\n s.match_length = s.lookahead;\n }\n }\n //Assert(scan <= s->window+(uInt)(s->window_size-1), \"wild scan\");\n }\n\n /* Emit match if have run of MIN_MATCH or longer, else emit literal */\n if (s.match_length >= MIN_MATCH) {\n //check_match(s, s.strstart, s.strstart - 1, s.match_length);\n\n /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, 1, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n s.strstart += s.match_length;\n s.match_length = 0;\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table.\n * (It will be regenerated if this run of deflate switches away from Huffman.)\n */\nfunction deflate_huff(s, flush) {\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we have a literal to write. */\n if (s.lookahead === 0) {\n fill_window(s);\n if (s.lookahead === 0) {\n if (flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n break; /* flush the current block */\n }\n }\n\n /* Output a literal byte */\n s.match_length = 0;\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n s.lookahead--;\n s.strstart++;\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* Values for max_lazy_match, good_match and max_chain_length, depending on\n * the desired pack level (0..9). The values given below have been tuned to\n * exclude worst case performance for pathological files. Better values may be\n * found for specific files.\n */\nclass Config {\n constructor(good_length, max_lazy, nice_length, max_chain, func) {\n this.good_length = good_length;\n this.max_lazy = max_lazy;\n this.nice_length = nice_length;\n this.max_chain = max_chain;\n this.func = func;\n }\n};\n\nconst configuration_table = [\n /* good lazy nice chain */\n new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */\n new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */\n new Config(4, 5, 16, 8, deflate_fast), /* 2 */\n new Config(4, 6, 32, 32, deflate_fast), /* 3 */\n\n new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */\n new Config(8, 16, 32, 32, deflate_slow), /* 5 */\n new Config(8, 16, 128, 128, deflate_slow), /* 6 */\n new Config(8, 32, 128, 256, deflate_slow), /* 7 */\n new Config(32, 128, 258, 1024, deflate_slow), /* 8 */\n new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */\n];\n\n\n/* ===========================================================================\n * Initialize the \"longest match\" routines for a new zlib stream\n */\nfunction lm_init(s) {\n s.window_size = 2 * s.w_size;\n\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n\n /* Set the default configuration parameters:\n */\n s.max_lazy_match = configuration_table[s.level].max_lazy;\n s.good_match = configuration_table[s.level].good_length;\n s.nice_match = configuration_table[s.level].nice_length;\n s.max_chain_length = configuration_table[s.level].max_chain;\n\n s.strstart = 0;\n s.block_start = 0;\n s.lookahead = 0;\n s.insert = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n s.ins_h = 0;\n}\n\nclass DeflateState {\n constructor() {\n this.strm = null; /* pointer back to this zlib stream */\n this.status = 0; /* as the name implies */\n this.pending_buf = null; /* output still pending */\n this.pending_buf_size = 0; /* size of pending_buf */\n this.pending_out = 0; /* next pending byte to output to the stream */\n this.pending = 0; /* nb of bytes in the pending buffer */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.gzhead = null; /* gzip header information to write */\n this.gzindex = 0; /* where in extra, name, or comment */\n this.method = Z_DEFLATED; /* can only be DEFLATED */\n this.last_flush = -1; /* value of flush param for previous deflate call */\n\n this.w_size = 0; /* LZ77 window size (32K by default) */\n this.w_bits = 0; /* log2(w_size) (8..16) */\n this.w_mask = 0; /* w_size - 1 */\n\n this.window = null;\n /* Sliding window. Input bytes are read into the second half of the window,\n * and move to the first half later to keep a dictionary of at least wSize\n * bytes. With this organization, matches are limited to a distance of\n * wSize-MAX_MATCH bytes, but this ensures that IO is always\n * performed with a length multiple of the block size.\n */\n\n this.window_size = 0;\n /* Actual size of window: 2*wSize, except when the user input buffer\n * is directly used as sliding window.\n */\n\n this.prev = null;\n /* Link to older string with same hash index. To limit the size of this\n * array to 64K, this link is maintained only for the last 32K strings.\n * An index in this array is thus a window index modulo 32K.\n */\n\n this.head = null; /* Heads of the hash chains or NIL. */\n\n this.ins_h = 0; /* hash index of string to be inserted */\n this.hash_size = 0; /* number of elements in hash table */\n this.hash_bits = 0; /* log2(hash_size) */\n this.hash_mask = 0; /* hash_size-1 */\n\n this.hash_shift = 0;\n /* Number of bits by which ins_h must be shifted at each input\n * step. It must be such that after MIN_MATCH steps, the oldest\n * byte no longer takes part in the hash key, that is:\n * hash_shift * MIN_MATCH >= hash_bits\n */\n\n this.block_start = 0;\n /* Window position at the beginning of the current output block. Gets\n * negative when the window is moved backwards.\n */\n\n this.match_length = 0; /* length of best match */\n this.prev_match = 0; /* previous match */\n this.match_available = 0; /* set if previous match exists */\n this.strstart = 0; /* start of string to insert */\n this.match_start = 0; /* start of matching string */\n this.lookahead = 0; /* number of valid bytes ahead in window */\n\n this.prev_length = 0;\n /* Length of the best match at previous step. Matches not greater than this\n * are discarded. This is used in the lazy match evaluation.\n */\n\n this.max_chain_length = 0;\n /* To speed up deflation, hash chains are never searched beyond this\n * length. A higher limit improves compression ratio but degrades the\n * speed.\n */\n\n this.max_lazy_match = 0;\n /* Attempt to find a better match only when the current match is strictly\n * smaller than this value. This mechanism is used only for compression\n * levels >= 4.\n */\n // That's alias to max_lazy_match, don't use directly\n //this.max_insert_length = 0;\n /* Insert new strings in the hash table only if the match length is not\n * greater than this length. This saves time but degrades compression.\n * max_insert_length is used only for compression levels <= 3.\n */\n\n this.level = 0; /* compression level (1..9) */\n this.strategy = 0; /* favor or force Huffman coding*/\n\n this.good_match = 0;\n /* Use a faster search when the previous match is longer than this */\n\n this.nice_match = 0; /* Stop searching when current match exceeds this */\n\n /* used by trees.c: */\n\n /* Didn't use ct_data typedef below to suppress compiler warning */\n\n // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */\n // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */\n // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */\n\n // Use flat array of DOUBLE size, with interleaved fata,\n // because JS does not support effective\n this.dyn_ltree = new utils.Buf16(HEAP_SIZE * 2);\n this.dyn_dtree = new utils.Buf16((2 * D_CODES + 1) * 2);\n this.bl_tree = new utils.Buf16((2 * BL_CODES + 1) * 2);\n zero(this.dyn_ltree);\n zero(this.dyn_dtree);\n zero(this.bl_tree);\n\n this.l_desc = null; /* desc. for literal tree */\n this.d_desc = null; /* desc. for distance tree */\n this.bl_desc = null; /* desc. for bit length tree */\n\n //ush bl_count[MAX_BITS+1];\n this.bl_count = new utils.Buf16(MAX_BITS + 1);\n /* number of codes at each bit length for an optimal tree */\n\n //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */\n this.heap = new utils.Buf16(2 * L_CODES + 1); /* heap used to build the Huffman trees */\n zero(this.heap);\n\n this.heap_len = 0; /* number of elements in the heap */\n this.heap_max = 0; /* element of largest frequency */\n /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.\n * The same heap array is used to build all trees.\n */\n\n this.depth = new utils.Buf16(2 * L_CODES + 1); //uch depth[2*L_CODES+1];\n zero(this.depth);\n /* Depth of each subtree used as tie breaker for trees of equal frequency\n */\n\n this.l_buf = 0; /* buffer index for literals or lengths */\n\n this.lit_bufsize = 0;\n /* Size of match buffer for literals/lengths. There are 4 reasons for\n * limiting lit_bufsize to 64K:\n * - frequencies can be kept in 16 bit counters\n * - if compression is not successful for the first block, all input\n * data is still in the window so we can still emit a stored block even\n * when input comes from standard input. (This can also be done for\n * all blocks if lit_bufsize is not greater than 32K.)\n * - if compression is not successful for a file smaller than 64K, we can\n * even emit a stored file instead of a stored block (saving 5 bytes).\n * This is applicable only for zip (not gzip or zlib).\n * - creating new Huffman trees less frequently may not provide fast\n * adaptation to changes in the input data statistics. (Take for\n * example a binary file with poorly compressible code followed by\n * a highly compressible string table.) Smaller buffer sizes give\n * fast adaptation but have of course the overhead of transmitting\n * trees more frequently.\n * - I can't count above 4\n */\n\n this.last_lit = 0; /* running index in l_buf */\n\n this.d_buf = 0;\n /* Buffer index for distances. To simplify the code, d_buf and l_buf have\n * the same number of elements. To use different lengths, an extra flag\n * array would be necessary.\n */\n\n this.opt_len = 0; /* bit length of current block with optimal trees */\n this.static_len = 0; /* bit length of current block with static trees */\n this.matches = 0; /* number of string matches in current block */\n this.insert = 0; /* bytes at end of window left to insert */\n\n\n this.bi_buf = 0;\n /* Output buffer. bits are inserted starting at the bottom (least\n * significant bits).\n */\n this.bi_valid = 0;\n /* Number of valid bits in bi_buf. All bits above the last valid bit\n * are always zero.\n */\n\n // Used for window memory init. We safely ignore it for JS. That makes\n // sense only for pointers and memory check tools.\n //this.high_water = 0;\n /* High water mark offset in window for initialized bytes -- bytes above\n * this are set to zero in order to avoid memory check warnings when\n * longest match routines access bytes past the input. This is then\n * updated to the new high water mark.\n */\n }\n}\n\nfunction deflateResetKeep(strm) {\n let s;\n\n if (!strm || !strm.state) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.total_in = strm.total_out = 0;\n strm.data_type = Z_UNKNOWN;\n\n s = strm.state;\n s.pending = 0;\n s.pending_out = 0;\n\n if (s.wrap < 0) {\n s.wrap = -s.wrap;\n /* was made negative by deflate(..., Z_FINISH); */\n }\n s.status = (s.wrap ? INIT_STATE : BUSY_STATE);\n strm.adler = (s.wrap === 2) ?\n 0 // crc32(0, Z_NULL, 0)\n :\n 1; // adler32(0, Z_NULL, 0)\n s.last_flush = Z_NO_FLUSH;\n trees._tr_init(s);\n return Z_OK;\n}\n\n\nfunction deflateReset(strm) {\n const ret = deflateResetKeep(strm);\n if (ret === Z_OK) {\n lm_init(strm.state);\n }\n return ret;\n}\n\n\nfunction deflateSetHeader(strm, head) {\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; }\n strm.state.gzhead = head;\n return Z_OK;\n}\n\n\nfunction deflateInit2(strm, level, method, windowBits, memLevel, strategy) {\n if (!strm) { // === Z_NULL\n return Z_STREAM_ERROR;\n }\n let wrap = 1;\n\n if (level === Z_DEFAULT_COMPRESSION) {\n level = 6;\n }\n\n if (windowBits < 0) { /* suppress zlib wrapper */\n wrap = 0;\n windowBits = -windowBits;\n }\n\n else if (windowBits > 15) {\n wrap = 2; /* write gzip wrapper instead */\n windowBits -= 16;\n }\n\n\n if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED ||\n windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||\n strategy < 0 || strategy > Z_FIXED) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n\n if (windowBits === 8) {\n windowBits = 9;\n }\n /* until 256-byte window bug fixed */\n\n const s = new DeflateState();\n\n strm.state = s;\n s.strm = strm;\n\n s.wrap = wrap;\n s.gzhead = null;\n s.w_bits = windowBits;\n s.w_size = 1 << s.w_bits;\n s.w_mask = s.w_size - 1;\n\n s.hash_bits = memLevel + 7;\n s.hash_size = 1 << s.hash_bits;\n s.hash_mask = s.hash_size - 1;\n s.hash_shift = ~~((s.hash_bits + MIN_MATCH - 1) / MIN_MATCH);\n s.window = new utils.Buf8(s.w_size * 2);\n s.head = new utils.Buf16(s.hash_size);\n s.prev = new utils.Buf16(s.w_size);\n\n // Don't need mem init magic for JS.\n //s.high_water = 0; /* nothing written to s->window yet */\n\n s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */\n\n s.pending_buf_size = s.lit_bufsize * 4;\n\n //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);\n //s->pending_buf = (uchf *) overlay;\n s.pending_buf = new utils.Buf8(s.pending_buf_size);\n\n // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`)\n //s->d_buf = overlay + s->lit_bufsize/sizeof(ush);\n s.d_buf = 1 * s.lit_bufsize;\n\n //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;\n s.l_buf = (1 + 2) * s.lit_bufsize;\n\n s.level = level;\n s.strategy = strategy;\n s.method = method;\n\n return deflateReset(strm);\n}\n\nfunction deflateInit(strm, level) {\n return deflateInit2(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);\n}\n\n\nfunction deflate(strm, flush) {\n let old_flush, s;\n let beg, val; // for gzip header write only\n\n if (!strm || !strm.state ||\n flush > Z_BLOCK || flush < 0) {\n return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR;\n }\n\n s = strm.state;\n\n if (!strm.output ||\n (!strm.input && strm.avail_in !== 0) ||\n (s.status === FINISH_STATE && flush !== Z_FINISH)) {\n return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR);\n }\n\n s.strm = strm; /* just in case */\n old_flush = s.last_flush;\n s.last_flush = flush;\n\n /* Write the header */\n if (s.status === INIT_STATE) {\n\n if (s.wrap === 2) { // GZIP header\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n put_byte(s, 31);\n put_byte(s, 139);\n put_byte(s, 8);\n if (!s.gzhead) { // s->gzhead == Z_NULL\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, OS_CODE);\n s.status = BUSY_STATE;\n }\n else {\n put_byte(s, (s.gzhead.text ? 1 : 0) +\n (s.gzhead.hcrc ? 2 : 0) +\n (!s.gzhead.extra ? 0 : 4) +\n (!s.gzhead.name ? 0 : 8) +\n (!s.gzhead.comment ? 0 : 16)\n );\n put_byte(s, s.gzhead.time & 0xff);\n put_byte(s, (s.gzhead.time >> 8) & 0xff);\n put_byte(s, (s.gzhead.time >> 16) & 0xff);\n put_byte(s, (s.gzhead.time >> 24) & 0xff);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, s.gzhead.os & 0xff);\n if (s.gzhead.extra && s.gzhead.extra.length) {\n put_byte(s, s.gzhead.extra.length & 0xff);\n put_byte(s, (s.gzhead.extra.length >> 8) & 0xff);\n }\n if (s.gzhead.hcrc) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0);\n }\n s.gzindex = 0;\n s.status = EXTRA_STATE;\n }\n }\n else // DEFLATE header\n {\n let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8;\n let level_flags = -1;\n\n if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) {\n level_flags = 0;\n } else if (s.level < 6) {\n level_flags = 1;\n } else if (s.level === 6) {\n level_flags = 2;\n } else {\n level_flags = 3;\n }\n header |= (level_flags << 6);\n if (s.strstart !== 0) { header |= PRESET_DICT; }\n header += 31 - (header % 31);\n\n s.status = BUSY_STATE;\n putShortMSB(s, header);\n\n /* Save the adler32 of the preset dictionary: */\n if (s.strstart !== 0) {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n strm.adler = 1; // adler32(0L, Z_NULL, 0);\n }\n }\n\n //#ifdef GZIP\n if (s.status === EXTRA_STATE) {\n if (s.gzhead.extra/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n\n while (s.gzindex < (s.gzhead.extra.length & 0xffff)) {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n break;\n }\n }\n put_byte(s, s.gzhead.extra[s.gzindex] & 0xff);\n s.gzindex++;\n }\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (s.gzindex === s.gzhead.extra.length) {\n s.gzindex = 0;\n s.status = NAME_STATE;\n }\n }\n else {\n s.status = NAME_STATE;\n }\n }\n if (s.status === NAME_STATE) {\n if (s.gzhead.name/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.name.length) {\n val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.gzindex = 0;\n s.status = COMMENT_STATE;\n }\n }\n else {\n s.status = COMMENT_STATE;\n }\n }\n if (s.status === COMMENT_STATE) {\n if (s.gzhead.comment/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.comment.length) {\n val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.status = HCRC_STATE;\n }\n }\n else {\n s.status = HCRC_STATE;\n }\n }\n if (s.status === HCRC_STATE) {\n if (s.gzhead.hcrc) {\n if (s.pending + 2 > s.pending_buf_size) {\n flush_pending(strm);\n }\n if (s.pending + 2 <= s.pending_buf_size) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n s.status = BUSY_STATE;\n }\n }\n else {\n s.status = BUSY_STATE;\n }\n }\n //#endif\n\n /* Flush as much pending output as possible */\n if (s.pending !== 0) {\n flush_pending(strm);\n if (strm.avail_out === 0) {\n /* Since avail_out is 0, deflate will be called again with\n * more output space, but possibly with both pending and\n * avail_in equal to zero. There won't be anything to do,\n * but this is not an error situation so make sure we\n * return OK instead of BUF_ERROR at next call of deflate:\n */\n s.last_flush = -1;\n return Z_OK;\n }\n\n /* Make sure there is something to do and avoid duplicate consecutive\n * flushes. For repeated and useless calls with Z_FINISH, we keep\n * returning Z_STREAM_END instead of Z_BUF_ERROR.\n */\n } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) &&\n flush !== Z_FINISH) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* User must not provide more input after the first FINISH: */\n if (s.status === FINISH_STATE && strm.avail_in !== 0) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* Start a new block or continue the current one.\n */\n if (strm.avail_in !== 0 || s.lookahead !== 0 ||\n (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) {\n var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) :\n (s.strategy === Z_RLE ? deflate_rle(s, flush) :\n configuration_table[s.level].func(s, flush));\n\n if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) {\n s.status = FINISH_STATE;\n }\n if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) {\n if (strm.avail_out === 0) {\n s.last_flush = -1;\n /* avoid BUF_ERROR next call, see above */\n }\n return Z_OK;\n /* If flush != Z_NO_FLUSH && avail_out == 0, the next call\n * of deflate should use the same flush parameter to make sure\n * that the flush is complete. So we don't have to output an\n * empty block here, this will be done at next call. This also\n * ensures that for a very small output buffer, we emit at most\n * one empty block.\n */\n }\n if (bstate === BS_BLOCK_DONE) {\n if (flush === Z_PARTIAL_FLUSH) {\n trees._tr_align(s);\n }\n else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */\n\n trees._tr_stored_block(s, 0, 0, false);\n /* For a full flush, this empty block will be recognized\n * as a special marker by inflate_sync().\n */\n if (flush === Z_FULL_FLUSH) {\n /*** CLEAR_HASH(s); ***/ /* forget history */\n zero(s.head); // Fill with NIL (= 0);\n\n if (s.lookahead === 0) {\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n }\n }\n flush_pending(strm);\n if (strm.avail_out === 0) {\n s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */\n return Z_OK;\n }\n }\n }\n //Assert(strm->avail_out > 0, \"bug2\");\n //if (strm.avail_out <= 0) { throw new Error(\"bug2\");}\n\n if (flush !== Z_FINISH) { return Z_OK; }\n if (s.wrap <= 0) { return Z_STREAM_END; }\n\n /* Write the trailer */\n if (s.wrap === 2) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n put_byte(s, (strm.adler >> 16) & 0xff);\n put_byte(s, (strm.adler >> 24) & 0xff);\n put_byte(s, strm.total_in & 0xff);\n put_byte(s, (strm.total_in >> 8) & 0xff);\n put_byte(s, (strm.total_in >> 16) & 0xff);\n put_byte(s, (strm.total_in >> 24) & 0xff);\n }\n else {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n\n flush_pending(strm);\n /* If avail_out is zero, the application will call deflate again\n * to flush the rest.\n */\n if (s.wrap > 0) { s.wrap = -s.wrap; }\n /* write the trailer only once! */\n return s.pending !== 0 ? Z_OK : Z_STREAM_END;\n}\n\nfunction deflateEnd(strm) {\n let status;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n status = strm.state.status;\n if (status !== INIT_STATE &&\n status !== EXTRA_STATE &&\n status !== NAME_STATE &&\n status !== COMMENT_STATE &&\n status !== HCRC_STATE &&\n status !== BUSY_STATE &&\n status !== FINISH_STATE\n ) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.state = null;\n\n return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK;\n}\n\n\n/* =========================================================================\n * Initializes the compression dictionary from the given byte\n * sequence without producing any compressed output.\n */\nfunction deflateSetDictionary(strm, dictionary) {\n let dictLength = dictionary.length;\n\n let s;\n let str, n;\n let wrap;\n let avail;\n let next;\n let input;\n let tmpDict;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n s = strm.state;\n wrap = s.wrap;\n\n if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) {\n return Z_STREAM_ERROR;\n }\n\n /* when using zlib wrappers, compute Adler-32 for provided dictionary */\n if (wrap === 1) {\n /* adler32(strm->adler, dictionary, dictLength); */\n strm.adler = adler32(strm.adler, dictionary, dictLength, 0);\n }\n\n s.wrap = 0; /* avoid computing Adler-32 in read_buf */\n\n /* if dictionary would fill window, just replace the history */\n if (dictLength >= s.w_size) {\n if (wrap === 0) { /* already empty otherwise */\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n /* use the tail */\n // dictionary = dictionary.slice(dictLength - s.w_size);\n tmpDict = new utils.Buf8(s.w_size);\n utils.arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0);\n dictionary = tmpDict;\n dictLength = s.w_size;\n }\n /* insert dictionary into window and hash */\n avail = strm.avail_in;\n next = strm.next_in;\n input = strm.input;\n strm.avail_in = dictLength;\n strm.next_in = 0;\n strm.input = dictionary;\n fill_window(s);\n while (s.lookahead >= MIN_MATCH) {\n str = s.strstart;\n n = s.lookahead - (MIN_MATCH - 1);\n do {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n\n s.head[s.ins_h] = str;\n str++;\n } while (--n);\n s.strstart = str;\n s.lookahead = MIN_MATCH - 1;\n fill_window(s);\n }\n s.strstart += s.lookahead;\n s.block_start = s.strstart;\n s.insert = s.lookahead;\n s.lookahead = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n strm.next_in = next;\n strm.input = input;\n strm.avail_in = avail;\n s.wrap = wrap;\n return Z_OK;\n}\n\nconst deflateInfo = 'pako deflate (from Nodeca project)';\nexport {\n deflateInit,\n deflateInit2,\n deflateReset,\n deflateResetKeep,\n deflateSetHeader,\n deflate,\n deflateEnd,\n deflateSetDictionary,\n deflateInfo\n};\n\n/* Not implemented\nexports.deflateBound = deflateBound;\nexports.deflateCopy = deflateCopy;\nexports.deflateParams = deflateParams;\nexports.deflatePending = deflatePending;\nexports.deflatePrime = deflatePrime;\nexports.deflateTune = deflateTune;\n*/\n","// String encode/decode helpers\n\n\n\nimport * as utils from \"./common.js\";\n\n\n// Quick check if we can use fast array to bin string conversion\n//\n// - apply(Array) can fail on Android 2.2\n// - apply(Uint8Array) can fail on iOS 5.1 Safari\n//\nlet STR_APPLY_OK = true;\nlet STR_APPLY_UIA_OK = true;\n\ntry {\n String.fromCharCode.apply(null, [ 0 ]); \n} catch (__) {\n STR_APPLY_OK = false; \n}\ntry {\n String.fromCharCode.apply(null, new Uint8Array(1)); \n} catch (__) {\n STR_APPLY_UIA_OK = false; \n}\n\n\n// Table with utf8 lengths (calculated by first byte of sequence)\n// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,\n// because max possible codepoint is 0x10ffff\nconst _utf8len = new utils.Buf8(256);\nfor (let q = 0; q < 256; q++) {\n _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1;\n}\n_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start\n\n\n// convert string to array (typed, when possible)\nexport function string2buf (str) {\n let c, c2, m_pos, i, buf_len = 0;\n const str_len = str.length;\n\n // count binary size\n for (m_pos = 0; m_pos < str_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;\n }\n\n // allocate buffer\n const buf = new utils.Buf8(buf_len);\n\n // convert\n for (i = 0, m_pos = 0; i < buf_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n if (c < 0x80) {\n /* one byte */\n buf[i++] = c;\n } else if (c < 0x800) {\n /* two bytes */\n buf[i++] = 0xC0 | c >>> 6;\n buf[i++] = 0x80 | c & 0x3f;\n } else if (c < 0x10000) {\n /* three bytes */\n buf[i++] = 0xE0 | c >>> 12;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n } else {\n /* four bytes */\n buf[i++] = 0xf0 | c >>> 18;\n buf[i++] = 0x80 | c >>> 12 & 0x3f;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n }\n }\n\n return buf;\n}\n\n// Helper (used in 2 places)\nfunction _buf2binstring(buf, len) {\n // On Chrome, the arguments in a function call that are allowed is `65534`.\n // If the length of the buffer is smaller than that, we can use this optimization,\n // otherwise we will take a slower path.\n if (len < 65534) {\n if (buf.subarray && STR_APPLY_UIA_OK || !buf.subarray && STR_APPLY_OK) {\n return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));\n }\n }\n\n let result = \"\";\n for (let i = 0; i < len; i++) {\n result += String.fromCharCode(buf[i]);\n }\n return result;\n}\n\n\n// Convert byte array to binary string\nexport function buf2binstring (buf) {\n return _buf2binstring(buf, buf.length);\n}\n\n\n// Convert binary string (typed, when possible)\nexport function binstring2buf (str) {\n const buf = new utils.Buf8(str.length);\n for (let i = 0, len = buf.length; i < len; i++) {\n buf[i] = str.charCodeAt(i);\n }\n return buf;\n}\n\n\n// convert array to string\nexport function buf2string (buf, max) {\n let i, out, c, c_len;\n const len = max || buf.length;\n\n // Reserve max possible length (2 words per char)\n // NB: by unknown reasons, Array is significantly faster for\n // String.fromCharCode.apply than Uint16Array.\n // var utf16buf = new Array(len * 2);\n // try Uint16Array\n const utf16buf = new Uint16Array(len * 2);\n\n for (out = 0, i = 0; i < len;) {\n c = buf[i++];\n // quick process ascii\n if (c < 0x80) {\n utf16buf[out++] = c; continue; \n }\n\n c_len = _utf8len[c];\n // skip 5 & 6 byte codes\n if (c_len > 4) {\n utf16buf[out++] = 0xfffd; i += c_len - 1; continue; \n }\n\n // apply mask on first byte\n c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;\n // join the rest\n while (c_len > 1 && i < len) {\n c = c << 6 | buf[i++] & 0x3f;\n c_len--;\n }\n\n // terminated by end of string?\n if (c_len > 1) {\n utf16buf[out++] = 0xfffd; continue; \n }\n\n if (c < 0x10000) {\n utf16buf[out++] = c;\n } else {\n c -= 0x10000;\n utf16buf[out++] = 0xd800 | c >> 10 & 0x3ff;\n utf16buf[out++] = 0xdc00 | c & 0x3ff;\n }\n }\n\n return _buf2binstring(utf16buf, out);\n}\n\n\n// Calculate max possible position in utf8 buffer,\n// that will not break sequence. If that's not possible\n// - (very small limits) return max size as is.\n//\n// buf[] - utf8 bytes array\n// max - length limit (mandatory);\nexport function utf8border (buf, max) {\n let pos;\n\n max = max || buf.length;\n if (max > buf.length) {\n max = buf.length; \n }\n\n // go back from last position, until start of sequence found\n pos = max - 1;\n while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) {\n pos--; \n }\n\n // Very small and broken sequence,\n // return max, because we should return something anyway.\n if (pos < 0) {\n return max; \n }\n\n // If we came to start of buffer - that means buffer is too small,\n // return max too.\n if (pos === 0) {\n return max; \n }\n\n return pos + _utf8len[buf[pos]] > max ? pos : max;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class ZStream {\n constructor() {\n /* next input byte */\n this.input = null; // JS specific, because we have no pointers\n this.next_in = 0;\n /* number of bytes available at input */\n this.avail_in = 0;\n /* total number of input bytes read so far */\n this.total_in = 0;\n /* next output byte should be put there */\n this.output = null; // JS specific, because we have no pointers\n this.next_out = 0;\n /* remaining free space at output */\n this.avail_out = 0;\n /* total number of bytes output so far */\n this.total_out = 0;\n /* last error message, NULL if no error */\n this.msg = ''/*Z_NULL*/;\n /* not visible by applications */\n this.state = null;\n /* best guess about the data type: binary or text */\n this.data_type = 2/*Z_UNKNOWN*/;\n /* adler32 value of the uncompressed data */\n this.adler = 0;\n }\n}","'use strict';\n\nimport * as zlib_deflate from \"./zlib/deflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\nimport { Z_NO_FLUSH, Z_FINISH,\n Z_OK, Z_STREAM_END, Z_SYNC_FLUSH,\n Z_DEFAULT_COMPRESSION,\n Z_DEFAULT_STRATEGY,\n Z_DEFLATED } from \"./zlib/constants.js\"\n\n/* ===========================================================================*/\n\n\n/**\n * class Deflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[deflate]],\n * [[deflateRaw]] and [[gzip]].\n **/\n\n/* internal\n * Deflate.chunks -> Array\n *\n * Chunks of output data, if [[Deflate#onData]] not overridden.\n **/\n\n/**\n * Deflate.result -> Uint8Array|Array\n *\n * Compressed result, generated by default [[Deflate#onData]]\n * and [[Deflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Deflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Deflate.err -> Number\n *\n * Error code after deflate finished. 0 (Z_OK) on success.\n * You will not need it in real life, because deflate errors\n * are possible only on wrong options or bad `onData` / `onEnd`\n * custom handlers.\n **/\n\n/**\n * Deflate.msg -> String\n *\n * Error message, if [[Deflate.err]] != 0\n **/\n\n\n/**\n * new Deflate(options)\n * - options (Object): zlib deflate options.\n *\n * Creates new deflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `level`\n * - `windowBits`\n * - `memLevel`\n * - `strategy`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw deflate\n * - `gzip` (Boolean) - create gzip wrapper\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n * - `header` (Object) - custom header for gzip\n * - `text` (Boolean) - true if compressed data believed to be text\n * - `time` (Number) - modification time, unix timestamp\n * - `os` (Number) - operation system code\n * - `extra` (Array) - array of bytes with extra data (max 65536)\n * - `name` (String) - file name (binary string)\n * - `comment` (String) - comment (binary string)\n * - `hcrc` (Boolean) - true if header crc should be added\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var deflate = new pako.Deflate({ level: 3});\n *\n * deflate.push(chunk1, false);\n * deflate.push(chunk2, true); // true -> last chunk\n *\n * if (deflate.err) { throw new Error(deflate.err); }\n *\n * console.log(deflate.result);\n * ```\n **/\n\nclass Deflate {\n constructor(options) {\n this.options = {\n level: Z_DEFAULT_COMPRESSION,\n method: Z_DEFLATED,\n chunkSize: 16384,\n windowBits: 15,\n memLevel: 8,\n strategy: Z_DEFAULT_STRATEGY,\n ...(options || {})\n };\n\n const opt = this.options;\n\n if (opt.raw && (opt.windowBits > 0)) {\n opt.windowBits = -opt.windowBits;\n }\n\n else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) {\n opt.windowBits += 16;\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n var status = zlib_deflate.deflateInit2(\n this.strm,\n opt.level,\n opt.method,\n opt.windowBits,\n opt.memLevel,\n opt.strategy\n );\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n if (opt.header) {\n zlib_deflate.deflateSetHeader(this.strm, opt.header);\n }\n\n if (opt.dictionary) {\n let dict;\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n // If we need to compress text, change encoding to utf8.\n dict = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n dict = new Uint8Array(opt.dictionary);\n } else {\n dict = opt.dictionary;\n }\n\n status = zlib_deflate.deflateSetDictionary(this.strm, dict);\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n this._dict_set = true;\n }\n }\n\n /**\n * Deflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be\n * converted to utf8 byte sequence.\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with\n * new compressed chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the compression context.\n *\n * On fail call [[Deflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * array format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize } } = this;\n var status, _mode;\n\n if (this.ended) { return false; }\n\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // If we need to compress text, change encoding to utf8.\n strm.input = strings.string2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n status = zlib_deflate.deflate(strm, _mode); /* no bad return value */\n\n if (status !== Z_STREAM_END && status !== Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END);\n\n // Finalize on the last chunk.\n if (_mode === Z_FINISH) {\n status = zlib_deflate.deflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === Z_SYNC_FLUSH) {\n this.onEnd(Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n /**\n * Deflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n /**\n * Deflate#onEnd(status) -> Void\n * - status (Number): deflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called once after you tell deflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n\n\n\n/**\n * deflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * Compress `data` with deflate algorithm and `options`.\n *\n * Supported options are:\n *\n * - level\n * - windowBits\n * - memLevel\n * - strategy\n * - dictionary\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , data = Uint8Array([1,2,3,4,5,6,7,8,9]);\n *\n * console.log(pako.deflate(data));\n * ```\n **/\nfunction deflate(input, options) {\n const deflator = new Deflate(options);\n\n deflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (deflator.err) { throw new Error(deflator.msg || msg[deflator.err]); }\n\n return deflator.result;\n}\n\n\n/**\n * deflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction deflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return deflate(input, options);\n}\n\n\n/**\n * gzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but create gzip wrapper instead of\n * deflate one.\n **/\nfunction gzip(input, options) {\n options = options || {};\n options.gzip = true;\n return deflate(input, options);\n}\n\nexport { Deflate, deflate, deflateRaw, gzip };\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// See state defs from inflate.js\nconst BAD = 30; /* got a data error -- remain here until reset */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\n\n/*\n Decode literal, length, and distance codes and write out the resulting\n literal and match bytes until either not enough input or output is\n available, an end-of-block is encountered, or a data error is encountered.\n When large enough input and output buffers are supplied to inflate(), for\n example, a 16K input buffer and a 64K output buffer, more than 95% of the\n inflate execution time is spent in this routine.\n\n Entry assumptions:\n\n state.mode === LEN\n strm.avail_in >= 6\n strm.avail_out >= 258\n start >= strm.avail_out\n state.bits < 8\n\n On return, state.mode is one of:\n\n LEN -- ran out of enough output space or enough available input\n TYPE -- reached end of block code, inflate() to interpret next block\n BAD -- error in block data\n\n Notes:\n\n - The maximum input bits used by a length/distance pair is 15 bits for the\n length code, 5 bits for the length extra, 15 bits for the distance code,\n and 13 bits for the distance extra. This totals 48 bits, or six bytes.\n Therefore if strm.avail_in >= 6, then there is enough input to avoid\n checking for available input while decoding.\n\n - The maximum bytes that a single length/distance pair can output is 258\n bytes, which is the maximum length that can be coded. inflate_fast()\n requires strm.avail_out >= 258 for each loop to avoid checking for\n output space.\n */\nexport default function inflate_fast(strm, start) {\n let _in; /* local strm.input */\n let _out; /* local strm.output */\n // Use `s_window` instead `window`, avoid conflict with instrumentation tools\n let hold; /* local strm.hold */\n let bits; /* local strm.bits */\n let here; /* retrieved table entry */\n let op; /* code bits, operation, extra bits, or */\n /* window position, window bytes to copy */\n let len; /* match length, unused bytes */\n let dist; /* match distance */\n let from; /* where to copy match from */\n let from_source;\n\n\n\n /* copy state to local variables */\n const state = strm.state;\n //here = state.here;\n _in = strm.next_in;\n const input = strm.input;\n const last = _in + (strm.avail_in - 5);\n _out = strm.next_out;\n const output = strm.output;\n const beg = _out - (start - strm.avail_out);\n const end = _out + (strm.avail_out - 257);\n //#ifdef INFLATE_STRICT\n const dmax = state.dmax;\n //#endif\n const wsize = state.wsize;\n const whave = state.whave;\n const wnext = state.wnext;\n const s_window = state.window;\n hold = state.hold;\n bits = state.bits;\n const lcode = state.lencode;\n const dcode = state.distcode;\n const lmask = (1 << state.lenbits) - 1;\n const dmask = (1 << state.distbits) - 1;\n\n\n /* decode literals and length/distances until end-of-block or not enough\n input data or output space */\n\n top:\n do {\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n\n here = lcode[hold & lmask];\n\n dolen:\n for (;;) { // Goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n if (op === 0) { /* literal */\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n output[_out++] = here & 0xffff/*here.val*/;\n } else if (op & 16) { /* length base */\n len = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (op) {\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n len += hold & (1 << op) - 1;\n hold >>>= op;\n bits -= op;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", len));\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n here = dcode[hold & dmask];\n\n dodist:\n for (;;) { // goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n\n if (op & 16) { /* distance base */\n dist = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n }\n dist += hold & (1 << op) - 1;\n //#ifdef INFLATE_STRICT\n if (dist > dmax) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n //#endif\n hold >>>= op;\n bits -= op;\n //Tracevv((stderr, \"inflate: distance %u\\n\", dist));\n op = _out - beg; /* max distance in output */\n if (dist > op) { /* see if copy from window */\n op = dist - op; /* distance back in window */\n if (op > whave) {\n if (state.sane) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n // if (len <= op - whave) {\n // do {\n // output[_out++] = 0;\n // } while (--len);\n // continue top;\n // }\n // len -= op - whave;\n // do {\n // output[_out++] = 0;\n // } while (--op > whave);\n // if (op === 0) {\n // from = _out - dist;\n // do {\n // output[_out++] = output[from++];\n // } while (--len);\n // continue top;\n // }\n //#endif\n }\n from = 0; // window index\n from_source = s_window;\n if (wnext === 0) { /* very common case */\n from += wsize - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n } else if (wnext < op) { /* wrap around window */\n from += wsize + wnext - op;\n op -= wnext;\n if (op < len) { /* some from end of window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = 0;\n if (wnext < len) { /* some from start of window */\n op = wnext;\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n } else { /* contiguous in window */\n from += wnext - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n while (len > 2) {\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n len -= 3;\n }\n if (len) {\n output[_out++] = from_source[from++];\n if (len > 1) {\n output[_out++] = from_source[from++];\n }\n }\n } else {\n from = _out - dist; /* copy direct from output */\n do { /* minimum length is three */\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n len -= 3;\n } while (len > 2);\n if (len) {\n output[_out++] = output[from++];\n if (len > 1) {\n output[_out++] = output[from++];\n }\n }\n }\n } else if ((op & 64) === 0) { /* 2nd level distance code */\n here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dodist;\n } else {\n strm.msg = \"invalid distance code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } else if ((op & 64) === 0) { /* 2nd level length code */\n here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dolen;\n } else if (op & 32) { /* end-of-block */\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.mode = TYPE;\n break top;\n } else {\n strm.msg = \"invalid literal/length code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } while (_in < last && _out < end);\n\n /* return unused bytes (on entry, bits < 8, so in won't go too far back) */\n len = bits >> 3;\n _in -= len;\n bits -= len << 3;\n hold &= (1 << bits) - 1;\n\n /* update state and return */\n strm.next_in = _in;\n strm.next_out = _out;\n strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last);\n strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end);\n state.hold = hold;\n state.bits = bits;\n return;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\n\nconst MAXBITS = 15;\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\nconst lbase = [ /* Length codes 257..285 base */\n 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,\n 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0\n];\n\nconst lext = [ /* Length codes 257..285 extra */\n 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,\n 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78\n];\n\nconst dbase = [ /* Distance codes 0..29 base */\n 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,\n 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,\n 8193, 12289, 16385, 24577, 0, 0\n];\n\nconst dext = [ /* Distance codes 0..29 extra */\n 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,\n 23, 23, 24, 24, 25, 25, 26, 26, 27, 27,\n 28, 28, 29, 29, 64, 64\n];\n\nexport default function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) {\n const bits = opts.bits;\n //here = opts.here; /* table entry for duplication */\n\n let len = 0; /* a code's length in bits */\n let sym = 0; /* index of code symbols */\n let min = 0, max = 0; /* minimum and maximum code lengths */\n let root = 0; /* number of index bits for root table */\n let curr = 0; /* number of index bits for current table */\n let drop = 0; /* code bits to drop for sub-table */\n let left = 0; /* number of prefix codes available */\n let used = 0; /* code entries in table used */\n let huff = 0; /* Huffman code */\n let incr; /* for incrementing code, index */\n let fill; /* index for replicating entries */\n let low; /* low bits for current root entry */\n let next; /* next available space in table */\n let base = null; /* base value table to use */\n let base_index = 0;\n // var shoextra; /* extra bits table to use */\n let end; /* use base and extra for symbol > end */\n const count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */\n const offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */\n let extra = null;\n let extra_index = 0;\n\n let here_bits, here_op, here_val;\n\n /*\n Process a set of code lengths to create a canonical Huffman code. The\n code lengths are lens[0..codes-1]. Each length corresponds to the\n symbols 0..codes-1. The Huffman code is generated by first sorting the\n symbols by length from short to long, and retaining the symbol order\n for codes with equal lengths. Then the code starts with all zero bits\n for the first code of the shortest length, and the codes are integer\n increments for the same length, and zeros are appended as the length\n increases. For the deflate format, these bits are stored backwards\n from their more natural integer increment ordering, and so when the\n decoding tables are built in the large loop below, the integer codes\n are incremented backwards.\n\n This routine assumes, but does not check, that all of the entries in\n lens[] are in the range 0..MAXBITS. The caller must assure this.\n 1..MAXBITS is interpreted as that code length. zero means that that\n symbol does not occur in this code.\n\n The codes are sorted by computing a count of codes for each length,\n creating from that a table of starting indices for each length in the\n sorted table, and then entering the symbols in order in the sorted\n table. The sorted table is work[], with that space being provided by\n the caller.\n\n The length counts are used for other purposes as well, i.e. finding\n the minimum and maximum length codes, determining if there are any\n codes at all, checking for a valid set of lengths, and looking ahead\n at length counts to determine sub-table sizes when building the\n decoding tables.\n */\n\n /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */\n for (len = 0; len <= MAXBITS; len++) {\n count[len] = 0;\n }\n for (sym = 0; sym < codes; sym++) {\n count[lens[lens_index + sym]]++;\n }\n\n /* bound code lengths, force root to be within code lengths */\n root = bits;\n for (max = MAXBITS; max >= 1; max--) {\n if (count[max] !== 0) {\n break; \n }\n }\n if (root > max) {\n root = max;\n }\n if (max === 0) { /* no symbols to code at all */\n //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */\n //table.bits[opts.table_index] = 1; //here.bits = (var char)1;\n //table.val[opts.table_index++] = 0; //here.val = (var short)0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n\n //table.op[opts.table_index] = 64;\n //table.bits[opts.table_index] = 1;\n //table.val[opts.table_index++] = 0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n opts.bits = 1;\n return 0; /* no symbols, but wait for decoding to report error */\n }\n for (min = 1; min < max; min++) {\n if (count[min] !== 0) {\n break; \n }\n }\n if (root < min) {\n root = min;\n }\n\n /* check for an over-subscribed or incomplete set of lengths */\n left = 1;\n for (len = 1; len <= MAXBITS; len++) {\n left <<= 1;\n left -= count[len];\n if (left < 0) {\n return -1;\n } /* over-subscribed */\n }\n if (left > 0 && (type === CODES || max !== 1)) {\n return -1; /* incomplete set */\n }\n\n /* generate offsets into symbol table for each length for sorting */\n offs[1] = 0;\n for (len = 1; len < MAXBITS; len++) {\n offs[len + 1] = offs[len] + count[len];\n }\n\n /* sort symbols by length, by symbol order within each length */\n for (sym = 0; sym < codes; sym++) {\n if (lens[lens_index + sym] !== 0) {\n work[offs[lens[lens_index + sym]]++] = sym;\n }\n }\n\n /*\n Create and fill in decoding tables. In this loop, the table being\n filled is at next and has curr index bits. The code being used is huff\n with length len. That code is converted to an index by dropping drop\n bits off of the bottom. For codes where len is less than drop + curr,\n those top drop + curr - len bits are incremented through all values to\n fill the table with replicated entries.\n\n root is the number of index bits for the root table. When len exceeds\n root, sub-tables are created pointed to by the root entry with an index\n of the low root bits of huff. This is saved in low to check for when a\n new sub-table should be started. drop is zero when the root table is\n being filled, and drop is root when sub-tables are being filled.\n\n When a new sub-table is needed, it is necessary to look ahead in the\n code lengths to determine what size sub-table is needed. The length\n counts are used for this, and so count[] is decremented as codes are\n entered in the tables.\n\n used keeps track of how many table entries have been allocated from the\n provided *table space. It is checked for LENS and DIST tables against\n the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in\n the initial root table size constants. See the comments in inftrees.h\n for more information.\n\n sym increments through all symbols, and the loop terminates when\n all codes of length max, i.e. all codes, have been processed. This\n routine permits incomplete codes, so another loop after this one fills\n in the rest of the decoding tables with invalid code markers.\n */\n\n /* set up for code type */\n // poor man optimization - use if-else instead of switch,\n // to avoid deopts in old v8\n if (type === CODES) {\n base = extra = work; /* dummy value--not used */\n end = 19;\n\n } else if (type === LENS) {\n base = lbase;\n base_index -= 257;\n extra = lext;\n extra_index -= 257;\n end = 256;\n\n } else { /* DISTS */\n base = dbase;\n extra = dext;\n end = -1;\n }\n\n /* initialize opts for loop */\n huff = 0; /* starting code */\n sym = 0; /* starting code symbol */\n len = min; /* starting code length */\n next = table_index; /* current table to fill in */\n curr = root; /* current table index bits */\n drop = 0; /* current bits to drop from code for index */\n low = -1; /* trigger new sub-table when len > root */\n used = 1 << root; /* use root table entries */\n const mask = used - 1; /* mask for comparing low */\n\n /* check available table space */\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* process all codes and make table entries */\n for (;;) {\n /* create table entry */\n here_bits = len - drop;\n if (work[sym] < end) {\n here_op = 0;\n here_val = work[sym];\n } else if (work[sym] > end) {\n here_op = extra[extra_index + work[sym]];\n here_val = base[base_index + work[sym]];\n } else {\n here_op = 32 + 64; /* end of block */\n here_val = 0;\n }\n\n /* replicate for those indices with low len bits equal to huff */\n incr = 1 << len - drop;\n fill = 1 << curr;\n min = fill; /* save offset to next table */\n do {\n fill -= incr;\n table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0;\n } while (fill !== 0);\n\n /* backwards increment the len-bit code huff */\n incr = 1 << len - 1;\n while (huff & incr) {\n incr >>= 1;\n }\n if (incr !== 0) {\n huff &= incr - 1;\n huff += incr;\n } else {\n huff = 0;\n }\n\n /* go to next symbol, update count, len */\n sym++;\n if (--count[len] === 0) {\n if (len === max) {\n break; \n }\n len = lens[lens_index + work[sym]];\n }\n\n /* create new sub-table if needed */\n if (len > root && (huff & mask) !== low) {\n /* if first time, transition to sub-tables */\n if (drop === 0) {\n drop = root;\n }\n\n /* increment past last table */\n next += min; /* here min is 1 << curr */\n\n /* determine length of next table */\n curr = len - drop;\n left = 1 << curr;\n while (curr + drop < max) {\n left -= count[curr + drop];\n if (left <= 0) {\n break; \n }\n curr++;\n left <<= 1;\n }\n\n /* check for enough space */\n used += 1 << curr;\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* point entry in root table to sub-table */\n low = huff & mask;\n /*table.op[low] = curr;\n table.bits[low] = root;\n table.val[low] = next - opts.table_index;*/\n table[low] = root << 24 | curr << 16 | next - table_index |0;\n }\n }\n\n /* fill in remaining table entry if code is incomplete (guaranteed to have\n at most one remaining entry, since if the code is incomplete, the\n maximum code length that was allowed to get this far is one bit) */\n if (huff !== 0) {\n //table.op[next + huff] = 64; /* invalid code marker */\n //table.bits[next + huff] = len - drop;\n //table.val[next + huff] = 0;\n table[next + huff] = len - drop << 24 | 64 << 16 |0;\n }\n\n /* set return parameters */\n //opts.table_index += used;\n opts.bits = root;\n return 0;\n}\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport inflate_fast from \"./inffast.js\";\nimport inflate_table from \"./inftrees.js\";\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_FINISH,\n Z_BLOCK,\n Z_TREES,\n Z_OK,\n Z_STREAM_END,\n Z_NEED_DICT,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/* STATES ====================================================================*/\n/* ===========================================================================*/\n\n\nconst HEAD = 1; /* i: waiting for magic header */\nconst FLAGS = 2; /* i: waiting for method and flags (gzip) */\nconst TIME = 3; /* i: waiting for modification time (gzip) */\nconst OS = 4; /* i: waiting for extra flags and operating system (gzip) */\nconst EXLEN = 5; /* i: waiting for extra length (gzip) */\nconst EXTRA = 6; /* i: waiting for extra bytes (gzip) */\nconst NAME = 7; /* i: waiting for end of file name (gzip) */\nconst COMMENT = 8; /* i: waiting for end of comment (gzip) */\nconst HCRC = 9; /* i: waiting for header crc (gzip) */\nconst DICTID = 10; /* i: waiting for dictionary check value */\nconst DICT = 11; /* waiting for inflateSetDictionary() call */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\nconst TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */\nconst STORED = 14; /* i: waiting for stored size (length and complement) */\nconst COPY_ = 15; /* i/o: same as COPY below, but only first time in */\nconst COPY = 16; /* i/o: waiting for input or output to copy stored block */\nconst TABLE = 17; /* i: waiting for dynamic block table lengths */\nconst LENLENS = 18; /* i: waiting for code length code lengths */\nconst CODELENS = 19; /* i: waiting for length/lit and distance code lengths */\nconst LEN_ = 20; /* i: same as LEN below, but only first time in */\nconst LEN = 21; /* i: waiting for length/lit/eob code */\nconst LENEXT = 22; /* i: waiting for length extra bits */\nconst DIST = 23; /* i: waiting for distance code */\nconst DISTEXT = 24; /* i: waiting for distance extra bits */\nconst MATCH = 25; /* o: waiting for output space to copy string */\nconst LIT = 26; /* o: waiting for output space to write literal */\nconst CHECK = 27; /* i: waiting for 32-bit check value */\nconst LENGTH = 28; /* i: waiting for 32-bit length (gzip) */\nconst DONE = 29; /* finished check, done -- remain here until reset */\nconst BAD = 30; /* got a data error -- remain here until reset */\n//const MEM = 31; /* got an inflate() memory error -- remain here until reset */\nconst SYNC = 32; /* looking for synchronization bytes to restart inflate() */\n\n/* ===========================================================================*/\n\n\n\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_WBITS = MAX_WBITS;\n\n\nfunction zswap32(q) {\n return (((q >>> 24) & 0xff) +\n ((q >>> 8) & 0xff00) +\n ((q & 0xff00) << 8) +\n ((q & 0xff) << 24));\n}\n\n\nclass InflateState {\n constructor() {\n this.mode = 0; /* current inflate mode */\n this.last = false; /* true if processing last block */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.havedict = false; /* true if dictionary provided */\n this.flags = 0; /* gzip header method and flags (0 if zlib) */\n this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */\n this.check = 0; /* protected copy of check value */\n this.total = 0; /* protected copy of output count */\n // TODO: may be {}\n this.head = null; /* where to save gzip header information */\n\n /* sliding window */\n this.wbits = 0; /* log base 2 of requested window size */\n this.wsize = 0; /* window size or zero if not using window */\n this.whave = 0; /* valid bytes in the window */\n this.wnext = 0; /* window write index */\n this.window = null; /* allocated sliding window, if needed */\n\n /* bit accumulator */\n this.hold = 0; /* input bit accumulator */\n this.bits = 0; /* number of bits in \"in\" */\n\n /* for string and stored block copying */\n this.length = 0; /* literal or length of data to copy */\n this.offset = 0; /* distance back to copy string from */\n\n /* for table and code decoding */\n this.extra = 0; /* extra bits needed */\n\n /* fixed and dynamic code tables */\n this.lencode = null; /* starting table for length/literal codes */\n this.distcode = null; /* starting table for distance codes */\n this.lenbits = 0; /* index bits for lencode */\n this.distbits = 0; /* index bits for distcode */\n\n /* dynamic table building */\n this.ncode = 0; /* number of code length code lengths */\n this.nlen = 0; /* number of length code lengths */\n this.ndist = 0; /* number of distance code lengths */\n this.have = 0; /* number of code lengths in lens[] */\n this.next = null; /* next available space in codes[] */\n\n this.lens = new utils.Buf16(320); /* temporary storage for code lengths */\n this.work = new utils.Buf16(288); /* work area for code table building */\n\n /*\n because we don't have pointers in js, we use lencode and distcode directly\n as buffers so we don't need codes\n */\n //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */\n this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */\n this.distdyn = null; /* dynamic table for distance codes (JS specific) */\n this.sane = 0; /* if false, allow invalid distance too far */\n this.back = 0; /* bits back of last unprocessed length/lit */\n this.was = 0; /* initial length of match */\n }\n}\n\nfunction inflateResetKeep(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n strm.total_in = strm.total_out = state.total = 0;\n strm.msg = ''; /*Z_NULL*/\n if (state.wrap) { /* to support ill-conceived Java test suite */\n strm.adler = state.wrap & 1;\n }\n state.mode = HEAD;\n state.last = 0;\n state.havedict = 0;\n state.dmax = 32768;\n state.head = null/*Z_NULL*/;\n state.hold = 0;\n state.bits = 0;\n //state.lencode = state.distcode = state.next = state.codes;\n state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);\n state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);\n\n state.sane = 1;\n state.back = -1;\n //Tracev((stderr, \"inflate: reset\\n\"));\n return Z_OK;\n}\n\nfunction inflateReset(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n state.wsize = 0;\n state.whave = 0;\n state.wnext = 0;\n return inflateResetKeep(strm);\n\n}\n\nfunction inflateReset2(strm, windowBits) {\n let wrap;\n let state;\n\n /* get the state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n /* extract wrap request from windowBits parameter */\n if (windowBits < 0) {\n wrap = 0;\n windowBits = -windowBits;\n }\n else {\n wrap = (windowBits >> 4) + 1;\n if (windowBits < 48) {\n windowBits &= 15;\n }\n }\n\n /* set number of window bits, free window if different */\n if (windowBits && (windowBits < 8 || windowBits > 15)) {\n return Z_STREAM_ERROR;\n }\n if (state.window !== null && state.wbits !== windowBits) {\n state.window = null;\n }\n\n /* update state and reset the rest of it */\n state.wrap = wrap;\n state.wbits = windowBits;\n return inflateReset(strm);\n}\n\nfunction inflateInit2(strm, windowBits) {\n let ret;\n let state;\n\n if (!strm) { return Z_STREAM_ERROR; }\n //strm.msg = Z_NULL; /* in case we return an error */\n\n state = new InflateState();\n\n //if (state === Z_NULL) return Z_MEM_ERROR;\n //Tracev((stderr, \"inflate: allocated\\n\"));\n strm.state = state;\n state.window = null/*Z_NULL*/;\n ret = inflateReset2(strm, windowBits);\n if (ret !== Z_OK) {\n strm.state = null/*Z_NULL*/;\n }\n return ret;\n}\n\nfunction inflateInit(strm) {\n return inflateInit2(strm, DEF_WBITS);\n}\n\n\n/*\n Return state with length and distance decoding tables and index sizes set to\n fixed code decoding. Normally this returns fixed tables from inffixed.h.\n If BUILDFIXED is defined, then instead this routine builds the tables the\n first time it's called, and returns those tables the first time and\n thereafter. This reduces the size of the code by about 2K bytes, in\n exchange for a little execution time. However, BUILDFIXED should not be\n used for threaded applications, since the rewriting of the tables and virgin\n may not be thread-safe.\n */\nlet virgin = true;\n\nlet lenfix, distfix; // We have no pointers in JS, so keep tables separate\n\nfunction fixedtables(state) {\n /* build fixed huffman tables if first call (may not be thread safe) */\n if (virgin) {\n let sym;\n\n lenfix = new utils.Buf32(512);\n distfix = new utils.Buf32(32);\n\n /* literal/length table */\n sym = 0;\n while (sym < 144) { state.lens[sym++] = 8; }\n while (sym < 256) { state.lens[sym++] = 9; }\n while (sym < 280) { state.lens[sym++] = 7; }\n while (sym < 288) { state.lens[sym++] = 8; }\n\n inflate_table(LENS, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 });\n\n /* distance table */\n sym = 0;\n while (sym < 32) { state.lens[sym++] = 5; }\n\n inflate_table(DISTS, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 });\n\n /* do this just once */\n virgin = false;\n }\n\n state.lencode = lenfix;\n state.lenbits = 9;\n state.distcode = distfix;\n state.distbits = 5;\n}\n\n\n/*\n Update the window with the last wsize (normally 32K) bytes written before\n returning. If window does not exist yet, create it. This is only called\n when a window is already in use, or when output has been written during this\n inflate call, but the end of the deflate stream has not been reached yet.\n It is also called to create a window for dictionary data when a dictionary\n is loaded.\n\n Providing output buffers larger than 32K to inflate() should provide a speed\n advantage, since only the last 32K of output is copied to the sliding window\n upon return from inflate(), and since all distances after the first 32K of\n output will fall in the output data, making match copies simpler and faster.\n The advantage may be dependent on the size of the processor's data caches.\n */\nfunction updatewindow(strm, src, end, copy) {\n let dist;\n const state = strm.state;\n\n /* if it hasn't been done already, allocate space for the window */\n if (state.window === null) {\n state.wsize = 1 << state.wbits;\n state.wnext = 0;\n state.whave = 0;\n\n state.window = new utils.Buf8(state.wsize);\n }\n\n /* copy state->wsize or less output bytes into the circular window */\n if (copy >= state.wsize) {\n utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);\n state.wnext = 0;\n state.whave = state.wsize;\n }\n else {\n dist = state.wsize - state.wnext;\n if (dist > copy) {\n dist = copy;\n }\n //zmemcpy(state->window + state->wnext, end - copy, dist);\n utils.arraySet(state.window, src, end - copy, dist, state.wnext);\n copy -= dist;\n if (copy) {\n //zmemcpy(state->window, end - copy, copy);\n utils.arraySet(state.window, src, end - copy, copy, 0);\n state.wnext = copy;\n state.whave = state.wsize;\n }\n else {\n state.wnext += dist;\n if (state.wnext === state.wsize) { state.wnext = 0; }\n if (state.whave < state.wsize) { state.whave += dist; }\n }\n }\n return 0;\n}\n\nfunction inflate(strm, flush) {\n let state;\n let input, output; // input/output buffers\n let next; /* next input INDEX */\n let put; /* next output INDEX */\n let have, left; /* available input and output */\n let hold; /* bit buffer */\n let bits; /* bits in bit buffer */\n let _in, _out; /* save starting available input and output */\n let copy; /* number of stored or match bytes to copy */\n let from; /* where to copy match bytes from */\n let from_source;\n let here = 0; /* current decoding table entry */\n let here_bits, here_op, here_val; // paked \"here\" denormalized (JS specific)\n //var last; /* parent table entry */\n let last_bits, last_op, last_val; // paked \"last\" denormalized (JS specific)\n let len; /* length to copy for repeats, bits to drop */\n let ret; /* return code */\n let hbuf = new utils.Buf8(4); /* buffer for gzip header crc calculation */\n let opts;\n\n let n; // temporary var for NEED_BITS\n\n const order = /* permutation of code lengths */\n [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];\n\n\n if (!strm || !strm.state || !strm.output ||\n (!strm.input && strm.avail_in !== 0)) {\n return Z_STREAM_ERROR;\n }\n\n state = strm.state;\n if (state.mode === TYPE) { state.mode = TYPEDO; } /* skip check */\n\n\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n _in = have;\n _out = left;\n ret = Z_OK;\n\n inf_leave: // goto emulation\n for (;;) {\n switch (state.mode) {\n case HEAD:\n if (state.wrap === 0) {\n state.mode = TYPEDO;\n break;\n }\n //=== NEEDBITS(16);\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */\n state.check = 0/*crc32(0L, Z_NULL, 0)*/;\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = FLAGS;\n break;\n }\n state.flags = 0; /* expect zlib header */\n if (state.head) {\n state.head.done = false;\n }\n if (!(state.wrap & 1) || /* check if zlib header allowed */\n (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {\n strm.msg = 'incorrect header check';\n state.mode = BAD;\n break;\n }\n if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n len = (hold & 0x0f)/*BITS(4)*/ + 8;\n if (state.wbits === 0) {\n state.wbits = len;\n }\n else if (len > state.wbits) {\n strm.msg = 'invalid window size';\n state.mode = BAD;\n break;\n }\n state.dmax = 1 << len;\n //Tracev((stderr, \"inflate: zlib header ok\\n\"));\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = hold & 0x200 ? DICTID : TYPE;\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n break;\n case FLAGS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.flags = hold;\n if ((state.flags & 0xff) !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n if (state.flags & 0xe000) {\n strm.msg = 'unknown header flags set';\n state.mode = BAD;\n break;\n }\n if (state.head) {\n state.head.text = ((hold >> 8) & 1);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = TIME;\n /* falls through */\n case TIME:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.time = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC4(state.check, hold)\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n hbuf[2] = (hold >>> 16) & 0xff;\n hbuf[3] = (hold >>> 24) & 0xff;\n state.check = crc32(state.check, hbuf, 4, 0);\n //===\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = OS;\n /* falls through */\n case OS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.xflags = (hold & 0xff);\n state.head.os = (hold >> 8);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = EXLEN;\n /* falls through */\n case EXLEN:\n if (state.flags & 0x0400) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length = hold;\n if (state.head) {\n state.head.extra_len = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n else if (state.head) {\n state.head.extra = null/*Z_NULL*/;\n }\n state.mode = EXTRA;\n /* falls through */\n case EXTRA:\n if (state.flags & 0x0400) {\n copy = state.length;\n if (copy > have) { copy = have; }\n if (copy) {\n if (state.head) {\n len = state.head.extra_len - state.length;\n if (!state.head.extra) {\n // Use untyped array for more convenient processing later\n state.head.extra = new Array(state.head.extra_len);\n }\n utils.arraySet(\n state.head.extra,\n input,\n next,\n // extra field is limited to 65536 bytes\n // - no need for additional size check\n copy,\n /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/\n len\n );\n //zmemcpy(state.head.extra + len, next,\n // len + copy > state.head.extra_max ?\n // state.head.extra_max - len : copy);\n }\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n state.length -= copy;\n }\n if (state.length) { break inf_leave; }\n }\n state.length = 0;\n state.mode = NAME;\n /* falls through */\n case NAME:\n if (state.flags & 0x0800) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n // TODO: 2 or 1 bytes?\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.name_max*/)) {\n state.head.name += String.fromCharCode(len);\n }\n } while (len && copy < have);\n\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.name = null;\n }\n state.length = 0;\n state.mode = COMMENT;\n /* falls through */\n case COMMENT:\n if (state.flags & 0x1000) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.comm_max*/)) {\n state.head.comment += String.fromCharCode(len);\n }\n } while (len && copy < have);\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.comment = null;\n }\n state.mode = HCRC;\n /* falls through */\n case HCRC:\n if (state.flags & 0x0200) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.check & 0xffff)) {\n strm.msg = 'header crc mismatch';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n if (state.head) {\n state.head.hcrc = ((state.flags >> 9) & 1);\n state.head.done = true;\n }\n strm.adler = state.check = 0;\n state.mode = TYPE;\n break;\n case DICTID:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n strm.adler = state.check = zswap32(hold);\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = DICT;\n /* falls through */\n case DICT:\n if (state.havedict === 0) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n return Z_NEED_DICT;\n }\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = TYPE;\n /* falls through */\n case TYPE:\n if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case TYPEDO:\n if (state.last) {\n //--- BYTEBITS() ---//\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n state.mode = CHECK;\n break;\n }\n //=== NEEDBITS(3); */\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.last = (hold & 0x01)/*BITS(1)*/;\n //--- DROPBITS(1) ---//\n hold >>>= 1;\n bits -= 1;\n //---//\n\n switch ((hold & 0x03)/*BITS(2)*/) {\n case 0: /* stored block */\n //Tracev((stderr, \"inflate: stored block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = STORED;\n break;\n case 1: /* fixed block */\n fixedtables(state);\n //Tracev((stderr, \"inflate: fixed codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = LEN_; /* decode codes */\n if (flush === Z_TREES) {\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break inf_leave;\n }\n break;\n case 2: /* dynamic block */\n //Tracev((stderr, \"inflate: dynamic codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = TABLE;\n break;\n case 3:\n strm.msg = 'invalid block type';\n state.mode = BAD;\n }\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break;\n case STORED:\n //--- BYTEBITS() ---// /* go to byte boundary */\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {\n strm.msg = 'invalid stored block lengths';\n state.mode = BAD;\n break;\n }\n state.length = hold & 0xffff;\n //Tracev((stderr, \"inflate: stored length %u\\n\",\n // state.length));\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = COPY_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case COPY_:\n state.mode = COPY;\n /* falls through */\n case COPY:\n copy = state.length;\n if (copy) {\n if (copy > have) { copy = have; }\n if (copy > left) { copy = left; }\n if (copy === 0) { break inf_leave; }\n //--- zmemcpy(put, next, copy); ---\n utils.arraySet(output, input, next, copy, put);\n //---//\n have -= copy;\n next += copy;\n left -= copy;\n put += copy;\n state.length -= copy;\n break;\n }\n //Tracev((stderr, \"inflate: stored end\\n\"));\n state.mode = TYPE;\n break;\n case TABLE:\n //=== NEEDBITS(14); */\n while (bits < 14) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n//#ifndef PKZIP_BUG_WORKAROUND\n if (state.nlen > 286 || state.ndist > 30) {\n strm.msg = 'too many length or distance symbols';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracev((stderr, \"inflate: table sizes ok\\n\"));\n state.have = 0;\n state.mode = LENLENS;\n /* falls through */\n case LENLENS:\n while (state.have < state.ncode) {\n //=== NEEDBITS(3);\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n while (state.have < 19) {\n state.lens[order[state.have++]] = 0;\n }\n // We have separate tables & no pointers. 2 commented lines below not needed.\n //state.next = state.codes;\n //state.lencode = state.next;\n // Switch to use dynamic table\n state.lencode = state.lendyn;\n state.lenbits = 7;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);\n state.lenbits = opts.bits;\n\n if (ret) {\n strm.msg = 'invalid code lengths set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, \"inflate: code lengths ok\\n\"));\n state.have = 0;\n state.mode = CODELENS;\n /* falls through */\n case CODELENS:\n while (state.have < state.nlen + state.ndist) {\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_val < 16) {\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.lens[state.have++] = here_val;\n }\n else {\n if (here_val === 16) {\n //=== NEEDBITS(here.bits + 2);\n n = here_bits + 2;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n if (state.have === 0) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n len = state.lens[state.have - 1];\n copy = 3 + (hold & 0x03);//BITS(2);\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n }\n else if (here_val === 17) {\n //=== NEEDBITS(here.bits + 3);\n n = here_bits + 3;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 3 + (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n else {\n //=== NEEDBITS(here.bits + 7);\n n = here_bits + 7;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 11 + (hold & 0x7f);//BITS(7);\n //--- DROPBITS(7) ---//\n hold >>>= 7;\n bits -= 7;\n //---//\n }\n if (state.have + copy > state.nlen + state.ndist) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n while (copy--) {\n state.lens[state.have++] = len;\n }\n }\n }\n\n /* handle error breaks in while */\n if (state.mode === BAD) { break; }\n\n /* check for end-of-block code (better have one) */\n if (state.lens[256] === 0) {\n strm.msg = 'invalid code -- missing end-of-block';\n state.mode = BAD;\n break;\n }\n\n /* build code tables -- note: do not change the lenbits or distbits\n values here (9 and 6) without reading the comments in inftrees.h\n concerning the ENOUGH constants, which depend on those values */\n state.lenbits = 9;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.lenbits = opts.bits;\n // state.lencode = state.next;\n\n if (ret) {\n strm.msg = 'invalid literal/lengths set';\n state.mode = BAD;\n break;\n }\n\n state.distbits = 6;\n //state.distcode.copy(state.codes);\n // Switch to use dynamic table\n state.distcode = state.distdyn;\n opts = { bits: state.distbits };\n ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.distbits = opts.bits;\n // state.distcode = state.next;\n\n if (ret) {\n strm.msg = 'invalid distances set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, 'inflate: codes ok\\n'));\n state.mode = LEN_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case LEN_:\n state.mode = LEN;\n /* falls through */\n case LEN:\n if (have >= 6 && left >= 258) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n inflate_fast(strm, _out);\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n if (state.mode === TYPE) {\n state.back = -1;\n }\n break;\n }\n state.back = 0;\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if (here_bits <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_op && (here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.lencode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n state.length = here_val;\n if (here_op === 0) {\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n state.mode = LIT;\n break;\n }\n if (here_op & 32) {\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.back = -1;\n state.mode = TYPE;\n break;\n }\n if (here_op & 64) {\n strm.msg = 'invalid literal/length code';\n state.mode = BAD;\n break;\n }\n state.extra = here_op & 15;\n state.mode = LENEXT;\n /* falls through */\n case LENEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", state.length));\n state.was = state.length;\n state.mode = DIST;\n /* falls through */\n case DIST:\n for (;;) {\n here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if ((here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.distcode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n if (here_op & 64) {\n strm.msg = 'invalid distance code';\n state.mode = BAD;\n break;\n }\n state.offset = here_val;\n state.extra = (here_op) & 15;\n state.mode = DISTEXT;\n /* falls through */\n case DISTEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n//#ifdef INFLATE_STRICT\n if (state.offset > state.dmax) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracevv((stderr, \"inflate: distance %u\\n\", state.offset));\n state.mode = MATCH;\n /* falls through */\n case MATCH:\n if (left === 0) { break inf_leave; }\n copy = _out - left;\n if (state.offset > copy) { /* copy from window */\n copy = state.offset - copy;\n if (copy > state.whave) {\n if (state.sane) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n// (!) This block is disabled in zlib defaults,\n// don't enable it for binary compatibility\n//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n// Trace((stderr, \"inflate.c too far\\n\"));\n// copy -= state.whave;\n// if (copy > state.length) { copy = state.length; }\n// if (copy > left) { copy = left; }\n// left -= copy;\n// state.length -= copy;\n// do {\n// output[put++] = 0;\n// } while (--copy);\n// if (state.length === 0) { state.mode = LEN; }\n// break;\n//#endif\n }\n if (copy > state.wnext) {\n copy -= state.wnext;\n from = state.wsize - copy;\n }\n else {\n from = state.wnext - copy;\n }\n if (copy > state.length) { copy = state.length; }\n from_source = state.window;\n }\n else { /* copy from output */\n from_source = output;\n from = put - state.offset;\n copy = state.length;\n }\n if (copy > left) { copy = left; }\n left -= copy;\n state.length -= copy;\n do {\n output[put++] = from_source[from++];\n } while (--copy);\n if (state.length === 0) { state.mode = LEN; }\n break;\n case LIT:\n if (left === 0) { break inf_leave; }\n output[put++] = state.length;\n left--;\n state.mode = LEN;\n break;\n case CHECK:\n if (state.wrap) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n // Use '|' instead of '+' to make sure that result is signed\n hold |= input[next++] << bits;\n bits += 8;\n }\n //===//\n _out -= left;\n strm.total_out += _out;\n state.total += _out;\n if (_out) {\n strm.adler = state.check =\n /*UPDATE(state.check, put - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));\n\n }\n _out = left;\n // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too\n if ((state.flags ? hold : zswap32(hold)) !== state.check) {\n strm.msg = 'incorrect data check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: check matches trailer\\n\"));\n }\n state.mode = LENGTH;\n /* falls through */\n case LENGTH:\n if (state.wrap && state.flags) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.total & 0xffffffff)) {\n strm.msg = 'incorrect length check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: length matches trailer\\n\"));\n }\n state.mode = DONE;\n /* falls through */\n case DONE:\n ret = Z_STREAM_END;\n break inf_leave;\n case BAD:\n ret = Z_DATA_ERROR;\n break inf_leave;\n // case MEM:\n // return Z_MEM_ERROR;\n case SYNC:\n /* falls through */\n default:\n return Z_STREAM_ERROR;\n }\n }\n\n // inf_leave <- here is real place for \"goto inf_leave\", emulated via \"break inf_leave\"\n\n /*\n Return from inflate(), updating the total counts and the check value.\n If there was no progress during the inflate() call, return a buffer\n error. Call updatewindow() to create and/or update the window state.\n Note: a memory error from inflate() is non-recoverable.\n */\n\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n\n if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&\n (state.mode < CHECK || flush !== Z_FINISH))) {\n if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n }\n }\n _in -= strm.avail_in;\n _out -= strm.avail_out;\n strm.total_in += _in;\n strm.total_out += _out;\n state.total += _out;\n if (state.wrap && _out) {\n strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));\n }\n strm.data_type = state.bits + (state.last ? 64 : 0) +\n (state.mode === TYPE ? 128 : 0) +\n (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);\n if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {\n ret = Z_BUF_ERROR;\n }\n return ret;\n}\n\nfunction inflateEnd(strm) {\n\n if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {\n return Z_STREAM_ERROR;\n }\n\n const state = strm.state;\n if (state.window) {\n state.window = null;\n }\n strm.state = null;\n return Z_OK;\n}\n\nfunction inflateGetHeader(strm, head) {\n let state;\n\n /* check state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }\n\n /* save header structure */\n state.head = head;\n head.done = false;\n return Z_OK;\n}\n\nfunction inflateSetDictionary(strm, dictionary) {\n const dictLength = dictionary.length;\n\n let state;\n let dictid;\n let ret;\n\n /* check state */\n if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n if (state.wrap !== 0 && state.mode !== DICT) {\n return Z_STREAM_ERROR;\n }\n\n /* check for correct dictionary identifier */\n if (state.mode === DICT) {\n dictid = 1; /* adler32(0, null, 0)*/\n /* dictid = adler32(dictid, dictionary, dictLength); */\n dictid = adler32(dictid, dictionary, dictLength, 0);\n if (dictid !== state.check) {\n return Z_DATA_ERROR;\n }\n }\n /* copy dictionary to window using updatewindow(), which will amend the\n existing dictionary if appropriate */\n ret = updatewindow(strm, dictionary, dictLength, dictLength);\n // if (ret) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n // }\n state.havedict = 1;\n // Tracev((stderr, \"inflate: dictionary set\\n\"));\n return Z_OK;\n}\n\nconst inflateInfo = 'pako inflate (from Nodeca project)';\n\nexport {\n inflateReset,\n inflateReset2,\n inflateResetKeep,\n inflateInit,\n inflateInit2,\n inflate,\n inflateEnd,\n inflateGetHeader,\n inflateSetDictionary,\n inflateInfo\n};\n\n/* Not implemented\nexports.inflateCopy = inflateCopy;\nexports.inflateGetDictionary = inflateGetDictionary;\nexports.inflateMark = inflateMark;\nexports.inflatePrime = inflatePrime;\nexports.inflateSync = inflateSync;\nexports.inflateSyncPoint = inflateSyncPoint;\nexports.inflateUndermine = inflateUndermine;\n*/\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class GZheader {\n constructor() {\n /* true if compressed data believed to be text */\n this.text = 0;\n /* modification time */\n this.time = 0;\n /* extra flags (not used when writing a gzip file) */\n this.xflags = 0;\n /* operating system */\n this.os = 0;\n /* pointer to extra field or Z_NULL if none */\n this.extra = null;\n /* extra field length (valid if extra != Z_NULL) */\n this.extra_len = 0; // Actually, we don't need it in JS,\n // but leave for few code modifications\n\n //\n // Setup limits is not necessary because in js we should not preallocate memory\n // for inflate use constant limit in 65536 bytes\n //\n\n /* space at extra (only when reading header) */\n // this.extra_max = 0;\n /* pointer to zero-terminated file name or Z_NULL */\n this.name = '';\n /* space at name (only when reading header) */\n // this.name_max = 0;\n /* pointer to zero-terminated comment or Z_NULL */\n this.comment = '';\n /* space at comment (only when reading header) */\n // this.comm_max = 0;\n /* true if there was or will be a header crc */\n this.hcrc = 0;\n /* true when done reading gzip header (not used when writing a gzip file) */\n this.done = false;\n }\n}","'use strict';\n\nimport * as zlib_inflate from \"./zlib/inflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport * as c from \"./zlib/constants.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\nimport GZheader from \"./zlib/gzheader.js\";\n\n/**\n * class Inflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[inflate]]\n * and [[inflateRaw]].\n **/\n\n/* internal\n * inflate.chunks -> Array\n *\n * Chunks of output data, if [[Inflate#onData]] not overridden.\n **/\n\n/**\n * Inflate.result -> Uint8Array|Array|String\n *\n * Uncompressed result, generated by default [[Inflate#onData]]\n * and [[Inflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Inflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Inflate.err -> Number\n *\n * Error code after inflate finished. 0 (Z_OK) on success.\n * Should be checked if broken data possible.\n **/\n\n/**\n * Inflate.msg -> String\n *\n * Error message, if [[Inflate.err]] != 0\n **/\n\n\n/**\n * new Inflate(options)\n * - options (Object): zlib inflate options.\n *\n * Creates new inflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `windowBits`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw inflate\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n * By default, when no options set, autodetect deflate/gzip data format via\n * wrapper header.\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var inflate = new pako.Inflate({ level: 3});\n *\n * inflate.push(chunk1, false);\n * inflate.push(chunk2, true); // true -> last chunk\n *\n * if (inflate.err) { throw new Error(inflate.err); }\n *\n * console.log(inflate.result);\n * ```\n **/\nclass Inflate {\n constructor(options) {\n this.options = {\n chunkSize: 16384,\n windowBits: 0,\n ...(options || {})\n };\n\n const opt = this.options;\n\n // Force window size for `raw` data, if not set directly,\n // because we have no header for autodetect.\n if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {\n opt.windowBits = -opt.windowBits;\n if (opt.windowBits === 0) { opt.windowBits = -15; }\n }\n\n // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate\n if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&\n !(options && options.windowBits)) {\n opt.windowBits += 32;\n }\n\n // Gzip header has no info about windows size, we can do autodetect only\n // for deflate. So, if window size not set, force it to max when gzip possible\n if ((opt.windowBits > 15) && (opt.windowBits < 48)) {\n // bit 3 (16) -> gzipped data\n // bit 4 (32) -> autodetect gzip/deflate\n if ((opt.windowBits & 15) === 0) {\n opt.windowBits |= 15;\n }\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n let status = zlib_inflate.inflateInit2(\n this.strm,\n opt.windowBits\n );\n\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n\n this.header = new GZheader();\n\n zlib_inflate.inflateGetHeader(this.strm, this.header);\n\n // Setup dictionary\n if (opt.dictionary) {\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n opt.dictionary = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n opt.dictionary = new Uint8Array(opt.dictionary);\n }\n if (opt.raw) { //In raw mode we need to set the dictionary early\n status = zlib_inflate.inflateSetDictionary(this.strm, opt.dictionary);\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n }\n }\n }\n /**\n * Inflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with\n * new output chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the decompression context.\n *\n * On fail call [[Inflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize, dictionary } } = this;\n let status, _mode;\n let next_out_utf8, tail, utf8str;\n\n // Flag to properly process Z_BUF_ERROR on testing inflate call\n // when we check that all output data was flushed.\n let allowBufError = false;\n\n if (this.ended) { return false; }\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // Only binary strings can be decompressed on practice\n strm.input = strings.binstring2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n\n status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH); /* no bad return value */\n\n if (status === c.Z_NEED_DICT && dictionary) {\n status = zlib_inflate.inflateSetDictionary(this.strm, dictionary);\n }\n\n if (status === c.Z_BUF_ERROR && allowBufError === true) {\n status = c.Z_OK;\n allowBufError = false;\n }\n\n if (status !== c.Z_STREAM_END && status !== c.Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n\n if (strm.next_out) {\n if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n }\n\n // When no more input data, we should check that internal inflate buffers\n // are flushed. The only way to do it when avail_out = 0 - run one more\n // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.\n // Here we set flag to process this error properly.\n //\n // NOTE. Deflate does not return error in this case and does not needs such\n // logic.\n if (strm.avail_in === 0 && strm.avail_out === 0) {\n allowBufError = true;\n }\n\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);\n\n if (status === c.Z_STREAM_END) {\n _mode = c.Z_FINISH;\n }\n\n // Finalize on the last chunk.\n if (_mode === c.Z_FINISH) {\n status = zlib_inflate.inflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === c.Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === c.Z_SYNC_FLUSH) {\n this.onEnd(c.Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n\n /**\n * Inflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n\n\n /**\n * Inflate#onEnd(status) -> Void\n * - status (Number): inflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called either after you tell inflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === c.Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n/**\n * inflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Decompress `data` with inflate/ungzip and `options`. Autodetect\n * format via wrapper header by default. That's why we don't provide\n * separate `ungzip` method.\n *\n * Supported options are:\n *\n * - windowBits\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , input = pako.deflate([1,2,3,4,5,6,7,8,9])\n * , output;\n *\n * try {\n * output = pako.inflate(input);\n * } catch (err)\n * console.log(err);\n * }\n * ```\n **/\nfunction inflate(input, options) {\n const inflator = new Inflate(options);\n\n inflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (inflator.err) { throw new Error(inflator.msg || msg[inflator.err]); }\n\n return inflator.result;\n}\n\n\n/**\n * inflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * The same as [[inflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction inflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return inflate(input, options);\n}\n\n\n/**\n * ungzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Just shortcut to [[inflate]], because it autodetects format\n * by header.content. Done for convenience.\n **/\n\nexport { Inflate, inflate, inflateRaw, inflate as ungzip };\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuer,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.signedHashValue = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n this.params = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length));\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false) {\n if (key.version === 5) {\n this.version = 5;\n } else {\n this.version = 4;\n }\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = [];\n this.unhashedSubpackets.forEach(data => {\n arr.push(writeSimpleLength(data.length));\n arr.push(data);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n // V4 signature sub packets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n if (!hashed) {\n this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n mypos++;\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuer:\n // Issuer\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion === 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n default: {\n const err = new Error(`Unknown signature subpacket type ${type}`);\n if (critical) {\n throw err;\n } else {\n util.printDebug(err);\n }\n }\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, 2));\n\n let i = 2;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n constructor() {\n /** A one-octet version number. The current version is 3. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** An eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current version is 3.\n this.version = bytes[mypos++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n // An eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]);\n\n const end = new Uint8Array([this.flags]);\n\n return util.concatUint8Array([start, this.issuerKeyID.write(), end]);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID)\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnsupportedError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Deflate } from '@openpgp/pako/lib/deflate';\nimport { Inflate } from '@openpgp/pako/lib/inflate';\nimport { Z_SYNC_FLUSH, Z_FINISH } from '@openpgp/pako/lib/zlib/constants';\nimport { decode as BunzipDecode } from '@openpgp/seek-bzip';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n\n /**\n * zip/zlib compression level, between 1 and 9\n */\n this.deflateLevel = config.deflateLevel;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName];\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write(), this.deflateLevel);\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nconst nodeZlib = util.getNodeZlib();\n\nfunction uncompressed(data) {\n return data;\n}\n\nfunction node_zlib(func, create, options = {}) {\n return function (data) {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(data => {\n return new Promise((resolve, reject) => {\n func(data, options, (err, result) => {\n if (err) return reject(err);\n resolve(result);\n });\n });\n }));\n }\n return stream.nodeToWeb(stream.webToNode(data).pipe(create(options)));\n };\n}\n\nfunction pako_zlib(constructor, options = {}) {\n return function(data) {\n const obj = new constructor(options);\n return stream.transform(data, value => {\n if (value.length) {\n obj.push(value, Z_SYNC_FLUSH);\n return obj.result;\n }\n }, () => {\n if (constructor === Deflate) {\n obj.push([], Z_FINISH);\n return obj.result;\n }\n });\n };\n}\n\nfunction bzip2(func) {\n return function(data) {\n return stream.fromAsync(async () => func(await stream.readToEnd(data)));\n };\n}\n\nconst compress_fns = nodeZlib ? {\n zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed)\n} : {\n zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed)\n};\n\nconst decompress_fns = nodeZlib ? {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw),\n zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n} : {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }),\n zlib: /*#__PURE__*/ pako_zlib(Inflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n constructor() {\n this.version = VERSION;\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n // - A one-octet version number. The only currently defined value is 1.\n if (version !== VERSION) {\n throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`);\n }\n\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n return util.concat([new Uint8Array([VERSION]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n let packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await this.crypt('decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await this.crypt('encrypt', key, data);\n }\n\n /**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\n async crypt(fn, key, data) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const modeInstance = await mode(this.cipherAlgorithm, key);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const adataBuffer = new ArrayBuffer(21);\n const adataArray = new Uint8Array(adataBuffer, 0, 13);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n const iv = this.iv;\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new stream.TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray);\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...)\n cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray);\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = 3;\n\n this.publicKeyID = new KeyID();\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n i += this.publicKeyID.read(bytes.subarray(i));\n this.publicKeyAlgorithm = bytes[i++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version);\n if (this.publicKeyAlgorithm === enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version]),\n this.publicKeyID.write(),\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n // v3 Montgomery curves have cleartext cipher algo\n if (this.publicKeyAlgorithm !== enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = sessionKeyAlgorithm;\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // add checksum\n return util.concatUint8Array([\n new Uint8Array([cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n }\n case enums.publicKey.x25519:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm);\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n return {\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n * @private\n */\n\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport { UnsupportedError } from '../packet/packet';\nimport util from '../util';\n\nclass S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = 'iterated';\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n try {\n this.type = enums.read(enums.s2k, bytes[i++]);\n } catch (err) {\n throw new UnsupportedError('Unknown S2K type.');\n }\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport S2K from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 5 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = enums.symmetric.aes256;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number. The only currently defined version is 4.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version === 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n this.s2k = new S2K();\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version === 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, key);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n } else {\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const encryptionKey = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v5Keys ? 5 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes) {\n let pos = 0;\n // A one-octet version number (3, 4 or 5).\n this.version = bytes[pos++];\n\n if (this.version === 4 || this.version === 5) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version === 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version === 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n if (version === 5) {\n return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]);\n }\n return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version === 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version === 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport S2K from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n this.s2k = new S2K();\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipher(this.symmetric).blockSize\n );\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n const cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...this.s2k.write());\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = new S2K(config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n\n const { blockSize } = crypto.getCipher(this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = enums.aead.eax;\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } else {\n this.s2kUsage = 254;\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\nasync function produceEncryptionKey(s2k, passphrase, algorithm) {\n const { keySize } = crypto.getCipher(algorithm);\n return s2k.produceKey(passphrase, keySize);\n}\n\nexport default SecretKeyPacket;\n","\n// email-addresses.js - RFC 5322 email address parser\n// v 3.1.0\n//\n// http://tools.ietf.org/html/rfc5322\n//\n// This library does not validate email addresses.\n// emailAddresses attempts to parse addresses using the (fairly liberal)\n// grammar specified in RFC 5322.\n//\n// email-addresses returns {\n// ast: ,\n// addresses: [{\n// node: ,\n// name: ,\n// address: ,\n// local: ,\n// domain: \n// }, ...]\n// }\n//\n// emailAddresses.parseOneAddress and emailAddresses.parseAddressList\n// work as you might expect. Try it out.\n//\n// Many thanks to Dominic Sayers and his documentation on the is_email function,\n// http://code.google.com/p/isemail/ , which helped greatly in writing this parser.\n\n(function (global) {\n\"use strict\";\n\nfunction parse5322(opts) {\n\n // tokenizing functions\n\n function inStr() { return pos < len; }\n function curTok() { return parseString[pos]; }\n function getPos() { return pos; }\n function setPos(i) { pos = i; }\n function nextTok() { pos += 1; }\n function initialize() {\n pos = 0;\n len = parseString.length;\n }\n\n // parser helper functions\n\n function o(name, value) {\n return {\n name: name,\n tokens: value || \"\",\n semantic: value || \"\",\n children: []\n };\n }\n\n function wrap(name, ast) {\n var n;\n if (ast === null) { return null; }\n n = o(name);\n n.tokens = ast.tokens;\n n.semantic = ast.semantic;\n n.children.push(ast);\n return n;\n }\n\n function add(parent, child) {\n if (child !== null) {\n parent.tokens += child.tokens;\n parent.semantic += child.semantic;\n }\n parent.children.push(child);\n return parent;\n }\n\n function compareToken(fxnCompare) {\n var tok;\n if (!inStr()) { return null; }\n tok = curTok();\n if (fxnCompare(tok)) {\n nextTok();\n return o('token', tok);\n }\n return null;\n }\n\n function literal(lit) {\n return function literalFunc() {\n return wrap('literal', compareToken(function (tok) {\n return tok === lit;\n }));\n };\n }\n\n function and() {\n var args = arguments;\n return function andFunc() {\n var i, s, result, start;\n start = getPos();\n s = o('and');\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result === null) {\n setPos(start);\n return null;\n }\n add(s, result);\n }\n return s;\n };\n }\n\n function or() {\n var args = arguments;\n return function orFunc() {\n var i, result, start;\n start = getPos();\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result !== null) {\n return result;\n }\n setPos(start);\n }\n return null;\n };\n }\n\n function opt(prod) {\n return function optFunc() {\n var result, start;\n start = getPos();\n result = prod();\n if (result !== null) {\n return result;\n }\n else {\n setPos(start);\n return o('opt');\n }\n };\n }\n\n function invis(prod) {\n return function invisFunc() {\n var result = prod();\n if (result !== null) {\n result.semantic = \"\";\n }\n return result;\n };\n }\n\n function colwsp(prod) {\n return function collapseSemanticWhitespace() {\n var result = prod();\n if (result !== null && result.semantic.length > 0) {\n result.semantic = \" \";\n }\n return result;\n };\n }\n\n function star(prod, minimum) {\n return function starFunc() {\n var s, result, count, start, min;\n start = getPos();\n s = o('star');\n count = 0;\n min = minimum === undefined ? 0 : minimum;\n while ((result = prod()) !== null) {\n count = count + 1;\n add(s, result);\n }\n if (count >= min) {\n return s;\n }\n else {\n setPos(start);\n return null;\n }\n };\n }\n\n // One expects names to get normalized like this:\n // \" First Last \" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n function collapseWhitespace(s) {\n return s.replace(/([ \\t]|\\r\\n)+/g, ' ').replace(/^\\s*/, '').replace(/\\s*$/, '');\n }\n\n // UTF-8 pseudo-production (RFC 6532)\n // RFC 6532 extends RFC 5322 productions to include UTF-8\n // using the following productions:\n // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4\n // UTF8-2 = \n // UTF8-3 = \n // UTF8-4 = \n //\n // For reference, the extended RFC 5322 productions are:\n // VCHAR =/ UTF8-non-ascii\n // ctext =/ UTF8-non-ascii\n // atext =/ UTF8-non-ascii\n // qtext =/ UTF8-non-ascii\n // dtext =/ UTF8-non-ascii\n function isUTF8NonAscii(tok) {\n // In JavaScript, we just deal directly with Unicode code points,\n // so we aren't checking individual bytes for UTF-8 encoding.\n // Just check that the character is non-ascii.\n return tok.charCodeAt(0) >= 128;\n }\n\n\n // common productions (RFC 5234)\n // http://tools.ietf.org/html/rfc5234\n // B.1. Core Rules\n\n // CR = %x0D\n // ; carriage return\n function cr() { return wrap('cr', literal('\\r')()); }\n\n // CRLF = CR LF\n // ; Internet standard newline\n function crlf() { return wrap('crlf', and(cr, lf)()); }\n\n // DQUOTE = %x22\n // ; \" (Double Quote)\n function dquote() { return wrap('dquote', literal('\"')()); }\n\n // HTAB = %x09\n // ; horizontal tab\n function htab() { return wrap('htab', literal('\\t')()); }\n\n // LF = %x0A\n // ; linefeed\n function lf() { return wrap('lf', literal('\\n')()); }\n\n // SP = %x20\n function sp() { return wrap('sp', literal(' ')()); }\n\n // VCHAR = %x21-7E\n // ; visible (printing) characters\n function vchar() {\n return wrap('vchar', compareToken(function vcharFunc(tok) {\n var code = tok.charCodeAt(0);\n var accept = (0x21 <= code && code <= 0x7E);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // WSP = SP / HTAB\n // ; white space\n function wsp() { return wrap('wsp', or(sp, htab)()); }\n\n\n // email productions (RFC 5322)\n // http://tools.ietf.org/html/rfc5322\n // 3.2.1. Quoted characters\n\n // quoted-pair = (\"\\\" (VCHAR / WSP)) / obs-qp\n function quotedPair() {\n var qp = wrap('quoted-pair',\n or(\n and(literal('\\\\'), or(vchar, wsp)),\n obsQP\n )());\n if (qp === null) { return null; }\n // a quoted pair will be two characters, and the \"\\\" character\n // should be semantically \"invisible\" (RFC 5322 3.2.1)\n qp.semantic = qp.semantic[1];\n return qp;\n }\n\n // 3.2.2. Folding White Space and Comments\n\n // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS\n function fws() {\n return wrap('fws', or(\n obsFws,\n and(\n opt(and(\n star(wsp),\n invis(crlf)\n )),\n star(wsp, 1)\n )\n )());\n }\n\n // ctext = %d33-39 / ; Printable US-ASCII\n // %d42-91 / ; characters not including\n // %d93-126 / ; \"(\", \")\", or \"\\\"\n // obs-ctext\n function ctext() {\n return wrap('ctext', or(\n function ctextFunc1() {\n return compareToken(function ctextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 39) ||\n (42 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsCtext\n )());\n }\n\n // ccontent = ctext / quoted-pair / comment\n function ccontent() {\n return wrap('ccontent', or(ctext, quotedPair, comment)());\n }\n\n // comment = \"(\" *([FWS] ccontent) [FWS] \")\"\n function comment() {\n return wrap('comment', and(\n literal('('),\n star(and(opt(fws), ccontent)),\n opt(fws),\n literal(')')\n )());\n }\n\n // CFWS = (1*([FWS] comment) [FWS]) / FWS\n function cfws() {\n return wrap('cfws', or(\n and(\n star(\n and(opt(fws), comment),\n 1\n ),\n opt(fws)\n ),\n fws\n )());\n }\n\n // 3.2.3. Atom\n\n //atext = ALPHA / DIGIT / ; Printable US-ASCII\n // \"!\" / \"#\" / ; characters not including\n // \"$\" / \"%\" / ; specials. Used for atoms.\n // \"&\" / \"'\" /\n // \"*\" / \"+\" /\n // \"-\" / \"/\" /\n // \"=\" / \"?\" /\n // \"^\" / \"_\" /\n // \"`\" / \"{\" /\n // \"|\" / \"}\" /\n // \"~\"\n function atext() {\n return wrap('atext', compareToken(function atextFunc(tok) {\n var accept =\n ('a' <= tok && tok <= 'z') ||\n ('A' <= tok && tok <= 'Z') ||\n ('0' <= tok && tok <= '9') ||\n (['!', '#', '$', '%', '&', '\\'', '*', '+', '-', '/',\n '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // atom = [CFWS] 1*atext [CFWS]\n function atom() {\n return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))());\n }\n\n // dot-atom-text = 1*atext *(\".\" 1*atext)\n function dotAtomText() {\n var s, maybeText;\n s = wrap('dot-atom-text', star(atext, 1)());\n if (s === null) { return s; }\n maybeText = star(and(literal('.'), star(atext, 1)))();\n if (maybeText !== null) {\n add(s, maybeText);\n }\n return s;\n }\n\n // dot-atom = [CFWS] dot-atom-text [CFWS]\n function dotAtom() {\n return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))());\n }\n\n // 3.2.4. Quoted Strings\n\n // qtext = %d33 / ; Printable US-ASCII\n // %d35-91 / ; characters not including\n // %d93-126 / ; \"\\\" or the quote character\n // obs-qtext\n function qtext() {\n return wrap('qtext', or(\n function qtextFunc1() {\n return compareToken(function qtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 === code) ||\n (35 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsQtext\n )());\n }\n\n // qcontent = qtext / quoted-pair\n function qcontent() {\n return wrap('qcontent', or(qtext, quotedPair)());\n }\n\n // quoted-string = [CFWS]\n // DQUOTE *([FWS] qcontent) [FWS] DQUOTE\n // [CFWS]\n function quotedString() {\n return wrap('quoted-string', and(\n invis(opt(cfws)),\n invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote),\n invis(opt(cfws))\n )());\n }\n\n // 3.2.5 Miscellaneous Tokens\n\n // word = atom / quoted-string\n function word() {\n return wrap('word', or(atom, quotedString)());\n }\n\n // phrase = 1*word / obs-phrase\n function phrase() {\n return wrap('phrase', or(obsPhrase, star(word, 1))());\n }\n\n // 3.4. Address Specification\n // address = mailbox / group\n function address() {\n return wrap('address', or(mailbox, group)());\n }\n\n // mailbox = name-addr / addr-spec\n function mailbox() {\n return wrap('mailbox', or(nameAddr, addrSpec)());\n }\n\n // name-addr = [display-name] angle-addr\n function nameAddr() {\n return wrap('name-addr', and(opt(displayName), angleAddr)());\n }\n\n // angle-addr = [CFWS] \"<\" addr-spec \">\" [CFWS] /\n // obs-angle-addr\n function angleAddr() {\n return wrap('angle-addr', or(\n and(\n invis(opt(cfws)),\n literal('<'),\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n ),\n obsAngleAddr\n )());\n }\n\n // group = display-name \":\" [group-list] \";\" [CFWS]\n function group() {\n return wrap('group', and(\n displayName,\n literal(':'),\n opt(groupList),\n literal(';'),\n invis(opt(cfws))\n )());\n }\n\n // display-name = phrase\n function displayName() {\n return wrap('display-name', function phraseFixedSemantic() {\n var result = phrase();\n if (result !== null) {\n result.semantic = collapseWhitespace(result.semantic);\n }\n return result;\n }());\n }\n\n // mailbox-list = (mailbox *(\",\" mailbox)) / obs-mbox-list\n function mailboxList() {\n return wrap('mailbox-list', or(\n and(\n mailbox,\n star(and(literal(','), mailbox))\n ),\n obsMboxList\n )());\n }\n\n // address-list = (address *(\",\" address)) / obs-addr-list\n function addressList() {\n return wrap('address-list', or(\n and(\n address,\n star(and(literal(','), address))\n ),\n obsAddrList\n )());\n }\n\n // group-list = mailbox-list / CFWS / obs-group-list\n function groupList() {\n return wrap('group-list', or(\n mailboxList,\n invis(cfws),\n obsGroupList\n )());\n }\n\n // 3.4.1 Addr-Spec Specification\n\n // local-part = dot-atom / quoted-string / obs-local-part\n function localPart() {\n // note: quoted-string, dotAtom are proper subsets of obs-local-part\n // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree\n return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)());\n }\n\n // dtext = %d33-90 / ; Printable US-ASCII\n // %d94-126 / ; characters not including\n // obs-dtext ; \"[\", \"]\", or \"\\\"\n function dtext() {\n return wrap('dtext', or(\n function dtextFunc1() {\n return compareToken(function dtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 90) ||\n (94 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsDtext\n )()\n );\n }\n\n // domain-literal = [CFWS] \"[\" *([FWS] dtext) [FWS] \"]\" [CFWS]\n function domainLiteral() {\n return wrap('domain-literal', and(\n invis(opt(cfws)),\n literal('['),\n star(and(opt(fws), dtext)),\n opt(fws),\n literal(']'),\n invis(opt(cfws))\n )());\n }\n\n // domain = dot-atom / domain-literal / obs-domain\n function domain() {\n return wrap('domain', function domainCheckTLD() {\n var result = or(obsDomain, dotAtom, domainLiteral)();\n if (opts.rejectTLD) {\n if (result && result.semantic && result.semantic.indexOf('.') < 0) {\n return null;\n }\n }\n // strip all whitespace from domains\n if (result) {\n result.semantic = result.semantic.replace(/\\s+/g, '');\n }\n return result;\n }());\n }\n\n // addr-spec = local-part \"@\" domain\n function addrSpec() {\n return wrap('addr-spec', and(\n localPart, literal('@'), domain\n )());\n }\n\n // 3.6.2 Originator Fields\n // Below we only parse the field body, not the name of the field\n // like \"From:\", \"Sender:\", or \"Reply-To:\". Other libraries that\n // parse email headers can parse those and defer to these productions\n // for the \"RFC 5322\" part.\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // from = \"From:\" (mailbox-list / address-list) CRLF\n function fromSpec() {\n return wrap('from', or(\n mailboxList,\n addressList\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // sender = \"Sender:\" (mailbox / address) CRLF\n function senderSpec() {\n return wrap('sender', or(\n mailbox,\n address\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // reply-to = \"Reply-To:\" address-list CRLF\n function replyToSpec() {\n return wrap('reply-to', addressList());\n }\n\n // 4.1. Miscellaneous Obsolete Tokens\n\n // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control\n // %d11 / ; characters that do not\n // %d12 / ; include the carriage\n // %d14-31 / ; return, line feed, and\n // %d127 ; white space characters\n function obsNoWsCtl() {\n return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) {\n var code = tok.charCodeAt(0);\n return ((1 <= code && code <= 8) ||\n (11 === code || 12 === code) ||\n (14 <= code && code <= 31) ||\n (127 === code));\n }));\n }\n\n // obs-ctext = obs-NO-WS-CTL\n function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); }\n\n // obs-qtext = obs-NO-WS-CTL\n function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); }\n\n // obs-qp = \"\\\" (%d0 / obs-NO-WS-CTL / LF / CR)\n function obsQP() {\n return opts.strict ? null : wrap('obs-qp', and(\n literal('\\\\'),\n or(literal('\\0'), obsNoWsCtl, lf, cr)\n )());\n }\n\n // obs-phrase = word *(word / \".\" / CFWS)\n function obsPhrase() {\n if (opts.strict ) return null;\n return opts.atInDisplayName ? wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), literal('@'), colwsp(cfws)))\n )()) :\n wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), colwsp(cfws)))\n )());\n }\n\n // 4.2. Obsolete Folding White Space\n\n // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908\n // obs-FWS = 1*([CRLF] WSP)\n function obsFws() {\n return opts.strict ? null : wrap('obs-FWS', star(\n and(invis(opt(crlf)), wsp),\n 1\n )());\n }\n\n // 4.4. Obsolete Addressing\n\n // obs-angle-addr = [CFWS] \"<\" obs-route addr-spec \">\" [CFWS]\n function obsAngleAddr() {\n return opts.strict ? null : wrap('obs-angle-addr', and(\n invis(opt(cfws)),\n literal('<'),\n obsRoute,\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n )());\n }\n\n // obs-route = obs-domain-list \":\"\n function obsRoute() {\n return opts.strict ? null : wrap('obs-route', and(\n obsDomainList,\n literal(':')\n )());\n }\n\n // obs-domain-list = *(CFWS / \",\") \"@\" domain\n // *(\",\" [CFWS] [\"@\" domain])\n function obsDomainList() {\n return opts.strict ? null : wrap('obs-domain-list', and(\n star(or(invis(cfws), literal(','))),\n literal('@'),\n domain,\n star(and(\n literal(','),\n invis(opt(cfws)),\n opt(and(literal('@'), domain))\n ))\n )());\n }\n\n // obs-mbox-list = *([CFWS] \",\") mailbox *(\",\" [mailbox / CFWS])\n function obsMboxList() {\n return opts.strict ? null : wrap('obs-mbox-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n mailbox,\n star(and(\n literal(','),\n opt(and(\n mailbox,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-addr-list = *([CFWS] \",\") address *(\",\" [address / CFWS])\n function obsAddrList() {\n return opts.strict ? null : wrap('obs-addr-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n address,\n star(and(\n literal(','),\n opt(and(\n address,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-group-list = 1*([CFWS] \",\") [CFWS]\n function obsGroupList() {\n return opts.strict ? null : wrap('obs-group-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n ), 1),\n invis(opt(cfws))\n )());\n }\n\n // obs-local-part = word *(\".\" word)\n function obsLocalPart() {\n return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))());\n }\n\n // obs-domain = atom *(\".\" atom)\n function obsDomain() {\n return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))());\n }\n\n // obs-dtext = obs-NO-WS-CTL / quoted-pair\n function obsDtext() {\n return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)());\n }\n\n /////////////////////////////////////////////////////\n\n // ast analysis\n\n function findNode(name, root) {\n var i, stack, node;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n return node;\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return null;\n }\n\n function findAllNodes(name, root) {\n var i, stack, node, result;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n result.push(node);\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return result;\n }\n\n function findAllNodesNoChildren(names, root) {\n var i, stack, node, result, namesLookup;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n namesLookup = {};\n for (i = 0; i < names.length; i += 1) {\n namesLookup[names[i]] = true;\n }\n\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name in namesLookup) {\n result.push(node);\n // don't look at children (hence findAllNodesNoChildren)\n } else {\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n }\n return result;\n }\n\n function giveResult(ast) {\n var addresses, groupsAndMailboxes, i, groupOrMailbox, result;\n if (ast === null) {\n return null;\n }\n addresses = [];\n\n // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'.\n groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast);\n for (i = 0; i < groupsAndMailboxes.length; i += 1) {\n groupOrMailbox = groupsAndMailboxes[i];\n if (groupOrMailbox.name === 'group') {\n addresses.push(giveResultGroup(groupOrMailbox));\n } else if (groupOrMailbox.name === 'mailbox') {\n addresses.push(giveResultMailbox(groupOrMailbox));\n }\n }\n\n result = {\n ast: ast,\n addresses: addresses,\n };\n if (opts.simple) {\n result = simplifyResult(result);\n }\n if (opts.oneResult) {\n return oneResult(result);\n }\n if (opts.simple) {\n return result && result.addresses;\n } else {\n return result;\n }\n }\n\n function giveResultGroup(group) {\n var i;\n var groupName = findNode('display-name', group);\n var groupResultMailboxes = [];\n var mailboxes = findAllNodesNoChildren(['mailbox'], group);\n for (i = 0; i < mailboxes.length; i += 1) {\n groupResultMailboxes.push(giveResultMailbox(mailboxes[i]));\n }\n return {\n node: group,\n parts: {\n name: groupName,\n },\n type: group.name, // 'group'\n name: grabSemantic(groupName),\n addresses: groupResultMailboxes,\n };\n }\n\n function giveResultMailbox(mailbox) {\n var name = findNode('display-name', mailbox);\n var aspec = findNode('addr-spec', mailbox);\n var cfws = findAllNodes('cfws', mailbox);\n var comments = findAllNodesNoChildren(['comment'], mailbox);\n\n\n var local = findNode('local-part', aspec);\n var domain = findNode('domain', aspec);\n return {\n node: mailbox,\n parts: {\n name: name,\n address: aspec,\n local: local,\n domain: domain,\n comments: cfws\n },\n type: mailbox.name, // 'mailbox'\n name: grabSemantic(name),\n address: grabSemantic(aspec),\n local: grabSemantic(local),\n domain: grabSemantic(domain),\n comments: concatComments(comments),\n groupName: grabSemantic(mailbox.groupName),\n };\n }\n\n function grabSemantic(n) {\n return n !== null && n !== undefined ? n.semantic : null;\n }\n\n function simplifyResult(result) {\n var i;\n if (result && result.addresses) {\n for (i = 0; i < result.addresses.length; i += 1) {\n delete result.addresses[i].node;\n }\n }\n return result;\n }\n\n function concatComments(comments) {\n var result = '';\n if (comments) {\n for (var i = 0; i < comments.length; i += 1) {\n result += grabSemantic(comments[i]);\n }\n }\n return result;\n }\n\n function oneResult(result) {\n if (!result) { return null; }\n if (!opts.partial && result.addresses.length > 1) { return null; }\n return result.addresses && result.addresses[0];\n }\n\n /////////////////////////////////////////////////////\n\n var parseString, pos, len, parsed, startProduction;\n\n opts = handleOpts(opts, {});\n if (opts === null) { return null; }\n\n parseString = opts.input;\n\n startProduction = {\n 'address': address,\n 'address-list': addressList,\n 'angle-addr': angleAddr,\n 'from': fromSpec,\n 'group': group,\n 'mailbox': mailbox,\n 'mailbox-list': mailboxList,\n 'reply-to': replyToSpec,\n 'sender': senderSpec,\n }[opts.startAt] || addressList;\n\n if (!opts.strict) {\n initialize();\n opts.strict = true;\n parsed = startProduction(parseString);\n if (opts.partial || !inStr()) {\n return giveResult(parsed);\n }\n opts.strict = false;\n }\n\n initialize();\n parsed = startProduction(parseString);\n if (!opts.partial && inStr()) { return null; }\n return giveResult(parsed);\n}\n\nfunction parseOneAddressSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseAddressListSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseFromSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'from',\n }));\n}\n\nfunction parseSenderSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'sender',\n }));\n}\n\nfunction parseReplyToSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'reply-to',\n }));\n}\n\nfunction handleOpts(opts, defs) {\n function isString(str) {\n return Object.prototype.toString.call(str) === '[object String]';\n }\n\n function isObject(o) {\n return o === Object(o);\n }\n\n function isNullUndef(o) {\n return o === null || o === undefined;\n }\n\n var defaults, o;\n\n if (isString(opts)) {\n opts = { input: opts };\n } else if (!isObject(opts)) {\n return null;\n }\n\n if (!isString(opts.input)) { return null; }\n if (!defs) { return null; }\n\n defaults = {\n oneResult: false,\n partial: false,\n rejectTLD: false,\n rfc6532: false,\n simple: false,\n startAt: 'address-list',\n strict: false,\n atInDisplayName: false\n };\n\n for (o in defaults) {\n if (isNullUndef(opts[o])) {\n opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o];\n }\n }\n return opts;\n}\n\nparse5322.parseOneAddress = parseOneAddressSimple;\nparse5322.parseAddressList = parseAddressListSimple;\nparse5322.parseFrom = parseFromSimple;\nparse5322.parseSender = parseSenderSimple;\nparse5322.parseReplyTo = parseReplyToSimple;\n\nif (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {\n module.exports = parse5322;\n} else {\n global.emailAddresses = parse5322;\n}\n\n}(this));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport emailAddresses from 'email-addresses';\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n try {\n const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true });\n this.comment = comments.replace(/^\\(|\\)$/g, '');\n this.name = name;\n this.email = email;\n } catch (e) {}\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n * @private\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm of a key\n * @param {Key} [key] - The key to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userID = {}, config) {\n let hashAlgo = config.preferredHashAlgorithm;\n let prefAlgo = hashAlgo;\n if (key) {\n const primaryUser = await key.getPrimaryUser(date, userID, config);\n if (primaryUser.selfCertification.preferredHashAlgorithms) {\n [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms;\n hashAlgo = crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n }\n }\n switch (keyPacket.algorithm) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n prefAlgo = crypto.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid);\n }\n return crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n}\n\n/**\n * Returns the preferred symmetric/aead/compression algorithm for a set of keys\n * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred algorithm\n * @async\n */\nexport async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = { // these are all must-implement in rfc4880bis\n 'symmetric': enums.symmetric.aes128,\n 'aead': enums.aead.eax,\n 'compression': enums.compression.uncompressed\n }[type];\n const preferredSenderAlgo = {\n 'symmetric': config.preferredSymmetricAlgorithm,\n 'aead': config.preferredAEADAlgorithm,\n 'compression': config.preferredCompressionAlgorithm\n }[type];\n const prefPropertyName = {\n 'symmetric': 'preferredSymmetricAlgorithms',\n 'aead': 'preferredAEADAlgorithms',\n 'compression': 'preferredCompressionAlgorithms'\n }[type];\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n const recipientPrefs = primaryUser.selfCertification[prefPropertyName];\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {PrivateKey} privateKey - key to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userID, config);\n signaturePacket.rawNotations = notations;\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n await revocationSignature.verify(\n key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\n/**\n * Returns whether aead is supported by all keys in the set\n * @param {Array} keys - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function isAEADSupported(keys, date = new Date(), userIDs = [], config = defaultConfig) {\n let supported = true;\n // TODO replace when Promise.some or Promise.any are implemented\n await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n if (!primaryUser.selfCertification.features ||\n !(primaryUser.selfCertification.features[0] & enums.features.aead)) {\n supported = false;\n }\n }));\n return supported;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc':\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) {\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function isValidSigningKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.rsaEncrypt &&\n keyAlgo !== enums.publicKey.elgamal &&\n keyAlgo !== enums.publicKey.ecdh &&\n keyAlgo !== enums.publicKey.x25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0);\n}\n\nexport function isValidEncryptionKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.dsa &&\n keyAlgo !== enums.publicKey.rsaSign &&\n keyAlgo !== enums.publicKey.ecdsa &&\n keyAlgo !== enums.publicKey.eddsaLegacy &&\n keyAlgo !== enums.publicKey.ed25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0);\n}\n\nexport function isValidDecryptionKeyPacket(signature, config) {\n if (config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n * @private\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n // check for expiration time in direct signatures\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const { selfCertification } = await this.getPrimaryUser(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate');\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {}\n }\n }\n\n // evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) &&\n helper.isValidDecryptionKeyPacket(primaryUser.selfCertification, config)) {\n keys.push(this);\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n const keyPacket = await helper.generateSecretSubkey(options);\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {};\n dataToSign.userID = userIDPacket;\n dataToSign.key = secretKeyPacket;\n\n const signatureProperties = {};\n signatureProperties.signatureType = enums.signature.certGeneric;\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128,\n enums.symmetric.aes192\n ], config.preferredSymmetricAlgorithm);\n if (config.aeadProtect) {\n signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.zlib,\n enums.compression.zip,\n enums.compression.uncompressed\n ], config.preferredCompressionAlgorithm);\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.aead;\n }\n if (config.v5Keys) {\n signatureProperties.features[0] |= enums.features.v5Keys;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return createKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No secret key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport KeyID from './type/keyid';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config);\n\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || !util.isString(algorithmName)) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config); // TODO: Pass userID from somewhere.\n if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n // do not check key expiration to allow decryption of old messages\n const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {\n return;\n }\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config);\n const algorithmName = enums.read(enums.symmetric, algo);\n const aeadAlgorithmName = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?\n enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :\n undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) {\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(algo);\n return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n let symEncryptedPacket;\n if (aeadAlgorithmName) {\n symEncryptedPacket = new AEADEncryptedDataPacket();\n symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName);\n } else {\n symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket();\n }\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const algorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();\n pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();\n pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;\n pkESKeyPacket.sessionKey = sessionKey;\n pkESKeyPacket.sessionKeyAlgorithm = algorithm;\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n let i;\n let existingSigPacketlist;\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n if (signature) {\n existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n for (i = existingSigPacketlist.length - 1; i >= 0; i--) {\n const signaturePacket = existingSigPacketlist[i];\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n if (!signingKeys.length && i === 0) {\n onePassSig.flags = 1;\n }\n packetlist.push(onePassSig);\n }\n }\n\n await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];\n const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signatureType;\n onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);\n onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;\n onePassSig.issuerKeyID = signingKey.getKeyID();\n if (i === signingKeys.length - 1) {\n onePassSig.flags = 1;\n }\n return onePassSig;\n })).then(onePassSignatureList => {\n onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig));\n });\n\n packetlist.push(literalDataPacket);\n packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config)));\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.message, this.write(), null, null, null, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const userID = userIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);\n return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n let input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} privateKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n let hashes = this.signature.packets.map(function(packet) {\n return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();\n });\n hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });\n const body = {\n hash: hashes.join(),\n text: this.text,\n data: this.signature.packets.write()\n };\n return armor(enums.armor.signed, body, undefined, undefined, undefined, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n let oneHeader = null;\n let hashAlgos = [];\n headers.forEach(function(header) {\n oneHeader = header.match(/^Hash: (.+)$/); // get header value\n if (oneHeader) {\n oneHeader = oneHeader[1].replace(/\\s/g, ''); // remove whitespace\n oneHeader = oneHeader.split(',');\n oneHeader = oneHeader.map(function(hash) {\n hash = hash.toLowerCase();\n try {\n return enums.write(enums.hash, hash);\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hash);\n }\n });\n hashAlgos = hashAlgos.concat(oneHeader);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {\n throw new Error('If no \"Hash\" header in cleartext signed message, then only MD5 signatures allowed');\n } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:\n * curve25519 (default), p256, p384, p521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key generation');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key reformat');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n const streaming = message.fromStream;\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return convertStream(data, streaming, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type\n * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data, streaming, encoding = 'utf8') {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n if (streaming === 'node') {\n data = stream.webToNode(data);\n if (encoding !== 'binary') data.setEncoding(encoding);\n return data;\n }\n if (streaming === 'web' && streamType === 'ponyfill') {\n return stream.toNativeReadable(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","/**\n * web-streams-polyfill v3.0.3\n */\n/// \nconst SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ?\n Symbol :\n description => `Symbol(${description})`;\n\n/// \nfunction noop() {\n return undefined;\n}\nfunction getGlobals() {\n if (typeof self !== 'undefined') {\n return self;\n }\n else if (typeof window !== 'undefined') {\n return window;\n }\n else if (typeof global !== 'undefined') {\n return global;\n }\n return undefined;\n}\nconst globals = getGlobals();\n\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nconst rethrowAssertionErrorRejection = noop;\n\nconst originalPromise = Promise;\nconst originalPromiseThen = Promise.prototype.then;\nconst originalPromiseResolve = Promise.resolve.bind(originalPromise);\nconst originalPromiseReject = Promise.reject.bind(originalPromise);\nfunction newPromise(executor) {\n return new originalPromise(executor);\n}\nfunction promiseResolvedWith(value) {\n return originalPromiseResolve(value);\n}\nfunction promiseRejectedWith(reason) {\n return originalPromiseReject(reason);\n}\nfunction PerformPromiseThen(promise, onFulfilled, onRejected) {\n // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an\n // approximation.\n return originalPromiseThen.call(promise, onFulfilled, onRejected);\n}\nfunction uponPromise(promise, onFulfilled, onRejected) {\n PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection);\n}\nfunction uponFulfillment(promise, onFulfilled) {\n uponPromise(promise, onFulfilled);\n}\nfunction uponRejection(promise, onRejected) {\n uponPromise(promise, undefined, onRejected);\n}\nfunction transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) {\n return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler);\n}\nfunction setPromiseIsHandledToTrue(promise) {\n PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection);\n}\nconst queueMicrotask = (() => {\n const globalQueueMicrotask = globals && globals.queueMicrotask;\n if (typeof globalQueueMicrotask === 'function') {\n return globalQueueMicrotask;\n }\n const resolvedPromise = promiseResolvedWith(undefined);\n return (fn) => PerformPromiseThen(resolvedPromise, fn);\n})();\nfunction reflectCall(F, V, args) {\n if (typeof F !== 'function') {\n throw new TypeError('Argument is not a function');\n }\n return Function.prototype.apply.call(F, V, args);\n}\nfunction promiseCall(F, V, args) {\n try {\n return promiseResolvedWith(reflectCall(F, V, args));\n }\n catch (value) {\n return promiseRejectedWith(value);\n }\n}\n\n// Original from Chromium\n// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js\nconst QUEUE_MAX_ARRAY_SIZE = 16384;\n/**\n * Simple queue structure.\n *\n * Avoids scalability issues with using a packed array directly by using\n * multiple arrays in a linked list and keeping the array size bounded.\n */\nclass SimpleQueue {\n constructor() {\n this._cursor = 0;\n this._size = 0;\n // _front and _back are always defined.\n this._front = {\n _elements: [],\n _next: undefined\n };\n this._back = this._front;\n // The cursor is used to avoid calling Array.shift().\n // It contains the index of the front element of the array inside the\n // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE).\n this._cursor = 0;\n // When there is only one node, size === elements.length - cursor.\n this._size = 0;\n }\n get length() {\n return this._size;\n }\n // For exception safety, this method is structured in order:\n // 1. Read state\n // 2. Calculate required state mutations\n // 3. Perform state mutations\n push(element) {\n const oldBack = this._back;\n let newBack = oldBack;\n if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) {\n newBack = {\n _elements: [],\n _next: undefined\n };\n }\n // push() is the mutation most likely to throw an exception, so it\n // goes first.\n oldBack._elements.push(element);\n if (newBack !== oldBack) {\n this._back = newBack;\n oldBack._next = newBack;\n }\n ++this._size;\n }\n // Like push(), shift() follows the read -> calculate -> mutate pattern for\n // exception safety.\n shift() { // must not be called on an empty queue\n const oldFront = this._front;\n let newFront = oldFront;\n const oldCursor = this._cursor;\n let newCursor = oldCursor + 1;\n const elements = oldFront._elements;\n const element = elements[oldCursor];\n if (newCursor === QUEUE_MAX_ARRAY_SIZE) {\n newFront = oldFront._next;\n newCursor = 0;\n }\n // No mutations before this point.\n --this._size;\n this._cursor = newCursor;\n if (oldFront !== newFront) {\n this._front = newFront;\n }\n // Permit shifted element to be garbage collected.\n elements[oldCursor] = undefined;\n return element;\n }\n // The tricky thing about forEach() is that it can be called\n // re-entrantly. The queue may be mutated inside the callback. It is easy to\n // see that push() within the callback has no negative effects since the end\n // of the queue is checked for on every iteration. If shift() is called\n // repeatedly within the callback then the next iteration may return an\n // element that has been removed. In this case the callback will be called\n // with undefined values until we either \"catch up\" with elements that still\n // exist or reach the back of the queue.\n forEach(callback) {\n let i = this._cursor;\n let node = this._front;\n let elements = node._elements;\n while (i !== elements.length || node._next !== undefined) {\n if (i === elements.length) {\n node = node._next;\n elements = node._elements;\n i = 0;\n if (elements.length === 0) {\n break;\n }\n }\n callback(elements[i]);\n ++i;\n }\n }\n // Return the element that would be returned if shift() was called now,\n // without modifying the queue.\n peek() { // must not be called on an empty queue\n const front = this._front;\n const cursor = this._cursor;\n return front._elements[cursor];\n }\n}\n\nfunction ReadableStreamReaderGenericInitialize(reader, stream) {\n reader._ownerReadableStream = stream;\n stream._reader = reader;\n if (stream._state === 'readable') {\n defaultReaderClosedPromiseInitialize(reader);\n }\n else if (stream._state === 'closed') {\n defaultReaderClosedPromiseInitializeAsResolved(reader);\n }\n else {\n defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError);\n }\n}\n// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state\n// check.\nfunction ReadableStreamReaderGenericCancel(reader, reason) {\n const stream = reader._ownerReadableStream;\n return ReadableStreamCancel(stream, reason);\n}\nfunction ReadableStreamReaderGenericRelease(reader) {\n if (reader._ownerReadableStream._state === 'readable') {\n defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n else {\n defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n reader._ownerReadableStream._reader = undefined;\n reader._ownerReadableStream = undefined;\n}\n// Helper functions for the readers.\nfunction readerLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released reader');\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderClosedPromiseInitialize(reader) {\n reader._closedPromise = newPromise((resolve, reject) => {\n reader._closedPromise_resolve = resolve;\n reader._closedPromise_reject = reject;\n });\n}\nfunction defaultReaderClosedPromiseInitializeAsRejected(reader, reason) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseReject(reader, reason);\n}\nfunction defaultReaderClosedPromiseInitializeAsResolved(reader) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseResolve(reader);\n}\nfunction defaultReaderClosedPromiseReject(reader, reason) {\n if (reader._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(reader._closedPromise);\n reader._closedPromise_reject(reason);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\nfunction defaultReaderClosedPromiseResetToRejected(reader, reason) {\n defaultReaderClosedPromiseInitializeAsRejected(reader, reason);\n}\nfunction defaultReaderClosedPromiseResolve(reader) {\n if (reader._closedPromise_resolve === undefined) {\n return;\n }\n reader._closedPromise_resolve(undefined);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\n\nconst AbortSteps = SymbolPolyfill('[[AbortSteps]]');\nconst ErrorSteps = SymbolPolyfill('[[ErrorSteps]]');\nconst CancelSteps = SymbolPolyfill('[[CancelSteps]]');\nconst PullSteps = SymbolPolyfill('[[PullSteps]]');\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill\nconst NumberIsFinite = Number.isFinite || function (x) {\n return typeof x === 'number' && isFinite(x);\n};\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill\nconst MathTrunc = Math.trunc || function (v) {\n return v < 0 ? Math.ceil(v) : Math.floor(v);\n};\n\n// https://heycam.github.io/webidl/#idl-dictionaries\nfunction isDictionary(x) {\n return typeof x === 'object' || typeof x === 'function';\n}\nfunction assertDictionary(obj, context) {\n if (obj !== undefined && !isDictionary(obj)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-callback-functions\nfunction assertFunction(x, context) {\n if (typeof x !== 'function') {\n throw new TypeError(`${context} is not a function.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-object\nfunction isObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nfunction assertObject(x, context) {\n if (!isObject(x)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\nfunction assertRequiredArgument(x, position, context) {\n if (x === undefined) {\n throw new TypeError(`Parameter ${position} is required in '${context}'.`);\n }\n}\nfunction assertRequiredField(x, field, context) {\n if (x === undefined) {\n throw new TypeError(`${field} is required in '${context}'.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-unrestricted-double\nfunction convertUnrestrictedDouble(value) {\n return Number(value);\n}\nfunction censorNegativeZero(x) {\n return x === 0 ? 0 : x;\n}\nfunction integerPart(x) {\n return censorNegativeZero(MathTrunc(x));\n}\n// https://heycam.github.io/webidl/#idl-unsigned-long-long\nfunction convertUnsignedLongLongWithEnforceRange(value, context) {\n const lowerBound = 0;\n const upperBound = Number.MAX_SAFE_INTEGER;\n let x = Number(value);\n x = censorNegativeZero(x);\n if (!NumberIsFinite(x)) {\n throw new TypeError(`${context} is not a finite number`);\n }\n x = integerPart(x);\n if (x < lowerBound || x > upperBound) {\n throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`);\n }\n if (!NumberIsFinite(x) || x === 0) {\n return 0;\n }\n // TODO Use BigInt if supported?\n // let xBigInt = BigInt(integerPart(x));\n // xBigInt = BigInt.asUintN(64, xBigInt);\n // return Number(xBigInt);\n return x;\n}\n\nfunction assertReadableStream(x, context) {\n if (!IsReadableStream(x)) {\n throw new TypeError(`${context} is not a ReadableStream.`);\n }\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamDefaultReader(stream) {\n return new ReadableStreamDefaultReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadRequest(stream, readRequest) {\n stream._reader._readRequests.push(readRequest);\n}\nfunction ReadableStreamFulfillReadRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readRequest = reader._readRequests.shift();\n if (done) {\n readRequest._closeSteps();\n }\n else {\n readRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadRequests(stream) {\n return stream._reader._readRequests.length;\n}\nfunction ReadableStreamHasDefaultReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamDefaultReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A default reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamDefaultReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed,\n * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Returns a promise that allows access to the next chunk from the stream's internal queue, if available.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('read'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: () => resolvePromise({ value: undefined, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamDefaultReaderRead(this, readRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamDefaultReader(this)) {\n throw defaultReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamDefaultReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamDefaultReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultReaderRead(reader, readRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'closed') {\n readRequest._closeSteps();\n }\n else if (stream._state === 'errored') {\n readRequest._errorSteps(stream._storedError);\n }\n else {\n stream._readableStreamController[PullSteps](readRequest);\n }\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`);\n}\n\n/// \nlet AsyncIteratorPrototype;\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n // We're running inside a ES2018+ environment, but we're compiling to an older syntax.\n // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it.\n AsyncIteratorPrototype = {\n // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( )\n // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator\n [SymbolPolyfill.asyncIterator]() {\n return this;\n }\n };\n Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false });\n}\n\n/// \nclass ReadableStreamAsyncIteratorImpl {\n constructor(reader, preventCancel) {\n this._ongoingPromise = undefined;\n this._isFinished = false;\n this._reader = reader;\n this._preventCancel = preventCancel;\n }\n next() {\n const nextSteps = () => this._nextSteps();\n this._ongoingPromise = this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) :\n nextSteps();\n return this._ongoingPromise;\n }\n return(value) {\n const returnSteps = () => this._returnSteps(value);\n return this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) :\n returnSteps();\n }\n _nextSteps() {\n if (this._isFinished) {\n return Promise.resolve({ value: undefined, done: true });\n }\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('iterate'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => {\n this._ongoingPromise = undefined;\n // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test.\n // FIXME Is this a bug in the specification, or in the test?\n queueMicrotask(() => resolvePromise({ value: chunk, done: false }));\n },\n _closeSteps: () => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n resolvePromise({ value: undefined, done: true });\n },\n _errorSteps: reason => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n rejectPromise(reason);\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promise;\n }\n _returnSteps(value) {\n if (this._isFinished) {\n return Promise.resolve({ value, done: true });\n }\n this._isFinished = true;\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('finish iterating'));\n }\n if (!this._preventCancel) {\n const result = ReadableStreamReaderGenericCancel(reader, value);\n ReadableStreamReaderGenericRelease(reader);\n return transformPromiseWith(result, () => ({ value, done: true }));\n }\n ReadableStreamReaderGenericRelease(reader);\n return promiseResolvedWith({ value, done: true });\n }\n}\nconst ReadableStreamAsyncIteratorPrototype = {\n next() {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next'));\n }\n return this._asyncIteratorImpl.next();\n },\n return(value) {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return'));\n }\n return this._asyncIteratorImpl.return(value);\n }\n};\nif (AsyncIteratorPrototype !== undefined) {\n Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype);\n}\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamAsyncIterator(stream, preventCancel) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel);\n const iterator = Object.create(ReadableStreamAsyncIteratorPrototype);\n iterator._asyncIteratorImpl = impl;\n return iterator;\n}\nfunction IsReadableStreamAsyncIterator(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) {\n return false;\n }\n return true;\n}\n// Helper functions for the ReadableStream.\nfunction streamAsyncIteratorBrandCheckException(name) {\n return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`);\n}\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill\nconst NumberIsNaN = Number.isNaN || function (x) {\n // eslint-disable-next-line no-self-compare\n return x !== x;\n};\n\nfunction IsFiniteNonNegativeNumber(v) {\n if (!IsNonNegativeNumber(v)) {\n return false;\n }\n if (v === Infinity) {\n return false;\n }\n return true;\n}\nfunction IsNonNegativeNumber(v) {\n if (typeof v !== 'number') {\n return false;\n }\n if (NumberIsNaN(v)) {\n return false;\n }\n if (v < 0) {\n return false;\n }\n return true;\n}\n\nfunction DequeueValue(container) {\n const pair = container._queue.shift();\n container._queueTotalSize -= pair.size;\n if (container._queueTotalSize < 0) {\n container._queueTotalSize = 0;\n }\n return pair.value;\n}\nfunction EnqueueValueWithSize(container, value, size) {\n size = Number(size);\n if (!IsFiniteNonNegativeNumber(size)) {\n throw new RangeError('Size must be a finite, non-NaN, non-negative number.');\n }\n container._queue.push({ value, size });\n container._queueTotalSize += size;\n}\nfunction PeekQueueValue(container) {\n const pair = container._queue.peek();\n return pair.value;\n}\nfunction ResetQueue(container) {\n container._queue = new SimpleQueue();\n container._queueTotalSize = 0;\n}\n\nfunction CreateArrayFromList(elements) {\n // We use arrays to represent lists, so this is basically a no-op.\n // Do a slice though just in case we happen to depend on the unique-ness.\n return elements.slice();\n}\nfunction CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) {\n new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset);\n}\n// Not implemented correctly\nfunction TransferArrayBuffer(O) {\n return O;\n}\n// Not implemented correctly\nfunction IsDetachedBuffer(O) {\n return false;\n}\n\n/**\n * A pull-into request in a {@link ReadableByteStreamController}.\n *\n * @public\n */\nclass ReadableStreamBYOBRequest {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the view for writing in to, or `null` if the BYOB request has already been responded to.\n */\n get view() {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('view');\n }\n return this._view;\n }\n respond(bytesWritten) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respond');\n }\n assertRequiredArgument(bytesWritten, 1, 'respond');\n bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter');\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n if (IsDetachedBuffer(this._view.buffer)) ;\n ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten);\n }\n respondWithNewView(view) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respondWithNewView');\n }\n assertRequiredArgument(view, 1, 'respondWithNewView');\n if (!ArrayBuffer.isView(view)) {\n throw new TypeError('You can only respond with array buffer views');\n }\n if (view.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (view.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view);\n }\n}\nObject.defineProperties(ReadableStreamBYOBRequest.prototype, {\n respond: { enumerable: true },\n respondWithNewView: { enumerable: true },\n view: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBRequest',\n configurable: true\n });\n}\n/**\n * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableByteStreamController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the current BYOB pull request, or `null` if there isn't one.\n */\n get byobRequest() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('byobRequest');\n }\n if (this._byobRequest === null && this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled);\n const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype);\n SetUpReadableStreamBYOBRequest(byobRequest, this, view);\n this._byobRequest = byobRequest;\n }\n return this._byobRequest;\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('desiredSize');\n }\n return ReadableByteStreamControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('close');\n }\n if (this._closeRequested) {\n throw new TypeError('The stream has already been closed; do not close it again!');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`);\n }\n ReadableByteStreamControllerClose(this);\n }\n enqueue(chunk) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('enqueue');\n }\n assertRequiredArgument(chunk, 1, 'enqueue');\n if (!ArrayBuffer.isView(chunk)) {\n throw new TypeError('chunk must be an array buffer view');\n }\n if (chunk.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (chunk.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._closeRequested) {\n throw new TypeError('stream is closed or draining');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`);\n }\n ReadableByteStreamControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('error');\n }\n ReadableByteStreamControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n if (this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n firstDescriptor.bytesFilled = 0;\n }\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableByteStreamControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableByteStream;\n if (this._queueTotalSize > 0) {\n const entry = this._queue.shift();\n this._queueTotalSize -= entry.byteLength;\n ReadableByteStreamControllerHandleQueueDrain(this);\n const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength);\n readRequest._chunkSteps(view);\n return;\n }\n const autoAllocateChunkSize = this._autoAllocateChunkSize;\n if (autoAllocateChunkSize !== undefined) {\n let buffer;\n try {\n buffer = new ArrayBuffer(autoAllocateChunkSize);\n }\n catch (bufferE) {\n readRequest._errorSteps(bufferE);\n return;\n }\n const pullIntoDescriptor = {\n buffer,\n byteOffset: 0,\n byteLength: autoAllocateChunkSize,\n bytesFilled: 0,\n elementSize: 1,\n viewConstructor: Uint8Array,\n readerType: 'default'\n };\n this._pendingPullIntos.push(pullIntoDescriptor);\n }\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableByteStreamControllerCallPullIfNeeded(this);\n }\n}\nObject.defineProperties(ReadableByteStreamController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n byobRequest: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableByteStreamController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableByteStreamController.\nfunction IsReadableByteStreamController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamBYOBRequest(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) {\n return false;\n }\n return true;\n}\nfunction ReadableByteStreamControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableByteStreamControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n // TODO: Test controller argument\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableByteStreamControllerError(controller, e);\n });\n}\nfunction ReadableByteStreamControllerClearPendingPullIntos(controller) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n controller._pendingPullIntos = new SimpleQueue();\n}\nfunction ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) {\n let done = false;\n if (stream._state === 'closed') {\n done = true;\n }\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n if (pullIntoDescriptor.readerType === 'default') {\n ReadableStreamFulfillReadRequest(stream, filledView, done);\n }\n else {\n ReadableStreamFulfillReadIntoRequest(stream, filledView, done);\n }\n}\nfunction ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) {\n const bytesFilled = pullIntoDescriptor.bytesFilled;\n const elementSize = pullIntoDescriptor.elementSize;\n return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize);\n}\nfunction ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) {\n controller._queue.push({ buffer, byteOffset, byteLength });\n controller._queueTotalSize += byteLength;\n}\nfunction ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) {\n const elementSize = pullIntoDescriptor.elementSize;\n const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize;\n const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled);\n const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy;\n const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize;\n let totalBytesToCopyRemaining = maxBytesToCopy;\n let ready = false;\n if (maxAlignedBytes > currentAlignedBytes) {\n totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled;\n ready = true;\n }\n const queue = controller._queue;\n while (totalBytesToCopyRemaining > 0) {\n const headOfQueue = queue.peek();\n const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength);\n const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy);\n if (headOfQueue.byteLength === bytesToCopy) {\n queue.shift();\n }\n else {\n headOfQueue.byteOffset += bytesToCopy;\n headOfQueue.byteLength -= bytesToCopy;\n }\n controller._queueTotalSize -= bytesToCopy;\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor);\n totalBytesToCopyRemaining -= bytesToCopy;\n }\n return ready;\n}\nfunction ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n pullIntoDescriptor.bytesFilled += size;\n}\nfunction ReadableByteStreamControllerHandleQueueDrain(controller) {\n if (controller._queueTotalSize === 0 && controller._closeRequested) {\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(controller._controlledReadableByteStream);\n }\n else {\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n}\nfunction ReadableByteStreamControllerInvalidateBYOBRequest(controller) {\n if (controller._byobRequest === null) {\n return;\n }\n controller._byobRequest._associatedReadableByteStreamController = undefined;\n controller._byobRequest._view = null;\n controller._byobRequest = null;\n}\nfunction ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) {\n while (controller._pendingPullIntos.length > 0) {\n if (controller._queueTotalSize === 0) {\n return;\n }\n const pullIntoDescriptor = controller._pendingPullIntos.peek();\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) {\n const stream = controller._controlledReadableByteStream;\n let elementSize = 1;\n if (view.constructor !== DataView) {\n elementSize = view.constructor.BYTES_PER_ELEMENT;\n }\n const ctor = view.constructor;\n const buffer = TransferArrayBuffer(view.buffer);\n const pullIntoDescriptor = {\n buffer,\n byteOffset: view.byteOffset,\n byteLength: view.byteLength,\n bytesFilled: 0,\n elementSize,\n viewConstructor: ctor,\n readerType: 'byob'\n };\n if (controller._pendingPullIntos.length > 0) {\n controller._pendingPullIntos.push(pullIntoDescriptor);\n // No ReadableByteStreamControllerCallPullIfNeeded() call since:\n // - No change happens on desiredSize\n // - The source has already been notified of that there's at least 1 pending read(view)\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n return;\n }\n if (stream._state === 'closed') {\n const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0);\n readIntoRequest._closeSteps(emptyView);\n return;\n }\n if (controller._queueTotalSize > 0) {\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n ReadableByteStreamControllerHandleQueueDrain(controller);\n readIntoRequest._chunkSteps(filledView);\n return;\n }\n if (controller._closeRequested) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n readIntoRequest._errorSteps(e);\n return;\n }\n }\n controller._pendingPullIntos.push(pullIntoDescriptor);\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) {\n firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer);\n const stream = controller._controlledReadableByteStream;\n if (ReadableStreamHasBYOBReader(stream)) {\n while (ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) {\n if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) {\n throw new RangeError('bytesWritten out of range');\n }\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor);\n if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) {\n // TODO: Figure out whether we should detach the buffer or not here.\n return;\n }\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize;\n if (remainderSize > 0) {\n const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end);\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength);\n }\n pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer);\n pullIntoDescriptor.bytesFilled -= remainderSize;\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n}\nfunction ReadableByteStreamControllerRespondInternal(controller, bytesWritten) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n const state = controller._controlledReadableByteStream._state;\n if (state === 'closed') {\n if (bytesWritten !== 0) {\n throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream');\n }\n ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor);\n }\n else {\n ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerShiftPendingPullInto(controller) {\n const descriptor = controller._pendingPullIntos.shift();\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n return descriptor;\n}\nfunction ReadableByteStreamControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return false;\n }\n if (controller._closeRequested) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableByteStreamControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n}\n// A client of ReadableByteStreamController may use these functions directly to bypass state check.\nfunction ReadableByteStreamControllerClose(controller) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n if (controller._queueTotalSize > 0) {\n controller._closeRequested = true;\n return;\n }\n if (controller._pendingPullIntos.length > 0) {\n const firstPendingPullInto = controller._pendingPullIntos.peek();\n if (firstPendingPullInto.bytesFilled > 0) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n throw e;\n }\n }\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n}\nfunction ReadableByteStreamControllerEnqueue(controller, chunk) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n const buffer = chunk.buffer;\n const byteOffset = chunk.byteOffset;\n const byteLength = chunk.byteLength;\n const transferredBuffer = TransferArrayBuffer(buffer);\n if (ReadableStreamHasDefaultReader(stream)) {\n if (ReadableStreamGetNumReadRequests(stream) === 0) {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n else {\n const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength);\n ReadableStreamFulfillReadRequest(stream, transferredView, false);\n }\n }\n else if (ReadableStreamHasBYOBReader(stream)) {\n // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully.\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n }\n else {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerError(controller, e) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return;\n }\n ReadableByteStreamControllerClearPendingPullIntos(controller);\n ResetQueue(controller);\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableByteStreamControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableByteStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction ReadableByteStreamControllerRespond(controller, bytesWritten) {\n bytesWritten = Number(bytesWritten);\n if (!IsFiniteNonNegativeNumber(bytesWritten)) {\n throw new RangeError('bytesWritten must be a finite');\n }\n ReadableByteStreamControllerRespondInternal(controller, bytesWritten);\n}\nfunction ReadableByteStreamControllerRespondWithNewView(controller, view) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) {\n throw new RangeError('The region specified by view does not match byobRequest');\n }\n if (firstDescriptor.byteLength !== view.byteLength) {\n throw new RangeError('The buffer of view has different capacity than byobRequest');\n }\n firstDescriptor.buffer = view.buffer;\n ReadableByteStreamControllerRespondInternal(controller, view.byteLength);\n}\nfunction SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) {\n controller._controlledReadableByteStream = stream;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._byobRequest = null;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._closeRequested = false;\n controller._started = false;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n controller._autoAllocateChunkSize = autoAllocateChunkSize;\n controller._pendingPullIntos = new SimpleQueue();\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableByteStreamControllerError(controller, r);\n });\n}\nfunction SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) {\n const controller = Object.create(ReadableByteStreamController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingByteSource.start !== undefined) {\n startAlgorithm = () => underlyingByteSource.start(controller);\n }\n if (underlyingByteSource.pull !== undefined) {\n pullAlgorithm = () => underlyingByteSource.pull(controller);\n }\n if (underlyingByteSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingByteSource.cancel(reason);\n }\n const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize;\n if (autoAllocateChunkSize === 0) {\n throw new TypeError('autoAllocateChunkSize must be greater than 0');\n }\n SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize);\n}\nfunction SetUpReadableStreamBYOBRequest(request, controller, view) {\n request._associatedReadableByteStreamController = controller;\n request._view = view;\n}\n// Helper functions for the ReadableStreamBYOBRequest.\nfunction byobRequestBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`);\n}\n// Helper functions for the ReadableByteStreamController.\nfunction byteStreamControllerBrandCheckException(name) {\n return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`);\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamBYOBReader(stream) {\n return new ReadableStreamBYOBReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadIntoRequest(stream, readIntoRequest) {\n stream._reader._readIntoRequests.push(readIntoRequest);\n}\nfunction ReadableStreamFulfillReadIntoRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readIntoRequest = reader._readIntoRequests.shift();\n if (done) {\n readIntoRequest._closeSteps(chunk);\n }\n else {\n readIntoRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadIntoRequests(stream) {\n return stream._reader._readIntoRequests.length;\n}\nfunction ReadableStreamHasBYOBReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamBYOBReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A BYOB reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamBYOBReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n if (!IsReadableByteStreamController(stream._readableStreamController)) {\n throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' +\n 'source');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readIntoRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Attempts to reads bytes into view, and returns a promise resolved with the result.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read(view) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('read'));\n }\n if (!ArrayBuffer.isView(view)) {\n return promiseRejectedWith(new TypeError('view must be an array buffer view'));\n }\n if (view.byteLength === 0) {\n return promiseRejectedWith(new TypeError('view must have non-zero byteLength'));\n }\n if (view.buffer.byteLength === 0) {\n return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readIntoRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: chunk => resolvePromise({ value: chunk, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamBYOBReaderRead(this, view, readIntoRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamBYOBReader(this)) {\n throw byobReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readIntoRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamBYOBReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamBYOBReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'errored') {\n readIntoRequest._errorSteps(stream._storedError);\n }\n else {\n ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest);\n }\n}\n// Helper functions for the ReadableStreamBYOBReader.\nfunction byobReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`);\n}\n\nfunction ExtractHighWaterMark(strategy, defaultHWM) {\n const { highWaterMark } = strategy;\n if (highWaterMark === undefined) {\n return defaultHWM;\n }\n if (NumberIsNaN(highWaterMark) || highWaterMark < 0) {\n throw new RangeError('Invalid highWaterMark');\n }\n return highWaterMark;\n}\nfunction ExtractSizeAlgorithm(strategy) {\n const { size } = strategy;\n if (!size) {\n return () => 1;\n }\n return size;\n}\n\nfunction convertQueuingStrategy(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n const size = init === null || init === void 0 ? void 0 : init.size;\n return {\n highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark),\n size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`)\n };\n}\nfunction convertQueuingStrategySize(fn, context) {\n assertFunction(fn, context);\n return chunk => convertUnrestrictedDouble(fn(chunk));\n}\n\nfunction convertUnderlyingSink(original, context) {\n assertDictionary(original, context);\n const abort = original === null || original === void 0 ? void 0 : original.abort;\n const close = original === null || original === void 0 ? void 0 : original.close;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n const write = original === null || original === void 0 ? void 0 : original.write;\n return {\n abort: abort === undefined ?\n undefined :\n convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`),\n close: close === undefined ?\n undefined :\n convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`),\n write: write === undefined ?\n undefined :\n convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`),\n type\n };\n}\nfunction convertUnderlyingSinkAbortCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSinkCloseCallback(fn, original, context) {\n assertFunction(fn, context);\n return () => promiseCall(fn, original, []);\n}\nfunction convertUnderlyingSinkStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSinkWriteCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\nfunction assertWritableStream(x, context) {\n if (!IsWritableStream(x)) {\n throw new TypeError(`${context} is not a WritableStream.`);\n }\n}\n\n/**\n * A writable stream represents a destination for data, into which you can write.\n *\n * @public\n */\nclass WritableStream {\n constructor(rawUnderlyingSink = {}, rawStrategy = {}) {\n if (rawUnderlyingSink === undefined) {\n rawUnderlyingSink = null;\n }\n else {\n assertObject(rawUnderlyingSink, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter');\n InitializeWritableStream(this);\n const type = underlyingSink.type;\n if (type !== undefined) {\n throw new RangeError('Invalid type is specified');\n }\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm);\n }\n /**\n * Returns whether or not the writable stream is locked to a writer.\n */\n get locked() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('locked');\n }\n return IsWritableStreamLocked(this);\n }\n /**\n * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be\n * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort\n * mechanism of the underlying sink.\n *\n * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled\n * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel\n * the stream) if the stream is currently locked.\n */\n abort(reason = undefined) {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('abort'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer'));\n }\n return WritableStreamAbort(this, reason);\n }\n /**\n * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its\n * close behavior. During this time any further attempts to write will fail (without erroring the stream).\n *\n * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream\n * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with\n * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked.\n */\n close() {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('close'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer'));\n }\n if (WritableStreamCloseQueuedOrInFlight(this)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamClose(this);\n }\n /**\n * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream\n * is locked, no other writer can be acquired until this one is released.\n *\n * This functionality is especially useful for creating abstractions that desire the ability to write to a stream\n * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at\n * the same time, which would cause the resulting written data to be unpredictable and probably useless.\n */\n getWriter() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('getWriter');\n }\n return AcquireWritableStreamDefaultWriter(this);\n }\n}\nObject.defineProperties(WritableStream.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n getWriter: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStream',\n configurable: true\n });\n}\n// Abstract operations for the WritableStream.\nfunction AcquireWritableStreamDefaultWriter(stream) {\n return new WritableStreamDefaultWriter(stream);\n}\n// Throws if and only if startAlgorithm throws.\nfunction CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(WritableStream.prototype);\n InitializeWritableStream(stream);\n const controller = Object.create(WritableStreamDefaultController.prototype);\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeWritableStream(stream) {\n stream._state = 'writable';\n // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is\n // 'erroring' or 'errored'. May be set to an undefined value.\n stream._storedError = undefined;\n stream._writer = undefined;\n // Initialize to undefined first because the constructor of the controller checks this\n // variable to validate the caller.\n stream._writableStreamController = undefined;\n // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data\n // producer without waiting for the queued writes to finish.\n stream._writeRequests = new SimpleQueue();\n // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents\n // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here.\n stream._inFlightWriteRequest = undefined;\n // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer\n // has been detached.\n stream._closeRequest = undefined;\n // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it\n // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here.\n stream._inFlightCloseRequest = undefined;\n // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached.\n stream._pendingAbortRequest = undefined;\n // The backpressure signal set by the controller.\n stream._backpressure = false;\n}\nfunction IsWritableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsWritableStreamLocked(stream) {\n if (stream._writer === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamAbort(stream, reason) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseResolvedWith(undefined);\n }\n if (stream._pendingAbortRequest !== undefined) {\n return stream._pendingAbortRequest._promise;\n }\n let wasAlreadyErroring = false;\n if (state === 'erroring') {\n wasAlreadyErroring = true;\n // reason will not be used, so don't keep a reference to it.\n reason = undefined;\n }\n const promise = newPromise((resolve, reject) => {\n stream._pendingAbortRequest = {\n _promise: undefined,\n _resolve: resolve,\n _reject: reject,\n _reason: reason,\n _wasAlreadyErroring: wasAlreadyErroring\n };\n });\n stream._pendingAbortRequest._promise = promise;\n if (!wasAlreadyErroring) {\n WritableStreamStartErroring(stream, reason);\n }\n return promise;\n}\nfunction WritableStreamClose(stream) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`));\n }\n const promise = newPromise((resolve, reject) => {\n const closeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._closeRequest = closeRequest;\n });\n const writer = stream._writer;\n if (writer !== undefined && stream._backpressure && state === 'writable') {\n defaultWriterReadyPromiseResolve(writer);\n }\n WritableStreamDefaultControllerClose(stream._writableStreamController);\n return promise;\n}\n// WritableStream API exposed for controllers.\nfunction WritableStreamAddWriteRequest(stream) {\n const promise = newPromise((resolve, reject) => {\n const writeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._writeRequests.push(writeRequest);\n });\n return promise;\n}\nfunction WritableStreamDealWithRejection(stream, error) {\n const state = stream._state;\n if (state === 'writable') {\n WritableStreamStartErroring(stream, error);\n return;\n }\n WritableStreamFinishErroring(stream);\n}\nfunction WritableStreamStartErroring(stream, reason) {\n const controller = stream._writableStreamController;\n stream._state = 'erroring';\n stream._storedError = reason;\n const writer = stream._writer;\n if (writer !== undefined) {\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason);\n }\n if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) {\n WritableStreamFinishErroring(stream);\n }\n}\nfunction WritableStreamFinishErroring(stream) {\n stream._state = 'errored';\n stream._writableStreamController[ErrorSteps]();\n const storedError = stream._storedError;\n stream._writeRequests.forEach(writeRequest => {\n writeRequest._reject(storedError);\n });\n stream._writeRequests = new SimpleQueue();\n if (stream._pendingAbortRequest === undefined) {\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const abortRequest = stream._pendingAbortRequest;\n stream._pendingAbortRequest = undefined;\n if (abortRequest._wasAlreadyErroring) {\n abortRequest._reject(storedError);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const promise = stream._writableStreamController[AbortSteps](abortRequest._reason);\n uponPromise(promise, () => {\n abortRequest._resolve();\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n }, (reason) => {\n abortRequest._reject(reason);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n });\n}\nfunction WritableStreamFinishInFlightWrite(stream) {\n stream._inFlightWriteRequest._resolve(undefined);\n stream._inFlightWriteRequest = undefined;\n}\nfunction WritableStreamFinishInFlightWriteWithError(stream, error) {\n stream._inFlightWriteRequest._reject(error);\n stream._inFlightWriteRequest = undefined;\n WritableStreamDealWithRejection(stream, error);\n}\nfunction WritableStreamFinishInFlightClose(stream) {\n stream._inFlightCloseRequest._resolve(undefined);\n stream._inFlightCloseRequest = undefined;\n const state = stream._state;\n if (state === 'erroring') {\n // The error was too late to do anything, so it is ignored.\n stream._storedError = undefined;\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._resolve();\n stream._pendingAbortRequest = undefined;\n }\n }\n stream._state = 'closed';\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseResolve(writer);\n }\n}\nfunction WritableStreamFinishInFlightCloseWithError(stream, error) {\n stream._inFlightCloseRequest._reject(error);\n stream._inFlightCloseRequest = undefined;\n // Never execute sink abort() after sink close().\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._reject(error);\n stream._pendingAbortRequest = undefined;\n }\n WritableStreamDealWithRejection(stream, error);\n}\n// TODO(ricea): Fix alphabetical order.\nfunction WritableStreamCloseQueuedOrInFlight(stream) {\n if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamHasOperationMarkedInFlight(stream) {\n if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamMarkCloseRequestInFlight(stream) {\n stream._inFlightCloseRequest = stream._closeRequest;\n stream._closeRequest = undefined;\n}\nfunction WritableStreamMarkFirstWriteRequestInFlight(stream) {\n stream._inFlightWriteRequest = stream._writeRequests.shift();\n}\nfunction WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) {\n if (stream._closeRequest !== undefined) {\n stream._closeRequest._reject(stream._storedError);\n stream._closeRequest = undefined;\n }\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseReject(writer, stream._storedError);\n }\n}\nfunction WritableStreamUpdateBackpressure(stream, backpressure) {\n const writer = stream._writer;\n if (writer !== undefined && backpressure !== stream._backpressure) {\n if (backpressure) {\n defaultWriterReadyPromiseReset(writer);\n }\n else {\n defaultWriterReadyPromiseResolve(writer);\n }\n }\n stream._backpressure = backpressure;\n}\n/**\n * A default writer vended by a {@link WritableStream}.\n *\n * @public\n */\nclass WritableStreamDefaultWriter {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter');\n assertWritableStream(stream, 'First parameter');\n if (IsWritableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive writing by another writer');\n }\n this._ownerWritableStream = stream;\n stream._writer = this;\n const state = stream._state;\n if (state === 'writable') {\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) {\n defaultWriterReadyPromiseInitialize(this);\n }\n else {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n }\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'erroring') {\n defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError);\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'closed') {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n defaultWriterClosedPromiseInitializeAsResolved(this);\n }\n else {\n const storedError = stream._storedError;\n defaultWriterReadyPromiseInitializeAsRejected(this, storedError);\n defaultWriterClosedPromiseInitializeAsRejected(this, storedError);\n }\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the writer’s lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full.\n * A producer can use this information to determine the right amount of data to write.\n *\n * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort\n * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when\n * the writer’s lock is released.\n */\n get desiredSize() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('desiredSize');\n }\n if (this._ownerWritableStream === undefined) {\n throw defaultWriterLockException('desiredSize');\n }\n return WritableStreamDefaultWriterGetDesiredSize(this);\n }\n /**\n * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions\n * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips\n * back to zero or below, the getter will return a new promise that stays pending until the next transition.\n *\n * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become\n * rejected.\n */\n get ready() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('ready'));\n }\n return this._readyPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}.\n */\n abort(reason = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('abort'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('abort'));\n }\n return WritableStreamDefaultWriterAbort(this, reason);\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}.\n */\n close() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('close'));\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('close'));\n }\n if (WritableStreamCloseQueuedOrInFlight(stream)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamDefaultWriterClose(this);\n }\n /**\n * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active.\n * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from\n * now on; otherwise, the writer will appear closed.\n *\n * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the\n * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled).\n * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents\n * other producers from writing in an interleaved manner.\n */\n releaseLock() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('releaseLock');\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return;\n }\n WritableStreamDefaultWriterRelease(this);\n }\n write(chunk = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('write'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n return WritableStreamDefaultWriterWrite(this, chunk);\n }\n}\nObject.defineProperties(WritableStreamDefaultWriter.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n releaseLock: { enumerable: true },\n write: { enumerable: true },\n closed: { enumerable: true },\n desiredSize: { enumerable: true },\n ready: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultWriter',\n configurable: true\n });\n}\n// Abstract operations for the WritableStreamDefaultWriter.\nfunction IsWritableStreamDefaultWriter(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) {\n return false;\n }\n return true;\n}\n// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check.\nfunction WritableStreamDefaultWriterAbort(writer, reason) {\n const stream = writer._ownerWritableStream;\n return WritableStreamAbort(stream, reason);\n}\nfunction WritableStreamDefaultWriterClose(writer) {\n const stream = writer._ownerWritableStream;\n return WritableStreamClose(stream);\n}\nfunction WritableStreamDefaultWriterCloseWithErrorPropagation(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n return WritableStreamDefaultWriterClose(writer);\n}\nfunction WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) {\n if (writer._closedPromiseState === 'pending') {\n defaultWriterClosedPromiseReject(writer, error);\n }\n else {\n defaultWriterClosedPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) {\n if (writer._readyPromiseState === 'pending') {\n defaultWriterReadyPromiseReject(writer, error);\n }\n else {\n defaultWriterReadyPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterGetDesiredSize(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (state === 'errored' || state === 'erroring') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController);\n}\nfunction WritableStreamDefaultWriterRelease(writer) {\n const stream = writer._ownerWritableStream;\n const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`);\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError);\n // The state transitions to \"errored\" before the sink abort() method runs, but the writer.closed promise is not\n // rejected until afterwards. This means that simply testing state will not work.\n WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError);\n stream._writer = undefined;\n writer._ownerWritableStream = undefined;\n}\nfunction WritableStreamDefaultWriterWrite(writer, chunk) {\n const stream = writer._ownerWritableStream;\n const controller = stream._writableStreamController;\n const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk);\n if (stream !== writer._ownerWritableStream) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n const state = stream._state;\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to'));\n }\n if (state === 'erroring') {\n return promiseRejectedWith(stream._storedError);\n }\n const promise = WritableStreamAddWriteRequest(stream);\n WritableStreamDefaultControllerWrite(controller, chunk, chunkSize);\n return promise;\n}\nconst closeSentinel = {};\n/**\n * Allows control of a {@link WritableStream | writable stream}'s state and internal queue.\n *\n * @public\n */\nclass WritableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`.\n *\n * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying\n * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the\n * normal lifecycle of interactions with the underlying sink.\n */\n error(e = undefined) {\n if (!IsWritableStreamDefaultController(this)) {\n throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController');\n }\n const state = this._controlledWritableStream._state;\n if (state !== 'writable') {\n // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so\n // just treat it as a no-op.\n return;\n }\n WritableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [AbortSteps](reason) {\n const result = this._abortAlgorithm(reason);\n WritableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [ErrorSteps]() {\n ResetQueue(this);\n }\n}\nObject.defineProperties(WritableStreamDefaultController.prototype, {\n error: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations implementing interface required by the WritableStream.\nfunction IsWritableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledWritableStream = stream;\n stream._writableStreamController = controller;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._writeAlgorithm = writeAlgorithm;\n controller._closeAlgorithm = closeAlgorithm;\n controller._abortAlgorithm = abortAlgorithm;\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n const startResult = startAlgorithm();\n const startPromise = promiseResolvedWith(startResult);\n uponPromise(startPromise, () => {\n controller._started = true;\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, r => {\n controller._started = true;\n WritableStreamDealWithRejection(stream, r);\n });\n}\nfunction SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(WritableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let writeAlgorithm = () => promiseResolvedWith(undefined);\n let closeAlgorithm = () => promiseResolvedWith(undefined);\n let abortAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSink.start !== undefined) {\n startAlgorithm = () => underlyingSink.start(controller);\n }\n if (underlyingSink.write !== undefined) {\n writeAlgorithm = chunk => underlyingSink.write(chunk, controller);\n }\n if (underlyingSink.close !== undefined) {\n closeAlgorithm = () => underlyingSink.close();\n }\n if (underlyingSink.abort !== undefined) {\n abortAlgorithm = reason => underlyingSink.abort(reason);\n }\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls.\nfunction WritableStreamDefaultControllerClearAlgorithms(controller) {\n controller._writeAlgorithm = undefined;\n controller._closeAlgorithm = undefined;\n controller._abortAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\nfunction WritableStreamDefaultControllerClose(controller) {\n EnqueueValueWithSize(controller, closeSentinel, 0);\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\nfunction WritableStreamDefaultControllerGetChunkSize(controller, chunk) {\n try {\n return controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE);\n return 1;\n }\n}\nfunction WritableStreamDefaultControllerGetDesiredSize(controller) {\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) {\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE);\n return;\n }\n const stream = controller._controlledWritableStream;\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\n// Abstract operations for the WritableStreamDefaultController.\nfunction WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) {\n const stream = controller._controlledWritableStream;\n if (!controller._started) {\n return;\n }\n if (stream._inFlightWriteRequest !== undefined) {\n return;\n }\n const state = stream._state;\n if (state === 'erroring') {\n WritableStreamFinishErroring(stream);\n return;\n }\n if (controller._queue.length === 0) {\n return;\n }\n const value = PeekQueueValue(controller);\n if (value === closeSentinel) {\n WritableStreamDefaultControllerProcessClose(controller);\n }\n else {\n WritableStreamDefaultControllerProcessWrite(controller, value);\n }\n}\nfunction WritableStreamDefaultControllerErrorIfNeeded(controller, error) {\n if (controller._controlledWritableStream._state === 'writable') {\n WritableStreamDefaultControllerError(controller, error);\n }\n}\nfunction WritableStreamDefaultControllerProcessClose(controller) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkCloseRequestInFlight(stream);\n DequeueValue(controller);\n const sinkClosePromise = controller._closeAlgorithm();\n WritableStreamDefaultControllerClearAlgorithms(controller);\n uponPromise(sinkClosePromise, () => {\n WritableStreamFinishInFlightClose(stream);\n }, reason => {\n WritableStreamFinishInFlightCloseWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerProcessWrite(controller, chunk) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkFirstWriteRequestInFlight(stream);\n const sinkWritePromise = controller._writeAlgorithm(chunk);\n uponPromise(sinkWritePromise, () => {\n WritableStreamFinishInFlightWrite(stream);\n const state = stream._state;\n DequeueValue(controller);\n if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, reason => {\n if (stream._state === 'writable') {\n WritableStreamDefaultControllerClearAlgorithms(controller);\n }\n WritableStreamFinishInFlightWriteWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerGetBackpressure(controller) {\n const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller);\n return desiredSize <= 0;\n}\n// A client of WritableStreamDefaultController may use these functions directly to bypass state check.\nfunction WritableStreamDefaultControllerError(controller, error) {\n const stream = controller._controlledWritableStream;\n WritableStreamDefaultControllerClearAlgorithms(controller);\n WritableStreamStartErroring(stream, error);\n}\n// Helper functions for the WritableStream.\nfunction streamBrandCheckException$2(name) {\n return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`);\n}\n// Helper functions for the WritableStreamDefaultWriter.\nfunction defaultWriterBrandCheckException(name) {\n return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`);\n}\nfunction defaultWriterLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released writer');\n}\nfunction defaultWriterClosedPromiseInitialize(writer) {\n writer._closedPromise = newPromise((resolve, reject) => {\n writer._closedPromise_resolve = resolve;\n writer._closedPromise_reject = reject;\n writer._closedPromiseState = 'pending';\n });\n}\nfunction defaultWriterClosedPromiseInitializeAsRejected(writer, reason) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseReject(writer, reason);\n}\nfunction defaultWriterClosedPromiseInitializeAsResolved(writer) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseResolve(writer);\n}\nfunction defaultWriterClosedPromiseReject(writer, reason) {\n if (writer._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._closedPromise);\n writer._closedPromise_reject(reason);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'rejected';\n}\nfunction defaultWriterClosedPromiseResetToRejected(writer, reason) {\n defaultWriterClosedPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterClosedPromiseResolve(writer) {\n if (writer._closedPromise_resolve === undefined) {\n return;\n }\n writer._closedPromise_resolve(undefined);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'resolved';\n}\nfunction defaultWriterReadyPromiseInitialize(writer) {\n writer._readyPromise = newPromise((resolve, reject) => {\n writer._readyPromise_resolve = resolve;\n writer._readyPromise_reject = reject;\n });\n writer._readyPromiseState = 'pending';\n}\nfunction defaultWriterReadyPromiseInitializeAsRejected(writer, reason) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseReject(writer, reason);\n}\nfunction defaultWriterReadyPromiseInitializeAsResolved(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseResolve(writer);\n}\nfunction defaultWriterReadyPromiseReject(writer, reason) {\n if (writer._readyPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._readyPromise);\n writer._readyPromise_reject(reason);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'rejected';\n}\nfunction defaultWriterReadyPromiseReset(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n}\nfunction defaultWriterReadyPromiseResetToRejected(writer, reason) {\n defaultWriterReadyPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterReadyPromiseResolve(writer) {\n if (writer._readyPromise_resolve === undefined) {\n return;\n }\n writer._readyPromise_resolve(undefined);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'fulfilled';\n}\n\nfunction isAbortSignal(value) {\n if (typeof value !== 'object' || value === null) {\n return false;\n }\n try {\n return typeof value.aborted === 'boolean';\n }\n catch (_a) {\n // AbortSignal.prototype.aborted throws if its brand check fails\n return false;\n }\n}\n\n/// \nconst NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined;\n\n/// \nfunction isDOMExceptionConstructor(ctor) {\n if (!(typeof ctor === 'function' || typeof ctor === 'object')) {\n return false;\n }\n try {\n new ctor();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction createDOMExceptionPolyfill() {\n // eslint-disable-next-line no-shadow\n const ctor = function DOMException(message, name) {\n this.message = message || '';\n this.name = name || 'Error';\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n };\n ctor.prototype = Object.create(Error.prototype);\n Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true });\n return ctor;\n}\n// eslint-disable-next-line no-redeclare\nconst DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill();\n\nfunction ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) {\n const reader = AcquireReadableStreamDefaultReader(source);\n const writer = AcquireWritableStreamDefaultWriter(dest);\n source._disturbed = true;\n let shuttingDown = false;\n // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown.\n let currentWrite = promiseResolvedWith(undefined);\n return newPromise((resolve, reject) => {\n let abortAlgorithm;\n if (signal !== undefined) {\n abortAlgorithm = () => {\n const error = new DOMException$1('Aborted', 'AbortError');\n const actions = [];\n if (!preventAbort) {\n actions.push(() => {\n if (dest._state === 'writable') {\n return WritableStreamAbort(dest, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n if (!preventCancel) {\n actions.push(() => {\n if (source._state === 'readable') {\n return ReadableStreamCancel(source, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error);\n };\n if (signal.aborted) {\n abortAlgorithm();\n return;\n }\n signal.addEventListener('abort', abortAlgorithm);\n }\n // Using reader and writer, read all chunks from this and write them to dest\n // - Backpressure must be enforced\n // - Shutdown must stop all activity\n function pipeLoop() {\n return newPromise((resolveLoop, rejectLoop) => {\n function next(done) {\n if (done) {\n resolveLoop();\n }\n else {\n // Use `PerformPromiseThen` instead of `uponPromise` to avoid\n // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers\n PerformPromiseThen(pipeStep(), next, rejectLoop);\n }\n }\n next(false);\n });\n }\n function pipeStep() {\n if (shuttingDown) {\n return promiseResolvedWith(true);\n }\n return PerformPromiseThen(writer._readyPromise, () => {\n return newPromise((resolveRead, rejectRead) => {\n ReadableStreamDefaultReaderRead(reader, {\n _chunkSteps: chunk => {\n currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop);\n resolveRead(false);\n },\n _closeSteps: () => resolveRead(true),\n _errorSteps: rejectRead\n });\n });\n });\n }\n // Errors must be propagated forward\n isOrBecomesErrored(source, reader._closedPromise, storedError => {\n if (!preventAbort) {\n shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Errors must be propagated backward\n isOrBecomesErrored(dest, writer._closedPromise, storedError => {\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Closing must be propagated forward\n isOrBecomesClosed(source, reader._closedPromise, () => {\n if (!preventClose) {\n shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer));\n }\n else {\n shutdown();\n }\n });\n // Closing must be propagated backward\n if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') {\n const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it');\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed);\n }\n else {\n shutdown(true, destClosed);\n }\n }\n setPromiseIsHandledToTrue(pipeLoop());\n function waitForWritesToFinish() {\n // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait\n // for that too.\n const oldCurrentWrite = currentWrite;\n return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined);\n }\n function isOrBecomesErrored(stream, promise, action) {\n if (stream._state === 'errored') {\n action(stream._storedError);\n }\n else {\n uponRejection(promise, action);\n }\n }\n function isOrBecomesClosed(stream, promise, action) {\n if (stream._state === 'closed') {\n action();\n }\n else {\n uponFulfillment(promise, action);\n }\n }\n function shutdownWithAction(action, originalIsError, originalError) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), doTheRest);\n }\n else {\n doTheRest();\n }\n function doTheRest() {\n uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError));\n }\n }\n function shutdown(isError, error) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error));\n }\n else {\n finalize(isError, error);\n }\n }\n function finalize(isError, error) {\n WritableStreamDefaultWriterRelease(writer);\n ReadableStreamReaderGenericRelease(reader);\n if (signal !== undefined) {\n signal.removeEventListener('abort', abortAlgorithm);\n }\n if (isError) {\n reject(error);\n }\n else {\n resolve(undefined);\n }\n }\n });\n}\n\n/**\n * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('desiredSize');\n }\n return ReadableStreamDefaultControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('close');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits close');\n }\n ReadableStreamDefaultControllerClose(this);\n }\n enqueue(chunk = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('enqueue');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits enqueue');\n }\n return ReadableStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('error');\n }\n ReadableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableStream;\n if (this._queue.length > 0) {\n const chunk = DequeueValue(this);\n if (this._closeRequested && this._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(this);\n ReadableStreamClose(stream);\n }\n else {\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n readRequest._chunkSteps(chunk);\n }\n else {\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n }\n}\nObject.defineProperties(ReadableStreamDefaultController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableStreamDefaultController.\nfunction IsReadableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableStreamDefaultControllerError(controller, e);\n });\n}\nfunction ReadableStreamDefaultControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableStream;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableStreamDefaultControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\n// A client of ReadableStreamDefaultController may use these functions directly to bypass state check.\nfunction ReadableStreamDefaultControllerClose(controller) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n controller._closeRequested = true;\n if (controller._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n }\n}\nfunction ReadableStreamDefaultControllerEnqueue(controller, chunk) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n ReadableStreamFulfillReadRequest(stream, chunk, false);\n }\n else {\n let chunkSize;\n try {\n chunkSize = controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n ReadableStreamDefaultControllerError(controller, chunkSizeE);\n throw chunkSizeE;\n }\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n ReadableStreamDefaultControllerError(controller, enqueueE);\n throw enqueueE;\n }\n }\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n}\nfunction ReadableStreamDefaultControllerError(controller, e) {\n const stream = controller._controlledReadableStream;\n if (stream._state !== 'readable') {\n return;\n }\n ResetQueue(controller);\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableStreamDefaultControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\n// This is used in the implementation of TransformStream.\nfunction ReadableStreamDefaultControllerHasBackpressure(controller) {\n if (ReadableStreamDefaultControllerShouldCallPull(controller)) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) {\n const state = controller._controlledReadableStream._state;\n if (!controller._closeRequested && state === 'readable') {\n return true;\n }\n return false;\n}\nfunction SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledReadableStream = stream;\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._closeRequested = false;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableStreamDefaultControllerError(controller, r);\n });\n}\nfunction SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSource.start !== undefined) {\n startAlgorithm = () => underlyingSource.start(controller);\n }\n if (underlyingSource.pull !== undefined) {\n pullAlgorithm = () => underlyingSource.pull(controller);\n }\n if (underlyingSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingSource.cancel(reason);\n }\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// Helper functions for the ReadableStreamDefaultController.\nfunction defaultControllerBrandCheckException$1(name) {\n return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`);\n}\n\nfunction ReadableStreamTee(stream, cloneForBranch2) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n let reading = false;\n let canceled1 = false;\n let canceled2 = false;\n let reason1;\n let reason2;\n let branch1;\n let branch2;\n let resolveCancelPromise;\n const cancelPromise = newPromise(resolve => {\n resolveCancelPromise = resolve;\n });\n function pullAlgorithm() {\n if (reading) {\n return promiseResolvedWith(undefined);\n }\n reading = true;\n const readRequest = {\n _chunkSteps: value => {\n // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using\n // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let\n // successful synchronously-available reads get ahead of asynchronously-available errors.\n queueMicrotask(() => {\n reading = false;\n const value1 = value;\n const value2 = value;\n // There is no way to access the cloning code right now in the reference implementation.\n // If we add one then we'll need an implementation for serializable objects.\n // if (!canceled2 && cloneForBranch2) {\n // value2 = StructuredDeserialize(StructuredSerialize(value2));\n // }\n if (!canceled1) {\n ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2);\n }\n });\n },\n _closeSteps: () => {\n reading = false;\n if (!canceled1) {\n ReadableStreamDefaultControllerClose(branch1._readableStreamController);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerClose(branch2._readableStreamController);\n }\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n },\n _errorSteps: () => {\n reading = false;\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promiseResolvedWith(undefined);\n }\n function cancel1Algorithm(reason) {\n canceled1 = true;\n reason1 = reason;\n if (canceled2) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function cancel2Algorithm(reason) {\n canceled2 = true;\n reason2 = reason;\n if (canceled1) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function startAlgorithm() {\n // do nothing\n }\n branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm);\n branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm);\n uponRejection(reader._closedPromise, (r) => {\n ReadableStreamDefaultControllerError(branch1._readableStreamController, r);\n ReadableStreamDefaultControllerError(branch2._readableStreamController, r);\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n });\n return [branch1, branch2];\n}\n\nfunction convertUnderlyingDefaultOrByteSource(source, context) {\n assertDictionary(source, context);\n const original = source;\n const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize;\n const cancel = original === null || original === void 0 ? void 0 : original.cancel;\n const pull = original === null || original === void 0 ? void 0 : original.pull;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n return {\n autoAllocateChunkSize: autoAllocateChunkSize === undefined ?\n undefined :\n convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`),\n cancel: cancel === undefined ?\n undefined :\n convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`),\n pull: pull === undefined ?\n undefined :\n convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`),\n type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`)\n };\n}\nfunction convertUnderlyingSourceCancelCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSourcePullCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSourceStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertReadableStreamType(type, context) {\n type = `${type}`;\n if (type !== 'bytes') {\n throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`);\n }\n return type;\n}\n\nfunction convertReaderOptions(options, context) {\n assertDictionary(options, context);\n const mode = options === null || options === void 0 ? void 0 : options.mode;\n return {\n mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`)\n };\n}\nfunction convertReadableStreamReaderMode(mode, context) {\n mode = `${mode}`;\n if (mode !== 'byob') {\n throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`);\n }\n return mode;\n}\n\nfunction convertIteratorOptions(options, context) {\n assertDictionary(options, context);\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n return { preventCancel: Boolean(preventCancel) };\n}\n\nfunction convertPipeOptions(options, context) {\n assertDictionary(options, context);\n const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort;\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n const preventClose = options === null || options === void 0 ? void 0 : options.preventClose;\n const signal = options === null || options === void 0 ? void 0 : options.signal;\n if (signal !== undefined) {\n assertAbortSignal(signal, `${context} has member 'signal' that`);\n }\n return {\n preventAbort: Boolean(preventAbort),\n preventCancel: Boolean(preventCancel),\n preventClose: Boolean(preventClose),\n signal\n };\n}\nfunction assertAbortSignal(signal, context) {\n if (!isAbortSignal(signal)) {\n throw new TypeError(`${context} is not an AbortSignal.`);\n }\n}\n\nfunction convertReadableWritablePair(pair, context) {\n assertDictionary(pair, context);\n const readable = pair === null || pair === void 0 ? void 0 : pair.readable;\n assertRequiredField(readable, 'readable', 'ReadableWritablePair');\n assertReadableStream(readable, `${context} has member 'readable' that`);\n const writable = pair === null || pair === void 0 ? void 0 : pair.writable;\n assertRequiredField(writable, 'writable', 'ReadableWritablePair');\n assertWritableStream(writable, `${context} has member 'writable' that`);\n return { readable, writable };\n}\n\n/**\n * A readable stream represents a source of data, from which you can read.\n *\n * @public\n */\nclass ReadableStream {\n constructor(rawUnderlyingSource = {}, rawStrategy = {}) {\n if (rawUnderlyingSource === undefined) {\n rawUnderlyingSource = null;\n }\n else {\n assertObject(rawUnderlyingSource, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter');\n InitializeReadableStream(this);\n if (underlyingSource.type === 'bytes') {\n if (strategy.size !== undefined) {\n throw new RangeError('The strategy for a byte stream cannot have a size function');\n }\n const highWaterMark = ExtractHighWaterMark(strategy, 0);\n SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark);\n }\n else {\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm);\n }\n }\n /**\n * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}.\n */\n get locked() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('locked');\n }\n return IsReadableStreamLocked(this);\n }\n /**\n * Cancels the stream, signaling a loss of interest in the stream by a consumer.\n *\n * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()}\n * method, which might or might not use it.\n */\n cancel(reason = undefined) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('cancel'));\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader'));\n }\n return ReadableStreamCancel(this, reason);\n }\n getReader(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('getReader');\n }\n const options = convertReaderOptions(rawOptions, 'First parameter');\n if (options.mode === undefined) {\n return AcquireReadableStreamDefaultReader(this);\n }\n return AcquireReadableStreamBYOBReader(this);\n }\n pipeThrough(rawTransform, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('pipeThrough');\n }\n assertRequiredArgument(rawTransform, 1, 'pipeThrough');\n const transform = convertReadableWritablePair(rawTransform, 'First parameter');\n const options = convertPipeOptions(rawOptions, 'Second parameter');\n if (IsReadableStreamLocked(this)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream');\n }\n if (IsWritableStreamLocked(transform.writable)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream');\n }\n const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n setPromiseIsHandledToTrue(promise);\n return transform.readable;\n }\n pipeTo(destination, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('pipeTo'));\n }\n if (destination === undefined) {\n return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`);\n }\n if (!IsWritableStream(destination)) {\n return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`));\n }\n let options;\n try {\n options = convertPipeOptions(rawOptions, 'Second parameter');\n }\n catch (e) {\n return promiseRejectedWith(e);\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream'));\n }\n if (IsWritableStreamLocked(destination)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream'));\n }\n return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n }\n /**\n * Tees this readable stream, returning a two-element array containing the two resulting branches as\n * new {@link ReadableStream} instances.\n *\n * Teeing a stream will lock it, preventing any other consumer from acquiring a reader.\n * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be\n * propagated to the stream's underlying source.\n *\n * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable,\n * this could allow interference between the two branches.\n */\n tee() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('tee');\n }\n const branches = ReadableStreamTee(this);\n return CreateArrayFromList(branches);\n }\n values(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('values');\n }\n const options = convertIteratorOptions(rawOptions, 'First parameter');\n return AcquireReadableStreamAsyncIterator(this, options.preventCancel);\n }\n}\nObject.defineProperties(ReadableStream.prototype, {\n cancel: { enumerable: true },\n getReader: { enumerable: true },\n pipeThrough: { enumerable: true },\n pipeTo: { enumerable: true },\n tee: { enumerable: true },\n values: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStream',\n configurable: true\n });\n}\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, {\n value: ReadableStream.prototype.values,\n writable: true,\n configurable: true\n });\n}\n// Abstract operations for the ReadableStream.\n// Throws if and only if startAlgorithm throws.\nfunction CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(ReadableStream.prototype);\n InitializeReadableStream(stream);\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeReadableStream(stream) {\n stream._state = 'readable';\n stream._reader = undefined;\n stream._storedError = undefined;\n stream._disturbed = false;\n}\nfunction IsReadableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamLocked(stream) {\n if (stream._reader === undefined) {\n return false;\n }\n return true;\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamCancel(stream, reason) {\n stream._disturbed = true;\n if (stream._state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (stream._state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n ReadableStreamClose(stream);\n const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason);\n return transformPromiseWith(sourceCancelPromise, noop);\n}\nfunction ReadableStreamClose(stream) {\n stream._state = 'closed';\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseResolve(reader);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._closeSteps();\n });\n reader._readRequests = new SimpleQueue();\n }\n}\nfunction ReadableStreamError(stream, e) {\n stream._state = 'errored';\n stream._storedError = e;\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseReject(reader, e);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._errorSteps(e);\n });\n reader._readRequests = new SimpleQueue();\n }\n else {\n reader._readIntoRequests.forEach(readIntoRequest => {\n readIntoRequest._errorSteps(e);\n });\n reader._readIntoRequests = new SimpleQueue();\n }\n}\n// Helper functions for the ReadableStream.\nfunction streamBrandCheckException$1(name) {\n return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`);\n}\n\nfunction convertQueuingStrategyInit(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit');\n return {\n highWaterMark: convertUnrestrictedDouble(highWaterMark)\n };\n}\n\nconst byteLengthSizeFunction = function size(chunk) {\n return chunk.byteLength;\n};\n/**\n * A queuing strategy that counts the number of bytes in each chunk.\n *\n * @public\n */\nclass ByteLengthQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('highWaterMark');\n }\n return this._byteLengthQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by returning the value of its `byteLength` property.\n */\n get size() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('size');\n }\n return byteLengthSizeFunction;\n }\n}\nObject.defineProperties(ByteLengthQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'ByteLengthQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the ByteLengthQueuingStrategy.\nfunction byteLengthBrandCheckException(name) {\n return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`);\n}\nfunction IsByteLengthQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nconst countSizeFunction = function size() {\n return 1;\n};\n/**\n * A queuing strategy that counts the number of chunks.\n *\n * @public\n */\nclass CountQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'CountQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._countQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('highWaterMark');\n }\n return this._countQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by always returning 1.\n * This ensures that the total queue size is a count of the number of chunks in the queue.\n */\n get size() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('size');\n }\n return countSizeFunction;\n }\n}\nObject.defineProperties(CountQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'CountQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the CountQueuingStrategy.\nfunction countBrandCheckException(name) {\n return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`);\n}\nfunction IsCountQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nfunction convertTransformer(original, context) {\n assertDictionary(original, context);\n const flush = original === null || original === void 0 ? void 0 : original.flush;\n const readableType = original === null || original === void 0 ? void 0 : original.readableType;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const transform = original === null || original === void 0 ? void 0 : original.transform;\n const writableType = original === null || original === void 0 ? void 0 : original.writableType;\n return {\n flush: flush === undefined ?\n undefined :\n convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`),\n readableType,\n start: start === undefined ?\n undefined :\n convertTransformerStartCallback(start, original, `${context} has member 'start' that`),\n transform: transform === undefined ?\n undefined :\n convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`),\n writableType\n };\n}\nfunction convertTransformerFlushCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertTransformerStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertTransformerTransformCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\n// Class TransformStream\n/**\n * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream},\n * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side.\n * In a manner specific to the transform stream in question, writes to the writable side result in new data being\n * made available for reading from the readable side.\n *\n * @public\n */\nclass TransformStream {\n constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) {\n if (rawTransformer === undefined) {\n rawTransformer = null;\n }\n const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter');\n const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter');\n const transformer = convertTransformer(rawTransformer, 'First parameter');\n if (transformer.readableType !== undefined) {\n throw new RangeError('Invalid readableType specified');\n }\n if (transformer.writableType !== undefined) {\n throw new RangeError('Invalid writableType specified');\n }\n const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0);\n const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy);\n const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1);\n const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy);\n let startPromise_resolve;\n const startPromise = newPromise(resolve => {\n startPromise_resolve = resolve;\n });\n InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n SetUpTransformStreamDefaultControllerFromTransformer(this, transformer);\n if (transformer.start !== undefined) {\n startPromise_resolve(transformer.start(this._transformStreamController));\n }\n else {\n startPromise_resolve(undefined);\n }\n }\n /**\n * The readable side of the transform stream.\n */\n get readable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('readable');\n }\n return this._readable;\n }\n /**\n * The writable side of the transform stream.\n */\n get writable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('writable');\n }\n return this._writable;\n }\n}\nObject.defineProperties(TransformStream.prototype, {\n readable: { enumerable: true },\n writable: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStream',\n configurable: true\n });\n}\nfunction InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) {\n function startAlgorithm() {\n return startPromise;\n }\n function writeAlgorithm(chunk) {\n return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk);\n }\n function abortAlgorithm(reason) {\n return TransformStreamDefaultSinkAbortAlgorithm(stream, reason);\n }\n function closeAlgorithm() {\n return TransformStreamDefaultSinkCloseAlgorithm(stream);\n }\n stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm);\n function pullAlgorithm() {\n return TransformStreamDefaultSourcePullAlgorithm(stream);\n }\n function cancelAlgorithm(reason) {\n TransformStreamErrorWritableAndUnblockWrite(stream, reason);\n return promiseResolvedWith(undefined);\n }\n stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure.\n stream._backpressure = undefined;\n stream._backpressureChangePromise = undefined;\n stream._backpressureChangePromise_resolve = undefined;\n TransformStreamSetBackpressure(stream, true);\n stream._transformStreamController = undefined;\n}\nfunction IsTransformStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) {\n return false;\n }\n return true;\n}\n// This is a no-op if both sides are already errored.\nfunction TransformStreamError(stream, e) {\n ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e);\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n}\nfunction TransformStreamErrorWritableAndUnblockWrite(stream, e) {\n TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController);\n WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e);\n if (stream._backpressure) {\n // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure()\n // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time\n // _backpressure is set.\n TransformStreamSetBackpressure(stream, false);\n }\n}\nfunction TransformStreamSetBackpressure(stream, backpressure) {\n // Passes also when called during construction.\n if (stream._backpressureChangePromise !== undefined) {\n stream._backpressureChangePromise_resolve();\n }\n stream._backpressureChangePromise = newPromise(resolve => {\n stream._backpressureChangePromise_resolve = resolve;\n });\n stream._backpressure = backpressure;\n}\n// Class TransformStreamDefaultController\n/**\n * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}.\n *\n * @public\n */\nclass TransformStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full.\n */\n get desiredSize() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('desiredSize');\n }\n const readableController = this._controlledTransformStream._readable._readableStreamController;\n return ReadableStreamDefaultControllerGetDesiredSize(readableController);\n }\n enqueue(chunk = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('enqueue');\n }\n TransformStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors both the readable side and the writable side of the controlled transform stream, making all future\n * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded.\n */\n error(reason = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('error');\n }\n TransformStreamDefaultControllerError(this, reason);\n }\n /**\n * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the\n * transformer only needs to consume a portion of the chunks written to the writable side.\n */\n terminate() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('terminate');\n }\n TransformStreamDefaultControllerTerminate(this);\n }\n}\nObject.defineProperties(TransformStreamDefaultController.prototype, {\n enqueue: { enumerable: true },\n error: { enumerable: true },\n terminate: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStreamDefaultController',\n configurable: true\n });\n}\n// Transform Stream Default Controller Abstract Operations\nfunction IsTransformStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) {\n controller._controlledTransformStream = stream;\n stream._transformStreamController = controller;\n controller._transformAlgorithm = transformAlgorithm;\n controller._flushAlgorithm = flushAlgorithm;\n}\nfunction SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) {\n const controller = Object.create(TransformStreamDefaultController.prototype);\n let transformAlgorithm = (chunk) => {\n try {\n TransformStreamDefaultControllerEnqueue(controller, chunk);\n return promiseResolvedWith(undefined);\n }\n catch (transformResultE) {\n return promiseRejectedWith(transformResultE);\n }\n };\n let flushAlgorithm = () => promiseResolvedWith(undefined);\n if (transformer.transform !== undefined) {\n transformAlgorithm = chunk => transformer.transform(chunk, controller);\n }\n if (transformer.flush !== undefined) {\n flushAlgorithm = () => transformer.flush(controller);\n }\n SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm);\n}\nfunction TransformStreamDefaultControllerClearAlgorithms(controller) {\n controller._transformAlgorithm = undefined;\n controller._flushAlgorithm = undefined;\n}\nfunction TransformStreamDefaultControllerEnqueue(controller, chunk) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) {\n throw new TypeError('Readable side is not in a state that permits enqueue');\n }\n // We throttle transform invocations based on the backpressure of the ReadableStream, but we still\n // accept TransformStreamDefaultControllerEnqueue() calls.\n try {\n ReadableStreamDefaultControllerEnqueue(readableController, chunk);\n }\n catch (e) {\n // This happens when readableStrategy.size() throws.\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n throw stream._readable._storedError;\n }\n const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController);\n if (backpressure !== stream._backpressure) {\n TransformStreamSetBackpressure(stream, true);\n }\n}\nfunction TransformStreamDefaultControllerError(controller, e) {\n TransformStreamError(controller._controlledTransformStream, e);\n}\nfunction TransformStreamDefaultControllerPerformTransform(controller, chunk) {\n const transformPromise = controller._transformAlgorithm(chunk);\n return transformPromiseWith(transformPromise, undefined, r => {\n TransformStreamError(controller._controlledTransformStream, r);\n throw r;\n });\n}\nfunction TransformStreamDefaultControllerTerminate(controller) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n ReadableStreamDefaultControllerClose(readableController);\n const error = new TypeError('TransformStream terminated');\n TransformStreamErrorWritableAndUnblockWrite(stream, error);\n}\n// TransformStreamDefaultSink Algorithms\nfunction TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) {\n const controller = stream._transformStreamController;\n if (stream._backpressure) {\n const backpressureChangePromise = stream._backpressureChangePromise;\n return transformPromiseWith(backpressureChangePromise, () => {\n const writable = stream._writable;\n const state = writable._state;\n if (state === 'erroring') {\n throw writable._storedError;\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n });\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n}\nfunction TransformStreamDefaultSinkAbortAlgorithm(stream, reason) {\n // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already\n // errored.\n TransformStreamError(stream, reason);\n return promiseResolvedWith(undefined);\n}\nfunction TransformStreamDefaultSinkCloseAlgorithm(stream) {\n // stream._readable cannot change after construction, so caching it across a call to user code is safe.\n const readable = stream._readable;\n const controller = stream._transformStreamController;\n const flushPromise = controller._flushAlgorithm();\n TransformStreamDefaultControllerClearAlgorithms(controller);\n // Return a promise that is fulfilled with undefined on success.\n return transformPromiseWith(flushPromise, () => {\n if (readable._state === 'errored') {\n throw readable._storedError;\n }\n ReadableStreamDefaultControllerClose(readable._readableStreamController);\n }, r => {\n TransformStreamError(stream, r);\n throw readable._storedError;\n });\n}\n// TransformStreamDefaultSource Algorithms\nfunction TransformStreamDefaultSourcePullAlgorithm(stream) {\n // Invariant. Enforced by the promises returned by start() and pull().\n TransformStreamSetBackpressure(stream, false);\n // Prevent the next pull() call until there is backpressure.\n return stream._backpressureChangePromise;\n}\n// Helper functions for the TransformStreamDefaultController.\nfunction defaultControllerBrandCheckException(name) {\n return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`);\n}\n// Helper functions for the TransformStream.\nfunction streamBrandCheckException(name) {\n return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`);\n}\n\nexport { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter };\n//# sourceMappingURL=ponyfill.es6.mjs.map\n","/*! *****************************************************************************\nCopyright (c) Microsoft Corporation.\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\nPERFORMANCE OF THIS SOFTWARE.\n***************************************************************************** */\n/* global Reflect, Promise */\n\nvar extendStatics = function(d, b) {\n extendStatics = Object.setPrototypeOf ||\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\n return extendStatics(d, b);\n};\n\nfunction __extends(d, b) {\n if (typeof b !== \"function\" && b !== null)\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\n extendStatics(d, b);\n function __() { this.constructor = d; }\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\n}\n\nfunction assert(test) {\n if (!test) {\n throw new TypeError('Assertion failed');\n }\n}\n\nfunction noop() {\n return;\n}\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\n\nfunction isStreamConstructor(ctor) {\n if (typeof ctor !== 'function') {\n return false;\n }\n var startCalled = false;\n try {\n new ctor({\n start: function () {\n startCalled = true;\n }\n });\n }\n catch (e) {\n // ignore\n }\n return startCalled;\n}\nfunction isReadableStream(readable) {\n if (!typeIsObject(readable)) {\n return false;\n }\n if (typeof readable.getReader !== 'function') {\n return false;\n }\n return true;\n}\nfunction isReadableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isReadableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isWritableStream(writable) {\n if (!typeIsObject(writable)) {\n return false;\n }\n if (typeof writable.getWriter !== 'function') {\n return false;\n }\n return true;\n}\nfunction isWritableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isWritableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isTransformStream(transform) {\n if (!typeIsObject(transform)) {\n return false;\n }\n if (!isReadableStream(transform.readable)) {\n return false;\n }\n if (!isWritableStream(transform.writable)) {\n return false;\n }\n return true;\n}\nfunction isTransformStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isTransformStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction supportsByobReader(readable) {\n try {\n var reader = readable.getReader({ mode: 'byob' });\n reader.releaseLock();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction supportsByteSource(ctor) {\n try {\n new ctor({ type: 'bytes' });\n return true;\n }\n catch (_a) {\n return false;\n }\n}\n\nfunction createReadableStreamWrapper(ctor) {\n assert(isReadableStreamConstructor(ctor));\n var byteSourceSupported = supportsByteSource(ctor);\n return function (readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n type = parseReadableType(type);\n if (type === 'bytes' && !byteSourceSupported) {\n type = undefined;\n }\n if (readable.constructor === ctor) {\n if (type !== 'bytes' || supportsByobReader(readable)) {\n return readable;\n }\n }\n if (type === 'bytes') {\n var source = createWrappingReadableSource(readable, { type: type });\n return new ctor(source);\n }\n else {\n var source = createWrappingReadableSource(readable);\n return new ctor(source);\n }\n };\n}\nfunction createWrappingReadableSource(readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n assert(isReadableStream(readable));\n assert(readable.locked === false);\n type = parseReadableType(type);\n var source;\n if (type === 'bytes') {\n source = new WrappingReadableByteStreamSource(readable);\n }\n else {\n source = new WrappingReadableStreamDefaultSource(readable);\n }\n return source;\n}\nfunction parseReadableType(type) {\n var typeString = String(type);\n if (typeString === 'bytes') {\n return typeString;\n }\n else if (type === undefined) {\n return type;\n }\n else {\n throw new RangeError('Invalid type is specified');\n }\n}\nvar AbstractWrappingReadableStreamSource = /** @class */ (function () {\n function AbstractWrappingReadableStreamSource(underlyingStream) {\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n this._readableStreamController = undefined;\n this._pendingRead = undefined;\n this._underlyingStream = underlyingStream;\n // always keep a reader attached to detect close/error\n this._attachDefaultReader();\n }\n AbstractWrappingReadableStreamSource.prototype.start = function (controller) {\n this._readableStreamController = controller;\n };\n AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) {\n assert(this._underlyingReader !== undefined);\n return this._underlyingReader.cancel(reason);\n };\n AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () {\n if (this._readerMode === \"default\" /* DEFAULT */) {\n return;\n }\n this._detachReader();\n var reader = this._underlyingStream.getReader();\n this._readerMode = \"default\" /* DEFAULT */;\n this._attachReader(reader);\n };\n AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) {\n var _this = this;\n assert(this._underlyingReader === undefined);\n this._underlyingReader = reader;\n var closed = this._underlyingReader.closed;\n if (!closed) {\n return;\n }\n closed\n .then(function () { return _this._finishPendingRead(); })\n .then(function () {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.close();\n }\n }, function (reason) {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.error(reason);\n }\n })\n .catch(noop);\n };\n AbstractWrappingReadableStreamSource.prototype._detachReader = function () {\n if (this._underlyingReader === undefined) {\n return;\n }\n this._underlyingReader.releaseLock();\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n };\n AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () {\n var _this = this;\n this._attachDefaultReader();\n // TODO Backpressure?\n var read = this._underlyingReader.read()\n .then(function (result) {\n var controller = _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n }\n else {\n controller.enqueue(result.value);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n AbstractWrappingReadableStreamSource.prototype._tryClose = function () {\n try {\n this._readableStreamController.close();\n }\n catch (_a) {\n // already errored or closed\n }\n };\n AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) {\n var _this = this;\n var pendingRead;\n var finishRead = function () {\n if (_this._pendingRead === pendingRead) {\n _this._pendingRead = undefined;\n }\n };\n this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead);\n };\n AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () {\n var _this = this;\n if (!this._pendingRead) {\n return undefined;\n }\n var afterRead = function () { return _this._finishPendingRead(); };\n return this._pendingRead.then(afterRead, afterRead);\n };\n return AbstractWrappingReadableStreamSource;\n}());\nvar WrappingReadableStreamDefaultSource = /** @class */ (function (_super) {\n __extends(WrappingReadableStreamDefaultSource, _super);\n function WrappingReadableStreamDefaultSource() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n WrappingReadableStreamDefaultSource.prototype.pull = function () {\n return this._pullWithDefaultReader();\n };\n return WrappingReadableStreamDefaultSource;\n}(AbstractWrappingReadableStreamSource));\nfunction toUint8Array(view) {\n return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);\n}\nfunction copyArrayBufferView(from, to) {\n var fromArray = toUint8Array(from);\n var toArray = toUint8Array(to);\n toArray.set(fromArray, 0);\n}\nvar WrappingReadableByteStreamSource = /** @class */ (function (_super) {\n __extends(WrappingReadableByteStreamSource, _super);\n function WrappingReadableByteStreamSource(underlyingStream) {\n var _this = this;\n var supportsByob = supportsByobReader(underlyingStream);\n _this = _super.call(this, underlyingStream) || this;\n _this._supportsByob = supportsByob;\n return _this;\n }\n Object.defineProperty(WrappingReadableByteStreamSource.prototype, \"type\", {\n get: function () {\n return 'bytes';\n },\n enumerable: false,\n configurable: true\n });\n WrappingReadableByteStreamSource.prototype._attachByobReader = function () {\n if (this._readerMode === \"byob\" /* BYOB */) {\n return;\n }\n assert(this._supportsByob);\n this._detachReader();\n var reader = this._underlyingStream.getReader({ mode: 'byob' });\n this._readerMode = \"byob\" /* BYOB */;\n this._attachReader(reader);\n };\n WrappingReadableByteStreamSource.prototype.pull = function () {\n if (this._supportsByob) {\n var byobRequest = this._readableStreamController.byobRequest;\n if (byobRequest) {\n return this._pullWithByobRequest(byobRequest);\n }\n }\n return this._pullWithDefaultReader();\n };\n WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) {\n var _this = this;\n this._attachByobReader();\n // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly\n // create a separate buffer to read into, then copy that to byobRequest.view\n var buffer = new Uint8Array(byobRequest.view.byteLength);\n // TODO Backpressure?\n var read = this._underlyingReader.read(buffer)\n .then(function (result) {\n _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n byobRequest.respond(0);\n }\n else {\n copyArrayBufferView(result.value, byobRequest.view);\n byobRequest.respond(result.value.byteLength);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n return WrappingReadableByteStreamSource;\n}(AbstractWrappingReadableStreamSource));\n\nfunction createWritableStreamWrapper(ctor) {\n assert(isWritableStreamConstructor(ctor));\n return function (writable) {\n if (writable.constructor === ctor) {\n return writable;\n }\n var sink = createWrappingWritableSink(writable);\n return new ctor(sink);\n };\n}\nfunction createWrappingWritableSink(writable) {\n assert(isWritableStream(writable));\n assert(writable.locked === false);\n var writer = writable.getWriter();\n return new WrappingWritableStreamSink(writer);\n}\nvar WrappingWritableStreamSink = /** @class */ (function () {\n function WrappingWritableStreamSink(underlyingWriter) {\n var _this = this;\n this._writableStreamController = undefined;\n this._pendingWrite = undefined;\n this._state = \"writable\" /* WRITABLE */;\n this._storedError = undefined;\n this._underlyingWriter = underlyingWriter;\n this._errorPromise = new Promise(function (resolve, reject) {\n _this._errorPromiseReject = reject;\n });\n this._errorPromise.catch(noop);\n }\n WrappingWritableStreamSink.prototype.start = function (controller) {\n var _this = this;\n this._writableStreamController = controller;\n this._underlyingWriter.closed\n .then(function () {\n _this._state = \"closed\" /* CLOSED */;\n })\n .catch(function (reason) { return _this._finishErroring(reason); });\n };\n WrappingWritableStreamSink.prototype.write = function (chunk) {\n var _this = this;\n var writer = this._underlyingWriter;\n // Detect past errors\n if (writer.desiredSize === null) {\n return writer.ready;\n }\n var writeRequest = writer.write(chunk);\n // Detect future errors\n writeRequest.catch(function (reason) { return _this._finishErroring(reason); });\n writer.ready.catch(function (reason) { return _this._startErroring(reason); });\n // Reject write when errored\n var write = Promise.race([writeRequest, this._errorPromise]);\n this._setPendingWrite(write);\n return write;\n };\n WrappingWritableStreamSink.prototype.close = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return this._underlyingWriter.close();\n }\n return this._finishPendingWrite().then(function () { return _this.close(); });\n };\n WrappingWritableStreamSink.prototype.abort = function (reason) {\n if (this._state === \"errored\" /* ERRORED */) {\n return undefined;\n }\n var writer = this._underlyingWriter;\n return writer.abort(reason);\n };\n WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) {\n var _this = this;\n var pendingWrite;\n var finishWrite = function () {\n if (_this._pendingWrite === pendingWrite) {\n _this._pendingWrite = undefined;\n }\n };\n this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite);\n };\n WrappingWritableStreamSink.prototype._finishPendingWrite = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return Promise.resolve();\n }\n var afterWrite = function () { return _this._finishPendingWrite(); };\n return this._pendingWrite.then(afterWrite, afterWrite);\n };\n WrappingWritableStreamSink.prototype._startErroring = function (reason) {\n var _this = this;\n if (this._state === \"writable\" /* WRITABLE */) {\n this._state = \"erroring\" /* ERRORING */;\n this._storedError = reason;\n var afterWrite = function () { return _this._finishErroring(reason); };\n if (this._pendingWrite === undefined) {\n afterWrite();\n }\n else {\n this._finishPendingWrite().then(afterWrite, afterWrite);\n }\n this._writableStreamController.error(reason);\n }\n };\n WrappingWritableStreamSink.prototype._finishErroring = function (reason) {\n if (this._state === \"writable\" /* WRITABLE */) {\n this._startErroring(reason);\n }\n if (this._state === \"erroring\" /* ERRORING */) {\n this._state = \"errored\" /* ERRORED */;\n this._errorPromiseReject(this._storedError);\n }\n };\n return WrappingWritableStreamSink;\n}());\n\nfunction createTransformStreamWrapper(ctor) {\n assert(isTransformStreamConstructor(ctor));\n return function (transform) {\n if (transform.constructor === ctor) {\n return transform;\n }\n var transformer = createWrappingTransformer(transform);\n return new ctor(transformer);\n };\n}\nfunction createWrappingTransformer(transform) {\n assert(isTransformStream(transform));\n var readable = transform.readable, writable = transform.writable;\n assert(readable.locked === false);\n assert(writable.locked === false);\n var reader = readable.getReader();\n var writer;\n try {\n writer = writable.getWriter();\n }\n catch (e) {\n reader.releaseLock(); // do not leak reader\n throw e;\n }\n return new WrappingTransformStreamTransformer(reader, writer);\n}\nvar WrappingTransformStreamTransformer = /** @class */ (function () {\n function WrappingTransformStreamTransformer(reader, writer) {\n var _this = this;\n this._transformStreamController = undefined;\n this._onRead = function (result) {\n if (result.done) {\n return;\n }\n _this._transformStreamController.enqueue(result.value);\n return _this._reader.read().then(_this._onRead);\n };\n this._onError = function (reason) {\n _this._flushReject(reason);\n _this._transformStreamController.error(reason);\n _this._reader.cancel(reason).catch(noop);\n _this._writer.abort(reason).catch(noop);\n };\n this._onTerminate = function () {\n _this._flushResolve();\n _this._transformStreamController.terminate();\n var error = new TypeError('TransformStream terminated');\n _this._writer.abort(error).catch(noop);\n };\n this._reader = reader;\n this._writer = writer;\n this._flushPromise = new Promise(function (resolve, reject) {\n _this._flushResolve = resolve;\n _this._flushReject = reject;\n });\n }\n WrappingTransformStreamTransformer.prototype.start = function (controller) {\n this._transformStreamController = controller;\n this._reader.read()\n .then(this._onRead)\n .then(this._onTerminate, this._onError);\n var readerClosed = this._reader.closed;\n if (readerClosed) {\n readerClosed\n .then(this._onTerminate, this._onError);\n }\n };\n WrappingTransformStreamTransformer.prototype.transform = function (chunk) {\n return this._writer.write(chunk);\n };\n WrappingTransformStreamTransformer.prototype.flush = function () {\n var _this = this;\n return this._writer.close()\n .then(function () { return _this._flushPromise; });\n };\n return WrappingTransformStreamTransformer;\n}());\n\nexport { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper };\n//# sourceMappingURL=web-streams-adapter.mjs.map\n","(function (module, exports) {\n 'use strict';\n\n // Utils\n function assert (val, msg) {\n if (!val) throw new Error(msg || 'Assertion failed');\n }\n\n // Could use `inherits` module, but don't want to move from single file\n // architecture yet.\n function inherits (ctor, superCtor) {\n ctor.super_ = superCtor;\n var TempCtor = function () {};\n TempCtor.prototype = superCtor.prototype;\n ctor.prototype = new TempCtor();\n ctor.prototype.constructor = ctor;\n }\n\n // BN\n\n function BN (number, base, endian) {\n if (BN.isBN(number)) {\n return number;\n }\n\n this.negative = 0;\n this.words = null;\n this.length = 0;\n\n // Reduction context\n this.red = null;\n\n if (number !== null) {\n if (base === 'le' || base === 'be') {\n endian = base;\n base = 10;\n }\n\n this._init(number || 0, base || 10, endian || 'be');\n }\n }\n if (typeof module === 'object') {\n module.exports = BN;\n } else {\n exports.BN = BN;\n }\n\n BN.BN = BN;\n BN.wordSize = 26;\n\n var Buffer;\n try {\n Buffer = require('buffer').Buffer;\n } catch (e) {\n }\n\n BN.isBN = function isBN (num) {\n if (num instanceof BN) {\n return true;\n }\n\n return num !== null && typeof num === 'object' &&\n num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);\n };\n\n BN.max = function max (left, right) {\n if (left.cmp(right) > 0) return left;\n return right;\n };\n\n BN.min = function min (left, right) {\n if (left.cmp(right) < 0) return left;\n return right;\n };\n\n BN.prototype._init = function init (number, base, endian) {\n if (typeof number === 'number') {\n return this._initNumber(number, base, endian);\n }\n\n if (typeof number === 'object') {\n return this._initArray(number, base, endian);\n }\n\n if (base === 'hex') {\n base = 16;\n }\n assert(base === (base | 0) && base >= 2 && base <= 36);\n\n number = number.toString().replace(/\\s+/g, '');\n var start = 0;\n if (number[0] === '-') {\n start++;\n }\n\n if (base === 16) {\n this._parseHex(number, start);\n } else {\n this._parseBase(number, base, start);\n }\n\n if (number[0] === '-') {\n this.negative = 1;\n }\n\n this.strip();\n\n if (endian !== 'le') return;\n\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initNumber = function _initNumber (number, base, endian) {\n if (number < 0) {\n this.negative = 1;\n number = -number;\n }\n if (number < 0x4000000) {\n this.words = [ number & 0x3ffffff ];\n this.length = 1;\n } else if (number < 0x10000000000000) {\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff\n ];\n this.length = 2;\n } else {\n assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff,\n 1\n ];\n this.length = 3;\n }\n\n if (endian !== 'le') return;\n\n // Reverse the bytes\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initArray = function _initArray (number, base, endian) {\n // Perhaps a Uint8Array\n assert(typeof number.length === 'number');\n if (number.length <= 0) {\n this.words = [ 0 ];\n this.length = 1;\n return this;\n }\n\n this.length = Math.ceil(number.length / 3);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n var off = 0;\n if (endian === 'be') {\n for (i = number.length - 1, j = 0; i >= 0; i -= 3) {\n w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n } else if (endian === 'le') {\n for (i = 0, j = 0; i < number.length; i += 3) {\n w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n }\n return this.strip();\n };\n\n function parseHex (str, start, end) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r <<= 4;\n\n // 'a' - 'f'\n if (c >= 49 && c <= 54) {\n r |= c - 49 + 0xa;\n\n // 'A' - 'F'\n } else if (c >= 17 && c <= 22) {\n r |= c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r |= c & 0xf;\n }\n }\n return r;\n }\n\n BN.prototype._parseHex = function _parseHex (number, start) {\n // Create possibly bigger array to ensure that it fits the number\n this.length = Math.ceil((number.length - start) / 6);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n // Scan 24-bit chunks and add them to the number\n var off = 0;\n for (i = number.length - 6, j = 0; i >= start; i -= 6) {\n w = parseHex(number, i, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n if (i + 6 !== start) {\n w = parseHex(number, start, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n }\n this.strip();\n };\n\n function parseBase (str, start, end, mul) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r *= mul;\n\n // 'a'\n if (c >= 49) {\n r += c - 49 + 0xa;\n\n // 'A'\n } else if (c >= 17) {\n r += c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r += c;\n }\n }\n return r;\n }\n\n BN.prototype._parseBase = function _parseBase (number, base, start) {\n // Initialize as zero\n this.words = [ 0 ];\n this.length = 1;\n\n // Find length of limb in base\n for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {\n limbLen++;\n }\n limbLen--;\n limbPow = (limbPow / base) | 0;\n\n var total = number.length - start;\n var mod = total % limbLen;\n var end = Math.min(total, total - mod) + start;\n\n var word = 0;\n for (var i = start; i < end; i += limbLen) {\n word = parseBase(number, i, i + limbLen, base);\n\n this.imuln(limbPow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n\n if (mod !== 0) {\n var pow = 1;\n word = parseBase(number, i, number.length, base);\n\n for (i = 0; i < mod; i++) {\n pow *= base;\n }\n\n this.imuln(pow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n };\n\n BN.prototype.copy = function copy (dest) {\n dest.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n dest.words[i] = this.words[i];\n }\n dest.length = this.length;\n dest.negative = this.negative;\n dest.red = this.red;\n };\n\n BN.prototype.clone = function clone () {\n var r = new BN(null);\n this.copy(r);\n return r;\n };\n\n BN.prototype._expand = function _expand (size) {\n while (this.length < size) {\n this.words[this.length++] = 0;\n }\n return this;\n };\n\n // Remove leading `0` from `this`\n BN.prototype.strip = function strip () {\n while (this.length > 1 && this.words[this.length - 1] === 0) {\n this.length--;\n }\n return this._normSign();\n };\n\n BN.prototype._normSign = function _normSign () {\n // -0 = 0\n if (this.length === 1 && this.words[0] === 0) {\n this.negative = 0;\n }\n return this;\n };\n\n BN.prototype.inspect = function inspect () {\n return (this.red ? '';\n };\n\n /*\n\n var zeros = [];\n var groupSizes = [];\n var groupBases = [];\n\n var s = '';\n var i = -1;\n while (++i < BN.wordSize) {\n zeros[i] = s;\n s += '0';\n }\n groupSizes[0] = 0;\n groupSizes[1] = 0;\n groupBases[0] = 0;\n groupBases[1] = 0;\n var base = 2 - 1;\n while (++base < 36 + 1) {\n var groupSize = 0;\n var groupBase = 1;\n while (groupBase < (1 << BN.wordSize) / base) {\n groupBase *= base;\n groupSize += 1;\n }\n groupSizes[base] = groupSize;\n groupBases[base] = groupBase;\n }\n\n */\n\n var zeros = [\n '',\n '0',\n '00',\n '000',\n '0000',\n '00000',\n '000000',\n '0000000',\n '00000000',\n '000000000',\n '0000000000',\n '00000000000',\n '000000000000',\n '0000000000000',\n '00000000000000',\n '000000000000000',\n '0000000000000000',\n '00000000000000000',\n '000000000000000000',\n '0000000000000000000',\n '00000000000000000000',\n '000000000000000000000',\n '0000000000000000000000',\n '00000000000000000000000',\n '000000000000000000000000',\n '0000000000000000000000000'\n ];\n\n var groupSizes = [\n 0, 0,\n 25, 16, 12, 11, 10, 9, 8,\n 8, 7, 7, 7, 7, 6, 6,\n 6, 6, 6, 6, 6, 5, 5,\n 5, 5, 5, 5, 5, 5, 5,\n 5, 5, 5, 5, 5, 5, 5\n ];\n\n var groupBases = [\n 0, 0,\n 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,\n 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,\n 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,\n 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,\n 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176\n ];\n\n BN.prototype.toString = function toString (base, padding) {\n base = base || 10;\n padding = padding | 0 || 1;\n\n var out;\n if (base === 16 || base === 'hex') {\n out = '';\n var off = 0;\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = this.words[i];\n var word = (((w << off) | carry) & 0xffffff).toString(16);\n carry = (w >>> (24 - off)) & 0xffffff;\n if (carry !== 0 || i !== this.length - 1) {\n out = zeros[6 - word.length] + word + out;\n } else {\n out = word + out;\n }\n off += 2;\n if (off >= 26) {\n off -= 26;\n i--;\n }\n }\n if (carry !== 0) {\n out = carry.toString(16) + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n if (base === (base | 0) && base >= 2 && base <= 36) {\n // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));\n var groupSize = groupSizes[base];\n // var groupBase = Math.pow(base, groupSize);\n var groupBase = groupBases[base];\n out = '';\n var c = this.clone();\n c.negative = 0;\n while (!c.isZero()) {\n var r = c.modn(groupBase).toString(base);\n c = c.idivn(groupBase);\n\n if (!c.isZero()) {\n out = zeros[groupSize - r.length] + r + out;\n } else {\n out = r + out;\n }\n }\n if (this.isZero()) {\n out = '0' + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n assert(false, 'Base should be between 2 and 36');\n };\n\n BN.prototype.toNumber = function toNumber () {\n var ret = this.words[0];\n if (this.length === 2) {\n ret += this.words[1] * 0x4000000;\n } else if (this.length === 3 && this.words[2] === 0x01) {\n // NOTE: at this stage it is known that the top bit is set\n ret += 0x10000000000000 + (this.words[1] * 0x4000000);\n } else if (this.length > 2) {\n assert(false, 'Number can only safely store up to 53 bits');\n }\n return (this.negative !== 0) ? -ret : ret;\n };\n\n BN.prototype.toJSON = function toJSON () {\n return this.toString(16);\n };\n\n BN.prototype.toBuffer = function toBuffer (endian, length) {\n assert(typeof Buffer !== 'undefined');\n return this.toArrayLike(Buffer, endian, length);\n };\n\n BN.prototype.toArray = function toArray (endian, length) {\n return this.toArrayLike(Array, endian, length);\n };\n\n BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {\n var byteLength = this.byteLength();\n var reqLength = length || Math.max(1, byteLength);\n assert(byteLength <= reqLength, 'byte array longer than desired length');\n assert(reqLength > 0, 'Requested array length <= 0');\n\n this.strip();\n var littleEndian = endian === 'le';\n var res = new ArrayType(reqLength);\n\n var b, i;\n var q = this.clone();\n if (!littleEndian) {\n // Assume big-endian\n for (i = 0; i < reqLength - byteLength; i++) {\n res[i] = 0;\n }\n\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[reqLength - i - 1] = b;\n }\n } else {\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[i] = b;\n }\n\n for (; i < reqLength; i++) {\n res[i] = 0;\n }\n }\n\n return res;\n };\n\n if (Math.clz32) {\n BN.prototype._countBits = function _countBits (w) {\n return 32 - Math.clz32(w);\n };\n } else {\n BN.prototype._countBits = function _countBits (w) {\n var t = w;\n var r = 0;\n if (t >= 0x1000) {\n r += 13;\n t >>>= 13;\n }\n if (t >= 0x40) {\n r += 7;\n t >>>= 7;\n }\n if (t >= 0x8) {\n r += 4;\n t >>>= 4;\n }\n if (t >= 0x02) {\n r += 2;\n t >>>= 2;\n }\n return r + t;\n };\n }\n\n BN.prototype._zeroBits = function _zeroBits (w) {\n // Short-cut\n if (w === 0) return 26;\n\n var t = w;\n var r = 0;\n if ((t & 0x1fff) === 0) {\n r += 13;\n t >>>= 13;\n }\n if ((t & 0x7f) === 0) {\n r += 7;\n t >>>= 7;\n }\n if ((t & 0xf) === 0) {\n r += 4;\n t >>>= 4;\n }\n if ((t & 0x3) === 0) {\n r += 2;\n t >>>= 2;\n }\n if ((t & 0x1) === 0) {\n r++;\n }\n return r;\n };\n\n // Return number of used bits in a BN\n BN.prototype.bitLength = function bitLength () {\n var w = this.words[this.length - 1];\n var hi = this._countBits(w);\n return (this.length - 1) * 26 + hi;\n };\n\n function toBitArray (num) {\n var w = new Array(num.bitLength());\n\n for (var bit = 0; bit < w.length; bit++) {\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;\n }\n\n return w;\n }\n\n // Number of trailing zero bits\n BN.prototype.zeroBits = function zeroBits () {\n if (this.isZero()) return 0;\n\n var r = 0;\n for (var i = 0; i < this.length; i++) {\n var b = this._zeroBits(this.words[i]);\n r += b;\n if (b !== 26) break;\n }\n return r;\n };\n\n BN.prototype.byteLength = function byteLength () {\n return Math.ceil(this.bitLength() / 8);\n };\n\n BN.prototype.toTwos = function toTwos (width) {\n if (this.negative !== 0) {\n return this.abs().inotn(width).iaddn(1);\n }\n return this.clone();\n };\n\n BN.prototype.fromTwos = function fromTwos (width) {\n if (this.testn(width - 1)) {\n return this.notn(width).iaddn(1).ineg();\n }\n return this.clone();\n };\n\n BN.prototype.isNeg = function isNeg () {\n return this.negative !== 0;\n };\n\n // Return negative clone of `this`\n BN.prototype.neg = function neg () {\n return this.clone().ineg();\n };\n\n BN.prototype.ineg = function ineg () {\n if (!this.isZero()) {\n this.negative ^= 1;\n }\n\n return this;\n };\n\n // Or `num` with `this` in-place\n BN.prototype.iuor = function iuor (num) {\n while (this.length < num.length) {\n this.words[this.length++] = 0;\n }\n\n for (var i = 0; i < num.length; i++) {\n this.words[i] = this.words[i] | num.words[i];\n }\n\n return this.strip();\n };\n\n BN.prototype.ior = function ior (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuor(num);\n };\n\n // Or `num` with `this`\n BN.prototype.or = function or (num) {\n if (this.length > num.length) return this.clone().ior(num);\n return num.clone().ior(this);\n };\n\n BN.prototype.uor = function uor (num) {\n if (this.length > num.length) return this.clone().iuor(num);\n return num.clone().iuor(this);\n };\n\n // And `num` with `this` in-place\n BN.prototype.iuand = function iuand (num) {\n // b = min-length(num, this)\n var b;\n if (this.length > num.length) {\n b = num;\n } else {\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = this.words[i] & num.words[i];\n }\n\n this.length = b.length;\n\n return this.strip();\n };\n\n BN.prototype.iand = function iand (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuand(num);\n };\n\n // And `num` with `this`\n BN.prototype.and = function and (num) {\n if (this.length > num.length) return this.clone().iand(num);\n return num.clone().iand(this);\n };\n\n BN.prototype.uand = function uand (num) {\n if (this.length > num.length) return this.clone().iuand(num);\n return num.clone().iuand(this);\n };\n\n // Xor `num` with `this` in-place\n BN.prototype.iuxor = function iuxor (num) {\n // a.length > b.length\n var a;\n var b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = a.words[i] ^ b.words[i];\n }\n\n if (this !== a) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = a.length;\n\n return this.strip();\n };\n\n BN.prototype.ixor = function ixor (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuxor(num);\n };\n\n // Xor `num` with `this`\n BN.prototype.xor = function xor (num) {\n if (this.length > num.length) return this.clone().ixor(num);\n return num.clone().ixor(this);\n };\n\n BN.prototype.uxor = function uxor (num) {\n if (this.length > num.length) return this.clone().iuxor(num);\n return num.clone().iuxor(this);\n };\n\n // Not ``this`` with ``width`` bitwidth\n BN.prototype.inotn = function inotn (width) {\n assert(typeof width === 'number' && width >= 0);\n\n var bytesNeeded = Math.ceil(width / 26) | 0;\n var bitsLeft = width % 26;\n\n // Extend the buffer with leading zeroes\n this._expand(bytesNeeded);\n\n if (bitsLeft > 0) {\n bytesNeeded--;\n }\n\n // Handle complete words\n for (var i = 0; i < bytesNeeded; i++) {\n this.words[i] = ~this.words[i] & 0x3ffffff;\n }\n\n // Handle the residue\n if (bitsLeft > 0) {\n this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));\n }\n\n // And remove leading zeroes\n return this.strip();\n };\n\n BN.prototype.notn = function notn (width) {\n return this.clone().inotn(width);\n };\n\n // Set `bit` of `this`\n BN.prototype.setn = function setn (bit, val) {\n assert(typeof bit === 'number' && bit >= 0);\n\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n this._expand(off + 1);\n\n if (val) {\n this.words[off] = this.words[off] | (1 << wbit);\n } else {\n this.words[off] = this.words[off] & ~(1 << wbit);\n }\n\n return this.strip();\n };\n\n // Add `num` to `this` in-place\n BN.prototype.iadd = function iadd (num) {\n var r;\n\n // negative + positive\n if (this.negative !== 0 && num.negative === 0) {\n this.negative = 0;\n r = this.isub(num);\n this.negative ^= 1;\n return this._normSign();\n\n // positive + negative\n } else if (this.negative === 0 && num.negative !== 0) {\n num.negative = 0;\n r = this.isub(num);\n num.negative = 1;\n return r._normSign();\n }\n\n // a.length > b.length\n var a, b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) + (b.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n\n this.length = a.length;\n if (carry !== 0) {\n this.words[this.length] = carry;\n this.length++;\n // Copy the rest of the words\n } else if (a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n return this;\n };\n\n // Add `num` to `this`\n BN.prototype.add = function add (num) {\n var res;\n if (num.negative !== 0 && this.negative === 0) {\n num.negative = 0;\n res = this.sub(num);\n num.negative ^= 1;\n return res;\n } else if (num.negative === 0 && this.negative !== 0) {\n this.negative = 0;\n res = num.sub(this);\n this.negative = 1;\n return res;\n }\n\n if (this.length > num.length) return this.clone().iadd(num);\n\n return num.clone().iadd(this);\n };\n\n // Subtract `num` from `this` in-place\n BN.prototype.isub = function isub (num) {\n // this - (-num) = this + num\n if (num.negative !== 0) {\n num.negative = 0;\n var r = this.iadd(num);\n num.negative = 1;\n return r._normSign();\n\n // -this - num = -(this + num)\n } else if (this.negative !== 0) {\n this.negative = 0;\n this.iadd(num);\n this.negative = 1;\n return this._normSign();\n }\n\n // At this point both numbers are positive\n var cmp = this.cmp(num);\n\n // Optimization - zeroify\n if (cmp === 0) {\n this.negative = 0;\n this.length = 1;\n this.words[0] = 0;\n return this;\n }\n\n // a > b\n var a, b;\n if (cmp > 0) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) - (b.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n\n // Copy rest of the words\n if (carry === 0 && i < a.length && a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = Math.max(this.length, i);\n\n if (a !== this) {\n this.negative = 1;\n }\n\n return this.strip();\n };\n\n // Subtract `num` from `this`\n BN.prototype.sub = function sub (num) {\n return this.clone().isub(num);\n };\n\n function smallMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n var len = (self.length + num.length) | 0;\n out.length = len;\n len = (len - 1) | 0;\n\n // Peel one iteration (compiler can't do it, because of code complexity)\n var a = self.words[0] | 0;\n var b = num.words[0] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n var carry = (r / 0x4000000) | 0;\n out.words[0] = lo;\n\n for (var k = 1; k < len; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = carry >>> 26;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = (k - j) | 0;\n a = self.words[i] | 0;\n b = num.words[j] | 0;\n r = a * b + rword;\n ncarry += (r / 0x4000000) | 0;\n rword = r & 0x3ffffff;\n }\n out.words[k] = rword | 0;\n carry = ncarry | 0;\n }\n if (carry !== 0) {\n out.words[k] = carry | 0;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n // TODO(indutny): it may be reasonable to omit it for users who don't need\n // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit\n // multiplication (like elliptic secp256k1).\n var comb10MulTo = function comb10MulTo (self, num, out) {\n var a = self.words;\n var b = num.words;\n var o = out.words;\n var c = 0;\n var lo;\n var mid;\n var hi;\n var a0 = a[0] | 0;\n var al0 = a0 & 0x1fff;\n var ah0 = a0 >>> 13;\n var a1 = a[1] | 0;\n var al1 = a1 & 0x1fff;\n var ah1 = a1 >>> 13;\n var a2 = a[2] | 0;\n var al2 = a2 & 0x1fff;\n var ah2 = a2 >>> 13;\n var a3 = a[3] | 0;\n var al3 = a3 & 0x1fff;\n var ah3 = a3 >>> 13;\n var a4 = a[4] | 0;\n var al4 = a4 & 0x1fff;\n var ah4 = a4 >>> 13;\n var a5 = a[5] | 0;\n var al5 = a5 & 0x1fff;\n var ah5 = a5 >>> 13;\n var a6 = a[6] | 0;\n var al6 = a6 & 0x1fff;\n var ah6 = a6 >>> 13;\n var a7 = a[7] | 0;\n var al7 = a7 & 0x1fff;\n var ah7 = a7 >>> 13;\n var a8 = a[8] | 0;\n var al8 = a8 & 0x1fff;\n var ah8 = a8 >>> 13;\n var a9 = a[9] | 0;\n var al9 = a9 & 0x1fff;\n var ah9 = a9 >>> 13;\n var b0 = b[0] | 0;\n var bl0 = b0 & 0x1fff;\n var bh0 = b0 >>> 13;\n var b1 = b[1] | 0;\n var bl1 = b1 & 0x1fff;\n var bh1 = b1 >>> 13;\n var b2 = b[2] | 0;\n var bl2 = b2 & 0x1fff;\n var bh2 = b2 >>> 13;\n var b3 = b[3] | 0;\n var bl3 = b3 & 0x1fff;\n var bh3 = b3 >>> 13;\n var b4 = b[4] | 0;\n var bl4 = b4 & 0x1fff;\n var bh4 = b4 >>> 13;\n var b5 = b[5] | 0;\n var bl5 = b5 & 0x1fff;\n var bh5 = b5 >>> 13;\n var b6 = b[6] | 0;\n var bl6 = b6 & 0x1fff;\n var bh6 = b6 >>> 13;\n var b7 = b[7] | 0;\n var bl7 = b7 & 0x1fff;\n var bh7 = b7 >>> 13;\n var b8 = b[8] | 0;\n var bl8 = b8 & 0x1fff;\n var bh8 = b8 >>> 13;\n var b9 = b[9] | 0;\n var bl9 = b9 & 0x1fff;\n var bh9 = b9 >>> 13;\n\n out.negative = self.negative ^ num.negative;\n out.length = 19;\n /* k = 0 */\n lo = Math.imul(al0, bl0);\n mid = Math.imul(al0, bh0);\n mid = (mid + Math.imul(ah0, bl0)) | 0;\n hi = Math.imul(ah0, bh0);\n var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;\n w0 &= 0x3ffffff;\n /* k = 1 */\n lo = Math.imul(al1, bl0);\n mid = Math.imul(al1, bh0);\n mid = (mid + Math.imul(ah1, bl0)) | 0;\n hi = Math.imul(ah1, bh0);\n lo = (lo + Math.imul(al0, bl1)) | 0;\n mid = (mid + Math.imul(al0, bh1)) | 0;\n mid = (mid + Math.imul(ah0, bl1)) | 0;\n hi = (hi + Math.imul(ah0, bh1)) | 0;\n var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;\n w1 &= 0x3ffffff;\n /* k = 2 */\n lo = Math.imul(al2, bl0);\n mid = Math.imul(al2, bh0);\n mid = (mid + Math.imul(ah2, bl0)) | 0;\n hi = Math.imul(ah2, bh0);\n lo = (lo + Math.imul(al1, bl1)) | 0;\n mid = (mid + Math.imul(al1, bh1)) | 0;\n mid = (mid + Math.imul(ah1, bl1)) | 0;\n hi = (hi + Math.imul(ah1, bh1)) | 0;\n lo = (lo + Math.imul(al0, bl2)) | 0;\n mid = (mid + Math.imul(al0, bh2)) | 0;\n mid = (mid + Math.imul(ah0, bl2)) | 0;\n hi = (hi + Math.imul(ah0, bh2)) | 0;\n var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;\n w2 &= 0x3ffffff;\n /* k = 3 */\n lo = Math.imul(al3, bl0);\n mid = Math.imul(al3, bh0);\n mid = (mid + Math.imul(ah3, bl0)) | 0;\n hi = Math.imul(ah3, bh0);\n lo = (lo + Math.imul(al2, bl1)) | 0;\n mid = (mid + Math.imul(al2, bh1)) | 0;\n mid = (mid + Math.imul(ah2, bl1)) | 0;\n hi = (hi + Math.imul(ah2, bh1)) | 0;\n lo = (lo + Math.imul(al1, bl2)) | 0;\n mid = (mid + Math.imul(al1, bh2)) | 0;\n mid = (mid + Math.imul(ah1, bl2)) | 0;\n hi = (hi + Math.imul(ah1, bh2)) | 0;\n lo = (lo + Math.imul(al0, bl3)) | 0;\n mid = (mid + Math.imul(al0, bh3)) | 0;\n mid = (mid + Math.imul(ah0, bl3)) | 0;\n hi = (hi + Math.imul(ah0, bh3)) | 0;\n var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;\n w3 &= 0x3ffffff;\n /* k = 4 */\n lo = Math.imul(al4, bl0);\n mid = Math.imul(al4, bh0);\n mid = (mid + Math.imul(ah4, bl0)) | 0;\n hi = Math.imul(ah4, bh0);\n lo = (lo + Math.imul(al3, bl1)) | 0;\n mid = (mid + Math.imul(al3, bh1)) | 0;\n mid = (mid + Math.imul(ah3, bl1)) | 0;\n hi = (hi + Math.imul(ah3, bh1)) | 0;\n lo = (lo + Math.imul(al2, bl2)) | 0;\n mid = (mid + Math.imul(al2, bh2)) | 0;\n mid = (mid + Math.imul(ah2, bl2)) | 0;\n hi = (hi + Math.imul(ah2, bh2)) | 0;\n lo = (lo + Math.imul(al1, bl3)) | 0;\n mid = (mid + Math.imul(al1, bh3)) | 0;\n mid = (mid + Math.imul(ah1, bl3)) | 0;\n hi = (hi + Math.imul(ah1, bh3)) | 0;\n lo = (lo + Math.imul(al0, bl4)) | 0;\n mid = (mid + Math.imul(al0, bh4)) | 0;\n mid = (mid + Math.imul(ah0, bl4)) | 0;\n hi = (hi + Math.imul(ah0, bh4)) | 0;\n var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;\n w4 &= 0x3ffffff;\n /* k = 5 */\n lo = Math.imul(al5, bl0);\n mid = Math.imul(al5, bh0);\n mid = (mid + Math.imul(ah5, bl0)) | 0;\n hi = Math.imul(ah5, bh0);\n lo = (lo + Math.imul(al4, bl1)) | 0;\n mid = (mid + Math.imul(al4, bh1)) | 0;\n mid = (mid + Math.imul(ah4, bl1)) | 0;\n hi = (hi + Math.imul(ah4, bh1)) | 0;\n lo = (lo + Math.imul(al3, bl2)) | 0;\n mid = (mid + Math.imul(al3, bh2)) | 0;\n mid = (mid + Math.imul(ah3, bl2)) | 0;\n hi = (hi + Math.imul(ah3, bh2)) | 0;\n lo = (lo + Math.imul(al2, bl3)) | 0;\n mid = (mid + Math.imul(al2, bh3)) | 0;\n mid = (mid + Math.imul(ah2, bl3)) | 0;\n hi = (hi + Math.imul(ah2, bh3)) | 0;\n lo = (lo + Math.imul(al1, bl4)) | 0;\n mid = (mid + Math.imul(al1, bh4)) | 0;\n mid = (mid + Math.imul(ah1, bl4)) | 0;\n hi = (hi + Math.imul(ah1, bh4)) | 0;\n lo = (lo + Math.imul(al0, bl5)) | 0;\n mid = (mid + Math.imul(al0, bh5)) | 0;\n mid = (mid + Math.imul(ah0, bl5)) | 0;\n hi = (hi + Math.imul(ah0, bh5)) | 0;\n var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;\n w5 &= 0x3ffffff;\n /* k = 6 */\n lo = Math.imul(al6, bl0);\n mid = Math.imul(al6, bh0);\n mid = (mid + Math.imul(ah6, bl0)) | 0;\n hi = Math.imul(ah6, bh0);\n lo = (lo + Math.imul(al5, bl1)) | 0;\n mid = (mid + Math.imul(al5, bh1)) | 0;\n mid = (mid + Math.imul(ah5, bl1)) | 0;\n hi = (hi + Math.imul(ah5, bh1)) | 0;\n lo = (lo + Math.imul(al4, bl2)) | 0;\n mid = (mid + Math.imul(al4, bh2)) | 0;\n mid = (mid + Math.imul(ah4, bl2)) | 0;\n hi = (hi + Math.imul(ah4, bh2)) | 0;\n lo = (lo + Math.imul(al3, bl3)) | 0;\n mid = (mid + Math.imul(al3, bh3)) | 0;\n mid = (mid + Math.imul(ah3, bl3)) | 0;\n hi = (hi + Math.imul(ah3, bh3)) | 0;\n lo = (lo + Math.imul(al2, bl4)) | 0;\n mid = (mid + Math.imul(al2, bh4)) | 0;\n mid = (mid + Math.imul(ah2, bl4)) | 0;\n hi = (hi + Math.imul(ah2, bh4)) | 0;\n lo = (lo + Math.imul(al1, bl5)) | 0;\n mid = (mid + Math.imul(al1, bh5)) | 0;\n mid = (mid + Math.imul(ah1, bl5)) | 0;\n hi = (hi + Math.imul(ah1, bh5)) | 0;\n lo = (lo + Math.imul(al0, bl6)) | 0;\n mid = (mid + Math.imul(al0, bh6)) | 0;\n mid = (mid + Math.imul(ah0, bl6)) | 0;\n hi = (hi + Math.imul(ah0, bh6)) | 0;\n var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;\n w6 &= 0x3ffffff;\n /* k = 7 */\n lo = Math.imul(al7, bl0);\n mid = Math.imul(al7, bh0);\n mid = (mid + Math.imul(ah7, bl0)) | 0;\n hi = Math.imul(ah7, bh0);\n lo = (lo + Math.imul(al6, bl1)) | 0;\n mid = (mid + Math.imul(al6, bh1)) | 0;\n mid = (mid + Math.imul(ah6, bl1)) | 0;\n hi = (hi + Math.imul(ah6, bh1)) | 0;\n lo = (lo + Math.imul(al5, bl2)) | 0;\n mid = (mid + Math.imul(al5, bh2)) | 0;\n mid = (mid + Math.imul(ah5, bl2)) | 0;\n hi = (hi + Math.imul(ah5, bh2)) | 0;\n lo = (lo + Math.imul(al4, bl3)) | 0;\n mid = (mid + Math.imul(al4, bh3)) | 0;\n mid = (mid + Math.imul(ah4, bl3)) | 0;\n hi = (hi + Math.imul(ah4, bh3)) | 0;\n lo = (lo + Math.imul(al3, bl4)) | 0;\n mid = (mid + Math.imul(al3, bh4)) | 0;\n mid = (mid + Math.imul(ah3, bl4)) | 0;\n hi = (hi + Math.imul(ah3, bh4)) | 0;\n lo = (lo + Math.imul(al2, bl5)) | 0;\n mid = (mid + Math.imul(al2, bh5)) | 0;\n mid = (mid + Math.imul(ah2, bl5)) | 0;\n hi = (hi + Math.imul(ah2, bh5)) | 0;\n lo = (lo + Math.imul(al1, bl6)) | 0;\n mid = (mid + Math.imul(al1, bh6)) | 0;\n mid = (mid + Math.imul(ah1, bl6)) | 0;\n hi = (hi + Math.imul(ah1, bh6)) | 0;\n lo = (lo + Math.imul(al0, bl7)) | 0;\n mid = (mid + Math.imul(al0, bh7)) | 0;\n mid = (mid + Math.imul(ah0, bl7)) | 0;\n hi = (hi + Math.imul(ah0, bh7)) | 0;\n var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;\n w7 &= 0x3ffffff;\n /* k = 8 */\n lo = Math.imul(al8, bl0);\n mid = Math.imul(al8, bh0);\n mid = (mid + Math.imul(ah8, bl0)) | 0;\n hi = Math.imul(ah8, bh0);\n lo = (lo + Math.imul(al7, bl1)) | 0;\n mid = (mid + Math.imul(al7, bh1)) | 0;\n mid = (mid + Math.imul(ah7, bl1)) | 0;\n hi = (hi + Math.imul(ah7, bh1)) | 0;\n lo = (lo + Math.imul(al6, bl2)) | 0;\n mid = (mid + Math.imul(al6, bh2)) | 0;\n mid = (mid + Math.imul(ah6, bl2)) | 0;\n hi = (hi + Math.imul(ah6, bh2)) | 0;\n lo = (lo + Math.imul(al5, bl3)) | 0;\n mid = (mid + Math.imul(al5, bh3)) | 0;\n mid = (mid + Math.imul(ah5, bl3)) | 0;\n hi = (hi + Math.imul(ah5, bh3)) | 0;\n lo = (lo + Math.imul(al4, bl4)) | 0;\n mid = (mid + Math.imul(al4, bh4)) | 0;\n mid = (mid + Math.imul(ah4, bl4)) | 0;\n hi = (hi + Math.imul(ah4, bh4)) | 0;\n lo = (lo + Math.imul(al3, bl5)) | 0;\n mid = (mid + Math.imul(al3, bh5)) | 0;\n mid = (mid + Math.imul(ah3, bl5)) | 0;\n hi = (hi + Math.imul(ah3, bh5)) | 0;\n lo = (lo + Math.imul(al2, bl6)) | 0;\n mid = (mid + Math.imul(al2, bh6)) | 0;\n mid = (mid + Math.imul(ah2, bl6)) | 0;\n hi = (hi + Math.imul(ah2, bh6)) | 0;\n lo = (lo + Math.imul(al1, bl7)) | 0;\n mid = (mid + Math.imul(al1, bh7)) | 0;\n mid = (mid + Math.imul(ah1, bl7)) | 0;\n hi = (hi + Math.imul(ah1, bh7)) | 0;\n lo = (lo + Math.imul(al0, bl8)) | 0;\n mid = (mid + Math.imul(al0, bh8)) | 0;\n mid = (mid + Math.imul(ah0, bl8)) | 0;\n hi = (hi + Math.imul(ah0, bh8)) | 0;\n var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;\n w8 &= 0x3ffffff;\n /* k = 9 */\n lo = Math.imul(al9, bl0);\n mid = Math.imul(al9, bh0);\n mid = (mid + Math.imul(ah9, bl0)) | 0;\n hi = Math.imul(ah9, bh0);\n lo = (lo + Math.imul(al8, bl1)) | 0;\n mid = (mid + Math.imul(al8, bh1)) | 0;\n mid = (mid + Math.imul(ah8, bl1)) | 0;\n hi = (hi + Math.imul(ah8, bh1)) | 0;\n lo = (lo + Math.imul(al7, bl2)) | 0;\n mid = (mid + Math.imul(al7, bh2)) | 0;\n mid = (mid + Math.imul(ah7, bl2)) | 0;\n hi = (hi + Math.imul(ah7, bh2)) | 0;\n lo = (lo + Math.imul(al6, bl3)) | 0;\n mid = (mid + Math.imul(al6, bh3)) | 0;\n mid = (mid + Math.imul(ah6, bl3)) | 0;\n hi = (hi + Math.imul(ah6, bh3)) | 0;\n lo = (lo + Math.imul(al5, bl4)) | 0;\n mid = (mid + Math.imul(al5, bh4)) | 0;\n mid = (mid + Math.imul(ah5, bl4)) | 0;\n hi = (hi + Math.imul(ah5, bh4)) | 0;\n lo = (lo + Math.imul(al4, bl5)) | 0;\n mid = (mid + Math.imul(al4, bh5)) | 0;\n mid = (mid + Math.imul(ah4, bl5)) | 0;\n hi = (hi + Math.imul(ah4, bh5)) | 0;\n lo = (lo + Math.imul(al3, bl6)) | 0;\n mid = (mid + Math.imul(al3, bh6)) | 0;\n mid = (mid + Math.imul(ah3, bl6)) | 0;\n hi = (hi + Math.imul(ah3, bh6)) | 0;\n lo = (lo + Math.imul(al2, bl7)) | 0;\n mid = (mid + Math.imul(al2, bh7)) | 0;\n mid = (mid + Math.imul(ah2, bl7)) | 0;\n hi = (hi + Math.imul(ah2, bh7)) | 0;\n lo = (lo + Math.imul(al1, bl8)) | 0;\n mid = (mid + Math.imul(al1, bh8)) | 0;\n mid = (mid + Math.imul(ah1, bl8)) | 0;\n hi = (hi + Math.imul(ah1, bh8)) | 0;\n lo = (lo + Math.imul(al0, bl9)) | 0;\n mid = (mid + Math.imul(al0, bh9)) | 0;\n mid = (mid + Math.imul(ah0, bl9)) | 0;\n hi = (hi + Math.imul(ah0, bh9)) | 0;\n var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;\n w9 &= 0x3ffffff;\n /* k = 10 */\n lo = Math.imul(al9, bl1);\n mid = Math.imul(al9, bh1);\n mid = (mid + Math.imul(ah9, bl1)) | 0;\n hi = Math.imul(ah9, bh1);\n lo = (lo + Math.imul(al8, bl2)) | 0;\n mid = (mid + Math.imul(al8, bh2)) | 0;\n mid = (mid + Math.imul(ah8, bl2)) | 0;\n hi = (hi + Math.imul(ah8, bh2)) | 0;\n lo = (lo + Math.imul(al7, bl3)) | 0;\n mid = (mid + Math.imul(al7, bh3)) | 0;\n mid = (mid + Math.imul(ah7, bl3)) | 0;\n hi = (hi + Math.imul(ah7, bh3)) | 0;\n lo = (lo + Math.imul(al6, bl4)) | 0;\n mid = (mid + Math.imul(al6, bh4)) | 0;\n mid = (mid + Math.imul(ah6, bl4)) | 0;\n hi = (hi + Math.imul(ah6, bh4)) | 0;\n lo = (lo + Math.imul(al5, bl5)) | 0;\n mid = (mid + Math.imul(al5, bh5)) | 0;\n mid = (mid + Math.imul(ah5, bl5)) | 0;\n hi = (hi + Math.imul(ah5, bh5)) | 0;\n lo = (lo + Math.imul(al4, bl6)) | 0;\n mid = (mid + Math.imul(al4, bh6)) | 0;\n mid = (mid + Math.imul(ah4, bl6)) | 0;\n hi = (hi + Math.imul(ah4, bh6)) | 0;\n lo = (lo + Math.imul(al3, bl7)) | 0;\n mid = (mid + Math.imul(al3, bh7)) | 0;\n mid = (mid + Math.imul(ah3, bl7)) | 0;\n hi = (hi + Math.imul(ah3, bh7)) | 0;\n lo = (lo + Math.imul(al2, bl8)) | 0;\n mid = (mid + Math.imul(al2, bh8)) | 0;\n mid = (mid + Math.imul(ah2, bl8)) | 0;\n hi = (hi + Math.imul(ah2, bh8)) | 0;\n lo = (lo + Math.imul(al1, bl9)) | 0;\n mid = (mid + Math.imul(al1, bh9)) | 0;\n mid = (mid + Math.imul(ah1, bl9)) | 0;\n hi = (hi + Math.imul(ah1, bh9)) | 0;\n var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;\n w10 &= 0x3ffffff;\n /* k = 11 */\n lo = Math.imul(al9, bl2);\n mid = Math.imul(al9, bh2);\n mid = (mid + Math.imul(ah9, bl2)) | 0;\n hi = Math.imul(ah9, bh2);\n lo = (lo + Math.imul(al8, bl3)) | 0;\n mid = (mid + Math.imul(al8, bh3)) | 0;\n mid = (mid + Math.imul(ah8, bl3)) | 0;\n hi = (hi + Math.imul(ah8, bh3)) | 0;\n lo = (lo + Math.imul(al7, bl4)) | 0;\n mid = (mid + Math.imul(al7, bh4)) | 0;\n mid = (mid + Math.imul(ah7, bl4)) | 0;\n hi = (hi + Math.imul(ah7, bh4)) | 0;\n lo = (lo + Math.imul(al6, bl5)) | 0;\n mid = (mid + Math.imul(al6, bh5)) | 0;\n mid = (mid + Math.imul(ah6, bl5)) | 0;\n hi = (hi + Math.imul(ah6, bh5)) | 0;\n lo = (lo + Math.imul(al5, bl6)) | 0;\n mid = (mid + Math.imul(al5, bh6)) | 0;\n mid = (mid + Math.imul(ah5, bl6)) | 0;\n hi = (hi + Math.imul(ah5, bh6)) | 0;\n lo = (lo + Math.imul(al4, bl7)) | 0;\n mid = (mid + Math.imul(al4, bh7)) | 0;\n mid = (mid + Math.imul(ah4, bl7)) | 0;\n hi = (hi + Math.imul(ah4, bh7)) | 0;\n lo = (lo + Math.imul(al3, bl8)) | 0;\n mid = (mid + Math.imul(al3, bh8)) | 0;\n mid = (mid + Math.imul(ah3, bl8)) | 0;\n hi = (hi + Math.imul(ah3, bh8)) | 0;\n lo = (lo + Math.imul(al2, bl9)) | 0;\n mid = (mid + Math.imul(al2, bh9)) | 0;\n mid = (mid + Math.imul(ah2, bl9)) | 0;\n hi = (hi + Math.imul(ah2, bh9)) | 0;\n var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;\n w11 &= 0x3ffffff;\n /* k = 12 */\n lo = Math.imul(al9, bl3);\n mid = Math.imul(al9, bh3);\n mid = (mid + Math.imul(ah9, bl3)) | 0;\n hi = Math.imul(ah9, bh3);\n lo = (lo + Math.imul(al8, bl4)) | 0;\n mid = (mid + Math.imul(al8, bh4)) | 0;\n mid = (mid + Math.imul(ah8, bl4)) | 0;\n hi = (hi + Math.imul(ah8, bh4)) | 0;\n lo = (lo + Math.imul(al7, bl5)) | 0;\n mid = (mid + Math.imul(al7, bh5)) | 0;\n mid = (mid + Math.imul(ah7, bl5)) | 0;\n hi = (hi + Math.imul(ah7, bh5)) | 0;\n lo = (lo + Math.imul(al6, bl6)) | 0;\n mid = (mid + Math.imul(al6, bh6)) | 0;\n mid = (mid + Math.imul(ah6, bl6)) | 0;\n hi = (hi + Math.imul(ah6, bh6)) | 0;\n lo = (lo + Math.imul(al5, bl7)) | 0;\n mid = (mid + Math.imul(al5, bh7)) | 0;\n mid = (mid + Math.imul(ah5, bl7)) | 0;\n hi = (hi + Math.imul(ah5, bh7)) | 0;\n lo = (lo + Math.imul(al4, bl8)) | 0;\n mid = (mid + Math.imul(al4, bh8)) | 0;\n mid = (mid + Math.imul(ah4, bl8)) | 0;\n hi = (hi + Math.imul(ah4, bh8)) | 0;\n lo = (lo + Math.imul(al3, bl9)) | 0;\n mid = (mid + Math.imul(al3, bh9)) | 0;\n mid = (mid + Math.imul(ah3, bl9)) | 0;\n hi = (hi + Math.imul(ah3, bh9)) | 0;\n var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;\n w12 &= 0x3ffffff;\n /* k = 13 */\n lo = Math.imul(al9, bl4);\n mid = Math.imul(al9, bh4);\n mid = (mid + Math.imul(ah9, bl4)) | 0;\n hi = Math.imul(ah9, bh4);\n lo = (lo + Math.imul(al8, bl5)) | 0;\n mid = (mid + Math.imul(al8, bh5)) | 0;\n mid = (mid + Math.imul(ah8, bl5)) | 0;\n hi = (hi + Math.imul(ah8, bh5)) | 0;\n lo = (lo + Math.imul(al7, bl6)) | 0;\n mid = (mid + Math.imul(al7, bh6)) | 0;\n mid = (mid + Math.imul(ah7, bl6)) | 0;\n hi = (hi + Math.imul(ah7, bh6)) | 0;\n lo = (lo + Math.imul(al6, bl7)) | 0;\n mid = (mid + Math.imul(al6, bh7)) | 0;\n mid = (mid + Math.imul(ah6, bl7)) | 0;\n hi = (hi + Math.imul(ah6, bh7)) | 0;\n lo = (lo + Math.imul(al5, bl8)) | 0;\n mid = (mid + Math.imul(al5, bh8)) | 0;\n mid = (mid + Math.imul(ah5, bl8)) | 0;\n hi = (hi + Math.imul(ah5, bh8)) | 0;\n lo = (lo + Math.imul(al4, bl9)) | 0;\n mid = (mid + Math.imul(al4, bh9)) | 0;\n mid = (mid + Math.imul(ah4, bl9)) | 0;\n hi = (hi + Math.imul(ah4, bh9)) | 0;\n var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;\n w13 &= 0x3ffffff;\n /* k = 14 */\n lo = Math.imul(al9, bl5);\n mid = Math.imul(al9, bh5);\n mid = (mid + Math.imul(ah9, bl5)) | 0;\n hi = Math.imul(ah9, bh5);\n lo = (lo + Math.imul(al8, bl6)) | 0;\n mid = (mid + Math.imul(al8, bh6)) | 0;\n mid = (mid + Math.imul(ah8, bl6)) | 0;\n hi = (hi + Math.imul(ah8, bh6)) | 0;\n lo = (lo + Math.imul(al7, bl7)) | 0;\n mid = (mid + Math.imul(al7, bh7)) | 0;\n mid = (mid + Math.imul(ah7, bl7)) | 0;\n hi = (hi + Math.imul(ah7, bh7)) | 0;\n lo = (lo + Math.imul(al6, bl8)) | 0;\n mid = (mid + Math.imul(al6, bh8)) | 0;\n mid = (mid + Math.imul(ah6, bl8)) | 0;\n hi = (hi + Math.imul(ah6, bh8)) | 0;\n lo = (lo + Math.imul(al5, bl9)) | 0;\n mid = (mid + Math.imul(al5, bh9)) | 0;\n mid = (mid + Math.imul(ah5, bl9)) | 0;\n hi = (hi + Math.imul(ah5, bh9)) | 0;\n var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;\n w14 &= 0x3ffffff;\n /* k = 15 */\n lo = Math.imul(al9, bl6);\n mid = Math.imul(al9, bh6);\n mid = (mid + Math.imul(ah9, bl6)) | 0;\n hi = Math.imul(ah9, bh6);\n lo = (lo + Math.imul(al8, bl7)) | 0;\n mid = (mid + Math.imul(al8, bh7)) | 0;\n mid = (mid + Math.imul(ah8, bl7)) | 0;\n hi = (hi + Math.imul(ah8, bh7)) | 0;\n lo = (lo + Math.imul(al7, bl8)) | 0;\n mid = (mid + Math.imul(al7, bh8)) | 0;\n mid = (mid + Math.imul(ah7, bl8)) | 0;\n hi = (hi + Math.imul(ah7, bh8)) | 0;\n lo = (lo + Math.imul(al6, bl9)) | 0;\n mid = (mid + Math.imul(al6, bh9)) | 0;\n mid = (mid + Math.imul(ah6, bl9)) | 0;\n hi = (hi + Math.imul(ah6, bh9)) | 0;\n var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;\n w15 &= 0x3ffffff;\n /* k = 16 */\n lo = Math.imul(al9, bl7);\n mid = Math.imul(al9, bh7);\n mid = (mid + Math.imul(ah9, bl7)) | 0;\n hi = Math.imul(ah9, bh7);\n lo = (lo + Math.imul(al8, bl8)) | 0;\n mid = (mid + Math.imul(al8, bh8)) | 0;\n mid = (mid + Math.imul(ah8, bl8)) | 0;\n hi = (hi + Math.imul(ah8, bh8)) | 0;\n lo = (lo + Math.imul(al7, bl9)) | 0;\n mid = (mid + Math.imul(al7, bh9)) | 0;\n mid = (mid + Math.imul(ah7, bl9)) | 0;\n hi = (hi + Math.imul(ah7, bh9)) | 0;\n var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;\n w16 &= 0x3ffffff;\n /* k = 17 */\n lo = Math.imul(al9, bl8);\n mid = Math.imul(al9, bh8);\n mid = (mid + Math.imul(ah9, bl8)) | 0;\n hi = Math.imul(ah9, bh8);\n lo = (lo + Math.imul(al8, bl9)) | 0;\n mid = (mid + Math.imul(al8, bh9)) | 0;\n mid = (mid + Math.imul(ah8, bl9)) | 0;\n hi = (hi + Math.imul(ah8, bh9)) | 0;\n var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;\n w17 &= 0x3ffffff;\n /* k = 18 */\n lo = Math.imul(al9, bl9);\n mid = Math.imul(al9, bh9);\n mid = (mid + Math.imul(ah9, bl9)) | 0;\n hi = Math.imul(ah9, bh9);\n var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;\n w18 &= 0x3ffffff;\n o[0] = w0;\n o[1] = w1;\n o[2] = w2;\n o[3] = w3;\n o[4] = w4;\n o[5] = w5;\n o[6] = w6;\n o[7] = w7;\n o[8] = w8;\n o[9] = w9;\n o[10] = w10;\n o[11] = w11;\n o[12] = w12;\n o[13] = w13;\n o[14] = w14;\n o[15] = w15;\n o[16] = w16;\n o[17] = w17;\n o[18] = w18;\n if (c !== 0) {\n o[19] = c;\n out.length++;\n }\n return out;\n };\n\n // Polyfill comb\n if (!Math.imul) {\n comb10MulTo = smallMulTo;\n }\n\n function bigMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n out.length = self.length + num.length;\n\n var carry = 0;\n var hncarry = 0;\n for (var k = 0; k < out.length - 1; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = hncarry;\n hncarry = 0;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = k - j;\n var a = self.words[i] | 0;\n var b = num.words[j] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;\n lo = (lo + rword) | 0;\n rword = lo & 0x3ffffff;\n ncarry = (ncarry + (lo >>> 26)) | 0;\n\n hncarry += ncarry >>> 26;\n ncarry &= 0x3ffffff;\n }\n out.words[k] = rword;\n carry = ncarry;\n ncarry = hncarry;\n }\n if (carry !== 0) {\n out.words[k] = carry;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n function jumboMulTo (self, num, out) {\n var fftm = new FFTM();\n return fftm.mulp(self, num, out);\n }\n\n BN.prototype.mulTo = function mulTo (num, out) {\n var res;\n var len = this.length + num.length;\n if (this.length === 10 && num.length === 10) {\n res = comb10MulTo(this, num, out);\n } else if (len < 63) {\n res = smallMulTo(this, num, out);\n } else if (len < 1024) {\n res = bigMulTo(this, num, out);\n } else {\n res = jumboMulTo(this, num, out);\n }\n\n return res;\n };\n\n // Cooley-Tukey algorithm for FFT\n // slightly revisited to rely on looping instead of recursion\n\n function FFTM (x, y) {\n this.x = x;\n this.y = y;\n }\n\n FFTM.prototype.makeRBT = function makeRBT (N) {\n var t = new Array(N);\n var l = BN.prototype._countBits(N) - 1;\n for (var i = 0; i < N; i++) {\n t[i] = this.revBin(i, l, N);\n }\n\n return t;\n };\n\n // Returns binary-reversed representation of `x`\n FFTM.prototype.revBin = function revBin (x, l, N) {\n if (x === 0 || x === N - 1) return x;\n\n var rb = 0;\n for (var i = 0; i < l; i++) {\n rb |= (x & 1) << (l - i - 1);\n x >>= 1;\n }\n\n return rb;\n };\n\n // Performs \"tweedling\" phase, therefore 'emulating'\n // behaviour of the recursive algorithm\n FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {\n for (var i = 0; i < N; i++) {\n rtws[i] = rws[rbt[i]];\n itws[i] = iws[rbt[i]];\n }\n };\n\n FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {\n this.permute(rbt, rws, iws, rtws, itws, N);\n\n for (var s = 1; s < N; s <<= 1) {\n var l = s << 1;\n\n var rtwdf = Math.cos(2 * Math.PI / l);\n var itwdf = Math.sin(2 * Math.PI / l);\n\n for (var p = 0; p < N; p += l) {\n var rtwdf_ = rtwdf;\n var itwdf_ = itwdf;\n\n for (var j = 0; j < s; j++) {\n var re = rtws[p + j];\n var ie = itws[p + j];\n\n var ro = rtws[p + j + s];\n var io = itws[p + j + s];\n\n var rx = rtwdf_ * ro - itwdf_ * io;\n\n io = rtwdf_ * io + itwdf_ * ro;\n ro = rx;\n\n rtws[p + j] = re + ro;\n itws[p + j] = ie + io;\n\n rtws[p + j + s] = re - ro;\n itws[p + j + s] = ie - io;\n\n /* jshint maxdepth : false */\n if (j !== l) {\n rx = rtwdf * rtwdf_ - itwdf * itwdf_;\n\n itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;\n rtwdf_ = rx;\n }\n }\n }\n }\n };\n\n FFTM.prototype.guessLen13b = function guessLen13b (n, m) {\n var N = Math.max(m, n) | 1;\n var odd = N & 1;\n var i = 0;\n for (N = N / 2 | 0; N; N = N >>> 1) {\n i++;\n }\n\n return 1 << i + 1 + odd;\n };\n\n FFTM.prototype.conjugate = function conjugate (rws, iws, N) {\n if (N <= 1) return;\n\n for (var i = 0; i < N / 2; i++) {\n var t = rws[i];\n\n rws[i] = rws[N - i - 1];\n rws[N - i - 1] = t;\n\n t = iws[i];\n\n iws[i] = -iws[N - i - 1];\n iws[N - i - 1] = -t;\n }\n };\n\n FFTM.prototype.normalize13b = function normalize13b (ws, N) {\n var carry = 0;\n for (var i = 0; i < N / 2; i++) {\n var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +\n Math.round(ws[2 * i] / N) +\n carry;\n\n ws[i] = w & 0x3ffffff;\n\n if (w < 0x4000000) {\n carry = 0;\n } else {\n carry = w / 0x4000000 | 0;\n }\n }\n\n return ws;\n };\n\n FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {\n var carry = 0;\n for (var i = 0; i < len; i++) {\n carry = carry + (ws[i] | 0);\n\n rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;\n rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;\n }\n\n // Pad with zeroes\n for (i = 2 * len; i < N; ++i) {\n rws[i] = 0;\n }\n\n assert(carry === 0);\n assert((carry & ~0x1fff) === 0);\n };\n\n FFTM.prototype.stub = function stub (N) {\n var ph = new Array(N);\n for (var i = 0; i < N; i++) {\n ph[i] = 0;\n }\n\n return ph;\n };\n\n FFTM.prototype.mulp = function mulp (x, y, out) {\n var N = 2 * this.guessLen13b(x.length, y.length);\n\n var rbt = this.makeRBT(N);\n\n var _ = this.stub(N);\n\n var rws = new Array(N);\n var rwst = new Array(N);\n var iwst = new Array(N);\n\n var nrws = new Array(N);\n var nrwst = new Array(N);\n var niwst = new Array(N);\n\n var rmws = out.words;\n rmws.length = N;\n\n this.convert13b(x.words, x.length, rws, N);\n this.convert13b(y.words, y.length, nrws, N);\n\n this.transform(rws, _, rwst, iwst, N, rbt);\n this.transform(nrws, _, nrwst, niwst, N, rbt);\n\n for (var i = 0; i < N; i++) {\n var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];\n iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];\n rwst[i] = rx;\n }\n\n this.conjugate(rwst, iwst, N);\n this.transform(rwst, iwst, rmws, _, N, rbt);\n this.conjugate(rmws, _, N);\n this.normalize13b(rmws, N);\n\n out.negative = x.negative ^ y.negative;\n out.length = x.length + y.length;\n return out.strip();\n };\n\n // Multiply `this` by `num`\n BN.prototype.mul = function mul (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return this.mulTo(num, out);\n };\n\n // Multiply employing FFT\n BN.prototype.mulf = function mulf (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return jumboMulTo(this, num, out);\n };\n\n // In-place Multiplication\n BN.prototype.imul = function imul (num) {\n return this.clone().mulTo(num, this);\n };\n\n BN.prototype.imuln = function imuln (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n\n // Carry\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = (this.words[i] | 0) * num;\n var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);\n carry >>= 26;\n carry += (w / 0x4000000) | 0;\n // NOTE: lo is 27bit maximum\n carry += lo >>> 26;\n this.words[i] = lo & 0x3ffffff;\n }\n\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n\n return this;\n };\n\n BN.prototype.muln = function muln (num) {\n return this.clone().imuln(num);\n };\n\n // `this` * `this`\n BN.prototype.sqr = function sqr () {\n return this.mul(this);\n };\n\n // `this` * `this` in-place\n BN.prototype.isqr = function isqr () {\n return this.imul(this.clone());\n };\n\n // Math.pow(`this`, `num`)\n BN.prototype.pow = function pow (num) {\n var w = toBitArray(num);\n if (w.length === 0) return new BN(1);\n\n // Skip leading zeroes\n var res = this;\n for (var i = 0; i < w.length; i++, res = res.sqr()) {\n if (w[i] !== 0) break;\n }\n\n if (++i < w.length) {\n for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {\n if (w[i] === 0) continue;\n\n res = res.mul(q);\n }\n }\n\n return res;\n };\n\n // Shift-left in-place\n BN.prototype.iushln = function iushln (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);\n var i;\n\n if (r !== 0) {\n var carry = 0;\n\n for (i = 0; i < this.length; i++) {\n var newCarry = this.words[i] & carryMask;\n var c = ((this.words[i] | 0) - newCarry) << r;\n this.words[i] = c | carry;\n carry = newCarry >>> (26 - r);\n }\n\n if (carry) {\n this.words[i] = carry;\n this.length++;\n }\n }\n\n if (s !== 0) {\n for (i = this.length - 1; i >= 0; i--) {\n this.words[i + s] = this.words[i];\n }\n\n for (i = 0; i < s; i++) {\n this.words[i] = 0;\n }\n\n this.length += s;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishln = function ishln (bits) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushln(bits);\n };\n\n // Shift-right in-place\n // NOTE: `hint` is a lowest bit before trailing zeroes\n // NOTE: if `extended` is present - it will be filled with destroyed bits\n BN.prototype.iushrn = function iushrn (bits, hint, extended) {\n assert(typeof bits === 'number' && bits >= 0);\n var h;\n if (hint) {\n h = (hint - (hint % 26)) / 26;\n } else {\n h = 0;\n }\n\n var r = bits % 26;\n var s = Math.min((bits - r) / 26, this.length);\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n var maskedWords = extended;\n\n h -= s;\n h = Math.max(0, h);\n\n // Extended mode, copy masked part\n if (maskedWords) {\n for (var i = 0; i < s; i++) {\n maskedWords.words[i] = this.words[i];\n }\n maskedWords.length = s;\n }\n\n if (s === 0) {\n // No-op, we should not move anything at all\n } else if (this.length > s) {\n this.length -= s;\n for (i = 0; i < this.length; i++) {\n this.words[i] = this.words[i + s];\n }\n } else {\n this.words[0] = 0;\n this.length = 1;\n }\n\n var carry = 0;\n for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {\n var word = this.words[i] | 0;\n this.words[i] = (carry << (26 - r)) | (word >>> r);\n carry = word & mask;\n }\n\n // Push carried bits as a mask\n if (maskedWords && carry !== 0) {\n maskedWords.words[maskedWords.length++] = carry;\n }\n\n if (this.length === 0) {\n this.words[0] = 0;\n this.length = 1;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishrn = function ishrn (bits, hint, extended) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushrn(bits, hint, extended);\n };\n\n // Shift-left\n BN.prototype.shln = function shln (bits) {\n return this.clone().ishln(bits);\n };\n\n BN.prototype.ushln = function ushln (bits) {\n return this.clone().iushln(bits);\n };\n\n // Shift-right\n BN.prototype.shrn = function shrn (bits) {\n return this.clone().ishrn(bits);\n };\n\n BN.prototype.ushrn = function ushrn (bits) {\n return this.clone().iushrn(bits);\n };\n\n // Test if n bit is set\n BN.prototype.testn = function testn (bit) {\n assert(typeof bit === 'number' && bit >= 0);\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) return false;\n\n // Check bit and return\n var w = this.words[s];\n\n return !!(w & q);\n };\n\n // Return only lowers bits of number (in-place)\n BN.prototype.imaskn = function imaskn (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n\n assert(this.negative === 0, 'imaskn works only with positive numbers');\n\n if (this.length <= s) {\n return this;\n }\n\n if (r !== 0) {\n s++;\n }\n this.length = Math.min(s, this.length);\n\n if (r !== 0) {\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n this.words[this.length - 1] &= mask;\n }\n\n return this.strip();\n };\n\n // Return only lowers bits of number\n BN.prototype.maskn = function maskn (bits) {\n return this.clone().imaskn(bits);\n };\n\n // Add plain number `num` to `this`\n BN.prototype.iaddn = function iaddn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.isubn(-num);\n\n // Possible sign change\n if (this.negative !== 0) {\n if (this.length === 1 && (this.words[0] | 0) < num) {\n this.words[0] = num - (this.words[0] | 0);\n this.negative = 0;\n return this;\n }\n\n this.negative = 0;\n this.isubn(num);\n this.negative = 1;\n return this;\n }\n\n // Add without checks\n return this._iaddn(num);\n };\n\n BN.prototype._iaddn = function _iaddn (num) {\n this.words[0] += num;\n\n // Carry\n for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {\n this.words[i] -= 0x4000000;\n if (i === this.length - 1) {\n this.words[i + 1] = 1;\n } else {\n this.words[i + 1]++;\n }\n }\n this.length = Math.max(this.length, i + 1);\n\n return this;\n };\n\n // Subtract plain number `num` from `this`\n BN.prototype.isubn = function isubn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.iaddn(-num);\n\n if (this.negative !== 0) {\n this.negative = 0;\n this.iaddn(num);\n this.negative = 1;\n return this;\n }\n\n this.words[0] -= num;\n\n if (this.length === 1 && this.words[0] < 0) {\n this.words[0] = -this.words[0];\n this.negative = 1;\n } else {\n // Carry\n for (var i = 0; i < this.length && this.words[i] < 0; i++) {\n this.words[i] += 0x4000000;\n this.words[i + 1] -= 1;\n }\n }\n\n return this.strip();\n };\n\n BN.prototype.addn = function addn (num) {\n return this.clone().iaddn(num);\n };\n\n BN.prototype.subn = function subn (num) {\n return this.clone().isubn(num);\n };\n\n BN.prototype.iabs = function iabs () {\n this.negative = 0;\n\n return this;\n };\n\n BN.prototype.abs = function abs () {\n return this.clone().iabs();\n };\n\n BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {\n var len = num.length + shift;\n var i;\n\n this._expand(len);\n\n var w;\n var carry = 0;\n for (i = 0; i < num.length; i++) {\n w = (this.words[i + shift] | 0) + carry;\n var right = (num.words[i] | 0) * mul;\n w -= right & 0x3ffffff;\n carry = (w >> 26) - ((right / 0x4000000) | 0);\n this.words[i + shift] = w & 0x3ffffff;\n }\n for (; i < this.length - shift; i++) {\n w = (this.words[i + shift] | 0) + carry;\n carry = w >> 26;\n this.words[i + shift] = w & 0x3ffffff;\n }\n\n if (carry === 0) return this.strip();\n\n // Subtraction overflow\n assert(carry === -1);\n carry = 0;\n for (i = 0; i < this.length; i++) {\n w = -(this.words[i] | 0) + carry;\n carry = w >> 26;\n this.words[i] = w & 0x3ffffff;\n }\n this.negative = 1;\n\n return this.strip();\n };\n\n BN.prototype._wordDiv = function _wordDiv (num, mode) {\n var shift = this.length - num.length;\n\n var a = this.clone();\n var b = num;\n\n // Normalize\n var bhi = b.words[b.length - 1] | 0;\n var bhiBits = this._countBits(bhi);\n shift = 26 - bhiBits;\n if (shift !== 0) {\n b = b.ushln(shift);\n a.iushln(shift);\n bhi = b.words[b.length - 1] | 0;\n }\n\n // Initialize quotient\n var m = a.length - b.length;\n var q;\n\n if (mode !== 'mod') {\n q = new BN(null);\n q.length = m + 1;\n q.words = new Array(q.length);\n for (var i = 0; i < q.length; i++) {\n q.words[i] = 0;\n }\n }\n\n var diff = a.clone()._ishlnsubmul(b, 1, m);\n if (diff.negative === 0) {\n a = diff;\n if (q) {\n q.words[m] = 1;\n }\n }\n\n for (var j = m - 1; j >= 0; j--) {\n var qj = (a.words[b.length + j] | 0) * 0x4000000 +\n (a.words[b.length + j - 1] | 0);\n\n // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max\n // (0x7ffffff)\n qj = Math.min((qj / bhi) | 0, 0x3ffffff);\n\n a._ishlnsubmul(b, qj, j);\n while (a.negative !== 0) {\n qj--;\n a.negative = 0;\n a._ishlnsubmul(b, 1, j);\n if (!a.isZero()) {\n a.negative ^= 1;\n }\n }\n if (q) {\n q.words[j] = qj;\n }\n }\n if (q) {\n q.strip();\n }\n a.strip();\n\n // Denormalize\n if (mode !== 'div' && shift !== 0) {\n a.iushrn(shift);\n }\n\n return {\n div: q || null,\n mod: a\n };\n };\n\n // NOTE: 1) `mode` can be set to `mod` to request mod only,\n // to `div` to request div only, or be absent to\n // request both div & mod\n // 2) `positive` is true if unsigned mod is requested\n BN.prototype.divmod = function divmod (num, mode, positive) {\n assert(!num.isZero());\n\n if (this.isZero()) {\n return {\n div: new BN(0),\n mod: new BN(0)\n };\n }\n\n var div, mod, res;\n if (this.negative !== 0 && num.negative === 0) {\n res = this.neg().divmod(num, mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.iadd(num);\n }\n }\n\n return {\n div: div,\n mod: mod\n };\n }\n\n if (this.negative === 0 && num.negative !== 0) {\n res = this.divmod(num.neg(), mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n return {\n div: div,\n mod: res.mod\n };\n }\n\n if ((this.negative & num.negative) !== 0) {\n res = this.neg().divmod(num.neg(), mode);\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.isub(num);\n }\n }\n\n return {\n div: res.div,\n mod: mod\n };\n }\n\n // Both numbers are positive at this point\n\n // Strip both numbers to approximate shift value\n if (num.length > this.length || this.cmp(num) < 0) {\n return {\n div: new BN(0),\n mod: this\n };\n }\n\n // Very short reduction\n if (num.length === 1) {\n if (mode === 'div') {\n return {\n div: this.divn(num.words[0]),\n mod: null\n };\n }\n\n if (mode === 'mod') {\n return {\n div: null,\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return {\n div: this.divn(num.words[0]),\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return this._wordDiv(num, mode);\n };\n\n // Find `this` / `num`\n BN.prototype.div = function div (num) {\n return this.divmod(num, 'div', false).div;\n };\n\n // Find `this` % `num`\n BN.prototype.mod = function mod (num) {\n return this.divmod(num, 'mod', false).mod;\n };\n\n BN.prototype.umod = function umod (num) {\n return this.divmod(num, 'mod', true).mod;\n };\n\n // Find Round(`this` / `num`)\n BN.prototype.divRound = function divRound (num) {\n var dm = this.divmod(num);\n\n // Fast case - exact division\n if (dm.mod.isZero()) return dm.div;\n\n var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;\n\n var half = num.ushrn(1);\n var r2 = num.andln(1);\n var cmp = mod.cmp(half);\n\n // Round down\n if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;\n\n // Round up\n return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);\n };\n\n BN.prototype.modn = function modn (num) {\n assert(num <= 0x3ffffff);\n var p = (1 << 26) % num;\n\n var acc = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n acc = (p * acc + (this.words[i] | 0)) % num;\n }\n\n return acc;\n };\n\n // In-place division by number\n BN.prototype.idivn = function idivn (num) {\n assert(num <= 0x3ffffff);\n\n var carry = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var w = (this.words[i] | 0) + carry * 0x4000000;\n this.words[i] = (w / num) | 0;\n carry = w % num;\n }\n\n return this.strip();\n };\n\n BN.prototype.divn = function divn (num) {\n return this.clone().idivn(num);\n };\n\n BN.prototype.egcd = function egcd (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var x = this;\n var y = p.clone();\n\n if (x.negative !== 0) {\n x = x.umod(p);\n } else {\n x = x.clone();\n }\n\n // A * x + B * y = x\n var A = new BN(1);\n var B = new BN(0);\n\n // C * x + D * y = y\n var C = new BN(0);\n var D = new BN(1);\n\n var g = 0;\n\n while (x.isEven() && y.isEven()) {\n x.iushrn(1);\n y.iushrn(1);\n ++g;\n }\n\n var yp = y.clone();\n var xp = x.clone();\n\n while (!x.isZero()) {\n for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n x.iushrn(i);\n while (i-- > 0) {\n if (A.isOdd() || B.isOdd()) {\n A.iadd(yp);\n B.isub(xp);\n }\n\n A.iushrn(1);\n B.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n y.iushrn(j);\n while (j-- > 0) {\n if (C.isOdd() || D.isOdd()) {\n C.iadd(yp);\n D.isub(xp);\n }\n\n C.iushrn(1);\n D.iushrn(1);\n }\n }\n\n if (x.cmp(y) >= 0) {\n x.isub(y);\n A.isub(C);\n B.isub(D);\n } else {\n y.isub(x);\n C.isub(A);\n D.isub(B);\n }\n }\n\n return {\n a: C,\n b: D,\n gcd: y.iushln(g)\n };\n };\n\n // This is reduced incarnation of the binary EEA\n // above, designated to invert members of the\n // _prime_ fields F(p) at a maximal speed\n BN.prototype._invmp = function _invmp (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var a = this;\n var b = p.clone();\n\n if (a.negative !== 0) {\n a = a.umod(p);\n } else {\n a = a.clone();\n }\n\n var x1 = new BN(1);\n var x2 = new BN(0);\n\n var delta = b.clone();\n\n while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {\n for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n a.iushrn(i);\n while (i-- > 0) {\n if (x1.isOdd()) {\n x1.iadd(delta);\n }\n\n x1.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n b.iushrn(j);\n while (j-- > 0) {\n if (x2.isOdd()) {\n x2.iadd(delta);\n }\n\n x2.iushrn(1);\n }\n }\n\n if (a.cmp(b) >= 0) {\n a.isub(b);\n x1.isub(x2);\n } else {\n b.isub(a);\n x2.isub(x1);\n }\n }\n\n var res;\n if (a.cmpn(1) === 0) {\n res = x1;\n } else {\n res = x2;\n }\n\n if (res.cmpn(0) < 0) {\n res.iadd(p);\n }\n\n return res;\n };\n\n BN.prototype.gcd = function gcd (num) {\n if (this.isZero()) return num.abs();\n if (num.isZero()) return this.abs();\n\n var a = this.clone();\n var b = num.clone();\n a.negative = 0;\n b.negative = 0;\n\n // Remove common factor of two\n for (var shift = 0; a.isEven() && b.isEven(); shift++) {\n a.iushrn(1);\n b.iushrn(1);\n }\n\n do {\n while (a.isEven()) {\n a.iushrn(1);\n }\n while (b.isEven()) {\n b.iushrn(1);\n }\n\n var r = a.cmp(b);\n if (r < 0) {\n // Swap `a` and `b` to make `a` always bigger than `b`\n var t = a;\n a = b;\n b = t;\n } else if (r === 0 || b.cmpn(1) === 0) {\n break;\n }\n\n a.isub(b);\n } while (true);\n\n return b.iushln(shift);\n };\n\n // Invert number in the field F(num)\n BN.prototype.invm = function invm (num) {\n return this.egcd(num).a.umod(num);\n };\n\n BN.prototype.isEven = function isEven () {\n return (this.words[0] & 1) === 0;\n };\n\n BN.prototype.isOdd = function isOdd () {\n return (this.words[0] & 1) === 1;\n };\n\n // And first word and num\n BN.prototype.andln = function andln (num) {\n return this.words[0] & num;\n };\n\n // Increment at the bit position in-line\n BN.prototype.bincn = function bincn (bit) {\n assert(typeof bit === 'number');\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) {\n this._expand(s + 1);\n this.words[s] |= q;\n return this;\n }\n\n // Add bit and propagate, if needed\n var carry = q;\n for (var i = s; carry !== 0 && i < this.length; i++) {\n var w = this.words[i] | 0;\n w += carry;\n carry = w >>> 26;\n w &= 0x3ffffff;\n this.words[i] = w;\n }\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n return this;\n };\n\n BN.prototype.isZero = function isZero () {\n return this.length === 1 && this.words[0] === 0;\n };\n\n BN.prototype.cmpn = function cmpn (num) {\n var negative = num < 0;\n\n if (this.negative !== 0 && !negative) return -1;\n if (this.negative === 0 && negative) return 1;\n\n this.strip();\n\n var res;\n if (this.length > 1) {\n res = 1;\n } else {\n if (negative) {\n num = -num;\n }\n\n assert(num <= 0x3ffffff, 'Number is too big');\n\n var w = this.words[0] | 0;\n res = w === num ? 0 : w < num ? -1 : 1;\n }\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Compare two numbers and return:\n // 1 - if `this` > `num`\n // 0 - if `this` == `num`\n // -1 - if `this` < `num`\n BN.prototype.cmp = function cmp (num) {\n if (this.negative !== 0 && num.negative === 0) return -1;\n if (this.negative === 0 && num.negative !== 0) return 1;\n\n var res = this.ucmp(num);\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Unsigned comparison\n BN.prototype.ucmp = function ucmp (num) {\n // At this point both numbers have the same sign\n if (this.length > num.length) return 1;\n if (this.length < num.length) return -1;\n\n var res = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var a = this.words[i] | 0;\n var b = num.words[i] | 0;\n\n if (a === b) continue;\n if (a < b) {\n res = -1;\n } else if (a > b) {\n res = 1;\n }\n break;\n }\n return res;\n };\n\n BN.prototype.gtn = function gtn (num) {\n return this.cmpn(num) === 1;\n };\n\n BN.prototype.gt = function gt (num) {\n return this.cmp(num) === 1;\n };\n\n BN.prototype.gten = function gten (num) {\n return this.cmpn(num) >= 0;\n };\n\n BN.prototype.gte = function gte (num) {\n return this.cmp(num) >= 0;\n };\n\n BN.prototype.ltn = function ltn (num) {\n return this.cmpn(num) === -1;\n };\n\n BN.prototype.lt = function lt (num) {\n return this.cmp(num) === -1;\n };\n\n BN.prototype.lten = function lten (num) {\n return this.cmpn(num) <= 0;\n };\n\n BN.prototype.lte = function lte (num) {\n return this.cmp(num) <= 0;\n };\n\n BN.prototype.eqn = function eqn (num) {\n return this.cmpn(num) === 0;\n };\n\n BN.prototype.eq = function eq (num) {\n return this.cmp(num) === 0;\n };\n\n //\n // A reduce context, could be using montgomery or something better, depending\n // on the `m` itself.\n //\n BN.red = function red (num) {\n return new Red(num);\n };\n\n BN.prototype.toRed = function toRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n assert(this.negative === 0, 'red works only with positives');\n return ctx.convertTo(this)._forceRed(ctx);\n };\n\n BN.prototype.fromRed = function fromRed () {\n assert(this.red, 'fromRed works only with numbers in reduction context');\n return this.red.convertFrom(this);\n };\n\n BN.prototype._forceRed = function _forceRed (ctx) {\n this.red = ctx;\n return this;\n };\n\n BN.prototype.forceRed = function forceRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n return this._forceRed(ctx);\n };\n\n BN.prototype.redAdd = function redAdd (num) {\n assert(this.red, 'redAdd works only with red numbers');\n return this.red.add(this, num);\n };\n\n BN.prototype.redIAdd = function redIAdd (num) {\n assert(this.red, 'redIAdd works only with red numbers');\n return this.red.iadd(this, num);\n };\n\n BN.prototype.redSub = function redSub (num) {\n assert(this.red, 'redSub works only with red numbers');\n return this.red.sub(this, num);\n };\n\n BN.prototype.redISub = function redISub (num) {\n assert(this.red, 'redISub works only with red numbers');\n return this.red.isub(this, num);\n };\n\n BN.prototype.redShl = function redShl (num) {\n assert(this.red, 'redShl works only with red numbers');\n return this.red.shl(this, num);\n };\n\n BN.prototype.redMul = function redMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.mul(this, num);\n };\n\n BN.prototype.redIMul = function redIMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.imul(this, num);\n };\n\n BN.prototype.redSqr = function redSqr () {\n assert(this.red, 'redSqr works only with red numbers');\n this.red._verify1(this);\n return this.red.sqr(this);\n };\n\n BN.prototype.redISqr = function redISqr () {\n assert(this.red, 'redISqr works only with red numbers');\n this.red._verify1(this);\n return this.red.isqr(this);\n };\n\n // Square root over p\n BN.prototype.redSqrt = function redSqrt () {\n assert(this.red, 'redSqrt works only with red numbers');\n this.red._verify1(this);\n return this.red.sqrt(this);\n };\n\n BN.prototype.redInvm = function redInvm () {\n assert(this.red, 'redInvm works only with red numbers');\n this.red._verify1(this);\n return this.red.invm(this);\n };\n\n // Return negative clone of `this` % `red modulo`\n BN.prototype.redNeg = function redNeg () {\n assert(this.red, 'redNeg works only with red numbers');\n this.red._verify1(this);\n return this.red.neg(this);\n };\n\n BN.prototype.redPow = function redPow (num) {\n assert(this.red && !num.red, 'redPow(normalNum)');\n this.red._verify1(this);\n return this.red.pow(this, num);\n };\n\n // Prime numbers with efficient reduction\n var primes = {\n k256: null,\n p224: null,\n p192: null,\n p25519: null\n };\n\n // Pseudo-Mersenne prime\n function MPrime (name, p) {\n // P = 2 ^ N - K\n this.name = name;\n this.p = new BN(p, 16);\n this.n = this.p.bitLength();\n this.k = new BN(1).iushln(this.n).isub(this.p);\n\n this.tmp = this._tmp();\n }\n\n MPrime.prototype._tmp = function _tmp () {\n var tmp = new BN(null);\n tmp.words = new Array(Math.ceil(this.n / 13));\n return tmp;\n };\n\n MPrime.prototype.ireduce = function ireduce (num) {\n // Assumes that `num` is less than `P^2`\n // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)\n var r = num;\n var rlen;\n\n do {\n this.split(r, this.tmp);\n r = this.imulK(r);\n r = r.iadd(this.tmp);\n rlen = r.bitLength();\n } while (rlen > this.n);\n\n var cmp = rlen < this.n ? -1 : r.ucmp(this.p);\n if (cmp === 0) {\n r.words[0] = 0;\n r.length = 1;\n } else if (cmp > 0) {\n r.isub(this.p);\n } else {\n r.strip();\n }\n\n return r;\n };\n\n MPrime.prototype.split = function split (input, out) {\n input.iushrn(this.n, 0, out);\n };\n\n MPrime.prototype.imulK = function imulK (num) {\n return num.imul(this.k);\n };\n\n function K256 () {\n MPrime.call(\n this,\n 'k256',\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');\n }\n inherits(K256, MPrime);\n\n K256.prototype.split = function split (input, output) {\n // 256 = 9 * 26 + 22\n var mask = 0x3fffff;\n\n var outLen = Math.min(input.length, 9);\n for (var i = 0; i < outLen; i++) {\n output.words[i] = input.words[i];\n }\n output.length = outLen;\n\n if (input.length <= 9) {\n input.words[0] = 0;\n input.length = 1;\n return;\n }\n\n // Shift by 9 limbs\n var prev = input.words[9];\n output.words[output.length++] = prev & mask;\n\n for (i = 10; i < input.length; i++) {\n var next = input.words[i] | 0;\n input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);\n prev = next;\n }\n prev >>>= 22;\n input.words[i - 10] = prev;\n if (prev === 0 && input.length > 10) {\n input.length -= 10;\n } else {\n input.length -= 9;\n }\n };\n\n K256.prototype.imulK = function imulK (num) {\n // K = 0x1000003d1 = [ 0x40, 0x3d1 ]\n num.words[num.length] = 0;\n num.words[num.length + 1] = 0;\n num.length += 2;\n\n // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390\n var lo = 0;\n for (var i = 0; i < num.length; i++) {\n var w = num.words[i] | 0;\n lo += w * 0x3d1;\n num.words[i] = lo & 0x3ffffff;\n lo = w * 0x40 + ((lo / 0x4000000) | 0);\n }\n\n // Fast length reduction\n if (num.words[num.length - 1] === 0) {\n num.length--;\n if (num.words[num.length - 1] === 0) {\n num.length--;\n }\n }\n return num;\n };\n\n function P224 () {\n MPrime.call(\n this,\n 'p224',\n 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');\n }\n inherits(P224, MPrime);\n\n function P192 () {\n MPrime.call(\n this,\n 'p192',\n 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');\n }\n inherits(P192, MPrime);\n\n function P25519 () {\n // 2 ^ 255 - 19\n MPrime.call(\n this,\n '25519',\n '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');\n }\n inherits(P25519, MPrime);\n\n P25519.prototype.imulK = function imulK (num) {\n // K = 0x13\n var carry = 0;\n for (var i = 0; i < num.length; i++) {\n var hi = (num.words[i] | 0) * 0x13 + carry;\n var lo = hi & 0x3ffffff;\n hi >>>= 26;\n\n num.words[i] = lo;\n carry = hi;\n }\n if (carry !== 0) {\n num.words[num.length++] = carry;\n }\n return num;\n };\n\n // Exported mostly for testing purposes, use plain name instead\n BN._prime = function prime (name) {\n // Cached version of prime\n if (primes[name]) return primes[name];\n\n var prime;\n if (name === 'k256') {\n prime = new K256();\n } else if (name === 'p224') {\n prime = new P224();\n } else if (name === 'p192') {\n prime = new P192();\n } else if (name === 'p25519') {\n prime = new P25519();\n } else {\n throw new Error('Unknown prime ' + name);\n }\n primes[name] = prime;\n\n return prime;\n };\n\n //\n // Base reduction engine\n //\n function Red (m) {\n if (typeof m === 'string') {\n var prime = BN._prime(m);\n this.m = prime.p;\n this.prime = prime;\n } else {\n assert(m.gtn(1), 'modulus must be greater than 1');\n this.m = m;\n this.prime = null;\n }\n }\n\n Red.prototype._verify1 = function _verify1 (a) {\n assert(a.negative === 0, 'red works only with positives');\n assert(a.red, 'red works only with red numbers');\n };\n\n Red.prototype._verify2 = function _verify2 (a, b) {\n assert((a.negative | b.negative) === 0, 'red works only with positives');\n assert(a.red && a.red === b.red,\n 'red works only with red numbers');\n };\n\n Red.prototype.imod = function imod (a) {\n if (this.prime) return this.prime.ireduce(a)._forceRed(this);\n return a.umod(this.m)._forceRed(this);\n };\n\n Red.prototype.neg = function neg (a) {\n if (a.isZero()) {\n return a.clone();\n }\n\n return this.m.sub(a)._forceRed(this);\n };\n\n Red.prototype.add = function add (a, b) {\n this._verify2(a, b);\n\n var res = a.add(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.iadd = function iadd (a, b) {\n this._verify2(a, b);\n\n var res = a.iadd(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res;\n };\n\n Red.prototype.sub = function sub (a, b) {\n this._verify2(a, b);\n\n var res = a.sub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.isub = function isub (a, b) {\n this._verify2(a, b);\n\n var res = a.isub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res;\n };\n\n Red.prototype.shl = function shl (a, num) {\n this._verify1(a);\n return this.imod(a.ushln(num));\n };\n\n Red.prototype.imul = function imul (a, b) {\n this._verify2(a, b);\n return this.imod(a.imul(b));\n };\n\n Red.prototype.mul = function mul (a, b) {\n this._verify2(a, b);\n return this.imod(a.mul(b));\n };\n\n Red.prototype.isqr = function isqr (a) {\n return this.imul(a, a.clone());\n };\n\n Red.prototype.sqr = function sqr (a) {\n return this.mul(a, a);\n };\n\n Red.prototype.sqrt = function sqrt (a) {\n if (a.isZero()) return a.clone();\n\n var mod3 = this.m.andln(3);\n assert(mod3 % 2 === 1);\n\n // Fast case\n if (mod3 === 3) {\n var pow = this.m.add(new BN(1)).iushrn(2);\n return this.pow(a, pow);\n }\n\n // Tonelli-Shanks algorithm (Totally unoptimized and slow)\n //\n // Find Q and S, that Q * 2 ^ S = (P - 1)\n var q = this.m.subn(1);\n var s = 0;\n while (!q.isZero() && q.andln(1) === 0) {\n s++;\n q.iushrn(1);\n }\n assert(!q.isZero());\n\n var one = new BN(1).toRed(this);\n var nOne = one.redNeg();\n\n // Find quadratic non-residue\n // NOTE: Max is such because of generalized Riemann hypothesis.\n var lpow = this.m.subn(1).iushrn(1);\n var z = this.m.bitLength();\n z = new BN(2 * z * z).toRed(this);\n\n while (this.pow(z, lpow).cmp(nOne) !== 0) {\n z.redIAdd(nOne);\n }\n\n var c = this.pow(z, q);\n var r = this.pow(a, q.addn(1).iushrn(1));\n var t = this.pow(a, q);\n var m = s;\n while (t.cmp(one) !== 0) {\n var tmp = t;\n for (var i = 0; tmp.cmp(one) !== 0; i++) {\n tmp = tmp.redSqr();\n }\n assert(i < m);\n var b = this.pow(c, new BN(1).iushln(m - i - 1));\n\n r = r.redMul(b);\n c = b.redSqr();\n t = t.redMul(c);\n m = i;\n }\n\n return r;\n };\n\n Red.prototype.invm = function invm (a) {\n var inv = a._invmp(this.m);\n if (inv.negative !== 0) {\n inv.negative = 0;\n return this.imod(inv).redNeg();\n } else {\n return this.imod(inv);\n }\n };\n\n Red.prototype.pow = function pow (a, num) {\n if (num.isZero()) return new BN(1).toRed(this);\n if (num.cmpn(1) === 0) return a.clone();\n\n var windowSize = 4;\n var wnd = new Array(1 << windowSize);\n wnd[0] = new BN(1).toRed(this);\n wnd[1] = a;\n for (var i = 2; i < wnd.length; i++) {\n wnd[i] = this.mul(wnd[i - 1], a);\n }\n\n var res = wnd[0];\n var current = 0;\n var currentLen = 0;\n var start = num.bitLength() % 26;\n if (start === 0) {\n start = 26;\n }\n\n for (i = num.length - 1; i >= 0; i--) {\n var word = num.words[i];\n for (var j = start - 1; j >= 0; j--) {\n var bit = (word >> j) & 1;\n if (res !== wnd[0]) {\n res = this.sqr(res);\n }\n\n if (bit === 0 && current === 0) {\n currentLen = 0;\n continue;\n }\n\n current <<= 1;\n current |= bit;\n currentLen++;\n if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;\n\n res = this.mul(res, wnd[current]);\n currentLen = 0;\n current = 0;\n }\n start = 26;\n }\n\n return res;\n };\n\n Red.prototype.convertTo = function convertTo (num) {\n var r = num.umod(this.m);\n\n return r === num ? r.clone() : r;\n };\n\n Red.prototype.convertFrom = function convertFrom (num) {\n var res = num.clone();\n res.red = null;\n return res;\n };\n\n //\n // Montgomery method engine\n //\n\n BN.mont = function mont (num) {\n return new Mont(num);\n };\n\n function Mont (m) {\n Red.call(this, m);\n\n this.shift = this.m.bitLength();\n if (this.shift % 26 !== 0) {\n this.shift += 26 - (this.shift % 26);\n }\n\n this.r = new BN(1).iushln(this.shift);\n this.r2 = this.imod(this.r.sqr());\n this.rinv = this.r._invmp(this.m);\n\n this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);\n this.minv = this.minv.umod(this.r);\n this.minv = this.r.sub(this.minv);\n }\n inherits(Mont, Red);\n\n Mont.prototype.convertTo = function convertTo (num) {\n return this.imod(num.ushln(this.shift));\n };\n\n Mont.prototype.convertFrom = function convertFrom (num) {\n var r = this.imod(num.mul(this.rinv));\n r.red = null;\n return r;\n };\n\n Mont.prototype.imul = function imul (a, b) {\n if (a.isZero() || b.isZero()) {\n a.words[0] = 0;\n a.length = 1;\n return a;\n }\n\n var t = a.imul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.mul = function mul (a, b) {\n if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);\n\n var t = a.mul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.invm = function invm (a) {\n // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R\n var res = this.imod(a._invmp(this.m).mul(this.r2));\n return res._forceRed(this);\n };\n})(typeof module === 'undefined' || module, this);\n","import BN from 'bn.js';\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * Wrapper of bn.js library (wwww.github.com/indutny/bn.js)\n * @module biginteger/bn\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n this.value = new BN(n);\n }\n\n clone() {\n const clone = new BigInteger(null);\n this.value.copy(clone.value);\n return clone;\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value.iadd(new BN(1));\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value.isub(new BN(1));\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value.iadd(x.value);\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value.isub(x.value);\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value.imul(x.value);\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value = this.value.umod(m.value);\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation\n * Much faster than this.exp(e).mod(n)\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n // We use either Montgomery or normal reduction context\n // Montgomery requires coprime n and R (montogmery multiplier)\n // bn.js picks R as power of 2, so n must be odd\n const nred = n.isEven() ? BN.red(n.value) : BN.mont(n.value);\n const x = this.clone();\n x.value = x.value.toRed(nred).redPow(e.value).fromRed();\n return x;\n }\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n // invm returns a wrong result if the inverse does not exist\n if (!this.gcd(n).isOne()) {\n throw new Error('Inverse does not exist');\n }\n return new BigInteger(this.value.invm(n.value));\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} n - Operand\n * @returns {BigInteger} gcd\n */\n gcd(n) {\n return new BigInteger(this.value.gcd(n.value));\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value.ishln(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value.ishrn(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value.eq(x.value);\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value.lt(x.value);\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value.lte(x.value);\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value.gt(x.value);\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value.gte(x.value);\n }\n\n isZero() {\n return this.value.isZero();\n }\n\n isOne() {\n return this.value.eq(new BN(1));\n }\n\n isNegative() {\n return this.value.isNeg();\n }\n\n isEven() {\n return this.value.isEven();\n }\n\n abs() {\n const res = this.clone();\n res.value = res.value.abs();\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n return this.value.toNumber();\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n return this.value.testn(i) ? 1 : 0;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n return this.value.bitLength();\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n return this.value.byteLength();\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n return this.value.toArrayLike(Uint8Array, endian, length);\n }\n}\n","var r;\n\nmodule.exports = function rand(len) {\n if (!r)\n r = new Rand(null);\n\n return r.generate(len);\n};\n\nfunction Rand(rand) {\n this.rand = rand;\n}\nmodule.exports.Rand = Rand;\n\nRand.prototype.generate = function generate(len) {\n return this._rand(len);\n};\n\n// Emulate crypto API using randy\nRand.prototype._rand = function _rand(n) {\n if (this.rand.getBytes)\n return this.rand.getBytes(n);\n\n var res = new Uint8Array(n);\n for (var i = 0; i < res.length; i++)\n res[i] = this.rand.getByte();\n return res;\n};\n\nif (typeof self === 'object') {\n if (self.crypto && self.crypto.getRandomValues) {\n // Modern browsers\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.crypto.getRandomValues(arr);\n return arr;\n };\n } else if (self.msCrypto && self.msCrypto.getRandomValues) {\n // IE\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.msCrypto.getRandomValues(arr);\n return arr;\n };\n\n // Safari's WebWorkers do not have `crypto`\n } else if (typeof window === 'object') {\n // Old junk\n Rand.prototype._rand = function() {\n throw new Error('Not implemented yet');\n };\n }\n} else {\n // Node.js or Web worker with no crypto support\n try {\n var crypto = require('crypto');\n if (typeof crypto.randomBytes !== 'function')\n throw new Error('Not supported');\n\n Rand.prototype._rand = function _rand(n) {\n return crypto.randomBytes(n);\n };\n } catch (e) {\n }\n}\n","'use strict';\n\nvar utils = exports;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg !== 'string') {\n for (var i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n return res;\n }\n if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (var i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n } else {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n }\n return res;\n}\nutils.toArray = toArray;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nutils.zero2 = zero2;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nutils.toHex = toHex;\n\nutils.encode = function encode(arr, enc) {\n if (enc === 'hex')\n return toHex(arr);\n else\n return arr;\n};\n","'use strict';\n\nvar utils = exports;\nvar BN = require('bn.js');\nvar minAssert = require('minimalistic-assert');\nvar minUtils = require('minimalistic-crypto-utils');\n\nutils.assert = minAssert;\nutils.toArray = minUtils.toArray;\nutils.zero2 = minUtils.zero2;\nutils.toHex = minUtils.toHex;\nutils.encode = minUtils.encode;\n\n// Represent num in a w-NAF form\nfunction getNAF(num, w) {\n var naf = [];\n var ws = 1 << (w + 1);\n var k = num.clone();\n while (k.cmpn(1) >= 0) {\n var z;\n if (k.isOdd()) {\n var mod = k.andln(ws - 1);\n if (mod > (ws >> 1) - 1)\n z = (ws >> 1) - mod;\n else\n z = mod;\n k.isubn(z);\n } else {\n z = 0;\n }\n naf.push(z);\n\n // Optimization, shift by word if possible\n var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;\n for (var i = 1; i < shift; i++)\n naf.push(0);\n k.iushrn(shift);\n }\n\n return naf;\n}\nutils.getNAF = getNAF;\n\n// Represent k1, k2 in a Joint Sparse Form\nfunction getJSF(k1, k2) {\n var jsf = [\n [],\n []\n ];\n\n k1 = k1.clone();\n k2 = k2.clone();\n var d1 = 0;\n var d2 = 0;\n while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {\n\n // First phase\n var m14 = (k1.andln(3) + d1) & 3;\n var m24 = (k2.andln(3) + d2) & 3;\n if (m14 === 3)\n m14 = -1;\n if (m24 === 3)\n m24 = -1;\n var u1;\n if ((m14 & 1) === 0) {\n u1 = 0;\n } else {\n var m8 = (k1.andln(7) + d1) & 7;\n if ((m8 === 3 || m8 === 5) && m24 === 2)\n u1 = -m14;\n else\n u1 = m14;\n }\n jsf[0].push(u1);\n\n var u2;\n if ((m24 & 1) === 0) {\n u2 = 0;\n } else {\n var m8 = (k2.andln(7) + d2) & 7;\n if ((m8 === 3 || m8 === 5) && m14 === 2)\n u2 = -m24;\n else\n u2 = m24;\n }\n jsf[1].push(u2);\n\n // Second phase\n if (2 * d1 === u1 + 1)\n d1 = 1 - d1;\n if (2 * d2 === u2 + 1)\n d2 = 1 - d2;\n k1.iushrn(1);\n k2.iushrn(1);\n }\n\n return jsf;\n}\nutils.getJSF = getJSF;\n\nfunction cachedProperty(obj, name, computer) {\n var key = '_' + name;\n obj.prototype[name] = function cachedProperty() {\n return this[key] !== undefined ? this[key] :\n this[key] = computer.call(this);\n };\n}\nutils.cachedProperty = cachedProperty;\n\nfunction parseBytes(bytes) {\n return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :\n bytes;\n}\nutils.parseBytes = parseBytes;\n\nfunction intFromLE(bytes) {\n return new BN(bytes, 'hex', 'le');\n}\nutils.intFromLE = intFromLE;\n\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar getNAF = utils.getNAF;\nvar getJSF = utils.getJSF;\nvar assert = utils.assert;\n\nfunction BaseCurve(type, conf) {\n this.type = type;\n this.p = new BN(conf.p, 16);\n\n // Use Montgomery, when there is no fast reduction for the prime\n this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);\n\n // Useful for many curves\n this.zero = new BN(0).toRed(this.red);\n this.one = new BN(1).toRed(this.red);\n this.two = new BN(2).toRed(this.red);\n\n // Curve configuration, optional\n this.n = conf.n && new BN(conf.n, 16);\n this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);\n\n // Temporary arrays\n this._wnafT1 = new Array(4);\n this._wnafT2 = new Array(4);\n this._wnafT3 = new Array(4);\n this._wnafT4 = new Array(4);\n\n // Generalized Greg Maxwell's trick\n var adjustCount = this.n && this.p.div(this.n);\n if (!adjustCount || adjustCount.cmpn(100) > 0) {\n this.redN = null;\n } else {\n this._maxwellTrick = true;\n this.redN = this.n.toRed(this.red);\n }\n}\nmodule.exports = BaseCurve;\n\nBaseCurve.prototype.point = function point() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype.validate = function validate() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {\n assert(p.precomputed);\n var doubles = p._getDoubles();\n\n var naf = getNAF(k, 1);\n var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);\n I /= 3;\n\n // Translate into more windowed form\n var repr = [];\n for (var j = 0; j < naf.length; j += doubles.step) {\n var nafW = 0;\n for (var k = j + doubles.step - 1; k >= j; k--)\n nafW = (nafW << 1) + naf[k];\n repr.push(nafW);\n }\n\n var a = this.jpoint(null, null, null);\n var b = this.jpoint(null, null, null);\n for (var i = I; i > 0; i--) {\n for (var j = 0; j < repr.length; j++) {\n var nafW = repr[j];\n if (nafW === i)\n b = b.mixedAdd(doubles.points[j]);\n else if (nafW === -i)\n b = b.mixedAdd(doubles.points[j].neg());\n }\n a = a.add(b);\n }\n return a.toP();\n};\n\nBaseCurve.prototype._wnafMul = function _wnafMul(p, k) {\n var w = 4;\n\n // Precompute window\n var nafPoints = p._getNAFPoints(w);\n w = nafPoints.wnd;\n var wnd = nafPoints.points;\n\n // Get NAF form\n var naf = getNAF(k, w);\n\n // Add `this`*(N+1) for every w-NAF index\n var acc = this.jpoint(null, null, null);\n for (var i = naf.length - 1; i >= 0; i--) {\n // Count zeroes\n for (var k = 0; i >= 0 && naf[i] === 0; i--)\n k++;\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n\n if (i < 0)\n break;\n var z = naf[i];\n assert(z !== 0);\n if (p.type === 'affine') {\n // J +- P\n if (z > 0)\n acc = acc.mixedAdd(wnd[(z - 1) >> 1]);\n else\n acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());\n } else {\n // J +- J\n if (z > 0)\n acc = acc.add(wnd[(z - 1) >> 1]);\n else\n acc = acc.add(wnd[(-z - 1) >> 1].neg());\n }\n }\n return p.type === 'affine' ? acc.toP() : acc;\n};\n\nBaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,\n points,\n coeffs,\n len,\n jacobianResult) {\n var wndWidth = this._wnafT1;\n var wnd = this._wnafT2;\n var naf = this._wnafT3;\n\n // Fill all arrays\n var max = 0;\n for (var i = 0; i < len; i++) {\n var p = points[i];\n var nafPoints = p._getNAFPoints(defW);\n wndWidth[i] = nafPoints.wnd;\n wnd[i] = nafPoints.points;\n }\n\n // Comb small window NAFs\n for (var i = len - 1; i >= 1; i -= 2) {\n var a = i - 1;\n var b = i;\n if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {\n naf[a] = getNAF(coeffs[a], wndWidth[a]);\n naf[b] = getNAF(coeffs[b], wndWidth[b]);\n max = Math.max(naf[a].length, max);\n max = Math.max(naf[b].length, max);\n continue;\n }\n\n var comb = [\n points[a], /* 1 */\n null, /* 3 */\n null, /* 5 */\n points[b] /* 7 */\n ];\n\n // Try to avoid Projective points, if possible\n if (points[a].y.cmp(points[b].y) === 0) {\n comb[1] = points[a].add(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].add(points[b].neg());\n } else {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n }\n\n var index = [\n -3, /* -1 -1 */\n -1, /* -1 0 */\n -5, /* -1 1 */\n -7, /* 0 -1 */\n 0, /* 0 0 */\n 7, /* 0 1 */\n 5, /* 1 -1 */\n 1, /* 1 0 */\n 3 /* 1 1 */\n ];\n\n var jsf = getJSF(coeffs[a], coeffs[b]);\n max = Math.max(jsf[0].length, max);\n naf[a] = new Array(max);\n naf[b] = new Array(max);\n for (var j = 0; j < max; j++) {\n var ja = jsf[0][j] | 0;\n var jb = jsf[1][j] | 0;\n\n naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];\n naf[b][j] = 0;\n wnd[a] = comb;\n }\n }\n\n var acc = this.jpoint(null, null, null);\n var tmp = this._wnafT4;\n for (var i = max; i >= 0; i--) {\n var k = 0;\n\n while (i >= 0) {\n var zero = true;\n for (var j = 0; j < len; j++) {\n tmp[j] = naf[j][i] | 0;\n if (tmp[j] !== 0)\n zero = false;\n }\n if (!zero)\n break;\n k++;\n i--;\n }\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n if (i < 0)\n break;\n\n for (var j = 0; j < len; j++) {\n var z = tmp[j];\n var p;\n if (z === 0)\n continue;\n else if (z > 0)\n p = wnd[j][(z - 1) >> 1];\n else if (z < 0)\n p = wnd[j][(-z - 1) >> 1].neg();\n\n if (p.type === 'affine')\n acc = acc.mixedAdd(p);\n else\n acc = acc.add(p);\n }\n }\n // Zeroify references\n for (var i = 0; i < len; i++)\n wnd[i] = null;\n\n if (jacobianResult)\n return acc;\n else\n return acc.toP();\n};\n\nfunction BasePoint(curve, type) {\n this.curve = curve;\n this.type = type;\n this.precomputed = null;\n}\nBaseCurve.BasePoint = BasePoint;\n\nBasePoint.prototype.eq = function eq(/*other*/) {\n throw new Error('Not implemented');\n};\n\nBasePoint.prototype.validate = function validate() {\n return this.curve.validate(this);\n};\n\nBaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n bytes = utils.toArray(bytes, enc);\n\n var len = this.p.byteLength();\n\n // uncompressed, hybrid-odd, hybrid-even\n if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&\n bytes.length - 1 === 2 * len) {\n if (bytes[0] === 0x06)\n assert(bytes[bytes.length - 1] % 2 === 0);\n else if (bytes[0] === 0x07)\n assert(bytes[bytes.length - 1] % 2 === 1);\n\n var res = this.point(bytes.slice(1, 1 + len),\n bytes.slice(1 + len, 1 + 2 * len));\n\n return res;\n } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&\n bytes.length - 1 === len) {\n return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);\n }\n throw new Error('Unknown point format');\n};\n\nBasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {\n return this.encode(enc, true);\n};\n\nBasePoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n var x = this.getX().toArray('be', len);\n\n if (compact)\n return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);\n\n return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;\n};\n\nBasePoint.prototype.encode = function encode(enc, compact) {\n return utils.encode(this._encode(compact), enc);\n};\n\nBasePoint.prototype.precompute = function precompute(power) {\n if (this.precomputed)\n return this;\n\n var precomputed = {\n doubles: null,\n naf: null,\n beta: null\n };\n precomputed.naf = this._getNAFPoints(8);\n precomputed.doubles = this._getDoubles(4, power);\n precomputed.beta = this._getBeta();\n this.precomputed = precomputed;\n\n return this;\n};\n\nBasePoint.prototype._hasDoubles = function _hasDoubles(k) {\n if (!this.precomputed)\n return false;\n\n var doubles = this.precomputed.doubles;\n if (!doubles)\n return false;\n\n return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);\n};\n\nBasePoint.prototype._getDoubles = function _getDoubles(step, power) {\n if (this.precomputed && this.precomputed.doubles)\n return this.precomputed.doubles;\n\n var doubles = [ this ];\n var acc = this;\n for (var i = 0; i < power; i += step) {\n for (var j = 0; j < step; j++)\n acc = acc.dbl();\n doubles.push(acc);\n }\n return {\n step: step,\n points: doubles\n };\n};\n\nBasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {\n if (this.precomputed && this.precomputed.naf)\n return this.precomputed.naf;\n\n var res = [ this ];\n var max = (1 << wnd) - 1;\n var dbl = max === 1 ? null : this.dbl();\n for (var i = 1; i < max; i++)\n res[i] = res[i - 1].add(dbl);\n return {\n wnd: wnd,\n points: res\n };\n};\n\nBasePoint.prototype._getBeta = function _getBeta() {\n return null;\n};\n\nBasePoint.prototype.dblp = function dblp(k) {\n var r = this;\n for (var i = 0; i < k; i++)\n r = r.dbl();\n return r;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction ShortCurve(conf) {\n Base.call(this, 'short', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.tinv = this.two.redInvm();\n\n this.zeroA = this.a.fromRed().cmpn(0) === 0;\n this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;\n\n // If the curve is endomorphic, precalculate beta and lambda\n this.endo = this._getEndomorphism(conf);\n this._endoWnafT1 = new Array(4);\n this._endoWnafT2 = new Array(4);\n}\ninherits(ShortCurve, Base);\nmodule.exports = ShortCurve;\n\nShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {\n // No efficient endomorphism\n if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)\n return;\n\n // Compute beta and lambda, that lambda * P = (beta * Px; Py)\n var beta;\n var lambda;\n if (conf.beta) {\n beta = new BN(conf.beta, 16).toRed(this.red);\n } else {\n var betas = this._getEndoRoots(this.p);\n // Choose the smallest beta\n beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];\n beta = beta.toRed(this.red);\n }\n if (conf.lambda) {\n lambda = new BN(conf.lambda, 16);\n } else {\n // Choose the lambda that is matching selected beta\n var lambdas = this._getEndoRoots(this.n);\n if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {\n lambda = lambdas[0];\n } else {\n lambda = lambdas[1];\n assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);\n }\n }\n\n // Get basis vectors, used for balanced length-two representation\n var basis;\n if (conf.basis) {\n basis = conf.basis.map(function(vec) {\n return {\n a: new BN(vec.a, 16),\n b: new BN(vec.b, 16)\n };\n });\n } else {\n basis = this._getEndoBasis(lambda);\n }\n\n return {\n beta: beta,\n lambda: lambda,\n basis: basis\n };\n};\n\nShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {\n // Find roots of for x^2 + x + 1 in F\n // Root = (-1 +- Sqrt(-3)) / 2\n //\n var red = num === this.p ? this.red : BN.mont(num);\n var tinv = new BN(2).toRed(red).redInvm();\n var ntinv = tinv.redNeg();\n\n var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);\n\n var l1 = ntinv.redAdd(s).fromRed();\n var l2 = ntinv.redSub(s).fromRed();\n return [ l1, l2 ];\n};\n\nShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {\n // aprxSqrt >= sqrt(this.n)\n var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));\n\n // 3.74\n // Run EGCD, until r(L + 1) < aprxSqrt\n var u = lambda;\n var v = this.n.clone();\n var x1 = new BN(1);\n var y1 = new BN(0);\n var x2 = new BN(0);\n var y2 = new BN(1);\n\n // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)\n var a0;\n var b0;\n // First vector\n var a1;\n var b1;\n // Second vector\n var a2;\n var b2;\n\n var prevR;\n var i = 0;\n var r;\n var x;\n while (u.cmpn(0) !== 0) {\n var q = v.div(u);\n r = v.sub(q.mul(u));\n x = x2.sub(q.mul(x1));\n var y = y2.sub(q.mul(y1));\n\n if (!a1 && r.cmp(aprxSqrt) < 0) {\n a0 = prevR.neg();\n b0 = x1;\n a1 = r.neg();\n b1 = x;\n } else if (a1 && ++i === 2) {\n break;\n }\n prevR = r;\n\n v = u;\n u = r;\n x2 = x1;\n x1 = x;\n y2 = y1;\n y1 = y;\n }\n a2 = r.neg();\n b2 = x;\n\n var len1 = a1.sqr().add(b1.sqr());\n var len2 = a2.sqr().add(b2.sqr());\n if (len2.cmp(len1) >= 0) {\n a2 = a0;\n b2 = b0;\n }\n\n // Normalize signs\n if (a1.negative) {\n a1 = a1.neg();\n b1 = b1.neg();\n }\n if (a2.negative) {\n a2 = a2.neg();\n b2 = b2.neg();\n }\n\n return [\n { a: a1, b: b1 },\n { a: a2, b: b2 }\n ];\n};\n\nShortCurve.prototype._endoSplit = function _endoSplit(k) {\n var basis = this.endo.basis;\n var v1 = basis[0];\n var v2 = basis[1];\n\n var c1 = v2.b.mul(k).divRound(this.n);\n var c2 = v1.b.neg().mul(k).divRound(this.n);\n\n var p1 = c1.mul(v1.a);\n var p2 = c2.mul(v2.a);\n var q1 = c1.mul(v1.b);\n var q2 = c2.mul(v2.b);\n\n // Calculate answer\n var k1 = k.sub(p1).sub(p2);\n var k2 = q1.add(q2).neg();\n return { k1: k1, k2: k2 };\n};\n\nShortCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n // XXX Is there any way to tell if the number is odd without converting it\n // to non-red form?\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nShortCurve.prototype.validate = function validate(point) {\n if (point.inf)\n return true;\n\n var x = point.x;\n var y = point.y;\n\n var ax = this.a.redMul(x);\n var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);\n return y.redSqr().redISub(rhs).cmpn(0) === 0;\n};\n\nShortCurve.prototype._endoWnafMulAdd =\n function _endoWnafMulAdd(points, coeffs, jacobianResult) {\n var npoints = this._endoWnafT1;\n var ncoeffs = this._endoWnafT2;\n for (var i = 0; i < points.length; i++) {\n var split = this._endoSplit(coeffs[i]);\n var p = points[i];\n var beta = p._getBeta();\n\n if (split.k1.negative) {\n split.k1.ineg();\n p = p.neg(true);\n }\n if (split.k2.negative) {\n split.k2.ineg();\n beta = beta.neg(true);\n }\n\n npoints[i * 2] = p;\n npoints[i * 2 + 1] = beta;\n ncoeffs[i * 2] = split.k1;\n ncoeffs[i * 2 + 1] = split.k2;\n }\n var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);\n\n // Clean-up references to points and coefficients\n for (var j = 0; j < i * 2; j++) {\n npoints[j] = null;\n ncoeffs[j] = null;\n }\n return res;\n};\n\nfunction Point(curve, x, y, isRed) {\n Base.BasePoint.call(this, curve, 'affine');\n if (x === null && y === null) {\n this.x = null;\n this.y = null;\n this.inf = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n // Force redgomery representation when loading from JSON\n if (isRed) {\n this.x.forceRed(this.curve.red);\n this.y.forceRed(this.curve.red);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n this.inf = false;\n }\n}\ninherits(Point, Base.BasePoint);\n\nShortCurve.prototype.point = function point(x, y, isRed) {\n return new Point(this, x, y, isRed);\n};\n\nShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {\n return Point.fromJSON(this, obj, red);\n};\n\nPoint.prototype._getBeta = function _getBeta() {\n if (!this.curve.endo)\n return;\n\n var pre = this.precomputed;\n if (pre && pre.beta)\n return pre.beta;\n\n var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);\n if (pre) {\n var curve = this.curve;\n var endoMul = function(p) {\n return curve.point(p.x.redMul(curve.endo.beta), p.y);\n };\n pre.beta = beta;\n beta.precomputed = {\n beta: null,\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(endoMul)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(endoMul)\n }\n };\n }\n return beta;\n};\n\nPoint.prototype.toJSON = function toJSON() {\n if (!this.precomputed)\n return [ this.x, this.y ];\n\n return [ this.x, this.y, this.precomputed && {\n doubles: this.precomputed.doubles && {\n step: this.precomputed.doubles.step,\n points: this.precomputed.doubles.points.slice(1)\n },\n naf: this.precomputed.naf && {\n wnd: this.precomputed.naf.wnd,\n points: this.precomputed.naf.points.slice(1)\n }\n } ];\n};\n\nPoint.fromJSON = function fromJSON(curve, obj, red) {\n if (typeof obj === 'string')\n obj = JSON.parse(obj);\n var res = curve.point(obj[0], obj[1], red);\n if (!obj[2])\n return res;\n\n function obj2point(obj) {\n return curve.point(obj[0], obj[1], red);\n }\n\n var pre = obj[2];\n res.precomputed = {\n beta: null,\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: [ res ].concat(pre.doubles.points.map(obj2point))\n },\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: [ res ].concat(pre.naf.points.map(obj2point))\n }\n };\n return res;\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n return this.inf;\n};\n\nPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.inf)\n return p;\n\n // P + O = P\n if (p.inf)\n return this;\n\n // P + P = 2P\n if (this.eq(p))\n return this.dbl();\n\n // P + (-P) = O\n if (this.neg().eq(p))\n return this.curve.point(null, null);\n\n // P + Q = O\n if (this.x.cmp(p.x) === 0)\n return this.curve.point(null, null);\n\n var c = this.y.redSub(p.y);\n if (c.cmpn(0) !== 0)\n c = c.redMul(this.x.redSub(p.x).redInvm());\n var nx = c.redSqr().redISub(this.x).redISub(p.x);\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.inf)\n return this;\n\n // 2P = O\n var ys1 = this.y.redAdd(this.y);\n if (ys1.cmpn(0) === 0)\n return this.curve.point(null, null);\n\n var a = this.curve.a;\n\n var x2 = this.x.redSqr();\n var dyinv = ys1.redInvm();\n var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);\n\n var nx = c.redSqr().redISub(this.x.redAdd(this.x));\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.getX = function getX() {\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n return this.y.fromRed();\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n if (this.isInfinity())\n return this;\n else if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else if (this.curve.endo)\n return this.curve._endoWnafMulAdd([ this ], [ k ]);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs, true);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2, true);\n};\n\nPoint.prototype.eq = function eq(p) {\n return this === p ||\n this.inf === p.inf &&\n (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);\n};\n\nPoint.prototype.neg = function neg(_precompute) {\n if (this.inf)\n return this;\n\n var res = this.curve.point(this.x, this.y.redNeg());\n if (_precompute && this.precomputed) {\n var pre = this.precomputed;\n var negate = function(p) {\n return p.neg();\n };\n res.precomputed = {\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(negate)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(negate)\n }\n };\n }\n return res;\n};\n\nPoint.prototype.toJ = function toJ() {\n if (this.inf)\n return this.curve.jpoint(null, null, null);\n\n var res = this.curve.jpoint(this.x, this.y, this.curve.one);\n return res;\n};\n\nfunction JPoint(curve, x, y, z) {\n Base.BasePoint.call(this, curve, 'jacobian');\n if (x === null && y === null && z === null) {\n this.x = this.curve.one;\n this.y = this.curve.one;\n this.z = new BN(0);\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = new BN(z, 16);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n\n this.zOne = this.z === this.curve.one;\n}\ninherits(JPoint, Base.BasePoint);\n\nShortCurve.prototype.jpoint = function jpoint(x, y, z) {\n return new JPoint(this, x, y, z);\n};\n\nJPoint.prototype.toP = function toP() {\n if (this.isInfinity())\n return this.curve.point(null, null);\n\n var zinv = this.z.redInvm();\n var zinv2 = zinv.redSqr();\n var ax = this.x.redMul(zinv2);\n var ay = this.y.redMul(zinv2).redMul(zinv);\n\n return this.curve.point(ax, ay);\n};\n\nJPoint.prototype.neg = function neg() {\n return this.curve.jpoint(this.x, this.y.redNeg(), this.z);\n};\n\nJPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.isInfinity())\n return p;\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 12M + 4S + 7A\n var pz2 = p.z.redSqr();\n var z2 = this.z.redSqr();\n var u1 = this.x.redMul(pz2);\n var u2 = p.x.redMul(z2);\n var s1 = this.y.redMul(pz2.redMul(p.z));\n var s2 = p.y.redMul(z2.redMul(this.z));\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(p.z).redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mixedAdd = function mixedAdd(p) {\n // O + P = P\n if (this.isInfinity())\n return p.toJ();\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 8M + 3S + 7A\n var z2 = this.z.redSqr();\n var u1 = this.x;\n var u2 = p.x.redMul(z2);\n var s1 = this.y;\n var s2 = p.y.redMul(z2).redMul(this.z);\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.dblp = function dblp(pow) {\n if (pow === 0)\n return this;\n if (this.isInfinity())\n return this;\n if (!pow)\n return this.dbl();\n\n if (this.curve.zeroA || this.curve.threeA) {\n var r = this;\n for (var i = 0; i < pow; i++)\n r = r.dbl();\n return r;\n }\n\n // 1M + 2S + 1A + N * (4S + 5M + 8A)\n // N = 1 => 6M + 6S + 9A\n var a = this.curve.a;\n var tinv = this.curve.tinv;\n\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n // Reuse results\n var jyd = jy.redAdd(jy);\n for (var i = 0; i < pow; i++) {\n var jx2 = jx.redSqr();\n var jyd2 = jyd.redSqr();\n var jyd4 = jyd2.redSqr();\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var t1 = jx.redMul(jyd2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n var dny = c.redMul(t2);\n dny = dny.redIAdd(dny).redISub(jyd4);\n var nz = jyd.redMul(jz);\n if (i + 1 < pow)\n jz4 = jz4.redMul(jyd4);\n\n jx = nx;\n jz = nz;\n jyd = dny;\n }\n\n return this.curve.jpoint(jx, jyd.redMul(tinv), jz);\n};\n\nJPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n if (this.curve.zeroA)\n return this._zeroDbl();\n else if (this.curve.threeA)\n return this._threeDbl();\n else\n return this._dbl();\n};\n\nJPoint.prototype._zeroDbl = function _zeroDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 14A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // T = M ^ 2 - 2*S\n var t = m.redSqr().redISub(s).redISub(s);\n\n // 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2*Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-dbl-2009-l\n // 2M + 5S + 13A\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = B^2\n var c = b.redSqr();\n // D = 2 * ((X1 + B)^2 - A - C)\n var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);\n d = d.redIAdd(d);\n // E = 3 * A\n var e = a.redAdd(a).redIAdd(a);\n // F = E^2\n var f = e.redSqr();\n\n // 8 * C\n var c8 = c.redIAdd(c);\n c8 = c8.redIAdd(c8);\n c8 = c8.redIAdd(c8);\n\n // X3 = F - 2 * D\n nx = f.redISub(d).redISub(d);\n // Y3 = E * (D - X3) - 8 * C\n ny = e.redMul(d.redISub(nx)).redISub(c8);\n // Z3 = 2 * Y1 * Z1\n nz = this.y.redMul(this.z);\n nz = nz.redIAdd(nz);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._threeDbl = function _threeDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 15A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a\n var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);\n // T = M^2 - 2 * S\n var t = m.redSqr().redISub(s).redISub(s);\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2 * Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b\n // 3M + 5S\n\n // delta = Z1^2\n var delta = this.z.redSqr();\n // gamma = Y1^2\n var gamma = this.y.redSqr();\n // beta = X1 * gamma\n var beta = this.x.redMul(gamma);\n // alpha = 3 * (X1 - delta) * (X1 + delta)\n var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));\n alpha = alpha.redAdd(alpha).redIAdd(alpha);\n // X3 = alpha^2 - 8 * beta\n var beta4 = beta.redIAdd(beta);\n beta4 = beta4.redIAdd(beta4);\n var beta8 = beta4.redAdd(beta4);\n nx = alpha.redSqr().redISub(beta8);\n // Z3 = (Y1 + Z1)^2 - gamma - delta\n nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);\n // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2\n var ggamma8 = gamma.redSqr();\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._dbl = function _dbl() {\n var a = this.curve.a;\n\n // 4M + 6S + 10A\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n var jx2 = jx.redSqr();\n var jy2 = jy.redSqr();\n\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var jxd4 = jx.redAdd(jx);\n jxd4 = jxd4.redIAdd(jxd4);\n var t1 = jxd4.redMul(jy2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n\n var jyd8 = jy2.redSqr();\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n var ny = c.redMul(t2).redISub(jyd8);\n var nz = jy.redAdd(jy).redMul(jz);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.trpl = function trpl() {\n if (!this.curve.zeroA)\n return this.dbl().add(this);\n\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl\n // 5M + 10S + ...\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // ZZ = Z1^2\n var zz = this.z.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // M = 3 * XX + a * ZZ2; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // MM = M^2\n var mm = m.redSqr();\n // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM\n var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n e = e.redIAdd(e);\n e = e.redAdd(e).redIAdd(e);\n e = e.redISub(mm);\n // EE = E^2\n var ee = e.redSqr();\n // T = 16*YYYY\n var t = yyyy.redIAdd(yyyy);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n // U = (M + E)^2 - MM - EE - T\n var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);\n // X3 = 4 * (X1 * EE - 4 * YY * U)\n var yyu4 = yy.redMul(u);\n yyu4 = yyu4.redIAdd(yyu4);\n yyu4 = yyu4.redIAdd(yyu4);\n var nx = this.x.redMul(ee).redISub(yyu4);\n nx = nx.redIAdd(nx);\n nx = nx.redIAdd(nx);\n // Y3 = 8 * Y1 * (U * (T - U) - E * EE)\n var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n // Z3 = (Z1 + E)^2 - ZZ - EE\n var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mul = function mul(k, kbase) {\n k = new BN(k, kbase);\n\n return this.curve._wnafMul(this, k);\n};\n\nJPoint.prototype.eq = function eq(p) {\n if (p.type === 'affine')\n return this.eq(p.toJ());\n\n if (this === p)\n return true;\n\n // x1 * z2^2 == x2 * z1^2\n var z2 = this.z.redSqr();\n var pz2 = p.z.redSqr();\n if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)\n return false;\n\n // y1 * z2^3 == y2 * z1^3\n var z3 = z2.redMul(this.z);\n var pz3 = pz2.redMul(p.z);\n return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;\n};\n\nJPoint.prototype.eqXToP = function eqXToP(x) {\n var zs = this.z.redSqr();\n var rx = x.toRed(this.curve.red).redMul(zs);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(zs);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\nJPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nJPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar utils = require('../utils');\n\nfunction MontCurve(conf) {\n Base.call(this, 'mont', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.i4 = new BN(4).toRed(this.red).redInvm();\n this.two = new BN(2).toRed(this.red);\n // Note: this implementation is according to the original paper\n // by P. Montgomery, NOT the one by D. J. Bernstein.\n this.a24 = this.i4.redMul(this.a.redAdd(this.two));\n}\ninherits(MontCurve, Base);\nmodule.exports = MontCurve;\n\nMontCurve.prototype.validate = function validate(point) {\n var x = point.normalize().x;\n var x2 = x.redSqr();\n var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);\n var y = rhs.redSqrt();\n\n return y.redSqr().cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, z) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && z === null) {\n this.x = this.curve.one;\n this.z = this.curve.zero;\n } else {\n this.x = new BN(x, 16);\n this.z = new BN(z, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n }\n}\ninherits(Point, Base.BasePoint);\n\nMontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n var bytes = utils.toArray(bytes, enc);\n\n // TODO Curve448\n // Montgomery curve points must be represented in the compressed format\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (bytes.length === 33 && bytes[0] === 0x40)\n bytes = bytes.slice(1, 33).reverse(); // point must be little-endian\n if (bytes.length !== 32)\n throw new Error('Unknown point compression format');\n return this.point(bytes, 1);\n};\n\nMontCurve.prototype.point = function point(x, z) {\n return new Point(this, x, z);\n};\n\nMontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nPoint.prototype.precompute = function precompute() {\n // No-op\n};\n\nPoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n\n // Note: the output should always be little-endian\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (compact) {\n return [ 0x40 ].concat(this.getX().toArray('le', len));\n } else {\n return this.getX().toArray('be', len);\n }\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1] || curve.one);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n\nPoint.prototype.dbl = function dbl() {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3\n // 2M + 2S + 4A\n\n // A = X1 + Z1\n var a = this.x.redAdd(this.z);\n // AA = A^2\n var aa = a.redSqr();\n // B = X1 - Z1\n var b = this.x.redSub(this.z);\n // BB = B^2\n var bb = b.redSqr();\n // C = AA - BB\n var c = aa.redSub(bb);\n // X3 = AA * BB\n var nx = aa.redMul(bb);\n // Z3 = C * (BB + A24 * C)\n var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.add = function add() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.diffAdd = function diffAdd(p, diff) {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3\n // 4M + 2S + 6A\n\n // A = X2 + Z2\n var a = this.x.redAdd(this.z);\n // B = X2 - Z2\n var b = this.x.redSub(this.z);\n // C = X3 + Z3\n var c = p.x.redAdd(p.z);\n // D = X3 - Z3\n var d = p.x.redSub(p.z);\n // DA = D * A\n var da = d.redMul(a);\n // CB = C * B\n var cb = c.redMul(b);\n // X5 = Z1 * (DA + CB)^2\n var nx = diff.z.redMul(da.redAdd(cb).redSqr());\n // Z5 = X1 * (DA - CB)^2\n var nz = diff.x.redMul(da.redISub(cb).redSqr());\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n\n var t = k.clone();\n var a = this; // (N / 2) * Q + Q\n var b = this.curve.point(null, null); // (N / 2) * Q\n var c = this; // Q\n\n for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))\n bits.push(t.andln(1));\n\n for (var i = bits.length - 1; i >= 0; i--) {\n if (bits[i] === 0) {\n // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q\n a = a.diffAdd(b, c);\n // N * Q = 2 * ((N / 2) * Q + Q))\n b = b.dbl();\n } else {\n // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)\n b = a.diffAdd(b, c);\n // N * Q + Q = 2 * ((N / 2) * Q + Q)\n a = a.dbl();\n }\n }\n return b;\n};\n\nPoint.prototype.mulAdd = function mulAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.jumlAdd = function jumlAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.eq = function eq(other) {\n return this.getX().cmp(other.getX()) === 0;\n};\n\nPoint.prototype.normalize = function normalize() {\n this.x = this.x.redMul(this.z.redInvm());\n this.z = this.curve.one;\n return this;\n};\n\nPoint.prototype.getX = function getX() {\n // Normalize coordinates\n this.normalize();\n\n return this.x.fromRed();\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction EdwardsCurve(conf) {\n // NOTE: Important as we are creating point in Base.call()\n this.twisted = (conf.a | 0) !== 1;\n this.mOneA = this.twisted && (conf.a | 0) === -1;\n this.extended = this.mOneA;\n\n Base.call(this, 'edwards', conf);\n\n this.a = new BN(conf.a, 16).umod(this.red.m);\n this.a = this.a.toRed(this.red);\n this.c = new BN(conf.c, 16).toRed(this.red);\n this.c2 = this.c.redSqr();\n this.d = new BN(conf.d, 16).toRed(this.red);\n this.dd = this.d.redAdd(this.d);\n\n assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);\n this.oneC = (conf.c | 0) === 1;\n}\ninherits(EdwardsCurve, Base);\nmodule.exports = EdwardsCurve;\n\nEdwardsCurve.prototype._mulA = function _mulA(num) {\n if (this.mOneA)\n return num.redNeg();\n else\n return this.a.redMul(num);\n};\n\nEdwardsCurve.prototype._mulC = function _mulC(num) {\n if (this.oneC)\n return num;\n else\n return this.c.redMul(num);\n};\n\n// Just for compatibility with Short curve\nEdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {\n return this.point(x, y, z, t);\n};\n\nEdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var x2 = x.redSqr();\n var rhs = this.c2.redSub(this.a.redMul(x2));\n var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));\n\n var y2 = rhs.redMul(lhs.redInvm());\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {\n y = new BN(y, 16);\n if (!y.red)\n y = y.toRed(this.red);\n\n // x^2 = (y^2 - c^2) / (c^2 d y^2 - a)\n var y2 = y.redSqr();\n var lhs = y2.redSub(this.c2);\n var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a);\n var x2 = lhs.redMul(rhs.redInvm());\n\n if (x2.cmp(this.zero) === 0) {\n if (odd)\n throw new Error('invalid point');\n else\n return this.point(this.zero, y);\n }\n\n var x = x2.redSqrt();\n if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n if (x.fromRed().isOdd() !== odd)\n x = x.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.validate = function validate(point) {\n if (point.isInfinity())\n return true;\n\n // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)\n point.normalize();\n\n var x2 = point.x.redSqr();\n var y2 = point.y.redSqr();\n var lhs = x2.redMul(this.a).redAdd(y2);\n var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));\n\n return lhs.cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, y, z, t) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && y === null && z === null) {\n this.x = this.curve.zero;\n this.y = this.curve.one;\n this.z = this.curve.one;\n this.t = this.curve.zero;\n this.zOne = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = z ? new BN(z, 16) : this.curve.one;\n this.t = t && new BN(t, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n if (this.t && !this.t.red)\n this.t = this.t.toRed(this.curve.red);\n this.zOne = this.z === this.curve.one;\n\n // Use extended coordinates\n if (this.curve.extended && !this.t) {\n this.t = this.x.redMul(this.y);\n if (!this.zOne)\n this.t = this.t.redMul(this.z.redInvm());\n }\n }\n}\ninherits(Point, Base.BasePoint);\n\nEdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nEdwardsCurve.prototype.point = function point(x, y, z, t) {\n return new Point(this, x, y, z, t);\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1], obj[2]);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.x.cmpn(0) === 0 &&\n (this.y.cmp(this.z) === 0 ||\n (this.zOne && this.y.cmp(this.curve.c) === 0));\n};\n\nPoint.prototype._extDbl = function _extDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #doubling-dbl-2008-hwcd\n // 4M + 4S\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = 2 * Z1^2\n var c = this.z.redSqr();\n c = c.redIAdd(c);\n // D = a * A\n var d = this.curve._mulA(a);\n // E = (X1 + Y1)^2 - A - B\n var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);\n // G = D + B\n var g = d.redAdd(b);\n // F = G - C\n var f = g.redSub(c);\n // H = D - B\n var h = d.redSub(b);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projDbl = function _projDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #doubling-dbl-2008-bbjlp\n // #doubling-dbl-2007-bl\n // and others\n // Generally 3M + 4S or 2M + 4S\n\n // B = (X1 + Y1)^2\n var b = this.x.redAdd(this.y).redSqr();\n // C = X1^2\n var c = this.x.redSqr();\n // D = Y1^2\n var d = this.y.redSqr();\n\n var nx;\n var ny;\n var nz;\n if (this.curve.twisted) {\n // E = a * C\n var e = this.curve._mulA(c);\n // F = E + D\n var f = e.redAdd(d);\n if (this.zOne) {\n // X3 = (B - C - D) * (F - 2)\n nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F^2 - 2 * F\n nz = f.redSqr().redSub(f).redSub(f);\n } else {\n // H = Z1^2\n var h = this.z.redSqr();\n // J = F - 2 * H\n var j = f.redSub(h).redISub(h);\n // X3 = (B-C-D)*J\n nx = b.redSub(c).redISub(d).redMul(j);\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F * J\n nz = f.redMul(j);\n }\n } else {\n // E = C + D\n var e = c.redAdd(d);\n // H = (c * Z1)^2\n var h = this.curve._mulC(this.z).redSqr();\n // J = E - 2 * H\n var j = e.redSub(h).redSub(h);\n // X3 = c * (B - E) * J\n nx = this.curve._mulC(b.redISub(e)).redMul(j);\n // Y3 = c * E * (C - D)\n ny = this.curve._mulC(e).redMul(c.redISub(d));\n // Z3 = E * J\n nz = e.redMul(j);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n // Double in extended coordinates\n if (this.curve.extended)\n return this._extDbl();\n else\n return this._projDbl();\n};\n\nPoint.prototype._extAdd = function _extAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #addition-add-2008-hwcd-3\n // 8M\n\n // A = (Y1 - X1) * (Y2 - X2)\n var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));\n // B = (Y1 + X1) * (Y2 + X2)\n var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));\n // C = T1 * k * T2\n var c = this.t.redMul(this.curve.dd).redMul(p.t);\n // D = Z1 * 2 * Z2\n var d = this.z.redMul(p.z.redAdd(p.z));\n // E = B - A\n var e = b.redSub(a);\n // F = D - C\n var f = d.redSub(c);\n // G = D + C\n var g = d.redAdd(c);\n // H = B + A\n var h = b.redAdd(a);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projAdd = function _projAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #addition-add-2008-bbjlp\n // #addition-add-2007-bl\n // 10M + 1S\n\n // A = Z1 * Z2\n var a = this.z.redMul(p.z);\n // B = A^2\n var b = a.redSqr();\n // C = X1 * X2\n var c = this.x.redMul(p.x);\n // D = Y1 * Y2\n var d = this.y.redMul(p.y);\n // E = d * C * D\n var e = this.curve.d.redMul(c).redMul(d);\n // F = B - E\n var f = b.redSub(e);\n // G = B + E\n var g = b.redAdd(e);\n // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)\n var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);\n var nx = a.redMul(f).redMul(tmp);\n var ny;\n var nz;\n if (this.curve.twisted) {\n // Y3 = A * G * (D - a * C)\n ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));\n // Z3 = F * G\n nz = f.redMul(g);\n } else {\n // Y3 = A * G * (D - C)\n ny = a.redMul(g).redMul(d.redSub(c));\n // Z3 = c * F * G\n nz = this.curve._mulC(f).redMul(g);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.add = function add(p) {\n if (this.isInfinity())\n return p;\n if (p.isInfinity())\n return this;\n\n if (this.curve.extended)\n return this._extAdd(p);\n else\n return this._projAdd(p);\n};\n\nPoint.prototype.mul = function mul(k) {\n if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);\n};\n\nPoint.prototype.normalize = function normalize() {\n if (this.zOne)\n return this;\n\n // Normalize coordinates\n var zi = this.z.redInvm();\n this.x = this.x.redMul(zi);\n this.y = this.y.redMul(zi);\n if (this.t)\n this.t = this.t.redMul(zi);\n this.z = this.curve.one;\n this.zOne = true;\n return this;\n};\n\nPoint.prototype.neg = function neg() {\n return this.curve.point(this.x.redNeg(),\n this.y,\n this.z,\n this.t && this.t.redNeg());\n};\n\nPoint.prototype.getX = function getX() {\n this.normalize();\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n this.normalize();\n return this.y.fromRed();\n};\n\nPoint.prototype.eq = function eq(other) {\n return this === other ||\n this.getX().cmp(other.getX()) === 0 &&\n this.getY().cmp(other.getY()) === 0;\n};\n\nPoint.prototype.eqXToP = function eqXToP(x) {\n var rx = x.toRed(this.curve.red).redMul(this.z);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(this.z);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\n// Compatibility with BaseCurve\nPoint.prototype.toP = Point.prototype.normalize;\nPoint.prototype.mixedAdd = Point.prototype.add;\n","'use strict';\n\nvar curve = exports;\n\ncurve.base = require('./base');\ncurve.short = require('./short');\ncurve.mont = require('./mont');\ncurve.edwards = require('./edwards');\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_5 = utils.sum32_5;\nvar ft_1 = shaCommon.ft_1;\nvar BlockHash = common.BlockHash;\n\nvar sha1_K = [\n 0x5A827999, 0x6ED9EBA1,\n 0x8F1BBCDC, 0xCA62C1D6\n];\n\nfunction SHA1() {\n if (!(this instanceof SHA1))\n return new SHA1();\n\n BlockHash.call(this);\n this.h = [\n 0x67452301, 0xefcdab89, 0x98badcfe,\n 0x10325476, 0xc3d2e1f0 ];\n this.W = new Array(80);\n}\n\nutils.inherits(SHA1, BlockHash);\nmodule.exports = SHA1;\n\nSHA1.blockSize = 512;\nSHA1.outSize = 160;\nSHA1.hmacStrength = 80;\nSHA1.padLength = 64;\n\nSHA1.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n\n for(; i < W.length; i++)\n W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n\n for (i = 0; i < W.length; i++) {\n var s = ~~(i / 20);\n var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);\n e = d;\n d = c;\n c = rotl32(b, 30);\n b = a;\n a = t;\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n};\n\nSHA1.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nexports.sha1 = require('./sha/1');\nexports.sha224 = require('./sha/224');\nexports.sha256 = require('./sha/256');\nexports.sha384 = require('./sha/384');\nexports.sha512 = require('./sha/512');\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction Hmac(hash, key, enc) {\n if (!(this instanceof Hmac))\n return new Hmac(hash, key, enc);\n this.Hash = hash;\n this.blockSize = hash.blockSize / 8;\n this.outSize = hash.outSize / 8;\n this.inner = null;\n this.outer = null;\n\n this._init(utils.toArray(key, enc));\n}\nmodule.exports = Hmac;\n\nHmac.prototype._init = function init(key) {\n // Shorten key, if needed\n if (key.length > this.blockSize)\n key = new this.Hash().update(key).digest();\n assert(key.length <= this.blockSize);\n\n // Add padding to key\n for (var i = key.length; i < this.blockSize; i++)\n key.push(0);\n\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x36;\n this.inner = new this.Hash().update(key);\n\n // 0x36 ^ 0x5c = 0x6a\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x6a;\n this.outer = new this.Hash().update(key);\n};\n\nHmac.prototype.update = function update(msg, enc) {\n this.inner.update(msg, enc);\n return this;\n};\n\nHmac.prototype.digest = function digest(enc) {\n this.outer.update(this.inner.digest());\n return this.outer.digest(enc);\n};\n","var hash = exports;\n\nhash.utils = require('./hash/utils');\nhash.common = require('./hash/common');\nhash.sha = require('./hash/sha');\nhash.ripemd = require('./hash/ripemd');\nhash.hmac = require('./hash/hmac');\n\n// Proxy hash functions to the main object\nhash.sha1 = hash.sha.sha1;\nhash.sha256 = hash.sha.sha256;\nhash.sha224 = hash.sha.sha224;\nhash.sha384 = hash.sha.sha384;\nhash.sha512 = hash.sha.sha512;\nhash.ripemd160 = hash.ripemd.ripemd160;\n","module.exports = {\n doubles: {\n step: 4,\n points: [\n [\n 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',\n 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'\n ],\n [\n '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',\n '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'\n ],\n [\n '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',\n 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'\n ],\n [\n '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',\n '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'\n ],\n [\n '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',\n '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'\n ],\n [\n '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',\n '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'\n ],\n [\n 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',\n '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'\n ],\n [\n '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',\n 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'\n ],\n [\n 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',\n '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'\n ],\n [\n 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',\n 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'\n ],\n [\n 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',\n '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'\n ],\n [\n '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',\n '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'\n ],\n [\n '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',\n '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'\n ],\n [\n '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',\n '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'\n ],\n [\n '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',\n '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'\n ],\n [\n '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',\n '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'\n ],\n [\n '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',\n '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'\n ],\n [\n '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',\n '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'\n ],\n [\n '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',\n 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'\n ],\n [\n 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',\n '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'\n ],\n [\n 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',\n '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'\n ],\n [\n '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',\n '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'\n ],\n [\n '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',\n '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'\n ],\n [\n 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',\n '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'\n ],\n [\n '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',\n 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'\n ],\n [\n 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',\n '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'\n ],\n [\n 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',\n 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'\n ],\n [\n 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',\n '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'\n ],\n [\n 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',\n 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'\n ],\n [\n 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',\n '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'\n ],\n [\n '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',\n 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'\n ],\n [\n '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',\n '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'\n ],\n [\n 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',\n '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'\n ],\n [\n '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',\n 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'\n ],\n [\n 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',\n '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'\n ],\n [\n 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',\n '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'\n ],\n [\n 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',\n 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'\n ],\n [\n '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',\n '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'\n ],\n [\n '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',\n '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'\n ],\n [\n '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',\n 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'\n ],\n [\n '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',\n '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'\n ],\n [\n 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',\n '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'\n ],\n [\n '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',\n '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'\n ],\n [\n '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',\n 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'\n ],\n [\n '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',\n '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'\n ],\n [\n 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',\n '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'\n ],\n [\n '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',\n 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'\n ],\n [\n 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',\n 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'\n ],\n [\n 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',\n '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'\n ],\n [\n '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',\n 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'\n ],\n [\n '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',\n 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'\n ],\n [\n 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',\n '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'\n ],\n [\n 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',\n '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'\n ],\n [\n 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',\n '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'\n ],\n [\n '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',\n 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'\n ],\n [\n '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',\n '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'\n ],\n [\n 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',\n 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'\n ],\n [\n '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',\n 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'\n ],\n [\n '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',\n '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'\n ],\n [\n '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',\n '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'\n ],\n [\n 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',\n 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'\n ],\n [\n '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',\n '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'\n ],\n [\n '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',\n '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'\n ],\n [\n 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',\n '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'\n ],\n [\n 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',\n 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'\n ]\n ]\n },\n naf: {\n wnd: 7,\n points: [\n [\n 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',\n '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'\n ],\n [\n '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',\n 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'\n ],\n [\n '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',\n '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'\n ],\n [\n 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',\n 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'\n ],\n [\n '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',\n 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'\n ],\n [\n 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',\n 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'\n ],\n [\n 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',\n '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'\n ],\n [\n 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',\n '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'\n ],\n [\n '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',\n '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'\n ],\n [\n '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',\n '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'\n ],\n [\n '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',\n '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'\n ],\n [\n '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',\n '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'\n ],\n [\n 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',\n 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'\n ],\n [\n 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',\n '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'\n ],\n [\n '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',\n 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'\n ],\n [\n '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',\n 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'\n ],\n [\n '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',\n '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'\n ],\n [\n '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',\n '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'\n ],\n [\n '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',\n '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'\n ],\n [\n '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',\n 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'\n ],\n [\n 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',\n 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'\n ],\n [\n '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',\n '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'\n ],\n [\n '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',\n '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'\n ],\n [\n 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',\n 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'\n ],\n [\n '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',\n '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'\n ],\n [\n 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',\n 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'\n ],\n [\n 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',\n 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'\n ],\n [\n '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',\n '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'\n ],\n [\n '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',\n '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'\n ],\n [\n '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',\n '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'\n ],\n [\n 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',\n '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'\n ],\n [\n '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',\n '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'\n ],\n [\n 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',\n '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'\n ],\n [\n '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',\n 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'\n ],\n [\n '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',\n 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'\n ],\n [\n 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',\n 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'\n ],\n [\n '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',\n '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'\n ],\n [\n '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',\n 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'\n ],\n [\n 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',\n 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'\n ],\n [\n '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',\n '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'\n ],\n [\n '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',\n 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'\n ],\n [\n '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',\n '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'\n ],\n [\n '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',\n 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'\n ],\n [\n 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',\n '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'\n ],\n [\n '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',\n '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'\n ],\n [\n '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',\n 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'\n ],\n [\n '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',\n 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'\n ],\n [\n 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',\n 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'\n ],\n [\n 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',\n 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'\n ],\n [\n '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',\n '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'\n ],\n [\n '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',\n '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'\n ],\n [\n 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',\n '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'\n ],\n [\n 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',\n 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'\n ],\n [\n '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',\n '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'\n ],\n [\n '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',\n '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'\n ],\n [\n 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',\n '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'\n ],\n [\n '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',\n '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'\n ],\n [\n 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',\n 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'\n ],\n [\n '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',\n 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'\n ],\n [\n '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',\n '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'\n ],\n [\n 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',\n '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'\n ],\n [\n 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',\n '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'\n ],\n [\n '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',\n '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'\n ],\n [\n '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',\n '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'\n ],\n [\n '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',\n 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'\n ],\n [\n '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',\n 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'\n ],\n [\n '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',\n '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'\n ],\n [\n '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',\n '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'\n ],\n [\n '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',\n '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'\n ],\n [\n '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',\n 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'\n ],\n [\n 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',\n 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'\n ],\n [\n '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',\n 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'\n ],\n [\n 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',\n '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'\n ],\n [\n 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',\n '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'\n ],\n [\n 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',\n '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'\n ],\n [\n 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',\n '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'\n ],\n [\n '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',\n 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'\n ],\n [\n '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',\n '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'\n ],\n [\n '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',\n 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'\n ],\n [\n 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',\n 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'\n ],\n [\n 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',\n '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'\n ],\n [\n 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',\n 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'\n ],\n [\n 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',\n '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'\n ],\n [\n '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',\n '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'\n ],\n [\n 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',\n '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'\n ],\n [\n 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',\n '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'\n ],\n [\n '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',\n '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'\n ],\n [\n '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',\n 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'\n ],\n [\n 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',\n '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'\n ],\n [\n 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',\n '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'\n ],\n [\n 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',\n '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'\n ],\n [\n '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',\n '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'\n ],\n [\n 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',\n 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'\n ],\n [\n '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',\n 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'\n ],\n [\n 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',\n 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'\n ],\n [\n 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',\n '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'\n ],\n [\n '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',\n 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'\n ],\n [\n 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',\n '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'\n ],\n [\n 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',\n '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'\n ],\n [\n 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',\n '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'\n ],\n [\n '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',\n 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'\n ],\n [\n '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',\n 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'\n ],\n [\n 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',\n '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'\n ],\n [\n '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',\n 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'\n ],\n [\n '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',\n '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'\n ],\n [\n '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',\n 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'\n ],\n [\n 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',\n 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'\n ],\n [\n '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',\n 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'\n ],\n [\n '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',\n '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'\n ],\n [\n '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',\n 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'\n ],\n [\n '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',\n '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'\n ],\n [\n 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',\n 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'\n ],\n [\n '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',\n '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'\n ],\n [\n 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',\n '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'\n ],\n [\n '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',\n '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'\n ],\n [\n 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',\n 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'\n ],\n [\n 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',\n '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'\n ],\n [\n 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',\n 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'\n ],\n [\n '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',\n 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'\n ],\n [\n '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',\n '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'\n ],\n [\n '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',\n 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'\n ],\n [\n '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',\n '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'\n ],\n [\n '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',\n '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'\n ],\n [\n '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',\n 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'\n ],\n [\n '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',\n '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'\n ],\n [\n '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',\n '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'\n ],\n [\n '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',\n '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'\n ]\n ]\n }\n};\n","'use strict';\n\nvar curves = exports;\n\nvar hash = require('hash.js');\nvar curve = require('./curve');\nvar utils = require('./utils');\n\nvar assert = utils.assert;\n\nfunction PresetCurve(options) {\n if (options.type === 'short')\n this.curve = new curve.short(options);\n else if (options.type === 'edwards')\n this.curve = new curve.edwards(options);\n else if (options.type === 'mont')\n this.curve = new curve.mont(options);\n else throw new Error('Unknown curve type.');\n this.g = this.curve.g;\n this.n = this.curve.n;\n this.hash = options.hash;\n\n assert(this.g.validate(), 'Invalid curve');\n assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O');\n}\ncurves.PresetCurve = PresetCurve;\n\nfunction defineCurve(name, options) {\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n get: function() {\n var curve = new PresetCurve(options);\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n value: curve\n });\n return curve;\n }\n });\n}\n\ndefineCurve('p192', {\n type: 'short',\n prime: 'p192',\n p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',\n b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',\n n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',\n hash: hash.sha256,\n gRed: false,\n g: [\n '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',\n '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'\n ]\n});\n\ndefineCurve('p224', {\n type: 'short',\n prime: 'p224',\n p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',\n b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',\n n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',\n hash: hash.sha256,\n gRed: false,\n g: [\n 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',\n 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'\n ]\n});\n\ndefineCurve('p256', {\n type: 'short',\n prime: null,\n p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',\n a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',\n b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',\n n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',\n hash: hash.sha256,\n gRed: false,\n g: [\n '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',\n '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'\n ]\n});\n\ndefineCurve('p384', {\n type: 'short',\n prime: null,\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 ffffffff',\n a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 fffffffc',\n b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +\n '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',\n n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +\n 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',\n hash: hash.sha384,\n gRed: false,\n g: [\n 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +\n '5502f25d bf55296c 3a545e38 72760ab7',\n '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +\n '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'\n ]\n});\n\ndefineCurve('p521', {\n type: 'short',\n prime: null,\n p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff',\n a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff fffffffc',\n b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +\n '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +\n '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',\n n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +\n 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',\n hash: hash.sha512,\n gRed: false,\n g: [\n '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +\n '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +\n 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',\n '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +\n '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +\n '3fad0761 353c7086 a272c240 88be9476 9fd16650'\n ]\n});\n\n// https://tools.ietf.org/html/rfc7748#section-4.1\ndefineCurve('curve25519', {\n type: 'mont',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '76d06',\n b: '1',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '9'\n ]\n});\n\ndefineCurve('ed25519', {\n type: 'edwards',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '-1',\n c: '1',\n // -121665 * (121666^(-1)) (mod P)\n d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',\n // 4/5\n '6666666666666666666666666666666666666666666666666666666666666658'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.4\ndefineCurve('brainpoolP256r1', {\n type: 'short',\n prime: null,\n p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377',\n a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9',\n b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6',\n n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7',\n hash: hash.sha256, // or 384, or 512\n gRed: false,\n g: [\n '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262',\n '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.6\ndefineCurve('brainpoolP384r1', {\n type: 'short',\n prime: null,\n p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' +\n 'ACD3A729 901D1A71 87470013 3107EC53',\n a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' +\n '8AA5814A 503AD4EB 04A8C7DD 22CE2826',\n b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' +\n '7CB43902 95DBC994 3AB78696 FA504C11',\n n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' +\n 'CF3AB6AF 6B7FC310 3B883202 E9046565',\n hash: hash.sha384, // or 512\n gRed: false,\n g: [\n '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' +\n 'E8E826E03436D646AAEF87B2E247D4AF1E',\n '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' +\n '280E4646217791811142820341263C5315'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.7\ndefineCurve('brainpoolP512r1', {\n type: 'short',\n prime: null,\n p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' +\n '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3',\n a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' +\n '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA',\n b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' +\n '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723',\n n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' +\n '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069',\n hash: hash.sha512,\n gRed: false,\n g: [\n '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' +\n '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822',\n '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' +\n '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892'\n ]\n});\n\n// https://en.bitcoin.it/wiki/Secp256k1\nvar pre;\ntry {\n pre = require('./precomputed/secp256k1');\n} catch (e) {\n pre = undefined;\n}\n\ndefineCurve('secp256k1', {\n type: 'short',\n prime: 'k256',\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',\n a: '0',\n b: '7',\n n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',\n h: '1',\n hash: hash.sha256,\n\n // Precomputed endomorphism\n beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',\n lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',\n basis: [\n {\n a: '3086d221a7d46bcde86c90e49284eb15',\n b: '-e4437ed6010e88286f547fa90abfe4c3'\n },\n {\n a: '114ca50f7a8e2f3f657c1108d9d44cfd8',\n b: '3086d221a7d46bcde86c90e49284eb15'\n }\n ],\n\n gRed: false,\n g: [\n '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',\n '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',\n pre\n ]\n});\n","'use strict';\n\nvar hash = require('hash.js');\nvar utils = require('minimalistic-crypto-utils');\nvar assert = require('minimalistic-assert');\n\nfunction HmacDRBG(options) {\n if (!(this instanceof HmacDRBG))\n return new HmacDRBG(options);\n this.hash = options.hash;\n this.predResist = !!options.predResist;\n\n this.outLen = this.hash.outSize;\n this.minEntropy = options.minEntropy || this.hash.hmacStrength;\n\n this._reseed = null;\n this.reseedInterval = null;\n this.K = null;\n this.V = null;\n\n var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');\n var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');\n var pers = utils.toArray(options.pers, options.persEnc || 'hex');\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n this._init(entropy, nonce, pers);\n}\nmodule.exports = HmacDRBG;\n\nHmacDRBG.prototype._init = function init(entropy, nonce, pers) {\n var seed = entropy.concat(nonce).concat(pers);\n\n this.K = new Array(this.outLen / 8);\n this.V = new Array(this.outLen / 8);\n for (var i = 0; i < this.V.length; i++) {\n this.K[i] = 0x00;\n this.V[i] = 0x01;\n }\n\n this._update(seed);\n this._reseed = 1;\n this.reseedInterval = 0x1000000000000; // 2^48\n};\n\nHmacDRBG.prototype._hmac = function hmac() {\n return new hash.hmac(this.hash, this.K);\n};\n\nHmacDRBG.prototype._update = function update(seed) {\n var kmac = this._hmac()\n .update(this.V)\n .update([ 0x00 ]);\n if (seed)\n kmac = kmac.update(seed);\n this.K = kmac.digest();\n this.V = this._hmac().update(this.V).digest();\n if (!seed)\n return;\n\n this.K = this._hmac()\n .update(this.V)\n .update([ 0x01 ])\n .update(seed)\n .digest();\n this.V = this._hmac().update(this.V).digest();\n};\n\nHmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {\n // Optional entropy enc\n if (typeof entropyEnc !== 'string') {\n addEnc = add;\n add = entropyEnc;\n entropyEnc = null;\n }\n\n entropy = utils.toArray(entropy, entropyEnc);\n add = utils.toArray(add, addEnc);\n\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n\n this._update(entropy.concat(add || []));\n this._reseed = 1;\n};\n\nHmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {\n if (this._reseed > this.reseedInterval)\n throw new Error('Reseed is required');\n\n // Optional encoding\n if (typeof enc !== 'string') {\n addEnc = add;\n add = enc;\n enc = null;\n }\n\n // Optional additional data\n if (add) {\n add = utils.toArray(add, addEnc || 'hex');\n this._update(add);\n }\n\n var temp = [];\n while (temp.length < len) {\n this.V = this._hmac().update(this.V).digest();\n temp = temp.concat(this.V);\n }\n\n var res = temp.slice(0, len);\n this._update(add);\n this._reseed++;\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction KeyPair(ec, options) {\n this.ec = ec;\n this.priv = null;\n this.pub = null;\n\n // KeyPair(ec, { priv: ..., pub: ... })\n if (options.priv)\n this._importPrivate(options.priv, options.privEnc);\n if (options.pub)\n this._importPublic(options.pub, options.pubEnc);\n}\nmodule.exports = KeyPair;\n\nKeyPair.fromPublic = function fromPublic(ec, pub, enc) {\n if (pub instanceof KeyPair)\n return pub;\n\n return new KeyPair(ec, {\n pub: pub,\n pubEnc: enc\n });\n};\n\nKeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {\n if (priv instanceof KeyPair)\n return priv;\n\n return new KeyPair(ec, {\n priv: priv,\n privEnc: enc\n });\n};\n\n// TODO: should not validate for X25519\nKeyPair.prototype.validate = function validate() {\n var pub = this.getPublic();\n\n if (pub.isInfinity())\n return { result: false, reason: 'Invalid public key' };\n if (!pub.validate())\n return { result: false, reason: 'Public key is not a point' };\n if (!pub.mul(this.ec.curve.n).isInfinity())\n return { result: false, reason: 'Public key * N != O' };\n\n return { result: true, reason: null };\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n if (!this.pub)\n this.pub = this.ec.g.mul(this.priv);\n\n if (!enc)\n return this.pub;\n\n return this.pub.encode(enc, compact);\n};\n\nKeyPair.prototype.getPrivate = function getPrivate(enc) {\n if (enc === 'hex')\n return this.priv.toString(16, 2);\n else\n return this.priv;\n};\n\nKeyPair.prototype._importPrivate = function _importPrivate(key, enc) {\n this.priv = new BN(key, enc || 16);\n\n // For Curve25519/Curve448 we have a specific procedure.\n // TODO Curve448\n if (this.ec.curve.type === 'mont') {\n var one = this.ec.curve.one;\n var mask = one.ushln(255 - 3).sub(one).ushln(3);\n this.priv = this.priv.or(one.ushln(255 - 1));\n this.priv = this.priv.and(mask);\n } else\n // Ensure that the priv won't be bigger than n, otherwise we may fail\n // in fixed multiplication method\n this.priv = this.priv.umod(this.ec.curve.n);\n};\n\nKeyPair.prototype._importPublic = function _importPublic(key, enc) {\n if (key.x || key.y) {\n // Montgomery points only have an `x` coordinate.\n // Weierstrass/Edwards points on the other hand have both `x` and\n // `y` coordinates.\n if (this.ec.curve.type === 'mont') {\n assert(key.x, 'Need x coordinate');\n } else if (this.ec.curve.type === 'short' ||\n this.ec.curve.type === 'edwards') {\n assert(key.x && key.y, 'Need both x and y coordinate');\n }\n this.pub = this.ec.curve.point(key.x, key.y);\n return;\n }\n this.pub = this.ec.curve.decodePoint(key, enc);\n};\n\n// ECDH\nKeyPair.prototype.derive = function derive(pub) {\n return pub.mul(this.priv).getX();\n};\n\n// ECDSA\nKeyPair.prototype.sign = function sign(msg, enc, options) {\n return this.ec.sign(msg, this, enc, options);\n};\n\nKeyPair.prototype.verify = function verify(msg, signature) {\n return this.ec.verify(msg, signature, this);\n};\n\nKeyPair.prototype.inspect = function inspect() {\n return '';\n};\n","'use strict';\n\nvar BN = require('bn.js');\n\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction Signature(options, enc) {\n if (options instanceof Signature)\n return options;\n\n if (this._importDER(options, enc))\n return;\n\n assert(options.r && options.s, 'Signature without r or s');\n this.r = new BN(options.r, 16);\n this.s = new BN(options.s, 16);\n if (options.recoveryParam === undefined)\n this.recoveryParam = null;\n else\n this.recoveryParam = options.recoveryParam;\n}\nmodule.exports = Signature;\n\nfunction Position() {\n this.place = 0;\n}\n\nfunction getLength(buf, p) {\n var initial = buf[p.place++];\n if (!(initial & 0x80)) {\n return initial;\n }\n var octetLen = initial & 0xf;\n var val = 0;\n for (var i = 0, off = p.place; i < octetLen; i++, off++) {\n val <<= 8;\n val |= buf[off];\n }\n p.place = off;\n return val;\n}\n\nfunction rmPadding(buf) {\n var i = 0;\n var len = buf.length - 1;\n while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {\n i++;\n }\n if (i === 0) {\n return buf;\n }\n return buf.slice(i);\n}\n\nSignature.prototype._importDER = function _importDER(data, enc) {\n data = utils.toArray(data, enc);\n var p = new Position();\n if (data[p.place++] !== 0x30) {\n return false;\n }\n var len = getLength(data, p);\n if ((len + p.place) !== data.length) {\n return false;\n }\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var rlen = getLength(data, p);\n var r = data.slice(p.place, rlen + p.place);\n p.place += rlen;\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var slen = getLength(data, p);\n if (data.length !== slen + p.place) {\n return false;\n }\n var s = data.slice(p.place, slen + p.place);\n if (r[0] === 0 && (r[1] & 0x80)) {\n r = r.slice(1);\n }\n if (s[0] === 0 && (s[1] & 0x80)) {\n s = s.slice(1);\n }\n\n this.r = new BN(r);\n this.s = new BN(s);\n this.recoveryParam = null;\n\n return true;\n};\n\nfunction constructLength(arr, len) {\n if (len < 0x80) {\n arr.push(len);\n return;\n }\n var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);\n arr.push(octets | 0x80);\n while (--octets) {\n arr.push((len >>> (octets << 3)) & 0xff);\n }\n arr.push(len);\n}\n\nSignature.prototype.toDER = function toDER(enc) {\n var r = this.r.toArray();\n var s = this.s.toArray();\n\n // Pad values\n if (r[0] & 0x80)\n r = [ 0 ].concat(r);\n // Pad values\n if (s[0] & 0x80)\n s = [ 0 ].concat(s);\n\n r = rmPadding(r);\n s = rmPadding(s);\n\n while (!s[0] && !(s[1] & 0x80)) {\n s = s.slice(1);\n }\n var arr = [ 0x02 ];\n constructLength(arr, r.length);\n arr = arr.concat(r);\n arr.push(0x02);\n constructLength(arr, s.length);\n var backHalf = arr.concat(s);\n var res = [ 0x30 ];\n constructLength(res, backHalf.length);\n res = res.concat(backHalf);\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar HmacDRBG = require('hmac-drbg');\nvar utils = require('../utils');\nvar curves = require('../curves');\nvar rand = require('brorand');\nvar assert = utils.assert;\n\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EC(options) {\n if (!(this instanceof EC))\n return new EC(options);\n\n // Shortcut `elliptic.ec(curve-name)`\n if (typeof options === 'string') {\n assert(curves.hasOwnProperty(options), 'Unknown curve ' + options);\n\n options = curves[options];\n }\n\n // Shortcut for `elliptic.ec(elliptic.curves.curveName)`\n if (options instanceof curves.PresetCurve)\n options = { curve: options };\n\n this.curve = options.curve.curve;\n this.n = this.curve.n;\n this.nh = this.n.ushrn(1);\n this.g = this.curve.g;\n\n // Point on curve\n this.g = options.curve.g;\n this.g.precompute(options.curve.n.bitLength() + 1);\n\n // Hash function for DRBG\n this.hash = options.hash || options.curve.hash;\n}\nmodule.exports = EC;\n\nEC.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {\n return KeyPair.fromPrivate(this, priv, enc);\n};\n\nEC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {\n return KeyPair.fromPublic(this, pub, enc);\n};\n\nEC.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.n.toArray()\n });\n\n // Key generation for curve25519 is simpler\n if (this.curve.type === 'mont') {\n var priv = new BN(drbg.generate(32));\n return this.keyFromPrivate(priv);\n }\n\n var bytes = this.n.byteLength();\n var ns2 = this.n.sub(new BN(2));\n do {\n var priv = new BN(drbg.generate(bytes));\n if (priv.cmp(ns2) > 0)\n continue;\n\n priv.iaddn(1);\n return this.keyFromPrivate(priv);\n } while (true);\n};\n\nEC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) {\n bitSize = bitSize || msg.byteLength() * 8;\n var delta = bitSize - this.n.bitLength();\n if (delta > 0)\n msg = msg.ushrn(delta);\n if (!truncOnly && msg.cmp(this.n) >= 0)\n return msg.sub(this.n);\n else\n return msg;\n};\n\nEC.prototype.truncateMsg = function truncateMSG(msg) {\n // Bit size is only determined correctly for Uint8Arrays and hex strings\n var bitSize;\n if (msg instanceof Uint8Array) {\n bitSize = msg.byteLength * 8;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else if (typeof msg === 'string') {\n bitSize = msg.length * 4;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else {\n msg = this._truncateToN(new BN(msg, 16));\n }\n return msg;\n}\n\nEC.prototype.sign = function sign(msg, key, enc, options) {\n if (typeof enc === 'object') {\n options = enc;\n enc = null;\n }\n if (!options)\n options = {};\n\n key = this.keyFromPrivate(key, enc);\n msg = this.truncateMsg(msg);\n\n // Zero-extend key to provide enough entropy\n var bytes = this.n.byteLength();\n var bkey = key.getPrivate().toArray('be', bytes);\n\n // Zero-extend nonce to have the same byte size as N\n var nonce = msg.toArray('be', bytes);\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n entropy: bkey,\n nonce: nonce,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8'\n });\n\n // Number of bytes to generate\n var ns1 = this.n.sub(new BN(1));\n\n for (var iter = 0; true; iter++) {\n var k = options.k ?\n options.k(iter) :\n new BN(drbg.generate(this.n.byteLength()));\n k = this._truncateToN(k, true);\n if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)\n continue;\n\n var kp = this.g.mul(k);\n if (kp.isInfinity())\n continue;\n\n var kpX = kp.getX();\n var r = kpX.umod(this.n);\n if (r.cmpn(0) === 0)\n continue;\n\n var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));\n s = s.umod(this.n);\n if (s.cmpn(0) === 0)\n continue;\n\n var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |\n (kpX.cmp(r) !== 0 ? 2 : 0);\n\n // Use complement of `s`, if it is > `n / 2`\n if (options.canonical && s.cmp(this.nh) > 0) {\n s = this.n.sub(s);\n recoveryParam ^= 1;\n }\n\n return new Signature({ r: r, s: s, recoveryParam: recoveryParam });\n }\n};\n\nEC.prototype.verify = function verify(msg, signature, key, enc) {\n key = this.keyFromPublic(key, enc);\n signature = new Signature(signature, 'hex');\n // Fallback to the old code\n var ret = this._verify(this.truncateMsg(msg), signature, key) ||\n this._verify(this._truncateToN(new BN(msg, 16)), signature, key);\n return ret;\n};\n\nEC.prototype._verify = function _verify(msg, signature, key) {\n // Perform primitive values validation\n var r = signature.r;\n var s = signature.s;\n if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)\n return false;\n if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)\n return false;\n\n // Validate signature\n var sinv = s.invm(this.n);\n var u1 = sinv.mul(msg).umod(this.n);\n var u2 = sinv.mul(r).umod(this.n);\n\n if (!this.curve._maxwellTrick) {\n var p = this.g.mulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n return p.getX().umod(this.n).cmp(r) === 0;\n }\n\n // NOTE: Greg Maxwell's trick, inspired by:\n // https://git.io/vad3K\n\n var p = this.g.jmulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n // Compare `p.x` of Jacobian point with `r`,\n // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the\n // inverse of `p.z^2`\n return p.eqXToP(r);\n};\n\nEC.prototype.recoverPubKey = function(msg, signature, j, enc) {\n assert((3 & j) === j, 'The recovery param is more than two bits');\n signature = new Signature(signature, enc);\n\n var n = this.n;\n var e = new BN(msg);\n var r = signature.r;\n var s = signature.s;\n\n // A set LSB signifies that the y-coordinate is odd\n var isYOdd = j & 1;\n var isSecondKey = j >> 1;\n if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)\n throw new Error('Unable to find sencond key candinate');\n\n // 1.1. Let x = r + jn.\n if (isSecondKey)\n r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);\n else\n r = this.curve.pointFromX(r, isYOdd);\n\n var rInv = signature.r.invm(n);\n var s1 = n.sub(e).mul(rInv).umod(n);\n var s2 = s.mul(rInv).umod(n);\n\n // 1.6.1 Compute Q = r^-1 (sR - eG)\n // Q = r^-1 (sR + -eG)\n return this.g.mulAdd(s1, r, s2);\n};\n\nEC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {\n signature = new Signature(signature, enc);\n if (signature.recoveryParam !== null)\n return signature.recoveryParam;\n\n for (var i = 0; i < 4; i++) {\n var Qprime;\n try {\n Qprime = this.recoverPubKey(e, signature, i);\n } catch (e) {\n continue;\n }\n\n if (Qprime.eq(Q))\n return i;\n }\n throw new Error('Unable to find valid recovery factor');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar cachedProperty = utils.cachedProperty;\n\n/**\n* @param {EDDSA} eddsa - instance\n* @param {Object} params - public/private key parameters\n*\n* @param {Array} [params.secret] - secret seed bytes\n* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)\n* @param {Array} [params.pub] - public key point encoded as bytes\n*\n*/\nfunction KeyPair(eddsa, params) {\n this.eddsa = eddsa;\n if (params.hasOwnProperty('secret'))\n this._secret = parseBytes(params.secret);\n if (eddsa.isPoint(params.pub))\n this._pub = params.pub;\n else {\n this._pubBytes = parseBytes(params.pub);\n if (this._pubBytes && this._pubBytes.length === 33 &&\n this._pubBytes[0] === 0x40)\n this._pubBytes = this._pubBytes.slice(1, 33);\n if (this._pubBytes && this._pubBytes.length !== 32)\n throw new Error('Unknown point compression format');\n }\n}\n\nKeyPair.fromPublic = function fromPublic(eddsa, pub) {\n if (pub instanceof KeyPair)\n return pub;\n return new KeyPair(eddsa, { pub: pub });\n};\n\nKeyPair.fromSecret = function fromSecret(eddsa, secret) {\n if (secret instanceof KeyPair)\n return secret;\n return new KeyPair(eddsa, { secret: secret });\n};\n\nKeyPair.prototype.secret = function secret() {\n return this._secret;\n};\n\ncachedProperty(KeyPair, 'pubBytes', function pubBytes() {\n return this.eddsa.encodePoint(this.pub());\n});\n\ncachedProperty(KeyPair, 'pub', function pub() {\n if (this._pubBytes)\n return this.eddsa.decodePoint(this._pubBytes);\n return this.eddsa.g.mul(this.priv());\n});\n\ncachedProperty(KeyPair, 'privBytes', function privBytes() {\n var eddsa = this.eddsa;\n var hash = this.hash();\n var lastIx = eddsa.encodingLength - 1;\n\n // https://tools.ietf.org/html/rfc8032#section-5.1.5\n var a = hash.slice(0, eddsa.encodingLength);\n a[0] &= 248;\n a[lastIx] &= 127;\n a[lastIx] |= 64;\n\n return a;\n});\n\ncachedProperty(KeyPair, 'priv', function priv() {\n return this.eddsa.decodeInt(this.privBytes());\n});\n\ncachedProperty(KeyPair, 'hash', function hash() {\n return this.eddsa.hash().update(this.secret()).digest();\n});\n\ncachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {\n return this.hash().slice(this.eddsa.encodingLength);\n});\n\nKeyPair.prototype.sign = function sign(message) {\n assert(this._secret, 'KeyPair can only verify');\n return this.eddsa.sign(message, this);\n};\n\nKeyPair.prototype.verify = function verify(message, sig) {\n return this.eddsa.verify(message, sig, this);\n};\n\nKeyPair.prototype.getSecret = function getSecret(enc) {\n assert(this._secret, 'KeyPair is public only');\n return utils.encode(this.secret(), enc);\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n return utils.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc);\n};\n\nmodule.exports = KeyPair;\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar cachedProperty = utils.cachedProperty;\nvar parseBytes = utils.parseBytes;\n\n/**\n* @param {EDDSA} eddsa - eddsa instance\n* @param {Array|Object} sig -\n* @param {Array|Point} [sig.R] - R point as Point or bytes\n* @param {Array|bn} [sig.S] - S scalar as bn or bytes\n* @param {Array} [sig.Rencoded] - R point encoded\n* @param {Array} [sig.Sencoded] - S scalar encoded\n*/\nfunction Signature(eddsa, sig) {\n this.eddsa = eddsa;\n\n if (typeof sig !== 'object')\n sig = parseBytes(sig);\n\n if (Array.isArray(sig)) {\n sig = {\n R: sig.slice(0, eddsa.encodingLength),\n S: sig.slice(eddsa.encodingLength)\n };\n }\n\n assert(sig.R && sig.S, 'Signature without R or S');\n\n if (eddsa.isPoint(sig.R))\n this._R = sig.R;\n if (sig.S instanceof BN)\n this._S = sig.S;\n\n this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;\n this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;\n}\n\ncachedProperty(Signature, 'S', function S() {\n return this.eddsa.decodeInt(this.Sencoded());\n});\n\ncachedProperty(Signature, 'R', function R() {\n return this.eddsa.decodePoint(this.Rencoded());\n});\n\ncachedProperty(Signature, 'Rencoded', function Rencoded() {\n return this.eddsa.encodePoint(this.R());\n});\n\ncachedProperty(Signature, 'Sencoded', function Sencoded() {\n return this.eddsa.encodeInt(this.S());\n});\n\nSignature.prototype.toBytes = function toBytes() {\n return this.Rencoded().concat(this.Sencoded());\n};\n\nSignature.prototype.toHex = function toHex() {\n return utils.encode(this.toBytes(), 'hex').toUpperCase();\n};\n\nmodule.exports = Signature;\n","'use strict';\n\nvar hash = require('hash.js');\nvar HmacDRBG = require('hmac-drbg');\nvar rand = require('brorand');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n if (!(this instanceof EDDSA))\n return new EDDSA(curve);\n\n var curve = curves[curve].curve;\n this.curve = curve;\n this.g = curve.g;\n this.g.precompute(curve.n.bitLength() + 1);\n\n this.pointClass = curve.point().constructor;\n this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n message = parseBytes(message);\n var key = this.keyFromSecret(secret);\n var r = this.hashInt(key.messagePrefix(), message);\n var R = this.g.mul(r);\n var Rencoded = this.encodePoint(R);\n var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n .mul(key.priv());\n var S = r.add(s_).umod(this.curve.n);\n return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n message = parseBytes(message);\n sig = this.makeSignature(sig);\n var key = this.keyFromPublic(pub);\n var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n var SG = this.g.mul(sig.S());\n var RplusAh = sig.R().add(key.pub().mul(h));\n return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n var hash = this.hash();\n for (var i = 0; i < arguments.length; i++)\n hash.update(arguments[i]);\n return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.curve.n.toArray()\n });\n\n return this.keyFromSecret(drbg.generate(32));\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n if (sig instanceof Signature)\n return sig;\n return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n var enc = point.getY().toArray('le', this.encodingLength);\n enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n bytes = utils.parseBytes(bytes);\n\n var lastIx = bytes.length - 1;\n var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n var y = utils.intFromLE(normed);\n return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n return val instanceof this.pointClass;\n};\n","'use strict';\n\nvar elliptic = exports;\n\nelliptic.utils = require('./elliptic/utils');\nelliptic.rand = require('brorand');\nelliptic.curve = require('./elliptic/curve');\nelliptic.curves = require('./elliptic/curves');\n\n// Protocols\nelliptic.ec = require('./elliptic/ec');\nelliptic.eddsa = require('./elliptic/eddsa');\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","this","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","prototype","undefined","read","async","length","value","done","readToEnd","join","result","slice","clone","then","push","write","chunk","close","abort","reason","isNode","globalThis","process","versions","NodeReadableStream","require$$0","Readable","isStream","ReadableStream","isPrototypeOf","streams.ReadableStream","isUint8Array","Uint8Array","concatUint8Array","arrays","totalLength","i","Error","pos","forEach","element","set","NodeBuffer","Buffer","require$$1","nodeToWeb","webToNode","nodeStream","canceled","start","controller","pause","on","isBuffer","buffer","byteOffset","byteLength","enqueue","e","error","pull","resume","cancel","destroy","NodeReadable","webStream","options","_reader","streams.getReader","size","callback","doneReadingSet","WeakSet","externalBuffer","Reader","streams.isArrayStream","reader","_read","bind","_releaseLock","_cancel","streamType","streams.isStream","streams.nodeToWeb","doneReading","has","add","shift","readLine","returnVal","streams.concat","lineEndIndex","indexOf","concat","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","filter","toPonyfillReadable","toNativeReadable","WritableStream","TransformStream","loadStreamsPonyfill","ponyfill","adapter","all","createReadableStreamWrapper","toStream","toArrayStream","list","some","map","transform","transformWithCancel","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","transformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","highWaterMark","finish","output","data","result1","result2","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","Object","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","arrayStream","BigInteger","n","hex","hexByte","toString","BigInt","iinc","inc","idec","dec","iadd","x","isub","sub","imul","mul","imod","m","isNegative","mod","modExp","isZero","isOne","exp","r","lsb","rx","modInv","gcd","_egcd","b","y","xPrev","yPrev","a","q","tmp","ileftShift","leftShift","irightShift","rightShift","equal","lt","lte","gt","gte","isEven","abs","res","toNumber","number","Number","MAX_SAFE_INTEGER","getBit","bitLength","zero","one","negOne","bitlen","eight","len","toUint8Array","endian","rawLength","offset","parseInt","reverse","detectBigInt","byValue","curve","p256","secp256r1","prime256v1","p384","secp384r1","p521","secp521r1","secp256k1","ed25519Legacy","ED25519","ed25519","Ed25519","curve25519Legacy","X25519","cv25519","curve25519","Curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","eddsa","aedh","aedsa","x25519","x448","ed448","symmetric","plaintext","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","webHash","aead","eax","ocb","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuer","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","type","debugMode","env","NODE_ENV","util","isString","String","stream.isUint8Array","stream.isStream","readNumber","writeNumber","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","leftPad","padded","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","k","uint8ArrayToHex","h","c","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","s","printDebug","log","printDebugError","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","crypto","subtle","getBigInteger","default","getNodeCrypto","getNodeZlib","getNodeBuffer","require$$2","getHardwareConcurrency","navigator","hardwareConcurrency","require$$3","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","selectUint8","isAES","cipherAlgo","enums","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","from","btoa","atob","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","deflateLevel","aeadProtect","preferredAEADAlgorithm","aeadChunkSizeByte","s2kIterationCountByte","allowUnauthenticatedMessages","allowUnauthenticatedStream","checksumRequired","minRSABits","passwordCollisionCheck","revocationsExpire","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","minBytesForWebCrypto","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","useIndutnyElliptic","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","getType","header","match","addheader","customComment","config","getCheckSum","base64.encode","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","splitChecksum","body","checksum","lastEquals","lastIndexOf","unarmor","defaultConfig","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","checksumVerified","stream.readToEnd","stream.passiveClone","stream.pipe","checksumVerifiedString","stream.isArrayStream","messageType","partIndex","partTotal","bodyClone","KeyID","toHex","equals","keyID","matchWildcard","isWildcard","isNull","static","AES_asm","gexp3","glog3","ginit_done","gmul","aes_sbox","aes_sinv","aes_enc","aes_dec","aes_init_done","aes_init","_s","ginv","d","ginit","wrapper","foreign","heap","asm","stdlib","S0","S1","S2","S3","I0","I1","I2","I3","N0","N1","N2","N3","M0","M1","M2","M3","H0","H1","H2","H3","R","HEAP","DATA","_core","x0","x1","x2","x3","t1","t2","t3","y0","y1","y2","y3","_ecb_enc","_ecb_dec","_cbc_enc","_cbc_dec","_cfb_enc","_cfb_dec","_ofb","_ctr","_gcm_mac","z0","z1","z2","z3","set_rounds","set_state","s0","s1","s2","s3","set_iv","i0","i1","i2","i3","set_nonce","n0","n1","n2","n3","set_mask","m0","m1","m2","m3","set_counter","c0","c1","c2","c3","get_state","get_iv","gcm_init","cipher","mode","ret","_cipher_modes","mac","_mac_modes","set_key","ks","k0","k1","k2","k3","k4","k5","k6","k7","ekeys","dkeys","rcon","jj","ENC","ECB","CBC","CFB","OFB","CTR","DEC","MAC","GCM","HEAP_DATA","is_bytes","_heap_init","heapSize","_heap_write","hpos","dpos","dlen","hlen","wlen","joinBytes","arg","totalLenght","reduce","sum","curr","cursor","IllegalStateError","args","IllegalArgumentError","SecurityError","heap_pool","asm_pool","AES","iv","padding","acquire_asm","pop","reset","release_asm","keylen","keyview","getUint32","ivview","AES_Encrypt_process","TypeError","amode","rpos","AES_Encrypt_finish","plen","rlen","hasOwnProperty","p","AES_Decrypt_process","AES_Decrypt_finish","pad","pcheck","AES_ECB","encrypt","decrypt","aes","C","aesECB","block","blockSize","keySize","des","keys","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","left","right","looping","cbcleft","cbcleft2","cbcright","cbcright2","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","src","dst","l","f1","f2","f3","scheduleA","scheduleB","I","sBox","inn","w","ki","half","round","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","u","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","vector","off","_decryptBlock","kk","sha1_asm","H4","TOTAL0","TOTAL1","I4","O0","O1","O2","O3","O4","w0","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","w19","w20","w21","w22","w23","w24","w25","w26","w27","w28","w29","w30","w31","w32","w33","w34","w35","w36","w37","w38","w39","w40","w41","w42","w43","w44","w45","w46","w47","w48","w49","w50","w51","w52","w53","w54","w55","w56","w57","w58","w59","w60","w61","w62","w63","w64","w65","w66","w67","w68","w69","w70","w71","w72","w73","w74","w75","w76","w77","w78","w79","_core_heap","_state_to_heap","h0","h1","h2","h3","h4","total0","total1","hashed","hmac_reset","_hmac_opad","hmac_init","p0","p1","p2","p3","p4","p5","p6","p7","p8","p9","p10","p11","p12","p13","p14","p15","hmac_finish","t0","t4","pbkdf2_generate_block","count","Hash","HASH_SIZE","Sha1","NAME","BLOCK_SIZE","asm_function","Sha256","H5","H6","H7","I5","I6","I7","O5","O6","O7","f","g","h5","h6","h7","t5","t6","t7","sha256_asm","assert","val","msg","module","create","ctor","superCtor","super_","enumerable","configurable","TempCtor","inherits","enc","hi","lo","zero2","htonl","zero8","word","ah","al","bh","bl","ch","cl","dh","dl","carry","eh","el","num","BlockHash","pending","pendingTotal","outSize","hmacStrength","_delta8","_delta32","update","utils","toArray","join32","_update","digest","_pad","_digest","rotr32","z","ch32","p32","maj32","sum32","sum32_4","sum32_5","shaCommon","s0_256","s1_256","g0_256","g1_256","common","sha256_K","SHA256","W","SHA224","T1","T2","toHex32","split32","rotr64_hi","rotr64_lo","shr64_hi","shr64_lo","sum64","sum64_hi","sum64_lo","sum64_4_hi","sum64_4_lo","sum64_5_hi","sum64_5_lo","sha512_K","SHA512","ch64_hi","xh","xl","yh","yl","zh","ch64_lo","zl","maj64_hi","maj64_lo","s0_512_hi","s0_512_lo","s1_512_hi","s1_512_lo","g0_512_hi","g0_512_lo","g1_512_hi","g1_512_lo","SHA384","_prepareBlock","c0_hi","c0_lo","c1_hi","c1_lo","c2_hi","c2_lo","c3_hi","c3_lo","fh","fl","gh","gl","hh","hl","c4_hi","c4_lo","T1_hi","T1_lo","T2_hi","T2_lo","rotl32","sum32_3","RIPEMD160","K","Kh","A","B","D","E","Ah","Bh","Ch","Dh","Eh","T","rh","sh","md5cycle","ff","gg","add32","cmn","md5blk","md5blks","hex_chr","rhex","webCrypto","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","hashjsHash","webCryptoHash","hashInstance","asmcryptoHash","hashFunctions","entree","state","substring","tail","md51","ripemd160","algo","getHashByteLength","AES_CFB","getCipher","algoName","knownAlgos","getCiphers","nodeAlgos","pt","cipherObj","createCipheriv","nodeEncrypt","ALGO","_key","importKey","cbc_pt","ct","xorMut","webEncrypt","cfb","aesEncrypt","cipherfn","block_size","blockc","ciphertext","encblock","decipherObj","createDecipheriv","nodeDecrypt","aesDecrypt","blockp","decblock","AES_CTR","nonce","AES_CTR_set_options","counter","mask","pow","view","AES_CBC","blockLength","rightXORMut","zeroBlock","CMAC","cbc","padding2","ivLength","tagLength","two","OMAC","cmac","en","final","EAX","omac","ctr","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","xor","OCB","encipher","decipher","maxNtz","crypt","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","xorInput","$","cipherInput","cipherName","ciphers","mask_x","mask_$","constructKeyVariables","crypted","_AES_GCM_data_maxLength","AES_GCM","tagSize","gamma0","noncelen","noncebuf","_gcm_mac_process","nonceview","RangeError","cleartext","tagsize","AES_GCM_encrypt","AES_GCM_decrypt","AES_GCM_Encrypt_process","AES_GCM_Encrypt_finish","alen","clen","AES_GCM_Decrypt_process","tlen","AES_GCM_Decrypt_finish","atag","acheck","setAAD","getAuthTag","de","setAuthTag","additionalData","gcm","nacl","gf","Float64Array","randombytes","_9","gf0","gf1","_121665","D2","X","Y","crypto_verify_32","xi","yi","vn","set25519","car25519","o","v","sel25519","pack25519","neq25519","par25519","unpack25519","Z","M","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","x32","x16","crypto_scalarmult_base","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","cleanup","arr","scalarMult","box","keyPair","fromSecretKey","sign","signedMsg","sm","smlen","crypto_sign","detached","sig","verify","crypto_sign_open","fromSeed","seed","setPRNG","self","msCrypto","getRandomValues","min","require","randomBytes","exports","getRandomBytes","getRandomBigInteger","modulus","randomProbablePrime","thirty","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","rand","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","emLen","hashPrefix","tLen","fill","EM","asn1","RSAPrivateKey","define","seq","obj","int","RSAPublicKey","hashAlgo","hashName","jwk","pNum","qNum","dNum","dq","dp","kty","qi","ext","privateToJWK","webSign","err","BN","pBNum","qBNum","dBNum","subn","createSign","keyObject","version","publicExponent","privateExponent","prime1","prime2","exponent1","exponent2","coefficient","createPrivateKey","der","format","pem","label","nodeSign","bnSign","publicToJWK","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","constants","RSA_PKCS1_PADDING","publicEncrypt","bnEncrypt","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","keyGenOpt","modulusLength","generateKey","exportKey","generateKeyPair","opts","publicKeyEncoding","privateKeyEncoding","prv","_","toArrayLike","phi","nSizeOver3","rde","pSize","n1023","threshold","rqx","OID","oid","getName","keyFromPrivate","indutnyCurve","priv","keyFromPublic","pub","validate","getIndutnyCurve","elliptic","ec","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","stream.TransformStream","lengthByte","nextPacket","UnsupportedError","params","captureStackTrace","UnparseablePacket","rawContent","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","CurveWithOID","oidOrName","webCryptoKey","namedCurve","jwkToRawPublic","webGenKeyPair","createECDH","generateKeys","getPublicKey","getPrivateKey","nodeGenKeyPair","genKeyPair","entropy","getPublic","getPrivate","validateStandardParams","Q","supportedCurves","curveName","dG","validationErrors","eq","bufX","bufY","rawPublicToJWK","crv","ECPrivateKey","parameters","unused","ECDSASignature","ellipticSign","SubjectPublicKeyInfo","algorithm","subjectPublicKey","ellipticVerify","octstr","explicit","optional","any","bitstr","AlgorithmIdentifier","objid","use","getPreferredHashAlgo","RS","wrap","IV","P","unpack","unwrap","createArrayBuffer","setUint32","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","genPrivateEphemeralKey","recipient","deriveBits","public","webPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","V","derive","ellipticPublicEphemeralKey","secret","webPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","ellipticPrivateEphemeralKey","pkcs5.encode","wrappedKey","aesKW.wrap","pkcs5.decode","aesKW.unwrap","nodeSubtleCrypto","webcrypto","HKDF","inputKey","salt","info","outLen","importedKey","hashAlgoName","computeHMAC","hmacKey","hmacMessage","createHmac","pseudoRandomKey","hashLen","outputKeyingMaterial","roundInput","HKDF_INFO","recipientA","ephemeralSecretKey","sharedSecret","ephemeralPublicKey","hkdfInput","computeHKDF","xr","u1","u2","qSize","n150","rsa","publicParams","curveSize","publicKeyParams","privateKeyParams","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","instance","followLength","checkSupportedCurve","keyAlgo","symmetricAlgo","ECDHSymkey","ecdhX","fromObject","sessionKeyParams","privateParams","algosWithNativeRepresentation","orderedParams","generate","validateParams","algoModule","prefixrandom","repeat","random","pkcs1","pkcs5","aesKW","assign","TYPED_OK","Uint16Array","Int32Array","shrinkBuf","fnTyped","arraySet","dest","src_offs","dest_offs","flattenChunks","chunks","fnUntyped","Buf8","Buf16","Buf32","Z_NO_FLUSH","Z_PARTIAL_FLUSH","Z_SYNC_FLUSH","Z_FULL_FLUSH","Z_FINISH","Z_BLOCK","Z_TREES","Z_OK","Z_STREAM_END","Z_NEED_DICT","Z_STREAM_ERROR","Z_DATA_ERROR","Z_BUF_ERROR","Z_DEFAULT_COMPRESSION","Z_FILTERED","Z_HUFFMAN_ONLY","Z_RLE","Z_FIXED","Z_BINARY","Z_TEXT","Z_UNKNOWN","Z_DEFLATED","STORED_BLOCK","STATIC_TREES","DYN_TREES","LENGTH_CODES","LITERALS","L_CODES","D_CODES","BL_CODES","HEAP_SIZE","MAX_BITS","Buf_size","MAX_BL_BITS","END_BLOCK","REP_3_6","REPZ_3_10","REPZ_11_138","extra_lbits","extra_dbits","extra_blbits","bl_order","static_ltree","static_dtree","_dist_code","_length_code","MAX_MATCH","base_length","base_dist","StaticTreeDesc","static_tree","extra_bits","extra_base","elems","max_length","has_stree","static_l_desc","static_d_desc","static_bl_desc","TreeDesc","dyn_tree","stat_desc","max_code","d_code","dist","put_short","pending_buf","send_bits","bi_valid","bi_buf","send_code","tree","bi_reverse","code","gen_codes","bl_count","next_code","init_block","dyn_ltree","dyn_dtree","bl_tree","opt_len","static_len","last_lit","matches","bi_windup","smaller","depth","_n2","_m2","pqdownheap","heap_len","compress_block","ltree","dtree","lc","extra","lx","d_buf","l_buf","build_tree","desc","stree","heap_max","base","xbits","overflow","gen_bitlen","scan_tree","curlen","prevlen","nextlen","max_count","min_count","send_tree","static_init_done","_tr_init","tr_static_init","l_desc","d_desc","bl_desc","_tr_stored_block","stored_len","utils.arraySet","window","copy_block","_tr_align","bi_flush","_tr_flush_block","opt_lenb","static_lenb","max_blindex","level","strm","data_type","black_mask","detect_data_type","build_bl_tree","strategy","lcodes","dcodes","blcodes","rank","send_all_trees","_tr_tally","lit_bufsize","adler32","adler","crcTable","table","makeTable","crc32","MAX_MEM_LEVEL","MIN_MATCH","MIN_LOOKAHEAD","PRESET_DICT","INIT_STATE","EXTRA_STATE","NAME_STATE","COMMENT_STATE","HCRC_STATE","BUSY_STATE","FINISH_STATE","BS_NEED_MORE","BS_BLOCK_DONE","BS_FINISH_STARTED","BS_FINISH_DONE","OS_CODE","errorCode","flush_pending","avail_out","pending_out","next_out","total_out","flush_block_only","trees._tr_flush_block","block_start","strstart","put_byte","putShortMSB","read_buf","avail_in","next_in","total_in","longest_match","cur_match","chain_length","max_chain_length","scan","best_len","prev_length","nice_match","limit","w_size","_win","wmask","w_mask","strend","scan_end1","scan_end","good_match","lookahead","match_start","fill_window","_w_size","more","window_size","hash_size","head","insert","ins_h","hash_shift","hash_mask","deflate_fast","flush","hash_head","bflush","match_length","trees._tr_tally","max_lazy_match","deflate_slow","max_insert","prev_match","match_available","Config","good_length","max_lazy","nice_length","max_chain","func","configuration_table","max_block_size","pending_buf_size","max_start","DeflateState","status","gzhead","gzindex","method","last_flush","w_bits","hash_bits","utils.Buf16","deflateReset","trees._tr_init","deflateResetKeep","lm_init","deflate","old_flush","beg","hcrc","comment","os","level_flags","bstate","deflate_huff","deflate_rle","trees._tr_align","trees._tr_stored_block","__","_utf8len","utils.Buf8","string2buf","m_pos","buf_len","str_len","ZStream","Deflate","chunkSize","windowBits","memLevel","opt","raw","gzip","ended","zlib_deflate.deflateInit2","dictionary","dict","strings.string2buf","avail","next","tmpDict","dictLength","zlib_deflate.deflateSetDictionary","_dict_set","_mode","zlib_deflate.deflate","onEnd","onData","utils.shrinkBuf","zlib_deflate.deflateEnd","utils.flattenChunks","BAD","TYPE","inflate_fast","_in","_out","hold","here","op","from_source","dmax","wsize","whave","wnext","s_window","lcode","lencode","dcode","distcode","lmask","lenbits","dmask","distbits","top","dolen","dodist","sane","MAXBITS","ENOUGH_LENS","ENOUGH_DISTS","CODES","LENS","DISTS","lbase","lext","dbase","dext","inflate_table","lens","lens_index","codes","table_index","work","incr","low","sym","root","drop","used","huff","base_index","offs","here_bits","here_op","here_val","extra_index","HEAD","FLAGS","TIME","OS","EXLEN","EXTRA","COMMENT","HCRC","DICTID","DICT","TYPEDO","STORED","COPY_","COPY","TABLE","LENLENS","CODELENS","LEN_","LEN","LENEXT","DIST","DISTEXT","MATCH","LIT","CHECK","LENGTH","DONE","zswap32","InflateState","havedict","flags","check","total","wbits","ncode","nlen","ndist","have","lendyn","distdyn","back","was","inflateReset","utils.Buf32","inflateResetKeep","inflateInit2","inflateReset2","lenfix","distfix","virgin","fixedtables","updatewindow","copy","inflate","put","last_bits","last_op","last_val","hbuf","order","inf_leave","xflags","extra_len","inflateSetDictionary","dictid","GZheader","Inflate","zlib_inflate.inflateInit2","c.Z_OK","zlib_inflate.inflateGetHeader","zlib_inflate.inflateSetDictionary","allowBufError","c.Z_FINISH","c.Z_NO_FLUSH","strings.binstring2buf","zlib_inflate.inflate","c.Z_NEED_DICT","c.Z_BUF_ERROR","c.Z_STREAM_END","c.Z_SYNC_FLUSH","zlib_inflate.inflateEnd","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","remaining","seek","n_bit","n_byte","pi","bufToHex","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","getCRC","updateCRC","updateCRCRun","mtf","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","optDetail","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","CRC32","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","MAX_HUFCODE_BITS","permute","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","multistream","bz","targetStreamCRC","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","verified","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","issuerKeyID","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","writeHashedSubPackets","toHash","stream.slice","stream.clone","writeSubPacket","humanReadable","critical","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","fromBinary","compressionFn","compress_fns","nodeZlib","node_zlib","stream.nodeToWeb","stream.webToNode","pako_zlib","deflateRaw","createDeflateRaw","createDeflate","inflateRaw","createInflateRaw","createInflate","BunzipDecode","SymEncryptedIntegrityProtectedDataPacket","encrypted","sessionKeyAlgorithm","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","AEADEncryptedDataPacket","cipherAlgorithm","aeadAlgorithm","chunkSizeByte","getAEADMode","modeInstance","tagLengthIfDecrypting","tagLengthIfEncrypting","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","latestPromise","cryptedBytes","queuedBytes","finalChunk","cryptedPromise","setInt32","desiredSize","PublicKeyEncryptedSessionKeyPacket","publicKeyID","sessionKey","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","sessionKeyData","S2K","getCount","passphrase","numBytes","rlength","prefixlen","datalen","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","produceKey","encryptionKey","generateSessionKey","associatedData","toEncrypt","PublicKeyPacket","expirationTimeV3","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","PublicSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","startOfSecretKeyData","unparseableKeyMaterial","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","produceEncryptionKey","cleartextWithHash","validParams","generateParams","global","parse5322","inStr","getPos","setPos","initialize","parseString","tokens","semantic","children","ast","parent","child","compareToken","fxnCompare","tok","lit","and","or","prod","invis","colwsp","star","minimum","isUTF8NonAscii","cr","crlf","lf","dquote","htab","sp","vchar","accept","rfc6532","wsp","quotedPair","obsQP","fws","obsFws","ctext","obsCtext","ccontent","cfws","atext","atom","dotAtomText","maybeText","dotAtom","qtext","obsQtext","qcontent","quotedString","address","mailbox","group","nameAddr","addrSpec","displayName","angleAddr","obsAngleAddr","groupList","obsPhrase","collapseWhitespace","mailboxList","obsMboxList","addressList","obsAddrList","obsGroupList","localPart","obsLocalPart","dtext","obsDtext","domainLiteral","domain","obsDomain","rejectTLD","obsNoWsCtl","strict","atInDisplayName","obsRoute","obsDomainList","findNode","stack","findAllNodesNoChildren","names","namesLookup","giveResult","addresses","groupsAndMailboxes","groupOrMailbox","giveResultGroup","giveResultMailbox","simplifyResult","oneResult","partial","groupName","groupResultMailboxes","mailboxes","grabSemantic","aspec","findAllNodes","comments","local","concatComments","startProduction","handleOpts","startAt","defs","isNullUndef","defaults","isObject","parseOneAddress","parseAddressList","parseFrom","parseSender","parseReplyTo","UserIDPacket","email","components","emailAddresses","otherUserID","SecretSubkeyPacket","Signature","packetlist","getSigningKeyIDs","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","prefAlgo","primaryUser","getPrimaryUser","selfCertification","getPreferredCurveHashAlgo","getPreferredAlgo","userIDs","defaultAlgo","preferredSenderAlgo","prefPropertyName","senderAlgoSupport","recipientPrefs","Boolean","signingKeyPacket","signaturePacket","mergeSignatures","source","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","sanitizeKeyOptions","subkeyDefaults","isValidSigningKeyPacket","isValidEncryptionKeyPacket","isValidDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","signingKeys","isPrivate","signingKey","getSigningKey","certificate","verificationKeys","issuerKeys","getKeys","isRevoked","certifications","certification","valid","verifyCertificate","sourceUser","srcSelfSig","srcRevSig","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","sort","helper.isValidSigningKeyPacket","helper.checkKeyRequirements","helper.isValidEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","revocationCertificate","privateKeys","userSign","certify","verifyAllCertifications","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","fromSecretKeyPacket","pubSubkeyPacket","fromSecretSubkeyPacket","helper.isValidDecryptionKeyPacket","allDummies","defaultOptions","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","userIDPacket","subkeyOptions","subkeySignaturePacket","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","sessionKeyObjects","decryptSessionKeys","symEncryptedPacketlist","symEncryptedPacket","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","password","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","getDecryptionKeys","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgorithmName","supported","isAEADSupported","getEncryptionKey","maybeKey","wildcard","encryptionKeyIDs","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","literalDataPacket","existingSigPacketlist","onePassSig","signingKeyID","onePassSignatureList","createSignaturePackets","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","detachedSignature","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","CleartextMessage","newSignature","hashes","ar","checkMessage","checkCleartextOrMessage","checkOutputMessageFormat","defaultConfigPropsCount","checkConfig","inputConfigProps","inputProp","convertStream","streaming","encoding","setEncoding","stream.toNativeReadable","linkStreams","formatObject","object","SymbolPolyfill","iterator","description","noop","globals","typeIsObject","rethrowAssertionErrorRejection","originalPromise","originalPromiseThen","originalPromiseResolve","originalPromiseReject","newPromise","executor","promiseResolvedWith","promiseRejectedWith","PerformPromiseThen","onFulfilled","onRejected","uponPromise","uponFulfillment","uponRejection","transformPromiseWith","fulfillmentHandler","rejectionHandler","setPromiseIsHandledToTrue","queueMicrotask","globalQueueMicrotask","resolvedPromise","reflectCall","F","Function","promiseCall","SimpleQueue","_cursor","_size","_front","_elements","_next","_back","oldBack","newBack","QUEUE_MAX_ARRAY_SIZE","oldFront","newFront","oldCursor","newCursor","elements","peek","front","ReadableStreamReaderGenericInitialize","_ownerReadableStream","_state","defaultReaderClosedPromiseInitialize","defaultReaderClosedPromiseResolve","defaultReaderClosedPromiseInitializeAsResolved","defaultReaderClosedPromiseInitializeAsRejected","_storedError","ReadableStreamReaderGenericCancel","ReadableStreamCancel","ReadableStreamReaderGenericRelease","defaultReaderClosedPromiseReject","defaultReaderClosedPromiseResetToRejected","readerLockException","_closedPromise","_closedPromise_resolve","_closedPromise_reject","AbortSteps","ErrorSteps","CancelSteps","PullSteps","NumberIsFinite","isFinite","MathTrunc","trunc","assertDictionary","context","assertFunction","assertObject","assertRequiredArgument","position","assertRequiredField","field","convertUnrestrictedDouble","censorNegativeZero","convertUnsignedLongLongWithEnforceRange","upperBound","integerPart","assertReadableStream","IsReadableStream","AcquireReadableStreamDefaultReader","ReadableStreamDefaultReader","ReadableStreamAddReadRequest","readRequest","_readRequests","ReadableStreamFulfillReadRequest","_closeSteps","_chunkSteps","ReadableStreamGetNumReadRequests","ReadableStreamHasDefaultReader","IsReadableStreamDefaultReader","IsReadableStreamLocked","defaultReaderBrandCheckException","resolvePromise","rejectPromise","ReadableStreamDefaultReaderRead","_errorSteps","_disturbed","_readableStreamController","AsyncIteratorPrototype","defineProperties","toStringTag","asyncIterator","ReadableStreamAsyncIteratorImpl","_ongoingPromise","_isFinished","_preventCancel","nextSteps","_nextSteps","return","returnSteps","_returnSteps","ReadableStreamAsyncIteratorPrototype","IsReadableStreamAsyncIterator","_asyncIteratorImpl","streamAsyncIteratorBrandCheckException","setPrototypeOf","NumberIsNaN","isNaN","IsFiniteNonNegativeNumber","IsNonNegativeNumber","DequeueValue","container","pair","_queue","_queueTotalSize","EnqueueValueWithSize","ResetQueue","CreateArrayFromList","ReadableStreamBYOBRequest","IsReadableStreamBYOBRequest","byobRequestBrandCheckException","_view","respond","bytesWritten","_associatedReadableByteStreamController","ReadableByteStreamControllerRespondInternal","ReadableByteStreamControllerRespond","respondWithNewView","isView","firstDescriptor","_pendingPullIntos","bytesFilled","ReadableByteStreamControllerRespondWithNewView","ReadableByteStreamController","byobRequest","IsReadableByteStreamController","byteStreamControllerBrandCheckException","_byobRequest","request","SetUpReadableStreamBYOBRequest","ReadableByteStreamControllerGetDesiredSize","_closeRequested","_controlledReadableByteStream","ReadableByteStreamControllerError","ReadableByteStreamControllerClearAlgorithms","ReadableStreamClose","ReadableByteStreamControllerClose","transferredBuffer","ReadableByteStreamControllerEnqueueChunkToQueue","ReadableStreamHasBYOBReader","ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue","ReadableByteStreamControllerCallPullIfNeeded","ReadableByteStreamControllerEnqueue","_cancelAlgorithm","entry","ReadableByteStreamControllerHandleQueueDrain","autoAllocateChunkSize","_autoAllocateChunkSize","bufferE","pullIntoDescriptor","elementSize","viewConstructor","readerType","shouldPull","_started","ReadableStreamGetNumReadIntoRequests","ReadableByteStreamControllerShouldCallPull","_pulling","_pullAgain","_pullAlgorithm","ReadableByteStreamControllerCommitPullIntoDescriptor","filledView","ReadableByteStreamControllerConvertPullIntoDescriptor","readIntoRequest","_readIntoRequests","ReadableStreamFulfillReadIntoRequest","ReadableByteStreamControllerFillPullIntoDescriptorFromQueue","currentAlignedBytes","maxBytesToCopy","maxBytesFilled","maxAlignedBytes","totalBytesToCopyRemaining","queue","headOfQueue","bytesToCopy","destStart","destOffset","srcOffset","ReadableByteStreamControllerFillHeadPullIntoDescriptor","ReadableByteStreamControllerInvalidateBYOBRequest","ReadableByteStreamControllerShiftPendingPullInto","ReadableByteStreamControllerRespondInClosedState","remainderSize","ReadableByteStreamControllerRespondInReadableState","ReadableByteStreamControllerClearPendingPullIntos","ReadableStreamError","_strategyHWM","SetUpReadableByteStreamControllerFromUnderlyingSource","underlyingByteSource","startAlgorithm","pullAlgorithm","cancelAlgorithm","SetUpReadableByteStreamController","ReadableStreamAddReadIntoRequest","IsReadableStreamBYOBReader","ReadableStreamBYOBReader","byobReaderBrandCheckException","BYTES_PER_ELEMENT","emptyView","ReadableByteStreamControllerPullInto","ReadableStreamBYOBReaderRead","ExtractHighWaterMark","defaultHWM","ExtractSizeAlgorithm","convertQueuingStrategy","convertQueuingStrategySize","convertUnderlyingSinkAbortCallback","original","convertUnderlyingSinkCloseCallback","convertUnderlyingSinkStartCallback","convertUnderlyingSinkWriteCallback","assertWritableStream","IsWritableStream","rawUnderlyingSink","rawStrategy","underlyingSink","convertUnderlyingSink","InitializeWritableStream","sizeAlgorithm","WritableStreamDefaultController","writeAlgorithm","closeAlgorithm","abortAlgorithm","SetUpWritableStreamDefaultController","SetUpWritableStreamDefaultControllerFromUnderlyingSink","locked","streamBrandCheckException$2","IsWritableStreamLocked","WritableStreamAbort","WritableStreamCloseQueuedOrInFlight","WritableStreamClose","AcquireWritableStreamDefaultWriter","WritableStreamDefaultWriter","_writer","_writableStreamController","_writeRequests","_inFlightWriteRequest","_closeRequest","_inFlightCloseRequest","_pendingAbortRequest","_backpressure","_promise","wasAlreadyErroring","_resolve","_reject","_reason","_wasAlreadyErroring","WritableStreamStartErroring","closeRequest","defaultWriterReadyPromiseResolve","closeSentinel","WritableStreamDefaultControllerAdvanceQueueIfNeeded","WritableStreamDealWithRejection","WritableStreamFinishErroring","WritableStreamDefaultWriterEnsureReadyPromiseRejected","WritableStreamHasOperationMarkedInFlight","storedError","writeRequest","WritableStreamRejectCloseAndClosedPromiseIfNeeded","abortRequest","defaultWriterClosedPromiseReject","WritableStreamUpdateBackpressure","backpressure","defaultWriterReadyPromiseInitialize","defaultWriterReadyPromiseReset","_ownerWritableStream","defaultWriterReadyPromiseInitializeAsResolved","defaultWriterClosedPromiseInitialize","defaultWriterReadyPromiseInitializeAsRejected","defaultWriterClosedPromiseResolve","defaultWriterClosedPromiseInitializeAsRejected","IsWritableStreamDefaultWriter","defaultWriterBrandCheckException","defaultWriterLockException","WritableStreamDefaultControllerGetDesiredSize","WritableStreamDefaultWriterGetDesiredSize","_readyPromise","WritableStreamDefaultWriterAbort","WritableStreamDefaultWriterClose","WritableStreamDefaultWriterRelease","WritableStreamDefaultWriterWrite","WritableStreamDefaultWriterEnsureClosedPromiseRejected","_closedPromiseState","defaultWriterClosedPromiseResetToRejected","_readyPromiseState","defaultWriterReadyPromiseReject","defaultWriterReadyPromiseResetToRejected","releasedError","_strategySizeAlgorithm","chunkSizeE","WritableStreamDefaultControllerErrorIfNeeded","WritableStreamDefaultControllerGetChunkSize","WritableStreamAddWriteRequest","enqueueE","_controlledWritableStream","WritableStreamDefaultControllerGetBackpressure","WritableStreamDefaultControllerWrite","IsWritableStreamDefaultController","WritableStreamDefaultControllerError","_abortAlgorithm","WritableStreamDefaultControllerClearAlgorithms","_writeAlgorithm","_closeAlgorithm","WritableStreamMarkCloseRequestInFlight","sinkClosePromise","WritableStreamFinishInFlightClose","WritableStreamFinishInFlightCloseWithError","WritableStreamDefaultControllerProcessClose","WritableStreamMarkFirstWriteRequestInFlight","sinkWritePromise","WritableStreamFinishInFlightWrite","WritableStreamFinishInFlightWriteWithError","WritableStreamDefaultControllerProcessWrite","_readyPromise_resolve","_readyPromise_reject","NativeDOMException","DOMException","DOMException$1","_a","isDOMExceptionConstructor","createDOMExceptionPolyfill","ReadableStreamPipeTo","signal","shuttingDown","currentWrite","actions","shutdownWithAction","action","aborted","addEventListener","isOrBecomesErrored","shutdown","isOrBecomesClosed","WritableStreamDefaultWriterCloseWithErrorPropagation","destClosed","waitForWritesToFinish","oldCurrentWrite","originalIsError","originalError","doTheRest","newError","isError","removeEventListener","resolveLoop","rejectLoop","resolveRead","rejectRead","ReadableStreamDefaultController","IsReadableStreamDefaultController","defaultControllerBrandCheckException$1","ReadableStreamDefaultControllerGetDesiredSize","ReadableStreamDefaultControllerCanCloseOrEnqueue","ReadableStreamDefaultControllerClose","ReadableStreamDefaultControllerEnqueue","ReadableStreamDefaultControllerError","ReadableStreamDefaultControllerClearAlgorithms","_controlledReadableStream","ReadableStreamDefaultControllerCallPullIfNeeded","ReadableStreamDefaultControllerShouldCallPull","SetUpReadableStreamDefaultController","convertUnderlyingSourceCancelCallback","convertUnderlyingSourcePullCallback","convertUnderlyingSourceStartCallback","convertReadableStreamType","convertReadableStreamReaderMode","convertPipeOptions","isAbortSignal","assertAbortSignal","rawUnderlyingSource","underlyingSource","convertUnderlyingDefaultOrByteSource","InitializeReadableStream","SetUpReadableStreamDefaultControllerFromUnderlyingSource","streamBrandCheckException$1","rawOptions","convertReaderOptions","AcquireReadableStreamBYOBReader","pipeThrough","rawTransform","convertReadableWritablePair","destination","branches","cloneForBranch2","reason1","reason2","branch1","branch2","resolveCancelPromise","reading","canceled1","canceled2","cancelPromise","value1","value2","CreateReadableStream","compositeReason","cancelResult","ReadableStreamTee","impl","AcquireReadableStreamAsyncIterator","convertIteratorOptions","convertQueuingStrategyInit","byteLengthSizeFunction","ByteLengthQueuingStrategy","_byteLengthQueuingStrategyHighWaterMark","IsByteLengthQueuingStrategy","byteLengthBrandCheckException","countSizeFunction","CountQueuingStrategy","_countQueuingStrategyHighWaterMark","IsCountQueuingStrategy","countBrandCheckException","convertTransformerFlushCallback","convertTransformerStartCallback","convertTransformerTransformCallback","rawTransformer","rawWritableStrategy","rawReadableStrategy","writableStrategy","readableStrategy","transformer","readableType","writableType","convertTransformer","readableHighWaterMark","readableSizeAlgorithm","writableHighWaterMark","writableSizeAlgorithm","startPromise_resolve","startPromise","_transformStreamController","_backpressureChangePromise","_writable","TransformStreamDefaultControllerPerformTransform","TransformStreamDefaultSinkWriteAlgorithm","TransformStreamError","TransformStreamDefaultSinkAbortAlgorithm","_readable","flushPromise","_flushAlgorithm","TransformStreamDefaultControllerClearAlgorithms","TransformStreamDefaultSinkCloseAlgorithm","TransformStreamSetBackpressure","TransformStreamDefaultSourcePullAlgorithm","TransformStreamErrorWritableAndUnblockWrite","CreateWritableStream","_backpressureChangePromise_resolve","InitializeTransformStream","TransformStreamDefaultController","transformAlgorithm","TransformStreamDefaultControllerEnqueue","transformResultE","flushAlgorithm","_controlledTransformStream","_transformAlgorithm","SetUpTransformStreamDefaultController","SetUpTransformStreamDefaultControllerFromTransformer","IsTransformStream","streamBrandCheckException","IsTransformStreamDefaultController","defaultControllerBrandCheckException","readableController","TransformStreamDefaultControllerTerminate","ReadableStreamDefaultControllerHasBackpressure","extendStatics","__proto__","__extends","isStreamConstructor","startCalled","isReadableStream","isWritableStream","isTransformStream","supportsByobReader","createWrappingReadableSource","parseReadableType","WrappingReadableByteStreamSource","WrappingReadableStreamDefaultSource","typeString","AbstractWrappingReadableStreamSource","underlyingStream","_underlyingReader","_readerMode","_pendingRead","_underlyingStream","_attachDefaultReader","_detachReader","_attachReader","_this","_finishPendingRead","_pullWithDefaultReader","_tryClose","_setPendingRead","readPromise","pendingRead","finishRead","afterRead","_super","supportsByob","_supportsByob","_attachByobReader","_pullWithByobRequest","to","fromArray","createWrappingWritableSink","WrappingWritableStreamSink","underlyingWriter","_pendingWrite","_underlyingWriter","_errorPromise","_errorPromiseReject","_finishErroring","_startErroring","race","_setPendingWrite","_finishPendingWrite","writePromise","pendingWrite","finishWrite","afterWrite","createWrappingTransformer","WrappingTransformStreamTransformer","_onRead","_onError","_flushReject","_onTerminate","_flushResolve","_flushPromise","readerClosed","isReadableStreamConstructor","byteSourceSupported","supportsByteSource","isTransformStreamConstructor","isWritableStreamConstructor","sink","isBN","negative","words","red","_init","wordSize","parseHex","parseBase","cmp","_initNumber","_initArray","_parseHex","_parseBase","strip","limbLen","limbPow","imuln","_iaddn","_expand","_normSign","inspect","zeros","groupSizes","groupBases","smallMulTo","out","ncarry","rword","maxJ","groupSize","groupBase","modn","idivn","toJSON","toBuffer","ArrayType","reqLength","littleEndian","andln","iushrn","_countBits","clz32","_zeroBits","zeroBits","toTwos","width","inotn","iaddn","fromTwos","testn","notn","ineg","isNeg","neg","iuor","ior","uor","iuand","iand","uand","iuxor","ixor","uxor","bytesNeeded","bitsLeft","setn","bit","wbit","comb10MulTo","mid","a0","al0","ah0","a1","al1","ah1","a2","al2","ah2","a3","al3","ah3","a4","al4","ah4","a5","al5","ah5","a6","al6","ah6","a7","al7","ah7","a8","al8","ah8","a9","al9","ah9","bl0","bh0","bl1","bh1","bl2","bh2","bl3","bh3","bl4","bh4","bl5","bh5","bl6","bh6","bl7","bh7","bl8","bh8","bl9","bh9","jumboMulTo","FFTM","mulp","mulTo","hncarry","bigMulTo","makeRBT","N","revBin","rb","rbt","rws","iws","rtws","itws","rtwdf","cos","PI","itwdf","sin","rtwdf_","itwdf_","re","ie","ro","io","guessLen13b","odd","conjugate","normalize13b","ws","convert13b","stub","ph","rwst","iwst","nrws","nrwst","niwst","rmws","mulf","muln","sqr","isqr","toBitArray","iushln","carryMask","newCarry","ishln","hint","extended","maskedWords","ishrn","shln","ushln","shrn","ushrn","imaskn","maskn","isubn","addn","iabs","_ishlnsubmul","_wordDiv","bhi","diff","qj","div","divmod","positive","divn","umod","divRound","dm","r2","acc","egcd","yp","xp","im","isOdd","jm","_invmp","delta","cmpn","invm","bincn","ucmp","gtn","gten","ltn","lten","eqn","Red","toRed","ctx","convertTo","_forceRed","fromRed","convertFrom","forceRed","redAdd","redIAdd","redSub","redISub","redShl","shl","redMul","_verify2","redIMul","redSqr","_verify1","redISqr","redSqrt","sqrt","redInvm","redNeg","redPow","primes","k256","p224","p192","p25519","MPrime","_tmp","K256","P224","P192","P25519","prime","_prime","Mont","rinv","minv","ireduce","imulK","mod3","nOne","lpow","inv","wnd","currentLen","mont","nred","minAssert","minUtils","getNAF","naf","getJSF","jsf","d1","d2","m8","m14","m24","cachedProperty","computer","parseBytes","intFromLE","Rand","_rand","getByte","BaseCurve","conf","pointFromJSON","gRed","_wnafT1","_wnafT2","_wnafT3","_wnafT4","adjustCount","redN","_maxwellTrick","BasePoint","precomputed","point","_fixedNafMul","doubles","_getDoubles","step","repr","nafW","jpoint","mixedAdd","points","toP","_wnafMul","nafPoints","_getNAFPoints","dblp","_wnafMulAdd","defW","coeffs","jacobianResult","wndWidth","comb","toJ","ja","jb","decodePoint","pointFromX","encodeCompressed","_encode","compact","getX","getY","precompute","beta","_getBeta","_hasDoubles","dbl","ShortCurve","Base","tinv","zeroA","threeA","endo","_getEndomorphism","_endoWnafT1","_endoWnafT2","Point","isRed","inf","JPoint","zOne","MontCurve","i4","a24","lambda","betas","_getEndoRoots","lambdas","basis","vec","_getEndoBasis","ntinv","prevR","aprxSqrt","len1","_endoSplit","v1","v2","ax","rhs","_endoWnafMulAdd","npoints","ncoeffs","fromJSON","pre","endoMul","JSON","obj2point","isInfinity","nx","ny","ys1","dyinv","mulAdd","jmulAdd","_precompute","negate","zinv","zinv2","ay","pz2","nz","jx","jy","jz","jz4","jyd","jx2","jyd2","jyd4","dny","_zeroDbl","_threeDbl","_dbl","yyyy","yyyy8","c8","gamma","alpha","beta4","beta8","ggamma8","jy2","jxd4","jyd8","trpl","zz","mm","ee","yyu4","kbase","pz3","eqXToP","zs","xc","normalize","diffAdd","da","cb","jumlAdd","EdwardsCurve","twisted","mOneA","oneC","_mulA","_mulC","lhs","pointFromY","_extDbl","nt","_projDbl","_extAdd","_projAdd","short","edwards","ft_1","sha1_K","SHA1","require$$4","Hmac","inner","outer","sha","hmac","PresetCurve","defineCurve","cofactor","HmacDRBG","predResist","minEntropy","_reseed","reseedInterval","entropyEnc","nonceEnc","pers","persEnc","_hmac","kmac","reseed","addEnc","KeyPair","_importPrivate","privEnc","_importPublic","pubEnc","fromPublic","fromPrivate","_importDER","recoveryParam","Position","place","getLength","initial","octetLen","rmPadding","constructLength","octets","slen","toDER","backHalf","EC","nh","drbg","ns2","_truncateToN","truncOnly","truncateMsg","bkey","ns1","iter","kp","kpX","canonical","_verify","sinv","recoverPubKey","isYOdd","isSecondKey","rInv","getKeyRecoveryParam","Qprime","_secret","isPoint","_pub","_pubBytes","fromSecret","encodePoint","lastIx","encodingLength","decodeInt","privBytes","getSecret","pubBytes","_R","_S","_Rencoded","Rencoded","_Sencoded","Sencoded","encodeInt","toBytes","EDDSA","pointClass","keyFromSecret","hashInt","messagePrefix","s_","makeSignature","SG","normed","xIsOdd","require$$5","rest","unknownOptions","stream.loadStreamsPonyfill","stream.toStream","literalDataPacketlist","expectSigned","publicKeys","clonedPrivateKey","passphrases","signingUserIDs","encryptionUserIDs","signatureNotations","checkBinary","checkString","helper.generateSecretKey","getRevocationCertificate","cleartextMessage","checkHashAlgos","hashAlgos","oneHeader","armoredKey","binaryKey","armoredKeys","binaryKeys","keyIndex","newKey","armoredMessage","binaryMessage","oneKeyList","armoredSignature","binarySignature","reformattedKey","sanitize","reformat","revokedKey","applyRevocationCertificate","revoke","signDetached"],"mappings":";khBAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxBC,cACEC,QACAC,KAAKT,GAAsB,IAAIU,SAAQ,CAACC,EAASC,KAC/CH,KAAKP,GAAsBS,EAC3BF,KAAKN,GAAqBS,CAAM,IAElCH,KAAKT,GAAoBa,OAAM,UAuCnC,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAaV,MAAMW,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,EAETV,KAAKe,OAAST,CAChB,CAvDAV,EAAYoB,UAAUT,UAAY,WAIhC,YAH2BU,IAAvBjB,KAAKL,KACPK,KAAKL,GAAgB,GAEhB,CACLuB,KAAMC,gBACEnB,KAAKT,GACPS,KAAKL,KAAkBK,KAAKoB,OACvB,CAAEC,WAAOJ,EAAWK,MAAM,GAE5B,CAAED,MAAOrB,KAAKA,KAAKL,MAAkB2B,MAAM,IAGxD,EAEA1B,EAAYoB,UAAUO,UAAYJ,eAAeK,SACzCxB,KAAKT,GACX,MAAMkC,EAASD,EAAKxB,KAAK0B,MAAM1B,KAAKL,KAEpC,OADAK,KAAKoB,OAAS,EACPK,CACT,EAEA7B,EAAYoB,UAAUW,MAAQ,WAC5B,MAAMA,EAAQ,IAAI/B,EAIlB,OAHA+B,EAAMpC,GAAsBS,KAAKT,GAAoBqC,MAAK,KACxDD,EAAME,QAAQ7B,KAAK,IAEd2B,CACT,EAkCAlB,EAAOO,UAAUc,MAAQX,eAAeY,GACtC/B,KAAKe,OAAOc,KAAKE,EACnB,EAOAtB,EAAOO,UAAUgB,MAAQb,iBACvBnB,KAAKe,OAAOtB,IACd,EAOAgB,EAAOO,UAAUiB,MAAQd,eAAee,GAEtC,OADAlC,KAAKe,OAAOrB,GAAmBwC,GACxBA,CACT,EAOAzB,EAAOO,UAAUJ,YAAc,aCxG/B,MAAMuB,EAAuC,iBAAvBC,EAAWC,SACQ,iBAAhCD,EAAWC,QAAQC,SAEtBC,EAAqBJ,GAAUK,UAAkBC,SAOvD,SAASC,EAASpC,GAChB,OAAID,EAAcC,GACT,QAEL8B,EAAWO,gBAAkBP,EAAWO,eAAe3B,UAAU4B,cAActC,GAC1E,MAELuC,GAA0BA,EAAuB7B,UAAU4B,cAActC,GACpE,WAELiC,GAAsBA,EAAmBvB,UAAU4B,cAActC,GAC5D,UAELA,IAASA,EAAMC,YACV,UAGX,CAOA,SAASuC,EAAaxC,GACpB,OAAOyC,WAAW/B,UAAU4B,cAActC,EAC5C,CAOA,SAAS0C,EAAiBC,GACxB,GAAsB,IAAlBA,EAAO7B,OAAc,OAAO6B,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIF,EAAO7B,OAAQ+B,IAAK,CACtC,IAAKL,EAAaG,EAAOE,IACvB,MAAUC,MAAM,8DAGlBF,GAAeD,EAAOE,GAAG/B,OAG3B,MAAMK,EAAS,IAAIsB,WAAWG,GAC9B,IAAIG,EAAM,EAMV,OALAJ,EAAOK,SAAQ,SAAUC,GACvB9B,EAAO+B,IAAID,EAASF,GACpBA,GAAOE,EAAQnC,UAGVK,CACT,CC/DA,MAAMgC,EAAatB,GAAUK,UAAkBkB,OACzCnB,EAAqBJ,GAAUwB,UAAkBlB,SAOvD,IAAImB,EACAC,EAEJ,GAAItB,EAAoB,CAOtBqB,EAAY,SAASE,GACnB,IAAIC,GAAW,EACf,OAAO,IAAIlB,EAAuB,CAChCmB,MAAMC,GACJH,EAAWI,QACXJ,EAAWK,GAAG,QAAQpC,IAChBgC,IAGAN,EAAWW,SAASrC,KACtBA,EAAQ,IAAIgB,WAAWhB,EAAMsC,OAAQtC,EAAMuC,WAAYvC,EAAMwC,aAE/DN,EAAWO,QAAQzC,GACnB+B,EAAWI,QAAO,IAEpBJ,EAAWK,GAAG,OAAO,KACfJ,GAGJE,EAAWjC,OAAO,IAEpB8B,EAAWK,GAAG,SAASM,GAAKR,EAAWS,MAAMD,MAE/CE,OACEb,EAAWc,UAEbC,OAAO3C,GACL6B,GAAW,EACXD,EAAWgB,QAAQ5C,OAMzB,MAAM6C,UAAqBxC,EACzBzC,YAAYkF,EAAWC,GACrBlF,MAAMkF,GACNjF,KAAKkF,QAAUC,EAAkBH,GAGnC7D,YAAYiE,GACV,IACE,OAAa,CACX,MAAM9D,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkF,QAAQhE,OAC3C,GAAII,EAAM,CACRtB,KAAK6B,KAAK,MACV,MAEF,IAAK7B,KAAK6B,KAAKR,GACb,OAGJ,MAAOoD,GACPzE,KAAK8E,QAAQL,IAIjBtD,eAAeuD,EAAOW,GACpBrF,KAAKkF,QAAQL,OAAOH,GAAO9C,KAAKyD,EAAUA,IAU9CxB,EAAY,SAASmB,EAAWC,GAC9B,OAAO,IAAIF,EAAaC,EAAWC,GAGvC,CC1FA,MAAMK,EAAiB,IAAIC,QACrBC,EAAiBhG,OAAO,kBAS9B,SAASiG,EAAOnF,GAKd,GAJAN,KAAKe,OAAST,EACVA,EAAMkF,KACRxF,KAAKwF,GAAkBlF,EAAMkF,GAAgB9D,SAE3CgE,EAAsBpF,GAAQ,CAChC,MAAMqF,EAASrF,EAAMC,YAIrB,OAHAP,KAAK4F,MAAQD,EAAOzE,KAAK2E,KAAKF,GAC9B3F,KAAK8F,aAAe,YACpB9F,KAAK+F,QAAU5E,aAGjB,IAAI6E,EAAaC,EAAiB3F,GAIlC,GAHmB,SAAf0F,IACF1F,EAAQ4F,EAAkB5F,IAExB0F,EAAY,CACd,MAAML,EAASrF,EAAMC,YAOrB,OANAP,KAAK4F,MAAQD,EAAOzE,KAAK2E,KAAKF,GAC9B3F,KAAK8F,aAAe,KAClBH,EAAO9E,OAAOT,OAAM,eACpBuF,EAAO/E,aAAa,OAEtBZ,KAAK+F,QAAUJ,EAAOd,OAAOgB,KAAKF,IAGpC,IAAIQ,GAAc,EAClBnG,KAAK4F,MAAQzE,SACPgF,GAAeb,EAAec,IAAI9F,GAC7B,CAAEe,WAAOJ,EAAWK,MAAM,IAEnC6E,GAAc,EACP,CAAE9E,MAAOf,EAAOgB,MAAM,IAE/BtB,KAAK8F,aAAe,KAClB,GAAIK,EACF,IACEb,EAAee,IAAI/F,GACnB,MAAMmE,KAGd,CAOAgB,EAAOzE,UAAUE,KAAOC,iBACtB,GAAInB,KAAKwF,IAAmBxF,KAAKwF,GAAgBpE,OAAQ,CAEvD,MAAO,CAAEE,MAAM,EAAOD,MADRrB,KAAKwF,GAAgBc,SAGrC,OAAOtG,KAAK4F,OACd,EAKAH,EAAOzE,UAAUJ,YAAc,WACzBZ,KAAKwF,KACPxF,KAAKe,OAAOyE,GAAkBxF,KAAKwF,IAErCxF,KAAK8F,cACP,EAKAL,EAAOzE,UAAU6D,OAAS,SAAS3C,GACjC,OAAOlC,KAAK+F,QAAQ7D,EACtB,EAOAuD,EAAOzE,UAAUuF,SAAWpF,iBAC1B,IACIqF,EADAnC,EAAS,GAEb,MAAQmC,GAAW,CACjB,IAAIlF,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OAEjC,GADAG,GAAS,GACLC,EACF,OAAI+C,EAAOjD,OAAeqF,EAAepC,QACzC,EAEF,MAAMqC,EAAerF,EAAMsF,QAAQ,MAAQ,EACvCD,IACFF,EAAYC,EAAepC,EAAOuC,OAAOvF,EAAMwF,OAAO,EAAGH,KACzDrC,EAAS,IAEPqC,IAAiBrF,EAAMD,QACzBiD,EAAOxC,KAAKR,EAAMwF,OAAOH,IAI7B,OADA1G,KAAK8G,WAAWzC,GACTmC,CACT,EAOAf,EAAOzE,UAAU+F,SAAW5F,iBAC1B,MAAMG,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,OACV,MAAM0F,EAAO3F,EAAM,GAEnB,OADArB,KAAK8G,QAAQG,GAAc5F,EAAO,IAC3B2F,CACT,EAOAvB,EAAOzE,UAAUkG,UAAY/F,eAAeC,GAC1C,MAAMiD,EAAS,GACf,IAAI8C,EAAe,EACnB,OAAa,CACX,MAAM7F,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EACF,OAAI+C,EAAOjD,OAAeqF,EAAepC,QACzC,EAIF,GAFAA,EAAOxC,KAAKR,GACZ8F,GAAgB9F,EAAMD,OAClB+F,GAAgB/F,EAAQ,CAC1B,MAAMgG,EAAeX,EAAepC,GAEpC,OADArE,KAAK8G,QAAQG,GAAcG,EAAchG,IAClC6F,GAAcG,EAAc,EAAGhG,IAG5C,EAOAqE,EAAOzE,UAAUqG,UAAYlG,eAAeC,GAC1C,MAAMkG,QAActH,KAAKkH,UAAU9F,GAEnC,OADApB,KAAK8G,QAAQQ,GACNA,CACT,EAOA7B,EAAOzE,UAAU8F,QAAU,YAAYS,GAChCvH,KAAKwF,KACRxF,KAAKwF,GAAkB,IAGL,IAAlB+B,EAAOnG,QAAgB0B,EAAayE,EAAO,KAC3CvH,KAAKwF,GAAgBpE,QAAUmG,EAAO,GAAGnG,QACzCpB,KAAKwF,GAAgB,GAAGlB,YAAciD,EAAO,GAAGnG,OAEhDpB,KAAKwF,GAAgB,GAAK,IAAIzC,WAC5B/C,KAAKwF,GAAgB,GAAGnB,OACxBrE,KAAKwF,GAAgB,GAAGlB,WAAaiD,EAAO,GAAGnG,OAC/CpB,KAAKwF,GAAgB,GAAGjB,WAAagD,EAAO,GAAGnG,QAInDpB,KAAKwF,GAAgBsB,WAAWS,EAAOC,QAAOnG,GAASA,GAASA,EAAMD,SACxE,EAQAqE,EAAOzE,UAAUO,UAAYJ,eAAeK,EAAKiF,GAC/C,MAAMhF,EAAS,GACf,OAAa,CACX,MAAMH,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,MACVG,EAAOI,KAAKR,GAEd,OAAOG,EAAKC,EACd,ECnMA,IAEIgG,EAAoBC,GAFpB/E,eAAEA,EAAcgF,eAAEA,EAAcC,gBAAEA,GAAoBxF,EAI1DjB,eAAe0G,IACb,GAAID,EACF,OAGF,MAAOE,EAAUC,SAAiB9H,QAAQ+H,IAAI,CAC5C/H,gDACAA,oDAGC0C,iBAAgBgF,iBAAgBC,mBAAoBE,GAEvD,MAAMG,4BAAEA,GAAgCF,EAEpC3F,EAAWO,gBAAkBA,IAAmBP,EAAWO,iBAC7D8E,EAAqBQ,EAA4BtF,GACjD+E,EAAmBO,EAA4B7F,EAAWO,gBAE9D,CAEA,MAAMc,EAAatB,GAAUK,UAAkBkB,OAO/C,SAASwE,EAAS5H,GAChB,IAAI0F,EAAatD,EAASpC,GAC1B,MAAmB,SAAf0F,EACKpC,EAAUtD,GAEA,QAAf0F,GAAwByB,EACnBA,EAAmBnH,GAExB0F,EACK1F,EAEF,IAAIqC,EAAe,CACxBqB,MAAMC,GACJA,EAAWO,QAAQlE,GACnB2D,EAAWjC,UAGjB,CAOA,SAASmG,EAAc7H,GACrB,GAAIoC,EAASpC,GACX,OAAOA,EAET,MAAMS,EAAS,IAAInB,EAMnB,MALA,WACE,MAAMc,EAASC,EAAUI,SACnBL,EAAOoB,MAAMxB,SACbI,EAAOsB,OACd,EAJD,GAKOjB,CACT,CAQA,SAAS6F,EAAOwB,GACd,OAAIA,EAAKC,MAAKtH,GAAU2B,EAAS3B,KAAYV,EAAcU,KAoB7D,SAAsBqH,GACpBA,EAAOA,EAAKE,IAAIJ,GAChB,MAAMK,EAAYC,GAAoBrH,eAAee,SAC7CjC,QAAQ+H,IAAIS,EAAWH,KAAIvH,GAAU8D,GAAO9D,EAAQmB,SAE5D,IAAIwG,EAAOzI,QAAQC,UACnB,MAAMuI,EAAaL,EAAKE,KAAI,CAACvH,EAAQoC,IAAMwF,EAAc5H,GAAQ,CAAC6H,EAAUC,KAC1EH,EAAOA,EAAK9G,MAAK,IAAMkH,EAAKF,EAAUL,EAAUM,SAAU,CACxDE,aAAc5F,IAAMiF,EAAKhH,OAAS,MAE7BsH,OAET,OAAOH,EAAUK,QACnB,CAhCWI,CAAaZ,GAElBA,EAAKC,MAAKtH,GAAUV,EAAcU,KAqCxC,SAA2BqH,GACzB,MAAM3G,EAAS,IAAI7B,EACnB,IAAI8I,EAAOzI,QAAQC,UAOnB,OANAkI,EAAK9E,SAAQ,CAACvC,EAAQoC,KACpBuF,EAAOA,EAAK9G,MAAK,IAAMkH,EAAK/H,EAAQU,EAAQ,CAC1CsH,aAAc5F,IAAMiF,EAAKhH,OAAS,MAE7BsH,KAEFjH,CACT,CA9CWwH,CAAkBb,GAEJ,iBAAZA,EAAK,GACPA,EAAK5G,KAAK,IAEfiC,GAAcA,EAAWW,SAASgE,EAAK,IAClC3E,EAAWmD,OAAOwB,GAEpBpF,EAAiBoF,EAC1B,CA4CA,SAAS7H,EAAUD,GACjB,OAAO,IAAImF,EAAOnF,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CAUAa,eAAe2H,EAAKxI,EAAO4I,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAI1G,EAASpC,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4H,EAAS5H,GACjB,IACE,GAAIA,EAAMkF,GAAiB,CACzB,MAAM9E,EAASC,EAAUuI,GACzB,IAAK,IAAI/F,EAAI,EAAGA,EAAI7C,EAAMkF,GAAgBpE,OAAQ+B,UAC1CzC,EAAO2I,YACP3I,EAAOoB,MAAMxB,EAAMkF,GAAgBrC,IAE3CzC,EAAOE,oBAEHN,EAAMgJ,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,kBAEF,MAAM3E,IACR,OAGF,MAAMkB,EAASpF,EADfD,EAAQ6H,EAAc7H,IAEhBI,EAASC,EAAUuI,GACzB,IACE,OAAa,OACLxI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACHyH,SAAoBrI,EAAOsB,QAChC,YAEItB,EAAOoB,MAAMT,IAErB,MAAOoD,GACF0E,SAAoBzI,EAAOuB,MAAMwC,WAEtCkB,EAAO/E,cACPF,EAAOE,cAEX,CAQA,SAAS2I,EAAajJ,EAAO2E,GAC3B,MAAMuE,EAAkB,IAAI5B,EAAgB3C,GAE5C,OADA6D,EAAKxI,EAAOkJ,EAAgBX,UACrBW,EAAgBZ,QACzB,CAOA,SAASJ,EAAoBiB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLlB,SAAU,IAAIjG,EAAe,CAC3BqB,MAAMC,GACJ2F,EAAmB3F,GAErBU,OACM+E,EACFA,IAEAG,GAAS,GAGb1I,aAAae,GACX4H,GAAY,EACRL,SACIA,EAAavH,GAEjByH,GACFA,EAAgCzH,KAGnC,CAAC6H,cAAe,IACnBlB,SAAU,IAAIlB,EAAe,CAC3B7F,MAAOX,eAAeY,GACpB,GAAI+H,EACF,MAAU1G,MAAM,uBAElBwG,EAAiBpF,QAAQzC,GACpB8H,EAQHA,GAAS,SAPH,IAAI5J,SAAQ,CAACC,EAASC,KAC1BuJ,EAAmCxJ,EACnCyJ,EAAkCxJ,CAAM,IAE1CuJ,EAAmC,KACnCC,EAAkC,OAKtC3H,MAAO4H,EAAiB5H,MAAM6D,KAAK+D,GACnC3H,MAAO2H,EAAiBlF,MAAMmB,KAAK+D,KAGzC,CASA,SAASrB,EAAUjI,EAAO+B,EAAU,MAAe,GAAE2H,EAAS,MAAe,IAC3E,GAAI3J,EAAcC,GAAQ,CACxB,MAAM2J,EAAS,IAAIrK,EAgBnB,MAfA,WACE,MAAMc,EAASC,EAAUsJ,GACzB,IACE,MAAMC,QAAa3I,GAAUjB,GACvB6J,EAAU9H,EAAQ6H,GAClBE,EAAUJ,IAChB,IAAIvI,EACgDA,OAApCR,IAAZkJ,QAAqClJ,IAAZmJ,EAAgCxD,EAAO,CAACuD,EAASC,SACpDnJ,IAAZkJ,EAAwBA,EAAUC,QAC1C1J,EAAOoB,MAAML,SACbf,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,GAEtB,EAdD,GAeOwF,EAET,GAAIvH,EAASpC,GACX,OAAOiJ,EAAajJ,EAAO,CACzBa,gBAAgBE,EAAO4C,GACrB,IACE,MAAMxC,QAAeY,EAAQhB,QACdJ,IAAXQ,GAAsBwC,EAAWO,QAAQ/C,GAC7C,MAAMgD,GACNR,EAAWS,MAAMD,KAGrBtD,YAAY8C,GACV,IACE,MAAMxC,QAAeuI,SACN/I,IAAXQ,GAAsBwC,EAAWO,QAAQ/C,GAC7C,MAAMgD,GACNR,EAAWS,MAAMD,OAKzB,MAAM0F,EAAU9H,EAAQ/B,GAClB8J,EAAUJ,IAChB,YAAgB/I,IAAZkJ,QAAqClJ,IAAZmJ,EAA8BxD,EAAO,CAACuD,EAASC,SACzDnJ,IAAZkJ,EAAwBA,EAAUC,CAC3C,CAWA,SAASzB,EAAcrI,EAAO+J,GAC5B,GAAI3H,EAASpC,KAAWD,EAAcC,GAAQ,CAC5C,IAAIgK,EACJ,MAAMC,EAAW,IAAI3C,EAAgB,CACnC5D,MAAMC,GACJqG,EAA8BrG,KAI5BuG,EAAkB1B,EAAKxI,EAAOiK,EAAS1B,UAEvC4B,EAAWjC,GAAoBrH,eAAee,GAClDoI,EAA4B5F,MAAMxC,SAC5BsI,QACA,IAAIvK,QAAQyK,eAGpB,OADAL,EAAGE,EAAS3B,SAAU6B,EAAS5B,UACxB4B,EAAS7B,SAElBtI,EAAQ6H,EAAc7H,GACtB,MAAM2J,EAAS,IAAIrK,EAEnB,OADAyK,EAAG/J,EAAO2J,GACHA,CACT,CAWA,SAASU,EAAMrK,EAAO+J,GACpB,IAAIO,EACJ,MAAMC,EAAclC,EAAcrI,GAAO,CAACsI,EAAUC,KAClD,MAAMlD,EAASpF,EAAUqI,GACzBjD,EAAOmF,UAAY,KACjBnF,EAAO/E,cACPkI,EAAKF,EAAUC,GACRgC,GAETD,EAAcP,EAAG1E,EAAO,IAE1B,OAAOiF,CACT,CA4BA,SAASjJ,EAAMrB,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqB,QAEf,GAAIe,EAASpC,GAAQ,CACnB,MAAMyK,EAxBV,SAAazK,GACX,GAAID,EAAcC,GAChB,MAAU8C,MAAM,qDAElB,GAAIV,EAASpC,GAAQ,CACnB,MAAMyK,EAAO7C,EAAS5H,GAAO0K,MAE7B,OADAD,EAAK,GAAGvF,GAAkBuF,EAAK,GAAGvF,GAAkBlF,EAAMkF,GACnDuF,EAET,MAAO,CAACrJ,GAAMpB,GAAQoB,GAAMpB,GAC9B,CAciB0K,CAAI1K,GAEjB,OADA2K,GAAU3K,EAAOyK,EAAK,IACfA,EAAK,GAEd,OAAOrJ,GAAMpB,EACf,CAUA,SAAS4K,GAAa5K,GACpB,OAAID,EAAcC,GACTqB,EAAMrB,GAEXoC,EAASpC,GACJ,IAAIqC,EAAe,CACxBqB,MAAMC,GACJ,MAAM4G,EAAclC,EAAcrI,GAAOa,MAAOyH,EAAUC,KACxD,MAAMlD,EAASpF,EAAUqI,GACnBlI,EAASC,EAAUkI,GACzB,IACE,OAAa,OACLnI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACR,IAAM2C,EAAWjC,QAAW,MAAMyC,IAElC,kBADM/D,EAAOsB,QAGf,IAAMiC,EAAWO,QAAQnD,GAAU,MAAMoD,UACnC/D,EAAOoB,MAAMT,IAErB,MAAMoD,GACNR,EAAWS,MAAMD,SACX/D,EAAOuB,MAAMwC,OAGvBwG,GAAU3K,EAAOuK,MAIhBnJ,GAAMpB,EACf,CAQA,SAAS2K,GAAU3K,EAAOqB,GAExBwJ,OAAOC,QAAQD,OAAOE,0BAA0B/K,EAAMR,YAAYkB,YAAYsC,SAAQ,EAAEgI,EAAMC,MAC/E,gBAATD,IAGAC,EAAWlK,MACbkK,EAAWlK,MAAQkK,EAAWlK,MAAMwE,KAAKlE,GAEzC4J,EAAWC,IAAMD,EAAWC,IAAI3F,KAAKlE,GAEvCwJ,OAAOM,eAAenL,EAAOgL,EAAMC,GAAW,GAElD,CAOA,SAAS7J,GAAMpB,EAAOoL,EAAM,EAAGC,EAAIC,KACjC,GAAIvL,EAAcC,GAChB,MAAU8C,MAAM,mBAElB,GAAIV,EAASpC,GAAQ,CACnB,GAAIoL,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAOtC,EAAajJ,EAAO,CACzBiI,UAAUlH,EAAO4C,GACX4H,EAAYF,GACVE,EAAYxK,EAAMD,QAAUsK,GAC9BzH,EAAWO,QAAQ9C,GAAML,EAAOyK,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAaxK,EAAMD,QAEnB6C,EAAW+H,eAKnB,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAO1D,EAAUjI,GAAOe,IAClBA,EAAMD,SAAWsK,EAAOO,EAAY,CAAC5K,GACpC4K,EAAUpK,KAAKR,EAAM,IACzB,IAAMK,GAAMkF,EAAOqF,GAAYP,EAAOC,KAE3C,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAO1D,EAAUjI,GAAOe,IACtB,MAAMuJ,EAAcqB,EAAYrF,EAAO,CAACqF,EAAW5K,IAAUA,EAC7D,GAAIuJ,EAAYxJ,SAAWuK,EAEzB,OADAM,EAAYvK,GAAMkJ,EAAae,GACxBjK,GAAMkJ,EAAac,EAAOC,GAEjCM,EAAYrB,KAKlB,OADAsB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,IAAUjL,SAAYO,SAAYH,GAAUjB,GAAQoL,EAAOC,KAKpE,OAHIrL,EAAMkF,KACRlF,EAAQsG,EAAOtG,EAAMkF,GAAgBoB,OAAO,CAACtG,OAE3CwC,EAAaxC,IAAYmD,GAAcA,EAAWW,SAAS9D,GAIxDA,EAAMoB,MAAMgK,EAAOC,IAHpBA,IAAQC,MAAUD,EAAMrL,EAAMc,QAC3Bd,EAAM+L,SAASX,EAAOC,GAGjC,CASAxK,eAAeI,GAAUjB,EAAOkB,EAAKoF,GACnC,OAAIvG,EAAcC,GACTA,EAAMiB,UAAUC,GAErBkB,EAASpC,GACJC,EAAUD,GAAOiB,UAAUC,GAE7BlB,CACT,CASAa,eAAe0D,GAAOvE,EAAO4B,GAC3B,GAAIQ,EAASpC,GAAQ,CACnB,GAAIA,EAAMuE,OACR,OAAOvE,EAAMuE,OAAO3C,GAEtB,GAAI5B,EAAMwE,QAGR,OAFAxE,EAAMwE,QAAQ5C,SACR,IAAIjC,QAAQyK,YACXxI,EAGb,CAOA,SAASkK,GAAU/B,GACjB,MAAMiC,EAAc,IAAI1M,EAUxB,MATA,WACE,MAAMc,EAASC,EAAU2L,GACzB,UACQ5L,EAAOoB,YAAYuI,WACnB3J,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,GAEtB,EARD,GASO6H,CACT,CCjkBe,MAAMC,GAMnBzM,YAAY0M,GACV,QAAUvL,IAANuL,EACF,MAAUpJ,MAAM,4BAGlB,GAAIoJ,aAAazJ,WAAY,CAC3B,MAAMuE,EAAQkF,EACRC,EAAU5M,MAAMyH,EAAMlG,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAImE,EAAMlG,OAAQ+B,IAAK,CACrC,MAAMuJ,EAAUpF,EAAMnE,GAAGwJ,SAAS,IAClCF,EAAItJ,GAAMmE,EAAMnE,IAAM,GAAQ,IAAMuJ,EAAWA,EAEjD1M,KAAKqB,MAAQuL,OAAO,MAAQH,EAAIjL,KAAK,UAErCxB,KAAKqB,MAAQuL,OAAOJ,GAIxB7K,QACE,OAAO,IAAI4K,GAAWvM,KAAKqB,OAM7BwL,OAEE,OADA7M,KAAKqB,QACErB,KAOT8M,MACE,OAAO9M,KAAK2B,QAAQkL,OAMtBE,OAEE,OADA/M,KAAKqB,QACErB,KAOTgN,MACE,OAAOhN,KAAK2B,QAAQoL,OAOtBE,KAAKC,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQTqG,IAAI6G,GACF,OAAOlN,KAAK2B,QAAQsL,KAAKC,GAO3BC,KAAKD,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQToN,IAAIF,GACF,OAAOlN,KAAK2B,QAAQwL,KAAKD,GAO3BG,KAAKH,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQTsN,IAAIJ,GACF,OAAOlN,KAAK2B,QAAQ0L,KAAKH,GAO3BK,KAAKC,GAKH,OAJAxN,KAAKqB,OAASmM,EAAEnM,MACZrB,KAAKyN,cACPzN,KAAKiN,KAAKO,GAELxN,KAQT0N,IAAIF,GACF,OAAOxN,KAAK2B,QAAQ4L,KAAKC,GAS3BG,OAAOlJ,EAAG+H,GACR,GAAIA,EAAEoB,SAAU,MAAMxK,MAAM,yBAC5B,GAAIoJ,EAAEqB,QAAS,OAAO,IAAItB,GAAW,GACrC,GAAI9H,EAAEgJ,aAAc,MAAMrK,MAAM,iCAEhC,IAAI0K,EAAMrJ,EAAEpD,MACR6L,EAAIlN,KAAKqB,MAEb6L,GAAKV,EAAEnL,MACP,IAAI0M,EAAInB,OAAO,GACf,KAAOkB,EAAMlB,OAAO,IAAI,CACtB,MAAMoB,EAAMF,EAAMlB,OAAO,GACzBkB,IAAQlB,OAAO,GAEf,MAAMqB,EAAMF,EAAIb,EAAKV,EAAEnL,MAEvB0M,EAAIC,EAAMC,EAAKF,EACfb,EAAKA,EAAIA,EAAKV,EAAEnL,MAElB,OAAO,IAAIkL,GAAWwB,GAWxBG,OAAO1B,GACL,MAAM2B,IAAEA,EAAGjB,EAAEA,GAAMlN,KAAKoO,MAAM5B,GAC9B,IAAK2B,EAAIN,QACP,MAAUzK,MAAM,0BAElB,OAAO8J,EAAE7G,IAAImG,GAAGkB,IAAIlB,GAStB4B,MAAMC,GACJ,IAAInB,EAAIN,OAAO,GACX0B,EAAI1B,OAAO,GACX2B,EAAQ3B,OAAO,GACf4B,EAAQ5B,OAAO,GAEf6B,EAAIzO,KAAKqB,MAGb,IAFAgN,EAAIA,EAAEhN,MAECgN,IAAMzB,OAAO,IAAI,CACtB,MAAM8B,EAAID,EAAIJ,EACd,IAAIM,EAAMzB,EACVA,EAAIqB,EAAQG,EAAIxB,EAChBqB,EAAQI,EAERA,EAAML,EACNA,EAAIE,EAAQE,EAAIJ,EAChBE,EAAQG,EAERA,EAAMN,EACNA,EAAII,EAAIJ,EACRI,EAAIE,EAGN,MAAO,CACLzB,EAAG,IAAIX,GAAWgC,GAClBD,EAAG,IAAI/B,GAAWiC,GAClBL,IAAK,IAAI5B,GAAWkC,IASxBN,IAAIE,GACF,IAAII,EAAIzO,KAAKqB,MAEb,IADAgN,EAAIA,EAAEhN,MACCgN,IAAMzB,OAAO,IAAI,CACtB,MAAM+B,EAAMN,EACZA,EAAII,EAAIJ,EACRI,EAAIE,EAEN,OAAO,IAAIpC,GAAWkC,GAOxBG,WAAW1B,GAET,OADAlN,KAAKqB,QAAU6L,EAAE7L,MACVrB,KAQT6O,UAAU3B,GACR,OAAOlN,KAAK2B,QAAQiN,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADAlN,KAAKqB,QAAU6L,EAAE7L,MACVrB,KAQT+O,WAAW7B,GACT,OAAOlN,KAAK2B,QAAQmN,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAOlN,KAAKqB,QAAU6L,EAAE7L,MAQ1B4N,GAAG/B,GACD,OAAOlN,KAAKqB,MAAQ6L,EAAE7L,MAQxB6N,IAAIhC,GACF,OAAOlN,KAAKqB,OAAS6L,EAAE7L,MAQzB8N,GAAGjC,GACD,OAAOlN,KAAKqB,MAAQ6L,EAAE7L,MAQxB+N,IAAIlC,GACF,OAAOlN,KAAKqB,OAAS6L,EAAE7L,MAGzBuM,SACE,OAAO5N,KAAKqB,QAAUuL,OAAO,GAG/BiB,QACE,OAAO7N,KAAKqB,QAAUuL,OAAO,GAG/Ba,aACE,OAAOzN,KAAKqB,MAAQuL,OAAO,GAG7ByC,SACE,QAASrP,KAAKqB,MAAQuL,OAAO,IAG/B0C,MACE,MAAMC,EAAMvP,KAAK2B,QAIjB,OAHI3B,KAAKyN,eACP8B,EAAIlO,OAASkO,EAAIlO,OAEZkO,EAOT5C,WACE,OAAO3M,KAAKqB,MAAMsL,WAQpB6C,WACE,MAAMC,EAASC,OAAO1P,KAAKqB,OAC3B,GAAIoO,EAASC,OAAOC,iBAElB,MAAUvM,MAAM,8CAElB,OAAOqM,EAQTG,OAAOzM,GAEL,OADanD,KAAKqB,OAASuL,OAAOzJ,GAAMyJ,OAAO,MAC/BA,OAAO,GAAM,EAAI,EAOnCiD,YACE,MAAMC,EAAO,IAAIvD,GAAW,GACtBwD,EAAM,IAAIxD,GAAW,GACrByD,EAAS,IAAIzD,IAAY,GAIzBrD,EAASlJ,KAAKyN,aAAeuC,EAASF,EAC5C,IAAIG,EAAS,EACb,MAAMtB,EAAM3O,KAAK2B,QACjB,MAAQgN,EAAIG,YAAYiB,GAAKf,MAAM9F,IACjC+G,IAEF,OAAOA,EAOT1L,aACE,MAAMuL,EAAO,IAAIvD,GAAW,GACtByD,EAAS,IAAIzD,IAAY,GAEzBrD,EAASlJ,KAAKyN,aAAeuC,EAASF,EACtCI,EAAQ,IAAI3D,GAAW,GAC7B,IAAI4D,EAAM,EACV,MAAMxB,EAAM3O,KAAK2B,QACjB,MAAQgN,EAAIG,YAAYoB,GAAOlB,MAAM9F,IACnCiH,IAEF,OAAOA,EASTC,aAAaC,EAAS,KAAMjP,GAG1B,IAAIqL,EAAMzM,KAAKqB,MAAMsL,SAAS,IAC1BF,EAAIrL,OAAS,GAAM,IACrBqL,EAAM,IAAMA,GAGd,MAAM6D,EAAY7D,EAAIrL,OAAS,EACzBkG,EAAQ,IAAIvE,WAAW3B,GAAUkP,GAEjCC,EAASnP,EAAUA,EAASkP,EAAa,EAC/C,IAAInN,EAAI,EACR,KAAOA,EAAImN,GACThJ,EAAMnE,EAAIoN,GAAUC,SAAS/D,EAAI/K,MAAM,EAAIyB,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXkN,GACF/I,EAAMmJ,UAGDnJ,GChcX,MAAMoJ,GAAe,IAAwB,oBAAX9D,OCElC,MAAM+D,GAAUnR,OAAO,WAEvB,OAAe,CAOboR,MAAO,CAELC,KAAuB,OACvB,QAAuB,OACvBC,UAAuB,OACvBC,WAAuB,OACvB,sBAAuB,OACvB,mBAAuB,OACvB,mBAAuB,OAGvBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,UAAgB,YAChB,eAAgB,YAChB,aAAgB,YAChB,aAAgB,YAGhBC,cAA0B,UAC1BC,QAA0B,UAE1BC,QAA0B,UAC1BC,QAA0B,UAC1B,yBAA0B,UAC1B,qBAA0B,UAC1B,qBAA0B,UAG1BC,iBAA0B,aAC1BC,OAA0B,aAC1BC,QAA0B,aAE1BC,WAA0B,aAC1BC,WAA0B,aAC1B,yBAA0B,aAC1B,uBAA0B,aAC1B,uBAA0B,aAG1BC,gBAAyB,kBACzB,uBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbzB,cAAe,GAEf0B,MAAO,GAEPC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAEN5B,QAAS,GAET6B,MAAO,IAOTC,UAAW,CACTC,UAAW,EAEXC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,IAOVC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXhD,UAAW,EACXiD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,IAOrBC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRpB,UAAW,CAETiB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,OAAQ,GACRC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,IAO3BP,SAAU,CAERQ,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTrH,UAAW,EACXsH,WAAY,EACZzE,UAAW,GAObuD,oBAAqB,CAEnBmB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBtB,SAAU,CAERuB,sBAAuB,EAGvBrF,KAAM,EAGNsF,OAAQ,GAUVrY,MAAO,SAASsY,EAAM3V,GAKpB,GAJiB,iBAANA,IACTA,EAAIzE,KAAKkB,KAAKkZ,EAAM3V,SAGNxD,IAAZmZ,EAAK3V,GACP,OAAO2V,EAAK3V,GAGd,MAAUrB,MAAM,wBAUlBlC,KAAM,SAASkZ,EAAM3V,GAQnB,GAPK2V,EAAKzJ,MACRyJ,EAAKzJ,IAAW,GAChBxF,OAAOC,QAAQgP,GAAM9W,SAAQ,EAAE0T,EAAK3V,MAClC+Y,EAAKzJ,IAAStP,GAAS2V,CAAG,UAIL/V,IAArBmZ,EAAKzJ,IAASlM,GAChB,OAAO2V,EAAKzJ,IAASlM,GAGvB,MAAUrB,MAAM,yBC3dpB,MAAMiX,GAAY,MAChB,IACE,MAAgC,gBAAzBhY,QAAQiY,IAAIC,SACnB,MAAO9V,IACT,OAAO,CACR,EALiB,GAOZ+V,GAAO,CACXC,SAAU,SAASvQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBwQ,QAGrDla,QAAS,SAAS0J,GAChB,OAAOA,aAAgBrK,OAGzBiD,aAAc6X,EAEdjY,SAAUkY,EAEVC,WAAY,SAAUvT,GACpB,IAAIkF,EAAI,EACR,IAAK,IAAIrJ,EAAI,EAAGA,EAAImE,EAAMlG,OAAQ+B,IAChCqJ,GAAM,KAAOrJ,EAAKmE,EAAMA,EAAMlG,OAAS,EAAI+B,GAE7C,OAAOqJ,GAGTsO,YAAa,SAAUtO,EAAGlF,GACxB,MAAM+G,EAAI,IAAItL,WAAWuE,GACzB,IAAK,IAAInE,EAAI,EAAGA,EAAImE,EAAOnE,IACzBkL,EAAElL,GAAMqJ,GAAM,GAAKlF,EAAQnE,EAAI,GAAO,IAGxC,OAAOkL,GAGT0M,SAAU,SAAUzT,GAClB,MAAMkF,EAAIgO,GAAKK,WAAWvT,GAE1B,OADU,IAAI0T,KAAS,IAAJxO,IAIrByO,UAAW,SAAUC,GACnB,MAAMC,EAAUrP,KAAKsP,MAAMF,EAAKG,UAAY,KAE5C,OAAOb,GAAKM,YAAYK,EAAS,IAGnCG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAStP,IAAWsP,EAAO,IAAIF,KAAgC,IAA3BlP,KAAKsP,OAAOF,EAAO,OAQjFM,QAAS,SAAUlU,GACjB,MACMmU,GADQnU,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAC/B,OAAOA,EAAM+E,SAAS,EAAG,EAAIoP,IAS/BC,QAAQpU,EAAOlG,GACb,MAAMua,EAAS,IAAI5Y,WAAW3B,GACxBmP,EAASnP,EAASkG,EAAMlG,OAE9B,OADAua,EAAOnY,IAAI8D,EAAOiJ,GACXoL,GAQTC,gBAAiB,SAAUC,GACzB,MAAMC,EAAUtB,GAAKuB,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAU1Y,MAAM,YAElB,MAAM4Y,EAAWH,EAAIxP,SAASwP,EAAIza,OAAS0K,KAAKmQ,KAAKH,EAAU,IACzDI,EAAS,IAAInZ,WAAW,EAAY,MAAV+Y,IAAqB,EAAa,IAAVA,IACxD,OAAOtB,GAAKxX,iBAAiB,CAACkZ,EAAQF,KAQxCD,oBAAqB,SAAUF,GAC7B,IAAI1Y,EACJ,IAAKA,EAAI,EAAGA,EAAI0Y,EAAIza,QAA4B,IAAXya,EAAI1Y,GAAbA,KAC5B,GAAIA,IAAM0Y,EAAIza,OACZ,OAAO,EAET,MAAM4a,EAAWH,EAAIxP,SAASlJ,GAC9B,OAA+B,GAAvB6Y,EAAS5a,OAAS,GAASoZ,GAAK2B,MAAMH,EAAS,KAQzDI,gBAAiB,SAAU3P,GACzB,MAAMhL,EAAS,IAAIsB,WAAW0J,EAAIrL,QAAU,GAC5C,IAAK,IAAIib,EAAI,EAAGA,EAAI5P,EAAIrL,QAAU,EAAGib,IACnC5a,EAAO4a,GAAK7L,SAAS/D,EAAI5F,OAAOwV,GAAK,EAAG,GAAI,IAE9C,OAAO5a,GAQT6a,gBAAiB,SAAUhV,GACzB,MAAMyG,EAAI,GACJtJ,EAAI6C,EAAMlG,OAChB,IACImb,EADAC,EAAI,EAER,KAAOA,EAAI/X,GAAG,CAEZ,IADA8X,EAAIjV,EAAMkV,KAAK7P,SAAS,IACjB4P,EAAEnb,OAAS,GAChBmb,EAAI,IAAMA,EAEZxO,EAAElM,KAAK,GAAK0a,GAEd,OAAOxO,EAAEvM,KAAK,KAQhBib,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlC,GAAKC,SAASiC,GACjB,MAAUtZ,MAAM,4DAGlB,MAAM3B,EAAS,IAAIsB,WAAW2Z,EAAItb,QAClC,IAAK,IAAI+B,EAAI,EAAGA,EAAIuZ,EAAItb,OAAQ+B,IAC9B1B,EAAO0B,GAAKuZ,EAAIE,WAAWzZ,GAE7B,OAAO1B,CAAM,KASjBob,mBAAoB,SAAUvV,GAE5B,MAAM7F,EAAS,GACTqb,EAAK,MACLC,GAHNzV,EAAQ,IAAIvE,WAAWuE,IAGPlG,OAEhB,IAAK,IAAI+B,EAAI,EAAGA,EAAI4Z,EAAG5Z,GAAK2Z,EAC1Brb,EAAOI,KAAK6Y,OAAOsC,aAAaC,MAAMvC,OAAQpT,EAAM+E,SAASlJ,EAAGA,EAAI2Z,EAAKC,EAAI5Z,EAAI2Z,EAAKC,KAExF,OAAOtb,EAAOD,KAAK,KAQrB0b,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAS/a,EAAQhB,EAAOgc,GAAY,GAClC,OAAOF,EAAQG,OAAOjc,EAAO,CAAEN,QAASsc,IAE1C,OAAOV,EAAiBD,EAAKra,GAAS,IAAMA,EAAQ,IAAI,MAQ1Dkb,WAAY,SAAUjH,GACpB,MAAMkH,EAAU,IAAIC,YAAY,SAEhC,SAASpb,EAAQhB,EAAOgc,GAAY,GAClC,OAAOG,EAAQE,OAAOrc,EAAO,CAAEN,QAASsc,IAE1C,OAAOV,EAAiBrG,EAAMjU,GAAS,IAAMA,EAAQ,IAAIU,YAAc,MASzE6D,OAAQ+W,EAOR3a,iBAAkB4a,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvD,GAAK1X,aAAagb,KAAYtD,GAAK1X,aAAaib,GACnD,MAAU3a,MAAM,4CAGlB,GAAI0a,EAAO1c,SAAW2c,EAAO3c,OAC3B,OAAO,EAGT,IAAK,IAAI+B,EAAI,EAAGA,EAAI2a,EAAO1c,OAAQ+B,IACjC,GAAI2a,EAAO3a,KAAO4a,EAAO5a,GACvB,OAAO,EAGX,OAAO,GAST6a,cAAe,SAAU3H,GACvB,IAAI4H,EAAI,EACR,IAAK,IAAI9a,EAAI,EAAGA,EAAIkT,EAAKjV,OAAQ+B,IAC/B8a,EAAKA,EAAI5H,EAAKlT,GAAM,MAEtB,OAAOqX,GAAKM,YAAYmD,EAAG,IAQ7BC,WAAY,SAAUxB,GAChBrC,IACFnO,QAAQiS,IAAI,qBAAsBzB,IAStC0B,gBAAiB,SAAU1Z,GACrB2V,IACFnO,QAAQxH,MAAM,qBAAsBA,IAKxCyX,MAAO,SAAUjP,GACf,IAAIa,EAAI,EACJsQ,EAAInR,IAAM,GAyBd,OAxBU,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,IAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEAA,GAYTuQ,OAAQ,SAASpU,GACf,MAAMqU,EAAY,IAAIxb,WAAWmH,EAAK9I,QAChCod,EAAOtU,EAAK9I,OAAS,EAC3B,IAAK,IAAI+B,EAAI,EAAGA,EAAIqb,EAAMrb,IACxBob,EAAUpb,GAAM+G,EAAK/G,IAAM,EAAM+G,EAAK/G,EAAI,IAAM,EAGlD,OADAob,EAAUC,GAAStU,EAAKsU,IAAS,EAAuB,KAAhBtU,EAAK,IAAM,GAC5CqU,GAUTE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIxb,EAAIub,EAAMtd,OAAS,EAAG+B,GAAK,EAAGA,IACrCub,EAAMvb,KAAOwb,EACTxb,EAAI,IACNub,EAAMvb,IAAOub,EAAMvb,EAAI,IAAO,EAAIwb,GAIxC,OAAOD,GAOTE,aAAc,WACZ,YAA6B,IAAfxc,GAA8BA,EAAWyc,QAAUzc,EAAWyc,OAAOC,QAUrFC,cFnYF5d,iBACE,GAAIuP,KACF,OAAOnE,GACF,CACL,MAAQyS,QAASzS,SAAqBtM,gDACtC,OAAOsM,EAEX,EEkYE0S,cAAe,WACb,OAAOzc,WAGT0c,YAAa,WACX,OAAOvb,WAQTwb,cAAe,WACb,OAAQC,WAAqB,IAAI1b,QAGnC2b,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADWC,UACDC,OAAOre,QAGnBse,eAAgB,SAASxV,GACvB,IAAKsQ,GAAKC,SAASvQ,GACjB,OAAO,EAGT,MADW,mLACDyV,KAAKzV,IAOjB0V,gBAAiB,SAAS1V,GAGxB,IAAI2V,GAAc,EAElB,OAAOlD,EAAiBzS,GAAM5C,IAY5B,IAAIwY,EAXAD,IACFvY,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CuE,KAN9C,KASLA,EAAMA,EAAMlG,OAAS,IACvBye,GAAc,EACdvY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BwT,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAI5c,EAAI,EACX2c,EAAQxY,EAAMX,QAlBP,GAkBmBxD,GAAK,EAC3B2c,EAFY3c,EAAI2c,EAlBb,KAqBDxY,EAAMwY,EAAQ,IAAWC,EAAQle,KAAKie,GAK9C,IAAKC,EAAQ3e,OACX,OAAOkG,EAGT,MAAM0Y,EAAa,IAAIjd,WAAWuE,EAAMlG,OAAS2e,EAAQ3e,QACzD,IAAI2b,EAAI,EACR,IAAK,IAAI5Z,EAAI,EAAGA,EAAI4c,EAAQ3e,OAAQ+B,IAAK,CACvC,MAAMiK,EAAM9F,EAAM+E,SAAS0T,EAAQ5c,EAAI,IAAM,EAAG4c,EAAQ5c,IACxD6c,EAAWxc,IAAI4J,EAAK2P,GACpBA,GAAK3P,EAAIhM,OACT4e,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,IAGF,OADAiD,EAAWxc,IAAI8D,EAAM+E,SAAS0T,EAAQA,EAAQ3e,OAAS,IAAM,GAAI2b,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAI9c,WAAW,CA1C5B,UA0CoC9B,KAOjDgf,UAAW,SAAS/V,GAGlB,IAAI2V,GAAc,EAElB,OAAOlD,EAAiBzS,GAAM5C,IAc5B,IAAIwY,EAlBK,MAMPxY,EADEuY,GAJK,KAIUvY,EAAM,GACfkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CuE,IAE7C,IAAIvE,WAAWuE,IAGfA,EAAMlG,OAAS,IACvBye,GAAc,EACdvY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BwT,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAI5Z,EAAI,EAAGA,IAAMmE,EAAMlG,OAAQ+B,EAAI2c,EAAO,CAC7CA,EAAQxY,EAAMX,QArBP,GAqBmBxD,GAAK,EAC1B2c,IAAOA,EAAQxY,EAAMlG,QAC1B,MAAMod,EAAOsB,GAtBN,KAsBexY,EAAMwY,GAAgB,EAAI,GAC5C3c,GAAGmE,EAAM4Y,WAAWnD,EAAG5Z,EAAGqb,GAC9BzB,GAAKyB,EAAOrb,EAEd,OAAOmE,EAAM+E,SAAS,EAAG0Q,EAAE,IAC1B,IAAO8C,EAAc,IAAI9c,WAAW,CA5B5B,UA4BoC9B,KAMjDkf,qBAAsB,SAAS9J,GAC7B,OAAOA,EAAK+J,MAAM,MAAM9X,KAAI+X,IAC1B,IAAIld,EAAIkd,EAAKjf,OAAS,EACtB,KAAO+B,GAAK,IAAkB,MAAZkd,EAAKld,IAA0B,OAAZkd,EAAKld,IAA2B,OAAZkd,EAAKld,IAAcA,KAC5E,OAAOkd,EAAKxZ,OAAO,EAAG1D,EAAI,EAAE,IAC3B3B,KAAK,OAGV8e,UAAW,SAAS3G,EAASjV,GAC3B,IAAKA,EACH,OAAWtB,MAAMuW,GAInB,IACEjV,EAAMiV,QAAUA,EAAU,KAAOjV,EAAMiV,QACvC,MAAOlV,IAET,OAAOC,GAST6b,wBAAyB,SAASC,GAChC,MAAMlY,EAAM,GAOZ,OANAkY,EAAeld,SAAQmd,IACrB,IAAKA,EAAYC,IACf,MAAUtd,MAAM,0CAElBkF,EAAImY,EAAYC,KAAOD,CAAW,IAE7BnY,GAWTqY,WAAY,SAASC,GAEnB,OAAO,IAAI3gB,SAAQkB,MAAOjB,EAASC,KACjC,IAAI0gB,QACE5gB,QAAQ+H,IAAI4Y,EAAStY,KAAInH,UAC7B,IACEjB,QAAc4gB,GACd,MAAOrc,GACPoc,EAAYpc,OAGhBtE,EAAO0gB,EAAU,KAWrBE,iBAAkB,SAASC,EAAMvS,EAAGJ,GAClC,MAAMjN,EAAS0K,KAAKC,IAAI0C,EAAErN,OAAQiN,EAAEjN,QAC9BK,EAAS,IAAIsB,WAAW3B,GAC9B,IAAIuK,EAAM,EACV,IAAK,IAAIxI,EAAI,EAAGA,EAAI1B,EAAOL,OAAQ+B,IACjC1B,EAAO0B,GAAMsL,EAAEtL,GAAM,IAAM6d,EAAU3S,EAAElL,GAAM,IAAM6d,EACnDrV,GAAQqV,EAAO7d,EAAIsL,EAAErN,OAAY,EAAI4f,EAAQ7d,EAAIkL,EAAEjN,OAErD,OAAOK,EAAO4K,SAAS,EAAGV,IAU5BsV,YAAa,SAASD,EAAMvS,EAAGJ,GAC7B,OAAQI,EAAK,IAAMuS,EAAU3S,EAAK,IAAM2S,GAK1CE,MAAO,SAASC,GACd,OAAOA,IAAeC,GAAM/N,UAAUM,QAAUwN,IAAeC,GAAM/N,UAAUO,QAAUuN,IAAeC,GAAM/N,UAAUQ,SChlBtHnQ,GAAS8W,GAAK2E,gBAEpB,IAAIkC,GACAC,GAkBG,SAAShE,GAAOpT,GACrB,IAAIqX,EAAM,IAAIxe,WACd,OAAO4Z,EAAiBzS,GAAM7I,IAC5BkgB,EAAM/G,GAAKxX,iBAAiB,CAACue,EAAKlgB,IAClC,MAAM0M,EAAI,GAEJyT,EAAQ1V,KAAKsP,MAAMmG,EAAIngB,OADR,IAEfkG,EAFe,GAEPka,EACRC,EAAUJ,GAAYE,EAAIlV,SAAS,EAAG/E,IAC5C,IAAK,IAAInE,EAAI,EAAGA,EAAIqe,EAAOre,IACzB4K,EAAElM,KAAK4f,EAAQ5a,OAAW,GAAJ1D,EAAQ,KAC9B4K,EAAElM,KAAK,MAGT,OADA0f,EAAMA,EAAIlV,SAAS/E,GACZyG,EAAEvM,KAAK,GAAG,IAChB,IAAO+f,EAAIngB,OAASigB,GAAYE,GAAO,KAAO,IACnD,CAQO,SAAS7D,GAAOxT,GACrB,IAAIqX,EAAM,GACV,OAAO5E,EAAiBzS,GAAM7I,IAC5BkgB,GAAOlgB,EAGP,IAAIqgB,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIxe,EAAI,EAAGA,EAAIwe,EAAWvgB,OAAQ+B,IAAK,CAC1C,MAAMye,EAAYD,EAAWxe,GAC7B,IAAK,IAAIE,EAAMke,EAAI5a,QAAQib,IAAqB,IAATve,EAAYA,EAAMke,EAAI5a,QAAQib,EAAWve,EAAM,GACpFqe,IAMJ,IAAItgB,EAASmgB,EAAIngB,OACjB,KAAOA,EAAS,IAAMA,EAASsgB,GAAU,GAAM,EAAGtgB,IAC5CugB,EAAWE,SAASN,EAAIngB,KAAUsgB,IAGxC,MAAMI,EAAUR,GAAYC,EAAI1a,OAAO,EAAGzF,IAE1C,OADAmgB,EAAMA,EAAI1a,OAAOzF,GACV0gB,CAAO,IACb,IAAMR,GAAYC,IACvB,CASO,SAASQ,GAAgBC,GAC9B,OAAOtE,GAAOsE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,GAAgB5a,EAAO6a,GACrC,IAAIV,EAAUnE,GAAOhW,GAAO2a,QAAQ,UAAW,IAI/C,OAHIE,IACFV,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAEvER,CACT,CA5FI/d,IACF2d,GAAcE,GAAO7d,GAAO0e,KAAKb,GAAK5U,SAAS,UAC/C2U,GAAc5E,IACZ,MAAMrO,EAAI3K,GAAO0e,KAAK1F,EAAK,UAC3B,OAAO,IAAI3Z,WAAWsL,EAAEhK,OAAQgK,EAAE/J,WAAY+J,EAAE9J,WAAW,IAG7D8c,GAAcE,GAAOc,KAAK7H,GAAKqC,mBAAmB0E,IAClDD,GAAc5E,GAAOlC,GAAKiC,mBAAmB6F,KAAK5F,KCVpD,OAAe,CAKb6F,uBAAwBnB,GAAMhN,KAAKI,OAKnCgO,4BAA6BpB,GAAM/N,UAAUQ,OAK7C4O,8BAA+BrB,GAAMrN,YAAYC,aAKjD0O,aAAc,EAUdC,aAAa,EAObC,uBAAwBxB,GAAMvM,KAAKC,IAQnC+N,kBAAmB,GAQnB1I,QAAQ,EAOR2I,sBAAuB,IASvBC,8BAA8B,EAU9BC,4BAA4B,EAK5BC,kBAAkB,EAOlBC,WAAY,KAOZC,wBAAwB,EAKxBC,mBAAmB,EAQnBC,wCAAwC,EASxCC,8CAA8C,EAW9CC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAACrC,GAAM/N,UAAUM,OAAQyN,GAAM/N,UAAUO,OAAQwN,GAAM/N,UAAUQ,SAMlI6P,qBAAsB,IAKtBC,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,oBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,oBAAoB,EAMpBC,qBAAsB,IAAIZ,IAAI,CAACrC,GAAMhN,KAAKC,IAAK+M,GAAMhN,KAAKG,SAM1D+P,4BAA6B,IAAIb,IAAI,CAACrC,GAAMhN,KAAKC,IAAK+M,GAAMhN,KAAKG,OAAQ6M,GAAMhN,KAAKE,OAMpFiQ,0BAA2B,IAAId,IAAI,CAACrC,GAAM9O,UAAUI,QAAS0O,GAAM9O,UAAUK,MAM7E6R,aAAc,IAAIf,IAAI,CAACrC,GAAMxQ,MAAMQ,aCzNrC,SAASqT,GAAQpO,GACf,MAEMqO,EAASrO,EAAKsO,MAFH,yIAIjB,IAAKD,EACH,MAAUthB,MAAM,4BAMlB,MAAI,yBAAyBuc,KAAK+E,EAAO,IAChCtD,GAAM7H,MAAMC,iBAMjB,oBAAoBmG,KAAK+E,EAAO,IAC3BtD,GAAM7H,MAAME,cAGjB,iBAAiBkG,KAAK+E,EAAO,IACxBtD,GAAM7H,MAAMG,OAIjB,UAAUiG,KAAK+E,EAAO,IACjBtD,GAAM7H,MAAMI,QAIjB,mBAAmBgG,KAAK+E,EAAO,IAC1BtD,GAAM7H,MAAMjH,UAIjB,oBAAoBqN,KAAK+E,EAAO,IAC3BtD,GAAM7H,MAAMK,WAMjB,YAAY+F,KAAK+E,EAAO,IACnBtD,GAAM7H,MAAMpE,eADrB,CAGF,CAWA,SAASyP,GAAUC,EAAeC,GAChC,IAAIrjB,EAAS,GAWb,OAVIqjB,EAAOhB,cACTriB,GAAU,YAAcqjB,EAAOd,cAAgB,MAE7Cc,EAAOf,cACTtiB,GAAU,YAAcqjB,EAAOb,cAAgB,MAE7CY,IACFpjB,GAAU,YAAcojB,EAAgB,MAE1CpjB,GAAU,KACHA,CACT,CASA,SAASsjB,GAAY7a,GAEnB,OAAO8a,GA8CT,SAAqB1kB,GACnB,IAAI2kB,EAAM,SACV,OAAOtI,EAAiBrc,GAAOe,IAC7B,MAAM6jB,EAAQC,GAAiBrZ,KAAKsP,MAAM/Z,EAAMD,OAAS,GAAK,EACxDgkB,EAAQ,IAAIC,YAAYhkB,EAAMgD,OAAQhD,EAAMiD,WAAY4gB,GAC9D,IAAK,IAAI/hB,EAAI,EAAGA,EAAI+hB,EAAO/hB,IACzB8hB,GAAOG,EAAMjiB,GACb8hB,EACEK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,EAAK,KAC1BK,GAAU,GAAIL,GAAO,EAAK,KAE9B,IAAK,IAAI9hB,EAAY,EAAR+hB,EAAW/hB,EAAI9B,EAAMD,OAAQ+B,IACxC8hB,EAAOA,GAAO,EAAKK,GAAU,GAAU,IAANL,EAAc5jB,EAAM8B,OAEtD,IAAM,IAAIJ,WAAW,CAACkiB,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYrb,GAE1B,CAIA,MAAMob,GAAY,CACZzlB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAIsD,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAI8hB,EAAM9hB,GAAK,GACf,IAAK,IAAI4Z,EAAI,EAAGA,EAAI,EAAGA,IACrBkI,EAAOA,GAAO,GAA2B,IAAd,QAANA,GAAwB,QAAW,GAE1DK,GAAU,GAAGniB,IACH,SAAN8hB,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAI9hB,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAIvE,MAAMgiB,GAAkB,WACtB,MAAM9gB,EAAS,IAAImhB,YAAY,GAG/B,OAFA,IAAIC,SAASphB,GAAQqhB,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWthB,GAAQ,EAChC,IAmCA,SAASuhB,GAAcC,GACrB,IAAK,IAAI1iB,EAAI,EAAGA,EAAI0iB,EAAQzkB,OAAQ+B,IAC7B,mCAAmCwc,KAAKkG,EAAQ1iB,KACnDqX,GAAK4D,gBAAoBhb,MAAM,sCAAwCyiB,EAAQ1iB,KAE5E,iDAAiDwc,KAAKkG,EAAQ1iB,KACjEqX,GAAK4D,gBAAoBhb,MAAM,mBAAqByiB,EAAQ1iB,IAGlE,CASA,SAAS2iB,GAAczP,GACrB,IAAI0P,EAAO1P,EACP2P,EAAW,GAEf,MAAMC,EAAa5P,EAAK6P,YAAY,KAOpC,OALID,GAAc,GAAKA,IAAe5P,EAAKjV,OAAS,IAClD2kB,EAAO1P,EAAK3U,MAAM,EAAGukB,GACrBD,EAAW3P,EAAK3U,MAAMukB,EAAa,GAAGpf,OAAO,EAAG,IAG3C,CAAEkf,KAAMA,EAAMC,SAAUA,EACjC,CAWO,SAASG,GAAQ7lB,EAAOwkB,EAASsB,IAEtC,OAAO,IAAInmB,SAAQkB,MAAOjB,EAASC,KACjC,IACE,MAAMkmB,EAAU,qBACVC,EAAc,oDAEpB,IAAIlM,EACJ,MAAMyL,EAAU,GAChB,IACIU,EAEAC,EACAR,EAJAS,EAAcZ,EAEdxP,EAAO,GAGPnM,EAAOwc,GAAcC,EAAqBrmB,GAAOa,MAAOyH,EAAUC,KACpE,MAAMlD,EAASihB,EAAiBhe,GAChC,IACE,OAAa,CACX,IAAIyX,QAAa1a,EAAOY,WACxB,QAAatF,IAATof,EACF,MAAUjd,MAAM,0BAIlB,GADAid,EAAO7F,GAAK2F,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpD7H,EAIE,GAAKmM,EAcAC,GAAqB,IAATpM,IACjBiM,EAAQ1G,KAAKU,IAIhBhK,EAAOA,EAAK7U,KAAK,QACjBglB,GAAW,EACXZ,GAAca,GACdA,EAAc,GACdF,GAAc,GANdlQ,EAAKxU,KAAKwe,EAAK4B,QAAQ,MAAO,WAbhC,GAHIoE,EAAQ1G,KAAKU,IACflgB,EAAWiD,MAAM,sEAEdkjB,EAAY3G,KAAKU,IAKpB,GAFAuF,GAAca,GACdF,GAAc,EACVC,GAAqB,IAATpM,EAAY,CAC1Bla,EAAQ,CAAEmW,OAAMnM,OAAM2b,UAASzL,SAC/B,YANFqM,EAAY5kB,KAAKwe,QARfgG,EAAQ1G,KAAKU,KACfjG,EAAOqK,GAAQpE,KA6BrB,MAAO5b,GAEP,YADAtE,EAAOsE,GAGT,MAAM/D,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,OACLnI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EACF,MAAU8B,MAAM,0BAElB,MAAMid,EAAOhf,EAAQ,GACrB,IAA2B,IAAvBgf,EAAK1Z,QAAQ,OAAsC,IAAvB0Z,EAAK1Z,QAAQ,KAEtC,CACL,IAAImE,QAAkBnF,EAAOpE,YACxBuJ,EAAU1J,SAAQ0J,EAAY,IACnCA,EAAYuV,EAAOvV,EACnBA,EAAY0P,GAAK2F,qBAAqBrV,EAAUmX,QAAQ,MAAO,KAC/D,MAAM6E,EAAQhc,EAAUsV,MAAMiG,GAC9B,GAAqB,IAAjBS,EAAM1lB,OACR,MAAUgC,MAAM,0BAElB,MAAMgd,EAAQ0F,GAAcgB,EAAM,GAAGplB,MAAM,GAAI,IAC/CskB,EAAW5F,EAAM4F,eACXtlB,EAAOoB,MAAMse,EAAM2F,MACzB,YAbMrlB,EAAOoB,MAAMue,SAgBjB3f,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,QAGvByF,EAAOyc,EAAqBzc,GAAM/I,MAAOyH,EAAUC,KACjD,MAAMke,EAAmBC,GAAiBjC,GAAYkC,GAAoBre,KAC1Eme,EAAiB3mB,OAAM,eACjB8mB,EAAYte,EAAUC,EAAU,CACpCE,cAAc,IAEhB,MAAMrI,EAASmmB,EAAiBhe,GAChC,IACE,MAAMse,SAAgCJ,GAAkB9E,QAAQ,KAAM,IACtE,GAAI+D,IAAamB,IAA2BnB,GAAYlB,EAAO7B,kBAC7D,MAAU7f,MAAM,4CAEZ1C,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,OAGvB,MAAOA,GACPtE,EAAOsE,OAER7C,MAAKT,UACFimB,EAAqB3lB,EAAOyI,QAC9BzI,EAAOyI,WAAa8c,GAAiBvlB,EAAOyI,OAEvCzI,IAEX,CAaO,SAAS8X,GAAM8N,EAAatB,EAAMuB,EAAWC,EAAW1C,EAAeC,EAASsB,IACrF,IAAI/P,EACAjC,EACAiT,IAAgBjG,GAAM7H,MAAMG,SAC9BrD,EAAO0P,EAAK1P,KACZjC,EAAO2R,EAAK3R,KACZ2R,EAAOA,EAAK7b,MAEd,MAAMsd,EAAYP,GAAoBlB,GAChCtkB,EAAS,GACf,OAAQ4lB,GACN,KAAKjG,GAAM7H,MAAMC,iBACf/X,EAAOI,KAAK,gCAAkCylB,EAAY,IAAMC,EAAY,WAC5E9lB,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,8BAAgCylB,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAKnG,GAAM7H,MAAME,cACfhY,EAAOI,KAAK,gCAAkCylB,EAAY,WAC1D7lB,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,8BAAgCylB,EAAY,WACxD,MACF,KAAKlG,GAAM7H,MAAMG,OACfjY,EAAOI,KAAK,wCACZJ,EAAOI,KAAK,SAAWuS,EAAO,QAC9B3S,EAAOI,KAAKwU,EAAK4L,QAAQ,OAAQ,QACjCxgB,EAAOI,KAAK,qCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,iCACZ,MACF,KAAKuf,GAAM7H,MAAMI,QACflY,EAAOI,KAAK,iCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,+BACZ,MACF,KAAKuf,GAAM7H,MAAMjH,UACf7Q,EAAOI,KAAK,0CACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,wCACZ,MACF,KAAKuf,GAAM7H,MAAMK,WACfnY,EAAOI,KAAK,2CACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,yCACZ,MACF,KAAKuf,GAAM7H,MAAMpE,UACf1T,EAAOI,KAAK,mCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,iCAIhB,OAAO2Y,GAAK5T,OAAOnF,EACrB,CC5YA,MAAMgmB,GACJ3nB,cACEE,KAAKsH,MAAQ,GAOfpG,KAAKoG,GAEH,OADAtH,KAAKsH,MAAQkT,GAAKqC,mBAAmBvV,EAAM+E,SAAS,EAAG,IAChDrM,KAAKsH,MAAMlG,OAOpBU,QACE,OAAO0Y,GAAKiC,mBAAmBzc,KAAKsH,OAOtCogB,QACE,OAAOlN,GAAK8B,gBAAgB9B,GAAKiC,mBAAmBzc,KAAKsH,QAQ3DqgB,OAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB9nB,KAAK8nB,eAAkB9nB,KAAKsH,QAAUsgB,EAAMtgB,MAO9FygB,SACE,MAAsB,KAAf/nB,KAAKsH,MAOdwgB,aACE,MAAO,OAAOnI,KAAK3f,KAAK0nB,SAG1BM,gBAAgBJ,GACd,OAAOA,EAAMF,QAGfM,cAAcvb,GACZ,MAAMmb,EAAQ,IAAIH,GAElB,OADAG,EAAM1mB,KAAKsZ,GAAK4B,gBAAgB3P,IACzBmb,EAGTI,kBACE,MAAMJ,EAAQ,IAAIH,GAElB,OADAG,EAAM1mB,KAAK,IAAI6B,WAAW,IACnB6kB,GChGJ,IAAIK,GAAU,WAMnB,IAKIC,EAAOC,EALPC,GAAa,EAsCjB,SAASC,EAAK5Z,EAAGJ,GACf,IAAImO,EAAI0L,GAAOC,EAAM1Z,GAAK0Z,EAAM9Z,IAAM,KAEtC,OADU,IAANI,GAAiB,IAANJ,IAASmO,EAAI,GACrBA,EAiBT,IAOI8L,EAKAC,EAKAC,EAKAC,EAtBAC,GAAgB,EA2BpB,SAASC,IAIP,SAASC,EAAGna,GACV,IAAI+N,EAAGyB,EAAG/Q,EAEV,IADA+Q,EAAI/Q,EA1CR,SAAcuB,GACZ,IAAItL,EAAI+kB,EAAM,IAAMC,EAAM1Z,IAE1B,OADU,IAANA,IAAStL,EAAI,GACVA,EAuCG0lB,CAAKpa,GACR+N,EAAI,EAAGA,EAAI,EAAGA,IAEjBtP,GADA+Q,EAA6B,KAAvBA,GAAK,EAAMA,IAAM,GAIzB,OADA/Q,GAAK,GAVFkb,GA5EP,WACEF,EAAQ,GACNC,EAAQ,GAEV,IAAW3L,EAAGsM,EAAVra,EAAI,EACR,IAAK+N,EAAI,EAAGA,EAAI,IAAKA,IACnB0L,EAAM1L,GAAK/N,EAGXqa,EAAQ,IAAJra,EAAUA,IAAM,EAAGA,GAAK,IAClB,MAANqa,IAAYra,GAAK,IACrBA,GAAKyZ,EAAM1L,GAGX2L,EAAMD,EAAM1L,IAAMA,EAEpB0L,EAAM,KAAOA,EAAM,GACnBC,EAAM,GAAK,EAEXC,GAAa,EAyDIW,GAejBT,EAAW,GACTC,EAAW,GACXC,EAAU,CAAC,GAAI,GAAI,GAAI,IACvBC,EAAU,CAAC,GAAI,GAAI,GAAI,IAEzB,IAAK,IAAItlB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC5B,IAAI8a,EAAI2K,EAAGzlB,GAGXmlB,EAASnlB,GAAK8a,EACdsK,EAAStK,GAAK9a,EAGdqlB,EAAQ,GAAGrlB,GAAMklB,EAAK,EAAGpK,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKoK,EAAK,EAAGpK,GACpEwK,EAAQ,GAAGxK,GAAMoK,EAAK,GAAIllB,IAAM,GAAOklB,EAAK,EAAGllB,IAAM,GAAOklB,EAAK,GAAIllB,IAAM,EAAKklB,EAAK,GAAIllB,GAEzF,IAAK,IAAIkb,EAAI,EAAGA,EAAI,EAAGA,IACrBmK,EAAQnK,GAAGlb,GAAMqlB,EAAQnK,EAAI,GAAGlb,KAAO,EAAMqlB,EAAQnK,EAAI,GAAGlb,IAAM,GAClEslB,EAAQpK,GAAGJ,GAAMwK,EAAQpK,EAAI,GAAGJ,KAAO,EAAMwK,EAAQpK,EAAI,GAAGJ,IAAM,GAItEyK,GAAgB,EA0BlB,IAAIM,EAAU,SAAUC,EAAS5kB,GAE1BqkB,GAAeC,IAGpB,IAAIO,EAAO,IAAI7D,YAAYhhB,GAC3B6kB,EAAK1lB,IAAI8kB,EAAU,KACnBY,EAAK1lB,IAAI+kB,EAAU,KACnB,IAAK,IAAIplB,EAAI,EAAGA,EAAI,EAAGA,IACrB+lB,EAAK1lB,IAAIglB,EAAQrlB,GAAK,KAAS,KAAQA,GAAM,GAC7C+lB,EAAK1lB,IAAIilB,EAAQtlB,GAAK,KAAS,KAAQA,GAAM,GAuD/C,IAEIgmB,EAAM,SAAUC,EAAQH,EAAS5kB,GACnC,UAEA,IAAIglB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAI,EAEN,IAAIC,EAAO,IAAItB,EAAO/D,YAAYhhB,GAChCsmB,EAAO,IAAIvB,EAAOrmB,WAAWsB,GAa/B,SAASumB,EAAMvO,EAAG4B,EAAGI,EAAGtQ,EAAG8c,EAAIC,EAAIC,EAAIC,GACrC3O,EAAIA,EAAI,EACR4B,EAAIA,EAAI,EACRI,EAAIA,EAAI,EACRtQ,EAAIA,EAAI,EACR8c,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAIC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACvBC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BpoB,EAAI,EAEN8nB,EAAK5M,EAAI,MAAO6M,EAAK7M,EAAI,MAAO8M,EAAK9M,EAAI,MAGzCwM,EAAKA,EAAKH,GAAMrO,EAAI,IAAM,GACxByO,EAAKA,EAAKJ,GAAMrO,EAAI,IAAM,GAC1B0O,EAAKA,EAAKL,GAAMrO,EAAI,IAAM,GAC1B2O,EAAKA,EAAKN,GAAMrO,EAAI,KAAO,GAG7B,IAAKlZ,EAAI,IAAKA,EAAI,IAAO4K,GAAK,EAAI5K,EAAKA,EAAI,GAAM,EAAG,CAClDioB,EAAKV,GAAMrM,EAAIwM,GAAM,GAAK,OAAS,GAAKH,GAAMO,EAAKH,GAAM,GAAK,OAAS,GAAKJ,GAAMQ,EAAKH,GAAM,EAAI,OAAS,GAAKL,GAAMS,EAAKH,GAAM,EAAI,OAAS,GAAKN,GAAMrO,EAAIlZ,EAAI,IAAM,GACpKkoB,EAAKX,GAAMrM,EAAIyM,GAAM,GAAK,OAAS,GAAKJ,GAAMO,EAAKF,GAAM,GAAK,OAAS,GAAKL,GAAMQ,EAAKF,GAAM,EAAI,OAAS,GAAKN,GAAMS,EAAKN,GAAM,EAAI,OAAS,GAAKH,GAAMrO,EAAIlZ,EAAI,IAAM,GACtKmoB,EAAKZ,GAAMrM,EAAI0M,GAAM,GAAK,OAAS,GAAKL,GAAMO,EAAKD,GAAM,GAAK,OAAS,GAAKN,GAAMQ,EAAKL,GAAM,EAAI,OAAS,GAAKH,GAAMS,EAAKL,GAAM,EAAI,OAAS,GAAKJ,GAAMrO,EAAIlZ,EAAI,IAAM,GACtKooB,EAAKb,GAAMrM,EAAI2M,GAAM,GAAK,OAAS,GAAKN,GAAMO,EAAKJ,GAAM,GAAK,OAAS,GAAKH,GAAMQ,EAAKJ,GAAM,EAAI,OAAS,GAAKJ,GAAMS,EAAKJ,GAAM,EAAI,OAAS,GAAKL,GAAMrO,EAAIlZ,EAAI,KAAO,GACzK0nB,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAIlClC,EAAKqB,GAAMzM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMzM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMzM,EAAI8M,GAAM,EAAI,OAAS,IAAM,EAAIL,GAAMzM,EAAI+M,GAAM,EAAI,OAAS,GAAKN,GAAMrO,EAAIlZ,EAAI,IAAM,GAClLmmB,EAAKoB,GAAMzM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMzM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMzM,EAAI+M,GAAM,EAAI,OAAS,IAAM,EAAIN,GAAMzM,EAAI4M,GAAM,EAAI,OAAS,GAAKH,GAAMrO,EAAIlZ,EAAI,IAAM,GACpLomB,EAAKmB,GAAMzM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMzM,EAAI+M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMzM,EAAI4M,GAAM,EAAI,OAAS,IAAM,EAAIH,GAAMzM,EAAI6M,GAAM,EAAI,OAAS,GAAKJ,GAAMrO,EAAIlZ,EAAI,IAAM,GACpLqmB,EAAKkB,GAAMzM,EAAI+M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMzM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMzM,EAAI6M,GAAM,EAAI,OAAS,IAAM,EAAIJ,GAAMzM,EAAI8M,GAAM,EAAI,OAAS,GAAKL,GAAMrO,EAAIlZ,EAAI,KAAO,GAUzL,SAASqoB,EAASX,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAC,EACAC,EACAC,GAWJ,SAASS,EAASZ,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI3M,EAAI,EAERuM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFzM,EAAIiL,EAAIA,EAAKE,EAAIA,EAAKnL,EAWxB,SAASqN,EAASb,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,GAGPvB,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAUT,SAASmC,EAASd,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI3M,EAAI,EAERuM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFzM,EAAIiL,EAAIA,EAAKE,EAAIA,EAAKnL,EAEtBgL,EAAKA,EAAKI,EACRH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EAEZH,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASY,EAASf,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EAAKA,EAAKwB,EACbnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EAWnB,SAASa,EAAShB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFP,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAEZvB,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASc,EAAKjB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAEPH,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASe,EAAKlB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAZ,EACAC,EACAC,EACAC,GAGFA,GAAOI,EAAKJ,EAAMI,EAAMJ,EAAK,EAC3BD,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAE5CT,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASgB,EAASnB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAII,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BU,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BjpB,EAAI,EAAGqZ,EAAI,EAEbqO,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAEZwB,EAAKf,EAAK,EACRgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EAEZ,MAAQrnB,EAAI,GAAK,IAAKA,EAAKA,EAAI,EAAK,EAAG,CACrC,GAAIioB,IAAO,GAAI,CACba,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAGdI,EAAMA,GAAM,EAAMC,IAAO,GACvBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAEd/O,EAAIwO,EAAK,EAETA,EAAMA,IAAO,EAAMD,GAAM,GACvBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAEf,GAAIrO,EAAGqO,EAAKA,EAAK,WAGnBpB,EAAKwC,EACHvC,EAAKwC,EACLvC,EAAKwC,EACLvC,EAAKwC,EAST,SAASC,EAAWte,GAClBA,EAAIA,EAAI,EACR0c,EAAI1c,EAYN,SAASue,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVrD,EAAKkD,EACHjD,EAAKkD,EACLjD,EAAKkD,EACLjD,EAAKkD,EAYT,SAASC,EAAOC,EAAIC,EAAIC,EAAIC,GAC1BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVtD,EAAKmD,EACHlD,EAAKmD,EACLlD,EAAKmD,EACLlD,EAAKmD,EAYT,SAASC,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVvD,EAAKoD,EACHnD,EAAKoD,EACLnD,EAAKoD,EACLnD,EAAKoD,EAYT,SAASC,EAASC,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVxD,EAAKqD,EACHpD,EAAKqD,EACLpD,EAAKqD,EACLpD,EAAKqD,EAYT,SAASC,EAAYC,EAAIC,EAAIC,EAAIC,GAC/BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV9D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACrB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EAU3B,SAASI,EAAU1qB,GACjBA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBsnB,EAAKtnB,EAAM,GAAKgmB,IAAO,GACrBsB,EAAKtnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BsB,EAAKtnB,EAAM,GAAKgmB,IAAO,EAAI,IAC3BsB,EAAKtnB,EAAM,GAAKgmB,EAAK,IACrBsB,EAAKtnB,EAAM,GAAKimB,IAAO,GACvBqB,EAAKtnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BqB,EAAKtnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BqB,EAAKtnB,EAAM,GAAKimB,EAAK,IACrBqB,EAAKtnB,EAAM,GAAKkmB,IAAO,GACvBoB,EAAKtnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,IAAO,EAAI,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,EAAK,IACtBoB,EAAKtnB,EAAM,IAAMmmB,IAAO,GACxBmB,EAAKtnB,EAAM,IAAMmmB,IAAO,GAAK,IAC7BmB,EAAKtnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BmB,EAAKtnB,EAAM,IAAMmmB,EAAK,IAExB,OAAO,GAUT,SAASwE,EAAO3qB,GACdA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBsnB,EAAKtnB,EAAM,GAAKomB,IAAO,GACrBkB,EAAKtnB,EAAM,GAAKomB,IAAO,GAAK,IAC5BkB,EAAKtnB,EAAM,GAAKomB,IAAO,EAAI,IAC3BkB,EAAKtnB,EAAM,GAAKomB,EAAK,IACrBkB,EAAKtnB,EAAM,GAAKqmB,IAAO,GACvBiB,EAAKtnB,EAAM,GAAKqmB,IAAO,GAAK,IAC5BiB,EAAKtnB,EAAM,GAAKqmB,IAAO,EAAI,IAC3BiB,EAAKtnB,EAAM,GAAKqmB,EAAK,IACrBiB,EAAKtnB,EAAM,GAAKsmB,IAAO,GACvBgB,EAAKtnB,EAAM,GAAKsmB,IAAO,GAAK,IAC5BgB,EAAKtnB,EAAM,IAAMsmB,IAAO,EAAI,IAC5BgB,EAAKtnB,EAAM,IAAMsmB,EAAK,IACtBgB,EAAKtnB,EAAM,IAAMumB,IAAO,GACxBe,EAAKtnB,EAAM,IAAMumB,IAAO,GAAK,IAC7Be,EAAKtnB,EAAM,IAAMumB,IAAO,EAAI,IAC5Be,EAAKtnB,EAAM,IAAMumB,EAAK,IAExB,OAAO,GAQT,SAASqE,IACPzC,EAAS,EAAG,EAAG,EAAG,GAClBnB,EAAKhB,EACHiB,EAAKhB,EACLiB,EAAKhB,EACLiB,EAAKhB,EAYT,SAAS0E,EAAOC,EAAM9qB,EAAK8M,GACzBge,EAAOA,EAAO,EACd9qB,EAAMA,EAAM,EACZ8M,EAAMA,EAAM,EAEZ,IAAIie,EAAM,EAEV,GAAI/qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ8M,EAAM,IAAM,GAAI,CACtBke,EAAcF,EAAO,GACnBxD,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,IAC7EsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,KAGjFsnB,EAAKtnB,EAAM,GAAKgmB,IAAO,GACrBsB,EAAKtnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BsB,EAAKtnB,EAAM,GAAKgmB,IAAO,EAAI,IAC3BsB,EAAKtnB,EAAM,GAAKgmB,EAAK,IACrBsB,EAAKtnB,EAAM,GAAKimB,IAAO,GACvBqB,EAAKtnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BqB,EAAKtnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BqB,EAAKtnB,EAAM,GAAKimB,EAAK,IACrBqB,EAAKtnB,EAAM,GAAKkmB,IAAO,GACvBoB,EAAKtnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,IAAO,EAAI,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,EAAK,IACtBoB,EAAKtnB,EAAM,IAAMmmB,IAAO,GACxBmB,EAAKtnB,EAAM,IAAMmmB,IAAO,GAAK,IAC7BmB,EAAKtnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BmB,EAAKtnB,EAAM,IAAMmmB,EAAK,IAExB4E,EAAOA,EAAM,GAAM,EACjB/qB,EAAOA,EAAM,GAAM,EACnB8M,EAAOA,EAAM,GAAM,EAGvB,OAAOie,EAAM,EAYf,SAASE,EAAIH,EAAM9qB,EAAK8M,GACtBge,EAAOA,EAAO,EACd9qB,EAAMA,EAAM,EACZ8M,EAAMA,EAAM,EAEZ,IAAIie,EAAM,EAEV,GAAI/qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ8M,EAAM,IAAM,GAAI,CACtBoe,EAAWJ,EAAO,GAChBxD,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,IAC7EsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,KAGjF+qB,EAAOA,EAAM,GAAM,EACjB/qB,EAAOA,EAAM,GAAM,EACnB8M,EAAOA,EAAM,GAAM,EAGvB,OAAOie,EAAM,EAMf,IAAIC,EAAgB,CAAC7C,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAMC,GAKvF,IAAIwC,EAAa,CAAC7C,EAAUM,GAK5B,MAAO,CACLK,WAAYA,EACZC,UAAWA,EACXK,OAAQA,EACRK,UAAWA,EACXK,SAAUA,EACVK,YAAaA,EACbK,UAAWA,EACXC,OAAQA,EACRC,SAAUA,EACVC,OAAQA,EACRI,IAAKA,GAxpBC,CAFG,CAACvrB,WAAwBsiB,aA4pB5B4D,EAAS5kB,GAInB,OAFA8kB,EAAIqF,QApsBJ,SAAiBC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/C,IAAIC,EAAQhG,EAAK7c,SAAS,EAAO,IAC/B8iB,EAAQjG,EAAK7c,SAAS,IAAO,KAG/B6iB,EAAM1rB,IAAI,CAACkrB,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,IACvC,IAAK,IAAI9rB,EAAIsrB,EAAIW,EAAO,EAAGjsB,EAAI,EAAIsrB,EAAK,GAAItrB,IAAK,CAC/C,IAAIkZ,EAAI6S,EAAM/rB,EAAI,IACbA,EAAIsrB,GAAO,GAAc,IAAPA,GAAYtrB,EAAIsrB,GAAO,KAC5CpS,EAAIiM,EAASjM,IAAM,KAAO,GAAKiM,EAASjM,IAAM,GAAK,MAAQ,GAAKiM,EAASjM,IAAM,EAAI,MAAQ,EAAIiM,EAAa,IAAJjM,IAEtGlZ,EAAIsrB,GAAO,IACbpS,EAAKA,GAAK,EAAMA,IAAM,GAAO+S,GAAQ,GACrCA,EAAQA,GAAQ,GAAc,IAAPA,EAAe,GAAO,IAE/CF,EAAM/rB,GAAK+rB,EAAM/rB,EAAIsrB,GAAMpS,EAI7B,IAAK,IAAIU,EAAI,EAAGA,EAAI5Z,EAAG4Z,GAAK,EAC1B,IAAK,IAAIsS,EAAK,EAAGA,EAAK,EAAGA,IAAM,CACzBhT,EAAI6S,EAAM/rB,GAAK,EAAI4Z,IAAM,EAAIsS,GAAM,GAErCF,EAAMpS,EAAIsS,GADRtS,EAAI,GAAKA,GAAK5Z,EAAI,EACJkZ,EAEAoM,EAAQ,GAAGH,EAASjM,IAAM,KACtCoM,EAAQ,GAAGH,EAASjM,IAAM,GAAK,MAC/BoM,EAAQ,GAAGH,EAASjM,IAAM,EAAI,MAC9BoM,EAAQ,GAAGH,EAAa,IAAJjM,IAM9B8M,EAAIkD,WAAWoC,EAAK,IAoqBftF,GA8CT,OAtCAH,EAAQsG,IAAM,CACZC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQL3G,EAAQ4G,IAAM,CACZL,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQP3G,EAAQ6G,IAAM,CACZL,IAAK,EACLM,IAAK,GAQT9G,EAAQ+G,UAAY,MAEb/G,CACT,CA36BqB,GC+Gd,SAASgH,GAASvhB,GACrB,OAAOA,aAAa1L,UACxB,CAWO,SAASktB,GAAW/G,EAAMgH,GAC7B,MAAM9qB,EAAO8jB,EAAOA,EAAK3kB,WAAa2rB,GAAY,MAClD,GAAW,KAAP9qB,GAAgBA,GAAQ,EACxB,MAAUhC,MAAM,+DAEpB,OADA8lB,EAAOA,GAAQ,IAAInmB,WAAW,IAAIyiB,YAAYpgB,GAElD,CACO,SAAS+qB,GAAYjH,EAAMkH,EAAMlmB,EAAMmmB,EAAMC,GAChD,MAAMC,EAAOrH,EAAK9nB,OAASgvB,EACrBI,EAAOD,EAAOD,EAAOC,EAAOD,EAElC,OADApH,EAAK1lB,IAAI0G,EAAKmC,SAASgkB,EAAMA,EAAOG,GAAOJ,GACpCI,CACX,CACO,SAASC,MAAaC,GACzB,MAAMC,EAAcD,EAAIE,QAAO,CAACC,EAAKC,IAASD,EAAMC,EAAK1vB,QAAQ,GAC3DgtB,EAAM,IAAIrrB,WAAW4tB,GAC3B,IAAII,EAAS,EACb,IAAK,IAAI5tB,EAAI,EAAGA,EAAIutB,EAAItvB,OAAQ+B,IAC5BirB,EAAI5qB,IAAIktB,EAAIvtB,GAAI4tB,GAChBA,GAAUL,EAAIvtB,GAAG/B,OAErB,OAAOgtB,CACX,CCvJO,MAAM4C,WAA0B5tB,MACnCtD,eAAemxB,GACXlxB,SAASkxB,IAIV,MAAMC,WAA6B9tB,MACtCtD,eAAemxB,GACXlxB,SAASkxB,IAIV,MAAME,WAAsB/tB,MAC/BtD,eAAemxB,GACXlxB,SAASkxB,ICXjB,MAAMG,GAAY,GACZC,GAAW,GACV,MAAMC,GACTxxB,YAAYkX,EAAKua,EAAIC,GAAU,EAAMrD,EAAMjF,EAAMC,GAC7CnpB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAKmuB,KAAOA,EAEZnuB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAKgX,IAAMA,EACXhX,KAAKuxB,GAAKA,EACVvxB,KAAKwxB,QAAUA,EAEfxxB,KAAKyxB,YAAYvI,EAAMC,GAE3BsI,YAAYvI,EAAMC,GAMd,YALkBloB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOA,GAAQkI,GAAUM,OAASzB,KAAa5jB,SAAS4b,GAAQ8H,WACrE/vB,KAAKmpB,IAAMA,GAAOkI,GAASK,OAAS,IAAIzJ,GAAQ,KAAMjoB,KAAKkpB,KAAK7kB,QAChErE,KAAK2xB,MAAM3xB,KAAKgX,IAAKhX,KAAKuxB,KAEvB,CAAErI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf0wB,MAAM3a,EAAKua,GACP,MAAMpI,IAAEA,GAAQnpB,KAAKyxB,cAEfI,EAAS7a,EAAI5V,OACnB,GAAe,KAAXywB,GAA4B,KAAXA,GAA4B,KAAXA,EAClC,MAAM,IAAIX,GAAqB,oBACnC,MAAMY,EAAU,IAAIrM,SAASzO,EAAI3S,OAAQ2S,EAAI1S,WAAY0S,EAAIzS,YAG7D,GAFA4kB,EAAIqF,QAAQqD,GAAU,EAAGC,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,IAAKF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,QAExQ9wB,IAAPswB,EAAkB,CAClB,GAAkB,KAAdA,EAAGnwB,OACH,MAAM,IAAI8vB,GAAqB,mBACnC,IAAIc,EAAS,IAAIvM,SAAS8L,EAAGltB,OAAQktB,EAAGjtB,WAAYitB,EAAGhtB,YACvD4kB,EAAIwD,OAAOqF,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,UAG3F5I,EAAIwD,OAAO,EAAG,EAAG,EAAG,GAG5BsF,oBAAoB/nB,GAChB,IAAK8lB,GAAS9lB,GACV,MAAM,IAAIgoB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQqH,IAAItvB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXkgB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBgxB,EAAO,EAEP5B,EAAO,EACP/uB,EAAS,IAAIsB,WAFLoN,EAAMmgB,GAAS,IAG3B,KAAOA,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GACjCqgB,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAKd,OAFAnQ,KAAKqD,IAAMA,EACXrD,KAAKmQ,IAAMA,EACJ1O,EAEX4wB,qBACI,IAAInJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQqH,IAAItvB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXmiB,EAAO,GAAMniB,EAAM,GACnBoiB,EAAOpiB,EACX,GAAInQ,KAAKwyB,eAAe,YACpB,GAAIxyB,KAAKwxB,QAAS,CACd,IAAK,IAAIiB,EAAI,EAAGA,EAAIH,IAAQG,EACxBvJ,EAAK7lB,EAAM8M,EAAMsiB,GAAKH,EAE1BniB,GAAOmiB,EACPC,EAAOpiB,OAEN,GAAIA,EAAM,GACX,MAAM,IAAI+gB,GAAqB,yDAInC/gB,GAAOmiB,EAEX,MAAM7wB,EAAS,IAAIsB,WAAWwvB,GAQ9B,OAPIpiB,GACAgZ,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAC9BoiB,GACA9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IACxCvyB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACEnwB,EAEXixB,oBAAoBxoB,GAChB,IAAK8lB,GAAS9lB,GACV,MAAM,IAAIgoB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQ2H,IAAI5vB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXkgB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBgxB,EAAO,EACPG,EAAQpiB,EAAMmgB,GAAS,GACvBgC,EAAO,EACP9B,EAAO,EACPxwB,KAAKwxB,UACLc,EAAOniB,EAAMmgB,EAAOiC,GAAQ,GAC5BA,GAAQD,GAEZ,MAAM7wB,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAAQmgB,EAAc,EAAPgC,IAChD9B,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAKd,OAFAnQ,KAAKqD,IAAMA,EACXrD,KAAKmQ,IAAMA,EACJ1O,EAEXkxB,qBACI,IAAIzJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQ2H,IAAI5vB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXoiB,EAAOpiB,EACX,GAAIA,EAAM,EAAG,CACT,GAAIA,EAAM,GAAI,CACV,GAAInQ,KAAKwyB,eAAe,WACpB,MAAM,IAAItB,GAAqB,oDAG/B/gB,GAAO,GAAMA,EAAM,GAI3B,GADAgZ,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAC1BnQ,KAAKwyB,eAAe,YAAcxyB,KAAKwxB,QAAS,CAChD,IAAIoB,EAAM1J,EAAK7lB,EAAMkvB,EAAO,GAC5B,GAAIK,EAAM,GAAKA,EAAM,IAAMA,EAAML,EAC7B,MAAM,IAAIpB,GAAc,eAC5B,IAAI0B,EAAS,EACb,IAAK,IAAI1vB,EAAIyvB,EAAKzvB,EAAI,EAAGA,IACrB0vB,GAAUD,EAAM1J,EAAK7lB,EAAMkvB,EAAOpvB,GACtC,GAAI0vB,EACA,MAAM,IAAI1B,GAAc,eAC5BoB,GAAQK,GAGhB,MAAMnxB,EAAS,IAAIsB,WAAWwvB,GAO9B,OANIA,EAAO,GACP9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IAExCvyB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACEnwB,GCtMR,MAAMqxB,GACT9K,eAAe9d,EAAM8M,EAAKwa,GAAU,GAChC,OAAO,IAAIsB,GAAQ9b,EAAKwa,GAASuB,QAAQ7oB,GAE7C8d,eAAe9d,EAAM8M,EAAKwa,GAAU,GAChC,OAAO,IAAIsB,GAAQ9b,EAAKwa,GAASwB,QAAQ9oB,GAE7CpK,YAAYkX,EAAKwa,GAAU,EAAOyB,GAC9BjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,EAAWuwB,EAAS,OAE5DuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCb5B,SAASM,GAAI7xB,GACX,MAAM8xB,EAAI,SAASlc,GACjB,MAAMmc,EAAS,IAAIL,GAAQ9b,GAE3BhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOD,EAAOJ,QAAQK,IAGxBpzB,KAAKgzB,QAAU,SAASI,GACtB,OAAOD,EAAOH,QAAQI,KAO1B,OAHAF,EAAEG,UAAYH,EAAElyB,UAAUqyB,UAAY,GACtCH,EAAEI,QAAUJ,EAAElyB,UAAUsyB,QAAUlyB,EAAS,EAEpC8xB,CACT,CCAA,SAASK,GAAIC,EAAM7Z,EAASoZ,EAAS5E,EAAMoD,EAAIC,GAE7C,MAAMiC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI7wB,EACA4Z,EACAkX,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAdApnB,EAAI,EAeJ2C,EAAMwJ,EAAQvY,OAGlB,MAAMyzB,EAA6B,KAAhBrB,EAAKpyB,OAAgB,EAAI,EAE1CkzB,EADiB,IAAfO,EACQ9B,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFpZ,EAqQJ,SAAuBA,EAAS6X,GAC9B,MAAMsD,EAAY,EAAKnb,EAAQvY,OAAS,EAExC,IAAIwxB,EACJ,GAAgB,IAAZpB,GAAkBsD,EAAY,EAChClC,EAAM,QACD,GAAgB,IAAZpB,EACToB,EAAMkC,MACD,IAAKtD,KAAYsD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOnb,EAEP,MAAUvW,MAAM,wBAJhBwvB,EAAM,EAOR,MAAMmC,EAAgB,IAAIhyB,WAAW4W,EAAQvY,OAAS0zB,GACtD,IAAK,IAAI3xB,EAAI,EAAGA,EAAIwW,EAAQvY,OAAQ+B,IAClC4xB,EAAc5xB,GAAKwW,EAAQxW,GAE7B,IAAK,IAAI4Z,EAAI,EAAGA,EAAI+X,EAAW/X,IAC7BgY,EAAcpb,EAAQvY,OAAS2b,GAAK6V,EAGtC,OAAOmC,CACT,CA9RcC,CAAcrb,EAAS6X,GACjCrhB,EAAMwJ,EAAQvY,QAIhB,IAAIK,EAAS,IAAIsB,WAAWoN,GACxBkM,EAAI,EASR,IAPa,IAAT8R,IACFoG,EAAWhD,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,EAAK+jB,EAAG/jB,KAClEinB,EAAYlD,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,EAAK+jB,EAAG/jB,KACnEA,EAAI,GAICA,EAAI2C,GAAK,CAsCd,IArCAikB,EAAQza,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KACnF6mB,EAAS1a,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KAGvE,IAAT2gB,IACE4E,GACFqB,GAAQG,EACRF,GAASI,IAETD,EAAWD,EACXG,EAAYD,EACZF,EAAUH,EACVK,EAAWJ,IAKfJ,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BtX,EAAI,EAAGA,EAAI8X,EAAY9X,GAAK,EAAG,CAIlC,IAHA4X,EAAUL,EAAQvX,EAAI,GACtB6X,EAAUN,EAAQvX,EAAI,GAEjB5Z,EAAImxB,EAAQvX,GAAI5Z,IAAMwxB,EAASxxB,GAAKyxB,EACvCV,EAASG,EAAQb,EAAKrwB,GACtBgxB,GAAWE,IAAU,EAAMA,GAAS,IAAOb,EAAKrwB,EAAI,GAEpD8wB,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,EAIVG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGJ,IAAT9F,IACE4E,GACFwB,EAAUH,EACVK,EAAWJ,IAEXD,GAAQI,EACRH,GAASK,IAIbjzB,EAAO4a,KAAQ+X,IAAS,GACxB3yB,EAAO4a,KAAS+X,IAAS,GAAM,IAC/B3yB,EAAO4a,KAAS+X,IAAS,EAAK,IAC9B3yB,EAAO4a,KAAe,IAAP+X,EACf3yB,EAAO4a,KAAQgY,IAAU,GACzB5yB,EAAO4a,KAASgY,IAAU,GAAM,IAChC5yB,EAAO4a,KAASgY,IAAU,EAAK,IAC/B5yB,EAAO4a,KAAgB,IAARgY,EAQjB,OAJKtB,IACHtxB,EA4KJ,SAA0BkY,EAAS6X,GACjC,IACIoB,EADAkC,EAAY,KAEhB,GAAgB,IAAZtD,EACFoB,EAAM,QACD,GAAgB,IAAZpB,EACTsD,EAAYnb,EAAQA,EAAQvY,OAAS,OAChC,IAAKowB,EAGV,MAAUpuB,MAAM,wBAFhBwvB,EAAM,EAKR,IAAKkC,EAAW,CAEd,IADAA,EAAY,EACLnb,EAAQA,EAAQvY,OAAS0zB,KAAelC,GAC7CkC,IAEFA,IAGF,OAAOnb,EAAQtN,SAAS,EAAGsN,EAAQvY,OAAS0zB,EAC9C,CAlMaG,CAAiBxzB,EAAQ+vB,IAG7B/vB,CACT,CAOA,SAASyzB,GAAcle,GAErB,MAAMme,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa7d,EAAI5V,OAAS,EAAI,EAAI,EAElCoyB,EAAW3zB,MAAM,GAAKg1B,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAlC,EAFAzmB,EAAI,EACJhB,EAAI,EAGR,IAAK,IAAIuQ,EAAI,EAAGA,EAAI8X,EAAY9X,IAAK,CACnC,IAAIqX,EAAQpd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KACnE6mB,EAASrd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KAExEymB,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAI9wB,EAAI,EAAGA,EAAI8yB,GAAe9yB,IAE7B8yB,EAAO9yB,IACTixB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMV6B,EAAWf,EAAUf,IAAS,IAAMgB,EAAWhB,IAAS,GAAM,IAAOiB,EAAWjB,IAAS,GAAM,IAAOkB,EACpGlB,IAAS,GAAM,IAAOmB,EAAWnB,IAAS,GAAM,IAAOoB,EAAWpB,IAAS,EAAK,IAAOqB,EAAWrB,IAAS,EAC3G,IACF+B,EAAYT,EAAUrB,IAAU,IAAMsB,EAAWtB,IAAU,GAAM,IAAOuB,EAAWvB,IAAU,GAAM,IACjGwB,EAAYxB,IAAU,GAAM,IAAOyB,EAAYzB,IAAU,GAAM,IAAO0B,EAAY1B,IAAU,EAAK,IACjG2B,EAAY3B,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCkC,IAAc,GAAMD,GAC7B1C,EAAKhnB,KAAO0pB,EAAWjC,EACvBT,EAAKhnB,KAAO2pB,EAAalC,GAAQ,GAIrC,OAAOT,CACT,CAwDO,SAAS4C,GAAUpf,GACxBhX,KAAKgX,IAAM,GAEX,IAAK,IAAI7T,EAAI,EAAGA,EAAI,EAAGA,IACrBnD,KAAKgX,IAAInV,KAAK,IAAIkB,WAAWiU,EAAI3K,SAAa,EAAJlJ,EAAY,EAAJA,EAAS,KAG7DnD,KAAK+yB,QAAU,SAASK,GACtB,OAAOG,GACL2B,GAAcl1B,KAAKgX,IAAI,IACvBuc,GACE2B,GAAcl1B,KAAKgX,IAAI,IACvBuc,GACE2B,GAAcl1B,KAAKgX,IAAI,IACvBoc,GAAO,EAAM,EAAG,KAAM,OAExB,EAAO,EAAG,KAAM,OACf,EAAM,EAAG,KAAM,MAGxB,CCtbA,SAASiD,KACPr2B,KAAKs2B,UAAY,EACjBt2B,KAAKu2B,QAAU,GAEfv2B,KAAKw2B,OAAS,SAASxf,GAMrB,GALAhX,KAAKy2B,QAAc52B,MAAM,IACzBG,KAAK02B,OAAa72B,MAAM,IAExBG,KAAK2xB,QAED3a,EAAI5V,SAAWpB,KAAKu2B,QAGtB,MAAUnzB,MAAM,mCAElB,OAJEpD,KAAK22B,YAAY3f,IAIZ,GAGThX,KAAK2xB,MAAQ,WACX,IAAK,IAAIxuB,EAAI,EAAGA,EAAI,GAAIA,IACtBnD,KAAKy2B,QAAQtzB,GAAK,EAClBnD,KAAK02B,OAAOvzB,GAAK,GAIrBnD,KAAK42B,aAAe,WAClB,OAAO52B,KAAKs2B,WAGdt2B,KAAK+yB,QAAU,SAAS8D,GACtB,MAAMC,EAAUj3B,MAAMg3B,EAAIz1B,QAE1B,IAAK,IAAI+B,EAAI,EAAGA,EAAI0zB,EAAIz1B,OAAQ+B,GAAK,EAAG,CACtC,IAEIkb,EAFA0Y,EAAKF,EAAI1zB,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GACtE4K,EAAK8oB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GAG9Ekb,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJyY,EAAI3zB,GAAM4K,IAAM,GAAM,IACtB+oB,EAAI3zB,EAAI,GAAM4K,IAAM,GAAM,IAC1B+oB,EAAI3zB,EAAI,GAAM4K,IAAM,EAAK,IACzB+oB,EAAI3zB,EAAI,GAAS,IAAJ4K,EACb+oB,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,IAAM,EAAK,IACzBD,EAAI3zB,EAAI,GAAS,IAAJ4zB,EAGf,OAAOD,GAGT92B,KAAKgzB,QAAU,SAAS6D,GACtB,MAAMC,EAAUj3B,MAAMg3B,EAAIz1B,QAE1B,IAAK,IAAI+B,EAAI,EAAGA,EAAI0zB,EAAIz1B,OAAQ+B,GAAK,EAAG,CACtC,IAEIkb,EAFA0Y,EAAKF,EAAI1zB,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GACtE4K,EAAK8oB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GAG9Ekb,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJyY,EAAI3zB,GAAM4K,IAAM,GAAM,IACtB+oB,EAAI3zB,EAAI,GAAM4K,IAAM,GAAM,IAC1B+oB,EAAI3zB,EAAI,GAAM4K,IAAM,EAAK,IACzB+oB,EAAI3zB,EAAI,GAAS,IAAJ4K,EACb+oB,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,GAAK,GAAM,IACzBD,EAAI3zB,EAAI,GAAM4zB,GAAK,EAAK,IACxBD,EAAI3zB,EAAI,GAAS,IAAJ4zB,EAGf,OAAOD,GAET,MAAMK,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGlO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASJ,EAAGnO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASH,EAAGpO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,GA7FhGD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnCp3B,KAAK22B,YAAc,SAASY,GAC1B,MAAMlZ,aACAhC,EAAQxc,MAAM,IAEpB,IAAIkd,EAEJ,IAAK,IAAI5Z,EAAI,EAAGA,EAAI,EAAGA,IACrB4Z,EAAQ,EAAJ5Z,EACJkb,EAAElb,GAAMo0B,EAAIxa,IAAM,GAAOwa,EAAIxa,EAAI,IAAM,GAAOwa,EAAIxa,EAAI,IAAM,EAAKwa,EAAIxa,EAAI,GAG3E,MAAM7P,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIsqB,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK5a,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtO,EAAI0oB,EAAUQ,GAAO5a,GAC3Bya,EAAInZ,EAAE5P,EAAE,IAER+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAKpqB,EAAE6P,IAAKsB,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D4P,EAAE5P,EAAE,IAAM+oB,EAGZ,IAAKza,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM1O,EAAI+oB,EAAUO,GAAO5a,GAC3Bya,EAAIF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,EAAIva,GAAIsB,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7DgO,EAAEob,GAAMD,EACRC,KAKN,IAAK,IAAIt0B,EAAI,EAAGA,EAAI,GAAIA,IACtBnD,KAAKy2B,QAAQtzB,GAAKkZ,EAAElZ,GACpBnD,KAAK02B,OAAOvzB,GAAiB,GAAZkZ,EAAE,GAAKlZ,IAwB5B,MAAMm0B,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASM,GAAM5gB,GACbhX,KAAKyT,MAAQ,IAAI4iB,GACjBr2B,KAAKyT,MAAM+iB,OAAOxf,GAElBhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKyT,MAAMsf,QAAQK,GAE9B,CDpJAgD,GAAU9C,QAAU8C,GAAUp1B,UAAUsyB,QAAU,GAClD8C,GAAU/C,UAAY+C,GAAUp1B,UAAUqyB,UAAY,ECqJtDuE,GAAMvE,UAAYuE,GAAM52B,UAAUqyB,UAAY,EAC9CuE,GAAMtE,QAAUsE,GAAM52B,UAAUsyB,QAAU,GCpkB1C,MAAMuE,GAAS,WAEf,SAASC,GAAKN,EAAGhrB,GACf,OAAQgrB,GAAKhrB,EAAIgrB,IAAO,GAAKhrB,GAAMqrB,EACrC,CAEA,SAASE,GAAKtpB,EAAGtL,GACf,OAAOsL,EAAEtL,GAAKsL,EAAEtL,EAAI,IAAM,EAAIsL,EAAEtL,EAAI,IAAM,GAAKsL,EAAEtL,EAAI,IAAM,EAC7D,CAEA,SAAS60B,GAAKvpB,EAAGtL,EAAGq0B,GAClB/oB,EAAEwpB,OAAO90B,EAAG,EAAO,IAAJq0B,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASU,GAAKhrB,EAAGV,GACf,OAAQU,IAAW,EAAJV,EAAU,GAC3B,CAkSA,SAAS2rB,GAAGnhB,GACVhX,KAAKo4B,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMxrB,GACb,OAAOurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAG3F,SAASyrB,EAAMzrB,GACb,OAAOurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAG3F,SAAS0rB,EAAQ7qB,EAAG8qB,GAClB,IAAIpqB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,GAAM8pB,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,GAAM8pB,GAC7DppB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,IAAO8pB,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,IAAO8pB,GAGhE,SAASiB,EAAQ31B,EAAG01B,GAClB,IAAIpqB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,IAAO00B,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,IAAO00B,GAAQ,IAClEppB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,GAAM00B,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,GAAM00B,GAAQ,IAsDnE,MAAO,CACLvsB,KAAM,UACNytB,UAAW,GACXC,KAhQF,SAAiBhiB,GAEf,IAAI7T,EACAsL,EACAJ,EACAmO,EACAsM,EALJuP,EAAWrhB,EAMX,MAAMiiB,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DprB,EAAI,CACR,GACA,IAEIlB,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASusB,EAAM7sB,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,GAG1C,SAAS8sB,EAAM9sB,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,GAGrD,SAAS+sB,EAAOxH,EAAG/jB,GACjB,IAAIvL,EACAkb,EACA6b,EACJ,IAAK/2B,EAAI,EAAGA,EAAI,EAAGA,IACjBkb,EAAI3P,IAAM,GACVA,EAAMA,GAAK,EAAKmpB,GAAUpF,IAAM,GAChCA,EAAKA,GAAK,EAAKoF,GACfqC,EAAI7b,GAAK,EACD,IAAJA,IACF6b,GAAK,KAEPxrB,GAAK2P,EAAK6b,GAAK,GACfA,GAAK7b,IAAM,EACH,EAAJA,IACF6b,GAAK,KAEPxrB,GAAKwrB,GAAK,GAAKA,GAAK,EAEtB,OAAOxrB,EAGT,SAASyrB,EAAG3tB,EAAGU,GACb,MAAMuB,EAAIvB,GAAK,EACTmB,EAAQ,GAAJnB,EACJsP,EAAIid,EAAGjtB,GAAGiC,EAAIJ,GACdya,EAAI4Q,EAAGltB,GAAGqtB,EAAKxrB,GAAKyrB,EAAKrrB,IAC/B,OAAOmrB,EAAGptB,GAAGqtB,EAAK/Q,GAAKgR,EAAKtd,KAAO,EAAImd,EAAGntB,GAAGgQ,EAAIsM,GAGnD,SAASsR,EAAKltB,EAAG8J,GACf,IAAIvI,EAAIypB,GAAKhrB,EAAG,GACZmB,EAAI6pB,GAAKhrB,EAAG,GACZsP,EAAI0b,GAAKhrB,EAAG,GACZ4b,EAAIoP,GAAKhrB,EAAG,GAChB,OAAQksB,GACN,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,GAC3B8R,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,GAC3B8R,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGA,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnD3I,EAAIK,EAAE,GAAGA,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnDwF,EAAI9N,EAAE,GAAGA,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnD8R,EAAIpa,EAAE,GAAGA,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GAEvD,OAAOxJ,EAAE,GAAGiB,GAAKjB,EAAE,GAAGa,GAAKb,EAAE,GAAGgP,GAAKhP,EAAE,GAAGsb,GAK5C,IAFAuP,EAAWA,EAAS32B,MAAM,EAAG,IAC7ByB,EAAIk1B,EAASj3B,OACA,KAAN+B,GAAkB,KAANA,GAAkB,KAANA,GAC7Bk1B,EAASl1B,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAIk1B,EAASj3B,OAAQ+B,GAAK,EACpCg2B,EAAMh2B,GAAK,GAAK40B,GAAKM,EAAUl1B,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBuL,EAAE,GAAGvL,GAAKg3B,EAAG,EAAGh3B,GAChBuL,EAAE,GAAGvL,GAAKg3B,EAAG,EAAGh3B,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBm2B,EAAM5qB,EAAE,GAAGvL,GACXo2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ9rB,EAAE,GAAGrK,GAAKm2B,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnDhsB,EAAE,GAAGrK,GAAKo2B,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM5qB,EAAE,GAAGvL,GACXo2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ9rB,EAAE,GAAGrK,GAAKq2B,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD9rB,EAAE,GAAGrK,GAAKo2B,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM/3B,OAAS,EACjB+B,EAAI,EAAGA,EAAIi2B,EAAMj2B,IACpBsL,EAAI0qB,EAAMh2B,EAAIA,GACd81B,EAAM91B,GAAKsL,EACXJ,EAAI8qB,EAAMh2B,EAAIA,EAAI,GAClB+1B,EAAM/1B,GAAKkL,EACXgrB,EAAKD,EAAOj2B,EAAI,GAAK82B,EAAOxrB,EAAGJ,GAEjC,IAAKlL,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBsL,EAAI,SAAYtL,EAChBkL,EAAII,EAAI,SACRA,EAAI2rB,EAAK3rB,EAAGwqB,GACZ5qB,EAAIypB,GAAKsC,EAAK/rB,EAAG6qB,GAAQ,GACzBV,EAAOr1B,GAAMsL,EAAIJ,EAAKwpB,GACtBW,EAAOr1B,EAAI,GAAK20B,GAAKrpB,EAAI,EAAIJ,EAAG,GAElC,IAAKlL,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAsL,EAAIJ,EAAImO,EAAIsM,EAAI3lB,EACRi2B,GACN,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,GAC5BhrB,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,GAC5B7c,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH5qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,GAC5BhrB,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,GAC5B7c,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,MA0FzEr3B,MAvDF,WACEw2B,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,KAkDF1F,QA9CF,SAAoB7oB,EAAMqG,GACxB+nB,EAAYpuB,EACZquB,EAAahoB,EACb,MAAMsoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzb,EAAI,EAAGA,EAAI,EAAGA,IACrB6b,EAAQ7b,EAAG8b,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,GAgCPtF,QA7BF,SAAoB9oB,EAAMqG,GACxB+nB,EAAYpuB,EACZquB,EAAahoB,EACb,MAAMsoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzb,EAAI,EAAGA,GAAK,EAAGA,IACtB+b,EAAQ/b,EAAG8b,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,IAiBd8B,SAZF,WACE,OAAO/B,GAaX,CAKYgC,GACVt6B,KAAKo4B,GAAGY,KAAKn5B,MAAMuiB,KAAKpL,GAAM,GAE9BhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKo4B,GAAGrF,QAAQlzB,MAAMuiB,KAAKgR,GAAQ,GAE9C,CCxUA,SAASmH,MAqXT,SAASC,GAAGxjB,GACVhX,KAAKy6B,GAAK,IAAIF,GACdv6B,KAAKy6B,GAAGC,KAAK1jB,GAEbhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKy6B,GAAGE,aAAavH,GAEhC,CDlDA+E,GAAG7E,QAAU6E,GAAGn3B,UAAUsyB,QAAU,GACpC6E,GAAG9E,UAAY8E,GAAGn3B,UAAUqyB,UAAY,GCrUxCkH,GAASv5B,UAAU45B,UAAY,EAK/BL,GAASv5B,UAAU65B,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,GAASv5B,UAAU85B,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,GAASv5B,UAAU+5B,GAAK,GASxBR,GAASv5B,UAAUg6B,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,WAEZ,OAAOA,CACT,EAKAV,GAASv5B,UAAUk6B,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAKn7B,KAAKw7B,OAAO,GAAGD,GAAMv7B,KAAKw7B,OAAO,GAAGF,GACzCH,GAAMn7B,KAAKw7B,OAAO,GAAGH,GACrBF,GAAMn7B,KAAKw7B,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,GAASv5B,UAAUy6B,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAK37B,KAAK+6B,KAAMY,EAAI,CAC/BC,GAAS57B,KAAK87B,OAAOH,GACrBE,EAAQ77B,KAAKk7B,GAAGU,GAASC,EAEzB,MAAMltB,EAAMitB,EACZA,EAAQC,EACRA,EAAQltB,EAGVitB,GAAS57B,KAAK87B,OAAO97B,KAAK+6B,GAAK,GAC/Bc,GAAS77B,KAAK87B,OAAO97B,KAAK+6B,GAAK,GAE/BW,EAAK,GAAK17B,KAAKg7B,OAAOa,GACtBH,EAAK,GAAK17B,KAAKg7B,OAAOY,EACxB,EAWArB,GAASv5B,UAAU25B,aAAe,SAASoB,GACzC,IAAIJ,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXM,EAAMh8B,KAAK46B,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAK37B,KAAK46B,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBK,EAAOJ,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBK,EAAOJ,EAAKK,GAG1Ch8B,KAAKy7B,cAAcC,GAEnB,MAAMtN,EAAM,GACZ,IAAKuN,EAAK,EAAGA,EAAK37B,KAAK46B,UAAY,IAAKe,EACtCvN,EAAIuN,EAAK,GAAOD,EAAK,KAAQ,GAAK,IAAa,IAC/CtN,EAAIuN,EAAKK,GAASN,EAAK,KAAQ,GAAK,IAAa,IAKnD,OAAOtN,CACT,EAMAmM,GAASv5B,UAAUi7B,cAAgB,SAASP,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK37B,KAAK+6B,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAAS57B,KAAK87B,OAAOH,GACrBE,EAAQ77B,KAAKk7B,GAAGU,GAASC,EAEzB,MAAMltB,EAAMitB,EACZA,EAAQC,EACRA,EAAQltB,EAGVitB,GAAS57B,KAAK87B,OAAO,GACrBD,GAAS77B,KAAK87B,OAAO,GAErBJ,EAAK,GAAK17B,KAAKg7B,OAAOa,GACtBH,EAAK,GAAK17B,KAAKg7B,OAAOY,EACxB,EAMArB,GAASv5B,UAAU05B,KAAO,SAAS1jB,GACjC,IAAI2kB,EACAtM,EAAK,EAGT,IADArvB,KAAK87B,OAAS,GACTH,EAAK,EAAGA,EAAK37B,KAAK+6B,GAAK,IAAKY,EAAI,CACnC,IAAIzxB,EAAO,EACX,IAAK,IAAIgyB,EAAK,EAAGA,EAAK,IAAKA,EACzBhyB,EAAQA,GAAQ,EAAgB,IAAV8M,EAAIqY,KACpBA,GAAMrY,EAAI5V,SACdiuB,EAAK,GAGTrvB,KAAK87B,OAAOH,GAAM37B,KAAK86B,OAAOa,GAAMzxB,EAItC,IADAlK,KAAKw7B,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADA37B,KAAKw7B,OAAOG,GAAM,GACbtM,EAAK,EAAGA,EAAK,MAAOA,EACvBrvB,KAAKw7B,OAAOG,GAAItM,GAAMrvB,KAAK66B,OAAOc,GAAItM,GAI1C,MAAMqM,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAK37B,KAAK+6B,GAAK,EAAGY,GAAM,EACnC37B,KAAKy7B,cAAcC,GACnB17B,KAAK87B,OAAOH,EAAK,GAAKD,EAAK,GAC3B17B,KAAK87B,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKtM,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BrvB,KAAKy7B,cAAcC,GACnB17B,KAAKw7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,GAC/B17B,KAAKw7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,EAGrC,EAYAlB,GAAGlH,QAAUkH,GAAGx5B,UAAUsyB,QAAU,GACpCkH,GAAGnH,UAAYmH,GAAGx5B,UAAUqyB,UAAY,ECvXjC,MAAM1f,GAASsf,GAAI,KASbrf,GAASqf,GAAI,KASbpf,GAASof,GAAI,KAEbM,GJqaN,SAAavc,GAClBhX,KAAKgX,IAAMA,EAEXhX,KAAK+yB,QAAU,SAASK,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAcl1B,KAAKgX,KACfoc,GAAO,EAAM,EAAG,KAAM5B,IAGzCxxB,KAAKgzB,QAAU,SAASI,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAcl1B,KAAKgX,KACfoc,GAAO,EAAO,EAAG,KAAM5B,GAE5C,mGIzayB4E,SAQJwB,WAQEO,YAQCqC,QAMJ,WAClB,MAAUp3B,MAAM,+CAClB,IChFW+4B,GAAW,SAAW/S,EAAQH,EAAS5kB,GAC9C,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EACrCC,EAAS,EAAGC,EAAS,EAGzB,IAAI7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EACrCC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAGzC,IAAIlS,EAAO,IAAItB,EAAOrmB,WAAWsB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAInvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGsM,EAAI,EAAGrkB,EAAI,EAAG+H,EAAI,EAAG6R,EAAI,EAC9Cwf,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACjCC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAE3FnzB,EAAI4b,EACJhc,EAAIic,EACJ9N,EAAI+N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EAGJ/d,EAAMwe,GAAOpuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMye,GAAOruB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM0e,GAAOtuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM2e,GAAOvuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM4e,GAAOxuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM6e,GAAOzuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM8e,GAAO1uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM+e,GAAO3uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMgf,GAAO5uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMif,GAAO7uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMkf,GAAQ9uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMmf,GAAQ/uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMof,GAAQhvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMqf,GAAQjvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMsf,GAAQlvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMuf,GAAQnvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOrxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwf,GAAQpvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOtxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyf,GAAQrvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOvxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0f,GAAQtvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOxxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2f,GAAQvvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOzxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4f,GAAQxvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO1xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6f,GAAQzvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO3xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8f,GAAQ1vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO5xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+f,GAAQ3vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKggB,GAAQ5vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKigB,GAAQ7vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO/xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkgB,GAAQ9vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOhyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmgB,GAAQ/vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOjyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKogB,GAAQhwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOlyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqgB,GAAQjwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOnyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKsgB,GAAQlwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIiyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOpyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKugB,GAAQnwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOryB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwgB,GAAQpwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOtyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKygB,GAAQrwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOvyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0gB,GAAQtwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOxyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2gB,GAAQvwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOzyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4gB,GAAQxwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO1yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6gB,GAAQzwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO3yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8gB,GAAQ1wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+gB,GAAQ3wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKghB,GAAQ5wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKihB,GAAQ7wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO/yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkhB,IAAQ9wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOhzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmhB,IAAQ/wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOjzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKohB,IAAQhxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOlzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqhB,IAAQjxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOnzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKshB,IAAQlxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIizB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOpzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuhB,IAAQnxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOrzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwhB,IAAQpxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOtzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyhB,IAAQrxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIozB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOvzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0hB,IAAQtxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOxzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2hB,IAAQvxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIszB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOzzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4hB,IAAQxxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO1zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6hB,IAAQzxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO3zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8hB,IAAQ1xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO5zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+hB,IAAQ3xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO7zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKgiB,IAAQ5xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO9zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKiiB,IAAQ7xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkiB,IAAQ9xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmiB,IAAQ/xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKoiB,IAAQhyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqiB,IAAQjyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsiB,IAAQlyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKuiB,IAAQnyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIk0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOr0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKwiB,IAAQpyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIm0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOt0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKyiB,IAAQryB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIo0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOv0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK0iB,IAAQtyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIq0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOx0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK2iB,IAAQvyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIs0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOz0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK4iB,IAAQxyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIu0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO10B,GAAK,EAAMA,IAAM,GACxB6R,EAAK6iB,IAAQzyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIw0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO30B,GAAK,EAAMA,IAAM,GACxB6R,EAAK8iB,IAAQ1yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIy0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO50B,GAAK,EAAMA,IAAM,GACxB6R,EAAK+iB,IAAQ3yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI00B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO70B,GAAK,EAAMA,IAAM,GACxB6R,EAAKgjB,IAAQ5yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI20B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO90B,GAAK,EAAMA,IAAM,GACxB6R,EAAKijB,IAAQ7yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI40B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKkjB,IAAQ9yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI60B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmjB,IAAQ/yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI80B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKojB,IAAQhzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqjB,IAAQjzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsjB,IAAQlzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKujB,IAAQnzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAEpDgM,EAAOA,EAAK5b,EAAI,EAChB6b,EAAOA,EAAKjc,EAAI,EAChBkc,EAAOA,EAAK/N,EAAI,EAChBgO,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAIpB,SAASo9B,EAAatxB,GAClBA,EAASA,EAAO,EAEhBqa,EACIF,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC3Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,KAKrF,SAASuxB,EAAiB73B,GACtBA,EAASA,EAAO,EAEhBygB,EAAKzgB,EAAO,GAAKogB,IAAK,GACtBK,EAAKzgB,EAAO,GAAKogB,IAAK,GAAG,IACzBK,EAAKzgB,EAAO,GAAKogB,IAAK,EAAE,IACxBK,EAAKzgB,EAAO,GAAKogB,EAAG,IACpBK,EAAKzgB,EAAO,GAAKqgB,IAAK,GACtBI,EAAKzgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBI,EAAKzgB,EAAO,GAAKqgB,IAAK,EAAE,IACxBI,EAAKzgB,EAAO,GAAKqgB,EAAG,IACpBI,EAAKzgB,EAAO,GAAKsgB,IAAK,GACtBG,EAAKzgB,EAAO,GAAKsgB,IAAK,GAAG,IACzBG,EAAKzgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBG,EAAKzgB,EAAO,IAAMsgB,EAAG,IACrBG,EAAKzgB,EAAO,IAAMugB,IAAK,GACvBE,EAAKzgB,EAAO,IAAMugB,IAAK,GAAG,IAC1BE,EAAKzgB,EAAO,IAAMugB,IAAK,EAAE,IACzBE,EAAKzgB,EAAO,IAAMugB,EAAG,IACrBE,EAAKzgB,EAAO,IAAMmyB,IAAK,GACvB1R,EAAKzgB,EAAO,IAAMmyB,IAAK,GAAG,IAC1B1R,EAAKzgB,EAAO,IAAMmyB,IAAK,EAAE,IACzB1R,EAAKzgB,EAAO,IAAMmyB,EAAG,IAGzB,SAASzK,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLC,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAQC,GACxCN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACL9F,EAAS+F,EACT9F,EAAS+F,EAIb,SAAShgC,EAAUkO,EAAQnP,GACvBmP,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAEhB,IAAIkhC,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,OAASnP,EAAO,IAAM,GAAK,CACvBygC,EAAWtxB,GAEXA,EAAWA,EAAS,GAAK,EACzBnP,EAAWA,EAAS,GAAK,EAEzBkhC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASt4B,EAASuG,EAAQnP,EAAQ6I,GAC9BsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAIq4B,EAAS,EACTn/B,EAAI,EAER,GAAKoN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM7I,EAAO,IAAM,GAAK,CACpBkhC,EAASjgC,EAASkO,EAAQnP,GAAS,EACnC,IAAMkhC,EAAO,KAAO,EAChB,OAAQ,EAEZ/xB,EAAWA,EAAS+xB,EAAS,EAC7BlhC,EAAWA,EAASkhC,EAAS,EAGjCA,EAAWA,EAASlhC,EAAS,EAC7Bi7B,EAAWA,EAASj7B,EAAS,EAC7B,GAAKi7B,IAAS,EAAIj7B,IAAS,EAAIk7B,EAAUA,EAAS,EAAG,EAErD5R,EAAKna,EAAOnP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM+B,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,KACrB0+B,EAAWtxB,GAEXnP,EAAS,EAETspB,EAAKna,EAAO,GAAK,EAGrB,IAAMpN,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,EAErBunB,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,EAAE,IAC7B5R,EAAKna,EAAO,IAAM+rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,EAAE,IAC7B3R,EAAKna,EAAO,IAAM8rB,GAAQ,EAAE,IAC5BwF,EAAWtxB,GAEX,IAAMtG,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACLF,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACLP,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EAGLzK,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EAELC,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAcnzB,EAAQnP,EAAQ6I,GACnCsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAI05B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGtB,EAAS,EAErD,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBq4B,EAASt4B,EAAQuG,EAAQnP,GAAS,GAAI,EACtCuiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAElE,IAAM35B,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAMlB,SAASuB,EAAwBtzB,EAAQnP,EAAQgyB,EAAO0Q,EAAO75B,GAC3DsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChBgyB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd75B,EAASA,EAAO,EAEhB,IAAI83B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACrCwB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAEzC,GAAKrzB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBygB,EAAMna,EAAOnP,EAAQ,GAAOgyB,IAAQ,GACpC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,GAAG,IACvC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,EAAE,IACtC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,EAAM,IAGlCsQ,EAAanzB,EAASnP,EAAO,EAAG,GAAI,GAAI,EACxC2gC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAClE0H,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzC2F,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EAEV0H,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EAEL,IAAMl4B,EACF63B,EAAe73B,GAEnB,OAAO,EAGX,MAAO,CAEL0nB,MAAOA,EACP+I,KAAMA,EACNr4B,QAASA,EACT2H,OAAQA,EAGRu4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,EC/1BO,MAAME,GACTjkC,cACIE,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EAEfwhB,QACI,MAAMxI,IAAEA,GAAQnpB,KAAKyxB,cAKrB,OAJAzxB,KAAKyB,OAAS,KACdzB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXgZ,EAAIwI,QACG3xB,KAEXqC,QAAQ6H,GACJ,GAAoB,OAAhBlK,KAAKyB,OACL,MAAM,IAAIuvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKyxB,cAC3B,IAAIrB,EAAOpwB,KAAKqD,IACZktB,EAAOvwB,KAAKmQ,IACZkgB,EAAO,EACPC,EAAOpmB,EAAK9I,OACZovB,EAAO,EACX,KAAOF,EAAO,GACVE,EAAOL,GAAYjH,EAAMkH,EAAOG,EAAMrmB,EAAMmmB,EAAMC,GAClDC,GAAQC,EACRH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI9mB,QAAQ+tB,EAAMG,GACzBH,GAAQI,EACRD,GAAQC,EACHD,IACDH,EAAO,GAIf,OAFApwB,KAAKqD,IAAM+sB,EACXpwB,KAAKmQ,IAAMogB,EACJvwB,KAEXgK,SACI,GAAoB,OAAhBhK,KAAKyB,OACL,MAAM,IAAIuvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKyxB,cAO3B,OANAtI,EAAInf,OAAOhK,KAAKqD,IAAKrD,KAAKmQ,IAAK,GAC/BnQ,KAAKyB,OAAS,IAAIsB,WAAW/C,KAAKgkC,WAClChkC,KAAKyB,OAAO+B,IAAI0lB,EAAK7c,SAAS,EAAGrM,KAAKgkC,YACtChkC,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACE5xB,MC9CR,MAEDoxB,GAAY,GACZC,GAAW,GACV,MAAM4S,WAAaF,GACtBjkC,cACIC,QACAC,KAAKkkC,KAAO,OACZlkC,KAAKmkC,WARmB,GASxBnkC,KAAKgkC,UARkB,GASvBhkC,KAAKyxB,cAETA,cAMI,YALkBxwB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOkI,GAAUM,OAASzB,KAC/BjwB,KAAKmpB,IAAMkI,GAASK,OAASyK,GAAS,CAAEp5B,YAA0B,KAAM/C,KAAKkpB,KAAK7kB,QAClFrE,KAAK2xB,SAEF,CAAEzI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf+mB,aAAa9d,GACT,OAAO,IAAI+5B,IAAO5hC,QAAQ6H,GAAMF,SAASvI,QAGjDwiC,GAAKC,KAAO,OACZD,GAAK7S,UAAY,GACjB6S,GAAK5S,SAAW,GAChB4S,GAAKG,aAAejI,GCnCb,MAED/K,GAAY,GACZC,GAAW,GACV,MAAMgT,WAAeN,GACxBjkC,cACIC,QACAC,KAAKkkC,KAAO,SACZlkC,KAAKmkC,WARqB,GAS1BnkC,KAAKgkC,UARoB,GASzBhkC,KAAKyxB,cAETA,cAMI,YALkBxwB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOkI,GAAUM,OAASzB,KAC/BjwB,KAAKmpB,IAAMkI,GAASK,OClBR,SAAWtI,EAAQH,EAAS5kB,GAChD,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAS,EAAGC,EAAS,EAGrB7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGgI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAG7Dpa,EAAO,IAAItB,EAAOrmB,WAAWsB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAInvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGsM,EAAI,EAAGrkB,EAAI,EAAGsgC,EAAI,EAAGC,EAAI,EAAGzoB,EAAI,EAEzD9N,EAAI4b,EACJhc,EAAIic,EACJ9N,EAAI+N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EACJ2I,EAAIT,EACJU,EAAIT,EACJhoB,EAAIioB,EAGJjoB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGu2B,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwoB,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGza,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGkO,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGu2B,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwoB,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGza,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAEhGgc,EAAOA,EAAK5b,EAAI,EAChB6b,EAAOA,EAAKjc,EAAI,EAChBkc,EAAOA,EAAK/N,EAAI,EAChBgO,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAChB6/B,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKjoB,EAAI,EAGpB,SAASslB,EAAatxB,GAClBA,EAASA,EAAO,EAEhBqa,EACIF,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC3Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,KAKrF,SAASuxB,EAAiB73B,GACtBA,EAASA,EAAO,EAEhBygB,EAAKzgB,EAAO,GAAKogB,IAAK,GACtBK,EAAKzgB,EAAO,GAAKogB,IAAK,GAAG,IACzBK,EAAKzgB,EAAO,GAAKogB,IAAK,EAAE,IACxBK,EAAKzgB,EAAO,GAAKogB,EAAG,IACpBK,EAAKzgB,EAAO,GAAKqgB,IAAK,GACtBI,EAAKzgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBI,EAAKzgB,EAAO,GAAKqgB,IAAK,EAAE,IACxBI,EAAKzgB,EAAO,GAAKqgB,EAAG,IACpBI,EAAKzgB,EAAO,GAAKsgB,IAAK,GACtBG,EAAKzgB,EAAO,GAAKsgB,IAAK,GAAG,IACzBG,EAAKzgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBG,EAAKzgB,EAAO,IAAMsgB,EAAG,IACrBG,EAAKzgB,EAAO,IAAMugB,IAAK,GACvBE,EAAKzgB,EAAO,IAAMugB,IAAK,GAAG,IAC1BE,EAAKzgB,EAAO,IAAMugB,IAAK,EAAE,IACzBE,EAAKzgB,EAAO,IAAMugB,EAAG,IACrBE,EAAKzgB,EAAO,IAAMmyB,IAAK,GACvB1R,EAAKzgB,EAAO,IAAMmyB,IAAK,GAAG,IAC1B1R,EAAKzgB,EAAO,IAAMmyB,IAAK,EAAE,IACzB1R,EAAKzgB,EAAO,IAAMmyB,EAAG,IACrB1R,EAAKzgB,EAAO,IAAMq6B,IAAK,GACvB5Z,EAAKzgB,EAAO,IAAMq6B,IAAK,GAAG,IAC1B5Z,EAAKzgB,EAAO,IAAMq6B,IAAK,EAAE,IACzB5Z,EAAKzgB,EAAO,IAAMq6B,EAAG,IACrB5Z,EAAKzgB,EAAO,IAAMs6B,IAAK,GACvB7Z,EAAKzgB,EAAO,IAAMs6B,IAAK,GAAG,IAC1B7Z,EAAKzgB,EAAO,IAAMs6B,IAAK,EAAE,IACzB7Z,EAAKzgB,EAAO,IAAMs6B,EAAG,IACrB7Z,EAAKzgB,EAAO,IAAMu6B,IAAK,GACvB9Z,EAAKzgB,EAAO,IAAMu6B,IAAK,GAAG,IAC1B9Z,EAAKzgB,EAAO,IAAMu6B,IAAK,EAAE,IACzB9Z,EAAKzgB,EAAO,IAAMu6B,EAAG,IAGzB,SAAS7S,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLkI,EAAK,WACLC,EAAK,WACLC,EAAK,WACLnI,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAI8C,EAAIC,EAAIC,EAAI/C,EAAQC,GACpDN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR8C,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR/C,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EACL9I,EAAS+F,EACT9F,EAAS+F,EAIb,SAAShgC,EAAUkO,EAAQnP,GACvBmP,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAEhB,IAAIkhC,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,OAASnP,EAAO,IAAM,GAAK,CACvBygC,EAAWtxB,GAEXA,EAAWA,EAAS,GAAK,EACzBnP,EAAWA,EAAS,GAAK,EAEzBkhC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASt4B,EAASuG,EAAQnP,EAAQ6I,GAC9BsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAIq4B,EAAS,EACTn/B,EAAI,EAER,GAAKoN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM7I,EAAO,IAAM,GAAK,CACpBkhC,EAASjgC,EAASkO,EAAQnP,GAAS,EACnC,IAAMkhC,EAAO,KAAO,EAChB,OAAQ,EAEZ/xB,EAAWA,EAAS+xB,EAAS,EAC7BlhC,EAAWA,EAASkhC,EAAS,EAGjCA,EAAWA,EAASlhC,EAAS,EAC7Bi7B,EAAWA,EAASj7B,EAAS,EAC7B,GAAKi7B,IAAS,EAAIj7B,IAAS,EAAIk7B,EAAWA,EAAS,EAAI,EAEvD5R,EAAKna,EAAOnP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM+B,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,KAErB0+B,EAAWtxB,GAEXnP,EAAS,EAETspB,EAAKna,EAAO,GAAK,EAGrB,IAAMpN,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,EAErBunB,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,EAAE,IAC7B5R,EAAKna,EAAO,IAAM+rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,EAAE,IAC7B3R,EAAKna,EAAO,IAAM8rB,GAAQ,EAAE,IAC5BwF,EAAWtxB,GAEX,IAAMtG,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACL+H,EAAKG,EACLF,EAAKG,EACLF,EAAKG,EACLtI,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACL0H,EAAKM,EACLL,EAAKM,EACLL,EAAKM,EACLzI,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EACLwI,EAAKN,EACLO,EAAKN,EACLO,EAAKN,EAGL7S,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EACLqI,EAAKH,EACLI,EAAKH,EACLI,EAAKH,EAELnI,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAcnzB,EAAQnP,EAAQ6I,GACnCsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAI05B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DhD,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBq4B,EAASt4B,EAAQuG,EAAQnP,GAAS,GAAI,EACtCuiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAErE,IAAMr7B,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAMlB,SAASuB,EAAwBtzB,EAAQnP,EAAQgyB,EAAO0Q,EAAO75B,GAC3DsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChBgyB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd75B,EAASA,EAAO,EAEhB,IAAI83B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG8C,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DxB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAEjE,GAAK/0B,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBygB,EAAMna,EAAOnP,EAAQ,GAAOgyB,IAAQ,GACpC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,GAAG,IACvC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,EAAE,IACtC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,EAAM,IAGlCsQ,EAAanzB,EAASnP,EAAO,EAAG,GAAI,GAAI,EACxC2gC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAAI6I,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAC5GV,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEzC,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EACV6I,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EAEVV,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EAEL,IAAMl7B,EACF63B,EAAe73B,GAEnB,OAAO,EAGX,MAAO,CAEL0nB,MAAOA,EACP+I,KAAMA,EACNr4B,QAASA,EACT2H,OAAQA,EAGRu4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,CDtyByC0B,CAAW,CAAExiC,YAA0B,KAAM/C,KAAKkpB,KAAK7kB,QACpFrE,KAAK2xB,SAEF,CAAEzI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf+mB,aAAa9d,GACT,OAAO,IAAIm6B,IAAShiC,QAAQ6H,GAAMF,SAASvI,QAGnD4iC,GAAOH,KAAO,SEnCd,OAAiBsB,GAEjB,SAASA,GAAOC,EAAKC,GACnB,IAAKD,EACH,MAAUriC,MAAMsiC,GAAO,mBAC3B,CAEAF,GAAOx2B,MAAQ,SAAqB+nB,EAAGhpB,EAAG23B,GACxC,GAAI3O,GAAKhpB,EACP,MAAU3K,MAAMsiC,GAAQ,qBAAuB3O,EAAI,OAAShpB,EAChE,qTCRE43B,UAF2B,mBAAlBx6B,OAAOy6B,OAEC,SAAkBC,EAAMC,GACvCD,EAAKE,OAASD,EACdD,EAAK7kC,UAAYmK,OAAOy6B,OAAOE,EAAU9kC,UAAW,CAClDlB,YAAa,CACXuB,MAAOwkC,EACPG,YAAY,EACZn9B,UAAU,EACVo9B,cAAc,MAMH,SAAkBJ,EAAMC,GACvCD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAASllC,UAAY8kC,EAAU9kC,UAC/B6kC,EAAK7kC,UAAY,IAAIklC,EACrBL,EAAK7kC,UAAUlB,YAAc+lC,yBCpBjC,IACE,IAAIrrB,EAAOhY,UACX,GAA6B,mBAAlBgY,EAAK2rB,SAAyB,KAAM,GAC/CR,UAAiBnrB,EAAK2rB,QACxB,CAAE,MAAO1hC,GACPkhC,UAAiBhiC,EACnB,KC+BA,OA9BA,SAAiB+hC,EAAKU,GACpB,GAAIvmC,MAAMW,QAAQklC,GAChB,OAAOA,EAAIhkC,QACb,IAAKgkC,EACH,MAAO,GACT,IAAIn2B,EAAM,GACV,GAAmB,iBAARm2B,EACT,GAAKU,GAUE,GAAY,QAARA,EAIT,KAHAV,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1B7gB,OAAS,GAAM,IACrBskC,EAAM,IAAMA,GACTviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAK,EAC/BoM,EAAI1N,KAAK2O,SAASk1B,EAAIviC,GAAKuiC,EAAIviC,EAAI,GAAI,UAdzC,IAAK,IAAIA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIqZ,EAAIkpB,EAAI9oB,WAAWzZ,GACnBkjC,EAAK7pB,GAAK,EACV8pB,EAAS,IAAJ9pB,EACL6pB,EACF92B,EAAI1N,KAAKwkC,EAAIC,GAEb/2B,EAAI1N,KAAKykC,QAUf,IAAKnjC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC1BoM,EAAIpM,GAAc,EAATuiC,EAAIviC,GAEjB,OAAOoM,CACT,EASA,OANA,SAAem2B,GAEb,IADA,IAAIn2B,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,GAAOg3B,GAAMb,EAAIviC,GAAGwJ,SAAS,KAC/B,OAAO4C,CACT,EAGA,SAASi3B,GAAMhP,GAKb,OAJWA,IAAM,GACLA,IAAM,EAAK,MACXA,GAAK,EAAK,UACN,IAAJA,IAAa,MACV,CACjB,CAaA,OAVA,SAAiBkO,EAAKr1B,GAEpB,IADA,IAAId,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIq0B,EAAIkO,EAAIviC,GACG,WAAXkN,IACFmnB,EAAIgP,GAAMhP,IACZjoB,GAAOk3B,GAAMjP,EAAE7qB,SAAS,KAE1B,OAAO4C,CACT,EAGA,SAASg3B,GAAMG,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EAENA,CACX,CAGA,SAASD,GAAMC,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EACU,IAAhBA,EAAKtlC,OACL,KAAOslC,EACS,IAAhBA,EAAKtlC,OACL,MAAQslC,EACQ,IAAhBA,EAAKtlC,OACL,OAASslC,EACO,IAAhBA,EAAKtlC,OACL,QAAUslC,EACM,IAAhBA,EAAKtlC,OACL,SAAWslC,EACK,IAAhBA,EAAKtlC,OACL,UAAYslC,EAEZA,CACX,CAiBA,OAdA,SAAgBhB,EAAK1hC,EAAO2H,EAAK0E,GAC/B,IAAIF,EAAMxE,EAAM3H,EAChBwhC,GAAOr1B,EAAM,GAAM,GAEnB,IADA,IAAIZ,EAAU1P,MAAMsQ,EAAM,GACjBhN,EAAI,EAAGkZ,EAAIrY,EAAOb,EAAIoM,EAAInO,OAAQ+B,IAAKkZ,GAAK,EAAG,CACtD,IAAImb,EAEFA,EADa,QAAXnnB,EACGq1B,EAAIrpB,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,EAAKqpB,EAAIrpB,EAAI,GAEjEqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,EAAKqpB,EAAIrpB,GACxE9M,EAAIpM,GAAKq0B,IAAM,EAEjB,OAAOjoB,CACT,EAqBA,OAlBA,SAAiBm2B,EAAKr1B,GAEpB,IADA,IAAId,EAAU1P,MAAmB,EAAb6lC,EAAItkC,QACf+B,EAAI,EAAGkZ,EAAI,EAAGlZ,EAAIuiC,EAAItkC,OAAQ+B,IAAKkZ,GAAK,EAAG,CAClD,IAAI7O,EAAIk4B,EAAIviC,GACG,QAAXkN,GACFd,EAAI8M,GAAK7O,IAAM,GACf+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,EAAI,GAAS,IAAJ7O,IAEb+B,EAAI8M,EAAI,GAAK7O,IAAM,GACnB+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,GAAS,IAAJ7O,GAGb,OAAO+B,CACT,EA2HA,iBAvPmB42B,6BAiDHK,oBAoBAD,SAoBAE,+BAsChB,SAAgBjP,EAAGnpB,GACjB,OAAQmpB,IAAMnpB,EAAMmpB,GAAM,GAAKnpB,CACjC,SAGA,SAAgBmpB,EAAGnpB,GACjB,OAAQmpB,GAAKnpB,EAAMmpB,IAAO,GAAKnpB,CACjC,QAGA,SAAeI,EAAGJ,GAChB,OAAQI,EAAIJ,IAAO,CACrB,UAGA,SAAiBI,EAAGJ,EAAGmO,GACrB,OAAQ/N,EAAIJ,EAAImO,IAAO,CACzB,UAGA,SAAiB/N,EAAGJ,EAAGmO,EAAGsM,GACxB,OAAQra,EAAIJ,EAAImO,EAAIsM,IAAO,CAC7B,UAGA,SAAiBra,EAAGJ,EAAGmO,EAAGsM,EAAGrkB,GAC3B,OAAQgK,EAAIJ,EAAImO,EAAIsM,EAAIrkB,IAAO,CACjC,QAGA,SAAe8c,EAAKle,EAAKsjC,EAAIC,GAC3B,IAAIC,EAAKtlB,EAAIle,GAGTijC,EAAMM,EAFDrlB,EAAIle,EAAM,KAEI,EACnBgjC,GAAMC,EAAKM,EAAK,EAAI,GAAKD,EAAKE,EAClCtlB,EAAIle,GAAOgjC,IAAO,EAClB9kB,EAAIle,EAAM,GAAKijC,CACjB,WAGA,SAAkBK,EAAIC,EAAIC,EAAIC,GAG5B,OAFUF,EAAKE,IAAQ,EACRF,EAAK,EAAI,GAAKD,EAAKE,IACpB,CAChB,WAGA,SAAkBF,EAAIC,EAAIC,EAAIC,GAE5B,OADSF,EAAKE,IACA,CAChB,aAGA,SAAoBH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC9C,IAAIC,EAAQ,EACRb,EAAKM,EAST,OAPAO,IADAb,EAAMA,EAAKQ,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAb,EAAMA,EAAKU,IAAQ,GACLA,EAAK,EAAI,EAIdL,EAAKE,EAAKE,EAAKE,GAFxBE,IADAb,EAAMA,EAAKY,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAE9C,OADSN,EAAKE,EAAKE,EAAKE,IACV,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GACtD,IAAIF,EAAQ,EACRb,EAAKM,EAWT,OATAO,IADAb,EAAMA,EAAKQ,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAb,EAAMA,EAAKU,IAAQ,GACLA,EAAK,EAAI,EAEvBG,IADAb,EAAMA,EAAKY,IAAQ,GACLA,EAAK,EAAI,EAIdP,EAAKE,EAAKE,EAAKE,EAAKG,GAF7BD,IADAb,EAAMA,EAAKe,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBV,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GAGtD,OAFST,EAAKE,EAAKE,EAAKE,EAAKG,IAEf,CAChB,YAGA,SAAmBV,EAAIC,EAAIU,GAEzB,OADSV,GAAO,GAAKU,EAASX,IAAOW,KACxB,CACf,YAGA,SAAmBX,EAAIC,EAAIU,GAEzB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,WAGA,SAAkBX,EAAIC,EAAIU,GACxB,OAAOX,IAAOW,CAChB,WAGA,SAAkBX,EAAIC,EAAIU,GAExB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,GCtPA,SAASC,KACPvnC,KAAKwnC,QAAU,KACfxnC,KAAKynC,aAAe,EACpBznC,KAAKqzB,UAAYrzB,KAAKF,YAAYuzB,UAClCrzB,KAAK0nC,QAAU1nC,KAAKF,YAAY4nC,QAChC1nC,KAAK2nC,aAAe3nC,KAAKF,YAAY6nC,aACrC3nC,KAAK80B,UAAY90B,KAAKF,YAAYg1B,UAAY,EAC9C90B,KAAKqQ,OAAS,MAEdrQ,KAAK4nC,QAAU5nC,KAAKqzB,UAAY,EAChCrzB,KAAK6nC,SAAW7nC,KAAKqzB,UAAY,EACnC,CACA,OAAoBkU,GAEpBA,GAAUvmC,UAAU8mC,OAAS,SAAgBpC,EAAKU,GAUhD,GARAV,EAAMqC,GAAMC,QAAQtC,EAAKU,GACpBpmC,KAAKwnC,QAGRxnC,KAAKwnC,QAAUxnC,KAAKwnC,QAAQ5gC,OAAO8+B,GAFnC1lC,KAAKwnC,QAAU9B,EAGjB1lC,KAAKynC,cAAgB/B,EAAItkC,OAGrBpB,KAAKwnC,QAAQpmC,QAAUpB,KAAK4nC,QAAS,CAIvC,IAAI75B,GAHJ23B,EAAM1lC,KAAKwnC,SAGCpmC,OAASpB,KAAK4nC,QAC1B5nC,KAAKwnC,QAAU9B,EAAIhkC,MAAMgkC,EAAItkC,OAAS2M,EAAG23B,EAAItkC,QACjB,IAAxBpB,KAAKwnC,QAAQpmC,SACfpB,KAAKwnC,QAAU,MAEjB9B,EAAMqC,GAAME,OAAOvC,EAAK,EAAGA,EAAItkC,OAAS2M,EAAG/N,KAAKqQ,QAChD,IAAK,IAAIlN,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAKnD,KAAK6nC,SACxC7nC,KAAKkoC,QAAQxC,EAAKviC,EAAGA,EAAInD,KAAK6nC,UAGlC,OAAO7nC,IACT,EAEAunC,GAAUvmC,UAAUmnC,OAAS,SAAgB/B,GAI3C,OAHApmC,KAAK8nC,OAAO9nC,KAAKooC,QACjB5C,GAAwB,OAAjBxlC,KAAKwnC,SAELxnC,KAAKqoC,QAAQjC,EACtB,EAEAmB,GAAUvmC,UAAUonC,KAAO,WACzB,IAAIj4B,EAAMnQ,KAAKynC,aACXngC,EAAQtH,KAAK4nC,QACbvrB,EAAI/U,GAAU6I,EAAMnQ,KAAK80B,WAAaxtB,EACtCiI,EAAU1P,MAAMwc,EAAIrc,KAAK80B,WAC7BvlB,EAAI,GAAK,IACT,IAAK,IAAIpM,EAAI,EAAGA,EAAIkZ,EAAGlZ,IACrBoM,EAAIpM,GAAK,EAIX,GADAgN,IAAQ,EACY,QAAhBnQ,KAAKqQ,OAAkB,CACzB,IAAK,IAAIgO,EAAI,EAAGA,EAAIre,KAAK80B,UAAWzW,IAClC9O,EAAIpM,KAAO,EAEboM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,EAAK,IACzBZ,EAAIpM,KAAa,IAANgN,OAWX,IATAZ,EAAIpM,KAAa,IAANgN,EACXZ,EAAIpM,KAAQgN,IAAQ,EAAK,IACzBZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EAENkb,EAAI,EAAGA,EAAIre,KAAK80B,UAAWzW,IAC9B9O,EAAIpM,KAAO,EAGf,OAAOoM,CACT,wBCxFI+4B,GAASP,GAAMO,OAUnB,OARA,SAAcrqB,EAAG/Q,EAAGoB,EAAGi6B,GACrB,OAAU,IAANtqB,EACKuqB,GAAKt7B,EAAGoB,EAAGi6B,GACV,IAANtqB,GAAiB,IAANA,EACNwqB,GAAIv7B,EAAGoB,EAAGi6B,GACT,IAANtqB,EACKyqB,GAAMx7B,EAAGoB,EAAGi6B,QADrB,CAEF,EAGA,SAASC,GAAKt7B,EAAGoB,EAAGi6B,GAClB,OAAQr7B,EAAIoB,GAAQpB,EAAKq7B,CAC3B,CAGA,SAASG,GAAMx7B,EAAGoB,EAAGi6B,GACnB,OAAQr7B,EAAIoB,EAAMpB,EAAIq7B,EAAMj6B,EAAIi6B,CAClC,CAGA,SAASE,GAAIv7B,EAAGoB,EAAGi6B,GACjB,OAAOr7B,EAAIoB,EAAIi6B,CACjB,CAqBA,qBA9BeC,SAKCE,OAKFD,UAEd,SAAgBv7B,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAOA,IAAM,CAC/C,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,IAAOA,IAAM,EAChD,GCxCIy7B,GAAQZ,GAAMY,MACdC,GAAUb,GAAMa,QAChBC,GAAUd,GAAMc,QAChBL,GAAOM,GAAUN,KACjBE,GAAQI,GAAUJ,MAClBK,GAASD,GAAUC,OACnBC,GAASF,GAAUE,OACnBC,GAASH,GAAUG,OACnBC,GAASJ,GAAUI,OAEnB3B,GAAY4B,GAAO5B,UAEnB6B,GAAW,CACb,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,YAGtC,SAASC,KACP,KAAMrpC,gBAAgBqpC,IACpB,OAAO,IAAIA,GAEb9B,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,YAEtCvc,KAAKqc,EAAI+sB,GACTppC,KAAKspC,EAAQzpC,MAAM,GACrB,CACAkoC,GAAM5B,SAASkD,GAAQ9B,IACvB,OAAiB8B,GC9CjB,SAASE,KACP,KAAMvpC,gBAAgBupC,IACpB,OAAO,IAAIA,GAEbF,GAAOvoC,KAAKd,MACZA,KAAKuc,EAAI,CACP,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACxC,CDwCA8sB,GAAOhW,UAAY,IACnBgW,GAAO3B,QAAU,IACjB2B,GAAO1B,aAAe,IACtB0B,GAAOvU,UAAY,GAEnBuU,GAAOroC,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAG/C,IAFA,IAAIslC,EAAItpC,KAAKspC,EAEJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GACrB,KAAOA,EAAImmC,EAAEloC,OAAQ+B,IACnBmmC,EAAEnmC,GAAKylC,GAAQM,GAAOI,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,GAAI8lC,GAAOK,EAAEnmC,EAAI,KAAMmmC,EAAEnmC,EAAI,KAEtE,IAAIsL,EAAIzO,KAAKuc,EAAE,GACXlO,EAAIrO,KAAKuc,EAAE,GACXC,EAAIxc,KAAKuc,EAAE,GACXuM,EAAI9oB,KAAKuc,EAAE,GACX9X,EAAIzE,KAAKuc,EAAE,GACXwoB,EAAI/kC,KAAKuc,EAAE,GACXyoB,EAAIhlC,KAAKuc,EAAE,GACXA,EAAIvc,KAAKuc,EAAE,GAGf,IADAipB,GAAOxlC,KAAKqc,EAAEjb,SAAWkoC,EAAEloC,QACtB+B,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,IAAK,CAC7B,IAAIqmC,EAAKX,GAAQtsB,EAAGysB,GAAOvkC,GAAI+jC,GAAK/jC,EAAGsgC,EAAGC,GAAIhlC,KAAKqc,EAAElZ,GAAImmC,EAAEnmC,IACvDsmC,EAAKd,GAAMI,GAAOt6B,GAAIi6B,GAAMj6B,EAAGJ,EAAGmO,IACtCD,EAAIyoB,EACJA,EAAID,EACJA,EAAItgC,EACJA,EAAIkkC,GAAM7f,EAAG0gB,GACb1gB,EAAItM,EACJA,EAAInO,EACJA,EAAII,EACJA,EAAIk6B,GAAMa,EAAIC,GAGhBzpC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9N,GAC7BzO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIlO,GAC7BrO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIC,GAC7Bxc,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIuM,GAC7B9oB,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9X,GAC7BzE,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIwoB,GAC7B/kC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIyoB,GAC7BhlC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIA,EAC/B,EAEA8sB,GAAOroC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,EC1FAwrB,GAAM5B,SAASoD,GAAQF,IACvB,OAAiBE,GAEjBA,GAAOlW,UAAY,IACnBkW,GAAO7B,QAAU,IACjB6B,GAAO5B,aAAe,IACtB4B,GAAOzU,UAAY,GAEnByU,GAAOvoC,UAAUqnC,QAAU,SAAgBjC,GAEzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAE7a,MAAM,EAAG,GAAI,OAElCqmC,GAAM4B,QAAQ3pC,KAAKuc,EAAE7a,MAAM,EAAG,GAAI,MAC7C,ECtBA,IAAIkoC,GAAY7B,GAAM6B,UAClBC,GAAY9B,GAAM8B,UAClBC,GAAW/B,GAAM+B,SACjBC,GAAWhC,GAAMgC,SACjBC,GAAQjC,GAAMiC,MACdC,GAAWlC,GAAMkC,SACjBC,GAAWnC,GAAMmC,SACjBC,GAAapC,GAAMoC,WACnBC,GAAarC,GAAMqC,WACnBC,GAAatC,GAAMsC,WACnBC,GAAavC,GAAMuC,WAEnB/C,GAAY4B,GAAO5B,UAEnBgD,GAAW,CACb,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,KACP,KAAMxqC,gBAAgBwqC,IACpB,OAAO,IAAIA,GAEbjD,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACdvc,KAAKqc,EAAIkuB,GACTvqC,KAAKspC,EAAQzpC,MAAM,IACrB,CACAkoC,GAAM5B,SAASqE,GAAQjD,IACvB,OAAiBiD,GAsIjB,SAASC,GAAQC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/B,IAAI/8B,EAAK28B,EAAKE,GAASF,EAAMI,EAG7B,OAFI/8B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASg9B,GAAQL,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACnC,IAAIj9B,EAAK48B,EAAKE,GAASF,EAAMK,EAG7B,OAFIj9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASk9B,GAASP,EAAIC,EAAIC,EAAIC,EAAIC,GAChC,IAAI/8B,EAAK28B,EAAKE,EAAOF,EAAKI,EAAOF,EAAKE,EAGtC,OAFI/8B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASm9B,GAASR,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACpC,IAAIj9B,EAAK48B,EAAKE,EAAOF,EAAKK,EAAOH,EAAKG,EAGtC,OAFIj9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASo9B,GAAUT,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAClBd,GAAUe,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASq9B,GAAUV,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAClBb,GAAUc,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASs9B,GAAUX,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASu9B,GAAUZ,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASw9B,GAAUb,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,GAClBf,GAAUc,EAAIC,EAAI,GAClBb,GAASY,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASy9B,GAAUd,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,GAClBd,GAAUa,EAAIC,EAAI,GAClBZ,GAASW,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS09B,GAAUf,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,IAClBZ,GAASY,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS29B,GAAUhB,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,IAClBX,GAASW,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CCnUA,SAAS49B,KACP,KAAM3rC,gBAAgB2rC,IACpB,OAAO,IAAIA,GAEbnB,GAAO1pC,KAAKd,MACZA,KAAKuc,EAAI,CACP,WAAY,WACZ,WAAY,UACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WAChB,CD+DAiuB,GAAOnX,UAAY,KACnBmX,GAAO9C,QAAU,IACjB8C,GAAO7C,aAAe,IACtB6C,GAAO1V,UAAY,IAEnB0V,GAAOxpC,UAAU4qC,cAAgB,SAAuBlG,EAAK1hC,GAI3D,IAHA,IAAIslC,EAAItpC,KAAKspC,EAGJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GACrB,KAAOA,EAAImmC,EAAEloC,OAAQ+B,GAAK,EAAG,CAC3B,IAAI0oC,EAAQJ,GAAUnC,EAAEnmC,EAAI,GAAImmC,EAAEnmC,EAAI,IAClC2oC,EAAQJ,GAAUpC,EAAEnmC,EAAI,GAAImmC,EAAEnmC,EAAI,IAClC4oC,EAAQzC,EAAEnmC,EAAI,IACd6oC,EAAQ1C,EAAEnmC,EAAI,IACd8oC,EAAQV,GAAUjC,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,KACnC+oC,EAAQV,GAAUlC,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,KACnCgpC,EAAQ7C,EAAEnmC,EAAI,IACdipC,EAAQ9C,EAAEnmC,EAAI,IAElBmmC,EAAEnmC,GAAKgnC,GACL0B,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GACT9C,EAAEnmC,EAAI,GAAKinC,GACTyB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GAEb,EAEA5B,GAAOxpC,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAC/ChE,KAAK4rC,cAAclG,EAAK1hC,GAExB,IAAIslC,EAAItpC,KAAKspC,EAET3C,EAAK3mC,KAAKuc,EAAE,GACZqqB,EAAK5mC,KAAKuc,EAAE,GACZsqB,EAAK7mC,KAAKuc,EAAE,GACZuqB,EAAK9mC,KAAKuc,EAAE,GACZwqB,EAAK/mC,KAAKuc,EAAE,GACZyqB,EAAKhnC,KAAKuc,EAAE,GACZ0qB,EAAKjnC,KAAKuc,EAAE,GACZ2qB,EAAKlnC,KAAKuc,EAAE,GACZ6qB,EAAKpnC,KAAKuc,EAAE,GACZ8qB,EAAKrnC,KAAKuc,EAAE,GACZ8vB,EAAKrsC,KAAKuc,EAAE,IACZ+vB,EAAKtsC,KAAKuc,EAAE,IACZgwB,EAAKvsC,KAAKuc,EAAE,IACZiwB,EAAKxsC,KAAKuc,EAAE,IACZkwB,EAAKzsC,KAAKuc,EAAE,IACZmwB,EAAK1sC,KAAKuc,EAAE,IAEhBipB,GAAOxlC,KAAKqc,EAAEjb,SAAWkoC,EAAEloC,QAC3B,IAAK,IAAI+B,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,GAAK,EAAG,CACpC,IAAI0oC,EAAQY,EACRX,EAAQY,EACRX,EAAQV,GAAUjE,EAAIC,GACtB2E,EAAQV,GAAUlE,EAAIC,GACtB4E,EAAQxB,GAAQrD,EAAIC,EAAIgF,EAAIC,EAAIC,GAChCL,EAAQnB,GAAQ3D,EAAIC,EAAIgF,EAAIC,EAAIC,EAAIC,GACpCL,EAAQnsC,KAAKqc,EAAElZ,GACfipC,EAAQpsC,KAAKqc,EAAElZ,EAAI,GACnBwpC,EAAQrD,EAAEnmC,GACVypC,EAAQtD,EAAEnmC,EAAI,GAEd0pC,EAAQxC,GACVwB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GACLE,EAAQxC,GACVuB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GAETf,EAAQV,GAAUxE,EAAIC,GACtBkF,EAAQV,GAAUzE,EAAIC,GACtBmF,EAAQd,GAAStE,EAAIC,EAAIC,EAAIC,EAAIC,GACjCiF,EAAQd,GAASvE,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAErC,IAAI+F,EAAQ9C,GAAS4B,EAAOC,EAAOC,EAAOC,GACtCgB,EAAQ9C,GAAS2B,EAAOC,EAAOC,EAAOC,GAE1CS,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKjF,EACLkF,EAAKjF,EAELD,EAAK6C,GAAShD,EAAIC,EAAI2F,EAAOC,GAC7BzF,EAAK6C,GAAShD,EAAIA,EAAI2F,EAAOC,GAE7B7F,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKsD,GAAS4C,EAAOC,EAAOC,EAAOC,GACnCpG,EAAKsD,GAAS2C,EAAOC,EAAOC,EAAOC,GAGrChD,GAAMhqC,KAAKuc,EAAG,EAAGoqB,EAAIC,GACrBoD,GAAMhqC,KAAKuc,EAAG,EAAGsqB,EAAIC,GACrBkD,GAAMhqC,KAAKuc,EAAG,EAAGwqB,EAAIC,GACrBgD,GAAMhqC,KAAKuc,EAAG,EAAG0qB,EAAIC,GACrB8C,GAAMhqC,KAAKuc,EAAG,EAAG6qB,EAAIC,GACrB2C,GAAMhqC,KAAKuc,EAAG,GAAI8vB,EAAIC,GACtBtC,GAAMhqC,KAAKuc,EAAG,GAAIgwB,EAAIC,GACtBxC,GAAMhqC,KAAKuc,EAAG,GAAIkwB,EAAIC,EACxB,EAEAlC,GAAOxpC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,EChMAwrB,GAAM5B,SAASwF,GAAQnB,IACvB,OAAiBmB,GAEjBA,GAAOtY,UAAY,KACnBsY,GAAOjE,QAAU,IACjBiE,GAAOhE,aAAe,IACtBgE,GAAO7W,UAAY,IAEnB6W,GAAO3qC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAE7a,MAAM,EAAG,IAAK,OAEnCqmC,GAAM4B,QAAQ3pC,KAAKuc,EAAE7a,MAAM,EAAG,IAAK,MAC9C,EC7BA,IAAIurC,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACduE,GAAUnF,GAAMmF,QAChBtE,GAAUb,GAAMa,QAChBrB,GAAY4B,GAAO5B,UAEvB,SAAS4F,KACP,KAAMntC,gBAAgBmtC,IACpB,OAAO,IAAIA,GAEb5F,GAAUzmC,KAAKd,MAEfA,KAAKuc,EAAI,CAAE,WAAY,WAAY,WAAY,UAAY,YAC3Dvc,KAAKqQ,OAAS,QAChB,CACA03B,GAAM5B,SAASgH,GAAW5F,IAC1B,OAAoB4F,GAuDpB,SAASpI,GAAEhoB,EAAG7P,EAAGoB,EAAGi6B,GAClB,OAAIxrB,GAAK,GACA7P,EAAIoB,EAAIi6B,EACRxrB,GAAK,GACJ7P,EAAIoB,GAAQpB,EAAKq7B,EAClBxrB,GAAK,IACJ7P,GAAMoB,GAAMi6B,EACbxrB,GAAK,GACJ7P,EAAIq7B,EAAMj6B,GAAMi6B,EAEjBr7B,GAAKoB,GAAMi6B,EACtB,CAEA,SAAS6E,GAAErwB,GACT,OAAIA,GAAK,GACA,EACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,UACX,CAEA,SAASswB,GAAGtwB,GACV,OAAIA,GAAK,GACA,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,CACX,CA1FAowB,GAAU9Z,UAAY,IACtB8Z,GAAUzF,QAAU,IACpByF,GAAUxF,aAAe,IACzBwF,GAAUrY,UAAY,GAEtBqY,GAAUnsC,UAAUknC,QAAU,SAAgBxC,EAAK1hC,GAWjD,IAVA,IAAIspC,EAAIttC,KAAKuc,EAAE,GACXgxB,EAAIvtC,KAAKuc,EAAE,GACX2W,EAAIlzB,KAAKuc,EAAE,GACXixB,EAAIxtC,KAAKuc,EAAE,GACXkxB,EAAIztC,KAAKuc,EAAE,GACXmxB,EAAKJ,EACLK,EAAKJ,EACLK,EAAK1a,EACL2a,EAAKL,EACLM,EAAKL,EACA1wB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAC3B,IAAIgxB,EAAIpF,GACNsE,GACErE,GAAQ0E,EAAGvI,GAAEhoB,EAAGwwB,EAAGra,EAAGsa,GAAI9H,EAAI33B,GAAEgP,GAAK/Y,GAAQopC,GAAErwB,IAC/CkB,GAAElB,IACJ0wB,GACFH,EAAIG,EACJA,EAAID,EACJA,EAAIP,GAAO/Z,EAAG,IACdA,EAAIqa,EACJA,EAAIQ,EACJA,EAAIpF,GACFsE,GACErE,GAAQ8E,EAAI3I,GAAE,GAAKhoB,EAAG4wB,EAAIC,EAAIC,GAAKnI,EAAIsI,GAAGjxB,GAAK/Y,GAAQqpC,GAAGtwB,IAC1DkxB,GAAGlxB,IACL+wB,GACFJ,EAAKI,EACLA,EAAKD,EACLA,EAAKZ,GAAOW,EAAI,IAChBA,EAAKD,EACLA,EAAKI,EAEPA,EAAIb,GAAQltC,KAAKuc,EAAE,GAAI2W,EAAG2a,GAC1B7tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIixB,EAAGM,GAClC9tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIkxB,EAAGC,GAClC1tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAI+wB,EAAGK,GAClC3tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIgxB,EAAGK,GAClC5tC,KAAKuc,EAAE,GAAKwxB,CACd,EAEAZ,GAAUnsC,UAAUqnC,QAAU,SAAgBjC,GAC5C,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,UAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,SACjC,EAyCA,IAAIxO,GAAI,CACN,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,IAGhDigC,GAAK,CACP,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAClD,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAClD,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,IAGhD/vB,GAAI,CACN,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EACrD,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GACpD,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GACpD,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,GAGnDgwB,GAAK,CACP,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EACrD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GACpD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,EACrD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EACrD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,sBC1HtD,SAASC,GAAShhC,EAAGmP,GACnB,IAAI5N,EAAIvB,EAAE,GACNmB,EAAInB,EAAE,GACNsP,EAAItP,EAAE,GACN4b,EAAI5b,EAAE,GAEVuB,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,YAC5ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,OAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,YAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,GAAI,YAE9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,EAAG,UAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,WAC/BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,WAC5ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,GAAI,YAC9BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,GAAI,YAC7B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,GAAI,YAC9ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,UAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,YAC7BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAE/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,QAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,YAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,UAC/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,YAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,WAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,GAAI,UAC7B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,WAC/BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAE9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,YAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,SAC/BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,YAC5ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,GAAI,YAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,YAC/BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAE9BnP,EAAE,GAAKmhC,GAAM5/B,EAAGvB,EAAE,IAClBA,EAAE,GAAKmhC,GAAMhgC,EAAGnB,EAAE,IAClBA,EAAE,GAAKmhC,GAAM7xB,EAAGtP,EAAE,IAClBA,EAAE,GAAKmhC,GAAMvlB,EAAG5b,EAAE,GACpB,CAEA,SAASohC,GAAI5/B,EAAGD,EAAGJ,EAAGnB,EAAG+Q,EAAGI,GAE1B,OADA5P,EAAI4/B,GAAMA,GAAM5/B,EAAGC,GAAI2/B,GAAMnhC,EAAGmR,IACzBgwB,GAAO5/B,GAAKwP,EAAMxP,IAAO,GAAKwP,EAAK5P,EAC5C,CAEA,SAAS8/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAKjgC,EAAImO,GAAQnO,EAAKya,EAAIra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAAS+vB,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAKjgC,EAAIya,EAAMtM,GAAMsM,EAAKra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAASouB,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAIjgC,EAAImO,EAAIsM,EAAGra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACpC,CAEA,SAASsd,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAI9xB,GAAKnO,GAAMya,GAAKra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACzC,CAyCA,SAASkwB,GAAOtwB,GACd,MAAMuwB,EAAU,GAChB,IAAIrrC,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBqrC,EAAQrrC,GAAK,GAAK8a,EAAErB,WAAWzZ,IAAM8a,EAAErB,WAAWzZ,EAAI,IAAM,IAAM8a,EAAErB,WAAWzZ,EAAI,IAAM,KAAO8a,EAAErB,WAAWzZ,EAAI,IAC/G,IAEJ,OAAOqrC,CACT,CAEA,MAAMC,GAAU,mBAAmBruB,MAAM,IAEzC,SAASsuB,GAAKliC,GACZ,IAAIyR,EAAI,GACJlB,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZkB,GAAKwwB,GAASjiC,GAAU,EAAJuQ,EAAQ,EAAM,IAAQ0xB,GAASjiC,GAAU,EAAJuQ,EAAU,IAErE,OAAOkB,CACT,CAeA,SAASowB,GAAM5/B,EAAGJ,GAChB,OAAQI,EAAIJ,EAAK,UACnB,CClLA,MAAMsgC,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClB4vB,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAAS30B,GAChB,GAAKw0B,IAAeC,GAAiBhtB,SAASzH,GAG9C,OAAOjZ,eAAgB+I,GACrB,MAAM8kC,EAASJ,GAAWK,WAAW70B,GACrC,OAAOuC,EAAiBzS,GAAM7I,IAC5B2tC,EAAOlH,OAAOzmC,EAAM,IACnB,IAAM,IAAI0B,WAAWisC,EAAO7G,YAEnC,CAEA,SAAS+G,GAAW96B,EAAM+6B,GACxB,OAAOhuC,eAAe+I,EAAM4a,EAASsB,IAInC,GAHIgB,EAAqBld,KACvBA,QAAa8c,GAAiB9c,KAE3BsQ,GAAK9X,SAASwH,IAASykC,IAAaQ,GAAiBjlC,EAAK9I,QAAU0jB,EAAOpB,qBAC9E,OAAO,IAAI3gB,iBAAiB4rC,GAAUxG,OAAOgH,EAAejlC,IAE9D,MAAMklC,EAAeh7B,IACrB,OAAOuI,EAAiBzS,GAAM7I,IAC5B+tC,EAAatH,OAAOzmC,EAAM,IACzB,IAAM,IAAI0B,WAAWqsC,EAAajH,YAEzC,CAEA,SAASkH,GAAcj7B,EAAM+6B,GAC3B,OAAOhuC,eAAe+I,EAAM4a,EAASsB,IAInC,GAHIgB,EAAqBld,KACvBA,QAAa8c,GAAiB9c,IAE5BsQ,GAAK9X,SAASwH,GAAO,CACvB,MAAMklC,EAAe,IAAIh7B,EACzB,OAAOuI,EAAiBzS,GAAM7I,IAC5B+tC,EAAa/sC,QAAQhB,EAAM,IAC1B,IAAM+tC,EAAaplC,SAASvI,SAC1B,OAAIktC,IAAaQ,GAAiBjlC,EAAK9I,QAAU0jB,EAAOpB,qBACtD,IAAI3gB,iBAAiB4rC,GAAUxG,OAAOgH,EAAejlC,IAErDkK,EAAK9M,MAAM4C,GAGxB,CAEA,MAAMolC,GAAgB,CACpBj7B,IAAK06B,GAAS,QDrDhB5tC,eAAmBouC,GACjB,MAAMpH,EAyGR,SAAclqB,GACZ,MAAMzR,EAAIyR,EAAE7c,OACNouC,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIrsC,EACJ,IAAKA,EAAI,GAAIA,GAAK8a,EAAE7c,OAAQ+B,GAAK,GAC/B+qC,GAASsB,EAAOjB,GAAOtwB,EAAEwxB,UAAUtsC,EAAI,GAAIA,KAE7C8a,EAAIA,EAAEwxB,UAAUtsC,EAAI,IACpB,MAAMusC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKvsC,EAAI,EAAGA,EAAI8a,EAAE7c,OAAQ+B,IACxBusC,EAAKvsC,GAAK,IAAM8a,EAAErB,WAAWzZ,KAAQA,EAAI,GAAM,GAGjD,GADAusC,EAAKvsC,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADA+qC,GAASsB,EAAOE,GACXvsC,EAAI,EAAGA,EAAI,GAAIA,IAClBusC,EAAKvsC,GAAK,EAKd,OAFAusC,EAAK,IAAU,EAAJljC,EACX0hC,GAASsB,EAAOE,GACTF,CACT,CA/HiBG,CAAKn1B,GAAKqC,mBAAmB0yB,IAC5C,OAAO/0B,GAAK4B,gBAoKd,SAAalP,GACX,IAAK,IAAI/J,EAAI,EAAGA,EAAI+J,EAAE9L,OAAQ+B,IAC5B+J,EAAE/J,GAAKurC,GAAKxhC,EAAE/J,IAEhB,OAAO+J,EAAE1L,KAAK,GAChB,CAzK8BiL,CAAI07B,GAClC,ECmDE7zB,KAAMy6B,GAAS,SAAWM,GAAcpL,GAAM,SAC9CtvB,OAAQo6B,GAAS,WAAaG,GAAWv6B,IACzCH,OAAQu6B,GAAS,WAAaM,GAAchL,GAAQ,WACpD5vB,OAAQs6B,GAAS,WAAaG,GAAWz6B,GAAQ,WACjDC,OAAQq6B,GAAS,WAAaG,GAAWx6B,GAAQ,WACjDH,OAAQw6B,GAAS,cAAgBG,GAAWU,KAG9C,OAAe,CAGbv7B,IAAKi7B,GAAcj7B,IAEnBC,KAAMg7B,GAAch7B,KAEpBK,OAAQ26B,GAAc36B,OAEtBH,OAAQ86B,GAAc96B,OAEtBC,OAAQ66B,GAAc76B,OAEtBC,OAAQ46B,GAAc56B,OAEtBH,OAAQ+6B,GAAc/6B,OAQtB4zB,OAAQ,SAAS0H,EAAM3lC,GACrB,OAAQ2lC,GACN,KAAKzuB,GAAMhN,KAAKC,IACd,OAAOrU,KAAKqU,IAAInK,GAClB,KAAKkX,GAAMhN,KAAKE,KACd,OAAOtU,KAAKsU,KAAKpK,GACnB,KAAKkX,GAAMhN,KAAKG,OACd,OAAOvU,KAAKuU,OAAOrK,GACrB,KAAKkX,GAAMhN,KAAKI,OACd,OAAOxU,KAAKwU,OAAOtK,GACrB,KAAKkX,GAAMhN,KAAKK,OACd,OAAOzU,KAAKyU,OAAOvK,GACrB,KAAKkX,GAAMhN,KAAKM,OACd,OAAO1U,KAAK0U,OAAOxK,GACrB,KAAKkX,GAAMhN,KAAKO,OACd,OAAO3U,KAAK2U,OAAOzK,GACrB,QACE,MAAU9G,MAAM,4BAStB0sC,kBAAmB,SAASD,GAC1B,OAAQA,GACN,KAAKzuB,GAAMhN,KAAKC,IACd,OAAO,GACT,KAAK+M,GAAMhN,KAAKE,KAChB,KAAK8M,GAAMhN,KAAKG,OACd,OAAO,GACT,KAAK6M,GAAMhN,KAAKI,OACd,OAAO,GACT,KAAK4M,GAAMhN,KAAKK,OACd,OAAO,GACT,KAAK2M,GAAMhN,KAAKM,OACd,OAAO,GACT,KAAK0M,GAAMhN,KAAKO,OACd,OAAO,GACT,QACE,MAAUvR,MAAM,8BC9IjB,MAAM2sC,GACT/nB,eAAe9d,EAAM8M,EAAKua,GACtB,OAAO,IAAIwe,GAAQ/4B,EAAKua,GAAIwB,QAAQ7oB,GAExC8d,eAAe9d,EAAM8M,EAAKua,GACtB,OAAO,IAAIwe,GAAQ/4B,EAAKua,GAAIyB,QAAQ9oB,GAExCpK,YAAYkX,EAAKua,EAAI0B,GACjBjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,EAAKua,GAAI,EAAM,cACvCvxB,KAAKizB,IAAIzB,QAEpBuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCXb,SAASqd,GAAUH,GAChC,MAAMI,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,OAAO3hB,GAAO+hB,EAChB,CCkBA,MAAMtB,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAElBixB,GAAatB,GAAaA,GAAWuB,aAAe,GACpDC,GAAY,CAChB78B,KAAM28B,GAAWruB,SAAS,YAAc,gBAAa5gB,EACrDuS,UAAW08B,GAAWruB,SAAS,gBAAkB,oBAAiB5gB,EAClEwS,MAAOy8B,GAAWruB,SAAS,aAAe,iBAAc5gB,EACxDyS,SAAUw8B,GAAWruB,SAAS,UAAY,cAAW5gB,EACrD0S,OAAQu8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,EAC7D2S,OAAQs8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,EAC7D4S,OAAQq8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,6DAaxDE,eAAuB0uC,EAAM74B,EAAK1D,EAAWie,EAAIzM,GACtD,MAAMmrB,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,GAAIr1B,GAAKyE,iBAAmBmxB,GAAUH,GACpC,OAiHJ,SAAqBJ,EAAM74B,EAAKq5B,EAAI9e,GAClC,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GACvCS,EAAY,IAAI1B,GAAW2B,eAAeH,GAAUH,GAAWj5B,EAAKua,GAC1E,OAAO5U,EAAiB0zB,GAAIhvC,GAAS,IAAI0B,WAAWutC,EAAUxI,OAAOzmC,KACvE,CArHWmvC,CAAYX,EAAM74B,EAAK1D,EAAWie,GAE3C,GAAI/W,GAAK0G,MAAM2uB,GACb,OAwEJ,SAAoBA,EAAM74B,EAAKq5B,EAAI9e,EAAIzM,GACrC,GACEtK,GAAKoE,gBACU,KAAf5H,EAAI5V,SACHoZ,GAAK9X,SAAS2tC,IACfA,EAAGjvC,QAAU,IAAO0jB,EAAOpB,qBAE3B,OAqBJviB,eAA0B0uC,EAAM74B,EAAKq5B,EAAI9e,GACvC,MAAMkf,EAAO,UACPC,QAAa/B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAMmlC,IAAQ,EAAO,CAAC,aACrEpd,UAAEA,GAAc2c,GAAUH,GAC1Be,EAASp2B,GAAKxX,iBAAiB,CAAC,IAAID,WAAWswB,GAAYgd,IAC3DQ,EAAK,IAAI9tC,iBAAiB4rC,GAAU5b,QAAQ,CAAEznB,KAAMmlC,EAAMlf,MAAMmf,EAAME,IAASvkC,SAAS,EAAGgkC,EAAGjvC,QAEpG,OAbF,SAAgBqN,EAAGJ,GACjB,IAAK,IAAIlL,EAAI,EAAGA,EAAIsL,EAAErN,OAAQ+B,IAC5BsL,EAAEtL,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAEpB,CAQE2tC,CAAOD,EAAIR,GACJQ,CACT,CA7BWE,CAAWlB,EAAM74B,EAAKq5B,EAAI9e,GAGnC,MAAMyf,EAAM,IAAIjB,GAAQ/4B,EAAKua,GAC7B,OAAO5U,EAAiB0zB,GAAIhvC,GAAS2vC,EAAI/d,IAAIhB,oBAAoB5wB,KAAQ,IAAM2vC,EAAI/d,IAAIZ,sBACzF,CApFW4e,CAAWpB,EAAM74B,EAAK1D,EAAWie,EAAIzM,GAG9C,MACMosB,EAAW,IADFlB,GAAUH,GACR,CAAW74B,GACtBm6B,EAAaD,EAAS7d,UAEtB+d,EAAS7f,EAAG7vB,QAClB,IAAI2uC,EAAK,IAAIttC,WACb,MAAMV,EAAUN,IACVA,IACFsuC,EAAK71B,GAAKxX,iBAAiB,CAACqtC,EAAItuC,KAElC,MAAMsvC,EAAa,IAAItuC,WAAWstC,EAAGjvC,QACrC,IAAI+B,EACA4Z,EAAI,EACR,KAAOhb,EAAQsuC,EAAGjvC,QAAU+vC,EAAad,EAAGjvC,QAAQ,CAClD,MAAMkwC,EAAWJ,EAASne,QAAQqe,GAClC,IAAKjuC,EAAI,EAAGA,EAAIguC,EAAYhuC,IAC1BiuC,EAAOjuC,GAAKktC,EAAGltC,GAAKmuC,EAASnuC,GAC7BkuC,EAAWt0B,KAAOq0B,EAAOjuC,GAE3BktC,EAAKA,EAAGhkC,SAAS8kC,GAEnB,OAAOE,EAAWhlC,SAAS,EAAG0Q,EAAE,EAElC,OAAOJ,EAAiBrJ,EAAWjR,EAASA,EAC9C,UAUOlB,eAAuB0uC,EAAM74B,EAAKq6B,EAAY9f,GACnD,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,GAAIr1B,GAAKyE,iBAAmBmxB,GAAUH,GACpC,OA4EJ,SAAqBJ,EAAM74B,EAAK65B,EAAItf,GAClC,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GACvC0B,EAAc,IAAI3C,GAAW4C,iBAAiBpB,GAAUH,GAAWj5B,EAAKua,GAC9E,OAAO5U,EAAiBk0B,GAAIxvC,GAAS,IAAI0B,WAAWwuC,EAAYzJ,OAAOzmC,KACzE,CAhFWowC,CAAY5B,EAAM74B,EAAKq6B,EAAY9f,GAE5C,GAAI/W,GAAK0G,MAAM2uB,GACb,OA2CJ,SAAoBA,EAAM74B,EAAK65B,EAAItf,GACjC,GAAI/W,GAAK9X,SAASmuC,GAAK,CACrB,MAAMG,EAAM,IAAIjB,GAAQ/4B,EAAKua,GAC7B,OAAO5U,EAAiBk0B,GAAIxvC,GAAS2vC,EAAI/d,IAAIP,oBAAoBrxB,KAAQ,IAAM2vC,EAAI/d,IAAIN,uBAEzF,OAAOod,GAAQ/c,QAAQ6d,EAAI75B,EAAKua,EAClC,CAjDWmgB,CAAW7B,EAAM74B,EAAKq6B,EAAY9f,GAG3C,MACM2f,EAAW,IADFlB,GAAUH,GACR,CAAW74B,GACtBm6B,EAAaD,EAAS7d,UAE5B,IAAIse,EAASpgB,EACTsf,EAAK,IAAI9tC,WACb,MAAMV,EAAUN,IACVA,IACF8uC,EAAKr2B,GAAKxX,iBAAiB,CAAC6tC,EAAI9uC,KAElC,MAAMuR,EAAY,IAAIvQ,WAAW8tC,EAAGzvC,QACpC,IAAI+B,EACA4Z,EAAI,EACR,KAAOhb,EAAQ8uC,EAAGzvC,QAAU+vC,EAAaN,EAAGzvC,QAAQ,CAClD,MAAMwwC,EAAWV,EAASne,QAAQ4e,GAElC,IADAA,EAASd,EAAGxkC,SAAS,EAAG8kC,GACnBhuC,EAAI,EAAGA,EAAIguC,EAAYhuC,IAC1BmQ,EAAUyJ,KAAO40B,EAAOxuC,GAAKyuC,EAASzuC,GAExC0tC,EAAKA,EAAGxkC,SAAS8kC,GAEnB,OAAO79B,EAAUjH,SAAS,EAAG0Q,EAAE,EAEjC,OAAOJ,EAAiB00B,EAAYhvC,EAASA,EAC/C,IC/HO,MAAMwvC,GACT7pB,eAAe9d,EAAM8M,EAAK86B,GACtB,OAAO,IAAID,GAAQ76B,EAAK86B,GAAO/e,QAAQ7oB,GAE3C8d,eAAe9d,EAAM8M,EAAK86B,GACtB,OAAO,IAAID,GAAQ76B,EAAK86B,GAAO/e,QAAQ7oB,GAE3CpK,YAAYkX,EAAK86B,EAAO7e,GACpBjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,GAAW,EAAO,cAC/CjB,KAAKizB,IAAIzB,QAChBxxB,KAAK+xC,oBAAoBD,GAE7B/e,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxB0f,oBAAoBD,EAAOE,EAAS5sC,GAChC,IAAI+jB,IAAEA,GAAQnpB,KAAKizB,IAAIxB,cACvB,QAAaxwB,IAATmE,EAAoB,CACpB,GAAIA,EAAO,GAAKA,EAAO,GACnB,MAAM,IAAI8rB,GAAqB,wBACnC,IAAI+gB,EAAOnmC,KAAKomC,IAAI,EAAG9sC,GAAQ,EAC/B+jB,EAAIkE,SAAS,EAAG,EAAI4kB,EAAO,WAAe,EAAU,EAAPA,QAG7C7sC,EAAO,GACP+jB,EAAIkE,SAAS,EAAG,EAAG,MAAQ,YAE/B,QAAcpsB,IAAV6wC,EASA,MAAU1uC,MAAM,qBATK,CACrB,IAAI+M,EAAM2hC,EAAM1wC,OAChB,IAAK+O,GAAOA,EAAM,GACd,MAAM,IAAI+gB,GAAqB,sBACnC,IAAIihB,EAAO,IAAI1sB,SAAS,IAAID,YAAY,KACxC,IAAIziB,WAAWovC,EAAK9tC,QAAQb,IAAIsuC,GAChC3oB,EAAI6D,UAAUmlB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,KAK1F,QAAgB9wB,IAAZ+wC,EAAuB,CACvB,GAAIA,EAAU,GAAKA,GAAWlmC,KAAKomC,IAAI,EAAG9sC,GACtC,MAAM,IAAI8rB,GAAqB,yBACnC/H,EAAIuE,YAAY,EAAG,EAAIskB,EAAU,WAAe,EAAa,EAAVA,KCjDxD,MAAMI,GACTpqB,eAAe9d,EAAM8M,EAAKwa,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQp7B,EAAKua,EAAIC,GAASuB,QAAQ7oB,GAEjD8d,eAAe9d,EAAM8M,EAAKwa,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQp7B,EAAKua,EAAIC,GAASwB,QAAQ9oB,GAEjDpK,YAAYkX,EAAKua,EAAIC,GAAU,EAAMyB,GACjCjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,EAAKua,EAAIC,EAAS,OAErDuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCT5B,MAAMgc,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAgBlBozB,GAAc,GAWpB,SAASC,GAAYpoC,EAAMsnB,GACzB,MAAMjhB,EAASrG,EAAK9I,OAASixC,GAC7B,IAAK,IAAIlvC,EAAI,EAAGA,EAAIkvC,GAAalvC,IAC/B+G,EAAK/G,EAAIoN,IAAWihB,EAAQruB,GAE9B,OAAO+G,CACT,CAeA,MAAMqoC,GAAY,IAAIxvC,WAAWsvC,IAElBlxC,eAAeqxC,GAAKx7B,GACjC,MAAMy7B,QAYRtxC,eAAmB6V,GACjB,GAAIwD,GAAKoE,gBAAiC,KAAf5H,EAAI5V,OAE7B,OADA4V,QAAY23B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAM,UAAWlK,OAAqB,EAAb4V,EAAI5V,SAAc,EAAO,CAAC,YAC1FD,eAAekvC,GACpB,MAAMQ,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAM,UAAWimB,GAAIghB,GAAWnxC,OAAsB,EAAdixC,IAAmBr7B,EAAKq5B,GACrG,OAAO,IAAIttC,WAAW8tC,GAAIxkC,SAAS,EAAGwkC,EAAGtsC,WAAa8tC,KAG1D,GAAI73B,GAAKyE,gBACP,OAAO9d,eAAekvC,GACpB,MACMQ,EADK,IAAIjC,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKu7B,IACpEzK,OAAOuI,GACrB,OAAO,IAAIttC,WAAW8tC,IAI1B,OAAO1vC,eAAekvC,GACpB,OAAO+B,GAAQrf,QAAQsd,EAAIr5B,GAAK,EAAOu7B,IAE3C,CA/BoB/iB,CAAIxY,GAGhBwa,EAAUhX,GAAK8D,aAAam0B,EAAIF,KAChCG,EAAWl4B,GAAK8D,OAAOkT,GAE7B,OAAOrwB,eAAe+I,GAEpB,aAAcuoC,EAxBlB,SAAavoC,EAAMsnB,EAASkhB,GAE1B,GAAIxoC,EAAK9I,QAAU8I,EAAK9I,OAASixC,IAAgB,EAE/C,OAAOC,GAAYpoC,EAAMsnB,GAG3B,MAAM7V,EAAS,IAAI5Y,WAAWmH,EAAK9I,QAAUixC,GAAenoC,EAAK9I,OAASixC,KAG1E,OAFA12B,EAAOnY,IAAI0G,GACXyR,EAAOzR,EAAK9I,QAAU,IACfkxC,GAAY32B,EAAQ+2B,EAC7B,CAasB9f,CAAI1oB,EAAMsnB,EAASkhB,KAAYrmC,UAAUgmC,IAE/D,CC3CA,MAAM1D,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBvb,GAAS8W,GAAK2E,gBAGdkzB,GAAc,GACdM,GAAWN,GACXO,GAAYP,GAEZviC,GAAO,IAAI/M,WAAWsvC,IACtBtiC,GAAM,IAAIhN,WAAWsvC,IAActiC,GAAIsiC,GAAc,GAAK,EAChE,MAAMQ,GAAM,IAAI9vC,WAAWsvC,IAE3BlxC,eAAe2xC,GAAK97B,GAClB,MAAM+7B,QAAaP,GAAKx7B,GACxB,OAAO,SAASqH,EAAG1E,GACjB,OAAOo5B,EAAKv4B,GAAKxX,iBAAiB,CAACqb,EAAG1E,KAE1C,CAEAxY,eAAewuB,GAAI3Y,GACjB,OACEwD,GAAKoE,gBACU,KAAf5H,EAAI5V,QAEJ4V,QAAY23B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAM,UAAWlK,OAAqB,EAAb4V,EAAI5V,SAAc,EAAO,CAAC,YAC1FD,eAAekvC,EAAI9e,GACxB,MAAMsf,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAM,UAAW0mC,QAASzgB,EAAInwB,OAAsB,EAAdixC,IAAmBr7B,EAAKq5B,GACnG,OAAO,IAAIttC,WAAW8tC,KAGtBr2B,GAAKyE,gBACA9d,eAAekvC,EAAI9e,GACxB,MAAMyhB,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKua,GAC5Esf,EAAKntC,GAAOkD,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,UAC5C,OAAO,IAAIlwC,WAAW8tC,IAInB1vC,eAAekvC,EAAI9e,GACxB,OAAOsgB,GAAQ9e,QAAQsd,EAAIr5B,EAAKua,GAEpC,CAQApwB,eAAe+xC,GAAIhlB,EAAQlX,GACzB,GAAIkX,IAAW9M,GAAM/N,UAAUM,QAC7Bua,IAAW9M,GAAM/N,UAAUO,QAC3Bsa,IAAW9M,GAAM/N,UAAUQ,OAC3B,MAAUzQ,MAAM,qCAGlB,MACE+vC,EACAC,SACQnzC,QAAQ+H,IAAI,CACpB8qC,GAAK97B,GACL2Y,GAAI3Y,KAGN,MAAO,CAQL+b,QAAS5xB,eAAemS,EAAWw+B,EAAOuB,GACxC,MACEC,EACAC,SACQtzC,QAAQ+H,IAAI,CACpBmrC,EAAKrjC,GAAMgiC,GACXqB,EAAKpjC,GAAKsjC,KAENG,QAAiBJ,EAAI9/B,EAAWggC,GAEhC5yB,QADqByyB,EAAKN,GAAKW,GAErC,IAAK,IAAIrwC,EAAI,EAAGA,EAAIyvC,GAAWzvC,IAC7Bud,EAAIvd,IAAMowC,EAAUpwC,GAAKmwC,EAAUnwC,GAErC,OAAOqX,GAAKxX,iBAAiB,CAACwwC,EAAU9yB,KAU1CsS,QAAS7xB,eAAekwC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAWjwC,OAASwxC,GAAW,MAAUxvC,MAAM,0BACnD,MAAMowC,EAAWnC,EAAWhlC,SAAS,GAAIumC,IACnCa,EAAQpC,EAAWhlC,UAAUumC,KAEjCU,EACAC,EACAG,SACQzzC,QAAQ+H,IAAI,CACpBmrC,EAAKrjC,GAAMgiC,GACXqB,EAAKpjC,GAAKsjC,GACVF,EAAKN,GAAKW,KAEN9yB,EAAMgzB,EACZ,IAAK,IAAIvwC,EAAI,EAAGA,EAAIyvC,GAAWzvC,IAC7Bud,EAAIvd,IAAMowC,EAAUpwC,GAAKmwC,EAAUnwC,GAErC,IAAKqX,GAAKqD,iBAAiB41B,EAAO/yB,GAAM,MAAUtd,MAAM,+BAExD,aADwBgwC,EAAII,EAAUF,IAI5C,CA5GyCT,GAAIR,GAAc,GAAK,EAoHhEa,GAAIS,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAoB,GAAIb,YAAcA,GAClBa,GAAIP,SAAWA,GACfO,GAAIN,UAAYA,GC3IhB,MAAMP,GAAc,GACdM,GAAW,GAMXC,GAAY,GAGlB,SAASiB,GAAIrnC,GACX,IAAIqnC,EAAM,EACV,IAAK,IAAI1wC,EAAI,EAAe,IAAXqJ,EAAIrJ,GAAUA,IAAM,EACnC0wC,IAEF,OAAOA,CACT,CAEA,SAAS/C,GAAOgD,EAAG/F,GACjB,IAAK,IAAI5qC,EAAI,EAAGA,EAAI2wC,EAAE1yC,OAAQ+B,IAC5B2wC,EAAE3wC,IAAM4qC,EAAE5qC,GAEZ,OAAO2wC,CACT,CAEA,SAASC,GAAID,EAAG/F,GACd,OAAO+C,GAAOgD,EAAEpyC,QAASqsC,EAC3B,CAEA,MAAMwE,GAAY,IAAIxvC,WAAWsvC,IAC3BtiC,GAAM,IAAIhN,WAAW,CAAC,IAO5B5B,eAAe6yC,GAAI9lB,EAAQlX,GAEzB,IACIi9B,EACAC,EACAjC,EAHAkC,EAAS,EA2Eb,SAASC,EAAM/pC,EAAIgM,EAAMy7B,EAAOuB,GAI9B,MAAM7lC,EAAI6I,EAAKjV,OAASixC,GAAc,GAxDxC,SAA4Bh8B,EAAMg9B,GAChC,MAAMgB,EAAY75B,GAAK2B,MAAMrQ,KAAKC,IAAIsK,EAAKjV,OAAQiyC,EAAMjyC,QAAUixC,GAAc,GAAK,EACtF,IAAK,IAAIlvC,EAAIgxC,EAAS,EAAGhxC,GAAKkxC,EAAWlxC,IACvC8uC,EAAK9uC,GAAKqX,GAAK8D,OAAO2zB,EAAK9uC,EAAI,IAEjCgxC,EAASE,EAwDTC,CAAmBj+B,EAAMg9B,GAOzB,MAAMkB,EAAc/5B,GAAKxX,iBAAiB,CAACuvC,GAAUlmC,SAAS,EAAGsmC,GAAWb,EAAM1wC,QAAS2O,GAAK+hC,IAE1F0C,EAAwC,GAA/BD,EAAYlC,GAAc,GAEzCkC,EAAYlC,GAAc,IAAM,IAChC,MAAMoC,EAAOR,EAASM,GAEhBG,EAAYl6B,GAAKxX,iBAAiB,CAACyxC,EAAMV,GAAIU,EAAKpoC,SAAS,EAAG,GAAIooC,EAAKpoC,SAAS,EAAG,MAEnFkE,EAASiK,GAAKiE,WAAWi2B,EAAUroC,SAAS,GAAKmoC,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAanoC,SAAS,GAE/G2Z,EAAW,IAAIjjB,WAAWsvC,IAE1BxB,EAAK,IAAI9tC,WAAWsT,EAAKjV,OAASwxC,IAKxC,IAAIzvC,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIqK,EAAGrK,IAEjB2tC,GAAOvgC,EAAQ0hC,EAAK4B,GAAI1wC,EAAI,KAG5B0tC,EAAGrtC,IAAIstC,GAAOzmC,EAAG0pC,GAAIxjC,EAAQ8F,IAAQ9F,GAASlN,GAE9CytC,GAAO9qB,EAAU3b,IAAO4pC,EAAW59B,EAAOw6B,EAAGxkC,SAAShJ,IAEtDgT,EAAOA,EAAKhK,SAASgmC,IACrBhvC,GAAOgvC,GAMT,GAAIh8B,EAAKjV,OAAQ,CAEf0vC,GAAOvgC,EAAQ0hC,EAAK/kC,GAEpB,MAAMskB,EAAUyiB,EAAS1jC,GAEzBsgC,EAAGrtC,IAAIuwC,GAAI19B,EAAMmb,GAAUnuB,GAG3B,MAAMsxC,EAAW,IAAI5xC,WAAWsvC,IAChCsC,EAASnxC,IAAI6G,IAAO4pC,EAAW59B,EAAOw6B,EAAGxkC,SAAShJ,GAAMuvC,IAAY,GACpE+B,EAASt+B,EAAKjV,QAAU,IACxB0vC,GAAO9qB,EAAU2uB,GACjBtxC,GAAOgT,EAAKjV,OAGd,MAAMsf,EAAMowB,GAAOmD,EAASnD,GAAOA,GAAO9qB,EAAUzV,GAAS0hC,EAAK2C,IAhHpE,SAAcvB,GACZ,IAAKA,EAAMjyC,OAET,OAAOmxC,GAMT,MAAM/kC,EAAI6lC,EAAMjyC,OAASixC,GAAc,EAEjC9hC,EAAS,IAAIxN,WAAWsvC,IACxBxhB,EAAM,IAAI9tB,WAAWsvC,IAC3B,IAAK,IAAIlvC,EAAI,EAAGA,EAAIqK,EAAGrK,IACrB2tC,GAAOvgC,EAAQ0hC,EAAK4B,GAAI1wC,EAAI,KAC5B2tC,GAAOjgB,EAAKojB,EAASF,GAAIxjC,EAAQ8iC,KACjCA,EAAQA,EAAMhnC,SAASgmC,IAMzB,GAAIgB,EAAMjyC,OAAQ,CAChB0vC,GAAOvgC,EAAQ0hC,EAAK/kC,GAEpB,MAAM2nC,EAAc,IAAI9xC,WAAWsvC,IACnCwC,EAAYrxC,IAAI6vC,EAAO,GACvBwB,EAAYxB,EAAMjyC,QAAU,IAC5B0vC,GAAO+D,EAAatkC,GAEpBugC,GAAOjgB,EAAKojB,EAASY,IAGvB,OAAOhkB,EA+EgEzc,CAAKi/B,IAO5E,OADAxC,EAAGrtC,IAAIkd,EAAKrd,GACLwtC,EAIT,OAnJA,SAA+B3iB,EAAQlX,GACrC,MAAM89B,EAAa1zB,GAAMlgB,KAAKkgB,GAAM/N,UAAW6a,GACzC+E,EAAM,IAAI8hB,GAAQD,GAAY99B,GACpCi9B,EAAWhhB,EAAIF,QAAQltB,KAAKotB,GAC5BihB,EAAWjhB,EAAID,QAAQntB,KAAKotB,GAE5B,MAAM+hB,EAASf,EAAS1B,IAClB0C,EAASz6B,GAAK8D,OAAO02B,GAC3B/C,EAAO,GACPA,EAAK,GAAKz3B,GAAK8D,OAAO22B,GAGtBhD,EAAK/kC,EAAI8nC,EACT/C,EAAK2C,EAAIK,EAfXC,CAAsBhnB,EAAQlX,GAqJvB,CAQL+b,QAAS5xB,eAAemS,EAAWw+B,EAAOuB,GACxC,OAAOe,EAAMH,EAAU3gC,EAAWw+B,EAAOuB,IAU3CrgB,QAAS7xB,eAAekwC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAWjwC,OAASwxC,GAAW,MAAUxvC,MAAM,0BAEnD,MAAMsd,EAAM2wB,EAAWhlC,UAAUumC,IACjCvB,EAAaA,EAAWhlC,SAAS,GAAIumC,IAErC,MAAMuC,EAAUf,EAAMF,EAAU7C,EAAYS,EAAOuB,GAEnD,GAAI74B,GAAKqD,iBAAiB6C,EAAKy0B,EAAQ9oC,UAAUumC,KAC/C,OAAOuC,EAAQ9oC,SAAS,GAAIumC,IAE9B,MAAUxvC,MAAM,gCAGtB,CAQA4wC,GAAIL,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAkC,GAAI3B,YAAcA,GAClB2B,GAAIrB,SAAWA,GACfqB,GAAIpB,UAAYA,GC3QhB,MAAMwC,GAA0B,YACzB,MAAMC,GACTv1C,YAAYkX,EAAK86B,EAAOuB,EAAOiC,EAAU,GAAIriB,GACzCjzB,KAAKs1C,QAAUA,EACft1C,KAAKu1C,OAAS,EACdv1C,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,GAAW,EAAO,OACtD,IAAIkoB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cAI7B,GAFAtI,EAAI8E,WAEAjuB,KAAKs1C,QAAU,GAAKt1C,KAAKs1C,QAAU,GACnC,MAAM,IAAIpkB,GAAqB,yBAEnC,MAAMskB,EAAW1D,EAAM1wC,QAAU,EAC3Bq0C,EAAW,IAAI1yC,WAAW,IACf,KAAbyyC,GACAx1C,KAAK01C,iBAAiB5D,GACtB5oB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,IAAM,EACXA,EAAK,IAAMssB,IAAa,GACxBtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,EAAK,IAC9BtsB,EAAK,IAAOssB,GAAY,EAAK,IAC7BrsB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIwD,OAAO,EAAG,EAAG,EAAG,GACpB8oB,EAASjyC,IAAI0lB,EAAK7c,SAAS,EAAG,OAG9BopC,EAASjyC,IAAIsuC,GACb2D,EAAS,IAAM,GAEnB,MAAME,EAAY,IAAIlwB,SAASgwB,EAASpxC,QAKxC,GAJArE,KAAKu1C,OAASI,EAAU5jB,UAAU,IAClC5I,EAAI6D,UAAU2oB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI,GACtF5I,EAAIkE,SAAS,EAAG,EAAG,EAAG,iBAERpsB,IAAVoyC,EAAqB,CACrB,GAAIA,EAAMjyC,OAASg0C,GACf,MAAM,IAAIlkB,GAAqB,wBAC/BmiB,EAAMjyC,QACNpB,KAAKqzC,MAAQA,EACbrzC,KAAK01C,iBAAiBrC,IAGtBrzC,KAAKqzC,WAAQpyC,OAIjBjB,KAAKqzC,WAAQpyC,EAGjB,GAAIjB,KAAKgyC,QAAU,GAAKhyC,KAAKgyC,QAAU,WACnC,MAAM,IAAI4D,WAAW,6CACzBzsB,EAAIuE,YAAY,EAAG,EAAG,EAAI1tB,KAAKu1C,OAASv1C,KAAKgyC,QAAW,GAE5DhqB,eAAe6tB,EAAW7+B,EAAK86B,EAAOuB,EAAOyC,GACzC,OAAO,IAAIT,GAAQr+B,EAAK86B,EAAOuB,EAAOyC,GAAS/iB,QAAQ8iB,GAE3D7tB,eAAeqpB,EAAYr6B,EAAK86B,EAAOuB,EAAOyC,GAC1C,OAAO,IAAIT,GAAQr+B,EAAK86B,EAAOuB,EAAOyC,GAAS9iB,QAAQqe,GAE3Dte,QAAQ7oB,GACJ,OAAOlK,KAAK+1C,gBAAgB7rC,GAEhC8oB,QAAQ9oB,GACJ,OAAOlK,KAAKg2C,gBAAgB9rC,GAEhC+rC,wBAAwB/rC,GACpB,IAAImmB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,GACtB+nB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACf3uC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfiiB,EAAO,EACPG,EAAQpiB,EAAMmgB,GAAS,GACvBE,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK7hC,EAAMmgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAMn0C,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAY1sB,EAAK8M,GAC5DqgB,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKmtB,GACrDA,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAMd,OAHAnQ,KAAKgyC,QAAUA,EACfhyC,KAAKizB,IAAI5vB,IAAMA,EACfrD,KAAKizB,IAAI9iB,IAAMA,EACR1O,EAEXy0C,yBACI,IAAI/sB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACfsD,EAAUt1C,KAAKs1C,QACfjC,EAAQrzC,KAAKqzC,MACbhwC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACnB,MAAM1O,EAAS,IAAIsB,WAAWoN,EAAMmlC,GACpCnsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAY1sB,EAAM8M,EAAM,IAAO,IAC/DA,GACA1O,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAM8M,IACxC,IAAIhN,EAAIgN,EACR,KAAW,GAAJhN,EAAQA,IACX+lB,EAAK7lB,EAAMF,GAAK,EACpBgmB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKF,GAClD,MAAMgzC,OAAiBl1C,IAAVoyC,EAAsBA,EAAMjyC,OAAS,EAC5Cg1C,GAASpE,EAAU,GAAM,GAAK7hC,EAuBpC,OAtBA+Y,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAG1tB,KAAKu1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/CtuB,EAAO+B,IAAI0lB,EAAK7c,SAAS,EAAGipC,GAAUnlC,GACtCnQ,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAI5vB,IAAM,EACfrD,KAAKizB,IAAI9iB,IAAM,EACR1O,EAEX40C,wBAAwBnsC,GACpB,IAAImmB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,GACtB+nB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACfsD,EAAUt1C,KAAKs1C,QACfjyC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfiiB,EAAO,EACPG,EAAOpiB,EAAMmgB,EAAOglB,EAAWnlC,EAAMmgB,EAAOglB,GAAY,GAAK,EAC7DgB,EAAOnmC,EAAMmgB,EAAOiC,EACpB/B,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK7hC,EAAMmgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAMn0C,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAOgmB,GACV9lB,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,EAAOgmB,GACvDnmC,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKmtB,GACzDA,EAAOrH,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAY1sB,EAAKmtB,GACxDA,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACRntB,EAAM,EACN8M,EAAM,EAQV,OANImgB,EAAO,IACPngB,GAAOggB,GAAYjH,EAAM,EAAGhf,EAAMmmB,EAAMC,IAE5CtwB,KAAKgyC,QAAUA,EACfhyC,KAAKizB,IAAI5vB,IAAMA,EACfrD,KAAKizB,IAAI9iB,IAAMA,EACR1O,EAEX80C,yBACI,IAAIptB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzB6jB,EAAUt1C,KAAKs1C,QACfjC,EAAQrzC,KAAKqzC,MACbrB,EAAUhyC,KAAKgyC,QACf3uC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfoiB,EAAOpiB,EAAMmlC,EACjB,GAAInlC,EAAMmlC,EACN,MAAM,IAAItkB,GAAkB,gCAChC,MAAMvvB,EAAS,IAAIsB,WAAWwvB,GACxBikB,EAAO,IAAIzzC,WAAWmmB,EAAK7c,SAAShJ,EAAMkvB,EAAMlvB,EAAM8M,IAC5D,IAAIhN,EAAIovB,EACR,KAAW,GAAJpvB,EAAQA,IACX+lB,EAAK7lB,EAAMF,GAAK,EACpBgmB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKF,GAClDgmB,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAY1sB,EAAKF,GACjDovB,GACA9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IACxC,MAAM4jB,OAAiBl1C,IAAVoyC,EAAsBA,EAAMjyC,OAAS,EAC5Cg1C,GAASpE,EAAU,GAAM,GAAK7hC,EAAMmlC,EAC1CpsB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAG1tB,KAAKu1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/C,IAAI0mB,EAAS,EACb,IAAK,IAAItzC,EAAI,EAAGA,EAAImyC,IAAWnyC,EAC3BszC,GAAUD,EAAKrzC,GAAK+lB,EAAK/lB,GAC7B,GAAIszC,EACA,MAAM,IAAItlB,GAAc,+BAI5B,OAHAnxB,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAI5vB,IAAM,EACfrD,KAAKizB,IAAI9iB,IAAM,EACR1O,EAEXu0C,gBAAgB9rC,GACZ,MAAMC,EAAUnK,KAAKq2C,wBAAwBnsC,GACvCE,EAAUpK,KAAKu2C,yBACf90C,EAAS,IAAIsB,WAAWoH,EAAQ/I,OAASgJ,EAAQhJ,QAKvD,OAJI+I,EAAQ/I,QACRK,EAAO+B,IAAI2G,GACXC,EAAQhJ,QACRK,EAAO+B,IAAI4G,EAASD,EAAQ/I,QACzBK,EAEXs0C,gBAAgB7rC,GACZ,MAAMC,EAAUnK,KAAKi2C,wBAAwB/rC,GACvCE,EAAUpK,KAAKk2C,yBACfz0C,EAAS,IAAIsB,WAAWoH,EAAQ/I,OAASgJ,EAAQhJ,QAKvD,OAJI+I,EAAQ/I,QACRK,EAAO+B,IAAI2G,GACXC,EAAQhJ,QACRK,EAAO+B,IAAI4G,EAASD,EAAQ/I,QACzBK,EAEXi0C,iBAAiBxrC,GACb,IAAIif,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBpB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBovB,EAAO,EACX,KAAOF,EAAO,GAAG,CAIb,IAHAE,EAAOL,GAAYjH,EAAM,EAAGhf,EAAMmmB,EAAMC,GACxCD,GAAQG,EACRF,GAAQE,EACM,GAAPA,GACHtH,EAAKsH,KAAU,EACnBrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAWS,KC3PxD,MAAMme,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBvb,GAAS8W,GAAK2E,gBAIdyzB,GAAY,GACZnC,GAAO,UAObtvC,eAAe2uB,GAAI5B,EAAQlX,GACzB,GAAIkX,IAAW9M,GAAM/N,UAAUM,QAC7Bua,IAAW9M,GAAM/N,UAAUO,QAC3Bsa,IAAW9M,GAAM/N,UAAUQ,OAC3B,MAAUzQ,MAAM,qCAGlB,GAAIoX,GAAKyE,gBACP,MAAO,CACL8T,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,EAAQ,IAAItwC,YAC1C,MAAMiwC,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKua,GAClFyhB,EAAG0D,OAAOrD,GACV,MAAMxC,EAAKntC,GAAOkD,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,QAASD,EAAG2D,eACxD,OAAO,IAAI5zC,WAAW8tC,IAGxB7d,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,EAAQ,IAAItwC,YAC1C,MAAM6zC,EAAK,IAAIhI,GAAW4C,iBAAiB,OAAuB,EAAbx6B,EAAI5V,OAAc,OAAQ4V,EAAKua,GACpFqlB,EAAGF,OAAOrD,GACVuD,EAAGC,WAAWhG,EAAGnvC,MAAMmvC,EAAGzvC,OAASwxC,GAAW/B,EAAGzvC,SACjD,MAAMivC,EAAK3sC,GAAOkD,OAAO,CAACgwC,EAAG9O,OAAO+I,EAAGnvC,MAAM,EAAGmvC,EAAGzvC,OAASwxC,KAAagE,EAAG3D,UAC5E,OAAO,IAAIlwC,WAAWstC,KAK5B,GAAI71B,GAAKoE,gBAAiC,KAAf5H,EAAI5V,OAAe,CAC5C,MAAMsvC,QAAa/B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAMmlC,KAAQ,EAAO,CAAC,UAAW,YAEtF,MAAO,CACL1d,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,EAAQ,IAAItwC,YAC1C,IAAKstC,EAAGjvC,OACN,OAAOi0C,GAAQtiB,QAAQsd,EAAIr5B,EAAKua,EAAI8hB,GAEtC,MAAMxC,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAMmlC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAML,GAC9G,OAAO,IAAIttC,WAAW8tC,IAGxB7d,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,EAAQ,IAAItwC,YAC1C,GAAI8tC,EAAGzvC,SAAWwxC,GAChB,OAAOyC,GAAQriB,QAAQ6d,EAAI75B,EAAKua,EAAI8hB,GAEtC,MAAMhD,QAAW1B,GAAU3b,QAAQ,CAAE1nB,KAAMmlC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAMG,GAC9G,OAAO,IAAI9tC,WAAWstC,KAK5B,MAAO,CACLtd,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,GAC9B,OAAOgC,GAAQtiB,QAAQsd,EAAIr5B,EAAKua,EAAI8hB,IAGtCrgB,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,GAC9B,OAAOgC,GAAQriB,QAAQ6d,EAAI75B,EAAKua,EAAI8hB,IAG1C,CAWAvjB,GAAI6jB,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAhiB,GAAIuiB,YAtFgB,GAuFpBviB,GAAI6iB,SAtFa,GAuFjB7iB,GAAI8iB,UAAYA,GC7GhB,OAAe,CAEb5B,IAAKA,GAEL+F,IAAKA,GACL/hC,gBAAiB+hC,GAEjBjiC,IAAKA,GAELC,IAAKA,wBClBP,SAAUiiC,GASV,IAAIC,EAAK,SAASvc,GAChB,IAAIv3B,EAAG4K,EAAI,IAAImpC,aAAa,IAC5B,GAAIxc,EAAM,IAAKv3B,EAAI,EAAGA,EAAIu3B,EAAKt5B,OAAQ+B,IAAK4K,EAAE5K,GAAKu3B,EAAKv3B,GACxD,OAAO4K,CACT,EAGIopC,EAAc,WAAuB,MAAU/zC,MAAM,YAErDg0C,EAAK,IAAIr0C,WAAW,IAAKq0C,EAAG,GAAK,EAErC,IAAIC,EAAMJ,IACNK,EAAML,EAAG,CAAC,IACVM,EAAUN,EAAG,CAAC,MAAQ,IACtBzJ,EAAIyJ,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIO,EAAKP,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIQ,EAAIR,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIS,EAAIT,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChI5f,EAAI4f,EAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAQpI,SAASU,EAAiBzqC,EAAG0qC,EAAItpC,EAAGupC,GAClC,OAPF,SAAY3qC,EAAG0qC,EAAItpC,EAAGupC,EAAIrrC,GACxB,IAAIrJ,EAAE2lB,EAAI,EACV,IAAK3lB,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK2lB,GAAK5b,EAAE0qC,EAAGz0C,GAAGmL,EAAEupC,EAAG10C,GAC1C,OAAQ,EAAM2lB,EAAI,IAAO,GAAM,CACjC,CAGSgvB,CAAG5qC,EAAE0qC,EAAGtpC,EAAEupC,EAAG,GACtB,CAEA,SAASE,EAAShqC,EAAGU,GACnB,IAAItL,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4K,EAAE5K,GAAU,EAALsL,EAAEtL,EACpC,CAEA,SAAS60C,EAASC,GAChB,IAAI90C,EAAG+0C,EAAG17B,EAAI,EACd,IAAKrZ,EAAI,EAAGA,EAAI,GAAIA,IAClB+0C,EAAID,EAAE90C,GAAKqZ,EAAI,MACfA,EAAI1Q,KAAKsP,MAAM88B,EAAI,OACnBD,EAAE90C,GAAK+0C,EAAQ,MAAJ17B,EAEby7B,EAAE,IAAMz7B,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAAS27B,EAAS1lB,EAAG/jB,EAAGL,GAEtB,IADA,IAAIgQ,EAAG7B,IAAMnO,EAAE,GACNlL,EAAI,EAAGA,EAAI,GAAIA,IACtBkb,EAAI7B,GAAKiW,EAAEtvB,GAAKuL,EAAEvL,IAClBsvB,EAAEtvB,IAAMkb,EACR3P,EAAEvL,IAAMkb,CAEZ,CAEA,SAAS+5B,EAAUH,EAAGzrC,GACpB,IAAIrJ,EAAG4Z,EAAG1O,EACNb,EAAIypC,IAAM54B,EAAI44B,IAClB,IAAK9zC,EAAI,EAAGA,EAAI,GAAIA,IAAKkb,EAAElb,GAAKqJ,EAAErJ,GAIlC,IAHA60C,EAAS35B,GACT25B,EAAS35B,GACT25B,EAAS35B,GACJtB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAvP,EAAE,GAAK6Q,EAAE,GAAK,MACTlb,EAAI,EAAGA,EAAI,GAAIA,IAClBqK,EAAErK,GAAKkb,EAAElb,GAAK,OAAWqK,EAAErK,EAAE,IAAI,GAAM,GACvCqK,EAAErK,EAAE,IAAM,MAEZqK,EAAE,IAAM6Q,EAAE,IAAM,OAAW7Q,EAAE,KAAK,GAAM,GACxCa,EAAKb,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACT2qC,EAAS95B,EAAG7Q,EAAG,EAAEa,GAEnB,IAAKlL,EAAI,EAAGA,EAAI,GAAIA,IAClB80C,EAAE,EAAE90C,GAAY,IAAPkb,EAAElb,GACX80C,EAAE,EAAE90C,EAAE,GAAKkb,EAAElb,IAAI,CAErB,CAEA,SAASk1C,EAAS5pC,EAAGJ,GACnB,IAAImO,EAAI,IAAIzZ,WAAW,IAAK+lB,EAAI,IAAI/lB,WAAW,IAG/C,OAFAq1C,EAAU57B,EAAG/N,GACb2pC,EAAUtvB,EAAGza,GACNspC,EAAiBn7B,EAAG,EAAGsM,EAAG,EACnC,CAEA,SAASwvB,EAAS7pC,GAChB,IAAIqa,EAAI,IAAI/lB,WAAW,IAEvB,OADAq1C,EAAUtvB,EAAGra,GACC,EAAPqa,EAAE,EACX,CAEA,SAASyvB,EAAYN,EAAGzrC,GACtB,IAAIrJ,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKqJ,EAAE,EAAErJ,IAAMqJ,EAAE,EAAErJ,EAAE,IAAM,GACtD80C,EAAE,KAAO,KACX,CAEA,SAAS3K,EAAE2K,EAAGxpC,EAAGJ,GACf,IAAK,IAAIlL,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAC/C,CAEA,SAASq1C,EAAEP,EAAGxpC,EAAGJ,GACf,IAAK,IAAIlL,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAC/C,CAEA,SAASs1C,EAAER,EAAGxpC,EAAGJ,GACf,IAAI6pC,EAAG17B,EACJmnB,EAAK,EAAI1Y,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIyY,EAAK,EAAIwB,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEoT,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK5rC,EAAE,GACP6rC,EAAK7rC,EAAE,GACP8rC,EAAK9rC,EAAE,GACP+rC,EAAK/rC,EAAE,GACPgsC,EAAKhsC,EAAE,GACPisC,EAAKjsC,EAAE,GACPksC,EAAKlsC,EAAE,GACPmsC,EAAKnsC,EAAE,GACPosC,EAAKpsC,EAAE,GACPqsC,EAAKrsC,EAAE,GACPssC,EAAMtsC,EAAE,IACRusC,EAAMvsC,EAAE,IACRwsC,EAAMxsC,EAAE,IACRysC,EAAMzsC,EAAE,IACR0sC,EAAM1sC,EAAE,IACR2sC,EAAM3sC,EAAE,IAGVs1B,IADAuU,EAAIzpC,EAAE,IACIwrC,EACVhvB,GAAMitB,EAAIgC,EACVhvB,GAAMgtB,EAAIiC,EACVhvB,GAAM+sB,EAAIkC,EACVxW,GAAMsU,EAAImC,EACVjV,GAAM8S,EAAIoC,EACVjV,GAAM6S,EAAIqC,EACVjV,GAAM4S,EAAIsC,EACV9B,GAAMR,EAAIuC,EACV9B,GAAMT,EAAIwC,EACV9B,GAAOV,EAAIyC,EACX9B,GAAOX,EAAI0C,EACX9B,GAAOZ,EAAI2C,EACX9B,GAAOb,EAAI4C,EACX9B,GAAOd,EAAI6C,EACX9B,GAAOf,EAAI8C,EAEX/vB,IADAitB,EAAIzpC,EAAE,IACIwrC,EACV/uB,GAAMgtB,EAAIgC,EACV/uB,GAAM+sB,EAAIiC,EACVvW,GAAMsU,EAAIkC,EACVhV,GAAM8S,EAAImC,EACVhV,GAAM6S,EAAIoC,EACVhV,GAAM4S,EAAIqC,EACV7B,GAAMR,EAAIsC,EACV7B,GAAMT,EAAIuC,EACV7B,GAAOV,EAAIwC,EACX7B,GAAOX,EAAIyC,EACX7B,GAAOZ,EAAI0C,EACX7B,GAAOb,EAAI2C,EACX7B,GAAOd,EAAI4C,EACX7B,GAAOf,EAAI6C,EACX7B,GAAOhB,EAAI8C,EAEX9vB,IADAgtB,EAAIzpC,EAAE,IACIwrC,EACV9uB,GAAM+sB,EAAIgC,EACVtW,GAAMsU,EAAIiC,EACV/U,GAAM8S,EAAIkC,EACV/U,GAAM6S,EAAImC,EACV/U,GAAM4S,EAAIoC,EACV5B,GAAMR,EAAIqC,EACV5B,GAAMT,EAAIsC,EACV5B,GAAOV,EAAIuC,EACX5B,GAAOX,EAAIwC,EACX5B,GAAOZ,EAAIyC,EACX5B,GAAOb,EAAI0C,EACX5B,GAAOd,EAAI2C,EACX5B,GAAOf,EAAI4C,EACX5B,GAAOhB,EAAI6C,EACX5B,GAAOjB,EAAI8C,EAEX7vB,IADA+sB,EAAIzpC,EAAE,IACIwrC,EACVrW,GAAMsU,EAAIgC,EACV9U,GAAM8S,EAAIiC,EACV9U,GAAM6S,EAAIkC,EACV9U,GAAM4S,EAAImC,EACV3B,GAAMR,EAAIoC,EACV3B,GAAMT,EAAIqC,EACV3B,GAAOV,EAAIsC,EACX3B,GAAOX,EAAIuC,EACX3B,GAAOZ,EAAIwC,EACX3B,GAAOb,EAAIyC,EACX3B,GAAOd,EAAI0C,EACX3B,GAAOf,EAAI2C,EACX3B,GAAOhB,EAAI4C,EACX3B,GAAOjB,EAAI6C,EACX3B,GAAOlB,EAAI8C,EAEXpX,IADAsU,EAAIzpC,EAAE,IACIwrC,EACV7U,GAAM8S,EAAIgC,EACV7U,GAAM6S,EAAIiC,EACV7U,GAAM4S,EAAIkC,EACV1B,GAAMR,EAAImC,EACV1B,GAAMT,EAAIoC,EACV1B,GAAOV,EAAIqC,EACX1B,GAAOX,EAAIsC,EACX1B,GAAOZ,EAAIuC,EACX1B,GAAOb,EAAIwC,EACX1B,GAAOd,EAAIyC,EACX1B,GAAOf,EAAI0C,EACX1B,GAAOhB,EAAI2C,EACX1B,GAAOjB,EAAI4C,EACX1B,GAAOlB,EAAI6C,EACX1B,GAAOnB,EAAI8C,EAEX5V,IADA8S,EAAIzpC,EAAE,IACIwrC,EACV5U,GAAM6S,EAAIgC,EACV5U,GAAM4S,EAAIiC,EACVzB,GAAMR,EAAIkC,EACVzB,GAAMT,EAAImC,EACVzB,GAAOV,EAAIoC,EACXzB,GAAOX,EAAIqC,EACXzB,GAAOZ,EAAIsC,EACXzB,GAAOb,EAAIuC,EACXzB,GAAOd,EAAIwC,EACXzB,GAAOf,EAAIyC,EACXzB,GAAOhB,EAAI0C,EACXzB,GAAOjB,EAAI2C,EACXzB,GAAOlB,EAAI4C,EACXzB,GAAOnB,EAAI6C,EACXzB,GAAOpB,EAAI8C,EAEX3V,IADA6S,EAAIzpC,EAAE,IACIwrC,EACV3U,GAAM4S,EAAIgC,EACVxB,GAAMR,EAAIiC,EACVxB,GAAMT,EAAIkC,EACVxB,GAAOV,EAAImC,EACXxB,GAAOX,EAAIoC,EACXxB,GAAOZ,EAAIqC,EACXxB,GAAOb,EAAIsC,EACXxB,GAAOd,EAAIuC,EACXxB,GAAOf,EAAIwC,EACXxB,GAAOhB,EAAIyC,EACXxB,GAAOjB,EAAI0C,EACXxB,GAAOlB,EAAI2C,EACXxB,GAAOnB,EAAI4C,EACXxB,GAAOpB,EAAI6C,EACXxB,GAAOrB,EAAI8C,EAEX1V,IADA4S,EAAIzpC,EAAE,IACIwrC,EACVvB,GAAMR,EAAIgC,EACVvB,GAAMT,EAAIiC,EACVvB,GAAOV,EAAIkC,EACXvB,GAAOX,EAAImC,EACXvB,GAAOZ,EAAIoC,EACXvB,GAAOb,EAAIqC,EACXvB,GAAOd,EAAIsC,EACXvB,GAAOf,EAAIuC,EACXvB,GAAOhB,EAAIwC,EACXvB,GAAOjB,EAAIyC,EACXvB,GAAOlB,EAAI0C,EACXvB,GAAOnB,EAAI2C,EACXvB,GAAOpB,EAAI4C,EACXvB,GAAOrB,EAAI6C,EACXvB,GAAOtB,EAAI8C,EAEXtC,IADAR,EAAIzpC,EAAE,IACIwrC,EACVtB,GAAMT,EAAIgC,EACVtB,GAAOV,EAAIiC,EACXtB,GAAOX,EAAIkC,EACXtB,GAAOZ,EAAImC,EACXtB,GAAOb,EAAIoC,EACXtB,GAAOd,EAAIqC,EACXtB,GAAOf,EAAIsC,EACXtB,GAAOhB,EAAIuC,EACXtB,GAAOjB,EAAIwC,EACXtB,GAAOlB,EAAIyC,EACXtB,GAAOnB,EAAI0C,EACXtB,GAAOpB,EAAI2C,EACXtB,GAAOrB,EAAI4C,EACXtB,GAAOtB,EAAI6C,EACXtB,GAAOvB,EAAI8C,EAEXrC,IADAT,EAAIzpC,EAAE,IACIwrC,EACVrB,GAAOV,EAAIgC,EACXrB,GAAOX,EAAIiC,EACXrB,GAAOZ,EAAIkC,EACXrB,GAAOb,EAAImC,EACXrB,GAAOd,EAAIoC,EACXrB,GAAOf,EAAIqC,EACXrB,GAAOhB,EAAIsC,EACXrB,GAAOjB,EAAIuC,EACXrB,GAAOlB,EAAIwC,EACXrB,GAAOnB,EAAIyC,EACXrB,GAAOpB,EAAI0C,EACXrB,GAAOrB,EAAI2C,EACXrB,GAAOtB,EAAI4C,EACXrB,GAAOvB,EAAI6C,EACXrB,GAAOxB,EAAI8C,EAEXpC,IADAV,EAAIzpC,EAAE,KACKwrC,EACXpB,GAAOX,EAAIgC,EACXpB,GAAOZ,EAAIiC,EACXpB,GAAOb,EAAIkC,EACXpB,GAAOd,EAAImC,EACXpB,GAAOf,EAAIoC,EACXpB,GAAOhB,EAAIqC,EACXpB,GAAOjB,EAAIsC,EACXpB,GAAOlB,EAAIuC,EACXpB,GAAOnB,EAAIwC,EACXpB,GAAOpB,EAAIyC,EACXpB,GAAOrB,EAAI0C,EACXpB,GAAOtB,EAAI2C,EACXpB,GAAOvB,EAAI4C,EACXpB,GAAOxB,EAAI6C,EACXpB,GAAOzB,EAAI8C,EAEXnC,IADAX,EAAIzpC,EAAE,KACKwrC,EACXnB,GAAOZ,EAAIgC,EACXnB,GAAOb,EAAIiC,EACXnB,GAAOd,EAAIkC,EACXnB,GAAOf,EAAImC,EACXnB,GAAOhB,EAAIoC,EACXnB,GAAOjB,EAAIqC,EACXnB,GAAOlB,EAAIsC,EACXnB,GAAOnB,EAAIuC,EACXnB,GAAOpB,EAAIwC,EACXnB,GAAOrB,EAAIyC,EACXnB,GAAOtB,EAAI0C,EACXnB,GAAOvB,EAAI2C,EACXnB,GAAOxB,EAAI4C,EACXnB,GAAOzB,EAAI6C,EACXnB,GAAO1B,EAAI8C,EAEXlC,IADAZ,EAAIzpC,EAAE,KACKwrC,EACXlB,GAAOb,EAAIgC,EACXlB,GAAOd,EAAIiC,EACXlB,GAAOf,EAAIkC,EACXlB,GAAOhB,EAAImC,EACXlB,GAAOjB,EAAIoC,EACXlB,GAAOlB,EAAIqC,EACXlB,GAAOnB,EAAIsC,EACXlB,GAAOpB,EAAIuC,EACXlB,GAAOrB,EAAIwC,EACXlB,GAAOtB,EAAIyC,EACXlB,GAAOvB,EAAI0C,EACXlB,GAAOxB,EAAI2C,EACXlB,GAAOzB,EAAI4C,EACXlB,GAAO1B,EAAI6C,EACXlB,GAAO3B,EAAI8C,EAEXjC,IADAb,EAAIzpC,EAAE,KACKwrC,EACXjB,GAAOd,EAAIgC,EACXjB,GAAOf,EAAIiC,EACXjB,GAAOhB,EAAIkC,EACXjB,GAAOjB,EAAImC,EACXjB,GAAOlB,EAAIoC,EACXjB,GAAOnB,EAAIqC,EACXjB,GAAOpB,EAAIsC,EACXjB,GAAOrB,EAAIuC,EACXjB,GAAOtB,EAAIwC,EACXjB,GAAOvB,EAAIyC,EACXjB,GAAOxB,EAAI0C,EACXjB,GAAOzB,EAAI2C,EACXjB,GAAO1B,EAAI4C,EACXjB,GAAO3B,EAAI6C,EACXjB,GAAO5B,EAAI8C,EAEXhC,IADAd,EAAIzpC,EAAE,KACKwrC,EACXhB,GAAOf,EAAIgC,EACXhB,GAAOhB,EAAIiC,EACXhB,GAAOjB,EAAIkC,EACXhB,GAAOlB,EAAImC,EACXhB,GAAOnB,EAAIoC,EACXhB,GAAOpB,EAAIqC,EACXhB,GAAOrB,EAAIsC,EACXhB,GAAOtB,EAAIuC,EACXhB,GAAOvB,EAAIwC,EACXhB,GAAOxB,EAAIyC,EACXhB,GAAOzB,EAAI0C,EACXhB,GAAO1B,EAAI2C,EACXhB,GAAO3B,EAAI4C,EACXhB,GAAO5B,EAAI6C,EACXhB,GAAO7B,EAAI8C,EAEX/B,IADAf,EAAIzpC,EAAE,KACKwrC,EAkBXhvB,GAAO,IAhBPkuB,GAAOjB,EAAIiC,GAiBXjvB,GAAO,IAhBPkuB,GAAOlB,EAAIkC,GAiBXjvB,GAAO,IAhBPkuB,GAAOnB,EAAImC,GAiBXzW,GAAO,IAhBP0V,GAAOpB,EAAIoC,GAiBXlV,GAAO,IAhBPmU,GAAOrB,EAAIqC,GAiBXlV,GAAO,IAhBPmU,GAAOtB,EAAIsC,GAiBXlV,GAAO,IAhBPmU,GAAOvB,EAAIuC,GAiBX/B,GAAO,IAhBPgB,GAAOxB,EAAIwC,GAiBX/B,GAAO,IAhBPgB,GAAOzB,EAAIyC,GAiBX/B,GAAO,IAhBPgB,GAAO1B,EAAI0C,GAiBX/B,GAAO,IAhBPgB,GAAO3B,EAAI2C,GAiBX/B,GAAO,IAhBPgB,GAAO5B,EAAI4C,GAiBX/B,GAAO,IAhBPgB,GAAO7B,EAAI6C,GAiBX/B,GAAO,IAhBPgB,GAAO9B,EAAI8C,GAqBsCrX,GAAjDuU,GAnBAvU,GAAO,IAhBPuV,GAAOhB,EAAIgC,KAkCX19B,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK3O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKpnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK9oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSS,GAAjDT,EAAKS,EAAKn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQU,GAAhDV,EAAIU,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQW,GAAhDX,EAAIW,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQa,GAAhDb,EAAIa,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQc,GAAhDd,EAAIc,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQe,GAAhDf,EAAIe,EAAMz8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QAKSvU,GAAjDuU,GAJAvU,GAAMnnB,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK3O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKpnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK9oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSS,GAAjDT,EAAKS,EAAKn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQU,GAAhDV,EAAIU,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQW,GAAhDX,EAAIW,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQa,GAAhDb,EAAIa,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQc,GAAhDd,EAAIc,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQe,GAAhDf,EAAIe,EAAMz8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACxCvU,GAAMnnB,EAAE,EAAI,IAAMA,EAAE,GAEpBy7B,EAAG,GAAKtU,EACRsU,EAAG,GAAKhtB,EACRgtB,EAAG,GAAK/sB,EACR+sB,EAAG,GAAK9sB,EACR8sB,EAAG,GAAKrU,EACRqU,EAAG,GAAK7S,EACR6S,EAAG,GAAK5S,EACR4S,EAAG,GAAK3S,EACR2S,EAAG,GAAKS,EACRT,EAAG,GAAKU,EACRV,EAAE,IAAMW,EACRX,EAAE,IAAMY,EACRZ,EAAE,IAAMa,EACRb,EAAE,IAAMc,EACRd,EAAE,IAAMe,EACRf,EAAE,IAAMgB,CACV,CAEA,SAASnF,EAAEmE,EAAGxpC,GACZgqC,EAAER,EAAGxpC,EAAGA,EACV,CAEA,SAASwsC,EAAShD,EAAG90C,GACnB,IACIsL,EADA+N,EAAIy6B,IAER,IAAKxoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKtL,EAAEsL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBqlC,EAAEt3B,EAAGA,GACI,IAAN/N,GAAiB,IAANA,GAASgqC,EAAEj8B,EAAGA,EAAGrZ,GAEjC,IAAKsL,EAAI,EAAGA,EAAI,GAAIA,IAAKwpC,EAAExpC,GAAK+N,EAAE/N,EACpC,CAaA,SAASysC,EAAkBxsC,EAAGlC,EAAGimB,GAC/B,IAC8B1kB,EAAG5K,EAD7BolC,EAAI,IAAIxlC,WAAW,IACnBmK,EAAI,IAAIgqC,aAAa,IACrBzoC,EAAIwoC,IAAM5oC,EAAI4oC,IAAMz6B,EAAIy6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IAC5B,IAAK9zC,EAAI,EAAGA,EAAI,GAAIA,IAAKolC,EAAEplC,GAAKqJ,EAAErJ,GAIlC,IAHAolC,EAAE,IAAW,IAAN/7B,EAAE,IAAS,GAClB+7B,EAAE,IAAI,IACNgQ,EAAYrrC,EAAEulB,GACTtvB,EAAI,EAAGA,EAAI,GAAIA,IAClBkL,EAAElL,GAAG+J,EAAE/J,GACP2lB,EAAE3lB,GAAGsL,EAAEtL,GAAGqZ,EAAErZ,GAAG,EAGjB,IADAsL,EAAE,GAAGqa,EAAE,GAAG,EACL3lB,EAAE,IAAKA,GAAG,IAAKA,EAElBg1C,EAAS1pC,EAAEJ,EADXN,EAAGw6B,EAAEplC,IAAI,MAAQ,EAAFA,GAAM,GAErBg1C,EAAS37B,EAAEsM,EAAE/a,GACbu/B,EAAE7oC,EAAEgK,EAAE+N,GACNg8B,EAAE/pC,EAAEA,EAAE+N,GACN8wB,EAAE9wB,EAAEnO,EAAEya,GACN0vB,EAAEnqC,EAAEA,EAAEya,GACNgrB,EAAEhrB,EAAErkB,GACJqvC,EAAE/O,EAAEt2B,GACJgqC,EAAEhqC,EAAE+N,EAAE/N,GACNgqC,EAAEj8B,EAAEnO,EAAE5J,GACN6oC,EAAE7oC,EAAEgK,EAAE+N,GACNg8B,EAAE/pC,EAAEA,EAAE+N,GACNs3B,EAAEzlC,EAAEI,GACJ+pC,EAAEh8B,EAAEsM,EAAEic,GACN0T,EAAEhqC,EAAE+N,EAAE+6B,GACNjK,EAAE7+B,EAAEA,EAAEqa,GACN2vB,EAAEj8B,EAAEA,EAAE/N,GACNgqC,EAAEhqC,EAAEqa,EAAEic,GACN0T,EAAE3vB,EAAEza,EAAEnB,GACN4mC,EAAEzlC,EAAE5J,GACJ0zC,EAAS1pC,EAAEJ,EAAEN,GACboqC,EAAS37B,EAAEsM,EAAE/a,GAEf,IAAK5K,EAAI,EAAGA,EAAI,GAAIA,IAClB+J,EAAE/J,EAAE,IAAIsL,EAAEtL,GACV+J,EAAE/J,EAAE,IAAIqZ,EAAErZ,GACV+J,EAAE/J,EAAE,IAAIkL,EAAElL,GACV+J,EAAE/J,EAAE,IAAI2lB,EAAE3lB,GAEZ,IAAIg4C,EAAMjuC,EAAEb,SAAS,IACjB+uC,EAAMluC,EAAEb,SAAS,IAIrB,OAHA4uC,EAASE,EAAIA,GACb1C,EAAE2C,EAAIA,EAAID,GACV/C,EAAU1pC,EAAE0sC,GACL,CACT,CAEA,SAASC,EAAuB3sC,EAAGlC,GACjC,OAAO0uC,EAAkBxsC,EAAGlC,EAAG4qC,EACjC,CAOA,SAAS/wC,EAAIosB,EAAG/jB,GACd,IAAID,EAAIwoC,IAAM5oC,EAAI4oC,IAAMz6B,EAAIy6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IACxBjS,EAAIiS,IAAM16B,EAAI06B,IAAM54B,EAAI44B,IAE5BuB,EAAE/pC,EAAGgkB,EAAE,GAAIA,EAAE,IACb+lB,EAAEn6B,EAAG3P,EAAE,GAAIA,EAAE,IACb+pC,EAAEhqC,EAAGA,EAAG4P,GACRivB,EAAEj/B,EAAGokB,EAAE,GAAIA,EAAE,IACb6a,EAAEjvB,EAAG3P,EAAE,GAAIA,EAAE,IACb+pC,EAAEpqC,EAAGA,EAAGgQ,GACRo6B,EAAEj8B,EAAGiW,EAAE,GAAI/jB,EAAE,IACb+pC,EAAEj8B,EAAGA,EAAGg7B,GACRiB,EAAE3vB,EAAG2J,EAAE,GAAI/jB,EAAE,IACb4+B,EAAExkB,EAAGA,EAAGA,GACR0vB,EAAE/zC,EAAG4J,EAAGI,GACR+pC,EAAEzT,EAAGjc,EAAGtM,GACR8wB,EAAEtI,EAAGlc,EAAGtM,GACR8wB,EAAE/wB,EAAGlO,EAAGI,GAERgqC,EAAEhmB,EAAE,GAAIhuB,EAAGsgC,GACX0T,EAAEhmB,EAAE,GAAIlW,EAAGyoB,GACXyT,EAAEhmB,EAAE,GAAIuS,EAAGD,GACX0T,EAAEhmB,EAAE,GAAIhuB,EAAG8X,EACb,CAEA,SAAS++B,EAAM7oB,EAAG/jB,EAAGL,GACnB,IAAIlL,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjBg1C,EAAS1lB,EAAEtvB,GAAIuL,EAAEvL,GAAIkL,EAEzB,CAEA,SAASktC,EAAKxtC,EAAG0kB,GACf,IAAI+oB,EAAKvE,IAAMwE,EAAKxE,IAAMyE,EAAKzE,IAC/BgE,EAASS,EAAIjpB,EAAE,IACfgmB,EAAE+C,EAAI/oB,EAAE,GAAIipB,GACZjD,EAAEgD,EAAIhpB,EAAE,GAAIipB,GACZtD,EAAUrqC,EAAG0tC,GACb1tC,EAAE,KAAOuqC,EAASkD,IAAO,CAC3B,CAEA,SAASG,EAAWlpB,EAAG/jB,EAAGuP,GACxB,IAAI5P,EAAGlL,EAKP,IAJA40C,EAAStlB,EAAE,GAAI4kB,GACfU,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI4kB,GACVl0C,EAAI,IAAKA,GAAK,IAAKA,EAEtBm4C,EAAM7oB,EAAG/jB,EADTL,EAAK4P,EAAG9a,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BkD,EAAIqI,EAAG+jB,GACPpsB,EAAIosB,EAAGA,GACP6oB,EAAM7oB,EAAG/jB,EAAGL,EAEhB,CAEA,SAASutC,EAAWnpB,EAAGxU,GACrB,IAAIvP,EAAI,CAACuoC,IAAMA,IAAMA,IAAMA,KAC3Bc,EAASrpC,EAAE,GAAI+oC,GACfM,EAASrpC,EAAE,GAAIgpC,GACfK,EAASrpC,EAAE,GAAI4oC,GACfmB,EAAE/pC,EAAE,GAAI+oC,EAAGC,GACXiE,EAAWlpB,EAAG/jB,EAAGuP,EACnB,CAEA,SAAS49B,EAAoBC,EAAIC,EAAIC,GACnC,IAAIlzB,EAEA3lB,EADAsvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KAY3B,IATK+E,GAAQ7E,EAAY4E,EAAI,KAC7BjzB,EAAIkuB,EAAK5iC,KAAK2nC,EAAG1vC,SAAS,EAAG,MAC3B,IAAM,IACRyc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8yB,EAAWnpB,EAAG3J,GACdyyB,EAAKO,EAAIrpB,GAEJtvB,EAAI,EAAGA,EAAI,GAAIA,IAAK44C,EAAG54C,EAAE,IAAM24C,EAAG34C,GACvC,OAAO,CACT,CAEA,IAAI84C,EAAI,IAAI/E,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgF,EAAKnuC,EAAGb,GACf,IAAIi6B,EAAOhkC,EAAG4Z,EAAGV,EACjB,IAAKlZ,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAgkC,EAAQ,EACHpqB,EAAI5Z,EAAI,GAAIkZ,EAAIlZ,EAAI,GAAI4Z,EAAIV,IAAKU,EACpC7P,EAAE6P,IAAMoqB,EAAQ,GAAKj6B,EAAE/J,GAAK84C,EAAEl/B,GAAK5Z,EAAI,KACvCgkC,EAAQr7B,KAAKsP,OAAOlO,EAAE6P,GAAK,KAAO,KAClC7P,EAAE6P,IAAc,IAARoqB,EAEVj6B,EAAE6P,IAAMoqB,EACRj6B,EAAE/J,GAAK,EAGT,IADAgkC,EAAQ,EACHpqB,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE6P,IAAMoqB,GAASj6B,EAAE,KAAO,GAAK+uC,EAAEl/B,GACjCoqB,EAAQj6B,EAAE6P,IAAM,EAChB7P,EAAE6P,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK7P,EAAE6P,IAAMoqB,EAAQ8U,EAAEl/B,GAC3C,IAAK5Z,EAAI,EAAGA,EAAI,GAAIA,IAClB+J,EAAE/J,EAAE,IAAM+J,EAAE/J,IAAM,EAClB4K,EAAE5K,GAAY,IAAP+J,EAAE/J,EAEb,CAEA,SAASytB,EAAO7iB,GACd,IAA8B5K,EAA1B+J,EAAI,IAAIgqC,aAAa,IACzB,IAAK/zC,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK4K,EAAE5K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4K,EAAE5K,GAAK,EAChC+4C,EAAKnuC,EAAGb,EACV,CAsCA,SAASivC,EAAUpuC,EAAG0kB,GACpB,IAAIpU,EAAI44B,IAAMmF,EAAMnF,IAAM3P,EAAM2P,IAC5BoF,EAAMpF,IAAMqF,EAAOrF,IAAMsF,EAAOtF,IAChCuF,EAAOvF,IA2BX,OAzBAc,EAAShqC,EAAE,GAAIupC,GACfiB,EAAYxqC,EAAE,GAAI0kB,GAClBqhB,EAAExM,EAAKv5B,EAAE,IACT0qC,EAAE4D,EAAK/U,EAAKkG,GACZgL,EAAElR,EAAKA,EAAKv5B,EAAE,IACdu/B,EAAE+O,EAAKtuC,EAAE,GAAIsuC,GAEbvI,EAAEwI,EAAMD,GACRvI,EAAEyI,EAAMD,GACR7D,EAAE+D,EAAMD,EAAMD,GACd7D,EAAEp6B,EAAGm+B,EAAMlV,GACXmR,EAAEp6B,EAAGA,EAAGg+B,GAnPV,SAAiBpE,EAAG90C,GAClB,IACIsL,EADA+N,EAAIy6B,IAER,IAAKxoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKtL,EAAEsL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBqlC,EAAEt3B,EAAGA,GACI,IAAN/N,GAASgqC,EAAEj8B,EAAGA,EAAGrZ,GAExB,IAAKsL,EAAI,EAAGA,EAAI,GAAIA,IAAKwpC,EAAExpC,GAAK+N,EAAE/N,EACpC,CA4OEguC,CAAQp+B,EAAGA,GACXo6B,EAAEp6B,EAAGA,EAAGipB,GACRmR,EAAEp6B,EAAGA,EAAGg+B,GACR5D,EAAEp6B,EAAGA,EAAGg+B,GACR5D,EAAE1qC,EAAE,GAAIsQ,EAAGg+B,GAEXvI,EAAEsI,EAAKruC,EAAE,IACT0qC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAMmR,EAAE1qC,EAAE,GAAIA,EAAE,GAAIspB,GAEtCyc,EAAEsI,EAAKruC,EAAE,IACT0qC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAc,GAE5BgR,EAASvqC,EAAE,MAAS0kB,EAAE,KAAK,GAAI+lB,EAAEzqC,EAAE,GAAIspC,EAAKtpC,EAAE,IAElD0qC,EAAE1qC,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAII2uC,EAAoB,GAKxB,SAASC,IACP,IAAK,IAAIx5C,EAAI,EAAGA,EAAIy5C,UAAUx7C,OAAQ+B,IACpC,KAAMy5C,UAAUz5C,aAAcJ,YAC5B,MAAM,IAAImvB,UAAU,kCAE1B,CAEA,SAAS2qB,EAAQC,GACf,IAAK,IAAI35C,EAAI,EAAGA,EAAI25C,EAAI17C,OAAQ+B,IAAK25C,EAAI35C,GAAK,CAChD,CAEA6zC,EAAK+F,WAAa,SAASvwC,EAAGimB,GAE5B,GADAkqB,EAAgBnwC,EAAGimB,GApBe,KAqB9BjmB,EAAEpL,OAA0C,MAAUgC,MAAM,cAChE,GAvB4B,KAuBxBqvB,EAAErxB,OAAoC,MAAUgC,MAAM,cAC1D,IAAIsL,EAAI,IAAI3L,WAxBgB,IA0B5B,OADAm4C,EAAkBxsC,EAAGlC,EAAGimB,GACjB/jB,CACT,EAEAsoC,EAAKgG,IAAM,GAEXhG,EAAKgG,IAAIC,QAAU,WACjB,IAnQ0B3uC,EAAGpB,EAmQzB4uC,EAAK,IAAI/4C,WA9BiB,IA+B1Bg5C,EAAK,IAAIh5C,WA9BiB,IAgC9B,OAtQ0BuL,EAqQPwtC,EApQnB3E,EAD6BjqC,EAqQN6uC,EApQR,IACRV,EAAuB/sC,EAAGpB,GAoQ1B,CAACoF,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAKgG,IAAIC,QAAQC,cAAgB,SAAS5nC,GAExC,GADAqnC,EAAgBrnC,GApCc,KAqC1BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAClB,IAAI04C,EAAK,IAAI/4C,WAxCiB,IA0C9B,OADAs4C,EAAuBS,EAAIxmC,GACpB,CAAChD,UAAWwpC,EAAIxmC,UAAW,IAAIvS,WAAWuS,GACnD,EAEA0hC,EAAKmG,KAAO,SAASzX,EAAKpwB,GAExB,GADAqnC,EAAgBjX,EAAKpwB,GA1CU,KA2C3BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAClB,IAAIg6C,EAAY,IAAIr6C,WAAW25C,EAAkBhX,EAAItkC,QAErD,OA5JF,SAAqBi8C,EAAI7vC,EAAGhB,EAAGuvC,GAC7B,IAAIjzB,EAAGvM,EAAGxO,EACN5K,EAAG4Z,EAAG7P,EAAI,IAAIgqC,aAAa,IAC3BzkB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,MAE3BnuB,EAAIkuB,EAAK5iC,KAAK2nC,EAAG1vC,SAAS,EAAG,MAC3B,IAAM,IACRyc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIw0B,EAAQ9wC,EAAI,GAChB,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKk6C,EAAG,GAAKl6C,GAAKqK,EAAErK,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKk6C,EAAG,GAAKl6C,GAAK2lB,EAAE,GAAK3lB,GAO7C,IAJAytB,EADA7iB,EAAIipC,EAAK5iC,KAAKipC,EAAGhxC,SAAS,GAAIixC,KAE9B1B,EAAWnpB,EAAG1kB,GACdwtC,EAAK8B,EAAI5qB,GAEJtvB,EAAI,GAAIA,EAAI,GAAIA,IAAKk6C,EAAGl6C,GAAK44C,EAAG54C,GAIrC,IAFAytB,EADArU,EAAIy6B,EAAK5iC,KAAKipC,EAAGhxC,SAAS,EAAGixC,KAGxBn6C,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK4K,EAAE5K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAK4Z,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE/J,EAAE4Z,IAAMR,EAAEpZ,GAAK2lB,EAAE/L,GAIvBm/B,EAAKmB,EAAGhxC,SAAS,IAAKa,EAExB,CA0HEqwC,CAAYH,EAAW1X,EAAKA,EAAItkC,OAAQkU,GACjC8nC,CACT,EAEApG,EAAKmG,KAAKK,SAAW,SAAS9X,EAAKpwB,GAGjC,IAFA,IAAI8nC,EAAYpG,EAAKmG,KAAKzX,EAAKpwB,GAC3BmoC,EAAM,IAAI16C,WAAW25C,GAChBv5C,EAAI,EAAGA,EAAIs6C,EAAIr8C,OAAQ+B,IAAKs6C,EAAIt6C,GAAKi6C,EAAUj6C,GACxD,OAAOs6C,CACT,EAEAzG,EAAKmG,KAAKK,SAASE,OAAS,SAAShY,EAAK+X,EAAKnrC,GAE7C,GADAqqC,EAAgBjX,EAAK+X,EAAKnrC,GACtBmrC,EAAIr8C,SAAWs7C,EACjB,MAAUt5C,MAAM,sBAClB,GA9D+B,KA8D3BkP,EAAUlR,OACZ,MAAUgC,MAAM,uBAClB,IAEID,EAFAk6C,EAAK,IAAIt6C,WAAW25C,EAAoBhX,EAAItkC,QAC5CoM,EAAI,IAAIzK,WAAW25C,EAAoBhX,EAAItkC,QAE/C,IAAK+B,EAAI,EAAGA,EAAIu5C,EAAmBv5C,IAAKk6C,EAAGl6C,GAAKs6C,EAAIt6C,GACpD,IAAKA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAKk6C,EAAGl6C,EAAEu5C,GAAqBhX,EAAIviC,GAC/D,OAxGF,SAA0BqK,EAAG6vC,EAAI7wC,EAAGsvC,GAClC,IAAI34C,EACwBoZ,EAAxB8B,EAAI,IAAItb,WAAW,IACnB0vB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KACvBvoC,EAAI,CAACuoC,IAAMA,IAAMA,IAAMA,KAE3B,GAAIzqC,EAAI,GAAI,OAAQ,EAEpB,GAAI2vC,EAAUztC,EAAGotC,GAAK,OAAQ,EAE9B,IAAK34C,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAKk6C,EAAGl6C,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqK,EAAErK,EAAE,IAAM24C,EAAG34C,GAUtC,GARAytB,EADArU,EAAIy6B,EAAK5iC,KAAK5G,EAAEnB,SAAS,EAAGG,KAE5BmvC,EAAWlpB,EAAG/jB,EAAG6N,GAEjBq/B,EAAWltC,EAAG2uC,EAAGhxC,SAAS,KAC1BhG,EAAIosB,EAAG/jB,GACP6sC,EAAKl9B,EAAGoU,GAERjmB,GAAK,GACDmrC,EAAiB0F,EAAI,EAAGh/B,EAAG,GAAI,CACjC,IAAKlb,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAK,EAC/B,OAAQ,EAGV,IAAKA,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAKk6C,EAAGl6C,EAAI,IACtC,OAAOqJ,CACT,CA4EUmxC,CAAiBnwC,EAAG6vC,EAAIA,EAAGj8C,OAAQkR,IAAc,CAC3D,EAEA0kC,EAAKmG,KAAKF,QAAU,WAClB,IAAInB,EAAK,IAAI/4C,WAzEkB,IA0E3Bg5C,EAAK,IAAIh5C,WAzEkB,IA2E/B,OADA84C,EAAoBC,EAAIC,GACjB,CAACzpC,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAKmG,KAAKF,QAAQC,cAAgB,SAAS5nC,GAEzC,GADAqnC,EAAgBrnC,GA/Ee,KAgF3BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAElB,IADA,IAAI04C,EAAK,IAAI/4C,WAnFkB,IAoFtBI,EAAI,EAAGA,EAAI24C,EAAG16C,OAAQ+B,IAAK24C,EAAG34C,GAAKmS,EAAU,GAAGnS,GACzD,MAAO,CAACmP,UAAWwpC,EAAIxmC,UAAW,IAAIvS,WAAWuS,GACnD,EAEA0hC,EAAKmG,KAAKF,QAAQW,SAAW,SAASC,GAEpC,GADAlB,EAAgBkB,GAvFU,KAwFtBA,EAAKz8C,OACP,MAAUgC,MAAM,iBAGlB,IAFA,IAAI04C,EAAK,IAAI/4C,WA5FkB,IA6F3Bg5C,EAAK,IAAIh5C,WA5FkB,IA6FtBI,EAAI,EAAGA,EAAI,GAAIA,IAAK44C,EAAG54C,GAAK06C,EAAK16C,GAE1C,OADA04C,EAAoBC,EAAIC,GAAI,GACrB,CAACzpC,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAK8G,QAAU,SAASzzC,GACtB8sC,EAAc9sC,CAChB,EAEA,WAGE,IAAIwU,EAAyB,oBAATk/B,KAAwBA,KAAKl/B,QAAUk/B,KAAKC,SAAY,KAC5E,GAAIn/B,GAAUA,EAAOo/B,gBAAiB,CAGpCjH,EAAK8G,SAAQ,SAAS5wC,EAAGV,GACvB,IAAIrJ,EAAG+0C,EAAI,IAAIn1C,WAAWyJ,GAC1B,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,GAHT,MAIR0b,EAAOo/B,gBAAgB/F,EAAE7rC,SAASlJ,EAAGA,EAAI2I,KAAKoyC,IAAI1xC,EAAIrJ,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK+J,EAAE/J,GAAK+0C,EAAE/0C,GACjC05C,EAAQ3E,gBAEkB,IAAZiG,KAEhBt/B,EAASrc,YACKqc,EAAOu/B,aACnBpH,EAAK8G,SAAQ,SAAS5wC,EAAGV,GACvB,IAAIrJ,EAAG+0C,EAAIr5B,EAAOu/B,YAAY5xC,GAC9B,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK+J,EAAE/J,GAAK+0C,EAAE/0C,GACjC05C,EAAQ3E,KAIf,CA1BD,EA4BC,CAn6BD,CAm6BoCvS,EAAO0Y,QAAU1Y,EAAO0Y,QAAWN,KAAK/G,KAAO+G,KAAK/G,MAAQ,OC34BhG,MAAMpI,GAAap0B,GAAKyE,gBAOjB,SAASq/B,GAAel9C,GAC7B,MAAMmgB,EAAM,IAAIxe,WAAW3B,GAC3B,GAAIwtC,GAAY,CACd,MAAMtnC,EAAQsnC,GAAWwP,YAAY78B,EAAIngB,QACzCmgB,EAAI/d,IAAI8D,OACH,IAAsB,oBAAXuX,SAA0BA,OAAOo/B,gBAGjD,MAAU76C,MAAM,gDAFhByb,OAAOo/B,gBAAgB18B,GAIzB,OAAOA,CACT,CASOpgB,eAAeo9C,GAAoBL,EAAKnyC,GAC7C,MAAMQ,QAAmBiO,GAAKuE,gBAE9B,GAAIhT,EAAIkD,GAAGivC,GACT,MAAU96C,MAAM,uCAGlB,MAAMo7C,EAAUzyC,EAAIqB,IAAI8wC,GAClB52C,EAAQk3C,EAAQj6C,aAMtB,OADU,IAAIgI,QAAiB+xC,GAAeh3C,EAAQ,IAC7CoG,IAAI8wC,GAASn4C,IAAI63C,EAC5B,8FClCO/8C,eAAes9C,GAAoB9/B,EAAMla,EAAG4X,GACjD,MAAM9P,QAAmBiO,GAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GACrB2xC,EAAMnuC,EAAIlB,UAAU,IAAItC,EAAWoS,EAAO,IAC1C+/B,EAAS,IAAInyC,EAAW,IAOxBoyC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE/FnyC,QAAU+xC,GAAoBL,EAAKA,EAAIrvC,UAAUkB,IACvD,IAAI5M,EAAIqJ,EAAEkB,IAAIgxC,GAAQlvC,WAEtB,GACEhD,EAAES,KAAK,IAAIV,EAAWoyC,EAAKx7C,KAC3BA,GAAKA,EAAIw7C,EAAKx7C,IAAMw7C,EAAKv9C,OAErBoL,EAAEqD,YAAc8O,IAClBnS,EAAEe,KAAK2wC,EAAIrvC,UAAUkB,IAAM9C,KAAKixC,GAChC/6C,EAAIqJ,EAAEkB,IAAIgxC,GAAQlvC,yBAENovC,GAAgBpyC,EAAG/H,EAAG4X,IACtC,OAAO7P,CACT,CAUOrL,eAAey9C,GAAgBpyC,EAAG/H,EAAG4X,GAC1C,QAAI5X,IAAM+H,EAAEQ,MAAMmB,IAAI1J,GAAGoJ,mBA8BpB1M,eAA4BqL,GACjC,MAAMD,QAAmBiO,GAAKuE,gBAC9B,OAAO8/B,GAAYC,OAAMtxC,GACa,IAA7BhB,EAAEkB,IAAI,IAAInB,EAAWiB,KAEhC,CAhCauxC,CAAavyC,aAqBnBrL,eAAsBqL,EAAG6B,GAC9B,MAAM9B,QAAmBiO,GAAKuE,gBAE9B,OADA1Q,EAAIA,GAAK,IAAI9B,EAAW,GACjB8B,EAAEV,OAAOnB,EAAEQ,MAAOR,GAAGqB,OAC9B,CAtBamxC,CAAOxyC,YAyJbrL,eAA2BqL,EAAG6P,EAAG4iC,GACtC,MAAM1yC,QAAmBiO,GAAKuE,gBACxB5O,EAAM3D,EAAEqD,YAETwM,IACHA,EAAIvQ,KAAKC,IAAI,EAAIoE,EAAM,GAAM,IAG/B,MAAM+c,EAAK1gB,EAAEQ,MAGb,IAAIiR,EAAI,EACR,MAAQiP,EAAGtd,OAAOqO,IAAMA,IACxB,MAAM6K,EAAItc,EAAEuC,WAAW,IAAIxC,EAAW0R,IAEtC,KAAO5B,EAAI,EAAGA,IAAK,CAGjB,IAKIlZ,EALA+J,GAFM+xC,EAAOA,UAAeV,GAAoB,IAAIhyC,EAAW,GAAI2gB,IAE7Dvf,OAAOmb,EAAGtc,GACpB,IAAIU,EAAEW,UAAWX,EAAE8B,MAAMke,GAAzB,CAKA,IAAK/pB,EAAI,EAAGA,EAAI8a,EAAG9a,IAAK,CAGtB,GAFA+J,EAAIA,EAAEI,IAAIJ,GAAGQ,IAAIlB,GAEbU,EAAEW,QACJ,OAAO,EAET,GAAIX,EAAE8B,MAAMke,GACV,MAIJ,GAAI/pB,IAAM8a,EACR,OAAO,GAIX,OAAO,CACT,CA/LaihC,CAAY1yC,EAAG6P,IAM5B,CAuBA,MAAMwiC,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MC1JtC,MAAMM,GAAe,GAyCd,SAASC,GAAUzlC,EAAS0lC,GACjC,MAAMC,EAAU3lC,EAAQvY,OAExB,GAAIk+C,EAAUD,EAAY,GACxB,MAAUj8C,MAAM,oBAIlB,MAAMm8C,EA7BR,SAAyBn+C,GACvB,MAAMK,EAAS,IAAIsB,WAAW3B,GAC9B,IAAI0iC,EAAQ,EACZ,KAAOA,EAAQ1iC,GAAQ,CACrB,MAAMg9C,EAAcE,GAAel9C,EAAS0iC,GAC5C,IAAK,IAAI3gC,EAAI,EAAGA,EAAIi7C,EAAYh9C,OAAQ+B,IACf,IAAnBi7C,EAAYj7C,KACd1B,EAAOqiC,KAAWsa,EAAYj7C,IAIpC,OAAO1B,CACT,CAiBa+9C,CAAgBH,EAAYC,EAAU,GAG3C79B,EAAU,IAAI1e,WAAWs8C,GAM/B,OAJA59B,EAAQ,GAAK,EACbA,EAAQje,IAAI+7C,EAAI,GAEhB99B,EAAQje,IAAImW,EAAS0lC,EAAYC,GAC1B79B,CACT,CAUO,SAASg+B,GAAUh+B,EAASi+B,GAEjC,IAAInvC,EAAS,EACTovC,EAAoB,EACxB,IAAK,IAAI5iC,EAAIxM,EAAQwM,EAAI0E,EAAQrgB,OAAQ2b,IACvC4iC,GAAoC,IAAfl+B,EAAQ1E,GAC7BxM,GAAUovC,EAGZ,MAAMC,EAAQrvC,EAAS,EACjBsvC,EAAUp+B,EAAQpV,SAASkE,EAAS,GACpCuvC,EAAgC,IAAfr+B,EAAQ,GAA0B,IAAfA,EAAQ,GAAWm+B,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOllC,GAAKuG,iBAAiB++B,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUz8C,MAAM,mBAClB,CAUOjC,eAAe4+C,GAAWlQ,EAAMvN,EAAQ0d,GAC7C,IAAI78C,EACJ,GAAIm/B,EAAOlhC,SAAWgT,GAAK07B,kBAAkBD,GAC3C,MAAUzsC,MAAM,uBAIlB,MAAM68C,EAAa,IAAIl9C,WAAWo8C,GAAatP,GAAMzuC,QACrD,IAAK+B,EAAI,EAAGA,EAAIg8C,GAAatP,GAAMzuC,OAAQ+B,IACzC88C,EAAW98C,GAAKg8C,GAAatP,GAAM1sC,GAGrC,MAAM+8C,EAAOD,EAAW7+C,OAASkhC,EAAOlhC,OACxC,GAAI4+C,EAAQE,EAAO,GACjB,MAAU98C,MAAM,6CAIlB,MAAMm8C,EAAK,IAAIx8C,WAAWi9C,EAAQE,EAAO,GAAGC,KAAK,KAI3CC,EAAK,IAAIr9C,WAAWi9C,GAK1B,OAJAI,EAAG,GAAK,EACRA,EAAG58C,IAAI+7C,EAAI,GACXa,EAAG58C,IAAIy8C,EAAYD,EAAQE,GAC3BE,EAAG58C,IAAI8+B,EAAQ0d,EAAQ1d,EAAOlhC,QACvBg/C,CACT,CAhIAjB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGChBd,MAAMxQ,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBohC,GAAOzR,GAAapsC,eAAqBvB,EAGzCq/C,GAAgB1R,GAAayR,GAAKE,OAAO,iBAAiB,WAC9DvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,kBAAkB0pC,MAC3B1gD,KAAKgX,IAAI,mBAAmB0pC,MAC5B1gD,KAAKgX,IAAI,UAAU0pC,MACnB1gD,KAAKgX,IAAI,UAAU0pC,MACnB1gD,KAAKgX,IAAI,aAAa0pC,MACtB1gD,KAAKgX,IAAI,aAAa0pC,MACtB1gD,KAAKgX,IAAI,eAAe0pC,MAE5B,SAAKz/C,EAEC0/C,GAAe/R,GAAayR,GAAKE,OAAO,iBAAiB,WAC7DvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,kBAAkB0pC,MAE/B,SAAKz/C,yDAgBEE,eAAoBy/C,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGoI,GAC3D,GAAIp4B,IAASsQ,GAAK9X,SAASwH,GACzB,GAAIsQ,GAAKoE,eACP,IACE,aAyPRzd,eAAuB0/C,EAAU32C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAQpD,MAAM4mB,QAyMR3/C,eAA4BqL,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACzC,MAAM3tB,QAAmBiO,GAAKuE,gBACxBgiC,EAAO,IAAIx0C,EAAWkmB,GACtBuuB,EAAO,IAAIz0C,EAAWmC,GACtBuyC,EAAO,IAAI10C,EAAWuc,GAE5B,IAAIo4B,EAAKD,EAAKvzC,IAAIszC,EAAKh0C,OACnBm0C,EAAKF,EAAKvzC,IAAIqzC,EAAK/zC,OAGvB,OAFAm0C,EAAKA,EAAG/wC,eACR8wC,EAAKA,EAAG9wC,eACD,CACLgxC,IAAK,MACL50C,EAAG0V,GAAgB1V,GAAG,GACtB/H,EAAGyd,GAAgBzd,GAAG,GACtBqkB,EAAG5G,GAAgB4G,GAAG,GAEtB2J,EAAGvQ,GAAgBxT,GAAG,GACtBA,EAAGwT,GAAgBuQ,GAAG,GAEtB0uB,GAAIj/B,GAAgBg/B,GAAI,GACxBA,GAAIh/B,GAAgBi/B,GAAI,GACxBE,GAAIn/B,GAAgBgY,GAAG,GACvBonB,KAAK,EAET,CAjOoBC,CAAa/0C,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACxC2V,EAAO,CACXvkC,KAAM,oBACN8I,KAAM,CAAE9I,KAAMu1C,IAEV7pC,QAAY23B,GAAUgC,UAAU,MAAOmQ,EAAKjR,GAAM,EAAO,CAAC,SAChE,OAAO,IAAI9sC,iBAAiB4rC,GAAUwO,KAAK,oBAAqBnmC,EAAK9M,GACvE,CAxQqBs3C,CAAQpgC,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GAAW12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC/E,MAAOunB,GACPjnC,GAAK4D,gBAAgBqjC,QAElB,GAAIjnC,GAAKyE,gBACd,OAqQN9d,eAAwBy/C,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACrD,MAAQlb,QAAS0iC,SAAazhD,gDACxB0hD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAGhzC,GACfmzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMn0C,IAAIk0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMn0C,IAAIi0C,EAAMG,KAAK,IAC1B3E,EAAOvO,GAAWmT,WAAW3gC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC1DzD,EAAKr7C,MAAMoI,GACXizC,EAAKxxC,MACL,MAAMq2C,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAGhzC,GACf2zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,QAA2C,IAAhC0U,GAAW6T,iBAAkC,CACtD,MAAMC,EAAMpC,GAAchjC,OAAO0kC,EAAW,OAC5C,OAAO,IAAIj/C,WAAWo6C,EAAKA,KAAK,CAAEnmC,IAAK0rC,EAAKC,OAAQ,MAAOvoC,KAAM,WAEnE,MAAMwoC,EAAMtC,GAAchjC,OAAO0kC,EAAW,MAAO,CACjDa,MAAO,oBAET,OAAO,IAAI9/C,WAAWo6C,EAAKA,KAAKyF,GAClC,CApSaE,CAASlC,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAGnD,OAsOF/4B,eAAsBy/C,EAAUp0C,EAAGsc,EAAGwZ,GACpC,MAAM/1B,QAAmBiO,GAAKuE,gBAC9BvS,EAAI,IAAID,EAAWC,GACnB,MAAMgB,EAAI,IAAIjB,QAAiBwzC,GAAWa,EAAUte,EAAQ91B,EAAEjI,eAE9D,GADAukB,EAAI,IAAIvc,EAAWuc,GACftb,EAAE4B,IAAI5C,GACR,MAAUpJ,MAAM,2CAElB,OAAOoK,EAAEG,OAAOmb,EAAGtc,GAAG4D,aAAa,KAAM5D,EAAEjI,aAC7C,CA/OSw+C,CAAOnC,EAAUp0C,EAAGsc,EAAGwZ,EAChC,SAaOnhC,eAAsBy/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,EAAG69B,GACpD,GAAIp4B,IAASsQ,GAAK9X,SAASwH,GACzB,GAAIsQ,GAAKoE,eACP,IACE,aA8RRzd,eAAyB0/C,EAAU32C,EAAM+T,EAAGzR,EAAG/H,GAC7C,MAAMq8C,EAiLR,SAAqBt0C,EAAG/H,GACtB,MAAO,CACL28C,IAAK,MACL50C,EAAG0V,GAAgB1V,GAAG,GACtB/H,EAAGyd,GAAgBzd,GAAG,GACtB68C,KAAK,EAET,CAxLc0B,CAAYx2C,EAAG/H,GACrBuS,QAAY23B,GAAUgC,UAAU,MAAOmQ,EAAK,CAChDx1C,KAAM,oBACN8I,KAAM,CAAE9I,KAAOu1C,KACd,EAAO,CAAC,WACX,OAAOlS,GAAU+O,OAAO,oBAAqB1mC,EAAKiH,EAAG/T,EACvD,CArSqB+4C,CAAU7hC,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GAAW12C,EAAM+T,EAAGzR,EAAG/H,GACxE,MAAOg9C,GACPjnC,GAAK4D,gBAAgBqjC,QAElB,GAAIjnC,GAAKyE,gBACd,OAkSN9d,eAA0By/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAC9C,MAAQua,QAAS0iC,SAAazhD,gDAExBy9C,EAAS9O,GAAWsU,aAAa9hC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC9DlD,EAAO57C,MAAMoI,GACbwzC,EAAO/xC,MACP,MAAMq2C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADI2pC,GAAarjC,OAAO0kC,EAAW,OACzBW,OAAQ,MAAOvoC,KAAM,cAEvCpD,EAAM2pC,GAAarjC,OAAO0kC,EAAW,MAAO,CAC1Ca,MAAO,mBAGX,IACE,aAAanF,EAAOA,OAAO1mC,EAAKiH,GAChC,MAAOwjC,GACP,OAAO,EAEX,CA1Ta0B,CAAWvC,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAG5C,OAyQFtD,eAAwBy/C,EAAU3iC,EAAGzR,EAAG/H,EAAG69B,GACzC,MAAM/1B,QAAmBiO,GAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnByR,EAAI,IAAI1R,EAAW0R,GACnBxZ,EAAI,IAAI8H,EAAW9H,GACfwZ,EAAE7O,IAAI5C,GACR,MAAUpJ,MAAM,6CAElB,MAAMggD,EAAMnlC,EAAEtQ,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,cAC1C8+C,QAAYtD,GAAWa,EAAUte,EAAQ91B,EAAEjI,cACjD,OAAOiW,GAAKqD,iBAAiBulC,EAAKC,EACpC,CApRSC,CAAS1C,EAAU3iC,EAAGzR,EAAG/H,EAAG69B,EACrC,UAUOnhC,eAAuB+I,EAAMsC,EAAG/H,GACrC,OAAI+V,GAAKyE,gBA6SX9d,eAA2B+I,EAAMsC,EAAG/H,GAClC,MAAQua,QAAS0iC,SAAazhD,gDAExB+hD,EAAY,CAChBxD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADI2pC,GAAarjC,OAAO0kC,EAAW,OACzBW,OAAQ,MAAOvoC,KAAM,QAASoX,QAASod,GAAW2U,UAAUC,uBACzE,CAILxsC,EAAM,CAAEA,IAHI2pC,GAAarjC,OAAO0kC,EAAW,MAAO,CAChDa,MAAO,mBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,OAAO,IAAIzgD,WAAW6rC,GAAW6U,cAAczsC,EAAK9M,GACtD,CA9TWsmC,CAAYtmC,EAAMsC,EAAG/H,GAgUhCtD,eAAyB+I,EAAMsC,EAAG/H,GAChC,MAAM8H,QAAmBiO,GAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnBtC,EAAO,IAAIqC,EAAW6yC,GAAUl1C,EAAMsC,EAAEjI,eACxCE,EAAI,IAAI8H,EAAW9H,GACfyF,EAAKkF,IAAI5C,GACX,MAAUpJ,MAAM,2CAElB,OAAO8G,EAAKyD,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,aAChD,CAvUSm/C,CAAUx5C,EAAMsC,EAAG/H,EAC5B,UAiBOtD,eAAuB+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAIpD,GAAIllC,GAAKyE,kBAAoBygC,EAC3B,IACE,aAiTNv+C,eAA2B+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC9C,MAAQlb,QAAS0iC,SAAazhD,gDAExB0hD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAGhzC,GACfmzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMn0C,IAAIk0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMn0C,IAAIi0C,EAAMG,KAAK,IAC1BE,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAGhzC,GACf2zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,IAAIljB,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADIspC,GAAchjC,OAAO0kC,EAAW,OAC1BW,OAAQ,MAAQvoC,KAAM,QAASoX,QAASod,GAAW2U,UAAUC,uBAC1E,CAILxsC,EAAM,CAAEA,IAHIspC,GAAchjC,OAAO0kC,EAAW,MAAO,CACjDa,MAAO,oBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,IACE,OAAO,IAAIzgD,WAAW6rC,GAAW+U,eAAe3sC,EAAK9M,IACrD,MAAOu3C,GACP,MAAUr+C,MAAM,oBAEpB,CArVmBquC,CAAYvnC,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC9C,MAAOunB,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,OAkVFtgD,eAAyB+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAC/C,MAAMnzC,QAAmBiO,GAAKuE,gBAQ9B,GAPA7U,EAAO,IAAIqC,EAAWrC,GACtBsC,EAAI,IAAID,EAAWC,GACnB/H,EAAI,IAAI8H,EAAW9H,GACnBqkB,EAAI,IAAIvc,EAAWuc,GACnB2J,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBwrB,EAAI,IAAI3tB,EAAW2tB,GACfhwB,EAAKkF,IAAI5C,GACX,MAAUpJ,MAAM,mBAElB,MAAM89C,EAAKp4B,EAAEpb,IAAIgB,EAAE1B,OACbm0C,EAAKr4B,EAAEpb,IAAI+kB,EAAEzlB,OAEb42C,SAAmBrF,GAAoB,IAAIhyC,EAAW,GAAIC,IAAIkB,IAAIlB,GAClEq3C,EAAUD,EAAU11C,OAAO1B,GAAGmB,OAAOlJ,EAAG+H,GAC9CtC,EAAOA,EAAKoD,IAAIu2C,GAASn2C,IAAIlB,GAG7B,MAAMs3C,EAAK55C,EAAKyD,OAAOwzC,EAAI1uB,GACrBsxB,EAAK75C,EAAKyD,OAAOuzC,EAAIxyC,GACrB6N,EAAI2d,EAAE5sB,IAAIy2C,EAAG32C,IAAI02C,IAAKp2C,IAAIgB,GAEhC,IAAIjN,EAAS8a,EAAEjP,IAAImlB,GAAGpsB,IAAIy9C,GAK1B,OAHAriD,EAASA,EAAO6L,IAAIs2C,GAAWl2C,IAAIlB,GAG5BizC,GAAUh+C,EAAO2O,aAAa,KAAM5D,EAAEjI,cAAem7C,EAC9D,CAhXSsE,CAAU95C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,EAC3C,WAeOv+C,eAAwBwd,EAAMla,GAMnC,GAHAA,EAAI,UAFqB+V,GAAKuE,iBAEXta,GAGf+V,GAAKoE,eAAgB,CACvB,MAAMqlC,EAAY,CAChB34C,KAAM,oBACN44C,cAAevlC,EACfujC,eAAgBz9C,EAAE2L,eAClBgE,KAAM,CACJ9I,KAAM,UAGJ2xC,QAAgBtO,GAAUwV,YAAYF,GAAW,EAAM,CAAC,OAAQ,WAIhEnD,QAAYnS,GAAUyV,UAAU,MAAOnH,EAAQrjC,YAErD,MAAO,CACLpN,EAAGuV,GAAgB++B,EAAIt0C,GACvB/H,EAAGA,EAAE2L,eACL0Y,EAAG/G,GAAgB++B,EAAIh4B,GAEvB2J,EAAG1Q,GAAgB++B,EAAIpyC,GACvBA,EAAGqT,GAAgB++B,EAAIruB,GAEvByH,EAAGnY,GAAgB++B,EAAIO,KAEpB,GAAI7mC,GAAKyE,iBAAmB2vB,GAAWyV,iBAAmB/D,GAAe,CAC9E,MAAMgE,EAAO,CACXJ,cAAevlC,EACfujC,eAAgBz9C,EAAE+K,WAClB+0C,kBAAmB,CAAEnqC,KAAM,QAASuoC,OAAQ,OAC5C6B,mBAAoB,CAAEpqC,KAAM,QAASuoC,OAAQ,QAEzC8B,QAAY,IAAIxkD,SAAQ,CAACC,EAASC,KACtCyuC,GAAWyV,gBAAgB,MAAOC,GAAM,CAAC7C,EAAKiD,EAAGhC,KAC3CjB,EACFthD,EAAOshD,GAEPvhD,EAAQogD,GAAc5iC,OAAOglC,EAAK,UAEpC,IAOJ,MAAO,CACLl2C,EAAGi4C,EAAIjG,QAAQmG,YAAY5hD,YAC3B0B,EAAGggD,EAAIvC,eAAeyC,YAAY5hD,YAClC+lB,EAAG27B,EAAItC,gBAAgBwC,YAAY5hD,YAEnC0vB,EAAGgyB,EAAIpC,OAAOsC,YAAY5hD,YAC1B2L,EAAG+1C,EAAIrC,OAAOuC,YAAY5hD,YAE1Bm3B,EAAGuqB,EAAIjC,YAAYmC,YAAY5hD,aAOnC,IAAI0vB,EACA/jB,EACAlC,EACJ,GACEkC,QAAU+vC,GAAoB9/B,GAAQA,GAAQ,GAAIla,EAAG,IACrDguB,QAAUgsB,GAAoB9/B,GAAQ,EAAGla,EAAG,IAC5C+H,EAAIimB,EAAEnlB,IAAIoB,SACHlC,EAAEqD,cAAgB8O,GAE3B,MAAMimC,EAAMnyB,EAAEzlB,MAAMK,KAAKqB,EAAE1B,OAM3B,OAJI0B,EAAEO,GAAGwjB,MACNA,EAAG/jB,GAAK,CAACA,EAAG+jB,IAGR,CACLjmB,EAAGA,EAAE4D,eACL3L,EAAGA,EAAE2L,eACL0Y,EAAGrkB,EAAEyJ,OAAO02C,GAAKx0C,eACjBqiB,EAAGA,EAAEriB,eACL1B,EAAGA,EAAE0B,eAGL8pB,EAAGzH,EAAEvkB,OAAOQ,GAAG0B,eAEnB,iBAaOjP,eAA8BqL,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAClD,MAAM3tB,QAAmBiO,GAAKuE,gBAM9B,GALAvS,EAAI,IAAID,EAAWC,GACnBimB,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,IAGd+jB,EAAEnlB,IAAIoB,GAAGM,MAAMxC,GAClB,OAAO,EAGT,MAAMqmC,EAAM,IAAItmC,EAAW,GAG3B,GADA2tB,EAAI,IAAI3tB,EAAW2tB,IACdzH,EAAEnlB,IAAI4sB,GAAGxsB,IAAIgB,GAAGb,QACnB,OAAO,EAGTpJ,EAAI,IAAI8H,EAAW9H,GACnBqkB,EAAI,IAAIvc,EAAWuc,GAQnB,MAAM+7B,EAAa,IAAIt4C,EAAWT,KAAKsP,MAAM5O,EAAEqD,YAAc,IACvD9B,QAAUwwC,GAAoB1L,EAAKA,EAAIhkC,UAAUg2C,IACjDC,EAAM/2C,EAAET,IAAIwb,GAAGxb,IAAI7I,GAGzB,SADoBqgD,EAAIp3C,IAAI+kB,EAAEzlB,OAAOgC,MAAMjB,KAAM+2C,EAAIp3C,IAAIgB,EAAE1B,OAAOgC,MAAMjB,GAM1E,8DCjRO5M,eAAuB+I,EAAMuoB,EAAGuS,EAAG12B,GACxC,MAAM/B,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnBuS,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEnB,MACMd,EAAI,IAAIjB,EADC6yC,GAAUl1C,EAAMuoB,EAAEluB,eAK3B8X,QAAUkiC,GAAoB,IAAIhyC,EAAW,GAAIkmB,EAAEzlB,OACzD,MAAO,CACL4gB,GAAIoX,EAAEr3B,OAAO0O,EAAGoW,GAAGriB,eACnByd,GAAIvf,EAAEX,OAAO0O,EAAGoW,GAAGplB,KAAKG,GAAGD,KAAKklB,GAAGriB,eAEvC,UAcOjP,eAAuBysB,EAAIC,EAAI4E,EAAGvlB,EAAGwyC,GAC1C,MAAMnzC,QAAmBiO,GAAKuE,gBAO9B,OANA6O,EAAK,IAAIrhB,EAAWqhB,GACpBC,EAAK,IAAIthB,EAAWshB,GACpB4E,EAAI,IAAIlmB,EAAWkmB,GACnBvlB,EAAI,IAAIX,EAAWW,GAGZuyC,GADQ7xB,EAAGjgB,OAAOT,EAAGulB,GAAGvkB,OAAOukB,GAAGplB,KAAKwgB,GAAItgB,KAAKklB,GAC/BriB,aAAa,KAAMqiB,EAAEluB,cAAem7C,EAC9D,iBAWOv+C,eAA8BsxB,EAAGuS,EAAG12B,EAAGpB,GAC5C,MAAMX,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnBuS,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIy4B,EAAE91B,IAAIa,IAAQi1B,EAAE51B,IAAIqjB,GACtB,OAAO,EAIT,MAAMsyB,EAAQ,IAAIx4C,EAAWkmB,EAAE5iB,aACzBm1C,EAAQ,IAAIz4C,EAAW,MAC7B,GAAIw4C,EAAM91C,GAAG+1C,GACX,OAAO,EAOT,IAAKhgB,EAAEr3B,OAAO8kB,EAAEzlB,MAAOylB,GAAG5kB,QACxB,OAAO,EAST,IAAI0B,EAAMy1B,EACV,MAAM7hC,EAAI,IAAIoJ,EAAW,GACnB04C,EAAY,IAAI14C,EAAW,GAAGsC,UAAU,IAAItC,EAAW,KAC7D,KAAOpJ,EAAE8L,GAAGg2C,IAAY,CAEtB,GADA11C,EAAMA,EAAIjC,IAAI03B,GAAGz3B,KAAKklB,GAClBljB,EAAI1B,QACN,OAAO,EAET1K,EAAE0J,OASJK,EAAI,IAAIX,EAAWW,GACnB,MAAM2lC,EAAM,IAAItmC,EAAW,GACrBwB,QAAUwwC,GAAoB1L,EAAIhkC,UAAUk2C,EAAM/3C,OAAQ6lC,EAAIhkC,UAAUk2C,IACxEG,EAAMzyB,EAAEzlB,MAAMK,KAAKU,GAAGd,KAAKC,GACjC,QAAKoB,EAAEU,MAAMg2B,EAAEr3B,OAAOu3C,EAAKzyB,GAK7B,IC5GA,MAAM0yB,GACJrlD,YAAYslD,GACV,GAAIA,aAAeD,GACjBnlD,KAAKolD,IAAMA,EAAIA,SACV,GAAI5qC,GAAKha,QAAQ4kD,IACb5qC,GAAK1X,aAAasiD,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIriD,WAAWqiD,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAIhkD,OAAS,EAC1B,MAAUgC,MAAM,sCAElBgiD,EAAMA,EAAI/4C,SAAS,GAErBrM,KAAKolD,IAAMA,OAEXplD,KAAKolD,IAAM,GASflkD,KAAKZ,GACH,GAAIA,EAAMc,QAAU,EAAG,CACrB,MAAMA,EAASd,EAAM,GACrB,GAAIA,EAAMc,QAAU,EAAIA,EAEtB,OADApB,KAAKolD,IAAM9kD,EAAM+L,SAAS,EAAG,EAAIjL,GAC1B,EAAIpB,KAAKolD,IAAIhkD,OAGxB,MAAUgC,MAAM,eAOlBtB,QACE,OAAO0Y,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKolD,IAAIhkD,SAAUpB,KAAKolD,MAOxE19B,QACE,OAAOlN,GAAK8B,gBAAgBtc,KAAKolD,KAOnCC,UACE,MAAM54C,EAAMzM,KAAK0nB,QACjB,GAAItG,GAAMxQ,MAAMnE,GACd,OAAO2U,GAAMtf,MAAMsf,GAAMxQ,MAAOnE,GAEhC,MAAUrJ,MAAM,qCCzEf,SAASkiD,GAAeC,EAAcC,GAE3C,OADgBD,EAAatI,QAAQ,CAAEuI,KAAMA,GAE/C,CAEO,SAASC,GAAcF,EAAcG,GAC1C,MAAMzI,EAAUsI,EAAatI,QAAQ,CAAEyI,IAAKA,IAC5C,IAAkC,IAA9BzI,EAAQ0I,WAAWlkD,OACrB,MAAU2B,MAAM,+BAElB,OAAO65C,CACT,CAEO97C,eAAeykD,GAAgBt6C,GACpC,IAAKwZ,GAAOV,mBACV,MAAUhhB,MAAM,gEAElB,MAAQ4b,QAAS6mC,SAAmB5lD,gDACpC,OAAO,IAAI4lD,EAASC,GAAGx6C,EACzB,CCjBO,SAASy6C,GAAiBz+C,GAC/B,IACIiJ,EADAJ,EAAM,EAEV,MAAMiK,EAAO9S,EAAM,GAcnB,OAXI8S,EAAO,MACRjK,GAAO7I,EACRiJ,EAAS,GACA6J,EAAO,KAChBjK,GAAQ7I,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CiJ,EAAS,GACS,MAAT6J,IACTjK,EAAMqK,GAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IACxCkE,EAAS,GAGJ,CACLJ,IAAKA,EACLI,OAAQA,EAEZ,CASO,SAASy1C,GAAkB5kD,GAChC,OAAIA,EAAS,IACJ,IAAI2B,WAAW,CAAC3B,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAI2B,WAAW,CAAyB,KAAtB3B,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEoZ,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOyX,GAAKM,YAAY1Z,EAAQ,IAChF,CAEO,SAAS6kD,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAU9iD,MAAM,iDAElB,OAAO,IAAIL,WAAW,CAAC,IAAMmjD,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIrjD,WAAW,CAAC,IAAOqjD,GAChC,CAUO,SAASC,GAAYD,EAAUhlD,GAEpC,OAAOoZ,GAAKxX,iBAAiB,CAACmjD,GAASC,GAAWJ,GAAkB5kD,IACtE,CAOO,SAASklD,GAAkB5lC,GAChC,MAAO,CACLU,GAAMnM,OAAOU,YACbyL,GAAMnM,OAAOO,eACb4L,GAAMnM,OAAOQ,2BACb2L,GAAMnM,OAAOe,mCACboL,GAAMnM,OAAOiB,mBACb2L,SAASnB,EACb,CASOvf,eAAeolD,GAAYjmD,EAAO+E,GACvC,MAAMM,EAASihB,EAAiBtmB,GAChC,IAAII,EACA8lD,EACJ,IACE,MAAMC,QAAoB9gD,EAAO0B,UAAU,GAE3C,IAAKo/C,GAAeA,EAAYrlD,OAAS,GAAiC,IAAV,IAAjBqlD,EAAY,IACzD,MAAUrjD,MAAM,iGAElB,MAAMsjD,QAAmB/gD,EAAOoB,WAChC,IAEI4/C,EAOAC,EATAlmC,GAAO,EACPiiC,GAAU,EAGdA,EAAS,EACmB,IAAV,GAAb+D,KACH/D,EAAS,GAIPA,EAEFjiC,EAAmB,GAAbgmC,GAGNhmC,GAAoB,GAAbgmC,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BP,GAAkB5lC,GAClD,IAiBIomC,EAjBA7xC,EAAS,KACb,GAAI4xC,EAAyB,CAC3B,GAA6B,UAAzBrsC,GAAK9X,SAASpC,GAAoB,CACpC,MAAMgM,EAAc,IAAIy6C,EACxBrmD,EAASmmB,EAAiBva,GAC1B2I,EAAS3I,MACJ,CACL,MAAM/D,EAAY,IAAIy+C,EACtBtmD,EAASmmB,EAAiBte,EAAUM,UACpCoM,EAAS1M,EAAUK,SAGrB49C,EAAmBnhD,EAAS,CAAEqb,MAAKzL,gBAEnCA,EAAS,GAIX,EAAG,CACD,GAAK0tC,EAiCE,CAEL,MAAMsE,QAAmBthD,EAAOoB,WAEhC,GADA+/C,GAAmB,EACfG,EAAa,IACfN,EAAeM,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CN,GAAiBM,EAAa,KAAQ,SAAYthD,EAAOoB,WAAc,SAElE,GAAIkgD,EAAa,KAAOA,EAAa,KAG1C,GAFAN,EAAe,IAAmB,GAAbM,GACrBH,GAAmB,GACdD,EACH,MAAM,IAAI30B,UAAU,2DAItBy0B,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,gBAlDtB,OAAQ6/C,GACN,KAAK,EAGHD,QAAqBhhD,EAAOoB,WAC5B,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,QAAWpB,EAAOoB,WAC7D,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,WACpB,MACF,QAWE4/C,EAAe/6C,IAyBrB,GAAI+6C,EAAe,EAAG,CACpB,IAAI96C,EAAY,EAChB,OAAa,CACPnL,SAAcA,EAAO2I,MACzB,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACR,GAAIqlD,IAAiB/6C,IAAU,MAC/B,MAAUxI,MAAM,4BAElB,MAAMrB,EAAQ4kD,IAAiB/6C,IAAWvK,EAAQA,EAAMgL,SAAS,EAAGs6C,EAAe96C,GAInF,GAHInL,QAAcA,EAAOoB,MAAMC,GAC1BkT,EAAOpT,KAAKE,GACjB8J,GAAaxK,EAAMD,OACfyK,GAAa86C,EAAc,CAC7BhhD,EAAOmB,QAAQzF,EAAMgL,SAASs6C,EAAe96C,EAAYxK,EAAMD,SAC/D,eAIC0lD,GAiCT,MAAMI,QAAmBvhD,EAAO0B,UAAUw/C,EAA0Bj7C,IAAW,GAS/E,OARIlL,SACIA,EAAO2I,YACP3I,EAAOsB,UAEbiT,EAASuF,GAAKxX,iBAAiBiS,SAEzB5P,EAAS,CAAEqb,MAAKzL,aAEhBiyC,IAAeA,EAAW9lD,OAClC,MAAOqD,GACP,GAAI/D,EAEF,aADMA,EAAOuB,MAAMwC,IACZ,EAEP,MAAMA,UAGJ/D,SACI8lD,EAER7gD,EAAO/E,cAEX,CAEO,MAAMumD,WAAyB/jD,MACpCtD,eAAesnD,GACbrnD,SAASqnD,GAELhkD,MAAMikD,mBACRjkD,MAAMikD,kBAAkBrnD,KAAMmnD,IAGhCnnD,KAAKsL,KAAO,oBAIT,MAAMg8C,GACXxnD,YAAY4gB,EAAK6mC,GACfvnD,KAAK0gB,IAAMA,EACX1gB,KAAKunD,WAAaA,EAGpBzlD,QACE,OAAO9B,KAAKunD,YC9RhB,MAAM5Y,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAElBuoC,GAAY,CAChB32C,KAAQ,QACRG,KAAQ,QACRE,KAAQ,SAEJu2C,GAAc7Y,GAAaA,GAAW8Y,YAAc,GACpDC,GAAa/Y,GAAa,CAC9Bx9B,UAAWq2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EAC7D4P,KAAM42C,GAAY5lC,SAAS,cAAgB,kBAAe5gB,EAC1D+P,KAAMy2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EACxDiQ,KAAMu2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EACxDsQ,QAASk2C,GAAY5lC,SAAS,WAAa,eAAY5gB,EACvD2Q,WAAY61C,GAAY5lC,SAAS,UAAY,cAAW5gB,EACxD6Q,gBAAiB21C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,EAC/E8Q,gBAAiB01C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,EAC/E+Q,gBAAiBy1C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,GAC7E,GAEE2mD,GAAS,CACb/2C,KAAM,CACJu0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5DyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAW92C,KACjBk3C,IAAKP,GAAU32C,KACfm3C,YAAa,GACbC,WAAY,KAEdj3C,KAAM,CACJo0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKK,OACjByZ,OAAQ9M,GAAM/N,UAAUO,OACxBk0C,KAAMH,GAAW32C,KACjB+2C,IAAKP,GAAUx2C,KACfg3C,YAAa,GACbC,WAAY,KAEd/2C,KAAM,CACJk0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKM,OACjBwZ,OAAQ9M,GAAM/N,UAAUQ,OACxBi0C,KAAMH,GAAWz2C,KACjB62C,IAAKP,GAAUt2C,KACf82C,YAAa,GACbC,WAAY,KAEd72C,UAAW,CACTg0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAWv2C,UACjB42C,YAAa,IAEfz2C,QAAS,CACP6zC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClEyC,QAASzmC,GAAM9O,UAAUQ,YACzBsB,KAAMgN,GAAMhN,KAAKM,OACjBozC,MAAM,EACNE,YAAa,IAEfp2C,WAAY,CACVwzC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxEyC,QAASzmC,GAAM9O,UAAUM,KACzBwB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,MAAM,EACNE,YAAa,IAEfl2C,gBAAiB,CACfszC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAW71C,gBACjBk2C,YAAa,IAEfj2C,gBAAiB,CACfqzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKK,OACjByZ,OAAQ9M,GAAM/N,UAAUO,OACxBk0C,KAAMH,GAAW51C,gBACjBi2C,YAAa,IAEfh2C,gBAAiB,CACfozC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKM,OACjBwZ,OAAQ9M,GAAM/N,UAAUQ,OACxBi0C,KAAMH,GAAW31C,gBACjBg2C,YAAa,KAIjB,MAAME,GACJpoD,YAAYqoD,EAAWf,GACrB,KACM5sC,GAAKha,QAAQ2nD,IACb3tC,GAAK1X,aAAaqlD,MAEpBA,EAAY,IAAIhD,GAAIgD,IAElBA,aAAqBhD,KAEvBgD,EAAYA,EAAU9C,WAGxBrlD,KAAKsL,KAAO8V,GAAMtf,MAAMsf,GAAMxQ,MAAOu3C,GACrC,MAAO1G,GACP,MAAM,IAAI0F,GAAiB,iBAE7BC,EAASA,GAAUQ,GAAO5nD,KAAKsL,MAE/BtL,KAAK6nD,QAAUT,EAAOS,QAEtB7nD,KAAKolD,IAAMgC,EAAOhC,IAClBplD,KAAKoU,KAAOgzC,EAAOhzC,KACnBpU,KAAKkuB,OAASk5B,EAAOl5B,OACrBluB,KAAK8nD,KAAOV,EAAOU,MAAQF,GAAO5nD,KAAKsL,MACvCtL,KAAK+nD,IAAMX,EAAOW,KAAOH,GAAO5nD,KAAKsL,MACrCtL,KAAKgoD,YAAcZ,EAAOY,YACtBhoD,KAAK+nD,KAAOvtC,GAAKoE,eACnB5e,KAAKoa,KAAO,MACHpa,KAAK8nD,MAAQttC,GAAKyE,gBAC3Bjf,KAAKoa,KAAO,OACW,eAAdpa,KAAKsL,KACdtL,KAAKoa,KAAO,aACW,YAAdpa,KAAKsL,OACdtL,KAAKoa,KAAO,WAIhBjZ,mBACE,IAAI87C,EACJ,OAAQj9C,KAAKoa,MACX,IAAK,MACH,IACE,aAiIVjZ,eAA6BmK,GAE3B,MAAM88C,QAAqBzZ,GAAUwV,YAAY,CAAE74C,KAAM,QAAS+8C,WAAYb,GAAUl8C,KAAS,EAAM,CAAC,OAAQ,WAE1GsO,QAAmB+0B,GAAUyV,UAAU,MAAOgE,EAAaxuC,YAC3DtH,QAAkBq8B,GAAUyV,UAAU,MAAOgE,EAAa91C,WAEhE,MAAO,CACLA,UAAWg2C,GAAeh2C,GAC1BsH,WAAYmI,GAAgBnI,EAAWkP,GAE3C,CA5IuBy/B,CAAcvoD,KAAKsL,MAChC,MAAOm2C,GACPjnC,GAAK4D,gBAAgB,6CAA+CqjC,EAAI9nC,SACxE,MAEJ,IAAK,OACH,OAwIRxY,eAA8BmK,GAE5B,MAAMsH,EAAOg8B,GAAW4Z,WAAWb,GAAWr8C,IAE9C,aADMsH,EAAK61C,eACJ,CACLn2C,UAAW,IAAIvP,WAAW6P,EAAK81C,gBAC/B9uC,WAAY,IAAI7W,WAAW6P,EAAK+1C,iBAEpC,CAhJeC,CAAe5oD,KAAKsL,MAC7B,IAAK,aAAc,CACjB,MAAMsO,EAAa0kC,GAAe,IAClC1kC,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAClB,MAAMtE,EAAYsE,EAAWlY,QAAQ+O,UACrCwsC,EAAUjG,GAAKgG,IAAIC,QAAQC,cAAc5nC,GAEzC,MAAO,CAAEhD,UADSkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQk6C,EAAQ3qC,YACrDsH,cAEtB,IAAK,UAAW,CACd,MAAMA,EAAa0kC,GAAe,IAC5BrB,EAAUjG,GAAKmG,KAAKF,QAAQW,SAAShkC,GAE3C,MAAO,CAAEtH,UADSkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQk6C,EAAQ3qC,YACrDsH,eAGxB,MAAM2rC,QAAqBK,GAAgB5lD,KAAKsL,MAIhD,OAHA2xC,QAAgBsI,EAAasD,WAAW,CACtCC,QAAStuC,GAAKqC,mBAAmByhC,GAAe,OAE3C,CAAEhsC,UAAW,IAAIvP,WAAWk6C,EAAQ8L,UAAU,SAAS,IAASnvC,WAAYqjC,EAAQ+L,aAAarE,YAAY5hD,cAuCxH5B,eAAe8nD,GAAuBpZ,EAAMuV,EAAK8D,EAAGpgC,GAClD,MAAMqgC,EAAkB,CACtBt4C,MAAM,EACNG,MAAM,EACNE,MAAM,EACNE,WAAW,EACXQ,WAAYi+B,IAASzuB,GAAM9O,UAAUM,KACrCd,iBAAiB,EACjBC,iBAAiB,EACjBC,iBAAiB,GAIbo3C,EAAYhE,EAAIC,UACtB,IAAK8D,EAAgBC,GACnB,OAAO,EAGT,GAAkB,eAAdA,EAA4B,CAC9BtgC,EAAIA,EAAEpnB,QAAQ+O,UAEd,MAAM6B,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAcp0B,GAErDogC,EAAI,IAAInmD,WAAWmmD,GACnB,MAAMG,EAAK,IAAItmD,WAAW,CAAC,MAASuP,IACpC,QAAKkI,GAAKqD,iBAAiBwrC,EAAIH,GAOjC,MAAMt4C,QAAcg1C,GAAgBwD,GACpC,IAEEF,EAAIzD,GAAc70C,EAAOs4C,GAAGH,YAC5B,MAAOO,GACP,OAAO,EAQT,QADWhE,GAAe10C,EAAOkY,GAAGigC,YAC5BQ,GAAGL,EAKb,CA+CA,SAASZ,GAAexH,GACtB,MAAM0I,EAAOznC,GAAgB++B,EAAI5zC,GAC3Bu8C,EAAO1nC,GAAgB++B,EAAIxyC,GAC3BgE,EAAY,IAAIvP,WAAWymD,EAAKpoD,OAASqoD,EAAKroD,OAAS,GAI7D,OAHAkR,EAAU,GAAK,EACfA,EAAU9O,IAAIgmD,EAAM,GACpBl3C,EAAU9O,IAAIimD,EAAMD,EAAKpoD,OAAS,GAC3BkR,CACT,CASA,SAASo3C,GAAe1B,EAAa18C,EAAMgH,GACzC,MAAMnC,EAAM63C,EACNwB,EAAOl3C,EAAU5Q,MAAM,EAAGyO,EAAM,GAChCs5C,EAAOn3C,EAAU5Q,MAAMyO,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVixC,IAAK,KACLuI,IAAKr+C,EACL4B,EAAGgV,GAAgBsnC,GAAM,GACzBl7C,EAAG4T,GAAgBunC,GAAM,GACzBnI,KAAK,EAGT,CAUA,SAASC,GAAayG,EAAa18C,EAAMgH,EAAWsH,GAClD,MAAMknC,EAAM4I,GAAe1B,EAAa18C,EAAMgH,GAE9C,OADAwuC,EAAIh4B,EAAI5G,GAAgBtI,GAAY,GAC7BknC,CACT,CCjWA,MAAMnS,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAgBjB9d,eAAeg8C,GAAKiI,EAAKxE,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACxE,MAAM1xB,EAAQ,IAAIs3C,GAAa9C,GAC/B,GAAIzrC,IAAYa,GAAK9X,SAASiX,GAAU,CACtC,MAAMsjC,EAAU,CAAE3qC,YAAWsH,cAC7B,OAAQhJ,EAAMwJ,MACZ,IAAK,MAEH,IAEE,aAwHVjZ,eAAuByP,EAAOgwC,EAAUjnC,EAASsjC,GAC/C,MAAM9sC,EAAMS,EAAMo3C,YACZlH,EAAMS,GAAa3wC,EAAMo3C,YAAaR,GAAU52C,EAAMtF,MAAO2xC,EAAQ3qC,UAAW2qC,EAAQrjC,YACxF5C,QAAY23B,GAAUgC,UAC1B,MACAmQ,EACA,CACEx1C,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAAShE,EAAMwD,SAElD,EACA,CAAC,SAGGe,EAAY,IAAIpS,iBAAiB4rC,GAAUwO,KAC/C,CACE7xC,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,KAE5C5pC,EACA2C,IAGF,MAAO,CACL5L,EAAGoH,EAAUzT,MAAM,EAAGyO,GACtB8N,EAAG9I,EAAUzT,MAAMyO,EAAKA,GAAO,GAEnC,CArJuBqxC,CAAQ5wC,EAAOgwC,EAAUjnC,EAASsjC,GAC/C,MAAOwE,GAIP,GAAmB,SAAf7wC,EAAMtF,OAAiC,cAAbm2C,EAAIn2C,MAAqC,mBAAbm2C,EAAIn2C,MAC5D,MAAMm2C,EAERjnC,GAAK4D,gBAAgB,oCAAsCqjC,EAAI9nC,SAEjE,MAEF,IAAK,OAAQ,CACX,MAAMxE,QAsKdhU,eAAwByP,EAAOgwC,EAAUjnC,EAASsjC,GAChD,MAAME,EAAOvO,GAAWmT,WAAW3gC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC1DzD,EAAKr7C,MAAM6X,GACXwjC,EAAKxxC,MACL,MAAMqL,EAAM4yC,GAAatsC,OAAO,CAC9B2kC,QAAS,EACT4H,WAAYj5C,EAAMw0C,IAClBxrC,WAAY/Z,MAAMuiB,KAAK66B,EAAQrjC,YAC/BtH,UAAW,CAAEw3C,OAAQ,EAAG5/C,KAAMrK,MAAMuiB,KAAK66B,EAAQ3qC,aAChD,MAAO,CACRuwC,MAAO,mBAGT,OAAOkH,GAAersC,OAAOy/B,EAAKA,KAAKnmC,GAAM,MAC/C,CApLgC8rC,CAASlyC,EAAOgwC,EAAUjnC,EAASsjC,GAC3D,MAAO,CACLlvC,EAAGoH,EAAUpH,EAAE42C,YAAY5hD,YAC3Bkb,EAAG9I,EAAU8I,EAAE0mC,YAAY5hD,eAKnC,OAmFF5B,eAA4ByP,EAAO0xB,EAAQ1oB,GACzC,MAAM2rC,QAAqBK,GAAgBh1C,EAAMtF,MAC3C0L,EAAMsuC,GAAeC,EAAc3rC,GACnCzE,EAAY6B,EAAImmC,KAAK7a,GAC3B,MAAO,CACLv0B,EAAGoH,EAAUpH,EAAE42C,YAAY5hD,YAC3Bkb,EAAG9I,EAAU8I,EAAE0mC,YAAY5hD,YAE/B,CA3FSinD,CAAap5C,EAAO0xB,EAAQ1oB,EACrC,CAcOzY,eAAeu8C,GAAO0H,EAAKxE,EAAUzrC,EAAWwE,EAASrH,EAAWgwB,GACzE,MAAM1xB,EAAQ,IAAIs3C,GAAa9C,GAC/B,GAAIzrC,IAAYa,GAAK9X,SAASiX,GAC5B,OAAQ/I,EAAMwJ,MACZ,IAAK,MACH,IAEE,aA4GVjZ,eAAyByP,EAAOgwC,GAAU7yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC3D,MAAMwuC,EAAM4I,GAAe94C,EAAMo3C,YAAaR,GAAU52C,EAAMtF,MAAOgH,GAC/D0E,QAAY23B,GAAUgC,UAC1B,MACAmQ,EACA,CACEx1C,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAAShE,EAAMwD,SAElD,EACA,CAAC,WAGGe,EAAYqF,GAAKxX,iBAAiB,CAAC+K,EAAGkQ,IAAI5Z,OAEhD,OAAOsqC,GAAU+O,OACf,CACEpyC,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,KAE5C5pC,EACA7B,EACAwE,EAEJ,CAtIuBspC,CAAUryC,EAAOgwC,EAAUzrC,EAAWwE,EAASrH,GAC5D,MAAOmvC,GAIP,GAAmB,SAAf7wC,EAAMtF,OAAiC,cAAbm2C,EAAIn2C,MAAqC,mBAAbm2C,EAAIn2C,MAC5D,MAAMm2C,EAERjnC,GAAK4D,gBAAgB,sCAAwCqjC,EAAI9nC,SAEnE,MACF,IAAK,OACH,OA4IRxY,eAA0ByP,EAAOgwC,GAAU7yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC5D,MAAQ0M,QAAS0iC,SAAazhD,gDAExBy9C,EAAS9O,GAAWsU,aAAa9hC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC9DlD,EAAO57C,MAAM6X,GACb+jC,EAAO/xC,MACP,MAAMqL,EAAMizC,GAAqB3sC,OAAO,CACtC4sC,UAAW,CACTA,UAAW,CAAC,EAAG,EAAG,IAAK,MAAO,EAAG,GACjCL,WAAYj5C,EAAMw0C,KAEpB+E,iBAAkB,CAAEL,OAAQ,EAAG5/C,KAAMrK,MAAMuiB,KAAK9P,KAC/C,MAAO,CACRuwC,MAAO,eAEH1tC,EAAY40C,GAAezsC,OAAO,CACtCvP,EAAG,IAAI2zC,EAAG3zC,GAAIkQ,EAAG,IAAIyjC,EAAGzjC,IACvB,OAEH,IACE,OAAOy/B,EAAOA,OAAO1mC,EAAK7B,GAC1B,MAAOssC,GACP,OAAO,EAEX,CApKe0B,CAAWvyC,EAAOgwC,EAAUzrC,EAAWwE,EAASrH,GAI7D,OAuDFnR,eAA8ByP,EAAOuE,EAAWgzB,EAAQ71B,GACtD,MAAMizC,QAAqBK,GAAgBh1C,EAAMtF,MAC3C0L,EAAMyuC,GAAcF,EAAcjzC,GACxC,OAAO0E,EAAI0mC,OAAOvV,EAAQhzB,EAC5B,CA3DSi1C,CAAex5C,EAAOuE,OADO,IAAbyrC,EAA4BjnC,EAAU2oB,EACbhwB,EAClD,CAsKA,MAAM+tC,GAAOzR,GAAapsC,eAAqBvB,EAEzC8oD,GAAiBnb,GACrByR,GAAKE,OAAO,kBAAkB,WAC5BvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,KAAK0pC,MACd1gD,KAAKgX,IAAI,KAAK0pC,eAEbz/C,EAED2oD,GAAehb,GACnByR,GAAKE,OAAO,gBAAgB,WAC1BvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,cAAcqzC,SACvBrqD,KAAKgX,IAAI,cAAcszC,SAAS,GAAGC,WAAWC,MAC9CxqD,KAAKgX,IAAI,aAAaszC,SAAS,GAAGC,WAAWE,kBAE5CxpD,EAEDypD,GAAsB9b,GAC1ByR,GAAKE,OAAO,uBAAuB,WACjCvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,aAAa2zC,QACtB3qD,KAAKgX,IAAI,cAAcuzC,WAAWC,eAEjCvpD,EAEDgpD,GAAuBrb,GAC3ByR,GAAKE,OAAO,wBAAwB,WAClCvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,aAAa4zC,IAAIF,IAC1B1qD,KAAKgX,IAAI,oBAAoByzC,kBAE5BxpD,qFA9LAE,eAA8BikD,EAAK8D,EAAGpgC,GAC3C,MAAMlY,EAAQ,IAAIs3C,GAAa9C,GAE/B,GAAIx0C,EAAMi3C,UAAYzmC,GAAM9O,UAAUO,MACpC,OAAO,EAKT,OAAQjC,EAAMwJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMT,EAAU2kC,GAAe,GACzBsC,EAAWx/B,GAAMhN,KAAKI,OACtB8tB,QAAeluB,GAAK+zB,OAAOyY,EAAUjnC,GAC3C,IACE,MAAMxE,QAAkBgoC,GAAKiI,EAAKxE,EAAUjnC,EAASuvC,EAAGpgC,EAAGwZ,GAC3D,aAAaob,GAAO0H,EAAKxE,EAAUzrC,EAAWwE,EAASuvC,EAAG5mB,GAC1D,MAAOmf,GACP,OAAO,GAGX,QACE,OAAOwH,GAAuB7nC,GAAM9O,UAAUO,MAAOuyC,EAAK8D,EAAGpgC,GAEnE,ICzHAkuB,GAAK5iC,KAAO9M,GAAS,IAAIvE,WAAW2R,KAASozB,OAAOxgC,GAAO6gC,iEAgBpDhnC,eAAoBikD,EAAKxE,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACxE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB1uB,GAAMhN,KAAKI,QAEvE,MAAUpR,MAAM,sCAElB,MAAMkS,EAAYkF,GAAKxX,iBAAiB,CAAC4W,EAAYtH,EAAUjG,SAAS,KAClE8I,EAAY6hC,GAAKmG,KAAKK,SAASlb,EAAQhtB,GAE7C,MAAO,CACLvH,EAAGoH,EAAU9I,SAAS,EAAG,IACzB4R,EAAG9I,EAAU9I,SAAS,IAE1B,SAcOlL,eAAsBikD,EAAKxE,GAAU7yC,EAAGkQ,EAAEA,GAAKzQ,EAAG8E,EAAWgwB,GAClE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB1uB,GAAMhN,KAAKI,QACvE,MAAUpR,MAAM,sCAElB,MAAM+R,EAAYqF,GAAKxX,iBAAiB,CAAC+K,EAAGkQ,IAC5C,OAAO+4B,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQntB,EAAW7C,EAAUjG,SAAS,GACzE,iBASOlL,eAA8BikD,EAAK8D,EAAG7sC,GAE3C,GAAsB,YAAlB+oC,EAAIC,UACN,OAAO,EAOT,MAAM/yC,UAAEA,GAAc0kC,GAAKmG,KAAKF,QAAQW,SAASvhC,GAC3CgtC,EAAK,IAAItmD,WAAW,CAAC,MAASuP,IACpC,OAAOkI,GAAKqD,iBAAiBqrC,EAAGG,EAElC,IC4BO,SAASwB,GAAqBhb,GACnC,GAAQA,IACDzuB,GAAM9O,UAAUf,QACnB,OAAO6P,GAAMhN,KAAKI,OAElB,MAAUpR,MAAM,qBAEtB,CA1GA4zC,GAAK5iC,KAAO9M,GAAS,IAAIvE,WAAW2R,KAASozB,OAAOxgC,GAAO6gC,qEAOpDhnC,eAAwB0uC,GAC7B,GAAQA,IACDzuB,GAAM9O,UAAUf,QAAS,CAC5B,MAAMssC,EAAOS,GAAe,KACpBhsC,UAAWg7B,GAAM0J,GAAKmG,KAAKF,QAAQW,SAASC,GACpD,MAAO,CAAEvQ,IAAGuQ,QAGZ,MAAUz6C,MAAM,8BAEtB,OAeOjC,eAAoB0uC,EAAM+Q,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACzE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB+a,GAAqBhb,IACjF,MAAUzsC,MAAM,sCAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+D,EAAYkF,GAAKxX,iBAAiB,CAAC4W,EAAYtH,IAErD,MAAO,CAAEw4C,GADS9T,GAAKmG,KAAKK,SAASlb,EAAQhtB,IAG/C,KAAK8L,GAAM9O,UAAUc,MACrB,QACE,MAAUhQ,MAAM,+BAGtB,SAaOjC,eAAsB0uC,EAAM+Q,GAAUkK,GAAEA,GAAMt9C,EAAG8E,EAAWgwB,GACjE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB+a,GAAqBhb,IACjF,MAAUzsC,MAAM,sCAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUf,QACnB,OAAOylC,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQwoB,EAAIx4C,GAE/C,KAAK8O,GAAM9O,UAAUc,MACrB,QACE,MAAUhQ,MAAM,+BAEtB,iBAUOjC,eAA8B0uC,EAAMvC,EAAGuQ,GAC5C,OAAQhO,GACN,KAAKzuB,GAAM9O,UAAUf,QAAS,CAK5B,MAAMe,UAAEA,GAAc0kC,GAAKmG,KAAKF,QAAQW,SAASC,GACjD,OAAOrjC,GAAKqD,iBAAiByvB,EAAGh7B,GAGlC,KAAK8O,GAAM9O,UAAUc,MACrB,QACE,OAAO,EAEb,4BC7FO,SAAS23C,GAAK/zC,EAAK9M,GACxB,MAAM+oB,EAAM,IAAI/E,GAAO,MAAsB,EAAblX,EAAI5V,QAAa4V,GAC3Cg0C,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC4lC,EAAIC,GAAOhhD,GACjB,IAAIojC,EAAI0d,EACR,MAAMvgC,EAAIwgC,EACJz+C,EAAIy+C,EAAE7pD,OAAS,EACfid,EAAI,IAAIgH,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAItI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI5Z,EAAI,EAAGA,EAAIqJ,IAAKrJ,EACvBkb,EAAE,GAAK7R,EAAIuQ,GAAK,EAAI5Z,GAEpBoqC,EAAE,GAAKD,EAAE,GACTC,EAAE,GAAKD,EAAE,GAETC,EAAE,GAAK9iB,EAAE,EAAItnB,GACboqC,EAAE,GAAK9iB,EAAE,EAAItnB,EAAI,GAEjBoqC,EAAI2d,GAAOj4B,EAAIF,QAAQwoB,GAAKhO,KAE5BD,EAAIC,EAAElhC,SAAS,EAAG,GAClBihC,EAAE,IAAMjvB,EAAE,GACVivB,EAAE,IAAMjvB,EAAE,GAEVoM,EAAE,EAAItnB,GAAKoqC,EAAE,GACb9iB,EAAE,EAAItnB,EAAI,GAAKoqC,EAAE,GAGrB,OAAOgO,GAAKjO,EAAG7iB,EACjB,CAUO,SAAS0gC,GAAOn0C,EAAK9M,GAC1B,MAAM+oB,EAAM,IAAI/E,GAAO,MAAsB,EAAblX,EAAI5V,QAAa4V,GAC3Cg0C,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC6N,EAAIg4B,GAAOhhD,GACjB,IAAIojC,EAAIpa,EAAE7mB,SAAS,EAAG,GACtB,MAAMoe,EAAIyI,EAAE7mB,SAAS,GACfG,EAAI0mB,EAAE9xB,OAAS,EAAI,EACnBid,EAAI,IAAIgH,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAItI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI5Z,EAAIqJ,EAAI,EAAGrJ,GAAK,IAAKA,EAC5Bkb,EAAE,GAAK7R,EAAIuQ,GAAK5Z,EAAI,GAEpBoqC,EAAE,GAAKD,EAAE,GAAKjvB,EAAE,GAChBkvB,EAAE,GAAKD,EAAE,GAAKjvB,EAAE,GAEhBkvB,EAAE,GAAK9iB,EAAE,EAAItnB,GACboqC,EAAE,GAAK9iB,EAAE,EAAItnB,EAAI,GAEjBoqC,EAAI2d,GAAOj4B,EAAID,QAAQuoB,GAAKhO,KAE5BD,EAAIC,EAAElhC,SAAS,EAAG,GAElBoe,EAAE,EAAItnB,GAAKoqC,EAAE,GACb9iB,EAAE,EAAItnB,EAAI,GAAKoqC,EAAE,GAGrB,GAAID,EAAE,KAAO0d,EAAG,IAAM1d,EAAE,KAAO0d,EAAG,GAChC,OAAOzP,GAAK9wB,GAEd,MAAUrnB,MAAM,4BAClB,CAeA,SAAS8nD,GAAOhhD,GACd,MAAM9I,OAAEA,GAAW8I,EACb7F,EAfR,SAA2B6F,GACzB,GAAIsQ,GAAKC,SAASvQ,GAAO,CACvB,MAAM9I,OAAEA,GAAW8I,EACb7F,EAAS,IAAImhB,YAAYpkB,GACzB+wC,EAAO,IAAIpvC,WAAWsB,GAC5B,IAAK,IAAI0Y,EAAI,EAAGA,EAAI3b,IAAU2b,EAC5Bo1B,EAAKp1B,GAAK7S,EAAK0S,WAAWG,GAE5B,OAAO1Y,EAET,OAAO,IAAItB,WAAWmH,GAAM7F,MAC9B,CAIiB+mD,CAAkBlhD,GAC3BioC,EAAO,IAAI1sB,SAASphB,GACpBy4C,EAAM,IAAIz3B,YAAYjkB,EAAS,GACrC,IAAK,IAAI+B,EAAI,EAAGA,EAAI/B,EAAS,IAAK+B,EAChC25C,EAAI35C,GAAKgvC,EAAKpgB,UAAU,EAAI5uB,GAE9B,OAAO25C,CACT,CAEA,SAASvB,KACP,IAAIn6C,EAAS,EACb,IAAK,IAAIib,EAAI,EAAGA,EAAIugC,UAAUx7C,SAAUib,EACtCjb,GAAU,EAAIw7C,UAAUvgC,GAAGjb,OAE7B,MAAMiD,EAAS,IAAImhB,YAAYpkB,GACzB+wC,EAAO,IAAI1sB,SAASphB,GAC1B,IAAIkM,EAAS,EACb,IAAK,IAAIpN,EAAI,EAAGA,EAAIy5C,UAAUx7C,SAAU+B,EAAG,CACzC,IAAK,IAAI4Z,EAAI,EAAGA,EAAI6/B,UAAUz5C,GAAG/B,SAAU2b,EACzCo1B,EAAKkZ,UAAU96C,EAAS,EAAIwM,EAAG6/B,UAAUz5C,GAAG4Z,IAE9CxM,GAAU,EAAIqsC,UAAUz5C,GAAG/B,OAE7B,OAAO,IAAI2B,WAAWsB,EACxB,uECnHO,SAASiZ,GAAO3D,GACrB,MAAM6C,EAAI,EAAK7C,EAAQvY,OAAS,EAC1Bua,EAAS,IAAI5Y,WAAW4W,EAAQvY,OAASob,GAAG2jC,KAAK3jC,GAEvD,OADAb,EAAOnY,IAAImW,GACJgC,CACT,CAOO,SAAS+B,GAAO/D,GACrB,MAAMxJ,EAAMwJ,EAAQvY,OACpB,GAAI+O,EAAM,EAAG,CACX,MAAMqM,EAAI7C,EAAQxJ,EAAM,GACxB,GAAIqM,GAAK,EAAG,CACV,MAAM8uC,EAAW3xC,EAAQtN,SAAS8D,EAAMqM,GAClC+uC,EAAW,IAAIxoD,WAAWyZ,GAAG2jC,KAAK3jC,GACxC,GAAIhC,GAAKqD,iBAAiBytC,EAAUC,GAClC,OAAO5xC,EAAQtN,SAAS,EAAG8D,EAAMqM,IAIvC,MAAUpZ,MAAM,kBAClB,yECrBA,MAAMurC,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAexB,SAASusC,GAAeC,EAAarG,EAAKsG,EAAWC,GACnD,OAAOnxC,GAAKxX,iBAAiB,CAC3BoiD,EAAItjD,QACJ,IAAIiB,WAAW,CAAC0oD,IAChBC,EAAU5pD,QACV0Y,GAAKiC,mBAAmB,wBACxBkvC,EAAYt/C,SAAS,EAAG,KAE5B,CAGAlL,eAAeyqD,GAAIhL,EAAUnJ,EAAGr2C,EAAQyqD,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAI5oD,EACJ,GAAI2oD,EAAc,CAEhB,IAAK3oD,EAAI,EAAGA,EAAIs0C,EAAEr2C,QAAmB,IAATq2C,EAAEt0C,GAAUA,KACxCs0C,EAAIA,EAAEprC,SAASlJ,GAEjB,GAAI4oD,EAAe,CAEjB,IAAK5oD,EAAIs0C,EAAEr2C,OAAS,EAAG+B,GAAK,GAAc,IAATs0C,EAAEt0C,GAAUA,KAC7Cs0C,EAAIA,EAAEprC,SAAS,EAAGlJ,EAAI,GAOxB,aALqBiR,GAAK+zB,OAAOyY,EAAUpmC,GAAKxX,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzB00C,EACAoU,MAEYx/C,SAAS,EAAGjL,EAC5B,CAUAD,eAAe6qD,GAAsBp7C,EAAOs4C,GAC1C,OAAQt4C,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM0O,EAAIw1B,GAAe,KACnBhpC,UAAEA,EAAS22C,UAAEA,SAAoBC,GAAuBt7C,EAAOs4C,EAAG,KAAMpgC,GAC9E,IAAIxW,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAc5nC,GAEnD,OADAhD,EAAYkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQuP,IACpD,CAAEA,YAAW25C,aAEtB,IAAK,MACH,GAAIr7C,EAAMm3C,KAAOvtC,GAAKoE,eACpB,IACE,aAoKVzd,eAAqCyP,EAAOs4C,GAC1C,MAAMpI,EAAM4I,GAAe94C,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAKmB,GAC7D,IAAIjM,EAAUtO,GAAUwV,YACtB,CACE74C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEZoE,EAAYxd,GAAUgC,UACxB,MACAmQ,EACA,CACEx1C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,KAED9K,EAASkP,SAAmBlsD,QAAQ+H,IAAI,CAACi1C,EAASkP,IACnD,IAAIluC,EAAI0wB,GAAUyd,WAChB,CACE9gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,IACtBsE,OAAQF,GAEVlP,EAAQrjC,WACRhJ,EAAMm3C,IAAIE,YAERx1B,EAAIkc,GAAUyV,UAChB,MACAnH,EAAQ3qC,YAET2L,EAAGwU,SAAWxyB,QAAQ+H,IAAI,CAACiW,EAAGwU,IAC/B,MAAMw5B,EAAY,IAAIlpD,WAAWkb,GAC3B3L,EAAY,IAAIvP,WAAWulD,GAAe71B,IAChD,MAAO,CAAEngB,YAAW25C,YACtB,CA1MuBK,CAAsB17C,EAAOs4C,GAC1C,MAAOzH,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,MACF,IAAK,OACH,OAsQNtgD,eAAsCyP,EAAOs4C,GAC3C,MAAMqD,EAAS3d,GAAW4Z,WAAW53C,EAAMk3C,KAAKA,MAChDyE,EAAO9D,eACP,MAAMwD,EAAY,IAAIlpD,WAAWwpD,EAAOC,cAActD,IAChD52C,EAAY,IAAIvP,WAAWwpD,EAAO7D,gBACxC,MAAO,CAAEp2C,YAAW25C,YACtB,CA5QaQ,CAAuB77C,EAAOs4C,GAEzC,OA+NF/nD,eAA0CyP,EAAOs4C,GAC/C,MAAM3D,QAAqBK,GAAgBh1C,EAAMtF,MAC3C4sC,QAAUtnC,EAAMi4C,aACtBK,EAAIzD,GAAcF,EAAc2D,GAChC,MAAMwD,EAAIpH,GAAeC,EAAcrN,EAAEt+B,YACnCtH,EAAY4lC,EAAE5lC,UACdwhC,EAAI4Y,EAAEC,OAAOzD,EAAEH,aACf54C,EAAMo1C,EAAa30C,MAAM6hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY5hD,WAAY,KAAMoN,GAClD,MAAO,CAAEmC,YAAW25C,YACtB,CAzOSW,CAA2Bh8C,EAAOs4C,EAC3C,CAmCA/nD,eAAe+qD,GAAuBt7C,EAAO87C,EAAGxD,EAAGpgC,GACjD,GAAIA,EAAE1nB,SAAWwP,EAAMo3C,YAAa,CAClC,MAAMpuC,EAAa,IAAI7W,WAAW6N,EAAMo3C,aACxCpuC,EAAWpW,IAAIslB,EAAGlY,EAAMo3C,YAAcl/B,EAAE1nB,QACxC0nB,EAAIlP,EAEN,OAAQhJ,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM9E,EAAYwT,EAAEpnB,QAAQ+O,UAE5B,MAAO,CAAE6E,YAAW22C,UADFjV,GAAK+F,WAAWznC,EAAWo3C,EAAErgD,SAAS,KAG1D,IAAK,MACH,GAAIuE,EAAMm3C,KAAOvtC,GAAKoE,eACpB,IACE,aAqDVzd,eAAsCyP,EAAO87C,EAAGxD,EAAGpgC,GACjD,MAAMqjC,EAAY5K,GAAa3wC,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAKmB,EAAGpgC,GACpE,IAAIlP,EAAa+0B,GAAUgC,UACzB,MACAwb,EACA,CACE7gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEhB,MAAMjH,EAAM4I,GAAe94C,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAK2E,GAC7D,IAAIH,EAAS5d,GAAUgC,UACrB,MACAmQ,EACA,CACEx1C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,KAEDnuC,EAAY2yC,SAAgBtsD,QAAQ+H,IAAI,CAAC4R,EAAY2yC,IACtD,IAAIzY,EAAInF,GAAUyd,WAChB,CACE9gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,IACtBsE,OAAQE,GAEV3yC,EACAhJ,EAAMm3C,IAAIE,YAER4E,EAASle,GAAUyV,UACrB,MACAxqC,IAEDk6B,EAAG+Y,SAAgB5sD,QAAQ+H,IAAI,CAAC8rC,EAAG+Y,IACpC,MAAMZ,EAAY,IAAIlpD,WAAW+wC,GAEjC,MAAO,CAAEx+B,UADSyM,GAAgB8qC,EAAO/jC,GACrBmjC,YACtB,CA9FuBa,CAAuBl8C,EAAO87C,EAAGxD,EAAGpgC,GACjD,MAAO24B,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,MACF,IAAK,OACH,OA0LNtgD,eAAuCyP,EAAO87C,EAAG5jC,GAC/C,MAAMqjC,EAAYvd,GAAW4Z,WAAW53C,EAAMk3C,KAAKA,MACnDqE,EAAUY,cAAcjkC,GACxB,MAAMmjC,EAAY,IAAIlpD,WAAWopD,EAAUK,cAAcE,IAEzD,MAAO,CAAEp3C,UADS,IAAIvS,WAAWopD,EAAUxD,iBACvBsD,YACtB,CAhMae,CAAwBp8C,EAAO87C,EAAG5jC,GAE7C,OAgJF3nB,eAA2CyP,EAAO87C,EAAG5jC,GACnD,MAAMy8B,QAAqBK,GAAgBh1C,EAAMtF,MACjDohD,EAAIjH,GAAcF,EAAcmH,GAChC5jC,EAAIw8B,GAAeC,EAAcz8B,GACjC,MAAMxT,EAAY,IAAIvS,WAAW+lB,EAAEkgC,cAC7BlV,EAAIhrB,EAAE6jC,OAAOD,EAAE3D,aACf54C,EAAMo1C,EAAa30C,MAAM6hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY5hD,WAAY,KAAMoN,GAClD,MAAO,CAAEmF,YAAW22C,YACtB,CAzJSgB,CAA4Br8C,EAAO87C,EAAG5jC,EAC/C,kEAjIO3nB,eAA8BikD,EAAK8D,EAAGpgC,GAC3C,OAAOmgC,GAAuB7nC,GAAM9O,UAAUM,KAAMwyC,EAAK8D,EAAGpgC,EAC9D,UAgFO3nB,eAAuBikD,EAAKsG,EAAWxhD,EAAMg/C,EAAGyC,GACrD,MAAMn+C,EAAI0/C,GAAahjD,GAEjB0G,EAAQ,IAAIs3C,GAAa9C,IACzB9yC,UAAEA,EAAS25C,UAAEA,SAAoBD,GAAsBp7C,EAAOs4C,GAC9D2C,EAAQL,GAAepqC,GAAM9O,UAAUM,KAAMwyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QAGxC,MAAO,CAAE5b,YAAW66C,WADDC,SADHxB,GAAIF,EAAUt3C,KAAM63C,EAAW34B,EAASu4B,GACvBr+C,GAEnC,UAoDOrM,eAAuBikD,EAAKsG,EAAWgB,EAAGx5B,EAAGg2B,EAAGpgC,EAAG6iC,GACxD,MAAM/6C,EAAQ,IAAIs3C,GAAa9C,IACzB6G,UAAEA,SAAoBC,GAAuBt7C,EAAO87C,EAAGxD,EAAGpgC,GAC1D+iC,EAAQL,GAAepqC,GAAM9O,UAAUM,KAAMwyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QACxC,IAAIuzB,EACJ,IAAK,IAAIt+C,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAGE,OAAOkqD,GAAaC,SADJ1B,GAAIF,EAAUt3C,KAAM63C,EAAW34B,EAASu4B,EAAa,IAAN1oD,EAAe,IAANA,GACpC+vB,IACpC,MAAOzuB,GACPg9C,EAAMh9C,EAGV,MAAMg9C,CACR,ICrMA,MAAM9S,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBsuC,GAAmB3e,IAAcA,GAAW4e,WAAa5e,GAAW4e,UAAU1uC,OAErE3d,eAAessD,GAAK7M,EAAU8M,EAAUC,EAAMC,EAAMC,GACjE,MAAMz5C,EAAOgN,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GACvC,IAAKxsC,EAAM,MAAUhR,MAAM,qCAE3B,GAAIurC,IAAa4e,GAAkB,CACjC,MAAM1uC,EAAS8vB,IAAa4e,GACtBO,QAAoBjvC,EAAO8xB,UAAU,MAAO+c,EAAU,QAAQ,EAAO,CAAC,eACtE/uC,QAAaE,EAAOutC,WAAW,CAAE9gD,KAAM,OAAQ8I,OAAMu5C,OAAMC,QAAQE,EAAsB,EAATD,GACtF,OAAO,IAAI9qD,WAAW4b,GAGxB,GAAIiwB,GAAY,CACd,MAAMmf,EAAe3sC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,GAGtCoN,EAAc,CAACC,EAASC,IAAgBtf,GAAWuf,WAAWJ,EAAcE,GAASnmB,OAAOomB,GAAa/lB,SAGzGimB,EAAkBJ,EAAYL,EAAMD,GAEpCW,EAAUD,EAAgBhtD,OAI1BoL,EAAIV,KAAKmQ,KAAK4xC,EAASQ,GACvBC,EAAuB,IAAIvrD,WAAWyJ,EAAI6hD,GAG1CE,EAAa,IAAIxrD,WAAWsrD,EAAUT,EAAKxsD,OAAS,GAE1DmtD,EAAW/qD,IAAIoqD,EAAMS,GAErB,IAAK,IAAIlrD,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK,CAG1BorD,EAAWA,EAAWntD,OAAS,GAAK+B,EAAI,EAExC,MAAMkb,EAAI2vC,EAAYI,EAAiBjrD,EAAI,EAAIorD,EAAaA,EAAWliD,SAASgiD,IAChFE,EAAW/qD,IAAI6a,EAAG,GAElBiwC,EAAqB9qD,IAAI6a,EAAGlb,EAAIkrD,GAGlC,OAAOC,EAAqBjiD,SAAS,EAAGwhD,GAG1C,MAAUzqD,MAAM,mCAClB,CC7CA,MAAMorD,GAAY,CAChBt7C,OAAQsH,GAAK0C,WAAW,8EAQnB/b,eAAwB0uC,GAC7B,GAAQA,IACDzuB,GAAM9O,UAAUY,OAAQ,CAE3B,MAAMmJ,EAAIiiC,GAAe,KACjBhsC,UAAWg7B,GAAM0J,GAAKgG,IAAIC,QAAQC,cAAc7gC,GACxD,MAAO,CAAEixB,IAAGjxB,KAGZ,MAAUjZ,MAAM,6BAEtB,iBAUOjC,eAA8B0uC,EAAMvC,EAAGjxB,GAC5C,GAAQwzB,IACDzuB,GAAM9O,UAAUY,OAAQ,CAK3B,MAAMZ,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAc7gC,GACrD,OAAO7B,GAAKqD,iBAAiByvB,EAAGh7B,GAIhC,OAAO,CAEb,UAcOnR,eAAuB0uC,EAAM3lC,EAAMukD,GACxC,GAAQ5e,IACDzuB,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMw7C,EAAqBpQ,GAAe,IACpCqQ,EAAe3X,GAAK+F,WAAW2R,EAAoBD,IACjDn8C,UAAWs8C,GAAuB5X,GAAKgG,IAAIC,QAAQC,cAAcwR,GACnEG,EAAYr0C,GAAKxX,iBAAiB,CACtC4rD,EACAH,EACAE,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,GAAM/N,UAAUM,QAG9C,MAAO,CAAEi7C,qBAAoBzB,WADVC,SADS0B,GAAY1tC,GAAMhN,KAAKI,OAAQq6C,EAAW,IAAI9rD,WAAcyrD,GAAUt7C,OAAQogB,GAC7DppB,IAK7C,MAAU9G,MAAM,6BAEtB,UAaOjC,eAAuB0uC,EAAM+e,EAAoBzB,EAAY7f,EAAGjxB,GACrE,GAAQwzB,IACDzuB,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMy7C,EAAe3X,GAAK+F,WAAW1gC,EAAGuyC,GAClCC,EAAYr0C,GAAKxX,iBAAiB,CACtC4rD,EACAthB,EACAqhB,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,GAAM/N,UAAUM,QAE9C,OAAO25C,SADqBwB,GAAY1tC,GAAMhN,KAAKI,OAAQq6C,EAAW,IAAI9rD,WAAcyrD,GAAUt7C,OAAQogB,GACvE65B,GAGnC,MAAU/pD,MAAM,6BAEtB,6HRqFAjC,eAAwByP,GACtB,MAAMrE,QAAmBiO,GAAKuE,gBAE9BnO,EAAQ,IAAIs3C,GAAat3C,GACzB,MAAMqsC,QAAgBrsC,EAAMi4C,aACtBK,EAAI,IAAI38C,EAAW0wC,EAAQ3qC,WAAWlC,eACtCy8C,EAAS,IAAItgD,EAAW0wC,EAAQrjC,YAAYxJ,aAAa,KAAMQ,EAAMo3C,aAC3E,MAAO,CACL5C,IAAKx0C,EAAMw0C,IACX8D,IACA2D,SACAz4C,KAAMxD,EAAMwD,KACZ8Z,OAAQtd,EAAMsd,OAElB,uBAOA,SAA8Bk3B,GAC5B,OAAOwC,GAAOxmC,GAAMtf,MAAMsf,GAAMxQ,MAAOw0C,EAAI19B,UAAUtT,IACvD,2DS3LOjT,eAAoBy/C,EAAUte,EAAQ0C,EAAGvS,EAAG/jB,EAAGxB,GACpD,MAAMX,QAAmBiO,GAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GAM3B,IAAI8P,EACAtO,EACAkQ,EACAI,EARJoU,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB93B,EAAI,IAAIX,EAAWW,GAMnB83B,EAAIA,EAAEt3B,IAAI+kB,GACVvlB,EAAIA,EAAEQ,IAAIgB,GAMV,MAAM6N,EAAI,IAAIhQ,EAAW+1B,EAAOj2B,SAAS,EAAGqC,EAAEnK,eAAemJ,IAAIgB,GAMjE,OAAa,CAIX,GAFA2N,QAAUkiC,GAAoBxuC,EAAKrB,GACnCX,EAAIi3B,EAAEr3B,OAAO0O,EAAGoW,GAAGllB,KAAKmB,GACpBX,EAAEH,SACJ,SAEF,MAAMmhD,EAAK7hD,EAAEI,IAAIS,GAAGR,KAAKmB,GAGzB,GAFA2P,EAAI9B,EAAElW,IAAI0oD,GAAIxhD,KAAKmB,GACnBuP,EAAI5B,EAAEnO,OAAOQ,GAAGrB,KAAKgR,GAAG9Q,KAAKmB,IACzBuP,EAAErQ,SAGN,MAEF,MAAO,CACLG,EAAGA,EAAEqC,aAAa,KAAM1B,EAAEnK,cAC1B0Z,EAAGA,EAAE7N,aAAa,KAAM1B,EAAEnK,cAE9B,SAeOpD,eAAsBy/C,EAAU7yC,EAAGkQ,EAAGqkB,EAAQ0C,EAAGvS,EAAG/jB,EAAGJ,GAC5D,MAAM/B,QAAmBiO,GAAKuE,gBACxBjP,EAAO,IAAIvD,EAAW,GAS5B,GARAwB,EAAI,IAAIxB,EAAWwB,GACnBkQ,EAAI,IAAI1R,EAAW0R,GAEnBwU,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEfP,EAAEmB,IAAIY,IAAS/B,EAAEqB,IAAIV,IACrBuP,EAAE/O,IAAIY,IAASmO,EAAE7O,IAAIV,GAEvB,OADA8L,GAAK0D,WAAW,0BACT,EAET,MAAM3B,EAAI,IAAIhQ,EAAW+1B,EAAOj2B,SAAS,EAAGqC,EAAEnK,eAAegJ,KAAKmB,GAC5D8oB,EAAIvZ,EAAE/P,OAAOQ,GACnB,GAAI8oB,EAAE5pB,SAEJ,OADA4M,GAAK0D,WAAW,0BACT,EAGT8mB,EAAIA,EAAEt3B,IAAI+kB,GACVnkB,EAAIA,EAAEZ,IAAI+kB,GACV,MAAMu8B,EAAKzyC,EAAEjP,IAAIkqB,GAAGjqB,KAAKmB,GACnBugD,EAAKlhD,EAAET,IAAIkqB,GAAGjqB,KAAKmB,GACnBuc,EAAK+Z,EAAEr3B,OAAOqhD,EAAIv8B,GAClBvH,EAAK5c,EAAEX,OAAOshD,EAAIx8B,GAExB,OADUxH,EAAG3d,IAAI4d,GAAI3d,KAAKklB,GAAGllB,KAAKmB,GACzBM,MAAMjB,EACjB,iBAYO5M,eAA8BsxB,EAAG/jB,EAAGs2B,EAAG12B,EAAGpB,GAC/C,MAAMX,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GACnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIy4B,EAAE91B,IAAIa,IAAQi1B,EAAE51B,IAAIqjB,GACtB,OAAO,EAMT,IAAKA,EAAEzlB,MAAMU,IAAIgB,GAAGd,SAClB,OAAO,EAOT,IAAKo3B,EAAEr3B,OAAOe,EAAG+jB,GAAG5kB,QAClB,OAAO,EAMT,MAAMqhD,EAAQ,IAAI3iD,EAAWmC,EAAEmB,aACzBs/C,EAAO,IAAI5iD,EAAW,KAC5B,GAAI2iD,EAAMjgD,GAAGkgD,WAAiBvQ,GAAgBlwC,EAAG,KAAM,IACrD,OAAO,EASTxB,EAAI,IAAIX,EAAWW,GACnB,MAAM2lC,EAAM,IAAItmC,EAAW,GACrBwB,QAAUwwC,GAAoB1L,EAAIhkC,UAAUqgD,EAAMliD,OAAQ6lC,EAAIhkC,UAAUqgD,IACxEhK,EAAMx2C,EAAEpB,IAAIS,GAAG1H,IAAI6G,GACzB,QAAKoB,EAAEU,MAAMg2B,EAAEr3B,OAAOu3C,EAAKzyB,GAK7B,OCxLe,CAEb28B,IAAKA,GAEL18C,QAASA,GAETmzC,SAAUA,GAEVlzC,IAAKA,GAELqkC,KAAMA,2ECAD,SAA8BnH,EAAM16B,GACzC,IAAIjU,EAAO,EACX,OAAQ2uC,GAGN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAInB,MAAO,CAAEwL,EAHCzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,KAQ5C,KAAKkgB,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUO,MACrB,CACE,MAAM9E,EAAIyM,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAAQA,GAAQ6M,EAAE3M,OAAS,EAErE,MAAO,CAAE2M,IAAGkQ,EADFzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,KAM5C,KAAKkgB,GAAM9O,UAAUQ,YAAa,CAGhC,IAAI/E,EAAIyM,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAAQA,GAAQ6M,EAAE3M,OAAS,EACnE2M,EAAIyM,GAAKkB,QAAQ3N,EAAG,IACpB,IAAIkQ,EAAIzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAExC,OADA+c,EAAIzD,GAAKkB,QAAQuC,EAAG,IACb,CAAElQ,IAAGkQ,KAId,KAAKmD,GAAM9O,UAAUf,QAAS,CAC5B,MAAMu5C,EAAK31C,EAAU9I,SAASnL,EAAMA,EAAO,IAC3C,OADgDA,GAAQ4pD,EAAG1pD,OACpD,CAAE0pD,MAEX,QACE,MAAM,IAAI3D,GAAiB,gCAEjC,SAgBOhmD,eAAsB0uC,EAAM+Q,EAAUzrC,EAAWk6C,EAAcnlD,EAAMo4B,GAC1E,OAAQuN,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM4qD,EACXpxC,EAAIzD,GAAKkB,QAAQvG,EAAU8I,EAAGzR,EAAEpL,QACtC,OAAOkR,GAAU88C,IAAI1R,OAAOkD,EAAU12C,EAAM+T,EAAGzR,EAAG/H,EAAG69B,GAEvD,KAAKlhB,GAAM9O,UAAUK,IAAK,CACxB,MAAMqyB,EAAEA,EAACvS,EAAEA,EAAC/jB,EAAEA,EAACJ,EAAEA,GAAM+gD,GACjBthD,EAAEA,EAACkQ,EAAEA,GAAM9I,EACjB,OAAO7C,GAAUK,IAAI+qC,OAAOkD,EAAU7yC,EAAGkQ,EAAGqkB,EAAQ0C,EAAGvS,EAAG/jB,EAAGJ,GAE/D,KAAK8S,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EACbC,EAAY,IAAIh9C,GAAUuzC,SAASqC,aAAa9C,GAAK4C,YAErDj6C,EAAIyM,GAAKkB,QAAQvG,EAAUpH,EAAGuhD,GAC9BrxC,EAAIzD,GAAKkB,QAAQvG,EAAU8I,EAAGqxC,GACpC,OAAOh9C,GAAUuzC,SAAShzC,MAAM6qC,OAAO0H,EAAKxE,EAAU,CAAE7yC,IAAGkQ,KAAK/T,EAAMg/C,EAAG5mB,GAE3E,KAAKlhB,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EAEnB,OAAO/8C,GAAUuzC,SAAS/yC,YAAY4qC,OAAO0H,EAAKxE,EAAUzrC,EAAWjL,EAAMg/C,EAAG5mB,GAElF,KAAKlhB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAM+hB,EACd,OAAO/8C,GAAUuzC,SAAS9yC,MAAM2qC,OAAO7N,EAAM+Q,EAAUzrC,EAAWjL,EAAMojC,EAAGhL,GAE7E,QACE,MAAUl/B,MAAM,gCAEtB,OAgBOjC,eAAoB0uC,EAAM+Q,EAAU2O,EAAiBC,EAAkBtlD,EAAMo4B,GAClF,IAAKitB,IAAoBC,EACvB,MAAUpsD,MAAM,0BAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMs1B,EAEvB,MAAO,CAAEvxC,QADO3L,GAAU88C,IAAIjS,KAAKyD,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGoI,IAGvE,KAAKlhB,GAAM9O,UAAUK,IAAK,CACxB,MAAMqyB,EAAEA,EAACvS,EAAEA,EAAC/jB,EAAEA,GAAM6gD,GACdriD,EAAEA,GAAMsiD,EACd,OAAOl9C,GAAUK,IAAIwqC,KAAKyD,EAAUte,EAAQ0C,EAAGvS,EAAG/jB,EAAGxB,GAEvD,KAAKkU,GAAM9O,UAAUI,QACnB,MAAUtP,MAAM,gEAElB,KAAKge,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACbzmC,EAAEA,GAAM0mC,EACd,OAAOl9C,GAAUuzC,SAAShzC,MAAMsqC,KAAKiI,EAAKxE,EAAU12C,EAAMg/C,EAAGpgC,EAAGwZ,GAElE,KAAKlhB,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACb1R,KAAEA,GAAS2R,EACjB,OAAOl9C,GAAUuzC,SAAS/yC,YAAYqqC,KAAKiI,EAAKxE,EAAU12C,EAAMg/C,EAAGrL,EAAMvb,GAE3E,KAAKlhB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAMiiB,GACR1R,KAAEA,GAAS2R,EACjB,OAAOl9C,GAAUuzC,SAAS9yC,MAAMoqC,KAAKtN,EAAM+Q,EAAU12C,EAAMojC,EAAGuQ,EAAMvb,GAEtE,QACE,MAAUl/B,MAAM,gCAEtB,ICjJA,MAAMqsD,GACJ3vD,YAAYoK,GACNA,IACFlK,KAAKkK,KAAOA,GAWhBhJ,KAAKoG,GACH,GAAIA,EAAMlG,QAAU,EAAG,CACrB,MAAMA,EAASkG,EAAM,GACrB,GAAIA,EAAMlG,QAAU,EAAIA,EAEtB,OADApB,KAAKkK,KAAO5C,EAAM+E,SAAS,EAAG,EAAIjL,GAC3B,EAAIpB,KAAKkK,KAAK9I,OAGzB,MAAUgC,MAAM,yBAOlBtB,QACE,OAAO0Y,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKkK,KAAK9I,SAAUpB,KAAKkK,QCzB3E,MAAMwlD,GAKJ5vD,YAAYoK,GACV,GAAIA,EAAM,CACR,MAAMkK,KAAEA,EAAI8Z,OAAEA,GAAWhkB,EACzBlK,KAAKoU,KAAOA,EACZpU,KAAKkuB,OAASA,OAEdluB,KAAKoU,KAAO,KACZpU,KAAKkuB,OAAS,KASlBhtB,KAAKZ,GACH,GAAIA,EAAMc,OAAS,GAAkB,IAAbd,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAI6mD,GAAiB,yBAI7B,OAFAnnD,KAAKoU,KAAO9T,EAAM,GAClBN,KAAKkuB,OAAS5tB,EAAM,GACb,EAOTwB,QACE,OAAO,IAAIiB,WAAW,CAAC,EAAG,EAAG/C,KAAKoU,KAAMpU,KAAKkuB,UCxDjD,MAAMyhC,GACJ3nC,mBAAkBmlC,WAAEA,EAAUjD,UAAEA,IAC9B,MAAM0F,EAAW,IAAID,GAGrB,OAFAC,EAASzC,WAAaA,EACtByC,EAAS1F,UAAYA,EACd0F,EAST1uD,KAAKoG,GACH,IAAIpG,EAAO,EACP2uD,EAAevoD,EAAMpG,KACzBlB,KAAKkqD,UAAY2F,EAAe,EAAIvoD,EAAMpG,KAAU,KACpD2uD,GAAgBA,EAAe,EAC/B7vD,KAAKmtD,WAAa7lD,EAAM+E,SAASnL,EAAMA,EAAO2uD,GAAe3uD,GAAQ2uD,EAOvE/tD,QACE,OAAO0Y,GAAKxX,iBAAiB,CAC3BhD,KAAKkqD,UACH,IAAInnD,WAAW,CAAC/C,KAAKmtD,WAAW/rD,OAAS,EAAGpB,KAAKkqD,YACjD,IAAInnD,WAAW,CAAC/C,KAAKmtD,WAAW/rD,SAClCpB,KAAKmtD,cCsaX,SAAS2C,GAAoB1K,GAC3B,IACEA,EAAIC,UACJ,MAAO5gD,GACP,MAAM,IAAI0iD,GAAiB,qBAE/B,oEAnaOhmD,eAAgC4uD,EAASC,EAAeX,EAAcnlD,EAAMyhD,GACjF,OAAQoE,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eAAgB,CACnC,MAAM/F,EAAEA,EAAC/H,EAAEA,GAAM4qD,EAEjB,MAAO,CAAE7yC,QADOlK,GAAU88C,IAAIr8B,QAAQ7oB,EAAMsC,EAAG/H,IAGjD,KAAK2c,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAEA,EAACuS,EAAEA,EAAC12B,EAAEA,GAAM+gD,EACpB,OAAO/8C,GAAUI,QAAQqgB,QAAQ7oB,EAAMuoB,EAAGuS,EAAG12B,GAE/C,KAAK8S,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc2D,GACtB/8C,UAAWo6C,EAAGS,WAAYj6B,SAAY5gB,GAAUuzC,SAASjzC,KAAKmgB,QACpEqyB,EAAKsG,EAAWxhD,EAAMg/C,EAAGyC,GAC3B,MAAO,CAAEe,IAAGx5B,EAAG,IAAI+8B,GAAW/8B,IAEhC,KAAK9R,GAAM9O,UAAUY,OAAQ,CAC3B,IAAKsH,GAAK0G,MAAM8uC,GAEd,MAAU5sD,MAAM,iDAElB,MAAMkqC,EAAEA,GAAM+hB,GACRT,mBAAEA,EAAkBzB,WAAEA,SAAqB76C,GAAUuzC,SAASqK,MAAMn9B,QACxEg9B,EAAS7lD,EAAMojC,GAEjB,MAAO,CAAEshB,qBAAoB17B,EADnBy8B,GAAkBQ,WAAW,CAAEjG,UAAW8F,EAAe7C,gBAGrE,QACE,MAAO,GAEb,mBAgBOhsD,eAAgC0uC,EAAM0f,EAAiBC,EAAkBY,EAAkBzE,EAAajM,GAC7G,OAAQ7P,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WAAY,CAC/B,MAAMgK,EAAEA,GAAM4zC,GACR5jD,EAAG/H,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMs1B,EACvB,OAAOl9C,GAAU88C,IAAIp8B,QAAQxW,EAAGhQ,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAEpD,KAAKt+B,GAAM9O,UAAUI,QAAS,CAC5B,MAAMkb,GAAEA,EAAEC,GAAEA,GAAOuiC,EACb39B,EAAI88B,EAAgB98B,EACpBvlB,EAAIsiD,EAAiBtiD,EAC3B,OAAOoF,GAAUI,QAAQsgB,QAAQpF,EAAIC,EAAI4E,EAAGvlB,EAAGwyC,GAEjD,KAAKt+B,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc6D,GACxBzmC,EAAEA,GAAM0mC,GACR9C,EAAEA,EAACx5B,EAAEA,GAAMk9B,EACjB,OAAO99C,GAAUuzC,SAASjzC,KAAKogB,QAC7BoyB,EAAKsG,EAAWgB,EAAGx5B,EAAEhpB,KAAMg/C,EAAGpgC,EAAG6iC,GAErC,KAAKvqC,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAEA,GAAMiiB,GACRlzC,EAAEA,GAAMmzC,GACRZ,mBAAEA,EAAkB17B,EAAEA,GAAMk9B,EAClC,IAAK51C,GAAK0G,MAAMgS,EAAEg3B,WAChB,MAAU9mD,MAAM,4BAElB,OAAOkP,GAAUuzC,SAASqK,MAAMl9B,QAC9B6c,EAAM+e,EAAoB17B,EAAEi6B,WAAY7f,EAAGjxB,GAE/C,QACE,MAAUjZ,MAAM,4CAEtB,uBAQO,SAA8BysC,EAAMvoC,GACzC,IAAIpG,EAAO,EACX,OAAQ2uC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAIgO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQsL,EAAEpL,OAAS,EACjE,MAAMqD,EAAI+V,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQuD,EAAErD,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE7iD,IAAG/H,MAEpC,KAAK2c,GAAM9O,UAAUK,IAAK,CACxB,MAAM8f,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAMsN,EAAI8L,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwN,EAAEtN,OAAS,EACjE,MAAM4jC,EAAIxqB,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ8jC,EAAE5jC,OAAS,EACjE,MAAMkN,EAAIkM,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQoN,EAAElN,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE58B,IAAG/jB,IAAGs2B,IAAG12B,MAE1C,KAAK8S,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAM4jC,EAAIxqB,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ8jC,EAAE5jC,OAAS,EACjE,MAAMkN,EAAIkM,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQoN,EAAElN,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE58B,IAAGuS,IAAG12B,MAEvC,KAAK8S,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQgoD,EAAE9nD,OAAS,EAC1D,CAAEF,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,IAAI8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEpC,OAF4CA,GAAQgoD,EAAE9nD,OAAS,EAC/D8nD,EAAI1uC,GAAKkB,QAAQwtC,EAAG,IACb,CAAEhoD,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQgoD,EAAE9nD,OAAS,EACjE,MAAMsqD,EAAY,IAAIgE,GACtB,OADmCxuD,GAAQwqD,EAAUxqD,KAAKoG,EAAM+E,SAASnL,IAClE,CAAEA,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,IAAGwC,cAE/C,KAAKtqC,GAAM9O,UAAUf,QACrB,KAAK6P,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAIhmC,EAAM+E,SAASnL,EAAMA,EAAO,IACtC,OAD2CA,GAAQosC,EAAElsC,OAC9C,CAAEF,OAAMmuD,aAAc,CAAE/hB,MAEjC,QACE,MAAM,IAAI6Z,GAAiB,4CAEjC,wBASO,SAA+BtX,EAAMvoC,EAAO+nD,GACjD,IAAInuD,EAAO,EACX,OAAQ2uC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMqW,EAAItO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ4nB,EAAE1nB,OAAS,EACjE,MAAMqxB,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAMsN,EAAI8L,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwN,EAAEtN,OAAS,EACjE,MAAM84B,EAAI1f,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQg5B,EAAE94B,OAAS,EAC1D,CAAEF,OAAMmvD,cAAe,CAAEvnC,IAAG2J,IAAG/jB,IAAGwrB,MAE3C,KAAK9Y,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUI,QAAS,CAC5B,MAAMxF,EAAIsN,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQgM,EAAE9L,OAAS,EAC1D,CAAEF,OAAMmvD,cAAe,CAAEnjD,MAElC,KAAKkU,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUM,KAAM,CACzB,MAAMhC,EAAQ,IAAIs3C,GAAamH,EAAajK,KAC5C,IAAIt8B,EAAItO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEpC,OAF4CA,GAAQ4nB,EAAE1nB,OAAS,EAC/D0nB,EAAItO,GAAKkB,QAAQoN,EAAGlY,EAAMo3C,aACnB,CAAE9mD,OAAMmvD,cAAe,CAAEvnC,MAElC,KAAK1H,GAAM9O,UAAUQ,YAAa,CAChC,MAAMlC,EAAQ,IAAIs3C,GAAamH,EAAajK,KAC5C,IAAIvH,EAAOrjC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEvC,OAF+CA,GAAQ28C,EAAKz8C,OAAS,EACrEy8C,EAAOrjC,GAAKkB,QAAQmiC,EAAMjtC,EAAMo3C,aACzB,CAAE9mD,OAAMmvD,cAAe,CAAExS,SAElC,KAAKz8B,GAAM9O,UAAUf,QAAS,CAC5B,MAAMssC,EAAOv2C,EAAM+E,SAASnL,EAAMA,EAAO,IACzC,OAD8CA,GAAQ28C,EAAKz8C,OACpD,CAAEF,OAAMmvD,cAAe,CAAExS,SAElC,KAAKz8B,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMmJ,EAAI/U,EAAM+E,SAASnL,EAAMA,EAAO,IACtC,OAD2CA,GAAQmb,EAAEjb,OAC9C,CAAEF,OAAMmvD,cAAe,CAAEh0C,MAElC,QACE,MAAM,IAAI8qC,GAAiB,4CAEjC,2BAOO,SAAkCtX,EAAMvoC,GAC7C,IAAIpG,EAAO,EACX,OAAQ2uC,GAGN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eAEnB,MAAO,CAAEiK,EADChC,GAAKgB,QAAQlU,EAAM+E,SAASnL,KAOxC,KAAKkgB,GAAM9O,UAAUI,QAAS,CAC5B,MAAMkb,EAAKpT,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ0sB,EAAGxsB,OAAS,EAEnE,MAAO,CAAEwsB,KAAIC,GADFrT,GAAKgB,QAAQlU,EAAM+E,SAASnL,KAMzC,KAAKkgB,GAAM9O,UAAUM,KAAM,CACzB,MAAM85C,EAAIlyC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwrD,EAAEtrD,OAAS,EACjE,MAAM8xB,EAAI,IAAI+8B,GACd,OAD4B/8B,EAAEhyB,KAAKoG,EAAM+E,SAASnL,IAC3C,CAAEwrD,IAAGx5B,KAOd,KAAK9R,GAAM9O,UAAUY,OAAQ,CAC3B,MAAM07C,EAAqBtnD,EAAM+E,SAASnL,EAAMA,EAAO,IAAKA,GAAQ0tD,EAAmBxtD,OACvF,MAAM8xB,EAAI,IAAIy8B,GACd,OADmCz8B,EAAEhyB,KAAKoG,EAAM+E,SAASnL,IAClD,CAAE0tD,qBAAoB17B,KAE/B,QACE,MAAM,IAAIi0B,GAAiB,4CAEjC,kBAQO,SAAyBtX,EAAMuX,GAEpC,MAAMkJ,EAAgC,IAAI7sC,IAAI,CAACrC,GAAM9O,UAAUf,QAAS6P,GAAM9O,UAAUY,SAClFq9C,EAAgBplD,OAAOqoB,KAAK4zB,GAAQ9+C,KAAIgD,IAC5C,MAAMugD,EAAQzE,EAAO97C,GACrB,OAAKkP,GAAK1X,aAAa+oD,GAChByE,EAA8BlqD,IAAIypC,GAAQgc,EAAQrxC,GAAKoB,gBAAgBiwC,GADxCA,EAAM/pD,OACwC,IAEtF,OAAO0Y,GAAKxX,iBAAiButD,EAC/B,iBAUO,SAAwB1gB,EAAMlxB,EAAMymC,GACzC,OAAQvV,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QACnB,OAAOH,GAAU88C,IAAIoB,SAAS7xC,EAAM,OAAO/c,MAAK,EAAG4K,IAAG/H,IAAGqkB,IAAG2J,IAAG/jB,IAAGwrB,SAChEm2B,cAAe,CAAEvnC,IAAG2J,IAAG/jB,IAAGwrB,KAC1Bm1B,aAAc,CAAE7iD,IAAG/H,SAGvB,KAAK2c,GAAM9O,UAAUO,MACnB,OAAOP,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,GAAM9O,UAAUQ,YACnB,OAAOR,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAExS,KAAMgP,GACvBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,GAAM9O,UAAUM,KACnB,OAAON,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,SAAQz4C,OAAM8Z,cACpEmiC,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CACZjK,IAAK,IAAID,GAAIC,GACb8D,IACAwC,UAAW,IAAIgE,GAAU,CAAEt7C,OAAM8Z,gBAGvC,KAAK9M,GAAM9O,UAAUf,QACnB,OAAOe,GAAUuzC,SAAS9yC,MAAMy9C,SAAS3gB,GAAMjuC,MAAK,EAAG0rC,IAAGuQ,YACxDwS,cAAe,CAAExS,QACjBwR,aAAc,CAAE/hB,SAEpB,KAAKlsB,GAAM9O,UAAUY,OACnB,OAAOZ,GAAUuzC,SAASqK,MAAMM,SAAS3gB,GAAMjuC,MAAK,EAAG0rC,IAAGjxB,SACxDg0C,cAAe,CAAEh0C,KACjBgzC,aAAc,CAAE/hB,SAEpB,KAAKlsB,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUI,QACnB,MAAUtP,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,iBAUOjC,eAA8B0uC,EAAMwf,EAAcgB,GACvD,IAAKhB,IAAiBgB,EACpB,MAAUjtD,MAAM,0BAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM4qD,GACXvmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMm2B,EACvB,OAAO/9C,GAAU88C,IAAIqB,eAAejkD,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAErD,KAAK9Y,GAAM9O,UAAUK,IAAK,CACxB,MAAM8f,EAAEA,EAAC/jB,EAAEA,EAACs2B,EAAEA,EAAC12B,EAAEA,GAAM+gD,GACjBniD,EAAEA,GAAMmjD,EACd,OAAO/9C,GAAUK,IAAI89C,eAAeh+B,EAAG/jB,EAAGs2B,EAAG12B,EAAGpB,GAElD,KAAKkU,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAEA,EAACuS,EAAEA,EAAC12B,EAAEA,GAAM+gD,GACdniD,EAAEA,GAAMmjD,EACd,OAAO/9C,GAAUI,QAAQ+9C,eAAeh+B,EAAGuS,EAAG12B,EAAGpB,GAEnD,KAAKkU,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUM,KAAM,CACzB,MAAM89C,EAAap+C,GAAUuzC,SAASzkC,GAAMlgB,KAAKkgB,GAAM9O,UAAWu9B,KAC5DuV,IAAEA,EAAG8D,EAAEA,GAAMmG,GACbvmC,EAAEA,GAAMunC,EACd,OAAOK,EAAWD,eAAerL,EAAK8D,EAAGpgC,GAE3C,KAAK1H,GAAM9O,UAAUQ,YAAa,CAChC,MAAMo2C,EAAEA,EAAC9D,IAAEA,GAAQiK,GACbxR,KAAEA,GAASwS,EACjB,OAAO/9C,GAAUuzC,SAAS/yC,YAAY29C,eAAerL,EAAK8D,EAAGrL,GAE/D,KAAKz8B,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAM+hB,GACRxR,KAAEA,GAASwS,EACjB,OAAO/9C,GAAUuzC,SAAS9yC,MAAM09C,eAAe5gB,EAAMvC,EAAGuQ,GAE1D,KAAKz8B,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAEA,GAAM+hB,GACRhzC,EAAEA,GAAMg0C,EACd,OAAO/9C,GAAUuzC,SAASqK,MAAMO,eAAe5gB,EAAMvC,EAAGjxB,GAE1D,QACE,MAAUjZ,MAAM,iCAEtB,kBASOjC,eAA+B0uC,GACpC,MAAMxc,UAAEA,GAAc2c,GAAUH,GAC1B8gB,QAAqBrS,GAAejrB,GACpCu9B,EAAS,IAAI7tD,WAAW,CAAC4tD,EAAaA,EAAavvD,OAAS,GAAIuvD,EAAaA,EAAavvD,OAAS,KACzG,OAAOoZ,GAAK5T,OAAO,CAAC+pD,EAAcC,GACpC,qBAQO,SAA4B/gB,GACjC,MAAMvc,QAAEA,GAAY0c,GAAUH,GAC9B,OAAOyO,GAAehrB,EACxB,cAQO,SAAqBuc,GAC1B,MAAMI,EAAW7uB,GAAMlgB,KAAKkgB,GAAMvM,KAAMg7B,GACxC,OAAO1hB,GAAK8hB,EACd,yCAsBO,SAAmCJ,EAAMuV,GAC9C,OAAQvV,GACN,KAAKzuB,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACnB,OAAOR,GAAUuzC,SAASgF,qBAAqBzF,GACjD,KAAKhkC,GAAM9O,UAAUf,QACnB,OAAOe,GAAUuzC,SAAS9yC,MAAM83C,qBAAqBhb,GACvD,QACE,MAAUzsC,MAAM,iCAEtB,IC9cA,MAAMsK,GAAM,CAEVwgB,OAAQA,GAER9Z,KAAMA,GAEN+Z,KAAMA,GAEN7b,UAAWA,GAEX6C,UAAWA,GAEX07C,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT7lD,OAAO8lD,OAAOvjD,GAAKmR,IC1CnB,IAAIqyC,GAAiC,oBAAfnuD,YACG,oBAAhBouD,aACe,oBAAfC,WA+BF,SAASC,GAAU9vC,EAAKnc,GAC3B,OAAImc,EAAIngB,SAAWgE,EACRmc,EAEPA,EAAIlV,SACGkV,EAAIlV,SAAS,EAAGjH,IAE3Bmc,EAAIngB,OAASgE,EACNmc,EACX,CAGA,MAAM+vC,GAAU,CACZC,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUthD,EAAKuhD,GAC1C,GAAI76B,EAAIxqB,UAAYmlD,EAAKnlD,SACrBmlD,EAAKhuD,IAAIqzB,EAAIxqB,SAASolD,EAAUA,EAAWthD,GAAMuhD,QAIrD,IAAK,IAAIvuD,EAAI,EAAGA,EAAIgN,EAAKhN,IACrBquD,EAAKE,EAAYvuD,GAAK0zB,EAAI46B,EAAWtuD,IAI7CwuD,cAAe,SAAUC,GACrB,IAAIzuD,EAAG4zB,EAAG5mB,EAAK9M,EAAKtB,EAIpB,IADAoO,EAAM,EACDhN,EAAI,EAAG4zB,EAAI66B,EAAOxwD,OAAQ+B,EAAI4zB,EAAG5zB,IAClCgN,GAAOyhD,EAAOzuD,GAAG/B,OAIrB,MAAMK,EAAS,IAAIsB,WAAWoN,GAE9B,IADA9M,EAAM,EACDF,EAAI,EAAG4zB,EAAI66B,EAAOxwD,OAAQ+B,EAAI4zB,EAAG5zB,IAClCpB,EAAQ6vD,EAAOzuD,GACf1B,EAAO+B,IAAIzB,EAAOsB,GAClBA,GAAOtB,EAAMX,OAGjB,OAAOK,IAITowD,GAAY,CACdN,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUthD,EAAKuhD,GAC1C,IAAK,IAAIvuD,EAAI,EAAGA,EAAIgN,EAAKhN,IACrBquD,EAAKE,EAAYvuD,GAAK0zB,EAAI46B,EAAWtuD,IAI7CwuD,cAAe,SAAUC,GACrB,MAAO,GAAGhrD,OAAOqW,MAAM,GAAI20C,KAQ5B,IAAIE,GAAOZ,GAAWnuD,WAAalD,MAC/BkyD,GAAQb,GAAWC,YAActxD,MACjCmyD,GAAQd,GAAWE,WAAavxD,MAChC8xD,GAAgBT,GAAWI,GAAQK,cAAgBE,GAAUF,cAC7DJ,GAAWL,GAAWI,GAAQC,SAAWM,GAAUN,SChFvD,MAAMU,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAKrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAErBC,IAAqB,EACrBC,IAAqB,EAErBC,IAAqB,EAOrBC,IAA2B,EAG3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAI3BC,GAA2B,EAC3BC,GAA2B,EAE3BC,GAA2B,EAG3BC,GAA2B,EC7BxC,SAASxjD,GAAKyR,GACV,IAAIpR,EAAMoR,EAAIngB,OAAQ,OAAS+O,GAAO,GAClCoR,EAAIpR,GAAO,CAEnB,CAIA,MAAMojD,GAAe,EACfC,GAAe,EACfC,GAAe,EAYfC,GAAgB,GAGhBC,GAAgB,IAGhBC,GAAgBD,GAAW,EAAID,GAG/BG,GAAgB,GAGhBC,GAAgB,GAGhBC,GAAgB,EAAIH,GAAU,EAG9BI,GAAgB,GAGhBC,GAAgB,GAQhBC,GAAc,EAGdC,GAAc,IAGdC,GAAc,GAGdC,GAAc,GAGdC,GAAc,GAIdC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAErDC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAE9DC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAEjCC,GACJ,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAgBzCC,GAAoB90D,MAAsB,GAAf+zD,GAAU,IAC3C9jD,GAAK6kD,IAOL,MAAMC,GAAoB/0D,MAAgB,EAAVg0D,IAChC/jD,GAAK8kD,IAKL,MAAMC,GAAoBh1D,MAjBJ,KAkBtBiQ,GAAK+kD,IAML,MAAMC,GAAoBj1D,MAAMk1D,KAChCjlD,GAAKglD,IAGL,MAAME,GAAoBn1D,MAAM6zD,IAChC5jD,GAAKklD,IAGL,MAAMC,GAAoBp1D,MAAMg0D,IAKhC,SAASqB,GAAeC,EAAaC,EAAYC,EAAYC,EAAOC,GAEhEv1D,KAAKm1D,YAAeA,EACpBn1D,KAAKo1D,WAAeA,EACpBp1D,KAAKq1D,WAAeA,EACpBr1D,KAAKs1D,MAAeA,EACpBt1D,KAAKu1D,WAAeA,EAGpBv1D,KAAKw1D,UAAeL,GAAeA,EAAY/zD,MACnD,CAGA,IAAIq0D,GACAC,GACAC,GAGJ,SAASC,GAASC,EAAUC,GACxB91D,KAAK61D,SAAWA,EAChB71D,KAAK+1D,SAAW,EAChB/1D,KAAK81D,UAAYA,CACrB,CAIA,SAASE,GAAOC,GACZ,OAAOA,EAAO,IAAMpB,GAAWoB,GAAQpB,GAAW,KAAOoB,IAAS,GACtE,CAOA,SAASC,GAAUj4C,EAAGuZ,GAGlBvZ,EAAEk4C,YAAYl4C,EAAEupB,WAAiB,IAAJhQ,EAC7BvZ,EAAEk4C,YAAYl4C,EAAEupB,WAAahQ,IAAM,EAAI,GAC3C,CAOA,SAAS4+B,GAAUn4C,EAAG5c,EAAOD,GACrB6c,EAAEo4C,SAAWpC,GAAW7yD,GACxB6c,EAAEq4C,QAAUj1D,GAAS4c,EAAEo4C,SAAW,MAClCH,GAAUj4C,EAAGA,EAAEq4C,QACfr4C,EAAEq4C,OAASj1D,GAAS4yD,GAAWh2C,EAAEo4C,SACjCp4C,EAAEo4C,UAAYj1D,EAAS6yD,KAEvBh2C,EAAEq4C,QAAUj1D,GAAS4c,EAAEo4C,SAAW,MAClCp4C,EAAEo4C,UAAYj1D,EAEtB,CAGA,SAASm1D,GAAUt4C,EAAGzB,EAAGg6C,GACrBJ,GAAUn4C,EAAGu4C,EAAS,EAAJh6C,GAAiBg6C,EAAS,EAAJh6C,EAAQ,GACpD,CAQA,SAASi6C,GAAWC,EAAMvmD,GACtB,IAAIZ,EAAM,EACV,GACIA,GAAc,EAAPmnD,EACPA,KAAU,EACVnnD,IAAQ,UACDY,EAAM,GACjB,OAAOZ,IAAQ,CACnB,CAuIA,SAASonD,GAAUH,EAAMT,EAAUa,GAK/B,MAAMC,EAAgBh3D,MAAMm0D,GAAW,GACvC,IACIr1C,EACAnS,EAFAkqD,EAAO,EAOX,IAAK/3C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7Bk4C,EAAUl4C,GAAQ+3C,EAAOA,EAAOE,EAASj4C,EAAO,IAAM,EAS1D,IAAKnS,EAAI,EAAIA,GAAKupD,EAAUvpD,IAAK,CAC7B,MAAM2D,EAAMqmD,EAAS,EAAJhqD,EAAQ,GACb,IAAR2D,IAIJqmD,EAAS,EAAJhqD,GAAkBiqD,GAAWI,EAAU1mD,KAAQA,IAK5D,CA8GA,SAAS2mD,GAAW74C,GAChB,IAAIzR,EAGJ,IAAKA,EAAI,EAAGA,EAAIonD,GAAUpnD,IACtByR,EAAE84C,UAAc,EAAJvqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIqnD,GAAUrnD,IACtByR,EAAE+4C,UAAc,EAAJxqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIsnD,GAAUtnD,IACtByR,EAAEg5C,QAAY,EAAJzqD,GAAkB,EAGhCyR,EAAE84C,UAAsB,EAAZ5C,IAA0B,EACtCl2C,EAAEi5C,QAAUj5C,EAAEk5C,WAAa,EAC3Bl5C,EAAEm5C,SAAWn5C,EAAEo5C,QAAU,CAC7B,CAMA,SAASC,GAAUr5C,GACXA,EAAEo4C,SAAW,EACbH,GAAUj4C,EAAGA,EAAEq4C,QACRr4C,EAAEo4C,SAAW,IAEpBp4C,EAAEk4C,YAAYl4C,EAAEupB,WAAavpB,EAAEq4C,QAEnCr4C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,CACjB,CA6BA,SAASkB,GAAQf,EAAMhqD,EAAGgB,EAAGgqD,GACzB,MAAMC,EAAU,EAAJjrD,EACNkrD,EAAU,EAAJlqD,EACZ,OAAOgpD,EAAKiB,GAAgBjB,EAAKkB,IAC5BlB,EAAKiB,KAAkBjB,EAAKkB,IAAiBF,EAAMhrD,IAAMgrD,EAAMhqD,EACxE,CAQA,SAASmqD,GAAW15C,EAAGu4C,EAAMn6C,GAKzB,MAAM67B,EAAIj6B,EAAEiL,KAAK7M,GACjB,IAAIU,EAAIV,GAAK,EACb,KAAOU,GAAKkB,EAAE25C,WAEN76C,EAAIkB,EAAE25C,UACZL,GAAQf,EAAMv4C,EAAEiL,KAAKnM,EAAI,GAAIkB,EAAEiL,KAAKnM,GAAIkB,EAAEu5C,QACpCz6C,KAGAw6C,GAAQf,EAAMte,EAAGj6B,EAAEiL,KAAKnM,GAAIkB,EAAEu5C,SAKlCv5C,EAAEiL,KAAK7M,GAAK4B,EAAEiL,KAAKnM,GACnBV,EAAIU,EAGJA,IAAM,EAEVkB,EAAEiL,KAAK7M,GAAK67B,CAChB,CASA,SAAS2f,GAAe55C,EAAG65C,EAAOC,GAK9B,IAAI9B,EACA+B,EAEAtB,EACAuB,EAFAC,EAAK,EAIT,GAAmB,IAAfj6C,EAAEm5C,SACF,GACInB,EAAOh4C,EAAEk4C,YAAYl4C,EAAEk6C,MAAa,EAALD,IAAW,EAAIj6C,EAAEk4C,YAAYl4C,EAAEk6C,MAAa,EAALD,EAAS,GAC/EF,EAAK/5C,EAAEk4C,YAAYl4C,EAAEm6C,MAAQF,GAC7BA,IAEa,IAATjC,EACAM,GAAUt4C,EAAG+5C,EAAIF,IAIjBpB,EAAO5B,GAAakD,GACpBzB,GAAUt4C,EAAGy4C,EAAO/C,GAAW,EAAGmE,GAClCG,EAAQ1D,GAAYmC,GACN,IAAVuB,IACAD,GAAMhD,GAAY0B,GAClBN,GAAUn4C,EAAG+5C,EAAIC,IAErBhC,IACAS,EAAOV,GAAOC,GAGdM,GAAUt4C,EAAGy4C,EAAMqB,GACnBE,EAAQzD,GAAYkC,GACN,IAAVuB,IACAhC,GAAQhB,GAAUyB,GAClBN,GAAUn4C,EAAGg4C,EAAMgC,WAQtBC,EAAKj6C,EAAEm5C,UAGpBb,GAAUt4C,EAAGk2C,GAAW2D,EAC5B,CAWA,SAASO,GAAWp6C,EAAGq6C,GAInB,MAAM9B,EAAW8B,EAAKzC,SAChB0C,EAAWD,EAAKxC,UAAUX,YAC1BK,EAAY8C,EAAKxC,UAAUN,UAC3BF,EAAWgD,EAAKxC,UAAUR,MAChC,IAAI9oD,EAAGgB,EAEHs6C,EADAiO,GAAY,EAUhB,IAHA93C,EAAE25C,SAAW,EACb35C,EAAEu6C,SAAWzE,GAERvnD,EAAI,EAAGA,EAAI8oD,EAAO9oD,IACU,IAAzBgqD,EAAS,EAAJhqD,IACLyR,EAAEiL,OAAOjL,EAAE25C,UAAY7B,EAAWvpD,EAClCyR,EAAEu5C,MAAMhrD,GAAK,GAGbgqD,EAAS,EAAJhqD,EAAQ,GAAa,EASlC,KAAOyR,EAAE25C,SAAW,GAChB9P,EAAO7pC,EAAEiL,OAAOjL,EAAE25C,UAAY7B,EAAW,IAAMA,EAAW,EAC1DS,EAAY,EAAP1O,GAAqB,EAC1B7pC,EAAEu5C,MAAM1P,GAAQ,EAChB7pC,EAAEi5C,UAEE1B,IACAv3C,EAAEk5C,YAAcoB,EAAa,EAAPzQ,EAAW,IASzC,IALAwQ,EAAKvC,SAAWA,EAKXvpD,EAAIyR,EAAE25C,UAAY,EAAaprD,GAAK,EAAGA,IACxCmrD,GAAW15C,EAAGu4C,EAAMhqD,GAMxBs7C,EAAOwN,EACP,GAGI9oD,EAAIyR,EAAEiL,KAAK,GACXjL,EAAEiL,KAAK,GAAiBjL,EAAEiL,KAAKjL,EAAE25C,YACjCD,GAAW15C,EAAGu4C,EAAM,GAGpBhpD,EAAIyQ,EAAEiL,KAAK,GAEXjL,EAAEiL,OAAOjL,EAAEu6C,UAAYhsD,EACvByR,EAAEiL,OAAOjL,EAAEu6C,UAAYhrD,EAGvBgpD,EAAY,EAAP1O,GAAqB0O,EAAS,EAAJhqD,GAAkBgqD,EAAS,EAAJhpD,GACtDyQ,EAAEu5C,MAAM1P,IAAS7pC,EAAEu5C,MAAMhrD,IAAMyR,EAAEu5C,MAAMhqD,GAAKyQ,EAAEu5C,MAAMhrD,GAAKyR,EAAEu5C,MAAMhqD,IAAM,EACvEgpD,EAAS,EAAJhqD,EAAQ,GAAagqD,EAAS,EAAJhpD,EAAQ,GAAas6C,EAGpD7pC,EAAEiL,KAAK,GAAiB4+B,IACxB6P,GAAW15C,EAAGu4C,EAAM,SAEfv4C,EAAE25C,UAAY,GAEvB35C,EAAEiL,OAAOjL,EAAEu6C,UAAYv6C,EAAEiL,KAAK,GApflC,SAAoBjL,EAAGq6C,GAInB,MAAM9B,EAAkB8B,EAAKzC,SACvBE,EAAkBuC,EAAKvC,SACvBwC,EAAkBD,EAAKxC,UAAUX,YACjCK,EAAkB8C,EAAKxC,UAAUN,UACjCyC,EAAkBK,EAAKxC,UAAUV,WACjCqD,EAAkBH,EAAKxC,UAAUT,WACjCE,EAAkB+C,EAAKxC,UAAUP,WACvC,IAAIh5C,EACA/P,EAAGgB,EACHmR,EACA+5C,EACA3zB,EACA4zB,EAAW,EAEf,IAAKh6C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7BV,EAAE24C,SAASj4C,GAAQ,EAQvB,IAFA63C,EAA0B,EAArBv4C,EAAEiL,KAAKjL,EAAEu6C,UAAgB,GAAa,EAEtCj8C,EAAI0B,EAAEu6C,SAAW,EAAGj8C,EAAIw3C,GAAWx3C,IACpC/P,EAAIyR,EAAEiL,KAAK3M,GACXoC,EAAO63C,EAA+B,EAA1BA,EAAS,EAAJhqD,EAAQ,GAAiB,GAAa,EACnDmS,EAAO42C,IACP52C,EAAO42C,EACPoD,KAEJnC,EAAS,EAAJhqD,EAAQ,GAAamS,EAGtBnS,EAAIupD,IAIR93C,EAAE24C,SAASj4C,KACX+5C,EAAQ,EACJlsD,GAAKisD,IACLC,EAAQT,EAAMzrD,EAAIisD,IAEtB1zB,EAAIyxB,EAAS,EAAJhqD,GACTyR,EAAEi5C,SAAWnyB,GAAKpmB,EAAO+5C,GACrBlD,IACAv3C,EAAEk5C,YAAcpyB,GAAKwzB,EAAU,EAAJ/rD,EAAQ,GAAaksD,KAGxD,GAAiB,IAAbC,EAAJ,CAQA,EAAG,CAEC,IADAh6C,EAAO42C,EAAa,EACQ,IAArBt3C,EAAE24C,SAASj4C,IACdA,IAEJV,EAAE24C,SAASj4C,KACXV,EAAE24C,SAASj4C,EAAO,IAAM,EACxBV,EAAE24C,SAASrB,KAIXoD,GAAY,QACPA,EAAW,GAOpB,IAAKh6C,EAAO42C,EAAqB,IAAT52C,EAAYA,IAEhC,IADAnS,EAAIyR,EAAE24C,SAASj4C,GACF,IAANnS,GACHgB,EAAIyQ,EAAEiL,OAAO3M,GACT/O,EAAIuoD,IAGJS,EAAS,EAAJhpD,EAAQ,KAAemR,IAE5BV,EAAEi5C,UAAYv4C,EAAO63C,EAAS,EAAJhpD,EAAQ,IAAcgpD,EAAS,EAAJhpD,GACrDgpD,EAAS,EAAJhpD,EAAQ,GAAamR,GAE9BnS,KAGZ,CA2ZIosD,CAAW36C,EAAGq6C,GAGd3B,GAAUH,EAAMT,EAAU93C,EAAE24C,SAChC,CAOA,SAASiC,GAAU56C,EAAGu4C,EAAMT,GAKxB,IAAIvpD,EAEAssD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IANgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAEhB1C,EAAsB,GAAhBT,EAAW,GAAS,GAAa,MAElCvpD,EAAI,EAAGA,GAAKupD,EAAUvpD,IACvBssD,EAASE,EACTA,EAAUxC,EAAe,GAAThqD,EAAI,GAAS,KAEvBs3B,EAAQm1B,GAAaH,IAAWE,IAG3Bl1B,EAAQo1B,EACfj7C,EAAEg5C,QAAiB,EAAT6B,IAAwBh1B,EAEhB,IAAXg1B,GAEHA,IAAWC,GACX96C,EAAEg5C,QAAiB,EAAT6B,KAEd76C,EAAEg5C,QAAkB,EAAV7C,OAEHtwB,GAAS,GAChB7lB,EAAEg5C,QAAoB,EAAZ5C,MAGVp2C,EAAEg5C,QAAsB,EAAd3C,MAGdxwB,EAAQ,EACRi1B,EAAUD,EAEM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CAOA,SAASC,GAAUl7C,EAAGu4C,EAAMT,GAKxB,IAAIvpD,EAEAssD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IALgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAGX1sD,EAAI,EAAGA,GAAKupD,EAAUvpD,IAIvB,GAHAssD,EAASE,EACTA,EAAUxC,EAAe,GAAThqD,EAAI,GAAS,OAEvBs3B,EAAQm1B,GAAaH,IAAWE,GAAtC,CAGO,GAAIl1B,EAAQo1B,EACf,GACI3C,GAAUt4C,EAAG66C,EAAQ76C,EAAEg5C,eACN,KAAVnzB,QAEO,IAAXg1B,GACHA,IAAWC,IACXxC,GAAUt4C,EAAG66C,EAAQ76C,EAAEg5C,SACvBnzB,KAGJyyB,GAAUt4C,EAAGm2C,GAASn2C,EAAEg5C,SACxBb,GAAUn4C,EAAG6lB,EAAQ,EAAG,IAEjBA,GAAS,IAChByyB,GAAUt4C,EAAGo2C,GAAWp2C,EAAEg5C,SAC1Bb,GAAUn4C,EAAG6lB,EAAQ,EAAG,KAGxByyB,GAAUt4C,EAAGq2C,GAAar2C,EAAEg5C,SAC5Bb,GAAUn4C,EAAG6lB,EAAQ,GAAI,IAG7BA,EAAQ,EACRi1B,EAAUD,EACM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CA1vBAppD,GAAKmlD,IA82BL,IAAImE,IAAmB,EAKvB,SAASC,GAASp7C,GAETm7C,MApnBT,WACI,IAAI5sD,EACAmS,EACAvd,EACAs1D,EACAT,EACJ,MAAMW,EAAe/2D,MAAMm0D,GAAW,GAiBtC,IADA5yD,EAAS,EACJs1D,EAAO,EAAGA,EAAOhD,GAAe,EAAGgD,IAEpC,IADA1B,GAAY0B,GAAQt1D,EACfoL,EAAI,EAAGA,EAAI,GAAK+nD,GAAYmC,GAAOlqD,IACpCsoD,GAAa1zD,KAAYs1D,EAYjC,IAJA5B,GAAa1zD,EAAS,GAAKs1D,EAG3BT,EAAO,EACFS,EAAO,EAAGA,EAAO,GAAIA,IAEtB,IADAzB,GAAUyB,GAAQT,EACbzpD,EAAI,EAAGA,EAAI,GAAKgoD,GAAYkC,GAAOlqD,IACpCqoD,GAAWoB,KAAUS,EAK7B,IADAT,IAAS,EACFS,EAAO7C,GAAS6C,IAEnB,IADAzB,GAAUyB,GAAQT,GAAQ,EACrBzpD,EAAI,EAAGA,EAAI,GAAKgoD,GAAYkC,GAAQ,EAAGlqD,IACxCqoD,GAAW,IAAMoB,KAAUS,EAMnC,IAAK/3C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7Bi4C,EAASj4C,GAAQ,EAIrB,IADAnS,EAAI,EACGA,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KASb,IAHAD,GAAUhC,GAAcf,GAAU,EAAGgD,GAGhCpqD,EAAI,EAAGA,EAAIqnD,GAASrnD,IACrBooD,GAAiB,EAAJpoD,EAAQ,GAAa,EAClCooD,GAAiB,EAAJpoD,GAAkBiqD,GAAWjqD,EAAG,GAIjDipD,GAAgB,IAAIP,GAAeP,GAAcJ,GAAaZ,GAAW,EAAGC,GAASI,IACrF0B,GAAgB,IAAIR,GAAeN,GAAcJ,GAAa,EAAYX,GAASG,IACnF2B,GAAiB,IAAIT,MAA6BT,GAAc,EAAWX,GAAUI,GAGzF,CAmhBQoF,GACAF,IAAmB,GAGvBn7C,EAAEs7C,OAAU,IAAI3D,GAAS33C,EAAE84C,UAAWtB,IACtCx3C,EAAEu7C,OAAU,IAAI5D,GAAS33C,EAAE+4C,UAAWtB,IACtCz3C,EAAEw7C,QAAU,IAAI7D,GAAS33C,EAAEg5C,QAAStB,IAEpC13C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,EAGbS,GAAW74C,EACf,CAMA,SAASy7C,GAAiBz7C,EAAGsD,EAAKo4C,EAAYn7C,GAM1C43C,GAAUn4C,GAAIs1C,IAAgB,IAAM/0C,EAAO,EAAI,GAAI,GAhgBvD,SAAoBP,EAAGsD,EAAKpR,EAAKuU,GAM7B4yC,GAAUr5C,GAENyG,IACAwxC,GAAUj4C,EAAG9N,GACb+lD,GAAUj4C,GAAI9N,IAKlBypD,GAAe37C,EAAEk4C,YAAal4C,EAAE47C,OAAQt4C,EAAKpR,EAAK8N,EAAEupB,SACpDvpB,EAAEupB,SAAWr3B,CACjB,CAgfI2pD,CAAW77C,EAAGsD,EAAKo4C,GAAY,EACnC,CAOA,SAASI,GAAU97C,GACfm4C,GAAUn4C,EAAGu1C,IAAgB,EAAG,GAChC+C,GAAUt4C,EAAGk2C,GAAWQ,IAl0B5B,SAAkB12C,GACK,KAAfA,EAAEo4C,UACFH,GAAUj4C,EAAGA,EAAEq4C,QACfr4C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,GAENp4C,EAAEo4C,UAAY,IACrBp4C,EAAEk4C,YAAYl4C,EAAEupB,WAAwB,IAAXvpB,EAAEq4C,OAC/Br4C,EAAEq4C,SAAW,EACbr4C,EAAEo4C,UAAY,EAEtB,CAwzBI2D,CAAS/7C,EACb,CAOA,SAASg8C,GAAgBh8C,EAAGsD,EAAKo4C,EAAYn7C,GAMzC,IAAI07C,EAAUC,EACVC,EAAc,EAGdn8C,EAAEo8C,MAAQ,GAGNp8C,EAAEq8C,KAAKC,YAAclH,KACrBp1C,EAAEq8C,KAAKC,UApGnB,SAA0Bt8C,GAKtB,IACIzR,EADAguD,EAAa,WAIjB,IAAKhuD,EAAI,EAAGA,GAAK,GAAIA,IAAKguD,KAAgB,EACtC,GAAiB,EAAbA,GAAkD,IAAhCv8C,EAAE84C,UAAc,EAAJvqD,GAC9B,OAAO2mD,GAKf,GAAoC,IAAhCl1C,EAAE84C,UAAU,KAA0D,IAAjC94C,EAAE84C,UAAU,KAClB,IAAjC94C,EAAE84C,UAAU,IACV,OAAO3D,GAEX,IAAK5mD,EAAI,GAAIA,EAAImnD,GAAUnnD,IACvB,GAAoC,IAAhCyR,EAAE84C,UAAc,EAAJvqD,GACZ,OAAO4mD,GAOf,OAAOD,EACX,CAsE+BsH,CAAiBx8C,IAIxCo6C,GAAWp6C,EAAGA,EAAEs7C,QAIhBlB,GAAWp6C,EAAGA,EAAEu7C,QAUhBY,EAlMR,SAAuBn8C,GACnB,IAAIm8C,EAgBJ,IAbAvB,GAAU56C,EAAGA,EAAE84C,UAAW94C,EAAEs7C,OAAOxD,UACnC8C,GAAU56C,EAAGA,EAAE+4C,UAAW/4C,EAAEu7C,OAAOzD,UAGnCsC,GAAWp6C,EAAGA,EAAEw7C,SASXW,EAActG,GAAW,EAAGsG,GAAe,GACa,IAArDn8C,EAAEg5C,QAAgC,EAAxBvC,GAAS0F,GAAmB,GADKA,KAUnD,OAJAn8C,EAAEi5C,SAAW,GAAKkD,EAAc,GAAK,EAAI,EAAI,EAItCA,CACX,CAsKsBM,CAAcz8C,GAG5Bi8C,EAAWj8C,EAAEi5C,QAAU,EAAI,IAAM,EACjCiD,EAAcl8C,EAAEk5C,WAAa,EAAI,IAAM,EAMnCgD,GAAeD,IACfA,EAAWC,IAKfD,EAAWC,EAAcR,EAAa,EAGtCA,EAAa,GAAKO,IAAqB,IAAT34C,EAS9Bm4C,GAAiBz7C,EAAGsD,EAAKo4C,EAAYn7C,GAE9BP,EAAE08C,WAAazH,IAAWiH,IAAgBD,GAEjD9D,GAAUn4C,GAAIu1C,IAAgB,IAAMh1C,EAAO,EAAI,GAAI,GACnDq5C,GAAe55C,EAAG02C,GAAcC,MAGhCwB,GAAUn4C,GAAIw1C,IAAa,IAAMj1C,EAAO,EAAI,GAAI,GAlMxD,SAAwBP,EAAG28C,EAAQC,EAAQC,GAIvC,IAAIC,EASJ,IAHA3E,GAAUn4C,EAAG28C,EAAS,IAAK,GAC3BxE,GAAUn4C,EAAG48C,EAAS,EAAK,GAC3BzE,GAAUn4C,EAAG68C,EAAU,EAAI,GACtBC,EAAO,EAAGA,EAAOD,EAASC,IAE3B3E,GAAUn4C,EAAGA,EAAEg5C,QAAyB,EAAjBvC,GAASqG,GAAY,GAAY,GAI5D5B,GAAUl7C,EAAGA,EAAE84C,UAAW6D,EAAS,GAGnCzB,GAAUl7C,EAAGA,EAAE+4C,UAAW6D,EAAS,EAEvC,CA2KQG,CAAe/8C,EAAGA,EAAEs7C,OAAOxD,SAAW,EAAG93C,EAAEu7C,OAAOzD,SAAW,EAAGqE,EAAc,GAC9EvC,GAAe55C,EAAGA,EAAE84C,UAAW94C,EAAE+4C,YAMrCF,GAAW74C,GAEPO,GACA84C,GAAUr5C,EAIlB,CAMA,SAASg9C,GAAUh9C,EAAGg4C,EAAM+B,GAmDxB,OA5CA/5C,EAAEk4C,YAAYl4C,EAAEk6C,MAAqB,EAAbl6C,EAAEm5C,UAAoBnB,IAAS,EAAI,IAC3Dh4C,EAAEk4C,YAAYl4C,EAAEk6C,MAAqB,EAAbl6C,EAAEm5C,SAAe,GAAY,IAAPnB,EAE9Ch4C,EAAEk4C,YAAYl4C,EAAEm6C,MAAQn6C,EAAEm5C,UAAiB,IAALY,EACtC/5C,EAAEm5C,WAEW,IAATnB,EAEAh4C,EAAE84C,UAAe,EAALiB,MAEZ/5C,EAAEo5C,UAEFpB,IAKAh4C,EAAE84C,UAA8C,GAAnCjC,GAAakD,GAAMrE,GAAW,MAC3C11C,EAAE+4C,UAAyB,EAAfhB,GAAOC,OA0BhBh4C,EAAEm5C,WAAan5C,EAAEi9C,YAAc,CAK1C,CCxrCe,SAASC,GAAQC,EAAO75C,EAAKpR,EAAK9M,GAC7C,IAAImpB,EAAa,MAAR4uC,EAAgB,EACrB3uC,EAAK2uC,IAAU,GAAK,MAAQ,EAC5B5uD,EAAI,EAER,KAAe,IAAR2D,GAAW,CAId3D,EAAI2D,EAAM,IAAO,IAAOA,EACxBA,GAAO3D,EAEP,GACIggB,EAAKA,EAAKjL,EAAIle,KAAQ,EACtBopB,EAAKA,EAAKD,EAAI,UACPhgB,GAEXggB,GAAM,MACNC,GAAM,MAGV,OAAOD,EAAKC,GAAM,GAAI,CAC1B,CCLA,MAAM4uC,GAhBN,WACI,IAAI7+C,EACJ,MAAM8+C,EAAQ,GAEd,IAAK,IAAI9uD,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1BgQ,EAAIhQ,EACJ,IAAK,IAAI6P,EAAI,EAAGA,EAAI,EAAGA,IACnBG,EAAQ,EAAJA,EAAQ,WAAaA,IAAM,EAAIA,IAAM,EAE7C8+C,EAAM9uD,GAAKgQ,EAGf,OAAO8+C,CACX,CAGiBC,GAGF,SAASC,GAAMv2C,EAAK1D,EAAKpR,EAAK9M,GACzC,MAAMgb,EAAIg9C,GACN1vD,EAAMtI,EAAM8M,EAEhB8U,IAAQ,EAER,IAAK,IAAI9hB,EAAIE,EAAKF,EAAIwI,EAAKxI,IACvB8hB,EAAMA,IAAQ,EAAI5G,EAAmB,KAAhB4G,EAAM1D,EAAIpe,KAGnC,OAAc,EAAP8hB,CACX,CCnCA,OAAe,CACX,EAAQ,kBACR,EAAQ,aACR,EAAQ,GACR,KAAQ,aACR,KAAQ,eACR,KAAQ,aACR,KAAQ,sBACR,KAAQ,eACR,KAAQ,wBCwBZ,MAAMw2C,GAAgB,EAsBhBC,GAAY,EACZ3G,GAAY,IACZ4G,GAAiB5G,GAAY2G,GAAY,EAEzCE,GAAc,GAEdC,GAAa,GACbC,GAAc,GACdC,GAAa,GACbC,GAAgB,GAChBC,GAAa,IACbC,GAAa,IACbC,GAAe,IAEfC,GAAe,EACfC,GAAgB,EAChBC,GAAoB,EACpBC,GAAiB,EAEjBC,GAAU,EAEhB,SAAS/a,GAAI6Y,EAAMmC,GAEjB,OADAnC,EAAK50B,IAAMA,GAAI+2B,GACRA,CACT,CAEA,SAAS1B,GAAKh2B,GACZ,OAAQ,GAAO,IAAM,EAAM,EAAI,EAAI,EACrC,CAEA,SAASj1B,GAAKyR,GAAO,IAAIpR,EAAMoR,EAAIngB,OAAQ,OAAS+O,GAAO,GAAKoR,EAAIpR,GAAO,EAS3E,SAASusD,GAAcpC,GACrB,MAAMr8C,EAAIq8C,EAAK9qB,MAGf,IAAIr/B,EAAM8N,EAAEupB,QACRr3B,EAAMmqD,EAAKqC,YACbxsD,EAAMmqD,EAAKqC,WAED,IAARxsD,IAEJypD,GAAeU,EAAKrwD,OAAQgU,EAAEk4C,YAAal4C,EAAE2+C,YAAazsD,EAAKmqD,EAAKuC,UACpEvC,EAAKuC,UAAY1sD,EACjB8N,EAAE2+C,aAAezsD,EACjBmqD,EAAKwC,WAAa3sD,EAClBmqD,EAAKqC,WAAaxsD,EAClB8N,EAAEupB,SAAWr3B,EACK,IAAd8N,EAAEupB,UACJvpB,EAAE2+C,YAAc,GAEpB,CAGA,SAASG,GAAiB9+C,EAAGO,GAC3Bw+C,GAAsB/+C,EAAIA,EAAEg/C,aAAe,EAAIh/C,EAAEg/C,aAAe,EAAIh/C,EAAEi/C,SAAWj/C,EAAEg/C,YAAaz+C,GAChGP,EAAEg/C,YAAch/C,EAAEi/C,SAClBR,GAAcz+C,EAAEq8C,KAClB,CAGA,SAAS6C,GAASl/C,EAAG5P,GACnB4P,EAAEk4C,YAAYl4C,EAAEupB,WAAan5B,CAC/B,CAQA,SAAS+uD,GAAYn/C,EAAG5P,GAGtB4P,EAAEk4C,YAAYl4C,EAAEupB,WAAcn5B,IAAM,EAAK,IACzC4P,EAAEk4C,YAAYl4C,EAAEupB,WAAiB,IAAJn5B,CAC/B,CAUA,SAASgvD,GAAS/C,EAAM/4C,EAAKvd,EAAOoB,GAClC,IAAI+K,EAAMmqD,EAAKgD,SAGf,OADIntD,EAAM/K,IAAQ+K,EAAM/K,GACZ,IAAR+K,EAAoB,GAExBmqD,EAAKgD,UAAYntD,EAGjBypD,GAAer4C,EAAK+4C,EAAKh6D,MAAOg6D,EAAKiD,QAASptD,EAAKnM,GAC3B,IAApBs2D,EAAK9qB,MAAMub,KACbuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAO75C,EAAKpR,EAAKnM,GAGhB,IAApBs2D,EAAK9qB,MAAMub,OAClBuP,EAAKc,MAAQI,GAAMlB,EAAKc,MAAO75C,EAAKpR,EAAKnM,IAG3Cs2D,EAAKiD,SAAWptD,EAChBmqD,EAAKkD,UAAYrtD,EAEVA,EACT,CAYA,SAASstD,GAAcx/C,EAAGy/C,GACxB,IAEI/4C,EACAxU,EAHAwtD,EAAe1/C,EAAE2/C,iBACjBC,EAAO5/C,EAAEi/C,SAGTY,EAAW7/C,EAAE8/C,YACbC,EAAa//C,EAAE+/C,WACnB,MAAMC,EAAShgD,EAAEi/C,SAAYj/C,EAAEigD,OAASvC,GACtC19C,EAAEi/C,UAAYj/C,EAAEigD,OAASvC,IAAiB,EAEtCwC,EAAOlgD,EAAE47C,OAETuE,EAAQngD,EAAEogD,OACV31D,EAAOuV,EAAEvV,KAMT41D,EAASrgD,EAAEi/C,SAAWnI,GAC5B,IAAIwJ,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,GAQvB7/C,EAAE8/C,aAAe9/C,EAAEwgD,aACrBd,IAAiB,GAKfK,EAAa//C,EAAEygD,YAAaV,EAAa//C,EAAEygD,WAI/C,GAaE,GAXA/5C,EAAQ+4C,EAWJS,EAAKx5C,EAAQm5C,KAAcU,GAC7BL,EAAKx5C,EAAQm5C,EAAW,KAAOS,GAC/BJ,EAAKx5C,KAAWw5C,EAAKN,IACrBM,IAAOx5C,KAAWw5C,EAAKN,EAAO,GAHhC,CAaAA,GAAQ,EACRl5C,IAMA,UAESw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACnEw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACxDk5C,EAAOS,GAOT,GAHAnuD,EAAM4kD,IAAauJ,EAAST,GAC5BA,EAAOS,EAASvJ,GAEZ5kD,EAAM2tD,EAAU,CAGlB,GAFA7/C,EAAE0gD,YAAcjB,EAChBI,EAAW3tD,EACPA,GAAO6tD,EACT,MAEFO,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,YAEjBJ,EAAYh1D,EAAKg1D,EAAYU,IAAUH,GAA4B,KAAjBN,GAE5D,OAAIG,GAAY7/C,EAAEygD,UACTZ,EAEF7/C,EAAEygD,SACX,CAaA,SAASE,GAAY3gD,GACnB,MAAM4gD,EAAU5gD,EAAEigD,OAClB,IAAIzrC,EAAGjmB,EAAGgB,EAAGsxD,EAAMpiD,EAInB,EAAG,CAqBD,GApBAoiD,EAAO7gD,EAAE8gD,YAAc9gD,EAAEygD,UAAYzgD,EAAEi/C,SAoBnCj/C,EAAEi/C,UAAY2B,GAAWA,EAAUlD,IAAgB,CAErD/B,GAAe37C,EAAE47C,OAAQ57C,EAAE47C,OAAQgF,EAASA,EAAS,GACrD5gD,EAAE0gD,aAAeE,EACjB5gD,EAAEi/C,UAAY2B,EAEd5gD,EAAEg/C,aAAe4B,EASjBryD,EAAIyR,EAAE+gD,UACNvsC,EAAIjmB,EACJ,GACEgB,EAAIyQ,EAAEghD,OAAOxsC,GACbxU,EAAEghD,KAAKxsC,GAAMjlB,GAAKqxD,EAAUrxD,EAAIqxD,EAAU,UACjCryD,GAEXA,EAAIqyD,EACJpsC,EAAIjmB,EACJ,GACEgB,EAAIyQ,EAAEvV,OAAO+pB,GACbxU,EAAEvV,KAAK+pB,GAAMjlB,GAAKqxD,EAAUrxD,EAAIqxD,EAAU,UAIjCryD,GAEXsyD,GAAQD,EAEV,GAAwB,IAApB5gD,EAAEq8C,KAAKgD,SACT,MAmBF,GAJA9wD,EAAI6wD,GAASp/C,EAAEq8C,KAAMr8C,EAAE47C,OAAQ57C,EAAEi/C,SAAWj/C,EAAEygD,UAAWI,GACzD7gD,EAAEygD,WAAalyD,EAGXyR,EAAEygD,UAAYzgD,EAAEihD,QAAUxD,GAS5B,IARAh/C,EAAMuB,EAAEi/C,SAAWj/C,EAAEihD,OACrBjhD,EAAEkhD,MAAQlhD,EAAE47C,OAAOn9C,GAGnBuB,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAM,IAAMuB,EAAEohD,UAIvDphD,EAAEihD,SAEPjhD,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAMg/C,GAAY,IAAMz9C,EAAEohD,UAE1EphD,EAAEvV,KAAKgU,EAAMuB,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OAClClhD,EAAEghD,KAAKhhD,EAAEkhD,OAASziD,EAClBA,IACAuB,EAAEihD,WACEjhD,EAAEygD,UAAYzgD,EAAEihD,OAASxD,cAS1Bz9C,EAAEygD,UAAY/C,IAAqC,IAApB19C,EAAEq8C,KAAKgD,SAsCjD,CA6GA,SAASgC,GAAarhD,EAAGshD,GACvB,IAAIC,EACAC,EAEJ,OAAU,CAMR,GAAIxhD,EAAEygD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY3gD,GACRA,EAAEygD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UACJ,MA2BJ,GApBAc,EAAY,EACRvhD,EAAEygD,WAAahD,KAEjBz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,UAOJ,IAAdsC,GAA4BvhD,EAAEi/C,SAAWsC,GAAevhD,EAAEigD,OAASvC,KAKrE19C,EAAEyhD,aAAejC,GAAcx/C,EAAGuhD,IAGhCvhD,EAAEyhD,cAAgBhE,GAYpB,GAPA+D,EAASE,GAAgB1hD,EAAGA,EAAEi/C,SAAWj/C,EAAE0gD,YAAa1gD,EAAEyhD,aAAehE,IAEzEz9C,EAAEygD,WAAazgD,EAAEyhD,aAKbzhD,EAAEyhD,cAAgBzhD,EAAE2hD,gBAAuC3hD,EAAEygD,WAAahD,GAAW,CACvFz9C,EAAEyhD,eACF,GACEzhD,EAAEi/C,WAEFj/C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,eAKQ,KAAnBj/C,EAAEyhD,cACbzhD,EAAEi/C,gBAEFj/C,EAAEi/C,UAAYj/C,EAAEyhD,aAChBzhD,EAAEyhD,aAAe,EACjBzhD,EAAEkhD,MAAQlhD,EAAE47C,OAAO57C,EAAEi/C,UAErBj/C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAAMj/C,EAAEohD,eAavEI,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAE1Cj/C,EAAEygD,YACFzgD,EAAEi/C,WAEJ,GAAIuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAWjhD,EAAEi/C,SAAYxB,GAAY,EAAMz9C,EAAEi/C,SAAWxB,GAAY,EAClE6D,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CAOA,SAASwD,GAAa5hD,EAAGshD,GACvB,IAAIC,EACAC,EAEAK,EAGJ,OAAU,CAMR,GAAI7hD,EAAEygD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY3gD,GACRA,EAAEygD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UAAmB,MA0C3B,GApCAc,EAAY,EACRvhD,EAAEygD,WAAahD,KAEjBz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,UAMtBj/C,EAAE8/C,YAAc9/C,EAAEyhD,aAClBzhD,EAAE8hD,WAAa9hD,EAAE0gD,YACjB1gD,EAAEyhD,aAAehE,GAAY,EAEX,IAAd8D,GAA0BvhD,EAAE8/C,YAAc9/C,EAAE2hD,gBAC9C3hD,EAAEi/C,SAAWsC,GAAcvhD,EAAEigD,OAASvC,KAKtC19C,EAAEyhD,aAAejC,GAAcx/C,EAAGuhD,GAG9BvhD,EAAEyhD,cAAgB,IACnBzhD,EAAE08C,WAAa5H,IAAe90C,EAAEyhD,eAAiBhE,IAAaz9C,EAAEi/C,SAAWj/C,EAAE0gD,YAAc,QAK5F1gD,EAAEyhD,aAAehE,GAAY,IAM7Bz9C,EAAE8/C,aAAerC,IAAaz9C,EAAEyhD,cAAgBzhD,EAAE8/C,YAAa,CACjE+B,EAAa7hD,EAAEi/C,SAAWj/C,EAAEygD,UAAYhD,GAOxC+D,EAASE,GAAgB1hD,EAAGA,EAAEi/C,SAAW,EAAIj/C,EAAE8hD,WAAY9hD,EAAE8/C,YAAcrC,IAM3Ez9C,EAAEygD,WAAazgD,EAAE8/C,YAAc,EAC/B9/C,EAAE8/C,aAAe,EACjB,KACQ9/C,EAAEi/C,UAAY4C,IAElB7hD,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,gBAGK,KAAlBj/C,EAAE8/C,aAKb,GAJA9/C,EAAE+hD,gBAAkB,EACpB/hD,EAAEyhD,aAAehE,GAAY,EAC7Bz9C,EAAEi/C,WAEEuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,QAKN,GAAIn+C,EAAE+hD,iBAgBX,GATAP,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAEjDuC,GAEF1C,GAAiB9+C,GAAG,GAGtBA,EAAEi/C,WACFj/C,EAAEygD,YACuB,IAArBzgD,EAAEq8C,KAAKqC,UACT,OAAOP,QAMTn+C,EAAE+hD,gBAAkB,EACpB/hD,EAAEi/C,WACFj/C,EAAEygD,YAYN,OARIzgD,EAAE+hD,kBAGJP,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAErDj/C,EAAE+hD,gBAAkB,GAEtB/hD,EAAEihD,OAASjhD,EAAEi/C,SAAWxB,GAAY,EAAIz9C,EAAEi/C,SAAWxB,GAAY,EAC7D6D,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAKJC,EACT,CAgKA,MAAM4D,GACJngE,YAAYogE,EAAaC,EAAUC,EAAaC,EAAWC,GACzDtgE,KAAKkgE,YAAcA,EACnBlgE,KAAKmgE,SAAWA,EAChBngE,KAAKogE,YAAcA,EACnBpgE,KAAKqgE,UAAYA,EACjBrgE,KAAKsgE,KAAOA,GAIhB,MAAMC,GAAsB,CAE1B,IAAIN,GAAO,EAAG,EAAG,EAAG,GAviBtB,SAAwBhiD,EAAGshD,GAIzB,IAAIiB,EAAiB,MAOrB,IALIA,EAAiBviD,EAAEwiD,iBAAmB,IACxCD,EAAiBviD,EAAEwiD,iBAAmB,KAI9B,CAER,GAAIxiD,EAAEygD,WAAa,EAAG,CAUpB,GADAE,GAAY3gD,GACQ,IAAhBA,EAAEygD,WAAmBa,IAAUtN,GACjC,OAAOmK,GAGT,GAAoB,IAAhBn+C,EAAEygD,UACJ,MAOJzgD,EAAEi/C,UAAYj/C,EAAEygD,UAChBzgD,EAAEygD,UAAY,EAGd,MAAMgC,EAAYziD,EAAEg/C,YAAcuD,EAElC,IAAmB,IAAfviD,EAAEi/C,UAAkBj/C,EAAEi/C,UAAYwD,KAEpCziD,EAAEygD,UAAYzgD,EAAEi/C,SAAWwD,EAC3BziD,EAAEi/C,SAAWwD,EAEb3D,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GASX,GAAIn+C,EAAEi/C,SAAWj/C,EAAEg/C,aAAgBh/C,EAAEigD,OAASvC,KAE5CoB,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAQb,OAFAn+C,EAAEihD,OAAS,EAEPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,KAGLt+C,EAAEi/C,SAAWj/C,EAAEg/C,cAEjBF,GAAiB9+C,GAAG,GAChBA,EAAEq8C,KAAKqC,WACFP,GAMb,IA+cE,IAAI6D,GAAO,EAAG,EAAG,EAAG,EAAGX,IACvB,IAAIW,GAAO,EAAG,EAAG,GAAI,EAAGX,IACxB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIX,IAEzB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIJ,IACzB,IAAII,GAAO,EAAG,GAAI,GAAI,GAAIJ,IAC1B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,IAC/B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,KA6BjC,MAAMc,GACJ7gE,cACEE,KAAKs6D,KAAO,KACZt6D,KAAK4gE,OAAS,EACd5gE,KAAKm2D,YAAc,KACnBn2D,KAAKygE,iBAAmB,EACxBzgE,KAAK48D,YAAc,EACnB58D,KAAKwnC,QAAU,EACfxnC,KAAK+qD,KAAO,EACZ/qD,KAAK6gE,OAAS,KACd7gE,KAAK8gE,QAAU,EACf9gE,KAAK+gE,OAASzN,GACdtzD,KAAKghE,YAAc,EAEnBhhE,KAAKk+D,OAAS,EACdl+D,KAAKihE,OAAS,EACdjhE,KAAKq+D,OAAS,EAEdr+D,KAAK65D,OAAS,KAQd75D,KAAK++D,YAAc,EAKnB/+D,KAAK0I,KAAO,KAMZ1I,KAAKi/D,KAAO,KAEZj/D,KAAKm/D,MAAQ,EACbn/D,KAAKg/D,UAAY,EACjBh/D,KAAKkhE,UAAY,EACjBlhE,KAAKq/D,UAAY,EAEjBr/D,KAAKo/D,WAAa,EAOlBp/D,KAAKi9D,YAAc,EAKnBj9D,KAAK0/D,aAAe,EACpB1/D,KAAK+/D,WAAa,EAClB//D,KAAKggE,gBAAkB,EACvBhgE,KAAKk9D,SAAW,EAChBl9D,KAAK2+D,YAAc,EACnB3+D,KAAK0+D,UAAY,EAEjB1+D,KAAK+9D,YAAc,EAKnB/9D,KAAK49D,iBAAmB,EAMxB59D,KAAK4/D,eAAiB,EAYtB5/D,KAAKq6D,MAAQ,EACbr6D,KAAK26D,SAAW,EAEhB36D,KAAKy+D,WAAa,EAGlBz+D,KAAKg+D,WAAa,EAYlBh+D,KAAK+2D,UAAa,IAAIoK,GAAYpN,MAClC/zD,KAAKg3D,UAAa,IAAImK,GAAY,KAClCnhE,KAAKi3D,QAAa,IAAIkK,GAAY,IAClCrxD,GAAK9P,KAAK+2D,WACVjnD,GAAK9P,KAAKg3D,WACVlnD,GAAK9P,KAAKi3D,SAEVj3D,KAAKu5D,OAAW,KAChBv5D,KAAKw5D,OAAW,KAChBx5D,KAAKy5D,QAAW,KAGhBz5D,KAAK42D,SAAW,IAAIuK,GAAYnN,IAIhCh0D,KAAKkpB,KAAO,IAAIi4C,GAAY,KAC5BrxD,GAAK9P,KAAKkpB,MAEVlpB,KAAK43D,SAAW,EAChB53D,KAAKw4D,SAAW,EAKhBx4D,KAAKw3D,MAAQ,IAAI2J,GAAY,KAC7BrxD,GAAK9P,KAAKw3D,OAIVx3D,KAAKo4D,MAAQ,EAEbp4D,KAAKk7D,YAAc,EAoBnBl7D,KAAKo3D,SAAW,EAEhBp3D,KAAKm4D,MAAQ,EAMbn4D,KAAKk3D,QAAU,EACfl3D,KAAKm3D,WAAa,EAClBn3D,KAAKq3D,QAAU,EACfr3D,KAAKk/D,OAAS,EAGdl/D,KAAKs2D,OAAS,EAIdt2D,KAAKq2D,SAAW,GA6CpB,SAAS+K,GAAa9G,GACpB,MAAMlsC,EA9BR,SAA0BksC,GACxB,IAAIr8C,EAEJ,OAAKq8C,GAASA,EAAK9qB,OAInB8qB,EAAKkD,SAAWlD,EAAKwC,UAAY,EACjCxC,EAAKC,UAAYlH,GAEjBp1C,EAAIq8C,EAAK9qB,MACTvxB,EAAEupB,QAAU,EACZvpB,EAAE2+C,YAAc,EAEZ3+C,EAAE8sC,KAAO,IACX9sC,EAAE8sC,MAAQ9sC,EAAE8sC,MAGd9sC,EAAE2iD,OAAU3iD,EAAE8sC,KAAO8Q,GAAaK,GAClC5B,EAAKc,MAAoB,IAAXn9C,EAAE8sC,KACd,EAEA,EACF9sC,EAAE+iD,WAAa/O,GACfoP,GAAepjD,GACRu0C,IArBE/Q,GAAI6Y,EAAM3H,GAsBrB,CAIc2O,CAAiBhH,GAI7B,OAHIlsC,IAAQokC,IAnPd,SAAiBv0C,GACfA,EAAE8gD,YAAc,EAAI9gD,EAAEigD,OAGtBpuD,GAAKmO,EAAEghD,MAIPhhD,EAAE2hD,eAAiBW,GAAoBtiD,EAAEo8C,OAAO8F,SAChDliD,EAAEwgD,WAAa8B,GAAoBtiD,EAAEo8C,OAAO6F,YAC5CjiD,EAAE+/C,WAAauC,GAAoBtiD,EAAEo8C,OAAO+F,YAC5CniD,EAAE2/C,iBAAmB2C,GAAoBtiD,EAAEo8C,OAAOgG,UAElDpiD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEygD,UAAY,EACdzgD,EAAEihD,OAAS,EACXjhD,EAAEyhD,aAAezhD,EAAE8/C,YAAcrC,GAAY,EAC7Cz9C,EAAE+hD,gBAAkB,EACpB/hD,EAAEkhD,MAAQ,CACZ,CAgOIoC,CAAQjH,EAAK9qB,OAERphB,CACT,CA6FA,SAASozC,GAAQlH,EAAMiF,GACrB,IAAIkC,EAAWxjD,EACXyjD,EAAKj8B,EAET,IAAK60B,IAASA,EAAK9qB,OACjB+vB,EAAQjN,IAAWiN,EAAQ,EAC3B,OAAOjF,EAAO7Y,GAAI6Y,EAAM3H,IAAkBA,GAK5C,GAFA10C,EAAIq8C,EAAK9qB,OAEJ8qB,EAAKrwD,SACNqwD,EAAKh6D,OAA2B,IAAlBg6D,EAAKgD,UACpBr/C,EAAE2iD,SAAWzE,IAAgBoD,IAAUlN,GACxC,OAAO5Q,GAAI6Y,EAA0B,IAAnBA,EAAKqC,UAAmB9J,GAAcF,IAQ1D,GALA10C,EAAEq8C,KAAOA,EACTmH,EAAYxjD,EAAE+iD,WACd/iD,EAAE+iD,WAAazB,EAGXthD,EAAE2iD,SAAW/E,GAEf,GAAe,IAAX59C,EAAE8sC,KACJuP,EAAKc,MAAQ,EACb+B,GAASl/C,EAAG,IACZk/C,GAASl/C,EAAG,KACZk/C,GAASl/C,EAAG,GACPA,EAAE4iD,QAaL1D,GAASl/C,GAAIA,EAAE4iD,OAAOxqD,KAAO,EAAI,IAC9B4H,EAAE4iD,OAAOc,KAAO,EAAI,IACnB1jD,EAAE4iD,OAAO5I,MAAY,EAAJ,IACjBh6C,EAAE4iD,OAAOv1D,KAAW,EAAJ,IAChB2S,EAAE4iD,OAAOe,QAAc,GAAJ,IAEvBzE,GAASl/C,EAAmB,IAAhBA,EAAE4iD,OAAO3lD,MACrBiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,EAAK,KACnCiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,GAAM,KACpCiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,GAAM,KACpCiiD,GAASl/C,EAAe,IAAZA,EAAEo8C,MAAc,EACzBp8C,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EACzC,EAAI,GACR8C,GAASl/C,EAAiB,IAAdA,EAAE4iD,OAAOgB,IACjB5jD,EAAE4iD,OAAO5I,OAASh6C,EAAE4iD,OAAO5I,MAAM72D,SACnC+7D,GAASl/C,EAA2B,IAAxBA,EAAE4iD,OAAO5I,MAAM72D,QAC3B+7D,GAASl/C,EAAIA,EAAE4iD,OAAO5I,MAAM72D,QAAU,EAAK,MAEzC6c,EAAE4iD,OAAOc,OACXrH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAS,IAE3DvpB,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS9E,KAlCXqB,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAe,IAAZA,EAAEo8C,MAAc,EACzBp8C,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EACzC,EAAI,GACR8C,GAASl/C,EAAGu+C,IACZv+C,EAAE2iD,OAAS1E,QA6Bf,CACE,IAAIx3C,EAAU4uC,IAAer1C,EAAEgjD,OAAS,GAAM,IAAO,EACjDa,GAAe,EAGjBA,EADE7jD,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EAC9B,EACLp8C,EAAEo8C,MAAQ,EACL,EACO,IAAZp8C,EAAEo8C,MACG,EAEA,EAEhB31C,GAAWo9C,GAAe,EACP,IAAf7jD,EAAEi/C,WAAkBx4C,GAAUk3C,IAClCl3C,GAAU,GAAMA,EAAS,GAEzBzG,EAAE2iD,OAAS1E,GACXkB,GAAYn/C,EAAGyG,GAGI,IAAfzG,EAAEi/C,WACJE,GAAYn/C,EAAGq8C,EAAKc,QAAU,IAC9BgC,GAAYn/C,EAAgB,MAAbq8C,EAAKc,QAEtBd,EAAKc,MAAQ,EAKjB,GAAIn9C,EAAE2iD,SAAW9E,GACf,GAAI79C,EAAE4iD,OAAO5I,MAAqB,CAGhC,IAFAyJ,EAAMzjD,EAAEupB,QAEDvpB,EAAE6iD,SAAmC,MAAxB7iD,EAAE4iD,OAAO5I,MAAM72D,UAC7B6c,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,oBAItBtD,GAASl/C,EAA+B,IAA5BA,EAAE4iD,OAAO5I,MAAMh6C,EAAE6iD,UAC7B7iD,EAAE6iD,UAEA7iD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAE7DzjD,EAAE6iD,UAAY7iD,EAAE4iD,OAAO5I,MAAM72D,SAC/B6c,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS7E,SAIb99C,EAAE2iD,OAAS7E,GAGf,GAAI99C,EAAE2iD,SAAW7E,GACf,GAAI99C,EAAE4iD,OAAOv1D,KAAoB,CAC/Bo2D,EAAMzjD,EAAEupB,QAGR,EAAG,CACD,GAAIvpB,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADExnB,EAAE6iD,QAAU7iD,EAAE4iD,OAAOv1D,KAAKlK,OACkB,IAAxC6c,EAAE4iD,OAAOv1D,KAAKsR,WAAWqB,EAAE6iD,WAE3B,EAER3D,GAASl/C,EAAGwnB,SACG,IAARA,GAELxnB,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFxnB,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS5E,SAIb/9C,EAAE2iD,OAAS5E,GAGf,GAAI/9C,EAAE2iD,SAAW5E,GACf,GAAI/9C,EAAE4iD,OAAOe,QAAuB,CAClCF,EAAMzjD,EAAEupB,QAGR,EAAG,CACD,GAAIvpB,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADExnB,EAAE6iD,QAAU7iD,EAAE4iD,OAAOe,QAAQxgE,OACkB,IAA3C6c,EAAE4iD,OAAOe,QAAQhlD,WAAWqB,EAAE6iD,WAE9B,EAER3D,GAASl/C,EAAGwnB,SACG,IAARA,GAELxnB,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFxnB,EAAE2iD,OAAS3E,SAIbh+C,EAAE2iD,OAAS3E,GAsBf,GAnBIh+C,EAAE2iD,SAAW3E,KACXh+C,EAAE4iD,OAAOc,MACP1jD,EAAEupB,QAAU,EAAIvpB,EAAEwiD,kBACpB/D,GAAcpC,GAEZr8C,EAAEupB,QAAU,GAAKvpB,EAAEwiD,mBACrBtD,GAASl/C,EAAgB,IAAbq8C,EAAKc,OACjB+B,GAASl/C,EAAIq8C,EAAKc,OAAS,EAAK,KAChCd,EAAKc,MAAQ,EACbn9C,EAAE2iD,OAAS1E,KAIbj+C,EAAE2iD,OAAS1E,IAMG,IAAdj+C,EAAEupB,SAEJ,GADAk1B,GAAcpC,GACS,IAAnBA,EAAKqC,UAQP,OADA1+C,EAAE+iD,YAAc,EACTxO,QAOJ,GAAsB,IAAlB8H,EAAKgD,UAAkBvC,GAAKwE,IAAUxE,GAAK0G,IACpDlC,IAAUlN,GACV,OAAO5Q,GAAI6Y,EAAMzH,IAInB,GAAI50C,EAAE2iD,SAAWzE,IAAkC,IAAlB7B,EAAKgD,SACpC,OAAO7b,GAAI6Y,EAAMzH,IAKnB,GAAsB,IAAlByH,EAAKgD,UAAkC,IAAhBr/C,EAAEygD,WAC1Ba,IAAUtN,IAAch0C,EAAE2iD,SAAWzE,GAAe,CACrD,IAAI4F,EAAU9jD,EAAE08C,WAAa3H,GAvqBjC,SAAsB/0C,EAAGshD,GACvB,IAAIE,EAEJ,OAAU,CAER,GAAoB,IAAhBxhD,EAAEygD,YACJE,GAAY3gD,GACQ,IAAhBA,EAAEygD,WAAiB,CACrB,GAAIa,IAAUtN,GACZ,OAAOmK,GAET,MAWJ,GANAn+C,EAAEyhD,aAAe,EAGjBD,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAC1Cj/C,EAAEygD,YACFzgD,EAAEi/C,WACEuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CAqnBmD2F,CAAa/jD,EAAGshD,GAC5DthD,EAAE08C,WAAa1H,GAvwBtB,SAAqBh1C,EAAGshD,GACtB,IAAIE,EACA/2D,EACAm1D,EAAMS,EAEV,MAAMH,EAAOlgD,EAAE47C,OAEf,OAAU,CAKR,GAAI57C,EAAEygD,WAAa3J,GAAW,CAE5B,GADA6J,GAAY3gD,GACRA,EAAEygD,WAAa3J,IAAawK,IAAUtN,GACxC,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UAAmB,MAK3B,GADAzgD,EAAEyhD,aAAe,EACbzhD,EAAEygD,WAAahD,IAAaz9C,EAAEi/C,SAAW,IAC3CW,EAAO5/C,EAAEi/C,SAAW,EACpBx0D,EAAOy1D,EAAKN,GACRn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAAO,CAC3ES,EAASrgD,EAAEi/C,SAAWnI,GACtB,UAESrsD,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAClDn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACzCn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACzCn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACvCA,EAAOS,GACTrgD,EAAEyhD,aAAe3K,IAAauJ,EAAST,GACnC5/C,EAAEyhD,aAAezhD,EAAEygD,YACrBzgD,EAAEyhD,aAAezhD,EAAEygD,WAyBzB,GAlBIzgD,EAAEyhD,cAAgBhE,IAIpB+D,EAASE,GAAgB1hD,EAAG,EAAGA,EAAEyhD,aAAehE,IAEhDz9C,EAAEygD,WAAazgD,EAAEyhD,aACjBzhD,EAAEi/C,UAAYj/C,EAAEyhD,aAChBzhD,EAAEyhD,aAAe,IAKjBD,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAE1Cj/C,EAAEygD,YACFzgD,EAAEi/C,YAEAuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CA8qB8B4F,CAAYhkD,EAAGshD,GACrCgB,GAAoBtiD,EAAEo8C,OAAOiG,KAAKriD,EAAGshD,GAKzC,GAHIwC,IAAWzF,IAAqByF,IAAWxF,KAC7Ct+C,EAAE2iD,OAASzE,IAET4F,IAAW3F,IAAgB2F,IAAWzF,GAKxC,OAJuB,IAAnBhC,EAAKqC,YACP1+C,EAAE+iD,YAAc,GAGXxO,GAST,GAAIuP,IAAW1F,KACTkD,IAAUrN,GACZgQ,GAAgBjkD,GAETshD,IAAUjN,KAEjB6P,GAAuBlkD,EAAG,EAAG,GAAG,GAI5BshD,IAAUnN,KAEZtiD,GAAKmO,EAAEghD,MAEa,IAAhBhhD,EAAEygD,YACJzgD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEihD,OAAS,KAIjBxC,GAAcpC,GACS,IAAnBA,EAAKqC,WAEP,OADA1+C,EAAE+iD,YAAc,EACTxO,GAOb,OAAI+M,IAAUlN,GAAmBG,GAC7Bv0C,EAAE8sC,MAAQ,EAAY0H,IAGX,IAAXx0C,EAAE8sC,MACJoS,GAASl/C,EAAgB,IAAbq8C,EAAKc,OACjB+B,GAASl/C,EAAIq8C,EAAKc,OAAS,EAAK,KAChC+B,GAASl/C,EAAIq8C,EAAKc,OAAS,GAAM,KACjC+B,GAASl/C,EAAIq8C,EAAKc,OAAS,GAAM,KACjC+B,GAASl/C,EAAmB,IAAhBq8C,EAAKkD,UACjBL,GAASl/C,EAAIq8C,EAAKkD,UAAY,EAAK,KACnCL,GAASl/C,EAAIq8C,EAAKkD,UAAY,GAAM,KACpCL,GAASl/C,EAAIq8C,EAAKkD,UAAY,GAAM,OAGpCJ,GAAYn/C,EAAGq8C,EAAKc,QAAU,IAC9BgC,GAAYn/C,EAAgB,MAAbq8C,EAAKc,QAGtBsB,GAAcpC,GAIVr8C,EAAE8sC,KAAO,IAAK9sC,EAAE8sC,MAAQ9sC,EAAE8sC,MAET,IAAd9sC,EAAEupB,QAAgBgrB,GAAOC,GAClC,CChqDA,IACI/3C,OAAOsC,aAAaC,KAAM,KAAQ,EACtC,CAAE,MAAOmlD,GAET,CACA,IACI1nD,OAAOsC,aAAaC,MAAM,KAAM,IAAIla,WAAW,GACnD,CAAE,MAAOq/D,GAET,CAMA,MAAMC,GAAW,IAAIC,GAAW,KAChC,IAAK,IAAI5zD,EAAI,EAAGA,EAAI,IAAKA,IACrB2zD,GAAS3zD,GAAKA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAI,EAMtF,SAAS6zD,GAAY7lD,GACxB,IAAIF,EAAGqR,EAAI20C,EAAOr/D,EAAGs/D,EAAU,EAC/B,MAAMC,EAAUhmD,EAAItb,OAGpB,IAAKohE,EAAQ,EAAGA,EAAQE,EAASF,IAC7BhmD,EAAIE,EAAIE,WAAW4lD,GACE,QAAZ,MAAJhmD,IAA0BgmD,EAAQ,EAAIE,IACvC70C,EAAKnR,EAAIE,WAAW4lD,EAAQ,GACN,QAAZ,MAAL30C,KACDrR,EAAI,OAAWA,EAAI,OAAU,KAAOqR,EAAK,OACzC20C,MAGRC,GAAWjmD,EAAI,IAAO,EAAIA,EAAI,KAAQ,EAAIA,EAAI,MAAU,EAAI,EAIhE,MAAM+E,EAAM,IAAI+gD,GAAWG,GAG3B,IAAKt/D,EAAI,EAAGq/D,EAAQ,EAAGr/D,EAAIs/D,EAASD,IAChChmD,EAAIE,EAAIE,WAAW4lD,GACE,QAAZ,MAAJhmD,IAA0BgmD,EAAQ,EAAIE,IACvC70C,EAAKnR,EAAIE,WAAW4lD,EAAQ,GACN,QAAZ,MAAL30C,KACDrR,EAAI,OAAWA,EAAI,OAAU,KAAOqR,EAAK,OACzC20C,MAGJhmD,EAAI,IAEJ+E,EAAIpe,KAAOqZ,EACJA,EAAI,MAEX+E,EAAIpe,KAAO,IAAOqZ,IAAM,EACxB+E,EAAIpe,KAAO,IAAW,GAAJqZ,GACXA,EAAI,OAEX+E,EAAIpe,KAAO,IAAOqZ,IAAM,GACxB+E,EAAIpe,KAAO,IAAOqZ,IAAM,EAAI,GAC5B+E,EAAIpe,KAAO,IAAW,GAAJqZ,IAGlB+E,EAAIpe,KAAO,IAAOqZ,IAAM,GACxB+E,EAAIpe,KAAO,IAAOqZ,IAAM,GAAK,GAC7B+E,EAAIpe,KAAO,IAAOqZ,IAAM,EAAI,GAC5B+E,EAAIpe,KAAO,IAAW,GAAJqZ,GAI1B,OAAO+E,CACX,CAxDA8gD,GAAS,KAAOA,GAAS,KAAO,ECbjB,MAAMM,GACnB7iE,cAEEE,KAAKM,MAAQ,KACbN,KAAKu9D,QAAU,EAEfv9D,KAAKs9D,SAAW,EAEhBt9D,KAAKw9D,SAAW,EAEhBx9D,KAAKiK,OAAS,KACdjK,KAAK68D,SAAW,EAEhB78D,KAAK28D,UAAY,EAEjB38D,KAAK88D,UAAY,EAEjB98D,KAAK0lC,IAAM,GAEX1lC,KAAKwvC,MAAQ,KAEbxvC,KAAKu6D,UAAY,EAEjBv6D,KAAKo7D,MAAQ,GCiEjB,MAAMwH,GACJ9iE,YAAYmF,GACVjF,KAAKiF,QAAU,CACbo1D,MAAOvH,GACPiO,OAAQzN,GACRuP,UAAW,MACXC,WAAY,GACZC,SAAU,EACVpI,SR/DkC,KQgE9B11D,GAAW,IAGjB,MAAM+9D,EAAMhjE,KAAKiF,QAEb+9D,EAAIC,KAAQD,EAAIF,WAAa,EAC/BE,EAAIF,YAAcE,EAAIF,WAGfE,EAAIE,MAASF,EAAIF,WAAa,GAAOE,EAAIF,WAAa,KAC7DE,EAAIF,YAAc,IAGpB9iE,KAAKyhD,IAAS,EACdzhD,KAAK0lC,IAAS,GACd1lC,KAAKmjE,OAAS,EACdnjE,KAAK4xD,OAAS,GAEd5xD,KAAKs6D,KAAO,IAAIqI,GAChB3iE,KAAKs6D,KAAKqC,UAAY,EAEtB,IH+nCsBrC,EAAM2E,EG/nCxB2B,EHuoCR,SAAsBtG,EAAMD,EAAO0G,EAAQ+B,EAAYC,EAAUpI,GAC/D,IAAKL,EACH,OAAO3H,GAET,IAAI5H,EAAO,EAiBX,GAfIsP,IAAUvH,KACZuH,EAAQ,GAGNyI,EAAa,GACf/X,EAAO,EACP+X,GAAcA,GAGPA,EAAa,KACpB/X,EAAO,EACP+X,GAAc,IAIZC,EAAW,GAAKA,EAAWtH,IAAiBsF,IAAWzN,IACzDwP,EAAa,GAAKA,EAAa,IAAMzI,EAAQ,GAAKA,EAAQ,GAC1DM,EAAW,GAAKA,EAAWzH,GAC3B,OAAOzR,GAAI6Y,EAAM3H,IAIA,IAAfmQ,IACFA,EAAa,GAIf,MAAM7kD,EAAI,IAAI0iD,GAyCd,OAvCArG,EAAK9qB,MAAQvxB,EACbA,EAAEq8C,KAAOA,EAETr8C,EAAE8sC,KAAOA,EACT9sC,EAAE4iD,OAAS,KACX5iD,EAAEgjD,OAAS6B,EACX7kD,EAAEigD,OAAS,GAAKjgD,EAAEgjD,OAClBhjD,EAAEogD,OAASpgD,EAAEigD,OAAS,EAEtBjgD,EAAEijD,UAAY6B,EAAW,EACzB9kD,EAAE+gD,UAAY,GAAK/gD,EAAEijD,UACrBjjD,EAAEohD,UAAYphD,EAAE+gD,UAAY,EAC5B/gD,EAAEmhD,eAAiBnhD,EAAEijD,UAAYxF,GAAY,GAAKA,IAClDz9C,EAAE47C,OAAS,IAAIyI,GAAsB,EAAXrkD,EAAEigD,QAC5BjgD,EAAEghD,KAAO,IAAIkC,GAAYljD,EAAE+gD,WAC3B/gD,EAAEvV,KAAO,IAAIy4D,GAAYljD,EAAEigD,QAK3BjgD,EAAEi9C,YAAc,GAAM6H,EAAW,EAEjC9kD,EAAEwiD,iBAAmC,EAAhBxiD,EAAEi9C,YAIvBj9C,EAAEk4C,YAAc,IAAImM,GAAWrkD,EAAEwiD,kBAIjCxiD,EAAEk6C,MAAQ,EAAIl6C,EAAEi9C,YAGhBj9C,EAAEm6C,MAAQ,EAAUn6C,EAAEi9C,YAEtBj9C,EAAEo8C,MAAQA,EACVp8C,EAAE08C,SAAWA,EACb18C,EAAE8iD,OAASA,EAEJK,GAAa9G,EACtB,CGltCiB8I,CACXpjE,KAAKs6D,KACL0I,EAAI3I,MACJ2I,EAAIjC,OACJiC,EAAIF,WACJE,EAAID,SACJC,EAAIrI,UAGN,GAAIiG,IAAWpO,GACb,MAAUpvD,MAAMsiC,GAAIk7B,IAOtB,GAJIoC,EAAIt+C,SHknCc41C,EGjnCUt6D,KAAKs6D,KHinCT2E,EGjnCe+D,EAAIt+C,OHknC5C41C,GAASA,EAAK9qB,QACK,IAApB8qB,EAAK9qB,MAAMub,OACfuP,EAAK9qB,MAAMqxB,OAAS5B,KGjnCd+D,EAAIK,WAAY,CAClB,IAAIC,EAaJ,GATEA,EAF4B,iBAAnBN,EAAIK,WAENE,GAAmBP,EAAIK,YACrBL,EAAIK,sBAAsB79C,YAC5B,IAAIziB,WAAWigE,EAAIK,YAEnBL,EAAIK,WAGbzC,EHsiDN,SAA8BtG,EAAM+I,GAClC,IAEIplD,EACAvB,EAAKlQ,EACLu+C,EACAyY,EACAC,EACAnjE,EACAojE,EARAC,EAAaN,EAAWjiE,OAU5B,IAAKk5D,IAAsBA,EAAK9qB,MAC9B,OAAOmjB,GAMT,GAHA10C,EAAIq8C,EAAK9qB,MACTub,EAAO9sC,EAAE8sC,KAEI,IAATA,GAAwB,IAATA,GAAc9sC,EAAE2iD,SAAW/E,IAAe59C,EAAEygD,UAC7D,OAAO/L,GAmCT,IA/Ba,IAAT5H,IAEFuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAOiI,EAAYM,EAAY,IAG3D1lD,EAAE8sC,KAAO,EAGL4Y,GAAc1lD,EAAEigD,SACL,IAATnT,IAEFj7C,GAAKmO,EAAEghD,MACPhhD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEihD,OAAS,GAIbwE,EAAU,IAAIpB,GAAWrkD,EAAEigD,QAC3BtE,GAAe8J,EAASL,EAAYM,EAAa1lD,EAAEigD,OAAQjgD,EAAEigD,OAAQ,GACrEmF,EAAaK,EACbC,EAAa1lD,EAAEigD,QAGjBsF,EAAQlJ,EAAKgD,SACbmG,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACbg6D,EAAKgD,SAAWqG,EAChBrJ,EAAKiD,QAAU,EACfjD,EAAKh6D,MAAQ+iE,EACbzE,GAAY3gD,GACLA,EAAEygD,WAAahD,IAAW,CAC/Bh/C,EAAMuB,EAAEi/C,SACR1wD,EAAIyR,EAAEygD,WAAahD,GAAY,GAC/B,GAEEz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAMg/C,GAAY,IAAMz9C,EAAEohD,UAE1EphD,EAAEvV,KAAKgU,EAAMuB,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OAElClhD,EAAEghD,KAAKhhD,EAAEkhD,OAASziD,EAClBA,YACSlQ,GACXyR,EAAEi/C,SAAWxgD,EACbuB,EAAEygD,UAAYhD,GAAY,EAC1BkD,GAAY3gD,GAYd,OAVAA,EAAEi/C,UAAYj/C,EAAEygD,UAChBzgD,EAAEg/C,YAAch/C,EAAEi/C,SAClBj/C,EAAEihD,OAASjhD,EAAEygD,UACbzgD,EAAEygD,UAAY,EACdzgD,EAAEyhD,aAAezhD,EAAE8/C,YAAcrC,GAAY,EAC7Cz9C,EAAE+hD,gBAAkB,EACpB1F,EAAKiD,QAAUkG,EACfnJ,EAAKh6D,MAAQA,EACbg6D,EAAKgD,SAAWkG,EAChBvlD,EAAE8sC,KAAOA,EACFyH,EACT,CGvnDeoR,CAAkC5jE,KAAKs6D,KAAMgJ,GAElD1C,IAAWpO,GACb,MAAUpvD,MAAMsiC,GAAIk7B,IAGtB5gE,KAAK6jE,WAAY,GAiCrBhiE,KAAKqI,EAAMikB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,IAAgB7iE,KACzC,IAAI4gE,EAAQkD,EAEZ,GAAI9jE,KAAKmjE,MAAS,OAAO,EAEzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBkkC,GAAWJ,GAG7C,iBAAT/nD,EAETowD,EAAKh6D,MAAQijE,GAAmBr5D,GACvBA,aAAgBsb,YACzB80C,EAAKh6D,MAAQ,IAAIyC,WAAWmH,GAE5BowD,EAAKh6D,MAAQ4J,EAGfowD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAKh6D,MAAMc,OAE3B,EAAG,CAQD,GAPuB,IAAnBk5D,EAAKqC,YACPrC,EAAKrwD,OAAS,IAAIq4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,IAEnBjC,EAASmD,GAAqBzJ,EAAMwJ,MAErBrR,IAAgBmO,IAAWpO,GAGxC,OAFAxyD,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,GACN,EAEc,IAAnB7I,EAAKqC,YAAsC,IAAlBrC,EAAKgD,UAAmBwG,IAAUzR,IAAYyR,IAAU3R,KACnFnyD,KAAKikE,OAAOC,GAAgB5J,EAAKrwD,OAAQqwD,EAAKuC,kBAExCvC,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAWnO,IAGnE,OAAIqR,IAAUzR,IACZuO,EHy7CN,SAAoBtG,GAClB,IAAIsG,EAEJ,OAAKtG,GAAsBA,EAAK9qB,OAIhCoxB,EAAStG,EAAK9qB,MAAMoxB,OAChBA,IAAW/E,IACb+E,IAAW9E,IACX8E,IAAW7E,IACX6E,IAAW5E,IACX4E,IAAW3E,IACX2E,IAAW1E,IACX0E,IAAWzE,GAEJ1a,GAAI6Y,EAAM3H,KAGnB2H,EAAK9qB,MAAQ,KAENoxB,IAAW1E,GAAaza,GAAI6Y,EAAM1H,IAAgBJ,KAjBhDG,EAkBX,CG/8CewR,CAAwBnkE,KAAKs6D,MACtCt6D,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,EACNvC,IAAWpO,IAIhBsR,IAAU3R,KACZnyD,KAAKgkE,MAAMxR,IACX8H,EAAKqC,UAAY,GACV,GAcXsH,OAAOliE,GACL/B,KAAK4xD,OAAO/vD,KAAKE,GAanBiiE,MAAMpD,GAEAA,IAAWpO,KACbxyD,KAAKyB,OAAS2iE,GAAoBpkE,KAAK4xD,SAEzC5xD,KAAK4xD,OAAS,GACd5xD,KAAKyhD,IAAMmf,EACX5gE,KAAK0lC,IAAM1lC,KAAKs6D,KAAK50B,KC/QzB,MAAM2+B,GAAM,GACNC,GAAO,GAqCE,SAASC,GAAajK,EAAMt2D,GACvC,IAAIwgE,EACAC,EAEAC,EACA/lD,EACAgmD,EACAC,EAEAz0D,EACA8lD,EACA7zC,EACAyiD,EAKJ,MAAMr1B,EAAQ8qB,EAAK9qB,MAEnBg1B,EAAMlK,EAAKiD,QACX,MAAMj9D,EAAQg6D,EAAKh6D,MACbke,EAAOgmD,GAAOlK,EAAKgD,SAAW,GACpCmH,EAAOnK,EAAKuC,SACZ,MAAM5yD,EAASqwD,EAAKrwD,OACdy3D,EAAM+C,GAAQzgE,EAAQs2D,EAAKqC,WAC3BhxD,EAAM84D,GAAQnK,EAAKqC,UAAY,KAE/BmI,EAAOt1B,EAAMs1B,KAEbC,EAAQv1B,EAAMu1B,MACdC,EAAQx1B,EAAMw1B,MACdC,EAAQz1B,EAAMy1B,MACdC,EAAW11B,EAAMqqB,OACvB6K,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KACb,MAAMwmD,EAAQ31B,EAAM41B,QACdC,EAAQ71B,EAAM81B,SACdC,GAAS,GAAK/1B,EAAMg2B,SAAW,EAC/BC,GAAS,GAAKj2B,EAAMk2B,UAAY,EAMtCC,EACA,EAAG,CACKhnD,EAAO,KACP+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACR+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAGZgmD,EAAOQ,EAAMT,EAAOa,GAEpBK,EACA,OAAS,CAKL,GAJAhB,EAAKD,IAAS,GACdD,KAAUE,EACVjmD,GAAQimD,EACRA,EAAKD,IAAS,GAAK,IACR,IAAPC,EAIA36D,EAAOw6D,KAAiB,MAAPE,MACd,MAAS,GAALC,GAkKJ,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOQ,GAAc,MAAPR,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASgB,EACN,GAAS,GAALhB,EAAS,CAEhBp1B,EAAMrhB,KAAOm2C,GACb,MAAMqB,EAENrL,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA3KNx1D,EAAa,MAAPw0D,EACNC,GAAM,GACFA,IACIjmD,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAEZxO,GAAOu0D,GAAQ,GAAKE,GAAM,EAC1BF,KAAUE,EACVjmD,GAAQimD,GAGRjmD,EAAO,KACP+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACR+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAEZgmD,EAAOU,EAAMX,EAAOe,GAEpBI,EACA,OAAS,CAML,GALAjB,EAAKD,IAAS,GACdD,KAAUE,EACVjmD,GAAQimD,EACRA,EAAKD,IAAS,GAAK,MAEV,GAALC,GA2HG,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOU,GAAc,MAAPV,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASiB,EAETvL,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EApHN,GAZA1P,EAAc,MAAP0O,EACPC,GAAM,GACFjmD,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACJA,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,IAGhBs3C,GAAQyO,GAAQ,GAAKE,GAAM,EAEvB3O,EAAO6O,EAAM,CACbxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EAOV,GAJAjB,KAAUE,EACVjmD,GAAQimD,EAERA,EAAKH,EAAO/C,EACRzL,EAAO2O,EAAI,CAEX,GADAA,EAAK3O,EAAO2O,EACRA,EAAKI,GACDx1B,EAAMs2B,KAAM,CACZxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA2Bd,GAFAvjD,EAAO,EACPyiD,EAAcK,EACA,IAAVD,GAEA,GADA7iD,GAAQ2iD,EAAQH,EACZA,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,QAEf,GAAIg7D,EAAQL,GAGf,GAFAxiD,GAAQ2iD,EAAQE,EAAQL,EACxBA,GAAMK,EACFL,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GAEX,GADAxiD,EAAO,EACH6iD,EAAQ90D,EAAK,CACby0D,EAAKK,EACL90D,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,SAKtB,GADAmY,GAAQ6iD,EAAQL,EACZA,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,EAGtB,KAAOkG,EAAM,GACTlG,EAAOw6D,KAAUI,EAAYziD,KAC7BnY,EAAOw6D,KAAUI,EAAYziD,KAC7BnY,EAAOw6D,KAAUI,EAAYziD,KAC7BjS,GAAO,EAEPA,IACAlG,EAAOw6D,KAAUI,EAAYziD,KACzBjS,EAAM,IACNlG,EAAOw6D,KAAUI,EAAYziD,WAGlC,CACHA,EAAOqiD,EAAOxO,EACd,GACIhsD,EAAOw6D,KAAUx6D,EAAOmY,KACxBnY,EAAOw6D,KAAUx6D,EAAOmY,KACxBnY,EAAOw6D,KAAUx6D,EAAOmY,KACxBjS,GAAO,QACFA,EAAM,GACXA,IACAlG,EAAOw6D,KAAUx6D,EAAOmY,KACpBjS,EAAM,IACNlG,EAAOw6D,KAAUx6D,EAAOmY,OAaxC,OAeR,aAECoiD,EAAMhmD,GAAQimD,EAAO94D,GAG9BwE,EAAMwO,GAAQ,EACd6lD,GAAOr0D,EACPwO,GAAQxO,GAAO,EACfu0D,IAAS,GAAK/lD,GAAQ,EAGtB27C,EAAKiD,QAAUiH,EACflK,EAAKuC,SAAW4H,EAChBnK,EAAKgD,SAAWkH,EAAMhmD,EAAYA,EAAOgmD,EAAZ,EAAmB,GAAKA,EAAMhmD,GAC3D87C,EAAKqC,UAAY8H,EAAO94D,EAAaA,EAAM84D,EAAb,IAAqB,KAAOA,EAAO94D,GACjE6jC,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,CAEjB,CCxSA,MAAMonD,GAAU,GACVC,GAAc,IACdC,GAAe,IAGfC,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAERC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,EAAG,GAG3DC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAGtDC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IACtD,IAAK,IAAK,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KAClD,KAAM,MAAO,MAAO,MAAO,EAAG,GAG5BC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACpC,GAAI,GAAI,GAAI,GAAI,GAAI,IAGT,SAASC,GAAcrsD,EAAMssD,EAAMC,EAAYC,EAAOtL,EAAOuL,EAAaC,EAAMxiB,GAC3F,MAAM3lC,EAAO2lC,EAAK3lC,KAGlB,IASIooD,EACA5mB,EACA6mB,EACAvD,EAIA93D,EAhBAwE,EAAM,EACN82D,EAAM,EACN/oB,EAAM,EAAGnyC,EAAM,EACfm7D,EAAO,EACPp2C,EAAO,EACPq2C,EAAO,EACP/yC,EAAO,EACPgzC,EAAO,EACPC,EAAO,EAKP5O,EAAO,KACP6O,EAAa,EAGjB,MAAMxjC,EAAQ,IAAIq9B,GAAY4E,GAAU,GAClCwB,EAAO,IAAIpG,GAAY4E,GAAU,GACvC,IAGIyB,EAAWC,EAASC,EAHpBzP,EAAQ,KACR0P,EAAc,EAoClB,IAAKx3D,EAAM,EAAGA,GAAO41D,GAAS51D,IAC1B2zB,EAAM3zB,GAAO,EAEjB,IAAK82D,EAAM,EAAGA,EAAML,EAAOK,IACvBnjC,EAAM4iC,EAAKC,EAAaM,MAK5B,IADAC,EAAOvoD,EACF5S,EAAMg6D,GAASh6D,GAAO,GACJ,IAAf+3B,EAAM/3B,GADgBA,KAQ9B,GAHIm7D,EAAOn7D,IACPm7D,EAAOn7D,GAEC,IAARA,EAaA,OATAuvD,EAAMuL,KAAiB,SAMvBvL,EAAMuL,KAAiB,SAEvBviB,EAAK3lC,KAAO,EACL,EAEX,IAAKu/B,EAAM,EAAGA,EAAMnyC,GACG,IAAf+3B,EAAMoa,GADWA,KAWzB,IANIgpB,EAAOhpB,IACPgpB,EAAOhpB,GAIX9pB,EAAO,EACFjkB,EAAM,EAAGA,GAAO41D,GAAS51D,IAG1B,GAFAikB,IAAS,EACTA,GAAQ0P,EAAM3zB,GACVikB,EAAO,EACP,OAAQ,EAGhB,GAAIA,EAAO,IAAMha,IAAS8rD,IAAiB,IAARn6D,GAC/B,OAAQ,EAKZ,IADAw7D,EAAK,GAAK,EACLp3D,EAAM,EAAGA,EAAM41D,GAAS51D,IACzBo3D,EAAKp3D,EAAM,GAAKo3D,EAAKp3D,GAAO2zB,EAAM3zB,GAItC,IAAK82D,EAAM,EAAGA,EAAML,EAAOK,IACQ,IAA3BP,EAAKC,EAAaM,KAClBH,EAAKS,EAAKb,EAAKC,EAAaM,OAAWA,GAsC3C7sD,IAAS8rD,IACTzN,EAAOR,EAAQ6O,EACfn7D,EAAM,IAECyO,IAAS+rD,IAChB1N,EAAO4N,GACPiB,GAAc,IACdrP,EAAQqO,GACRqB,GAAe,IACfh8D,EAAM,MAGN8sD,EAAO8N,GACPtO,EAAQuO,GACR76D,GAAO,GAIX07D,EAAO,EACPJ,EAAM,EACN92D,EAAM+tC,EACNulB,EAAOoD,EACP/1C,EAAOo2C,EACPC,EAAO,EACPH,GAAO,EACPI,EAAO,GAAKF,EACZ,MAAMj1B,EAAOm1B,EAAO,EAGpB,GAAIhtD,IAAS+rD,IAAQiB,EAAOpB,IAC5B5rD,IAASgsD,IAASgB,EAAOnB,GACrB,OAAO,EAIX,OAAS,CAELuB,EAAYr3D,EAAMg3D,EACdL,EAAKG,GAAOt7D,GACZ87D,EAAU,EACVC,EAAWZ,EAAKG,IACTH,EAAKG,GAAOt7D,GACnB87D,EAAUxP,EAAM0P,EAAcb,EAAKG,IACnCS,EAAWjP,EAAK6O,EAAaR,EAAKG,MAElCQ,EAAU,GACVC,EAAW,GAIfX,EAAO,GAAK52D,EAAMg3D,EAClBhnB,EAAO,GAAKrvB,EACZotB,EAAMiC,EACN,GACIA,GAAQ4mB,EACRzL,EAAMmI,GAAQ4D,GAAQF,GAAQhnB,GAAQqnB,GAAa,GAAKC,GAAW,GAAKC,EAAU,QACpE,IAATvnB,GAIT,IADA4mB,EAAO,GAAK52D,EAAM,EACXk3D,EAAON,GACVA,IAAS,EAWb,GATa,IAATA,GACAM,GAAQN,EAAO,EACfM,GAAQN,GAERM,EAAO,EAIXJ,IACqB,KAAfnjC,EAAM3zB,GAAY,CACpB,GAAIA,IAAQpE,EACR,MAEJoE,EAAMu2D,EAAKC,EAAaG,EAAKG,IAIjC,GAAI92D,EAAM+2D,IAASG,EAAOp1B,KAAU+0B,EAAK,CAYrC,IAVa,IAATG,IACAA,EAAOD,GAIXzD,GAAQvlB,EAGRptB,EAAO3gB,EAAMg3D,EACb/yC,EAAO,GAAKtD,EACLA,EAAOq2C,EAAOp7D,IACjBqoB,GAAQ0P,EAAMhT,EAAOq2C,KACjB/yC,GAAQ,KAGZtD,IACAsD,IAAS,EAKb,GADAgzC,GAAQ,GAAKt2C,EACT1W,IAAS+rD,IAAQiB,EAAOpB,IAChC5rD,IAASgsD,IAASgB,EAAOnB,GACjB,OAAO,EAIXe,EAAMK,EAAOp1B,EAIbqpB,EAAM0L,GAAOE,GAAQ,GAAKp2C,GAAQ,GAAK2yC,EAAOoD,EAAa,GAiBnE,OAVa,IAATQ,IAIA/L,EAAMmI,EAAO4D,GAAQl3D,EAAMg3D,GAAQ,GAAK,IAAM,GAAI,GAKtD7iB,EAAK3lC,KAAOuoD,EACL,CACX,CC/TA,MAAMhB,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAsBLwB,GAAO,EACPC,GAAQ,EACRC,GAAO,EACPC,GAAK,EACLC,GAAQ,EACRC,GAAQ,EACR/jC,GAAO,EACPgkC,GAAU,EACVC,GAAO,EACPC,GAAS,GACTC,GAAO,GACH/D,GAAO,GACPgE,GAAS,GACTC,GAAS,GACTC,GAAQ,GACRC,GAAO,GACPC,GAAQ,GACRC,GAAU,GACVC,GAAW,GACPC,GAAO,GACPC,GAAM,GACNC,GAAS,GACTC,GAAO,GACPC,GAAU,GACVC,GAAQ,GACRC,GAAM,GACdC,GAAQ,GACRC,GAAS,GACTC,GAAO,GACPjF,GAAM,GAQT2B,GAAc,IACdC,GAAe,IAQrB,SAASsD,GAAQ76D,GACf,OAAWA,IAAM,GAAM,MACbA,IAAM,EAAK,SACP,MAAJA,IAAe,KACX,IAAJA,IAAa,GACzB,CAGA,MAAM86D,GACJ1pE,cACEE,KAAKmuB,KAAO,EACZnuB,KAAKwe,MAAO,EACZxe,KAAK+qD,KAAO,EACZ/qD,KAAKypE,UAAW,EAChBzpE,KAAK0pE,MAAQ,EACb1pE,KAAK8kE,KAAO,EACZ9kE,KAAK2pE,MAAQ,EACb3pE,KAAK4pE,MAAQ,EAEb5pE,KAAKi/D,KAAO,KAGZj/D,KAAK6pE,MAAQ,EACb7pE,KAAK+kE,MAAQ,EACb/kE,KAAKglE,MAAQ,EACbhlE,KAAKilE,MAAQ,EACbjlE,KAAK65D,OAAS,KAGd75D,KAAK0kE,KAAO,EACZ1kE,KAAK2e,KAAO,EAGZ3e,KAAKoB,OAAS,EACdpB,KAAKuQ,OAAS,EAGdvQ,KAAKi4D,MAAQ,EAGbj4D,KAAKolE,QAAU,KACfplE,KAAKslE,SAAW,KAChBtlE,KAAKwlE,QAAU,EACfxlE,KAAK0lE,SAAW,EAGhB1lE,KAAK8pE,MAAQ,EACb9pE,KAAK+pE,KAAO,EACZ/pE,KAAKgqE,MAAQ,EACbhqE,KAAKiqE,KAAO,EACZjqE,KAAKyjE,KAAO,KAEZzjE,KAAK0mE,KAAO,IAAIvF,GAAY,KAC5BnhE,KAAK8mE,KAAO,IAAI3F,GAAY,KAO5BnhE,KAAKkqE,OAAS,KACdlqE,KAAKmqE,QAAU,KACfnqE,KAAK8lE,KAAO,EACZ9lE,KAAKoqE,KAAO,EACZpqE,KAAKqqE,IAAM,GA+Bf,SAASC,GAAahQ,GACpB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACbA,EAAMu1B,MAAQ,EACdv1B,EAAMw1B,MAAQ,EACdx1B,EAAMy1B,MAAQ,EAlChB,SAA0B3K,GACxB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACb8qB,EAAKkD,SAAWlD,EAAKwC,UAAYttB,EAAMo6B,MAAQ,EAC/CtP,EAAK50B,IAAM,GACP8J,EAAMub,OACRuP,EAAKc,MAAqB,EAAb5rB,EAAMub,MAErBvb,EAAMrhB,KAAOy5C,GACbp4B,EAAMhxB,KAAO,EACbgxB,EAAMi6B,SAAW,EACjBj6B,EAAMs1B,KAAO,MACbt1B,EAAMyvB,KAAO,KACbzvB,EAAMk1B,KAAO,EACbl1B,EAAM7wB,KAAO,EAEb6wB,EAAM41B,QAAU51B,EAAM06B,OAAS,IAAIK,GAAYvE,IAC/Cx2B,EAAM81B,SAAW91B,EAAM26B,QAAU,IAAII,GAAYtE,IAEjDz2B,EAAMs2B,KAAO,EACbt2B,EAAM46B,MAAQ,EAEP5X,IArB4BG,EAsBrC,CAUS6X,CAAiBlQ,IALW3H,EAOrC,CAoCA,SAAS8X,GAAanQ,EAAMwI,GAC1B,IAAI10C,EACAohB,EAEJ,OAAK8qB,GAGL9qB,EAAQ,IAAIg6B,GAIZlP,EAAK9qB,MAAQA,EACbA,EAAMqqB,OAAS,KACfzrC,EA/CF,SAAuBksC,EAAMwI,GAC3B,IAAI/X,EACAvb,EAGJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MAGTszB,EAAa,GACf/X,EAAO,EACP+X,GAAcA,IAGd/X,EAA2B,GAAnB+X,GAAc,GAClBA,EAAa,KACfA,GAAc,KAKdA,IAAeA,EAAa,GAAKA,EAAa,IACzCnQ,IAEY,OAAjBnjB,EAAMqqB,QAAmBrqB,EAAMq6B,QAAU/G,IAC3CtzB,EAAMqqB,OAAS,MAIjBrqB,EAAMub,KAAOA,EACbvb,EAAMq6B,MAAQ/G,EACPwH,GAAahQ,KA1Be3H,EA2BrC,CAeQ+X,CAAcpQ,EAAMwI,GACtB10C,IAAQokC,KACV8H,EAAK9qB,MAAQ,MAERphB,GAbaukC,EActB,CAiBA,IAEIgY,GAAQC,GAFRC,IAAS,EAIb,SAASC,GAAYt7B,GAEnB,GAAIq7B,GAAQ,CACV,IAAI5D,EAOJ,IALA0D,GAAS,IAAIJ,GAAY,KACzBK,GAAU,IAAIL,GAAY,IAG1BtD,EAAM,EACCA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EAMxC,IAJAR,GAAcN,GAAO32B,EAAMk3B,KAAM,EAAG,IAAKiE,GAAU,EAAGn7B,EAAMs3B,KAAM,CAAEnoD,KAAM,IAG1EsoD,EAAM,EACCA,EAAM,IAAMz3B,EAAMk3B,KAAKO,KAAS,EAEvCR,GAAcL,GAAO52B,EAAMk3B,KAAM,EAAG,GAAMkE,GAAS,EAAGp7B,EAAMs3B,KAAM,CAAEnoD,KAAM,IAG1EksD,IAAS,EAGXr7B,EAAM41B,QAAUuF,GAChBn7B,EAAMg2B,QAAU,EAChBh2B,EAAM81B,SAAWsF,GACjBp7B,EAAMk2B,SAAW,CACnB,CAiBA,SAASqF,GAAazQ,EAAMzjC,EAAKlrB,EAAKq/D,GACpC,IAAI/U,EACJ,MAAMzmB,EAAQ8qB,EAAK9qB,MAqCnB,OAlCqB,OAAjBA,EAAMqqB,SACRrqB,EAAMu1B,MAAQ,GAAKv1B,EAAMq6B,MACzBr6B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQ,EAEdx1B,EAAMqqB,OAAS,IAAIyI,GAAW9yB,EAAMu1B,QAIlCiG,GAAQx7B,EAAMu1B,OAChBnL,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAM6jC,EAAMu1B,MAAOv1B,EAAMu1B,MAAO,GAClEv1B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpB9O,EAAOzmB,EAAMu1B,MAAQv1B,EAAMy1B,MACvBhP,EAAO+U,IACT/U,EAAO+U,GAGTpR,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAMq/D,EAAM/U,EAAMzmB,EAAMy1B,QAC1D+F,GAAQ/U,IAGN2D,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAMq/D,EAAMA,EAAM,GACpDx7B,EAAMy1B,MAAQ+F,EACdx7B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpBv1B,EAAMy1B,OAAShP,EACXzmB,EAAMy1B,QAAUz1B,EAAMu1B,QAASv1B,EAAMy1B,MAAQ,GAC7Cz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAASv1B,EAAMw1B,OAAS/O,KAG7C,CACT,CAEA,SAASgV,GAAQ3Q,EAAMiF,GACrB,IAAI/vB,EACAlvC,EAAO2J,EACPw5D,EACAyH,EACAjB,EAAM71C,EACNswC,EACA/lD,EACA6lD,EAAKC,EACLuG,EACA5oD,EACAyiD,EAEA2C,EAAWC,EAASC,EAEpByD,EAAWC,EAASC,EACpBl7D,EACAie,EAEAk2B,EAEA93C,EATAm4D,EAAO,EAMP2G,EAAO,IAAIhJ,GAAW,GAK1B,MAAMiJ,EACJ,CAAE,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAGlE,IAAKjR,IAASA,EAAK9qB,QAAU8qB,EAAKrwD,SAC5BqwD,EAAKh6D,OAA2B,IAAlBg6D,EAAKgD,SACvB,OAAO3K,GAGTnjB,EAAQ8qB,EAAK9qB,MACTA,EAAMrhB,OAASm2C,KAAQ90B,EAAMrhB,KAAOm6C,IAIxC4C,EAAM5Q,EAAKuC,SACX5yD,EAASqwD,EAAKrwD,OACdmqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACb2pE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KAGb6lD,EAAMyF,EACNxF,EAAOrwC,EACPhG,EAAMokC,GAENgZ,EACA,OACE,OAAQh8B,EAAMrhB,MACZ,KAAKy5C,GACH,GAAmB,IAAfp4B,EAAMub,KAAY,CACpBvb,EAAMrhB,KAAOm6C,GACb,MAGF,KAAO3pD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAkB,EAAb6wB,EAAMub,MAAsB,QAAT2Z,EAAiB,CACvCl1B,EAAMm6B,MAAQ,EAEd2B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,GAI1C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO05C,GACb,MAMF,GAJAr4B,EAAMk6B,MAAQ,EACVl6B,EAAMyvB,OACRzvB,EAAMyvB,KAAK39D,MAAO,KAED,EAAbkuC,EAAMub,UACA,IAAP2Z,IAA2B,IAAMA,GAAQ,IAAM,GAAI,CACtDpK,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,IAAY,GAAPK,KAA4BpR,GAAY,CAC3CgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAOF,GAJAK,KAAU,EACV/lD,GAAQ,EAERxO,EAAiC,GAAnB,GAAPu0D,GACa,IAAhBl1B,EAAMq6B,MACRr6B,EAAMq6B,MAAQ15D,OAEX,GAAIA,EAAMq/B,EAAMq6B,MAAO,CAC1BvP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMs1B,KAAO,GAAK30D,EAElBmqD,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAc,IAAPu2C,EAAe0D,GAAS9D,GAErCI,EAAO,EACP/lD,EAAO,EAEP,MACF,KAAKkpD,GAEH,KAAOlpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV,GADA6wB,EAAMk6B,MAAQhF,GACK,IAAdl1B,EAAMk6B,SAAkBpW,GAAY,CACvCgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,GAAkB,MAAd70B,EAAMk6B,MAAgB,CACxBpP,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAEE70B,EAAMyvB,OACRzvB,EAAMyvB,KAAK5oD,KAASquD,GAAQ,EAAK,GAEjB,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO25C,GAEf,KAAKA,GAEH,KAAOnpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGN6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK/jD,KAAOwpD,GAEF,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzB4G,EAAK,GAAM5G,IAAS,GAAM,IAC1B4G,EAAK,GAAM5G,IAAS,GAAM,IAC1Bl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO45C,GAEf,KAAKA,GAEH,KAAOppD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGN6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAKwM,OAAiB,IAAP/G,EACrBl1B,EAAMyvB,KAAK4C,GAAM6C,GAAQ,GAET,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO65C,GAEf,KAAKA,GACH,GAAkB,KAAdx4B,EAAMk6B,MAAgB,CAExB,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMpuC,OAASsjE,EACXl1B,EAAMyvB,OACRzvB,EAAMyvB,KAAKyM,UAAYhH,GAEP,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,OAGA6wB,EAAMyvB,OACbzvB,EAAMyvB,KAAKhH,MAAQ,MAErBzoB,EAAMrhB,KAAO85C,GAEf,KAAKA,GACH,GAAkB,KAAdz4B,EAAMk6B,QACRsB,EAAOx7B,EAAMpuC,OACT4pE,EAAOf,IAAQe,EAAOf,GACtBe,IACEx7B,EAAMyvB,OACR9uD,EAAMq/B,EAAMyvB,KAAKyM,UAAYl8B,EAAMpuC,OAC9BouC,EAAMyvB,KAAKhH,QAEdzoB,EAAMyvB,KAAKhH,MAAYp4D,MAAM2vC,EAAMyvB,KAAKyM,YAE1C9R,GACEpqB,EAAMyvB,KAAKhH,MACX33D,EACAmjE,EAGAuH,EAEA76D,IAMc,IAAdq/B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACRx7B,EAAMpuC,QAAU4pE,GAEdx7B,EAAMpuC,QAAU,MAAMoqE,EAE5Bh8B,EAAMpuC,OAAS,EACfouC,EAAMrhB,KAAO+V,GAEf,KAAKA,GACH,GAAkB,KAAdsL,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GAEE76D,EAAM7P,EAAMmjE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ9uD,GACbq/B,EAAMpuC,OAAS,QAClBouC,EAAMyvB,KAAK3zD,MAAQoP,OAAOsC,aAAa7M,UAElCA,GAAO66D,EAAOf,GAOvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ76D,EAAO,MAAMq7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK3zD,KAAO,MAEpBkkC,EAAMpuC,OAAS,EACfouC,EAAMrhB,KAAO+5C,GAEf,KAAKA,GACH,GAAkB,KAAd14B,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GACE76D,EAAM7P,EAAMmjE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ9uD,GACbq/B,EAAMpuC,OAAS,QAClBouC,EAAMyvB,KAAK2C,SAAWlnD,OAAOsC,aAAa7M,UAErCA,GAAO66D,EAAOf,GAMvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ76D,EAAO,MAAMq7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK2C,QAAU,MAEvBpyB,EAAMrhB,KAAOg6C,GAEf,KAAKA,GACH,GAAkB,IAAd34B,EAAMk6B,MAAgB,CAExB,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+lD,KAAwB,MAAdl1B,EAAMm6B,OAAiB,CACnCrP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAGL6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK0C,KAASnyB,EAAMk6B,OAAS,EAAK,EACxCl6B,EAAMyvB,KAAK39D,MAAO,GAEpBg5D,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GACb,MACF,KAAK8D,GAEH,KAAOzpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV27C,EAAKc,MAAQ5rB,EAAMm6B,MAAQJ,GAAQ7E,GAEnCA,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAOk6C,GAEf,KAAKA,GACH,GAAuB,IAAnB74B,EAAMi6B,SASR,OAPAnP,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,EAEN+zC,GAET4H,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GAEf,KAAKA,GACH,GAAI/E,IAAUjN,IAAWiN,IAAUhN,GAAW,MAAMiZ,EAEtD,KAAKlD,GACH,GAAI94B,EAAMhxB,KAAM,CAEdkmD,KAAiB,EAAP/lD,EACVA,GAAe,EAAPA,EAER6wB,EAAMrhB,KAAOi7C,GACb,MAGF,KAAOzqD,EAAO,GAAG,CACf,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EASV,OANA6wB,EAAMhxB,KAAe,EAAPkmD,EAEdA,KAAU,EACV/lD,GAAQ,EAGQ,EAAP+lD,GACP,KAAK,EAGHl1B,EAAMrhB,KAAOo6C,GACb,MACF,KAAK,EAKH,GAJAuC,GAAYt7B,GAGZA,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAS,CAErBmS,KAAU,EACV/lD,GAAQ,EAER,MAAM6sD,EAER,MACF,KAAK,EAGHh8B,EAAMrhB,KAAOu6C,GACb,MACF,KAAK,EACHpO,EAAK50B,IAAM,qBACX8J,EAAMrhB,KAAOk2C,GAGjBK,KAAU,EACV/lD,GAAQ,EAER,MACF,KAAK4pD,GAMH,IAJA7D,KAAiB,EAAP/lD,EACVA,GAAe,EAAPA,EAGDA,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,IAAY,MAAP+lD,KAAqBA,IAAS,GAAM,OAAS,CAChDpK,EAAK50B,IAAM,+BACX8J,EAAMrhB,KAAOk2C,GACb,MAUF,GARA70B,EAAMpuC,OAAgB,MAAPsjE,EAIfA,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAOq6C,GACTjJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAKhD,GACHh5B,EAAMrhB,KAAOs6C,GAEf,KAAKA,GAEH,GADAuC,EAAOx7B,EAAMpuC,OACT4pE,EAAM,CAGR,GAFIA,EAAOf,IAAQe,EAAOf,GACtBe,EAAO52C,IAAQ42C,EAAO52C,GACb,IAAT42C,EAAc,MAAMQ,EAExB5R,GAAe3vD,EAAQ3J,EAAOmjE,EAAMuH,EAAME,GAE1CjB,GAAQe,EACRvH,GAAQuH,EACR52C,GAAQ42C,EACRE,GAAOF,EACPx7B,EAAMpuC,QAAU4pE,EAChB,MAGFx7B,EAAMrhB,KAAOm2C,GACb,MACF,KAAKoE,GAEH,KAAO/pD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAmBV,GAhBA6wB,EAAMu6B,KAAkC,KAAnB,GAAPrF,GAEdA,KAAU,EACV/lD,GAAQ,EAER6wB,EAAMw6B,MAAmC,GAAnB,GAAPtF,GAEfA,KAAU,EACV/lD,GAAQ,EAER6wB,EAAMs6B,MAAmC,GAAnB,GAAPpF,GAEfA,KAAU,EACV/lD,GAAQ,EAGJ6wB,EAAMu6B,KAAO,KAAOv6B,EAAMw6B,MAAQ,GAAI,CACxC1P,EAAK50B,IAAM,sCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOw6C,GAEf,KAAKA,GACH,KAAOn5B,EAAMy6B,KAAOz6B,EAAMs6B,OAAO,CAE/B,KAAOnrD,EAAO,GAAG,CACf,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAmB,EAAPvF,EAEnCA,KAAU,EACV/lD,GAAQ,EAGV,KAAO6wB,EAAMy6B,KAAO,IAClBz6B,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAW,EAapC,GAPAz6B,EAAM41B,QAAU51B,EAAM06B,OACtB16B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE3lC,KAAM6wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcP,GAAO12B,EAAMk3B,KAAM,EAAG,GAAIl3B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAC5E9U,EAAMg2B,QAAUlhB,EAAK3lC,KAEjByP,EAAK,CACPksC,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAGF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOy6C,GAEf,KAAKA,GACH,KAAOp5B,EAAMy6B,KAAOz6B,EAAMu6B,KAAOv6B,EAAMw6B,OAAO,CAC5C,KACErF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAehmD,IANZ,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+oD,EAAW,GAEbhD,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAMk3B,KAAKl3B,EAAMy6B,QAAUvC,MAExB,CACH,GAAiB,KAAbA,EAAiB,CAGnB,IADAl7D,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAOV,GAHA+lD,KAAU8C,EACV7oD,GAAQ6oD,EAEW,IAAfh4B,EAAMy6B,KAAY,CACpB3P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEFl0D,EAAMq/B,EAAMk3B,KAAKl3B,EAAMy6B,KAAO,GAC9Be,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV/lD,GAAQ,OAGL,GAAiB,KAAb+oD,EAAiB,CAGxB,IADAl7D,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAU8C,EACV7oD,GAAQ6oD,EAERr3D,EAAM,EACN66D,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV/lD,GAAQ,MAGL,CAGH,IADAnS,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAU8C,EACV7oD,GAAQ6oD,EAERr3D,EAAM,EACN66D,EAAO,IAAa,IAAPtG,GAEbA,KAAU,EACV/lD,GAAQ,EAGV,GAAI6wB,EAAMy6B,KAAOe,EAAOx7B,EAAMu6B,KAAOv6B,EAAMw6B,MAAO,CAChD1P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,KAAO2G,KACLx7B,EAAMk3B,KAAKl3B,EAAMy6B,QAAU95D,GAMjC,GAAIq/B,EAAMrhB,OAASk2C,GAAO,MAG1B,GAAwB,IAApB70B,EAAMk3B,KAAK,KAAY,CACzBpM,EAAK50B,IAAM,uCACX8J,EAAMrhB,KAAOk2C,GACb,MAeF,GATA70B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE3lC,KAAM6wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcN,GAAM32B,EAAMk3B,KAAM,EAAGl3B,EAAMu6B,KAAMv6B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAGnF9U,EAAMg2B,QAAUlhB,EAAK3lC,KAGjByP,EAAK,CACPksC,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAcF,GAXA70B,EAAMk2B,SAAW,EAGjBl2B,EAAM81B,SAAW91B,EAAM26B,QACvB7lB,EAAO,CAAE3lC,KAAM6wB,EAAMk2B,UACrBt3C,EAAMq4C,GAAcL,GAAO52B,EAAMk3B,KAAMl3B,EAAMu6B,KAAMv6B,EAAMw6B,MAAOx6B,EAAM81B,SAAU,EAAG91B,EAAMs3B,KAAMxiB,GAG/F9U,EAAMk2B,SAAWphB,EAAK3lC,KAGlByP,EAAK,CACPksC,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAIF,GADA70B,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAK3C,GACHr5B,EAAMrhB,KAAO26C,GAEf,KAAKA,GACH,GAAImB,GAAQ,GAAK71C,GAAQ,IAAK,CAE5BkmC,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,EAEb4lD,GAAajK,EAAMmK,GAEnByG,EAAM5Q,EAAKuC,SACX5yD,EAASqwD,EAAKrwD,OACdmqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACb2pE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KAGT6wB,EAAMrhB,OAASm2C,KACjB90B,EAAM46B,MAAQ,GAEhB,MAGF,IADA56B,EAAM46B,KAAO,EAEXzF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP6C,GAAa7oD,IANV,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI8oD,GAAgC,IAAV,IAAVA,GAAuB,CAIrC,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM41B,QAAQiG,IACX3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc7oD,IAPxB,CASP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAUyG,EACVxsD,GAAQwsD,EAER37B,EAAM46B,MAAQe,EAQhB,GALAzG,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAM46B,MAAQ5C,EACdh4B,EAAMpuC,OAASsmE,EACC,IAAZD,EAAe,CAIjBj4B,EAAMrhB,KAAOg7C,GACb,MAEF,GAAc,GAAV1B,EAAc,CAEhBj4B,EAAM46B,MAAQ,EACd56B,EAAMrhB,KAAOm2C,GACb,MAEF,GAAc,GAAVmD,EAAc,CAChBnN,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMyoB,MAAkB,GAAVwP,EACdj4B,EAAMrhB,KAAO46C,GAEf,KAAKA,GACH,GAAIv5B,EAAMyoB,MAAO,CAGf,IADAzrD,EAAIgjC,EAAMyoB,MACHt5C,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMpuC,QAAUsjE,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBt5C,GAAQ6wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtBzoB,EAAM66B,IAAM76B,EAAMpuC,OAClBouC,EAAMrhB,KAAO66C,GAEf,KAAKA,GACH,KACErE,EAAOn1B,EAAM81B,SAASZ,GAAS,GAAKl1B,EAAMk2B,UAAY,GACtD8B,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAehmD,IANZ,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAyB,IAAV,IAAV8oD,GAAuB,CAI1B,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM81B,SAAS+F,IACZ3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc7oD,IAPxB,CASP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAUyG,EACVxsD,GAAQwsD,EAER37B,EAAM46B,MAAQe,EAOhB,GAJAzG,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAM46B,MAAQ5C,EACA,GAAVC,EAAc,CAChBnN,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMj/B,OAASm3D,EACfl4B,EAAMyoB,MAAoB,GAAZ,EACdzoB,EAAMrhB,KAAO86C,GAEf,KAAKA,GACH,GAAIz5B,EAAMyoB,MAAO,CAGf,IADAzrD,EAAIgjC,EAAMyoB,MACHt5C,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMj/B,QAAUm0D,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBt5C,GAAQ6wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtB,GAAIzoB,EAAMj/B,OAASi/B,EAAMs1B,KAAM,CAC7BxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMrhB,KAAO+6C,GAEf,KAAKA,GACH,GAAa,IAAT90C,EAAc,MAAMo3C,EAExB,GADAR,EAAOvG,EAAOrwC,EACVob,EAAMj/B,OAASy6D,EAAM,CAEvB,GADAA,EAAOx7B,EAAMj/B,OAASy6D,EAClBA,EAAOx7B,EAAMw1B,OACXx1B,EAAMs2B,KAAM,CACdxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAkBA2G,EAAOx7B,EAAMy1B,OACf+F,GAAQx7B,EAAMy1B,MACd7iD,EAAOotB,EAAMu1B,MAAQiG,GAGrB5oD,EAAOotB,EAAMy1B,MAAQ+F,EAEnBA,EAAOx7B,EAAMpuC,SAAU4pE,EAAOx7B,EAAMpuC,QACxCyjE,EAAcr1B,EAAMqqB,YAGpBgL,EAAc56D,EACdmY,EAAO8oD,EAAM17B,EAAMj/B,OACnBy6D,EAAOx7B,EAAMpuC,OAEX4pE,EAAO52C,IAAQ42C,EAAO52C,GAC1BA,GAAQ42C,EACRx7B,EAAMpuC,QAAU4pE,EAChB,GACE/gE,EAAOihE,KAASrG,EAAYziD,aACnB4oD,GACU,IAAjBx7B,EAAMpuC,SAAgBouC,EAAMrhB,KAAO26C,IACvC,MACF,KAAKK,GACH,GAAa,IAAT/0C,EAAc,MAAMo3C,EACxBvhE,EAAOihE,KAAS17B,EAAMpuC,OACtBgzB,IACAob,EAAMrhB,KAAO26C,GACb,MACF,KAAKM,GACH,GAAI55B,EAAMub,KAAM,CAEd,KAAOpsC,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IAEAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAcV,GAXA8lD,GAAQrwC,EACRkmC,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXA,IACFnK,EAAKc,MAAQ5rB,EAAMm6B,MAEdn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMyG,EAAMzG,GAAQtJ,GAAQ3rB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMyG,EAAMzG,IAG7GA,EAAOrwC,GAEFob,EAAMk6B,MAAQhF,EAAO6E,GAAQ7E,MAAWl1B,EAAMm6B,MAAO,CACxDrP,EAAK50B,IAAM,uBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAIT6wB,EAAMrhB,KAAOk7C,GAEf,KAAKA,GACH,GAAI75B,EAAMub,MAAQvb,EAAMk6B,MAAO,CAE7B,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+lD,KAAwB,WAAdl1B,EAAMo6B,OAAqB,CACvCtP,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAIT6wB,EAAMrhB,KAAOm7C,GAEf,KAAKA,GACHl7C,EAAMqkC,GACN,MAAM+Y,EACR,KAAKnH,GACHj2C,EAAMwkC,GACN,MAAM4Y,EAKR,QACE,OAAO7Y,GA4Cb,OA9BA2H,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,GAGT6wB,EAAMu1B,OAAUN,IAASnK,EAAKqC,WAAantB,EAAMrhB,KAAOk2C,KACvC70B,EAAMrhB,KAAOi7C,IAAS7J,IAAUlN,MAC/C0Y,GAAazQ,EAAMA,EAAKrwD,OAAQqwD,EAAKuC,SAAU4H,EAAOnK,EAAKqC,WAKjE6H,GAAOlK,EAAKgD,SACZmH,GAAQnK,EAAKqC,UACbrC,EAAKkD,UAAYgH,EACjBlK,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXj1B,EAAMub,MAAQ0Z,IAChBnK,EAAKc,MAAQ5rB,EAAMm6B,MAChBn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMnK,EAAKuC,SAAW4H,GAAQtJ,GAAQ3rB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMnK,EAAKuC,SAAW4H,IAE/HnK,EAAKC,UAAY/qB,EAAM7wB,MAAQ6wB,EAAMhxB,KAAO,GAAK,IAC9BgxB,EAAMrhB,OAASm2C,GAAO,IAAM,IAC5B90B,EAAMrhB,OAAS06C,IAAQr5B,EAAMrhB,OAASq6C,GAAQ,IAAM,IACzD,IAARhE,GAAsB,IAATC,GAAelF,IAAUlN,KAAajkC,IAAQokC,KAC/DpkC,EAAMykC,IAEDzkC,CACT,CA8BA,SAASu9C,GAAqBrR,EAAM+I,GAClC,MAAMM,EAAaN,EAAWjiE,OAE9B,IAAIouC,EACAo8B,EAIJ,OAAKtR,GAAyBA,EAAK9qB,OACnCA,EAAQ8qB,EAAK9qB,MAEM,IAAfA,EAAMub,MAAcvb,EAAMrhB,OAASk6C,GAC9B1V,GAILnjB,EAAMrhB,OAASk6C,KACjBuD,EAAS,EAETA,EAASzQ,GAAQyQ,EAAQvI,EAAYM,EAAY,GAC7CiI,IAAWp8B,EAAMm6B,OACZ/W,IAKLmY,GAAazQ,EAAM+I,EAAYM,EAAYA,GAKjDn0B,EAAMi6B,SAAW,EAEVjX,KAzB4DG,EA0BrE,CC59Ce,MAAMkZ,GACnB/rE,cAEEE,KAAKqW,KAAa,EAElBrW,KAAKkb,KAAa,EAElBlb,KAAKyrE,OAAa,EAElBzrE,KAAK6hE,GAAa,EAElB7hE,KAAKi4D,MAAa,KAElBj4D,KAAK0rE,UAAa,EAWlB1rE,KAAKsL,KAAa,GAIlBtL,KAAK4hE,QAAa,GAIlB5hE,KAAK2hE,KAAa,EAElB3hE,KAAKsB,MAAa,GCkCtB,MAAMwqE,GACJhsE,YAAYmF,GACVjF,KAAKiF,QAAU,CACb49D,UAAW,MACXC,WAAY,KACR79D,GAAW,IAGjB,MAAM+9D,EAAMhjE,KAAKiF,QAIb+9D,EAAIC,KAAQD,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KACxDE,EAAIF,YAAcE,EAAIF,WACC,IAAnBE,EAAIF,aAAoBE,EAAIF,YAAc,OAI3CE,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KAC3C79D,GAAWA,EAAQ69D,aACrBE,EAAIF,YAAc,IAKfE,EAAIF,WAAa,IAAQE,EAAIF,WAAa,IAGf,IAAR,GAAjBE,EAAIF,cACPE,EAAIF,YAAc,IAItB9iE,KAAKyhD,IAAS,EACdzhD,KAAK0lC,IAAS,GACd1lC,KAAKmjE,OAAS,EACdnjE,KAAK4xD,OAAS,GAEd5xD,KAAKs6D,KAAS,IAAIqI,GAClB3iE,KAAKs6D,KAAKqC,UAAY,EAEtB,IAAIiE,EAASmL,GACX/rE,KAAKs6D,KACL0I,EAAIF,YAGN,GAAIlC,IAAWoL,GACb,MAAU5oE,MAAMsiC,GAAIk7B,IAQtB,GALA5gE,KAAK0kB,OAAS,IAAImnD,GFszCtB,SAA0BvR,EAAM2E,GAC9B,IAAIzvB,EAGC8qB,GAASA,EAAK9qB,QACnBA,EAAQ8qB,EAAK9qB,MACY,IAAP,EAAbA,EAAMub,QAGXvb,EAAMyvB,KAAOA,EACbA,EAAK39D,MAAO,GAEd,CEh0CI2qE,CAA8BjsE,KAAKs6D,KAAMt6D,KAAK0kB,QAG1Cs+C,EAAIK,aAEwB,iBAAnBL,EAAIK,WACbL,EAAIK,WAAaE,GAAmBP,EAAIK,YAC/BL,EAAIK,sBAAsB79C,cACnCw9C,EAAIK,WAAa,IAAItgE,WAAWigE,EAAIK,aAElCL,EAAIC,MACNrC,EAASsL,GAAkClsE,KAAKs6D,KAAM0I,EAAIK,YACtDzC,IAAWoL,KACb,MAAU5oE,MAAMsiC,GAAIk7B,IAiC5B/+D,KAAKqI,EAAMikB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,EAASQ,WAAEA,IAAiBrjE,KACrD,IAAI4gE,EAAQkD,EAKRqI,GAAgB,EAEpB,GAAInsE,KAAKmjE,MAAS,OAAO,EACzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBi+C,GAAaC,GAG/C,iBAATniE,EAETowD,EAAKh6D,MPpFJ,SAAwBoc,GAC3B,MAAM6E,EAAM,IAAI+gD,GAAW5lD,EAAItb,QAC/B,IAAK,IAAI+B,EAAI,EAAGgN,EAAMoR,EAAIngB,OAAQ+B,EAAIgN,EAAKhN,IACvCoe,EAAIpe,GAAKuZ,EAAIE,WAAWzZ,GAE5B,OAAOoe,CACX,CO8EmB+qD,CAAsBpiE,GAC1BA,aAAgBsb,YACzB80C,EAAKh6D,MAAQ,IAAIyC,WAAWmH,GAE5BowD,EAAKh6D,MAAQ4J,EAGfowD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAKh6D,MAAMc,OAE3B,EAAG,CAkBD,GAjBuB,IAAnBk5D,EAAKqC,YACPrC,EAAKrwD,OAAS,IAAIq4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,GAGnBjC,EAAS2L,GAAqBjS,EAAM+R,IAEhCzL,IAAW4L,IAAiBnJ,IAC9BzC,EAASsL,GAAkClsE,KAAKs6D,KAAM+I,IAGpDzC,IAAW6L,KAAmC,IAAlBN,IAC9BvL,EAASoL,GACTG,GAAgB,GAGdvL,IAAW8L,IAAkB9L,IAAWoL,GAG1C,OAFAhsE,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,GACN,EAGL7I,EAAKuC,WACgB,IAAnBvC,EAAKqC,WAAmBiE,IAAW8L,KAAqC,IAAlBpS,EAAKgD,UAAmBwG,IAAUsI,IAActI,IAAU6I,KAClH3sE,KAAKikE,OAAOC,GAAgB5J,EAAKrwD,OAAQqwD,EAAKuC,YAW5B,IAAlBvC,EAAKgD,UAAqC,IAAnBhD,EAAKqC,YAC9BwP,GAAgB,UAGV7R,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAW8L,IAOnE,OALI9L,IAAW8L,KACb5I,EAAQsI,IAINtI,IAAUsI,IACZxL,EF8qCN,SAAoBtG,GAElB,IAAKA,IAASA,EAAK9qB,MACjB,OAAOmjB,GAGT,MAAMnjB,EAAQ8qB,EAAK9qB,MAKnB,OAJIA,EAAMqqB,SACRrqB,EAAMqqB,OAAS,MAEjBS,EAAK9qB,MAAQ,KACNgjB,EACT,CE1rCeoa,CAAwB5sE,KAAKs6D,MACtCt6D,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,EACNvC,IAAWoL,IAIhBlI,IAAU6I,KACZ3sE,KAAKgkE,MAAMgI,IACX1R,EAAKqC,UAAY,GACV,GAeXsH,OAAOliE,GACL/B,KAAK4xD,OAAO/vD,KAAKE,GAenBiiE,MAAMpD,GAEAA,IAAWoL,KACbhsE,KAAKyB,OAAS2iE,GAAoBpkE,KAAK4xD,SAEzC5xD,KAAK4xD,OAAS,GACd5xD,KAAKyhD,IAAMmf,EACX5gE,KAAK0lC,IAAM1lC,KAAKs6D,KAAK50B,KCxRzB,IAAImnC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS/rE,GACvBf,KAAKe,OAASA,EACdf,KAAK+sE,UAAY,EACjB/sE,KAAKgtE,QAAU,EACfhtE,KAAKitE,SAAU,CACjB,EAEAH,GAAU9rE,UAAUksE,YAAc,WAC3BltE,KAAKitE,UACRjtE,KAAKgtE,QAAUhtE,KAAKe,OAAOgG,WAC3B/G,KAAKitE,SAAU,EAEnB,EAGAH,GAAU9rE,UAAUE,KAAO,SAASyd,GAElC,IADA,IAAIld,EAAS,EACNkd,EAAO,GAAG,CACf3e,KAAKktE,cACL,IAAIC,EAAY,EAAIntE,KAAK+sE,UAEzB,GAAIpuD,GAAQwuD,EACV1rE,IAAW0rE,EACX1rE,GAAUorE,GAAQM,GAAantE,KAAKgtE,QACpChtE,KAAKitE,SAAU,EACfjtE,KAAK+sE,UAAY,EACjBpuD,GAAQwuD,MACH,CACL1rE,IAAWkd,EACX,IAAIrY,EAAQ6mE,EAAYxuD,EACxBld,IAAWzB,KAAKgtE,QAAWH,GAAQluD,IAASrY,IAAWA,EACvDtG,KAAK+sE,WAAapuD,EAClBA,EAAO,GAGX,OAAOld,CACT,EAGAqrE,GAAU9rE,UAAUosE,KAAO,SAAS/pE,GAClC,IAAIgqE,EAAQhqE,EAAM,EACdiqE,GAAUjqE,EAAMgqE,GAAS,EAC7BrtE,KAAK+sE,UAAYM,EACjBrtE,KAAKe,OAAOqsE,KAAKE,GACjBttE,KAAKitE,SAAU,CACjB,EAGAH,GAAU9rE,UAAUusE,GAAK,WACvB,IAA6BpqE,EAAzBoe,EAAM,IAAIxe,WAAW,GACzB,IAAKI,EAAI,EAAGA,EAAIoe,EAAIngB,OAAQ+B,IAC1Boe,EAAIpe,GAAKnD,KAAKkB,KAAK,GAErB,OAGF,SAAkBqgB,GAChB,OAAO1hB,MAAMmB,UAAUsH,IAAIxH,KAAKygB,GAAKrU,IAAM,KAAOA,EAAEP,SAAS,KAAKjL,OAAO,KAAIF,KAAK,GACpF,CALSgsE,CAASjsD,EAClB,EAMA,OAAiBurD,GC3FbW,GAAS,WACb,EAIAA,GAAOzsE,UAAU+F,SAAW,WAC1B,MAAU3D,MAAM,6CAClB,EAGAqqE,GAAOzsE,UAAUE,KAAO,SAASmD,EAAQqpE,EAAWtsE,GAElD,IADA,IAAIyK,EAAY,EACTA,EAAYzK,GAAQ,CACzB,IAAIob,EAAIxc,KAAK+G,WACb,GAAIyV,EAAI,EACN,OAAoB,IAAZ3Q,GAAkB,EAAIA,EAEhCxH,EAAOqpE,KAAelxD,EACtB3Q,IAEF,OAAOA,CACT,EACA4hE,GAAOzsE,UAAUosE,KAAO,SAASO,GAC/B,MAAUvqE,MAAM,yCAClB,EAGAqqE,GAAOzsE,UAAU4sE,UAAY,SAASC,GACpC,MAAUzqE,MAAM,6CAClB,EACAqqE,GAAOzsE,UAAUc,MAAQ,SAASuC,EAAQqpE,EAAWtsE,GACnD,IAAI+B,EACJ,IAAKA,EAAE,EAAGA,EAAE/B,EAAQ+B,IAClBnD,KAAK4tE,UAAUvpE,EAAOqpE,MAExB,OAAOtsE,CACT,EACAqsE,GAAOzsE,UAAUu+D,MAAQ,WACzB,EAEA,ICNMuO,MDMWL,OCNXK,GAAc,IAAIzoD,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKVjlB,KAAK+tE,OAAS,WACZ,OAAS9oD,IAAS,GAOpBjlB,KAAKguE,UAAY,SAAS3sE,GACxB4jB,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAM5jB,KAQjDrB,KAAKiuE,aAAe,SAAS5sE,EAAOyiC,GAClC,KAAOA,KAAU,GACf7e,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAM5jB,OCnDnD6sE,GAAM,SAASxvD,EAAOoB,GACxB,IAAwB3c,EAApB0zB,EAAMnY,EAAMoB,GAChB,IAAK3c,EAAI2c,EAAO3c,EAAI,EAAGA,IACrBub,EAAMvb,GAAKub,EAAMvb,EAAE,GAGrB,OADAub,EAAM,GAAKmY,EACJA,CACT,EAEIs3C,GAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,GACpBA,GAAcV,GAAIE,YAAyB,oBAC3CQ,GAAcV,GAAIG,eAAyB,gBAC3CO,GAAcV,GAAII,sBAAyB,uBAC3CM,GAAcV,GAAIK,uBAAyB,wBAC3CK,GAAcV,GAAIM,YAAyB,aAC3CI,GAAcV,GAAIO,eAAyB,gBAC3CG,GAAcV,GAAIQ,gBAAkB,kDAEpC,IAAIG,GAAS,SAASlO,EAAQmO,GAC5B,IAAIrpC,EAAMmpC,GAAcjO,IAAW,gBAC/BmO,IAAarpC,GAAO,KAAKqpC,GAC7B,IAAItqE,EAAI,IAAIytB,UAAUwT,GAEtB,MADAjhC,EAAEg4D,UAAYmE,EACRn8D,CACR,EAEIuqE,GAAS,SAASC,EAAaC,GACjClvE,KAAKmvE,SAAWnvE,KAAKovE,aAAepvE,KAAKqvE,WAAa,EAEtDrvE,KAAKsvE,cAAcL,EAAaC,EAClC,EACAF,GAAOhuE,UAAUuuE,YAAc,WAE7B,OADiBvvE,KAAKwvE,mBAKtBxvE,KAAKyvE,SAAW,IAAIC,IACb,IAJL1vE,KAAKqvE,YAAc,GACZ,EAIX,EAEAL,GAAOhuE,UAAUsuE,cAAgB,SAASL,EAAaC,GAErD,IAAI3tD,EAAM,IAAIxe,WAAW,GACW,IAAhCksE,EAAY/tE,KAAKqgB,EAAK,EAAG,IACuB,QAAhD7G,OAAOsC,aAAauE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CutD,GAAOX,GAAIG,cAAe,aAE5B,IAAIjU,EAAQ94C,EAAI,GAAK,IACjB84C,EAAQ,GAAKA,EAAQ,IACvByU,GAAOX,GAAIG,cAAe,sBAE5BtuE,KAAK2F,OAAS,IAAImnE,GAAUmC,GAI5BjvE,KAAK2vE,SAAW,IAAStV,EACzBr6D,KAAK4vE,WAAa,EAClB5vE,KAAKkvE,aAAeA,EACpBlvE,KAAK6vE,UAAY,CACnB,EACAb,GAAOhuE,UAAUwuE,gBAAkB,WACjC,IAAIrsE,EAAG4Z,EAAGV,EACN1W,EAAS3F,KAAK2F,OAId4W,EAAI5W,EAAO4nE,KACf,GAjFW,iBAiFPhxD,EACF,OAAO,EAnFG,iBAqFRA,GACFuyD,GAAOX,GAAIG,eACbtuE,KAAK8vE,eAAiBnqE,EAAOzE,KAAK,MAAQ,EAC1ClB,KAAK6vE,WAAa7vE,KAAK8vE,gBACH9vE,KAAK6vE,WAAa,EAAM7vE,KAAK6vE,YAAY,OAAU,EAInElqE,EAAOzE,KAAK,IACd4tE,GAAOX,GAAIQ,gBACb,IAAIoB,EAAcpqE,EAAOzE,KAAK,IAC1B6uE,EAAc/vE,KAAK2vE,UACrBb,GAAOX,GAAIM,WAAY,kCAMzB,IAAIpwD,EAAI1Y,EAAOzE,KAAK,IAChB8uE,EAAY,IAAIjtE,WAAW,KAAMktE,EAAW,EAChD,IAAK9sE,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIkb,EAAK,GAAM,GAAMlb,EAAK,CACxB,IAAI80C,EAAQ,GAAJ90C,EAER,IADAkZ,EAAI1W,EAAOzE,KAAK,IACX6b,EAAI,EAAGA,EAAI,GAAIA,IACdV,EAAK,GAAM,GAAMU,IACnBizD,EAAUC,KAAch4B,EAAIl7B,GAKpC,IAAImzD,EAAavqE,EAAOzE,KAAK,IACzBgvE,EAzHW,GAyHgBA,EAxHhB,IAyHbpB,GAAOX,GAAIM,YAKb,IAAI0B,EAAaxqE,EAAOzE,KAAK,IACV,IAAfivE,GACFrB,GAAOX,GAAIM,YAEb,IAAI2B,EAAY,IAAIrtE,WAAW,KAC/B,IAAKI,EAAI,EAAGA,EAAI+sE,EAAY/sE,IAC1BitE,EAAUjtE,GAAKA,EAEjB,IAAIktE,EAAY,IAAIttE,WAAWotE,GAE/B,IAAKhtE,EAAI,EAAGA,EAAIgtE,EAAYhtE,IAAK,CAE/B,IAAK4Z,EAAI,EAAGpX,EAAOzE,KAAK,GAAI6b,IACtBA,GAAKmzD,GAAYpB,GAAOX,GAAIM,YAElC4B,EAAUltE,GAAK+qE,GAAIkC,EAAWrzD,GAKhC,IACiBuzD,EADbC,EAAWN,EAAW,EACtBO,EAAS,GACb,IAAKzzD,EAAI,EAAGA,EAAImzD,EAAYnzD,IAAK,CAC/B,IAqBI0zD,EAASC,EArBTtvE,EAAS,IAAI2B,WAAWwtE,GAAWt8C,EAAO,IAAIk9B,YAAYwf,IAK9D,IADAtyD,EAAI1Y,EAAOzE,KAAK,GACXiC,EAAI,EAAGA,EAAIotE,EAAUptE,IAAK,CAC7B,MACMkb,EAAI,GAAKA,EAjKE,KAiKoBywD,GAAOX,GAAIM,YAG1C9oE,EAAOzE,KAAK,IAEZyE,EAAOzE,KAAK,GAGdmd,IAFAA,IAIJjd,EAAO+B,GAAKkb,EAMd,IADAoyD,EAASC,EAAStvE,EAAO,GACpB+B,EAAI,EAAGA,EAAIotE,EAAUptE,IACpB/B,EAAO+B,GAAKutE,EACdA,EAAStvE,EAAO+B,GACT/B,EAAO+B,GAAKstE,IACnBA,EAASrvE,EAAO+B,IAapBmtE,EAAW,GACXE,EAAO3uE,KAAKyuE,GACZA,EAASM,QAAU,IAAIzf,YAnMT,KAoMdmf,EAASrS,MAAQ,IAAI54C,YAAYsrD,IACjCL,EAAS7X,KAAO,IAAIpzC,YAAYsrD,IAChCL,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIG,EAAK,EACT,IAAK1tE,EAAIstE,EAAQttE,GAAKutE,EAAQvtE,IAE5B,IADA8wB,EAAK9wB,GAAKmtE,EAASrS,MAAM96D,GAAK,EACzBkb,EAAI,EAAGA,EAAIkyD,EAAUlyD,IACpBjd,EAAOid,KAAOlb,IAChBmtE,EAASM,QAAQC,KAAQxyD,GAG/B,IAAKlb,EAAI,EAAGA,EAAIotE,EAAUptE,IACxB8wB,EAAK7yB,EAAO+B,MAMd,IADA0tE,EAAKxyD,EAAI,EACJlb,EAAIstE,EAAQttE,EAAIutE,EAAQvtE,IAC3B0tE,GAAM58C,EAAK9wB,GAOXmtE,EAASrS,MAAM96D,GAAK0tE,EAAK,EACzBA,IAAO,EACPxyD,GAAK4V,EAAK9wB,GACVmtE,EAAS7X,KAAKt1D,EAAI,GAAK0tE,EAAKxyD,EAE9BiyD,EAASrS,MAAMyS,EAAS,GAAKhhE,OAAOohE,UACpCR,EAASrS,MAAMyS,GAAUG,EAAK58C,EAAKy8C,GAAU,EAC7CJ,EAAS7X,KAAKgY,GAAU,EAO1B,IAAIM,EAAY,IAAI1rD,YAAY,KAChC,IAAKliB,EAAI,EAAGA,EAAI,IAAKA,IACnBitE,EAAUjtE,GAAKA,EAEjB,IAA6C6tE,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOpxE,KAAKoxE,KAAO,IAAI/rD,YAAYrlB,KAAK2vE,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWc,GACPF,GAAYhB,GAAcrB,GAAOX,GAAIM,YACzC6B,EAAWE,EAAOH,EAAUc,OAG9BhuE,EAAImtE,EAASG,OACb1zD,EAAIpX,EAAOzE,KAAKiC,GAEVA,EAAImtE,EAASI,QAAU5B,GAAOX,GAAIM,cAClC1xD,GAAKuzD,EAASrS,MAAM96D,IAFnBA,IAIL4Z,EAAKA,GAAK,EAAKpX,EAAOzE,KAAK,KAG7B6b,GAAKuzD,EAAS7X,KAAKt1D,IACX,GAAK4Z,GAvQC,MAuQmB+xD,GAAOX,GAAIM,YAC5C,IAAI6C,EAAUhB,EAASM,QAAQ7zD,GAK/B,GA5Qc,IA4QVu0D,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY7yD,EAAIre,KAAK2vE,UAAYb,GAAOX,GAAIM,YAEhDsC,EADAC,EAAKhB,EAAUI,EAAU,MACR/xD,EACVA,KACL+yD,EAAKF,KAAeF,EAGxB,GAAIM,EAAUrB,EACZ,MAQEiB,GAAalxE,KAAK2vE,UAAYb,GAAOX,GAAIM,YAK7CsC,EAFAC,EAAKhB,EADLgB,EAAK9C,GAAIkC,EADTjtE,EAAImuE,EAAU,OAKdF,EAAKF,KAAeF,OA9CbC,IACHA,EAAS,EACT5yD,EAAI,GAUJA,GA1RU,IAyRRizD,EACGL,EAEA,EAAIA,EACXA,IAAW,EA0Cf,KAHIlB,EAAc,GAAKA,GAAemB,IAAapC,GAAOX,GAAIM,YAE9D1xD,EAAI,EACC5Z,EAAI,EAAGA,EAAI,IAAKA,IACnBkZ,EAAIU,EAAIg0D,EAAU5tE,GAClB4tE,EAAU5tE,GAAK4Z,EACfA,EAAIV,EAGN,IAAKlZ,EAAI,EAAGA,EAAI+tE,EAAW/tE,IAEzBiuE,EAAKL,EADLC,EAAe,IAAVI,EAAKjuE,MACcA,GAAK,EAC7B4tE,EAAUC,KAKZ,IAAI3tE,EAAM,EAAGkuE,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBluE,EAAM+tE,EAAKrB,IAEX1sE,IAAQ,EACRmuE,GAAO,GAETxxE,KAAKmvE,SAAW9rE,EAChBrD,KAAKovE,aAAemC,EACpBvxE,KAAKqvE,WAAa6B,EAClBlxE,KAAKyxE,SAAWD,GAET,CACT,EAOAxC,GAAOhuE,UAAU0wE,aAAe,SAASC,EAAcxhE,GACnD,IAAIyhE,EAAQC,EAAUC,EAKxB,GAAI9xE,KAAKqvE,WAAa,EAAK,OAAO,EAGlC,IAAI+B,EAAOpxE,KAAKoxE,KAAM/tE,EAAMrD,KAAKmvE,SAAUoC,EAAUvxE,KAAKovE,aACtD8B,EAAYlxE,KAAKqvE,WAAyBrvE,KAAK+xE,WAGnD,IAFA,IAAIP,EAAMxxE,KAAKyxE,SAERP,GAAW,CAehB,IAdAA,IACAW,EAAWN,EAEXA,EAAgB,KADhBluE,EAAM+tE,EAAK/tE,IAEXA,IAAQ,EACM,GAAVmuE,KACFI,EAASL,EACTO,EAAUD,EACVN,GAAW,IAEXK,EAAS,EACTE,EAAUP,GAEZvxE,KAAKyvE,SAASxB,aAAa6D,EAASF,GAC7BA,KACL5xE,KAAKkvE,aAAatB,UAAUkE,GAC5B9xE,KAAK4vE,aAEH2B,GAAWM,IACbL,EAAM,GASV,OAPAxxE,KAAKqvE,WAAa6B,EAEdlxE,KAAKyvE,SAAS1B,WAAa/tE,KAAK8vE,gBAClChB,GAAOX,GAAIM,WAAY,sBACRzuE,KAAKyvE,SAAS1B,SAASphE,SAAS,IACxC,aAAa3M,KAAK8vE,eAAenjE,SAAS,IAAI,KAEhD3M,KAAK4vE,UACd,EAEA,IAAIoC,GAAoB,SAAS1xE,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAI2uE,EAAc,IAAIxB,GAKtB,OAJAwB,EAAY5rE,IAAM,EAClB4rE,EAAYloE,SAAW,WAAa,OAAOzG,EAAMN,KAAKqD,QACtD4rE,EAAY7B,KAAO,SAAS/pE,GAAOrD,KAAKqD,IAAMA,GAC9C4rE,EAAYgD,IAAM,WAAa,OAAOjyE,KAAKqD,KAAO/C,EAAMc,QACjD6tE,CACT,EACIiD,GAAqB,SAASjoE,GAChC,IAAIilE,EAAe,IAAIzB,GACnB0E,GAAW,EACf,GAAIloE,EACF,GAAqB,mBACnBilE,EAAa7qE,OAAS,IAAItB,WAAWkH,GACrCkoE,GAAW,MACN,IAAI,cAAeloE,EACxB,OAAOA,EAEPilE,EAAa7qE,OAAS4F,EACtBkoE,GAAW,OAGbjD,EAAa7qE,OAAS,IAAItB,WAAW,OAuBvC,OArBAmsE,EAAa7rE,IAAM,EACnB6rE,EAAatB,UAAY,SAASC,GAChC,GAAIsE,GAAYnyE,KAAKqD,KAAOrD,KAAKqE,OAAOjD,OAAQ,CAC9C,IAAIgxE,EAAY,IAAIrvE,WAA8B,EAAnB/C,KAAKqE,OAAOjD,QAC3CgxE,EAAU5uE,IAAIxD,KAAKqE,QACnBrE,KAAKqE,OAAS+tE,EAEhBpyE,KAAKqE,OAAOrE,KAAKqD,OAASwqE,GAE5BqB,EAAamD,UAAY,WAEvB,GAAIryE,KAAKqD,MAAQrD,KAAKqE,OAAOjD,OAAQ,CACnC,IAAK+wE,EACH,MAAM,IAAIjgD,UAAU,2CACtB,IAAIkgD,EAAY,IAAIrvE,WAAW/C,KAAKqD,KACpC+uE,EAAU5uE,IAAIxD,KAAKqE,OAAOgI,SAAS,EAAGrM,KAAKqD,MAC3CrD,KAAKqE,OAAS+tE,EAEhB,OAAOpyE,KAAKqE,QAEd6qE,EAAaoD,UAAW,EACjBpD,CACT,EAqGA,OAhGe,SAAS5uE,EAAO2J,EAAQsoE,GAMrC,IAJA,IAAItD,EAAc+C,GAAkB1xE,GAChC4uE,EAAegD,GAAmBjoE,GAElCuoE,EAAK,IAAIxD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgD,OACxC,GAAIO,EAAGjD,cACLiD,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG7sE,OAAOzE,KAAK,MAAQ,EAM7C,GALIuxE,IAAoBD,EAAG3C,WACzBf,GAAOX,GAAIM,WAAY,uBACR+D,EAAG3C,UAAUljE,SAAS,IAC9B,aAAa8lE,EAAgB9lE,SAAS,IAAI,MAE/C4lE,KACA,QAAStD,IACRA,EAAYgD,MAGV,MADLO,EAAGlD,cAAcL,EAAaC,GAIpC,GAAI,cAAeA,EACjB,OAAOA,EAAamD,WACxB,EC/eA,MAAMK,GACOhyD,iBACT,OAAOU,GAAMnM,OAAOU,YAMtB7V,YAAY6yE,EAAO,IAAI33D,MACrBhb,KAAK2iD,OAASvhC,GAAMjL,QAAQG,KAC5BtW,KAAK2yE,KAAOn4D,GAAKc,cAAcq3D,GAC/B3yE,KAAKqW,KAAO,KACZrW,KAAKkK,KAAO,KACZlK,KAAK4yE,SAAW,GASlBC,QAAQx8D,EAAMssC,EAASvhC,GAAMjL,QAAQG,MACnCtW,KAAK2iD,OAASA,EACd3iD,KAAKqW,KAAOA,EACZrW,KAAKkK,KAAO,KASd4oE,QAAQnxE,GAAQ,GAId,OAHkB,OAAd3B,KAAKqW,MAAiBmE,GAAK9X,SAAS1C,KAAKqW,SAC3CrW,KAAKqW,KAAOmE,GAAK+C,WAAW/C,GAAKyF,UAAUjgB,KAAK+yE,SAASpxE,MAEpD3B,KAAKqW,KAQd28D,SAAS1rE,EAAOq7C,GACd3iD,KAAK2iD,OAASA,EACd3iD,KAAKkK,KAAO5C,EACZtH,KAAKqW,KAAO,KASd08D,SAASpxE,GAAQ,GAKf,OAJkB,OAAd3B,KAAKkK,OAEPlK,KAAKkK,KAAOsQ,GAAKoF,gBAAgBpF,GAAK0C,WAAWld,KAAKqW,QAEpD1U,EACKslB,GAAoBjnB,KAAKkK,MAE3BlK,KAAKkK,KAQd+oE,YAAYL,GACV5yE,KAAK4yE,SAAWA,EAQlBM,cACE,OAAOlzE,KAAK4yE,SAUdzxE,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UAExB,MAAMwhD,QAAeh9C,EAAOoB,WAEtBqsE,QAAqBztE,EAAOoB,WAClC/G,KAAK4yE,SAAWp4D,GAAK+C,iBAAiB5X,EAAOuB,UAAUksE,IAEvDpzE,KAAK2yE,KAAOn4D,GAAKO,eAAepV,EAAOuB,UAAU,IAEjD,IAAIgD,EAAOvE,EAAOmF,YACdsc,EAAqBld,KAAOA,QAAa8c,GAAiB9c,IAC9DlK,KAAKgzE,SAAS9oE,EAAMy4C,EAAO,IAS/B0D,cACE,MAAMusB,EAAWp4D,GAAK0C,WAAWld,KAAK4yE,UAChCS,EAAkB,IAAItwE,WAAW,CAAC6vE,EAASxxE,SAE3CuhD,EAAS,IAAI5/C,WAAW,CAAC/C,KAAK2iD,SAC9BgwB,EAAOn4D,GAAKS,UAAUjb,KAAK2yE,MAEjC,OAAOn4D,GAAKxX,iBAAiB,CAAC2/C,EAAQ0wB,EAAiBT,EAAUD,IAQnE7wE,QACE,MAAM4iB,EAAS1kB,KAAKqmD,cACdn8C,EAAOlK,KAAK+yE,WAElB,OAAOv4D,GAAK5T,OAAO,CAAC8d,EAAQxa,KCxIhC,MAAMopE,GAAW9zE,OAAO,YAKlB+zE,GAA4B,IAAI9vD,IAAI,CACxCrC,GAAM/J,mBAAmBW,OACzBoJ,GAAM/J,mBAAmByB,kBACzBsI,GAAM/J,mBAAmBwB,oBAW3B,MAAM26D,GACO9yD,iBACT,OAAOU,GAAMnM,OAAOE,UAGtBrV,cACEE,KAAKiiD,QAAU,KAEfjiD,KAAKyzE,cAAgB,KAErBzzE,KAAK0zE,cAAgB,KAErB1zE,KAAK2zE,mBAAqB,KAE1B3zE,KAAK4zE,cAAgB,KACrB5zE,KAAK6zE,mBAAqB,GAC1B7zE,KAAK8zE,gBAAkB,KAEvB9zE,KAAK+zE,QAAU,KACf/zE,KAAKuX,wBAA0B,KAC/BvX,KAAKg0E,uBAAwB,EAC7Bh0E,KAAKi0E,WAAa,KAClBj0E,KAAKk0E,WAAa,KAClBl0E,KAAKm0E,YAAc,KACnBn0E,KAAK0X,kBAAoB,KACzB1X,KAAK2X,UAAY,KACjB3X,KAAK4X,kBAAoB,KACzB5X,KAAKo0E,gBAAkB,KACvBp0E,KAAK8X,6BAA+B,KACpC9X,KAAKq0E,mBAAqB,KAC1Br0E,KAAKs0E,uBAAyB,KAC9Bt0E,KAAKu0E,yBAA2B,KAChCv0E,KAAKw0E,YAAc,IAAI/sD,GACvBznB,KAAKy0E,aAAe,GACpBz0E,KAAK00E,UAAY,GACjB10E,KAAKkY,wBAA0B,KAC/BlY,KAAKmY,+BAAiC,KACtCnY,KAAKoY,qBAAuB,KAC5BpY,KAAKqY,mBAAqB,KAC1BrY,KAAK20E,gBAAkB,KACvB30E,KAAKuY,UAAY,KACjBvY,KAAKwY,SAAW,KAChBxY,KAAKyY,cAAgB,KACrBzY,KAAK40E,wBAA0B,KAC/B50E,KAAK60E,0BAA4B,KACjC70E,KAAK2Y,SAAW,KAChB3Y,KAAK80E,kCAAoC,KACzC90E,KAAK+0E,6BAA+B,KACpC/0E,KAAKg1E,oBAAsB,KAC3Bh1E,KAAK6Y,kBAAoB,KACzB7Y,KAAKi1E,iBAAmB,KACxBj1E,KAAK8Y,kBAAoB,KACzB9Y,KAAK+Y,wBAA0B,KAE/B/Y,KAAKk1E,QAAU,KACfl1E,KAAKszE,IAAY,KAQnBpyE,KAAKoG,GACH,IAAInE,EAAI,EAGR,GAFAnD,KAAKiiD,QAAU36C,EAAMnE,KAEA,IAAjBnD,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAC7B,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,mDAS7C,GANAjiD,KAAKyzE,cAAgBnsE,EAAMnE,KAC3BnD,KAAK2zE,mBAAqBrsE,EAAMnE,KAChCnD,KAAK0zE,cAAgBpsE,EAAMnE,KAG3BA,GAAKnD,KAAKm1E,eAAe7tE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAAS,IACrDpB,KAAK+zE,QACR,MAAU3wE,MAAM,8CASlBpD,KAAK4zE,cAAgBtsE,EAAM+E,SAAS,EAAGlJ,GAGvCA,GAAKnD,KAAKm1E,eAAe7tE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAAS,GAG1DpB,KAAK8zE,gBAAkBxsE,EAAM+E,SAASlJ,EAAGA,EAAI,GAC7CA,GAAK,EAELnD,KAAKonD,OAASvoC,GAAO1J,UAAUigE,qBAAqBp1E,KAAK2zE,mBAAoBrsE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAMvGi0E,cACE,OAAIr1E,KAAKonD,kBAAkBnnD,QAClBq1E,IACLn0E,SAAY0d,GAAO02D,gBAAgBv1E,KAAK2zE,yBAA0B3zE,KAAKonD,UAGpEvoC,GAAO02D,gBAAgBv1E,KAAK2zE,mBAAoB3zE,KAAKonD,QAG9DtlD,QACE,MAAMg7C,EAAM,GAKZ,OAJAA,EAAIj7C,KAAK7B,KAAK4zE,eACd92B,EAAIj7C,KAAK7B,KAAKw1E,2BACd14B,EAAIj7C,KAAK7B,KAAK8zE,iBACdh3B,EAAIj7C,KAAK7B,KAAKq1E,eACP76D,GAAK5T,OAAOk2C,GAYrB37C,WAAW6V,EAAK9M,EAAMyoE,EAAO,IAAI33D,KAAQwiC,GAAW,GAC9B,IAAhBxmC,EAAIirC,QACNjiD,KAAKiiD,QAAU,EAEfjiD,KAAKiiD,QAAU,EAEjB,MAAMnF,EAAM,CAAC,IAAI/5C,WAAW,CAAC/C,KAAKiiD,QAASjiD,KAAKyzE,cAAezzE,KAAK2zE,mBAAoB3zE,KAAK0zE,iBAE7F1zE,KAAK+zE,QAAUv5D,GAAKc,cAAcq3D,GAClC3yE,KAAKi1E,iBAAmBj+D,EAAIirC,QAC5BjiD,KAAK8Y,kBAAoB9B,EAAIy+D,sBAC7Bz1E,KAAKw0E,YAAcx9D,EAAI0+D,WAGvB54B,EAAIj7C,KAAK7B,KAAK21E,yBAKd31E,KAAK6zE,mBAAqB,GAE1B7zE,KAAK4zE,cAAgBp5D,GAAK5T,OAAOk2C,GAEjC,MAAM84B,EAAS51E,KAAK41E,OAAO51E,KAAKyzE,cAAevpE,EAAMszC,GAC/CppC,QAAapU,KAAKoU,KAAKpU,KAAKyzE,cAAevpE,EAAM0rE,EAAQp4B,GAE/Dx9C,KAAK8zE,gBAAkB+B,GAAaC,EAAa1hE,GAAO,EAAG,GAC3D,MAAMsF,EAASvY,SAAY0d,GAAO1J,UAAUgoC,KAC1Cn9C,KAAK2zE,mBAAoB3zE,KAAK0zE,cAAe18D,EAAIq4C,aAAcr4C,EAAIq5C,cAAeulB,QAAc5uD,GAAiB5S,IAE/GoG,GAAK9X,SAAS0R,GAChBpU,KAAKonD,OAAS1tC,KAEd1Z,KAAKonD,aAAe1tC,IAMpB1Z,KAAKszE,KAAY,GAQrBqC,wBACE,MAAMvoE,EAAMgU,GAAM/J,mBACZylC,EAAM,GACZ,IAAIx1C,EACJ,GAAqB,OAAjBtH,KAAK+zE,QACP,MAAU3wE,MAAM,mCAElB05C,EAAIj7C,KAAKk0E,GAAe3oE,EAAIkK,uBAAuB,EAAMkD,GAAKS,UAAUjb,KAAK+zE,WACxC,OAAjC/zE,KAAKuX,yBACPulC,EAAIj7C,KAAKk0E,GAAe3oE,EAAImK,yBAAyB,EAAMiD,GAAKM,YAAY9a,KAAKuX,wBAAyB,KAEpF,OAApBvX,KAAKi0E,YACPn3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIoK,yBAAyB,EAAM,IAAIzU,WAAW,CAAC/C,KAAKi0E,WAAa,EAAI,MAE3E,OAApBj0E,KAAKk0E,aACP5sE,EAAQ,IAAIvE,WAAW,CAAC/C,KAAKk0E,WAAYl0E,KAAKm0E,cAC9Cr3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIqK,gBAAgB,EAAMnQ,KAErB,OAA3BtH,KAAK0X,mBACPolC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIsK,mBAAmB,EAAM1X,KAAK0X,oBAErC,OAAnB1X,KAAK2X,WACPmlC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIuK,WAAW,EAAM,IAAI5U,WAAW,CAAC/C,KAAK2X,UAAY,EAAI,MAErD,OAA3B3X,KAAK4X,mBACPklC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIwK,mBAAmB,EAAM4C,GAAKM,YAAY9a,KAAK4X,kBAAmB,KAEtD,OAAtC5X,KAAK8X,+BACPxQ,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK8X,+BAC7DglC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI0K,8BAA8B,EAAOxQ,KAEnC,OAA5BtH,KAAKq0E,qBACP/sE,EAAQ,IAAIvE,WAAW,CAAC/C,KAAKq0E,mBAAoBr0E,KAAKs0E,yBACtDhtE,EAAQkT,GAAK5T,OAAO,CAACU,EAAOtH,KAAKu0E,2BACjCz3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAI2K,eAAe,EAAOzQ,KAE/CtH,KAAKw0E,YAAYzsD,UAAsC,IAA1B/nB,KAAKi1E,kBAGrCn4B,EAAIj7C,KAAKk0E,GAAe3oE,EAAI4K,QAAQ,EAAMhY,KAAKw0E,YAAY1yE,UAE7D9B,KAAKy0E,aAAanxE,SAAQ,EAAGgI,OAAMjK,QAAO20E,gBAAeC,eACvD3uE,EAAQ,CAAC,IAAIvE,WAAW,CAACizE,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAME,EAAc17D,GAAK0C,WAAW5R,GAEpChE,EAAMzF,KAAK2Y,GAAKM,YAAYo7D,EAAY90E,OAAQ,IAEhDkG,EAAMzF,KAAK2Y,GAAKM,YAAYzZ,EAAMD,OAAQ,IAC1CkG,EAAMzF,KAAKq0E,GACX5uE,EAAMzF,KAAKR,GACXiG,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAI6K,aAAcg+D,EAAU3uE,GAAO,IAExB,OAAjCtH,KAAKkY,0BACP5Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKkY,0BAC7D4kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI8K,yBAAyB,EAAO5Q,KAElB,OAAxCtH,KAAKmY,iCACP7Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKmY,iCAC7D2kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI+K,gCAAgC,EAAO7Q,KAEnC,OAA9BtH,KAAKoY,uBACP9Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKoY,uBAC7D0kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIgL,sBAAsB,EAAO9Q,KAE3B,OAA5BtH,KAAKqY,oBACPykC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIiL,oBAAoB,EAAOmC,GAAK0C,WAAWld,KAAKqY,sBAEjD,OAAzBrY,KAAK20E,iBACP73B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIkL,eAAe,EAAO,IAAIvV,WAAW,CAAC/C,KAAK20E,gBAAkB,EAAI,MAExE,OAAnB30E,KAAKuY,WACPukC,EAAIj7C,KAAKk0E,GAAe3oE,EAAImL,WAAW,EAAOiC,GAAK0C,WAAWld,KAAKuY,aAE/C,OAAlBvY,KAAKwY,WACPlR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKwY,WAC7DskC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIoL,UAAU,EAAMlR,KAEnB,OAAvBtH,KAAKyY,eACPqkC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIqL,eAAe,EAAO+B,GAAK0C,WAAWld,KAAKyY,iBAEpC,OAAjCzY,KAAK40E,0BACPttE,EAAQkT,GAAKiC,mBAAmB/B,OAAOsC,aAAahd,KAAK40E,yBAA2B50E,KAAK60E,2BACzF/3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIsL,qBAAqB,EAAMpR,KAEnC,OAAlBtH,KAAK2Y,WACPrR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK2Y,WAC7DmkC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIuL,UAAU,EAAOrR,KAEA,OAA3CtH,KAAK80E,oCACPxtE,EAAQ,CAAC,IAAIvE,WAAW,CAAC/C,KAAK80E,kCAAmC90E,KAAK+0E,gCACtEztE,EAAMzF,KAAK2Y,GAAKiC,mBAAmBzc,KAAKg1E,sBACxC1tE,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAIwL,iBAAiB,EAAMtR,KAEtB,OAA3BtH,KAAK6Y,mBACPikC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIyL,mBAAmB,EAAM7Y,KAAK6Y,kBAAkB/W,UAE/C,OAA3B9B,KAAK8Y,oBACPxR,EAAQ,CAAC,IAAIvE,WAAW,CAAC/C,KAAKi1E,mBAAoBj1E,KAAK8Y,mBACvDxR,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAI0L,kBAAoC,IAAjB9Y,KAAKiiD,QAAe36C,KAEhC,OAAjCtH,KAAK+Y,0BACPzR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK+Y,0BAC7D+jC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI2L,yBAAyB,EAAOzR,KAG9D,MAAM7F,EAAS+Y,GAAK5T,OAAOk2C,GACrB17C,EAASoZ,GAAKM,YAAYrZ,EAAOL,OAAQ,GAE/C,OAAOoZ,GAAK5T,OAAO,CAACxF,EAAQK,IAO9B+zE,0BACE,MAAM14B,EAAM,GACZ98C,KAAK6zE,mBAAmBvwE,SAAQ4G,IAC9B4yC,EAAIj7C,KAAKmkD,GAAkB97C,EAAK9I,SAChC07C,EAAIj7C,KAAKqI,EAAK,IAGhB,MAAMzI,EAAS+Y,GAAK5T,OAAOk2C,GACrB17C,EAASoZ,GAAKM,YAAYrZ,EAAOL,OAAQ,GAE/C,OAAOoZ,GAAK5T,OAAO,CAACxF,EAAQK,IAI9B00E,cAAc7uE,EAAOg7B,GAAS,GAC5B,IAAI8zC,EAAQ,EAGZ,MAAMH,KAA6B,IAAf3uE,EAAM8uE,IACpBh8D,EAAsB,IAAf9S,EAAM8uE,GAEnB,GAAK9zC,IACHtiC,KAAK6zE,mBAAmBhyE,KAAKyF,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACpDmyE,GAA0BntE,IAAIgU,IAQrC,OAHAg8D,IAGQh8D,GACN,KAAKgH,GAAM/J,mBAAmBC,sBAE5BtX,KAAK+zE,QAAUv5D,GAAKO,SAASzT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACzD,MACF,KAAKggB,GAAM/J,mBAAmBE,wBAAyB,CAErD,MAAM8+D,EAAU77D,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAE5DpB,KAAKg0E,sBAAoC,IAAZqC,EAC7Br2E,KAAKuX,wBAA0B8+D,EAE/B,MAEF,KAAKj1D,GAAM/J,mBAAmBG,wBAE5BxX,KAAKi0E,WAAgC,IAAnB3sE,EAAM8uE,KACxB,MACF,KAAKh1D,GAAM/J,mBAAmBI,eAE5BzX,KAAKk0E,WAAa5sE,EAAM8uE,KACxBp2E,KAAKm0E,YAAc7sE,EAAM8uE,KACzB,MACF,KAAKh1D,GAAM/J,mBAAmBK,kBAE5B1X,KAAK0X,kBAAoBpQ,EAAM8uE,GAC/B,MACF,KAAKh1D,GAAM/J,mBAAmBM,UAE5B3X,KAAK2X,UAA+B,IAAnBrQ,EAAM8uE,KACvB,MACF,KAAKh1D,GAAM/J,mBAAmBO,kBAAmB,CAE/C,MAAMy+D,EAAU77D,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAE5DpB,KAAK4X,kBAAoBy+D,EACzBr2E,KAAKo0E,gBAA8B,IAAZiC,EAEvB,MAEF,KAAKj1D,GAAM/J,mBAAmBS,6BAE5B9X,KAAK8X,6BAA+B,IAAIxQ,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACpE,MACF,KAAKggB,GAAM/J,mBAAmBU,cAK5B/X,KAAKq0E,mBAAqB/sE,EAAM8uE,KAChCp2E,KAAKs0E,uBAAyBhtE,EAAM8uE,KACpCp2E,KAAKu0E,yBAA2BjtE,EAAM+E,SAAS+pE,EAAOA,EAAQ,IAC9D,MAEF,KAAKh1D,GAAM/J,mBAAmBW,OAE5BhY,KAAKw0E,YAAYtzE,KAAKoG,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAClD,MAEF,KAAKggB,GAAM/J,mBAAmBY,aAAc,CAE1C,MAAM+9D,KAAkC,IAAf1uE,EAAM8uE,IAG/BA,GAAS,EACT,MAAM5oE,EAAIgN,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAM5pE,EAAIgO,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM9qE,EAAOkP,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAOA,EAAQ5oE,IACrDnM,EAAQiG,EAAM+E,SAAS+pE,EAAQ5oE,EAAG4oE,EAAQ5oE,EAAIhB,GAEpDxM,KAAKy0E,aAAa5yE,KAAK,CAAEyJ,OAAM0qE,gBAAe30E,QAAO40E,aAEjDD,IACFh2E,KAAK00E,UAAUppE,GAAQkP,GAAK+C,WAAWlc,IAEzC,MAEF,KAAK+f,GAAM/J,mBAAmBa,wBAE5BlY,KAAKkY,wBAA0B,IAAI5Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC/D,MACF,KAAKggB,GAAM/J,mBAAmBc,+BAE5BnY,KAAKmY,+BAAiC,IAAI7Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACtE,MACF,KAAKggB,GAAM/J,mBAAmBe,qBAE5BpY,KAAKoY,qBAAuB,IAAI9Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC5D,MACF,KAAKggB,GAAM/J,mBAAmBgB,mBAE5BrY,KAAKqY,mBAAqBmC,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACtE,MACF,KAAKggB,GAAM/J,mBAAmBiB,cAE5BtY,KAAK20E,gBAAqC,IAAnBrtE,EAAM8uE,KAC7B,MACF,KAAKh1D,GAAM/J,mBAAmBkB,UAE5BvY,KAAKuY,UAAYiC,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC7D,MACF,KAAKggB,GAAM/J,mBAAmBmB,SAE5BxY,KAAKwY,SAAW,IAAIlR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAChD,MACF,KAAKggB,GAAM/J,mBAAmBoB,cAE5BzY,KAAKyY,cAAgB+B,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACjE,MACF,KAAKggB,GAAM/J,mBAAmBqB,oBAE5B1Y,KAAK40E,wBAA0BttE,EAAM8uE,KACrCp2E,KAAK60E,0BAA4Br6D,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC7E,MACF,KAAKggB,GAAM/J,mBAAmBsB,SAE5B3Y,KAAK2Y,SAAW,IAAIrR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAChD,MACF,KAAKggB,GAAM/J,mBAAmBuB,gBAAiB,CAG7C5Y,KAAK80E,kCAAoCxtE,EAAM8uE,KAC/Cp2E,KAAK+0E,6BAA+BztE,EAAM8uE,KAE1C,MAAMjmE,EAAM0O,GAAOixB,kBAAkB9vC,KAAK+0E,8BAE1C/0E,KAAKg1E,oBAAsBx6D,GAAKqC,mBAAmBvV,EAAM+E,SAAS+pE,EAAOA,EAAQjmE,IACjF,MAEF,KAAKiR,GAAM/J,mBAAmBwB,kBAE5B7Y,KAAK6Y,kBAAoB,IAAI26D,GAC7BxzE,KAAK6Y,kBAAkB3X,KAAKoG,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACxD,MACF,KAAKggB,GAAM/J,mBAAmByB,kBAE5B9Y,KAAKi1E,iBAAmB3tE,EAAM8uE,KAC9Bp2E,KAAK8Y,kBAAoBxR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,QACvB,IAA1BpB,KAAKi1E,iBACPj1E,KAAKw0E,YAAYtzE,KAAKlB,KAAK8Y,mBAE3B9Y,KAAKw0E,YAAYtzE,KAAKlB,KAAK8Y,kBAAkBzM,UAAU,IAEzD,MACF,KAAK+U,GAAM/J,mBAAmB0B,wBAE5B/Y,KAAK+Y,wBAA0B,IAAIzR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC/D,MACF,QAAS,CACP,MAAMqgD,EAAUr+C,MAAM,oCAAoCgX,GAC1D,GAAI67D,EACF,MAAMx0B,EAENjnC,GAAK0D,WAAWujC,KAMxB0zB,eAAe7tE,EAAOgvE,GAAU,EAAMxxD,GAEpC,MAAMyxD,EAAkB/7D,GAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IAE1D,IAAIlJ,EAAI,EAGR,KAAOA,EAAI,EAAIozE,GAAiB,CAC9B,MAAMpmE,EAAM41C,GAAiBz+C,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SACrD+B,GAAKgN,EAAII,OAETvQ,KAAKm2E,cAAc7uE,EAAM+E,SAASlJ,EAAGA,EAAIgN,EAAIA,KAAMmmE,EAASxxD,GAE5D3hB,GAAKgN,EAAIA,IAGX,OAAOhN,EAITqzE,OAAOp8D,EAAMlQ,GACX,MAAMmU,EAAI+C,GAAMjM,UAEhB,OAAQiF,GACN,KAAKiE,EAAEjI,OACL,OAAkB,OAAdlM,EAAKmM,KACAmE,GAAK0C,WAAWhT,EAAK4oE,SAAQ,IAE/B5oE,EAAK6oE,UAAS,GAEvB,KAAK10D,EAAEhI,KAAM,CACX,MAAM/O,EAAQ4C,EAAK6oE,UAAS,GAE5B,OAAOv4D,GAAKoF,gBAAgBtY,GAE9B,KAAK+W,EAAE7H,WACL,OAAO,IAAIzT,WAAW,GAExB,KAAKsb,EAAE5H,YACP,KAAK4H,EAAE3H,YACP,KAAK2H,EAAE1H,WACP,KAAK0H,EAAEzH,aACP,KAAKyH,EAAExH,eAAgB,CACrB,IAAI5B,EACAyL,EAEJ,GAAIxW,EAAK2L,OACP6K,EAAM,IACNzL,EAAS/K,EAAK2L,WACT,KAAI3L,EAAK6L,cAId,MAAU3S,MAAM,mFAHhBsd,EAAM,IACNzL,EAAS/K,EAAK6L,cAMhB,MAAMzO,EAAQ2N,EAAOnT,QAErB,OAAO0Y,GAAK5T,OAAO,CAAC5G,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GACrC,IAAInH,WAAW,CAAC2d,IAChBlG,GAAKM,YAAYxT,EAAMlG,OAAQ,GAC/BkG,IAEJ,KAAK+W,EAAEvH,cACP,KAAKuH,EAAEnH,iBACP,KAAKmH,EAAEtH,WACL,OAAOyD,GAAK5T,OAAO,CAAC5G,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GAAOlK,KAAKw2E,OAAOn4D,EAAErH,IAAK,CAC/DA,IAAK9M,EAAKrE,SAGd,KAAKwY,EAAErH,IACL,QAAiB/V,IAAbiJ,EAAK8M,IACP,MAAU5T,MAAM,8CAElB,OAAO8G,EAAK8M,IAAIy/D,aAAaz2E,KAAKiiD,SAEpC,KAAK5jC,EAAEpH,cACL,OAAOjX,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GAC5B,KAAKmU,EAAElH,UACL,OAAO,IAAIpU,WAAW,GACxB,KAAKsb,EAAEjH,WACL,MAAUhU,MAAM,mBAClB,QACE,MAAUA,MAAM,4BAItBszE,iBAAiBxsE,EAAMszC,GACrB,IAAIp8C,EAAS,EACb,OAAOub,EAAiBm5D,EAAa91E,KAAK4zE,gBAAgBvyE,IACxDD,GAAUC,EAAMD,MAAM,IACrB,KACD,MAAM07C,EAAM,GAeZ,OAdqB,IAAjB98C,KAAKiiD,SAAkBjiD,KAAKyzE,gBAAkBryD,GAAMjM,UAAUiB,QAAUpW,KAAKyzE,gBAAkBryD,GAAMjM,UAAUkB,OAC7GmnC,EACFV,EAAIj7C,KAAK,IAAIkB,WAAW,IAExB+5C,EAAIj7C,KAAKqI,EAAKm8C,gBAGlBvJ,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKiiD,QAAS,OAClB,IAAjBjiD,KAAKiiD,SACPnF,EAAIj7C,KAAK,IAAIkB,WAAW,IAE1B+5C,EAAIj7C,KAAK2Y,GAAKM,YAAY1Z,EAAQ,IAG3BoZ,GAAK5T,OAAOk2C,EAAI,IAI3B84B,OAAOnC,EAAevpE,EAAMszC,GAAW,GACrC,MAAMl2C,EAAQtH,KAAKw2E,OAAO/C,EAAevpE,GAEzC,OAAOsQ,GAAK5T,OAAO,CAACU,EAAOtH,KAAK4zE,cAAe5zE,KAAK02E,iBAAiBxsE,EAAMszC,KAG7Er8C,WAAWsyE,EAAevpE,EAAM0rE,EAAQp4B,GAAW,GAEjD,OADKo4B,IAAQA,EAAS51E,KAAK41E,OAAOnC,EAAevpE,EAAMszC,IAChD3+B,GAAOzK,KAAK+zB,OAAOnoC,KAAK0zE,cAAekC,GAehDz0E,aAAa6V,EAAKy8D,EAAevpE,EAAMyoE,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IACnF,IAAKpmB,KAAKw0E,YAAY7sD,OAAO3Q,EAAI0+D,YAC/B,MAAUtyE,MAAM,oDAElB,GAAIpD,KAAK2zE,qBAAuB38D,EAAIkzC,UAClC,MAAU9mD,MAAM,oFAGlB,MAAMuzE,EAAqBlD,IAAkBryD,GAAMjM,UAAUiB,QAAUq9D,IAAkBryD,GAAMjM,UAAUkB,KAIzG,KADmBrW,KAAKszE,MAAcqD,GACrB,CACf,IAAIf,EACAxhE,EAQJ,GAPIpU,KAAKsiC,OACPluB,QAAapU,KAAKsiC,QAElBszC,EAAS51E,KAAK41E,OAAOnC,EAAevpE,EAAMszC,GAC1CppC,QAAapU,KAAKoU,KAAKq/D,EAAevpE,EAAM0rE,IAE9CxhE,QAAa4S,GAAiB5S,GAC1BpU,KAAK8zE,gBAAgB,KAAO1/D,EAAK,IACjCpU,KAAK8zE,gBAAgB,KAAO1/D,EAAK,GACnC,MAAUhR,MAAM,+BAUlB,GAPApD,KAAKonD,aAAepnD,KAAKonD,OAEzBpnD,KAAKszE,UAAkBz0D,GAAO1J,UAAUuoC,OACtC19C,KAAK2zE,mBAAoB3zE,KAAK0zE,cAAe1zE,KAAKonD,OAAQpwC,EAAIq4C,aAC9DumB,EAAQxhE,IAGLpU,KAAKszE,IACR,MAAUlwE,MAAM,iCAIpB,MAAMwzE,EAAWp8D,GAAKc,cAAcq3D,GACpC,GAAIiE,GAAY52E,KAAK+zE,QAAU6C,EAC7B,MAAUxzE,MAAM,4CAElB,GAAIwzE,GAAYA,GAAY52E,KAAK62E,oBAC/B,MAAUzzE,MAAM,wBAElB,GAAI0hB,EAAOT,qBAAqBje,IAAIpG,KAAK0zE,eACvC,MAAUtwE,MAAM,4BAA8Bge,GAAMlgB,KAAKkgB,GAAMhN,KAAMpU,KAAK0zE,eAAeoD,eAE3F,GAAIhyD,EAAOR,4BAA4Ble,IAAIpG,KAAK0zE,gBAC9C,CAACtyD,GAAMjM,UAAUiB,OAAQgL,GAAMjM,UAAUkB,MAAMwL,SAAS7hB,KAAKyzE,eAC7D,MAAUrwE,MAAM,oCAAsCge,GAAMlgB,KAAKkgB,GAAMhN,KAAMpU,KAAK0zE,eAAeoD,eAOnG,GALA92E,KAAKy0E,aAAanxE,SAAQ,EAAGgI,OAAM2qE,eACjC,GAAIA,GAAanxD,EAAOX,eAAexd,QAAQ2E,GAAQ,EACrD,MAAUlI,MAAM,8BAA8BkI,MAGlB,OAA5BtL,KAAKq0E,mBACP,MAAUjxE,MAAM,iGASpB2zE,UAAUpE,EAAO,IAAI33D,MACnB,MAAM47D,EAAWp8D,GAAKc,cAAcq3D,GACpC,OAAiB,OAAbiE,KACO52E,KAAK+zE,SAAW6C,GAAYA,EAAW52E,KAAK62E,qBASzDA,oBACE,OAAO72E,KAAKg0E,sBAAwBpoE,IAAW,IAAIoP,KAAKhb,KAAK+zE,QAAQ14D,UAA2C,IAA/Brb,KAAKuX,0BAgB1F,SAASw+D,GAAe37D,EAAM67D,EAAU/rE,GACtC,MAAM4yC,EAAM,GAIZ,OAHAA,EAAIj7C,KAAKmkD,GAAkB97C,EAAK9I,OAAS,IACzC07C,EAAIj7C,KAAK,IAAIkB,WAAW,EAAEkzE,EAAW,IAAO,GAAK77D,KACjD0iC,EAAIj7C,KAAKqI,GACFsQ,GAAK5T,OAAOk2C,EACrB,CC9tBA,MAAMk6B,GACOt2D,iBACT,OAAOU,GAAMnM,OAAOI,iBAGtBvV,cAEEE,KAAKiiD,QAAU,KAQfjiD,KAAKyzE,cAAgB,KAMrBzzE,KAAK0zE,cAAgB,KAMrB1zE,KAAK2zE,mBAAqB,KAE1B3zE,KAAKw0E,YAAc,KAMnBx0E,KAAK0pE,MAAQ,KAQfxoE,KAAKoG,GACH,IAAI8uE,EAAQ,EAGZ,GADAp2E,KAAKiiD,QAAU36C,EAAM8uE,KA1DT,IA2DRp2E,KAAKiiD,QACP,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,4DAuB7C,OAlBAjiD,KAAKyzE,cAAgBnsE,EAAM8uE,KAG3Bp2E,KAAK0zE,cAAgBpsE,EAAM8uE,KAG3Bp2E,KAAK2zE,mBAAqBrsE,EAAM8uE,KAGhCp2E,KAAKw0E,YAAc,IAAI/sD,GACvBznB,KAAKw0E,YAAYtzE,KAAKoG,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACpDA,GAAS,EAMTp2E,KAAK0pE,MAAQpiE,EAAM8uE,KACZp2E,KAOT8B,QACE,MAAMkC,EAAQ,IAAIjB,WAAW,CA3FjB,EA2F2B/C,KAAKyzE,cAAezzE,KAAK0zE,cAAe1zE,KAAK2zE,qBAE9EhoE,EAAM,IAAI5I,WAAW,CAAC/C,KAAK0pE,QAEjC,OAAOlvD,GAAKxX,iBAAiB,CAACgB,EAAOhE,KAAKw0E,YAAY1yE,QAAS6J,IAGjE+qE,oBAAoBzlD,GAClB,OAAOqkD,IAAiBn0E,SAAYqyE,GAAgBxyE,UAAU01E,iBAAiBz5D,YAAYjd,KAAKi3E,iBAAkBhmD,KAGpH9vB,eACE,MAAM81E,QAAyBj3E,KAAKi3E,iBACpC,IAAKA,GAAoBA,EAAiBn3E,YAAY4gB,MAAQU,GAAMnM,OAAOE,UACzE,MAAU/R,MAAM,0CAElB,GACE6zE,EAAiBxD,gBAAkBzzE,KAAKyzE,eACxCwD,EAAiBvD,gBAAkB1zE,KAAK0zE,eACxCuD,EAAiBtD,qBAAuB3zE,KAAK2zE,qBAC5CsD,EAAiBzC,YAAY7sD,OAAO3nB,KAAKw0E,aAE1C,MAAUpxE,MAAM,2EAGlB,OADA6zE,EAAiB30C,OAAStiC,KAAKsiC,OACxB20C,EAAiBv5B,OAAOzgC,MAAMg6D,EAAkBr6B,YCxHpD,SAASs6B,GAAiBx2D,EAAKy2D,GACpC,IAAKA,EAAez2D,GAAM,CAExB,IAAI02D,EACJ,IACEA,EAAah2D,GAAMlgB,KAAKkgB,GAAMnM,OAAQyL,GACtC,MAAOjc,GACP,MAAM,IAAI0iD,GAAiB,iCAAiCzmC,GAE9D,MAAUtd,MAAM,uCAAuCg0E,GAEzD,OAAO,IAAID,EAAez2D,EAC5B,CDgHAs2D,GAAuBh2E,UAAUoT,KAAOo/D,GAAgBxyE,UAAUoT,KAClE4iE,GAAuBh2E,UAAU40E,OAASpC,GAAgBxyE,UAAU40E,OACpEoB,GAAuBh2E,UAAUw1E,OAAShD,GAAgBxyE,UAAUw1E,OC1GpE,MAAMa,WAAmBx3E,MAWvBmoB,wBAAwB1gB,EAAO6vE,EAAgBryD,EAASsB,IACtD,MAAMkxD,EAAU,IAAID,GAEpB,aADMC,EAAQp2E,KAAKoG,EAAO6vE,EAAgBryD,GACnCwyD,EAWTn2E,WAAWmG,EAAO6vE,EAAgBryD,EAASsB,IACrCtB,EAAOjB,yBAAyBziB,SAClC+1E,EAAiB,IAAKA,KAAmB38D,GAAK+F,wBAAwBuE,EAAOjB,4BAE/E7jB,KAAKe,OAAS4lB,EAAqBrf,GAAOnG,MAAOyH,EAAUC,KACzD,MAAMnI,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,OACLnI,EAAO2I,MA6Bb,SA5BmBk9C,GAAY39C,GAAUzH,UACvC,IACE,GAAIo2E,EAAO72D,MAAQU,GAAMnM,OAAOS,QAAU6hE,EAAO72D,MAAQU,GAAMnM,OAAOW,MAIpE,OAEF,MAAMX,EAASiiE,GAAiBK,EAAO72D,IAAKy2D,GAC5CliE,EAAOqiE,QAAU,IAAID,GACrBpiE,EAAOuiE,WAAah9D,GAAK9X,SAAS60E,EAAOtiE,cACnCA,EAAO/T,KAAKq2E,EAAOtiE,OAAQ6P,SAC3BpkB,EAAOoB,MAAMmT,GACnB,MAAOxQ,GACP,MAAMgzE,GAAyB3yD,EAAOnB,0BAA4Blf,aAAa0iD,GACzEuwB,IAAuB5yD,EAAOlB,wBAA4Bnf,aAAa0iD,IAC7E,GAAIswB,GAAyBC,GAAuBpxB,GAAkBixB,EAAO72D,WAIrEhgB,EAAOuB,MAAMwC,OACd,CACL,MAAMkzE,EAAiB,IAAIrwB,GAAkBiwB,EAAO72D,IAAK62D,EAAOtiE,cAC1DvU,EAAOoB,MAAM61E,GAErBn9D,GAAK4D,gBAAgB3Z,OAMvB,aAFM/D,EAAO2I,iBACP3I,EAAOsB,SAIjB,MAAOyC,SACD/D,EAAOuB,MAAMwC,OAKvB,MAAMkB,EAASihB,EAAiB5mB,KAAKe,QACrC,OAAa,CACX,MAAMO,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OAMrC,GALKI,EAGHtB,KAAKe,OAAS,KAFdf,KAAK6B,KAAKR,GAIRC,GAAQglD,GAAkBjlD,EAAMvB,YAAY4gB,KAC9C,MAGJ/a,EAAO/E,cAQTkB,QACE,MAAMg7C,EAAM,GAEZ,IAAK,IAAI35C,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,MAAMud,EAAM1gB,KAAKmD,aAAcmkD,GAAoBtnD,KAAKmD,GAAGud,IAAM1gB,KAAKmD,GAAGrD,YAAY4gB,IAC/Ek3D,EAAc53E,KAAKmD,GAAGrB,QAC5B,GAAI0Y,GAAK9X,SAASk1E,IAAgBtxB,GAAkBtmD,KAAKmD,GAAGrD,YAAY4gB,KAAM,CAC5E,IAAIrc,EAAS,GACT8C,EAAe,EACnB,MAAM0wE,EAAY,IAClB/6B,EAAIj7C,KAAKskD,GAASzlC,IAClBo8B,EAAIj7C,KAAK8a,EAAiBi7D,GAAav2E,IAGrC,GAFAgD,EAAOxC,KAAKR,GACZ8F,GAAgB9F,EAAMD,OAClB+F,GAAgB0wE,EAAW,CAC7B,MAAMC,EAAWhsE,KAAKoyC,IAAIpyC,KAAKqS,IAAIhX,GAAgB2E,KAAKisE,IAAM,EAAG,IAC3DlV,EAAY,GAAKiV,EACjB1wE,EAAeoT,GAAK5T,OAAO,CAACq/C,GAAmB6xB,IAAWlxE,OAAOvC,IAGvE,OAFAA,EAAS,CAAC+C,EAAaiF,SAAS,EAAIw2D,IACpC17D,EAAe9C,EAAO,GAAGjD,OAClBgG,EAAaiF,SAAS,EAAG,EAAIw2D,OAErC,IAAMroD,GAAK5T,OAAO,CAACo/C,GAAkB7+C,IAAeP,OAAOvC,WACzD,CACL,GAAImW,GAAK9X,SAASk1E,GAAc,CAC9B,IAAIx2E,EAAS,EACb07C,EAAIj7C,KAAK8a,EAAiBm5D,EAAa8B,IAAcv2E,IACnDD,GAAUC,EAAMD,MAAM,IACrB,IAAMilD,GAAY3lC,EAAKtf,WAE1B07C,EAAIj7C,KAAKwkD,GAAY3lC,EAAKk3D,EAAYx2E,SAExC07C,EAAIj7C,KAAK+1E,IAIb,OAAOp9D,GAAK5T,OAAOk2C,GAQrBk7B,eAAeC,GACb,MAAMC,EAAW,IAAIb,GAEfc,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAIj0E,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3B80E,EAAK5vE,KAAK8vE,EAAOn4E,KAAKmD,GAAGrD,YAAY4gB,OACvCw3D,EAASr2E,KAAK7B,KAAKmD,IAIvB,OAAO+0E,EAQTE,WAAW13D,GACT,OAAO1gB,KAAKq4E,MAAKpjE,GAAUA,EAAOnV,YAAY4gB,MAAQA,IAQxD43D,cAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOx4E,KAEPm4E,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAIj0E,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3B80E,EAAK5vE,KAAK8vE,EAAOK,EAAKr1E,GAAGrD,YAAY4gB,OACvC63D,EAAS12E,KAAKsB,GAGlB,OAAOo1E,GCzLX,MAAMpB,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACAsE,GACAxD,KAWF,MAAMiF,GACO/3D,iBACT,OAAOU,GAAMnM,OAAOO,eAMtB1V,YAAYglB,EAASsB,IAKnBpmB,KAAKs3E,QAAU,KAKft3E,KAAKkqD,UAAYplC,EAAOrC,8BAMxBziB,KAAK04E,WAAa,KAKlB14E,KAAK0iB,aAAeoC,EAAOpC,aAQ7BvhB,WAAWmG,EAAOwd,EAASsB,UACnB+sD,EAAa7rE,GAAOnG,UAGxBnB,KAAKkqD,gBAAkBvkD,EAAOoB,WAG9B/G,KAAK04E,WAAa/yE,EAAOmF,kBAEnB9K,KAAK24E,WAAW7zD,EAAO,IASjChjB,QAKE,OAJwB,OAApB9B,KAAK04E,YACP14E,KAAK44E,WAGAp+D,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAAC/C,KAAKkqD,YAAalqD,KAAK04E,aAS7Dv3E,iBAAiB2jB,EAASsB,IACxB,MAAMyyD,EAAkBz3D,GAAMlgB,KAAKkgB,GAAMrN,YAAa/T,KAAKkqD,WACrD4uB,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAU11E,MAASy1E,EAAH,gCAGlB74E,KAAKs3E,cAAgBD,GAAW2B,WAAWF,EAAgB94E,KAAK04E,YAAavB,GAAgBryD,GAM/F8zD,WACE,MAAMC,EAAkBz3D,GAAMlgB,KAAKkgB,GAAMrN,YAAa/T,KAAKkqD,WACrD+uB,EAAgBC,GAAaL,GACnC,IAAKI,EACH,MAAU71E,MAASy1E,EAAH,8BAGlB74E,KAAK04E,WAAaO,EAAcj5E,KAAKs3E,QAAQx1E,QAAS9B,KAAK0iB,eAa/D,MAAMy2D,GAAW3+D,GAAK0E,cAEtB,SAASlL,GAAa9J,GACpB,OAAOA,CACT,CAEA,SAASkvE,GAAU9Y,EAAM16B,EAAQ3gC,EAAU,IACzC,OAAO,SAAUiF,GACf,OAAKsQ,GAAK9X,SAASwH,IAASkd,EAAqBld,GACxCorE,IAAiB,IAAMtuD,GAAiB9c,GAAMtI,MAAKsI,GACjD,IAAIjK,SAAQ,CAACC,EAASC,KAC3BmgE,EAAKp2D,EAAMjF,GAAS,CAACw8C,EAAKhgD,KACxB,GAAIggD,EAAK,OAAOthD,EAAOshD,GACvBvhD,EAAQuB,EAAO,GACf,QAID43E,EAAiBC,EAAiBpvE,GAAMpB,KAAK88B,EAAO3gC,KAE/D,CAEA,SAASs0E,GAAUz5E,EAAamF,EAAU,IACxC,OAAO,SAASiF,GACd,MAAMu2C,EAAM,IAAI3gD,EAAYmF,GAC5B,OAAO0X,EAAiBzS,GAAM7I,IAC5B,GAAIA,EAAMD,OAER,OADAq/C,EAAI5+C,KAAKR,EAAO8wD,IACT1R,EAAIh/C,UAEZ,KACD,GAAI3B,IAAgB8iE,GAElB,OADAniB,EAAI5+C,KAAK,GAAIwwD,IACN5R,EAAIh/C,UAInB,CAEA,SAAS0S,GAAMmsD,GACb,OAAO,SAASp2D,GACd,OAAOorE,IAAiBn0E,SAAYm/D,QAAWt5C,GAAiB9c,MAEpE,CAEA,MAAMgvE,GAAeC,GAAW,CAC9BllE,iBAAmB,CAACykE,EAAYre,IAAU+e,GAAUD,GAASK,WAAYL,GAASM,iBAAkB,CAAEpf,SAA5D+e,CAAqEV,GAC/GxkE,kBAAoB,CAACwkE,EAAYre,IAAU+e,GAAUD,GAAS3X,QAAS2X,GAASO,cAAe,CAAErf,SAAtD+e,CAA+DV,IACxG,CACFzkE,iBAAmB,CAACykE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEK,KAAK,EAAM5I,SAAhCkf,CAAyCb,GACnFxkE,kBAAoB,CAACwkE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEvI,SAArBkf,CAA8Bb,IAGrEK,GAAiBI,GAAW,CAChCnlE,aAAcA,GACdC,iBAAmBmlE,GAAUD,GAASQ,WAAYR,GAASS,kBAC3D1lE,kBAAoBklE,GAAUD,GAASlO,QAASkO,GAASU,eACzD1lE,mBAAqBA,GAAM2lE,KACzB,CACF9lE,aAAcA,GACdC,iBAAmBslE,GAAUzN,GAAS,CAAE7I,KAAK,IAC7C/uD,kBAAoBqlE,GAAUzN,IAC9B33D,mBAAqBA,GAAM2lE,KCnLvB3C,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAeF,MAAMuG,GACOr5D,iBACT,OAAOU,GAAMnM,OAAOe,mCAGtBlW,cACEE,KAAKiiD,QAlBO,EAmBZjiD,KAAKg6E,UAAY,KACjBh6E,KAAKs3E,QAAU,KAGjBn2E,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UACxB,MAAM8gD,QAAgBt8C,EAAOoB,WAE7B,GA3BU,IA2BNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,wCAMxCjiD,KAAKg6E,UAAYr0E,EAAOmF,WAAW,IAIvChJ,QACE,OAAO0Y,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAvCvB,IAuCmC/C,KAAKg6E,YAYtD74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GAEvC,IAAI3yE,EAAQtH,KAAKs3E,QAAQx1E,QACrBslB,EAAqB9f,KAAQA,QAAc0f,GAAiB1f,IAChE,MAAM4U,QAAe2C,GAAOq7D,gBAAgBD,GACtCE,EAAM,IAAIp3E,WAAW,CAAC,IAAM,KAE5Bq3E,EAAS5/D,GAAK5T,OAAO,CAACsV,EAAQ5U,EAAO6yE,IACrC/lE,QAAayK,GAAOzK,KAAKE,KAAK2S,GAAoBmzD,IAClD9mE,EAAYkH,GAAK5T,OAAO,CAACwzE,EAAQhmE,IAGvC,OADApU,KAAKg6E,gBAAkBn7D,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAK1D,EAAW,IAAIvQ,WAAWswB,GAAYvO,IACxG,EAYT3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GACvC,IAAID,EAAYlE,EAAa91E,KAAKg6E,WAC9B5yD,EAAqB4yD,KAAYA,QAAkBhzD,GAAiBgzD,IACxE,MAAMK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQinD,EAAqBjjE,EAAKgjE,EAAW,IAAIj3E,WAAWswB,IAI9FinD,EAAWzE,GAAa5uD,GAAoBozD,IAAa,IACzDD,EAASvE,GAAawE,EAAW,GAAI,IACrCE,EAAat6E,QAAQ+H,IAAI,CAC7Bgf,SAAuBnI,GAAOzK,KAAKE,KAAK2S,GAAoBmzD,KAC5DpzD,GAAiBszD,KAChB14E,MAAK,EAAEwS,EAAM+lE,MACd,IAAK3/D,GAAKqD,iBAAiBzJ,EAAM+lE,GAC/B,MAAU/2E,MAAM,0BAElB,OAAO,IAAIL,UAAY,IAEnBuE,EAAQuuE,GAAauE,EAAQ/mD,EAAY,GAC/C,IAAIukD,EAAc/B,GAAavuE,EAAO,GAAI,GAM1C,OALAswE,EAAcj6D,EAAc,CAACi6D,EAAatC,IAAiB,IAAMiF,MAC5D//D,GAAK9X,SAASs3E,IAAel1D,EAAO9B,6BACvC40D,QAAoB5wD,GAAiB4wD,IAEvC53E,KAAKs3E,cAAgBD,GAAW2B,WAAWpB,EAAaT,GAAgBryD,IACjE,GC7GX,MAAMqyD,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAYF,MAAMgH,GACO95D,iBACT,OAAOU,GAAMnM,OAAOiB,kBAGtBpW,cACEE,KAAKiiD,QAfO,EAiBZjiD,KAAKy6E,gBAAkB,KAEvBz6E,KAAK06E,cAAgBt5D,GAAMvM,KAAKC,IAChC9U,KAAK26E,cAAgB,KACrB36E,KAAKuxB,GAAK,KACVvxB,KAAKg6E,UAAY,KACjBh6E,KAAKs3E,QAAU,KAQjBn2E,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UACxB,MAAM8gD,QAAgBt8C,EAAOoB,WAC7B,GAlCU,IAkCNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,yDAExCjiD,KAAKy6E,sBAAwB90E,EAAOoB,WACpC/G,KAAK06E,oBAAsB/0E,EAAOoB,WAClC/G,KAAK26E,oBAAsBh1E,EAAOoB,WAElC,MAAMonB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eACrC16E,KAAKuxB,SAAW5rB,EAAOuB,UAAUinB,EAAKwkB,UACtC3yC,KAAKg6E,UAAYr0E,EAAOmF,WAAW,IAQvChJ,QACE,OAAO0Y,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAAC/C,KAAKiiD,QAASjiD,KAAKy6E,gBAAiBz6E,KAAK06E,cAAe16E,KAAK26E,gBAAiB36E,KAAKuxB,GAAIvxB,KAAKg6E,YAWlI74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/CpmB,KAAKs3E,cAAgBD,GAAW2B,iBACxBh5E,KAAKo0C,MAAM,UAAWp9B,EAAK8+D,EAAa91E,KAAKg6E,YACnD7C,GACAryD,GAYJ3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/CpmB,KAAKy6E,gBAAkBR,EAEvB,MAAMtnC,SAAEA,GAAa9zB,GAAO+7D,YAAY56E,KAAK06E,eAC7C16E,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAe3L,GACvC3yC,KAAK26E,cAAgB71D,EAAOjC,kBAC5B,MAAM3Y,EAAOlK,KAAKs3E,QAAQx1E,QAC1B9B,KAAKg6E,gBAAkBh6E,KAAKo0C,MAAM,UAAWp9B,EAAK9M,GAWpD/I,YAAYkJ,EAAI2M,EAAK9M,GACnB,MAAMikB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAC/BG,QAAqB1sD,EAAKnuB,KAAKy6E,gBAAiBzjE,GAChD8jE,EAA+B,YAAPzwE,EAAmB8jB,EAAKykB,UAAY,EAC5DmoC,EAA+B,YAAP1wE,EAAmB8jB,EAAKykB,UAAY,EAC5DiwB,EAAY,IAAM7iE,KAAK26E,cAAgB,GAAKG,EAC5CE,EAAc,IAAIx1D,YAAY,IAC9By1D,EAAa,IAAIl4E,WAAWi4E,EAAa,EAAG,IAC5CE,EAAgB,IAAIn4E,WAAWi4E,GAC/BG,EAAY,IAAI11D,SAASu1D,GACzBI,EAAkB,IAAIr4E,WAAWi4E,EAAa,EAAG,GACvDC,EAAWz3E,IAAI,CAAC,IAAOg3E,GAAwB95D,IAAK1gB,KAAKiiD,QAASjiD,KAAKy6E,gBAAiBz6E,KAAK06E,cAAe16E,KAAK26E,eAAgB,GACjI,IAAI/mC,EAAa,EACbynC,EAAgBp7E,QAAQC,UACxBo7E,EAAe,EACfC,EAAc,EAClB,MAAMhqD,EAAKvxB,KAAKuxB,GAChB,OAAO5K,EAAqBzc,GAAM/I,MAAOyH,EAAUC,KACjD,GAAgC,UAA5B2R,GAAK9X,SAASkG,GAAuB,CACvC,MAAMvE,EAAS,IAAI2iD,EAAuB,GAAI,CAC5Cj9C,cAAeyQ,GAAK6E,yBAA2B,IAAMrf,KAAK26E,cAAgB,GAC1Ev1E,KAAMsZ,GAASA,EAAMtd,SAEvB8lB,EAAY7iB,EAAOuE,SAAUC,GAC7BA,EAAWxE,EAAOwE,SAEpB,MAAMlD,EAASihB,EAAiBhe,GAC1BlI,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,CACX,IAAI9G,QAAc4D,EAAOuB,UAAU27D,EAAYiY,IAA0B,IAAI/3E,WAC7E,MAAMy4E,EAAaz5E,EAAMsK,SAAStK,EAAMX,OAAS05E,GAEjD,IAAIW,EACAn6E,EAwBJ,GA1BAS,EAAQA,EAAMsK,SAAS,EAAGtK,EAAMX,OAAS05E,IAGpClnC,GAAc7xC,EAAMX,QACvBuE,EAAOmB,QAAQ00E,GACfC,EAAiBZ,EAAaxwE,GAAItI,EAAOosB,EAAKwlB,SAASpiB,EAAI6pD,GAAkBH,GAC7EM,GAAex5E,EAAMX,OAAS05E,EAAwBC,IAKtDI,EAAUO,SAAS,GAAQJ,GAC3BG,EAAiBZ,EAAaxwE,GAAImxE,EAAYrtD,EAAKwlB,SAASpiB,EAAI6pD,GAAkBF,GAClFK,GAAeR,EACfz5E,GAAO,GAETg6E,GAAgBv5E,EAAMX,OAAS05E,EAE/BO,EAAgBA,EAAcz5E,MAAK,IAAM65E,IAAgB75E,MAAKT,gBACtDT,EAAO2I,YACP3I,EAAOoB,MAAMqzC,GACnBomC,GAAepmC,EAAQ/zC,MAAM,IAC5BhB,OAAMqhD,GAAO/gD,EAAOuB,MAAMw/C,MACzBngD,GAAQi6E,EAAc76E,EAAOi7E,oBACzBN,EAEH/5E,EAEE,OACCZ,EAAOsB,QACb,MAHAm5E,EAAUO,SAAS,IAAS9nC,IAMhC,MAAOnvC,SACD/D,EAAOuB,MAAMwC,QChK3B,MAAMm3E,GACOl7D,iBACT,OAAOU,GAAMnM,OAAOC,6BAGtBpV,cACEE,KAAKiiD,QAAU,EAEfjiD,KAAK67E,YAAc,IAAIp0D,GACvBznB,KAAK2zE,mBAAqB,KAE1B3zE,KAAK87E,WAAa,KAKlB97E,KAAKi6E,oBAAsB,KAG3Bj6E,KAAKg6E,UAAY,GAQnB94E,KAAKoG,GACH,IAAInE,EAAI,EAER,GADAnD,KAAKiiD,QAAU36C,EAAMnE,KA/CT,IAgDRnD,KAAKiiD,QACP,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,+CAE7C9+C,GAAKnD,KAAK67E,YAAY36E,KAAKoG,EAAM+E,SAASlJ,IAC1CnD,KAAK2zE,mBAAqBrsE,EAAMnE,KAChCnD,KAAKg6E,UAAYn7D,GAAOk9D,yBAAyB/7E,KAAK2zE,mBAAoBrsE,EAAM+E,SAASlJ,GAAInD,KAAKiiD,SAC9FjiD,KAAK2zE,qBAAuBvyD,GAAM9O,UAAUY,SAC9ClT,KAAKi6E,oBAAsB74D,GAAMtf,MAAMsf,GAAM/N,UAAWrT,KAAKg6E,UAAU9mD,EAAEg3B,YAS7EpoD,QACE,MAAMg7C,EAAM,CACV,IAAI/5C,WAAW,CAAC/C,KAAKiiD,UACrBjiD,KAAK67E,YAAY/5E,QACjB,IAAIiB,WAAW,CAAC/C,KAAK2zE,qBACrB90D,GAAO02D,gBAAgBv1E,KAAK2zE,mBAAoB3zE,KAAKg6E,YAGvD,OAAOx/D,GAAKxX,iBAAiB85C,GAS/B37C,cAAc6V,GACZ,MAAM64B,EAAOzuB,GAAMtf,MAAMsf,GAAM9O,UAAWtS,KAAK2zE,oBACzClyD,EAAUu6D,GAAiBh8E,KAAKiiD,QAASpS,EAAM7vC,KAAKi6E,oBAAqBj6E,KAAK87E,YACpF97E,KAAKg6E,gBAAkBn7D,GAAOo9D,iBAC5BpsC,EAAM7vC,KAAKi6E,oBAAqBjjE,EAAIq4C,aAAc5tC,EAASzK,EAAIy+D,uBAWnEt0E,cAAc6V,EAAKklE,GAEjB,GAAIl8E,KAAK2zE,qBAAuB38D,EAAIkzC,UAClC,MAAU9mD,MAAM,oBAGlB,MAAMs8C,EAAgBw8B,EACpBF,GAAiBh8E,KAAKiiD,QAASjiD,KAAK2zE,mBAAoBuI,EAAiBjC,oBAAqBiC,EAAiBJ,YAC/G,KACIK,QAAsBt9D,GAAOu9D,iBAAiBp8E,KAAK2zE,mBAAoB38D,EAAIq4C,aAAcr4C,EAAIq5C,cAAerwD,KAAKg6E,UAAWhjE,EAAIy+D,sBAAuB/1B,IAEvJo8B,WAAEA,EAAU7B,oBAAEA,GAkCxB,SAA0Bh4B,EAAS8N,EAASosB,EAAeD,GACzD,OAAQnsB,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUI,QACrB,KAAK0O,GAAM9O,UAAUM,KAAM,CAEzB,MAAMnR,EAAS06E,EAAc9vE,SAAS,EAAG8vE,EAAc/6E,OAAS,GAC1D4kB,EAAWm2D,EAAc9vE,SAAS8vE,EAAc/6E,OAAS,GACzDi7E,EAAmB7hE,GAAKwD,cAAcvc,EAAO4K,SAAS5K,EAAOL,OAAS,IACtEk7E,EAAkBD,EAAiB,KAAOr2D,EAAS,GAAKq2D,EAAiB,KAAOr2D,EAAS,GACzFu2D,EAAsB,CAAEtC,oBAAqBx4E,EAAO,GAAIq6E,WAAYr6E,EAAO4K,SAAS,IAC1F,GAAI6vE,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBtC,sBAAwBiC,EAAiBjC,oBAC7DsC,EAAoBT,WAAW16E,SAAW86E,EAAiBJ,WAAW16E,OACxE,MAAO,CACL06E,WAAYthE,GAAKuG,iBAAiBy7D,EAAgBD,EAAoBT,WAAYI,EAAiBJ,YACnG7B,oBAAqBz/D,GAAKyG,YACxBu7D,EACAD,EAAoBtC,oBACpBiC,EAAiBjC,sBAKrB,GADuBqC,GAAmBl7D,GAAMlgB,KAAKkgB,GAAM/N,UAAWkpE,EAAoBtC,qBAExF,OAAOsC,EAEP,MAAUn5E,MAAM,oBAItB,KAAKge,GAAM9O,UAAUY,OACnB,MAAO,CACL4oE,WAAYK,GAEhB,QACE,MAAU/4E,MAAM,oCAEtB,CA5EgDq5E,CAAiBz8E,KAAKiiD,QAASjiD,KAAK2zE,mBAAoBwI,EAAeD,GAG/Gl8E,KAAK2zE,qBAAuBvyD,GAAM9O,UAAUY,SAC9ClT,KAAKi6E,oBAAsBA,GAE7Bj6E,KAAK87E,WAAaA,GAOtB,SAASE,GAAiB/5B,EAAS8N,EAAS5uC,EAAYu7D,GACtD,OAAQ3sB,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUI,QACrB,KAAK0O,GAAM9O,UAAUM,KAEnB,OAAO4H,GAAKxX,iBAAiB,CAC3B,IAAID,WAAW,CAACoe,IAChBu7D,EACAliE,GAAKwD,cAAc0+D,EAAerwE,SAASqwE,EAAet7E,OAAS,MAGvE,KAAKggB,GAAM9O,UAAUY,OACnB,OAAOwpE,EACT,QACE,MAAUt5E,MAAM,oCAEtB,CC7HA,MAAMu5E,GAIJ78E,YAAYglB,EAASsB,IAKnBpmB,KAAKkqD,UAAY9oC,GAAMhN,KAAKI,OAK5BxU,KAAKoa,KAAO,WAEZpa,KAAKwc,EAAIsI,EAAOhC,sBAIhB9iB,KAAK2tD,KAAO,KAGdivB,WAIE,OAAQ,IAAe,GAAT58E,KAAKwc,IAFH,GAEiBxc,KAAKwc,GAAK,GAQ7Ctb,KAAKoG,GACH,IAAInE,EAAI,EACR,IACEnD,KAAKoa,KAAOgH,GAAMlgB,KAAKkgB,GAAMnP,IAAK3K,EAAMnE,MACxC,MAAOs+C,GACP,MAAM,IAAI0F,GAAiB,qBAI7B,OAFAnnD,KAAKkqD,UAAY5iD,EAAMnE,KAEfnD,KAAKoa,MACX,IAAK,SACH,MAEF,IAAK,SACHpa,KAAK2tD,KAAOrmD,EAAM+E,SAASlJ,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACHnD,KAAK2tD,KAAOrmD,EAAM+E,SAASlJ,EAAGA,EAAI,GAClCA,GAAK,EAGLnD,KAAKwc,EAAIlV,EAAMnE,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDqX,GAAKqC,mBAAmBvV,EAAM+E,SAASlJ,EAAGA,EAAI,IAUhD,MAAM,IAAIgkD,GAAiB,qBAT3BhkD,GAAK,EAEL,GAAmB,OADA,IAAOmE,EAAMnE,KAK9B,MAAM,IAAIgkD,GAAiB,oCAH3BnnD,KAAKoa,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI+sC,GAAiB,qBAG/B,OAAOhkD,EAOTrB,QACE,GAAkB,cAAd9B,KAAKoa,KACP,OAAO,IAAIrX,WAAW,CAAC,IAAK,KAAMyX,GAAKiC,mBAAmB,OAAQ,IAEpE,MAAMqgC,EAAM,CAAC,IAAI/5C,WAAW,CAACqe,GAAMtf,MAAMsf,GAAMnP,IAAKjS,KAAKoa,MAAOpa,KAAKkqD,aAErE,OAAQlqD,KAAKoa,MACX,IAAK,SACH,MACF,IAAK,SACH0iC,EAAIj7C,KAAK7B,KAAK2tD,MACd,MACF,IAAK,WACH7Q,EAAIj7C,KAAK7B,KAAK2tD,MACd7Q,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKwc,KAC9B,MACF,IAAK,MACH,MAAUpZ,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOoX,GAAKxX,iBAAiB85C,GAW/B37C,iBAAiB07E,EAAYC,GAC3BD,EAAariE,GAAK0C,WAAW2/D,GAE7B,MAAM//B,EAAM,GACZ,IAAIigC,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIlH,EACJ,OAAQ51E,KAAKoa,MACX,IAAK,SACHw7D,EAASp7D,GAAKxX,iBAAiB,CAAC,IAAID,WAAWi6E,GAAYH,IAC3D,MACF,IAAK,SACHjH,EAASp7D,GAAKxX,iBAAiB,CAAC,IAAID,WAAWi6E,GAAYh9E,KAAK2tD,KAAMkvB,IACtE,MACF,IAAK,WAAY,CACf,MAAM3yE,EAAOsQ,GAAKxX,iBAAiB,CAAChD,KAAK2tD,KAAMkvB,IAC/C,IAAII,EAAU/yE,EAAK9I,OACnB,MAAM0iC,EAAQh4B,KAAKC,IAAI/L,KAAK48E,WAAYK,GACxCrH,EAAS,IAAI7yE,WAAWi6E,EAAYl5C,GACpC8xC,EAAOpyE,IAAI0G,EAAM8yE,GACjB,IAAK,IAAI35E,EAAM25E,EAAYC,EAAS55E,EAAMygC,EAAOzgC,GAAO45E,EAASA,GAAW,EAC1ErH,EAAO11D,WAAW7c,EAAK25E,EAAW35E,GAEpC,MAEF,IAAK,MACH,MAAUD,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAM3B,QAAeod,GAAOzK,KAAK+zB,OAAOnoC,KAAKkqD,UAAW0rB,GACxD94B,EAAIj7C,KAAKJ,GACTs7E,GAAWt7E,EAAOL,OAClB47E,IAGF,OAAOxiE,GAAKxX,iBAAiB85C,GAAKzwC,SAAS,EAAGywE,IC7JlD,MAAMI,GACOx8D,iBACT,OAAOU,GAAMnM,OAAOG,uBAMtBtV,YAAYglB,EAASsB,IACnBpmB,KAAKiiD,QAAUn9B,EAAOnC,YAAc,EAAI,EACxC3iB,KAAK87E,WAAa,KAKlB97E,KAAKm9E,8BAAgC,KAKrCn9E,KAAKi6E,oBAAsB74D,GAAM/N,UAAUQ,OAK3C7T,KAAK06E,cAAgBt5D,GAAMtf,MAAMsf,GAAMvM,KAAMiQ,EAAOlC,wBACpD5iB,KAAKg6E,UAAY,KACjBh6E,KAAKiS,IAAM,KACXjS,KAAKuxB,GAAK,KAQZrwB,KAAKoG,GACH,IAAIiJ,EAAS,EAIb,GADAvQ,KAAKiiD,QAAU36C,EAAMiJ,KACA,IAAjBvQ,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAC7B,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,+CAI7C,MAAMpS,EAAOvoC,EAAMiJ,KAWnB,GATqB,IAAjBvQ,KAAKiiD,UAEPjiD,KAAK06E,cAAgBpzE,EAAMiJ,MAI7BvQ,KAAKiS,IAAM,IAAI0qE,GACfpsE,GAAUvQ,KAAKiS,IAAI/Q,KAAKoG,EAAM+E,SAASkE,EAAQjJ,EAAMlG,SAEhC,IAAjBpB,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAIrC16E,KAAKuxB,GAAKjqB,EAAM+E,SAASkE,EAAQA,GAAU4d,EAAKwkB,UAK7B,IAAjB3yC,KAAKiiD,SAAiB1xC,EAASjJ,EAAMlG,QACvCpB,KAAKg6E,UAAY1yE,EAAM+E,SAASkE,EAAQjJ,EAAMlG,QAC9CpB,KAAKm9E,8BAAgCttC,GAErC7vC,KAAKi6E,oBAAsBpqC,EAS/B/tC,QACE,MAAM+tC,EAA0B,OAAnB7vC,KAAKg6E,UAChBh6E,KAAKi6E,oBACLj6E,KAAKm9E,8BAEP,IAAI71E,EAYJ,OAVqB,IAAjBtH,KAAKiiD,QACP36C,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKiiD,QAASpS,EAAM7vC,KAAK06E,gBAAiB16E,KAAKiS,IAAInQ,QAAS9B,KAAKuxB,GAAIvxB,KAAKg6E,aAEzH1yE,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKiiD,QAASpS,IAAQ7vC,KAAKiS,IAAInQ,UAEvD,OAAnB9B,KAAKg6E,YACP1yE,EAAQkT,GAAKxX,iBAAiB,CAACsE,EAAOtH,KAAKg6E,cAIxC1yE,EASTnG,cAAc07E,GACZ,MAAMhtC,EAA8C,OAAvC7vC,KAAKm9E,8BAChBn9E,KAAKm9E,8BACLn9E,KAAKi6E,qBAED5mD,UAAEA,EAASC,QAAEA,GAAYzU,GAAOmxB,UAAUH,GAC1C74B,QAAYhX,KAAKiS,IAAImrE,WAAWP,EAAYvpD,GAElD,GAAqB,IAAjBtzB,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAC/BrnC,EAAQ,IAAItwC,WAAW,CAAC,IAAOm6E,GAA6Bx8D,IAAK1gB,KAAKiiD,QAASjiD,KAAKm9E,8BAA+Bn9E,KAAK06E,gBACxHG,QAAqB1sD,EAAK0hB,EAAM74B,GACtChX,KAAK87E,iBAAmBjB,EAAa7nD,QAAQhzB,KAAKg6E,UAAWh6E,KAAKuxB,GAAI8hB,QACjE,GAAuB,OAAnBrzC,KAAKg6E,UAAoB,CAClC,MAAMK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQ6c,EAAM74B,EAAKhX,KAAKg6E,UAAW,IAAIj3E,WAAWswB,IAE1FrzB,KAAKi6E,oBAAsB74D,GAAMtf,MAAMsf,GAAM/N,UAAWgnE,EAAU,IAClEr6E,KAAK87E,WAAazB,EAAUhuE,SAAS,EAAGguE,EAAUj5E,aAElDpB,KAAK87E,WAAa9kE,EAWtB7V,cAAc07E,EAAY/3D,EAASsB,IACjC,MAAMypB,EAA8C,OAAvC7vC,KAAKm9E,8BAChBn9E,KAAKm9E,8BACLn9E,KAAKi6E,oBAEPj6E,KAAKm9E,8BAAgCttC,EAErC7vC,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAI07C,KAAO9uC,GAAOgyC,OAAOvS,eAAe,GAE7C,MAAMjrB,UAAEA,EAASC,QAAEA,GAAYzU,GAAOmxB,UAAUH,GAC1CwtC,QAAsBr9E,KAAKiS,IAAImrE,WAAWP,EAAYvpD,GAM5D,GAJwB,OAApBtzB,KAAK87E,aACP97E,KAAK87E,WAAaj9D,GAAOy+D,mBAAmBt9E,KAAKi6E,sBAG9B,IAAjBj6E,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eACrC16E,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAenwB,EAAKwkB,UAC5C,MAAM4qC,EAAiB,IAAIx6E,WAAW,CAAC,IAAOm6E,GAA6Bx8D,IAAK1gB,KAAKiiD,QAASjiD,KAAKm9E,8BAA+Bn9E,KAAK06E,gBACjIG,QAAqB1sD,EAAK0hB,EAAMwtC,GACtCr9E,KAAKg6E,gBAAkBa,EAAa9nD,QAAQ/yB,KAAK87E,WAAY97E,KAAKuxB,GAAIgsD,OACjE,CACL,MAAMC,EAAYhjE,GAAKxX,iBAAiB,CACtC,IAAID,WAAW,CAAC/C,KAAKi6E,sBACrBj6E,KAAK87E,aAEP97E,KAAKg6E,gBAAkBn7D,GAAOsP,KAAK6iB,IAAIje,QAAQ8c,EAAMwtC,EAAeG,EAAW,IAAIz6E,WAAWswB,GAAYvO,KCtKhH,MAAM24D,GACO/8D,iBACT,OAAOU,GAAMnM,OAAO3C,UAOtBxS,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IAKtCpmB,KAAKiiD,QAAUn9B,EAAO3K,OAAS,EAAI,EAKnCna,KAAK+zE,QAAUv5D,GAAKc,cAAcq3D,GAKlC3yE,KAAKkqD,UAAY,KAKjBlqD,KAAKqvD,aAAe,KAKpBrvD,KAAK09E,iBAAmB,EAKxB19E,KAAK2rD,YAAc,KAKnB3rD,KAAK4nB,MAAQ,KASfI,2BAA2B21D,GACzB,MAAMC,EAAY,IAAIH,IAChBx7B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBgyB,EAO1E,OANAC,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,EASTz8E,WAAWmG,GACT,IAAIjE,EAAM,EAIV,GAFArD,KAAKiiD,QAAU36C,EAAMjE,KAEA,IAAjBrD,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAAe,CAE5CjiD,KAAK+zE,QAAUv5D,GAAKO,SAASzT,EAAM+E,SAAShJ,EAAKA,EAAM,IACvDA,GAAO,EAGPrD,KAAKkqD,UAAY5iD,EAAMjE,KAEF,IAAjBrD,KAAKiiD,UAEP5+C,GAAO,GAIT,MAAMnC,KAAEA,EAAImuD,aAAEA,GAAiBxwC,GAAOg/D,qBAAqB79E,KAAKkqD,UAAW5iD,EAAM+E,SAAShJ,IAM1F,OALArD,KAAKqvD,aAAeA,EACpBhsD,GAAOnC,QAGDlB,KAAK89E,6BACJz6E,EAET,MAAM,IAAI8jD,GAAiB,WAAWnnD,KAAKiiD,6CAO7CngD,QACE,MAAMg7C,EAAM,GAEZA,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKiiD,WAC9BnF,EAAIj7C,KAAK2Y,GAAKS,UAAUjb,KAAK+zE,UAE7Bj3B,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKkqD,aAE9B,MAAM9C,EAASvoC,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqvD,cAO3D,OANqB,IAAjBrvD,KAAKiiD,SAEPnF,EAAIj7C,KAAK2Y,GAAKM,YAAYssC,EAAOhmD,OAAQ,IAG3C07C,EAAIj7C,KAAKulD,GACF5sC,GAAKxX,iBAAiB85C,GAO/B25B,aAAax0B,GACX,MAAM36C,EAAQtH,KAAK+9E,iBAEnB,OAAgB,IAAZ97B,EACKznC,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQyX,GAAKM,YAAYxT,EAAMlG,OAAQ,GAAIkG,IAEpFkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQyX,GAAKM,YAAYxT,EAAMlG,OAAQ,GAAIkG,IAO3F02E,cACE,OAAO,KAOTC,kBACE,OAAOj+E,KAAK+zE,QAOd2B,WACE,OAAO11E,KAAK4nB,MAOdzmB,mCAIE,SAHMnB,KAAKk+E,qBACXl+E,KAAK4nB,MAAQ,IAAIH,GAEI,IAAjBznB,KAAKiiD,QACPjiD,KAAK4nB,MAAM1mB,KAAKlB,KAAK2rD,YAAYt/C,SAAS,EAAG,QACxC,IAAqB,IAAjBrM,KAAKiiD,QAGd,MAAU7+C,MAAM,2BAFhBpD,KAAK4nB,MAAM1mB,KAAKlB,KAAK2rD,YAAYt/C,SAAS,GAAI,MASlDlL,2BACE,MAAMy0E,EAAS51E,KAAKy2E,aAAaz2E,KAAKiiD,SAEtC,GAAqB,IAAjBjiD,KAAKiiD,QACPjiD,KAAK2rD,kBAAoB9sC,GAAOzK,KAAKI,OAAOohE,OACvC,IAAqB,IAAjB51E,KAAKiiD,QAGd,MAAU7+C,MAAM,2BAFhBpD,KAAK2rD,kBAAoB9sC,GAAOzK,KAAKE,KAAKshE,IAU9CH,sBACE,OAAOz1E,KAAK2rD,YAOdwyB,iBACE,OAAO3jE,GAAK8B,gBAAgBtc,KAAKy1E,uBAOnC2I,qBAAqBC,GACnB,OAAOr+E,KAAKiiD,UAAYo8B,EAAMp8B,SAAWznC,GAAKqD,iBAAiB7d,KAAK+9E,iBAAkBM,EAAMN,kBAO9FO,mBACE,MAAM78E,EAAS,GACfA,EAAOyoD,UAAY9oC,GAAMlgB,KAAKkgB,GAAM9O,UAAWtS,KAAKkqD,WAEpD,MAAMq0B,EAASv+E,KAAKqvD,aAAa7iD,GAAKxM,KAAKqvD,aAAa58B,EAMxD,OALI8rD,EACF98E,EAAOkd,KAAOnE,GAAKuB,oBAAoBwiE,GAC9Bv+E,KAAKqvD,aAAajK,MAC3B3jD,EAAOmP,MAAQ5Q,KAAKqvD,aAAajK,IAAIC,WAEhC5jD,GAQXg8E,GAAgBz8E,UAAUw9E,cAAgBf,GAAgBz8E,UAAUE,KAMpEu8E,GAAgBz8E,UAAU+8E,eAAiBN,GAAgBz8E,UAAUc,MCzPrE,MAAMq1E,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAaF,MAAMiL,GACO/9D,iBACT,OAAOU,GAAMnM,OAAOQ,2BAGtB3V,cAIEE,KAAKg6E,UAAY,KAKjBh6E,KAAKs3E,QAAU,KAGjBp2E,KAAKoG,GACHtH,KAAKg6E,UAAY1yE,EAGnBxF,QACE,OAAO9B,KAAKg6E,UAad74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAE/C,IAAKtB,EAAO/B,6BACV,MAAU3f,MAAM,iCAGlB,MAAMiwB,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GACjCD,QAAkBhzD,GAAiB8uD,EAAa91E,KAAKg6E,YACrDK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQinD,EAAqBjjE,EACnEgjE,EAAU3tE,SAASgnB,EAAY,GAC/B2mD,EAAU3tE,SAAS,EAAGgnB,EAAY,IAGpCrzB,KAAKs3E,cAAgBD,GAAW2B,WAAWqB,EAAWlD,GAAgBryD,GAYxE3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMlc,EAAOlK,KAAKs3E,QAAQx1E,SACpBuxB,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GAEjC/9D,QAAe2C,GAAOq7D,gBAAgBD,GACtCyE,QAAY7/D,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAKkF,EAAQ,IAAInZ,WAAWswB,GAAYvO,GACjGusB,QAAmBxyB,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAK9M,EAAMw0E,EAAIryE,SAAS,GAAIyY,GAClG9kB,KAAKg6E,UAAYx/D,GAAK5T,OAAO,CAAC83E,EAAKrtC,KCtFvC,MAAMstC,WAA2BlB,GACpB/8D,iBACT,OAAOU,GAAMnM,OAAOa,aAQtBhW,YAAY6yE,EAAM7tD,GAChB/kB,MAAM4yE,EAAM7tD,GASdkD,8BAA8B42D,GAC5B,MAAMhB,EAAY,IAAIe,IAChB18B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBizB,EAO1E,OANAhB,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,GCnBX,MAAMiB,GACOn+D,iBACT,OAAOU,GAAMnM,OAAOc,cAGtBjW,cACEE,KAAK8+E,WAAa,GAOpB59E,KAAKoG,GACH,IAAInE,EAAI,EACR,KAAOA,EAAImE,EAAMlG,QAAQ,CACvB,MAAM+O,EAAM41C,GAAiBz+C,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SACrD+B,GAAKgN,EAAII,OAETvQ,KAAK8+E,WAAWj9E,KAAK2Y,GAAKqC,mBAAmBvV,EAAM+E,SAASlJ,EAAGA,EAAIgN,EAAIA,OACvEhN,GAAKgN,EAAIA,KAQbrO,QACE,MAAMg7C,EAAM,GACZ,IAAK,IAAI35C,EAAI,EAAGA,EAAInD,KAAK8+E,WAAW19E,OAAQ+B,IAC1C25C,EAAIj7C,KAAKmkD,GAAkBhmD,KAAK8+E,WAAW37E,GAAG/B,SAC9C07C,EAAIj7C,KAAK2Y,GAAKiC,mBAAmBzc,KAAK8+E,WAAW37E,KAEnD,OAAOqX,GAAKxX,iBAAiB85C,GAQ/Bn1B,OAAOo3D,GACL,SAAKA,GAAaA,aAAmBF,KAG9B7+E,KAAK8+E,WAAWhgC,OAAM,SAASkgC,EAAMl/D,GAC1C,OAAOk/D,IAASD,EAAQD,WAAWh/D,OCtDzC,MAAMm/D,WAAwBxB,GACjB/8D,iBACT,OAAOU,GAAMnM,OAAOK,UAOtBxV,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtCrmB,MAAM4yE,EAAM7tD,GAIZ9kB,KAAKk/E,YAAc,KAInBl/E,KAAKm/E,YAAc,KAKnBn/E,KAAKo/E,SAAW,EAKhBp/E,KAAKiS,IAAM,KAKXjS,KAAKqT,UAAY,KAKjBrT,KAAK6U,KAAO,KAKZ7U,KAAKqwD,cAAgB,KAWvBlvD,WAAWmG,GAET,IAAInE,QAAUnD,KAAKw+E,cAAcl3E,GACjC,MAAM+3E,EAAuBl8E,EAM7BnD,KAAKo/E,SAAW93E,EAAMnE,KAID,IAAjBnD,KAAKiiD,SACP9+C,IAGF,IAGE,GAAsB,MAAlBnD,KAAKo/E,UAAsC,MAAlBp/E,KAAKo/E,UAAsC,MAAlBp/E,KAAKo/E,UAezD,GAdAp/E,KAAKqT,UAAY/L,EAAMnE,KAID,MAAlBnD,KAAKo/E,WACPp/E,KAAK6U,KAAOvN,EAAMnE,MAMpBnD,KAAKiS,IAAM,IAAI0qE,GACfx5E,GAAKnD,KAAKiS,IAAI/Q,KAAKoG,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAErB,cAAlBpB,KAAKiS,IAAImI,KACX,YAEOpa,KAAKo/E,WACdp/E,KAAKqT,UAAYrT,KAAKo/E,UAMpBp/E,KAAKo/E,WACPp/E,KAAKuxB,GAAKjqB,EAAM+E,SACdlJ,EACAA,EAAI0b,GAAOmxB,UAAUhwC,KAAKqT,WAAWggB,WAGvClwB,GAAKnD,KAAKuxB,GAAGnwB,QAEf,MAAOqD,GAEP,IAAKzE,KAAKo/E,SAAU,MAAM36E,EAC1BzE,KAAKs/E,uBAAyBh4E,EAAM+E,SAASgzE,GAC7Cr/E,KAAKm/E,aAAc,EAerB,GAVqB,IAAjBn/E,KAAKiiD,UACP9+C,GAAK,GAMPnD,KAAKk/E,YAAc53E,EAAM+E,SAASlJ,GAClCnD,KAAKm/E,cAAgBn/E,KAAKo/E,UAErBp/E,KAAKm/E,YAAa,CACrB,MAAMtpC,EAAY71C,KAAKk/E,YAAY7yE,SAAS,GAAI,GAChD,IAAKmO,GAAKqD,iBAAiBrD,GAAKwD,cAAc63B,GAAY71C,KAAKk/E,YAAY7yE,UAAU,IACnF,MAAUjJ,MAAM,yBAElB,IACE,MAAMitD,cAAEA,GAAkBxxC,GAAO0gE,sBAAsBv/E,KAAKkqD,UAAWrU,EAAW71C,KAAKqvD,cACvFrvD,KAAKqwD,cAAgBA,EACrB,MAAO5O,GACP,GAAIA,aAAe0F,GAAkB,MAAM1F,EAE3C,MAAUr+C,MAAM,wBAStBtB,QACE,MAAM09E,EAAsBx/E,KAAK+9E,iBACjC,GAAI/9E,KAAKs/E,uBACP,OAAO9kE,GAAKxX,iBAAiB,CAC3Bw8E,EACAx/E,KAAKs/E,yBAIT,MAAMxiC,EAAM,CAAC0iC,GACb1iC,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKo/E,YAE9B,MAAMK,EAAoB,GA6C1B,OA1CsB,MAAlBz/E,KAAKo/E,UAAsC,MAAlBp/E,KAAKo/E,UAAsC,MAAlBp/E,KAAKo/E,WACzDK,EAAkB59E,KAAK7B,KAAKqT,WAIN,MAAlBrT,KAAKo/E,UACPK,EAAkB59E,KAAK7B,KAAK6U,MAM9B4qE,EAAkB59E,QAAQ7B,KAAKiS,IAAInQ,UAMjC9B,KAAKo/E,UAA8B,cAAlBp/E,KAAKiS,IAAImI,MAC5BqlE,EAAkB59E,QAAQ7B,KAAKuxB,IAGZ,IAAjBvxB,KAAKiiD,SACPnF,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC08E,EAAkBr+E,UAE7C07C,EAAIj7C,KAAK,IAAIkB,WAAW08E,IAEnBz/E,KAAK0/E,YACH1/E,KAAKo/E,WACRp/E,KAAKk/E,YAAcrgE,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqwD,gBAG5C,IAAjBrwD,KAAKiiD,SACPnF,EAAIj7C,KAAK2Y,GAAKM,YAAY9a,KAAKk/E,YAAY99E,OAAQ,IAErD07C,EAAIj7C,KAAK7B,KAAKk/E,aAETl/E,KAAKo/E,UACRtiC,EAAIj7C,KAAK2Y,GAAKwD,cAAche,KAAKk/E,eAI9B1kE,GAAKxX,iBAAiB85C,GAQ/BkhC,cACE,OAA4B,IAArBh+E,KAAKm/E,YAWdQ,6BACE,YAAuC1+E,IAAhCjB,KAAKs/E,wBAAwCt/E,KAAK0/E,UAO3DA,UACE,SAAU1/E,KAAKiS,KAAyB,cAAlBjS,KAAKiS,IAAImI,MAQjCwlE,UAAU96D,EAASsB,IACbpmB,KAAK0/E,YAGL1/E,KAAKg+E,eACPh+E,KAAK6/E,4BAEA7/E,KAAKs/E,uBACZt/E,KAAKm/E,YAAc,KACnBn/E,KAAKk/E,YAAc,KACnBl/E,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAIi4C,UAAY,EACrBlqD,KAAKiS,IAAIuK,EAAI,EACbxc,KAAKiS,IAAImI,KAAO,YAChBpa,KAAKo/E,SAAW,IAChBp/E,KAAKqT,UAAY+N,GAAM/N,UAAUQ,QAanC1S,cAAc07E,EAAY/3D,EAASsB,IACjC,GAAIpmB,KAAK0/E,UACP,OAGF,IAAK1/E,KAAKg+E,cACR,MAAU56E,MAAM,mCAGlB,IAAKy5E,EACH,MAAUz5E,MAAM,0DAGlBpD,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAI07C,KAAO9uC,GAAOgyC,OAAOvS,eAAe,GAC7C,MAAMzI,EAAYh3B,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqwD,eAC9DrwD,KAAKqT,UAAY+N,GAAM/N,UAAUQ,OACjC,MAAMmD,QAAY8oE,GAAqB9/E,KAAKiS,IAAK4qE,EAAY78E,KAAKqT,YAE5DggB,UAAEA,GAAcxU,GAAOmxB,UAAUhwC,KAAKqT,WAG5C,GAFArT,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAejrB,GAEnCvO,EAAOnC,YAAa,CACtB3iB,KAAKo/E,SAAW,IAChBp/E,KAAK6U,KAAOuM,GAAMvM,KAAKC,IACvB,MAAMqZ,EAAOtP,GAAO+7D,YAAY56E,KAAK6U,MAC/BgmE,QAAqB1sD,EAAKnuB,KAAKqT,UAAW2D,GAChDhX,KAAKk/E,kBAAoBrE,EAAa9nD,QAAQ8iB,EAAW71C,KAAKuxB,GAAGllB,SAAS,EAAG8hB,EAAKwkB,UAAW,IAAI5vC,iBAEjG/C,KAAKo/E,SAAW,IAChBp/E,KAAKk/E,kBAAoBrgE,GAAOsP,KAAK6iB,IAAIje,QAAQ/yB,KAAKqT,UAAW2D,EAAKwD,GAAKxX,iBAAiB,CAC1F6yC,QACMh3B,GAAOzK,KAAKE,KAAKuhC,EAAW/wB,KAChC9kB,KAAKuxB,GAAIzM,GAajB3jB,cAAc07E,GACZ,GAAI78E,KAAK0/E,UACP,OAAO,EAGT,GAAI1/E,KAAKs/E,uBACP,MAAUl8E,MAAM,kEAGlB,GAAIpD,KAAKg+E,cACP,MAAU56E,MAAM,oCAGlB,IAAI4T,EASA6+B,EARJ,GAAsB,MAAlB71C,KAAKo/E,UAAsC,MAAlBp/E,KAAKo/E,SAE3B,MAAsB,MAAlBp/E,KAAKo/E,SACJh8E,MAAM,0EAENA,MAAM,yEAIlB,GARE4T,QAAY8oE,GAAqB9/E,KAAKiS,IAAK4qE,EAAY78E,KAAKqT,WAQxC,MAAlBrT,KAAKo/E,SAAkB,CACzB,MAAMjxD,EAAOtP,GAAO+7D,YAAY56E,KAAK6U,MAC/BgmE,QAAqB1sD,EAAKnuB,KAAKqT,UAAW2D,GAChD,IACE6+B,QAAkBglC,EAAa7nD,QAAQhzB,KAAKk/E,YAAal/E,KAAKuxB,GAAGllB,SAAS,EAAG8hB,EAAKwkB,UAAW,IAAI5vC,YACjG,MAAO0+C,GACP,GAAoB,gCAAhBA,EAAI9nC,QACN,MAAUvW,MAAM,6BAA+Bq+C,EAAI9nC,SAErD,MAAM8nC,OAEH,CACL,MAAMs+B,QAA0BlhE,GAAOsP,KAAK6iB,IAAIhe,QAAQhzB,KAAKqT,UAAW2D,EAAKhX,KAAKk/E,YAAal/E,KAAKuxB,IAEpGskB,EAAYkqC,EAAkB1zE,SAAS,GAAI,IAC3C,MAAM+H,QAAayK,GAAOzK,KAAKE,KAAKuhC,GAEpC,IAAKr7B,GAAKqD,iBAAiBzJ,EAAM2rE,EAAkB1zE,UAAU,KAC3D,MAAUjJ,MAAM,4BAIpB,IACE,MAAMitD,cAAEA,GAAkBxxC,GAAO0gE,sBAAsBv/E,KAAKkqD,UAAWrU,EAAW71C,KAAKqvD,cACvFrvD,KAAKqwD,cAAgBA,EACrB,MAAO5O,GACP,MAAUr+C,MAAM,sBAElBpD,KAAKm/E,aAAc,EACnBn/E,KAAKk/E,YAAc,KACnBl/E,KAAKo/E,SAAW,EAQlBj+E,iBACE,GAAInB,KAAK0/E,UACP,OAGF,IAAK1/E,KAAKg+E,cACR,MAAU56E,MAAM,wBAGlB,IAAI48E,EACJ,IAEEA,QAAoBnhE,GAAO4xC,eAAezwD,KAAKkqD,UAAWlqD,KAAKqvD,aAAcrvD,KAAKqwD,eAClF,MAAO3L,GACPs7B,GAAc,EAEhB,IAAKA,EACH,MAAU58E,MAAM,kBAIpBjC,eAAewd,EAAM/N,GACnB,MAAMy/C,cAAEA,EAAahB,aAAEA,SAAuBxwC,GAAOohE,eAAejgF,KAAKkqD,UAAWvrC,EAAM/N,GAC1F5Q,KAAKqwD,cAAgBA,EACrBrwD,KAAKqvD,aAAeA,EACpBrvD,KAAKm/E,aAAc,EAMrBU,qBACM7/E,KAAK2/E,+BAITx0E,OAAOqoB,KAAKxzB,KAAKqwD,eAAe/sD,SAAQgI,IACxBtL,KAAKqwD,cAAc/kD,GAC3B60C,KAAK,UACJngD,KAAKqwD,cAAc/kD,EAAK,IAEjCtL,KAAKqwD,cAAgB,KACrBrwD,KAAKm/E,aAAc,IAIvBh+E,eAAe2+E,GAAqB7tE,EAAK4qE,EAAY3yB,GACnD,MAAM52B,QAAEA,GAAYzU,GAAOmxB,UAAUka,GACrC,OAAOj4C,EAAImrE,WAAWP,EAAYvpD,EACpC,yBC5aC,SAAU4sD,GAGX,SAASC,EAAU77B,GAIf,SAAS87B,IAAU,OAAO/8E,GAAM8M,GAEhC,SAASkwE,IAAW,OAAOh9E,GAC3B,SAASi9E,EAAOn9E,GAAKE,GAAMF,EAE3B,SAASo9E,IACLl9E,GAAM,EACN8M,GAAMqwE,GAAYp/E,OAKtB,SAAS62C,EAAE3sC,EAAMjK,GACb,MAAO,CACHiK,KAAMA,EACNm1E,OAAQp/E,GAAS,GACjBq/E,SAAUr/E,GAAS,GACnBs/E,SAAU,IAIlB,SAAS51B,EAAKz/C,EAAMs1E,GAChB,IAAIp0E,EACJ,OAAY,OAARo0E,EAAuB,OAC3Bp0E,EAAIyrC,EAAE3sC,IACJm1E,OAASG,EAAIH,OACfj0E,EAAEk0E,SAAWE,EAAIF,SACjBl0E,EAAEm0E,SAAS9+E,KAAK++E,GACTp0E,GAGX,SAASnG,EAAIw6E,EAAQC,GAMjB,OALc,OAAVA,IACAD,EAAOJ,QAAUK,EAAML,OACvBI,EAAOH,UAAYI,EAAMJ,UAE7BG,EAAOF,SAAS9+E,KAAKi/E,GACdD,EAGX,SAASE,EAAaC,GAClB,IAAIC,EACJ,OAAKb,KAEDY,EADJC,EA1CuBT,GAAYn9E,MAGlBA,IAAO,EA0Cb40C,EAAE,QAASgpC,IAJC,KAS3B,SAAS9qE,EAAQ+qE,GACb,OAAO,WACH,OAAOn2B,EAAK,UAAWg2B,GAAa,SAAUE,GAC1C,OAAOA,IAAQC,OAK3B,SAASC,IACL,IAAIlwD,EAAO2rB,UACX,OAAO,WACH,IAAIz5C,EAAG8a,EAAGxc,EAAQuC,EAGlB,IAFAA,EAAQq8E,IACRpiE,EAAIg6B,EAAE,OACD90C,EAAI,EAAGA,EAAI8tB,EAAK7vB,OAAQ+B,GAAK,EAAG,CAEjC,GAAe,QADf1B,EAASwvB,EAAK9tB,MAGV,OADAm9E,EAAOt8E,GACA,KAEXqC,EAAI4X,EAAGxc,GAEX,OAAOwc,GAIf,SAASmjE,IACL,IAAInwD,EAAO2rB,UACX,OAAO,WACH,IAAIz5C,EAAG1B,EAAQuC,EAEf,IADAA,EAAQq8E,IACHl9E,EAAI,EAAGA,EAAI8tB,EAAK7vB,OAAQ+B,GAAK,EAAG,CAEjC,GAAe,QADf1B,EAASwvB,EAAK9tB,MAEV,OAAO1B,EAEX6+E,EAAOt8E,GAEX,OAAO,MAIf,SAASg/D,EAAIqe,GACT,OAAO,WACH,IAAI5/E,EAAQuC,EAGZ,OAFAA,EAAQq8E,IAEO,QADf5+E,EAAS4/E,KAEE5/E,GAGP6+E,EAAOt8E,GACAi0C,EAAE,SAKrB,SAASqpC,EAAMD,GACX,OAAO,WACH,IAAI5/E,EAAS4/E,IAIb,OAHe,OAAX5/E,IACAA,EAAOi/E,SAAW,IAEfj/E,GAIf,SAAS8/E,EAAOF,GACZ,OAAO,WACH,IAAI5/E,EAAS4/E,IAIb,OAHe,OAAX5/E,GAAmBA,EAAOi/E,SAASt/E,OAAS,IAC5CK,EAAOi/E,SAAW,KAEfj/E,GAIf,SAAS+/E,EAAKH,EAAMI,GAChB,OAAO,WACH,IAAIxjE,EAAGxc,EAAQqiC,EAAO9/B,EAAOk6C,EAK7B,IAJAl6C,EAAQq8E,IACRpiE,EAAIg6B,EAAE,QACNnU,EAAQ,EACRoa,OAAkBj9C,IAAZwgF,EAAwB,EAAIA,EACL,QAArBhgF,EAAS4/E,MACbv9C,GAAgB,EAChBz9B,EAAI4X,EAAGxc,GAEX,OAAIqiC,GAASoa,EACFjgC,GAGPqiE,EAAOt8E,GACA,OA2BnB,SAAS09E,EAAeT,GAIpB,OAAOA,EAAIrkE,WAAW,IAAM,IAUhC,SAAS+kE,IAAO,OAAO52B,EAAK,KAAM50C,EAAQ,KAARA,IAIlC,SAASyrE,IAAS,OAAO72B,EAAK,OAAQo2B,EAAIQ,EAAIE,EAARV,IAItC,SAASW,IAAW,OAAO/2B,EAAK,SAAU50C,EAAQ,IAARA,IAI1C,SAAS4rE,IAAS,OAAOh3B,EAAK,OAAQ50C,EAAQ,KAARA,IAItC,SAAS0rE,IAAO,OAAO92B,EAAK,KAAM50C,EAAQ,KAARA,IAGlC,SAAS6rE,IAAO,OAAOj3B,EAAK,KAAM50C,EAAQ,IAARA,IAIlC,SAAS8rE,IACL,OAAOl3B,EAAK,QAASg2B,GAAa,SAAmBE,GACjD,IAAIvqB,EAAOuqB,EAAIrkE,WAAW,GACtBslE,EAAU,IAAQxrB,GAAQA,GAAQ,IAItC,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAMf,SAASE,IAAQ,OAAOr3B,EAAK,MAAOq2B,EAAGY,EAAID,EAAPX,IAQpC,SAASiB,IACL,IAAIloD,EAAK4wB,EAAK,cACdq2B,EACID,EAAIhrE,EAAQ,MAAOirE,EAAGa,EAAOG,IAC7BE,GAFJlB,IAIA,OAAW,OAAPjnD,EAAsB,MAG1BA,EAAGumD,SAAWvmD,EAAGumD,SAAS,GACnBvmD,GAMX,SAASooD,IACL,OAAOx3B,EAAK,MAAOq2B,EACfoB,GACArB,EACIne,EAAIme,EACAK,EAAKY,GACLd,EAAMM,KAEVJ,EAAKY,EAAK,IAPChB,IAgBvB,SAASqB,IACL,OAAO13B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMxrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfQ,GAdiBtB,IAmBzB,SAASuB,IACL,OAAO53B,EAAK,WAAYq2B,EAAGqB,EAAOJ,EAAYzgB,EAAtBwf,IAI5B,SAASxf,IACL,OAAO7W,EAAK,UAAWo2B,EACnBhrE,EAAQ,KACRqrE,EAAKL,EAAIne,EAAIuf,GAAMI,IACnB3f,EAAIuf,GACJpsE,EAAQ,KAJWgrE,IAS3B,SAASyB,IACL,OAAO73B,EAAK,OAAQq2B,EAChBD,EACIK,EACIL,EAAIne,EAAIuf,GAAM3gB,GACd,GAEJoB,EAAIuf,IAERA,EARgBnB,IAyBxB,SAASyB,IACL,OAAO93B,EAAK,QAASg2B,GAAa,SAAmBE,GACjD,IAAIiB,EACC,KAAOjB,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,CAAC,IAAK,IAAK,IAAK,IAAK,IAAK,IAAM,IAAK,IAAK,IAAK,IAC9C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,KAAKt6E,QAAQs6E,IAAQ,EAInE,OAHI38B,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAKf,SAASY,IACL,OAAO/3B,EAAK,OAAQo2B,EAAII,EAAOve,EAAI4f,IAAQpB,EAAKqB,EAAO,GAAItB,EAAOve,EAAI4f,IAAlDzB,IAIxB,SAAS4B,IACL,IAAI9kE,EAAG+kE,EAEP,OAAU,QADV/kE,EAAI8sC,EAAK,gBAAiBy2B,EAAKqB,EAAO,EAAZrB,MAGR,QADlBwB,EAAYxB,EAAKL,EAAIhrE,EAAQ,KAAMqrE,EAAKqB,EAAO,IAAnCrB,KAERn7E,EAAI4X,EAAG+kE,GAHc/kE,EAS7B,SAASglE,IACL,OAAOl4B,EAAK,WAAYo2B,EAAIG,EAAMte,EAAI4f,IAAQG,EAAazB,EAAMte,EAAI4f,IAA7CzB,IAS5B,SAAS+B,IACL,OAAOn4B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIrkE,WAAW,GACtBslE,EACC,KAAOxrB,GACP,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfiB,GAdiB/B,IAmBzB,SAASgC,IACL,OAAOr4B,EAAK,WAAYq2B,EAAG8B,EAAOb,EAAVjB,IAM5B,SAASiC,IACL,OAAOt4B,EAAK,gBAAiBo2B,EACzBG,EAAMte,EAAI4f,IACVtB,EAAMQ,GAASN,EAAKL,EAAIne,EAAIue,EAAOgB,IAAOa,IAAYpgB,EAAIse,EAAMiB,IAAOjB,EAAMQ,GAC7ER,EAAMte,EAAI4f,IAHezB,IAUjC,SAASz6C,IACL,OAAOqkB,EAAK,OAAQq2B,EAAG0B,EAAMO,EAATjC,IAUxB,SAASkC,IACL,OAAOv4B,EAAK,UAAWq2B,EAAGmC,EAASC,EAAZpC,IAI3B,SAASmC,IACL,OAAOx4B,EAAK,UAAWq2B,EAAGqC,EAAUC,EAAbtC,IAI3B,SAASqC,IACL,OAAO14B,EAAK,YAAao2B,EAAIne,EAAI2gB,GAAcC,EAAtBzC,IAK7B,SAASyC,IACL,OAAO74B,EAAK,aAAcq2B,EACtBD,EACIG,EAAMte,EAAI4f,IACVzsE,EAAQ,KACRutE,EACAvtE,EAAQ,KACRmrE,EAAMte,EAAI4f,KAEdiB,GARsBzC,IAa9B,SAASoC,IACL,OAAOz4B,EAAK,QAASo2B,EACjBwC,EACAxtE,EAAQ,KACR6sD,EAAI8gB,GACJ3tE,EAAQ,KACRmrE,EAAMte,EAAI4f,IALOzB,IAUzB,SAASwC,IACL,OAAO54B,EAAK,gBAEO,QADXtpD,EAhDDspD,EAAK,SAAUq2B,EAAG2C,GAAWvC,EAAK96C,EAAM,GAAzB06C,OAkDd3/E,EAAOi/E,SAnTnB,SAA4BziE,GACxB,OAAOA,EAAEgE,QAAQ,iBAAkB,KAAKA,QAAQ,OAAQ,IAAIA,QAAQ,OAAQ,IAkTlD+hE,CAAmBviF,EAAOi/E,WAEzCj/E,IALiB,IACpBA,EASZ,SAASwiF,IACL,OAAOl5B,EAAK,eAAgBq2B,EACxBD,EACIoC,EACA/B,EAAKL,EAAIhrE,EAAQ,KAAMotE,KAE3BW,GALwB9C,IAUhC,SAAS+C,IACL,OAAOp5B,EAAK,eAAgBq2B,EACxBD,EACImC,EACA9B,EAAKL,EAAIhrE,EAAQ,KAAMmtE,KAE3Bc,GALwBhD,IAUhC,SAAS0C,IACL,OAAO/4B,EAAK,aAAcq2B,EACtB6C,EACA3C,EAAMsB,GACNyB,GAHsBjD,IAU9B,SAASkD,IAGL,OAAOv5B,EAAK,aAAcq2B,EAAGmD,GAActB,EAASI,EAA1BjC,IAM9B,SAASoD,IACL,OAAOz5B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMxrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfuC,GAbiBrD,IAmBzB,SAASsD,IACL,OAAO35B,EAAK,iBAAkBo2B,EAC1BG,EAAMte,EAAI4f,IACVzsE,EAAQ,KACRqrE,EAAKL,EAAIne,EAAIuf,GAAMiC,IACnBxhB,EAAIuf,GACJpsE,EAAQ,KACRmrE,EAAMte,EAAI4f,IANgBzB,IAWlC,SAASwD,IACL,OAAO55B,EAAK,UACJtpD,EAAS2/E,EAAGwD,GAAW3B,EAASyB,EAAvBtD,GACT98B,EAAKugC,WACDpjF,GAAUA,EAAOi/E,UAAYj/E,EAAOi/E,SAAS/5E,QAAQ,KAAO,EACrD,MAIXlF,IACAA,EAAOi/E,SAAWj/E,EAAOi/E,SAASz+D,QAAQ,OAAQ,KAE/CxgB,KAXW,IACdA,EAeZ,SAASiiF,IACL,OAAO34B,EAAK,YAAao2B,EACrBmD,EAAWnuE,EAAQ,KAAMwuE,EADJxD,IA0C7B,SAAS2D,KACL,OAAOxgC,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBg2B,GAAa,SAAUE,GACrE,IAAIvqB,EAAOuqB,EAAIrkE,WAAW,GAC1B,OAAS,GAAK85C,GAAQA,GAAQ,GACrB,KAAOA,GAAQ,KAAOA,GACtB,IAAMA,GAAQA,GAAQ,IACtB,MAAQA,MAKzB,SAASgsB,KAAa,OAAOp+B,EAAKygC,OAAS,KAAOh6B,EAAK,YAAa+5B,MAGpE,SAAS3B,KAAa,OAAO7+B,EAAKygC,OAAS,KAAOh6B,EAAK,YAAa+5B,MAGpE,SAASxC,KACL,OAAOh+B,EAAKygC,OAAS,KAAOh6B,EAAK,SAAUo2B,EACvChrE,EAAQ,MACRirE,EAAGjrE,EAAQ,MAAO2uE,GAAYjD,EAAIF,GAFKR,IAO/C,SAAS4C,KACL,OAAIz/B,EAAKygC,OAAgB,KAClBzgC,EAAK0gC,gBAAkBj6B,EAAK,aAAco2B,EAC7Cz6C,EACA86C,EAAKJ,EAAG16C,EAAMvwB,EAAQ,KAAMA,EAAQ,KAAMorE,EAAOqB,KAFJzB,IAIjDp2B,EAAK,aAAco2B,EACfz6C,EACA86C,EAAKJ,EAAG16C,EAAMvwB,EAAQ,KAAMorE,EAAOqB,KAFpBzB,IAUvB,SAASqB,KACL,OAAOl+B,EAAKygC,OAAS,KAAOh6B,EAAK,UAAWy2B,EACxCL,EAAIG,EAAMte,EAAI4e,IAAQQ,GACtB,EAFwCZ,IAShD,SAASqC,KACL,OAAOv/B,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAC/CG,EAAMte,EAAI4f,IACVzsE,EAAQ,KACR8uE,GACAvB,EACAvtE,EAAQ,KACRmrE,EAAMte,EAAI4f,IANqCzB,IAWvD,SAAS8D,KACL,OAAO3gC,EAAKygC,OAAS,KAAOh6B,EAAK,YAAao2B,EAC1C+D,GACA/uE,EAAQ,KAFkCgrE,IAQlD,SAAS+D,KACL,OAAO5gC,EAAKygC,OAAS,KAAOh6B,EAAK,kBAAmBo2B,EAChDK,EAAKJ,EAAGE,EAAMsB,GAAOzsE,EAAQ,OAC7BA,EAAQ,KACRwuE,EACAnD,EAAKL,EACDhrE,EAAQ,KACRmrE,EAAMte,EAAI4f,IACV5f,EAAIme,EAAIhrE,EAAQ,KAAMwuE,MAPsBxD,IAaxD,SAAS+C,KACL,OAAO5/B,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBo2B,EAC9CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVzsE,EAAQ,OAEZotE,EACA/B,EAAKL,EACDhrE,EAAQ,KACR6sD,EAAIme,EACAoC,EACAjC,EAAMsB,OAVgCzB,IAiBtD,SAASiD,KACL,OAAO9/B,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBo2B,EAC9CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVzsE,EAAQ,OAEZmtE,EACA9B,EAAKL,EACDhrE,EAAQ,KACR6sD,EAAIme,EACAmC,EACAhC,EAAMsB,OAVgCzB,IAiBtD,SAASkD,KACL,OAAO//B,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAC/CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVzsE,EAAQ,MACT,GACHmrE,EAAMte,EAAI4f,IALqCzB,IAUvD,SAASoD,KACL,OAAOjgC,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAAIz6C,EAAM86C,EAAKL,EAAIhrE,EAAQ,KAAMuwB,IAAjCy6C,IAIvD,SAASyD,KACL,OAAOtgC,EAAKygC,OAAS,KAAOh6B,EAAK,aAAco2B,EAAI2B,EAAMtB,EAAKL,EAAIhrE,EAAQ,KAAM2sE,IAAjC3B,IAInD,SAASsD,KACL,OAAOngC,EAAKygC,OAAS,KAAOh6B,EAAK,YAAaq2B,EAAG0D,GAAYzC,EAAfjB,IAOlD,SAAS+D,GAAS75E,EAAM47D,GACpB,IAAI/jE,EAAGiiF,EAAOt9B,EACd,GAAIof,QAAuC,OAAO,KAElD,IADAke,EAAQ,CAACle,GACFke,EAAMhkF,OAAS,GAAG,CAErB,IADA0mD,EAAOs9B,EAAM1zD,OACJpmB,OAASA,EACd,OAAOw8C,EAEX,IAAK3kD,EAAI2kD,EAAK64B,SAASv/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CiiF,EAAMvjF,KAAKimD,EAAK64B,SAASx9E,IAGjC,OAAO,KAoBX,SAASkiF,GAAuBC,EAAOpe,GACnC,IAAI/jE,EAAGiiF,EAAOt9B,EAAMrmD,EAAQ8jF,EAC5B,GAAIre,QAAuC,OAAO,KAIlD,IAHAke,EAAQ,CAACle,GACTzlE,EAAS,GACT8jF,EAAc,GACTpiF,EAAI,EAAGA,EAAImiF,EAAMlkF,OAAQ+B,GAAK,EAC/BoiF,EAAYD,EAAMniF,KAAM,EAG5B,KAAOiiF,EAAMhkF,OAAS,GAElB,IADA0mD,EAAOs9B,EAAM1zD,OACJpmB,QAAQi6E,EACb9jF,EAAOI,KAAKimD,QAGZ,IAAK3kD,EAAI2kD,EAAK64B,SAASv/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CiiF,EAAMvjF,KAAKimD,EAAK64B,SAASx9E,IAIrC,OAAO1B,EAGX,SAAS+jF,GAAW5E,GAChB,IAAI6E,EAAWC,EAAoBviF,EAAGwiF,EAAgBlkF,EACtD,GAAY,OAARm/E,EACA,OAAO,KAMX,IAJA6E,EAAY,GAGZC,EAAqBL,GAAuB,CAAC,QAAS,WAAYzE,GAC7Dz9E,EAAI,EAAGA,EAAKuiF,EAAmBtkF,OAAQ+B,GAAK,EAEjB,WAD5BwiF,EAAiBD,EAAmBviF,IACjBmI,KACfm6E,EAAU5jF,KAAK+jF,GAAgBD,IACA,YAAxBA,EAAer6E,MACtBm6E,EAAU5jF,KAAKgkF,GAAkBF,IAWzC,OAPAlkF,EAAS,CACLm/E,IAAKA,EACL6E,UAAWA,GAEXnhC,EAAKpyC,SACLzQ,EA+DR,SAAwBA,GACpB,IAAI0B,EACJ,GAAI1B,GAAUA,EAAOgkF,UACjB,IAAKtiF,EAAI,EAAGA,EAAI1B,EAAOgkF,UAAUrkF,OAAQ+B,GAAK,SACnC1B,EAAOgkF,UAAUtiF,GAAG2kD,KAGnC,OAAOrmD,EAtEMqkF,CAAerkF,IAExB6iD,EAAKyhC,UAiFb,SAAmBtkF,GACf,IAAKA,EAAU,OAAO,KACtB,IAAK6iD,EAAK0hC,SAAWvkF,EAAOgkF,UAAUrkF,OAAS,EAAK,OAAO,KAC3D,OAAOK,EAAOgkF,WAAahkF,EAAOgkF,UAAU,GAnFjCM,CAAUtkF,GAEjB6iD,EAAKpyC,OACEzQ,GAAUA,EAAOgkF,UAEjBhkF,EAIf,SAASmkF,GAAgBpC,GACrB,IAAIrgF,EACA8iF,EAAYd,GAAS,eAAgB3B,GACrC0C,EAAuB,GACvBC,EAAYd,GAAuB,CAAC,WAAY7B,GACpD,IAAKrgF,EAAI,EAAGA,EAAIgjF,EAAU/kF,OAAQ+B,GAAK,EACnC+iF,EAAqBrkF,KAAKgkF,GAAkBM,EAAUhjF,KAE1D,MAAO,CACH2kD,KAAM07B,EACN18D,MAAO,CACHxb,KAAM26E,GAEV7rE,KAAMopE,EAAMl4E,KACZA,KAAM86E,GAAaH,GACnBR,UAAWS,GAInB,SAASL,GAAkBtC,GACvB,IAAIj4E,EAAO65E,GAAS,eAAgB5B,GAChC8C,EAAQlB,GAAS,YAAa5B,GAC9BX,EAlGR,SAAsBt3E,EAAM47D,GACxB,IAAI/jE,EAAGiiF,EAAOt9B,EAAMrmD,EACpB,GAAIylE,QAAuC,OAAO,KAGlD,IAFAke,EAAQ,CAACle,GACTzlE,EAAS,GACF2jF,EAAMhkF,OAAS,GAKlB,KAJA0mD,EAAOs9B,EAAM1zD,OACJpmB,OAASA,GACd7J,EAAOI,KAAKimD,GAEX3kD,EAAI2kD,EAAK64B,SAASv/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CiiF,EAAMvjF,KAAKimD,EAAK64B,SAASx9E,IAGjC,OAAO1B,EAoFI6kF,CAAa,OAAQ/C,GAC5BgD,EAAWlB,GAAuB,CAAC,WAAY9B,GAG/CiD,EAAQrB,GAAS,aAAckB,GAC/B1B,EAASQ,GAAS,SAAUkB,GAChC,MAAO,CACHv+B,KAAMy7B,EACNz8D,MAAO,CACHxb,KAAMA,EACNg4E,QAAS+C,EACTG,MAAOA,EACP7B,OAAQA,EACR4B,SAAU3D,GAEdxoE,KAAMmpE,EAAQj4E,KACdA,KAAM86E,GAAa96E,GACnBg4E,QAAS8C,GAAaC,GACtBG,MAAOJ,GAAaI,GACpB7B,OAAQyB,GAAazB,GACrB4B,SAAUE,GAAeF,GACzBN,UAAWG,GAAa7C,EAAQ0C,YAIxC,SAASG,GAAa55E,GAClB,OAAOA,QAAgCA,EAAEk0E,SAAW,KAaxD,SAAS+F,GAAeF,GACpB,IAAI9kF,EAAS,GACb,GAAI8kF,EACA,IAAK,IAAIpjF,EAAI,EAAGA,EAAIojF,EAASnlF,OAAQ+B,GAAK,EACtC1B,GAAU2kF,GAAaG,EAASpjF,IAGxC,OAAO1B,EAWX,IAAI++E,GAAan9E,GAAK8M,GAAKonE,GAAQmP,GAGnC,GAAa,QADbpiC,EAAOqiC,EAAWriC,EAAM,KACH,OAAO,KAgB5B,GAdAk8B,GAAcl8B,EAAKhkD,MAEnBomF,GAAkB,CACdpD,QAAWA,EACX,eAAgBa,EAChB,aAAcP,EACdxhE,KA1WJ,WACI,OAAO2oC,EAAK,OAAQq2B,EAChB6C,EACAE,EAFgB/C,KA0WpBoC,MAASA,EACTD,QAAWA,EACX,eAAgBU,EAChB,WA5VJ,WACI,OAAOl5B,EAAK,WAAYo5B,MA4VxB53B,OAtWJ,WACI,OAAOxB,EAAK,SAAUq2B,EAClBmC,EACAD,EAFkBlC,MAsWxB98B,EAAKsiC,UAAYzC,GAEd7/B,EAAKygC,OAAQ,CAId,GAHAxE,IACAj8B,EAAKygC,QAAS,EACdxN,GAASmP,GAAgBlG,IACrBl8B,EAAK0hC,UAAY5F,IACjB,OAAOoF,GAAWjO,IAEtBjzB,EAAKygC,QAAS,EAKlB,OAFAxE,IACAhJ,GAASmP,GAAgBlG,KACpBl8B,EAAK0hC,SAAW5F,IAAkB,KAChCoF,GAAWjO,GACtB,CA4CA,SAASoP,EAAWriC,EAAMuiC,GACtB,SAASpsE,EAASiC,GACd,MAA+C,oBAAxCvR,OAAOnK,UAAU2L,SAAS7L,KAAK4b,GAO1C,SAASoqE,EAAY7uC,GACjB,OAAOA,QAGX,IAAI8uC,EAAU9uC,EAEd,GAAIx9B,EAAS6pC,GACTA,EAAO,CAAEhkD,MAAOgkD,QACb,IAZP,SAAkBrM,GACd,OAAOA,IAAM9sC,OAAO8sC,GAWZ+uC,CAAS1iC,GACjB,OAAO,KAGX,IAAK7pC,EAAS6pC,EAAKhkD,OAAU,OAAO,KACpC,IAAKumF,EAAQ,OAAO,KAapB,IAAK5uC,KAXL8uC,EAAW,CACPhB,WAAW,EACXC,SAAS,EACTnB,WAAW,EACX1C,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,eACT7B,QAAQ,EACRC,iBAAiB,GAIb8B,EAAYxiC,EAAKrM,MACjBqM,EAAKrM,GAAM6uC,EAAYD,EAAK5uC,IAAgB8uC,EAAS9uC,GAAnB4uC,EAAK5uC,IAG/C,OAAOqM,CACX,CAEA67B,EAAU8G,gBArFV,SAA+B3iC,GAC3B,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9ByhC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EA+EAzG,EAAU+G,iBA7EV,SAAgC5iC,GAC5B,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EAwEAzG,EAAUgH,UAtEV,SAAyB7iC,GACrB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,SAEjB,EAiEAzG,EAAUiH,YA/DV,SAA2B9iC,GACvB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9ByhC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,WAEjB,EAyDAzG,EAAUkH,aAvDV,SAA4B/iC,GACxB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,aAEjB,EAoDIjhD,UAAiBw6C,CAKrB,CAtiCA,MCKA,MAAMmH,GACO5mE,iBACT,OAAOU,GAAMnM,OAAOY,OAGtB/V,cAKEE,KAAK6V,OAAS,GAEd7V,KAAKsL,KAAO,GACZtL,KAAKunF,MAAQ,GACbvnF,KAAK4hE,QAAU,GASjB55C,kBAAkBnS,GAChB,GAAI2E,GAAKC,SAAS5E,IACfA,EAAOvK,OAASkP,GAAKC,SAAS5E,EAAOvK,OACrCuK,EAAO0xE,QAAU/sE,GAAKkF,eAAe7J,EAAO0xE,QAC5C1xE,EAAO+rD,UAAYpnD,GAAKC,SAAS5E,EAAO+rD,SACzC,MAAUx+D,MAAM,0BAElB,MAAM6R,EAAS,IAAIqyE,GACnBn8E,OAAO8lD,OAAOh8C,EAAQY,GACtB,MAAM2xE,EAAa,GAKnB,OAJIvyE,EAAO3J,MAAMk8E,EAAW3lF,KAAKoT,EAAO3J,MACpC2J,EAAO2sD,SAAS4lB,EAAW3lF,KAAK,IAAIoT,EAAO2sD,YAC3C3sD,EAAOsyE,OAAOC,EAAW3lF,KAAK,IAAIoT,EAAOsyE,UAC7CtyE,EAAOY,OAAS2xE,EAAWhmF,KAAK,KACzByT,EAOT/T,KAAKoG,EAAOwd,EAASsB,IACnB,MAAMvQ,EAAS2E,GAAK+C,WAAWjW,GAC/B,GAAIuO,EAAOzU,OAAS0jB,EAAOZ,gBACzB,MAAU9gB,MAAM,8BAElB,IACE,MAAMkI,KAAEA,EAAMg4E,QAASiE,EAAKhB,SAAEA,GAAakB,GAAeR,gBAAgB,CAAE3mF,MAAOuV,EAAQmvE,iBAAiB,IAC5GhlF,KAAK4hE,QAAU2kB,EAAStkE,QAAQ,WAAY,IAC5CjiB,KAAKsL,KAAOA,EACZtL,KAAKunF,MAAQA,EACb,MAAO9iF,IACTzE,KAAK6V,OAASA,EAOhB/T,QACE,OAAO0Y,GAAK0C,WAAWld,KAAK6V,QAG9B8R,OAAO+/D,GACL,OAAOA,GAAeA,EAAY7xE,SAAW7V,KAAK6V,QCzEtD,MAAM8xE,WAA2B1I,GACpBv+D,iBACT,OAAOU,GAAMnM,OAAOM,aAOtBzV,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtCrmB,MAAM4yE,EAAM7tD,ICZhB,MAAMqyD,gBAA+B38D,GAAK+F,wBAAwB,CAACizD,KAK5D,MAAMoU,GAIX9nF,YAAY+nF,GACV7nF,KAAKs3E,QAAUuQ,GAAc,IAAIxQ,GAOnCv1E,QACE,OAAO9B,KAAKs3E,QAAQx1E,QAQtByX,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMpE,UAAWnV,KAAK8B,aAASb,OAAWA,OAAWA,EAAW6jB,GAOrFgjE,mBACE,OAAO9nF,KAAKs3E,QAAQhvE,KAAI2M,GAAUA,EAAOu/D,eC3CtCrzE,eAAe4mF,GAAqB9iF,EAAS6f,GAClD,MAAM85D,EAAqB,IAAI+I,GAAmB1iF,EAAQ0tE,KAAM7tD,GAKhE,OAJA85D,EAAmBtH,QAAU,KAC7BsH,EAAmB10B,UAAY9oC,GAAMtf,MAAMsf,GAAM9O,UAAWrN,EAAQilD,iBAC9D00B,EAAmBpuB,SAASvrD,EAAQ+iF,QAAS/iF,EAAQ2L,aACrDguE,EAAmBd,6BAClBc,CACT,CAEOz9E,eAAe8mF,GAAkBhjF,EAAS6f,GAC/C,MAAM64D,EAAkB,IAAIsB,GAAgBh6E,EAAQ0tE,KAAM7tD,GAK1D,OAJA64D,EAAgBrG,QAAU,KAC1BqG,EAAgBzzB,UAAY9oC,GAAMtf,MAAMsf,GAAM9O,UAAWrN,EAAQilD,iBAC3DyzB,EAAgBntB,SAASvrD,EAAQ+iF,QAAS/iF,EAAQ2L,MAAO3L,EAAQ6f,cACjE64D,EAAgBG,6BACfH,CACT,CAWOx8E,eAAe+mF,GAAwBC,EAAY71E,EAAWmhE,EAAe2U,EAAczV,EAAO,IAAI33D,KAAQ8J,GACnH,IAAIujE,EACAxnE,EACJ,IAAK,IAAI1d,EAAIglF,EAAW/mF,OAAS,EAAG+B,GAAK,EAAGA,IAC1C,MAEMklF,GAAeF,EAAWhlF,GAAG4wE,SAAWsU,EAAYtU,iBAEhDoU,EAAWhlF,GAAGu6C,OAAOprC,EAAWmhE,EAAe2U,EAAczV,OAAM1xE,EAAW6jB,GACpFujE,EAAcF,EAAWhlF,IAE3B,MAAOsB,GACPoc,EAAYpc,EAGhB,IAAK4jF,EACH,MAAM7tE,GAAK8F,UACT,wBAAwBc,GAAMlgB,KAAKkgB,GAAMjM,UAAWs+D,uBAAmCnhE,EAAUojE,WAAWhuD,UACzGzF,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACyiC,EAAG4jC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3D3nE,GAEJ,OAAOwnE,CACT,CAEO,SAASI,GAAc7K,EAAWzoE,EAAWw9D,EAAO,IAAI33D,MAC7D,MAAM47D,EAAWp8D,GAAKc,cAAcq3D,GACpC,GAAiB,OAAbiE,EAAmB,CACrB,MAAM8R,EAAiBC,GAAqB/K,EAAWzoE,GACvD,QAASyoE,EAAU7J,SAAW6C,GAAYA,EAAW8R,GAEvD,OAAO,CACT,CASOvnF,eAAeynF,GAAuBC,EAAQC,EAAY7jF,EAAS6f,GACxE,MAAMikE,EAAa,GACnBA,EAAW/xE,IAAM8xE,EACjBC,EAAWljF,KAAOgjF,EAClB,MAAMG,EAAsB,CAAEvV,cAAeryD,GAAMjM,UAAU2B,eACzD7R,EAAQk4C,MACV6rC,EAAoBxwE,SAAW,CAAC4I,GAAM5I,SAASS,UAC/C+vE,EAAoBnwE,wBAA0BowE,GAAsBF,EAAY,KAAMF,EAAQ,CAC5FpV,cAAeryD,GAAMjM,UAAU4B,YAC9B9R,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,IAElDkkE,EAAoBxwE,SAAW,CAAC4I,GAAM5I,SAASU,qBAAuBkI,GAAM5I,SAASW,gBAEnFlU,EAAQ2S,kBAAoB,IAC9BoxE,EAAoBpxE,kBAAoB3S,EAAQ2S,kBAChDoxE,EAAoB5U,iBAAkB,GAGxC,aADoC6U,GAAsBF,EAAY,KAAMD,EAAYE,EAAqB/jF,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,EAE9J,CAYO3jB,eAAe0pD,GAAqB7zC,EAAK4mE,EAAWjL,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,GACzF,IAAI87B,EAAW97B,EAAOvC,uBAClB2mE,EAAWtoC,EACf,GAAI5pC,EAAK,CACP,MAAMmyE,QAAoBnyE,EAAIoyE,eAAezW,EAAM98D,EAAQiP,GACvDqkE,EAAYE,kBAAkBnxE,2BAC/BgxE,GAAYC,EAAYE,kBAAkBnxE,wBAC3C0oC,EAAW/hC,GAAOzK,KAAK07B,kBAAkB8Q,IAAa/hC,GAAOzK,KAAK07B,kBAAkBo5C,GAClFA,EAAWtoC,GAGjB,OAAQg9B,EAAU1zB,WAChB,KAAK9oC,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACrB,KAAKsO,GAAM9O,UAAUf,QACnB23E,EAAWrqE,GAAOyqE,0BAA0B1L,EAAU1zB,UAAW0zB,EAAUvuB,aAAajK,KAE5F,OAAOvmC,GAAOzK,KAAK07B,kBAAkB8Q,IAAa/hC,GAAOzK,KAAK07B,kBAAkBo5C,GAC9EA,EAAWtoC,CACf,CAYOz/C,eAAeooF,GAAiBnvE,EAAMoZ,EAAO,GAAIm/C,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI1kE,EAASsB,IAChG,MAAMqjE,EAAc,CAClBp2E,UAAa+N,GAAM/N,UAAUM,OAC7BkB,KAAQuM,GAAMvM,KAAKC,IACnBf,YAAeqN,GAAMrN,YAAYC,cACjCoG,GACIsvE,EAAsB,CAC1Br2E,UAAayR,EAAOtC,4BACpB3N,KAAQiQ,EAAOlC,uBACf7O,YAAe+Q,EAAOrC,+BACtBrI,GACIuvE,EAAmB,CACvBt2E,UAAa,+BACbwB,KAAQ,0BACRd,YAAe,kCACfqG,GAKIwvE,QAA0B3pF,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,eAAe6V,EAAK7T,GACvE,MACM0mF,SADoB7yE,EAAIoyE,eAAezW,EAAM6W,EAAQrmF,GAAI2hB,IAC5BukE,kBAAkBM,GACrD,QAASE,GAAkBA,EAAeljF,QAAQ+iF,IAAwB,MAE5E,OAAOE,EAAkB9qC,MAAMgrC,SAAWJ,EAAsBD,CAClE,CAgBOtoF,eAAe8nF,GAAsBF,EAAYnvE,EAAYmwE,EAAkBf,EAAqBrW,EAAM98D,EAAQ6+D,EAAY,GAAIl3B,GAAW,EAAO14B,GACzJ,GAAIilE,EAAiBrK,UACnB,MAAUt8E,MAAM,qCAElB,IAAK2mF,EAAiB/L,cACpB,MAAU56E,MAAM,iCAElB,MAAM4mF,EAAkB,IAAIxW,GAM5B,OALAroE,OAAO8lD,OAAO+4B,EAAiBhB,GAC/BgB,EAAgBrW,mBAAqBoW,EAAiB7/B,UACtD8/B,EAAgBtW,oBAAsB7oB,GAAqBjxC,EAAYmwE,EAAkBpX,EAAM98D,EAAQiP,GACvGklE,EAAgBvV,aAAeC,QACzBsV,EAAgB7sC,KAAK4sC,EAAkBhB,EAAYpW,EAAMn1B,GACxDwsC,CACT,CAUO7oF,eAAe8oF,GAAgBC,EAAQ14B,EAAMwtB,EAAMrM,EAAO,IAAI33D,KAAQmvE,IAC3ED,EAASA,EAAOlL,MAETxtB,EAAKwtB,GAAM59E,aAGRnB,QAAQ+H,IAAIkiF,EAAO5hF,KAAInH,eAAeipF,GACrCA,EAAUrT,UAAUpE,IAAWwX,UAAiBA,EAAQC,IACxD54B,EAAKwtB,GAAM32E,MAAK,SAASgiF,GACxB,OAAO7vE,GAAKqD,iBAAiBwsE,EAAQhV,cAAe+U,EAAU/U,mBAElE7jB,EAAKwtB,GAAMn9E,KAAKuoF,OAPpB54B,EAAKwtB,GAAQkL,EAYnB,CAkBO/oF,eAAempF,GAAcxB,EAAYrV,EAAe2U,EAAcmC,EAAap1E,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,GAC3H9N,EAAMA,GAAO8xE,EACb,MAAM0B,EAAmB,GAwBzB,aAvBMvqF,QAAQ+H,IAAIuiF,EAAYjiF,KAAInH,eAAespF,GAC/C,IAUKt1E,IAAas1E,EAAoBjW,YAAY7sD,OAAOxS,EAAUq/D,qBAEzDiW,EAAoB/sC,OACxB1mC,EAAKy8D,EAAe2U,EAActjE,EAAO1B,kBAAoBuvD,EAAO,MAAM,EAAO7tD,GAInF0lE,EAAiB3oF,KAAK4oF,EAAoBjW,cAE5C,MAAO/vE,SAGP0Q,GACFA,EAAU+/D,UAAUsV,EAAiBniF,MAAKuf,GAASA,EAAMD,OAAOxS,EAAUq/D,iBACxEr/D,EAAU+/D,UAAW,GAChB//D,EAAU+/D,SAEZsV,EAAiBppF,OAAS,CACnC,CASO,SAASunF,GAAqB/K,EAAWzoE,GAC9C,IAAIuzE,EAKJ,OAHkC,IAA9BvzE,EAAUi/D,kBACZsU,EAAiB9K,EAAU7J,QAAQ14D,UAA0C,IAA9BlG,EAAUyC,mBAEpD8wE,EAAiB,IAAI1tE,KAAK0tE,GAAkB98E,GACrD,CAwBO,SAAS8+E,GAAmBzlF,EAAS0lF,EAAiB,IAU3D,OATA1lF,EAAQmV,KAAOnV,EAAQmV,MAAQuwE,EAAevwE,KAC9CnV,EAAQ2L,MAAQ3L,EAAQ2L,OAAS+5E,EAAe/5E,MAChD3L,EAAQ+iF,QAAU/iF,EAAQ+iF,SAAW2C,EAAe3C,QACpD/iF,EAAQ2S,uBAAkD3W,IAA9BgE,EAAQ2S,kBAAkC3S,EAAQ2S,kBAAoB+yE,EAAe/yE,kBACjH3S,EAAQ43E,WAAariE,GAAKC,SAASxV,EAAQ43E,YAAc53E,EAAQ43E,WAAa8N,EAAe9N,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQgY,EAAehY,KAE9C1tE,EAAQk4C,KAAOl4C,EAAQk4C,OAAQ,EAEvBl4C,EAAQmV,MACd,IAAK,MACH,IACEnV,EAAQ2L,MAAQwQ,GAAMtf,MAAMsf,GAAMxQ,MAAO3L,EAAQ2L,OACjD,MAAOnM,GACP,MAAUrB,MAAM,iBAEd6B,EAAQ2L,QAAUwQ,GAAMxQ,MAAMS,eAAiBpM,EAAQ2L,QAAUwQ,GAAMxQ,MAAMa,mBAC/ExM,EAAQ2L,MAAQ3L,EAAQk4C,KAAO/7B,GAAMxQ,MAAMS,cAAgB+P,GAAMxQ,MAAMa,kBAErExM,EAAQk4C,KACVl4C,EAAQilD,UAAYjlD,EAAQ2L,QAAUwQ,GAAMxQ,MAAMS,cAAgB+P,GAAM9O,UAAUQ,YAAcsO,GAAM9O,UAAUO,MAEhH5N,EAAQilD,UAAY9oC,GAAM9O,UAAUM,KAEtC,MACF,IAAK,MACH3N,EAAQilD,UAAY9oC,GAAM9O,UAAUC,eACpC,MACF,QACE,MAAUnP,MAAM,wBAAwB6B,EAAQmV,MAEpD,OAAOnV,CACT,CAEO,SAAS2lF,GAAwBhN,EAAWzoE,GACjD,MAAM46C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,GAAM9O,UAAUE,YACjCu9C,IAAY3uC,GAAM9O,UAAUI,SAC5Bq9C,IAAY3uC,GAAM9O,UAAUM,MAC5Bm9C,IAAY3uC,GAAM9O,UAAUY,UAC1BiC,EAAUqD,UAC4C,IAArDrD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASS,UAC9C,CAEO,SAAS4xE,GAA2BjN,EAAWzoE,GACpD,MAAM46C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,GAAM9O,UAAUK,KACjCo9C,IAAY3uC,GAAM9O,UAAUG,SAC5Bs9C,IAAY3uC,GAAM9O,UAAUO,OAC5Bk9C,IAAY3uC,GAAM9O,UAAUQ,aAC5Bi9C,IAAY3uC,GAAM9O,UAAUf,WAC1B4D,EAAUqD,UACwD,IAAjErD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASW,gBAC9C,CAEO,SAAS2xE,GAA2B31E,EAAW2P,GACpD,QAAIA,EAAOzB,0CAKHlO,EAAUqD,UACkD,IAAjErD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASW,gBAC5C,CASO,SAAS4xE,GAAqBnN,EAAW94D,GAC9C,MAAMirC,EAAU3uC,GAAMtf,MAAMsf,GAAM9O,UAAWsrE,EAAU1zB,WACjD8gC,EAAWpN,EAAUU,mBAC3B,GAAIx5D,EAAOP,0BAA0Bne,IAAI2pD,GACvC,MAAU3sD,MAAS4nF,EAAS9gC,UAAZ,kCAElB,OAAQ6F,GACN,KAAK3uC,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QACrB,KAAK2O,GAAM9O,UAAUE,WACnB,GAAIw4E,EAASrsE,KAAOmG,EAAO5B,WACzB,MAAU9f,MAAM,yBAAyB0hB,EAAO5B,4CAElD,MACF,KAAK9B,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACrB,KAAKsO,GAAM9O,UAAUM,KACnB,GAAIkS,EAAON,aAAape,IAAI4kF,EAASp6E,OACnC,MAAUxN,MAAM,eAAe4nF,EAAS9gC,8BAA8B8gC,EAASp6E,sBAMvF,CCjZA,MAAMq6E,GACJnrF,YAAYorF,EAAYC,GACtBnrF,KAAK6V,OAASq1E,EAAWprF,YAAY4gB,MAAQU,GAAMnM,OAAOY,OAASq1E,EAAa,KAChFlrF,KAAK+V,cAAgBm1E,EAAWprF,YAAY4gB,MAAQU,GAAMnM,OAAOc,cAAgBm1E,EAAa,KAC9FlrF,KAAKorF,mBAAqB,GAC1BprF,KAAKqrF,oBAAsB,GAC3BrrF,KAAKsrF,qBAAuB,GAC5BtrF,KAAKmrF,QAAUA,EAOjBI,eACE,MAAM1D,EAAa,IAAIxQ,GAKvB,OAJAwQ,EAAWhmF,KAAK7B,KAAK6V,QAAU7V,KAAK+V,eACpC8xE,EAAWhmF,QAAQ7B,KAAKsrF,sBACxBzD,EAAWhmF,QAAQ7B,KAAKorF,oBACxBvD,EAAWhmF,QAAQ7B,KAAKqrF,qBACjBxD,EAOTlmF,QACE,MAAM6pF,EAAO,IAAIP,GAAKjrF,KAAK6V,QAAU7V,KAAK+V,cAAe/V,KAAKmrF,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAIprF,KAAKorF,oBACnCI,EAAKH,oBAAsB,IAAIrrF,KAAKqrF,qBACpCG,EAAKF,qBAAuB,IAAItrF,KAAKsrF,sBAC9BE,EAWTrqF,cAAcsqF,EAAa9Y,EAAM7tD,GAC/B,MAAMgkE,EAAa9oF,KAAKmrF,QAAQvN,UAC1BmL,EAAa,CACjBlzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAK8xE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWlzE,QAAUkzE,EAAWhzE,cAAe/V,KAAKmrF,SAgB1E,OAfAK,EAAKH,0BAA4BprF,QAAQ+H,IAAIyjF,EAAYnjF,KAAInH,eAAeyY,GAC1E,IAAKA,EAAW8xE,YACd,MAAUtoF,MAAM,gCAElB,GAAIwW,EAAWwkE,qBAAqB0K,GAClC,MAAU1lF,MAAM,+DAElB,MAAMuoF,QAAmB/xE,EAAWgyE,mBAAc3qF,EAAW0xE,OAAM1xE,EAAW6jB,GAC9E,OAAOmkE,GAAsBF,EAAYnvE,EAAY+xE,EAAW/N,UAAW,CAEzEnK,cAAeryD,GAAMjM,UAAUsB,YAC/B+B,SAAU,CAAC4I,GAAM5I,SAASQ,YAAcoI,GAAM5I,SAASS,WACtD05D,OAAM1xE,OAAWA,OAAWA,EAAW6jB,aAEtC0mE,EAAK1jD,OAAO9nC,KAAM2yE,EAAM7tD,GACvB0mE,EAeTrqF,gBAAgB0qF,EAAajO,EAAWjL,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClE,MAAM0iE,EAAa9oF,KAAKmrF,QAAQvN,UAChC,OAAO0M,GAAcxB,EAAY1nE,GAAMjM,UAAU0B,eAAgB,CAC/DG,IAAK8xE,EACLjzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,eACnB/V,KAAKsrF,qBAAsBO,EAAajO,EAAWjL,EAAM7tD,GAa9D3jB,wBAAwB0qF,EAAaC,EAAkBnZ,EAAO,IAAI33D,KAAQ8J,GACxE,MAAM0zD,EAAOx4E,KACP8oF,EAAa9oF,KAAKmrF,QAAQvN,UAC1BwK,EAAe,CACnBvyE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAK8xE,IAEDtU,YAAEA,GAAgBqX,EAClBE,EAAaD,EAAiBtkF,QAAOwP,GAAOA,EAAIg1E,QAAQxX,GAAapzE,OAAS,IACpF,OAA0B,IAAtB2qF,EAAW3qF,OACN,YAEHnB,QAAQ+H,IAAI+jF,EAAWzjF,KAAInH,UAC/B,MAAMwqF,QAAmB30E,EAAI40E,cAAcpX,EAAaqX,EAAY9X,aAAS9yE,EAAW6jB,GACxF,GAAI+mE,EAAY3W,eAAiBsD,EAAKyT,UAAUJ,EAAaF,EAAW/N,UAAWjL,EAAM7tD,GACvF,MAAU1hB,MAAM,+BAElB,UACQyoF,EAAYnuC,OAAOiuC,EAAW/N,UAAWx8D,GAAMjM,UAAUsB,YAAa2xE,EAAczV,OAAM1xE,EAAW6jB,GAC3G,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,8BAA+B7b,SAGjD,GAeTtD,8BAA8B2qF,EAAkBnZ,EAAO,IAAI33D,KAAQ8J,GACjE,MAAM0zD,EAAOx4E,KACPksF,EAAiBlsF,KAAKorF,mBAAmBxkF,OAAO5G,KAAKqrF,qBAC3D,OAAOprF,QAAQ+H,IAAIkkF,EAAe5jF,KAAInH,WACpCymB,MAAOukE,EAAc3X,YACrB4X,YAAa5T,EAAK6T,kBAAkBF,EAAeL,EAAkBnZ,EAAM7tD,GAAQ1kB,OAAM,KAAM,SAanGe,aAAawxE,EAAO,IAAI33D,KAAQ8J,GAC9B,IAAK9kB,KAAKorF,mBAAmBhqF,OAC3B,MAAUgC,MAAM,gCAElB,MAAMo1E,EAAOx4E,KACP8oF,EAAa9oF,KAAKmrF,QAAQvN,UAC1BwK,EAAe,CACnBvyE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAK8xE,GAGP,IAAIjoE,EACJ,IAAK,IAAI1d,EAAInD,KAAKorF,mBAAmBhqF,OAAS,EAAG+B,GAAK,EAAGA,IACvD,IACE,MAAMkmF,EAAoBrpF,KAAKorF,mBAAmBjoF,GAClD,GAAIkmF,EAAkBnU,eAAiBsD,EAAKyT,UAAU5C,OAAmBpoF,EAAW0xE,EAAM7tD,GACxF,MAAU1hB,MAAM,iCAElB,UACQimF,EAAkB3rC,OAAOorC,EAAY1nE,GAAMjM,UAAUsB,YAAa2xE,EAAczV,OAAM1xE,EAAW6jB,GACvG,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,gCAAiC7b,GAExD,OAAO,EACP,MAAOA,GACPoc,EAAYpc,EAGhB,MAAMoc,EAWR1f,aAAamrF,EAAY3Z,EAAM7tD,GAC7B,MAAMgkE,EAAa9oF,KAAKmrF,QAAQvN,UAC1BwK,EAAe,CACnBvyE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAK8xE,SAGDmB,GAAgBqC,EAAYtsF,KAAM,qBAAsB2yE,GAAMxxE,eAAeorF,GACjF,IAEE,aADMA,EAAW7uC,OAAOorC,EAAY1nE,GAAMjM,UAAUsB,YAAa2xE,EAAczV,GAAM,EAAO7tD,IACrF,EACP,MAAOrgB,GACP,OAAO,YAILwlF,GAAgBqC,EAAYtsF,KAAM,sBAAuB2yE,SAEzDsX,GAAgBqC,EAAYtsF,KAAM,uBAAwB2yE,GAAM,SAAS6Z,GAC7E,OAAOlC,GAAcxB,EAAY1nE,GAAMjM,UAAU0B,eAAgBuxE,EAAc,CAACoE,QAAYvrF,OAAWA,EAAW0xE,EAAM7tD,MAe5H3jB,aACE2nF,GAEE2D,KAAM7X,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1D6yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,MAAM2iE,EAAa,CACjBlzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAK8xE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWlzE,QAAUkzE,EAAWhzE,cAAe/V,KAAKmrF,SAO1E,OANAK,EAAKF,qBAAqBzpF,WAAWonF,GAAsBF,EAAY,KAAMD,EAAY,CACvFrV,cAAeryD,GAAMjM,UAAU0B,eAC/B+9D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,GAAW,EAAO6jB,UAChC0mE,EAAK1jD,OAAO9nC,MACXwrF,GC1PX,MAAMmB,GAKJ7sF,YAAY8sF,EAAczB,GACxBnrF,KAAK49E,UAAYgP,EACjB5sF,KAAK6sF,kBAAoB,GACzB7sF,KAAKsrF,qBAAuB,GAC5BtrF,KAAKmrF,QAAUA,EAOjBI,eACE,MAAM1D,EAAa,IAAIxQ,GAIvB,OAHAwQ,EAAWhmF,KAAK7B,KAAK49E,WACrBiK,EAAWhmF,QAAQ7B,KAAKsrF,sBACxBzD,EAAWhmF,QAAQ7B,KAAK6sF,mBACjBhF,EAOTlmF,QACE,MAAMknF,EAAS,IAAI8D,GAAO3sF,KAAK49E,UAAW59E,KAAKmrF,SAG/C,OAFAtC,EAAOgE,kBAAoB,IAAI7sF,KAAK6sF,mBACpChE,EAAOyC,qBAAuB,IAAItrF,KAAKsrF,sBAChCzC,EAeT1nF,gBAAgBgU,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,MAAM0iE,EAAa9oF,KAAKmrF,QAAQvN,UAChC,OAAOkP,GACLhE,EAAY1nE,GAAMjM,UAAU+B,iBAAkB,CAC5CF,IAAK8xE,EACLjjF,KAAM7F,KAAK49E,WACV59E,KAAKsrF,qBAAsBn2E,EAAW6B,EAAK27D,EAAM7tD,GAaxD3jB,aAAawxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACvC,MAAM0iE,EAAa9oF,KAAKmrF,QAAQvN,UAC1BwK,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAM7F,KAAK49E,WAE7CmP,QAAyBC,GAA+BhtF,KAAK6sF,kBAAmB/D,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,EAAM7tD,GAErJ,GAAIioE,EAAiB7X,eAAiBl1E,KAAKisF,UAAUc,EAAkB,KAAMpa,EAAM7tD,GACjF,MAAU1hB,MAAM,qBAGlB,GAAI6pF,GAAqBjtF,KAAK49E,UAAWmP,EAAkBpa,GACzD,MAAUvvE,MAAM,qBAElB,OAAO2pF,EAWT5rF,wBAAwBwxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClD,MAAM0iE,EAAa9oF,KAAKmrF,QAAQvN,UAC1BwK,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAM7F,KAAK49E,WACnD,IAAImP,EACJ,IACEA,QAAyBC,GAA+BhtF,KAAK6sF,kBAAmB/D,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,EAAM7tD,GAC/I,MAAOrgB,GACP,OAAO,KAET,MAAMyoF,EAAYC,GAA4BntF,KAAK49E,UAAWmP,GACxDK,EAAYL,EAAiBlW,oBACnC,OAAOqW,EAAYE,EAAYF,EAAYE,EAW7CjsF,aAAa0nF,EAAQlW,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC/C,MAAM0iE,EAAa9oF,KAAKmrF,QAAQvN,UAChC,IAAK59E,KAAKo+E,qBAAqByK,GAC7B,MAAUzlF,MAAM,2DAGdpD,KAAK49E,UAAU99E,YAAY4gB,MAAQU,GAAMnM,OAAOa,cAChD+yE,EAAOjL,UAAU99E,YAAY4gB,MAAQU,GAAMnM,OAAOM,eACpDvV,KAAK49E,UAAYiL,EAAOjL,WAG1B,MAAMpF,EAAOx4E,KACPooF,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAM2yE,EAAKoF,iBAC7CyP,GAAuBxE,EAAQ7oF,KAAM,oBAAqB2yE,GAAMxxE,eAAemsF,GACnF,IAAK,IAAInqF,EAAI,EAAGA,EAAIq1E,EAAKqU,kBAAkBzrF,OAAQ+B,IACjD,GAAIq1E,EAAKqU,kBAAkB1pF,GAAGqxE,YAAY7sD,OAAO2lE,EAAW9Y,aAI1D,OAHI8Y,EAAWvZ,QAAUyE,EAAKqU,kBAAkB1pF,GAAG4wE,UACjDyE,EAAKqU,kBAAkB1pF,GAAKmqF,IAEvB,EAGX,IAEE,aADMA,EAAW5vC,OAAOorC,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,OAAM1xE,EAAW6jB,IAC3F,EACP,MAAOrgB,GACP,OAAO,YAIL4oF,GAAuBxE,EAAQ7oF,KAAM,uBAAwB2yE,GAAM,SAAS6Z,GAChF,OAAOM,GAAqBhE,EAAY1nE,GAAMjM,UAAU+B,iBAAkBkxE,EAAc,CAACoE,QAAYvrF,OAAWA,EAAW0xE,EAAM7tD,MAerI3jB,aACE2nF,GAEE2D,KAAM7X,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1D6yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,MAAM2iE,EAAa,CAAE/xE,IAAK8xE,EAAYjjF,KAAM7F,KAAK49E,WAC3CiL,EAAS,IAAI8D,GAAO3sF,KAAK49E,UAAW59E,KAAKmrF,SAO/C,OANAtC,EAAOyC,qBAAqBzpF,WAAW0rF,GAA6BxE,EAAY,KAAMD,EAAY,CAChGrV,cAAeryD,GAAMjM,UAAU+B,iBAC/B09D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,GAAW,EAAO6jB,UAChC+jE,EAAO/gD,OAAO9nC,MACb6oF,EAGTzK,qBAAqBC,GACnB,OAAOr+E,KAAK49E,UAAUQ,qBAAqBC,EAAMT,WAAaS,IAIlE,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe/6E,SAAQgI,IAC3FqhF,GAAO3rF,UAAUsK,GACf,WACE,OAAOtL,KAAK49E,UAAUtyE,KACvB,IC/KL,MAAMkiF,gBAAyChzE,GAAK+F,wBAAwB,CAACizD,KACvEia,GAAoB,IAAIhqE,IAAI,CAACrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAO2E,aAClE8zE,GAAgB,IAAIjqE,IAAI,CAC5BrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAO2E,WACrCwH,GAAMnM,OAAOa,aAAcsL,GAAMnM,OAAO04E,gBAY1C,MAAMC,GAMJC,sBAAsBhG,EAAYiG,EAAoB,IAAIrqE,KACxD,IAAI+nE,EACAuC,EACAlF,EACAmF,EAEJ,IAAK,MAAM/4E,KAAU4yE,EAAY,CAE/B,GAAI5yE,aAAkBqyC,GAAmB,CACRomC,GAActnF,IAAI6O,EAAOyL,OACzBstE,IAI3BA,EADEP,GAAkBrnF,IAAI6O,EAAOyL,KACjB+sE,GAEAC,IAGlB,SAGF,MAAMhtE,EAAMzL,EAAOnV,YAAY4gB,IAC/B,GAAIstE,EAAa,CACf,IAAKA,EAAY5nF,IAAIsa,GAAM,SAC3BstE,EAAc,KAEhB,GAAIF,EAAkB1nF,IAAIsa,GACxB,MAAUtd,MAAM,2BAA2Bsd,GAE7C,OAAQA,GACN,KAAKU,GAAMnM,OAAO3C,UAClB,KAAK8O,GAAMnM,OAAOK,UAChB,GAAItV,KAAK49E,UACP,MAAUx6E,MAAM,oCAIlB,GAFApD,KAAK49E,UAAY3oE,EACjB84E,EAAe/tF,KAAK01E,YACfqY,EACH,MAAU3qF,MAAM,kBAElB,MACF,KAAKge,GAAMnM,OAAOY,OAClB,KAAKuL,GAAMnM,OAAOc,cAChBy1E,EAAO,IAAIP,GAAKh2E,EAAQjV,MACxBA,KAAKiuF,MAAMpsF,KAAK2pF,GAChB,MACF,KAAKpqE,GAAMnM,OAAOa,aAClB,KAAKsL,GAAMnM,OAAOM,aAChBi2E,EAAO,KACP3C,EAAS,IAAI8D,GAAO13E,EAAQjV,MAC5BA,KAAKkuF,QAAQrsF,KAAKgnF,GAClB,MACF,KAAKznE,GAAMnM,OAAOE,UAChB,OAAQF,EAAOw+D,eACb,KAAKryD,GAAMjM,UAAUsB,YACrB,KAAK2K,GAAMjM,UAAUuB,YACrB,KAAK0K,GAAMjM,UAAUwB,WACrB,KAAKyK,GAAMjM,UAAUyB,aACnB,IAAK40E,EAAM,CACThxE,GAAK0D,WAAW,mEAChB,SAEEjJ,EAAOu/D,YAAY7sD,OAAOomE,GAC5BvC,EAAKJ,mBAAmBvpF,KAAKoT,GAE7Bu2E,EAAKH,oBAAoBxpF,KAAKoT,GAEhC,MACF,KAAKmM,GAAMjM,UAAU0B,eACf20E,EACFA,EAAKF,qBAAqBzpF,KAAKoT,GAE/BjV,KAAKmuF,iBAAiBtsF,KAAKoT,GAE7B,MACF,KAAKmM,GAAMjM,UAAU6B,IACnBhX,KAAKmuF,iBAAiBtsF,KAAKoT,GAC3B,MACF,KAAKmM,GAAMjM,UAAU2B,cACnB,IAAK+xE,EAAQ,CACXruE,GAAK0D,WAAW,qEAChB,SAEF2qE,EAAOgE,kBAAkBhrF,KAAKoT,GAC9B,MACF,KAAKmM,GAAMjM,UAAU8B,cACnBjX,KAAKsrF,qBAAqBzpF,KAAKoT,GAC/B,MACF,KAAKmM,GAAMjM,UAAU+B,iBACnB,IAAK2xE,EAAQ,CACXruE,GAAK0D,WAAW,wEAChB,SAEF2qE,EAAOyC,qBAAqBzpF,KAAKoT,MAY7Cs2E,eACE,MAAM1D,EAAa,IAAIxQ,GAMvB,OALAwQ,EAAWhmF,KAAK7B,KAAK49E,WACrBiK,EAAWhmF,QAAQ7B,KAAKsrF,sBACxBzD,EAAWhmF,QAAQ7B,KAAKmuF,kBACxBnuF,KAAKiuF,MAAM3lF,KAAIkjF,GAAQ3D,EAAWhmF,QAAQ2pF,EAAKD,kBAC/CvrF,KAAKkuF,QAAQ5lF,KAAIugF,GAAUhB,EAAWhmF,QAAQgnF,EAAO0C,kBAC9C1D,EAQTlmF,MAAMysF,GAAqB,GACzB,MAAMp3E,EAAM,IAAIhX,KAAKF,YAAYE,KAAKurF,gBAiBtC,OAhBI6C,GACFp3E,EAAIg1E,UAAU1oF,SAAQ+Y,IAMpB,GAJAA,EAAEuhE,UAAYzyE,OAAOy6B,OACnBz6B,OAAOkjF,eAAehyE,EAAEuhE,WACxBzyE,OAAOE,0BAA0BgR,EAAEuhE,aAEhCvhE,EAAEuhE,UAAUI,cAAe,OAEhC,MAAM3tB,EAAgB,GACtBllD,OAAOqoB,KAAKnX,EAAEuhE,UAAUvtB,eAAe/sD,SAAQgI,IAC7C+kD,EAAc/kD,GAAQ,IAAIvI,WAAWsZ,EAAEuhE,UAAUvtB,cAAc/kD,GAAM,IAEvE+Q,EAAEuhE,UAAUvtB,cAAgBA,CAAa,IAGtCr5C,EASTs3E,WAAW1mE,EAAQ,MAIjB,OAHgB5nB,KAAKkuF,QAAQ1mF,QAAOqhF,IACjCjhE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GAAO,KAW9CokE,QAAQpkE,EAAQ,MACd,MAAM4L,EAAO,GAIb,OAHK5L,IAAS5nB,KAAK01E,WAAW/tD,OAAOC,GAAO,IAC1C4L,EAAK3xB,KAAK7B,MAELwzB,EAAK5sB,OAAO5G,KAAKsuF,WAAW1mE,IAOrC2mE,YACE,OAAOvuF,KAAKgsF,UAAU1jF,KAAI0O,GAAOA,EAAI0+D,aAOvC8Y,aACE,OAAOxuF,KAAKiuF,MAAM3lF,KAAIkjF,GACbA,EAAK31E,OAAS21E,EAAK31E,OAAOA,OAAS,OACzCrO,QAAOqO,GAAqB,OAAXA,IAOtB/T,QACE,OAAO9B,KAAKurF,eAAezpF,QAa7BX,oBAAoBymB,EAAQ,KAAM+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,UACnEpmB,KAAKyuF,iBAAiB9b,EAAM98D,EAAQiP,GAC1C,MAAMgkE,EAAa9oF,KAAK49E,UAClBsQ,EAAUluF,KAAKkuF,QAAQxsF,QAAQgtF,MAAK,CAACjgF,EAAGJ,IAAMA,EAAEuvE,UAAU7J,QAAUtlE,EAAEmvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMgoE,KAAUqF,EACnB,IAAKtmE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GACrC,UACQihE,EAAOnrC,OAAOi1B,EAAM7tD,GAC1B,MAAMsjE,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAMgjF,EAAOjL,WAC/CmP,QAAyBC,GAC7BnE,EAAOgE,kBAAmB/D,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,EAAM7tD,GAE3F,IAAK6pE,GAA+B9F,EAAOjL,UAAWmP,GACpD,SAEF,IAAKA,EAAiBl0E,kBACpB,MAAUzV,MAAM,8BAOlB,aAJM4pF,GACJ,CAACD,EAAiBl0E,mBAAoBgwE,EAAOjL,UAAWx8D,GAAMjM,UAAU4B,WAAYqxE,EAAczV,EAAM7tD,GAE1G8pE,GAA4B/F,EAAOjL,UAAW94D,GACvC+jE,EACP,MAAOpkF,GACPoc,EAAYpc,EAKlB,IACE,MAAM0kF,QAAoBnpF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAC5D,KAAM8C,GAASkhE,EAAWpT,WAAW/tD,OAAOC,KACxC+mE,GAA+B7F,EAAYK,EAAYE,mBAEzD,OADAuF,GAA4B9F,EAAYhkE,GACjC9kB,KAET,MAAOyE,GACPoc,EAAYpc,EAEd,MAAM+V,GAAK8F,UAAU,kDAAoDtgB,KAAK01E,WAAWhuD,QAAS7G,GAapG1f,uBAAuBymB,EAAO+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,UAC/DpmB,KAAKyuF,iBAAiB9b,EAAM98D,EAAQiP,GAC1C,MAAMgkE,EAAa9oF,KAAK49E,UAElBsQ,EAAUluF,KAAKkuF,QAAQxsF,QAAQgtF,MAAK,CAACjgF,EAAGJ,IAAMA,EAAEuvE,UAAU7J,QAAUtlE,EAAEmvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMgoE,KAAUqF,EACnB,IAAKtmE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GACrC,UACQihE,EAAOnrC,OAAOi1B,EAAM7tD,GAC1B,MAAMsjE,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAMgjF,EAAOjL,WAC/CmP,QAAyBC,GAA+BnE,EAAOgE,kBAAmB/D,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,EAAM7tD,GACvJ,GAAI+pE,GAAkChG,EAAOjL,UAAWmP,GAEtD,OADA6B,GAA4B/F,EAAOjL,UAAW94D,GACvC+jE,EAET,MAAOpkF,GACPoc,EAAYpc,EAKlB,IAEE,MAAM0kF,QAAoBnpF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAC5D,KAAM8C,GAASkhE,EAAWpT,WAAW/tD,OAAOC,KACxCinE,GAAkC/F,EAAYK,EAAYE,mBAE5D,OADAuF,GAA4B9F,EAAYhkE,GACjC9kB,KAET,MAAOyE,GACPoc,EAAYpc,EAEd,MAAM+V,GAAK8F,UAAU,qDAAuDtgB,KAAK01E,WAAWhuD,QAAS7G,GAevG1f,gBAAgBgU,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,OAAO0mE,GACL9sF,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAe,CAAED,IAAKhX,KAAK49E,WAAa59E,KAAKsrF,qBAAsBn2E,EAAW6B,EAAK27D,EAAM7tD,GAa7H3jB,uBAAuBwxE,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IAC9D,MAAM0iE,EAAa9oF,KAAK49E,UAExB,SAAU59E,KAAKisF,UAAU,KAAM,KAAMtZ,EAAM7tD,GACzC,MAAU1hB,MAAM,0BAGlB,MAAMimF,kBAAEA,SAA4BrpF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAEtE,GAAImoE,GAAqBnE,EAAYO,EAAmB1W,GACtD,MAAUvvE,MAAM,0BAGlB,MAAM0rF,QAAwB9B,GAC5BhtF,KAAKmuF,iBAAkBrF,EAAY1nE,GAAMjM,UAAU6B,IAAK,CAAEA,IAAK8xE,GAAcnW,EAAM7tD,GACnF1kB,OAAM,SAER,GAAI0uF,GAAmB7B,GAAqBnE,EAAYgG,EAAiBnc,GACvE,MAAUvvE,MAAM,0BAYpBjC,wBAAwB0U,EAAQiP,EAASsB,IACvC,IAAI2oE,EACJ,IACE,MAAM1F,kBAAEA,SAA4BrpF,KAAKopF,eAAe,KAAMvzE,EAAQiP,GAChEkqE,EAAmB7B,GAA4BntF,KAAK49E,UAAWyL,GAC/D4F,EAAgB5F,EAAkBxS,oBAClCiY,QAAwB9B,GAC5BhtF,KAAKmuF,iBAAkBnuF,KAAK49E,UAAWx8D,GAAMjM,UAAU6B,IAAK,CAAEA,IAAKhX,KAAK49E,WAAa,KAAM94D,GAC3F1kB,OAAM,SACR,GAAI0uF,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4BntF,KAAK49E,UAAWkR,GAGvEC,EAAmBjjF,KAAKoyC,IAAI8wC,EAAkBC,EAAeC,QAE7DH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,EAE3E,MAAOxqF,GACPsqF,EAAmB,KAGrB,OAAOv0E,GAAKc,cAAcyzE,GAiB5B5tF,qBAAqBwxE,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IAC5D,MAAM0iE,EAAa9oF,KAAK49E,UAClBqQ,EAAQ,GACd,IAAIptE,EACJ,IAAK,IAAI1d,EAAI,EAAGA,EAAInD,KAAKiuF,MAAM7sF,OAAQ+B,IACrC,IACE,MAAMqoF,EAAOxrF,KAAKiuF,MAAM9qF,GACxB,IAAKqoF,EAAK31E,OACR,SAEF,QACmB5U,IAAhB4U,EAAOvK,MAAsBkgF,EAAK31E,OAAOvK,OAASuK,EAAOvK,WACxCrK,IAAjB4U,EAAO0xE,OAAuBiE,EAAK31E,OAAO0xE,QAAU1xE,EAAO0xE,YACxCtmF,IAAnB4U,EAAO+rD,SAAyB4pB,EAAK31E,OAAO+rD,UAAY/rD,EAAO+rD,QAEhE,MAAUx+D,MAAM,iDAElB,MAAMglF,EAAe,CAAEvyE,OAAQ21E,EAAK31E,OAAQmB,IAAK8xE,GAC3CO,QAA0B2D,GAA+BxB,EAAKJ,mBAAoBtC,EAAY1nE,GAAMjM,UAAUsB,YAAa2xE,EAAczV,EAAM7tD,GACrJmpE,EAAMpsF,KAAK,CAAEie,MAAO3c,EAAGqoF,OAAMnC,sBAC7B,MAAO5kF,GACPoc,EAAYpc,EAGhB,IAAKwpF,EAAM7sF,OACT,MAAMyf,GAAiBzd,MAAM,qCAEzBnD,QAAQ+H,IAAIimF,EAAM3lF,KAAInH,eAAgBsN,GAC1C,OAAOA,EAAE46E,kBAAkBnU,SAAWzmE,EAAE+8E,KAAKS,UAAUx9E,EAAE46E,kBAAmB,KAAM1W,EAAM7tD,OAG1F,MAAMqkE,EAAc8E,EAAMS,MAAK,SAASjgF,EAAGJ,GACzC,MAAMi/B,EAAI7+B,EAAE46E,kBACN97C,EAAIl/B,EAAEg7E,kBACZ,OAAO97C,EAAE2nC,QAAU5nC,EAAE4nC,SAAW5nC,EAAEqnC,gBAAkBpnC,EAAEonC,iBAAmBrnC,EAAEymC,QAAUxmC,EAAEwmC,WACtFriD,OACG85D,KAAEA,EAAMnC,kBAAmB8F,GAAShG,EAC1C,GAAIgG,EAAKja,eAAiBsW,EAAKS,UAAUkD,EAAM,KAAMxc,EAAM7tD,GACzD,MAAU1hB,MAAM,2BAElB,OAAO+lF,EAgBThoF,aAAaiuF,EAAWzc,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClD,IAAKpmB,KAAKo+E,qBAAqBgR,GAC7B,MAAUhsF,MAAM,4DAElB,IAAKpD,KAAK0rF,aAAe0D,EAAU1D,YAAa,CAQ9C,KANe1rF,KAAKkuF,QAAQ9sF,SAAWguF,EAAUlB,QAAQ9sF,QAClDpB,KAAKkuF,QAAQpvC,OAAMuwC,GACXD,EAAUlB,QAAQ7lF,MAAKinF,GACrBD,EAAWjR,qBAAqBkR,QAI/C,MAAUlsF,MAAM,iEAGlB,OAAOgsF,EAAUtnD,OAAO9nC,KAAM8kB,GAMhC,MAAMyqE,EAAavvF,KAAK2B,QA0CxB,aAxCM0rF,GAAuB+B,EAAWG,EAAY,uBAAwB5c,GAAM6Z,GACzEM,GAAqByC,EAAW3R,UAAWx8D,GAAMjM,UAAU8B,cAAes4E,EAAY,CAAC/C,GAAY,KAAM4C,EAAUxR,UAAWjL,EAAM7tD,WAGvIuoE,GAAuB+B,EAAWG,EAAY,mBAAoB5c,SAElE1yE,QAAQ+H,IAAIonF,EAAUnB,MAAM3lF,KAAInH,UAGpC,MAAMquF,EAAgBD,EAAWtB,MAAMzmF,QAAOioF,GAC3CC,EAAQ75E,QAAU65E,EAAQ75E,OAAO8R,OAAO8nE,EAAQ55E,SAChD65E,EAAQ35E,eAAiB25E,EAAQ35E,cAAc4R,OAAO8nE,EAAQ15E,iBAEjE,GAAIy5E,EAAcpuF,OAAS,QACnBnB,QAAQ+H,IACZwnF,EAAclnF,KAAIqnF,GAAgBA,EAAa7nD,OAAO4nD,EAAS/c,EAAM7tD,UAElE,CACL,MAAM8qE,EAAUF,EAAQ/tF,QACxBiuF,EAAQzE,QAAUoE,EAClBA,EAAWtB,MAAMpsF,KAAK+tF,cAIpB3vF,QAAQ+H,IAAIonF,EAAUlB,QAAQ5lF,KAAInH,UAEtC,MAAM0uF,EAAkBN,EAAWrB,QAAQ1mF,QAAOsoF,GAChDA,EAAU1R,qBAAqBkR,KAEjC,GAAIO,EAAgBzuF,OAAS,QACrBnB,QAAQ+H,IACZ6nF,EAAgBvnF,KAAIynF,GAAkBA,EAAejoD,OAAOwnD,EAAW3c,EAAM7tD,UAE1E,CACL,MAAMkrE,EAAYV,EAAU3tF,QAC5BquF,EAAU7E,QAAUoE,EACpBA,EAAWrB,QAAQrsF,KAAKmuF,QAIrBT,EAWTpuF,+BAA+BwxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACzD,MAAMgiE,EAAe,CAAEpxE,IAAKhX,KAAK49E,WAC3B6M,QAA4BuC,GAA+BhtF,KAAKsrF,qBAAsBtrF,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAemxE,EAAczV,EAAM7tD,GACzJ+iE,EAAa,IAAIxQ,GAEvB,OADAwQ,EAAWhmF,KAAK4oF,GACTlxE,GAAM6H,GAAM7H,MAAMjH,UAAWu1E,EAAW/lF,QAAS,KAAM,KAAM,oCAatEX,iCAAiC8uF,EAAuBtd,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClF,MAAM9lB,QAAc6lB,GAAQ8pE,EAAuBnrE,GAE7C2lE,SADmBpT,GAAW2B,WAAW14E,EAAM4J,KAAMsjF,GAA0B1oE,IAC9CszD,WAAWh3D,GAAMnM,OAAOE,WAC/D,IAAKs1E,GAAuBA,EAAoBhX,gBAAkBryD,GAAMjM,UAAU8B,cAChF,MAAU7T,MAAM,8CAElB,IAAKqnF,EAAoBjW,YAAY7sD,OAAO3nB,KAAK01E,YAC/C,MAAUtyE,MAAM,2CAElB,UACQqnF,EAAoB/sC,OAAO19C,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAe,CAAED,IAAKhX,KAAK49E,WAAajL,OAAM1xE,EAAW6jB,GAC1H,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,wCAAyC7b,GAEhE,MAAMuS,EAAMhX,KAAK2B,QAEjB,OADAqV,EAAIs0E,qBAAqBzpF,KAAK4oF,GACvBzzE,EAYT7V,sBAAsB+uF,EAAavd,EAAM98D,EAAQiP,EAASsB,IACxD,MAAMtG,MAAEA,EAAK0rE,KAAEA,SAAexrF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAC1DqrE,QAAiB3E,EAAK4E,QAAQF,EAAavd,EAAM7tD,GACjD9N,EAAMhX,KAAK2B,QAEjB,OADAqV,EAAIi3E,MAAMnuE,GAASqwE,EACZn5E,EAWT7V,mBAAmB+uF,EAAavd,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,MAAMpP,EAAMhX,KAAK2B,QAIjB,OAHAqV,EAAIi3E,YAAchuF,QAAQ+H,IAAIhI,KAAKiuF,MAAM3lF,KAAI,SAASkjF,GACpD,OAAOA,EAAK4E,QAAQF,EAAavd,EAAM7tD,OAElC9N,EAkBT7V,wBAAwB2qF,EAAkBnZ,EAAO,IAAI33D,KAAQnF,EAAQiP,EAASsB,IAC5E,MAAM0iE,EAAa9oF,KAAK49E,WAClB4N,KAAEA,SAAexrF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAIzD,OAHgBgnE,QACRN,EAAK6E,wBAAwBvE,EAAkBnZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOkhE,EAAWpT,WAAY0W,YAAaZ,EAAK9tC,OAAOi1B,EAAM7tD,GAAQ1kB,OAAM,KAAM,MAmBxFe,qBAAqB2qF,EAAkBnZ,EAAO,IAAI33D,KAAQ8J,EAASsB,IACjE,MAAM0iE,EAAa9oF,KAAK49E,UAClB0S,EAAU,GAehB,aAdMrwF,QAAQ+H,IAAIhI,KAAKiuF,MAAM3lF,KAAInH,UAC/B,MAAMgnF,EAAa2D,QACXN,EAAK6E,wBAAwBvE,EAAkBnZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOkhE,EAAWpT,WAAY0W,YAAaZ,EAAK9tC,OAAOi1B,EAAM7tD,GAAQ1kB,OAAM,KAAM,MAEtFkwF,EAAQzuF,QAAQsmF,EAAW7/E,KACzB6M,KACEU,OAAQ21E,EAAK31E,OAAS21E,EAAK31E,OAAOA,OAAS,KAC3CE,cAAey1E,EAAKz1E,cACpB6R,MAAOzS,EAAUyS,MACjBwkE,MAAOj3E,EAAUi3E,UAEpB,KAEIkE,GAIX,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBhtF,SAAQgI,IACpGsiF,GAAI5sF,UAAUsK,GACdqhF,GAAO3rF,UAAUsK,EAAK,IC7qBxB,MAAMilF,WAAkB3C,GAItB9tF,YAAY+nF,GAOV,GANA9nF,QACAC,KAAK49E,UAAY,KACjB59E,KAAKsrF,qBAAuB,GAC5BtrF,KAAKmuF,iBAAmB,GACxBnuF,KAAKiuF,MAAQ,GACbjuF,KAAKkuF,QAAU,GACXrG,IACF7nF,KAAK6tF,sBAAsBhG,EAAY,IAAIpkE,IAAI,CAACrC,GAAMnM,OAAOK,UAAW8L,GAAMnM,OAAOM,iBAChFvV,KAAK49E,WACR,MAAUx6E,MAAM,0CAStBsoF,YACE,OAAO,EAOT8E,WACE,OAAOxwF,KAQTuZ,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMjH,UAAWtS,KAAKurF,eAAezpF,aAASb,OAAWA,OAAWA,EAAW6jB,ICjDtG,MAAM2rE,WAAmBF,GAIvBzwF,YAAY+nF,GAGV,GAFA9nF,QACAC,KAAK6tF,sBAAsBhG,EAAY,IAAIpkE,IAAI,CAACrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAOa,iBAChF9V,KAAK49E,UACR,MAAUx6E,MAAM,2CAQpBsoF,YACE,OAAO,EAOT8E,WACE,MAAM3I,EAAa,IAAIxQ,GACjBqZ,EAAa1wF,KAAKurF,eACxB,IAAK,MAAM3N,KAAa8S,EACtB,OAAQ9S,EAAU99E,YAAY4gB,KAC5B,KAAKU,GAAMnM,OAAOK,UAAW,CAC3B,MAAMq7E,EAAelT,GAAgBmT,oBAAoBhT,GACzDiK,EAAWhmF,KAAK8uF,GAChB,MAEF,KAAKvvE,GAAMnM,OAAOM,aAAc,CAC9B,MAAMs7E,EAAkBlS,GAAmBmS,uBAAuBlT,GAClEiK,EAAWhmF,KAAKgvF,GAChB,MAEF,QACEhJ,EAAWhmF,KAAK+7E,GAGtB,OAAO,IAAI2S,GAAU1I,GAQvBtuE,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMK,WAAY5Z,KAAKurF,eAAezpF,aAASb,OAAWA,OAAWA,EAAW6jB,GAarG3jB,wBAAwBymB,EAAO+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IACtE,MAAM0iE,EAAa9oF,KAAK49E,UAClBpqD,EAAO,GACb,IAAK,IAAIrwB,EAAI,EAAGA,EAAInD,KAAKkuF,QAAQ9sF,OAAQ+B,IACvC,IAAKykB,GAAS5nB,KAAKkuF,QAAQ/qF,GAAGuyE,WAAW/tD,OAAOC,GAAO,GACrD,IACE,MAAMwgE,EAAe,CAAEpxE,IAAK8xE,EAAYjjF,KAAM7F,KAAKkuF,QAAQ/qF,GAAGy6E,WAE1DmT,SAD2B/D,GAA+BhtF,KAAKkuF,QAAQ/qF,GAAG0pF,kBAAmB/D,EAAY1nE,GAAMjM,UAAU2B,cAAesxE,EAAczV,EAAM7tD,GACxGA,IACtD0O,EAAK3xB,KAAK7B,KAAKkuF,QAAQ/qF,IAEzB,MAAOsB,IAKb,MAAM0kF,QAAoBnpF,KAAKopF,eAAezW,EAAM98D,EAAQiP,GAM5D,OALM8C,IAASkhE,EAAWpT,WAAW/tD,OAAOC,GAAO,KAC/CmpE,GAAkC5H,EAAYE,kBAAmBvkE,IACnE0O,EAAK3xB,KAAK7B,MAGLwzB,EAOTwqD,cACE,OAAOh+E,KAAKgsF,UAAU3jF,MAAK,EAAGu1E,eAAgBA,EAAUI,gBAa1D78E,eAAe2jB,EAASsB,IACtB,IAAKpmB,KAAK0rF,YACR,MAAUtoF,MAAM,gCAGlB,IAAI2mF,EACJ,GAAK/pF,KAAK49E,UAAU8B,UAEb,CAKL,MAAMiM,QAAmB3rF,KAAK4rF,cAAc,KAAM,UAAM3qF,EAAW,IAAK6jB,EAAQP,0BAA2B,IAAId,IAAOP,WAAY,IAE9HyoE,IAAeA,EAAW/N,UAAU8B,YACtCqK,EAAmB4B,EAAW/N,gBAThCmM,EAAmB/pF,KAAK49E,UAa1B,GAAImM,EACF,OAAOA,EAAiBpkC,WACnB,CACL,MAAMnyB,EAAOxzB,KAAKgsF,UACZgF,EAAax9D,EAAKlrB,KAAI0O,GAAOA,EAAI4mE,UAAU8B,YAAW5gC,MAAMgrC,SAClE,GAAIkH,EACF,MAAU5tF,MAAM,wCAGlB,OAAOnD,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,SAAa6V,EAAI4mE,UAAUj4B,eAO3Dk6B,qBACE7/E,KAAKgsF,UAAU1oF,SAAQ,EAAGs6E,gBACpBA,EAAUI,eACZJ,EAAUiC,wBAehB1+E,cAEIsrF,KAAM7X,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1D6yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,IAAKpmB,KAAK0rF,YACR,MAAUtoF,MAAM,iCAElB,MAAM2lF,EAAa,CAAE/xE,IAAKhX,KAAK49E,WACzB5mE,EAAMhX,KAAK2B,QAMjB,OALAqV,EAAIs0E,qBAAqBzpF,WAAW0rF,GAA6BxE,EAAY,KAAM/oF,KAAK49E,UAAW,CACjGnK,cAAeryD,GAAMjM,UAAU8B,cAC/B29D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,OAAWA,EAAW6jB,IACnC9N,EAiBT7V,gBAAgB8D,EAAU,IACxB,MAAM6f,EAAS,IAAKsB,MAAkBnhB,EAAQ6f,QAC9C,GAAI7f,EAAQ43E,WACV,MAAUz5E,MAAM,gEAElB,GAAI6B,EAAQ+iF,QAAUljE,EAAO5B,WAC3B,MAAU9f,MAAM,8BAA8B0hB,EAAO5B,oBAAoBje,EAAQ+iF,WAEnF,MAAMrK,EAAkB39E,KAAK49E,UAC7B,GAAID,EAAgB+B,UAClB,MAAUt8E,MAAM,8CAElB,IAAKu6E,EAAgBK,cACnB,MAAU56E,MAAM,wBAElB,MAAM6tF,EAAiBtT,EAAgBW,mBACvC2S,EAAe72E,KAAO62E,EAAergF,MAAQ,MAAQ,MACrDqgF,EAAejJ,QAAUiJ,EAAetyE,MAAQ,KAChDsyE,EAAergF,MAAQqgF,EAAergF,OAAS,aAC/C3L,EAAUisF,GAA0BjsF,EAASgsF,GAC7C,MAAMrT,QAAkBuT,GAA4BlsF,GACpD2pF,GAA4BhR,EAAW94D,GACvC,MAAMioE,QAAyBqE,GAA8BxT,EAAWD,EAAiB14E,EAAS6f,GAC5FusE,EAAarxF,KAAKurF,eAExB,OADA8F,EAAWxvF,KAAK+7E,EAAWmP,GACpB,IAAI0D,GAAWY,ICxM1B,MAAMC,gBAAkC92E,GAAK+F,wBAAwB,CACnEk9D,GACAkB,GACAM,GACA0I,GACAL,GACAzI,GACArL,KASF,SAAS+d,GAAU1J,GACjB,IAAK,MAAM5yE,KAAU4yE,EACnB,OAAQ5yE,EAAOnV,YAAY4gB,KACzB,KAAKU,GAAMnM,OAAOK,UAChB,OAAO,IAAIm7E,GAAW5I,GACxB,KAAKzmE,GAAMnM,OAAO3C,UAChB,OAAO,IAAIi+E,GAAU1I,GAG3B,MAAUzkF,MAAM,sBAClB,CAgHAjC,eAAeqwF,GAAc7T,EAAiB8T,EAAqBxsF,EAAS6f,GAEtE7f,EAAQ43E,kBACJc,EAAgB5qD,QAAQ9tB,EAAQ43E,WAAY/3D,SAG9C7kB,QAAQ+H,IAAIypF,EAAoBnpF,KAAInH,eAAey9E,EAAoB9+D,GAC3E,MAAM4xE,EAAmBzsF,EAAQipF,QAAQpuE,GAAO+8D,WAC5C6U,SACI9S,EAAmB7rD,QAAQ2+D,EAAkB5sE,OAIvD,MAAM+iE,EAAa,IAAIxQ,GACvBwQ,EAAWhmF,KAAK87E,SAEV19E,QAAQ+H,IAAI/C,EAAQukF,QAAQlhF,KAAInH,eAAe0U,EAAQiK,GAC3D,SAAS6xE,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMpqF,QAAOqoC,GAAQA,IAASgiD,KAG1D,MAAMC,EAAexK,GAAan3B,WAAWt6C,GACvCkzE,EAAa,GACnBA,EAAWlzE,OAASi8E,EACpB/I,EAAW/xE,IAAM2mE,EAEjB,MAAMqL,EAAsB,GAC5BA,EAAoBvV,cAAgBryD,GAAMjM,UAAUsB,YACpDuyE,EAAoBxwE,SAAW,CAAC4I,GAAM5I,SAASQ,YAAcoI,GAAM5I,SAASS,UAC5E+vE,EAAoBlxE,6BAA+B65E,EAAqB,CAEtEvwE,GAAM/N,UAAUQ,OAChBuN,GAAM/N,UAAUM,OAChByN,GAAM/N,UAAUO,QACfkR,EAAOtC,6BACNsC,EAAOnC,cACTqmE,EAAoBjwE,wBAA0B44E,EAAqB,CACjEvwE,GAAMvM,KAAKC,IACXsM,GAAMvM,KAAKE,KACV+P,EAAOlC,yBAEZomE,EAAoB9wE,wBAA0By5E,EAAqB,CAEjEvwE,GAAMhN,KAAKI,OACX4M,GAAMhN,KAAKM,QACVoQ,EAAOvC,wBACVymE,EAAoB7wE,+BAAiCw5E,EAAqB,CACxEvwE,GAAMrN,YAAYG,KAClBkN,GAAMrN,YAAYE,IAClBmN,GAAMrN,YAAYC,cACjB8Q,EAAOrC,+BACI,IAAV3C,IACFkpE,EAAoBrU,iBAAkB,GAGxCqU,EAAoBrwE,SAAW,CAAC,GAChCqwE,EAAoBrwE,SAAS,IAAMyI,GAAMzI,SAASuB,sBAC9C4K,EAAOnC,cACTqmE,EAAoBrwE,SAAS,IAAMyI,GAAMzI,SAAS9D,MAEhDiQ,EAAO3K,SACT6uE,EAAoBrwE,SAAS,IAAMyI,GAAMzI,SAASwB,QAEhDlV,EAAQ2S,kBAAoB,IAC9BoxE,EAAoBpxE,kBAAoB3S,EAAQ2S,kBAChDoxE,EAAoB5U,iBAAkB,GAKxC,MAAO,CAAE0d,eAAc9H,sBAFOuD,GAA6BxE,EAAY,KAAMpL,EAAiBqL,EAAqB/jF,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,QAGhKljB,MAAKwG,IACPA,EAAK9E,SAAQ,EAAGwuF,eAAc9H,sBAC5BnC,EAAWhmF,KAAKiwF,GAChBjK,EAAWhmF,KAAKmoF,EAAgB,GAChC,UAGE/pF,QAAQ+H,IAAIypF,EAAoBnpF,KAAInH,eAAey9E,EAAoB9+D,GAC3E,MAAMiyE,EAAgB9sF,EAAQipF,QAAQpuE,GAEtC,MAAO,CAAE8+D,qBAAoBoT,4BADOZ,GAA8BxS,EAAoBjB,EAAiBoU,EAAejtE,QAEpHljB,MAAK01E,IACPA,EAAQh0E,SAAQ,EAAGs7E,qBAAoBoT,4BACrCnK,EAAWhmF,KAAK+8E,GAChBiJ,EAAWhmF,KAAKmwF,EAAsB,GACtC,IAKJ,MAAMjJ,EAAa,CAAE/xE,IAAK2mE,GAkB1B,OAjBAkK,EAAWhmF,WAAW0rF,GAA6BxE,EAAY,KAAMpL,EAAiB,CACpFlK,cAAeryD,GAAMjM,UAAU8B,cAC/B29D,wBAAyBxzD,GAAM1I,oBAAoBmB,SACnDg7D,0BAA2B,IAC1B5vE,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,IAE9C7f,EAAQ43E,YACVc,EAAgBkC,2BAGZ5/E,QAAQ+H,IAAIypF,EAAoBnpF,KAAInH,eAAey9E,EAAoB9+D,GAClD7a,EAAQipF,QAAQpuE,GAAO+8D,YAE9C+B,EAAmBiB,yBAIhB,IAAI4Q,GAAW5I,EACxB,CCpPA,MAAMoK,gBAAsCz3E,GAAK+F,wBAAwB,CACvEmyD,GACA+F,GACA+B,GACAT,GACA0E,GACA7C,GACAsB,GACAlG,GACAxD,KAGI0e,gBAA4C13E,GAAK+F,wBAAwB,CAAC28D,KAE1EiV,gBAAgD33E,GAAK+F,wBAAwB,CAACizD,KAO7E,MAAM4e,GAIXtyF,YAAY+nF,GACV7nF,KAAKs3E,QAAUuQ,GAAc,IAAIxQ,GAOnCgb,sBACE,MAAMC,EAAS,GAKf,OAJ0BtyF,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOC,8BAC9C5R,SAAQ,SAAS2R,GACjCq9E,EAAOzwF,KAAKoT,EAAO4mE,gBAEdyW,EAOTxK,mBACE,MAAMpiD,EAAM1lC,KAAKuyF,mBAEXC,EAAiB9sD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOI,kBAC5D,GAAIm9E,EAAepxF,OAAS,EAC1B,OAAOoxF,EAAelqF,KAAI2M,GAAUA,EAAOu/D,cAI7C,OADsB9uC,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOE,WACtC7M,KAAI2M,GAAUA,EAAOu/D,cAa5CrzE,cAAcsxF,EAAgBC,EAAWC,EAAahgB,EAAO,IAAI33D,KAAQ8J,EAASsB,IAChF,MAAMwsE,EAAoBD,SAAqB3yF,KAAK6yF,mBAAmBJ,EAAgBC,EAAW/f,EAAM7tD,GAElGguE,EAAyB9yF,KAAKs3E,QAAQU,YAC1C52D,GAAMnM,OAAOQ,2BACb2L,GAAMnM,OAAOe,mCACboL,GAAMnM,OAAOiB,mBAGf,GAAsC,IAAlC48E,EAAuB1xF,OACzB,MAAUgC,MAAM,2BAGlB,MAAM2vF,EAAqBD,EAAuB,GAClD,IAAIjyE,EAAY,KAChB,MAAMmyE,EAAmB/yF,QAAQ+H,IAAI4qF,EAAkBtqF,KAAInH,OAAS+oD,UAAW+oC,EAAe/oF,WAC5F,IAAKsQ,GAAK1X,aAAaoH,KAAUsQ,GAAKC,SAASw4E,GAC7C,MAAU7vF,MAAM,uCAGlB,IACE,MAAMysC,EAAOzuB,GAAMtf,MAAMsf,GAAM/N,UAAW4/E,SACpCF,EAAmB//D,QAAQ6c,EAAM3lC,EAAM4a,GAC7C,MAAOrgB,GACP+V,GAAK4D,gBAAgB3Z,GACrBoc,EAAYpc,OAQhB,GAJAyuF,GAAcH,EAAmB/Y,WACjC+Y,EAAmB/Y,UAAY,WACzBgZ,GAEDD,EAAmBzb,UAAYyb,EAAmBzb,QAAQl2E,OAC7D,MAAMyf,GAAiBzd,MAAM,sBAG/B,MAAM+vF,EAAY,IAAIf,GAAQW,EAAmBzb,SAGjD,OAFAyb,EAAmBzb,QAAU,IAAID,GAE1B8b,EAeThyF,yBAAyBsxF,EAAgBC,EAAW/f,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC9E,IAEIvF,EAFAuyE,EAA6B,GAGjC,GAAIV,EAAW,CACb,MAAMW,EAAerzF,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOG,wBAC3D,GAA4B,IAAxBi+E,EAAajyF,OACf,MAAUgC,MAAM,8DAEZnD,QAAQ+H,IAAI0qF,EAAUpqF,KAAInH,eAAemyF,EAAUnwF,GACvD,IAAIm0E,EAEFA,EADEn0E,QACck0E,GAAW2B,WAAWqa,EAAavxF,QAASowF,GAA6BptE,GAE/EuuE,QAENpzF,QAAQ+H,IAAIsvE,EAAQhvE,KAAInH,eAAeoyF,GAC3C,UACQA,EAAYvgE,QAAQsgE,GAC1BF,EAA2BvxF,KAAK0xF,GAChC,MAAO9xC,GACPjnC,GAAK4D,gBAAgBqjC,gBAItB,KAAIgxC,EAqFT,MAAUrvF,MAAM,iCArFS,CACzB,MAAMowF,EAAexzF,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOC,8BAC3D,GAA4B,IAAxBs+E,EAAapyF,OACf,MAAUgC,MAAM,2DAEZnD,QAAQ+H,IAAIwrF,EAAalrF,KAAInH,eAAesyF,SAC1CxzF,QAAQ+H,IAAIyqF,EAAenqF,KAAInH,eAAeuyF,GAClD,IAAI9B,EAAQ,CACVxwE,GAAM/N,UAAUQ,OAChBuN,GAAM/N,UAAUM,OAChByN,GAAM/N,UAAUG,UAChB4N,GAAM/N,UAAUI,OAElB,IACE,MAAM01E,QAAoBuK,EAActK,eAAezW,OAAM1xE,EAAW6jB,GACpEqkE,EAAYE,kBAAkBvxE,+BAChC85E,EAAQA,EAAMhrF,OAAOuiF,EAAYE,kBAAkBvxE,+BAErD,MAAOrT,IAGT,MAAMkvF,SAA8BD,EAAcE,kBAAkBH,EAAY5X,YAAa,UAAM56E,EAAW6jB,IAASxc,KAAI0O,GAAOA,EAAI4mE,kBAChI39E,QAAQ+H,IAAI2rF,EAAqBrrF,KAAInH,eAAe0yF,GACxD,IAAKA,GAAuBA,EAAoBnU,UAC9C,OAEF,IAAKmU,EAAoB7V,cACvB,MAAU56E,MAAM,oCAWlB,GAPiC0hB,EAAOvB,8BACtCkwE,EAAY9f,qBAAuBvyD,GAAM9O,UAAUE,YACnDihF,EAAY9f,qBAAuBvyD,GAAM9O,UAAUC,gBACnDkhF,EAAY9f,qBAAuBvyD,GAAM9O,UAAUG,SACnDghF,EAAY9f,qBAAuBvyD,GAAM9O,UAAUI,SAGvB,CAW5B,MAAMohF,EAAkBL,EAAY3xF,cAC9B7B,QAAQ+H,IAAInI,MAAMuiB,KAAK0C,EAAOtB,yDAAyDlb,KAAInH,UAC/F,MAAM4yF,EAAkB,IAAInY,GAC5BmY,EAAgB7yF,KAAK4yF,GACrB,MAAM5X,EAAmB,CACvBjC,sBACA6B,WAAYj9D,GAAOy+D,mBAAmBrD,IAExC,UACQ8Z,EAAgB/gE,QAAQ6gE,EAAqB3X,GACnDkX,EAA2BvxF,KAAKkyF,GAChC,MAAOtyC,GAEPjnC,GAAK4D,gBAAgBqjC,GACrB5gC,EAAY4gC,YAKhB,IAEE,SADMgyC,EAAYzgE,QAAQ6gE,IACrBjC,EAAM/vE,SAAST,GAAMtf,MAAMsf,GAAM/N,UAAWogF,EAAYxZ,sBAC3D,MAAU72E,MAAM,iDAElBgwF,EAA2BvxF,KAAK4xF,GAChC,MAAOhyC,GACPjnC,GAAK4D,gBAAgBqjC,GACrB5gC,EAAY4gC,WAKpByxC,GAAcO,EAAYzZ,WAC1ByZ,EAAYzZ,UAAY,UAM5B,GAAIoZ,EAA2BhyF,OAAS,EAAG,CAEzC,GAAIgyF,EAA2BhyF,OAAS,EAAG,CACzC,MAAM4yF,EAAO,IAAIvwE,IACjB2vE,EAA6BA,EAA2B5rF,QAAOysF,IAC7D,MAAM53E,EAAI43E,EAAKha,oBAAsBz/D,GAAKqC,mBAAmBo3E,EAAKnY,YAClE,OAAIkY,EAAK5tF,IAAIiW,KAGb23E,EAAK3tF,IAAIgW,IACF,EAAI,IAIf,OAAO+2E,EAA2B9qF,KAAI2M,KACpC/K,KAAM+K,EAAO6mE,WACb5xB,UAAW9oC,GAAMlgB,KAAKkgB,GAAM/N,UAAW4B,EAAOglE,yBAGlD,MAAMp5D,GAAiBzd,MAAM,kCAO/B8wF,iBACE,MACM/9E,EADMnW,KAAKuyF,mBACGjb,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ48D,YAAe,KAO5CG,cACE,MACM/8D,EADMnW,KAAKuyF,mBACGjb,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ+8D,eAAkB,KAO/CJ,UACE,MACM38D,EADMnW,KAAKuyF,mBACGjb,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAIQ,EACKA,EAAQ28D,UAEV,KAYT9qD,gCAAgCmsE,EAAiB,GAAIxhB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI1kE,EAASsB,IAC7F,MAAMypB,QAAa05C,GAAiB,YAAa4K,EAAgBxhB,EAAM6W,EAAS1kE,GAC1EmuE,EAAgB7xE,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC5CukD,EAAoBtvE,EAAOnC,mBPtC9BxhB,eAA+BqyB,EAAMm/C,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI1kE,EAASsB,IACpF,IAAIiuE,GAAY,EAShB,aAPMp0F,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,eAAe6V,EAAK7T,GAC7C,MAAMgmF,QAAoBnyE,EAAIoyE,eAAezW,EAAM6W,EAAQrmF,GAAI2hB,GAC1DqkE,EAAYE,kBAAkB1wE,UAC7BwwE,EAAYE,kBAAkB1wE,SAAS,GAAKyI,GAAMzI,SAAS9D,OAC/Dw/E,GAAY,OAGTA,CACT,CO2B0DC,CAAgBH,EAAgBxhB,EAAM6W,EAAS1kE,GACnG1D,GAAMlgB,KAAKkgB,GAAMvM,WAAY00E,GAAiB,OAAQ4K,EAAgBxhB,EAAM6W,EAAS1kE,SACrF7jB,QAEIhB,QAAQ+H,IAAImsF,EAAe7rF,KAAI0O,GAAOA,EAAIu9E,mBAC7Cn0F,OAAM,IAAM,OACZwB,MAAK4yF,IACJ,GAAIA,GAAaA,EAAS5W,UAAU1zB,YAAc9oC,GAAM9O,UAAUY,SAAYsH,GAAK0G,MAAM2uB,GACvF,MAAUzsC,MAAM,yMAMtB,MAAO,CAAE8G,KADc2U,GAAOy+D,mBAAmBztC,GAClBqa,UAAW+oC,EAAevY,cAAe0Z,GAgB1EjzF,cAAcgzF,EAAgBzB,EAAW5W,EAAY2Y,GAAW,EAAOC,EAAmB,GAAI/hB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI1kE,EAASsB,IACtI,GAAI01D,GACF,IAAKthE,GAAK1X,aAAag5E,EAAW5xE,QAAUsQ,GAAKC,SAASqhE,EAAW5xB,WACnE,MAAU9mD,MAAM,4CAEb,GAAI+wF,GAAkBA,EAAe/yF,OAC1C06E,QAAmBsW,GAAQ9U,mBAAmB6W,EAAgBxhB,EAAM6W,EAAS1kE,OACxE,KAAI4tE,IAAaA,EAAUtxF,OAGhC,MAAUgC,MAAM,gDAFhB04E,QAAmBsW,GAAQ9U,wBAAmBr8E,OAAWA,OAAWA,EAAW6jB,GAKjF,MAAQ5a,KAAMwyE,EAAgBxyB,UAAW+oC,EAAevY,cAAe0Z,GAAsBtY,EAEvFp2C,QAAY0sD,GAAQuC,kBAAkBjY,EAAgBuW,EAAemB,EAAmBD,EAAgBzB,EAAW+B,EAAUC,EAAkB/hB,EAAM6W,EAAS1kE,GAEpK,IAAIiuE,EACAqB,GACFrB,EAAqB,IAAIvY,GACzBuY,EAAmBrY,cAAgBt5D,GAAMtf,MAAMsf,GAAMvM,KAAMu/E,IAE3DrB,EAAqB,IAAIhZ,GAE3BgZ,EAAmBzb,QAAUt3E,KAAKs3E,QAElC,MAAMptB,EAAY9oC,GAAMtf,MAAMsf,GAAM/N,UAAW4/E,GAK/C,aAJMF,EAAmBhgE,QAAQm3B,EAAWwyB,EAAgB53D,GAE5D4gB,EAAI4xC,QAAQz1E,KAAKkxF,GACjBA,EAAmBzb,QAAU,IAAID,GAC1B3xC,EAkBT1d,+BAA+B8zD,EAAYmX,EAAemB,EAAmBD,EAAgBzB,EAAW+B,GAAW,EAAOC,EAAmB,GAAI/hB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI1kE,EAASsB,IACzL,MAAMyhE,EAAa,IAAIxQ,GACjBntB,EAAY9oC,GAAMtf,MAAMsf,GAAM/N,UAAW4/E,GACzCvY,EAAgB0Z,GAAqBhzE,GAAMtf,MAAMsf,GAAMvM,KAAMu/E,GAEnE,GAAID,EAAgB,CAClB,MAAM7D,QAAgBrwF,QAAQ+H,IAAImsF,EAAe7rF,KAAInH,eAAe2nF,EAAY3lF,GAC9E,MAAMk6E,QAAsByL,EAAWyL,iBAAiBG,EAAiBvxF,GAAIwvE,EAAM6W,EAAS1kE,GACtF8vE,EAAgB,IAAIhZ,GAO1B,OANAgZ,EAAc/Y,YAAc4Y,EAAWhtE,GAAMgtE,WAAapX,EAAc3H,WACxEkf,EAAcjhB,mBAAqB0J,EAAcO,UAAU1zB,UAC3D0qC,EAAc9Y,WAAaA,EAC3B8Y,EAAc3a,oBAAsB/vB,QAC9B0qC,EAAc7hE,QAAQsqD,EAAcO,kBACnCgX,EAAc9Y,WACd8Y,MAET/M,EAAWhmF,QAAQyuF,GAErB,GAAIoC,EAAW,CACb,MAAMmC,EAAc1zF,eAAey8E,EAAW0V,GAC5C,IAEE,aADM1V,EAAU5qD,QAAQsgE,GACjB,EACP,MAAO7uF,GACP,OAAO,IAILosB,EAAM,CAACikE,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB7zF,eAAe26E,EAAY5xB,EAAWwwB,EAAe4Y,GAC3E,MAAM2B,EAA+B,IAAI/X,GAA6Bp4D,GAQtE,GAPAmwE,EAA6BnZ,WAAaA,EAC1CmZ,EAA6Bhb,oBAAsB/vB,EAC/CwwB,IACFua,EAA6Bva,cAAgBA,SAEzCua,EAA6BliE,QAAQugE,EAAUxuE,GAEjDA,EAAO3B,uBAAwB,CAEjC,GAA4B,WADNljB,QAAQ+H,IAAI0qF,EAAUpqF,KAAI4sF,GAAOL,EAAYI,EAA8BC,OACrFtkE,OAAOC,GACjB,OAAOmkE,EAAgBlZ,EAAY5xB,EAAWopC,GAKlD,cADO2B,EAA6BnZ,WAC7BmZ,GAGH3E,QAAgBrwF,QAAQ+H,IAAI0qF,EAAUpqF,KAAI4sF,GAAOF,EAAgBlZ,EAAY5xB,EAAWwwB,EAAewa,MAC7GrN,EAAWhmF,QAAQyuF,GAGrB,OAAO,IAAI8B,GAAQvK,GAerB1mF,WAAWsqF,EAAc,GAAIt2E,EAAY,KAAMggF,EAAgB,GAAIxiB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IAC3H,MAAMyhE,EAAa,IAAIxQ,GAEjB+d,EAAoBp1F,KAAKs3E,QAAQc,WAAWh3D,GAAMnM,OAAOU,aAC/D,IAAKy/E,EACH,MAAUhyF,MAAM,mCAGlB,IAAID,EACAkyF,EAEJ,MAAM5hB,EAA2C,OAA3B2hB,EAAkB/+E,KACtC+K,GAAMjM,UAAUiB,OAASgL,GAAMjM,UAAUkB,KAE3C,GAAIlB,EAEF,IADAkgF,EAAwBlgF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WAC9DhS,EAAIkyF,EAAsBj0F,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACtD,MAAM6mF,EAAkBqL,EAAsBlyF,GACxCmyF,EAAa,IAAIte,GACvBse,EAAW7hB,cAAgBuW,EAAgBvW,cAC3C6hB,EAAW5hB,cAAgBsW,EAAgBtW,cAC3C4hB,EAAW3hB,mBAAqBqW,EAAgBrW,mBAChD2hB,EAAW9gB,YAAcwV,EAAgBxV,YACpCiX,EAAYrqF,QAAgB,IAAN+B,IACzBmyF,EAAW5rB,MAAQ,GAErBme,EAAWhmF,KAAKyzF,GA0BpB,aAtBMr1F,QAAQ+H,IAAInI,MAAMuiB,KAAKqpE,GAAah7E,UAAUnI,KAAInH,eAAgB2nF,EAAY3lF,GAClF,IAAK2lF,EAAW4C,YACd,MAAUtoF,MAAM,gCAElB,MAAMmyF,EAAeJ,EAAc1J,EAAYrqF,OAAS,EAAI+B,GACtDwoF,QAAmB7C,EAAW8C,cAAc2J,EAAc5iB,EAAM6W,EAAS1kE,GACzEwwE,EAAa,IAAIte,GAQvB,OAPAse,EAAW7hB,cAAgBA,EAC3B6hB,EAAW5hB,oBAAsB7oB,GAAqBi+B,EAAY6C,EAAW/N,UAAWjL,EAAM6W,EAAS1kE,GACvGwwE,EAAW3hB,mBAAqBgY,EAAW/N,UAAU1zB,UACrDorC,EAAW9gB,YAAcmX,EAAWjW,WAChCvyE,IAAMsoF,EAAYrqF,OAAS,IAC7Bk0F,EAAW5rB,MAAQ,GAEd4rB,MACL1zF,MAAK4zF,IACPA,EAAqBlyF,SAAQgyF,GAAczN,EAAWhmF,KAAKyzF,IAAY,IAGzEzN,EAAWhmF,KAAKuzF,GAChBvN,EAAWhmF,cAAe4zF,GAAuBL,EAAmB3J,EAAat2E,EAAWggF,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAO5vD,IAErI,IAAIstE,GAAQvK,GASrBjP,SAAS/oC,EAAM/qB,EAASsB,IACtB,GAAIypB,IAASzuB,GAAMrN,YAAYC,aAC7B,OAAOhU,KAGT,MAAM04E,EAAa,IAAID,GAAqB3zD,GAC5C4zD,EAAWxuB,UAAYra,EACvB6oC,EAAWpB,QAAUt3E,KAAKs3E,QAE1B,MAAM+Z,EAAa,IAAIha,GAGvB,OAFAga,EAAWxvF,KAAK62E,GAET,IAAI0Z,GAAQf,GAerBlwF,mBAAmBsqF,EAAc,GAAIt2E,EAAY,KAAMggF,EAAgB,GAAIxiB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IACnI,MAAMgvE,EAAoBp1F,KAAKs3E,QAAQc,WAAWh3D,GAAMnM,OAAOU,aAC/D,IAAKy/E,EACH,MAAUhyF,MAAM,mCAElB,OAAO,IAAIwkF,SAAgB6N,GAAuBL,EAAmB3J,EAAat2E,EAAWggF,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAM5vD,IAe9I3jB,aAAa2qF,EAAkBnZ,EAAO,IAAI33D,KAAQ8J,EAASsB,IACzD,MAAMsf,EAAM1lC,KAAKuyF,mBACXmD,EAAkBhwD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOU,aAC7D,GAA+B,IAA3B+/E,EAAgBt0F,OAClB,MAAUgC,MAAM,yDAEdgkB,EAAqBse,EAAI4xC,QAAQv2E,SACnC2kC,EAAI4xC,QAAQz1E,cAAcmlB,GAAiB0e,EAAI4xC,QAAQv2E,QAAQ2jD,GAAKA,GAAK,MAE3E,MAAM8tC,EAAiB9sD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOI,kBAAkB5E,UACxEklF,EAAgBjwD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOE,WAC3D,OAAIq9E,EAAepxF,SAAWu0F,EAAcv0F,QAAUoZ,GAAK9X,SAASgjC,EAAI4xC,QAAQv2E,UAAYqmB,EAAqBse,EAAI4xC,QAAQv2E,eACrHd,QAAQ+H,IAAIwqF,EAAelqF,KAAInH,UACnCm0F,EAAWre,iBAAmB,IAAIh3E,SAAQ,CAACC,EAASC,KAClDm1F,EAAWM,wBAA0B11F,EACrCo1F,EAAWO,uBAAyB11F,CAAM,IAE5Cm1F,EAAW1hB,cAAgB0B,IAAiBn0E,gBAAmBm0F,EAAWre,kBAAkBrD,gBAC5F0hB,EAAWhzD,OAAStb,SAAuBsuE,EAAWlhF,KAAKkhF,EAAW7hB,cAAeiiB,EAAgB,QAAIz0F,GAAW,IACpHq0F,EAAWhzD,OAAOliC,OAAM,QAAS,KAEnCslC,EAAI4xC,QAAQv2E,OAAS4lB,EAAqB+e,EAAI4xC,QAAQv2E,QAAQI,MAAOyH,EAAUC,KAC7E,MAAMlD,EAASihB,EAAiBhe,GAC1BlI,EAASmmB,EAAiBhe,GAChC,IACE,IAAK,IAAI1F,EAAI,EAAGA,EAAIqvF,EAAepxF,OAAQ+B,IAAK,CAC9C,MAAQ9B,MAAO8T,SAAoBxP,EAAOzE,OAC1CsxF,EAAervF,GAAGyyF,wBAAwBzgF,SAEtCxP,EAAOpE,kBACPb,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,GACP+tF,EAAelvF,SAAQgyF,IACrBA,EAAWO,uBAAuBpxF,EAAE,UAEhC/D,EAAOuB,MAAMwC,OAGhBqxF,GAA0BtD,EAAgBkD,EAAiB5J,EAAkBnZ,GAAM,EAAO7tD,IAE5FgxE,GAA0BH,EAAeD,EAAiB5J,EAAkBnZ,GAAM,EAAO7tD,GAgBlGixE,eAAe5gF,EAAW22E,EAAkBnZ,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtE,MACMsvE,EADM11F,KAAKuyF,mBACWjb,QAAQU,YAAY52D,GAAMnM,OAAOU,aAC7D,GAA+B,IAA3B+/E,EAAgBt0F,OAClB,MAAUgC,MAAM,yDAGlB,OAAO0yF,GADe3gF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WACjBugF,EAAiB5J,EAAkBnZ,GAAM,EAAM7tD,GAOjGytE,mBACE,MAAM7Z,EAAa14E,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOO,gBACzD,OAAIkjE,EAAWt3E,OACN,IAAIgxF,GAAQ1Z,EAAW,GAAGpB,SAE5Bt3E,KAQTmB,sBAAsB60F,EAAmBlxE,EAASsB,UAC1CpmB,KAAKs3E,QAAQp2E,KACjBsZ,GAAK1X,aAAakzF,GAAqBA,SAA2B7vE,GAAQ6vE,IAAoB9rF,KAC9FioF,GACArtE,GAQJhjB,QACE,OAAO9B,KAAKs3E,QAAQx1E,QAQtByX,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMI,QAAS3Z,KAAK8B,QAAS,KAAM,KAAM,KAAMgjB,IAmB/D3jB,eAAes0F,GAAuBL,EAAmB3J,EAAat2E,EAAY,KAAMggF,EAAgB,GAAIxiB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI9U,EAAY,GAAIl3B,GAAW,EAAO14B,EAASsB,IAC7L,MAAMyhE,EAAa,IAAIxQ,GAGjB5D,EAA2C,OAA3B2hB,EAAkB/+E,KACtC+K,GAAMjM,UAAUiB,OAASgL,GAAMjM,UAAUkB,KAa3C,SAXMpW,QAAQ+H,IAAIyjF,EAAYnjF,KAAInH,MAAO2nF,EAAY3lF,KACnD,MAAM0S,EAAS2zE,EAAQrmF,GACvB,IAAK2lF,EAAW4C,YACd,MAAUtoF,MAAM,gCAElB,MAAMuoF,QAAmB7C,EAAW8C,cAAcuJ,EAAchyF,GAAIwvE,EAAM98D,EAAQiP,GAClF,OAAOmkE,GAAsBmM,EAAmBtM,EAAY6C,EAAW/N,UAAW,CAAEnK,iBAAiBd,EAAM98D,EAAQ6+D,EAAWl3B,EAAU14B,EAAO,KAC7IljB,MAAK+zF,IACP9N,EAAWhmF,QAAQ8zF,EAAc,IAG/BxgF,EAAW,CACb,MAAMkgF,EAAwBlgF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WACzE0yE,EAAWhmF,QAAQwzF,GAErB,OAAOxN,CACT,CAkGO1mF,eAAe20F,GAA0BH,EAAeD,EAAiB5J,EAAkBnZ,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IAC9I,OAAOnmB,QAAQ+H,IAAI2tF,EAAcnuF,QAAO,SAAS2N,GAC/C,MAAO,CAAC,OAAQ,UAAU0M,SAAST,GAAMlgB,KAAKkgB,GAAMjM,UAAWA,EAAUs+D,mBACxEnrE,KAAInH,eAAegU,GACpB,OApFJhU,eAAwCgU,EAAWugF,EAAiB5J,EAAkBnZ,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IAClI,IAAI0iE,EACAmN,EAEJ,IAAK,MAAMj/E,KAAO80E,EAAkB,CAClC,MAAMC,EAAa/0E,EAAIg1E,QAAQ72E,EAAUq/D,aACzC,GAAIuX,EAAW3qF,OAAS,EAAG,CACzB0nF,EAAa9xE,EACbi/E,EAAuBlK,EAAW,GAClC,OAIJ,MACMmK,EADqB/gF,aAAqB6hE,GACI7hE,EAAU8hE,iBAAmB9hE,EAE3EghF,EAAc,CAClBvuE,MAAOzS,EAAUq/D,YACjBlB,SAAU,WACR,IAAK2iB,EACH,MAAU7yF,MAAM,0CAA0C+R,EAAUq/D,YAAY9sD,eAG5EvS,EAAUuoC,OAAOu4C,EAAqBrY,UAAWzoE,EAAUs+D,cAAeiiB,EAAgB,GAAI/iB,EAAMn1B,EAAU14B,GACpH,MAAMklE,QAAwBkM,EAC9B,GAAID,EAAqBhY,kBAAoB+L,EAAgBjW,QAC3D,MAAU3wE,MAAM,mCAIlB,UACQ0lF,EAAW8C,cAAcqK,EAAqBvgB,WAAYsU,EAAgBjW,aAAS9yE,EAAW6jB,GACpG,MAAOrgB,GAKP,IAAIqgB,EAAOxB,+CAAgD7e,EAAEkV,QAAQgL,MAAM,4CAGzE,MAAMlgB,QAFAqkF,EAAW8C,cAAcqK,EAAqBvgB,WAAY/C,OAAM1xE,EAAW6jB,GAKrF,OAAO,CACR,EA1BS,GA2BV3P,UAAW,WACT,MAAM60E,QAAwBkM,EACxBrO,EAAa,IAAIxQ,GAEvB,OADA2S,GAAmBnC,EAAWhmF,KAAKmoF,GAC5B,IAAIpC,GAAUC,EACtB,EALU,IAeb,OAHAsO,EAAYhhF,UAAU/U,OAAM,SAC5B+1F,EAAY7iB,SAASlzE,OAAM,SAEpB+1F,CACT,CAuBWC,CAAyBjhF,EAAWugF,EAAiB5J,EAAkBnZ,EAAMn1B,EAAU14B,MAElG,CC1zBA,MAAMqyD,gBAA+B38D,GAAK+F,wBAAwB,CAACizD,KAM5D,MAAM6iB,GAKXv2F,YAAYuW,EAAMlB,GAGhB,GADAnV,KAAKqW,KAAOmE,GAAK2F,qBAAqB9J,GAAM4L,QAAQ,SAAU,QAC1D9M,KAAeA,aAAqByyE,IACtC,MAAUxkF,MAAM,2BAElBpD,KAAKmV,UAAYA,GAAa,IAAIyyE,GAAU,IAAIvQ,IAOlDyQ,mBACE,MAAMwK,EAAS,GAKf,OAJsBtyF,KAAKmV,UAAUmiE,QACvBh0E,SAAQ,SAAS2R,GAC7Bq9E,EAAOzwF,KAAKoT,EAAOu/D,gBAEd8d,EAeTnxF,WAAW+uF,EAAa/6E,EAAY,KAAMggF,EAAgB,GAAIxiB,EAAO,IAAI33D,KAAQwuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IACtH,MAAMgvE,EAAoB,IAAI1iB,GAC9B0iB,EAAkBviB,QAAQ7yE,KAAKqW,MAC/B,MAAMigF,EAAe,IAAI1O,SAAgB6N,GAAuBL,EAAmBlF,EAAa/6E,EAAWggF,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAM5vD,IAC1J,OAAO,IAAIuxE,GAAiBr2F,KAAKqW,KAAMigF,GAezC54C,OAAOlqB,EAAMm/C,EAAO,IAAI33D,KAAQ8J,EAASsB,IACvC,MAAMuvE,EAAgB31F,KAAKmV,UAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WAChEigF,EAAoB,IAAI1iB,GAG9B,OADA0iB,EAAkBviB,QAAQ7yE,KAAKqW,MACxBy/E,GAA0BH,EAAe,CAACP,GAAoB5hE,EAAMm/C,GAAM,EAAM7tD,GAOzFguD,UAEE,OAAO9yE,KAAKqW,KAAK4L,QAAQ,QAAS,MAQpC1I,MAAMuL,EAASsB,IACb,IAAImwE,EAASv2F,KAAKmV,UAAUmiE,QAAQhvE,KAAI,SAAS2M,GAC/C,OAAOmM,GAAMlgB,KAAKkgB,GAAMhN,KAAMa,EAAOy+D,eAAeoD,iBAEtDyf,EAASA,EAAO/uF,QAAO,SAASysF,EAAM9wF,EAAGqzF,GAAM,OAAOA,EAAG7vF,QAAQstF,KAAU9wF,KAC3E,MAAM4iB,EAAO,CACX3R,KAAMmiF,EAAO/0F,OACb6U,KAAMrW,KAAKqW,KACXnM,KAAMlK,KAAKmV,UAAUmiE,QAAQx1E,SAE/B,OAAOyX,GAAM6H,GAAM7H,MAAMG,OAAQqM,OAAM9kB,OAAWA,OAAWA,EAAW6jB,ICof5E,SAAS2xE,GAAa98E,GACpB,KAAMA,aAAmBy4E,IACvB,MAAUhvF,MAAM,kDAEpB,CACA,SAASszF,GAAwB/8E,GAC/B,KAAMA,aAAmB08E,IAAuB18E,aAAmBy4E,IACjE,MAAUhvF,MAAM,sEAEpB,CACA,SAASuzF,GAAyBh0C,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUv/C,MAAM,sBAAsBu/C,EAE1C,CACA,MAAMi0C,GAA0BzrF,OAAOqoB,KAAKpN,IAAehlB,OAC3D,SAASy1F,GAAY/xE,GACnB,MAAMgyE,EAAmB3rF,OAAOqoB,KAAK1O,GACrC,GAAIgyE,EAAiB11F,SAAWw1F,GAC9B,IAAK,MAAMG,KAAaD,EACtB,QAAiC71F,IAA7BmlB,GAAc2wE,GAChB,MAAU3zF,MAAM,4BAA4B2zF,EAIpD,CAQA,SAAS/uD,GAAQ6jB,GAIf,OAHIA,IAAUrxC,GAAKha,QAAQqrD,KACzBA,EAAQ,CAACA,IAEJA,CACT,CAWA1qD,eAAe61F,GAAc9sF,EAAM+sF,EAAWC,EAAW,QACvD,MAAMlxF,EAAawU,GAAK9X,SAASwH,GACjC,MAAmB,UAAflE,EACKghB,GAAiB9c,GAER,SAAd+sF,GACF/sF,EAAOovE,EAAiBpvE,GACP,WAAbgtF,GAAuBhtF,EAAKitF,YAAYD,GACrChtF,GAES,QAAd+sF,GAAsC,aAAfjxF,EAClBoxF,EAAwBltF,GAE1BA,CACT,CAUA,SAASmtF,GAAY51F,EAAQkY,GAC3BlY,EAAOyI,KAAOyc,EAAqBhN,EAAQ29D,QAAQv2E,QAAQI,MAAOyH,EAAUC,WACpEqe,EAAYzlB,EAAOyI,KAAMrB,EAAU,CACvCE,cAAc,IAEhB,MAAMrI,EAASmmB,EAAiBhe,GAChC,UAEQme,GAAiBpe,GAAU87C,GAAKA,UAChChkD,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,MAGzB,CASA,SAAS6yF,GAAaC,EAAQ50C,EAAQ79B,GACpC,OAAQ69B,GACN,IAAK,SACH,OAAO40C,EACT,IAAK,UACH,OAAOA,EAAOh+E,MAAMuL,GACtB,IAAK,SACH,OAAOyyE,EAAOz1F,QAChB,QACE,MAAUsB,MAAM,sBAAsBu/C,GAE5C,CCrtBA,MAAM60C,GAAmC,mBAAXh4F,QAAoD,iBAApBA,OAAOi4F,SACjEj4F,OACAk4F,GAAe,UAAUA,KAG7B,SAASC,KAET,CAaA,MAAMC,GAXkB,oBAAT75C,KACAA,KAEgB,oBAAX8b,OACLA,OAEgB,oBAAXqmB,OACLA,YADN,EAOT,SAAS2X,GAAa3qF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CACA,MAAM4qF,GAAiCH,GAEjCI,GAAkB93F,QAClB+3F,GAAsB/3F,QAAQe,UAAUY,KACxCq2F,GAAyBh4F,QAAQC,QAAQ2F,KAAKkyF,IAC9CG,GAAwBj4F,QAAQE,OAAO0F,KAAKkyF,IAClD,SAASI,GAAWC,GAChB,OAAO,IAAIL,GAAgBK,EAC/B,CACA,SAASC,GAAoBh3F,GACzB,OAAO42F,GAAuB52F,EAClC,CACA,SAASi3F,GAAoBp2F,GACzB,OAAOg2F,GAAsBh2F,EACjC,CACA,SAASq2F,GAAmBz3E,EAAS03E,EAAaC,GAG9C,OAAOT,GAAoBl3F,KAAKggB,EAAS03E,EAAaC,EAC1D,CACA,SAASC,GAAY53E,EAAS03E,EAAaC,GACvCF,GAAmBA,GAAmBz3E,EAAS03E,EAAaC,QAAax3F,EAAW62F,GACxF,CACA,SAASa,GAAgB73E,EAAS03E,GAC9BE,GAAY53E,EAAS03E,EACzB,CACA,SAASI,GAAc93E,EAAS23E,GAC5BC,GAAY53E,OAAS7f,EAAWw3F,EACpC,CACA,SAASI,GAAqB/3E,EAASg4E,EAAoBC,GACvD,OAAOR,GAAmBz3E,EAASg4E,EAAoBC,EAC3D,CACA,SAASC,GAA0Bl4E,GAC/By3E,GAAmBz3E,OAAS7f,EAAW62F,GAC3C,CACA,MAAMmB,GAAiB,MACnB,MAAMC,EAAuBtB,IAAWA,GAAQqB,eAChD,GAAoC,mBAAzBC,EACP,OAAOA,EAEX,MAAMC,EAAkBd,QAAoBp3F,GAC5C,OAAQoJ,GAAOkuF,GAAmBY,EAAiB9uF,EACtD,EAPsB,GAQvB,SAAS+uF,GAAYC,EAAG3sC,EAAGz7B,GACvB,GAAiB,mBAANooE,EACP,MAAM,IAAInnE,UAAU,8BAExB,OAAOonE,SAASt4F,UAAUic,MAAMnc,KAAKu4F,EAAG3sC,EAAGz7B,EAC/C,CACA,SAASsoE,GAAYF,EAAG3sC,EAAGz7B,GACvB,IACI,OAAOonE,GAAoBe,GAAYC,EAAG3sC,EAAGz7B,IAEjD,MAAO5vB,GACH,OAAOi3F,GAAoBj3F,GAEnC,CAWA,MAAMm4F,GACF15F,cACIE,KAAKy5F,QAAU,EACfz5F,KAAK05F,MAAQ,EAEb15F,KAAK25F,OAAS,CACVC,UAAW,GACXC,WAAO54F,GAEXjB,KAAK85F,MAAQ95F,KAAK25F,OAIlB35F,KAAKy5F,QAAU,EAEfz5F,KAAK05F,MAAQ,EAEbt4F,aACA,OAAOpB,KAAK05F,MAMhB73F,KAAK0B,GACD,MAAMw2F,EAAU/5F,KAAK85F,MACrB,IAAIE,EAAUD,EACmBE,QAA7BF,EAAQH,UAAUx4F,SAClB44F,EAAU,CACNJ,UAAW,GACXC,WAAO54F,IAKf84F,EAAQH,UAAU/3F,KAAK0B,GACnBy2F,IAAYD,IACZ/5F,KAAK85F,MAAQE,EACbD,EAAQF,MAAQG,KAElBh6F,KAAK05F,MAIXpzF,QACI,MAAM4zF,EAAWl6F,KAAK25F,OACtB,IAAIQ,EAAWD,EACf,MAAME,EAAYp6F,KAAKy5F,QACvB,IAAIY,EAAYD,EAAY,EAC5B,MAAME,EAAWJ,EAASN,UACpBr2F,EAAU+2F,EAASF,GAazB,OAtEqB,QA0DjBC,IACAF,EAAWD,EAASL,MACpBQ,EAAY,KAGdr6F,KAAK05F,MACP15F,KAAKy5F,QAAUY,EACXH,IAAaC,IACbn6F,KAAK25F,OAASQ,GAGlBG,EAASF,QAAan5F,EACfsC,EAUXD,QAAQ+B,GACJ,IAAIlC,EAAInD,KAAKy5F,QACT3xC,EAAO9nD,KAAK25F,OACZW,EAAWxyC,EAAK8xC,UACpB,OAAOz2F,IAAMm3F,EAASl5F,aAAyBH,IAAf6mD,EAAK+xC,OAC7B12F,IAAMm3F,EAASl5F,SACf0mD,EAAOA,EAAK+xC,MACZS,EAAWxyC,EAAK8xC,UAChBz2F,EAAI,EACoB,IAApBm3F,EAASl5F,UAIjBiE,EAASi1F,EAASn3F,MAChBA,EAKVo3F,OACI,MAAMC,EAAQx6F,KAAK25F,OACb5oE,EAAS/wB,KAAKy5F,QACpB,OAAOe,EAAMZ,UAAU7oE,IAI/B,SAAS0pE,GAAsC90F,EAAQ5E,GACnD4E,EAAO+0F,qBAAuB35F,EAC9BA,EAAOmE,QAAUS,EACK,aAAlB5E,EAAO45F,OACPC,GAAqCj1F,GAEd,WAAlB5E,EAAO45F,OAsCpB,SAAwDh1F,GACpDi1F,GAAqCj1F,GACrCk1F,GAAkCl1F,EACtC,CAxCQm1F,CAA+Cn1F,GAG/Co1F,GAA+Cp1F,EAAQ5E,EAAOi6F,aAEtE,CAGA,SAASC,GAAkCt1F,EAAQzD,GAE/C,OAAOg5F,GADQv1F,EAAO+0F,qBACcx4F,EACxC,CACA,SAASi5F,GAAmCx1F,GACG,aAAvCA,EAAO+0F,qBAAqBC,OAC5BS,GAAiCz1F,EAAQ,IAAIusB,UAAU,qFAoC/D,SAAmDvsB,EAAQzD,GACvD64F,GAA+Cp1F,EAAQzD,EAC3D,CAnCQm5F,CAA0C11F,EAAQ,IAAIusB,UAAU,qFAEpEvsB,EAAO+0F,qBAAqBx1F,aAAUjE,EACtC0E,EAAO+0F,0BAAuBz5F,CAClC,CAEA,SAASq6F,GAAoBhwF,GACzB,OAAO,IAAI4mB,UAAU,UAAY5mB,EAAO,oCAC5C,CAEA,SAASsvF,GAAqCj1F,GAC1CA,EAAO41F,eAAiBpD,IAAW,CAACj4F,EAASC,KACzCwF,EAAO61F,uBAAyBt7F,EAChCyF,EAAO81F,sBAAwBt7F,CAAM,GAE7C,CACA,SAAS46F,GAA+Cp1F,EAAQzD,GAC5D04F,GAAqCj1F,GACrCy1F,GAAiCz1F,EAAQzD,EAC7C,CAKA,SAASk5F,GAAiCz1F,EAAQzD,QACTjB,IAAjC0E,EAAO81F,wBAGXzC,GAA0BrzF,EAAO41F,gBACjC51F,EAAO81F,sBAAsBv5F,GAC7ByD,EAAO61F,4BAAyBv6F,EAChC0E,EAAO81F,2BAAwBx6F,EACnC,CAIA,SAAS45F,GAAkCl1F,QACD1E,IAAlC0E,EAAO61F,yBAGX71F,EAAO61F,4BAAuBv6F,GAC9B0E,EAAO61F,4BAAyBv6F,EAChC0E,EAAO81F,2BAAwBx6F,EACnC,CAEA,MAAMy6F,GAAalE,GAAe,kBAC5BmE,GAAanE,GAAe,kBAC5BoE,GAAcpE,GAAe,mBAC7BqE,GAAYrE,GAAe,iBAI3BsE,GAAiBpsF,OAAOqsF,UAAY,SAAU7uF,GAChD,MAAoB,iBAANA,GAAkB6uF,SAAS7uF,EAC7C,EAIM8uF,GAAYlwF,KAAKmwF,OAAS,SAAU/jD,GACtC,OAAOA,EAAI,EAAIpsC,KAAKmQ,KAAKi8B,GAAKpsC,KAAKsP,MAAM88B,EAC7C,EAMA,SAASgkD,GAAiBz7C,EAAK07C,GAC3B,QAAYl7F,IAARw/C,IAHgB,iBADFvzC,EAIqBuzC,IAHM,mBAANvzC,GAInC,MAAM,IAAIglB,UAAaiqE,EAAH,sBAL5B,IAAsBjvF,CAOtB,CAEA,SAASkvF,GAAelvF,EAAGivF,GACvB,GAAiB,mBAANjvF,EACP,MAAM,IAAIglB,UAAaiqE,EAAH,sBAE5B,CAKA,SAASE,GAAanvF,EAAGivF,GACrB,IAJJ,SAAkBjvF,GACd,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAES85E,CAAS95E,GACV,MAAM,IAAIglB,UAAaiqE,EAAH,qBAE5B,CACA,SAASG,GAAuBpvF,EAAGqvF,EAAUJ,GACzC,QAAUl7F,IAANiM,EACA,MAAM,IAAIglB,UAAU,aAAaqqE,qBAA4BJ,MAErE,CACA,SAASK,GAAoBtvF,EAAGuvF,EAAON,GACnC,QAAUl7F,IAANiM,EACA,MAAM,IAAIglB,UAAU,GAAGuqE,qBAAyBN,MAExD,CAEA,SAASO,GAA0Br7F,GAC/B,OAAOqO,OAAOrO,EAClB,CACA,SAASs7F,GAAmBzvF,GACxB,OAAa,IAANA,EAAU,EAAIA,CACzB,CAKA,SAAS0vF,GAAwCv7F,EAAO86F,GACpD,MACMU,EAAantF,OAAOC,iBAC1B,IAAIzC,EAAIwC,OAAOrO,GAEf,GADA6L,EAAIyvF,GAAmBzvF,IAClB4uF,GAAe5uF,GAChB,MAAM,IAAIglB,UAAaiqE,EAAH,2BAGxB,GADAjvF,EAZJ,SAAqBA,GACjB,OAAOyvF,GAAmBX,GAAU9uF,GACxC,CAUQ4vF,CAAY5vF,GACZA,EARe,GAQGA,EAAI2vF,EACtB,MAAM,IAAI3qE,UAAU,GAAGiqE,2CAA6DU,gBAExF,OAAKf,GAAe5uF,IAAY,IAANA,EAOnBA,EANI,CAOf,CAEA,SAAS6vF,GAAqB7vF,EAAGivF,GAC7B,IAAKa,GAAiB9vF,GAClB,MAAM,IAAIglB,UAAaiqE,EAAH,4BAE5B,CAGA,SAASc,GAAmCl8F,GACxC,OAAO,IAAIm8F,GAA4Bn8F,EAC3C,CAEA,SAASo8F,GAA6Bp8F,EAAQq8F,GAC1Cr8F,EAAOmE,QAAQm4F,cAAcx7F,KAAKu7F,EACtC,CACA,SAASE,GAAiCv8F,EAAQgB,EAAOT,GACrD,MACM87F,EADSr8F,EAAOmE,QACKm4F,cAAc/2F,QACrChF,EACA87F,EAAYG,cAGZH,EAAYI,YAAYz7F,EAEhC,CACA,SAAS07F,GAAiC18F,GACtC,OAAOA,EAAOmE,QAAQm4F,cAAcj8F,MACxC,CACA,SAASs8F,GAA+B38F,GACpC,MAAM4E,EAAS5E,EAAOmE,QACtB,YAAejE,IAAX0E,KAGCg4F,GAA8Bh4F,EAIvC,CAMA,MAAMu3F,GACFp9F,YAAYiB,GAGR,GAFAu7F,GAAuBv7F,EAAQ,EAAG,+BAClCg8F,GAAqBh8F,EAAQ,mBACzB68F,GAAuB78F,GACvB,MAAM,IAAImxB,UAAU,+EAExBuoE,GAAsCz6F,KAAMe,GAC5Cf,KAAKq9F,cAAgB,IAAI7D,GAMzB34F,aACA,OAAK88F,GAA8B39F,MAG5BA,KAAKu7F,eAFDjD,GAAoBuF,GAAiC,WAOpEh5F,OAAO3C,EAASjB,WACZ,OAAK08F,GAA8B39F,WAGDiB,IAA9BjB,KAAK06F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCj7F,KAAMkC,GALpCo2F,GAAoBuF,GAAiC,WAYpE38F,OACI,IAAKy8F,GAA8B39F,MAC/B,OAAOs4F,GAAoBuF,GAAiC,SAEhE,QAAkC58F,IAA9BjB,KAAK06F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAACj4F,EAASC,KACjC29F,EAAiB59F,EACjB69F,EAAgB59F,CAAM,IAQ1B,OADA69F,GAAgCh+F,KALZ,CAChBw9F,YAAaz7F,GAAS+7F,EAAe,CAAEz8F,MAAOU,EAAOT,MAAM,IAC3Di8F,YAAa,IAAMO,EAAe,CAAEz8F,WAAOJ,EAAWK,MAAM,IAC5D28F,YAAax5F,GAAKs5F,EAAct5F,KAG7Bqc,EAWXlgB,cACI,IAAK+8F,GAA8B39F,MAC/B,MAAM69F,GAAiC,eAE3C,QAAkC58F,IAA9BjB,KAAK06F,qBAAT,CAGA,GAAI16F,KAAKq9F,cAAcj8F,OAAS,EAC5B,MAAM,IAAI8wB,UAAU,uFAExBipE,GAAmCn7F,QAgB3C,SAAS29F,GAA8BzwF,GACnC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,gBAIjD,CACA,SAAS8wF,GAAgCr4F,EAAQy3F,GAC7C,MAAMr8F,EAAS4E,EAAO+0F,qBACtB35F,EAAOm9F,YAAa,EACE,WAAlBn9F,EAAO45F,OACPyC,EAAYG,cAEW,YAAlBx8F,EAAO45F,OACZyC,EAAYa,YAAYl9F,EAAOi6F,cAG/Bj6F,EAAOo9F,0BAA0BtC,IAAWuB,EAEpD,CAEA,SAASS,GAAiCvyF,GACtC,OAAO,IAAI4mB,UAAU,yCAAyC5mB,sDAClE,CAGA,IAAI8yF,GAzCJjzF,OAAOkzF,iBAAiBnB,GAA4Bl8F,UAAW,CAC3D6D,OAAQ,CAAEmhC,YAAY,GACtB9kC,KAAM,CAAE8kC,YAAY,GACpBplC,YAAa,CAAEolC,YAAY,GAC3BnlC,OAAQ,CAAEmlC,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAeyxF,GAA4Bl8F,UAAWw2F,GAAe8G,YAAa,CACrFj9F,MAAO,8BACP4kC,cAAc,IAiCsB,iBAAjCuxD,GAAe+G,gBAGtBH,GAAyB,CAGrB,CAAC5G,GAAe+G,iBACZ,OAAOv+F,OAGfmL,OAAOM,eAAe2yF,GAAwB5G,GAAe+G,cAAe,CAAEv4D,YAAY,KAI9F,MAAMw4D,GACF1+F,YAAY6F,EAAQyD,GAChBpJ,KAAKy+F,qBAAkBx9F,EACvBjB,KAAK0+F,aAAc,EACnB1+F,KAAKkF,QAAUS,EACf3F,KAAK2+F,eAAiBv1F,EAE1Bq6D,OACI,MAAMm7B,EAAY,IAAM5+F,KAAK6+F,aAI7B,OAHA7+F,KAAKy+F,gBAAkBz+F,KAAKy+F,gBACxB5F,GAAqB74F,KAAKy+F,gBAAiBG,EAAWA,GACtDA,IACG5+F,KAAKy+F,gBAEhBK,OAAOz9F,GACH,MAAM09F,EAAc,IAAM/+F,KAAKg/F,aAAa39F,GAC5C,OAAOrB,KAAKy+F,gBACR5F,GAAqB74F,KAAKy+F,gBAAiBM,EAAaA,GACxDA,IAERF,aACI,GAAI7+F,KAAK0+F,YACL,OAAOz+F,QAAQC,QAAQ,CAAEmB,WAAOJ,EAAWK,MAAM,IAErD,MAAMqE,EAAS3F,KAAKkF,QACpB,QAAoCjE,IAAhC0E,EAAO+0F,qBACP,OAAOpC,GAAoBgD,GAAoB,YAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAACj4F,EAASC,KACjC29F,EAAiB59F,EACjB69F,EAAgB59F,CAAM,IAuB1B,OADA69F,GAAgCr4F,EApBZ,CAChB63F,YAAaz7F,IACT/B,KAAKy+F,qBAAkBx9F,EAGvBg4F,IAAe,IAAM6E,EAAe,CAAEz8F,MAAOU,EAAOT,MAAM,KAAS,EAEvEi8F,YAAa,KACTv9F,KAAKy+F,qBAAkBx9F,EACvBjB,KAAK0+F,aAAc,EACnBvD,GAAmCx1F,GACnCm4F,EAAe,CAAEz8F,WAAOJ,EAAWK,MAAM,GAAO,EAEpD28F,YAAa/7F,IACTlC,KAAKy+F,qBAAkBx9F,EACvBjB,KAAK0+F,aAAc,EACnBvD,GAAmCx1F,GACnCo4F,EAAc77F,EAAO,IAItB4e,EAEXk+E,aAAa39F,GACT,GAAIrB,KAAK0+F,YACL,OAAOz+F,QAAQC,QAAQ,CAAEmB,QAAOC,MAAM,IAE1CtB,KAAK0+F,aAAc,EACnB,MAAM/4F,EAAS3F,KAAKkF,QACpB,QAAoCjE,IAAhC0E,EAAO+0F,qBACP,OAAOpC,GAAoBgD,GAAoB,qBAEnD,IAAKt7F,KAAK2+F,eAAgB,CACtB,MAAMl9F,EAASw5F,GAAkCt1F,EAAQtE,GAEzD,OADA85F,GAAmCx1F,GAC5BkzF,GAAqBp3F,GAAQ,MAASJ,QAAOC,MAAM,MAG9D,OADA65F,GAAmCx1F,GAC5B0yF,GAAoB,CAAEh3F,QAAOC,MAAM,KAGlD,MAAM29F,GAAuC,CACzCx7B,OACI,OAAKy7B,GAA8Bl/F,MAG5BA,KAAKm/F,mBAAmB17B,OAFpB60B,GAAoB8G,GAAuC,UAI1EN,OAAOz9F,GACH,OAAK69F,GAA8Bl/F,MAG5BA,KAAKm/F,mBAAmBL,OAAOz9F,GAF3Bi3F,GAAoB8G,GAAuC,aAgB9E,SAASF,GAA8BhyF,GACnC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,qBAIjD,CAEA,SAASkyF,GAAuC9zF,GAC5C,OAAO,IAAI4mB,UAAU,+BAA+B5mB,qDACxD,MAvB+BrK,IAA3Bm9F,IACAjzF,OAAOk0F,eAAeJ,GAAsCb,IA0BhE,MAAMkB,GAAc5vF,OAAO6vF,OAAS,SAAUryF,GAE1C,OAAOA,GAAMA,CACjB,EAEA,SAASsyF,GAA0BtnD,GAC/B,QAQJ,SAA6BA,GACzB,GAAiB,iBAANA,EACP,OAAO,EAEX,GAAIonD,GAAYpnD,GACZ,OAAO,EAEX,GAAIA,EAAI,EACJ,OAAO,EAEX,OAAO,CACX,CAnBSunD,CAAoBvnD,IAGrBA,IAAMtsC,GAId,CAcA,SAAS8zF,GAAaC,GAClB,MAAMC,EAAOD,EAAUE,OAAOv5F,QAK9B,OAJAq5F,EAAUG,iBAAmBF,EAAKx6F,KAC9Bu6F,EAAUG,gBAAkB,IAC5BH,EAAUG,gBAAkB,GAEzBF,EAAKv+F,KAChB,CACA,SAAS0+F,GAAqBJ,EAAWt+F,EAAO+D,GAE5C,IAAKo6F,GADLp6F,EAAOsK,OAAOtK,IAEV,MAAM,IAAIwwC,WAAW,wDAEzB+pD,EAAUE,OAAOh+F,KAAK,CAAER,QAAO+D,SAC/Bu6F,EAAUG,iBAAmB16F,CACjC,CAKA,SAAS46F,GAAWL,GAChBA,EAAUE,OAAS,IAAIrG,GACvBmG,EAAUG,gBAAkB,CAChC,CAEA,SAASG,GAAoB3F,GAGzB,OAAOA,EAAS54F,OACpB,CAkBA,MAAMw+F,GACFpgG,cACI,MAAM,IAAIoyB,UAAU,uBAKpBigB,WACA,IAAKguD,GAA4BngG,MAC7B,MAAMogG,GAA+B,QAEzC,OAAOpgG,KAAKqgG,MAEhBC,QAAQC,GACJ,IAAKJ,GAA4BngG,MAC7B,MAAMogG,GAA+B,WAIzC,GAFA9D,GAAuBiE,EAAc,EAAG,WACxCA,EAAe3D,GAAwC2D,EAAc,wBAChBt/F,IAAjDjB,KAAKwgG,wCACL,MAAM,IAAItuE,UAAU,0CAEHlyB,KAAKqgG,MAAMh8F,OAufxC,SAA6CJ,EAAYs8F,GAErD,GADAA,EAAe7wF,OAAO6wF,IACjBf,GAA0Be,GAC3B,MAAM,IAAI3qD,WAAW,iCAEzB6qD,GAA4Cx8F,EAAYs8F,EAC5D,CA5fQG,CAAoC1gG,KAAKwgG,wCAAyCD,GAEtFI,mBAAmBxuD,GACf,IAAKguD,GAA4BngG,MAC7B,MAAMogG,GAA+B,sBAGzC,GADA9D,GAAuBnqD,EAAM,EAAG,uBAC3B3sB,YAAYo7E,OAAOzuD,GACpB,MAAM,IAAIjgB,UAAU,gDAExB,GAAwB,IAApBigB,EAAK5tC,WACL,MAAM,IAAI2tB,UAAU,uCAExB,GAA+B,IAA3BigB,EAAK9tC,OAAOE,WACZ,MAAM,IAAI2tB,UAAU,gDAExB,QAAqDjxB,IAAjDjB,KAAKwgG,wCACL,MAAM,IAAItuE,UAAU,2CA4ehC,SAAwDjuB,EAAYkuC,GAChE,MAAM0uD,EAAkB58F,EAAW68F,kBAAkBvG,OACrD,GAAIsG,EAAgBv8F,WAAau8F,EAAgBE,cAAgB5uD,EAAK7tC,WAClE,MAAM,IAAIsxC,WAAW,2DAEzB,GAAIirD,EAAgBt8F,aAAe4tC,EAAK5tC,WACpC,MAAM,IAAIqxC,WAAW,8DAEzBirD,EAAgBx8F,OAAS8tC,EAAK9tC,OAC9Bo8F,GAA4Cx8F,EAAYkuC,EAAK5tC,WACjE,CApfQy8F,CAA+ChhG,KAAKwgG,wCAAyCruD,IAGrGhnC,OAAOkzF,iBAAiB6B,GAA0Bl/F,UAAW,CACzDs/F,QAAS,CAAEt6D,YAAY,GACvB26D,mBAAoB,CAAE36D,YAAY,GAClCmM,KAAM,CAAEnM,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAey0F,GAA0Bl/F,UAAWw2F,GAAe8G,YAAa,CACnFj9F,MAAO,4BACP4kC,cAAc,IAQtB,MAAMg7D,GACFnhG,cACI,MAAM,IAAIoyB,UAAU,uBAKpBgvE,kBACA,IAAKC,GAA+BnhG,MAChC,MAAMohG,GAAwC,eAElD,GAA0B,OAAtBphG,KAAKqhG,cAAyBrhG,KAAK8gG,kBAAkB1/F,OAAS,EAAG,CACjE,MAAMy/F,EAAkB7gG,KAAK8gG,kBAAkBvG,OACzCpoD,EAAO,IAAIpvC,WAAW89F,EAAgBx8F,OAAQw8F,EAAgBv8F,WAAau8F,EAAgBE,YAAaF,EAAgBt8F,WAAas8F,EAAgBE,aACrJG,EAAc/1F,OAAOy6B,OAAOs6D,GAA0Bl/F,YAggBxE,SAAwCsgG,EAASr9F,EAAYkuC,GACzDmvD,EAAQd,wCAA0Cv8F,EAClDq9F,EAAQjB,MAAQluD,CACpB,CAlgBYovD,CAA+BL,EAAalhG,KAAMmyC,GAClDnyC,KAAKqhG,aAAeH,EAExB,OAAOlhG,KAAKqhG,aAMZ1lB,kBACA,IAAKwlB,GAA+BnhG,MAChC,MAAMohG,GAAwC,eAElD,OAAOI,GAA2CxhG,MAMtDgC,QACI,IAAKm/F,GAA+BnhG,MAChC,MAAMohG,GAAwC,SAElD,GAAIphG,KAAKyhG,gBACL,MAAM,IAAIvvE,UAAU,8DAExB,MAAMsd,EAAQxvC,KAAK0hG,8BAA8B/G,OACjD,GAAc,aAAVnrD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,+DAiWlD,SAA2CvrC,GACvC,MAAMlD,EAASkD,EAAWy9F,8BAC1B,GAAIz9F,EAAWw9F,iBAAqC,aAAlB1gG,EAAO45F,OACrC,OAEJ,GAAI12F,EAAW67F,gBAAkB,EAE7B,YADA77F,EAAWw9F,iBAAkB,GAGjC,GAAIx9F,EAAW68F,kBAAkB1/F,OAAS,EAAG,CAEzC,GAD6B6C,EAAW68F,kBAAkBvG,OACjCwG,YAAc,EAAG,CACtC,MAAMt8F,EAAI,IAAIytB,UAAU,2DAExB,MADAyvE,GAAkC19F,EAAYQ,GACxCA,GAGdm9F,GAA4C39F,GAC5C49F,GAAoB9gG,EACxB,CAlXQ+gG,CAAkC9hG,MAEtCwE,QAAQzC,GACJ,IAAKo/F,GAA+BnhG,MAChC,MAAMohG,GAAwC,WAGlD,GADA9E,GAAuBv6F,EAAO,EAAG,YAC5ByjB,YAAYo7E,OAAO7+F,GACpB,MAAM,IAAImwB,UAAU,sCAExB,GAAyB,IAArBnwB,EAAMwC,WACN,MAAM,IAAI2tB,UAAU,uCAExB,GAAgC,IAA5BnwB,EAAMsC,OAAOE,WACb,MAAM,IAAI2tB,UAAU,gDAExB,GAAIlyB,KAAKyhG,gBACL,MAAM,IAAIvvE,UAAU,gCAExB,MAAMsd,EAAQxvC,KAAK0hG,8BAA8B/G,OACjD,GAAc,aAAVnrD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,oEA8VlD,SAA6CvrC,EAAYlC,GACrD,MAAMhB,EAASkD,EAAWy9F,8BAC1B,GAAIz9F,EAAWw9F,iBAAqC,aAAlB1gG,EAAO45F,OACrC,OAEJ,MAAMt2F,EAAStC,EAAMsC,OACfC,EAAavC,EAAMuC,WACnBC,EAAaxC,EAAMwC,WACnBw9F,EAAwC19F,EAC9C,GAAIq5F,GAA+B38F,GAC/B,GAAiD,IAA7C08F,GAAiC18F,GACjCihG,GAAgD/9F,EAAY89F,EAAmBz9F,EAAYC,OAE1F,CAED+4F,GAAiCv8F,EADT,IAAIgC,WAAWg/F,EAAmBz9F,EAAYC,IACZ,QAGzD09F,GAA4BlhG,IAEjCihG,GAAgD/9F,EAAY89F,EAAmBz9F,EAAYC,GAC3F29F,GAAiEj+F,IAGjE+9F,GAAgD/9F,EAAY89F,EAAmBz9F,EAAYC,GAE/F49F,GAA6Cl+F,EACjD,CAvXQm+F,CAAoCpiG,KAAM+B,GAK9C2C,MAAMD,EAAIxD,WACN,IAAKkgG,GAA+BnhG,MAChC,MAAMohG,GAAwC,SAElDO,GAAkC3hG,KAAMyE,GAG5Cm3F,CAACA,IAAa15F,GACV,GAAIlC,KAAK8gG,kBAAkB1/F,OAAS,EAAG,CACXpB,KAAK8gG,kBAAkBvG,OAC/BwG,YAAc,EAElCf,GAAWhgG,MACX,MAAMyB,EAASzB,KAAKqiG,iBAAiBngG,GAErC,OADA0/F,GAA4C5hG,MACrCyB,EAGXo6F,CAACA,IAAWuB,GACR,MAAMr8F,EAASf,KAAK0hG,8BACpB,GAAI1hG,KAAK8/F,gBAAkB,EAAG,CAC1B,MAAMwC,EAAQtiG,KAAK6/F,OAAOv5F,QAC1BtG,KAAK8/F,iBAAmBwC,EAAM/9F,WAC9Bg+F,GAA6CviG,MAC7C,MAAMmyC,EAAO,IAAIpvC,WAAWu/F,EAAMj+F,OAAQi+F,EAAMh+F,WAAYg+F,EAAM/9F,YAElE,YADA64F,EAAYI,YAAYrrD,GAG5B,MAAMqwD,EAAwBxiG,KAAKyiG,uBACnC,QAA8BxhG,IAA1BuhG,EAAqC,CACrC,IAAIn+F,EACJ,IACIA,EAAS,IAAImhB,YAAYg9E,GAE7B,MAAOE,GAEH,YADAtF,EAAYa,YAAYyE,GAG5B,MAAMC,EAAqB,CACvBt+F,SACAC,WAAY,EACZC,WAAYi+F,EACZzB,YAAa,EACb6B,YAAa,EACbC,gBAAiB9/F,WACjB+/F,WAAY,WAEhB9iG,KAAK8gG,kBAAkBj/F,KAAK8gG,GAEhCxF,GAA6Bp8F,EAAQq8F,GACrC+E,GAA6CniG,OAiBrD,SAASmhG,GAA+Bj0F,GACpC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,gCAIjD,CACA,SAASizF,GAA4BjzF,GACjC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,0CAIjD,CACA,SAASi1F,GAA6Cl+F,GAClD,MAAM8+F,EAiNV,SAAoD9+F,GAChD,MAAMlD,EAASkD,EAAWy9F,8BAC1B,GAAsB,aAAlB3gG,EAAO45F,OACP,OAAO,EAEX,GAAI12F,EAAWw9F,gBACX,OAAO,EAEX,IAAKx9F,EAAW++F,SACZ,OAAO,EAEX,GAAItF,GAA+B38F,IAAW08F,GAAiC18F,GAAU,EACrF,OAAO,EAEX,GAAIkhG,GAA4BlhG,IAAWkiG,GAAqCliG,GAAU,EACtF,OAAO,EAEX,MAAM46E,EAAc6lB,GAA2Cv9F,GAC/D,GAAI03E,EAAc,EACd,OAAO,EAEX,OAAO,CACX,CAvOuBunB,CAA2Cj/F,GAC9D,IAAK8+F,EACD,OAEJ,GAAI9+F,EAAWk/F,SAEX,YADAl/F,EAAWm/F,YAAa,GAG5Bn/F,EAAWk/F,UAAW,EAGtBzK,GADoBz0F,EAAWo/F,kBACN,KACrBp/F,EAAWk/F,UAAW,EAClBl/F,EAAWm/F,aACXn/F,EAAWm/F,YAAa,EACxBjB,GAA6Cl+F,OAElDQ,IACCk9F,GAAkC19F,EAAYQ,EAAE,GAExD,CAKA,SAAS6+F,GAAqDviG,EAAQ4hG,GAClE,IAAIrhG,GAAO,EACW,WAAlBP,EAAO45F,SACPr5F,GAAO,GAEX,MAAMiiG,EAAaC,GAAsDb,GACnC,YAAlCA,EAAmBG,WACnBxF,GAAiCv8F,EAAQwiG,EAAYjiG,GAoW7D,SAA8CP,EAAQgB,EAAOT,GACzD,MAAMqE,EAAS5E,EAAOmE,QAChBu+F,EAAkB99F,EAAO+9F,kBAAkBp9F,QAC7ChF,EACAmiG,EAAgBlG,YAAYx7F,GAG5B0hG,EAAgBjG,YAAYz7F,EAEpC,CA1WQ4hG,CAAqC5iG,EAAQwiG,EAAYjiG,EAEjE,CACA,SAASkiG,GAAsDb,GAC3D,MAAM5B,EAAc4B,EAAmB5B,YACjC6B,EAAcD,EAAmBC,YACvC,OAAO,IAAID,EAAmBE,gBAAgBF,EAAmBt+F,OAAQs+F,EAAmBr+F,WAAYy8F,EAAc6B,EAC1H,CACA,SAASZ,GAAgD/9F,EAAYI,EAAQC,EAAYC,GACrFN,EAAW47F,OAAOh+F,KAAK,CAAEwC,SAAQC,aAAYC,eAC7CN,EAAW67F,iBAAmBv7F,CAClC,CACA,SAASq/F,GAA4D3/F,EAAY0+F,GAC7E,MAAMC,EAAcD,EAAmBC,YACjCiB,EAAsBlB,EAAmB5B,YAAc4B,EAAmB5B,YAAc6B,EACxFkB,EAAiBh4F,KAAKoyC,IAAIj6C,EAAW67F,gBAAiB6C,EAAmBp+F,WAAao+F,EAAmB5B,aACzGgD,EAAiBpB,EAAmB5B,YAAc+C,EAClDE,EAAkBD,EAAiBA,EAAiBnB,EAC1D,IAAIqB,EAA4BH,EAC5Bz6F,GAAQ,EACR26F,EAAkBH,IAClBI,EAA4BD,EAAkBrB,EAAmB5B,YACjE13F,GAAQ,GAEZ,MAAM66F,EAAQjgG,EAAW47F,OACzB,KAAOoE,EAA4B,GAAG,CAClC,MAAME,EAAcD,EAAM3J,OACpB6J,EAAct4F,KAAKoyC,IAAI+lD,EAA2BE,EAAY5/F,YAC9D8/F,EAAY1B,EAAmBr+F,WAAaq+F,EAAmB5B,YA5SjDvvC,EA6SDmxC,EAAmBt+F,OA7SZigG,EA6SoBD,EA7SRxtE,EA6SmBstE,EAAY9/F,OA7S1BkgG,EA6SkCJ,EAAY7/F,WA7SnCkI,EA6S+C43F,EA5SzG,IAAIrhG,WAAWyuD,GAAMhuD,IAAI,IAAIT,WAAW8zB,EAAK0tE,EAAW/3F,GAAI83F,GA6SpDH,EAAY5/F,aAAe6/F,EAC3BF,EAAM59F,SAGN69F,EAAY7/F,YAAc8/F,EAC1BD,EAAY5/F,YAAc6/F,GAE9BngG,EAAW67F,iBAAmBsE,EAC9BI,GAAuDvgG,EAAYmgG,EAAazB,GAChFsB,GAA6BG,EAvTrC,IAA4B5yC,EAAM8yC,EAAYztE,EAAK0tE,EAAW/3F,EAyT1D,OAAOnD,CACX,CACA,SAASm7F,GAAuDvgG,EAAYmB,EAAMu9F,GAC9E8B,GAAkDxgG,GAClD0+F,EAAmB5B,aAAe37F,CACtC,CACA,SAASm9F,GAA6Ct+F,GACf,IAA/BA,EAAW67F,iBAAyB77F,EAAWw9F,iBAC/CG,GAA4C39F,GAC5C49F,GAAoB59F,EAAWy9F,gCAG/BS,GAA6Cl+F,EAErD,CACA,SAASwgG,GAAkDxgG,GACvB,OAA5BA,EAAWo9F,eAGfp9F,EAAWo9F,aAAab,6CAA0Cv/F,EAClEgD,EAAWo9F,aAAahB,MAAQ,KAChCp8F,EAAWo9F,aAAe,KAC9B,CACA,SAASa,GAAiEj+F,GACtE,KAAOA,EAAW68F,kBAAkB1/F,OAAS,GAAG,CAC5C,GAAmC,IAA/B6C,EAAW67F,gBACX,OAEJ,MAAM6C,EAAqB1+F,EAAW68F,kBAAkBvG,OACpDqJ,GAA4D3/F,EAAY0+F,KACxE+B,GAAiDzgG,GACjDq/F,GAAqDr/F,EAAWy9F,8BAA+BiB,IAG3G,CAgFA,SAASlC,GAA4Cx8F,EAAYs8F,GAC7D,MAAMM,EAAkB58F,EAAW68F,kBAAkBvG,OAErD,GAAc,WADAt2F,EAAWy9F,8BAA8B/G,OAC/B,CACpB,GAAqB,IAAjB4F,EACA,MAAM,IAAIruE,UAAU,qEApChC,SAA0DjuB,EAAY48F,GAClEA,EAAgBx8F,OAA6Bw8F,EAAgBx8F,OAC7D,MAAMtD,EAASkD,EAAWy9F,8BAC1B,GAAIO,GAA4BlhG,GAC5B,KAAOkiG,GAAqCliG,GAAU,GAElDuiG,GAAqDviG,EAD1B2jG,GAAiDzgG,GAIxF,CA6BQ0gG,CAAiD1gG,EAAY48F,QA5BrE,SAA4D58F,EAAYs8F,EAAcoC,GAClF,GAAIA,EAAmB5B,YAAcR,EAAeoC,EAAmBp+F,WACnE,MAAM,IAAIqxC,WAAW,6BAGzB,GADA4uD,GAAuDvgG,EAAYs8F,EAAcoC,GAC7EA,EAAmB5B,YAAc4B,EAAmBC,YAEpD,OAEJ8B,GAAiDzgG,GACjD,MAAM2gG,EAAgBjC,EAAmB5B,YAAc4B,EAAmBC,YAC1E,GAAIgC,EAAgB,EAAG,CACnB,MAAMj5F,EAAMg3F,EAAmBr+F,WAAaq+F,EAAmB5B,YACzDj2F,EAAY63F,EAAmBt+F,OAAO3C,MAAMiK,EAAMi5F,EAAej5F,GACvEq2F,GAAgD/9F,EAAY6G,EAAW,EAAGA,EAAUvG,YAExFo+F,EAAmBt+F,OAA6Bs+F,EAAmBt+F,OACnEs+F,EAAmB5B,aAAe6D,EAClCtB,GAAqDr/F,EAAWy9F,8BAA+BiB,GAC/FT,GAAiEj+F,EACrE,CAWQ4gG,CAAmD5gG,EAAYs8F,EAAcM,GAEjFsB,GAA6Cl+F,EACjD,CACA,SAASygG,GAAiDzgG,GACtD,MAAMsH,EAAatH,EAAW68F,kBAAkBx6F,QAEhD,OADAm+F,GAAkDxgG,GAC3CsH,CACX,CAwBA,SAASq2F,GAA4C39F,GACjDA,EAAWo/F,oBAAiBpiG,EAC5BgD,EAAWo+F,sBAAmBphG,CAClC,CAkDA,SAAS0gG,GAAkC19F,EAAYQ,GACnD,MAAM1D,EAASkD,EAAWy9F,8BACJ,aAAlB3gG,EAAO45F,UA1Qf,SAA2D12F,GACvDwgG,GAAkDxgG,GAClDA,EAAW68F,kBAAoB,IAAItH,EACvC,CA0QIsL,CAAkD7gG,GAClD+7F,GAAW/7F,GACX29F,GAA4C39F,GAC5C8gG,GAAoBhkG,EAAQ0D,GAChC,CACA,SAAS+8F,GAA2Cv9F,GAChD,MAAMurC,EAAQvrC,EAAWy9F,8BAA8B/G,OACvD,MAAc,YAAVnrD,EACO,KAEG,WAAVA,EACO,EAEJvrC,EAAW+gG,aAAe/gG,EAAW67F,eAChD,CA2CA,SAASmF,GAAsDlkG,EAAQmkG,EAAsBn7F,GACzF,MAAM9F,EAAakH,OAAOy6B,OAAOq7D,GAA6BjgG,WAC9D,IAAImkG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBp3F,GAC1CokG,EAAkB,IAAMhN,QAAoBp3F,QACbA,IAA/BikG,EAAqBlhG,QACrBmhG,EAAiB,IAAMD,EAAqBlhG,MAAMC,SAEpBhD,IAA9BikG,EAAqBvgG,OACrBygG,EAAgB,IAAMF,EAAqBvgG,KAAKV,SAEhBhD,IAAhCikG,EAAqBrgG,SACrBwgG,EAAkBnjG,GAAUgjG,EAAqBrgG,OAAO3C,IAE5D,MAAMsgG,EAAwB0C,EAAqB1C,sBACnD,GAA8B,IAA1BA,EACA,MAAM,IAAItwE,UAAU,iDAxC5B,SAA2CnxB,EAAQkD,EAAYkhG,EAAgBC,EAAeC,EAAiBt7F,EAAey4F,GAC1Hv+F,EAAWy9F,8BAAgC3gG,EAC3CkD,EAAWm/F,YAAa,EACxBn/F,EAAWk/F,UAAW,EACtBl/F,EAAWo9F,aAAe,KAE1Bp9F,EAAW47F,OAAS57F,EAAW67F,qBAAkB7+F,EACjD++F,GAAW/7F,GACXA,EAAWw9F,iBAAkB,EAC7Bx9F,EAAW++F,UAAW,EACtB/+F,EAAW+gG,aAAej7F,EAC1B9F,EAAWo/F,eAAiB+B,EAC5BnhG,EAAWo+F,iBAAmBgD,EAC9BphG,EAAWw+F,uBAAyBD,EACpCv+F,EAAW68F,kBAAoB,IAAItH,GACnCz4F,EAAOo9F,0BAA4Bl6F,EAEnCy0F,GAAYL,GADQ8M,MAC0B,KAC1ClhG,EAAW++F,UAAW,EACtBb,GAA6Cl+F,EAAW,IACzD8J,IACC4zF,GAAkC19F,EAAY8J,EAAE,GAExD,CAmBIu3F,CAAkCvkG,EAAQkD,EAAYkhG,EAAgBC,EAAeC,EAAiBt7F,EAAey4F,EACzH,CAMA,SAASpC,GAA+B90F,GACpC,OAAO,IAAI4mB,UAAU,uCAAuC5mB,oDAChE,CAEA,SAAS81F,GAAwC91F,GAC7C,OAAO,IAAI4mB,UAAU,0CAA0C5mB,uDACnE,CAOA,SAASi6F,GAAiCxkG,EAAQ0iG,GAC9C1iG,EAAOmE,QAAQw+F,kBAAkB7hG,KAAK4hG,EAC1C,CAWA,SAASR,GAAqCliG,GAC1C,OAAOA,EAAOmE,QAAQw+F,kBAAkBtiG,MAC5C,CACA,SAAS6gG,GAA4BlhG,GACjC,MAAM4E,EAAS5E,EAAOmE,QACtB,YAAejE,IAAX0E,KAGC6/F,GAA2B7/F,EAIpC,CA3bAwF,OAAOkzF,iBAAiB4C,GAA6BjgG,UAAW,CAC5DgB,MAAO,CAAEgkC,YAAY,GACrBxhC,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrBk7D,YAAa,CAAEl7D,YAAY,GAC3B21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAew1F,GAA6BjgG,UAAWw2F,GAAe8G,YAAa,CACtFj9F,MAAO,+BACP4kC,cAAc,IAubtB,MAAMw/D,GACF3lG,YAAYiB,GAGR,GAFAu7F,GAAuBv7F,EAAQ,EAAG,4BAClCg8F,GAAqBh8F,EAAQ,mBACzB68F,GAAuB78F,GACvB,MAAM,IAAImxB,UAAU,+EAExB,IAAKivE,GAA+BpgG,EAAOo9F,2BACvC,MAAM,IAAIjsE,UAAU,+FAGxBuoE,GAAsCz6F,KAAMe,GAC5Cf,KAAK0jG,kBAAoB,IAAIlK,GAM7B34F,aACA,OAAK2kG,GAA2BxlG,MAGzBA,KAAKu7F,eAFDjD,GAAoBoN,GAA8B,WAOjE7gG,OAAO3C,EAASjB,WACZ,OAAKukG,GAA2BxlG,WAGEiB,IAA9BjB,KAAK06F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCj7F,KAAMkC,GALpCo2F,GAAoBoN,GAA8B,WAYjExkG,KAAKixC,GACD,IAAKqzD,GAA2BxlG,MAC5B,OAAOs4F,GAAoBoN,GAA8B,SAE7D,IAAKlgF,YAAYo7E,OAAOzuD,GACpB,OAAOmmD,GAAoB,IAAIpmE,UAAU,sCAE7C,GAAwB,IAApBigB,EAAK5tC,WACL,OAAO+zF,GAAoB,IAAIpmE,UAAU,uCAE7C,GAA+B,IAA3BigB,EAAK9tC,OAAOE,WACZ,OAAO+zF,GAAoB,IAAIpmE,UAAU,gDAE7C,QAAkCjxB,IAA9BjB,KAAK06F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAACj4F,EAASC,KACjC29F,EAAiB59F,EACjB69F,EAAgB59F,CAAM,IAQ1B,OA8CR,SAAsCwF,EAAQwsC,EAAMsxD,GAChD,MAAM1iG,EAAS4E,EAAO+0F,qBACtB35F,EAAOm9F,YAAa,EACE,YAAlBn9F,EAAO45F,OACP8I,EAAgBxF,YAAYl9F,EAAOi6F,cAxa3C,SAA8C/2F,EAAYkuC,EAAMsxD,GAC5D,MAAM1iG,EAASkD,EAAWy9F,8BAC1B,IAAIkB,EAAc,EACdzwD,EAAKryC,cAAgB2lB,WACrBm9E,EAAczwD,EAAKryC,YAAY6lG,mBAEnC,MAAM9/D,EAAOsM,EAAKryC,YAEZ6iG,EAAqB,CACvBt+F,OAF+B8tC,EAAK9tC,OAGpCC,WAAY6tC,EAAK7tC,WACjBC,WAAY4tC,EAAK5tC,WACjBw8F,YAAa,EACb6B,cACAC,gBAAiBh9D,EACjBi9D,WAAY,QAEhB,GAAI7+F,EAAW68F,kBAAkB1/F,OAAS,EAMtC,OALA6C,EAAW68F,kBAAkBj/F,KAAK8gG,QAIlC4C,GAAiCxkG,EAAQ0iG,GAG7C,GAAsB,WAAlB1iG,EAAO45F,OAAX,CAKA,GAAI12F,EAAW67F,gBAAkB,EAAG,CAChC,GAAI8D,GAA4D3/F,EAAY0+F,GAAqB,CAC7F,MAAMY,EAAaC,GAAsDb,GAGzE,OAFAJ,GAA6Ct+F,QAC7Cw/F,EAAgBjG,YAAY+F,GAGhC,GAAIt/F,EAAWw9F,gBAAiB,CAC5B,MAAMh9F,EAAI,IAAIytB,UAAU,2DAGxB,OAFAyvE,GAAkC19F,EAAYQ,QAC9Cg/F,EAAgBxF,YAAYx5F,IAIpCR,EAAW68F,kBAAkBj/F,KAAK8gG,GAClC4C,GAAiCxkG,EAAQ0iG,GACzCtB,GAA6Cl+F,OArB7C,CACI,MAAM2hG,EAAY,IAAI//D,EAAK88D,EAAmBt+F,OAAQs+F,EAAmBr+F,WAAY,GACrFm/F,EAAgBlG,YAAYqI,GAoBpC,CA4XQC,CAAqC9kG,EAAOo9F,0BAA2BhsD,EAAMsxD,EAErF,CAxDQqC,CAA6B9lG,KAAMmyC,EALX,CACpBqrD,YAAaz7F,GAAS+7F,EAAe,CAAEz8F,MAAOU,EAAOT,MAAM,IAC3Di8F,YAAax7F,GAAS+7F,EAAe,CAAEz8F,MAAOU,EAAOT,MAAM,IAC3D28F,YAAax5F,GAAKs5F,EAAct5F,KAG7Bqc,EAWXlgB,cACI,IAAK4kG,GAA2BxlG,MAC5B,MAAM0lG,GAA8B,eAExC,QAAkCzkG,IAA9BjB,KAAK06F,qBAAT,CAGA,GAAI16F,KAAK0jG,kBAAkBtiG,OAAS,EAChC,MAAM,IAAI8wB,UAAU,uFAExBipE,GAAmCn7F,QAgB3C,SAASwlG,GAA2Bt4F,GAChC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,oBAIjD,CAYA,SAASw4F,GAA8Bp6F,GACnC,OAAO,IAAI4mB,UAAU,sCAAsC5mB,mDAC/D,CAEA,SAASy6F,GAAqBprC,EAAUqrC,GACpC,MAAMj8F,cAAEA,GAAkB4wD,EAC1B,QAAsB15D,IAAlB8I,EACA,OAAOi8F,EAEX,GAAI1G,GAAYv1F,IAAkBA,EAAgB,EAC9C,MAAM,IAAI6rC,WAAW,yBAEzB,OAAO7rC,CACX,CACA,SAASk8F,GAAqBtrC,GAC1B,MAAMv1D,KAAEA,GAASu1D,EACjB,OAAKv1D,GACM,KAAM,EAGrB,CAEA,SAAS8gG,GAAuBxrE,EAAMyhE,GAClCD,GAAiBxhE,EAAMyhE,GACvB,MAAMpyF,EAAgB2wB,aAAmC,EAASA,EAAK3wB,cACjE3E,EAAOs1B,aAAmC,EAASA,EAAKt1B,KAC9D,MAAO,CACH2E,mBAAiC9I,IAAlB8I,OAA8B9I,EAAYy7F,GAA0B3yF,GACnF3E,UAAenE,IAATmE,OAAqBnE,EAAYklG,GAA2B/gG,EAAS+2F,EAAH,2BAEhF,CACA,SAASgK,GAA2B97F,EAAI8xF,GAEpC,OADAC,GAAe/xF,EAAI8xF,GACZp6F,GAAS26F,GAA0BryF,EAAGtI,GACjD,CAyBA,SAASqkG,GAAmC/7F,EAAIg8F,EAAUlK,GAEtD,OADAC,GAAe/xF,EAAI8xF,GACXj6F,GAAWq3F,GAAYlvF,EAAIg8F,EAAU,CAACnkG,GAClD,CACA,SAASokG,GAAmCj8F,EAAIg8F,EAAUlK,GAEtD,OADAC,GAAe/xF,EAAI8xF,GACZ,IAAM5C,GAAYlvF,EAAIg8F,EAAU,GAC3C,CACA,SAASE,GAAmCl8F,EAAIg8F,EAAUlK,GAEtD,OADAC,GAAe/xF,EAAI8xF,GACXl4F,GAAem1F,GAAY/uF,EAAIg8F,EAAU,CAACpiG,GACtD,CACA,SAASuiG,GAAmCn8F,EAAIg8F,EAAUlK,GAEtD,OADAC,GAAe/xF,EAAI8xF,GACZ,CAACp6F,EAAOkC,IAAes1F,GAAYlvF,EAAIg8F,EAAU,CAACtkG,EAAOkC,GACpE,CAEA,SAASwiG,GAAqBv5F,EAAGivF,GAC7B,IAAKuK,GAAiBx5F,GAClB,MAAM,IAAIglB,UAAaiqE,EAAH,4BAE5B,CAjHAhxF,OAAOkzF,iBAAiBoH,GAAyBzkG,UAAW,CACxD6D,OAAQ,CAAEmhC,YAAY,GACtB9kC,KAAM,CAAE8kC,YAAY,GACpBplC,YAAa,CAAEolC,YAAY,GAC3BnlC,OAAQ,CAAEmlC,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAeg6F,GAAyBzkG,UAAWw2F,GAAe8G,YAAa,CAClFj9F,MAAO,2BACP4kC,cAAc,IA+GtB,MAAMt+B,GACF7H,YAAY6mG,EAAoB,GAAIC,EAAc,SACpB3lG,IAAtB0lG,EACAA,EAAoB,KAGpBtK,GAAasK,EAAmB,mBAEpC,MAAMhsC,EAAWurC,GAAuBU,EAAa,oBAC/CC,EA5Dd,SAA+BR,EAAUlK,GACrCD,GAAiBmK,EAAUlK,GAC3B,MAAMl6F,EAAQokG,aAA2C,EAASA,EAASpkG,MACrED,EAAQqkG,aAA2C,EAASA,EAASrkG,MACrEgC,EAAQqiG,aAA2C,EAASA,EAASriG,MACrEoW,EAAOisF,aAA2C,EAASA,EAASjsF,KACpEtY,EAAQukG,aAA2C,EAASA,EAASvkG,MAC3E,MAAO,CACHG,WAAiBhB,IAAVgB,OACHhB,EACAmlG,GAAmCnkG,EAAOokG,EAAalK,EAAH,4BACxDn6F,WAAiBf,IAAVe,OACHf,EACAqlG,GAAmCtkG,EAAOqkG,EAAalK,EAAH,4BACxDn4F,WAAiB/C,IAAV+C,OACH/C,EACAslG,GAAmCviG,EAAOqiG,EAAalK,EAAH,4BACxDr6F,WAAiBb,IAAVa,OACHb,EACAulG,GAAmC1kG,EAAOukG,EAAalK,EAAH,4BACxD/hF,OAER,CAsC+B0sF,CAAsBH,EAAmB,mBAChEI,GAAyB/mG,MAEzB,QAAaiB,IADA4lG,EAAezsF,KAExB,MAAM,IAAIw7B,WAAW,6BAEzB,MAAMoxD,EAAgBf,GAAqBtrC,IAioBnD,SAAgE55D,EAAQ8lG,EAAgB98F,EAAei9F,GACnG,MAAM/iG,EAAakH,OAAOy6B,OAAOqhE,GAAgCjmG,WACjE,IAAImkG,EAAiB,KAAe,EAChC+B,EAAiB,IAAM7O,QAAoBp3F,GAC3CkmG,EAAiB,IAAM9O,QAAoBp3F,GAC3CmmG,EAAiB,IAAM/O,QAAoBp3F,QAClBA,IAAzB4lG,EAAe7iG,QACfmhG,EAAiB,IAAM0B,EAAe7iG,MAAMC,SAEnBhD,IAAzB4lG,EAAe/kG,QACfolG,EAAiBnlG,GAAS8kG,EAAe/kG,MAAMC,EAAOkC,SAE7BhD,IAAzB4lG,EAAe7kG,QACfmlG,EAAiB,IAAMN,EAAe7kG,cAEbf,IAAzB4lG,EAAe5kG,QACfmlG,EAAiBllG,GAAU2kG,EAAe5kG,MAAMC,IAEpDmlG,GAAqCtmG,EAAQkD,EAAYkhG,EAAgB+B,EAAgBC,EAAgBC,EAAgBr9F,EAAei9F,EAC5I,CAlpBQM,CAAuDtnG,KAAM6mG,EADvCd,GAAqBprC,EAAU,GACuCqsC,GAK5FO,aACA,IAAKb,GAAiB1mG,MAClB,MAAMwnG,GAA4B,UAEtC,OAAOC,GAAuBznG,MAWlCiC,MAAMC,EAASjB,WACX,OAAKylG,GAAiB1mG,MAGlBynG,GAAuBznG,MAChBs4F,GAAoB,IAAIpmE,UAAU,oDAEtCw1E,GAAoB1nG,KAAMkC,GALtBo2F,GAAoBkP,GAA4B,UAe/DxlG,QACI,OAAK0kG,GAAiB1mG,MAGlBynG,GAAuBznG,MAChBs4F,GAAoB,IAAIpmE,UAAU,oDAEzCy1E,GAAoC3nG,MAC7Bs4F,GAAoB,IAAIpmE,UAAU,2CAEtC01E,GAAoB5nG,MARhBs4F,GAAoBkP,GAA4B,UAkB/D7mG,YACI,IAAK+lG,GAAiB1mG,MAClB,MAAMwnG,GAA4B,aAEtC,OAAOK,GAAmC7nG,OAgBlD,SAAS6nG,GAAmC9mG,GACxC,OAAO,IAAI+mG,GAA4B/mG,EAC3C,CASA,SAASgmG,GAAyBhmG,GAC9BA,EAAO45F,OAAS,WAGhB55F,EAAOi6F,kBAAe/5F,EACtBF,EAAOgnG,aAAU9mG,EAGjBF,EAAOinG,+BAA4B/mG,EAGnCF,EAAOknG,eAAiB,IAAIzO,GAG5Bz4F,EAAOmnG,2BAAwBjnG,EAG/BF,EAAOonG,mBAAgBlnG,EAGvBF,EAAOqnG,2BAAwBnnG,EAE/BF,EAAOsnG,0BAAuBpnG,EAE9BF,EAAOunG,eAAgB,CAC3B,CACA,SAAS5B,GAAiBx5F,GACtB,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAASu6F,GAAuB1mG,GAC5B,YAAuBE,IAAnBF,EAAOgnG,OAIf,CACA,SAASL,GAAoB3mG,EAAQmB,GACjC,MAAMstC,EAAQzuC,EAAO45F,OACrB,GAAc,WAAVnrD,GAAgC,YAAVA,EACtB,OAAO6oD,QAAoBp3F,GAE/B,QAAoCA,IAAhCF,EAAOsnG,qBACP,OAAOtnG,EAAOsnG,qBAAqBE,SAEvC,IAAIC,GAAqB,EACX,aAAVh5D,IACAg5D,GAAqB,EAErBtmG,OAASjB,GAEb,MAAM6f,EAAUq3E,IAAW,CAACj4F,EAASC,KACjCY,EAAOsnG,qBAAuB,CAC1BE,cAAUtnG,EACVwnG,SAAUvoG,EACVwoG,QAASvoG,EACTwoG,QAASzmG,EACT0mG,oBAAqBJ,EACxB,IAML,OAJAznG,EAAOsnG,qBAAqBE,SAAWznF,EAClC0nF,GACDK,GAA4B9nG,EAAQmB,GAEjC4e,CACX,CACA,SAAS8mF,GAAoB7mG,GACzB,MAAMyuC,EAAQzuC,EAAO45F,OACrB,GAAc,WAAVnrD,GAAgC,YAAVA,EACtB,OAAO8oD,GAAoB,IAAIpmE,UAAU,kBAAkBsd,+DAE/D,MAAM1uB,EAAUq3E,IAAW,CAACj4F,EAASC,KACjC,MAAM2oG,EAAe,CACjBL,SAAUvoG,EACVwoG,QAASvoG,GAEbY,EAAOonG,cAAgBW,CAAY,IAEjCpoG,EAASK,EAAOgnG,QAgf1B,IAA8C9jG,EA3e1C,YAJehD,IAAXP,GAAwBK,EAAOunG,eAA2B,aAAV94D,GAChDu5D,GAAiCroG,GA+erCq/F,GAD0C97F,EA5eLlD,EAAOinG,0BA6eXgB,GAAe,GAChDC,GAAoDhlG,GA7e7C6c,CACX,CAYA,SAASooF,GAAgCnoG,EAAQ2D,GAE/B,aADA3D,EAAO45F,OAKrBwO,GAA6BpoG,GAHzB8nG,GAA4B9nG,EAAQ2D,EAI5C,CACA,SAASmkG,GAA4B9nG,EAAQmB,GACzC,MAAM+B,EAAalD,EAAOinG,0BAC1BjnG,EAAO45F,OAAS,WAChB55F,EAAOi6F,aAAe94F,EACtB,MAAMxB,EAASK,EAAOgnG,aACP9mG,IAAXP,GACA0oG,GAAsD1oG,EAAQwB,IA8EtE,SAAkDnB,GAC9C,QAAqCE,IAAjCF,EAAOmnG,4BAAwEjnG,IAAjCF,EAAOqnG,sBACrD,OAAO,EAEX,OAAO,CACX,CAjFSiB,CAAyCtoG,IAAWkD,EAAW++F,UAChEmG,GAA6BpoG,EAErC,CACA,SAASooG,GAA6BpoG,GAClCA,EAAO45F,OAAS,UAChB55F,EAAOinG,0BAA0BrM,MACjC,MAAM2N,EAAcvoG,EAAOi6F,aAK3B,GAJAj6F,EAAOknG,eAAe3kG,SAAQimG,IAC1BA,EAAab,QAAQY,EAAY,IAErCvoG,EAAOknG,eAAiB,IAAIzO,QACQv4F,IAAhCF,EAAOsnG,qBAEP,YADAmB,GAAkDzoG,GAGtD,MAAM0oG,EAAe1oG,EAAOsnG,qBAE5B,GADAtnG,EAAOsnG,0BAAuBpnG,EAC1BwoG,EAAab,oBAGb,OAFAa,EAAaf,QAAQY,QACrBE,GAAkDzoG,GAItD23F,GADgB33F,EAAOinG,0BAA0BtM,IAAY+N,EAAad,UACrD,KACjBc,EAAahB,WACbe,GAAkDzoG,EAAO,IACzDmB,IACAunG,EAAaf,QAAQxmG,GACrBsnG,GAAkDzoG,EAAO,GAEjE,CAuCA,SAAS4mG,GAAoC5mG,GACzC,YAA6BE,IAAzBF,EAAOonG,oBAAgElnG,IAAjCF,EAAOqnG,qBAIrD,CAcA,SAASoB,GAAkDzoG,QAC1BE,IAAzBF,EAAOonG,gBACPpnG,EAAOonG,cAAcO,QAAQ3nG,EAAOi6F,cACpCj6F,EAAOonG,mBAAgBlnG,GAE3B,MAAMP,EAASK,EAAOgnG,aACP9mG,IAAXP,GACAgpG,GAAiChpG,EAAQK,EAAOi6F,aAExD,CACA,SAAS2O,GAAiC5oG,EAAQ6oG,GAC9C,MAAMlpG,EAASK,EAAOgnG,aACP9mG,IAAXP,GAAwBkpG,IAAiB7oG,EAAOunG,gBAC5CsB,EAwhBZ,SAAwClpG,GACpCmpG,GAAoCnpG,EACxC,CAzhBYopG,CAA+BppG,GAG/BqoG,GAAiCroG,IAGzCK,EAAOunG,cAAgBsB,CAC3B,CA1PAz+F,OAAOkzF,iBAAiB12F,GAAe3G,UAAW,CAC9CiB,MAAO,CAAE+jC,YAAY,GACrBhkC,MAAO,CAAEgkC,YAAY,GACrBrlC,UAAW,CAAEqlC,YAAY,GACzBuhE,OAAQ,CAAEvhE,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAe9D,GAAe3G,UAAWw2F,GAAe8G,YAAa,CACxEj9F,MAAO,iBACP4kC,cAAc,IAuPtB,MAAM6hE,GACFhoG,YAAYiB,GAGR,GAFAu7F,GAAuBv7F,EAAQ,EAAG,+BAClC0lG,GAAqB1lG,EAAQ,mBACzB0mG,GAAuB1mG,GACvB,MAAM,IAAImxB,UAAU,+EAExBlyB,KAAK+pG,qBAAuBhpG,EAC5BA,EAAOgnG,QAAU/nG,KACjB,MAAMwvC,EAAQzuC,EAAO45F,OACrB,GAAc,aAAVnrD,GACKm4D,GAAoC5mG,IAAWA,EAAOunG,cACvDuB,GAAoC7pG,MAGpCgqG,GAA8ChqG,MAElDiqG,GAAqCjqG,WAEpC,GAAc,aAAVwvC,EACL06D,GAA8ClqG,KAAMe,EAAOi6F,cAC3DiP,GAAqCjqG,WAEpC,GAAc,WAAVwvC,EACLw6D,GAA8ChqG,MAgctDiqG,GADoDvpG,EA9bGV,MAgcvDmqG,GAAkCzpG,OA9bzB,CACD,MAAM4oG,EAAcvoG,EAAOi6F,aAC3BkP,GAA8ClqG,KAAMspG,GACpDc,GAA+CpqG,KAAMspG,GAybjE,IAAwD5oG,EAlbhDG,aACA,OAAKwpG,GAA8BrqG,MAG5BA,KAAKu7F,eAFDjD,GAAoBgS,GAAiC,WAYhE3uB,kBACA,IAAK0uB,GAA8BrqG,MAC/B,MAAMsqG,GAAiC,eAE3C,QAAkCrpG,IAA9BjB,KAAK+pG,qBACL,MAAMQ,GAA2B,eAErC,OAuIR,SAAmD7pG,GAC/C,MAAMK,EAASL,EAAOqpG,qBAChBv6D,EAAQzuC,EAAO45F,OACrB,GAAc,YAAVnrD,GAAiC,aAAVA,EACvB,OAAO,KAEX,GAAc,WAAVA,EACA,OAAO,EAEX,OAAOg7D,GAA8CzpG,EAAOinG,0BAChE,CAjJeyC,CAA0CzqG,MAUjDqJ,YACA,OAAKghG,GAA8BrqG,MAG5BA,KAAK0qG,cAFDpS,GAAoBgS,GAAiC,UAOpEroG,MAAMC,EAASjB,WACX,OAAKopG,GAA8BrqG,WAGDiB,IAA9BjB,KAAK+pG,qBACEzR,GAAoBiS,GAA2B,UA4ElE,SAA0C7pG,EAAQwB,GAC9C,MAAMnB,EAASL,EAAOqpG,qBACtB,OAAOrC,GAAoB3mG,EAAQmB,EACvC,CA7EeyoG,CAAiC3qG,KAAMkC,GALnCo2F,GAAoBgS,GAAiC,UAUpEtoG,QACI,IAAKqoG,GAA8BrqG,MAC/B,OAAOs4F,GAAoBgS,GAAiC,UAEhE,MAAMvpG,EAASf,KAAK+pG,qBACpB,YAAe9oG,IAAXF,EACOu3F,GAAoBiS,GAA2B,UAEtD5C,GAAoC5mG,GAC7Bu3F,GAAoB,IAAIpmE,UAAU,2CAEtC04E,GAAiC5qG,MAY5CY,cACI,IAAKypG,GAA8BrqG,MAC/B,MAAMsqG,GAAiC,oBAG5BrpG,IADAjB,KAAK+pG,sBAIpBc,GAAmC7qG,MAEvC8B,MAAMC,EAAQd,WACV,OAAKopG,GAA8BrqG,WAGDiB,IAA9BjB,KAAK+pG,qBACEzR,GAAoBiS,GAA2B,aAEnDO,GAAiC9qG,KAAM+B,GALnCu2F,GAAoBgS,GAAiC,WAwBxE,SAASD,GAA8Bn9F,GACnC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,uBAIjD,CAMA,SAAS09F,GAAiClqG,GAEtC,OAAOknG,GADQlnG,EAAOqpG,qBAE1B,CAYA,SAASgB,GAAuDrqG,EAAQgE,GACjC,YAA/BhE,EAAOsqG,oBACPtB,GAAiChpG,EAAQgE,GAkTjD,SAAmDhE,EAAQwB,GACvDkoG,GAA+C1pG,EAAQwB,EAC3D,CAjTQ+oG,CAA0CvqG,EAAQgE,EAE1D,CACA,SAAS0kG,GAAsD1oG,EAAQgE,GACjC,YAA9BhE,EAAOwqG,mBACPC,GAAgCzqG,EAAQgE,GAkVhD,SAAkDhE,EAAQwB,GACtDgoG,GAA8CxpG,EAAQwB,EAC1D,CAjVQkpG,CAAyC1qG,EAAQgE,EAEzD,CAYA,SAASmmG,GAAmCnqG,GACxC,MAAMK,EAASL,EAAOqpG,qBAChBsB,EAAgB,IAAIn5E,UAAU,oFACpCk3E,GAAsD1oG,EAAQ2qG,GAG9DN,GAAuDrqG,EAAQ2qG,GAC/DtqG,EAAOgnG,aAAU9mG,EACjBP,EAAOqpG,0BAAuB9oG,CAClC,CACA,SAAS6pG,GAAiCpqG,EAAQqB,GAC9C,MAAMhB,EAASL,EAAOqpG,qBAChB9lG,EAAalD,EAAOinG,0BACpBnlC,EAqIV,SAAqD5+D,EAAYlC,GAC7D,IACI,OAAOkC,EAAWqnG,uBAAuBvpG,GAE7C,MAAOwpG,GAEH,OADAC,GAA6CvnG,EAAYsnG,GAClD,EAEf,CA7IsBE,CAA4CxnG,EAAYlC,GAC1E,GAAIhB,IAAWL,EAAOqpG,qBAClB,OAAOzR,GAAoBiS,GAA2B,aAE1D,MAAM/6D,EAAQzuC,EAAO45F,OACrB,GAAc,YAAVnrD,EACA,OAAO8oD,GAAoBv3F,EAAOi6F,cAEtC,GAAI2M,GAAoC5mG,IAAqB,WAAVyuC,EAC/C,OAAO8oD,GAAoB,IAAIpmE,UAAU,6DAE7C,GAAc,aAAVsd,EACA,OAAO8oD,GAAoBv3F,EAAOi6F,cAEtC,MAAMl6E,EArXV,SAAuC/f,GAQnC,OAPgBo3F,IAAW,CAACj4F,EAASC,KACjC,MAAMopG,EAAe,CACjBd,SAAUvoG,EACVwoG,QAASvoG,GAEbY,EAAOknG,eAAepmG,KAAK0nG,EAAa,GAGhD,CA4WoBmC,CAA8B3qG,GAE9C,OAiIJ,SAA8CkD,EAAYlC,EAAO8gE,GAC7D,IACIk9B,GAAqB97F,EAAYlC,EAAO8gE,GAE5C,MAAO8oC,GAEH,YADAH,GAA6CvnG,EAAY0nG,GAG7D,MAAM5qG,EAASkD,EAAW2nG,0BAC1B,IAAKjE,GAAoC5mG,IAA6B,aAAlBA,EAAO45F,OAAuB,CAE9EgP,GAAiC5oG,EADZ8qG,GAA+C5nG,IAGxEglG,GAAoDhlG,EACxD,CAhJI6nG,CAAqC7nG,EAAYlC,EAAO8gE,GACjD/hD,CACX,CAtGA3V,OAAOkzF,iBAAiByJ,GAA4B9mG,UAAW,CAC3DiB,MAAO,CAAE+jC,YAAY,GACrBhkC,MAAO,CAAEgkC,YAAY,GACrBplC,YAAa,CAAEolC,YAAY,GAC3BlkC,MAAO,CAAEkkC,YAAY,GACrBnlC,OAAQ,CAAEmlC,YAAY,GACtB21C,YAAa,CAAE31C,YAAY,GAC3B38B,MAAO,CAAE28B,YAAY,KAEiB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAeq8F,GAA4B9mG,UAAWw2F,GAAe8G,YAAa,CACrFj9F,MAAO,8BACP4kC,cAAc,IA2FtB,MAAM+iE,GAAgB,GAMtB,MAAM/B,GACFnnG,cACI,MAAM,IAAIoyB,UAAU,uBASxBxtB,MAAMD,EAAIxD,WACN,IAgCR,SAA2CiM,GACvC,IAAK2qF,GAAa3qF,GACd,OAAO,EAEX,IAAK/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BACzC,OAAO,EAEX,OAAO,CACX,CAxCa6+F,CAAkC/rG,MACnC,MAAM,IAAIkyB,UAAU,yGAGV,aADAlyB,KAAK4rG,0BAA0BjR,QAM7CqR,GAAqChsG,KAAMyE,GAG/Ci3F,CAACA,IAAYx5F,GACT,MAAMT,EAASzB,KAAKisG,gBAAgB/pG,GAEpC,OADAgqG,GAA+ClsG,MACxCyB,EAGXk6F,CAACA,MACGqE,GAAWhgG,OAsBnB,SAASqnG,GAAqCtmG,EAAQkD,EAAYkhG,EAAgB+B,EAAgBC,EAAgBC,EAAgBr9F,EAAei9F,GAC7I/iG,EAAW2nG,0BAA4B7qG,EACvCA,EAAOinG,0BAA4B/jG,EAEnCA,EAAW47F,YAAS5+F,EACpBgD,EAAW67F,qBAAkB7+F,EAC7B++F,GAAW/7F,GACXA,EAAW++F,UAAW,EACtB/+F,EAAWqnG,uBAAyBtE,EACpC/iG,EAAW+gG,aAAej7F,EAC1B9F,EAAWkoG,gBAAkBjF,EAC7BjjG,EAAWmoG,gBAAkBjF,EAC7BljG,EAAWgoG,gBAAkB7E,EAC7B,MAAMwC,EAAeiC,GAA+C5nG,GACpE0lG,GAAiC5oG,EAAQ6oG,GAGzClR,GADqBL,GADD8M,MAEM,KACtBlhG,EAAW++F,UAAW,EACtBiG,GAAoDhlG,EAAW,IAChE8J,IACC9J,EAAW++F,UAAW,EACtBkG,GAAgCnoG,EAAQgN,EAAE,GAElD,CAsBA,SAASm+F,GAA+CjoG,GACpDA,EAAWkoG,qBAAkBlrG,EAC7BgD,EAAWmoG,qBAAkBnrG,EAC7BgD,EAAWgoG,qBAAkBhrG,EAC7BgD,EAAWqnG,4BAAyBrqG,CACxC,CAcA,SAASupG,GAA8CvmG,GACnD,OAAOA,EAAW+gG,aAAe/gG,EAAW67F,eAChD,CAiBA,SAASmJ,GAAoDhlG,GACzD,MAAMlD,EAASkD,EAAW2nG,0BAC1B,IAAK3nG,EAAW++F,SACZ,OAEJ,QAAqC/hG,IAAjCF,EAAOmnG,sBACP,OAGJ,GAAc,aADAnnG,EAAO45F,OAGjB,YADAwO,GAA6BpoG,GAGjC,GAAiC,IAA7BkD,EAAW47F,OAAOz+F,OAClB,OAEJ,MAAMC,EAAuB4C,EA1kDN47F,OAAOtF,OAClBl5F,MA0kDRA,IAAU2nG,GAYlB,SAAqD/kG,GACjD,MAAMlD,EAASkD,EAAW2nG,2BA1b9B,SAAgD7qG,GAC5CA,EAAOqnG,sBAAwBrnG,EAAOonG,cACtCpnG,EAAOonG,mBAAgBlnG,CAC3B,EAwbIorG,CAAuCtrG,GACvC2+F,GAAaz7F,GACb,MAAMqoG,EAAmBroG,EAAWmoG,kBACpCF,GAA+CjoG,GAC/Cy0F,GAAY4T,GAAkB,MAxelC,SAA2CvrG,GACvCA,EAAOqnG,sBAAsBK,cAASxnG,GACtCF,EAAOqnG,2BAAwBnnG,EAEjB,aADAF,EAAO45F,SAGjB55F,EAAOi6F,kBAAe/5F,OACcA,IAAhCF,EAAOsnG,uBACPtnG,EAAOsnG,qBAAqBI,WAC5B1nG,EAAOsnG,0BAAuBpnG,IAGtCF,EAAO45F,OAAS,SAChB,MAAMj6F,EAASK,EAAOgnG,aACP9mG,IAAXP,GACAypG,GAAkCzpG,EAE1C,CAwdQ6rG,CAAkCxrG,EAAO,IAC1CmB,KAxdP,SAAoDnB,EAAQ2D,GACxD3D,EAAOqnG,sBAAsBM,QAAQhkG,GACrC3D,EAAOqnG,2BAAwBnnG,OAEKA,IAAhCF,EAAOsnG,uBACPtnG,EAAOsnG,qBAAqBK,QAAQhkG,GACpC3D,EAAOsnG,0BAAuBpnG,GAElCioG,GAAgCnoG,EAAQ2D,EAC5C,CAgdQ8nG,CAA2CzrG,EAAQmB,EAAO,GAElE,CAtBQuqG,CAA4CxoG,GAuBpD,SAAqDA,EAAYlC,GAC7D,MAAMhB,EAASkD,EAAW2nG,2BAlc9B,SAAqD7qG,GACjDA,EAAOmnG,sBAAwBnnG,EAAOknG,eAAe3hG,OACzD,CAicIomG,CAA4C3rG,GAC5C,MAAM4rG,EAAmB1oG,EAAWkoG,gBAAgBpqG,GACpD22F,GAAYiU,GAAkB,MA3flC,SAA2C5rG,GACvCA,EAAOmnG,sBAAsBO,cAASxnG,GACtCF,EAAOmnG,2BAAwBjnG,CACnC,CAyfQ2rG,CAAkC7rG,GAClC,MAAMyuC,EAAQzuC,EAAO45F,OAErB,GADA+E,GAAaz7F,IACR0jG,GAAoC5mG,IAAqB,aAAVyuC,EAAsB,CACtE,MAAMo6D,EAAeiC,GAA+C5nG,GACpE0lG,GAAiC5oG,EAAQ6oG,GAE7CX,GAAoDhlG,EAAW,IAChE/B,IACuB,aAAlBnB,EAAO45F,QACPuR,GAA+CjoG,GAlgB3D,SAAoDlD,EAAQ2D,GACxD3D,EAAOmnG,sBAAsBQ,QAAQhkG,GACrC3D,EAAOmnG,2BAAwBjnG,EAC/BioG,GAAgCnoG,EAAQ2D,EAC5C,CAggBQmoG,CAA2C9rG,EAAQmB,EAAO,GAElE,CAvCQ4qG,CAA4C7oG,EAAY5C,EAEhE,CACA,SAASmqG,GAA6CvnG,EAAYS,GACV,aAAhDT,EAAW2nG,0BAA0BjR,QACrCqR,GAAqC/nG,EAAYS,EAEzD,CAiCA,SAASmnG,GAA+C5nG,GAEpD,OADoBumG,GAA8CvmG,IAC5C,CAC1B,CAEA,SAAS+nG,GAAqC/nG,EAAYS,GACtD,MAAM3D,EAASkD,EAAW2nG,0BAC1BM,GAA+CjoG,GAC/C4kG,GAA4B9nG,EAAQ2D,EACxC,CAEA,SAAS8iG,GAA4Bl8F,GACjC,OAAO,IAAI4mB,UAAU,4BAA4B5mB,yCACrD,CAEA,SAASg/F,GAAiCh/F,GACtC,OAAO,IAAI4mB,UAAU,yCAAyC5mB,sDAClE,CACA,SAASi/F,GAA2Bj/F,GAChC,OAAO,IAAI4mB,UAAU,UAAY5mB,EAAO,oCAC5C,CACA,SAAS2+F,GAAqCvpG,GAC1CA,EAAO66F,eAAiBpD,IAAW,CAACj4F,EAASC,KACzCO,EAAO86F,uBAAyBt7F,EAChCQ,EAAO+6F,sBAAwBt7F,EAC/BO,EAAOsqG,oBAAsB,SAAS,GAE9C,CACA,SAASZ,GAA+C1pG,EAAQwB,GAC5D+nG,GAAqCvpG,GACrCgpG,GAAiChpG,EAAQwB,EAC7C,CAKA,SAASwnG,GAAiChpG,EAAQwB,QACTjB,IAAjCP,EAAO+6F,wBAGXzC,GAA0Bt4F,EAAO66F,gBACjC76F,EAAO+6F,sBAAsBv5F,GAC7BxB,EAAO86F,4BAAyBv6F,EAChCP,EAAO+6F,2BAAwBx6F,EAC/BP,EAAOsqG,oBAAsB,WACjC,CAIA,SAASb,GAAkCzpG,QACDO,IAAlCP,EAAO86F,yBAGX96F,EAAO86F,4BAAuBv6F,GAC9BP,EAAO86F,4BAAyBv6F,EAChCP,EAAO+6F,2BAAwBx6F,EAC/BP,EAAOsqG,oBAAsB,WACjC,CACA,SAASnB,GAAoCnpG,GACzCA,EAAOgqG,cAAgBvS,IAAW,CAACj4F,EAASC,KACxCO,EAAOqsG,sBAAwB7sG,EAC/BQ,EAAOssG,qBAAuB7sG,CAAM,IAExCO,EAAOwqG,mBAAqB,SAChC,CACA,SAAShB,GAA8CxpG,EAAQwB,GAC3D2nG,GAAoCnpG,GACpCyqG,GAAgCzqG,EAAQwB,EAC5C,CACA,SAAS8nG,GAA8CtpG,GACnDmpG,GAAoCnpG,GACpCqoG,GAAiCroG,EACrC,CACA,SAASyqG,GAAgCzqG,EAAQwB,QACTjB,IAAhCP,EAAOssG,uBAGXhU,GAA0Bt4F,EAAOgqG,eACjChqG,EAAOssG,qBAAqB9qG,GAC5BxB,EAAOqsG,2BAAwB9rG,EAC/BP,EAAOssG,0BAAuB/rG,EAC9BP,EAAOwqG,mBAAqB,WAChC,CAOA,SAASnC,GAAiCroG,QACDO,IAAjCP,EAAOqsG,wBAGXrsG,EAAOqsG,2BAAsB9rG,GAC7BP,EAAOqsG,2BAAwB9rG,EAC/BP,EAAOssG,0BAAuB/rG,EAC9BP,EAAOwqG,mBAAqB,YAChC,CArQA//F,OAAOkzF,iBAAiB4I,GAAgCjmG,UAAW,CAC/D0D,MAAO,CAAEshC,YAAY,KAEiB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAew7F,GAAgCjmG,UAAWw2F,GAAe8G,YAAa,CACzFj9F,MAAO,kCACP4kC,cAAc,IA+QtB,MAAMgnE,GAA6C,oBAAjBC,aAA+BA,kBAAejsG,EA6BhF,MAAMksG,GA1BN,SAAmCtnE,GAC/B,GAAsB,mBAATA,GAAuC,iBAATA,EACvC,OAAO,EAEX,IAEI,OADA,IAAIA,GACG,EAEX,MAAOunE,GACH,OAAO,EAEf,CAeuBC,CAA0BJ,IAAsBA,GAdvE,WAEI,MAAMpnE,EAAO,SAAsBlsB,EAASrO,GACxCtL,KAAK2Z,QAAUA,GAAW,GAC1B3Z,KAAKsL,KAAOA,GAAQ,QAChBlI,MAAMikD,mBACNjkD,MAAMikD,kBAAkBrnD,KAAMA,KAAKF,cAK3C,OADAqL,OAAOM,eADPo6B,EAAK7kC,UAAYmK,OAAOy6B,OAAOxiC,MAAMpC,WACC,cAAe,CAAEK,MAAOwkC,EAAMh9B,UAAU,EAAMo9B,cAAc,IAC3FJ,CACX,CAE4FynE,GAE5F,SAASC,GAAqBrjB,EAAQ14B,EAAMzoD,EAAcI,EAAcC,EAAeokG,GACnF,MAAM7nG,EAASs3F,GAAmC/S,GAC5CxpF,EAASmnG,GAAmCr2C,GAClD04B,EAAOgU,YAAa,EACpB,IAAIuP,GAAe,EAEfC,EAAerV,QAAoBp3F,GACvC,OAAOk3F,IAAW,CAACj4F,EAASC,KACxB,IAAIinG,EACJ,QAAenmG,IAAXusG,EAAsB,CAsBtB,GArBApG,EAAiB,KACb,MAAM1iG,EAAQ,IAAIyoG,GAAe,UAAW,cACtCQ,EAAU,GACXxkG,GACDwkG,EAAQ9rG,MAAK,IACW,aAAhB2vD,EAAKmpC,OACE+M,GAAoBl2C,EAAM9sD,GAE9B2zF,QAAoBp3F,KAG9BmI,GACDukG,EAAQ9rG,MAAK,IACa,aAAlBqoF,EAAOyQ,OACAO,GAAqBhR,EAAQxlF,GAEjC2zF,QAAoBp3F,KAGnC2sG,GAAmB,IAAM3tG,QAAQ+H,IAAI2lG,EAAQrlG,KAAIulG,GAAUA,SAAY,EAAMnpG,EAAM,EAEnF8oG,EAAOM,QAEP,YADA1G,IAGJoG,EAAOO,iBAAiB,QAAS3G,GAiErC,GA3BA4G,EAAmB9jB,EAAQvkF,EAAO41F,gBAAgB+N,IACzCngG,EAID8kG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAMlG,GAAoBl2C,EAAM83C,KAAc,EAAMA,MAO/E0E,EAAmBx8C,EAAM9wD,EAAO66F,gBAAgB+N,IACvClgG,EAID6kG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAM1S,GAAqBhR,EAAQof,KAAc,EAAMA,MAwClF,SAA2BvoG,EAAQ+f,EAAS+sF,GAClB,WAAlB9sG,EAAO45F,OACPkT,IAGAlV,GAAgB73E,EAAS+sF,GAtCjCK,CAAkBhkB,EAAQvkF,EAAO41F,gBAAgB,KACxCxyF,EAIDklG,IAHAL,GAAmB,IA9fnC,SAA8DltG,GAC1D,MAAMK,EAASL,EAAOqpG,qBAChBv6D,EAAQzuC,EAAO45F,OACrB,OAAIgN,GAAoC5mG,IAAqB,WAAVyuC,EACxC6oD,QAAoBp3F,GAEjB,YAAVuuC,EACO8oD,GAAoBv3F,EAAOi6F,cAE/B4P,GAAiClqG,EAC5C,CAofyCytG,CAAqDztG,QAOlFinG,GAAoCn2C,IAAyB,WAAhBA,EAAKmpC,OAAqB,CACvE,MAAMyT,EAAa,IAAIl8E,UAAU,+EAC5B9oB,EAID6kG,GAAS,EAAMG,GAHfR,GAAmB,IAAM1S,GAAqBhR,EAAQkkB,KAAa,EAAMA,GAOjF,SAASC,IAGL,MAAMC,EAAkBZ,EACxB,OAAOnV,GAAmBmV,GAAc,IAAMY,IAAoBZ,EAAeW,SAA0BptG,IAE/G,SAAS+sG,EAAmBjtG,EAAQ+f,EAAS+sF,GACnB,YAAlB9sG,EAAO45F,OACPkT,EAAO9sG,EAAOi6F,cAGdpC,GAAc93E,EAAS+sF,GAW/B,SAASD,EAAmBC,EAAQU,EAAiBC,GAWjD,SAASC,IACL/V,GAAYmV,KAAU,IAAMxzE,EAASk0E,EAAiBC,KAAgBE,GAAYr0E,GAAS,EAAMq0E,KAXjGjB,IAGJA,GAAe,EACK,aAAhBj8C,EAAKmpC,QAA0BgN,GAAoCn2C,GAInEi9C,IAHA9V,GAAgB0V,IAAyBI,IASjD,SAASR,EAASU,EAASjqG,GACnB+oG,IAGJA,GAAe,EACK,aAAhBj8C,EAAKmpC,QAA0BgN,GAAoCn2C,GAInEn3B,EAASs0E,EAASjqG,GAHlBi0F,GAAgB0V,KAAyB,IAAMh0E,EAASs0E,EAASjqG,MAMzE,SAAS21B,EAASs0E,EAASjqG,GACvBmmG,GAAmCnqG,GACnCy6F,GAAmCx1F,QACpB1E,IAAXusG,GACAA,EAAOoB,oBAAoB,QAASxH,GAEpCuH,EACAxuG,EAAOuE,GAGPxE,OAAQe,GA5DhB+3F,GApEWb,IAAW,CAAC0W,EAAaC,MAC5B,SAASrrC,EAAKniE,GACNA,EACAutG,IAKAtW,GAORkV,EACOpV,IAAoB,GAExBE,GAAmB73F,EAAOgqG,eAAe,IACrCvS,IAAW,CAAC4W,EAAaC,KAC5BhR,GAAgCr4F,EAAQ,CACpC63F,YAAaz7F,IACT2rG,EAAenV,GAAmBuS,GAAiCpqG,EAAQqB,QAAQd,EAAW02F,IAC9FoX,GAAY,EAAM,EAEtBxR,YAAa,IAAMwR,GAAY,GAC/B9Q,YAAa+Q,GACf,MAnBiCvrC,EAAMqrC,GAG7CrrC,EAAK,EAAM,OAyH3B,CAOA,MAAMwrC,GACFnvG,cACI,MAAM,IAAIoyB,UAAU,uBAMpBypD,kBACA,IAAKuzB,GAAkClvG,MACnC,MAAMmvG,GAAuC,eAEjD,OAAOC,GAA8CpvG,MAMzDgC,QACI,IAAKktG,GAAkClvG,MACnC,MAAMmvG,GAAuC,SAEjD,IAAKE,GAAiDrvG,MAClD,MAAM,IAAIkyB,UAAU,mDAExBo9E,GAAqCtvG,MAEzCwE,QAAQzC,EAAQd,WACZ,IAAKiuG,GAAkClvG,MACnC,MAAMmvG,GAAuC,WAEjD,IAAKE,GAAiDrvG,MAClD,MAAM,IAAIkyB,UAAU,qDAExB,OAAOq9E,GAAuCvvG,KAAM+B,GAKxD2C,MAAMD,EAAIxD,WACN,IAAKiuG,GAAkClvG,MACnC,MAAMmvG,GAAuC,SAEjDK,GAAqCxvG,KAAMyE,GAG/Cm3F,CAACA,IAAa15F,GACV89F,GAAWhgG,MACX,MAAMyB,EAASzB,KAAKqiG,iBAAiBngG,GAErC,OADAutG,GAA+CzvG,MACxCyB,EAGXo6F,CAACA,IAAWuB,GACR,MAAMr8F,EAASf,KAAK0vG,0BACpB,GAAI1vG,KAAK6/F,OAAOz+F,OAAS,EAAG,CACxB,MAAMW,EAAQ29F,GAAa1/F,MACvBA,KAAKyhG,iBAA0C,IAAvBzhG,KAAK6/F,OAAOz+F,QACpCquG,GAA+CzvG,MAC/C6hG,GAAoB9gG,IAGpB4uG,GAAgD3vG,MAEpDo9F,EAAYI,YAAYz7F,QAGxBo7F,GAA6Bp8F,EAAQq8F,GACrCuS,GAAgD3vG,OAiB5D,SAASkvG,GAAkChiG,GACvC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAASyiG,GAAgD1rG,GAErD,IADmB2rG,GAA8C3rG,GAE7D,OAEJ,GAAIA,EAAWk/F,SAEX,YADAl/F,EAAWm/F,YAAa,GAG5Bn/F,EAAWk/F,UAAW,EAEtBzK,GADoBz0F,EAAWo/F,kBACN,KACrBp/F,EAAWk/F,UAAW,EAClBl/F,EAAWm/F,aACXn/F,EAAWm/F,YAAa,EACxBuM,GAAgD1rG,OAErDQ,IACC+qG,GAAqCvrG,EAAYQ,EAAE,GAE3D,CACA,SAASmrG,GAA8C3rG,GACnD,MAAMlD,EAASkD,EAAWyrG,0BAC1B,IAAKL,GAAiDprG,GAClD,OAAO,EAEX,IAAKA,EAAW++F,SACZ,OAAO,EAEX,GAAIpF,GAAuB78F,IAAW08F,GAAiC18F,GAAU,EAC7E,OAAO,EAGX,OADoBquG,GAA8CnrG,GAChD,CAItB,CACA,SAASwrG,GAA+CxrG,GACpDA,EAAWo/F,oBAAiBpiG,EAC5BgD,EAAWo+F,sBAAmBphG,EAC9BgD,EAAWqnG,4BAAyBrqG,CACxC,CAEA,SAASquG,GAAqCrrG,GAC1C,IAAKorG,GAAiDprG,GAClD,OAEJ,MAAMlD,EAASkD,EAAWyrG,0BAC1BzrG,EAAWw9F,iBAAkB,EACI,IAA7Bx9F,EAAW47F,OAAOz+F,SAClBquG,GAA+CxrG,GAC/C49F,GAAoB9gG,GAE5B,CACA,SAASwuG,GAAuCtrG,EAAYlC,GACxD,IAAKstG,GAAiDprG,GAClD,OAEJ,MAAMlD,EAASkD,EAAWyrG,0BAC1B,GAAI9R,GAAuB78F,IAAW08F,GAAiC18F,GAAU,EAC7Eu8F,GAAiCv8F,EAAQgB,GAAO,OAE/C,CACD,IAAI8gE,EACJ,IACIA,EAAY5+D,EAAWqnG,uBAAuBvpG,GAElD,MAAOwpG,GAEH,MADAiE,GAAqCvrG,EAAYsnG,GAC3CA,EAEV,IACIxL,GAAqB97F,EAAYlC,EAAO8gE,GAE5C,MAAO8oC,GAEH,MADA6D,GAAqCvrG,EAAY0nG,GAC3CA,GAGdgE,GAAgD1rG,EACpD,CACA,SAASurG,GAAqCvrG,EAAYQ,GACtD,MAAM1D,EAASkD,EAAWyrG,0BACJ,aAAlB3uG,EAAO45F,SAGXqF,GAAW/7F,GACXwrG,GAA+CxrG,GAC/C8gG,GAAoBhkG,EAAQ0D,GAChC,CACA,SAAS2qG,GAA8CnrG,GACnD,MAAMurC,EAAQvrC,EAAWyrG,0BAA0B/U,OACnD,MAAc,YAAVnrD,EACO,KAEG,WAAVA,EACO,EAEJvrC,EAAW+gG,aAAe/gG,EAAW67F,eAChD,CAQA,SAASuP,GAAiDprG,GACtD,MAAMurC,EAAQvrC,EAAWyrG,0BAA0B/U,OACnD,OAAK12F,EAAWw9F,iBAA6B,aAAVjyD,CAIvC,CACA,SAASqgE,GAAqC9uG,EAAQkD,EAAYkhG,EAAgBC,EAAeC,EAAiBt7F,EAAei9F,GAC7H/iG,EAAWyrG,0BAA4B3uG,EACvCkD,EAAW47F,YAAS5+F,EACpBgD,EAAW67F,qBAAkB7+F,EAC7B++F,GAAW/7F,GACXA,EAAW++F,UAAW,EACtB/+F,EAAWw9F,iBAAkB,EAC7Bx9F,EAAWm/F,YAAa,EACxBn/F,EAAWk/F,UAAW,EACtBl/F,EAAWqnG,uBAAyBtE,EACpC/iG,EAAW+gG,aAAej7F,EAC1B9F,EAAWo/F,eAAiB+B,EAC5BnhG,EAAWo+F,iBAAmBgD,EAC9BtkG,EAAOo9F,0BAA4Bl6F,EAEnCy0F,GAAYL,GADQ8M,MAC0B,KAC1ClhG,EAAW++F,UAAW,EACtB2M,GAAgD1rG,EAAW,IAC5D8J,IACCyhG,GAAqCvrG,EAAY8J,EAAE,GAE3D,CAkBA,SAASohG,GAAuC7jG,GAC5C,OAAO,IAAI4mB,UAAU,6CAA6C5mB,0DACtE,CAwHA,SAASwkG,GAAsCzlG,EAAIg8F,EAAUlK,GAEzD,OADAC,GAAe/xF,EAAI8xF,GACXj6F,GAAWq3F,GAAYlvF,EAAIg8F,EAAU,CAACnkG,GAClD,CACA,SAAS6tG,GAAoC1lG,EAAIg8F,EAAUlK,GAEvD,OADAC,GAAe/xF,EAAI8xF,GACXl4F,GAAes1F,GAAYlvF,EAAIg8F,EAAU,CAACpiG,GACtD,CACA,SAAS+rG,GAAqC3lG,EAAIg8F,EAAUlK,GAExD,OADAC,GAAe/xF,EAAI8xF,GACXl4F,GAAem1F,GAAY/uF,EAAIg8F,EAAU,CAACpiG,GACtD,CACA,SAASgsG,GAA0B71F,EAAM+hF,GAErC,GAAa,WADb/hF,EAAO,GAAGA,GAEN,MAAM,IAAI8X,UAAU,GAAGiqE,MAAY/hF,8DAEvC,OAAOA,CACX,CASA,SAAS81F,GAAgC/hF,EAAMguE,GAE3C,GAAa,UADbhuE,EAAO,GAAGA,GAEN,MAAM,IAAI+D,UAAU,GAAGiqE,MAAYhuE,oEAEvC,OAAOA,CACX,CAQA,SAASgiF,GAAmBlrG,EAASk3F,GACjCD,GAAiBj3F,EAASk3F,GAC1B,MAAMhzF,EAAelE,aAAyC,EAASA,EAAQkE,aACzEC,EAAgBnE,aAAyC,EAASA,EAAQmE,cAC1EL,EAAe9D,aAAyC,EAASA,EAAQ8D,aACzEykG,EAASvoG,aAAyC,EAASA,EAAQuoG,OAIzE,YAHevsG,IAAXusG,GAUR,SAA2BA,EAAQrR,GAC/B,IA7oBJ,SAAuB96F,GACnB,GAAqB,iBAAVA,GAAgC,OAAVA,EAC7B,OAAO,EAEX,IACI,MAAgC,kBAAlBA,EAAMysG,QAExB,MAAOV,GAEH,OAAO,EAEf,CAkoBSgD,CAAc5C,GACf,MAAM,IAAIt7E,UAAaiqE,EAAH,0BAE5B,CAbQkU,CAAkB7C,EAAWrR,EAAH,6BAEvB,CACHhzF,eAAsBA,EACtBC,gBAAuBA,EACvBL,eAAsBA,EACtBykG,SAER,CAlWAriG,OAAOkzF,iBAAiB4Q,GAAgCjuG,UAAW,CAC/DgB,MAAO,CAAEgkC,YAAY,GACrBxhC,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAewjG,GAAgCjuG,UAAWw2F,GAAe8G,YAAa,CACzFj9F,MAAO,kCACP4kC,cAAc,IAgXtB,MAAMtjC,GACF7C,YAAYwwG,EAAsB,GAAI1J,EAAc,SACpB3lG,IAAxBqvG,EACAA,EAAsB,KAGtBjU,GAAaiU,EAAqB,mBAEtC,MAAM31C,EAAWurC,GAAuBU,EAAa,oBAC/C2J,EAhHd,SAA8CrmB,EAAQiS,GAClDD,GAAiBhS,EAAQiS,GACzB,MAAMkK,EAAWnc,EACXsY,EAAwB6D,aAA2C,EAASA,EAAS7D,sBACrF39F,EAASwhG,aAA2C,EAASA,EAASxhG,OACtEF,EAAO0hG,aAA2C,EAASA,EAAS1hG,KACpEX,EAAQqiG,aAA2C,EAASA,EAASriG,MACrEoW,EAAOisF,aAA2C,EAASA,EAASjsF,KAC1E,MAAO,CACHooF,2BAAiDvhG,IAA1BuhG,OACnBvhG,EACA27F,GAAwC4F,EAA0BrG,EAAH,4CACnEt3F,YAAmB5D,IAAX4D,OACJ5D,EACA6uG,GAAsCjrG,EAAQwhG,EAAalK,EAAH,6BAC5Dx3F,UAAe1D,IAAT0D,OACF1D,EACA8uG,GAAoCprG,EAAM0hG,EAAalK,EAAH,2BACxDn4F,WAAiB/C,IAAV+C,OACH/C,EACA+uG,GAAqChsG,EAAOqiG,EAAalK,EAAH,4BAC1D/hF,UAAenZ,IAATmZ,OAAqBnZ,EAAYgvG,GAA0B71F,EAAS+hF,EAAH,2BAE/E,CAyFiCqU,CAAqCF,EAAqB,mBAEnF,GADAG,GAAyBzwG,MACK,UAA1BuwG,EAAiBn2F,KAAkB,CACnC,QAAsBnZ,IAAlB05D,EAASv1D,KACT,MAAM,IAAIwwC,WAAW,8DAGzBqvD,GAAsDjlG,KAAMuwG,EADtCxK,GAAqBprC,EAAU,QAGpD,CACD,MAAMqsC,EAAgBf,GAAqBtrC,IA7OvD,SAAkE55D,EAAQwvG,EAAkBxmG,EAAei9F,GACvG,MAAM/iG,EAAakH,OAAOy6B,OAAOqpE,GAAgCjuG,WACjE,IAAImkG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBp3F,GAC1CokG,EAAkB,IAAMhN,QAAoBp3F,QACjBA,IAA3BsvG,EAAiBvsG,QACjBmhG,EAAiB,IAAMoL,EAAiBvsG,MAAMC,SAEpBhD,IAA1BsvG,EAAiB5rG,OACjBygG,EAAgB,IAAMmL,EAAiB5rG,KAAKV,SAEhBhD,IAA5BsvG,EAAiB1rG,SACjBwgG,EAAkBnjG,GAAUquG,EAAiB1rG,OAAO3C,IAExD2tG,GAAqC9uG,EAAQkD,EAAYkhG,EAAgBC,EAAeC,EAAiBt7F,EAAei9F,EAC5H,CAgOY0J,CAAyD1wG,KAAMuwG,EADzCxK,GAAqBprC,EAAU,GAC2CqsC,IAMpGO,aACA,IAAKvK,GAAiBh9F,MAClB,MAAM2wG,GAA4B,UAEtC,OAAO/S,GAAuB59F,MAQlC6E,OAAO3C,EAASjB,WACZ,OAAK+7F,GAAiBh9F,MAGlB49F,GAAuB59F,MAChBs4F,GAAoB,IAAIpmE,UAAU,qDAEtCgpE,GAAqBl7F,KAAMkC,GALvBo2F,GAAoBqY,GAA4B,WAO/DpwG,UAAUqwG,EAAa3vG,WACnB,IAAK+7F,GAAiBh9F,MAClB,MAAM2wG,GAA4B,aAEtC,MAAM1rG,EA/Gd,SAA8BA,EAASk3F,GACnCD,GAAiBj3F,EAASk3F,GAC1B,MAAMhuE,EAAOlpB,aAAyC,EAASA,EAAQkpB,KACvE,MAAO,CACHA,UAAeltB,IAATktB,OAAqBltB,EAAYivG,GAAgC/hF,EAASguE,EAAH,2BAErF,CAyGwB0U,CAAqBD,EAAY,mBACjD,YAAqB3vG,IAAjBgE,EAAQkpB,KACD8uE,GAAmCj9F,MA3zDtD,SAAyCe,GACrC,OAAO,IAAI0kG,GAAyB1kG,EACxC,CA2zDe+vG,CAAgC9wG,MAE3C+wG,YAAYC,EAAcJ,EAAa,IACnC,IAAK5T,GAAiBh9F,MAClB,MAAM2wG,GAA4B,eAEtCrU,GAAuB0U,EAAc,EAAG,eACxC,MAAMzoG,EA/Ed,SAAqCq3F,EAAMzD,GACvCD,GAAiB0D,EAAMzD,GACvB,MAAMvzF,EAAWg3F,aAAmC,EAASA,EAAKh3F,SAClE4zF,GAAoB5zF,EAAU,WAAY,wBAC1Cm0F,GAAqBn0F,EAAauzF,EAAH,+BAC/B,MAAMtzF,EAAW+2F,aAAmC,EAASA,EAAK/2F,SAGlE,OAFA2zF,GAAoB3zF,EAAU,WAAY,wBAC1C49F,GAAqB59F,EAAaszF,EAAH,+BACxB,CAAEvzF,WAAUC,WACvB,CAsE0BooG,CAA4BD,EAAc,mBACtD/rG,EAAUkrG,GAAmBS,EAAY,oBAC/C,GAAIhT,GAAuB59F,MACvB,MAAM,IAAIkyB,UAAU,kFAExB,GAAIu1E,GAAuBl/F,EAAUM,UACjC,MAAM,IAAIqpB,UAAU,kFAIxB,OADA8mE,GADgBuU,GAAqBvtG,KAAMuI,EAAUM,SAAU5D,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQuoG,SAEnIjlG,EAAUK,SAErBU,OAAO4nG,EAAaN,EAAa,IAC7B,IAAK5T,GAAiBh9F,MAClB,OAAOs4F,GAAoBqY,GAA4B,WAE3D,QAAoB1vG,IAAhBiwG,EACA,OAAO5Y,GAAoB,wCAE/B,IAAKoO,GAAiBwK,GAClB,OAAO5Y,GAAoB,IAAIpmE,UAAU,8EAE7C,IAAIjtB,EACJ,IACIA,EAAUkrG,GAAmBS,EAAY,oBAE7C,MAAOnsG,GACH,OAAO6zF,GAAoB7zF,GAE/B,OAAIm5F,GAAuB59F,MAChBs4F,GAAoB,IAAIpmE,UAAU,8EAEzCu1E,GAAuByJ,GAChB5Y,GAAoB,IAAIpmE,UAAU,8EAEtCq7E,GAAqBvtG,KAAMkxG,EAAajsG,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQuoG,QAa9HxiG,MACI,IAAKgyF,GAAiBh9F,MAClB,MAAM2wG,GAA4B,OAEtC,MAAMQ,EAxTd,SAA2BpwG,EAAQqwG,GAC/B,MAAMzrG,EAASs3F,GAAmCl8F,GAClD,IAGIswG,EACAC,EACAC,EACAC,EACAC,EAPAC,GAAU,EACVC,GAAY,EACZC,GAAY,EAMhB,MAAMC,EAAgB1Z,IAAWj4F,IAC7BuxG,EAAuBvxG,CAAO,IAElC,SAASklG,IACL,OAAIsM,IAGJA,GAAU,EAuCV1T,GAAgCr4F,EAtCZ,CAChB63F,YAAan8F,IAIT43F,IAAe,KACXyY,GAAU,EACV,MAAMI,EAASzwG,EACT0wG,EAAS1wG,EAMVswG,GACDpC,GAAuCgC,EAAQpT,0BAA2B2T,GAEzEF,GACDrC,GAAuCiC,EAAQrT,0BAA2B4T,KAEhF,EAENxU,YAAa,KACTmU,GAAU,EACLC,GACDrC,GAAqCiC,EAAQpT,2BAE5CyT,GACDtC,GAAqCkC,EAAQrT,2BAE5CwT,GAAcC,GACfH,OAAqBxwG,IAG7Bg9F,YAAa,KACTyT,GAAU,CAAK,KAtCZrZ,QAAoBp3F,GAgEnC,SAASkkG,KAYT,OATAoM,EAAUS,GAAqB7M,EAAgBC,GAvB/C,SAA0BljG,GAGtB,GAFAyvG,GAAY,EACZN,EAAUnvG,EACN0vG,EAAW,CACX,MAAMK,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBn6F,EAAQkxG,GAClDR,EAAqBS,GAEzB,OAAOL,KAgBXL,EAAUQ,GAAqB7M,EAAgBC,GAd/C,SAA0BljG,GAGtB,GAFA0vG,GAAY,EACZN,EAAUpvG,EACNyvG,EAAW,CACX,MAAMM,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBn6F,EAAQkxG,GAClDR,EAAqBS,GAEzB,OAAOL,KAOXjZ,GAAcjzF,EAAO41F,gBAAiBxtF,IAClCyhG,GAAqC+B,EAAQpT,0BAA2BpwF,GACxEyhG,GAAqCgC,EAAQrT,0BAA2BpwF,GACnE4jG,GAAcC,GACfH,OAAqBxwG,MAGtB,CAACswG,EAASC,EACrB,CA4NyBW,CAAkBnyG,MACnC,OAAOigG,GAAoBkR,GAE/B5pG,OAAOqpG,EAAa3vG,WAChB,IAAK+7F,GAAiBh9F,MAClB,MAAM2wG,GAA4B,UAGtC,OA1jFR,SAA4C5vG,EAAQqI,GAChD,MAAMzD,EAASs3F,GAAmCl8F,GAC5CqxG,EAAO,IAAI5T,GAAgC74F,EAAQyD,GACnDquF,EAAWtsF,OAAOy6B,OAAOq5D,IAE/B,OADAxH,EAAS0H,mBAAqBiT,EACvB3a,CACX,CAojFe4a,CAAmCryG,KAvKlD,SAAgCiF,EAASk3F,GAGrC,OAFAD,GAAiBj3F,EAASk3F,GAEnB,CAAE/yF,iBADanE,aAAyC,EAASA,EAAQmE,eAEpF,CAkKwBkpG,CAAuB1B,EAAY,mBACKxnG,gBA2BhE,SAAS4oG,GAAqB7M,EAAgBC,EAAeC,EAAiBt7F,EAAgB,EAAGi9F,EAAgB,KAAM,IACnH,MAAMjmG,EAASoK,OAAOy6B,OAAOjjC,GAAe3B,WAC5CyvG,GAAyB1vG,GAGzB,OADA8uG,GAAqC9uG,EADlBoK,OAAOy6B,OAAOqpE,GAAgCjuG,WACRmkG,EAAgBC,EAAeC,EAAiBt7F,EAAei9F,GACjHjmG,CACX,CACA,SAAS0vG,GAAyB1vG,GAC9BA,EAAO45F,OAAS,WAChB55F,EAAOmE,aAAUjE,EACjBF,EAAOi6F,kBAAe/5F,EACtBF,EAAOm9F,YAAa,CACxB,CACA,SAASlB,GAAiB9vF,GACtB,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAAS0wF,GAAuB78F,GAC5B,YAAuBE,IAAnBF,EAAOmE,OAIf,CAEA,SAASg2F,GAAqBn6F,EAAQmB,GAElC,GADAnB,EAAOm9F,YAAa,EACE,WAAlBn9F,EAAO45F,OACP,OAAOtC,QAAoBp3F,GAE/B,GAAsB,YAAlBF,EAAO45F,OACP,OAAOrC,GAAoBv3F,EAAOi6F,cAEtC6G,GAAoB9gG,GAEpB,OAAO83F,GADqB93F,EAAOo9F,0BAA0BvC,IAAa15F,GACzBy1F,GACrD,CACA,SAASkK,GAAoB9gG,GACzBA,EAAO45F,OAAS,SAChB,MAAMh1F,EAAS5E,EAAOmE,aACPjE,IAAX0E,IAGJk1F,GAAkCl1F,GAC9Bg4F,GAA8Bh4F,KAC9BA,EAAO03F,cAAc/5F,SAAQ85F,IACzBA,EAAYG,aAAa,IAE7B53F,EAAO03F,cAAgB,IAAI7D,IAEnC,CACA,SAASuL,GAAoBhkG,EAAQ0D,GACjC1D,EAAO45F,OAAS,UAChB55F,EAAOi6F,aAAev2F,EACtB,MAAMkB,EAAS5E,EAAOmE,aACPjE,IAAX0E,IAGJy1F,GAAiCz1F,EAAQlB,GACrCk5F,GAA8Bh4F,IAC9BA,EAAO03F,cAAc/5F,SAAQ85F,IACzBA,EAAYa,YAAYx5F,EAAE,IAE9BkB,EAAO03F,cAAgB,IAAI7D,KAG3B7zF,EAAO+9F,kBAAkBpgG,SAAQmgG,IAC7BA,EAAgBxF,YAAYx5F,EAAE,IAElCkB,EAAO+9F,kBAAoB,IAAIlK,IAEvC,CAEA,SAASmX,GAA4BrlG,GACjC,OAAO,IAAI4mB,UAAU,4BAA4B5mB,yCACrD,CAEA,SAASinG,GAA2B73E,EAAMyhE,GACtCD,GAAiBxhE,EAAMyhE,GACvB,MAAMpyF,EAAgB2wB,aAAmC,EAASA,EAAK3wB,cAEvE,OADAyyF,GAAoBzyF,EAAe,gBAAiB,uBAC7C,CACHA,cAAe2yF,GAA0B3yF,GAEjD,CAhHAoB,OAAOkzF,iBAAiB17F,GAAe3B,UAAW,CAC9C6D,OAAQ,CAAEmhC,YAAY,GACtBzlC,UAAW,CAAEylC,YAAY,GACzB+qE,YAAa,CAAE/qE,YAAY,GAC3B18B,OAAQ,CAAE08B,YAAY,GACtBh7B,IAAK,CAAEg7B,YAAY,GACnBz+B,OAAQ,CAAEy+B,YAAY,GACtBuhE,OAAQ,CAAEvhE,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAe9I,GAAe3B,UAAWw2F,GAAe8G,YAAa,CACxEj9F,MAAO,iBACP4kC,cAAc,IAGsB,iBAAjCuxD,GAAe+G,eACtBpzF,OAAOM,eAAe9I,GAAe3B,UAAWw2F,GAAe+G,cAAe,CAC1El9F,MAAOsB,GAAe3B,UAAUuG,OAChCsB,UAAU,EACVo9B,cAAc,IA+FtB,MAAMusE,GAAyB,SAAczwG,GACzC,OAAOA,EAAMwC,UACjB,EAMA,MAAMkuG,GACF3yG,YAAYmF,GACRq3F,GAAuBr3F,EAAS,EAAG,6BACnCA,EAAUstG,GAA2BttG,EAAS,mBAC9CjF,KAAK0yG,wCAA0CztG,EAAQ8E,cAKvDA,oBACA,IAAK4oG,GAA4B3yG,MAC7B,MAAM4yG,GAA8B,iBAExC,OAAO5yG,KAAK0yG,wCAKZttG,WACA,IAAKutG,GAA4B3yG,MAC7B,MAAM4yG,GAA8B,QAExC,OAAOJ,IAcf,SAASI,GAA8BtnG,GACnC,OAAO,IAAI4mB,UAAU,uCAAuC5mB,oDAChE,CACA,SAASqnG,GAA4BzlG,GACjC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,0CAIjD,CAtBA/B,OAAOkzF,iBAAiBoU,GAA0BzxG,UAAW,CACzD+I,cAAe,CAAEi8B,YAAY,GAC7B5gC,KAAM,CAAE4gC,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAegnG,GAA0BzxG,UAAWw2F,GAAe8G,YAAa,CACnFj9F,MAAO,4BACP4kC,cAAc,IAiBtB,MAAM4sE,GAAoB,WACtB,OAAO,CACX,EAMA,MAAMC,GACFhzG,YAAYmF,GACRq3F,GAAuBr3F,EAAS,EAAG,wBACnCA,EAAUstG,GAA2BttG,EAAS,mBAC9CjF,KAAK+yG,mCAAqC9tG,EAAQ8E,cAKlDA,oBACA,IAAKipG,GAAuBhzG,MACxB,MAAMizG,GAAyB,iBAEnC,OAAOjzG,KAAK+yG,mCAMZ3tG,WACA,IAAK4tG,GAAuBhzG,MACxB,MAAMizG,GAAyB,QAEnC,OAAOJ,IAcf,SAASI,GAAyB3nG,GAC9B,OAAO,IAAI4mB,UAAU,kCAAkC5mB,+CAC3D,CACA,SAAS0nG,GAAuB9lG,GAC5B,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,qCAIjD,CAuBA,SAASgmG,GAAgC7oG,EAAIg8F,EAAUlK,GAEnD,OADAC,GAAe/xF,EAAI8xF,GACXl4F,GAAes1F,GAAYlvF,EAAIg8F,EAAU,CAACpiG,GACtD,CACA,SAASkvG,GAAgC9oG,EAAIg8F,EAAUlK,GAEnD,OADAC,GAAe/xF,EAAI8xF,GACXl4F,GAAem1F,GAAY/uF,EAAIg8F,EAAU,CAACpiG,GACtD,CACA,SAASmvG,GAAoC/oG,EAAIg8F,EAAUlK,GAEvD,OADAC,GAAe/xF,EAAI8xF,GACZ,CAACp6F,EAAOkC,IAAes1F,GAAYlvF,EAAIg8F,EAAU,CAACtkG,EAAOkC,GACpE,CAxDAkH,OAAOkzF,iBAAiByU,GAAqB9xG,UAAW,CACpD+I,cAAe,CAAEi8B,YAAY,GAC7B5gC,KAAM,CAAE4gC,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAeqnG,GAAqB9xG,UAAWw2F,GAAe8G,YAAa,CAC9Ej9F,MAAO,uBACP4kC,cAAc,IA4DtB,MAAMr+B,GACF9H,YAAYuzG,EAAiB,GAAIC,EAAsB,GAAIC,EAAsB,SACtDtyG,IAAnBoyG,IACAA,EAAiB,MAErB,MAAMG,EAAmBtN,GAAuBoN,EAAqB,oBAC/DG,EAAmBvN,GAAuBqN,EAAqB,mBAC/DG,EAlDd,SAA4BrN,EAAUlK,GAClCD,GAAiBmK,EAAUlK,GAC3B,MAAM58B,EAAQ8mC,aAA2C,EAASA,EAAS9mC,MACrEo0C,EAAetN,aAA2C,EAASA,EAASsN,aAC5E3vG,EAAQqiG,aAA2C,EAASA,EAASriG,MACrEuE,EAAY89F,aAA2C,EAASA,EAAS99F,UACzEqrG,EAAevN,aAA2C,EAASA,EAASuN,aAClF,MAAO,CACHr0C,WAAiBt+D,IAAVs+D,OACHt+D,EACAiyG,GAAgC3zC,EAAO8mC,EAAalK,EAAH,4BACrDwX,eACA3vG,WAAiB/C,IAAV+C,OACH/C,EACAkyG,GAAgCnvG,EAAOqiG,EAAalK,EAAH,4BACrD5zF,eAAyBtH,IAAdsH,OACPtH,EACAmyG,GAAoC7qG,EAAW89F,EAAalK,EAAH,gCAC7DyX,eAER,CA8B4BC,CAAmBR,EAAgB,mBACvD,QAAiCpyG,IAA7ByyG,EAAYC,aACZ,MAAM,IAAI/9D,WAAW,kCAEzB,QAAiC30C,IAA7ByyG,EAAYE,aACZ,MAAM,IAAIh+D,WAAW,kCAEzB,MAAMk+D,EAAwB/N,GAAqB0N,EAAkB,GAC/DM,EAAwB9N,GAAqBwN,GAC7CO,EAAwBjO,GAAqByN,EAAkB,GAC/DS,EAAwBhO,GAAqBuN,GACnD,IAAIU,GA0CZ,SAAmCnzG,EAAQozG,EAAcH,EAAuBC,EAAuBH,EAAuBC,GAC1H,SAAS5O,IACL,OAAOgP,EAEX,SAASjN,EAAenlG,GACpB,OAoMR,SAAkDhB,EAAQgB,GACtD,MAAMkC,EAAalD,EAAOqzG,2BAC1B,GAAIrzG,EAAOunG,cAAe,CAEtB,OAAOzP,GAD2B93F,EAAOszG,4BACc,KACnD,MAAMxrG,EAAW9H,EAAOuzG,UAExB,GAAc,aADAzrG,EAAS8xF,OAEnB,MAAM9xF,EAASmyF,aAEnB,OAAOuZ,GAAiDtwG,EAAYlC,EAAM,IAGlF,OAAOwyG,GAAiDtwG,EAAYlC,EACxE,CAlNeyyG,CAAyCzzG,EAAQgB,GAE5D,SAASqlG,EAAellG,GACpB,OAgNR,SAAkDnB,EAAQmB,GAItD,OADAuyG,GAAqB1zG,EAAQmB,GACtBm2F,QAAoBp3F,EAC/B,CArNeyzG,CAAyC3zG,EAAQmB,GAE5D,SAASilG,IACL,OAmNR,SAAkDpmG,GAE9C,MAAM6H,EAAW7H,EAAO4zG,UAClB1wG,EAAalD,EAAOqzG,2BACpBQ,EAAe3wG,EAAW4wG,kBAGhC,OAFAC,GAAgD7wG,GAEzC40F,GAAqB+b,GAAc,KACtC,GAAwB,YAApBhsG,EAAS+xF,OACT,MAAM/xF,EAASoyF,aAEnBsU,GAAqC1mG,EAASu1F,0BAA0B,IACzEpwF,IAEC,MADA0mG,GAAqB1zG,EAAQgN,GACvBnF,EAASoyF,YAAY,GAEnC,CAnOe+Z,CAAyCh0G,GAGpD,SAASqkG,IACL,OAiOR,SAAmDrkG,GAI/C,OAFAi0G,GAA+Bj0G,GAAQ,GAEhCA,EAAOszG,0BAClB,CAtOeY,CAA0Cl0G,GAErD,SAASskG,EAAgBnjG,GAErB,OADAgzG,GAA4Cn0G,EAAQmB,GAC7Cm2F,QAAoBp3F,GAN/BF,EAAOuzG,UAl4DX,SAA8BnP,EAAgB+B,EAAgBC,EAAgBC,EAAgBr9F,EAAgB,EAAGi9F,EAAgB,KAAM,IACnI,MAAMjmG,EAASoK,OAAOy6B,OAAOj+B,GAAe3G,WAI5C,OAHA+lG,GAAyBhmG,GAEzBsmG,GAAqCtmG,EADlBoK,OAAOy6B,OAAOqhE,GAAgCjmG,WACRmkG,EAAgB+B,EAAgBC,EAAgBC,EAAgBr9F,EAAei9F,GACjIjmG,CACX,CA43DuBo0G,CAAqBhQ,EAAgB+B,EAAgBC,EAAgBC,EAAgB4M,EAAuBC,GAQ/HlzG,EAAO4zG,UAAY3C,GAAqB7M,EAAgBC,EAAeC,EAAiByO,EAAuBC,GAE/GhzG,EAAOunG,mBAAgBrnG,EACvBF,EAAOszG,gCAA6BpzG,EACpCF,EAAOq0G,wCAAqCn0G,EAC5C+zG,GAA+Bj0G,GAAQ,GACvCA,EAAOqzG,gCAA6BnzG,CACxC,CAlEQo0G,CAA0Br1G,KAHLm4F,IAAWj4F,IAC5Bg0G,EAAuBh0G,CAAO,IAEY8zG,EAAuBC,EAAuBH,EAAuBC,GAgL3H,SAA8DhzG,EAAQ2yG,GAClE,MAAMzvG,EAAakH,OAAOy6B,OAAO0vE,GAAiCt0G,WAClE,IAAIu0G,EAAsBxzG,IACtB,IAEI,OADAyzG,GAAwCvxG,EAAYlC,GAC7Cs2F,QAAoBp3F,GAE/B,MAAOw0G,GACH,OAAOnd,GAAoBmd,KAG/BC,EAAiB,IAAMrd,QAAoBp3F,QACjBA,IAA1ByyG,EAAYnrG,YACZgtG,EAAqBxzG,GAAS2xG,EAAYnrG,UAAUxG,EAAOkC,SAErChD,IAAtByyG,EAAYn0C,QACZm2C,EAAiB,IAAMhC,EAAYn0C,MAAMt7D,KAtBjD,SAA+ClD,EAAQkD,EAAYsxG,EAAoBG,GACnFzxG,EAAW0xG,2BAA6B50G,EACxCA,EAAOqzG,2BAA6BnwG,EACpCA,EAAW2xG,oBAAsBL,EACjCtxG,EAAW4wG,gBAAkBa,CACjC,CAmBIG,CAAsC90G,EAAQkD,EAAYsxG,EAAoBG,EAClF,CAlMQI,CAAqD91G,KAAM0zG,QACjCzyG,IAAtByyG,EAAY1vG,MACZkwG,EAAqBR,EAAY1vG,MAAMhE,KAAKo0G,6BAG5CF,OAAqBjzG,GAMzB2H,eACA,IAAKmtG,GAAkB/1G,MACnB,MAAMg2G,GAA0B,YAEpC,OAAOh2G,KAAK20G,UAKZ9rG,eACA,IAAKktG,GAAkB/1G,MACnB,MAAMg2G,GAA0B,YAEpC,OAAOh2G,KAAKs0G,WA0CpB,SAASyB,GAAkB7oG,GACvB,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BAIjD,CAEA,SAASunG,GAAqB1zG,EAAQ0D,GAClC+qG,GAAqCzuG,EAAO4zG,UAAUxW,0BAA2B15F,GACjFywG,GAA4Cn0G,EAAQ0D,EACxD,CACA,SAASywG,GAA4Cn0G,EAAQ0D,GACzDqwG,GAAgD/zG,EAAOqzG,4BACvD5I,GAA6CzqG,EAAOuzG,UAAUtM,0BAA2BvjG,GACrF1D,EAAOunG,eAIP0M,GAA+Bj0G,GAAQ,EAE/C,CACA,SAASi0G,GAA+Bj0G,EAAQ6oG,QAEF3oG,IAAtCF,EAAOszG,4BACPtzG,EAAOq0G,qCAEXr0G,EAAOszG,2BAA6Blc,IAAWj4F,IAC3Ca,EAAOq0G,mCAAqCl1G,CAAO,IAEvDa,EAAOunG,cAAgBsB,CAC3B,CAxEAz+F,OAAOkzF,iBAAiBz2F,GAAgB5G,UAAW,CAC/C4H,SAAU,CAAEo9B,YAAY,GACxBn9B,SAAU,CAAEm9B,YAAY,KAEc,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAe7D,GAAgB5G,UAAWw2F,GAAe8G,YAAa,CACzEj9F,MAAO,kBACP4kC,cAAc,IAwEtB,MAAMqvE,GACFx1G,cACI,MAAM,IAAIoyB,UAAU,uBAKpBypD,kBACA,IAAKs6B,GAAmCj2G,MACpC,MAAMk2G,GAAqC,eAG/C,OAAO9G,GADoBpvG,KAAK21G,2BAA2BhB,UAAUxW,2BAGzE35F,QAAQzC,EAAQd,WACZ,IAAKg1G,GAAmCj2G,MACpC,MAAMk2G,GAAqC,WAE/CV,GAAwCx1G,KAAM+B,GAMlD2C,MAAMxC,EAASjB,WACX,IAAKg1G,GAAmCj2G,MACpC,MAAMk2G,GAAqC,SAwFvD,IAA2DzxG,IAtFPvC,EAuFhDuyG,GAvF0Cz0G,KAuFV21G,2BAA4BlxG,GAjF5DuH,YACI,IAAKiqG,GAAmCj2G,MACpC,MAAMk2G,GAAqC,cAwFvD,SAAmDjyG,GAC/C,MAAMlD,EAASkD,EAAW0xG,2BACpBQ,EAAqBp1G,EAAO4zG,UAAUxW,0BAC5CmR,GAAqC6G,GAErCjB,GAA4Cn0G,EAD9B,IAAImxB,UAAU,8BAEhC,CA5FQkkF,CAA0Cp2G,OAgBlD,SAASi2G,GAAmC/oG,GACxC,QAAK2qF,GAAa3qF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BAIjD,CA2BA,SAAS4nG,GAAgD7wG,GACrDA,EAAW2xG,yBAAsB30G,EACjCgD,EAAW4wG,qBAAkB5zG,CACjC,CACA,SAASu0G,GAAwCvxG,EAAYlC,GACzD,MAAMhB,EAASkD,EAAW0xG,2BACpBQ,EAAqBp1G,EAAO4zG,UAAUxW,0BAC5C,IAAKkR,GAAiD8G,GAClD,MAAM,IAAIjkF,UAAU,wDAIxB,IACIq9E,GAAuC4G,EAAoBp0G,GAE/D,MAAO0C,GAGH,MADAywG,GAA4Cn0G,EAAQ0D,GAC9C1D,EAAO4zG,UAAU3Z,aAE3B,MAAM4O,EAz3BV,SAAwD3lG,GACpD,OAAI2rG,GAA8C3rG,EAItD,CAo3ByBoyG,CAA+CF,GAChEvM,IAAiB7oG,EAAOunG,eACxB0M,GAA+Bj0G,GAAQ,EAE/C,CAIA,SAASwzG,GAAiDtwG,EAAYlC,GAElE,OAAO82F,GADkB50F,EAAW2xG,oBAAoB7zG,QACVd,GAAW8M,IAErD,MADA0mG,GAAqBxwG,EAAW0xG,2BAA4B5nG,GACtDA,CAAC,GAEf,CAuDA,SAASmoG,GAAqC5qG,GAC1C,OAAO,IAAI4mB,UAAU,8CAA8C5mB,2DACvE,CAEA,SAAS0qG,GAA0B1qG,GAC/B,OAAO,IAAI4mB,UAAU,6BAA6B5mB,0CACtD,CA/IAH,OAAOkzF,iBAAiBiX,GAAiCt0G,UAAW,CAChEwD,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrBh6B,UAAW,CAAEg6B,YAAY,GACzB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBnzF,OAAOM,eAAe6pG,GAAiCt0G,UAAWw2F,GAAe8G,YAAa,CAC1Fj9F,MAAO,mCACP4kC,cAAc,qaC3lHlBqwE,GAAgB,SAASxtF,EAAGza,GAI5B,OAHAioG,GAAgBnrG,OAAOk0F,gBAClB,CAAEkX,UAAW,cAAgB12G,OAAS,SAAUipB,EAAGza,GAAKya,EAAEytF,UAAYloG,IACvE,SAAUya,EAAGza,GAAK,IAAK,IAAIokB,KAAKpkB,EAAOlD,OAAOnK,UAAUwxB,eAAe1xB,KAAKuN,EAAGokB,KAAI3J,EAAE2J,GAAKpkB,EAAEokB,KACzF6jF,GAAcxtF,EAAGza,EAC5B;;;;;;;;;;;;;;gFAEA,SAASmoG,GAAU1tF,EAAGza,GAClB,GAAiB,mBAANA,GAA0B,OAANA,EAC3B,MAAM,IAAI6jB,UAAU,uBAAgC7jB,EAAK,iCAE7D,SAAS+zD,IAAOpiE,KAAKF,YAAcgpB,EADnCwtF,GAAcxtF,EAAGza,GAEjBya,EAAE9nB,UAAkB,OAANqN,EAAalD,OAAOy6B,OAAOv3B,IAAM+zD,EAAGphE,UAAYqN,EAAErN,UAAW,IAAIohE,EACnF,CAEA,SAAS58B,GAAO7lB,GACZ,IAAKA,EACD,MAAM,IAAIuS,UAAU,mBAE5B,CAEA,SAASylE,KAET,CACA,SAASE,GAAa3qF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAEA,SAASupG,GAAoB5wE,GACzB,GAAoB,mBAATA,EACP,OAAO,EAEX,IAAI6wE,GAAc,EAClB,IACI,IAAI7wE,EAAK,CACL7hC,MAAO,WACH0yG,GAAc,KAI1B,MAAOjyG,IAGP,OAAOiyG,CACX,CACA,SAASC,GAAiB/tG,GACtB,QAAKivF,GAAajvF,IAGgB,mBAAvBA,EAASrI,SAIxB,CAUA,SAASq2G,GAAiB/tG,GACtB,QAAKgvF,GAAahvF,IAGgB,mBAAvBA,EAASlI,SAIxB,CAUA,SAASk2G,GAAkBtuG,GACvB,QAAKsvF,GAAatvF,OAGbouG,GAAiBpuG,EAAUK,aAG3BguG,GAAiBruG,EAAUM,UAIpC,CAUA,SAASiuG,GAAmBluG,GACxB,IAGI,OAFaA,EAASrI,UAAU,CAAE4tB,KAAM,SACjCvtB,eACA,EAEX,MAAOwsG,GACH,OAAO,EAEf,CAmCA,SAAS2J,GAA6BnuG,EAAUwkG,GAC5C,IAAkChzF,QAAlB,IAAPgzF,EAAgB,GAAKA,GAAchzF,KAW5C,OAVAorB,GAAOmxE,GAAiB/tG,IACxB48B,IAA2B,IAApB58B,EAAS2+F,QAGH,WAFbntF,EAAO48F,GAAkB58F,IAGZ,IAAI68F,GAAiCruG,GAGrC,IAAIsuG,GAAoCtuG,EAGzD,CACA,SAASouG,GAAkB58F,GACvB,IAAI+8F,EAAoB/8F,EAAPM,GACjB,GAAmB,UAAfy8F,EACA,OAAOA,EAEN,QAAal2G,IAATmZ,EACL,OAAOA,EAGP,MAAM,IAAIw7B,WAAW,4BAE7B,CACA,IAAIwhE,GAAsD,WACtD,SAASA,EAAqCC,GAC1Cr3G,KAAKs3G,uBAAoBr2G,EACzBjB,KAAKu3G,iBAAct2G,EACnBjB,KAAKm+F,+BAA4Bl9F,EACjCjB,KAAKw3G,kBAAev2G,EACpBjB,KAAKy3G,kBAAoBJ,EAEzBr3G,KAAK03G,uBA0FT,OAxFAN,EAAqCp2G,UAAUgD,MAAQ,SAAUC,GAC7DjE,KAAKm+F,0BAA4Bl6F,GAErCmzG,EAAqCp2G,UAAU6D,OAAS,SAAU3C,GAE9D,OADAsjC,QAAkCvkC,IAA3BjB,KAAKs3G,mBACLt3G,KAAKs3G,kBAAkBzyG,OAAO3C,IAEzCk1G,EAAqCp2G,UAAU02G,qBAAuB,WAClE,GAAyB,YAArB13G,KAAKu3G,YAAT,CAGAv3G,KAAK23G,gBACL,IAAIhyG,EAAS3F,KAAKy3G,kBAAkBl3G,YACpCP,KAAKu3G,YAAc,UACnBv3G,KAAK43G,cAAcjyG,KAEvByxG,EAAqCp2G,UAAU42G,cAAgB,SAAUjyG,GACrE,IAAIkyG,EAAQ73G,KACZwlC,QAAkCvkC,IAA3BjB,KAAKs3G,mBACZt3G,KAAKs3G,kBAAoB3xG,EACzB,IAAI9E,EAASb,KAAKs3G,kBAAkBz2G,OAC/BA,GAGLA,EACKe,MAAK,WAAc,OAAOi2G,EAAMC,wBAChCl2G,MAAK,WACF+D,IAAWkyG,EAAMP,mBACjBO,EAAM1Z,0BAA0Bn8F,WAErC,SAAUE,GACLyD,IAAWkyG,EAAMP,mBACjBO,EAAM1Z,0BAA0Bz5F,MAAMxC,MAGzC9B,MAAMu3F,KAEfyf,EAAqCp2G,UAAU22G,cAAgB,gBAC5B12G,IAA3BjB,KAAKs3G,oBAGTt3G,KAAKs3G,kBAAkB12G,cACvBZ,KAAKs3G,uBAAoBr2G,EACzBjB,KAAKu3G,iBAAct2G,IAEvBm2G,EAAqCp2G,UAAU+2G,uBAAyB,WACpE,IAAIF,EAAQ73G,KACZA,KAAK03G,uBAEL,IAAIx2G,EAAOlB,KAAKs3G,kBAAkBp2G,OAC7BU,MAAK,SAAUH,GAChB,IAAIwC,EAAa4zG,EAAM1Z,0BACnB18F,EAAOH,KACPu2G,EAAMG,YAGN/zG,EAAWO,QAAQ/C,EAAOJ,UAIlC,OADArB,KAAKi4G,gBAAgB/2G,GACdA,GAEXk2G,EAAqCp2G,UAAUg3G,UAAY,WACvD,IACIh4G,KAAKm+F,0BAA0Bn8F,QAEnC,MAAOorG,MAIXgK,EAAqCp2G,UAAUi3G,gBAAkB,SAAUC,GACvE,IACIC,EADAN,EAAQ73G,KAERo4G,EAAa,WACTP,EAAML,eAAiBW,IACvBN,EAAML,kBAAev2G,IAG7BjB,KAAKw3G,aAAeW,EAAcD,EAAYt2G,KAAKw2G,EAAYA,IAEnEhB,EAAqCp2G,UAAU82G,mBAAqB,WAChE,IAAID,EAAQ73G,KACZ,GAAKA,KAAKw3G,aAAV,CAGA,IAAIa,EAAY,WAAc,OAAOR,EAAMC,sBAC3C,OAAO93G,KAAKw3G,aAAa51G,KAAKy2G,EAAWA,KAEtCjB,CACX,IACIF,GAAqD,SAAUoB,GAE/D,SAASpB,IACL,OAAkB,OAAXoB,GAAmBA,EAAOr7F,MAAMjd,KAAM48C,YAAc58C,KAK/D,OAPAw2G,GAAUU,EAAqCoB,GAI/CpB,EAAoCl2G,UAAU2D,KAAO,WACjD,OAAO3E,KAAK+3G,0BAETb,CACX,EAAEE,IACF,SAAShnG,GAAa+hC,GAClB,OAAO,IAAIpvC,WAAWovC,EAAK9tC,OAAQ8tC,EAAK7tC,WAAY6tC,EAAK5tC,WAC7D,CAMA,IAAI0yG,GAAkD,SAAUqB,GAE5D,SAASrB,EAAiCI,GACtC,IAAIQ,EAAQ73G,KACRu4G,EAAezB,GAAmBO,GAGtC,OAFAQ,EAAQS,EAAOx3G,KAAKd,KAAMq3G,IAAqBr3G,MACzCw4G,cAAgBD,EACfV,EAkDX,OAxDArB,GAAUS,EAAkCqB,GAQ5CntG,OAAOM,eAAewrG,EAAiCj2G,UAAW,OAAQ,CACtEwK,IAAK,WACD,MAAO,SAEXw6B,YAAY,EACZC,cAAc,IAElBgxE,EAAiCj2G,UAAUy3G,kBAAoB,WAC3D,GAAyB,SAArBz4G,KAAKu3G,YAAT,CAGA/xE,GAAOxlC,KAAKw4G,eACZx4G,KAAK23G,gBACL,IAAIhyG,EAAS3F,KAAKy3G,kBAAkBl3G,UAAU,CAAE4tB,KAAM,SACtDnuB,KAAKu3G,YAAc,OACnBv3G,KAAK43G,cAAcjyG,KAEvBsxG,EAAiCj2G,UAAU2D,KAAO,WAC9C,GAAI3E,KAAKw4G,cAAe,CACpB,IAAItX,EAAclhG,KAAKm+F,0BAA0B+C,YACjD,GAAIA,EACA,OAAOlhG,KAAK04G,qBAAqBxX,GAGzC,OAAOlhG,KAAK+3G,0BAEhBd,EAAiCj2G,UAAU03G,qBAAuB,SAAUxX,GACxE,IAAI2W,EAAQ73G,KACZA,KAAKy4G,oBAGL,IAAIp0G,EAAS,IAAItB,WAAWm+F,EAAY/uD,KAAK5tC,YAEzCrD,EAAOlB,KAAKs3G,kBAAkBp2G,KAAKmD,GAClCzC,MAAK,SAAUH,GAhD5B,IAA6B2gB,EAAMu2F,EAC3BC,EAgDIf,EAAM1Z,0BACF18F,EAAOH,MACPu2G,EAAMG,YACN9W,EAAYZ,QAAQ,KApDPl+E,EAuDO3gB,EAAOJ,MAvDRs3G,EAuDezX,EAAY/uD,KAtDtDymE,EAAYxoG,GAAagS,GACfhS,GAAauoG,GACnBn1G,IAAIo1G,EAAW,GAqDX1X,EAAYZ,QAAQ7+F,EAAOJ,MAAMkD,gBAIzC,OADAvE,KAAKi4G,gBAAgB/2G,GACdA,GAEJ+1G,CACX,EAAEG,IAYF,SAASyB,GAA2BhwG,GAChC28B,GAAOoxE,GAAiB/tG,IACxB28B,IAA2B,IAApB38B,EAAS0+F,QAChB,IAAI7mG,EAASmI,EAASlI,YACtB,OAAO,IAAIm4G,GAA2Bp4G,EAC1C,CACA,IAAIo4G,GAA4C,WAC5C,SAASA,EAA2BC,GAChC,IAAIlB,EAAQ73G,KACZA,KAAKgoG,+BAA4B/mG,EACjCjB,KAAKg5G,mBAAgB/3G,EACrBjB,KAAK26F,OAAS,WACd36F,KAAKg7F,kBAAe/5F,EACpBjB,KAAKi5G,kBAAoBF,EACzB/4G,KAAKk5G,cAAgB,IAAIj5G,SAAQ,SAAUC,EAASC,GAChD03G,EAAMsB,oBAAsBh5G,KAEhCH,KAAKk5G,cAAc94G,MAAMu3F,IAmF7B,OAjFAmhB,EAA2B93G,UAAUgD,MAAQ,SAAUC,GACnD,IAAI4zG,EAAQ73G,KACZA,KAAKgoG,0BAA4B/jG,EACjCjE,KAAKi5G,kBAAkBp4G,OAClBe,MAAK,WACNi2G,EAAMld,OAAS,YAEdv6F,OAAM,SAAU8B,GAAU,OAAO21G,EAAMuB,gBAAgBl3G,OAEhE42G,EAA2B93G,UAAUc,MAAQ,SAAUC,GACnD,IAAI81G,EAAQ73G,KACRU,EAASV,KAAKi5G,kBAElB,GAA2B,OAAvBv4G,EAAOi7E,YACP,OAAOj7E,EAAO2I,MAElB,IAAIkgG,EAAe7oG,EAAOoB,MAAMC,GAEhCwnG,EAAanpG,OAAM,SAAU8B,GAAU,OAAO21G,EAAMuB,gBAAgBl3G,MACpExB,EAAO2I,MAAMjJ,OAAM,SAAU8B,GAAU,OAAO21G,EAAMwB,eAAen3G,MAEnE,IAAIJ,EAAQ7B,QAAQq5G,KAAK,CAAC/P,EAAcvpG,KAAKk5G,gBAE7C,OADAl5G,KAAKu5G,iBAAiBz3G,GACfA,GAEXg3G,EAA2B93G,UAAUgB,MAAQ,WACzC,IAAI61G,EAAQ73G,KACZ,YAA2BiB,IAAvBjB,KAAKg5G,cACEh5G,KAAKi5G,kBAAkBj3G,QAE3BhC,KAAKw5G,sBAAsB53G,MAAK,WAAc,OAAOi2G,EAAM71G,YAEtE82G,EAA2B93G,UAAUiB,MAAQ,SAAUC,GACnD,GAAoB,YAAhBlC,KAAK26F,OAIT,OADa36F,KAAKi5G,kBACJh3G,MAAMC,IAExB42G,EAA2B93G,UAAUu4G,iBAAmB,SAAUE,GAC9D,IACIC,EADA7B,EAAQ73G,KAER25G,EAAc,WACV9B,EAAMmB,gBAAkBU,IACxB7B,EAAMmB,mBAAgB/3G,IAG9BjB,KAAKg5G,cAAgBU,EAAeD,EAAa73G,KAAK+3G,EAAaA,IAEvEb,EAA2B93G,UAAUw4G,oBAAsB,WACvD,IAAI3B,EAAQ73G,KACZ,QAA2BiB,IAAvBjB,KAAKg5G,cACL,OAAO/4G,QAAQC,UAEnB,IAAI05G,EAAa,WAAc,OAAO/B,EAAM2B,uBAC5C,OAAOx5G,KAAKg5G,cAAcp3G,KAAKg4G,EAAYA,IAE/Cd,EAA2B93G,UAAUq4G,eAAiB,SAAUn3G,GAC5D,IAAI21G,EAAQ73G,KACZ,GAAoB,aAAhBA,KAAK26F,OAAsC,CAC3C36F,KAAK26F,OAAS,WACd36F,KAAKg7F,aAAe94F,EACpB,IAAI03G,EAAa,WAAc,OAAO/B,EAAMuB,gBAAgBl3G,SACjCjB,IAAvBjB,KAAKg5G,cACLY,IAGA55G,KAAKw5G,sBAAsB53G,KAAKg4G,EAAYA,GAEhD55G,KAAKgoG,0BAA0BtjG,MAAMxC,KAG7C42G,EAA2B93G,UAAUo4G,gBAAkB,SAAUl3G,GACzC,aAAhBlC,KAAK26F,QACL36F,KAAKq5G,eAAen3G,GAEJ,aAAhBlC,KAAK26F,SACL36F,KAAK26F,OAAS,UACd36F,KAAKm5G,oBAAoBn5G,KAAKg7F,gBAG/B8d,CACX,IAYA,SAASe,GAA0BtxG,GAC/Bi9B,GAAOqxE,GAAkBtuG,IACzB,IAAIK,EAAWL,EAAUK,SAAUC,EAAWN,EAAUM,SACxD28B,IAA2B,IAApB58B,EAAS2+F,QAChB/hE,IAA2B,IAApB38B,EAAS0+F,QAChB,IACI7mG,EADAiF,EAASiD,EAASrI,YAEtB,IACIG,EAASmI,EAASlI,YAEtB,MAAO8D,GAEH,MADAkB,EAAO/E,cACD6D,EAEV,OAAO,IAAIq1G,GAAmCn0G,EAAQjF,EAC1D,CACA,IAAIo5G,GAAoD,WACpD,SAASA,EAAmCn0G,EAAQjF,GAChD,IAAIm3G,EAAQ73G,KACZA,KAAKo0G,gCAA6BnzG,EAClCjB,KAAK+5G,QAAU,SAAUt4G,GACrB,IAAIA,EAAOH,KAIX,OADAu2G,EAAMzD,2BAA2B5vG,QAAQ/C,EAAOJ,OACzCw2G,EAAM3yG,QAAQhE,OAAOU,KAAKi2G,EAAMkC,UAE3C/5G,KAAKg6G,SAAW,SAAU93G,GACtB21G,EAAMoC,aAAa/3G,GACnB21G,EAAMzD,2BAA2B1vG,MAAMxC,GACvC21G,EAAM3yG,QAAQL,OAAO3C,GAAQ9B,MAAMu3F,IACnCkgB,EAAM9P,QAAQ9lG,MAAMC,GAAQ9B,MAAMu3F,KAEtC33F,KAAKk6G,aAAe,WAChBrC,EAAMsC,gBACNtC,EAAMzD,2BAA2BpoG,YACjC,IAAItH,EAAQ,IAAIwtB,UAAU,8BAC1B2lF,EAAM9P,QAAQ9lG,MAAMyC,GAAOtE,MAAMu3F,KAErC33F,KAAKkF,QAAUS,EACf3F,KAAK+nG,QAAUrnG,EACfV,KAAKo6G,cAAgB,IAAIn6G,SAAQ,SAAUC,EAASC,GAChD03G,EAAMsC,cAAgBj6G,EACtB23G,EAAMoC,aAAe95G,KAsB7B,OAnBA25G,EAAmC94G,UAAUgD,MAAQ,SAAUC,GAC3DjE,KAAKo0G,2BAA6BnwG,EAClCjE,KAAKkF,QAAQhE,OACRU,KAAK5B,KAAK+5G,SACVn4G,KAAK5B,KAAKk6G,aAAcl6G,KAAKg6G,UAClC,IAAIK,EAAer6G,KAAKkF,QAAQrE,OAC5Bw5G,GACAA,EACKz4G,KAAK5B,KAAKk6G,aAAcl6G,KAAKg6G,WAG1CF,EAAmC94G,UAAUuH,UAAY,SAAUxG,GAC/D,OAAO/B,KAAK+nG,QAAQjmG,MAAMC,IAE9B+3G,EAAmC94G,UAAUu+D,MAAQ,WACjD,IAAIs4C,EAAQ73G,KACZ,OAAOA,KAAK+nG,QAAQ/lG,QACfJ,MAAK,WAAc,OAAOi2G,EAAMuC,kBAElCN,CACX,8EAjaA,SAAqCj0E,GACjCL,GArEJ,SAAqCK,GACjC,QAAK4wE,GAAoB5wE,MAGpB8wE,GAAiB,IAAI9wE,EAI9B,CA6DWy0E,CAA4Bz0E,IACnC,IAAI00E,EAZR,SAA4B10E,GACxB,IAEI,OADA,IAAIA,EAAK,CAAEzrB,KAAM,WACV,EAEX,MAAOgzF,GACH,OAAO,EAEf,CAI8BoN,CAAmB30E,GAC7C,OAAO,SAAUj9B,EAAUwkG,GACvB,IAAkChzF,QAAlB,IAAPgzF,EAAgB,GAAKA,GAAchzF,KAK5C,GAHa,WADbA,EAAO48F,GAAkB58F,KACAmgG,IACrBngG,OAAOnZ,GAEP2H,EAAS9I,cAAgB+lC,IACZ,UAATzrB,GAAoB08F,GAAmBluG,IACvC,OAAOA,EAGf,GAAa,UAATwR,EAAkB,CAClB,IAAI8vE,EAAS6sB,GAA6BnuG,EAAU,CAAEwR,KAAMA,IAC5D,OAAO,IAAIyrB,EAAKqkD,GAGZA,EAAS6sB,GAA6BnuG,GAC1C,OAAO,IAAIi9B,EAAKqkD,GAG5B,+BA8TA,SAAsCrkD,GAElC,OADAL,GAnXJ,SAAsCK,GAClC,QAAK4wE,GAAoB5wE,MAGpBgxE,GAAkB,IAAIhxE,EAI/B,CA2WW40E,CAA6B50E,IAC7B,SAAUt9B,GACb,GAAIA,EAAUzI,cAAgB+lC,EAC1B,OAAOt9B,EAEX,IAAImrG,EAAcmG,GAA0BtxG,GAC5C,OAAO,IAAIs9B,EAAK6tE,GAExB,yHA1HA,SAAqC7tE,GAEjC,OADAL,GAvRJ,SAAqCK,GACjC,QAAK4wE,GAAoB5wE,MAGpB+wE,GAAiB,IAAI/wE,EAI9B,CA+QW60E,CAA4B70E,IAC5B,SAAUh9B,GACb,GAAIA,EAAS/I,cAAgB+lC,EACzB,OAAOh9B,EAEX,IAAI8xG,EAAO9B,GAA2BhwG,GACtC,OAAO,IAAIg9B,EAAK80E,GAExB,wBCvXA,SAAWh1E,EAAQ0Y,GAIjB,SAAS7Y,EAAQC,EAAKC,GACpB,IAAKD,EAAK,MAAUriC,MAAMsiC,GAAO,oBAKnC,SAASS,EAAUN,EAAMC,GACvBD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAASllC,UAAY8kC,EAAU9kC,UAC/B6kC,EAAK7kC,UAAY,IAAIklC,EACrBL,EAAK7kC,UAAUlB,YAAc+lC,EAK/B,SAAS6b,EAAIjyC,EAAQgpD,EAAMpoD,GACzB,GAAIqxC,EAAGk5D,KAAKnrG,GACV,OAAOA,EAGTzP,KAAK66G,SAAW,EAChB76G,KAAK86G,MAAQ,KACb96G,KAAKoB,OAAS,EAGdpB,KAAK+6G,IAAM,KAEI,OAAXtrG,IACW,OAATgpD,GAA0B,OAATA,IACnBpoD,EAASooD,EACTA,EAAO,IAGTz4D,KAAKg7G,MAAMvrG,GAAU,EAAGgpD,GAAQ,GAAIpoD,GAAU,OAYlD,IAAI3M,EATkB,iBAAXiiC,EACTA,EAAO0Y,QAAUqD,EAEjBrD,EAAQqD,GAAKA,EAGfA,EAAGA,GAAKA,EACRA,EAAGu5D,SAAW,GAGd,IACEv3G,EAASlB,UAAkBkB,OAC3B,MAAOe,IAoIT,SAASy2G,EAAUx+F,EAAK1Y,EAAO2H,GAG7B,IAFA,IAAIoC,EAAI,EACJoC,EAAMrE,KAAKoyC,IAAIxhC,EAAItb,OAAQuK,GACtBxI,EAAIa,EAAOb,EAAIgN,EAAKhN,IAAK,CAChC,IAAIqZ,EAAIE,EAAIE,WAAWzZ,GAAK,GAE5B4K,IAAM,EAIJA,GADEyO,GAAK,IAAMA,GAAK,GACbA,EAAI,GAAK,GAGLA,GAAK,IAAMA,GAAK,GACpBA,EAAI,GAAK,GAIL,GAAJA,EAGT,OAAOzO,EAiCT,SAASotG,EAAWz+F,EAAK1Y,EAAO2H,EAAK2B,GAGnC,IAFA,IAAIS,EAAI,EACJoC,EAAMrE,KAAKoyC,IAAIxhC,EAAItb,OAAQuK,GACtBxI,EAAIa,EAAOb,EAAIgN,EAAKhN,IAAK,CAChC,IAAIqZ,EAAIE,EAAIE,WAAWzZ,GAAK,GAE5B4K,GAAKT,EAIHS,GADEyO,GAAK,GACFA,EAAI,GAAK,GAGLA,GAAK,GACTA,EAAI,GAAK,GAITA,EAGT,OAAOzO,EA5MT2zC,EAAGk5D,KAAO,SAAetzE,GACvB,OAAIA,aAAeoa,GAIJ,OAARpa,GAA+B,iBAARA,GAC5BA,EAAIxnC,YAAYm7G,WAAav5D,EAAGu5D,UAAYp7G,MAAMW,QAAQ8mC,EAAIwzE,QAGlEp5D,EAAG31C,IAAM,SAAcqoB,EAAMC,GAC3B,OAAID,EAAKgnF,IAAI/mF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGxD,IAAM,SAAc9pB,EAAMC,GAC3B,OAAID,EAAKgnF,IAAI/mF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAG1gD,UAAUg6G,MAAQ,SAAevrG,EAAQgpD,EAAMpoD,GAChD,GAAsB,iBAAXZ,EACT,OAAOzP,KAAKq7G,YAAY5rG,EAAQgpD,EAAMpoD,GAGxC,GAAsB,iBAAXZ,EACT,OAAOzP,KAAKs7G,WAAW7rG,EAAQgpD,EAAMpoD,GAG1B,QAATooD,IACFA,EAAO,IAETjzB,EAAOizB,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,IAGnD,IAAIz0D,EAAQ,EACM,OAFlByL,EAASA,EAAO9C,WAAWsV,QAAQ,OAAQ,KAEhC,IACTje,IAGW,KAATy0D,EACFz4D,KAAKu7G,UAAU9rG,EAAQzL,GAEvBhE,KAAKw7G,WAAW/rG,EAAQgpD,EAAMz0D,GAGd,MAAdyL,EAAO,KACTzP,KAAK66G,SAAW,GAGlB76G,KAAKy7G,QAEU,OAAXprG,GAEJrQ,KAAKs7G,WAAWt7G,KAAKgoC,UAAWywB,EAAMpoD,IAGxCqxC,EAAG1gD,UAAUq6G,YAAc,SAAsB5rG,EAAQgpD,EAAMpoD,GACzDZ,EAAS,IACXzP,KAAK66G,SAAW,EAChBprG,GAAUA,GAERA,EAAS,UACXzP,KAAK86G,MAAQ,CAAW,SAATrrG,GACfzP,KAAKoB,OAAS,GACLqO,EAAS,kBAClBzP,KAAK86G,MAAQ,CACF,SAATrrG,EACCA,EAAS,SAAa,UAEzBzP,KAAKoB,OAAS,IAEdokC,EAAO/1B,EAAS,kBAChBzP,KAAK86G,MAAQ,CACF,SAATrrG,EACCA,EAAS,SAAa,SACvB,GAEFzP,KAAKoB,OAAS,GAGD,OAAXiP,GAGJrQ,KAAKs7G,WAAWt7G,KAAKgoC,UAAWywB,EAAMpoD,IAGxCqxC,EAAG1gD,UAAUs6G,WAAa,SAAqB7rG,EAAQgpD,EAAMpoD,GAG3D,GADAm1B,EAAgC,iBAAlB/1B,EAAOrO,QACjBqO,EAAOrO,QAAU,EAGnB,OAFApB,KAAK86G,MAAQ,CAAE,GACf96G,KAAKoB,OAAS,EACPpB,KAGTA,KAAKoB,OAAS0K,KAAKmQ,KAAKxM,EAAOrO,OAAS,GACxCpB,KAAK86G,MAAYj7G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BnD,KAAK86G,MAAM33G,GAAK,EAGlB,IAAI4Z,EAAGya,EACHwE,EAAM,EACV,GAAe,OAAX3rB,EACF,IAAKlN,EAAIsM,EAAOrO,OAAS,EAAG2b,EAAI,EAAG5Z,GAAK,EAAGA,GAAK,EAC9Cq0B,EAAI/nB,EAAOtM,GAAMsM,EAAOtM,EAAI,IAAM,EAAMsM,EAAOtM,EAAI,IAAM,GACzDnD,KAAK86G,MAAM/9F,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAK86G,MAAM/9F,EAAI,GAAMya,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPjf,UAGC,GAAe,OAAX1M,EACT,IAAKlN,EAAI,EAAG4Z,EAAI,EAAG5Z,EAAIsM,EAAOrO,OAAQ+B,GAAK,EACzCq0B,EAAI/nB,EAAOtM,GAAMsM,EAAOtM,EAAI,IAAM,EAAMsM,EAAOtM,EAAI,IAAM,GACzDnD,KAAK86G,MAAM/9F,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAK86G,MAAM/9F,EAAI,GAAMya,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPjf,KAIN,OAAO/c,KAAKy7G,SA2Bd/5D,EAAG1gD,UAAUu6G,UAAY,SAAoB9rG,EAAQzL,GAEnDhE,KAAKoB,OAAS0K,KAAKmQ,MAAMxM,EAAOrO,OAAS4C,GAAS,GAClDhE,KAAK86G,MAAYj7G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BnD,KAAK86G,MAAM33G,GAAK,EAGlB,IAAI4Z,EAAGya,EAEHwE,EAAM,EACV,IAAK74B,EAAIsM,EAAOrO,OAAS,EAAG2b,EAAI,EAAG5Z,GAAKa,EAAOb,GAAK,EAClDq0B,EAAI0jF,EAASzrG,EAAQtM,EAAGA,EAAI,GAC5BnD,KAAK86G,MAAM/9F,IAAOya,GAAKwE,EAAO,SAE9Bh8B,KAAK86G,MAAM/9F,EAAI,IAAMya,IAAO,GAAKwE,EAAO,SACxCA,GAAO,KACI,KACTA,GAAO,GACPjf,KAGA5Z,EAAI,IAAMa,IACZwzB,EAAI0jF,EAASzrG,EAAQzL,EAAOb,EAAI,GAChCnD,KAAK86G,MAAM/9F,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAK86G,MAAM/9F,EAAI,IAAMya,IAAO,GAAKwE,EAAO,SAE1Ch8B,KAAKy7G,SA2BP/5D,EAAG1gD,UAAUw6G,WAAa,SAAqB/rG,EAAQgpD,EAAMz0D,GAE3DhE,KAAK86G,MAAQ,CAAE,GACf96G,KAAKoB,OAAS,EAGd,IAAK,IAAIs6G,EAAU,EAAGC,EAAU,EAAGA,GAAW,SAAWA,GAAWljD,EAClEijD,IAEFA,IACAC,EAAWA,EAAUljD,EAAQ,EAO7B,IALA,IAAImR,EAAQn6D,EAAOrO,OAAS4C,EACxB0J,EAAMk8D,EAAQ8xC,EACd/vG,EAAMG,KAAKoyC,IAAI0rB,EAAOA,EAAQl8D,GAAO1J,EAErC0iC,EAAO,EACFvjC,EAAIa,EAAOb,EAAIwI,EAAKxI,GAAKu4G,EAChCh1E,EAAOy0E,EAAU1rG,EAAQtM,EAAGA,EAAIu4G,EAASjjD,GAEzCz4D,KAAK47G,MAAMD,GACP37G,KAAK86G,MAAM,GAAKp0E,EAAO,SACzB1mC,KAAK86G,MAAM,IAAMp0E,EAEjB1mC,KAAK67G,OAAOn1E,GAIhB,GAAY,IAARh5B,EAAW,CACb,IAAIwkC,EAAM,EAGV,IAFAxL,EAAOy0E,EAAU1rG,EAAQtM,EAAGsM,EAAOrO,OAAQq3D,GAEtCt1D,EAAI,EAAGA,EAAIuK,EAAKvK,IACnB+uC,GAAOumB,EAGTz4D,KAAK47G,MAAM1pE,GACPlyC,KAAK86G,MAAM,GAAKp0E,EAAO,SACzB1mC,KAAK86G,MAAM,IAAMp0E,EAEjB1mC,KAAK67G,OAAOn1E,KAKlBgb,EAAG1gD,UAAUgqE,KAAO,SAAexZ,GACjCA,EAAKspD,MAAYj7G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BquD,EAAKspD,MAAM33G,GAAKnD,KAAK86G,MAAM33G,GAE7BquD,EAAKpwD,OAASpB,KAAKoB,OACnBowD,EAAKqpD,SAAW76G,KAAK66G,SACrBrpD,EAAKupD,IAAM/6G,KAAK+6G,KAGlBr5D,EAAG1gD,UAAUW,MAAQ,WACnB,IAAIoM,EAAI,IAAI2zC,EAAG,MAEf,OADA1hD,KAAKgrE,KAAKj9D,GACHA,GAGT2zC,EAAG1gD,UAAU86G,QAAU,SAAkB12G,GACvC,KAAOpF,KAAKoB,OAASgE,GACnBpF,KAAK86G,MAAM96G,KAAKoB,UAAY,EAE9B,OAAOpB,MAIT0hD,EAAG1gD,UAAUy6G,MAAQ,WACnB,KAAOz7G,KAAKoB,OAAS,GAAqC,IAAhCpB,KAAK86G,MAAM96G,KAAKoB,OAAS,IACjDpB,KAAKoB,SAEP,OAAOpB,KAAK+7G,aAGdr6D,EAAG1gD,UAAU+6G,UAAY,WAKvB,OAHoB,IAAhB/7G,KAAKoB,QAAkC,IAAlBpB,KAAK86G,MAAM,KAClC96G,KAAK66G,SAAW,GAEX76G,MAGT0hD,EAAG1gD,UAAUg7G,QAAU,WACrB,OAAQh8G,KAAK+6G,IAAM,UAAY,SAAW/6G,KAAK2M,SAAS,IAAM,KAiChE,IAAIsvG,EAAQ,CACV,GACA,IACA,KACA,MACA,OACA,QACA,SACA,UACA,WACA,YACA,aACA,cACA,eACA,gBACA,iBACA,kBACA,mBACA,oBACA,qBACA,sBACA,uBACA,wBACA,yBACA,0BACA,2BACA,6BAGEC,EAAa,CACf,EAAG,EACH,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EACvB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAGhBC,EAAa,CACf,EAAG,EACH,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAC5D,SAAU,IAAU,SAAU,SAAU,SAAU,QAAS,SAC3D,SAAU,SAAU,SAAU,SAAU,KAAU,QAAS,QAC3D,QAAS,QAAS,QAAS,SAAU,SAAU,SAAU,SACzD,MAAU,SAAU,SAAU,SAAU,SAAU,SAAU,UAsjB9D,SAASC,EAAYr+D,EAAMzW,EAAK+0E,GAC9BA,EAAIxB,SAAWvzE,EAAIuzE,SAAW98D,EAAK88D,SACnC,IAAI1qG,EAAO4tC,EAAK38C,OAASkmC,EAAIlmC,OAAU,EACvCi7G,EAAIj7G,OAAS+O,EACbA,EAAOA,EAAM,EAAK,EAGlB,IAAI1B,EAAoB,EAAhBsvC,EAAK+8D,MAAM,GACfzsG,EAAmB,EAAfi5B,EAAIwzE,MAAM,GACd/sG,EAAIU,EAAIJ,EAERi4B,EAAS,SAAJv4B,EACLo5B,EAASp5B,EAAI,SAAa,EAC9BsuG,EAAIvB,MAAM,GAAKx0E,EAEf,IAAK,IAAIjqB,EAAI,EAAGA,EAAIlM,EAAKkM,IAAK,CAM5B,IAHA,IAAIigG,EAASn1E,IAAU,GACnBo1E,EAAgB,SAARp1E,EACRq1E,EAAO1wG,KAAKoyC,IAAI7hC,EAAGirB,EAAIlmC,OAAS,GAC3B2b,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAI0hC,EAAK38C,OAAS,GAAI2b,GAAKy/F,EAAMz/F,IAAK,CAC7D,IAAI5Z,EAAKkZ,EAAIU,EAAK,EAIlBu/F,IADAvuG,GAFAU,EAAoB,EAAhBsvC,EAAK+8D,MAAM33G,KACfkL,EAAmB,EAAfi5B,EAAIwzE,MAAM/9F,IACFw/F,GACG,SAAa,EAC5BA,EAAY,SAAJxuG,EAEVsuG,EAAIvB,MAAMz+F,GAAa,EAARkgG,EACfp1E,EAAiB,EAATm1E,EAQV,OANc,IAAVn1E,EACFk1E,EAAIvB,MAAMz+F,GAAa,EAAR8qB,EAEfk1E,EAAIj7G,SAGCi7G,EAAIZ,QAzlBb/5D,EAAG1gD,UAAU2L,SAAW,SAAmB8rD,EAAMjnC,GAI/C,IAAI6qF,EACJ,GAHA7qF,EAAoB,EAAVA,GAAe,EAGZ,MAJbinC,EAAOA,GAAQ,KAIa,QAATA,EAAgB,CACjC4jD,EAAM,GAGN,IAFA,IAAIrgF,EAAM,EACNmL,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIq0B,EAAIx3B,KAAK86G,MAAM33G,GACfujC,GAA+B,UAArBlP,GAAKwE,EAAOmL,IAAmBx6B,SAAS,IAGpD0vG,EADY,KADdl1E,EAAS3P,IAAO,GAAKwE,EAAQ,WACV74B,IAAMnD,KAAKoB,OAAS,EAC/B66G,EAAM,EAAIv1E,EAAKtlC,QAAUslC,EAAO21E,EAEhC31E,EAAO21E,GAEfrgF,GAAO,IACI,KACTA,GAAO,GACP74B,KAMJ,IAHc,IAAVgkC,IACFk1E,EAAMl1E,EAAMx6B,SAAS,IAAM0vG,GAEtBA,EAAIj7G,OAASowB,GAAY,GAC9B6qF,EAAM,IAAMA,EAKd,OAHsB,IAAlBr8G,KAAK66G,WACPwB,EAAM,IAAMA,GAEPA,EAGT,GAAI5jD,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,GAAI,CAElD,IAAIgkD,EAAYP,EAAWzjD,GAEvBikD,EAAYP,EAAW1jD,GAC3B4jD,EAAM,GACN,IAAI7/F,EAAIxc,KAAK2B,QAEb,IADA6a,EAAEq+F,SAAW,GACLr+F,EAAE5O,UAAU,CAClB,IAAIG,EAAIyO,EAAEmgG,KAAKD,GAAW/vG,SAAS8rD,GAMjC4jD,GALF7/F,EAAIA,EAAEogG,MAAMF,IAEL9uG,SAGCG,EAAIsuG,EAFJJ,EAAMQ,EAAY1uG,EAAE3M,QAAU2M,EAAIsuG,EAQ5C,IAHIr8G,KAAK4N,WACPyuG,EAAM,IAAMA,GAEPA,EAAIj7G,OAASowB,GAAY,GAC9B6qF,EAAM,IAAMA,EAKd,OAHsB,IAAlBr8G,KAAK66G,WACPwB,EAAM,IAAMA,GAEPA,EAGT72E,GAAO,EAAO,oCAGhBkc,EAAG1gD,UAAUwO,SAAW,WACtB,IAAI4e,EAAMpuB,KAAK86G,MAAM,GASrB,OARoB,IAAhB96G,KAAKoB,OACPgtB,GAAuB,SAAhBpuB,KAAK86G,MAAM,GACO,IAAhB96G,KAAKoB,QAAkC,IAAlBpB,KAAK86G,MAAM,GAEzC1sF,GAAO,iBAAoC,SAAhBpuB,KAAK86G,MAAM,GAC7B96G,KAAKoB,OAAS,GACvBokC,GAAO,EAAO,8CAEU,IAAlBxlC,KAAK66G,UAAmBzsF,EAAMA,GAGxCszB,EAAG1gD,UAAU67G,OAAS,WACpB,OAAO78G,KAAK2M,SAAS,KAGvB+0C,EAAG1gD,UAAU87G,SAAW,SAAmBzsG,EAAQjP,GAEjD,OADAokC,OAAyB,IAAX9hC,GACP1D,KAAK2kD,YAAYjhD,EAAQ2M,EAAQjP,IAG1CsgD,EAAG1gD,UAAUgnC,QAAU,SAAkB33B,EAAQjP,GAC/C,OAAOpB,KAAK2kD,YAAY9kD,MAAOwQ,EAAQjP,IAGzCsgD,EAAG1gD,UAAU2jD,YAAc,SAAsBo4D,EAAW1sG,EAAQjP,GAClE,IAAImD,EAAavE,KAAKuE,aAClBy4G,EAAY57G,GAAU0K,KAAKC,IAAI,EAAGxH,GACtCihC,EAAOjhC,GAAcy4G,EAAW,yCAChCx3E,EAAOw3E,EAAY,EAAG,+BAEtBh9G,KAAKy7G,QACL,IAGIptG,EAAGlL,EAHH85G,EAA0B,OAAX5sG,EACfd,EAAM,IAAIwtG,EAAUC,GAGpBtuG,EAAI1O,KAAK2B,QACb,GAAKs7G,EAYE,CACL,IAAK95G,EAAI,GAAIuL,EAAEd,SAAUzK,IACvBkL,EAAIK,EAAEwuG,MAAM,KACZxuG,EAAEyuG,OAAO,GAET5tG,EAAIpM,GAAKkL,EAGX,KAAOlL,EAAI65G,EAAW75G,IACpBoM,EAAIpM,GAAK,MArBM,CAEjB,IAAKA,EAAI,EAAGA,EAAI65G,EAAYz4G,EAAYpB,IACtCoM,EAAIpM,GAAK,EAGX,IAAKA,EAAI,GAAIuL,EAAEd,SAAUzK,IACvBkL,EAAIK,EAAEwuG,MAAM,KACZxuG,EAAEyuG,OAAO,GAET5tG,EAAIytG,EAAY75G,EAAI,GAAKkL,EAe7B,OAAOkB,GAIPmyC,EAAG1gD,UAAUo8G,WADXtxG,KAAKuxG,MACmB,SAAqB7lF,GAC7C,OAAO,GAAK1rB,KAAKuxG,MAAM7lF,IAGC,SAAqBA,GAC7C,IAAInZ,EAAImZ,EACJzpB,EAAI,EAiBR,OAhBIsQ,GAAK,OACPtQ,GAAK,GACLsQ,KAAO,IAELA,GAAK,KACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAEFtQ,EAAIsQ,GAIfqjC,EAAG1gD,UAAUs8G,UAAY,SAAoB9lF,GAE3C,GAAU,IAANA,EAAS,OAAO,GAEpB,IAAInZ,EAAImZ,EACJzpB,EAAI,EAoBR,OAnBqB,IAAZ,KAAJsQ,KACHtQ,GAAK,GACLsQ,KAAO,IAEU,IAAV,IAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,GAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,IACHtQ,IAEKA,GAIT2zC,EAAG1gD,UAAU6O,UAAY,WACvB,IAAI2nB,EAAIx3B,KAAK86G,MAAM96G,KAAKoB,OAAS,GAC7BilC,EAAKrmC,KAAKo9G,WAAW5lF,GACzB,OAA2B,IAAnBx3B,KAAKoB,OAAS,GAAUilC,GAiBlCqb,EAAG1gD,UAAUu8G,SAAW,WACtB,GAAIv9G,KAAK4N,SAAU,OAAO,EAG1B,IADA,IAAIG,EAAI,EACC5K,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIkL,EAAIrO,KAAKs9G,UAAUt9G,KAAK86G,MAAM33G,IAElC,GADA4K,GAAKM,EACK,KAANA,EAAU,MAEhB,OAAON,GAGT2zC,EAAG1gD,UAAUuD,WAAa,WACxB,OAAOuH,KAAKmQ,KAAKjc,KAAK6P,YAAc,IAGtC6xC,EAAG1gD,UAAUw8G,OAAS,SAAiBC,GACrC,OAAsB,IAAlBz9G,KAAK66G,SACA76G,KAAKsP,MAAMouG,MAAMD,GAAOE,MAAM,GAEhC39G,KAAK2B,SAGd+/C,EAAG1gD,UAAU48G,SAAW,SAAmBH,GACzC,OAAIz9G,KAAK69G,MAAMJ,EAAQ,GACdz9G,KAAK89G,KAAKL,GAAOE,MAAM,GAAGI,OAE5B/9G,KAAK2B,SAGd+/C,EAAG1gD,UAAUg9G,MAAQ,WACnB,OAAyB,IAAlBh+G,KAAK66G,UAIdn5D,EAAG1gD,UAAUi9G,IAAM,WACjB,OAAOj+G,KAAK2B,QAAQo8G,QAGtBr8D,EAAG1gD,UAAU+8G,KAAO,WAKlB,OAJK/9G,KAAK4N,WACR5N,KAAK66G,UAAY,GAGZ76G,MAIT0hD,EAAG1gD,UAAUk9G,KAAO,SAAe52E,GACjC,KAAOtnC,KAAKoB,OAASkmC,EAAIlmC,QACvBpB,KAAK86G,MAAM96G,KAAKoB,UAAY,EAG9B,IAAK,IAAI+B,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAC9BnD,KAAK86G,MAAM33G,GAAKnD,KAAK86G,MAAM33G,GAAKmkC,EAAIwzE,MAAM33G,GAG5C,OAAOnD,KAAKy7G,SAGd/5D,EAAG1gD,UAAUm9G,IAAM,SAAc72E,GAE/B,OADA9B,EAA0C,IAAlCxlC,KAAK66G,SAAWvzE,EAAIuzE,WACrB76G,KAAKk+G,KAAK52E,IAInBoa,EAAG1gD,UAAUogF,GAAK,SAAa95C,GAC7B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQw8G,IAAI72E,GAC/CA,EAAI3lC,QAAQw8G,IAAIn+G,OAGzB0hD,EAAG1gD,UAAUo9G,IAAM,SAAc92E,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQu8G,KAAK52E,GAChDA,EAAI3lC,QAAQu8G,KAAKl+G,OAI1B0hD,EAAG1gD,UAAUq9G,MAAQ,SAAgB/2E,GAEnC,IAAIj5B,EAEFA,EADErO,KAAKoB,OAASkmC,EAAIlmC,OAChBkmC,EAEAtnC,KAGN,IAAK,IAAImD,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5BnD,KAAK86G,MAAM33G,GAAKnD,KAAK86G,MAAM33G,GAAKmkC,EAAIwzE,MAAM33G,GAK5C,OAFAnD,KAAKoB,OAASiN,EAAEjN,OAETpB,KAAKy7G,SAGd/5D,EAAG1gD,UAAUs9G,KAAO,SAAeh3E,GAEjC,OADA9B,EAA0C,IAAlCxlC,KAAK66G,SAAWvzE,EAAIuzE,WACrB76G,KAAKq+G,MAAM/2E,IAIpBoa,EAAG1gD,UAAUmgF,IAAM,SAAc75C,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ28G,KAAKh3E,GAChDA,EAAI3lC,QAAQ28G,KAAKt+G,OAG1B0hD,EAAG1gD,UAAUu9G,KAAO,SAAej3E,GACjC,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ08G,MAAM/2E,GACjDA,EAAI3lC,QAAQ08G,MAAMr+G,OAI3B0hD,EAAG1gD,UAAUw9G,MAAQ,SAAgBl3E,GAEnC,IAAI74B,EACAJ,EACArO,KAAKoB,OAASkmC,EAAIlmC,QACpBqN,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAGN,IAAK,IAAImD,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5BnD,KAAK86G,MAAM33G,GAAKsL,EAAEqsG,MAAM33G,GAAKkL,EAAEysG,MAAM33G,GAGvC,GAAInD,OAASyO,EACX,KAAOtL,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAK86G,MAAM33G,GAAKsL,EAAEqsG,MAAM33G,GAM5B,OAFAnD,KAAKoB,OAASqN,EAAErN,OAETpB,KAAKy7G,SAGd/5D,EAAG1gD,UAAUy9G,KAAO,SAAen3E,GAEjC,OADA9B,EAA0C,IAAlCxlC,KAAK66G,SAAWvzE,EAAIuzE,WACrB76G,KAAKw+G,MAAMl3E,IAIpBoa,EAAG1gD,UAAU+yC,IAAM,SAAczM,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ88G,KAAKn3E,GAChDA,EAAI3lC,QAAQ88G,KAAKz+G,OAG1B0hD,EAAG1gD,UAAU09G,KAAO,SAAep3E,GACjC,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ68G,MAAMl3E,GACjDA,EAAI3lC,QAAQ68G,MAAMx+G,OAI3B0hD,EAAG1gD,UAAU08G,MAAQ,SAAgBD,GACnCj4E,EAAwB,iBAAVi4E,GAAsBA,GAAS,GAE7C,IAAIkB,EAAsC,EAAxB7yG,KAAKmQ,KAAKwhG,EAAQ,IAChCmB,EAAWnB,EAAQ,GAGvBz9G,KAAK87G,QAAQ6C,GAETC,EAAW,GACbD,IAIF,IAAK,IAAIx7G,EAAI,EAAGA,EAAIw7G,EAAax7G,IAC/BnD,KAAK86G,MAAM33G,GAAsB,UAAhBnD,KAAK86G,MAAM33G,GAS9B,OALIy7G,EAAW,IACb5+G,KAAK86G,MAAM33G,IAAMnD,KAAK86G,MAAM33G,GAAM,UAAc,GAAKy7G,GAIhD5+G,KAAKy7G,SAGd/5D,EAAG1gD,UAAU88G,KAAO,SAAeL,GACjC,OAAOz9G,KAAK2B,QAAQ+7G,MAAMD,IAI5B/7D,EAAG1gD,UAAU69G,KAAO,SAAeC,EAAKr5E,GACtCD,EAAsB,iBAARs5E,GAAoBA,GAAO,GAEzC,IAAI9iF,EAAO8iF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAUjB,OARA9+G,KAAK87G,QAAQ9/E,EAAM,GAGjBh8B,KAAK86G,MAAM9+E,GADTyJ,EACgBzlC,KAAK86G,MAAM9+E,GAAQ,GAAK+iF,EAExB/+G,KAAK86G,MAAM9+E,KAAS,GAAK+iF,GAGtC/+G,KAAKy7G,SAId/5D,EAAG1gD,UAAUiM,KAAO,SAAeq6B,GACjC,IAAIv5B,EAkBAU,EAAGJ,EAfP,GAAsB,IAAlBrO,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,SAI7B,OAHA76G,KAAK66G,SAAW,EAChB9sG,EAAI/N,KAAKmN,KAAKm6B,GACdtnC,KAAK66G,UAAY,EACV76G,KAAK+7G,YAGP,GAAsB,IAAlB/7G,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,SAIpC,OAHAvzE,EAAIuzE,SAAW,EACf9sG,EAAI/N,KAAKmN,KAAKm6B,GACdA,EAAIuzE,SAAW,EACR9sG,EAAEguG,YAKP/7G,KAAKoB,OAASkmC,EAAIlmC,QACpBqN,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAIN,IADA,IAAImnC,EAAQ,EACHhkC,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5B4K,GAAkB,EAAbU,EAAEqsG,MAAM33G,KAAwB,EAAbkL,EAAEysG,MAAM33G,IAAUgkC,EAC1CnnC,KAAK86G,MAAM33G,GAAS,SAAJ4K,EAChBo5B,EAAQp5B,IAAM,GAEhB,KAAiB,IAAVo5B,GAAehkC,EAAIsL,EAAErN,OAAQ+B,IAClC4K,GAAkB,EAAbU,EAAEqsG,MAAM33G,IAAUgkC,EACvBnnC,KAAK86G,MAAM33G,GAAS,SAAJ4K,EAChBo5B,EAAQp5B,IAAM,GAIhB,GADA/N,KAAKoB,OAASqN,EAAErN,OACF,IAAV+lC,EACFnnC,KAAK86G,MAAM96G,KAAKoB,QAAU+lC,EAC1BnnC,KAAKoB,cAEA,GAAIqN,IAAMzO,KACf,KAAOmD,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAK86G,MAAM33G,GAAKsL,EAAEqsG,MAAM33G,GAI5B,OAAOnD,MAIT0hD,EAAG1gD,UAAUqF,IAAM,SAAcihC,GAC/B,IAAI/3B,EACJ,OAAqB,IAAjB+3B,EAAIuzE,UAAoC,IAAlB76G,KAAK66G,UAC7BvzE,EAAIuzE,SAAW,EACftrG,EAAMvP,KAAKoN,IAAIk6B,GACfA,EAAIuzE,UAAY,EACTtrG,GACmB,IAAjB+3B,EAAIuzE,UAAoC,IAAlB76G,KAAK66G,UACpC76G,KAAK66G,SAAW,EAChBtrG,EAAM+3B,EAAIl6B,IAAIpN,MACdA,KAAK66G,SAAW,EACTtrG,GAGLvP,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQsL,KAAKq6B,GAEhDA,EAAI3lC,QAAQsL,KAAKjN,OAI1B0hD,EAAG1gD,UAAUmM,KAAO,SAAem6B,GAEjC,GAAqB,IAAjBA,EAAIuzE,SAAgB,CACtBvzE,EAAIuzE,SAAW,EACf,IAAI9sG,EAAI/N,KAAKiN,KAAKq6B,GAElB,OADAA,EAAIuzE,SAAW,EACR9sG,EAAEguG,YAGJ,GAAsB,IAAlB/7G,KAAK66G,SAId,OAHA76G,KAAK66G,SAAW,EAChB76G,KAAKiN,KAAKq6B,GACVtnC,KAAK66G,SAAW,EACT76G,KAAK+7G,YAId,IAWIttG,EAAGJ,EAXH+sG,EAAMp7G,KAAKo7G,IAAI9zE,GAGnB,GAAY,IAAR8zE,EAIF,OAHAp7G,KAAK66G,SAAW,EAChB76G,KAAKoB,OAAS,EACdpB,KAAK86G,MAAM,GAAK,EACT96G,KAKLo7G,EAAM,GACR3sG,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAIN,IADA,IAAImnC,EAAQ,EACHhkC,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAE5BgkC,GADAp5B,GAAkB,EAAbU,EAAEqsG,MAAM33G,KAAwB,EAAbkL,EAAEysG,MAAM33G,IAAUgkC,IAC7B,GACbnnC,KAAK86G,MAAM33G,GAAS,SAAJ4K,EAElB,KAAiB,IAAVo5B,GAAehkC,EAAIsL,EAAErN,OAAQ+B,IAElCgkC,GADAp5B,GAAkB,EAAbU,EAAEqsG,MAAM33G,IAAUgkC,IACV,GACbnnC,KAAK86G,MAAM33G,GAAS,SAAJ4K,EAIlB,GAAc,IAAVo5B,GAAehkC,EAAIsL,EAAErN,QAAUqN,IAAMzO,KACvC,KAAOmD,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAK86G,MAAM33G,GAAKsL,EAAEqsG,MAAM33G,GAU5B,OANAnD,KAAKoB,OAAS0K,KAAKC,IAAI/L,KAAKoB,OAAQ+B,GAEhCsL,IAAMzO,OACRA,KAAK66G,SAAW,GAGX76G,KAAKy7G,SAId/5D,EAAG1gD,UAAUoM,IAAM,SAAck6B,GAC/B,OAAOtnC,KAAK2B,QAAQwL,KAAKm6B,IA+C3B,IAAI03E,EAAc,SAAsBjhE,EAAMzW,EAAK+0E,GACjD,IAII/1E,EACA24E,EACA54E,EANA53B,EAAIsvC,EAAK+8D,MACTzsG,EAAIi5B,EAAIwzE,MACR7iE,EAAIokE,EAAIvB,MACRt+F,EAAI,EAIJ0iG,EAAY,EAAPzwG,EAAE,GACP0wG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP5wG,EAAE,GACP6wG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP/wG,EAAE,GACPgxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPlxG,EAAE,GACPmxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPrxG,EAAE,GACPsxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPxxG,EAAE,GACPyxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP3xG,EAAE,GACP4xG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP9xG,EAAE,GACP+xG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPjyG,EAAE,GACPkyG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPpyG,EAAE,GACPqyG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACb5mE,EAAY,EAAP5rC,EAAE,GACP2yG,EAAW,KAAL/mE,EACNgnE,EAAMhnE,IAAO,GACbC,EAAY,EAAP7rC,EAAE,GACP6yG,EAAW,KAALhnE,EACNinE,EAAMjnE,IAAO,GACbC,EAAY,EAAP9rC,EAAE,GACP+yG,EAAW,KAALjnE,EACNknE,EAAMlnE,IAAO,GACbC,EAAY,EAAP/rC,EAAE,GACPizG,EAAW,KAALlnE,EACNmnE,EAAMnnE,IAAO,GACbC,EAAY,EAAPhsC,EAAE,GACPmzG,EAAW,KAALnnE,EACNonE,GAAMpnE,IAAO,GACbC,GAAY,EAAPjsC,EAAE,GACPqzG,GAAW,KAALpnE,GACNqnE,GAAMrnE,KAAO,GACbC,GAAY,EAAPlsC,EAAE,GACPuzG,GAAW,KAALrnE,GACNsnE,GAAMtnE,KAAO,GACbC,GAAY,EAAPnsC,EAAE,GACPyzG,GAAW,KAALtnE,GACNunE,GAAMvnE,KAAO,GACbC,GAAY,EAAPpsC,EAAE,GACP2zG,GAAW,KAALvnE,GACNwnE,GAAMxnE,KAAO,GACbC,GAAY,EAAPrsC,EAAE,GACP6zG,GAAW,KAALxnE,GACNynE,GAAMznE,KAAO,GAEjB2hE,EAAIxB,SAAW98D,EAAK88D,SAAWvzE,EAAIuzE,SACnCwB,EAAIj7G,OAAS,GAMb,IAAIy7B,IAAQrgB,GAJZ8pB,EAAKx6B,KAAKuB,KAAK8xG,EAAK6B,IAIE,KAAa,MAFnC/B,GADAA,EAAMnzG,KAAKuB,KAAK8xG,EAAK8B,IACRn1G,KAAKuB,KAAK+xG,EAAK4B,GAAQ,KAEU,IAAO,EACrDxkG,IAFA6pB,EAAKv6B,KAAKuB,KAAK+xG,EAAK6B,KAEPhC,IAAQ,IAAO,IAAMpiF,KAAO,IAAO,EAChDA,IAAM,SAENyJ,EAAKx6B,KAAKuB,KAAKiyG,EAAK0B,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKiyG,EAAK2B,IACRn1G,KAAKuB,KAAKkyG,EAAKyB,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKkyG,EAAK0B,GAKpB,IAAInkF,IAAQtgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAK+B,GAAQ,GAIZ,KAAa,MAFnCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKgC,GAAQ,GACvBr1G,KAAKuB,KAAK+xG,EAAK8B,GAAQ,KAEU,IAAO,EACrD1kG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAK+B,GAAQ,IAErBlC,IAAQ,IAAO,IAAMniF,KAAO,IAAO,EAChDA,IAAM,SAENwJ,EAAKx6B,KAAKuB,KAAKoyG,EAAKuB,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKoyG,EAAKwB,IACRn1G,KAAKuB,KAAKqyG,EAAKsB,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKqyG,EAAKuB,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAK4B,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAK6B,GAAQ,GACvBr1G,KAAKuB,KAAKkyG,EAAK2B,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAK4B,GAAQ,EAKlC,IAAIpkF,IAAQvgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAKiC,GAAQ,GAIZ,KAAa,MAFnCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKkC,GAAQ,GACvBv1G,KAAKuB,KAAK+xG,EAAKgC,GAAQ,KAEU,IAAO,EACrD5kG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAKiC,GAAQ,IAErBpC,IAAQ,IAAO,IAAMliF,KAAO,IAAO,EAChDA,IAAM,SAENuJ,EAAKx6B,KAAKuB,KAAKuyG,EAAKoB,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKuyG,EAAKqB,IACRn1G,KAAKuB,KAAKwyG,EAAKmB,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKwyG,EAAKoB,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKyB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAK0B,GAAQ,GACvBr1G,KAAKuB,KAAKqyG,EAAKwB,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKyB,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAK8B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAK+B,GAAQ,GACvBv1G,KAAKuB,KAAKkyG,EAAK6B,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAK8B,GAAQ,EAKlC,IAAIrkF,IAAQxgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAKmC,GAAQ,GAIZ,KAAa,MAFnCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKoC,GAAQ,GACvBz1G,KAAKuB,KAAK+xG,EAAKkC,GAAQ,KAEU,IAAO,EACrD9kG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAKmC,GAAQ,IAErBtC,IAAQ,IAAO,IAAMjiF,KAAO,IAAO,EAChDA,IAAM,SAENsJ,EAAKx6B,KAAKuB,KAAK0yG,EAAKiB,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAK0yG,EAAKkB,IACRn1G,KAAKuB,KAAK2yG,EAAKgB,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAK2yG,EAAKiB,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKsB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKuB,GAAQ,GACvBr1G,KAAKuB,KAAKwyG,EAAKqB,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKsB,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAK2B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAK4B,GAAQ,GACvBv1G,KAAKuB,KAAKqyG,EAAK0B,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAK2B,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAKgC,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAKiC,GAAQ,GACvBz1G,KAAKuB,KAAKkyG,EAAK+B,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAKgC,GAAQ,EAKlC,IAAItkF,IAAQzgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAKqC,GAAQ,GAIZ,KAAa,MAFnCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKsC,IAAQ,GACvB31G,KAAKuB,KAAK+xG,EAAKoC,GAAQ,KAEU,IAAO,EACrDhlG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAKqC,IAAQ,IAErBxC,IAAQ,IAAO,IAAMhiF,KAAO,IAAO,EAChDA,IAAM,SAENqJ,EAAKx6B,KAAKuB,KAAK6yG,EAAKc,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAK6yG,EAAKe,IACRn1G,KAAKuB,KAAK8yG,EAAKa,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAK8yG,EAAKc,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKmB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKoB,GAAQ,GACvBr1G,KAAKuB,KAAK2yG,EAAKkB,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKmB,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKwB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKyB,GAAQ,GACvBv1G,KAAKuB,KAAKwyG,EAAKuB,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKwB,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAK6B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAK8B,GAAQ,GACvBz1G,KAAKuB,KAAKqyG,EAAK4B,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAK6B,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAKkC,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAKmC,IAAQ,GACvB31G,KAAKuB,KAAKkyG,EAAKiC,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAKkC,IAAQ,EAKlC,IAAIvkF,IAAQ1gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAKuC,IAAQ,GAIZ,KAAa,MAFnCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKwC,IAAQ,GACvB71G,KAAKuB,KAAK+xG,EAAKsC,IAAQ,KAEU,IAAO,EACrDllG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAKuC,IAAQ,IAErB1C,IAAQ,IAAO,IAAM/hF,KAAO,IAAO,EAChDA,IAAM,SAENoJ,EAAKx6B,KAAKuB,KAAKgzG,EAAKW,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKgzG,EAAKY,IACRn1G,KAAKuB,KAAKizG,EAAKU,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKizG,EAAKW,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKgB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKiB,GAAQ,GACvBr1G,KAAKuB,KAAK8yG,EAAKe,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKgB,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKqB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKsB,GAAQ,GACvBv1G,KAAKuB,KAAK2yG,EAAKoB,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKqB,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAK0B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAK2B,GAAQ,GACvBz1G,KAAKuB,KAAKwyG,EAAKyB,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAK0B,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAK+B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAKgC,IAAQ,GACvB31G,KAAKuB,KAAKqyG,EAAK8B,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAK+B,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAKoC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAKqC,IAAQ,GACvB71G,KAAKuB,KAAKkyG,EAAKmC,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAKoC,IAAQ,EAKlC,IAAIxkF,IAAQ3gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAKyC,IAAQ,GAIZ,KAAa,MAFnC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAK0C,IAAQ,GACvB/1G,KAAKuB,KAAK+xG,EAAKwC,IAAQ,KAEU,IAAO,EACrDplG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAKyC,IAAQ,IAErB5C,IAAQ,IAAO,IAAM9hF,KAAO,IAAO,EAChDA,IAAM,SAENmJ,EAAKx6B,KAAKuB,KAAKmzG,EAAKQ,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKmzG,EAAKS,IACRn1G,KAAKuB,KAAKozG,EAAKO,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKozG,EAAKQ,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKa,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKc,GAAQ,GACvBr1G,KAAKuB,KAAKizG,EAAKY,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKa,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKkB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKmB,GAAQ,GACvBv1G,KAAKuB,KAAK8yG,EAAKiB,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKkB,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKuB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKwB,GAAQ,GACvBz1G,KAAKuB,KAAK2yG,EAAKsB,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKuB,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAK4B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAK6B,IAAQ,GACvB31G,KAAKuB,KAAKwyG,EAAK2B,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAK4B,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKiC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAKkC,IAAQ,GACvB71G,KAAKuB,KAAKqyG,EAAKgC,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKiC,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAKsC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAKuC,IAAQ,GACvB/1G,KAAKuB,KAAKkyG,EAAKqC,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAKsC,IAAQ,EAKlC,IAAIzkF,IAAQ5gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAK2C,IAAQ,GAIZ,KAAa,MAFnC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAK4C,IAAQ,GACvBj2G,KAAKuB,KAAK+xG,EAAK0C,IAAQ,KAEU,IAAO,EACrDtlG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAK2C,IAAQ,IAErB9C,IAAQ,IAAO,IAAM7hF,KAAO,IAAO,EAChDA,IAAM,SAENkJ,EAAKx6B,KAAKuB,KAAKszG,EAAKK,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKszG,EAAKM,IACRn1G,KAAKuB,KAAKuzG,EAAKI,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAKuzG,EAAKK,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKU,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKW,GAAQ,GACvBr1G,KAAKuB,KAAKozG,EAAKS,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKU,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKe,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKgB,GAAQ,GACvBv1G,KAAKuB,KAAKizG,EAAKc,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKe,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKoB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKqB,GAAQ,GACvBz1G,KAAKuB,KAAK8yG,EAAKmB,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKoB,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKyB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAK0B,IAAQ,GACvB31G,KAAKuB,KAAK2yG,EAAKwB,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKyB,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAK8B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAK+B,IAAQ,GACvB71G,KAAKuB,KAAKwyG,EAAK6B,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAK8B,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKmC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAKoC,IAAQ,GACvB/1G,KAAKuB,KAAKqyG,EAAKkC,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKmC,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAKwC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAKyC,IAAQ,GACvBj2G,KAAKuB,KAAKkyG,EAAKuC,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAKwC,IAAQ,EAKlC,IAAI1kF,IAAQ7gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAK6C,IAAQ,GAIZ,KAAa,MAFnC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAK8C,IAAQ,GACvBn2G,KAAKuB,KAAK+xG,EAAK4C,IAAQ,KAEU,IAAO,EACrDxlG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAK6C,IAAQ,IAErBhD,IAAQ,IAAO,IAAM5hF,KAAO,IAAO,EAChDA,IAAM,SAENiJ,EAAKx6B,KAAKuB,KAAKyzG,EAAKE,GAEpB/B,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKG,IACRn1G,KAAKuB,KAAK0zG,EAAKC,GAAQ,EACpC36E,EAAKv6B,KAAKuB,KAAK0zG,EAAKE,GACpB36E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKO,GAAQ,EAElCjC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKQ,GAAQ,GACvBr1G,KAAKuB,KAAKuzG,EAAKM,GAAQ,EACpC76E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKO,GAAQ,EAClC76E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKY,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKa,GAAQ,GACvBv1G,KAAKuB,KAAKozG,EAAKW,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKY,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKiB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKkB,GAAQ,GACvBz1G,KAAKuB,KAAKizG,EAAKgB,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKiB,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKsB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKuB,IAAQ,GACvB31G,KAAKuB,KAAK8yG,EAAKqB,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKsB,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAK2B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAK4B,IAAQ,GACvB71G,KAAKuB,KAAK2yG,EAAK0B,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAK2B,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKgC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKiC,IAAQ,GACvB/1G,KAAKuB,KAAKwyG,EAAK+B,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKgC,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKqC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAKsC,IAAQ,GACvBj2G,KAAKuB,KAAKqyG,EAAKoC,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKqC,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAK0C,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAK2C,IAAQ,GACvBn2G,KAAKuB,KAAKkyG,EAAKyC,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAK0C,IAAQ,EAKlC,IAAI3kF,IAAQ9gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAK8xG,EAAK+C,IAAQ,GAIZ,KAAa,MAFnCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK8xG,EAAKgD,IAAQ,GACvBr2G,KAAKuB,KAAK+xG,EAAK8C,IAAQ,KAEU,IAAO,EACrD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK+xG,EAAK+C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM3hF,KAAO,IAAO,EAChDA,IAAM,SAENgJ,EAAKx6B,KAAKuB,KAAKyzG,EAAKI,GAEpBjC,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKK,IACRr1G,KAAKuB,KAAK0zG,EAAKG,GAAQ,EACpC76E,EAAKv6B,KAAKuB,KAAK0zG,EAAKI,GACpB76E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKS,GAAQ,EAElCnC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKU,GAAQ,GACvBv1G,KAAKuB,KAAKuzG,EAAKQ,GAAQ,EACpC/6E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKS,GAAQ,EAClC/6E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKc,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKe,GAAQ,GACvBz1G,KAAKuB,KAAKozG,EAAKa,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKc,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKmB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKoB,IAAQ,GACvB31G,KAAKuB,KAAKizG,EAAKkB,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKmB,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKwB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKyB,IAAQ,GACvB71G,KAAKuB,KAAK8yG,EAAKuB,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKwB,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAK6B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAK8B,IAAQ,GACvB/1G,KAAKuB,KAAK2yG,EAAK4B,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAK6B,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKkC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKmC,IAAQ,GACvBj2G,KAAKuB,KAAKwyG,EAAKiC,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKkC,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKuC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAKwC,IAAQ,GACvBn2G,KAAKuB,KAAKqyG,EAAKsC,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKuC,IAAQ,EAKlC,IAAI1kF,IAAS/gB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKiyG,EAAK4C,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKiyG,EAAK6C,IAAQ,GACvBr2G,KAAKuB,KAAKkyG,EAAK2C,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKkyG,EAAK4C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM1hF,KAAQ,IAAO,EACjDA,IAAO,SAEP+I,EAAKx6B,KAAKuB,KAAKyzG,EAAKM,GAEpBnC,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKO,IACRv1G,KAAKuB,KAAK0zG,EAAKK,GAAQ,EACpC/6E,EAAKv6B,KAAKuB,KAAK0zG,EAAKM,GACpB/6E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKW,GAAQ,EAElCrC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKY,GAAQ,GACvBz1G,KAAKuB,KAAKuzG,EAAKU,GAAQ,EACpCj7E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKW,GAAQ,EAClCj7E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKgB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKiB,IAAQ,GACvB31G,KAAKuB,KAAKozG,EAAKe,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKgB,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKqB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKsB,IAAQ,GACvB71G,KAAKuB,KAAKizG,EAAKoB,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKqB,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAK0B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAK2B,IAAQ,GACvB/1G,KAAKuB,KAAK8yG,EAAKyB,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAK0B,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAK+B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKgC,IAAQ,GACvBj2G,KAAKuB,KAAK2yG,EAAK8B,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAK+B,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKoC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKqC,IAAQ,GACvBn2G,KAAKuB,KAAKwyG,EAAKmC,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKoC,IAAQ,EAKlC,IAAIzkF,IAAShhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKoyG,EAAKyC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKoyG,EAAK0C,IAAQ,GACvBr2G,KAAKuB,KAAKqyG,EAAKwC,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKqyG,EAAKyC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMzhF,KAAQ,IAAO,EACjDA,IAAO,SAEP8I,EAAKx6B,KAAKuB,KAAKyzG,EAAKQ,GAEpBrC,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKS,IACRz1G,KAAKuB,KAAK0zG,EAAKO,GAAQ,EACpCj7E,EAAKv6B,KAAKuB,KAAK0zG,EAAKQ,GACpBj7E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKa,GAAQ,EAElCvC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKc,IAAQ,GACvB31G,KAAKuB,KAAKuzG,EAAKY,GAAQ,EACpCn7E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKa,IAAQ,EAClCn7E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKkB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKmB,IAAQ,GACvB71G,KAAKuB,KAAKozG,EAAKiB,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKkB,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKuB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAKwB,IAAQ,GACvB/1G,KAAKuB,KAAKizG,EAAKsB,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKuB,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAK4B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAK6B,IAAQ,GACvBj2G,KAAKuB,KAAK8yG,EAAK2B,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAK4B,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKiC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKkC,IAAQ,GACvBn2G,KAAKuB,KAAK2yG,EAAKgC,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKiC,IAAQ,EAKlC,IAAIxkF,IAASjhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKuyG,EAAKsC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKuyG,EAAKuC,IAAQ,GACvBr2G,KAAKuB,KAAKwyG,EAAKqC,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKwyG,EAAKsC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMxhF,KAAQ,IAAO,EACjDA,IAAO,SAEP6I,EAAKx6B,KAAKuB,KAAKyzG,EAAKU,GAEpBvC,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKW,KACR31G,KAAKuB,KAAK0zG,EAAKS,GAAQ,EACpCn7E,EAAKv6B,KAAKuB,KAAK0zG,EAAKU,IACpBn7E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKe,IAAQ,EAElCzC,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKgB,IAAQ,GACvB71G,KAAKuB,KAAKuzG,EAAKc,IAAQ,EACpCr7E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKe,IAAQ,EAClCr7E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKoB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKqB,IAAQ,GACvB/1G,KAAKuB,KAAKozG,EAAKmB,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKoB,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAKyB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAK0B,IAAQ,GACvBj2G,KAAKuB,KAAKizG,EAAKwB,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAKyB,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAK8B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAK+B,IAAQ,GACvBn2G,KAAKuB,KAAK8yG,EAAK6B,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAK8B,IAAQ,EAKlC,IAAIvkF,IAASlhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAK0yG,EAAKmC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK0yG,EAAKoC,IAAQ,GACvBr2G,KAAKuB,KAAK2yG,EAAKkC,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK2yG,EAAKmC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMvhF,KAAQ,IAAO,EACjDA,IAAO,SAEP4I,EAAKx6B,KAAKuB,KAAKyzG,EAAKY,IAEpBzC,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKa,KACR71G,KAAKuB,KAAK0zG,EAAKW,IAAQ,EACpCr7E,EAAKv6B,KAAKuB,KAAK0zG,EAAKY,IACpBr7E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKiB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKkB,IAAQ,GACvB/1G,KAAKuB,KAAKuzG,EAAKgB,IAAQ,EACpCv7E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKiB,IAAQ,EAClCv7E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKsB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKuB,IAAQ,GACvBj2G,KAAKuB,KAAKozG,EAAKqB,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKsB,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAK2B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAK4B,IAAQ,GACvBn2G,KAAKuB,KAAKizG,EAAK0B,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAK2B,IAAQ,EAKlC,IAAItkF,IAASnhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAK6yG,EAAKgC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAK6yG,EAAKiC,IAAQ,GACvBr2G,KAAKuB,KAAK8yG,EAAK+B,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK8yG,EAAKgC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMthF,KAAQ,IAAO,EACjDA,IAAO,SAEP2I,EAAKx6B,KAAKuB,KAAKyzG,EAAKc,IAEpB3C,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKe,KACR/1G,KAAKuB,KAAK0zG,EAAKa,IAAQ,EACpCv7E,EAAKv6B,KAAKuB,KAAK0zG,EAAKc,IACpBv7E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKmB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKoB,IAAQ,GACvBj2G,KAAKuB,KAAKuzG,EAAKkB,IAAQ,EACpCz7E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKmB,IAAQ,EAClCz7E,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAKwB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAKyB,IAAQ,GACvBn2G,KAAKuB,KAAKozG,EAAKuB,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAKwB,IAAQ,EAKlC,IAAIrkF,IAASphB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKgzG,EAAK6B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKgzG,EAAK8B,IAAQ,GACvBr2G,KAAKuB,KAAKizG,EAAK4B,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKizG,EAAK6B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMrhF,KAAQ,IAAO,EACjDA,IAAO,SAEP0I,EAAKx6B,KAAKuB,KAAKyzG,EAAKgB,IAEpB7C,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKiB,KACRj2G,KAAKuB,KAAK0zG,EAAKe,IAAQ,EACpCz7E,EAAKv6B,KAAKuB,KAAK0zG,EAAKgB,IACpBz7E,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKqB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKsB,IAAQ,GACvBn2G,KAAKuB,KAAKuzG,EAAKoB,IAAQ,EACpC37E,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKqB,IAAQ,EAKlC,IAAIpkF,IAASrhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKmzG,EAAK0B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKmzG,EAAK2B,IAAQ,GACvBr2G,KAAKuB,KAAKozG,EAAKyB,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKozG,EAAK0B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMphF,KAAQ,IAAO,EACjDA,IAAO,SAEPyI,EAAKx6B,KAAKuB,KAAKyzG,EAAKkB,IAEpB/C,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKmB,KACRn2G,KAAKuB,KAAK0zG,EAAKiB,IAAQ,EACpC37E,EAAKv6B,KAAKuB,KAAK0zG,EAAKkB,IAKpB,IAAInkF,IAASthB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKszG,EAAKuB,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMnzG,KAAKuB,KAAKszG,EAAKwB,IAAQ,GACvBr2G,KAAKuB,KAAKuzG,EAAKsB,IAAQ,KAEW,IAAO,EACtD1lG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKuzG,EAAKuB,IAAQ,IAErBlD,IAAQ,IAAO,IAAMnhF,KAAQ,IAAO,EACjDA,IAAO,SAMP,IAAIC,IAASvhB,GAJb8pB,EAAKx6B,KAAKuB,KAAKyzG,EAAKoB,KAIG,KAAa,MAFpCjD,GADAA,EAAMnzG,KAAKuB,KAAKyzG,EAAKqB,KACRr2G,KAAKuB,KAAK0zG,EAAKmB,IAAQ,KAEW,IAAO,EA0BtD,OAzBA1lG,IAFA6pB,EAAKv6B,KAAKuB,KAAK0zG,EAAKoB,MAEPlD,IAAQ,IAAO,IAAMlhF,KAAQ,IAAO,EACjDA,IAAO,SACPka,EAAE,GAAKpb,GACPob,EAAE,GAAKnb,GACPmb,EAAE,GAAKlb,GACPkb,EAAE,GAAKjb,GACPib,EAAE,GAAKhb,GACPgb,EAAE,GAAK/a,GACP+a,EAAE,GAAK9a,GACP8a,EAAE,GAAK7a,GACP6a,EAAE,GAAK5a,GACP4a,EAAE,GAAK3a,GACP2a,EAAE,IAAM1a,GACR0a,EAAE,IAAMza,GACRya,EAAE,IAAMxa,GACRwa,EAAE,IAAMva,GACRua,EAAE,IAAMta,GACRsa,EAAE,IAAMra,GACRqa,EAAE,IAAMpa,GACRoa,EAAE,IAAMna,GACRma,EAAE,IAAMla,GACE,IAANvhB,IACFy7B,EAAE,IAAMz7B,EACR6/F,EAAIj7G,UAECi7G,GAiDT,SAAS+F,EAAYrkE,EAAMzW,EAAK+0E,GAE9B,OADW,IAAIgG,GACHC,KAAKvkE,EAAMzW,EAAK+0E,GAsB9B,SAASgG,EAAMn1G,EAAGoB,GAChBtO,KAAKkN,EAAIA,EACTlN,KAAKsO,EAAIA,EAvENxC,KAAKuB,OACR2xG,EAAc5C,GAiDhB16D,EAAG1gD,UAAUuhH,MAAQ,SAAgBj7E,EAAK+0E,GACxC,IAAI9sG,EACAY,EAAMnQ,KAAKoB,OAASkmC,EAAIlmC,OAW5B,OATEmO,EADkB,KAAhBvP,KAAKoB,QAAgC,KAAfkmC,EAAIlmC,OACtB49G,EAAYh/G,KAAMsnC,EAAK+0E,GACpBlsG,EAAM,GACTisG,EAAWp8G,KAAMsnC,EAAK+0E,GACnBlsG,EAAM,KArDnB,SAAmB4tC,EAAMzW,EAAK+0E,GAC5BA,EAAIxB,SAAWvzE,EAAIuzE,SAAW98D,EAAK88D,SACnCwB,EAAIj7G,OAAS28C,EAAK38C,OAASkmC,EAAIlmC,OAI/B,IAFA,IAAI+lC,EAAQ,EACRq7E,EAAU,EACLnmG,EAAI,EAAGA,EAAIggG,EAAIj7G,OAAS,EAAGib,IAAK,CAGvC,IAAIigG,EAASkG,EACbA,EAAU,EAGV,IAFA,IAAIjG,EAAgB,SAARp1E,EACRq1E,EAAO1wG,KAAKoyC,IAAI7hC,EAAGirB,EAAIlmC,OAAS,GAC3B2b,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAI0hC,EAAK38C,OAAS,GAAI2b,GAAKy/F,EAAMz/F,IAAK,CAC7D,IAAI5Z,EAAIkZ,EAAIU,EAGRhP,GAFoB,EAAhBgwC,EAAK+8D,MAAM33G,KACI,EAAfmkC,EAAIwzE,MAAM/9F,IAGdupB,EAAS,SAAJv4B,EAGTwuG,EAAa,UADbj2E,EAAMA,EAAKi2E,EAAS,GAIpBiG,IAFAlG,GAHAA,EAAUA,GAAWvuG,EAAI,SAAa,GAAM,IAGxBu4B,IAAO,IAAO,KAEZ,GACtBg2E,GAAU,SAEZD,EAAIvB,MAAMz+F,GAAKkgG,EACfp1E,EAAQm1E,EACRA,EAASkG,EAQX,OANc,IAAVr7E,EACFk1E,EAAIvB,MAAMz+F,GAAK8qB,EAEfk1E,EAAIj7G,SAGCi7G,EAAIZ,QAgBHgH,CAASziH,KAAMsnC,EAAK+0E,GAEpB+F,EAAWpiH,KAAMsnC,EAAK+0E,GAGvB9sG,GAWT8yG,EAAKrhH,UAAU0hH,QAAU,SAAkBC,GAGzC,IAFA,IAAItkG,EAAQxe,MAAM8iH,GACd5rF,EAAI2qB,EAAG1gD,UAAUo8G,WAAWuF,GAAK,EAC5Bx/G,EAAI,EAAGA,EAAIw/G,EAAGx/G,IACrBkb,EAAElb,GAAKnD,KAAK4iH,OAAOz/G,EAAG4zB,EAAG4rF,GAG3B,OAAOtkG,GAITgkG,EAAKrhH,UAAU4hH,OAAS,SAAiB11G,EAAG6pB,EAAG4rF,GAC7C,GAAU,IAANz1G,GAAWA,IAAMy1G,EAAI,EAAG,OAAOz1G,EAGnC,IADA,IAAI21G,EAAK,EACA1/G,EAAI,EAAGA,EAAI4zB,EAAG5zB,IACrB0/G,IAAW,EAAJ31G,IAAW6pB,EAAI5zB,EAAI,EAC1B+J,IAAM,EAGR,OAAO21G,GAKTR,EAAKrhH,UAAU4vE,QAAU,SAAkBkyC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GACpE,IAAK,IAAIx/G,EAAI,EAAGA,EAAIw/G,EAAGx/G,IACrB8/G,EAAK9/G,GAAK4/G,EAAID,EAAI3/G,IAClB+/G,EAAK//G,GAAK6/G,EAAIF,EAAI3/G,KAItBk/G,EAAKrhH,UAAUuH,UAAY,SAAoBw6G,EAAKC,EAAKC,EAAMC,EAAMP,EAAGG,GACtE9iH,KAAK4wE,QAAQkyC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GAExC,IAAK,IAAI1kG,EAAI,EAAGA,EAAI0kG,EAAG1kG,IAAM,EAM3B,IALA,IAAI8Y,EAAI9Y,GAAK,EAETklG,EAAQr3G,KAAKs3G,IAAI,EAAIt3G,KAAKu3G,GAAKtsF,GAC/BusF,EAAQx3G,KAAKy3G,IAAI,EAAIz3G,KAAKu3G,GAAKtsF,GAE1BtE,EAAI,EAAGA,EAAIkwF,EAAGlwF,GAAKsE,EAI1B,IAHA,IAAIysF,EAASL,EACTM,EAASH,EAEJvmG,EAAI,EAAGA,EAAIkB,EAAGlB,IAAK,CAC1B,IAAI2mG,EAAKT,EAAKxwF,EAAI1V,GACd4mG,EAAKT,EAAKzwF,EAAI1V,GAEd6mG,EAAKX,EAAKxwF,EAAI1V,EAAIkB,GAClB4lG,EAAKX,EAAKzwF,EAAI1V,EAAIkB,GAElBhQ,EAAKu1G,EAASI,EAAKH,EAASI,EAEhCA,EAAKL,EAASK,EAAKJ,EAASG,EAC5BA,EAAK31G,EAELg1G,EAAKxwF,EAAI1V,GAAK2mG,EAAKE,EACnBV,EAAKzwF,EAAI1V,GAAK4mG,EAAKE,EAEnBZ,EAAKxwF,EAAI1V,EAAIkB,GAAKylG,EAAKE,EACvBV,EAAKzwF,EAAI1V,EAAIkB,GAAK0lG,EAAKE,EAGnB9mG,IAAMga,IACR9oB,EAAKk1G,EAAQK,EAASF,EAAQG,EAE9BA,EAASN,EAAQM,EAASH,EAAQE,EAClCA,EAASv1G,KAOnBo0G,EAAKrhH,UAAU8iH,YAAc,SAAsBt3G,EAAGgB,GACpD,IAAIm1G,EAAqB,EAAjB72G,KAAKC,IAAIyB,EAAGhB,GAChBu3G,EAAU,EAAJpB,EACNx/G,EAAI,EACR,IAAKw/G,EAAIA,EAAI,EAAI,EAAGA,EAAGA,KAAU,EAC/Bx/G,IAGF,OAAO,GAAKA,EAAI,EAAI4gH,GAGtB1B,EAAKrhH,UAAUgjH,UAAY,SAAoBjB,EAAKC,EAAKL,GACvD,KAAIA,GAAK,GAET,IAAK,IAAIx/G,EAAI,EAAGA,EAAIw/G,EAAI,EAAGx/G,IAAK,CAC9B,IAAIkb,EAAI0kG,EAAI5/G,GAEZ4/G,EAAI5/G,GAAK4/G,EAAIJ,EAAIx/G,EAAI,GACrB4/G,EAAIJ,EAAIx/G,EAAI,GAAKkb,EAEjBA,EAAI2kG,EAAI7/G,GAER6/G,EAAI7/G,IAAM6/G,EAAIL,EAAIx/G,EAAI,GACtB6/G,EAAIL,EAAIx/G,EAAI,IAAMkb,IAItBgkG,EAAKrhH,UAAUijH,aAAe,SAAuBC,EAAIvB,GAEvD,IADA,IAAIx7E,EAAQ,EACHhkC,EAAI,EAAGA,EAAIw/G,EAAI,EAAGx/G,IAAK,CAC9B,IAAIq0B,EAAoC,KAAhC1rB,KAAK6rB,MAAMusF,EAAG,EAAI/gH,EAAI,GAAKw/G,GACjC72G,KAAK6rB,MAAMusF,EAAG,EAAI/gH,GAAKw/G,GACvBx7E,EAEF+8E,EAAG/gH,GAAS,SAAJq0B,EAGN2P,EADE3P,EAAI,SACE,EAEAA,EAAI,SAAY,EAI5B,OAAO0sF,GAGT7B,EAAKrhH,UAAUmjH,WAAa,SAAqBD,EAAI/zG,EAAK4yG,EAAKJ,GAE7D,IADA,IAAIx7E,EAAQ,EACHhkC,EAAI,EAAGA,EAAIgN,EAAKhN,IACvBgkC,GAAyB,EAAR+8E,EAAG/gH,GAEpB4/G,EAAI,EAAI5/G,GAAa,KAARgkC,EAAgBA,KAAkB,GAC/C47E,EAAI,EAAI5/G,EAAI,GAAa,KAARgkC,EAAgBA,KAAkB,GAIrD,IAAKhkC,EAAI,EAAIgN,EAAKhN,EAAIw/G,IAAKx/G,EACzB4/G,EAAI5/G,GAAK,EAGXqiC,EAAiB,IAAV2B,GACP3B,EAA6B,KAAb,KAAR2B,KAGVk7E,EAAKrhH,UAAUojH,KAAO,SAAezB,GAEnC,IADA,IAAI0B,EAASxkH,MAAM8iH,GACVx/G,EAAI,EAAGA,EAAIw/G,EAAGx/G,IACrBkhH,EAAGlhH,GAAK,EAGV,OAAOkhH,GAGThC,EAAKrhH,UAAUshH,KAAO,SAAep1G,EAAGoB,EAAG+tG,GACzC,IAAIsG,EAAI,EAAI3iH,KAAK8jH,YAAY52G,EAAE9L,OAAQkN,EAAElN,QAErC0hH,EAAM9iH,KAAK0iH,QAAQC,GAEnBj+D,EAAI1kD,KAAKokH,KAAKzB,GAEdI,EAAUljH,MAAM8iH,GAChB2B,EAAWzkH,MAAM8iH,GACjB4B,EAAW1kH,MAAM8iH,GAEjB6B,EAAW3kH,MAAM8iH,GACjB8B,EAAY5kH,MAAM8iH,GAClB+B,EAAY7kH,MAAM8iH,GAElBgC,EAAOtI,EAAIvB,MACf6J,EAAKvjH,OAASuhH,EAEd3iH,KAAKmkH,WAAWj3G,EAAE4tG,MAAO5tG,EAAE9L,OAAQ2hH,EAAKJ,GACxC3iH,KAAKmkH,WAAW71G,EAAEwsG,MAAOxsG,EAAElN,OAAQojH,EAAM7B,GAEzC3iH,KAAKuI,UAAUw6G,EAAKr+D,EAAG4/D,EAAMC,EAAM5B,EAAGG,GACtC9iH,KAAKuI,UAAUi8G,EAAM9/D,EAAG+/D,EAAOC,EAAO/B,EAAGG,GAEzC,IAAK,IAAI3/G,EAAI,EAAGA,EAAIw/G,EAAGx/G,IAAK,CAC1B,IAAI8K,EAAKq2G,EAAKnhH,GAAKshH,EAAMthH,GAAKohH,EAAKphH,GAAKuhH,EAAMvhH,GAC9CohH,EAAKphH,GAAKmhH,EAAKnhH,GAAKuhH,EAAMvhH,GAAKohH,EAAKphH,GAAKshH,EAAMthH,GAC/CmhH,EAAKnhH,GAAK8K,EAUZ,OAPAjO,KAAKgkH,UAAUM,EAAMC,EAAM5B,GAC3B3iH,KAAKuI,UAAU+7G,EAAMC,EAAMI,EAAMjgE,EAAGi+D,EAAGG,GACvC9iH,KAAKgkH,UAAUW,EAAMjgE,EAAGi+D,GACxB3iH,KAAKikH,aAAaU,EAAMhC,GAExBtG,EAAIxB,SAAW3tG,EAAE2tG,SAAWvsG,EAAEusG,SAC9BwB,EAAIj7G,OAAS8L,EAAE9L,OAASkN,EAAElN,OACnBi7G,EAAIZ,SAIb/5D,EAAG1gD,UAAUsM,IAAM,SAAcg6B,GAC/B,IAAI+0E,EAAM,IAAI36D,EAAG,MAEjB,OADA26D,EAAIvB,MAAYj7G,MAAMG,KAAKoB,OAASkmC,EAAIlmC,QACjCpB,KAAKuiH,MAAMj7E,EAAK+0E,IAIzB36D,EAAG1gD,UAAU4jH,KAAO,SAAet9E,GACjC,IAAI+0E,EAAM,IAAI36D,EAAG,MAEjB,OADA26D,EAAIvB,MAAYj7G,MAAMG,KAAKoB,OAASkmC,EAAIlmC,QACjCghH,EAAWpiH,KAAMsnC,EAAK+0E,IAI/B36D,EAAG1gD,UAAUqM,KAAO,SAAei6B,GACjC,OAAOtnC,KAAK2B,QAAQ4gH,MAAMj7E,EAAKtnC,OAGjC0hD,EAAG1gD,UAAU46G,MAAQ,SAAgBt0E,GACnC9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UAIb,IADA,IAAIH,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIq0B,GAAqB,EAAhBx3B,KAAK86G,MAAM33G,IAAUmkC,EAC1BhB,GAAU,SAAJ9O,IAA0B,SAAR2P,GAC5BA,IAAU,GACVA,GAAU3P,EAAI,SAAa,EAE3B2P,GAASb,IAAO,GAChBtmC,KAAK86G,MAAM33G,GAAU,SAALmjC,EAQlB,OALc,IAAVa,IACFnnC,KAAK86G,MAAM33G,GAAKgkC,EAChBnnC,KAAKoB,UAGApB,MAGT0hD,EAAG1gD,UAAU6jH,KAAO,SAAev9E,GACjC,OAAOtnC,KAAK2B,QAAQi6G,MAAMt0E,IAI5Boa,EAAG1gD,UAAU8jH,IAAM,WACjB,OAAO9kH,KAAKsN,IAAItN,OAIlB0hD,EAAG1gD,UAAU+jH,KAAO,WAClB,OAAO/kH,KAAKqN,KAAKrN,KAAK2B,UAIxB+/C,EAAG1gD,UAAUkxC,IAAM,SAAc5K,GAC/B,IAAI9P,EAxxCN,SAAqB8P,GAGnB,IAFA,IAAI9P,EAAQ33B,MAAMynC,EAAIz3B,aAEbivG,EAAM,EAAGA,EAAMtnF,EAAEp2B,OAAQ09G,IAAO,CACvC,IAAI9iF,EAAO8iF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAEjBtnF,EAAEsnF,IAAQx3E,EAAIwzE,MAAM9+E,GAAQ,GAAK+iF,KAAWA,EAG9C,OAAOvnF,EA8wCCwtF,CAAW19E,GACnB,GAAiB,IAAb9P,EAAEp2B,OAAc,OAAO,IAAIsgD,EAAG,GAIlC,IADA,IAAInyC,EAAMvP,KACDmD,EAAI,EAAGA,EAAIq0B,EAAEp2B,QACP,IAATo2B,EAAEr0B,GADsBA,IAAKoM,EAAMA,EAAIu1G,OAI7C,KAAM3hH,EAAIq0B,EAAEp2B,OACV,IAAK,IAAIsN,EAAIa,EAAIu1G,MAAO3hH,EAAIq0B,EAAEp2B,OAAQ+B,IAAKuL,EAAIA,EAAEo2G,MAClC,IAATttF,EAAEr0B,KAENoM,EAAMA,EAAIjC,IAAIoB,IAIlB,OAAOa,GAITmyC,EAAG1gD,UAAUikH,OAAS,SAAiBtmG,GACrC6mB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAC3C,IAGIxb,EAHA4K,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GACjBm3G,EAAa,WAAe,GAAKn3G,GAAQ,GAAKA,EAGlD,GAAU,IAANA,EAAS,CACX,IAAIo5B,EAAQ,EAEZ,IAAKhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CAChC,IAAIgiH,EAAWnlH,KAAK86G,MAAM33G,GAAK+hH,EAC3B1oG,GAAsB,EAAhBxc,KAAK86G,MAAM33G,IAAUgiH,GAAap3G,EAC5C/N,KAAK86G,MAAM33G,GAAKqZ,EAAI2qB,EACpBA,EAAQg+E,IAAc,GAAKp3G,EAGzBo5B,IACFnnC,KAAK86G,MAAM33G,GAAKgkC,EAChBnnC,KAAKoB,UAIT,GAAU,IAAN6c,EAAS,CACX,IAAK9a,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAChCnD,KAAK86G,MAAM33G,EAAI8a,GAAKje,KAAK86G,MAAM33G,GAGjC,IAAKA,EAAI,EAAGA,EAAI8a,EAAG9a,IACjBnD,KAAK86G,MAAM33G,GAAK,EAGlBnD,KAAKoB,QAAU6c,EAGjB,OAAOje,KAAKy7G,SAGd/5D,EAAG1gD,UAAUokH,MAAQ,SAAgBzmG,GAGnC,OADA6mB,EAAyB,IAAlBxlC,KAAK66G,UACL76G,KAAKilH,OAAOtmG,IAMrB+iC,EAAG1gD,UAAUm8G,OAAS,SAAiBx+F,EAAM0mG,EAAMC,GAEjD,IAAI/oG,EADJipB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAGzCpC,EADE8oG,GACGA,EAAQA,EAAO,IAAO,GAEvB,EAGN,IAAIt3G,EAAI4Q,EAAO,GACXV,EAAInS,KAAKoyC,KAAKv/B,EAAO5Q,GAAK,GAAI/N,KAAKoB,QACnC6wC,EAAO,SAAc,WAAclkC,GAAMA,EACzCw3G,EAAcD,EAMlB,GAHA/oG,EAAIzQ,KAAKC,IAAI,EADbwQ,GAAK0B,GAIDsnG,EAAa,CACf,IAAK,IAAIpiH,EAAI,EAAGA,EAAI8a,EAAG9a,IACrBoiH,EAAYzK,MAAM33G,GAAKnD,KAAK86G,MAAM33G,GAEpCoiH,EAAYnkH,OAAS6c,EAGvB,GAAU,IAANA,QAEG,GAAIje,KAAKoB,OAAS6c,EAEvB,IADAje,KAAKoB,QAAU6c,EACV9a,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3BnD,KAAK86G,MAAM33G,GAAKnD,KAAK86G,MAAM33G,EAAI8a,QAGjCje,KAAK86G,MAAM,GAAK,EAChB96G,KAAKoB,OAAS,EAGhB,IAAI+lC,EAAQ,EACZ,IAAKhkC,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,IAAgB,IAAVgkC,GAAehkC,GAAKoZ,GAAIpZ,IAAK,CAChE,IAAIujC,EAAuB,EAAhB1mC,KAAK86G,MAAM33G,GACtBnD,KAAK86G,MAAM33G,GAAMgkC,GAAU,GAAKp5B,EAAO24B,IAAS34B,EAChDo5B,EAAQT,EAAOuL,EAajB,OATIszE,GAAyB,IAAVp+E,IACjBo+E,EAAYzK,MAAMyK,EAAYnkH,UAAY+lC,GAGxB,IAAhBnnC,KAAKoB,SACPpB,KAAK86G,MAAM,GAAK,EAChB96G,KAAKoB,OAAS,GAGTpB,KAAKy7G,SAGd/5D,EAAG1gD,UAAUwkH,MAAQ,SAAgB7mG,EAAM0mG,EAAMC,GAG/C,OADA9/E,EAAyB,IAAlBxlC,KAAK66G,UACL76G,KAAKm9G,OAAOx+F,EAAM0mG,EAAMC,IAIjC5jE,EAAG1gD,UAAUykH,KAAO,SAAe9mG,GACjC,OAAO3e,KAAK2B,QAAQyjH,MAAMzmG,IAG5B+iC,EAAG1gD,UAAU0kH,MAAQ,SAAgB/mG,GACnC,OAAO3e,KAAK2B,QAAQsjH,OAAOtmG,IAI7B+iC,EAAG1gD,UAAU2kH,KAAO,SAAehnG,GACjC,OAAO3e,KAAK2B,QAAQ6jH,MAAM7mG,IAG5B+iC,EAAG1gD,UAAU4kH,MAAQ,SAAgBjnG,GACnC,OAAO3e,KAAK2B,QAAQw7G,OAAOx+F,IAI7B+iC,EAAG1gD,UAAU68G,MAAQ,SAAgBiB,GACnCt5E,EAAsB,iBAARs5E,GAAoBA,GAAO,GACzC,IAAI/wG,EAAI+wG,EAAM,GACV7gG,GAAK6gG,EAAM/wG,GAAK,GAChBW,EAAI,GAAKX,EAGb,QAAI/N,KAAKoB,QAAU6c,OAGXje,KAAK86G,MAAM78F,GAELvP,IAIhBgzC,EAAG1gD,UAAU6kH,OAAS,SAAiBlnG,GACrC6mB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAC3C,IAAI5Q,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GAIrB,GAFAy3B,EAAyB,IAAlBxlC,KAAK66G,SAAgB,2CAExB76G,KAAKoB,QAAU6c,EACjB,OAAOje,KAQT,GALU,IAAN+N,GACFkQ,IAEFje,KAAKoB,OAAS0K,KAAKoyC,IAAIjgC,EAAGje,KAAKoB,QAErB,IAAN2M,EAAS,CACX,IAAIkkC,EAAO,SAAc,WAAclkC,GAAMA,EAC7C/N,KAAK86G,MAAM96G,KAAKoB,OAAS,IAAM6wC,EAGjC,OAAOjyC,KAAKy7G,SAId/5D,EAAG1gD,UAAU8kH,MAAQ,SAAgBnnG,GACnC,OAAO3e,KAAK2B,QAAQkkH,OAAOlnG,IAI7B+iC,EAAG1gD,UAAU28G,MAAQ,SAAgBr2E,GAGnC,OAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAUtnC,KAAK+lH,OAAOz+E,GAGV,IAAlBtnC,KAAK66G,SACa,IAAhB76G,KAAKoB,SAAiC,EAAhBpB,KAAK86G,MAAM,IAAUxzE,GAC7CtnC,KAAK86G,MAAM,GAAKxzE,GAAuB,EAAhBtnC,KAAK86G,MAAM,IAClC96G,KAAK66G,SAAW,EACT76G,OAGTA,KAAK66G,SAAW,EAChB76G,KAAK+lH,MAAMz+E,GACXtnC,KAAK66G,SAAW,EACT76G,MAIFA,KAAK67G,OAAOv0E,IAGrBoa,EAAG1gD,UAAU66G,OAAS,SAAiBv0E,GACrCtnC,KAAK86G,MAAM,IAAMxzE,EAGjB,IAAK,IAAInkC,EAAI,EAAGA,EAAInD,KAAKoB,QAAUpB,KAAK86G,MAAM33G,IAAM,SAAWA,IAC7DnD,KAAK86G,MAAM33G,IAAM,SACbA,IAAMnD,KAAKoB,OAAS,EACtBpB,KAAK86G,MAAM33G,EAAI,GAAK,EAEpBnD,KAAK86G,MAAM33G,EAAI,KAKnB,OAFAnD,KAAKoB,OAAS0K,KAAKC,IAAI/L,KAAKoB,OAAQ+B,EAAI,GAEjCnD,MAIT0hD,EAAG1gD,UAAU+kH,MAAQ,SAAgBz+E,GAGnC,GAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAG,OAAOtnC,KAAK29G,OAAOr2E,GAEhC,GAAsB,IAAlBtnC,KAAK66G,SAIP,OAHA76G,KAAK66G,SAAW,EAChB76G,KAAK29G,MAAMr2E,GACXtnC,KAAK66G,SAAW,EACT76G,KAKT,GAFAA,KAAK86G,MAAM,IAAMxzE,EAEG,IAAhBtnC,KAAKoB,QAAgBpB,KAAK86G,MAAM,GAAK,EACvC96G,KAAK86G,MAAM,IAAM96G,KAAK86G,MAAM,GAC5B96G,KAAK66G,SAAW,OAGhB,IAAK,IAAI13G,EAAI,EAAGA,EAAInD,KAAKoB,QAAUpB,KAAK86G,MAAM33G,GAAK,EAAGA,IACpDnD,KAAK86G,MAAM33G,IAAM,SACjBnD,KAAK86G,MAAM33G,EAAI,IAAM,EAIzB,OAAOnD,KAAKy7G,SAGd/5D,EAAG1gD,UAAUglH,KAAO,SAAe1+E,GACjC,OAAOtnC,KAAK2B,QAAQg8G,MAAMr2E,IAG5Boa,EAAG1gD,UAAU8gD,KAAO,SAAexa,GACjC,OAAOtnC,KAAK2B,QAAQokH,MAAMz+E,IAG5Boa,EAAG1gD,UAAUilH,KAAO,WAGlB,OAFAjmH,KAAK66G,SAAW,EAET76G,MAGT0hD,EAAG1gD,UAAUsO,IAAM,WACjB,OAAOtP,KAAK2B,QAAQskH,QAGtBvkE,EAAG1gD,UAAUklH,aAAe,SAAuB5+E,EAAKh6B,EAAKhH,GAC3D,IACInD,EAIAq0B,EALArnB,EAAMm3B,EAAIlmC,OAASkF,EAGvBtG,KAAK87G,QAAQ3rG,GAGb,IAAIg3B,EAAQ,EACZ,IAAKhkC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CAC/Bq0B,GAA6B,EAAxBx3B,KAAK86G,MAAM33G,EAAImD,IAAc6gC,EAClC,IAAI9S,GAAwB,EAAfiT,EAAIwzE,MAAM33G,IAAUmK,EAEjC65B,IADA3P,GAAa,SAARnD,IACS,KAAQA,EAAQ,SAAa,GAC3Cr0B,KAAK86G,MAAM33G,EAAImD,GAAa,SAAJkxB,EAE1B,KAAOr0B,EAAInD,KAAKoB,OAASkF,EAAOnD,IAE9BgkC,GADA3P,GAA6B,EAAxBx3B,KAAK86G,MAAM33G,EAAImD,IAAc6gC,IACrB,GACbnnC,KAAK86G,MAAM33G,EAAImD,GAAa,SAAJkxB,EAG1B,GAAc,IAAV2P,EAAa,OAAOnnC,KAAKy7G,QAK7B,IAFAj2E,GAAkB,IAAX2B,GACPA,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAE3BgkC,GADA3P,IAAsB,EAAhBx3B,KAAK86G,MAAM33G,IAAUgkC,IACd,GACbnnC,KAAK86G,MAAM33G,GAAS,SAAJq0B,EAIlB,OAFAx3B,KAAK66G,SAAW,EAET76G,KAAKy7G,SAGd/5D,EAAG1gD,UAAUmlH,SAAW,SAAmB7+E,EAAKnZ,GAC9C,IAAI7nB,GAAQtG,KAAKoB,OAASkmC,EAAIlmC,QAE1BqN,EAAIzO,KAAK2B,QACT0M,EAAIi5B,EAGJ8+E,EAA8B,EAAxB/3G,EAAEysG,MAAMzsG,EAAEjN,OAAS,GAGf,KADdkF,EAAQ,GADMtG,KAAKo9G,WAAWgJ,MAG5B/3G,EAAIA,EAAEq3G,MAAMp/G,GACZmI,EAAEw2G,OAAO3+G,GACT8/G,EAA8B,EAAxB/3G,EAAEysG,MAAMzsG,EAAEjN,OAAS,IAI3B,IACIsN,EADAlB,EAAIiB,EAAErN,OAASiN,EAAEjN,OAGrB,GAAa,QAAT+sB,EAAgB,EAClBzf,EAAI,IAAIgzC,EAAG,OACTtgD,OAASoM,EAAI,EACfkB,EAAEosG,MAAYj7G,MAAM6O,EAAEtN,QACtB,IAAK,IAAI+B,EAAI,EAAGA,EAAIuL,EAAEtN,OAAQ+B,IAC5BuL,EAAEosG,MAAM33G,GAAK,EAIjB,IAAIkjH,EAAO53G,EAAE9M,QAAQukH,aAAa73G,EAAG,EAAGb,GAClB,IAAlB64G,EAAKxL,WACPpsG,EAAI43G,EACA33G,IACFA,EAAEosG,MAAMttG,GAAK,IAIjB,IAAK,IAAIuP,EAAIvP,EAAI,EAAGuP,GAAK,EAAGA,IAAK,CAC/B,IAAIupG,EAAmC,UAAL,EAAxB73G,EAAEqsG,MAAMzsG,EAAEjN,OAAS2b,KACE,EAA5BtO,EAAEqsG,MAAMzsG,EAAEjN,OAAS2b,EAAI,IAO1B,IAHAupG,EAAKx6G,KAAKoyC,IAAKooE,EAAKF,EAAO,EAAG,UAE9B33G,EAAEy3G,aAAa73G,EAAGi4G,EAAIvpG,GACA,IAAftO,EAAEosG,UACPyL,IACA73G,EAAEosG,SAAW,EACbpsG,EAAEy3G,aAAa73G,EAAG,EAAG0O,GAChBtO,EAAEb,WACLa,EAAEosG,UAAY,GAGdnsG,IACFA,EAAEosG,MAAM/9F,GAAKupG,GAajB,OAVI53G,GACFA,EAAE+sG,QAEJhtG,EAAEgtG,QAGW,QAATttF,GAA4B,IAAV7nB,GACpBmI,EAAE0uG,OAAO72G,GAGJ,CACLigH,IAAK73G,GAAK,KACVhB,IAAKe,IAQTizC,EAAG1gD,UAAUwlH,OAAS,SAAiBl/E,EAAKnZ,EAAMs4F,GAGhD,OAFAjhF,GAAQ8B,EAAI15B,UAER5N,KAAK4N,SACA,CACL24G,IAAK,IAAI7kE,EAAG,GACZh0C,IAAK,IAAIg0C,EAAG,IAKM,IAAlB1hD,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,UAC7BtrG,EAAMvP,KAAKi+G,MAAMuI,OAAOl/E,EAAKnZ,GAEhB,QAATA,IACFo4F,EAAMh3G,EAAIg3G,IAAItI,OAGH,QAAT9vF,IACFzgB,EAAM6B,EAAI7B,IAAIuwG,MACVwI,GAA6B,IAAjB/4G,EAAImtG,UAClBntG,EAAIT,KAAKq6B,IAIN,CACLi/E,IAAKA,EACL74G,IAAKA,IAIa,IAAlB1N,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,UAC7BtrG,EAAMvP,KAAKwmH,OAAOl/E,EAAI22E,MAAO9vF,GAEhB,QAATA,IACFo4F,EAAMh3G,EAAIg3G,IAAItI,OAGT,CACLsI,IAAKA,EACL74G,IAAK6B,EAAI7B,MAI0B,IAAlC1N,KAAK66G,SAAWvzE,EAAIuzE,WACvBtrG,EAAMvP,KAAKi+G,MAAMuI,OAAOl/E,EAAI22E,MAAO9vF,GAEtB,QAATA,IACFzgB,EAAM6B,EAAI7B,IAAIuwG,MACVwI,GAA6B,IAAjB/4G,EAAImtG,UAClBntG,EAAIP,KAAKm6B,IAIN,CACLi/E,IAAKh3G,EAAIg3G,IACT74G,IAAKA,IAOL45B,EAAIlmC,OAASpB,KAAKoB,QAAUpB,KAAKo7G,IAAI9zE,GAAO,EACvC,CACLi/E,IAAK,IAAI7kE,EAAG,GACZh0C,IAAK1N,MAKU,IAAfsnC,EAAIlmC,OACO,QAAT+sB,EACK,CACLo4F,IAAKvmH,KAAK0mH,KAAKp/E,EAAIwzE,MAAM,IACzBptG,IAAK,MAII,QAATygB,EACK,CACLo4F,IAAK,KACL74G,IAAK,IAAIg0C,EAAG1hD,KAAK28G,KAAKr1E,EAAIwzE,MAAM,MAI7B,CACLyL,IAAKvmH,KAAK0mH,KAAKp/E,EAAIwzE,MAAM,IACzBptG,IAAK,IAAIg0C,EAAG1hD,KAAK28G,KAAKr1E,EAAIwzE,MAAM,MAI7B96G,KAAKmmH,SAAS7+E,EAAKnZ,GAlF1B,IAAIo4F,EAAK74G,EAAK6B,GAsFhBmyC,EAAG1gD,UAAUulH,IAAM,SAAcj/E,GAC/B,OAAOtnC,KAAKwmH,OAAOl/E,EAAK,OAAO,GAAOi/E,KAIxC7kE,EAAG1gD,UAAU0M,IAAM,SAAc45B,GAC/B,OAAOtnC,KAAKwmH,OAAOl/E,EAAK,OAAO,GAAO55B,KAGxCg0C,EAAG1gD,UAAU2lH,KAAO,SAAer/E,GACjC,OAAOtnC,KAAKwmH,OAAOl/E,EAAK,OAAO,GAAM55B,KAIvCg0C,EAAG1gD,UAAU4lH,SAAW,SAAmBt/E,GACzC,IAAIu/E,EAAK7mH,KAAKwmH,OAAOl/E,GAGrB,GAAIu/E,EAAGn5G,IAAIE,SAAU,OAAOi5G,EAAGN,IAE/B,IAAI74G,EAA0B,IAApBm5G,EAAGN,IAAI1L,SAAiBgM,EAAGn5G,IAAIP,KAAKm6B,GAAOu/E,EAAGn5G,IAEpDgqB,EAAO4P,EAAIs+E,MAAM,GACjBkB,EAAKx/E,EAAI41E,MAAM,GACf9B,EAAM1tG,EAAI0tG,IAAI1jF,GAGlB,OAAI0jF,EAAM,GAAY,IAAP0L,GAAoB,IAAR1L,EAAkByL,EAAGN,IAGrB,IAApBM,EAAGN,IAAI1L,SAAiBgM,EAAGN,IAAIR,MAAM,GAAKc,EAAGN,IAAI5I,MAAM,IAGhEj8D,EAAG1gD,UAAU27G,KAAO,SAAer1E,GACjC9B,EAAO8B,GAAO,UAId,IAHA,IAAI7U,GAAK,GAAK,IAAM6U,EAEhBy/E,EAAM,EACD5jH,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IACpC4jH,GAAOt0F,EAAIs0F,GAAuB,EAAhB/mH,KAAK86G,MAAM33G,KAAWmkC,EAG1C,OAAOy/E,GAITrlE,EAAG1gD,UAAU47G,MAAQ,SAAgBt1E,GACnC9B,EAAO8B,GAAO,UAGd,IADA,IAAIH,EAAQ,EACHhkC,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACzC,IAAIq0B,GAAqB,EAAhBx3B,KAAK86G,MAAM33G,IAAkB,SAARgkC,EAC9BnnC,KAAK86G,MAAM33G,GAAMq0B,EAAI8P,EAAO,EAC5BH,EAAQ3P,EAAI8P,EAGd,OAAOtnC,KAAKy7G,SAGd/5D,EAAG1gD,UAAU0lH,KAAO,SAAep/E,GACjC,OAAOtnC,KAAK2B,QAAQi7G,MAAMt1E,IAG5Boa,EAAG1gD,UAAUgmH,KAAO,SAAev0F,GACjC+S,EAAsB,IAAf/S,EAAEooF,UACTr1E,GAAQ/S,EAAE7kB,UAEV,IAAIV,EAAIlN,KACJsO,EAAImkB,EAAE9wB,QAGRuL,EADiB,IAAfA,EAAE2tG,SACA3tG,EAAEy5G,KAAKl0F,GAEPvlB,EAAEvL,QAaR,IATA,IAAI2rC,EAAI,IAAIoU,EAAG,GACXnU,EAAI,IAAImU,EAAG,GAGXxuB,EAAI,IAAIwuB,EAAG,GACXlU,EAAI,IAAIkU,EAAG,GAEX1c,EAAI,EAED93B,EAAEmC,UAAYf,EAAEe,UACrBnC,EAAEiwG,OAAO,GACT7uG,EAAE6uG,OAAO,KACPn4E,EAMJ,IAHA,IAAIiiF,EAAK34G,EAAE3M,QACPulH,EAAKh6G,EAAEvL,SAEHuL,EAAEU,UAAU,CAClB,IAAK,IAAIzK,EAAI,EAAGgkH,EAAK,EAAyB,IAArBj6G,EAAE4tG,MAAM,GAAKqM,IAAahkH,EAAI,KAAMA,EAAGgkH,IAAO,GACvE,GAAIhkH,EAAI,EAEN,IADA+J,EAAEiwG,OAAOh6G,GACFA,KAAM,IACPmqC,EAAE85E,SAAW75E,EAAE65E,WACjB95E,EAAErgC,KAAKg6G,GACP15E,EAAEpgC,KAAK+5G,IAGT55E,EAAE6vE,OAAO,GACT5vE,EAAE4vE,OAAO,GAIb,IAAK,IAAIpgG,EAAI,EAAGsqG,EAAK,EAAyB,IAArB/4G,EAAEwsG,MAAM,GAAKuM,IAAatqG,EAAI,KAAMA,EAAGsqG,IAAO,GACvE,GAAItqG,EAAI,EAEN,IADAzO,EAAE6uG,OAAOpgG,GACFA,KAAM,IACPmW,EAAEk0F,SAAW55E,EAAE45E,WACjBl0F,EAAEjmB,KAAKg6G,GACPz5E,EAAErgC,KAAK+5G,IAGTh0F,EAAEiqF,OAAO,GACT3vE,EAAE2vE,OAAO,GAITjwG,EAAEkuG,IAAI9sG,IAAM,GACdpB,EAAEC,KAAKmB,GACPg/B,EAAEngC,KAAK+lB,GACPqa,EAAEpgC,KAAKqgC,KAEPl/B,EAAEnB,KAAKD,GACPgmB,EAAE/lB,KAAKmgC,GACPE,EAAErgC,KAAKogC,IAIX,MAAO,CACL9+B,EAAGykB,EACH7kB,EAAGm/B,EACHr/B,IAAKG,EAAE22G,OAAOjgF,KAOlB0c,EAAG1gD,UAAUsmH,OAAS,SAAiB70F,GACrC+S,EAAsB,IAAf/S,EAAEooF,UACTr1E,GAAQ/S,EAAE7kB,UAEV,IAAIa,EAAIzO,KACJqO,EAAIokB,EAAE9wB,QAGR8M,EADiB,IAAfA,EAAEosG,SACApsG,EAAEk4G,KAAKl0F,GAEPhkB,EAAE9M,QAQR,IALA,IAuCI4N,EAvCAub,EAAK,IAAI42B,EAAG,GACZ32B,EAAK,IAAI22B,EAAG,GAEZ6lE,EAAQl5G,EAAE1M,QAEP8M,EAAE+4G,KAAK,GAAK,GAAKn5G,EAAEm5G,KAAK,GAAK,GAAG,CACrC,IAAK,IAAIrkH,EAAI,EAAGgkH,EAAK,EAAyB,IAArB14G,EAAEqsG,MAAM,GAAKqM,IAAahkH,EAAI,KAAMA,EAAGgkH,IAAO,GACvE,GAAIhkH,EAAI,EAEN,IADAsL,EAAE0uG,OAAOh6G,GACFA,KAAM,GACP2nB,EAAGs8F,SACLt8F,EAAG7d,KAAKs6G,GAGVz8F,EAAGqyF,OAAO,GAId,IAAK,IAAIpgG,EAAI,EAAGsqG,EAAK,EAAyB,IAArBh5G,EAAEysG,MAAM,GAAKuM,IAAatqG,EAAI,KAAMA,EAAGsqG,IAAO,GACvE,GAAItqG,EAAI,EAEN,IADA1O,EAAE8uG,OAAOpgG,GACFA,KAAM,GACPgO,EAAGq8F,SACLr8F,EAAG9d,KAAKs6G,GAGVx8F,EAAGoyF,OAAO,GAIV1uG,EAAE2sG,IAAI/sG,IAAM,GACdI,EAAEtB,KAAKkB,GACPyc,EAAG3d,KAAK4d,KAER1c,EAAElB,KAAKsB,GACPsc,EAAG5d,KAAK2d,IAeZ,OATEvb,EADgB,IAAdd,EAAE+4G,KAAK,GACH18F,EAEAC,GAGAy8F,KAAK,GAAK,GAChBj4G,EAAItC,KAAKwlB,GAGJljB,GAGTmyC,EAAG1gD,UAAUmN,IAAM,SAAcm5B,GAC/B,GAAItnC,KAAK4N,SAAU,OAAO05B,EAAIh4B,MAC9B,GAAIg4B,EAAI15B,SAAU,OAAO5N,KAAKsP,MAE9B,IAAIb,EAAIzO,KAAK2B,QACT0M,EAAIi5B,EAAI3lC,QACZ8M,EAAEosG,SAAW,EACbxsG,EAAEwsG,SAAW,EAGb,IAAK,IAAIv0G,EAAQ,EAAGmI,EAAEY,UAAYhB,EAAEgB,SAAU/I,IAC5CmI,EAAE0uG,OAAO,GACT9uG,EAAE8uG,OAAO,GAGX,OAAG,CACD,KAAO1uG,EAAEY,UACPZ,EAAE0uG,OAAO,GAEX,KAAO9uG,EAAEgB,UACPhB,EAAE8uG,OAAO,GAGX,IAAIpvG,EAAIU,EAAE2sG,IAAI/sG,GACd,GAAIN,EAAI,EAAG,CAET,IAAIsQ,EAAI5P,EACRA,EAAIJ,EACJA,EAAIgQ,OACC,GAAU,IAANtQ,GAAyB,IAAdM,EAAEm5G,KAAK,GAC3B,MAGF/4G,EAAEtB,KAAKkB,GAGT,OAAOA,EAAE42G,OAAO3+G,IAIlBo7C,EAAG1gD,UAAUymH,KAAO,SAAengF,GACjC,OAAOtnC,KAAKgnH,KAAK1/E,GAAK74B,EAAEk4G,KAAKr/E,IAG/Boa,EAAG1gD,UAAUqO,OAAS,WACpB,OAA+B,IAAP,EAAhBrP,KAAK86G,MAAM,KAGrBp5D,EAAG1gD,UAAUomH,MAAQ,WACnB,OAA+B,IAAP,EAAhBpnH,KAAK86G,MAAM,KAIrBp5D,EAAG1gD,UAAUk8G,MAAQ,SAAgB51E,GACnC,OAAOtnC,KAAK86G,MAAM,GAAKxzE,GAIzBoa,EAAG1gD,UAAU0mH,MAAQ,SAAgB5I,GACnCt5E,EAAsB,iBAARs5E,GACd,IAAI/wG,EAAI+wG,EAAM,GACV7gG,GAAK6gG,EAAM/wG,GAAK,GAChBW,EAAI,GAAKX,EAGb,GAAI/N,KAAKoB,QAAU6c,EAGjB,OAFAje,KAAK87G,QAAQ79F,EAAI,GACjBje,KAAK86G,MAAM78F,IAAMvP,EACV1O,KAKT,IADA,IAAImnC,EAAQz4B,EACHvL,EAAI8a,EAAa,IAAVkpB,GAAehkC,EAAInD,KAAKoB,OAAQ+B,IAAK,CACnD,IAAIq0B,EAAoB,EAAhBx3B,KAAK86G,MAAM33G,GAEnBgkC,GADA3P,GAAK2P,KACS,GACd3P,GAAK,SACLx3B,KAAK86G,MAAM33G,GAAKq0B,EAMlB,OAJc,IAAV2P,IACFnnC,KAAK86G,MAAM33G,GAAKgkC,EAChBnnC,KAAKoB,UAEApB,MAGT0hD,EAAG1gD,UAAU4M,OAAS,WACpB,OAAuB,IAAhB5N,KAAKoB,QAAkC,IAAlBpB,KAAK86G,MAAM,IAGzCp5D,EAAG1gD,UAAUwmH,KAAO,SAAelgF,GACjC,IAOI/3B,EAPAsrG,EAAWvzE,EAAM,EAErB,GAAsB,IAAlBtnC,KAAK66G,WAAmBA,EAAU,OAAQ,EAC9C,GAAsB,IAAlB76G,KAAK66G,UAAkBA,EAAU,OAAO,EAK5C,GAHA76G,KAAKy7G,QAGDz7G,KAAKoB,OAAS,EAChBmO,EAAM,MACD,CACDsrG,IACFvzE,GAAOA,GAGT9B,EAAO8B,GAAO,SAAW,qBAEzB,IAAI9P,EAAoB,EAAhBx3B,KAAK86G,MAAM,GACnBvrG,EAAMioB,IAAM8P,EAAM,EAAI9P,EAAI8P,GAAO,EAAI,EAEvC,OAAsB,IAAlBtnC,KAAK66G,SAA8B,GAANtrG,EAC1BA,GAOTmyC,EAAG1gD,UAAUo6G,IAAM,SAAc9zE,GAC/B,GAAsB,IAAlBtnC,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,SAAgB,OAAQ,EACvD,GAAsB,IAAlB76G,KAAK66G,UAAmC,IAAjBvzE,EAAIuzE,SAAgB,OAAO,EAEtD,IAAItrG,EAAMvP,KAAK2nH,KAAKrgF,GACpB,OAAsB,IAAlBtnC,KAAK66G,SAA8B,GAANtrG,EAC1BA,GAITmyC,EAAG1gD,UAAU2mH,KAAO,SAAergF,GAEjC,GAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAQ,OAAO,EACrC,GAAIpB,KAAKoB,OAASkmC,EAAIlmC,OAAQ,OAAQ,EAGtC,IADA,IAAImO,EAAM,EACDpM,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACzC,IAAIsL,EAAoB,EAAhBzO,KAAK86G,MAAM33G,GACfkL,EAAmB,EAAfi5B,EAAIwzE,MAAM33G,GAElB,GAAIsL,IAAMJ,EAAV,CACII,EAAIJ,EACNkB,GAAO,EACEd,EAAIJ,IACbkB,EAAM,GAER,OAEF,OAAOA,GAGTmyC,EAAG1gD,UAAU4mH,IAAM,SAActgF,GAC/B,OAA0B,IAAnBtnC,KAAKwnH,KAAKlgF,IAGnBoa,EAAG1gD,UAAUmO,GAAK,SAAam4B,GAC7B,OAAyB,IAAlBtnC,KAAKo7G,IAAI9zE,IAGlBoa,EAAG1gD,UAAU6mH,KAAO,SAAevgF,GACjC,OAAOtnC,KAAKwnH,KAAKlgF,IAAQ,GAG3Boa,EAAG1gD,UAAUoO,IAAM,SAAck4B,GAC/B,OAAOtnC,KAAKo7G,IAAI9zE,IAAQ,GAG1Boa,EAAG1gD,UAAU8mH,IAAM,SAAcxgF,GAC/B,OAA2B,IAApBtnC,KAAKwnH,KAAKlgF,IAGnBoa,EAAG1gD,UAAUiO,GAAK,SAAaq4B,GAC7B,OAA0B,IAAnBtnC,KAAKo7G,IAAI9zE,IAGlBoa,EAAG1gD,UAAU+mH,KAAO,SAAezgF,GACjC,OAAOtnC,KAAKwnH,KAAKlgF,IAAQ,GAG3Boa,EAAG1gD,UAAUkO,IAAM,SAAco4B,GAC/B,OAAOtnC,KAAKo7G,IAAI9zE,IAAQ,GAG1Boa,EAAG1gD,UAAUgnH,IAAM,SAAc1gF,GAC/B,OAA0B,IAAnBtnC,KAAKwnH,KAAKlgF,IAGnBoa,EAAG1gD,UAAUuoD,GAAK,SAAajiB,GAC7B,OAAyB,IAAlBtnC,KAAKo7G,IAAI9zE,IAOlBoa,EAAGq5D,IAAM,SAAczzE,GACrB,OAAO,IAAI2gF,EAAI3gF,IAGjBoa,EAAG1gD,UAAUknH,MAAQ,SAAgBC,GAGnC,OAFA3iF,GAAQxlC,KAAK+6G,IAAK,yCAClBv1E,EAAyB,IAAlBxlC,KAAK66G,SAAgB,iCACrBsN,EAAIC,UAAUpoH,MAAMqoH,UAAUF,IAGvCzmE,EAAG1gD,UAAUsnH,QAAU,WAErB,OADA9iF,EAAOxlC,KAAK+6G,IAAK,wDACV/6G,KAAK+6G,IAAIwN,YAAYvoH,OAG9B0hD,EAAG1gD,UAAUqnH,UAAY,SAAoBF,GAE3C,OADAnoH,KAAK+6G,IAAMoN,EACJnoH,MAGT0hD,EAAG1gD,UAAUwnH,SAAW,SAAmBL,GAEzC,OADA3iF,GAAQxlC,KAAK+6G,IAAK,yCACX/6G,KAAKqoH,UAAUF,IAGxBzmE,EAAG1gD,UAAUynH,OAAS,SAAiBnhF,GAErC,OADA9B,EAAOxlC,KAAK+6G,IAAK,sCACV/6G,KAAK+6G,IAAI10G,IAAIrG,KAAMsnC,IAG5Boa,EAAG1gD,UAAU0nH,QAAU,SAAkBphF,GAEvC,OADA9B,EAAOxlC,KAAK+6G,IAAK,uCACV/6G,KAAK+6G,IAAI9tG,KAAKjN,KAAMsnC,IAG7Boa,EAAG1gD,UAAU2nH,OAAS,SAAiBrhF,GAErC,OADA9B,EAAOxlC,KAAK+6G,IAAK,sCACV/6G,KAAK+6G,IAAI3tG,IAAIpN,KAAMsnC,IAG5Boa,EAAG1gD,UAAU4nH,QAAU,SAAkBthF,GAEvC,OADA9B,EAAOxlC,KAAK+6G,IAAK,uCACV/6G,KAAK+6G,IAAI5tG,KAAKnN,KAAMsnC,IAG7Boa,EAAG1gD,UAAU6nH,OAAS,SAAiBvhF,GAErC,OADA9B,EAAOxlC,KAAK+6G,IAAK,sCACV/6G,KAAK+6G,IAAI+N,IAAI9oH,KAAMsnC,IAG5Boa,EAAG1gD,UAAU+nH,OAAS,SAAiBzhF,GAGrC,OAFA9B,EAAOxlC,KAAK+6G,IAAK,sCACjB/6G,KAAK+6G,IAAIiO,SAAShpH,KAAMsnC,GACjBtnC,KAAK+6G,IAAIztG,IAAItN,KAAMsnC,IAG5Boa,EAAG1gD,UAAUioH,QAAU,SAAkB3hF,GAGvC,OAFA9B,EAAOxlC,KAAK+6G,IAAK,sCACjB/6G,KAAK+6G,IAAIiO,SAAShpH,KAAMsnC,GACjBtnC,KAAK+6G,IAAI1tG,KAAKrN,KAAMsnC,IAG7Boa,EAAG1gD,UAAUkoH,OAAS,WAGpB,OAFA1jF,EAAOxlC,KAAK+6G,IAAK,sCACjB/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAI+J,IAAI9kH,OAGtB0hD,EAAG1gD,UAAUooH,QAAU,WAGrB,OAFA5jF,EAAOxlC,KAAK+6G,IAAK,uCACjB/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAIgK,KAAK/kH,OAIvB0hD,EAAG1gD,UAAUqoH,QAAU,WAGrB,OAFA7jF,EAAOxlC,KAAK+6G,IAAK,uCACjB/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAIuO,KAAKtpH,OAGvB0hD,EAAG1gD,UAAUuoH,QAAU,WAGrB,OAFA/jF,EAAOxlC,KAAK+6G,IAAK,uCACjB/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAI0M,KAAKznH,OAIvB0hD,EAAG1gD,UAAUwoH,OAAS,WAGpB,OAFAhkF,EAAOxlC,KAAK+6G,IAAK,sCACjB/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAIkD,IAAIj+G,OAGtB0hD,EAAG1gD,UAAUyoH,OAAS,SAAiBniF,GAGrC,OAFA9B,EAAOxlC,KAAK+6G,MAAQzzE,EAAIyzE,IAAK,qBAC7B/6G,KAAK+6G,IAAIoO,SAASnpH,MACXA,KAAK+6G,IAAI7oE,IAAIlyC,KAAMsnC,IAI5B,IAAIoiF,EAAS,CACXC,KAAM,KACNC,KAAM,KACNC,KAAM,KACNC,OAAQ,MAIV,SAASC,EAAQz+G,EAAMmnB,GAErBzyB,KAAKsL,KAAOA,EACZtL,KAAKyyB,EAAI,IAAIivB,EAAGjvB,EAAG,IACnBzyB,KAAKwM,EAAIxM,KAAKyyB,EAAE5iB,YAChB7P,KAAKqc,EAAI,IAAIqlC,EAAG,GAAGujE,OAAOjlH,KAAKwM,GAAGW,KAAKnN,KAAKyyB,GAE5CzyB,KAAK2O,IAAM3O,KAAKgqH,OA2ClB,SAASC,IACPF,EAAOjpH,KACLd,KACA,OACA,2EA+DJ,SAASkqH,IACPH,EAAOjpH,KACLd,KACA,OACA,kEAIJ,SAASmqH,IACPJ,EAAOjpH,KACLd,KACA,OACA,yDAIJ,SAASoqH,IAEPL,EAAOjpH,KACLd,KACA,QACA,uEA8CJ,SAASioH,EAAKz6G,GACZ,GAAiB,iBAANA,EAAgB,CACzB,IAAI68G,EAAQ3oE,EAAG4oE,OAAO98G,GACtBxN,KAAKwN,EAAI68G,EAAM53F,EACfzyB,KAAKqqH,MAAQA,OAEb7kF,EAAOh4B,EAAEo6G,IAAI,GAAI,kCACjB5nH,KAAKwN,EAAIA,EACTxN,KAAKqqH,MAAQ,KAkOjB,SAASE,EAAM/8G,GACby6G,EAAInnH,KAAKd,KAAMwN,GAEfxN,KAAKsG,MAAQtG,KAAKwN,EAAEqC,YAChB7P,KAAKsG,MAAQ,IAAO,IACtBtG,KAAKsG,OAAS,GAAMtG,KAAKsG,MAAQ,IAGnCtG,KAAK+N,EAAI,IAAI2zC,EAAG,GAAGujE,OAAOjlH,KAAKsG,OAC/BtG,KAAK8mH,GAAK9mH,KAAKuN,KAAKvN,KAAK+N,EAAE+2G,OAC3B9kH,KAAKwqH,KAAOxqH,KAAK+N,EAAEu5G,OAAOtnH,KAAKwN,GAE/BxN,KAAKyqH,KAAOzqH,KAAKwqH,KAAKl9G,IAAItN,KAAK+N,GAAGg4G,MAAM,GAAGQ,IAAIvmH,KAAKwN,GACpDxN,KAAKyqH,KAAOzqH,KAAKyqH,KAAK9D,KAAK3mH,KAAK+N,GAChC/N,KAAKyqH,KAAOzqH,KAAK+N,EAAEX,IAAIpN,KAAKyqH,MAta9BV,EAAO/oH,UAAUgpH,KAAO,WACtB,IAAIr7G,EAAM,IAAI+yC,EAAG,MAEjB,OADA/yC,EAAImsG,MAAYj7G,MAAMiM,KAAKmQ,KAAKjc,KAAKwM,EAAI,KAClCmC,GAGTo7G,EAAO/oH,UAAU0pH,QAAU,SAAkBpjF,GAG3C,IACI/U,EADAxkB,EAAIu5B,EAGR,GACEtnC,KAAKogB,MAAMrS,EAAG/N,KAAK2O,KAGnB4jB,GADAxkB,GADAA,EAAI/N,KAAK2qH,MAAM58G,IACTd,KAAKjN,KAAK2O,MACPkB,kBACF0iB,EAAOvyB,KAAKwM,GAErB,IAAI4uG,EAAM7oF,EAAOvyB,KAAKwM,GAAK,EAAIuB,EAAE45G,KAAK3nH,KAAKyyB,GAU3C,OATY,IAAR2oF,GACFrtG,EAAE+sG,MAAM,GAAK,EACb/sG,EAAE3M,OAAS,GACFg6G,EAAM,EACfrtG,EAAEZ,KAAKnN,KAAKyyB,GAEZ1kB,EAAE0tG,QAGG1tG,GAGTg8G,EAAO/oH,UAAUof,MAAQ,SAAgB9f,EAAO+7G,GAC9C/7G,EAAM68G,OAAOn9G,KAAKwM,EAAG,EAAG6vG,IAG1B0N,EAAO/oH,UAAU2pH,MAAQ,SAAgBrjF,GACvC,OAAOA,EAAIj6B,KAAKrN,KAAKqc,IASvB8pB,EAAS8jF,EAAMF,GAEfE,EAAKjpH,UAAUof,MAAQ,SAAgB9f,EAAO2J,GAK5C,IAHA,IAAIgoC,EAAO,QAEP4b,EAAS/hD,KAAKoyC,IAAI59C,EAAMc,OAAQ,GAC3B+B,EAAI,EAAGA,EAAI0qD,EAAQ1qD,IAC1B8G,EAAO6wG,MAAM33G,GAAK7C,EAAMw6G,MAAM33G,GAIhC,GAFA8G,EAAO7I,OAASysD,EAEZvtD,EAAMc,QAAU,EAGlB,OAFAd,EAAMw6G,MAAM,GAAK,OACjBx6G,EAAMc,OAAS,GAKjB,IAAIsH,EAAOpI,EAAMw6G,MAAM,GAGvB,IAFA7wG,EAAO6wG,MAAM7wG,EAAO7I,UAAYsH,EAAOupC,EAElC9uC,EAAI,GAAIA,EAAI7C,EAAMc,OAAQ+B,IAAK,CAClC,IAAIsgE,EAAwB,EAAjBnjE,EAAMw6G,MAAM33G,GACvB7C,EAAMw6G,MAAM33G,EAAI,KAAQsgE,EAAOxxB,IAAS,EAAMvpC,IAAS,GACvDA,EAAO+6D,EAET/6D,KAAU,GACVpI,EAAMw6G,MAAM33G,EAAI,IAAMuF,EACT,IAATA,GAAcpI,EAAMc,OAAS,GAC/Bd,EAAMc,QAAU,GAEhBd,EAAMc,QAAU,GAIpB6oH,EAAKjpH,UAAU2pH,MAAQ,SAAgBrjF,GAErCA,EAAIwzE,MAAMxzE,EAAIlmC,QAAU,EACxBkmC,EAAIwzE,MAAMxzE,EAAIlmC,OAAS,GAAK,EAC5BkmC,EAAIlmC,QAAU,EAId,IADA,IAAIklC,EAAK,EACAnjC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CACnC,IAAIq0B,EAAmB,EAAf8P,EAAIwzE,MAAM33G,GAClBmjC,GAAU,IAAJ9O,EACN8P,EAAIwzE,MAAM33G,GAAU,SAALmjC,EACfA,EAAS,GAAJ9O,GAAa8O,EAAK,SAAa,GAUtC,OANkC,IAA9BgB,EAAIwzE,MAAMxzE,EAAIlmC,OAAS,KACzBkmC,EAAIlmC,SAC8B,IAA9BkmC,EAAIwzE,MAAMxzE,EAAIlmC,OAAS,IACzBkmC,EAAIlmC,UAGDkmC,GASTnB,EAAS+jF,EAAMH,GAQf5jF,EAASgkF,EAAMJ,GASf5jF,EAASikF,EAAQL,GAEjBK,EAAOppH,UAAU2pH,MAAQ,SAAgBrjF,GAGvC,IADA,IAAIH,EAAQ,EACHhkC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CACnC,IAAIkjC,EAA0B,IAAL,EAAfiB,EAAIwzE,MAAM33G,IAAiBgkC,EACjCb,EAAU,SAALD,EACTA,KAAQ,GAERiB,EAAIwzE,MAAM33G,GAAKmjC,EACfa,EAAQd,EAKV,OAHc,IAAVc,IACFG,EAAIwzE,MAAMxzE,EAAIlmC,UAAY+lC,GAErBG,GAIToa,EAAG4oE,OAAS,SAAgBh/G,GAE1B,GAAIo+G,EAAOp+G,GAAO,OAAOo+G,EAAOp+G,GAEhC,IAAI++G,EACJ,GAAa,SAAT/+G,EACF++G,EAAQ,IAAIJ,OACP,GAAa,SAAT3+G,EACT++G,EAAQ,IAAIH,OACP,GAAa,SAAT5+G,EACT++G,EAAQ,IAAIF,MACP,IAAa,WAAT7+G,EAGT,MAAUlI,MAAM,iBAAmBkI,GAFnC++G,EAAQ,IAAID,EAMd,OAFAV,EAAOp+G,GAAQ++G,EAERA,GAkBTpC,EAAIjnH,UAAUmoH,SAAW,SAAmB16G,GAC1C+2B,EAAsB,IAAf/2B,EAAEosG,SAAgB,iCACzBr1E,EAAO/2B,EAAEssG,IAAK,oCAGhBkN,EAAIjnH,UAAUgoH,SAAW,SAAmBv6G,EAAGJ,GAC7Cm3B,EAAqC,IAA7B/2B,EAAEosG,SAAWxsG,EAAEwsG,UAAiB,iCACxCr1E,EAAO/2B,EAAEssG,KAAOtsG,EAAEssG,MAAQ1sG,EAAE0sG,IAC1B,oCAGJkN,EAAIjnH,UAAUuM,KAAO,SAAekB,GAClC,OAAIzO,KAAKqqH,MAAcrqH,KAAKqqH,MAAMK,QAAQj8G,GAAG45G,UAAUroH,MAChDyO,EAAEk4G,KAAK3mH,KAAKwN,GAAG66G,UAAUroH,OAGlCioH,EAAIjnH,UAAUi9G,IAAM,SAAcxvG,GAChC,OAAIA,EAAEb,SACGa,EAAE9M,QAGJ3B,KAAKwN,EAAEJ,IAAIqB,GAAG45G,UAAUroH,OAGjCioH,EAAIjnH,UAAUqF,IAAM,SAAcoI,EAAGJ,GACnCrO,KAAKgpH,SAASv6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEpI,IAAIgI,GAIhB,OAHIkB,EAAI6rG,IAAIp7G,KAAKwN,IAAM,GACrB+B,EAAIpC,KAAKnN,KAAKwN,GAET+B,EAAI84G,UAAUroH,OAGvBioH,EAAIjnH,UAAUiM,KAAO,SAAewB,EAAGJ,GACrCrO,KAAKgpH,SAASv6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAExB,KAAKoB,GAIjB,OAHIkB,EAAI6rG,IAAIp7G,KAAKwN,IAAM,GACrB+B,EAAIpC,KAAKnN,KAAKwN,GAET+B,GAGT04G,EAAIjnH,UAAUoM,IAAM,SAAcqB,EAAGJ,GACnCrO,KAAKgpH,SAASv6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAErB,IAAIiB,GAIhB,OAHIkB,EAAIi4G,KAAK,GAAK,GAChBj4G,EAAItC,KAAKjN,KAAKwN,GAET+B,EAAI84G,UAAUroH,OAGvBioH,EAAIjnH,UAAUmM,KAAO,SAAesB,EAAGJ,GACrCrO,KAAKgpH,SAASv6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEtB,KAAKkB,GAIjB,OAHIkB,EAAIi4G,KAAK,GAAK,GAChBj4G,EAAItC,KAAKjN,KAAKwN,GAET+B,GAGT04G,EAAIjnH,UAAU8nH,IAAM,SAAcr6G,EAAG64B,GAEnC,OADAtnC,KAAKmpH,SAAS16G,GACPzO,KAAKuN,KAAKkB,EAAEi3G,MAAMp+E,KAG3B2gF,EAAIjnH,UAAUqM,KAAO,SAAeoB,EAAGJ,GAErC,OADArO,KAAKgpH,SAASv6G,EAAGJ,GACVrO,KAAKuN,KAAKkB,EAAEpB,KAAKgB,KAG1B45G,EAAIjnH,UAAUsM,IAAM,SAAcmB,EAAGJ,GAEnC,OADArO,KAAKgpH,SAASv6G,EAAGJ,GACVrO,KAAKuN,KAAKkB,EAAEnB,IAAIe,KAGzB45G,EAAIjnH,UAAU+jH,KAAO,SAAet2G,GAClC,OAAOzO,KAAKqN,KAAKoB,EAAGA,EAAE9M,UAGxBsmH,EAAIjnH,UAAU8jH,IAAM,SAAcr2G,GAChC,OAAOzO,KAAKsN,IAAImB,EAAGA,IAGrBw5G,EAAIjnH,UAAUsoH,KAAO,SAAe76G,GAClC,GAAIA,EAAEb,SAAU,OAAOa,EAAE9M,QAEzB,IAAIipH,EAAO5qH,KAAKwN,EAAE0vG,MAAM,GAIxB,GAHA13E,EAAOolF,EAAO,GAAM,GAGP,IAATA,EAAY,CACd,IAAI14E,EAAMlyC,KAAKwN,EAAEnH,IAAI,IAAIq7C,EAAG,IAAIy7D,OAAO,GACvC,OAAOn9G,KAAKkyC,IAAIzjC,EAAGyjC,GAQrB,IAFA,IAAIxjC,EAAI1O,KAAKwN,EAAEs0C,KAAK,GAChB7jC,EAAI,GACAvP,EAAEd,UAA2B,IAAfc,EAAEwuG,MAAM,IAC5Bj/F,IACAvP,EAAEyuG,OAAO,GAEX33E,GAAQ92B,EAAEd,UAEV,IAAImC,EAAM,IAAI2xC,EAAG,GAAGwmE,MAAMloH,MACtB6qH,EAAO96G,EAAIy5G,SAIXsB,EAAO9qH,KAAKwN,EAAEs0C,KAAK,GAAGq7D,OAAO,GAC7B50E,EAAIvoC,KAAKwN,EAAEqC,YAGf,IAFA04B,EAAI,IAAImZ,EAAG,EAAInZ,EAAIA,GAAG2/E,MAAMloH,MAEW,IAAhCA,KAAKkyC,IAAI3J,EAAGuiF,GAAM1P,IAAIyP,IAC3BtiF,EAAEmgF,QAAQmC,GAOZ,IAJA,IAAIruG,EAAIxc,KAAKkyC,IAAI3J,EAAG75B,GAChBX,EAAI/N,KAAKkyC,IAAIzjC,EAAGC,EAAEs3G,KAAK,GAAG7I,OAAO,IACjC9+F,EAAIre,KAAKkyC,IAAIzjC,EAAGC,GAChBlB,EAAIyQ,EACc,IAAfI,EAAE+8F,IAAIrrG,IAAY,CAEvB,IADA,IAAIpB,EAAM0P,EACDlb,EAAI,EAAoB,IAAjBwL,EAAIysG,IAAIrrG,GAAY5M,IAClCwL,EAAMA,EAAIu6G,SAEZ1jF,EAAOriC,EAAIqK,GACX,IAAIa,EAAIrO,KAAKkyC,IAAI11B,EAAG,IAAIklC,EAAG,GAAGujE,OAAOz3G,EAAIrK,EAAI,IAE7C4K,EAAIA,EAAEg7G,OAAO16G,GACbmO,EAAInO,EAAE66G,SACN7qG,EAAIA,EAAE0qG,OAAOvsG,GACbhP,EAAIrK,EAGN,OAAO4K,GAGTk6G,EAAIjnH,UAAUymH,KAAO,SAAeh5G,GAClC,IAAIs8G,EAAMt8G,EAAE64G,OAAOtnH,KAAKwN,GACxB,OAAqB,IAAjBu9G,EAAIlQ,UACNkQ,EAAIlQ,SAAW,EACR76G,KAAKuN,KAAKw9G,GAAKvB,UAEfxpH,KAAKuN,KAAKw9G,IAIrB9C,EAAIjnH,UAAUkxC,IAAM,SAAczjC,EAAG64B,GACnC,GAAIA,EAAI15B,SAAU,OAAO,IAAI8zC,EAAG,GAAGwmE,MAAMloH,MACzC,GAAoB,IAAhBsnC,EAAIkgF,KAAK,GAAU,OAAO/4G,EAAE9M,QAEhC,IACIqpH,EAAUnrH,MAAM,IACpBmrH,EAAI,GAAK,IAAItpE,EAAG,GAAGwmE,MAAMloH,MACzBgrH,EAAI,GAAKv8G,EACT,IAAK,IAAItL,EAAI,EAAGA,EAAI6nH,EAAI5pH,OAAQ+B,IAC9B6nH,EAAI7nH,GAAKnD,KAAKsN,IAAI09G,EAAI7nH,EAAI,GAAIsL,GAGhC,IAAIc,EAAMy7G,EAAI,GACVz5C,EAAU,EACV05C,EAAa,EACbjnH,EAAQsjC,EAAIz3B,YAAc,GAK9B,IAJc,IAAV7L,IACFA,EAAQ,IAGLb,EAAImkC,EAAIlmC,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CAEpC,IADA,IAAIujC,EAAOY,EAAIwzE,MAAM33G,GACZ4Z,EAAI/Y,EAAQ,EAAG+Y,GAAK,EAAGA,IAAK,CACnC,IAAI+hG,EAAOp4E,GAAQ3pB,EAAK,EACpBxN,IAAQy7G,EAAI,KACdz7G,EAAMvP,KAAK8kH,IAAIv1G,IAGL,IAARuvG,GAAyB,IAAZvtC,GAKjBA,IAAY,EACZA,GAAWutC,GA9BE,MA+BbmM,GACwC,IAAN9nH,GAAiB,IAAN4Z,KAE7CxN,EAAMvP,KAAKsN,IAAIiC,EAAKy7G,EAAIz5C,IACxB05C,EAAa,EACb15C,EAAU,IAXR05C,EAAa,EAajBjnH,EAAQ,GAGV,OAAOuL,GAGT04G,EAAIjnH,UAAUonH,UAAY,SAAoB9gF,GAC5C,IAAIv5B,EAAIu5B,EAAIq/E,KAAK3mH,KAAKwN,GAEtB,OAAOO,IAAMu5B,EAAMv5B,EAAEpM,QAAUoM,GAGjCk6G,EAAIjnH,UAAUunH,YAAc,SAAsBjhF,GAChD,IAAI/3B,EAAM+3B,EAAI3lC,QAEd,OADA4N,EAAIwrG,IAAM,KACHxrG,GAOTmyC,EAAGwpE,KAAO,SAAe5jF,GACvB,OAAO,IAAIijF,EAAKjjF,IAmBlBnB,EAASokF,EAAMtC,GAEfsC,EAAKvpH,UAAUonH,UAAY,SAAoB9gF,GAC7C,OAAOtnC,KAAKuN,KAAK+5B,EAAIo+E,MAAM1lH,KAAKsG,SAGlCikH,EAAKvpH,UAAUunH,YAAc,SAAsBjhF,GACjD,IAAIv5B,EAAI/N,KAAKuN,KAAK+5B,EAAIh6B,IAAItN,KAAKwqH,OAE/B,OADAz8G,EAAEgtG,IAAM,KACDhtG,GAGTw8G,EAAKvpH,UAAUqM,KAAO,SAAeoB,EAAGJ,GACtC,GAAII,EAAEb,UAAYS,EAAET,SAGlB,OAFAa,EAAEqsG,MAAM,GAAK,EACbrsG,EAAErN,OAAS,EACJqN,EAGT,IAAI4P,EAAI5P,EAAEpB,KAAKgB,GACXmO,EAAI6B,EAAEynG,MAAM9lH,KAAKsG,OAAOgH,IAAItN,KAAKyqH,MAAM5E,OAAO7lH,KAAKsG,OAAOgH,IAAItN,KAAKwN,GACnE0sB,EAAI7b,EAAElR,KAAKqP,GAAG2gG,OAAOn9G,KAAKsG,OAC1BiJ,EAAM2qB,EAQV,OANIA,EAAEkhF,IAAIp7G,KAAKwN,IAAM,EACnB+B,EAAM2qB,EAAE/sB,KAAKnN,KAAKwN,GACT0sB,EAAEstF,KAAK,GAAK,IACrBj4G,EAAM2qB,EAAEjtB,KAAKjN,KAAKwN,IAGb+B,EAAI84G,UAAUroH,OAGvBuqH,EAAKvpH,UAAUsM,IAAM,SAAcmB,EAAGJ,GACpC,GAAII,EAAEb,UAAYS,EAAET,SAAU,OAAO,IAAI8zC,EAAG,GAAG2mE,UAAUroH,MAEzD,IAAIqe,EAAI5P,EAAEnB,IAAIe,GACVmO,EAAI6B,EAAEynG,MAAM9lH,KAAKsG,OAAOgH,IAAItN,KAAKyqH,MAAM5E,OAAO7lH,KAAKsG,OAAOgH,IAAItN,KAAKwN,GACnE0sB,EAAI7b,EAAElR,KAAKqP,GAAG2gG,OAAOn9G,KAAKsG,OAC1BiJ,EAAM2qB,EAOV,OANIA,EAAEkhF,IAAIp7G,KAAKwN,IAAM,EACnB+B,EAAM2qB,EAAE/sB,KAAKnN,KAAKwN,GACT0sB,EAAEstF,KAAK,GAAK,IACrBj4G,EAAM2qB,EAAEjtB,KAAKjN,KAAKwN,IAGb+B,EAAI84G,UAAUroH,OAGvBuqH,EAAKvpH,UAAUymH,KAAO,SAAeh5G,GAGnC,OADUzO,KAAKuN,KAAKkB,EAAE64G,OAAOtnH,KAAKwN,GAAGF,IAAItN,KAAK8mH,KACnCuB,UAAUroH,MAExB,CAl2GD,CAk2GoC2lC,EAAQ3lC,qFCr1G7B,MAAMuM,GAMnBzM,YAAY0M,GACV,QAAUvL,IAANuL,EACF,MAAUpJ,MAAM,4BAGlBpD,KAAKqB,MAAQ,IAAIqgD,GAAGl1C,GAGtB7K,QACE,MAAMA,EAAQ,IAAI4K,GAAW,MAE7B,OADAvM,KAAKqB,MAAM2pE,KAAKrpE,EAAMN,OACfM,EAMTkL,OAEE,OADA7M,KAAKqB,MAAM4L,KAAK,IAAIy0C,GAAG,IAChB1hD,KAOT8M,MACE,OAAO9M,KAAK2B,QAAQkL,OAMtBE,OAEE,OADA/M,KAAKqB,MAAM8L,KAAK,IAAIu0C,GAAG,IAChB1hD,KAOTgN,MACE,OAAOhN,KAAK2B,QAAQoL,OAQtBE,KAAKC,GAEH,OADAlN,KAAKqB,MAAM4L,KAAKC,EAAE7L,OACXrB,KAQTqG,IAAI6G,GACF,OAAOlN,KAAK2B,QAAQsL,KAAKC,GAO3BC,KAAKD,GAEH,OADAlN,KAAKqB,MAAM8L,KAAKD,EAAE7L,OACXrB,KAQToN,IAAIF,GACF,OAAOlN,KAAK2B,QAAQwL,KAAKD,GAO3BG,KAAKH,GAEH,OADAlN,KAAKqB,MAAMgM,KAAKH,EAAE7L,OACXrB,KAQTsN,IAAIJ,GACF,OAAOlN,KAAK2B,QAAQ0L,KAAKH,GAO3BK,KAAKC,GAEH,OADAxN,KAAKqB,MAAQrB,KAAKqB,MAAMslH,KAAKn5G,EAAEnM,OACxBrB,KAQT0N,IAAIF,GACF,OAAOxN,KAAK2B,QAAQ4L,KAAKC,GAU3BG,OAAOlJ,EAAG+H,GAIR,MAAM2+G,EAAO3+G,EAAE6C,SAAWqyC,GAAGq5D,IAAIvuG,EAAEnL,OAASqgD,GAAGwpE,KAAK1+G,EAAEnL,OAChD6L,EAAIlN,KAAK2B,QAEf,OADAuL,EAAE7L,MAAQ6L,EAAE7L,MAAM6mH,MAAMiD,GAAM1B,OAAOhlH,EAAEpD,OAAOinH,UACvCp7G,EAUTgB,OAAO1B,GAEL,IAAKxM,KAAKmO,IAAI3B,GAAGqB,QACf,MAAUzK,MAAM,0BAElB,OAAO,IAAImJ,GAAWvM,KAAKqB,MAAMomH,KAAKj7G,EAAEnL,QAQ1C8M,IAAI3B,GACF,OAAO,IAAID,GAAWvM,KAAKqB,MAAM8M,IAAI3B,EAAEnL,QAOzCuN,WAAW1B,GAET,OADAlN,KAAKqB,MAAM+jH,MAAMl4G,EAAE7L,MAAMmO,YAClBxP,KAQT6O,UAAU3B,GACR,OAAOlN,KAAK2B,QAAQiN,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADAlN,KAAKqB,MAAMmkH,MAAMt4G,EAAE7L,MAAMmO,YAClBxP,KAQT+O,WAAW7B,GACT,OAAOlN,KAAK2B,QAAQmN,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAOlN,KAAKqB,MAAMkoD,GAAGr8C,EAAE7L,OAQzB4N,GAAG/B,GACD,OAAOlN,KAAKqB,MAAM4N,GAAG/B,EAAE7L,OAQzB6N,IAAIhC,GACF,OAAOlN,KAAKqB,MAAM6N,IAAIhC,EAAE7L,OAQ1B8N,GAAGjC,GACD,OAAOlN,KAAKqB,MAAM8N,GAAGjC,EAAE7L,OAQzB+N,IAAIlC,GACF,OAAOlN,KAAKqB,MAAM+N,IAAIlC,EAAE7L,OAG1BuM,SACE,OAAO5N,KAAKqB,MAAMuM,SAGpBC,QACE,OAAO7N,KAAKqB,MAAMkoD,GAAG,IAAI7H,GAAG,IAG9Bj0C,aACE,OAAOzN,KAAKqB,MAAM28G,QAGpB3uG,SACE,OAAOrP,KAAKqB,MAAMgO,SAGpBC,MACE,MAAMC,EAAMvP,KAAK2B,QAEjB,OADA4N,EAAIlO,MAAQkO,EAAIlO,MAAMiO,MACfC,EAOT5C,WACE,OAAO3M,KAAKqB,MAAMsL,WAQpB6C,WACE,OAAOxP,KAAKqB,MAAMmO,WAQpBI,OAAOzM,GACL,OAAOnD,KAAKqB,MAAMw8G,MAAM16G,GAAK,EAAI,EAOnC0M,YACE,OAAO7P,KAAKqB,MAAMwO,YAOpBtL,aACE,OAAOvE,KAAKqB,MAAMkD,aASpB6L,aAAaC,EAAS,KAAMjP,GAC1B,OAAOpB,KAAKqB,MAAMsjD,YAAY5hD,WAAYsN,EAAQjP,QC3UlD2M,mFCEJ,IAAIg6B,EAAQsW,EAkCZ,SAAS9X,EAAMG,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EAENA,CACX,CAGA,SAAShf,EAAMge,GAEb,IADA,IAAIn2B,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,GAAOg3B,EAAMb,EAAIviC,GAAGwJ,SAAS,KAC/B,OAAO4C,CACT,CAfAw4B,EAAMC,QA9BN,SAAiBtC,EAAKU,GACpB,GAAIvmC,MAAMW,QAAQklC,GAChB,OAAOA,EAAIhkC,QACb,IAAKgkC,EACH,MAAO,GACT,IAAIn2B,EAAM,GACV,GAAmB,iBAARm2B,EAAkB,CAC3B,IAAK,IAAIviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,EAAIpM,GAAc,EAATuiC,EAAIviC,GACf,OAAOoM,EAET,GAAY,QAAR62B,EAAe,EACjBV,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1B7gB,OAAS,GAAM,IACrBskC,EAAM,IAAMA,GACd,IAASviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAK,EACnCoM,EAAI1N,KAAK2O,SAASk1B,EAAIviC,GAAKuiC,EAAIviC,EAAI,GAAI,UAEzC,IAASA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIqZ,EAAIkpB,EAAI9oB,WAAWzZ,GACnBkjC,EAAK7pB,GAAK,EACV8pB,EAAS,IAAJ9pB,EACL6pB,EACF92B,EAAI1N,KAAKwkC,EAAIC,GAEb/2B,EAAI1N,KAAKykC,GAGf,OAAO/2B,CACT,EASAw4B,EAAMxB,MAAQA,EAQdwB,EAAMrgB,MAAQA,EAEdqgB,EAAMzqB,OAAS,SAAgBw/B,EAAK1W,GAClC,MAAY,QAARA,EACK1e,EAAMo1B,GAENA,CACX,0BCvDA,IAAI/U,EAAQsW,EAKZtW,EAAMvC,OAAS4lF,GACfrjF,EAAMC,QAAUqjF,GAASrjF,QACzBD,EAAMxB,MAAQ8kF,GAAS9kF,MACvBwB,EAAMrgB,MAAQ2jG,GAAS3jG,MACvBqgB,EAAMzqB,OAAS+tG,GAAS/tG,OA8BxByqB,EAAMujF,OA3BN,SAAgBhkF,EAAK9P,GAInB,IAHA,IAAI+zF,EAAM,GACNrH,EAAK,GAAM1sF,EAAI,EACfnb,EAAIirB,EAAI3lC,QACL0a,EAAEmrG,KAAK,IAAM,GAAG,CACrB,IAAIj/E,EACJ,GAAIlsB,EAAE+qG,QAAS,CACb,IAAI15G,EAAM2O,EAAE6gG,MAAMgH,EAAK,GAErB37E,EADE76B,GAAOw2G,GAAM,GAAK,GACfA,GAAM,GAAKx2G,EAEZA,EACN2O,EAAE0pG,MAAMx9E,QAERA,EAAI,EAENgjF,EAAI1pH,KAAK0mC,GAIT,IADA,IAAIjiC,EAAuB,IAAd+V,EAAEmrG,KAAK,IAAgC,IAApBnrG,EAAE6gG,MAAMgH,EAAK,GAAa1sF,EAAI,EAAK,EAC1Dr0B,EAAI,EAAGA,EAAImD,EAAOnD,IACzBooH,EAAI1pH,KAAK,GACXwa,EAAE8gG,OAAO72G,GAGX,OAAOilH,CACT,EA0DAxjF,EAAMyjF,OAtDN,SAAgB78F,EAAIC,GAClB,IAAI68F,EAAM,CACR,GACA,IAGF98F,EAAKA,EAAGhtB,QACRitB,EAAKA,EAAGjtB,QAGR,IAFA,IAAI+pH,EAAK,EACLC,EAAK,EACFh9F,EAAG64F,MAAMkE,GAAM,GAAK98F,EAAG44F,MAAMmE,GAAM,GAAG,CAG3C,IAMI38D,EAYAC,EAIE28D,EAtBFC,EAAOl9F,EAAGuuF,MAAM,GAAKwO,EAAM,EAC3BI,EAAOl9F,EAAGsuF,MAAM,GAAKyO,EAAM,EAM/B,GALY,IAARE,IACFA,GAAO,GACG,IAARC,IACFA,GAAO,GAES,IAAP,EAAND,GACH78D,EAAK,OAMHA,EAHU,KADR48D,EAAMj9F,EAAGuuF,MAAM,GAAKwO,EAAM,IACN,IAAPE,GAAqB,IAARE,EAGvBD,GAFCA,EAOV,GAHAJ,EAAI,GAAG5pH,KAAKmtD,GAGM,IAAP,EAAN88D,GACH78D,EAAK,OAMHA,EAHU,KADR28D,EAAMh9F,EAAGsuF,MAAM,GAAKyO,EAAM,IACN,IAAPC,GAAqB,IAARC,EAGvBC,GAFCA,EAIVL,EAAI,GAAG5pH,KAAKotD,GAGR,EAAIy8D,IAAO18D,EAAK,IAClB08D,EAAK,EAAIA,GACP,EAAIC,IAAO18D,EAAK,IAClB08D,EAAK,EAAIA,GACXh9F,EAAGwuF,OAAO,GACVvuF,EAAGuuF,OAAO,GAGZ,OAAOsO,CACT,EAUA1jF,EAAMgkF,eAPN,SAAwBtrE,EAAKn1C,EAAM0gH,GACjC,IAAIh1G,EAAM,IAAM1L,EAChBm1C,EAAIz/C,UAAUsK,GAAQ,WACpB,YAAqBrK,IAAdjB,KAAKgX,GAAqBhX,KAAKgX,GAC/BhX,KAAKgX,GAAOg1G,EAASlrH,KAAKd,MAErC,EAOA+nC,EAAMkkF,WAJN,SAAoB3kH,GAClB,MAAwB,iBAAVA,EAAqBygC,EAAMC,QAAQ1gC,EAAO,OACrBA,CACrC,EAMAygC,EAAMmkF,UAHN,SAAmB5kH,GACjB,OAAO,IAAIo6C,GAAGp6C,EAAO,MAAO,KAC9B,QFnHiB,SAAc6I,GAI7B,OAHKpC,KACHA,GAAI,IAAIo+G,GAAK,OAERp+G,GAAEyiD,SAASrgD,EACpB,EAEA,SAASg8G,GAAKltE,GACZj/C,KAAKi/C,KAAOA,CACd,CACA,OAAsBktE,GAiBtB,GAfAA,GAAKnrH,UAAUwvD,SAAW,SAAkBrgD,GAC1C,OAAOnQ,KAAKosH,MAAMj8G,EACpB,EAGAg8G,GAAKnrH,UAAUorH,MAAQ,SAAe5/G,GACpC,GAAIxM,KAAKi/C,KAAK8zB,SACZ,OAAO/yE,KAAKi/C,KAAK8zB,SAASvmE,GAG5B,IADA,IAAI+C,EAAM,IAAIxM,WAAWyJ,GAChBrJ,EAAI,EAAGA,EAAIoM,EAAInO,OAAQ+B,IAC9BoM,EAAIpM,GAAKnD,KAAKi/C,KAAKotE,UACrB,OAAO98G,CACT,EAEoB,iBAATwuC,KACLA,KAAKl/B,QAAUk/B,KAAKl/B,OAAOo/B,gBAE7BkuE,GAAKnrH,UAAUorH,MAAQ,SAAe5/G,GACpC,IAAIswC,EAAM,IAAI/5C,WAAWyJ,GAEzB,OADAuxC,KAAKl/B,OAAOo/B,gBAAgBnB,GACrBA,GAEAiB,KAAKC,UAAYD,KAAKC,SAASC,gBAExCkuE,GAAKnrH,UAAUorH,MAAQ,SAAe5/G,GACpC,IAAIswC,EAAM,IAAI/5C,WAAWyJ,GAEzB,OADAuxC,KAAKC,SAASC,gBAAgBnB,GACvBA,GAIkB,iBAAX+c,SAEhBsyD,GAAKnrH,UAAUorH,MAAQ,WACrB,MAAUhpH,MAAM,8BAKpB,IACE,IAAIyb,GAASrc,UACb,GAAkC,mBAAvBqc,GAAOu/B,YAChB,MAAUh7C,MAAM,iBAElB+oH,GAAKnrH,UAAUorH,MAAQ,SAAe5/G,GACpC,OAAOqS,GAAOu/B,YAAY5xC,IAE5B,MAAO/H,eG1DX,IAAI6mH,GAASvjF,GAAMujF,OACfE,GAASzjF,GAAMyjF,OACfhmF,GAASuC,GAAMvC,OAEnB,SAAS8mF,GAAUlyG,EAAMmyG,GACvBvsH,KAAKoa,KAAOA,EACZpa,KAAKyyB,EAAI,IAAIivB,GAAG6qE,EAAK95F,EAAG,IAGxBzyB,KAAK+6G,IAAMwR,EAAKlC,MAAQ3oE,GAAGq5D,IAAIwR,EAAKlC,OAAS3oE,GAAGwpE,KAAKlrH,KAAKyyB,GAG1DzyB,KAAK8P,KAAO,IAAI4xC,GAAG,GAAGwmE,MAAMloH,KAAK+6G,KACjC/6G,KAAK+P,IAAM,IAAI2xC,GAAG,GAAGwmE,MAAMloH,KAAK+6G,KAChC/6G,KAAK6yC,IAAM,IAAI6O,GAAG,GAAGwmE,MAAMloH,KAAK+6G,KAGhC/6G,KAAKwM,EAAI+/G,EAAK//G,GAAK,IAAIk1C,GAAG6qE,EAAK//G,EAAG,IAClCxM,KAAKglC,EAAIunF,EAAKvnF,GAAKhlC,KAAKwsH,cAAcD,EAAKvnF,EAAGunF,EAAKE,MAGnDzsH,KAAK0sH,eACL1sH,KAAK2sH,eACL3sH,KAAK4sH,eACL5sH,KAAK6sH,eAGL,IAAIC,EAAc9sH,KAAKwM,GAAKxM,KAAKyyB,EAAE8zF,IAAIvmH,KAAKwM,IACvCsgH,GAAeA,EAAYtF,KAAK,KAAO,EAC1CxnH,KAAK+sH,KAAO,MAEZ/sH,KAAKgtH,eAAgB,EACrBhtH,KAAK+sH,KAAO/sH,KAAKwM,EAAE07G,MAAMloH,KAAK+6G,KAElC,CACA,OAAiBuR,GAgNjB,SAASW,GAAUr8G,EAAOwJ,GACxBpa,KAAK4Q,MAAQA,EACb5Q,KAAKoa,KAAOA,EACZpa,KAAKktH,YAAc,IACrB,CAlNAZ,GAAUtrH,UAAUmsH,MAAQ,WAC1B,MAAU/pH,MAAM,kBAClB,EAEAkpH,GAAUtrH,UAAU2kD,SAAW,WAC7B,MAAUviD,MAAM,kBAClB,EAEAkpH,GAAUtrH,UAAUosH,aAAe,SAAsB36F,EAAGpW,GAC1DmpB,GAAO/S,EAAEy6F,aACT,IAAIG,EAAU56F,EAAE66F,cAEZ/B,EAAMD,GAAOjvG,EAAG,GAChBgb,GAAK,GAAMg2F,EAAQE,KAAO,IAAOF,EAAQE,KAAO,GAAM,EAAI,EAAI,GAClEl2F,GAAK,EAIL,IADA,IAAIm2F,EAAO,GACFzwG,EAAI,EAAGA,EAAIwuG,EAAInqH,OAAQ2b,GAAKswG,EAAQE,KAAM,CACjD,IAAIE,EAAO,EACX,IAASpxG,EAAIU,EAAIswG,EAAQE,KAAO,EAAGlxG,GAAKU,EAAGV,IACzCoxG,GAAQA,GAAQ,GAAKlC,EAAIlvG,GAC3BmxG,EAAK3rH,KAAK4rH,GAKZ,IAFA,IAAIh/G,EAAIzO,KAAK0tH,OAAO,KAAM,KAAM,MAC5Br/G,EAAIrO,KAAK0tH,OAAO,KAAM,KAAM,MACvBvqH,EAAIk0B,EAAGl0B,EAAI,EAAGA,IAAK,CAC1B,IAAS4Z,EAAI,EAAGA,EAAIywG,EAAKpsH,OAAQ2b,IAAK,EAChC0wG,EAAOD,EAAKzwG,MACH5Z,EACXkL,EAAIA,EAAEs/G,SAASN,EAAQO,OAAO7wG,IACvB0wG,KAAUtqH,IACjBkL,EAAIA,EAAEs/G,SAASN,EAAQO,OAAO7wG,GAAGkhG,QAErCxvG,EAAIA,EAAEpI,IAAIgI,GAEZ,OAAOI,EAAEo/G,KACX,EAEAvB,GAAUtrH,UAAU8sH,SAAW,SAAkBr7F,EAAGpW,GAClD,IAAImb,EAAI,EAGJu2F,EAAYt7F,EAAEu7F,cAAcx2F,GAChCA,EAAIu2F,EAAU/C,IAQd,IAPA,IAAIA,EAAM+C,EAAUH,OAGhBrC,EAAMD,GAAOjvG,EAAGmb,GAGhBuvF,EAAM/mH,KAAK0tH,OAAO,KAAM,KAAM,MACzBvqH,EAAIooH,EAAInqH,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CAExC,IAASkZ,EAAI,EAAGlZ,GAAK,GAAgB,IAAXooH,EAAIpoH,GAAUA,IACtCkZ,IAKF,GAJIlZ,GAAK,GACPkZ,IACF0qG,EAAMA,EAAIkH,KAAK5xG,GAEXlZ,EAAI,EACN,MACF,IAAIolC,EAAIgjF,EAAIpoH,GACZqiC,GAAa,IAAN+C,GAIHw+E,EAHW,WAAXt0F,EAAErY,KAEAmuB,EAAI,EACAw+E,EAAI4G,SAAS3C,EAAKziF,EAAI,GAAM,IAE5Bw+E,EAAI4G,SAAS3C,GAAMziF,EAAI,GAAM,GAAG01E,OAGpC11E,EAAI,EACAw+E,EAAI1gH,IAAI2kH,EAAKziF,EAAI,GAAM,IAEvBw+E,EAAI1gH,IAAI2kH,GAAMziF,EAAI,GAAM,GAAG01E,OAGvC,MAAkB,WAAXxrF,EAAErY,KAAoB2sG,EAAI8G,MAAQ9G,CAC3C,EAEAuF,GAAUtrH,UAAUktH,YAAc,SAAqBC,EACAP,EACAQ,EACAj+G,EACAk+G,GAOrD,IANA,IAAIC,EAAWtuH,KAAK0sH,QAChB1B,EAAMhrH,KAAK2sH,QACXpB,EAAMvrH,KAAK4sH,QAGX7gH,EAAM,EACD5I,EAAI,EAAGA,EAAIgN,EAAKhN,IAAK,CAC5B,IACI4qH,GADAt7F,EAAIm7F,EAAOzqH,IACG6qH,cAAcG,GAChCG,EAASnrH,GAAK4qH,EAAU/C,IACxBA,EAAI7nH,GAAK4qH,EAAUH,OAIrB,IAASzqH,EAAIgN,EAAM,EAAGhN,GAAK,EAAGA,GAAK,EAAG,CACpC,IAAIsL,EAAItL,EAAI,EACRkL,EAAIlL,EACR,GAAoB,IAAhBmrH,EAAS7/G,IAA4B,IAAhB6/G,EAASjgH,GAAlC,CAQA,IAAIkgH,EAAO,CACTX,EAAOn/G,GACP,KACA,KACAm/G,EAAOv/G,IAI4B,IAAjCu/G,EAAOn/G,GAAGH,EAAE8sG,IAAIwS,EAAOv/G,GAAGC,IAC5BigH,EAAK,GAAKX,EAAOn/G,GAAGpI,IAAIunH,EAAOv/G,IAC/BkgH,EAAK,GAAKX,EAAOn/G,GAAG+/G,MAAMb,SAASC,EAAOv/G,GAAG4vG,QACM,IAA1C2P,EAAOn/G,GAAGH,EAAE8sG,IAAIwS,EAAOv/G,GAAGC,EAAEk7G,WACrC+E,EAAK,GAAKX,EAAOn/G,GAAG+/G,MAAMb,SAASC,EAAOv/G,IAC1CkgH,EAAK,GAAKX,EAAOn/G,GAAGpI,IAAIunH,EAAOv/G,GAAG4vG,SAElCsQ,EAAK,GAAKX,EAAOn/G,GAAG+/G,MAAMb,SAASC,EAAOv/G,IAC1CkgH,EAAK,GAAKX,EAAOn/G,GAAG+/G,MAAMb,SAASC,EAAOv/G,GAAG4vG,QAG/C,IAAIn+F,EAAQ,EACT,GACA,GACA,GACA,EACD,EACA,EACA,EACA,EACA,GAGE2rG,EAAMD,GAAO4C,EAAO3/G,GAAI2/G,EAAO//G,IACnCtC,EAAMD,KAAKC,IAAI0/G,EAAI,GAAGrqH,OAAQ2K,GAC9Bw/G,EAAI98G,GAAS5O,MAAMkM,GACnBw/G,EAAIl9G,GAASxO,MAAMkM,GACnB,IAAK,IAAIgR,EAAI,EAAGA,EAAIhR,EAAKgR,IAAK,CAC5B,IAAI0xG,EAAiB,EAAZhD,EAAI,GAAG1uG,GACZ2xG,EAAiB,EAAZjD,EAAI,GAAG1uG,GAEhBwuG,EAAI98G,GAAGsO,GAAK+C,EAAiB,GAAV2uG,EAAK,IAAUC,EAAK,IACvCnD,EAAIl9G,GAAG0O,GAAK,EACZiuG,EAAIv8G,GAAK8/G,QAhDThD,EAAI98G,GAAK68G,GAAO8C,EAAO3/G,GAAI6/G,EAAS7/G,IACpC88G,EAAIl9G,GAAKi9G,GAAO8C,EAAO//G,GAAIigH,EAASjgH,IACpCtC,EAAMD,KAAKC,IAAIw/G,EAAI98G,GAAGrN,OAAQ2K,GAC9BA,EAAMD,KAAKC,IAAIw/G,EAAIl9G,GAAGjN,OAAQ2K,GAiDlC,IAAIg7G,EAAM/mH,KAAK0tH,OAAO,KAAM,KAAM,MAC9B/+G,EAAM3O,KAAK6sH,QACf,IAAS1pH,EAAI4I,EAAK5I,GAAK,EAAGA,IAAK,CAG7B,IAFA,IAAIkZ,EAAI,EAEDlZ,GAAK,GAAG,CACb,IAAI2M,GAAO,EACX,IAASiN,EAAI,EAAGA,EAAI5M,EAAK4M,IACvBpO,EAAIoO,GAAiB,EAAZwuG,EAAIxuG,GAAG5Z,GACD,IAAXwL,EAAIoO,KACNjN,GAAO,GAEX,IAAKA,EACH,MACFuM,IACAlZ,IAKF,GAHIA,GAAK,GACPkZ,IACF0qG,EAAMA,EAAIkH,KAAK5xG,GACXlZ,EAAI,EACN,MAEF,IAAS4Z,EAAI,EAAGA,EAAI5M,EAAK4M,IAAK,CAC5B,IACI0V,EADA8V,EAAI55B,EAAIoO,GAEF,IAANwrB,IAEKA,EAAI,EACX9V,EAAIu4F,EAAIjuG,GAAIwrB,EAAI,GAAM,GACfA,EAAI,IACX9V,EAAIu4F,EAAIjuG,IAAKwrB,EAAI,GAAM,GAAG01E,OAG1B8I,EADa,WAAXt0F,EAAErY,KACE2sG,EAAI4G,SAASl7F,GAEbs0F,EAAI1gH,IAAIosB,KAIpB,IAAStvB,EAAI,EAAGA,EAAIgN,EAAKhN,IACvB6nH,EAAI7nH,GAAK,KAEX,OAAIkrH,EACKtH,EAEAA,EAAI8G,KACf,EAOAvB,GAAUW,UAAYA,GAEtBA,GAAUjsH,UAAUuoD,GAAK,WACvB,MAAUnmD,MAAM,kBAClB,EAEA6pH,GAAUjsH,UAAU2kD,SAAW,WAC7B,OAAO3lD,KAAK4Q,MAAM+0C,SAAS3lD,KAC7B,EAEAssH,GAAUtrH,UAAU2tH,YAAc,SAAqBrnH,EAAO8+B,GAC5D9+B,EAAQygC,GAAMC,QAAQ1gC,EAAO8+B,GAE7B,IAAIj2B,EAAMnQ,KAAKyyB,EAAEluB,aAGjB,IAAkB,IAAb+C,EAAM,IAA4B,IAAbA,EAAM,IAA4B,IAAbA,EAAM,KACjDA,EAAMlG,OAAS,GAAM,EAAI+O,EAS3B,OARiB,IAAb7I,EAAM,GACRk+B,GAAOl+B,EAAMA,EAAMlG,OAAS,GAAK,GAAM,GACnB,IAAbkG,EAAM,IACbk+B,GAAOl+B,EAAMA,EAAMlG,OAAS,GAAK,GAAM,GAE9BpB,KAAKmtH,MAAM7lH,EAAM5F,MAAM,EAAG,EAAIyO,GACnB7I,EAAM5F,MAAM,EAAIyO,EAAK,EAAI,EAAIA,IAG9C,IAAkB,IAAb7I,EAAM,IAA4B,IAAbA,EAAM,KAC3BA,EAAMlG,OAAS,IAAM+O,EAC/B,OAAOnQ,KAAK4uH,WAAWtnH,EAAM5F,MAAM,EAAG,EAAIyO,GAAmB,IAAb7I,EAAM,IAExD,MAAUlE,MAAM,uBAClB,EAEA6pH,GAAUjsH,UAAU6tH,iBAAmB,SAA0BzoF,GAC/D,OAAOpmC,KAAKsd,OAAO8oB,GAAK,EAC1B,EAEA6mF,GAAUjsH,UAAU8tH,QAAU,SAAiBC,GAC7C,IAAI5+G,EAAMnQ,KAAK4Q,MAAM6hB,EAAEluB,aACnB2I,EAAIlN,KAAKgvH,OAAOhnF,QAAQ,KAAM73B,GAElC,OAAI4+G,EACK,CAAE/uH,KAAKivH,OAAO5/G,SAAW,EAAO,GAAOzI,OAAOsG,GAEhD,CAAE,GAAOtG,OAAOsG,EAAGlN,KAAKivH,OAAOjnF,QAAQ,KAAM73B,GACtD,EAEA88G,GAAUjsH,UAAUsc,OAAS,SAAgB8oB,EAAK2oF,GAChD,OAAOhnF,GAAMzqB,OAAOtd,KAAK8uH,QAAQC,GAAU3oF,EAC7C,EAEA6mF,GAAUjsH,UAAUkuH,WAAa,SAAoBhpE,GACnD,GAAIlmD,KAAKktH,YACP,OAAOltH,KAET,IAAIktH,EAAc,CAChBG,QAAS,KACT9B,IAAK,KACL4D,KAAM,MAOR,OALAjC,EAAY3B,IAAMvrH,KAAKguH,cAAc,GACrCd,EAAYG,QAAUrtH,KAAKstH,YAAY,EAAGpnE,GAC1CgnE,EAAYiC,KAAOnvH,KAAKovH,WACxBpvH,KAAKktH,YAAcA,EAEZltH,IACT,EAEAitH,GAAUjsH,UAAUquH,YAAc,SAAqBhzG,GACrD,IAAKrc,KAAKktH,YACR,OAAO,EAET,IAAIG,EAAUrtH,KAAKktH,YAAYG,QAC/B,QAAKA,GAGEA,EAAQO,OAAOxsH,QAAU0K,KAAKmQ,MAAMI,EAAExM,YAAc,GAAKw9G,EAAQE,KAC1E,EAEAN,GAAUjsH,UAAUssH,YAAc,SAAqBC,EAAMrnE,GAC3D,GAAIlmD,KAAKktH,aAAeltH,KAAKktH,YAAYG,QACvC,OAAOrtH,KAAKktH,YAAYG,QAI1B,IAFA,IAAIA,EAAU,CAAErtH,MACZ+mH,EAAM/mH,KACDmD,EAAI,EAAGA,EAAI+iD,EAAO/iD,GAAKoqH,EAAM,CACpC,IAAK,IAAIxwG,EAAI,EAAGA,EAAIwwG,EAAMxwG,IACxBgqG,EAAMA,EAAIuI,MACZjC,EAAQxrH,KAAKklH,GAEf,MAAO,CACLwG,KAAMA,EACNK,OAAQP,EAEZ,EAEAJ,GAAUjsH,UAAUgtH,cAAgB,SAAuBhD,GACzD,GAAIhrH,KAAKktH,aAAeltH,KAAKktH,YAAY3B,IACvC,OAAOvrH,KAAKktH,YAAY3B,IAK1B,IAHA,IAAIh8G,EAAM,CAAEvP,MACR+L,GAAO,GAAKi/G,GAAO,EACnBsE,EAAc,IAARvjH,EAAY,KAAO/L,KAAKsvH,MACzBnsH,EAAI,EAAGA,EAAI4I,EAAK5I,IACvBoM,EAAIpM,GAAKoM,EAAIpM,EAAI,GAAGkD,IAAIipH,GAC1B,MAAO,CACLtE,IAAKA,EACL4C,OAAQr+G,EAEZ,EAEA09G,GAAUjsH,UAAUouH,SAAW,WAC7B,OAAO,IACT,EAEAnC,GAAUjsH,UAAUitH,KAAO,SAAc5xG,GAEvC,IADA,IAAItO,EAAI/N,KACCmD,EAAI,EAAGA,EAAIkZ,EAAGlZ,IACrB4K,EAAIA,EAAEuhH,MACR,OAAOvhH,CACT,EC9WA,IAAIy3B,GAASuC,GAAMvC,OAEnB,SAAS+pF,GAAWhD,GAClBiD,GAAK1uH,KAAKd,KAAM,QAASusH,GAEzBvsH,KAAKyO,EAAI,IAAIizC,GAAG6qE,EAAK99G,EAAG,IAAIy5G,MAAMloH,KAAK+6G,KACvC/6G,KAAKqO,EAAI,IAAIqzC,GAAG6qE,EAAKl+G,EAAG,IAAI65G,MAAMloH,KAAK+6G,KACvC/6G,KAAKyvH,KAAOzvH,KAAK6yC,IAAI02E,UAErBvpH,KAAK0vH,MAAqC,IAA7B1vH,KAAKyO,EAAE65G,UAAUd,KAAK,GACnCxnH,KAAK2vH,OAAmD,IAA1C3vH,KAAKyO,EAAE65G,UAAUl7G,IAAIpN,KAAKyyB,GAAG+0F,MAAM,GAGjDxnH,KAAK4vH,KAAO5vH,KAAK6vH,iBAAiBtD,GAClCvsH,KAAK8vH,mBACL9vH,KAAK+vH,kBACP,CACA5pF,GAASopF,GAAYC,IACrB,OAAiBD,GAiOjB,SAASS,GAAMp/G,EAAO1D,EAAGoB,EAAG2hH,GAC1BT,GAAKvC,UAAUnsH,KAAKd,KAAM4Q,EAAO,UACvB,OAAN1D,GAAoB,OAANoB,GAChBtO,KAAKkN,EAAI,KACTlN,KAAKsO,EAAI,KACTtO,KAAKkwH,KAAM,IAEXlwH,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IAEf2hH,IACFjwH,KAAKkN,EAAEs7G,SAASxoH,KAAK4Q,MAAMmqG,KAC3B/6G,KAAKsO,EAAEk6G,SAASxoH,KAAK4Q,MAAMmqG,MAExB/6G,KAAKkN,EAAE6tG,MACV/6G,KAAKkN,EAAIlN,KAAKkN,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKsO,EAAEysG,MACV/6G,KAAKsO,EAAItO,KAAKsO,EAAE45G,MAAMloH,KAAK4Q,MAAMmqG,MACnC/6G,KAAKkwH,KAAM,EAEf,CA2NA,SAASC,GAAOv/G,EAAO1D,EAAGoB,EAAGi6B,GAC3BinF,GAAKvC,UAAUnsH,KAAKd,KAAM4Q,EAAO,YACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANi6B,GAC9BvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMb,IACpB/P,KAAKsO,EAAItO,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAI,IAAImZ,GAAG,KAEhB1hD,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IACnBtO,KAAKuoC,EAAI,IAAImZ,GAAGnZ,EAAG,KAEhBvoC,KAAKkN,EAAE6tG,MACV/6G,KAAKkN,EAAIlN,KAAKkN,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKsO,EAAEysG,MACV/6G,KAAKsO,EAAItO,KAAKsO,EAAE45G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKuoC,EAAEwyE,MACV/6G,KAAKuoC,EAAIvoC,KAAKuoC,EAAE2/E,MAAMloH,KAAK4Q,MAAMmqG,MAEnC/6G,KAAKowH,KAAOpwH,KAAKuoC,IAAMvoC,KAAK4Q,MAAMb,GACpC,CCpfA,SAASsgH,GAAU9D,GACjBiD,GAAK1uH,KAAKd,KAAM,OAAQusH,GAExBvsH,KAAKyO,EAAI,IAAIizC,GAAG6qE,EAAK99G,EAAG,IAAIy5G,MAAMloH,KAAK+6G,KACvC/6G,KAAKqO,EAAI,IAAIqzC,GAAG6qE,EAAKl+G,EAAG,IAAI65G,MAAMloH,KAAK+6G,KACvC/6G,KAAKswH,GAAK,IAAI5uE,GAAG,GAAGwmE,MAAMloH,KAAK+6G,KAAKwO,UACpCvpH,KAAK6yC,IAAM,IAAI6O,GAAG,GAAGwmE,MAAMloH,KAAK+6G,KAGhC/6G,KAAKuwH,IAAMvwH,KAAKswH,GAAGvH,OAAO/oH,KAAKyO,EAAEg6G,OAAOzoH,KAAK6yC,KAC/C,CDSA08E,GAAWvuH,UAAU6uH,iBAAmB,SAA0BtD,GAEhE,GAAKvsH,KAAK0vH,OAAU1vH,KAAKglC,GAAMhlC,KAAKwM,GAAwB,IAAnBxM,KAAKyyB,EAAEkqF,KAAK,GAArD,CAIA,IAAIwS,EACAqB,EACJ,GAAIjE,EAAK4C,KACPA,EAAO,IAAIztE,GAAG6qE,EAAK4C,KAAM,IAAIjH,MAAMloH,KAAK+6G,SACnC,CACL,IAAI0V,EAAQzwH,KAAK0wH,cAAc1wH,KAAKyyB,GAGpC08F,GADAA,EAAOsB,EAAM,GAAGrV,IAAIqV,EAAM,IAAM,EAAIA,EAAM,GAAKA,EAAM,IACzCvI,MAAMloH,KAAK+6G,KAEzB,GAAIwR,EAAKiE,OACPA,EAAS,IAAI9uE,GAAG6qE,EAAKiE,OAAQ,QACxB,CAEL,IAAIG,EAAU3wH,KAAK0wH,cAAc1wH,KAAKwM,GACsB,IAAxDxM,KAAKglC,EAAE13B,IAAIqjH,EAAQ,IAAIzjH,EAAEkuG,IAAIp7G,KAAKglC,EAAE93B,EAAE67G,OAAOoG,IAC/CqB,EAASG,EAAQ,IAEjBH,EAASG,EAAQ,GACjBnrF,GAA2D,IAApDxlC,KAAKglC,EAAE13B,IAAIkjH,GAAQtjH,EAAEkuG,IAAIp7G,KAAKglC,EAAE93B,EAAE67G,OAAOoG,MAiBpD,MAAO,CACLA,KAAMA,EACNqB,OAAQA,EACRI,MAdErE,EAAKqE,MACCrE,EAAKqE,MAAMtoH,KAAI,SAASuoH,GAC9B,MAAO,CACLpiH,EAAG,IAAIizC,GAAGmvE,EAAIpiH,EAAG,IACjBJ,EAAG,IAAIqzC,GAAGmvE,EAAIxiH,EAAG,QAIbrO,KAAK8wH,cAAcN,IAQ/B,EAEAjB,GAAWvuH,UAAU0vH,cAAgB,SAAuBppF,GAI1D,IAAIyzE,EAAMzzE,IAAQtnC,KAAKyyB,EAAIzyB,KAAK+6G,IAAMr5D,GAAGwpE,KAAK5jF,GAC1CmoF,EAAO,IAAI/tE,GAAG,GAAGwmE,MAAMnN,GAAKwO,UAC5BwH,EAAQtB,EAAKjG,SAEbvrG,EAAI,IAAIyjC,GAAG,GAAGwmE,MAAMnN,GAAKyO,SAASH,UAAUN,OAAO0G,GAIvD,MAAO,CAFEsB,EAAMtI,OAAOxqG,GAAGqqG,UAChByI,EAAMpI,OAAO1qG,GAAGqqG,UAE3B,EAEAiH,GAAWvuH,UAAU8vH,cAAgB,SAAuBN,GA2B1D,IAzBA,IAYItR,EACAjlE,EAEAolE,EACAnlE,EAEAslE,EACArlE,EAEA62E,EAEAjjH,EACAb,EAxBA+jH,EAAWjxH,KAAKwM,EAAEo5G,MAAM95G,KAAKsP,MAAMpb,KAAKwM,EAAEqD,YAAc,IAIxDqqB,EAAIs2F,EACJt4E,EAAIl4C,KAAKwM,EAAE7K,QACXmpB,EAAK,IAAI42B,GAAG,GACZr2B,EAAK,IAAIq2B,GAAG,GACZ32B,EAAK,IAAI22B,GAAG,GACZp2B,EAAK,IAAIo2B,GAAG,GAaZv+C,EAAI,EAGa,IAAd+2B,EAAEstF,KAAK,IAAU,CACtB,IAAI94G,EAAIwpC,EAAEquE,IAAIrsF,GACdnsB,EAAImqC,EAAE9qC,IAAIsB,EAAEpB,IAAI4sB,IAChBhtB,EAAI6d,EAAG3d,IAAIsB,EAAEpB,IAAIwd,IACjB,IAAIxc,EAAIgd,EAAGle,IAAIsB,EAAEpB,IAAI+d,IAErB,IAAKg0F,GAAMtxG,EAAEqtG,IAAI6V,GAAY,EAC3B/R,EAAK8R,EAAM/S,MACXhkE,EAAKnvB,EACLu0F,EAAKtxG,EAAEkwG,MACP/jE,EAAKhtC,OACA,GAAImyG,GAAc,KAANl8G,EACjB,MAEF6tH,EAAQjjH,EAERmqC,EAAIhe,EACJA,EAAInsB,EACJgd,EAAKD,EACLA,EAAK5d,EACLoe,EAAKD,EACLA,EAAK/c,EAEPkxG,EAAKzxG,EAAEkwG,MACP9jE,EAAKjtC,EAEL,IAAIgkH,EAAO7R,EAAGyF,MAAMz+G,IAAI6zC,EAAG4qE,OAiB3B,OAhBWtF,EAAGsF,MAAMz+G,IAAI8zC,EAAG2qE,OAClB1J,IAAI8V,IAAS,IACpB1R,EAAKN,EACL/kE,EAAKF,GAIHolE,EAAGxE,WACLwE,EAAKA,EAAGpB,MACR/jE,EAAKA,EAAG+jE,OAENuB,EAAG3E,WACL2E,EAAKA,EAAGvB,MACR9jE,EAAKA,EAAG8jE,OAGH,CACL,CAAExvG,EAAG4wG,EAAIhxG,EAAG6rC,GACZ,CAAEzrC,EAAOJ,EAAG8rC,GAEhB,EAEAo1E,GAAWvuH,UAAUmwH,WAAa,SAAoB90G,GACpD,IAAIu0G,EAAQ5wH,KAAK4vH,KAAKgB,MAClBQ,EAAKR,EAAM,GACXS,EAAKT,EAAM,GAEXhjG,EAAKyjG,EAAGhjH,EAAEf,IAAI+O,GAAGuqG,SAAS5mH,KAAKwM,GAC/BqhB,EAAKujG,EAAG/iH,EAAE4vG,MAAM3wG,IAAI+O,GAAGuqG,SAAS5mH,KAAKwM,GAErCm2B,EAAK/U,EAAGtgB,IAAI8jH,EAAG3iH,GACfm0B,EAAK/U,EAAGvgB,IAAI+jH,EAAG5iH,GACfirB,EAAK9L,EAAGtgB,IAAI8jH,EAAG/iH,GACfsrB,EAAK9L,EAAGvgB,IAAI+jH,EAAGhjH,GAKnB,MAAO,CAAEsgB,GAFAtS,EAAEjP,IAAIu1B,GAAIv1B,IAAIw1B,GAENhU,GADR8K,EAAGrzB,IAAIszB,GAAIskF,MAEtB,EAEAsR,GAAWvuH,UAAU4tH,WAAa,SAAoB1hH,EAAG62G,IACvD72G,EAAI,IAAIw0C,GAAGx0C,EAAG,KACP6tG,MACL7tG,EAAIA,EAAEg7G,MAAMloH,KAAK+6G,MAEnB,IAAIzvF,EAAKpe,EAAEg8G,SAASH,OAAO77G,GAAGw7G,QAAQx7G,EAAE67G,OAAO/oH,KAAKyO,IAAIi6G,QAAQ1oH,KAAKqO,GACjEC,EAAIgd,EAAG+9F,UACX,GAA6C,IAAzC/6G,EAAE46G,SAASP,OAAOr9F,GAAI8vF,IAAIp7G,KAAK8P,MACjC,MAAU1M,MAAM,iBAIlB,IAAIgkH,EAAQ94G,EAAEg6G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3B94G,EAAIA,EAAEk7G,UAEDxpH,KAAKmtH,MAAMjgH,EAAGoB,EACvB,EAEAihH,GAAWvuH,UAAU2kD,SAAW,SAAkBwnE,GAChD,GAAIA,EAAM+C,IACR,OAAO,EAET,IAAIhjH,EAAIigH,EAAMjgH,EACVoB,EAAI6+G,EAAM7+G,EAEVgjH,EAAKtxH,KAAKyO,EAAEs6G,OAAO77G,GACnBqkH,EAAMrkH,EAAEg8G,SAASH,OAAO77G,GAAGw7G,QAAQ4I,GAAI5I,QAAQ1oH,KAAKqO,GACxD,OAA2C,IAApCC,EAAE46G,SAASN,QAAQ2I,GAAK/J,KAAK,EACtC,EAEA+H,GAAWvuH,UAAUwwH,gBACjB,SAAyB5D,EAAQQ,EAAQC,GAG3C,IAFA,IAAIoD,EAAUzxH,KAAK8vH,YACf4B,EAAU1xH,KAAK+vH,YACV5sH,EAAI,EAAGA,EAAIyqH,EAAOxsH,OAAQ+B,IAAK,CACtC,IAAIid,EAAQpgB,KAAKmxH,WAAW/C,EAAOjrH,IAC/BsvB,EAAIm7F,EAAOzqH,GACXgsH,EAAO18F,EAAE28F,WAEThvG,EAAMuO,GAAGksF,WACXz6F,EAAMuO,GAAGovF,OACTtrF,EAAIA,EAAEwrF,KAAI,IAER79F,EAAMwO,GAAGisF,WACXz6F,EAAMwO,GAAGmvF,OACToR,EAAOA,EAAKlR,KAAI,IAGlBwT,EAAY,EAAJtuH,GAASsvB,EACjBg/F,EAAY,EAAJtuH,EAAQ,GAAKgsH,EACrBuC,EAAY,EAAJvuH,GAASid,EAAMuO,GACvB+iG,EAAY,EAAJvuH,EAAQ,GAAKid,EAAMwO,GAK7B,IAHA,IAAIrf,EAAMvP,KAAKkuH,YAAY,EAAGuD,EAASC,EAAa,EAAJvuH,EAAOkrH,GAG9CtxG,EAAI,EAAGA,EAAQ,EAAJ5Z,EAAO4Z,IACzB00G,EAAQ10G,GAAK,KACb20G,EAAQ30G,GAAK,KAEf,OAAOxN,CACT,EAuBA42B,GAAS6pF,GAAOR,GAAKvC,WAErBsC,GAAWvuH,UAAUmsH,MAAQ,SAAejgH,EAAGoB,EAAG2hH,GAChD,OAAO,IAAID,GAAMhwH,KAAMkN,EAAGoB,EAAG2hH,EAC/B,EAEAV,GAAWvuH,UAAUwrH,cAAgB,SAAuB/rE,EAAKs6D,GAC/D,OAAOiV,GAAM2B,SAAS3xH,KAAMygD,EAAKs6D,EACnC,EAEAiV,GAAMhvH,UAAUouH,SAAW,WACzB,GAAKpvH,KAAK4Q,MAAMg/G,KAAhB,CAGA,IAAIgC,EAAM5xH,KAAKktH,YACf,GAAI0E,GAAOA,EAAIzC,KACb,OAAOyC,EAAIzC,KAEb,IAAIA,EAAOnvH,KAAK4Q,MAAMu8G,MAAMntH,KAAKkN,EAAE67G,OAAO/oH,KAAK4Q,MAAMg/G,KAAKT,MAAOnvH,KAAKsO,GACtE,GAAIsjH,EAAK,CACP,IAAIhhH,EAAQ5Q,KAAK4Q,MACbihH,EAAU,SAASp/F,GACrB,OAAO7hB,EAAMu8G,MAAM16F,EAAEvlB,EAAE67G,OAAOn4G,EAAMg/G,KAAKT,MAAO18F,EAAEnkB,IAEpDsjH,EAAIzC,KAAOA,EACXA,EAAKjC,YAAc,CACjBiC,KAAM,KACN5D,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAOtlH,IAAIupH,IAE7BxE,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAOtlH,IAAIupH,KAIrC,OAAO1C,EACT,EAEAa,GAAMhvH,UAAU67G,OAAS,WACvB,OAAK78G,KAAKktH,YAGH,CAAEltH,KAAKkN,EAAGlN,KAAKsO,EAAGtO,KAAKktH,aAAe,CAC3CG,QAASrtH,KAAKktH,YAAYG,SAAW,CACnCE,KAAMvtH,KAAKktH,YAAYG,QAAQE,KAC/BK,OAAQ5tH,KAAKktH,YAAYG,QAAQO,OAAOlsH,MAAM,IAEhD6pH,IAAKvrH,KAAKktH,YAAY3B,KAAO,CAC3BP,IAAKhrH,KAAKktH,YAAY3B,IAAIP,IAC1B4C,OAAQ5tH,KAAKktH,YAAY3B,IAAIqC,OAAOlsH,MAAM,MATrC,CAAE1B,KAAKkN,EAAGlN,KAAKsO,EAY1B,EAEA0hH,GAAM2B,SAAW,SAAkB/gH,EAAO6vC,EAAKs6D,GAC1B,iBAARt6D,IACTA,EAAMqxE,KAAKnnH,MAAM81C,IACnB,IAAIlxC,EAAMqB,EAAMu8G,MAAM1sE,EAAI,GAAIA,EAAI,GAAIs6D,GACtC,IAAKt6D,EAAI,GACP,OAAOlxC,EAET,SAASwiH,EAAUtxE,GACjB,OAAO7vC,EAAMu8G,MAAM1sE,EAAI,GAAIA,EAAI,GAAIs6D,GAGrC,IAAI6W,EAAMnxE,EAAI,GAYd,OAXAlxC,EAAI29G,YAAc,CAChBiC,KAAM,KACN9B,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQ,CAAEr+G,GAAM3I,OAAOgrH,EAAIvE,QAAQO,OAAOtlH,IAAIypH,KAEhDxG,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQ,CAAEr+G,GAAM3I,OAAOgrH,EAAIrG,IAAIqC,OAAOtlH,IAAIypH,MAGvCxiH,CACT,EAEAygH,GAAMhvH,UAAUg7G,QAAU,WACxB,OAAIh8G,KAAKgyH,aACA,sBACF,gBAAkBhyH,KAAKkN,EAAEo7G,UAAU37G,SAAS,GAAI,GACnD,OAAS3M,KAAKsO,EAAEg6G,UAAU37G,SAAS,GAAI,GAAK,GAClD,EAEAqjH,GAAMhvH,UAAUgxH,WAAa,WAC3B,OAAOhyH,KAAKkwH,GACd,EAEAF,GAAMhvH,UAAUqF,IAAM,SAAaosB,GAEjC,GAAIzyB,KAAKkwH,IACP,OAAOz9F,EAGT,GAAIA,EAAEy9F,IACJ,OAAOlwH,KAGT,GAAIA,KAAKupD,GAAG92B,GACV,OAAOzyB,KAAKsvH,MAGd,GAAItvH,KAAKi+G,MAAM10D,GAAG92B,GAChB,OAAOzyB,KAAK4Q,MAAMu8G,MAAM,KAAM,MAGhC,GAAwB,IAApBntH,KAAKkN,EAAEkuG,IAAI3oF,EAAEvlB,GACf,OAAOlN,KAAK4Q,MAAMu8G,MAAM,KAAM,MAEhC,IAAI3wG,EAAIxc,KAAKsO,EAAEq6G,OAAOl2F,EAAEnkB,GACN,IAAdkO,EAAEgrG,KAAK,KACThrG,EAAIA,EAAEusG,OAAO/oH,KAAKkN,EAAEy7G,OAAOl2F,EAAEvlB,GAAGq8G,YAClC,IAAI0I,EAAKz1G,EAAE0sG,SAASN,QAAQ5oH,KAAKkN,GAAG07G,QAAQn2F,EAAEvlB,GAC1CglH,EAAK11G,EAAEusG,OAAO/oH,KAAKkN,EAAEy7G,OAAOsJ,IAAKrJ,QAAQ5oH,KAAKsO,GAClD,OAAOtO,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMhvH,UAAUsuH,IAAM,WACpB,GAAItvH,KAAKkwH,IACP,OAAOlwH,KAGT,IAAImyH,EAAMnyH,KAAKsO,EAAEm6G,OAAOzoH,KAAKsO,GAC7B,GAAoB,IAAhB6jH,EAAI3K,KAAK,GACX,OAAOxnH,KAAK4Q,MAAMu8G,MAAM,KAAM,MAEhC,IAAI1+G,EAAIzO,KAAK4Q,MAAMnC,EAEfsc,EAAK/qB,KAAKkN,EAAEg8G,SACZkJ,EAAQD,EAAI5I,UACZ/sG,EAAIuO,EAAG09F,OAAO19F,GAAI29F,QAAQ39F,GAAI29F,QAAQj6G,GAAGs6G,OAAOqJ,GAEhDH,EAAKz1G,EAAE0sG,SAASN,QAAQ5oH,KAAKkN,EAAEu7G,OAAOzoH,KAAKkN,IAC3CglH,EAAK11G,EAAEusG,OAAO/oH,KAAKkN,EAAEy7G,OAAOsJ,IAAKrJ,QAAQ5oH,KAAKsO,GAClD,OAAOtO,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMhvH,UAAUguH,KAAO,WACrB,OAAOhvH,KAAKkN,EAAEo7G,SAChB,EAEA0H,GAAMhvH,UAAUiuH,KAAO,WACrB,OAAOjvH,KAAKsO,EAAEg6G,SAChB,EAEA0H,GAAMhvH,UAAUsM,IAAM,SAAa+O,GAEjC,OADAA,EAAI,IAAIqlC,GAAGrlC,EAAG,IACVrc,KAAKgyH,aACAhyH,KACAA,KAAKqvH,YAAYhzG,GACjBrc,KAAK4Q,MAAMw8G,aAAaptH,KAAMqc,GAC9Brc,KAAK4Q,MAAMg/G,KACX5vH,KAAK4Q,MAAM4gH,gBAAgB,CAAExxH,MAAQ,CAAEqc,IAEvCrc,KAAK4Q,MAAMk9G,SAAS9tH,KAAMqc,EACrC,EAEA2zG,GAAMhvH,UAAUqxH,OAAS,SAAgB1jG,EAAIiU,EAAIhU,GAC/C,IAAIg/F,EAAS,CAAE5tH,KAAM4iC,GACjBwrF,EAAS,CAAEz/F,EAAIC,GACnB,OAAI5uB,KAAK4Q,MAAMg/G,KACN5vH,KAAK4Q,MAAM4gH,gBAAgB5D,EAAQQ,GAEnCpuH,KAAK4Q,MAAMs9G,YAAY,EAAGN,EAAQQ,EAAQ,EACrD,EAEA4B,GAAMhvH,UAAUsxH,QAAU,SAAiB3jG,EAAIiU,EAAIhU,GACjD,IAAIg/F,EAAS,CAAE5tH,KAAM4iC,GACjBwrF,EAAS,CAAEz/F,EAAIC,GACnB,OAAI5uB,KAAK4Q,MAAMg/G,KACN5vH,KAAK4Q,MAAM4gH,gBAAgB5D,EAAQQ,GAAQ,GAE3CpuH,KAAK4Q,MAAMs9G,YAAY,EAAGN,EAAQQ,EAAQ,GAAG,EACxD,EAEA4B,GAAMhvH,UAAUuoD,GAAK,SAAY92B,GAC/B,OAAOzyB,OAASyyB,GACTzyB,KAAKkwH,MAAQz9F,EAAEy9F,MACVlwH,KAAKkwH,KAA2B,IAApBlwH,KAAKkN,EAAEkuG,IAAI3oF,EAAEvlB,IAAgC,IAApBlN,KAAKsO,EAAE8sG,IAAI3oF,EAAEnkB,GAChE,EAEA0hH,GAAMhvH,UAAUi9G,IAAM,SAAasU,GACjC,GAAIvyH,KAAKkwH,IACP,OAAOlwH,KAET,IAAIuP,EAAMvP,KAAK4Q,MAAMu8G,MAAMntH,KAAKkN,EAAGlN,KAAKsO,EAAEk7G,UAC1C,GAAI+I,GAAevyH,KAAKktH,YAAa,CACnC,IAAI0E,EAAM5xH,KAAKktH,YACXsF,EAAS,SAAS//F,GACpB,OAAOA,EAAEwrF,OAEX1uG,EAAI29G,YAAc,CAChB3B,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAOtlH,IAAIkqH,IAE7BnF,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAOtlH,IAAIkqH,KAIrC,OAAOjjH,CACT,EAEAygH,GAAMhvH,UAAUwtH,IAAM,WACpB,OAAIxuH,KAAKkwH,IACAlwH,KAAK4Q,MAAM88G,OAAO,KAAM,KAAM,MAE7B1tH,KAAK4Q,MAAM88G,OAAO1tH,KAAKkN,EAAGlN,KAAKsO,EAAGtO,KAAK4Q,MAAMb,IAEzD,EAsBAo2B,GAASgqF,GAAQX,GAAKvC,WAEtBsC,GAAWvuH,UAAU0sH,OAAS,SAAgBxgH,EAAGoB,EAAGi6B,GAClD,OAAO,IAAI4nF,GAAOnwH,KAAMkN,EAAGoB,EAAGi6B,EAChC,EAEA4nF,GAAOnvH,UAAU6sH,IAAM,WACrB,GAAI7tH,KAAKgyH,aACP,OAAOhyH,KAAK4Q,MAAMu8G,MAAM,KAAM,MAEhC,IAAIsF,EAAOzyH,KAAKuoC,EAAEghF,UACdmJ,EAAQD,EAAKvJ,SACboI,EAAKtxH,KAAKkN,EAAE67G,OAAO2J,GACnBC,EAAK3yH,KAAKsO,EAAEy6G,OAAO2J,GAAO3J,OAAO0J,GAErC,OAAOzyH,KAAK4Q,MAAMu8G,MAAMmE,EAAIqB,EAC9B,EAEAxC,GAAOnvH,UAAUi9G,IAAM,WACrB,OAAOj+G,KAAK4Q,MAAM88G,OAAO1tH,KAAKkN,EAAGlN,KAAKsO,EAAEk7G,SAAUxpH,KAAKuoC,EACzD,EAEA4nF,GAAOnvH,UAAUqF,IAAM,SAAaosB,GAElC,GAAIzyB,KAAKgyH,aACP,OAAOv/F,EAGT,GAAIA,EAAEu/F,aACJ,OAAOhyH,KAGT,IAAI4yH,EAAMngG,EAAE8V,EAAE2gF,SACV/8F,EAAKnsB,KAAKuoC,EAAE2gF,SACZl6D,EAAKhvD,KAAKkN,EAAE67G,OAAO6J,GACnB3jE,EAAKx8B,EAAEvlB,EAAE67G,OAAO58F,GAChBK,EAAKxsB,KAAKsO,EAAEy6G,OAAO6J,EAAI7J,OAAOt2F,EAAE8V,IAChC9b,EAAKgG,EAAEnkB,EAAEy6G,OAAO58F,EAAG48F,OAAO/oH,KAAKuoC,IAE/BhsB,EAAIyyC,EAAG25D,OAAO15D,GACdlhD,EAAIye,EAAGm8F,OAAOl8F,GAClB,GAAkB,IAAdlQ,EAAEirG,KAAK,GACT,OAAkB,IAAdz5G,EAAEy5G,KAAK,GACFxnH,KAAK4Q,MAAM88G,OAAO,KAAM,KAAM,MAE9B1tH,KAAKsvH,MAGhB,IAAIrtF,EAAK1lB,EAAE2sG,SACPhnF,EAAKD,EAAG8mF,OAAOxsG,GACf27B,EAAI8W,EAAG+5D,OAAO9mF,GAEdgwF,EAAKlkH,EAAEm7G,SAASR,QAAQxmF,GAAI0mF,QAAQ1wE,GAAG0wE,QAAQ1wE,GAC/Cg6E,EAAKnkH,EAAEg7G,OAAO7wE,EAAE0wE,QAAQqJ,IAAKrJ,QAAQp8F,EAAGu8F,OAAO7mF,IAC/C2wF,EAAK7yH,KAAKuoC,EAAEwgF,OAAOt2F,EAAE8V,GAAGwgF,OAAOxsG,GAEnC,OAAOvc,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAU2sH,SAAW,SAAkBl7F,GAE5C,GAAIzyB,KAAKgyH,aACP,OAAOv/F,EAAE+7F,MAGX,GAAI/7F,EAAEu/F,aACJ,OAAOhyH,KAGT,IAAImsB,EAAKnsB,KAAKuoC,EAAE2gF,SACZl6D,EAAKhvD,KAAKkN,EACV+hD,EAAKx8B,EAAEvlB,EAAE67G,OAAO58F,GAChBK,EAAKxsB,KAAKsO,EACVme,EAAKgG,EAAEnkB,EAAEy6G,OAAO58F,GAAI48F,OAAO/oH,KAAKuoC,GAEhChsB,EAAIyyC,EAAG25D,OAAO15D,GACdlhD,EAAIye,EAAGm8F,OAAOl8F,GAClB,GAAkB,IAAdlQ,EAAEirG,KAAK,GACT,OAAkB,IAAdz5G,EAAEy5G,KAAK,GACFxnH,KAAK4Q,MAAM88G,OAAO,KAAM,KAAM,MAE9B1tH,KAAKsvH,MAGhB,IAAIrtF,EAAK1lB,EAAE2sG,SACPhnF,EAAKD,EAAG8mF,OAAOxsG,GACf27B,EAAI8W,EAAG+5D,OAAO9mF,GAEdgwF,EAAKlkH,EAAEm7G,SAASR,QAAQxmF,GAAI0mF,QAAQ1wE,GAAG0wE,QAAQ1wE,GAC/Cg6E,EAAKnkH,EAAEg7G,OAAO7wE,EAAE0wE,QAAQqJ,IAAKrJ,QAAQp8F,EAAGu8F,OAAO7mF,IAC/C2wF,EAAK7yH,KAAKuoC,EAAEwgF,OAAOxsG,GAEvB,OAAOvc,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAUitH,KAAO,SAAc/7E,GACpC,GAAY,IAARA,EACF,OAAOlyC,KACT,GAAIA,KAAKgyH,aACP,OAAOhyH,KACT,IAAKkyC,EACH,OAAOlyC,KAAKsvH,MAEd,GAAItvH,KAAK4Q,MAAM8+G,OAAS1vH,KAAK4Q,MAAM++G,OAAQ,CAEzC,IADA,IAAI5hH,EAAI/N,KACCmD,EAAI,EAAGA,EAAI+uC,EAAK/uC,IACvB4K,EAAIA,EAAEuhH,MACR,OAAOvhH,EAKT,IAAIU,EAAIzO,KAAK4Q,MAAMnC,EACfghH,EAAOzvH,KAAK4Q,MAAM6+G,KAElBqD,EAAK9yH,KAAKkN,EACV6lH,EAAK/yH,KAAKsO,EACV0kH,EAAKhzH,KAAKuoC,EACV0qF,EAAMD,EAAG9J,SAASA,SAGlBgK,EAAMH,EAAGtK,OAAOsK,GACpB,IAAS5vH,EAAI,EAAGA,EAAI+uC,EAAK/uC,IAAK,CAC5B,IAAIgwH,EAAML,EAAG5J,SACTkK,EAAOF,EAAIhK,SACXmK,EAAOD,EAAKlK,SACZ1sG,EAAI22G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQj6G,EAAEs6G,OAAOkK,IAElDhoG,EAAK6nG,EAAG/J,OAAOqK,GACfnB,EAAKz1G,EAAE0sG,SAASN,QAAQ39F,EAAGw9F,OAAOx9F,IAClCC,EAAKD,EAAG29F,QAAQqJ,GAChBqB,EAAM92G,EAAEusG,OAAO79F,GACnBooG,EAAMA,EAAI5K,QAAQ4K,GAAK1K,QAAQyK,GAC/B,IAAIR,EAAKK,EAAInK,OAAOiK,GAChB7vH,EAAI,EAAI+uC,IACV+gF,EAAMA,EAAIlK,OAAOsK,IAEnBP,EAAKb,EACLe,EAAKH,EACLK,EAAMI,EAGR,OAAOtzH,KAAK4Q,MAAM88G,OAAOoF,EAAII,EAAInK,OAAO0G,GAAOuD,EACjD,EAEA7C,GAAOnvH,UAAUsuH,IAAM,WACrB,OAAItvH,KAAKgyH,aACAhyH,KAELA,KAAK4Q,MAAM8+G,MACN1vH,KAAKuzH,WACLvzH,KAAK4Q,MAAM++G,OACX3vH,KAAKwzH,YAELxzH,KAAKyzH,MAChB,EAEAtD,GAAOnvH,UAAUuyH,SAAW,WAC1B,IAAItB,EACAC,EACAW,EAEJ,GAAI7yH,KAAKowH,KAAM,CAMb,IAAIn1F,EAAKj7B,KAAKkN,EAAEg8G,SAEZ/tF,EAAKn7B,KAAKsO,EAAE46G,SAEZwK,EAAOv4F,EAAG+tF,SAEVjrG,EAAIje,KAAKkN,EAAEu7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GACvDz1G,EAAIA,EAAEyqG,QAAQzqG,GAEd,IAAIzQ,EAAIytB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAE1B5c,EAAI7Q,EAAE07G,SAASN,QAAQ3qG,GAAG2qG,QAAQ3qG,GAGlC01G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GAGtB1B,EAAK5zG,EAEL6zG,EAAK1kH,EAAEu7G,OAAO9qG,EAAE2qG,QAAQvqG,IAAIuqG,QAAQ+K,GAEpCd,EAAK7yH,KAAKsO,EAAEm6G,OAAOzoH,KAAKsO,OACnB,CAML,IAAIG,EAAIzO,KAAKkN,EAAEg8G,SAEX76G,EAAIrO,KAAKsO,EAAE46G,SAEX1sG,EAAInO,EAAE66G,SAENpgG,EAAI9oB,KAAKkN,EAAEu7G,OAAOp6G,GAAG66G,SAASN,QAAQn6G,GAAGm6G,QAAQpsG,GACrDsM,EAAIA,EAAE4/F,QAAQ5/F,GAEd,IAAIrkB,EAAIgK,EAAEg6G,OAAOh6G,GAAGi6G,QAAQj6G,GAExBs2B,EAAItgC,EAAEykH,SAGN0K,EAAKp3G,EAAEksG,QAAQlsG,GAEnBo3G,GADAA,EAAKA,EAAGlL,QAAQkL,IACRlL,QAAQkL,GAGhB3B,EAAKltF,EAAE6jF,QAAQ9/F,GAAG8/F,QAAQ9/F,GAE1BopG,EAAKztH,EAAEskH,OAAOjgG,EAAE8/F,QAAQqJ,IAAKrJ,QAAQgL,GAGrCf,GADAA,EAAK7yH,KAAKsO,EAAEy6G,OAAO/oH,KAAKuoC,IAChBmgF,QAAQmK,GAGlB,OAAO7yH,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAUwyH,UAAY,WAC3B,IAAIvB,EACAC,EACAW,EAEJ,GAAI7yH,KAAKowH,KAAM,CAMb,IAAIn1F,EAAKj7B,KAAKkN,EAAEg8G,SAEZ/tF,EAAKn7B,KAAKsO,EAAE46G,SAEZwK,EAAOv4F,EAAG+tF,SAEVjrG,EAAIje,KAAKkN,EAAEu7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GACvDz1G,EAAIA,EAAEyqG,QAAQzqG,GAEd,IAAIzQ,EAAIytB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAAIytF,QAAQ1oH,KAAK4Q,MAAMnC,GAEjD4P,EAAI7Q,EAAE07G,SAASN,QAAQ3qG,GAAG2qG,QAAQ3qG,GAEtCg0G,EAAK5zG,EAEL,IAAIs1G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GACtBzB,EAAK1kH,EAAEu7G,OAAO9qG,EAAE2qG,QAAQvqG,IAAIuqG,QAAQ+K,GAEpCd,EAAK7yH,KAAKsO,EAAEm6G,OAAOzoH,KAAKsO,OACnB,CAKL,IAAIi5G,EAAQvnH,KAAKuoC,EAAE2gF,SAEf2K,EAAQ7zH,KAAKsO,EAAE46G,SAEfiG,EAAOnvH,KAAKkN,EAAE67G,OAAO8K,GAErBC,EAAQ9zH,KAAKkN,EAAEy7G,OAAOpB,GAAOwB,OAAO/oH,KAAKkN,EAAEu7G,OAAOlB,IACtDuM,EAAQA,EAAMrL,OAAOqL,GAAOpL,QAAQoL,GAEpC,IAAIC,EAAQ5E,EAAKzG,QAAQyG,GAErB6E,GADJD,EAAQA,EAAMrL,QAAQqL,IACJtL,OAAOsL,GACzB9B,EAAK6B,EAAM5K,SAASN,QAAQoL,GAE5BnB,EAAK7yH,KAAKsO,EAAEm6G,OAAOzoH,KAAKuoC,GAAG2gF,SAASN,QAAQiL,GAAOjL,QAAQrB,GAE3D,IAAI0M,EAAUJ,EAAM3K,SAGpB+K,GADAA,GADAA,EAAUA,EAAQvL,QAAQuL,IACRvL,QAAQuL,IACRvL,QAAQuL,GAC1B/B,EAAK4B,EAAM/K,OAAOgL,EAAMnL,QAAQqJ,IAAKrJ,QAAQqL,GAG/C,OAAOj0H,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAUyyH,KAAO,WACtB,IAAIhlH,EAAIzO,KAAK4Q,MAAMnC,EAGfqkH,EAAK9yH,KAAKkN,EACV6lH,EAAK/yH,KAAKsO,EACV0kH,EAAKhzH,KAAKuoC,EACV0qF,EAAMD,EAAG9J,SAASA,SAElBiK,EAAML,EAAG5J,SACTgL,EAAMnB,EAAG7J,SAET1sG,EAAI22G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQj6G,EAAEs6G,OAAOkK,IAElDkB,EAAOrB,EAAGrK,OAAOqK,GAEjB7nG,GADJkpG,EAAOA,EAAKzL,QAAQyL,IACNpL,OAAOmL,GACjBjC,EAAKz1G,EAAE0sG,SAASN,QAAQ39F,EAAGw9F,OAAOx9F,IAClCC,EAAKD,EAAG29F,QAAQqJ,GAEhBmC,EAAOF,EAAIhL,SAGfkL,GADAA,GADAA,EAAOA,EAAK1L,QAAQ0L,IACR1L,QAAQ0L,IACR1L,QAAQ0L,GACpB,IAAIlC,EAAK11G,EAAEusG,OAAO79F,GAAI09F,QAAQwL,GAC1BvB,EAAKE,EAAGtK,OAAOsK,GAAIhK,OAAOiK,GAE9B,OAAOhzH,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAUqzH,KAAO,WACtB,IAAKr0H,KAAK4Q,MAAM8+G,MACd,OAAO1vH,KAAKsvH,MAAMjpH,IAAIrG,MAMxB,IAAIi7B,EAAKj7B,KAAKkN,EAAEg8G,SAEZ/tF,EAAKn7B,KAAKsO,EAAE46G,SAEZoL,EAAKt0H,KAAKuoC,EAAE2gF,SAEZwK,EAAOv4F,EAAG+tF,SAEV17G,EAAIytB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAE1Bs5F,EAAK/mH,EAAE07G,SAEPzkH,EAAIzE,KAAKkN,EAAEu7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GAKnDc,GAFJ/vH,GADAA,GADAA,EAAIA,EAAEikH,QAAQjkH,IACRgkH,OAAOhkH,GAAGikH,QAAQjkH,IAClBmkH,QAAQ2L,IAEHrL,SAEP7qG,EAAIq1G,EAAKhL,QAAQgL,GAGrBr1G,GADAA,GADAA,EAAIA,EAAEqqG,QAAQrqG,IACRqqG,QAAQrqG,IACRqqG,QAAQrqG,GAEd,IAAI6b,EAAI1sB,EAAEk7G,QAAQjkH,GAAGykH,SAASN,QAAQ2L,GAAI3L,QAAQ4L,GAAI5L,QAAQvqG,GAE1Do2G,EAAOt5F,EAAG4tF,OAAO7uF,GAErBu6F,GADAA,EAAOA,EAAK/L,QAAQ+L,IACR/L,QAAQ+L,GACpB,IAAIxC,EAAKjyH,KAAKkN,EAAE67G,OAAOyL,GAAI5L,QAAQ6L,GAEnCxC,GADAA,EAAKA,EAAGvJ,QAAQuJ,IACRvJ,QAAQuJ,GAEhB,IAAIC,EAAKlyH,KAAKsO,EAAEy6G,OAAO7uF,EAAE6uF,OAAO1qG,EAAEuqG,QAAQ1uF,IAAI0uF,QAAQnkH,EAAEskH,OAAOyL,KAG/DtC,GADAA,GADAA,EAAKA,EAAGxJ,QAAQwJ,IACRxJ,QAAQwJ,IACRxJ,QAAQwJ,GAEhB,IAAIW,EAAK7yH,KAAKuoC,EAAEkgF,OAAOhkH,GAAGykH,SAASN,QAAQ0L,GAAI1L,QAAQ4L,GAEvD,OAAOx0H,KAAK4Q,MAAM88G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnvH,UAAUsM,IAAM,SAAa+O,EAAGq4G,GAGrC,OAFAr4G,EAAI,IAAIqlC,GAAGrlC,EAAGq4G,GAEP10H,KAAK4Q,MAAMk9G,SAAS9tH,KAAMqc,EACnC,EAEA8zG,GAAOnvH,UAAUuoD,GAAK,SAAY92B,GAChC,GAAe,WAAXA,EAAErY,KACJ,OAAOpa,KAAKupD,GAAG92B,EAAE+7F,OAEnB,GAAIxuH,OAASyyB,EACX,OAAO,EAGT,IAAItG,EAAKnsB,KAAKuoC,EAAE2gF,SACZ0J,EAAMngG,EAAE8V,EAAE2gF,SACd,GAA2D,IAAvDlpH,KAAKkN,EAAE67G,OAAO6J,GAAKhK,QAAQn2F,EAAEvlB,EAAE67G,OAAO58F,IAAKq7F,KAAK,GAClD,OAAO,EAGT,IAAIp7F,EAAKD,EAAG48F,OAAO/oH,KAAKuoC,GACpBosF,EAAM/B,EAAI7J,OAAOt2F,EAAE8V,GACvB,OAA8D,IAAvDvoC,KAAKsO,EAAEy6G,OAAO4L,GAAK/L,QAAQn2F,EAAEnkB,EAAEy6G,OAAO38F,IAAKo7F,KAAK,EACzD,EAEA2I,GAAOnvH,UAAU4zH,OAAS,SAAgB1nH,GACxC,IAAI2nH,EAAK70H,KAAKuoC,EAAE2gF,SACZj7G,EAAKf,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,KAAKgO,OAAO8L,GACxC,GAAuB,IAAnB70H,KAAKkN,EAAEkuG,IAAIntG,GACb,OAAO,EAIT,IAFA,IAAI6mH,EAAK5nH,EAAEvL,QACP0c,EAAIre,KAAK4Q,MAAMm8G,KAAKhE,OAAO8L,KACtB,CAEP,GADAC,EAAG7nH,KAAKjN,KAAK4Q,MAAMpE,GACfsoH,EAAG1Z,IAAIp7G,KAAK4Q,MAAM6hB,IAAM,EAC1B,OAAO,EAGT,GADAxkB,EAAGy6G,QAAQrqG,GACY,IAAnBre,KAAKkN,EAAEkuG,IAAIntG,GACb,OAAO,EAEb,EAEAkiH,GAAOnvH,UAAUg7G,QAAU,WACzB,OAAIh8G,KAAKgyH,aACA,uBACF,iBAAmBhyH,KAAKkN,EAAEP,SAAS,GAAI,GAC1C,OAAS3M,KAAKsO,EAAE3B,SAAS,GAAI,GAC7B,OAAS3M,KAAKuoC,EAAE57B,SAAS,GAAI,GAAK,GACxC,EAEAwjH,GAAOnvH,UAAUgxH,WAAa,WAE5B,OAA0B,IAAnBhyH,KAAKuoC,EAAEi/E,KAAK,EACrB,ECr5BArhF,GAASkqF,GAAWb,IACpB,OAAiBa,GAWjB,SAASL,GAAMp/G,EAAO1D,EAAGq7B,GACvBinF,GAAKvC,UAAUnsH,KAAKd,KAAM4Q,EAAO,cACvB,OAAN1D,GAAoB,OAANq7B,GAChBvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAIvoC,KAAK4Q,MAAMd,OAEpB9P,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKuoC,EAAI,IAAImZ,GAAGnZ,EAAG,IACdvoC,KAAKkN,EAAE6tG,MACV/6G,KAAKkN,EAAIlN,KAAKkN,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKuoC,EAAEwyE,MACV/6G,KAAKuoC,EAAIvoC,KAAKuoC,EAAE2/E,MAAMloH,KAAK4Q,MAAMmqG,MAEvC,CAtBAsV,GAAUrvH,UAAU2kD,SAAW,SAAkBwnE,GAC/C,IAAIjgH,EAAIigH,EAAM4H,YAAY7nH,EACtB6d,EAAK7d,EAAEg8G,SACPqI,EAAMxmG,EAAGg+F,OAAO77G,GAAGu7G,OAAO19F,EAAGg+F,OAAO/oH,KAAKyO,IAAIg6G,OAAOv7G,GAGxD,OAA+B,IAFvBqkH,EAAIlI,UAEHH,SAAS9N,IAAImW,EACxB,EAgBAprF,GAAS6pF,GAAOR,GAAKvC,WAErBoD,GAAUrvH,UAAU2tH,YAAc,SAAqBrnH,EAAO8+B,GAQ5D,GAFqB,MALjB9+B,EAAQygC,GAAMC,QAAQ1gC,EAAO8+B,IAKvBhlC,QAA8B,KAAbkG,EAAM,KAC/BA,EAAQA,EAAM5F,MAAM,EAAG,IAAI+O,WACR,KAAjBnJ,EAAMlG,OACR,MAAUgC,MAAM,oCAClB,OAAOpD,KAAKmtH,MAAM7lH,EAAO,EAC3B,EAEA+oH,GAAUrvH,UAAUmsH,MAAQ,SAAejgH,EAAGq7B,GAC5C,OAAO,IAAIynF,GAAMhwH,KAAMkN,EAAGq7B,EAC5B,EAEA8nF,GAAUrvH,UAAUwrH,cAAgB,SAAuB/rE,GACzD,OAAOuvE,GAAM2B,SAAS3xH,KAAMygD,EAC9B,EAEAuvE,GAAMhvH,UAAUkuH,WAAa,WAE7B,EAEAc,GAAMhvH,UAAU8tH,QAAU,SAAiBC,GACzC,IAAI5+G,EAAMnQ,KAAK4Q,MAAM6hB,EAAEluB,aAIvB,OAAIwqH,EACK,CAAE,IAAOnoH,OAAO5G,KAAKgvH,OAAOhnF,QAAQ,KAAM73B,IAE1CnQ,KAAKgvH,OAAOhnF,QAAQ,KAAM73B,EAErC,EAEA6/G,GAAM2B,SAAW,SAAkB/gH,EAAO6vC,GACxC,OAAO,IAAIuvE,GAAMp/G,EAAO6vC,EAAI,GAAIA,EAAI,IAAM7vC,EAAMb,IAClD,EAEAigH,GAAMhvH,UAAUg7G,QAAU,WACxB,OAAIh8G,KAAKgyH,aACA,sBACF,gBAAkBhyH,KAAKkN,EAAEo7G,UAAU37G,SAAS,GAAI,GACnD,OAAS3M,KAAKuoC,EAAE+/E,UAAU37G,SAAS,GAAI,GAAK,GAClD,EAEAqjH,GAAMhvH,UAAUgxH,WAAa,WAE3B,OAA0B,IAAnBhyH,KAAKuoC,EAAEi/E,KAAK,EACrB,EAEAwI,GAAMhvH,UAAUsuH,IAAM,WAKpB,IAEI/zF,EAFIv7B,KAAKkN,EAAEu7G,OAAOzoH,KAAKuoC,GAEhB2gF,SAIP5tF,EAFIt7B,KAAKkN,EAAEy7G,OAAO3oH,KAAKuoC,GAEhB2gF,SAEP1sG,EAAI+e,EAAGotF,OAAOrtF,GAEd22F,EAAK12F,EAAGwtF,OAAOztF,GAEfu3F,EAAKr2G,EAAEusG,OAAOztF,EAAGmtF,OAAOzoH,KAAK4Q,MAAM2/G,IAAIxH,OAAOvsG,KAClD,OAAOxc,KAAK4Q,MAAMu8G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMhvH,UAAUqF,IAAM,WACpB,MAAUjD,MAAM,oCAClB,EAEA4sH,GAAMhvH,UAAUg0H,QAAU,SAAiBviG,EAAG4zF,GAK5C,IAAI53G,EAAIzO,KAAKkN,EAAEu7G,OAAOzoH,KAAKuoC,GAEvBl6B,EAAIrO,KAAKkN,EAAEy7G,OAAO3oH,KAAKuoC,GAEvB/rB,EAAIiW,EAAEvlB,EAAEu7G,OAAOh2F,EAAE8V,GAIjB0sF,EAFIxiG,EAAEvlB,EAAEy7G,OAAOl2F,EAAE8V,GAEVwgF,OAAOt6G,GAEdymH,EAAK14G,EAAEusG,OAAO16G,GAEd4jH,EAAK5L,EAAK99E,EAAEwgF,OAAOkM,EAAGxM,OAAOyM,GAAIhM,UAEjC2J,EAAKxM,EAAKn5G,EAAE67G,OAAOkM,EAAGrM,QAAQsM,GAAIhM,UACtC,OAAOlpH,KAAK4Q,MAAMu8G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMhvH,UAAUsM,IAAM,SAAa+O,GAQjC,IALA,IAAIgC,GAFJhC,EAAI,IAAIqlC,GAAGrlC,EAAG,KAEJ1a,QACN8M,EAAIzO,KACJqO,EAAIrO,KAAK4Q,MAAMu8G,MAAM,KAAM,MAGtBxuG,EAAO,GAAkB,IAAdN,EAAEmpG,KAAK,GAAUnpG,EAAE8+F,OAAO,GAC5Cx+F,EAAK9c,KAAKwc,EAAE6+F,MAAM,IAEpB,IAAK,IAAI/5G,EAAIwb,EAAKvd,OAAS,EAAG+B,GAAK,EAAGA,IACpB,IAAZwb,EAAKxb,IAEPsL,EAAIA,EAAEumH,QAAQ3mH,EARVrO,MAUJqO,EAAIA,EAAEihH,QAGNjhH,EAAII,EAAEumH,QAAQ3mH,EAbVrO,MAeJyO,EAAIA,EAAE6gH,OAGV,OAAOjhH,CACT,EAEA2hH,GAAMhvH,UAAUqxH,OAAS,WACvB,MAAUjvH,MAAM,oCAClB,EAEA4sH,GAAMhvH,UAAUm0H,QAAU,WACxB,MAAU/xH,MAAM,oCAClB,EAEA4sH,GAAMhvH,UAAUuoD,GAAK,SAAY80B,GAC/B,OAAyC,IAAlCr+E,KAAKgvH,OAAO5T,IAAI/8B,EAAM2wC,OAC/B,EAEAgB,GAAMhvH,UAAU+zH,UAAY,WAG1B,OAFA/0H,KAAKkN,EAAIlN,KAAKkN,EAAE67G,OAAO/oH,KAAKuoC,EAAEghF,WAC9BvpH,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACb/P,IACT,EAEAgwH,GAAMhvH,UAAUguH,KAAO,WAIrB,OAFAhvH,KAAK+0H,YAEE/0H,KAAKkN,EAAEo7G,SAChB,EC/LA,IAAI9iF,GAASuC,GAAMvC,OAEnB,SAAS4vF,GAAa7I,GAEpBvsH,KAAKq1H,QAA2B,IAAP,EAAT9I,EAAK99G,GACrBzO,KAAKs1H,MAAQt1H,KAAKq1H,UAA6B,IAAR,EAAT9I,EAAK99G,GACnCzO,KAAKslH,SAAWtlH,KAAKs1H,MAErB9F,GAAK1uH,KAAKd,KAAM,UAAWusH,GAE3BvsH,KAAKyO,EAAI,IAAIizC,GAAG6qE,EAAK99G,EAAG,IAAIk4G,KAAK3mH,KAAK+6G,IAAIvtG,GAC1CxN,KAAKyO,EAAIzO,KAAKyO,EAAEy5G,MAAMloH,KAAK+6G,KAC3B/6G,KAAKwc,EAAI,IAAIklC,GAAG6qE,EAAK/vG,EAAG,IAAI0rG,MAAMloH,KAAK+6G,KACvC/6G,KAAK6tB,GAAK7tB,KAAKwc,EAAE0sG,SACjBlpH,KAAK8oB,EAAI,IAAI44B,GAAG6qE,EAAKzjG,EAAG,IAAIo/F,MAAMloH,KAAK+6G,KACvC/6G,KAAKo7B,GAAKp7B,KAAK8oB,EAAE2/F,OAAOzoH,KAAK8oB,GAE7B0c,IAAQxlC,KAAKq1H,SAAwC,IAA7Br1H,KAAKwc,EAAE8rG,UAAUd,KAAK,IAC9CxnH,KAAKu1H,KAAwB,IAAP,EAAThJ,EAAK/vG,EACpB,CACA2pB,GAASivF,GAAc5F,IACvB,OAAiB4F,GAqFjB,SAASpF,GAAMp/G,EAAO1D,EAAGoB,EAAGi6B,EAAGlqB,GAC7BmxG,GAAKvC,UAAUnsH,KAAKd,KAAM4Q,EAAO,cACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANi6B,GAC9BvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMd,KACpB9P,KAAKsO,EAAItO,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACpB/P,KAAKqe,EAAIre,KAAK4Q,MAAMd,KACpB9P,KAAKowH,MAAO,IAEZpwH,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IACnBtO,KAAKuoC,EAAIA,EAAI,IAAImZ,GAAGnZ,EAAG,IAAMvoC,KAAK4Q,MAAMb,IACxC/P,KAAKqe,EAAIA,GAAK,IAAIqjC,GAAGrjC,EAAG,IACnBre,KAAKkN,EAAE6tG,MACV/6G,KAAKkN,EAAIlN,KAAKkN,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKsO,EAAEysG,MACV/6G,KAAKsO,EAAItO,KAAKsO,EAAE45G,MAAMloH,KAAK4Q,MAAMmqG,MAC9B/6G,KAAKuoC,EAAEwyE,MACV/6G,KAAKuoC,EAAIvoC,KAAKuoC,EAAE2/E,MAAMloH,KAAK4Q,MAAMmqG,MAC/B/6G,KAAKqe,IAAMre,KAAKqe,EAAE08F,MACpB/6G,KAAKqe,EAAIre,KAAKqe,EAAE6pG,MAAMloH,KAAK4Q,MAAMmqG,MACnC/6G,KAAKowH,KAAOpwH,KAAKuoC,IAAMvoC,KAAK4Q,MAAMb,IAG9B/P,KAAK4Q,MAAM00G,WAAatlH,KAAKqe,IAC/Bre,KAAKqe,EAAIre,KAAKkN,EAAE67G,OAAO/oH,KAAKsO,GACvBtO,KAAKowH,OACRpwH,KAAKqe,EAAIre,KAAKqe,EAAE0qG,OAAO/oH,KAAKuoC,EAAEghF,aAGtC,CAjHA6L,GAAap0H,UAAUw0H,MAAQ,SAAeluF,GAC5C,OAAItnC,KAAKs1H,MACAhuF,EAAIkiF,SAEJxpH,KAAKyO,EAAEs6G,OAAOzhF,EACzB,EAEA8tF,GAAap0H,UAAUy0H,MAAQ,SAAenuF,GAC5C,OAAItnC,KAAKu1H,KACAjuF,EAEAtnC,KAAKwc,EAAEusG,OAAOzhF,EACzB,EAGA8tF,GAAap0H,UAAU0sH,OAAS,SAAgBxgH,EAAGoB,EAAGi6B,EAAGlqB,GACvD,OAAOre,KAAKmtH,MAAMjgH,EAAGoB,EAAGi6B,EAAGlqB,EAC7B,EAEA+2G,GAAap0H,UAAU4tH,WAAa,SAAoB1hH,EAAG62G,IACzD72G,EAAI,IAAIw0C,GAAGx0C,EAAG,KACP6tG,MACL7tG,EAAIA,EAAEg7G,MAAMloH,KAAK+6G,MAEnB,IAAIhwF,EAAK7d,EAAEg8G,SACPqI,EAAMvxH,KAAK6tB,GAAG86F,OAAO3oH,KAAKyO,EAAEs6G,OAAOh+F,IACnC2qG,EAAM11H,KAAK+P,IAAI44G,OAAO3oH,KAAK6tB,GAAGk7F,OAAO/oH,KAAK8oB,GAAGigG,OAAOh+F,IAEpDO,EAAKimG,EAAIxI,OAAO2M,EAAInM,WACpBj7G,EAAIgd,EAAG+9F,UACX,GAA6C,IAAzC/6G,EAAE46G,SAASP,OAAOr9F,GAAI8vF,IAAIp7G,KAAK8P,MACjC,MAAU1M,MAAM,iBAElB,IAAIgkH,EAAQ94G,EAAEg6G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3B94G,EAAIA,EAAEk7G,UAEDxpH,KAAKmtH,MAAMjgH,EAAGoB,EACvB,EAEA8mH,GAAap0H,UAAU20H,WAAa,SAAoBrnH,EAAGy1G,IACzDz1G,EAAI,IAAIozC,GAAGpzC,EAAG,KACPysG,MACLzsG,EAAIA,EAAE45G,MAAMloH,KAAK+6G,MAGnB,IAAIzvF,EAAKhd,EAAE46G,SACPwM,EAAMpqG,EAAGq9F,OAAO3oH,KAAK6tB,IACrB0jG,EAAMjmG,EAAGy9F,OAAO/oH,KAAK8oB,GAAGigG,OAAO/oH,KAAK6tB,IAAI86F,OAAO3oH,KAAKyO,GACpDsc,EAAK2qG,EAAI3M,OAAOwI,EAAIhI,WAExB,GAA0B,IAAtBx+F,EAAGqwF,IAAIp7G,KAAK8P,MAAa,CAC3B,GAAIi0G,EACF,MAAU3gH,MAAM,iBAEhB,OAAOpD,KAAKmtH,MAAMntH,KAAK8P,KAAMxB,GAGjC,IAAIpB,EAAI6d,EAAGs+F,UACX,GAA6C,IAAzCn8G,EAAEg8G,SAASP,OAAO59F,GAAIqwF,IAAIp7G,KAAK8P,MACjC,MAAU1M,MAAM,iBAKlB,OAHI8J,EAAEo7G,UAAUlB,UAAYrD,IAC1B72G,EAAIA,EAAEs8G,UAEDxpH,KAAKmtH,MAAMjgH,EAAGoB,EACvB,EAEA8mH,GAAap0H,UAAU2kD,SAAW,SAAkBwnE,GAClD,GAAIA,EAAM6E,aACR,OAAO,EAGT7E,EAAM4H,YAEN,IAAIhqG,EAAKoiG,EAAMjgH,EAAEg8G,SACb59F,EAAK6hG,EAAM7+G,EAAE46G,SACbwM,EAAM3qG,EAAGg+F,OAAO/oH,KAAKyO,GAAGg6G,OAAOn9F,GAC/BimG,EAAMvxH,KAAK6tB,GAAGk7F,OAAO/oH,KAAK+P,IAAI04G,OAAOzoH,KAAK8oB,EAAEigG,OAAOh+F,GAAIg+F,OAAOz9F,KAElE,OAAwB,IAAjBoqG,EAAIta,IAAImW,EACjB,EAiCAprF,GAAS6pF,GAAOR,GAAKvC,WAErBmI,GAAap0H,UAAUwrH,cAAgB,SAAuB/rE,GAC5D,OAAOuvE,GAAM2B,SAAS3xH,KAAMygD,EAC9B,EAEA20E,GAAap0H,UAAUmsH,MAAQ,SAAejgH,EAAGoB,EAAGi6B,EAAGlqB,GACrD,OAAO,IAAI2xG,GAAMhwH,KAAMkN,EAAGoB,EAAGi6B,EAAGlqB,EAClC,EAEA2xG,GAAM2B,SAAW,SAAkB/gH,EAAO6vC,GACxC,OAAO,IAAIuvE,GAAMp/G,EAAO6vC,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAC9C,EAEAuvE,GAAMhvH,UAAUg7G,QAAU,WACxB,OAAIh8G,KAAKgyH,aACA,sBACF,gBAAkBhyH,KAAKkN,EAAEo7G,UAAU37G,SAAS,GAAI,GACnD,OAAS3M,KAAKsO,EAAEg6G,UAAU37G,SAAS,GAAI,GACvC,OAAS3M,KAAKuoC,EAAE+/E,UAAU37G,SAAS,GAAI,GAAK,GAClD,EAEAqjH,GAAMhvH,UAAUgxH,WAAa,WAE3B,OAA0B,IAAnBhyH,KAAKkN,EAAEs6G,KAAK,KACO,IAAvBxnH,KAAKsO,EAAE8sG,IAAIp7G,KAAKuoC,IAChBvoC,KAAKowH,MAAqC,IAA7BpwH,KAAKsO,EAAE8sG,IAAIp7G,KAAK4Q,MAAM4L,GACxC,EAEAwzG,GAAMhvH,UAAU40H,QAAU,WAMxB,IAAInnH,EAAIzO,KAAKkN,EAAEg8G,SAEX76G,EAAIrO,KAAKsO,EAAE46G,SAEX1sG,EAAIxc,KAAKuoC,EAAE2gF,SACf1sG,EAAIA,EAAEksG,QAAQlsG,GAEd,IAAIsM,EAAI9oB,KAAK4Q,MAAM4kH,MAAM/mH,GAErBhK,EAAIzE,KAAKkN,EAAEu7G,OAAOzoH,KAAKsO,GAAG46G,SAASN,QAAQn6G,GAAGm6G,QAAQv6G,GAEtD22B,EAAIlc,EAAE2/F,OAAOp6G,GAEb02B,EAAIC,EAAE2jF,OAAOnsG,GAEbD,EAAIuM,EAAE6/F,OAAOt6G,GAEb4jH,EAAKxtH,EAAEskH,OAAOhkF,GAEdmtF,EAAKltF,EAAE+jF,OAAOxsG,GAEds5G,EAAKpxH,EAAEskH,OAAOxsG,GAEds2G,EAAK9tF,EAAEgkF,OAAO/jF,GAClB,OAAOhlC,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMhvH,UAAU80H,SAAW,WAQzB,IAMI7D,EACAC,EACAW,EARAxkH,EAAIrO,KAAKkN,EAAEu7G,OAAOzoH,KAAKsO,GAAG46G,SAE1B1sG,EAAIxc,KAAKkN,EAAEg8G,SAEXpgG,EAAI9oB,KAAKsO,EAAE46G,SAKf,GAAIlpH,KAAK4Q,MAAMykH,QAAS,CAEtB,IAEItwF,GAFAtgC,EAAIzE,KAAK4Q,MAAM4kH,MAAMh5G,IAEfisG,OAAO3/F,GACjB,GAAI9oB,KAAKowH,KAEP6B,EAAK5jH,EAAEs6G,OAAOnsG,GAAGmsG,OAAO7/F,GAAGigG,OAAOhkF,EAAE4jF,OAAO3oH,KAAK4Q,MAAMiiC,MAEtDq/E,EAAKntF,EAAEgkF,OAAOtkH,EAAEkkH,OAAO7/F,IAEvB+pG,EAAK9tF,EAAEmkF,SAASP,OAAO5jF,GAAG4jF,OAAO5jF,OAC5B,CAEL,IAAIxoB,EAAIvc,KAAKuoC,EAAE2gF,SAEXnsG,EAAIgoB,EAAE4jF,OAAOpsG,GAAGqsG,QAAQrsG,GAE5B01G,EAAK5jH,EAAEs6G,OAAOnsG,GAAGosG,QAAQ9/F,GAAGigG,OAAOhsG,GAEnCm1G,EAAKntF,EAAEgkF,OAAOtkH,EAAEkkH,OAAO7/F,IAEvB+pG,EAAK9tF,EAAEgkF,OAAOhsG,QAEX,CAEL,IAAItY,EAAI+X,EAAEisG,OAAO3/F,GAEbvM,EAAIvc,KAAK4Q,MAAM6kH,MAAMz1H,KAAKuoC,GAAG2gF,SAE7BnsG,EAAItY,EAAEkkH,OAAOpsG,GAAGosG,OAAOpsG,GAE3B01G,EAAKjyH,KAAK4Q,MAAM6kH,MAAMpnH,EAAEu6G,QAAQnkH,IAAIskH,OAAOhsG,GAE3Cm1G,EAAKlyH,KAAK4Q,MAAM6kH,MAAMhxH,GAAGskH,OAAOvsG,EAAEosG,QAAQ9/F,IAE1C+pG,EAAKpuH,EAAEskH,OAAOhsG,GAEhB,OAAO/c,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMhvH,UAAUsuH,IAAM,WACpB,OAAItvH,KAAKgyH,aACAhyH,KAGLA,KAAK4Q,MAAM00G,SACNtlH,KAAK41H,UAEL51H,KAAK81H,UAChB,EAEA9F,GAAMhvH,UAAU+0H,QAAU,SAAiBtjG,GAMzC,IAAIhkB,EAAIzO,KAAKsO,EAAEq6G,OAAO3oH,KAAKkN,GAAG67G,OAAOt2F,EAAEnkB,EAAEq6G,OAAOl2F,EAAEvlB,IAE9CmB,EAAIrO,KAAKsO,EAAEm6G,OAAOzoH,KAAKkN,GAAG67G,OAAOt2F,EAAEnkB,EAAEm6G,OAAOh2F,EAAEvlB,IAE9CsP,EAAIxc,KAAKqe,EAAE0qG,OAAO/oH,KAAK4Q,MAAMwqB,IAAI2tF,OAAOt2F,EAAEpU,GAE1CyK,EAAI9oB,KAAKuoC,EAAEwgF,OAAOt2F,EAAE8V,EAAEkgF,OAAOh2F,EAAE8V,IAE/B9jC,EAAI4J,EAAEs6G,OAAOl6G,GAEbs2B,EAAIjc,EAAE6/F,OAAOnsG,GAEbwoB,EAAIlc,EAAE2/F,OAAOjsG,GAEbD,EAAIlO,EAAEo6G,OAAOh6G,GAEbwjH,EAAKxtH,EAAEskH,OAAOhkF,GAEdmtF,EAAKltF,EAAE+jF,OAAOxsG,GAEds5G,EAAKpxH,EAAEskH,OAAOxsG,GAEds2G,EAAK9tF,EAAEgkF,OAAO/jF,GAClB,OAAOhlC,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMhvH,UAAUg1H,SAAW,SAAkBvjG,GAO3C,IAgBIy/F,EACAW,EAjBApkH,EAAIzO,KAAKuoC,EAAEwgF,OAAOt2F,EAAE8V,GAEpBl6B,EAAII,EAAEy6G,SAEN1sG,EAAIxc,KAAKkN,EAAE67G,OAAOt2F,EAAEvlB,GAEpB4b,EAAI9oB,KAAKsO,EAAEy6G,OAAOt2F,EAAEnkB,GAEpB7J,EAAIzE,KAAK4Q,MAAMkY,EAAEigG,OAAOvsG,GAAGusG,OAAOjgG,GAElCic,EAAI12B,EAAEs6G,OAAOlkH,GAEbugC,EAAI32B,EAAEo6G,OAAOhkH,GAEbkK,EAAM3O,KAAKkN,EAAEu7G,OAAOzoH,KAAKsO,GAAGy6G,OAAOt2F,EAAEvlB,EAAEu7G,OAAOh2F,EAAEnkB,IAAIs6G,QAAQpsG,GAAGosG,QAAQ9/F,GACvEmpG,EAAKxjH,EAAEs6G,OAAOhkF,GAAGgkF,OAAOp6G,GAc5B,OAXI3O,KAAK4Q,MAAMykH,SAEbnD,EAAKzjH,EAAEs6G,OAAO/jF,GAAG+jF,OAAOjgG,EAAE6/F,OAAO3oH,KAAK4Q,MAAM4kH,MAAMh5G,KAElDq2G,EAAK9tF,EAAEgkF,OAAO/jF,KAGdktF,EAAKzjH,EAAEs6G,OAAO/jF,GAAG+jF,OAAOjgG,EAAE6/F,OAAOnsG,IAEjCq2G,EAAK7yH,KAAK4Q,MAAM6kH,MAAM1wF,GAAGgkF,OAAO/jF,IAE3BhlC,KAAK4Q,MAAMu8G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMhvH,UAAUqF,IAAM,SAAaosB,GACjC,OAAIzyB,KAAKgyH,aACAv/F,EACLA,EAAEu/F,aACGhyH,KAELA,KAAK4Q,MAAM00G,SACNtlH,KAAK+1H,QAAQtjG,GAEbzyB,KAAKg2H,SAASvjG,EACzB,EAEAu9F,GAAMhvH,UAAUsM,IAAM,SAAa+O,GACjC,OAAIrc,KAAKqvH,YAAYhzG,GACZrc,KAAK4Q,MAAMw8G,aAAaptH,KAAMqc,GAE9Brc,KAAK4Q,MAAMk9G,SAAS9tH,KAAMqc,EACrC,EAEA2zG,GAAMhvH,UAAUqxH,OAAS,SAAgB1jG,EAAI8D,EAAG7D,GAC9C,OAAO5uB,KAAK4Q,MAAMs9G,YAAY,EAAG,CAAEluH,KAAMyyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAohG,GAAMhvH,UAAUsxH,QAAU,SAAiB3jG,EAAI8D,EAAG7D,GAChD,OAAO5uB,KAAK4Q,MAAMs9G,YAAY,EAAG,CAAEluH,KAAMyyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAohG,GAAMhvH,UAAU+zH,UAAY,WAC1B,GAAI/0H,KAAKowH,KACP,OAAOpwH,KAGT,IAAI07C,EAAK17C,KAAKuoC,EAAEghF,UAOhB,OANAvpH,KAAKkN,EAAIlN,KAAKkN,EAAE67G,OAAOrtE,GACvB17C,KAAKsO,EAAItO,KAAKsO,EAAEy6G,OAAOrtE,GACnB17C,KAAKqe,IACPre,KAAKqe,EAAIre,KAAKqe,EAAE0qG,OAAOrtE,IACzB17C,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACpB/P,KAAKowH,MAAO,EACLpwH,IACT,EAEAgwH,GAAMhvH,UAAUi9G,IAAM,WACpB,OAAOj+G,KAAK4Q,MAAMu8G,MAAMntH,KAAKkN,EAAEs8G,SACPxpH,KAAKsO,EACLtO,KAAKuoC,EACLvoC,KAAKqe,GAAKre,KAAKqe,EAAEmrG,SAC3C,EAEAwG,GAAMhvH,UAAUguH,KAAO,WAErB,OADAhvH,KAAK+0H,YACE/0H,KAAKkN,EAAEo7G,SAChB,EAEA0H,GAAMhvH,UAAUiuH,KAAO,WAErB,OADAjvH,KAAK+0H,YACE/0H,KAAKsO,EAAEg6G,SAChB,EAEA0H,GAAMhvH,UAAUuoD,GAAK,SAAY80B,GAC/B,OAAOr+E,OAASq+E,GACyB,IAAlCr+E,KAAKgvH,OAAO5T,IAAI/8B,EAAM2wC,SACY,IAAlChvH,KAAKivH,OAAO7T,IAAI/8B,EAAM4wC,OAC/B,EAEAe,GAAMhvH,UAAU4zH,OAAS,SAAgB1nH,GACvC,IAAIe,EAAKf,EAAEg7G,MAAMloH,KAAK4Q,MAAMmqG,KAAKgO,OAAO/oH,KAAKuoC,GAC7C,GAAuB,IAAnBvoC,KAAKkN,EAAEkuG,IAAIntG,GACb,OAAO,EAIT,IAFA,IAAI6mH,EAAK5nH,EAAEvL,QACP0c,EAAIre,KAAK4Q,MAAMm8G,KAAKhE,OAAO/oH,KAAKuoC,KAC3B,CAEP,GADAusF,EAAG7nH,KAAKjN,KAAK4Q,MAAMpE,GACfsoH,EAAG1Z,IAAIp7G,KAAK4Q,MAAM6hB,IAAM,EAC1B,OAAO,EAGT,GADAxkB,EAAGy6G,QAAQrqG,GACY,IAAnBre,KAAKkN,EAAEkuG,IAAIntG,GACb,OAAO,EAEb,EAGA+hH,GAAMhvH,UAAU6sH,IAAMmC,GAAMhvH,UAAU+zH,UACtC/E,GAAMhvH,UAAU2sH,SAAWqC,GAAMhvH,UAAUqF,6BC7a3C,IAAIuK,EAAQytC,EAEZztC,EAAM6nD,KAAOj2D,GACboO,EAAMqlH,MAAQtyH,GACdiN,EAAMs6G,KAAO9rG,GACbxO,EAAMslH,QAAU12G,MCDZytB,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACdE,GAAUd,GAAMc,QAChBstF,GAAOrtF,GAAUqtF,KACjB5uF,GAAY4B,GAAO5B,UAEnB6uF,GAAS,CACX,WAAY,WACZ,WAAY,YAGd,SAASC,KACP,KAAMr2H,gBAAgBq2H,IACpB,OAAO,IAAIA,GAEb9uF,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WAAY,WACxB,UAAY,YACdvc,KAAKspC,EAAQzpC,MAAM,GACrB,CAEAkoC,GAAM5B,SAASkwF,GAAM9uF,IACrB,OAAiB8uF,GAEjBA,GAAKhjG,UAAY,IACjBgjG,GAAK3uF,QAAU,IACf2uF,GAAK1uF,aAAe,GACpB0uF,GAAKvhG,UAAY,GAEjBuhG,GAAKr1H,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAG7C,IAFA,IAAIslC,EAAItpC,KAAKspC,EAEJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GAErB,KAAMA,EAAImmC,EAAEloC,OAAQ+B,IAClBmmC,EAAEnmC,GAAK8pC,GAAO3D,EAAEnmC,EAAI,GAAKmmC,EAAEnmC,EAAI,GAAKmmC,EAAEnmC,EAAI,IAAMmmC,EAAEnmC,EAAI,IAAK,GAE7D,IAAIsL,EAAIzO,KAAKuc,EAAE,GACXlO,EAAIrO,KAAKuc,EAAE,GACXC,EAAIxc,KAAKuc,EAAE,GACXuM,EAAI9oB,KAAKuc,EAAE,GACX9X,EAAIzE,KAAKuc,EAAE,GAEf,IAAKpZ,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,IAAK,CAC7B,IAAI8a,KAAO9a,EAAI,IACXkb,EAAIwqB,GAAQoE,GAAOx+B,EAAG,GAAI0nH,GAAKl4G,EAAG5P,EAAGmO,EAAGsM,GAAIrkB,EAAG6kC,EAAEnmC,GAAIizH,GAAOn4G,IAChExZ,EAAIqkB,EACJA,EAAItM,EACJA,EAAIywB,GAAO5+B,EAAG,IACdA,EAAII,EACJA,EAAI4P,EAGNre,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9N,GAC7BzO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIlO,GAC7BrO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIC,GAC7Bxc,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIuM,GAC7B9oB,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9X,EAC/B,EAEA4xH,GAAKr1H,UAAUqnC,QAAU,SAAgBjC,GACvC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,ECvEA,aAAe/Z,UACEmB,UACAyb,UACAI,UACA82G,ICDjB,SAASC,GAAKniH,EAAM4C,EAAKovB,GACvB,KAAMpmC,gBAAgBu2H,IACpB,OAAO,IAAIA,GAAKniH,EAAM4C,EAAKovB,GAC7BpmC,KAAK+jC,KAAO3vB,EACZpU,KAAKqzB,UAAYjf,EAAKif,UAAY,EAClCrzB,KAAK0nC,QAAUtzB,EAAKszB,QAAU,EAC9B1nC,KAAKw2H,MAAQ,KACbx2H,KAAKy2H,MAAQ,KAEbz2H,KAAKg7G,MAAMjzE,GAAMC,QAAQhxB,EAAKovB,GAChC,CACA,OAAiBmwF,GAEjBA,GAAKv1H,UAAUg6G,MAAQ,SAAchkG,GAE/BA,EAAI5V,OAASpB,KAAKqzB,YACpBrc,GAAM,IAAIhX,KAAK+jC,MAAO+D,OAAO9wB,GAAKmxB,UACpC3C,GAAOxuB,EAAI5V,QAAUpB,KAAKqzB,WAG1B,IAAK,IAAIlwB,EAAI6T,EAAI5V,OAAQ+B,EAAInD,KAAKqzB,UAAWlwB,IAC3C6T,EAAInV,KAAK,GAEX,IAAKsB,EAAI,EAAGA,EAAI6T,EAAI5V,OAAQ+B,IAC1B6T,EAAI7T,IAAM,GAIZ,IAHAnD,KAAKw2H,OAAQ,IAAIx2H,KAAK+jC,MAAO+D,OAAO9wB,GAG/B7T,EAAI,EAAGA,EAAI6T,EAAI5V,OAAQ+B,IAC1B6T,EAAI7T,IAAM,IACZnD,KAAKy2H,OAAQ,IAAIz2H,KAAK+jC,MAAO+D,OAAO9wB,EACtC,EAEAu/G,GAAKv1H,UAAU8mC,OAAS,SAAgBpC,EAAKU,GAE3C,OADApmC,KAAKw2H,MAAM1uF,OAAOpC,EAAKU,GAChBpmC,IACT,EAEAu2H,GAAKv1H,UAAUmnC,OAAS,SAAgB/B,GAEtC,OADApmC,KAAKy2H,MAAM3uF,OAAO9nC,KAAKw2H,MAAMruF,UACtBnoC,KAAKy2H,MAAMtuF,OAAO/B,EAC3B,2BC9CA,IAAIhyB,EAAOiqC,EAEXjqC,EAAK2zB,MAAQvlC,GACb4R,EAAK+0B,OAASxlC,GACdyQ,EAAKsiH,IAAMt3G,GACXhL,EAAKG,OAASiL,GACdpL,EAAKuiH,KAAOL,GAGZliH,EAAKE,KAAOF,EAAKsiH,IAAIpiH,KACrBF,EAAKI,OAASJ,EAAKsiH,IAAIliH,OACvBJ,EAAKO,OAASP,EAAKsiH,IAAI/hH,OACvBP,EAAKK,OAASL,EAAKsiH,IAAIjiH,OACvBL,EAAKM,OAASN,EAAKsiH,IAAIhiH,OACvBN,EAAKw7B,UAAYx7B,EAAKG,OAAOq7B,gBCdZ,CACfy9E,QAAS,CACPE,KAAM,EACNK,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,kEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,sEAINrC,IAAK,CACHP,IAAK,EACL4C,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,iEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,4FCrwBR,IAsOIgE,EAtOAhqE,EAASvJ,EAMT7Y,EAASuC,GAAMvC,OAEnB,SAASoxF,EAAY3xH,GACnB,GAAqB,UAAjBA,EAAQmV,KACVpa,KAAK4Q,MAAQ,IAAIA,GAAMqlH,MAAMhxH,QAC1B,GAAqB,YAAjBA,EAAQmV,KACfpa,KAAK4Q,MAAQ,IAAIA,GAAMslH,QAAQjxH,OAC5B,IAAqB,SAAjBA,EAAQmV,KAEZ,MAAUhX,MAAM,uBADnBpD,KAAK4Q,MAAQ,IAAIA,GAAMs6G,KAAKjmH,EACa,CAC3CjF,KAAKglC,EAAIhlC,KAAK4Q,MAAMo0B,EACpBhlC,KAAKwM,EAAIxM,KAAK4Q,MAAMpE,EACpBxM,KAAKoU,KAAOnP,EAAQmP,KAEpBoxB,EAAOxlC,KAAKglC,EAAE2gB,WAAY,iBAC1BngB,EAAOxlC,KAAKglC,EAAE13B,IAAItN,KAAKwM,GAAGwlH,aAAc,0BAC1C,CAGA,SAAS6E,EAAYvrH,EAAMrG,GACzBkG,OAAOM,eAAem8C,EAAQt8C,EAAM,CAClC26B,cAAc,EACdD,YAAY,EACZx6B,IAAK,WACH,IAAIoF,EAAQ,IAAIgmH,EAAY3xH,GAM5B,OALAkG,OAAOM,eAAem8C,EAAQt8C,EAAM,CAClC26B,cAAc,EACdD,YAAY,EACZ3kC,MAAOuP,IAEFA,IAGb,CAhBAg3C,EAAOgvE,YAAcA,EAkBrBC,EAAY,OAAQ,CAClBz8G,KAAM,QACNiwG,MAAO,OACP53F,EAAG,wDACHhkB,EAAG,wDACHJ,EAAG,wDACH7B,EAAG,wDACH4H,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,wDACA,2DAIJ6xF,EAAY,OAAQ,CAClBz8G,KAAM,QACNiwG,MAAO,OACP53F,EAAG,iEACHhkB,EAAG,iEACHJ,EAAG,iEACH7B,EAAG,iEACH4H,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,iEACA,oEAIJ6xF,EAAY,OAAQ,CAClBz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,0EACHhkB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,0EACA,6EAIJ6xF,EAAY,OAAQ,CAClBz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,8GAEHhkB,EAAG,8GAEHJ,EAAG,8GAEH7B,EAAG,8GAEH4H,KAAMA,GAAKK,OACXg4G,MAAM,EACNznF,EAAG,CACD,8GAEA,iHAKJ6xF,EAAY,OAAQ,CAClBz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,2JAGHhkB,EAAG,2JAGHJ,EAAG,2JAGH7B,EAAG,2JAGH4H,KAAMA,GAAKM,OACX+3G,MAAM,EACNznF,EAAG,CACD,2JAGA,8JAOJ6xF,EAAY,aAAc,CACxBz8G,KAAM,OACNiwG,MAAO,SACP53F,EAAG,sEACHhkB,EAAG,QACHJ,EAAG,IACH7B,EAAG,sEACHsqH,SAAU,IACV1iH,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,OAIJ6xF,EAAY,UAAW,CACrBz8G,KAAM,UACNiwG,MAAO,SACP53F,EAAG,sEACHhkB,EAAG,KACH+N,EAAG,IAEHsM,EAAG,sEACHtc,EAAG,sEACHsqH,SAAU,IACV1iH,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,mEAEA,sEAKJ6xF,EAAY,kBAAmB,CAC7Bz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,0EACHhkB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXi4G,MAAM,EACNznF,EAAG,CACD,mEACA,sEAKJ6xF,EAAY,kBAAmB,CAC7Bz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,6GAEHhkB,EAAG,6GAEHJ,EAAG,6GAEH7B,EAAG,6GAEH4H,KAAMA,GAAKK,OACXg4G,MAAM,EACNznF,EAAG,CACD,mGAEA,sGAMJ6xF,EAAY,kBAAmB,CAC7Bz8G,KAAM,QACNiwG,MAAO,KACP53F,EAAG,iJAEHhkB,EAAG,iJAEHJ,EAAG,iJAEH7B,EAAG,iJAEH4H,KAAMA,GAAKM,OACX+3G,MAAM,EACNznF,EAAG,CACD,mIAEA,sIAOJ,IACE4sF,EAAMpvH,EACR,CAAE,MAAOiC,GACPmtH,OAAM3wH,CACR,CAEA41H,EAAY,YAAa,CACvBz8G,KAAM,QACNiwG,MAAO,OACP53F,EAAG,0EACHhkB,EAAG,IACHJ,EAAG,IACH7B,EAAG,0EACH+P,EAAG,IACHnI,KAAMA,GAAKI,OAGX26G,KAAM,mEACNqB,OAAQ,mEACRI,MAAO,CACL,CACEniH,EAAG,mCACHJ,EAAG,qCAEL,CACEI,EAAG,oCACHJ,EAAG,qCAIPo+G,MAAM,EACNznF,EAAG,CACD,mEACA,mEACA4sF,QCrQJ,SAASmF,GAAS9xH,GAChB,KAAMjF,gBAAgB+2H,IACpB,OAAO,IAAIA,GAAS9xH,GACtBjF,KAAKoU,KAAOnP,EAAQmP,KACpBpU,KAAKg3H,aAAe/xH,EAAQ+xH,WAE5Bh3H,KAAK6tD,OAAS7tD,KAAKoU,KAAKszB,QACxB1nC,KAAKi3H,WAAahyH,EAAQgyH,YAAcj3H,KAAKoU,KAAKuzB,aAElD3nC,KAAKk3H,QAAU,KACfl3H,KAAKm3H,eAAiB,KACtBn3H,KAAKotC,EAAI,KACTptC,KAAK0sD,EAAI,KAET,IAAI5D,EAAU/gB,GAAMC,QAAQ/iC,EAAQ6jD,QAAS7jD,EAAQmyH,YAAc,OAC/DtlF,EAAQ/J,GAAMC,QAAQ/iC,EAAQ6sC,MAAO7sC,EAAQoyH,UAAY,OACzDC,EAAOvvF,GAAMC,QAAQ/iC,EAAQqyH,KAAMryH,EAAQsyH,SAAW,OAC1D/xF,GAAOsjB,EAAQ1nD,QAAWpB,KAAKi3H,WAAa,EACrC,mCAAqCj3H,KAAKi3H,WAAa,SAC9Dj3H,KAAKg7G,MAAMlyD,EAAShX,EAAOwlF,EAC7B,CACA,OAAiBP,GAEjBA,GAAS/1H,UAAUg6G,MAAQ,SAAclyD,EAAShX,EAAOwlF,GACvD,IAAIz5E,EAAOiL,EAAQliD,OAAOkrC,GAAOlrC,OAAO0wH,GAExCt3H,KAAKotC,EAAQvtC,MAAMG,KAAK6tD,OAAS,GACjC7tD,KAAK0sD,EAAQ7sD,MAAMG,KAAK6tD,OAAS,GACjC,IAAK,IAAI1qD,EAAI,EAAGA,EAAInD,KAAK0sD,EAAEtrD,OAAQ+B,IACjCnD,KAAKotC,EAAEjqC,GAAK,EACZnD,KAAK0sD,EAAEvpD,GAAK,EAGdnD,KAAKkoC,QAAQ2V,GACb79C,KAAKk3H,QAAU,EACfl3H,KAAKm3H,eAAiB,eACxB,EAEAJ,GAAS/1H,UAAUw2H,MAAQ,WACzB,OAAO,IAAIpjH,GAAKuiH,KAAK32H,KAAKoU,KAAMpU,KAAKotC,EACvC,EAEA2pF,GAAS/1H,UAAUknC,QAAU,SAAgB2V,GAC3C,IAAI45E,EAAOz3H,KAAKw3H,QACA1vF,OAAO9nC,KAAK0sD,GACZ5kB,OAAO,CAAE,IACrB+V,IACF45E,EAAOA,EAAK3vF,OAAO+V,IACrB79C,KAAKotC,EAAIqqF,EAAKtvF,SACdnoC,KAAK0sD,EAAI1sD,KAAKw3H,QAAQ1vF,OAAO9nC,KAAK0sD,GAAGvkB,SAChC0V,IAGL79C,KAAKotC,EAAIptC,KAAKw3H,QACA1vF,OAAO9nC,KAAK0sD,GACZ5kB,OAAO,CAAE,IACTA,OAAO+V,GACP1V,SACdnoC,KAAK0sD,EAAI1sD,KAAKw3H,QAAQ1vF,OAAO9nC,KAAK0sD,GAAGvkB,SACvC,EAEA4uF,GAAS/1H,UAAU02H,OAAS,SAAgB5uE,EAASsuE,EAAY/wH,EAAKsxH,GAE1C,iBAAfP,IACTO,EAAStxH,EACTA,EAAM+wH,EACNA,EAAa,MAGftuE,EAAU/gB,GAAMC,QAAQ8gB,EAASsuE,GACjC/wH,EAAM0hC,GAAMC,QAAQ3hC,EAAKsxH,GAEzBnyF,GAAOsjB,EAAQ1nD,QAAWpB,KAAKi3H,WAAa,EACrC,mCAAqCj3H,KAAKi3H,WAAa,SAE9Dj3H,KAAKkoC,QAAQ4gB,EAAQliD,OAAOP,GAAO,KACnCrG,KAAKk3H,QAAU,CACjB,EAEAH,GAAS/1H,UAAUwvD,SAAW,SAAkBrgD,EAAKi2B,EAAK//B,EAAKsxH,GAC7D,GAAI33H,KAAKk3H,QAAUl3H,KAAKm3H,eACtB,MAAU/zH,MAAM,sBAGC,iBAARgjC,IACTuxF,EAAStxH,EACTA,EAAM+/B,EACNA,EAAM,MAIJ//B,IACFA,EAAM0hC,GAAMC,QAAQ3hC,EAAKsxH,GAAU,OACnC33H,KAAKkoC,QAAQ7hC,IAIf,IADA,IAAI4tB,EAAO,GACJA,EAAK7yB,OAAS+O,GACnBnQ,KAAK0sD,EAAI1sD,KAAKw3H,QAAQ1vF,OAAO9nC,KAAK0sD,GAAGvkB,SACrClU,EAAOA,EAAKrtB,OAAO5G,KAAK0sD,GAG1B,IAAIn9C,EAAM0kB,EAAKvyB,MAAM,EAAGyO,GAGxB,OAFAnQ,KAAKkoC,QAAQ7hC,GACbrG,KAAKk3H,UACEnvF,GAAMzqB,OAAO/N,EAAK62B,EAC3B,EC5GA,IAAIZ,GAASuC,GAAMvC,OAEnB,SAASoyF,GAAQ9xE,EAAI7gD,GACnBjF,KAAK8lD,GAAKA,EACV9lD,KAAKwlD,KAAO,KACZxlD,KAAK0lD,IAAM,KAGPzgD,EAAQugD,MACVxlD,KAAK63H,eAAe5yH,EAAQugD,KAAMvgD,EAAQ6yH,SACxC7yH,EAAQygD,KACV1lD,KAAK+3H,cAAc9yH,EAAQygD,IAAKzgD,EAAQ+yH,OAC5C,CACA,OAAiBJ,GAEjBA,GAAQK,WAAa,SAAoBnyE,EAAIJ,EAAKtf,GAChD,OAAIsf,aAAekyE,GACVlyE,EAEF,IAAIkyE,GAAQ9xE,EAAI,CACrBJ,IAAKA,EACLsyE,OAAQ5xF,GAEZ,EAEAwxF,GAAQM,YAAc,SAAqBpyE,EAAIN,EAAMpf,GACnD,OAAIof,aAAgBoyE,GACXpyE,EAEF,IAAIoyE,GAAQ9xE,EAAI,CACrBN,KAAMA,EACNsyE,QAAS1xF,GAEb,EAGAwxF,GAAQ52H,UAAU2kD,SAAW,WAC3B,IAAID,EAAM1lD,KAAK+oD,YAEf,OAAIrD,EAAIssE,aACC,CAAEvwH,QAAQ,EAAOS,OAAQ,sBAC7BwjD,EAAIC,WAEJD,EAAIp4C,IAAItN,KAAK8lD,GAAGl1C,MAAMpE,GAAGwlH,aAGvB,CAAEvwH,QAAQ,EAAMS,OAAQ,MAFtB,CAAET,QAAQ,EAAOS,OAAQ,uBAFzB,CAAET,QAAQ,EAAOS,OAAQ,4BAKpC,EAEA01H,GAAQ52H,UAAU+nD,UAAY,SAAmB3iB,EAAK2oF,GAIpD,OAHK/uH,KAAK0lD,MACR1lD,KAAK0lD,IAAM1lD,KAAK8lD,GAAG9gB,EAAE13B,IAAItN,KAAKwlD,OAE3Bpf,EAGEpmC,KAAK0lD,IAAIpoC,OAAO8oB,EAAK2oF,GAFnB/uH,KAAK0lD,GAGhB,EAEAkyE,GAAQ52H,UAAUgoD,WAAa,SAAoB5iB,GACjD,MAAY,QAARA,EACKpmC,KAAKwlD,KAAK74C,SAAS,GAAI,GAEvB3M,KAAKwlD,IAChB,EAEAoyE,GAAQ52H,UAAU62H,eAAiB,SAAwB7gH,EAAKovB,GAK9D,GAJApmC,KAAKwlD,KAAO,IAAI9D,GAAG1qC,EAAKovB,GAAO,IAIJ,SAAvBpmC,KAAK8lD,GAAGl1C,MAAMwJ,KAAiB,CACjC,IAAIrK,EAAM/P,KAAK8lD,GAAGl1C,MAAMb,IACpBkiC,EAAOliC,EAAI21G,MAAM,KAASt4G,IAAI2C,GAAK21G,MAAM,GAC7C1lH,KAAKwlD,KAAOxlD,KAAKwlD,KAAK47B,GAAGrxE,EAAI21G,MAAM,MACnC1lH,KAAKwlD,KAAOxlD,KAAKwlD,KAAK27B,IAAIlvC,QAI1BjyC,KAAKwlD,KAAOxlD,KAAKwlD,KAAKmhE,KAAK3mH,KAAK8lD,GAAGl1C,MAAMpE,EAC7C,EAEAorH,GAAQ52H,UAAU+2H,cAAgB,SAAuB/gH,EAAKovB,GAC5D,GAAIpvB,EAAI9J,GAAK8J,EAAI1I,EAWf,MAP2B,SAAvBtO,KAAK8lD,GAAGl1C,MAAMwJ,KAChBorB,GAAOxuB,EAAI9J,EAAG,qBACkB,UAAvBlN,KAAK8lD,GAAGl1C,MAAMwJ,MACS,YAAvBpa,KAAK8lD,GAAGl1C,MAAMwJ,MACvBorB,GAAOxuB,EAAI9J,GAAK8J,EAAI1I,EAAG,qCAEzBtO,KAAK0lD,IAAM1lD,KAAK8lD,GAAGl1C,MAAMu8G,MAAMn2G,EAAI9J,EAAG8J,EAAI1I,IAG5CtO,KAAK0lD,IAAM1lD,KAAK8lD,GAAGl1C,MAAM+9G,YAAY33G,EAAKovB,EAC5C,EAGAwxF,GAAQ52H,UAAU2rD,OAAS,SAAgBjH,GACzC,OAAOA,EAAIp4C,IAAItN,KAAKwlD,MAAMwpE,MAC5B,EAGA4I,GAAQ52H,UAAUm8C,KAAO,SAAczX,EAAKU,EAAKnhC,GAC/C,OAAOjF,KAAK8lD,GAAG3I,KAAKzX,EAAK1lC,KAAMomC,EAAKnhC,EACtC,EAEA2yH,GAAQ52H,UAAU08C,OAAS,SAAgBhY,EAAKvwB,GAC9C,OAAOnV,KAAK8lD,GAAGpI,OAAOhY,EAAKvwB,EAAWnV,KACxC,EAEA43H,GAAQ52H,UAAUg7G,QAAU,WAC1B,MAAO,eAAiBh8G,KAAKwlD,MAAQxlD,KAAKwlD,KAAK74C,SAAS,GAAI,IACrD,UAAY3M,KAAK0lD,KAAO1lD,KAAK0lD,IAAIs2D,WAAa,IACvD,ECnHA,IAAIx2E,GAASuC,GAAMvC,OAEnB,SAASoiD,GAAU3iF,EAASmhC,GAC1B,GAAInhC,aAAmB2iF,GACrB,OAAO3iF,EAELjF,KAAKm4H,WAAWlzH,EAASmhC,KAG7BZ,GAAOvgC,EAAQ8I,GAAK9I,EAAQgZ,EAAG,4BAC/Bje,KAAK+N,EAAI,IAAI2zC,GAAGz8C,EAAQ8I,EAAG,IAC3B/N,KAAKie,EAAI,IAAIyjC,GAAGz8C,EAAQgZ,EAAG,SACGhd,IAA1BgE,EAAQmzH,cACVp4H,KAAKo4H,cAAgB,KAErBp4H,KAAKo4H,cAAgBnzH,EAAQmzH,cACjC,CACA,OAAiBxwC,GAEjB,SAASywC,KACPr4H,KAAKs4H,MAAQ,CACf,CAEA,SAASC,GAAUh3G,EAAKkR,GACtB,IAAI+lG,EAAUj3G,EAAIkR,EAAE6lG,SACpB,KAAgB,IAAVE,GACJ,OAAOA,EAIT,IAFA,IAAIC,EAAqB,GAAVD,EACX/yF,EAAM,EACDtiC,EAAI,EAAG64B,EAAMvJ,EAAE6lG,MAAOn1H,EAAIs1H,EAAUt1H,IAAK64B,IAChDyJ,IAAQ,EACRA,GAAOlkB,EAAIya,GAGb,OADAvJ,EAAE6lG,MAAQt8F,EACHyJ,CACT,CAEA,SAASizF,GAAUn3G,GAGjB,IAFA,IAAIpe,EAAI,EACJgN,EAAMoR,EAAIngB,OAAS,GACfmgB,EAAIpe,MAAqB,IAAboe,EAAIpe,EAAI,KAAcA,EAAIgN,GAC5ChN,IAEF,OAAU,IAANA,EACKoe,EAEFA,EAAI7f,MAAMyB,EACnB,CAwCA,SAASw1H,GAAgB77E,EAAK3sC,GAC5B,GAAIA,EAAM,IACR2sC,EAAIj7C,KAAKsO,OADX,CAIA,IAAIyoH,EAAS,GAAK9sH,KAAKqS,IAAIhO,GAAOrE,KAAKisE,MAAQ,GAE/C,IADAj7B,EAAIj7C,KAAc,IAAT+2H,KACAA,GACP97E,EAAIj7C,KAAMsO,KAASyoH,GAAU,GAAM,KAErC97E,EAAIj7C,KAAKsO,GACX,CAjDAy3E,GAAU5mF,UAAUm3H,WAAa,SAAoBjuH,EAAMk8B,GACzDl8B,EAAO69B,GAAMC,QAAQ99B,EAAMk8B,GAC3B,IAAI3T,EAAI,IAAI4lG,GACZ,GAAwB,KAApBnuH,EAAKuoB,EAAE6lG,SACT,OAAO,EAGT,GADUC,GAAUruH,EAAMuoB,GACfA,EAAE6lG,QAAWpuH,EAAK9I,OAC3B,OAAO,EAET,GAAwB,IAApB8I,EAAKuoB,EAAE6lG,SACT,OAAO,EAET,IAAI/lG,EAAOgmG,GAAUruH,EAAMuoB,GACvB1kB,EAAI7D,EAAKxI,MAAM+wB,EAAE6lG,MAAO/lG,EAAOE,EAAE6lG,OAErC,GADA7lG,EAAE6lG,OAAS/lG,EACa,IAApBroB,EAAKuoB,EAAE6lG,SACT,OAAO,EAET,IAAIO,EAAON,GAAUruH,EAAMuoB,GAC3B,GAAIvoB,EAAK9I,SAAWy3H,EAAOpmG,EAAE6lG,MAC3B,OAAO,EAET,IAAIr6G,EAAI/T,EAAKxI,MAAM+wB,EAAE6lG,MAAOO,EAAOpmG,EAAE6lG,OAYrC,OAXa,IAATvqH,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAErM,MAAM,IAED,IAATuc,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEvc,MAAM,IAGd1B,KAAK+N,EAAI,IAAI2zC,GAAG3zC,GAChB/N,KAAKie,EAAI,IAAIyjC,GAAGzjC,GAChBje,KAAKo4H,cAAgB,MAEd,CACT,EAeAxwC,GAAU5mF,UAAU83H,MAAQ,SAAe1yF,GACzC,IAAIr4B,EAAI/N,KAAK+N,EAAEi6B,UACX/pB,EAAIje,KAAKie,EAAE+pB,UAYf,IATW,IAAPj6B,EAAE,KACJA,EAAI,CAAE,GAAInH,OAAOmH,IAER,IAAPkQ,EAAE,KACJA,EAAI,CAAE,GAAIrX,OAAOqX,IAEnBlQ,EAAI2qH,GAAU3qH,GACdkQ,EAAIy6G,GAAUz6G,KAENA,EAAE,IAAe,IAAPA,EAAE,KAClBA,EAAIA,EAAEvc,MAAM,GAEd,IAAIo7C,EAAM,CAAE,GACZ67E,GAAgB77E,EAAK/uC,EAAE3M,SACvB07C,EAAMA,EAAIl2C,OAAOmH,IACblM,KAAK,GACT82H,GAAgB77E,EAAK7+B,EAAE7c,QACvB,IAAI23H,EAAWj8E,EAAIl2C,OAAOqX,GACtB1O,EAAM,CAAE,IAGZ,OAFAopH,GAAgBppH,EAAKwpH,EAAS33H,QAC9BmO,EAAMA,EAAI3I,OAAOmyH,GACVhxF,GAAMzqB,OAAO/N,EAAK62B,EAC3B,EC9HA,IAAIZ,GAASuC,GAAMvC,OAKnB,SAASwzF,GAAG/zH,GACV,KAAMjF,gBAAgBg5H,IACpB,OAAO,IAAIA,GAAG/zH,GAGO,iBAAZA,IACTugC,GAAOoiB,GAAOp1B,eAAevtB,GAAU,iBAAmBA,GAE1DA,EAAU2iD,GAAO3iD,IAIfA,aAAmB2iD,GAAOgvE,cAC5B3xH,EAAU,CAAE2L,MAAO3L,IAErBjF,KAAK4Q,MAAQ3L,EAAQ2L,MAAMA,MAC3B5Q,KAAKwM,EAAIxM,KAAK4Q,MAAMpE,EACpBxM,KAAKi5H,GAAKj5H,KAAKwM,EAAEo5G,MAAM,GACvB5lH,KAAKglC,EAAIhlC,KAAK4Q,MAAMo0B,EAGpBhlC,KAAKglC,EAAI//B,EAAQ2L,MAAMo0B,EACvBhlC,KAAKglC,EAAEkqF,WAAWjqH,EAAQ2L,MAAMpE,EAAEqD,YAAc,GAGhD7P,KAAKoU,KAAOnP,EAAQmP,MAAQnP,EAAQ2L,MAAMwD,IAC5C,CACA,OAAiB4kH,GAEjBA,GAAGh4H,UAAUi8C,QAAU,SAAiBh4C,GACtC,OAAO,IAAI2yH,GAAQ53H,KAAMiF,EAC3B,EAEA+zH,GAAGh4H,UAAUskD,eAAiB,SAAwBE,EAAMpf,GAC1D,OAAOwxF,GAAQM,YAAYl4H,KAAMwlD,EAAMpf,EACzC,EAEA4yF,GAAGh4H,UAAUykD,cAAgB,SAAuBC,EAAKtf,GACvD,OAAOwxF,GAAQK,WAAWj4H,KAAM0lD,EAAKtf,EACvC,EAEA4yF,GAAGh4H,UAAU6nD,WAAa,SAAoB5jD,GACvCA,IACHA,EAAU,IAGZ,IAAIi0H,EAAO,IAAInC,GAAS,CACtB3iH,KAAMpU,KAAKoU,KACXkjH,KAAMryH,EAAQqyH,KACdC,QAAStyH,EAAQsyH,SAAW,OAC5BzuE,QAAS7jD,EAAQ6jD,SAAW7J,GAAKj/C,KAAKoU,KAAKuzB,cAC3CyvF,WAAYnyH,EAAQ6jD,SAAW7jD,EAAQmyH,YAAc,OACrDtlF,MAAO9xC,KAAKwM,EAAEw7B,YAIhB,GAAwB,SAApBhoC,KAAK4Q,MAAMwJ,KAAiB,CAC9B,IAAIorC,EAAO,IAAI9D,GAAGw3E,EAAK1oE,SAAS,KAChC,OAAOxwD,KAAKslD,eAAeE,GAK7B,IAFA,IAAIl+C,EAAQtH,KAAKwM,EAAEjI,aACf40H,EAAMn5H,KAAKwM,EAAEY,IAAI,IAAIs0C,GAAG,MACzB,CAED,MADI8D,EAAO,IAAI9D,GAAGw3E,EAAK1oE,SAASlpD,KACvB8zG,IAAI+d,GAAO,GAIpB,OADA3zE,EAAKm4D,MAAM,GACJ39G,KAAKslD,eAAeE,GAE/B,EAEAwzE,GAAGh4H,UAAUo4H,aAAe,SAAqB1zF,EAAK2zF,EAAWv9G,GAE/D,IAAIyrG,GADJzrG,EAAUA,GAA8B,EAAnB4pB,EAAInhC,cACHvE,KAAKwM,EAAEqD,YAG7B,OAFI03G,EAAQ,IACV7hF,EAAMA,EAAIkgF,MAAM2B,KACb8R,GAAa3zF,EAAI01E,IAAIp7G,KAAKwM,IAAM,EAC5Bk5B,EAAIt4B,IAAIpN,KAAKwM,GAEbk5B,CACX,EAEAszF,GAAGh4H,UAAUs4H,YAAe,SAAqB5zF,GAE/C,IAAI5pB,EAUJ,OATI4pB,aAAe3iC,YACjB+Y,EAA2B,EAAjB4pB,EAAInhC,WACdmhC,EAAM1lC,KAAKo5H,aAAa,IAAI13E,GAAGhc,EAAK,KAAK,EAAO5pB,IACxB,iBAAR4pB,GAChB5pB,EAAuB,EAAb4pB,EAAItkC,OACdskC,EAAM1lC,KAAKo5H,aAAa,IAAI13E,GAAGhc,EAAK,KAAK,EAAO5pB,IAEhD4pB,EAAM1lC,KAAKo5H,aAAa,IAAI13E,GAAGhc,EAAK,KAE/BA,CACT,EAEAszF,GAAGh4H,UAAUm8C,KAAO,SAAczX,EAAK1uB,EAAKovB,EAAKnhC,GAC5B,iBAARmhC,IACTnhC,EAAUmhC,EACVA,EAAM,MAEHnhC,IACHA,EAAU,IAEZ+R,EAAMhX,KAAKslD,eAAetuC,EAAKovB,GAC/BV,EAAM1lC,KAAKs5H,YAAY5zF,GAqBvB,IAlBA,IAAIp+B,EAAQtH,KAAKwM,EAAEjI,aACfg1H,EAAOviH,EAAIgyC,aAAahhB,QAAQ,KAAM1gC,GAGtCwqC,EAAQpM,EAAIsC,QAAQ,KAAM1gC,GAG1B4xH,EAAO,IAAInC,GAAS,CACtB3iH,KAAMpU,KAAKoU,KACX00C,QAASywE,EACTznF,MAAOA,EACPwlF,KAAMryH,EAAQqyH,KACdC,QAAStyH,EAAQsyH,SAAW,SAI1BiC,EAAMx5H,KAAKwM,EAAEY,IAAI,IAAIs0C,GAAG,IAEnB+3E,EAAO,GAASA,IAAQ,CAC/B,IAAIp9G,EAAIpX,EAAQoX,EACZpX,EAAQoX,EAAEo9G,GACV,IAAI/3E,GAAGw3E,EAAK1oE,SAASxwD,KAAKwM,EAAEjI,eAEhC,MADA8X,EAAIrc,KAAKo5H,aAAa/8G,GAAG,IACnBmrG,KAAK,IAAM,GAAKnrG,EAAE++F,IAAIoe,IAAQ,GAApC,CAGA,IAAIE,EAAK15H,KAAKglC,EAAE13B,IAAI+O,GACpB,IAAIq9G,EAAG1H,aAAP,CAGA,IAAI2H,EAAMD,EAAG1K,OACTjhH,EAAI4rH,EAAIhT,KAAK3mH,KAAKwM,GACtB,GAAkB,IAAduB,EAAEy5G,KAAK,GAAX,CAGA,IAAIvpG,EAAI5B,EAAEorG,KAAKznH,KAAKwM,GAAGc,IAAIS,EAAET,IAAI0J,EAAIgyC,cAAc/7C,KAAKy4B,IAExD,GAAkB,KADlBznB,EAAIA,EAAE0oG,KAAK3mH,KAAKwM,IACVg7G,KAAK,GAAX,CAGA,IAAI4Q,GAAiBsB,EAAGzK,OAAO7H,QAAU,EAAI,IACT,IAAfuS,EAAIve,IAAIrtG,GAAW,EAAI,GAQ5C,OALI9I,EAAQ20H,WAAa37G,EAAEm9F,IAAIp7G,KAAKi5H,IAAM,IACxCh7G,EAAIje,KAAKwM,EAAEY,IAAI6Q,GACfm6G,GAAiB,GAGZ,IAAIxwC,GAAU,CAAE75E,EAAGA,EAAGkQ,EAAGA,EAAGm6G,cAAeA,QAEtD,EAEAY,GAAGh4H,UAAU08C,OAAS,SAAgBhY,EAAKvwB,EAAW6B,EAAKovB,GAMzD,OALApvB,EAAMhX,KAAKylD,cAAczuC,EAAKovB,GAC9BjxB,EAAY,IAAIyyE,GAAUzyE,EAAW,OAE3BnV,KAAK65H,QAAQ75H,KAAKs5H,YAAY5zF,GAAMvwB,EAAW6B,IACzDhX,KAAK65H,QAAQ75H,KAAKo5H,aAAa,IAAI13E,GAAGhc,EAAK,KAAMvwB,EAAW6B,EAE9D,EAEAgiH,GAAGh4H,UAAU64H,QAAU,SAAiBn0F,EAAKvwB,EAAW6B,GAEtD,IAAIjJ,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAClB,GAAIlQ,EAAEy5G,KAAK,GAAK,GAAKz5G,EAAEqtG,IAAIp7G,KAAKwM,IAAM,EACpC,OAAO,EACT,GAAIyR,EAAEupG,KAAK,GAAK,GAAKvpG,EAAEm9F,IAAIp7G,KAAKwM,IAAM,EACpC,OAAO,EAGT,IAeIimB,EAfAqnG,EAAO77G,EAAEwpG,KAAKznH,KAAKwM,GACnBwiD,EAAK8qE,EAAKxsH,IAAIo4B,GAAKihF,KAAK3mH,KAAKwM,GAC7ByiD,EAAK6qE,EAAKxsH,IAAIS,GAAG44G,KAAK3mH,KAAKwM,GAE/B,OAAKxM,KAAK4Q,MAAMo8G,gBAWZv6F,EAAIzyB,KAAKglC,EAAEstF,QAAQtjE,EAAIh4C,EAAI+xC,YAAakG,IACtC+iE,cAMCv/F,EAAEmiG,OAAO7mH,KAjBV0kB,EAAIzyB,KAAKglC,EAAEqtF,OAAOrjE,EAAIh4C,EAAI+xC,YAAakG,IACrC+iE,cAGkC,IAAjCv/F,EAAEu8F,OAAOrI,KAAK3mH,KAAKwM,GAAG4uG,IAAIrtG,EAcrC,EAEAirH,GAAGh4H,UAAU+4H,cAAgB,SAASr0F,EAAKvwB,EAAW4H,EAAGqpB,GACvDZ,IAAQ,EAAIzoB,KAAOA,EAAG,4CACtB5H,EAAY,IAAIyyE,GAAUzyE,EAAWixB,GAErC,IAAI55B,EAAIxM,KAAKwM,EACT/H,EAAI,IAAIi9C,GAAGhc,GACX33B,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAGd+7G,EAAa,EAAJj9G,EACTk9G,EAAcl9G,GAAK,EACvB,GAAIhP,EAAEqtG,IAAIp7G,KAAK4Q,MAAM6hB,EAAEk0F,KAAK3mH,KAAK4Q,MAAMpE,KAAO,GAAKytH,EACjD,MAAU72H,MAAM,wCAIhB2K,EADEksH,EACEj6H,KAAK4Q,MAAMg+G,WAAW7gH,EAAE1H,IAAIrG,KAAK4Q,MAAMpE,GAAIwtH,GAE3Ch6H,KAAK4Q,MAAMg+G,WAAW7gH,EAAGisH,GAE/B,IAAIE,EAAO/kH,EAAUpH,EAAE05G,KAAKj7G,GACxBggB,EAAKhgB,EAAEY,IAAI3I,GAAG6I,IAAI4sH,GAAMvT,KAAKn6G,GAC7BigB,EAAKxO,EAAE3Q,IAAI4sH,GAAMvT,KAAKn6G,GAI1B,OAAOxM,KAAKglC,EAAEqtF,OAAO7lG,EAAIze,EAAG0e,EAC9B,EAEAusG,GAAGh4H,UAAUm5H,oBAAsB,SAAS11H,EAAG0Q,EAAW+zC,EAAG9iB,GAE3D,GAAgC,QADhCjxB,EAAY,IAAIyyE,GAAUzyE,EAAWixB,IACvBgyF,cACZ,OAAOjjH,EAAUijH,cAEnB,IAAK,IAAIj1H,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAC1B,IAAIi3H,EACJ,IACEA,EAASp6H,KAAK+5H,cAAct1H,EAAG0Q,EAAWhS,GAC1C,MAAOsB,GACP,SAGF,GAAI21H,EAAO7wE,GAAGL,GACZ,OAAO/lD,EAEX,MAAUC,MAAM,uCAClB,ECxQA,IAAIoiC,GAASuC,GAAMvC,OACfymF,GAAalkF,GAAMkkF,WACnBF,GAAiBhkF,GAAMgkF,eAW3B,SAAS6L,GAAQ7kH,EAAOq0C,GAItB,GAHApnD,KAAK+S,MAAQA,EACTq0C,EAAO50B,eAAe,YACxBxyB,KAAKq6H,QAAUpO,GAAW7kE,EAAOyF,SAC/B95C,EAAMunH,QAAQlzE,EAAO1B,KACvB1lD,KAAKu6H,KAAOnzE,EAAO1B,SAMnB,GAJA1lD,KAAKw6H,UAAYvO,GAAW7kE,EAAO1B,KAC/B1lD,KAAKw6H,WAAuC,KAA1Bx6H,KAAKw6H,UAAUp5H,QACX,KAAtBpB,KAAKw6H,UAAU,KACjBx6H,KAAKw6H,UAAYx6H,KAAKw6H,UAAU94H,MAAM,EAAG,KACvC1B,KAAKw6H,WAAuC,KAA1Bx6H,KAAKw6H,UAAUp5H,OACnC,MAAUgC,MAAM,mCAEtB,CAEAw0H,GAAQK,WAAa,SAAoBllH,EAAO2yC,GAC9C,OAAIA,aAAekyE,GACVlyE,EACF,IAAIkyE,GAAQ7kH,EAAO,CAAE2yC,IAAKA,GACnC,EAEAkyE,GAAQ6C,WAAa,SAAoB1nH,EAAO85C,GAC9C,OAAIA,aAAkB+qE,GACb/qE,EACF,IAAI+qE,GAAQ7kH,EAAO,CAAE85C,OAAQA,GACtC,EAEA+qE,GAAQ52H,UAAU6rD,OAAS,WACzB,OAAO7sD,KAAKq6H,OACd,EAEAtO,GAAe6L,GAAS,YAAY,WAClC,OAAO53H,KAAK+S,MAAM2nH,YAAY16H,KAAK0lD,MACrC,IAEAqmE,GAAe6L,GAAS,OAAO,WAC7B,OAAI53H,KAAKw6H,UACAx6H,KAAK+S,MAAM47G,YAAY3uH,KAAKw6H,WAC9Bx6H,KAAK+S,MAAMiyB,EAAE13B,IAAItN,KAAKwlD,OAC/B,IAEAumE,GAAe6L,GAAS,aAAa,WACnC,IAAI7kH,EAAQ/S,KAAK+S,MACbqB,EAAOpU,KAAKoU,OACZumH,EAAS5nH,EAAM6nH,eAAiB,EAGhCnsH,EAAI2F,EAAK1S,MAAM,EAAGqR,EAAM6nH,gBAK5B,OAJAnsH,EAAE,IAAM,IACRA,EAAEksH,IAAW,IACblsH,EAAEksH,IAAW,GAENlsH,CACT,IAEAs9G,GAAe6L,GAAS,QAAQ,WAC9B,OAAO53H,KAAK+S,MAAM8nH,UAAU76H,KAAK86H,YACnC,IAEA/O,GAAe6L,GAAS,QAAQ,WAC9B,OAAO53H,KAAK+S,MAAMqB,OAAO0zB,OAAO9nC,KAAK6sD,UAAU1kB,QACjD,IAEA4jF,GAAe6L,GAAS,iBAAiB,WACvC,OAAO53H,KAAKoU,OAAO1S,MAAM1B,KAAK+S,MAAM6nH,eACtC,IAEAhD,GAAQ52H,UAAUm8C,KAAO,SAAcxjC,GAErC,OADA6rB,GAAOxlC,KAAKq6H,QAAS,2BACdr6H,KAAK+S,MAAMoqC,KAAKxjC,EAAS3Z,KAClC,EAEA43H,GAAQ52H,UAAU08C,OAAS,SAAgB/jC,EAAS8jC,GAClD,OAAOz9C,KAAK+S,MAAM2qC,OAAO/jC,EAAS8jC,EAAKz9C,KACzC,EAEA43H,GAAQ52H,UAAU+5H,UAAY,SAAmB30F,GAE/C,OADAZ,GAAOxlC,KAAKq6H,QAAS,0BACdtyF,GAAMzqB,OAAOtd,KAAK6sD,SAAUzmB,EACrC,EAEAwxF,GAAQ52H,UAAU+nD,UAAY,SAAmB3iB,EAAK2oF,GACpD,OAAOhnF,GAAMzqB,QAAQyxG,EAAU,CAAE,IAAS,IAAInoH,OAAO5G,KAAKg7H,YAAa50F,EACzE,EAEA,OAAiBwxF,GClGbpyF,GAASuC,GAAMvC,OACfumF,GAAiBhkF,GAAMgkF,eACvBE,GAAalkF,GAAMkkF,WAUvB,SAASrkC,GAAU70E,EAAO0qC,GACxBz9C,KAAK+S,MAAQA,EAEM,iBAAR0qC,IACTA,EAAMwuE,GAAWxuE,IAEf59C,MAAMW,QAAQi9C,KAChBA,EAAM,CACJhzB,EAAGgzB,EAAI/7C,MAAM,EAAGqR,EAAM6nH,gBACtB9mF,EAAG2J,EAAI/7C,MAAMqR,EAAM6nH,kBAIvBp1F,GAAOiY,EAAIhzB,GAAKgzB,EAAI3J,EAAG,4BAEnB/gC,EAAMunH,QAAQ78E,EAAIhzB,KACpBzqB,KAAKi7H,GAAKx9E,EAAIhzB,GACZgzB,EAAI3J,aAAa4N,KACnB1hD,KAAKk7H,GAAKz9E,EAAI3J,GAEhB9zC,KAAKm7H,UAAYt7H,MAAMW,QAAQi9C,EAAIhzB,GAAKgzB,EAAIhzB,EAAIgzB,EAAI29E,SACpDp7H,KAAKq7H,UAAYx7H,MAAMW,QAAQi9C,EAAI3J,GAAK2J,EAAI3J,EAAI2J,EAAI69E,QACtD,CAEAvP,GAAenkC,GAAW,KAAK,WAC7B,OAAO5nF,KAAK+S,MAAM8nH,UAAU76H,KAAKs7H,WACnC,IAEAvP,GAAenkC,GAAW,KAAK,WAC7B,OAAO5nF,KAAK+S,MAAM47G,YAAY3uH,KAAKo7H,WACrC,IAEArP,GAAenkC,GAAW,YAAY,WACpC,OAAO5nF,KAAK+S,MAAM2nH,YAAY16H,KAAKyqB,IACrC,IAEAshG,GAAenkC,GAAW,YAAY,WACpC,OAAO5nF,KAAK+S,MAAMwoH,UAAUv7H,KAAK8zC,IACnC,IAEA8zC,GAAU5mF,UAAUw6H,QAAU,WAC5B,OAAOx7H,KAAKo7H,WAAWx0H,OAAO5G,KAAKs7H,WACrC,EAEA1zC,GAAU5mF,UAAU0mB,MAAQ,WAC1B,OAAOqgB,GAAMzqB,OAAOtd,KAAKw7H,UAAW,OAAO1kD,aAC7C,EAEA,OAAiB8Q,GCzDbpiD,GAASuC,GAAMvC,OACfymF,GAAalkF,GAAMkkF,WAIvB,SAASwP,GAAM7qH,GAGb,GAFA40B,GAAiB,YAAV50B,EAAqB,qCAEtB5Q,gBAAgBy7H,IACpB,OAAO,IAAIA,GAAM7qH,GAEfA,EAAQg3C,GAAOh3C,GAAOA,MAC1B5Q,KAAK4Q,MAAQA,EACb5Q,KAAKglC,EAAIp0B,EAAMo0B,EACfhlC,KAAKglC,EAAEkqF,WAAWt+G,EAAMpE,EAAEqD,YAAc,GAExC7P,KAAK07H,WAAa9qH,EAAMu8G,QAAQrtH,YAChCE,KAAK46H,eAAiB9uH,KAAKmQ,KAAKrL,EAAMpE,EAAEqD,YAAc,GACtD7P,KAAKoU,KAAOA,GAAKM,MACnB,CAEA,OAAiB+mH,GAOjBA,GAAMz6H,UAAUm8C,KAAO,SAAcxjC,EAASkzC,GAC5ClzC,EAAUsyG,GAAWtyG,GACrB,IAAI3C,EAAMhX,KAAK27H,cAAc9uE,GACzB9+C,EAAI/N,KAAK47H,QAAQ5kH,EAAI6kH,gBAAiBliH,GACtC8Q,EAAIzqB,KAAKglC,EAAE13B,IAAIS,GACfqtH,EAAWp7H,KAAK06H,YAAYjwG,GAC5BqxG,EAAK97H,KAAK47H,QAAQR,EAAUpkH,EAAIgkH,WAAYrhH,GAClCrM,IAAI0J,EAAIwuC,QAClB1R,EAAI/lC,EAAE1H,IAAIy1H,GAAInV,KAAK3mH,KAAK4Q,MAAMpE,GAClC,OAAOxM,KAAK+7H,cAAc,CAAEtxG,EAAGA,EAAGqpB,EAAGA,EAAGsnF,SAAUA,GACpD,EAQAK,GAAMz6H,UAAU08C,OAAS,SAAgB/jC,EAAS8jC,EAAKiI,GACrD/rC,EAAUsyG,GAAWtyG,GACrB8jC,EAAMz9C,KAAK+7H,cAAct+E,GACzB,IAAIzmC,EAAMhX,KAAKylD,cAAcC,GACzBnpC,EAAIvc,KAAK47H,QAAQn+E,EAAI29E,WAAYpkH,EAAIgkH,WAAYrhH,GACjDqiH,EAAKh8H,KAAKglC,EAAE13B,IAAImwC,EAAI3J,KAExB,OADc2J,EAAIhzB,IAAIpkB,IAAI2Q,EAAI0uC,MAAMp4C,IAAIiP,IACzBgtC,GAAGyyE,EACpB,EAEAP,GAAMz6H,UAAU46H,QAAU,WAExB,IADA,IAAIxnH,EAAOpU,KAAKoU,OACPjR,EAAI,EAAGA,EAAIy5C,UAAUx7C,OAAQ+B,IACpCiR,EAAK0zB,OAAO8U,UAAUz5C,IACxB,OAAO4kC,GAAMmkF,UAAU93G,EAAK+zB,UAAUw+E,KAAK3mH,KAAK4Q,MAAMpE,EACxD,EAEAivH,GAAMz6H,UAAUi8C,QAAU,SAAiBh4C,GACzC,OAAO,IAAI2yH,GAAQ53H,KAAMiF,EAC3B,EAEAw2H,GAAMz6H,UAAUykD,cAAgB,SAAuBC,GACrD,OAAOkyE,GAAQK,WAAWj4H,KAAM0lD,EAClC,EAEA+1E,GAAMz6H,UAAU26H,cAAgB,SAAuB9uE,GACrD,OAAO+qE,GAAQ6C,WAAWz6H,KAAM6sD,EAClC,EAEA4uE,GAAMz6H,UAAU6nD,WAAa,SAAoB5jD,GAC1CA,IACHA,EAAU,IAGZ,IAAIi0H,EAAO,IAAInC,GAAS,CACtB3iH,KAAMpU,KAAKoU,KACXkjH,KAAMryH,EAAQqyH,KACdC,QAAStyH,EAAQsyH,SAAW,OAC5BzuE,QAAS7jD,EAAQ6jD,SAAW7J,GAAKj/C,KAAKoU,KAAKuzB,cAC3CyvF,WAAYnyH,EAAQ6jD,SAAW7jD,EAAQmyH,YAAc,OACrDtlF,MAAO9xC,KAAK4Q,MAAMpE,EAAEw7B,YAGtB,OAAOhoC,KAAK27H,cAAczC,EAAK1oE,SAAS,IAC1C,EAEAirE,GAAMz6H,UAAU+6H,cAAgB,SAAuBt+E,GACrD,OAAIA,aAAemqC,GACVnqC,EACF,IAAImqC,GAAU5nF,KAAMy9C,EAC7B,EAUAg+E,GAAMz6H,UAAU05H,YAAc,SAAqBvN,GACjD,IAAI/mF,EAAM+mF,EAAM8B,OAAOjnF,QAAQ,KAAMhoC,KAAK46H,gBAE1C,OADAx0F,EAAIpmC,KAAK46H,eAAiB,IAAMzN,EAAM6B,OAAO5H,QAAU,IAAO,EACvDhhF,CACT,EAEAq1F,GAAMz6H,UAAU2tH,YAAc,SAAqBrnH,GAGjD,IAAIqzH,GAFJrzH,EAAQygC,GAAMkkF,WAAW3kH,IAENlG,OAAS,EACxB66H,EAAS30H,EAAM5F,MAAM,EAAGi5H,GAAQ/zH,QAAuB,IAAhBU,EAAMqzH,IAC7CuB,EAAoC,IAAV,IAAhB50H,EAAMqzH,IAEhBrsH,EAAIy5B,GAAMmkF,UAAU+P,GACxB,OAAOj8H,KAAK4Q,MAAM+kH,WAAWrnH,EAAG4tH,EAClC,EAEAT,GAAMz6H,UAAUu6H,UAAY,SAAmBj0F,GAC7C,OAAOA,EAAIU,QAAQ,KAAMhoC,KAAK46H,eAChC,EAEAa,GAAMz6H,UAAU65H,UAAY,SAAmBvzH,GAC7C,OAAOygC,GAAMmkF,UAAU5kH,EACzB,EAEAm0H,GAAMz6H,UAAUs5H,QAAU,SAAiB70F,GACzC,OAAOA,aAAezlC,KAAK07H,UAC7B,2BC1IA,IAAI71E,EAAWxH,EAEfwH,EAAS9d,MAAQvlC,GACjBqjD,EAAS5G,KAAOt7C,GAChBkiD,EAASj1C,MAAQwO,GACjBymC,EAAS+B,OAASpoC,GAGlBqmC,EAASC,GAAKwwE,GACdzwE,EAAS9yC,MAAQopH,qOCyBjB,MACaz7G,iBACT,OAAOU,GAAMnM,OAAOS,OAQtBxU,KAAKoG,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,GAMZxF,QACE,OAAO,IAAIiB,WAAW,CAAC,GAAM,GAAM,2fCtCvC,MACa2d,iBACT,OAAOU,GAAMnM,OAAOW,MAOtB1U,OACE,MAAM,IAAIimD,GAAiB,mCAG7BrlD,QACE,MAAM,IAAIqlD,GAAiB,2L7BgLxBhmD,gBAAsCkV,KAAEA,KAAS+lH,IACtD,IAAK/lH,EACH,MAAUjT,MAAM,sEAElB,IAAKoX,GAAKC,SAASpE,GACjB,MAAUjT,MAAM,yDAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,OAAO,IAAI60F,GAAiBhgF,EAC9B,wBDkrBOlV,gBAA6BkV,KAAEA,EAAID,OAAEA,EAAMw8D,SAAEA,EAAQD,KAAEA,EAAO,IAAI33D,KAAM2nC,OAAEA,QAAkB1hD,IAAToV,EAAqB,OAAS,aAAa+lH,IACnI,IAAI97H,OAAiBW,IAAToV,EAAqBA,EAAOD,EACxC,QAAcnV,IAAVX,EACF,MAAU8C,MAAM,yEAElB,GAAIiT,IAASmE,GAAKC,SAASpE,KAAUmE,GAAK9X,SAAS2T,GACjD,MAAUjT,MAAM,0DAElB,GAAIgT,IAAWoE,GAAK1X,aAAasT,KAAYoE,GAAK9X,SAAS0T,GACzD,MAAUhT,MAAM,gEAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,MAAMwE,EAAawU,GAAK9X,SAASpC,GAC7B0F,UACIs2H,IACNh8H,EAAQi8H,EAAgBj8H,IAE1B,MAAM80F,EAAoB,IAAI1iB,GAAkBC,QACnC1xE,IAAToV,EACF++E,EAAkBviB,QAAQvyE,EAAO8gB,GAAMtf,MAAMsf,GAAMjL,QAASwsC,IAE5DyyC,EAAkBpiB,SAAS1yE,EAAO8gB,GAAMtf,MAAMsf,GAAMjL,QAASwsC,SAE9C1hD,IAAb2xE,GACFwiB,EAAkBniB,YAAYL,GAEhC,MAAM4pD,EAAwB,IAAInlD,GAClCmlD,EAAsB36H,KAAKuzF,GAC3B,MAAMz7E,EAAU,IAAIy4E,GAAQoqC,GAE5B,OADA7iH,EAAQ69D,WAAaxxE,EACd2T,CACT,kBE/lBOxY,gBAAuBwY,QAAEA,EAAO84E,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAW7G,iBAAEA,EAAgB2wC,aAAEA,GAAe,EAAK95E,OAAEA,EAAS,OAAMxtC,UAAEA,EAAY,KAAIw9D,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWs3G,IAGxL,GAF0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa98E,GAAUmyE,EAAmB9jD,GAAQ8jD,GAAmB2G,EAAiBzqD,GAAQyqD,GAAiBC,EAAY1qD,GAAQ0qD,GAAYC,EAAc3qD,GAAQ2qD,GACjKypC,EAAKlsC,YAAa,MAAU9sF,MAAM,iGACtC,GAAIg5H,EAAKM,WAAY,MAAUt5H,MAAM,kGACrC,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IACE,MAAM64E,QAAkB1gE,EAAQqZ,QAAQy/D,EAAgBC,EAAWC,EAAahgB,EAAM7tD,GACjFgnE,IACHA,EAAmB,IAGrB,MAAMrqF,EAAS,GAKf,GAJAA,EAAO0mF,WAAahzE,QAAkBklE,EAAU0b,eAAe5gF,EAAW22E,EAAkBnZ,EAAM7tD,SAAgBu1D,EAAU38B,OAAOouC,EAAkBnZ,EAAM7tD,GAC3JrjB,EAAOyI,KAAkB,WAAXy4C,EAAsB03B,EAAU6Z,iBAAmB7Z,EAAUvH,UAC3ErxE,EAAOmxE,SAAWyH,EAAUnH,cAC5BmkB,GAAY51F,EAAQkY,GAChB8iH,EAAc,CAChB,GAAgC,IAA5B3wC,EAAiB1qF,OACnB,MAAUgC,MAAM,+DAElB,GAAiC,IAA7B3B,EAAO0mF,WAAW/mF,OACpB,MAAUgC,MAAM,yBAElB3B,EAAOyI,KAAOyT,EAAc,CAC1Blc,EAAOyI,KACPorE,IAAiBn0E,gBACTqZ,GAAKmG,WAAWlf,EAAO0mF,WAAW7/E,KAAIm1C,GAAOA,EAAI61B,WAAU,MAKvE,OADA7xE,EAAOyI,WAAa8sF,GAAcv1F,EAAOyI,KAAMyP,EAAQ69D,WAAY70B,GAC5DlhD,EACP,MAAOggD,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,qBAvMOtgD,gBAA0ByY,WAAEA,EAAUijE,WAAEA,SAAY/3D,KAAWs3G,IAC1BvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMu3G,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAAKoY,EAAW8xE,YACd,MAAUtoF,MAAM,+BAElB,MAAMu5H,EAAmB/iH,EAAWjY,OAAM,GACpCi7H,EAAcpiH,GAAKha,QAAQq8E,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANM58E,QAAQ+H,IAAI20H,EAAiB3wC,UAAU1jF,KAAI0O,GAE/CwD,GAAKmG,WAAWi8G,EAAYt0H,KAAIu0E,GAAc7lE,EAAI4mE,UAAU5qD,QAAQ6pD,eAGhE8/C,EAAiBh3E,SAAS7gC,GACzB63G,EACP,MAAOl7E,GAEP,MADAk7E,EAAiB98C,qBACXrlE,GAAK8F,UAAU,+BAAgCmhC,GAEzD,6BAyYOtgD,gBAAkCwY,QAAEA,EAAO84E,eAAEA,EAAcC,UAAEA,EAAS/f,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWs3G,IAG3G,GAF0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa98E,GAAU84E,EAAiBzqD,GAAQyqD,GAAiBC,EAAY1qD,GAAQ0qD,GACjF0pC,EAAKlsC,YAAa,MAAU9sF,MAAM,4GACtC,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAEE,aAD0BmY,EAAQk5E,mBAAmBJ,EAAgBC,EAAW/f,EAAM7tD,GAEtF,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,gCAAiCmhC,GAE1D,kBA9UOtgD,gBAAuBwY,QAAEA,EAAOw6E,eAAEA,EAAc1I,YAAEA,EAAWiH,UAAEA,EAAS5W,WAAEA,EAAUn5B,OAAEA,EAAS,UAASxtC,UAAEA,EAAY,KAAIs/E,SAAEA,GAAW,EAAKU,cAAEA,EAAgB,GAAET,iBAAEA,EAAmB,GAAE/hB,KAAEA,EAAO,IAAI33D,KAAM6hH,eAAEA,EAAiB,GAAEC,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,UAAIj4G,KAAWs3G,IAKlS,GAJ0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa98E,GAAUg9E,GAAyBh0C,GAChDwxC,EAAiBnsD,GAAQmsD,GAAiB1I,EAAczjD,GAAQyjD,GAAciH,EAAY1qD,GAAQ0qD,GAClGyC,EAAgBntD,GAAQmtD,GAAgBT,EAAmB1sD,GAAQ0sD,GAAmBmoC,EAAiB70F,GAAQ60F,GAAiBC,EAAoB90F,GAAQ80F,GAAoBC,EAAqB/0F,GAAQ+0F,GACzMX,EAAK5+E,SACP,MAAUp6C,MAAM,+JAElB,GAAIg5H,EAAKM,WAAY,MAAUt5H,MAAM,gGACrC,GAAIg5H,EAAKlsC,YAAa,MAAU9sF,MAAM,8FACtC,QAAmBnC,IAAfm7H,EAAK7iH,MAAqB,MAAUnW,MAAM,oFAC9C,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAE3HiqF,IACHA,EAAc,IAEhB,MAAMwL,EAAYt9E,EAAQ69D,WAC1B,IASE,IARIiU,EAAYrqF,QAAU+T,KACxBwE,QAAgBA,EAAQwjC,KAAKsuC,EAAat2E,EAAWggF,EAAexiB,EAAMkqD,EAAgBE,EAAoBj4G,IAEhHnL,EAAUA,EAAQi/D,eACV2Q,GAAiB,cAAe4K,EAAgBxhB,EAAMmqD,EAAmBh4G,GAC/EA,GAEFnL,QAAgBA,EAAQoZ,QAAQohE,EAAgBzB,EAAW5W,EAAY2Y,EAAUC,EAAkB/hB,EAAMmqD,EAAmBh4G,GAC7G,WAAX69B,EAAqB,OAAOhpC,EAEhC,MAAMJ,EAAmB,YAAXopC,EAEd,OAAOq0C,GADMz9E,EAAQI,EAAQJ,MAAMuL,GAAUnL,EAAQ7X,QAC1Bm1F,EAAW19E,EAAQ,OAAS,UACvD,MAAOkoC,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,qBA7FOtgD,gBAA0ByY,WAAEA,EAAUijE,WAAEA,SAAY/3D,KAAWs3G,IAC1BvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMu3G,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAAKoY,EAAW8xE,YACd,MAAUtoF,MAAM,+BAElB,MAAMu5H,EAAmB/iH,EAAWjY,OAAM,GAEpC6xB,EAAOmpG,EAAiB3wC,UACxB4wC,EAAcpiH,GAAKha,QAAQq8E,GAAcA,EAAiBh9E,MAAM2zB,EAAKpyB,QAAQ++C,KAAK08B,GACxF,GAAI+/C,EAAYx7H,SAAWoyB,EAAKpyB,OAC9B,MAAUgC,MAAM,0DAGlB,IAME,aALMnD,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,MAAO6V,EAAK7T,KACrC,MAAMy6E,UAAEA,GAAc5mE,QAChB4mE,EAAU7qD,QAAQ6pG,EAAYz5H,GAAI2hB,GACxC84D,EAAUiC,oBAAoB,KAEzB88C,EACP,MAAOl7E,GAEP,MADAk7E,EAAiB98C,qBACXrlE,GAAK8F,UAAU,+BAAgCmhC,GAEzD,4BAiUOtgD,gBAAiC+I,KAAEA,EAAIggD,UAAEA,EAASwwB,cAAEA,EAAayZ,eAAEA,EAAczB,UAAEA,EAAS/vC,OAAEA,EAAS,UAAS8xC,SAAEA,GAAW,EAAKC,iBAAEA,EAAmB,GAAE/hB,KAAEA,EAAO,IAAI33D,KAAM8hH,kBAAEA,EAAoB,UAAIh4G,KAAWs3G,IAItN,GAH0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAgElC,SAAqB5a,EAAMoB,GACzB,IAAKkP,GAAK1X,aAAaoH,GACrB,MAAU9G,MAAM,eAAiBkI,GAAQ,QAAU,+BAEvD,CAnEE0xH,CAAY9yH,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAKkP,GAAKC,SAASvQ,GACjB,MAAU9G,MAAM,eAAiBkI,GAAQ,QAAU,2BAEvD,CA9DqB2xH,CAAY/yE,EAAW,aAAcysC,GAAyBh0C,GACjFwxC,EAAiBnsD,GAAQmsD,GAAiBzB,EAAY1qD,GAAQ0qD,GAAYgC,EAAmB1sD,GAAQ0sD,GAAmBooC,EAAoB90F,GAAQ80F,GAChJV,EAAKM,WAAY,MAAUt5H,MAAM,0GACrC,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,KAAM2yF,GAA4C,IAA1BA,EAAe/yF,QAAmBsxF,GAAkC,IAArBA,EAAUtxF,QAC/E,MAAUgC,MAAM,6CAGlB,IAEE,OAAOk0F,SADelF,GAAQuC,kBAAkBzqF,EAAMggD,EAAWwwB,EAAeyZ,EAAgBzB,EAAW+B,EAAUC,EAAkB/hB,EAAMmqD,EAAmBh4G,GACnI69B,EAAQ79B,GACrC,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,+BAAgCmhC,GAEzD,uCAlgBOtgD,gBAA2BqoF,QAAEA,EAAU,GAAE3M,WAAEA,EAAUziE,KAAEA,EAAO,MAAK4tE,QAAEA,EAAU,KAAIp3E,MAAEA,EAAQ,aAAYgH,kBAAEA,EAAoB,EAAC+6D,KAAEA,EAAO,IAAI33D,KAAMkzE,QAAEA,EAAU,CAAC,IAAGvrC,OAAEA,EAAS,iBAAW79B,KAAWs3G,IAC/JvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC0kE,EAAUxhD,GAAQwhD,GAClB,MAAM6yC,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAuB,IAAnBgoF,EAAQpoF,OACV,MAAUgC,MAAM,2CAElB,GAAa,QAATgX,GAAkB4tE,EAAUljE,EAAO5B,WACrC,MAAU9f,MAAM,8BAA8B0hB,EAAO5B,oBAAoB8kE,KAG3E,MAAM/iF,EAAU,CAAEukF,UAAS3M,aAAYziE,OAAM4tE,UAASp3E,QAAOgH,oBAAmB+6D,OAAMub,WAEtF,IACE,MAAMl3E,IAAEA,EAAGi5E,sBAAEA,SHaV9uF,eAAwB8D,EAAS6f,GACtC7f,EAAQk4C,MAAO,GACfl4C,EAAUisF,GAA0BjsF,IAC5BipF,QAAUjpF,EAAQipF,QAAQ5lF,KAAI,CAACugF,EAAQ/oE,IAAUoxE,GAA0BjsF,EAAQipF,QAAQpuE,GAAQ7a,KAC3G,IAAI2b,EAAW,CAACs8G,GAAyBj4H,EAAS6f,IAClDlE,EAAWA,EAASha,OAAO3B,EAAQipF,QAAQ5lF,KAAIrD,GAAWksF,GAA4BlsF,EAAS6f,MAC/F,MAAMwyD,QAAgBr3E,QAAQ+H,IAAI4Y,GAE5B5J,QAAYw6E,GAAcla,EAAQ,GAAIA,EAAQ51E,MAAM,GAAIuD,EAAS6f,GACjEmrE,QAA8Bj5E,EAAImmH,yBAAyBl4H,EAAQ0tE,KAAM7tD,GAE/E,OADA9N,EAAIs0E,qBAAuB,GACpB,CAAEt0E,MAAKi5E,wBAChB,CGzBiDz/B,CAASvrD,EAAS6f,GAG/D,OAFA9N,EAAIg1E,UAAU1oF,SAAQ,EAAGs6E,eAAgBmN,GAAqBnN,EAAW94D,KAElE,CACLlL,WAAY09E,GAAatgF,EAAK2rC,EAAQ79B,GACtCxS,UAAWglF,GAAatgF,EAAIw5E,WAAY7tC,EAAQ79B,GAChDmrE,yBAEF,MAAOxuC,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,6BAsbOtgD,gBAAkCgzF,eAAEA,EAAcxhB,KAAEA,EAAO,IAAI33D,KAAM8hH,kBAAEA,EAAoB,UAAIh4G,KAAWs3G,IAG/G,GAF0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChCqvE,EAAiBnsD,GAAQmsD,GAAiB2oC,EAAoB90F,GAAQ80F,GAClEV,EAAKM,WAAY,MAAUt5H,MAAM,2GACrC,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAEE,aAD0B4wF,GAAQ9U,mBAAmB6W,EAAgBxhB,EAAMmqD,EAAmBh4G,GAE9F,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,+BAAgCmhC,GAEzD,+BD5YOtgD,gBAAoCi8H,iBAAEA,SAAkBt4G,KAAWs3G,IAExE,GADAt3G,EAAS,IAAKsB,MAAkBtB,IAC3Bs4G,EACH,MAAUh6H,MAAM,gFAElB,IAAKoX,GAAKC,SAAS2iH,GACjB,MAAUh6H,MAAM,mEAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,MAAMlB,QAAc6lB,GAAQi3G,GAC5B,GAAI98H,EAAM8Z,OAASgH,GAAM7H,MAAMG,OAC7B,MAAUtW,MAAM,gCAElB,MAAMykF,QAAmBxQ,GAAW2B,WAAW14E,EAAM4J,KAAMitE,GAAgBryD,IAY7E,SAAuBe,EAASgiE,GAC9B,MAAMw1C,EAAiB,SAASC,GAC9B,MAAM3zD,EAAQ10D,GAAU46B,GAAQ56B,EAAOy+D,gBAAkB7jC,EAEzD,IAAK,IAAI1sC,EAAI,EAAGA,EAAI0kF,EAAWzmF,OAAQ+B,IACrC,GAAI0kF,EAAW1kF,GAAGrD,YAAY4gB,MAAQU,GAAMnM,OAAOE,YAAcmoH,EAAUj1H,KAAKshE,EAAMke,EAAW1kF,KAC/F,OAAO,EAGX,OAAO,GAGT,IAAIo6H,EAAY,KACZD,EAAY,GAoBhB,GAnBAz3G,EAAQviB,SAAQ,SAASohB,GAEvB,GADA64G,EAAY74G,EAAOC,MAAM,iBACrB44G,EAaF,MAAUn6H,MAAM,0DAZhBm6H,EAAYA,EAAU,GAAGt7G,QAAQ,MAAO,IACxCs7G,EAAYA,EAAUn9G,MAAM,KAC5Bm9G,EAAYA,EAAUj1H,KAAI,SAAS8L,GACjCA,EAAOA,EAAKo0E,cACZ,IACE,OAAOpnE,GAAMtf,MAAMsf,GAAMhN,KAAMA,GAC/B,MAAO3P,GACP,MAAUrB,MAAM,2CAA6CgR,OAGjEkpH,EAAYA,EAAU12H,OAAO22H,OAM5BD,EAAUl8H,SAAWi8H,EAAe,CAACj8G,GAAMhN,KAAKC,MACnD,MAAUjR,MAAM,qFACX,GAAIk6H,EAAUl8H,SAAWi8H,EAAeC,GAC7C,MAAUl6H,MAAM,wDAEpB,CAjDEwiB,CAActlB,EAAMulB,QAASgiE,GAC7B,MAAM1yE,EAAY,IAAIyyE,GAAUC,GAChC,OAAO,IAAIwO,GAAiB/1F,EAAM+V,KAAMlB,EAC1C,kBF+IOhU,gBAAuBq8H,WAAEA,EAAUC,UAAEA,SAAW34G,KAAWs3G,IAEhE,GADAt3G,EAAS,IAAKsB,MAAkBtB,IAC3B04G,IAAeC,EAClB,MAAUr6H,MAAM,4EAElB,GAAIo6H,IAAehjH,GAAKC,SAAS+iH,GAC/B,MAAUp6H,MAAM,gDAElB,GAAIq6H,IAAcjjH,GAAK1X,aAAa26H,GAClC,MAAUr6H,MAAM,mDAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAAIlB,EACJ,GAAIk9H,EAAY,CACd,MAAMpjH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQq3G,EAAY14G,GACjD,GAAM1K,IAASgH,GAAM7H,MAAMjH,WAAa8H,IAASgH,GAAM7H,MAAMK,WAC3D,MAAUxW,MAAM,gCAElB9C,EAAQ4J,OAER5J,EAAQm9H,EAGV,OAAOlsC,SADkBla,GAAW2B,WAAW14E,EAAOgxF,GAAmBxsE,GAE3E,mBAiDO3jB,gBAAwBu8H,YAAEA,EAAWC,WAAEA,SAAY74G,KAAWs3G,IACnEt3G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQo9H,GAAeC,EAC3B,IAAKr9H,EACH,MAAU8C,MAAM,+EAElB,GAAIs6H,IAAgBljH,GAAKC,SAASijH,GAChC,MAAUt6H,MAAM,kDAElB,GAAIu6H,IAAenjH,GAAK1X,aAAa66H,GACnC,MAAUv6H,MAAM,qDAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAIk8H,EAAa,CACf,MAAMtjH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQu3G,EAAa54G,GAClD,GAAI1K,IAASgH,GAAM7H,MAAMjH,WAAa8H,IAASgH,GAAM7H,MAAMK,WACzD,MAAUxW,MAAM,gCAElB9C,EAAQ4J,EAEV,MAAMspB,EAAO,GACPq0D,QAAmBxQ,GAAW2B,WAAW14E,EAAOgxF,GAAmBxsE,GACnE84G,EAAW/1C,EAAWvP,WAAWl3D,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAOK,WAC5E,GAAwB,IAApBsoH,EAASx8H,OACX,MAAUgC,MAAM,uBAElB,IAAK,IAAID,EAAI,EAAGA,EAAIy6H,EAASx8H,OAAQ+B,IAAK,CACxC,MACM06H,EAAStsC,GADI1J,EAAWnmF,MAAMk8H,EAASz6H,GAAIy6H,EAASz6H,EAAI,KAE9DqwB,EAAK3xB,KAAKg8H,GAEZ,OAAOrqG,CACT,sBC6cOryB,gBAA2B28H,eAAEA,EAAcC,cAAEA,SAAej5G,KAAWs3G,IAC5Et3G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQw9H,GAAkBC,EAC9B,IAAKz9H,EACH,MAAU8C,MAAM,wFAElB,GAAI06H,IAAmBtjH,GAAKC,SAASqjH,KAAoBtjH,GAAK9X,SAASo7H,GACrE,MAAU16H,MAAM,kEAElB,GAAI26H,IAAkBvjH,GAAK1X,aAAai7H,KAAmBvjH,GAAK9X,SAASq7H,GACvE,MAAU36H,MAAM,qEAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,MAAMwE,EAAawU,GAAK9X,SAASpC,GAKjC,GAJI0F,UACIs2H,IACNh8H,EAAQi8H,EAAgBj8H,IAEtBw9H,EAAgB,CAClB,MAAM1jH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ7lB,EAAOwkB,GAC5C,GAAI1K,IAASgH,GAAM7H,MAAMI,QACvB,MAAUvW,MAAM,oCAElB9C,EAAQ4J,EAEV,MAAM29E,QAAmBxQ,GAAW2B,WAAW14E,EAAO2xF,GAAuBntE,GACvEnL,EAAU,IAAIy4E,GAAQvK,GAE5B,OADAluE,EAAQ69D,WAAaxxE,EACd2T,CACT,yBDjjBOxY,gBAA8Bq8H,WAAEA,EAAUC,UAAEA,SAAW34G,KAAWs3G,IAEvE,GADAt3G,EAAS,IAAKsB,MAAkBtB,IAC3B04G,IAAeC,EAClB,MAAUr6H,MAAM,mFAElB,GAAIo6H,IAAehjH,GAAKC,SAAS+iH,GAC/B,MAAUp6H,MAAM,uDAElB,GAAIq6H,IAAcjjH,GAAK1X,aAAa26H,GAClC,MAAUr6H,MAAM,0DAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IAAIlB,EACJ,GAAIk9H,EAAY,CACd,MAAMpjH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQq3G,EAAY14G,GACjD,GAAM1K,IAASgH,GAAM7H,MAAMK,WACzB,MAAUxW,MAAM,wCAElB9C,EAAQ4J,OAER5J,EAAQm9H,EAEV,MAAM51C,QAAmBxQ,GAAW2B,WAAW14E,EAAOgxF,GAAmBxsE,GACzE,OAAO,IAAI2rE,GAAW5I,EACxB,0BAyDO1mF,gBAA+Bu8H,YAAEA,EAAWC,WAAEA,SAAY74G,IAC/DA,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQo9H,GAAeC,EAC3B,IAAKr9H,EACH,MAAU8C,MAAM,sFAElB,GAAIs6H,IAAgBljH,GAAKC,SAASijH,GAChC,MAAUt6H,MAAM,yDAElB,GAAIu6H,IAAenjH,GAAK1X,aAAa66H,GACnC,MAAUv6H,MAAM,4DAElB,GAAIs6H,EAAa,CACf,MAAMtjH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQu3G,EAAa54G,GAClD,GAAI1K,IAASgH,GAAM7H,MAAMK,WACvB,MAAUxW,MAAM,wCAElB9C,EAAQ4J,EAEV,MAAMspB,EAAO,GACPq0D,QAAmBxQ,GAAW2B,WAAW14E,EAAOgxF,GAAmBxsE,GACnE84G,EAAW/1C,EAAWvP,WAAWl3D,GAAMnM,OAAOK,WACpD,GAAwB,IAApBsoH,EAASx8H,OACX,MAAUgC,MAAM,8BAElB,IAAK,IAAID,EAAI,EAAGA,EAAIy6H,EAASx8H,OAAQ+B,IAAK,CACxC,MAAM66H,EAAan2C,EAAWnmF,MAAMk8H,EAASz6H,GAAIy6H,EAASz6H,EAAI,IACxD06H,EAAS,IAAIptC,GAAWutC,GAC9BxqG,EAAK3xB,KAAKg8H,GAEZ,OAAOrqG,CACT,wBPrXOryB,gBAA6B88H,iBAAEA,EAAgBC,gBAAEA,SAAiBp5G,KAAWs3G,IAClFt3G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQ29H,GAAoBC,EAChC,IAAK59H,EACH,MAAU8C,MAAM,8FAElB,GAAI66H,IAAqBzjH,GAAKC,SAASwjH,GACrC,MAAU76H,MAAM,4DAElB,GAAI86H,IAAoB1jH,GAAK1X,aAAao7H,GACxC,MAAU96H,MAAM,+DAElB,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAIy8H,EAAkB,CACpB,MAAM7jH,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ7lB,EAAOwkB,GAC5C,GAAI1K,IAASgH,GAAM7H,MAAMpE,UACvB,MAAU/R,MAAM,sCAElB9C,EAAQ4J,EAEV,MAAM29E,QAAmBxQ,GAAW2B,WAAW14E,EAAO62E,GAAgBryD,GACtE,OAAO,IAAI8iE,GAAUC,EACvB,sBUGO1mF,gBAA2ByY,WAAEA,EAAU4vE,QAAEA,EAAU,GAAE3M,WAAEA,EAAUjlE,kBAAEA,EAAoB,EAAC+6D,KAAEA,EAAIhwB,OAAEA,EAAS,iBAAW79B,KAAWs3G,IAC1FvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC0kE,EAAUxhD,GAAQwhD,GAClB,MAAM6yC,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAuB,IAAnBgoF,EAAQpoF,OACV,MAAUgC,MAAM,yCAElB,MAAM6B,EAAU,CAAE2U,aAAY4vE,UAAS3M,aAAYjlE,oBAAmB+6D,QAEtE,IACE,MAAQ37D,IAAKmnH,EAAcluC,sBAAEA,SHE1B9uF,eAAwB8D,EAAS6f,GACtC7f,EAAUm5H,EAASn5H,GACnB,MAAM2U,WAAEA,GAAe3U,EAEvB,IAAK2U,EAAW8xE,YACd,MAAUtoF,MAAM,gCAGlB,GAAIwW,EAAWgkE,UAAU8B,UACvB,MAAUt8E,MAAM,2CAIlB,IADoBwW,EAAWoyE,UAAUltC,OAAM,EAAG8+B,eAAgBA,EAAUI,gBAE1E,MAAU56E,MAAM,wBAGlB,MAAMu6E,EAAkB/jE,EAAWgkE,UAE9B34E,EAAQipF,UACXjpF,EAAQipF,cAAgBjuF,QAAQ+H,IAAI4R,EAAWs0E,QAAQ5lF,KAAInH,UACzD,MAAMy9E,EAAqBiK,EAAOjL,UAC5BwK,EAAe,CAAEpxE,IAAK2mE,EAAiB93E,KAAM+4E,GAC7CmO,QACJC,GAA+BnE,EAAOgE,kBAAmBlP,EAAiBv8D,GAAMjM,UAAU2B,cAAesxE,EAAc,KAAMtjE,GAC7H1kB,OAAM,MAAS,KACjB,MAAO,CACL+8C,KAAM4vC,EAAiBv0E,UAAau0E,EAAiBv0E,SAAS,GAAK4I,GAAM5I,SAASS,SACnF,MAIL,MAAMw4E,EAAsB73E,EAAWs0E,QAAQ5lF,KAAIugF,GAAUA,EAAOjL,YACpE,GAAI34E,EAAQipF,QAAQ9sF,SAAWqwF,EAAoBrwF,OACjD,MAAUgC,MAAM,6DAGlB6B,EAAQipF,QAAUjpF,EAAQipF,QAAQ5lF,KAAIypF,GAAiBqsC,EAASrsC,EAAe9sF,KAE/E,MAAM+R,QAAYw6E,GAAc7T,EAAiB8T,EAAqBxsF,EAAS6f,GACzEmrE,QAA8Bj5E,EAAImmH,yBAAyBl4H,EAAQ0tE,KAAM7tD,GAE/E,OADA9N,EAAIs0E,qBAAuB,GACpB,CAAEt0E,MAAKi5E,yBAEd,SAASmuC,EAASn5H,EAAS0lF,EAAiB,IAK1C,OAJA1lF,EAAQ2S,kBAAoB3S,EAAQ2S,mBAAqB+yE,EAAe/yE,kBACxE3S,EAAQ43E,WAAariE,GAAKC,SAASxV,EAAQ43E,YAAc53E,EAAQ43E,WAAa8N,EAAe9N,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQgY,EAAehY,KAEvC1tE,EAEX,CGrDiEo5H,CAASp5H,EAAS6f,GAE/E,MAAO,CACLlL,WAAY09E,GAAa6mC,EAAgBx7E,EAAQ79B,GACjDxS,UAAWglF,GAAa6mC,EAAe3tC,WAAY7tC,EAAQ79B,GAC3DmrE,yBAEF,MAAOxuC,GACP,MAAMjnC,GAAK8F,UAAU,6BAA8BmhC,GAEvD,oBAoBOtgD,gBAAyB6V,IAAEA,EAAGi5E,sBAAEA,EAAqBv3E,oBAAEA,EAAmBi6D,KAAEA,EAAO,IAAI33D,KAAM2nC,OAAEA,EAAS,iBAAW79B,KAAWs3G,IACzFvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMu3G,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,IACE,MAAM88H,EAAaruC,QACXj5E,EAAIunH,2BAA2BtuC,EAAuBtd,EAAM7tD,SAC5D9N,EAAIwnH,OAAO9lH,EAAqBi6D,EAAM7tD,GAE9C,OAAOw5G,EAAW5yC,YAAc,CAC9B9xE,WAAY09E,GAAagnC,EAAY37E,EAAQ79B,GAC7CxS,UAAWglF,GAAagnC,EAAW9tC,WAAY7tC,EAAQ79B,IACrD,CACFlL,WAAY,KACZtH,UAAWglF,GAAagnC,EAAY37E,EAAQ79B,IAE9C,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,qBAAsBmhC,GAE/C,eA6OOtgD,gBAAoBwY,QAAEA,EAAO8xE,YAAEA,EAAW9oC,OAAEA,EAAS,UAASnF,SAAEA,GAAW,EAAK23C,cAAEA,EAAgB,GAAExiB,KAAEA,EAAO,IAAI33D,KAAM6hH,eAAEA,EAAiB,GAAEE,mBAAEA,EAAqB,UAAIj4G,KAAWs3G,IAKvL,GAJ0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC4xE,GAAwB/8E,GAAUg9E,GAAyBh0C,GAC3D8oC,EAAczjD,GAAQyjD,GAAc0J,EAAgBntD,GAAQmtD,GAAgB0nC,EAAiB70F,GAAQ60F,GAAiBE,EAAqB/0F,GAAQ+0F,GAE/IX,EAAKlsC,YAAa,MAAU9sF,MAAM,2FACtC,QAAmBnC,IAAfm7H,EAAK7iH,MAAqB,MAAUnW,MAAM,iFAC9C,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAImY,aAAmB08E,IAA+B,WAAX1zC,EAAqB,MAAUv/C,MAAM,2DAChF,GAAIuW,aAAmB08E,IAAoB74C,EAAU,MAAUp6C,MAAM,0CAErE,IAAKqoF,GAAsC,IAAvBA,EAAYrqF,OAC9B,MAAUgC,MAAM,4BAGlB,IACE,IAAI+R,EAMJ,GAJEA,EADEqoC,QACgB7jC,EAAQ8kH,aAAahzC,OAAaxqF,EAAWk0F,EAAexiB,EAAMkqD,EAAgBE,EAAoBj4G,SAEtGnL,EAAQwjC,KAAKsuC,OAAaxqF,EAAWk0F,EAAexiB,EAAMkqD,EAAgBE,EAAoBj4G,GAEnG,WAAX69B,EAAqB,OAAOxtC,EAEhC,MAAMoE,EAAmB,YAAXopC,EAUd,OATAxtC,EAAYoE,EAAQpE,EAAUoE,MAAMuL,GAAU3P,EAAUrT,QACpD07C,IACFroC,EAAYwR,EAAqBhN,EAAQ29D,QAAQx1E,SAASX,MAAOyH,EAAUC,WACnE5I,QAAQ+H,IAAI,CAChBkf,EAAY/R,EAAWtM,GACvBme,GAAiBpe,GAAUxI,OAAM,UACjC,KAGC42F,GAAc7hF,EAAWwE,EAAQ69D,WAAYj+D,EAAQ,OAAS,UACrE,MAAOkoC,GACP,MAAMjnC,GAAK8F,UAAU,wBAAyBmhC,GAElD,oCA8BOtgD,gBAAsBwY,QAAEA,EAAOmyE,iBAAEA,EAAgB2wC,aAAEA,GAAe,EAAK95E,OAAEA,EAAS,OAAMxtC,UAAEA,EAAY,KAAIw9D,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWs3G,IAG/I,GAF0CvlC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC4xE,GAAwB/8E,GAAUmyE,EAAmB9jD,GAAQ8jD,GACzDswC,EAAKM,WAAY,MAAUt5H,MAAM,iGACrC,MAAMi5H,EAAiBlxH,OAAOqoB,KAAK4oG,GAAO,GAAIC,EAAej7H,OAAS,EAAG,MAAUgC,MAAM,mBAAmBi5H,EAAe76H,KAAK,OAEhI,GAAImY,aAAmB08E,IAA+B,WAAX1zC,EAAqB,MAAUv/C,MAAM,iDAChF,GAAIuW,aAAmB08E,IAAoBlhF,EAAW,MAAU/R,MAAM,6CAEtE,IACE,MAAM3B,EAAS,GAQf,GANEA,EAAO0mF,WADLhzE,QACwBwE,EAAQo8E,eAAe5gF,EAAW22E,EAAkBnZ,EAAM7tD,SAE1DnL,EAAQ+jC,OAAOouC,EAAkBnZ,EAAM7tD,GAEnErjB,EAAOyI,KAAkB,WAAXy4C,EAAsBhpC,EAAQu6E,iBAAmBv6E,EAAQm5D,UACnEn5D,EAAQ69D,aAAeriE,GAAWkiF,GAAY51F,EAAQkY,GACtD8iH,EAAc,CAChB,GAAiC,IAA7Bh7H,EAAO0mF,WAAW/mF,OACpB,MAAUgC,MAAM,yBAElB3B,EAAOyI,KAAOyT,EAAc,CAC1Blc,EAAOyI,KACPorE,IAAiBn0E,gBACTqZ,GAAKmG,WAAWlf,EAAO0mF,WAAW7/E,KAAIm1C,GAAOA,EAAI61B,WAAU,MAKvE,OADA7xE,EAAOyI,WAAa8sF,GAAcv1F,EAAOyI,KAAMyP,EAAQ69D,WAAY70B,GAC5DlhD,EACP,MAAOggD,GACP,MAAMjnC,GAAK8F,UAAU,iCAAkCmhC,GAE3D"} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.mjs b/app/node_modules/openpgp/dist/node/openpgp.min.mjs index 0588c5434..a0f30cda7 100644 --- a/app/node_modules/openpgp/dist/node/openpgp.min.mjs +++ b/app/node_modules/openpgp/dist/node/openpgp.min.mjs @@ -1,17 +1,16 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};import t from"buffer";import r from"stream";import i from"crypto";import n from"zlib";import a from"os";import s from"util";import o from"asn1.js";const c=Symbol("doneWritingPromise"),u=Symbol("doneWritingResolve"),h=Symbol("doneWritingReject"),d=Symbol("readingIndex");class f extends Array{constructor(){super(),this[c]=new Promise(((e,t)=>{this[u]=e,this[h]=t})),this[c].catch((()=>{}))}}function l(e){return e&&e.getReader&&Array.isArray(e)}function p(e){if(!l(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}f.prototype.getReader=function(){return void 0===this[d]&&(this[d]=0),{read:async()=>(await this[c],this[d]===this.length?{value:void 0,done:!0}:{value:this[this[d]++],done:!1})}},f.prototype.readToEnd=async function(e){await this[c];const t=e(this.slice(this[d]));return this.length=0,t},f.prototype.clone=function(){const e=new f;return e[c]=this[c].then((()=>{e.push(...this)})),e},p.prototype.write=async function(e){this.stream.push(e)},p.prototype.close=async function(){this.stream[u]()},p.prototype.abort=async function(e){return this.stream[h](e),e},p.prototype.releaseLock=function(){};const y="object"==typeof e.process&&"object"==typeof e.process.versions,b=y&&r.Readable;function m(t){return l(t)?"array":e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t)?"web":K&&K.prototype.isPrototypeOf(t)?"ponyfill":b&&b.prototype.isPrototypeOf(t)?"node":!(!t||!t.getReader)&&"web-like"}function g(e){return Uint8Array.prototype.isPrototypeOf(e)}function w(e){if(1===e.length)return e[0];let t=0;for(let r=0;r{t||(v.isBuffer(i)&&(i=new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r.enqueue(i),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends _{constructor(e,t){super(t),this._reader=z(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t))break}}catch(e){this.destroy(e)}}async _destroy(e,t){this._reader.cancel(e).then(t,t)}}A=function(t,r){return new e(t,r)}}const S=new WeakSet,E=Symbol("externalBuffer");function P(e){if(this.stream=e,e[E]&&(this[E]=e[E].slice()),l(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=async()=>{})}let t=m(e);if("node"===t&&(e=k(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||S.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{S.add(e)}catch(e){}}}P.prototype.read=async function(){if(this[E]&&this[E].length){return{done:!1,value:this[E].shift()}}return this._read()},P.prototype.releaseLock=function(){this[E]&&(this.stream[E]=this[E]),this._releaseLock()},P.prototype.cancel=function(e){return this._cancel(e)},P.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?T(t):void 0;const n=i.indexOf("\n")+1;n&&(e=T(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},P.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift($(t,1)),r},P.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?T(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=T(t);return this.unshift($(r,e)),$(r,0,e)}}},P.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},P.prototype.unshift=function(...e){this[E]||(this[E]=[]),1===e.length&&g(e[0])&&this[E].length&&e[0].length&&this[E][0].byteOffset>=e[0].length?this[E][0]=new Uint8Array(this[E][0].buffer,this[E][0].byteOffset-e[0].length,this[E][0].byteLength+e[0].length):this[E].unshift(...e.filter((e=>e&&e.length)))},P.prototype.readToEnd=async function(e=T){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};let x,M,{ReadableStream:K,WritableStream:C,TransformStream:D}=e;async function U(){if(D)return;const[t,r]=await Promise.all([Promise.resolve().then((function(){return Wp})),Promise.resolve().then((function(){return fy}))]);({ReadableStream:K,WritableStream:C,TransformStream:D}=t);const{createReadableStreamWrapper:i}=r;e.ReadableStream&&K!==e.ReadableStream&&(x=i(K),M=i(e.ReadableStream))}const R=y&&t.Buffer;function I(e){let t=m(e);return"node"===t?k(e):"web"===t&&x?x(e):t?e:new K({start(t){t.enqueue(e),t.close()}})}function B(e){if(m(e))return e;const t=new f;return(async()=>{const r=q(t);await r.write(e),await r.close()})(),t}function T(e){return e.some((e=>m(e)&&!l(e)))?function(e){e=e.map(I);const t=L((async function(e){await Promise.all(i.map((t=>X(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>j(i,((i,a)=>(r=r.then((()=>F(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>l(e)))?function(e){const t=new f;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>F(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):R&&R.isBuffer(e[0])?R.concat(e):w(e)}function z(e){return new P(e)}function q(e){return new p(e)}async function F(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(m(e)&&!l(e)){e=I(e);try{if(e[E]){const r=q(t);for(let t=0;t{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function N(e,t=(()=>{}),r=(()=>{})){if(l(e)){const i=new f;return(async()=>{const n=q(i);try{const i=await Z(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?T([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(m(e))return O(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?T([i,n]):void 0!==i?i:n}function j(e,t){if(m(e)&&!l(e)){let r;const i=new D({start(e){r=e}}),n=F(e,i.writable),a=L((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=B(e);const r=new f;return t(e,r),r}function H(e,t){let r;const i=j(e,((e,n)=>{const a=z(e);a.remainder=()=>(a.releaseLock(),F(e,n),i),r=t(a)}));return r}function W(e){if(l(e))return e.clone();if(m(e)){const t=function(e){if(l(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(m(e)){const t=I(e).tee();return t[0][E]=t[1][E]=e[E],t}return[$(e),$(e)]}(e);return V(e,t[0]),t[1]}return $(e)}function G(e){return l(e)?W(e):m(e)?new K({start(t){const r=j(e,(async(e,r)=>{const i=z(e),n=q(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));V(e,r)}}):$(e)}function V(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function $(e,t=0,r=1/0){if(l(e))throw Error("Not implemented");if(m(e)){if(t>=0&&r>=0){let i=0;return O(e,{transform(e,n){i=t&&n.enqueue($(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return N(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>$(T(i),t,r)))}if(0===t&&r<0){let i;return N(e,(e=>{const n=i?T([i,e]):e;if(n.length>=-r)return i=$(n,r),$(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),Y((async()=>$(await Z(e),t,r)))}return e[E]&&(e=T(e[E].concat([e]))),!g(e)||R&&R.isBuffer(e)?e.slice(t,r):(r===1/0&&(r=e.length),e.subarray(t,r))}async function Z(e,t=T){return l(e)?e.readToEnd(t):m(e)?z(e).readToEnd(t):e}async function X(e,t){if(m(e)){if(e.cancel)return e.cancel(t);if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function Y(e){const t=new f;return(async()=>{const r=q(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}class Q{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");if(e instanceof Uint8Array){const t=e,r=Array(t.length);for(let e=0;eBigInt(0);){const e=r&BigInt(1);r>>=BigInt(1);const a=n*i%t.value;n=e?a:n,i=i*i%t.value}return new Q(n)}modInv(e){const{gcd:t,x:r}=this._egcd(e);if(!t.isOne())throw Error("Inverse does not exist");return r.add(e).mod(e)}_egcd(e){let t=BigInt(0),r=BigInt(1),i=BigInt(1),n=BigInt(0),a=this.value;for(e=e.value;e!==BigInt(0);){const s=a/e;let o=t;t=i-s*t,i=o,o=r,r=n-s*r,n=o,o=e,e=a%e,a=o}return{x:new Q(i),y:new Q(n),gcd:new Q(a)}}gcd(e){let t=this.value;for(e=e.value;e!==BigInt(0);){const r=e;e=t%e,t=r}return new Q(t)}ileftShift(e){return this.value<<=e.value,this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value>>=e.value,this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value===e.value}lt(e){return this.valuee.value}gte(e){return this.value>=e.value}isZero(){return this.value===BigInt(0)}isOne(){return this.value===BigInt(1)}isNegative(){return this.valueNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return e}getBit(e){return(this.value>>BigInt(e)&BigInt(1))===BigInt(0)?0:1}bitLength(){const e=new Q(0),t=new Q(1),r=new Q(-1),i=this.isNegative()?r:e;let n=1;const a=this.clone();for(;!a.irightShift(t).equal(i);)n++;return n}byteLength(){const e=new Q(0),t=new Q(-1),r=this.isNegative()?t:e,i=new Q(8);let n=1;const a=this.clone();for(;!a.irightShift(i).equal(r);)n++;return n}toUint8Array(e="be",t){let r=this.value.toString(16);r.length%2==1&&(r="0"+r);const i=r.length/2,n=new Uint8Array(t||i),a=t?t-i:0;let s=0;for(;s"undefined"!=typeof BigInt;const ee=Symbol("byValue");var te={curve:{p256:"p256","P-256":"p256",secp256r1:"p256",prime256v1:"p256","1.2.840.10045.3.1.7":"p256","2a8648ce3d030107":"p256","2A8648CE3D030107":"p256",p384:"p384","P-384":"p384",secp384r1:"p384","1.3.132.0.34":"p384","2b81040022":"p384","2B81040022":"p384",p521:"p521","P-521":"p521",secp521r1:"p521","1.3.132.0.35":"p521","2b81040023":"p521","2B81040023":"p521",secp256k1:"secp256k1","1.3.132.0.10":"secp256k1","2b8104000a":"secp256k1","2B8104000A":"secp256k1",ed25519Legacy:"ed25519",ED25519:"ed25519",ed25519:"ed25519",Ed25519:"ed25519","1.3.6.1.4.1.11591.15.1":"ed25519","2b06010401da470f01":"ed25519","2B06010401DA470F01":"ed25519",curve25519Legacy:"curve25519",X25519:"curve25519",cv25519:"curve25519",curve25519:"curve25519",Curve25519:"curve25519","1.3.6.1.4.1.3029.1.5.1":"curve25519","2b060104019755010501":"curve25519","2B060104019755010501":"curve25519",brainpoolP256r1:"brainpoolP256r1","1.3.36.3.3.2.8.1.1.7":"brainpoolP256r1","2b2403030208010107":"brainpoolP256r1","2B2403030208010107":"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1","1.3.36.3.3.2.8.1.1.11":"brainpoolP384r1","2b240303020801010b":"brainpoolP384r1","2B240303020801010B":"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1","1.3.36.3.3.2.8.1.1.13":"brainpoolP512r1","2b240303020801010d":"brainpoolP512r1","2B240303020801010D":"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,ed25519Legacy:22,eddsa:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{plaintext:0,idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuer:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[ee]||(e[ee]=[],Object.entries(e).forEach((([t,r])=>{e[ee][r]=t}))),void 0!==e[ee][t])return e[ee][t];throw Error("Invalid enum value.")}};const re=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),ie={isString:function(e){return"string"==typeof e||e instanceof String},isArray:function(e){return e instanceof Array},isUint8Array:g,isStream:m,readNumber:function(e){let t=0;for(let r=0;r>8*(t-i-1)&255;return r},readDate:function(e){const t=ie.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return ie.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return e.subarray(2,2+t)},leftPad(e,t){const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=ie.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return ie.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t=[],r=e.length;let i,n=0;for(;n{if(!ie.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return N(e,r,(()=>r(new Uint8Array,!0)))},concat:T,concatUint8Array:w,equalsUint8Array:function(e,t){if(!ie.isUint8Array(e)||!ie.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){return void 0!==e&&e.crypto&&e.crypto.subtle},getBigInteger:async function(){if(J())return Q;{const{default:e}=await Promise.resolve().then((function(){return my}));return e}},getNodeCrypto:function(){return i},getNodeZlib:function(){return n},getNodeBuffer:function(){return(t||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return a.cpus().length},isEmailAddress:function(e){if(!ie.isString(e))return!1;return/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/.test(e)},canonicalizeEOL:function(e){let t=!1;return N(e,(e=>{let r;t&&(e=ie.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return N(e,(e=>{let r;13===(e=t&&10!==e[0]?ie.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i{t=ie.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=ae(t.subarray(0,n));for(let e=0;et.length?ae(t)+"\n":""))}function ce(e){let t="";return N(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=se(t.substr(0,n));return t=t.substr(n),a}),(()=>se(t)))}function ue(e){return ce(e.replace(/-/g,"+").replace(/_/g,"/"))}function he(e,t){let r=oe(e).replace(/[\r\n]/g,"");return t&&(r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,"")),r}ne?(ae=e=>ne.from(e).toString("base64"),se=e=>{const t=ne.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(ae=e=>btoa(ie.uint8ArrayToString(e)),se=e=>ie.stringToUint8Array(atob(e)));var de={preferredHashAlgorithm:te.hash.sha256,preferredSymmetricAlgorithm:te.symmetric.aes256,preferredCompressionAlgorithm:te.compression.uncompressed,deflateLevel:6,aeadProtect:!1,preferredAEADAlgorithm:te.aead.eax,aeadChunkSizeByte:12,v5Keys:!1,s2kIterationCountByte:224,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,checksumRequired:!1,minRSABits:2047,passwordCollisionCheck:!1,revocationsExpire:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([te.symmetric.aes128,te.symmetric.aes192,te.symmetric.aes256]),minBytesForWebCrypto:1e3,ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 5.11.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],useIndutnyElliptic:!0,rejectHashAlgorithms:new Set([te.hash.md5,te.hash.ripemd]),rejectMessageHashAlgorithms:new Set([te.hash.md5,te.hash.ripemd,te.hash.sha1]),rejectPublicKeyAlgorithms:new Set([te.publicKey.elgamal,te.publicKey.dsa]),rejectCurves:new Set([te.curve.secp256k1])};function fe(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?te.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?te.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?te.armor.signed:/MESSAGE/.test(t[1])?te.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?te.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?te.armor.privateKey:/SIGNATURE/.test(t[1])?te.armor.signature:void 0}function le(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function pe(e){return oe(function(e){let t=13501623;return N(e,(e=>{const r=be?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^ye[1][t>>16&255]^ye[2][t>>8&255]^ye[3][t>>0&255];for(let i=4*r;i>8^ye[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e))}const ye=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(0!=(8388608&t)?8801531:0);ye[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)ye[1][e]=ye[0][e]>>8^ye[0][255&ye[0][e]];for(let e=0;e<=255;e++)ye[2][e]=ye[1][e]>>8^ye[0][255&ye[1][e]];for(let e=0;e<=255;e++)ye[3][e]=ye[2][e]>>8^ye[0][255&ye[2][e]];const be=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function me(e){for(let t=0;t=0&&i!==e.length-1&&(t=e.slice(0,i),r=e.slice(i+1).substr(0,4)),{body:t,checksum:r}}function we(e,t=de){return new Promise((async(r,i)=>{try{const n=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const o=[];let c,u,h,d=o,f=[],l=ce(j(e,(async(e,t)=>{const p=z(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=ie.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(c)u||2!==s||(n.test(e)?(f=f.join("\r\n"),u=!0,me(d),d=[],c=!1):f.push(e.replace(/^- /,"")));else if(n.test(e)&&i(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(me(d),c=!0,u||2!==s){r({text:f,data:l,headers:o,type:s});break}}else d.push(e);else n.test(e)&&(s=fe(e))}}catch(e){return void i(e)}const y=q(t);try{for(;;){await y.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=ie.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=ge(t[0].slice(0,-1));h=i.checksum,await y.write(i.body);break}await y.write(r)}await y.ready,await y.close()}catch(e){await y.abort(e)}})));l=j(l,(async(e,r)=>{const i=Z(pe(G(e)));i.catch((()=>{})),await F(e,r,{preventClose:!0});const n=q(r);try{const e=(await i).replace("\n","");if(h!==e&&(h||t.checksumRequired))throw Error("Ascii armor integrity check failed");await n.ready,await n.close()}catch(e){await n.abort(e)}}))}catch(e){i(e)}})).then((async e=>(l(e.data)&&(e.data=await Z(e.data)),e)))}function ve(e,t,r,i,n,a=de){let s,o;e===te.armor.signed&&(s=t.text,o=t.hash,t=t.data);const c=G(t),u=[];switch(e){case te.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case te.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case te.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push("Hash: "+o+"\n\n"),u.push(s.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP SIGNATURE-----\n");break;case te.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP MESSAGE-----\n");break;case te.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case te.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case te.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(le(n,a)),u.push(oe(t)),u.push("=",pe(c)),u.push("-----END PGP SIGNATURE-----\n")}return ie.concat(u)}class _e{constructor(){this.bytes=""}read(e){return this.bytes=ie.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return ie.stringToUint8Array(this.bytes)}toHex(){return ie.uint8ArrayToHex(ie.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new _e;return t.read(ie.hexToUint8Array(e)),t}static wildcard(){const e=new _e;return e.read(new Uint8Array(8)),e}}var ke=function(){var e,t,r=!1;function i(r,i){var n=e[(t[r]+t[i])%255];return 0!==r&&0!==i||(n=0),n}var n,a,s,o,c=!1;function u(){function u(r){var i,n,a;for(n=a=function(r){var i=e[255-t[r]];return 0===r&&(i=0),i}(r),i=0;i<4;i++)a^=n=255&(n<<1|n>>>7);return a^=99}r||function(){e=[],t=[];var i,n,a=1;for(i=0;i<255;i++)e[i]=a,n=128&a,a<<=1,a&=255,128===n&&(a^=27),a^=e[i],t[e[i]]=i;e[255]=e[0],t[0]=0,r=!0}(),n=[],a=[],s=[[],[],[],[]],o=[[],[],[],[]];for(var h=0;h<256;h++){var d=u(h);n[h]=d,a[d]=h,s[0][h]=i(2,d)<<24|d<<16|d<<8|i(3,d),o[0][d]=i(14,h)<<24|i(9,h)<<16|i(13,h)<<8|i(11,h);for(var f=1;f<4;f++)s[f][h]=s[f-1][h]>>>8|s[f-1][h]<<24,o[f][d]=o[f-1][d]>>>8|o[f-1][d]<<24}c=!0}var h=function(e,t){c||u();var r=new Uint32Array(t);r.set(n,512),r.set(a,768);for(var i=0;i<4;i++)r.set(s[i],4096+1024*i>>2),r.set(o[i],8192+1024*i>>2);var h=function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0;var S=new e.Uint32Array(r),E=new e.Uint8Array(r);function P(e,t,r,o,c,u,h,d){e=e|0;t=t|0;r=r|0;o=o|0;c=c|0;u=u|0;h=h|0;d=d|0;var f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;f=r|0x400,l=r|0x800,p=r|0xc00;c=c^S[(e|0)>>2],u=u^S[(e|4)>>2],h=h^S[(e|8)>>2],d=d^S[(e|12)>>2];for(w=16;(w|0)<=o<<4;w=w+16|0){y=S[(r|c>>22&1020)>>2]^S[(f|u>>14&1020)>>2]^S[(l|h>>6&1020)>>2]^S[(p|d<<2&1020)>>2]^S[(e|w|0)>>2],b=S[(r|u>>22&1020)>>2]^S[(f|h>>14&1020)>>2]^S[(l|d>>6&1020)>>2]^S[(p|c<<2&1020)>>2]^S[(e|w|4)>>2],m=S[(r|h>>22&1020)>>2]^S[(f|d>>14&1020)>>2]^S[(l|c>>6&1020)>>2]^S[(p|u<<2&1020)>>2]^S[(e|w|8)>>2],g=S[(r|d>>22&1020)>>2]^S[(f|c>>14&1020)>>2]^S[(l|u>>6&1020)>>2]^S[(p|h<<2&1020)>>2]^S[(e|w|12)>>2];c=y,u=b,h=m,d=g}i=S[(t|c>>22&1020)>>2]<<24^S[(t|u>>14&1020)>>2]<<16^S[(t|h>>6&1020)>>2]<<8^S[(t|d<<2&1020)>>2]^S[(e|w|0)>>2],n=S[(t|u>>22&1020)>>2]<<24^S[(t|h>>14&1020)>>2]<<16^S[(t|d>>6&1020)>>2]<<8^S[(t|c<<2&1020)>>2]^S[(e|w|4)>>2],a=S[(t|h>>22&1020)>>2]<<24^S[(t|d>>14&1020)>>2]<<16^S[(t|c>>6&1020)>>2]<<8^S[(t|u<<2&1020)>>2]^S[(e|w|8)>>2],s=S[(t|d>>22&1020)>>2]<<24^S[(t|c>>14&1020)>>2]<<16^S[(t|u>>6&1020)>>2]<<8^S[(t|h<<2&1020)>>2]^S[(e|w|12)>>2]}function x(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;P(0x0000,0x0800,0x1000,A,e,t,r,i)}function M(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var a=0;P(0x0400,0x0c00,0x2000,A,e,i,r,t);a=n,n=s,s=a}function K(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o^e,c^t,u^r,h^d);o=i,c=n,u=a,h=s}function C(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;var f=0;P(0x0400,0x0c00,0x2000,A,e,d,r,t);f=n,n=s,s=f;i=i^o,n=n^c,a=a^u,s=s^h;o=e,c=t,u=r,h=d}function D(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i=i^e,c=n=n^t,u=a=a^r,h=s=s^d}function U(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);i=i^e,n=n^t,a=a^r,s=s^d;o=e,c=t,u=r,h=d}function R(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i,c=n,u=a,h=s;i=i^e,n=n^t,a=a^r,s=s^d}function I(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;P(0x0000,0x0800,0x1000,A,d,f,l,p);p=~g&p|g&p+1;l=~m&l|m&l+((p|0)==0);f=~b&f|b&f+((l|0)==0);d=~y&d|y&d+((f|0)==0);i=i^e;n=n^t;a=a^r;s=s^o}function B(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var n=0,a=0,s=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0;e=e^o,t=t^c,r=r^u,i=i^h;n=w|0,a=v|0,s=_|0,d=k|0;for(;(b|0)<128;b=b+1|0){if(n>>>31){f=f^e,l=l^t,p=p^r,y=y^i}n=n<<1|a>>>31,a=a<<1|s>>>31,s=s<<1|d>>>31,d=d<<1;m=i&1;i=i>>>1|r<<31,r=r>>>1|t<<31,t=t>>>1|e<<31,e=e>>>1;if(m)e=e^0xe1000000}o=f,c=l,u=p,h=y}function T(e){e=e|0;A=e}function z(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;i=e,n=t,a=r,s=o}function q(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;o=e,c=t,u=r,h=i}function F(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;d=e,f=t,l=r,p=i}function O(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;y=e,b=t,m=r,g=i}function L(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;p=~g&p|g&i,l=~m&l|m&r,f=~b&f|b&t,d=~y&d|y&e}function N(e){e=e|0;if(e&15)return-1;E[e|0]=i>>>24,E[e|1]=i>>>16&255,E[e|2]=i>>>8&255,E[e|3]=i&255,E[e|4]=n>>>24,E[e|5]=n>>>16&255,E[e|6]=n>>>8&255,E[e|7]=n&255,E[e|8]=a>>>24,E[e|9]=a>>>16&255,E[e|10]=a>>>8&255,E[e|11]=a&255,E[e|12]=s>>>24,E[e|13]=s>>>16&255,E[e|14]=s>>>8&255,E[e|15]=s&255;return 16}function j(e){e=e|0;if(e&15)return-1;E[e|0]=o>>>24,E[e|1]=o>>>16&255,E[e|2]=o>>>8&255,E[e|3]=o&255,E[e|4]=c>>>24,E[e|5]=c>>>16&255,E[e|6]=c>>>8&255,E[e|7]=c&255,E[e|8]=u>>>24,E[e|9]=u>>>16&255,E[e|10]=u>>>8&255,E[e|11]=u&255,E[e|12]=h>>>24,E[e|13]=h>>>16&255,E[e|14]=h>>>8&255,E[e|15]=h&255;return 16}function H(){x(0,0,0,0);w=i,v=n,_=a,k=s}function W(e,t,r){e=e|0;t=t|0;r=r|0;var o=0;if(t&15)return-1;while((r|0)>=16){V[e&7](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);E[t|0]=i>>>24,E[t|1]=i>>>16&255,E[t|2]=i>>>8&255,E[t|3]=i&255,E[t|4]=n>>>24,E[t|5]=n>>>16&255,E[t|6]=n>>>8&255,E[t|7]=n&255,E[t|8]=a>>>24,E[t|9]=a>>>16&255,E[t|10]=a>>>8&255,E[t|11]=a&255,E[t|12]=s>>>24,E[t|13]=s>>>16&255,E[t|14]=s>>>8&255,E[t|15]=s&255;o=o+16|0,t=t+16|0,r=r-16|0}return o|0}function G(e,t,r){e=e|0;t=t|0;r=r|0;var i=0;if(t&15)return-1;while((r|0)>=16){$[e&1](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);i=i+16|0,t=t+16|0,r=r-16|0}return i|0}var V=[x,M,K,C,D,U,R,I];var $=[K,B];return{set_rounds:T,set_state:z,set_iv:q,set_nonce:F,set_mask:O,set_counter:L,get_state:N,get_iv:j,gcm_init:H,cipher:W,mac:G}}({Uint8Array,Uint32Array},e,t);return h.set_key=function(e,t,i,a,s,c,u,d,f){var l=r.subarray(0,60),p=r.subarray(256,316);l.set([t,i,a,s,c,u,d,f]);for(var y=e,b=1;y<4*e+28;y++){var m=l[y-1];(y%e==0||8===e&&y%e==4)&&(m=n[m>>>24]<<24^n[m>>>16&255]<<16^n[m>>>8&255]<<8^n[255&m]),y%e==0&&(m=m<<8^m>>>24^b<<24,b=b<<1^(128&b?27:0)),l[y]=l[y-e]^m}for(var g=0;g=y-4?m:o[0][n[m>>>24]]^o[1][n[m>>>16&255]]^o[2][n[m>>>8&255]]^o[3][n[255&m]]}h.set_rounds(e+5)},h};return h.ENC={ECB:0,CBC:2,CFB:4,OFB:6,CTR:7},h.DEC={ECB:1,CBC:3,CFB:5,OFB:6,CTR:7},h.MAC={CBC:0,GCM:1},h.HEAP_DATA=16384,h}();function Ae(e){return e instanceof Uint8Array}function Se(e,t){const r=e?e.byteLength:t||65536;if(4095&r||r<=0)throw Error("heap size must be a positive integer and a multiple of 4096");return e=e||new Uint8Array(new ArrayBuffer(r))}function Ee(e,t,r,i,n){const a=e.length-t,s=ae+t.length),0),r=new Uint8Array(t);let i=0;for(let t=0;t>2,n.getUint32(0),n.getUint32(4),n.getUint32(8),n.getUint32(12),i>16?n.getUint32(16):0,i>16?n.getUint32(20):0,i>24?n.getUint32(24):0,i>24?n.getUint32(28):0),void 0!==t){if(16!==t.length)throw new Me("illegal iv size");let e=new DataView(t.buffer,t.byteOffset,t.byteLength);r.set_iv(e.getUint32(0),e.getUint32(4),e.getUint32(8),e.getUint32(12))}else r.set_iv(0,0,0,0)}AES_Encrypt_process(e){if(!Ae(e))throw new TypeError("data isn't of expected type");let{heap:t,asm:r}=this.acquire_asm(),i=ke.ENC[this.mode],n=ke.HEAP_DATA,a=this.pos,s=this.len,o=0,c=e.length||0,u=0,h=0,d=new Uint8Array(s+c&-16);for(;c>0;)h=Ee(t,a+s,e,o,c),s+=h,o+=h,c-=h,h=r.cipher(i,n+a,s),h&&d.set(t.subarray(a,a+h),u),u+=h,h0;)f=Ee(t,a+s,e,o,c),s+=f,o+=f,c-=f,f=r.cipher(i,n+a,s-(c?0:d)),f&&l.set(t.subarray(a,a+f),u),u+=f,f0){if(a%16){if(this.hasOwnProperty("padding"))throw new Me("data length must be a multiple of the block size");a+=16-a%16}if(t.cipher(r,i+n,a),this.hasOwnProperty("padding")&&this.padding){let t=e[n+s-1];if(t<1||t>16||t>s)throw new Ke("bad padding");let r=0;for(let i=t;i>1;i--)r|=t^e[n+s-i];if(r)throw new Ke("bad padding");s-=t}}const o=new Uint8Array(s);return s>0&&o.set(e.subarray(n,n+s)),this.pos=0,this.len=0,this.release_asm(),o}}class Re{static encrypt(e,t,r=!1){return new Re(t,r).encrypt(e)}static decrypt(e,t,r=!1){return new Re(t,r).decrypt(e)}constructor(e,t=!1,r){this.aes=r||new Ue(e,void 0,t,"ECB")}encrypt(e){return Pe(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return Pe(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}function Ie(e){const t=function(e){const t=new Re(e);this.encrypt=function(e){return t.encrypt(e)},this.decrypt=function(e){return t.decrypt(e)}};return t.blockSize=t.prototype.blockSize=16,t.keySize=t.prototype.keySize=e/8,t}function Be(e,t,r,i,n,a){const s=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],u=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],h=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],d=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],f=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],l=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,y,b,m,g,w,v,_,k,A,S,E,P,x,M=0,K=t.length;const C=32===e.length?3:9;_=3===C?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e,t){const r=8-e.length%8;let i;if(2===t&&r<8)i=32;else if(1===t)i=r;else{if(t||!(r<8)){if(8===r)return e;throw Error("des: invalid padding")}i=0}const n=new Uint8Array(e.length+r);for(let t=0;t>>4^v),v^=b,w^=b<<4,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,w=w<<1|w>>>31,v=v<<1|v>>>31,y=0;y>>4|v<<28)^e[p+1],b=w,w=v,v=b^(o[m>>>24&63]|u[m>>>16&63]|d[m>>>8&63]|l[63&m]|s[g>>>24&63]|c[g>>>16&63]|h[g>>>8&63]|f[63&g]);b=w,w=v,v=b}w=w>>>1|w<<31,v=v>>>1|v<<31,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=252645135&(w>>>4^v),v^=b,w^=b<<4,1===i&&(r?(k=w,S=v):(w^=A,v^=E)),D[U++]=w>>>24,D[U++]=w>>>16&255,D[U++]=w>>>8&255,D[U++]=255&w,D[U++]=v>>>24,D[U++]=v>>>16&255,D[U++]=v>>>8&255,D[U++]=255&v}return r||(D=function(e,t){let r,i=null;if(2===t)r=32;else if(1===t)i=e[e.length-1];else{if(t)throw Error("des: invalid padding");r=0}if(!i){for(i=1;e[e.length-i]===r;)i++;i--}return e.subarray(0,e.length-i)}(D,a)),D}function Te(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],i=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],n=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],a=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],s=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],u=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],h=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],d=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],f=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],l=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],y=e.length>8?3:1,b=Array(32*y),m=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let g,w,v,_=0,k=0;for(let A=0;A>>4^A),A^=v,y^=v<<4,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=858993459&(y>>>2^A),A^=v,y^=v<<2,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=16711935&(A>>>8^y),y^=v,A^=v<<8,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=y<<8|A>>>20&240,y=A<<24|A<<8&16711680|A>>>8&65280|A>>>24&240,A=v;for(let e=0;e<16;e++)m[e]?(y=y<<2|y>>>26,A=A<<2|A>>>26):(y=y<<1|y>>>27,A=A<<1|A>>>27),y&=-15,A&=-15,g=t[y>>>28]|r[y>>>24&15]|i[y>>>20&15]|n[y>>>16&15]|a[y>>>12&15]|s[y>>>8&15]|o[y>>>4&15],w=c[A>>>28]|u[A>>>24&15]|h[A>>>20&15]|d[A>>>16&15]|f[A>>>12&15]|l[A>>>8&15]|p[A>>>4&15],v=65535&(w>>>16^g),b[k++]=g^v,b[k++]=w^v<<16}return b}function ze(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Be(Te(this.key[2]),Be(Te(this.key[1]),Be(Te(this.key[0]),e,!0,0,null,null),!1,0,null,null),!0,0,null,null)}}function qe(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>>16&255,t[a+6]=o>>>8&255,t[a+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>16&255,t[a+6]=o>>8&255,t[a+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const i=t+e,n=i<>>32-r;return(a[0][n>>>24]^a[1][n>>>16&255])-a[2][n>>>8&255]+a[3][255&n]}function i(e,t,r){const i=t^e,n=i<>>32-r;return a[0][n>>>24]-a[1][n>>>16&255]+a[2][n>>>8&255]^a[3][255&n]}function n(e,t,r){const i=t-e,n=i<>>32-r;return(a[0][n>>>24]+a[1][n>>>16&255]^a[2][n>>>8&255])-a[3][255&n]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const i=[,,,,,,,,],n=Array(32);let s;for(let e=0;e<4;e++)s=4*e,i[e]=r[s]<<24|r[s+1]<<16|r[s+2]<<8|r[s+3];const o=[6,7,4,5];let c,u=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(s=0;s<4;s++){const t=e[r][s];c=i[t[1]],c^=a[4][i[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=a[5][i[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=a[6][i[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=a[7][i[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=a[o[s]][i[t[6]>>>2]>>>24-8*(3&t[6])&255],i[t[0]]=c}for(s=0;s<4;s++){const e=t[r][s];c=a[4][i[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=a[5][i[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=a[6][i[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=a[7][i[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=a[4+s][i[e[4]>>>2]>>>24-8*(3&e[4])&255],n[u]=c,u++}}for(let e=0;e<16;e++)this.masking[e]=n[e],this.rotate[e]=31&n[16+e]};const a=[,,,,,,,,];a[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],a[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],a[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],a[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],a[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],a[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],a[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],a[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Fe(e){this.cast5=new qe,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}ze.keySize=ze.prototype.keySize=24,ze.blockSize=ze.prototype.blockSize=8,Fe.blockSize=Fe.prototype.blockSize=8,Fe.keySize=Fe.prototype.keySize=16;const Oe=4294967295;function Le(e,t){return(e<>>32-t)&Oe}function Ne(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function je(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function He(e,t){return e>>>8*t&255}function We(e){this.tf=function(){let e=null,t=null,r=-1,i=[],n=[[],[],[],[]];function a(e){return n[0][He(e,0)]^n[1][He(e,1)]^n[2][He(e,2)]^n[3][He(e,3)]}function s(e){return n[0][He(e,3)]^n[1][He(e,0)]^n[2][He(e,1)]^n[3][He(e,2)]}function o(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Le(t[2]^r+n+i[4*e+8]&Oe,31),t[3]=Le(t[3],1)^r+2*n+i[4*e+9]&Oe,r=a(t[2]),n=s(t[3]),t[0]=Le(t[0]^r+n+i[4*e+10]&Oe,31),t[1]=Le(t[1],1)^r+2*n+i[4*e+11]&Oe}function c(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Le(t[2],1)^r+n+i[4*e+10]&Oe,t[3]=Le(t[3]^r+2*n+i[4*e+11]&Oe,31),r=a(t[2]),n=s(t[3]),t[0]=Le(t[0],1)^r+n+i[4*e+8]&Oe,t[1]=Le(t[1]^r+2*n+i[4*e+9]&Oe,31)}return{name:"twofish",blocksize:16,open:function(t){let r,a,s,o,c;e=t;const u=[],h=[],d=[];let f;const l=[];let p,y,b;const m=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],g=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],w=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],v=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],_=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],k=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],A=[[],[]],S=[[],[],[],[]];function E(e){return e^e>>2^[0,90,180,238][3&e]}function P(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function x(e,t){let r,i,n;for(r=0;r<8;r++)i=t>>>24,t=t<<8&Oe|e>>>24,e=e<<8&Oe,n=i<<1,128&i&&(n^=333),t^=i^n<<16,n^=i>>>1,1&i&&(n^=166),t^=n<<24|n<<8;return t}function M(e,t){const r=t>>4,i=15&t,n=m[e][r^i],a=g[e][_[i]^k[r]];return v[e][_[a]^k[n]]<<4|w[e][n^a]}function K(e,t){let r=He(e,0),i=He(e,1),n=He(e,2),a=He(e,3);switch(f){case 4:r=A[1][r]^He(t[3],0),i=A[0][i]^He(t[3],1),n=A[0][n]^He(t[3],2),a=A[1][a]^He(t[3],3);case 3:r=A[1][r]^He(t[2],0),i=A[1][i]^He(t[2],1),n=A[0][n]^He(t[2],2),a=A[0][a]^He(t[2],3);case 2:r=A[0][A[0][r]^He(t[1],0)]^He(t[0],0),i=A[0][A[1][i]^He(t[1],1)]^He(t[0],1),n=A[1][A[0][n]^He(t[1],2)]^He(t[0],2),a=A[1][A[1][a]^He(t[1],3)]^He(t[0],3)}return S[0][r]^S[1][i]^S[2][n]^S[3][a]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Ne(e,r);for(r=0;r<256;r++)A[0][r]=M(0,r),A[1][r]=M(1,r);for(r=0;r<256;r++)p=A[1][r],y=E(p),b=P(p),S[0][r]=p+(y<<8)+(b<<16)+(b<<24),S[2][r]=y+(b<<8)+(p<<16)+(b<<24),p=A[0][r],y=E(p),b=P(p),S[1][r]=b+(b<<8)+(y<<16)+(p<<24),S[3][r]=y+(p<<8)+(b<<16)+(y<<24);for(f=d.length/2,r=0;r=0;e--)c(e,a);je(t,r,a[2]^i[0]),je(t,r+4,a[3]^i[1]),je(t,r+8,a[0]^i[2]),je(t,r+12,a[1]^i[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Ge(){}function Ve(e){this.bf=new Ge,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}We.keySize=We.prototype.keySize=32,We.blockSize=We.prototype.blockSize=16,Ge.prototype.BLOCKSIZE=8,Ge.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Ge.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Ge.prototype.NN=16,Ge.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Ge.prototype._F=function(e){let t;const r=255&e,i=255&(e>>>=8),n=255&(e>>>=8),a=255&(e>>>=8);return t=this.sboxes[0][a]+this.sboxes[1][n],t^=this.sboxes[2][i],t+=this.sboxes[3][r],t},Ge.prototype._encryptBlock=function(e){let t,r=e[0],i=e[1];for(t=0;t>>24-8*t&255,n[t+i]=r[1]>>>24-8*t&255;return n},Ge.prototype._decryptBlock=function(e){let t,r=e[0],i=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],i=this._F(r)^i;const e=r;r=i,i=e}r^=this.parray[1],i^=this.parray[0],e[0]=this._clean(i),e[1]=this._clean(r)},Ge.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^i}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const i=[0,0];for(t=0;t>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=t+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=r+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=c+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=u+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=h+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=d+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=f+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=l+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=p+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=y+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=b+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=m+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=g+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=w+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=v+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=g^l^r^e;M=P<<1|P>>>31;x=M+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=w^p^c^t;K=P<<1|P>>>31;x=K+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=v^y^u^r;C=P<<1|P>>>31;x=C+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=M^b^h^c;D=P<<1|P>>>31;x=D+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=K^m^d^u;U=P<<1|P>>>31;x=U+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=C^g^f^h;R=P<<1|P>>>31;x=R+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=D^w^l^d;I=P<<1|P>>>31;x=I+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=U^v^p^f;B=P<<1|P>>>31;x=B+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=R^M^y^l;T=P<<1|P>>>31;x=T+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=I^K^b^p;z=P<<1|P>>>31;x=z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=B^C^m^y;q=P<<1|P>>>31;x=q+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=T^D^g^b;F=P<<1|P>>>31;x=F+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=z^U^w^m;O=P<<1|P>>>31;x=O+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=q^R^v^g;L=P<<1|P>>>31;x=L+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=F^I^M^w;N=P<<1|P>>>31;x=N+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=O^B^K^v;j=P<<1|P>>>31;x=j+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=L^T^C^M;H=P<<1|P>>>31;x=H+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=N^z^D^K;W=P<<1|P>>>31;x=W+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=j^q^U^C;G=P<<1|P>>>31;x=G+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=H^F^R^D;V=P<<1|P>>>31;x=V+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=W^O^I^U;$=P<<1|P>>>31;x=$+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=G^L^B^R;Z=P<<1|P>>>31;x=Z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=V^N^T^I;X=P<<1|P>>>31;x=X+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=$^j^z^B;Y=P<<1|P>>>31;x=Y+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Z^H^q^T;Q=P<<1|P>>>31;x=Q+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=X^W^F^z;J=P<<1|P>>>31;x=J+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Y^G^O^q;ee=P<<1|P>>>31;x=ee+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Q^V^L^F;te=P<<1|P>>>31;x=te+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=J^$^N^O;re=P<<1|P>>>31;x=re+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ee^Z^j^L;ie=P<<1|P>>>31;x=ie+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=te^X^H^N;ne=P<<1|P>>>31;x=ne+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=re^Y^W^j;ae=P<<1|P>>>31;x=ae+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ie^Q^G^H;se=P<<1|P>>>31;x=se+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ne^J^V^W;oe=P<<1|P>>>31;x=oe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ae^ee^$^G;ce=P<<1|P>>>31;x=ce+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=se^te^Z^V;ue=P<<1|P>>>31;x=ue+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=oe^re^X^$;he=P<<1|P>>>31;x=he+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ce^ie^Y^Z;de=P<<1|P>>>31;x=de+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ue^ne^Q^X;fe=P<<1|P>>>31;x=fe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=he^ae^J^Y;le=P<<1|P>>>31;x=le+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=de^se^ee^Q;pe=P<<1|P>>>31;x=pe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=fe^oe^te^J;ye=P<<1|P>>>31;x=ye+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=le^ce^re^ee;be=P<<1|P>>>31;x=be+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=pe^ue^ie^te;me=P<<1|P>>>31;x=me+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ye^he^ne^re;ge=P<<1|P>>>31;x=ge+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=be^de^ae^ie;we=P<<1|P>>>31;x=we+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=me^fe^se^ne;ve=P<<1|P>>>31;x=ve+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ge^le^oe^ae;_e=P<<1|P>>>31;x=_e+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=we^pe^ce^se;ke=P<<1|P>>>31;x=ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ve^ye^ue^oe;Ae=P<<1|P>>>31;x=Ae+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=_e^be^he^ce;Se=P<<1|P>>>31;x=Se+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ke^me^de^ue;Ee=P<<1|P>>>31;x=Ee+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ae^ge^fe^he;Pe=P<<1|P>>>31;x=Pe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Se^we^le^de;xe=P<<1|P>>>31;x=xe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ee^ve^pe^fe;Me=P<<1|P>>>31;x=Me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Pe^_e^ye^le;Ke=P<<1|P>>>31;x=Ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=xe^ke^be^pe;Ce=P<<1|P>>>31;x=Ce+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Me^Ae^me^ye;De=P<<1|P>>>31;x=De+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ke^Se^ge^be;Ue=P<<1|P>>>31;x=Ue+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ce^Ee^we^me;Re=P<<1|P>>>31;x=Re+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=De^Pe^ve^ge;Ie=P<<1|P>>>31;x=Ie+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ue^xe^_e^we;Be=P<<1|P>>>31;x=Be+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Re^Me^ke^ve;Te=P<<1|P>>>31;x=Te+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ie^Ke^Ae^_e;ze=P<<1|P>>>31;x=ze+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;i=i+_|0;n=n+k|0;a=a+A|0;s=s+S|0;o=o+E|0}function k(e){e=e|0;_(v[e|0]<<24|v[e|1]<<16|v[e|2]<<8|v[e|3],v[e|4]<<24|v[e|5]<<16|v[e|6]<<8|v[e|7],v[e|8]<<24|v[e|9]<<16|v[e|10]<<8|v[e|11],v[e|12]<<24|v[e|13]<<16|v[e|14]<<8|v[e|15],v[e|16]<<24|v[e|17]<<16|v[e|18]<<8|v[e|19],v[e|20]<<24|v[e|21]<<16|v[e|22]<<8|v[e|23],v[e|24]<<24|v[e|25]<<16|v[e|26]<<8|v[e|27],v[e|28]<<24|v[e|29]<<16|v[e|30]<<8|v[e|31],v[e|32]<<24|v[e|33]<<16|v[e|34]<<8|v[e|35],v[e|36]<<24|v[e|37]<<16|v[e|38]<<8|v[e|39],v[e|40]<<24|v[e|41]<<16|v[e|42]<<8|v[e|43],v[e|44]<<24|v[e|45]<<16|v[e|46]<<8|v[e|47],v[e|48]<<24|v[e|49]<<16|v[e|50]<<8|v[e|51],v[e|52]<<24|v[e|53]<<16|v[e|54]<<8|v[e|55],v[e|56]<<24|v[e|57]<<16|v[e|58]<<8|v[e|59],v[e|60]<<24|v[e|61]<<16|v[e|62]<<8|v[e|63])}function A(e){e=e|0;v[e|0]=i>>>24;v[e|1]=i>>>16&255;v[e|2]=i>>>8&255;v[e|3]=i&255;v[e|4]=n>>>24;v[e|5]=n>>>16&255;v[e|6]=n>>>8&255;v[e|7]=n&255;v[e|8]=a>>>24;v[e|9]=a>>>16&255;v[e|10]=a>>>8&255;v[e|11]=a&255;v[e|12]=s>>>24;v[e|13]=s>>>16&255;v[e|14]=s>>>8&255;v[e|15]=s&255;v[e|16]=o>>>24;v[e|17]=o>>>16&255;v[e|18]=o>>>8&255;v[e|19]=o&255}function S(){i=0x67452301;n=0xefcdab89;a=0x98badcfe;s=0x10325476;o=0xc3d2e1f0;c=u=0}function E(e,t,r,h,d,f,l){e=e|0;t=t|0;r=r|0;h=h|0;d=d|0;f=f|0;l=l|0;i=e;n=t;a=r;s=h;o=d;c=f;u=l}function P(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){k(e);e=e+64|0;t=t-64|0;r=r+64|0}c=c+r|0;if(c>>>0>>0)u=u+1|0;return r|0}function x(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=P(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;c=c+t|0;if(c>>>0>>0)u=u+1|0;v[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)v[e|n]=0x00;k(e);t=0;v[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)v[e|n]=0;v[e|56]=u>>>21&255;v[e|57]=u>>>13&255;v[e|58]=u>>>5&255;v[e|59]=u<<3&255|c>>>29;v[e|60]=c>>>21&255;v[e|61]=c>>>13&255;v[e|62]=c>>>5&255;v[e|63]=c<<3&255;k(e);if(~r)A(r);return i|0}function M(){i=h;n=d;a=f;s=l;o=p;c=64;u=0}function K(){i=y;n=b;a=m;s=g;o=w;c=64;u=0}function C(e,t,r,v,k,A,E,P,x,M,K,C,D,U,R,I){e=e|0;t=t|0;r=r|0;v=v|0;k=k|0;A=A|0;E=E|0;P=P|0;x=x|0;M=M|0;K=K|0;C=C|0;D=D|0;U=U|0;R=R|0;I=I|0;S();_(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,v^0x5c5c5c5c,k^0x5c5c5c5c,A^0x5c5c5c5c,E^0x5c5c5c5c,P^0x5c5c5c5c,x^0x5c5c5c5c,M^0x5c5c5c5c,K^0x5c5c5c5c,C^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,R^0x5c5c5c5c,I^0x5c5c5c5c);y=i;b=n;m=a;g=s;w=o;S();_(e^0x36363636,t^0x36363636,r^0x36363636,v^0x36363636,k^0x36363636,A^0x36363636,E^0x36363636,P^0x36363636,x^0x36363636,M^0x36363636,K^0x36363636,C^0x36363636,D^0x36363636,U^0x36363636,R^0x36363636,I^0x36363636);h=i;d=n;f=a;l=s;p=o;c=64;u=0}function D(e,t,r){e=e|0;t=t|0;r=r|0;var c=0,u=0,h=0,d=0,f=0,l=0;if(e&63)return-1;if(~r)if(r&31)return-1;l=x(e,t,-1)|0;c=i,u=n,h=a,d=s,f=o;K();_(c,u,h,d,f,0x80000000,0,0,0,0,0,0,0,0,0,672);if(~r)A(r);return l|0}function U(e,t,r,c,u){e=e|0;t=t|0;r=r|0;c=c|0;u=u|0;var h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;if(e&63)return-1;if(~u)if(u&31)return-1;v[e+t|0]=r>>>24;v[e+t+1|0]=r>>>16&255;v[e+t+2|0]=r>>>8&255;v[e+t+3|0]=r&255;D(e,t+4|0,-1)|0;h=y=i,d=b=n,f=m=a,l=g=s,p=w=o;c=c-1|0;while((c|0)>0){M();_(y,b,m,g,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,m=a,g=s,w=o;K();_(y,b,m,g,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,m=a,g=s,w=o;h=h^i;d=d^n;f=f^a;l=l^s;p=p^o;c=c-1|0}i=h;n=d;a=f;s=l;o=p;if(~u)A(u);return 0}return{reset:S,init:E,process:P,finish:x,hmac_reset:M,hmac_init:C,hmac_finish:D,pbkdf2_generate_block:U}};class et{constructor(){this.pos=0,this.len=0}reset(){const{asm:e}=this.acquire_asm();return this.result=null,this.pos=0,this.len=0,e.reset(),this}process(e){if(null!==this.result)throw new xe("state must be reset before processing new data");const{asm:t,heap:r}=this.acquire_asm();let i=this.pos,n=this.len,a=0,s=e.length,o=0;for(;s>0;)o=Ee(r,i+n,e,a,s),n+=o,a+=o,s-=o,o=t.process(i,n),i+=o,n-=o,n||(i=0);return this.pos=i,this.len=n,this}finish(){if(null!==this.result)throw new xe("state must be reset before processing new data");const{asm:e,heap:t}=this.acquire_asm();return e.finish(this.pos,this.len,0),this.result=new Uint8Array(this.HASH_SIZE),this.result.set(t.subarray(0,this.HASH_SIZE)),this.pos=0,this.len=0,this.release_asm(),this}}const tt=[],rt=[];class it extends et{constructor(){super(),this.NAME="sha1",this.BLOCK_SIZE=64,this.HASH_SIZE=20,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=tt.pop()||Se(),this.asm=rt.pop()||Je({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(tt.push(this.heap),rt.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new it).process(e).finish().result}}it.NAME="sha1",it.heap_pool=[],it.asm_pool=[],it.asm_function=Je;const nt=[],at=[];class st extends et{constructor(){super(),this.NAME="sha256",this.BLOCK_SIZE=64,this.HASH_SIZE=32,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=nt.pop()||Se(),this.asm=at.pop()||function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=new e.Uint8Array(r);function C(e,t,r,d,f,l,p,y,b,m,g,w,v,_,k,A){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;l=l|0;p=p|0;y=y|0;b=b|0;m=m|0;g=g|0;w=w|0;v=v|0;_=_|0;k=k|0;A=A|0;var S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0;S=i;E=n;P=a;x=s;M=o;K=c;C=u;D=h;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x428a2f98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x71374491|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb5c0fbcf|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xe9b5dba5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x3956c25b|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x59f111f1|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x923f82a4|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xab1c5ed5|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xd807aa98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x12835b01|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x243185be|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x550c7dc3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x72be5d74|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x80deb1fe|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x9bdc06a7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc19bf174|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xe49b69c1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xefbe4786|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x0fc19dc6|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x240ca1cc|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x2de92c6f|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4a7484aa|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5cb0a9dc|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x76f988da|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x983e5152|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa831c66d|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb00327c8|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xbf597fc7|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xc6e00bf3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd5a79147|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x06ca6351|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x14292967|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x27b70a85|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x2e1b2138|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x4d2c6dfc|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x53380d13|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x650a7354|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x766a0abb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x81c2c92e|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x92722c85|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xa2bfe8a1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa81a664b|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xc24b8b70|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xc76c51a3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xd192e819|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd6990624|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xf40e3585|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x106aa070|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x19a4c116|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x1e376c08|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x2748774c|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x34b0bcb5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x391c0cb3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4ed8aa4a|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5b9cca4f|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x682e6ff3|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x748f82ee|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x78a5636f|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x84c87814|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x8cc70208|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x90befffa|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xa4506ceb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xbef9a3f7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc67178f2|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;i=i+S|0;n=n+E|0;a=a+P|0;s=s+x|0;o=o+M|0;c=c+K|0;u=u+C|0;h=h+D|0}function D(e){e=e|0;C(K[e|0]<<24|K[e|1]<<16|K[e|2]<<8|K[e|3],K[e|4]<<24|K[e|5]<<16|K[e|6]<<8|K[e|7],K[e|8]<<24|K[e|9]<<16|K[e|10]<<8|K[e|11],K[e|12]<<24|K[e|13]<<16|K[e|14]<<8|K[e|15],K[e|16]<<24|K[e|17]<<16|K[e|18]<<8|K[e|19],K[e|20]<<24|K[e|21]<<16|K[e|22]<<8|K[e|23],K[e|24]<<24|K[e|25]<<16|K[e|26]<<8|K[e|27],K[e|28]<<24|K[e|29]<<16|K[e|30]<<8|K[e|31],K[e|32]<<24|K[e|33]<<16|K[e|34]<<8|K[e|35],K[e|36]<<24|K[e|37]<<16|K[e|38]<<8|K[e|39],K[e|40]<<24|K[e|41]<<16|K[e|42]<<8|K[e|43],K[e|44]<<24|K[e|45]<<16|K[e|46]<<8|K[e|47],K[e|48]<<24|K[e|49]<<16|K[e|50]<<8|K[e|51],K[e|52]<<24|K[e|53]<<16|K[e|54]<<8|K[e|55],K[e|56]<<24|K[e|57]<<16|K[e|58]<<8|K[e|59],K[e|60]<<24|K[e|61]<<16|K[e|62]<<8|K[e|63])}function U(e){e=e|0;K[e|0]=i>>>24;K[e|1]=i>>>16&255;K[e|2]=i>>>8&255;K[e|3]=i&255;K[e|4]=n>>>24;K[e|5]=n>>>16&255;K[e|6]=n>>>8&255;K[e|7]=n&255;K[e|8]=a>>>24;K[e|9]=a>>>16&255;K[e|10]=a>>>8&255;K[e|11]=a&255;K[e|12]=s>>>24;K[e|13]=s>>>16&255;K[e|14]=s>>>8&255;K[e|15]=s&255;K[e|16]=o>>>24;K[e|17]=o>>>16&255;K[e|18]=o>>>8&255;K[e|19]=o&255;K[e|20]=c>>>24;K[e|21]=c>>>16&255;K[e|22]=c>>>8&255;K[e|23]=c&255;K[e|24]=u>>>24;K[e|25]=u>>>16&255;K[e|26]=u>>>8&255;K[e|27]=u&255;K[e|28]=h>>>24;K[e|29]=h>>>16&255;K[e|30]=h>>>8&255;K[e|31]=h&255}function R(){i=0x6a09e667;n=0xbb67ae85;a=0x3c6ef372;s=0xa54ff53a;o=0x510e527f;c=0x9b05688c;u=0x1f83d9ab;h=0x5be0cd19;d=f=0}function I(e,t,r,l,p,y,b,m,g,w){e=e|0;t=t|0;r=r|0;l=l|0;p=p|0;y=y|0;b=b|0;m=m|0;g=g|0;w=w|0;i=e;n=t;a=r;s=l;o=p;c=y;u=b;h=m;d=g;f=w}function B(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){D(e);e=e+64|0;t=t-64|0;r=r+64|0}d=d+r|0;if(d>>>0>>0)f=f+1|0;return r|0}function T(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=B(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;d=d+t|0;if(d>>>0>>0)f=f+1|0;K[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)K[e|n]=0x00;D(e);t=0;K[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)K[e|n]=0;K[e|56]=f>>>21&255;K[e|57]=f>>>13&255;K[e|58]=f>>>5&255;K[e|59]=f<<3&255|d>>>29;K[e|60]=d>>>21&255;K[e|61]=d>>>13&255;K[e|62]=d>>>5&255;K[e|63]=d<<3&255;D(e);if(~r)U(r);return i|0}function z(){i=l;n=p;a=y;s=b;o=m;c=g;u=w;h=v;d=64;f=0}function q(){i=_;n=k;a=A;s=S;o=E;c=P;u=x;h=M;d=64;f=0}function F(e,t,r,K,D,U,I,B,T,z,q,F,O,L,N,j){e=e|0;t=t|0;r=r|0;K=K|0;D=D|0;U=U|0;I=I|0;B=B|0;T=T|0;z=z|0;q=q|0;F=F|0;O=O|0;L=L|0;N=N|0;j=j|0;R();C(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,K^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,I^0x5c5c5c5c,B^0x5c5c5c5c,T^0x5c5c5c5c,z^0x5c5c5c5c,q^0x5c5c5c5c,F^0x5c5c5c5c,O^0x5c5c5c5c,L^0x5c5c5c5c,N^0x5c5c5c5c,j^0x5c5c5c5c);_=i;k=n;A=a;S=s;E=o;P=c;x=u;M=h;R();C(e^0x36363636,t^0x36363636,r^0x36363636,K^0x36363636,D^0x36363636,U^0x36363636,I^0x36363636,B^0x36363636,T^0x36363636,z^0x36363636,q^0x36363636,F^0x36363636,O^0x36363636,L^0x36363636,N^0x36363636,j^0x36363636);l=i;p=n;y=a;b=s;m=o;g=c;w=u;v=h;d=64;f=0}function O(e,t,r){e=e|0;t=t|0;r=r|0;var d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;if(e&63)return-1;if(~r)if(r&31)return-1;w=T(e,t,-1)|0;d=i,f=n,l=a,p=s,y=o,b=c,m=u,g=h;q();C(d,f,l,p,y,b,m,g,0x80000000,0,0,0,0,0,0,768);if(~r)U(r);return w|0}function L(e,t,r,d,f){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;var l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0;if(e&63)return-1;if(~f)if(f&31)return-1;K[e+t|0]=r>>>24;K[e+t+1|0]=r>>>16&255;K[e+t+2|0]=r>>>8&255;K[e+t+3|0]=r&255;O(e,t+4|0,-1)|0;l=_=i,p=k=n,y=A=a,b=S=s,m=E=o,g=P=c,w=x=u,v=M=h;d=d-1|0;while((d|0)>0){z();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;q();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;l=l^i;p=p^n;y=y^a;b=b^s;m=m^o;g=g^c;w=w^u;v=v^h;d=d-1|0}i=l;n=p;a=y;s=b;o=m;c=g;u=w;h=v;if(~f)U(f);return 0}return{reset:R,init:I,process:B,finish:T,hmac_reset:z,hmac_init:F,hmac_finish:O,pbkdf2_generate_block:L}}({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(nt.push(this.heap),at.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new st).process(e).finish().result}}st.NAME="sha256";var ot=ct;function ct(e,t){if(!e)throw Error(t||"Assertion failed")}ct.equal=function(e,t,r){if(e!=t)throw Error(r||"Assertion failed: "+e+" != "+t)};var ut=void 0!==e?e:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function ht(e,t){return e(t={exports:{}},t.exports),t.exports}function dt(){throw Error("Dynamic requires are not currently supported by @rollup/plugin-commonjs")}var ft=ht((function(e){e.exports="function"==typeof Object.create?function(e,t){e.super_=t,e.prototype=Object.create(t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}})}:function(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}})),lt=ht((function(e){try{var t=s;if("function"!=typeof t.inherits)throw"";e.exports=t.inherits}catch(t){e.exports=ft}}));var pt=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var r=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),i=0;i>8,s=255&n;a?r.push(a,s):r.push(s)}else for(i=0;i>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}var mt=function(e,t){for(var r="",i=0;i>>0}return a};var _t=function(e,t){for(var r=Array(4*e.length),i=0,n=0;i>>24,r[n+1]=a>>>16&255,r[n+2]=a>>>8&255,r[n+3]=255&a):(r[n+3]=a>>>24,r[n+2]=a>>>16&255,r[n+1]=a>>>8&255,r[n]=255&a)}return r};var kt={inherits:lt,toArray:pt,toHex:yt,htonl:bt,toHex32:mt,zero2:gt,zero8:wt,join32:vt,split32:_t,rotr32:function(e,t){return e>>>t|e<<32-t},rotl32:function(e,t){return e<>>32-t},sum32:function(e,t){return e+t>>>0},sum32_3:function(e,t,r){return e+t+r>>>0},sum32_4:function(e,t,r,i){return e+t+r+i>>>0},sum32_5:function(e,t,r,i,n){return e+t+r+i+n>>>0},sum64:function(e,t,r,i){var n=e[t],a=i+e[t+1]>>>0,s=(a>>0,e[t+1]=a},sum64_hi:function(e,t,r,i){return(t+i>>>0>>0},sum64_lo:function(e,t,r,i){return t+i>>>0},sum64_4_hi:function(e,t,r,i,n,a,s,o){var c=0,u=t;return c+=(u=u+i>>>0)>>0)>>0)>>0},sum64_4_lo:function(e,t,r,i,n,a,s,o){return t+i+a+o>>>0},sum64_5_hi:function(e,t,r,i,n,a,s,o,c,u){var h=0,d=t;return h+=(d=d+i>>>0)>>0)>>0)>>0)>>0},sum64_5_lo:function(e,t,r,i,n,a,s,o,c,u){return t+i+a+o+u>>>0},rotr64_hi:function(e,t,r){return(t<<32-r|e>>>r)>>>0},rotr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0},shr64_hi:function(e,t,r){return e>>>r},shr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0}};function At(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}var St=At;At.prototype.update=function(e,t){if(e=kt.toArray(e,t),this.pending?this.pending=this.pending.concat(e):this.pending=e,this.pendingTotal+=e.length,this.pending.length>=this._delta8){var r=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-r,e.length),0===this.pending.length&&(this.pending=null),e=kt.join32(e,0,e.length-r,this.endian);for(var i=0;i>>24&255,i[n++]=e>>>16&255,i[n++]=e>>>8&255,i[n++]=255&e}else for(i[n++]=255&e,i[n++]=e>>>8&255,i[n++]=e>>>16&255,i[n++]=e>>>24&255,i[n++]=0,i[n++]=0,i[n++]=0,i[n++]=0,a=8;a>>3},g1_256:function(e){return Pt(e,17)^Pt(e,19)^e>>>10}},Ut=kt.sum32,Rt=kt.sum32_4,It=kt.sum32_5,Bt=Dt.ch32,Tt=Dt.maj32,zt=Dt.s0_256,qt=Dt.s1_256,Ft=Dt.g0_256,Ot=Dt.g1_256,Lt=Et.BlockHash,Nt=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function jt(){if(!(this instanceof jt))return new jt;Lt.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=Nt,this.W=Array(64)}kt.inherits(jt,Lt);var Ht=jt;function Wt(){if(!(this instanceof Wt))return new Wt;Ht.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}jt.blockSize=512,jt.outSize=256,jt.hmacStrength=192,jt.padLength=64,jt.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;i>>32-n,r)}function Fr(e,t,r,i,n,a,s){return qr(t&r|~t&i,e,t,n,a,s)}function Or(e,t,r,i,n,a,s){return qr(t&i|r&~i,e,t,n,a,s)}function Lr(e,t,r,i,n,a,s){return qr(t^r^i,e,t,n,a,s)}function Nr(e,t,r,i,n,a,s){return qr(r^(t|~i),e,t,n,a,s)}function jr(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const Hr="0123456789abcdef".split("");function Wr(e){let t="",r=0;for(;r<4;r++)t+=Hr[e>>8*r+4&15]+Hr[e>>8*r&15];return t}function Gr(e,t){return e+t&4294967295}const Vr=ie.getWebCrypto(),$r=ie.getNodeCrypto(),Zr=$r&&$r.getHashes();function Xr(e){if($r&&Zr.includes(e))return async function(t){const r=$r.createHash(e);return N(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Yr(e,t){return async function(r,i=de){if(l(r)&&(r=await Z(r)),!ie.isStream(r)&&Vr&&t&&r.length>=i.minBytesForWebCrypto)return new Uint8Array(await Vr.digest(t,r));const n=e();return N(r,(e=>{n.update(e)}),(()=>new Uint8Array(n.digest())))}}function Qr(e,t){return async function(r,i=de){if(l(r)&&(r=await Z(r)),ie.isStream(r)){const t=new e;return N(r,(e=>{t.process(e)}),(()=>t.finish().result))}return Vr&&t&&r.length>=i.minBytesForWebCrypto?new Uint8Array(await Vr.digest(t,r)):e.bytes(r)}}const Jr={md5:Xr("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let i;for(i=64;i<=e.length;i+=64)zr(r,jr(e.substring(i-64,i)));e=e.substring(i-64);const n=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(i=0;i>2]|=e.charCodeAt(i)<<(i%4<<3);if(n[i>>2]|=128<<(i%4<<3),i>55)for(zr(r,n),i=0;i<16;i++)n[i]=0;return n[14]=8*t,zr(r,n),r}(ie.uint8ArrayToString(e));return ie.hexToUint8Array(function(e){for(let t=0;tnew Uint8Array(a.update(e))))}(e,t,r,i);if(ie.isAES(e))return function(e,t,r,i,n){if(ie.getWebCrypto()&&24!==t.length&&!ie.isStream(r)&&r.length>=3e3*n.minBytesForWebCrypto)return async function(e,t,r,i){const n="AES-CBC",a=await ii.importKey("raw",t,{name:n},!1,["encrypt"]),{blockSize:s}=ri(e),o=ie.concatUint8Array([new Uint8Array(s),r]),c=new Uint8Array(await ii.encrypt({name:n,iv:i},a,o)).subarray(0,r.length);return function(e,t){for(let r=0;ra.aes.AES_Encrypt_process(e)),(()=>a.aes.AES_Encrypt_finish()))}(e,t,r,i,n);const s=new(ri(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=ie.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;rnew Uint8Array(a.update(e))))}(e,t,r,i);if(ie.isAES(e))return function(e,t,r,i){if(ie.isStream(r)){const e=new ti(t,i);return N(r,(t=>e.aes.AES_Decrypt_process(t)),(()=>e.aes.AES_Decrypt_finish()))}return ti.decrypt(r,t,i)}(0,t,r,i);const a=new(ri(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=ie.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r48)throw new Me("illegal counter size");let e=Math.pow(2,r)-1;i.set_mask(0,0,e/4294967296|0,0|e)}else r=48,i.set_mask(0,0,65535,4294967295);if(void 0===e)throw Error("nonce is required");{let t=e.length;if(!t||t>16)throw new Me("illegal nonce size");let r=new DataView(new ArrayBuffer(16));new Uint8Array(r.buffer).set(e),i.set_nonce(r.getUint32(0),r.getUint32(4),r.getUint32(8),r.getUint32(12))}if(void 0!==t){if(t<0||t>=Math.pow(2,r))throw new Me("illegal counter value");i.set_counter(0,0,t/4294967296|0,0|t)}}}class ui{static encrypt(e,t,r=!0,i){return new ui(t,i,r).encrypt(e)}static decrypt(e,t,r=!0,i){return new ui(t,i,r).decrypt(e)}constructor(e,t,r=!0,i){this.aes=i||new Ue(e,t,r,"CBC")}encrypt(e){return Pe(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return Pe(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}const hi=ie.getWebCrypto(),di=ie.getNodeCrypto(),fi=16;function li(e,t){const r=e.length-fi;for(let i=0;i>3),17+(u>>3)),8-(7&u)).subarray(1),l=new Uint8Array(Mi),p=new Uint8Array(t.length+Ci);let y,b=0;for(y=0;y16)throw new Me("illegal tagSize value");const o=t.length||0,c=new Uint8Array(16);12!==o?(this._gcm_mac_process(t),s[0]=0,s[1]=0,s[2]=0,s[3]=0,s[4]=0,s[5]=0,s[6]=0,s[7]=0,s[8]=0,s[9]=0,s[10]=0,s[11]=o>>>29,s[12]=o>>>21&255,s[13]=o>>>13&255,s[14]=o>>>5&255,s[15]=o<<3&255,a.mac(ke.MAC.GCM,ke.HEAP_DATA,16),a.get_iv(ke.HEAP_DATA),a.set_iv(0,0,0,0),c.set(s.subarray(0,16))):(c.set(t),c[15]=1);const u=new DataView(c.buffer);if(this.gamma0=u.getUint32(12),a.set_nonce(u.getUint32(0),u.getUint32(4),u.getUint32(8),0),a.set_mask(0,0,0,4294967295),void 0!==r){if(r.length>zi)throw new Me("illegal adata length");r.length?(this.adata=r,this._gcm_mac_process(r)):this.adata=void 0}else this.adata=void 0;if(this.counter<1||this.counter>4294967295)throw new RangeError("counter must be a positive 32-bit integer");a.set_counter(0,0,0,this.gamma0+this.counter|0)}static encrypt(e,t,r,i,n){return new qi(t,r,i,n).encrypt(e)}static decrypt(e,t,r,i,n){return new qi(t,r,i,n).decrypt(e)}encrypt(e){return this.AES_GCM_encrypt(e)}decrypt(e){return this.AES_GCM_decrypt(e)}AES_GCM_Encrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.aes.pos,o=this.aes.len,c=0,u=o+r&-16,h=0;if((a-1<<4)+o+r>zi)throw new RangeError("counter overflow");const d=new Uint8Array(u);for(;r>0;)h=Ee(n,s+o,e,t,r),o+=h,t+=h,r-=h,h=i.cipher(ke.ENC.CTR,ke.HEAP_DATA+s,o),h=i.mac(ke.MAC.GCM,ke.HEAP_DATA+s,h),h&&d.set(n.subarray(s,s+h),c),a+=h>>>4,c+=h,h>>29,t[4]=u>>>21,t[5]=u>>>13&255,t[6]=u>>>5&255,t[7]=u<<3&255,t[8]=t[9]=t[10]=0,t[11]=h>>>29,t[12]=h>>>21&255,t[13]=h>>>13&255,t[14]=h>>>5&255,t[15]=h<<3&255,e.mac(ke.MAC.GCM,ke.HEAP_DATA,16),e.get_iv(ke.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(ke.ENC.CTR,ke.HEAP_DATA,16),o.set(t.subarray(0,i),s),this.counter=1,this.aes.pos=0,this.aes.len=0,o}AES_GCM_Decrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.tagSize,o=this.aes.pos,c=this.aes.len,u=0,h=c+r>s?c+r-s&-16:0,d=c+r-h,f=0;if((a-1<<4)+c+r>zi)throw new RangeError("counter overflow");const l=new Uint8Array(h);for(;r>d;)f=Ee(n,o+c,e,t,r-d),c+=f,t+=f,r-=f,f=i.mac(ke.MAC.GCM,ke.HEAP_DATA+o,f),f=i.cipher(ke.DEC.CTR,ke.HEAP_DATA+o,f),f&&l.set(n.subarray(o,o+f),u),a+=f>>>4,u+=f,o=0,c=0;return r>0&&(c+=Ee(n,0,e,t,r)),this.counter=a,this.aes.pos=o,this.aes.len=c,l}AES_GCM_Decrypt_finish(){let{asm:e,heap:t}=this.aes.acquire_asm(),r=this.tagSize,i=this.adata,n=this.counter,a=this.aes.pos,s=this.aes.len,o=s-r;if(s>>29,t[4]=d>>>21,t[5]=d>>>13&255,t[6]=d>>>5&255,t[7]=d<<3&255,t[8]=t[9]=t[10]=0,t[11]=f>>>29,t[12]=f>>>21&255,t[13]=f>>>13&255,t[14]=f>>>5&255,t[15]=f<<3&255,e.mac(ke.MAC.GCM,ke.HEAP_DATA,16),e.get_iv(ke.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(ke.ENC.CTR,ke.HEAP_DATA,16);let l=0;for(let e=0;e0;){for(a=Ee(r,0,e,i,n),i+=a,n-=a;15&a;)r[a++]=0;t.mac(ke.MAC.GCM,ke.HEAP_DATA,a)}}}const Fi=ie.getWebCrypto(),Oi=ie.getNodeCrypto(),Li=ie.getNodeBuffer(),Ni=16,ji="AES-GCM";async function Hi(e,t){if(e!==te.symmetric.aes128&&e!==te.symmetric.aes192&&e!==te.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(ie.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new Oi.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=Li.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new Oi.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-Ni,e.length));const a=Li.concat([n.update(e.slice(0,e.length-Ni)),n.final()]);return new Uint8Array(a)}};if(ie.getWebCrypto()&&24!==t.length){const e=await Fi.importKey("raw",t,{name:ji},!1,["encrypt","decrypt"]);return{encrypt:async function(r,i,n=new Uint8Array){if(!r.length)return qi.encrypt(r,t,i,n);const a=await Fi.encrypt({name:ji,iv:i,additionalData:n,tagLength:8*Ni},e,r);return new Uint8Array(a)},decrypt:async function(r,i,n=new Uint8Array){if(r.length===Ni)return qi.decrypt(r,t,i,n);const a=await Fi.decrypt({name:ji,iv:i,additionalData:n,tagLength:8*Ni},e,r);return new Uint8Array(a)}}}return{encrypt:async function(e,r,i){return qi.encrypt(e,t,r,i)},decrypt:async function(e,r,i){return qi.decrypt(e,t,r,i)}}}Hi.getNonce=function(e,t){const r=e.slice();for(let e=0;e>>8)-1}(e,t,r,i,32)}function p(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function y(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function b(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function m(e,r){var i,n,a,s=t(),o=t();for(i=0;i<16;i++)o[i]=r[i];for(y(o),y(o),y(o),n=0;n<2;n++){for(s[0]=o[0]-65517,i=1;i<15;i++)s[i]=o[i]-65535-(s[i-1]>>16&1),s[i-1]&=65535;s[15]=o[15]-32767-(s[14]>>16&1),a=s[15]>>16&1,s[14]&=65535,b(o,s,1-a)}for(i=0;i<16;i++)e[2*i]=255&o[i],e[2*i+1]=o[i]>>8}function g(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return m(r,e),m(i,t),l(r,0,i,0)}function w(e){var t=new Uint8Array(32);return m(t,e),1&t[0]}function v(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function _(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function k(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function A(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0,U=0,R=0,I=0,B=0,T=r[0],z=r[1],q=r[2],F=r[3],O=r[4],L=r[5],N=r[6],j=r[7],H=r[8],W=r[9],G=r[10],V=r[11],$=r[12],Z=r[13],X=r[14],Y=r[15];a+=(i=t[0])*T,s+=i*z,o+=i*q,c+=i*F,u+=i*O,h+=i*L,d+=i*N,f+=i*j,l+=i*H,p+=i*W,y+=i*G,b+=i*V,m+=i*$,g+=i*Z,w+=i*X,v+=i*Y,s+=(i=t[1])*T,o+=i*z,c+=i*q,u+=i*F,h+=i*O,d+=i*L,f+=i*N,l+=i*j,p+=i*H,y+=i*W,b+=i*G,m+=i*V,g+=i*$,w+=i*Z,v+=i*X,_+=i*Y,o+=(i=t[2])*T,c+=i*z,u+=i*q,h+=i*F,d+=i*O,f+=i*L,l+=i*N,p+=i*j,y+=i*H,b+=i*W,m+=i*G,g+=i*V,w+=i*$,v+=i*Z,_+=i*X,k+=i*Y,c+=(i=t[3])*T,u+=i*z,h+=i*q,d+=i*F,f+=i*O,l+=i*L,p+=i*N,y+=i*j,b+=i*H,m+=i*W,g+=i*G,w+=i*V,v+=i*$,_+=i*Z,k+=i*X,A+=i*Y,u+=(i=t[4])*T,h+=i*z,d+=i*q,f+=i*F,l+=i*O,p+=i*L,y+=i*N,b+=i*j,m+=i*H,g+=i*W,w+=i*G,v+=i*V,_+=i*$,k+=i*Z,A+=i*X,S+=i*Y,h+=(i=t[5])*T,d+=i*z,f+=i*q,l+=i*F,p+=i*O,y+=i*L,b+=i*N,m+=i*j,g+=i*H,w+=i*W,v+=i*G,_+=i*V,k+=i*$,A+=i*Z,S+=i*X,E+=i*Y,d+=(i=t[6])*T,f+=i*z,l+=i*q,p+=i*F,y+=i*O,b+=i*L,m+=i*N,g+=i*j,w+=i*H,v+=i*W,_+=i*G,k+=i*V,A+=i*$,S+=i*Z,E+=i*X,P+=i*Y,f+=(i=t[7])*T,l+=i*z,p+=i*q,y+=i*F,b+=i*O,m+=i*L,g+=i*N,w+=i*j,v+=i*H,_+=i*W,k+=i*G,A+=i*V,S+=i*$,E+=i*Z,P+=i*X,x+=i*Y,l+=(i=t[8])*T,p+=i*z,y+=i*q,b+=i*F,m+=i*O,g+=i*L,w+=i*N,v+=i*j,_+=i*H,k+=i*W,A+=i*G,S+=i*V,E+=i*$,P+=i*Z,x+=i*X,M+=i*Y,p+=(i=t[9])*T,y+=i*z,b+=i*q,m+=i*F,g+=i*O,w+=i*L,v+=i*N,_+=i*j,k+=i*H,A+=i*W,S+=i*G,E+=i*V,P+=i*$,x+=i*Z,M+=i*X,K+=i*Y,y+=(i=t[10])*T,b+=i*z,m+=i*q,g+=i*F,w+=i*O,v+=i*L,_+=i*N,k+=i*j,A+=i*H,S+=i*W,E+=i*G,P+=i*V,x+=i*$,M+=i*Z,K+=i*X,C+=i*Y,b+=(i=t[11])*T,m+=i*z,g+=i*q,w+=i*F,v+=i*O,_+=i*L,k+=i*N,A+=i*j,S+=i*H,E+=i*W,P+=i*G,x+=i*V,M+=i*$,K+=i*Z,C+=i*X,D+=i*Y,m+=(i=t[12])*T,g+=i*z,w+=i*q,v+=i*F,_+=i*O,k+=i*L,A+=i*N,S+=i*j,E+=i*H,P+=i*W,x+=i*G,M+=i*V,K+=i*$,C+=i*Z,D+=i*X,U+=i*Y,g+=(i=t[13])*T,w+=i*z,v+=i*q,_+=i*F,k+=i*O,A+=i*L,S+=i*N,E+=i*j,P+=i*H,x+=i*W,M+=i*G,K+=i*V,C+=i*$,D+=i*Z,U+=i*X,R+=i*Y,w+=(i=t[14])*T,v+=i*z,_+=i*q,k+=i*F,A+=i*O,S+=i*L,E+=i*N,P+=i*j,x+=i*H,M+=i*W,K+=i*G,C+=i*V,D+=i*$,U+=i*Z,R+=i*X,I+=i*Y,v+=(i=t[15])*T,s+=38*(k+=i*q),o+=38*(A+=i*F),c+=38*(S+=i*O),u+=38*(E+=i*L),h+=38*(P+=i*N),d+=38*(x+=i*j),f+=38*(M+=i*H),l+=38*(K+=i*W),p+=38*(C+=i*G),y+=38*(D+=i*V),b+=38*(U+=i*$),m+=38*(R+=i*Z),g+=38*(I+=i*X),w+=38*(B+=i*Y),a=(i=(a+=38*(_+=i*z))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=d,e[7]=f,e[8]=l,e[9]=p,e[10]=y,e[11]=b,e[12]=m,e[13]=g,e[14]=w,e[15]=v}function S(e,t){A(e,t,t)}function E(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=253;i>=0;i--)S(n,n),2!==i&&4!==i&&A(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}function P(e,r,i){var n,a,s=new Uint8Array(32),c=new Float64Array(80),u=t(),h=t(),d=t(),f=t(),l=t(),p=t();for(a=0;a<31;a++)s[a]=r[a];for(s[31]=127&r[31]|64,s[0]&=248,v(c,i),a=0;a<16;a++)h[a]=c[a],f[a]=u[a]=d[a]=0;for(u[0]=f[0]=1,a=254;a>=0;--a)b(u,h,n=s[a>>>3]>>>(7&a)&1),b(d,f,n),_(l,u,d),k(u,u,d),_(d,h,f),k(h,h,f),S(f,l),S(p,u),A(u,d,u),A(d,h,l),_(l,u,d),k(u,u,d),S(h,u),k(d,f,p),A(u,d,o),_(u,u,f),A(d,d,u),A(u,f,p),A(f,h,c),S(h,l),b(u,h,n),b(d,f,n);for(a=0;a<16;a++)c[a+16]=u[a],c[a+32]=d[a],c[a+48]=h[a],c[a+64]=f[a];var y=c.subarray(32),g=c.subarray(16);return E(y,y),A(g,g,y),m(e,g),0}function x(e,t){return P(e,t,n)}function M(e,r){var i=t(),n=t(),a=t(),s=t(),o=t(),c=t(),h=t(),d=t(),f=t();k(i,e[1],e[0]),k(f,r[1],r[0]),A(i,i,f),_(n,e[0],e[1]),_(f,r[0],r[1]),A(n,n,f),A(a,e[3],r[3]),A(a,a,u),A(s,e[2],r[2]),_(s,s,s),k(o,n,i),k(c,s,a),_(h,s,a),_(d,n,i),A(e[0],o,c),A(e[1],d,h),A(e[2],h,c),A(e[3],o,d)}function K(e,t,r){var i;for(i=0;i<4;i++)b(e[i],t[i],r)}function C(e,r){var i=t(),n=t(),a=t();E(a,r[2]),A(i,r[0],a),A(n,r[1],a),m(e,n),e[31]^=w(i)<<7}function D(e,t,r){var i,n;for(p(e[0],a),p(e[1],s),p(e[2],s),p(e[3],a),n=255;n>=0;--n)K(e,t,i=r[n/8|0]>>(7&n)&1),M(t,e),M(e,e),K(e,t,i)}function U(e,r){var i=[t(),t(),t(),t()];p(i[0],h),p(i[1],d),p(i[2],s),A(i[3],h,d),D(e,i,r)}function R(i,n,a){var s,o,c=[t(),t(),t(),t()];for(a||r(n,32),(s=e.hash(n.subarray(0,32)))[0]&=248,s[31]&=127,s[31]|=64,U(c,s),C(i,c),o=0;o<32;o++)n[o+32]=i[o];return 0}var I=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function B(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n>4)*I[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*I[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function T(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;B(e,r)}function z(e,r){var i=t(),n=t(),o=t(),u=t(),h=t(),d=t(),l=t();return p(e[2],s),v(e[1],r),S(o,e[1]),A(u,o,c),k(o,o,e[2]),_(u,e[2],u),S(h,u),S(d,h),A(l,d,h),A(i,l,o),A(i,i,u),function(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=250;i>=0;i--)S(n,n),1!==i&&A(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}(i,i),A(i,i,o),A(i,i,u),A(i,i,u),A(e[0],i,u),S(n,e[0]),A(n,n,u),g(n,o)&&A(e[0],e[0],f),S(n,e[0]),A(n,n,u),g(n,o)?-1:(w(e[0])===r[31]>>7&&k(e[0],a,e[0]),A(e[3],e[0],e[1]),0)}var q=64;function F(){for(var e=0;e=0},e.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return R(e,t),{publicKey:e,secretKey:t}},e.sign.keyPair.fromSecretKey=function(e){if(F(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;re&&(c.imod(a.leftShift(n)).iadd(a),u=c.mod(s).toNumber())}while(!await Qi(c,t,r));return c}async function Qi(e,t,r){return!(t&&!e.dec().gcd(t).isOne())&&(!!await async function(e){const t=await ie.getBigInteger();return Ji.every((r=>0!==e.mod(new t(r))))}(e)&&(!!await async function(e,t){const r=await ie.getBigInteger();return t=t||new r(2),t.modExp(e.dec(),e).isOne()}(e)&&!!await async function(e,t,r){const i=await ie.getBigInteger(),n=e.bitLength();t||(t=Math.max(1,n/48|0));const a=e.dec();let s=0;for(;!a.getBit(s);)s++;const o=e.rightShift(new i(s));for(;t>0;t--){let t,n=(r?r():await Zi(new i(2),a)).modExp(o,e);if(!n.isOne()&&!n.equal(a)){for(t=1;tt-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!i;if(t)return ie.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}async function nn(e,t,r){let i;if(t.length!==ei.getHashByteLength(e))throw Error("Invalid hash length");const n=new Uint8Array(en[e].length);for(i=0;i{on.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(un.decode(n,"der"))}))}));return{n:i.modulus.toArrayLike(Uint8Array),e:i.publicExponent.toArrayLike(Uint8Array),d:i.privateExponent.toArrayLike(Uint8Array),p:i.prime2.toArrayLike(Uint8Array),q:i.prime1.toArrayLike(Uint8Array),u:i.coefficient.toArrayLike(Uint8Array)}}let r,i,n;do{i=await Yi(e-(e>>1),t,40),r=await Yi(e>>1,t,40),n=r.mul(i)}while(n.bitLength()!==e);const a=r.dec().imul(i.dec());return i.lt(r)&&([r,i]=[i,r]),{n:n.toUint8Array(),e:t.toUint8Array(),d:t.modInv(a).toUint8Array(),p:r.toUint8Array(),q:i.toUint8Array(),u:r.modInv(i).toUint8Array()}},validateParams:async function(e,t,r,i,n,a){const s=await ie.getBigInteger();if(e=new s(e),i=new s(i),n=new s(n),!i.mul(n).equal(e))return!1;const o=new s(2);if(a=new s(a),!i.mul(a).mod(n).isOne())return!1;t=new s(t),r=new s(r);const c=new s(Math.floor(e.bitLength()/3)),u=await Zi(o,o.leftShift(c)),h=u.mul(r).mul(t);return!(!h.mod(i.dec()).equal(u)||!h.mod(n.dec()).equal(u))}});var fn=/*#__PURE__*/Object.freeze({__proto__:null,encrypt:async function(e,t,r,i){const n=await ie.getBigInteger();t=new n(t),r=new n(r),i=new n(i);const a=new n(tn(e,t.byteLength())),s=await Zi(new n(1),t.dec());return{c1:r.modExp(s,t).toUint8Array(),c2:i.modExp(s,t).imul(a).imod(t).toUint8Array()}},decrypt:async function(e,t,r,i,n){const a=await ie.getBigInteger();return e=new a(e),t=new a(t),r=new a(r),i=new a(i),rn(e.modExp(i,r).modInv(r).imul(t).imod(r).toUint8Array("be",r.byteLength()),n)},validateParams:async function(e,t,r,i){const n=await ie.getBigInteger();e=new n(e),t=new n(t),r=new n(r);const a=new n(1);if(t.lte(a)||t.gte(e))return!1;const s=new n(e.bitLength()),o=new n(1023);if(s.lt(o))return!1;if(!t.modExp(e.dec(),e).isOne())return!1;let c=t;const u=new n(1),h=new n(2).leftShift(new n(17));for(;u.lt(h);){if(c=c.mul(t).imod(e),c.isOne())return!1;u.iinc()}i=new n(i);const d=new n(2),f=await Zi(d.leftShift(s.dec()),d.leftShift(s)),l=e.dec().imul(f).iadd(i);return!!r.equal(t.modExp(l,e))}});class ln{constructor(e){if(e instanceof ln)this.oid=e.oid;else if(ie.isArray(e)||ie.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return ie.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return ie.uint8ArrayToHex(this.oid)}getName(){const e=this.toHex();if(te.curve[e])return te.write(te.curve,e);throw Error("Unknown curve object identifier.")}}function pn(e,t){return e.keyPair({priv:t})}function yn(e,t){const r=e.keyPair({pub:t});if(!0!==r.validate().result)throw Error("Invalid elliptic public key");return r}async function bn(e){if(!de.useIndutnyElliptic)throw Error("This curve is only supported in the full build of OpenPGP.js");const{default:t}=await Promise.resolve().then((function(){return Rb}));return new t.ec(e)}function mn(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=ie.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function gn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):ie.concatUint8Array([new Uint8Array([255]),ie.writeNumber(e,4)])}function wn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function vn(e){return new Uint8Array([192|e])}function _n(e,t){return ie.concatUint8Array([vn(e),gn(t)])}function kn(e){return[te.packet.literalData,te.packet.compressedData,te.packet.symmetricallyEncryptedData,te.packet.symEncryptedIntegrityProtectedData,te.packet.aeadEncryptedData].includes(e)}async function An(e,t){const r=z(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||0==(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await r.readByte();let o,c,u=-1,h=-1;h=0,0!=(64&s)&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const d=kn(u);let l,p=null;if(d){if("array"===ie.isStream(e)){const e=new f;i=q(e),p=e}else{const e=new D;i=q(e.writable),p=e.readable}n=t({tag:u,packet:p})}else p=[];do{if(h){const e=await r.readByte();if(l=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),l=!0,!d)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const a=o===1/0?n:n.subarray(0,o-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=o){r.unshift(n.subarray(o-e+n.length));break}}}}while(l);const y=await r.peekBytes(d?1/0:2);return i?(await i.ready,await i.close()):(p=ie.concatUint8Array(p),await t({tag:u,packet:p})),!y||!y.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Sn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Sn),this.name="UnsupportedError"}}class En{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}const Pn=ie.getWebCrypto(),xn=ie.getNodeCrypto(),Mn={p256:"P-256",p384:"P-384",p521:"P-521"},Kn=xn?xn.getCurves():[],Cn=xn?{secp256k1:Kn.includes("secp256k1")?"secp256k1":void 0,p256:Kn.includes("prime256v1")?"prime256v1":void 0,p384:Kn.includes("secp384r1")?"secp384r1":void 0,p521:Kn.includes("secp521r1")?"secp521r1":void 0,ed25519:Kn.includes("ED25519")?"ED25519":void 0,curve25519:Kn.includes("X25519")?"X25519":void 0,brainpoolP256r1:Kn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,brainpoolP384r1:Kn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,brainpoolP512r1:Kn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Dn={p256:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:te.publicKey.ecdsa,hash:te.hash.sha256,cipher:te.symmetric.aes128,node:Cn.p256,web:Mn.p256,payloadSize:32,sharedSize:256},p384:{oid:[6,5,43,129,4,0,34],keyType:te.publicKey.ecdsa,hash:te.hash.sha384,cipher:te.symmetric.aes192,node:Cn.p384,web:Mn.p384,payloadSize:48,sharedSize:384},p521:{oid:[6,5,43,129,4,0,35],keyType:te.publicKey.ecdsa,hash:te.hash.sha512,cipher:te.symmetric.aes256,node:Cn.p521,web:Mn.p521,payloadSize:66,sharedSize:528},secp256k1:{oid:[6,5,43,129,4,0,10],keyType:te.publicKey.ecdsa,hash:te.hash.sha256,cipher:te.symmetric.aes128,node:Cn.secp256k1,payloadSize:32},ed25519:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:te.publicKey.eddsaLegacy,hash:te.hash.sha512,node:!1,payloadSize:32},curve25519:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:te.publicKey.ecdh,hash:te.hash.sha256,cipher:te.symmetric.aes128,node:!1,payloadSize:32},brainpoolP256r1:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:te.publicKey.ecdsa,hash:te.hash.sha256,cipher:te.symmetric.aes128,node:Cn.brainpoolP256r1,payloadSize:32},brainpoolP384r1:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:te.publicKey.ecdsa,hash:te.hash.sha384,cipher:te.symmetric.aes192,node:Cn.brainpoolP384r1,payloadSize:48},brainpoolP512r1:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:te.publicKey.ecdsa,hash:te.hash.sha512,cipher:te.symmetric.aes256,node:Cn.brainpoolP512r1,payloadSize:64}};class Un{constructor(e,t){try{(ie.isArray(e)||ie.isUint8Array(e))&&(e=new ln(e)),e instanceof ln&&(e=e.getName()),this.name=te.write(te.curve,e)}catch(e){throw new Sn("Unknown curve")}t=t||Dn[this.name],this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node&&Dn[this.name],this.web=t.web&&Dn[this.name],this.payloadSize=t.payloadSize,this.web&&ie.getWebCrypto()?this.type="web":this.node&&ie.getNodeCrypto()?this.type="node":"curve25519"===this.name?this.type="curve25519":"ed25519"===this.name&&(this.type="ed25519")}async genKeyPair(){let e;switch(this.type){case"web":try{return await async function(e){const t=await Pn.generateKey({name:"ECDSA",namedCurve:Mn[e]},!0,["sign","verify"]),r=await Pn.exportKey("jwk",t.privateKey),i=await Pn.exportKey("jwk",t.publicKey);return{publicKey:In(i),privateKey:ue(r.d)}}(this.name)}catch(e){ie.printDebugError("Browser did not support generating ec key "+e.message);break}case"node":return async function(e){const t=xn.createECDH(Cn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519":{const t=$i(32);t[0]=127&t[0]|64,t[31]&=248;const r=t.slice().reverse();e=Gi.box.keyPair.fromSecretKey(r);return{publicKey:ie.concatUint8Array([new Uint8Array([64]),e.publicKey]),privateKey:t}}case"ed25519":{const e=$i(32),t=Gi.sign.keyPair.fromSeed(e);return{publicKey:ie.concatUint8Array([new Uint8Array([64]),t.publicKey]),privateKey:e}}}const t=await bn(this.name);return e=await t.genKeyPair({entropy:ie.uint8ArrayToString($i(32))}),{publicKey:new Uint8Array(e.getPublic("array",!1)),privateKey:e.getPrivate().toArrayLike(Uint8Array)}}}async function Rn(e,t,r,i){const n={p256:!0,p384:!0,p521:!0,secp256k1:!0,curve25519:e===te.publicKey.ecdh,brainpoolP256r1:!0,brainpoolP384r1:!0,brainpoolP512r1:!0},a=t.getName();if(!n[a])return!1;if("curve25519"===a){i=i.slice().reverse();const{publicKey:e}=Gi.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!ie.equalsUint8Array(t,r)}const s=await bn(a);try{r=yn(s,r).getPublic()}catch(e){return!1}return!!pn(s,i).getPublic().eq(r)}function In(e){const t=ue(e.x),r=ue(e.y),i=new Uint8Array(t.length+r.length+1);return i[0]=4,i.set(t,1),i.set(r,t.length+1),i}function Bn(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:he(n,!0),y:he(a,!0),ext:!0}}function Tn(e,t,r,i){const n=Bn(e,t,r);return n.d=he(i,!0),n}const zn=ie.getWebCrypto(),qn=ie.getNodeCrypto();async function Fn(e,t,r,i,n,a){const s=new Un(e);if(r&&!ie.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Tn(e.payloadSize,Mn[e.name],i.publicKey,i.privateKey),s=await zn.importKey("jwk",a,{name:"ECDSA",namedCurve:Mn[e.name],hash:{name:te.read(te.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await zn.sign({name:"ECDSA",namedCurve:Mn[e.name],hash:{name:te.read(te.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;ie.printDebugError("Browser did not support signing: "+e.message)}break;case"node":{const i=await async function(e,t,r,i){const n=qn.createSign(te.read(te.hash,t));n.write(r),n.end();const a=jn.encode({version:1,parameters:e.oid,privateKey:Array.from(i.privateKey),publicKey:{unused:0,data:Array.from(i.publicKey)}},"pem",{label:"EC PRIVATE KEY"});return Nn.decode(n.sign(a),"der")}(s,t,r,e);return{r:i.r.toArrayLike(Uint8Array),s:i.s.toArrayLike(Uint8Array)}}}}return async function(e,t,r){const i=await bn(e.name),n=pn(i,r),a=n.sign(t);return{r:a.r.toArrayLike(Uint8Array),s:a.s.toArrayLike(Uint8Array)}}(s,a,n)}async function On(e,t,r,i,n,a){const s=new Un(e);if(i&&!ie.isStream(i))switch(s.type){case"web":try{return await async function(e,t,{r,s:i},n,a){const s=Bn(e.payloadSize,Mn[e.name],a),o=await zn.importKey("jwk",s,{name:"ECDSA",namedCurve:Mn[e.name],hash:{name:te.read(te.webHash,e.hash)}},!1,["verify"]),c=ie.concatUint8Array([r,i]).buffer;return zn.verify({name:"ECDSA",namedCurve:Mn[e.name],hash:{name:te.read(te.webHash,t)}},o,c,n)}(s,t,r,i,n)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;ie.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":return async function(e,t,{r,s:i},n,a){const{default:s}=await Promise.resolve().then((function(){return py})),o=qn.createVerify(te.read(te.hash,t));o.write(n),o.end();const c=Wn.encode({algorithm:{algorithm:[1,2,840,10045,2,1],parameters:e.oid},subjectPublicKey:{unused:0,data:Array.from(a)}},"pem",{label:"PUBLIC KEY"}),u=Nn.encode({r:new s(r),s:new s(i)},"der");try{return o.verify(c,u)}catch(e){return!1}}(s,t,r,i,n)}return async function(e,t,r,i){const n=await bn(e.name),a=yn(n,i);return a.verify(r,t)}(s,r,void 0===t?i:a,n)}const Ln=qn?o:void 0,Nn=qn?Ln.define("ECDSASignature",(function(){this.seq().obj(this.key("r").int(),this.key("s").int())})):void 0,jn=qn?Ln.define("ECPrivateKey",(function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").explicit(0).optional().any(),this.key("publicKey").explicit(1).optional().bitstr())})):void 0,Hn=qn?Ln.define("AlgorithmIdentifier",(function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional().any())})):void 0,Wn=qn?Ln.define("SubjectPublicKeyInfo",(function(){this.seq().obj(this.key("algorithm").use(Hn),this.key("subjectPublicKey").bitstr())})):void 0;var Gn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Fn,verify:On,validateParams:async function(e,t,r){const i=new Un(e);if(i.keyType!==te.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=$i(8),n=te.hash.sha256,a=await ei.digest(n,i);try{const s=await Fn(e,n,i,t,r,a);return await On(e,n,s,i,t,a)}catch(e){return!1}}default:return Rn(te.publicKey.ecdsa,e,t,r)}}});Gi.hash=e=>new Uint8Array(or().update(e).digest());var Vn=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){if(ei.getHashByteLength(t)new Uint8Array(or().update(e).digest());var Zn=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===te.publicKey.ed25519){const e=$i(32),{publicKey:t}=Gi.sign.keyPair.fromSeed(e);return{A:t,seed:e}}throw Error("Unsupported EdDSA algorithm")},sign:async function(e,t,r,i,n,a){if(ei.getHashByteLength(t)=0;--e)for(let t=o-1;t>=0;--t)c[1]=o*e+(t+1),u[0]=a[0]^c[0],u[1]=a[1]^c[1],u[2]=s[2*t],u[3]=s[2*t+1],u=Qn(r.decrypt(Jn(u))),a=u.subarray(0,2),s[2*t]=u[2],s[2*t+1]=u[3];if(a[0]===i[0]&&a[1]===i[1])return Jn(s);throw Error("Key Data Integrity failed")}function Qn(e){const{length:t}=e,r=function(e){if(ie.isString(e)){const{length:t}=e,r=new ArrayBuffer(t),i=new Uint8Array(r);for(let r=0;r0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(ie.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var ia=/*#__PURE__*/Object.freeze({__proto__:null,encode:ta,decode:ra});const na=ie.getWebCrypto(),aa=ie.getNodeCrypto();function sa(e,t,r,i){return ie.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),ie.stringToUint8Array("Anonymous Sender "),i.subarray(0,20)])}async function oa(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await ei.digest(e,ie.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function ca(e,t){switch(e.type){case"curve25519":{const r=$i(32),{secretKey:i,sharedKey:n}=await ua(e,t,null,r);let{publicKey:a}=Gi.box.keyPair.fromSecretKey(i);return a=ie.concatUint8Array([new Uint8Array([64]),a]),{publicKey:a,sharedKey:n}}case"web":if(e.web&&ie.getWebCrypto())try{return await async function(e,t){const r=Bn(e.payloadSize,e.web.web,t);let i=na.generateKey({name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]),n=na.importKey("jwk",r,{name:"ECDH",namedCurve:e.web.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=na.deriveBits({name:"ECDH",namedCurve:e.web.web,public:n},i.privateKey,e.web.sharedSize),s=na.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(In(s));return{publicKey:c,sharedKey:o}}(e,t)}catch(e){ie.printDebugError(e)}break;case"node":return async function(e,t){const r=aa.createECDH(e.node.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t)),n=new Uint8Array(r.getPublicKey());return{publicKey:n,sharedKey:i}}(e,t)}return async function(e,t){const r=await bn(e.name),i=await e.genKeyPair();t=yn(r,t);const n=pn(r,i.privateKey),a=i.publicKey,s=n.derive(t.getPublic()),o=r.curve.p.byteLength(),c=s.toArrayLike(Uint8Array,"be",o);return{publicKey:a,sharedKey:c}}(e,t)}async function ua(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519":{const e=i.slice().reverse();return{secretKey:e,sharedKey:Gi.scalarMult(e,t.subarray(1))}}case"web":if(e.web&&ie.getWebCrypto())try{return await async function(e,t,r,i){const n=Tn(e.payloadSize,e.web.web,r,i);let a=na.importKey("jwk",n,{name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]);const s=Bn(e.payloadSize,e.web.web,t);let o=na.importKey("jwk",s,{name:"ECDH",namedCurve:e.web.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=na.deriveBits({name:"ECDH",namedCurve:e.web.web,public:o},a,e.web.sharedSize),u=na.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:ue(u.d),sharedKey:h}}(e,t,r,i)}catch(e){ie.printDebugError(e)}break;case"node":return async function(e,t,r){const i=aa.createECDH(e.node.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i)}return async function(e,t,r){const i=await bn(e.name);t=yn(i,t),r=pn(i,r);const n=new Uint8Array(r.getPrivate()),a=r.derive(t.getPublic()),s=i.curve.p.byteLength(),o=a.toArrayLike(Uint8Array,"be",s);return{secretKey:n,sharedKey:o}}(e,t,i)}var ha=/*#__PURE__*/Object.freeze({__proto__:null,validateParams:async function(e,t,r){return Rn(te.publicKey.ecdh,e,t,r)},encrypt:async function(e,t,r,i,n){const a=ta(r),s=new Un(e),{publicKey:o,sharedKey:c}=await ca(s,i),u=sa(te.publicKey.ecdh,e,t,n),{keySize:h}=ri(t.cipher);return{publicKey:o,wrappedKey:Xn(await oa(t.hash,c,h,u),a)}},decrypt:async function(e,t,r,i,n,a,s){const o=new Un(e),{sharedKey:c}=await ua(o,r,n,a),u=sa(te.publicKey.ecdh,e,t,s),{keySize:h}=ri(t.cipher);let d;for(let e=0;e<3;e++)try{return ra(Yn(await oa(t.hash,c,h,u,1===e,2===e),i))}catch(e){d=e}throw d}});const da=ie.getWebCrypto(),fa=ie.getNodeCrypto(),la=fa&&fa.webcrypto&&fa.webcrypto.subtle;async function pa(e,t,r,i,n){const a=te.read(te.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");if(da||la){const e=da||la,s=await e.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await e.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}if(fa){const a=te.read(te.hash,e),s=(e,t)=>fa.createHmac(a,e).update(t).digest(),o=s(r,t),c=o.length,u=Math.ceil(n/c),h=new Uint8Array(u*c),d=new Uint8Array(c+i.length+1);d.set(i,c);for(let e=0;e0?d:d.subarray(c));d.set(t,0),h.set(t,e*c)}return h.subarray(0,n)}throw Error("No HKDF implementation available")}const ya={x25519:ie.encodeUTF8("OpenPGP X25519")};var ba=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===te.publicKey.x25519){const e=$i(32),{publicKey:t}=Gi.box.keyPair.fromSecretKey(e);return{A:t,k:e}}throw Error("Unsupported ECDH algorithm")},validateParams:async function(e,t,r){if(e===te.publicKey.x25519){const{publicKey:e}=Gi.box.keyPair.fromSecretKey(r);return ie.equalsUint8Array(t,e)}return!1},encrypt:async function(e,t,r){if(e===te.publicKey.x25519){const e=$i(32),i=Gi.scalarMult(e,r),{publicKey:n}=Gi.box.keyPair.fromSecretKey(e),a=ie.concatUint8Array([n,r,i]),{keySize:s}=ri(te.symmetric.aes128);return{ephemeralPublicKey:n,wrappedKey:Xn(await pa(te.hash.sha256,a,new Uint8Array,ya.x25519,s),t)}}throw Error("Unsupported ECDH algorithm")},decrypt:async function(e,t,r,i,n){if(e===te.publicKey.x25519){const e=Gi.scalarMult(n,t),a=ie.concatUint8Array([t,i,e]),{keySize:s}=ri(te.symmetric.aes128);return Yn(await pa(te.hash.sha256,a,new Uint8Array,ya.x25519,s),r)}throw Error("Unsupported ECDH algorithm")}}),ma=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Un,ecdh:ha,ecdhX:ba,ecdsa:Gn,eddsaLegacy:Vn,eddsa:Zn,generate:async function(e){const t=await ie.getBigInteger();e=new Un(e);const r=await e.genKeyPair(),i=new t(r.publicKey).toUint8Array(),n=new t(r.privateKey).toUint8Array("be",e.payloadSize);return{oid:e.oid,Q:i,secret:n,hash:e.hash,cipher:e.cipher}},getPreferredHashAlgo:function(e){return Dn[te.write(te.curve,e.toHex())].hash}});var ga=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){const s=await ie.getBigInteger(),o=new s(1);let c,u,h,d;i=new s(i),n=new s(n),r=new s(r),a=new s(a),r=r.mod(i),a=a.mod(n);const f=new s(t.subarray(0,n.byteLength())).mod(n);for(;;){if(c=await Zi(o,n),u=r.modExp(c,i).imod(n),u.isZero())continue;const e=a.mul(u).imod(n);if(d=f.add(e).imod(n),h=c.modInv(n).imul(d).imod(n),!h.isZero())break}return{r:u.toUint8Array("be",n.byteLength()),s:h.toUint8Array("be",n.byteLength())}},verify:async function(e,t,r,i,n,a,s,o){const c=await ie.getBigInteger(),u=new c(0);if(t=new c(t),r=new c(r),a=new c(a),s=new c(s),n=new c(n),o=new c(o),t.lte(u)||t.gte(s)||r.lte(u)||r.gte(s))return ie.printDebug("invalid DSA Signature"),!1;const h=new c(i.subarray(0,s.byteLength())).imod(s),d=r.modInv(s);if(d.isZero())return ie.printDebug("invalid DSA Signature"),!1;n=n.mod(a),o=o.mod(a);const f=h.mul(d).imod(s),l=t.mul(d).imod(s),p=n.modExp(f,a),y=o.modExp(l,a);return p.mul(y).imod(a).imod(s).equal(t)},validateParams:async function(e,t,r,i,n){const a=await ie.getBigInteger();e=new a(e),t=new a(t),r=new a(r),i=new a(i);const s=new a(1);if(r.lte(s)||r.gte(e))return!1;if(!e.dec().mod(t).isZero())return!1;if(!r.modExp(t,e).isOne())return!1;const o=new a(t.bitLength()),c=new a(150);if(o.lt(c)||!await Qi(t,null,32))return!1;n=new a(n);const u=new a(2),h=await Zi(u.leftShift(o.dec()),u.leftShift(o)),d=t.mul(h).add(n);return!!i.equal(r.modExp(d,e))}}),wa={rsa:dn,elgamal:fn,elliptic:ma,dsa:ga,nacl:Gi};var va=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case te.publicKey.rsaEncryptSign:case te.publicKey.rsaEncrypt:case te.publicKey.rsaSign:return{s:ie.readMPI(t.subarray(r))};case te.publicKey.dsa:case te.publicKey.ecdsa:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;return{r:e,s:ie.readMPI(t.subarray(r))}}case te.publicKey.eddsaLegacy:{let e=ie.readMPI(t.subarray(r));r+=e.length+2,e=ie.leftPad(e,32);let i=ie.readMPI(t.subarray(r));return i=ie.leftPad(i,32),{r:e,s:i}}case te.publicKey.ed25519:{const e=t.subarray(r,r+64);return r+=e.length,{RS:e}}default:throw new Sn("Unknown signature algorithm.")}},verify:async function(e,t,r,i,n,a){switch(e){case te.publicKey.rsaEncryptSign:case te.publicKey.rsaEncrypt:case te.publicKey.rsaSign:{const{n:e,e:s}=i,o=ie.leftPad(r.s,e.length);return wa.rsa.verify(t,n,o,e,s,a)}case te.publicKey.dsa:{const{g:e,p:n,q:s,y:o}=i,{r:c,s:u}=r;return wa.dsa.verify(t,c,u,a,e,n,s,o)}case te.publicKey.ecdsa:{const{oid:e,Q:s}=i,o=new wa.elliptic.CurveWithOID(e).payloadSize,c=ie.leftPad(r.r,o),u=ie.leftPad(r.s,o);return wa.elliptic.ecdsa.verify(e,t,{r:c,s:u},n,s,a)}case te.publicKey.eddsaLegacy:{const{oid:e,Q:s}=i;return wa.elliptic.eddsaLegacy.verify(e,t,r,n,s,a)}case te.publicKey.ed25519:{const{A:s}=i;return wa.elliptic.eddsa.verify(e,t,r,n,s,a)}default:throw Error("Unknown signature algorithm.")}},sign:async function(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case te.publicKey.rsaEncryptSign:case te.publicKey.rsaEncrypt:case te.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await wa.rsa.sign(t,n,e,s,o,c,u,h,a)}}case te.publicKey.dsa:{const{g:e,p:n,q:s}=r,{x:o}=i;return wa.dsa.sign(t,a,e,n,s,o)}case te.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case te.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return wa.elliptic.ecdsa.sign(e,t,n,s,o,a)}case te.publicKey.eddsaLegacy:{const{oid:e,Q:s}=r,{seed:o}=i;return wa.elliptic.eddsaLegacy.sign(e,t,n,s,o,a)}case te.publicKey.ed25519:{const{A:s}=r,{seed:o}=i;return wa.elliptic.eddsa.sign(e,t,n,s,o,a)}default:throw Error("Unknown signature algorithm.")}}});class _a{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return ie.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class ka{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Sn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class Aa{static fromObject({wrappedKey:e,algorithm:t}){const r=new Aa;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=e.subarray(t,t+r),t+=r}write(){return ie.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function Sa(e){try{e.getName()}catch(e){throw new Sn("Unknown curve OID")}}var Ea=/*#__PURE__*/Object.freeze({__proto__:null,publicKeyEncrypt:async function(e,t,r,i,n){switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await wa.rsa.encrypt(i,e,t)}}case te.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return wa.elgamal.encrypt(i,e,t,n)}case te.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:a}=r,{publicKey:s,wrappedKey:o}=await wa.elliptic.ecdh.encrypt(e,a,i,t,n);return{V:s,C:new _a(o)}}case te.publicKey.x25519:{if(!ie.isAES(t))throw Error("X25519 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:a,wrappedKey:s}=await wa.elliptic.ecdhX.encrypt(e,i,n);return{ephemeralPublicKey:a,C:Aa.fromObject({algorithm:t,wrappedKey:s})}}default:return[]}},publicKeyDecrypt:async function(e,t,r,i,n,a){switch(e){case te.publicKey.rsaEncryptSign:case te.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return wa.rsa.decrypt(e,n,s,o,c,u,h,a)}case te.publicKey.elgamal:{const{c1:e,c2:n}=i,s=t.p,o=r.x;return wa.elgamal.decrypt(e,n,s,o,a)}case te.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return wa.elliptic.ecdh.decrypt(e,s,c,u.data,a,o,n)}case te.publicKey.x25519:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(!ie.isAES(o.algorithm))throw Error("AES session key expected");return wa.elliptic.ecdhX.decrypt(e,s,o.wrappedKey,n,a)}default:throw Error("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.rsaSign:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;const i=ie.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case te.publicKey.dsa:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;const i=ie.readMPI(t.subarray(r));r+=i.length+2;const n=ie.readMPI(t.subarray(r));r+=n.length+2;const a=ie.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case te.publicKey.elgamal:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;const i=ie.readMPI(t.subarray(r));r+=i.length+2;const n=ie.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case te.publicKey.ecdsa:{const e=new ln;r+=e.read(t),Sa(e);const i=ie.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case te.publicKey.eddsaLegacy:{const e=new ln;r+=e.read(t),Sa(e);let i=ie.readMPI(t.subarray(r));return r+=i.length+2,i=ie.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case te.publicKey.ecdh:{const e=new ln;r+=e.read(t),Sa(e);const i=ie.readMPI(t.subarray(r));r+=i.length+2;const n=new ka;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case te.publicKey.ed25519:case te.publicKey.x25519:{const e=t.subarray(r,r+32);return r+=e.length,{read:r,publicParams:{A:e}}}default:throw new Sn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let i=0;switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.rsaSign:{const e=ie.readMPI(t.subarray(i));i+=e.length+2;const r=ie.readMPI(t.subarray(i));i+=r.length+2;const n=ie.readMPI(t.subarray(i));i+=n.length+2;const a=ie.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case te.publicKey.dsa:case te.publicKey.elgamal:{const e=ie.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case te.publicKey.ecdsa:case te.publicKey.ecdh:{const e=new Un(r.oid);let n=ie.readMPI(t.subarray(i));return i+=n.length+2,n=ie.leftPad(n,e.payloadSize),{read:i,privateParams:{d:n}}}case te.publicKey.eddsaLegacy:{const e=new Un(r.oid);let n=ie.readMPI(t.subarray(i));return i+=n.length+2,n=ie.leftPad(n,e.payloadSize),{read:i,privateParams:{seed:n}}}case te.publicKey.ed25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{seed:e}}}case te.publicKey.x25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{k:e}}}default:throw new Sn("Unknown public key encryption algorithm.")}},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:return{c:ie.readMPI(t.subarray(r))};case te.publicKey.elgamal:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:ie.readMPI(t.subarray(r))}}case te.publicKey.ecdh:{const e=ie.readMPI(t.subarray(r));r+=e.length+2;const i=new _a;return i.read(t.subarray(r)),{V:e,C:i}}case te.publicKey.x25519:{const e=t.subarray(r,r+32);r+=e.length;const i=new Aa;return i.read(t.subarray(r)),{ephemeralPublicKey:e,C:i}}default:throw new Sn("Unknown public key encryption algorithm.")}},serializeParams:function(e,t){const r=new Set([te.publicKey.ed25519,te.publicKey.x25519]),i=Object.keys(t).map((i=>{const n=t[i];return ie.isUint8Array(n)?r.has(e)?n:ie.uint8ArrayToMPI(n):n.write()}));return ie.concatUint8Array(i)},generateParams:function(e,t,r){switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.rsaSign:return wa.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case te.publicKey.ecdsa:return wa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new ln(e),Q:t}})));case te.publicKey.eddsaLegacy:return wa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new ln(e),Q:t}})));case te.publicKey.ecdh:return wa.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new ln(e),Q:t,kdfParams:new ka({hash:i,cipher:n})}})));case te.publicKey.ed25519:return wa.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case te.publicKey.x25519:return wa.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case te.publicKey.dsa:case te.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return wa.rsa.validateParams(e,i,n,a,s,o)}case te.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return wa.dsa.validateParams(e,i,n,a,s)}case te.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return wa.elgamal.validateParams(e,i,n,a)}case te.publicKey.ecdsa:case te.publicKey.ecdh:{const i=wa.elliptic[te.read(te.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case te.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return wa.elliptic.eddsaLegacy.validateParams(i,e,n)}case te.publicKey.ed25519:{const{A:i}=t,{seed:n}=r;return wa.elliptic.eddsa.validateParams(e,i,n)}case te.publicKey.x25519:{const{A:i}=t,{k:n}=r;return wa.elliptic.ecdhX.validateParams(e,i,n)}default:throw Error("Unknown public key algorithm.")}},getPrefixRandom:async function(e){const{blockSize:t}=ri(e),r=await $i(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return ie.concat([r,i])},generateSessionKey:function(e){const{keySize:t}=ri(e);return $i(t)},getAEADMode:function(e){const t=te.read(te.aead,e);return Wi[t]},getCipher:ri,getPreferredCurveHashAlgo:function(e,t){switch(e){case te.publicKey.ecdsa:case te.publicKey.eddsaLegacy:return wa.elliptic.getPreferredHashAlgo(t);case te.publicKey.ed25519:return wa.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}}});const Pa={cipher:Qe,hash:ei,mode:Wi,publicKey:wa,signature:va,random:Xi,pkcs1:an,pkcs5:ia,aesKW:ea};Object.assign(Pa,Ea);var xa="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function Ma(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)}const Ka={arraySet:function(e,t,r,i,n){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+i),n);else for(let a=0;a=0;)e[t]=0}const as=0,ss=1,os=2,cs=29,us=256,hs=us+1+cs,ds=30,fs=19,ls=2*hs+1,ps=15,ys=16,bs=7,ms=256,gs=16,ws=17,vs=18,_s=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],ks=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],As=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],Ss=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],Es=Array(2*(hs+2));ns(Es);const Ps=Array(2*ds);ns(Ps);const xs=Array(512);ns(xs);const Ms=Array(256);ns(Ms);const Ks=Array(cs);ns(Ks);const Cs=Array(ds);function Ds(e,t,r,i,n){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=i,this.max_length=n,this.has_stree=e&&e.length}let Us,Rs,Is;function Bs(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function Ts(e){return e<256?xs[e]:xs[256+(e>>>7)]}function zs(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function qs(e,t,r){e.bi_valid>ys-r?(e.bi_buf|=t<>ys-e.bi_valid,e.bi_valid+=r-ys):(e.bi_buf|=t<>>=1,r<<=1}while(--t>0);return r>>>1}function Ls(e,t,r){const i=Array(ps+1);let n,a,s=0;for(n=1;n<=ps;n++)i[n]=s=s+r[n-1]<<1;for(a=0;a<=t;a++){const t=e[2*a+1];0!==t&&(e[2*a]=Os(i[t]++,t))}}function Ns(e){let t;for(t=0;t8?zs(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function Hs(e,t,r,i){const n=2*t,a=2*r;return e[n]>1;s>=1;s--)Ws(e,r,s);c=a;do{s=e.heap[1],e.heap[1]=e.heap[e.heap_len--],Ws(e,r,1),o=e.heap[1],e.heap[--e.heap_max]=s,e.heap[--e.heap_max]=o,r[2*c]=r[2*s]+r[2*o],e.depth[c]=(e.depth[s]>=e.depth[o]?e.depth[s]:e.depth[o])+1,r[2*s+1]=r[2*o+1]=c,e.heap[1]=c++,Ws(e,r,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){const r=t.dyn_tree,i=t.max_code,n=t.stat_desc.static_tree,a=t.stat_desc.has_stree,s=t.stat_desc.extra_bits,o=t.stat_desc.extra_base,c=t.stat_desc.max_length;let u,h,d,f,l,p,y=0;for(f=0;f<=ps;f++)e.bl_count[f]=0;for(r[2*e.heap[e.heap_max]+1]=0,u=e.heap_max+1;uc&&(f=c,y++),r[2*h+1]=f,h>i||(e.bl_count[f]++,l=0,h>=o&&(l=s[h-o]),p=r[2*h],e.opt_len+=p*(f+l),a&&(e.static_len+=p*(n[2*h+1]+l)));if(0!==y){do{for(f=c-1;0===e.bl_count[f];)f--;e.bl_count[f]--,e.bl_count[f+1]+=2,e.bl_count[c]--,y-=2}while(y>0);for(f=c;0!==f;f--)for(h=e.bl_count[f];0!==h;)d=e.heap[--u],d>i||(r[2*d+1]!==f&&(e.opt_len+=(f-r[2*d+1])*r[2*d],r[2*d+1]=f),h--)}}(e,t),Ls(r,u,e.bl_count)}function $s(e,t,r){let i,n,a=-1,s=t[1],o=0,c=7,u=4;for(0===s&&(c=138,u=3),t[2*(r+1)+1]=65535,i=0;i<=r;i++)n=s,s=t[2*(i+1)+1],++o>=7;i=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}function eo(e,t,r,i){let n,a,s=0;e.level>0?(e.strm.data_type===rs&&(e.strm.data_type=function(e){let t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return es;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return ts;for(t=32;t=3&&0===e.bl_tree[2*Ss[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),n=e.opt_len+3+7>>>3,a=e.static_len+3+7>>>3,a<=n&&(n=a)):n=a=r+5,r+4<=n&&-1!==t?Qs(e,t,r,i):e.strategy===Ja||a===n?(qs(e,(ss<<1)+(i?1:0),3),Gs(e,Es,Ps)):(qs(e,(os<<1)+(i?1:0),3),function(e,t,r,i){let n;for(qs(e,t-257,5),qs(e,r-1,5),qs(e,i-4,4),n=0;n>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(Ms[r]+us+1)]++,e.dyn_dtree[2*Ts(t)]++),e.last_lit===e.lit_bufsize-1}function ro(e,t,r,i){let n=65535&e|0,a=e>>>16&65535|0,s=0;for(;0!==r;){s=r>2e3?2e3:r,r-=s;do{n=n+t[i++]|0,a=a+n|0}while(--s);n%=65521,a%=65521}return n|a<<16|0}const io=function(){let e;const t=[];for(let r=0;r<256;r++){e=r;for(let t=0;t<8;t++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();function no(e,t,r,i){const n=io,a=i+r;e^=-1;for(let r=i;r>>8^n[255&(e^t[r])];return-1^e}var ao={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"};const so=9,oo=3,co=258,uo=co+oo+1,ho=32,fo=42,lo=69,po=73,yo=91,bo=103,mo=113,go=666,wo=1,vo=2,_o=3,ko=4,Ao=3;function So(e,t){return e.msg=ao[t],t}function Eo(e){return(e<<1)-(e>4?9:0)}function Po(e){let t=e.length;for(;--t>=0;)e[t]=0}function xo(e){const t=e.state;let r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(Ba(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function Mo(e,t){eo(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,xo(e.strm)}function Ko(e,t){e.pending_buf[e.pending++]=t}function Co(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function Do(e,t,r,i){let n=e.avail_in;return n>i&&(n=i),0===n?0:(e.avail_in-=n,Ba(t,e.input,e.next_in,n,r),1===e.state.wrap?e.adler=ro(e.adler,t,n,r):2===e.state.wrap&&(e.adler=no(e.adler,t,n,r)),e.next_in+=n,e.total_in+=n,n)}function Uo(e,t){let r,i,n=e.max_chain_length,a=e.strstart,s=e.prev_length,o=e.nice_match;const c=e.strstart>e.w_size-uo?e.strstart-(e.w_size-uo):0,u=e.window,h=e.w_mask,d=e.prev,f=e.strstart+co;let l=u[a+s-1],p=u[a+s];e.prev_length>=e.good_match&&(n>>=2),o>e.lookahead&&(o=e.lookahead);do{if(r=t,u[r+s]===p&&u[r+s-1]===l&&u[r]===u[a]&&u[++r]===u[a+1]){a+=2,r++;do{}while(u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&as){if(e.match_start=t,s=i,i>=o)break;l=u[a+s-1],p=u[a+s]}}}while((t=d[t&h])>c&&0!=--n);return s<=e.lookahead?s:e.lookahead}function Ro(e){const t=e.w_size;let r,i,n,a,s;do{if(a=e.window_size-e.lookahead-e.strstart,e.strstart>=t+(t-uo)){Ba(e.window,e.window,t,t,0),e.match_start-=t,e.strstart-=t,e.block_start-=t,i=e.hash_size,r=i;do{n=e.head[--r],e.head[r]=n>=t?n-t:0}while(--i);i=t,r=i;do{n=e.prev[--r],e.prev[r]=n>=t?n-t:0}while(--i);a+=t}if(0===e.strm.avail_in)break;if(i=Do(e.strm,e.window,e.strstart+e.lookahead,a),e.lookahead+=i,e.lookahead+e.insert>=oo)for(s=e.strstart-e.insert,e.ins_h=e.window[s],e.ins_h=(e.ins_h<=oo&&(e.ins_h=(e.ins_h<=oo)if(i=to(e,e.strstart-e.match_start,e.match_length-oo),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=oo){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<=oo&&(e.ins_h=(e.ins_h<4096)&&(e.match_length=oo-1)),e.prev_length>=oo&&e.match_length<=e.prev_length){n=e.strstart+e.lookahead-oo,i=to(e,e.strstart-1-e.prev_match,e.prev_length-oo),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=n&&(e.ins_h=(e.ins_h<e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(Ro(e),0===e.lookahead&&t===Ta)return wo;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;const i=e.block_start+r;if((0===e.strstart||e.strstart>=i)&&(e.lookahead=e.strstart-i,e.strstart=i,Mo(e,!1),0===e.strm.avail_out))return wo;if(e.strstart-e.block_start>=e.w_size-uo&&(Mo(e,!1),0===e.strm.avail_out))return wo}return e.insert=0,t===Oa?(Mo(e,!0),0===e.strm.avail_out?_o:ko):(e.strstart>e.block_start&&(Mo(e,!1),e.strm.avail_out),wo)})),new To(4,4,8,4,Io),new To(4,5,16,8,Io),new To(4,6,32,32,Io),new To(4,4,16,16,Bo),new To(8,16,32,32,Bo),new To(8,16,128,128,Bo),new To(8,32,128,256,Bo),new To(32,128,258,1024,Bo),new To(32,258,258,4096,Bo)];class qo{constructor(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=is,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new Ua(1146),this.dyn_dtree=new Ua(122),this.bl_tree=new Ua(78),Po(this.dyn_ltree),Po(this.dyn_dtree),Po(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new Ua(16),this.heap=new Ua(573),Po(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new Ua(573),Po(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}}function Fo(e){const t=function(e){let t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=rs,t=e.state,t.pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?fo:mo,e.adler=2===t.wrap?0:1,t.last_flush=Ta,Ys(t),ja):So(e,Ga)}(e);return t===ja&&function(e){e.window_size=2*e.w_size,Po(e.head),e.max_lazy_match=zo[e.level].max_lazy,e.good_match=zo[e.level].good_length,e.nice_match=zo[e.level].nice_length,e.max_chain_length=zo[e.level].max_chain,e.strstart=0,e.block_start=0,e.lookahead=0,e.insert=0,e.match_length=e.prev_length=oo-1,e.match_available=0,e.ins_h=0}(e.state),t}function Oo(e,t){let r,i,n,a;if(!e||!e.state||t>La||t<0)return e?So(e,Ga):Ga;if(i=e.state,!e.output||!e.input&&0!==e.avail_in||i.status===go&&t!==Oa)return So(e,0===e.avail_out?$a:Ga);if(i.strm=e,r=i.last_flush,i.last_flush=t,i.status===fo)if(2===i.wrap)e.adler=0,Ko(i,31),Ko(i,139),Ko(i,8),i.gzhead?(Ko(i,(i.gzhead.text?1:0)+(i.gzhead.hcrc?2:0)+(i.gzhead.extra?4:0)+(i.gzhead.name?8:0)+(i.gzhead.comment?16:0)),Ko(i,255&i.gzhead.time),Ko(i,i.gzhead.time>>8&255),Ko(i,i.gzhead.time>>16&255),Ko(i,i.gzhead.time>>24&255),Ko(i,9===i.level?2:i.strategy>=Ya||i.level<2?4:0),Ko(i,255&i.gzhead.os),i.gzhead.extra&&i.gzhead.extra.length&&(Ko(i,255&i.gzhead.extra.length),Ko(i,i.gzhead.extra.length>>8&255)),i.gzhead.hcrc&&(e.adler=no(e.adler,i.pending_buf,i.pending,0)),i.gzindex=0,i.status=lo):(Ko(i,0),Ko(i,0),Ko(i,0),Ko(i,0),Ko(i,0),Ko(i,9===i.level?2:i.strategy>=Ya||i.level<2?4:0),Ko(i,Ao),i.status=mo);else{let t=is+(i.w_bits-8<<4)<<8,r=-1;r=i.strategy>=Ya||i.level<2?0:i.level<6?1:6===i.level?2:3,t|=r<<6,0!==i.strstart&&(t|=ho),t+=31-t%31,i.status=mo,Co(i,t),0!==i.strstart&&(Co(i,e.adler>>>16),Co(i,65535&e.adler)),e.adler=1}if(i.status===lo)if(i.gzhead.extra){for(n=i.pending;i.gzindex<(65535&i.gzhead.extra.length)&&(i.pending!==i.pending_buf_size||(i.gzhead.hcrc&&i.pending>n&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),xo(e),n=i.pending,i.pending!==i.pending_buf_size));)Ko(i,255&i.gzhead.extra[i.gzindex]),i.gzindex++;i.gzhead.hcrc&&i.pending>n&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),i.gzindex===i.gzhead.extra.length&&(i.gzindex=0,i.status=po)}else i.status=po;if(i.status===po)if(i.gzhead.name){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),xo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.gzindex=0,i.status=yo)}else i.status=yo;if(i.status===yo)if(i.gzhead.comment){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),xo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=no(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.status=bo)}else i.status=bo;if(i.status===bo&&(i.gzhead.hcrc?(i.pending+2>i.pending_buf_size&&xo(e),i.pending+2<=i.pending_buf_size&&(Ko(i,255&e.adler),Ko(i,e.adler>>8&255),e.adler=0,i.status=mo)):i.status=mo),0!==i.pending){if(xo(e),0===e.avail_out)return i.last_flush=-1,ja}else if(0===e.avail_in&&Eo(t)<=Eo(r)&&t!==Oa)return So(e,$a);if(i.status===go&&0!==e.avail_in)return So(e,$a);if(0!==e.avail_in||0!==i.lookahead||t!==Ta&&i.status!==go){var s=i.strategy===Ya?function(e,t){let r;for(;;){if(0===e.lookahead&&(Ro(e),0===e.lookahead)){if(t===Ta)return wo;break}if(e.match_length=0,r=to(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(Mo(e,!1),0===e.strm.avail_out))return wo}return e.insert=0,t===Oa?(Mo(e,!0),0===e.strm.avail_out?_o:ko):e.last_lit&&(Mo(e,!1),0===e.strm.avail_out)?wo:vo}(i,t):i.strategy===Qa?function(e,t){let r,i,n,a;const s=e.window;for(;;){if(e.lookahead<=co){if(Ro(e),e.lookahead<=co&&t===Ta)return wo;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=oo&&e.strstart>0&&(n=e.strstart-1,i=s[n],i===s[++n]&&i===s[++n]&&i===s[++n])){a=e.strstart+co;do{}while(i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&ne.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=oo?(r=to(e,1,e.match_length-oo),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=to(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(Mo(e,!1),0===e.strm.avail_out))return wo}return e.insert=0,t===Oa?(Mo(e,!0),0===e.strm.avail_out?_o:ko):e.last_lit&&(Mo(e,!1),0===e.strm.avail_out)?wo:vo}(i,t):zo[i.level].func(i,t);if(s!==_o&&s!==ko||(i.status=go),s===wo||s===_o)return 0===e.avail_out&&(i.last_flush=-1),ja;if(s===vo&&(t===za?Js(i):t!==La&&(Qs(i,0,0,!1),t===Fa&&(Po(i.head),0===i.lookahead&&(i.strstart=0,i.block_start=0,i.insert=0))),xo(e),0===e.avail_out))return i.last_flush=-1,ja}return t!==Oa?ja:i.wrap<=0?Ha:(2===i.wrap?(Ko(i,255&e.adler),Ko(i,e.adler>>8&255),Ko(i,e.adler>>16&255),Ko(i,e.adler>>24&255),Ko(i,255&e.total_in),Ko(i,e.total_in>>8&255),Ko(i,e.total_in>>16&255),Ko(i,e.total_in>>24&255)):(Co(i,e.adler>>>16),Co(i,65535&e.adler)),xo(e),i.wrap>0&&(i.wrap=-i.wrap),0!==i.pending?ja:Ha)}try{String.fromCharCode.call(null,0)}catch(e){}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){}const Lo=new Da(256);for(let e=0;e<256;e++)Lo[e]=e>=252?6:e>=248?5:e>=240?4:e>=224?3:e>=192?2:1;function No(e){let t,r,i,n,a=0;const s=e.length;for(i=0;i>>6,o[n++]=128|63&t):t<65536?(o[n++]=224|t>>>12,o[n++]=128|t>>>6&63,o[n++]=128|63&t):(o[n++]=240|t>>>18,o[n++]=128|t>>>12&63,o[n++]=128|t>>>6&63,o[n++]=128|63&t);return o}Lo[254]=Lo[254]=1;class jo{constructor(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}}class Ho{constructor(e){this.options={level:Za,method:is,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,...e||{}};const t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new jo,this.strm.avail_out=0;var r,i,n=function(e,t,r,i,n,a){if(!e)return Ga;let s=1;if(t===Za&&(t=6),i<0?(s=0,i=-i):i>15&&(s=2,i-=16),n<1||n>so||r!==is||i<8||i>15||t<0||t>9||a<0||a>Ja)return So(e,Ga);8===i&&(i=9);const o=new qo;return e.state=o,o.strm=e,o.wrap=s,o.gzhead=null,o.w_bits=i,o.w_size=1<=r.w_size&&(0===a&&(Po(r.head),r.strstart=0,r.block_start=0,r.insert=0),u=new Da(r.w_size),Ba(u,t,h-r.w_size,r.w_size,0),t=u,h=r.w_size),s=e.avail_in,o=e.next_in,c=e.input,e.avail_in=h,e.next_in=0,e.input=t,Ro(r);r.lookahead>=oo;){i=r.strstart,n=r.lookahead-(oo-1);do{r.ins_h=(r.ins_h<0||0===r.avail_out)&&n!==Ha);return a===Oa?(n=function(e){let t;return e&&e.state?(t=e.state.status,t!==fo&&t!==lo&&t!==po&&t!==yo&&t!==bo&&t!==mo&&t!==go?So(e,Ga):(e.state=null,t===mo?So(e,Va):ja)):Ga}(this.strm),this.onEnd(n),this.ended=!0,n===ja):a!==qa||(this.onEnd(ja),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===ja&&(this.result=Ia(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}const Wo=30,Go=12;function Vo(e,t){let r,i,n,a,s,o,c,u,h,d;const f=e.state;r=e.next_in;const l=e.input,p=r+(e.avail_in-5);i=e.next_out;const y=e.output,b=i-(t-e.avail_out),m=i+(e.avail_out-257),g=f.dmax,w=f.wsize,v=f.whave,_=f.wnext,k=f.window;n=f.hold,a=f.bits;const A=f.lencode,S=f.distcode,E=(1<>>24,n>>>=o,a-=o,o=s>>>16&255,0===o)y[i++]=65535&s;else{if(!(16&o)){if(0==(64&o)){s=A[(65535&s)+(n&(1<>>=o,a-=o),a<15&&(n+=l[r++]<>>24,n>>>=o,a-=o,o=s>>>16&255,!(16&o)){if(0==(64&o)){s=S[(65535&s)+(n&(1<g){e.msg="invalid distance too far back",f.mode=Wo;break e}if(n>>>=o,a-=o,o=i-b,u>o){if(o=u-o,o>v&&f.sane){e.msg="invalid distance too far back",f.mode=Wo;break e}if(h=0,d=k,0===_){if(h+=w-o,o2;)y[i++]=d[h++],y[i++]=d[h++],y[i++]=d[h++],c-=3;c&&(y[i++]=d[h++],c>1&&(y[i++]=d[h++]))}else{h=i-u;do{y[i++]=y[h++],y[i++]=y[h++],y[i++]=y[h++],c-=3}while(c>2);c&&(y[i++]=y[h++],c>1&&(y[i++]=y[h++]))}break}}break}}while(r>3,r-=c,a-=c<<3,n&=(1<=1&&0===P[m];m--);if(g>m&&(g=m),0===m)return n[a++]=20971520,n[a++]=20971520,o.bits=1,0;for(b=1;b0&&(e===Yo||1!==m))return-1;for(x[1]=0,p=1;p<$o;p++)x[p+1]=x[p]+P[p];for(y=0;yZo||e===Jo&&k>Xo)return 1;for(;;){M=p-v,s[y]l?(K=D[U+s[y]],C=S[E+s[y]]):(K=96,C=0),u=1<>v)+h]=M<<24|K<<16|C|0}while(0!==h);for(u=1<>=1;if(0!==u?(A&=u-1,A+=u):A=0,y++,0==--P[p]){if(p===m)break;p=t[r+s[y]]}if(p>g&&(A&R)!==d){for(0===v&&(v=g),f+=b,w=p-v,_=1<Zo||e===Jo&&k>Xo)return 1;d=A&R,n[d]=g<<24|w<<16|f-a|0}}return 0!==A&&(n[f+A]=p-v<<24|64<<16|0),o.bits=g,0}const ac=0,sc=1,oc=2,cc=1,uc=2,hc=3,dc=4,fc=5,lc=6,pc=7,yc=8,bc=9,mc=10,gc=11,wc=12,vc=13,_c=14,kc=15,Ac=16,Sc=17,Ec=18,Pc=19,xc=20,Mc=21,Kc=22,Cc=23,Dc=24,Uc=25,Rc=26,Ic=27,Bc=28,Tc=29,zc=30,qc=852,Fc=592;function Oc(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}class Lc{constructor(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Ua(320),this.work=new Ua(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}}function Nc(e){let t;return e&&e.state?(t=e.state,t.wsize=0,t.whave=0,t.wnext=0,function(e){let t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=cc,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new Ra(qc),t.distcode=t.distdyn=new Ra(Fc),t.sane=1,t.back=-1,ja):Ga}(e)):Ga}function jc(e,t){let r,i;return e?(i=new Lc,e.state=i,i.window=null,r=function(e,t){let r,i;return e&&e.state?(i=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?Ga:(null!==i.window&&i.wbits!==t&&(i.window=null),i.wrap=r,i.wbits=t,Nc(e))):Ga}(e,t),r!==ja&&(e.state=null),r):Ga}let Hc,Wc,Gc=!0;function Vc(e){if(Gc){let t;for(Hc=new Ra(512),Wc=new Ra(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(nc(sc,e.lens,0,288,Hc,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;nc(oc,e.lens,0,32,Wc,0,e.work,{bits:5}),Gc=!1}e.lencode=Hc,e.lenbits=9,e.distcode=Wc,e.distbits=5}function $c(e,t,r,i){let n;const a=e.state;return null===a.window&&(a.wsize=1<=a.wsize?(Ba(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):(n=a.wsize-a.wnext,n>i&&(n=i),Ba(a.window,t,r-i,n,a.wnext),(i-=n)?(Ba(a.window,t,r-i,i,0),a.wnext=i,a.whave=a.wsize):(a.wnext+=n,a.wnext===a.wsize&&(a.wnext=0),a.whave>>8&255,r.check=no(r.check,x,2,0),u=0,h=0,r.mode=uc;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&u)<<8)+(u>>8))%31){e.msg="incorrect header check",r.mode=zc;break}if((15&u)!==is){e.msg="unknown compression method",r.mode=zc;break}if(u>>>=4,h-=4,k=8+(15&u),0===r.wbits)r.wbits=k;else if(k>r.wbits){e.msg="invalid window size",r.mode=zc;break}r.dmax=1<>8&1),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=no(r.check,x,2,0)),u=0,h=0,r.mode=hc;case hc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>8&255,x[2]=u>>>16&255,x[3]=u>>>24&255,r.check=no(r.check,x,4,0)),u=0,h=0,r.mode=dc;case dc:for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>8),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=no(r.check,x,2,0)),u=0,h=0,r.mode=fc;case fc:if(1024&r.flags){for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>>8&255,r.check=no(r.check,x,2,0)),u=0,h=0}else r.head&&(r.head.extra=null);r.mode=lc;case lc:if(1024&r.flags&&(l=r.length,l>o&&(l=o),l&&(r.head&&(k=r.head.extra_len-r.length,r.head.extra||(r.head.extra=Array(r.head.extra_len)),Ba(r.head.extra,i,a,l,k)),512&r.flags&&(r.check=no(r.check,i,l,a)),o-=l,a+=l,r.length-=l),r.length))break e;r.length=0,r.mode=pc;case pc:if(2048&r.flags){if(0===o)break e;l=0;do{k=i[a+l++],r.head&&k&&r.length<65536&&(r.head.name+=String.fromCharCode(k))}while(k&&l>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=wc;break;case mc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>=7&h,h-=7&h,r.mode=Ic;break}for(;h<3;){if(0===o)break e;o--,u+=i[a++]<>>=1,h-=1,3&u){case 0:r.mode=_c;break;case 1:if(Vc(r),r.mode=xc,t===Na){u>>>=2,h-=2;break e}break;case 2:r.mode=Sc;break;case 3:e.msg="invalid block type",r.mode=zc}u>>>=2,h-=2;break;case _c:for(u>>>=7&h,h-=7&h;h<32;){if(0===o)break e;o--,u+=i[a++]<>>16^65535)){e.msg="invalid stored block lengths",r.mode=zc;break}if(r.length=65535&u,u=0,h=0,r.mode=kc,t===Na)break e;case kc:r.mode=Ac;case Ac:if(l=r.length,l){if(l>o&&(l=o),l>c&&(l=c),0===l)break e;Ba(n,i,a,l,s),o-=l,a+=l,c-=l,s+=l,r.length-=l;break}r.mode=wc;break;case Sc:for(;h<14;){if(0===o)break e;o--,u+=i[a++]<>>=5,h-=5,r.ndist=1+(31&u),u>>>=5,h-=5,r.ncode=4+(15&u),u>>>=4,h-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=zc;break}r.have=0,r.mode=Ec;case Ec:for(;r.have>>=3,h-=3}for(;r.have<19;)r.lens[M[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,S={bits:r.lenbits},A=nc(ac,r.lens,0,19,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid code lengths set",r.mode=zc;break}r.have=0,r.mode=Pc;case Pc:for(;r.have>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=b,h-=b,r.lens[r.have++]=g;else{if(16===g){for(E=b+2;h>>=b,h-=b,0===r.have){e.msg="invalid bit length repeat",r.mode=zc;break}k=r.lens[r.have-1],l=3+(3&u),u>>>=2,h-=2}else if(17===g){for(E=b+3;h>>=b,h-=b,k=0,l=3+(7&u),u>>>=3,h-=3}else{for(E=b+7;h>>=b,h-=b,k=0,l=11+(127&u),u>>>=7,h-=7}if(r.have+l>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=zc;break}for(;l--;)r.lens[r.have++]=k}}if(r.mode===zc)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=zc;break}if(r.lenbits=9,S={bits:r.lenbits},A=nc(sc,r.lens,0,r.nlen,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid literal/lengths set",r.mode=zc;break}if(r.distbits=6,r.distcode=r.distdyn,S={bits:r.distbits},A=nc(oc,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,S),r.distbits=S.bits,A){e.msg="invalid distances set",r.mode=zc;break}if(r.mode=xc,t===Na)break e;case xc:r.mode=Mc;case Mc:if(o>=6&&c>=258){e.next_out=s,e.avail_out=c,e.next_in=a,e.avail_in=o,r.hold=u,r.bits=h,Vo(e,f),s=e.next_out,n=e.output,c=e.avail_out,a=e.next_in,i=e.input,o=e.avail_in,u=r.hold,h=r.bits,r.mode===wc&&(r.back=-1);break}for(r.back=0;P=r.lencode[u&(1<>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,m=P>>>16&255,g=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,r.length=g,0===m){r.mode=Rc;break}if(32&m){r.back=-1,r.mode=wc;break}if(64&m){e.msg="invalid literal/length code",r.mode=zc;break}r.extra=15&m,r.mode=Kc;case Kc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=Cc;case Cc:for(;P=r.distcode[u&(1<>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,m=P>>>16&255,g=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,64&m){e.msg="invalid distance code",r.mode=zc;break}r.offset=g,r.extra=15&m,r.mode=Dc;case Dc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=zc;break}r.mode=Uc;case Uc:if(0===c)break e;if(l=f-c,r.offset>l){if(l=r.offset-l,l>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=zc;break}l>r.wnext?(l-=r.wnext,p=r.wsize-l):p=r.wnext-l,l>r.length&&(l=r.length),y=r.window}else y=n,p=s-r.offset,l=r.length;l>c&&(l=c),c-=l,r.length-=l;do{n[s++]=y[p++]}while(--l);0===r.length&&(r.mode=Mc);break;case Rc:if(0===c)break e;n[s++]=r.length,c--,r.mode=Mc;break;case Ic:if(r.wrap){for(;h<32;){if(0===o)break e;o--,u|=i[a++]<=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new jo,this.strm.avail_out=0;let r=jc(this.strm,t.windowBits);if(r!==ja)throw Error(ao[r]);if(this.header=new Yc,function(e,t){let r;e&&e.state&&(r=e.state,0==(2&r.wrap)||(r.head=t,t.done=!1))}(this.strm,this.header),t.dictionary&&("string"==typeof t.dictionary?t.dictionary=No(t.dictionary):t.dictionary instanceof ArrayBuffer&&(t.dictionary=new Uint8Array(t.dictionary)),t.raw&&(r=Xc(this.strm,t.dictionary),r!==ja)))throw Error(ao[r])}push(e,t){const{strm:r,options:{chunkSize:i,dictionary:n}}=this;let a,s,o=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?Oa:Ta,"string"==typeof e?r.input=function(e){const t=new Da(e.length);for(let r=0,i=t.length;r0||0===r.avail_out)&&a!==Ha);return a===Ha&&(s=Oa),s===Oa?(a=function(e){if(!e||!e.state)return Ga;const t=e.state;return t.window&&(t.window=null),e.state=null,ja}(this.strm),this.onEnd(a),this.ended=!0,a===ja):s!==qa||(this.onEnd(ja),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===ja&&(this.result=Ia(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}var Jc=[0,1,3,7,15,31,63,127,255],eu=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};eu.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},eu.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Jc[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var i=r-e;t|=(this.curByte&Jc[e]<>i,this.bitOffset+=e,e=0}}return t},eu.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},eu.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var tu=eu,ru=function(){};ru.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},ru.prototype.read=function(e,t,r){for(var i=0;i>>0},this.updateCRC=function(t){e=e<<8^iu[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^iu[255&(e>>>24^t)]}}),su=function(e,t){var r,i=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=i,i},ou={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},cu={};cu[ou.LAST_BLOCK]="Bad file checksum",cu[ou.NOT_BZIP_DATA]="Not bzip data",cu[ou.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",cu[ou.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",cu[ou.DATA_ERROR]="Data error",cu[ou.OUT_OF_MEMORY]="Out of memory",cu[ou.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var uu=function(e,t){var r=cu[e]||"unknown error";t&&(r+=": "+t);var i=new TypeError(r);throw i.errorCode=e,i},hu=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};hu.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new au,!0):(this.writeCount=-1,!1)},hu.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||uu(ou.NOT_BZIP_DATA,"bad magic");var i=r[3]-48;(i<1||i>9)&&uu(ou.NOT_BZIP_DATA,"level out of range"),this.reader=new tu(e),this.dbufSize=1e5*i,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},hu.prototype._get_next_block=function(){var e,t,r,i=this.reader,n=i.pi();if("177245385090"===n)return!1;"314159265359"!==n&&uu(ou.NOT_BZIP_DATA),this.targetBlockCRC=i.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,i.read(1)&&uu(ou.OBSOLETE_INPUT);var a=i.read(24);a>this.dbufSize&&uu(ou.DATA_ERROR,"initial position out of bounds");var s=i.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(s&1<<15-e){var u=16*e;for(r=i.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=u+t)}var h=i.read(3);(h<2||h>6)&&uu(ou.DATA_ERROR);var d=i.read(15);0===d&&uu(ou.DATA_ERROR);var f=new Uint8Array(256);for(e=0;e=h&&uu(ou.DATA_ERROR);l[e]=su(f,t)}var p,y=c+2,b=[];for(t=0;t20)&&uu(ou.DATA_ERROR),i.read(1);)i.read(1)?s--:s++;w[e]=s}for(m=g=w[0],e=1;eg?g=w[e]:w[e]=d&&uu(ou.DATA_ERROR),p=b[l[P++]]),e=p.minLen,t=i.read(e);e>p.maxLen&&uu(ou.DATA_ERROR),!(t<=p.limit[e]);e++)t=t<<1|i.read(1);((t-=p.base[e])<0||t>=258)&&uu(ou.DATA_ERROR);var M=p.permute[t];if(0!==M&&1!==M){if(S)for(S=0,E+s>this.dbufSize&&uu(ou.DATA_ERROR),k[A=o[f[0]]]+=s;s--;)x[E++]=A;if(M>c)break;E>=this.dbufSize&&uu(ou.DATA_ERROR),k[A=o[A=su(f,e=M-1)]]++,x[E++]=A}else S||(S=1,s=0),s+=0===M?S:2*S,S<<=1}for((a<0||a>=E)&&uu(ou.DATA_ERROR),t=0,e=0;e<256;e++)r=t+k[e],k[e]=t,t=r;for(e=0;e>=8,D=-1),this.writePos=K,this.writeCurrent=C,this.writeCount=E,this.writeRun=D,!0},hu.prototype._read_bunzip=function(e,t){var r,i,n;if(this.writeCount<0)return 0;var a=this.dbuf,s=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var u=this.writeRun;c;){for(c--,i=o,o=255&(s=a[s]),s>>=8,3==u++?(r=o,n=i,o=-1):(r=1,n=o),this.blockCRC.updateCRCRun(n,r);r--;)this.outputStream.writeByte(n),this.nextoutput++;o!=i&&(u=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&uu(ou.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var du=function(e){if("readByte"in e)return e;var t=new nu;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},fu=function(e){var t=new nu,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var lu=function(e,t,r){for(var i=du(e),n=fu(t),a=new hu(i,n);!("eof"in i)||!i.eof();)if(a._init_block())a._read_bunzip();else{var s=a.reader.read(32)>>>0;if(s!==a.streamCRC&&uu(ou.DATA_ERROR,"Bad stream CRC (got "+a.streamCRC.toString(16)+" expected "+s.toString(16)+")"),!r||!("eof"in i)||i.eof())break;a._start_bunzip(i,n)}if("getBuffer"in n)return n.getBuffer()};class pu{static get tag(){return te.packet.literalData}constructor(e=new Date){this.format=te.literal.utf8,this.date=ie.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=te.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||ie.isStream(this.text))&&(this.text=ie.decodeUTF8(ie.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=ie.canonicalizeEOL(ie.encodeUTF8(this.text))),e?G(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await H(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=ie.decodeUTF8(await e.readBytes(r)),this.date=ie.readDate(await e.readBytes(4));let i=e.remainder();l(i)&&(i=await Z(i)),this.setBytes(i,t)}))}writeHeader(){const e=ie.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=ie.writeDate(this.date);return ie.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return ie.concat([e,t])}}const yu=Symbol("verified"),bu=new Set([te.signatureSubpacket.issuer,te.signatureSubpacket.issuerFingerprint,te.signatureSubpacket.embeddedSignature]);class mu{static get tag(){return te.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.signedHashValue=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new _e,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.revoked=null,this[yu]=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version)throw new Sn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[t++],this.publicKeyAlgorithm=e[t++],this.hashAlgorithm=e[t++],t+=this.readSubPackets(e.subarray(t,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");this.signatureData=e.subarray(0,t),t+=this.readSubPackets(e.subarray(t,e.length),!1),this.signedHashValue=e.subarray(t,t+2),t+=2,this.params=Pa.signature.parseSignatureParams(this.publicKeyAlgorithm,e.subarray(t,e.length))}writeParams(){return this.params instanceof Promise?Y((async()=>Pa.serializeParams(this.publicKeyAlgorithm,await this.params))):Pa.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),e.push(this.writeParams()),ie.concat(e)}async sign(e,t,r=new Date,i=!1){5===e.version?this.version=5:this.version=4;const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];this.created=ie.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID(),n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=ie.concat(n);const a=this.toHash(this.signatureType,t,i),s=await this.hash(this.signatureType,t,a,i);this.signedHashValue=$(W(s),0,2);const o=async()=>Pa.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await Z(s));ie.isStream(s)?this.params=o():(this.params=await o(),this[yu]=!0)}writeHashedSubPackets(){const e=te.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(gu(e.signatureCreationTime,!0,ie.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(gu(e.signatureExpirationTime,!0,ie.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(gu(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(gu(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(gu(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(gu(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(gu(e.keyExpirationTime,!0,ie.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(gu(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=ie.concat([r,this.revocationKeyFingerprint]),t.push(gu(e.revocationKey,!1,r))),this.issuerKeyID.isNull()||5===this.issuerKeyVersion||t.push(gu(e.issuer,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=ie.encodeUTF8(i);r.push(ie.writeNumber(o.length,2)),r.push(ie.writeNumber(n.length,2)),r.push(o),r.push(n),r=ie.concat(r),t.push(gu(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(gu(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(gu(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.keyServerPreferences)),t.push(gu(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(gu(e.preferredKeyServer,!1,ie.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(gu(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(gu(e.policyURI,!1,ie.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.keyFlags)),t.push(gu(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(gu(e.signersUserID,!1,ie.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=ie.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(gu(e.reasonForRevocation,!0,r))),null!==this.features&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.features)),t.push(gu(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(ie.stringToUint8Array(this.signatureTargetHash)),r=ie.concat(r),t.push(gu(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(gu(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=ie.concat(r),t.push(gu(e.issuerFingerprint,5===this.version,r))),null!==this.preferredAEADAlgorithms&&(r=ie.stringToUint8Array(ie.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(gu(e.preferredAEADAlgorithms,!1,r)));const i=ie.concat(t),n=ie.writeNumber(i.length,2);return ie.concat([n,i])}writeUnhashedSubPackets(){const e=[];this.unhashedSubpackets.forEach((t=>{e.push(gn(t.length)),e.push(t)}));const t=ie.concat(e),r=ie.writeNumber(t.length,2);return ie.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(t||(this.unhashedSubpackets.push(e.subarray(r,e.length)),bu.has(n)))switch(r++,n){case te.signatureSubpacket.signatureCreationTime:this.created=ie.readDate(e.subarray(r,e.length));break;case te.signatureSubpacket.signatureExpirationTime:{const t=ie.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case te.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case te.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case te.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case te.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case te.signatureSubpacket.keyExpirationTime:{const t=ie.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case te.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case te.signatureSubpacket.issuer:this.issuerKeyID.read(e.subarray(r,e.length));break;case te.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=ie.readNumber(e.subarray(r,r+2));r+=2;const a=ie.readNumber(e.subarray(r,r+2));r+=2;const s=ie.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=ie.decodeUTF8(o));break}case te.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=ie.decodeUTF8(e.subarray(r,e.length));break;case te.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case te.signatureSubpacket.policyURI:this.policyURI=ie.decodeUTF8(e.subarray(r,e.length));break;case te.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.signersUserID:this.signersUserID=ie.decodeUTF8(e.subarray(r,e.length));break;case te.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=ie.decodeUTF8(e.subarray(r,e.length));break;case te.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case te.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Pa.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=ie.uint8ArrayToString(e.subarray(r,r+t));break}case te.signatureSubpacket.embeddedSignature:this.embeddedSignature=new mu,this.embeddedSignature.read(e.subarray(r,e.length));break;case te.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),5===this.issuerKeyVersion?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case te.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;default:{const e=Error("Unknown signature subpacket type "+n);if(i)throw e;ie.printDebug(e)}}}readSubPackets(e,t=!0,r){const i=ie.readNumber(e.subarray(0,2));let n=2;for(;n<2+i;){const i=mn(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=te.signature;switch(e){case r.binary:return null!==t.text?ie.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return ie.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return ie.concat([this.toSign(r.key,t),new Uint8Array([i]),ie.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return ie.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return N(W(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==te.signature.binary&&this.signatureType!==te.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(ie.writeNumber(r,4)),ie.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return ie.concat([i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){return r||(r=this.toHash(e,t,i)),Pa.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=de){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===te.signature.binary||t===te.signature.text;if(!(this[yu]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await Z(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[yu]=await Pa.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,i,a),!this[yu])throw Error("Signature verification failed")}const o=ie.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+te.read(te.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[te.signature.binary,te.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+te.read(te.hash,this.hashAlgorithm).toUpperCase());if(this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=ie.normalizeDate(e);return null!==t&&!(this.created<=t&&tmu.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==te.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function vu(e,t){if(!t[e]){let t;try{t=te.read(te.packet,e)}catch(t){throw new Sn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}wu.prototype.hash=mu.prototype.hash,wu.prototype.toHash=mu.prototype.toHash,wu.prototype.toSign=mu.prototype.toSign;class _u extends Array{static async fromBinary(e,t,r=de){const i=new _u;return await i.read(e,t,r),i}async read(e,t,r=de){r.additionalAllowedPackets.length&&(t={...t,...ie.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=j(e,(async(e,i)=>{const n=q(i);try{for(;;){await n.ready;if(await An(e,(async e=>{try{if(e.tag===te.packet.marker||e.tag===te.packet.trust)return;const i=vu(e.tag,t);i.packets=new _u,i.fromStream=ie.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){const i=!r.ignoreUnsupportedPackets&&t instanceof Sn,a=!(r.ignoreMalformedPackets||t instanceof Sn);if(i||a||kn(e.tag))await n.abort(t);else{const t=new En(e.tag,e.packet);await n.write(t)}ie.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=z(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||kn(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=ie.concat([wn(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>ie.concat([gn(n)].concat(t)))))}else{if(ie.isStream(i)){let t=0;e.push(N(W(i),(e=>{t+=e.length}),(()=>_n(r,t))))}else e.push(_n(r,i.length));e.push(i)}}return ie.concat(e)}filterByTag(...e){const t=new _u,r=e=>t=>e===t;for(let i=0;it.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),ie.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=de){const t=te.read(te.compression,this.algorithm),r=Cu[t];if(!r)throw Error(t+" decompression not supported");this.packets=await _u.fromBinary(r(this.compressed),ku,e)}compress(){const e=te.read(te.compression,this.algorithm),t=Ku[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write(),this.deflateLevel)}}const Su=ie.getNodeZlib();function Eu(e){return e}function Pu(e,t,r={}){return function(i){return!ie.isStream(i)||l(i)?Y((()=>Z(i).then((t=>new Promise(((i,n)=>{e(t,r,((e,t)=>{if(e)return n(e);i(t)}))})))))):k(A(i).pipe(t(r)))}}function xu(e,t={}){return function(r){const i=new e(t);return N(r,(e=>{if(e.length)return i.push(e,qa),i.result}),(()=>{if(e===Ho)return i.push([],Oa),i.result}))}}function Mu(e){return function(t){return Y((async()=>e(await Z(t))))}}const Ku=Su?{zip:/*#__PURE__*/(e,t)=>Pu(Su.deflateRaw,Su.createDeflateRaw,{level:t})(e),zlib:/*#__PURE__*/(e,t)=>Pu(Su.deflate,Su.createDeflate,{level:t})(e)}:{zip:/*#__PURE__*/(e,t)=>xu(Ho,{raw:!0,level:t})(e),zlib:/*#__PURE__*/(e,t)=>xu(Ho,{level:t})(e)},Cu=Su?{uncompressed:Eu,zip:/*#__PURE__*/Pu(Su.inflateRaw,Su.createInflateRaw),zlib:/*#__PURE__*/Pu(Su.inflate,Su.createInflate),bzip2:/*#__PURE__*/Mu(lu)}:{uncompressed:Eu,zip:/*#__PURE__*/xu(Qc,{raw:!0}),zlib:/*#__PURE__*/xu(Qc),bzip2:/*#__PURE__*/Mu(lu)},Du=/*#__PURE__*/ie.constructAllowedPackets([pu,Au,wu,mu]);class Uu{static get tag(){return te.packet.symEncryptedIntegrityProtectedData}constructor(){this.version=1,this.encrypted=null,this.packets=null}async read(e){await H(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Sn(`Version ${t} of the SEIP packet is unsupported.`);this.encrypted=e.remainder()}))}write(){return ie.concat([new Uint8Array([1]),this.encrypted])}async encrypt(e,t,r=de){const{blockSize:i}=Pa.getCipher(e);let n=this.packets.write();l(n)&&(n=await Z(n));const a=await Pa.getPrefixRandom(e),s=new Uint8Array([211,20]),o=ie.concat([a,n,s]),c=await Pa.hash.sha1(G(o)),u=ie.concat([o,c]);return this.encrypted=await Pa.mode.cfb.encrypt(e,t,u,new Uint8Array(i),r),!0}async decrypt(e,t,r=de){const{blockSize:i}=Pa.getCipher(e);let n=W(this.encrypted);l(n)&&(n=await Z(n));const a=await Pa.mode.cfb.decrypt(e,t,n,new Uint8Array(i)),s=$(G(a),-20),o=$(a,0,-20),c=Promise.all([Z(await Pa.hash.sha1(G(o))),Z(s)]).then((([e,t])=>{if(!ie.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=$(o,i+2);let h=$(u,0,-2);return h=T([h,Y((()=>c))]),ie.isStream(n)&&r.allowUnauthenticatedStream||(h=await Z(h)),this.packets=await _u.fromBinary(h,Du,r),!0}}const Ru=/*#__PURE__*/ie.constructAllowedPackets([pu,Au,wu,mu]);class Iu{static get tag(){return te.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=te.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await H(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Sn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Pa.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return ie.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=de){this.packets=await _u.fromBinary(await this.crypt("decrypt",t,W(this.encrypted)),Ru,r)}async encrypt(e,t,r=de){this.cipherAlgorithm=e;const{ivLength:i}=Pa.getAEADMode(this.aeadAlgorithm);this.iv=Pa.random.getRandomBytes(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await this.crypt("encrypt",t,n)}async crypt(e,t,r){const i=Pa.getAEADMode(this.aeadAlgorithm),n=await i(this.cipherAlgorithm,t),a="decrypt"===e?i.tagLength:0,s="encrypt"===e?i.tagLength:0,o=2**(this.chunkSizeByte+6)+a,c=new ArrayBuffer(21),u=new Uint8Array(c,0,13),h=new Uint8Array(c),d=new DataView(c),f=new Uint8Array(c,5,8);u.set([192|Iu.tag,this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte],0);let l=0,p=Promise.resolve(),y=0,b=0;const m=this.iv;return j(r,(async(t,r)=>{if("array"!==ie.isStream(t)){const e=new D({},{highWaterMark:ie.getHardwareConcurrency()*2**(this.chunkSizeByte+6),size:e=>e.length});F(e.readable,r),r=e.writable}const c=z(t),g=q(r);try{for(;;){let t=await c.readBytes(o+a)||new Uint8Array;const r=t.subarray(t.length-a);let w,v;if(t=t.subarray(0,t.length-a),!l||t.length?(c.unshift(r),w=n[e](t,i.getNonce(m,f),u),b+=t.length-a+s):(d.setInt32(17,y),w=n[e](r,i.getNonce(m,f),h),b+=s,v=!0),y+=t.length-a,p=p.then((()=>w)).then((async e=>{await g.ready,await g.write(e),b-=e.length})).catch((e=>g.abort(e))),(v||b>g.desiredSize)&&await p,v){await g.close();break}d.setInt32(9,++l)}}catch(e){await g.abort(e)}}))}}class Bu{static get tag(){return te.packet.publicKeyEncryptedSessionKey}constructor(){this.version=3,this.publicKeyID=new _e,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}read(e){let t=0;if(this.version=e[t++],3!==this.version)throw new Sn(`Version ${this.version} of the PKESK packet is unsupported.`);t+=this.publicKeyID.read(e.subarray(t)),this.publicKeyAlgorithm=e[t++],this.encrypted=Pa.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t),this.version),this.publicKeyAlgorithm===te.publicKey.x25519&&(this.sessionKeyAlgorithm=te.write(te.symmetric,this.encrypted.C.algorithm))}write(){const e=[new Uint8Array([this.version]),this.publicKeyID.write(),new Uint8Array([this.publicKeyAlgorithm]),Pa.serializeParams(this.publicKeyAlgorithm,this.encrypted)];return ie.concatUint8Array(e)}async encrypt(e){const t=te.write(te.publicKey,this.publicKeyAlgorithm),r=Tu(this.version,t,this.sessionKeyAlgorithm,this.sessionKey);this.encrypted=await Pa.publicKeyEncrypt(t,this.sessionKeyAlgorithm,e.publicParams,r,e.getFingerprintBytes())}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Tu(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=await Pa.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,e.getFingerprintBytes(),r),{sessionKey:n,sessionKeyAlgorithm:a}=function(e,t,r,i){switch(t){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.elgamal:case te.publicKey.ecdh:{const e=r.subarray(0,r.length-2),t=r.subarray(r.length-2),n=ie.writeChecksum(e.subarray(e.length%8)),a=n[0]===t[0]&n[1]===t[1],s={sessionKeyAlgorithm:e[0],sessionKey:e.subarray(1)};if(i){const e=a&s.sessionKeyAlgorithm===i.sessionKeyAlgorithm&s.sessionKey.length===i.sessionKey.length;return{sessionKey:ie.selectUint8Array(e,s.sessionKey,i.sessionKey),sessionKeyAlgorithm:ie.selectUint8(e,s.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(a&&te.read(te.symmetric,s.sessionKeyAlgorithm))return s;throw Error("Decryption error")}case te.publicKey.x25519:return{sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);this.publicKeyAlgorithm!==te.publicKey.x25519&&(this.sessionKeyAlgorithm=a),this.sessionKey=n}}function Tu(e,t,r,i){switch(t){case te.publicKey.rsaEncrypt:case te.publicKey.rsaEncryptSign:case te.publicKey.elgamal:case te.publicKey.ecdh:return ie.concatUint8Array([new Uint8Array([r]),i,ie.writeChecksum(i.subarray(i.length%8))]);case te.publicKey.x25519:return i;default:throw Error("Unsupported public key algorithm")}}class zu{constructor(e=de){this.algorithm=te.hash.sha256,this.type="iterated",this.c=e.s2kIterationCountByte,this.salt=null}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;try{this.type=te.read(te.s2k,e[t++])}catch(e){throw new Sn("Unknown S2K type.")}switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==ie.uint8ArrayToString(e.subarray(t,t+3)))throw new Sn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Sn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Sn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...ie.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([te.write(te.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return ie.concatUint8Array(e)}async produceKey(e,t){e=ie.encodeUTF8(e);const r=[];let i=0,n=0;for(;i{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Gu(e,t,r){const{keySize:i}=Pa.getCipher(r);return e.produceKey(t,i)}var Vu=ht((function(e){!function(t){function r(e){function t(){return Ae0&&(t.semantic=" "),t}}function b(e,t){return function(){var i,a,o,u,h;for(u=r(),i=s("star"),o=0,h=void 0===t?0:t;null!==(a=e());)o+=1,c(i,a);return o>=h?i:(n(u),null)}}function m(e){return e.charCodeAt(0)>=128}function g(){return o("cr",h("\r")())}function w(){return o("crlf",d(g,k)())}function v(){return o("dquote",h('"')())}function _(){return o("htab",h("\t")())}function k(){return o("lf",h("\n")())}function A(){return o("sp",h(" ")())}function S(){return o("vchar",u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i})))}function E(){return o("wsp",f(A,_)())}function P(){var e=o("quoted-pair",f(d(h("\\"),f(S,E)),ie)());return null===e?null:(e.semantic=e.semantic[1],e)}function x(){return o("fws",f(ae,d(l(d(b(E),p(w))),b(E,1)))())}function M(){return o("ctext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=39||42<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),te)())}function K(){return o("ccontent",f(M,P,C)())}function C(){return o("comment",d(h("("),b(d(l(x),K)),l(x),h(")"))())}function D(){return o("cfws",f(d(b(d(l(x),C),1),l(x)),x)())}function U(){return o("atext",u((function(t){var r="a"<=t&&t<="z"||"A"<=t&&t<="Z"||"0"<=t&&t<="9"||["!","#","$","%","&","'","*","+","-","/","=","?","^","_","`","{","|","}","~"].indexOf(t)>=0;return e.rfc6532&&(r=r||m(t)),r})))}function R(){return o("atom",d(y(l(D)),b(U,1),y(l(D)))())}function I(){var e,t;return null===(e=o("dot-atom-text",b(U,1)()))||null!==(t=b(d(h("."),b(U,1)))())&&c(e,t),e}function B(){return o("dot-atom",d(p(l(D)),I,p(l(D)))())}function T(){return o("qtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33===r||35<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),re)())}function z(){return o("qcontent",f(T,P)())}function q(){return o("quoted-string",d(p(l(D)),p(v),b(d(l(y(x)),z)),l(p(x)),p(v),p(l(D)))())}function F(){return o("word",f(R,q)())}function O(){return o("address",f(L,H)())}function L(){return o("mailbox",f(N,J)())}function N(){return o("name-addr",d(l(W),j)())}function j(){return o("angle-addr",f(d(p(l(D)),h("<"),J,h(">"),p(l(D))),se)())}function H(){return o("group",d(W,h(":"),l($),h(";"),p(l(D)))())}function W(){return o("display-name",(null!==(e=o("phrase",f(ne,b(F,1))()))&&(e.semantic=function(e){return e.replace(/([ \t]|\r\n)+/g," ").replace(/^\s*/,"").replace(/\s*$/,"")}(e.semantic)),e));var e}function G(){return o("mailbox-list",f(d(L,b(d(h(","),L))),ue)())}function V(){return o("address-list",f(d(O,b(d(h(","),O))),he)())}function $(){return o("group-list",f(G,p(D),de)())}function Z(){return o("local-part",f(fe,B,q)())}function X(){return o("dtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=90||94<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),pe)())}function Y(){return o("domain-literal",d(p(l(D)),h("["),b(d(l(x),X)),l(x),h("]"),p(l(D)))())}function Q(){return o("domain",(t=f(le,B,Y)(),e.rejectTLD&&t&&t.semantic&&t.semantic.indexOf(".")<0?null:(t&&(t.semantic=t.semantic.replace(/\s+/g,"")),t)));var t}function J(){return o("addr-spec",d(Z,h("@"),Q)())}function ee(){return e.strict?null:o("obs-NO-WS-CTL",u((function(e){var t=e.charCodeAt(0);return 1<=t&&t<=8||11===t||12===t||14<=t&&t<=31||127===t})))}function te(){return e.strict?null:o("obs-ctext",ee())}function re(){return e.strict?null:o("obs-qtext",ee())}function ie(){return e.strict?null:o("obs-qp",d(h("\\"),f(h("\0"),ee,k,g))())}function ne(){return e.strict?null:e.atInDisplayName?o("obs-phrase",d(F,b(f(F,h("."),h("@"),y(D))))()):o("obs-phrase",d(F,b(f(F,h("."),y(D))))())}function ae(){return e.strict?null:o("obs-FWS",b(d(p(l(w)),E),1)())}function se(){return e.strict?null:o("obs-angle-addr",d(p(l(D)),h("<"),oe,J,h(">"),p(l(D)))())}function oe(){return e.strict?null:o("obs-route",d(ce,h(":"))())}function ce(){return e.strict?null:o("obs-domain-list",d(b(f(p(D),h(","))),h("@"),Q,b(d(h(","),p(l(D)),l(d(h("@"),Q)))))())}function ue(){return e.strict?null:o("obs-mbox-list",d(b(d(p(l(D)),h(","))),L,b(d(h(","),l(d(L,p(D))))))())}function he(){return e.strict?null:o("obs-addr-list",d(b(d(p(l(D)),h(","))),O,b(d(h(","),l(d(O,p(D))))))())}function de(){return e.strict?null:o("obs-group-list",d(b(d(p(l(D)),h(",")),1),p(l(D)))())}function fe(){return e.strict?null:o("obs-local-part",d(F,b(d(h("."),F)))())}function le(){return e.strict?null:o("obs-domain",d(R,b(d(h("."),R)))())}function pe(){return e.strict?null:o("obs-dtext",f(ee,P)())}function ye(e,t){var r,i,n;if(null==t)return null;for(i=[t];i.length>0;){if((n=i.pop()).name===e)return n;for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r])}return null}function be(e,t){var r,i,n,a,s;if(null==t)return null;for(i=[t],a=[],s={},r=0;r0;)if((n=i.pop()).name in s)a.push(n);else for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}function me(t){var r,i,n,a,s;if(null===t)return null;for(r=[],i=be(["group","mailbox"],t),n=0;n1)return null;return t.addresses&&t.addresses[0]}(s):e.simple?s&&s.addresses:s}function ge(e){var t,r=ye("display-name",e),i=[],n=be(["mailbox"],e);for(t=0;t0;)for((n=i.pop()).name===e&&a.push(n),r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}("cfws",e),n=be(["comment"],e),a=ye("local-part",r),s=ye("domain",r);return{node:e,parts:{name:t,address:r,local:a,domain:s,comments:i},type:e.name,name:ve(t),address:ve(r),local:ve(a),domain:ve(s),comments:_e(n),groupName:ve(e.groupName)}}function ve(e){return null!=e?e.semantic:null}function _e(e){var t="";if(e)for(var r=0;r`),t.userID=r.join(" "),t}read(e,t=de){const r=ie.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");try{const{name:e,address:t,comments:i}=Vu.parseOneAddress({input:r,atInDisplayName:!0});this.comment=i.replace(/^\(|\)$/g,""),this.name=e,this.email=t}catch(e){}this.userID=r}write(){return ie.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Zu extends Wu{static get tag(){return te.packet.secretSubkey}constructor(e=new Date,t=de){super(e,t)}}class Xu{static get tag(){return te.packet.trust}read(){throw new Sn("Trust packets are not supported")}write(){throw new Sn("Trust packets are not supported")}}const Yu=/*#__PURE__*/ie.constructAllowedPackets([mu]);class Qu{constructor(e){this.packets=e||new _u}write(){return this.packets.write()}armor(e=de){return ve(te.armor.signature,this.write(),void 0,void 0,void 0,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Ju({armoredSignature:e,binarySignature:t,config:r,...i}){r={...de,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!ie.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!ie.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await we(n,r);if(e!==te.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await _u.fromBinary(n,Yu,r);return new Qu(s)}async function eh(e,t){const r=new Zu(e.date,t);return r.packets=null,r.algorithm=te.write(te.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function th(e,t){const r=new Wu(e.date,t);return r.packets=null,r.algorithm=te.write(te.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function rh(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw ie.wrapError(`Could not find valid ${te.read(te.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function ih(e,t,r=new Date){const i=ie.normalizeDate(r);if(null!==i){const r=hh(e,t);return!(e.created<=i&&i0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await oh(n,null,t,a,r.date,void 0,void 0,void 0,i)}async function ah(e,t,r=new Date,i={},n){let a=n.preferredHashAlgorithm,s=a;if(e){const t=await e.getPrimaryUser(r,i,n);t.selfCertification.preferredHashAlgorithms&&([s]=t.selfCertification.preferredHashAlgorithms,a=Pa.hash.getHashByteLength(a)<=Pa.hash.getHashByteLength(s)?s:a)}switch(t.algorithm){case te.publicKey.ecdsa:case te.publicKey.eddsaLegacy:case te.publicKey.ed25519:s=Pa.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid)}return Pa.hash.getHashByteLength(a)<=Pa.hash.getHashByteLength(s)?s:a}async function sh(e,t=[],r=new Date,i=[],n=de){const a={symmetric:te.symmetric.aes128,aead:te.aead.eax,compression:te.compression.uncompressed}[e],s={symmetric:n.preferredSymmetricAlgorithm,aead:n.preferredAEADAlgorithm,compression:n.preferredCompressionAlgorithm}[e],o={symmetric:"preferredSymmetricAlgorithms",aead:"preferredAEADAlgorithms",compression:"preferredCompressionAlgorithms"}[e],c=await Promise.all(t.map((async function(e,t){const a=(await e.getPrimaryUser(r,i[t],n)).selfCertification[o];return!!a&&a.indexOf(s)>=0})));return c.every(Boolean)?s:a}async function oh(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new mu;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await ah(t,r,n,a,c),u.rawNotations=s,await u.sign(r,e,n,o),u}async function ch(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return ie.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function uh(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{n&&!e.issuerKeyID.equals(n.issuerKeyID)||(await e.verify(a,t,r,o.revocationsExpire?s:null,!1,o),c.push(e.issuerKeyID))}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function hh(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function dh(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=ie.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=te.write(te.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==te.curve.ed25519Legacy&&e.curve!==te.curve.curve25519Legacy||(e.curve=e.sign?te.curve.ed25519Legacy:te.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===te.curve.ed25519Legacy?te.publicKey.eddsaLegacy:te.publicKey.ecdsa:e.algorithm=te.publicKey.ecdh;break;case"rsa":e.algorithm=te.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function fh(e,t){const r=e.algorithm;return r!==te.publicKey.rsaEncrypt&&r!==te.publicKey.elgamal&&r!==te.publicKey.ecdh&&r!==te.publicKey.x25519&&(!t.keyFlags||0!=(t.keyFlags[0]&te.keyFlags.signData))}function lh(e,t){const r=e.algorithm;return r!==te.publicKey.dsa&&r!==te.publicKey.rsaSign&&r!==te.publicKey.ecdsa&&r!==te.publicKey.eddsaLegacy&&r!==te.publicKey.ed25519&&(!t.keyFlags||0!=(t.keyFlags[0]&te.keyFlags.encryptCommunication)||0!=(t.keyFlags[0]&te.keyFlags.encryptStorage))}function ph(e,t){return!!t.allowInsecureDecryptionWithSigningKeys||(!e.keyFlags||0!=(e.keyFlags[0]&te.keyFlags.encryptCommunication)||0!=(e.keyFlags[0]&te.keyFlags.encryptStorage))}function yh(e,t){const r=te.write(te.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case te.publicKey.rsaEncryptSign:case te.publicKey.rsaSign:case te.publicKey.rsaEncrypt:if(i.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,te.signature.certGeneric,s,r,void 0,i)}catch(e){throw ie.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,te.signature.certGeneric,n,e,void 0,t)}catch(e){throw ie.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await ch(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,te.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await ch(e,this,"otherCertifications",t),await ch(e,this,"revocationSignatures",t,(function(e){return uh(i,te.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=te.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=de){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new bh(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await oh(a,null,e,{signatureType:te.signature.certRevocation,reasonForRevocationFlag:te.write(te.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class mh{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new _u;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new mh(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=de){const n=this.mainKey.keyPacket;return uh(n,te.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=de){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await rh(this.bindingSignatures,r,te.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(ih(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=de){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await rh(this.bindingSignatures,r,te.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=hh(this.keyPacket,n),s=n.getExpirationTime();return an.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,te.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await ch(e,this,"revocationSignatures",t,(function(e){return uh(i,te.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=te.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=de){const a={key:e,bind:this.keyPacket},s=new mh(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await oh(a,null,e,{signatureType:te.signature.subkeyRevocation,reasonForRevocationFlag:te.write(te.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{mh.prototype[e]=function(){return this.keyPacket[e]()}}));const gh=/*#__PURE__*/ie.constructAllowedPackets([mu]),wh=new Set([te.packet.publicKey,te.packet.privateKey]),vh=new Set([te.packet.publicKey,te.packet.privateKey,te.packet.publicSubkey,te.packet.privateSubkey]);class _h{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof En){vh.has(s.tag)&&!a&&(a=wh.has(s.tag)?wh:vh);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case te.packet.publicKey:case te.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case te.packet.userID:case te.packet.userAttribute:r=new bh(s,this),this.users.push(r);break;case te.packet.publicSubkey:case te.packet.secretSubkey:r=null,n=new mh(s,this),this.subkeys.push(n);break;case te.packet.signature:switch(s.signatureType){case te.signature.certGeneric:case te.signature.certPersona:case te.signature.certCasual:case te.signature.certPositive:if(!r){ie.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case te.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case te.signature.key:this.directSignatures.push(s);break;case te.signature.subkeyBinding:if(!n){ie.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case te.signature.keyRevocation:this.revocationSignatures.push(s);break;case te.signature.subkeyRevocation:if(!n){ie.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new _u;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=de){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await rh(r.bindingSignatures,n,te.signature.subkeyBinding,e,t,i);if(!fh(r.keyPacket,a))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await rh([a.embeddedSignature],r.keyPacket,te.signature.keyBinding,e,t,i),yh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&fh(n,a.selfCertification))return yh(n,i),this}catch(e){s=e}throw ie.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=de){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await rh(r.bindingSignatures,n,te.signature.subkeyBinding,e,t,i);if(lh(r.keyPacket,a))return yh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&lh(n,a.selfCertification))return yh(n,i),this}catch(e){s=e}throw ie.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=de){return uh(this.keyPacket,te.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=de){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");const{selfCertification:n}=await this.getPrimaryUser(e,t,r);if(ih(i,n,e))throw Error("Primary key is expired");const a=await rh(this.directSignatures,i,te.signature.key,{key:i},e,r).catch((()=>{}));if(a&&ih(i,a,e))throw Error("Primary key is expired")}async getExpirationTime(e,t=de){let r;try{const{selfCertification:i}=await this.getPrimaryUser(null,e,t),n=hh(this.keyPacket,i),a=i.getExpirationTime(),s=await rh(this.directSignatures,this.keyPacket,te.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=hh(this.keyPacket,s);r=Math.min(n,a,e)}else r=ne.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await ch(e,i,"revocationSignatures",t,(n=>uh(i.keyPacket,te.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await ch(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=de){const r={key:this.keyPacket},i=await rh(this.revocationSignatures,this.keyPacket,te.signature.keyRevocation,r,e,t),n=new _u;return n.push(i),ve(te.armor.publicKey,n.write(),null,null,"This is a revocation certificate")}async applyRevocationCertificate(e,t=new Date,r=de){const i=await we(e,r),n=(await _u.fromBinary(i.data,gh,r)).findPacket(te.packet.signature);if(!n||n.signatureType!==te.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,te.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw ie.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=de){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=de){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=de){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=de){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{_h.prototype[e]=mh.prototype[e]}));class kh extends _h{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([te.packet.secretKey,te.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=de){return ve(te.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,e)}}class Ah extends kh{constructor(e){if(super(),this.packetListToStructure(e,new Set([te.packet.publicKey,te.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new _u,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case te.packet.secretKey:{const t=Fu.fromSecretKeyPacket(r);e.push(t);break}case te.packet.secretSubkey:{const t=ju.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new kh(e)}armor(e=de){return ve(te.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,e)}async getDecryptionKeys(e,t=new Date,r={},i=de){const n=this.keyPacket,a=[];for(let r=0;re.isDecrypted()))}async validate(e=de){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys(),t=e.map((e=>e.keyPacket.isDummy())).every(Boolean);if(t)throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=te.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=de){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await oh(n,null,this.keyPacket,{signatureType:te.signature.keyRevocation,reasonForRevocationFlag:te.write(te.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...de,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}const s=$u.fromObject(t),o={};o.userID=s,o.key=e;const c={};c.signatureType=te.signature.certGeneric,c.keyFlags=[te.keyFlags.certifyKeys|te.keyFlags.signData],c.preferredSymmetricAlgorithms=a([te.symmetric.aes256,te.symmetric.aes128,te.symmetric.aes192],i.preferredSymmetricAlgorithm),i.aeadProtect&&(c.preferredAEADAlgorithms=a([te.aead.eax,te.aead.ocb],i.preferredAEADAlgorithm)),c.preferredHashAlgorithms=a([te.hash.sha256,te.hash.sha512],i.preferredHashAlgorithm),c.preferredCompressionAlgorithms=a([te.compression.zlib,te.compression.zip,te.compression.uncompressed],i.preferredCompressionAlgorithm),0===n&&(c.isPrimaryUserID=!0),c.features=[0],c.features[0]|=te.features.modificationDetection,i.aeadProtect&&(c.features[0]|=te.features.aead),i.v5Keys&&(c.features[0]|=te.features.v5Keys),r.keyExpirationTime>0&&(c.keyExpirationTime=r.keyExpirationTime,c.keyNeverExpires=!1);return{userIDPacket:s,signaturePacket:await oh(o,null,e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await nh(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const a={key:e};return n.push(await oh(a,null,e,{signatureType:te.signature.keyRevocation,reasonForRevocationFlag:te.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new Ah(n)}async function xh({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...de,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!ie.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!ie.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await we(e,r);if(t!==te.armor.publicKey&&t!==te.armor.privateKey)throw Error("Armored text not of type key");a=i}else a=t;return Eh(await _u.fromBinary(a,Sh,r))}async function Mh({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...de,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!ie.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!ie.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await we(e,r);if(t!==te.armor.privateKey)throw Error("Armored text not of type private key");a=i}else a=t;const s=await _u.fromBinary(a,Sh,r);return new Ah(s)}async function Kh({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...de,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!ie.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!ie.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:i}=await we(e,r);if(t!==te.armor.publicKey&&t!==te.armor.privateKey)throw Error("Armored text not of type key");n=i}const s=[],o=await _u.fromBinary(n,Sh,r),c=o.indexOfTag(te.packet.publicKey,te.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(te.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=de){const a=r||await this.decryptSessionKeys(e,t,i,n),s=this.packets.filterByTag(te.packet.symmetricallyEncryptedData,te.packet.symEncryptedIntegrityProtectedData,te.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const o=s[0];let c=null;const u=Promise.all(a.map((async({algorithm:e,data:t})=>{if(!ie.isUint8Array(t)||!ie.isString(e))throw Error("Invalid session key for decryption.");try{const r=te.write(te.symmetric,e);await o.decrypt(r,t,n)}catch(e){ie.printDebugError(e),c=e}})));if(X(o.encrypted),o.encrypted=null,await u,!o.packets||!o.packets.length)throw c||Error("Decryption failed.");const h=new Ih(o.packets);return o.packets=new _u,h}async decryptSessionKeys(e,t,r=new Date,i=de){let n,a=[];if(t){const e=this.packets.filterByTag(te.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await _u.fromBinary(e.write(),Uh,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){ie.printDebugError(e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(te.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let s=[te.symmetric.aes256,te.symmetric.aes128,te.symmetric.tripledes,te.symmetric.cast5];try{const t=await e.getPrimaryUser(r,void 0,i);t.selfCertification.preferredSymmetricAlgorithms&&(s=s.concat(t.selfCertification.preferredSymmetricAlgorithms))}catch(e){}const o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket));await Promise.all(o.map((async function(e){if(!e||e.isDummy())return;if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===te.publicKey.rsaEncrypt||t.publicKeyAlgorithm===te.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===te.publicKey.rsaSign||t.publicKeyAlgorithm===te.publicKey.elgamal)){const r=t.write();await Promise.all(Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map((async t=>{const i=new Bu;i.read(r);const s={sessionKeyAlgorithm:t,sessionKey:Pa.generateSessionKey(t)};try{await i.decrypt(e,s),a.push(i)}catch(e){ie.printDebugError(e),n=e}})))}else try{if(await t.decrypt(e),!s.includes(te.write(te.symmetric,t.sessionKeyAlgorithm)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){ie.printDebugError(e),n=e}})))}))),X(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+ie.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:te.read(te.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(te.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(te.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(te.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=de){const n=await sh("symmetric",e,t,r,i),a=te.read(te.symmetric,n),s=i.aeadProtect&&await async function(e,t=new Date,r=[],i=de){let n=!0;return await Promise.all(e.map((async function(e,a){const s=await e.getPrimaryUser(t,r[a],i);s.selfCertification.features&&s.selfCertification.features[0]&te.features.aead||(n=!1)}))),n}(e,t,r,i)?te.read(te.aead,await sh("aead",e,t,r,i)):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&e.keyPacket.algorithm===te.publicKey.x25519&&!ie.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:Pa.generateSessionKey(n),algorithm:a,aeadAlgorithm:s}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=de){if(r){if(!ie.isUint8Array(r.data)||!ie.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ih.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ih.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,d=await Ih.encryptSessionKey(c,u,h,e,t,i,n,a,s,o);let f;h?(f=new Iu,f.aeadAlgorithm=te.write(te.aead,h)):f=new Uu,f.packets=this.packets;const l=te.write(te.symmetric,u);return await f.encrypt(l,c,o),d.packets.push(f),f.packets=new _u,d}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=de){const h=new _u,d=te.write(te.symmetric,t),f=r&&te.write(te.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=new Bu;return n.publicKeyID=a?_e.wildcard():i.getKeyID(),n.publicKeyAlgorithm=i.keyPacket.algorithm,n.sessionKey=e,n.sessionKeyAlgorithm=d,await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new qu(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,d,f,t))));h.push(...a)}return new Ih(h)}async sign(e=[],t=null,r=[],i=new Date,n=[],a=[],s=de){const o=new _u,c=this.packets.findPacket(te.packet.literalData);if(!c)throw Error("No literal data packet to sign.");let u,h;const d=null===c.text?te.signature.binary:te.signature.text;if(t)for(h=t.packets.filterByTag(te.packet.signature),u=h.length-1;u>=0;u--){const t=h[u],r=new wu;r.signatureType=t.signatureType,r.hashAlgorithm=t.hashAlgorithm,r.publicKeyAlgorithm=t.publicKeyAlgorithm,r.issuerKeyID=t.issuerKeyID,e.length||0!==u||(r.flags=1),o.push(r)}return await Promise.all(Array.from(e).reverse().map((async function(t,a){if(!t.isPrivate())throw Error("Need private key for signing");const o=r[e.length-1-a],c=await t.getSigningKey(o,i,n,s),u=new wu;return u.signatureType=d,u.hashAlgorithm=await ah(t,c.keyPacket,i,n,s),u.publicKeyAlgorithm=c.keyPacket.algorithm,u.issuerKeyID=c.getKeyID(),a===e.length-1&&(u.flags=1),u}))).then((e=>{e.forEach((e=>o.push(e)))})),o.push(c),o.push(...await Bh(c,e,t,r,i,n,a,!1,s)),new Ih(o)}compress(e,t=de){if(e===te.compression.uncompressed)return this;const r=new Au(t);r.algorithm=e,r.packets=this.packets;const i=new _u;return i.push(r),new Ih(i)}async signDetached(e=[],t=null,r=[],i=new Date,n=[],a=[],s=de){const o=this.packets.findPacket(te.packet.literalData);if(!o)throw Error("No literal data packet to sign.");return new Qu(await Bh(o,e,t,r,i,n,a,!0,s))}async verify(e,t=new Date,r=de){const i=this.unwrapCompressed(),n=i.packets.filterByTag(te.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");l(i.packets.stream)&&i.packets.push(...await Z(i.packets.stream,(e=>e||[])));const a=i.packets.filterByTag(te.packet.onePassSignature).reverse(),s=i.packets.filterByTag(te.packet.signature);return a.length&&!s.length&&ie.isStream(i.packets.stream)&&!l(i.packets.stream)?(await Promise.all(a.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=Y((async()=>(await e.correspondingSig).signatureData)),e.hashed=Z(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=j(i.packets.stream,(async(e,t)=>{const r=z(e),i=q(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await i.abort(e)}})),Th(a,n,e,t,!1,r)):Th(s,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=de){const n=this.unwrapCompressed().packets.filterByTag(te.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return Th(e.packets.filterByTag(te.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(te.packet.compressedData);return e.length?new Ih(e[0].packets):this}async appendSignature(e,t=de){await this.packets.read(ie.isUint8Array(e)?e:(await we(e)).data,Rh,t)}write(){return this.packets.write()}armor(e=de){return ve(te.armor.message,this.write(),null,null,null,e)}}async function Bh(e,t,r=null,i=[],n=new Date,a=[],s=[],o=!1,c=de){const u=new _u,h=null===e.text?te.signature.binary:te.signature.text;if(await Promise.all(t.map((async(t,r)=>{const u=a[r];if(!t.isPrivate())throw Error("Need private key for signing");const d=await t.getSigningKey(i[r],n,u,c);return oh(e,t,d.keyPacket,{signatureType:h},n,u,s,o,c)}))).then((e=>{u.push(...e)})),r){const e=r.packets.filterByTag(te.packet.signature);u.push(...e)}return u}async function Th(e,t,r,i=new Date,n=!1,a=de){return Promise.all(e.filter((function(e){return["text","binary"].includes(te.read(te.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=de){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof wu?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new _u;return e&&t.push(e),new Qu(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}async function zh({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...de,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!ie.isString(e)&&!ie.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!ie.isUint8Array(t)&&!ie.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=ie.isStream(n);if(s&&(await U(),n=I(n)),e){const{type:e,data:t}=await we(n,r);if(e!==te.armor.message)throw Error("Armored text not of type message");n=t}const o=await _u.fromBinary(n,Dh,r),c=new Ih(o);return c.fromStream=s,c}async function qh({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){let s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!ie.isString(e)&&!ie.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!ie.isUint8Array(t)&&!ie.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=ie.isStream(s);c&&(await U(),s=I(s));const u=new pu(i);void 0!==e?u.setText(s,te.write(te.literal,n)):u.setBytes(s,te.write(te.literal,n)),void 0!==r&&u.setFilename(r);const h=new _u;h.push(u);const d=new Ih(h);return d.fromStream=c,d}const Fh=/*#__PURE__*/ie.constructAllowedPackets([mu]);class Oh{constructor(e,t){if(this.text=ie.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Qu))throw Error("Invalid signature input");this.signature=t||new Qu(new _u)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=null,r=[],i=new Date,n=[],a=[],s=de){const o=new pu;o.setText(this.text);const c=new Qu(await Bh(o,e,t,r,i,n,a,!0,s));return new Oh(this.text,c)}verify(e,t=new Date,r=de){const i=this.signature.packets.filterByTag(te.packet.signature),n=new pu;return n.setText(this.text),Th(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=de){let t=this.signature.packets.map((function(e){return te.read(te.hash,e.hashAlgorithm).toUpperCase()}));t=t.filter((function(e,t,r){return r.indexOf(e)===t}));const r={hash:t.join(),text:this.text,data:this.signature.packets.write()};return ve(te.armor.signed,r,void 0,void 0,void 0,e)}}async function Lh({cleartextMessage:e,config:t,...r}){if(t={...de,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!ie.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await we(e);if(n.type!==te.armor.signed)throw Error("No cleartext signed message.");const a=await _u.fromBinary(n.data,Fh,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i0)throw Error("Unknown option: "+r.join(", "));return new Oh(e)}async function jh({userIDs:e=[],passphrase:t,type:r="ecc",rsaBits:i=4096,curve:n="curve25519",keyExpirationTime:a=0,date:s=new Date,subkeys:o=[{}],format:c="armored",config:u,...h}){ad(u={...de,...u}),e=sd(e);const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));if(0===e.length)throw Error("UserIDs are required for key generation");if("rsa"===r&&idh(e.subkeys[r],e)));let r=[th(e,t)];r=r.concat(e.subkeys.map((e=>eh(e,t))));const i=await Promise.all(r),n=await Ph(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(f,u);return e.getKeys().forEach((({keyPacket:e})=>yh(e,u))),{privateKey:ud(e,c,u),publicKey:ud(e.toPublic(),c,u),revocationCertificate:t}}catch(e){throw ie.wrapError("Error generating keypair",e)}}async function Hh({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){ad(s={...de,...s}),t=sd(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length)throw Error("UserIDs are required for key reformat");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await rh(e.bindingSignatures,i,te.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&te.keyFlags.signData}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await Ph(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=ie.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:ud(e,a,s),publicKey:ud(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw ie.wrapError("Error reformatting keypair",e)}}async function Wh({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){ad(a={...de,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:ud(s,n,a),publicKey:ud(s.toPublic(),n,a)}:{privateKey:null,publicKey:ud(s,n,a)}}catch(e){throw ie.wrapError("Error revoking key",e)}}async function Gh({privateKey:e,passphrase:t,config:r,...i}){ad(r={...de,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=ie.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>ie.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),ie.wrapError("Error decrypting private key",e)}}async function Vh({privateKey:e,passphrase:t,config:r,...i}){ad(r={...de,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=ie.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),ie.wrapError("Error encrypting private key",e)}}async function $h({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:d=[],encryptionUserIDs:f=[],signatureNotations:l=[],config:p,...y}){if(ad(p={...de,...p}),td(e),id(a),t=sd(t),r=sd(r),i=sd(i),c=sd(c),u=sd(u),d=sd(d),f=sd(f),l=sd(l),y.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(y.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(y.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==y.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const b=Object.keys(y);if(b.length>0)throw Error("Unknown option: "+b.join(", "));r||(r=[]);const m=e.fromStream;try{if((r.length||s)&&(e=await e.sign(r,s,c,h,d,l,p)),e=e.compress(await sh("compression",t,h,f,p),p),e=await e.encrypt(t,i,n,o,u,h,f,p),"object"===a)return e;const y="armored"===a;return od(y?e.armor(p):e.write(),m,y?"utf8":"binary")}catch(e){throw ie.wrapError("Error encrypting message",e)}}async function Zh({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(ad(u={...de,...u}),td(e),n=sd(n),t=sd(t),r=sd(r),i=sd(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const d={};if(d.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),d.data="binary"===s?h.getLiteralData():h.getText(),d.filename=h.getFilename(),cd(d,e),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===d.signatures.length)throw Error("Message is not signed");d.data=T([d.data,Y((async()=>{await ie.anyPromise(d.signatures.map((e=>e.verified)))}))])}return d.data=await od(d.data,e.fromStream,s),d}catch(e){throw ie.wrapError("Error decrypting message",e)}}async function Xh({message:e,signingKeys:t,format:r="armored",detached:i=!1,signingKeyIDs:n=[],date:a=new Date,signingUserIDs:s=[],signatureNotations:o=[],config:c,...u}){if(ad(c={...de,...c}),rd(e),id(r),t=sd(t),n=sd(n),s=sd(s),o=sd(o),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==u.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const h=Object.keys(u);if(h.length>0)throw Error("Unknown option: "+h.join(", "));if(e instanceof Oh&&"binary"===r)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Oh&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let u;if(u=i?await e.signDetached(t,void 0,n,a,s,o,c):await e.sign(t,void 0,n,a,s,o,c),"object"===r)return u;const h="armored"===r;return u=h?u.armor(c):u.write(),i&&(u=j(e.packets.write(),(async(e,t)=>{await Promise.all([F(u,t),Z(e).catch((()=>{}))])}))),od(u,e.fromStream,h?"utf8":"binary")}catch(e){throw ie.wrapError("Error signing message",e)}}async function Yh({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(ad(s={...de,...s}),rd(e),t=sd(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Oh&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Oh&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&cd(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=T([o.data,Y((async()=>{await ie.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await od(o.data,e.fromStream,i),o}catch(e){throw ie.wrapError("Error verifying signed message",e)}}async function Qh({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(ad(i={...de,...i}),e=sd(e),r=sd(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await Ih.generateSessionKey(e,t,r,i)}catch(e){throw ie.wrapError("Error generating session key",e)}}async function Jh({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...d}){if(ad(h={...de,...h}),function(e,t){if(!ie.isUint8Array(e))throw Error("Parameter ["+(t||"data")+"] must be of type Uint8Array")}(e),function(e,t){if(!ie.isString(e))throw Error("Parameter ["+(t||"data")+"] must be of type String")}(t,"algorithm"),id(a),i=sd(i),n=sd(n),o=sd(o),u=sd(u),d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return ud(await Ih.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw ie.wrapError("Error encrypting session key",e)}}async function ed({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(ad(n={...de,...n}),td(e),t=sd(t),r=sd(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,i,n)}catch(e){throw ie.wrapError("Error decrypting session keys",e)}}function td(e){if(!(e instanceof Ih))throw Error("Parameter [message] needs to be of type Message")}function rd(e){if(!(e instanceof Oh||e instanceof Ih))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function id(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const nd=Object.keys(de).length;function ad(e){const t=Object.keys(e);if(t.length!==nd)for(const e of t)if(void 0===de[e])throw Error("Unknown config property: "+e)}function sd(e){return e&&!ie.isArray(e)&&(e=[e]),e}async function od(e,t,r="utf8"){const i=ie.isStream(e);return"array"===i?Z(e):"node"===t?(e=A(e),"binary"!==r&&e.setEncoding(r),e):"web"===t&&"ponyfill"===i?M(e):e}function cd(e,t){e.data=j(t.packets.stream,(async(t,r)=>{await F(e.data,r,{preventClose:!0});const i=q(r);try{await Z(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function ud(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const hd="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol:e=>`Symbol(${e})`;function dd(){}const fd="undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0;function ld(e){return"object"==typeof e&&null!==e||"function"==typeof e}const pd=dd,yd=Promise,bd=Promise.prototype.then,md=Promise.resolve.bind(yd),gd=Promise.reject.bind(yd);function wd(e){return new yd(e)}function vd(e){return md(e)}function _d(e){return gd(e)}function kd(e,t,r){return bd.call(e,t,r)}function Ad(e,t,r){kd(kd(e,t,r),void 0,pd)}function Sd(e,t){Ad(e,t)}function Ed(e,t){Ad(e,void 0,t)}function Pd(e,t,r){return kd(e,t,r)}function xd(e){kd(e,void 0,pd)}const Md=(()=>{const e=fd&&fd.queueMicrotask;if("function"==typeof e)return e;const t=vd(void 0);return e=>kd(t,e)})();function Kd(e,t,r){if("function"!=typeof e)throw new TypeError("Argument is not a function");return Function.prototype.apply.call(e,t,r)}function Cd(e,t,r){try{return vd(Kd(e,t,r))}catch(e){return _d(e)}}class Dd{constructor(){this._cursor=0,this._size=0,this._front={_elements:[],_next:void 0},this._back=this._front,this._cursor=0,this._size=0}get length(){return this._size}push(e){const t=this._back;let r=t;16383===t._elements.length&&(r={_elements:[],_next:void 0}),t._elements.push(e),r!==t&&(this._back=r,t._next=r),++this._size}shift(){const e=this._front;let t=e;const r=this._cursor;let i=r+1;const n=e._elements,a=n[r];return 16384===i&&(t=e._next,i=0),--this._size,this._cursor=i,e!==t&&(this._front=t),n[r]=void 0,a}forEach(e){let t=this._cursor,r=this._front,i=r._elements;for(;!(t===i.length&&void 0===r._next||t===i.length&&(r=r._next,i=r._elements,t=0,0===i.length));)e(i[t]),++t}peek(){const e=this._front,t=this._cursor;return e._elements[t]}}function Ud(e,t){e._ownerReadableStream=t,t._reader=e,"readable"===t._state?Td(e):"closed"===t._state?function(e){Td(e),Fd(e)}(e):zd(e,t._storedError)}function Rd(e,t){return mp(e._ownerReadableStream,t)}function Id(e){"readable"===e._ownerReadableStream._state?qd(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")):function(e,t){zd(e,t)}(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")),e._ownerReadableStream._reader=void 0,e._ownerReadableStream=void 0}function Bd(e){return new TypeError("Cannot "+e+" a stream using a released reader")}function Td(e){e._closedPromise=wd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r}))}function zd(e,t){Td(e),qd(e,t)}function qd(e,t){void 0!==e._closedPromise_reject&&(xd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}function Fd(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}const Od=hd("[[AbortSteps]]"),Ld=hd("[[ErrorSteps]]"),Nd=hd("[[CancelSteps]]"),jd=hd("[[PullSteps]]"),Hd=Number.isFinite||function(e){return"number"==typeof e&&isFinite(e)},Wd=Math.trunc||function(e){return e<0?Math.ceil(e):Math.floor(e)};function Gd(e,t){if(void 0!==e&&("object"!=typeof(r=e)&&"function"!=typeof r))throw new TypeError(t+" is not an object.");var r}function Vd(e,t){if("function"!=typeof e)throw new TypeError(t+" is not a function.")}function $d(e,t){if(!function(e){return"object"==typeof e&&null!==e||"function"==typeof e}(e))throw new TypeError(t+" is not an object.")}function Zd(e,t,r){if(void 0===e)throw new TypeError(`Parameter ${t} is required in '${r}'.`)}function Xd(e,t,r){if(void 0===e)throw new TypeError(`${t} is required in '${r}'.`)}function Yd(e){return Number(e)}function Qd(e){return 0===e?0:e}function Jd(e,t){const r=Number.MAX_SAFE_INTEGER;let i=Number(e);if(i=Qd(i),!Hd(i))throw new TypeError(t+" is not a finite number");if(i=function(e){return Qd(Wd(e))}(i),i<0||i>r)throw new TypeError(`${t} is outside the accepted range of 0 to ${r}, inclusive`);return Hd(i)&&0!==i?i:0}function ef(e,t){if(!yp(e))throw new TypeError(t+" is not a ReadableStream.")}function tf(e){return new of(e)}function rf(e,t){e._reader._readRequests.push(t)}function nf(e,t,r){const i=e._reader._readRequests.shift();r?i._closeSteps():i._chunkSteps(t)}function af(e){return e._reader._readRequests.length}function sf(e){const t=e._reader;return void 0!==t&&!!cf(t)}class of{constructor(e){if(Zd(e,1,"ReadableStreamDefaultReader"),ef(e,"First parameter"),bp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");Ud(this,e),this._readRequests=new Dd}get closed(){return cf(this)?this._closedPromise:_d(hf("closed"))}cancel(e=undefined){return cf(this)?void 0===this._ownerReadableStream?_d(Bd("cancel")):Rd(this,e):_d(hf("cancel"))}read(){if(!cf(this))return _d(hf("read"));if(void 0===this._ownerReadableStream)return _d(Bd("read from"));let e,t;const r=wd(((r,i)=>{e=r,t=i}));return uf(this,{_chunkSteps:t=>e({value:t,done:!1}),_closeSteps:()=>e({value:void 0,done:!0}),_errorSteps:e=>t(e)}),r}releaseLock(){if(!cf(this))throw hf("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");Id(this)}}}function cf(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readRequests")}function uf(e,t){const r=e._ownerReadableStream;r._disturbed=!0,"closed"===r._state?t._closeSteps():"errored"===r._state?t._errorSteps(r._storedError):r._readableStreamController[jd](t)}function hf(e){return new TypeError(`ReadableStreamDefaultReader.prototype.${e} can only be used on a ReadableStreamDefaultReader`)}let df;Object.defineProperties(of.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(of.prototype,hd.toStringTag,{value:"ReadableStreamDefaultReader",configurable:!0}),"symbol"==typeof hd.asyncIterator&&(df={[hd.asyncIterator](){return this}},Object.defineProperty(df,hd.asyncIterator,{enumerable:!1}));class ff{constructor(e,t){this._ongoingPromise=void 0,this._isFinished=!1,this._reader=e,this._preventCancel=t}next(){const e=()=>this._nextSteps();return this._ongoingPromise=this._ongoingPromise?Pd(this._ongoingPromise,e,e):e(),this._ongoingPromise}return(e){const t=()=>this._returnSteps(e);return this._ongoingPromise?Pd(this._ongoingPromise,t,t):t()}_nextSteps(){if(this._isFinished)return Promise.resolve({value:void 0,done:!0});const e=this._reader;if(void 0===e._ownerReadableStream)return _d(Bd("iterate"));let t,r;const i=wd(((e,i)=>{t=e,r=i}));return uf(e,{_chunkSteps:e=>{this._ongoingPromise=void 0,Md((()=>t({value:e,done:!1})))},_closeSteps:()=>{this._ongoingPromise=void 0,this._isFinished=!0,Id(e),t({value:void 0,done:!0})},_errorSteps:t=>{this._ongoingPromise=void 0,this._isFinished=!0,Id(e),r(t)}}),i}_returnSteps(e){if(this._isFinished)return Promise.resolve({value:e,done:!0});this._isFinished=!0;const t=this._reader;if(void 0===t._ownerReadableStream)return _d(Bd("finish iterating"));if(!this._preventCancel){const r=Rd(t,e);return Id(t),Pd(r,(()=>({value:e,done:!0})))}return Id(t),vd({value:e,done:!0})}}const lf={next(){return pf(this)?this._asyncIteratorImpl.next():_d(yf("next"))},return(e){return pf(this)?this._asyncIteratorImpl.return(e):_d(yf("return"))}};function pf(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_asyncIteratorImpl")}function yf(e){return new TypeError(`ReadableStreamAsyncIterator.${e} can only be used on a ReadableSteamAsyncIterator`)}void 0!==df&&Object.setPrototypeOf(lf,df);const bf=Number.isNaN||function(e){return e!=e};function mf(e){return!!function(e){if("number"!=typeof e)return!1;if(bf(e))return!1;if(e<0)return!1;return!0}(e)&&e!==1/0}function gf(e){const t=e._queue.shift();return e._queueTotalSize-=t.size,e._queueTotalSize<0&&(e._queueTotalSize=0),t.value}function wf(e,t,r){if(!mf(r=Number(r)))throw new RangeError("Size must be a finite, non-NaN, non-negative number.");e._queue.push({value:t,size:r}),e._queueTotalSize+=r}function vf(e){e._queue=new Dd,e._queueTotalSize=0}function _f(e){return e.slice()}class kf{constructor(){throw new TypeError("Illegal constructor")}get view(){if(!Ef(this))throw Lf("view");return this._view}respond(e){if(!Ef(this))throw Lf("respond");if(Zd(e,1,"respond"),e=Jd(e,"First parameter"),void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");this._view.buffer,function(e,t){if(t=Number(t),!mf(t))throw new RangeError("bytesWritten must be a finite");Bf(e,t)}(this._associatedReadableByteStreamController,e)}respondWithNewView(e){if(!Ef(this))throw Lf("respondWithNewView");if(Zd(e,1,"respondWithNewView"),!ArrayBuffer.isView(e))throw new TypeError("You can only respond with array buffer views");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");!function(e,t){const r=e._pendingPullIntos.peek();if(r.byteOffset+r.bytesFilled!==t.byteOffset)throw new RangeError("The region specified by view does not match byobRequest");if(r.byteLength!==t.byteLength)throw new RangeError("The buffer of view has different capacity than byobRequest");r.buffer=t.buffer,Bf(e,t.byteLength)}(this._associatedReadableByteStreamController,e)}}Object.defineProperties(kf.prototype,{respond:{enumerable:!0},respondWithNewView:{enumerable:!0},view:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(kf.prototype,hd.toStringTag,{value:"ReadableStreamBYOBRequest",configurable:!0});class Af{constructor(){throw new TypeError("Illegal constructor")}get byobRequest(){if(!Sf(this))throw Nf("byobRequest");if(null===this._byobRequest&&this._pendingPullIntos.length>0){const e=this._pendingPullIntos.peek(),t=new Uint8Array(e.buffer,e.byteOffset+e.bytesFilled,e.byteLength-e.bytesFilled),r=Object.create(kf.prototype);!function(e,t,r){e._associatedReadableByteStreamController=t,e._view=r}(r,this,t),this._byobRequest=r}return this._byobRequest}get desiredSize(){if(!Sf(this))throw Nf("desiredSize");return Ff(this)}close(){if(!Sf(this))throw Nf("close");if(this._closeRequested)throw new TypeError("The stream has already been closed; do not close it again!");const e=this._controlledReadableByteStream._state;if("readable"!==e)throw new TypeError(`The stream (in ${e} state) is not in the readable state and cannot be closed`);!function(e){const t=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==t._state)return;if(e._queueTotalSize>0)return void(e._closeRequested=!0);if(e._pendingPullIntos.length>0){if(e._pendingPullIntos.peek().bytesFilled>0){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");throw qf(e,t),t}}zf(e),gp(t)}(this)}enqueue(e){if(!Sf(this))throw Nf("enqueue");if(Zd(e,1,"enqueue"),!ArrayBuffer.isView(e))throw new TypeError("chunk must be an array buffer view");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(this._closeRequested)throw new TypeError("stream is closed or draining");const t=this._controlledReadableByteStream._state;if("readable"!==t)throw new TypeError(`The stream (in ${t} state) is not in the readable state and cannot be enqueued to`);!function(e,t){const r=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==r._state)return;const i=t.buffer,n=t.byteOffset,a=t.byteLength,s=i;if(sf(r))if(0===af(r))Kf(e,s,n,a);else{nf(r,new Uint8Array(s,n,a),!1)}else Wf(r)?(Kf(e,s,n,a),If(e)):Kf(e,s,n,a);Pf(e)}(this,e)}error(e=undefined){if(!Sf(this))throw Nf("error");qf(this,e)}[Nd](e){if(this._pendingPullIntos.length>0){this._pendingPullIntos.peek().bytesFilled=0}vf(this);const t=this._cancelAlgorithm(e);return zf(this),t}[jd](e){const t=this._controlledReadableByteStream;if(this._queueTotalSize>0){const t=this._queue.shift();this._queueTotalSize-=t.byteLength,Uf(this);const r=new Uint8Array(t.buffer,t.byteOffset,t.byteLength);return void e._chunkSteps(r)}const r=this._autoAllocateChunkSize;if(void 0!==r){let t;try{t=new ArrayBuffer(r)}catch(t){return void e._errorSteps(t)}const i={buffer:t,byteOffset:0,byteLength:r,bytesFilled:0,elementSize:1,viewConstructor:Uint8Array,readerType:"default"};this._pendingPullIntos.push(i)}rf(t,e),Pf(this)}}function Sf(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableByteStream")}function Ef(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_associatedReadableByteStreamController")}function Pf(e){const t=function(e){const t=e._controlledReadableByteStream;if("readable"!==t._state)return!1;if(e._closeRequested)return!1;if(!e._started)return!1;if(sf(t)&&af(t)>0)return!0;if(Wf(t)&&Hf(t)>0)return!0;const r=Ff(e);if(r>0)return!0;return!1}(e);if(!t)return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;Ad(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Pf(e))}),(t=>{qf(e,t)}))}function xf(e,t){let r=!1;"closed"===e._state&&(r=!0);const i=Mf(t);"default"===t.readerType?nf(e,i,r):function(e,t,r){const i=e._reader,n=i._readIntoRequests.shift();r?n._closeSteps(t):n._chunkSteps(t)}(e,i,r)}function Mf(e){const t=e.bytesFilled,r=e.elementSize;return new e.viewConstructor(e.buffer,e.byteOffset,t/r)}function Kf(e,t,r,i){e._queue.push({buffer:t,byteOffset:r,byteLength:i}),e._queueTotalSize+=i}function Cf(e,t){const r=t.elementSize,i=t.bytesFilled-t.bytesFilled%r,n=Math.min(e._queueTotalSize,t.byteLength-t.bytesFilled),a=t.bytesFilled+n,s=a-a%r;let o=n,c=!1;s>i&&(o=s-t.bytesFilled,c=!0);const u=e._queue;for(;o>0;){const r=u.peek(),i=Math.min(o,r.byteLength),n=t.byteOffset+t.bytesFilled;h=t.buffer,d=n,f=r.buffer,l=r.byteOffset,p=i,new Uint8Array(h).set(new Uint8Array(f,l,p),d),r.byteLength===i?u.shift():(r.byteOffset+=i,r.byteLength-=i),e._queueTotalSize-=i,Df(e,i,t),o-=i}var h,d,f,l,p;return c}function Df(e,t,r){Rf(e),r.bytesFilled+=t}function Uf(e){0===e._queueTotalSize&&e._closeRequested?(zf(e),gp(e._controlledReadableByteStream)):Pf(e)}function Rf(e){null!==e._byobRequest&&(e._byobRequest._associatedReadableByteStreamController=void 0,e._byobRequest._view=null,e._byobRequest=null)}function If(e){for(;e._pendingPullIntos.length>0;){if(0===e._queueTotalSize)return;const t=e._pendingPullIntos.peek();Cf(e,t)&&(Tf(e),xf(e._controlledReadableByteStream,t))}}function Bf(e,t){const r=e._pendingPullIntos.peek();if("closed"===e._controlledReadableByteStream._state){if(0!==t)throw new TypeError("bytesWritten must be 0 when calling respond() on a closed stream");!function(e,t){t.buffer=t.buffer;const r=e._controlledReadableByteStream;if(Wf(r))for(;Hf(r)>0;)xf(r,Tf(e))}(e,r)}else!function(e,t,r){if(r.bytesFilled+t>r.byteLength)throw new RangeError("bytesWritten out of range");if(Df(e,t,r),r.bytesFilled0){const t=r.byteOffset+r.bytesFilled,n=r.buffer.slice(t-i,t);Kf(e,n,0,n.byteLength)}r.buffer=r.buffer,r.bytesFilled-=i,xf(e._controlledReadableByteStream,r),If(e)}(e,t,r);Pf(e)}function Tf(e){const t=e._pendingPullIntos.shift();return Rf(e),t}function zf(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0}function qf(e,t){const r=e._controlledReadableByteStream;"readable"===r._state&&(!function(e){Rf(e),e._pendingPullIntos=new Dd}(e),vf(e),zf(e),wp(r,t))}function Ff(e){const t=e._controlledReadableByteStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Of(e,t,r){const i=Object.create(Af.prototype);let n=()=>{},a=()=>vd(void 0),s=()=>vd(void 0);void 0!==t.start&&(n=()=>t.start(i)),void 0!==t.pull&&(a=()=>t.pull(i)),void 0!==t.cancel&&(s=e=>t.cancel(e));const o=t.autoAllocateChunkSize;if(0===o)throw new TypeError("autoAllocateChunkSize must be greater than 0");!function(e,t,r,i,n,a,s){t._controlledReadableByteStream=e,t._pullAgain=!1,t._pulling=!1,t._byobRequest=null,t._queue=t._queueTotalSize=void 0,vf(t),t._closeRequested=!1,t._started=!1,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,t._autoAllocateChunkSize=s,t._pendingPullIntos=new Dd,e._readableStreamController=t,Ad(vd(r()),(()=>{t._started=!0,Pf(t)}),(e=>{qf(t,e)}))}(e,i,n,a,s,r,o)}function Lf(e){return new TypeError(`ReadableStreamBYOBRequest.prototype.${e} can only be used on a ReadableStreamBYOBRequest`)}function Nf(e){return new TypeError(`ReadableByteStreamController.prototype.${e} can only be used on a ReadableByteStreamController`)}function jf(e,t){e._reader._readIntoRequests.push(t)}function Hf(e){return e._reader._readIntoRequests.length}function Wf(e){const t=e._reader;return void 0!==t&&!!Vf(t)}Object.defineProperties(Af.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},byobRequest:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(Af.prototype,hd.toStringTag,{value:"ReadableByteStreamController",configurable:!0});class Gf{constructor(e){if(Zd(e,1,"ReadableStreamBYOBReader"),ef(e,"First parameter"),bp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");if(!Sf(e._readableStreamController))throw new TypeError("Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte source");Ud(this,e),this._readIntoRequests=new Dd}get closed(){return Vf(this)?this._closedPromise:_d($f("closed"))}cancel(e=undefined){return Vf(this)?void 0===this._ownerReadableStream?_d(Bd("cancel")):Rd(this,e):_d($f("cancel"))}read(e){if(!Vf(this))return _d($f("read"));if(!ArrayBuffer.isView(e))return _d(new TypeError("view must be an array buffer view"));if(0===e.byteLength)return _d(new TypeError("view must have non-zero byteLength"));if(0===e.buffer.byteLength)return _d(new TypeError("view's buffer must have non-zero byteLength"));if(void 0===this._ownerReadableStream)return _d(Bd("read from"));let t,r;const i=wd(((e,i)=>{t=e,r=i}));return function(e,t,r){const i=e._ownerReadableStream;i._disturbed=!0,"errored"===i._state?r._errorSteps(i._storedError):function(e,t,r){const i=e._controlledReadableByteStream;let n=1;t.constructor!==DataView&&(n=t.constructor.BYTES_PER_ELEMENT);const a=t.constructor,s={buffer:t.buffer,byteOffset:t.byteOffset,byteLength:t.byteLength,bytesFilled:0,elementSize:n,viewConstructor:a,readerType:"byob"};if(e._pendingPullIntos.length>0)return e._pendingPullIntos.push(s),void jf(i,r);if("closed"!==i._state){if(e._queueTotalSize>0){if(Cf(e,s)){const t=Mf(s);return Uf(e),void r._chunkSteps(t)}if(e._closeRequested){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");return qf(e,t),void r._errorSteps(t)}}e._pendingPullIntos.push(s),jf(i,r),Pf(e)}else{const e=new a(s.buffer,s.byteOffset,0);r._closeSteps(e)}}(i._readableStreamController,t,r)}(this,e,{_chunkSteps:e=>t({value:e,done:!1}),_closeSteps:e=>t({value:e,done:!0}),_errorSteps:e=>r(e)}),i}releaseLock(){if(!Vf(this))throw $f("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readIntoRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");Id(this)}}}function Vf(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readIntoRequests")}function $f(e){return new TypeError(`ReadableStreamBYOBReader.prototype.${e} can only be used on a ReadableStreamBYOBReader`)}function Zf(e,t){const{highWaterMark:r}=e;if(void 0===r)return t;if(bf(r)||r<0)throw new RangeError("Invalid highWaterMark");return r}function Xf(e){const{size:t}=e;return t||(()=>1)}function Yf(e,t){Gd(e,t);const r=null==e?void 0:e.highWaterMark,i=null==e?void 0:e.size;return{highWaterMark:void 0===r?void 0:Yd(r),size:void 0===i?void 0:Qf(i,t+" has member 'size' that")}}function Qf(e,t){return Vd(e,t),t=>Yd(e(t))}function Jf(e,t,r){return Vd(e,r),r=>Cd(e,t,[r])}function el(e,t,r){return Vd(e,r),()=>Cd(e,t,[])}function tl(e,t,r){return Vd(e,r),r=>Kd(e,t,[r])}function rl(e,t,r){return Vd(e,r),(r,i)=>Cd(e,t,[r,i])}function il(e,t){if(!ol(e))throw new TypeError(t+" is not a WritableStream.")}Object.defineProperties(Gf.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(Gf.prototype,hd.toStringTag,{value:"ReadableStreamBYOBReader",configurable:!0});class nl{constructor(e={},t={}){void 0===e?e=null:$d(e,"First parameter");const r=Yf(t,"Second parameter"),i=function(e,t){Gd(e,t);const r=null==e?void 0:e.abort,i=null==e?void 0:e.close,n=null==e?void 0:e.start,a=null==e?void 0:e.type,s=null==e?void 0:e.write;return{abort:void 0===r?void 0:Jf(r,e,t+" has member 'abort' that"),close:void 0===i?void 0:el(i,e,t+" has member 'close' that"),start:void 0===n?void 0:tl(n,e,t+" has member 'start' that"),write:void 0===s?void 0:rl(s,e,t+" has member 'write' that"),type:a}}(e,"First parameter");sl(this);if(void 0!==i.type)throw new RangeError("Invalid type is specified");const n=Xf(r);!function(e,t,r,i){const n=Object.create(El.prototype);let a=()=>{},s=()=>vd(void 0),o=()=>vd(void 0),c=()=>vd(void 0);void 0!==t.start&&(a=()=>t.start(n));void 0!==t.write&&(s=e=>t.write(e,n));void 0!==t.close&&(o=()=>t.close());void 0!==t.abort&&(c=e=>t.abort(e));Pl(e,n,a,s,o,c,r,i)}(this,i,Zf(r,1),n)}get locked(){if(!ol(this))throw Rl("locked");return cl(this)}abort(e=undefined){return ol(this)?cl(this)?_d(new TypeError("Cannot abort a stream that already has a writer")):ul(this,e):_d(Rl("abort"))}close(){return ol(this)?cl(this)?_d(new TypeError("Cannot close a stream that already has a writer")):pl(this)?_d(new TypeError("Cannot close an already-closing stream")):hl(this):_d(Rl("close"))}getWriter(){if(!ol(this))throw Rl("getWriter");return al(this)}}function al(e){return new ml(e)}function sl(e){e._state="writable",e._storedError=void 0,e._writer=void 0,e._writableStreamController=void 0,e._writeRequests=new Dd,e._inFlightWriteRequest=void 0,e._closeRequest=void 0,e._inFlightCloseRequest=void 0,e._pendingAbortRequest=void 0,e._backpressure=!1}function ol(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_writableStreamController")}function cl(e){return void 0!==e._writer}function ul(e,t){const r=e._state;if("closed"===r||"errored"===r)return vd(void 0);if(void 0!==e._pendingAbortRequest)return e._pendingAbortRequest._promise;let i=!1;"erroring"===r&&(i=!0,t=void 0);const n=wd(((r,n)=>{e._pendingAbortRequest={_promise:void 0,_resolve:r,_reject:n,_reason:t,_wasAlreadyErroring:i}}));return e._pendingAbortRequest._promise=n,i||fl(e,t),n}function hl(e){const t=e._state;if("closed"===t||"errored"===t)return _d(new TypeError(`The stream (in ${t} state) is not in the writable state and cannot be closed`));const r=wd(((t,r)=>{const i={_resolve:t,_reject:r};e._closeRequest=i})),i=e._writer;var n;return void 0!==i&&e._backpressure&&"writable"===t&&Hl(i),wf(n=e._writableStreamController,Sl,0),Kl(n),r}function dl(e,t){"writable"!==e._state?ll(e):fl(e,t)}function fl(e,t){const r=e._writableStreamController;e._state="erroring",e._storedError=t;const i=e._writer;void 0!==i&&_l(i,t),!function(e){if(void 0===e._inFlightWriteRequest&&void 0===e._inFlightCloseRequest)return!1;return!0}(e)&&r._started&&ll(e)}function ll(e){e._state="errored",e._writableStreamController[Ld]();const t=e._storedError;if(e._writeRequests.forEach((e=>{e._reject(t)})),e._writeRequests=new Dd,void 0===e._pendingAbortRequest)return void yl(e);const r=e._pendingAbortRequest;if(e._pendingAbortRequest=void 0,r._wasAlreadyErroring)return r._reject(t),void yl(e);Ad(e._writableStreamController[Od](r._reason),(()=>{r._resolve(),yl(e)}),(t=>{r._reject(t),yl(e)}))}function pl(e){return void 0!==e._closeRequest||void 0!==e._inFlightCloseRequest}function yl(e){void 0!==e._closeRequest&&(e._closeRequest._reject(e._storedError),e._closeRequest=void 0);const t=e._writer;void 0!==t&&ql(t,e._storedError)}function bl(e,t){const r=e._writer;void 0!==r&&t!==e._backpressure&&(t?function(e){Ol(e)}(r):Hl(r)),e._backpressure=t}Object.defineProperties(nl.prototype,{abort:{enumerable:!0},close:{enumerable:!0},getWriter:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(nl.prototype,hd.toStringTag,{value:"WritableStream",configurable:!0});class ml{constructor(e){if(Zd(e,1,"WritableStreamDefaultWriter"),il(e,"First parameter"),cl(e))throw new TypeError("This stream has already been locked for exclusive writing by another writer");this._ownerWritableStream=e,e._writer=this;const t=e._state;if("writable"===t)!pl(e)&&e._backpressure?Ol(this):Nl(this),Tl(this);else if("erroring"===t)Ll(this,e._storedError),Tl(this);else if("closed"===t)Nl(this),Tl(r=this),Fl(r);else{const t=e._storedError;Ll(this,t),zl(this,t)}var r}get closed(){return gl(this)?this._closedPromise:_d(Il("closed"))}get desiredSize(){if(!gl(this))throw Il("desiredSize");if(void 0===this._ownerWritableStream)throw Bl("desiredSize");return function(e){const t=e._ownerWritableStream,r=t._state;if("errored"===r||"erroring"===r)return null;if("closed"===r)return 0;return Ml(t._writableStreamController)}(this)}get ready(){return gl(this)?this._readyPromise:_d(Il("ready"))}abort(e=undefined){return gl(this)?void 0===this._ownerWritableStream?_d(Bl("abort")):function(e,t){const r=e._ownerWritableStream;return ul(r,t)}(this,e):_d(Il("abort"))}close(){if(!gl(this))return _d(Il("close"));const e=this._ownerWritableStream;return void 0===e?_d(Bl("close")):pl(e)?_d(new TypeError("Cannot close an already-closing stream")):wl(this)}releaseLock(){if(!gl(this))throw Il("releaseLock");void 0!==this._ownerWritableStream&&kl(this)}write(e=undefined){return gl(this)?void 0===this._ownerWritableStream?_d(Bl("write to")):Al(this,e):_d(Il("write"))}}function gl(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_ownerWritableStream")}function wl(e){return hl(e._ownerWritableStream)}function vl(e,t){"pending"===e._closedPromiseState?ql(e,t):function(e,t){zl(e,t)}(e,t)}function _l(e,t){"pending"===e._readyPromiseState?jl(e,t):function(e,t){Ll(e,t)}(e,t)}function kl(e){const t=e._ownerWritableStream,r=new TypeError("Writer was released and can no longer be used to monitor the stream's closedness");_l(e,r),vl(e,r),t._writer=void 0,e._ownerWritableStream=void 0}function Al(e,t){const r=e._ownerWritableStream,i=r._writableStreamController,n=function(e,t){try{return e._strategySizeAlgorithm(t)}catch(t){return Cl(e,t),1}}(i,t);if(r!==e._ownerWritableStream)return _d(Bl("write to"));const a=r._state;if("errored"===a)return _d(r._storedError);if(pl(r)||"closed"===a)return _d(new TypeError("The stream is closing or closed and cannot be written to"));if("erroring"===a)return _d(r._storedError);const s=function(e){return wd(((t,r)=>{const i={_resolve:t,_reject:r};e._writeRequests.push(i)}))}(r);return function(e,t,r){try{wf(e,t,r)}catch(t){return void Cl(e,t)}const i=e._controlledWritableStream;if(!pl(i)&&"writable"===i._state){bl(i,Dl(e))}Kl(e)}(i,t,n),s}Object.defineProperties(ml.prototype,{abort:{enumerable:!0},close:{enumerable:!0},releaseLock:{enumerable:!0},write:{enumerable:!0},closed:{enumerable:!0},desiredSize:{enumerable:!0},ready:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(ml.prototype,hd.toStringTag,{value:"WritableStreamDefaultWriter",configurable:!0});const Sl={};class El{constructor(){throw new TypeError("Illegal constructor")}error(e=undefined){if(!function(e){if(!ld(e))return!1;if(!Object.prototype.hasOwnProperty.call(e,"_controlledWritableStream"))return!1;return!0}(this))throw new TypeError("WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController");"writable"===this._controlledWritableStream._state&&Ul(this,e)}[Od](e){const t=this._abortAlgorithm(e);return xl(this),t}[Ld](){vf(this)}}function Pl(e,t,r,i,n,a,s,o){t._controlledWritableStream=e,e._writableStreamController=t,t._queue=void 0,t._queueTotalSize=void 0,vf(t),t._started=!1,t._strategySizeAlgorithm=o,t._strategyHWM=s,t._writeAlgorithm=i,t._closeAlgorithm=n,t._abortAlgorithm=a;const c=Dl(t);bl(e,c);Ad(vd(r()),(()=>{t._started=!0,Kl(t)}),(r=>{t._started=!0,dl(e,r)}))}function xl(e){e._writeAlgorithm=void 0,e._closeAlgorithm=void 0,e._abortAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function Ml(e){return e._strategyHWM-e._queueTotalSize}function Kl(e){const t=e._controlledWritableStream;if(!e._started)return;if(void 0!==t._inFlightWriteRequest)return;if("erroring"===t._state)return void ll(t);if(0===e._queue.length)return;const r=e._queue.peek().value;r===Sl?function(e){const t=e._controlledWritableStream;(function(e){e._inFlightCloseRequest=e._closeRequest,e._closeRequest=void 0})(t),gf(e);const r=e._closeAlgorithm();xl(e),Ad(r,(()=>{!function(e){e._inFlightCloseRequest._resolve(void 0),e._inFlightCloseRequest=void 0,"erroring"===e._state&&(e._storedError=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._resolve(),e._pendingAbortRequest=void 0)),e._state="closed";const t=e._writer;void 0!==t&&Fl(t)}(t)}),(e=>{!function(e,t){e._inFlightCloseRequest._reject(t),e._inFlightCloseRequest=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._reject(t),e._pendingAbortRequest=void 0),dl(e,t)}(t,e)}))}(e):function(e,t){const r=e._controlledWritableStream;!function(e){e._inFlightWriteRequest=e._writeRequests.shift()}(r);const i=e._writeAlgorithm(t);Ad(i,(()=>{!function(e){e._inFlightWriteRequest._resolve(void 0),e._inFlightWriteRequest=void 0}(r);const t=r._state;if(gf(e),!pl(r)&&"writable"===t){const t=Dl(e);bl(r,t)}Kl(e)}),(t=>{"writable"===r._state&&xl(e),function(e,t){e._inFlightWriteRequest._reject(t),e._inFlightWriteRequest=void 0,dl(e,t)}(r,t)}))}(e,r)}function Cl(e,t){"writable"===e._controlledWritableStream._state&&Ul(e,t)}function Dl(e){return Ml(e)<=0}function Ul(e,t){const r=e._controlledWritableStream;xl(e),fl(r,t)}function Rl(e){return new TypeError(`WritableStream.prototype.${e} can only be used on a WritableStream`)}function Il(e){return new TypeError(`WritableStreamDefaultWriter.prototype.${e} can only be used on a WritableStreamDefaultWriter`)}function Bl(e){return new TypeError("Cannot "+e+" a stream using a released writer")}function Tl(e){e._closedPromise=wd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r,e._closedPromiseState="pending"}))}function zl(e,t){Tl(e),ql(e,t)}function ql(e,t){void 0!==e._closedPromise_reject&&(xd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="rejected")}function Fl(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="resolved")}function Ol(e){e._readyPromise=wd(((t,r)=>{e._readyPromise_resolve=t,e._readyPromise_reject=r})),e._readyPromiseState="pending"}function Ll(e,t){Ol(e),jl(e,t)}function Nl(e){Ol(e),Hl(e)}function jl(e,t){void 0!==e._readyPromise_reject&&(xd(e._readyPromise),e._readyPromise_reject(t),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="rejected")}function Hl(e){void 0!==e._readyPromise_resolve&&(e._readyPromise_resolve(void 0),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="fulfilled")}Object.defineProperties(El.prototype,{error:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(El.prototype,hd.toStringTag,{value:"WritableStreamDefaultController",configurable:!0});const Wl="undefined"!=typeof DOMException?DOMException:void 0;const Gl=function(e){if("function"!=typeof e&&"object"!=typeof e)return!1;try{return new e,!0}catch(e){return!1}}(Wl)?Wl:function(){const e=function(e,t){this.message=e||"",this.name=t||"Error",Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)};return Object.defineProperty(e.prototype=Object.create(Error.prototype),"constructor",{value:e,writable:!0,configurable:!0}),e}();function Vl(e,t,r,i,n,a){const s=tf(e),o=al(t);e._disturbed=!0;let c=!1,u=vd(void 0);return wd(((h,d)=>{let f;if(void 0!==a){if(f=()=>{const r=new Gl("Aborted","AbortError"),a=[];i||a.push((()=>"writable"===t._state?ul(t,r):vd(void 0))),n||a.push((()=>"readable"===e._state?mp(e,r):vd(void 0))),y((()=>Promise.all(a.map((e=>e())))),!0,r)},a.aborted)return void f();a.addEventListener("abort",f)}if(p(e,s._closedPromise,(e=>{i?b(!0,e):y((()=>ul(t,e)),!0,e)})),p(t,o._closedPromise,(t=>{n?b(!0,t):y((()=>mp(e,t)),!0,t)})),function(e,t,r){"closed"===e._state?r():Sd(t,r)}(e,s._closedPromise,(()=>{r?b():y((()=>function(e){const t=e._ownerWritableStream,r=t._state;return pl(t)||"closed"===r?vd(void 0):"errored"===r?_d(t._storedError):wl(e)}(o)))})),pl(t)||"closed"===t._state){const t=new TypeError("the destination writable stream closed before all data could be piped to it");n?b(!0,t):y((()=>mp(e,t)),!0,t)}function l(){const e=u;return kd(u,(()=>e!==u?l():void 0))}function p(e,t,r){"errored"===e._state?r(e._storedError):Ed(t,r)}function y(e,r,i){function n(){Ad(e(),(()=>m(r,i)),(e=>m(!0,e)))}c||(c=!0,"writable"!==t._state||pl(t)?n():Sd(l(),n))}function b(e,r){c||(c=!0,"writable"!==t._state||pl(t)?m(e,r):Sd(l(),(()=>m(e,r))))}function m(e,t){kl(o),Id(s),void 0!==a&&a.removeEventListener("abort",f),e?d(t):h(void 0)}xd(wd(((e,t)=>{!function r(i){i?e():kd(c?vd(!0):kd(o._readyPromise,(()=>wd(((e,t)=>{uf(s,{_chunkSteps:t=>{u=kd(Al(o,t),void 0,dd),e(!1)},_closeSteps:()=>e(!0),_errorSteps:t})})))),r,t)}(!1)})))}))}class $l{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Zl(this))throw ap("desiredSize");return rp(this)}close(){if(!Zl(this))throw ap("close");if(!ip(this))throw new TypeError("The stream is not in a state that permits close");Jl(this)}enqueue(e=undefined){if(!Zl(this))throw ap("enqueue");if(!ip(this))throw new TypeError("The stream is not in a state that permits enqueue");return ep(this,e)}error(e=undefined){if(!Zl(this))throw ap("error");tp(this,e)}[Nd](e){vf(this);const t=this._cancelAlgorithm(e);return Ql(this),t}[jd](e){const t=this._controlledReadableStream;if(this._queue.length>0){const r=gf(this);this._closeRequested&&0===this._queue.length?(Ql(this),gp(t)):Xl(this),e._chunkSteps(r)}else rf(t,e),Xl(this)}}function Zl(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableStream")}function Xl(e){if(!Yl(e))return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;Ad(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Xl(e))}),(t=>{tp(e,t)}))}function Yl(e){const t=e._controlledReadableStream;if(!ip(e))return!1;if(!e._started)return!1;if(bp(t)&&af(t)>0)return!0;return rp(e)>0}function Ql(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function Jl(e){if(!ip(e))return;const t=e._controlledReadableStream;e._closeRequested=!0,0===e._queue.length&&(Ql(e),gp(t))}function ep(e,t){if(!ip(e))return;const r=e._controlledReadableStream;if(bp(r)&&af(r)>0)nf(r,t,!1);else{let r;try{r=e._strategySizeAlgorithm(t)}catch(t){throw tp(e,t),t}try{wf(e,t,r)}catch(t){throw tp(e,t),t}}Xl(e)}function tp(e,t){const r=e._controlledReadableStream;"readable"===r._state&&(vf(e),Ql(e),wp(r,t))}function rp(e){const t=e._controlledReadableStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function ip(e){const t=e._controlledReadableStream._state;return!e._closeRequested&&"readable"===t}function np(e,t,r,i,n,a,s){t._controlledReadableStream=e,t._queue=void 0,t._queueTotalSize=void 0,vf(t),t._started=!1,t._closeRequested=!1,t._pullAgain=!1,t._pulling=!1,t._strategySizeAlgorithm=s,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,e._readableStreamController=t;Ad(vd(r()),(()=>{t._started=!0,Xl(t)}),(e=>{tp(t,e)}))}function ap(e){return new TypeError(`ReadableStreamDefaultController.prototype.${e} can only be used on a ReadableStreamDefaultController`)}function sp(e,t,r){return Vd(e,r),r=>Cd(e,t,[r])}function op(e,t,r){return Vd(e,r),r=>Cd(e,t,[r])}function cp(e,t,r){return Vd(e,r),r=>Kd(e,t,[r])}function up(e,t){if("bytes"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamType`);return e}function hp(e,t){if("byob"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamReaderMode`);return e}function dp(e,t){Gd(e,t);const r=null==e?void 0:e.preventAbort,i=null==e?void 0:e.preventCancel,n=null==e?void 0:e.preventClose,a=null==e?void 0:e.signal;return void 0!==a&&function(e,t){if(!function(e){if("object"!=typeof e||null===e)return!1;try{return"boolean"==typeof e.aborted}catch(e){return!1}}(e))throw new TypeError(t+" is not an AbortSignal.")}(a,t+" has member 'signal' that"),{preventAbort:!!r,preventCancel:!!i,preventClose:!!n,signal:a}}Object.defineProperties($l.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty($l.prototype,hd.toStringTag,{value:"ReadableStreamDefaultController",configurable:!0});class fp{constructor(e={},t={}){void 0===e?e=null:$d(e,"First parameter");const r=Yf(t,"Second parameter"),i=function(e,t){Gd(e,t);const r=e,i=null==r?void 0:r.autoAllocateChunkSize,n=null==r?void 0:r.cancel,a=null==r?void 0:r.pull,s=null==r?void 0:r.start,o=null==r?void 0:r.type;return{autoAllocateChunkSize:void 0===i?void 0:Jd(i,t+" has member 'autoAllocateChunkSize' that"),cancel:void 0===n?void 0:sp(n,r,t+" has member 'cancel' that"),pull:void 0===a?void 0:op(a,r,t+" has member 'pull' that"),start:void 0===s?void 0:cp(s,r,t+" has member 'start' that"),type:void 0===o?void 0:up(o,t+" has member 'type' that")}}(e,"First parameter");if(pp(this),"bytes"===i.type){if(void 0!==r.size)throw new RangeError("The strategy for a byte stream cannot have a size function");Of(this,i,Zf(r,0))}else{const e=Xf(r);!function(e,t,r,i){const n=Object.create($l.prototype);let a=()=>{},s=()=>vd(void 0),o=()=>vd(void 0);void 0!==t.start&&(a=()=>t.start(n)),void 0!==t.pull&&(s=()=>t.pull(n)),void 0!==t.cancel&&(o=e=>t.cancel(e)),np(e,n,a,s,o,r,i)}(this,i,Zf(r,1),e)}}get locked(){if(!yp(this))throw vp("locked");return bp(this)}cancel(e=undefined){return yp(this)?bp(this)?_d(new TypeError("Cannot cancel a stream that already has a reader")):mp(this,e):_d(vp("cancel"))}getReader(e=undefined){if(!yp(this))throw vp("getReader");const t=function(e,t){Gd(e,t);const r=null==e?void 0:e.mode;return{mode:void 0===r?void 0:hp(r,t+" has member 'mode' that")}}(e,"First parameter");return void 0===t.mode?tf(this):function(e){return new Gf(e)}(this)}pipeThrough(e,t={}){if(!yp(this))throw vp("pipeThrough");Zd(e,1,"pipeThrough");const r=function(e,t){Gd(e,t);const r=null==e?void 0:e.readable;Xd(r,"readable","ReadableWritablePair"),ef(r,t+" has member 'readable' that");const i=null==e?void 0:e.writable;return Xd(i,"writable","ReadableWritablePair"),il(i,t+" has member 'writable' that"),{readable:r,writable:i}}(e,"First parameter"),i=dp(t,"Second parameter");if(bp(this))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream");if(cl(r.writable))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream");return xd(Vl(this,r.writable,i.preventClose,i.preventAbort,i.preventCancel,i.signal)),r.readable}pipeTo(e,t={}){if(!yp(this))return _d(vp("pipeTo"));if(void 0===e)return _d("Parameter 1 is required in 'pipeTo'.");if(!ol(e))return _d(new TypeError("ReadableStream.prototype.pipeTo's first argument must be a WritableStream"));let r;try{r=dp(t,"Second parameter")}catch(e){return _d(e)}return bp(this)?_d(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream")):cl(e)?_d(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream")):Vl(this,e,r.preventClose,r.preventAbort,r.preventCancel,r.signal)}tee(){if(!yp(this))throw vp("tee");const e=function(e,t){const r=tf(e);let i,n,a,s,o,c=!1,u=!1,h=!1;const d=wd((e=>{o=e}));function f(){return c||(c=!0,uf(r,{_chunkSteps:e=>{Md((()=>{c=!1;const t=e,r=e;u||ep(a._readableStreamController,t),h||ep(s._readableStreamController,r)}))},_closeSteps:()=>{c=!1,u||Jl(a._readableStreamController),h||Jl(s._readableStreamController),u&&h||o(void 0)},_errorSteps:()=>{c=!1}})),vd(void 0)}function l(){}return a=lp(l,f,(function(t){if(u=!0,i=t,h){const t=_f([i,n]),r=mp(e,t);o(r)}return d})),s=lp(l,f,(function(t){if(h=!0,n=t,u){const t=_f([i,n]),r=mp(e,t);o(r)}return d})),Ed(r._closedPromise,(e=>{tp(a._readableStreamController,e),tp(s._readableStreamController,e),u&&h||o(void 0)})),[a,s]}(this);return _f(e)}values(e=undefined){if(!yp(this))throw vp("values");return function(e,t){const r=tf(e),i=new ff(r,t),n=Object.create(lf);return n._asyncIteratorImpl=i,n}(this,function(e,t){return Gd(e,t),{preventCancel:!!(null==e?void 0:e.preventCancel)}}(e,"First parameter").preventCancel)}}function lp(e,t,r,i=1,n=(()=>1)){const a=Object.create(fp.prototype);pp(a);return np(a,Object.create($l.prototype),e,t,r,i,n),a}function pp(e){e._state="readable",e._reader=void 0,e._storedError=void 0,e._disturbed=!1}function yp(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readableStreamController")}function bp(e){return void 0!==e._reader}function mp(e,t){if(e._disturbed=!0,"closed"===e._state)return vd(void 0);if("errored"===e._state)return _d(e._storedError);gp(e);return Pd(e._readableStreamController[Nd](t),dd)}function gp(e){e._state="closed";const t=e._reader;void 0!==t&&(Fd(t),cf(t)&&(t._readRequests.forEach((e=>{e._closeSteps()})),t._readRequests=new Dd))}function wp(e,t){e._state="errored",e._storedError=t;const r=e._reader;void 0!==r&&(qd(r,t),cf(r)?(r._readRequests.forEach((e=>{e._errorSteps(t)})),r._readRequests=new Dd):(r._readIntoRequests.forEach((e=>{e._errorSteps(t)})),r._readIntoRequests=new Dd))}function vp(e){return new TypeError(`ReadableStream.prototype.${e} can only be used on a ReadableStream`)}function _p(e,t){Gd(e,t);const r=null==e?void 0:e.highWaterMark;return Xd(r,"highWaterMark","QueuingStrategyInit"),{highWaterMark:Yd(r)}}Object.defineProperties(fp.prototype,{cancel:{enumerable:!0},getReader:{enumerable:!0},pipeThrough:{enumerable:!0},pipeTo:{enumerable:!0},tee:{enumerable:!0},values:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(fp.prototype,hd.toStringTag,{value:"ReadableStream",configurable:!0}),"symbol"==typeof hd.asyncIterator&&Object.defineProperty(fp.prototype,hd.asyncIterator,{value:fp.prototype.values,writable:!0,configurable:!0});const kp=function(e){return e.byteLength};class Ap{constructor(e){Zd(e,1,"ByteLengthQueuingStrategy"),e=_p(e,"First parameter"),this._byteLengthQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!Ep(this))throw Sp("highWaterMark");return this._byteLengthQueuingStrategyHighWaterMark}get size(){if(!Ep(this))throw Sp("size");return kp}}function Sp(e){return new TypeError(`ByteLengthQueuingStrategy.prototype.${e} can only be used on a ByteLengthQueuingStrategy`)}function Ep(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_byteLengthQueuingStrategyHighWaterMark")}Object.defineProperties(Ap.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(Ap.prototype,hd.toStringTag,{value:"ByteLengthQueuingStrategy",configurable:!0});const Pp=function(){return 1};class xp{constructor(e){Zd(e,1,"CountQueuingStrategy"),e=_p(e,"First parameter"),this._countQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!Kp(this))throw Mp("highWaterMark");return this._countQueuingStrategyHighWaterMark}get size(){if(!Kp(this))throw Mp("size");return Pp}}function Mp(e){return new TypeError(`CountQueuingStrategy.prototype.${e} can only be used on a CountQueuingStrategy`)}function Kp(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_countQueuingStrategyHighWaterMark")}function Cp(e,t,r){return Vd(e,r),r=>Cd(e,t,[r])}function Dp(e,t,r){return Vd(e,r),r=>Kd(e,t,[r])}function Up(e,t,r){return Vd(e,r),(r,i)=>Cd(e,t,[r,i])}Object.defineProperties(xp.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(xp.prototype,hd.toStringTag,{value:"CountQueuingStrategy",configurable:!0});class Rp{constructor(e={},t={},r={}){void 0===e&&(e=null);const i=Yf(t,"Second parameter"),n=Yf(r,"Third parameter"),a=function(e,t){Gd(e,t);const r=null==e?void 0:e.flush,i=null==e?void 0:e.readableType,n=null==e?void 0:e.start,a=null==e?void 0:e.transform,s=null==e?void 0:e.writableType;return{flush:void 0===r?void 0:Cp(r,e,t+" has member 'flush' that"),readableType:i,start:void 0===n?void 0:Dp(n,e,t+" has member 'start' that"),transform:void 0===a?void 0:Up(a,e,t+" has member 'transform' that"),writableType:s}}(e,"First parameter");if(void 0!==a.readableType)throw new RangeError("Invalid readableType specified");if(void 0!==a.writableType)throw new RangeError("Invalid writableType specified");const s=Zf(n,0),o=Xf(n),c=Zf(i,1),u=Xf(i);let h;!function(e,t,r,i,n,a){function s(){return t}function o(t){return function(e,t){const r=e._transformStreamController;if(e._backpressure){return Pd(e._backpressureChangePromise,(()=>{const i=e._writable;if("erroring"===i._state)throw i._storedError;return Np(r,t)}))}return Np(r,t)}(e,t)}function c(t){return function(e,t){return Bp(e,t),vd(void 0)}(e,t)}function u(){return function(e){const t=e._readable,r=e._transformStreamController,i=r._flushAlgorithm();return Op(r),Pd(i,(()=>{if("errored"===t._state)throw t._storedError;Jl(t._readableStreamController)}),(r=>{throw Bp(e,r),t._storedError}))}(e)}function h(){return function(e){return zp(e,!1),e._backpressureChangePromise}(e)}function d(t){return Tp(e,t),vd(void 0)}e._writable=function(e,t,r,i,n=1,a=(()=>1)){const s=Object.create(nl.prototype);return sl(s),Pl(s,Object.create(El.prototype),e,t,r,i,n,a),s}(s,o,u,c,r,i),e._readable=lp(s,h,d,n,a),e._backpressure=void 0,e._backpressureChangePromise=void 0,e._backpressureChangePromise_resolve=void 0,zp(e,!0),e._transformStreamController=void 0}(this,wd((e=>{h=e})),c,u,s,o),function(e,t){const r=Object.create(qp.prototype);let i=e=>{try{return Lp(r,e),vd(void 0)}catch(e){return _d(e)}},n=()=>vd(void 0);void 0!==t.transform&&(i=e=>t.transform(e,r));void 0!==t.flush&&(n=()=>t.flush(r));!function(e,t,r,i){t._controlledTransformStream=e,e._transformStreamController=t,t._transformAlgorithm=r,t._flushAlgorithm=i}(e,r,i,n)}(this,a),void 0!==a.start?h(a.start(this._transformStreamController)):h(void 0)}get readable(){if(!Ip(this))throw Hp("readable");return this._readable}get writable(){if(!Ip(this))throw Hp("writable");return this._writable}}function Ip(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_transformStreamController")}function Bp(e,t){tp(e._readable._readableStreamController,t),Tp(e,t)}function Tp(e,t){Op(e._transformStreamController),Cl(e._writable._writableStreamController,t),e._backpressure&&zp(e,!1)}function zp(e,t){void 0!==e._backpressureChangePromise&&e._backpressureChangePromise_resolve(),e._backpressureChangePromise=wd((t=>{e._backpressureChangePromise_resolve=t})),e._backpressure=t}Object.defineProperties(Rp.prototype,{readable:{enumerable:!0},writable:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(Rp.prototype,hd.toStringTag,{value:"TransformStream",configurable:!0});class qp{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Fp(this))throw jp("desiredSize");return rp(this._controlledTransformStream._readable._readableStreamController)}enqueue(e=undefined){if(!Fp(this))throw jp("enqueue");Lp(this,e)}error(e=undefined){if(!Fp(this))throw jp("error");var t;t=e,Bp(this._controlledTransformStream,t)}terminate(){if(!Fp(this))throw jp("terminate");!function(e){const t=e._controlledTransformStream,r=t._readable._readableStreamController;Jl(r);Tp(t,new TypeError("TransformStream terminated"))}(this)}}function Fp(e){return!!ld(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledTransformStream")}function Op(e){e._transformAlgorithm=void 0,e._flushAlgorithm=void 0}function Lp(e,t){const r=e._controlledTransformStream,i=r._readable._readableStreamController;if(!ip(i))throw new TypeError("Readable side is not in a state that permits enqueue");try{ep(i,t)}catch(e){throw Tp(r,e),r._readable._storedError}const n=function(e){return!Yl(e)}(i);n!==r._backpressure&&zp(r,!0)}function Np(e,t){return Pd(e._transformAlgorithm(t),void 0,(t=>{throw Bp(e._controlledTransformStream,t),t}))}function jp(e){return new TypeError(`TransformStreamDefaultController.prototype.${e} can only be used on a TransformStreamDefaultController`)}function Hp(e){return new TypeError(`TransformStream.prototype.${e} can only be used on a TransformStream`)}Object.defineProperties(qp.prototype,{enqueue:{enumerable:!0},error:{enumerable:!0},terminate:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof hd.toStringTag&&Object.defineProperty(qp.prototype,hd.toStringTag,{value:"TransformStreamDefaultController",configurable:!0});var Wp=/*#__PURE__*/Object.freeze({__proto__:null,ByteLengthQueuingStrategy:Ap,CountQueuingStrategy:xp,ReadableByteStreamController:Af,ReadableStream:fp,ReadableStreamBYOBReader:Gf,ReadableStreamBYOBRequest:kf,ReadableStreamDefaultController:$l,ReadableStreamDefaultReader:of,TransformStream:Rp,TransformStreamDefaultController:qp,WritableStream:nl,WritableStreamDefaultController:El,WritableStreamDefaultWriter:ml}),Gp=function(e,t){return Gp=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},Gp(e,t)}; -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */function Vp(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+t+" is not a constructor or null");function r(){this.constructor=e}Gp(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}function $p(e){if(!e)throw new TypeError("Assertion failed")}function Zp(){}function Xp(e){return"object"==typeof e&&null!==e||"function"==typeof e}function Yp(e){if("function"!=typeof e)return!1;var t=!1;try{new e({start:function(){t=!0}})}catch(e){}return t}function Qp(e){return!!Xp(e)&&"function"==typeof e.getReader}function Jp(e){return!!Xp(e)&&"function"==typeof e.getWriter}function ey(e){return!!Xp(e)&&(!!Qp(e.readable)&&!!Jp(e.writable))}function ty(e){try{return e.getReader({mode:"byob"}).releaseLock(),!0}catch(e){return!1}}function ry(e,t){var r=(void 0===t?{}:t).type;return $p(Qp(e)),$p(!1===e.locked),"bytes"===(r=iy(r))?new oy(e):new ay(e)}function iy(e){var t=e+"";if("bytes"===t)return t;if(void 0===e)return e;throw new RangeError("Invalid type is specified")}var ny=function(){function e(e){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=e,this._attachDefaultReader()}return e.prototype.start=function(e){this._readableStreamController=e},e.prototype.cancel=function(e){return $p(void 0!==this._underlyingReader),this._underlyingReader.cancel(e)},e.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var e=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(e)}},e.prototype._attachReader=function(e){var t=this;$p(void 0===this._underlyingReader),this._underlyingReader=e;var r=this._underlyingReader.closed;r&&r.then((function(){return t._finishPendingRead()})).then((function(){e===t._underlyingReader&&t._readableStreamController.close()}),(function(r){e===t._underlyingReader&&t._readableStreamController.error(r)})).catch(Zp)},e.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},e.prototype._pullWithDefaultReader=function(){var e=this;this._attachDefaultReader();var t=this._underlyingReader.read().then((function(t){var r=e._readableStreamController;t.done?e._tryClose():r.enqueue(t.value)}));return this._setPendingRead(t),t},e.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(e){}},e.prototype._setPendingRead=function(e){var t,r=this,i=function(){r._pendingRead===t&&(r._pendingRead=void 0)};this._pendingRead=t=e.then(i,i)},e.prototype._finishPendingRead=function(){var e=this;if(this._pendingRead){var t=function(){return e._finishPendingRead()};return this._pendingRead.then(t,t)}},e}(),ay=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return Vp(t,e),t.prototype.pull=function(){return this._pullWithDefaultReader()},t}(ny);function sy(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}var oy=function(e){function t(t){var r=this,i=ty(t);return(r=e.call(this,t)||this)._supportsByob=i,r}return Vp(t,e),Object.defineProperty(t.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),t.prototype._attachByobReader=function(){if("byob"!==this._readerMode){$p(this._supportsByob),this._detachReader();var e=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(e)}},t.prototype.pull=function(){if(this._supportsByob){var e=this._readableStreamController.byobRequest;if(e)return this._pullWithByobRequest(e)}return this._pullWithDefaultReader()},t.prototype._pullWithByobRequest=function(e){var t=this;this._attachByobReader();var r=new Uint8Array(e.view.byteLength),i=this._underlyingReader.read(r).then((function(r){var i,n,a;t._readableStreamController,r.done?(t._tryClose(),e.respond(0)):(i=r.value,n=e.view,a=sy(i),sy(n).set(a,0),e.respond(r.value.byteLength))}));return this._setPendingRead(i),i},t}(ny);function cy(e){$p(Jp(e)),$p(!1===e.locked);var t=e.getWriter();return new uy(t)}var uy=function(){function e(e){var t=this;this._writableStreamController=void 0,this._pendingWrite=void 0,this._state="writable",this._storedError=void 0,this._underlyingWriter=e,this._errorPromise=new Promise((function(e,r){t._errorPromiseReject=r})),this._errorPromise.catch(Zp)}return e.prototype.start=function(e){var t=this;this._writableStreamController=e,this._underlyingWriter.closed.then((function(){t._state="closed"})).catch((function(e){return t._finishErroring(e)}))},e.prototype.write=function(e){var t=this,r=this._underlyingWriter;if(null===r.desiredSize)return r.ready;var i=r.write(e);i.catch((function(e){return t._finishErroring(e)})),r.ready.catch((function(e){return t._startErroring(e)}));var n=Promise.race([i,this._errorPromise]);return this._setPendingWrite(n),n},e.prototype.close=function(){var e=this;return void 0===this._pendingWrite?this._underlyingWriter.close():this._finishPendingWrite().then((function(){return e.close()}))},e.prototype.abort=function(e){if("errored"!==this._state)return this._underlyingWriter.abort(e)},e.prototype._setPendingWrite=function(e){var t,r=this,i=function(){r._pendingWrite===t&&(r._pendingWrite=void 0)};this._pendingWrite=t=e.then(i,i)},e.prototype._finishPendingWrite=function(){var e=this;if(void 0===this._pendingWrite)return Promise.resolve();var t=function(){return e._finishPendingWrite()};return this._pendingWrite.then(t,t)},e.prototype._startErroring=function(e){var t=this;if("writable"===this._state){this._state="erroring",this._storedError=e;var r=function(){return t._finishErroring(e)};void 0===this._pendingWrite?r():this._finishPendingWrite().then(r,r),this._writableStreamController.error(e)}},e.prototype._finishErroring=function(e){"writable"===this._state&&this._startErroring(e),"erroring"===this._state&&(this._state="errored",this._errorPromiseReject(this._storedError))},e}();function hy(e){$p(ey(e));var t=e.readable,r=e.writable;$p(!1===t.locked),$p(!1===r.locked);var i,n=t.getReader();try{i=r.getWriter()}catch(e){throw n.releaseLock(),e}return new dy(n,i)}var dy=function(){function e(e,t){var r=this;this._transformStreamController=void 0,this._onRead=function(e){if(!e.done)return r._transformStreamController.enqueue(e.value),r._reader.read().then(r._onRead)},this._onError=function(e){r._flushReject(e),r._transformStreamController.error(e),r._reader.cancel(e).catch(Zp),r._writer.abort(e).catch(Zp)},this._onTerminate=function(){r._flushResolve(),r._transformStreamController.terminate();var e=new TypeError("TransformStream terminated");r._writer.abort(e).catch(Zp)},this._reader=e,this._writer=t,this._flushPromise=new Promise((function(e,t){r._flushResolve=e,r._flushReject=t}))}return e.prototype.start=function(e){this._transformStreamController=e,this._reader.read().then(this._onRead).then(this._onTerminate,this._onError);var t=this._reader.closed;t&&t.then(this._onTerminate,this._onError)},e.prototype.transform=function(e){return this._writer.write(e)},e.prototype.flush=function(){var e=this;return this._writer.close().then((function(){return e._flushPromise}))},e}(),fy=/*#__PURE__*/Object.freeze({__proto__:null,createReadableStreamWrapper:function(e){$p(function(e){return!!Yp(e)&&!!Qp(new e)}(e));var t=function(e){try{return new e({type:"bytes"}),!0}catch(e){return!1}}(e);return function(r,i){var n=(void 0===i?{}:i).type;if("bytes"!==(n=iy(n))||t||(n=void 0),r.constructor===e&&("bytes"!==n||ty(r)))return r;if("bytes"===n){var a=ry(r,{type:n});return new e(a)}a=ry(r);return new e(a)}},createTransformStreamWrapper:function(e){return $p(function(e){return!!Yp(e)&&!!ey(new e)}(e)),function(t){if(t.constructor===e)return t;var r=hy(t);return new e(r)}},createWrappingReadableSource:ry,createWrappingTransformer:hy,createWrappingWritableSink:cy,createWritableStreamWrapper:function(e){return $p(function(e){return!!Yp(e)&&!!Jp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=cy(t);return new e(r)}}}),ly=ht((function(e){!function(e,r){function i(e,t){if(!e)throw Error(t||"Assertion failed")}function n(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}function a(e,t,r){if(a.isBN(e))return e;this.negative=0,this.words=null,this.length=0,this.red=null,null!==e&&("le"!==t&&"be"!==t||(r=t,t=10),this._init(e||0,t||10,r||"be"))}var s;"object"==typeof e?e.exports=a:r.BN=a,a.BN=a,a.wordSize=26;try{s=t.Buffer}catch(e){}function o(e,t,r){for(var i=0,n=Math.min(e.length,r),a=t;a=49&&s<=54?s-49+10:s>=17&&s<=22?s-17+10:15&s}return i}function c(e,t,r,i){for(var n=0,a=Math.min(e.length,r),s=t;s=49?o-49+10:o>=17?o-17+10:o}return n}a.isBN=function(e){return e instanceof a||null!==e&&"object"==typeof e&&e.constructor.wordSize===a.wordSize&&Array.isArray(e.words)},a.max=function(e,t){return e.cmp(t)>0?e:t},a.min=function(e,t){return e.cmp(t)<0?e:t},a.prototype._init=function(e,t,r){if("number"==typeof e)return this._initNumber(e,t,r);if("object"==typeof e)return this._initArray(e,t,r);"hex"===t&&(t=16),i(t===(0|t)&&t>=2&&t<=36);var n=0;"-"===(e=e.toString().replace(/\s+/g,""))[0]&&n++,16===t?this._parseHex(e,n):this._parseBase(e,t,n),"-"===e[0]&&(this.negative=1),this.strip(),"le"===r&&this._initArray(this.toArray(),t,r)},a.prototype._initNumber=function(e,t,r){e<0&&(this.negative=1,e=-e),e<67108864?(this.words=[67108863&e],this.length=1):e<4503599627370496?(this.words=[67108863&e,e/67108864&67108863],this.length=2):(i(e<9007199254740992),this.words=[67108863&e,e/67108864&67108863,1],this.length=3),"le"===r&&this._initArray(this.toArray(),t,r)},a.prototype._initArray=function(e,t,r){if(i("number"==typeof e.length),e.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(e.length/3),this.words=Array(this.length);for(var n=0;n=0;n-=3)s=e[n]|e[n-1]<<8|e[n-2]<<16,this.words[a]|=s<>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);else if("le"===r)for(n=0,a=0;n>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);return this.strip()},a.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=Array(this.length);for(var r=0;r=t;r-=6)n=o(e,r,r+6),this.words[i]|=n<>>26-a&4194303,(a+=24)>=26&&(a-=26,i++);r+6!==t&&(n=o(e,t,r+6),this.words[i]|=n<>>26-a&4194303),this.strip()},a.prototype._parseBase=function(e,t,r){this.words=[0],this.length=1;for(var i=0,n=1;n<=67108863;n*=t)i++;i--,n=n/t|0;for(var a=e.length-r,s=a%i,o=Math.min(a,a-s)+r,u=0,h=r;h1&&0===this.words[this.length-1];)this.length--;return this._normSign()},a.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},a.prototype.inspect=function(){return(this.red?""};var u=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],h=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],d=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function f(e,t,r){r.negative=t.negative^e.negative;var i=e.length+t.length|0;r.length=i,i=i-1|0;var n=0|e.words[0],a=0|t.words[0],s=n*a,o=67108863&s,c=s/67108864|0;r.words[0]=o;for(var u=1;u>>26,d=67108863&c,f=Math.min(u,t.length-1),l=Math.max(0,u-e.length+1);l<=f;l++){var p=u-l|0;h+=(s=(n=0|e.words[p])*(a=0|t.words[l])+d)/67108864|0,d=67108863&s}r.words[u]=0|d,c=0|h}return 0!==c?r.words[u]=0|c:r.length--,r.strip()}a.prototype.toString=function(e,t){var r;if(t=0|t||1,16===(e=e||10)||"hex"===e){r="";for(var n=0,a=0,s=0;s>>24-n&16777215)||s!==this.length-1?u[6-c.length]+c+r:c+r,(n+=2)>=26&&(n-=26,s--)}for(0!==a&&(r=a.toString(16)+r);r.length%t!=0;)r="0"+r;return 0!==this.negative&&(r="-"+r),r}if(e===(0|e)&&e>=2&&e<=36){var f=h[e],l=d[e];r="";var p=this.clone();for(p.negative=0;!p.isZero();){var y=p.modn(l).toString(e);r=(p=p.idivn(l)).isZero()?y+r:u[f-y.length]+y+r}for(this.isZero()&&(r="0"+r);r.length%t!=0;)r="0"+r;return 0!==this.negative&&(r="-"+r),r}i(!1,"Base should be between 2 and 36")},a.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:this.length>2&&i(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-e:e},a.prototype.toJSON=function(){return this.toString(16)},a.prototype.toBuffer=function(e,t){return i(void 0!==s),this.toArrayLike(s,e,t)},a.prototype.toArray=function(e,t){return this.toArrayLike(Array,e,t)},a.prototype.toArrayLike=function(e,t,r){var n=this.byteLength(),a=r||Math.max(1,n);i(n<=a,"byte array longer than desired length"),i(a>0,"Requested array length <= 0"),this.strip();var s,o,c="le"===t,u=new e(a),h=this.clone();if(c){for(o=0;!h.isZero();o++)s=h.andln(255),h.iushrn(8),u[o]=s;for(;o=4096&&(r+=13,t>>>=13),t>=64&&(r+=7,t>>>=7),t>=8&&(r+=4,t>>>=4),t>=2&&(r+=2,t>>>=2),r+t},a.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,r=0;return 0==(8191&t)&&(r+=13,t>>>=13),0==(127&t)&&(r+=7,t>>>=7),0==(15&t)&&(r+=4,t>>>=4),0==(3&t)&&(r+=2,t>>>=2),0==(1&t)&&r++,r},a.prototype.bitLength=function(){var e=this.words[this.length-1],t=this._countBits(e);return 26*(this.length-1)+t},a.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},a.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},a.prototype.iuand=function(e){var t;t=this.length>e.length?e:this;for(var r=0;re.length?this.clone().iand(e):e.clone().iand(this)},a.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},a.prototype.iuxor=function(e){var t,r;this.length>e.length?(t=this,r=e):(t=e,r=this);for(var i=0;ie.length?this.clone().ixor(e):e.clone().ixor(this)},a.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},a.prototype.inotn=function(e){i("number"==typeof e&&e>=0);var t=0|Math.ceil(e/26),r=e%26;this._expand(t),r>0&&t--;for(var n=0;n0&&(this.words[n]=~this.words[n]&67108863>>26-r),this.strip()},a.prototype.notn=function(e){return this.clone().inotn(e)},a.prototype.setn=function(e,t){i("number"==typeof e&&e>=0);var r=e/26|0,n=e%26;return this._expand(r+1),this.words[r]=t?this.words[r]|1<e.length?(r=this,i=e):(r=e,i=this);for(var n=0,a=0;a>>26;for(;0!==n&&a>>26;if(this.length=r.length,0!==n)this.words[this.length]=n,this.length++;else if(r!==this)for(;ae.length?this.clone().iadd(e):e.clone().iadd(this)},a.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var r,i,n=this.cmp(e);if(0===n)return this.negative=0,this.length=1,this.words[0]=0,this;n>0?(r=this,i=e):(r=e,i=this);for(var a=0,s=0;s>26,this.words[s]=67108863&t;for(;0!==a&&s>26,this.words[s]=67108863&t;if(0===a&&s>>13,l=0|s[1],p=8191&l,y=l>>>13,b=0|s[2],m=8191&b,g=b>>>13,w=0|s[3],v=8191&w,_=w>>>13,k=0|s[4],A=8191&k,S=k>>>13,E=0|s[5],P=8191&E,x=E>>>13,M=0|s[6],K=8191&M,C=M>>>13,D=0|s[7],U=8191&D,R=D>>>13,I=0|s[8],B=8191&I,T=I>>>13,z=0|s[9],q=8191&z,F=z>>>13,O=0|o[0],L=8191&O,N=O>>>13,j=0|o[1],H=8191&j,W=j>>>13,G=0|o[2],V=8191&G,$=G>>>13,Z=0|o[3],X=8191&Z,Y=Z>>>13,Q=0|o[4],J=8191&Q,ee=Q>>>13,te=0|o[5],re=8191&te,ie=te>>>13,ne=0|o[6],ae=8191&ne,se=ne>>>13,oe=0|o[7],ce=8191&oe,ue=oe>>>13,he=0|o[8],de=8191&he,fe=he>>>13,le=0|o[9],pe=8191&le,ye=le>>>13;r.negative=e.negative^t.negative,r.length=19;var be=(u+(i=Math.imul(d,L))|0)+((8191&(n=(n=Math.imul(d,N))+Math.imul(f,L)|0))<<13)|0;u=((a=Math.imul(f,N))+(n>>>13)|0)+(be>>>26)|0,be&=67108863,i=Math.imul(p,L),n=(n=Math.imul(p,N))+Math.imul(y,L)|0,a=Math.imul(y,N);var me=(u+(i=i+Math.imul(d,H)|0)|0)+((8191&(n=(n=n+Math.imul(d,W)|0)+Math.imul(f,H)|0))<<13)|0;u=((a=a+Math.imul(f,W)|0)+(n>>>13)|0)+(me>>>26)|0,me&=67108863,i=Math.imul(m,L),n=(n=Math.imul(m,N))+Math.imul(g,L)|0,a=Math.imul(g,N),i=i+Math.imul(p,H)|0,n=(n=n+Math.imul(p,W)|0)+Math.imul(y,H)|0,a=a+Math.imul(y,W)|0;var ge=(u+(i=i+Math.imul(d,V)|0)|0)+((8191&(n=(n=n+Math.imul(d,$)|0)+Math.imul(f,V)|0))<<13)|0;u=((a=a+Math.imul(f,$)|0)+(n>>>13)|0)+(ge>>>26)|0,ge&=67108863,i=Math.imul(v,L),n=(n=Math.imul(v,N))+Math.imul(_,L)|0,a=Math.imul(_,N),i=i+Math.imul(m,H)|0,n=(n=n+Math.imul(m,W)|0)+Math.imul(g,H)|0,a=a+Math.imul(g,W)|0,i=i+Math.imul(p,V)|0,n=(n=n+Math.imul(p,$)|0)+Math.imul(y,V)|0,a=a+Math.imul(y,$)|0;var we=(u+(i=i+Math.imul(d,X)|0)|0)+((8191&(n=(n=n+Math.imul(d,Y)|0)+Math.imul(f,X)|0))<<13)|0;u=((a=a+Math.imul(f,Y)|0)+(n>>>13)|0)+(we>>>26)|0,we&=67108863,i=Math.imul(A,L),n=(n=Math.imul(A,N))+Math.imul(S,L)|0,a=Math.imul(S,N),i=i+Math.imul(v,H)|0,n=(n=n+Math.imul(v,W)|0)+Math.imul(_,H)|0,a=a+Math.imul(_,W)|0,i=i+Math.imul(m,V)|0,n=(n=n+Math.imul(m,$)|0)+Math.imul(g,V)|0,a=a+Math.imul(g,$)|0,i=i+Math.imul(p,X)|0,n=(n=n+Math.imul(p,Y)|0)+Math.imul(y,X)|0,a=a+Math.imul(y,Y)|0;var ve=(u+(i=i+Math.imul(d,J)|0)|0)+((8191&(n=(n=n+Math.imul(d,ee)|0)+Math.imul(f,J)|0))<<13)|0;u=((a=a+Math.imul(f,ee)|0)+(n>>>13)|0)+(ve>>>26)|0,ve&=67108863,i=Math.imul(P,L),n=(n=Math.imul(P,N))+Math.imul(x,L)|0,a=Math.imul(x,N),i=i+Math.imul(A,H)|0,n=(n=n+Math.imul(A,W)|0)+Math.imul(S,H)|0,a=a+Math.imul(S,W)|0,i=i+Math.imul(v,V)|0,n=(n=n+Math.imul(v,$)|0)+Math.imul(_,V)|0,a=a+Math.imul(_,$)|0,i=i+Math.imul(m,X)|0,n=(n=n+Math.imul(m,Y)|0)+Math.imul(g,X)|0,a=a+Math.imul(g,Y)|0,i=i+Math.imul(p,J)|0,n=(n=n+Math.imul(p,ee)|0)+Math.imul(y,J)|0,a=a+Math.imul(y,ee)|0;var _e=(u+(i=i+Math.imul(d,re)|0)|0)+((8191&(n=(n=n+Math.imul(d,ie)|0)+Math.imul(f,re)|0))<<13)|0;u=((a=a+Math.imul(f,ie)|0)+(n>>>13)|0)+(_e>>>26)|0,_e&=67108863,i=Math.imul(K,L),n=(n=Math.imul(K,N))+Math.imul(C,L)|0,a=Math.imul(C,N),i=i+Math.imul(P,H)|0,n=(n=n+Math.imul(P,W)|0)+Math.imul(x,H)|0,a=a+Math.imul(x,W)|0,i=i+Math.imul(A,V)|0,n=(n=n+Math.imul(A,$)|0)+Math.imul(S,V)|0,a=a+Math.imul(S,$)|0,i=i+Math.imul(v,X)|0,n=(n=n+Math.imul(v,Y)|0)+Math.imul(_,X)|0,a=a+Math.imul(_,Y)|0,i=i+Math.imul(m,J)|0,n=(n=n+Math.imul(m,ee)|0)+Math.imul(g,J)|0,a=a+Math.imul(g,ee)|0,i=i+Math.imul(p,re)|0,n=(n=n+Math.imul(p,ie)|0)+Math.imul(y,re)|0,a=a+Math.imul(y,ie)|0;var ke=(u+(i=i+Math.imul(d,ae)|0)|0)+((8191&(n=(n=n+Math.imul(d,se)|0)+Math.imul(f,ae)|0))<<13)|0;u=((a=a+Math.imul(f,se)|0)+(n>>>13)|0)+(ke>>>26)|0,ke&=67108863,i=Math.imul(U,L),n=(n=Math.imul(U,N))+Math.imul(R,L)|0,a=Math.imul(R,N),i=i+Math.imul(K,H)|0,n=(n=n+Math.imul(K,W)|0)+Math.imul(C,H)|0,a=a+Math.imul(C,W)|0,i=i+Math.imul(P,V)|0,n=(n=n+Math.imul(P,$)|0)+Math.imul(x,V)|0,a=a+Math.imul(x,$)|0,i=i+Math.imul(A,X)|0,n=(n=n+Math.imul(A,Y)|0)+Math.imul(S,X)|0,a=a+Math.imul(S,Y)|0,i=i+Math.imul(v,J)|0,n=(n=n+Math.imul(v,ee)|0)+Math.imul(_,J)|0,a=a+Math.imul(_,ee)|0,i=i+Math.imul(m,re)|0,n=(n=n+Math.imul(m,ie)|0)+Math.imul(g,re)|0,a=a+Math.imul(g,ie)|0,i=i+Math.imul(p,ae)|0,n=(n=n+Math.imul(p,se)|0)+Math.imul(y,ae)|0,a=a+Math.imul(y,se)|0;var Ae=(u+(i=i+Math.imul(d,ce)|0)|0)+((8191&(n=(n=n+Math.imul(d,ue)|0)+Math.imul(f,ce)|0))<<13)|0;u=((a=a+Math.imul(f,ue)|0)+(n>>>13)|0)+(Ae>>>26)|0,Ae&=67108863,i=Math.imul(B,L),n=(n=Math.imul(B,N))+Math.imul(T,L)|0,a=Math.imul(T,N),i=i+Math.imul(U,H)|0,n=(n=n+Math.imul(U,W)|0)+Math.imul(R,H)|0,a=a+Math.imul(R,W)|0,i=i+Math.imul(K,V)|0,n=(n=n+Math.imul(K,$)|0)+Math.imul(C,V)|0,a=a+Math.imul(C,$)|0,i=i+Math.imul(P,X)|0,n=(n=n+Math.imul(P,Y)|0)+Math.imul(x,X)|0,a=a+Math.imul(x,Y)|0,i=i+Math.imul(A,J)|0,n=(n=n+Math.imul(A,ee)|0)+Math.imul(S,J)|0,a=a+Math.imul(S,ee)|0,i=i+Math.imul(v,re)|0,n=(n=n+Math.imul(v,ie)|0)+Math.imul(_,re)|0,a=a+Math.imul(_,ie)|0,i=i+Math.imul(m,ae)|0,n=(n=n+Math.imul(m,se)|0)+Math.imul(g,ae)|0,a=a+Math.imul(g,se)|0,i=i+Math.imul(p,ce)|0,n=(n=n+Math.imul(p,ue)|0)+Math.imul(y,ce)|0,a=a+Math.imul(y,ue)|0;var Se=(u+(i=i+Math.imul(d,de)|0)|0)+((8191&(n=(n=n+Math.imul(d,fe)|0)+Math.imul(f,de)|0))<<13)|0;u=((a=a+Math.imul(f,fe)|0)+(n>>>13)|0)+(Se>>>26)|0,Se&=67108863,i=Math.imul(q,L),n=(n=Math.imul(q,N))+Math.imul(F,L)|0,a=Math.imul(F,N),i=i+Math.imul(B,H)|0,n=(n=n+Math.imul(B,W)|0)+Math.imul(T,H)|0,a=a+Math.imul(T,W)|0,i=i+Math.imul(U,V)|0,n=(n=n+Math.imul(U,$)|0)+Math.imul(R,V)|0,a=a+Math.imul(R,$)|0,i=i+Math.imul(K,X)|0,n=(n=n+Math.imul(K,Y)|0)+Math.imul(C,X)|0,a=a+Math.imul(C,Y)|0,i=i+Math.imul(P,J)|0,n=(n=n+Math.imul(P,ee)|0)+Math.imul(x,J)|0,a=a+Math.imul(x,ee)|0,i=i+Math.imul(A,re)|0,n=(n=n+Math.imul(A,ie)|0)+Math.imul(S,re)|0,a=a+Math.imul(S,ie)|0,i=i+Math.imul(v,ae)|0,n=(n=n+Math.imul(v,se)|0)+Math.imul(_,ae)|0,a=a+Math.imul(_,se)|0,i=i+Math.imul(m,ce)|0,n=(n=n+Math.imul(m,ue)|0)+Math.imul(g,ce)|0,a=a+Math.imul(g,ue)|0,i=i+Math.imul(p,de)|0,n=(n=n+Math.imul(p,fe)|0)+Math.imul(y,de)|0,a=a+Math.imul(y,fe)|0;var Ee=(u+(i=i+Math.imul(d,pe)|0)|0)+((8191&(n=(n=n+Math.imul(d,ye)|0)+Math.imul(f,pe)|0))<<13)|0;u=((a=a+Math.imul(f,ye)|0)+(n>>>13)|0)+(Ee>>>26)|0,Ee&=67108863,i=Math.imul(q,H),n=(n=Math.imul(q,W))+Math.imul(F,H)|0,a=Math.imul(F,W),i=i+Math.imul(B,V)|0,n=(n=n+Math.imul(B,$)|0)+Math.imul(T,V)|0,a=a+Math.imul(T,$)|0,i=i+Math.imul(U,X)|0,n=(n=n+Math.imul(U,Y)|0)+Math.imul(R,X)|0,a=a+Math.imul(R,Y)|0,i=i+Math.imul(K,J)|0,n=(n=n+Math.imul(K,ee)|0)+Math.imul(C,J)|0,a=a+Math.imul(C,ee)|0,i=i+Math.imul(P,re)|0,n=(n=n+Math.imul(P,ie)|0)+Math.imul(x,re)|0,a=a+Math.imul(x,ie)|0,i=i+Math.imul(A,ae)|0,n=(n=n+Math.imul(A,se)|0)+Math.imul(S,ae)|0,a=a+Math.imul(S,se)|0,i=i+Math.imul(v,ce)|0,n=(n=n+Math.imul(v,ue)|0)+Math.imul(_,ce)|0,a=a+Math.imul(_,ue)|0,i=i+Math.imul(m,de)|0,n=(n=n+Math.imul(m,fe)|0)+Math.imul(g,de)|0,a=a+Math.imul(g,fe)|0;var Pe=(u+(i=i+Math.imul(p,pe)|0)|0)+((8191&(n=(n=n+Math.imul(p,ye)|0)+Math.imul(y,pe)|0))<<13)|0;u=((a=a+Math.imul(y,ye)|0)+(n>>>13)|0)+(Pe>>>26)|0,Pe&=67108863,i=Math.imul(q,V),n=(n=Math.imul(q,$))+Math.imul(F,V)|0,a=Math.imul(F,$),i=i+Math.imul(B,X)|0,n=(n=n+Math.imul(B,Y)|0)+Math.imul(T,X)|0,a=a+Math.imul(T,Y)|0,i=i+Math.imul(U,J)|0,n=(n=n+Math.imul(U,ee)|0)+Math.imul(R,J)|0,a=a+Math.imul(R,ee)|0,i=i+Math.imul(K,re)|0,n=(n=n+Math.imul(K,ie)|0)+Math.imul(C,re)|0,a=a+Math.imul(C,ie)|0,i=i+Math.imul(P,ae)|0,n=(n=n+Math.imul(P,se)|0)+Math.imul(x,ae)|0,a=a+Math.imul(x,se)|0,i=i+Math.imul(A,ce)|0,n=(n=n+Math.imul(A,ue)|0)+Math.imul(S,ce)|0,a=a+Math.imul(S,ue)|0,i=i+Math.imul(v,de)|0,n=(n=n+Math.imul(v,fe)|0)+Math.imul(_,de)|0,a=a+Math.imul(_,fe)|0;var xe=(u+(i=i+Math.imul(m,pe)|0)|0)+((8191&(n=(n=n+Math.imul(m,ye)|0)+Math.imul(g,pe)|0))<<13)|0;u=((a=a+Math.imul(g,ye)|0)+(n>>>13)|0)+(xe>>>26)|0,xe&=67108863,i=Math.imul(q,X),n=(n=Math.imul(q,Y))+Math.imul(F,X)|0,a=Math.imul(F,Y),i=i+Math.imul(B,J)|0,n=(n=n+Math.imul(B,ee)|0)+Math.imul(T,J)|0,a=a+Math.imul(T,ee)|0,i=i+Math.imul(U,re)|0,n=(n=n+Math.imul(U,ie)|0)+Math.imul(R,re)|0,a=a+Math.imul(R,ie)|0,i=i+Math.imul(K,ae)|0,n=(n=n+Math.imul(K,se)|0)+Math.imul(C,ae)|0,a=a+Math.imul(C,se)|0,i=i+Math.imul(P,ce)|0,n=(n=n+Math.imul(P,ue)|0)+Math.imul(x,ce)|0,a=a+Math.imul(x,ue)|0,i=i+Math.imul(A,de)|0,n=(n=n+Math.imul(A,fe)|0)+Math.imul(S,de)|0,a=a+Math.imul(S,fe)|0;var Me=(u+(i=i+Math.imul(v,pe)|0)|0)+((8191&(n=(n=n+Math.imul(v,ye)|0)+Math.imul(_,pe)|0))<<13)|0;u=((a=a+Math.imul(_,ye)|0)+(n>>>13)|0)+(Me>>>26)|0,Me&=67108863,i=Math.imul(q,J),n=(n=Math.imul(q,ee))+Math.imul(F,J)|0,a=Math.imul(F,ee),i=i+Math.imul(B,re)|0,n=(n=n+Math.imul(B,ie)|0)+Math.imul(T,re)|0,a=a+Math.imul(T,ie)|0,i=i+Math.imul(U,ae)|0,n=(n=n+Math.imul(U,se)|0)+Math.imul(R,ae)|0,a=a+Math.imul(R,se)|0,i=i+Math.imul(K,ce)|0,n=(n=n+Math.imul(K,ue)|0)+Math.imul(C,ce)|0,a=a+Math.imul(C,ue)|0,i=i+Math.imul(P,de)|0,n=(n=n+Math.imul(P,fe)|0)+Math.imul(x,de)|0,a=a+Math.imul(x,fe)|0;var Ke=(u+(i=i+Math.imul(A,pe)|0)|0)+((8191&(n=(n=n+Math.imul(A,ye)|0)+Math.imul(S,pe)|0))<<13)|0;u=((a=a+Math.imul(S,ye)|0)+(n>>>13)|0)+(Ke>>>26)|0,Ke&=67108863,i=Math.imul(q,re),n=(n=Math.imul(q,ie))+Math.imul(F,re)|0,a=Math.imul(F,ie),i=i+Math.imul(B,ae)|0,n=(n=n+Math.imul(B,se)|0)+Math.imul(T,ae)|0,a=a+Math.imul(T,se)|0,i=i+Math.imul(U,ce)|0,n=(n=n+Math.imul(U,ue)|0)+Math.imul(R,ce)|0,a=a+Math.imul(R,ue)|0,i=i+Math.imul(K,de)|0,n=(n=n+Math.imul(K,fe)|0)+Math.imul(C,de)|0,a=a+Math.imul(C,fe)|0;var Ce=(u+(i=i+Math.imul(P,pe)|0)|0)+((8191&(n=(n=n+Math.imul(P,ye)|0)+Math.imul(x,pe)|0))<<13)|0;u=((a=a+Math.imul(x,ye)|0)+(n>>>13)|0)+(Ce>>>26)|0,Ce&=67108863,i=Math.imul(q,ae),n=(n=Math.imul(q,se))+Math.imul(F,ae)|0,a=Math.imul(F,se),i=i+Math.imul(B,ce)|0,n=(n=n+Math.imul(B,ue)|0)+Math.imul(T,ce)|0,a=a+Math.imul(T,ue)|0,i=i+Math.imul(U,de)|0,n=(n=n+Math.imul(U,fe)|0)+Math.imul(R,de)|0,a=a+Math.imul(R,fe)|0;var De=(u+(i=i+Math.imul(K,pe)|0)|0)+((8191&(n=(n=n+Math.imul(K,ye)|0)+Math.imul(C,pe)|0))<<13)|0;u=((a=a+Math.imul(C,ye)|0)+(n>>>13)|0)+(De>>>26)|0,De&=67108863,i=Math.imul(q,ce),n=(n=Math.imul(q,ue))+Math.imul(F,ce)|0,a=Math.imul(F,ue),i=i+Math.imul(B,de)|0,n=(n=n+Math.imul(B,fe)|0)+Math.imul(T,de)|0,a=a+Math.imul(T,fe)|0;var Ue=(u+(i=i+Math.imul(U,pe)|0)|0)+((8191&(n=(n=n+Math.imul(U,ye)|0)+Math.imul(R,pe)|0))<<13)|0;u=((a=a+Math.imul(R,ye)|0)+(n>>>13)|0)+(Ue>>>26)|0,Ue&=67108863,i=Math.imul(q,de),n=(n=Math.imul(q,fe))+Math.imul(F,de)|0,a=Math.imul(F,fe);var Re=(u+(i=i+Math.imul(B,pe)|0)|0)+((8191&(n=(n=n+Math.imul(B,ye)|0)+Math.imul(T,pe)|0))<<13)|0;u=((a=a+Math.imul(T,ye)|0)+(n>>>13)|0)+(Re>>>26)|0,Re&=67108863;var Ie=(u+(i=Math.imul(q,pe))|0)+((8191&(n=(n=Math.imul(q,ye))+Math.imul(F,pe)|0))<<13)|0;return u=((a=Math.imul(F,ye))+(n>>>13)|0)+(Ie>>>26)|0,Ie&=67108863,c[0]=be,c[1]=me,c[2]=ge,c[3]=we,c[4]=ve,c[5]=_e,c[6]=ke,c[7]=Ae,c[8]=Se,c[9]=Ee,c[10]=Pe,c[11]=xe,c[12]=Me,c[13]=Ke,c[14]=Ce,c[15]=De,c[16]=Ue,c[17]=Re,c[18]=Ie,0!==u&&(c[19]=u,r.length++),r};function p(e,t,r){return(new y).mulp(e,t,r)}function y(e,t){this.x=e,this.y=t}Math.imul||(l=f),a.prototype.mulTo=function(e,t){var r,i=this.length+e.length;return r=10===this.length&&10===e.length?l(this,e,t):i<63?f(this,e,t):i<1024?function(e,t,r){r.negative=t.negative^e.negative,r.length=e.length+t.length;for(var i=0,n=0,a=0;a>>26)|0)>>>26,s&=67108863}r.words[a]=o,i=s,s=n}return 0!==i?r.words[a]=i:r.length--,r.strip()}(this,e,t):p(this,e,t),r},y.prototype.makeRBT=function(e){for(var t=Array(e),r=a.prototype._countBits(e)-1,i=0;i>=1;return i},y.prototype.permute=function(e,t,r,i,n,a){for(var s=0;s>>=1)n++;return 1<>>=13,r[2*s+1]=8191&a,a>>>=13;for(s=2*t;s>=26,t+=n/67108864|0,t+=a>>>26,this.words[r]=67108863&a}return 0!==t&&(this.words[r]=t,this.length++),this},a.prototype.muln=function(e){return this.clone().imuln(e)},a.prototype.sqr=function(){return this.mul(this)},a.prototype.isqr=function(){return this.imul(this.clone())},a.prototype.pow=function(e){var t=function(e){for(var t=Array(e.bitLength()),r=0;r>>n}return t}(e);if(0===t.length)return new a(1);for(var r=this,i=0;i=0);var t,r=e%26,n=(e-r)/26,a=67108863>>>26-r<<26-r;if(0!==r){var s=0;for(t=0;t>>26-r}s&&(this.words[t]=s,this.length++)}if(0!==n){for(t=this.length-1;t>=0;t--)this.words[t+n]=this.words[t];for(t=0;t=0),n=t?(t-t%26)/26:0;var a=e%26,s=Math.min((e-a)/26,this.length),o=67108863^67108863>>>a<s)for(this.length-=s,u=0;u=0&&(0!==h||u>=n);u--){var d=0|this.words[u];this.words[u]=h<<26-a|d>>>a,h=d&o}return c&&0!==h&&(c.words[c.length++]=h),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},a.prototype.ishrn=function(e,t,r){return i(0===this.negative),this.iushrn(e,t,r)},a.prototype.shln=function(e){return this.clone().ishln(e)},a.prototype.ushln=function(e){return this.clone().iushln(e)},a.prototype.shrn=function(e){return this.clone().ishrn(e)},a.prototype.ushrn=function(e){return this.clone().iushrn(e)},a.prototype.testn=function(e){i("number"==typeof e&&e>=0);var t=e%26,r=(e-t)/26,n=1<=0);var t=e%26,r=(e-t)/26;if(i(0===this.negative,"imaskn works only with positive numbers"),this.length<=r)return this;if(0!==t&&r++,this.length=Math.min(r,this.length),0!==t){var n=67108863^67108863>>>t<=67108864;t++)this.words[t]-=67108864,t===this.length-1?this.words[t+1]=1:this.words[t+1]++;return this.length=Math.max(this.length,t+1),this},a.prototype.isubn=function(e){if(i("number"==typeof e),i(e<67108864),e<0)return this.iaddn(-e);if(0!==this.negative)return this.negative=0,this.iaddn(e),this.negative=1,this;if(this.words[0]-=e,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var t=0;t>26)-(c/67108864|0),this.words[n+r]=67108863&a}for(;n>26,this.words[n+r]=67108863&a;if(0===o)return this.strip();for(i(-1===o),o=0,n=0;n>26,this.words[n]=67108863&a;return this.negative=1,this.strip()},a.prototype._wordDiv=function(e,t){var r=(this.length,e.length),i=this.clone(),n=e,s=0|n.words[n.length-1];0!==(r=26-this._countBits(s))&&(n=n.ushln(r),i.iushln(r),s=0|n.words[n.length-1]);var o,c=i.length-n.length;if("mod"!==t){(o=new a(null)).length=c+1,o.words=Array(o.length);for(var u=0;u=0;d--){var f=67108864*(0|i.words[n.length+d])+(0|i.words[n.length+d-1]);for(f=Math.min(f/s|0,67108863),i._ishlnsubmul(n,f,d);0!==i.negative;)f--,i.negative=0,i._ishlnsubmul(n,1,d),i.isZero()||(i.negative^=1);o&&(o.words[d]=f)}return o&&o.strip(),i.strip(),"div"!==t&&0!==r&&i.iushrn(r),{div:o||null,mod:i}},a.prototype.divmod=function(e,t,r){return i(!e.isZero()),this.isZero()?{div:new a(0),mod:new a(0)}:0!==this.negative&&0===e.negative?(o=this.neg().divmod(e,t),"mod"!==t&&(n=o.div.neg()),"div"!==t&&(s=o.mod.neg(),r&&0!==s.negative&&s.iadd(e)),{div:n,mod:s}):0===this.negative&&0!==e.negative?(o=this.divmod(e.neg(),t),"mod"!==t&&(n=o.div.neg()),{div:n,mod:o.mod}):0!=(this.negative&e.negative)?(o=this.neg().divmod(e.neg(),t),"div"!==t&&(s=o.mod.neg(),r&&0!==s.negative&&s.isub(e)),{div:o.div,mod:s}):e.length>this.length||this.cmp(e)<0?{div:new a(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new a(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new a(this.modn(e.words[0]))}:this._wordDiv(e,t);var n,s,o},a.prototype.div=function(e){return this.divmod(e,"div",!1).div},a.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},a.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},a.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var r=0!==t.div.negative?t.mod.isub(e):t.mod,i=e.ushrn(1),n=e.andln(1),a=r.cmp(i);return a<0||1===n&&0===a?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},a.prototype.modn=function(e){i(e<=67108863);for(var t=(1<<26)%e,r=0,n=this.length-1;n>=0;n--)r=(t*r+(0|this.words[n]))%e;return r},a.prototype.idivn=function(e){i(e<=67108863);for(var t=0,r=this.length-1;r>=0;r--){var n=(0|this.words[r])+67108864*t;this.words[r]=n/e|0,t=n%e}return this.strip()},a.prototype.divn=function(e){return this.clone().idivn(e)},a.prototype.egcd=function(e){i(0===e.negative),i(!e.isZero());var t=this,r=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var n=new a(1),s=new a(0),o=new a(0),c=new a(1),u=0;t.isEven()&&r.isEven();)t.iushrn(1),r.iushrn(1),++u;for(var h=r.clone(),d=t.clone();!t.isZero();){for(var f=0,l=1;0==(t.words[0]&l)&&f<26;++f,l<<=1);if(f>0)for(t.iushrn(f);f-- >0;)(n.isOdd()||s.isOdd())&&(n.iadd(h),s.isub(d)),n.iushrn(1),s.iushrn(1);for(var p=0,y=1;0==(r.words[0]&y)&&p<26;++p,y<<=1);if(p>0)for(r.iushrn(p);p-- >0;)(o.isOdd()||c.isOdd())&&(o.iadd(h),c.isub(d)),o.iushrn(1),c.iushrn(1);t.cmp(r)>=0?(t.isub(r),n.isub(o),s.isub(c)):(r.isub(t),o.isub(n),c.isub(s))}return{a:o,b:c,gcd:r.iushln(u)}},a.prototype._invmp=function(e){i(0===e.negative),i(!e.isZero());var t=this,r=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var n,s=new a(1),o=new a(0),c=r.clone();t.cmpn(1)>0&&r.cmpn(1)>0;){for(var u=0,h=1;0==(t.words[0]&h)&&u<26;++u,h<<=1);if(u>0)for(t.iushrn(u);u-- >0;)s.isOdd()&&s.iadd(c),s.iushrn(1);for(var d=0,f=1;0==(r.words[0]&f)&&d<26;++d,f<<=1);if(d>0)for(r.iushrn(d);d-- >0;)o.isOdd()&&o.iadd(c),o.iushrn(1);t.cmp(r)>=0?(t.isub(r),s.isub(o)):(r.isub(t),o.isub(s))}return(n=0===t.cmpn(1)?s:o).cmpn(0)<0&&n.iadd(e),n},a.prototype.gcd=function(e){if(this.isZero())return e.abs();if(e.isZero())return this.abs();var t=this.clone(),r=e.clone();t.negative=0,r.negative=0;for(var i=0;t.isEven()&&r.isEven();i++)t.iushrn(1),r.iushrn(1);for(;;){for(;t.isEven();)t.iushrn(1);for(;r.isEven();)r.iushrn(1);var n=t.cmp(r);if(n<0){var a=t;t=r,r=a}else if(0===n||0===r.cmpn(1))break;t.isub(r)}return r.iushln(i)},a.prototype.invm=function(e){return this.egcd(e).a.umod(e)},a.prototype.isEven=function(){return 0==(1&this.words[0])},a.prototype.isOdd=function(){return 1==(1&this.words[0])},a.prototype.andln=function(e){return this.words[0]&e},a.prototype.bincn=function(e){i("number"==typeof e);var t=e%26,r=(e-t)/26,n=1<>>26,o&=67108863,this.words[s]=o}return 0!==a&&(this.words[s]=a,this.length++),this},a.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},a.prototype.cmpn=function(e){var t,r=e<0;if(0!==this.negative&&!r)return-1;if(0===this.negative&&r)return 1;if(this.strip(),this.length>1)t=1;else{r&&(e=-e),i(e<=67108863,"Number is too big");var n=0|this.words[0];t=n===e?0:ne.length)return 1;if(this.length=0;r--){var i=0|this.words[r],n=0|e.words[r];if(i!==n){in&&(t=1);break}}return t},a.prototype.gtn=function(e){return 1===this.cmpn(e)},a.prototype.gt=function(e){return 1===this.cmp(e)},a.prototype.gten=function(e){return this.cmpn(e)>=0},a.prototype.gte=function(e){return this.cmp(e)>=0},a.prototype.ltn=function(e){return-1===this.cmpn(e)},a.prototype.lt=function(e){return-1===this.cmp(e)},a.prototype.lten=function(e){return this.cmpn(e)<=0},a.prototype.lte=function(e){return this.cmp(e)<=0},a.prototype.eqn=function(e){return 0===this.cmpn(e)},a.prototype.eq=function(e){return 0===this.cmp(e)},a.red=function(e){return new k(e)},a.prototype.toRed=function(e){return i(!this.red,"Already a number in reduction context"),i(0===this.negative,"red works only with positives"),e.convertTo(this)._forceRed(e)},a.prototype.fromRed=function(){return i(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},a.prototype._forceRed=function(e){return this.red=e,this},a.prototype.forceRed=function(e){return i(!this.red,"Already a number in reduction context"),this._forceRed(e)},a.prototype.redAdd=function(e){return i(this.red,"redAdd works only with red numbers"),this.red.add(this,e)},a.prototype.redIAdd=function(e){return i(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,e)},a.prototype.redSub=function(e){return i(this.red,"redSub works only with red numbers"),this.red.sub(this,e)},a.prototype.redISub=function(e){return i(this.red,"redISub works only with red numbers"),this.red.isub(this,e)},a.prototype.redShl=function(e){return i(this.red,"redShl works only with red numbers"),this.red.shl(this,e)},a.prototype.redMul=function(e){return i(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.mul(this,e)},a.prototype.redIMul=function(e){return i(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.imul(this,e)},a.prototype.redSqr=function(){return i(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},a.prototype.redISqr=function(){return i(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},a.prototype.redSqrt=function(){return i(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},a.prototype.redInvm=function(){return i(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},a.prototype.redNeg=function(){return i(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},a.prototype.redPow=function(e){return i(this.red&&!e.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,e)};var b={k256:null,p224:null,p192:null,p25519:null};function m(e,t){this.name=e,this.p=new a(t,16),this.n=this.p.bitLength(),this.k=new a(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function g(){m.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function w(){m.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function v(){m.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function _(){m.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function k(e){if("string"==typeof e){var t=a._prime(e);this.m=t.p,this.prime=t}else i(e.gtn(1),"modulus must be greater than 1"),this.m=e,this.prime=null}function A(e){k.call(this,e),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new a(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}m.prototype._tmp=function(){var e=new a(null);return e.words=Array(Math.ceil(this.n/13)),e},m.prototype.ireduce=function(e){var t,r=e;do{this.split(r,this.tmp),t=(r=(r=this.imulK(r)).iadd(this.tmp)).bitLength()}while(t>this.n);var i=t0?r.isub(this.p):r.strip(),r},m.prototype.split=function(e,t){e.iushrn(this.n,0,t)},m.prototype.imulK=function(e){return e.imul(this.k)},n(g,m),g.prototype.split=function(e,t){for(var r=4194303,i=Math.min(e.length,9),n=0;n>>22,a=s}a>>>=22,e.words[n-10]=a,0===a&&e.length>10?e.length-=10:e.length-=9},g.prototype.imulK=function(e){e.words[e.length]=0,e.words[e.length+1]=0,e.length+=2;for(var t=0,r=0;r>>=26,e.words[r]=n,t=i}return 0!==t&&(e.words[e.length++]=t),e},a._prime=function(e){if(b[e])return b[e];var t;if("k256"===e)t=new g;else if("p224"===e)t=new w;else if("p192"===e)t=new v;else{if("p25519"!==e)throw Error("Unknown prime "+e);t=new _}return b[e]=t,t},k.prototype._verify1=function(e){i(0===e.negative,"red works only with positives"),i(e.red,"red works only with red numbers")},k.prototype._verify2=function(e,t){i(0==(e.negative|t.negative),"red works only with positives"),i(e.red&&e.red===t.red,"red works only with red numbers")},k.prototype.imod=function(e){return this.prime?this.prime.ireduce(e)._forceRed(this):e.umod(this.m)._forceRed(this)},k.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},k.prototype.add=function(e,t){this._verify2(e,t);var r=e.add(t);return r.cmp(this.m)>=0&&r.isub(this.m),r._forceRed(this)},k.prototype.iadd=function(e,t){this._verify2(e,t);var r=e.iadd(t);return r.cmp(this.m)>=0&&r.isub(this.m),r},k.prototype.sub=function(e,t){this._verify2(e,t);var r=e.sub(t);return r.cmpn(0)<0&&r.iadd(this.m),r._forceRed(this)},k.prototype.isub=function(e,t){this._verify2(e,t);var r=e.isub(t);return r.cmpn(0)<0&&r.iadd(this.m),r},k.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},k.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},k.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},k.prototype.isqr=function(e){return this.imul(e,e.clone())},k.prototype.sqr=function(e){return this.mul(e,e)},k.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(i(t%2==1),3===t){var r=this.m.add(new a(1)).iushrn(2);return this.pow(e,r)}for(var n=this.m.subn(1),s=0;!n.isZero()&&0===n.andln(1);)s++,n.iushrn(1);i(!n.isZero());var o=new a(1).toRed(this),c=o.redNeg(),u=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new a(2*h*h).toRed(this);0!==this.pow(h,u).cmp(c);)h.redIAdd(c);for(var d=this.pow(h,n),f=this.pow(e,n.addn(1).iushrn(1)),l=this.pow(e,n),p=s;0!==l.cmp(o);){for(var y=l,b=0;0!==y.cmp(o);b++)y=y.redSqr();i(b=0;i--){for(var u=t.words[i],h=c-1;h>=0;h--){var d=u>>h&1;n!==r[0]&&(n=this.sqr(n)),0!==d||0!==s?(s<<=1,s|=d,(4===++o||0===i&&0===h)&&(n=this.mul(n,r[s]),o=0,s=0)):o=0}c=26}return n},k.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},k.prototype.convertFrom=function(e){var t=e.clone();return t.red=null,t},a.mont=function(e){return new A(e)},n(A,k),A.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},A.prototype.convertFrom=function(e){var t=this.imod(e.mul(this.rinv));return t.red=null,t},A.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;var r=e.imul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(i).iushrn(this.shift),a=n;return n.cmp(this.m)>=0?a=n.isub(this.m):n.cmpn(0)<0&&(a=n.iadd(this.m)),a._forceRed(this)},A.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new a(0)._forceRed(this);var r=e.mul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(i).iushrn(this.shift),s=n;return n.cmp(this.m)>=0?s=n.isub(this.m):n.cmpn(0)<0&&(s=n.iadd(this.m)),s._forceRed(this)},A.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(e,ut)})),py=/*#__PURE__*/Object.freeze({__proto__:null,default:ly,__moduleExports:ly});class yy{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");this.value=new ly(e)}clone(){const e=new yy(null);return this.value.copy(e.value),e}iinc(){return this.value.iadd(new ly(1)),this}inc(){return this.clone().iinc()}idec(){return this.value.isub(new ly(1)),this}dec(){return this.clone().idec()}iadd(e){return this.value.iadd(e.value),this}add(e){return this.clone().iadd(e)}isub(e){return this.value.isub(e.value),this}sub(e){return this.clone().isub(e)}imul(e){return this.value.imul(e.value),this}mul(e){return this.clone().imul(e)}imod(e){return this.value=this.value.umod(e.value),this}mod(e){return this.clone().imod(e)}modExp(e,t){const r=t.isEven()?ly.red(t.value):ly.mont(t.value),i=this.clone();return i.value=i.value.toRed(r).redPow(e.value).fromRed(),i}modInv(e){if(!this.gcd(e).isOne())throw Error("Inverse does not exist");return new yy(this.value.invm(e.value))}gcd(e){return new yy(this.value.gcd(e.value))}ileftShift(e){return this.value.ishln(e.value.toNumber()),this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value.ishrn(e.value.toNumber()),this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value.eq(e.value)}lt(e){return this.value.lt(e.value)}lte(e){return this.value.lte(e.value)}gt(e){return this.value.gt(e.value)}gte(e){return this.value.gte(e.value)}isZero(){return this.value.isZero()}isOne(){return this.value.eq(new ly(1))}isNegative(){return this.value.isNeg()}isEven(){return this.value.isEven()}abs(){const e=this.clone();return e.value=e.value.abs(),e}toString(){return this.value.toString()}toNumber(){return this.value.toNumber()}getBit(e){return this.value.testn(e)?1:0}bitLength(){return this.value.bitLength()}byteLength(){return this.value.byteLength()}toUint8Array(e="be",t){return this.value.toArrayLike(Uint8Array,e,t)}}var by,my=/*#__PURE__*/Object.freeze({__proto__:null,default:yy}),gy=ht((function(e,t){var r=t;function i(e){return 1===e.length?"0"+e:e}function n(e){for(var t="",r=0;r>8,s=255&n;a?r.push(a,s):r.push(s)}return r},r.zero2=i,r.toHex=n,r.encode=function(e,t){return"hex"===t?n(e):e}})),wy=ht((function(e,t){var r=t;r.assert=ot,r.toArray=gy.toArray,r.zero2=gy.zero2,r.toHex=gy.toHex,r.encode=gy.encode,r.getNAF=function(e,t){for(var r=[],i=1<=0;){var a;if(n.isOdd()){var s=n.andln(i-1);a=s>(i>>1)-1?(i>>1)-s:s,n.isubn(a)}else a=0;r.push(a);for(var o=0!==n.cmpn(0)&&0===n.andln(i-1)?t+1:1,c=1;c0||t.cmpn(-n)>0;){var a,s,o,c=e.andln(3)+i&3,u=t.andln(3)+n&3;if(3===c&&(c=-1),3===u&&(u=-1),0==(1&c))a=0;else a=3!==(o=e.andln(7)+i&7)&&5!==o||2!==u?c:-c;if(r[0].push(a),0==(1&u))s=0;else s=3!==(o=t.andln(7)+n&7)&&5!==o||2!==c?u:-u;r[1].push(s),2*i===a+1&&(i=1-i),2*n===s+1&&(n=1-n),e.iushrn(1),t.iushrn(1)}return r},r.cachedProperty=function(e,t,r){var i="_"+t;e.prototype[t]=function(){return void 0!==this[i]?this[i]:this[i]=r.call(this)}},r.parseBytes=function(e){return"string"==typeof e?r.toArray(e,"hex"):e},r.intFromLE=function(e){return new ly(e,"hex","le")}})),vy=function(e){return by||(by=new _y(null)),by.generate(e)};function _y(e){this.rand=e}var ky=_y;if(_y.prototype.generate=function(e){return this._rand(e)},_y.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),r=0;r0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}var My=xy;function Ky(e,t){this.curve=e,this.type=t,this.precomputed=null}xy.prototype.point=function(){throw Error("Not implemented")},xy.prototype.validate=function(){throw Error("Not implemented")},xy.prototype._fixedNafMul=function(e,t){Py(e.precomputed);var r=e._getDoubles(),i=Sy(t,1),n=(1<=s;t--)o=(o<<1)+i[t];a.push(o)}for(var c=this.jpoint(null,null,null),u=this.jpoint(null,null,null),h=n;h>0;h--){for(s=0;s=0;o--){for(t=0;o>=0&&0===a[o];o--)t++;if(o>=0&&t++,s=s.dblp(t),o<0)break;var c=a[o];Py(0!==c),s="affine"===e.type?c>0?s.mixedAdd(n[c-1>>1]):s.mixedAdd(n[-c-1>>1].neg()):c>0?s.add(n[c-1>>1]):s.add(n[-c-1>>1].neg())}return"affine"===e.type?s.toP():s},xy.prototype._wnafMulAdd=function(e,t,r,i,n){for(var a=this._wnafT1,s=this._wnafT2,o=this._wnafT3,c=0,u=0;u=1;u-=2){var d=u-1,f=u;if(1===a[d]&&1===a[f]){var l=[t[d],null,null,t[f]];0===t[d].y.cmp(t[f].y)?(l[1]=t[d].add(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg())):0===t[d].y.cmp(t[f].y.redNeg())?(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].add(t[f].neg())):(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg()));var p=[-3,-1,-5,-7,0,7,5,1,3],y=Ey(r[d],r[f]);c=Math.max(y[0].length,c),o[d]=Array(c),o[f]=Array(c);for(var b=0;b=0;u--){for(var _=0;u>=0;){var k=!0;for(b=0;b=0&&_++,w=w.dblp(_),u<0)break;for(b=0;b0?A=s[b][S-1>>1]:S<0&&(A=s[b][-S-1>>1].neg()),w="affine"===A.type?w.mixedAdd(A):w.add(A))}}for(u=0;u=Math.ceil((e.bitLength()+1)/t.step)},Ky.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var r=[this],i=this,n=0;n=0&&(a=t,s=r),i.negative&&(i=i.neg(),n=n.neg()),a.negative&&(a=a.neg(),s=s.neg()),[{a:i,b:n},{a,b:s}]},Dy.prototype._endoSplit=function(e){var t=this.endo.basis,r=t[0],i=t[1],n=i.b.mul(e).divRound(this.n),a=r.b.neg().mul(e).divRound(this.n),s=n.mul(r.a),o=a.mul(i.a),c=n.mul(r.b),u=a.mul(i.b);return{k1:e.sub(s).sub(o),k2:c.add(u).neg()}},Dy.prototype.pointFromX=function(e,t){(e=new ly(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),i=r.redSqrt();if(0!==i.redSqr().redSub(r).cmp(this.zero))throw Error("invalid point");var n=i.fromRed().isOdd();return(t&&!n||!t&&n)&&(i=i.redNeg()),this.point(e,i)},Dy.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,r=e.y,i=this.a.redMul(t),n=t.redSqr().redMul(t).redIAdd(i).redIAdd(this.b);return 0===r.redSqr().redISub(n).cmpn(0)},Dy.prototype._endoWnafMulAdd=function(e,t,r){for(var i=this._endoWnafT1,n=this._endoWnafT2,a=0;a":""},Ry.prototype.isInfinity=function(){return this.inf},Ry.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y);0!==t.cmpn(0)&&(t=t.redMul(this.x.redSub(e.x).redInvm()));var r=t.redSqr().redISub(this.x).redISub(e.x),i=t.redMul(this.x.redSub(r)).redISub(this.y);return this.curve.point(r,i)},Ry.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,r=this.x.redSqr(),i=e.redInvm(),n=r.redAdd(r).redIAdd(r).redIAdd(t).redMul(i),a=n.redSqr().redISub(this.x.redAdd(this.x)),s=n.redMul(this.x.redSub(a)).redISub(this.y);return this.curve.point(a,s)},Ry.prototype.getX=function(){return this.x.fromRed()},Ry.prototype.getY=function(){return this.y.fromRed()},Ry.prototype.mul=function(e){return e=new ly(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},Ry.prototype.mulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n):this.curve._wnafMulAdd(1,i,n,2)},Ry.prototype.jmulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n,!0):this.curve._wnafMulAdd(1,i,n,2,!0)},Ry.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},Ry.prototype.neg=function(e){if(this.inf)return this;var t=this.curve.point(this.x,this.y.redNeg());if(e&&this.precomputed){var r=this.precomputed,i=function(e){return e.neg()};t.precomputed={naf:r.naf&&{wnd:r.naf.wnd,points:r.naf.points.map(i)},doubles:r.doubles&&{step:r.doubles.step,points:r.doubles.points.map(i)}}}return t},Ry.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},lt(Iy,My.BasePoint),Dy.prototype.jpoint=function(e,t,r){return new Iy(this,e,t,r)},Iy.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),r=this.x.redMul(t),i=this.y.redMul(t).redMul(e);return this.curve.point(r,i)},Iy.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},Iy.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),r=this.z.redSqr(),i=this.x.redMul(t),n=e.x.redMul(r),a=this.y.redMul(t.redMul(e.z)),s=e.y.redMul(r.redMul(this.z)),o=i.redSub(n),c=a.redSub(s);if(0===o.cmpn(0))return 0!==c.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var u=o.redSqr(),h=u.redMul(o),d=i.redMul(u),f=c.redSqr().redIAdd(h).redISub(d).redISub(d),l=c.redMul(d.redISub(f)).redISub(a.redMul(h)),p=this.z.redMul(e.z).redMul(o);return this.curve.jpoint(f,l,p)},Iy.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),r=this.x,i=e.x.redMul(t),n=this.y,a=e.y.redMul(t).redMul(this.z),s=r.redSub(i),o=n.redSub(a);if(0===s.cmpn(0))return 0!==o.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var c=s.redSqr(),u=c.redMul(s),h=r.redMul(c),d=o.redSqr().redIAdd(u).redISub(h).redISub(h),f=o.redMul(h.redISub(d)).redISub(n.redMul(u)),l=this.z.redMul(s);return this.curve.jpoint(d,f,l)},Iy.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,r=0;r=0)return!1;if(r.redIAdd(n),0===this.x.cmp(r))return!0}},Iy.prototype.inspect=function(){return this.isInfinity()?"":""},Iy.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},lt(By,My);var Ty=By;function zy(e,t,r){My.BasePoint.call(this,e,"projective"),null===t&&null===r?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new ly(t,16),this.z=new ly(r,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}By.prototype.validate=function(e){var t=e.normalize().x,r=t.redSqr(),i=r.redMul(t).redAdd(r.redMul(this.a)).redAdd(t);return 0===i.redSqrt().redSqr().cmp(i)},lt(zy,My.BasePoint),By.prototype.decodePoint=function(e,t){if(33===(e=wy.toArray(e,t)).length&&64===e[0]&&(e=e.slice(1,33).reverse()),32!==e.length)throw Error("Unknown point compression format");return this.point(e,1)},By.prototype.point=function(e,t){return new zy(this,e,t)},By.prototype.pointFromJSON=function(e){return zy.fromJSON(this,e)},zy.prototype.precompute=function(){},zy.prototype._encode=function(e){var t=this.curve.p.byteLength();return e?[64].concat(this.getX().toArray("le",t)):this.getX().toArray("be",t)},zy.fromJSON=function(e,t){return new zy(e,t[0],t[1]||e.one)},zy.prototype.inspect=function(){return this.isInfinity()?"":""},zy.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},zy.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),r=e.redSub(t),i=e.redMul(t),n=r.redMul(t.redAdd(this.curve.a24.redMul(r)));return this.curve.point(i,n)},zy.prototype.add=function(){throw Error("Not supported on Montgomery curve")},zy.prototype.diffAdd=function(e,t){var r=this.x.redAdd(this.z),i=this.x.redSub(this.z),n=e.x.redAdd(e.z),a=e.x.redSub(e.z).redMul(r),s=n.redMul(i),o=t.z.redMul(a.redAdd(s).redSqr()),c=t.x.redMul(a.redISub(s).redSqr());return this.curve.point(o,c)},zy.prototype.mul=function(e){for(var t=(e=new ly(e,16)).clone(),r=this,i=this.curve.point(null,null),n=[];0!==t.cmpn(0);t.iushrn(1))n.push(t.andln(1));for(var a=n.length-1;a>=0;a--)0===n[a]?(r=r.diffAdd(i,this),i=i.dbl()):(i=r.diffAdd(i,this),r=r.dbl());return i},zy.prototype.mulAdd=function(){throw Error("Not supported on Montgomery curve")},zy.prototype.jumlAdd=function(){throw Error("Not supported on Montgomery curve")},zy.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},zy.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},zy.prototype.getX=function(){return this.normalize(),this.x.fromRed()};var qy=wy.assert;function Fy(e){this.twisted=1!=(0|e.a),this.mOneA=this.twisted&&-1==(0|e.a),this.extended=this.mOneA,My.call(this,"edwards",e),this.a=new ly(e.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new ly(e.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new ly(e.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),qy(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|e.c)}lt(Fy,My);var Oy=Fy;function Ly(e,t,r,i,n){My.BasePoint.call(this,e,"projective"),null===t&&null===r&&null===i?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new ly(t,16),this.y=new ly(r,16),this.z=i?new ly(i,16):this.curve.one,this.t=n&&new ly(n,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}Fy.prototype._mulA=function(e){return this.mOneA?e.redNeg():this.a.redMul(e)},Fy.prototype._mulC=function(e){return this.oneC?e:this.c.redMul(e)},Fy.prototype.jpoint=function(e,t,r,i){return this.point(e,t,r,i)},Fy.prototype.pointFromX=function(e,t){(e=new ly(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=this.c2.redSub(this.a.redMul(r)),n=this.one.redSub(this.c2.redMul(this.d).redMul(r)),a=i.redMul(n.redInvm()),s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");var o=s.fromRed().isOdd();return(t&&!o||!t&&o)&&(s=s.redNeg()),this.point(e,s)},Fy.prototype.pointFromY=function(e,t){(e=new ly(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=r.redSub(this.c2),n=r.redMul(this.d).redMul(this.c2).redSub(this.a),a=i.redMul(n.redInvm());if(0===a.cmp(this.zero)){if(t)throw Error("invalid point");return this.point(this.zero,e)}var s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");return s.fromRed().isOdd()!==t&&(s=s.redNeg()),this.point(s,e)},Fy.prototype.validate=function(e){if(e.isInfinity())return!0;e.normalize();var t=e.x.redSqr(),r=e.y.redSqr(),i=t.redMul(this.a).redAdd(r),n=this.c2.redMul(this.one.redAdd(this.d.redMul(t).redMul(r)));return 0===i.cmp(n)},lt(Ly,My.BasePoint),Fy.prototype.pointFromJSON=function(e){return Ly.fromJSON(this,e)},Fy.prototype.point=function(e,t,r,i){return new Ly(this,e,t,r,i)},Ly.fromJSON=function(e,t){return new Ly(e,t[0],t[1],t[2])},Ly.prototype.inspect=function(){return this.isInfinity()?"":""},Ly.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},Ly.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),r=this.z.redSqr();r=r.redIAdd(r);var i=this.curve._mulA(e),n=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),a=i.redAdd(t),s=a.redSub(r),o=i.redSub(t),c=n.redMul(s),u=a.redMul(o),h=n.redMul(o),d=s.redMul(a);return this.curve.point(c,u,d,h)},Ly.prototype._projDbl=function(){var e,t,r,i=this.x.redAdd(this.y).redSqr(),n=this.x.redSqr(),a=this.y.redSqr();if(this.curve.twisted){var s=(u=this.curve._mulA(n)).redAdd(a);if(this.zOne)e=i.redSub(n).redSub(a).redMul(s.redSub(this.curve.two)),t=s.redMul(u.redSub(a)),r=s.redSqr().redSub(s).redSub(s);else{var o=this.z.redSqr(),c=s.redSub(o).redISub(o);e=i.redSub(n).redISub(a).redMul(c),t=s.redMul(u.redSub(a)),r=s.redMul(c)}}else{var u=n.redAdd(a);o=this.curve._mulC(this.z).redSqr(),c=u.redSub(o).redSub(o);e=this.curve._mulC(i.redISub(u)).redMul(c),t=this.curve._mulC(u).redMul(n.redISub(a)),r=u.redMul(c)}return this.curve.point(e,t,r)},Ly.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},Ly.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),r=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),i=this.t.redMul(this.curve.dd).redMul(e.t),n=this.z.redMul(e.z.redAdd(e.z)),a=r.redSub(t),s=n.redSub(i),o=n.redAdd(i),c=r.redAdd(t),u=a.redMul(s),h=o.redMul(c),d=a.redMul(c),f=s.redMul(o);return this.curve.point(u,h,f,d)},Ly.prototype._projAdd=function(e){var t,r,i=this.z.redMul(e.z),n=i.redSqr(),a=this.x.redMul(e.x),s=this.y.redMul(e.y),o=this.curve.d.redMul(a).redMul(s),c=n.redSub(o),u=n.redAdd(o),h=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(a).redISub(s),d=i.redMul(c).redMul(h);return this.curve.twisted?(t=i.redMul(u).redMul(s.redSub(this.curve._mulA(a))),r=c.redMul(u)):(t=i.redMul(u).redMul(s.redSub(a)),r=this.curve._mulC(c).redMul(u)),this.curve.point(d,t,r)},Ly.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},Ly.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},Ly.prototype.mulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!1)},Ly.prototype.jmulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!0)},Ly.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},Ly.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},Ly.prototype.getX=function(){return this.normalize(),this.x.fromRed()},Ly.prototype.getY=function(){return this.normalize(),this.y.fromRed()},Ly.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},Ly.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var r=e.clone(),i=this.curve.redN.redMul(this.z);;){if(r.iadd(this.curve.n),r.cmp(this.curve.p)>=0)return!1;if(t.redIAdd(i),0===this.x.cmp(t))return!0}},Ly.prototype.toP=Ly.prototype.normalize,Ly.prototype.mixedAdd=Ly.prototype.add;var Ny=ht((function(e,t){var r=t;r.base=My,r.short=Uy,r.mont=Ty,r.edwards=Oy})),jy=kt.rotl32,Hy=kt.sum32,Wy=kt.sum32_5,Gy=Dt.ft_1,Vy=Et.BlockHash,$y=[1518500249,1859775393,2400959708,3395469782];function Zy(){if(!(this instanceof Zy))return new Zy;Vy.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=Array(80)}kt.inherits(Zy,Vy);var Xy=Zy;Zy.blockSize=512,Zy.outSize=160,Zy.hmacStrength=80,Zy.padLength=64,Zy.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;ithis.blockSize&&(e=(new this.Hash).update(e).digest()),ot(e.length<=this.blockSize);for(var t=e.length;t=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,r,i)}var nb=ib;ib.prototype._init=function(e,t,r){var i=e.concat(t).concat(r);this.K=Array(this.outLen/8),this.V=Array(this.outLen/8);for(var n=0;n=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(r||[])),this._reseed=1},ib.prototype.generate=function(e,t,r,i){if(this._reseed>this.reseedInterval)throw Error("Reseed is required");"string"!=typeof t&&(i=r,r=t,t=null),r&&(r=gy.toArray(r,i||"hex"),this._update(r));for(var n=[];n.length"};var cb=wy.assert;function ub(e,t){if(e instanceof ub)return e;this._importDER(e,t)||(cb(e.r&&e.s,"Signature without r or s"),this.r=new ly(e.r,16),this.s=new ly(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}var hb=ub;function db(){this.place=0}function fb(e,t){var r=e[t.place++];if(!(128&r))return r;for(var i=15&r,n=0,a=0,s=t.place;a>>3);for(e.push(128|r);--r;)e.push(t>>>(r<<3)&255);e.push(t)}}ub.prototype._importDER=function(e,t){e=wy.toArray(e,t);var r=new db;if(48!==e[r.place++])return!1;if(fb(e,r)+r.place!==e.length)return!1;if(2!==e[r.place++])return!1;var i=fb(e,r),n=e.slice(r.place,i+r.place);if(r.place+=i,2!==e[r.place++])return!1;var a=fb(e,r);if(e.length!==a+r.place)return!1;var s=e.slice(r.place,a+r.place);return 0===n[0]&&128&n[1]&&(n=n.slice(1)),0===s[0]&&128&s[1]&&(s=s.slice(1)),this.r=new ly(n),this.s=new ly(s),this.recoveryParam=null,!0},ub.prototype.toDER=function(e){var t=this.r.toArray(),r=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&r[0]&&(r=[0].concat(r)),t=lb(t),r=lb(r);!(r[0]||128&r[1]);)r=r.slice(1);var i=[2];pb(i,t.length),(i=i.concat(t)).push(2),pb(i,r.length);var n=i.concat(r),a=[48];return pb(a,n.length),a=a.concat(n),wy.encode(a,e)};var yb=wy.assert;function bb(e){if(!(this instanceof bb))return new bb(e);"string"==typeof e&&(yb(rb.hasOwnProperty(e),"Unknown curve "+e),e=rb[e]),e instanceof rb.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}var mb=bb;bb.prototype.keyPair=function(e){return new ob(this,e)},bb.prototype.keyFromPrivate=function(e,t){return ob.fromPrivate(this,e,t)},bb.prototype.keyFromPublic=function(e,t){return ob.fromPublic(this,e,t)},bb.prototype.genKeyPair=function(e){e||(e={});var t=new nb({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||vy(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()});if("mont"===this.curve.type){var r=new ly(t.generate(32));return this.keyFromPrivate(r)}for(var i=this.n.byteLength(),n=this.n.sub(new ly(2));;){if(!((r=new ly(t.generate(i))).cmp(n)>0))return r.iaddn(1),this.keyFromPrivate(r)}},bb.prototype._truncateToN=function(e,t,r){var i=(r=r||8*e.byteLength())-this.n.bitLength();return i>0&&(e=e.ushrn(i)),!t&&e.cmp(this.n)>=0?e.sub(this.n):e},bb.prototype.truncateMsg=function(e){var t;return e instanceof Uint8Array?(t=8*e.byteLength,e=this._truncateToN(new ly(e,16),!1,t)):"string"==typeof e?(t=4*e.length,e=this._truncateToN(new ly(e,16),!1,t)):e=this._truncateToN(new ly(e,16)),e},bb.prototype.sign=function(e,t,r,i){"object"==typeof r&&(i=r,r=null),i||(i={}),t=this.keyFromPrivate(t,r),e=this.truncateMsg(e);for(var n=this.n.byteLength(),a=t.getPrivate().toArray("be",n),s=e.toArray("be",n),o=new nb({hash:this.hash,entropy:a,nonce:s,pers:i.pers,persEnc:i.persEnc||"utf8"}),c=this.n.sub(new ly(1)),u=0;;u++){var h=i.k?i.k(u):new ly(o.generate(this.n.byteLength()));if(!((h=this._truncateToN(h,!0)).cmpn(1)<=0||h.cmp(c)>=0)){var d=this.g.mul(h);if(!d.isInfinity()){var f=d.getX(),l=f.umod(this.n);if(0!==l.cmpn(0)){var p=h.invm(this.n).mul(l.mul(t.getPrivate()).iadd(e));if(0!==(p=p.umod(this.n)).cmpn(0)){var y=(d.getY().isOdd()?1:0)|(0!==f.cmp(l)?2:0);return i.canonical&&p.cmp(this.nh)>0&&(p=this.n.sub(p),y^=1),new hb({r:l,s:p,recoveryParam:y})}}}}}},bb.prototype.verify=function(e,t,r,i){return r=this.keyFromPublic(r,i),t=new hb(t,"hex"),this._verify(this.truncateMsg(e),t,r)||this._verify(this._truncateToN(new ly(e,16)),t,r)},bb.prototype._verify=function(e,t,r){var i=t.r,n=t.s;if(i.cmpn(1)<0||i.cmp(this.n)>=0)return!1;if(n.cmpn(1)<0||n.cmp(this.n)>=0)return!1;var a,s=n.invm(this.n),o=s.mul(e).umod(this.n),c=s.mul(i).umod(this.n);return this.curve._maxwellTrick?!(a=this.g.jmulAdd(o,r.getPublic(),c)).isInfinity()&&a.eqXToP(i):!(a=this.g.mulAdd(o,r.getPublic(),c)).isInfinity()&&0===a.getX().umod(this.n).cmp(i)},bb.prototype.recoverPubKey=function(e,t,r,i){yb((3&r)===r,"The recovery param is more than two bits"),t=new hb(t,i);var n=this.n,a=new ly(e),s=t.r,o=t.s,c=1&r,u=r>>1;if(s.cmp(this.curve.p.umod(this.curve.n))>=0&&u)throw Error("Unable to find sencond key candinate");s=u?this.curve.pointFromX(s.add(this.curve.n),c):this.curve.pointFromX(s,c);var h=t.r.invm(n),d=n.sub(a).mul(h).umod(n),f=o.mul(h).umod(n);return this.g.mulAdd(d,s,f)},bb.prototype.getKeyRecoveryParam=function(e,t,r,i){if(null!==(t=new hb(t,i)).recoveryParam)return t.recoveryParam;for(var n=0;n<4;n++){var a;try{a=this.recoverPubKey(e,t,n)}catch(e){continue}if(a.eq(r))return n}throw Error("Unable to find valid recovery factor")};var gb=wy.assert,wb=wy.parseBytes,vb=wy.cachedProperty;function _b(e,t){if(this.eddsa=e,t.hasOwnProperty("secret")&&(this._secret=wb(t.secret)),e.isPoint(t.pub))this._pub=t.pub;else if(this._pubBytes=wb(t.pub),this._pubBytes&&33===this._pubBytes.length&&64===this._pubBytes[0]&&(this._pubBytes=this._pubBytes.slice(1,33)),this._pubBytes&&32!==this._pubBytes.length)throw Error("Unknown point compression format")}_b.fromPublic=function(e,t){return t instanceof _b?t:new _b(e,{pub:t})},_b.fromSecret=function(e,t){return t instanceof _b?t:new _b(e,{secret:t})},_b.prototype.secret=function(){return this._secret},vb(_b,"pubBytes",(function(){return this.eddsa.encodePoint(this.pub())})),vb(_b,"pub",(function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())})),vb(_b,"privBytes",(function(){var e=this.eddsa,t=this.hash(),r=e.encodingLength-1,i=t.slice(0,e.encodingLength);return i[0]&=248,i[r]&=127,i[r]|=64,i})),vb(_b,"priv",(function(){return this.eddsa.decodeInt(this.privBytes())})),vb(_b,"hash",(function(){return this.eddsa.hash().update(this.secret()).digest()})),vb(_b,"messagePrefix",(function(){return this.hash().slice(this.eddsa.encodingLength)})),_b.prototype.sign=function(e){return gb(this._secret,"KeyPair can only verify"),this.eddsa.sign(e,this)},_b.prototype.verify=function(e,t){return this.eddsa.verify(e,t,this)},_b.prototype.getSecret=function(e){return gb(this._secret,"KeyPair is public only"),wy.encode(this.secret(),e)},_b.prototype.getPublic=function(e,t){return wy.encode((t?[64]:[]).concat(this.pubBytes()),e)};var kb=_b,Ab=wy.assert,Sb=wy.cachedProperty,Eb=wy.parseBytes;function Pb(e,t){this.eddsa=e,"object"!=typeof t&&(t=Eb(t)),Array.isArray(t)&&(t={R:t.slice(0,e.encodingLength),S:t.slice(e.encodingLength)}),Ab(t.R&&t.S,"Signature without R or S"),e.isPoint(t.R)&&(this._R=t.R),t.S instanceof ly&&(this._S=t.S),this._Rencoded=Array.isArray(t.R)?t.R:t.Rencoded,this._Sencoded=Array.isArray(t.S)?t.S:t.Sencoded}Sb(Pb,"S",(function(){return this.eddsa.decodeInt(this.Sencoded())})),Sb(Pb,"R",(function(){return this.eddsa.decodePoint(this.Rencoded())})),Sb(Pb,"Rencoded",(function(){return this.eddsa.encodePoint(this.R())})),Sb(Pb,"Sencoded",(function(){return this.eddsa.encodeInt(this.S())})),Pb.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},Pb.prototype.toHex=function(){return wy.encode(this.toBytes(),"hex").toUpperCase()};var xb=Pb,Mb=wy.assert,Kb=wy.parseBytes;function Cb(e){if(Mb("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof Cb))return new Cb(e);e=rb[e].curve;this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=eb.sha512}var Db=Cb;Cb.prototype.sign=function(e,t){e=Kb(e);var r=this.keyFromSecret(t),i=this.hashInt(r.messagePrefix(),e),n=this.g.mul(i),a=this.encodePoint(n),s=this.hashInt(a,r.pubBytes(),e).mul(r.priv()),o=i.add(s).umod(this.curve.n);return this.makeSignature({R:n,S:o,Rencoded:a})},Cb.prototype.verify=function(e,t,r){e=Kb(e),t=this.makeSignature(t);var i=this.keyFromPublic(r),n=this.hashInt(t.Rencoded(),i.pubBytes(),e),a=this.g.mul(t.S());return t.R().add(i.pub().mul(n)).eq(a)},Cb.prototype.hashInt=function(){for(var e=this.hash(),t=0;t{this[s]=e,this[a]=t})),this[i].catch((()=>{}))}}function h(e){return e&&e.getReader&&Array.isArray(e)}function u(e){if(!h(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function l(t){if(h(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function y(e){return Uint8Array.prototype.isPrototypeOf(e)}function f(e){if(1===e.length)return e[0];let t=0;for(let r=0;r(await this[i],this[o]===this.length?{value:void 0,done:!0}:{value:this[this[o]++],done:!1})}},c.prototype.readToEnd=async function(e){await this[i];const t=e(this.slice(this[o]));return this.length=0,t},c.prototype.clone=function(){const e=new c;return e[i]=this[i].then((()=>{e.push(...this)})),e},u.prototype.write=async function(e){this.stream.push(e)},u.prototype.close=async function(){this.stream[s]()},u.prototype.abort=async function(e){return this.stream[a](e),e},u.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const g=new WeakSet,p=Symbol("externalBuffer");function d(e){if(this.stream=e,e[p]&&(this[p]=e[p].slice()),h(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(l(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||g.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{g.add(e)}catch(e){}}}function A(e){return l(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function w(e){if(l(e))return e;const t=new c;return(async()=>{const r=R(t);await r.write(e),await r.close()})(),t}function m(e){return e.some((e=>l(e)&&!h(e)))?function(e){e=e.map(A);const t=E((async function(e){await Promise.all(n.map((t=>U(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>B(n,((n,s)=>(r=r.then((()=>b(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>h(e)))?function(e){const t=new c;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>b(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):f(e)}async function b(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(l(e)&&!h(e)){e=A(e);try{if(e[p]){const r=R(t);for(let t=0;t{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function v(e,t=()=>{},r=()=>{}){if(h(e)){const n=new c;return(async()=>{const i=R(n);try{const n=await P(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?m([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(l(e))return k(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?m([n,i]):void 0!==n?n:i}function B(e,t){if(l(e)&&!h(e)){let r;const n=new TransformStream({start(e){r=e}}),i=b(e,n.writable),s=E((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=w(e);const r=new c;return t(e,r),r}function I(e,t){let r;const n=B(e,((e,i)=>{const s=Q(e);s.remainder=()=>(s.releaseLock(),b(e,i),n),r=t(s)}));return r}function S(e){if(h(e))return e.clone();if(l(e)){const t=function(e){if(h(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(l(e)){const t=A(e).tee();return t[0][p]=t[1][p]=e[p],t}return[D(e),D(e)]}(e);return C(e,t[0]),t[1]}return D(e)}function K(e){return h(e)?S(e):l(e)?new ReadableStream({start(t){const r=B(e,(async(e,r)=>{const n=Q(e),i=R(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));C(e,r)}}):D(e)}function C(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function D(e,t=0,r=1/0){if(h(e))throw Error("Not implemented");if(l(e)){if(t>=0&&r>=0){let n=0;return k(e,{transform(e,i){n=t&&i.enqueue(D(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return v(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>D(m(n),t,r)))}if(0===t&&r<0){let n;return v(e,(e=>{const i=n?m([n,e]):e;if(i.length>=-r)return n=D(i,r),D(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),x((async()=>D(await P(e),t,r)))}return e[p]&&(e=m(e[p].concat([e]))),y(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=m){return h(e)?e.readToEnd(t):l(e)?Q(e).readToEnd(t):e}async function U(e,t){if(l(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function x(e){const t=new c;return(async()=>{const r=R(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function Q(e){return new d(e)}function R(e){return new u(e)}d.prototype.read=async function(){if(this[p]&&this[p].length){return{done:!1,value:this[p].shift()}}return this._read()},d.prototype.releaseLock=function(){this[p]&&(this.stream[p]=this[p]),this._releaseLock()},d.prototype.cancel=function(e){return this._cancel(e)},d.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?m(t):void 0;const i=n.indexOf("\n")+1;i&&(e=m(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},d.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(D(t,1)),r},d.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?m(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=m(t);return this.unshift(D(r,e)),D(r,0,e)}}},d.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},d.prototype.unshift=function(...e){this[p]||(this[p]=[]),1===e.length&&y(e[0])&&this[p].length&&e[0].length&&this[p][0].byteOffset>=e[0].length?this[p][0]=new Uint8Array(this[p][0].buffer,this[p][0].byteOffset-e[0].length,this[p][0].byteLength+e[0].length):this[p].unshift(...e.filter((e=>e&&e.length)))},d.prototype.readToEnd=async function(e=m){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const L=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[L]||(e[L]=[],Object.entries(e).forEach((([t,r])=>{e[L][r]=t}))),void 0!==e[L][t])return e[L][t];throw Error("Invalid enum value.")}},M={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.0.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const N=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:t(import.meta.url),isArray:function(e){return e instanceof Array},isUint8Array:y,isStream:l,getNobleCurve:async(e,t)=>{if(!M.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return ml}));switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r>8*(t-n-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.lengtht)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return v(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return v(e,r,(()=>r(new Uint8Array,!0)))},concat:m,concatUint8Array:f,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return v(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return v(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n{t=F.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=O(t.subarray(0,i));for(let e=0;et.length?O(t)+"\n":""))}function G(e){let t="";return v(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=z(t.substr(0,i));return t=t.substr(i),s}),(()=>z(t)))}function j(e){return G(e.replace(/-/g,"+").replace(/_/g,"/"))}function q(e,t){let r=_(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function V(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function J(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function Y(e){const t=function(e){let t=13501623;return v(e,(e=>{const r=Z?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^W[1][t>>16&255]^W[2][t>>8&255]^W[3][255&t];for(let n=4*r;n>8^W[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return _(t)}H?(O=e=>H.from(e).toString("base64"),z=e=>{const t=H.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(O=e=>btoa(F.uint8ArrayToString(e)),z=e=>F.stringToUint8Array(atob(e)));const W=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);W[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)W[1][e]=W[0][e]>>8^W[0][255&W[0][e]];for(let e=0;e<=255;e++)W[2][e]=W[1][e]>>8^W[0][255&W[1][e]];for(let e=0;e<=255;e++)W[3][e]=W[2][e]>>8^W[0][255&W[2][e]];const Z=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function ee(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,h=a,u=[];const l=G(B(e,(async(e,y)=>{const f=Q(e);try{for(;;){let e=await f.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==T.armor.signed||(n.test(e)?(u=u.join("\r\n"),c=!0,$(h),h=[],o=!1):u.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if($(h),o=!0,c||s!==T.armor.signed){t({text:u,data:l,headers:a,type:s});break}}else h.push(e);else n.test(e)&&(s=V(e))}}catch(e){return void r(e)}const g=R(y);try{for(;;){await g.ready;const{done:e,value:t}=await f.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await f.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=X(t[0].slice(0,-1));await g.write(i);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(h(e.data)&&(e.data=await P(e.data)),e)))}function te(e,t,r,n,i,s=!1,a=M){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const h=s&&K(t),u=[];switch(e){case T.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case T.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push(c?`Hash: ${c}\n\n`:"\n"),u.push(o.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(J(i,a)),u.push(_(t)),h&&u.push("=",Y(h)),u.push("-----END PGP SIGNATURE-----\n")}return F.concat(u)}async function re(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return Rl})),r=t.get(e);if(!r)throw Error("Unsupported cipher algorithm");return r}default:throw Error("Unsupported cipher algorithm")}}function ne(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function ie(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function se(e){return{keySize:ie(e),blockSize:ne(e)}}var ae=/*#__PURE__*/Object.freeze({__proto__:null,getCipherParams:se,getLegacyCipher:re});function oe(e,t){let r=e[0],n=e[1],i=e[2],s=e[3];r=he(r,n,i,s,t[0],7,-680876936),s=he(s,r,n,i,t[1],12,-389564586),i=he(i,s,r,n,t[2],17,606105819),n=he(n,i,s,r,t[3],22,-1044525330),r=he(r,n,i,s,t[4],7,-176418897),s=he(s,r,n,i,t[5],12,1200080426),i=he(i,s,r,n,t[6],17,-1473231341),n=he(n,i,s,r,t[7],22,-45705983),r=he(r,n,i,s,t[8],7,1770035416),s=he(s,r,n,i,t[9],12,-1958414417),i=he(i,s,r,n,t[10],17,-42063),n=he(n,i,s,r,t[11],22,-1990404162),r=he(r,n,i,s,t[12],7,1804603682),s=he(s,r,n,i,t[13],12,-40341101),i=he(i,s,r,n,t[14],17,-1502002290),n=he(n,i,s,r,t[15],22,1236535329),r=ue(r,n,i,s,t[1],5,-165796510),s=ue(s,r,n,i,t[6],9,-1069501632),i=ue(i,s,r,n,t[11],14,643717713),n=ue(n,i,s,r,t[0],20,-373897302),r=ue(r,n,i,s,t[5],5,-701558691),s=ue(s,r,n,i,t[10],9,38016083),i=ue(i,s,r,n,t[15],14,-660478335),n=ue(n,i,s,r,t[4],20,-405537848),r=ue(r,n,i,s,t[9],5,568446438),s=ue(s,r,n,i,t[14],9,-1019803690),i=ue(i,s,r,n,t[3],14,-187363961),n=ue(n,i,s,r,t[8],20,1163531501),r=ue(r,n,i,s,t[13],5,-1444681467),s=ue(s,r,n,i,t[2],9,-51403784),i=ue(i,s,r,n,t[7],14,1735328473),n=ue(n,i,s,r,t[12],20,-1926607734),r=le(r,n,i,s,t[5],4,-378558),s=le(s,r,n,i,t[8],11,-2022574463),i=le(i,s,r,n,t[11],16,1839030562),n=le(n,i,s,r,t[14],23,-35309556),r=le(r,n,i,s,t[1],4,-1530992060),s=le(s,r,n,i,t[4],11,1272893353),i=le(i,s,r,n,t[7],16,-155497632),n=le(n,i,s,r,t[10],23,-1094730640),r=le(r,n,i,s,t[13],4,681279174),s=le(s,r,n,i,t[0],11,-358537222),i=le(i,s,r,n,t[3],16,-722521979),n=le(n,i,s,r,t[6],23,76029189),r=le(r,n,i,s,t[9],4,-640364487),s=le(s,r,n,i,t[12],11,-421815835),i=le(i,s,r,n,t[15],16,530742520),n=le(n,i,s,r,t[2],23,-995338651),r=ye(r,n,i,s,t[0],6,-198630844),s=ye(s,r,n,i,t[7],10,1126891415),i=ye(i,s,r,n,t[14],15,-1416354905),n=ye(n,i,s,r,t[5],21,-57434055),r=ye(r,n,i,s,t[12],6,1700485571),s=ye(s,r,n,i,t[3],10,-1894986606),i=ye(i,s,r,n,t[10],15,-1051523),n=ye(n,i,s,r,t[1],21,-2054922799),r=ye(r,n,i,s,t[8],6,1873313359),s=ye(s,r,n,i,t[15],10,-30611744),i=ye(i,s,r,n,t[6],15,-1560198380),n=ye(n,i,s,r,t[13],21,1309151649),r=ye(r,n,i,s,t[4],6,-145523070),s=ye(s,r,n,i,t[11],10,-1120210379),i=ye(i,s,r,n,t[2],15,718787259),n=ye(n,i,s,r,t[9],21,-343485551),e[0]=de(r,e[0]),e[1]=de(n,e[1]),e[2]=de(i,e[2]),e[3]=de(s,e[3])}function ce(e,t,r,n,i,s){return t=de(de(t,e),de(n,s)),de(t<>>32-i,r)}function he(e,t,r,n,i,s,a){return ce(t&r|~t&n,e,t,i,s,a)}function ue(e,t,r,n,i,s,a){return ce(t&n|r&~n,e,t,i,s,a)}function le(e,t,r,n,i,s,a){return ce(t^r^n,e,t,i,s,a)}function ye(e,t,r,n,i,s,a){return ce(r^(t|~n),e,t,i,s,a)}function fe(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const ge="0123456789abcdef".split("");function pe(e){let t="",r=0;for(;r<4;r++)t+=ge[e>>8*r+4&15]+ge[e>>8*r&15];return t}function de(e,t){return e+t&4294967295}const Ae=F.getWebCrypto(),we=F.getNodeCrypto(),me=we&&we.getHashes();function be(e){if(we&&me.includes(e))return async function(t){const r=we.createHash(e);return v(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ke(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return Xl})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(h(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return v(e,(e=>{t.update(e)}),(()=>t.digest()))}if(Ae&&t)return new Uint8Array(await Ae.digest(t,e));return(await r())(e)}}var Ee={md5:be("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let n;for(n=64;n<=e.length;n+=64)oe(r,fe(e.substring(n-64,n)));e=e.substring(n-64);const i=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(n=0;n>2]|=e.charCodeAt(n)<<(n%4<<3);if(i[n>>2]|=128<<(n%4<<3),n>55)for(oe(r,i),n=0;n<16;n++)i[n]=0;return i[14]=8*t,oe(r,i),r}(F.uint8ArrayToString(e));return F.hexToUint8Array(function(e){for(let t=0;t0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Ie(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Se(e,t){Be(e);const r=t.outputLen;if(e.lengthnew Uint8Array(e.buffer,e.byteOffset,e.byteLength),Ce=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),De=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function Pe(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!ve(e))throw Error("Uint8Array expected, got "+typeof e);e=Le(e)}return e}function Ue(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n(Object.assign(t,e),t);function Qe(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function Re(e){return e.byteOffset%4==0}function Le(e){return Uint8Array.from(e)}function Te(...e){for(let t=0;t(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Oe{constructor(e,t){this.blockLen=Me,this.outputLen=Me,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Be(e=Pe(e),16);const r=De(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:He(n),s1:He(i),s2:He(s),s3:He(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(u=s)<<31|(l=a)>>>1,s2:(h=i)<<31|u>>>1,s1:(c=n)<<31|h>>>1,s0:c>>>1^225<<24&-(1&l)});var c,h,u,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const f=128/y,g=this.windowSize=2**y,p=[];for(let e=0;e>>y-a-1&1))continue;const{s0:c,s1:h,s2:u,s3:l}=o[y*e+a];r^=c,n^=h,i^=u,s^=l}p.push({s0:r,s1:n,s2:i,s3:s})}this.t=p}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,h=0,u=0;const l=(1<>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:f,s2:g,s3:p}=s[y*a+r];o^=n,c^=f,h^=g,u^=p,y+=1}}this.s0=o,this.s1=c,this.s2=h,this.s3=u}update(e){e=Pe(e),Ie(this);const t=Ce(e),r=Math.floor(e.length/Me),n=e.length%Me;for(let e=0;e>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Le(e=Pe(e)));super(r,t),Te(r)}update(e){e=Pe(e),Ie(this);const t=Ce(e),r=e.length%Me,n=Math.floor(e.length/Me);for(let e=0;ee(r,t.length).update(Pe(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ge=_e(((e,t)=>new Oe(e,t)));_e(((e,t)=>new ze(e,t)));const je=16,qe=new Uint8Array(je),Ve=283;function Je(e){return e<<1^Ve&-(e>>7)}function Ye(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Je(e);return r}const We=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Je(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return Te(e),t})(),Ze=/* @__PURE__ */We.map(((e,t)=>We.indexOf(t))),$e=e=>e<<24|e>>>8,Xe=e=>e<<8|e>>>24,et=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function tt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map(Xe),i=n.map(Xe),s=i.map(Xe),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let h=0;h<256;h++){const u=256*t+h;a[u]=r[t]^n[h],o[u]=i[t]^s[h],c[u]=e[t]<<8|e[h]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const rt=/* @__PURE__ */tt(We,(e=>Ye(e,3)<<24|e<<16|e<<8|Ye(e,2))),nt=/* @__PURE__ */tt(Ze,(e=>Ye(e,11)<<24|Ye(e,13)<<16|Ye(e,9)<<8|Ye(e,14))),it=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Je(r))e[t]=r;return e})();function st(e){Be(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=rt,n=[];Re(e)||n.push(e=Le(e));const i=Ce(e),s=i.length,a=e=>ct(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}return Te(...n),o}function at(e){const t=st(e),r=t.slice(),n=t.length,{sbox2:i}=rt,{T0:s,T1:a,T2:o,T3:c}=nt;for(let e=0;e>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function ot(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function ct(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function ht(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=rt;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const h=e.length/4-2;for(let s=0;s=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:h,s3:u}=ht(e,a[0],a[1],a[2],a[3]))}const f=je*Math.floor(l.length/4);if(f>>0,o.setUint32(u,y,t),({s0:f,s1:g,s2:p,s3:d}=ht(e,a[0],a[1],a[2],a[3]));const A=je*Math.floor(c.length/4);if(Ar(e,t),decrypt:(e,t)=>r(e,t)}}));const pt=xe({blockSize:16,nonceLength:16},(function(e,t,r={}){Be(e),Be(t,16);const n=!r.disablePadding;return{encrypt(r,i){const s=st(e),{b:a,o,out:c}=function(e,t,r){Be(e);let n=e.length;const i=n%je;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Re(e)||(e=Le(e));const s=Ce(e);if(t){let e=je-i;e||(e=je),n+=e}const a=lt(n,r);return{b:s,o:Ce(a),out:a}}(r,n,i);let h=t;const u=[s];Re(h)||u.push(h=Le(h));const l=Ce(h);let y=l[0],f=l[1],g=l[2],p=l[3],d=0;for(;d+4<=a.length;)y^=a[d+0],f^=a[d+1],g^=a[d+2],p^=a[d+3],({s0:y,s1:f,s2:g,s3:p}=ht(s,y,f,g,p)),o[d++]=y,o[d++]=f,o[d++]=g,o[d++]=p;if(n){const e=function(e){const t=new Uint8Array(16),r=Ce(t);t.set(e);const n=je-e.length;for(let e=je-n;e16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;tr(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const At=xe({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Be(e),Be(t),void 0!==r&&Be(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const n=16;function i(e,t,n){const i=function(e,t,r,n,i){const s=null==i?0:i.length,a=e.create(r,n.length+s);i&&a.update(i),a.update(n);const o=new Uint8Array(16),c=De(o);i&&Qe(c,0,BigInt(8*s),t),Qe(c,8,BigInt(8*n.length),t),a.update(o);const h=a.digest();return Te(o),h}(Ge,!1,e,n,r);for(let e=0;e=2**32)throw Error("plaintext should be less than 4gb");const r=st(e);if(16===t.length)mt(r,t);else{const e=Ce(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t=2**32)throw Error("ciphertext should be less than 4gb");const r=at(e),n=t.length/8-1;if(1===n)bt(r,t);else{const e=Ce(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=et(a);const{s0:n,s1:o,s2:c,s3:h}=ut(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=h}e[0]=i,e[1]=s}r.fill(0)}},Et=new Uint8Array(8).fill(166),vt=xe({blockSize:8},(e=>({encrypt(t){if(Be(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await It.importKey("raw",this.key,r,!1,["encrypt"]);const n=await It.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=F.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return Ut(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),Ut(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Ut(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Ut(t,e),this.clearSensitiveData(),t}}class Pt{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=se(t);this.key=Bt.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=xt(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=xt(e),r=new Uint8Array(e.length),n=xt(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=Bt.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Ut(e,t){const r=Math.min(e.length,t.length);for(let n=0;nnew Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));var Qt=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n){const i=T.read(T.symmetric,e);if(St&&Ct[i])return function(e,t,r,n){const i=T.read(T.symmetric,e),s=new St.createDecipheriv(Ct[i],t,n);return v(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(F.isAES(e))return async function(e,t,r,n){if(F.isStream(r)){const i=new Pt(!1,e,t,n);return v(r,(e=>i.processChunk(e)),(()=>i.finish()))}return dt(t,n).decrypt(r)}(e,t,r,n);const s=new(await re(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const h=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;rnew Uint8Array(s.update(e))))}(e,t,r,n);if(F.isAES(e))return async function(e,t,r,n){if(It&&await Dt.isSupported(e)){const i=new Dt(e,t,n);return F.isStream(r)?v(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(F.isStream(r)){const i=new Pt(!0,e,t,n);return v(r,(e=>i.processChunk(e)),(()=>i.finish()))}return dt(t,n).encrypt(r)}(e,t,r,n);const a=new(await re(e))(t),o=a.blockSize,c=n.slice();let h=new Uint8Array;const u=e=>{e&&(h=F.concatUint8Array([h,e]));const t=new Uint8Array(h.length);let r,n=0;for(;e?h.length>=o:h.length;){const e=a.encrypt(c);for(r=0;ri.encrypt(e),a=e=>i.decrypt(e);let o;function c(e,t,r,i){const a=t.length/Xt|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/Xt|0)-1;for(let e=n+1;e<=r;e++)o[e]=F.double(o[e-1]);n=r}(t,i);const c=F.concatUint8Array([ir.subarray(0,15-r.length),sr,r]),h=63&c[15];c[15]&=192;const u=s(c),l=F.concatUint8Array([u,nr(u.subarray(0,8),u.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(h>>3),17+(h>>3)),8-(7&h)).subarray(1),f=new Uint8Array(Xt),g=new Uint8Array(t.length+er);let p,d=0;for(p=0;p{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function Ar(e,t){const r=e%t;return rgr;){const e=n≺n>>=pr;s=e?s*i%r:s,i=i*i%r}return s}function mr(e){return e>=gr?e:-e}function br(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=mr(e),o=mr(t);const c=eNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function Er(e,t){return(e>>BigInt(t)&pr)===gr?0:1}function vr(e){const t=e>=pr)!==t;)r++;return r}function Br(e){const t=e>=r)!==t;)n++;return n}function Ir(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;oe&&(a=Ar(a,i<Ar(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return wr(t,e-Pr,e)===Pr}(e)&&!!function(e,t){const r=vr(e);t||(t=Math.max(1,r/48|0));const n=e-Pr;let i=0;for(;!Er(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=wr(Cr(BigInt(2),n),s,e);if(r!==Pr&&r!==n){for(t=1;tBigInt(e)));const Rr=[];function Lr(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!n;if(t)return F.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Mr(e,t,r){let n;if(t.length!==Ee.getHashByteLength(e))throw Error("Invalid hash length");const i=new Uint8Array(Rr[e].length);for(n=0;n=t)throw Error("Data too large.");const c=Ar(n,s-Or),h=Ar(n,i-Or),u=Cr(BigInt(2),t),l=wr(br(u,t),r,t);e=Ar(e*l,t);const y=wr(e,h,i),f=wr(e,c,s),g=Ar(a*(f-y),s);let p=g*i+y;return p=Ar(p*u,t),Tr(Ir(p,"be",Br(t)),o)}(e,t,r,n,i,s,a,o)},encrypt:async function(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const n=_r(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:Hr.constants.RSA_PKCS1_PADDING};return new Uint8Array(Hr.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=dr(t),e=dr(Lr(e,Br(t))),r=dr(r),e>=t)throw Error("Message size cannot exceed modulus size");return Ir(wr(e,r,t),"be",Br(t))}(e,t,r)},generate:async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:Ir(t),hash:{name:"SHA-1"}},n=await Fr.generateKey(r,!0,["sign","verify"]);return Gr(await Fr.exportKey("jwk",n.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:kr(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{Hr.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return Gr(n,t)}let r,n,i;do{n=Ur(e-(e>>1),t,40),r=Ur(e>>1,t,40),i=r*n}while(vr(i)!==e);const s=(r-Or)*(n-Or);return n=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await zr(r,n,i,s,a,o),h={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},u=await Fr.importKey("jwk",c,h,!1,["sign"]);return new Uint8Array(await Fr.sign("RSASSA-PKCS1-v1_5",u,t))}(T.read(T.webHash,e),t,r,n,i,s,a,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=Hr.createSign(T.read(T.hash,e));c.write(t),c.end();const h=await zr(r,n,i,s,a,o);return new Uint8Array(c.sign({key:h,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=dr(t);const i=dr(Mr(e,n,Br(t)));return r=dr(r),Ir(wr(i,r,t),"be",Br(t))}(e,r,i,c)},validateParams:async function(e,t,r,n,i,s){if(e=dr(e),(n=dr(n))*(i=dr(i))!==e)return!1;const a=BigInt(2);if(Ar(n*(s=dr(s)),i)!==BigInt(1))return!1;t=dr(t),r=dr(r);const o=Cr(a,a<=r)throw Error("Signature size cannot exceed modulus size");const s=Ir(wr(t,n,r),"be",Br(r)),a=Mr(e,i,Br(r));return F.equalsUint8Array(s,a)}(e,r,n,i,s)}});const qr=BigInt(1);var Vr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i){return e=dr(e),t=dr(t),r=dr(r),Tr(Ir(Ar(br(wr(e,n=dr(n),r),r)*t,r),"be",Br(r)),i)},encrypt:async function(e,t,r,n){t=dr(t),r=dr(r),n=dr(n);const i=dr(Lr(e,Br(t))),s=Cr(qr,t-qr);return{c1:Ir(wr(r,s,t)),c2:Ir(Ar(wr(n,s,t)*i,t))}},validateParams:async function(e,t,r,n){if(e=dr(e),t=dr(t),r=dr(r),t<=qr||t>=e)return!1;const i=BigInt(vr(e));if(i>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=n>>24&255,e[t+5]=n>>16&255,e[t+6]=n>>8&255,e[t+7]=255&n}function hn(e,t,r,n){return function(e,t,r,n,i){var s,a=0;for(s=0;s>>8)-1}(e,t,r,n,32)}function un(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function ln(e){var t,r,n=1;for(t=0;t<16;t++)r=e[t]+n+65535,n=Math.floor(r/65536),e[t]=r-65536*n;e[0]+=n-1+37*(n-1)}function yn(e,t,r){for(var n,i=~(r-1),s=0;s<16;s++)n=i&(e[s]^t[s]),e[s]^=n,t[s]^=n}function fn(e,t){var r,n,i,s=Wr(),a=Wr();for(r=0;r<16;r++)a[r]=t[r];for(ln(a),ln(a),ln(a),n=0;n<2;n++){for(s[0]=a[0]-65517,r=1;r<15;r++)s[r]=a[r]-65535-(s[r-1]>>16&1),s[r-1]&=65535;s[15]=a[15]-32767-(s[14]>>16&1),i=s[15]>>16&1,s[14]&=65535,yn(a,s,1-i)}for(r=0;r<16;r++)e[2*r]=255&a[r],e[2*r+1]=a[r]>>8}function gn(e,t){var r=new Uint8Array(32),n=new Uint8Array(32);return fn(r,e),fn(n,t),hn(r,0,n,0)}function pn(e){var t=new Uint8Array(32);return fn(t,e),1&t[0]}function dn(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function An(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]+r[n]}function wn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]-r[n]}function mn(e,t,r){var n,i,s=0,a=0,o=0,c=0,h=0,u=0,l=0,y=0,f=0,g=0,p=0,d=0,A=0,w=0,m=0,b=0,k=0,E=0,v=0,B=0,I=0,S=0,K=0,C=0,D=0,P=0,U=0,x=0,Q=0,R=0,L=0,T=r[0],M=r[1],N=r[2],F=r[3],H=r[4],O=r[5],z=r[6],_=r[7],G=r[8],j=r[9],q=r[10],V=r[11],J=r[12],Y=r[13],W=r[14],Z=r[15];s+=(n=t[0])*T,a+=n*M,o+=n*N,c+=n*F,h+=n*H,u+=n*O,l+=n*z,y+=n*_,f+=n*G,g+=n*j,p+=n*q,d+=n*V,A+=n*J,w+=n*Y,m+=n*W,b+=n*Z,a+=(n=t[1])*T,o+=n*M,c+=n*N,h+=n*F,u+=n*H,l+=n*O,y+=n*z,f+=n*_,g+=n*G,p+=n*j,d+=n*q,A+=n*V,w+=n*J,m+=n*Y,b+=n*W,k+=n*Z,o+=(n=t[2])*T,c+=n*M,h+=n*N,u+=n*F,l+=n*H,y+=n*O,f+=n*z,g+=n*_,p+=n*G,d+=n*j,A+=n*q,w+=n*V,m+=n*J,b+=n*Y,k+=n*W,E+=n*Z,c+=(n=t[3])*T,h+=n*M,u+=n*N,l+=n*F,y+=n*H,f+=n*O,g+=n*z,p+=n*_,d+=n*G,A+=n*j,w+=n*q,m+=n*V,b+=n*J,k+=n*Y,E+=n*W,v+=n*Z,h+=(n=t[4])*T,u+=n*M,l+=n*N,y+=n*F,f+=n*H,g+=n*O,p+=n*z,d+=n*_,A+=n*G,w+=n*j,m+=n*q,b+=n*V,k+=n*J,E+=n*Y,v+=n*W,B+=n*Z,u+=(n=t[5])*T,l+=n*M,y+=n*N,f+=n*F,g+=n*H,p+=n*O,d+=n*z,A+=n*_,w+=n*G,m+=n*j,b+=n*q,k+=n*V,E+=n*J,v+=n*Y,B+=n*W,I+=n*Z,l+=(n=t[6])*T,y+=n*M,f+=n*N,g+=n*F,p+=n*H,d+=n*O,A+=n*z,w+=n*_,m+=n*G,b+=n*j,k+=n*q,E+=n*V,v+=n*J,B+=n*Y,I+=n*W,S+=n*Z,y+=(n=t[7])*T,f+=n*M,g+=n*N,p+=n*F,d+=n*H,A+=n*O,w+=n*z,m+=n*_,b+=n*G,k+=n*j,E+=n*q,v+=n*V,B+=n*J,I+=n*Y,S+=n*W,K+=n*Z,f+=(n=t[8])*T,g+=n*M,p+=n*N,d+=n*F,A+=n*H,w+=n*O,m+=n*z,b+=n*_,k+=n*G,E+=n*j,v+=n*q,B+=n*V,I+=n*J,S+=n*Y,K+=n*W,C+=n*Z,g+=(n=t[9])*T,p+=n*M,d+=n*N,A+=n*F,w+=n*H,m+=n*O,b+=n*z,k+=n*_,E+=n*G,v+=n*j,B+=n*q,I+=n*V,S+=n*J,K+=n*Y,C+=n*W,D+=n*Z,p+=(n=t[10])*T,d+=n*M,A+=n*N,w+=n*F,m+=n*H,b+=n*O,k+=n*z,E+=n*_,v+=n*G,B+=n*j,I+=n*q,S+=n*V,K+=n*J,C+=n*Y,D+=n*W,P+=n*Z,d+=(n=t[11])*T,A+=n*M,w+=n*N,m+=n*F,b+=n*H,k+=n*O,E+=n*z,v+=n*_,B+=n*G,I+=n*j,S+=n*q,K+=n*V,C+=n*J,D+=n*Y,P+=n*W,U+=n*Z,A+=(n=t[12])*T,w+=n*M,m+=n*N,b+=n*F,k+=n*H,E+=n*O,v+=n*z,B+=n*_,I+=n*G,S+=n*j,K+=n*q,C+=n*V,D+=n*J,P+=n*Y,U+=n*W,x+=n*Z,w+=(n=t[13])*T,m+=n*M,b+=n*N,k+=n*F,E+=n*H,v+=n*O,B+=n*z,I+=n*_,S+=n*G,K+=n*j,C+=n*q,D+=n*V,P+=n*J,U+=n*Y,x+=n*W,Q+=n*Z,m+=(n=t[14])*T,b+=n*M,k+=n*N,E+=n*F,v+=n*H,B+=n*O,I+=n*z,S+=n*_,K+=n*G,C+=n*j,D+=n*q,P+=n*V,U+=n*J,x+=n*Y,Q+=n*W,R+=n*Z,b+=(n=t[15])*T,a+=38*(E+=n*N),o+=38*(v+=n*F),c+=38*(B+=n*H),h+=38*(I+=n*O),u+=38*(S+=n*z),l+=38*(K+=n*_),y+=38*(C+=n*G),f+=38*(D+=n*j),g+=38*(P+=n*q),p+=38*(U+=n*V),d+=38*(x+=n*J),A+=38*(Q+=n*Y),w+=38*(R+=n*W),m+=38*(L+=n*Z),s=(n=(s+=38*(k+=n*M))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s=(n=(s+=i-1+37*(i-1))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s+=i-1+37*(i-1),e[0]=s,e[1]=a,e[2]=o,e[3]=c,e[4]=h,e[5]=u,e[6]=l,e[7]=y,e[8]=f,e[9]=g,e[10]=p,e[11]=d,e[12]=A,e[13]=w,e[14]=m,e[15]=b}function bn(e,t){mn(e,t,t)}function kn(e,t){var r,n=Wr();for(r=0;r<16;r++)n[r]=t[r];for(r=253;r>=0;r--)bn(n,n),2!==r&&4!==r&&mn(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}function En(e,t,r){var n,i,s=new Uint8Array(32),a=new Float64Array(80),o=Wr(),c=Wr(),h=Wr(),u=Wr(),l=Wr(),y=Wr();for(i=0;i<31;i++)s[i]=t[i];for(s[31]=127&t[31]|64,s[0]&=248,dn(a,r),i=0;i<16;i++)c[i]=a[i],u[i]=o[i]=h[i]=0;for(o[0]=u[0]=1,i=254;i>=0;--i)yn(o,c,n=s[i>>>3]>>>(7&i)&1),yn(h,u,n),An(l,o,h),wn(o,o,h),An(h,c,u),wn(c,c,u),bn(u,l),bn(y,o),mn(o,h,o),mn(h,c,l),An(l,o,h),wn(o,o,h),bn(c,o),wn(h,u,y),mn(o,h,tn),An(o,o,u),mn(h,h,o),mn(o,u,y),mn(u,c,a),bn(c,l),yn(o,c,n),yn(h,u,n);for(i=0;i<16;i++)a[i+16]=o[i],a[i+32]=h[i],a[i+48]=c[i],a[i+64]=u[i];var f=a.subarray(32),g=a.subarray(16);return kn(f,f),mn(g,g,f),fn(e,g),0}function vn(e,t){return En(e,t,$r)}var Bn=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function In(e,t,r,n){for(var i,s,a,o,c,h,u,l,y,f,g,p,d,A,w,m,b,k,E,v,B,I,S,K,C,D,P=new Int32Array(16),U=new Int32Array(16),x=e[0],Q=e[1],R=e[2],L=e[3],T=e[4],M=e[5],N=e[6],F=e[7],H=t[0],O=t[1],z=t[2],_=t[3],G=t[4],j=t[5],q=t[6],V=t[7],J=0;n>=128;){for(E=0;E<16;E++)v=8*E+J,P[E]=r[v+0]<<24|r[v+1]<<16|r[v+2]<<8|r[v+3],U[E]=r[v+4]<<24|r[v+5]<<16|r[v+6]<<8|r[v+7];for(E=0;E<80;E++)if(i=x,s=Q,a=R,o=L,c=T,h=M,u=N,F,y=H,f=O,g=z,p=_,d=G,A=j,w=q,V,S=65535&(I=V),K=I>>>16,C=65535&(B=F),D=B>>>16,S+=65535&(I=(G>>>14|T<<18)^(G>>>18|T<<14)^(T>>>9|G<<23)),K+=I>>>16,C+=65535&(B=(T>>>14|G<<18)^(T>>>18|G<<14)^(G>>>9|T<<23)),D+=B>>>16,S+=65535&(I=G&j^~G&q),K+=I>>>16,C+=65535&(B=T&M^~T&N),D+=B>>>16,B=Bn[2*E],S+=65535&(I=Bn[2*E+1]),K+=I>>>16,C+=65535&B,D+=B>>>16,B=P[E%16],K+=(I=U[E%16])>>>16,C+=65535&B,D+=B>>>16,C+=(K+=(S+=65535&I)>>>16)>>>16,S=65535&(I=k=65535&S|K<<16),K=I>>>16,C=65535&(B=b=65535&C|(D+=C>>>16)<<16),D=B>>>16,S+=65535&(I=(H>>>28|x<<4)^(x>>>2|H<<30)^(x>>>7|H<<25)),K+=I>>>16,C+=65535&(B=(x>>>28|H<<4)^(H>>>2|x<<30)^(H>>>7|x<<25)),D+=B>>>16,K+=(I=H&O^H&z^O&z)>>>16,C+=65535&(B=x&Q^x&R^Q&R),D+=B>>>16,l=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(D+=C>>>16)<<16,m=65535&S|K<<16,S=65535&(I=p),K=I>>>16,C=65535&(B=o),D=B>>>16,K+=(I=k)>>>16,C+=65535&(B=b),D+=B>>>16,Q=i,R=s,L=a,T=o=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(D+=C>>>16)<<16,M=c,N=h,F=u,x=l,O=y,z=f,_=g,G=p=65535&S|K<<16,j=d,q=A,V=w,H=m,E%16==15)for(v=0;v<16;v++)B=P[v],S=65535&(I=U[v]),K=I>>>16,C=65535&B,D=B>>>16,B=P[(v+9)%16],S+=65535&(I=U[(v+9)%16]),K+=I>>>16,C+=65535&B,D+=B>>>16,b=P[(v+1)%16],S+=65535&(I=((k=U[(v+1)%16])>>>1|b<<31)^(k>>>8|b<<24)^(k>>>7|b<<25)),K+=I>>>16,C+=65535&(B=(b>>>1|k<<31)^(b>>>8|k<<24)^b>>>7),D+=B>>>16,b=P[(v+14)%16],K+=(I=((k=U[(v+14)%16])>>>19|b<<13)^(b>>>29|k<<3)^(k>>>6|b<<26))>>>16,C+=65535&(B=(b>>>19|k<<13)^(k>>>29|b<<3)^b>>>6),D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,P[v]=65535&C|D<<16,U[v]=65535&S|K<<16;S=65535&(I=H),K=I>>>16,C=65535&(B=x),D=B>>>16,B=e[0],K+=(I=t[0])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[0]=x=65535&C|D<<16,t[0]=H=65535&S|K<<16,S=65535&(I=O),K=I>>>16,C=65535&(B=Q),D=B>>>16,B=e[1],K+=(I=t[1])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[1]=Q=65535&C|D<<16,t[1]=O=65535&S|K<<16,S=65535&(I=z),K=I>>>16,C=65535&(B=R),D=B>>>16,B=e[2],K+=(I=t[2])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[2]=R=65535&C|D<<16,t[2]=z=65535&S|K<<16,S=65535&(I=_),K=I>>>16,C=65535&(B=L),D=B>>>16,B=e[3],K+=(I=t[3])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[3]=L=65535&C|D<<16,t[3]=_=65535&S|K<<16,S=65535&(I=G),K=I>>>16,C=65535&(B=T),D=B>>>16,B=e[4],K+=(I=t[4])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[4]=T=65535&C|D<<16,t[4]=G=65535&S|K<<16,S=65535&(I=j),K=I>>>16,C=65535&(B=M),D=B>>>16,B=e[5],K+=(I=t[5])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[5]=M=65535&C|D<<16,t[5]=j=65535&S|K<<16,S=65535&(I=q),K=I>>>16,C=65535&(B=N),D=B>>>16,B=e[6],K+=(I=t[6])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[6]=N=65535&C|D<<16,t[6]=q=65535&S|K<<16,S=65535&(I=V),K=I>>>16,C=65535&(B=F),D=B>>>16,B=e[7],K+=(I=t[7])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[7]=F=65535&C|D<<16,t[7]=V=65535&S|K<<16,J+=128,n-=128}return n}function Sn(e,t,r){var n,i=new Int32Array(8),s=new Int32Array(8),a=new Uint8Array(256),o=r;for(i[0]=1779033703,i[1]=3144134277,i[2]=1013904242,i[3]=2773480762,i[4]=1359893119,i[5]=2600822924,i[6]=528734635,i[7]=1541459225,s[0]=4089235720,s[1]=2227873595,s[2]=4271175723,s[3]=1595750129,s[4]=2917565137,s[5]=725511199,s[6]=4215389547,s[7]=327033209,In(i,s,t,r),r%=128,n=0;n=0;--i)Cn(e,t,n=r[i/8|0]>>(7&i)&1),Kn(t,e),Kn(e,e),Cn(e,t,n)}function Un(e,t){var r=[Wr(),Wr(),Wr(),Wr()];un(r[0],sn),un(r[1],an),un(r[2],en),mn(r[3],sn,an),Pn(e,r,t)}function xn(e,t,r){var n,i=new Uint8Array(64),s=[Wr(),Wr(),Wr(),Wr()];for(r||Zr(t,32),Sn(i,t,32),i[0]&=248,i[31]&=127,i[31]|=64,Un(s,i),Dn(e,s),n=0;n<32;n++)t[n+32]=e[n];return 0}var Qn=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Rn(e,t){var r,n,i,s;for(n=63;n>=32;--n){for(r=0,i=n-32,s=n-12;i>4)*Qn[i],r=t[i]>>8,t[i]&=255;for(i=0;i<32;i++)t[i]-=r*Qn[i];for(n=0;n<32;n++)t[n+1]+=t[n]>>8,e[n]=255&t[n]}function Ln(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Rn(e,r)}function Tn(e,t){var r=Wr(),n=Wr(),i=Wr(),s=Wr(),a=Wr(),o=Wr(),c=Wr();return un(e[2],en),dn(e[1],t),bn(i,e[1]),mn(s,i,rn),wn(i,i,e[2]),An(s,e[2],s),bn(a,s),bn(o,a),mn(c,o,a),mn(r,c,i),mn(r,r,s),function(e,t){var r,n=Wr();for(r=0;r<16;r++)n[r]=t[r];for(r=250;r>=0;r--)bn(n,n),1!==r&&mn(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}(r,r),mn(r,r,i),mn(r,r,s),mn(r,r,s),mn(e[0],r,s),bn(n,e[0]),mn(n,n,s),gn(n,i)&&mn(e[0],e[0],on),bn(n,e[0]),mn(n,n,s),gn(n,i)?-1:(pn(e[0])===t[31]>>7&&wn(e[0],Xr,e[0]),mn(e[3],e[0],e[1]),0)}var Mn=64;function Nn(){for(var e=0;e=0},Yr.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return xn(e,t),{publicKey:e,secretKey:t}},Yr.sign.keyPair.fromSecretKey=function(e){if(Nn(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=Fn[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function On(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function zn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function _n(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Gn(e){return new Uint8Array([192|e])}function jn(e,t){return F.concatUint8Array([Gn(e),zn(t)])}function qn(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function Vn(e,t){const r=Q(e);let n,i;try{const s=await r.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const a=await r.readByte();let o,h,u=-1,l=-1;l=0,64&a&&(l=1),l?u=63&a:(u=(63&a)>>2,h=3&a);const y=qn(u);let f,g=null;if(y){if("array"===F.isStream(e)){const e=new c;n=R(e),g=e}else{const e=new TransformStream;n=R(e.writable),g=e.readable}i=t({tag:u,packet:g})}else g=[];do{if(l){const e=await r.readByte();if(f=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),f=!0,!y)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(h){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){n&&await n.ready;const{done:t,value:i}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const s=o===1/0?i:i.subarray(0,o-e);if(n?await n.write(s):g.push(s),e+=i.length,e>=o){r.unshift(i.subarray(o-e+i.length));break}}}}while(f);const p=await r.peekBytes(y?1/0:2);return n?(await n.ready,await n.close()):(g=F.concatUint8Array(g),await t({tag:u,packet:g})),!p||!p.length}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i,r.releaseLock()}}class Jn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Jn),this.name="UnsupportedError"}}class Yn extends Jn{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Jn),this.name="UnknownPacketError"}}class Wn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function Zn(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(j(n.x)),seed:j(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=Kr(ei(e)),{publicKey:n}=Yr.sign.keyPair.fromSeed(r);return{A:n,seed:r}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function $n(e,t,r,n,i,s){if(Ee.getHashByteLength(t){if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:q(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},ni=(e,t,r)=>{if(e===T.publicKey.ed25519){const n=ri(e,t);return n.d=q(r),n}throw Error("Unsupported EdDSA algorithm")};var ii=/*#__PURE__*/Object.freeze({__proto__:null,generate:Zn,getPayloadSize:ei,getPreferredHashAlgo:ti,sign:$n,validateParams:async function(e,t,r){switch(e){case T.publicKey.ed25519:{const{publicKey:e}=Yr.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,e)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}},verify:Xn});const si=F.getWebCrypto();async function ai(e,t,r){const{keySize:n}=se(e);if(!F.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await si.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await si.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await si.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return vt(t).encrypt(r)}async function oi(e,t,r){const{keySize:n}=se(e);if(!F.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await si.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),vt(t).decrypt(r)}try{const e=await si.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await si.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}var ci=/*#__PURE__*/Object.freeze({__proto__:null,unwrap:oi,wrap:ai});const hi=F.getWebCrypto();async function ui(e,t,r,n,i){const s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const a=await hi.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await hi.deriveBits({name:"HKDF",hash:s,salt:r,info:n},a,8*i);return new Uint8Array(o)}const li={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function yi(e){switch(e){case T.publicKey.x25519:{const e=Kr(32),{publicKey:t}=Yr.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}function fi(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function gi(e,t){switch(e){case T.publicKey.x25519:{const r=Kr(fi(e)),n=Yr.scalarMult(r,t);di(n);const{publicKey:i}=Yr.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:i,sharedSecret:n}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),r=e.utils.randomPrivateKey(),n=e.getSharedSecret(r,t);di(n);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:n}}default:throw Error("Unsupported ECDH algorithm")}}async function pi(e,t,r,n){switch(e){case T.publicKey.x25519:{const e=Yr.scalarMult(n,t);return di(e),e}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(n,t);return di(e),e}default:throw Error("Unsupported ECDH algorithm")}}function di(e){let t=0;for(let r=0;r0===s[0]&&Li(a,r,s.subarray(1),i);if(n&&!F.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=Di(e.payloadSize,bi[e.name],s),o=await Ui.importKey("jwk",a,{name:"ECDSA",namedCurve:bi[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,n]).buffer;return Ui.verify({name:"ECDSA",namedCurve:bi[e.name],hash:{name:T.read(T.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:Ei[e.name],publicKey:o.from(s)}),h=xi.createVerify(T.read(T.hash,t));h.write(i),h.end();const u=F.concatUint8Array([r,n]);try{return h.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},u)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await Li(a,r,s,i)||o()}async function Li(e,t,r,n){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var Ti=/*#__PURE__*/Object.freeze({__proto__:null,sign:Qi,validateParams:async function(e,t,r){const n=new Bi(e);if(n.keyType!==T.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=Kr(8),i=T.hash.sha256,s=await Ee.digest(i,n);try{const a=await Qi(e,i,n,t,r,s);return await Ri(e,i,a,n,t,s)}catch(e){return!1}}default:return Ii(T.publicKey.ecdsa,e,t,r)}},verify:Ri});var Mi=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){if(Si(new Bi(e),n),Ee.getHashByteLength(t)0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(F.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Hi=/*#__PURE__*/Object.freeze({__proto__:null,decode:Fi,encode:Ni});const Oi=F.getWebCrypto(),zi=F.getNodeCrypto();function _i(e,t,r,n){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),F.stringToUint8Array("Anonymous Sender "),n])}async function Gi(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await Ee.digest(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function ji(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await gi(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=Di(e.payloadSize,e.web,t);let n=Oi.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),i=Oi.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[n,i]=await Promise.all([n,i]);let s=Oi.deriveBits({name:"ECDH",namedCurve:e.web,public:i},n.privateKey,e.sharedSize),a=Oi.exportKey("jwk",n.publicKey);[s,a]=await Promise.all([s,a]);const o=new Uint8Array(s),c=new Uint8Array(Ci(a,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return F.printDebugError(r),Ji(e,t)}break;case"node":return async function(e,t){const r=zi.createECDH(e.node);r.generateKeys();const n=new Uint8Array(r.computeSecret(t)),i=new Uint8Array(r.getPublicKey());return{publicKey:i,sharedKey:n}}(e,t);default:return Ji(e,t)}}async function qi(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await pi(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,n){const i=Pi(e.payloadSize,e.web,r,n);let s=Oi.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const a=Di(e.payloadSize,e.web,t);let o=Oi.importKey("jwk",a,{name:"ECDH",namedCurve:e.web},!0,[]);[s,o]=await Promise.all([s,o]);let c=Oi.deriveBits({name:"ECDH",namedCurve:e.web,public:o},s,e.sharedSize),h=Oi.exportKey("jwk",s);[c,h]=await Promise.all([c,h]);const u=new Uint8Array(c);return{secretKey:j(h.d),sharedKey:u}}(e,t,r,n)}catch(r){return F.printDebugError(r),Vi(e,t,n)}break;case"node":return async function(e,t,r){const n=zi.createECDH(e.node);n.setPrivateKey(r);const i=new Uint8Array(n.computeSecret(t));return{secretKey:new Uint8Array(n.getPrivateKey()),sharedKey:i}}(e,t,n);default:return Vi(e,t,n)}}async function Vi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Ji(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var Yi=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i,s,a){const o=new Bi(e);Si(o,i),Si(o,r);const{sharedKey:c}=await qi(o,r,i,s),h=_i(T.publicKey.ecdh,e,t,a),{keySize:u}=se(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await Gi(t.hash,c,u,h,1===e,2===e);return Fi(await oi(t.cipher,r,n))}catch(e){l=e}throw l},encrypt:async function(e,t,r,n,i){const s=Ni(r),a=new Bi(e);Si(a,n);const{publicKey:o,sharedKey:c}=await ji(a,n),h=_i(T.publicKey.ecdh,e,t,i),{keySize:u}=se(t.cipher),l=await Gi(t.hash,c,u,h);return{publicKey:o,wrappedKey:await ai(t.cipher,l,s)}},validateParams:async function(e,t,r){return Ii(T.publicKey.ecdh,e,t,r)}}),Wi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Bi,ecdh:Yi,ecdhX:Ai,ecdsa:Ti,eddsa:ii,eddsaLegacy:Mi,generate:async function(e){const t=new Bi(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:F.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}},getPreferredHashAlgo:function(e){return vi[e.getName()].hash}});const Zi=BigInt(0),$i=BigInt(1);var Xi=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,h,u;n=dr(n),i=dr(i),r=dr(r),s=dr(s),r=Ar(r,n),s=Ar(s,i);const l=Ar(dr(t.subarray(0,Br(i))),i);for(;;){if(o=Cr($i,i),c=Ar(wr(r,o,n),i),c===a)continue;const e=Ar(s*c,i);if(u=Ar(l+e,i),h=Ar(br(o,i)*u,i),h!==a)break}return{r:Ir(c,"be",Br(n)),s:Ir(h,"be",Br(n))}},validateParams:async function(e,t,r,n,i){if(e=dr(e),t=dr(t),r=dr(r),n=dr(n),r<=$i||r>=e)return!1;if(Ar(e-$i,t)!==Zi)return!1;if(wr(r,t,e)!==$i)return!1;const s=BigInt(vr(t));if(s=a||r<=Zi||r>=a)return F.printDebug("invalid DSA Signature"),!1;const c=Ar(dr(n.subarray(0,Br(a))),a),h=br(r,a);if(h===Zi)return F.printDebug("invalid DSA Signature"),!1;i=Ar(i,s),o=Ar(o,s);const u=Ar(c*h,a),l=Ar(t*h,a);return Ar(Ar(wr(i,u,s)*wr(o,l,s),s),a)===t}}),es={rsa:jr,elgamal:Vr,elliptic:Wi,dsa:Xi};var ts=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const n=2*es.elliptic.eddsa.getPayloadSize(e),i=F.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}default:throw new Jn("Unknown signature algorithm.")}},sign:async function(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:h,u}=n;return{s:await es.rsa.sign(t,i,e,a,o,c,h,u,s)}}case T.publicKey.dsa:{const{g:e,p:i,q:a}=r,{x:o}=n;return es.dsa.sign(t,s,e,i,a,o)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return es.elliptic.ecdsa.sign(e,t,i,a,o,s)}case T.publicKey.eddsaLegacy:{const{oid:e,Q:a}=r,{seed:o}=n;return es.elliptic.eddsaLegacy.sign(e,t,i,a,o,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:a}=r,{seed:o}=n;return es.elliptic.eddsa.sign(e,t,i,a,o,s)}default:throw Error("Unknown signature algorithm.")}},verify:async function(e,t,r,n,i,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=n,o=F.leftPad(r.s,e.length);return es.rsa.verify(t,i,o,e,a,s)}case T.publicKey.dsa:{const{g:e,p:i,q:a,y:o}=n,{r:c,s:h}=r;return es.dsa.verify(t,c,h,s,e,i,a,o)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=n,o=new es.elliptic.CurveWithOID(e).payloadSize,c=F.leftPad(r.r,o),h=F.leftPad(r.s,o);return es.elliptic.ecdsa.verify(e,t,{r:c,s:h},i,a,s)}case T.publicKey.eddsaLegacy:{const{oid:e,Q:a}=n,o=new es.elliptic.CurveWithOID(e).payloadSize,c=F.leftPad(r.r,o),h=F.leftPad(r.s,o);return es.elliptic.eddsaLegacy.verify(e,t,{r:c,s:h},i,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:a}=n;return es.elliptic.eddsa.verify(e,t,r,i,a,s)}default:throw Error("Unknown signature algorithm.")}}});class rs{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class ns{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Jn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class is{static fromObject({wrappedKey:e,algorithm:t}){const r=new is;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function ss(e){try{e.getName()}catch(e){throw new Jn("Unknown curve OID")}}function as(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new es.elliptic.CurveWithOID(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return es.elliptic.eddsa.getPayloadSize(e);case T.publicKey.x25519:case T.publicKey.x448:return es.elliptic.ecdhX.getPayloadSize(e);default:throw Error("Unknown elliptic algo")}}var os=/*#__PURE__*/Object.freeze({__proto__:null,generateParams:function(e,t,r){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return es.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return es.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Hn(e),Q:t}})));case T.publicKey.eddsaLegacy:return es.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Hn(e),Q:t}})));case T.publicKey.ecdh:return es.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new Hn(e),Q:t,kdfParams:new ns({hash:n,cipher:i})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return es.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return es.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},generateSessionKey:function(e){const{keySize:t}=se(e);return Kr(t)},getAEADMode:function(e){const t=T.read(T.aead,e);return fr[t]},getCipherParams:se,getCurvePayloadSize:as,getPreferredCurveHashAlgo:function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return es.elliptic.getPreferredHashAlgo(t);case T.publicKey.ed25519:case T.publicKey.ed448:return es.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}},getPrefixRandom:async function(e){const{blockSize:t}=se(e),r=await Kr(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,n])},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=new rs;return n.read(t.subarray(r)),{V:e,C:n}}case T.publicKey.x25519:case T.publicKey.x448:{const n=as(e),i=F.readExactSubarray(t,r,r+n);r+=i.length;const s=new is;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}default:throw new Jn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let n=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(n));n+=e.length+2;const r=F.readMPI(t.subarray(n));n+=r.length+2;const i=F.readMPI(t.subarray(n));n+=i.length+2;const s=F.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=as(e,r.oid);let s=F.readMPI(t.subarray(n));return n+=s.length+2,s=F.leftPad(s,i),{read:n,privateParams:{d:s}}}case T.publicKey.eddsaLegacy:{const i=as(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=F.readMPI(t.subarray(n));return n+=s.length+2,s=F.leftPad(s,i),{read:n,privateParams:{seed:s}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=as(e),i=F.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=as(e),i=F.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}default:throw new Jn("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=F.readMPI(t.subarray(r));r+=n.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const s=F.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const n=F.readMPI(t.subarray(r));r+=n.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case T.publicKey.ecdsa:{const e=new Hn;r+=e.read(t),ss(e);const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case T.publicKey.eddsaLegacy:{const e=new Hn;if(r+=e.read(t),ss(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(r));return r+=n.length+2,n=F.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case T.publicKey.ecdh:{const e=new Hn;r+=e.read(t),ss(e);const n=F.readMPI(t.subarray(r));r+=n.length+2;const i=new ns;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const n=F.readExactSubarray(t,r,r+as(e));return r+=n.length,{read:r,publicParams:{A:n}}}default:throw new Jn("Unknown public key encryption algorithm.")}},publicKeyDecrypt:async function(e,t,r,n,i,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:h,u}=r;return es.rsa.decrypt(e,i,a,o,c,h,u,s)}case T.publicKey.elgamal:{const{c1:e,c2:i}=n,a=t.p,o=r.x;return es.elgamal.decrypt(e,i,a,o,s)}case T.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:h}=n;return es.elliptic.ecdh.decrypt(e,a,c,h.data,s,o,i)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return es.elliptic.ecdhX.decrypt(e,a,o.wrappedKey,i,s)}default:throw Error("Unknown public key encryption algorithm.")}},publicKeyEncrypt:async function(e,t,r,n,i){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await es.rsa.encrypt(n,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return es.elgamal.encrypt(n,e,t,i)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:s}=r,{publicKey:a,wrappedKey:o}=await es.elliptic.ecdh.encrypt(e,s,n,t,i);return{V:a,C:new rs(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:s,wrappedKey:a}=await es.elliptic.ecdhX.encrypt(e,n,i);return{ephemeralPublicKey:s,C:is.fromObject({algorithm:t,wrappedKey:a})}}default:return[]}},serializeParams:function(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448]),n=Object.keys(t).map((n=>{const i=t[n];return F.isUint8Array(i)?r.has(e)?i:F.uint8ArrayToMPI(i):i.write()}));return F.concatUint8Array(n)},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return es.rsa.validateParams(e,n,i,s,a,o)}case T.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return es.dsa.validateParams(e,n,i,s,a)}case T.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return es.elgamal.validateParams(e,n,i,s)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const n=es.elliptic[T.read(T.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return es.elliptic.eddsaLegacy.validateParams(n,e,i)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return es.elliptic.eddsa.validateParams(e,n,i)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:n}=t,{k:i}=r;return es.elliptic.ecdhX.validateParams(e,n,i)}default:throw Error("Unknown public key algorithm.")}}});const cs={cipher:ae,hash:Ee,mode:fr,publicKey:es,signature:ts,random:Dr,pkcs1:Nr,pkcs5:Hi,aesKW:ci};Object.assign(cs,os);class hs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,hs),this.name="Argon2OutOfMemoryError"}}let us,ls;class ys{constructor(e=M){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=cs.random.getRandomBytes(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<1048576&&(ls=us(),ls.catch((()=>{}))),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new hs("Could not allocate required memory for Argon2"):e}}}class fs{constructor(e,t=M){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=cs.random.getRandomBytes(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new Jn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Jn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Jn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let n=0,i=0;for(;n>>1|(21845&xs)<<1;Qs=(61680&(Qs=(52428&Qs)>>>2|(13107&Qs)<<2))>>>4|(3855&Qs)<<4,Us[xs]=((65280&Qs)>>>8|(255&Qs)<<8)>>>1}var Rs=function(e,t,r){for(var n=e.length,i=0,s=new ms(t);i>>c]=h}else for(a=new ms(n),i=0;i>>15-e[i]);return a},Ls=new ws(288);for(xs=0;xs<144;++xs)Ls[xs]=8;for(xs=144;xs<256;++xs)Ls[xs]=9;for(xs=256;xs<280;++xs)Ls[xs]=7;for(xs=280;xs<288;++xs)Ls[xs]=8;var Ts=new ws(32);for(xs=0;xs<32;++xs)Ts[xs]=5;var Ms=/*#__PURE__*/Rs(Ls,9,0),Ns=/*#__PURE__*/Rs(Ls,9,1),Fs=/*#__PURE__*/Rs(Ts,5,0),Hs=/*#__PURE__*/Rs(Ts,5,1),Os=function(e){for(var t=e[0],r=1;rt&&(t=e[r]);return t},zs=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},_s=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Gs=function(e){return(e+7)/8|0},js=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var n=new(2==e.BYTES_PER_ELEMENT?ms:4==e.BYTES_PER_ELEMENT?bs:ws)(r-t);return n.set(e.subarray(t,r)),n},qs=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Vs=function(e,t,r){var n=Error(t||qs[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,Vs),!r)throw n;return n},Js=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8},Ys=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8,e[n+2]|=r>>>16},Ws=function(e,t){for(var r=[],n=0;ny&&(y=s[n].s);var f=new ms(y+1),g=Zs(r[u-1],f,0);if(g>t){n=0;var p=0,d=g-t,A=1<t))break;p+=A-(1<>>=d;p>0;){var m=s[n].s;f[m]=0&&p;--n){var b=s[n].s;f[b]==t&&(--f[b],++p)}g=t}return[new ws(f),g]},Zs=function(e,t,r){return-1==e.s?Math.max(Zs(e.l,t,r+1),Zs(e.r,t,r+1)):t[e.s]=r},$s=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new ms(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return[r.subarray(0,n),t]},Xs=function(e,t){for(var r=0,n=0;n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s4&&!S[vs[C-1]];--C);var D,P,U,x,Q=h+5<<3,R=Xs(i,Ls)+Xs(s,Ts)+a,L=Xs(i,y)+Xs(s,p)+a+14+3*C+Xs(v,S)+(2*v[16]+3*v[17]+7*v[18]);if(Q<=R&&Q<=L)return ea(t,u,e.subarray(c,c+h));if(Js(t,u,1+(L15&&(Js(t,u,F[B]>>>5&127),u+=F[B]>>>12)}}}else D=Ms,P=Ls,U=Fs,x=Ts;for(B=0;B255){H=n[B]>>>18&31;Ys(t,u,D[H+257]),u+=P[H+257],H>7&&(Js(t,u,n[B]>>>23&31),u+=ks[H]);var O=31&n[B];Ys(t,u,U[O]),u+=x[O],O>3&&(Ys(t,u,n[B]>>>5&8191),u+=Es[O])}else Ys(t,u,D[n[B]]),u+=P[n[B]];return Ys(t,u,D[256]),u+P[256]},ra=/*#__PURE__*/new bs([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),na=/*#__PURE__*/new ws(0),ia=function(e,t,r,n,i){return function(e,t,r,n,i,s){var a=e.length,o=new ws(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),h=0;if(!t||a<8)for(var u=0;u<=a;u+=65535){var l=u+65535;l>=a&&(c[h>>3]=s),h=ea(c,h+1,e.subarray(u,l))}else{for(var y=ra[t-1],f=y>>>13,g=8191&y,p=(1<7e3||S>24576)&&x>423){h=ta(e,c,0,k,E,v,I,S,C,u-C,h),S=B=I=0,C=u;for(var Q=0;Q<286;++Q)E[Q]=0;for(Q=0;Q<30;++Q)v[Q]=0}var R=2,L=0,T=g,M=P-U&32767;if(x>2&&D==b(u-M))for(var N=Math.min(f,x)-1,F=Math.min(32767,u),H=Math.min(258,x);M<=F&&--T&&P!=U;){if(e[u+R]==e[u+R-M]){for(var O=0;OR){if(R=O,L=M,O>N)break;var z=Math.min(M,O-2),_=0;for(Q=0;Q_&&(_=j,U=G)}}}M+=(P=U)-(U=d[P])+32768&32767}if(L){k[S++]=268435456|Ks[R]<<18|Ps[L];var q=31&Ks[R],V=31&Ps[L];I+=ks[q]+Es[V],++E[257+q],++v[V],K=u+R,++B}else k[S++]=e[u],++E[e[u]]}}h=ta(e,c,s,k,E,v,I,S,C,u-C,h),!s&&7&h&&(h=ea(c,h+1,na))}return js(o,0,n+Gs(h)+i)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,n,!i)},sa=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(ia(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||Vs(5),this.d&&Vs(4),this.d=t,this.p(e,t||!1)},e}(),aa=/*#__PURE__*/function(){function e(e){this.s={},this.p=new ws(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||Vs(5),this.d&&Vs(4);var t=this.p.length,r=new ws(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var n=e.length;if(!n||r&&r.f&&!r.l)return t||new ws(0);var i=!t||r,s=!r||r.i;r||(r={}),t||(t=new ws(3*n));var a=function(e){var r=t.length;if(e>r){var n=new ws(Math.max(2*r,e));n.set(t),t=n}},o=r.f||0,c=r.p||0,h=r.b||0,u=r.l,l=r.d,y=r.m,f=r.n,g=8*n;do{if(!u){o=zs(e,c,1);var p=zs(e,c+1,3);if(c+=3,!p){var d=e[(K=Gs(c)+4)-4]|e[K-3]<<8,A=K+d;if(A>n){s&&Vs(0);break}i&&a(h+d),t.set(e.subarray(K,A),h),r.b=h+=d,r.p=c=8*A,r.f=o;continue}if(1==p)u=Ns,l=Hs,y=9,f=5;else if(2==p){var w=zs(e,c,31)+257,m=zs(e,c+10,15)+4,b=w+zs(e,c+5,31)+1;c+=14;for(var k=new ws(b),E=new ws(19),v=0;v>>4)<16)k[v++]=K;else{var D=0,P=0;for(16==K?(P=3+zs(e,c,3),c+=2,D=k[v-1]):17==K?(P=3+zs(e,c,7),c+=3):18==K&&(P=11+zs(e,c,127),c+=7);P--;)k[v++]=D}}var U=k.subarray(0,w),x=k.subarray(w);y=Os(U),f=Os(x),u=Rs(U,y,1),l=Rs(x,f,1)}else Vs(1);if(c>g){s&&Vs(0);break}}i&&a(h+131072);for(var Q=(1<>>4;if((c+=15&D)>g){s&&Vs(0);break}if(D||Vs(2),T<256)t[h++]=T;else{if(256==T){L=c,u=null;break}var M=T-254;if(T>264){var N=ks[v=T-257];M=zs(e,c,(1<>>4;if(F||Vs(3),c+=15&F,x=Ds[H],H>3&&(N=Es[H],x+=_s(e,c)&(1<g){s&&Vs(0);break}i&&a(h+131072);for(var O=h+M;h>16),i=(65535&i)+15*(i>>16)}r=t,n=i},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(n%=65521))<<8|n>>>8}}),this.v=1,sa.call(this,e,t)}return e.prototype.push=function(e,t){sa.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=ia(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=n<<6|(n?32-2*n:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),ca=/*#__PURE__*/function(){function e(e){this.v=1,aa.call(this,e)}return e.prototype.push=function(e,t){if(aa.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&Vs(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),aa.prototype.c.call(this,t)},e}(),ha="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{ha.decode(na,{stream:!0}),1}catch(e){}class ua{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?K(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await I(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let n=e.remainder();h(n)&&(n=await P(n)),this.setBytes(n,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=F.writeDate(this.date);return F.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class la{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new la;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new la;return e.read(new Uint8Array(8)),e}}const ya=Symbol("verified"),fa="salt@notations.openpgpjs.org",ga=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class pa{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new la,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ya]=null}read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Jn("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Jn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=cs.signature.parseSignatureParams(this.publicKeyAlgorithm,n);if(ics.serializeParams(this.publicKeyAlgorithm,await this.params))):cs.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=Aa(this.hashAlgorithm);if(null===this.salt)this.salt=cs.random.getRandomBytes(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===fa)).length)throw Error("Unexpected existing salt notation");{const e=cs.random.getRandomBytes(Aa(this.hashAlgorithm));this.rawNotations.push({name:fa,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=D(S(o),0,2);const c=async()=>cs.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[ya]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(da(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(da(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(da(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(da(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(da(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(da(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(da(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(da(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(da(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(da(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=F.encodeUTF8(n);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(i.length,2)),r.push(o),r.push(i),r=F.concat(r),t.push(da(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(da(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(da(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(da(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(da(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(da(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(da(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(da(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(da(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(da(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(da(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(da(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(da(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(da(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(da(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(da(e.preferredCipherSuites,!1,r)));const n=F.concat(t),i=F.writeNumber(n.length,6===this.version?4:2);return F.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>da(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),ga.has(i)))switch(i){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.readNumber(e.subarray(r,r+2));r+=2;const a=F.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=cs.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new pa,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(F.writeNumber(r,4)),F.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==Aa(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),cs.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=M){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===T.signature.binary||t===T.signature.text;if(!(this[ya]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await P(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[ya]=await cs.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,n,s),!this[ya])throw Error("Signature verification failed")}const o=F.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&tpa.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ma(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new Yn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}wa.prototype.hash=pa.prototype.hash,wa.prototype.toHash=pa.prototype.toHash,wa.prototype.toSign=pa.prototype.toSign;class ba extends Array{static async fromBinary(e,t,r=M){const n=new ba;return await n.read(e,t,r),n}async read(e,t,r=M){r.additionalAllowedPackets.length&&(t={...t,...F.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=B(e,(async(e,n)=>{const i=R(n);try{for(;;){await i.ready;if(await Vn(e,(async e=>{try{if(e.tag===T.packet.marker||e.tag===T.packet.trust||e.tag===T.packet.padding)return;const n=ma(e.tag,t);n.packets=new ba,n.fromStream=F.isStream(e.packet),await n.read(e.packet,r),await i.write(n)}catch(t){if(t instanceof Yn){if(!(e.tag<=39))return;await i.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof Jn,s=!(r.ignoreMalformedPackets||t instanceof Jn);if(n||s||qn(e.tag))await i.abort(t);else{const t=new Wn(e.tag,e.packet);await i.write(t)}F.printDebugError(t)}})))return await i.ready,void await i.close()}}catch(e){await i.abort(e)}}));const n=Q(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||qn(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=F.concat([_n(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>F.concat([zn(i)].concat(t)))))}else{if(F.isStream(n)){let t=0;e.push(v(S(n),(e=>{t+=e.length}),(()=>jn(r,t))))}else e.push(jn(r,n.length));e.push(n)}}return F.concat(e)}filterByTag(...e){const t=new ba,r=e=>t=>e===t;for(let n=0;nt.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=M){const t=T.read(T.compression,this.algorithm),r=Ka[t];if(!r)throw Error(t+" decompression not supported");this.packets=await ba.fromBinary(await r(this.compressed),ka,e)}compress(){const e=T.read(T.compression,this.algorithm),t=Sa[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function va(e,t){return r=>{if(!F.isStream(r)||h(r))return x((()=>P(r).then((e=>new Promise(((r,n)=>{const i=new t;i.ondata=e=>{r(e)};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function Ba(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return rf}));return x((async()=>t(await P(e))))}}const Ia=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Sa={zip:/*#__PURE__*/va(Ia("deflate-raw").compressor,sa),zlib:/*#__PURE__*/va(Ia("deflate").compressor,oa)},Ka={uncompressed:e=>e,zip:/*#__PURE__*/va(Ia("deflate-raw").decompressor,aa),zlib:/*#__PURE__*/va(Ia("deflate").decompressor,ca),bzip2:/*#__PURE__*/Ba()},Ca=/*#__PURE__*/F.constructAllowedPackets([ua,Ea,wa,pa]);class Da{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Da;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await I(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Jn(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=M){const{blockSize:n,keySize:i}=cs.getCipherParams(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(h(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=cs.random.getRandomBytes(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Pa(this,"encrypt",t,s);else{const i=await cs.getPrefixRandom(e),a=new Uint8Array([211,20]),o=F.concat([i,s,a]),c=await cs.hash.sha1(K(o)),h=F.concat([o,c]);this.encrypted=await cs.mode.cfb.encrypt(e,t,h,new Uint8Array(n),r)}return!0}async decrypt(e,t,r=M){if(t.length!==cs.getCipherParams(e).keySize)throw Error("Unexpected session key size");let n,i=S(this.encrypted);if(h(i)&&(i=await P(i)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Pa(this,"decrypt",t,i)}else{const{blockSize:s}=cs.getCipherParams(e),a=await cs.mode.cfb.decrypt(e,t,i,new Uint8Array(s)),o=D(K(a),-20),c=D(a,0,-20),h=Promise.all([P(await cs.hash.sha1(K(c))),P(o)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=D(c,s+2);n=D(u,0,-2),n=m([n,x((()=>h))]),F.isStream(i)&&r.allowUnauthenticatedStream||(n=await P(n))}return this.packets=await ba.fromBinary(n,Ca,r),!0}}async function Pa(e,t,r,n){const i=e instanceof Da&&2===e.version,s=!i&&e.constructor.tag===T.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=cs.getAEADMode(e.aeadAlgorithm),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,h=2**(e.chunkSizeByte+6)+o,u=s?8:0,l=new ArrayBuffer(13+u),y=new Uint8Array(l,0,5+u),f=new Uint8Array(l),g=new DataView(l),p=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let d,A,w=0,m=Promise.resolve(),k=0,E=0;if(i){const{keySize:t}=cs.getCipherParams(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await ui(T.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),d=s.subarray(t),d.fill(0,d.length-8),A=new DataView(d.buffer,d.byteOffset,d.byteLength)}else d=e.iv;const v=await a(e.cipherAlgorithm,r);return B(n,(async(r,n)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});b(t.readable,n),n=t.writable}const s=Q(r),a=R(n);try{for(;;){let e=await s.readBytes(h+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,b;if(e=e.subarray(0,e.length-o),i)b=d;else{b=d.slice();for(let e=0;e<8;e++)b[d.length-8+e]^=p[e]}if(!w||e.length?(s.unshift(r),n=v[t](e,b,y),n.catch((()=>{})),E+=e.length-o+c):(g.setInt32(5+u+4,k),n=v[t](r,b,f),n.catch((()=>{})),E+=c,l=!0),k+=e.length-o,m=m.then((()=>n)).then((async e=>{await a.ready,await a.write(e),E-=e.length})).catch((e=>a.abort(e))),(l||E>a.desiredSize)&&await m,l){await a.close();break}i?A.setInt32(d.length-4,++w):g.setInt32(9,++w)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const Ua=/*#__PURE__*/F.constructAllowedPackets([ua,Ea,wa,pa]);class xa{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await I(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Jn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=cs.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=M){this.packets=await ba.fromBinary(await Pa(this,"decrypt",t,S(this.encrypted)),Ua,r)}async encrypt(e,t,r=M){this.cipherAlgorithm=e;const{ivLength:n}=cs.getAEADMode(this.aeadAlgorithm);this.iv=cs.random.getRandomBytes(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Pa(this,"encrypt",t,i)}}class Qa{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new la,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Qa;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?la.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Jn(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=la.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=cs.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t)),this.publicKeyAlgorithm===T.publicKey.x25519||this.publicKeyAlgorithm===T.publicKey.x448)if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),cs.serializeParams(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=Ra(this.version,t,r,this.sessionKey);this.encrypted=await cs.publicKeyEncrypt(t,r,e.publicParams,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ra(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await cs.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=F.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=this.publicKeyAlgorithm!==T.publicKey.x25519&&this.publicKeyAlgorithm!==T.publicKey.x448;if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==cs.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ra(e,t,r,n){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,F.writeChecksum(n.subarray(n.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:return n;default:throw Error("Unsupported public key algorithm")}}class La{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=M){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Jn(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=ps(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=cs.getAEADMode(this.aeadAlgorithm);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t=5){const e=cs.getAEADMode(this.aeadAlgorithm),r=new Uint8Array([192|La.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await ui(T.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await cs.mode.cfb.decrypt(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==cs.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=M){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=ds(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=cs.getCipherParams(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=cs.generateSessionKey(this.sessionKeyAlgorithm)),this.version>=5){const e=cs.getAEADMode(this.aeadAlgorithm);this.iv=cs.random.getRandomBytes(e.ivLength);const t=new Uint8Array([192|La.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await ui(T.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await cs.mode.cfb.encrypt(r,s,e,new Uint8Array(n),t)}}}class Ta{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=M){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ta,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Jn("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=cs.parsePublicKeyParams(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===T.curve.curve25519Legacy||n.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Jn(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=cs.serializeParams(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new la,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await cs.hash.sha256(e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await cs.hash.sha1(e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid&&(e.curve=this.publicParams.oid.getName()),e}}Ta.prototype.readPublicKey=Ta.prototype.read,Ta.prototype.writePublicKey=Ta.prototype.write;const Ma=/*#__PURE__*/F.constructAllowedPackets([ua,Ea,wa,pa]);class Na{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=M){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=cs.getCipherParams(e),i=await P(S(this.encrypted)),s=await cs.mode.cfb.decrypt(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await ba.fromBinary(s,Ma,r)}async encrypt(e,t,r=M){const n=this.packets.write(),{blockSize:i}=cs.getCipherParams(e),s=await cs.getPrefixRandom(e),a=await cs.mode.cfb.encrypt(e,t,s,new Uint8Array(i),r),o=await cs.mode.cfb.encrypt(e,t,n,a.subarray(2),r);this.encrypted=F.concat([a,o])}}class Fa{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Ha extends Ta{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Ha,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Oa{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function _a(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=cs.getCipherParams(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const h=F.concatUint8Array([s,new Uint8Array([e,n,i])]);return ui(T.hash.sha256,c,new Uint8Array,h,o)}class Ga{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Ga;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=M){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=/^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/.exec(r);if(null!==n){const{name:e,comment:t,email:r}=n.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class ja extends za{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=M){super(e,t)}}class qa{static get tag(){return T.packet.trust}read(){throw new Jn("Trust packets are not supported")}write(){throw new Jn("Trust packets are not supported")}}class Va{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await cs.random.getRandomBytes(e)}}const Ja=/*#__PURE__*/F.constructAllowedPackets([pa]);class Ya{constructor(e){this.packets=e||new ba}write(){return this.packets.write()}armor(e=M){const t=this.packets.some((e=>e.constructor.tag===pa.tag&&6!==e.version));return te(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Wa({armoredSignature:e,binarySignature:t,config:r,...n}){r={...M,...r};let i=e||t;if(!i)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await ee(i);if(e!==T.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await ba.fromBinary(i,Ja,r);return new Ya(a)}async function Za(e,t){const r=new ja(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function $a(e,t){const r=new za(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Xa(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function eo(e,t,r=new Date){const n=F.normalizeDate(r);if(null!==n){const r=so(e,t);return!(e.created<=n&&n0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await ro(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function ro(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const h=new pa;return Object.assign(h,n),h.publicKeyAlgorithm=r.algorithm,h.hashAlgorithm=await async function(e,t,r=new Date,n=[],i){const s=T.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const h=t=>0===e.length||c.get(t)===e.length||t===s,u=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>h(e))).sort(((e,t)=>cs.hash.getHashByteLength(e)-cs.hash.getHashByteLength(t)))[0];return cs.hash.getHashByteLength(e)>=cs.hash.getHashByteLength(s)?e:s};if(new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]).has(t.algorithm)){const e=cs.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid),r=h(a),n=cs.hash.getHashByteLength(a)>=cs.hash.getHashByteLength(e);if(r&&n)return a;{const t=u();return cs.hash.getHashByteLength(t)>=cs.hash.getHashByteLength(e)?t:e}}return h(a)?a:u()}(t,r,i,s,c),h.rawNotations=[...a],await h.sign(r,e,i,o,c),h}async function no(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function io(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function so(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function ao(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function oo(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function co(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function ho(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage));default:return!1}}function uo(e,t){const r=T.write(T.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(n.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,T.signature.certGeneric,a,r,void 0,n)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,T.signature.certGeneric,i,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await no(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,T.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await no(e,this,"otherCertifications",t),await no(e,this,"revocationSignatures",t,(function(e){return io(n,T.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=M){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new lo(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await ro(s,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class yo{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new ba;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new yo(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=M){const i=this.mainKey.keyPacket;return io(i,T.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=M){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await Xa(this.bindingSignatures,r,T.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(eo(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=M){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await Xa(this.bindingSignatures,r,T.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=so(this.keyPacket,i),a=i.getExpirationTime();return si.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,T.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await no(e,this,"revocationSignatures",t,(function(e){return io(n,T.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=M){const s={key:e,bind:this.keyPacket},a=new yo(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await ro(s,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{yo.prototype[e]=function(){return this.keyPacket[e]()}}));const fo=/*#__PURE__*/F.constructAllowedPackets([pa]),go=new Set([T.packet.publicKey,T.packet.privateKey]),po=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class Ao{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof Wn){po.has(a.tag)&&!s&&(s=go.has(a.tag)?go:po);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new lo(a,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,i=new yo(a,this),this.subkeys.push(i);break;case T.packet.signature:switch(a.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case T.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case T.signature.key:this.directSignatures.push(a);break;case T.signature.subkeyBinding:if(!i){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case T.signature.keyRevocation:this.revocationSignatures.push(a);break;case T.signature.subkeyRevocation:if(!i){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new ba;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=M){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{uo(i,n)}catch(e){throw F.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Xa(r.bindingSignatures,i,T.signature.subkeyBinding,e,t,n);if(!oo(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await Xa([s.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,n),uo(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&oo(i,s,n))return uo(i,n),this}catch(e){a=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=M){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{uo(i,n)}catch(e){throw F.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Xa(r.bindingSignatures,i,T.signature.subkeyBinding,e,t,n);if(co(r.keyPacket,s,n))return uo(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&co(i,s,n))return uo(i,n),this}catch(e){a=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=M){return io(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=M){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(eo(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await Xa(this.directSignatures,n,T.signature.key,{key:n},e,r).catch((()=>{}));if(t&&eo(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=M){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=so(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await Xa(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=so(this.keyPacket,a);r=Math.min(i,s,e)}else r=ie.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await no(e,n,"revocationSignatures",t,(i=>io(n.keyPacket,T.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await no(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=M){const r={key:this.keyPacket},n=await Xa(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),i=new ba;i.push(n);const s=6!==this.keyPacket.version;return te(T.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=M){const n=await ee(e),i=(await ba.fromBinary(n.data,fo,r)).findPacket(T.packet.signature);if(!i||i.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=M){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=M){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=M){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=M){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{Ao.prototype[e]=yo.prototype[e]}));class wo extends Ao{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=M){const t=6!==this.keyPacket.version;return te(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class mo extends wo{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new ba,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case T.packet.secretKey:{const t=Ta.fromSecretKeyPacket(r);e.push(t);break}case T.packet.secretSubkey:{const t=Ha.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new wo(e)}armor(e=M){const t=6!==this.keyPacket.version;return te(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=M){const i=this.keyPacket,s=[];let a=null;for(let r=0;re.isDecrypted()))}async validate(e=M){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=M){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await ro(i,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...M,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}function a(){const e={};e.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const t=s([T.symmetric.aes256,T.symmetric.aes128],n.preferredSymmetricAlgorithm);if(e.preferredSymmetricAlgorithms=t,n.aeadProtect){const r=s([T.aead.gcm,T.aead.eax,T.aead.ocb],n.preferredAEADAlgorithm);e.preferredCipherSuites=r.flatMap((e=>t.map((t=>[t,e]))))}return e.preferredHashAlgorithms=s([T.hash.sha256,T.hash.sha512,T.hash.sha3_256,T.hash.sha3_512],n.preferredHashAlgorithm),e.preferredCompressionAlgorithms=s([T.compression.uncompressed,T.compression.zlib,T.compression.zip],n.preferredCompressionAlgorithm),e.features=[0],e.features[0]|=T.features.modificationDetection,n.aeadProtect&&(e.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(e.keyExpirationTime=r.keyExpirationTime,e.keyNeverExpires=!1),e}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=T.signature.key;const o=await ro(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=Ga.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=T.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await ro(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await to(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await ro(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new mo(i)}async function vo({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...M,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await ee(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await ba.fromBinary(s,bo,r),o=a.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return ko(a.slice(o[0],o[1]))}async function Bo({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...M,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await ee(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await ba.fromBinary(s,bo,r),o=a.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await ee(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await ba.fromBinary(i,bo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=M){const s=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let h=null;const u=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!a.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||T.write(T.symmetric,e);await a.decrypt(r,t,i)}catch(e){F.printDebugError(e),h=e}})));if(U(a.encrypted),a.encrypted=null,await u,!a.packets||!a.packets.length)throw h||Error("Decryption failed.");const l=new Po(a.packets);return a.packets=new ba,l}async decryptSessionKeys(e,t,r,n=new Date,i=M){let s,a=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await ba.fromBinary(e.write(),Co,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){F.printDebugError(e),e instanceof hs&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Qa;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:cs.generateSessionKey(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){F.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(T.write(T.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){F.printDebugError(e),s=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=M){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=M){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?i.every((e=>e.features&&e.features[0]&T.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=T.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=T.read(T.symmetric,i),o=s?T.read(T.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:cs.generateSessionKey(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=M){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Po.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Po.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:h,aeadAlgorithm:u}=r,l=await Po.encryptSessionKey(c,h,u,e,t,n,i,s,a,o),y=Da.fromObject({version:u?2:1,aeadAlgorithm:u?T.write(T.aead,u):null});y.packets=this.packets;const f=T.write(T.symmetric,h);return await y.encrypt(f,c,o),l.packets.push(y),y.packets=new ba,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],h=M){const u=new ba,l=T.write(T.symmetric,t),y=r&&T.write(T.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,h),i=Qa.fromObject({version:y?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));u.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new La(h);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,h),h.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,y,t))));u.push(...s)}return new Po(u)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=M){const h=new ba,u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");const l=await Uo(u,e,t,r,n,i,s,a,o,!1,c),y=l.map(((e,t)=>wa.fromSignaturePacket(e,0===t))).reverse();return h.push(...y),h.push(u),h.push(...l),new Po(h)}compress(e,t=M){if(e===T.compression.uncompressed)return this;const r=new Ea(t);r.algorithm=e,r.packets=this.packets;const n=new ba;return n.push(r),new Po(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=M){const h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");return new Ya(await Uo(h,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=M){const n=this.unwrapCompressed(),i=n.packets.filterByTag(T.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");h(n.packets.stream)&&n.packets.push(...await P(n.packets.stream,(e=>e||[])));const s=n.packets.filterByTag(T.packet.onePassSignature).reverse(),a=n.packets.filterByTag(T.packet.signature);return s.length&&!a.length&&F.isStream(n.packets.stream)&&!h(n.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=x((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),n.packets.stream=B(n.packets.stream,(async(e,t)=>{const r=Q(e),n=R(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await n.abort(e)}})),xo(s,i,e,t,!1,r)):xo(a,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=M){const i=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return xo(e.packets.filterByTag(T.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Po(e[0].packets):this}async appendSignature(e,t=M){await this.packets.read(F.isUint8Array(e)?e:(await ee(e)).data,Do,t)}write(){return this.packets.write()}armor(e=M){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Da.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===pa.tag&&6!==e.version));return te(T.armor.message,this.write(),null,null,null,r,e)}}async function Uo(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],h=!1,u=M){const l=new ba,y=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const f=await t.getSigningKey(i[n],s,l,u);return ro(e,r.length?r:[t],f.keyPacket,{signatureType:y},s,o,c,h,u)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(T.packet.signature);l.push(...e)}return l}async function xo(e,t,r,n=new Date,i=!1,s=M){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=M){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof wa?e.correspondingSig:e,h={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new ba;return e&&t.push(e),new Ya(t)})()};return h.signature.catch((()=>{})),h.verified.catch((()=>{})),h}(e,t,r,n,i,s)})))}async function Qo({armoredMessage:e,binaryMessage:t,config:r,...n}){r={...M,...r};let i=e||t;if(!i)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));const a=F.isStream(i);if(e){const{type:e,data:t}=await ee(i);if(e!==T.armor.message)throw Error("Armored text not of type message");i=t}const o=await ba.fromBinary(i,Ko,r),c=new Po(o);return c.fromStream=a,c}async function Ro({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(a),h=new ua(n);void 0!==e?h.setText(a,T.write(T.literal,i)):h.setBytes(a,T.write(T.literal,i)),void 0!==r&&h.setFilename(r);const u=new ba;u.push(h);const l=new Po(u);return l.fromStream=c,l}const Lo=/*#__PURE__*/F.constructAllowedPackets([pa]);class To{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Ya))throw Error("Invalid signature input");this.signature=t||new Ya(new ba)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=M){const h=new ua;h.setText(this.text);const u=new Ya(await Uo(h,e,t,r,n,i,s,a,o,!0,c));return new To(this.text,u)}verify(e,t=new Date,r=M){const n=this.signature.packets.filterByTag(T.packet.signature),i=new ua;return i.setText(this.text),xo(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=M){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return te(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function Mo({cleartextMessage:e,config:t,...r}){if(t={...M,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await ee(e);if(i.type!==T.armor.signed)throw Error("No cleartext signed message.");const s=await ba.fromBinary(i.data,Lo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new Ya(s);return new To(i.text,a)}async function No({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new To(e)}async function Fo({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,keyExpirationTime:s=0,date:a=new Date,subkeys:o=[{}],format:c="armored",config:h,...u}){tc(h={...M,...h}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=h.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=rc(e);const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(0===e.length&&!h.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&iao(e.subkeys[r],e)));let r=[$a(e,t)];r=r.concat(e.subkeys.map((e=>Za(e,t))));const n=await Promise.all(r),i=await Eo(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(y,h);return e.getKeys().forEach((({keyPacket:e})=>uo(e,h))),{privateKey:sc(e,c,h),publicKey:sc(e.toPublic(),c,h),revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function Ho({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){tc(a={...M,...a}),t=rc(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const h={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await Xa(e.bindingSignatures,n,T.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&T.keyFlags.signData}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await Eo(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(h,a);return{privateKey:sc(e,s,a),publicKey:sc(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Oo({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){tc(s={...M,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:sc(a,i,s),publicKey:sc(a.toPublic(),i,s)}:{privateKey:null,publicKey:sc(a,i,s)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function zo({privateKey:e,passphrase:t,config:r,...n}){tc(r={...M,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=F.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>F.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function _o({privateKey:e,passphrase:t,config:r,...n}){tc(r={...M,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=F.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function Go({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:h=[],date:u=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:f=[],config:g,...p}){if(tc(g={...M,...g}),Zo(e),Xo(s),t=rc(t),r=rc(r),n=rc(n),c=rc(c),h=rc(h),l=rc(l),y=rc(y),f=rc(f),p.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(p.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(p.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==p.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const d=Object.keys(p);if(d.length>0)throw Error("Unknown option: "+d.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,u,l,h,f,g)),e=e.compress(await async function(e=[],t=new Date,r=[],n=M){const i=T.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,u,y,g),g),e=await e.encrypt(t,n,i,o,h,u,y,g),"object"===s)return e;const p="armored"===s?e.armor(g):e.write();return await nc(p)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function jo({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:h,...u}){if(tc(h={...M,...h}),Zo(e),i=rc(i),t=rc(t),r=rc(r),n=rc(n),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(u.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const u=await e.decrypt(t,r,n,c,h);i||(i=[]);const l={};if(l.signatures=o?await u.verifyDetached(o,i,c,h):await u.verify(i,c,h),l.data="binary"===a?u.getLiteralData():u.getText(),l.filename=u.getFilename(),ic(l,e),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=m([l.data,x((async()=>{await F.anyPromise(l.signatures.map((e=>e.verified)))}))])}return l.data=await nc(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function qo({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:h=[],config:u,...l}){if(tc(u={...M,...u}),$o(e),Xo(n),t=rc(t),s=rc(s),o=rc(o),r=rc(r),c=rc(c),h=rc(h),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof To&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof To&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,h,u):await e.sign(t,r,void 0,s,a,o,c,h,u),"object"===n)return l;return l="armored"===n?l.armor(u):l.write(),i&&(l=B(e.packets.write(),(async(e,t)=>{await Promise.all([b(l,t),P(e).catch((()=>{}))])}))),await nc(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function Vo({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if(tc(a={...M,...a}),$o(e),t=rc(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof To&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof To&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&ic(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=m([o.data,x((async()=>{await F.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await nc(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function Jo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(tc(n={...M,...n}),e=rc(e),r=rc(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Po.generateSessionKey(e,t,r,n)}catch(e){throw F.wrapError("Error generating session key",e)}}async function Yo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:h=[],config:u,...l}){if(tc(u={...M,...u}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Xo(s),n=rc(n),i=rc(i),o=rc(o),h=rc(h),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return sc(await Po.encryptSessionKey(e,t,r,n,i,a,o,c,h,u),s,u)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function Wo({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if(tc(i={...M,...i}),Zo(e),t=rc(t),r=rc(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function Zo(e){if(!(e instanceof Po))throw Error("Parameter [message] needs to be of type Message")}function $o(e){if(!(e instanceof To||e instanceof Po))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Xo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const ec=Object.keys(M).length;function tc(e){const t=Object.keys(e);if(t.length!==ec)for(const e of t)if(void 0===M[e])throw Error("Unknown config property: "+e)}function rc(e){return e&&!F.isArray(e)&&(e=[e]),e}async function nc(e){return"array"===F.isStream(e)?P(e):e}function ic(e,t){e.data=B(t.packets.stream,(async(t,r)=>{await b(e.data,r,{preventClose:!0});const n=R(r);try{await P(t,(e=>e)),await n.close()}catch(e){await n.abort(e)}}))}function sc(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}function ac(e){if(!Number.isSafeInteger(e)||e<0)throw Error("positive integer expected, not "+e)}function oc(e,...t){if(!((r=e)instanceof Uint8Array||null!=r&&"object"==typeof r&&"Uint8Array"===r.constructor.name))throw Error("Uint8Array expected");var r;if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function cc(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function hc(e,t){oc(e);const r=t.outputLen;if(e.lengthnew DataView(e.buffer,e.byteOffset,e.byteLength),yc=(e,t)=>e<<32-t|e>>>t,fc=(e,t)=>e<>>32-t>>>0,gc=68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]; +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function pc(e){for(let r=0;r>>8&65280|t>>>24&255;var t}function dc(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}function Ac(e){return"string"==typeof e&&(e=dc(e)),oc(e),e}function wc(...e){let t=0;for(let r=0;re().update(Ac(t)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function kc(e=32){if(uc&&"function"==typeof uc.getRandomValues)return uc.getRandomValues(new Uint8Array(e));if(uc&&"function"==typeof uc.randomBytes)return uc.randomBytes(e);throw Error("crypto.getRandomValues must be defined")}const Ec=(e,t,r)=>e&t^~e&r,vc=(e,t,r)=>e&t^e&r^t&r;class Bc extends mc{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=lc(this.buffer)}update(e){cc(this);const{view:t,buffer:r,blockLen:n}=this,i=(e=Ac(e)).length;for(let s=0;sn-s&&(this.process(r,0),s=0);for(let e=s;e>i&s),o=Number(r&s),c=n?4:0,h=n?0:4;e.setUint32(t+c,a,n),e.setUint32(t+h,o,n)}(r,n-8,BigInt(8*this.length),i),this.process(r,0);const a=lc(e),o=this.outputLen;if(o%4)throw Error("_sha2: outputLen should be aligned to 32bit");const c=o/4,h=this.get();if(c>h.length)throw Error("_sha2: outputLen bigger than state");for(let e=0;e>>3,i=yc(r,17)^yc(r,19)^r>>>10;Kc[e]=i+Kc[e-7]+n+Kc[e-16]|0}let{A:r,B:n,C:i,D:s,E:a,F:o,G:c,H:h}=this;for(let e=0;e<64;e++){const t=h+(yc(a,6)^yc(a,11)^yc(a,25))+Ec(a,o,c)+Ic[e]+Kc[e]|0,u=(yc(r,2)^yc(r,13)^yc(r,22))+vc(r,n,i)|0;h=c,c=o,o=a,a=s+t|0,s=i,i=n,n=r,r=t+u|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,s=s+this.D|0,a=a+this.E|0,o=o+this.F|0,c=c+this.G|0,h=h+this.H|0,this.set(r,n,i,s,a,o,c,h)}roundClean(){Kc.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}}class Dc extends Cc{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}const Pc=/* @__PURE__ */bc((()=>new Cc)),Uc=/* @__PURE__ */bc((()=>new Dc));class xc extends mc{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,function(e){if("function"!=typeof e||"function"!=typeof e.create)throw Error("Hash should be wrapped by utils.wrapConstructor");ac(e.outputLen),ac(e.blockLen)}(e);const r=Ac(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const n=this.blockLen,i=new Uint8Array(n);i.set(r.length>n?e.create().update(r).digest():r);for(let e=0;enew xc(e,t).update(r).digest();Qc.create=(e,t)=>new xc(e,t) +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const Rc=/* @__PURE__ */BigInt(0),Lc=/* @__PURE__ */BigInt(1),Tc=/* @__PURE__ */BigInt(2);function Mc(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Nc(e){if(!Mc(e))throw Error("Uint8Array expected")}function Fc(e,t){if("boolean"!=typeof t)throw Error(`${e} must be valid boolean, got "${t}".`)}const Hc=/* @__PURE__ */Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function Oc(e){Nc(e);let t="";for(let r=0;r=Gc._0&&e<=Gc._9?e-Gc._0:e>=Gc._A&&e<=Gc._F?e-(Gc._A-10):e>=Gc._a&&e<=Gc._f?e-(Gc._a-10):void 0}function qc(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);const t=e.length,r=t/2;if(t%2)throw Error("padded hex string expected, got unpadded hex of length "+t);const n=new Uint8Array(r);for(let t=0,i=0;t"bigint"==typeof e&&Rc<=e;function eh(e,t,r){return Xc(e)&&Xc(t)&&Xc(r)&&t<=e&&eRc;e>>=Lc,t+=1);return t}const nh=e=>(Tc<new Uint8Array(e),sh=e=>Uint8Array.from(e);function ah(e,t,r){if("number"!=typeof e||e<2)throw Error("hashLen must be a number");if("number"!=typeof t||t<2)throw Error("qByteLen must be a number");if("function"!=typeof r)throw Error("hmacFn must be a function");let n=ih(e),i=ih(e),s=0;const a=()=>{n.fill(1),i.fill(0),s=0},o=(...e)=>r(i,n,...e),c=(e=ih())=>{i=o(sh([0]),e),n=o(),0!==e.length&&(i=o(sh([1]),e),n=o())},h=()=>{if(s++>=1e3)throw Error("drbg: tried 1000 values");let e=0;const r=[];for(;e{let r;for(a(),c(e);!(r=t(h()));)c();return a(),r}}const oh={bigint:e=>"bigint"==typeof e,function:e=>"function"==typeof e,boolean:e=>"boolean"==typeof e,string:e=>"string"==typeof e,stringOrUint8Array:e=>"string"==typeof e||Mc(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>"function"==typeof e&&Number.isSafeInteger(e.outputLen)};function ch(e,t,r={}){const n=(t,r,n)=>{const i=oh[r];if("function"!=typeof i)throw Error(`Invalid validator "${r}", expected function`);const s=e[t];if(!(n&&void 0===s||i(s,e)))throw Error(`Invalid param ${t+""}=${s} (${typeof s}), expected ${r}`)};for(const[e,r]of Object.entries(t))n(e,r,!1);for(const[e,t]of Object.entries(r))n(e,t,!0);return e}function hh(e){const t=new WeakMap;return(r,...n)=>{const i=t.get(r);if(void 0!==i)return i;const s=e(r,...n);return t.set(r,s),s}}var uh=/*#__PURE__*/Object.freeze({__proto__:null,aInRange:th,abool:Fc,abytes:Nc,bitGet:function(e,t){return e>>BigInt(t)&Lc},bitLen:rh,bitMask:nh,bitSet:function(e,t,r){return e|(r?Lc:Rc)<{throw Error("not implemented")},numberToBytesBE:Yc,numberToBytesLE:Wc,numberToHexUnpadded:zc,numberToVarBytesBE:function(e){return qc(zc(e))},utf8ToBytes:function(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))},validateObject:ch}); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const lh=BigInt(0),yh=BigInt(1),fh=BigInt(2),gh=BigInt(3),ph=BigInt(4),dh=BigInt(5),Ah=BigInt(8);function wh(e,t){const r=e%t;return r>=lh?r:t+r}function mh(e,t,r){if(r<=lh||t 0");if(r===yh)return lh;let n=yh;for(;t>lh;)t&yh&&(n=n*e%r),e=e*e%r,t>>=yh;return n}function bh(e,t,r){let n=e;for(;t-- >lh;)n*=n,n%=r;return n}function kh(e,t){if(e===lh||t<=lh)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=wh(e,t),n=t,i=lh,s=yh;for(;r!==lh;){const e=n%r,t=i-s*(n/r);n=r,r=e,i=s,s=t}if(n!==yh)throw Error("invert: does not exist");return wh(i,t)}function Eh(e){if(e%ph===gh){const t=(e+yh)/ph;return function(e,r){const n=e.pow(r,t);if(!e.eql(e.sqr(n),r))throw Error("Cannot find square root");return n}}if(e%Ah===dh){const t=(e-dh)/Ah;return function(e,r){const n=e.mul(r,fh),i=e.pow(n,t),s=e.mul(r,i),a=e.mul(e.mul(s,fh),i),o=e.mul(s,e.sub(a,e.ONE));if(!e.eql(e.sqr(o),r))throw Error("Cannot find square root");return o}}return function(e){const t=(e-yh)/fh;let r,n,i;for(r=e-yh,n=0;r%fh===lh;r/=fh,n++);for(i=fh;i 0, got "+e);const{nBitLength:i,nByteLength:s}=Bh(e,t);if(s>2048)throw Error("Field lengths over 2048 bytes are not supported");const a=Eh(e),o=Object.freeze({ORDER:e,BITS:i,BYTES:s,MASK:nh(i),ZERO:lh,ONE:yh,create:t=>wh(t,e),isValid:t=>{if("bigint"!=typeof t)throw Error("Invalid field element: expected bigint, got "+typeof t);return lh<=t&&te===lh,isOdd:e=>(e&yh)===yh,neg:t=>wh(-t,e),eql:(e,t)=>e===t,sqr:t=>wh(t*t,e),add:(t,r)=>wh(t+r,e),sub:(t,r)=>wh(t-r,e),mul:(t,r)=>wh(t*r,e),pow:(e,t)=>function(e,t,r){if(r 0");if(r===lh)return e.ONE;if(r===yh)return t;let n=e.ONE,i=t;for(;r>lh;)r&yh&&(n=e.mul(n,i)),i=e.sqr(i),r>>=yh;return n}(o,e,t),div:(t,r)=>wh(t*kh(r,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>kh(t,e),sqrt:n.sqrt||(e=>a(o,e)),invertBatch:e=>function(e,t){const r=Array(t.length),n=t.reduce(((t,n,i)=>e.is0(n)?t:(r[i]=t,e.mul(t,n))),e.ONE),i=e.inv(n);return t.reduceRight(((t,n,i)=>e.is0(n)?t:(r[i]=e.mul(t,r[i]),e.mul(t,n))),i),r}(o,e),cmov:(e,t,r)=>r?t:e,toBytes:e=>r?Wc(e,s):Yc(e,s),fromBytes:e=>{if(e.length!==s)throw Error(`Fp.fromBytes: expected ${s}, got ${e.length}`);return r?Jc(e):Vc(e)}});return Object.freeze(o)}function Sh(e){if("bigint"!=typeof e)throw Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function Kh(e){const t=Sh(e);return t+Math.ceil(t/2)} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const Ch=BigInt(0),Dh=BigInt(1),Ph=new WeakMap,Uh=new WeakMap;function xh(e,t){const r=(e,t)=>{const r=t.negate();return e?r:t},n=e=>{if(!Number.isSafeInteger(e)||e<=0||e>t)throw Error(`Wrong window size=${e}, should be [1..${t}]`)},i=e=>{n(e);return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1)}};return{constTimeNegate:r,unsafeLadder(t,r){let n=e.ZERO,i=t;for(;r>Ch;)r&Dh&&(n=n.add(i)),i=i.double(),r>>=Dh;return n},precomputeWindow(e,t){const{windows:r,windowSize:n}=i(t),s=[];let a=e,o=a;for(let e=0;e>=y,i>o&&(i-=l,s+=Dh);const a=t,f=t+Math.abs(i)-1,g=e%2!=0,p=i<0;0===i?h=h.add(r(g,n[a])):c=c.add(r(p,n[f]))}return{p:c,f:h}},wNAFCached(e,t,r){const n=Uh.get(e)||1;let i=Ph.get(e);return i||(i=this.precomputeWindow(e,n),1!==n&&Ph.set(e,r(i))),this.wNAF(n,i,t)},setWindowSize(e,t){n(t),Uh.set(e,t),Ph.delete(e)}}}function Qh(e,t,r,n){if(!Array.isArray(r)||!Array.isArray(n)||n.length!==r.length)throw Error("arrays of points and scalars must have equal length");n.forEach(((e,r)=>{if(!t.isValid(e))throw Error("wrong scalar at index "+r)})),r.forEach(((t,r)=>{if(!(t instanceof e))throw Error("wrong point at index "+r)}));const i=rh(BigInt(r.length)),s=i>12?i-3:i>4?i-2:i?2:1,a=(1<=0;t-=s){o.fill(e.ZERO);for(let e=0;e>BigInt(t)&BigInt(a));o[s]=o[s].add(r[e])}let i=e.ZERO;for(let t=o.length-1,r=e.ZERO;t>0;t--)r=r.add(o[t]),i=i.add(r);if(h=h.add(i),0!==t)for(let e=0;e(e[t]="function",e)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"})),ch(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...Bh(e.n,e.nBitLength),...e,p:e.Fp.ORDER})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Lh(e){void 0!==e.lowS&&Fc("lowS",e.lowS),void 0!==e.prehash&&Fc("prehash",e.prehash)}const{bytesToNumberBE:Th,hexToBytes:Mh}=uh,Nh={Err:class extends Error{constructor(e=""){super(e)}},_tlv:{encode:(e,t)=>{const{Err:r}=Nh;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(1&t.length)throw new r("tlv.encode: unpadded data");const n=t.length/2,i=zc(n);if(i.length/2&128)throw new r("tlv.encode: long form length too big");const s=n>127?zc(i.length/2|128):"";return`${zc(e)}${s}${i}${t}`},decode(e,t){const{Err:r}=Nh;let n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");const i=t[n++];let s=0;if(!!(128&i)){const e=127&i;if(!e)throw new r("tlv.decode(long): indefinite length not supported");if(e>4)throw new r("tlv.decode(long): byte length is too big");const a=t.subarray(n,n+e);if(a.length!==e)throw new r("tlv.decode: length bytes not complete");if(0===a[0])throw new r("tlv.decode(long): zero leftmost byte");for(const e of a)s=s<<8|e;if(n+=e,s<128)throw new r("tlv.decode(long): not minimal encoding")}else s=i;const a=t.subarray(n,n+s);if(a.length!==s)throw new r("tlv.decode: wrong value length");return{v:a,l:t.subarray(n+s)}}},_int:{encode(e){const{Err:t}=Nh;if(e{const i=t.toAffine();return $c(Uint8Array.from([4]),r.toBytes(i.x),r.toBytes(i.y))}),s=t.fromBytes||(e=>{const t=e.subarray(1);return{x:r.fromBytes(t.subarray(0,r.BYTES)),y:r.fromBytes(t.subarray(r.BYTES,2*r.BYTES))}});function a(e){const{a:n,b:i}=t,s=r.sqr(e),a=r.mul(s,e);return r.add(r.add(a,r.mul(e,n)),i)}if(!r.eql(r.sqr(t.Gy),a(t.Gx)))throw Error("bad generator point: equation left != right");function o(e){const{allowedPrivateKeyLengths:r,nByteLength:n,wrapPrivateKey:i,n:s}=t;if(r&&"bigint"!=typeof e){if(Mc(e)&&(e=Oc(e)),"string"!=typeof e||!r.includes(e.length))throw Error("Invalid key");e=e.padStart(2*n,"0")}let a;try{a="bigint"==typeof e?e:Vc(Zc("private key",e,n))}catch(t){throw Error(`private key must be ${n} bytes, hex or bigint, not ${typeof e}`)}return i&&(a=wh(a,s)),th("private key",a,Hh,s),a}function c(e){if(!(e instanceof l))throw Error("ProjectivePoint expected")}const h=hh(((e,t)=>{const{px:n,py:i,pz:s}=e;if(r.eql(s,r.ONE))return{x:n,y:i};const a=e.is0();null==t&&(t=a?r.ONE:r.inv(s));const o=r.mul(n,t),c=r.mul(i,t),h=r.mul(s,t);if(a)return{x:r.ZERO,y:r.ZERO};if(!r.eql(h,r.ONE))throw Error("invZ was invalid");return{x:o,y:c}})),u=hh((e=>{if(e.is0()){if(t.allowInfinityPoint&&!r.is0(e.py))return;throw Error("bad point: ZERO")}const{x:n,y:i}=e.toAffine();if(!r.isValid(n)||!r.isValid(i))throw Error("bad point: x or y not FE");const s=r.sqr(i),o=a(n);if(!r.eql(s,o))throw Error("bad point: equation left != right");if(!e.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));class l{constructor(e,t,n){if(this.px=e,this.py=t,this.pz=n,null==e||!r.isValid(e))throw Error("x required");if(null==t||!r.isValid(t))throw Error("y required");if(null==n||!r.isValid(n))throw Error("z required");Object.freeze(this)}static fromAffine(e){const{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw Error("invalid affine point");if(e instanceof l)throw Error("projective point not allowed");const i=e=>r.eql(e,r.ZERO);return i(t)&&i(n)?l.ZERO:new l(t,n,r.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.pz)));return e.map(((e,r)=>e.toAffine(t[r]))).map(l.fromAffine)}static fromHex(e){const t=l.fromAffine(s(Zc("pointHex",e)));return t.assertValidity(),t}static fromPrivateKey(e){return l.BASE.multiply(o(e))}static msm(e,t){return Qh(l,n,e,t)}_setWindowSize(e){f.setWindowSize(this,e)}assertValidity(){u(this)}hasEvenY(){const{y:e}=this.toAffine();if(r.isOdd)return!r.isOdd(e);throw Error("Field doesn't support isOdd")}equals(e){c(e);const{px:t,py:n,pz:i}=this,{px:s,py:a,pz:o}=e,h=r.eql(r.mul(t,o),r.mul(s,i)),u=r.eql(r.mul(n,o),r.mul(a,i));return h&&u}negate(){return new l(this.px,r.neg(this.py),this.pz)}double(){const{a:e,b:n}=t,i=r.mul(n,Oh),{px:s,py:a,pz:o}=this;let c=r.ZERO,h=r.ZERO,u=r.ZERO,y=r.mul(s,s),f=r.mul(a,a),g=r.mul(o,o),p=r.mul(s,a);return p=r.add(p,p),u=r.mul(s,o),u=r.add(u,u),c=r.mul(e,u),h=r.mul(i,g),h=r.add(c,h),c=r.sub(f,h),h=r.add(f,h),h=r.mul(c,h),c=r.mul(p,c),u=r.mul(i,u),g=r.mul(e,g),p=r.sub(y,g),p=r.mul(e,p),p=r.add(p,u),u=r.add(y,y),y=r.add(u,y),y=r.add(y,g),y=r.mul(y,p),h=r.add(h,y),g=r.mul(a,o),g=r.add(g,g),y=r.mul(g,p),c=r.sub(c,y),u=r.mul(g,f),u=r.add(u,u),u=r.add(u,u),new l(c,h,u)}add(e){c(e);const{px:n,py:i,pz:s}=this,{px:a,py:o,pz:h}=e;let u=r.ZERO,y=r.ZERO,f=r.ZERO;const g=t.a,p=r.mul(t.b,Oh);let d=r.mul(n,a),A=r.mul(i,o),w=r.mul(s,h),m=r.add(n,i),b=r.add(a,o);m=r.mul(m,b),b=r.add(d,A),m=r.sub(m,b),b=r.add(n,s);let k=r.add(a,h);return b=r.mul(b,k),k=r.add(d,w),b=r.sub(b,k),k=r.add(i,s),u=r.add(o,h),k=r.mul(k,u),u=r.add(A,w),k=r.sub(k,u),f=r.mul(g,b),u=r.mul(p,w),f=r.add(u,f),u=r.sub(A,f),f=r.add(A,f),y=r.mul(u,f),A=r.add(d,d),A=r.add(A,d),w=r.mul(g,w),b=r.mul(p,b),A=r.add(A,w),w=r.sub(d,w),w=r.mul(g,w),b=r.add(b,w),d=r.mul(A,b),y=r.add(y,d),d=r.mul(k,b),u=r.mul(m,u),u=r.sub(u,d),d=r.mul(m,A),f=r.mul(k,f),f=r.add(f,d),new l(u,y,f)}subtract(e){return this.add(e.negate())}is0(){return this.equals(l.ZERO)}wNAF(e){return f.wNAFCached(this,e,l.normalizeZ)}multiplyUnsafe(e){th("scalar",e,Fh,t.n);const n=l.ZERO;if(e===Fh)return n;if(e===Hh)return this;const{endo:i}=t;if(!i)return f.unsafeLadder(this,e);let{k1neg:s,k1:a,k2neg:o,k2:c}=i.splitScalar(e),h=n,u=n,y=this;for(;a>Fh||c>Fh;)a&Hh&&(h=h.add(y)),c&Hh&&(u=u.add(y)),y=y.double(),a>>=Hh,c>>=Hh;return s&&(h=h.negate()),o&&(u=u.negate()),u=new l(r.mul(u.px,i.beta),u.py,u.pz),h.add(u)}multiply(e){const{endo:n,n:i}=t;let s,a;if(th("scalar",e,Hh,i),n){const{k1neg:t,k1:i,k2neg:o,k2:c}=n.splitScalar(e);let{p:h,f:u}=this.wNAF(i),{p:y,f:g}=this.wNAF(c);h=f.constTimeNegate(t,h),y=f.constTimeNegate(o,y),y=new l(r.mul(y.px,n.beta),y.py,y.pz),s=h.add(y),a=u.add(g)}else{const{p:t,f:r}=this.wNAF(e);s=t,a=r}return l.normalizeZ([s,a])[0]}multiplyAndAddUnsafe(e,t,r){const n=l.BASE,i=(e,t)=>t!==Fh&&t!==Hh&&e.equals(n)?e.multiply(t):e.multiplyUnsafe(t),s=i(this,t).add(i(e,r));return s.is0()?void 0:s}toAffine(e){return h(this,e)}isTorsionFree(){const{h:e,isTorsionFree:r}=t;if(e===Hh)return!0;if(r)return r(l,this);throw Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:e,clearCofactor:r}=t;return e===Hh?this:r?r(l,this):this.multiplyUnsafe(t.h)}toRawBytes(e=!0){return Fc("isCompressed",e),this.assertValidity(),i(l,this,e)}toHex(e=!0){return Fc("isCompressed",e),Oc(this.toRawBytes(e))}}l.BASE=new l(t.Gx,t.Gy,r.ONE),l.ZERO=new l(r.ZERO,r.ONE,r.ZERO);const y=t.nBitLength,f=xh(l,t.endo?Math.ceil(y/2):y);return{CURVE:t,ProjectivePoint:l,normPrivateKeyToScalar:o,weierstrassEquation:a,isWithinCurveOrder:function(e){return eh(e,Hh,t.n)}}}function _h(e){const t=function(e){const t=Rh(e);return ch(t,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...t})}(e),{Fp:r,n}=t,i=r.BYTES+1,s=2*r.BYTES+1;function a(e){return wh(e,n)}function o(e){return kh(e,n)}const{ProjectivePoint:c,normPrivateKeyToScalar:h,weierstrassEquation:u,isWithinCurveOrder:l}=zh({...t,toBytes(e,t,n){const i=t.toAffine(),s=r.toBytes(i.x),a=$c;return Fc("isCompressed",n),n?a(Uint8Array.from([t.hasEvenY()?2:3]),s):a(Uint8Array.from([4]),s,r.toBytes(i.y))},fromBytes(e){const t=e.length,n=e[0],a=e.subarray(1);if(t!==i||2!==n&&3!==n){if(t===s&&4===n){return{x:r.fromBytes(a.subarray(0,r.BYTES)),y:r.fromBytes(a.subarray(r.BYTES,2*r.BYTES))}}throw Error(`Point of length ${t} was invalid. Expected ${i} compressed bytes or ${s} uncompressed bytes`)}{const e=Vc(a);if(!eh(e,Hh,r.ORDER))throw Error("Point is not on curve");const t=u(e);let i;try{i=r.sqrt(t)}catch(e){const t=e instanceof Error?": "+e.message:"";throw Error("Point is not on curve"+t)}return!(1&~n)!==((i&Hh)===Hh)&&(i=r.neg(i)),{x:e,y:i}}}}),y=e=>Oc(Yc(e,t.nByteLength));function f(e){return e>n>>Hh}const g=(e,t,r)=>Vc(e.slice(t,r));class p{constructor(e,t,r){this.r=e,this.s=t,this.recovery=r,this.assertValidity()}static fromCompact(e){const r=t.nByteLength;return e=Zc("compactSignature",e,2*r),new p(g(e,0,r),g(e,r,2*r))}static fromDER(e){const{r:t,s:r}=Nh.toSig(Zc("DER",e));return new p(t,r)}assertValidity(){th("r",this.r,Hh,n),th("s",this.s,Hh,n)}addRecoveryBit(e){return new p(this.r,this.s,e)}recoverPublicKey(e){const{r:n,s:i,recovery:s}=this,h=m(Zc("msgHash",e));if(null==s||![0,1,2,3].includes(s))throw Error("recovery id invalid");const u=2===s||3===s?n+t.n:n;if(u>=r.ORDER)throw Error("recovery id 2 or 3 invalid");const l=1&s?"03":"02",f=c.fromHex(l+y(u)),g=o(u),p=a(-h*g),d=a(i*g),A=c.BASE.multiplyAndAddUnsafe(f,p,d);if(!A)throw Error("point at infinify");return A.assertValidity(),A}hasHighS(){return f(this.s)}normalizeS(){return this.hasHighS()?new p(this.r,a(-this.s),this.recovery):this}toDERRawBytes(){return qc(this.toDERHex())}toDERHex(){return Nh.hexFromSig({r:this.r,s:this.s})}toCompactRawBytes(){return qc(this.toCompactHex())}toCompactHex(){return y(this.r)+y(this.s)}}const d={isValidPrivateKey(e){try{return h(e),!0}catch(e){return!1}},normPrivateKeyToScalar:h,randomPrivateKey:()=>{const e=Kh(t.n);return function(e,t,r=!1){const n=e.length,i=Sh(t),s=Kh(t);if(n<16||n1024)throw Error(`expected ${s}-1024 bytes of input, got ${n}`);const a=wh(r?Vc(e):Jc(e),t-yh)+yh;return r?Wc(a,i):Yc(a,i)}(t.randomBytes(e),t.n)},precompute:(e=8,t=c.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)};function A(e){const t=Mc(e),r="string"==typeof e,n=(t||r)&&e.length;return t?n===i||n===s:r?n===2*i||n===2*s:e instanceof c}const w=t.bits2int||function(e){const r=Vc(e),n=8*e.length-t.nBitLength;return n>0?r>>BigInt(n):r},m=t.bits2int_modN||function(e){return a(w(e))},b=nh(t.nBitLength);function k(e){return th("num < 2^"+t.nBitLength,e,Fh,b),Yc(e,t.nByteLength)}function E(e,n,i=v){if(["recovered","canonical"].some((e=>e in i)))throw Error("sign() legacy options not supported");const{hash:s,randomBytes:u}=t;let{lowS:y,prehash:g,extraEntropy:d}=i;null==y&&(y=!0),e=Zc("msgHash",e),Lh(i),g&&(e=Zc("prehashed msgHash",s(e)));const A=m(e),b=h(n),E=[k(b),k(A)];if(null!=d&&!1!==d){const e=!0===d?u(r.BYTES):d;E.push(Zc("extraEntropy",e))}const B=$c(...E),I=A;return{seed:B,k2sig:function(e){const t=w(e);if(!l(t))return;const r=o(t),n=c.BASE.multiply(t).toAffine(),i=a(n.x);if(i===Fh)return;const s=a(r*a(I+i*b));if(s===Fh)return;let h=(n.x===i?0:2)|Number(n.y&Hh),u=s;return y&&f(s)&&(u=function(e){return f(e)?a(-e):e}(s),h^=1),new p(i,u,h)}}}const v={lowS:t.lowS,prehash:!1},B={lowS:t.lowS,prehash:!1};return c.BASE._setWindowSize(8),{CURVE:t,getPublicKey:function(e,t=!0){return c.fromPrivateKey(e).toRawBytes(t)},getSharedSecret:function(e,t,r=!0){if(A(e))throw Error("first arg must be private key");if(!A(t))throw Error("second arg must be public key");return c.fromHex(t).multiply(h(e)).toRawBytes(r)},sign:function(e,r,n=v){const{seed:i,k2sig:s}=E(e,r,n),a=t;return ah(a.hash.outputLen,a.nByteLength,a.hmac)(i,s)},verify:function(e,r,n,i=B){const s=e;if(r=Zc("msgHash",r),n=Zc("publicKey",n),"strict"in i)throw Error("options.strict was renamed to lowS");Lh(i);const{lowS:h,prehash:u}=i;let l,y;try{if("string"==typeof s||Mc(s))try{l=p.fromDER(s)}catch(e){if(!(e instanceof Nh.Err))throw e;l=p.fromCompact(s)}else{if("object"!=typeof s||"bigint"!=typeof s.r||"bigint"!=typeof s.s)throw Error("PARSE");{const{r:e,s:t}=s;l=new p(e,t)}}y=c.fromHex(n)}catch(e){if("PARSE"===e.message)throw Error("signature must be Signature instance, Uint8Array or hex string");return!1}if(h&&l.hasHighS())return!1;u&&(r=t.hash(r));const{r:f,s:g}=l,d=m(r),A=o(g),w=a(d*A),b=a(f*A),k=c.BASE.multiplyAndAddUnsafe(y,w,b)?.toAffine();return!!k&&a(k.x)===f},ProjectivePoint:c,Signature:p,utils:d}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Gh(e){return{hash:e,hmac:(t,...r)=>Qc(e,t,wc(...r)),randomBytes:kc}}function jh(e,t){const r=t=>_h({...e,...Gh(t)});return Object.freeze({...r(t),create:r})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */BigInt(4);const qh=Ih(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff")),Vh=jh({a:qh.create(BigInt("-3")),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Fp:qh,n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),h:BigInt(1),lowS:!1},Pc),Jh=/* @__PURE__ */BigInt(2**32-1),Yh=/* @__PURE__ */BigInt(32);function Wh(e,t=!1){return t?{h:Number(e&Jh),l:Number(e>>Yh&Jh)}:{h:0|Number(e>>Yh&Jh),l:0|Number(e&Jh)}}function Zh(e,t=!1){let r=new Uint32Array(e.length),n=new Uint32Array(e.length);for(let i=0;ie<>>32-r,Xh=(e,t,r)=>t<>>32-r,eu=(e,t,r)=>t<>>64-r,tu=(e,t,r)=>e<>>64-r;const ru={fromBig:Wh,split:Zh,toBig:(e,t)=>BigInt(e>>>0)<>>0),shrSH:(e,t,r)=>e>>>r,shrSL:(e,t,r)=>e<<32-r|t>>>r,rotrSH:(e,t,r)=>e>>>r|t<<32-r,rotrSL:(e,t,r)=>e<<32-r|t>>>r,rotrBH:(e,t,r)=>e<<64-r|t>>>r-32,rotrBL:(e,t,r)=>e>>>r-32|t<<64-r,rotr32H:(e,t)=>t,rotr32L:(e,t)=>e,rotlSH:$h,rotlSL:Xh,rotlBH:eu,rotlBL:tu,add:function(e,t,r,n){const i=(t>>>0)+(n>>>0);return{h:e+r+(i/2**32|0)|0,l:0|i}},add3L:(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),add3H:(e,t,r,n)=>t+r+n+(e/2**32|0)|0,add4L:(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),add4H:(e,t,r,n,i)=>t+r+n+i+(e/2**32|0)|0,add5H:(e,t,r,n,i,s)=>t+r+n+i+s+(e/2**32|0)|0,add5L:(e,t,r,n,i)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(i>>>0)},[nu,iu]=/* @__PURE__ */(()=>ru.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((e=>BigInt(e)))))(),su=/* @__PURE__ */new Uint32Array(80),au=/* @__PURE__ */new Uint32Array(80);class ou extends Bc{constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}get(){const{Ah:e,Al:t,Bh:r,Bl:n,Ch:i,Cl:s,Dh:a,Dl:o,Eh:c,El:h,Fh:u,Fl:l,Gh:y,Gl:f,Hh:g,Hl:p}=this;return[e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p]}set(e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p){this.Ah=0|e,this.Al=0|t,this.Bh=0|r,this.Bl=0|n,this.Ch=0|i,this.Cl=0|s,this.Dh=0|a,this.Dl=0|o,this.Eh=0|c,this.El=0|h,this.Fh=0|u,this.Fl=0|l,this.Gh=0|y,this.Gl=0|f,this.Hh=0|g,this.Hl=0|p}process(e,t){for(let r=0;r<16;r++,t+=4)su[r]=e.getUint32(t),au[r]=e.getUint32(t+=4);for(let e=16;e<80;e++){const t=0|su[e-15],r=0|au[e-15],n=ru.rotrSH(t,r,1)^ru.rotrSH(t,r,8)^ru.shrSH(t,r,7),i=ru.rotrSL(t,r,1)^ru.rotrSL(t,r,8)^ru.shrSL(t,r,7),s=0|su[e-2],a=0|au[e-2],o=ru.rotrSH(s,a,19)^ru.rotrBH(s,a,61)^ru.shrSH(s,a,6),c=ru.rotrSL(s,a,19)^ru.rotrBL(s,a,61)^ru.shrSL(s,a,6),h=ru.add4L(i,c,au[e-7],au[e-16]),u=ru.add4H(h,n,o,su[e-7],su[e-16]);su[e]=0|u,au[e]=0|h}let{Ah:r,Al:n,Bh:i,Bl:s,Ch:a,Cl:o,Dh:c,Dl:h,Eh:u,El:l,Fh:y,Fl:f,Gh:g,Gl:p,Hh:d,Hl:A}=this;for(let e=0;e<80;e++){const t=ru.rotrSH(u,l,14)^ru.rotrSH(u,l,18)^ru.rotrBH(u,l,41),w=ru.rotrSL(u,l,14)^ru.rotrSL(u,l,18)^ru.rotrBL(u,l,41),m=u&y^~u&g,b=l&f^~l&p,k=ru.add5L(A,w,b,iu[e],au[e]),E=ru.add5H(k,d,t,m,nu[e],su[e]),v=0|k,B=ru.rotrSH(r,n,28)^ru.rotrBH(r,n,34)^ru.rotrBH(r,n,39),I=ru.rotrSL(r,n,28)^ru.rotrBL(r,n,34)^ru.rotrBL(r,n,39),S=r&i^r&a^i&a,K=n&s^n&o^s&o;d=0|g,A=0|p,g=0|y,p=0|f,y=0|u,f=0|l,({h:u,l}=ru.add(0|c,0|h,0|E,0|v)),c=0|a,h=0|o,a=0|i,o=0|s,i=0|r,s=0|n;const C=ru.add3L(v,I,K);r=ru.add3H(C,E,B,S),n=0|C}({h:r,l:n}=ru.add(0|this.Ah,0|this.Al,0|r,0|n)),({h:i,l:s}=ru.add(0|this.Bh,0|this.Bl,0|i,0|s)),({h:a,l:o}=ru.add(0|this.Ch,0|this.Cl,0|a,0|o)),({h:c,l:h}=ru.add(0|this.Dh,0|this.Dl,0|c,0|h)),({h:u,l}=ru.add(0|this.Eh,0|this.El,0|u,0|l)),({h:y,l:f}=ru.add(0|this.Fh,0|this.Fl,0|y,0|f)),({h:g,l:p}=ru.add(0|this.Gh,0|this.Gl,0|g,0|p)),({h:d,l:A}=ru.add(0|this.Hh,0|this.Hl,0|d,0|A)),this.set(r,n,i,s,a,o,c,h,u,l,y,f,g,p,d,A)}roundClean(){su.fill(0),au.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class cu extends ou{constructor(){super(),this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const hu=/* @__PURE__ */bc((()=>new ou)),uu=/* @__PURE__ */bc((()=>new cu)),lu=Ih(BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff")),yu=jh({a:lu.create(BigInt("-3")),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Fp:lu,n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),h:BigInt(1),lowS:!1},uu),fu=Ih(BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")),gu={a:fu.create(BigInt("-3")),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Fp:fu,n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"),h:BigInt(1)},pu=jh({a:gu.a,b:gu.b,Fp:fu,n:gu.n,Gx:gu.Gx,Gy:gu.Gy,h:gu.h,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},hu),du=[],Au=[],wu=[],mu=/* @__PURE__ */BigInt(0),bu=/* @__PURE__ */BigInt(1),ku=/* @__PURE__ */BigInt(2),Eu=/* @__PURE__ */BigInt(7),vu=/* @__PURE__ */BigInt(256),Bu=/* @__PURE__ */BigInt(113);for(let e=0,t=bu,r=1,n=0;e<24;e++){[r,n]=[n,(2*r+3*n)%5],du.push(2*(5*n+r)),Au.push((e+1)*(e+2)/2%64);let i=mu;for(let e=0;e<7;e++)t=(t<>Eu)*Bu)%vu,t&ku&&(i^=bu<<(bu<r>32?eu(e,t,r):$h(e,t,r),Cu=(e,t,r)=>r>32?tu(e,t,r):Xh(e,t,r);class Du extends mc{constructor(e,t,r,n=!1,i=24){if(super(),this.blockLen=e,this.suffix=t,this.outputLen=r,this.enableXOF=n,this.rounds=i,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,ac(r),0>=this.blockLen||this.blockLen>=200)throw Error("Sha3 supports only keccak-f1600 function");var s;this.state=new Uint8Array(200),this.state32=(s=this.state,new Uint32Array(s.buffer,s.byteOffset,Math.floor(s.byteLength/4)))}keccak(){gc||pc(this.state32),function(e,t=24){const r=new Uint32Array(10);for(let n=24-t;n<24;n++){for(let t=0;t<10;t++)r[t]=e[t]^e[t+10]^e[t+20]^e[t+30]^e[t+40];for(let t=0;t<10;t+=2){const n=(t+8)%10,i=(t+2)%10,s=r[i],a=r[i+1],o=Ku(s,a,1)^r[n],c=Cu(s,a,1)^r[n+1];for(let r=0;r<50;r+=10)e[t+r]^=o,e[t+r+1]^=c}let t=e[2],i=e[3];for(let r=0;r<24;r++){const n=Au[r],s=Ku(t,i,n),a=Cu(t,i,n),o=du[r];t=e[o],i=e[o+1],e[o]=s,e[o+1]=a}for(let t=0;t<50;t+=10){for(let n=0;n<10;n++)r[n]=e[t+n];for(let n=0;n<10;n++)e[t+n]^=~r[(n+2)%10]&r[(n+4)%10]}e[0]^=Iu[n],e[1]^=Su[n]}r.fill(0)}(this.state32,this.rounds),gc||pc(this.state32),this.posOut=0,this.pos=0}update(e){cc(this);const{blockLen:t,state:r}=this,n=(e=Ac(e)).length;for(let i=0;i=r&&this.keccak();const s=Math.min(r-this.posOut,i-n);e.set(t.subarray(this.posOut,this.posOut+s),n),this.posOut+=s,n+=s}return e}xofInto(e){if(!this.enableXOF)throw Error("XOF is not possible for this instance");return this.writeInto(e)}xof(e){return ac(e),this.xofInto(new Uint8Array(e))}digestInto(e){if(hc(e,this),this.finished)throw Error("digest() was already called");return this.writeInto(e),this.destroy(),e}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(e){const{blockLen:t,suffix:r,outputLen:n,rounds:i,enableXOF:s}=this;return e||(e=new Du(t,r,n,s,i)),e.state32.set(this.state32),e.pos=this.pos,e.posOut=this.posOut,e.finished=this.finished,e.rounds=i,e.suffix=r,e.outputLen=n,e.enableXOF=s,e.destroyed=this.destroyed,e}}const Pu=(e,t,r)=>bc((()=>new Du(t,e,r))),Uu=/* @__PURE__ */Pu(6,136,32),xu=/* @__PURE__ */Pu(6,72,64),Qu=/* @__PURE__ */((e,t,r)=>function(e){const t=(t,r)=>e(r).update(Ac(t)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=t=>e(t),t}(((n={})=>new Du(t,e,void 0===n.dkLen?r:n.dkLen,!0))))(31,136,32),Ru=BigInt(0),Lu=BigInt(1),Tu=BigInt(2),Mu=BigInt(8),Nu={zip215:!0};function Fu(e){const t=function(e){const t=Rh(e);return ch(e,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...t})}(e),{Fp:r,n,prehash:i,hash:s,randomBytes:a,nByteLength:o,h:c}=t,h=Tu<{try{return{isValid:!0,value:r.sqrt(e*r.inv(t))}}catch(e){return{isValid:!1,value:Ru}}}),f=t.adjustScalarBytes||(e=>e),g=t.domain||((e,t,r)=>{if(Fc("phflag",r),t.length||r)throw Error("Contexts/pre-hash are not supported");return e});function p(e,t){th("coordinate "+e,t,Ru,h)}function d(e){if(!(e instanceof m))throw Error("ExtendedPoint expected")}const A=hh(((e,t)=>{const{ex:n,ey:i,ez:s}=e,a=e.is0();null==t&&(t=a?Mu:r.inv(s));const o=u(n*t),c=u(i*t),h=u(s*t);if(a)return{x:Ru,y:Lu};if(h!==Lu)throw Error("invZ was invalid");return{x:o,y:c}})),w=hh((e=>{const{a:r,d:n}=t;if(e.is0())throw Error("bad point: ZERO");const{ex:i,ey:s,ez:a,et:o}=e,c=u(i*i),h=u(s*s),l=u(a*a),y=u(l*l),f=u(c*r);if(u(l*u(f+h))!==u(y+u(n*u(c*h))))throw Error("bad point: equation left != right (1)");if(u(i*s)!==u(a*o))throw Error("bad point: equation left != right (2)");return!0}));class m{constructor(e,t,r,n){this.ex=e,this.ey=t,this.ez=r,this.et=n,p("x",e),p("y",t),p("z",r),p("t",n),Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(e){if(e instanceof m)throw Error("extended point not allowed");const{x:t,y:r}=e||{};return p("x",t),p("y",r),new m(t,r,Lu,u(t*r))}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.ez)));return e.map(((e,r)=>e.toAffine(t[r]))).map(m.fromAffine)}static msm(e,t){return Qh(m,l,e,t)}_setWindowSize(e){E.setWindowSize(this,e)}assertValidity(){w(this)}equals(e){d(e);const{ex:t,ey:r,ez:n}=this,{ex:i,ey:s,ez:a}=e,o=u(t*a),c=u(i*n),h=u(r*a),l=u(s*n);return o===c&&h===l}is0(){return this.equals(m.ZERO)}negate(){return new m(u(-this.ex),this.ey,this.ez,u(-this.et))}double(){const{a:e}=t,{ex:r,ey:n,ez:i}=this,s=u(r*r),a=u(n*n),o=u(Tu*u(i*i)),c=u(e*s),h=r+n,l=u(u(h*h)-s-a),y=c+a,f=y-o,g=c-a,p=u(l*f),d=u(y*g),A=u(l*g),w=u(f*y);return new m(p,d,w,A)}add(e){d(e);const{a:r,d:n}=t,{ex:i,ey:s,ez:a,et:o}=this,{ex:c,ey:h,ez:l,et:y}=e;if(r===BigInt(-1)){const e=u((s-i)*(h+c)),t=u((s+i)*(h-c)),r=u(t-e);if(r===Ru)return this.double();const n=u(a*Tu*y),f=u(o*Tu*l),g=f+n,p=t+e,d=f-n,A=u(g*r),w=u(p*d),b=u(g*d),k=u(r*p);return new m(A,w,k,b)}const f=u(i*c),g=u(s*h),p=u(o*n*y),A=u(a*l),w=u((i+s)*(c+h)-f-g),b=A-p,k=A+p,E=u(g-r*f),v=u(w*b),B=u(k*E),I=u(w*E),S=u(b*k);return new m(v,B,S,I)}subtract(e){return this.add(e.negate())}wNAF(e){return E.wNAFCached(this,e,m.normalizeZ)}multiply(e){const t=e;th("scalar",t,Lu,n);const{p:r,f:i}=this.wNAF(t);return m.normalizeZ([r,i])[0]}multiplyUnsafe(e){const t=e;return th("scalar",t,Ru,n),t===Ru?k:this.equals(k)||t===Lu?this:this.equals(b)?this.wNAF(t).p:E.unsafeLadder(this,t)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}isTorsionFree(){return E.unsafeLadder(this,n).is0()}toAffine(e){return A(this,e)}clearCofactor(){const{h:e}=t;return e===Lu?this:this.multiplyUnsafe(e)}static fromHex(e,n=!1){const{d:i,a:s}=t,a=r.BYTES;e=Zc("pointHex",e,a),Fc("zip215",n);const o=e.slice(),c=e[a-1];o[a-1]=-129&c;const l=Jc(o),f=n?h:r.ORDER;th("pointHex.y",l,Ru,f);const g=u(l*l),p=u(g-Lu),d=u(i*g-s);let{isValid:A,value:w}=y(p,d);if(!A)throw Error("Point.fromHex: invalid y coordinate");const b=(w&Lu)===Lu,k=!!(128&c);if(!n&&w===Ru&&k)throw Error("Point.fromHex: x=0 and x_0=1");return k!==b&&(w=u(-w)),m.fromAffine({x:w,y:l})}static fromPrivateKey(e){return I(e).point}toRawBytes(){const{x:e,y:t}=this.toAffine(),n=Wc(t,r.BYTES);return n[n.length-1]|=e&Lu?128:0,n}toHex(){return Oc(this.toRawBytes())}}m.BASE=new m(t.Gx,t.Gy,Lu,u(t.Gx*t.Gy)),m.ZERO=new m(Ru,Lu,Lu,Ru);const{BASE:b,ZERO:k}=m,E=xh(m,8*o);function v(e){return wh(e,n)}function B(e){return v(Jc(e))}function I(e){const t=o;e=Zc("private key",e,t);const r=Zc("hashed private key",s(e),2*t),n=f(r.slice(0,t)),i=r.slice(t,2*t),a=B(n),c=b.multiply(a),h=c.toRawBytes();return{head:n,prefix:i,scalar:a,point:c,pointBytes:h}}function S(e=new Uint8Array,...t){const r=$c(...t);return B(s(g(r,Zc("context",e),!!i)))}const K=Nu;b._setWindowSize(8);return{CURVE:t,getPublicKey:function(e){return I(e).pointBytes},sign:function(e,t,s={}){e=Zc("message",e),i&&(e=i(e));const{prefix:a,scalar:c,pointBytes:h}=I(t),u=S(s.context,a,e),l=b.multiply(u).toRawBytes(),y=v(u+S(s.context,l,h,e)*c);return th("signature.s",y,Ru,n),Zc("result",$c(l,Wc(y,r.BYTES)),2*o)},verify:function(e,t,n,s=K){const{context:a,zip215:o}=s,c=r.BYTES;e=Zc("signature",e,2*c),t=Zc("message",t),void 0!==o&&Fc("zip215",o),i&&(t=i(t));const h=Jc(e.slice(c,2*c));let u,l,y;try{u=m.fromHex(n,o),l=m.fromHex(e.slice(0,c),o),y=b.multiplyUnsafe(h)}catch(e){return!1}if(!o&&u.isSmallOrder())return!1;const f=S(a,l.toRawBytes(),u.toRawBytes(),t);return l.add(u.multiplyUnsafe(f)).subtract(y).clearCofactor().equals(m.ZERO)},ExtendedPoint:m,utils:{getExtendedPublicKey:I,randomPrivateKey:()=>a(r.BYTES),precompute:(e=8,t=m.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)}}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Hu=BigInt(0),Ou=BigInt(1);function zu(e){const t=(ch(r=e,{a:"bigint"},{montgomeryBits:"isSafeInteger",nByteLength:"isSafeInteger",adjustScalarBytes:"function",domain:"function",powPminus2:"function",Gu:"bigint"}),Object.freeze({...r}));var r;const{P:n}=t,i=e=>wh(e,n),s=t.montgomeryBits,a=Math.ceil(s/8),o=t.nByteLength,c=t.adjustScalarBytes||(e=>e),h=t.powPminus2||(e=>mh(e,n-BigInt(2),n));function u(e,t,r){const n=i(e*(t-r));return[t=i(t-n),r=i(r+n)]}const l=(t.a-BigInt(2))/BigInt(4);function y(e){return Wc(i(e),a)}function f(e,t){const r=function(e){const t=Zc("u coordinate",e,a);return 32===o&&(t[31]&=127),Jc(t)}(t),f=function(e){const t=Zc("scalar",e),r=t.length;if(r!==a&&r!==o)throw Error(`Expected ${a} or ${o} bytes, got ${r}`);return Jc(c(t))}(e),g=function(e,t){th("u",e,Hu,n),th("scalar",t,Hu,n);const r=t,a=e;let o,c=Ou,y=Hu,f=e,g=Ou,p=Hu;for(let e=BigInt(s-1);e>=Hu;e--){const t=r>>e&Ou;p^=t,o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1],p=t;const n=c+y,s=i(n*n),h=c-y,d=i(h*h),A=s-d,w=f+g,m=i((f-g)*n),b=i(w*h),k=m+b,E=m-b;f=i(k*k),g=i(a*i(E*E)),c=i(s*d),y=i(A*(s+i(l*A)))}o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1];const d=h(y);return i(c*d)}(r,f);if(g===Hu)throw Error("Invalid private or public key received");return y(g)}const g=y(t.Gu);function p(e){return f(e,g)}return{scalarMult:f,scalarMultBase:p,getSharedSecret:(e,t)=>f(e,t),getPublicKey:e=>p(e),utils:{randomPrivateKey:()=>t.randomBytes(t.nByteLength)},GuBytes:g}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const _u=bc((()=>Qu.create({dkLen:114}))),Gu=(bc((()=>Qu.create({dkLen:64}))),BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439")),ju=BigInt(1),qu=BigInt(2),Vu=BigInt(3);BigInt(4);const Ju=BigInt(11),Yu=BigInt(22),Wu=BigInt(44),Zu=BigInt(88),$u=BigInt(223);function Xu(e){const t=Gu,r=e*e*e%t,n=r*r*e%t,i=bh(n,Vu,t)*n%t,s=bh(i,Vu,t)*n%t,a=bh(s,qu,t)*r%t,o=bh(a,Ju,t)*a%t,c=bh(o,Yu,t)*o%t,h=bh(c,Wu,t)*c%t,u=bh(h,Zu,t)*h%t,l=bh(u,Wu,t)*c%t,y=bh(l,qu,t)*r%t,f=bh(y,ju,t)*e%t;return bh(f,$u,t)*y%t}function el(e){return e[0]&=252,e[55]|=128,e[56]=0,e}const tl=Ih(Gu,456,!0),rl={a:BigInt(1),d:BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358"),Fp:tl,n:BigInt("181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779"),nBitLength:456,h:BigInt(4),Gx:BigInt("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710"),Gy:BigInt("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660"),hash:_u,randomBytes:kc,adjustScalarBytes:el,domain:(e,t,r)=>{if(t.length>255)throw Error("Context is too big: "+t.length);return wc(dc("SigEd448"),new Uint8Array([r?1:0,t.length]),t,e)},uvRatio:function(e,t){const r=Gu,n=wh(e*e*t,r),i=wh(n*e,r),s=wh(i*n*t,r),a=wh(i*Xu(s),r),o=wh(a*a,r);return{isValid:wh(o*t,r)===e,value:a}}},nl=/* @__PURE__ */Fu(rl),il=/* @__PURE__ */(()=>zu({a:BigInt(156326),montgomeryBits:448,nByteLength:56,P:Gu,Gu:BigInt(5),powPminus2:e=>{const t=Gu;return wh(bh(Xu(e),BigInt(2),t)*e,t)},adjustScalarBytes:el,randomBytes:kc}))();tl.ORDER,BigInt(3),BigInt(4),BigInt(156326),BigInt("39082"),BigInt("78163"),BigInt("98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214"),BigInt("315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716"),BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const sl=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),al=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),ol=BigInt(1),cl=BigInt(2),hl=(e,t)=>(e+t/cl)/t;const ul=Ih(sl,void 0,void 0,{sqrt:function(e){const t=sl,r=BigInt(3),n=BigInt(6),i=BigInt(11),s=BigInt(22),a=BigInt(23),o=BigInt(44),c=BigInt(88),h=e*e*e%t,u=h*h*e%t,l=bh(u,r,t)*u%t,y=bh(l,r,t)*u%t,f=bh(y,cl,t)*h%t,g=bh(f,i,t)*f%t,p=bh(g,s,t)*g%t,d=bh(p,o,t)*p%t,A=bh(d,c,t)*d%t,w=bh(A,o,t)*p%t,m=bh(w,r,t)*u%t,b=bh(m,a,t)*g%t,k=bh(b,n,t)*h%t,E=bh(k,cl,t);if(!ul.eql(ul.sqr(E),e))throw Error("Cannot find square root");return E}}),ll=jh({a:BigInt(0),b:BigInt(7),Fp:ul,n:al,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const t=al,r=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),n=-ol*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=r,a=BigInt("0x100000000000000000000000000000000"),o=hl(s*e,t),c=hl(-n*e,t);let h=wh(e-o*r-c*i,t),u=wh(-o*n-c*s,t);const l=h>a,y=u>a;if(l&&(h=t-h),y&&(u=t-u),h>a||u>a)throw Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:l,k1:h,k2neg:y,k2:u}}}},Pc);BigInt(0),ll.ProjectivePoint;const yl=Ih(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),fl=jh({a:yl.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:yl,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},Pc),gl=Ih(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),pl=jh({a:gl.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:gl,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},uu),dl=Ih(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),Al=jh({a:dl.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:dl,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},hu),wl=new Map(Object.entries({nistP256:Vh,nistP384:yu,nistP521:pu,brainpoolP256r1:fl,brainpoolP384r1:pl,brainpoolP512r1:Al,secp256k1:ll,x448:il,ed448:nl}));var ml=/*#__PURE__*/Object.freeze({__proto__:null,nobleCurves:wl});function bl(e,t,r,n,i,s){const a=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],h=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],u=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],y=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],f=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let g,p,d,A,w,m,b,k,E,v,B=0,I=t.length;const S=32===e.length?3:9;k=3===S?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e){const t=8-e.length%8;let r;if(!(t<8)){if(8===t)return e;throw Error("des: invalid padding")}r=0;const n=new Uint8Array(e.length+t);for(let t=0;t>>4^b),b^=d,m^=d<<4,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,m=m<<1|m>>>31,b=b<<1|b>>>31,p=0;p>>4|b<<28)^e[g+1],d=m,m=b,b=d^(o[A>>>24&63]|h[A>>>16&63]|l[A>>>8&63]|f[63&A]|a[w>>>24&63]|c[w>>>16&63]|u[w>>>8&63]|y[63&w]);d=m,m=b,b=d}m=m>>>1|m<<31,b=b>>>1|b<<31,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=252645135&(m>>>4^b),b^=d,m^=d<<4,K[C++]=m>>>24,K[C++]=m>>>16&255,K[C++]=m>>>8&255,K[C++]=255&m,K[C++]=b>>>24,K[C++]=b>>>16&255,K[C++]=b>>>8&255,K[C++]=255&b}return r||(K=function(e){let t,r=null;if(t=0,!r){for(r=1;e[e.length-r]===t;)r++;r--}return e.subarray(0,e.length-r)}(K)),K}function kl(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],i=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],s=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],a=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],h=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],u=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],y=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],f=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],g=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],p=e.length>8?3:1,d=Array(32*p),A=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let w,m,b,k=0,E=0;for(let v=0;v>>4^v),v^=b,p^=b<<4,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=858993459&(p>>>2^v),v^=b,p^=b<<2,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=16711935&(v>>>8^p),p^=b,v^=b<<8,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=p<<8|v>>>20&240,p=v<<24|v<<8&16711680|v>>>8&65280|v>>>24&240,v=b;for(let e=0;e<16;e++)A[e]?(p=p<<2|p>>>26,v=v<<2|v>>>26):(p=p<<1|p>>>27,v=v<<1|v>>>27),p&=-15,v&=-15,w=t[p>>>28]|r[p>>>24&15]|n[p>>>20&15]|i[p>>>16&15]|s[p>>>12&15]|a[p>>>8&15]|o[p>>>4&15],m=c[v>>>28]|h[v>>>24&15]|u[v>>>20&15]|l[v>>>16&15]|y[v>>>12&15]|f[v>>>8&15]|g[v>>>4&15],b=65535&(m>>>16^w),d[E++]=w^b,d[E++]=m^b<<16}return d}function El(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return bl(kl(this.key[2]),bl(kl(this.key[1]),bl(kl(this.key[0]),e,!0),!1),!0)}}function vl(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>>16&255,t[s+6]=o>>>8&255,t[s+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>16&255,t[s+6]=o>>8&255,t[s+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const n=t+e,i=n<>>32-r;return(s[0][i>>>24]^s[1][i>>>16&255])-s[2][i>>>8&255]+s[3][255&i]}function n(e,t,r){const n=t^e,i=n<>>32-r;return s[0][i>>>24]-s[1][i>>>16&255]+s[2][i>>>8&255]^s[3][255&i]}function i(e,t,r){const n=t-e,i=n<>>32-r;return(s[0][i>>>24]+s[1][i>>>16&255]^s[2][i>>>8&255])-s[3][255&i]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const n=[,,,,,,,,],i=Array(32);let a;for(let e=0;e<4;e++)a=4*e,n[e]=r[a]<<24|r[a+1]<<16|r[a+2]<<8|r[a+3];const o=[6,7,4,5];let c,h=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(a=0;a<4;a++){const t=e[r][a];c=n[t[1]],c^=s[4][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=s[5][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=s[6][n[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=s[7][n[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=s[o[a]][n[t[6]>>>2]>>>24-8*(3&t[6])&255],n[t[0]]=c}for(a=0;a<4;a++){const e=t[r][a];c=s[4][n[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=s[5][n[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=s[6][n[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=s[7][n[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=s[4+a][n[e[4]>>>2]>>>24-8*(3&e[4])&255],i[h]=c,h++}}for(let e=0;e<16;e++)this.masking[e]=i[e],this.rotate[e]=31&i[16+e]};const s=[,,,,,,,,];s[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],s[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],s[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],s[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],s[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],s[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],s[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],s[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Bl(e){this.cast5=new vl,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}El.keySize=El.prototype.keySize=24,El.blockSize=El.prototype.blockSize=8,Bl.blockSize=Bl.prototype.blockSize=8,Bl.keySize=Bl.prototype.keySize=16;const Il=4294967295;function Sl(e,t){return(e<>>32-t)&Il}function Kl(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function Cl(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function Dl(e,t){return e>>>8*t&255}function Pl(e){this.tf=function(){let e=null,t=null,r=-1,n=[],i=[[],[],[],[]];function s(e){return i[0][Dl(e,0)]^i[1][Dl(e,1)]^i[2][Dl(e,2)]^i[3][Dl(e,3)]}function a(e){return i[0][Dl(e,3)]^i[1][Dl(e,0)]^i[2][Dl(e,1)]^i[3][Dl(e,2)]}function o(e,t){let r=s(t[0]),i=a(t[1]);t[2]=Sl(t[2]^r+i+n[4*e+8]&Il,31),t[3]=Sl(t[3],1)^r+2*i+n[4*e+9]&Il,r=s(t[2]),i=a(t[3]),t[0]=Sl(t[0]^r+i+n[4*e+10]&Il,31),t[1]=Sl(t[1],1)^r+2*i+n[4*e+11]&Il}function c(e,t){let r=s(t[0]),i=a(t[1]);t[2]=Sl(t[2],1)^r+i+n[4*e+10]&Il,t[3]=Sl(t[3]^r+2*i+n[4*e+11]&Il,31),r=s(t[2]),i=a(t[3]),t[0]=Sl(t[0],1)^r+i+n[4*e+8]&Il,t[1]=Sl(t[1]^r+2*i+n[4*e+9]&Il,31)}return{name:"twofish",blocksize:16,open:function(t){let r,s,a,o,c;e=t;const h=[],u=[],l=[];let y;const f=[];let g,p,d;const A=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],m=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],b=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],k=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],E=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],v=[[],[]],B=[[],[],[],[]];function I(e){return e^e>>2^[0,90,180,238][3&e]}function S(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function K(e,t){let r,n,i;for(r=0;r<8;r++)n=t>>>24,t=t<<8&Il|e>>>24,e=e<<8&Il,i=n<<1,128&n&&(i^=333),t^=n^i<<16,i^=n>>>1,1&n&&(i^=166),t^=i<<24|i<<8;return t}function C(e,t){const r=t>>4,n=15&t,i=A[e][r^n],s=w[e][k[n]^E[r]];return b[e][k[s]^E[i]]<<4|m[e][i^s]}function D(e,t){let r=Dl(e,0),n=Dl(e,1),i=Dl(e,2),s=Dl(e,3);switch(y){case 4:r=v[1][r]^Dl(t[3],0),n=v[0][n]^Dl(t[3],1),i=v[0][i]^Dl(t[3],2),s=v[1][s]^Dl(t[3],3);case 3:r=v[1][r]^Dl(t[2],0),n=v[1][n]^Dl(t[2],1),i=v[0][i]^Dl(t[2],2),s=v[0][s]^Dl(t[2],3);case 2:r=v[0][v[0][r]^Dl(t[1],0)]^Dl(t[0],0),n=v[0][v[1][n]^Dl(t[1],1)]^Dl(t[0],1),i=v[1][v[0][i]^Dl(t[1],2)]^Dl(t[0],2),s=v[1][v[1][s]^Dl(t[1],3)]^Dl(t[0],3)}return B[0][r]^B[1][n]^B[2][i]^B[3][s]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Kl(e,r);for(r=0;r<256;r++)v[0][r]=C(0,r),v[1][r]=C(1,r);for(r=0;r<256;r++)g=v[1][r],p=I(g),d=S(g),B[0][r]=g+(p<<8)+(d<<16)+(d<<24),B[2][r]=p+(d<<8)+(g<<16)+(d<<24),g=v[0][r],p=I(g),d=S(g),B[1][r]=d+(d<<8)+(p<<16)+(g<<24),B[3][r]=p+(g<<8)+(d<<16)+(p<<24);for(y=l.length/2,r=0;r=0;e--)c(e,s);Cl(t,r,s[2]^n[0]),Cl(t,r+4,s[3]^n[1]),Cl(t,r+8,s[0]^n[2]),Cl(t,r+12,s[1]^n[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Ul(){}function xl(e){this.bf=new Ul,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}Pl.keySize=Pl.prototype.keySize=32,Pl.blockSize=Pl.prototype.blockSize=16,Ul.prototype.BLOCKSIZE=8,Ul.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Ul.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Ul.prototype.NN=16,Ul.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Ul.prototype._F=function(e){let t;const r=255&e,n=255&(e>>>=8),i=255&(e>>>=8),s=255&(e>>>=8);return t=this.sboxes[0][s]+this.sboxes[1][i],t^=this.sboxes[2][n],t+=this.sboxes[3][r],t},Ul.prototype._encryptBlock=function(e){let t,r=e[0],n=e[1];for(t=0;t>>24-8*t&255,i[t+n]=r[1]>>>24-8*t&255;return i},Ul.prototype._decryptBlock=function(e){let t,r=e[0],n=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],n=this._F(r)^n;const e=r;r=n,n=e}r^=this.parray[1],n^=this.parray[0],e[0]=this._clean(n),e[1]=this._clean(r)},Ul.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^n}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const n=[0,0];for(t=0;tnew Ml)),Fl=/* @__PURE__ */new Uint8Array([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),Hl=/* @__PURE__ */new Uint8Array(Array(16).fill(0).map(((e,t)=>t))),Ol=/* @__PURE__ */Hl.map((e=>(9*e+5)%16));let zl=[Hl],_l=[Ol];for(let e=0;e<4;e++)for(let t of[zl,_l])t.push(t[e].map((e=>Fl[e])));const Gl=/* @__PURE__ */[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map((e=>new Uint8Array(e))),jl=/* @__PURE__ */zl.map(((e,t)=>e.map((e=>Gl[t][e])))),ql=/* @__PURE__ */_l.map(((e,t)=>e.map((e=>Gl[t][e])))),Vl=/* @__PURE__ */new Uint32Array([0,1518500249,1859775393,2400959708,2840853838]),Jl=/* @__PURE__ */new Uint32Array([1352829926,1548603684,1836072691,2053994217,0]);function Yl(e,t,r,n){return 0===e?t^r^n:1===e?t&r|~t&n:2===e?(t|~r)^n:3===e?t&n|r&~n:t^(r|~n)}const Wl=/* @__PURE__ */new Uint32Array(16);class Zl extends Bc{constructor(){super(64,20,8,!0),this.h0=1732584193,this.h1=-271733879,this.h2=-1732584194,this.h3=271733878,this.h4=-1009589776}get(){const{h0:e,h1:t,h2:r,h3:n,h4:i}=this;return[e,t,r,n,i]}set(e,t,r,n,i){this.h0=0|e,this.h1=0|t,this.h2=0|r,this.h3=0|n,this.h4=0|i}process(e,t){for(let r=0;r<16;r++,t+=4)Wl[r]=e.getUint32(t,!0);let r=0|this.h0,n=r,i=0|this.h1,s=i,a=0|this.h2,o=a,c=0|this.h3,h=c,u=0|this.h4,l=u;for(let e=0;e<5;e++){const t=4-e,y=Vl[e],f=Jl[e],g=zl[e],p=_l[e],d=jl[e],A=ql[e];for(let t=0;t<16;t++){const n=fc(r+Yl(e,i,a,c)+Wl[g[t]]+y,d[t])+u|0;r=u,u=c,c=0|fc(a,10),a=i,i=n}for(let e=0;e<16;e++){const r=fc(n+Yl(t,s,o,h)+Wl[p[e]]+f,A[e])+l|0;n=l,l=h,h=0|fc(o,10),o=s,s=r}}this.set(this.h1+a+h|0,this.h2+c+l|0,this.h3+u+n|0,this.h4+r+s|0,this.h0+i+o|0)}roundClean(){Wl.fill(0)}destroy(){this.destroyed=!0,this.buffer.fill(0),this.set(0,0,0,0,0)}}const $l=new Map(Object.entries({sha1:Nl,sha224:Uc,sha256:Pc,sha384:uu,sha512:hu,sha3_256:Uu,sha3_512:xu,ripemd160:/* @__PURE__ */bc((()=>new Zl))}));var Xl=/*#__PURE__*/Object.freeze({__proto__:null,nobleHashes:$l});function ey(e,t,r,n){e[t]+=r[n],e[t+1]+=r[n+1]+(e[t]>>24^h<<8,e[n+1]=h>>>24^c<<8,ey(e,r,e,n),ey(e,r,t,o),c=e[s]^e[r],h=e[s+1]^e[r+1],e[s]=c>>>16^h<<16,e[s+1]=h>>>16^c<<16,ey(e,i,e,s),c=e[n]^e[i],h=e[n+1]^e[i+1],e[n]=h>>>31^c<<1,e[n+1]=c>>>31^h<<1}const ny=new Uint32Array([4089235720,1779033703,2227873595,3144134277,4271175723,1013904242,1595750129,2773480762,2917565137,1359893119,725511199,2600822924,4215389547,528734635,327033209,1541459225]),iy=new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3].map((e=>2*e)));function sy(e,t){const r=new Uint32Array(32),n=new Uint32Array(e.b.buffer,e.b.byteOffset,32);for(let t=0;t<16;t++)r[t]=e.h[t],r[t+16]=ny[t];r[24]^=e.t0[0],r[25]^=e.t0[1];const i=t?4294967295:0;r[28]^=i,r[29]^=i;for(let e=0;e<12;e++){const t=e<<4;ry(r,n,0,8,16,24,iy[t+0],iy[t+1]),ry(r,n,2,10,18,26,iy[t+2],iy[t+3]),ry(r,n,4,12,20,28,iy[t+4],iy[t+5]),ry(r,n,6,14,22,30,iy[t+6],iy[t+7]),ry(r,n,0,10,20,30,iy[t+8],iy[t+9]),ry(r,n,2,12,22,24,iy[t+10],iy[t+11]),ry(r,n,4,14,16,26,iy[t+12],iy[t+13]),ry(r,n,6,8,18,28,iy[t+14],iy[t+15])}for(let t=0;t<16;t++)e.h[t]^=r[t]^r[t+16]}class ay{constructor(e,t,r,n){const i=new Uint8Array(64);this.S={b:new Uint8Array(hy),h:new Uint32Array(cy/4),t0:new Uint32Array(2),c:0,outlen:e},i[0]=e,t&&(i[1]=t.length),i[2]=1,i[3]=1,r&&i.set(r,32),n&&i.set(n,48);const s=new Uint32Array(i.buffer,i.byteOffset,i.length/Uint32Array.BYTES_PER_ELEMENT);for(let e=0;e<16;e++)this.S.h[e]=ny[e]^s[e];if(t){const e=new Uint8Array(hy);e.set(t),this.update(e)}}update(e){if(!(e instanceof Uint8Array))throw Error("Input must be Uint8Array or Buffer");let t=0;for(;t>2]>>8*(3&e);return this.S.h=null,t.buffer}}function oy(e,t,r,n){if(e>cy)throw Error(`outlen must be at most ${cy} (given: ${e})`);return new ay(e,t,r,n)}const cy=64,hy=128,uy=2,ly=19,yy=4294967295,fy=4,gy=4294967295,py=8,dy=4294967295,Ay=8,wy=4294967295,my=4294967295,by=32,ky=1024,Ey=64,vy=205===new Uint8Array(new Uint16Array([43981]).buffer)[0];function By(e,t,r){return e[r+0]=t,e[r+1]=t>>8,e[r+2]=t>>16,e[r+3]=t>>24,e}function Iy(e,t,r){if(t>Number.MAX_SAFE_INTEGER)throw Error("LE64: large numbers unsupported");let n=t;for(let t=r;t{if(tn)throw Error(`${e} size should be between ${r} and ${n} bytes`)};if(e!==uy||t!==ly)throw Error("Unsupported type or version");return u("password",n,Ay,dy),u("salt",i,py,gy),u("tag",r,fy,yy),u("memory",c,8*o,wy),s&&u("associated data",s,0,my),a&&u("secret",a,0,by),{type:e,version:t,tagLength:r,password:n,salt:i,ad:s,secret:a,lanes:o,memorySize:c,passes:h}}({type:uy,version:ly,...e}),{G:i,G2:s,xor:a,getLZ:o}=r.exports,c={},h={};h.G=i,h.G2=s,h.XOR=a;const u=4*n.lanes*Math.floor(n.memorySize/(4*n.lanes)),l=u*ky+10*Uy;if(t.buffer.byteLength{r.set(e,n),n+=e.length})),r}(i));const s=t.digest();return new Uint8Array(s)}(n),m=u/n.lanes,b=Array(n.lanes).fill(null).map((()=>Array(m))),k=(e,t)=>(b[e][t]=d.subarray(e*m*1024+1024*t,e*m*1024+1024*t+ky),b[e][t]);for(let e=0;e0?b[i][c-1]:b[i][m-1],u=r?a.next().value:h;o(f.byteOffset,u.byteOffset,i,n.lanes,e,t,s,4,E);const l=f[0],y=f[1];0===e&&k(i,c),Cy(g,h,b[l][y],e>0?p:b[i][c]),e>0&&Ky(g,b[i][c],p,b[i][c])}}}const v=b[0][m-1];for(let e=1;eQy(e,{instance:n.instance,memory:r})}function Ty(e,t,r,n){return function(e,t){var r=WebAssembly.instantiate,n=WebAssembly.compile;return t?r(e,t):n(e)}(Buffer.from(r,"base64"),n)}var My=/*#__PURE__*/Object.freeze({__proto__:null,default:async()=>Ly((e=>Ty(0,0,"AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL",e)),(e=>Ty(0,0,"AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==",e)))}),Ny=[0,1,3,7,15,31,63,127,255],Fy=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};Fy.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},Fy.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Ny[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var n=r-e;t|=(this.curByte&Ny[e]<>n,this.bitOffset+=e,e=0}}return t},Fy.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},Fy.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var Hy=Fy,Oy=function(){};Oy.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},Oy.prototype.read=function(e,t,r){for(var n=0;n>>0},this.updateCRC=function(t){e=e<<8^zy[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^zy[255&(e>>>24^t)]}}),jy=Hy,qy=_y,Vy=Gy,Jy=function(e,t){var r,n=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=n,n},Yy={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},Wy={};Wy[Yy.LAST_BLOCK]="Bad file checksum",Wy[Yy.NOT_BZIP_DATA]="Not bzip data",Wy[Yy.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",Wy[Yy.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",Wy[Yy.DATA_ERROR]="Data error",Wy[Yy.OUT_OF_MEMORY]="Out of memory",Wy[Yy.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var Zy=function(e,t){var r=Wy[e]||"unknown error";t&&(r+=": "+t);var n=new TypeError(r);throw n.errorCode=e,n},$y=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};$y.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Vy,!0):(this.writeCount=-1,!1)},$y.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||Zy(Yy.NOT_BZIP_DATA,"bad magic");var n=r[3]-48;(n<1||n>9)&&Zy(Yy.NOT_BZIP_DATA,"level out of range"),this.reader=new jy(e),this.dbufSize=1e5*n,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},$y.prototype._get_next_block=function(){var e,t,r,n=this.reader,i=n.pi();if("177245385090"===i)return!1;"314159265359"!==i&&Zy(Yy.NOT_BZIP_DATA),this.targetBlockCRC=n.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,n.read(1)&&Zy(Yy.OBSOLETE_INPUT);var s=n.read(24);s>this.dbufSize&&Zy(Yy.DATA_ERROR,"initial position out of bounds");var a=n.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(a&1<<15-e){var h=16*e;for(r=n.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=h+t)}var u=n.read(3);(u<2||u>6)&&Zy(Yy.DATA_ERROR);var l=n.read(15);0===l&&Zy(Yy.DATA_ERROR);var y=new Uint8Array(256);for(e=0;e=u&&Zy(Yy.DATA_ERROR);f[e]=Jy(y,t)}var g,p=c+2,d=[];for(t=0;t20)&&Zy(Yy.DATA_ERROR),n.read(1);)n.read(1)?a--:a++;m[e]=a}for(A=w=m[0],e=1;ew?w=m[e]:m[e]=l&&Zy(Yy.DATA_ERROR),g=d[f[S++]]),e=g.minLen,t=n.read(e);e>g.maxLen&&Zy(Yy.DATA_ERROR),!(t<=g.limit[e]);e++)t=t<<1|n.read(1);((t-=g.base[e])<0||t>=258)&&Zy(Yy.DATA_ERROR);var C=g.permute[t];if(0!==C&&1!==C){if(B)for(B=0,I+a>this.dbufSize&&Zy(Yy.DATA_ERROR),E[v=o[y[0]]]+=a;a--;)K[I++]=v;if(C>c)break;I>=this.dbufSize&&Zy(Yy.DATA_ERROR),E[v=o[v=Jy(y,e=C-1)]]++,K[I++]=v}else B||(B=1,a=0),a+=0===C?B:2*B,B<<=1}for((s<0||s>=I)&&Zy(Yy.DATA_ERROR),t=0,e=0;e<256;e++)r=t+E[e],E[e]=t,t=r;for(e=0;e>=8,U=-1),this.writePos=D,this.writeCurrent=P,this.writeCount=I,this.writeRun=U,!0},$y.prototype._read_bunzip=function(e,t){var r,n,i;if(this.writeCount<0)return 0;var s=this.dbuf,a=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var h=this.writeRun;c;){for(c--,n=o,o=255&(a=s[a]),a>>=8,3==h++?(r=o,i=n,o=-1):(r=1,i=o),this.blockCRC.updateCRCRun(i,r);r--;)this.outputStream.writeByte(i),this.nextoutput++;o!=n&&(h=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&Zy(Yy.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var Xy=function(e){if("readByte"in e)return e;var t=new qy;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},ef=function(e){var t=new qy,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var tf={Bunzip:$y,Stream:qy,Err:Yy,decode:function(e,t,r){for(var n=Xy(e),i=ef(t),s=new $y(n,i);!("eof"in n)||!n.eof();)if(s._init_block())s._read_bunzip();else{var a=s.reader.read(32)>>>0;if(a!==s.streamCRC&&Zy(Yy.DATA_ERROR,"Bad stream CRC (got "+s.streamCRC.toString(16)+" expected "+a.toString(16)+")"),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i)}if("getBuffer"in i)return i.getBuffer()},decodeBlock:function(e,t,r){var n=Xy(e),i=ef(r),s=new $y(n,i);if(s.reader.seek(t),s._get_next_block()&&(s.blockCRC=new Vy,s.writeCopies=0,s._read_bunzip()),"getBuffer"in i)return i.getBuffer()},table:function(e,t,r){var n=new qy;n.delegate=Xy(e),n.pos=0,n.readByte=function(){return this.pos++,this.delegate.readByte()},n.delegate.eof&&(n.eof=n.delegate.eof.bind(n.delegate));var i=new qy;i.pos=0,i.writeByte=function(){this.pos++};for(var s=new $y(n,i),a=s.dbufSize;!("eof"in n)||!n.eof();){var o=8*n.pos+s.reader.bitOffset;if(s.reader.hasByte&&(o-=8),s._init_block()){var c=i.pos;s._read_bunzip(),t(o,i.pos-c)}else{if(s.reader.read(32),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i),console.assert(s.dbufSize===a,"shouldn't change block size within multistream file")}}}},rf=/*#__PURE__*/n({__proto__:null},[tf]);export{xa as AEADEncryptedDataPacket,To as CleartextMessage,Ea as CompressedDataPacket,ua as LiteralDataPacket,Fa as MarkerPacket,Po as Message,wa as OnePassSignaturePacket,ba as PacketList,Va as PaddingPacket,mo as PrivateKey,wo as PublicKey,Qa as PublicKeyEncryptedSessionKeyPacket,Ta as PublicKeyPacket,Ha as PublicSubkeyPacket,za as SecretKeyPacket,ja as SecretSubkeyPacket,Ya as Signature,pa as SignaturePacket,yo as Subkey,Da as SymEncryptedIntegrityProtectedDataPacket,La as SymEncryptedSessionKeyPacket,Na as SymmetricallyEncryptedDataPacket,qa as TrustPacket,Wn as UnparseablePacket,Oa as UserAttributePacket,Ga as UserIDPacket,te as armor,M as config,No as createCleartextMessage,Ro as createMessage,jo as decrypt,zo as decryptKey,Wo as decryptSessionKeys,Go as encrypt,_o as encryptKey,Yo as encryptSessionKey,T as enums,Fo as generateKey,Jo as generateSessionKey,Mo as readCleartextMessage,vo as readKey,Io as readKeys,Qo as readMessage,Bo as readPrivateKey,So as readPrivateKeys,Wa as readSignature,Ho as reformatKey,Oo as revokeKey,qo as sign,ee as unarmor,Vo as verify}; //# sourceMappingURL=openpgp.min.mjs.map diff --git a/app/node_modules/openpgp/dist/node/openpgp.min.mjs.map b/app/node_modules/openpgp/dist/node/openpgp.min.mjs.map index 84b6bcadd..322862aac 100644 --- a/app/node_modules/openpgp/dist/node/openpgp.min.mjs.map +++ b/app/node_modules/openpgp/dist/node/openpgp.min.mjs.map @@ -1 +1 @@ -{"version":3,"file":"openpgp.min.mjs","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/node-conversions.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/biginteger/native.interface.js","../../src/biginteger/index.js","../../src/enums.js","../../src/util.js","../../src/encoding/base64.js","../../src/config/config.js","../../src/encoding/armor.js","../../src/type/keyid.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/utils.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/other/errors.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ecb.js","../../src/crypto/cipher/aes.js","../../src/crypto/cipher/des.js","../../src/crypto/cipher/cast5.js","../../src/crypto/cipher/twofish.js","../../src/crypto/cipher/blowfish.js","../../src/crypto/cipher/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.asm.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/hash.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.asm.js","../../node_modules/minimalistic-assert/index.js","../../node_modules/inherits/inherits_browser.js","../../node_modules/inherits/inherits.js","../../node_modules/hash.js/lib/hash/utils.js","../../node_modules/hash.js/lib/hash/common.js","../../node_modules/hash.js/lib/hash/sha/common.js","../../node_modules/hash.js/lib/hash/sha/256.js","../../node_modules/hash.js/lib/hash/sha/224.js","../../node_modules/hash.js/lib/hash/sha/512.js","../../node_modules/hash.js/lib/hash/sha/384.js","../../node_modules/hash.js/lib/hash/ripemd.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cfb.js","../../src/crypto/cipher/getCipher.js","../../src/crypto/mode/cfb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ctr.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cbc.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/gcm.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../node_modules/@openpgp/tweetnacl/nacl-fast-light.js","../../src/crypto/random.js","../../src/crypto/public_key/prime.js","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../src/type/oid.js","../../src/crypto/public_key/elliptic/indutnyKey.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../node_modules/@openpgp/pako/lib/utils/common.js","../../node_modules/@openpgp/pako/lib/zlib/constants.js","../../node_modules/@openpgp/pako/lib/zlib/trees.js","../../node_modules/@openpgp/pako/lib/zlib/adler32.js","../../node_modules/@openpgp/pako/lib/zlib/crc32.js","../../node_modules/@openpgp/pako/lib/zlib/messages.js","../../node_modules/@openpgp/pako/lib/zlib/deflate.js","../../node_modules/@openpgp/pako/lib/utils/strings.js","../../node_modules/@openpgp/pako/lib/zlib/zstream.js","../../node_modules/@openpgp/pako/lib/deflate.js","../../node_modules/@openpgp/pako/lib/zlib/inffast.js","../../node_modules/@openpgp/pako/lib/zlib/inftrees.js","../../node_modules/@openpgp/pako/lib/zlib/inflate.js","../../node_modules/@openpgp/pako/lib/zlib/gzheader.js","../../node_modules/@openpgp/pako/lib/inflate.js","../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js","../../src/packet/literal_data.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/type/s2k.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/marker.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../node_modules/email-addresses/lib/email-addresses.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/packet/trust.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js","../../node_modules/@openpgp/web-stream-tools/node_modules/web-streams-polyfill/dist/ponyfill.es6.mjs","../../node_modules/@mattiasbuelens/web-streams-adapter/dist/web-streams-adapter.mjs","../../node_modules/bn.js/lib/bn.js","../../src/biginteger/bn.interface.js","../../node_modules/brorand/index.js","../../node_modules/minimalistic-crypto-utils/lib/utils.js","../../node_modules/@openpgp/elliptic/lib/elliptic/utils.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/base.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/short.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/mont.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/edwards.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curve/index.js","../../node_modules/hash.js/lib/hash/sha/1.js","../../node_modules/hash.js/lib/hash/sha.js","../../node_modules/hash.js/lib/hash/hmac.js","../../node_modules/hash.js/lib/hash.js","../../node_modules/@openpgp/elliptic/lib/elliptic/precomputed/secp256k1.js","../../node_modules/@openpgp/elliptic/lib/elliptic/curves.js","../../node_modules/hmac-drbg/lib/hmac-drbg.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/key.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/signature.js","../../node_modules/@openpgp/elliptic/lib/elliptic/ec/index.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/key.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/signature.js","../../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/index.js","../../node_modules/@openpgp/elliptic/lib/elliptic.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","import * as streams from './streams';\nimport { isArrayStream } from './writer';\n\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n if (streams.ReadableStream && streams.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'ponyfill';\n }\n if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) {\n return 'node';\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isNode } from './util';\nimport * as streams from './streams';\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Web / node stream conversion functions\n * From https://github.com/gwicke/node-web-streams\n */\n\nlet nodeToWeb;\nlet webToNode;\n\nif (NodeReadableStream) {\n\n /**\n * Convert a Node Readable Stream to a Web ReadableStream\n * @param {Readable} nodeStream\n * @returns {ReadableStream}\n */\n nodeToWeb = function(nodeStream) {\n let canceled = false;\n return new streams.ReadableStream({\n start(controller) {\n nodeStream.pause();\n nodeStream.on('data', chunk => {\n if (canceled) {\n return;\n }\n if (NodeBuffer.isBuffer(chunk)) {\n chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength);\n }\n controller.enqueue(chunk);\n nodeStream.pause();\n });\n nodeStream.on('end', () => {\n if (canceled) {\n return;\n }\n controller.close();\n });\n nodeStream.on('error', e => controller.error(e));\n },\n pull() {\n nodeStream.resume();\n },\n cancel(reason) {\n canceled = true;\n nodeStream.destroy(reason);\n }\n });\n };\n\n\n class NodeReadable extends NodeReadableStream {\n constructor(webStream, options) {\n super(options);\n this._reader = streams.getReader(webStream);\n }\n\n async _read(size) {\n try {\n while (true) {\n const { done, value } = await this._reader.read();\n if (done) {\n this.push(null);\n break;\n }\n if (!this.push(value)) {\n break;\n }\n }\n } catch (e) {\n this.destroy(e);\n }\n }\n\n async _destroy(error, callback) {\n this._reader.cancel(error).then(callback, callback);\n }\n }\n\n /**\n * Convert a Web ReadableStream to a Node Readable Stream\n * @param {ReadableStream} webStream\n * @param {Object} options\n * @returns {Readable}\n */\n webToNode = function(webStream, options) {\n return new NodeReadable(webStream, options);\n };\n\n}\n\nexport { nodeToWeb, webToNode };\n","import * as streams from './streams';\nimport { isUint8Array } from './util';\n\nconst doneReadingSet = new WeakSet();\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (streams.isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = async () => {};\n return;\n }\n let streamType = streams.isStream(input);\n if (streamType === 'node') {\n input = streams.nodeToWeb(input);\n }\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array } from './util';\nimport { nodeToWeb, webToNode } from './node-conversions';\nimport { Reader, externalBuffer } from './reader';\nimport { ArrayStream, Writer } from './writer';\n\nlet { ReadableStream, WritableStream, TransformStream } = globalThis;\n\nlet toPonyfillReadable, toNativeReadable;\n\nasync function loadStreamsPonyfill() {\n if (TransformStream) {\n return;\n }\n\n const [ponyfill, adapter] = await Promise.all([\n import('web-streams-polyfill/ponyfill/es6'),\n import('@mattiasbuelens/web-streams-adapter')\n ]);\n\n ({ ReadableStream, WritableStream, TransformStream } = ponyfill);\n\n const { createReadableStreamWrapper } = adapter;\n\n if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) {\n toPonyfillReadable = createReadableStreamWrapper(ReadableStream);\n toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream);\n }\n}\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType === 'node') {\n return nodeToWeb(input);\n }\n if (streamType === 'web' && toPonyfillReadable) {\n return toPonyfillReadable(input);\n }\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert data to ArrayStream\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n if (NodeBuffer && NodeBuffer.isBuffer(list[0])) {\n return NodeBuffer.concat(list);\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n } else {\n lastBytes = returnValue;\n }\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input) && !(NodeBuffer && NodeBuffer.isBuffer(input))) {\n if (end === Infinity) end = input.length;\n return input.subarray(begin, end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n return input.cancel(reason);\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n\nexport { ReadableStream, WritableStream, TransformStream, ArrayStream, loadStreamsPonyfill, isStream, isArrayStream, isUint8Array, toStream, toPonyfillReadable, toNativeReadable, concatUint8Array, concatStream, concat, getReader, getWriter, pipe, transformRaw, transform, transformPair, parse, clone, passiveClone, slice, readToEnd, cancel, fromAsync, nodeToWeb, webToNode };\n","/* eslint-disable new-cap */\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * that wraps the native BigInt library.\n * Operations are not constant time,\n * but we try and limit timing leakage where we can\n * @module biginteger/native\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on null or undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n if (n instanceof Uint8Array) {\n const bytes = n;\n const hex = new Array(bytes.length);\n for (let i = 0; i < bytes.length; i++) {\n const hexByte = bytes[i].toString(16);\n hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte;\n }\n this.value = BigInt('0x0' + hex.join(''));\n } else {\n this.value = BigInt(n);\n }\n }\n\n clone() {\n return new BigInteger(this.value);\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value++;\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value--;\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value += x.value;\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value -= x.value;\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value *= x.value;\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value %= m.value;\n if (this.isNegative()) {\n this.iadd(m);\n }\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation using square and multiply\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n if (n.isZero()) throw Error('Modulo cannot be zero');\n if (n.isOne()) return new BigInteger(0);\n if (e.isNegative()) throw Error('Unsopported negative exponent');\n\n let exp = e.value;\n let x = this.value;\n\n x %= n.value;\n let r = BigInt(1);\n while (exp > BigInt(0)) {\n const lsb = exp & BigInt(1);\n exp >>= BigInt(1); // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n.value;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n.value; // Square\n }\n return new BigInteger(r);\n }\n\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n const { gcd, x } = this._egcd(n);\n if (!gcd.isOne()) {\n throw new Error('Inverse does not exist');\n }\n return x.add(n).mod(n);\n }\n\n /**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b)\n * @param {BigInteger} b - Second operand\n * @returns {{ gcd, x, y: BigInteger }}\n */\n _egcd(b) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n let a = this.value;\n b = b.value;\n\n while (b !== BigInt(0)) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: new BigInteger(xPrev),\n y: new BigInteger(yPrev),\n gcd: new BigInteger(a)\n };\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} b - Operand\n * @returns {BigInteger} gcd\n */\n gcd(b) {\n let a = this.value;\n b = b.value;\n while (b !== BigInt(0)) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return new BigInteger(a);\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value <<= x.value;\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value >>= x.value;\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value === x.value;\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value < x.value;\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value <= x.value;\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value > x.value;\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value >= x.value;\n }\n\n isZero() {\n return this.value === BigInt(0);\n }\n\n isOne() {\n return this.value === BigInt(1);\n }\n\n isNegative() {\n return this.value < BigInt(0);\n }\n\n isEven() {\n return !(this.value & BigInt(1));\n }\n\n abs() {\n const res = this.clone();\n if (this.isNegative()) {\n res.value = -res.value;\n }\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n const number = Number(this.value);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n const bit = (this.value >> BigInt(i)) & BigInt(1);\n return (bit === BigInt(0)) ? 0 : 1;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n const zero = new BigInteger(0);\n const one = new BigInteger(1);\n const negOne = new BigInteger(-1);\n\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = this.isNegative() ? negOne : zero;\n let bitlen = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(one).equal(target)) {\n bitlen++;\n }\n return bitlen;\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n const zero = new BigInteger(0);\n const negOne = new BigInteger(-1);\n\n const target = this.isNegative() ? negOne : zero;\n const eight = new BigInteger(8);\n let len = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(eight).equal(target)) {\n len++;\n }\n return len;\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = this.value.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? (length - rawLength) : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n }\n}\n","import BigInteger from './native.interface';\n\nconst detectBigInt = () => typeof BigInt !== 'undefined';\n\nasync function getBigInteger() {\n if (detectBigInt()) {\n return BigInteger;\n } else {\n const { default: BigInteger } = await import('./bn.interface');\n return BigInteger;\n }\n}\n\nexport { getBigInteger };\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'p256': 'p256',\n 'P-256': 'p256',\n 'secp256r1': 'p256',\n 'prime256v1': 'p256',\n '1.2.840.10045.3.1.7': 'p256',\n '2a8648ce3d030107': 'p256',\n '2A8648CE3D030107': 'p256',\n\n /** NIST P-384 Curve */\n 'p384': 'p384',\n 'P-384': 'p384',\n 'secp384r1': 'p384',\n '1.3.132.0.34': 'p384',\n '2b81040022': 'p384',\n '2B81040022': 'p384',\n\n /** NIST P-521 Curve */\n 'p521': 'p521',\n 'P-521': 'p521',\n 'secp521r1': 'p521',\n '1.3.132.0.35': 'p521',\n '2b81040023': 'p521',\n '2B81040023': 'p521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n '1.3.132.0.10': 'secp256k1',\n '2b8104000a': 'secp256k1',\n '2B8104000A': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519',\n 'ED25519': 'ed25519',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519',\n 'Ed25519': 'ed25519',\n '1.3.6.1.4.1.11591.15.1': 'ed25519',\n '2b06010401da470f01': 'ed25519',\n '2B06010401DA470F01': 'ed25519',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519',\n 'X25519': 'curve25519',\n 'cv25519': 'curve25519',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519',\n 'Curve25519': 'curve25519',\n '1.3.6.1.4.1.3029.1.5.1': 'curve25519',\n '2b060104019755010501': 'curve25519',\n '2B060104019755010501': 'curve25519',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',\n '2b2403030208010107': 'brainpoolP256r1',\n '2B2403030208010107': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',\n '2b240303020801010b': 'brainpoolP384r1',\n '2B240303020801010B': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1',\n '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',\n '2b240303020801010d': 'brainpoolP512r1',\n '2B240303020801010D': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility\n /** @deprecated use `eddsaLegacy` instead */\n ed25519Legacy: 22,\n /** @deprecated use `eddsaLegacy` instead */\n eddsa: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n plaintext: 0,\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuer: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { getBigInteger } from './biginteger';\nimport enums from './enums';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n return bytes.subarray(2, 2 + bytelen);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const r = [];\n const e = bytes.length;\n let c = 0;\n let h;\n while (c < e) {\n h = bytes[c++].toString(16);\n while (h.length < 2) {\n h = '0' + h;\n }\n r.push('' + h);\n }\n return r.join('');\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography api, only the current version of the spec.\n * @returns {Object} The SubtleCrypto api or 'undefined'.\n */\n getWebCrypto: function() {\n return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n },\n\n /**\n * Get BigInteger class\n * It wraps the native BigInt type if it's available\n * Otherwise it relies on bn.js\n * @returns {BigInteger}\n * @async\n */\n getBigInteger,\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return require('crypto');\n },\n\n getNodeZlib: function() {\n return require('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (require('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = require('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^(([^<>()[\\]\\\\.,;:\\s@\"]+(\\.[^<>()[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\\-0-9]+)))$/;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha256,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * @memberof module:config\n * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9\n */\n deflateLevel: 6,\n\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.eax,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use V5 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v5Keys\n */\n v5Keys: false,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:\n * Iteration Count Byte for S2K (String to Key)\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * @memberof module:config\n * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum\n */\n checksumRequired: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * @memberof module:config\n * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored\n */\n revocationsExpire: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n\n /**\n * @memberof module:config\n * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available\n */\n minBytesForWebCrypto: 1000,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * Note: the indutny/elliptic curve library is not designed to be constant time.\n * @memberof module:config\n * @property {Boolean} useIndutnyElliptic\n */\n useIndutnyElliptic: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n } else\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n } else\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n } else\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n } else\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n } else\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n } else\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Splits a message into two parts, the body and the checksum. This is an internal function\n * @param {String} text - OpenPGP armored message part\n * @returns {Object} An object with attribute \"body\" containing the body.\n * and an attribute \"checksum\" containing the checksum.\n * @private\n */\nfunction splitChecksum(text) {\n let body = text;\n let checksum = '';\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n checksum = text.slice(lastEquals + 1).substr(0, 4);\n }\n\n return { body: body, checksum: checksum };\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input, config = defaultConfig) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n let checksum;\n let data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== 2) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === 2) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const split = splitChecksum(parts[0].slice(0, -1));\n checksum = split.checksum;\n await writer.write(split.body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n data = stream.transformPair(data, async (readable, writable) => {\n const checksumVerified = stream.readToEnd(getCheckSum(stream.passiveClone(readable)));\n checksumVerified.catch(() => {});\n await stream.pipe(readable, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n const checksumVerifiedString = (await checksumVerified).replace('\\n', '');\n if (checksum !== checksumVerifiedString && (checksum || config.checksumRequired)) {\n throw new Error('Ascii armor integrity check failed');\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n const bodyClone = stream.passiveClone(body);\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push('Hash: ' + hash + '\\n\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n * @private\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","/**\n * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}.\n * @author Artem S Vybornov \n * @license MIT\n */\nexport var AES_asm = function () {\n \"use strict\";\n\n /**\n * Galois Field stuff init flag\n */\n var ginit_done = false;\n\n /**\n * Galois Field exponentiation and logarithm tables for 3 (the generator)\n */\n var gexp3, glog3;\n\n /**\n * Init Galois Field tables\n */\n function ginit() {\n gexp3 = [],\n glog3 = [];\n\n var a = 1, c, d;\n for (c = 0; c < 255; c++) {\n gexp3[c] = a;\n\n // Multiply by three\n d = a & 0x80, a <<= 1, a &= 255;\n if (d === 0x80) a ^= 0x1b;\n a ^= gexp3[c];\n\n // Set the log table value\n glog3[gexp3[c]] = c;\n }\n gexp3[255] = gexp3[0];\n glog3[0] = 0;\n\n ginit_done = true;\n }\n\n /**\n * Galois Field multiplication\n * @param {number} a\n * @param {number} b\n * @return {number}\n */\n function gmul(a, b) {\n var c = gexp3[(glog3[a] + glog3[b]) % 255];\n if (a === 0 || b === 0) c = 0;\n return c;\n }\n\n /**\n * Galois Field reciprocal\n * @param {number} a\n * @return {number}\n */\n function ginv(a) {\n var i = gexp3[255 - glog3[a]];\n if (a === 0) i = 0;\n return i;\n }\n\n /**\n * AES stuff init flag\n */\n var aes_init_done = false;\n\n /**\n * Encryption, Decryption, S-Box and KeyTransform tables\n *\n * @type {number[]}\n */\n var aes_sbox;\n\n /**\n * @type {number[]}\n */\n var aes_sinv;\n\n /**\n * @type {number[][]}\n */\n var aes_enc;\n\n /**\n * @type {number[][]}\n */\n var aes_dec;\n\n /**\n * Init AES tables\n */\n function aes_init() {\n if (!ginit_done) ginit();\n\n // Calculates AES S-Box value\n function _s(a) {\n var c, s, x;\n s = x = ginv(a);\n for (c = 0; c < 4; c++) {\n s = ((s << 1) | (s >>> 7)) & 255;\n x ^= s;\n }\n x ^= 99;\n return x;\n }\n\n // Tables\n aes_sbox = [],\n aes_sinv = [],\n aes_enc = [[], [], [], []],\n aes_dec = [[], [], [], []];\n\n for (var i = 0; i < 256; i++) {\n var s = _s(i);\n\n // S-Box and its inverse\n aes_sbox[i] = s;\n aes_sinv[s] = i;\n\n // Ecryption and Decryption tables\n aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s);\n aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i);\n // Rotate tables\n for (var t = 1; t < 4; t++) {\n aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24);\n aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24);\n }\n }\n\n aes_init_done = true;\n }\n\n /**\n * Asm.js module constructor.\n *\n *

\n * Heap buffer layout by offset:\n * 

\n   * 0x0000   encryption key schedule\n   * 0x0400   decryption key schedule\n   * 0x0800   sbox\n   * 0x0c00   inv sbox\n   * 0x1000   encryption tables\n   * 0x2000   decryption tables\n   * 0x3000   reserved (future GCM multiplication lookup table)\n   * 0x4000   data\n   *
\n * Don't touch anything before 0x400.\n *

\n *\n * @alias AES_asm\n * @class\n * @param foreign - ignored\n * @param buffer - heap buffer to link with\n */\n var wrapper = function (foreign, buffer) {\n // Init AES stuff for the first time\n if (!aes_init_done) aes_init();\n\n // Fill up AES tables\n var heap = new Uint32Array(buffer);\n heap.set(aes_sbox, 0x0800 >> 2);\n heap.set(aes_sinv, 0x0c00 >> 2);\n for (var i = 0; i < 4; i++) {\n heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2);\n heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2);\n }\n\n /**\n * Calculate AES key schedules.\n * @instance\n * @memberof AES_asm\n * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly)\n * @param {number} k0 - key vector components\n * @param {number} k1 - key vector components\n * @param {number} k2 - key vector components\n * @param {number} k3 - key vector components\n * @param {number} k4 - key vector components\n * @param {number} k5 - key vector components\n * @param {number} k6 - key vector components\n * @param {number} k7 - key vector components\n */\n function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) {\n var ekeys = heap.subarray(0x000, 60),\n dkeys = heap.subarray(0x100, 0x100 + 60);\n\n // Encryption key schedule\n ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]);\n for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) {\n var k = ekeys[i - 1];\n if ((i % ks === 0) || (ks === 8 && i % ks === 4)) {\n k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255];\n }\n if (i % ks === 0) {\n k = (k << 8) ^ (k >>> 24) ^ (rcon << 24);\n rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0);\n }\n ekeys[i] = ekeys[i - ks] ^ k;\n }\n\n // Decryption key schedule\n for (var j = 0; j < i; j += 4) {\n for (var jj = 0; jj < 4; jj++) {\n var k = ekeys[i - (4 + j) + (4 - jj) % 4];\n if (j < 4 || j >= i - 4) {\n dkeys[j + jj] = k;\n } else {\n dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]]\n ^ aes_dec[1][aes_sbox[k >>> 16 & 255]]\n ^ aes_dec[2][aes_sbox[k >>> 8 & 255]]\n ^ aes_dec[3][aes_sbox[k & 255]];\n }\n }\n }\n\n // Set rounds number\n asm.set_rounds(ks + 5);\n }\n\n // create library object with necessary properties\n var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array};\n\n var asm = function (stdlib, foreign, buffer) {\n \"use asm\";\n\n var S0 = 0, S1 = 0, S2 = 0, S3 = 0,\n I0 = 0, I1 = 0, I2 = 0, I3 = 0,\n N0 = 0, N1 = 0, N2 = 0, N3 = 0,\n M0 = 0, M1 = 0, M2 = 0, M3 = 0,\n H0 = 0, H1 = 0, H2 = 0, H3 = 0,\n R = 0;\n\n var HEAP = new stdlib.Uint32Array(buffer),\n DATA = new stdlib.Uint8Array(buffer);\n\n /**\n * AES core\n * @param {number} k - precomputed key schedule offset\n * @param {number} s - precomputed sbox table offset\n * @param {number} t - precomputed round table offset\n * @param {number} r - number of inner rounds to perform\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _core(k, s, t, r, x0, x1, x2, x3) {\n k = k | 0;\n s = s | 0;\n t = t | 0;\n r = r | 0;\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t1 = 0, t2 = 0, t3 = 0,\n y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n i = 0;\n\n t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00;\n\n // round 0\n x0 = x0 ^ HEAP[(k | 0) >> 2],\n x1 = x1 ^ HEAP[(k | 4) >> 2],\n x2 = x2 ^ HEAP[(k | 8) >> 2],\n x3 = x3 ^ HEAP[(k | 12) >> 2];\n\n // round 1..r\n for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) {\n y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n x0 = y0, x1 = y1, x2 = y2, x3 = y3;\n }\n\n // final round\n S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n }\n\n /**\n * ECB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n x0,\n x1,\n x2,\n x3\n );\n }\n\n /**\n * ECB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n }\n\n\n /**\n * CBC mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0 ^ x0,\n I1 ^ x1,\n I2 ^ x2,\n I3 ^ x3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n }\n\n /**\n * CBC mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n\n S0 = S0 ^ I0,\n S1 = S1 ^ I1,\n S2 = S2 ^ I2,\n S3 = S3 ^ I3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * CFB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0 = S0 ^ x0,\n I1 = S1 = S1 ^ x1,\n I2 = S2 = S2 ^ x2,\n I3 = S3 = S3 ^ x3;\n }\n\n\n /**\n * CFB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * OFB mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ofb(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n }\n\n /**\n * CTR mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ctr(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n N0,\n N1,\n N2,\n N3\n );\n\n N3 = (~M3 & N3) | M3 & (N3 + 1);\n N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0));\n N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0));\n N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0));\n\n S0 = S0 ^ x0;\n S1 = S1 ^ x1;\n S2 = S2 ^ x2;\n S3 = S3 ^ x3;\n }\n\n /**\n * GCM mode MAC calculation\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _gcm_mac(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n z0 = 0, z1 = 0, z2 = 0, z3 = 0,\n i = 0, c = 0;\n\n x0 = x0 ^ I0,\n x1 = x1 ^ I1,\n x2 = x2 ^ I2,\n x3 = x3 ^ I3;\n\n y0 = H0 | 0,\n y1 = H1 | 0,\n y2 = H2 | 0,\n y3 = H3 | 0;\n\n for (; (i | 0) < 128; i = (i + 1) | 0) {\n if (y0 >>> 31) {\n z0 = z0 ^ x0,\n z1 = z1 ^ x1,\n z2 = z2 ^ x2,\n z3 = z3 ^ x3;\n }\n\n y0 = (y0 << 1) | (y1 >>> 31),\n y1 = (y1 << 1) | (y2 >>> 31),\n y2 = (y2 << 1) | (y3 >>> 31),\n y3 = (y3 << 1);\n\n c = x3 & 1;\n\n x3 = (x3 >>> 1) | (x2 << 31),\n x2 = (x2 >>> 1) | (x1 << 31),\n x1 = (x1 >>> 1) | (x0 << 31),\n x0 = (x0 >>> 1);\n\n if (c) x0 = x0 ^ 0xe1000000;\n }\n\n I0 = z0,\n I1 = z1,\n I2 = z2,\n I3 = z3;\n }\n\n /**\n * Set the internal rounds number.\n * @instance\n * @memberof AES_asm\n * @param {number} r - number if inner AES rounds\n */\n function set_rounds(r) {\n r = r | 0;\n R = r;\n }\n\n /**\n * Populate the internal state of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} s0 - state vector\n * @param {number} s1 - state vector\n * @param {number} s2 - state vector\n * @param {number} s3 - state vector\n */\n function set_state(s0, s1, s2, s3) {\n s0 = s0 | 0;\n s1 = s1 | 0;\n s2 = s2 | 0;\n s3 = s3 | 0;\n\n S0 = s0,\n S1 = s1,\n S2 = s2,\n S3 = s3;\n }\n\n /**\n * Populate the internal iv of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} i0 - iv vector\n * @param {number} i1 - iv vector\n * @param {number} i2 - iv vector\n * @param {number} i3 - iv vector\n */\n function set_iv(i0, i1, i2, i3) {\n i0 = i0 | 0;\n i1 = i1 | 0;\n i2 = i2 | 0;\n i3 = i3 | 0;\n\n I0 = i0,\n I1 = i1,\n I2 = i2,\n I3 = i3;\n }\n\n /**\n * Set nonce for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} n0 - nonce vector\n * @param {number} n1 - nonce vector\n * @param {number} n2 - nonce vector\n * @param {number} n3 - nonce vector\n */\n function set_nonce(n0, n1, n2, n3) {\n n0 = n0 | 0;\n n1 = n1 | 0;\n n2 = n2 | 0;\n n3 = n3 | 0;\n\n N0 = n0,\n N1 = n1,\n N2 = n2,\n N3 = n3;\n }\n\n /**\n * Set counter mask for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} m0 - counter mask vector\n * @param {number} m1 - counter mask vector\n * @param {number} m2 - counter mask vector\n * @param {number} m3 - counter mask vector\n */\n function set_mask(m0, m1, m2, m3) {\n m0 = m0 | 0;\n m1 = m1 | 0;\n m2 = m2 | 0;\n m3 = m3 | 0;\n\n M0 = m0,\n M1 = m1,\n M2 = m2,\n M3 = m3;\n }\n\n /**\n * Set counter for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} c0 - counter vector\n * @param {number} c1 - counter vector\n * @param {number} c2 - counter vector\n * @param {number} c3 - counter vector\n */\n function set_counter(c0, c1, c2, c3) {\n c0 = c0 | 0;\n c1 = c1 | 0;\n c2 = c2 | 0;\n c3 = c3 | 0;\n\n N3 = (~M3 & N3) | M3 & c3,\n N2 = (~M2 & N2) | M2 & c2,\n N1 = (~M1 & N1) | M1 & c1,\n N0 = (~M0 & N0) | M0 & c0;\n }\n\n /**\n * Store the internal state vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_state(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n return 16;\n }\n\n /**\n * Store the internal iv vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_iv(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = I0 >>> 24,\n DATA[pos | 1] = I0 >>> 16 & 255,\n DATA[pos | 2] = I0 >>> 8 & 255,\n DATA[pos | 3] = I0 & 255,\n DATA[pos | 4] = I1 >>> 24,\n DATA[pos | 5] = I1 >>> 16 & 255,\n DATA[pos | 6] = I1 >>> 8 & 255,\n DATA[pos | 7] = I1 & 255,\n DATA[pos | 8] = I2 >>> 24,\n DATA[pos | 9] = I2 >>> 16 & 255,\n DATA[pos | 10] = I2 >>> 8 & 255,\n DATA[pos | 11] = I2 & 255,\n DATA[pos | 12] = I3 >>> 24,\n DATA[pos | 13] = I3 >>> 16 & 255,\n DATA[pos | 14] = I3 >>> 8 & 255,\n DATA[pos | 15] = I3 & 255;\n\n return 16;\n }\n\n /**\n * GCM initialization.\n * @instance\n * @memberof AES_asm\n */\n function gcm_init() {\n _ecb_enc(0, 0, 0, 0);\n H0 = S0,\n H1 = S1,\n H2 = S2,\n H3 = S3;\n }\n\n /**\n * Perform ciphering operation on the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function cipher(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _cipher_modes[mode & 7](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * Calculates MAC of the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function mac(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _mac_modes[mode & 1](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * AES cipher modes table (virual methods)\n */\n var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr];\n\n /**\n * AES MAC modes table (virual methods)\n */\n var _mac_modes = [_cbc_enc, _gcm_mac];\n\n /**\n * Asm.js module exports\n */\n return {\n set_rounds: set_rounds,\n set_state: set_state,\n set_iv: set_iv,\n set_nonce: set_nonce,\n set_mask: set_mask,\n set_counter: set_counter,\n get_state: get_state,\n get_iv: get_iv,\n gcm_init: gcm_init,\n cipher: cipher,\n mac: mac,\n };\n }(stdlib, foreign, buffer);\n\n asm.set_key = set_key;\n\n return asm;\n };\n\n /**\n * AES enciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.ENC = {\n ECB: 0,\n CBC: 2,\n CFB: 4,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES deciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.DEC = {\n ECB: 1,\n CBC: 3,\n CFB: 5,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES MAC mode constants\n * @enum {number}\n * @const\n */\n wrapper.MAC = {\n CBC: 0,\n GCM: 1,\n };\n\n /**\n * Heap data offset\n * @type {number}\n * @const\n */\n wrapper.HEAP_DATA = 0x4000;\n\n return wrapper;\n}();\n","const local_atob = typeof atob === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'base64').toString('binary') : atob;\nconst local_btoa = typeof btoa === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'binary').toString('base64') : btoa;\nexport function string_to_bytes(str, utf8 = false) {\n var len = str.length, bytes = new Uint8Array(utf8 ? 4 * len : len);\n for (var i = 0, j = 0; i < len; i++) {\n var c = str.charCodeAt(i);\n if (utf8 && 0xd800 <= c && c <= 0xdbff) {\n if (++i >= len)\n throw new Error('Malformed string, low surrogate expected at position ' + i);\n c = ((c ^ 0xd800) << 10) | 0x10000 | (str.charCodeAt(i) ^ 0xdc00);\n }\n else if (!utf8 && c >>> 8) {\n throw new Error('Wide characters are not allowed.');\n }\n if (!utf8 || c <= 0x7f) {\n bytes[j++] = c;\n }\n else if (c <= 0x7ff) {\n bytes[j++] = 0xc0 | (c >> 6);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else if (c <= 0xffff) {\n bytes[j++] = 0xe0 | (c >> 12);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else {\n bytes[j++] = 0xf0 | (c >> 18);\n bytes[j++] = 0x80 | ((c >> 12) & 0x3f);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n }\n return bytes.subarray(0, j);\n}\nexport function hex_to_bytes(str) {\n var len = str.length;\n if (len & 1) {\n str = '0' + str;\n len++;\n }\n var bytes = new Uint8Array(len >> 1);\n for (var i = 0; i < len; i += 2) {\n bytes[i >> 1] = parseInt(str.substr(i, 2), 16);\n }\n return bytes;\n}\nexport function base64_to_bytes(str) {\n return string_to_bytes(local_atob(str));\n}\nexport function bytes_to_string(bytes, utf8 = false) {\n var len = bytes.length, chars = new Array(len);\n for (var i = 0, j = 0; i < len; i++) {\n var b = bytes[i];\n if (!utf8 || b < 128) {\n chars[j++] = b;\n }\n else if (b >= 192 && b < 224 && i + 1 < len) {\n chars[j++] = ((b & 0x1f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 224 && b < 240 && i + 2 < len) {\n chars[j++] = ((b & 0xf) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 240 && b < 248 && i + 3 < len) {\n var c = ((b & 7) << 18) | ((bytes[++i] & 0x3f) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n if (c <= 0xffff) {\n chars[j++] = c;\n }\n else {\n c ^= 0x10000;\n chars[j++] = 0xd800 | (c >> 10);\n chars[j++] = 0xdc00 | (c & 0x3ff);\n }\n }\n else {\n throw new Error('Malformed UTF8 character at byte offset ' + i);\n }\n }\n var str = '', bs = 16384;\n for (var i = 0; i < j; i += bs) {\n str += String.fromCharCode.apply(String, chars.slice(i, i + bs <= j ? i + bs : j));\n }\n return str;\n}\nexport function bytes_to_hex(arr) {\n var str = '';\n for (var i = 0; i < arr.length; i++) {\n var h = (arr[i] & 0xff).toString(16);\n if (h.length < 2)\n str += '0';\n str += h;\n }\n return str;\n}\nexport function bytes_to_base64(arr) {\n return local_btoa(bytes_to_string(arr));\n}\nexport function pow2_ceil(a) {\n a -= 1;\n a |= a >>> 1;\n a |= a >>> 2;\n a |= a >>> 4;\n a |= a >>> 8;\n a |= a >>> 16;\n a += 1;\n return a;\n}\nexport function is_number(a) {\n return typeof a === 'number';\n}\nexport function is_string(a) {\n return typeof a === 'string';\n}\nexport function is_buffer(a) {\n return a instanceof ArrayBuffer;\n}\nexport function is_bytes(a) {\n return a instanceof Uint8Array;\n}\nexport function is_typed_array(a) {\n return (a instanceof Int8Array ||\n a instanceof Uint8Array ||\n a instanceof Int16Array ||\n a instanceof Uint16Array ||\n a instanceof Int32Array ||\n a instanceof Uint32Array ||\n a instanceof Float32Array ||\n a instanceof Float64Array);\n}\nexport function _heap_init(heap, heapSize) {\n const size = heap ? heap.byteLength : heapSize || 65536;\n if (size & 0xfff || size <= 0)\n throw new Error('heap size must be a positive integer and a multiple of 4096');\n heap = heap || new Uint8Array(new ArrayBuffer(size));\n return heap;\n}\nexport function _heap_write(heap, hpos, data, dpos, dlen) {\n const hlen = heap.length - hpos;\n const wlen = hlen < dlen ? hlen : dlen;\n heap.set(data.subarray(dpos, dpos + wlen), hpos);\n return wlen;\n}\nexport function joinBytes(...arg) {\n const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0);\n const ret = new Uint8Array(totalLenght);\n let cursor = 0;\n for (let i = 0; i < arg.length; i++) {\n ret.set(arg[i], cursor);\n cursor += arg[i].length;\n }\n return ret;\n}\n","export class IllegalStateError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalStateError' } });\n }\n}\nexport class IllegalArgumentError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalArgumentError' } });\n }\n}\nexport class SecurityError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'SecurityError' } });\n }\n}\n","import { AES_asm } from './aes.asm';\nimport { _heap_init, _heap_write, is_bytes } from '../other/utils';\nimport { IllegalArgumentError, SecurityError } from '../other/errors';\nconst heap_pool = [];\nconst asm_pool = [];\nexport class AES {\n constructor(key, iv, padding = true, mode, heap, asm) {\n this.pos = 0;\n this.len = 0;\n this.mode = mode;\n // The AES object state\n this.pos = 0;\n this.len = 0;\n this.key = key;\n this.iv = iv;\n this.padding = padding;\n // The AES \"worker\"\n this.acquire_asm(heap, asm);\n }\n acquire_asm(heap, asm) {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA);\n this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer);\n this.reset(this.key, this.iv);\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n reset(key, iv) {\n const { asm } = this.acquire_asm();\n // Key\n const keylen = key.length;\n if (keylen !== 16 && keylen !== 24 && keylen !== 32)\n throw new IllegalArgumentError('illegal key size');\n const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength);\n asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0);\n // IV\n if (iv !== undefined) {\n if (iv.length !== 16)\n throw new IllegalArgumentError('illegal iv size');\n let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12));\n }\n else {\n asm.set_iv(0, 0, 0, 0);\n }\n }\n AES_Encrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n let result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Encrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let plen = 16 - (len % 16);\n let rlen = len;\n if (this.hasOwnProperty('padding')) {\n if (this.padding) {\n for (let p = 0; p < plen; ++p) {\n heap[pos + len + p] = plen;\n }\n len += plen;\n rlen = len;\n }\n else if (len % 16) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n }\n else {\n len += plen;\n }\n const result = new Uint8Array(rlen);\n if (len)\n asm.cipher(amode, hpos + pos, len);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n AES_Decrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let plen = 0;\n let wlen = 0;\n if (this.padding) {\n plen = len + dlen - rlen || 16;\n rlen -= plen;\n }\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0));\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Decrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let rlen = len;\n if (len > 0) {\n if (len % 16) {\n if (this.hasOwnProperty('padding')) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n else {\n len += 16 - (len % 16);\n }\n }\n asm.cipher(amode, hpos + pos, len);\n if (this.hasOwnProperty('padding') && this.padding) {\n let pad = heap[pos + rlen - 1];\n if (pad < 1 || pad > 16 || pad > rlen)\n throw new SecurityError('bad padding');\n let pcheck = 0;\n for (let i = pad; i > 1; i--)\n pcheck |= pad ^ heap[pos + rlen - i];\n if (pcheck)\n throw new SecurityError('bad padding');\n rlen -= pad;\n }\n }\n const result = new Uint8Array(rlen);\n if (rlen > 0) {\n result.set(heap.subarray(pos, pos + rlen));\n }\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_ECB {\n static encrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).encrypt(data);\n }\n static decrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).decrypt(data);\n }\n constructor(key, padding = false, aes) {\n this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import { AES_ECB } from '@openpgp/asmcrypto.js/dist_es8/aes/ecb';\n\n/**\n * Javascript AES implementation.\n * This is used as fallback if the native Crypto APIs are not available.\n */\nfunction aes(length) {\n const C = function(key) {\n const aesECB = new AES_ECB(key);\n\n this.encrypt = function(block) {\n return aesECB.encrypt(block);\n };\n\n this.decrypt = function(block) {\n return aesECB.decrypt(block);\n };\n };\n\n C.blockSize = C.prototype.blockSize = 16;\n C.keySize = C.prototype.keySize = length / 8;\n\n return C;\n}\n\nexport default aes;\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * @fileoverview Symmetric cryptography functions\n * @module crypto/cipher\n * @private\n */\n\nimport aes from './aes';\nimport { DES, TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TF from './twofish';\nimport BF from './blowfish';\n\n/**\n * AES-128 encryption and decryption (ID 7)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes128 = aes(128);\n/**\n * AES-128 Block Cipher (ID 8)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes192 = aes(192);\n/**\n * AES-128 Block Cipher (ID 9)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes256 = aes(256);\n// Not in OpenPGP specifications\nexport const des = DES;\n/**\n * Triple DES Block Cipher (ID 2)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67}\n * @returns {Object}\n */\nexport const tripledes = TripleDES;\n/**\n * CAST-128 Block Cipher (ID 3)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm}\n * @returns {Object}\n */\nexport const cast5 = CAST5;\n/**\n * Twofish Block Cipher (ID 10)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH}\n * @returns {Object}\n */\nexport const twofish = TF;\n/**\n * Blowfish Block Cipher (ID 4)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH}\n * @returns {Object}\n */\nexport const blowfish = BF;\n/**\n * Not implemented\n * @function\n * @throws {Error}\n */\nexport const idea = function() {\n throw new Error('IDEA symmetric-key algorithm not implemented');\n};\n","export var sha1_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0,\n w16 = 0, w17 = 0, w18 = 0, w19 = 0,\n w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0,\n w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0,\n w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0,\n w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0,\n w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0,\n w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n\n // 0\n t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 1\n t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 2\n t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 3\n t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 4\n t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 5\n t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 6\n t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 7\n t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 8\n t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 9\n t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 10\n t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 11\n t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 12\n t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 13\n t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 14\n t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 15\n t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 16\n n = w13 ^ w8 ^ w2 ^ w0;\n w16 = (n << 1) | (n >>> 31);\n t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 17\n n = w14 ^ w9 ^ w3 ^ w1;\n w17 = (n << 1) | (n >>> 31);\n t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 18\n n = w15 ^ w10 ^ w4 ^ w2;\n w18 = (n << 1) | (n >>> 31);\n t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 19\n n = w16 ^ w11 ^ w5 ^ w3;\n w19 = (n << 1) | (n >>> 31);\n t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 20\n n = w17 ^ w12 ^ w6 ^ w4;\n w20 = (n << 1) | (n >>> 31);\n t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 21\n n = w18 ^ w13 ^ w7 ^ w5;\n w21 = (n << 1) | (n >>> 31);\n t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 22\n n = w19 ^ w14 ^ w8 ^ w6;\n w22 = (n << 1) | (n >>> 31);\n t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 23\n n = w20 ^ w15 ^ w9 ^ w7;\n w23 = (n << 1) | (n >>> 31);\n t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 24\n n = w21 ^ w16 ^ w10 ^ w8;\n w24 = (n << 1) | (n >>> 31);\n t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 25\n n = w22 ^ w17 ^ w11 ^ w9;\n w25 = (n << 1) | (n >>> 31);\n t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 26\n n = w23 ^ w18 ^ w12 ^ w10;\n w26 = (n << 1) | (n >>> 31);\n t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 27\n n = w24 ^ w19 ^ w13 ^ w11;\n w27 = (n << 1) | (n >>> 31);\n t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 28\n n = w25 ^ w20 ^ w14 ^ w12;\n w28 = (n << 1) | (n >>> 31);\n t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 29\n n = w26 ^ w21 ^ w15 ^ w13;\n w29 = (n << 1) | (n >>> 31);\n t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 30\n n = w27 ^ w22 ^ w16 ^ w14;\n w30 = (n << 1) | (n >>> 31);\n t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 31\n n = w28 ^ w23 ^ w17 ^ w15;\n w31 = (n << 1) | (n >>> 31);\n t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 32\n n = w29 ^ w24 ^ w18 ^ w16;\n w32 = (n << 1) | (n >>> 31);\n t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 33\n n = w30 ^ w25 ^ w19 ^ w17;\n w33 = (n << 1) | (n >>> 31);\n t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 34\n n = w31 ^ w26 ^ w20 ^ w18;\n w34 = (n << 1) | (n >>> 31);\n t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 35\n n = w32 ^ w27 ^ w21 ^ w19;\n w35 = (n << 1) | (n >>> 31);\n t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 36\n n = w33 ^ w28 ^ w22 ^ w20;\n w36 = (n << 1) | (n >>> 31);\n t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 37\n n = w34 ^ w29 ^ w23 ^ w21;\n w37 = (n << 1) | (n >>> 31);\n t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 38\n n = w35 ^ w30 ^ w24 ^ w22;\n w38 = (n << 1) | (n >>> 31);\n t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 39\n n = w36 ^ w31 ^ w25 ^ w23;\n w39 = (n << 1) | (n >>> 31);\n t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 40\n n = w37 ^ w32 ^ w26 ^ w24;\n w40 = (n << 1) | (n >>> 31);\n t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 41\n n = w38 ^ w33 ^ w27 ^ w25;\n w41 = (n << 1) | (n >>> 31);\n t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 42\n n = w39 ^ w34 ^ w28 ^ w26;\n w42 = (n << 1) | (n >>> 31);\n t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 43\n n = w40 ^ w35 ^ w29 ^ w27;\n w43 = (n << 1) | (n >>> 31);\n t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 44\n n = w41 ^ w36 ^ w30 ^ w28;\n w44 = (n << 1) | (n >>> 31);\n t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 45\n n = w42 ^ w37 ^ w31 ^ w29;\n w45 = (n << 1) | (n >>> 31);\n t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 46\n n = w43 ^ w38 ^ w32 ^ w30;\n w46 = (n << 1) | (n >>> 31);\n t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 47\n n = w44 ^ w39 ^ w33 ^ w31;\n w47 = (n << 1) | (n >>> 31);\n t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 48\n n = w45 ^ w40 ^ w34 ^ w32;\n w48 = (n << 1) | (n >>> 31);\n t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 49\n n = w46 ^ w41 ^ w35 ^ w33;\n w49 = (n << 1) | (n >>> 31);\n t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 50\n n = w47 ^ w42 ^ w36 ^ w34;\n w50 = (n << 1) | (n >>> 31);\n t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 51\n n = w48 ^ w43 ^ w37 ^ w35;\n w51 = (n << 1) | (n >>> 31);\n t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 52\n n = w49 ^ w44 ^ w38 ^ w36;\n w52 = (n << 1) | (n >>> 31);\n t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 53\n n = w50 ^ w45 ^ w39 ^ w37;\n w53 = (n << 1) | (n >>> 31);\n t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 54\n n = w51 ^ w46 ^ w40 ^ w38;\n w54 = (n << 1) | (n >>> 31);\n t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 55\n n = w52 ^ w47 ^ w41 ^ w39;\n w55 = (n << 1) | (n >>> 31);\n t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 56\n n = w53 ^ w48 ^ w42 ^ w40;\n w56 = (n << 1) | (n >>> 31);\n t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 57\n n = w54 ^ w49 ^ w43 ^ w41;\n w57 = (n << 1) | (n >>> 31);\n t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 58\n n = w55 ^ w50 ^ w44 ^ w42;\n w58 = (n << 1) | (n >>> 31);\n t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 59\n n = w56 ^ w51 ^ w45 ^ w43;\n w59 = (n << 1) | (n >>> 31);\n t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 60\n n = w57 ^ w52 ^ w46 ^ w44;\n w60 = (n << 1) | (n >>> 31);\n t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 61\n n = w58 ^ w53 ^ w47 ^ w45;\n w61 = (n << 1) | (n >>> 31);\n t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 62\n n = w59 ^ w54 ^ w48 ^ w46;\n w62 = (n << 1) | (n >>> 31);\n t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 63\n n = w60 ^ w55 ^ w49 ^ w47;\n w63 = (n << 1) | (n >>> 31);\n t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 64\n n = w61 ^ w56 ^ w50 ^ w48;\n w64 = (n << 1) | (n >>> 31);\n t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 65\n n = w62 ^ w57 ^ w51 ^ w49;\n w65 = (n << 1) | (n >>> 31);\n t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 66\n n = w63 ^ w58 ^ w52 ^ w50;\n w66 = (n << 1) | (n >>> 31);\n t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 67\n n = w64 ^ w59 ^ w53 ^ w51;\n w67 = (n << 1) | (n >>> 31);\n t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 68\n n = w65 ^ w60 ^ w54 ^ w52;\n w68 = (n << 1) | (n >>> 31);\n t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 69\n n = w66 ^ w61 ^ w55 ^ w53;\n w69 = (n << 1) | (n >>> 31);\n t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 70\n n = w67 ^ w62 ^ w56 ^ w54;\n w70 = (n << 1) | (n >>> 31);\n t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 71\n n = w68 ^ w63 ^ w57 ^ w55;\n w71 = (n << 1) | (n >>> 31);\n t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 72\n n = w69 ^ w64 ^ w58 ^ w56;\n w72 = (n << 1) | (n >>> 31);\n t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 73\n n = w70 ^ w65 ^ w59 ^ w57;\n w73 = (n << 1) | (n >>> 31);\n t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 74\n n = w71 ^ w66 ^ w60 ^ w58;\n w74 = (n << 1) | (n >>> 31);\n t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 75\n n = w72 ^ w67 ^ w61 ^ w59;\n w75 = (n << 1) | (n >>> 31);\n t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 76\n n = w73 ^ w68 ^ w62 ^ w60;\n w76 = (n << 1) | (n >>> 31);\n t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 77\n n = w74 ^ w69 ^ w63 ^ w61;\n w77 = (n << 1) | (n >>> 31);\n t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 78\n n = w75 ^ w70 ^ w64 ^ w62;\n w78 = (n << 1) | (n >>> 31);\n t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 79\n n = w76 ^ w71 ^ w65 ^ w63;\n w79 = (n << 1) | (n >>> 31);\n t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n }\n\n function reset () {\n H0 = 0x67452301;\n H1 = 0xefcdab89;\n H2 = 0x98badcfe;\n H3 = 0x10325476;\n H4 = 0xc3d2e1f0;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA1\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA1\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA1\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","import { _heap_write } from '../other/utils';\nimport { IllegalStateError } from '../other/errors';\nexport class Hash {\n constructor() {\n this.pos = 0;\n this.len = 0;\n }\n reset() {\n const { asm } = this.acquire_asm();\n this.result = null;\n this.pos = 0;\n this.len = 0;\n asm.reset();\n return this;\n }\n process(data) {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n let hpos = this.pos;\n let hlen = this.len;\n let dpos = 0;\n let dlen = data.length;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen);\n hlen += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.process(hpos, hlen);\n hpos += wlen;\n hlen -= wlen;\n if (!hlen)\n hpos = 0;\n }\n this.pos = hpos;\n this.len = hlen;\n return this;\n }\n finish() {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n asm.finish(this.pos, this.len, 0);\n this.result = new Uint8Array(this.HASH_SIZE);\n this.result.set(heap.subarray(0, this.HASH_SIZE));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return this;\n }\n}\n","import { sha1_asm } from './sha1.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha1_block_size = 64;\nexport const _sha1_hash_size = 20;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha1 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha1';\n this.BLOCK_SIZE = _sha1_block_size;\n this.HASH_SIZE = _sha1_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha1().process(data).finish().result;\n }\n}\nSha1.NAME = 'sha1';\nSha1.heap_pool = [];\nSha1.asm_pool = [];\nSha1.asm_function = sha1_asm;\n","import { sha256_asm } from './sha256.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha256_block_size = 64;\nexport const _sha256_hash_size = 32;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha256 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha256';\n this.BLOCK_SIZE = _sha256_block_size;\n this.HASH_SIZE = _sha256_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha256().process(data).finish().result;\n }\n}\nSha256.NAME = 'sha256';\n","export var sha256_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n f = H5;\n g = H6;\n h = H7;\n \n // 0\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 1\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 2\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 3\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 4\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 5\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 6\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 7\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 8\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 9\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 10\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 11\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 12\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 13\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 14\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 15\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 16\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 17\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 18\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 19\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 20\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 21\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 22\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 23\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 24\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 25\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 26\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 27\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 28\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 29\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 30\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 31\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 32\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 33\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 34\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 35\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 36\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 37\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 38\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 39\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 40\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 41\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 42\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 43\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 44\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 45\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 46\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 47\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 48\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 49\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 50\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 51\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 52\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 53\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 54\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 55\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 56\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 57\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 58\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 59\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 60\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 61\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 62\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 63\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n H5 = ( H5 + f )|0;\n H6 = ( H6 + g )|0;\n H7 = ( H7 + h )|0;\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n HEAP[output|20] = H5>>>24;\n HEAP[output|21] = H5>>>16&255;\n HEAP[output|22] = H5>>>8&255;\n HEAP[output|23] = H5&255;\n HEAP[output|24] = H6>>>24;\n HEAP[output|25] = H6>>>16&255;\n HEAP[output|26] = H6>>>8&255;\n HEAP[output|27] = H6&255;\n HEAP[output|28] = H7>>>24;\n HEAP[output|29] = H7>>>16&255;\n HEAP[output|30] = H7>>>8&255;\n HEAP[output|31] = H7&255;\n }\n\n function reset () {\n H0 = 0x6a09e667;\n H1 = 0xbb67ae85;\n H2 = 0x3c6ef372;\n H3 = 0xa54ff53a;\n H4 = 0x510e527f;\n H5 = 0x9b05688c;\n H6 = 0x1f83d9ab;\n H7 = 0x5be0cd19;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n h5 = h5|0;\n h6 = h6|0;\n h7 = h7|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n H5 = I5;\n H6 = I6;\n H7 = I7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n H5 = O5;\n H6 = O6;\n H7 = O7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n O5 = H5;\n O6 = H6;\n O7 = H7;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n I5 = H5;\n I6 = H6;\n I7 = H7;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n h5 = h5 ^ H5;\n h6 = h6 ^ H6;\n h7 = h7 ^ H7;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA256\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA256\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA256\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","module.exports = assert;\n\nfunction assert(val, msg) {\n if (!val)\n throw new Error(msg || 'Assertion failed');\n}\n\nassert.equal = function assertEqual(l, r, msg) {\n if (l != r)\n throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));\n};\n","if (typeof Object.create === 'function') {\n // implementation from standard node.js 'util' module\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n ctor.prototype = Object.create(superCtor.prototype, {\n constructor: {\n value: ctor,\n enumerable: false,\n writable: true,\n configurable: true\n }\n });\n };\n} else {\n // old school shim for old browsers\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n var TempCtor = function () {}\n TempCtor.prototype = superCtor.prototype\n ctor.prototype = new TempCtor()\n ctor.prototype.constructor = ctor\n }\n}\n","try {\n var util = require('util');\n if (typeof util.inherits !== 'function') throw '';\n module.exports = util.inherits;\n} catch (e) {\n module.exports = require('./inherits_browser.js');\n}\n","'use strict';\n\nvar assert = require('minimalistic-assert');\nvar inherits = require('inherits');\n\nexports.inherits = inherits;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg === 'string') {\n if (!enc) {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n } else if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n }\n } else {\n for (i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n }\n return res;\n}\nexports.toArray = toArray;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nexports.toHex = toHex;\n\nfunction htonl(w) {\n var res = (w >>> 24) |\n ((w >>> 8) & 0xff00) |\n ((w << 8) & 0xff0000) |\n ((w & 0xff) << 24);\n return res >>> 0;\n}\nexports.htonl = htonl;\n\nfunction toHex32(msg, endian) {\n var res = '';\n for (var i = 0; i < msg.length; i++) {\n var w = msg[i];\n if (endian === 'little')\n w = htonl(w);\n res += zero8(w.toString(16));\n }\n return res;\n}\nexports.toHex32 = toHex32;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nexports.zero2 = zero2;\n\nfunction zero8(word) {\n if (word.length === 7)\n return '0' + word;\n else if (word.length === 6)\n return '00' + word;\n else if (word.length === 5)\n return '000' + word;\n else if (word.length === 4)\n return '0000' + word;\n else if (word.length === 3)\n return '00000' + word;\n else if (word.length === 2)\n return '000000' + word;\n else if (word.length === 1)\n return '0000000' + word;\n else\n return word;\n}\nexports.zero8 = zero8;\n\nfunction join32(msg, start, end, endian) {\n var len = end - start;\n assert(len % 4 === 0);\n var res = new Array(len / 4);\n for (var i = 0, k = start; i < res.length; i++, k += 4) {\n var w;\n if (endian === 'big')\n w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];\n else\n w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];\n res[i] = w >>> 0;\n }\n return res;\n}\nexports.join32 = join32;\n\nfunction split32(msg, endian) {\n var res = new Array(msg.length * 4);\n for (var i = 0, k = 0; i < msg.length; i++, k += 4) {\n var m = msg[i];\n if (endian === 'big') {\n res[k] = m >>> 24;\n res[k + 1] = (m >>> 16) & 0xff;\n res[k + 2] = (m >>> 8) & 0xff;\n res[k + 3] = m & 0xff;\n } else {\n res[k + 3] = m >>> 24;\n res[k + 2] = (m >>> 16) & 0xff;\n res[k + 1] = (m >>> 8) & 0xff;\n res[k] = m & 0xff;\n }\n }\n return res;\n}\nexports.split32 = split32;\n\nfunction rotr32(w, b) {\n return (w >>> b) | (w << (32 - b));\n}\nexports.rotr32 = rotr32;\n\nfunction rotl32(w, b) {\n return (w << b) | (w >>> (32 - b));\n}\nexports.rotl32 = rotl32;\n\nfunction sum32(a, b) {\n return (a + b) >>> 0;\n}\nexports.sum32 = sum32;\n\nfunction sum32_3(a, b, c) {\n return (a + b + c) >>> 0;\n}\nexports.sum32_3 = sum32_3;\n\nfunction sum32_4(a, b, c, d) {\n return (a + b + c + d) >>> 0;\n}\nexports.sum32_4 = sum32_4;\n\nfunction sum32_5(a, b, c, d, e) {\n return (a + b + c + d + e) >>> 0;\n}\nexports.sum32_5 = sum32_5;\n\nfunction sum64(buf, pos, ah, al) {\n var bh = buf[pos];\n var bl = buf[pos + 1];\n\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n buf[pos] = hi >>> 0;\n buf[pos + 1] = lo;\n}\nexports.sum64 = sum64;\n\nfunction sum64_hi(ah, al, bh, bl) {\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n return hi >>> 0;\n}\nexports.sum64_hi = sum64_hi;\n\nfunction sum64_lo(ah, al, bh, bl) {\n var lo = al + bl;\n return lo >>> 0;\n}\nexports.sum64_lo = sum64_lo;\n\nfunction sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n\n var hi = ah + bh + ch + dh + carry;\n return hi >>> 0;\n}\nexports.sum64_4_hi = sum64_4_hi;\n\nfunction sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {\n var lo = al + bl + cl + dl;\n return lo >>> 0;\n}\nexports.sum64_4_lo = sum64_4_lo;\n\nfunction sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n lo = (lo + el) >>> 0;\n carry += lo < el ? 1 : 0;\n\n var hi = ah + bh + ch + dh + eh + carry;\n return hi >>> 0;\n}\nexports.sum64_5_hi = sum64_5_hi;\n\nfunction sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var lo = al + bl + cl + dl + el;\n\n return lo >>> 0;\n}\nexports.sum64_5_lo = sum64_5_lo;\n\nfunction rotr64_hi(ah, al, num) {\n var r = (al << (32 - num)) | (ah >>> num);\n return r >>> 0;\n}\nexports.rotr64_hi = rotr64_hi;\n\nfunction rotr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.rotr64_lo = rotr64_lo;\n\nfunction shr64_hi(ah, al, num) {\n return ah >>> num;\n}\nexports.shr64_hi = shr64_hi;\n\nfunction shr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.shr64_lo = shr64_lo;\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction BlockHash() {\n this.pending = null;\n this.pendingTotal = 0;\n this.blockSize = this.constructor.blockSize;\n this.outSize = this.constructor.outSize;\n this.hmacStrength = this.constructor.hmacStrength;\n this.padLength = this.constructor.padLength / 8;\n this.endian = 'big';\n\n this._delta8 = this.blockSize / 8;\n this._delta32 = this.blockSize / 32;\n}\nexports.BlockHash = BlockHash;\n\nBlockHash.prototype.update = function update(msg, enc) {\n // Convert message to array, pad it, and join into 32bit blocks\n msg = utils.toArray(msg, enc);\n if (!this.pending)\n this.pending = msg;\n else\n this.pending = this.pending.concat(msg);\n this.pendingTotal += msg.length;\n\n // Enough data, try updating\n if (this.pending.length >= this._delta8) {\n msg = this.pending;\n\n // Process pending data in blocks\n var r = msg.length % this._delta8;\n this.pending = msg.slice(msg.length - r, msg.length);\n if (this.pending.length === 0)\n this.pending = null;\n\n msg = utils.join32(msg, 0, msg.length - r, this.endian);\n for (var i = 0; i < msg.length; i += this._delta32)\n this._update(msg, i, i + this._delta32);\n }\n\n return this;\n};\n\nBlockHash.prototype.digest = function digest(enc) {\n this.update(this._pad());\n assert(this.pending === null);\n\n return this._digest(enc);\n};\n\nBlockHash.prototype._pad = function pad() {\n var len = this.pendingTotal;\n var bytes = this._delta8;\n var k = bytes - ((len + this.padLength) % bytes);\n var res = new Array(k + this.padLength);\n res[0] = 0x80;\n for (var i = 1; i < k; i++)\n res[i] = 0;\n\n // Append length\n len <<= 3;\n if (this.endian === 'big') {\n for (var t = 8; t < this.padLength; t++)\n res[i++] = 0;\n\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = len & 0xff;\n } else {\n res[i++] = len & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n\n for (t = 8; t < this.padLength; t++)\n res[i++] = 0;\n }\n\n return res;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar rotr32 = utils.rotr32;\n\nfunction ft_1(s, x, y, z) {\n if (s === 0)\n return ch32(x, y, z);\n if (s === 1 || s === 3)\n return p32(x, y, z);\n if (s === 2)\n return maj32(x, y, z);\n}\nexports.ft_1 = ft_1;\n\nfunction ch32(x, y, z) {\n return (x & y) ^ ((~x) & z);\n}\nexports.ch32 = ch32;\n\nfunction maj32(x, y, z) {\n return (x & y) ^ (x & z) ^ (y & z);\n}\nexports.maj32 = maj32;\n\nfunction p32(x, y, z) {\n return x ^ y ^ z;\n}\nexports.p32 = p32;\n\nfunction s0_256(x) {\n return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);\n}\nexports.s0_256 = s0_256;\n\nfunction s1_256(x) {\n return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);\n}\nexports.s1_256 = s1_256;\n\nfunction g0_256(x) {\n return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);\n}\nexports.g0_256 = g0_256;\n\nfunction g1_256(x) {\n return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);\n}\nexports.g1_256 = g1_256;\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\nvar assert = require('minimalistic-assert');\n\nvar sum32 = utils.sum32;\nvar sum32_4 = utils.sum32_4;\nvar sum32_5 = utils.sum32_5;\nvar ch32 = shaCommon.ch32;\nvar maj32 = shaCommon.maj32;\nvar s0_256 = shaCommon.s0_256;\nvar s1_256 = shaCommon.s1_256;\nvar g0_256 = shaCommon.g0_256;\nvar g1_256 = shaCommon.g1_256;\n\nvar BlockHash = common.BlockHash;\n\nvar sha256_K = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n];\n\nfunction SHA256() {\n if (!(this instanceof SHA256))\n return new SHA256();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\n 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n ];\n this.k = sha256_K;\n this.W = new Array(64);\n}\nutils.inherits(SHA256, BlockHash);\nmodule.exports = SHA256;\n\nSHA256.blockSize = 512;\nSHA256.outSize = 256;\nSHA256.hmacStrength = 192;\nSHA256.padLength = 64;\n\nSHA256.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i++)\n W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n var f = this.h[5];\n var g = this.h[6];\n var h = this.h[7];\n\n assert(this.k.length === W.length);\n for (i = 0; i < W.length; i++) {\n var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);\n var T2 = sum32(s0_256(a), maj32(a, b, c));\n h = g;\n g = f;\n f = e;\n e = sum32(d, T1);\n d = c;\n c = b;\n b = a;\n a = sum32(T1, T2);\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n this.h[5] = sum32(this.h[5], f);\n this.h[6] = sum32(this.h[6], g);\n this.h[7] = sum32(this.h[7], h);\n};\n\nSHA256.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar SHA256 = require('./256');\n\nfunction SHA224() {\n if (!(this instanceof SHA224))\n return new SHA224();\n\n SHA256.call(this);\n this.h = [\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\n 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];\n}\nutils.inherits(SHA224, SHA256);\nmodule.exports = SHA224;\n\nSHA224.blockSize = 512;\nSHA224.outSize = 224;\nSHA224.hmacStrength = 192;\nSHA224.padLength = 64;\n\nSHA224.prototype._digest = function digest(enc) {\n // Just truncate output\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 7), 'big');\n else\n return utils.split32(this.h.slice(0, 7), 'big');\n};\n\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar assert = require('minimalistic-assert');\n\nvar rotr64_hi = utils.rotr64_hi;\nvar rotr64_lo = utils.rotr64_lo;\nvar shr64_hi = utils.shr64_hi;\nvar shr64_lo = utils.shr64_lo;\nvar sum64 = utils.sum64;\nvar sum64_hi = utils.sum64_hi;\nvar sum64_lo = utils.sum64_lo;\nvar sum64_4_hi = utils.sum64_4_hi;\nvar sum64_4_lo = utils.sum64_4_lo;\nvar sum64_5_hi = utils.sum64_5_hi;\nvar sum64_5_lo = utils.sum64_5_lo;\n\nvar BlockHash = common.BlockHash;\n\nvar sha512_K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction SHA512() {\n if (!(this instanceof SHA512))\n return new SHA512();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xf3bcc908,\n 0xbb67ae85, 0x84caa73b,\n 0x3c6ef372, 0xfe94f82b,\n 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1,\n 0x9b05688c, 0x2b3e6c1f,\n 0x1f83d9ab, 0xfb41bd6b,\n 0x5be0cd19, 0x137e2179 ];\n this.k = sha512_K;\n this.W = new Array(160);\n}\nutils.inherits(SHA512, BlockHash);\nmodule.exports = SHA512;\n\nSHA512.blockSize = 1024;\nSHA512.outSize = 512;\nSHA512.hmacStrength = 192;\nSHA512.padLength = 128;\n\nSHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {\n var W = this.W;\n\n // 32 x 32bit words\n for (var i = 0; i < 32; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i += 2) {\n var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2\n var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);\n var c1_hi = W[i - 14]; // i - 7\n var c1_lo = W[i - 13];\n var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15\n var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);\n var c3_hi = W[i - 32]; // i - 16\n var c3_lo = W[i - 31];\n\n W[i] = sum64_4_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n W[i + 1] = sum64_4_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n }\n};\n\nSHA512.prototype._update = function _update(msg, start) {\n this._prepareBlock(msg, start);\n\n var W = this.W;\n\n var ah = this.h[0];\n var al = this.h[1];\n var bh = this.h[2];\n var bl = this.h[3];\n var ch = this.h[4];\n var cl = this.h[5];\n var dh = this.h[6];\n var dl = this.h[7];\n var eh = this.h[8];\n var el = this.h[9];\n var fh = this.h[10];\n var fl = this.h[11];\n var gh = this.h[12];\n var gl = this.h[13];\n var hh = this.h[14];\n var hl = this.h[15];\n\n assert(this.k.length === W.length);\n for (var i = 0; i < W.length; i += 2) {\n var c0_hi = hh;\n var c0_lo = hl;\n var c1_hi = s1_512_hi(eh, el);\n var c1_lo = s1_512_lo(eh, el);\n var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);\n var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);\n var c3_hi = this.k[i];\n var c3_lo = this.k[i + 1];\n var c4_hi = W[i];\n var c4_lo = W[i + 1];\n\n var T1_hi = sum64_5_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n var T1_lo = sum64_5_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n\n c0_hi = s0_512_hi(ah, al);\n c0_lo = s0_512_lo(ah, al);\n c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);\n c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);\n\n var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);\n var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);\n\n hh = gh;\n hl = gl;\n\n gh = fh;\n gl = fl;\n\n fh = eh;\n fl = el;\n\n eh = sum64_hi(dh, dl, T1_hi, T1_lo);\n el = sum64_lo(dl, dl, T1_hi, T1_lo);\n\n dh = ch;\n dl = cl;\n\n ch = bh;\n cl = bl;\n\n bh = ah;\n bl = al;\n\n ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);\n al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);\n }\n\n sum64(this.h, 0, ah, al);\n sum64(this.h, 2, bh, bl);\n sum64(this.h, 4, ch, cl);\n sum64(this.h, 6, dh, dl);\n sum64(this.h, 8, eh, el);\n sum64(this.h, 10, fh, fl);\n sum64(this.h, 12, gh, gl);\n sum64(this.h, 14, hh, hl);\n};\n\nSHA512.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n\nfunction ch64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ ((~xh) & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction ch64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ ((~xl) & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 28);\n var c1_hi = rotr64_hi(xl, xh, 2); // 34\n var c2_hi = rotr64_hi(xl, xh, 7); // 39\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 28);\n var c1_lo = rotr64_lo(xl, xh, 2); // 34\n var c2_lo = rotr64_lo(xl, xh, 7); // 39\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 14);\n var c1_hi = rotr64_hi(xh, xl, 18);\n var c2_hi = rotr64_hi(xl, xh, 9); // 41\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 14);\n var c1_lo = rotr64_lo(xh, xl, 18);\n var c2_lo = rotr64_lo(xl, xh, 9); // 41\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 1);\n var c1_hi = rotr64_hi(xh, xl, 8);\n var c2_hi = shr64_hi(xh, xl, 7);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 1);\n var c1_lo = rotr64_lo(xh, xl, 8);\n var c2_lo = shr64_lo(xh, xl, 7);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 19);\n var c1_hi = rotr64_hi(xl, xh, 29); // 61\n var c2_hi = shr64_hi(xh, xl, 6);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 19);\n var c1_lo = rotr64_lo(xl, xh, 29); // 61\n var c2_lo = shr64_lo(xh, xl, 6);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n","'use strict';\n\nvar utils = require('../utils');\n\nvar SHA512 = require('./512');\n\nfunction SHA384() {\n if (!(this instanceof SHA384))\n return new SHA384();\n\n SHA512.call(this);\n this.h = [\n 0xcbbb9d5d, 0xc1059ed8,\n 0x629a292a, 0x367cd507,\n 0x9159015a, 0x3070dd17,\n 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31,\n 0x8eb44a87, 0x68581511,\n 0xdb0c2e0d, 0x64f98fa7,\n 0x47b5481d, 0xbefa4fa4 ];\n}\nutils.inherits(SHA384, SHA512);\nmodule.exports = SHA384;\n\nSHA384.blockSize = 1024;\nSHA384.outSize = 384;\nSHA384.hmacStrength = 192;\nSHA384.padLength = 128;\n\nSHA384.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 12), 'big');\n else\n return utils.split32(this.h.slice(0, 12), 'big');\n};\n","'use strict';\n\nvar utils = require('./utils');\nvar common = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_3 = utils.sum32_3;\nvar sum32_4 = utils.sum32_4;\nvar BlockHash = common.BlockHash;\n\nfunction RIPEMD160() {\n if (!(this instanceof RIPEMD160))\n return new RIPEMD160();\n\n BlockHash.call(this);\n\n this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];\n this.endian = 'little';\n}\nutils.inherits(RIPEMD160, BlockHash);\nexports.ripemd160 = RIPEMD160;\n\nRIPEMD160.blockSize = 512;\nRIPEMD160.outSize = 160;\nRIPEMD160.hmacStrength = 192;\nRIPEMD160.padLength = 64;\n\nRIPEMD160.prototype._update = function update(msg, start) {\n var A = this.h[0];\n var B = this.h[1];\n var C = this.h[2];\n var D = this.h[3];\n var E = this.h[4];\n var Ah = A;\n var Bh = B;\n var Ch = C;\n var Dh = D;\n var Eh = E;\n for (var j = 0; j < 80; j++) {\n var T = sum32(\n rotl32(\n sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),\n s[j]),\n E);\n A = E;\n E = D;\n D = rotl32(C, 10);\n C = B;\n B = T;\n T = sum32(\n rotl32(\n sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),\n sh[j]),\n Eh);\n Ah = Eh;\n Eh = Dh;\n Dh = rotl32(Ch, 10);\n Ch = Bh;\n Bh = T;\n }\n T = sum32_3(this.h[1], C, Dh);\n this.h[1] = sum32_3(this.h[2], D, Eh);\n this.h[2] = sum32_3(this.h[3], E, Ah);\n this.h[3] = sum32_3(this.h[4], A, Bh);\n this.h[4] = sum32_3(this.h[0], B, Ch);\n this.h[0] = T;\n};\n\nRIPEMD160.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'little');\n else\n return utils.split32(this.h, 'little');\n};\n\nfunction f(j, x, y, z) {\n if (j <= 15)\n return x ^ y ^ z;\n else if (j <= 31)\n return (x & y) | ((~x) & z);\n else if (j <= 47)\n return (x | (~y)) ^ z;\n else if (j <= 63)\n return (x & z) | (y & (~z));\n else\n return x ^ (y | (~z));\n}\n\nfunction K(j) {\n if (j <= 15)\n return 0x00000000;\n else if (j <= 31)\n return 0x5a827999;\n else if (j <= 47)\n return 0x6ed9eba1;\n else if (j <= 63)\n return 0x8f1bbcdc;\n else\n return 0xa953fd4e;\n}\n\nfunction Kh(j) {\n if (j <= 15)\n return 0x50a28be6;\n else if (j <= 31)\n return 0x5c4dd124;\n else if (j <= 47)\n return 0x6d703ef3;\n else if (j <= 63)\n return 0x7a6d76e9;\n else\n return 0x00000000;\n}\n\nvar r = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,\n 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,\n 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,\n 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13\n];\n\nvar rh = [\n 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,\n 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,\n 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,\n 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,\n 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11\n];\n\nvar s = [\n 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,\n 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,\n 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,\n 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,\n 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6\n];\n\nvar sh = [\n 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,\n 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,\n 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,\n 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,\n 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11\n];\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n * @private\n */\n\nimport { Sha1 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1';\nimport { Sha256 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256';\nimport sha224 from 'hash.js/lib/hash/sha/224';\nimport sha384 from 'hash.js/lib/hash/sha/384';\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport { ripemd160 } from 'hash.js/lib/hash/ripemd';\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport defaultConfig from '../../config';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction hashjsHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n }\n const hashInstance = hash();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => new Uint8Array(hashInstance.digest()));\n };\n}\n\nfunction asmcryptoHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hashInstance = new hash();\n return stream.transform(data, value => {\n hashInstance.process(value);\n }, () => hashInstance.finish().result);\n } else if (webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n } else {\n return hash.bytes(data);\n }\n };\n}\n\nconst hashFunctions = {\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'),\n sha224: nodeHash('sha224') || hashjsHash(sha224),\n sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'),\n sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),\n sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.\n ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)\n};\n\nexport default {\n\n /** @see module:md5 */\n md5: hashFunctions.md5,\n /** @see asmCrypto */\n sha1: hashFunctions.sha1,\n /** @see hash.js */\n sha224: hashFunctions.sha224,\n /** @see asmCrypto */\n sha256: hashFunctions.sha256,\n /** @see hash.js */\n sha384: hashFunctions.sha384,\n /** @see asmCrypto */\n sha512: hashFunctions.sha512,\n /** @see hash.js */\n ripemd: hashFunctions.ripemd,\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n default:\n throw new Error('Invalid hash function.');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CFB {\n static encrypt(data, key, iv) {\n return new AES_CFB(key, iv).encrypt(data);\n }\n static decrypt(data, key, iv) {\n return new AES_CFB(key, iv).decrypt(data);\n }\n constructor(key, iv, aes) {\n this.aes = aes ? aes : new AES(key, iv, true, 'CFB');\n delete this.aes.padding;\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import * as cipher from '.';\nimport enums from '../../enums';\n\n/**\n * Get implementation of the given cipher\n * @param {enums.symmetric} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport default function getCipher(algo) {\n const algoName = enums.read(enums.symmetric, algo);\n return cipher[algoName];\n}\n","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n * @private\n */\n\nimport { AES_CFB } from '@openpgp/asmcrypto.js/dist_es8/aes/cfb';\nimport * as stream from '@openpgp/web-stream-tools';\nimport getCipher from '../cipher/getCipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nfunction aesEncrypt(algo, key, pt, iv, config) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support\n !util.isStream(pt) &&\n pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2\n ) { // Web Crypto\n return webEncrypt(algo, key, pt, iv);\n }\n // asm.js fallback\n const cfb = new AES_CFB(key, iv);\n return stream.transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish());\n}\n\nfunction aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new AES_CFB(key, iv);\n return stream.transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish());\n }\n return AES_CFB.decrypt(ct, key, iv);\n}\n\nfunction xorMut(a, b) {\n for (let i = 0; i < a.length; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nasync function webEncrypt(algo, key, pt, iv) {\n const ALGO = 'AES-CBC';\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']);\n const { blockSize } = getCipher(algo);\n const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]);\n const ct = new Uint8Array(await webCrypto.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length);\n xorMut(ct, pt);\n return ct;\n}\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","import { AES } from './aes';\nimport { IllegalArgumentError } from '../other/errors';\nimport { joinBytes } from '../other/utils';\nexport class AES_CTR {\n static encrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n static decrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n constructor(key, nonce, aes) {\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n delete this.aes.padding;\n this.AES_CTR_set_options(nonce);\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n AES_CTR_set_options(nonce, counter, size) {\n let { asm } = this.aes.acquire_asm();\n if (size !== undefined) {\n if (size < 8 || size > 48)\n throw new IllegalArgumentError('illegal counter size');\n let mask = Math.pow(2, size) - 1;\n asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0);\n }\n else {\n size = 48;\n asm.set_mask(0, 0, 0xffff, 0xffffffff);\n }\n if (nonce !== undefined) {\n let len = nonce.length;\n if (!len || len > 16)\n throw new IllegalArgumentError('illegal nonce size');\n let view = new DataView(new ArrayBuffer(16));\n new Uint8Array(view.buffer).set(nonce);\n asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12));\n }\n else {\n throw new Error('nonce is required');\n }\n if (counter !== undefined) {\n if (counter < 0 || counter >= Math.pow(2, size))\n throw new IllegalArgumentError('illegal counter value');\n asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0);\n }\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CBC {\n static encrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).encrypt(data);\n }\n static decrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).decrypt(data);\n }\n constructor(key, iv, padding = true, aes) {\n this.aes = aes ? aes : new AES(key, iv, padding, 'CBC');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n * @private\n */\n\nimport { AES_CBC } from '@openpgp/asmcrypto.js/dist_es8/aes/cbc';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt) {\n return AES_CBC.encrypt(pt, key, false, zeroBlock);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n * @private\n */\n\nimport { AES_CTR } from '@openpgp/asmcrypto.js/dist_es8/aes/ctr';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n ) {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt, iv) {\n return AES_CTR.encrypt(pt, key, iv);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n * @private\n */\n\nimport * as ciphers from '../cipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n\n let maxNtz = 0;\n let encipher;\n let decipher;\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables(cipher, key) {\n const cipherName = enums.read(enums.symmetric, cipher);\n const aes = new ciphers[cipherName](key);\n encipher = aes.encrypt.bind(aes);\n decipher = aes.decrypt.bind(aes);\n\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","import { IllegalArgumentError, IllegalStateError, SecurityError } from '../other/errors';\nimport { _heap_write } from '../other/utils';\nimport { AES } from './aes';\nimport { AES_asm } from './aes.asm';\nconst _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5\nexport class AES_GCM {\n constructor(key, nonce, adata, tagSize = 16, aes) {\n this.tagSize = tagSize;\n this.gamma0 = 0;\n this.counter = 1;\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n let { asm, heap } = this.aes.acquire_asm();\n // Init GCM\n asm.gcm_init();\n // Tag size\n if (this.tagSize < 4 || this.tagSize > 16)\n throw new IllegalArgumentError('illegal tagSize value');\n // Nonce\n const noncelen = nonce.length || 0;\n const noncebuf = new Uint8Array(16);\n if (noncelen !== 12) {\n this._gcm_mac_process(nonce);\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = 0;\n heap[4] = 0;\n heap[5] = 0;\n heap[6] = 0;\n heap[7] = 0;\n heap[8] = 0;\n heap[9] = 0;\n heap[10] = 0;\n heap[11] = noncelen >>> 29;\n heap[12] = (noncelen >>> 21) & 255;\n heap[13] = (noncelen >>> 13) & 255;\n heap[14] = (noncelen >>> 5) & 255;\n heap[15] = (noncelen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_iv(0, 0, 0, 0);\n noncebuf.set(heap.subarray(0, 16));\n }\n else {\n noncebuf.set(nonce);\n noncebuf[15] = 1;\n }\n const nonceview = new DataView(noncebuf.buffer);\n this.gamma0 = nonceview.getUint32(12);\n asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0);\n asm.set_mask(0, 0, 0, 0xffffffff);\n // Associated data\n if (adata !== undefined) {\n if (adata.length > _AES_GCM_data_maxLength)\n throw new IllegalArgumentError('illegal adata length');\n if (adata.length) {\n this.adata = adata;\n this._gcm_mac_process(adata);\n }\n else {\n this.adata = undefined;\n }\n }\n else {\n this.adata = undefined;\n }\n // Counter\n if (this.counter < 1 || this.counter > 0xffffffff)\n throw new RangeError('counter must be a positive 32-bit integer');\n asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0);\n }\n static encrypt(cleartext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext);\n }\n static decrypt(ciphertext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext);\n }\n encrypt(data) {\n return this.AES_GCM_encrypt(data);\n }\n decrypt(data) {\n return this.AES_GCM_decrypt(data);\n }\n AES_GCM_Encrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len);\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Encrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let adata = this.adata;\n let pos = this.aes.pos;\n let len = this.aes.len;\n const result = new Uint8Array(len + tagSize);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16);\n if (len)\n result.set(heap.subarray(pos, pos + len));\n let i = len;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n result.set(heap.subarray(0, tagSize), len);\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_Decrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0;\n let tlen = len + dlen - rlen;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > tlen) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n pos = 0;\n len = 0;\n }\n if (dlen > 0) {\n len += _heap_write(heap, 0, data, dpos, dlen);\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Decrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let tagSize = this.tagSize;\n let adata = this.adata;\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rlen = len - tagSize;\n if (len < tagSize)\n throw new IllegalStateError('authentication tag not found');\n const result = new Uint8Array(rlen);\n const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));\n let i = rlen;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len - tagSize;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n let acheck = 0;\n for (let i = 0; i < tagSize; ++i)\n acheck |= atag[i] ^ heap[i];\n if (acheck)\n throw new SecurityError('data integrity check failed');\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_decrypt(data) {\n const result1 = this.AES_GCM_Decrypt_process(data);\n const result2 = this.AES_GCM_Decrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n AES_GCM_encrypt(data) {\n const result1 = this.AES_GCM_Encrypt_process(data);\n const result2 = this.AES_GCM_Encrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n _gcm_mac_process(data) {\n let { asm, heap } = this.aes.acquire_asm();\n let dpos = 0;\n let dlen = data.length || 0;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, 0, data, dpos, dlen);\n dpos += wlen;\n dlen -= wlen;\n while (wlen & 15)\n heap[wlen++] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen);\n }\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n * @private\n */\n\nimport { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.encrypt(pt, key, iv, adata);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (ct.length === tagLength) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n }\n };\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return AES_GCM.encrypt(pt, key, iv, adata);\n },\n\n decrypt: async function(ct, iv, adata) {\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n * @private\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","/*jshint bitwise: false*/\n\n(function(nacl) {\n'use strict';\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d;\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d, h, r;\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n r = nacl.hash(sm.subarray(32, smlen));\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n h = nacl.hash(sm.subarray(0, smlen));\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h;\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n h = nacl.hash(m.subarray(0, n));\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;\n if (crypto && crypto.getRandomValues) {\n // Browsers.\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n } else if (typeof require !== 'undefined') {\n // Node.js.\n crypto = require('crypto');\n if (crypto && crypto.randomBytes) {\n nacl.setPRNG(function(x, n) {\n var i, v = crypto.randomBytes(n);\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n }\n})();\n\n})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {}));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n * @private\n */\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const buf = new Uint8Array(length);\n if (nodeCrypto) {\n const bytes = nodeCrypto.randomBytes(buf.length);\n buf.set(bytes);\n } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n return buf;\n}\n\n/**\n * Create a secure random BigInteger that is greater than or equal to min and less than max.\n * @param {module:BigInteger} min - Lower bound, included\n * @param {module:BigInteger} max - Upper bound, excluded\n * @returns {Promise} Random BigInteger.\n * @async\n */\nexport async function getRandomBigInteger(min, max) {\n const BigInteger = await util.getBigInteger();\n\n if (max.lt(min)) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max.sub(min);\n const bytes = modulus.byteLength();\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = new BigInteger(await getRandomBytes(bytes + 8));\n return r.mod(modulus).add(min);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\n\n/**\n * Generate a probably prime random number\n * @param {Integer} bits - Bit length of the prime\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns BigInteger\n * @async\n */\nexport async function randomProbablePrime(bits, e, k) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n const min = one.leftShift(new BigInteger(bits - 1));\n const thirty = new BigInteger(30);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n const n = await getRandomBigInteger(min, min.leftShift(one));\n let i = n.mod(thirty).toNumber();\n\n do {\n n.iadd(new BigInteger(adds[i]));\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (n.bitLength() > bits) {\n n.imod(min.leftShift(one)).iadd(min);\n i = n.mod(thirty).toNumber();\n }\n } while (!await isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns {boolean}\n * @async\n */\nexport async function isProbablePrime(n, e, k) {\n if (e && !n.dec().gcd(e).isOne()) {\n return false;\n }\n if (!await divisionTest(n)) {\n return false;\n }\n if (!await fermat(n)) {\n return false;\n }\n if (!await millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} b - Optional Fermat test base\n * @returns {boolean}\n */\nexport async function fermat(n, b) {\n const BigInteger = await util.getBigInteger();\n b = b || new BigInteger(2);\n return b.modExp(n.dec(), n).isOne();\n}\n\nexport async function divisionTest(n) {\n const BigInteger = await util.getBigInteger();\n return smallPrimes.every(m => {\n return n.mod(new BigInteger(m)) !== 0;\n });\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n];\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param {BigInteger} n - Number to test\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @param {Function} rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport async function millerRabin(n, k, rand) {\n const BigInteger = await util.getBigInteger();\n const len = n.bitLength();\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n.dec(); // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!n1.getBit(s)) { s++; }\n const d = n.rightShift(new BigInteger(s));\n\n for (; k > 0; k--) {\n const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);\n\n let x = a.modExp(d, n);\n if (x.isOne() || x.equal(n1)) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = x.mul(x).mod(n);\n\n if (x.isOne()) {\n return false;\n }\n if (x.equal(n1)) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n * @private\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport async function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n * @private\n */\n\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\n/* eslint-disable no-invalid-this */\nconst RSAPrivateKey = nodeCrypto ? asn1.define('RSAPrivateKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('version').int(), // 0\n this.key('modulus').int(), // n\n this.key('publicExponent').int(), // e\n this.key('privateExponent').int(), // d\n this.key('prime1').int(), // p\n this.key('prime2').int(), // q\n this.key('exponent1').int(), // dp\n this.key('exponent2').int(), // dq\n this.key('coefficient').int() // u\n );\n}) : undefined;\n\nconst RSAPublicKey = nodeCrypto ? asn1.define('RSAPubliceKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('modulus').int(), // n\n this.key('publicExponent').int() // e\n );\n}) : undefined;\n/* eslint-enable no-invalid-this */\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n const BigInteger = await util.getBigInteger();\n\n e = new BigInteger(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return {\n n: b64ToUint8Array(jwk.n),\n e: e.toUint8Array(),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n } else if (util.getNodeCrypto() && nodeCrypto.generateKeyPair && RSAPrivateKey) {\n const opts = {\n modulusLength: bits,\n publicExponent: e.toNumber(),\n publicKeyEncoding: { type: 'pkcs1', format: 'der' },\n privateKeyEncoding: { type: 'pkcs1', format: 'der' }\n };\n const prv = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, der) => {\n if (err) {\n reject(err);\n } else {\n resolve(RSAPrivateKey.decode(der, 'der'));\n }\n });\n });\n /**\n * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`.\n * @link https://tools.ietf.org/html/rfc3447#section-3.2\n * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1\n */\n return {\n n: prv.modulus.toArrayLike(Uint8Array),\n e: prv.publicExponent.toArrayLike(Uint8Array),\n d: prv.privateExponent.toArrayLike(Uint8Array),\n // switch p and q\n p: prv.prime2.toArrayLike(Uint8Array),\n q: prv.prime1.toArrayLike(Uint8Array),\n // Since p and q are switched in places, we can keep u as defined by DER\n u: prv.coefficient.toArrayLike(Uint8Array)\n };\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = await randomProbablePrime(bits - (bits >> 1), e, 40);\n p = await randomProbablePrime(bits >> 1, e, 40);\n n = p.mul(q);\n } while (n.bitLength() !== bits);\n\n const phi = p.dec().imul(q.dec());\n\n if (q.lt(p)) {\n [p, q] = [q, p];\n }\n\n return {\n n: n.toUint8Array(),\n e: e.toUint8Array(),\n d: e.modInv(phi).toUint8Array(),\n p: p.toUint8Array(),\n q: q.toUint8Array(),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: p.modInv(q).toUint8Array()\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n p = new BigInteger(p);\n q = new BigInteger(q);\n\n // expect pq = n\n if (!p.mul(q).equal(n)) {\n return false;\n }\n\n const two = new BigInteger(2);\n // expect p*u = 1 mod q\n u = new BigInteger(u);\n if (!p.mul(u).mod(q).isOne()) {\n return false;\n }\n\n e = new BigInteger(e);\n d = new BigInteger(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));\n const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r.mul(d).mul(e);\n\n const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));\n d = new BigInteger(d);\n if (m.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return m.modExp(d, n).toUint8Array('be', n.byteLength());\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPrivateKey.encode(keyObject, 'der');\n return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' }));\n }\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n return new Uint8Array(sign.sign(pem));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n s = new BigInteger(s);\n e = new BigInteger(e);\n if (s.gte(n)) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());\n const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1' };\n } else {\n key = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n }\n try {\n return await verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const { default: BN } = await import('bn.js');\n\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n data = new BigInteger(emeEncode(data, n.byteLength()));\n e = new BigInteger(e);\n if (data.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return data.modExp(e, n).toUint8Array('be', n.byteLength());\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPrivateKey.encode(keyObject, 'der');\n key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n const BigInteger = await util.getBigInteger();\n data = new BigInteger(data);\n n = new BigInteger(n);\n e = new BigInteger(e);\n d = new BigInteger(d);\n p = new BigInteger(p);\n q = new BigInteger(q);\n u = new BigInteger(u);\n if (data.gte(n)) {\n throw new Error('Data too large.');\n }\n const dq = d.mod(q.dec()); // d mod (q-1)\n const dp = d.mod(p.dec()); // d mod (p-1)\n\n const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);\n const blinder = unblinder.modInv(n).modExp(e, n);\n data = data.mul(blinder).mod(n);\n\n\n const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p\n const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q\n const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h.mul(p).add(mp); // result < n due to relations above\n\n result = result.mul(unblinder).mod(n);\n\n\n return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n const pNum = new BigInteger(p);\n const qNum = new BigInteger(q);\n const dNum = new BigInteger(d);\n\n let dq = dNum.mod(qNum.dec()); // d mod (q-1)\n let dp = dNum.mod(pNum.dec()); // d mod (p-1)\n dp = dp.toUint8Array();\n dq = dq.toUint8Array();\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const padded = emeEncode(data, p.byteLength());\n const m = new BigInteger(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = await getRandomBigInteger(new BigInteger(1), p.dec());\n return {\n c1: g.modExp(k, p).toUint8Array(),\n c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n const BigInteger = await util.getBigInteger();\n c1 = new BigInteger(c1);\n c2 = new BigInteger(c2);\n p = new BigInteger(p);\n x = new BigInteger(x);\n\n const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);\n return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = new BigInteger(p.bitLength());\n const n1023 = new BigInteger(1023);\n if (pSize.lt(n1023)) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (!g.modExp(p.dec(), p).isOne()) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n const i = new BigInteger(1);\n const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold\n while (i.lt(threshold)) {\n res = res.mul(g).imod(p);\n if (res.isOne()) {\n return false;\n }\n i.iinc();\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1\n const rqx = p.dec().imul(r).iadd(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n * @private\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {string} String with the canonical name of the curve.\n */\n getName() {\n const hex = this.toHex();\n if (enums.curve[hex]) {\n return enums.write(enums.curve, hex);\n } else {\n throw new Error('Unknown curve object identifier.');\n }\n }\n}\n\nexport default OID;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library\n * @module crypto/public_key/elliptic/indutnyKey\n * @private\n */\n\nimport config from '../../../config';\n\nexport function keyFromPrivate(indutnyCurve, priv) {\n const keyPair = indutnyCurve.keyPair({ priv: priv });\n return keyPair;\n}\n\nexport function keyFromPublic(indutnyCurve, pub) {\n const keyPair = indutnyCurve.keyPair({ pub: pub });\n if (keyPair.validate().result !== true) {\n throw new Error('Invalid elliptic public key');\n }\n return keyPair;\n}\n\nexport async function getIndutnyCurve(name) {\n if (!config.useIndutnyElliptic) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n const { default: elliptic } = await import('@openpgp/elliptic');\n return new elliptic.ec(name);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new stream.TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { getRandomBytes } from '../../random';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport { UnsupportedError } from '../../../packet/packet';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n 'p256': 'P-256',\n 'p384': 'P-384',\n 'p521': 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined,\n brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n p256: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.p256,\n web: webCurves.p256,\n payloadSize: 32,\n sharedSize: 256\n },\n p384: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.p384,\n web: webCurves.p384,\n payloadSize: 48,\n sharedSize: 384\n },\n p521: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.p521,\n web: webCurves.p521,\n payloadSize: 66,\n sharedSize: 528\n },\n secp256k1: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.secp256k1,\n payloadSize: 32\n },\n ed25519: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32\n },\n curve25519: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32\n },\n brainpoolP256r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.brainpoolP256r1,\n payloadSize: 32\n },\n brainpoolP384r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.brainpoolP384r1,\n payloadSize: 48\n },\n brainpoolP512r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.brainpoolP512r1,\n payloadSize: 64\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName, params) {\n try {\n if (util.isArray(oidOrName) ||\n util.isUint8Array(oidOrName)) {\n // by oid byte array\n oidOrName = new OID(oidOrName);\n }\n if (oidOrName instanceof OID) {\n // by curve OID\n oidOrName = oidOrName.getName();\n }\n // by curve name or oid string\n this.name = enums.write(enums.curve, oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n params = params || curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node && curves[this.name];\n this.web = params.web && curves[this.name];\n this.payloadSize = params.payloadSize;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === 'curve25519') {\n this.type = 'curve25519';\n } else if (this.name === 'ed25519') {\n this.type = 'ed25519';\n }\n }\n\n async genKeyPair() {\n let keyPair;\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n break;\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519': {\n const privateKey = getRandomBytes(32);\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const secretKey = privateKey.slice().reverse();\n keyPair = nacl.box.keyPair.fromSecretKey(secretKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n case 'ed25519': {\n const privateKey = getRandomBytes(32);\n const keyPair = nacl.sign.keyPair.fromSeed(privateKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n }\n const indutnyCurve = await getIndutnyCurve(this.name);\n keyPair = await indutnyCurve.genKeyPair({\n entropy: util.uint8ArrayToString(getRandomBytes(32))\n });\n return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) };\n }\n}\n\nasync function generate(curve) {\n const BigInteger = await util.getBigInteger();\n\n curve = new CurveWithOID(curve);\n const keyPair = await curve.genKeyPair();\n const Q = new BigInteger(keyPair.publicKey).toUint8Array();\n const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize);\n return {\n oid: curve.oid,\n Q,\n secret,\n hash: curve.hash,\n cipher: curve.cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[enums.write(enums.curve, oid.toHex())].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n p256: true,\n p384: true,\n p521: true,\n secp256k1: true,\n curve25519: algo === enums.publicKey.ecdh,\n brainpoolP256r1: true,\n brainpoolP384r1: true,\n brainpoolP512r1: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === 'curve25519') {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const curve = await getIndutnyCurve(curveName);\n try {\n // Parse Q and check that it is on the curve but not at infinity\n Q = keyFromPublic(curve, Q).getPublic();\n } catch (validationErrors) {\n return false;\n }\n\n /**\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = keyFromPrivate(curve, d).getPublic();\n if (!dG.eq(Q)) {\n return false;\n }\n\n return true;\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nasync function webGenKeyPair(name) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = 0x04;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n * @private\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams } from './oid_curves';\nimport { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web': {\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n }\n case 'node': {\n const signature = await nodeSign(curve, hashAlgo, message, keyPair);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n }\n }\n }\n return ellipticSign(curve, hashed, privateKey);\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n return await webVerify(curve, hashAlgo, signature, message, publicKey);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node':\n return nodeVerify(curve, hashAlgo, signature, message, publicKey);\n }\n }\n const digest = (typeof hashAlgo === 'undefined') ? message : hashed;\n return ellipticVerify(curve, signature, digest, publicKey);\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\nasync function ellipticSign(curve, hashed, privateKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPrivate(indutnyCurve, privateKey);\n const signature = key.sign(hashed);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n}\n\nasync function ellipticVerify(curve, signature, digest, publicKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPublic(indutnyCurve, publicKey);\n return key.verify(digest, signature);\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, keyPair) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n const key = ECPrivateKey.encode({\n version: 1,\n parameters: curve.oid,\n privateKey: Array.from(keyPair.privateKey),\n publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }\n }, 'pem', {\n label: 'EC PRIVATE KEY'\n });\n\n return ECDSASignature.decode(sign.sign(key), 'der');\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n const key = SubjectPublicKeyInfo.encode({\n algorithm: {\n algorithm: [1, 2, 840, 10045, 2, 1],\n parameters: curve.oid\n },\n subjectPublicKey: { unused: 0, data: Array.from(publicKey) }\n }, 'pem', {\n label: 'PUBLIC KEY'\n });\n const signature = ECDSASignature.encode({\n r: new BN(r), s: new BN(s)\n }, 'der');\n\n try {\n return verify.verify(key, signature);\n } catch (err) {\n return false;\n }\n}\n\n// Originally written by Owen Smith https://github.com/omsmith\n// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/\n\n/* eslint-disable no-invalid-this */\n\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\nconst ECDSASignature = nodeCrypto ?\n asn1.define('ECDSASignature', function() {\n this.seq().obj(\n this.key('r').int(),\n this.key('s').int()\n );\n }) : undefined;\n\nconst ECPrivateKey = nodeCrypto ?\n asn1.define('ECPrivateKey', function() {\n this.seq().obj(\n this.key('version').int(),\n this.key('privateKey').octstr(),\n this.key('parameters').explicit(0).optional().any(),\n this.key('publicKey').explicit(1).optional().bitstr()\n );\n }) : undefined;\n\nconst AlgorithmIdentifier = nodeCrypto ?\n asn1.define('AlgorithmIdentifier', function() {\n this.seq().obj(\n this.key('algorithm').objid(),\n this.key('parameters').optional().any()\n );\n }) : undefined;\n\nconst SubjectPublicKeyInfo = nodeCrypto ?\n asn1.define('SubjectPublicKeyInfo', function() {\n this.seq().obj(\n this.key('algorithm').use(AlgorithmIdentifier),\n this.key('subjectPublicKey').bitstr()\n );\n }) : undefined;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);\n const signature = nacl.sign.detached(hashed, secretKey);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const signature = util.concatUint8Array([r, s]);\n return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== 'ed25519') {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const seed = getRandomBytes(32);\n const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = nacl.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n return nacl.sign.detached.verify(hashed, RS, publicKey);\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: // unsupported\n default:\n return false;\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n * @private\n */\n\nimport * as cipher from './cipher';\nimport util from '../util';\n\n/**\n * AES key wrap\n * @function\n * @param {Uint8Array} key\n * @param {Uint8Array} data\n * @returns {Uint8Array}\n */\nexport function wrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const P = unpack(data);\n let A = IV;\n const R = P;\n const n = P.length / 2;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 0; j <= 5; ++j) {\n for (let i = 0; i < n; ++i) {\n t[1] = n * j + (1 + i);\n // B = A\n B[0] = A[0];\n B[1] = A[1];\n // B = A || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES(K, B)\n B = unpack(aes.encrypt(pack(B)));\n // A = MSB(64, B) ^ t\n A = B.subarray(0, 2);\n A[0] ^= t[0];\n A[1] ^= t[1];\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n return pack(A, R);\n}\n\n/**\n * AES key unwrap\n * @function\n * @param {String} key\n * @param {String} data\n * @returns {Uint8Array}\n * @throws {Error}\n */\nexport function unwrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const C = unpack(data);\n let A = C.subarray(0, 2);\n const R = C.subarray(2);\n const n = C.length / 2 - 1;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 5; j >= 0; --j) {\n for (let i = n - 1; i >= 0; --i) {\n t[1] = n * j + (i + 1);\n // B = A ^ t\n B[0] = A[0] ^ t[0];\n B[1] = A[1] ^ t[1];\n // B = (A ^ t) || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES-1(B)\n B = unpack(aes.decrypt(pack(B)));\n // A = MSB(64, B)\n A = B.subarray(0, 2);\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n if (A[0] === IV[0] && A[1] === IV[1]) {\n return pack(R);\n }\n throw new Error('Key Data Integrity failed');\n}\n\nfunction createArrayBuffer(data) {\n if (util.isString(data)) {\n const { length } = data;\n const buffer = new ArrayBuffer(length);\n const view = new Uint8Array(buffer);\n for (let j = 0; j < length; ++j) {\n view[j] = data.charCodeAt(j);\n }\n return buffer;\n }\n return new Uint8Array(data).buffer;\n}\n\nfunction unpack(data) {\n const { length } = data;\n const buffer = createArrayBuffer(data);\n const view = new DataView(buffer);\n const arr = new Uint32Array(length / 4);\n for (let i = 0; i < length / 4; ++i) {\n arr[i] = view.getUint32(4 * i);\n }\n return arr;\n}\n\nfunction pack() {\n let length = 0;\n for (let k = 0; k < arguments.length; ++k) {\n length += 4 * arguments[k].length;\n }\n const buffer = new ArrayBuffer(length);\n const view = new DataView(buffer);\n let offset = 0;\n for (let i = 0; i < arguments.length; ++i) {\n for (let j = 0; j < arguments[i].length; ++j) {\n view.setUint32(offset + 4 * j, arguments[i][j]);\n }\n offset += 4 * arguments[i].length;\n }\n return new Uint8Array(buffer);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport getCipher from '../../cipher/getCipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint.subarray(0, 20)\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519': {\n const d = getRandomBytes(32);\n const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d);\n let { publicKey } = nacl.box.keyPair.fromSecretKey(secretKey);\n publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n }\n return ellipticPublicEphemeralKey(curve, Q);\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = aesKW.wrap(Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519': {\n const secretKey = d.slice().reverse();\n const sharedKey = nacl.scalarMult(secretKey, V.subarray(1));\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n }\n return ellipticPrivateEphemeralKey(curve, V, d);\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(aesKW.unwrap(Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: sender\n },\n privateKey,\n curve.web.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.web.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPrivateEphemeralKey(curve, V, d) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n V = keyFromPublic(indutnyCurve, V);\n d = keyFromPrivate(indutnyCurve, d);\n const secretKey = new Uint8Array(d.getPrivate());\n const S = d.derive(V.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPublicEphemeralKey(curve, Q) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const v = await curve.genKeyPair();\n Q = keyFromPublic(indutnyCurve, Q);\n const V = keyFromPrivate(indutnyCurve, v.privateKey);\n const publicKey = v.publicKey;\n const S = V.derive(Q.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle;\n\nexport default async function HKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n if (webCrypto || nodeSubtleCrypto) {\n const crypto = webCrypto || nodeSubtleCrypto;\n const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n }\n\n if (nodeCrypto) {\n const hashAlgoName = enums.read(enums.hash, hashAlgo);\n // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869\n\n const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest();\n // Step 1: Extract\n // PRK = HMAC-Hash(salt, IKM)\n const pseudoRandomKey = computeHMAC(salt, inputKey);\n\n const hashLen = pseudoRandomKey.length;\n\n // Step 2: Expand\n // HKDF-Expand(PRK, info, L) -> OKM\n const n = Math.ceil(outLen / hashLen);\n const outputKeyingMaterial = new Uint8Array(n * hashLen);\n\n // HMAC input buffer updated at each iteration\n const roundInput = new Uint8Array(hashLen + info.length + 1);\n // T_i and last byte are updated at each iteration, but `info` remains constant\n roundInput.set(info, hashLen);\n\n for (let i = 0; i < n; i++) {\n // T(0) = empty string (zero length)\n // T(i) = HMAC-Hash(PRK, T(i-1) | info | i)\n roundInput[roundInput.length - 1] = i + 1;\n // t = T(i+1)\n const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen));\n roundInput.set(t, 0);\n\n outputKeyingMaterial.set(t, i * hashLen);\n }\n\n return outputKeyingMaterial.subarray(0, outLen);\n }\n\n throw new Error('No HKDF implementation available');\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport getCipher from '../../cipher/getCipher';\nimport computeHKDF from '../../hkdf';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(32);\n const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA);\n const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = aesKW.wrap(encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n * @private\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n x = new BigInteger(x);\n\n let k;\n let r;\n let s;\n let t;\n g = g.mod(p);\n x = x.mod(q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = await getRandomBigInteger(one, q); // returns in [1, q-1]\n r = g.modExp(k, p).imod(q); // (g**k mod p) mod q\n if (r.isZero()) {\n continue;\n }\n const xr = x.mul(r).imod(q);\n t = h.add(xr).imod(q); // H(m) + x*r mod q\n s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q\n if (s.isZero()) {\n continue;\n }\n break;\n }\n return {\n r: r.toUint8Array('be', q.byteLength()),\n s: s.toUint8Array('be', q.byteLength())\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n const BigInteger = await util.getBigInteger();\n const zero = new BigInteger(0);\n r = new BigInteger(r);\n s = new BigInteger(s);\n\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n if (r.lte(zero) || r.gte(q) ||\n s.lte(zero) || s.gte(q)) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);\n const w = s.modInv(q); // s**-1 mod q\n if (w.isZero()) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = g.mod(p);\n y = y.mod(p);\n const u1 = h.mul(w).imod(q); // H(m) * w mod q\n const u2 = r.mul(w).imod(q); // r * w mod q\n const t1 = g.modExp(u1, p); // g**u1 mod p\n const t2 = y.modExp(u2, p); // y**u2 mod p\n const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q\n return v.equal(r);\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (!p.dec().mod(q).isZero()) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (!g.modExp(q, p).isOne()) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = new BigInteger(q.bitLength());\n const n150 = new BigInteger(150);\n if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q\n const rqx = q.mul(r).add(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa,\n /** @see tweetnacl */\n nacl: nacl\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n * @private\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read));\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { s };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read));\n return { r, s };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n let r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n r = util.leftPad(r, 32);\n let s = util.readMPI(signature.subarray(read));\n s = util.leftPad(s, 32);\n return { r, s };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n case enums.publicKey.ed25519: {\n const RS = signature.subarray(read, read + 64); read += RS.length;\n return { RS };\n }\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n // signature already padded on parsing\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal: {\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n * @private\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n * @private\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport getCipher from './cipher/getCipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { CurveWithOID } from './public_key/elliptic/oid_curves';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519: {\n if (!util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (!util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.x25519: {\n const A = bytes.subarray(read, read + 32); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const curve = new CurveWithOID(publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, curve.payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const curve = new CurveWithOID(publicParams.oid);\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, curve.payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519: {\n const seed = bytes.subarray(read, read + 32); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519: {\n const k = bytes.subarray(read, read + 32); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key.\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519: {\n const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n }\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipher(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipher(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\nexport { getCipher };\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get preferred hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n * @private\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","\n\n\nvar TYPED_OK = typeof Uint8Array !== \"undefined\" &&\n typeof Uint16Array !== \"undefined\" &&\n typeof Int32Array !== \"undefined\";\n\nfunction _has(obj, key) {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function assign(obj /*...args obj, from1, from2, from3, ...*/) {\n var sources = Array.prototype.slice.call(arguments, 1);\n while (sources.length) {\n var source = sources.shift();\n if (!source) {\n continue; \n }\n\n if (typeof source !== \"object\") {\n throw new TypeError(source + \"must be non-object\");\n }\n\n for (var p in source) {\n if (_has(source, p)) {\n obj[p] = source[p];\n }\n }\n }\n\n return obj;\n //return Object.assign(...args);\n}\n\n\n// reduce buffer size, avoiding mem copy\nexport function shrinkBuf(buf, size) {\n if (buf.length === size) {\n return buf; \n }\n if (buf.subarray) {\n return buf.subarray(0, size); \n }\n buf.length = size;\n return buf;\n}\n\n\nconst fnTyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n if (src.subarray && dest.subarray) {\n dest.set(src.subarray(src_offs, src_offs + len), dest_offs);\n return;\n }\n // Fallback to ordinary array\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n let i, l, len, pos, chunk;\n\n // calculate data length\n len = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n len += chunks[i].length;\n }\n\n // join chunks\n const result = new Uint8Array(len);\n pos = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n chunk = chunks[i];\n result.set(chunk, pos);\n pos += chunk.length;\n }\n\n return result;\n }\n};\n\nconst fnUntyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n return [].concat.apply([], chunks);\n }\n};\n\n\n// Enable/Disable typed arrays use, for testing\n//\n\nexport let Buf8 = TYPED_OK ? Uint8Array : Array;\nexport let Buf16 = TYPED_OK ? Uint16Array : Array;\nexport let Buf32 = TYPED_OK ? Int32Array : Array;\nexport let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks;\nexport let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet;\nexport function setTyped(on) {\n if (on) {\n Buf8 = Uint8Array;\n Buf16 = Uint16Array;\n Buf32 = Int32Array;\n ({ flattenChunks, arraySet } = fnTyped);\n } else {\n Buf8 = Array;\n Buf16 = Array;\n Buf32 = Array;\n ({ flattenChunks, arraySet } = fnUntyped);\n }\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* Allowed flush values; see deflate() and inflate() below for details */\nexport const Z_NO_FLUSH = 0;\nexport const Z_PARTIAL_FLUSH = 1;\nexport const Z_SYNC_FLUSH = 2;\nexport const Z_FULL_FLUSH = 3;\nexport const Z_FINISH = 4;\nexport const Z_BLOCK = 5;\nexport const Z_TREES = 6;\n\n/* Return codes for the compression/decompression functions. Negative values\n * are errors, positive values are used for special but normal events.\n */\nexport const Z_OK = 0;\nexport const Z_STREAM_END = 1;\nexport const Z_NEED_DICT = 2;\nexport const Z_ERRNO = -1;\nexport const Z_STREAM_ERROR = -2;\nexport const Z_DATA_ERROR = -3;\n//export const Z_MEM_ERROR = -4;\nexport const Z_BUF_ERROR = -5;\n//export const Z_VERSION_ERROR = -6;\n\n /* compression levels */\nexport const Z_NO_COMPRESSION = 0;\nexport const Z_BEST_SPEED = 1;\nexport const Z_BEST_COMPRESSION = 9;\nexport const Z_DEFAULT_COMPRESSION = -1;\n\n\nexport const Z_FILTERED = 1;\nexport const Z_HUFFMAN_ONLY = 2;\nexport const Z_RLE = 3;\nexport const Z_FIXED = 4;\nexport const Z_DEFAULT_STRATEGY = 0;\n\n/* Possible values of the data_type field (though see inflate()) */\nexport const Z_BINARY = 0;\nexport const Z_TEXT = 1;\n//export const Z_ASCII = 1; // = Z_TEXT (deprecated)\nexport const Z_UNKNOWN = 2;\n\n/* The deflate compression method */\nexport const Z_DEFLATED = 8;\n//export const Z_NULL = null // Use -1 or null inline, depending on var type\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* eslint-disable space-unary-ops */\n\nimport * as utils from \"../utils/common.js\";\nimport {\n Z_FIXED,\n Z_BINARY,\n Z_TEXT,\n Z_UNKNOWN\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nfunction zero(buf) {\n let len = buf.length; while (--len >= 0) {\n buf[len] = 0; \n } \n}\n\n// From zutil.h\n\nconst STORED_BLOCK = 0;\nconst STATIC_TREES = 1;\nconst DYN_TREES = 2;\n/* The three kinds of block type */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\n/* The minimum and maximum match lengths */\n\n// From deflate.h\n/* ===========================================================================\n * Internal compression state.\n */\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\n\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\n\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\n\nconst D_CODES = 30;\n/* number of distance codes */\n\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\n\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\n\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst Buf_size = 16;\n/* size of bit buffer in bi_buf */\n\n\n/* ===========================================================================\n * Constants\n */\n\nconst MAX_BL_BITS = 7;\n/* Bit length codes must not exceed MAX_BL_BITS bits */\n\nconst END_BLOCK = 256;\n/* end of block literal code */\n\nconst REP_3_6 = 16;\n/* repeat previous bit length 3-6 times (2 bits of repeat count) */\n\nconst REPZ_3_10 = 17;\n/* repeat a zero length 3-10 times (3 bits of repeat count) */\n\nconst REPZ_11_138 = 18;\n/* repeat a zero length 11-138 times (7 bits of repeat count) */\n\n/* eslint-disable comma-spacing,array-bracket-spacing */\nconst extra_lbits = /* extra bits for each length code */\n [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0];\n\nconst extra_dbits = /* extra bits for each distance code */\n [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13];\n\nconst extra_blbits = /* extra bits for each bit length code */\n [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7];\n\nconst bl_order =\n [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];\n/* eslint-enable comma-spacing,array-bracket-spacing */\n\n/* The lengths of the bit length codes are sent in order of decreasing\n * probability, to avoid transmitting the lengths for unused bit length codes.\n */\n\n/* ===========================================================================\n * Local data. These are initialized only once.\n */\n\n// We pre-fill arrays with 0 to avoid uninitialized gaps\n\nconst DIST_CODE_LEN = 512; /* see definition of array dist_code below */\n\n// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1\nconst static_ltree = new Array((L_CODES + 2) * 2);\nzero(static_ltree);\n/* The static literal tree. Since the bit lengths are imposed, there is no\n * need for the L_CODES extra codes used during heap construction. However\n * The codes 286 and 287 are needed to build a canonical tree (see _tr_init\n * below).\n */\n\nconst static_dtree = new Array(D_CODES * 2);\nzero(static_dtree);\n/* The static distance tree. (Actually a trivial tree since all codes use\n * 5 bits.)\n */\n\nconst _dist_code = new Array(DIST_CODE_LEN);\nzero(_dist_code);\n/* Distance codes. The first 256 values correspond to the distances\n * 3 .. 258, the last 256 values correspond to the top 8 bits of\n * the 15 bit distances.\n */\n\nconst _length_code = new Array(MAX_MATCH - MIN_MATCH + 1);\nzero(_length_code);\n/* length code for each normalized match length (0 == MIN_MATCH) */\n\nconst base_length = new Array(LENGTH_CODES);\nzero(base_length);\n/* First normalized length for each code (0 = MIN_MATCH) */\n\nconst base_dist = new Array(D_CODES);\nzero(base_dist);\n/* First normalized distance for each code (0 = distance of 1) */\n\n\nfunction StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) {\n\n this.static_tree = static_tree; /* static tree or NULL */\n this.extra_bits = extra_bits; /* extra bits for each code or NULL */\n this.extra_base = extra_base; /* base index for extra_bits */\n this.elems = elems; /* max number of elements in the tree */\n this.max_length = max_length; /* max bit length for the codes */\n\n // show if `static_tree` has data or dummy - needed for monomorphic objects\n this.has_stree = static_tree && static_tree.length;\n}\n\n\nlet static_l_desc;\nlet static_d_desc;\nlet static_bl_desc;\n\n\nfunction TreeDesc(dyn_tree, stat_desc) {\n this.dyn_tree = dyn_tree; /* the dynamic tree */\n this.max_code = 0; /* largest code with non zero frequency */\n this.stat_desc = stat_desc; /* the corresponding static tree */\n}\n\n\n\nfunction d_code(dist) {\n return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)];\n}\n\n\n/* ===========================================================================\n * Output a short LSB first on the stream.\n * IN assertion: there is enough room in pendingBuf.\n */\nfunction put_short(s, w) {\n// put_byte(s, (uch)((w) & 0xff));\n// put_byte(s, (uch)((ush)(w) >> 8));\n s.pending_buf[s.pending++] = w & 0xff;\n s.pending_buf[s.pending++] = w >>> 8 & 0xff;\n}\n\n\n/* ===========================================================================\n * Send a value on a given number of bits.\n * IN assertion: length <= 16 and value fits in length bits.\n */\nfunction send_bits(s, value, length) {\n if (s.bi_valid > Buf_size - length) {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n put_short(s, s.bi_buf);\n s.bi_buf = value >> Buf_size - s.bi_valid;\n s.bi_valid += length - Buf_size;\n } else {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n s.bi_valid += length;\n }\n}\n\n\nfunction send_code(s, c, tree) {\n send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/);\n}\n\n\n/* ===========================================================================\n * Reverse the first len bits of a code, using straightforward code (a faster\n * method would use a table)\n * IN assertion: 1 <= len <= 15\n */\nfunction bi_reverse(code, len) {\n let res = 0;\n do {\n res |= code & 1;\n code >>>= 1;\n res <<= 1;\n } while (--len > 0);\n return res >>> 1;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer, keeping at most 7 bits in it.\n */\nfunction bi_flush(s) {\n if (s.bi_valid === 16) {\n put_short(s, s.bi_buf);\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n } else if (s.bi_valid >= 8) {\n s.pending_buf[s.pending++] = s.bi_buf & 0xff;\n s.bi_buf >>= 8;\n s.bi_valid -= 8;\n }\n}\n\n\n/* ===========================================================================\n * Compute the optimal bit lengths for a tree and update the total bit length\n * for the current block.\n * IN assertion: the fields freq and dad are set, heap[heap_max] and\n * above are the tree nodes sorted by increasing frequency.\n * OUT assertions: the field len is set to the optimal bit length, the\n * array bl_count contains the frequencies for each bit length.\n * The length opt_len is updated; static_len is also updated if stree is\n * not null.\n */\nfunction gen_bitlen(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const max_code = desc.max_code;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const extra = desc.stat_desc.extra_bits;\n const base = desc.stat_desc.extra_base;\n const max_length = desc.stat_desc.max_length;\n let h; /* heap index */\n let n, m; /* iterate over the tree elements */\n let bits; /* bit length */\n let xbits; /* extra bits */\n let f; /* frequency */\n let overflow = 0; /* number of elements with bit length too large */\n\n for (bits = 0; bits <= MAX_BITS; bits++) {\n s.bl_count[bits] = 0;\n }\n\n /* In a first pass, compute the optimal bit lengths (which may\n * overflow in the case of the bit length tree).\n */\n tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */\n\n for (h = s.heap_max + 1; h < HEAP_SIZE; h++) {\n n = s.heap[h];\n bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1;\n if (bits > max_length) {\n bits = max_length;\n overflow++;\n }\n tree[n * 2 + 1]/*.Len*/ = bits;\n /* We overwrite tree[n].Dad which is no longer needed */\n\n if (n > max_code) {\n continue; \n } /* not a leaf node */\n\n s.bl_count[bits]++;\n xbits = 0;\n if (n >= base) {\n xbits = extra[n - base];\n }\n f = tree[n * 2]/*.Freq*/;\n s.opt_len += f * (bits + xbits);\n if (has_stree) {\n s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits);\n }\n }\n if (overflow === 0) {\n return; \n }\n\n // Trace((stderr,\"\\nbit length overflow\\n\"));\n /* This happens for example on obj2 and pic of the Calgary corpus */\n\n /* Find the first bit length which could increase: */\n do {\n bits = max_length - 1;\n while (s.bl_count[bits] === 0) {\n bits--; \n }\n s.bl_count[bits]--; /* move one leaf down the tree */\n s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */\n s.bl_count[max_length]--;\n /* The brother of the overflow item also moves one step up,\n * but this does not affect bl_count[max_length]\n */\n overflow -= 2;\n } while (overflow > 0);\n\n /* Now recompute all bit lengths, scanning in increasing frequency.\n * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all\n * lengths instead of fixing only the wrong ones. This idea is taken\n * from 'ar' written by Haruhiko Okumura.)\n */\n for (bits = max_length; bits !== 0; bits--) {\n n = s.bl_count[bits];\n while (n !== 0) {\n m = s.heap[--h];\n if (m > max_code) {\n continue; \n }\n if (tree[m * 2 + 1]/*.Len*/ !== bits) {\n // Trace((stderr,\"code %d bits %d->%d\\n\", m, tree[m].Len, bits));\n s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/;\n tree[m * 2 + 1]/*.Len*/ = bits;\n }\n n--;\n }\n }\n}\n\n\n/* ===========================================================================\n * Generate the codes for a given tree and bit counts (which need not be\n * optimal).\n * IN assertion: the array bl_count contains the bit length statistics for\n * the given tree and the field len is set for all tree elements.\n * OUT assertion: the field code is set for all tree elements of non\n * zero code length.\n */\nfunction gen_codes(tree, max_code, bl_count)\n// ct_data *tree; /* the tree to decorate */\n// int max_code; /* largest code with non zero frequency */\n// ushf *bl_count; /* number of codes at each bit length */\n{\n const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */\n let code = 0; /* running code value */\n let bits; /* bit index */\n let n; /* code index */\n\n /* The distribution counts are first used to generate the code values\n * without bit reversal.\n */\n for (bits = 1; bits <= MAX_BITS; bits++) {\n next_code[bits] = code = code + bl_count[bits - 1] << 1;\n }\n /* Check that the bit counts in bl_count are consistent. The last code\n * must be all ones.\n */\n //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */\n length = 0;\n for (code = 0; code < LENGTH_CODES - 1; code++) {\n base_length[code] = length;\n for (n = 0; n < 1 << extra_lbits[code]; n++) {\n _length_code[length++] = code;\n }\n }\n //Assert (length == 256, \"tr_static_init: length != 256\");\n /* Note that the length 255 (match length 258) can be represented\n * in two different ways: code 284 + 5 bits or code 285, so we\n * overwrite length_code[255] to use the best encoding:\n */\n _length_code[length - 1] = code;\n\n /* Initialize the mapping dist (0..32K) -> dist code (0..29) */\n dist = 0;\n for (code = 0; code < 16; code++) {\n base_dist[code] = dist;\n for (n = 0; n < 1 << extra_dbits[code]; n++) {\n _dist_code[dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: dist != 256\");\n dist >>= 7; /* from now on, all distances are divided by 128 */\n for (; code < D_CODES; code++) {\n base_dist[code] = dist << 7;\n for (n = 0; n < 1 << extra_dbits[code] - 7; n++) {\n _dist_code[256 + dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: 256+dist != 512\");\n\n /* Construct the codes of the static literal tree */\n for (bits = 0; bits <= MAX_BITS; bits++) {\n bl_count[bits] = 0;\n }\n\n n = 0;\n while (n <= 143) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n while (n <= 255) {\n static_ltree[n * 2 + 1]/*.Len*/ = 9;\n n++;\n bl_count[9]++;\n }\n while (n <= 279) {\n static_ltree[n * 2 + 1]/*.Len*/ = 7;\n n++;\n bl_count[7]++;\n }\n while (n <= 287) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n /* Codes 286 and 287 do not exist, but we must include them in the\n * tree construction to get a canonical Huffman tree (longest code\n * all ones)\n */\n gen_codes(static_ltree, L_CODES + 1, bl_count);\n\n /* The static distance tree is trivial: */\n for (n = 0; n < D_CODES; n++) {\n static_dtree[n * 2 + 1]/*.Len*/ = 5;\n static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5);\n }\n\n // Now data ready and we can init static trees\n static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS);\n static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS);\n static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS);\n\n //static_init_done = true;\n}\n\n\n/* ===========================================================================\n * Initialize a new block.\n */\nfunction init_block(s) {\n let n; /* iterates over tree elements */\n\n /* Initialize the trees. */\n for (n = 0; n < L_CODES; n++) {\n s.dyn_ltree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < D_CODES; n++) {\n s.dyn_dtree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < BL_CODES; n++) {\n s.bl_tree[n * 2]/*.Freq*/ = 0; \n }\n\n s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1;\n s.opt_len = s.static_len = 0;\n s.last_lit = s.matches = 0;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer and align the output on a byte boundary\n */\nfunction bi_windup(s) {\n if (s.bi_valid > 8) {\n put_short(s, s.bi_buf);\n } else if (s.bi_valid > 0) {\n //put_byte(s, (Byte)s->bi_buf);\n s.pending_buf[s.pending++] = s.bi_buf;\n }\n s.bi_buf = 0;\n s.bi_valid = 0;\n}\n\n/* ===========================================================================\n * Copy a stored block, storing first the length and its\n * one's complement if requested.\n */\nfunction copy_block(s, buf, len, header)\n//DeflateState *s;\n//charf *buf; /* the input data */\n//unsigned len; /* its length */\n//int header; /* true if block header must be written */\n{\n bi_windup(s); /* align on byte boundary */\n\n if (header) {\n put_short(s, len);\n put_short(s, ~len);\n }\n // while (len--) {\n // put_byte(s, *buf++);\n // }\n utils.arraySet(s.pending_buf, s.window, buf, len, s.pending);\n s.pending += len;\n}\n\n/* ===========================================================================\n * Compares to subtrees, using the tree depth as tie breaker when\n * the subtrees have equal frequency. This minimizes the worst case length.\n */\nfunction smaller(tree, n, m, depth) {\n const _n2 = n * 2;\n const _m2 = m * 2;\n return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ ||\n tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m];\n}\n\n/* ===========================================================================\n * Restore the heap property by moving down the tree starting at node k,\n * exchanging a node with the smallest of its two sons if necessary, stopping\n * when the heap property is re-established (each father smaller than its\n * two sons).\n */\nfunction pqdownheap(s, tree, k)\n// deflate_state *s;\n// ct_data *tree; /* the tree to restore */\n// int k; /* node to move down */\n{\n const v = s.heap[k];\n let j = k << 1; /* left son of k */\n while (j <= s.heap_len) {\n /* Set j to the smallest of the two sons: */\n if (j < s.heap_len &&\n smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) {\n j++;\n }\n /* Exit if v is smaller than both sons */\n if (smaller(tree, v, s.heap[j], s.depth)) {\n break; \n }\n\n /* Exchange v with the smallest son */\n s.heap[k] = s.heap[j];\n k = j;\n\n /* And continue down the tree, setting j to the left son of k */\n j <<= 1;\n }\n s.heap[k] = v;\n}\n\n\n// inlined manually\n// var SMALLEST = 1;\n\n/* ===========================================================================\n * Send the block data compressed using the given Huffman trees\n */\nfunction compress_block(s, ltree, dtree)\n// deflate_state *s;\n// const ct_data *ltree; /* literal tree */\n// const ct_data *dtree; /* distance tree */\n{\n let dist; /* distance of matched string */\n let lc; /* match length or unmatched char (if dist == 0) */\n let lx = 0; /* running index in l_buf */\n let code; /* the code to send */\n let extra; /* number of extra bits to send */\n\n if (s.last_lit !== 0) {\n do {\n dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1];\n lc = s.pending_buf[s.l_buf + lx];\n lx++;\n\n if (dist === 0) {\n send_code(s, lc, ltree); /* send a literal byte */\n //Tracecv(isgraph(lc), (stderr,\" '%c' \", lc));\n } else {\n /* Here, lc is the match length - MIN_MATCH */\n code = _length_code[lc];\n send_code(s, code + LITERALS + 1, ltree); /* send the length code */\n extra = extra_lbits[code];\n if (extra !== 0) {\n lc -= base_length[code];\n send_bits(s, lc, extra); /* send the extra length bits */\n }\n dist--; /* dist is now the match distance - 1 */\n code = d_code(dist);\n //Assert (code < D_CODES, \"bad d_code\");\n\n send_code(s, code, dtree); /* send the distance code */\n extra = extra_dbits[code];\n if (extra !== 0) {\n dist -= base_dist[code];\n send_bits(s, dist, extra); /* send the extra distance bits */\n }\n } /* literal or match pair ? */\n\n /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */\n //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,\n // \"pendingBuf overflow\");\n\n } while (lx < s.last_lit);\n }\n\n send_code(s, END_BLOCK, ltree);\n}\n\n\n/* ===========================================================================\n * Construct one Huffman tree and assigns the code bit strings and lengths.\n * Update the total bit length for the current block.\n * IN assertion: the field freq is set for all tree elements.\n * OUT assertions: the fields len and code are set to the optimal bit length\n * and corresponding code. The length opt_len is updated; static_len is\n * also updated if stree is not null. The field max_code is set.\n */\nfunction build_tree(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const elems = desc.stat_desc.elems;\n let n, m; /* iterate over heap elements */\n let max_code = -1; /* largest code with non zero frequency */\n let node; /* new node being created */\n\n /* Construct the initial heap, with least frequent element in\n * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].\n * heap[0] is not used.\n */\n s.heap_len = 0;\n s.heap_max = HEAP_SIZE;\n\n for (n = 0; n < elems; n++) {\n if (tree[n * 2]/*.Freq*/ !== 0) {\n s.heap[++s.heap_len] = max_code = n;\n s.depth[n] = 0;\n\n } else {\n tree[n * 2 + 1]/*.Len*/ = 0;\n }\n }\n\n /* The pkzip format requires that at least one distance code exists,\n * and that at least one bit should be sent even if there is only one\n * possible code. So to avoid special checks later on we force at least\n * two codes of non zero frequency.\n */\n while (s.heap_len < 2) {\n node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0;\n tree[node * 2]/*.Freq*/ = 1;\n s.depth[node] = 0;\n s.opt_len--;\n\n if (has_stree) {\n s.static_len -= stree[node * 2 + 1]/*.Len*/;\n }\n /* node is 0 or 1 so it does not have extra bits */\n }\n desc.max_code = max_code;\n\n /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,\n * establish sub-heaps of increasing lengths:\n */\n for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) {\n pqdownheap(s, tree, n); \n }\n\n /* Construct the Huffman tree by repeatedly combining the least two\n * frequent nodes.\n */\n node = elems; /* next internal node of the tree */\n do {\n //pqremove(s, tree, n); /* n = node of least frequency */\n /*** pqremove ***/\n n = s.heap[1/*SMALLEST*/];\n s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--];\n pqdownheap(s, tree, 1/*SMALLEST*/);\n /***/\n\n m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */\n\n s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */\n s.heap[--s.heap_max] = m;\n\n /* Create a new node father of n and m */\n tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/;\n s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1;\n tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node;\n\n /* and insert the new node in the heap */\n s.heap[1/*SMALLEST*/] = node++;\n pqdownheap(s, tree, 1/*SMALLEST*/);\n\n } while (s.heap_len >= 2);\n\n s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/];\n\n /* At this point, the fields freq and dad are set. We can now\n * generate the bit lengths.\n */\n gen_bitlen(s, desc);\n\n /* The field len is now set, we can generate the bit codes */\n gen_codes(tree, max_code, s.bl_count);\n}\n\n\n/* ===========================================================================\n * Scan a literal or distance tree to determine the frequencies of the codes\n * in the bit length tree.\n */\nfunction scan_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n s.bl_tree[curlen * 2]/*.Freq*/ += count;\n\n } else if (curlen !== 0) {\n\n if (curlen !== prevlen) {\n s.bl_tree[curlen * 2]/*.Freq*/++; \n }\n s.bl_tree[REP_3_6 * 2]/*.Freq*/++;\n\n } else if (count <= 10) {\n s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++;\n\n } else {\n s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++;\n }\n\n count = 0;\n prevlen = curlen;\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Send a literal or distance tree in compressed form, using the codes in\n * bl_tree.\n */\nfunction send_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n /* tree[max_code+1].Len = -1; */ /* guard already set */\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n do {\n send_code(s, curlen, s.bl_tree); \n } while (--count !== 0);\n\n } else if (curlen !== 0) {\n if (curlen !== prevlen) {\n send_code(s, curlen, s.bl_tree);\n count--;\n }\n //Assert(count >= 3 && count <= 6, \" 3_6?\");\n send_code(s, REP_3_6, s.bl_tree);\n send_bits(s, count - 3, 2);\n\n } else if (count <= 10) {\n send_code(s, REPZ_3_10, s.bl_tree);\n send_bits(s, count - 3, 3);\n\n } else {\n send_code(s, REPZ_11_138, s.bl_tree);\n send_bits(s, count - 11, 7);\n }\n\n count = 0;\n prevlen = curlen;\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Construct the Huffman tree for the bit lengths and return the index in\n * bl_order of the last bit length code to send.\n */\nfunction build_bl_tree(s) {\n let max_blindex; /* index of last bit length code of non zero freq */\n\n /* Determine the bit length frequencies for literal and distance trees */\n scan_tree(s, s.dyn_ltree, s.l_desc.max_code);\n scan_tree(s, s.dyn_dtree, s.d_desc.max_code);\n\n /* Build the bit length tree: */\n build_tree(s, s.bl_desc);\n /* opt_len now includes the length of the tree representations, except\n * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.\n */\n\n /* Determine the number of bit length codes to send. The pkzip format\n * requires that at least 4 bit length codes be sent. (appnote.txt says\n * 3 but the actual value used is 4.)\n */\n for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) {\n if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) {\n break;\n }\n }\n /* Update opt_len to include the bit length tree and counts */\n s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;\n //Tracev((stderr, \"\\ndyn trees: dyn %ld, stat %ld\",\n // s->opt_len, s->static_len));\n\n return max_blindex;\n}\n\n\n/* ===========================================================================\n * Send the header for a block using dynamic Huffman trees: the counts, the\n * lengths of the bit length codes, the literal tree and the distance tree.\n * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.\n */\nfunction send_all_trees(s, lcodes, dcodes, blcodes)\n// deflate_state *s;\n// int lcodes, dcodes, blcodes; /* number of codes for each tree */\n{\n let rank; /* index in bl_order */\n\n //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, \"not enough codes\");\n //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,\n // \"too many codes\");\n //Tracev((stderr, \"\\nbl counts: \"));\n send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */\n send_bits(s, dcodes - 1, 5);\n send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */\n for (rank = 0; rank < blcodes; rank++) {\n //Tracev((stderr, \"\\nbl code %2d \", bl_order[rank]));\n send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3);\n }\n //Tracev((stderr, \"\\nbl tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */\n //Tracev((stderr, \"\\nlit tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */\n //Tracev((stderr, \"\\ndist tree: sent %ld\", s->bits_sent));\n}\n\n\n/* ===========================================================================\n * Check if the data type is TEXT or BINARY, using the following algorithm:\n * - TEXT if the two conditions below are satisfied:\n * a) There are no non-portable control characters belonging to the\n * \"black list\" (0..6, 14..25, 28..31).\n * b) There is at least one printable character belonging to the\n * \"white list\" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).\n * - BINARY otherwise.\n * - The following partially-portable control characters form a\n * \"gray list\" that is ignored in this detection algorithm:\n * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).\n * IN assertion: the fields Freq of dyn_ltree are set.\n */\nfunction detect_data_type(s) {\n /* black_mask is the bit mask of black-listed bytes\n * set bits 0..6, 14..25, and 28..31\n * 0xf3ffc07f = binary 11110011111111111100000001111111\n */\n let black_mask = 0xf3ffc07f;\n let n;\n\n /* Check for non-textual (\"black-listed\") bytes. */\n for (n = 0; n <= 31; n++, black_mask >>>= 1) {\n if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_BINARY;\n }\n }\n\n /* Check for textual (\"white-listed\") bytes. */\n if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||\n s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n for (n = 32; n < LITERALS; n++) {\n if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n }\n\n /* There are no \"black-listed\" or \"white-listed\" bytes:\n * this stream either is empty or has tolerated (\"gray-listed\") bytes only.\n */\n return Z_BINARY;\n}\n\n\nlet static_init_done = false;\n\n/* ===========================================================================\n * Initialize the tree data structures for a new zlib stream.\n */\nfunction _tr_init(s) {\n\n if (!static_init_done) {\n tr_static_init();\n static_init_done = true;\n }\n\n s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc);\n s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc);\n s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc);\n\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n /* Initialize the first block of the first file: */\n init_block(s);\n}\n\n\n/* ===========================================================================\n * Send a stored block\n */\nfunction _tr_stored_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */\n copy_block(s, buf, stored_len, true); /* with header */\n}\n\n\n/* ===========================================================================\n * Send one empty static block to give enough lookahead for inflate.\n * This takes 10 bits, of which 7 may remain in the bit buffer.\n */\nfunction _tr_align(s) {\n send_bits(s, STATIC_TREES << 1, 3);\n send_code(s, END_BLOCK, static_ltree);\n bi_flush(s);\n}\n\n\n/* ===========================================================================\n * Determine the best encoding for the current block: dynamic trees, static\n * trees or store, and output the encoded block to the zip file.\n */\nfunction _tr_flush_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block, or NULL if too old */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n let opt_lenb, static_lenb; /* opt_len and static_len in bytes */\n let max_blindex = 0; /* index of last bit length code of non zero freq */\n\n /* Build the Huffman trees unless a stored block is forced */\n if (s.level > 0) {\n\n /* Check if the file is binary or text */\n if (s.strm.data_type === Z_UNKNOWN) {\n s.strm.data_type = detect_data_type(s);\n }\n\n /* Construct the literal and distance trees */\n build_tree(s, s.l_desc);\n // Tracev((stderr, \"\\nlit data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n\n build_tree(s, s.d_desc);\n // Tracev((stderr, \"\\ndist data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n /* At this point, opt_len and static_len are the total bit lengths of\n * the compressed block data, excluding the tree representations.\n */\n\n /* Build the bit length tree for the above two trees, and get the index\n * in bl_order of the last bit length code to send.\n */\n max_blindex = build_bl_tree(s);\n\n /* Determine the best encoding. Compute the block lengths in bytes. */\n opt_lenb = s.opt_len + 3 + 7 >>> 3;\n static_lenb = s.static_len + 3 + 7 >>> 3;\n\n // Tracev((stderr, \"\\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u \",\n // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,\n // s->last_lit));\n\n if (static_lenb <= opt_lenb) {\n opt_lenb = static_lenb; \n }\n\n } else {\n // Assert(buf != (char*)0, \"lost buf\");\n opt_lenb = static_lenb = stored_len + 5; /* force a stored block */\n }\n\n if (stored_len + 4 <= opt_lenb && buf !== -1) {\n /* 4: two words for the lengths */\n\n /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.\n * Otherwise we can't have processed more than WSIZE input bytes since\n * the last block flush, because compression would have been\n * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to\n * transform a block into a stored block.\n */\n _tr_stored_block(s, buf, stored_len, last);\n\n } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) {\n\n send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3);\n compress_block(s, static_ltree, static_dtree);\n\n } else {\n send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3);\n send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1);\n compress_block(s, s.dyn_ltree, s.dyn_dtree);\n }\n // Assert (s->compressed_len == s->bits_sent, \"bad compressed size\");\n /* The above check is made mod 2^32, for files larger than 512 MB\n * and uLong implemented on 32 bits.\n */\n init_block(s);\n\n if (last) {\n bi_windup(s);\n }\n // Tracev((stderr,\"\\ncomprlen %lu(%lu) \", s->compressed_len>>3,\n // s->compressed_len-7*last));\n}\n\n/* ===========================================================================\n * Save the match info and tally the frequency counts. Return true if\n * the current block must be flushed.\n */\nfunction _tr_tally(s, dist, lc)\n// deflate_state *s;\n// unsigned dist; /* distance of matched string */\n// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */\n{\n //var out_length, in_length, dcode;\n\n s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff;\n s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff;\n\n s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff;\n s.last_lit++;\n\n if (dist === 0) {\n /* lc is the unmatched char */\n s.dyn_ltree[lc * 2]/*.Freq*/++;\n } else {\n s.matches++;\n /* Here, lc is the match length - MIN_MATCH */\n dist--; /* dist = match distance - 1 */\n //Assert((ush)dist < (ush)MAX_DIST(s) &&\n // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&\n // (ush)d_code(dist) < (ush)D_CODES, \"_tr_tally: bad match\");\n\n s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++;\n s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n\n //#ifdef TRUNCATE_BLOCK\n // /* Try to guess if it is profitable to stop the current block here */\n // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) {\n // /* Compute an upper bound for the compressed length */\n // out_length = s.last_lit*8;\n // in_length = s.strstart - s.block_start;\n //\n // for (dcode = 0; dcode < D_CODES; dcode++) {\n // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]);\n // }\n // out_length >>>= 3;\n // //Tracev((stderr,\"\\nlast_lit %u, in %ld, out ~%ld(%ld%%) \",\n // // s->last_lit, in_length, out_length,\n // // 100L - out_length*100L/in_length));\n // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) {\n // return true;\n // }\n // }\n //#endif\n\n return s.last_lit === s.lit_bufsize - 1;\n /* We avoid equality with lit_bufsize because of wraparound at 64K\n * on 16 bit machines and because stored blocks are restricted to\n * 64K-1 bytes.\n */\n}\n\nexport {\n _tr_init,\n _tr_stored_block,\n _tr_flush_block,\n _tr_tally,\n _tr_align\n};","\n\n// Note: adler32 takes 12% for level 0 and 2% for level 6.\n// It isn't worth it to make additional optimizations as in original.\n// Small size is preferable.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default function adler32(adler, buf, len, pos) {\n let s1 = adler & 0xffff |0,\n s2 = adler >>> 16 & 0xffff |0,\n n = 0;\n\n while (len !== 0) {\n // Set limit ~ twice less than 5552, to keep\n // s2 in 31-bits, because we force signed ints.\n // in other case %= will fail.\n n = len > 2000 ? 2000 : len;\n len -= n;\n\n do {\n s1 = s1 + buf[pos++] |0;\n s2 = s2 + s1 |0;\n } while (--n);\n\n s1 %= 65521;\n s2 %= 65521;\n }\n\n return s1 | s2 << 16 |0;\n}\n","\n\n// Note: we can't get significant speed boost here.\n// So write code to minimize size - no pregenerated tables\n// and array tools dependencies.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// Use ordinary array, since untyped makes no boost here\nfunction makeTable() {\n let c;\n const table = [];\n\n for (let n = 0; n < 256; n++) {\n c = n;\n for (let k = 0; k < 8; k++) {\n c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1;\n }\n table[n] = c;\n }\n\n return table;\n}\n\n// Create table on load. Just 255 signed longs. Not a problem.\nconst crcTable = makeTable();\n\n\nexport default function crc32(crc, buf, len, pos) {\n const t = crcTable,\n end = pos + len;\n\n crc ^= -1;\n\n for (let i = pos; i < end; i++) {\n crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF];\n }\n\n return crc ^ -1; // >>> 0;\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default {\n 2: \"need dictionary\", /* Z_NEED_DICT 2 */\n 1: \"stream end\", /* Z_STREAM_END 1 */\n 0: \"\", /* Z_OK 0 */\n \"-1\": \"file error\", /* Z_ERRNO (-1) */\n \"-2\": \"stream error\", /* Z_STREAM_ERROR (-2) */\n \"-3\": \"data error\", /* Z_DATA_ERROR (-3) */\n \"-4\": \"insufficient memory\", /* Z_MEM_ERROR (-4) */\n \"-5\": \"buffer error\", /* Z_BUF_ERROR (-5) */\n \"-6\": \"incompatible version\" /* Z_VERSION_ERROR (-6) */\n};\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport * as trees from \"./trees.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport msg from \"./messages.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_NO_FLUSH,\n Z_PARTIAL_FLUSH,\n Z_FULL_FLUSH,\n Z_FINISH,\n Z_BLOCK,\n Z_OK,\n Z_STREAM_END,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFAULT_COMPRESSION,\n Z_FILTERED,\n Z_HUFFMAN_ONLY,\n Z_RLE,\n Z_FIXED,\n Z_DEFAULT_STRATEGY,\n Z_UNKNOWN,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nconst MAX_MEM_LEVEL = 9;\n/* Maximum value for memLevel in deflateInit2 */\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_MEM_LEVEL = 8;\n\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\nconst D_CODES = 30;\n/* number of distance codes */\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\nconst MIN_LOOKAHEAD = (MAX_MATCH + MIN_MATCH + 1);\n\nconst PRESET_DICT = 0x20;\n\nconst INIT_STATE = 42;\nconst EXTRA_STATE = 69;\nconst NAME_STATE = 73;\nconst COMMENT_STATE = 91;\nconst HCRC_STATE = 103;\nconst BUSY_STATE = 113;\nconst FINISH_STATE = 666;\n\nconst BS_NEED_MORE = 1; /* block not completed, need more input or more output */\nconst BS_BLOCK_DONE = 2; /* block flush performed */\nconst BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */\nconst BS_FINISH_DONE = 4; /* finish done, accept no more input or output */\n\nconst OS_CODE = 0x03; // Unix :) . Don't detect, use this default.\n\nfunction err(strm, errorCode) {\n strm.msg = msg[errorCode];\n return errorCode;\n}\n\nfunction rank(f) {\n return ((f) << 1) - ((f) > 4 ? 9 : 0);\n}\n\nfunction zero(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } }\n\n\n/* =========================================================================\n * Flush as much pending output as possible. All deflate() output goes\n * through this function so some applications may wish to modify it\n * to avoid allocating a large strm->output buffer and copying into it.\n * (See also read_buf()).\n */\nfunction flush_pending(strm) {\n const s = strm.state;\n\n //_tr_flush_bits(s);\n let len = s.pending;\n if (len > strm.avail_out) {\n len = strm.avail_out;\n }\n if (len === 0) { return; }\n\n utils.arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out);\n strm.next_out += len;\n s.pending_out += len;\n strm.total_out += len;\n strm.avail_out -= len;\n s.pending -= len;\n if (s.pending === 0) {\n s.pending_out = 0;\n }\n}\n\n\nfunction flush_block_only(s, last) {\n trees._tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last);\n s.block_start = s.strstart;\n flush_pending(s.strm);\n}\n\n\nfunction put_byte(s, b) {\n s.pending_buf[s.pending++] = b;\n}\n\n\n/* =========================================================================\n * Put a short in the pending buffer. The 16-bit value is put in MSB order.\n * IN assertion: the stream state is correct and there is enough room in\n * pending_buf.\n */\nfunction putShortMSB(s, b) {\n // put_byte(s, (Byte)(b >> 8));\n // put_byte(s, (Byte)(b & 0xff));\n s.pending_buf[s.pending++] = (b >>> 8) & 0xff;\n s.pending_buf[s.pending++] = b & 0xff;\n}\n\n\n/* ===========================================================================\n * Read a new buffer from the current input stream, update the adler32\n * and total number of bytes read. All deflate() input goes through\n * this function so some applications may wish to modify it to avoid\n * allocating a large strm->input buffer and copying from it.\n * (See also flush_pending()).\n */\nfunction read_buf(strm, buf, start, size) {\n let len = strm.avail_in;\n\n if (len > size) { len = size; }\n if (len === 0) { return 0; }\n\n strm.avail_in -= len;\n\n // zmemcpy(buf, strm->next_in, len);\n utils.arraySet(buf, strm.input, strm.next_in, len, start);\n if (strm.state.wrap === 1) {\n strm.adler = adler32(strm.adler, buf, len, start);\n }\n\n else if (strm.state.wrap === 2) {\n strm.adler = crc32(strm.adler, buf, len, start);\n }\n\n strm.next_in += len;\n strm.total_in += len;\n\n return len;\n}\n\n\n/* ===========================================================================\n * Set match_start to the longest match starting at the given string and\n * return its length. Matches shorter or equal to prev_length are discarded,\n * in which case the result is equal to prev_length and match_start is\n * garbage.\n * IN assertions: cur_match is the head of the hash chain for the current\n * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1\n * OUT assertion: the match length is not greater than s->lookahead.\n */\nfunction longest_match(s, cur_match) {\n let chain_length = s.max_chain_length; /* max hash chain length */\n let scan = s.strstart; /* current string */\n let match; /* matched string */\n let len; /* length of current match */\n let best_len = s.prev_length; /* best match length so far */\n let nice_match = s.nice_match; /* stop if match long enough */\n const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ?\n s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/;\n\n const _win = s.window; // shortcut\n\n const wmask = s.w_mask;\n const prev = s.prev;\n\n /* Stop when cur_match becomes <= limit. To simplify the code,\n * we prevent matches with the string of window index 0.\n */\n\n const strend = s.strstart + MAX_MATCH;\n let scan_end1 = _win[scan + best_len - 1];\n let scan_end = _win[scan + best_len];\n\n /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.\n * It is easy to get rid of this optimization if necessary.\n */\n // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, \"Code too clever\");\n\n /* Do not waste too much time if we already have a good match: */\n if (s.prev_length >= s.good_match) {\n chain_length >>= 2;\n }\n /* Do not look for matches beyond the end of the input. This is necessary\n * to make deflate deterministic.\n */\n if (nice_match > s.lookahead) { nice_match = s.lookahead; }\n\n // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, \"need lookahead\");\n\n do {\n // Assert(cur_match < s->strstart, \"no future\");\n match = cur_match;\n\n /* Skip to next match if the match length cannot increase\n * or if the match length is less than 2. Note that the checks below\n * for insufficient lookahead only occur occasionally for performance\n * reasons. Therefore uninitialized memory will be accessed, and\n * conditional jumps will be made that depend on those values.\n * However the length of the match is limited to the lookahead, so\n * the output of deflate is not affected by the uninitialized values.\n */\n\n if (_win[match + best_len] !== scan_end ||\n _win[match + best_len - 1] !== scan_end1 ||\n _win[match] !== _win[scan] ||\n _win[++match] !== _win[scan + 1]) {\n continue;\n }\n\n /* The check at best_len-1 can be removed because it will be made\n * again later. (This heuristic is not always a win.)\n * It is not necessary to compare scan[2] and match[2] since they\n * are always equal when the other bytes match, given that\n * the hash keys are equal and that HASH_BITS >= 8.\n */\n scan += 2;\n match++;\n // Assert(*scan == *match, \"match[2]?\");\n\n /* We check for insufficient lookahead only every 8th comparison;\n * the 256th check will be made at strstart+258.\n */\n do {\n /*jshint noempty:false*/\n } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n scan < strend);\n\n // Assert(scan <= s->window+(unsigned)(s->window_size-1), \"wild scan\");\n\n len = MAX_MATCH - (strend - scan);\n scan = strend - MAX_MATCH;\n\n if (len > best_len) {\n s.match_start = cur_match;\n best_len = len;\n if (len >= nice_match) {\n break;\n }\n scan_end1 = _win[scan + best_len - 1];\n scan_end = _win[scan + best_len];\n }\n } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0);\n\n if (best_len <= s.lookahead) {\n return best_len;\n }\n return s.lookahead;\n}\n\n\n/* ===========================================================================\n * Fill the window when the lookahead becomes insufficient.\n * Updates strstart and lookahead.\n *\n * IN assertion: lookahead < MIN_LOOKAHEAD\n * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD\n * At least one byte has been read, or avail_in == 0; reads are\n * performed for at least two bytes (required for the zip translate_eol\n * option -- not supported here).\n */\nfunction fill_window(s) {\n const _w_size = s.w_size;\n let p, n, m, more, str;\n\n //Assert(s->lookahead < MIN_LOOKAHEAD, \"already enough lookahead\");\n\n do {\n more = s.window_size - s.lookahead - s.strstart;\n\n // JS ints have 32 bit, block below not needed\n /* Deal with !@#$% 64K limit: */\n //if (sizeof(int) <= 2) {\n // if (more == 0 && s->strstart == 0 && s->lookahead == 0) {\n // more = wsize;\n //\n // } else if (more == (unsigned)(-1)) {\n // /* Very unlikely, but possible on 16 bit machine if\n // * strstart == 0 && lookahead == 1 (input done a byte at time)\n // */\n // more--;\n // }\n //}\n\n\n /* If the window is almost full and there is insufficient lookahead,\n * move the upper half to the lower one to make room in the upper half.\n */\n if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) {\n\n utils.arraySet(s.window, s.window, _w_size, _w_size, 0);\n s.match_start -= _w_size;\n s.strstart -= _w_size;\n /* we now have strstart >= MAX_DIST */\n s.block_start -= _w_size;\n\n /* Slide the hash table (could be avoided with 32 bit values\n at the expense of memory usage). We slide even when level == 0\n to keep the hash table consistent if we switch back to level > 0\n later. (Using level 0 permanently is not an optimal usage of\n zlib, so we don't care about this pathological case.)\n */\n\n n = s.hash_size;\n p = n;\n do {\n m = s.head[--p];\n s.head[p] = (m >= _w_size ? m - _w_size : 0);\n } while (--n);\n\n n = _w_size;\n p = n;\n do {\n m = s.prev[--p];\n s.prev[p] = (m >= _w_size ? m - _w_size : 0);\n /* If n is not on any hash chain, prev[n] is garbage but\n * its value will never be used.\n */\n } while (--n);\n\n more += _w_size;\n }\n if (s.strm.avail_in === 0) {\n break;\n }\n\n /* If there was no sliding:\n * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&\n * more == window_size - lookahead - strstart\n * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)\n * => more >= window_size - 2*WSIZE + 2\n * In the BIG_MEM or MMAP case (not yet supported),\n * window_size == input_size + MIN_LOOKAHEAD &&\n * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.\n * Otherwise, window_size == 2*WSIZE so more >= 2.\n * If there was sliding, more >= WSIZE. So in all cases, more >= 2.\n */\n //Assert(more >= 2, \"more < 2\");\n n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more);\n s.lookahead += n;\n\n /* Initialize the hash value now that we have some input: */\n if (s.lookahead + s.insert >= MIN_MATCH) {\n str = s.strstart - s.insert;\n s.ins_h = s.window[str];\n\n /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask;\n //#if MIN_MATCH != 3\n // Call update_hash() MIN_MATCH-3 more times\n //#endif\n while (s.insert) {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = str;\n str++;\n s.insert--;\n if (s.lookahead + s.insert < MIN_MATCH) {\n break;\n }\n }\n }\n /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,\n * but this is not important since only literal bytes will be emitted.\n */\n\n } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0);\n\n /* If the WIN_INIT bytes after the end of the current data have never been\n * written, then zero those bytes in order to avoid memory check reports of\n * the use of uninitialized (or uninitialised as Julian writes) bytes by\n * the longest match routines. Update the high water mark for the next\n * time through here. WIN_INIT is set to MAX_MATCH since the longest match\n * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.\n */\n // if (s.high_water < s.window_size) {\n // var curr = s.strstart + s.lookahead;\n // var init = 0;\n //\n // if (s.high_water < curr) {\n // /* Previous high water mark below current data -- zero WIN_INIT\n // * bytes or up to end of window, whichever is less.\n // */\n // init = s.window_size - curr;\n // if (init > WIN_INIT)\n // init = WIN_INIT;\n // zmemzero(s->window + curr, (unsigned)init);\n // s->high_water = curr + init;\n // }\n // else if (s->high_water < (ulg)curr + WIN_INIT) {\n // /* High water mark at or above current data, but below current data\n // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up\n // * to end of window, whichever is less.\n // */\n // init = (ulg)curr + WIN_INIT - s->high_water;\n // if (init > s->window_size - s->high_water)\n // init = s->window_size - s->high_water;\n // zmemzero(s->window + s->high_water, (unsigned)init);\n // s->high_water += init;\n // }\n // }\n //\n // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,\n // \"not enough room for search\");\n}\n\n/* ===========================================================================\n * Copy without compression as much as possible from the input stream, return\n * the current block state.\n * This function does not insert new strings in the dictionary since\n * uncompressible data is probably not useful. This function is used\n * only for the level=0 compression option.\n * NOTE: this function should be optimized to avoid extra copying from\n * window to pending_buf.\n */\nfunction deflate_stored(s, flush) {\n /* Stored blocks are limited to 0xffff bytes, pending_buf is limited\n * to pending_buf_size, and each stored block has a 5 byte header:\n */\n let max_block_size = 0xffff;\n\n if (max_block_size > s.pending_buf_size - 5) {\n max_block_size = s.pending_buf_size - 5;\n }\n\n /* Copy as much as possible from input to output: */\n for (; ;) {\n /* Fill the window as much as possible: */\n if (s.lookahead <= 1) {\n\n //Assert(s->strstart < s->w_size+MAX_DIST(s) ||\n // s->block_start >= (long)s->w_size, \"slide too late\");\n // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) ||\n // s.block_start >= s.w_size)) {\n // throw new Error(\"slide too late\");\n // }\n\n fill_window(s);\n if (s.lookahead === 0 && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n\n if (s.lookahead === 0) {\n break;\n }\n /* flush the current block */\n }\n //Assert(s->block_start >= 0L, \"block gone\");\n // if (s.block_start < 0) throw new Error(\"block gone\");\n\n s.strstart += s.lookahead;\n s.lookahead = 0;\n\n /* Emit a stored block if pending_buf will be full: */\n const max_start = s.block_start + max_block_size;\n\n if (s.strstart === 0 || s.strstart >= max_start) {\n /* strstart == 0 is possible when wraparound on 16-bit machine */\n s.lookahead = s.strstart - max_start;\n s.strstart = max_start;\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n\n\n }\n /* Flush if we may have to slide, otherwise block_start may become\n * negative and the data will be gone:\n */\n if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n\n s.insert = 0;\n\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n\n if (s.strstart > s.block_start) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_NEED_MORE;\n}\n\n/* ===========================================================================\n * Compress as much as possible from the input stream, return the current\n * block state.\n * This function does not perform lazy evaluation of matches and inserts\n * new strings in the dictionary only for unmatched strings or for short\n * matches. It is used only for the fast compression options.\n */\nfunction deflate_fast(s, flush) {\n let hash_head; /* head of the hash chain */\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) {\n break; /* flush the current block */\n }\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n * At this point we have always match_length < MIN_MATCH\n */\n if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n }\n if (s.match_length >= MIN_MATCH) {\n // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only\n\n /*** _tr_tally_dist(s, s.strstart - s.match_start,\n s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n\n /* Insert new strings in the hash table only if the match length\n * is not too large. This saves time but degrades compression.\n */\n if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH) {\n s.match_length--; /* string at strstart already in table */\n do {\n s.strstart++;\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n /* strstart never exceeds WSIZE-MAX_MATCH, so there are\n * always MIN_MATCH bytes ahead.\n */\n } while (--s.match_length !== 0);\n s.strstart++;\n } else {\n s.strstart += s.match_length;\n s.match_length = 0;\n s.ins_h = s.window[s.strstart];\n /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask;\n\n //#if MIN_MATCH != 3\n // Call UPDATE_HASH() MIN_MATCH-3 more times\n //#endif\n /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not\n * matter since it will be recomputed at next deflate call.\n */\n }\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s.window[s.strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = ((s.strstart < (MIN_MATCH - 1)) ? s.strstart : MIN_MATCH - 1);\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * Same as above, but achieves better compression. We use a lazy\n * evaluation for matches: a match is finally adopted only if there is\n * no better match at the next window position.\n */\nfunction deflate_slow(s, flush) {\n let hash_head; /* head of hash chain */\n let bflush; /* set if current block must be flushed */\n\n let max_insert;\n\n /* Process the input block. */\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n */\n s.prev_length = s.match_length;\n s.prev_match = s.match_start;\n s.match_length = MIN_MATCH - 1;\n\n if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match &&\n s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n\n if (s.match_length <= 5 &&\n (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH && s.strstart - s.match_start > 4096/*TOO_FAR*/))) {\n\n /* If prev_match is also MIN_MATCH, match_start is garbage\n * but we will ignore the current match anyway.\n */\n s.match_length = MIN_MATCH - 1;\n }\n }\n /* If there was a match at the previous step and the current\n * match is not better, output the previous match:\n */\n if (s.prev_length >= MIN_MATCH && s.match_length <= s.prev_length) {\n max_insert = s.strstart + s.lookahead - MIN_MATCH;\n /* Do not insert strings in hash table beyond this. */\n\n //check_match(s, s.strstart-1, s.prev_match, s.prev_length);\n\n /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match,\n s.prev_length - MIN_MATCH, bflush);***/\n bflush = trees._tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH);\n /* Insert in hash table all strings up to the end of the match.\n * strstart-1 and strstart are already inserted. If there is not\n * enough lookahead, the last two strings are not inserted in\n * the hash table.\n */\n s.lookahead -= s.prev_length - 1;\n s.prev_length -= 2;\n do {\n if (++s.strstart <= max_insert) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n } while (--s.prev_length !== 0);\n s.match_available = 0;\n s.match_length = MIN_MATCH - 1;\n s.strstart++;\n\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n } else if (s.match_available) {\n /* If there was no match at the previous position, output a\n * single literal. If there was a match but the current match\n * is longer, truncate the previous match to a single literal.\n */\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n if (bflush) {\n /*** FLUSH_BLOCK_ONLY(s, 0) ***/\n flush_block_only(s, false);\n /***/\n }\n s.strstart++;\n s.lookahead--;\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n } else {\n /* There is no previous match to compare with, wait for\n * the next step to decide.\n */\n s.match_available = 1;\n s.strstart++;\n s.lookahead--;\n }\n }\n //Assert (flush != Z_NO_FLUSH, \"no flush?\");\n if (s.match_available) {\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n s.match_available = 0;\n }\n s.insert = s.strstart < MIN_MATCH - 1 ? s.strstart : MIN_MATCH - 1;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_BLOCK_DONE;\n}\n\n\n/* ===========================================================================\n * For Z_RLE, simply look for runs of bytes, generate matches only of distance\n * one. Do not maintain a hash table. (It will be regenerated if this run of\n * deflate switches away from Z_RLE.)\n */\nfunction deflate_rle(s, flush) {\n let bflush; /* set if current block must be flushed */\n let prev; /* byte at distance one to match */\n let scan, strend; /* scan goes up to strend for length of run */\n\n const _win = s.window;\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the longest run, plus one for the unrolled loop.\n */\n if (s.lookahead <= MAX_MATCH) {\n fill_window(s);\n if (s.lookahead <= MAX_MATCH && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* See how many times the previous byte repeats */\n s.match_length = 0;\n if (s.lookahead >= MIN_MATCH && s.strstart > 0) {\n scan = s.strstart - 1;\n prev = _win[scan];\n if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) {\n strend = s.strstart + MAX_MATCH;\n do {\n /*jshint noempty:false*/\n } while (prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n scan < strend);\n s.match_length = MAX_MATCH - (strend - scan);\n if (s.match_length > s.lookahead) {\n s.match_length = s.lookahead;\n }\n }\n //Assert(scan <= s->window+(uInt)(s->window_size-1), \"wild scan\");\n }\n\n /* Emit match if have run of MIN_MATCH or longer, else emit literal */\n if (s.match_length >= MIN_MATCH) {\n //check_match(s, s.strstart, s.strstart - 1, s.match_length);\n\n /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, 1, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n s.strstart += s.match_length;\n s.match_length = 0;\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table.\n * (It will be regenerated if this run of deflate switches away from Huffman.)\n */\nfunction deflate_huff(s, flush) {\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we have a literal to write. */\n if (s.lookahead === 0) {\n fill_window(s);\n if (s.lookahead === 0) {\n if (flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n break; /* flush the current block */\n }\n }\n\n /* Output a literal byte */\n s.match_length = 0;\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n s.lookahead--;\n s.strstart++;\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* Values for max_lazy_match, good_match and max_chain_length, depending on\n * the desired pack level (0..9). The values given below have been tuned to\n * exclude worst case performance for pathological files. Better values may be\n * found for specific files.\n */\nclass Config {\n constructor(good_length, max_lazy, nice_length, max_chain, func) {\n this.good_length = good_length;\n this.max_lazy = max_lazy;\n this.nice_length = nice_length;\n this.max_chain = max_chain;\n this.func = func;\n }\n};\n\nconst configuration_table = [\n /* good lazy nice chain */\n new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */\n new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */\n new Config(4, 5, 16, 8, deflate_fast), /* 2 */\n new Config(4, 6, 32, 32, deflate_fast), /* 3 */\n\n new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */\n new Config(8, 16, 32, 32, deflate_slow), /* 5 */\n new Config(8, 16, 128, 128, deflate_slow), /* 6 */\n new Config(8, 32, 128, 256, deflate_slow), /* 7 */\n new Config(32, 128, 258, 1024, deflate_slow), /* 8 */\n new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */\n];\n\n\n/* ===========================================================================\n * Initialize the \"longest match\" routines for a new zlib stream\n */\nfunction lm_init(s) {\n s.window_size = 2 * s.w_size;\n\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n\n /* Set the default configuration parameters:\n */\n s.max_lazy_match = configuration_table[s.level].max_lazy;\n s.good_match = configuration_table[s.level].good_length;\n s.nice_match = configuration_table[s.level].nice_length;\n s.max_chain_length = configuration_table[s.level].max_chain;\n\n s.strstart = 0;\n s.block_start = 0;\n s.lookahead = 0;\n s.insert = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n s.ins_h = 0;\n}\n\nclass DeflateState {\n constructor() {\n this.strm = null; /* pointer back to this zlib stream */\n this.status = 0; /* as the name implies */\n this.pending_buf = null; /* output still pending */\n this.pending_buf_size = 0; /* size of pending_buf */\n this.pending_out = 0; /* next pending byte to output to the stream */\n this.pending = 0; /* nb of bytes in the pending buffer */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.gzhead = null; /* gzip header information to write */\n this.gzindex = 0; /* where in extra, name, or comment */\n this.method = Z_DEFLATED; /* can only be DEFLATED */\n this.last_flush = -1; /* value of flush param for previous deflate call */\n\n this.w_size = 0; /* LZ77 window size (32K by default) */\n this.w_bits = 0; /* log2(w_size) (8..16) */\n this.w_mask = 0; /* w_size - 1 */\n\n this.window = null;\n /* Sliding window. Input bytes are read into the second half of the window,\n * and move to the first half later to keep a dictionary of at least wSize\n * bytes. With this organization, matches are limited to a distance of\n * wSize-MAX_MATCH bytes, but this ensures that IO is always\n * performed with a length multiple of the block size.\n */\n\n this.window_size = 0;\n /* Actual size of window: 2*wSize, except when the user input buffer\n * is directly used as sliding window.\n */\n\n this.prev = null;\n /* Link to older string with same hash index. To limit the size of this\n * array to 64K, this link is maintained only for the last 32K strings.\n * An index in this array is thus a window index modulo 32K.\n */\n\n this.head = null; /* Heads of the hash chains or NIL. */\n\n this.ins_h = 0; /* hash index of string to be inserted */\n this.hash_size = 0; /* number of elements in hash table */\n this.hash_bits = 0; /* log2(hash_size) */\n this.hash_mask = 0; /* hash_size-1 */\n\n this.hash_shift = 0;\n /* Number of bits by which ins_h must be shifted at each input\n * step. It must be such that after MIN_MATCH steps, the oldest\n * byte no longer takes part in the hash key, that is:\n * hash_shift * MIN_MATCH >= hash_bits\n */\n\n this.block_start = 0;\n /* Window position at the beginning of the current output block. Gets\n * negative when the window is moved backwards.\n */\n\n this.match_length = 0; /* length of best match */\n this.prev_match = 0; /* previous match */\n this.match_available = 0; /* set if previous match exists */\n this.strstart = 0; /* start of string to insert */\n this.match_start = 0; /* start of matching string */\n this.lookahead = 0; /* number of valid bytes ahead in window */\n\n this.prev_length = 0;\n /* Length of the best match at previous step. Matches not greater than this\n * are discarded. This is used in the lazy match evaluation.\n */\n\n this.max_chain_length = 0;\n /* To speed up deflation, hash chains are never searched beyond this\n * length. A higher limit improves compression ratio but degrades the\n * speed.\n */\n\n this.max_lazy_match = 0;\n /* Attempt to find a better match only when the current match is strictly\n * smaller than this value. This mechanism is used only for compression\n * levels >= 4.\n */\n // That's alias to max_lazy_match, don't use directly\n //this.max_insert_length = 0;\n /* Insert new strings in the hash table only if the match length is not\n * greater than this length. This saves time but degrades compression.\n * max_insert_length is used only for compression levels <= 3.\n */\n\n this.level = 0; /* compression level (1..9) */\n this.strategy = 0; /* favor or force Huffman coding*/\n\n this.good_match = 0;\n /* Use a faster search when the previous match is longer than this */\n\n this.nice_match = 0; /* Stop searching when current match exceeds this */\n\n /* used by trees.c: */\n\n /* Didn't use ct_data typedef below to suppress compiler warning */\n\n // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */\n // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */\n // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */\n\n // Use flat array of DOUBLE size, with interleaved fata,\n // because JS does not support effective\n this.dyn_ltree = new utils.Buf16(HEAP_SIZE * 2);\n this.dyn_dtree = new utils.Buf16((2 * D_CODES + 1) * 2);\n this.bl_tree = new utils.Buf16((2 * BL_CODES + 1) * 2);\n zero(this.dyn_ltree);\n zero(this.dyn_dtree);\n zero(this.bl_tree);\n\n this.l_desc = null; /* desc. for literal tree */\n this.d_desc = null; /* desc. for distance tree */\n this.bl_desc = null; /* desc. for bit length tree */\n\n //ush bl_count[MAX_BITS+1];\n this.bl_count = new utils.Buf16(MAX_BITS + 1);\n /* number of codes at each bit length for an optimal tree */\n\n //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */\n this.heap = new utils.Buf16(2 * L_CODES + 1); /* heap used to build the Huffman trees */\n zero(this.heap);\n\n this.heap_len = 0; /* number of elements in the heap */\n this.heap_max = 0; /* element of largest frequency */\n /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.\n * The same heap array is used to build all trees.\n */\n\n this.depth = new utils.Buf16(2 * L_CODES + 1); //uch depth[2*L_CODES+1];\n zero(this.depth);\n /* Depth of each subtree used as tie breaker for trees of equal frequency\n */\n\n this.l_buf = 0; /* buffer index for literals or lengths */\n\n this.lit_bufsize = 0;\n /* Size of match buffer for literals/lengths. There are 4 reasons for\n * limiting lit_bufsize to 64K:\n * - frequencies can be kept in 16 bit counters\n * - if compression is not successful for the first block, all input\n * data is still in the window so we can still emit a stored block even\n * when input comes from standard input. (This can also be done for\n * all blocks if lit_bufsize is not greater than 32K.)\n * - if compression is not successful for a file smaller than 64K, we can\n * even emit a stored file instead of a stored block (saving 5 bytes).\n * This is applicable only for zip (not gzip or zlib).\n * - creating new Huffman trees less frequently may not provide fast\n * adaptation to changes in the input data statistics. (Take for\n * example a binary file with poorly compressible code followed by\n * a highly compressible string table.) Smaller buffer sizes give\n * fast adaptation but have of course the overhead of transmitting\n * trees more frequently.\n * - I can't count above 4\n */\n\n this.last_lit = 0; /* running index in l_buf */\n\n this.d_buf = 0;\n /* Buffer index for distances. To simplify the code, d_buf and l_buf have\n * the same number of elements. To use different lengths, an extra flag\n * array would be necessary.\n */\n\n this.opt_len = 0; /* bit length of current block with optimal trees */\n this.static_len = 0; /* bit length of current block with static trees */\n this.matches = 0; /* number of string matches in current block */\n this.insert = 0; /* bytes at end of window left to insert */\n\n\n this.bi_buf = 0;\n /* Output buffer. bits are inserted starting at the bottom (least\n * significant bits).\n */\n this.bi_valid = 0;\n /* Number of valid bits in bi_buf. All bits above the last valid bit\n * are always zero.\n */\n\n // Used for window memory init. We safely ignore it for JS. That makes\n // sense only for pointers and memory check tools.\n //this.high_water = 0;\n /* High water mark offset in window for initialized bytes -- bytes above\n * this are set to zero in order to avoid memory check warnings when\n * longest match routines access bytes past the input. This is then\n * updated to the new high water mark.\n */\n }\n}\n\nfunction deflateResetKeep(strm) {\n let s;\n\n if (!strm || !strm.state) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.total_in = strm.total_out = 0;\n strm.data_type = Z_UNKNOWN;\n\n s = strm.state;\n s.pending = 0;\n s.pending_out = 0;\n\n if (s.wrap < 0) {\n s.wrap = -s.wrap;\n /* was made negative by deflate(..., Z_FINISH); */\n }\n s.status = (s.wrap ? INIT_STATE : BUSY_STATE);\n strm.adler = (s.wrap === 2) ?\n 0 // crc32(0, Z_NULL, 0)\n :\n 1; // adler32(0, Z_NULL, 0)\n s.last_flush = Z_NO_FLUSH;\n trees._tr_init(s);\n return Z_OK;\n}\n\n\nfunction deflateReset(strm) {\n const ret = deflateResetKeep(strm);\n if (ret === Z_OK) {\n lm_init(strm.state);\n }\n return ret;\n}\n\n\nfunction deflateSetHeader(strm, head) {\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; }\n strm.state.gzhead = head;\n return Z_OK;\n}\n\n\nfunction deflateInit2(strm, level, method, windowBits, memLevel, strategy) {\n if (!strm) { // === Z_NULL\n return Z_STREAM_ERROR;\n }\n let wrap = 1;\n\n if (level === Z_DEFAULT_COMPRESSION) {\n level = 6;\n }\n\n if (windowBits < 0) { /* suppress zlib wrapper */\n wrap = 0;\n windowBits = -windowBits;\n }\n\n else if (windowBits > 15) {\n wrap = 2; /* write gzip wrapper instead */\n windowBits -= 16;\n }\n\n\n if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED ||\n windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||\n strategy < 0 || strategy > Z_FIXED) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n\n if (windowBits === 8) {\n windowBits = 9;\n }\n /* until 256-byte window bug fixed */\n\n const s = new DeflateState();\n\n strm.state = s;\n s.strm = strm;\n\n s.wrap = wrap;\n s.gzhead = null;\n s.w_bits = windowBits;\n s.w_size = 1 << s.w_bits;\n s.w_mask = s.w_size - 1;\n\n s.hash_bits = memLevel + 7;\n s.hash_size = 1 << s.hash_bits;\n s.hash_mask = s.hash_size - 1;\n s.hash_shift = ~~((s.hash_bits + MIN_MATCH - 1) / MIN_MATCH);\n s.window = new utils.Buf8(s.w_size * 2);\n s.head = new utils.Buf16(s.hash_size);\n s.prev = new utils.Buf16(s.w_size);\n\n // Don't need mem init magic for JS.\n //s.high_water = 0; /* nothing written to s->window yet */\n\n s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */\n\n s.pending_buf_size = s.lit_bufsize * 4;\n\n //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);\n //s->pending_buf = (uchf *) overlay;\n s.pending_buf = new utils.Buf8(s.pending_buf_size);\n\n // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`)\n //s->d_buf = overlay + s->lit_bufsize/sizeof(ush);\n s.d_buf = 1 * s.lit_bufsize;\n\n //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;\n s.l_buf = (1 + 2) * s.lit_bufsize;\n\n s.level = level;\n s.strategy = strategy;\n s.method = method;\n\n return deflateReset(strm);\n}\n\nfunction deflateInit(strm, level) {\n return deflateInit2(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);\n}\n\n\nfunction deflate(strm, flush) {\n let old_flush, s;\n let beg, val; // for gzip header write only\n\n if (!strm || !strm.state ||\n flush > Z_BLOCK || flush < 0) {\n return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR;\n }\n\n s = strm.state;\n\n if (!strm.output ||\n (!strm.input && strm.avail_in !== 0) ||\n (s.status === FINISH_STATE && flush !== Z_FINISH)) {\n return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR);\n }\n\n s.strm = strm; /* just in case */\n old_flush = s.last_flush;\n s.last_flush = flush;\n\n /* Write the header */\n if (s.status === INIT_STATE) {\n\n if (s.wrap === 2) { // GZIP header\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n put_byte(s, 31);\n put_byte(s, 139);\n put_byte(s, 8);\n if (!s.gzhead) { // s->gzhead == Z_NULL\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, OS_CODE);\n s.status = BUSY_STATE;\n }\n else {\n put_byte(s, (s.gzhead.text ? 1 : 0) +\n (s.gzhead.hcrc ? 2 : 0) +\n (!s.gzhead.extra ? 0 : 4) +\n (!s.gzhead.name ? 0 : 8) +\n (!s.gzhead.comment ? 0 : 16)\n );\n put_byte(s, s.gzhead.time & 0xff);\n put_byte(s, (s.gzhead.time >> 8) & 0xff);\n put_byte(s, (s.gzhead.time >> 16) & 0xff);\n put_byte(s, (s.gzhead.time >> 24) & 0xff);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, s.gzhead.os & 0xff);\n if (s.gzhead.extra && s.gzhead.extra.length) {\n put_byte(s, s.gzhead.extra.length & 0xff);\n put_byte(s, (s.gzhead.extra.length >> 8) & 0xff);\n }\n if (s.gzhead.hcrc) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0);\n }\n s.gzindex = 0;\n s.status = EXTRA_STATE;\n }\n }\n else // DEFLATE header\n {\n let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8;\n let level_flags = -1;\n\n if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) {\n level_flags = 0;\n } else if (s.level < 6) {\n level_flags = 1;\n } else if (s.level === 6) {\n level_flags = 2;\n } else {\n level_flags = 3;\n }\n header |= (level_flags << 6);\n if (s.strstart !== 0) { header |= PRESET_DICT; }\n header += 31 - (header % 31);\n\n s.status = BUSY_STATE;\n putShortMSB(s, header);\n\n /* Save the adler32 of the preset dictionary: */\n if (s.strstart !== 0) {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n strm.adler = 1; // adler32(0L, Z_NULL, 0);\n }\n }\n\n //#ifdef GZIP\n if (s.status === EXTRA_STATE) {\n if (s.gzhead.extra/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n\n while (s.gzindex < (s.gzhead.extra.length & 0xffff)) {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n break;\n }\n }\n put_byte(s, s.gzhead.extra[s.gzindex] & 0xff);\n s.gzindex++;\n }\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (s.gzindex === s.gzhead.extra.length) {\n s.gzindex = 0;\n s.status = NAME_STATE;\n }\n }\n else {\n s.status = NAME_STATE;\n }\n }\n if (s.status === NAME_STATE) {\n if (s.gzhead.name/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.name.length) {\n val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.gzindex = 0;\n s.status = COMMENT_STATE;\n }\n }\n else {\n s.status = COMMENT_STATE;\n }\n }\n if (s.status === COMMENT_STATE) {\n if (s.gzhead.comment/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.comment.length) {\n val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.status = HCRC_STATE;\n }\n }\n else {\n s.status = HCRC_STATE;\n }\n }\n if (s.status === HCRC_STATE) {\n if (s.gzhead.hcrc) {\n if (s.pending + 2 > s.pending_buf_size) {\n flush_pending(strm);\n }\n if (s.pending + 2 <= s.pending_buf_size) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n s.status = BUSY_STATE;\n }\n }\n else {\n s.status = BUSY_STATE;\n }\n }\n //#endif\n\n /* Flush as much pending output as possible */\n if (s.pending !== 0) {\n flush_pending(strm);\n if (strm.avail_out === 0) {\n /* Since avail_out is 0, deflate will be called again with\n * more output space, but possibly with both pending and\n * avail_in equal to zero. There won't be anything to do,\n * but this is not an error situation so make sure we\n * return OK instead of BUF_ERROR at next call of deflate:\n */\n s.last_flush = -1;\n return Z_OK;\n }\n\n /* Make sure there is something to do and avoid duplicate consecutive\n * flushes. For repeated and useless calls with Z_FINISH, we keep\n * returning Z_STREAM_END instead of Z_BUF_ERROR.\n */\n } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) &&\n flush !== Z_FINISH) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* User must not provide more input after the first FINISH: */\n if (s.status === FINISH_STATE && strm.avail_in !== 0) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* Start a new block or continue the current one.\n */\n if (strm.avail_in !== 0 || s.lookahead !== 0 ||\n (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) {\n var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) :\n (s.strategy === Z_RLE ? deflate_rle(s, flush) :\n configuration_table[s.level].func(s, flush));\n\n if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) {\n s.status = FINISH_STATE;\n }\n if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) {\n if (strm.avail_out === 0) {\n s.last_flush = -1;\n /* avoid BUF_ERROR next call, see above */\n }\n return Z_OK;\n /* If flush != Z_NO_FLUSH && avail_out == 0, the next call\n * of deflate should use the same flush parameter to make sure\n * that the flush is complete. So we don't have to output an\n * empty block here, this will be done at next call. This also\n * ensures that for a very small output buffer, we emit at most\n * one empty block.\n */\n }\n if (bstate === BS_BLOCK_DONE) {\n if (flush === Z_PARTIAL_FLUSH) {\n trees._tr_align(s);\n }\n else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */\n\n trees._tr_stored_block(s, 0, 0, false);\n /* For a full flush, this empty block will be recognized\n * as a special marker by inflate_sync().\n */\n if (flush === Z_FULL_FLUSH) {\n /*** CLEAR_HASH(s); ***/ /* forget history */\n zero(s.head); // Fill with NIL (= 0);\n\n if (s.lookahead === 0) {\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n }\n }\n flush_pending(strm);\n if (strm.avail_out === 0) {\n s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */\n return Z_OK;\n }\n }\n }\n //Assert(strm->avail_out > 0, \"bug2\");\n //if (strm.avail_out <= 0) { throw new Error(\"bug2\");}\n\n if (flush !== Z_FINISH) { return Z_OK; }\n if (s.wrap <= 0) { return Z_STREAM_END; }\n\n /* Write the trailer */\n if (s.wrap === 2) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n put_byte(s, (strm.adler >> 16) & 0xff);\n put_byte(s, (strm.adler >> 24) & 0xff);\n put_byte(s, strm.total_in & 0xff);\n put_byte(s, (strm.total_in >> 8) & 0xff);\n put_byte(s, (strm.total_in >> 16) & 0xff);\n put_byte(s, (strm.total_in >> 24) & 0xff);\n }\n else {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n\n flush_pending(strm);\n /* If avail_out is zero, the application will call deflate again\n * to flush the rest.\n */\n if (s.wrap > 0) { s.wrap = -s.wrap; }\n /* write the trailer only once! */\n return s.pending !== 0 ? Z_OK : Z_STREAM_END;\n}\n\nfunction deflateEnd(strm) {\n let status;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n status = strm.state.status;\n if (status !== INIT_STATE &&\n status !== EXTRA_STATE &&\n status !== NAME_STATE &&\n status !== COMMENT_STATE &&\n status !== HCRC_STATE &&\n status !== BUSY_STATE &&\n status !== FINISH_STATE\n ) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.state = null;\n\n return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK;\n}\n\n\n/* =========================================================================\n * Initializes the compression dictionary from the given byte\n * sequence without producing any compressed output.\n */\nfunction deflateSetDictionary(strm, dictionary) {\n let dictLength = dictionary.length;\n\n let s;\n let str, n;\n let wrap;\n let avail;\n let next;\n let input;\n let tmpDict;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n s = strm.state;\n wrap = s.wrap;\n\n if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) {\n return Z_STREAM_ERROR;\n }\n\n /* when using zlib wrappers, compute Adler-32 for provided dictionary */\n if (wrap === 1) {\n /* adler32(strm->adler, dictionary, dictLength); */\n strm.adler = adler32(strm.adler, dictionary, dictLength, 0);\n }\n\n s.wrap = 0; /* avoid computing Adler-32 in read_buf */\n\n /* if dictionary would fill window, just replace the history */\n if (dictLength >= s.w_size) {\n if (wrap === 0) { /* already empty otherwise */\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n /* use the tail */\n // dictionary = dictionary.slice(dictLength - s.w_size);\n tmpDict = new utils.Buf8(s.w_size);\n utils.arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0);\n dictionary = tmpDict;\n dictLength = s.w_size;\n }\n /* insert dictionary into window and hash */\n avail = strm.avail_in;\n next = strm.next_in;\n input = strm.input;\n strm.avail_in = dictLength;\n strm.next_in = 0;\n strm.input = dictionary;\n fill_window(s);\n while (s.lookahead >= MIN_MATCH) {\n str = s.strstart;\n n = s.lookahead - (MIN_MATCH - 1);\n do {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n\n s.head[s.ins_h] = str;\n str++;\n } while (--n);\n s.strstart = str;\n s.lookahead = MIN_MATCH - 1;\n fill_window(s);\n }\n s.strstart += s.lookahead;\n s.block_start = s.strstart;\n s.insert = s.lookahead;\n s.lookahead = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n strm.next_in = next;\n strm.input = input;\n strm.avail_in = avail;\n s.wrap = wrap;\n return Z_OK;\n}\n\nconst deflateInfo = 'pako deflate (from Nodeca project)';\nexport {\n deflateInit,\n deflateInit2,\n deflateReset,\n deflateResetKeep,\n deflateSetHeader,\n deflate,\n deflateEnd,\n deflateSetDictionary,\n deflateInfo\n};\n\n/* Not implemented\nexports.deflateBound = deflateBound;\nexports.deflateCopy = deflateCopy;\nexports.deflateParams = deflateParams;\nexports.deflatePending = deflatePending;\nexports.deflatePrime = deflatePrime;\nexports.deflateTune = deflateTune;\n*/\n","// String encode/decode helpers\n\n\n\nimport * as utils from \"./common.js\";\n\n\n// Quick check if we can use fast array to bin string conversion\n//\n// - apply(Array) can fail on Android 2.2\n// - apply(Uint8Array) can fail on iOS 5.1 Safari\n//\nlet STR_APPLY_OK = true;\nlet STR_APPLY_UIA_OK = true;\n\ntry {\n String.fromCharCode.apply(null, [ 0 ]); \n} catch (__) {\n STR_APPLY_OK = false; \n}\ntry {\n String.fromCharCode.apply(null, new Uint8Array(1)); \n} catch (__) {\n STR_APPLY_UIA_OK = false; \n}\n\n\n// Table with utf8 lengths (calculated by first byte of sequence)\n// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,\n// because max possible codepoint is 0x10ffff\nconst _utf8len = new utils.Buf8(256);\nfor (let q = 0; q < 256; q++) {\n _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1;\n}\n_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start\n\n\n// convert string to array (typed, when possible)\nexport function string2buf (str) {\n let c, c2, m_pos, i, buf_len = 0;\n const str_len = str.length;\n\n // count binary size\n for (m_pos = 0; m_pos < str_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;\n }\n\n // allocate buffer\n const buf = new utils.Buf8(buf_len);\n\n // convert\n for (i = 0, m_pos = 0; i < buf_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n if (c < 0x80) {\n /* one byte */\n buf[i++] = c;\n } else if (c < 0x800) {\n /* two bytes */\n buf[i++] = 0xC0 | c >>> 6;\n buf[i++] = 0x80 | c & 0x3f;\n } else if (c < 0x10000) {\n /* three bytes */\n buf[i++] = 0xE0 | c >>> 12;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n } else {\n /* four bytes */\n buf[i++] = 0xf0 | c >>> 18;\n buf[i++] = 0x80 | c >>> 12 & 0x3f;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n }\n }\n\n return buf;\n}\n\n// Helper (used in 2 places)\nfunction _buf2binstring(buf, len) {\n // On Chrome, the arguments in a function call that are allowed is `65534`.\n // If the length of the buffer is smaller than that, we can use this optimization,\n // otherwise we will take a slower path.\n if (len < 65534) {\n if (buf.subarray && STR_APPLY_UIA_OK || !buf.subarray && STR_APPLY_OK) {\n return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));\n }\n }\n\n let result = \"\";\n for (let i = 0; i < len; i++) {\n result += String.fromCharCode(buf[i]);\n }\n return result;\n}\n\n\n// Convert byte array to binary string\nexport function buf2binstring (buf) {\n return _buf2binstring(buf, buf.length);\n}\n\n\n// Convert binary string (typed, when possible)\nexport function binstring2buf (str) {\n const buf = new utils.Buf8(str.length);\n for (let i = 0, len = buf.length; i < len; i++) {\n buf[i] = str.charCodeAt(i);\n }\n return buf;\n}\n\n\n// convert array to string\nexport function buf2string (buf, max) {\n let i, out, c, c_len;\n const len = max || buf.length;\n\n // Reserve max possible length (2 words per char)\n // NB: by unknown reasons, Array is significantly faster for\n // String.fromCharCode.apply than Uint16Array.\n // var utf16buf = new Array(len * 2);\n // try Uint16Array\n const utf16buf = new Uint16Array(len * 2);\n\n for (out = 0, i = 0; i < len;) {\n c = buf[i++];\n // quick process ascii\n if (c < 0x80) {\n utf16buf[out++] = c; continue; \n }\n\n c_len = _utf8len[c];\n // skip 5 & 6 byte codes\n if (c_len > 4) {\n utf16buf[out++] = 0xfffd; i += c_len - 1; continue; \n }\n\n // apply mask on first byte\n c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;\n // join the rest\n while (c_len > 1 && i < len) {\n c = c << 6 | buf[i++] & 0x3f;\n c_len--;\n }\n\n // terminated by end of string?\n if (c_len > 1) {\n utf16buf[out++] = 0xfffd; continue; \n }\n\n if (c < 0x10000) {\n utf16buf[out++] = c;\n } else {\n c -= 0x10000;\n utf16buf[out++] = 0xd800 | c >> 10 & 0x3ff;\n utf16buf[out++] = 0xdc00 | c & 0x3ff;\n }\n }\n\n return _buf2binstring(utf16buf, out);\n}\n\n\n// Calculate max possible position in utf8 buffer,\n// that will not break sequence. If that's not possible\n// - (very small limits) return max size as is.\n//\n// buf[] - utf8 bytes array\n// max - length limit (mandatory);\nexport function utf8border (buf, max) {\n let pos;\n\n max = max || buf.length;\n if (max > buf.length) {\n max = buf.length; \n }\n\n // go back from last position, until start of sequence found\n pos = max - 1;\n while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) {\n pos--; \n }\n\n // Very small and broken sequence,\n // return max, because we should return something anyway.\n if (pos < 0) {\n return max; \n }\n\n // If we came to start of buffer - that means buffer is too small,\n // return max too.\n if (pos === 0) {\n return max; \n }\n\n return pos + _utf8len[buf[pos]] > max ? pos : max;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class ZStream {\n constructor() {\n /* next input byte */\n this.input = null; // JS specific, because we have no pointers\n this.next_in = 0;\n /* number of bytes available at input */\n this.avail_in = 0;\n /* total number of input bytes read so far */\n this.total_in = 0;\n /* next output byte should be put there */\n this.output = null; // JS specific, because we have no pointers\n this.next_out = 0;\n /* remaining free space at output */\n this.avail_out = 0;\n /* total number of bytes output so far */\n this.total_out = 0;\n /* last error message, NULL if no error */\n this.msg = ''/*Z_NULL*/;\n /* not visible by applications */\n this.state = null;\n /* best guess about the data type: binary or text */\n this.data_type = 2/*Z_UNKNOWN*/;\n /* adler32 value of the uncompressed data */\n this.adler = 0;\n }\n}","'use strict';\n\nimport * as zlib_deflate from \"./zlib/deflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\nimport { Z_NO_FLUSH, Z_FINISH,\n Z_OK, Z_STREAM_END, Z_SYNC_FLUSH,\n Z_DEFAULT_COMPRESSION,\n Z_DEFAULT_STRATEGY,\n Z_DEFLATED } from \"./zlib/constants.js\"\n\n/* ===========================================================================*/\n\n\n/**\n * class Deflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[deflate]],\n * [[deflateRaw]] and [[gzip]].\n **/\n\n/* internal\n * Deflate.chunks -> Array\n *\n * Chunks of output data, if [[Deflate#onData]] not overridden.\n **/\n\n/**\n * Deflate.result -> Uint8Array|Array\n *\n * Compressed result, generated by default [[Deflate#onData]]\n * and [[Deflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Deflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Deflate.err -> Number\n *\n * Error code after deflate finished. 0 (Z_OK) on success.\n * You will not need it in real life, because deflate errors\n * are possible only on wrong options or bad `onData` / `onEnd`\n * custom handlers.\n **/\n\n/**\n * Deflate.msg -> String\n *\n * Error message, if [[Deflate.err]] != 0\n **/\n\n\n/**\n * new Deflate(options)\n * - options (Object): zlib deflate options.\n *\n * Creates new deflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `level`\n * - `windowBits`\n * - `memLevel`\n * - `strategy`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw deflate\n * - `gzip` (Boolean) - create gzip wrapper\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n * - `header` (Object) - custom header for gzip\n * - `text` (Boolean) - true if compressed data believed to be text\n * - `time` (Number) - modification time, unix timestamp\n * - `os` (Number) - operation system code\n * - `extra` (Array) - array of bytes with extra data (max 65536)\n * - `name` (String) - file name (binary string)\n * - `comment` (String) - comment (binary string)\n * - `hcrc` (Boolean) - true if header crc should be added\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var deflate = new pako.Deflate({ level: 3});\n *\n * deflate.push(chunk1, false);\n * deflate.push(chunk2, true); // true -> last chunk\n *\n * if (deflate.err) { throw new Error(deflate.err); }\n *\n * console.log(deflate.result);\n * ```\n **/\n\nclass Deflate {\n constructor(options) {\n this.options = {\n level: Z_DEFAULT_COMPRESSION,\n method: Z_DEFLATED,\n chunkSize: 16384,\n windowBits: 15,\n memLevel: 8,\n strategy: Z_DEFAULT_STRATEGY,\n ...(options || {})\n };\n\n const opt = this.options;\n\n if (opt.raw && (opt.windowBits > 0)) {\n opt.windowBits = -opt.windowBits;\n }\n\n else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) {\n opt.windowBits += 16;\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n var status = zlib_deflate.deflateInit2(\n this.strm,\n opt.level,\n opt.method,\n opt.windowBits,\n opt.memLevel,\n opt.strategy\n );\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n if (opt.header) {\n zlib_deflate.deflateSetHeader(this.strm, opt.header);\n }\n\n if (opt.dictionary) {\n let dict;\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n // If we need to compress text, change encoding to utf8.\n dict = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n dict = new Uint8Array(opt.dictionary);\n } else {\n dict = opt.dictionary;\n }\n\n status = zlib_deflate.deflateSetDictionary(this.strm, dict);\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n this._dict_set = true;\n }\n }\n\n /**\n * Deflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be\n * converted to utf8 byte sequence.\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with\n * new compressed chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the compression context.\n *\n * On fail call [[Deflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * array format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize } } = this;\n var status, _mode;\n\n if (this.ended) { return false; }\n\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // If we need to compress text, change encoding to utf8.\n strm.input = strings.string2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n status = zlib_deflate.deflate(strm, _mode); /* no bad return value */\n\n if (status !== Z_STREAM_END && status !== Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END);\n\n // Finalize on the last chunk.\n if (_mode === Z_FINISH) {\n status = zlib_deflate.deflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === Z_SYNC_FLUSH) {\n this.onEnd(Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n /**\n * Deflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n /**\n * Deflate#onEnd(status) -> Void\n * - status (Number): deflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called once after you tell deflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n\n\n\n/**\n * deflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * Compress `data` with deflate algorithm and `options`.\n *\n * Supported options are:\n *\n * - level\n * - windowBits\n * - memLevel\n * - strategy\n * - dictionary\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , data = Uint8Array([1,2,3,4,5,6,7,8,9]);\n *\n * console.log(pako.deflate(data));\n * ```\n **/\nfunction deflate(input, options) {\n const deflator = new Deflate(options);\n\n deflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (deflator.err) { throw new Error(deflator.msg || msg[deflator.err]); }\n\n return deflator.result;\n}\n\n\n/**\n * deflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction deflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return deflate(input, options);\n}\n\n\n/**\n * gzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but create gzip wrapper instead of\n * deflate one.\n **/\nfunction gzip(input, options) {\n options = options || {};\n options.gzip = true;\n return deflate(input, options);\n}\n\nexport { Deflate, deflate, deflateRaw, gzip };\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// See state defs from inflate.js\nconst BAD = 30; /* got a data error -- remain here until reset */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\n\n/*\n Decode literal, length, and distance codes and write out the resulting\n literal and match bytes until either not enough input or output is\n available, an end-of-block is encountered, or a data error is encountered.\n When large enough input and output buffers are supplied to inflate(), for\n example, a 16K input buffer and a 64K output buffer, more than 95% of the\n inflate execution time is spent in this routine.\n\n Entry assumptions:\n\n state.mode === LEN\n strm.avail_in >= 6\n strm.avail_out >= 258\n start >= strm.avail_out\n state.bits < 8\n\n On return, state.mode is one of:\n\n LEN -- ran out of enough output space or enough available input\n TYPE -- reached end of block code, inflate() to interpret next block\n BAD -- error in block data\n\n Notes:\n\n - The maximum input bits used by a length/distance pair is 15 bits for the\n length code, 5 bits for the length extra, 15 bits for the distance code,\n and 13 bits for the distance extra. This totals 48 bits, or six bytes.\n Therefore if strm.avail_in >= 6, then there is enough input to avoid\n checking for available input while decoding.\n\n - The maximum bytes that a single length/distance pair can output is 258\n bytes, which is the maximum length that can be coded. inflate_fast()\n requires strm.avail_out >= 258 for each loop to avoid checking for\n output space.\n */\nexport default function inflate_fast(strm, start) {\n let _in; /* local strm.input */\n let _out; /* local strm.output */\n // Use `s_window` instead `window`, avoid conflict with instrumentation tools\n let hold; /* local strm.hold */\n let bits; /* local strm.bits */\n let here; /* retrieved table entry */\n let op; /* code bits, operation, extra bits, or */\n /* window position, window bytes to copy */\n let len; /* match length, unused bytes */\n let dist; /* match distance */\n let from; /* where to copy match from */\n let from_source;\n\n\n\n /* copy state to local variables */\n const state = strm.state;\n //here = state.here;\n _in = strm.next_in;\n const input = strm.input;\n const last = _in + (strm.avail_in - 5);\n _out = strm.next_out;\n const output = strm.output;\n const beg = _out - (start - strm.avail_out);\n const end = _out + (strm.avail_out - 257);\n //#ifdef INFLATE_STRICT\n const dmax = state.dmax;\n //#endif\n const wsize = state.wsize;\n const whave = state.whave;\n const wnext = state.wnext;\n const s_window = state.window;\n hold = state.hold;\n bits = state.bits;\n const lcode = state.lencode;\n const dcode = state.distcode;\n const lmask = (1 << state.lenbits) - 1;\n const dmask = (1 << state.distbits) - 1;\n\n\n /* decode literals and length/distances until end-of-block or not enough\n input data or output space */\n\n top:\n do {\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n\n here = lcode[hold & lmask];\n\n dolen:\n for (;;) { // Goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n if (op === 0) { /* literal */\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n output[_out++] = here & 0xffff/*here.val*/;\n } else if (op & 16) { /* length base */\n len = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (op) {\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n len += hold & (1 << op) - 1;\n hold >>>= op;\n bits -= op;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", len));\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n here = dcode[hold & dmask];\n\n dodist:\n for (;;) { // goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n\n if (op & 16) { /* distance base */\n dist = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n }\n dist += hold & (1 << op) - 1;\n //#ifdef INFLATE_STRICT\n if (dist > dmax) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n //#endif\n hold >>>= op;\n bits -= op;\n //Tracevv((stderr, \"inflate: distance %u\\n\", dist));\n op = _out - beg; /* max distance in output */\n if (dist > op) { /* see if copy from window */\n op = dist - op; /* distance back in window */\n if (op > whave) {\n if (state.sane) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n // if (len <= op - whave) {\n // do {\n // output[_out++] = 0;\n // } while (--len);\n // continue top;\n // }\n // len -= op - whave;\n // do {\n // output[_out++] = 0;\n // } while (--op > whave);\n // if (op === 0) {\n // from = _out - dist;\n // do {\n // output[_out++] = output[from++];\n // } while (--len);\n // continue top;\n // }\n //#endif\n }\n from = 0; // window index\n from_source = s_window;\n if (wnext === 0) { /* very common case */\n from += wsize - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n } else if (wnext < op) { /* wrap around window */\n from += wsize + wnext - op;\n op -= wnext;\n if (op < len) { /* some from end of window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = 0;\n if (wnext < len) { /* some from start of window */\n op = wnext;\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n } else { /* contiguous in window */\n from += wnext - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n while (len > 2) {\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n len -= 3;\n }\n if (len) {\n output[_out++] = from_source[from++];\n if (len > 1) {\n output[_out++] = from_source[from++];\n }\n }\n } else {\n from = _out - dist; /* copy direct from output */\n do { /* minimum length is three */\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n len -= 3;\n } while (len > 2);\n if (len) {\n output[_out++] = output[from++];\n if (len > 1) {\n output[_out++] = output[from++];\n }\n }\n }\n } else if ((op & 64) === 0) { /* 2nd level distance code */\n here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dodist;\n } else {\n strm.msg = \"invalid distance code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } else if ((op & 64) === 0) { /* 2nd level length code */\n here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dolen;\n } else if (op & 32) { /* end-of-block */\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.mode = TYPE;\n break top;\n } else {\n strm.msg = \"invalid literal/length code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } while (_in < last && _out < end);\n\n /* return unused bytes (on entry, bits < 8, so in won't go too far back) */\n len = bits >> 3;\n _in -= len;\n bits -= len << 3;\n hold &= (1 << bits) - 1;\n\n /* update state and return */\n strm.next_in = _in;\n strm.next_out = _out;\n strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last);\n strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end);\n state.hold = hold;\n state.bits = bits;\n return;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\n\nconst MAXBITS = 15;\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\nconst lbase = [ /* Length codes 257..285 base */\n 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,\n 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0\n];\n\nconst lext = [ /* Length codes 257..285 extra */\n 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,\n 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78\n];\n\nconst dbase = [ /* Distance codes 0..29 base */\n 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,\n 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,\n 8193, 12289, 16385, 24577, 0, 0\n];\n\nconst dext = [ /* Distance codes 0..29 extra */\n 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,\n 23, 23, 24, 24, 25, 25, 26, 26, 27, 27,\n 28, 28, 29, 29, 64, 64\n];\n\nexport default function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) {\n const bits = opts.bits;\n //here = opts.here; /* table entry for duplication */\n\n let len = 0; /* a code's length in bits */\n let sym = 0; /* index of code symbols */\n let min = 0, max = 0; /* minimum and maximum code lengths */\n let root = 0; /* number of index bits for root table */\n let curr = 0; /* number of index bits for current table */\n let drop = 0; /* code bits to drop for sub-table */\n let left = 0; /* number of prefix codes available */\n let used = 0; /* code entries in table used */\n let huff = 0; /* Huffman code */\n let incr; /* for incrementing code, index */\n let fill; /* index for replicating entries */\n let low; /* low bits for current root entry */\n let next; /* next available space in table */\n let base = null; /* base value table to use */\n let base_index = 0;\n // var shoextra; /* extra bits table to use */\n let end; /* use base and extra for symbol > end */\n const count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */\n const offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */\n let extra = null;\n let extra_index = 0;\n\n let here_bits, here_op, here_val;\n\n /*\n Process a set of code lengths to create a canonical Huffman code. The\n code lengths are lens[0..codes-1]. Each length corresponds to the\n symbols 0..codes-1. The Huffman code is generated by first sorting the\n symbols by length from short to long, and retaining the symbol order\n for codes with equal lengths. Then the code starts with all zero bits\n for the first code of the shortest length, and the codes are integer\n increments for the same length, and zeros are appended as the length\n increases. For the deflate format, these bits are stored backwards\n from their more natural integer increment ordering, and so when the\n decoding tables are built in the large loop below, the integer codes\n are incremented backwards.\n\n This routine assumes, but does not check, that all of the entries in\n lens[] are in the range 0..MAXBITS. The caller must assure this.\n 1..MAXBITS is interpreted as that code length. zero means that that\n symbol does not occur in this code.\n\n The codes are sorted by computing a count of codes for each length,\n creating from that a table of starting indices for each length in the\n sorted table, and then entering the symbols in order in the sorted\n table. The sorted table is work[], with that space being provided by\n the caller.\n\n The length counts are used for other purposes as well, i.e. finding\n the minimum and maximum length codes, determining if there are any\n codes at all, checking for a valid set of lengths, and looking ahead\n at length counts to determine sub-table sizes when building the\n decoding tables.\n */\n\n /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */\n for (len = 0; len <= MAXBITS; len++) {\n count[len] = 0;\n }\n for (sym = 0; sym < codes; sym++) {\n count[lens[lens_index + sym]]++;\n }\n\n /* bound code lengths, force root to be within code lengths */\n root = bits;\n for (max = MAXBITS; max >= 1; max--) {\n if (count[max] !== 0) {\n break; \n }\n }\n if (root > max) {\n root = max;\n }\n if (max === 0) { /* no symbols to code at all */\n //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */\n //table.bits[opts.table_index] = 1; //here.bits = (var char)1;\n //table.val[opts.table_index++] = 0; //here.val = (var short)0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n\n //table.op[opts.table_index] = 64;\n //table.bits[opts.table_index] = 1;\n //table.val[opts.table_index++] = 0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n opts.bits = 1;\n return 0; /* no symbols, but wait for decoding to report error */\n }\n for (min = 1; min < max; min++) {\n if (count[min] !== 0) {\n break; \n }\n }\n if (root < min) {\n root = min;\n }\n\n /* check for an over-subscribed or incomplete set of lengths */\n left = 1;\n for (len = 1; len <= MAXBITS; len++) {\n left <<= 1;\n left -= count[len];\n if (left < 0) {\n return -1;\n } /* over-subscribed */\n }\n if (left > 0 && (type === CODES || max !== 1)) {\n return -1; /* incomplete set */\n }\n\n /* generate offsets into symbol table for each length for sorting */\n offs[1] = 0;\n for (len = 1; len < MAXBITS; len++) {\n offs[len + 1] = offs[len] + count[len];\n }\n\n /* sort symbols by length, by symbol order within each length */\n for (sym = 0; sym < codes; sym++) {\n if (lens[lens_index + sym] !== 0) {\n work[offs[lens[lens_index + sym]]++] = sym;\n }\n }\n\n /*\n Create and fill in decoding tables. In this loop, the table being\n filled is at next and has curr index bits. The code being used is huff\n with length len. That code is converted to an index by dropping drop\n bits off of the bottom. For codes where len is less than drop + curr,\n those top drop + curr - len bits are incremented through all values to\n fill the table with replicated entries.\n\n root is the number of index bits for the root table. When len exceeds\n root, sub-tables are created pointed to by the root entry with an index\n of the low root bits of huff. This is saved in low to check for when a\n new sub-table should be started. drop is zero when the root table is\n being filled, and drop is root when sub-tables are being filled.\n\n When a new sub-table is needed, it is necessary to look ahead in the\n code lengths to determine what size sub-table is needed. The length\n counts are used for this, and so count[] is decremented as codes are\n entered in the tables.\n\n used keeps track of how many table entries have been allocated from the\n provided *table space. It is checked for LENS and DIST tables against\n the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in\n the initial root table size constants. See the comments in inftrees.h\n for more information.\n\n sym increments through all symbols, and the loop terminates when\n all codes of length max, i.e. all codes, have been processed. This\n routine permits incomplete codes, so another loop after this one fills\n in the rest of the decoding tables with invalid code markers.\n */\n\n /* set up for code type */\n // poor man optimization - use if-else instead of switch,\n // to avoid deopts in old v8\n if (type === CODES) {\n base = extra = work; /* dummy value--not used */\n end = 19;\n\n } else if (type === LENS) {\n base = lbase;\n base_index -= 257;\n extra = lext;\n extra_index -= 257;\n end = 256;\n\n } else { /* DISTS */\n base = dbase;\n extra = dext;\n end = -1;\n }\n\n /* initialize opts for loop */\n huff = 0; /* starting code */\n sym = 0; /* starting code symbol */\n len = min; /* starting code length */\n next = table_index; /* current table to fill in */\n curr = root; /* current table index bits */\n drop = 0; /* current bits to drop from code for index */\n low = -1; /* trigger new sub-table when len > root */\n used = 1 << root; /* use root table entries */\n const mask = used - 1; /* mask for comparing low */\n\n /* check available table space */\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* process all codes and make table entries */\n for (;;) {\n /* create table entry */\n here_bits = len - drop;\n if (work[sym] < end) {\n here_op = 0;\n here_val = work[sym];\n } else if (work[sym] > end) {\n here_op = extra[extra_index + work[sym]];\n here_val = base[base_index + work[sym]];\n } else {\n here_op = 32 + 64; /* end of block */\n here_val = 0;\n }\n\n /* replicate for those indices with low len bits equal to huff */\n incr = 1 << len - drop;\n fill = 1 << curr;\n min = fill; /* save offset to next table */\n do {\n fill -= incr;\n table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0;\n } while (fill !== 0);\n\n /* backwards increment the len-bit code huff */\n incr = 1 << len - 1;\n while (huff & incr) {\n incr >>= 1;\n }\n if (incr !== 0) {\n huff &= incr - 1;\n huff += incr;\n } else {\n huff = 0;\n }\n\n /* go to next symbol, update count, len */\n sym++;\n if (--count[len] === 0) {\n if (len === max) {\n break; \n }\n len = lens[lens_index + work[sym]];\n }\n\n /* create new sub-table if needed */\n if (len > root && (huff & mask) !== low) {\n /* if first time, transition to sub-tables */\n if (drop === 0) {\n drop = root;\n }\n\n /* increment past last table */\n next += min; /* here min is 1 << curr */\n\n /* determine length of next table */\n curr = len - drop;\n left = 1 << curr;\n while (curr + drop < max) {\n left -= count[curr + drop];\n if (left <= 0) {\n break; \n }\n curr++;\n left <<= 1;\n }\n\n /* check for enough space */\n used += 1 << curr;\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* point entry in root table to sub-table */\n low = huff & mask;\n /*table.op[low] = curr;\n table.bits[low] = root;\n table.val[low] = next - opts.table_index;*/\n table[low] = root << 24 | curr << 16 | next - table_index |0;\n }\n }\n\n /* fill in remaining table entry if code is incomplete (guaranteed to have\n at most one remaining entry, since if the code is incomplete, the\n maximum code length that was allowed to get this far is one bit) */\n if (huff !== 0) {\n //table.op[next + huff] = 64; /* invalid code marker */\n //table.bits[next + huff] = len - drop;\n //table.val[next + huff] = 0;\n table[next + huff] = len - drop << 24 | 64 << 16 |0;\n }\n\n /* set return parameters */\n //opts.table_index += used;\n opts.bits = root;\n return 0;\n}\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport inflate_fast from \"./inffast.js\";\nimport inflate_table from \"./inftrees.js\";\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_FINISH,\n Z_BLOCK,\n Z_TREES,\n Z_OK,\n Z_STREAM_END,\n Z_NEED_DICT,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/* STATES ====================================================================*/\n/* ===========================================================================*/\n\n\nconst HEAD = 1; /* i: waiting for magic header */\nconst FLAGS = 2; /* i: waiting for method and flags (gzip) */\nconst TIME = 3; /* i: waiting for modification time (gzip) */\nconst OS = 4; /* i: waiting for extra flags and operating system (gzip) */\nconst EXLEN = 5; /* i: waiting for extra length (gzip) */\nconst EXTRA = 6; /* i: waiting for extra bytes (gzip) */\nconst NAME = 7; /* i: waiting for end of file name (gzip) */\nconst COMMENT = 8; /* i: waiting for end of comment (gzip) */\nconst HCRC = 9; /* i: waiting for header crc (gzip) */\nconst DICTID = 10; /* i: waiting for dictionary check value */\nconst DICT = 11; /* waiting for inflateSetDictionary() call */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\nconst TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */\nconst STORED = 14; /* i: waiting for stored size (length and complement) */\nconst COPY_ = 15; /* i/o: same as COPY below, but only first time in */\nconst COPY = 16; /* i/o: waiting for input or output to copy stored block */\nconst TABLE = 17; /* i: waiting for dynamic block table lengths */\nconst LENLENS = 18; /* i: waiting for code length code lengths */\nconst CODELENS = 19; /* i: waiting for length/lit and distance code lengths */\nconst LEN_ = 20; /* i: same as LEN below, but only first time in */\nconst LEN = 21; /* i: waiting for length/lit/eob code */\nconst LENEXT = 22; /* i: waiting for length extra bits */\nconst DIST = 23; /* i: waiting for distance code */\nconst DISTEXT = 24; /* i: waiting for distance extra bits */\nconst MATCH = 25; /* o: waiting for output space to copy string */\nconst LIT = 26; /* o: waiting for output space to write literal */\nconst CHECK = 27; /* i: waiting for 32-bit check value */\nconst LENGTH = 28; /* i: waiting for 32-bit length (gzip) */\nconst DONE = 29; /* finished check, done -- remain here until reset */\nconst BAD = 30; /* got a data error -- remain here until reset */\n//const MEM = 31; /* got an inflate() memory error -- remain here until reset */\nconst SYNC = 32; /* looking for synchronization bytes to restart inflate() */\n\n/* ===========================================================================*/\n\n\n\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_WBITS = MAX_WBITS;\n\n\nfunction zswap32(q) {\n return (((q >>> 24) & 0xff) +\n ((q >>> 8) & 0xff00) +\n ((q & 0xff00) << 8) +\n ((q & 0xff) << 24));\n}\n\n\nclass InflateState {\n constructor() {\n this.mode = 0; /* current inflate mode */\n this.last = false; /* true if processing last block */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.havedict = false; /* true if dictionary provided */\n this.flags = 0; /* gzip header method and flags (0 if zlib) */\n this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */\n this.check = 0; /* protected copy of check value */\n this.total = 0; /* protected copy of output count */\n // TODO: may be {}\n this.head = null; /* where to save gzip header information */\n\n /* sliding window */\n this.wbits = 0; /* log base 2 of requested window size */\n this.wsize = 0; /* window size or zero if not using window */\n this.whave = 0; /* valid bytes in the window */\n this.wnext = 0; /* window write index */\n this.window = null; /* allocated sliding window, if needed */\n\n /* bit accumulator */\n this.hold = 0; /* input bit accumulator */\n this.bits = 0; /* number of bits in \"in\" */\n\n /* for string and stored block copying */\n this.length = 0; /* literal or length of data to copy */\n this.offset = 0; /* distance back to copy string from */\n\n /* for table and code decoding */\n this.extra = 0; /* extra bits needed */\n\n /* fixed and dynamic code tables */\n this.lencode = null; /* starting table for length/literal codes */\n this.distcode = null; /* starting table for distance codes */\n this.lenbits = 0; /* index bits for lencode */\n this.distbits = 0; /* index bits for distcode */\n\n /* dynamic table building */\n this.ncode = 0; /* number of code length code lengths */\n this.nlen = 0; /* number of length code lengths */\n this.ndist = 0; /* number of distance code lengths */\n this.have = 0; /* number of code lengths in lens[] */\n this.next = null; /* next available space in codes[] */\n\n this.lens = new utils.Buf16(320); /* temporary storage for code lengths */\n this.work = new utils.Buf16(288); /* work area for code table building */\n\n /*\n because we don't have pointers in js, we use lencode and distcode directly\n as buffers so we don't need codes\n */\n //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */\n this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */\n this.distdyn = null; /* dynamic table for distance codes (JS specific) */\n this.sane = 0; /* if false, allow invalid distance too far */\n this.back = 0; /* bits back of last unprocessed length/lit */\n this.was = 0; /* initial length of match */\n }\n}\n\nfunction inflateResetKeep(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n strm.total_in = strm.total_out = state.total = 0;\n strm.msg = ''; /*Z_NULL*/\n if (state.wrap) { /* to support ill-conceived Java test suite */\n strm.adler = state.wrap & 1;\n }\n state.mode = HEAD;\n state.last = 0;\n state.havedict = 0;\n state.dmax = 32768;\n state.head = null/*Z_NULL*/;\n state.hold = 0;\n state.bits = 0;\n //state.lencode = state.distcode = state.next = state.codes;\n state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);\n state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);\n\n state.sane = 1;\n state.back = -1;\n //Tracev((stderr, \"inflate: reset\\n\"));\n return Z_OK;\n}\n\nfunction inflateReset(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n state.wsize = 0;\n state.whave = 0;\n state.wnext = 0;\n return inflateResetKeep(strm);\n\n}\n\nfunction inflateReset2(strm, windowBits) {\n let wrap;\n let state;\n\n /* get the state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n /* extract wrap request from windowBits parameter */\n if (windowBits < 0) {\n wrap = 0;\n windowBits = -windowBits;\n }\n else {\n wrap = (windowBits >> 4) + 1;\n if (windowBits < 48) {\n windowBits &= 15;\n }\n }\n\n /* set number of window bits, free window if different */\n if (windowBits && (windowBits < 8 || windowBits > 15)) {\n return Z_STREAM_ERROR;\n }\n if (state.window !== null && state.wbits !== windowBits) {\n state.window = null;\n }\n\n /* update state and reset the rest of it */\n state.wrap = wrap;\n state.wbits = windowBits;\n return inflateReset(strm);\n}\n\nfunction inflateInit2(strm, windowBits) {\n let ret;\n let state;\n\n if (!strm) { return Z_STREAM_ERROR; }\n //strm.msg = Z_NULL; /* in case we return an error */\n\n state = new InflateState();\n\n //if (state === Z_NULL) return Z_MEM_ERROR;\n //Tracev((stderr, \"inflate: allocated\\n\"));\n strm.state = state;\n state.window = null/*Z_NULL*/;\n ret = inflateReset2(strm, windowBits);\n if (ret !== Z_OK) {\n strm.state = null/*Z_NULL*/;\n }\n return ret;\n}\n\nfunction inflateInit(strm) {\n return inflateInit2(strm, DEF_WBITS);\n}\n\n\n/*\n Return state with length and distance decoding tables and index sizes set to\n fixed code decoding. Normally this returns fixed tables from inffixed.h.\n If BUILDFIXED is defined, then instead this routine builds the tables the\n first time it's called, and returns those tables the first time and\n thereafter. This reduces the size of the code by about 2K bytes, in\n exchange for a little execution time. However, BUILDFIXED should not be\n used for threaded applications, since the rewriting of the tables and virgin\n may not be thread-safe.\n */\nlet virgin = true;\n\nlet lenfix, distfix; // We have no pointers in JS, so keep tables separate\n\nfunction fixedtables(state) {\n /* build fixed huffman tables if first call (may not be thread safe) */\n if (virgin) {\n let sym;\n\n lenfix = new utils.Buf32(512);\n distfix = new utils.Buf32(32);\n\n /* literal/length table */\n sym = 0;\n while (sym < 144) { state.lens[sym++] = 8; }\n while (sym < 256) { state.lens[sym++] = 9; }\n while (sym < 280) { state.lens[sym++] = 7; }\n while (sym < 288) { state.lens[sym++] = 8; }\n\n inflate_table(LENS, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 });\n\n /* distance table */\n sym = 0;\n while (sym < 32) { state.lens[sym++] = 5; }\n\n inflate_table(DISTS, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 });\n\n /* do this just once */\n virgin = false;\n }\n\n state.lencode = lenfix;\n state.lenbits = 9;\n state.distcode = distfix;\n state.distbits = 5;\n}\n\n\n/*\n Update the window with the last wsize (normally 32K) bytes written before\n returning. If window does not exist yet, create it. This is only called\n when a window is already in use, or when output has been written during this\n inflate call, but the end of the deflate stream has not been reached yet.\n It is also called to create a window for dictionary data when a dictionary\n is loaded.\n\n Providing output buffers larger than 32K to inflate() should provide a speed\n advantage, since only the last 32K of output is copied to the sliding window\n upon return from inflate(), and since all distances after the first 32K of\n output will fall in the output data, making match copies simpler and faster.\n The advantage may be dependent on the size of the processor's data caches.\n */\nfunction updatewindow(strm, src, end, copy) {\n let dist;\n const state = strm.state;\n\n /* if it hasn't been done already, allocate space for the window */\n if (state.window === null) {\n state.wsize = 1 << state.wbits;\n state.wnext = 0;\n state.whave = 0;\n\n state.window = new utils.Buf8(state.wsize);\n }\n\n /* copy state->wsize or less output bytes into the circular window */\n if (copy >= state.wsize) {\n utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);\n state.wnext = 0;\n state.whave = state.wsize;\n }\n else {\n dist = state.wsize - state.wnext;\n if (dist > copy) {\n dist = copy;\n }\n //zmemcpy(state->window + state->wnext, end - copy, dist);\n utils.arraySet(state.window, src, end - copy, dist, state.wnext);\n copy -= dist;\n if (copy) {\n //zmemcpy(state->window, end - copy, copy);\n utils.arraySet(state.window, src, end - copy, copy, 0);\n state.wnext = copy;\n state.whave = state.wsize;\n }\n else {\n state.wnext += dist;\n if (state.wnext === state.wsize) { state.wnext = 0; }\n if (state.whave < state.wsize) { state.whave += dist; }\n }\n }\n return 0;\n}\n\nfunction inflate(strm, flush) {\n let state;\n let input, output; // input/output buffers\n let next; /* next input INDEX */\n let put; /* next output INDEX */\n let have, left; /* available input and output */\n let hold; /* bit buffer */\n let bits; /* bits in bit buffer */\n let _in, _out; /* save starting available input and output */\n let copy; /* number of stored or match bytes to copy */\n let from; /* where to copy match bytes from */\n let from_source;\n let here = 0; /* current decoding table entry */\n let here_bits, here_op, here_val; // paked \"here\" denormalized (JS specific)\n //var last; /* parent table entry */\n let last_bits, last_op, last_val; // paked \"last\" denormalized (JS specific)\n let len; /* length to copy for repeats, bits to drop */\n let ret; /* return code */\n let hbuf = new utils.Buf8(4); /* buffer for gzip header crc calculation */\n let opts;\n\n let n; // temporary var for NEED_BITS\n\n const order = /* permutation of code lengths */\n [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];\n\n\n if (!strm || !strm.state || !strm.output ||\n (!strm.input && strm.avail_in !== 0)) {\n return Z_STREAM_ERROR;\n }\n\n state = strm.state;\n if (state.mode === TYPE) { state.mode = TYPEDO; } /* skip check */\n\n\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n _in = have;\n _out = left;\n ret = Z_OK;\n\n inf_leave: // goto emulation\n for (;;) {\n switch (state.mode) {\n case HEAD:\n if (state.wrap === 0) {\n state.mode = TYPEDO;\n break;\n }\n //=== NEEDBITS(16);\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */\n state.check = 0/*crc32(0L, Z_NULL, 0)*/;\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = FLAGS;\n break;\n }\n state.flags = 0; /* expect zlib header */\n if (state.head) {\n state.head.done = false;\n }\n if (!(state.wrap & 1) || /* check if zlib header allowed */\n (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {\n strm.msg = 'incorrect header check';\n state.mode = BAD;\n break;\n }\n if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n len = (hold & 0x0f)/*BITS(4)*/ + 8;\n if (state.wbits === 0) {\n state.wbits = len;\n }\n else if (len > state.wbits) {\n strm.msg = 'invalid window size';\n state.mode = BAD;\n break;\n }\n state.dmax = 1 << len;\n //Tracev((stderr, \"inflate: zlib header ok\\n\"));\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = hold & 0x200 ? DICTID : TYPE;\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n break;\n case FLAGS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.flags = hold;\n if ((state.flags & 0xff) !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n if (state.flags & 0xe000) {\n strm.msg = 'unknown header flags set';\n state.mode = BAD;\n break;\n }\n if (state.head) {\n state.head.text = ((hold >> 8) & 1);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = TIME;\n /* falls through */\n case TIME:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.time = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC4(state.check, hold)\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n hbuf[2] = (hold >>> 16) & 0xff;\n hbuf[3] = (hold >>> 24) & 0xff;\n state.check = crc32(state.check, hbuf, 4, 0);\n //===\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = OS;\n /* falls through */\n case OS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.xflags = (hold & 0xff);\n state.head.os = (hold >> 8);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = EXLEN;\n /* falls through */\n case EXLEN:\n if (state.flags & 0x0400) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length = hold;\n if (state.head) {\n state.head.extra_len = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n else if (state.head) {\n state.head.extra = null/*Z_NULL*/;\n }\n state.mode = EXTRA;\n /* falls through */\n case EXTRA:\n if (state.flags & 0x0400) {\n copy = state.length;\n if (copy > have) { copy = have; }\n if (copy) {\n if (state.head) {\n len = state.head.extra_len - state.length;\n if (!state.head.extra) {\n // Use untyped array for more convenient processing later\n state.head.extra = new Array(state.head.extra_len);\n }\n utils.arraySet(\n state.head.extra,\n input,\n next,\n // extra field is limited to 65536 bytes\n // - no need for additional size check\n copy,\n /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/\n len\n );\n //zmemcpy(state.head.extra + len, next,\n // len + copy > state.head.extra_max ?\n // state.head.extra_max - len : copy);\n }\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n state.length -= copy;\n }\n if (state.length) { break inf_leave; }\n }\n state.length = 0;\n state.mode = NAME;\n /* falls through */\n case NAME:\n if (state.flags & 0x0800) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n // TODO: 2 or 1 bytes?\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.name_max*/)) {\n state.head.name += String.fromCharCode(len);\n }\n } while (len && copy < have);\n\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.name = null;\n }\n state.length = 0;\n state.mode = COMMENT;\n /* falls through */\n case COMMENT:\n if (state.flags & 0x1000) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.comm_max*/)) {\n state.head.comment += String.fromCharCode(len);\n }\n } while (len && copy < have);\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.comment = null;\n }\n state.mode = HCRC;\n /* falls through */\n case HCRC:\n if (state.flags & 0x0200) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.check & 0xffff)) {\n strm.msg = 'header crc mismatch';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n if (state.head) {\n state.head.hcrc = ((state.flags >> 9) & 1);\n state.head.done = true;\n }\n strm.adler = state.check = 0;\n state.mode = TYPE;\n break;\n case DICTID:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n strm.adler = state.check = zswap32(hold);\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = DICT;\n /* falls through */\n case DICT:\n if (state.havedict === 0) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n return Z_NEED_DICT;\n }\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = TYPE;\n /* falls through */\n case TYPE:\n if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case TYPEDO:\n if (state.last) {\n //--- BYTEBITS() ---//\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n state.mode = CHECK;\n break;\n }\n //=== NEEDBITS(3); */\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.last = (hold & 0x01)/*BITS(1)*/;\n //--- DROPBITS(1) ---//\n hold >>>= 1;\n bits -= 1;\n //---//\n\n switch ((hold & 0x03)/*BITS(2)*/) {\n case 0: /* stored block */\n //Tracev((stderr, \"inflate: stored block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = STORED;\n break;\n case 1: /* fixed block */\n fixedtables(state);\n //Tracev((stderr, \"inflate: fixed codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = LEN_; /* decode codes */\n if (flush === Z_TREES) {\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break inf_leave;\n }\n break;\n case 2: /* dynamic block */\n //Tracev((stderr, \"inflate: dynamic codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = TABLE;\n break;\n case 3:\n strm.msg = 'invalid block type';\n state.mode = BAD;\n }\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break;\n case STORED:\n //--- BYTEBITS() ---// /* go to byte boundary */\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {\n strm.msg = 'invalid stored block lengths';\n state.mode = BAD;\n break;\n }\n state.length = hold & 0xffff;\n //Tracev((stderr, \"inflate: stored length %u\\n\",\n // state.length));\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = COPY_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case COPY_:\n state.mode = COPY;\n /* falls through */\n case COPY:\n copy = state.length;\n if (copy) {\n if (copy > have) { copy = have; }\n if (copy > left) { copy = left; }\n if (copy === 0) { break inf_leave; }\n //--- zmemcpy(put, next, copy); ---\n utils.arraySet(output, input, next, copy, put);\n //---//\n have -= copy;\n next += copy;\n left -= copy;\n put += copy;\n state.length -= copy;\n break;\n }\n //Tracev((stderr, \"inflate: stored end\\n\"));\n state.mode = TYPE;\n break;\n case TABLE:\n //=== NEEDBITS(14); */\n while (bits < 14) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n//#ifndef PKZIP_BUG_WORKAROUND\n if (state.nlen > 286 || state.ndist > 30) {\n strm.msg = 'too many length or distance symbols';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracev((stderr, \"inflate: table sizes ok\\n\"));\n state.have = 0;\n state.mode = LENLENS;\n /* falls through */\n case LENLENS:\n while (state.have < state.ncode) {\n //=== NEEDBITS(3);\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n while (state.have < 19) {\n state.lens[order[state.have++]] = 0;\n }\n // We have separate tables & no pointers. 2 commented lines below not needed.\n //state.next = state.codes;\n //state.lencode = state.next;\n // Switch to use dynamic table\n state.lencode = state.lendyn;\n state.lenbits = 7;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);\n state.lenbits = opts.bits;\n\n if (ret) {\n strm.msg = 'invalid code lengths set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, \"inflate: code lengths ok\\n\"));\n state.have = 0;\n state.mode = CODELENS;\n /* falls through */\n case CODELENS:\n while (state.have < state.nlen + state.ndist) {\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_val < 16) {\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.lens[state.have++] = here_val;\n }\n else {\n if (here_val === 16) {\n //=== NEEDBITS(here.bits + 2);\n n = here_bits + 2;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n if (state.have === 0) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n len = state.lens[state.have - 1];\n copy = 3 + (hold & 0x03);//BITS(2);\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n }\n else if (here_val === 17) {\n //=== NEEDBITS(here.bits + 3);\n n = here_bits + 3;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 3 + (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n else {\n //=== NEEDBITS(here.bits + 7);\n n = here_bits + 7;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 11 + (hold & 0x7f);//BITS(7);\n //--- DROPBITS(7) ---//\n hold >>>= 7;\n bits -= 7;\n //---//\n }\n if (state.have + copy > state.nlen + state.ndist) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n while (copy--) {\n state.lens[state.have++] = len;\n }\n }\n }\n\n /* handle error breaks in while */\n if (state.mode === BAD) { break; }\n\n /* check for end-of-block code (better have one) */\n if (state.lens[256] === 0) {\n strm.msg = 'invalid code -- missing end-of-block';\n state.mode = BAD;\n break;\n }\n\n /* build code tables -- note: do not change the lenbits or distbits\n values here (9 and 6) without reading the comments in inftrees.h\n concerning the ENOUGH constants, which depend on those values */\n state.lenbits = 9;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.lenbits = opts.bits;\n // state.lencode = state.next;\n\n if (ret) {\n strm.msg = 'invalid literal/lengths set';\n state.mode = BAD;\n break;\n }\n\n state.distbits = 6;\n //state.distcode.copy(state.codes);\n // Switch to use dynamic table\n state.distcode = state.distdyn;\n opts = { bits: state.distbits };\n ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.distbits = opts.bits;\n // state.distcode = state.next;\n\n if (ret) {\n strm.msg = 'invalid distances set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, 'inflate: codes ok\\n'));\n state.mode = LEN_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case LEN_:\n state.mode = LEN;\n /* falls through */\n case LEN:\n if (have >= 6 && left >= 258) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n inflate_fast(strm, _out);\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n if (state.mode === TYPE) {\n state.back = -1;\n }\n break;\n }\n state.back = 0;\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if (here_bits <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_op && (here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.lencode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n state.length = here_val;\n if (here_op === 0) {\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n state.mode = LIT;\n break;\n }\n if (here_op & 32) {\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.back = -1;\n state.mode = TYPE;\n break;\n }\n if (here_op & 64) {\n strm.msg = 'invalid literal/length code';\n state.mode = BAD;\n break;\n }\n state.extra = here_op & 15;\n state.mode = LENEXT;\n /* falls through */\n case LENEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", state.length));\n state.was = state.length;\n state.mode = DIST;\n /* falls through */\n case DIST:\n for (;;) {\n here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if ((here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.distcode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n if (here_op & 64) {\n strm.msg = 'invalid distance code';\n state.mode = BAD;\n break;\n }\n state.offset = here_val;\n state.extra = (here_op) & 15;\n state.mode = DISTEXT;\n /* falls through */\n case DISTEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n//#ifdef INFLATE_STRICT\n if (state.offset > state.dmax) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracevv((stderr, \"inflate: distance %u\\n\", state.offset));\n state.mode = MATCH;\n /* falls through */\n case MATCH:\n if (left === 0) { break inf_leave; }\n copy = _out - left;\n if (state.offset > copy) { /* copy from window */\n copy = state.offset - copy;\n if (copy > state.whave) {\n if (state.sane) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n// (!) This block is disabled in zlib defaults,\n// don't enable it for binary compatibility\n//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n// Trace((stderr, \"inflate.c too far\\n\"));\n// copy -= state.whave;\n// if (copy > state.length) { copy = state.length; }\n// if (copy > left) { copy = left; }\n// left -= copy;\n// state.length -= copy;\n// do {\n// output[put++] = 0;\n// } while (--copy);\n// if (state.length === 0) { state.mode = LEN; }\n// break;\n//#endif\n }\n if (copy > state.wnext) {\n copy -= state.wnext;\n from = state.wsize - copy;\n }\n else {\n from = state.wnext - copy;\n }\n if (copy > state.length) { copy = state.length; }\n from_source = state.window;\n }\n else { /* copy from output */\n from_source = output;\n from = put - state.offset;\n copy = state.length;\n }\n if (copy > left) { copy = left; }\n left -= copy;\n state.length -= copy;\n do {\n output[put++] = from_source[from++];\n } while (--copy);\n if (state.length === 0) { state.mode = LEN; }\n break;\n case LIT:\n if (left === 0) { break inf_leave; }\n output[put++] = state.length;\n left--;\n state.mode = LEN;\n break;\n case CHECK:\n if (state.wrap) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n // Use '|' instead of '+' to make sure that result is signed\n hold |= input[next++] << bits;\n bits += 8;\n }\n //===//\n _out -= left;\n strm.total_out += _out;\n state.total += _out;\n if (_out) {\n strm.adler = state.check =\n /*UPDATE(state.check, put - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));\n\n }\n _out = left;\n // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too\n if ((state.flags ? hold : zswap32(hold)) !== state.check) {\n strm.msg = 'incorrect data check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: check matches trailer\\n\"));\n }\n state.mode = LENGTH;\n /* falls through */\n case LENGTH:\n if (state.wrap && state.flags) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.total & 0xffffffff)) {\n strm.msg = 'incorrect length check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: length matches trailer\\n\"));\n }\n state.mode = DONE;\n /* falls through */\n case DONE:\n ret = Z_STREAM_END;\n break inf_leave;\n case BAD:\n ret = Z_DATA_ERROR;\n break inf_leave;\n // case MEM:\n // return Z_MEM_ERROR;\n case SYNC:\n /* falls through */\n default:\n return Z_STREAM_ERROR;\n }\n }\n\n // inf_leave <- here is real place for \"goto inf_leave\", emulated via \"break inf_leave\"\n\n /*\n Return from inflate(), updating the total counts and the check value.\n If there was no progress during the inflate() call, return a buffer\n error. Call updatewindow() to create and/or update the window state.\n Note: a memory error from inflate() is non-recoverable.\n */\n\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n\n if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&\n (state.mode < CHECK || flush !== Z_FINISH))) {\n if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n }\n }\n _in -= strm.avail_in;\n _out -= strm.avail_out;\n strm.total_in += _in;\n strm.total_out += _out;\n state.total += _out;\n if (state.wrap && _out) {\n strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));\n }\n strm.data_type = state.bits + (state.last ? 64 : 0) +\n (state.mode === TYPE ? 128 : 0) +\n (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);\n if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {\n ret = Z_BUF_ERROR;\n }\n return ret;\n}\n\nfunction inflateEnd(strm) {\n\n if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {\n return Z_STREAM_ERROR;\n }\n\n const state = strm.state;\n if (state.window) {\n state.window = null;\n }\n strm.state = null;\n return Z_OK;\n}\n\nfunction inflateGetHeader(strm, head) {\n let state;\n\n /* check state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }\n\n /* save header structure */\n state.head = head;\n head.done = false;\n return Z_OK;\n}\n\nfunction inflateSetDictionary(strm, dictionary) {\n const dictLength = dictionary.length;\n\n let state;\n let dictid;\n let ret;\n\n /* check state */\n if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n if (state.wrap !== 0 && state.mode !== DICT) {\n return Z_STREAM_ERROR;\n }\n\n /* check for correct dictionary identifier */\n if (state.mode === DICT) {\n dictid = 1; /* adler32(0, null, 0)*/\n /* dictid = adler32(dictid, dictionary, dictLength); */\n dictid = adler32(dictid, dictionary, dictLength, 0);\n if (dictid !== state.check) {\n return Z_DATA_ERROR;\n }\n }\n /* copy dictionary to window using updatewindow(), which will amend the\n existing dictionary if appropriate */\n ret = updatewindow(strm, dictionary, dictLength, dictLength);\n // if (ret) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n // }\n state.havedict = 1;\n // Tracev((stderr, \"inflate: dictionary set\\n\"));\n return Z_OK;\n}\n\nconst inflateInfo = 'pako inflate (from Nodeca project)';\n\nexport {\n inflateReset,\n inflateReset2,\n inflateResetKeep,\n inflateInit,\n inflateInit2,\n inflate,\n inflateEnd,\n inflateGetHeader,\n inflateSetDictionary,\n inflateInfo\n};\n\n/* Not implemented\nexports.inflateCopy = inflateCopy;\nexports.inflateGetDictionary = inflateGetDictionary;\nexports.inflateMark = inflateMark;\nexports.inflatePrime = inflatePrime;\nexports.inflateSync = inflateSync;\nexports.inflateSyncPoint = inflateSyncPoint;\nexports.inflateUndermine = inflateUndermine;\n*/\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class GZheader {\n constructor() {\n /* true if compressed data believed to be text */\n this.text = 0;\n /* modification time */\n this.time = 0;\n /* extra flags (not used when writing a gzip file) */\n this.xflags = 0;\n /* operating system */\n this.os = 0;\n /* pointer to extra field or Z_NULL if none */\n this.extra = null;\n /* extra field length (valid if extra != Z_NULL) */\n this.extra_len = 0; // Actually, we don't need it in JS,\n // but leave for few code modifications\n\n //\n // Setup limits is not necessary because in js we should not preallocate memory\n // for inflate use constant limit in 65536 bytes\n //\n\n /* space at extra (only when reading header) */\n // this.extra_max = 0;\n /* pointer to zero-terminated file name or Z_NULL */\n this.name = '';\n /* space at name (only when reading header) */\n // this.name_max = 0;\n /* pointer to zero-terminated comment or Z_NULL */\n this.comment = '';\n /* space at comment (only when reading header) */\n // this.comm_max = 0;\n /* true if there was or will be a header crc */\n this.hcrc = 0;\n /* true when done reading gzip header (not used when writing a gzip file) */\n this.done = false;\n }\n}","'use strict';\n\nimport * as zlib_inflate from \"./zlib/inflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport * as c from \"./zlib/constants.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\nimport GZheader from \"./zlib/gzheader.js\";\n\n/**\n * class Inflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[inflate]]\n * and [[inflateRaw]].\n **/\n\n/* internal\n * inflate.chunks -> Array\n *\n * Chunks of output data, if [[Inflate#onData]] not overridden.\n **/\n\n/**\n * Inflate.result -> Uint8Array|Array|String\n *\n * Uncompressed result, generated by default [[Inflate#onData]]\n * and [[Inflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Inflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Inflate.err -> Number\n *\n * Error code after inflate finished. 0 (Z_OK) on success.\n * Should be checked if broken data possible.\n **/\n\n/**\n * Inflate.msg -> String\n *\n * Error message, if [[Inflate.err]] != 0\n **/\n\n\n/**\n * new Inflate(options)\n * - options (Object): zlib inflate options.\n *\n * Creates new inflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `windowBits`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw inflate\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n * By default, when no options set, autodetect deflate/gzip data format via\n * wrapper header.\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var inflate = new pako.Inflate({ level: 3});\n *\n * inflate.push(chunk1, false);\n * inflate.push(chunk2, true); // true -> last chunk\n *\n * if (inflate.err) { throw new Error(inflate.err); }\n *\n * console.log(inflate.result);\n * ```\n **/\nclass Inflate {\n constructor(options) {\n this.options = {\n chunkSize: 16384,\n windowBits: 0,\n ...(options || {})\n };\n\n const opt = this.options;\n\n // Force window size for `raw` data, if not set directly,\n // because we have no header for autodetect.\n if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {\n opt.windowBits = -opt.windowBits;\n if (opt.windowBits === 0) { opt.windowBits = -15; }\n }\n\n // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate\n if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&\n !(options && options.windowBits)) {\n opt.windowBits += 32;\n }\n\n // Gzip header has no info about windows size, we can do autodetect only\n // for deflate. So, if window size not set, force it to max when gzip possible\n if ((opt.windowBits > 15) && (opt.windowBits < 48)) {\n // bit 3 (16) -> gzipped data\n // bit 4 (32) -> autodetect gzip/deflate\n if ((opt.windowBits & 15) === 0) {\n opt.windowBits |= 15;\n }\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n let status = zlib_inflate.inflateInit2(\n this.strm,\n opt.windowBits\n );\n\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n\n this.header = new GZheader();\n\n zlib_inflate.inflateGetHeader(this.strm, this.header);\n\n // Setup dictionary\n if (opt.dictionary) {\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n opt.dictionary = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n opt.dictionary = new Uint8Array(opt.dictionary);\n }\n if (opt.raw) { //In raw mode we need to set the dictionary early\n status = zlib_inflate.inflateSetDictionary(this.strm, opt.dictionary);\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n }\n }\n }\n /**\n * Inflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with\n * new output chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the decompression context.\n *\n * On fail call [[Inflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize, dictionary } } = this;\n let status, _mode;\n let next_out_utf8, tail, utf8str;\n\n // Flag to properly process Z_BUF_ERROR on testing inflate call\n // when we check that all output data was flushed.\n let allowBufError = false;\n\n if (this.ended) { return false; }\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // Only binary strings can be decompressed on practice\n strm.input = strings.binstring2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n\n status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH); /* no bad return value */\n\n if (status === c.Z_NEED_DICT && dictionary) {\n status = zlib_inflate.inflateSetDictionary(this.strm, dictionary);\n }\n\n if (status === c.Z_BUF_ERROR && allowBufError === true) {\n status = c.Z_OK;\n allowBufError = false;\n }\n\n if (status !== c.Z_STREAM_END && status !== c.Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n\n if (strm.next_out) {\n if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n }\n\n // When no more input data, we should check that internal inflate buffers\n // are flushed. The only way to do it when avail_out = 0 - run one more\n // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.\n // Here we set flag to process this error properly.\n //\n // NOTE. Deflate does not return error in this case and does not needs such\n // logic.\n if (strm.avail_in === 0 && strm.avail_out === 0) {\n allowBufError = true;\n }\n\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);\n\n if (status === c.Z_STREAM_END) {\n _mode = c.Z_FINISH;\n }\n\n // Finalize on the last chunk.\n if (_mode === c.Z_FINISH) {\n status = zlib_inflate.inflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === c.Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === c.Z_SYNC_FLUSH) {\n this.onEnd(c.Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n\n /**\n * Inflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n\n\n /**\n * Inflate#onEnd(status) -> Void\n * - status (Number): inflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called either after you tell inflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === c.Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n/**\n * inflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Decompress `data` with inflate/ungzip and `options`. Autodetect\n * format via wrapper header by default. That's why we don't provide\n * separate `ungzip` method.\n *\n * Supported options are:\n *\n * - windowBits\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , input = pako.deflate([1,2,3,4,5,6,7,8,9])\n * , output;\n *\n * try {\n * output = pako.inflate(input);\n * } catch (err)\n * console.log(err);\n * }\n * ```\n **/\nfunction inflate(input, options) {\n const inflator = new Inflate(options);\n\n inflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (inflator.err) { throw new Error(inflator.msg || msg[inflator.err]); }\n\n return inflator.result;\n}\n\n\n/**\n * inflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * The same as [[inflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction inflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return inflate(input, options);\n}\n\n\n/**\n * ungzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Just shortcut to [[inflate]], because it autodetects format\n * by header.content. Done for convenience.\n **/\n\nexport { Inflate, inflate, inflateRaw, inflate as ungzip };\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuer,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.signedHashValue = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n this.params = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length));\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false) {\n if (key.version === 5) {\n this.version = 5;\n } else {\n this.version = 4;\n }\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = [];\n this.unhashedSubpackets.forEach(data => {\n arr.push(writeSimpleLength(data.length));\n arr.push(data);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n // V4 signature sub packets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n if (!hashed) {\n this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n mypos++;\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuer:\n // Issuer\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion === 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n default: {\n const err = new Error(`Unknown signature subpacket type ${type}`);\n if (critical) {\n throw err;\n } else {\n util.printDebug(err);\n }\n }\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, 2));\n\n let i = 2;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n constructor() {\n /** A one-octet version number. The current version is 3. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** An eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current version is 3.\n this.version = bytes[mypos++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n // An eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]);\n\n const end = new Uint8Array([this.flags]);\n\n return util.concatUint8Array([start, this.issuerKeyID.write(), end]);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID)\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnsupportedError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Deflate } from '@openpgp/pako/lib/deflate';\nimport { Inflate } from '@openpgp/pako/lib/inflate';\nimport { Z_SYNC_FLUSH, Z_FINISH } from '@openpgp/pako/lib/zlib/constants';\nimport { decode as BunzipDecode } from '@openpgp/seek-bzip';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n\n /**\n * zip/zlib compression level, between 1 and 9\n */\n this.deflateLevel = config.deflateLevel;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName];\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write(), this.deflateLevel);\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nconst nodeZlib = util.getNodeZlib();\n\nfunction uncompressed(data) {\n return data;\n}\n\nfunction node_zlib(func, create, options = {}) {\n return function (data) {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(data => {\n return new Promise((resolve, reject) => {\n func(data, options, (err, result) => {\n if (err) return reject(err);\n resolve(result);\n });\n });\n }));\n }\n return stream.nodeToWeb(stream.webToNode(data).pipe(create(options)));\n };\n}\n\nfunction pako_zlib(constructor, options = {}) {\n return function(data) {\n const obj = new constructor(options);\n return stream.transform(data, value => {\n if (value.length) {\n obj.push(value, Z_SYNC_FLUSH);\n return obj.result;\n }\n }, () => {\n if (constructor === Deflate) {\n obj.push([], Z_FINISH);\n return obj.result;\n }\n });\n };\n}\n\nfunction bzip2(func) {\n return function(data) {\n return stream.fromAsync(async () => func(await stream.readToEnd(data)));\n };\n}\n\nconst compress_fns = nodeZlib ? {\n zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed)\n} : {\n zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed)\n};\n\nconst decompress_fns = nodeZlib ? {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw),\n zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n} : {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }),\n zlib: /*#__PURE__*/ pako_zlib(Inflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n constructor() {\n this.version = VERSION;\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n // - A one-octet version number. The only currently defined value is 1.\n if (version !== VERSION) {\n throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`);\n }\n\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n return util.concat([new Uint8Array([VERSION]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n let packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await this.crypt('decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await this.crypt('encrypt', key, data);\n }\n\n /**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\n async crypt(fn, key, data) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const modeInstance = await mode(this.cipherAlgorithm, key);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const adataBuffer = new ArrayBuffer(21);\n const adataArray = new Uint8Array(adataBuffer, 0, 13);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n const iv = this.iv;\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new stream.TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray);\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...)\n cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray);\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = 3;\n\n this.publicKeyID = new KeyID();\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n i += this.publicKeyID.read(bytes.subarray(i));\n this.publicKeyAlgorithm = bytes[i++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version);\n if (this.publicKeyAlgorithm === enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version]),\n this.publicKeyID.write(),\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n // v3 Montgomery curves have cleartext cipher algo\n if (this.publicKeyAlgorithm !== enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = sessionKeyAlgorithm;\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // add checksum\n return util.concatUint8Array([\n new Uint8Array([cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n }\n case enums.publicKey.x25519:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm);\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n return {\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n * @private\n */\n\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport { UnsupportedError } from '../packet/packet';\nimport util from '../util';\n\nclass S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = 'iterated';\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n try {\n this.type = enums.read(enums.s2k, bytes[i++]);\n } catch (err) {\n throw new UnsupportedError('Unknown S2K type.');\n }\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport S2K from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 5 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = enums.symmetric.aes256;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number. The only currently defined version is 4.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version === 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n this.s2k = new S2K();\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version === 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, key);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n } else {\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const encryptionKey = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v5Keys ? 5 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes) {\n let pos = 0;\n // A one-octet version number (3, 4 or 5).\n this.version = bytes[pos++];\n\n if (this.version === 4 || this.version === 5) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version === 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version === 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n if (version === 5) {\n return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]);\n }\n return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version === 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version === 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport S2K from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n this.s2k = new S2K();\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipher(this.symmetric).blockSize\n );\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n const cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...this.s2k.write());\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = new S2K(config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n\n const { blockSize } = crypto.getCipher(this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = enums.aead.eax;\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } else {\n this.s2kUsage = 254;\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\nasync function produceEncryptionKey(s2k, passphrase, algorithm) {\n const { keySize } = crypto.getCipher(algorithm);\n return s2k.produceKey(passphrase, keySize);\n}\n\nexport default SecretKeyPacket;\n","\n// email-addresses.js - RFC 5322 email address parser\n// v 3.1.0\n//\n// http://tools.ietf.org/html/rfc5322\n//\n// This library does not validate email addresses.\n// emailAddresses attempts to parse addresses using the (fairly liberal)\n// grammar specified in RFC 5322.\n//\n// email-addresses returns {\n// ast: ,\n// addresses: [{\n// node: ,\n// name: ,\n// address: ,\n// local: ,\n// domain: \n// }, ...]\n// }\n//\n// emailAddresses.parseOneAddress and emailAddresses.parseAddressList\n// work as you might expect. Try it out.\n//\n// Many thanks to Dominic Sayers and his documentation on the is_email function,\n// http://code.google.com/p/isemail/ , which helped greatly in writing this parser.\n\n(function (global) {\n\"use strict\";\n\nfunction parse5322(opts) {\n\n // tokenizing functions\n\n function inStr() { return pos < len; }\n function curTok() { return parseString[pos]; }\n function getPos() { return pos; }\n function setPos(i) { pos = i; }\n function nextTok() { pos += 1; }\n function initialize() {\n pos = 0;\n len = parseString.length;\n }\n\n // parser helper functions\n\n function o(name, value) {\n return {\n name: name,\n tokens: value || \"\",\n semantic: value || \"\",\n children: []\n };\n }\n\n function wrap(name, ast) {\n var n;\n if (ast === null) { return null; }\n n = o(name);\n n.tokens = ast.tokens;\n n.semantic = ast.semantic;\n n.children.push(ast);\n return n;\n }\n\n function add(parent, child) {\n if (child !== null) {\n parent.tokens += child.tokens;\n parent.semantic += child.semantic;\n }\n parent.children.push(child);\n return parent;\n }\n\n function compareToken(fxnCompare) {\n var tok;\n if (!inStr()) { return null; }\n tok = curTok();\n if (fxnCompare(tok)) {\n nextTok();\n return o('token', tok);\n }\n return null;\n }\n\n function literal(lit) {\n return function literalFunc() {\n return wrap('literal', compareToken(function (tok) {\n return tok === lit;\n }));\n };\n }\n\n function and() {\n var args = arguments;\n return function andFunc() {\n var i, s, result, start;\n start = getPos();\n s = o('and');\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result === null) {\n setPos(start);\n return null;\n }\n add(s, result);\n }\n return s;\n };\n }\n\n function or() {\n var args = arguments;\n return function orFunc() {\n var i, result, start;\n start = getPos();\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result !== null) {\n return result;\n }\n setPos(start);\n }\n return null;\n };\n }\n\n function opt(prod) {\n return function optFunc() {\n var result, start;\n start = getPos();\n result = prod();\n if (result !== null) {\n return result;\n }\n else {\n setPos(start);\n return o('opt');\n }\n };\n }\n\n function invis(prod) {\n return function invisFunc() {\n var result = prod();\n if (result !== null) {\n result.semantic = \"\";\n }\n return result;\n };\n }\n\n function colwsp(prod) {\n return function collapseSemanticWhitespace() {\n var result = prod();\n if (result !== null && result.semantic.length > 0) {\n result.semantic = \" \";\n }\n return result;\n };\n }\n\n function star(prod, minimum) {\n return function starFunc() {\n var s, result, count, start, min;\n start = getPos();\n s = o('star');\n count = 0;\n min = minimum === undefined ? 0 : minimum;\n while ((result = prod()) !== null) {\n count = count + 1;\n add(s, result);\n }\n if (count >= min) {\n return s;\n }\n else {\n setPos(start);\n return null;\n }\n };\n }\n\n // One expects names to get normalized like this:\n // \" First Last \" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n function collapseWhitespace(s) {\n return s.replace(/([ \\t]|\\r\\n)+/g, ' ').replace(/^\\s*/, '').replace(/\\s*$/, '');\n }\n\n // UTF-8 pseudo-production (RFC 6532)\n // RFC 6532 extends RFC 5322 productions to include UTF-8\n // using the following productions:\n // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4\n // UTF8-2 = \n // UTF8-3 = \n // UTF8-4 = \n //\n // For reference, the extended RFC 5322 productions are:\n // VCHAR =/ UTF8-non-ascii\n // ctext =/ UTF8-non-ascii\n // atext =/ UTF8-non-ascii\n // qtext =/ UTF8-non-ascii\n // dtext =/ UTF8-non-ascii\n function isUTF8NonAscii(tok) {\n // In JavaScript, we just deal directly with Unicode code points,\n // so we aren't checking individual bytes for UTF-8 encoding.\n // Just check that the character is non-ascii.\n return tok.charCodeAt(0) >= 128;\n }\n\n\n // common productions (RFC 5234)\n // http://tools.ietf.org/html/rfc5234\n // B.1. Core Rules\n\n // CR = %x0D\n // ; carriage return\n function cr() { return wrap('cr', literal('\\r')()); }\n\n // CRLF = CR LF\n // ; Internet standard newline\n function crlf() { return wrap('crlf', and(cr, lf)()); }\n\n // DQUOTE = %x22\n // ; \" (Double Quote)\n function dquote() { return wrap('dquote', literal('\"')()); }\n\n // HTAB = %x09\n // ; horizontal tab\n function htab() { return wrap('htab', literal('\\t')()); }\n\n // LF = %x0A\n // ; linefeed\n function lf() { return wrap('lf', literal('\\n')()); }\n\n // SP = %x20\n function sp() { return wrap('sp', literal(' ')()); }\n\n // VCHAR = %x21-7E\n // ; visible (printing) characters\n function vchar() {\n return wrap('vchar', compareToken(function vcharFunc(tok) {\n var code = tok.charCodeAt(0);\n var accept = (0x21 <= code && code <= 0x7E);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // WSP = SP / HTAB\n // ; white space\n function wsp() { return wrap('wsp', or(sp, htab)()); }\n\n\n // email productions (RFC 5322)\n // http://tools.ietf.org/html/rfc5322\n // 3.2.1. Quoted characters\n\n // quoted-pair = (\"\\\" (VCHAR / WSP)) / obs-qp\n function quotedPair() {\n var qp = wrap('quoted-pair',\n or(\n and(literal('\\\\'), or(vchar, wsp)),\n obsQP\n )());\n if (qp === null) { return null; }\n // a quoted pair will be two characters, and the \"\\\" character\n // should be semantically \"invisible\" (RFC 5322 3.2.1)\n qp.semantic = qp.semantic[1];\n return qp;\n }\n\n // 3.2.2. Folding White Space and Comments\n\n // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS\n function fws() {\n return wrap('fws', or(\n obsFws,\n and(\n opt(and(\n star(wsp),\n invis(crlf)\n )),\n star(wsp, 1)\n )\n )());\n }\n\n // ctext = %d33-39 / ; Printable US-ASCII\n // %d42-91 / ; characters not including\n // %d93-126 / ; \"(\", \")\", or \"\\\"\n // obs-ctext\n function ctext() {\n return wrap('ctext', or(\n function ctextFunc1() {\n return compareToken(function ctextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 39) ||\n (42 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsCtext\n )());\n }\n\n // ccontent = ctext / quoted-pair / comment\n function ccontent() {\n return wrap('ccontent', or(ctext, quotedPair, comment)());\n }\n\n // comment = \"(\" *([FWS] ccontent) [FWS] \")\"\n function comment() {\n return wrap('comment', and(\n literal('('),\n star(and(opt(fws), ccontent)),\n opt(fws),\n literal(')')\n )());\n }\n\n // CFWS = (1*([FWS] comment) [FWS]) / FWS\n function cfws() {\n return wrap('cfws', or(\n and(\n star(\n and(opt(fws), comment),\n 1\n ),\n opt(fws)\n ),\n fws\n )());\n }\n\n // 3.2.3. Atom\n\n //atext = ALPHA / DIGIT / ; Printable US-ASCII\n // \"!\" / \"#\" / ; characters not including\n // \"$\" / \"%\" / ; specials. Used for atoms.\n // \"&\" / \"'\" /\n // \"*\" / \"+\" /\n // \"-\" / \"/\" /\n // \"=\" / \"?\" /\n // \"^\" / \"_\" /\n // \"`\" / \"{\" /\n // \"|\" / \"}\" /\n // \"~\"\n function atext() {\n return wrap('atext', compareToken(function atextFunc(tok) {\n var accept =\n ('a' <= tok && tok <= 'z') ||\n ('A' <= tok && tok <= 'Z') ||\n ('0' <= tok && tok <= '9') ||\n (['!', '#', '$', '%', '&', '\\'', '*', '+', '-', '/',\n '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // atom = [CFWS] 1*atext [CFWS]\n function atom() {\n return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))());\n }\n\n // dot-atom-text = 1*atext *(\".\" 1*atext)\n function dotAtomText() {\n var s, maybeText;\n s = wrap('dot-atom-text', star(atext, 1)());\n if (s === null) { return s; }\n maybeText = star(and(literal('.'), star(atext, 1)))();\n if (maybeText !== null) {\n add(s, maybeText);\n }\n return s;\n }\n\n // dot-atom = [CFWS] dot-atom-text [CFWS]\n function dotAtom() {\n return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))());\n }\n\n // 3.2.4. Quoted Strings\n\n // qtext = %d33 / ; Printable US-ASCII\n // %d35-91 / ; characters not including\n // %d93-126 / ; \"\\\" or the quote character\n // obs-qtext\n function qtext() {\n return wrap('qtext', or(\n function qtextFunc1() {\n return compareToken(function qtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 === code) ||\n (35 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsQtext\n )());\n }\n\n // qcontent = qtext / quoted-pair\n function qcontent() {\n return wrap('qcontent', or(qtext, quotedPair)());\n }\n\n // quoted-string = [CFWS]\n // DQUOTE *([FWS] qcontent) [FWS] DQUOTE\n // [CFWS]\n function quotedString() {\n return wrap('quoted-string', and(\n invis(opt(cfws)),\n invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote),\n invis(opt(cfws))\n )());\n }\n\n // 3.2.5 Miscellaneous Tokens\n\n // word = atom / quoted-string\n function word() {\n return wrap('word', or(atom, quotedString)());\n }\n\n // phrase = 1*word / obs-phrase\n function phrase() {\n return wrap('phrase', or(obsPhrase, star(word, 1))());\n }\n\n // 3.4. Address Specification\n // address = mailbox / group\n function address() {\n return wrap('address', or(mailbox, group)());\n }\n\n // mailbox = name-addr / addr-spec\n function mailbox() {\n return wrap('mailbox', or(nameAddr, addrSpec)());\n }\n\n // name-addr = [display-name] angle-addr\n function nameAddr() {\n return wrap('name-addr', and(opt(displayName), angleAddr)());\n }\n\n // angle-addr = [CFWS] \"<\" addr-spec \">\" [CFWS] /\n // obs-angle-addr\n function angleAddr() {\n return wrap('angle-addr', or(\n and(\n invis(opt(cfws)),\n literal('<'),\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n ),\n obsAngleAddr\n )());\n }\n\n // group = display-name \":\" [group-list] \";\" [CFWS]\n function group() {\n return wrap('group', and(\n displayName,\n literal(':'),\n opt(groupList),\n literal(';'),\n invis(opt(cfws))\n )());\n }\n\n // display-name = phrase\n function displayName() {\n return wrap('display-name', function phraseFixedSemantic() {\n var result = phrase();\n if (result !== null) {\n result.semantic = collapseWhitespace(result.semantic);\n }\n return result;\n }());\n }\n\n // mailbox-list = (mailbox *(\",\" mailbox)) / obs-mbox-list\n function mailboxList() {\n return wrap('mailbox-list', or(\n and(\n mailbox,\n star(and(literal(','), mailbox))\n ),\n obsMboxList\n )());\n }\n\n // address-list = (address *(\",\" address)) / obs-addr-list\n function addressList() {\n return wrap('address-list', or(\n and(\n address,\n star(and(literal(','), address))\n ),\n obsAddrList\n )());\n }\n\n // group-list = mailbox-list / CFWS / obs-group-list\n function groupList() {\n return wrap('group-list', or(\n mailboxList,\n invis(cfws),\n obsGroupList\n )());\n }\n\n // 3.4.1 Addr-Spec Specification\n\n // local-part = dot-atom / quoted-string / obs-local-part\n function localPart() {\n // note: quoted-string, dotAtom are proper subsets of obs-local-part\n // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree\n return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)());\n }\n\n // dtext = %d33-90 / ; Printable US-ASCII\n // %d94-126 / ; characters not including\n // obs-dtext ; \"[\", \"]\", or \"\\\"\n function dtext() {\n return wrap('dtext', or(\n function dtextFunc1() {\n return compareToken(function dtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 90) ||\n (94 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsDtext\n )()\n );\n }\n\n // domain-literal = [CFWS] \"[\" *([FWS] dtext) [FWS] \"]\" [CFWS]\n function domainLiteral() {\n return wrap('domain-literal', and(\n invis(opt(cfws)),\n literal('['),\n star(and(opt(fws), dtext)),\n opt(fws),\n literal(']'),\n invis(opt(cfws))\n )());\n }\n\n // domain = dot-atom / domain-literal / obs-domain\n function domain() {\n return wrap('domain', function domainCheckTLD() {\n var result = or(obsDomain, dotAtom, domainLiteral)();\n if (opts.rejectTLD) {\n if (result && result.semantic && result.semantic.indexOf('.') < 0) {\n return null;\n }\n }\n // strip all whitespace from domains\n if (result) {\n result.semantic = result.semantic.replace(/\\s+/g, '');\n }\n return result;\n }());\n }\n\n // addr-spec = local-part \"@\" domain\n function addrSpec() {\n return wrap('addr-spec', and(\n localPart, literal('@'), domain\n )());\n }\n\n // 3.6.2 Originator Fields\n // Below we only parse the field body, not the name of the field\n // like \"From:\", \"Sender:\", or \"Reply-To:\". Other libraries that\n // parse email headers can parse those and defer to these productions\n // for the \"RFC 5322\" part.\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // from = \"From:\" (mailbox-list / address-list) CRLF\n function fromSpec() {\n return wrap('from', or(\n mailboxList,\n addressList\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // sender = \"Sender:\" (mailbox / address) CRLF\n function senderSpec() {\n return wrap('sender', or(\n mailbox,\n address\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // reply-to = \"Reply-To:\" address-list CRLF\n function replyToSpec() {\n return wrap('reply-to', addressList());\n }\n\n // 4.1. Miscellaneous Obsolete Tokens\n\n // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control\n // %d11 / ; characters that do not\n // %d12 / ; include the carriage\n // %d14-31 / ; return, line feed, and\n // %d127 ; white space characters\n function obsNoWsCtl() {\n return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) {\n var code = tok.charCodeAt(0);\n return ((1 <= code && code <= 8) ||\n (11 === code || 12 === code) ||\n (14 <= code && code <= 31) ||\n (127 === code));\n }));\n }\n\n // obs-ctext = obs-NO-WS-CTL\n function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); }\n\n // obs-qtext = obs-NO-WS-CTL\n function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); }\n\n // obs-qp = \"\\\" (%d0 / obs-NO-WS-CTL / LF / CR)\n function obsQP() {\n return opts.strict ? null : wrap('obs-qp', and(\n literal('\\\\'),\n or(literal('\\0'), obsNoWsCtl, lf, cr)\n )());\n }\n\n // obs-phrase = word *(word / \".\" / CFWS)\n function obsPhrase() {\n if (opts.strict ) return null;\n return opts.atInDisplayName ? wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), literal('@'), colwsp(cfws)))\n )()) :\n wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), colwsp(cfws)))\n )());\n }\n\n // 4.2. Obsolete Folding White Space\n\n // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908\n // obs-FWS = 1*([CRLF] WSP)\n function obsFws() {\n return opts.strict ? null : wrap('obs-FWS', star(\n and(invis(opt(crlf)), wsp),\n 1\n )());\n }\n\n // 4.4. Obsolete Addressing\n\n // obs-angle-addr = [CFWS] \"<\" obs-route addr-spec \">\" [CFWS]\n function obsAngleAddr() {\n return opts.strict ? null : wrap('obs-angle-addr', and(\n invis(opt(cfws)),\n literal('<'),\n obsRoute,\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n )());\n }\n\n // obs-route = obs-domain-list \":\"\n function obsRoute() {\n return opts.strict ? null : wrap('obs-route', and(\n obsDomainList,\n literal(':')\n )());\n }\n\n // obs-domain-list = *(CFWS / \",\") \"@\" domain\n // *(\",\" [CFWS] [\"@\" domain])\n function obsDomainList() {\n return opts.strict ? null : wrap('obs-domain-list', and(\n star(or(invis(cfws), literal(','))),\n literal('@'),\n domain,\n star(and(\n literal(','),\n invis(opt(cfws)),\n opt(and(literal('@'), domain))\n ))\n )());\n }\n\n // obs-mbox-list = *([CFWS] \",\") mailbox *(\",\" [mailbox / CFWS])\n function obsMboxList() {\n return opts.strict ? null : wrap('obs-mbox-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n mailbox,\n star(and(\n literal(','),\n opt(and(\n mailbox,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-addr-list = *([CFWS] \",\") address *(\",\" [address / CFWS])\n function obsAddrList() {\n return opts.strict ? null : wrap('obs-addr-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n address,\n star(and(\n literal(','),\n opt(and(\n address,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-group-list = 1*([CFWS] \",\") [CFWS]\n function obsGroupList() {\n return opts.strict ? null : wrap('obs-group-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n ), 1),\n invis(opt(cfws))\n )());\n }\n\n // obs-local-part = word *(\".\" word)\n function obsLocalPart() {\n return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))());\n }\n\n // obs-domain = atom *(\".\" atom)\n function obsDomain() {\n return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))());\n }\n\n // obs-dtext = obs-NO-WS-CTL / quoted-pair\n function obsDtext() {\n return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)());\n }\n\n /////////////////////////////////////////////////////\n\n // ast analysis\n\n function findNode(name, root) {\n var i, stack, node;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n return node;\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return null;\n }\n\n function findAllNodes(name, root) {\n var i, stack, node, result;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n result.push(node);\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return result;\n }\n\n function findAllNodesNoChildren(names, root) {\n var i, stack, node, result, namesLookup;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n namesLookup = {};\n for (i = 0; i < names.length; i += 1) {\n namesLookup[names[i]] = true;\n }\n\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name in namesLookup) {\n result.push(node);\n // don't look at children (hence findAllNodesNoChildren)\n } else {\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n }\n return result;\n }\n\n function giveResult(ast) {\n var addresses, groupsAndMailboxes, i, groupOrMailbox, result;\n if (ast === null) {\n return null;\n }\n addresses = [];\n\n // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'.\n groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast);\n for (i = 0; i < groupsAndMailboxes.length; i += 1) {\n groupOrMailbox = groupsAndMailboxes[i];\n if (groupOrMailbox.name === 'group') {\n addresses.push(giveResultGroup(groupOrMailbox));\n } else if (groupOrMailbox.name === 'mailbox') {\n addresses.push(giveResultMailbox(groupOrMailbox));\n }\n }\n\n result = {\n ast: ast,\n addresses: addresses,\n };\n if (opts.simple) {\n result = simplifyResult(result);\n }\n if (opts.oneResult) {\n return oneResult(result);\n }\n if (opts.simple) {\n return result && result.addresses;\n } else {\n return result;\n }\n }\n\n function giveResultGroup(group) {\n var i;\n var groupName = findNode('display-name', group);\n var groupResultMailboxes = [];\n var mailboxes = findAllNodesNoChildren(['mailbox'], group);\n for (i = 0; i < mailboxes.length; i += 1) {\n groupResultMailboxes.push(giveResultMailbox(mailboxes[i]));\n }\n return {\n node: group,\n parts: {\n name: groupName,\n },\n type: group.name, // 'group'\n name: grabSemantic(groupName),\n addresses: groupResultMailboxes,\n };\n }\n\n function giveResultMailbox(mailbox) {\n var name = findNode('display-name', mailbox);\n var aspec = findNode('addr-spec', mailbox);\n var cfws = findAllNodes('cfws', mailbox);\n var comments = findAllNodesNoChildren(['comment'], mailbox);\n\n\n var local = findNode('local-part', aspec);\n var domain = findNode('domain', aspec);\n return {\n node: mailbox,\n parts: {\n name: name,\n address: aspec,\n local: local,\n domain: domain,\n comments: cfws\n },\n type: mailbox.name, // 'mailbox'\n name: grabSemantic(name),\n address: grabSemantic(aspec),\n local: grabSemantic(local),\n domain: grabSemantic(domain),\n comments: concatComments(comments),\n groupName: grabSemantic(mailbox.groupName),\n };\n }\n\n function grabSemantic(n) {\n return n !== null && n !== undefined ? n.semantic : null;\n }\n\n function simplifyResult(result) {\n var i;\n if (result && result.addresses) {\n for (i = 0; i < result.addresses.length; i += 1) {\n delete result.addresses[i].node;\n }\n }\n return result;\n }\n\n function concatComments(comments) {\n var result = '';\n if (comments) {\n for (var i = 0; i < comments.length; i += 1) {\n result += grabSemantic(comments[i]);\n }\n }\n return result;\n }\n\n function oneResult(result) {\n if (!result) { return null; }\n if (!opts.partial && result.addresses.length > 1) { return null; }\n return result.addresses && result.addresses[0];\n }\n\n /////////////////////////////////////////////////////\n\n var parseString, pos, len, parsed, startProduction;\n\n opts = handleOpts(opts, {});\n if (opts === null) { return null; }\n\n parseString = opts.input;\n\n startProduction = {\n 'address': address,\n 'address-list': addressList,\n 'angle-addr': angleAddr,\n 'from': fromSpec,\n 'group': group,\n 'mailbox': mailbox,\n 'mailbox-list': mailboxList,\n 'reply-to': replyToSpec,\n 'sender': senderSpec,\n }[opts.startAt] || addressList;\n\n if (!opts.strict) {\n initialize();\n opts.strict = true;\n parsed = startProduction(parseString);\n if (opts.partial || !inStr()) {\n return giveResult(parsed);\n }\n opts.strict = false;\n }\n\n initialize();\n parsed = startProduction(parseString);\n if (!opts.partial && inStr()) { return null; }\n return giveResult(parsed);\n}\n\nfunction parseOneAddressSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseAddressListSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseFromSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'from',\n }));\n}\n\nfunction parseSenderSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'sender',\n }));\n}\n\nfunction parseReplyToSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'reply-to',\n }));\n}\n\nfunction handleOpts(opts, defs) {\n function isString(str) {\n return Object.prototype.toString.call(str) === '[object String]';\n }\n\n function isObject(o) {\n return o === Object(o);\n }\n\n function isNullUndef(o) {\n return o === null || o === undefined;\n }\n\n var defaults, o;\n\n if (isString(opts)) {\n opts = { input: opts };\n } else if (!isObject(opts)) {\n return null;\n }\n\n if (!isString(opts.input)) { return null; }\n if (!defs) { return null; }\n\n defaults = {\n oneResult: false,\n partial: false,\n rejectTLD: false,\n rfc6532: false,\n simple: false,\n startAt: 'address-list',\n strict: false,\n atInDisplayName: false\n };\n\n for (o in defaults) {\n if (isNullUndef(opts[o])) {\n opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o];\n }\n }\n return opts;\n}\n\nparse5322.parseOneAddress = parseOneAddressSimple;\nparse5322.parseAddressList = parseAddressListSimple;\nparse5322.parseFrom = parseFromSimple;\nparse5322.parseSender = parseSenderSimple;\nparse5322.parseReplyTo = parseReplyToSimple;\n\nif (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {\n module.exports = parse5322;\n} else {\n global.emailAddresses = parse5322;\n}\n\n}(this));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport emailAddresses from 'email-addresses';\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n try {\n const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true });\n this.comment = comments.replace(/^\\(|\\)$/g, '');\n this.name = name;\n this.email = email;\n } catch (e) {}\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n * @private\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm of a key\n * @param {Key} [key] - The key to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userID = {}, config) {\n let hashAlgo = config.preferredHashAlgorithm;\n let prefAlgo = hashAlgo;\n if (key) {\n const primaryUser = await key.getPrimaryUser(date, userID, config);\n if (primaryUser.selfCertification.preferredHashAlgorithms) {\n [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms;\n hashAlgo = crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n }\n }\n switch (keyPacket.algorithm) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n prefAlgo = crypto.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid);\n }\n return crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n}\n\n/**\n * Returns the preferred symmetric/aead/compression algorithm for a set of keys\n * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred algorithm\n * @async\n */\nexport async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = { // these are all must-implement in rfc4880bis\n 'symmetric': enums.symmetric.aes128,\n 'aead': enums.aead.eax,\n 'compression': enums.compression.uncompressed\n }[type];\n const preferredSenderAlgo = {\n 'symmetric': config.preferredSymmetricAlgorithm,\n 'aead': config.preferredAEADAlgorithm,\n 'compression': config.preferredCompressionAlgorithm\n }[type];\n const prefPropertyName = {\n 'symmetric': 'preferredSymmetricAlgorithms',\n 'aead': 'preferredAEADAlgorithms',\n 'compression': 'preferredCompressionAlgorithms'\n }[type];\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n const recipientPrefs = primaryUser.selfCertification[prefPropertyName];\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {PrivateKey} privateKey - key to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userID, config);\n signaturePacket.rawNotations = notations;\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n await revocationSignature.verify(\n key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\n/**\n * Returns whether aead is supported by all keys in the set\n * @param {Array} keys - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function isAEADSupported(keys, date = new Date(), userIDs = [], config = defaultConfig) {\n let supported = true;\n // TODO replace when Promise.some or Promise.any are implemented\n await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n if (!primaryUser.selfCertification.features ||\n !(primaryUser.selfCertification.features[0] & enums.features.aead)) {\n supported = false;\n }\n }));\n return supported;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc':\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) {\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function isValidSigningKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.rsaEncrypt &&\n keyAlgo !== enums.publicKey.elgamal &&\n keyAlgo !== enums.publicKey.ecdh &&\n keyAlgo !== enums.publicKey.x25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0);\n}\n\nexport function isValidEncryptionKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.dsa &&\n keyAlgo !== enums.publicKey.rsaSign &&\n keyAlgo !== enums.publicKey.ecdsa &&\n keyAlgo !== enums.publicKey.eddsaLegacy &&\n keyAlgo !== enums.publicKey.ed25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0);\n}\n\nexport function isValidDecryptionKeyPacket(signature, config) {\n if (config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n * @private\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n // check for expiration time in direct signatures\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const { selfCertification } = await this.getPrimaryUser(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate');\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {}\n }\n }\n\n // evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) &&\n helper.isValidDecryptionKeyPacket(primaryUser.selfCertification, config)) {\n keys.push(this);\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n const keyPacket = await helper.generateSecretSubkey(options);\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {};\n dataToSign.userID = userIDPacket;\n dataToSign.key = secretKeyPacket;\n\n const signatureProperties = {};\n signatureProperties.signatureType = enums.signature.certGeneric;\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128,\n enums.symmetric.aes192\n ], config.preferredSymmetricAlgorithm);\n if (config.aeadProtect) {\n signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.zlib,\n enums.compression.zip,\n enums.compression.uncompressed\n ], config.preferredCompressionAlgorithm);\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.aead;\n }\n if (config.v5Keys) {\n signatureProperties.features[0] |= enums.features.v5Keys;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return createKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No secret key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport KeyID from './type/keyid';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config);\n\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || !util.isString(algorithmName)) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config); // TODO: Pass userID from somewhere.\n if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n // do not check key expiration to allow decryption of old messages\n const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {\n return;\n }\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config);\n const algorithmName = enums.read(enums.symmetric, algo);\n const aeadAlgorithmName = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?\n enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :\n undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) {\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(algo);\n return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n let symEncryptedPacket;\n if (aeadAlgorithmName) {\n symEncryptedPacket = new AEADEncryptedDataPacket();\n symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName);\n } else {\n symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket();\n }\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const algorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();\n pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();\n pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;\n pkESKeyPacket.sessionKey = sessionKey;\n pkESKeyPacket.sessionKeyAlgorithm = algorithm;\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n let i;\n let existingSigPacketlist;\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n if (signature) {\n existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n for (i = existingSigPacketlist.length - 1; i >= 0; i--) {\n const signaturePacket = existingSigPacketlist[i];\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n if (!signingKeys.length && i === 0) {\n onePassSig.flags = 1;\n }\n packetlist.push(onePassSig);\n }\n }\n\n await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];\n const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signatureType;\n onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);\n onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;\n onePassSig.issuerKeyID = signingKey.getKeyID();\n if (i === signingKeys.length - 1) {\n onePassSig.flags = 1;\n }\n return onePassSig;\n })).then(onePassSignatureList => {\n onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig));\n });\n\n packetlist.push(literalDataPacket);\n packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config)));\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.message, this.write(), null, null, null, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const userID = userIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);\n return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n let input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} privateKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n let hashes = this.signature.packets.map(function(packet) {\n return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();\n });\n hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });\n const body = {\n hash: hashes.join(),\n text: this.text,\n data: this.signature.packets.write()\n };\n return armor(enums.armor.signed, body, undefined, undefined, undefined, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n let oneHeader = null;\n let hashAlgos = [];\n headers.forEach(function(header) {\n oneHeader = header.match(/^Hash: (.+)$/); // get header value\n if (oneHeader) {\n oneHeader = oneHeader[1].replace(/\\s/g, ''); // remove whitespace\n oneHeader = oneHeader.split(',');\n oneHeader = oneHeader.map(function(hash) {\n hash = hash.toLowerCase();\n try {\n return enums.write(enums.hash, hash);\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hash);\n }\n });\n hashAlgos = hashAlgos.concat(oneHeader);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {\n throw new Error('If no \"Hash\" header in cleartext signed message, then only MD5 signatures allowed');\n } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:\n * curve25519 (default), p256, p384, p521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key generation');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key reformat');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n const streaming = message.fromStream;\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return convertStream(data, streaming, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type\n * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data, streaming, encoding = 'utf8') {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n if (streaming === 'node') {\n data = stream.webToNode(data);\n if (encoding !== 'binary') data.setEncoding(encoding);\n return data;\n }\n if (streaming === 'web' && streamType === 'ponyfill') {\n return stream.toNativeReadable(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","/**\n * web-streams-polyfill v3.0.3\n */\n/// \nconst SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ?\n Symbol :\n description => `Symbol(${description})`;\n\n/// \nfunction noop() {\n return undefined;\n}\nfunction getGlobals() {\n if (typeof self !== 'undefined') {\n return self;\n }\n else if (typeof window !== 'undefined') {\n return window;\n }\n else if (typeof global !== 'undefined') {\n return global;\n }\n return undefined;\n}\nconst globals = getGlobals();\n\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nconst rethrowAssertionErrorRejection = noop;\n\nconst originalPromise = Promise;\nconst originalPromiseThen = Promise.prototype.then;\nconst originalPromiseResolve = Promise.resolve.bind(originalPromise);\nconst originalPromiseReject = Promise.reject.bind(originalPromise);\nfunction newPromise(executor) {\n return new originalPromise(executor);\n}\nfunction promiseResolvedWith(value) {\n return originalPromiseResolve(value);\n}\nfunction promiseRejectedWith(reason) {\n return originalPromiseReject(reason);\n}\nfunction PerformPromiseThen(promise, onFulfilled, onRejected) {\n // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an\n // approximation.\n return originalPromiseThen.call(promise, onFulfilled, onRejected);\n}\nfunction uponPromise(promise, onFulfilled, onRejected) {\n PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection);\n}\nfunction uponFulfillment(promise, onFulfilled) {\n uponPromise(promise, onFulfilled);\n}\nfunction uponRejection(promise, onRejected) {\n uponPromise(promise, undefined, onRejected);\n}\nfunction transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) {\n return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler);\n}\nfunction setPromiseIsHandledToTrue(promise) {\n PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection);\n}\nconst queueMicrotask = (() => {\n const globalQueueMicrotask = globals && globals.queueMicrotask;\n if (typeof globalQueueMicrotask === 'function') {\n return globalQueueMicrotask;\n }\n const resolvedPromise = promiseResolvedWith(undefined);\n return (fn) => PerformPromiseThen(resolvedPromise, fn);\n})();\nfunction reflectCall(F, V, args) {\n if (typeof F !== 'function') {\n throw new TypeError('Argument is not a function');\n }\n return Function.prototype.apply.call(F, V, args);\n}\nfunction promiseCall(F, V, args) {\n try {\n return promiseResolvedWith(reflectCall(F, V, args));\n }\n catch (value) {\n return promiseRejectedWith(value);\n }\n}\n\n// Original from Chromium\n// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js\nconst QUEUE_MAX_ARRAY_SIZE = 16384;\n/**\n * Simple queue structure.\n *\n * Avoids scalability issues with using a packed array directly by using\n * multiple arrays in a linked list and keeping the array size bounded.\n */\nclass SimpleQueue {\n constructor() {\n this._cursor = 0;\n this._size = 0;\n // _front and _back are always defined.\n this._front = {\n _elements: [],\n _next: undefined\n };\n this._back = this._front;\n // The cursor is used to avoid calling Array.shift().\n // It contains the index of the front element of the array inside the\n // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE).\n this._cursor = 0;\n // When there is only one node, size === elements.length - cursor.\n this._size = 0;\n }\n get length() {\n return this._size;\n }\n // For exception safety, this method is structured in order:\n // 1. Read state\n // 2. Calculate required state mutations\n // 3. Perform state mutations\n push(element) {\n const oldBack = this._back;\n let newBack = oldBack;\n if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) {\n newBack = {\n _elements: [],\n _next: undefined\n };\n }\n // push() is the mutation most likely to throw an exception, so it\n // goes first.\n oldBack._elements.push(element);\n if (newBack !== oldBack) {\n this._back = newBack;\n oldBack._next = newBack;\n }\n ++this._size;\n }\n // Like push(), shift() follows the read -> calculate -> mutate pattern for\n // exception safety.\n shift() { // must not be called on an empty queue\n const oldFront = this._front;\n let newFront = oldFront;\n const oldCursor = this._cursor;\n let newCursor = oldCursor + 1;\n const elements = oldFront._elements;\n const element = elements[oldCursor];\n if (newCursor === QUEUE_MAX_ARRAY_SIZE) {\n newFront = oldFront._next;\n newCursor = 0;\n }\n // No mutations before this point.\n --this._size;\n this._cursor = newCursor;\n if (oldFront !== newFront) {\n this._front = newFront;\n }\n // Permit shifted element to be garbage collected.\n elements[oldCursor] = undefined;\n return element;\n }\n // The tricky thing about forEach() is that it can be called\n // re-entrantly. The queue may be mutated inside the callback. It is easy to\n // see that push() within the callback has no negative effects since the end\n // of the queue is checked for on every iteration. If shift() is called\n // repeatedly within the callback then the next iteration may return an\n // element that has been removed. In this case the callback will be called\n // with undefined values until we either \"catch up\" with elements that still\n // exist or reach the back of the queue.\n forEach(callback) {\n let i = this._cursor;\n let node = this._front;\n let elements = node._elements;\n while (i !== elements.length || node._next !== undefined) {\n if (i === elements.length) {\n node = node._next;\n elements = node._elements;\n i = 0;\n if (elements.length === 0) {\n break;\n }\n }\n callback(elements[i]);\n ++i;\n }\n }\n // Return the element that would be returned if shift() was called now,\n // without modifying the queue.\n peek() { // must not be called on an empty queue\n const front = this._front;\n const cursor = this._cursor;\n return front._elements[cursor];\n }\n}\n\nfunction ReadableStreamReaderGenericInitialize(reader, stream) {\n reader._ownerReadableStream = stream;\n stream._reader = reader;\n if (stream._state === 'readable') {\n defaultReaderClosedPromiseInitialize(reader);\n }\n else if (stream._state === 'closed') {\n defaultReaderClosedPromiseInitializeAsResolved(reader);\n }\n else {\n defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError);\n }\n}\n// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state\n// check.\nfunction ReadableStreamReaderGenericCancel(reader, reason) {\n const stream = reader._ownerReadableStream;\n return ReadableStreamCancel(stream, reason);\n}\nfunction ReadableStreamReaderGenericRelease(reader) {\n if (reader._ownerReadableStream._state === 'readable') {\n defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n else {\n defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n reader._ownerReadableStream._reader = undefined;\n reader._ownerReadableStream = undefined;\n}\n// Helper functions for the readers.\nfunction readerLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released reader');\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderClosedPromiseInitialize(reader) {\n reader._closedPromise = newPromise((resolve, reject) => {\n reader._closedPromise_resolve = resolve;\n reader._closedPromise_reject = reject;\n });\n}\nfunction defaultReaderClosedPromiseInitializeAsRejected(reader, reason) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseReject(reader, reason);\n}\nfunction defaultReaderClosedPromiseInitializeAsResolved(reader) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseResolve(reader);\n}\nfunction defaultReaderClosedPromiseReject(reader, reason) {\n if (reader._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(reader._closedPromise);\n reader._closedPromise_reject(reason);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\nfunction defaultReaderClosedPromiseResetToRejected(reader, reason) {\n defaultReaderClosedPromiseInitializeAsRejected(reader, reason);\n}\nfunction defaultReaderClosedPromiseResolve(reader) {\n if (reader._closedPromise_resolve === undefined) {\n return;\n }\n reader._closedPromise_resolve(undefined);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\n\nconst AbortSteps = SymbolPolyfill('[[AbortSteps]]');\nconst ErrorSteps = SymbolPolyfill('[[ErrorSteps]]');\nconst CancelSteps = SymbolPolyfill('[[CancelSteps]]');\nconst PullSteps = SymbolPolyfill('[[PullSteps]]');\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill\nconst NumberIsFinite = Number.isFinite || function (x) {\n return typeof x === 'number' && isFinite(x);\n};\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill\nconst MathTrunc = Math.trunc || function (v) {\n return v < 0 ? Math.ceil(v) : Math.floor(v);\n};\n\n// https://heycam.github.io/webidl/#idl-dictionaries\nfunction isDictionary(x) {\n return typeof x === 'object' || typeof x === 'function';\n}\nfunction assertDictionary(obj, context) {\n if (obj !== undefined && !isDictionary(obj)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-callback-functions\nfunction assertFunction(x, context) {\n if (typeof x !== 'function') {\n throw new TypeError(`${context} is not a function.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-object\nfunction isObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nfunction assertObject(x, context) {\n if (!isObject(x)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\nfunction assertRequiredArgument(x, position, context) {\n if (x === undefined) {\n throw new TypeError(`Parameter ${position} is required in '${context}'.`);\n }\n}\nfunction assertRequiredField(x, field, context) {\n if (x === undefined) {\n throw new TypeError(`${field} is required in '${context}'.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-unrestricted-double\nfunction convertUnrestrictedDouble(value) {\n return Number(value);\n}\nfunction censorNegativeZero(x) {\n return x === 0 ? 0 : x;\n}\nfunction integerPart(x) {\n return censorNegativeZero(MathTrunc(x));\n}\n// https://heycam.github.io/webidl/#idl-unsigned-long-long\nfunction convertUnsignedLongLongWithEnforceRange(value, context) {\n const lowerBound = 0;\n const upperBound = Number.MAX_SAFE_INTEGER;\n let x = Number(value);\n x = censorNegativeZero(x);\n if (!NumberIsFinite(x)) {\n throw new TypeError(`${context} is not a finite number`);\n }\n x = integerPart(x);\n if (x < lowerBound || x > upperBound) {\n throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`);\n }\n if (!NumberIsFinite(x) || x === 0) {\n return 0;\n }\n // TODO Use BigInt if supported?\n // let xBigInt = BigInt(integerPart(x));\n // xBigInt = BigInt.asUintN(64, xBigInt);\n // return Number(xBigInt);\n return x;\n}\n\nfunction assertReadableStream(x, context) {\n if (!IsReadableStream(x)) {\n throw new TypeError(`${context} is not a ReadableStream.`);\n }\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamDefaultReader(stream) {\n return new ReadableStreamDefaultReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadRequest(stream, readRequest) {\n stream._reader._readRequests.push(readRequest);\n}\nfunction ReadableStreamFulfillReadRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readRequest = reader._readRequests.shift();\n if (done) {\n readRequest._closeSteps();\n }\n else {\n readRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadRequests(stream) {\n return stream._reader._readRequests.length;\n}\nfunction ReadableStreamHasDefaultReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamDefaultReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A default reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamDefaultReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed,\n * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Returns a promise that allows access to the next chunk from the stream's internal queue, if available.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('read'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: () => resolvePromise({ value: undefined, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamDefaultReaderRead(this, readRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamDefaultReader(this)) {\n throw defaultReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamDefaultReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamDefaultReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultReaderRead(reader, readRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'closed') {\n readRequest._closeSteps();\n }\n else if (stream._state === 'errored') {\n readRequest._errorSteps(stream._storedError);\n }\n else {\n stream._readableStreamController[PullSteps](readRequest);\n }\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`);\n}\n\n/// \nlet AsyncIteratorPrototype;\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n // We're running inside a ES2018+ environment, but we're compiling to an older syntax.\n // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it.\n AsyncIteratorPrototype = {\n // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( )\n // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator\n [SymbolPolyfill.asyncIterator]() {\n return this;\n }\n };\n Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false });\n}\n\n/// \nclass ReadableStreamAsyncIteratorImpl {\n constructor(reader, preventCancel) {\n this._ongoingPromise = undefined;\n this._isFinished = false;\n this._reader = reader;\n this._preventCancel = preventCancel;\n }\n next() {\n const nextSteps = () => this._nextSteps();\n this._ongoingPromise = this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) :\n nextSteps();\n return this._ongoingPromise;\n }\n return(value) {\n const returnSteps = () => this._returnSteps(value);\n return this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) :\n returnSteps();\n }\n _nextSteps() {\n if (this._isFinished) {\n return Promise.resolve({ value: undefined, done: true });\n }\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('iterate'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => {\n this._ongoingPromise = undefined;\n // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test.\n // FIXME Is this a bug in the specification, or in the test?\n queueMicrotask(() => resolvePromise({ value: chunk, done: false }));\n },\n _closeSteps: () => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n resolvePromise({ value: undefined, done: true });\n },\n _errorSteps: reason => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n rejectPromise(reason);\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promise;\n }\n _returnSteps(value) {\n if (this._isFinished) {\n return Promise.resolve({ value, done: true });\n }\n this._isFinished = true;\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('finish iterating'));\n }\n if (!this._preventCancel) {\n const result = ReadableStreamReaderGenericCancel(reader, value);\n ReadableStreamReaderGenericRelease(reader);\n return transformPromiseWith(result, () => ({ value, done: true }));\n }\n ReadableStreamReaderGenericRelease(reader);\n return promiseResolvedWith({ value, done: true });\n }\n}\nconst ReadableStreamAsyncIteratorPrototype = {\n next() {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next'));\n }\n return this._asyncIteratorImpl.next();\n },\n return(value) {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return'));\n }\n return this._asyncIteratorImpl.return(value);\n }\n};\nif (AsyncIteratorPrototype !== undefined) {\n Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype);\n}\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamAsyncIterator(stream, preventCancel) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel);\n const iterator = Object.create(ReadableStreamAsyncIteratorPrototype);\n iterator._asyncIteratorImpl = impl;\n return iterator;\n}\nfunction IsReadableStreamAsyncIterator(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) {\n return false;\n }\n return true;\n}\n// Helper functions for the ReadableStream.\nfunction streamAsyncIteratorBrandCheckException(name) {\n return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`);\n}\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill\nconst NumberIsNaN = Number.isNaN || function (x) {\n // eslint-disable-next-line no-self-compare\n return x !== x;\n};\n\nfunction IsFiniteNonNegativeNumber(v) {\n if (!IsNonNegativeNumber(v)) {\n return false;\n }\n if (v === Infinity) {\n return false;\n }\n return true;\n}\nfunction IsNonNegativeNumber(v) {\n if (typeof v !== 'number') {\n return false;\n }\n if (NumberIsNaN(v)) {\n return false;\n }\n if (v < 0) {\n return false;\n }\n return true;\n}\n\nfunction DequeueValue(container) {\n const pair = container._queue.shift();\n container._queueTotalSize -= pair.size;\n if (container._queueTotalSize < 0) {\n container._queueTotalSize = 0;\n }\n return pair.value;\n}\nfunction EnqueueValueWithSize(container, value, size) {\n size = Number(size);\n if (!IsFiniteNonNegativeNumber(size)) {\n throw new RangeError('Size must be a finite, non-NaN, non-negative number.');\n }\n container._queue.push({ value, size });\n container._queueTotalSize += size;\n}\nfunction PeekQueueValue(container) {\n const pair = container._queue.peek();\n return pair.value;\n}\nfunction ResetQueue(container) {\n container._queue = new SimpleQueue();\n container._queueTotalSize = 0;\n}\n\nfunction CreateArrayFromList(elements) {\n // We use arrays to represent lists, so this is basically a no-op.\n // Do a slice though just in case we happen to depend on the unique-ness.\n return elements.slice();\n}\nfunction CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) {\n new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset);\n}\n// Not implemented correctly\nfunction TransferArrayBuffer(O) {\n return O;\n}\n// Not implemented correctly\nfunction IsDetachedBuffer(O) {\n return false;\n}\n\n/**\n * A pull-into request in a {@link ReadableByteStreamController}.\n *\n * @public\n */\nclass ReadableStreamBYOBRequest {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the view for writing in to, or `null` if the BYOB request has already been responded to.\n */\n get view() {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('view');\n }\n return this._view;\n }\n respond(bytesWritten) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respond');\n }\n assertRequiredArgument(bytesWritten, 1, 'respond');\n bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter');\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n if (IsDetachedBuffer(this._view.buffer)) ;\n ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten);\n }\n respondWithNewView(view) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respondWithNewView');\n }\n assertRequiredArgument(view, 1, 'respondWithNewView');\n if (!ArrayBuffer.isView(view)) {\n throw new TypeError('You can only respond with array buffer views');\n }\n if (view.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (view.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view);\n }\n}\nObject.defineProperties(ReadableStreamBYOBRequest.prototype, {\n respond: { enumerable: true },\n respondWithNewView: { enumerable: true },\n view: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBRequest',\n configurable: true\n });\n}\n/**\n * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableByteStreamController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the current BYOB pull request, or `null` if there isn't one.\n */\n get byobRequest() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('byobRequest');\n }\n if (this._byobRequest === null && this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled);\n const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype);\n SetUpReadableStreamBYOBRequest(byobRequest, this, view);\n this._byobRequest = byobRequest;\n }\n return this._byobRequest;\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('desiredSize');\n }\n return ReadableByteStreamControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('close');\n }\n if (this._closeRequested) {\n throw new TypeError('The stream has already been closed; do not close it again!');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`);\n }\n ReadableByteStreamControllerClose(this);\n }\n enqueue(chunk) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('enqueue');\n }\n assertRequiredArgument(chunk, 1, 'enqueue');\n if (!ArrayBuffer.isView(chunk)) {\n throw new TypeError('chunk must be an array buffer view');\n }\n if (chunk.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (chunk.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._closeRequested) {\n throw new TypeError('stream is closed or draining');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`);\n }\n ReadableByteStreamControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('error');\n }\n ReadableByteStreamControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n if (this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n firstDescriptor.bytesFilled = 0;\n }\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableByteStreamControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableByteStream;\n if (this._queueTotalSize > 0) {\n const entry = this._queue.shift();\n this._queueTotalSize -= entry.byteLength;\n ReadableByteStreamControllerHandleQueueDrain(this);\n const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength);\n readRequest._chunkSteps(view);\n return;\n }\n const autoAllocateChunkSize = this._autoAllocateChunkSize;\n if (autoAllocateChunkSize !== undefined) {\n let buffer;\n try {\n buffer = new ArrayBuffer(autoAllocateChunkSize);\n }\n catch (bufferE) {\n readRequest._errorSteps(bufferE);\n return;\n }\n const pullIntoDescriptor = {\n buffer,\n byteOffset: 0,\n byteLength: autoAllocateChunkSize,\n bytesFilled: 0,\n elementSize: 1,\n viewConstructor: Uint8Array,\n readerType: 'default'\n };\n this._pendingPullIntos.push(pullIntoDescriptor);\n }\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableByteStreamControllerCallPullIfNeeded(this);\n }\n}\nObject.defineProperties(ReadableByteStreamController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n byobRequest: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableByteStreamController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableByteStreamController.\nfunction IsReadableByteStreamController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamBYOBRequest(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) {\n return false;\n }\n return true;\n}\nfunction ReadableByteStreamControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableByteStreamControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n // TODO: Test controller argument\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableByteStreamControllerError(controller, e);\n });\n}\nfunction ReadableByteStreamControllerClearPendingPullIntos(controller) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n controller._pendingPullIntos = new SimpleQueue();\n}\nfunction ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) {\n let done = false;\n if (stream._state === 'closed') {\n done = true;\n }\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n if (pullIntoDescriptor.readerType === 'default') {\n ReadableStreamFulfillReadRequest(stream, filledView, done);\n }\n else {\n ReadableStreamFulfillReadIntoRequest(stream, filledView, done);\n }\n}\nfunction ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) {\n const bytesFilled = pullIntoDescriptor.bytesFilled;\n const elementSize = pullIntoDescriptor.elementSize;\n return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize);\n}\nfunction ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) {\n controller._queue.push({ buffer, byteOffset, byteLength });\n controller._queueTotalSize += byteLength;\n}\nfunction ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) {\n const elementSize = pullIntoDescriptor.elementSize;\n const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize;\n const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled);\n const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy;\n const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize;\n let totalBytesToCopyRemaining = maxBytesToCopy;\n let ready = false;\n if (maxAlignedBytes > currentAlignedBytes) {\n totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled;\n ready = true;\n }\n const queue = controller._queue;\n while (totalBytesToCopyRemaining > 0) {\n const headOfQueue = queue.peek();\n const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength);\n const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy);\n if (headOfQueue.byteLength === bytesToCopy) {\n queue.shift();\n }\n else {\n headOfQueue.byteOffset += bytesToCopy;\n headOfQueue.byteLength -= bytesToCopy;\n }\n controller._queueTotalSize -= bytesToCopy;\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor);\n totalBytesToCopyRemaining -= bytesToCopy;\n }\n return ready;\n}\nfunction ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n pullIntoDescriptor.bytesFilled += size;\n}\nfunction ReadableByteStreamControllerHandleQueueDrain(controller) {\n if (controller._queueTotalSize === 0 && controller._closeRequested) {\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(controller._controlledReadableByteStream);\n }\n else {\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n}\nfunction ReadableByteStreamControllerInvalidateBYOBRequest(controller) {\n if (controller._byobRequest === null) {\n return;\n }\n controller._byobRequest._associatedReadableByteStreamController = undefined;\n controller._byobRequest._view = null;\n controller._byobRequest = null;\n}\nfunction ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) {\n while (controller._pendingPullIntos.length > 0) {\n if (controller._queueTotalSize === 0) {\n return;\n }\n const pullIntoDescriptor = controller._pendingPullIntos.peek();\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) {\n const stream = controller._controlledReadableByteStream;\n let elementSize = 1;\n if (view.constructor !== DataView) {\n elementSize = view.constructor.BYTES_PER_ELEMENT;\n }\n const ctor = view.constructor;\n const buffer = TransferArrayBuffer(view.buffer);\n const pullIntoDescriptor = {\n buffer,\n byteOffset: view.byteOffset,\n byteLength: view.byteLength,\n bytesFilled: 0,\n elementSize,\n viewConstructor: ctor,\n readerType: 'byob'\n };\n if (controller._pendingPullIntos.length > 0) {\n controller._pendingPullIntos.push(pullIntoDescriptor);\n // No ReadableByteStreamControllerCallPullIfNeeded() call since:\n // - No change happens on desiredSize\n // - The source has already been notified of that there's at least 1 pending read(view)\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n return;\n }\n if (stream._state === 'closed') {\n const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0);\n readIntoRequest._closeSteps(emptyView);\n return;\n }\n if (controller._queueTotalSize > 0) {\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n ReadableByteStreamControllerHandleQueueDrain(controller);\n readIntoRequest._chunkSteps(filledView);\n return;\n }\n if (controller._closeRequested) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n readIntoRequest._errorSteps(e);\n return;\n }\n }\n controller._pendingPullIntos.push(pullIntoDescriptor);\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) {\n firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer);\n const stream = controller._controlledReadableByteStream;\n if (ReadableStreamHasBYOBReader(stream)) {\n while (ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) {\n if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) {\n throw new RangeError('bytesWritten out of range');\n }\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor);\n if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) {\n // TODO: Figure out whether we should detach the buffer or not here.\n return;\n }\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize;\n if (remainderSize > 0) {\n const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end);\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength);\n }\n pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer);\n pullIntoDescriptor.bytesFilled -= remainderSize;\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n}\nfunction ReadableByteStreamControllerRespondInternal(controller, bytesWritten) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n const state = controller._controlledReadableByteStream._state;\n if (state === 'closed') {\n if (bytesWritten !== 0) {\n throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream');\n }\n ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor);\n }\n else {\n ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerShiftPendingPullInto(controller) {\n const descriptor = controller._pendingPullIntos.shift();\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n return descriptor;\n}\nfunction ReadableByteStreamControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return false;\n }\n if (controller._closeRequested) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableByteStreamControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n}\n// A client of ReadableByteStreamController may use these functions directly to bypass state check.\nfunction ReadableByteStreamControllerClose(controller) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n if (controller._queueTotalSize > 0) {\n controller._closeRequested = true;\n return;\n }\n if (controller._pendingPullIntos.length > 0) {\n const firstPendingPullInto = controller._pendingPullIntos.peek();\n if (firstPendingPullInto.bytesFilled > 0) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n throw e;\n }\n }\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n}\nfunction ReadableByteStreamControllerEnqueue(controller, chunk) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n const buffer = chunk.buffer;\n const byteOffset = chunk.byteOffset;\n const byteLength = chunk.byteLength;\n const transferredBuffer = TransferArrayBuffer(buffer);\n if (ReadableStreamHasDefaultReader(stream)) {\n if (ReadableStreamGetNumReadRequests(stream) === 0) {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n else {\n const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength);\n ReadableStreamFulfillReadRequest(stream, transferredView, false);\n }\n }\n else if (ReadableStreamHasBYOBReader(stream)) {\n // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully.\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n }\n else {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerError(controller, e) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return;\n }\n ReadableByteStreamControllerClearPendingPullIntos(controller);\n ResetQueue(controller);\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableByteStreamControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableByteStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction ReadableByteStreamControllerRespond(controller, bytesWritten) {\n bytesWritten = Number(bytesWritten);\n if (!IsFiniteNonNegativeNumber(bytesWritten)) {\n throw new RangeError('bytesWritten must be a finite');\n }\n ReadableByteStreamControllerRespondInternal(controller, bytesWritten);\n}\nfunction ReadableByteStreamControllerRespondWithNewView(controller, view) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) {\n throw new RangeError('The region specified by view does not match byobRequest');\n }\n if (firstDescriptor.byteLength !== view.byteLength) {\n throw new RangeError('The buffer of view has different capacity than byobRequest');\n }\n firstDescriptor.buffer = view.buffer;\n ReadableByteStreamControllerRespondInternal(controller, view.byteLength);\n}\nfunction SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) {\n controller._controlledReadableByteStream = stream;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._byobRequest = null;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._closeRequested = false;\n controller._started = false;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n controller._autoAllocateChunkSize = autoAllocateChunkSize;\n controller._pendingPullIntos = new SimpleQueue();\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableByteStreamControllerError(controller, r);\n });\n}\nfunction SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) {\n const controller = Object.create(ReadableByteStreamController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingByteSource.start !== undefined) {\n startAlgorithm = () => underlyingByteSource.start(controller);\n }\n if (underlyingByteSource.pull !== undefined) {\n pullAlgorithm = () => underlyingByteSource.pull(controller);\n }\n if (underlyingByteSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingByteSource.cancel(reason);\n }\n const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize;\n if (autoAllocateChunkSize === 0) {\n throw new TypeError('autoAllocateChunkSize must be greater than 0');\n }\n SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize);\n}\nfunction SetUpReadableStreamBYOBRequest(request, controller, view) {\n request._associatedReadableByteStreamController = controller;\n request._view = view;\n}\n// Helper functions for the ReadableStreamBYOBRequest.\nfunction byobRequestBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`);\n}\n// Helper functions for the ReadableByteStreamController.\nfunction byteStreamControllerBrandCheckException(name) {\n return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`);\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamBYOBReader(stream) {\n return new ReadableStreamBYOBReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadIntoRequest(stream, readIntoRequest) {\n stream._reader._readIntoRequests.push(readIntoRequest);\n}\nfunction ReadableStreamFulfillReadIntoRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readIntoRequest = reader._readIntoRequests.shift();\n if (done) {\n readIntoRequest._closeSteps(chunk);\n }\n else {\n readIntoRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadIntoRequests(stream) {\n return stream._reader._readIntoRequests.length;\n}\nfunction ReadableStreamHasBYOBReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamBYOBReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A BYOB reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamBYOBReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n if (!IsReadableByteStreamController(stream._readableStreamController)) {\n throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' +\n 'source');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readIntoRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Attempts to reads bytes into view, and returns a promise resolved with the result.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read(view) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('read'));\n }\n if (!ArrayBuffer.isView(view)) {\n return promiseRejectedWith(new TypeError('view must be an array buffer view'));\n }\n if (view.byteLength === 0) {\n return promiseRejectedWith(new TypeError('view must have non-zero byteLength'));\n }\n if (view.buffer.byteLength === 0) {\n return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readIntoRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: chunk => resolvePromise({ value: chunk, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamBYOBReaderRead(this, view, readIntoRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamBYOBReader(this)) {\n throw byobReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readIntoRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamBYOBReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamBYOBReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'errored') {\n readIntoRequest._errorSteps(stream._storedError);\n }\n else {\n ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest);\n }\n}\n// Helper functions for the ReadableStreamBYOBReader.\nfunction byobReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`);\n}\n\nfunction ExtractHighWaterMark(strategy, defaultHWM) {\n const { highWaterMark } = strategy;\n if (highWaterMark === undefined) {\n return defaultHWM;\n }\n if (NumberIsNaN(highWaterMark) || highWaterMark < 0) {\n throw new RangeError('Invalid highWaterMark');\n }\n return highWaterMark;\n}\nfunction ExtractSizeAlgorithm(strategy) {\n const { size } = strategy;\n if (!size) {\n return () => 1;\n }\n return size;\n}\n\nfunction convertQueuingStrategy(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n const size = init === null || init === void 0 ? void 0 : init.size;\n return {\n highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark),\n size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`)\n };\n}\nfunction convertQueuingStrategySize(fn, context) {\n assertFunction(fn, context);\n return chunk => convertUnrestrictedDouble(fn(chunk));\n}\n\nfunction convertUnderlyingSink(original, context) {\n assertDictionary(original, context);\n const abort = original === null || original === void 0 ? void 0 : original.abort;\n const close = original === null || original === void 0 ? void 0 : original.close;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n const write = original === null || original === void 0 ? void 0 : original.write;\n return {\n abort: abort === undefined ?\n undefined :\n convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`),\n close: close === undefined ?\n undefined :\n convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`),\n write: write === undefined ?\n undefined :\n convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`),\n type\n };\n}\nfunction convertUnderlyingSinkAbortCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSinkCloseCallback(fn, original, context) {\n assertFunction(fn, context);\n return () => promiseCall(fn, original, []);\n}\nfunction convertUnderlyingSinkStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSinkWriteCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\nfunction assertWritableStream(x, context) {\n if (!IsWritableStream(x)) {\n throw new TypeError(`${context} is not a WritableStream.`);\n }\n}\n\n/**\n * A writable stream represents a destination for data, into which you can write.\n *\n * @public\n */\nclass WritableStream {\n constructor(rawUnderlyingSink = {}, rawStrategy = {}) {\n if (rawUnderlyingSink === undefined) {\n rawUnderlyingSink = null;\n }\n else {\n assertObject(rawUnderlyingSink, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter');\n InitializeWritableStream(this);\n const type = underlyingSink.type;\n if (type !== undefined) {\n throw new RangeError('Invalid type is specified');\n }\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm);\n }\n /**\n * Returns whether or not the writable stream is locked to a writer.\n */\n get locked() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('locked');\n }\n return IsWritableStreamLocked(this);\n }\n /**\n * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be\n * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort\n * mechanism of the underlying sink.\n *\n * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled\n * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel\n * the stream) if the stream is currently locked.\n */\n abort(reason = undefined) {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('abort'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer'));\n }\n return WritableStreamAbort(this, reason);\n }\n /**\n * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its\n * close behavior. During this time any further attempts to write will fail (without erroring the stream).\n *\n * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream\n * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with\n * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked.\n */\n close() {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('close'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer'));\n }\n if (WritableStreamCloseQueuedOrInFlight(this)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamClose(this);\n }\n /**\n * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream\n * is locked, no other writer can be acquired until this one is released.\n *\n * This functionality is especially useful for creating abstractions that desire the ability to write to a stream\n * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at\n * the same time, which would cause the resulting written data to be unpredictable and probably useless.\n */\n getWriter() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('getWriter');\n }\n return AcquireWritableStreamDefaultWriter(this);\n }\n}\nObject.defineProperties(WritableStream.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n getWriter: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStream',\n configurable: true\n });\n}\n// Abstract operations for the WritableStream.\nfunction AcquireWritableStreamDefaultWriter(stream) {\n return new WritableStreamDefaultWriter(stream);\n}\n// Throws if and only if startAlgorithm throws.\nfunction CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(WritableStream.prototype);\n InitializeWritableStream(stream);\n const controller = Object.create(WritableStreamDefaultController.prototype);\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeWritableStream(stream) {\n stream._state = 'writable';\n // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is\n // 'erroring' or 'errored'. May be set to an undefined value.\n stream._storedError = undefined;\n stream._writer = undefined;\n // Initialize to undefined first because the constructor of the controller checks this\n // variable to validate the caller.\n stream._writableStreamController = undefined;\n // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data\n // producer without waiting for the queued writes to finish.\n stream._writeRequests = new SimpleQueue();\n // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents\n // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here.\n stream._inFlightWriteRequest = undefined;\n // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer\n // has been detached.\n stream._closeRequest = undefined;\n // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it\n // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here.\n stream._inFlightCloseRequest = undefined;\n // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached.\n stream._pendingAbortRequest = undefined;\n // The backpressure signal set by the controller.\n stream._backpressure = false;\n}\nfunction IsWritableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsWritableStreamLocked(stream) {\n if (stream._writer === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamAbort(stream, reason) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseResolvedWith(undefined);\n }\n if (stream._pendingAbortRequest !== undefined) {\n return stream._pendingAbortRequest._promise;\n }\n let wasAlreadyErroring = false;\n if (state === 'erroring') {\n wasAlreadyErroring = true;\n // reason will not be used, so don't keep a reference to it.\n reason = undefined;\n }\n const promise = newPromise((resolve, reject) => {\n stream._pendingAbortRequest = {\n _promise: undefined,\n _resolve: resolve,\n _reject: reject,\n _reason: reason,\n _wasAlreadyErroring: wasAlreadyErroring\n };\n });\n stream._pendingAbortRequest._promise = promise;\n if (!wasAlreadyErroring) {\n WritableStreamStartErroring(stream, reason);\n }\n return promise;\n}\nfunction WritableStreamClose(stream) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`));\n }\n const promise = newPromise((resolve, reject) => {\n const closeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._closeRequest = closeRequest;\n });\n const writer = stream._writer;\n if (writer !== undefined && stream._backpressure && state === 'writable') {\n defaultWriterReadyPromiseResolve(writer);\n }\n WritableStreamDefaultControllerClose(stream._writableStreamController);\n return promise;\n}\n// WritableStream API exposed for controllers.\nfunction WritableStreamAddWriteRequest(stream) {\n const promise = newPromise((resolve, reject) => {\n const writeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._writeRequests.push(writeRequest);\n });\n return promise;\n}\nfunction WritableStreamDealWithRejection(stream, error) {\n const state = stream._state;\n if (state === 'writable') {\n WritableStreamStartErroring(stream, error);\n return;\n }\n WritableStreamFinishErroring(stream);\n}\nfunction WritableStreamStartErroring(stream, reason) {\n const controller = stream._writableStreamController;\n stream._state = 'erroring';\n stream._storedError = reason;\n const writer = stream._writer;\n if (writer !== undefined) {\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason);\n }\n if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) {\n WritableStreamFinishErroring(stream);\n }\n}\nfunction WritableStreamFinishErroring(stream) {\n stream._state = 'errored';\n stream._writableStreamController[ErrorSteps]();\n const storedError = stream._storedError;\n stream._writeRequests.forEach(writeRequest => {\n writeRequest._reject(storedError);\n });\n stream._writeRequests = new SimpleQueue();\n if (stream._pendingAbortRequest === undefined) {\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const abortRequest = stream._pendingAbortRequest;\n stream._pendingAbortRequest = undefined;\n if (abortRequest._wasAlreadyErroring) {\n abortRequest._reject(storedError);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const promise = stream._writableStreamController[AbortSteps](abortRequest._reason);\n uponPromise(promise, () => {\n abortRequest._resolve();\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n }, (reason) => {\n abortRequest._reject(reason);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n });\n}\nfunction WritableStreamFinishInFlightWrite(stream) {\n stream._inFlightWriteRequest._resolve(undefined);\n stream._inFlightWriteRequest = undefined;\n}\nfunction WritableStreamFinishInFlightWriteWithError(stream, error) {\n stream._inFlightWriteRequest._reject(error);\n stream._inFlightWriteRequest = undefined;\n WritableStreamDealWithRejection(stream, error);\n}\nfunction WritableStreamFinishInFlightClose(stream) {\n stream._inFlightCloseRequest._resolve(undefined);\n stream._inFlightCloseRequest = undefined;\n const state = stream._state;\n if (state === 'erroring') {\n // The error was too late to do anything, so it is ignored.\n stream._storedError = undefined;\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._resolve();\n stream._pendingAbortRequest = undefined;\n }\n }\n stream._state = 'closed';\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseResolve(writer);\n }\n}\nfunction WritableStreamFinishInFlightCloseWithError(stream, error) {\n stream._inFlightCloseRequest._reject(error);\n stream._inFlightCloseRequest = undefined;\n // Never execute sink abort() after sink close().\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._reject(error);\n stream._pendingAbortRequest = undefined;\n }\n WritableStreamDealWithRejection(stream, error);\n}\n// TODO(ricea): Fix alphabetical order.\nfunction WritableStreamCloseQueuedOrInFlight(stream) {\n if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamHasOperationMarkedInFlight(stream) {\n if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamMarkCloseRequestInFlight(stream) {\n stream._inFlightCloseRequest = stream._closeRequest;\n stream._closeRequest = undefined;\n}\nfunction WritableStreamMarkFirstWriteRequestInFlight(stream) {\n stream._inFlightWriteRequest = stream._writeRequests.shift();\n}\nfunction WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) {\n if (stream._closeRequest !== undefined) {\n stream._closeRequest._reject(stream._storedError);\n stream._closeRequest = undefined;\n }\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseReject(writer, stream._storedError);\n }\n}\nfunction WritableStreamUpdateBackpressure(stream, backpressure) {\n const writer = stream._writer;\n if (writer !== undefined && backpressure !== stream._backpressure) {\n if (backpressure) {\n defaultWriterReadyPromiseReset(writer);\n }\n else {\n defaultWriterReadyPromiseResolve(writer);\n }\n }\n stream._backpressure = backpressure;\n}\n/**\n * A default writer vended by a {@link WritableStream}.\n *\n * @public\n */\nclass WritableStreamDefaultWriter {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter');\n assertWritableStream(stream, 'First parameter');\n if (IsWritableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive writing by another writer');\n }\n this._ownerWritableStream = stream;\n stream._writer = this;\n const state = stream._state;\n if (state === 'writable') {\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) {\n defaultWriterReadyPromiseInitialize(this);\n }\n else {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n }\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'erroring') {\n defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError);\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'closed') {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n defaultWriterClosedPromiseInitializeAsResolved(this);\n }\n else {\n const storedError = stream._storedError;\n defaultWriterReadyPromiseInitializeAsRejected(this, storedError);\n defaultWriterClosedPromiseInitializeAsRejected(this, storedError);\n }\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the writer’s lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full.\n * A producer can use this information to determine the right amount of data to write.\n *\n * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort\n * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when\n * the writer’s lock is released.\n */\n get desiredSize() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('desiredSize');\n }\n if (this._ownerWritableStream === undefined) {\n throw defaultWriterLockException('desiredSize');\n }\n return WritableStreamDefaultWriterGetDesiredSize(this);\n }\n /**\n * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions\n * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips\n * back to zero or below, the getter will return a new promise that stays pending until the next transition.\n *\n * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become\n * rejected.\n */\n get ready() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('ready'));\n }\n return this._readyPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}.\n */\n abort(reason = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('abort'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('abort'));\n }\n return WritableStreamDefaultWriterAbort(this, reason);\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}.\n */\n close() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('close'));\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('close'));\n }\n if (WritableStreamCloseQueuedOrInFlight(stream)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamDefaultWriterClose(this);\n }\n /**\n * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active.\n * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from\n * now on; otherwise, the writer will appear closed.\n *\n * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the\n * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled).\n * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents\n * other producers from writing in an interleaved manner.\n */\n releaseLock() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('releaseLock');\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return;\n }\n WritableStreamDefaultWriterRelease(this);\n }\n write(chunk = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('write'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n return WritableStreamDefaultWriterWrite(this, chunk);\n }\n}\nObject.defineProperties(WritableStreamDefaultWriter.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n releaseLock: { enumerable: true },\n write: { enumerable: true },\n closed: { enumerable: true },\n desiredSize: { enumerable: true },\n ready: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultWriter',\n configurable: true\n });\n}\n// Abstract operations for the WritableStreamDefaultWriter.\nfunction IsWritableStreamDefaultWriter(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) {\n return false;\n }\n return true;\n}\n// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check.\nfunction WritableStreamDefaultWriterAbort(writer, reason) {\n const stream = writer._ownerWritableStream;\n return WritableStreamAbort(stream, reason);\n}\nfunction WritableStreamDefaultWriterClose(writer) {\n const stream = writer._ownerWritableStream;\n return WritableStreamClose(stream);\n}\nfunction WritableStreamDefaultWriterCloseWithErrorPropagation(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n return WritableStreamDefaultWriterClose(writer);\n}\nfunction WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) {\n if (writer._closedPromiseState === 'pending') {\n defaultWriterClosedPromiseReject(writer, error);\n }\n else {\n defaultWriterClosedPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) {\n if (writer._readyPromiseState === 'pending') {\n defaultWriterReadyPromiseReject(writer, error);\n }\n else {\n defaultWriterReadyPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterGetDesiredSize(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (state === 'errored' || state === 'erroring') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController);\n}\nfunction WritableStreamDefaultWriterRelease(writer) {\n const stream = writer._ownerWritableStream;\n const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`);\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError);\n // The state transitions to \"errored\" before the sink abort() method runs, but the writer.closed promise is not\n // rejected until afterwards. This means that simply testing state will not work.\n WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError);\n stream._writer = undefined;\n writer._ownerWritableStream = undefined;\n}\nfunction WritableStreamDefaultWriterWrite(writer, chunk) {\n const stream = writer._ownerWritableStream;\n const controller = stream._writableStreamController;\n const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk);\n if (stream !== writer._ownerWritableStream) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n const state = stream._state;\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to'));\n }\n if (state === 'erroring') {\n return promiseRejectedWith(stream._storedError);\n }\n const promise = WritableStreamAddWriteRequest(stream);\n WritableStreamDefaultControllerWrite(controller, chunk, chunkSize);\n return promise;\n}\nconst closeSentinel = {};\n/**\n * Allows control of a {@link WritableStream | writable stream}'s state and internal queue.\n *\n * @public\n */\nclass WritableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`.\n *\n * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying\n * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the\n * normal lifecycle of interactions with the underlying sink.\n */\n error(e = undefined) {\n if (!IsWritableStreamDefaultController(this)) {\n throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController');\n }\n const state = this._controlledWritableStream._state;\n if (state !== 'writable') {\n // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so\n // just treat it as a no-op.\n return;\n }\n WritableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [AbortSteps](reason) {\n const result = this._abortAlgorithm(reason);\n WritableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [ErrorSteps]() {\n ResetQueue(this);\n }\n}\nObject.defineProperties(WritableStreamDefaultController.prototype, {\n error: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations implementing interface required by the WritableStream.\nfunction IsWritableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledWritableStream = stream;\n stream._writableStreamController = controller;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._writeAlgorithm = writeAlgorithm;\n controller._closeAlgorithm = closeAlgorithm;\n controller._abortAlgorithm = abortAlgorithm;\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n const startResult = startAlgorithm();\n const startPromise = promiseResolvedWith(startResult);\n uponPromise(startPromise, () => {\n controller._started = true;\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, r => {\n controller._started = true;\n WritableStreamDealWithRejection(stream, r);\n });\n}\nfunction SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(WritableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let writeAlgorithm = () => promiseResolvedWith(undefined);\n let closeAlgorithm = () => promiseResolvedWith(undefined);\n let abortAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSink.start !== undefined) {\n startAlgorithm = () => underlyingSink.start(controller);\n }\n if (underlyingSink.write !== undefined) {\n writeAlgorithm = chunk => underlyingSink.write(chunk, controller);\n }\n if (underlyingSink.close !== undefined) {\n closeAlgorithm = () => underlyingSink.close();\n }\n if (underlyingSink.abort !== undefined) {\n abortAlgorithm = reason => underlyingSink.abort(reason);\n }\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls.\nfunction WritableStreamDefaultControllerClearAlgorithms(controller) {\n controller._writeAlgorithm = undefined;\n controller._closeAlgorithm = undefined;\n controller._abortAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\nfunction WritableStreamDefaultControllerClose(controller) {\n EnqueueValueWithSize(controller, closeSentinel, 0);\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\nfunction WritableStreamDefaultControllerGetChunkSize(controller, chunk) {\n try {\n return controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE);\n return 1;\n }\n}\nfunction WritableStreamDefaultControllerGetDesiredSize(controller) {\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) {\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE);\n return;\n }\n const stream = controller._controlledWritableStream;\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\n// Abstract operations for the WritableStreamDefaultController.\nfunction WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) {\n const stream = controller._controlledWritableStream;\n if (!controller._started) {\n return;\n }\n if (stream._inFlightWriteRequest !== undefined) {\n return;\n }\n const state = stream._state;\n if (state === 'erroring') {\n WritableStreamFinishErroring(stream);\n return;\n }\n if (controller._queue.length === 0) {\n return;\n }\n const value = PeekQueueValue(controller);\n if (value === closeSentinel) {\n WritableStreamDefaultControllerProcessClose(controller);\n }\n else {\n WritableStreamDefaultControllerProcessWrite(controller, value);\n }\n}\nfunction WritableStreamDefaultControllerErrorIfNeeded(controller, error) {\n if (controller._controlledWritableStream._state === 'writable') {\n WritableStreamDefaultControllerError(controller, error);\n }\n}\nfunction WritableStreamDefaultControllerProcessClose(controller) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkCloseRequestInFlight(stream);\n DequeueValue(controller);\n const sinkClosePromise = controller._closeAlgorithm();\n WritableStreamDefaultControllerClearAlgorithms(controller);\n uponPromise(sinkClosePromise, () => {\n WritableStreamFinishInFlightClose(stream);\n }, reason => {\n WritableStreamFinishInFlightCloseWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerProcessWrite(controller, chunk) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkFirstWriteRequestInFlight(stream);\n const sinkWritePromise = controller._writeAlgorithm(chunk);\n uponPromise(sinkWritePromise, () => {\n WritableStreamFinishInFlightWrite(stream);\n const state = stream._state;\n DequeueValue(controller);\n if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, reason => {\n if (stream._state === 'writable') {\n WritableStreamDefaultControllerClearAlgorithms(controller);\n }\n WritableStreamFinishInFlightWriteWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerGetBackpressure(controller) {\n const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller);\n return desiredSize <= 0;\n}\n// A client of WritableStreamDefaultController may use these functions directly to bypass state check.\nfunction WritableStreamDefaultControllerError(controller, error) {\n const stream = controller._controlledWritableStream;\n WritableStreamDefaultControllerClearAlgorithms(controller);\n WritableStreamStartErroring(stream, error);\n}\n// Helper functions for the WritableStream.\nfunction streamBrandCheckException$2(name) {\n return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`);\n}\n// Helper functions for the WritableStreamDefaultWriter.\nfunction defaultWriterBrandCheckException(name) {\n return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`);\n}\nfunction defaultWriterLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released writer');\n}\nfunction defaultWriterClosedPromiseInitialize(writer) {\n writer._closedPromise = newPromise((resolve, reject) => {\n writer._closedPromise_resolve = resolve;\n writer._closedPromise_reject = reject;\n writer._closedPromiseState = 'pending';\n });\n}\nfunction defaultWriterClosedPromiseInitializeAsRejected(writer, reason) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseReject(writer, reason);\n}\nfunction defaultWriterClosedPromiseInitializeAsResolved(writer) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseResolve(writer);\n}\nfunction defaultWriterClosedPromiseReject(writer, reason) {\n if (writer._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._closedPromise);\n writer._closedPromise_reject(reason);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'rejected';\n}\nfunction defaultWriterClosedPromiseResetToRejected(writer, reason) {\n defaultWriterClosedPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterClosedPromiseResolve(writer) {\n if (writer._closedPromise_resolve === undefined) {\n return;\n }\n writer._closedPromise_resolve(undefined);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'resolved';\n}\nfunction defaultWriterReadyPromiseInitialize(writer) {\n writer._readyPromise = newPromise((resolve, reject) => {\n writer._readyPromise_resolve = resolve;\n writer._readyPromise_reject = reject;\n });\n writer._readyPromiseState = 'pending';\n}\nfunction defaultWriterReadyPromiseInitializeAsRejected(writer, reason) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseReject(writer, reason);\n}\nfunction defaultWriterReadyPromiseInitializeAsResolved(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseResolve(writer);\n}\nfunction defaultWriterReadyPromiseReject(writer, reason) {\n if (writer._readyPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._readyPromise);\n writer._readyPromise_reject(reason);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'rejected';\n}\nfunction defaultWriterReadyPromiseReset(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n}\nfunction defaultWriterReadyPromiseResetToRejected(writer, reason) {\n defaultWriterReadyPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterReadyPromiseResolve(writer) {\n if (writer._readyPromise_resolve === undefined) {\n return;\n }\n writer._readyPromise_resolve(undefined);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'fulfilled';\n}\n\nfunction isAbortSignal(value) {\n if (typeof value !== 'object' || value === null) {\n return false;\n }\n try {\n return typeof value.aborted === 'boolean';\n }\n catch (_a) {\n // AbortSignal.prototype.aborted throws if its brand check fails\n return false;\n }\n}\n\n/// \nconst NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined;\n\n/// \nfunction isDOMExceptionConstructor(ctor) {\n if (!(typeof ctor === 'function' || typeof ctor === 'object')) {\n return false;\n }\n try {\n new ctor();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction createDOMExceptionPolyfill() {\n // eslint-disable-next-line no-shadow\n const ctor = function DOMException(message, name) {\n this.message = message || '';\n this.name = name || 'Error';\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n };\n ctor.prototype = Object.create(Error.prototype);\n Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true });\n return ctor;\n}\n// eslint-disable-next-line no-redeclare\nconst DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill();\n\nfunction ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) {\n const reader = AcquireReadableStreamDefaultReader(source);\n const writer = AcquireWritableStreamDefaultWriter(dest);\n source._disturbed = true;\n let shuttingDown = false;\n // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown.\n let currentWrite = promiseResolvedWith(undefined);\n return newPromise((resolve, reject) => {\n let abortAlgorithm;\n if (signal !== undefined) {\n abortAlgorithm = () => {\n const error = new DOMException$1('Aborted', 'AbortError');\n const actions = [];\n if (!preventAbort) {\n actions.push(() => {\n if (dest._state === 'writable') {\n return WritableStreamAbort(dest, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n if (!preventCancel) {\n actions.push(() => {\n if (source._state === 'readable') {\n return ReadableStreamCancel(source, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error);\n };\n if (signal.aborted) {\n abortAlgorithm();\n return;\n }\n signal.addEventListener('abort', abortAlgorithm);\n }\n // Using reader and writer, read all chunks from this and write them to dest\n // - Backpressure must be enforced\n // - Shutdown must stop all activity\n function pipeLoop() {\n return newPromise((resolveLoop, rejectLoop) => {\n function next(done) {\n if (done) {\n resolveLoop();\n }\n else {\n // Use `PerformPromiseThen` instead of `uponPromise` to avoid\n // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers\n PerformPromiseThen(pipeStep(), next, rejectLoop);\n }\n }\n next(false);\n });\n }\n function pipeStep() {\n if (shuttingDown) {\n return promiseResolvedWith(true);\n }\n return PerformPromiseThen(writer._readyPromise, () => {\n return newPromise((resolveRead, rejectRead) => {\n ReadableStreamDefaultReaderRead(reader, {\n _chunkSteps: chunk => {\n currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop);\n resolveRead(false);\n },\n _closeSteps: () => resolveRead(true),\n _errorSteps: rejectRead\n });\n });\n });\n }\n // Errors must be propagated forward\n isOrBecomesErrored(source, reader._closedPromise, storedError => {\n if (!preventAbort) {\n shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Errors must be propagated backward\n isOrBecomesErrored(dest, writer._closedPromise, storedError => {\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Closing must be propagated forward\n isOrBecomesClosed(source, reader._closedPromise, () => {\n if (!preventClose) {\n shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer));\n }\n else {\n shutdown();\n }\n });\n // Closing must be propagated backward\n if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') {\n const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it');\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed);\n }\n else {\n shutdown(true, destClosed);\n }\n }\n setPromiseIsHandledToTrue(pipeLoop());\n function waitForWritesToFinish() {\n // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait\n // for that too.\n const oldCurrentWrite = currentWrite;\n return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined);\n }\n function isOrBecomesErrored(stream, promise, action) {\n if (stream._state === 'errored') {\n action(stream._storedError);\n }\n else {\n uponRejection(promise, action);\n }\n }\n function isOrBecomesClosed(stream, promise, action) {\n if (stream._state === 'closed') {\n action();\n }\n else {\n uponFulfillment(promise, action);\n }\n }\n function shutdownWithAction(action, originalIsError, originalError) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), doTheRest);\n }\n else {\n doTheRest();\n }\n function doTheRest() {\n uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError));\n }\n }\n function shutdown(isError, error) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error));\n }\n else {\n finalize(isError, error);\n }\n }\n function finalize(isError, error) {\n WritableStreamDefaultWriterRelease(writer);\n ReadableStreamReaderGenericRelease(reader);\n if (signal !== undefined) {\n signal.removeEventListener('abort', abortAlgorithm);\n }\n if (isError) {\n reject(error);\n }\n else {\n resolve(undefined);\n }\n }\n });\n}\n\n/**\n * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('desiredSize');\n }\n return ReadableStreamDefaultControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('close');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits close');\n }\n ReadableStreamDefaultControllerClose(this);\n }\n enqueue(chunk = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('enqueue');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits enqueue');\n }\n return ReadableStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('error');\n }\n ReadableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableStream;\n if (this._queue.length > 0) {\n const chunk = DequeueValue(this);\n if (this._closeRequested && this._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(this);\n ReadableStreamClose(stream);\n }\n else {\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n readRequest._chunkSteps(chunk);\n }\n else {\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n }\n}\nObject.defineProperties(ReadableStreamDefaultController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableStreamDefaultController.\nfunction IsReadableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableStreamDefaultControllerError(controller, e);\n });\n}\nfunction ReadableStreamDefaultControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableStream;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableStreamDefaultControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\n// A client of ReadableStreamDefaultController may use these functions directly to bypass state check.\nfunction ReadableStreamDefaultControllerClose(controller) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n controller._closeRequested = true;\n if (controller._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n }\n}\nfunction ReadableStreamDefaultControllerEnqueue(controller, chunk) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n ReadableStreamFulfillReadRequest(stream, chunk, false);\n }\n else {\n let chunkSize;\n try {\n chunkSize = controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n ReadableStreamDefaultControllerError(controller, chunkSizeE);\n throw chunkSizeE;\n }\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n ReadableStreamDefaultControllerError(controller, enqueueE);\n throw enqueueE;\n }\n }\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n}\nfunction ReadableStreamDefaultControllerError(controller, e) {\n const stream = controller._controlledReadableStream;\n if (stream._state !== 'readable') {\n return;\n }\n ResetQueue(controller);\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableStreamDefaultControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\n// This is used in the implementation of TransformStream.\nfunction ReadableStreamDefaultControllerHasBackpressure(controller) {\n if (ReadableStreamDefaultControllerShouldCallPull(controller)) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) {\n const state = controller._controlledReadableStream._state;\n if (!controller._closeRequested && state === 'readable') {\n return true;\n }\n return false;\n}\nfunction SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledReadableStream = stream;\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._closeRequested = false;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableStreamDefaultControllerError(controller, r);\n });\n}\nfunction SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSource.start !== undefined) {\n startAlgorithm = () => underlyingSource.start(controller);\n }\n if (underlyingSource.pull !== undefined) {\n pullAlgorithm = () => underlyingSource.pull(controller);\n }\n if (underlyingSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingSource.cancel(reason);\n }\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// Helper functions for the ReadableStreamDefaultController.\nfunction defaultControllerBrandCheckException$1(name) {\n return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`);\n}\n\nfunction ReadableStreamTee(stream, cloneForBranch2) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n let reading = false;\n let canceled1 = false;\n let canceled2 = false;\n let reason1;\n let reason2;\n let branch1;\n let branch2;\n let resolveCancelPromise;\n const cancelPromise = newPromise(resolve => {\n resolveCancelPromise = resolve;\n });\n function pullAlgorithm() {\n if (reading) {\n return promiseResolvedWith(undefined);\n }\n reading = true;\n const readRequest = {\n _chunkSteps: value => {\n // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using\n // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let\n // successful synchronously-available reads get ahead of asynchronously-available errors.\n queueMicrotask(() => {\n reading = false;\n const value1 = value;\n const value2 = value;\n // There is no way to access the cloning code right now in the reference implementation.\n // If we add one then we'll need an implementation for serializable objects.\n // if (!canceled2 && cloneForBranch2) {\n // value2 = StructuredDeserialize(StructuredSerialize(value2));\n // }\n if (!canceled1) {\n ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2);\n }\n });\n },\n _closeSteps: () => {\n reading = false;\n if (!canceled1) {\n ReadableStreamDefaultControllerClose(branch1._readableStreamController);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerClose(branch2._readableStreamController);\n }\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n },\n _errorSteps: () => {\n reading = false;\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promiseResolvedWith(undefined);\n }\n function cancel1Algorithm(reason) {\n canceled1 = true;\n reason1 = reason;\n if (canceled2) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function cancel2Algorithm(reason) {\n canceled2 = true;\n reason2 = reason;\n if (canceled1) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function startAlgorithm() {\n // do nothing\n }\n branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm);\n branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm);\n uponRejection(reader._closedPromise, (r) => {\n ReadableStreamDefaultControllerError(branch1._readableStreamController, r);\n ReadableStreamDefaultControllerError(branch2._readableStreamController, r);\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n });\n return [branch1, branch2];\n}\n\nfunction convertUnderlyingDefaultOrByteSource(source, context) {\n assertDictionary(source, context);\n const original = source;\n const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize;\n const cancel = original === null || original === void 0 ? void 0 : original.cancel;\n const pull = original === null || original === void 0 ? void 0 : original.pull;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n return {\n autoAllocateChunkSize: autoAllocateChunkSize === undefined ?\n undefined :\n convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`),\n cancel: cancel === undefined ?\n undefined :\n convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`),\n pull: pull === undefined ?\n undefined :\n convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`),\n type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`)\n };\n}\nfunction convertUnderlyingSourceCancelCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSourcePullCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSourceStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertReadableStreamType(type, context) {\n type = `${type}`;\n if (type !== 'bytes') {\n throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`);\n }\n return type;\n}\n\nfunction convertReaderOptions(options, context) {\n assertDictionary(options, context);\n const mode = options === null || options === void 0 ? void 0 : options.mode;\n return {\n mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`)\n };\n}\nfunction convertReadableStreamReaderMode(mode, context) {\n mode = `${mode}`;\n if (mode !== 'byob') {\n throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`);\n }\n return mode;\n}\n\nfunction convertIteratorOptions(options, context) {\n assertDictionary(options, context);\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n return { preventCancel: Boolean(preventCancel) };\n}\n\nfunction convertPipeOptions(options, context) {\n assertDictionary(options, context);\n const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort;\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n const preventClose = options === null || options === void 0 ? void 0 : options.preventClose;\n const signal = options === null || options === void 0 ? void 0 : options.signal;\n if (signal !== undefined) {\n assertAbortSignal(signal, `${context} has member 'signal' that`);\n }\n return {\n preventAbort: Boolean(preventAbort),\n preventCancel: Boolean(preventCancel),\n preventClose: Boolean(preventClose),\n signal\n };\n}\nfunction assertAbortSignal(signal, context) {\n if (!isAbortSignal(signal)) {\n throw new TypeError(`${context} is not an AbortSignal.`);\n }\n}\n\nfunction convertReadableWritablePair(pair, context) {\n assertDictionary(pair, context);\n const readable = pair === null || pair === void 0 ? void 0 : pair.readable;\n assertRequiredField(readable, 'readable', 'ReadableWritablePair');\n assertReadableStream(readable, `${context} has member 'readable' that`);\n const writable = pair === null || pair === void 0 ? void 0 : pair.writable;\n assertRequiredField(writable, 'writable', 'ReadableWritablePair');\n assertWritableStream(writable, `${context} has member 'writable' that`);\n return { readable, writable };\n}\n\n/**\n * A readable stream represents a source of data, from which you can read.\n *\n * @public\n */\nclass ReadableStream {\n constructor(rawUnderlyingSource = {}, rawStrategy = {}) {\n if (rawUnderlyingSource === undefined) {\n rawUnderlyingSource = null;\n }\n else {\n assertObject(rawUnderlyingSource, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter');\n InitializeReadableStream(this);\n if (underlyingSource.type === 'bytes') {\n if (strategy.size !== undefined) {\n throw new RangeError('The strategy for a byte stream cannot have a size function');\n }\n const highWaterMark = ExtractHighWaterMark(strategy, 0);\n SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark);\n }\n else {\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm);\n }\n }\n /**\n * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}.\n */\n get locked() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('locked');\n }\n return IsReadableStreamLocked(this);\n }\n /**\n * Cancels the stream, signaling a loss of interest in the stream by a consumer.\n *\n * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()}\n * method, which might or might not use it.\n */\n cancel(reason = undefined) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('cancel'));\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader'));\n }\n return ReadableStreamCancel(this, reason);\n }\n getReader(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('getReader');\n }\n const options = convertReaderOptions(rawOptions, 'First parameter');\n if (options.mode === undefined) {\n return AcquireReadableStreamDefaultReader(this);\n }\n return AcquireReadableStreamBYOBReader(this);\n }\n pipeThrough(rawTransform, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('pipeThrough');\n }\n assertRequiredArgument(rawTransform, 1, 'pipeThrough');\n const transform = convertReadableWritablePair(rawTransform, 'First parameter');\n const options = convertPipeOptions(rawOptions, 'Second parameter');\n if (IsReadableStreamLocked(this)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream');\n }\n if (IsWritableStreamLocked(transform.writable)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream');\n }\n const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n setPromiseIsHandledToTrue(promise);\n return transform.readable;\n }\n pipeTo(destination, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('pipeTo'));\n }\n if (destination === undefined) {\n return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`);\n }\n if (!IsWritableStream(destination)) {\n return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`));\n }\n let options;\n try {\n options = convertPipeOptions(rawOptions, 'Second parameter');\n }\n catch (e) {\n return promiseRejectedWith(e);\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream'));\n }\n if (IsWritableStreamLocked(destination)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream'));\n }\n return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n }\n /**\n * Tees this readable stream, returning a two-element array containing the two resulting branches as\n * new {@link ReadableStream} instances.\n *\n * Teeing a stream will lock it, preventing any other consumer from acquiring a reader.\n * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be\n * propagated to the stream's underlying source.\n *\n * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable,\n * this could allow interference between the two branches.\n */\n tee() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('tee');\n }\n const branches = ReadableStreamTee(this);\n return CreateArrayFromList(branches);\n }\n values(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('values');\n }\n const options = convertIteratorOptions(rawOptions, 'First parameter');\n return AcquireReadableStreamAsyncIterator(this, options.preventCancel);\n }\n}\nObject.defineProperties(ReadableStream.prototype, {\n cancel: { enumerable: true },\n getReader: { enumerable: true },\n pipeThrough: { enumerable: true },\n pipeTo: { enumerable: true },\n tee: { enumerable: true },\n values: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStream',\n configurable: true\n });\n}\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, {\n value: ReadableStream.prototype.values,\n writable: true,\n configurable: true\n });\n}\n// Abstract operations for the ReadableStream.\n// Throws if and only if startAlgorithm throws.\nfunction CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(ReadableStream.prototype);\n InitializeReadableStream(stream);\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeReadableStream(stream) {\n stream._state = 'readable';\n stream._reader = undefined;\n stream._storedError = undefined;\n stream._disturbed = false;\n}\nfunction IsReadableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamLocked(stream) {\n if (stream._reader === undefined) {\n return false;\n }\n return true;\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamCancel(stream, reason) {\n stream._disturbed = true;\n if (stream._state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (stream._state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n ReadableStreamClose(stream);\n const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason);\n return transformPromiseWith(sourceCancelPromise, noop);\n}\nfunction ReadableStreamClose(stream) {\n stream._state = 'closed';\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseResolve(reader);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._closeSteps();\n });\n reader._readRequests = new SimpleQueue();\n }\n}\nfunction ReadableStreamError(stream, e) {\n stream._state = 'errored';\n stream._storedError = e;\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseReject(reader, e);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._errorSteps(e);\n });\n reader._readRequests = new SimpleQueue();\n }\n else {\n reader._readIntoRequests.forEach(readIntoRequest => {\n readIntoRequest._errorSteps(e);\n });\n reader._readIntoRequests = new SimpleQueue();\n }\n}\n// Helper functions for the ReadableStream.\nfunction streamBrandCheckException$1(name) {\n return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`);\n}\n\nfunction convertQueuingStrategyInit(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit');\n return {\n highWaterMark: convertUnrestrictedDouble(highWaterMark)\n };\n}\n\nconst byteLengthSizeFunction = function size(chunk) {\n return chunk.byteLength;\n};\n/**\n * A queuing strategy that counts the number of bytes in each chunk.\n *\n * @public\n */\nclass ByteLengthQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('highWaterMark');\n }\n return this._byteLengthQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by returning the value of its `byteLength` property.\n */\n get size() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('size');\n }\n return byteLengthSizeFunction;\n }\n}\nObject.defineProperties(ByteLengthQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'ByteLengthQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the ByteLengthQueuingStrategy.\nfunction byteLengthBrandCheckException(name) {\n return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`);\n}\nfunction IsByteLengthQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nconst countSizeFunction = function size() {\n return 1;\n};\n/**\n * A queuing strategy that counts the number of chunks.\n *\n * @public\n */\nclass CountQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'CountQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._countQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('highWaterMark');\n }\n return this._countQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by always returning 1.\n * This ensures that the total queue size is a count of the number of chunks in the queue.\n */\n get size() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('size');\n }\n return countSizeFunction;\n }\n}\nObject.defineProperties(CountQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'CountQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the CountQueuingStrategy.\nfunction countBrandCheckException(name) {\n return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`);\n}\nfunction IsCountQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nfunction convertTransformer(original, context) {\n assertDictionary(original, context);\n const flush = original === null || original === void 0 ? void 0 : original.flush;\n const readableType = original === null || original === void 0 ? void 0 : original.readableType;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const transform = original === null || original === void 0 ? void 0 : original.transform;\n const writableType = original === null || original === void 0 ? void 0 : original.writableType;\n return {\n flush: flush === undefined ?\n undefined :\n convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`),\n readableType,\n start: start === undefined ?\n undefined :\n convertTransformerStartCallback(start, original, `${context} has member 'start' that`),\n transform: transform === undefined ?\n undefined :\n convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`),\n writableType\n };\n}\nfunction convertTransformerFlushCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertTransformerStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertTransformerTransformCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\n// Class TransformStream\n/**\n * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream},\n * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side.\n * In a manner specific to the transform stream in question, writes to the writable side result in new data being\n * made available for reading from the readable side.\n *\n * @public\n */\nclass TransformStream {\n constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) {\n if (rawTransformer === undefined) {\n rawTransformer = null;\n }\n const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter');\n const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter');\n const transformer = convertTransformer(rawTransformer, 'First parameter');\n if (transformer.readableType !== undefined) {\n throw new RangeError('Invalid readableType specified');\n }\n if (transformer.writableType !== undefined) {\n throw new RangeError('Invalid writableType specified');\n }\n const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0);\n const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy);\n const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1);\n const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy);\n let startPromise_resolve;\n const startPromise = newPromise(resolve => {\n startPromise_resolve = resolve;\n });\n InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n SetUpTransformStreamDefaultControllerFromTransformer(this, transformer);\n if (transformer.start !== undefined) {\n startPromise_resolve(transformer.start(this._transformStreamController));\n }\n else {\n startPromise_resolve(undefined);\n }\n }\n /**\n * The readable side of the transform stream.\n */\n get readable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('readable');\n }\n return this._readable;\n }\n /**\n * The writable side of the transform stream.\n */\n get writable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('writable');\n }\n return this._writable;\n }\n}\nObject.defineProperties(TransformStream.prototype, {\n readable: { enumerable: true },\n writable: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStream',\n configurable: true\n });\n}\nfunction InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) {\n function startAlgorithm() {\n return startPromise;\n }\n function writeAlgorithm(chunk) {\n return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk);\n }\n function abortAlgorithm(reason) {\n return TransformStreamDefaultSinkAbortAlgorithm(stream, reason);\n }\n function closeAlgorithm() {\n return TransformStreamDefaultSinkCloseAlgorithm(stream);\n }\n stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm);\n function pullAlgorithm() {\n return TransformStreamDefaultSourcePullAlgorithm(stream);\n }\n function cancelAlgorithm(reason) {\n TransformStreamErrorWritableAndUnblockWrite(stream, reason);\n return promiseResolvedWith(undefined);\n }\n stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure.\n stream._backpressure = undefined;\n stream._backpressureChangePromise = undefined;\n stream._backpressureChangePromise_resolve = undefined;\n TransformStreamSetBackpressure(stream, true);\n stream._transformStreamController = undefined;\n}\nfunction IsTransformStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) {\n return false;\n }\n return true;\n}\n// This is a no-op if both sides are already errored.\nfunction TransformStreamError(stream, e) {\n ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e);\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n}\nfunction TransformStreamErrorWritableAndUnblockWrite(stream, e) {\n TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController);\n WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e);\n if (stream._backpressure) {\n // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure()\n // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time\n // _backpressure is set.\n TransformStreamSetBackpressure(stream, false);\n }\n}\nfunction TransformStreamSetBackpressure(stream, backpressure) {\n // Passes also when called during construction.\n if (stream._backpressureChangePromise !== undefined) {\n stream._backpressureChangePromise_resolve();\n }\n stream._backpressureChangePromise = newPromise(resolve => {\n stream._backpressureChangePromise_resolve = resolve;\n });\n stream._backpressure = backpressure;\n}\n// Class TransformStreamDefaultController\n/**\n * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}.\n *\n * @public\n */\nclass TransformStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full.\n */\n get desiredSize() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('desiredSize');\n }\n const readableController = this._controlledTransformStream._readable._readableStreamController;\n return ReadableStreamDefaultControllerGetDesiredSize(readableController);\n }\n enqueue(chunk = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('enqueue');\n }\n TransformStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors both the readable side and the writable side of the controlled transform stream, making all future\n * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded.\n */\n error(reason = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('error');\n }\n TransformStreamDefaultControllerError(this, reason);\n }\n /**\n * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the\n * transformer only needs to consume a portion of the chunks written to the writable side.\n */\n terminate() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('terminate');\n }\n TransformStreamDefaultControllerTerminate(this);\n }\n}\nObject.defineProperties(TransformStreamDefaultController.prototype, {\n enqueue: { enumerable: true },\n error: { enumerable: true },\n terminate: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStreamDefaultController',\n configurable: true\n });\n}\n// Transform Stream Default Controller Abstract Operations\nfunction IsTransformStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) {\n controller._controlledTransformStream = stream;\n stream._transformStreamController = controller;\n controller._transformAlgorithm = transformAlgorithm;\n controller._flushAlgorithm = flushAlgorithm;\n}\nfunction SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) {\n const controller = Object.create(TransformStreamDefaultController.prototype);\n let transformAlgorithm = (chunk) => {\n try {\n TransformStreamDefaultControllerEnqueue(controller, chunk);\n return promiseResolvedWith(undefined);\n }\n catch (transformResultE) {\n return promiseRejectedWith(transformResultE);\n }\n };\n let flushAlgorithm = () => promiseResolvedWith(undefined);\n if (transformer.transform !== undefined) {\n transformAlgorithm = chunk => transformer.transform(chunk, controller);\n }\n if (transformer.flush !== undefined) {\n flushAlgorithm = () => transformer.flush(controller);\n }\n SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm);\n}\nfunction TransformStreamDefaultControllerClearAlgorithms(controller) {\n controller._transformAlgorithm = undefined;\n controller._flushAlgorithm = undefined;\n}\nfunction TransformStreamDefaultControllerEnqueue(controller, chunk) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) {\n throw new TypeError('Readable side is not in a state that permits enqueue');\n }\n // We throttle transform invocations based on the backpressure of the ReadableStream, but we still\n // accept TransformStreamDefaultControllerEnqueue() calls.\n try {\n ReadableStreamDefaultControllerEnqueue(readableController, chunk);\n }\n catch (e) {\n // This happens when readableStrategy.size() throws.\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n throw stream._readable._storedError;\n }\n const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController);\n if (backpressure !== stream._backpressure) {\n TransformStreamSetBackpressure(stream, true);\n }\n}\nfunction TransformStreamDefaultControllerError(controller, e) {\n TransformStreamError(controller._controlledTransformStream, e);\n}\nfunction TransformStreamDefaultControllerPerformTransform(controller, chunk) {\n const transformPromise = controller._transformAlgorithm(chunk);\n return transformPromiseWith(transformPromise, undefined, r => {\n TransformStreamError(controller._controlledTransformStream, r);\n throw r;\n });\n}\nfunction TransformStreamDefaultControllerTerminate(controller) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n ReadableStreamDefaultControllerClose(readableController);\n const error = new TypeError('TransformStream terminated');\n TransformStreamErrorWritableAndUnblockWrite(stream, error);\n}\n// TransformStreamDefaultSink Algorithms\nfunction TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) {\n const controller = stream._transformStreamController;\n if (stream._backpressure) {\n const backpressureChangePromise = stream._backpressureChangePromise;\n return transformPromiseWith(backpressureChangePromise, () => {\n const writable = stream._writable;\n const state = writable._state;\n if (state === 'erroring') {\n throw writable._storedError;\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n });\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n}\nfunction TransformStreamDefaultSinkAbortAlgorithm(stream, reason) {\n // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already\n // errored.\n TransformStreamError(stream, reason);\n return promiseResolvedWith(undefined);\n}\nfunction TransformStreamDefaultSinkCloseAlgorithm(stream) {\n // stream._readable cannot change after construction, so caching it across a call to user code is safe.\n const readable = stream._readable;\n const controller = stream._transformStreamController;\n const flushPromise = controller._flushAlgorithm();\n TransformStreamDefaultControllerClearAlgorithms(controller);\n // Return a promise that is fulfilled with undefined on success.\n return transformPromiseWith(flushPromise, () => {\n if (readable._state === 'errored') {\n throw readable._storedError;\n }\n ReadableStreamDefaultControllerClose(readable._readableStreamController);\n }, r => {\n TransformStreamError(stream, r);\n throw readable._storedError;\n });\n}\n// TransformStreamDefaultSource Algorithms\nfunction TransformStreamDefaultSourcePullAlgorithm(stream) {\n // Invariant. Enforced by the promises returned by start() and pull().\n TransformStreamSetBackpressure(stream, false);\n // Prevent the next pull() call until there is backpressure.\n return stream._backpressureChangePromise;\n}\n// Helper functions for the TransformStreamDefaultController.\nfunction defaultControllerBrandCheckException(name) {\n return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`);\n}\n// Helper functions for the TransformStream.\nfunction streamBrandCheckException(name) {\n return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`);\n}\n\nexport { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter };\n//# sourceMappingURL=ponyfill.es6.mjs.map\n","/*! *****************************************************************************\nCopyright (c) Microsoft Corporation.\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\nPERFORMANCE OF THIS SOFTWARE.\n***************************************************************************** */\n/* global Reflect, Promise */\n\nvar extendStatics = function(d, b) {\n extendStatics = Object.setPrototypeOf ||\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\n return extendStatics(d, b);\n};\n\nfunction __extends(d, b) {\n if (typeof b !== \"function\" && b !== null)\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\n extendStatics(d, b);\n function __() { this.constructor = d; }\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\n}\n\nfunction assert(test) {\n if (!test) {\n throw new TypeError('Assertion failed');\n }\n}\n\nfunction noop() {\n return;\n}\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\n\nfunction isStreamConstructor(ctor) {\n if (typeof ctor !== 'function') {\n return false;\n }\n var startCalled = false;\n try {\n new ctor({\n start: function () {\n startCalled = true;\n }\n });\n }\n catch (e) {\n // ignore\n }\n return startCalled;\n}\nfunction isReadableStream(readable) {\n if (!typeIsObject(readable)) {\n return false;\n }\n if (typeof readable.getReader !== 'function') {\n return false;\n }\n return true;\n}\nfunction isReadableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isReadableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isWritableStream(writable) {\n if (!typeIsObject(writable)) {\n return false;\n }\n if (typeof writable.getWriter !== 'function') {\n return false;\n }\n return true;\n}\nfunction isWritableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isWritableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isTransformStream(transform) {\n if (!typeIsObject(transform)) {\n return false;\n }\n if (!isReadableStream(transform.readable)) {\n return false;\n }\n if (!isWritableStream(transform.writable)) {\n return false;\n }\n return true;\n}\nfunction isTransformStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isTransformStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction supportsByobReader(readable) {\n try {\n var reader = readable.getReader({ mode: 'byob' });\n reader.releaseLock();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction supportsByteSource(ctor) {\n try {\n new ctor({ type: 'bytes' });\n return true;\n }\n catch (_a) {\n return false;\n }\n}\n\nfunction createReadableStreamWrapper(ctor) {\n assert(isReadableStreamConstructor(ctor));\n var byteSourceSupported = supportsByteSource(ctor);\n return function (readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n type = parseReadableType(type);\n if (type === 'bytes' && !byteSourceSupported) {\n type = undefined;\n }\n if (readable.constructor === ctor) {\n if (type !== 'bytes' || supportsByobReader(readable)) {\n return readable;\n }\n }\n if (type === 'bytes') {\n var source = createWrappingReadableSource(readable, { type: type });\n return new ctor(source);\n }\n else {\n var source = createWrappingReadableSource(readable);\n return new ctor(source);\n }\n };\n}\nfunction createWrappingReadableSource(readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n assert(isReadableStream(readable));\n assert(readable.locked === false);\n type = parseReadableType(type);\n var source;\n if (type === 'bytes') {\n source = new WrappingReadableByteStreamSource(readable);\n }\n else {\n source = new WrappingReadableStreamDefaultSource(readable);\n }\n return source;\n}\nfunction parseReadableType(type) {\n var typeString = String(type);\n if (typeString === 'bytes') {\n return typeString;\n }\n else if (type === undefined) {\n return type;\n }\n else {\n throw new RangeError('Invalid type is specified');\n }\n}\nvar AbstractWrappingReadableStreamSource = /** @class */ (function () {\n function AbstractWrappingReadableStreamSource(underlyingStream) {\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n this._readableStreamController = undefined;\n this._pendingRead = undefined;\n this._underlyingStream = underlyingStream;\n // always keep a reader attached to detect close/error\n this._attachDefaultReader();\n }\n AbstractWrappingReadableStreamSource.prototype.start = function (controller) {\n this._readableStreamController = controller;\n };\n AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) {\n assert(this._underlyingReader !== undefined);\n return this._underlyingReader.cancel(reason);\n };\n AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () {\n if (this._readerMode === \"default\" /* DEFAULT */) {\n return;\n }\n this._detachReader();\n var reader = this._underlyingStream.getReader();\n this._readerMode = \"default\" /* DEFAULT */;\n this._attachReader(reader);\n };\n AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) {\n var _this = this;\n assert(this._underlyingReader === undefined);\n this._underlyingReader = reader;\n var closed = this._underlyingReader.closed;\n if (!closed) {\n return;\n }\n closed\n .then(function () { return _this._finishPendingRead(); })\n .then(function () {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.close();\n }\n }, function (reason) {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.error(reason);\n }\n })\n .catch(noop);\n };\n AbstractWrappingReadableStreamSource.prototype._detachReader = function () {\n if (this._underlyingReader === undefined) {\n return;\n }\n this._underlyingReader.releaseLock();\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n };\n AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () {\n var _this = this;\n this._attachDefaultReader();\n // TODO Backpressure?\n var read = this._underlyingReader.read()\n .then(function (result) {\n var controller = _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n }\n else {\n controller.enqueue(result.value);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n AbstractWrappingReadableStreamSource.prototype._tryClose = function () {\n try {\n this._readableStreamController.close();\n }\n catch (_a) {\n // already errored or closed\n }\n };\n AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) {\n var _this = this;\n var pendingRead;\n var finishRead = function () {\n if (_this._pendingRead === pendingRead) {\n _this._pendingRead = undefined;\n }\n };\n this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead);\n };\n AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () {\n var _this = this;\n if (!this._pendingRead) {\n return undefined;\n }\n var afterRead = function () { return _this._finishPendingRead(); };\n return this._pendingRead.then(afterRead, afterRead);\n };\n return AbstractWrappingReadableStreamSource;\n}());\nvar WrappingReadableStreamDefaultSource = /** @class */ (function (_super) {\n __extends(WrappingReadableStreamDefaultSource, _super);\n function WrappingReadableStreamDefaultSource() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n WrappingReadableStreamDefaultSource.prototype.pull = function () {\n return this._pullWithDefaultReader();\n };\n return WrappingReadableStreamDefaultSource;\n}(AbstractWrappingReadableStreamSource));\nfunction toUint8Array(view) {\n return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);\n}\nfunction copyArrayBufferView(from, to) {\n var fromArray = toUint8Array(from);\n var toArray = toUint8Array(to);\n toArray.set(fromArray, 0);\n}\nvar WrappingReadableByteStreamSource = /** @class */ (function (_super) {\n __extends(WrappingReadableByteStreamSource, _super);\n function WrappingReadableByteStreamSource(underlyingStream) {\n var _this = this;\n var supportsByob = supportsByobReader(underlyingStream);\n _this = _super.call(this, underlyingStream) || this;\n _this._supportsByob = supportsByob;\n return _this;\n }\n Object.defineProperty(WrappingReadableByteStreamSource.prototype, \"type\", {\n get: function () {\n return 'bytes';\n },\n enumerable: false,\n configurable: true\n });\n WrappingReadableByteStreamSource.prototype._attachByobReader = function () {\n if (this._readerMode === \"byob\" /* BYOB */) {\n return;\n }\n assert(this._supportsByob);\n this._detachReader();\n var reader = this._underlyingStream.getReader({ mode: 'byob' });\n this._readerMode = \"byob\" /* BYOB */;\n this._attachReader(reader);\n };\n WrappingReadableByteStreamSource.prototype.pull = function () {\n if (this._supportsByob) {\n var byobRequest = this._readableStreamController.byobRequest;\n if (byobRequest) {\n return this._pullWithByobRequest(byobRequest);\n }\n }\n return this._pullWithDefaultReader();\n };\n WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) {\n var _this = this;\n this._attachByobReader();\n // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly\n // create a separate buffer to read into, then copy that to byobRequest.view\n var buffer = new Uint8Array(byobRequest.view.byteLength);\n // TODO Backpressure?\n var read = this._underlyingReader.read(buffer)\n .then(function (result) {\n _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n byobRequest.respond(0);\n }\n else {\n copyArrayBufferView(result.value, byobRequest.view);\n byobRequest.respond(result.value.byteLength);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n return WrappingReadableByteStreamSource;\n}(AbstractWrappingReadableStreamSource));\n\nfunction createWritableStreamWrapper(ctor) {\n assert(isWritableStreamConstructor(ctor));\n return function (writable) {\n if (writable.constructor === ctor) {\n return writable;\n }\n var sink = createWrappingWritableSink(writable);\n return new ctor(sink);\n };\n}\nfunction createWrappingWritableSink(writable) {\n assert(isWritableStream(writable));\n assert(writable.locked === false);\n var writer = writable.getWriter();\n return new WrappingWritableStreamSink(writer);\n}\nvar WrappingWritableStreamSink = /** @class */ (function () {\n function WrappingWritableStreamSink(underlyingWriter) {\n var _this = this;\n this._writableStreamController = undefined;\n this._pendingWrite = undefined;\n this._state = \"writable\" /* WRITABLE */;\n this._storedError = undefined;\n this._underlyingWriter = underlyingWriter;\n this._errorPromise = new Promise(function (resolve, reject) {\n _this._errorPromiseReject = reject;\n });\n this._errorPromise.catch(noop);\n }\n WrappingWritableStreamSink.prototype.start = function (controller) {\n var _this = this;\n this._writableStreamController = controller;\n this._underlyingWriter.closed\n .then(function () {\n _this._state = \"closed\" /* CLOSED */;\n })\n .catch(function (reason) { return _this._finishErroring(reason); });\n };\n WrappingWritableStreamSink.prototype.write = function (chunk) {\n var _this = this;\n var writer = this._underlyingWriter;\n // Detect past errors\n if (writer.desiredSize === null) {\n return writer.ready;\n }\n var writeRequest = writer.write(chunk);\n // Detect future errors\n writeRequest.catch(function (reason) { return _this._finishErroring(reason); });\n writer.ready.catch(function (reason) { return _this._startErroring(reason); });\n // Reject write when errored\n var write = Promise.race([writeRequest, this._errorPromise]);\n this._setPendingWrite(write);\n return write;\n };\n WrappingWritableStreamSink.prototype.close = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return this._underlyingWriter.close();\n }\n return this._finishPendingWrite().then(function () { return _this.close(); });\n };\n WrappingWritableStreamSink.prototype.abort = function (reason) {\n if (this._state === \"errored\" /* ERRORED */) {\n return undefined;\n }\n var writer = this._underlyingWriter;\n return writer.abort(reason);\n };\n WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) {\n var _this = this;\n var pendingWrite;\n var finishWrite = function () {\n if (_this._pendingWrite === pendingWrite) {\n _this._pendingWrite = undefined;\n }\n };\n this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite);\n };\n WrappingWritableStreamSink.prototype._finishPendingWrite = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return Promise.resolve();\n }\n var afterWrite = function () { return _this._finishPendingWrite(); };\n return this._pendingWrite.then(afterWrite, afterWrite);\n };\n WrappingWritableStreamSink.prototype._startErroring = function (reason) {\n var _this = this;\n if (this._state === \"writable\" /* WRITABLE */) {\n this._state = \"erroring\" /* ERRORING */;\n this._storedError = reason;\n var afterWrite = function () { return _this._finishErroring(reason); };\n if (this._pendingWrite === undefined) {\n afterWrite();\n }\n else {\n this._finishPendingWrite().then(afterWrite, afterWrite);\n }\n this._writableStreamController.error(reason);\n }\n };\n WrappingWritableStreamSink.prototype._finishErroring = function (reason) {\n if (this._state === \"writable\" /* WRITABLE */) {\n this._startErroring(reason);\n }\n if (this._state === \"erroring\" /* ERRORING */) {\n this._state = \"errored\" /* ERRORED */;\n this._errorPromiseReject(this._storedError);\n }\n };\n return WrappingWritableStreamSink;\n}());\n\nfunction createTransformStreamWrapper(ctor) {\n assert(isTransformStreamConstructor(ctor));\n return function (transform) {\n if (transform.constructor === ctor) {\n return transform;\n }\n var transformer = createWrappingTransformer(transform);\n return new ctor(transformer);\n };\n}\nfunction createWrappingTransformer(transform) {\n assert(isTransformStream(transform));\n var readable = transform.readable, writable = transform.writable;\n assert(readable.locked === false);\n assert(writable.locked === false);\n var reader = readable.getReader();\n var writer;\n try {\n writer = writable.getWriter();\n }\n catch (e) {\n reader.releaseLock(); // do not leak reader\n throw e;\n }\n return new WrappingTransformStreamTransformer(reader, writer);\n}\nvar WrappingTransformStreamTransformer = /** @class */ (function () {\n function WrappingTransformStreamTransformer(reader, writer) {\n var _this = this;\n this._transformStreamController = undefined;\n this._onRead = function (result) {\n if (result.done) {\n return;\n }\n _this._transformStreamController.enqueue(result.value);\n return _this._reader.read().then(_this._onRead);\n };\n this._onError = function (reason) {\n _this._flushReject(reason);\n _this._transformStreamController.error(reason);\n _this._reader.cancel(reason).catch(noop);\n _this._writer.abort(reason).catch(noop);\n };\n this._onTerminate = function () {\n _this._flushResolve();\n _this._transformStreamController.terminate();\n var error = new TypeError('TransformStream terminated');\n _this._writer.abort(error).catch(noop);\n };\n this._reader = reader;\n this._writer = writer;\n this._flushPromise = new Promise(function (resolve, reject) {\n _this._flushResolve = resolve;\n _this._flushReject = reject;\n });\n }\n WrappingTransformStreamTransformer.prototype.start = function (controller) {\n this._transformStreamController = controller;\n this._reader.read()\n .then(this._onRead)\n .then(this._onTerminate, this._onError);\n var readerClosed = this._reader.closed;\n if (readerClosed) {\n readerClosed\n .then(this._onTerminate, this._onError);\n }\n };\n WrappingTransformStreamTransformer.prototype.transform = function (chunk) {\n return this._writer.write(chunk);\n };\n WrappingTransformStreamTransformer.prototype.flush = function () {\n var _this = this;\n return this._writer.close()\n .then(function () { return _this._flushPromise; });\n };\n return WrappingTransformStreamTransformer;\n}());\n\nexport { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper };\n//# sourceMappingURL=web-streams-adapter.mjs.map\n","(function (module, exports) {\n 'use strict';\n\n // Utils\n function assert (val, msg) {\n if (!val) throw new Error(msg || 'Assertion failed');\n }\n\n // Could use `inherits` module, but don't want to move from single file\n // architecture yet.\n function inherits (ctor, superCtor) {\n ctor.super_ = superCtor;\n var TempCtor = function () {};\n TempCtor.prototype = superCtor.prototype;\n ctor.prototype = new TempCtor();\n ctor.prototype.constructor = ctor;\n }\n\n // BN\n\n function BN (number, base, endian) {\n if (BN.isBN(number)) {\n return number;\n }\n\n this.negative = 0;\n this.words = null;\n this.length = 0;\n\n // Reduction context\n this.red = null;\n\n if (number !== null) {\n if (base === 'le' || base === 'be') {\n endian = base;\n base = 10;\n }\n\n this._init(number || 0, base || 10, endian || 'be');\n }\n }\n if (typeof module === 'object') {\n module.exports = BN;\n } else {\n exports.BN = BN;\n }\n\n BN.BN = BN;\n BN.wordSize = 26;\n\n var Buffer;\n try {\n Buffer = require('buffer').Buffer;\n } catch (e) {\n }\n\n BN.isBN = function isBN (num) {\n if (num instanceof BN) {\n return true;\n }\n\n return num !== null && typeof num === 'object' &&\n num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);\n };\n\n BN.max = function max (left, right) {\n if (left.cmp(right) > 0) return left;\n return right;\n };\n\n BN.min = function min (left, right) {\n if (left.cmp(right) < 0) return left;\n return right;\n };\n\n BN.prototype._init = function init (number, base, endian) {\n if (typeof number === 'number') {\n return this._initNumber(number, base, endian);\n }\n\n if (typeof number === 'object') {\n return this._initArray(number, base, endian);\n }\n\n if (base === 'hex') {\n base = 16;\n }\n assert(base === (base | 0) && base >= 2 && base <= 36);\n\n number = number.toString().replace(/\\s+/g, '');\n var start = 0;\n if (number[0] === '-') {\n start++;\n }\n\n if (base === 16) {\n this._parseHex(number, start);\n } else {\n this._parseBase(number, base, start);\n }\n\n if (number[0] === '-') {\n this.negative = 1;\n }\n\n this.strip();\n\n if (endian !== 'le') return;\n\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initNumber = function _initNumber (number, base, endian) {\n if (number < 0) {\n this.negative = 1;\n number = -number;\n }\n if (number < 0x4000000) {\n this.words = [ number & 0x3ffffff ];\n this.length = 1;\n } else if (number < 0x10000000000000) {\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff\n ];\n this.length = 2;\n } else {\n assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff,\n 1\n ];\n this.length = 3;\n }\n\n if (endian !== 'le') return;\n\n // Reverse the bytes\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initArray = function _initArray (number, base, endian) {\n // Perhaps a Uint8Array\n assert(typeof number.length === 'number');\n if (number.length <= 0) {\n this.words = [ 0 ];\n this.length = 1;\n return this;\n }\n\n this.length = Math.ceil(number.length / 3);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n var off = 0;\n if (endian === 'be') {\n for (i = number.length - 1, j = 0; i >= 0; i -= 3) {\n w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n } else if (endian === 'le') {\n for (i = 0, j = 0; i < number.length; i += 3) {\n w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n }\n return this.strip();\n };\n\n function parseHex (str, start, end) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r <<= 4;\n\n // 'a' - 'f'\n if (c >= 49 && c <= 54) {\n r |= c - 49 + 0xa;\n\n // 'A' - 'F'\n } else if (c >= 17 && c <= 22) {\n r |= c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r |= c & 0xf;\n }\n }\n return r;\n }\n\n BN.prototype._parseHex = function _parseHex (number, start) {\n // Create possibly bigger array to ensure that it fits the number\n this.length = Math.ceil((number.length - start) / 6);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n // Scan 24-bit chunks and add them to the number\n var off = 0;\n for (i = number.length - 6, j = 0; i >= start; i -= 6) {\n w = parseHex(number, i, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n if (i + 6 !== start) {\n w = parseHex(number, start, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n }\n this.strip();\n };\n\n function parseBase (str, start, end, mul) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r *= mul;\n\n // 'a'\n if (c >= 49) {\n r += c - 49 + 0xa;\n\n // 'A'\n } else if (c >= 17) {\n r += c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r += c;\n }\n }\n return r;\n }\n\n BN.prototype._parseBase = function _parseBase (number, base, start) {\n // Initialize as zero\n this.words = [ 0 ];\n this.length = 1;\n\n // Find length of limb in base\n for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {\n limbLen++;\n }\n limbLen--;\n limbPow = (limbPow / base) | 0;\n\n var total = number.length - start;\n var mod = total % limbLen;\n var end = Math.min(total, total - mod) + start;\n\n var word = 0;\n for (var i = start; i < end; i += limbLen) {\n word = parseBase(number, i, i + limbLen, base);\n\n this.imuln(limbPow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n\n if (mod !== 0) {\n var pow = 1;\n word = parseBase(number, i, number.length, base);\n\n for (i = 0; i < mod; i++) {\n pow *= base;\n }\n\n this.imuln(pow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n };\n\n BN.prototype.copy = function copy (dest) {\n dest.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n dest.words[i] = this.words[i];\n }\n dest.length = this.length;\n dest.negative = this.negative;\n dest.red = this.red;\n };\n\n BN.prototype.clone = function clone () {\n var r = new BN(null);\n this.copy(r);\n return r;\n };\n\n BN.prototype._expand = function _expand (size) {\n while (this.length < size) {\n this.words[this.length++] = 0;\n }\n return this;\n };\n\n // Remove leading `0` from `this`\n BN.prototype.strip = function strip () {\n while (this.length > 1 && this.words[this.length - 1] === 0) {\n this.length--;\n }\n return this._normSign();\n };\n\n BN.prototype._normSign = function _normSign () {\n // -0 = 0\n if (this.length === 1 && this.words[0] === 0) {\n this.negative = 0;\n }\n return this;\n };\n\n BN.prototype.inspect = function inspect () {\n return (this.red ? '';\n };\n\n /*\n\n var zeros = [];\n var groupSizes = [];\n var groupBases = [];\n\n var s = '';\n var i = -1;\n while (++i < BN.wordSize) {\n zeros[i] = s;\n s += '0';\n }\n groupSizes[0] = 0;\n groupSizes[1] = 0;\n groupBases[0] = 0;\n groupBases[1] = 0;\n var base = 2 - 1;\n while (++base < 36 + 1) {\n var groupSize = 0;\n var groupBase = 1;\n while (groupBase < (1 << BN.wordSize) / base) {\n groupBase *= base;\n groupSize += 1;\n }\n groupSizes[base] = groupSize;\n groupBases[base] = groupBase;\n }\n\n */\n\n var zeros = [\n '',\n '0',\n '00',\n '000',\n '0000',\n '00000',\n '000000',\n '0000000',\n '00000000',\n '000000000',\n '0000000000',\n '00000000000',\n '000000000000',\n '0000000000000',\n '00000000000000',\n '000000000000000',\n '0000000000000000',\n '00000000000000000',\n '000000000000000000',\n '0000000000000000000',\n '00000000000000000000',\n '000000000000000000000',\n '0000000000000000000000',\n '00000000000000000000000',\n '000000000000000000000000',\n '0000000000000000000000000'\n ];\n\n var groupSizes = [\n 0, 0,\n 25, 16, 12, 11, 10, 9, 8,\n 8, 7, 7, 7, 7, 6, 6,\n 6, 6, 6, 6, 6, 5, 5,\n 5, 5, 5, 5, 5, 5, 5,\n 5, 5, 5, 5, 5, 5, 5\n ];\n\n var groupBases = [\n 0, 0,\n 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,\n 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,\n 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,\n 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,\n 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176\n ];\n\n BN.prototype.toString = function toString (base, padding) {\n base = base || 10;\n padding = padding | 0 || 1;\n\n var out;\n if (base === 16 || base === 'hex') {\n out = '';\n var off = 0;\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = this.words[i];\n var word = (((w << off) | carry) & 0xffffff).toString(16);\n carry = (w >>> (24 - off)) & 0xffffff;\n if (carry !== 0 || i !== this.length - 1) {\n out = zeros[6 - word.length] + word + out;\n } else {\n out = word + out;\n }\n off += 2;\n if (off >= 26) {\n off -= 26;\n i--;\n }\n }\n if (carry !== 0) {\n out = carry.toString(16) + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n if (base === (base | 0) && base >= 2 && base <= 36) {\n // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));\n var groupSize = groupSizes[base];\n // var groupBase = Math.pow(base, groupSize);\n var groupBase = groupBases[base];\n out = '';\n var c = this.clone();\n c.negative = 0;\n while (!c.isZero()) {\n var r = c.modn(groupBase).toString(base);\n c = c.idivn(groupBase);\n\n if (!c.isZero()) {\n out = zeros[groupSize - r.length] + r + out;\n } else {\n out = r + out;\n }\n }\n if (this.isZero()) {\n out = '0' + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n assert(false, 'Base should be between 2 and 36');\n };\n\n BN.prototype.toNumber = function toNumber () {\n var ret = this.words[0];\n if (this.length === 2) {\n ret += this.words[1] * 0x4000000;\n } else if (this.length === 3 && this.words[2] === 0x01) {\n // NOTE: at this stage it is known that the top bit is set\n ret += 0x10000000000000 + (this.words[1] * 0x4000000);\n } else if (this.length > 2) {\n assert(false, 'Number can only safely store up to 53 bits');\n }\n return (this.negative !== 0) ? -ret : ret;\n };\n\n BN.prototype.toJSON = function toJSON () {\n return this.toString(16);\n };\n\n BN.prototype.toBuffer = function toBuffer (endian, length) {\n assert(typeof Buffer !== 'undefined');\n return this.toArrayLike(Buffer, endian, length);\n };\n\n BN.prototype.toArray = function toArray (endian, length) {\n return this.toArrayLike(Array, endian, length);\n };\n\n BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {\n var byteLength = this.byteLength();\n var reqLength = length || Math.max(1, byteLength);\n assert(byteLength <= reqLength, 'byte array longer than desired length');\n assert(reqLength > 0, 'Requested array length <= 0');\n\n this.strip();\n var littleEndian = endian === 'le';\n var res = new ArrayType(reqLength);\n\n var b, i;\n var q = this.clone();\n if (!littleEndian) {\n // Assume big-endian\n for (i = 0; i < reqLength - byteLength; i++) {\n res[i] = 0;\n }\n\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[reqLength - i - 1] = b;\n }\n } else {\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[i] = b;\n }\n\n for (; i < reqLength; i++) {\n res[i] = 0;\n }\n }\n\n return res;\n };\n\n if (Math.clz32) {\n BN.prototype._countBits = function _countBits (w) {\n return 32 - Math.clz32(w);\n };\n } else {\n BN.prototype._countBits = function _countBits (w) {\n var t = w;\n var r = 0;\n if (t >= 0x1000) {\n r += 13;\n t >>>= 13;\n }\n if (t >= 0x40) {\n r += 7;\n t >>>= 7;\n }\n if (t >= 0x8) {\n r += 4;\n t >>>= 4;\n }\n if (t >= 0x02) {\n r += 2;\n t >>>= 2;\n }\n return r + t;\n };\n }\n\n BN.prototype._zeroBits = function _zeroBits (w) {\n // Short-cut\n if (w === 0) return 26;\n\n var t = w;\n var r = 0;\n if ((t & 0x1fff) === 0) {\n r += 13;\n t >>>= 13;\n }\n if ((t & 0x7f) === 0) {\n r += 7;\n t >>>= 7;\n }\n if ((t & 0xf) === 0) {\n r += 4;\n t >>>= 4;\n }\n if ((t & 0x3) === 0) {\n r += 2;\n t >>>= 2;\n }\n if ((t & 0x1) === 0) {\n r++;\n }\n return r;\n };\n\n // Return number of used bits in a BN\n BN.prototype.bitLength = function bitLength () {\n var w = this.words[this.length - 1];\n var hi = this._countBits(w);\n return (this.length - 1) * 26 + hi;\n };\n\n function toBitArray (num) {\n var w = new Array(num.bitLength());\n\n for (var bit = 0; bit < w.length; bit++) {\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;\n }\n\n return w;\n }\n\n // Number of trailing zero bits\n BN.prototype.zeroBits = function zeroBits () {\n if (this.isZero()) return 0;\n\n var r = 0;\n for (var i = 0; i < this.length; i++) {\n var b = this._zeroBits(this.words[i]);\n r += b;\n if (b !== 26) break;\n }\n return r;\n };\n\n BN.prototype.byteLength = function byteLength () {\n return Math.ceil(this.bitLength() / 8);\n };\n\n BN.prototype.toTwos = function toTwos (width) {\n if (this.negative !== 0) {\n return this.abs().inotn(width).iaddn(1);\n }\n return this.clone();\n };\n\n BN.prototype.fromTwos = function fromTwos (width) {\n if (this.testn(width - 1)) {\n return this.notn(width).iaddn(1).ineg();\n }\n return this.clone();\n };\n\n BN.prototype.isNeg = function isNeg () {\n return this.negative !== 0;\n };\n\n // Return negative clone of `this`\n BN.prototype.neg = function neg () {\n return this.clone().ineg();\n };\n\n BN.prototype.ineg = function ineg () {\n if (!this.isZero()) {\n this.negative ^= 1;\n }\n\n return this;\n };\n\n // Or `num` with `this` in-place\n BN.prototype.iuor = function iuor (num) {\n while (this.length < num.length) {\n this.words[this.length++] = 0;\n }\n\n for (var i = 0; i < num.length; i++) {\n this.words[i] = this.words[i] | num.words[i];\n }\n\n return this.strip();\n };\n\n BN.prototype.ior = function ior (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuor(num);\n };\n\n // Or `num` with `this`\n BN.prototype.or = function or (num) {\n if (this.length > num.length) return this.clone().ior(num);\n return num.clone().ior(this);\n };\n\n BN.prototype.uor = function uor (num) {\n if (this.length > num.length) return this.clone().iuor(num);\n return num.clone().iuor(this);\n };\n\n // And `num` with `this` in-place\n BN.prototype.iuand = function iuand (num) {\n // b = min-length(num, this)\n var b;\n if (this.length > num.length) {\n b = num;\n } else {\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = this.words[i] & num.words[i];\n }\n\n this.length = b.length;\n\n return this.strip();\n };\n\n BN.prototype.iand = function iand (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuand(num);\n };\n\n // And `num` with `this`\n BN.prototype.and = function and (num) {\n if (this.length > num.length) return this.clone().iand(num);\n return num.clone().iand(this);\n };\n\n BN.prototype.uand = function uand (num) {\n if (this.length > num.length) return this.clone().iuand(num);\n return num.clone().iuand(this);\n };\n\n // Xor `num` with `this` in-place\n BN.prototype.iuxor = function iuxor (num) {\n // a.length > b.length\n var a;\n var b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = a.words[i] ^ b.words[i];\n }\n\n if (this !== a) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = a.length;\n\n return this.strip();\n };\n\n BN.prototype.ixor = function ixor (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuxor(num);\n };\n\n // Xor `num` with `this`\n BN.prototype.xor = function xor (num) {\n if (this.length > num.length) return this.clone().ixor(num);\n return num.clone().ixor(this);\n };\n\n BN.prototype.uxor = function uxor (num) {\n if (this.length > num.length) return this.clone().iuxor(num);\n return num.clone().iuxor(this);\n };\n\n // Not ``this`` with ``width`` bitwidth\n BN.prototype.inotn = function inotn (width) {\n assert(typeof width === 'number' && width >= 0);\n\n var bytesNeeded = Math.ceil(width / 26) | 0;\n var bitsLeft = width % 26;\n\n // Extend the buffer with leading zeroes\n this._expand(bytesNeeded);\n\n if (bitsLeft > 0) {\n bytesNeeded--;\n }\n\n // Handle complete words\n for (var i = 0; i < bytesNeeded; i++) {\n this.words[i] = ~this.words[i] & 0x3ffffff;\n }\n\n // Handle the residue\n if (bitsLeft > 0) {\n this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));\n }\n\n // And remove leading zeroes\n return this.strip();\n };\n\n BN.prototype.notn = function notn (width) {\n return this.clone().inotn(width);\n };\n\n // Set `bit` of `this`\n BN.prototype.setn = function setn (bit, val) {\n assert(typeof bit === 'number' && bit >= 0);\n\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n this._expand(off + 1);\n\n if (val) {\n this.words[off] = this.words[off] | (1 << wbit);\n } else {\n this.words[off] = this.words[off] & ~(1 << wbit);\n }\n\n return this.strip();\n };\n\n // Add `num` to `this` in-place\n BN.prototype.iadd = function iadd (num) {\n var r;\n\n // negative + positive\n if (this.negative !== 0 && num.negative === 0) {\n this.negative = 0;\n r = this.isub(num);\n this.negative ^= 1;\n return this._normSign();\n\n // positive + negative\n } else if (this.negative === 0 && num.negative !== 0) {\n num.negative = 0;\n r = this.isub(num);\n num.negative = 1;\n return r._normSign();\n }\n\n // a.length > b.length\n var a, b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) + (b.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n\n this.length = a.length;\n if (carry !== 0) {\n this.words[this.length] = carry;\n this.length++;\n // Copy the rest of the words\n } else if (a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n return this;\n };\n\n // Add `num` to `this`\n BN.prototype.add = function add (num) {\n var res;\n if (num.negative !== 0 && this.negative === 0) {\n num.negative = 0;\n res = this.sub(num);\n num.negative ^= 1;\n return res;\n } else if (num.negative === 0 && this.negative !== 0) {\n this.negative = 0;\n res = num.sub(this);\n this.negative = 1;\n return res;\n }\n\n if (this.length > num.length) return this.clone().iadd(num);\n\n return num.clone().iadd(this);\n };\n\n // Subtract `num` from `this` in-place\n BN.prototype.isub = function isub (num) {\n // this - (-num) = this + num\n if (num.negative !== 0) {\n num.negative = 0;\n var r = this.iadd(num);\n num.negative = 1;\n return r._normSign();\n\n // -this - num = -(this + num)\n } else if (this.negative !== 0) {\n this.negative = 0;\n this.iadd(num);\n this.negative = 1;\n return this._normSign();\n }\n\n // At this point both numbers are positive\n var cmp = this.cmp(num);\n\n // Optimization - zeroify\n if (cmp === 0) {\n this.negative = 0;\n this.length = 1;\n this.words[0] = 0;\n return this;\n }\n\n // a > b\n var a, b;\n if (cmp > 0) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) - (b.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n\n // Copy rest of the words\n if (carry === 0 && i < a.length && a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = Math.max(this.length, i);\n\n if (a !== this) {\n this.negative = 1;\n }\n\n return this.strip();\n };\n\n // Subtract `num` from `this`\n BN.prototype.sub = function sub (num) {\n return this.clone().isub(num);\n };\n\n function smallMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n var len = (self.length + num.length) | 0;\n out.length = len;\n len = (len - 1) | 0;\n\n // Peel one iteration (compiler can't do it, because of code complexity)\n var a = self.words[0] | 0;\n var b = num.words[0] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n var carry = (r / 0x4000000) | 0;\n out.words[0] = lo;\n\n for (var k = 1; k < len; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = carry >>> 26;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = (k - j) | 0;\n a = self.words[i] | 0;\n b = num.words[j] | 0;\n r = a * b + rword;\n ncarry += (r / 0x4000000) | 0;\n rword = r & 0x3ffffff;\n }\n out.words[k] = rword | 0;\n carry = ncarry | 0;\n }\n if (carry !== 0) {\n out.words[k] = carry | 0;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n // TODO(indutny): it may be reasonable to omit it for users who don't need\n // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit\n // multiplication (like elliptic secp256k1).\n var comb10MulTo = function comb10MulTo (self, num, out) {\n var a = self.words;\n var b = num.words;\n var o = out.words;\n var c = 0;\n var lo;\n var mid;\n var hi;\n var a0 = a[0] | 0;\n var al0 = a0 & 0x1fff;\n var ah0 = a0 >>> 13;\n var a1 = a[1] | 0;\n var al1 = a1 & 0x1fff;\n var ah1 = a1 >>> 13;\n var a2 = a[2] | 0;\n var al2 = a2 & 0x1fff;\n var ah2 = a2 >>> 13;\n var a3 = a[3] | 0;\n var al3 = a3 & 0x1fff;\n var ah3 = a3 >>> 13;\n var a4 = a[4] | 0;\n var al4 = a4 & 0x1fff;\n var ah4 = a4 >>> 13;\n var a5 = a[5] | 0;\n var al5 = a5 & 0x1fff;\n var ah5 = a5 >>> 13;\n var a6 = a[6] | 0;\n var al6 = a6 & 0x1fff;\n var ah6 = a6 >>> 13;\n var a7 = a[7] | 0;\n var al7 = a7 & 0x1fff;\n var ah7 = a7 >>> 13;\n var a8 = a[8] | 0;\n var al8 = a8 & 0x1fff;\n var ah8 = a8 >>> 13;\n var a9 = a[9] | 0;\n var al9 = a9 & 0x1fff;\n var ah9 = a9 >>> 13;\n var b0 = b[0] | 0;\n var bl0 = b0 & 0x1fff;\n var bh0 = b0 >>> 13;\n var b1 = b[1] | 0;\n var bl1 = b1 & 0x1fff;\n var bh1 = b1 >>> 13;\n var b2 = b[2] | 0;\n var bl2 = b2 & 0x1fff;\n var bh2 = b2 >>> 13;\n var b3 = b[3] | 0;\n var bl3 = b3 & 0x1fff;\n var bh3 = b3 >>> 13;\n var b4 = b[4] | 0;\n var bl4 = b4 & 0x1fff;\n var bh4 = b4 >>> 13;\n var b5 = b[5] | 0;\n var bl5 = b5 & 0x1fff;\n var bh5 = b5 >>> 13;\n var b6 = b[6] | 0;\n var bl6 = b6 & 0x1fff;\n var bh6 = b6 >>> 13;\n var b7 = b[7] | 0;\n var bl7 = b7 & 0x1fff;\n var bh7 = b7 >>> 13;\n var b8 = b[8] | 0;\n var bl8 = b8 & 0x1fff;\n var bh8 = b8 >>> 13;\n var b9 = b[9] | 0;\n var bl9 = b9 & 0x1fff;\n var bh9 = b9 >>> 13;\n\n out.negative = self.negative ^ num.negative;\n out.length = 19;\n /* k = 0 */\n lo = Math.imul(al0, bl0);\n mid = Math.imul(al0, bh0);\n mid = (mid + Math.imul(ah0, bl0)) | 0;\n hi = Math.imul(ah0, bh0);\n var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;\n w0 &= 0x3ffffff;\n /* k = 1 */\n lo = Math.imul(al1, bl0);\n mid = Math.imul(al1, bh0);\n mid = (mid + Math.imul(ah1, bl0)) | 0;\n hi = Math.imul(ah1, bh0);\n lo = (lo + Math.imul(al0, bl1)) | 0;\n mid = (mid + Math.imul(al0, bh1)) | 0;\n mid = (mid + Math.imul(ah0, bl1)) | 0;\n hi = (hi + Math.imul(ah0, bh1)) | 0;\n var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;\n w1 &= 0x3ffffff;\n /* k = 2 */\n lo = Math.imul(al2, bl0);\n mid = Math.imul(al2, bh0);\n mid = (mid + Math.imul(ah2, bl0)) | 0;\n hi = Math.imul(ah2, bh0);\n lo = (lo + Math.imul(al1, bl1)) | 0;\n mid = (mid + Math.imul(al1, bh1)) | 0;\n mid = (mid + Math.imul(ah1, bl1)) | 0;\n hi = (hi + Math.imul(ah1, bh1)) | 0;\n lo = (lo + Math.imul(al0, bl2)) | 0;\n mid = (mid + Math.imul(al0, bh2)) | 0;\n mid = (mid + Math.imul(ah0, bl2)) | 0;\n hi = (hi + Math.imul(ah0, bh2)) | 0;\n var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;\n w2 &= 0x3ffffff;\n /* k = 3 */\n lo = Math.imul(al3, bl0);\n mid = Math.imul(al3, bh0);\n mid = (mid + Math.imul(ah3, bl0)) | 0;\n hi = Math.imul(ah3, bh0);\n lo = (lo + Math.imul(al2, bl1)) | 0;\n mid = (mid + Math.imul(al2, bh1)) | 0;\n mid = (mid + Math.imul(ah2, bl1)) | 0;\n hi = (hi + Math.imul(ah2, bh1)) | 0;\n lo = (lo + Math.imul(al1, bl2)) | 0;\n mid = (mid + Math.imul(al1, bh2)) | 0;\n mid = (mid + Math.imul(ah1, bl2)) | 0;\n hi = (hi + Math.imul(ah1, bh2)) | 0;\n lo = (lo + Math.imul(al0, bl3)) | 0;\n mid = (mid + Math.imul(al0, bh3)) | 0;\n mid = (mid + Math.imul(ah0, bl3)) | 0;\n hi = (hi + Math.imul(ah0, bh3)) | 0;\n var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;\n w3 &= 0x3ffffff;\n /* k = 4 */\n lo = Math.imul(al4, bl0);\n mid = Math.imul(al4, bh0);\n mid = (mid + Math.imul(ah4, bl0)) | 0;\n hi = Math.imul(ah4, bh0);\n lo = (lo + Math.imul(al3, bl1)) | 0;\n mid = (mid + Math.imul(al3, bh1)) | 0;\n mid = (mid + Math.imul(ah3, bl1)) | 0;\n hi = (hi + Math.imul(ah3, bh1)) | 0;\n lo = (lo + Math.imul(al2, bl2)) | 0;\n mid = (mid + Math.imul(al2, bh2)) | 0;\n mid = (mid + Math.imul(ah2, bl2)) | 0;\n hi = (hi + Math.imul(ah2, bh2)) | 0;\n lo = (lo + Math.imul(al1, bl3)) | 0;\n mid = (mid + Math.imul(al1, bh3)) | 0;\n mid = (mid + Math.imul(ah1, bl3)) | 0;\n hi = (hi + Math.imul(ah1, bh3)) | 0;\n lo = (lo + Math.imul(al0, bl4)) | 0;\n mid = (mid + Math.imul(al0, bh4)) | 0;\n mid = (mid + Math.imul(ah0, bl4)) | 0;\n hi = (hi + Math.imul(ah0, bh4)) | 0;\n var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;\n w4 &= 0x3ffffff;\n /* k = 5 */\n lo = Math.imul(al5, bl0);\n mid = Math.imul(al5, bh0);\n mid = (mid + Math.imul(ah5, bl0)) | 0;\n hi = Math.imul(ah5, bh0);\n lo = (lo + Math.imul(al4, bl1)) | 0;\n mid = (mid + Math.imul(al4, bh1)) | 0;\n mid = (mid + Math.imul(ah4, bl1)) | 0;\n hi = (hi + Math.imul(ah4, bh1)) | 0;\n lo = (lo + Math.imul(al3, bl2)) | 0;\n mid = (mid + Math.imul(al3, bh2)) | 0;\n mid = (mid + Math.imul(ah3, bl2)) | 0;\n hi = (hi + Math.imul(ah3, bh2)) | 0;\n lo = (lo + Math.imul(al2, bl3)) | 0;\n mid = (mid + Math.imul(al2, bh3)) | 0;\n mid = (mid + Math.imul(ah2, bl3)) | 0;\n hi = (hi + Math.imul(ah2, bh3)) | 0;\n lo = (lo + Math.imul(al1, bl4)) | 0;\n mid = (mid + Math.imul(al1, bh4)) | 0;\n mid = (mid + Math.imul(ah1, bl4)) | 0;\n hi = (hi + Math.imul(ah1, bh4)) | 0;\n lo = (lo + Math.imul(al0, bl5)) | 0;\n mid = (mid + Math.imul(al0, bh5)) | 0;\n mid = (mid + Math.imul(ah0, bl5)) | 0;\n hi = (hi + Math.imul(ah0, bh5)) | 0;\n var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;\n w5 &= 0x3ffffff;\n /* k = 6 */\n lo = Math.imul(al6, bl0);\n mid = Math.imul(al6, bh0);\n mid = (mid + Math.imul(ah6, bl0)) | 0;\n hi = Math.imul(ah6, bh0);\n lo = (lo + Math.imul(al5, bl1)) | 0;\n mid = (mid + Math.imul(al5, bh1)) | 0;\n mid = (mid + Math.imul(ah5, bl1)) | 0;\n hi = (hi + Math.imul(ah5, bh1)) | 0;\n lo = (lo + Math.imul(al4, bl2)) | 0;\n mid = (mid + Math.imul(al4, bh2)) | 0;\n mid = (mid + Math.imul(ah4, bl2)) | 0;\n hi = (hi + Math.imul(ah4, bh2)) | 0;\n lo = (lo + Math.imul(al3, bl3)) | 0;\n mid = (mid + Math.imul(al3, bh3)) | 0;\n mid = (mid + Math.imul(ah3, bl3)) | 0;\n hi = (hi + Math.imul(ah3, bh3)) | 0;\n lo = (lo + Math.imul(al2, bl4)) | 0;\n mid = (mid + Math.imul(al2, bh4)) | 0;\n mid = (mid + Math.imul(ah2, bl4)) | 0;\n hi = (hi + Math.imul(ah2, bh4)) | 0;\n lo = (lo + Math.imul(al1, bl5)) | 0;\n mid = (mid + Math.imul(al1, bh5)) | 0;\n mid = (mid + Math.imul(ah1, bl5)) | 0;\n hi = (hi + Math.imul(ah1, bh5)) | 0;\n lo = (lo + Math.imul(al0, bl6)) | 0;\n mid = (mid + Math.imul(al0, bh6)) | 0;\n mid = (mid + Math.imul(ah0, bl6)) | 0;\n hi = (hi + Math.imul(ah0, bh6)) | 0;\n var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;\n w6 &= 0x3ffffff;\n /* k = 7 */\n lo = Math.imul(al7, bl0);\n mid = Math.imul(al7, bh0);\n mid = (mid + Math.imul(ah7, bl0)) | 0;\n hi = Math.imul(ah7, bh0);\n lo = (lo + Math.imul(al6, bl1)) | 0;\n mid = (mid + Math.imul(al6, bh1)) | 0;\n mid = (mid + Math.imul(ah6, bl1)) | 0;\n hi = (hi + Math.imul(ah6, bh1)) | 0;\n lo = (lo + Math.imul(al5, bl2)) | 0;\n mid = (mid + Math.imul(al5, bh2)) | 0;\n mid = (mid + Math.imul(ah5, bl2)) | 0;\n hi = (hi + Math.imul(ah5, bh2)) | 0;\n lo = (lo + Math.imul(al4, bl3)) | 0;\n mid = (mid + Math.imul(al4, bh3)) | 0;\n mid = (mid + Math.imul(ah4, bl3)) | 0;\n hi = (hi + Math.imul(ah4, bh3)) | 0;\n lo = (lo + Math.imul(al3, bl4)) | 0;\n mid = (mid + Math.imul(al3, bh4)) | 0;\n mid = (mid + Math.imul(ah3, bl4)) | 0;\n hi = (hi + Math.imul(ah3, bh4)) | 0;\n lo = (lo + Math.imul(al2, bl5)) | 0;\n mid = (mid + Math.imul(al2, bh5)) | 0;\n mid = (mid + Math.imul(ah2, bl5)) | 0;\n hi = (hi + Math.imul(ah2, bh5)) | 0;\n lo = (lo + Math.imul(al1, bl6)) | 0;\n mid = (mid + Math.imul(al1, bh6)) | 0;\n mid = (mid + Math.imul(ah1, bl6)) | 0;\n hi = (hi + Math.imul(ah1, bh6)) | 0;\n lo = (lo + Math.imul(al0, bl7)) | 0;\n mid = (mid + Math.imul(al0, bh7)) | 0;\n mid = (mid + Math.imul(ah0, bl7)) | 0;\n hi = (hi + Math.imul(ah0, bh7)) | 0;\n var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;\n w7 &= 0x3ffffff;\n /* k = 8 */\n lo = Math.imul(al8, bl0);\n mid = Math.imul(al8, bh0);\n mid = (mid + Math.imul(ah8, bl0)) | 0;\n hi = Math.imul(ah8, bh0);\n lo = (lo + Math.imul(al7, bl1)) | 0;\n mid = (mid + Math.imul(al7, bh1)) | 0;\n mid = (mid + Math.imul(ah7, bl1)) | 0;\n hi = (hi + Math.imul(ah7, bh1)) | 0;\n lo = (lo + Math.imul(al6, bl2)) | 0;\n mid = (mid + Math.imul(al6, bh2)) | 0;\n mid = (mid + Math.imul(ah6, bl2)) | 0;\n hi = (hi + Math.imul(ah6, bh2)) | 0;\n lo = (lo + Math.imul(al5, bl3)) | 0;\n mid = (mid + Math.imul(al5, bh3)) | 0;\n mid = (mid + Math.imul(ah5, bl3)) | 0;\n hi = (hi + Math.imul(ah5, bh3)) | 0;\n lo = (lo + Math.imul(al4, bl4)) | 0;\n mid = (mid + Math.imul(al4, bh4)) | 0;\n mid = (mid + Math.imul(ah4, bl4)) | 0;\n hi = (hi + Math.imul(ah4, bh4)) | 0;\n lo = (lo + Math.imul(al3, bl5)) | 0;\n mid = (mid + Math.imul(al3, bh5)) | 0;\n mid = (mid + Math.imul(ah3, bl5)) | 0;\n hi = (hi + Math.imul(ah3, bh5)) | 0;\n lo = (lo + Math.imul(al2, bl6)) | 0;\n mid = (mid + Math.imul(al2, bh6)) | 0;\n mid = (mid + Math.imul(ah2, bl6)) | 0;\n hi = (hi + Math.imul(ah2, bh6)) | 0;\n lo = (lo + Math.imul(al1, bl7)) | 0;\n mid = (mid + Math.imul(al1, bh7)) | 0;\n mid = (mid + Math.imul(ah1, bl7)) | 0;\n hi = (hi + Math.imul(ah1, bh7)) | 0;\n lo = (lo + Math.imul(al0, bl8)) | 0;\n mid = (mid + Math.imul(al0, bh8)) | 0;\n mid = (mid + Math.imul(ah0, bl8)) | 0;\n hi = (hi + Math.imul(ah0, bh8)) | 0;\n var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;\n w8 &= 0x3ffffff;\n /* k = 9 */\n lo = Math.imul(al9, bl0);\n mid = Math.imul(al9, bh0);\n mid = (mid + Math.imul(ah9, bl0)) | 0;\n hi = Math.imul(ah9, bh0);\n lo = (lo + Math.imul(al8, bl1)) | 0;\n mid = (mid + Math.imul(al8, bh1)) | 0;\n mid = (mid + Math.imul(ah8, bl1)) | 0;\n hi = (hi + Math.imul(ah8, bh1)) | 0;\n lo = (lo + Math.imul(al7, bl2)) | 0;\n mid = (mid + Math.imul(al7, bh2)) | 0;\n mid = (mid + Math.imul(ah7, bl2)) | 0;\n hi = (hi + Math.imul(ah7, bh2)) | 0;\n lo = (lo + Math.imul(al6, bl3)) | 0;\n mid = (mid + Math.imul(al6, bh3)) | 0;\n mid = (mid + Math.imul(ah6, bl3)) | 0;\n hi = (hi + Math.imul(ah6, bh3)) | 0;\n lo = (lo + Math.imul(al5, bl4)) | 0;\n mid = (mid + Math.imul(al5, bh4)) | 0;\n mid = (mid + Math.imul(ah5, bl4)) | 0;\n hi = (hi + Math.imul(ah5, bh4)) | 0;\n lo = (lo + Math.imul(al4, bl5)) | 0;\n mid = (mid + Math.imul(al4, bh5)) | 0;\n mid = (mid + Math.imul(ah4, bl5)) | 0;\n hi = (hi + Math.imul(ah4, bh5)) | 0;\n lo = (lo + Math.imul(al3, bl6)) | 0;\n mid = (mid + Math.imul(al3, bh6)) | 0;\n mid = (mid + Math.imul(ah3, bl6)) | 0;\n hi = (hi + Math.imul(ah3, bh6)) | 0;\n lo = (lo + Math.imul(al2, bl7)) | 0;\n mid = (mid + Math.imul(al2, bh7)) | 0;\n mid = (mid + Math.imul(ah2, bl7)) | 0;\n hi = (hi + Math.imul(ah2, bh7)) | 0;\n lo = (lo + Math.imul(al1, bl8)) | 0;\n mid = (mid + Math.imul(al1, bh8)) | 0;\n mid = (mid + Math.imul(ah1, bl8)) | 0;\n hi = (hi + Math.imul(ah1, bh8)) | 0;\n lo = (lo + Math.imul(al0, bl9)) | 0;\n mid = (mid + Math.imul(al0, bh9)) | 0;\n mid = (mid + Math.imul(ah0, bl9)) | 0;\n hi = (hi + Math.imul(ah0, bh9)) | 0;\n var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;\n w9 &= 0x3ffffff;\n /* k = 10 */\n lo = Math.imul(al9, bl1);\n mid = Math.imul(al9, bh1);\n mid = (mid + Math.imul(ah9, bl1)) | 0;\n hi = Math.imul(ah9, bh1);\n lo = (lo + Math.imul(al8, bl2)) | 0;\n mid = (mid + Math.imul(al8, bh2)) | 0;\n mid = (mid + Math.imul(ah8, bl2)) | 0;\n hi = (hi + Math.imul(ah8, bh2)) | 0;\n lo = (lo + Math.imul(al7, bl3)) | 0;\n mid = (mid + Math.imul(al7, bh3)) | 0;\n mid = (mid + Math.imul(ah7, bl3)) | 0;\n hi = (hi + Math.imul(ah7, bh3)) | 0;\n lo = (lo + Math.imul(al6, bl4)) | 0;\n mid = (mid + Math.imul(al6, bh4)) | 0;\n mid = (mid + Math.imul(ah6, bl4)) | 0;\n hi = (hi + Math.imul(ah6, bh4)) | 0;\n lo = (lo + Math.imul(al5, bl5)) | 0;\n mid = (mid + Math.imul(al5, bh5)) | 0;\n mid = (mid + Math.imul(ah5, bl5)) | 0;\n hi = (hi + Math.imul(ah5, bh5)) | 0;\n lo = (lo + Math.imul(al4, bl6)) | 0;\n mid = (mid + Math.imul(al4, bh6)) | 0;\n mid = (mid + Math.imul(ah4, bl6)) | 0;\n hi = (hi + Math.imul(ah4, bh6)) | 0;\n lo = (lo + Math.imul(al3, bl7)) | 0;\n mid = (mid + Math.imul(al3, bh7)) | 0;\n mid = (mid + Math.imul(ah3, bl7)) | 0;\n hi = (hi + Math.imul(ah3, bh7)) | 0;\n lo = (lo + Math.imul(al2, bl8)) | 0;\n mid = (mid + Math.imul(al2, bh8)) | 0;\n mid = (mid + Math.imul(ah2, bl8)) | 0;\n hi = (hi + Math.imul(ah2, bh8)) | 0;\n lo = (lo + Math.imul(al1, bl9)) | 0;\n mid = (mid + Math.imul(al1, bh9)) | 0;\n mid = (mid + Math.imul(ah1, bl9)) | 0;\n hi = (hi + Math.imul(ah1, bh9)) | 0;\n var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;\n w10 &= 0x3ffffff;\n /* k = 11 */\n lo = Math.imul(al9, bl2);\n mid = Math.imul(al9, bh2);\n mid = (mid + Math.imul(ah9, bl2)) | 0;\n hi = Math.imul(ah9, bh2);\n lo = (lo + Math.imul(al8, bl3)) | 0;\n mid = (mid + Math.imul(al8, bh3)) | 0;\n mid = (mid + Math.imul(ah8, bl3)) | 0;\n hi = (hi + Math.imul(ah8, bh3)) | 0;\n lo = (lo + Math.imul(al7, bl4)) | 0;\n mid = (mid + Math.imul(al7, bh4)) | 0;\n mid = (mid + Math.imul(ah7, bl4)) | 0;\n hi = (hi + Math.imul(ah7, bh4)) | 0;\n lo = (lo + Math.imul(al6, bl5)) | 0;\n mid = (mid + Math.imul(al6, bh5)) | 0;\n mid = (mid + Math.imul(ah6, bl5)) | 0;\n hi = (hi + Math.imul(ah6, bh5)) | 0;\n lo = (lo + Math.imul(al5, bl6)) | 0;\n mid = (mid + Math.imul(al5, bh6)) | 0;\n mid = (mid + Math.imul(ah5, bl6)) | 0;\n hi = (hi + Math.imul(ah5, bh6)) | 0;\n lo = (lo + Math.imul(al4, bl7)) | 0;\n mid = (mid + Math.imul(al4, bh7)) | 0;\n mid = (mid + Math.imul(ah4, bl7)) | 0;\n hi = (hi + Math.imul(ah4, bh7)) | 0;\n lo = (lo + Math.imul(al3, bl8)) | 0;\n mid = (mid + Math.imul(al3, bh8)) | 0;\n mid = (mid + Math.imul(ah3, bl8)) | 0;\n hi = (hi + Math.imul(ah3, bh8)) | 0;\n lo = (lo + Math.imul(al2, bl9)) | 0;\n mid = (mid + Math.imul(al2, bh9)) | 0;\n mid = (mid + Math.imul(ah2, bl9)) | 0;\n hi = (hi + Math.imul(ah2, bh9)) | 0;\n var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;\n w11 &= 0x3ffffff;\n /* k = 12 */\n lo = Math.imul(al9, bl3);\n mid = Math.imul(al9, bh3);\n mid = (mid + Math.imul(ah9, bl3)) | 0;\n hi = Math.imul(ah9, bh3);\n lo = (lo + Math.imul(al8, bl4)) | 0;\n mid = (mid + Math.imul(al8, bh4)) | 0;\n mid = (mid + Math.imul(ah8, bl4)) | 0;\n hi = (hi + Math.imul(ah8, bh4)) | 0;\n lo = (lo + Math.imul(al7, bl5)) | 0;\n mid = (mid + Math.imul(al7, bh5)) | 0;\n mid = (mid + Math.imul(ah7, bl5)) | 0;\n hi = (hi + Math.imul(ah7, bh5)) | 0;\n lo = (lo + Math.imul(al6, bl6)) | 0;\n mid = (mid + Math.imul(al6, bh6)) | 0;\n mid = (mid + Math.imul(ah6, bl6)) | 0;\n hi = (hi + Math.imul(ah6, bh6)) | 0;\n lo = (lo + Math.imul(al5, bl7)) | 0;\n mid = (mid + Math.imul(al5, bh7)) | 0;\n mid = (mid + Math.imul(ah5, bl7)) | 0;\n hi = (hi + Math.imul(ah5, bh7)) | 0;\n lo = (lo + Math.imul(al4, bl8)) | 0;\n mid = (mid + Math.imul(al4, bh8)) | 0;\n mid = (mid + Math.imul(ah4, bl8)) | 0;\n hi = (hi + Math.imul(ah4, bh8)) | 0;\n lo = (lo + Math.imul(al3, bl9)) | 0;\n mid = (mid + Math.imul(al3, bh9)) | 0;\n mid = (mid + Math.imul(ah3, bl9)) | 0;\n hi = (hi + Math.imul(ah3, bh9)) | 0;\n var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;\n w12 &= 0x3ffffff;\n /* k = 13 */\n lo = Math.imul(al9, bl4);\n mid = Math.imul(al9, bh4);\n mid = (mid + Math.imul(ah9, bl4)) | 0;\n hi = Math.imul(ah9, bh4);\n lo = (lo + Math.imul(al8, bl5)) | 0;\n mid = (mid + Math.imul(al8, bh5)) | 0;\n mid = (mid + Math.imul(ah8, bl5)) | 0;\n hi = (hi + Math.imul(ah8, bh5)) | 0;\n lo = (lo + Math.imul(al7, bl6)) | 0;\n mid = (mid + Math.imul(al7, bh6)) | 0;\n mid = (mid + Math.imul(ah7, bl6)) | 0;\n hi = (hi + Math.imul(ah7, bh6)) | 0;\n lo = (lo + Math.imul(al6, bl7)) | 0;\n mid = (mid + Math.imul(al6, bh7)) | 0;\n mid = (mid + Math.imul(ah6, bl7)) | 0;\n hi = (hi + Math.imul(ah6, bh7)) | 0;\n lo = (lo + Math.imul(al5, bl8)) | 0;\n mid = (mid + Math.imul(al5, bh8)) | 0;\n mid = (mid + Math.imul(ah5, bl8)) | 0;\n hi = (hi + Math.imul(ah5, bh8)) | 0;\n lo = (lo + Math.imul(al4, bl9)) | 0;\n mid = (mid + Math.imul(al4, bh9)) | 0;\n mid = (mid + Math.imul(ah4, bl9)) | 0;\n hi = (hi + Math.imul(ah4, bh9)) | 0;\n var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;\n w13 &= 0x3ffffff;\n /* k = 14 */\n lo = Math.imul(al9, bl5);\n mid = Math.imul(al9, bh5);\n mid = (mid + Math.imul(ah9, bl5)) | 0;\n hi = Math.imul(ah9, bh5);\n lo = (lo + Math.imul(al8, bl6)) | 0;\n mid = (mid + Math.imul(al8, bh6)) | 0;\n mid = (mid + Math.imul(ah8, bl6)) | 0;\n hi = (hi + Math.imul(ah8, bh6)) | 0;\n lo = (lo + Math.imul(al7, bl7)) | 0;\n mid = (mid + Math.imul(al7, bh7)) | 0;\n mid = (mid + Math.imul(ah7, bl7)) | 0;\n hi = (hi + Math.imul(ah7, bh7)) | 0;\n lo = (lo + Math.imul(al6, bl8)) | 0;\n mid = (mid + Math.imul(al6, bh8)) | 0;\n mid = (mid + Math.imul(ah6, bl8)) | 0;\n hi = (hi + Math.imul(ah6, bh8)) | 0;\n lo = (lo + Math.imul(al5, bl9)) | 0;\n mid = (mid + Math.imul(al5, bh9)) | 0;\n mid = (mid + Math.imul(ah5, bl9)) | 0;\n hi = (hi + Math.imul(ah5, bh9)) | 0;\n var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;\n w14 &= 0x3ffffff;\n /* k = 15 */\n lo = Math.imul(al9, bl6);\n mid = Math.imul(al9, bh6);\n mid = (mid + Math.imul(ah9, bl6)) | 0;\n hi = Math.imul(ah9, bh6);\n lo = (lo + Math.imul(al8, bl7)) | 0;\n mid = (mid + Math.imul(al8, bh7)) | 0;\n mid = (mid + Math.imul(ah8, bl7)) | 0;\n hi = (hi + Math.imul(ah8, bh7)) | 0;\n lo = (lo + Math.imul(al7, bl8)) | 0;\n mid = (mid + Math.imul(al7, bh8)) | 0;\n mid = (mid + Math.imul(ah7, bl8)) | 0;\n hi = (hi + Math.imul(ah7, bh8)) | 0;\n lo = (lo + Math.imul(al6, bl9)) | 0;\n mid = (mid + Math.imul(al6, bh9)) | 0;\n mid = (mid + Math.imul(ah6, bl9)) | 0;\n hi = (hi + Math.imul(ah6, bh9)) | 0;\n var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;\n w15 &= 0x3ffffff;\n /* k = 16 */\n lo = Math.imul(al9, bl7);\n mid = Math.imul(al9, bh7);\n mid = (mid + Math.imul(ah9, bl7)) | 0;\n hi = Math.imul(ah9, bh7);\n lo = (lo + Math.imul(al8, bl8)) | 0;\n mid = (mid + Math.imul(al8, bh8)) | 0;\n mid = (mid + Math.imul(ah8, bl8)) | 0;\n hi = (hi + Math.imul(ah8, bh8)) | 0;\n lo = (lo + Math.imul(al7, bl9)) | 0;\n mid = (mid + Math.imul(al7, bh9)) | 0;\n mid = (mid + Math.imul(ah7, bl9)) | 0;\n hi = (hi + Math.imul(ah7, bh9)) | 0;\n var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;\n w16 &= 0x3ffffff;\n /* k = 17 */\n lo = Math.imul(al9, bl8);\n mid = Math.imul(al9, bh8);\n mid = (mid + Math.imul(ah9, bl8)) | 0;\n hi = Math.imul(ah9, bh8);\n lo = (lo + Math.imul(al8, bl9)) | 0;\n mid = (mid + Math.imul(al8, bh9)) | 0;\n mid = (mid + Math.imul(ah8, bl9)) | 0;\n hi = (hi + Math.imul(ah8, bh9)) | 0;\n var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;\n w17 &= 0x3ffffff;\n /* k = 18 */\n lo = Math.imul(al9, bl9);\n mid = Math.imul(al9, bh9);\n mid = (mid + Math.imul(ah9, bl9)) | 0;\n hi = Math.imul(ah9, bh9);\n var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;\n w18 &= 0x3ffffff;\n o[0] = w0;\n o[1] = w1;\n o[2] = w2;\n o[3] = w3;\n o[4] = w4;\n o[5] = w5;\n o[6] = w6;\n o[7] = w7;\n o[8] = w8;\n o[9] = w9;\n o[10] = w10;\n o[11] = w11;\n o[12] = w12;\n o[13] = w13;\n o[14] = w14;\n o[15] = w15;\n o[16] = w16;\n o[17] = w17;\n o[18] = w18;\n if (c !== 0) {\n o[19] = c;\n out.length++;\n }\n return out;\n };\n\n // Polyfill comb\n if (!Math.imul) {\n comb10MulTo = smallMulTo;\n }\n\n function bigMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n out.length = self.length + num.length;\n\n var carry = 0;\n var hncarry = 0;\n for (var k = 0; k < out.length - 1; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = hncarry;\n hncarry = 0;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = k - j;\n var a = self.words[i] | 0;\n var b = num.words[j] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;\n lo = (lo + rword) | 0;\n rword = lo & 0x3ffffff;\n ncarry = (ncarry + (lo >>> 26)) | 0;\n\n hncarry += ncarry >>> 26;\n ncarry &= 0x3ffffff;\n }\n out.words[k] = rword;\n carry = ncarry;\n ncarry = hncarry;\n }\n if (carry !== 0) {\n out.words[k] = carry;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n function jumboMulTo (self, num, out) {\n var fftm = new FFTM();\n return fftm.mulp(self, num, out);\n }\n\n BN.prototype.mulTo = function mulTo (num, out) {\n var res;\n var len = this.length + num.length;\n if (this.length === 10 && num.length === 10) {\n res = comb10MulTo(this, num, out);\n } else if (len < 63) {\n res = smallMulTo(this, num, out);\n } else if (len < 1024) {\n res = bigMulTo(this, num, out);\n } else {\n res = jumboMulTo(this, num, out);\n }\n\n return res;\n };\n\n // Cooley-Tukey algorithm for FFT\n // slightly revisited to rely on looping instead of recursion\n\n function FFTM (x, y) {\n this.x = x;\n this.y = y;\n }\n\n FFTM.prototype.makeRBT = function makeRBT (N) {\n var t = new Array(N);\n var l = BN.prototype._countBits(N) - 1;\n for (var i = 0; i < N; i++) {\n t[i] = this.revBin(i, l, N);\n }\n\n return t;\n };\n\n // Returns binary-reversed representation of `x`\n FFTM.prototype.revBin = function revBin (x, l, N) {\n if (x === 0 || x === N - 1) return x;\n\n var rb = 0;\n for (var i = 0; i < l; i++) {\n rb |= (x & 1) << (l - i - 1);\n x >>= 1;\n }\n\n return rb;\n };\n\n // Performs \"tweedling\" phase, therefore 'emulating'\n // behaviour of the recursive algorithm\n FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {\n for (var i = 0; i < N; i++) {\n rtws[i] = rws[rbt[i]];\n itws[i] = iws[rbt[i]];\n }\n };\n\n FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {\n this.permute(rbt, rws, iws, rtws, itws, N);\n\n for (var s = 1; s < N; s <<= 1) {\n var l = s << 1;\n\n var rtwdf = Math.cos(2 * Math.PI / l);\n var itwdf = Math.sin(2 * Math.PI / l);\n\n for (var p = 0; p < N; p += l) {\n var rtwdf_ = rtwdf;\n var itwdf_ = itwdf;\n\n for (var j = 0; j < s; j++) {\n var re = rtws[p + j];\n var ie = itws[p + j];\n\n var ro = rtws[p + j + s];\n var io = itws[p + j + s];\n\n var rx = rtwdf_ * ro - itwdf_ * io;\n\n io = rtwdf_ * io + itwdf_ * ro;\n ro = rx;\n\n rtws[p + j] = re + ro;\n itws[p + j] = ie + io;\n\n rtws[p + j + s] = re - ro;\n itws[p + j + s] = ie - io;\n\n /* jshint maxdepth : false */\n if (j !== l) {\n rx = rtwdf * rtwdf_ - itwdf * itwdf_;\n\n itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;\n rtwdf_ = rx;\n }\n }\n }\n }\n };\n\n FFTM.prototype.guessLen13b = function guessLen13b (n, m) {\n var N = Math.max(m, n) | 1;\n var odd = N & 1;\n var i = 0;\n for (N = N / 2 | 0; N; N = N >>> 1) {\n i++;\n }\n\n return 1 << i + 1 + odd;\n };\n\n FFTM.prototype.conjugate = function conjugate (rws, iws, N) {\n if (N <= 1) return;\n\n for (var i = 0; i < N / 2; i++) {\n var t = rws[i];\n\n rws[i] = rws[N - i - 1];\n rws[N - i - 1] = t;\n\n t = iws[i];\n\n iws[i] = -iws[N - i - 1];\n iws[N - i - 1] = -t;\n }\n };\n\n FFTM.prototype.normalize13b = function normalize13b (ws, N) {\n var carry = 0;\n for (var i = 0; i < N / 2; i++) {\n var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +\n Math.round(ws[2 * i] / N) +\n carry;\n\n ws[i] = w & 0x3ffffff;\n\n if (w < 0x4000000) {\n carry = 0;\n } else {\n carry = w / 0x4000000 | 0;\n }\n }\n\n return ws;\n };\n\n FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {\n var carry = 0;\n for (var i = 0; i < len; i++) {\n carry = carry + (ws[i] | 0);\n\n rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;\n rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;\n }\n\n // Pad with zeroes\n for (i = 2 * len; i < N; ++i) {\n rws[i] = 0;\n }\n\n assert(carry === 0);\n assert((carry & ~0x1fff) === 0);\n };\n\n FFTM.prototype.stub = function stub (N) {\n var ph = new Array(N);\n for (var i = 0; i < N; i++) {\n ph[i] = 0;\n }\n\n return ph;\n };\n\n FFTM.prototype.mulp = function mulp (x, y, out) {\n var N = 2 * this.guessLen13b(x.length, y.length);\n\n var rbt = this.makeRBT(N);\n\n var _ = this.stub(N);\n\n var rws = new Array(N);\n var rwst = new Array(N);\n var iwst = new Array(N);\n\n var nrws = new Array(N);\n var nrwst = new Array(N);\n var niwst = new Array(N);\n\n var rmws = out.words;\n rmws.length = N;\n\n this.convert13b(x.words, x.length, rws, N);\n this.convert13b(y.words, y.length, nrws, N);\n\n this.transform(rws, _, rwst, iwst, N, rbt);\n this.transform(nrws, _, nrwst, niwst, N, rbt);\n\n for (var i = 0; i < N; i++) {\n var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];\n iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];\n rwst[i] = rx;\n }\n\n this.conjugate(rwst, iwst, N);\n this.transform(rwst, iwst, rmws, _, N, rbt);\n this.conjugate(rmws, _, N);\n this.normalize13b(rmws, N);\n\n out.negative = x.negative ^ y.negative;\n out.length = x.length + y.length;\n return out.strip();\n };\n\n // Multiply `this` by `num`\n BN.prototype.mul = function mul (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return this.mulTo(num, out);\n };\n\n // Multiply employing FFT\n BN.prototype.mulf = function mulf (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return jumboMulTo(this, num, out);\n };\n\n // In-place Multiplication\n BN.prototype.imul = function imul (num) {\n return this.clone().mulTo(num, this);\n };\n\n BN.prototype.imuln = function imuln (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n\n // Carry\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = (this.words[i] | 0) * num;\n var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);\n carry >>= 26;\n carry += (w / 0x4000000) | 0;\n // NOTE: lo is 27bit maximum\n carry += lo >>> 26;\n this.words[i] = lo & 0x3ffffff;\n }\n\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n\n return this;\n };\n\n BN.prototype.muln = function muln (num) {\n return this.clone().imuln(num);\n };\n\n // `this` * `this`\n BN.prototype.sqr = function sqr () {\n return this.mul(this);\n };\n\n // `this` * `this` in-place\n BN.prototype.isqr = function isqr () {\n return this.imul(this.clone());\n };\n\n // Math.pow(`this`, `num`)\n BN.prototype.pow = function pow (num) {\n var w = toBitArray(num);\n if (w.length === 0) return new BN(1);\n\n // Skip leading zeroes\n var res = this;\n for (var i = 0; i < w.length; i++, res = res.sqr()) {\n if (w[i] !== 0) break;\n }\n\n if (++i < w.length) {\n for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {\n if (w[i] === 0) continue;\n\n res = res.mul(q);\n }\n }\n\n return res;\n };\n\n // Shift-left in-place\n BN.prototype.iushln = function iushln (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);\n var i;\n\n if (r !== 0) {\n var carry = 0;\n\n for (i = 0; i < this.length; i++) {\n var newCarry = this.words[i] & carryMask;\n var c = ((this.words[i] | 0) - newCarry) << r;\n this.words[i] = c | carry;\n carry = newCarry >>> (26 - r);\n }\n\n if (carry) {\n this.words[i] = carry;\n this.length++;\n }\n }\n\n if (s !== 0) {\n for (i = this.length - 1; i >= 0; i--) {\n this.words[i + s] = this.words[i];\n }\n\n for (i = 0; i < s; i++) {\n this.words[i] = 0;\n }\n\n this.length += s;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishln = function ishln (bits) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushln(bits);\n };\n\n // Shift-right in-place\n // NOTE: `hint` is a lowest bit before trailing zeroes\n // NOTE: if `extended` is present - it will be filled with destroyed bits\n BN.prototype.iushrn = function iushrn (bits, hint, extended) {\n assert(typeof bits === 'number' && bits >= 0);\n var h;\n if (hint) {\n h = (hint - (hint % 26)) / 26;\n } else {\n h = 0;\n }\n\n var r = bits % 26;\n var s = Math.min((bits - r) / 26, this.length);\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n var maskedWords = extended;\n\n h -= s;\n h = Math.max(0, h);\n\n // Extended mode, copy masked part\n if (maskedWords) {\n for (var i = 0; i < s; i++) {\n maskedWords.words[i] = this.words[i];\n }\n maskedWords.length = s;\n }\n\n if (s === 0) {\n // No-op, we should not move anything at all\n } else if (this.length > s) {\n this.length -= s;\n for (i = 0; i < this.length; i++) {\n this.words[i] = this.words[i + s];\n }\n } else {\n this.words[0] = 0;\n this.length = 1;\n }\n\n var carry = 0;\n for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {\n var word = this.words[i] | 0;\n this.words[i] = (carry << (26 - r)) | (word >>> r);\n carry = word & mask;\n }\n\n // Push carried bits as a mask\n if (maskedWords && carry !== 0) {\n maskedWords.words[maskedWords.length++] = carry;\n }\n\n if (this.length === 0) {\n this.words[0] = 0;\n this.length = 1;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishrn = function ishrn (bits, hint, extended) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushrn(bits, hint, extended);\n };\n\n // Shift-left\n BN.prototype.shln = function shln (bits) {\n return this.clone().ishln(bits);\n };\n\n BN.prototype.ushln = function ushln (bits) {\n return this.clone().iushln(bits);\n };\n\n // Shift-right\n BN.prototype.shrn = function shrn (bits) {\n return this.clone().ishrn(bits);\n };\n\n BN.prototype.ushrn = function ushrn (bits) {\n return this.clone().iushrn(bits);\n };\n\n // Test if n bit is set\n BN.prototype.testn = function testn (bit) {\n assert(typeof bit === 'number' && bit >= 0);\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) return false;\n\n // Check bit and return\n var w = this.words[s];\n\n return !!(w & q);\n };\n\n // Return only lowers bits of number (in-place)\n BN.prototype.imaskn = function imaskn (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n\n assert(this.negative === 0, 'imaskn works only with positive numbers');\n\n if (this.length <= s) {\n return this;\n }\n\n if (r !== 0) {\n s++;\n }\n this.length = Math.min(s, this.length);\n\n if (r !== 0) {\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n this.words[this.length - 1] &= mask;\n }\n\n return this.strip();\n };\n\n // Return only lowers bits of number\n BN.prototype.maskn = function maskn (bits) {\n return this.clone().imaskn(bits);\n };\n\n // Add plain number `num` to `this`\n BN.prototype.iaddn = function iaddn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.isubn(-num);\n\n // Possible sign change\n if (this.negative !== 0) {\n if (this.length === 1 && (this.words[0] | 0) < num) {\n this.words[0] = num - (this.words[0] | 0);\n this.negative = 0;\n return this;\n }\n\n this.negative = 0;\n this.isubn(num);\n this.negative = 1;\n return this;\n }\n\n // Add without checks\n return this._iaddn(num);\n };\n\n BN.prototype._iaddn = function _iaddn (num) {\n this.words[0] += num;\n\n // Carry\n for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {\n this.words[i] -= 0x4000000;\n if (i === this.length - 1) {\n this.words[i + 1] = 1;\n } else {\n this.words[i + 1]++;\n }\n }\n this.length = Math.max(this.length, i + 1);\n\n return this;\n };\n\n // Subtract plain number `num` from `this`\n BN.prototype.isubn = function isubn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.iaddn(-num);\n\n if (this.negative !== 0) {\n this.negative = 0;\n this.iaddn(num);\n this.negative = 1;\n return this;\n }\n\n this.words[0] -= num;\n\n if (this.length === 1 && this.words[0] < 0) {\n this.words[0] = -this.words[0];\n this.negative = 1;\n } else {\n // Carry\n for (var i = 0; i < this.length && this.words[i] < 0; i++) {\n this.words[i] += 0x4000000;\n this.words[i + 1] -= 1;\n }\n }\n\n return this.strip();\n };\n\n BN.prototype.addn = function addn (num) {\n return this.clone().iaddn(num);\n };\n\n BN.prototype.subn = function subn (num) {\n return this.clone().isubn(num);\n };\n\n BN.prototype.iabs = function iabs () {\n this.negative = 0;\n\n return this;\n };\n\n BN.prototype.abs = function abs () {\n return this.clone().iabs();\n };\n\n BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {\n var len = num.length + shift;\n var i;\n\n this._expand(len);\n\n var w;\n var carry = 0;\n for (i = 0; i < num.length; i++) {\n w = (this.words[i + shift] | 0) + carry;\n var right = (num.words[i] | 0) * mul;\n w -= right & 0x3ffffff;\n carry = (w >> 26) - ((right / 0x4000000) | 0);\n this.words[i + shift] = w & 0x3ffffff;\n }\n for (; i < this.length - shift; i++) {\n w = (this.words[i + shift] | 0) + carry;\n carry = w >> 26;\n this.words[i + shift] = w & 0x3ffffff;\n }\n\n if (carry === 0) return this.strip();\n\n // Subtraction overflow\n assert(carry === -1);\n carry = 0;\n for (i = 0; i < this.length; i++) {\n w = -(this.words[i] | 0) + carry;\n carry = w >> 26;\n this.words[i] = w & 0x3ffffff;\n }\n this.negative = 1;\n\n return this.strip();\n };\n\n BN.prototype._wordDiv = function _wordDiv (num, mode) {\n var shift = this.length - num.length;\n\n var a = this.clone();\n var b = num;\n\n // Normalize\n var bhi = b.words[b.length - 1] | 0;\n var bhiBits = this._countBits(bhi);\n shift = 26 - bhiBits;\n if (shift !== 0) {\n b = b.ushln(shift);\n a.iushln(shift);\n bhi = b.words[b.length - 1] | 0;\n }\n\n // Initialize quotient\n var m = a.length - b.length;\n var q;\n\n if (mode !== 'mod') {\n q = new BN(null);\n q.length = m + 1;\n q.words = new Array(q.length);\n for (var i = 0; i < q.length; i++) {\n q.words[i] = 0;\n }\n }\n\n var diff = a.clone()._ishlnsubmul(b, 1, m);\n if (diff.negative === 0) {\n a = diff;\n if (q) {\n q.words[m] = 1;\n }\n }\n\n for (var j = m - 1; j >= 0; j--) {\n var qj = (a.words[b.length + j] | 0) * 0x4000000 +\n (a.words[b.length + j - 1] | 0);\n\n // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max\n // (0x7ffffff)\n qj = Math.min((qj / bhi) | 0, 0x3ffffff);\n\n a._ishlnsubmul(b, qj, j);\n while (a.negative !== 0) {\n qj--;\n a.negative = 0;\n a._ishlnsubmul(b, 1, j);\n if (!a.isZero()) {\n a.negative ^= 1;\n }\n }\n if (q) {\n q.words[j] = qj;\n }\n }\n if (q) {\n q.strip();\n }\n a.strip();\n\n // Denormalize\n if (mode !== 'div' && shift !== 0) {\n a.iushrn(shift);\n }\n\n return {\n div: q || null,\n mod: a\n };\n };\n\n // NOTE: 1) `mode` can be set to `mod` to request mod only,\n // to `div` to request div only, or be absent to\n // request both div & mod\n // 2) `positive` is true if unsigned mod is requested\n BN.prototype.divmod = function divmod (num, mode, positive) {\n assert(!num.isZero());\n\n if (this.isZero()) {\n return {\n div: new BN(0),\n mod: new BN(0)\n };\n }\n\n var div, mod, res;\n if (this.negative !== 0 && num.negative === 0) {\n res = this.neg().divmod(num, mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.iadd(num);\n }\n }\n\n return {\n div: div,\n mod: mod\n };\n }\n\n if (this.negative === 0 && num.negative !== 0) {\n res = this.divmod(num.neg(), mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n return {\n div: div,\n mod: res.mod\n };\n }\n\n if ((this.negative & num.negative) !== 0) {\n res = this.neg().divmod(num.neg(), mode);\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.isub(num);\n }\n }\n\n return {\n div: res.div,\n mod: mod\n };\n }\n\n // Both numbers are positive at this point\n\n // Strip both numbers to approximate shift value\n if (num.length > this.length || this.cmp(num) < 0) {\n return {\n div: new BN(0),\n mod: this\n };\n }\n\n // Very short reduction\n if (num.length === 1) {\n if (mode === 'div') {\n return {\n div: this.divn(num.words[0]),\n mod: null\n };\n }\n\n if (mode === 'mod') {\n return {\n div: null,\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return {\n div: this.divn(num.words[0]),\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return this._wordDiv(num, mode);\n };\n\n // Find `this` / `num`\n BN.prototype.div = function div (num) {\n return this.divmod(num, 'div', false).div;\n };\n\n // Find `this` % `num`\n BN.prototype.mod = function mod (num) {\n return this.divmod(num, 'mod', false).mod;\n };\n\n BN.prototype.umod = function umod (num) {\n return this.divmod(num, 'mod', true).mod;\n };\n\n // Find Round(`this` / `num`)\n BN.prototype.divRound = function divRound (num) {\n var dm = this.divmod(num);\n\n // Fast case - exact division\n if (dm.mod.isZero()) return dm.div;\n\n var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;\n\n var half = num.ushrn(1);\n var r2 = num.andln(1);\n var cmp = mod.cmp(half);\n\n // Round down\n if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;\n\n // Round up\n return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);\n };\n\n BN.prototype.modn = function modn (num) {\n assert(num <= 0x3ffffff);\n var p = (1 << 26) % num;\n\n var acc = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n acc = (p * acc + (this.words[i] | 0)) % num;\n }\n\n return acc;\n };\n\n // In-place division by number\n BN.prototype.idivn = function idivn (num) {\n assert(num <= 0x3ffffff);\n\n var carry = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var w = (this.words[i] | 0) + carry * 0x4000000;\n this.words[i] = (w / num) | 0;\n carry = w % num;\n }\n\n return this.strip();\n };\n\n BN.prototype.divn = function divn (num) {\n return this.clone().idivn(num);\n };\n\n BN.prototype.egcd = function egcd (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var x = this;\n var y = p.clone();\n\n if (x.negative !== 0) {\n x = x.umod(p);\n } else {\n x = x.clone();\n }\n\n // A * x + B * y = x\n var A = new BN(1);\n var B = new BN(0);\n\n // C * x + D * y = y\n var C = new BN(0);\n var D = new BN(1);\n\n var g = 0;\n\n while (x.isEven() && y.isEven()) {\n x.iushrn(1);\n y.iushrn(1);\n ++g;\n }\n\n var yp = y.clone();\n var xp = x.clone();\n\n while (!x.isZero()) {\n for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n x.iushrn(i);\n while (i-- > 0) {\n if (A.isOdd() || B.isOdd()) {\n A.iadd(yp);\n B.isub(xp);\n }\n\n A.iushrn(1);\n B.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n y.iushrn(j);\n while (j-- > 0) {\n if (C.isOdd() || D.isOdd()) {\n C.iadd(yp);\n D.isub(xp);\n }\n\n C.iushrn(1);\n D.iushrn(1);\n }\n }\n\n if (x.cmp(y) >= 0) {\n x.isub(y);\n A.isub(C);\n B.isub(D);\n } else {\n y.isub(x);\n C.isub(A);\n D.isub(B);\n }\n }\n\n return {\n a: C,\n b: D,\n gcd: y.iushln(g)\n };\n };\n\n // This is reduced incarnation of the binary EEA\n // above, designated to invert members of the\n // _prime_ fields F(p) at a maximal speed\n BN.prototype._invmp = function _invmp (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var a = this;\n var b = p.clone();\n\n if (a.negative !== 0) {\n a = a.umod(p);\n } else {\n a = a.clone();\n }\n\n var x1 = new BN(1);\n var x2 = new BN(0);\n\n var delta = b.clone();\n\n while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {\n for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n a.iushrn(i);\n while (i-- > 0) {\n if (x1.isOdd()) {\n x1.iadd(delta);\n }\n\n x1.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n b.iushrn(j);\n while (j-- > 0) {\n if (x2.isOdd()) {\n x2.iadd(delta);\n }\n\n x2.iushrn(1);\n }\n }\n\n if (a.cmp(b) >= 0) {\n a.isub(b);\n x1.isub(x2);\n } else {\n b.isub(a);\n x2.isub(x1);\n }\n }\n\n var res;\n if (a.cmpn(1) === 0) {\n res = x1;\n } else {\n res = x2;\n }\n\n if (res.cmpn(0) < 0) {\n res.iadd(p);\n }\n\n return res;\n };\n\n BN.prototype.gcd = function gcd (num) {\n if (this.isZero()) return num.abs();\n if (num.isZero()) return this.abs();\n\n var a = this.clone();\n var b = num.clone();\n a.negative = 0;\n b.negative = 0;\n\n // Remove common factor of two\n for (var shift = 0; a.isEven() && b.isEven(); shift++) {\n a.iushrn(1);\n b.iushrn(1);\n }\n\n do {\n while (a.isEven()) {\n a.iushrn(1);\n }\n while (b.isEven()) {\n b.iushrn(1);\n }\n\n var r = a.cmp(b);\n if (r < 0) {\n // Swap `a` and `b` to make `a` always bigger than `b`\n var t = a;\n a = b;\n b = t;\n } else if (r === 0 || b.cmpn(1) === 0) {\n break;\n }\n\n a.isub(b);\n } while (true);\n\n return b.iushln(shift);\n };\n\n // Invert number in the field F(num)\n BN.prototype.invm = function invm (num) {\n return this.egcd(num).a.umod(num);\n };\n\n BN.prototype.isEven = function isEven () {\n return (this.words[0] & 1) === 0;\n };\n\n BN.prototype.isOdd = function isOdd () {\n return (this.words[0] & 1) === 1;\n };\n\n // And first word and num\n BN.prototype.andln = function andln (num) {\n return this.words[0] & num;\n };\n\n // Increment at the bit position in-line\n BN.prototype.bincn = function bincn (bit) {\n assert(typeof bit === 'number');\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) {\n this._expand(s + 1);\n this.words[s] |= q;\n return this;\n }\n\n // Add bit and propagate, if needed\n var carry = q;\n for (var i = s; carry !== 0 && i < this.length; i++) {\n var w = this.words[i] | 0;\n w += carry;\n carry = w >>> 26;\n w &= 0x3ffffff;\n this.words[i] = w;\n }\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n return this;\n };\n\n BN.prototype.isZero = function isZero () {\n return this.length === 1 && this.words[0] === 0;\n };\n\n BN.prototype.cmpn = function cmpn (num) {\n var negative = num < 0;\n\n if (this.negative !== 0 && !negative) return -1;\n if (this.negative === 0 && negative) return 1;\n\n this.strip();\n\n var res;\n if (this.length > 1) {\n res = 1;\n } else {\n if (negative) {\n num = -num;\n }\n\n assert(num <= 0x3ffffff, 'Number is too big');\n\n var w = this.words[0] | 0;\n res = w === num ? 0 : w < num ? -1 : 1;\n }\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Compare two numbers and return:\n // 1 - if `this` > `num`\n // 0 - if `this` == `num`\n // -1 - if `this` < `num`\n BN.prototype.cmp = function cmp (num) {\n if (this.negative !== 0 && num.negative === 0) return -1;\n if (this.negative === 0 && num.negative !== 0) return 1;\n\n var res = this.ucmp(num);\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Unsigned comparison\n BN.prototype.ucmp = function ucmp (num) {\n // At this point both numbers have the same sign\n if (this.length > num.length) return 1;\n if (this.length < num.length) return -1;\n\n var res = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var a = this.words[i] | 0;\n var b = num.words[i] | 0;\n\n if (a === b) continue;\n if (a < b) {\n res = -1;\n } else if (a > b) {\n res = 1;\n }\n break;\n }\n return res;\n };\n\n BN.prototype.gtn = function gtn (num) {\n return this.cmpn(num) === 1;\n };\n\n BN.prototype.gt = function gt (num) {\n return this.cmp(num) === 1;\n };\n\n BN.prototype.gten = function gten (num) {\n return this.cmpn(num) >= 0;\n };\n\n BN.prototype.gte = function gte (num) {\n return this.cmp(num) >= 0;\n };\n\n BN.prototype.ltn = function ltn (num) {\n return this.cmpn(num) === -1;\n };\n\n BN.prototype.lt = function lt (num) {\n return this.cmp(num) === -1;\n };\n\n BN.prototype.lten = function lten (num) {\n return this.cmpn(num) <= 0;\n };\n\n BN.prototype.lte = function lte (num) {\n return this.cmp(num) <= 0;\n };\n\n BN.prototype.eqn = function eqn (num) {\n return this.cmpn(num) === 0;\n };\n\n BN.prototype.eq = function eq (num) {\n return this.cmp(num) === 0;\n };\n\n //\n // A reduce context, could be using montgomery or something better, depending\n // on the `m` itself.\n //\n BN.red = function red (num) {\n return new Red(num);\n };\n\n BN.prototype.toRed = function toRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n assert(this.negative === 0, 'red works only with positives');\n return ctx.convertTo(this)._forceRed(ctx);\n };\n\n BN.prototype.fromRed = function fromRed () {\n assert(this.red, 'fromRed works only with numbers in reduction context');\n return this.red.convertFrom(this);\n };\n\n BN.prototype._forceRed = function _forceRed (ctx) {\n this.red = ctx;\n return this;\n };\n\n BN.prototype.forceRed = function forceRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n return this._forceRed(ctx);\n };\n\n BN.prototype.redAdd = function redAdd (num) {\n assert(this.red, 'redAdd works only with red numbers');\n return this.red.add(this, num);\n };\n\n BN.prototype.redIAdd = function redIAdd (num) {\n assert(this.red, 'redIAdd works only with red numbers');\n return this.red.iadd(this, num);\n };\n\n BN.prototype.redSub = function redSub (num) {\n assert(this.red, 'redSub works only with red numbers');\n return this.red.sub(this, num);\n };\n\n BN.prototype.redISub = function redISub (num) {\n assert(this.red, 'redISub works only with red numbers');\n return this.red.isub(this, num);\n };\n\n BN.prototype.redShl = function redShl (num) {\n assert(this.red, 'redShl works only with red numbers');\n return this.red.shl(this, num);\n };\n\n BN.prototype.redMul = function redMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.mul(this, num);\n };\n\n BN.prototype.redIMul = function redIMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.imul(this, num);\n };\n\n BN.prototype.redSqr = function redSqr () {\n assert(this.red, 'redSqr works only with red numbers');\n this.red._verify1(this);\n return this.red.sqr(this);\n };\n\n BN.prototype.redISqr = function redISqr () {\n assert(this.red, 'redISqr works only with red numbers');\n this.red._verify1(this);\n return this.red.isqr(this);\n };\n\n // Square root over p\n BN.prototype.redSqrt = function redSqrt () {\n assert(this.red, 'redSqrt works only with red numbers');\n this.red._verify1(this);\n return this.red.sqrt(this);\n };\n\n BN.prototype.redInvm = function redInvm () {\n assert(this.red, 'redInvm works only with red numbers');\n this.red._verify1(this);\n return this.red.invm(this);\n };\n\n // Return negative clone of `this` % `red modulo`\n BN.prototype.redNeg = function redNeg () {\n assert(this.red, 'redNeg works only with red numbers');\n this.red._verify1(this);\n return this.red.neg(this);\n };\n\n BN.prototype.redPow = function redPow (num) {\n assert(this.red && !num.red, 'redPow(normalNum)');\n this.red._verify1(this);\n return this.red.pow(this, num);\n };\n\n // Prime numbers with efficient reduction\n var primes = {\n k256: null,\n p224: null,\n p192: null,\n p25519: null\n };\n\n // Pseudo-Mersenne prime\n function MPrime (name, p) {\n // P = 2 ^ N - K\n this.name = name;\n this.p = new BN(p, 16);\n this.n = this.p.bitLength();\n this.k = new BN(1).iushln(this.n).isub(this.p);\n\n this.tmp = this._tmp();\n }\n\n MPrime.prototype._tmp = function _tmp () {\n var tmp = new BN(null);\n tmp.words = new Array(Math.ceil(this.n / 13));\n return tmp;\n };\n\n MPrime.prototype.ireduce = function ireduce (num) {\n // Assumes that `num` is less than `P^2`\n // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)\n var r = num;\n var rlen;\n\n do {\n this.split(r, this.tmp);\n r = this.imulK(r);\n r = r.iadd(this.tmp);\n rlen = r.bitLength();\n } while (rlen > this.n);\n\n var cmp = rlen < this.n ? -1 : r.ucmp(this.p);\n if (cmp === 0) {\n r.words[0] = 0;\n r.length = 1;\n } else if (cmp > 0) {\n r.isub(this.p);\n } else {\n r.strip();\n }\n\n return r;\n };\n\n MPrime.prototype.split = function split (input, out) {\n input.iushrn(this.n, 0, out);\n };\n\n MPrime.prototype.imulK = function imulK (num) {\n return num.imul(this.k);\n };\n\n function K256 () {\n MPrime.call(\n this,\n 'k256',\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');\n }\n inherits(K256, MPrime);\n\n K256.prototype.split = function split (input, output) {\n // 256 = 9 * 26 + 22\n var mask = 0x3fffff;\n\n var outLen = Math.min(input.length, 9);\n for (var i = 0; i < outLen; i++) {\n output.words[i] = input.words[i];\n }\n output.length = outLen;\n\n if (input.length <= 9) {\n input.words[0] = 0;\n input.length = 1;\n return;\n }\n\n // Shift by 9 limbs\n var prev = input.words[9];\n output.words[output.length++] = prev & mask;\n\n for (i = 10; i < input.length; i++) {\n var next = input.words[i] | 0;\n input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);\n prev = next;\n }\n prev >>>= 22;\n input.words[i - 10] = prev;\n if (prev === 0 && input.length > 10) {\n input.length -= 10;\n } else {\n input.length -= 9;\n }\n };\n\n K256.prototype.imulK = function imulK (num) {\n // K = 0x1000003d1 = [ 0x40, 0x3d1 ]\n num.words[num.length] = 0;\n num.words[num.length + 1] = 0;\n num.length += 2;\n\n // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390\n var lo = 0;\n for (var i = 0; i < num.length; i++) {\n var w = num.words[i] | 0;\n lo += w * 0x3d1;\n num.words[i] = lo & 0x3ffffff;\n lo = w * 0x40 + ((lo / 0x4000000) | 0);\n }\n\n // Fast length reduction\n if (num.words[num.length - 1] === 0) {\n num.length--;\n if (num.words[num.length - 1] === 0) {\n num.length--;\n }\n }\n return num;\n };\n\n function P224 () {\n MPrime.call(\n this,\n 'p224',\n 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');\n }\n inherits(P224, MPrime);\n\n function P192 () {\n MPrime.call(\n this,\n 'p192',\n 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');\n }\n inherits(P192, MPrime);\n\n function P25519 () {\n // 2 ^ 255 - 19\n MPrime.call(\n this,\n '25519',\n '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');\n }\n inherits(P25519, MPrime);\n\n P25519.prototype.imulK = function imulK (num) {\n // K = 0x13\n var carry = 0;\n for (var i = 0; i < num.length; i++) {\n var hi = (num.words[i] | 0) * 0x13 + carry;\n var lo = hi & 0x3ffffff;\n hi >>>= 26;\n\n num.words[i] = lo;\n carry = hi;\n }\n if (carry !== 0) {\n num.words[num.length++] = carry;\n }\n return num;\n };\n\n // Exported mostly for testing purposes, use plain name instead\n BN._prime = function prime (name) {\n // Cached version of prime\n if (primes[name]) return primes[name];\n\n var prime;\n if (name === 'k256') {\n prime = new K256();\n } else if (name === 'p224') {\n prime = new P224();\n } else if (name === 'p192') {\n prime = new P192();\n } else if (name === 'p25519') {\n prime = new P25519();\n } else {\n throw new Error('Unknown prime ' + name);\n }\n primes[name] = prime;\n\n return prime;\n };\n\n //\n // Base reduction engine\n //\n function Red (m) {\n if (typeof m === 'string') {\n var prime = BN._prime(m);\n this.m = prime.p;\n this.prime = prime;\n } else {\n assert(m.gtn(1), 'modulus must be greater than 1');\n this.m = m;\n this.prime = null;\n }\n }\n\n Red.prototype._verify1 = function _verify1 (a) {\n assert(a.negative === 0, 'red works only with positives');\n assert(a.red, 'red works only with red numbers');\n };\n\n Red.prototype._verify2 = function _verify2 (a, b) {\n assert((a.negative | b.negative) === 0, 'red works only with positives');\n assert(a.red && a.red === b.red,\n 'red works only with red numbers');\n };\n\n Red.prototype.imod = function imod (a) {\n if (this.prime) return this.prime.ireduce(a)._forceRed(this);\n return a.umod(this.m)._forceRed(this);\n };\n\n Red.prototype.neg = function neg (a) {\n if (a.isZero()) {\n return a.clone();\n }\n\n return this.m.sub(a)._forceRed(this);\n };\n\n Red.prototype.add = function add (a, b) {\n this._verify2(a, b);\n\n var res = a.add(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.iadd = function iadd (a, b) {\n this._verify2(a, b);\n\n var res = a.iadd(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res;\n };\n\n Red.prototype.sub = function sub (a, b) {\n this._verify2(a, b);\n\n var res = a.sub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.isub = function isub (a, b) {\n this._verify2(a, b);\n\n var res = a.isub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res;\n };\n\n Red.prototype.shl = function shl (a, num) {\n this._verify1(a);\n return this.imod(a.ushln(num));\n };\n\n Red.prototype.imul = function imul (a, b) {\n this._verify2(a, b);\n return this.imod(a.imul(b));\n };\n\n Red.prototype.mul = function mul (a, b) {\n this._verify2(a, b);\n return this.imod(a.mul(b));\n };\n\n Red.prototype.isqr = function isqr (a) {\n return this.imul(a, a.clone());\n };\n\n Red.prototype.sqr = function sqr (a) {\n return this.mul(a, a);\n };\n\n Red.prototype.sqrt = function sqrt (a) {\n if (a.isZero()) return a.clone();\n\n var mod3 = this.m.andln(3);\n assert(mod3 % 2 === 1);\n\n // Fast case\n if (mod3 === 3) {\n var pow = this.m.add(new BN(1)).iushrn(2);\n return this.pow(a, pow);\n }\n\n // Tonelli-Shanks algorithm (Totally unoptimized and slow)\n //\n // Find Q and S, that Q * 2 ^ S = (P - 1)\n var q = this.m.subn(1);\n var s = 0;\n while (!q.isZero() && q.andln(1) === 0) {\n s++;\n q.iushrn(1);\n }\n assert(!q.isZero());\n\n var one = new BN(1).toRed(this);\n var nOne = one.redNeg();\n\n // Find quadratic non-residue\n // NOTE: Max is such because of generalized Riemann hypothesis.\n var lpow = this.m.subn(1).iushrn(1);\n var z = this.m.bitLength();\n z = new BN(2 * z * z).toRed(this);\n\n while (this.pow(z, lpow).cmp(nOne) !== 0) {\n z.redIAdd(nOne);\n }\n\n var c = this.pow(z, q);\n var r = this.pow(a, q.addn(1).iushrn(1));\n var t = this.pow(a, q);\n var m = s;\n while (t.cmp(one) !== 0) {\n var tmp = t;\n for (var i = 0; tmp.cmp(one) !== 0; i++) {\n tmp = tmp.redSqr();\n }\n assert(i < m);\n var b = this.pow(c, new BN(1).iushln(m - i - 1));\n\n r = r.redMul(b);\n c = b.redSqr();\n t = t.redMul(c);\n m = i;\n }\n\n return r;\n };\n\n Red.prototype.invm = function invm (a) {\n var inv = a._invmp(this.m);\n if (inv.negative !== 0) {\n inv.negative = 0;\n return this.imod(inv).redNeg();\n } else {\n return this.imod(inv);\n }\n };\n\n Red.prototype.pow = function pow (a, num) {\n if (num.isZero()) return new BN(1).toRed(this);\n if (num.cmpn(1) === 0) return a.clone();\n\n var windowSize = 4;\n var wnd = new Array(1 << windowSize);\n wnd[0] = new BN(1).toRed(this);\n wnd[1] = a;\n for (var i = 2; i < wnd.length; i++) {\n wnd[i] = this.mul(wnd[i - 1], a);\n }\n\n var res = wnd[0];\n var current = 0;\n var currentLen = 0;\n var start = num.bitLength() % 26;\n if (start === 0) {\n start = 26;\n }\n\n for (i = num.length - 1; i >= 0; i--) {\n var word = num.words[i];\n for (var j = start - 1; j >= 0; j--) {\n var bit = (word >> j) & 1;\n if (res !== wnd[0]) {\n res = this.sqr(res);\n }\n\n if (bit === 0 && current === 0) {\n currentLen = 0;\n continue;\n }\n\n current <<= 1;\n current |= bit;\n currentLen++;\n if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;\n\n res = this.mul(res, wnd[current]);\n currentLen = 0;\n current = 0;\n }\n start = 26;\n }\n\n return res;\n };\n\n Red.prototype.convertTo = function convertTo (num) {\n var r = num.umod(this.m);\n\n return r === num ? r.clone() : r;\n };\n\n Red.prototype.convertFrom = function convertFrom (num) {\n var res = num.clone();\n res.red = null;\n return res;\n };\n\n //\n // Montgomery method engine\n //\n\n BN.mont = function mont (num) {\n return new Mont(num);\n };\n\n function Mont (m) {\n Red.call(this, m);\n\n this.shift = this.m.bitLength();\n if (this.shift % 26 !== 0) {\n this.shift += 26 - (this.shift % 26);\n }\n\n this.r = new BN(1).iushln(this.shift);\n this.r2 = this.imod(this.r.sqr());\n this.rinv = this.r._invmp(this.m);\n\n this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);\n this.minv = this.minv.umod(this.r);\n this.minv = this.r.sub(this.minv);\n }\n inherits(Mont, Red);\n\n Mont.prototype.convertTo = function convertTo (num) {\n return this.imod(num.ushln(this.shift));\n };\n\n Mont.prototype.convertFrom = function convertFrom (num) {\n var r = this.imod(num.mul(this.rinv));\n r.red = null;\n return r;\n };\n\n Mont.prototype.imul = function imul (a, b) {\n if (a.isZero() || b.isZero()) {\n a.words[0] = 0;\n a.length = 1;\n return a;\n }\n\n var t = a.imul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.mul = function mul (a, b) {\n if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);\n\n var t = a.mul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.invm = function invm (a) {\n // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R\n var res = this.imod(a._invmp(this.m).mul(this.r2));\n return res._forceRed(this);\n };\n})(typeof module === 'undefined' || module, this);\n","import BN from 'bn.js';\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * Wrapper of bn.js library (wwww.github.com/indutny/bn.js)\n * @module biginteger/bn\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n this.value = new BN(n);\n }\n\n clone() {\n const clone = new BigInteger(null);\n this.value.copy(clone.value);\n return clone;\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value.iadd(new BN(1));\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value.isub(new BN(1));\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value.iadd(x.value);\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value.isub(x.value);\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value.imul(x.value);\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value = this.value.umod(m.value);\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation\n * Much faster than this.exp(e).mod(n)\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n // We use either Montgomery or normal reduction context\n // Montgomery requires coprime n and R (montogmery multiplier)\n // bn.js picks R as power of 2, so n must be odd\n const nred = n.isEven() ? BN.red(n.value) : BN.mont(n.value);\n const x = this.clone();\n x.value = x.value.toRed(nred).redPow(e.value).fromRed();\n return x;\n }\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n // invm returns a wrong result if the inverse does not exist\n if (!this.gcd(n).isOne()) {\n throw new Error('Inverse does not exist');\n }\n return new BigInteger(this.value.invm(n.value));\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} n - Operand\n * @returns {BigInteger} gcd\n */\n gcd(n) {\n return new BigInteger(this.value.gcd(n.value));\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value.ishln(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value.ishrn(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value.eq(x.value);\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value.lt(x.value);\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value.lte(x.value);\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value.gt(x.value);\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value.gte(x.value);\n }\n\n isZero() {\n return this.value.isZero();\n }\n\n isOne() {\n return this.value.eq(new BN(1));\n }\n\n isNegative() {\n return this.value.isNeg();\n }\n\n isEven() {\n return this.value.isEven();\n }\n\n abs() {\n const res = this.clone();\n res.value = res.value.abs();\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n return this.value.toNumber();\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n return this.value.testn(i) ? 1 : 0;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n return this.value.bitLength();\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n return this.value.byteLength();\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n return this.value.toArrayLike(Uint8Array, endian, length);\n }\n}\n","var r;\n\nmodule.exports = function rand(len) {\n if (!r)\n r = new Rand(null);\n\n return r.generate(len);\n};\n\nfunction Rand(rand) {\n this.rand = rand;\n}\nmodule.exports.Rand = Rand;\n\nRand.prototype.generate = function generate(len) {\n return this._rand(len);\n};\n\n// Emulate crypto API using randy\nRand.prototype._rand = function _rand(n) {\n if (this.rand.getBytes)\n return this.rand.getBytes(n);\n\n var res = new Uint8Array(n);\n for (var i = 0; i < res.length; i++)\n res[i] = this.rand.getByte();\n return res;\n};\n\nif (typeof self === 'object') {\n if (self.crypto && self.crypto.getRandomValues) {\n // Modern browsers\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.crypto.getRandomValues(arr);\n return arr;\n };\n } else if (self.msCrypto && self.msCrypto.getRandomValues) {\n // IE\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.msCrypto.getRandomValues(arr);\n return arr;\n };\n\n // Safari's WebWorkers do not have `crypto`\n } else if (typeof window === 'object') {\n // Old junk\n Rand.prototype._rand = function() {\n throw new Error('Not implemented yet');\n };\n }\n} else {\n // Node.js or Web worker with no crypto support\n try {\n var crypto = require('crypto');\n if (typeof crypto.randomBytes !== 'function')\n throw new Error('Not supported');\n\n Rand.prototype._rand = function _rand(n) {\n return crypto.randomBytes(n);\n };\n } catch (e) {\n }\n}\n","'use strict';\n\nvar utils = exports;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg !== 'string') {\n for (var i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n return res;\n }\n if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (var i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n } else {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n }\n return res;\n}\nutils.toArray = toArray;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nutils.zero2 = zero2;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nutils.toHex = toHex;\n\nutils.encode = function encode(arr, enc) {\n if (enc === 'hex')\n return toHex(arr);\n else\n return arr;\n};\n","'use strict';\n\nvar utils = exports;\nvar BN = require('bn.js');\nvar minAssert = require('minimalistic-assert');\nvar minUtils = require('minimalistic-crypto-utils');\n\nutils.assert = minAssert;\nutils.toArray = minUtils.toArray;\nutils.zero2 = minUtils.zero2;\nutils.toHex = minUtils.toHex;\nutils.encode = minUtils.encode;\n\n// Represent num in a w-NAF form\nfunction getNAF(num, w) {\n var naf = [];\n var ws = 1 << (w + 1);\n var k = num.clone();\n while (k.cmpn(1) >= 0) {\n var z;\n if (k.isOdd()) {\n var mod = k.andln(ws - 1);\n if (mod > (ws >> 1) - 1)\n z = (ws >> 1) - mod;\n else\n z = mod;\n k.isubn(z);\n } else {\n z = 0;\n }\n naf.push(z);\n\n // Optimization, shift by word if possible\n var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;\n for (var i = 1; i < shift; i++)\n naf.push(0);\n k.iushrn(shift);\n }\n\n return naf;\n}\nutils.getNAF = getNAF;\n\n// Represent k1, k2 in a Joint Sparse Form\nfunction getJSF(k1, k2) {\n var jsf = [\n [],\n []\n ];\n\n k1 = k1.clone();\n k2 = k2.clone();\n var d1 = 0;\n var d2 = 0;\n while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {\n\n // First phase\n var m14 = (k1.andln(3) + d1) & 3;\n var m24 = (k2.andln(3) + d2) & 3;\n if (m14 === 3)\n m14 = -1;\n if (m24 === 3)\n m24 = -1;\n var u1;\n if ((m14 & 1) === 0) {\n u1 = 0;\n } else {\n var m8 = (k1.andln(7) + d1) & 7;\n if ((m8 === 3 || m8 === 5) && m24 === 2)\n u1 = -m14;\n else\n u1 = m14;\n }\n jsf[0].push(u1);\n\n var u2;\n if ((m24 & 1) === 0) {\n u2 = 0;\n } else {\n var m8 = (k2.andln(7) + d2) & 7;\n if ((m8 === 3 || m8 === 5) && m14 === 2)\n u2 = -m24;\n else\n u2 = m24;\n }\n jsf[1].push(u2);\n\n // Second phase\n if (2 * d1 === u1 + 1)\n d1 = 1 - d1;\n if (2 * d2 === u2 + 1)\n d2 = 1 - d2;\n k1.iushrn(1);\n k2.iushrn(1);\n }\n\n return jsf;\n}\nutils.getJSF = getJSF;\n\nfunction cachedProperty(obj, name, computer) {\n var key = '_' + name;\n obj.prototype[name] = function cachedProperty() {\n return this[key] !== undefined ? this[key] :\n this[key] = computer.call(this);\n };\n}\nutils.cachedProperty = cachedProperty;\n\nfunction parseBytes(bytes) {\n return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :\n bytes;\n}\nutils.parseBytes = parseBytes;\n\nfunction intFromLE(bytes) {\n return new BN(bytes, 'hex', 'le');\n}\nutils.intFromLE = intFromLE;\n\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar getNAF = utils.getNAF;\nvar getJSF = utils.getJSF;\nvar assert = utils.assert;\n\nfunction BaseCurve(type, conf) {\n this.type = type;\n this.p = new BN(conf.p, 16);\n\n // Use Montgomery, when there is no fast reduction for the prime\n this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);\n\n // Useful for many curves\n this.zero = new BN(0).toRed(this.red);\n this.one = new BN(1).toRed(this.red);\n this.two = new BN(2).toRed(this.red);\n\n // Curve configuration, optional\n this.n = conf.n && new BN(conf.n, 16);\n this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);\n\n // Temporary arrays\n this._wnafT1 = new Array(4);\n this._wnafT2 = new Array(4);\n this._wnafT3 = new Array(4);\n this._wnafT4 = new Array(4);\n\n // Generalized Greg Maxwell's trick\n var adjustCount = this.n && this.p.div(this.n);\n if (!adjustCount || adjustCount.cmpn(100) > 0) {\n this.redN = null;\n } else {\n this._maxwellTrick = true;\n this.redN = this.n.toRed(this.red);\n }\n}\nmodule.exports = BaseCurve;\n\nBaseCurve.prototype.point = function point() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype.validate = function validate() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {\n assert(p.precomputed);\n var doubles = p._getDoubles();\n\n var naf = getNAF(k, 1);\n var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);\n I /= 3;\n\n // Translate into more windowed form\n var repr = [];\n for (var j = 0; j < naf.length; j += doubles.step) {\n var nafW = 0;\n for (var k = j + doubles.step - 1; k >= j; k--)\n nafW = (nafW << 1) + naf[k];\n repr.push(nafW);\n }\n\n var a = this.jpoint(null, null, null);\n var b = this.jpoint(null, null, null);\n for (var i = I; i > 0; i--) {\n for (var j = 0; j < repr.length; j++) {\n var nafW = repr[j];\n if (nafW === i)\n b = b.mixedAdd(doubles.points[j]);\n else if (nafW === -i)\n b = b.mixedAdd(doubles.points[j].neg());\n }\n a = a.add(b);\n }\n return a.toP();\n};\n\nBaseCurve.prototype._wnafMul = function _wnafMul(p, k) {\n var w = 4;\n\n // Precompute window\n var nafPoints = p._getNAFPoints(w);\n w = nafPoints.wnd;\n var wnd = nafPoints.points;\n\n // Get NAF form\n var naf = getNAF(k, w);\n\n // Add `this`*(N+1) for every w-NAF index\n var acc = this.jpoint(null, null, null);\n for (var i = naf.length - 1; i >= 0; i--) {\n // Count zeroes\n for (var k = 0; i >= 0 && naf[i] === 0; i--)\n k++;\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n\n if (i < 0)\n break;\n var z = naf[i];\n assert(z !== 0);\n if (p.type === 'affine') {\n // J +- P\n if (z > 0)\n acc = acc.mixedAdd(wnd[(z - 1) >> 1]);\n else\n acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());\n } else {\n // J +- J\n if (z > 0)\n acc = acc.add(wnd[(z - 1) >> 1]);\n else\n acc = acc.add(wnd[(-z - 1) >> 1].neg());\n }\n }\n return p.type === 'affine' ? acc.toP() : acc;\n};\n\nBaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,\n points,\n coeffs,\n len,\n jacobianResult) {\n var wndWidth = this._wnafT1;\n var wnd = this._wnafT2;\n var naf = this._wnafT3;\n\n // Fill all arrays\n var max = 0;\n for (var i = 0; i < len; i++) {\n var p = points[i];\n var nafPoints = p._getNAFPoints(defW);\n wndWidth[i] = nafPoints.wnd;\n wnd[i] = nafPoints.points;\n }\n\n // Comb small window NAFs\n for (var i = len - 1; i >= 1; i -= 2) {\n var a = i - 1;\n var b = i;\n if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {\n naf[a] = getNAF(coeffs[a], wndWidth[a]);\n naf[b] = getNAF(coeffs[b], wndWidth[b]);\n max = Math.max(naf[a].length, max);\n max = Math.max(naf[b].length, max);\n continue;\n }\n\n var comb = [\n points[a], /* 1 */\n null, /* 3 */\n null, /* 5 */\n points[b] /* 7 */\n ];\n\n // Try to avoid Projective points, if possible\n if (points[a].y.cmp(points[b].y) === 0) {\n comb[1] = points[a].add(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].add(points[b].neg());\n } else {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n }\n\n var index = [\n -3, /* -1 -1 */\n -1, /* -1 0 */\n -5, /* -1 1 */\n -7, /* 0 -1 */\n 0, /* 0 0 */\n 7, /* 0 1 */\n 5, /* 1 -1 */\n 1, /* 1 0 */\n 3 /* 1 1 */\n ];\n\n var jsf = getJSF(coeffs[a], coeffs[b]);\n max = Math.max(jsf[0].length, max);\n naf[a] = new Array(max);\n naf[b] = new Array(max);\n for (var j = 0; j < max; j++) {\n var ja = jsf[0][j] | 0;\n var jb = jsf[1][j] | 0;\n\n naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];\n naf[b][j] = 0;\n wnd[a] = comb;\n }\n }\n\n var acc = this.jpoint(null, null, null);\n var tmp = this._wnafT4;\n for (var i = max; i >= 0; i--) {\n var k = 0;\n\n while (i >= 0) {\n var zero = true;\n for (var j = 0; j < len; j++) {\n tmp[j] = naf[j][i] | 0;\n if (tmp[j] !== 0)\n zero = false;\n }\n if (!zero)\n break;\n k++;\n i--;\n }\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n if (i < 0)\n break;\n\n for (var j = 0; j < len; j++) {\n var z = tmp[j];\n var p;\n if (z === 0)\n continue;\n else if (z > 0)\n p = wnd[j][(z - 1) >> 1];\n else if (z < 0)\n p = wnd[j][(-z - 1) >> 1].neg();\n\n if (p.type === 'affine')\n acc = acc.mixedAdd(p);\n else\n acc = acc.add(p);\n }\n }\n // Zeroify references\n for (var i = 0; i < len; i++)\n wnd[i] = null;\n\n if (jacobianResult)\n return acc;\n else\n return acc.toP();\n};\n\nfunction BasePoint(curve, type) {\n this.curve = curve;\n this.type = type;\n this.precomputed = null;\n}\nBaseCurve.BasePoint = BasePoint;\n\nBasePoint.prototype.eq = function eq(/*other*/) {\n throw new Error('Not implemented');\n};\n\nBasePoint.prototype.validate = function validate() {\n return this.curve.validate(this);\n};\n\nBaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n bytes = utils.toArray(bytes, enc);\n\n var len = this.p.byteLength();\n\n // uncompressed, hybrid-odd, hybrid-even\n if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&\n bytes.length - 1 === 2 * len) {\n if (bytes[0] === 0x06)\n assert(bytes[bytes.length - 1] % 2 === 0);\n else if (bytes[0] === 0x07)\n assert(bytes[bytes.length - 1] % 2 === 1);\n\n var res = this.point(bytes.slice(1, 1 + len),\n bytes.slice(1 + len, 1 + 2 * len));\n\n return res;\n } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&\n bytes.length - 1 === len) {\n return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);\n }\n throw new Error('Unknown point format');\n};\n\nBasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {\n return this.encode(enc, true);\n};\n\nBasePoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n var x = this.getX().toArray('be', len);\n\n if (compact)\n return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);\n\n return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;\n};\n\nBasePoint.prototype.encode = function encode(enc, compact) {\n return utils.encode(this._encode(compact), enc);\n};\n\nBasePoint.prototype.precompute = function precompute(power) {\n if (this.precomputed)\n return this;\n\n var precomputed = {\n doubles: null,\n naf: null,\n beta: null\n };\n precomputed.naf = this._getNAFPoints(8);\n precomputed.doubles = this._getDoubles(4, power);\n precomputed.beta = this._getBeta();\n this.precomputed = precomputed;\n\n return this;\n};\n\nBasePoint.prototype._hasDoubles = function _hasDoubles(k) {\n if (!this.precomputed)\n return false;\n\n var doubles = this.precomputed.doubles;\n if (!doubles)\n return false;\n\n return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);\n};\n\nBasePoint.prototype._getDoubles = function _getDoubles(step, power) {\n if (this.precomputed && this.precomputed.doubles)\n return this.precomputed.doubles;\n\n var doubles = [ this ];\n var acc = this;\n for (var i = 0; i < power; i += step) {\n for (var j = 0; j < step; j++)\n acc = acc.dbl();\n doubles.push(acc);\n }\n return {\n step: step,\n points: doubles\n };\n};\n\nBasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {\n if (this.precomputed && this.precomputed.naf)\n return this.precomputed.naf;\n\n var res = [ this ];\n var max = (1 << wnd) - 1;\n var dbl = max === 1 ? null : this.dbl();\n for (var i = 1; i < max; i++)\n res[i] = res[i - 1].add(dbl);\n return {\n wnd: wnd,\n points: res\n };\n};\n\nBasePoint.prototype._getBeta = function _getBeta() {\n return null;\n};\n\nBasePoint.prototype.dblp = function dblp(k) {\n var r = this;\n for (var i = 0; i < k; i++)\n r = r.dbl();\n return r;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction ShortCurve(conf) {\n Base.call(this, 'short', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.tinv = this.two.redInvm();\n\n this.zeroA = this.a.fromRed().cmpn(0) === 0;\n this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;\n\n // If the curve is endomorphic, precalculate beta and lambda\n this.endo = this._getEndomorphism(conf);\n this._endoWnafT1 = new Array(4);\n this._endoWnafT2 = new Array(4);\n}\ninherits(ShortCurve, Base);\nmodule.exports = ShortCurve;\n\nShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {\n // No efficient endomorphism\n if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)\n return;\n\n // Compute beta and lambda, that lambda * P = (beta * Px; Py)\n var beta;\n var lambda;\n if (conf.beta) {\n beta = new BN(conf.beta, 16).toRed(this.red);\n } else {\n var betas = this._getEndoRoots(this.p);\n // Choose the smallest beta\n beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];\n beta = beta.toRed(this.red);\n }\n if (conf.lambda) {\n lambda = new BN(conf.lambda, 16);\n } else {\n // Choose the lambda that is matching selected beta\n var lambdas = this._getEndoRoots(this.n);\n if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {\n lambda = lambdas[0];\n } else {\n lambda = lambdas[1];\n assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);\n }\n }\n\n // Get basis vectors, used for balanced length-two representation\n var basis;\n if (conf.basis) {\n basis = conf.basis.map(function(vec) {\n return {\n a: new BN(vec.a, 16),\n b: new BN(vec.b, 16)\n };\n });\n } else {\n basis = this._getEndoBasis(lambda);\n }\n\n return {\n beta: beta,\n lambda: lambda,\n basis: basis\n };\n};\n\nShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {\n // Find roots of for x^2 + x + 1 in F\n // Root = (-1 +- Sqrt(-3)) / 2\n //\n var red = num === this.p ? this.red : BN.mont(num);\n var tinv = new BN(2).toRed(red).redInvm();\n var ntinv = tinv.redNeg();\n\n var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);\n\n var l1 = ntinv.redAdd(s).fromRed();\n var l2 = ntinv.redSub(s).fromRed();\n return [ l1, l2 ];\n};\n\nShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {\n // aprxSqrt >= sqrt(this.n)\n var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));\n\n // 3.74\n // Run EGCD, until r(L + 1) < aprxSqrt\n var u = lambda;\n var v = this.n.clone();\n var x1 = new BN(1);\n var y1 = new BN(0);\n var x2 = new BN(0);\n var y2 = new BN(1);\n\n // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)\n var a0;\n var b0;\n // First vector\n var a1;\n var b1;\n // Second vector\n var a2;\n var b2;\n\n var prevR;\n var i = 0;\n var r;\n var x;\n while (u.cmpn(0) !== 0) {\n var q = v.div(u);\n r = v.sub(q.mul(u));\n x = x2.sub(q.mul(x1));\n var y = y2.sub(q.mul(y1));\n\n if (!a1 && r.cmp(aprxSqrt) < 0) {\n a0 = prevR.neg();\n b0 = x1;\n a1 = r.neg();\n b1 = x;\n } else if (a1 && ++i === 2) {\n break;\n }\n prevR = r;\n\n v = u;\n u = r;\n x2 = x1;\n x1 = x;\n y2 = y1;\n y1 = y;\n }\n a2 = r.neg();\n b2 = x;\n\n var len1 = a1.sqr().add(b1.sqr());\n var len2 = a2.sqr().add(b2.sqr());\n if (len2.cmp(len1) >= 0) {\n a2 = a0;\n b2 = b0;\n }\n\n // Normalize signs\n if (a1.negative) {\n a1 = a1.neg();\n b1 = b1.neg();\n }\n if (a2.negative) {\n a2 = a2.neg();\n b2 = b2.neg();\n }\n\n return [\n { a: a1, b: b1 },\n { a: a2, b: b2 }\n ];\n};\n\nShortCurve.prototype._endoSplit = function _endoSplit(k) {\n var basis = this.endo.basis;\n var v1 = basis[0];\n var v2 = basis[1];\n\n var c1 = v2.b.mul(k).divRound(this.n);\n var c2 = v1.b.neg().mul(k).divRound(this.n);\n\n var p1 = c1.mul(v1.a);\n var p2 = c2.mul(v2.a);\n var q1 = c1.mul(v1.b);\n var q2 = c2.mul(v2.b);\n\n // Calculate answer\n var k1 = k.sub(p1).sub(p2);\n var k2 = q1.add(q2).neg();\n return { k1: k1, k2: k2 };\n};\n\nShortCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n // XXX Is there any way to tell if the number is odd without converting it\n // to non-red form?\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nShortCurve.prototype.validate = function validate(point) {\n if (point.inf)\n return true;\n\n var x = point.x;\n var y = point.y;\n\n var ax = this.a.redMul(x);\n var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);\n return y.redSqr().redISub(rhs).cmpn(0) === 0;\n};\n\nShortCurve.prototype._endoWnafMulAdd =\n function _endoWnafMulAdd(points, coeffs, jacobianResult) {\n var npoints = this._endoWnafT1;\n var ncoeffs = this._endoWnafT2;\n for (var i = 0; i < points.length; i++) {\n var split = this._endoSplit(coeffs[i]);\n var p = points[i];\n var beta = p._getBeta();\n\n if (split.k1.negative) {\n split.k1.ineg();\n p = p.neg(true);\n }\n if (split.k2.negative) {\n split.k2.ineg();\n beta = beta.neg(true);\n }\n\n npoints[i * 2] = p;\n npoints[i * 2 + 1] = beta;\n ncoeffs[i * 2] = split.k1;\n ncoeffs[i * 2 + 1] = split.k2;\n }\n var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);\n\n // Clean-up references to points and coefficients\n for (var j = 0; j < i * 2; j++) {\n npoints[j] = null;\n ncoeffs[j] = null;\n }\n return res;\n};\n\nfunction Point(curve, x, y, isRed) {\n Base.BasePoint.call(this, curve, 'affine');\n if (x === null && y === null) {\n this.x = null;\n this.y = null;\n this.inf = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n // Force redgomery representation when loading from JSON\n if (isRed) {\n this.x.forceRed(this.curve.red);\n this.y.forceRed(this.curve.red);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n this.inf = false;\n }\n}\ninherits(Point, Base.BasePoint);\n\nShortCurve.prototype.point = function point(x, y, isRed) {\n return new Point(this, x, y, isRed);\n};\n\nShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {\n return Point.fromJSON(this, obj, red);\n};\n\nPoint.prototype._getBeta = function _getBeta() {\n if (!this.curve.endo)\n return;\n\n var pre = this.precomputed;\n if (pre && pre.beta)\n return pre.beta;\n\n var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);\n if (pre) {\n var curve = this.curve;\n var endoMul = function(p) {\n return curve.point(p.x.redMul(curve.endo.beta), p.y);\n };\n pre.beta = beta;\n beta.precomputed = {\n beta: null,\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(endoMul)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(endoMul)\n }\n };\n }\n return beta;\n};\n\nPoint.prototype.toJSON = function toJSON() {\n if (!this.precomputed)\n return [ this.x, this.y ];\n\n return [ this.x, this.y, this.precomputed && {\n doubles: this.precomputed.doubles && {\n step: this.precomputed.doubles.step,\n points: this.precomputed.doubles.points.slice(1)\n },\n naf: this.precomputed.naf && {\n wnd: this.precomputed.naf.wnd,\n points: this.precomputed.naf.points.slice(1)\n }\n } ];\n};\n\nPoint.fromJSON = function fromJSON(curve, obj, red) {\n if (typeof obj === 'string')\n obj = JSON.parse(obj);\n var res = curve.point(obj[0], obj[1], red);\n if (!obj[2])\n return res;\n\n function obj2point(obj) {\n return curve.point(obj[0], obj[1], red);\n }\n\n var pre = obj[2];\n res.precomputed = {\n beta: null,\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: [ res ].concat(pre.doubles.points.map(obj2point))\n },\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: [ res ].concat(pre.naf.points.map(obj2point))\n }\n };\n return res;\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n return this.inf;\n};\n\nPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.inf)\n return p;\n\n // P + O = P\n if (p.inf)\n return this;\n\n // P + P = 2P\n if (this.eq(p))\n return this.dbl();\n\n // P + (-P) = O\n if (this.neg().eq(p))\n return this.curve.point(null, null);\n\n // P + Q = O\n if (this.x.cmp(p.x) === 0)\n return this.curve.point(null, null);\n\n var c = this.y.redSub(p.y);\n if (c.cmpn(0) !== 0)\n c = c.redMul(this.x.redSub(p.x).redInvm());\n var nx = c.redSqr().redISub(this.x).redISub(p.x);\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.inf)\n return this;\n\n // 2P = O\n var ys1 = this.y.redAdd(this.y);\n if (ys1.cmpn(0) === 0)\n return this.curve.point(null, null);\n\n var a = this.curve.a;\n\n var x2 = this.x.redSqr();\n var dyinv = ys1.redInvm();\n var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);\n\n var nx = c.redSqr().redISub(this.x.redAdd(this.x));\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.getX = function getX() {\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n return this.y.fromRed();\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n if (this.isInfinity())\n return this;\n else if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else if (this.curve.endo)\n return this.curve._endoWnafMulAdd([ this ], [ k ]);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs, true);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2, true);\n};\n\nPoint.prototype.eq = function eq(p) {\n return this === p ||\n this.inf === p.inf &&\n (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);\n};\n\nPoint.prototype.neg = function neg(_precompute) {\n if (this.inf)\n return this;\n\n var res = this.curve.point(this.x, this.y.redNeg());\n if (_precompute && this.precomputed) {\n var pre = this.precomputed;\n var negate = function(p) {\n return p.neg();\n };\n res.precomputed = {\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(negate)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(negate)\n }\n };\n }\n return res;\n};\n\nPoint.prototype.toJ = function toJ() {\n if (this.inf)\n return this.curve.jpoint(null, null, null);\n\n var res = this.curve.jpoint(this.x, this.y, this.curve.one);\n return res;\n};\n\nfunction JPoint(curve, x, y, z) {\n Base.BasePoint.call(this, curve, 'jacobian');\n if (x === null && y === null && z === null) {\n this.x = this.curve.one;\n this.y = this.curve.one;\n this.z = new BN(0);\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = new BN(z, 16);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n\n this.zOne = this.z === this.curve.one;\n}\ninherits(JPoint, Base.BasePoint);\n\nShortCurve.prototype.jpoint = function jpoint(x, y, z) {\n return new JPoint(this, x, y, z);\n};\n\nJPoint.prototype.toP = function toP() {\n if (this.isInfinity())\n return this.curve.point(null, null);\n\n var zinv = this.z.redInvm();\n var zinv2 = zinv.redSqr();\n var ax = this.x.redMul(zinv2);\n var ay = this.y.redMul(zinv2).redMul(zinv);\n\n return this.curve.point(ax, ay);\n};\n\nJPoint.prototype.neg = function neg() {\n return this.curve.jpoint(this.x, this.y.redNeg(), this.z);\n};\n\nJPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.isInfinity())\n return p;\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 12M + 4S + 7A\n var pz2 = p.z.redSqr();\n var z2 = this.z.redSqr();\n var u1 = this.x.redMul(pz2);\n var u2 = p.x.redMul(z2);\n var s1 = this.y.redMul(pz2.redMul(p.z));\n var s2 = p.y.redMul(z2.redMul(this.z));\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(p.z).redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mixedAdd = function mixedAdd(p) {\n // O + P = P\n if (this.isInfinity())\n return p.toJ();\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 8M + 3S + 7A\n var z2 = this.z.redSqr();\n var u1 = this.x;\n var u2 = p.x.redMul(z2);\n var s1 = this.y;\n var s2 = p.y.redMul(z2).redMul(this.z);\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.dblp = function dblp(pow) {\n if (pow === 0)\n return this;\n if (this.isInfinity())\n return this;\n if (!pow)\n return this.dbl();\n\n if (this.curve.zeroA || this.curve.threeA) {\n var r = this;\n for (var i = 0; i < pow; i++)\n r = r.dbl();\n return r;\n }\n\n // 1M + 2S + 1A + N * (4S + 5M + 8A)\n // N = 1 => 6M + 6S + 9A\n var a = this.curve.a;\n var tinv = this.curve.tinv;\n\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n // Reuse results\n var jyd = jy.redAdd(jy);\n for (var i = 0; i < pow; i++) {\n var jx2 = jx.redSqr();\n var jyd2 = jyd.redSqr();\n var jyd4 = jyd2.redSqr();\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var t1 = jx.redMul(jyd2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n var dny = c.redMul(t2);\n dny = dny.redIAdd(dny).redISub(jyd4);\n var nz = jyd.redMul(jz);\n if (i + 1 < pow)\n jz4 = jz4.redMul(jyd4);\n\n jx = nx;\n jz = nz;\n jyd = dny;\n }\n\n return this.curve.jpoint(jx, jyd.redMul(tinv), jz);\n};\n\nJPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n if (this.curve.zeroA)\n return this._zeroDbl();\n else if (this.curve.threeA)\n return this._threeDbl();\n else\n return this._dbl();\n};\n\nJPoint.prototype._zeroDbl = function _zeroDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 14A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // T = M ^ 2 - 2*S\n var t = m.redSqr().redISub(s).redISub(s);\n\n // 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2*Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-dbl-2009-l\n // 2M + 5S + 13A\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = B^2\n var c = b.redSqr();\n // D = 2 * ((X1 + B)^2 - A - C)\n var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);\n d = d.redIAdd(d);\n // E = 3 * A\n var e = a.redAdd(a).redIAdd(a);\n // F = E^2\n var f = e.redSqr();\n\n // 8 * C\n var c8 = c.redIAdd(c);\n c8 = c8.redIAdd(c8);\n c8 = c8.redIAdd(c8);\n\n // X3 = F - 2 * D\n nx = f.redISub(d).redISub(d);\n // Y3 = E * (D - X3) - 8 * C\n ny = e.redMul(d.redISub(nx)).redISub(c8);\n // Z3 = 2 * Y1 * Z1\n nz = this.y.redMul(this.z);\n nz = nz.redIAdd(nz);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._threeDbl = function _threeDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 15A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a\n var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);\n // T = M^2 - 2 * S\n var t = m.redSqr().redISub(s).redISub(s);\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2 * Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b\n // 3M + 5S\n\n // delta = Z1^2\n var delta = this.z.redSqr();\n // gamma = Y1^2\n var gamma = this.y.redSqr();\n // beta = X1 * gamma\n var beta = this.x.redMul(gamma);\n // alpha = 3 * (X1 - delta) * (X1 + delta)\n var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));\n alpha = alpha.redAdd(alpha).redIAdd(alpha);\n // X3 = alpha^2 - 8 * beta\n var beta4 = beta.redIAdd(beta);\n beta4 = beta4.redIAdd(beta4);\n var beta8 = beta4.redAdd(beta4);\n nx = alpha.redSqr().redISub(beta8);\n // Z3 = (Y1 + Z1)^2 - gamma - delta\n nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);\n // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2\n var ggamma8 = gamma.redSqr();\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._dbl = function _dbl() {\n var a = this.curve.a;\n\n // 4M + 6S + 10A\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n var jx2 = jx.redSqr();\n var jy2 = jy.redSqr();\n\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var jxd4 = jx.redAdd(jx);\n jxd4 = jxd4.redIAdd(jxd4);\n var t1 = jxd4.redMul(jy2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n\n var jyd8 = jy2.redSqr();\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n var ny = c.redMul(t2).redISub(jyd8);\n var nz = jy.redAdd(jy).redMul(jz);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.trpl = function trpl() {\n if (!this.curve.zeroA)\n return this.dbl().add(this);\n\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl\n // 5M + 10S + ...\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // ZZ = Z1^2\n var zz = this.z.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // M = 3 * XX + a * ZZ2; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // MM = M^2\n var mm = m.redSqr();\n // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM\n var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n e = e.redIAdd(e);\n e = e.redAdd(e).redIAdd(e);\n e = e.redISub(mm);\n // EE = E^2\n var ee = e.redSqr();\n // T = 16*YYYY\n var t = yyyy.redIAdd(yyyy);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n // U = (M + E)^2 - MM - EE - T\n var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);\n // X3 = 4 * (X1 * EE - 4 * YY * U)\n var yyu4 = yy.redMul(u);\n yyu4 = yyu4.redIAdd(yyu4);\n yyu4 = yyu4.redIAdd(yyu4);\n var nx = this.x.redMul(ee).redISub(yyu4);\n nx = nx.redIAdd(nx);\n nx = nx.redIAdd(nx);\n // Y3 = 8 * Y1 * (U * (T - U) - E * EE)\n var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n // Z3 = (Z1 + E)^2 - ZZ - EE\n var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mul = function mul(k, kbase) {\n k = new BN(k, kbase);\n\n return this.curve._wnafMul(this, k);\n};\n\nJPoint.prototype.eq = function eq(p) {\n if (p.type === 'affine')\n return this.eq(p.toJ());\n\n if (this === p)\n return true;\n\n // x1 * z2^2 == x2 * z1^2\n var z2 = this.z.redSqr();\n var pz2 = p.z.redSqr();\n if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)\n return false;\n\n // y1 * z2^3 == y2 * z1^3\n var z3 = z2.redMul(this.z);\n var pz3 = pz2.redMul(p.z);\n return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;\n};\n\nJPoint.prototype.eqXToP = function eqXToP(x) {\n var zs = this.z.redSqr();\n var rx = x.toRed(this.curve.red).redMul(zs);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(zs);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\nJPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nJPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar utils = require('../utils');\n\nfunction MontCurve(conf) {\n Base.call(this, 'mont', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.i4 = new BN(4).toRed(this.red).redInvm();\n this.two = new BN(2).toRed(this.red);\n // Note: this implementation is according to the original paper\n // by P. Montgomery, NOT the one by D. J. Bernstein.\n this.a24 = this.i4.redMul(this.a.redAdd(this.two));\n}\ninherits(MontCurve, Base);\nmodule.exports = MontCurve;\n\nMontCurve.prototype.validate = function validate(point) {\n var x = point.normalize().x;\n var x2 = x.redSqr();\n var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);\n var y = rhs.redSqrt();\n\n return y.redSqr().cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, z) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && z === null) {\n this.x = this.curve.one;\n this.z = this.curve.zero;\n } else {\n this.x = new BN(x, 16);\n this.z = new BN(z, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n }\n}\ninherits(Point, Base.BasePoint);\n\nMontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n var bytes = utils.toArray(bytes, enc);\n\n // TODO Curve448\n // Montgomery curve points must be represented in the compressed format\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (bytes.length === 33 && bytes[0] === 0x40)\n bytes = bytes.slice(1, 33).reverse(); // point must be little-endian\n if (bytes.length !== 32)\n throw new Error('Unknown point compression format');\n return this.point(bytes, 1);\n};\n\nMontCurve.prototype.point = function point(x, z) {\n return new Point(this, x, z);\n};\n\nMontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nPoint.prototype.precompute = function precompute() {\n // No-op\n};\n\nPoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n\n // Note: the output should always be little-endian\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (compact) {\n return [ 0x40 ].concat(this.getX().toArray('le', len));\n } else {\n return this.getX().toArray('be', len);\n }\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1] || curve.one);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n\nPoint.prototype.dbl = function dbl() {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3\n // 2M + 2S + 4A\n\n // A = X1 + Z1\n var a = this.x.redAdd(this.z);\n // AA = A^2\n var aa = a.redSqr();\n // B = X1 - Z1\n var b = this.x.redSub(this.z);\n // BB = B^2\n var bb = b.redSqr();\n // C = AA - BB\n var c = aa.redSub(bb);\n // X3 = AA * BB\n var nx = aa.redMul(bb);\n // Z3 = C * (BB + A24 * C)\n var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.add = function add() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.diffAdd = function diffAdd(p, diff) {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3\n // 4M + 2S + 6A\n\n // A = X2 + Z2\n var a = this.x.redAdd(this.z);\n // B = X2 - Z2\n var b = this.x.redSub(this.z);\n // C = X3 + Z3\n var c = p.x.redAdd(p.z);\n // D = X3 - Z3\n var d = p.x.redSub(p.z);\n // DA = D * A\n var da = d.redMul(a);\n // CB = C * B\n var cb = c.redMul(b);\n // X5 = Z1 * (DA + CB)^2\n var nx = diff.z.redMul(da.redAdd(cb).redSqr());\n // Z5 = X1 * (DA - CB)^2\n var nz = diff.x.redMul(da.redISub(cb).redSqr());\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n\n var t = k.clone();\n var a = this; // (N / 2) * Q + Q\n var b = this.curve.point(null, null); // (N / 2) * Q\n var c = this; // Q\n\n for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))\n bits.push(t.andln(1));\n\n for (var i = bits.length - 1; i >= 0; i--) {\n if (bits[i] === 0) {\n // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q\n a = a.diffAdd(b, c);\n // N * Q = 2 * ((N / 2) * Q + Q))\n b = b.dbl();\n } else {\n // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)\n b = a.diffAdd(b, c);\n // N * Q + Q = 2 * ((N / 2) * Q + Q)\n a = a.dbl();\n }\n }\n return b;\n};\n\nPoint.prototype.mulAdd = function mulAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.jumlAdd = function jumlAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.eq = function eq(other) {\n return this.getX().cmp(other.getX()) === 0;\n};\n\nPoint.prototype.normalize = function normalize() {\n this.x = this.x.redMul(this.z.redInvm());\n this.z = this.curve.one;\n return this;\n};\n\nPoint.prototype.getX = function getX() {\n // Normalize coordinates\n this.normalize();\n\n return this.x.fromRed();\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction EdwardsCurve(conf) {\n // NOTE: Important as we are creating point in Base.call()\n this.twisted = (conf.a | 0) !== 1;\n this.mOneA = this.twisted && (conf.a | 0) === -1;\n this.extended = this.mOneA;\n\n Base.call(this, 'edwards', conf);\n\n this.a = new BN(conf.a, 16).umod(this.red.m);\n this.a = this.a.toRed(this.red);\n this.c = new BN(conf.c, 16).toRed(this.red);\n this.c2 = this.c.redSqr();\n this.d = new BN(conf.d, 16).toRed(this.red);\n this.dd = this.d.redAdd(this.d);\n\n assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);\n this.oneC = (conf.c | 0) === 1;\n}\ninherits(EdwardsCurve, Base);\nmodule.exports = EdwardsCurve;\n\nEdwardsCurve.prototype._mulA = function _mulA(num) {\n if (this.mOneA)\n return num.redNeg();\n else\n return this.a.redMul(num);\n};\n\nEdwardsCurve.prototype._mulC = function _mulC(num) {\n if (this.oneC)\n return num;\n else\n return this.c.redMul(num);\n};\n\n// Just for compatibility with Short curve\nEdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {\n return this.point(x, y, z, t);\n};\n\nEdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var x2 = x.redSqr();\n var rhs = this.c2.redSub(this.a.redMul(x2));\n var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));\n\n var y2 = rhs.redMul(lhs.redInvm());\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {\n y = new BN(y, 16);\n if (!y.red)\n y = y.toRed(this.red);\n\n // x^2 = (y^2 - c^2) / (c^2 d y^2 - a)\n var y2 = y.redSqr();\n var lhs = y2.redSub(this.c2);\n var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a);\n var x2 = lhs.redMul(rhs.redInvm());\n\n if (x2.cmp(this.zero) === 0) {\n if (odd)\n throw new Error('invalid point');\n else\n return this.point(this.zero, y);\n }\n\n var x = x2.redSqrt();\n if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n if (x.fromRed().isOdd() !== odd)\n x = x.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.validate = function validate(point) {\n if (point.isInfinity())\n return true;\n\n // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)\n point.normalize();\n\n var x2 = point.x.redSqr();\n var y2 = point.y.redSqr();\n var lhs = x2.redMul(this.a).redAdd(y2);\n var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));\n\n return lhs.cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, y, z, t) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && y === null && z === null) {\n this.x = this.curve.zero;\n this.y = this.curve.one;\n this.z = this.curve.one;\n this.t = this.curve.zero;\n this.zOne = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = z ? new BN(z, 16) : this.curve.one;\n this.t = t && new BN(t, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n if (this.t && !this.t.red)\n this.t = this.t.toRed(this.curve.red);\n this.zOne = this.z === this.curve.one;\n\n // Use extended coordinates\n if (this.curve.extended && !this.t) {\n this.t = this.x.redMul(this.y);\n if (!this.zOne)\n this.t = this.t.redMul(this.z.redInvm());\n }\n }\n}\ninherits(Point, Base.BasePoint);\n\nEdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nEdwardsCurve.prototype.point = function point(x, y, z, t) {\n return new Point(this, x, y, z, t);\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1], obj[2]);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.x.cmpn(0) === 0 &&\n (this.y.cmp(this.z) === 0 ||\n (this.zOne && this.y.cmp(this.curve.c) === 0));\n};\n\nPoint.prototype._extDbl = function _extDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #doubling-dbl-2008-hwcd\n // 4M + 4S\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = 2 * Z1^2\n var c = this.z.redSqr();\n c = c.redIAdd(c);\n // D = a * A\n var d = this.curve._mulA(a);\n // E = (X1 + Y1)^2 - A - B\n var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);\n // G = D + B\n var g = d.redAdd(b);\n // F = G - C\n var f = g.redSub(c);\n // H = D - B\n var h = d.redSub(b);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projDbl = function _projDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #doubling-dbl-2008-bbjlp\n // #doubling-dbl-2007-bl\n // and others\n // Generally 3M + 4S or 2M + 4S\n\n // B = (X1 + Y1)^2\n var b = this.x.redAdd(this.y).redSqr();\n // C = X1^2\n var c = this.x.redSqr();\n // D = Y1^2\n var d = this.y.redSqr();\n\n var nx;\n var ny;\n var nz;\n if (this.curve.twisted) {\n // E = a * C\n var e = this.curve._mulA(c);\n // F = E + D\n var f = e.redAdd(d);\n if (this.zOne) {\n // X3 = (B - C - D) * (F - 2)\n nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F^2 - 2 * F\n nz = f.redSqr().redSub(f).redSub(f);\n } else {\n // H = Z1^2\n var h = this.z.redSqr();\n // J = F - 2 * H\n var j = f.redSub(h).redISub(h);\n // X3 = (B-C-D)*J\n nx = b.redSub(c).redISub(d).redMul(j);\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F * J\n nz = f.redMul(j);\n }\n } else {\n // E = C + D\n var e = c.redAdd(d);\n // H = (c * Z1)^2\n var h = this.curve._mulC(this.z).redSqr();\n // J = E - 2 * H\n var j = e.redSub(h).redSub(h);\n // X3 = c * (B - E) * J\n nx = this.curve._mulC(b.redISub(e)).redMul(j);\n // Y3 = c * E * (C - D)\n ny = this.curve._mulC(e).redMul(c.redISub(d));\n // Z3 = E * J\n nz = e.redMul(j);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n // Double in extended coordinates\n if (this.curve.extended)\n return this._extDbl();\n else\n return this._projDbl();\n};\n\nPoint.prototype._extAdd = function _extAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #addition-add-2008-hwcd-3\n // 8M\n\n // A = (Y1 - X1) * (Y2 - X2)\n var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));\n // B = (Y1 + X1) * (Y2 + X2)\n var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));\n // C = T1 * k * T2\n var c = this.t.redMul(this.curve.dd).redMul(p.t);\n // D = Z1 * 2 * Z2\n var d = this.z.redMul(p.z.redAdd(p.z));\n // E = B - A\n var e = b.redSub(a);\n // F = D - C\n var f = d.redSub(c);\n // G = D + C\n var g = d.redAdd(c);\n // H = B + A\n var h = b.redAdd(a);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projAdd = function _projAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #addition-add-2008-bbjlp\n // #addition-add-2007-bl\n // 10M + 1S\n\n // A = Z1 * Z2\n var a = this.z.redMul(p.z);\n // B = A^2\n var b = a.redSqr();\n // C = X1 * X2\n var c = this.x.redMul(p.x);\n // D = Y1 * Y2\n var d = this.y.redMul(p.y);\n // E = d * C * D\n var e = this.curve.d.redMul(c).redMul(d);\n // F = B - E\n var f = b.redSub(e);\n // G = B + E\n var g = b.redAdd(e);\n // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)\n var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);\n var nx = a.redMul(f).redMul(tmp);\n var ny;\n var nz;\n if (this.curve.twisted) {\n // Y3 = A * G * (D - a * C)\n ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));\n // Z3 = F * G\n nz = f.redMul(g);\n } else {\n // Y3 = A * G * (D - C)\n ny = a.redMul(g).redMul(d.redSub(c));\n // Z3 = c * F * G\n nz = this.curve._mulC(f).redMul(g);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.add = function add(p) {\n if (this.isInfinity())\n return p;\n if (p.isInfinity())\n return this;\n\n if (this.curve.extended)\n return this._extAdd(p);\n else\n return this._projAdd(p);\n};\n\nPoint.prototype.mul = function mul(k) {\n if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);\n};\n\nPoint.prototype.normalize = function normalize() {\n if (this.zOne)\n return this;\n\n // Normalize coordinates\n var zi = this.z.redInvm();\n this.x = this.x.redMul(zi);\n this.y = this.y.redMul(zi);\n if (this.t)\n this.t = this.t.redMul(zi);\n this.z = this.curve.one;\n this.zOne = true;\n return this;\n};\n\nPoint.prototype.neg = function neg() {\n return this.curve.point(this.x.redNeg(),\n this.y,\n this.z,\n this.t && this.t.redNeg());\n};\n\nPoint.prototype.getX = function getX() {\n this.normalize();\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n this.normalize();\n return this.y.fromRed();\n};\n\nPoint.prototype.eq = function eq(other) {\n return this === other ||\n this.getX().cmp(other.getX()) === 0 &&\n this.getY().cmp(other.getY()) === 0;\n};\n\nPoint.prototype.eqXToP = function eqXToP(x) {\n var rx = x.toRed(this.curve.red).redMul(this.z);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(this.z);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\n// Compatibility with BaseCurve\nPoint.prototype.toP = Point.prototype.normalize;\nPoint.prototype.mixedAdd = Point.prototype.add;\n","'use strict';\n\nvar curve = exports;\n\ncurve.base = require('./base');\ncurve.short = require('./short');\ncurve.mont = require('./mont');\ncurve.edwards = require('./edwards');\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_5 = utils.sum32_5;\nvar ft_1 = shaCommon.ft_1;\nvar BlockHash = common.BlockHash;\n\nvar sha1_K = [\n 0x5A827999, 0x6ED9EBA1,\n 0x8F1BBCDC, 0xCA62C1D6\n];\n\nfunction SHA1() {\n if (!(this instanceof SHA1))\n return new SHA1();\n\n BlockHash.call(this);\n this.h = [\n 0x67452301, 0xefcdab89, 0x98badcfe,\n 0x10325476, 0xc3d2e1f0 ];\n this.W = new Array(80);\n}\n\nutils.inherits(SHA1, BlockHash);\nmodule.exports = SHA1;\n\nSHA1.blockSize = 512;\nSHA1.outSize = 160;\nSHA1.hmacStrength = 80;\nSHA1.padLength = 64;\n\nSHA1.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n\n for(; i < W.length; i++)\n W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n\n for (i = 0; i < W.length; i++) {\n var s = ~~(i / 20);\n var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);\n e = d;\n d = c;\n c = rotl32(b, 30);\n b = a;\n a = t;\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n};\n\nSHA1.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nexports.sha1 = require('./sha/1');\nexports.sha224 = require('./sha/224');\nexports.sha256 = require('./sha/256');\nexports.sha384 = require('./sha/384');\nexports.sha512 = require('./sha/512');\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction Hmac(hash, key, enc) {\n if (!(this instanceof Hmac))\n return new Hmac(hash, key, enc);\n this.Hash = hash;\n this.blockSize = hash.blockSize / 8;\n this.outSize = hash.outSize / 8;\n this.inner = null;\n this.outer = null;\n\n this._init(utils.toArray(key, enc));\n}\nmodule.exports = Hmac;\n\nHmac.prototype._init = function init(key) {\n // Shorten key, if needed\n if (key.length > this.blockSize)\n key = new this.Hash().update(key).digest();\n assert(key.length <= this.blockSize);\n\n // Add padding to key\n for (var i = key.length; i < this.blockSize; i++)\n key.push(0);\n\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x36;\n this.inner = new this.Hash().update(key);\n\n // 0x36 ^ 0x5c = 0x6a\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x6a;\n this.outer = new this.Hash().update(key);\n};\n\nHmac.prototype.update = function update(msg, enc) {\n this.inner.update(msg, enc);\n return this;\n};\n\nHmac.prototype.digest = function digest(enc) {\n this.outer.update(this.inner.digest());\n return this.outer.digest(enc);\n};\n","var hash = exports;\n\nhash.utils = require('./hash/utils');\nhash.common = require('./hash/common');\nhash.sha = require('./hash/sha');\nhash.ripemd = require('./hash/ripemd');\nhash.hmac = require('./hash/hmac');\n\n// Proxy hash functions to the main object\nhash.sha1 = hash.sha.sha1;\nhash.sha256 = hash.sha.sha256;\nhash.sha224 = hash.sha.sha224;\nhash.sha384 = hash.sha.sha384;\nhash.sha512 = hash.sha.sha512;\nhash.ripemd160 = hash.ripemd.ripemd160;\n","module.exports = {\n doubles: {\n step: 4,\n points: [\n [\n 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',\n 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'\n ],\n [\n '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',\n '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'\n ],\n [\n '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',\n 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'\n ],\n [\n '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',\n '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'\n ],\n [\n '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',\n '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'\n ],\n [\n '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',\n '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'\n ],\n [\n 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',\n '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'\n ],\n [\n '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',\n 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'\n ],\n [\n 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',\n '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'\n ],\n [\n 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',\n 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'\n ],\n [\n 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',\n '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'\n ],\n [\n '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',\n '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'\n ],\n [\n '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',\n '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'\n ],\n [\n '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',\n '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'\n ],\n [\n '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',\n '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'\n ],\n [\n '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',\n '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'\n ],\n [\n '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',\n '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'\n ],\n [\n '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',\n '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'\n ],\n [\n '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',\n 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'\n ],\n [\n 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',\n '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'\n ],\n [\n 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',\n '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'\n ],\n [\n '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',\n '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'\n ],\n [\n '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',\n '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'\n ],\n [\n 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',\n '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'\n ],\n [\n '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',\n 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'\n ],\n [\n 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',\n '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'\n ],\n [\n 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',\n 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'\n ],\n [\n 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',\n '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'\n ],\n [\n 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',\n 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'\n ],\n [\n 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',\n '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'\n ],\n [\n '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',\n 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'\n ],\n [\n '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',\n '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'\n ],\n [\n 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',\n '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'\n ],\n [\n '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',\n 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'\n ],\n [\n 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',\n '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'\n ],\n [\n 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',\n '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'\n ],\n [\n 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',\n 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'\n ],\n [\n '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',\n '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'\n ],\n [\n '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',\n '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'\n ],\n [\n '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',\n 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'\n ],\n [\n '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',\n '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'\n ],\n [\n 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',\n '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'\n ],\n [\n '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',\n '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'\n ],\n [\n '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',\n 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'\n ],\n [\n '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',\n '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'\n ],\n [\n 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',\n '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'\n ],\n [\n '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',\n 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'\n ],\n [\n 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',\n 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'\n ],\n [\n 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',\n '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'\n ],\n [\n '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',\n 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'\n ],\n [\n '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',\n 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'\n ],\n [\n 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',\n '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'\n ],\n [\n 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',\n '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'\n ],\n [\n 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',\n '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'\n ],\n [\n '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',\n 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'\n ],\n [\n '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',\n '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'\n ],\n [\n 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',\n 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'\n ],\n [\n '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',\n 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'\n ],\n [\n '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',\n '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'\n ],\n [\n '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',\n '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'\n ],\n [\n 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',\n 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'\n ],\n [\n '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',\n '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'\n ],\n [\n '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',\n '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'\n ],\n [\n 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',\n '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'\n ],\n [\n 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',\n 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'\n ]\n ]\n },\n naf: {\n wnd: 7,\n points: [\n [\n 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',\n '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'\n ],\n [\n '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',\n 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'\n ],\n [\n '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',\n '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'\n ],\n [\n 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',\n 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'\n ],\n [\n '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',\n 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'\n ],\n [\n 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',\n 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'\n ],\n [\n 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',\n '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'\n ],\n [\n 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',\n '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'\n ],\n [\n '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',\n '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'\n ],\n [\n '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',\n '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'\n ],\n [\n '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',\n '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'\n ],\n [\n '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',\n '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'\n ],\n [\n 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',\n 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'\n ],\n [\n 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',\n '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'\n ],\n [\n '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',\n 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'\n ],\n [\n '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',\n 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'\n ],\n [\n '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',\n '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'\n ],\n [\n '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',\n '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'\n ],\n [\n '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',\n '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'\n ],\n [\n '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',\n 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'\n ],\n [\n 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',\n 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'\n ],\n [\n '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',\n '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'\n ],\n [\n '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',\n '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'\n ],\n [\n 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',\n 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'\n ],\n [\n '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',\n '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'\n ],\n [\n 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',\n 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'\n ],\n [\n 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',\n 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'\n ],\n [\n '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',\n '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'\n ],\n [\n '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',\n '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'\n ],\n [\n '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',\n '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'\n ],\n [\n 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',\n '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'\n ],\n [\n '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',\n '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'\n ],\n [\n 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',\n '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'\n ],\n [\n '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',\n 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'\n ],\n [\n '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',\n 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'\n ],\n [\n 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',\n 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'\n ],\n [\n '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',\n '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'\n ],\n [\n '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',\n 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'\n ],\n [\n 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',\n 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'\n ],\n [\n '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',\n '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'\n ],\n [\n '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',\n 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'\n ],\n [\n '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',\n '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'\n ],\n [\n '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',\n 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'\n ],\n [\n 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',\n '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'\n ],\n [\n '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',\n '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'\n ],\n [\n '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',\n 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'\n ],\n [\n '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',\n 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'\n ],\n [\n 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',\n 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'\n ],\n [\n 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',\n 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'\n ],\n [\n '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',\n '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'\n ],\n [\n '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',\n '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'\n ],\n [\n 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',\n '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'\n ],\n [\n 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',\n 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'\n ],\n [\n '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',\n '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'\n ],\n [\n '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',\n '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'\n ],\n [\n 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',\n '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'\n ],\n [\n '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',\n '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'\n ],\n [\n 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',\n 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'\n ],\n [\n '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',\n 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'\n ],\n [\n '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',\n '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'\n ],\n [\n 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',\n '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'\n ],\n [\n 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',\n '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'\n ],\n [\n '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',\n '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'\n ],\n [\n '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',\n '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'\n ],\n [\n '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',\n 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'\n ],\n [\n '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',\n 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'\n ],\n [\n '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',\n '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'\n ],\n [\n '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',\n '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'\n ],\n [\n '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',\n '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'\n ],\n [\n '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',\n 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'\n ],\n [\n 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',\n 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'\n ],\n [\n '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',\n 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'\n ],\n [\n 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',\n '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'\n ],\n [\n 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',\n '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'\n ],\n [\n 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',\n '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'\n ],\n [\n 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',\n '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'\n ],\n [\n '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',\n 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'\n ],\n [\n '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',\n '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'\n ],\n [\n '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',\n 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'\n ],\n [\n 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',\n 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'\n ],\n [\n 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',\n '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'\n ],\n [\n 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',\n 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'\n ],\n [\n 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',\n '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'\n ],\n [\n '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',\n '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'\n ],\n [\n 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',\n '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'\n ],\n [\n 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',\n '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'\n ],\n [\n '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',\n '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'\n ],\n [\n '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',\n 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'\n ],\n [\n 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',\n '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'\n ],\n [\n 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',\n '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'\n ],\n [\n 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',\n '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'\n ],\n [\n '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',\n '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'\n ],\n [\n 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',\n 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'\n ],\n [\n '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',\n 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'\n ],\n [\n 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',\n 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'\n ],\n [\n 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',\n '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'\n ],\n [\n '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',\n 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'\n ],\n [\n 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',\n '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'\n ],\n [\n 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',\n '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'\n ],\n [\n 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',\n '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'\n ],\n [\n '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',\n 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'\n ],\n [\n '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',\n 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'\n ],\n [\n 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',\n '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'\n ],\n [\n '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',\n 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'\n ],\n [\n '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',\n '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'\n ],\n [\n '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',\n 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'\n ],\n [\n 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',\n 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'\n ],\n [\n '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',\n 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'\n ],\n [\n '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',\n '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'\n ],\n [\n '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',\n 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'\n ],\n [\n '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',\n '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'\n ],\n [\n 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',\n 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'\n ],\n [\n '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',\n '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'\n ],\n [\n 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',\n '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'\n ],\n [\n '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',\n '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'\n ],\n [\n 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',\n 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'\n ],\n [\n 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',\n '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'\n ],\n [\n 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',\n 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'\n ],\n [\n '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',\n 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'\n ],\n [\n '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',\n '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'\n ],\n [\n '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',\n 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'\n ],\n [\n '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',\n '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'\n ],\n [\n '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',\n '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'\n ],\n [\n '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',\n 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'\n ],\n [\n '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',\n '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'\n ],\n [\n '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',\n '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'\n ],\n [\n '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',\n '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'\n ]\n ]\n }\n};\n","'use strict';\n\nvar curves = exports;\n\nvar hash = require('hash.js');\nvar curve = require('./curve');\nvar utils = require('./utils');\n\nvar assert = utils.assert;\n\nfunction PresetCurve(options) {\n if (options.type === 'short')\n this.curve = new curve.short(options);\n else if (options.type === 'edwards')\n this.curve = new curve.edwards(options);\n else if (options.type === 'mont')\n this.curve = new curve.mont(options);\n else throw new Error('Unknown curve type.');\n this.g = this.curve.g;\n this.n = this.curve.n;\n this.hash = options.hash;\n\n assert(this.g.validate(), 'Invalid curve');\n assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O');\n}\ncurves.PresetCurve = PresetCurve;\n\nfunction defineCurve(name, options) {\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n get: function() {\n var curve = new PresetCurve(options);\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n value: curve\n });\n return curve;\n }\n });\n}\n\ndefineCurve('p192', {\n type: 'short',\n prime: 'p192',\n p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',\n b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',\n n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',\n hash: hash.sha256,\n gRed: false,\n g: [\n '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',\n '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'\n ]\n});\n\ndefineCurve('p224', {\n type: 'short',\n prime: 'p224',\n p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',\n b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',\n n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',\n hash: hash.sha256,\n gRed: false,\n g: [\n 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',\n 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'\n ]\n});\n\ndefineCurve('p256', {\n type: 'short',\n prime: null,\n p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',\n a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',\n b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',\n n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',\n hash: hash.sha256,\n gRed: false,\n g: [\n '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',\n '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'\n ]\n});\n\ndefineCurve('p384', {\n type: 'short',\n prime: null,\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 ffffffff',\n a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 fffffffc',\n b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +\n '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',\n n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +\n 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',\n hash: hash.sha384,\n gRed: false,\n g: [\n 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +\n '5502f25d bf55296c 3a545e38 72760ab7',\n '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +\n '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'\n ]\n});\n\ndefineCurve('p521', {\n type: 'short',\n prime: null,\n p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff',\n a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff fffffffc',\n b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +\n '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +\n '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',\n n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +\n 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',\n hash: hash.sha512,\n gRed: false,\n g: [\n '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +\n '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +\n 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',\n '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +\n '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +\n '3fad0761 353c7086 a272c240 88be9476 9fd16650'\n ]\n});\n\n// https://tools.ietf.org/html/rfc7748#section-4.1\ndefineCurve('curve25519', {\n type: 'mont',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '76d06',\n b: '1',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '9'\n ]\n});\n\ndefineCurve('ed25519', {\n type: 'edwards',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '-1',\n c: '1',\n // -121665 * (121666^(-1)) (mod P)\n d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',\n // 4/5\n '6666666666666666666666666666666666666666666666666666666666666658'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.4\ndefineCurve('brainpoolP256r1', {\n type: 'short',\n prime: null,\n p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377',\n a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9',\n b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6',\n n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7',\n hash: hash.sha256, // or 384, or 512\n gRed: false,\n g: [\n '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262',\n '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.6\ndefineCurve('brainpoolP384r1', {\n type: 'short',\n prime: null,\n p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' +\n 'ACD3A729 901D1A71 87470013 3107EC53',\n a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' +\n '8AA5814A 503AD4EB 04A8C7DD 22CE2826',\n b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' +\n '7CB43902 95DBC994 3AB78696 FA504C11',\n n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' +\n 'CF3AB6AF 6B7FC310 3B883202 E9046565',\n hash: hash.sha384, // or 512\n gRed: false,\n g: [\n '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' +\n 'E8E826E03436D646AAEF87B2E247D4AF1E',\n '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' +\n '280E4646217791811142820341263C5315'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.7\ndefineCurve('brainpoolP512r1', {\n type: 'short',\n prime: null,\n p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' +\n '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3',\n a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' +\n '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA',\n b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' +\n '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723',\n n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' +\n '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069',\n hash: hash.sha512,\n gRed: false,\n g: [\n '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' +\n '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822',\n '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' +\n '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892'\n ]\n});\n\n// https://en.bitcoin.it/wiki/Secp256k1\nvar pre;\ntry {\n pre = require('./precomputed/secp256k1');\n} catch (e) {\n pre = undefined;\n}\n\ndefineCurve('secp256k1', {\n type: 'short',\n prime: 'k256',\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',\n a: '0',\n b: '7',\n n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',\n h: '1',\n hash: hash.sha256,\n\n // Precomputed endomorphism\n beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',\n lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',\n basis: [\n {\n a: '3086d221a7d46bcde86c90e49284eb15',\n b: '-e4437ed6010e88286f547fa90abfe4c3'\n },\n {\n a: '114ca50f7a8e2f3f657c1108d9d44cfd8',\n b: '3086d221a7d46bcde86c90e49284eb15'\n }\n ],\n\n gRed: false,\n g: [\n '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',\n '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',\n pre\n ]\n});\n","'use strict';\n\nvar hash = require('hash.js');\nvar utils = require('minimalistic-crypto-utils');\nvar assert = require('minimalistic-assert');\n\nfunction HmacDRBG(options) {\n if (!(this instanceof HmacDRBG))\n return new HmacDRBG(options);\n this.hash = options.hash;\n this.predResist = !!options.predResist;\n\n this.outLen = this.hash.outSize;\n this.minEntropy = options.minEntropy || this.hash.hmacStrength;\n\n this._reseed = null;\n this.reseedInterval = null;\n this.K = null;\n this.V = null;\n\n var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');\n var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');\n var pers = utils.toArray(options.pers, options.persEnc || 'hex');\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n this._init(entropy, nonce, pers);\n}\nmodule.exports = HmacDRBG;\n\nHmacDRBG.prototype._init = function init(entropy, nonce, pers) {\n var seed = entropy.concat(nonce).concat(pers);\n\n this.K = new Array(this.outLen / 8);\n this.V = new Array(this.outLen / 8);\n for (var i = 0; i < this.V.length; i++) {\n this.K[i] = 0x00;\n this.V[i] = 0x01;\n }\n\n this._update(seed);\n this._reseed = 1;\n this.reseedInterval = 0x1000000000000; // 2^48\n};\n\nHmacDRBG.prototype._hmac = function hmac() {\n return new hash.hmac(this.hash, this.K);\n};\n\nHmacDRBG.prototype._update = function update(seed) {\n var kmac = this._hmac()\n .update(this.V)\n .update([ 0x00 ]);\n if (seed)\n kmac = kmac.update(seed);\n this.K = kmac.digest();\n this.V = this._hmac().update(this.V).digest();\n if (!seed)\n return;\n\n this.K = this._hmac()\n .update(this.V)\n .update([ 0x01 ])\n .update(seed)\n .digest();\n this.V = this._hmac().update(this.V).digest();\n};\n\nHmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {\n // Optional entropy enc\n if (typeof entropyEnc !== 'string') {\n addEnc = add;\n add = entropyEnc;\n entropyEnc = null;\n }\n\n entropy = utils.toArray(entropy, entropyEnc);\n add = utils.toArray(add, addEnc);\n\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n\n this._update(entropy.concat(add || []));\n this._reseed = 1;\n};\n\nHmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {\n if (this._reseed > this.reseedInterval)\n throw new Error('Reseed is required');\n\n // Optional encoding\n if (typeof enc !== 'string') {\n addEnc = add;\n add = enc;\n enc = null;\n }\n\n // Optional additional data\n if (add) {\n add = utils.toArray(add, addEnc || 'hex');\n this._update(add);\n }\n\n var temp = [];\n while (temp.length < len) {\n this.V = this._hmac().update(this.V).digest();\n temp = temp.concat(this.V);\n }\n\n var res = temp.slice(0, len);\n this._update(add);\n this._reseed++;\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction KeyPair(ec, options) {\n this.ec = ec;\n this.priv = null;\n this.pub = null;\n\n // KeyPair(ec, { priv: ..., pub: ... })\n if (options.priv)\n this._importPrivate(options.priv, options.privEnc);\n if (options.pub)\n this._importPublic(options.pub, options.pubEnc);\n}\nmodule.exports = KeyPair;\n\nKeyPair.fromPublic = function fromPublic(ec, pub, enc) {\n if (pub instanceof KeyPair)\n return pub;\n\n return new KeyPair(ec, {\n pub: pub,\n pubEnc: enc\n });\n};\n\nKeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {\n if (priv instanceof KeyPair)\n return priv;\n\n return new KeyPair(ec, {\n priv: priv,\n privEnc: enc\n });\n};\n\n// TODO: should not validate for X25519\nKeyPair.prototype.validate = function validate() {\n var pub = this.getPublic();\n\n if (pub.isInfinity())\n return { result: false, reason: 'Invalid public key' };\n if (!pub.validate())\n return { result: false, reason: 'Public key is not a point' };\n if (!pub.mul(this.ec.curve.n).isInfinity())\n return { result: false, reason: 'Public key * N != O' };\n\n return { result: true, reason: null };\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n if (!this.pub)\n this.pub = this.ec.g.mul(this.priv);\n\n if (!enc)\n return this.pub;\n\n return this.pub.encode(enc, compact);\n};\n\nKeyPair.prototype.getPrivate = function getPrivate(enc) {\n if (enc === 'hex')\n return this.priv.toString(16, 2);\n else\n return this.priv;\n};\n\nKeyPair.prototype._importPrivate = function _importPrivate(key, enc) {\n this.priv = new BN(key, enc || 16);\n\n // For Curve25519/Curve448 we have a specific procedure.\n // TODO Curve448\n if (this.ec.curve.type === 'mont') {\n var one = this.ec.curve.one;\n var mask = one.ushln(255 - 3).sub(one).ushln(3);\n this.priv = this.priv.or(one.ushln(255 - 1));\n this.priv = this.priv.and(mask);\n } else\n // Ensure that the priv won't be bigger than n, otherwise we may fail\n // in fixed multiplication method\n this.priv = this.priv.umod(this.ec.curve.n);\n};\n\nKeyPair.prototype._importPublic = function _importPublic(key, enc) {\n if (key.x || key.y) {\n // Montgomery points only have an `x` coordinate.\n // Weierstrass/Edwards points on the other hand have both `x` and\n // `y` coordinates.\n if (this.ec.curve.type === 'mont') {\n assert(key.x, 'Need x coordinate');\n } else if (this.ec.curve.type === 'short' ||\n this.ec.curve.type === 'edwards') {\n assert(key.x && key.y, 'Need both x and y coordinate');\n }\n this.pub = this.ec.curve.point(key.x, key.y);\n return;\n }\n this.pub = this.ec.curve.decodePoint(key, enc);\n};\n\n// ECDH\nKeyPair.prototype.derive = function derive(pub) {\n return pub.mul(this.priv).getX();\n};\n\n// ECDSA\nKeyPair.prototype.sign = function sign(msg, enc, options) {\n return this.ec.sign(msg, this, enc, options);\n};\n\nKeyPair.prototype.verify = function verify(msg, signature) {\n return this.ec.verify(msg, signature, this);\n};\n\nKeyPair.prototype.inspect = function inspect() {\n return '';\n};\n","'use strict';\n\nvar BN = require('bn.js');\n\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction Signature(options, enc) {\n if (options instanceof Signature)\n return options;\n\n if (this._importDER(options, enc))\n return;\n\n assert(options.r && options.s, 'Signature without r or s');\n this.r = new BN(options.r, 16);\n this.s = new BN(options.s, 16);\n if (options.recoveryParam === undefined)\n this.recoveryParam = null;\n else\n this.recoveryParam = options.recoveryParam;\n}\nmodule.exports = Signature;\n\nfunction Position() {\n this.place = 0;\n}\n\nfunction getLength(buf, p) {\n var initial = buf[p.place++];\n if (!(initial & 0x80)) {\n return initial;\n }\n var octetLen = initial & 0xf;\n var val = 0;\n for (var i = 0, off = p.place; i < octetLen; i++, off++) {\n val <<= 8;\n val |= buf[off];\n }\n p.place = off;\n return val;\n}\n\nfunction rmPadding(buf) {\n var i = 0;\n var len = buf.length - 1;\n while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {\n i++;\n }\n if (i === 0) {\n return buf;\n }\n return buf.slice(i);\n}\n\nSignature.prototype._importDER = function _importDER(data, enc) {\n data = utils.toArray(data, enc);\n var p = new Position();\n if (data[p.place++] !== 0x30) {\n return false;\n }\n var len = getLength(data, p);\n if ((len + p.place) !== data.length) {\n return false;\n }\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var rlen = getLength(data, p);\n var r = data.slice(p.place, rlen + p.place);\n p.place += rlen;\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var slen = getLength(data, p);\n if (data.length !== slen + p.place) {\n return false;\n }\n var s = data.slice(p.place, slen + p.place);\n if (r[0] === 0 && (r[1] & 0x80)) {\n r = r.slice(1);\n }\n if (s[0] === 0 && (s[1] & 0x80)) {\n s = s.slice(1);\n }\n\n this.r = new BN(r);\n this.s = new BN(s);\n this.recoveryParam = null;\n\n return true;\n};\n\nfunction constructLength(arr, len) {\n if (len < 0x80) {\n arr.push(len);\n return;\n }\n var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);\n arr.push(octets | 0x80);\n while (--octets) {\n arr.push((len >>> (octets << 3)) & 0xff);\n }\n arr.push(len);\n}\n\nSignature.prototype.toDER = function toDER(enc) {\n var r = this.r.toArray();\n var s = this.s.toArray();\n\n // Pad values\n if (r[0] & 0x80)\n r = [ 0 ].concat(r);\n // Pad values\n if (s[0] & 0x80)\n s = [ 0 ].concat(s);\n\n r = rmPadding(r);\n s = rmPadding(s);\n\n while (!s[0] && !(s[1] & 0x80)) {\n s = s.slice(1);\n }\n var arr = [ 0x02 ];\n constructLength(arr, r.length);\n arr = arr.concat(r);\n arr.push(0x02);\n constructLength(arr, s.length);\n var backHalf = arr.concat(s);\n var res = [ 0x30 ];\n constructLength(res, backHalf.length);\n res = res.concat(backHalf);\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar HmacDRBG = require('hmac-drbg');\nvar utils = require('../utils');\nvar curves = require('../curves');\nvar rand = require('brorand');\nvar assert = utils.assert;\n\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EC(options) {\n if (!(this instanceof EC))\n return new EC(options);\n\n // Shortcut `elliptic.ec(curve-name)`\n if (typeof options === 'string') {\n assert(curves.hasOwnProperty(options), 'Unknown curve ' + options);\n\n options = curves[options];\n }\n\n // Shortcut for `elliptic.ec(elliptic.curves.curveName)`\n if (options instanceof curves.PresetCurve)\n options = { curve: options };\n\n this.curve = options.curve.curve;\n this.n = this.curve.n;\n this.nh = this.n.ushrn(1);\n this.g = this.curve.g;\n\n // Point on curve\n this.g = options.curve.g;\n this.g.precompute(options.curve.n.bitLength() + 1);\n\n // Hash function for DRBG\n this.hash = options.hash || options.curve.hash;\n}\nmodule.exports = EC;\n\nEC.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {\n return KeyPair.fromPrivate(this, priv, enc);\n};\n\nEC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {\n return KeyPair.fromPublic(this, pub, enc);\n};\n\nEC.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.n.toArray()\n });\n\n // Key generation for curve25519 is simpler\n if (this.curve.type === 'mont') {\n var priv = new BN(drbg.generate(32));\n return this.keyFromPrivate(priv);\n }\n\n var bytes = this.n.byteLength();\n var ns2 = this.n.sub(new BN(2));\n do {\n var priv = new BN(drbg.generate(bytes));\n if (priv.cmp(ns2) > 0)\n continue;\n\n priv.iaddn(1);\n return this.keyFromPrivate(priv);\n } while (true);\n};\n\nEC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) {\n bitSize = bitSize || msg.byteLength() * 8;\n var delta = bitSize - this.n.bitLength();\n if (delta > 0)\n msg = msg.ushrn(delta);\n if (!truncOnly && msg.cmp(this.n) >= 0)\n return msg.sub(this.n);\n else\n return msg;\n};\n\nEC.prototype.truncateMsg = function truncateMSG(msg) {\n // Bit size is only determined correctly for Uint8Arrays and hex strings\n var bitSize;\n if (msg instanceof Uint8Array) {\n bitSize = msg.byteLength * 8;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else if (typeof msg === 'string') {\n bitSize = msg.length * 4;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else {\n msg = this._truncateToN(new BN(msg, 16));\n }\n return msg;\n}\n\nEC.prototype.sign = function sign(msg, key, enc, options) {\n if (typeof enc === 'object') {\n options = enc;\n enc = null;\n }\n if (!options)\n options = {};\n\n key = this.keyFromPrivate(key, enc);\n msg = this.truncateMsg(msg);\n\n // Zero-extend key to provide enough entropy\n var bytes = this.n.byteLength();\n var bkey = key.getPrivate().toArray('be', bytes);\n\n // Zero-extend nonce to have the same byte size as N\n var nonce = msg.toArray('be', bytes);\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n entropy: bkey,\n nonce: nonce,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8'\n });\n\n // Number of bytes to generate\n var ns1 = this.n.sub(new BN(1));\n\n for (var iter = 0; true; iter++) {\n var k = options.k ?\n options.k(iter) :\n new BN(drbg.generate(this.n.byteLength()));\n k = this._truncateToN(k, true);\n if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)\n continue;\n\n var kp = this.g.mul(k);\n if (kp.isInfinity())\n continue;\n\n var kpX = kp.getX();\n var r = kpX.umod(this.n);\n if (r.cmpn(0) === 0)\n continue;\n\n var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));\n s = s.umod(this.n);\n if (s.cmpn(0) === 0)\n continue;\n\n var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |\n (kpX.cmp(r) !== 0 ? 2 : 0);\n\n // Use complement of `s`, if it is > `n / 2`\n if (options.canonical && s.cmp(this.nh) > 0) {\n s = this.n.sub(s);\n recoveryParam ^= 1;\n }\n\n return new Signature({ r: r, s: s, recoveryParam: recoveryParam });\n }\n};\n\nEC.prototype.verify = function verify(msg, signature, key, enc) {\n key = this.keyFromPublic(key, enc);\n signature = new Signature(signature, 'hex');\n // Fallback to the old code\n var ret = this._verify(this.truncateMsg(msg), signature, key) ||\n this._verify(this._truncateToN(new BN(msg, 16)), signature, key);\n return ret;\n};\n\nEC.prototype._verify = function _verify(msg, signature, key) {\n // Perform primitive values validation\n var r = signature.r;\n var s = signature.s;\n if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)\n return false;\n if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)\n return false;\n\n // Validate signature\n var sinv = s.invm(this.n);\n var u1 = sinv.mul(msg).umod(this.n);\n var u2 = sinv.mul(r).umod(this.n);\n\n if (!this.curve._maxwellTrick) {\n var p = this.g.mulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n return p.getX().umod(this.n).cmp(r) === 0;\n }\n\n // NOTE: Greg Maxwell's trick, inspired by:\n // https://git.io/vad3K\n\n var p = this.g.jmulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n // Compare `p.x` of Jacobian point with `r`,\n // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the\n // inverse of `p.z^2`\n return p.eqXToP(r);\n};\n\nEC.prototype.recoverPubKey = function(msg, signature, j, enc) {\n assert((3 & j) === j, 'The recovery param is more than two bits');\n signature = new Signature(signature, enc);\n\n var n = this.n;\n var e = new BN(msg);\n var r = signature.r;\n var s = signature.s;\n\n // A set LSB signifies that the y-coordinate is odd\n var isYOdd = j & 1;\n var isSecondKey = j >> 1;\n if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)\n throw new Error('Unable to find sencond key candinate');\n\n // 1.1. Let x = r + jn.\n if (isSecondKey)\n r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);\n else\n r = this.curve.pointFromX(r, isYOdd);\n\n var rInv = signature.r.invm(n);\n var s1 = n.sub(e).mul(rInv).umod(n);\n var s2 = s.mul(rInv).umod(n);\n\n // 1.6.1 Compute Q = r^-1 (sR - eG)\n // Q = r^-1 (sR + -eG)\n return this.g.mulAdd(s1, r, s2);\n};\n\nEC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {\n signature = new Signature(signature, enc);\n if (signature.recoveryParam !== null)\n return signature.recoveryParam;\n\n for (var i = 0; i < 4; i++) {\n var Qprime;\n try {\n Qprime = this.recoverPubKey(e, signature, i);\n } catch (e) {\n continue;\n }\n\n if (Qprime.eq(Q))\n return i;\n }\n throw new Error('Unable to find valid recovery factor');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar cachedProperty = utils.cachedProperty;\n\n/**\n* @param {EDDSA} eddsa - instance\n* @param {Object} params - public/private key parameters\n*\n* @param {Array} [params.secret] - secret seed bytes\n* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)\n* @param {Array} [params.pub] - public key point encoded as bytes\n*\n*/\nfunction KeyPair(eddsa, params) {\n this.eddsa = eddsa;\n if (params.hasOwnProperty('secret'))\n this._secret = parseBytes(params.secret);\n if (eddsa.isPoint(params.pub))\n this._pub = params.pub;\n else {\n this._pubBytes = parseBytes(params.pub);\n if (this._pubBytes && this._pubBytes.length === 33 &&\n this._pubBytes[0] === 0x40)\n this._pubBytes = this._pubBytes.slice(1, 33);\n if (this._pubBytes && this._pubBytes.length !== 32)\n throw new Error('Unknown point compression format');\n }\n}\n\nKeyPair.fromPublic = function fromPublic(eddsa, pub) {\n if (pub instanceof KeyPair)\n return pub;\n return new KeyPair(eddsa, { pub: pub });\n};\n\nKeyPair.fromSecret = function fromSecret(eddsa, secret) {\n if (secret instanceof KeyPair)\n return secret;\n return new KeyPair(eddsa, { secret: secret });\n};\n\nKeyPair.prototype.secret = function secret() {\n return this._secret;\n};\n\ncachedProperty(KeyPair, 'pubBytes', function pubBytes() {\n return this.eddsa.encodePoint(this.pub());\n});\n\ncachedProperty(KeyPair, 'pub', function pub() {\n if (this._pubBytes)\n return this.eddsa.decodePoint(this._pubBytes);\n return this.eddsa.g.mul(this.priv());\n});\n\ncachedProperty(KeyPair, 'privBytes', function privBytes() {\n var eddsa = this.eddsa;\n var hash = this.hash();\n var lastIx = eddsa.encodingLength - 1;\n\n // https://tools.ietf.org/html/rfc8032#section-5.1.5\n var a = hash.slice(0, eddsa.encodingLength);\n a[0] &= 248;\n a[lastIx] &= 127;\n a[lastIx] |= 64;\n\n return a;\n});\n\ncachedProperty(KeyPair, 'priv', function priv() {\n return this.eddsa.decodeInt(this.privBytes());\n});\n\ncachedProperty(KeyPair, 'hash', function hash() {\n return this.eddsa.hash().update(this.secret()).digest();\n});\n\ncachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {\n return this.hash().slice(this.eddsa.encodingLength);\n});\n\nKeyPair.prototype.sign = function sign(message) {\n assert(this._secret, 'KeyPair can only verify');\n return this.eddsa.sign(message, this);\n};\n\nKeyPair.prototype.verify = function verify(message, sig) {\n return this.eddsa.verify(message, sig, this);\n};\n\nKeyPair.prototype.getSecret = function getSecret(enc) {\n assert(this._secret, 'KeyPair is public only');\n return utils.encode(this.secret(), enc);\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n return utils.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc);\n};\n\nmodule.exports = KeyPair;\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar cachedProperty = utils.cachedProperty;\nvar parseBytes = utils.parseBytes;\n\n/**\n* @param {EDDSA} eddsa - eddsa instance\n* @param {Array|Object} sig -\n* @param {Array|Point} [sig.R] - R point as Point or bytes\n* @param {Array|bn} [sig.S] - S scalar as bn or bytes\n* @param {Array} [sig.Rencoded] - R point encoded\n* @param {Array} [sig.Sencoded] - S scalar encoded\n*/\nfunction Signature(eddsa, sig) {\n this.eddsa = eddsa;\n\n if (typeof sig !== 'object')\n sig = parseBytes(sig);\n\n if (Array.isArray(sig)) {\n sig = {\n R: sig.slice(0, eddsa.encodingLength),\n S: sig.slice(eddsa.encodingLength)\n };\n }\n\n assert(sig.R && sig.S, 'Signature without R or S');\n\n if (eddsa.isPoint(sig.R))\n this._R = sig.R;\n if (sig.S instanceof BN)\n this._S = sig.S;\n\n this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;\n this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;\n}\n\ncachedProperty(Signature, 'S', function S() {\n return this.eddsa.decodeInt(this.Sencoded());\n});\n\ncachedProperty(Signature, 'R', function R() {\n return this.eddsa.decodePoint(this.Rencoded());\n});\n\ncachedProperty(Signature, 'Rencoded', function Rencoded() {\n return this.eddsa.encodePoint(this.R());\n});\n\ncachedProperty(Signature, 'Sencoded', function Sencoded() {\n return this.eddsa.encodeInt(this.S());\n});\n\nSignature.prototype.toBytes = function toBytes() {\n return this.Rencoded().concat(this.Sencoded());\n};\n\nSignature.prototype.toHex = function toHex() {\n return utils.encode(this.toBytes(), 'hex').toUpperCase();\n};\n\nmodule.exports = Signature;\n","'use strict';\n\nvar hash = require('hash.js');\nvar HmacDRBG = require('hmac-drbg');\nvar rand = require('brorand');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n if (!(this instanceof EDDSA))\n return new EDDSA(curve);\n\n var curve = curves[curve].curve;\n this.curve = curve;\n this.g = curve.g;\n this.g.precompute(curve.n.bitLength() + 1);\n\n this.pointClass = curve.point().constructor;\n this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n message = parseBytes(message);\n var key = this.keyFromSecret(secret);\n var r = this.hashInt(key.messagePrefix(), message);\n var R = this.g.mul(r);\n var Rencoded = this.encodePoint(R);\n var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n .mul(key.priv());\n var S = r.add(s_).umod(this.curve.n);\n return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n message = parseBytes(message);\n sig = this.makeSignature(sig);\n var key = this.keyFromPublic(pub);\n var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n var SG = this.g.mul(sig.S());\n var RplusAh = sig.R().add(key.pub().mul(h));\n return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n var hash = this.hash();\n for (var i = 0; i < arguments.length; i++)\n hash.update(arguments[i]);\n return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.curve.n.toArray()\n });\n\n return this.keyFromSecret(drbg.generate(32));\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n if (sig instanceof Signature)\n return sig;\n return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n var enc = point.getY().toArray('le', this.encodingLength);\n enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n bytes = utils.parseBytes(bytes);\n\n var lastIx = bytes.length - 1;\n var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n var y = utils.intFromLE(normed);\n return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n return val instanceof this.pointClass;\n};\n","'use strict';\n\nvar elliptic = exports;\n\nelliptic.utils = require('./elliptic/utils');\nelliptic.rand = require('brorand');\nelliptic.curve = require('./elliptic/curve');\nelliptic.curves = require('./elliptic/curves');\n\n// Protocols\nelliptic.ec = require('./elliptic/ec');\nelliptic.eddsa = require('./elliptic/eddsa');\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","this","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","prototype","undefined","read","async","length","value","done","readToEnd","join","result","slice","clone","then","push","write","chunk","close","abort","reason","isNode","globalThis","process","versions","NodeReadableStream","require$$0","Readable","isStream","ReadableStream","isPrototypeOf","streams.ReadableStream","isUint8Array","Uint8Array","concatUint8Array","arrays","totalLength","i","Error","pos","forEach","element","set","NodeBuffer","Buffer","require$$1","nodeToWeb","webToNode","nodeStream","canceled","start","controller","pause","on","isBuffer","buffer","byteOffset","byteLength","enqueue","e","error","pull","resume","cancel","destroy","NodeReadable","webStream","options","_reader","streams.getReader","size","callback","doneReadingSet","WeakSet","externalBuffer","Reader","streams.isArrayStream","reader","_read","bind","_releaseLock","_cancel","streamType","streams.isStream","streams.nodeToWeb","doneReading","has","add","shift","readLine","returnVal","streams.concat","lineEndIndex","indexOf","concat","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","filter","toPonyfillReadable","toNativeReadable","WritableStream","TransformStream","loadStreamsPonyfill","ponyfill","adapter","all","createReadableStreamWrapper","toStream","toArrayStream","list","some","map","transform","transformWithCancel","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","transformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","highWaterMark","finish","output","data","result1","result2","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","Object","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","arrayStream","BigInteger","n","hex","hexByte","toString","BigInt","iinc","inc","idec","dec","iadd","x","isub","sub","imul","mul","imod","m","isNegative","mod","modExp","isZero","isOne","exp","r","lsb","rx","modInv","gcd","_egcd","b","y","xPrev","yPrev","a","q","tmp","ileftShift","leftShift","irightShift","rightShift","equal","lt","lte","gt","gte","isEven","abs","res","toNumber","number","Number","MAX_SAFE_INTEGER","getBit","bitLength","zero","one","negOne","bitlen","eight","len","toUint8Array","endian","rawLength","offset","parseInt","reverse","detectBigInt","byValue","curve","p256","secp256r1","prime256v1","p384","secp384r1","p521","secp521r1","secp256k1","ed25519Legacy","ED25519","ed25519","Ed25519","curve25519Legacy","X25519","cv25519","curve25519","Curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","eddsa","aedh","aedsa","x25519","x448","ed448","symmetric","plaintext","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","webHash","aead","eax","ocb","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuer","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","type","debugMode","env","NODE_ENV","util","isString","String","stream.isUint8Array","stream.isStream","readNumber","writeNumber","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","leftPad","padded","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","k","uint8ArrayToHex","h","c","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","s","printDebug","log","printDebugError","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","crypto","subtle","getBigInteger","default","getNodeCrypto","getNodeZlib","getNodeBuffer","require$$2","getHardwareConcurrency","navigator","hardwareConcurrency","require$$3","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","selectUint8","isAES","cipherAlgo","enums","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","from","btoa","atob","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","deflateLevel","aeadProtect","preferredAEADAlgorithm","aeadChunkSizeByte","s2kIterationCountByte","allowUnauthenticatedMessages","allowUnauthenticatedStream","checksumRequired","minRSABits","passwordCollisionCheck","revocationsExpire","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","minBytesForWebCrypto","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","useIndutnyElliptic","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","getType","header","match","addheader","customComment","config","getCheckSum","base64.encode","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","splitChecksum","body","checksum","lastEquals","lastIndexOf","unarmor","defaultConfig","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","checksumVerified","stream.readToEnd","stream.passiveClone","stream.pipe","checksumVerifiedString","stream.isArrayStream","messageType","partIndex","partTotal","bodyClone","KeyID","toHex","equals","keyID","matchWildcard","isWildcard","isNull","static","AES_asm","gexp3","glog3","ginit_done","gmul","aes_sbox","aes_sinv","aes_enc","aes_dec","aes_init_done","aes_init","_s","ginv","d","ginit","wrapper","foreign","heap","asm","stdlib","S0","S1","S2","S3","I0","I1","I2","I3","N0","N1","N2","N3","M0","M1","M2","M3","H0","H1","H2","H3","R","HEAP","DATA","_core","x0","x1","x2","x3","t1","t2","t3","y0","y1","y2","y3","_ecb_enc","_ecb_dec","_cbc_enc","_cbc_dec","_cfb_enc","_cfb_dec","_ofb","_ctr","_gcm_mac","z0","z1","z2","z3","set_rounds","set_state","s0","s1","s2","s3","set_iv","i0","i1","i2","i3","set_nonce","n0","n1","n2","n3","set_mask","m0","m1","m2","m3","set_counter","c0","c1","c2","c3","get_state","get_iv","gcm_init","cipher","mode","ret","_cipher_modes","mac","_mac_modes","set_key","ks","k0","k1","k2","k3","k4","k5","k6","k7","ekeys","dkeys","rcon","jj","ENC","ECB","CBC","CFB","OFB","CTR","DEC","MAC","GCM","HEAP_DATA","is_bytes","_heap_init","heapSize","_heap_write","hpos","dpos","dlen","hlen","wlen","joinBytes","arg","totalLenght","reduce","sum","curr","cursor","IllegalStateError","args","IllegalArgumentError","SecurityError","heap_pool","asm_pool","AES","iv","padding","acquire_asm","pop","reset","release_asm","keylen","keyview","getUint32","ivview","AES_Encrypt_process","TypeError","amode","rpos","AES_Encrypt_finish","plen","rlen","hasOwnProperty","p","AES_Decrypt_process","AES_Decrypt_finish","pad","pcheck","AES_ECB","encrypt","decrypt","aes","C","aesECB","block","blockSize","keySize","des","keys","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","left","right","looping","cbcleft","cbcleft2","cbcright","cbcright2","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","src","dst","l","f1","f2","f3","scheduleA","scheduleB","I","sBox","inn","w","ki","half","round","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","u","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","vector","off","_decryptBlock","kk","sha1_asm","H4","TOTAL0","TOTAL1","I4","O0","O1","O2","O3","O4","w0","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","w19","w20","w21","w22","w23","w24","w25","w26","w27","w28","w29","w30","w31","w32","w33","w34","w35","w36","w37","w38","w39","w40","w41","w42","w43","w44","w45","w46","w47","w48","w49","w50","w51","w52","w53","w54","w55","w56","w57","w58","w59","w60","w61","w62","w63","w64","w65","w66","w67","w68","w69","w70","w71","w72","w73","w74","w75","w76","w77","w78","w79","_core_heap","_state_to_heap","h0","h1","h2","h3","h4","total0","total1","hashed","hmac_reset","_hmac_opad","hmac_init","p0","p1","p2","p3","p4","p5","p6","p7","p8","p9","p10","p11","p12","p13","p14","p15","hmac_finish","t0","t4","pbkdf2_generate_block","count","Hash","HASH_SIZE","Sha1","NAME","BLOCK_SIZE","asm_function","Sha256","H5","H6","H7","I5","I6","I7","O5","O6","O7","f","g","h5","h6","h7","t5","t6","t7","sha256_asm","assert","val","msg","module","create","ctor","superCtor","super_","enumerable","configurable","TempCtor","inherits","enc","hi","lo","zero2","htonl","zero8","word","ah","al","bh","bl","ch","cl","dh","dl","carry","eh","el","num","BlockHash","pending","pendingTotal","outSize","hmacStrength","_delta8","_delta32","update","utils","toArray","join32","_update","digest","_pad","_digest","rotr32","z","ch32","p32","maj32","sum32","sum32_4","sum32_5","shaCommon","s0_256","s1_256","g0_256","g1_256","common","sha256_K","SHA256","W","SHA224","T1","T2","toHex32","split32","rotr64_hi","rotr64_lo","shr64_hi","shr64_lo","sum64","sum64_hi","sum64_lo","sum64_4_hi","sum64_4_lo","sum64_5_hi","sum64_5_lo","sha512_K","SHA512","ch64_hi","xh","xl","yh","yl","zh","ch64_lo","zl","maj64_hi","maj64_lo","s0_512_hi","s0_512_lo","s1_512_hi","s1_512_lo","g0_512_hi","g0_512_lo","g1_512_hi","g1_512_lo","SHA384","_prepareBlock","c0_hi","c0_lo","c1_hi","c1_lo","c2_hi","c2_lo","c3_hi","c3_lo","fh","fl","gh","gl","hh","hl","c4_hi","c4_lo","T1_hi","T1_lo","T2_hi","T2_lo","rotl32","sum32_3","RIPEMD160","K","Kh","A","B","D","E","Ah","Bh","Ch","Dh","Eh","T","rh","sh","md5cycle","ff","gg","add32","cmn","md5blk","md5blks","hex_chr","rhex","webCrypto","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","hashjsHash","webCryptoHash","hashInstance","asmcryptoHash","hashFunctions","entree","state","substring","tail","md51","ripemd160","algo","getHashByteLength","AES_CFB","getCipher","algoName","knownAlgos","getCiphers","nodeAlgos","pt","cipherObj","createCipheriv","nodeEncrypt","ALGO","_key","importKey","cbc_pt","ct","xorMut","webEncrypt","cfb","aesEncrypt","cipherfn","block_size","blockc","ciphertext","encblock","decipherObj","createDecipheriv","nodeDecrypt","aesDecrypt","blockp","decblock","AES_CTR","nonce","AES_CTR_set_options","counter","mask","pow","view","AES_CBC","blockLength","rightXORMut","zeroBlock","CMAC","cbc","padding2","ivLength","tagLength","two","OMAC","cmac","en","final","EAX","omac","ctr","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","xor","OCB","encipher","decipher","maxNtz","crypt","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","xorInput","$","cipherInput","cipherName","ciphers","mask_x","mask_$","constructKeyVariables","crypted","_AES_GCM_data_maxLength","AES_GCM","tagSize","gamma0","noncelen","noncebuf","_gcm_mac_process","nonceview","RangeError","cleartext","tagsize","AES_GCM_encrypt","AES_GCM_decrypt","AES_GCM_Encrypt_process","AES_GCM_Encrypt_finish","alen","clen","AES_GCM_Decrypt_process","tlen","AES_GCM_Decrypt_finish","atag","acheck","setAAD","getAuthTag","de","setAuthTag","additionalData","gcm","nacl","gf","Float64Array","randombytes","_9","gf0","gf1","_121665","D2","X","Y","crypto_verify_32","xi","yi","vn","set25519","car25519","o","v","sel25519","pack25519","neq25519","par25519","unpack25519","Z","M","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","x32","x16","crypto_scalarmult_base","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","cleanup","arr","scalarMult","box","keyPair","fromSecretKey","sign","signedMsg","sm","smlen","crypto_sign","detached","sig","verify","crypto_sign_open","fromSeed","seed","setPRNG","self","msCrypto","getRandomValues","min","require","randomBytes","exports","getRandomBytes","getRandomBigInteger","modulus","randomProbablePrime","thirty","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","rand","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","emLen","hashPrefix","tLen","fill","EM","asn1","RSAPrivateKey","define","seq","obj","int","RSAPublicKey","hashAlgo","hashName","jwk","pNum","qNum","dNum","dq","dp","kty","qi","ext","privateToJWK","webSign","err","BN","pBNum","qBNum","dBNum","subn","createSign","keyObject","version","publicExponent","privateExponent","prime1","prime2","exponent1","exponent2","coefficient","createPrivateKey","der","format","pem","label","nodeSign","bnSign","publicToJWK","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","constants","RSA_PKCS1_PADDING","publicEncrypt","bnEncrypt","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","keyGenOpt","modulusLength","generateKey","exportKey","generateKeyPair","opts","publicKeyEncoding","privateKeyEncoding","prv","_","toArrayLike","phi","nSizeOver3","rde","pSize","n1023","threshold","rqx","OID","oid","getName","keyFromPrivate","indutnyCurve","priv","keyFromPublic","pub","validate","getIndutnyCurve","elliptic","ec","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","stream.TransformStream","lengthByte","nextPacket","UnsupportedError","params","captureStackTrace","UnparseablePacket","rawContent","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","CurveWithOID","oidOrName","webCryptoKey","namedCurve","jwkToRawPublic","webGenKeyPair","createECDH","generateKeys","getPublicKey","getPrivateKey","nodeGenKeyPair","genKeyPair","entropy","getPublic","getPrivate","validateStandardParams","Q","supportedCurves","curveName","dG","validationErrors","eq","bufX","bufY","rawPublicToJWK","crv","ECPrivateKey","parameters","unused","ECDSASignature","ellipticSign","SubjectPublicKeyInfo","algorithm","subjectPublicKey","ellipticVerify","octstr","explicit","optional","any","bitstr","AlgorithmIdentifier","objid","use","getPreferredHashAlgo","RS","wrap","IV","P","unpack","unwrap","createArrayBuffer","setUint32","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","genPrivateEphemeralKey","recipient","deriveBits","public","webPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","V","derive","ellipticPublicEphemeralKey","secret","webPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","ellipticPrivateEphemeralKey","pkcs5.encode","wrappedKey","aesKW.wrap","pkcs5.decode","aesKW.unwrap","nodeSubtleCrypto","webcrypto","HKDF","inputKey","salt","info","outLen","importedKey","hashAlgoName","computeHMAC","hmacKey","hmacMessage","createHmac","pseudoRandomKey","hashLen","outputKeyingMaterial","roundInput","HKDF_INFO","recipientA","ephemeralSecretKey","sharedSecret","ephemeralPublicKey","hkdfInput","computeHKDF","xr","u1","u2","qSize","n150","rsa","publicParams","curveSize","publicKeyParams","privateKeyParams","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","instance","followLength","checkSupportedCurve","keyAlgo","symmetricAlgo","ECDHSymkey","ecdhX","fromObject","sessionKeyParams","privateParams","algosWithNativeRepresentation","orderedParams","generate","validateParams","algoModule","prefixrandom","repeat","random","pkcs1","pkcs5","aesKW","assign","TYPED_OK","Uint16Array","Int32Array","shrinkBuf","fnTyped","arraySet","dest","src_offs","dest_offs","flattenChunks","chunks","fnUntyped","Buf8","Buf16","Buf32","Z_NO_FLUSH","Z_PARTIAL_FLUSH","Z_SYNC_FLUSH","Z_FULL_FLUSH","Z_FINISH","Z_BLOCK","Z_TREES","Z_OK","Z_STREAM_END","Z_NEED_DICT","Z_STREAM_ERROR","Z_DATA_ERROR","Z_BUF_ERROR","Z_DEFAULT_COMPRESSION","Z_FILTERED","Z_HUFFMAN_ONLY","Z_RLE","Z_FIXED","Z_BINARY","Z_TEXT","Z_UNKNOWN","Z_DEFLATED","STORED_BLOCK","STATIC_TREES","DYN_TREES","LENGTH_CODES","LITERALS","L_CODES","D_CODES","BL_CODES","HEAP_SIZE","MAX_BITS","Buf_size","MAX_BL_BITS","END_BLOCK","REP_3_6","REPZ_3_10","REPZ_11_138","extra_lbits","extra_dbits","extra_blbits","bl_order","static_ltree","static_dtree","_dist_code","_length_code","MAX_MATCH","base_length","base_dist","StaticTreeDesc","static_tree","extra_bits","extra_base","elems","max_length","has_stree","static_l_desc","static_d_desc","static_bl_desc","TreeDesc","dyn_tree","stat_desc","max_code","d_code","dist","put_short","pending_buf","send_bits","bi_valid","bi_buf","send_code","tree","bi_reverse","code","gen_codes","bl_count","next_code","init_block","dyn_ltree","dyn_dtree","bl_tree","opt_len","static_len","last_lit","matches","bi_windup","smaller","depth","_n2","_m2","pqdownheap","heap_len","compress_block","ltree","dtree","lc","extra","lx","d_buf","l_buf","build_tree","desc","stree","heap_max","base","xbits","overflow","gen_bitlen","scan_tree","curlen","prevlen","nextlen","max_count","min_count","send_tree","static_init_done","_tr_init","tr_static_init","l_desc","d_desc","bl_desc","_tr_stored_block","stored_len","utils.arraySet","window","copy_block","_tr_align","bi_flush","_tr_flush_block","opt_lenb","static_lenb","max_blindex","level","strm","data_type","black_mask","detect_data_type","build_bl_tree","strategy","lcodes","dcodes","blcodes","rank","send_all_trees","_tr_tally","lit_bufsize","adler32","adler","crcTable","table","makeTable","crc32","MAX_MEM_LEVEL","MIN_MATCH","MIN_LOOKAHEAD","PRESET_DICT","INIT_STATE","EXTRA_STATE","NAME_STATE","COMMENT_STATE","HCRC_STATE","BUSY_STATE","FINISH_STATE","BS_NEED_MORE","BS_BLOCK_DONE","BS_FINISH_STARTED","BS_FINISH_DONE","OS_CODE","errorCode","flush_pending","avail_out","pending_out","next_out","total_out","flush_block_only","trees._tr_flush_block","block_start","strstart","put_byte","putShortMSB","read_buf","avail_in","next_in","total_in","longest_match","cur_match","chain_length","max_chain_length","scan","best_len","prev_length","nice_match","limit","w_size","_win","wmask","w_mask","strend","scan_end1","scan_end","good_match","lookahead","match_start","fill_window","_w_size","more","window_size","hash_size","head","insert","ins_h","hash_shift","hash_mask","deflate_fast","flush","hash_head","bflush","match_length","trees._tr_tally","max_lazy_match","deflate_slow","max_insert","prev_match","match_available","Config","good_length","max_lazy","nice_length","max_chain","func","configuration_table","max_block_size","pending_buf_size","max_start","DeflateState","status","gzhead","gzindex","method","last_flush","w_bits","hash_bits","utils.Buf16","deflateReset","trees._tr_init","deflateResetKeep","lm_init","deflate","old_flush","beg","hcrc","comment","os","level_flags","bstate","deflate_huff","deflate_rle","trees._tr_align","trees._tr_stored_block","__","_utf8len","utils.Buf8","string2buf","m_pos","buf_len","str_len","ZStream","Deflate","chunkSize","windowBits","memLevel","opt","raw","gzip","ended","zlib_deflate.deflateInit2","dictionary","dict","strings.string2buf","avail","next","tmpDict","dictLength","zlib_deflate.deflateSetDictionary","_dict_set","_mode","zlib_deflate.deflate","onEnd","onData","utils.shrinkBuf","zlib_deflate.deflateEnd","utils.flattenChunks","BAD","TYPE","inflate_fast","_in","_out","hold","here","op","from_source","dmax","wsize","whave","wnext","s_window","lcode","lencode","dcode","distcode","lmask","lenbits","dmask","distbits","top","dolen","dodist","sane","MAXBITS","ENOUGH_LENS","ENOUGH_DISTS","CODES","LENS","DISTS","lbase","lext","dbase","dext","inflate_table","lens","lens_index","codes","table_index","work","incr","low","sym","root","drop","used","huff","base_index","offs","here_bits","here_op","here_val","extra_index","HEAD","FLAGS","TIME","OS","EXLEN","EXTRA","COMMENT","HCRC","DICTID","DICT","TYPEDO","STORED","COPY_","COPY","TABLE","LENLENS","CODELENS","LEN_","LEN","LENEXT","DIST","DISTEXT","MATCH","LIT","CHECK","LENGTH","DONE","zswap32","InflateState","havedict","flags","check","total","wbits","ncode","nlen","ndist","have","lendyn","distdyn","back","was","inflateReset","utils.Buf32","inflateResetKeep","inflateInit2","inflateReset2","lenfix","distfix","virgin","fixedtables","updatewindow","copy","inflate","put","last_bits","last_op","last_val","hbuf","order","inf_leave","xflags","extra_len","inflateSetDictionary","dictid","GZheader","Inflate","zlib_inflate.inflateInit2","c.Z_OK","zlib_inflate.inflateGetHeader","zlib_inflate.inflateSetDictionary","allowBufError","c.Z_FINISH","c.Z_NO_FLUSH","strings.binstring2buf","zlib_inflate.inflate","c.Z_NEED_DICT","c.Z_BUF_ERROR","c.Z_STREAM_END","c.Z_SYNC_FLUSH","zlib_inflate.inflateEnd","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","remaining","seek","n_bit","n_byte","pi","bufToHex","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","getCRC","updateCRC","updateCRCRun","mtf","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","optDetail","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","CRC32","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","MAX_HUFCODE_BITS","permute","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","multistream","bz","targetStreamCRC","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","verified","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","issuerKeyID","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","writeHashedSubPackets","toHash","stream.slice","stream.clone","writeSubPacket","humanReadable","critical","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","fromBinary","compressionFn","compress_fns","nodeZlib","node_zlib","stream.nodeToWeb","stream.webToNode","pako_zlib","deflateRaw","createDeflateRaw","createDeflate","inflateRaw","createInflateRaw","createInflate","BunzipDecode","SymEncryptedIntegrityProtectedDataPacket","encrypted","sessionKeyAlgorithm","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","AEADEncryptedDataPacket","cipherAlgorithm","aeadAlgorithm","chunkSizeByte","getAEADMode","modeInstance","tagLengthIfDecrypting","tagLengthIfEncrypting","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","latestPromise","cryptedBytes","queuedBytes","finalChunk","cryptedPromise","setInt32","desiredSize","PublicKeyEncryptedSessionKeyPacket","publicKeyID","sessionKey","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","sessionKeyData","S2K","getCount","passphrase","numBytes","rlength","prefixlen","datalen","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","produceKey","encryptionKey","generateSessionKey","associatedData","toEncrypt","PublicKeyPacket","expirationTimeV3","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","startOfSecretKeyData","unparseableKeyMaterial","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","produceEncryptionKey","cleartextWithHash","validParams","generateParams","global","parse5322","inStr","getPos","setPos","initialize","parseString","tokens","semantic","children","ast","parent","child","compareToken","fxnCompare","tok","lit","and","or","prod","invis","colwsp","star","minimum","isUTF8NonAscii","cr","crlf","lf","dquote","htab","sp","vchar","accept","rfc6532","wsp","quotedPair","obsQP","fws","obsFws","ctext","obsCtext","ccontent","cfws","atext","atom","dotAtomText","maybeText","dotAtom","qtext","obsQtext","qcontent","quotedString","address","mailbox","group","nameAddr","addrSpec","displayName","angleAddr","obsAngleAddr","groupList","obsPhrase","collapseWhitespace","mailboxList","obsMboxList","addressList","obsAddrList","obsGroupList","localPart","obsLocalPart","dtext","obsDtext","domainLiteral","domain","obsDomain","rejectTLD","obsNoWsCtl","strict","atInDisplayName","obsRoute","obsDomainList","findNode","stack","findAllNodesNoChildren","names","namesLookup","giveResult","addresses","groupsAndMailboxes","groupOrMailbox","giveResultGroup","giveResultMailbox","simplifyResult","oneResult","partial","groupName","groupResultMailboxes","mailboxes","grabSemantic","aspec","findAllNodes","comments","local","concatComments","startProduction","handleOpts","startAt","defs","isNullUndef","defaults","isObject","parseOneAddress","parseAddressList","parseFrom","parseSender","parseReplyTo","UserIDPacket","email","components","emailAddresses","otherUserID","SecretSubkeyPacket","TrustPacket","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","prefAlgo","primaryUser","getPrimaryUser","selfCertification","getPreferredCurveHashAlgo","getPreferredAlgo","userIDs","defaultAlgo","preferredSenderAlgo","prefPropertyName","senderAlgoSupport","recipientPrefs","Boolean","signingKeyPacket","signaturePacket","mergeSignatures","source","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","sanitizeKeyOptions","subkeyDefaults","isValidSigningKeyPacket","isValidEncryptionKeyPacket","isValidDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","signingKeys","isPrivate","signingKey","getSigningKey","certificate","verificationKeys","issuerKeys","getKeys","isRevoked","certifications","certification","valid","verifyCertificate","sourceUser","srcSelfSig","srcRevSig","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","sort","helper.isValidSigningKeyPacket","helper.checkKeyRequirements","helper.isValidEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","revocationCertificate","privateKeys","userSign","certify","verifyAllCertifications","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","fromSecretKeyPacket","pubSubkeyPacket","fromSecretSubkeyPacket","helper.isValidDecryptionKeyPacket","allDummies","defaultOptions","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","readPrivateKey","readKeys","armoredKeys","binaryKeys","keyIndex","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","sessionKeyObjects","decryptSessionKeys","symEncryptedPacketlist","symEncryptedPacket","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","password","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","getDecryptionKeys","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgorithmName","supported","isAEADSupported","getEncryptionKey","maybeKey","wildcard","encryptionKeyIDs","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","literalDataPacket","existingSigPacketlist","onePassSig","signingKeyID","onePassSignatureList","createSignaturePackets","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","detachedSignature","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","stream.loadStreamsPonyfill","stream.toStream","createMessage","literalDataPacketlist","CleartextMessage","newSignature","hashes","ar","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","oneHeader","createCleartextMessage","checkConfig","helper.generateSecretKey","getRevocationCertificate","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","applyRevocationCertificate","revoke","decryptKey","clonedPrivateKey","passphrases","encryptKey","signingUserIDs","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","streaming","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","signDetached","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","encoding","setEncoding","stream.toNativeReadable","object","SymbolPolyfill","iterator","description","noop","globals","typeIsObject","rethrowAssertionErrorRejection","originalPromise","originalPromiseThen","originalPromiseResolve","originalPromiseReject","newPromise","executor","promiseResolvedWith","promiseRejectedWith","PerformPromiseThen","onFulfilled","onRejected","uponPromise","uponFulfillment","uponRejection","transformPromiseWith","fulfillmentHandler","rejectionHandler","setPromiseIsHandledToTrue","queueMicrotask","globalQueueMicrotask","resolvedPromise","reflectCall","F","Function","promiseCall","SimpleQueue","_cursor","_size","_front","_elements","_next","_back","oldBack","newBack","QUEUE_MAX_ARRAY_SIZE","oldFront","newFront","oldCursor","newCursor","elements","peek","front","ReadableStreamReaderGenericInitialize","_ownerReadableStream","_state","defaultReaderClosedPromiseInitialize","defaultReaderClosedPromiseResolve","defaultReaderClosedPromiseInitializeAsResolved","defaultReaderClosedPromiseInitializeAsRejected","_storedError","ReadableStreamReaderGenericCancel","ReadableStreamCancel","ReadableStreamReaderGenericRelease","defaultReaderClosedPromiseReject","defaultReaderClosedPromiseResetToRejected","readerLockException","_closedPromise","_closedPromise_resolve","_closedPromise_reject","AbortSteps","ErrorSteps","CancelSteps","PullSteps","NumberIsFinite","isFinite","MathTrunc","trunc","assertDictionary","context","assertFunction","assertObject","assertRequiredArgument","position","assertRequiredField","field","convertUnrestrictedDouble","censorNegativeZero","convertUnsignedLongLongWithEnforceRange","upperBound","integerPart","assertReadableStream","IsReadableStream","AcquireReadableStreamDefaultReader","ReadableStreamDefaultReader","ReadableStreamAddReadRequest","readRequest","_readRequests","ReadableStreamFulfillReadRequest","_closeSteps","_chunkSteps","ReadableStreamGetNumReadRequests","ReadableStreamHasDefaultReader","IsReadableStreamDefaultReader","IsReadableStreamLocked","defaultReaderBrandCheckException","resolvePromise","rejectPromise","ReadableStreamDefaultReaderRead","_errorSteps","_disturbed","_readableStreamController","AsyncIteratorPrototype","defineProperties","toStringTag","asyncIterator","ReadableStreamAsyncIteratorImpl","_ongoingPromise","_isFinished","_preventCancel","nextSteps","_nextSteps","return","returnSteps","_returnSteps","ReadableStreamAsyncIteratorPrototype","IsReadableStreamAsyncIterator","_asyncIteratorImpl","streamAsyncIteratorBrandCheckException","setPrototypeOf","NumberIsNaN","isNaN","IsFiniteNonNegativeNumber","IsNonNegativeNumber","DequeueValue","container","pair","_queue","_queueTotalSize","EnqueueValueWithSize","ResetQueue","CreateArrayFromList","ReadableStreamBYOBRequest","IsReadableStreamBYOBRequest","byobRequestBrandCheckException","_view","respond","bytesWritten","_associatedReadableByteStreamController","ReadableByteStreamControllerRespondInternal","ReadableByteStreamControllerRespond","respondWithNewView","isView","firstDescriptor","_pendingPullIntos","bytesFilled","ReadableByteStreamControllerRespondWithNewView","ReadableByteStreamController","byobRequest","IsReadableByteStreamController","byteStreamControllerBrandCheckException","_byobRequest","request","SetUpReadableStreamBYOBRequest","ReadableByteStreamControllerGetDesiredSize","_closeRequested","_controlledReadableByteStream","ReadableByteStreamControllerError","ReadableByteStreamControllerClearAlgorithms","ReadableStreamClose","ReadableByteStreamControllerClose","transferredBuffer","ReadableByteStreamControllerEnqueueChunkToQueue","ReadableStreamHasBYOBReader","ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue","ReadableByteStreamControllerCallPullIfNeeded","ReadableByteStreamControllerEnqueue","_cancelAlgorithm","entry","ReadableByteStreamControllerHandleQueueDrain","autoAllocateChunkSize","_autoAllocateChunkSize","bufferE","pullIntoDescriptor","elementSize","viewConstructor","readerType","shouldPull","_started","ReadableStreamGetNumReadIntoRequests","ReadableByteStreamControllerShouldCallPull","_pulling","_pullAgain","_pullAlgorithm","ReadableByteStreamControllerCommitPullIntoDescriptor","filledView","ReadableByteStreamControllerConvertPullIntoDescriptor","readIntoRequest","_readIntoRequests","ReadableStreamFulfillReadIntoRequest","ReadableByteStreamControllerFillPullIntoDescriptorFromQueue","currentAlignedBytes","maxBytesToCopy","maxBytesFilled","maxAlignedBytes","totalBytesToCopyRemaining","queue","headOfQueue","bytesToCopy","destStart","destOffset","srcOffset","ReadableByteStreamControllerFillHeadPullIntoDescriptor","ReadableByteStreamControllerInvalidateBYOBRequest","ReadableByteStreamControllerShiftPendingPullInto","ReadableByteStreamControllerRespondInClosedState","remainderSize","ReadableByteStreamControllerRespondInReadableState","ReadableByteStreamControllerClearPendingPullIntos","ReadableStreamError","_strategyHWM","SetUpReadableByteStreamControllerFromUnderlyingSource","underlyingByteSource","startAlgorithm","pullAlgorithm","cancelAlgorithm","SetUpReadableByteStreamController","ReadableStreamAddReadIntoRequest","IsReadableStreamBYOBReader","ReadableStreamBYOBReader","byobReaderBrandCheckException","BYTES_PER_ELEMENT","emptyView","ReadableByteStreamControllerPullInto","ReadableStreamBYOBReaderRead","ExtractHighWaterMark","defaultHWM","ExtractSizeAlgorithm","convertQueuingStrategy","convertQueuingStrategySize","convertUnderlyingSinkAbortCallback","original","convertUnderlyingSinkCloseCallback","convertUnderlyingSinkStartCallback","convertUnderlyingSinkWriteCallback","assertWritableStream","IsWritableStream","rawUnderlyingSink","rawStrategy","underlyingSink","convertUnderlyingSink","InitializeWritableStream","sizeAlgorithm","WritableStreamDefaultController","writeAlgorithm","closeAlgorithm","abortAlgorithm","SetUpWritableStreamDefaultController","SetUpWritableStreamDefaultControllerFromUnderlyingSink","locked","streamBrandCheckException$2","IsWritableStreamLocked","WritableStreamAbort","WritableStreamCloseQueuedOrInFlight","WritableStreamClose","AcquireWritableStreamDefaultWriter","WritableStreamDefaultWriter","_writer","_writableStreamController","_writeRequests","_inFlightWriteRequest","_closeRequest","_inFlightCloseRequest","_pendingAbortRequest","_backpressure","_promise","wasAlreadyErroring","_resolve","_reject","_reason","_wasAlreadyErroring","WritableStreamStartErroring","closeRequest","defaultWriterReadyPromiseResolve","closeSentinel","WritableStreamDefaultControllerAdvanceQueueIfNeeded","WritableStreamDealWithRejection","WritableStreamFinishErroring","WritableStreamDefaultWriterEnsureReadyPromiseRejected","WritableStreamHasOperationMarkedInFlight","storedError","writeRequest","WritableStreamRejectCloseAndClosedPromiseIfNeeded","abortRequest","defaultWriterClosedPromiseReject","WritableStreamUpdateBackpressure","backpressure","defaultWriterReadyPromiseInitialize","defaultWriterReadyPromiseReset","_ownerWritableStream","defaultWriterReadyPromiseInitializeAsResolved","defaultWriterClosedPromiseInitialize","defaultWriterReadyPromiseInitializeAsRejected","defaultWriterClosedPromiseResolve","defaultWriterClosedPromiseInitializeAsRejected","IsWritableStreamDefaultWriter","defaultWriterBrandCheckException","defaultWriterLockException","WritableStreamDefaultControllerGetDesiredSize","WritableStreamDefaultWriterGetDesiredSize","_readyPromise","WritableStreamDefaultWriterAbort","WritableStreamDefaultWriterClose","WritableStreamDefaultWriterRelease","WritableStreamDefaultWriterWrite","WritableStreamDefaultWriterEnsureClosedPromiseRejected","_closedPromiseState","defaultWriterClosedPromiseResetToRejected","_readyPromiseState","defaultWriterReadyPromiseReject","defaultWriterReadyPromiseResetToRejected","releasedError","_strategySizeAlgorithm","chunkSizeE","WritableStreamDefaultControllerErrorIfNeeded","WritableStreamDefaultControllerGetChunkSize","WritableStreamAddWriteRequest","enqueueE","_controlledWritableStream","WritableStreamDefaultControllerGetBackpressure","WritableStreamDefaultControllerWrite","IsWritableStreamDefaultController","WritableStreamDefaultControllerError","_abortAlgorithm","WritableStreamDefaultControllerClearAlgorithms","_writeAlgorithm","_closeAlgorithm","WritableStreamMarkCloseRequestInFlight","sinkClosePromise","WritableStreamFinishInFlightClose","WritableStreamFinishInFlightCloseWithError","WritableStreamDefaultControllerProcessClose","WritableStreamMarkFirstWriteRequestInFlight","sinkWritePromise","WritableStreamFinishInFlightWrite","WritableStreamFinishInFlightWriteWithError","WritableStreamDefaultControllerProcessWrite","_readyPromise_resolve","_readyPromise_reject","NativeDOMException","DOMException","DOMException$1","_a","isDOMExceptionConstructor","createDOMExceptionPolyfill","ReadableStreamPipeTo","signal","shuttingDown","currentWrite","actions","shutdownWithAction","action","aborted","addEventListener","isOrBecomesErrored","shutdown","isOrBecomesClosed","WritableStreamDefaultWriterCloseWithErrorPropagation","destClosed","waitForWritesToFinish","oldCurrentWrite","originalIsError","originalError","doTheRest","newError","isError","removeEventListener","resolveLoop","rejectLoop","resolveRead","rejectRead","ReadableStreamDefaultController","IsReadableStreamDefaultController","defaultControllerBrandCheckException$1","ReadableStreamDefaultControllerGetDesiredSize","ReadableStreamDefaultControllerCanCloseOrEnqueue","ReadableStreamDefaultControllerClose","ReadableStreamDefaultControllerEnqueue","ReadableStreamDefaultControllerError","ReadableStreamDefaultControllerClearAlgorithms","_controlledReadableStream","ReadableStreamDefaultControllerCallPullIfNeeded","ReadableStreamDefaultControllerShouldCallPull","SetUpReadableStreamDefaultController","convertUnderlyingSourceCancelCallback","convertUnderlyingSourcePullCallback","convertUnderlyingSourceStartCallback","convertReadableStreamType","convertReadableStreamReaderMode","convertPipeOptions","isAbortSignal","assertAbortSignal","rawUnderlyingSource","underlyingSource","convertUnderlyingDefaultOrByteSource","InitializeReadableStream","SetUpReadableStreamDefaultControllerFromUnderlyingSource","streamBrandCheckException$1","rawOptions","convertReaderOptions","AcquireReadableStreamBYOBReader","pipeThrough","rawTransform","convertReadableWritablePair","destination","branches","cloneForBranch2","reason1","reason2","branch1","branch2","resolveCancelPromise","reading","canceled1","canceled2","cancelPromise","value1","value2","CreateReadableStream","compositeReason","cancelResult","ReadableStreamTee","impl","AcquireReadableStreamAsyncIterator","convertIteratorOptions","convertQueuingStrategyInit","byteLengthSizeFunction","ByteLengthQueuingStrategy","_byteLengthQueuingStrategyHighWaterMark","IsByteLengthQueuingStrategy","byteLengthBrandCheckException","countSizeFunction","CountQueuingStrategy","_countQueuingStrategyHighWaterMark","IsCountQueuingStrategy","countBrandCheckException","convertTransformerFlushCallback","convertTransformerStartCallback","convertTransformerTransformCallback","rawTransformer","rawWritableStrategy","rawReadableStrategy","writableStrategy","readableStrategy","transformer","readableType","writableType","convertTransformer","readableHighWaterMark","readableSizeAlgorithm","writableHighWaterMark","writableSizeAlgorithm","startPromise_resolve","startPromise","_transformStreamController","_backpressureChangePromise","_writable","TransformStreamDefaultControllerPerformTransform","TransformStreamDefaultSinkWriteAlgorithm","TransformStreamError","TransformStreamDefaultSinkAbortAlgorithm","_readable","flushPromise","_flushAlgorithm","TransformStreamDefaultControllerClearAlgorithms","TransformStreamDefaultSinkCloseAlgorithm","TransformStreamSetBackpressure","TransformStreamDefaultSourcePullAlgorithm","TransformStreamErrorWritableAndUnblockWrite","CreateWritableStream","_backpressureChangePromise_resolve","InitializeTransformStream","TransformStreamDefaultController","transformAlgorithm","TransformStreamDefaultControllerEnqueue","transformResultE","flushAlgorithm","_controlledTransformStream","_transformAlgorithm","SetUpTransformStreamDefaultController","SetUpTransformStreamDefaultControllerFromTransformer","IsTransformStream","streamBrandCheckException","IsTransformStreamDefaultController","defaultControllerBrandCheckException","readableController","TransformStreamDefaultControllerTerminate","ReadableStreamDefaultControllerHasBackpressure","extendStatics","__proto__","__extends","isStreamConstructor","startCalled","isReadableStream","isWritableStream","isTransformStream","supportsByobReader","createWrappingReadableSource","parseReadableType","WrappingReadableByteStreamSource","WrappingReadableStreamDefaultSource","typeString","AbstractWrappingReadableStreamSource","underlyingStream","_underlyingReader","_readerMode","_pendingRead","_underlyingStream","_attachDefaultReader","_detachReader","_attachReader","_this","_finishPendingRead","_pullWithDefaultReader","_tryClose","_setPendingRead","readPromise","pendingRead","finishRead","afterRead","_super","supportsByob","_supportsByob","_attachByobReader","_pullWithByobRequest","to","fromArray","createWrappingWritableSink","WrappingWritableStreamSink","underlyingWriter","_pendingWrite","_underlyingWriter","_errorPromise","_errorPromiseReject","_finishErroring","_startErroring","race","_setPendingWrite","_finishPendingWrite","writePromise","pendingWrite","finishWrite","afterWrite","createWrappingTransformer","WrappingTransformStreamTransformer","_onRead","_onError","_flushReject","_onTerminate","_flushResolve","_flushPromise","readerClosed","isReadableStreamConstructor","byteSourceSupported","supportsByteSource","isTransformStreamConstructor","isWritableStreamConstructor","sink","isBN","negative","words","red","_init","wordSize","parseHex","parseBase","cmp","_initNumber","_initArray","_parseHex","_parseBase","strip","limbLen","limbPow","imuln","_iaddn","_expand","_normSign","inspect","zeros","groupSizes","groupBases","smallMulTo","out","ncarry","rword","maxJ","groupSize","groupBase","modn","idivn","toJSON","toBuffer","ArrayType","reqLength","littleEndian","andln","iushrn","_countBits","clz32","_zeroBits","zeroBits","toTwos","width","inotn","iaddn","fromTwos","testn","notn","ineg","isNeg","neg","iuor","ior","uor","iuand","iand","uand","iuxor","ixor","uxor","bytesNeeded","bitsLeft","setn","bit","wbit","comb10MulTo","mid","a0","al0","ah0","a1","al1","ah1","a2","al2","ah2","a3","al3","ah3","a4","al4","ah4","a5","al5","ah5","a6","al6","ah6","a7","al7","ah7","a8","al8","ah8","a9","al9","ah9","bl0","bh0","bl1","bh1","bl2","bh2","bl3","bh3","bl4","bh4","bl5","bh5","bl6","bh6","bl7","bh7","bl8","bh8","bl9","bh9","jumboMulTo","FFTM","mulp","mulTo","hncarry","bigMulTo","makeRBT","N","revBin","rb","rbt","rws","iws","rtws","itws","rtwdf","cos","PI","itwdf","sin","rtwdf_","itwdf_","re","ie","ro","io","guessLen13b","odd","conjugate","normalize13b","ws","convert13b","stub","ph","rwst","iwst","nrws","nrwst","niwst","rmws","mulf","muln","sqr","isqr","toBitArray","iushln","carryMask","newCarry","ishln","hint","extended","maskedWords","ishrn","shln","ushln","shrn","ushrn","imaskn","maskn","isubn","addn","iabs","_ishlnsubmul","_wordDiv","bhi","diff","qj","div","divmod","positive","divn","umod","divRound","dm","r2","acc","egcd","yp","xp","im","isOdd","jm","_invmp","delta","cmpn","invm","bincn","ucmp","gtn","gten","ltn","lten","eqn","Red","toRed","ctx","convertTo","_forceRed","fromRed","convertFrom","forceRed","redAdd","redIAdd","redSub","redISub","redShl","shl","redMul","_verify2","redIMul","redSqr","_verify1","redISqr","redSqrt","sqrt","redInvm","redNeg","redPow","primes","k256","p224","p192","p25519","MPrime","_tmp","K256","P224","P192","P25519","prime","_prime","Mont","rinv","minv","ireduce","imulK","mod3","nOne","lpow","inv","wnd","currentLen","mont","nred","minAssert","minUtils","getNAF","naf","getJSF","jsf","d1","d2","m8","m14","m24","cachedProperty","computer","parseBytes","intFromLE","Rand","_rand","getByte","BaseCurve","conf","pointFromJSON","gRed","_wnafT1","_wnafT2","_wnafT3","_wnafT4","adjustCount","redN","_maxwellTrick","BasePoint","precomputed","point","_fixedNafMul","doubles","_getDoubles","step","repr","nafW","jpoint","mixedAdd","points","toP","_wnafMul","nafPoints","_getNAFPoints","dblp","_wnafMulAdd","defW","coeffs","jacobianResult","wndWidth","comb","toJ","ja","jb","decodePoint","pointFromX","encodeCompressed","_encode","compact","getX","getY","precompute","beta","_getBeta","_hasDoubles","dbl","ShortCurve","Base","tinv","zeroA","threeA","endo","_getEndomorphism","_endoWnafT1","_endoWnafT2","Point","isRed","inf","JPoint","zOne","MontCurve","i4","a24","lambda","betas","_getEndoRoots","lambdas","basis","vec","_getEndoBasis","ntinv","prevR","aprxSqrt","len1","_endoSplit","v1","v2","ax","rhs","_endoWnafMulAdd","npoints","ncoeffs","fromJSON","pre","endoMul","JSON","obj2point","isInfinity","nx","ny","ys1","dyinv","mulAdd","jmulAdd","_precompute","negate","zinv","zinv2","ay","pz2","nz","jx","jy","jz","jz4","jyd","jx2","jyd2","jyd4","dny","_zeroDbl","_threeDbl","_dbl","yyyy","yyyy8","c8","gamma","alpha","beta4","beta8","ggamma8","jy2","jxd4","jyd8","trpl","zz","mm","ee","yyu4","kbase","pz3","eqXToP","zs","xc","normalize","diffAdd","da","cb","jumlAdd","EdwardsCurve","twisted","mOneA","oneC","_mulA","_mulC","lhs","pointFromY","_extDbl","nt","_projDbl","_extAdd","_projAdd","short","edwards","ft_1","sha1_K","SHA1","require$$4","Hmac","inner","outer","sha","hmac","PresetCurve","defineCurve","cofactor","HmacDRBG","predResist","minEntropy","_reseed","reseedInterval","entropyEnc","nonceEnc","pers","persEnc","_hmac","kmac","reseed","addEnc","KeyPair","_importPrivate","privEnc","_importPublic","pubEnc","fromPublic","fromPrivate","_importDER","recoveryParam","Position","place","getLength","initial","octetLen","rmPadding","constructLength","octets","slen","toDER","backHalf","EC","nh","drbg","ns2","_truncateToN","truncOnly","truncateMsg","bkey","ns1","iter","kp","kpX","canonical","_verify","sinv","recoverPubKey","isYOdd","isSecondKey","rInv","getKeyRecoveryParam","Qprime","_secret","isPoint","_pub","_pubBytes","fromSecret","encodePoint","lastIx","encodingLength","decodeInt","privBytes","getSecret","pubBytes","_R","_S","_Rencoded","Rencoded","_Sencoded","Sencoded","encodeInt","toBytes","EDDSA","pointClass","keyFromSecret","hashInt","messagePrefix","s_","makeSignature","SG","normed","xIsOdd","require$$5"],"mappings":";gQAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxBC,cACEC,QACAC,KAAKT,GAAsB,IAAIU,SAAQ,CAACC,EAASC,KAC/CH,KAAKP,GAAsBS,EAC3BF,KAAKN,GAAqBS,CAAM,IAElCH,KAAKT,GAAoBa,OAAM,UAuCnC,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAaV,MAAMW,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,EAETV,KAAKe,OAAST,CAChB,CAvDAV,EAAYoB,UAAUT,UAAY,WAIhC,YAH2BU,IAAvBjB,KAAKL,KACPK,KAAKL,GAAgB,GAEhB,CACLuB,KAAMC,gBACEnB,KAAKT,GACPS,KAAKL,KAAkBK,KAAKoB,OACvB,CAAEC,WAAOJ,EAAWK,MAAM,GAE5B,CAAED,MAAOrB,KAAKA,KAAKL,MAAkB2B,MAAM,IAGxD,EAEA1B,EAAYoB,UAAUO,UAAYJ,eAAeK,SACzCxB,KAAKT,GACX,MAAMkC,EAASD,EAAKxB,KAAK0B,MAAM1B,KAAKL,KAEpC,OADAK,KAAKoB,OAAS,EACPK,CACT,EAEA7B,EAAYoB,UAAUW,MAAQ,WAC5B,MAAMA,EAAQ,IAAI/B,EAIlB,OAHA+B,EAAMpC,GAAsBS,KAAKT,GAAoBqC,MAAK,KACxDD,EAAME,QAAQ7B,KAAK,IAEd2B,CACT,EAkCAlB,EAAOO,UAAUc,MAAQX,eAAeY,GACtC/B,KAAKe,OAAOc,KAAKE,EACnB,EAOAtB,EAAOO,UAAUgB,MAAQb,iBACvBnB,KAAKe,OAAOtB,IACd,EAOAgB,EAAOO,UAAUiB,MAAQd,eAAee,GAEtC,OADAlC,KAAKe,OAAOrB,GAAmBwC,GACxBA,CACT,EAOAzB,EAAOO,UAAUJ,YAAc,aCxG/B,MAAMuB,EAAuC,iBAAvBC,EAAWC,SACQ,iBAAhCD,EAAWC,QAAQC,SAEtBC,EAAqBJ,GAAUK,EAAkBC,SAOvD,SAASC,EAASpC,GAChB,OAAID,EAAcC,GACT,QAEL8B,EAAWO,gBAAkBP,EAAWO,eAAe3B,UAAU4B,cAActC,GAC1E,MAELuC,GAA0BA,EAAuB7B,UAAU4B,cAActC,GACpE,WAELiC,GAAsBA,EAAmBvB,UAAU4B,cAActC,GAC5D,UAELA,IAASA,EAAMC,YACV,UAGX,CAOA,SAASuC,EAAaxC,GACpB,OAAOyC,WAAW/B,UAAU4B,cAActC,EAC5C,CAOA,SAAS0C,EAAiBC,GACxB,GAAsB,IAAlBA,EAAO7B,OAAc,OAAO6B,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIF,EAAO7B,OAAQ+B,IAAK,CACtC,IAAKL,EAAaG,EAAOE,IACvB,MAAUC,MAAM,8DAGlBF,GAAeD,EAAOE,GAAG/B,OAG3B,MAAMK,EAAS,IAAIsB,WAAWG,GAC9B,IAAIG,EAAM,EAMV,OALAJ,EAAOK,SAAQ,SAAUC,GACvB9B,EAAO+B,IAAID,EAASF,GACpBA,GAAOE,EAAQnC,UAGVK,CACT,CC/DA,MAAMgC,EAAatB,GAAUK,EAAkBkB,OACzCnB,EAAqBJ,GAAUwB,EAAkBlB,SAOvD,IAAImB,EACAC,EAEJ,GAAItB,EAAoB,CAOtBqB,EAAY,SAASE,GACnB,IAAIC,GAAW,EACf,OAAO,IAAIlB,EAAuB,CAChCmB,MAAMC,GACJH,EAAWI,QACXJ,EAAWK,GAAG,QAAQpC,IAChBgC,IAGAN,EAAWW,SAASrC,KACtBA,EAAQ,IAAIgB,WAAWhB,EAAMsC,OAAQtC,EAAMuC,WAAYvC,EAAMwC,aAE/DN,EAAWO,QAAQzC,GACnB+B,EAAWI,QAAO,IAEpBJ,EAAWK,GAAG,OAAO,KACfJ,GAGJE,EAAWjC,OAAO,IAEpB8B,EAAWK,GAAG,SAASM,GAAKR,EAAWS,MAAMD,MAE/CE,OACEb,EAAWc,UAEbC,OAAO3C,GACL6B,GAAW,EACXD,EAAWgB,QAAQ5C,OAMzB,MAAM6C,UAAqBxC,EACzBzC,YAAYkF,EAAWC,GACrBlF,MAAMkF,GACNjF,KAAKkF,QAAUC,EAAkBH,GAGnC7D,YAAYiE,GACV,IACE,OAAa,CACX,MAAM9D,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkF,QAAQhE,OAC3C,GAAII,EAAM,CACRtB,KAAK6B,KAAK,MACV,MAEF,IAAK7B,KAAK6B,KAAKR,GACb,OAGJ,MAAOoD,GACPzE,KAAK8E,QAAQL,IAIjBtD,eAAeuD,EAAOW,GACpBrF,KAAKkF,QAAQL,OAAOH,GAAO9C,KAAKyD,EAAUA,IAU9CxB,EAAY,SAASmB,EAAWC,GAC9B,OAAO,IAAIF,EAAaC,EAAWC,GAGvC,CC1FA,MAAMK,EAAiB,IAAIC,QACrBC,EAAiBhG,OAAO,kBAS9B,SAASiG,EAAOnF,GAKd,GAJAN,KAAKe,OAAST,EACVA,EAAMkF,KACRxF,KAAKwF,GAAkBlF,EAAMkF,GAAgB9D,SAE3CgE,EAAsBpF,GAAQ,CAChC,MAAMqF,EAASrF,EAAMC,YAIrB,OAHAP,KAAK4F,MAAQD,EAAOzE,KAAK2E,KAAKF,GAC9B3F,KAAK8F,aAAe,YACpB9F,KAAK+F,QAAU5E,aAGjB,IAAI6E,EAAaC,EAAiB3F,GAIlC,GAHmB,SAAf0F,IACF1F,EAAQ4F,EAAkB5F,IAExB0F,EAAY,CACd,MAAML,EAASrF,EAAMC,YAOrB,OANAP,KAAK4F,MAAQD,EAAOzE,KAAK2E,KAAKF,GAC9B3F,KAAK8F,aAAe,KAClBH,EAAO9E,OAAOT,OAAM,eACpBuF,EAAO/E,aAAa,OAEtBZ,KAAK+F,QAAUJ,EAAOd,OAAOgB,KAAKF,IAGpC,IAAIQ,GAAc,EAClBnG,KAAK4F,MAAQzE,SACPgF,GAAeb,EAAec,IAAI9F,GAC7B,CAAEe,WAAOJ,EAAWK,MAAM,IAEnC6E,GAAc,EACP,CAAE9E,MAAOf,EAAOgB,MAAM,IAE/BtB,KAAK8F,aAAe,KAClB,GAAIK,EACF,IACEb,EAAee,IAAI/F,GACnB,MAAMmE,KAGd,CAOAgB,EAAOzE,UAAUE,KAAOC,iBACtB,GAAInB,KAAKwF,IAAmBxF,KAAKwF,GAAgBpE,OAAQ,CAEvD,MAAO,CAAEE,MAAM,EAAOD,MADRrB,KAAKwF,GAAgBc,SAGrC,OAAOtG,KAAK4F,OACd,EAKAH,EAAOzE,UAAUJ,YAAc,WACzBZ,KAAKwF,KACPxF,KAAKe,OAAOyE,GAAkBxF,KAAKwF,IAErCxF,KAAK8F,cACP,EAKAL,EAAOzE,UAAU6D,OAAS,SAAS3C,GACjC,OAAOlC,KAAK+F,QAAQ7D,EACtB,EAOAuD,EAAOzE,UAAUuF,SAAWpF,iBAC1B,IACIqF,EADAnC,EAAS,GAEb,MAAQmC,GAAW,CACjB,IAAIlF,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OAEjC,GADAG,GAAS,GACLC,EACF,OAAI+C,EAAOjD,OAAeqF,EAAepC,QACzC,EAEF,MAAMqC,EAAerF,EAAMsF,QAAQ,MAAQ,EACvCD,IACFF,EAAYC,EAAepC,EAAOuC,OAAOvF,EAAMwF,OAAO,EAAGH,KACzDrC,EAAS,IAEPqC,IAAiBrF,EAAMD,QACzBiD,EAAOxC,KAAKR,EAAMwF,OAAOH,IAI7B,OADA1G,KAAK8G,WAAWzC,GACTmC,CACT,EAOAf,EAAOzE,UAAU+F,SAAW5F,iBAC1B,MAAMG,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,OACV,MAAM0F,EAAO3F,EAAM,GAEnB,OADArB,KAAK8G,QAAQG,EAAc5F,EAAO,IAC3B2F,CACT,EAOAvB,EAAOzE,UAAUkG,UAAY/F,eAAeC,GAC1C,MAAMiD,EAAS,GACf,IAAI8C,EAAe,EACnB,OAAa,CACX,MAAM7F,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EACF,OAAI+C,EAAOjD,OAAeqF,EAAepC,QACzC,EAIF,GAFAA,EAAOxC,KAAKR,GACZ8F,GAAgB9F,EAAMD,OAClB+F,GAAgB/F,EAAQ,CAC1B,MAAMgG,EAAeX,EAAepC,GAEpC,OADArE,KAAK8G,QAAQG,EAAcG,EAAchG,IAClC6F,EAAcG,EAAc,EAAGhG,IAG5C,EAOAqE,EAAOzE,UAAUqG,UAAYlG,eAAeC,GAC1C,MAAMkG,QAActH,KAAKkH,UAAU9F,GAEnC,OADApB,KAAK8G,QAAQQ,GACNA,CACT,EAOA7B,EAAOzE,UAAU8F,QAAU,YAAYS,GAChCvH,KAAKwF,KACRxF,KAAKwF,GAAkB,IAGL,IAAlB+B,EAAOnG,QAAgB0B,EAAayE,EAAO,KAC3CvH,KAAKwF,GAAgBpE,QAAUmG,EAAO,GAAGnG,QACzCpB,KAAKwF,GAAgB,GAAGlB,YAAciD,EAAO,GAAGnG,OAEhDpB,KAAKwF,GAAgB,GAAK,IAAIzC,WAC5B/C,KAAKwF,GAAgB,GAAGnB,OACxBrE,KAAKwF,GAAgB,GAAGlB,WAAaiD,EAAO,GAAGnG,OAC/CpB,KAAKwF,GAAgB,GAAGjB,WAAagD,EAAO,GAAGnG,QAInDpB,KAAKwF,GAAgBsB,WAAWS,EAAOC,QAAOnG,GAASA,GAASA,EAAMD,SACxE,EAQAqE,EAAOzE,UAAUO,UAAYJ,eAAeK,EAAKiF,GAC/C,MAAMhF,EAAS,GACf,OAAa,CACX,MAAMH,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,MACVG,EAAOI,KAAKR,GAEd,OAAOG,EAAKC,EACd,ECnMA,IAEIgG,EAAoBC,GAFpB/E,eAAEA,EAAcgF,eAAEA,EAAcC,gBAAEA,GAAoBxF,EAI1DjB,eAAe0G,IACb,GAAID,EACF,OAGF,MAAOE,EAAUC,SAAiB9H,QAAQ+H,IAAI,CAC5C/H,gDACAA,oDAGC0C,iBAAgBgF,iBAAgBC,mBAAoBE,GAEvD,MAAMG,4BAAEA,GAAgCF,EAEpC3F,EAAWO,gBAAkBA,IAAmBP,EAAWO,iBAC7D8E,EAAqBQ,EAA4BtF,GACjD+E,EAAmBO,EAA4B7F,EAAWO,gBAE9D,CAEA,MAAMc,EAAatB,GAAUK,EAAkBkB,OAO/C,SAASwE,EAAS5H,GAChB,IAAI0F,EAAatD,EAASpC,GAC1B,MAAmB,SAAf0F,EACKpC,EAAUtD,GAEA,QAAf0F,GAAwByB,EACnBA,EAAmBnH,GAExB0F,EACK1F,EAEF,IAAIqC,EAAe,CACxBqB,MAAMC,GACJA,EAAWO,QAAQlE,GACnB2D,EAAWjC,UAGjB,CAOA,SAASmG,EAAc7H,GACrB,GAAIoC,EAASpC,GACX,OAAOA,EAET,MAAMS,EAAS,IAAInB,EAMnB,MALA,WACE,MAAMc,EAASC,EAAUI,SACnBL,EAAOoB,MAAMxB,SACbI,EAAOsB,OACd,EAJD,GAKOjB,CACT,CAQA,SAAS6F,EAAOwB,GACd,OAAIA,EAAKC,MAAKtH,GAAU2B,EAAS3B,KAAYV,EAAcU,KAoB7D,SAAsBqH,GACpBA,EAAOA,EAAKE,IAAIJ,GAChB,MAAMK,EAAYC,GAAoBrH,eAAee,SAC7CjC,QAAQ+H,IAAIS,EAAWH,KAAIvH,GAAU8D,EAAO9D,EAAQmB,SAE5D,IAAIwG,EAAOzI,QAAQC,UACnB,MAAMuI,EAAaL,EAAKE,KAAI,CAACvH,EAAQoC,IAAMwF,EAAc5H,GAAQ,CAAC6H,EAAUC,KAC1EH,EAAOA,EAAK9G,MAAK,IAAMkH,EAAKF,EAAUL,EAAUM,SAAU,CACxDE,aAAc5F,IAAMiF,EAAKhH,OAAS,MAE7BsH,OAET,OAAOH,EAAUK,QACnB,CAhCWI,CAAaZ,GAElBA,EAAKC,MAAKtH,GAAUV,EAAcU,KAqCxC,SAA2BqH,GACzB,MAAM3G,EAAS,IAAI7B,EACnB,IAAI8I,EAAOzI,QAAQC,UAOnB,OANAkI,EAAK9E,SAAQ,CAACvC,EAAQoC,KACpBuF,EAAOA,EAAK9G,MAAK,IAAMkH,EAAK/H,EAAQU,EAAQ,CAC1CsH,aAAc5F,IAAMiF,EAAKhH,OAAS,MAE7BsH,KAEFjH,CACT,CA9CWwH,CAAkBb,GAEJ,iBAAZA,EAAK,GACPA,EAAK5G,KAAK,IAEfiC,GAAcA,EAAWW,SAASgE,EAAK,IAClC3E,EAAWmD,OAAOwB,GAEpBpF,EAAiBoF,EAC1B,CA4CA,SAAS7H,EAAUD,GACjB,OAAO,IAAImF,EAAOnF,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CAUAa,eAAe2H,EAAKxI,EAAO4I,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAI1G,EAASpC,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4H,EAAS5H,GACjB,IACE,GAAIA,EAAMkF,GAAiB,CACzB,MAAM9E,EAASC,EAAUuI,GACzB,IAAK,IAAI/F,EAAI,EAAGA,EAAI7C,EAAMkF,GAAgBpE,OAAQ+B,UAC1CzC,EAAO2I,YACP3I,EAAOoB,MAAMxB,EAAMkF,GAAgBrC,IAE3CzC,EAAOE,oBAEHN,EAAMgJ,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,kBAEF,MAAM3E,IACR,OAGF,MAAMkB,EAASpF,EADfD,EAAQ6H,EAAc7H,IAEhBI,EAASC,EAAUuI,GACzB,IACE,OAAa,OACLxI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACHyH,SAAoBrI,EAAOsB,QAChC,YAEItB,EAAOoB,MAAMT,IAErB,MAAOoD,GACF0E,SAAoBzI,EAAOuB,MAAMwC,WAEtCkB,EAAO/E,cACPF,EAAOE,cAEX,CAQA,SAAS2I,EAAajJ,EAAO2E,GAC3B,MAAMuE,EAAkB,IAAI5B,EAAgB3C,GAE5C,OADA6D,EAAKxI,EAAOkJ,EAAgBX,UACrBW,EAAgBZ,QACzB,CAOA,SAASJ,EAAoBiB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLlB,SAAU,IAAIjG,EAAe,CAC3BqB,MAAMC,GACJ2F,EAAmB3F,GAErBU,OACM+E,EACFA,IAEAG,GAAS,GAGb1I,aAAae,GACX4H,GAAY,EACRL,SACIA,EAAavH,GAEjByH,GACFA,EAAgCzH,KAGnC,CAAC6H,cAAe,IACnBlB,SAAU,IAAIlB,EAAe,CAC3B7F,MAAOX,eAAeY,GACpB,GAAI+H,EACF,MAAU1G,MAAM,uBAElBwG,EAAiBpF,QAAQzC,GACpB8H,EAQHA,GAAS,SAPH,IAAI5J,SAAQ,CAACC,EAASC,KAC1BuJ,EAAmCxJ,EACnCyJ,EAAkCxJ,CAAM,IAE1CuJ,EAAmC,KACnCC,EAAkC,OAKtC3H,MAAO4H,EAAiB5H,MAAM6D,KAAK+D,GACnC3H,MAAO2H,EAAiBlF,MAAMmB,KAAK+D,KAGzC,CASA,SAASrB,EAAUjI,EAAO+B,EAAU,MAAe,GAAE2H,EAAS,MAAe,IAC3E,GAAI3J,EAAcC,GAAQ,CACxB,MAAM2J,EAAS,IAAIrK,EAgBnB,MAfA,WACE,MAAMc,EAASC,EAAUsJ,GACzB,IACE,MAAMC,QAAa3I,EAAUjB,GACvB6J,EAAU9H,EAAQ6H,GAClBE,EAAUJ,IAChB,IAAIvI,EACgDA,OAApCR,IAAZkJ,QAAqClJ,IAAZmJ,EAAgCxD,EAAO,CAACuD,EAASC,SACpDnJ,IAAZkJ,EAAwBA,EAAUC,QAC1C1J,EAAOoB,MAAML,SACbf,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,GAEtB,EAdD,GAeOwF,EAET,GAAIvH,EAASpC,GACX,OAAOiJ,EAAajJ,EAAO,CACzBa,gBAAgBE,EAAO4C,GACrB,IACE,MAAMxC,QAAeY,EAAQhB,QACdJ,IAAXQ,GAAsBwC,EAAWO,QAAQ/C,GAC7C,MAAMgD,GACNR,EAAWS,MAAMD,KAGrBtD,YAAY8C,GACV,IACE,MAAMxC,QAAeuI,SACN/I,IAAXQ,GAAsBwC,EAAWO,QAAQ/C,GAC7C,MAAMgD,GACNR,EAAWS,MAAMD,OAKzB,MAAM0F,EAAU9H,EAAQ/B,GAClB8J,EAAUJ,IAChB,YAAgB/I,IAAZkJ,QAAqClJ,IAAZmJ,EAA8BxD,EAAO,CAACuD,EAASC,SACzDnJ,IAAZkJ,EAAwBA,EAAUC,CAC3C,CAWA,SAASzB,EAAcrI,EAAO+J,GAC5B,GAAI3H,EAASpC,KAAWD,EAAcC,GAAQ,CAC5C,IAAIgK,EACJ,MAAMC,EAAW,IAAI3C,EAAgB,CACnC5D,MAAMC,GACJqG,EAA8BrG,KAI5BuG,EAAkB1B,EAAKxI,EAAOiK,EAAS1B,UAEvC4B,EAAWjC,GAAoBrH,eAAee,GAClDoI,EAA4B5F,MAAMxC,SAC5BsI,QACA,IAAIvK,QAAQyK,eAGpB,OADAL,EAAGE,EAAS3B,SAAU6B,EAAS5B,UACxB4B,EAAS7B,SAElBtI,EAAQ6H,EAAc7H,GACtB,MAAM2J,EAAS,IAAIrK,EAEnB,OADAyK,EAAG/J,EAAO2J,GACHA,CACT,CAWA,SAASU,EAAMrK,EAAO+J,GACpB,IAAIO,EACJ,MAAMC,EAAclC,EAAcrI,GAAO,CAACsI,EAAUC,KAClD,MAAMlD,EAASpF,EAAUqI,GACzBjD,EAAOmF,UAAY,KACjBnF,EAAO/E,cACPkI,EAAKF,EAAUC,GACRgC,GAETD,EAAcP,EAAG1E,EAAO,IAE1B,OAAOiF,CACT,CA4BA,SAASjJ,EAAMrB,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqB,QAEf,GAAIe,EAASpC,GAAQ,CACnB,MAAMyK,EAxBV,SAAazK,GACX,GAAID,EAAcC,GAChB,MAAU8C,MAAM,qDAElB,GAAIV,EAASpC,GAAQ,CACnB,MAAMyK,EAAO7C,EAAS5H,GAAO0K,MAE7B,OADAD,EAAK,GAAGvF,GAAkBuF,EAAK,GAAGvF,GAAkBlF,EAAMkF,GACnDuF,EAET,MAAO,CAACrJ,EAAMpB,GAAQoB,EAAMpB,GAC9B,CAciB0K,CAAI1K,GAEjB,OADA2K,EAAU3K,EAAOyK,EAAK,IACfA,EAAK,GAEd,OAAOrJ,EAAMpB,EACf,CAUA,SAAS4K,EAAa5K,GACpB,OAAID,EAAcC,GACTqB,EAAMrB,GAEXoC,EAASpC,GACJ,IAAIqC,EAAe,CACxBqB,MAAMC,GACJ,MAAM4G,EAAclC,EAAcrI,GAAOa,MAAOyH,EAAUC,KACxD,MAAMlD,EAASpF,EAAUqI,GACnBlI,EAASC,EAAUkI,GACzB,IACE,OAAa,OACLnI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACR,IAAM2C,EAAWjC,QAAW,MAAMyC,IAElC,kBADM/D,EAAOsB,QAGf,IAAMiC,EAAWO,QAAQnD,GAAU,MAAMoD,UACnC/D,EAAOoB,MAAMT,IAErB,MAAMoD,GACNR,EAAWS,MAAMD,SACX/D,EAAOuB,MAAMwC,OAGvBwG,EAAU3K,EAAOuK,MAIhBnJ,EAAMpB,EACf,CAQA,SAAS2K,EAAU3K,EAAOqB,GAExBwJ,OAAOC,QAAQD,OAAOE,0BAA0B/K,EAAMR,YAAYkB,YAAYsC,SAAQ,EAAEgI,EAAMC,MAC/E,gBAATD,IAGAC,EAAWlK,MACbkK,EAAWlK,MAAQkK,EAAWlK,MAAMwE,KAAKlE,GAEzC4J,EAAWC,IAAMD,EAAWC,IAAI3F,KAAKlE,GAEvCwJ,OAAOM,eAAenL,EAAOgL,EAAMC,GAAW,GAElD,CAOA,SAAS7J,EAAMpB,EAAOoL,EAAM,EAAGC,EAAIC,KACjC,GAAIvL,EAAcC,GAChB,MAAU8C,MAAM,mBAElB,GAAIV,EAASpC,GAAQ,CACnB,GAAIoL,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAOtC,EAAajJ,EAAO,CACzBiI,UAAUlH,EAAO4C,GACX4H,EAAYF,GACVE,EAAYxK,EAAMD,QAAUsK,GAC9BzH,EAAWO,QAAQ9C,EAAML,EAAOyK,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAaxK,EAAMD,QAEnB6C,EAAW+H,eAKnB,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAO1D,EAAUjI,GAAOe,IAClBA,EAAMD,SAAWsK,EAAOO,EAAY,CAAC5K,GACpC4K,EAAUpK,KAAKR,EAAM,IACzB,IAAMK,EAAMkF,EAAOqF,GAAYP,EAAOC,KAE3C,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAO1D,EAAUjI,GAAOe,IACtB,MAAMuJ,EAAcqB,EAAYrF,EAAO,CAACqF,EAAW5K,IAAUA,EAC7D,GAAIuJ,EAAYxJ,SAAWuK,EAEzB,OADAM,EAAYvK,EAAMkJ,EAAae,GACxBjK,EAAMkJ,EAAac,EAAOC,GAEjCM,EAAYrB,KAKlB,OADAsB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUjL,SAAYO,QAAYH,EAAUjB,GAAQoL,EAAOC,KAKpE,OAHIrL,EAAMkF,KACRlF,EAAQsG,EAAOtG,EAAMkF,GAAgBoB,OAAO,CAACtG,OAE3CwC,EAAaxC,IAAYmD,GAAcA,EAAWW,SAAS9D,GAIxDA,EAAMoB,MAAMgK,EAAOC,IAHpBA,IAAQC,MAAUD,EAAMrL,EAAMc,QAC3Bd,EAAM+L,SAASX,EAAOC,GAGjC,CASAxK,eAAeI,EAAUjB,EAAOkB,EAAKoF,GACnC,OAAIvG,EAAcC,GACTA,EAAMiB,UAAUC,GAErBkB,EAASpC,GACJC,EAAUD,GAAOiB,UAAUC,GAE7BlB,CACT,CASAa,eAAe0D,EAAOvE,EAAO4B,GAC3B,GAAIQ,EAASpC,GAAQ,CACnB,GAAIA,EAAMuE,OACR,OAAOvE,EAAMuE,OAAO3C,GAEtB,GAAI5B,EAAMwE,QAGR,OAFAxE,EAAMwE,QAAQ5C,SACR,IAAIjC,QAAQyK,YACXxI,EAGb,CAOA,SAASkK,EAAU/B,GACjB,MAAMiC,EAAc,IAAI1M,EAUxB,MATA,WACE,MAAMc,EAASC,EAAU2L,GACzB,UACQ5L,EAAOoB,YAAYuI,WACnB3J,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,GAEtB,EARD,GASO6H,CACT,CCjkBe,MAAMC,EAMnBzM,YAAY0M,GACV,QAAUvL,IAANuL,EACF,MAAUpJ,MAAM,4BAGlB,GAAIoJ,aAAazJ,WAAY,CAC3B,MAAMuE,EAAQkF,EACRC,EAAU5M,MAAMyH,EAAMlG,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAImE,EAAMlG,OAAQ+B,IAAK,CACrC,MAAMuJ,EAAUpF,EAAMnE,GAAGwJ,SAAS,IAClCF,EAAItJ,GAAMmE,EAAMnE,IAAM,GAAQ,IAAMuJ,EAAWA,EAEjD1M,KAAKqB,MAAQuL,OAAO,MAAQH,EAAIjL,KAAK,UAErCxB,KAAKqB,MAAQuL,OAAOJ,GAIxB7K,QACE,OAAO,IAAI4K,EAAWvM,KAAKqB,OAM7BwL,OAEE,OADA7M,KAAKqB,QACErB,KAOT8M,MACE,OAAO9M,KAAK2B,QAAQkL,OAMtBE,OAEE,OADA/M,KAAKqB,QACErB,KAOTgN,MACE,OAAOhN,KAAK2B,QAAQoL,OAOtBE,KAAKC,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQTqG,IAAI6G,GACF,OAAOlN,KAAK2B,QAAQsL,KAAKC,GAO3BC,KAAKD,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQToN,IAAIF,GACF,OAAOlN,KAAK2B,QAAQwL,KAAKD,GAO3BG,KAAKH,GAEH,OADAlN,KAAKqB,OAAS6L,EAAE7L,MACTrB,KAQTsN,IAAIJ,GACF,OAAOlN,KAAK2B,QAAQ0L,KAAKH,GAO3BK,KAAKC,GAKH,OAJAxN,KAAKqB,OAASmM,EAAEnM,MACZrB,KAAKyN,cACPzN,KAAKiN,KAAKO,GAELxN,KAQT0N,IAAIF,GACF,OAAOxN,KAAK2B,QAAQ4L,KAAKC,GAS3BG,OAAOlJ,EAAG+H,GACR,GAAIA,EAAEoB,SAAU,MAAMxK,MAAM,yBAC5B,GAAIoJ,EAAEqB,QAAS,OAAO,IAAItB,EAAW,GACrC,GAAI9H,EAAEgJ,aAAc,MAAMrK,MAAM,iCAEhC,IAAI0K,EAAMrJ,EAAEpD,MACR6L,EAAIlN,KAAKqB,MAEb6L,GAAKV,EAAEnL,MACP,IAAI0M,EAAInB,OAAO,GACf,KAAOkB,EAAMlB,OAAO,IAAI,CACtB,MAAMoB,EAAMF,EAAMlB,OAAO,GACzBkB,IAAQlB,OAAO,GAEf,MAAMqB,EAAMF,EAAIb,EAAKV,EAAEnL,MAEvB0M,EAAIC,EAAMC,EAAKF,EACfb,EAAKA,EAAIA,EAAKV,EAAEnL,MAElB,OAAO,IAAIkL,EAAWwB,GAWxBG,OAAO1B,GACL,MAAM2B,IAAEA,EAAGjB,EAAEA,GAAMlN,KAAKoO,MAAM5B,GAC9B,IAAK2B,EAAIN,QACP,MAAUzK,MAAM,0BAElB,OAAO8J,EAAE7G,IAAImG,GAAGkB,IAAIlB,GAStB4B,MAAMC,GACJ,IAAInB,EAAIN,OAAO,GACX0B,EAAI1B,OAAO,GACX2B,EAAQ3B,OAAO,GACf4B,EAAQ5B,OAAO,GAEf6B,EAAIzO,KAAKqB,MAGb,IAFAgN,EAAIA,EAAEhN,MAECgN,IAAMzB,OAAO,IAAI,CACtB,MAAM8B,EAAID,EAAIJ,EACd,IAAIM,EAAMzB,EACVA,EAAIqB,EAAQG,EAAIxB,EAChBqB,EAAQI,EAERA,EAAML,EACNA,EAAIE,EAAQE,EAAIJ,EAChBE,EAAQG,EAERA,EAAMN,EACNA,EAAII,EAAIJ,EACRI,EAAIE,EAGN,MAAO,CACLzB,EAAG,IAAIX,EAAWgC,GAClBD,EAAG,IAAI/B,EAAWiC,GAClBL,IAAK,IAAI5B,EAAWkC,IASxBN,IAAIE,GACF,IAAII,EAAIzO,KAAKqB,MAEb,IADAgN,EAAIA,EAAEhN,MACCgN,IAAMzB,OAAO,IAAI,CACtB,MAAM+B,EAAMN,EACZA,EAAII,EAAIJ,EACRI,EAAIE,EAEN,OAAO,IAAIpC,EAAWkC,GAOxBG,WAAW1B,GAET,OADAlN,KAAKqB,QAAU6L,EAAE7L,MACVrB,KAQT6O,UAAU3B,GACR,OAAOlN,KAAK2B,QAAQiN,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADAlN,KAAKqB,QAAU6L,EAAE7L,MACVrB,KAQT+O,WAAW7B,GACT,OAAOlN,KAAK2B,QAAQmN,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAOlN,KAAKqB,QAAU6L,EAAE7L,MAQ1B4N,GAAG/B,GACD,OAAOlN,KAAKqB,MAAQ6L,EAAE7L,MAQxB6N,IAAIhC,GACF,OAAOlN,KAAKqB,OAAS6L,EAAE7L,MAQzB8N,GAAGjC,GACD,OAAOlN,KAAKqB,MAAQ6L,EAAE7L,MAQxB+N,IAAIlC,GACF,OAAOlN,KAAKqB,OAAS6L,EAAE7L,MAGzBuM,SACE,OAAO5N,KAAKqB,QAAUuL,OAAO,GAG/BiB,QACE,OAAO7N,KAAKqB,QAAUuL,OAAO,GAG/Ba,aACE,OAAOzN,KAAKqB,MAAQuL,OAAO,GAG7ByC,SACE,QAASrP,KAAKqB,MAAQuL,OAAO,IAG/B0C,MACE,MAAMC,EAAMvP,KAAK2B,QAIjB,OAHI3B,KAAKyN,eACP8B,EAAIlO,OAASkO,EAAIlO,OAEZkO,EAOT5C,WACE,OAAO3M,KAAKqB,MAAMsL,WAQpB6C,WACE,MAAMC,EAASC,OAAO1P,KAAKqB,OAC3B,GAAIoO,EAASC,OAAOC,iBAElB,MAAUvM,MAAM,8CAElB,OAAOqM,EAQTG,OAAOzM,GAEL,OADanD,KAAKqB,OAASuL,OAAOzJ,GAAMyJ,OAAO,MAC/BA,OAAO,GAAM,EAAI,EAOnCiD,YACE,MAAMC,EAAO,IAAIvD,EAAW,GACtBwD,EAAM,IAAIxD,EAAW,GACrByD,EAAS,IAAIzD,GAAY,GAIzBrD,EAASlJ,KAAKyN,aAAeuC,EAASF,EAC5C,IAAIG,EAAS,EACb,MAAMtB,EAAM3O,KAAK2B,QACjB,MAAQgN,EAAIG,YAAYiB,GAAKf,MAAM9F,IACjC+G,IAEF,OAAOA,EAOT1L,aACE,MAAMuL,EAAO,IAAIvD,EAAW,GACtByD,EAAS,IAAIzD,GAAY,GAEzBrD,EAASlJ,KAAKyN,aAAeuC,EAASF,EACtCI,EAAQ,IAAI3D,EAAW,GAC7B,IAAI4D,EAAM,EACV,MAAMxB,EAAM3O,KAAK2B,QACjB,MAAQgN,EAAIG,YAAYoB,GAAOlB,MAAM9F,IACnCiH,IAEF,OAAOA,EASTC,aAAaC,EAAS,KAAMjP,GAG1B,IAAIqL,EAAMzM,KAAKqB,MAAMsL,SAAS,IAC1BF,EAAIrL,OAAS,GAAM,IACrBqL,EAAM,IAAMA,GAGd,MAAM6D,EAAY7D,EAAIrL,OAAS,EACzBkG,EAAQ,IAAIvE,WAAW3B,GAAUkP,GAEjCC,EAASnP,EAAUA,EAASkP,EAAa,EAC/C,IAAInN,EAAI,EACR,KAAOA,EAAImN,GACThJ,EAAMnE,EAAIoN,GAAUC,SAAS/D,EAAI/K,MAAM,EAAIyB,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXkN,GACF/I,EAAMmJ,UAGDnJ,GChcX,MAAMoJ,EAAe,IAAwB,oBAAX9D,OCElC,MAAM+D,GAAUnR,OAAO,WAEvB,OAAe,CAOboR,MAAO,CAELC,KAAuB,OACvB,QAAuB,OACvBC,UAAuB,OACvBC,WAAuB,OACvB,sBAAuB,OACvB,mBAAuB,OACvB,mBAAuB,OAGvBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,UAAgB,YAChB,eAAgB,YAChB,aAAgB,YAChB,aAAgB,YAGhBC,cAA0B,UAC1BC,QAA0B,UAE1BC,QAA0B,UAC1BC,QAA0B,UAC1B,yBAA0B,UAC1B,qBAA0B,UAC1B,qBAA0B,UAG1BC,iBAA0B,aAC1BC,OAA0B,aAC1BC,QAA0B,aAE1BC,WAA0B,aAC1BC,WAA0B,aAC1B,yBAA0B,aAC1B,uBAA0B,aAC1B,uBAA0B,aAG1BC,gBAAyB,kBACzB,uBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbzB,cAAe,GAEf0B,MAAO,GAEPC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAEN5B,QAAS,GAET6B,MAAO,IAOTC,UAAW,CACTC,UAAW,EAEXC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,IAOVC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXhD,UAAW,EACXiD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,IAOrBC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRpB,UAAW,CAETiB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,OAAQ,GACRC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,IAO3BP,SAAU,CAERQ,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTrH,UAAW,EACXsH,WAAY,EACZzE,UAAW,GAObuD,oBAAqB,CAEnBmB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBtB,SAAU,CAERuB,sBAAuB,EAGvBrF,KAAM,EAGNsF,OAAQ,GAUVrY,MAAO,SAASsY,EAAM3V,GAKpB,GAJiB,iBAANA,IACTA,EAAIzE,KAAKkB,KAAKkZ,EAAM3V,SAGNxD,IAAZmZ,EAAK3V,GACP,OAAO2V,EAAK3V,GAGd,MAAUrB,MAAM,wBAUlBlC,KAAM,SAASkZ,EAAM3V,GAQnB,GAPK2V,EAAKzJ,MACRyJ,EAAKzJ,IAAW,GAChBxF,OAAOC,QAAQgP,GAAM9W,SAAQ,EAAE0T,EAAK3V,MAClC+Y,EAAKzJ,IAAStP,GAAS2V,CAAG,UAIL/V,IAArBmZ,EAAKzJ,IAASlM,GAChB,OAAO2V,EAAKzJ,IAASlM,GAGvB,MAAUrB,MAAM,yBC3dpB,MAAMiX,GAAY,MAChB,IACE,MAAgC,gBAAzBhY,QAAQiY,IAAIC,SACnB,MAAO9V,IACT,OAAO,CACR,EALiB,GAOZ+V,GAAO,CACXC,SAAU,SAASvQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBwQ,QAGrDla,QAAS,SAAS0J,GAChB,OAAOA,aAAgBrK,OAGzBiD,aAAc6X,EAEdjY,SAAUkY,EAEVC,WAAY,SAAUvT,GACpB,IAAIkF,EAAI,EACR,IAAK,IAAIrJ,EAAI,EAAGA,EAAImE,EAAMlG,OAAQ+B,IAChCqJ,GAAM,KAAOrJ,EAAKmE,EAAMA,EAAMlG,OAAS,EAAI+B,GAE7C,OAAOqJ,GAGTsO,YAAa,SAAUtO,EAAGlF,GACxB,MAAM+G,EAAI,IAAItL,WAAWuE,GACzB,IAAK,IAAInE,EAAI,EAAGA,EAAImE,EAAOnE,IACzBkL,EAAElL,GAAMqJ,GAAM,GAAKlF,EAAQnE,EAAI,GAAO,IAGxC,OAAOkL,GAGT0M,SAAU,SAAUzT,GAClB,MAAMkF,EAAIgO,GAAKK,WAAWvT,GAE1B,OADU,IAAI0T,KAAS,IAAJxO,IAIrByO,UAAW,SAAUC,GACnB,MAAMC,EAAUrP,KAAKsP,MAAMF,EAAKG,UAAY,KAE5C,OAAOb,GAAKM,YAAYK,EAAS,IAGnCG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAStP,IAAWsP,EAAO,IAAIF,KAAgC,IAA3BlP,KAAKsP,OAAOF,EAAO,OAQjFM,QAAS,SAAUlU,GACjB,MACMmU,GADQnU,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAC/B,OAAOA,EAAM+E,SAAS,EAAG,EAAIoP,IAS/BC,QAAQpU,EAAOlG,GACb,MAAMua,EAAS,IAAI5Y,WAAW3B,GACxBmP,EAASnP,EAASkG,EAAMlG,OAE9B,OADAua,EAAOnY,IAAI8D,EAAOiJ,GACXoL,GAQTC,gBAAiB,SAAUC,GACzB,MAAMC,EAAUtB,GAAKuB,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAU1Y,MAAM,YAElB,MAAM4Y,EAAWH,EAAIxP,SAASwP,EAAIza,OAAS0K,KAAKmQ,KAAKH,EAAU,IACzDI,EAAS,IAAInZ,WAAW,EAAY,MAAV+Y,IAAqB,EAAa,IAAVA,IACxD,OAAOtB,GAAKxX,iBAAiB,CAACkZ,EAAQF,KAQxCD,oBAAqB,SAAUF,GAC7B,IAAI1Y,EACJ,IAAKA,EAAI,EAAGA,EAAI0Y,EAAIza,QAA4B,IAAXya,EAAI1Y,GAAbA,KAC5B,GAAIA,IAAM0Y,EAAIza,OACZ,OAAO,EAET,MAAM4a,EAAWH,EAAIxP,SAASlJ,GAC9B,OAA+B,GAAvB6Y,EAAS5a,OAAS,GAASoZ,GAAK2B,MAAMH,EAAS,KAQzDI,gBAAiB,SAAU3P,GACzB,MAAMhL,EAAS,IAAIsB,WAAW0J,EAAIrL,QAAU,GAC5C,IAAK,IAAIib,EAAI,EAAGA,EAAI5P,EAAIrL,QAAU,EAAGib,IACnC5a,EAAO4a,GAAK7L,SAAS/D,EAAI5F,OAAOwV,GAAK,EAAG,GAAI,IAE9C,OAAO5a,GAQT6a,gBAAiB,SAAUhV,GACzB,MAAMyG,EAAI,GACJtJ,EAAI6C,EAAMlG,OAChB,IACImb,EADAC,EAAI,EAER,KAAOA,EAAI/X,GAAG,CAEZ,IADA8X,EAAIjV,EAAMkV,KAAK7P,SAAS,IACjB4P,EAAEnb,OAAS,GAChBmb,EAAI,IAAMA,EAEZxO,EAAElM,KAAK,GAAK0a,GAEd,OAAOxO,EAAEvM,KAAK,KAQhBib,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlC,GAAKC,SAASiC,GACjB,MAAUtZ,MAAM,4DAGlB,MAAM3B,EAAS,IAAIsB,WAAW2Z,EAAItb,QAClC,IAAK,IAAI+B,EAAI,EAAGA,EAAIuZ,EAAItb,OAAQ+B,IAC9B1B,EAAO0B,GAAKuZ,EAAIE,WAAWzZ,GAE7B,OAAO1B,CAAM,KASjBob,mBAAoB,SAAUvV,GAE5B,MAAM7F,EAAS,GACTqb,EAAK,MACLC,GAHNzV,EAAQ,IAAIvE,WAAWuE,IAGPlG,OAEhB,IAAK,IAAI+B,EAAI,EAAGA,EAAI4Z,EAAG5Z,GAAK2Z,EAC1Brb,EAAOI,KAAK6Y,OAAOsC,aAAaC,MAAMvC,OAAQpT,EAAM+E,SAASlJ,EAAGA,EAAI2Z,EAAKC,EAAI5Z,EAAI2Z,EAAKC,KAExF,OAAOtb,EAAOD,KAAK,KAQrB0b,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAS/a,EAAQhB,EAAOgc,GAAY,GAClC,OAAOF,EAAQG,OAAOjc,EAAO,CAAEN,QAASsc,IAE1C,OAAOV,EAAiBD,EAAKra,GAAS,IAAMA,EAAQ,IAAI,MAQ1Dkb,WAAY,SAAUjH,GACpB,MAAMkH,EAAU,IAAIC,YAAY,SAEhC,SAASpb,EAAQhB,EAAOgc,GAAY,GAClC,OAAOG,EAAQE,OAAOrc,EAAO,CAAEN,QAASsc,IAE1C,OAAOV,EAAiBrG,EAAMjU,GAAS,IAAMA,EAAQ,IAAIU,YAAc,MASzE6D,OAAQ+W,EAOR3a,iBAAkB4a,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvD,GAAK1X,aAAagb,KAAYtD,GAAK1X,aAAaib,GACnD,MAAU3a,MAAM,4CAGlB,GAAI0a,EAAO1c,SAAW2c,EAAO3c,OAC3B,OAAO,EAGT,IAAK,IAAI+B,EAAI,EAAGA,EAAI2a,EAAO1c,OAAQ+B,IACjC,GAAI2a,EAAO3a,KAAO4a,EAAO5a,GACvB,OAAO,EAGX,OAAO,GAST6a,cAAe,SAAU3H,GACvB,IAAI4H,EAAI,EACR,IAAK,IAAI9a,EAAI,EAAGA,EAAIkT,EAAKjV,OAAQ+B,IAC/B8a,EAAKA,EAAI5H,EAAKlT,GAAM,MAEtB,OAAOqX,GAAKM,YAAYmD,EAAG,IAQ7BC,WAAY,SAAUxB,GAChBrC,IACFnO,QAAQiS,IAAI,qBAAsBzB,IAStC0B,gBAAiB,SAAU1Z,GACrB2V,IACFnO,QAAQxH,MAAM,qBAAsBA,IAKxCyX,MAAO,SAAUjP,GACf,IAAIa,EAAI,EACJsQ,EAAInR,IAAM,GAyBd,OAxBU,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,IAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEAA,GAYTuQ,OAAQ,SAASpU,GACf,MAAMqU,EAAY,IAAIxb,WAAWmH,EAAK9I,QAChCod,EAAOtU,EAAK9I,OAAS,EAC3B,IAAK,IAAI+B,EAAI,EAAGA,EAAIqb,EAAMrb,IACxBob,EAAUpb,GAAM+G,EAAK/G,IAAM,EAAM+G,EAAK/G,EAAI,IAAM,EAGlD,OADAob,EAAUC,GAAStU,EAAKsU,IAAS,EAAuB,KAAhBtU,EAAK,IAAM,GAC5CqU,GAUTE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIxb,EAAIub,EAAMtd,OAAS,EAAG+B,GAAK,EAAGA,IACrCub,EAAMvb,KAAOwb,EACTxb,EAAI,IACNub,EAAMvb,IAAOub,EAAMvb,EAAI,IAAO,EAAIwb,GAIxC,OAAOD,GAOTE,aAAc,WACZ,YAA6B,IAAfxc,GAA8BA,EAAWyc,QAAUzc,EAAWyc,OAAOC,QAUrFC,cFnYF5d,iBACE,GAAIuP,IACF,OAAOnE,EACF,CACL,MAAQyS,QAASzS,SAAqBtM,gDACtC,OAAOsM,EAEX,EEkYE0S,cAAe,WACb,OAAOzc,GAGT0c,YAAa,WACX,OAAOvb,GAQTwb,cAAe,WACb,OAAQC,GAAqB,IAAI1b,QAGnC2b,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADWC,EACDC,OAAOre,QAGnBse,eAAgB,SAASxV,GACvB,IAAKsQ,GAAKC,SAASvQ,GACjB,OAAO,EAGT,MADW,mLACDyV,KAAKzV,IAOjB0V,gBAAiB,SAAS1V,GAGxB,IAAI2V,GAAc,EAElB,OAAOlD,EAAiBzS,GAAM5C,IAY5B,IAAIwY,EAXAD,IACFvY,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CuE,KAN9C,KASLA,EAAMA,EAAMlG,OAAS,IACvBye,GAAc,EACdvY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BwT,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAI5c,EAAI,EACX2c,EAAQxY,EAAMX,QAlBP,GAkBmBxD,GAAK,EAC3B2c,EAFY3c,EAAI2c,EAlBb,KAqBDxY,EAAMwY,EAAQ,IAAWC,EAAQle,KAAKie,GAK9C,IAAKC,EAAQ3e,OACX,OAAOkG,EAGT,MAAM0Y,EAAa,IAAIjd,WAAWuE,EAAMlG,OAAS2e,EAAQ3e,QACzD,IAAI2b,EAAI,EACR,IAAK,IAAI5Z,EAAI,EAAGA,EAAI4c,EAAQ3e,OAAQ+B,IAAK,CACvC,MAAMiK,EAAM9F,EAAM+E,SAAS0T,EAAQ5c,EAAI,IAAM,EAAG4c,EAAQ5c,IACxD6c,EAAWxc,IAAI4J,EAAK2P,GACpBA,GAAK3P,EAAIhM,OACT4e,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,IAGF,OADAiD,EAAWxc,IAAI8D,EAAM+E,SAAS0T,EAAQA,EAAQ3e,OAAS,IAAM,GAAI2b,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAI9c,WAAW,CA1C5B,UA0CoC9B,KAOjDgf,UAAW,SAAS/V,GAGlB,IAAI2V,GAAc,EAElB,OAAOlD,EAAiBzS,GAAM5C,IAc5B,IAAIwY,EAlBK,MAMPxY,EADEuY,GAJK,KAIUvY,EAAM,GACfkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CuE,IAE7C,IAAIvE,WAAWuE,IAGfA,EAAMlG,OAAS,IACvBye,GAAc,EACdvY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BwT,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAI5Z,EAAI,EAAGA,IAAMmE,EAAMlG,OAAQ+B,EAAI2c,EAAO,CAC7CA,EAAQxY,EAAMX,QArBP,GAqBmBxD,GAAK,EAC1B2c,IAAOA,EAAQxY,EAAMlG,QAC1B,MAAMod,EAAOsB,GAtBN,KAsBexY,EAAMwY,GAAgB,EAAI,GAC5C3c,GAAGmE,EAAM4Y,WAAWnD,EAAG5Z,EAAGqb,GAC9BzB,GAAKyB,EAAOrb,EAEd,OAAOmE,EAAM+E,SAAS,EAAG0Q,EAAE,IAC1B,IAAO8C,EAAc,IAAI9c,WAAW,CA5B5B,UA4BoC9B,KAMjDkf,qBAAsB,SAAS9J,GAC7B,OAAOA,EAAK+J,MAAM,MAAM9X,KAAI+X,IAC1B,IAAIld,EAAIkd,EAAKjf,OAAS,EACtB,KAAO+B,GAAK,IAAkB,MAAZkd,EAAKld,IAA0B,OAAZkd,EAAKld,IAA2B,OAAZkd,EAAKld,IAAcA,KAC5E,OAAOkd,EAAKxZ,OAAO,EAAG1D,EAAI,EAAE,IAC3B3B,KAAK,OAGV8e,UAAW,SAAS3G,EAASjV,GAC3B,IAAKA,EACH,OAAWtB,MAAMuW,GAInB,IACEjV,EAAMiV,QAAUA,EAAU,KAAOjV,EAAMiV,QACvC,MAAOlV,IAET,OAAOC,GAST6b,wBAAyB,SAASC,GAChC,MAAMlY,EAAM,GAOZ,OANAkY,EAAeld,SAAQmd,IACrB,IAAKA,EAAYC,IACf,MAAUtd,MAAM,0CAElBkF,EAAImY,EAAYC,KAAOD,CAAW,IAE7BnY,GAWTqY,WAAY,SAASC,GAEnB,OAAO,IAAI3gB,SAAQkB,MAAOjB,EAASC,KACjC,IAAI0gB,QACE5gB,QAAQ+H,IAAI4Y,EAAStY,KAAInH,UAC7B,IACEjB,QAAc4gB,GACd,MAAOrc,GACPoc,EAAYpc,OAGhBtE,EAAO0gB,EAAU,KAWrBE,iBAAkB,SAASC,EAAMvS,EAAGJ,GAClC,MAAMjN,EAAS0K,KAAKC,IAAI0C,EAAErN,OAAQiN,EAAEjN,QAC9BK,EAAS,IAAIsB,WAAW3B,GAC9B,IAAIuK,EAAM,EACV,IAAK,IAAIxI,EAAI,EAAGA,EAAI1B,EAAOL,OAAQ+B,IACjC1B,EAAO0B,GAAMsL,EAAEtL,GAAM,IAAM6d,EAAU3S,EAAElL,GAAM,IAAM6d,EACnDrV,GAAQqV,EAAO7d,EAAIsL,EAAErN,OAAY,EAAI4f,EAAQ7d,EAAIkL,EAAEjN,OAErD,OAAOK,EAAO4K,SAAS,EAAGV,IAU5BsV,YAAa,SAASD,EAAMvS,EAAGJ,GAC7B,OAAQI,EAAK,IAAMuS,EAAU3S,EAAK,IAAM2S,GAK1CE,MAAO,SAASC,GACd,OAAOA,IAAeC,GAAM/N,UAAUM,QAAUwN,IAAeC,GAAM/N,UAAUO,QAAUuN,IAAeC,GAAM/N,UAAUQ,SChlBtHnQ,GAAS8W,GAAK2E,gBAEpB,IAAIkC,GACAC,GAkBG,SAAShE,GAAOpT,GACrB,IAAIqX,EAAM,IAAIxe,WACd,OAAO4Z,EAAiBzS,GAAM7I,IAC5BkgB,EAAM/G,GAAKxX,iBAAiB,CAACue,EAAKlgB,IAClC,MAAM0M,EAAI,GAEJyT,EAAQ1V,KAAKsP,MAAMmG,EAAIngB,OADR,IAEfkG,EAFe,GAEPka,EACRC,EAAUJ,GAAYE,EAAIlV,SAAS,EAAG/E,IAC5C,IAAK,IAAInE,EAAI,EAAGA,EAAIqe,EAAOre,IACzB4K,EAAElM,KAAK4f,EAAQ5a,OAAW,GAAJ1D,EAAQ,KAC9B4K,EAAElM,KAAK,MAGT,OADA0f,EAAMA,EAAIlV,SAAS/E,GACZyG,EAAEvM,KAAK,GAAG,IAChB,IAAO+f,EAAIngB,OAASigB,GAAYE,GAAO,KAAO,IACnD,CAQO,SAAS7D,GAAOxT,GACrB,IAAIqX,EAAM,GACV,OAAO5E,EAAiBzS,GAAM7I,IAC5BkgB,GAAOlgB,EAGP,IAAIqgB,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIxe,EAAI,EAAGA,EAAIwe,EAAWvgB,OAAQ+B,IAAK,CAC1C,MAAMye,EAAYD,EAAWxe,GAC7B,IAAK,IAAIE,EAAMke,EAAI5a,QAAQib,IAAqB,IAATve,EAAYA,EAAMke,EAAI5a,QAAQib,EAAWve,EAAM,GACpFqe,IAMJ,IAAItgB,EAASmgB,EAAIngB,OACjB,KAAOA,EAAS,IAAMA,EAASsgB,GAAU,GAAM,EAAGtgB,IAC5CugB,EAAWE,SAASN,EAAIngB,KAAUsgB,IAGxC,MAAMI,EAAUR,GAAYC,EAAI1a,OAAO,EAAGzF,IAE1C,OADAmgB,EAAMA,EAAI1a,OAAOzF,GACV0gB,CAAO,IACb,IAAMR,GAAYC,IACvB,CASO,SAASQ,GAAgBC,GAC9B,OAAOtE,GAAOsE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,GAAgB5a,EAAO6a,GACrC,IAAIV,EAAUnE,GAAOhW,GAAO2a,QAAQ,UAAW,IAI/C,OAHIE,IACFV,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAEvER,CACT,CA5FI/d,IACF2d,GAAcE,GAAO7d,GAAO0e,KAAKb,GAAK5U,SAAS,UAC/C2U,GAAc5E,IACZ,MAAMrO,EAAI3K,GAAO0e,KAAK1F,EAAK,UAC3B,OAAO,IAAI3Z,WAAWsL,EAAEhK,OAAQgK,EAAE/J,WAAY+J,EAAE9J,WAAW,IAG7D8c,GAAcE,GAAOc,KAAK7H,GAAKqC,mBAAmB0E,IAClDD,GAAc5E,GAAOlC,GAAKiC,mBAAmB6F,KAAK5F,KCVpD,OAAe,CAKb6F,uBAAwBnB,GAAMhN,KAAKI,OAKnCgO,4BAA6BpB,GAAM/N,UAAUQ,OAK7C4O,8BAA+BrB,GAAMrN,YAAYC,aAKjD0O,aAAc,EAUdC,aAAa,EAObC,uBAAwBxB,GAAMvM,KAAKC,IAQnC+N,kBAAmB,GAQnB1I,QAAQ,EAOR2I,sBAAuB,IASvBC,8BAA8B,EAU9BC,4BAA4B,EAK5BC,kBAAkB,EAOlBC,WAAY,KAOZC,wBAAwB,EAKxBC,mBAAmB,EAQnBC,wCAAwC,EASxCC,8CAA8C,EAW9CC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAACrC,GAAM/N,UAAUM,OAAQyN,GAAM/N,UAAUO,OAAQwN,GAAM/N,UAAUQ,SAMlI6P,qBAAsB,IAKtBC,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,oBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,oBAAoB,EAMpBC,qBAAsB,IAAIZ,IAAI,CAACrC,GAAMhN,KAAKC,IAAK+M,GAAMhN,KAAKG,SAM1D+P,4BAA6B,IAAIb,IAAI,CAACrC,GAAMhN,KAAKC,IAAK+M,GAAMhN,KAAKG,OAAQ6M,GAAMhN,KAAKE,OAMpFiQ,0BAA2B,IAAId,IAAI,CAACrC,GAAM9O,UAAUI,QAAS0O,GAAM9O,UAAUK,MAM7E6R,aAAc,IAAIf,IAAI,CAACrC,GAAMxQ,MAAMQ,aCzNrC,SAASqT,GAAQpO,GACf,MAEMqO,EAASrO,EAAKsO,MAFH,yIAIjB,IAAKD,EACH,MAAUthB,MAAM,4BAMlB,MAAI,yBAAyBuc,KAAK+E,EAAO,IAChCtD,GAAM7H,MAAMC,iBAMjB,oBAAoBmG,KAAK+E,EAAO,IAC3BtD,GAAM7H,MAAME,cAGjB,iBAAiBkG,KAAK+E,EAAO,IACxBtD,GAAM7H,MAAMG,OAIjB,UAAUiG,KAAK+E,EAAO,IACjBtD,GAAM7H,MAAMI,QAIjB,mBAAmBgG,KAAK+E,EAAO,IAC1BtD,GAAM7H,MAAMjH,UAIjB,oBAAoBqN,KAAK+E,EAAO,IAC3BtD,GAAM7H,MAAMK,WAMjB,YAAY+F,KAAK+E,EAAO,IACnBtD,GAAM7H,MAAMpE,eADrB,CAGF,CAWA,SAASyP,GAAUC,EAAeC,GAChC,IAAIrjB,EAAS,GAWb,OAVIqjB,EAAOhB,cACTriB,GAAU,YAAcqjB,EAAOd,cAAgB,MAE7Cc,EAAOf,cACTtiB,GAAU,YAAcqjB,EAAOb,cAAgB,MAE7CY,IACFpjB,GAAU,YAAcojB,EAAgB,MAE1CpjB,GAAU,KACHA,CACT,CASA,SAASsjB,GAAY7a,GAEnB,OAAO8a,GA8CT,SAAqB1kB,GACnB,IAAI2kB,EAAM,SACV,OAAOtI,EAAiBrc,GAAOe,IAC7B,MAAM6jB,EAAQC,GAAiBrZ,KAAKsP,MAAM/Z,EAAMD,OAAS,GAAK,EACxDgkB,EAAQ,IAAIC,YAAYhkB,EAAMgD,OAAQhD,EAAMiD,WAAY4gB,GAC9D,IAAK,IAAI/hB,EAAI,EAAGA,EAAI+hB,EAAO/hB,IACzB8hB,GAAOG,EAAMjiB,GACb8hB,EACEK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,EAAK,KAC1BK,GAAU,GAAIL,GAAO,EAAK,KAE9B,IAAK,IAAI9hB,EAAY,EAAR+hB,EAAW/hB,EAAI9B,EAAMD,OAAQ+B,IACxC8hB,EAAOA,GAAO,EAAKK,GAAU,GAAU,IAANL,EAAc5jB,EAAM8B,OAEtD,IAAM,IAAIJ,WAAW,CAACkiB,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYrb,GAE1B,CAIA,MAAMob,GAAY,CACZzlB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAIsD,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAI8hB,EAAM9hB,GAAK,GACf,IAAK,IAAI4Z,EAAI,EAAGA,EAAI,EAAGA,IACrBkI,EAAOA,GAAO,GAA2B,IAAd,QAANA,GAAwB,QAAW,GAE1DK,GAAU,GAAGniB,IACH,SAAN8hB,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAI9hB,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBmiB,GAAU,GAAGniB,GAAMmiB,GAAU,GAAGniB,IAAM,EAAKmiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGniB,IAIvE,MAAMgiB,GAAkB,WACtB,MAAM9gB,EAAS,IAAImhB,YAAY,GAG/B,OAFA,IAAIC,SAASphB,GAAQqhB,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWthB,GAAQ,EAChC,IAmCA,SAASuhB,GAAcC,GACrB,IAAK,IAAI1iB,EAAI,EAAGA,EAAI0iB,EAAQzkB,OAAQ+B,IAC7B,mCAAmCwc,KAAKkG,EAAQ1iB,KACnDqX,GAAK4D,gBAAoBhb,MAAM,sCAAwCyiB,EAAQ1iB,KAE5E,iDAAiDwc,KAAKkG,EAAQ1iB,KACjEqX,GAAK4D,gBAAoBhb,MAAM,mBAAqByiB,EAAQ1iB,IAGlE,CASA,SAAS2iB,GAAczP,GACrB,IAAI0P,EAAO1P,EACP2P,EAAW,GAEf,MAAMC,EAAa5P,EAAK6P,YAAY,KAOpC,OALID,GAAc,GAAKA,IAAe5P,EAAKjV,OAAS,IAClD2kB,EAAO1P,EAAK3U,MAAM,EAAGukB,GACrBD,EAAW3P,EAAK3U,MAAMukB,EAAa,GAAGpf,OAAO,EAAG,IAG3C,CAAEkf,KAAMA,EAAMC,SAAUA,EACjC,CAWO,SAASG,GAAQ7lB,EAAOwkB,EAASsB,IAEtC,OAAO,IAAInmB,SAAQkB,MAAOjB,EAASC,KACjC,IACE,MAAMkmB,EAAU,qBACVC,EAAc,oDAEpB,IAAIlM,EACJ,MAAMyL,EAAU,GAChB,IACIU,EAEAC,EACAR,EAJAS,EAAcZ,EAEdxP,EAAO,GAGPnM,EAAOwc,GAAcC,EAAqBrmB,GAAOa,MAAOyH,EAAUC,KACpE,MAAMlD,EAASihB,EAAiBhe,GAChC,IACE,OAAa,CACX,IAAIyX,QAAa1a,EAAOY,WACxB,QAAatF,IAATof,EACF,MAAUjd,MAAM,0BAIlB,GADAid,EAAO7F,GAAK2F,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpD7H,EAIE,GAAKmM,EAcAC,GAAqB,IAATpM,IACjBiM,EAAQ1G,KAAKU,IAIhBhK,EAAOA,EAAK7U,KAAK,QACjBglB,GAAW,EACXZ,GAAca,GACdA,EAAc,GACdF,GAAc,GANdlQ,EAAKxU,KAAKwe,EAAK4B,QAAQ,MAAO,WAbhC,GAHIoE,EAAQ1G,KAAKU,IACflgB,EAAWiD,MAAM,sEAEdkjB,EAAY3G,KAAKU,IAKpB,GAFAuF,GAAca,GACdF,GAAc,EACVC,GAAqB,IAATpM,EAAY,CAC1Bla,EAAQ,CAAEmW,OAAMnM,OAAM2b,UAASzL,SAC/B,YANFqM,EAAY5kB,KAAKwe,QARfgG,EAAQ1G,KAAKU,KACfjG,EAAOqK,GAAQpE,KA6BrB,MAAO5b,GAEP,YADAtE,EAAOsE,GAGT,MAAM/D,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,OACLnI,EAAO2I,MACb,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EACF,MAAU8B,MAAM,0BAElB,MAAMid,EAAOhf,EAAQ,GACrB,IAA2B,IAAvBgf,EAAK1Z,QAAQ,OAAsC,IAAvB0Z,EAAK1Z,QAAQ,KAEtC,CACL,IAAImE,QAAkBnF,EAAOpE,YACxBuJ,EAAU1J,SAAQ0J,EAAY,IACnCA,EAAYuV,EAAOvV,EACnBA,EAAY0P,GAAK2F,qBAAqBrV,EAAUmX,QAAQ,MAAO,KAC/D,MAAM6E,EAAQhc,EAAUsV,MAAMiG,GAC9B,GAAqB,IAAjBS,EAAM1lB,OACR,MAAUgC,MAAM,0BAElB,MAAMgd,EAAQ0F,GAAcgB,EAAM,GAAGplB,MAAM,GAAI,IAC/CskB,EAAW5F,EAAM4F,eACXtlB,EAAOoB,MAAMse,EAAM2F,MACzB,YAbMrlB,EAAOoB,MAAMue,SAgBjB3f,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,QAGvByF,EAAOyc,EAAqBzc,GAAM/I,MAAOyH,EAAUC,KACjD,MAAMke,EAAmBC,EAAiBjC,GAAYkC,EAAoBre,KAC1Eme,EAAiB3mB,OAAM,eACjB8mB,EAAYte,EAAUC,EAAU,CACpCE,cAAc,IAEhB,MAAMrI,EAASmmB,EAAiBhe,GAChC,IACE,MAAMse,SAAgCJ,GAAkB9E,QAAQ,KAAM,IACtE,GAAI+D,IAAamB,IAA2BnB,GAAYlB,EAAO7B,kBAC7D,MAAU7f,MAAM,4CAEZ1C,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,OAGvB,MAAOA,GACPtE,EAAOsE,OAER7C,MAAKT,UACFimB,EAAqB3lB,EAAOyI,QAC9BzI,EAAOyI,WAAa8c,EAAiBvlB,EAAOyI,OAEvCzI,IAEX,CAaO,SAAS8X,GAAM8N,EAAatB,EAAMuB,EAAWC,EAAW1C,EAAeC,EAASsB,IACrF,IAAI/P,EACAjC,EACAiT,IAAgBjG,GAAM7H,MAAMG,SAC9BrD,EAAO0P,EAAK1P,KACZjC,EAAO2R,EAAK3R,KACZ2R,EAAOA,EAAK7b,MAEd,MAAMsd,EAAYP,EAAoBlB,GAChCtkB,EAAS,GACf,OAAQ4lB,GACN,KAAKjG,GAAM7H,MAAMC,iBACf/X,EAAOI,KAAK,gCAAkCylB,EAAY,IAAMC,EAAY,WAC5E9lB,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,8BAAgCylB,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAKnG,GAAM7H,MAAME,cACfhY,EAAOI,KAAK,gCAAkCylB,EAAY,WAC1D7lB,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,8BAAgCylB,EAAY,WACxD,MACF,KAAKlG,GAAM7H,MAAMG,OACfjY,EAAOI,KAAK,wCACZJ,EAAOI,KAAK,SAAWuS,EAAO,QAC9B3S,EAAOI,KAAKwU,EAAK4L,QAAQ,OAAQ,QACjCxgB,EAAOI,KAAK,qCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,iCACZ,MACF,KAAKuf,GAAM7H,MAAMI,QACflY,EAAOI,KAAK,iCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,+BACZ,MACF,KAAKuf,GAAM7H,MAAMjH,UACf7Q,EAAOI,KAAK,0CACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,wCACZ,MACF,KAAKuf,GAAM7H,MAAMK,WACfnY,EAAOI,KAAK,2CACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,yCACZ,MACF,KAAKuf,GAAM7H,MAAMpE,UACf1T,EAAOI,KAAK,mCACZJ,EAAOI,KAAK+iB,GAAUC,EAAeC,IACrCrjB,EAAOI,KAAKmjB,GAAce,IAC1BtkB,EAAOI,KAAK,IAAKkjB,GAAYyC,IAC7B/lB,EAAOI,KAAK,iCAIhB,OAAO2Y,GAAK5T,OAAOnF,EACrB,CC5YA,MAAMgmB,GACJ3nB,cACEE,KAAKsH,MAAQ,GAOfpG,KAAKoG,GAEH,OADAtH,KAAKsH,MAAQkT,GAAKqC,mBAAmBvV,EAAM+E,SAAS,EAAG,IAChDrM,KAAKsH,MAAMlG,OAOpBU,QACE,OAAO0Y,GAAKiC,mBAAmBzc,KAAKsH,OAOtCogB,QACE,OAAOlN,GAAK8B,gBAAgB9B,GAAKiC,mBAAmBzc,KAAKsH,QAQ3DqgB,OAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB9nB,KAAK8nB,eAAkB9nB,KAAKsH,QAAUsgB,EAAMtgB,MAO9FygB,SACE,MAAsB,KAAf/nB,KAAKsH,MAOdwgB,aACE,MAAO,OAAOnI,KAAK3f,KAAK0nB,SAG1BM,gBAAgBJ,GACd,OAAOA,EAAMF,QAGfM,cAAcvb,GACZ,MAAMmb,EAAQ,IAAIH,GAElB,OADAG,EAAM1mB,KAAKsZ,GAAK4B,gBAAgB3P,IACzBmb,EAGTI,kBACE,MAAMJ,EAAQ,IAAIH,GAElB,OADAG,EAAM1mB,KAAK,IAAI6B,WAAW,IACnB6kB,GChGJ,IAAIK,GAAU,WAMnB,IAKIC,EAAOC,EALPC,GAAa,EAsCjB,SAASC,EAAK5Z,EAAGJ,GACf,IAAImO,EAAI0L,GAAOC,EAAM1Z,GAAK0Z,EAAM9Z,IAAM,KAEtC,OADU,IAANI,GAAiB,IAANJ,IAASmO,EAAI,GACrBA,EAiBT,IAOI8L,EAKAC,EAKAC,EAKAC,EAtBAC,GAAgB,EA2BpB,SAASC,IAIP,SAASC,EAAGna,GACV,IAAI+N,EAAGyB,EAAG/Q,EAEV,IADA+Q,EAAI/Q,EA1CR,SAAcuB,GACZ,IAAItL,EAAI+kB,EAAM,IAAMC,EAAM1Z,IAE1B,OADU,IAANA,IAAStL,EAAI,GACVA,EAuCG0lB,CAAKpa,GACR+N,EAAI,EAAGA,EAAI,EAAGA,IAEjBtP,GADA+Q,EAA6B,KAAvBA,GAAK,EAAMA,IAAM,GAIzB,OADA/Q,GAAK,GAVFkb,GA5EP,WACEF,EAAQ,GACNC,EAAQ,GAEV,IAAW3L,EAAGsM,EAAVra,EAAI,EACR,IAAK+N,EAAI,EAAGA,EAAI,IAAKA,IACnB0L,EAAM1L,GAAK/N,EAGXqa,EAAQ,IAAJra,EAAUA,IAAM,EAAGA,GAAK,IAClB,MAANqa,IAAYra,GAAK,IACrBA,GAAKyZ,EAAM1L,GAGX2L,EAAMD,EAAM1L,IAAMA,EAEpB0L,EAAM,KAAOA,EAAM,GACnBC,EAAM,GAAK,EAEXC,GAAa,EAyDIW,GAejBT,EAAW,GACTC,EAAW,GACXC,EAAU,CAAC,GAAI,GAAI,GAAI,IACvBC,EAAU,CAAC,GAAI,GAAI,GAAI,IAEzB,IAAK,IAAItlB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC5B,IAAI8a,EAAI2K,EAAGzlB,GAGXmlB,EAASnlB,GAAK8a,EACdsK,EAAStK,GAAK9a,EAGdqlB,EAAQ,GAAGrlB,GAAMklB,EAAK,EAAGpK,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKoK,EAAK,EAAGpK,GACpEwK,EAAQ,GAAGxK,GAAMoK,EAAK,GAAIllB,IAAM,GAAOklB,EAAK,EAAGllB,IAAM,GAAOklB,EAAK,GAAIllB,IAAM,EAAKklB,EAAK,GAAIllB,GAEzF,IAAK,IAAIkb,EAAI,EAAGA,EAAI,EAAGA,IACrBmK,EAAQnK,GAAGlb,GAAMqlB,EAAQnK,EAAI,GAAGlb,KAAO,EAAMqlB,EAAQnK,EAAI,GAAGlb,IAAM,GAClEslB,EAAQpK,GAAGJ,GAAMwK,EAAQpK,EAAI,GAAGJ,KAAO,EAAMwK,EAAQpK,EAAI,GAAGJ,IAAM,GAItEyK,GAAgB,EA0BlB,IAAIM,EAAU,SAAUC,EAAS5kB,GAE1BqkB,GAAeC,IAGpB,IAAIO,EAAO,IAAI7D,YAAYhhB,GAC3B6kB,EAAK1lB,IAAI8kB,EAAU,KACnBY,EAAK1lB,IAAI+kB,EAAU,KACnB,IAAK,IAAIplB,EAAI,EAAGA,EAAI,EAAGA,IACrB+lB,EAAK1lB,IAAIglB,EAAQrlB,GAAK,KAAS,KAAQA,GAAM,GAC7C+lB,EAAK1lB,IAAIilB,EAAQtlB,GAAK,KAAS,KAAQA,GAAM,GAuD/C,IAEIgmB,EAAM,SAAUC,EAAQH,EAAS5kB,GACnC,UAEA,IAAIglB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAI,EAEN,IAAIC,EAAO,IAAItB,EAAO/D,YAAYhhB,GAChCsmB,EAAO,IAAIvB,EAAOrmB,WAAWsB,GAa/B,SAASumB,EAAMvO,EAAG4B,EAAGI,EAAGtQ,EAAG8c,EAAIC,EAAIC,EAAIC,GACrC3O,EAAIA,EAAI,EACR4B,EAAIA,EAAI,EACRI,EAAIA,EAAI,EACRtQ,EAAIA,EAAI,EACR8c,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAIC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACvBC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BpoB,EAAI,EAEN8nB,EAAK5M,EAAI,MAAO6M,EAAK7M,EAAI,MAAO8M,EAAK9M,EAAI,MAGzCwM,EAAKA,EAAKH,GAAMrO,EAAI,IAAM,GACxByO,EAAKA,EAAKJ,GAAMrO,EAAI,IAAM,GAC1B0O,EAAKA,EAAKL,GAAMrO,EAAI,IAAM,GAC1B2O,EAAKA,EAAKN,GAAMrO,EAAI,KAAO,GAG7B,IAAKlZ,EAAI,IAAKA,EAAI,IAAO4K,GAAK,EAAI5K,EAAKA,EAAI,GAAM,EAAG,CAClDioB,EAAKV,GAAMrM,EAAIwM,GAAM,GAAK,OAAS,GAAKH,GAAMO,EAAKH,GAAM,GAAK,OAAS,GAAKJ,GAAMQ,EAAKH,GAAM,EAAI,OAAS,GAAKL,GAAMS,EAAKH,GAAM,EAAI,OAAS,GAAKN,GAAMrO,EAAIlZ,EAAI,IAAM,GACpKkoB,EAAKX,GAAMrM,EAAIyM,GAAM,GAAK,OAAS,GAAKJ,GAAMO,EAAKF,GAAM,GAAK,OAAS,GAAKL,GAAMQ,EAAKF,GAAM,EAAI,OAAS,GAAKN,GAAMS,EAAKN,GAAM,EAAI,OAAS,GAAKH,GAAMrO,EAAIlZ,EAAI,IAAM,GACtKmoB,EAAKZ,GAAMrM,EAAI0M,GAAM,GAAK,OAAS,GAAKL,GAAMO,EAAKD,GAAM,GAAK,OAAS,GAAKN,GAAMQ,EAAKL,GAAM,EAAI,OAAS,GAAKH,GAAMS,EAAKL,GAAM,EAAI,OAAS,GAAKJ,GAAMrO,EAAIlZ,EAAI,IAAM,GACtKooB,EAAKb,GAAMrM,EAAI2M,GAAM,GAAK,OAAS,GAAKN,GAAMO,EAAKJ,GAAM,GAAK,OAAS,GAAKH,GAAMQ,EAAKJ,GAAM,EAAI,OAAS,GAAKJ,GAAMS,EAAKJ,GAAM,EAAI,OAAS,GAAKL,GAAMrO,EAAIlZ,EAAI,KAAO,GACzK0nB,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAIlClC,EAAKqB,GAAMzM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMzM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMzM,EAAI8M,GAAM,EAAI,OAAS,IAAM,EAAIL,GAAMzM,EAAI+M,GAAM,EAAI,OAAS,GAAKN,GAAMrO,EAAIlZ,EAAI,IAAM,GAClLmmB,EAAKoB,GAAMzM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMzM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMzM,EAAI+M,GAAM,EAAI,OAAS,IAAM,EAAIN,GAAMzM,EAAI4M,GAAM,EAAI,OAAS,GAAKH,GAAMrO,EAAIlZ,EAAI,IAAM,GACpLomB,EAAKmB,GAAMzM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMzM,EAAI+M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMzM,EAAI4M,GAAM,EAAI,OAAS,IAAM,EAAIH,GAAMzM,EAAI6M,GAAM,EAAI,OAAS,GAAKJ,GAAMrO,EAAIlZ,EAAI,IAAM,GACpLqmB,EAAKkB,GAAMzM,EAAI+M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMzM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMzM,EAAI6M,GAAM,EAAI,OAAS,IAAM,EAAIJ,GAAMzM,EAAI8M,GAAM,EAAI,OAAS,GAAKL,GAAMrO,EAAIlZ,EAAI,KAAO,GAUzL,SAASqoB,EAASX,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAC,EACAC,EACAC,GAWJ,SAASS,EAASZ,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI3M,EAAI,EAERuM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFzM,EAAIiL,EAAIA,EAAKE,EAAIA,EAAKnL,EAWxB,SAASqN,EAASb,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,GAGPvB,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAUT,SAASmC,EAASd,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI3M,EAAI,EAERuM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFzM,EAAIiL,EAAIA,EAAKE,EAAIA,EAAKnL,EAEtBgL,EAAKA,EAAKI,EACRH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EAEZH,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASY,EAASf,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EAAKA,EAAKwB,EACbnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EAWnB,SAASa,EAAShB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFP,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAEZvB,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASc,EAAKjB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAEPH,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASe,EAAKlB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAZ,EACAC,EACAC,EACAC,GAGFA,GAAOI,EAAKJ,EAAMI,EAAMJ,EAAK,EAC3BD,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAE5CT,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASgB,EAASnB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAII,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BU,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BjpB,EAAI,EAAGqZ,EAAI,EAEbqO,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAEZwB,EAAKf,EAAK,EACRgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EAEZ,MAAQrnB,EAAI,GAAK,IAAKA,EAAKA,EAAI,EAAK,EAAG,CACrC,GAAIioB,IAAO,GAAI,CACba,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAGdI,EAAMA,GAAM,EAAMC,IAAO,GACvBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAEd/O,EAAIwO,EAAK,EAETA,EAAMA,IAAO,EAAMD,GAAM,GACvBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAEf,GAAIrO,EAAGqO,EAAKA,EAAK,WAGnBpB,EAAKwC,EACHvC,EAAKwC,EACLvC,EAAKwC,EACLvC,EAAKwC,EAST,SAASC,EAAWte,GAClBA,EAAIA,EAAI,EACR0c,EAAI1c,EAYN,SAASue,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVrD,EAAKkD,EACHjD,EAAKkD,EACLjD,EAAKkD,EACLjD,EAAKkD,EAYT,SAASC,EAAOC,EAAIC,EAAIC,EAAIC,GAC1BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVtD,EAAKmD,EACHlD,EAAKmD,EACLlD,EAAKmD,EACLlD,EAAKmD,EAYT,SAASC,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVvD,EAAKoD,EACHnD,EAAKoD,EACLnD,EAAKoD,EACLnD,EAAKoD,EAYT,SAASC,EAASC,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVxD,EAAKqD,EACHpD,EAAKqD,EACLpD,EAAKqD,EACLpD,EAAKqD,EAYT,SAASC,EAAYC,EAAIC,EAAIC,EAAIC,GAC/BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV9D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACrB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EAU3B,SAASI,EAAU1qB,GACjBA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBsnB,EAAKtnB,EAAM,GAAKgmB,IAAO,GACrBsB,EAAKtnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BsB,EAAKtnB,EAAM,GAAKgmB,IAAO,EAAI,IAC3BsB,EAAKtnB,EAAM,GAAKgmB,EAAK,IACrBsB,EAAKtnB,EAAM,GAAKimB,IAAO,GACvBqB,EAAKtnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BqB,EAAKtnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BqB,EAAKtnB,EAAM,GAAKimB,EAAK,IACrBqB,EAAKtnB,EAAM,GAAKkmB,IAAO,GACvBoB,EAAKtnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,IAAO,EAAI,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,EAAK,IACtBoB,EAAKtnB,EAAM,IAAMmmB,IAAO,GACxBmB,EAAKtnB,EAAM,IAAMmmB,IAAO,GAAK,IAC7BmB,EAAKtnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BmB,EAAKtnB,EAAM,IAAMmmB,EAAK,IAExB,OAAO,GAUT,SAASwE,EAAO3qB,GACdA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBsnB,EAAKtnB,EAAM,GAAKomB,IAAO,GACrBkB,EAAKtnB,EAAM,GAAKomB,IAAO,GAAK,IAC5BkB,EAAKtnB,EAAM,GAAKomB,IAAO,EAAI,IAC3BkB,EAAKtnB,EAAM,GAAKomB,EAAK,IACrBkB,EAAKtnB,EAAM,GAAKqmB,IAAO,GACvBiB,EAAKtnB,EAAM,GAAKqmB,IAAO,GAAK,IAC5BiB,EAAKtnB,EAAM,GAAKqmB,IAAO,EAAI,IAC3BiB,EAAKtnB,EAAM,GAAKqmB,EAAK,IACrBiB,EAAKtnB,EAAM,GAAKsmB,IAAO,GACvBgB,EAAKtnB,EAAM,GAAKsmB,IAAO,GAAK,IAC5BgB,EAAKtnB,EAAM,IAAMsmB,IAAO,EAAI,IAC5BgB,EAAKtnB,EAAM,IAAMsmB,EAAK,IACtBgB,EAAKtnB,EAAM,IAAMumB,IAAO,GACxBe,EAAKtnB,EAAM,IAAMumB,IAAO,GAAK,IAC7Be,EAAKtnB,EAAM,IAAMumB,IAAO,EAAI,IAC5Be,EAAKtnB,EAAM,IAAMumB,EAAK,IAExB,OAAO,GAQT,SAASqE,IACPzC,EAAS,EAAG,EAAG,EAAG,GAClBnB,EAAKhB,EACHiB,EAAKhB,EACLiB,EAAKhB,EACLiB,EAAKhB,EAYT,SAAS0E,EAAOC,EAAM9qB,EAAK8M,GACzBge,EAAOA,EAAO,EACd9qB,EAAMA,EAAM,EACZ8M,EAAMA,EAAM,EAEZ,IAAIie,EAAM,EAEV,GAAI/qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ8M,EAAM,IAAM,GAAI,CACtBke,EAAcF,EAAO,GACnBxD,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,IAC7EsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,KAGjFsnB,EAAKtnB,EAAM,GAAKgmB,IAAO,GACrBsB,EAAKtnB,EAAM,GAAKgmB,IAAO,GAAK,IAC5BsB,EAAKtnB,EAAM,GAAKgmB,IAAO,EAAI,IAC3BsB,EAAKtnB,EAAM,GAAKgmB,EAAK,IACrBsB,EAAKtnB,EAAM,GAAKimB,IAAO,GACvBqB,EAAKtnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BqB,EAAKtnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BqB,EAAKtnB,EAAM,GAAKimB,EAAK,IACrBqB,EAAKtnB,EAAM,GAAKkmB,IAAO,GACvBoB,EAAKtnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,IAAO,EAAI,IAC5BoB,EAAKtnB,EAAM,IAAMkmB,EAAK,IACtBoB,EAAKtnB,EAAM,IAAMmmB,IAAO,GACxBmB,EAAKtnB,EAAM,IAAMmmB,IAAO,GAAK,IAC7BmB,EAAKtnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BmB,EAAKtnB,EAAM,IAAMmmB,EAAK,IAExB4E,EAAOA,EAAM,GAAM,EACjB/qB,EAAOA,EAAM,GAAM,EACnB8M,EAAOA,EAAM,GAAM,EAGvB,OAAOie,EAAM,EAYf,SAASE,EAAIH,EAAM9qB,EAAK8M,GACtBge,EAAOA,EAAO,EACd9qB,EAAMA,EAAM,EACZ8M,EAAMA,EAAM,EAEZ,IAAIie,EAAM,EAEV,GAAI/qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ8M,EAAM,IAAM,GAAI,CACtBoe,EAAWJ,EAAO,GAChBxD,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,EAAIsnB,EAAKtnB,EAAM,GAC5EsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,IAAM,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,IAC7EsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,GAAKsnB,EAAKtnB,EAAM,KAAO,EAAIsnB,EAAKtnB,EAAM,KAGjF+qB,EAAOA,EAAM,GAAM,EACjB/qB,EAAOA,EAAM,GAAM,EACnB8M,EAAOA,EAAM,GAAM,EAGvB,OAAOie,EAAM,EAMf,IAAIC,EAAgB,CAAC7C,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAMC,GAKvF,IAAIwC,EAAa,CAAC7C,EAAUM,GAK5B,MAAO,CACLK,WAAYA,EACZC,UAAWA,EACXK,OAAQA,EACRK,UAAWA,EACXK,SAAUA,EACVK,YAAaA,EACbK,UAAWA,EACXC,OAAQA,EACRC,SAAUA,EACVC,OAAQA,EACRI,IAAKA,GAxpBC,CAFG,CAACvrB,WAAwBsiB,aA4pB5B4D,EAAS5kB,GAInB,OAFA8kB,EAAIqF,QApsBJ,SAAiBC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/C,IAAIC,EAAQhG,EAAK7c,SAAS,EAAO,IAC/B8iB,EAAQjG,EAAK7c,SAAS,IAAO,KAG/B6iB,EAAM1rB,IAAI,CAACkrB,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,IACvC,IAAK,IAAI9rB,EAAIsrB,EAAIW,EAAO,EAAGjsB,EAAI,EAAIsrB,EAAK,GAAItrB,IAAK,CAC/C,IAAIkZ,EAAI6S,EAAM/rB,EAAI,IACbA,EAAIsrB,GAAO,GAAc,IAAPA,GAAYtrB,EAAIsrB,GAAO,KAC5CpS,EAAIiM,EAASjM,IAAM,KAAO,GAAKiM,EAASjM,IAAM,GAAK,MAAQ,GAAKiM,EAASjM,IAAM,EAAI,MAAQ,EAAIiM,EAAa,IAAJjM,IAEtGlZ,EAAIsrB,GAAO,IACbpS,EAAKA,GAAK,EAAMA,IAAM,GAAO+S,GAAQ,GACrCA,EAAQA,GAAQ,GAAc,IAAPA,EAAe,GAAO,IAE/CF,EAAM/rB,GAAK+rB,EAAM/rB,EAAIsrB,GAAMpS,EAI7B,IAAK,IAAIU,EAAI,EAAGA,EAAI5Z,EAAG4Z,GAAK,EAC1B,IAAK,IAAIsS,EAAK,EAAGA,EAAK,EAAGA,IAAM,CACzBhT,EAAI6S,EAAM/rB,GAAK,EAAI4Z,IAAM,EAAIsS,GAAM,GAErCF,EAAMpS,EAAIsS,GADRtS,EAAI,GAAKA,GAAK5Z,EAAI,EACJkZ,EAEAoM,EAAQ,GAAGH,EAASjM,IAAM,KACtCoM,EAAQ,GAAGH,EAASjM,IAAM,GAAK,MAC/BoM,EAAQ,GAAGH,EAASjM,IAAM,EAAI,MAC9BoM,EAAQ,GAAGH,EAAa,IAAJjM,IAM9B8M,EAAIkD,WAAWoC,EAAK,IAoqBftF,GA8CT,OAtCAH,EAAQsG,IAAM,CACZC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQL3G,EAAQ4G,IAAM,CACZL,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQP3G,EAAQ6G,IAAM,CACZL,IAAK,EACLM,IAAK,GAQT9G,EAAQ+G,UAAY,MAEb/G,CACT,CA36BqB,GC+Gd,SAASgH,GAASvhB,GACrB,OAAOA,aAAa1L,UACxB,CAWO,SAASktB,GAAW/G,EAAMgH,GAC7B,MAAM9qB,EAAO8jB,EAAOA,EAAK3kB,WAAa2rB,GAAY,MAClD,GAAW,KAAP9qB,GAAgBA,GAAQ,EACxB,MAAUhC,MAAM,+DAEpB,OADA8lB,EAAOA,GAAQ,IAAInmB,WAAW,IAAIyiB,YAAYpgB,GAElD,CACO,SAAS+qB,GAAYjH,EAAMkH,EAAMlmB,EAAMmmB,EAAMC,GAChD,MAAMC,EAAOrH,EAAK9nB,OAASgvB,EACrBI,EAAOD,EAAOD,EAAOC,EAAOD,EAElC,OADApH,EAAK1lB,IAAI0G,EAAKmC,SAASgkB,EAAMA,EAAOG,GAAOJ,GACpCI,CACX,CACO,SAASC,MAAaC,GACzB,MAAMC,EAAcD,EAAIE,QAAO,CAACC,EAAKC,IAASD,EAAMC,EAAK1vB,QAAQ,GAC3DgtB,EAAM,IAAIrrB,WAAW4tB,GAC3B,IAAII,EAAS,EACb,IAAK,IAAI5tB,EAAI,EAAGA,EAAIutB,EAAItvB,OAAQ+B,IAC5BirB,EAAI5qB,IAAIktB,EAAIvtB,GAAI4tB,GAChBA,GAAUL,EAAIvtB,GAAG/B,OAErB,OAAOgtB,CACX,CCvJO,MAAM4C,WAA0B5tB,MACnCtD,eAAemxB,GACXlxB,SAASkxB,IAIV,MAAMC,WAA6B9tB,MACtCtD,eAAemxB,GACXlxB,SAASkxB,IAIV,MAAME,WAAsB/tB,MAC/BtD,eAAemxB,GACXlxB,SAASkxB,ICXjB,MAAMG,GAAY,GACZC,GAAW,GACV,MAAMC,GACTxxB,YAAYkX,EAAKua,EAAIC,GAAU,EAAMrD,EAAMjF,EAAMC,GAC7CnpB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAKmuB,KAAOA,EAEZnuB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAKgX,IAAMA,EACXhX,KAAKuxB,GAAKA,EACVvxB,KAAKwxB,QAAUA,EAEfxxB,KAAKyxB,YAAYvI,EAAMC,GAE3BsI,YAAYvI,EAAMC,GAMd,YALkBloB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOA,GAAQkI,GAAUM,OAASzB,KAAa5jB,SAAS4b,GAAQ8H,WACrE/vB,KAAKmpB,IAAMA,GAAOkI,GAASK,OAAS,IAAIzJ,GAAQ,KAAMjoB,KAAKkpB,KAAK7kB,QAChErE,KAAK2xB,MAAM3xB,KAAKgX,IAAKhX,KAAKuxB,KAEvB,CAAErI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf0wB,MAAM3a,EAAKua,GACP,MAAMpI,IAAEA,GAAQnpB,KAAKyxB,cAEfI,EAAS7a,EAAI5V,OACnB,GAAe,KAAXywB,GAA4B,KAAXA,GAA4B,KAAXA,EAClC,MAAM,IAAIX,GAAqB,oBACnC,MAAMY,EAAU,IAAIrM,SAASzO,EAAI3S,OAAQ2S,EAAI1S,WAAY0S,EAAIzS,YAG7D,GAFA4kB,EAAIqF,QAAQqD,GAAU,EAAGC,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,IAAKF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,QAExQ9wB,IAAPswB,EAAkB,CAClB,GAAkB,KAAdA,EAAGnwB,OACH,MAAM,IAAI8vB,GAAqB,mBACnC,IAAIc,EAAS,IAAIvM,SAAS8L,EAAGltB,OAAQktB,EAAGjtB,WAAYitB,EAAGhtB,YACvD4kB,EAAIwD,OAAOqF,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,UAG3F5I,EAAIwD,OAAO,EAAG,EAAG,EAAG,GAG5BsF,oBAAoB/nB,GAChB,IAAK8lB,GAAS9lB,GACV,MAAM,IAAIgoB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQqH,IAAItvB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXkgB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBgxB,EAAO,EAEP5B,EAAO,EACP/uB,EAAS,IAAIsB,WAFLoN,EAAMmgB,GAAS,IAG3B,KAAOA,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GACjCqgB,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAKd,OAFAnQ,KAAKqD,IAAMA,EACXrD,KAAKmQ,IAAMA,EACJ1O,EAEX4wB,qBACI,IAAInJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQqH,IAAItvB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXmiB,EAAO,GAAMniB,EAAM,GACnBoiB,EAAOpiB,EACX,GAAInQ,KAAKwyB,eAAe,YACpB,GAAIxyB,KAAKwxB,QAAS,CACd,IAAK,IAAIiB,EAAI,EAAGA,EAAIH,IAAQG,EACxBvJ,EAAK7lB,EAAM8M,EAAMsiB,GAAKH,EAE1BniB,GAAOmiB,EACPC,EAAOpiB,OAEN,GAAIA,EAAM,GACX,MAAM,IAAI+gB,GAAqB,yDAInC/gB,GAAOmiB,EAEX,MAAM7wB,EAAS,IAAIsB,WAAWwvB,GAQ9B,OAPIpiB,GACAgZ,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAC9BoiB,GACA9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IACxCvyB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACEnwB,EAEXixB,oBAAoBxoB,GAChB,IAAK8lB,GAAS9lB,GACV,MAAM,IAAIgoB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQ2H,IAAI5vB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXkgB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBgxB,EAAO,EACPG,EAAQpiB,EAAMmgB,GAAS,GACvBgC,EAAO,EACP9B,EAAO,EACPxwB,KAAKwxB,UACLc,EAAOniB,EAAMmgB,EAAOiC,GAAQ,GAC5BA,GAAQD,GAEZ,MAAM7wB,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAAQmgB,EAAc,EAAPgC,IAChD9B,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAKd,OAFAnQ,KAAKqD,IAAMA,EACXrD,KAAKmQ,IAAMA,EACJ1O,EAEXkxB,qBACI,IAAIzJ,KAAEA,EAAIC,IAAEA,GAAQnpB,KAAKyxB,cACrBU,EAAQlK,GAAQ2H,IAAI5vB,KAAKmuB,MACzBiC,EAAOnI,GAAQ8H,UACf1sB,EAAMrD,KAAKqD,IACX8M,EAAMnQ,KAAKmQ,IACXoiB,EAAOpiB,EACX,GAAIA,EAAM,EAAG,CACT,GAAIA,EAAM,GAAI,CACV,GAAInQ,KAAKwyB,eAAe,WACpB,MAAM,IAAItB,GAAqB,oDAG/B/gB,GAAO,GAAMA,EAAM,GAI3B,GADAgZ,EAAI+E,OAAOiE,EAAO/B,EAAO/sB,EAAK8M,GAC1BnQ,KAAKwyB,eAAe,YAAcxyB,KAAKwxB,QAAS,CAChD,IAAIoB,EAAM1J,EAAK7lB,EAAMkvB,EAAO,GAC5B,GAAIK,EAAM,GAAKA,EAAM,IAAMA,EAAML,EAC7B,MAAM,IAAIpB,GAAc,eAC5B,IAAI0B,EAAS,EACb,IAAK,IAAI1vB,EAAIyvB,EAAKzvB,EAAI,EAAGA,IACrB0vB,GAAUD,EAAM1J,EAAK7lB,EAAMkvB,EAAOpvB,GACtC,GAAI0vB,EACA,MAAM,IAAI1B,GAAc,eAC5BoB,GAAQK,GAGhB,MAAMnxB,EAAS,IAAIsB,WAAWwvB,GAO9B,OANIA,EAAO,GACP9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IAExCvyB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACEnwB,GCtMR,MAAMqxB,GACT9K,eAAe9d,EAAM8M,EAAKwa,GAAU,GAChC,OAAO,IAAIsB,GAAQ9b,EAAKwa,GAASuB,QAAQ7oB,GAE7C8d,eAAe9d,EAAM8M,EAAKwa,GAAU,GAChC,OAAO,IAAIsB,GAAQ9b,EAAKwa,GAASwB,QAAQ9oB,GAE7CpK,YAAYkX,EAAKwa,GAAU,EAAOyB,GAC9BjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,EAAWuwB,EAAS,OAE5DuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCb5B,SAASM,GAAI7xB,GACX,MAAM8xB,EAAI,SAASlc,GACjB,MAAMmc,EAAS,IAAIL,GAAQ9b,GAE3BhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOD,EAAOJ,QAAQK,IAGxBpzB,KAAKgzB,QAAU,SAASI,GACtB,OAAOD,EAAOH,QAAQI,KAO1B,OAHAF,EAAEG,UAAYH,EAAElyB,UAAUqyB,UAAY,GACtCH,EAAEI,QAAUJ,EAAElyB,UAAUsyB,QAAUlyB,EAAS,EAEpC8xB,CACT,CCAA,SAASK,GAAIC,EAAM7Z,EAASoZ,EAAS5E,EAAMoD,EAAIC,GAE7C,MAAMiC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI7wB,EACA4Z,EACAkX,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAdApnB,EAAI,EAeJ2C,EAAMwJ,EAAQvY,OAGlB,MAAMyzB,EAA6B,KAAhBrB,EAAKpyB,OAAgB,EAAI,EAE1CkzB,EADiB,IAAfO,EACQ9B,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFpZ,EAqQJ,SAAuBA,EAAS6X,GAC9B,MAAMsD,EAAY,EAAKnb,EAAQvY,OAAS,EAExC,IAAIwxB,EACJ,GAAgB,IAAZpB,GAAkBsD,EAAY,EAChClC,EAAM,QACD,GAAgB,IAAZpB,EACToB,EAAMkC,MACD,IAAKtD,KAAYsD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOnb,EAEP,MAAUvW,MAAM,wBAJhBwvB,EAAM,EAOR,MAAMmC,EAAgB,IAAIhyB,WAAW4W,EAAQvY,OAAS0zB,GACtD,IAAK,IAAI3xB,EAAI,EAAGA,EAAIwW,EAAQvY,OAAQ+B,IAClC4xB,EAAc5xB,GAAKwW,EAAQxW,GAE7B,IAAK,IAAI4Z,EAAI,EAAGA,EAAI+X,EAAW/X,IAC7BgY,EAAcpb,EAAQvY,OAAS2b,GAAK6V,EAGtC,OAAOmC,CACT,CA9RcC,CAAcrb,EAAS6X,GACjCrhB,EAAMwJ,EAAQvY,QAIhB,IAAIK,EAAS,IAAIsB,WAAWoN,GACxBkM,EAAI,EASR,IAPa,IAAT8R,IACFoG,EAAWhD,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,EAAK+jB,EAAG/jB,KAClEinB,EAAYlD,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,GAAO+jB,EAAG/jB,MAAQ,EAAK+jB,EAAG/jB,KACnEA,EAAI,GAICA,EAAI2C,GAAK,CAsCd,IArCAikB,EAAQza,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KACnF6mB,EAAS1a,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KAGvE,IAAT2gB,IACE4E,GACFqB,GAAQG,EACRF,GAASI,IAETD,EAAWD,EACXG,EAAYD,EACZF,EAAUH,EACVK,EAAWJ,IAKfJ,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BtX,EAAI,EAAGA,EAAI8X,EAAY9X,GAAK,EAAG,CAIlC,IAHA4X,EAAUL,EAAQvX,EAAI,GACtB6X,EAAUN,EAAQvX,EAAI,GAEjB5Z,EAAImxB,EAAQvX,GAAI5Z,IAAMwxB,EAASxxB,GAAKyxB,EACvCV,EAASG,EAAQb,EAAKrwB,GACtBgxB,GAAWE,IAAU,EAAMA,GAAS,IAAOb,EAAKrwB,EAAI,GAEpD8wB,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,EAIVG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGJ,IAAT9F,IACE4E,GACFwB,EAAUH,EACVK,EAAWJ,IAEXD,GAAQI,EACRH,GAASK,IAIbjzB,EAAO4a,KAAQ+X,IAAS,GACxB3yB,EAAO4a,KAAS+X,IAAS,GAAM,IAC/B3yB,EAAO4a,KAAS+X,IAAS,EAAK,IAC9B3yB,EAAO4a,KAAe,IAAP+X,EACf3yB,EAAO4a,KAAQgY,IAAU,GACzB5yB,EAAO4a,KAASgY,IAAU,GAAM,IAChC5yB,EAAO4a,KAASgY,IAAU,EAAK,IAC/B5yB,EAAO4a,KAAgB,IAARgY,EAQjB,OAJKtB,IACHtxB,EA4KJ,SAA0BkY,EAAS6X,GACjC,IACIoB,EADAkC,EAAY,KAEhB,GAAgB,IAAZtD,EACFoB,EAAM,QACD,GAAgB,IAAZpB,EACTsD,EAAYnb,EAAQA,EAAQvY,OAAS,OAChC,IAAKowB,EAGV,MAAUpuB,MAAM,wBAFhBwvB,EAAM,EAKR,IAAKkC,EAAW,CAEd,IADAA,EAAY,EACLnb,EAAQA,EAAQvY,OAAS0zB,KAAelC,GAC7CkC,IAEFA,IAGF,OAAOnb,EAAQtN,SAAS,EAAGsN,EAAQvY,OAAS0zB,EAC9C,CAlMaG,CAAiBxzB,EAAQ+vB,IAG7B/vB,CACT,CAOA,SAASyzB,GAAcle,GAErB,MAAMme,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa7d,EAAI5V,OAAS,EAAI,EAAI,EAElCoyB,EAAW3zB,MAAM,GAAKg1B,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAlC,EAFAzmB,EAAI,EACJhB,EAAI,EAGR,IAAK,IAAIuQ,EAAI,EAAGA,EAAI8X,EAAY9X,IAAK,CACnC,IAAIqX,EAAQpd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KACnE6mB,EAASrd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KAExEymB,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAI9wB,EAAI,EAAGA,EAAI8yB,GAAe9yB,IAE7B8yB,EAAO9yB,IACTixB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMV6B,EAAWf,EAAUf,IAAS,IAAMgB,EAAWhB,IAAS,GAAM,IAAOiB,EAAWjB,IAAS,GAAM,IAAOkB,EACpGlB,IAAS,GAAM,IAAOmB,EAAWnB,IAAS,GAAM,IAAOoB,EAAWpB,IAAS,EAAK,IAAOqB,EAAWrB,IAAS,EAC3G,IACF+B,EAAYT,EAAUrB,IAAU,IAAMsB,EAAWtB,IAAU,GAAM,IAAOuB,EAAWvB,IAAU,GAAM,IACjGwB,EAAYxB,IAAU,GAAM,IAAOyB,EAAYzB,IAAU,GAAM,IAAO0B,EAAY1B,IAAU,EAAK,IACjG2B,EAAY3B,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCkC,IAAc,GAAMD,GAC7B1C,EAAKhnB,KAAO0pB,EAAWjC,EACvBT,EAAKhnB,KAAO2pB,EAAalC,GAAQ,GAIrC,OAAOT,CACT,CAwDO,SAAS4C,GAAUpf,GACxBhX,KAAKgX,IAAM,GAEX,IAAK,IAAI7T,EAAI,EAAGA,EAAI,EAAGA,IACrBnD,KAAKgX,IAAInV,KAAK,IAAIkB,WAAWiU,EAAI3K,SAAa,EAAJlJ,EAAY,EAAJA,EAAS,KAG7DnD,KAAK+yB,QAAU,SAASK,GACtB,OAAOG,GACL2B,GAAcl1B,KAAKgX,IAAI,IACvBuc,GACE2B,GAAcl1B,KAAKgX,IAAI,IACvBuc,GACE2B,GAAcl1B,KAAKgX,IAAI,IACvBoc,GAAO,EAAM,EAAG,KAAM,OAExB,EAAO,EAAG,KAAM,OACf,EAAM,EAAG,KAAM,MAGxB,CCtbA,SAASiD,KACPr2B,KAAKs2B,UAAY,EACjBt2B,KAAKu2B,QAAU,GAEfv2B,KAAKw2B,OAAS,SAASxf,GAMrB,GALAhX,KAAKy2B,QAAc52B,MAAM,IACzBG,KAAK02B,OAAa72B,MAAM,IAExBG,KAAK2xB,QAED3a,EAAI5V,SAAWpB,KAAKu2B,QAGtB,MAAUnzB,MAAM,mCAElB,OAJEpD,KAAK22B,YAAY3f,IAIZ,GAGThX,KAAK2xB,MAAQ,WACX,IAAK,IAAIxuB,EAAI,EAAGA,EAAI,GAAIA,IACtBnD,KAAKy2B,QAAQtzB,GAAK,EAClBnD,KAAK02B,OAAOvzB,GAAK,GAIrBnD,KAAK42B,aAAe,WAClB,OAAO52B,KAAKs2B,WAGdt2B,KAAK+yB,QAAU,SAAS8D,GACtB,MAAMC,EAAUj3B,MAAMg3B,EAAIz1B,QAE1B,IAAK,IAAI+B,EAAI,EAAGA,EAAI0zB,EAAIz1B,OAAQ+B,GAAK,EAAG,CACtC,IAEIkb,EAFA0Y,EAAKF,EAAI1zB,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GACtE4K,EAAK8oB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GAG9Ekb,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJyY,EAAI3zB,GAAM4K,IAAM,GAAM,IACtB+oB,EAAI3zB,EAAI,GAAM4K,IAAM,GAAM,IAC1B+oB,EAAI3zB,EAAI,GAAM4K,IAAM,EAAK,IACzB+oB,EAAI3zB,EAAI,GAAS,IAAJ4K,EACb+oB,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,IAAM,EAAK,IACzBD,EAAI3zB,EAAI,GAAS,IAAJ4zB,EAGf,OAAOD,GAGT92B,KAAKgzB,QAAU,SAAS6D,GACtB,MAAMC,EAAUj3B,MAAMg3B,EAAIz1B,QAE1B,IAAK,IAAI+B,EAAI,EAAGA,EAAI0zB,EAAIz1B,OAAQ+B,GAAK,EAAG,CACtC,IAEIkb,EAFA0Y,EAAKF,EAAI1zB,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GACtE4K,EAAK8oB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,GAAO0zB,EAAI1zB,EAAI,IAAM,EAAK0zB,EAAI1zB,EAAI,GAG9Ekb,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,IAAKz2B,KAAK02B,OAAO,KAC5CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIG,EAAGnpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIE,EAAGlpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EACJA,EAAItQ,EACJA,EAAIgpB,EAAIC,EAAGjpB,EAAG/N,KAAKy2B,QAAQ,GAAIz2B,KAAK02B,OAAO,IAC3CK,EAAI1Y,EAEJyY,EAAI3zB,GAAM4K,IAAM,GAAM,IACtB+oB,EAAI3zB,EAAI,GAAM4K,IAAM,GAAM,IAC1B+oB,EAAI3zB,EAAI,GAAM4K,IAAM,EAAK,IACzB+oB,EAAI3zB,EAAI,GAAS,IAAJ4K,EACb+oB,EAAI3zB,EAAI,GAAM4zB,IAAM,GAAM,IAC1BD,EAAI3zB,EAAI,GAAM4zB,GAAK,GAAM,IACzBD,EAAI3zB,EAAI,GAAM4zB,GAAK,EAAK,IACxBD,EAAI3zB,EAAI,GAAS,IAAJ4zB,EAGf,OAAOD,GAET,MAAMK,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGlO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASJ,EAAGnO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASH,EAAGpO,EAAGtb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIsb,EACRuO,EAAKhZ,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASupB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,GA7FhGD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnCp3B,KAAK22B,YAAc,SAASY,GAC1B,MAAMlZ,aACAhC,EAAQxc,MAAM,IAEpB,IAAIkd,EAEJ,IAAK,IAAI5Z,EAAI,EAAGA,EAAI,EAAGA,IACrB4Z,EAAQ,EAAJ5Z,EACJkb,EAAElb,GAAMo0B,EAAIxa,IAAM,GAAOwa,EAAIxa,EAAI,IAAM,GAAOwa,EAAIxa,EAAI,IAAM,EAAKwa,EAAIxa,EAAI,GAG3E,MAAM7P,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIsqB,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK5a,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtO,EAAI0oB,EAAUQ,GAAO5a,GAC3Bya,EAAInZ,EAAE5P,EAAE,IAER+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAK,GAAIjZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD+oB,GAAKF,EAAKpqB,EAAE6P,IAAKsB,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D4P,EAAE5P,EAAE,IAAM+oB,EAGZ,IAAKza,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM1O,EAAI+oB,EAAUO,GAAO5a,GAC3Bya,EAAIF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,GAAIjZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDmpB,GAAKF,EAAK,EAAIva,GAAIsB,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7DgO,EAAEob,GAAMD,EACRC,KAKN,IAAK,IAAIt0B,EAAI,EAAGA,EAAI,GAAIA,IACtBnD,KAAKy2B,QAAQtzB,GAAKkZ,EAAElZ,GACpBnD,KAAK02B,OAAOvzB,GAAiB,GAAZkZ,EAAE,GAAKlZ,IAwB5B,MAAMm0B,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASM,GAAM5gB,GACbhX,KAAKyT,MAAQ,IAAI4iB,GACjBr2B,KAAKyT,MAAM+iB,OAAOxf,GAElBhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKyT,MAAMsf,QAAQK,GAE9B,CDpJAgD,GAAU9C,QAAU8C,GAAUp1B,UAAUsyB,QAAU,GAClD8C,GAAU/C,UAAY+C,GAAUp1B,UAAUqyB,UAAY,ECqJtDuE,GAAMvE,UAAYuE,GAAM52B,UAAUqyB,UAAY,EAC9CuE,GAAMtE,QAAUsE,GAAM52B,UAAUsyB,QAAU,GCpkB1C,MAAMuE,GAAS,WAEf,SAASC,GAAKN,EAAGhrB,GACf,OAAQgrB,GAAKhrB,EAAIgrB,IAAO,GAAKhrB,GAAMqrB,EACrC,CAEA,SAASE,GAAKtpB,EAAGtL,GACf,OAAOsL,EAAEtL,GAAKsL,EAAEtL,EAAI,IAAM,EAAIsL,EAAEtL,EAAI,IAAM,GAAKsL,EAAEtL,EAAI,IAAM,EAC7D,CAEA,SAAS60B,GAAKvpB,EAAGtL,EAAGq0B,GAClB/oB,EAAEwpB,OAAO90B,EAAG,EAAO,IAAJq0B,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASU,GAAKhrB,EAAGV,GACf,OAAQU,IAAW,EAAJV,EAAU,GAC3B,CAkSA,SAAS2rB,GAAGnhB,GACVhX,KAAKo4B,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMxrB,GACb,OAAOurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAG3F,SAASyrB,EAAMzrB,GACb,OAAOurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAAMurB,EAAK,GAAGP,GAAKhrB,EAAG,IAG3F,SAAS0rB,EAAQ7qB,EAAG8qB,GAClB,IAAIpqB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,GAAM8pB,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,GAAM8pB,GAC7DppB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,IAAO8pB,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIzqB,EAAI,IAAO8pB,GAGhE,SAASiB,EAAQ31B,EAAG01B,GAClB,IAAIpqB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,IAAO00B,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,IAAO00B,GAAQ,IAClEppB,EAAIiqB,EAAMG,EAAI,IACdxqB,EAAIsqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpqB,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,GAAM00B,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpqB,EAAI,EAAIJ,EAAImqB,EAAO,EAAIr1B,EAAI,GAAM00B,GAAQ,IAsDnE,MAAO,CACLvsB,KAAM,UACNytB,UAAW,GACXC,KAhQF,SAAiBhiB,GAEf,IAAI7T,EACAsL,EACAJ,EACAmO,EACAsM,EALJuP,EAAWrhB,EAMX,MAAMiiB,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DprB,EAAI,CACR,GACA,IAEIlB,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASusB,EAAM7sB,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,GAG1C,SAAS8sB,EAAM9sB,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,GAGrD,SAAS+sB,EAAOxH,EAAG/jB,GACjB,IAAIvL,EACAkb,EACA6b,EACJ,IAAK/2B,EAAI,EAAGA,EAAI,EAAGA,IACjBkb,EAAI3P,IAAM,GACVA,EAAMA,GAAK,EAAKmpB,GAAUpF,IAAM,GAChCA,EAAKA,GAAK,EAAKoF,GACfqC,EAAI7b,GAAK,EACD,IAAJA,IACF6b,GAAK,KAEPxrB,GAAK2P,EAAK6b,GAAK,GACfA,GAAK7b,IAAM,EACH,EAAJA,IACF6b,GAAK,KAEPxrB,GAAKwrB,GAAK,GAAKA,GAAK,EAEtB,OAAOxrB,EAGT,SAASyrB,EAAG3tB,EAAGU,GACb,MAAMuB,EAAIvB,GAAK,EACTmB,EAAQ,GAAJnB,EACJsP,EAAIid,EAAGjtB,GAAGiC,EAAIJ,GACdya,EAAI4Q,EAAGltB,GAAGqtB,EAAKxrB,GAAKyrB,EAAKrrB,IAC/B,OAAOmrB,EAAGptB,GAAGqtB,EAAK/Q,GAAKgR,EAAKtd,KAAO,EAAImd,EAAGntB,GAAGgQ,EAAIsM,GAGnD,SAASsR,EAAKltB,EAAG8J,GACf,IAAIvI,EAAIypB,GAAKhrB,EAAG,GACZmB,EAAI6pB,GAAKhrB,EAAG,GACZsP,EAAI0b,GAAKhrB,EAAG,GACZ4b,EAAIoP,GAAKhrB,EAAG,GAChB,OAAQksB,GACN,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,GAC3B8R,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,GAC3B8R,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGA,EAAE,GAAGD,GAAKypB,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnD3I,EAAIK,EAAE,GAAGA,EAAE,GAAGL,GAAK6pB,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnDwF,EAAI9N,EAAE,GAAGA,EAAE,GAAG8N,GAAK0b,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GACnD8R,EAAIpa,EAAE,GAAGA,EAAE,GAAGoa,GAAKoP,GAAKlhB,EAAI,GAAI,IAAMkhB,GAAKlhB,EAAI,GAAI,GAEvD,OAAOxJ,EAAE,GAAGiB,GAAKjB,EAAE,GAAGa,GAAKb,EAAE,GAAGgP,GAAKhP,EAAE,GAAGsb,GAK5C,IAFAuP,EAAWA,EAAS32B,MAAM,EAAG,IAC7ByB,EAAIk1B,EAASj3B,OACA,KAAN+B,GAAkB,KAANA,GAAkB,KAANA,GAC7Bk1B,EAASl1B,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAIk1B,EAASj3B,OAAQ+B,GAAK,EACpCg2B,EAAMh2B,GAAK,GAAK40B,GAAKM,EAAUl1B,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBuL,EAAE,GAAGvL,GAAKg3B,EAAG,EAAGh3B,GAChBuL,EAAE,GAAGvL,GAAKg3B,EAAG,EAAGh3B,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBm2B,EAAM5qB,EAAE,GAAGvL,GACXo2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ9rB,EAAE,GAAGrK,GAAKm2B,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnDhsB,EAAE,GAAGrK,GAAKo2B,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM5qB,EAAE,GAAGvL,GACXo2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ9rB,EAAE,GAAGrK,GAAKq2B,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD9rB,EAAE,GAAGrK,GAAKo2B,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM/3B,OAAS,EACjB+B,EAAI,EAAGA,EAAIi2B,EAAMj2B,IACpBsL,EAAI0qB,EAAMh2B,EAAIA,GACd81B,EAAM91B,GAAKsL,EACXJ,EAAI8qB,EAAMh2B,EAAIA,EAAI,GAClB+1B,EAAM/1B,GAAKkL,EACXgrB,EAAKD,EAAOj2B,EAAI,GAAK82B,EAAOxrB,EAAGJ,GAEjC,IAAKlL,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBsL,EAAI,SAAYtL,EAChBkL,EAAII,EAAI,SACRA,EAAI2rB,EAAK3rB,EAAGwqB,GACZ5qB,EAAIypB,GAAKsC,EAAK/rB,EAAG6qB,GAAQ,GACzBV,EAAOr1B,GAAMsL,EAAIJ,EAAKwpB,GACtBW,EAAOr1B,EAAI,GAAK20B,GAAKrpB,EAAI,EAAIJ,EAAG,GAElC,IAAKlL,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAsL,EAAIJ,EAAImO,EAAIsM,EAAI3lB,EACRi2B,GACN,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,GAC5BhrB,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,GAC5B7c,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH5qB,EAAIC,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,GAC5BhrB,EAAIK,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,GAC5B7c,EAAI9N,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIpa,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGD,GAAKypB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGL,GAAK6pB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAG8N,GAAK0b,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGt1B,GAAKqK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGoa,GAAKoP,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,MA0FzEr3B,MAvDF,WACEw2B,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,KAkDF1F,QA9CF,SAAoB7oB,EAAMqG,GACxB+nB,EAAYpuB,EACZquB,EAAahoB,EACb,MAAMsoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzb,EAAI,EAAGA,EAAI,EAAGA,IACrB6b,EAAQ7b,EAAG8b,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,GAgCPtF,QA7BF,SAAoB9oB,EAAMqG,GACxB+nB,EAAYpuB,EACZquB,EAAahoB,EACb,MAAMsoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzb,EAAI,EAAGA,GAAK,EAAGA,IACtB+b,EAAQ/b,EAAG8b,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,IAiBd8B,SAZF,WACE,OAAO/B,GAaX,CAKYgC,GACVt6B,KAAKo4B,GAAGY,KAAKn5B,MAAMuiB,KAAKpL,GAAM,GAE9BhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKo4B,GAAGrF,QAAQlzB,MAAMuiB,KAAKgR,GAAQ,GAE9C,CCxUA,SAASmH,MAqXT,SAASC,GAAGxjB,GACVhX,KAAKy6B,GAAK,IAAIF,GACdv6B,KAAKy6B,GAAGC,KAAK1jB,GAEbhX,KAAK+yB,QAAU,SAASK,GACtB,OAAOpzB,KAAKy6B,GAAGE,aAAavH,GAEhC,CDlDA+E,GAAG7E,QAAU6E,GAAGn3B,UAAUsyB,QAAU,GACpC6E,GAAG9E,UAAY8E,GAAGn3B,UAAUqyB,UAAY,GCrUxCkH,GAASv5B,UAAU45B,UAAY,EAK/BL,GAASv5B,UAAU65B,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,GAASv5B,UAAU85B,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,GAASv5B,UAAU+5B,GAAK,GASxBR,GAASv5B,UAAUg6B,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,WAEZ,OAAOA,CACT,EAKAV,GAASv5B,UAAUk6B,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAKn7B,KAAKw7B,OAAO,GAAGD,GAAMv7B,KAAKw7B,OAAO,GAAGF,GACzCH,GAAMn7B,KAAKw7B,OAAO,GAAGH,GACrBF,GAAMn7B,KAAKw7B,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,GAASv5B,UAAUy6B,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAK37B,KAAK+6B,KAAMY,EAAI,CAC/BC,GAAS57B,KAAK87B,OAAOH,GACrBE,EAAQ77B,KAAKk7B,GAAGU,GAASC,EAEzB,MAAMltB,EAAMitB,EACZA,EAAQC,EACRA,EAAQltB,EAGVitB,GAAS57B,KAAK87B,OAAO97B,KAAK+6B,GAAK,GAC/Bc,GAAS77B,KAAK87B,OAAO97B,KAAK+6B,GAAK,GAE/BW,EAAK,GAAK17B,KAAKg7B,OAAOa,GACtBH,EAAK,GAAK17B,KAAKg7B,OAAOY,EACxB,EAWArB,GAASv5B,UAAU25B,aAAe,SAASoB,GACzC,IAAIJ,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXM,EAAMh8B,KAAK46B,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAK37B,KAAK46B,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBK,EAAOJ,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBK,EAAOJ,EAAKK,GAG1Ch8B,KAAKy7B,cAAcC,GAEnB,MAAMtN,EAAM,GACZ,IAAKuN,EAAK,EAAGA,EAAK37B,KAAK46B,UAAY,IAAKe,EACtCvN,EAAIuN,EAAK,GAAOD,EAAK,KAAQ,GAAK,IAAa,IAC/CtN,EAAIuN,EAAKK,GAASN,EAAK,KAAQ,GAAK,IAAa,IAKnD,OAAOtN,CACT,EAMAmM,GAASv5B,UAAUi7B,cAAgB,SAASP,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK37B,KAAK+6B,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAAS57B,KAAK87B,OAAOH,GACrBE,EAAQ77B,KAAKk7B,GAAGU,GAASC,EAEzB,MAAMltB,EAAMitB,EACZA,EAAQC,EACRA,EAAQltB,EAGVitB,GAAS57B,KAAK87B,OAAO,GACrBD,GAAS77B,KAAK87B,OAAO,GAErBJ,EAAK,GAAK17B,KAAKg7B,OAAOa,GACtBH,EAAK,GAAK17B,KAAKg7B,OAAOY,EACxB,EAMArB,GAASv5B,UAAU05B,KAAO,SAAS1jB,GACjC,IAAI2kB,EACAtM,EAAK,EAGT,IADArvB,KAAK87B,OAAS,GACTH,EAAK,EAAGA,EAAK37B,KAAK+6B,GAAK,IAAKY,EAAI,CACnC,IAAIzxB,EAAO,EACX,IAAK,IAAIgyB,EAAK,EAAGA,EAAK,IAAKA,EACzBhyB,EAAQA,GAAQ,EAAgB,IAAV8M,EAAIqY,KACpBA,GAAMrY,EAAI5V,SACdiuB,EAAK,GAGTrvB,KAAK87B,OAAOH,GAAM37B,KAAK86B,OAAOa,GAAMzxB,EAItC,IADAlK,KAAKw7B,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADA37B,KAAKw7B,OAAOG,GAAM,GACbtM,EAAK,EAAGA,EAAK,MAAOA,EACvBrvB,KAAKw7B,OAAOG,GAAItM,GAAMrvB,KAAK66B,OAAOc,GAAItM,GAI1C,MAAMqM,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAK37B,KAAK+6B,GAAK,EAAGY,GAAM,EACnC37B,KAAKy7B,cAAcC,GACnB17B,KAAK87B,OAAOH,EAAK,GAAKD,EAAK,GAC3B17B,KAAK87B,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKtM,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BrvB,KAAKy7B,cAAcC,GACnB17B,KAAKw7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,GAC/B17B,KAAKw7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,EAGrC,EAYAlB,GAAGlH,QAAUkH,GAAGx5B,UAAUsyB,QAAU,GACpCkH,GAAGnH,UAAYmH,GAAGx5B,UAAUqyB,UAAY,ECvXjC,MAAM1f,GAASsf,GAAI,KASbrf,GAASqf,GAAI,KASbpf,GAASof,GAAI,KAEbM,GJqaN,SAAavc,GAClBhX,KAAKgX,IAAMA,EAEXhX,KAAK+yB,QAAU,SAASK,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAcl1B,KAAKgX,KACfoc,GAAO,EAAM,EAAG,KAAM5B,IAGzCxxB,KAAKgzB,QAAU,SAASI,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAcl1B,KAAKgX,KACfoc,GAAO,EAAO,EAAG,KAAM5B,GAE5C,mGIzayB4E,SAQJwB,WAQEO,YAQCqC,QAMJ,WAClB,MAAUp3B,MAAM,+CAClB,IChFW+4B,GAAW,SAAW/S,EAAQH,EAAS5kB,GAC9C,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EACrCC,EAAS,EAAGC,EAAS,EAGzB,IAAI7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EACrCC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAGzC,IAAIlS,EAAO,IAAItB,EAAOrmB,WAAWsB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAInvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGsM,EAAI,EAAGrkB,EAAI,EAAG+H,EAAI,EAAG6R,EAAI,EAC9Cwf,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACjCC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAE3FnzB,EAAI4b,EACJhc,EAAIic,EACJ9N,EAAI+N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EAGJ/d,EAAMwe,GAAOpuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMye,GAAOruB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM0e,GAAOtuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM2e,GAAOvuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM4e,GAAOxuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM6e,GAAOzuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM8e,GAAO1uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM+e,GAAO3uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMgf,GAAO5uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMif,GAAO7uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMkf,GAAQ9uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMmf,GAAQ/uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMof,GAAQhvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMqf,GAAQjvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMsf,GAAQlvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMuf,GAAQnvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC9ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOrxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwf,GAAQpvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOtxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyf,GAAQrvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOvxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0f,GAAQtvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOxxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2f,GAAQvvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIya,GAAM,WAAa,EAC7ErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOzxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4f,GAAQxvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO1xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6f,GAAQzvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO3xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8f,GAAQ1vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO5xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+f,GAAQ3vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKggB,GAAQ5vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKigB,GAAQ7vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO/xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkgB,GAAQ9vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOhyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmgB,GAAQ/vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOjyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKogB,GAAQhwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOlyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqgB,GAAQjwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOnyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKsgB,GAAQlwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIiyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOpyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKugB,GAAQnwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOryB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwgB,GAAQpwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOtyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKygB,GAAQrwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOvyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0gB,GAAQtwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOxyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2gB,GAAQvwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOzyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4gB,GAAQxwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO1yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6gB,GAAQzwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO3yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8gB,GAAQ1wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+gB,GAAQ3wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKghB,GAAQ5wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKihB,GAAQ7wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO/yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkhB,IAAQ9wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOhzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmhB,IAAQ/wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOjzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKohB,IAAQhxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOlzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqhB,IAAQjxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOnzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKshB,IAAQlxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIizB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOpzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuhB,IAAQnxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOrzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwhB,IAAQpxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOtzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyhB,IAAQrxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIozB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOvzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0hB,IAAQtxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOxzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2hB,IAAQvxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIszB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOzzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4hB,IAAQxxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO1zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6hB,IAAQzxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO3zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8hB,IAAQ1xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO5zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+hB,IAAQ3xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO7zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKgiB,IAAQ5xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO9zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKiiB,IAAQ7xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkiB,IAAQ9xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmiB,IAAQ/xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIya,EAAMtM,EAAIsM,GAAM,WAAa,EACtFrkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKoiB,IAAQhyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqiB,IAAQjyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsiB,IAAQlyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKuiB,IAAQnyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIk0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOr0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKwiB,IAAQpyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIm0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOt0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKyiB,IAAQryB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIo0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOv0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK0iB,IAAQtyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIq0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOx0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK2iB,IAAQvyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIs0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOz0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK4iB,IAAQxyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIu0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO10B,GAAK,EAAMA,IAAM,GACxB6R,EAAK6iB,IAAQzyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIw0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO30B,GAAK,EAAMA,IAAM,GACxB6R,EAAK8iB,IAAQ1yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIy0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO50B,GAAK,EAAMA,IAAM,GACxB6R,EAAK+iB,IAAQ3yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI00B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO70B,GAAK,EAAMA,IAAM,GACxB6R,EAAKgjB,IAAQ5yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI20B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO90B,GAAK,EAAMA,IAAM,GACxB6R,EAAKijB,IAAQ7yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI40B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKkjB,IAAQ9yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI60B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmjB,IAAQ/yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI80B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKojB,IAAQhzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqjB,IAAQjzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsjB,IAAQlzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKujB,IAAQnzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIsM,GAAK,WAAa,EACpErkB,EAAIqkB,EAAGA,EAAItM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAEpDgM,EAAOA,EAAK5b,EAAI,EAChB6b,EAAOA,EAAKjc,EAAI,EAChBkc,EAAOA,EAAK/N,EAAI,EAChBgO,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAIpB,SAASo9B,EAAatxB,GAClBA,EAASA,EAAO,EAEhBqa,EACIF,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC3Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,KAKrF,SAASuxB,EAAiB73B,GACtBA,EAASA,EAAO,EAEhBygB,EAAKzgB,EAAO,GAAKogB,IAAK,GACtBK,EAAKzgB,EAAO,GAAKogB,IAAK,GAAG,IACzBK,EAAKzgB,EAAO,GAAKogB,IAAK,EAAE,IACxBK,EAAKzgB,EAAO,GAAKogB,EAAG,IACpBK,EAAKzgB,EAAO,GAAKqgB,IAAK,GACtBI,EAAKzgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBI,EAAKzgB,EAAO,GAAKqgB,IAAK,EAAE,IACxBI,EAAKzgB,EAAO,GAAKqgB,EAAG,IACpBI,EAAKzgB,EAAO,GAAKsgB,IAAK,GACtBG,EAAKzgB,EAAO,GAAKsgB,IAAK,GAAG,IACzBG,EAAKzgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBG,EAAKzgB,EAAO,IAAMsgB,EAAG,IACrBG,EAAKzgB,EAAO,IAAMugB,IAAK,GACvBE,EAAKzgB,EAAO,IAAMugB,IAAK,GAAG,IAC1BE,EAAKzgB,EAAO,IAAMugB,IAAK,EAAE,IACzBE,EAAKzgB,EAAO,IAAMugB,EAAG,IACrBE,EAAKzgB,EAAO,IAAMmyB,IAAK,GACvB1R,EAAKzgB,EAAO,IAAMmyB,IAAK,GAAG,IAC1B1R,EAAKzgB,EAAO,IAAMmyB,IAAK,EAAE,IACzB1R,EAAKzgB,EAAO,IAAMmyB,EAAG,IAGzB,SAASzK,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLC,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAQC,GACxCN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACL9F,EAAS+F,EACT9F,EAAS+F,EAIb,SAAShgC,EAAUkO,EAAQnP,GACvBmP,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAEhB,IAAIkhC,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,OAASnP,EAAO,IAAM,GAAK,CACvBygC,EAAWtxB,GAEXA,EAAWA,EAAS,GAAK,EACzBnP,EAAWA,EAAS,GAAK,EAEzBkhC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASt4B,EAASuG,EAAQnP,EAAQ6I,GAC9BsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAIq4B,EAAS,EACTn/B,EAAI,EAER,GAAKoN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM7I,EAAO,IAAM,GAAK,CACpBkhC,EAASjgC,EAASkO,EAAQnP,GAAS,EACnC,IAAMkhC,EAAO,KAAO,EAChB,OAAQ,EAEZ/xB,EAAWA,EAAS+xB,EAAS,EAC7BlhC,EAAWA,EAASkhC,EAAS,EAGjCA,EAAWA,EAASlhC,EAAS,EAC7Bi7B,EAAWA,EAASj7B,EAAS,EAC7B,GAAKi7B,IAAS,EAAIj7B,IAAS,EAAIk7B,EAAUA,EAAS,EAAG,EAErD5R,EAAKna,EAAOnP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM+B,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,KACrB0+B,EAAWtxB,GAEXnP,EAAS,EAETspB,EAAKna,EAAO,GAAK,EAGrB,IAAMpN,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,EAErBunB,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,EAAE,IAC7B5R,EAAKna,EAAO,IAAM+rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,EAAE,IAC7B3R,EAAKna,EAAO,IAAM8rB,GAAQ,EAAE,IAC5BwF,EAAWtxB,GAEX,IAAMtG,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACLF,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACLP,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EAGLzK,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EAELC,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAcnzB,EAAQnP,EAAQ6I,GACnCsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAI05B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGtB,EAAS,EAErD,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBq4B,EAASt4B,EAAQuG,EAAQnP,GAAS,GAAI,EACtCuiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAElE,IAAM35B,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAMlB,SAASuB,EAAwBtzB,EAAQnP,EAAQgyB,EAAO0Q,EAAO75B,GAC3DsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChBgyB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd75B,EAASA,EAAO,EAEhB,IAAI83B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACrCwB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAEzC,GAAKrzB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBygB,EAAMna,EAAOnP,EAAQ,GAAOgyB,IAAQ,GACpC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,GAAG,IACvC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,EAAE,IACtC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,EAAM,IAGlCsQ,EAAanzB,EAASnP,EAAO,EAAG,GAAI,GAAI,EACxC2gC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAClE0H,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzC2F,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EAEV0H,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EAEL,IAAMl4B,EACF63B,EAAe73B,GAEnB,OAAO,EAGX,MAAO,CAEL0nB,MAAOA,EACP+I,KAAMA,EACNr4B,QAASA,EACT2H,OAAQA,EAGRu4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,EC/1BO,MAAME,GACTjkC,cACIE,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EAEfwhB,QACI,MAAMxI,IAAEA,GAAQnpB,KAAKyxB,cAKrB,OAJAzxB,KAAKyB,OAAS,KACdzB,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXgZ,EAAIwI,QACG3xB,KAEXqC,QAAQ6H,GACJ,GAAoB,OAAhBlK,KAAKyB,OACL,MAAM,IAAIuvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKyxB,cAC3B,IAAIrB,EAAOpwB,KAAKqD,IACZktB,EAAOvwB,KAAKmQ,IACZkgB,EAAO,EACPC,EAAOpmB,EAAK9I,OACZovB,EAAO,EACX,KAAOF,EAAO,GACVE,EAAOL,GAAYjH,EAAMkH,EAAOG,EAAMrmB,EAAMmmB,EAAMC,GAClDC,GAAQC,EACRH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI9mB,QAAQ+tB,EAAMG,GACzBH,GAAQI,EACRD,GAAQC,EACHD,IACDH,EAAO,GAIf,OAFApwB,KAAKqD,IAAM+sB,EACXpwB,KAAKmQ,IAAMogB,EACJvwB,KAEXgK,SACI,GAAoB,OAAhBhK,KAAKyB,OACL,MAAM,IAAIuvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKyxB,cAO3B,OANAtI,EAAInf,OAAOhK,KAAKqD,IAAKrD,KAAKmQ,IAAK,GAC/BnQ,KAAKyB,OAAS,IAAIsB,WAAW/C,KAAKgkC,WAClChkC,KAAKyB,OAAO+B,IAAI0lB,EAAK7c,SAAS,EAAGrM,KAAKgkC,YACtChkC,KAAKqD,IAAM,EACXrD,KAAKmQ,IAAM,EACXnQ,KAAK4xB,cACE5xB,MC9CR,MAEDoxB,GAAY,GACZC,GAAW,GACV,MAAM4S,WAAaF,GACtBjkC,cACIC,QACAC,KAAKkkC,KAAO,OACZlkC,KAAKmkC,WARmB,GASxBnkC,KAAKgkC,UARkB,GASvBhkC,KAAKyxB,cAETA,cAMI,YALkBxwB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOkI,GAAUM,OAASzB,KAC/BjwB,KAAKmpB,IAAMkI,GAASK,OAASyK,GAAS,CAAEp5B,YAA0B,KAAM/C,KAAKkpB,KAAK7kB,QAClFrE,KAAK2xB,SAEF,CAAEzI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf+mB,aAAa9d,GACT,OAAO,IAAI+5B,IAAO5hC,QAAQ6H,GAAMF,SAASvI,QAGjDwiC,GAAKC,KAAO,OACZD,GAAK7S,UAAY,GACjB6S,GAAK5S,SAAW,GAChB4S,GAAKG,aAAejI,GCnCb,MAED/K,GAAY,GACZC,GAAW,GACV,MAAMgT,WAAeN,GACxBjkC,cACIC,QACAC,KAAKkkC,KAAO,SACZlkC,KAAKmkC,WARqB,GAS1BnkC,KAAKgkC,UARoB,GASzBhkC,KAAKyxB,cAETA,cAMI,YALkBxwB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCnpB,KAAKkpB,KAAOkI,GAAUM,OAASzB,KAC/BjwB,KAAKmpB,IAAMkI,GAASK,OClBR,SAAWtI,EAAQH,EAAS5kB,GAChD,UAGA,IAAIgmB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAS,EAAGC,EAAS,EAGrB7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGgI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAG7Dpa,EAAO,IAAItB,EAAOrmB,WAAWsB,GAEjC,SAASumB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAInvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGsM,EAAI,EAAGrkB,EAAI,EAAGsgC,EAAI,EAAGC,EAAI,EAAGzoB,EAAI,EAEzD9N,EAAI4b,EACJhc,EAAIic,EACJ9N,EAAI+N,EACJzB,EAAI0B,EACJ/lB,EAAI23B,EACJ2I,EAAIT,EACJU,EAAIT,EACJhoB,EAAIioB,EAGJjoB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGu2B,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwoB,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGza,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGkO,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGu2B,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwoB,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGvgC,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGza,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H/gB,EAAMsgB,EAAKtgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGquB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGwgB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACtG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1Hh5B,EAAMu4B,EAAKv4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACtGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGy4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HnhB,EAAM0gB,EAAK1gB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HvvB,EAAM8uB,EAAK9uB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACtGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHpuB,EAAM2uB,EAAK3uB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGgvB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHvgB,EAAM8gB,EAAK9gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASugC,EAAIvgC,GAAKsgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAIvM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKrkB,EAAEsgC,IAAO,WAAa,EACtGvoB,EAAMA,EAAIwoB,EAAI,EACdA,EAAMA,GAAOzoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGghB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMvoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKsM,EAAErkB,IAAO,WAAa,EACvG4J,EAAMA,EAAI02B,EAAI,EACdA,EAAMA,GAAOC,EAAIzoB,EAAO9N,GAAKu2B,EAAIzoB,KAAWyoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIx4B,EAAM+4B,EAAM/4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASya,EAAIza,GAAKmO,EAAEsM,IAAO,WAAa,EACvGra,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOsgC,EAAIC,EAAOzoB,GAAKwoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMra,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIuM,EAAI,EACdA,EAAMA,GAAOrkB,EAAIsgC,EAAOC,GAAKvgC,EAAIsgC,KAAWtgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGi5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI3gB,EAAMkhB,EAAMlhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG22B,EAAMA,EAAIxoB,EAAI,EACdA,EAAMA,GAAOsM,EAAIrkB,EAAOsgC,GAAKjc,EAAIrkB,KAAWqkB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI/uB,EAAMsvB,EAAMtvB,GAAM22B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASv2B,EAAIu2B,GAAKzoB,EAAE9N,IAAO,WAAa,EACvGs2B,EAAMA,EAAI12B,EAAI,EACdA,EAAMA,GAAOmO,EAAIsM,EAAOrkB,GAAK+X,EAAIsM,KAAWtM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGohB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI5uB,EAAMmvB,EAAMnvB,GAAMs2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASxoB,EAAIwoB,GAAKC,EAAEzoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOsM,GAAKza,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAEhGgc,EAAOA,EAAK5b,EAAI,EAChB6b,EAAOA,EAAKjc,EAAI,EAChBkc,EAAOA,EAAK/N,EAAI,EAChBgO,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK33B,EAAI,EAChB6/B,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKjoB,EAAI,EAGpB,SAASslB,EAAatxB,GAClBA,EAASA,EAAO,EAEhBqa,EACIF,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,EAAIma,EAAKna,EAAO,GAC1Ema,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,IAAI,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC3Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,IAC7Ema,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,GAAKma,EAAKna,EAAO,KAAK,EAAIma,EAAKna,EAAO,KAKrF,SAASuxB,EAAiB73B,GACtBA,EAASA,EAAO,EAEhBygB,EAAKzgB,EAAO,GAAKogB,IAAK,GACtBK,EAAKzgB,EAAO,GAAKogB,IAAK,GAAG,IACzBK,EAAKzgB,EAAO,GAAKogB,IAAK,EAAE,IACxBK,EAAKzgB,EAAO,GAAKogB,EAAG,IACpBK,EAAKzgB,EAAO,GAAKqgB,IAAK,GACtBI,EAAKzgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBI,EAAKzgB,EAAO,GAAKqgB,IAAK,EAAE,IACxBI,EAAKzgB,EAAO,GAAKqgB,EAAG,IACpBI,EAAKzgB,EAAO,GAAKsgB,IAAK,GACtBG,EAAKzgB,EAAO,GAAKsgB,IAAK,GAAG,IACzBG,EAAKzgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBG,EAAKzgB,EAAO,IAAMsgB,EAAG,IACrBG,EAAKzgB,EAAO,IAAMugB,IAAK,GACvBE,EAAKzgB,EAAO,IAAMugB,IAAK,GAAG,IAC1BE,EAAKzgB,EAAO,IAAMugB,IAAK,EAAE,IACzBE,EAAKzgB,EAAO,IAAMugB,EAAG,IACrBE,EAAKzgB,EAAO,IAAMmyB,IAAK,GACvB1R,EAAKzgB,EAAO,IAAMmyB,IAAK,GAAG,IAC1B1R,EAAKzgB,EAAO,IAAMmyB,IAAK,EAAE,IACzB1R,EAAKzgB,EAAO,IAAMmyB,EAAG,IACrB1R,EAAKzgB,EAAO,IAAMq6B,IAAK,GACvB5Z,EAAKzgB,EAAO,IAAMq6B,IAAK,GAAG,IAC1B5Z,EAAKzgB,EAAO,IAAMq6B,IAAK,EAAE,IACzB5Z,EAAKzgB,EAAO,IAAMq6B,EAAG,IACrB5Z,EAAKzgB,EAAO,IAAMs6B,IAAK,GACvB7Z,EAAKzgB,EAAO,IAAMs6B,IAAK,GAAG,IAC1B7Z,EAAKzgB,EAAO,IAAMs6B,IAAK,EAAE,IACzB7Z,EAAKzgB,EAAO,IAAMs6B,EAAG,IACrB7Z,EAAKzgB,EAAO,IAAMu6B,IAAK,GACvB9Z,EAAKzgB,EAAO,IAAMu6B,IAAK,GAAG,IAC1B9Z,EAAKzgB,EAAO,IAAMu6B,IAAK,EAAE,IACzB9Z,EAAKzgB,EAAO,IAAMu6B,EAAG,IAGzB,SAAS7S,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLkI,EAAK,WACLC,EAAK,WACLC,EAAK,WACLnI,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAI8C,EAAIC,EAAIC,EAAI/C,EAAQC,GACpDN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR8C,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR/C,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EACL9I,EAAS+F,EACT9F,EAAS+F,EAIb,SAAShgC,EAAUkO,EAAQnP,GACvBmP,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAEhB,IAAIkhC,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,OAASnP,EAAO,IAAM,GAAK,CACvBygC,EAAWtxB,GAEXA,EAAWA,EAAS,GAAK,EACzBnP,EAAWA,EAAS,GAAK,EAEzBkhC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASt4B,EAASuG,EAAQnP,EAAQ6I,GAC9BsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAIq4B,EAAS,EACTn/B,EAAI,EAER,GAAKoN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAM7I,EAAO,IAAM,GAAK,CACpBkhC,EAASjgC,EAASkO,EAAQnP,GAAS,EACnC,IAAMkhC,EAAO,KAAO,EAChB,OAAQ,EAEZ/xB,EAAWA,EAAS+xB,EAAS,EAC7BlhC,EAAWA,EAASkhC,EAAS,EAGjCA,EAAWA,EAASlhC,EAAS,EAC7Bi7B,EAAWA,EAASj7B,EAAS,EAC7B,GAAKi7B,IAAS,EAAIj7B,IAAS,EAAIk7B,EAAWA,EAAS,EAAI,EAEvD5R,EAAKna,EAAOnP,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM+B,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,KAErB0+B,EAAWtxB,GAEXnP,EAAS,EAETspB,EAAKna,EAAO,GAAK,EAGrB,IAAMpN,EAAK/B,EAAO,EAAG,GAAI+B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1CunB,EAAKna,EAAOpN,GAAK,EAErBunB,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,GAAG,IAC9B5R,EAAKna,EAAO,IAAM+rB,IAAS,EAAE,IAC7B5R,EAAKna,EAAO,IAAM+rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,GAAG,IAC9B3R,EAAKna,EAAO,IAAM8rB,IAAS,EAAE,IAC7B3R,EAAKna,EAAO,IAAM8rB,GAAQ,EAAE,IAC5BwF,EAAWtxB,GAEX,IAAMtG,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACL+H,EAAKG,EACLF,EAAKG,EACLF,EAAKG,EACLtI,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACL0H,EAAKM,EACLL,EAAKM,EACLL,EAAKM,EACLzI,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EACLwI,EAAKN,EACLO,EAAKN,EACLO,EAAKN,EAGL7S,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EACLqI,EAAKH,EACLI,EAAKH,EACLI,EAAKH,EAELnI,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAcnzB,EAAQnP,EAAQ6I,GACnCsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChB6I,EAASA,EAAO,EAEhB,IAAI05B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DhD,EAAS,EAEb,GAAK/xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBq4B,EAASt4B,EAAQuG,EAAQnP,GAAS,GAAI,EACtCuiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAErE,IAAMr7B,EACF63B,EAAe73B,GAEnB,OAAOq4B,EAAO,EAMlB,SAASuB,EAAwBtzB,EAAQnP,EAAQgyB,EAAO0Q,EAAO75B,GAC3DsG,EAASA,EAAO,EAChBnP,EAASA,EAAO,EAChBgyB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd75B,EAASA,EAAO,EAEhB,IAAI83B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG8C,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DxB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAEjE,GAAK/0B,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBygB,EAAMna,EAAOnP,EAAQ,GAAOgyB,IAAQ,GACpC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,GAAG,IACvC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,IAAQ,EAAE,IACtC1I,EAAMna,EAAOnP,EAAO,EAAG,GAAKgyB,EAAM,IAGlCsQ,EAAanzB,EAASnP,EAAO,EAAG,GAAI,GAAI,EACxC2gC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAAI6I,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAC5GV,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEzC,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EACV6I,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EAEVV,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EAEL,IAAMl7B,EACF63B,EAAe73B,GAEnB,OAAO,EAGX,MAAO,CAEL0nB,MAAOA,EACP+I,KAAMA,EACNr4B,QAASA,EACT2H,OAAQA,EAGRu4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,CDtyByC0B,CAAW,CAAExiC,YAA0B,KAAM/C,KAAKkpB,KAAK7kB,QACpFrE,KAAK2xB,SAEF,CAAEzI,KAAMlpB,KAAKkpB,KAAMC,IAAKnpB,KAAKmpB,KAExCyI,mBACsB3wB,IAAdjB,KAAKkpB,WAAmCjoB,IAAbjB,KAAKmpB,MAChCiI,GAAUvvB,KAAK7B,KAAKkpB,MACpBmI,GAASxvB,KAAK7B,KAAKmpB,MAEvBnpB,KAAKkpB,UAAOjoB,EACZjB,KAAKmpB,SAAMloB,EAEf+mB,aAAa9d,GACT,OAAO,IAAIm6B,IAAShiC,QAAQ6H,GAAMF,SAASvI,QAGnD4iC,GAAOH,KAAO,SEnCd,OAAiBsB,GAEjB,SAASA,GAAOC,EAAKC,GACnB,IAAKD,EACH,MAAUriC,MAAMsiC,GAAO,mBAC3B,CAEAF,GAAOx2B,MAAQ,SAAqB+nB,EAAGhpB,EAAG23B,GACxC,GAAI3O,GAAKhpB,EACP,MAAU3K,MAAMsiC,GAAQ,qBAAuB3O,EAAI,OAAShpB,EAChE,qTCRE43B,UAF2B,mBAAlBx6B,OAAOy6B,OAEC,SAAkBC,EAAMC,GACvCD,EAAKE,OAASD,EACdD,EAAK7kC,UAAYmK,OAAOy6B,OAAOE,EAAU9kC,UAAW,CAClDlB,YAAa,CACXuB,MAAOwkC,EACPG,YAAY,EACZn9B,UAAU,EACVo9B,cAAc,MAMH,SAAkBJ,EAAMC,GACvCD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAASllC,UAAY8kC,EAAU9kC,UAC/B6kC,EAAK7kC,UAAY,IAAIklC,EACrBL,EAAK7kC,UAAUlB,YAAc+lC,yBCpBjC,IACE,IAAIrrB,EAAOhY,EACX,GAA6B,mBAAlBgY,EAAK2rB,SAAyB,KAAM,GAC/CR,UAAiBnrB,EAAK2rB,QACxB,CAAE,MAAO1hC,GACPkhC,UAAiBhiC,EACnB,KC+BA,OA9BA,SAAiB+hC,EAAKU,GACpB,GAAIvmC,MAAMW,QAAQklC,GAChB,OAAOA,EAAIhkC,QACb,IAAKgkC,EACH,MAAO,GACT,IAAIn2B,EAAM,GACV,GAAmB,iBAARm2B,EACT,GAAKU,GAUE,GAAY,QAARA,EAIT,KAHAV,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1B7gB,OAAS,GAAM,IACrBskC,EAAM,IAAMA,GACTviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAK,EAC/BoM,EAAI1N,KAAK2O,SAASk1B,EAAIviC,GAAKuiC,EAAIviC,EAAI,GAAI,UAdzC,IAAK,IAAIA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIqZ,EAAIkpB,EAAI9oB,WAAWzZ,GACnBkjC,EAAK7pB,GAAK,EACV8pB,EAAS,IAAJ9pB,EACL6pB,EACF92B,EAAI1N,KAAKwkC,EAAIC,GAEb/2B,EAAI1N,KAAKykC,QAUf,IAAKnjC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC1BoM,EAAIpM,GAAc,EAATuiC,EAAIviC,GAEjB,OAAOoM,CACT,EASA,OANA,SAAem2B,GAEb,IADA,IAAIn2B,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,GAAOg3B,GAAMb,EAAIviC,GAAGwJ,SAAS,KAC/B,OAAO4C,CACT,EAGA,SAASi3B,GAAMhP,GAKb,OAJWA,IAAM,GACLA,IAAM,EAAK,MACXA,GAAK,EAAK,UACN,IAAJA,IAAa,MACV,CACjB,CAaA,OAVA,SAAiBkO,EAAKr1B,GAEpB,IADA,IAAId,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIq0B,EAAIkO,EAAIviC,GACG,WAAXkN,IACFmnB,EAAIgP,GAAMhP,IACZjoB,GAAOk3B,GAAMjP,EAAE7qB,SAAS,KAE1B,OAAO4C,CACT,EAGA,SAASg3B,GAAMG,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EAENA,CACX,CAGA,SAASD,GAAMC,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EACU,IAAhBA,EAAKtlC,OACL,KAAOslC,EACS,IAAhBA,EAAKtlC,OACL,MAAQslC,EACQ,IAAhBA,EAAKtlC,OACL,OAASslC,EACO,IAAhBA,EAAKtlC,OACL,QAAUslC,EACM,IAAhBA,EAAKtlC,OACL,SAAWslC,EACK,IAAhBA,EAAKtlC,OACL,UAAYslC,EAEZA,CACX,CAiBA,OAdA,SAAgBhB,EAAK1hC,EAAO2H,EAAK0E,GAC/B,IAAIF,EAAMxE,EAAM3H,EAChBwhC,GAAOr1B,EAAM,GAAM,GAEnB,IADA,IAAIZ,EAAU1P,MAAMsQ,EAAM,GACjBhN,EAAI,EAAGkZ,EAAIrY,EAAOb,EAAIoM,EAAInO,OAAQ+B,IAAKkZ,GAAK,EAAG,CACtD,IAAImb,EAEFA,EADa,QAAXnnB,EACGq1B,EAAIrpB,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,EAAKqpB,EAAIrpB,EAAI,GAEjEqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,GAAOqpB,EAAIrpB,EAAI,IAAM,EAAKqpB,EAAIrpB,GACxE9M,EAAIpM,GAAKq0B,IAAM,EAEjB,OAAOjoB,CACT,EAqBA,OAlBA,SAAiBm2B,EAAKr1B,GAEpB,IADA,IAAId,EAAU1P,MAAmB,EAAb6lC,EAAItkC,QACf+B,EAAI,EAAGkZ,EAAI,EAAGlZ,EAAIuiC,EAAItkC,OAAQ+B,IAAKkZ,GAAK,EAAG,CAClD,IAAI7O,EAAIk4B,EAAIviC,GACG,QAAXkN,GACFd,EAAI8M,GAAK7O,IAAM,GACf+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,EAAI,GAAS,IAAJ7O,IAEb+B,EAAI8M,EAAI,GAAK7O,IAAM,GACnB+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,GAAS,IAAJ7O,GAGb,OAAO+B,CACT,EA2HA,iBAvPmB42B,6BAiDHK,oBAoBAD,SAoBAE,+BAsChB,SAAgBjP,EAAGnpB,GACjB,OAAQmpB,IAAMnpB,EAAMmpB,GAAM,GAAKnpB,CACjC,SAGA,SAAgBmpB,EAAGnpB,GACjB,OAAQmpB,GAAKnpB,EAAMmpB,IAAO,GAAKnpB,CACjC,QAGA,SAAeI,EAAGJ,GAChB,OAAQI,EAAIJ,IAAO,CACrB,UAGA,SAAiBI,EAAGJ,EAAGmO,GACrB,OAAQ/N,EAAIJ,EAAImO,IAAO,CACzB,UAGA,SAAiB/N,EAAGJ,EAAGmO,EAAGsM,GACxB,OAAQra,EAAIJ,EAAImO,EAAIsM,IAAO,CAC7B,UAGA,SAAiBra,EAAGJ,EAAGmO,EAAGsM,EAAGrkB,GAC3B,OAAQgK,EAAIJ,EAAImO,EAAIsM,EAAIrkB,IAAO,CACjC,QAGA,SAAe8c,EAAKle,EAAKsjC,EAAIC,GAC3B,IAAIC,EAAKtlB,EAAIle,GAGTijC,EAAMM,EAFDrlB,EAAIle,EAAM,KAEI,EACnBgjC,GAAMC,EAAKM,EAAK,EAAI,GAAKD,EAAKE,EAClCtlB,EAAIle,GAAOgjC,IAAO,EAClB9kB,EAAIle,EAAM,GAAKijC,CACjB,WAGA,SAAkBK,EAAIC,EAAIC,EAAIC,GAG5B,OAFUF,EAAKE,IAAQ,EACRF,EAAK,EAAI,GAAKD,EAAKE,IACpB,CAChB,WAGA,SAAkBF,EAAIC,EAAIC,EAAIC,GAE5B,OADSF,EAAKE,IACA,CAChB,aAGA,SAAoBH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC9C,IAAIC,EAAQ,EACRb,EAAKM,EAST,OAPAO,IADAb,EAAMA,EAAKQ,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAb,EAAMA,EAAKU,IAAQ,GACLA,EAAK,EAAI,EAIdL,EAAKE,EAAKE,EAAKE,GAFxBE,IADAb,EAAMA,EAAKY,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAE9C,OADSN,EAAKE,EAAKE,EAAKE,IACV,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GACtD,IAAIF,EAAQ,EACRb,EAAKM,EAWT,OATAO,IADAb,EAAMA,EAAKQ,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAb,EAAMA,EAAKU,IAAQ,GACLA,EAAK,EAAI,EAEvBG,IADAb,EAAMA,EAAKY,IAAQ,GACLA,EAAK,EAAI,EAIdP,EAAKE,EAAKE,EAAKE,EAAKG,GAF7BD,IADAb,EAAMA,EAAKe,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBV,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GAGtD,OAFST,EAAKE,EAAKE,EAAKE,EAAKG,IAEf,CAChB,YAGA,SAAmBV,EAAIC,EAAIU,GAEzB,OADSV,GAAO,GAAKU,EAASX,IAAOW,KACxB,CACf,YAGA,SAAmBX,EAAIC,EAAIU,GAEzB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,WAGA,SAAkBX,EAAIC,EAAIU,GACxB,OAAOX,IAAOW,CAChB,WAGA,SAAkBX,EAAIC,EAAIU,GAExB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,GCtPA,SAASC,KACPvnC,KAAKwnC,QAAU,KACfxnC,KAAKynC,aAAe,EACpBznC,KAAKqzB,UAAYrzB,KAAKF,YAAYuzB,UAClCrzB,KAAK0nC,QAAU1nC,KAAKF,YAAY4nC,QAChC1nC,KAAK2nC,aAAe3nC,KAAKF,YAAY6nC,aACrC3nC,KAAK80B,UAAY90B,KAAKF,YAAYg1B,UAAY,EAC9C90B,KAAKqQ,OAAS,MAEdrQ,KAAK4nC,QAAU5nC,KAAKqzB,UAAY,EAChCrzB,KAAK6nC,SAAW7nC,KAAKqzB,UAAY,EACnC,CACA,OAAoBkU,GAEpBA,GAAUvmC,UAAU8mC,OAAS,SAAgBpC,EAAKU,GAUhD,GARAV,EAAMqC,GAAMC,QAAQtC,EAAKU,GACpBpmC,KAAKwnC,QAGRxnC,KAAKwnC,QAAUxnC,KAAKwnC,QAAQ5gC,OAAO8+B,GAFnC1lC,KAAKwnC,QAAU9B,EAGjB1lC,KAAKynC,cAAgB/B,EAAItkC,OAGrBpB,KAAKwnC,QAAQpmC,QAAUpB,KAAK4nC,QAAS,CAIvC,IAAI75B,GAHJ23B,EAAM1lC,KAAKwnC,SAGCpmC,OAASpB,KAAK4nC,QAC1B5nC,KAAKwnC,QAAU9B,EAAIhkC,MAAMgkC,EAAItkC,OAAS2M,EAAG23B,EAAItkC,QACjB,IAAxBpB,KAAKwnC,QAAQpmC,SACfpB,KAAKwnC,QAAU,MAEjB9B,EAAMqC,GAAME,OAAOvC,EAAK,EAAGA,EAAItkC,OAAS2M,EAAG/N,KAAKqQ,QAChD,IAAK,IAAIlN,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAKnD,KAAK6nC,SACxC7nC,KAAKkoC,QAAQxC,EAAKviC,EAAGA,EAAInD,KAAK6nC,UAGlC,OAAO7nC,IACT,EAEAunC,GAAUvmC,UAAUmnC,OAAS,SAAgB/B,GAI3C,OAHApmC,KAAK8nC,OAAO9nC,KAAKooC,QACjB5C,GAAwB,OAAjBxlC,KAAKwnC,SAELxnC,KAAKqoC,QAAQjC,EACtB,EAEAmB,GAAUvmC,UAAUonC,KAAO,WACzB,IAAIj4B,EAAMnQ,KAAKynC,aACXngC,EAAQtH,KAAK4nC,QACbvrB,EAAI/U,GAAU6I,EAAMnQ,KAAK80B,WAAaxtB,EACtCiI,EAAU1P,MAAMwc,EAAIrc,KAAK80B,WAC7BvlB,EAAI,GAAK,IACT,IAAK,IAAIpM,EAAI,EAAGA,EAAIkZ,EAAGlZ,IACrBoM,EAAIpM,GAAK,EAIX,GADAgN,IAAQ,EACY,QAAhBnQ,KAAKqQ,OAAkB,CACzB,IAAK,IAAIgO,EAAI,EAAGA,EAAIre,KAAK80B,UAAWzW,IAClC9O,EAAIpM,KAAO,EAEboM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,EAAK,IACzBZ,EAAIpM,KAAa,IAANgN,OAWX,IATAZ,EAAIpM,KAAa,IAANgN,EACXZ,EAAIpM,KAAQgN,IAAQ,EAAK,IACzBZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAQgN,IAAQ,GAAM,IAC1BZ,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EACXoM,EAAIpM,KAAO,EAENkb,EAAI,EAAGA,EAAIre,KAAK80B,UAAWzW,IAC9B9O,EAAIpM,KAAO,EAGf,OAAOoM,CACT,wBCxFI+4B,GAASP,GAAMO,OAUnB,OARA,SAAcrqB,EAAG/Q,EAAGoB,EAAGi6B,GACrB,OAAU,IAANtqB,EACKuqB,GAAKt7B,EAAGoB,EAAGi6B,GACV,IAANtqB,GAAiB,IAANA,EACNwqB,GAAIv7B,EAAGoB,EAAGi6B,GACT,IAANtqB,EACKyqB,GAAMx7B,EAAGoB,EAAGi6B,QADrB,CAEF,EAGA,SAASC,GAAKt7B,EAAGoB,EAAGi6B,GAClB,OAAQr7B,EAAIoB,GAAQpB,EAAKq7B,CAC3B,CAGA,SAASG,GAAMx7B,EAAGoB,EAAGi6B,GACnB,OAAQr7B,EAAIoB,EAAMpB,EAAIq7B,EAAMj6B,EAAIi6B,CAClC,CAGA,SAASE,GAAIv7B,EAAGoB,EAAGi6B,GACjB,OAAOr7B,EAAIoB,EAAIi6B,CACjB,CAqBA,qBA9BeC,SAKCE,OAKFD,UAEd,SAAgBv7B,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,GAAKo7B,GAAOp7B,EAAG,IAAOA,IAAM,CAC/C,SAGA,SAAgBA,GACd,OAAOo7B,GAAOp7B,EAAG,IAAMo7B,GAAOp7B,EAAG,IAAOA,IAAM,EAChD,GCxCIy7B,GAAQZ,GAAMY,MACdC,GAAUb,GAAMa,QAChBC,GAAUd,GAAMc,QAChBL,GAAOM,GAAUN,KACjBE,GAAQI,GAAUJ,MAClBK,GAASD,GAAUC,OACnBC,GAASF,GAAUE,OACnBC,GAASH,GAAUG,OACnBC,GAASJ,GAAUI,OAEnB3B,GAAY4B,GAAO5B,UAEnB6B,GAAW,CACb,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,YAGtC,SAASC,KACP,KAAMrpC,gBAAgBqpC,IACpB,OAAO,IAAIA,GAEb9B,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,YAEtCvc,KAAKqc,EAAI+sB,GACTppC,KAAKspC,EAAQzpC,MAAM,GACrB,CACAkoC,GAAM5B,SAASkD,GAAQ9B,IACvB,OAAiB8B,GC9CjB,SAASE,KACP,KAAMvpC,gBAAgBupC,IACpB,OAAO,IAAIA,GAEbF,GAAOvoC,KAAKd,MACZA,KAAKuc,EAAI,CACP,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACxC,CDwCA8sB,GAAOhW,UAAY,IACnBgW,GAAO3B,QAAU,IACjB2B,GAAO1B,aAAe,IACtB0B,GAAOvU,UAAY,GAEnBuU,GAAOroC,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAG/C,IAFA,IAAIslC,EAAItpC,KAAKspC,EAEJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GACrB,KAAOA,EAAImmC,EAAEloC,OAAQ+B,IACnBmmC,EAAEnmC,GAAKylC,GAAQM,GAAOI,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,GAAI8lC,GAAOK,EAAEnmC,EAAI,KAAMmmC,EAAEnmC,EAAI,KAEtE,IAAIsL,EAAIzO,KAAKuc,EAAE,GACXlO,EAAIrO,KAAKuc,EAAE,GACXC,EAAIxc,KAAKuc,EAAE,GACXuM,EAAI9oB,KAAKuc,EAAE,GACX9X,EAAIzE,KAAKuc,EAAE,GACXwoB,EAAI/kC,KAAKuc,EAAE,GACXyoB,EAAIhlC,KAAKuc,EAAE,GACXA,EAAIvc,KAAKuc,EAAE,GAGf,IADAipB,GAAOxlC,KAAKqc,EAAEjb,SAAWkoC,EAAEloC,QACtB+B,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,IAAK,CAC7B,IAAIqmC,EAAKX,GAAQtsB,EAAGysB,GAAOvkC,GAAI+jC,GAAK/jC,EAAGsgC,EAAGC,GAAIhlC,KAAKqc,EAAElZ,GAAImmC,EAAEnmC,IACvDsmC,EAAKd,GAAMI,GAAOt6B,GAAIi6B,GAAMj6B,EAAGJ,EAAGmO,IACtCD,EAAIyoB,EACJA,EAAID,EACJA,EAAItgC,EACJA,EAAIkkC,GAAM7f,EAAG0gB,GACb1gB,EAAItM,EACJA,EAAInO,EACJA,EAAII,EACJA,EAAIk6B,GAAMa,EAAIC,GAGhBzpC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9N,GAC7BzO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIlO,GAC7BrO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIC,GAC7Bxc,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIuM,GAC7B9oB,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9X,GAC7BzE,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIwoB,GAC7B/kC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIyoB,GAC7BhlC,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIA,EAC/B,EAEA8sB,GAAOroC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,EC1FAwrB,GAAM5B,SAASoD,GAAQF,IACvB,OAAiBE,GAEjBA,GAAOlW,UAAY,IACnBkW,GAAO7B,QAAU,IACjB6B,GAAO5B,aAAe,IACtB4B,GAAOzU,UAAY,GAEnByU,GAAOvoC,UAAUqnC,QAAU,SAAgBjC,GAEzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAE7a,MAAM,EAAG,GAAI,OAElCqmC,GAAM4B,QAAQ3pC,KAAKuc,EAAE7a,MAAM,EAAG,GAAI,MAC7C,ECtBA,IAAIkoC,GAAY7B,GAAM6B,UAClBC,GAAY9B,GAAM8B,UAClBC,GAAW/B,GAAM+B,SACjBC,GAAWhC,GAAMgC,SACjBC,GAAQjC,GAAMiC,MACdC,GAAWlC,GAAMkC,SACjBC,GAAWnC,GAAMmC,SACjBC,GAAapC,GAAMoC,WACnBC,GAAarC,GAAMqC,WACnBC,GAAatC,GAAMsC,WACnBC,GAAavC,GAAMuC,WAEnB/C,GAAY4B,GAAO5B,UAEnBgD,GAAW,CACb,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,KACP,KAAMxqC,gBAAgBwqC,IACpB,OAAO,IAAIA,GAEbjD,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACdvc,KAAKqc,EAAIkuB,GACTvqC,KAAKspC,EAAQzpC,MAAM,IACrB,CACAkoC,GAAM5B,SAASqE,GAAQjD,IACvB,OAAiBiD,GAsIjB,SAASC,GAAQC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/B,IAAI/8B,EAAK28B,EAAKE,GAASF,EAAMI,EAG7B,OAFI/8B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASg9B,GAAQL,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACnC,IAAIj9B,EAAK48B,EAAKE,GAASF,EAAMK,EAG7B,OAFIj9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASk9B,GAASP,EAAIC,EAAIC,EAAIC,EAAIC,GAChC,IAAI/8B,EAAK28B,EAAKE,EAAOF,EAAKI,EAAOF,EAAKE,EAGtC,OAFI/8B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASm9B,GAASR,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACpC,IAAIj9B,EAAK48B,EAAKE,EAAOF,EAAKK,EAAOH,EAAKG,EAGtC,OAFIj9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASo9B,GAAUT,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAClBd,GAAUe,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASq9B,GAAUV,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAClBb,GAAUc,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASs9B,GAAUX,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASu9B,GAAUZ,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAK9B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASw9B,GAAUb,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,GAClBf,GAAUc,EAAIC,EAAI,GAClBb,GAASY,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASy9B,GAAUd,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,GAClBd,GAAUa,EAAIC,EAAI,GAClBZ,GAASW,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS09B,GAAUf,EAAIC,GACrB,IAII58B,EAJQ67B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,IAClBZ,GAASY,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS29B,GAAUhB,EAAIC,GACrB,IAII58B,EAJQ87B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,IAClBX,GAASW,EAAIC,EAAI,GAK7B,OAFI58B,EAAI,IACNA,GAAK,YACAA,CACT,CCnUA,SAAS49B,KACP,KAAM3rC,gBAAgB2rC,IACpB,OAAO,IAAIA,GAEbnB,GAAO1pC,KAAKd,MACZA,KAAKuc,EAAI,CACP,WAAY,WACZ,WAAY,UACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WAChB,CD+DAiuB,GAAOnX,UAAY,KACnBmX,GAAO9C,QAAU,IACjB8C,GAAO7C,aAAe,IACtB6C,GAAO1V,UAAY,IAEnB0V,GAAOxpC,UAAU4qC,cAAgB,SAAuBlG,EAAK1hC,GAI3D,IAHA,IAAIslC,EAAItpC,KAAKspC,EAGJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GACrB,KAAOA,EAAImmC,EAAEloC,OAAQ+B,GAAK,EAAG,CAC3B,IAAI0oC,EAAQJ,GAAUnC,EAAEnmC,EAAI,GAAImmC,EAAEnmC,EAAI,IAClC2oC,EAAQJ,GAAUpC,EAAEnmC,EAAI,GAAImmC,EAAEnmC,EAAI,IAClC4oC,EAAQzC,EAAEnmC,EAAI,IACd6oC,EAAQ1C,EAAEnmC,EAAI,IACd8oC,EAAQV,GAAUjC,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,KACnC+oC,EAAQV,GAAUlC,EAAEnmC,EAAI,IAAKmmC,EAAEnmC,EAAI,KACnCgpC,EAAQ7C,EAAEnmC,EAAI,IACdipC,EAAQ9C,EAAEnmC,EAAI,IAElBmmC,EAAEnmC,GAAKgnC,GACL0B,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GACT9C,EAAEnmC,EAAI,GAAKinC,GACTyB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GAEb,EAEA5B,GAAOxpC,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAC/ChE,KAAK4rC,cAAclG,EAAK1hC,GAExB,IAAIslC,EAAItpC,KAAKspC,EAET3C,EAAK3mC,KAAKuc,EAAE,GACZqqB,EAAK5mC,KAAKuc,EAAE,GACZsqB,EAAK7mC,KAAKuc,EAAE,GACZuqB,EAAK9mC,KAAKuc,EAAE,GACZwqB,EAAK/mC,KAAKuc,EAAE,GACZyqB,EAAKhnC,KAAKuc,EAAE,GACZ0qB,EAAKjnC,KAAKuc,EAAE,GACZ2qB,EAAKlnC,KAAKuc,EAAE,GACZ6qB,EAAKpnC,KAAKuc,EAAE,GACZ8qB,EAAKrnC,KAAKuc,EAAE,GACZ8vB,EAAKrsC,KAAKuc,EAAE,IACZ+vB,EAAKtsC,KAAKuc,EAAE,IACZgwB,EAAKvsC,KAAKuc,EAAE,IACZiwB,EAAKxsC,KAAKuc,EAAE,IACZkwB,EAAKzsC,KAAKuc,EAAE,IACZmwB,EAAK1sC,KAAKuc,EAAE,IAEhBipB,GAAOxlC,KAAKqc,EAAEjb,SAAWkoC,EAAEloC,QAC3B,IAAK,IAAI+B,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,GAAK,EAAG,CACpC,IAAI0oC,EAAQY,EACRX,EAAQY,EACRX,EAAQV,GAAUjE,EAAIC,GACtB2E,EAAQV,GAAUlE,EAAIC,GACtB4E,EAAQxB,GAAQrD,EAAIC,EAAIgF,EAAIC,EAAIC,GAChCL,EAAQnB,GAAQ3D,EAAIC,EAAIgF,EAAIC,EAAIC,EAAIC,GACpCL,EAAQnsC,KAAKqc,EAAElZ,GACfipC,EAAQpsC,KAAKqc,EAAElZ,EAAI,GACnBwpC,EAAQrD,EAAEnmC,GACVypC,EAAQtD,EAAEnmC,EAAI,GAEd0pC,EAAQxC,GACVwB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GACLE,EAAQxC,GACVuB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GAETf,EAAQV,GAAUxE,EAAIC,GACtBkF,EAAQV,GAAUzE,EAAIC,GACtBmF,EAAQd,GAAStE,EAAIC,EAAIC,EAAIC,EAAIC,GACjCiF,EAAQd,GAASvE,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAErC,IAAI+F,EAAQ9C,GAAS4B,EAAOC,EAAOC,EAAOC,GACtCgB,EAAQ9C,GAAS2B,EAAOC,EAAOC,EAAOC,GAE1CS,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKjF,EACLkF,EAAKjF,EAELD,EAAK6C,GAAShD,EAAIC,EAAI2F,EAAOC,GAC7BzF,EAAK6C,GAAShD,EAAIA,EAAI2F,EAAOC,GAE7B7F,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKsD,GAAS4C,EAAOC,EAAOC,EAAOC,GACnCpG,EAAKsD,GAAS2C,EAAOC,EAAOC,EAAOC,GAGrChD,GAAMhqC,KAAKuc,EAAG,EAAGoqB,EAAIC,GACrBoD,GAAMhqC,KAAKuc,EAAG,EAAGsqB,EAAIC,GACrBkD,GAAMhqC,KAAKuc,EAAG,EAAGwqB,EAAIC,GACrBgD,GAAMhqC,KAAKuc,EAAG,EAAG0qB,EAAIC,GACrB8C,GAAMhqC,KAAKuc,EAAG,EAAG6qB,EAAIC,GACrB2C,GAAMhqC,KAAKuc,EAAG,GAAI8vB,EAAIC,GACtBtC,GAAMhqC,KAAKuc,EAAG,GAAIgwB,EAAIC,GACtBxC,GAAMhqC,KAAKuc,EAAG,GAAIkwB,EAAIC,EACxB,EAEAlC,GAAOxpC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,EChMAwrB,GAAM5B,SAASwF,GAAQnB,IACvB,OAAiBmB,GAEjBA,GAAOtY,UAAY,KACnBsY,GAAOjE,QAAU,IACjBiE,GAAOhE,aAAe,IACtBgE,GAAO7W,UAAY,IAEnB6W,GAAO3qC,UAAUqnC,QAAU,SAAgBjC,GACzC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAE7a,MAAM,EAAG,IAAK,OAEnCqmC,GAAM4B,QAAQ3pC,KAAKuc,EAAE7a,MAAM,EAAG,IAAK,MAC9C,EC7BA,IAAIurC,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACduE,GAAUnF,GAAMmF,QAChBtE,GAAUb,GAAMa,QAChBrB,GAAY4B,GAAO5B,UAEvB,SAAS4F,KACP,KAAMntC,gBAAgBmtC,IACpB,OAAO,IAAIA,GAEb5F,GAAUzmC,KAAKd,MAEfA,KAAKuc,EAAI,CAAE,WAAY,WAAY,WAAY,UAAY,YAC3Dvc,KAAKqQ,OAAS,QAChB,CACA03B,GAAM5B,SAASgH,GAAW5F,IAC1B,OAAoB4F,GAuDpB,SAASpI,GAAEhoB,EAAG7P,EAAGoB,EAAGi6B,GAClB,OAAIxrB,GAAK,GACA7P,EAAIoB,EAAIi6B,EACRxrB,GAAK,GACJ7P,EAAIoB,GAAQpB,EAAKq7B,EAClBxrB,GAAK,IACJ7P,GAAMoB,GAAMi6B,EACbxrB,GAAK,GACJ7P,EAAIq7B,EAAMj6B,GAAMi6B,EAEjBr7B,GAAKoB,GAAMi6B,EACtB,CAEA,SAAS6E,GAAErwB,GACT,OAAIA,GAAK,GACA,EACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,UACX,CAEA,SAASswB,GAAGtwB,GACV,OAAIA,GAAK,GACA,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,CACX,CA1FAowB,GAAU9Z,UAAY,IACtB8Z,GAAUzF,QAAU,IACpByF,GAAUxF,aAAe,IACzBwF,GAAUrY,UAAY,GAEtBqY,GAAUnsC,UAAUknC,QAAU,SAAgBxC,EAAK1hC,GAWjD,IAVA,IAAIspC,EAAIttC,KAAKuc,EAAE,GACXgxB,EAAIvtC,KAAKuc,EAAE,GACX2W,EAAIlzB,KAAKuc,EAAE,GACXixB,EAAIxtC,KAAKuc,EAAE,GACXkxB,EAAIztC,KAAKuc,EAAE,GACXmxB,EAAKJ,EACLK,EAAKJ,EACLK,EAAK1a,EACL2a,EAAKL,EACLM,EAAKL,EACA1wB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAC3B,IAAIgxB,EAAIpF,GACNsE,GACErE,GAAQ0E,EAAGvI,GAAEhoB,EAAGwwB,EAAGra,EAAGsa,GAAI9H,EAAI33B,GAAEgP,GAAK/Y,GAAQopC,GAAErwB,IAC/CkB,GAAElB,IACJ0wB,GACFH,EAAIG,EACJA,EAAID,EACJA,EAAIP,GAAO/Z,EAAG,IACdA,EAAIqa,EACJA,EAAIQ,EACJA,EAAIpF,GACFsE,GACErE,GAAQ8E,EAAI3I,GAAE,GAAKhoB,EAAG4wB,EAAIC,EAAIC,GAAKnI,EAAIsI,GAAGjxB,GAAK/Y,GAAQqpC,GAAGtwB,IAC1DkxB,GAAGlxB,IACL+wB,GACFJ,EAAKI,EACLA,EAAKD,EACLA,EAAKZ,GAAOW,EAAI,IAChBA,EAAKD,EACLA,EAAKI,EAEPA,EAAIb,GAAQltC,KAAKuc,EAAE,GAAI2W,EAAG2a,GAC1B7tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIixB,EAAGM,GAClC9tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIkxB,EAAGC,GAClC1tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAI+wB,EAAGK,GAClC3tC,KAAKuc,EAAE,GAAK2wB,GAAQltC,KAAKuc,EAAE,GAAIgxB,EAAGK,GAClC5tC,KAAKuc,EAAE,GAAKwxB,CACd,EAEAZ,GAAUnsC,UAAUqnC,QAAU,SAAgBjC,GAC5C,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,UAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,SACjC,EAyCA,IAAIxO,GAAI,CACN,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,IAGhDigC,GAAK,CACP,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAClD,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAClD,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,IAGhD/vB,GAAI,CACN,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EACrD,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GACpD,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GACpD,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,GAGnDgwB,GAAK,CACP,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EACrD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GACpD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,EACrD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EACrD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,sBC1HtD,SAASC,GAAShhC,EAAGmP,GACnB,IAAI5N,EAAIvB,EAAE,GACNmB,EAAInB,EAAE,GACNsP,EAAItP,EAAE,GACN4b,EAAI5b,EAAE,GAEVuB,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,YAC5ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,OAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,YAC7ByM,EAAIqlB,GAAGrlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAI2xB,GAAG3xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,GAAI,YAE9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,EAAG,UAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,WAC/BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,WAC5ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,GAAI,YAC9BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,GAAI,YAC7B5N,EAAI2/B,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,GAAI,YAC9ByM,EAAIslB,GAAGtlB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,UAC7BG,EAAI4xB,GAAG5xB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,YAC7BhO,EAAI+/B,GAAG//B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAE/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,QAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,YAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,UAC/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,YAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,WAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,GAAI,UAC7B5N,EAAIg+B,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI2jB,GAAG3jB,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,WAC/BG,EAAIiwB,GAAGjwB,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAIo+B,GAAGp+B,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAE9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,IAAK,EAAG,YAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,SAC/BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,EAAG,YAC5ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,IAAK,GAAI,YAC9B5N,EAAIktB,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAGzM,EAAE,GAAI,GAAI,WAC7ByM,EAAI6S,GAAG7S,EAAGra,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,YAC/BG,EAAImf,GAAGnf,EAAGsM,EAAGra,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAIstB,GAAGttB,EAAGmO,EAAGsM,EAAGra,EAAG4N,EAAE,GAAI,IAAK,WAE9BnP,EAAE,GAAKmhC,GAAM5/B,EAAGvB,EAAE,IAClBA,EAAE,GAAKmhC,GAAMhgC,EAAGnB,EAAE,IAClBA,EAAE,GAAKmhC,GAAM7xB,EAAGtP,EAAE,IAClBA,EAAE,GAAKmhC,GAAMvlB,EAAG5b,EAAE,GACpB,CAEA,SAASohC,GAAI5/B,EAAGD,EAAGJ,EAAGnB,EAAG+Q,EAAGI,GAE1B,OADA5P,EAAI4/B,GAAMA,GAAM5/B,EAAGC,GAAI2/B,GAAMnhC,EAAGmR,IACzBgwB,GAAO5/B,GAAKwP,EAAMxP,IAAO,GAAKwP,EAAK5P,EAC5C,CAEA,SAAS8/B,GAAG1/B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAKjgC,EAAImO,GAAQnO,EAAKya,EAAIra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAAS+vB,GAAG3/B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAKjgC,EAAIya,EAAMtM,GAAMsM,EAAKra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAASouB,GAAGh+B,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAIjgC,EAAImO,EAAIsM,EAAGra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACpC,CAEA,SAASsd,GAAGltB,EAAGJ,EAAGmO,EAAGsM,EAAG5b,EAAG+Q,EAAGI,GAC5B,OAAOiwB,GAAI9xB,GAAKnO,GAAMya,GAAKra,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACzC,CAyCA,SAASkwB,GAAOtwB,GACd,MAAMuwB,EAAU,GAChB,IAAIrrC,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBqrC,EAAQrrC,GAAK,GAAK8a,EAAErB,WAAWzZ,IAAM8a,EAAErB,WAAWzZ,EAAI,IAAM,IAAM8a,EAAErB,WAAWzZ,EAAI,IAAM,KAAO8a,EAAErB,WAAWzZ,EAAI,IAC/G,IAEJ,OAAOqrC,CACT,CAEA,MAAMC,GAAU,mBAAmBruB,MAAM,IAEzC,SAASsuB,GAAKliC,GACZ,IAAIyR,EAAI,GACJlB,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZkB,GAAKwwB,GAASjiC,GAAU,EAAJuQ,EAAQ,EAAM,IAAQ0xB,GAASjiC,GAAU,EAAJuQ,EAAU,IAErE,OAAOkB,CACT,CAeA,SAASowB,GAAM5/B,EAAGJ,GAChB,OAAQI,EAAIJ,EAAK,UACnB,CClLA,MAAMsgC,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClB4vB,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAAS30B,GAChB,GAAKw0B,IAAeC,GAAiBhtB,SAASzH,GAG9C,OAAOjZ,eAAgB+I,GACrB,MAAM8kC,EAASJ,GAAWK,WAAW70B,GACrC,OAAOuC,EAAiBzS,GAAM7I,IAC5B2tC,EAAOlH,OAAOzmC,EAAM,IACnB,IAAM,IAAI0B,WAAWisC,EAAO7G,YAEnC,CAEA,SAAS+G,GAAW96B,EAAM+6B,GACxB,OAAOhuC,eAAe+I,EAAM4a,EAASsB,IAInC,GAHIgB,EAAqBld,KACvBA,QAAa8c,EAAiB9c,KAE3BsQ,GAAK9X,SAASwH,IAASykC,IAAaQ,GAAiBjlC,EAAK9I,QAAU0jB,EAAOpB,qBAC9E,OAAO,IAAI3gB,iBAAiB4rC,GAAUxG,OAAOgH,EAAejlC,IAE9D,MAAMklC,EAAeh7B,IACrB,OAAOuI,EAAiBzS,GAAM7I,IAC5B+tC,EAAatH,OAAOzmC,EAAM,IACzB,IAAM,IAAI0B,WAAWqsC,EAAajH,YAEzC,CAEA,SAASkH,GAAcj7B,EAAM+6B,GAC3B,OAAOhuC,eAAe+I,EAAM4a,EAASsB,IAInC,GAHIgB,EAAqBld,KACvBA,QAAa8c,EAAiB9c,IAE5BsQ,GAAK9X,SAASwH,GAAO,CACvB,MAAMklC,EAAe,IAAIh7B,EACzB,OAAOuI,EAAiBzS,GAAM7I,IAC5B+tC,EAAa/sC,QAAQhB,EAAM,IAC1B,IAAM+tC,EAAaplC,SAASvI,SAC1B,OAAIktC,IAAaQ,GAAiBjlC,EAAK9I,QAAU0jB,EAAOpB,qBACtD,IAAI3gB,iBAAiB4rC,GAAUxG,OAAOgH,EAAejlC,IAErDkK,EAAK9M,MAAM4C,GAGxB,CAEA,MAAMolC,GAAgB,CACpBj7B,IAAK06B,GAAS,QDrDhB5tC,eAAmBouC,GACjB,MAAMpH,EAyGR,SAAclqB,GACZ,MAAMzR,EAAIyR,EAAE7c,OACNouC,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIrsC,EACJ,IAAKA,EAAI,GAAIA,GAAK8a,EAAE7c,OAAQ+B,GAAK,GAC/B+qC,GAASsB,EAAOjB,GAAOtwB,EAAEwxB,UAAUtsC,EAAI,GAAIA,KAE7C8a,EAAIA,EAAEwxB,UAAUtsC,EAAI,IACpB,MAAMusC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKvsC,EAAI,EAAGA,EAAI8a,EAAE7c,OAAQ+B,IACxBusC,EAAKvsC,GAAK,IAAM8a,EAAErB,WAAWzZ,KAAQA,EAAI,GAAM,GAGjD,GADAusC,EAAKvsC,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADA+qC,GAASsB,EAAOE,GACXvsC,EAAI,EAAGA,EAAI,GAAIA,IAClBusC,EAAKvsC,GAAK,EAKd,OAFAusC,EAAK,IAAU,EAAJljC,EACX0hC,GAASsB,EAAOE,GACTF,CACT,CA/HiBG,CAAKn1B,GAAKqC,mBAAmB0yB,IAC5C,OAAO/0B,GAAK4B,gBAoKd,SAAalP,GACX,IAAK,IAAI/J,EAAI,EAAGA,EAAI+J,EAAE9L,OAAQ+B,IAC5B+J,EAAE/J,GAAKurC,GAAKxhC,EAAE/J,IAEhB,OAAO+J,EAAE1L,KAAK,GAChB,CAzK8BiL,CAAI07B,GAClC,ECmDE7zB,KAAMy6B,GAAS,SAAWM,GAAcpL,GAAM,SAC9CtvB,OAAQo6B,GAAS,WAAaG,GAAWv6B,IACzCH,OAAQu6B,GAAS,WAAaM,GAAchL,GAAQ,WACpD5vB,OAAQs6B,GAAS,WAAaG,GAAWz6B,GAAQ,WACjDC,OAAQq6B,GAAS,WAAaG,GAAWx6B,GAAQ,WACjDH,OAAQw6B,GAAS,cAAgBG,GAAWU,KAG9C,OAAe,CAGbv7B,IAAKi7B,GAAcj7B,IAEnBC,KAAMg7B,GAAch7B,KAEpBK,OAAQ26B,GAAc36B,OAEtBH,OAAQ86B,GAAc96B,OAEtBC,OAAQ66B,GAAc76B,OAEtBC,OAAQ46B,GAAc56B,OAEtBH,OAAQ+6B,GAAc/6B,OAQtB4zB,OAAQ,SAAS0H,EAAM3lC,GACrB,OAAQ2lC,GACN,KAAKzuB,GAAMhN,KAAKC,IACd,OAAOrU,KAAKqU,IAAInK,GAClB,KAAKkX,GAAMhN,KAAKE,KACd,OAAOtU,KAAKsU,KAAKpK,GACnB,KAAKkX,GAAMhN,KAAKG,OACd,OAAOvU,KAAKuU,OAAOrK,GACrB,KAAKkX,GAAMhN,KAAKI,OACd,OAAOxU,KAAKwU,OAAOtK,GACrB,KAAKkX,GAAMhN,KAAKK,OACd,OAAOzU,KAAKyU,OAAOvK,GACrB,KAAKkX,GAAMhN,KAAKM,OACd,OAAO1U,KAAK0U,OAAOxK,GACrB,KAAKkX,GAAMhN,KAAKO,OACd,OAAO3U,KAAK2U,OAAOzK,GACrB,QACE,MAAU9G,MAAM,4BAStB0sC,kBAAmB,SAASD,GAC1B,OAAQA,GACN,KAAKzuB,GAAMhN,KAAKC,IACd,OAAO,GACT,KAAK+M,GAAMhN,KAAKE,KAChB,KAAK8M,GAAMhN,KAAKG,OACd,OAAO,GACT,KAAK6M,GAAMhN,KAAKI,OACd,OAAO,GACT,KAAK4M,GAAMhN,KAAKK,OACd,OAAO,GACT,KAAK2M,GAAMhN,KAAKM,OACd,OAAO,GACT,KAAK0M,GAAMhN,KAAKO,OACd,OAAO,GACT,QACE,MAAUvR,MAAM,8BC9IjB,MAAM2sC,GACT/nB,eAAe9d,EAAM8M,EAAKua,GACtB,OAAO,IAAIwe,GAAQ/4B,EAAKua,GAAIwB,QAAQ7oB,GAExC8d,eAAe9d,EAAM8M,EAAKua,GACtB,OAAO,IAAIwe,GAAQ/4B,EAAKua,GAAIyB,QAAQ9oB,GAExCpK,YAAYkX,EAAKua,EAAI0B,GACjBjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,EAAKua,GAAI,EAAM,cACvCvxB,KAAKizB,IAAIzB,QAEpBuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCXb,SAASqd,GAAUH,GAChC,MAAMI,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,OAAO3hB,GAAO+hB,EAChB,CCkBA,MAAMtB,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAElBixB,GAAatB,GAAaA,GAAWuB,aAAe,GACpDC,GAAY,CAChB78B,KAAM28B,GAAWruB,SAAS,YAAc,gBAAa5gB,EACrDuS,UAAW08B,GAAWruB,SAAS,gBAAkB,oBAAiB5gB,EAClEwS,MAAOy8B,GAAWruB,SAAS,aAAe,iBAAc5gB,EACxDyS,SAAUw8B,GAAWruB,SAAS,UAAY,cAAW5gB,EACrD0S,OAAQu8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,EAC7D2S,OAAQs8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,EAC7D4S,OAAQq8B,GAAWruB,SAAS,eAAiB,mBAAgB5gB,6DAaxDE,eAAuB0uC,EAAM74B,EAAK1D,EAAWie,EAAIzM,GACtD,MAAMmrB,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,GAAIr1B,GAAKyE,iBAAmBmxB,GAAUH,GACpC,OAiHJ,SAAqBJ,EAAM74B,EAAKq5B,EAAI9e,GAClC,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GACvCS,EAAY,IAAI1B,GAAW2B,eAAeH,GAAUH,GAAWj5B,EAAKua,GAC1E,OAAO5U,EAAiB0zB,GAAIhvC,GAAS,IAAI0B,WAAWutC,EAAUxI,OAAOzmC,KACvE,CArHWmvC,CAAYX,EAAM74B,EAAK1D,EAAWie,GAE3C,GAAI/W,GAAK0G,MAAM2uB,GACb,OAwEJ,SAAoBA,EAAM74B,EAAKq5B,EAAI9e,EAAIzM,GACrC,GACEtK,GAAKoE,gBACU,KAAf5H,EAAI5V,SACHoZ,GAAK9X,SAAS2tC,IACfA,EAAGjvC,QAAU,IAAO0jB,EAAOpB,qBAE3B,OAqBJviB,eAA0B0uC,EAAM74B,EAAKq5B,EAAI9e,GACvC,MAAMkf,EAAO,UACPC,QAAa/B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAMmlC,IAAQ,EAAO,CAAC,aACrEpd,UAAEA,GAAc2c,GAAUH,GAC1Be,EAASp2B,GAAKxX,iBAAiB,CAAC,IAAID,WAAWswB,GAAYgd,IAC3DQ,EAAK,IAAI9tC,iBAAiB4rC,GAAU5b,QAAQ,CAAEznB,KAAMmlC,EAAMlf,MAAMmf,EAAME,IAASvkC,SAAS,EAAGgkC,EAAGjvC,QAEpG,OAbF,SAAgBqN,EAAGJ,GACjB,IAAK,IAAIlL,EAAI,EAAGA,EAAIsL,EAAErN,OAAQ+B,IAC5BsL,EAAEtL,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAEpB,CAQE2tC,CAAOD,EAAIR,GACJQ,CACT,CA7BWE,CAAWlB,EAAM74B,EAAKq5B,EAAI9e,GAGnC,MAAMyf,EAAM,IAAIjB,GAAQ/4B,EAAKua,GAC7B,OAAO5U,EAAiB0zB,GAAIhvC,GAAS2vC,EAAI/d,IAAIhB,oBAAoB5wB,KAAQ,IAAM2vC,EAAI/d,IAAIZ,sBACzF,CApFW4e,CAAWpB,EAAM74B,EAAK1D,EAAWie,EAAIzM,GAG9C,MACMosB,EAAW,IADFlB,GAAUH,GACR,CAAW74B,GACtBm6B,EAAaD,EAAS7d,UAEtB+d,EAAS7f,EAAG7vB,QAClB,IAAI2uC,EAAK,IAAIttC,WACb,MAAMV,EAAUN,IACVA,IACFsuC,EAAK71B,GAAKxX,iBAAiB,CAACqtC,EAAItuC,KAElC,MAAMsvC,EAAa,IAAItuC,WAAWstC,EAAGjvC,QACrC,IAAI+B,EACA4Z,EAAI,EACR,KAAOhb,EAAQsuC,EAAGjvC,QAAU+vC,EAAad,EAAGjvC,QAAQ,CAClD,MAAMkwC,EAAWJ,EAASne,QAAQqe,GAClC,IAAKjuC,EAAI,EAAGA,EAAIguC,EAAYhuC,IAC1BiuC,EAAOjuC,GAAKktC,EAAGltC,GAAKmuC,EAASnuC,GAC7BkuC,EAAWt0B,KAAOq0B,EAAOjuC,GAE3BktC,EAAKA,EAAGhkC,SAAS8kC,GAEnB,OAAOE,EAAWhlC,SAAS,EAAG0Q,EAAE,EAElC,OAAOJ,EAAiBrJ,EAAWjR,EAASA,EAC9C,UAUOlB,eAAuB0uC,EAAM74B,EAAKq6B,EAAY9f,GACnD,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC7C,GAAIr1B,GAAKyE,iBAAmBmxB,GAAUH,GACpC,OA4EJ,SAAqBJ,EAAM74B,EAAK65B,EAAItf,GAClC,MAAM0e,EAAW7uB,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GACvC0B,EAAc,IAAI3C,GAAW4C,iBAAiBpB,GAAUH,GAAWj5B,EAAKua,GAC9E,OAAO5U,EAAiBk0B,GAAIxvC,GAAS,IAAI0B,WAAWwuC,EAAYzJ,OAAOzmC,KACzE,CAhFWowC,CAAY5B,EAAM74B,EAAKq6B,EAAY9f,GAE5C,GAAI/W,GAAK0G,MAAM2uB,GACb,OA2CJ,SAAoBA,EAAM74B,EAAK65B,EAAItf,GACjC,GAAI/W,GAAK9X,SAASmuC,GAAK,CACrB,MAAMG,EAAM,IAAIjB,GAAQ/4B,EAAKua,GAC7B,OAAO5U,EAAiBk0B,GAAIxvC,GAAS2vC,EAAI/d,IAAIP,oBAAoBrxB,KAAQ,IAAM2vC,EAAI/d,IAAIN,uBAEzF,OAAOod,GAAQ/c,QAAQ6d,EAAI75B,EAAKua,EAClC,CAjDWmgB,CAAW7B,EAAM74B,EAAKq6B,EAAY9f,GAG3C,MACM2f,EAAW,IADFlB,GAAUH,GACR,CAAW74B,GACtBm6B,EAAaD,EAAS7d,UAE5B,IAAIse,EAASpgB,EACTsf,EAAK,IAAI9tC,WACb,MAAMV,EAAUN,IACVA,IACF8uC,EAAKr2B,GAAKxX,iBAAiB,CAAC6tC,EAAI9uC,KAElC,MAAMuR,EAAY,IAAIvQ,WAAW8tC,EAAGzvC,QACpC,IAAI+B,EACA4Z,EAAI,EACR,KAAOhb,EAAQ8uC,EAAGzvC,QAAU+vC,EAAaN,EAAGzvC,QAAQ,CAClD,MAAMwwC,EAAWV,EAASne,QAAQ4e,GAElC,IADAA,EAASd,EAAGxkC,SAAS,EAAG8kC,GACnBhuC,EAAI,EAAGA,EAAIguC,EAAYhuC,IAC1BmQ,EAAUyJ,KAAO40B,EAAOxuC,GAAKyuC,EAASzuC,GAExC0tC,EAAKA,EAAGxkC,SAAS8kC,GAEnB,OAAO79B,EAAUjH,SAAS,EAAG0Q,EAAE,EAEjC,OAAOJ,EAAiB00B,EAAYhvC,EAASA,EAC/C,IC/HO,MAAMwvC,GACT7pB,eAAe9d,EAAM8M,EAAK86B,GACtB,OAAO,IAAID,GAAQ76B,EAAK86B,GAAO/e,QAAQ7oB,GAE3C8d,eAAe9d,EAAM8M,EAAK86B,GACtB,OAAO,IAAID,GAAQ76B,EAAK86B,GAAO/e,QAAQ7oB,GAE3CpK,YAAYkX,EAAK86B,EAAO7e,GACpBjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,GAAW,EAAO,cAC/CjB,KAAKizB,IAAIzB,QAChBxxB,KAAK+xC,oBAAoBD,GAE7B/e,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxB0f,oBAAoBD,EAAOE,EAAS5sC,GAChC,IAAI+jB,IAAEA,GAAQnpB,KAAKizB,IAAIxB,cACvB,QAAaxwB,IAATmE,EAAoB,CACpB,GAAIA,EAAO,GAAKA,EAAO,GACnB,MAAM,IAAI8rB,GAAqB,wBACnC,IAAI+gB,EAAOnmC,KAAKomC,IAAI,EAAG9sC,GAAQ,EAC/B+jB,EAAIkE,SAAS,EAAG,EAAI4kB,EAAO,WAAe,EAAU,EAAPA,QAG7C7sC,EAAO,GACP+jB,EAAIkE,SAAS,EAAG,EAAG,MAAQ,YAE/B,QAAcpsB,IAAV6wC,EASA,MAAU1uC,MAAM,qBATK,CACrB,IAAI+M,EAAM2hC,EAAM1wC,OAChB,IAAK+O,GAAOA,EAAM,GACd,MAAM,IAAI+gB,GAAqB,sBACnC,IAAIihB,EAAO,IAAI1sB,SAAS,IAAID,YAAY,KACxC,IAAIziB,WAAWovC,EAAK9tC,QAAQb,IAAIsuC,GAChC3oB,EAAI6D,UAAUmlB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,KAK1F,QAAgB9wB,IAAZ+wC,EAAuB,CACvB,GAAIA,EAAU,GAAKA,GAAWlmC,KAAKomC,IAAI,EAAG9sC,GACtC,MAAM,IAAI8rB,GAAqB,yBACnC/H,EAAIuE,YAAY,EAAG,EAAIskB,EAAU,WAAe,EAAa,EAAVA,KCjDxD,MAAMI,GACTpqB,eAAe9d,EAAM8M,EAAKwa,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQp7B,EAAKua,EAAIC,GAASuB,QAAQ7oB,GAEjD8d,eAAe9d,EAAM8M,EAAKwa,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQp7B,EAAKua,EAAIC,GAASwB,QAAQ9oB,GAEjDpK,YAAYkX,EAAKua,EAAIC,GAAU,EAAMyB,GACjCjzB,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,EAAKua,EAAIC,EAAS,OAErDuB,QAAQ7oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIhB,oBAAoB/nB,GAC7BlK,KAAKizB,IAAIZ,sBAGxBW,QAAQ9oB,GAGJ,OAAOumB,GAFIzwB,KAAKizB,IAAIP,oBAAoBxoB,GAC7BlK,KAAKizB,IAAIN,uBCT5B,MAAMgc,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAgBlBozB,GAAc,GAWpB,SAASC,GAAYpoC,EAAMsnB,GACzB,MAAMjhB,EAASrG,EAAK9I,OAASixC,GAC7B,IAAK,IAAIlvC,EAAI,EAAGA,EAAIkvC,GAAalvC,IAC/B+G,EAAK/G,EAAIoN,IAAWihB,EAAQruB,GAE9B,OAAO+G,CACT,CAeA,MAAMqoC,GAAY,IAAIxvC,WAAWsvC,IAElBlxC,eAAeqxC,GAAKx7B,GACjC,MAAMy7B,QAYRtxC,eAAmB6V,GACjB,GAAIwD,GAAKoE,gBAAiC,KAAf5H,EAAI5V,OAE7B,OADA4V,QAAY23B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAM,UAAWlK,OAAqB,EAAb4V,EAAI5V,SAAc,EAAO,CAAC,YAC1FD,eAAekvC,GACpB,MAAMQ,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAM,UAAWimB,GAAIghB,GAAWnxC,OAAsB,EAAdixC,IAAmBr7B,EAAKq5B,GACrG,OAAO,IAAIttC,WAAW8tC,GAAIxkC,SAAS,EAAGwkC,EAAGtsC,WAAa8tC,KAG1D,GAAI73B,GAAKyE,gBACP,OAAO9d,eAAekvC,GACpB,MACMQ,EADK,IAAIjC,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKu7B,IACpEzK,OAAOuI,GACrB,OAAO,IAAIttC,WAAW8tC,IAI1B,OAAO1vC,eAAekvC,GACpB,OAAO+B,GAAQrf,QAAQsd,EAAIr5B,GAAK,EAAOu7B,IAE3C,CA/BoB/iB,CAAIxY,GAGhBwa,EAAUhX,GAAK8D,aAAam0B,EAAIF,KAChCG,EAAWl4B,GAAK8D,OAAOkT,GAE7B,OAAOrwB,eAAe+I,GAEpB,aAAcuoC,EAxBlB,SAAavoC,EAAMsnB,EAASkhB,GAE1B,GAAIxoC,EAAK9I,QAAU8I,EAAK9I,OAASixC,IAAgB,EAE/C,OAAOC,GAAYpoC,EAAMsnB,GAG3B,MAAM7V,EAAS,IAAI5Y,WAAWmH,EAAK9I,QAAUixC,GAAenoC,EAAK9I,OAASixC,KAG1E,OAFA12B,EAAOnY,IAAI0G,GACXyR,EAAOzR,EAAK9I,QAAU,IACfkxC,GAAY32B,EAAQ+2B,EAC7B,CAasB9f,CAAI1oB,EAAMsnB,EAASkhB,KAAYrmC,UAAUgmC,IAE/D,CC3CA,MAAM1D,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBvb,GAAS8W,GAAK2E,gBAGdkzB,GAAc,GACdM,GAAWN,GACXO,GAAYP,GAEZviC,GAAO,IAAI/M,WAAWsvC,IACtBtiC,GAAM,IAAIhN,WAAWsvC,IAActiC,GAAIsiC,GAAc,GAAK,EAChE,MAAMQ,GAAM,IAAI9vC,WAAWsvC,IAE3BlxC,eAAe2xC,GAAK97B,GAClB,MAAM+7B,QAAaP,GAAKx7B,GACxB,OAAO,SAASqH,EAAG1E,GACjB,OAAOo5B,EAAKv4B,GAAKxX,iBAAiB,CAACqb,EAAG1E,KAE1C,CAEAxY,eAAewuB,GAAI3Y,GACjB,OACEwD,GAAKoE,gBACU,KAAf5H,EAAI5V,QAEJ4V,QAAY23B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAM,UAAWlK,OAAqB,EAAb4V,EAAI5V,SAAc,EAAO,CAAC,YAC1FD,eAAekvC,EAAI9e,GACxB,MAAMsf,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAM,UAAW0mC,QAASzgB,EAAInwB,OAAsB,EAAdixC,IAAmBr7B,EAAKq5B,GACnG,OAAO,IAAIttC,WAAW8tC,KAGtBr2B,GAAKyE,gBACA9d,eAAekvC,EAAI9e,GACxB,MAAMyhB,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKua,GAC5Esf,EAAKntC,GAAOkD,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,UAC5C,OAAO,IAAIlwC,WAAW8tC,IAInB1vC,eAAekvC,EAAI9e,GACxB,OAAOsgB,GAAQ9e,QAAQsd,EAAIr5B,EAAKua,GAEpC,CAQApwB,eAAe+xC,GAAIhlB,EAAQlX,GACzB,GAAIkX,IAAW9M,GAAM/N,UAAUM,QAC7Bua,IAAW9M,GAAM/N,UAAUO,QAC3Bsa,IAAW9M,GAAM/N,UAAUQ,OAC3B,MAAUzQ,MAAM,qCAGlB,MACE+vC,EACAC,SACQnzC,QAAQ+H,IAAI,CACpB8qC,GAAK97B,GACL2Y,GAAI3Y,KAGN,MAAO,CAQL+b,QAAS5xB,eAAemS,EAAWw+B,EAAOuB,GACxC,MACEC,EACAC,SACQtzC,QAAQ+H,IAAI,CACpBmrC,EAAKrjC,GAAMgiC,GACXqB,EAAKpjC,GAAKsjC,KAENG,QAAiBJ,EAAI9/B,EAAWggC,GAEhC5yB,QADqByyB,EAAKN,GAAKW,GAErC,IAAK,IAAIrwC,EAAI,EAAGA,EAAIyvC,GAAWzvC,IAC7Bud,EAAIvd,IAAMowC,EAAUpwC,GAAKmwC,EAAUnwC,GAErC,OAAOqX,GAAKxX,iBAAiB,CAACwwC,EAAU9yB,KAU1CsS,QAAS7xB,eAAekwC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAWjwC,OAASwxC,GAAW,MAAUxvC,MAAM,0BACnD,MAAMowC,EAAWnC,EAAWhlC,SAAS,GAAIumC,IACnCa,EAAQpC,EAAWhlC,UAAUumC,KAEjCU,EACAC,EACAG,SACQzzC,QAAQ+H,IAAI,CACpBmrC,EAAKrjC,GAAMgiC,GACXqB,EAAKpjC,GAAKsjC,GACVF,EAAKN,GAAKW,KAEN9yB,EAAMgzB,EACZ,IAAK,IAAIvwC,EAAI,EAAGA,EAAIyvC,GAAWzvC,IAC7Bud,EAAIvd,IAAMowC,EAAUpwC,GAAKmwC,EAAUnwC,GAErC,IAAKqX,GAAKqD,iBAAiB41B,EAAO/yB,GAAM,MAAUtd,MAAM,+BAExD,aADwBgwC,EAAII,EAAUF,IAI5C,CA5GyCT,GAAIR,GAAc,GAAK,EAoHhEa,GAAIS,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAoB,GAAIb,YAAcA,GAClBa,GAAIP,SAAWA,GACfO,GAAIN,UAAYA,GC3IhB,MAAMP,GAAc,GACdM,GAAW,GAMXC,GAAY,GAGlB,SAASiB,GAAIrnC,GACX,IAAIqnC,EAAM,EACV,IAAK,IAAI1wC,EAAI,EAAe,IAAXqJ,EAAIrJ,GAAUA,IAAM,EACnC0wC,IAEF,OAAOA,CACT,CAEA,SAAS/C,GAAOgD,EAAG/F,GACjB,IAAK,IAAI5qC,EAAI,EAAGA,EAAI2wC,EAAE1yC,OAAQ+B,IAC5B2wC,EAAE3wC,IAAM4qC,EAAE5qC,GAEZ,OAAO2wC,CACT,CAEA,SAASC,GAAID,EAAG/F,GACd,OAAO+C,GAAOgD,EAAEpyC,QAASqsC,EAC3B,CAEA,MAAMwE,GAAY,IAAIxvC,WAAWsvC,IAC3BtiC,GAAM,IAAIhN,WAAW,CAAC,IAO5B5B,eAAe6yC,GAAI9lB,EAAQlX,GAEzB,IACIi9B,EACAC,EACAjC,EAHAkC,EAAS,EA2Eb,SAASC,EAAM/pC,EAAIgM,EAAMy7B,EAAOuB,GAI9B,MAAM7lC,EAAI6I,EAAKjV,OAASixC,GAAc,GAxDxC,SAA4Bh8B,EAAMg9B,GAChC,MAAMgB,EAAY75B,GAAK2B,MAAMrQ,KAAKC,IAAIsK,EAAKjV,OAAQiyC,EAAMjyC,QAAUixC,GAAc,GAAK,EACtF,IAAK,IAAIlvC,EAAIgxC,EAAS,EAAGhxC,GAAKkxC,EAAWlxC,IACvC8uC,EAAK9uC,GAAKqX,GAAK8D,OAAO2zB,EAAK9uC,EAAI,IAEjCgxC,EAASE,EAwDTC,CAAmBj+B,EAAMg9B,GAOzB,MAAMkB,EAAc/5B,GAAKxX,iBAAiB,CAACuvC,GAAUlmC,SAAS,EAAGsmC,GAAWb,EAAM1wC,QAAS2O,GAAK+hC,IAE1F0C,EAAwC,GAA/BD,EAAYlC,GAAc,GAEzCkC,EAAYlC,GAAc,IAAM,IAChC,MAAMoC,EAAOR,EAASM,GAEhBG,EAAYl6B,GAAKxX,iBAAiB,CAACyxC,EAAMV,GAAIU,EAAKpoC,SAAS,EAAG,GAAIooC,EAAKpoC,SAAS,EAAG,MAEnFkE,EAASiK,GAAKiE,WAAWi2B,EAAUroC,SAAS,GAAKmoC,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAanoC,SAAS,GAE/G2Z,EAAW,IAAIjjB,WAAWsvC,IAE1BxB,EAAK,IAAI9tC,WAAWsT,EAAKjV,OAASwxC,IAKxC,IAAIzvC,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIqK,EAAGrK,IAEjB2tC,GAAOvgC,EAAQ0hC,EAAK4B,GAAI1wC,EAAI,KAG5B0tC,EAAGrtC,IAAIstC,GAAOzmC,EAAG0pC,GAAIxjC,EAAQ8F,IAAQ9F,GAASlN,GAE9CytC,GAAO9qB,EAAU3b,IAAO4pC,EAAW59B,EAAOw6B,EAAGxkC,SAAShJ,IAEtDgT,EAAOA,EAAKhK,SAASgmC,IACrBhvC,GAAOgvC,GAMT,GAAIh8B,EAAKjV,OAAQ,CAEf0vC,GAAOvgC,EAAQ0hC,EAAK/kC,GAEpB,MAAMskB,EAAUyiB,EAAS1jC,GAEzBsgC,EAAGrtC,IAAIuwC,GAAI19B,EAAMmb,GAAUnuB,GAG3B,MAAMsxC,EAAW,IAAI5xC,WAAWsvC,IAChCsC,EAASnxC,IAAI6G,IAAO4pC,EAAW59B,EAAOw6B,EAAGxkC,SAAShJ,GAAMuvC,IAAY,GACpE+B,EAASt+B,EAAKjV,QAAU,IACxB0vC,GAAO9qB,EAAU2uB,GACjBtxC,GAAOgT,EAAKjV,OAGd,MAAMsf,EAAMowB,GAAOmD,EAASnD,GAAOA,GAAO9qB,EAAUzV,GAAS0hC,EAAK2C,IAhHpE,SAAcvB,GACZ,IAAKA,EAAMjyC,OAET,OAAOmxC,GAMT,MAAM/kC,EAAI6lC,EAAMjyC,OAASixC,GAAc,EAEjC9hC,EAAS,IAAIxN,WAAWsvC,IACxBxhB,EAAM,IAAI9tB,WAAWsvC,IAC3B,IAAK,IAAIlvC,EAAI,EAAGA,EAAIqK,EAAGrK,IACrB2tC,GAAOvgC,EAAQ0hC,EAAK4B,GAAI1wC,EAAI,KAC5B2tC,GAAOjgB,EAAKojB,EAASF,GAAIxjC,EAAQ8iC,KACjCA,EAAQA,EAAMhnC,SAASgmC,IAMzB,GAAIgB,EAAMjyC,OAAQ,CAChB0vC,GAAOvgC,EAAQ0hC,EAAK/kC,GAEpB,MAAM2nC,EAAc,IAAI9xC,WAAWsvC,IACnCwC,EAAYrxC,IAAI6vC,EAAO,GACvBwB,EAAYxB,EAAMjyC,QAAU,IAC5B0vC,GAAO+D,EAAatkC,GAEpBugC,GAAOjgB,EAAKojB,EAASY,IAGvB,OAAOhkB,EA+EgEzc,CAAKi/B,IAO5E,OADAxC,EAAGrtC,IAAIkd,EAAKrd,GACLwtC,EAIT,OAnJA,SAA+B3iB,EAAQlX,GACrC,MAAM89B,EAAa1zB,GAAMlgB,KAAKkgB,GAAM/N,UAAW6a,GACzC+E,EAAM,IAAI8hB,GAAQD,GAAY99B,GACpCi9B,EAAWhhB,EAAIF,QAAQltB,KAAKotB,GAC5BihB,EAAWjhB,EAAID,QAAQntB,KAAKotB,GAE5B,MAAM+hB,EAASf,EAAS1B,IAClB0C,EAASz6B,GAAK8D,OAAO02B,GAC3B/C,EAAO,GACPA,EAAK,GAAKz3B,GAAK8D,OAAO22B,GAGtBhD,EAAK/kC,EAAI8nC,EACT/C,EAAK2C,EAAIK,EAfXC,CAAsBhnB,EAAQlX,GAqJvB,CAQL+b,QAAS5xB,eAAemS,EAAWw+B,EAAOuB,GACxC,OAAOe,EAAMH,EAAU3gC,EAAWw+B,EAAOuB,IAU3CrgB,QAAS7xB,eAAekwC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAWjwC,OAASwxC,GAAW,MAAUxvC,MAAM,0BAEnD,MAAMsd,EAAM2wB,EAAWhlC,UAAUumC,IACjCvB,EAAaA,EAAWhlC,SAAS,GAAIumC,IAErC,MAAMuC,EAAUf,EAAMF,EAAU7C,EAAYS,EAAOuB,GAEnD,GAAI74B,GAAKqD,iBAAiB6C,EAAKy0B,EAAQ9oC,UAAUumC,KAC/C,OAAOuC,EAAQ9oC,SAAS,GAAIumC,IAE9B,MAAUxvC,MAAM,gCAGtB,CAQA4wC,GAAIL,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAkC,GAAI3B,YAAcA,GAClB2B,GAAIrB,SAAWA,GACfqB,GAAIpB,UAAYA,GC3QhB,MAAMwC,GAA0B,YACzB,MAAMC,GACTv1C,YAAYkX,EAAK86B,EAAOuB,EAAOiC,EAAU,GAAIriB,GACzCjzB,KAAKs1C,QAAUA,EACft1C,KAAKu1C,OAAS,EACdv1C,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAMA,GAAY,IAAI3B,GAAIta,OAAK/V,GAAW,EAAO,OACtD,IAAIkoB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cAI7B,GAFAtI,EAAI8E,WAEAjuB,KAAKs1C,QAAU,GAAKt1C,KAAKs1C,QAAU,GACnC,MAAM,IAAIpkB,GAAqB,yBAEnC,MAAMskB,EAAW1D,EAAM1wC,QAAU,EAC3Bq0C,EAAW,IAAI1yC,WAAW,IACf,KAAbyyC,GACAx1C,KAAK01C,iBAAiB5D,GACtB5oB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,IAAM,EACXA,EAAK,IAAMssB,IAAa,GACxBtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,EAAK,IAC9BtsB,EAAK,IAAOssB,GAAY,EAAK,IAC7BrsB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIwD,OAAO,EAAG,EAAG,EAAG,GACpB8oB,EAASjyC,IAAI0lB,EAAK7c,SAAS,EAAG,OAG9BopC,EAASjyC,IAAIsuC,GACb2D,EAAS,IAAM,GAEnB,MAAME,EAAY,IAAIlwB,SAASgwB,EAASpxC,QAKxC,GAJArE,KAAKu1C,OAASI,EAAU5jB,UAAU,IAClC5I,EAAI6D,UAAU2oB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI,GACtF5I,EAAIkE,SAAS,EAAG,EAAG,EAAG,iBAERpsB,IAAVoyC,EAAqB,CACrB,GAAIA,EAAMjyC,OAASg0C,GACf,MAAM,IAAIlkB,GAAqB,wBAC/BmiB,EAAMjyC,QACNpB,KAAKqzC,MAAQA,EACbrzC,KAAK01C,iBAAiBrC,IAGtBrzC,KAAKqzC,WAAQpyC,OAIjBjB,KAAKqzC,WAAQpyC,EAGjB,GAAIjB,KAAKgyC,QAAU,GAAKhyC,KAAKgyC,QAAU,WACnC,MAAM,IAAI4D,WAAW,6CACzBzsB,EAAIuE,YAAY,EAAG,EAAG,EAAI1tB,KAAKu1C,OAASv1C,KAAKgyC,QAAW,GAE5DhqB,eAAe6tB,EAAW7+B,EAAK86B,EAAOuB,EAAOyC,GACzC,OAAO,IAAIT,GAAQr+B,EAAK86B,EAAOuB,EAAOyC,GAAS/iB,QAAQ8iB,GAE3D7tB,eAAeqpB,EAAYr6B,EAAK86B,EAAOuB,EAAOyC,GAC1C,OAAO,IAAIT,GAAQr+B,EAAK86B,EAAOuB,EAAOyC,GAAS9iB,QAAQqe,GAE3Dte,QAAQ7oB,GACJ,OAAOlK,KAAK+1C,gBAAgB7rC,GAEhC8oB,QAAQ9oB,GACJ,OAAOlK,KAAKg2C,gBAAgB9rC,GAEhC+rC,wBAAwB/rC,GACpB,IAAImmB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,GACtB+nB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACf3uC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfiiB,EAAO,EACPG,EAAQpiB,EAAMmgB,GAAS,GACvBE,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK7hC,EAAMmgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAMn0C,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,GAChDngB,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAY1sB,EAAK8M,GAC5DqgB,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKmtB,GACrDA,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACJA,EAAOrgB,GACP9M,GAAOmtB,EACPrgB,GAAOqgB,IAGPntB,EAAM,EACN8M,EAAM,GAMd,OAHAnQ,KAAKgyC,QAAUA,EACfhyC,KAAKizB,IAAI5vB,IAAMA,EACfrD,KAAKizB,IAAI9iB,IAAMA,EACR1O,EAEXy0C,yBACI,IAAI/sB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACfsD,EAAUt1C,KAAKs1C,QACfjC,EAAQrzC,KAAKqzC,MACbhwC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACnB,MAAM1O,EAAS,IAAIsB,WAAWoN,EAAMmlC,GACpCnsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAY1sB,EAAM8M,EAAM,IAAO,IAC/DA,GACA1O,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAM8M,IACxC,IAAIhN,EAAIgN,EACR,KAAW,GAAJhN,EAAQA,IACX+lB,EAAK7lB,EAAMF,GAAK,EACpBgmB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKF,GAClD,MAAMgzC,OAAiBl1C,IAAVoyC,EAAsBA,EAAMjyC,OAAS,EAC5Cg1C,GAASpE,EAAU,GAAM,GAAK7hC,EAuBpC,OAtBA+Y,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAG1tB,KAAKu1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/CtuB,EAAO+B,IAAI0lB,EAAK7c,SAAS,EAAGipC,GAAUnlC,GACtCnQ,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAI5vB,IAAM,EACfrD,KAAKizB,IAAI9iB,IAAM,EACR1O,EAEX40C,wBAAwBnsC,GACpB,IAAImmB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,GACtB+nB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBugB,EAAUhyC,KAAKgyC,QACfsD,EAAUt1C,KAAKs1C,QACfjyC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfiiB,EAAO,EACPG,EAAOpiB,EAAMmgB,EAAOglB,EAAWnlC,EAAMmgB,EAAOglB,GAAY,GAAK,EAC7DgB,EAAOnmC,EAAMmgB,EAAOiC,EACpB/B,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK7hC,EAAMmgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAMn0C,EAAS,IAAIsB,WAAWwvB,GAC9B,KAAOjC,EAAOgmB,GACV9lB,EAAOL,GAAYjH,EAAM7lB,EAAM8M,EAAKjG,EAAMmmB,EAAMC,EAAOgmB,GACvDnmC,GAAOqgB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKmtB,GACzDA,EAAOrH,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAY1sB,EAAKmtB,GACxDA,GACA/uB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMmtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACRntB,EAAM,EACN8M,EAAM,EAQV,OANImgB,EAAO,IACPngB,GAAOggB,GAAYjH,EAAM,EAAGhf,EAAMmmB,EAAMC,IAE5CtwB,KAAKgyC,QAAUA,EACfhyC,KAAKizB,IAAI5vB,IAAMA,EACfrD,KAAKizB,IAAI9iB,IAAMA,EACR1O,EAEX80C,yBACI,IAAIptB,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzB6jB,EAAUt1C,KAAKs1C,QACfjC,EAAQrzC,KAAKqzC,MACbrB,EAAUhyC,KAAKgyC,QACf3uC,EAAMrD,KAAKizB,IAAI5vB,IACf8M,EAAMnQ,KAAKizB,IAAI9iB,IACfoiB,EAAOpiB,EAAMmlC,EACjB,GAAInlC,EAAMmlC,EACN,MAAM,IAAItkB,GAAkB,gCAChC,MAAMvvB,EAAS,IAAIsB,WAAWwvB,GACxBikB,EAAO,IAAIzzC,WAAWmmB,EAAK7c,SAAShJ,EAAMkvB,EAAMlvB,EAAM8M,IAC5D,IAAIhN,EAAIovB,EACR,KAAW,GAAJpvB,EAAQA,IACX+lB,EAAK7lB,EAAMF,GAAK,EACpBgmB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAY1sB,EAAKF,GAClDgmB,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAY1sB,EAAKF,GACjDovB,GACA9wB,EAAO+B,IAAI0lB,EAAK7c,SAAShJ,EAAKA,EAAMkvB,IACxC,MAAM4jB,OAAiBl1C,IAAVoyC,EAAsBA,EAAMjyC,OAAS,EAC5Cg1C,GAASpE,EAAU,GAAM,GAAK7hC,EAAMmlC,EAC1CpsB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAG1tB,KAAKu1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/C,IAAI0mB,EAAS,EACb,IAAK,IAAItzC,EAAI,EAAGA,EAAImyC,IAAWnyC,EAC3BszC,GAAUD,EAAKrzC,GAAK+lB,EAAK/lB,GAC7B,GAAIszC,EACA,MAAM,IAAItlB,GAAc,+BAI5B,OAHAnxB,KAAKgyC,QAAU,EACfhyC,KAAKizB,IAAI5vB,IAAM,EACfrD,KAAKizB,IAAI9iB,IAAM,EACR1O,EAEXu0C,gBAAgB9rC,GACZ,MAAMC,EAAUnK,KAAKq2C,wBAAwBnsC,GACvCE,EAAUpK,KAAKu2C,yBACf90C,EAAS,IAAIsB,WAAWoH,EAAQ/I,OAASgJ,EAAQhJ,QAKvD,OAJI+I,EAAQ/I,QACRK,EAAO+B,IAAI2G,GACXC,EAAQhJ,QACRK,EAAO+B,IAAI4G,EAASD,EAAQ/I,QACzBK,EAEXs0C,gBAAgB7rC,GACZ,MAAMC,EAAUnK,KAAKi2C,wBAAwB/rC,GACvCE,EAAUpK,KAAKk2C,yBACfz0C,EAAS,IAAIsB,WAAWoH,EAAQ/I,OAASgJ,EAAQhJ,QAKvD,OAJI+I,EAAQ/I,QACRK,EAAO+B,IAAI2G,GACXC,EAAQhJ,QACRK,EAAO+B,IAAI4G,EAASD,EAAQ/I,QACzBK,EAEXi0C,iBAAiBxrC,GACb,IAAIif,IAAEA,EAAGD,KAAEA,GAASlpB,KAAKizB,IAAIxB,cACzBpB,EAAO,EACPC,EAAOpmB,EAAK9I,QAAU,EACtBovB,EAAO,EACX,KAAOF,EAAO,GAAG,CAIb,IAHAE,EAAOL,GAAYjH,EAAM,EAAGhf,EAAMmmB,EAAMC,GACxCD,GAAQG,EACRF,GAAQE,EACM,GAAPA,GACHtH,EAAKsH,KAAU,EACnBrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAWS,KC3PxD,MAAMme,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBvb,GAAS8W,GAAK2E,gBAIdyzB,GAAY,GACZnC,GAAO,UAObtvC,eAAe2uB,GAAI5B,EAAQlX,GACzB,GAAIkX,IAAW9M,GAAM/N,UAAUM,QAC7Bua,IAAW9M,GAAM/N,UAAUO,QAC3Bsa,IAAW9M,GAAM/N,UAAUQ,OAC3B,MAAUzQ,MAAM,qCAGlB,GAAIoX,GAAKyE,gBACP,MAAO,CACL8T,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,EAAQ,IAAItwC,YAC1C,MAAMiwC,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbv5B,EAAI5V,OAAc,OAAQ4V,EAAKua,GAClFyhB,EAAG0D,OAAOrD,GACV,MAAMxC,EAAKntC,GAAOkD,OAAO,CAACosC,EAAGlL,OAAOuI,GAAK2C,EAAGC,QAASD,EAAG2D,eACxD,OAAO,IAAI5zC,WAAW8tC,IAGxB7d,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,EAAQ,IAAItwC,YAC1C,MAAM6zC,EAAK,IAAIhI,GAAW4C,iBAAiB,OAAuB,EAAbx6B,EAAI5V,OAAc,OAAQ4V,EAAKua,GACpFqlB,EAAGF,OAAOrD,GACVuD,EAAGC,WAAWhG,EAAGnvC,MAAMmvC,EAAGzvC,OAASwxC,GAAW/B,EAAGzvC,SACjD,MAAMivC,EAAK3sC,GAAOkD,OAAO,CAACgwC,EAAG9O,OAAO+I,EAAGnvC,MAAM,EAAGmvC,EAAGzvC,OAASwxC,KAAagE,EAAG3D,UAC5E,OAAO,IAAIlwC,WAAWstC,KAK5B,GAAI71B,GAAKoE,gBAAiC,KAAf5H,EAAI5V,OAAe,CAC5C,MAAMsvC,QAAa/B,GAAUgC,UAAU,MAAO35B,EAAK,CAAE1L,KAAMmlC,KAAQ,EAAO,CAAC,UAAW,YAEtF,MAAO,CACL1d,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,EAAQ,IAAItwC,YAC1C,IAAKstC,EAAGjvC,OACN,OAAOi0C,GAAQtiB,QAAQsd,EAAIr5B,EAAKua,EAAI8hB,GAEtC,MAAMxC,QAAWlC,GAAU5b,QAAQ,CAAEznB,KAAMmlC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAML,GAC9G,OAAO,IAAIttC,WAAW8tC,IAGxB7d,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,EAAQ,IAAItwC,YAC1C,GAAI8tC,EAAGzvC,SAAWwxC,GAChB,OAAOyC,GAAQriB,QAAQ6d,EAAI75B,EAAKua,EAAI8hB,GAEtC,MAAMhD,QAAW1B,GAAU3b,QAAQ,CAAE1nB,KAAMmlC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAMG,GAC9G,OAAO,IAAI9tC,WAAWstC,KAK5B,MAAO,CACLtd,QAAS5xB,eAAekvC,EAAI9e,EAAI8hB,GAC9B,OAAOgC,GAAQtiB,QAAQsd,EAAIr5B,EAAKua,EAAI8hB,IAGtCrgB,QAAS7xB,eAAe0vC,EAAItf,EAAI8hB,GAC9B,OAAOgC,GAAQriB,QAAQ6d,EAAI75B,EAAKua,EAAI8hB,IAG1C,CAWAvjB,GAAI6jB,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAG7vB,QACjB,IAAK,IAAIyB,EAAI,EAAGA,EAAIywC,EAAWxyC,OAAQ+B,IACrC2uC,EAAM,EAAI3uC,IAAMywC,EAAWzwC,GAE7B,OAAO2uC,CACT,EAEAhiB,GAAIuiB,YAtFgB,GAuFpBviB,GAAI6iB,SAtFa,GAuFjB7iB,GAAI8iB,UAAYA,GC7GhB,OAAe,CAEb5B,IAAKA,GAEL+F,IAAKA,GACL/hC,gBAAiB+hC,GAEjBjiC,IAAKA,GAELC,IAAKA,wBClBP,SAAUiiC,GASV,IAAIC,EAAK,SAASvc,GAChB,IAAIv3B,EAAG4K,EAAI,IAAImpC,aAAa,IAC5B,GAAIxc,EAAM,IAAKv3B,EAAI,EAAGA,EAAIu3B,EAAKt5B,OAAQ+B,IAAK4K,EAAE5K,GAAKu3B,EAAKv3B,GACxD,OAAO4K,CACT,EAGIopC,EAAc,WAAuB,MAAU/zC,MAAM,YAErDg0C,EAAK,IAAIr0C,WAAW,IAAKq0C,EAAG,GAAK,EAErC,IAAIC,EAAMJ,IACNK,EAAML,EAAG,CAAC,IACVM,EAAUN,EAAG,CAAC,MAAQ,IACtBzJ,EAAIyJ,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIO,EAAKP,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIQ,EAAIR,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIS,EAAIT,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChI5f,EAAI4f,EAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAQpI,SAASU,EAAiBzqC,EAAG0qC,EAAItpC,EAAGupC,GAClC,OAPF,SAAY3qC,EAAG0qC,EAAItpC,EAAGupC,EAAIrrC,GACxB,IAAIrJ,EAAE2lB,EAAI,EACV,IAAK3lB,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK2lB,GAAK5b,EAAE0qC,EAAGz0C,GAAGmL,EAAEupC,EAAG10C,GAC1C,OAAQ,EAAM2lB,EAAI,IAAO,GAAM,CACjC,CAGSgvB,CAAG5qC,EAAE0qC,EAAGtpC,EAAEupC,EAAG,GACtB,CAEA,SAASE,EAAShqC,EAAGU,GACnB,IAAItL,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4K,EAAE5K,GAAU,EAALsL,EAAEtL,EACpC,CAEA,SAAS60C,EAASC,GAChB,IAAI90C,EAAG+0C,EAAG17B,EAAI,EACd,IAAKrZ,EAAI,EAAGA,EAAI,GAAIA,IAClB+0C,EAAID,EAAE90C,GAAKqZ,EAAI,MACfA,EAAI1Q,KAAKsP,MAAM88B,EAAI,OACnBD,EAAE90C,GAAK+0C,EAAQ,MAAJ17B,EAEby7B,EAAE,IAAMz7B,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAAS27B,EAAS1lB,EAAG/jB,EAAGL,GAEtB,IADA,IAAIgQ,EAAG7B,IAAMnO,EAAE,GACNlL,EAAI,EAAGA,EAAI,GAAIA,IACtBkb,EAAI7B,GAAKiW,EAAEtvB,GAAKuL,EAAEvL,IAClBsvB,EAAEtvB,IAAMkb,EACR3P,EAAEvL,IAAMkb,CAEZ,CAEA,SAAS+5B,EAAUH,EAAGzrC,GACpB,IAAIrJ,EAAG4Z,EAAG1O,EACNb,EAAIypC,IAAM54B,EAAI44B,IAClB,IAAK9zC,EAAI,EAAGA,EAAI,GAAIA,IAAKkb,EAAElb,GAAKqJ,EAAErJ,GAIlC,IAHA60C,EAAS35B,GACT25B,EAAS35B,GACT25B,EAAS35B,GACJtB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAvP,EAAE,GAAK6Q,EAAE,GAAK,MACTlb,EAAI,EAAGA,EAAI,GAAIA,IAClBqK,EAAErK,GAAKkb,EAAElb,GAAK,OAAWqK,EAAErK,EAAE,IAAI,GAAM,GACvCqK,EAAErK,EAAE,IAAM,MAEZqK,EAAE,IAAM6Q,EAAE,IAAM,OAAW7Q,EAAE,KAAK,GAAM,GACxCa,EAAKb,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACT2qC,EAAS95B,EAAG7Q,EAAG,EAAEa,GAEnB,IAAKlL,EAAI,EAAGA,EAAI,GAAIA,IAClB80C,EAAE,EAAE90C,GAAY,IAAPkb,EAAElb,GACX80C,EAAE,EAAE90C,EAAE,GAAKkb,EAAElb,IAAI,CAErB,CAEA,SAASk1C,EAAS5pC,EAAGJ,GACnB,IAAImO,EAAI,IAAIzZ,WAAW,IAAK+lB,EAAI,IAAI/lB,WAAW,IAG/C,OAFAq1C,EAAU57B,EAAG/N,GACb2pC,EAAUtvB,EAAGza,GACNspC,EAAiBn7B,EAAG,EAAGsM,EAAG,EACnC,CAEA,SAASwvB,EAAS7pC,GAChB,IAAIqa,EAAI,IAAI/lB,WAAW,IAEvB,OADAq1C,EAAUtvB,EAAGra,GACC,EAAPqa,EAAE,EACX,CAEA,SAASyvB,EAAYN,EAAGzrC,GACtB,IAAIrJ,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKqJ,EAAE,EAAErJ,IAAMqJ,EAAE,EAAErJ,EAAE,IAAM,GACtD80C,EAAE,KAAO,KACX,CAEA,SAAS3K,EAAE2K,EAAGxpC,EAAGJ,GACf,IAAK,IAAIlL,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAC/C,CAEA,SAASq1C,EAAEP,EAAGxpC,EAAGJ,GACf,IAAK,IAAIlL,EAAI,EAAGA,EAAI,GAAIA,IAAK80C,EAAE90C,GAAKsL,EAAEtL,GAAKkL,EAAElL,EAC/C,CAEA,SAASs1C,EAAER,EAAGxpC,EAAGJ,GACf,IAAI6pC,EAAG17B,EACJmnB,EAAK,EAAI1Y,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIyY,EAAK,EAAIwB,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEoT,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK5rC,EAAE,GACP6rC,EAAK7rC,EAAE,GACP8rC,EAAK9rC,EAAE,GACP+rC,EAAK/rC,EAAE,GACPgsC,EAAKhsC,EAAE,GACPisC,EAAKjsC,EAAE,GACPksC,EAAKlsC,EAAE,GACPmsC,EAAKnsC,EAAE,GACPosC,EAAKpsC,EAAE,GACPqsC,EAAKrsC,EAAE,GACPssC,EAAMtsC,EAAE,IACRusC,EAAMvsC,EAAE,IACRwsC,EAAMxsC,EAAE,IACRysC,EAAMzsC,EAAE,IACR0sC,EAAM1sC,EAAE,IACR2sC,EAAM3sC,EAAE,IAGVs1B,IADAuU,EAAIzpC,EAAE,IACIwrC,EACVhvB,GAAMitB,EAAIgC,EACVhvB,GAAMgtB,EAAIiC,EACVhvB,GAAM+sB,EAAIkC,EACVxW,GAAMsU,EAAImC,EACVjV,GAAM8S,EAAIoC,EACVjV,GAAM6S,EAAIqC,EACVjV,GAAM4S,EAAIsC,EACV9B,GAAMR,EAAIuC,EACV9B,GAAMT,EAAIwC,EACV9B,GAAOV,EAAIyC,EACX9B,GAAOX,EAAI0C,EACX9B,GAAOZ,EAAI2C,EACX9B,GAAOb,EAAI4C,EACX9B,GAAOd,EAAI6C,EACX9B,GAAOf,EAAI8C,EAEX/vB,IADAitB,EAAIzpC,EAAE,IACIwrC,EACV/uB,GAAMgtB,EAAIgC,EACV/uB,GAAM+sB,EAAIiC,EACVvW,GAAMsU,EAAIkC,EACVhV,GAAM8S,EAAImC,EACVhV,GAAM6S,EAAIoC,EACVhV,GAAM4S,EAAIqC,EACV7B,GAAMR,EAAIsC,EACV7B,GAAMT,EAAIuC,EACV7B,GAAOV,EAAIwC,EACX7B,GAAOX,EAAIyC,EACX7B,GAAOZ,EAAI0C,EACX7B,GAAOb,EAAI2C,EACX7B,GAAOd,EAAI4C,EACX7B,GAAOf,EAAI6C,EACX7B,GAAOhB,EAAI8C,EAEX9vB,IADAgtB,EAAIzpC,EAAE,IACIwrC,EACV9uB,GAAM+sB,EAAIgC,EACVtW,GAAMsU,EAAIiC,EACV/U,GAAM8S,EAAIkC,EACV/U,GAAM6S,EAAImC,EACV/U,GAAM4S,EAAIoC,EACV5B,GAAMR,EAAIqC,EACV5B,GAAMT,EAAIsC,EACV5B,GAAOV,EAAIuC,EACX5B,GAAOX,EAAIwC,EACX5B,GAAOZ,EAAIyC,EACX5B,GAAOb,EAAI0C,EACX5B,GAAOd,EAAI2C,EACX5B,GAAOf,EAAI4C,EACX5B,GAAOhB,EAAI6C,EACX5B,GAAOjB,EAAI8C,EAEX7vB,IADA+sB,EAAIzpC,EAAE,IACIwrC,EACVrW,GAAMsU,EAAIgC,EACV9U,GAAM8S,EAAIiC,EACV9U,GAAM6S,EAAIkC,EACV9U,GAAM4S,EAAImC,EACV3B,GAAMR,EAAIoC,EACV3B,GAAMT,EAAIqC,EACV3B,GAAOV,EAAIsC,EACX3B,GAAOX,EAAIuC,EACX3B,GAAOZ,EAAIwC,EACX3B,GAAOb,EAAIyC,EACX3B,GAAOd,EAAI0C,EACX3B,GAAOf,EAAI2C,EACX3B,GAAOhB,EAAI4C,EACX3B,GAAOjB,EAAI6C,EACX3B,GAAOlB,EAAI8C,EAEXpX,IADAsU,EAAIzpC,EAAE,IACIwrC,EACV7U,GAAM8S,EAAIgC,EACV7U,GAAM6S,EAAIiC,EACV7U,GAAM4S,EAAIkC,EACV1B,GAAMR,EAAImC,EACV1B,GAAMT,EAAIoC,EACV1B,GAAOV,EAAIqC,EACX1B,GAAOX,EAAIsC,EACX1B,GAAOZ,EAAIuC,EACX1B,GAAOb,EAAIwC,EACX1B,GAAOd,EAAIyC,EACX1B,GAAOf,EAAI0C,EACX1B,GAAOhB,EAAI2C,EACX1B,GAAOjB,EAAI4C,EACX1B,GAAOlB,EAAI6C,EACX1B,GAAOnB,EAAI8C,EAEX5V,IADA8S,EAAIzpC,EAAE,IACIwrC,EACV5U,GAAM6S,EAAIgC,EACV5U,GAAM4S,EAAIiC,EACVzB,GAAMR,EAAIkC,EACVzB,GAAMT,EAAImC,EACVzB,GAAOV,EAAIoC,EACXzB,GAAOX,EAAIqC,EACXzB,GAAOZ,EAAIsC,EACXzB,GAAOb,EAAIuC,EACXzB,GAAOd,EAAIwC,EACXzB,GAAOf,EAAIyC,EACXzB,GAAOhB,EAAI0C,EACXzB,GAAOjB,EAAI2C,EACXzB,GAAOlB,EAAI4C,EACXzB,GAAOnB,EAAI6C,EACXzB,GAAOpB,EAAI8C,EAEX3V,IADA6S,EAAIzpC,EAAE,IACIwrC,EACV3U,GAAM4S,EAAIgC,EACVxB,GAAMR,EAAIiC,EACVxB,GAAMT,EAAIkC,EACVxB,GAAOV,EAAImC,EACXxB,GAAOX,EAAIoC,EACXxB,GAAOZ,EAAIqC,EACXxB,GAAOb,EAAIsC,EACXxB,GAAOd,EAAIuC,EACXxB,GAAOf,EAAIwC,EACXxB,GAAOhB,EAAIyC,EACXxB,GAAOjB,EAAI0C,EACXxB,GAAOlB,EAAI2C,EACXxB,GAAOnB,EAAI4C,EACXxB,GAAOpB,EAAI6C,EACXxB,GAAOrB,EAAI8C,EAEX1V,IADA4S,EAAIzpC,EAAE,IACIwrC,EACVvB,GAAMR,EAAIgC,EACVvB,GAAMT,EAAIiC,EACVvB,GAAOV,EAAIkC,EACXvB,GAAOX,EAAImC,EACXvB,GAAOZ,EAAIoC,EACXvB,GAAOb,EAAIqC,EACXvB,GAAOd,EAAIsC,EACXvB,GAAOf,EAAIuC,EACXvB,GAAOhB,EAAIwC,EACXvB,GAAOjB,EAAIyC,EACXvB,GAAOlB,EAAI0C,EACXvB,GAAOnB,EAAI2C,EACXvB,GAAOpB,EAAI4C,EACXvB,GAAOrB,EAAI6C,EACXvB,GAAOtB,EAAI8C,EAEXtC,IADAR,EAAIzpC,EAAE,IACIwrC,EACVtB,GAAMT,EAAIgC,EACVtB,GAAOV,EAAIiC,EACXtB,GAAOX,EAAIkC,EACXtB,GAAOZ,EAAImC,EACXtB,GAAOb,EAAIoC,EACXtB,GAAOd,EAAIqC,EACXtB,GAAOf,EAAIsC,EACXtB,GAAOhB,EAAIuC,EACXtB,GAAOjB,EAAIwC,EACXtB,GAAOlB,EAAIyC,EACXtB,GAAOnB,EAAI0C,EACXtB,GAAOpB,EAAI2C,EACXtB,GAAOrB,EAAI4C,EACXtB,GAAOtB,EAAI6C,EACXtB,GAAOvB,EAAI8C,EAEXrC,IADAT,EAAIzpC,EAAE,IACIwrC,EACVrB,GAAOV,EAAIgC,EACXrB,GAAOX,EAAIiC,EACXrB,GAAOZ,EAAIkC,EACXrB,GAAOb,EAAImC,EACXrB,GAAOd,EAAIoC,EACXrB,GAAOf,EAAIqC,EACXrB,GAAOhB,EAAIsC,EACXrB,GAAOjB,EAAIuC,EACXrB,GAAOlB,EAAIwC,EACXrB,GAAOnB,EAAIyC,EACXrB,GAAOpB,EAAI0C,EACXrB,GAAOrB,EAAI2C,EACXrB,GAAOtB,EAAI4C,EACXrB,GAAOvB,EAAI6C,EACXrB,GAAOxB,EAAI8C,EAEXpC,IADAV,EAAIzpC,EAAE,KACKwrC,EACXpB,GAAOX,EAAIgC,EACXpB,GAAOZ,EAAIiC,EACXpB,GAAOb,EAAIkC,EACXpB,GAAOd,EAAImC,EACXpB,GAAOf,EAAIoC,EACXpB,GAAOhB,EAAIqC,EACXpB,GAAOjB,EAAIsC,EACXpB,GAAOlB,EAAIuC,EACXpB,GAAOnB,EAAIwC,EACXpB,GAAOpB,EAAIyC,EACXpB,GAAOrB,EAAI0C,EACXpB,GAAOtB,EAAI2C,EACXpB,GAAOvB,EAAI4C,EACXpB,GAAOxB,EAAI6C,EACXpB,GAAOzB,EAAI8C,EAEXnC,IADAX,EAAIzpC,EAAE,KACKwrC,EACXnB,GAAOZ,EAAIgC,EACXnB,GAAOb,EAAIiC,EACXnB,GAAOd,EAAIkC,EACXnB,GAAOf,EAAImC,EACXnB,GAAOhB,EAAIoC,EACXnB,GAAOjB,EAAIqC,EACXnB,GAAOlB,EAAIsC,EACXnB,GAAOnB,EAAIuC,EACXnB,GAAOpB,EAAIwC,EACXnB,GAAOrB,EAAIyC,EACXnB,GAAOtB,EAAI0C,EACXnB,GAAOvB,EAAI2C,EACXnB,GAAOxB,EAAI4C,EACXnB,GAAOzB,EAAI6C,EACXnB,GAAO1B,EAAI8C,EAEXlC,IADAZ,EAAIzpC,EAAE,KACKwrC,EACXlB,GAAOb,EAAIgC,EACXlB,GAAOd,EAAIiC,EACXlB,GAAOf,EAAIkC,EACXlB,GAAOhB,EAAImC,EACXlB,GAAOjB,EAAIoC,EACXlB,GAAOlB,EAAIqC,EACXlB,GAAOnB,EAAIsC,EACXlB,GAAOpB,EAAIuC,EACXlB,GAAOrB,EAAIwC,EACXlB,GAAOtB,EAAIyC,EACXlB,GAAOvB,EAAI0C,EACXlB,GAAOxB,EAAI2C,EACXlB,GAAOzB,EAAI4C,EACXlB,GAAO1B,EAAI6C,EACXlB,GAAO3B,EAAI8C,EAEXjC,IADAb,EAAIzpC,EAAE,KACKwrC,EACXjB,GAAOd,EAAIgC,EACXjB,GAAOf,EAAIiC,EACXjB,GAAOhB,EAAIkC,EACXjB,GAAOjB,EAAImC,EACXjB,GAAOlB,EAAIoC,EACXjB,GAAOnB,EAAIqC,EACXjB,GAAOpB,EAAIsC,EACXjB,GAAOrB,EAAIuC,EACXjB,GAAOtB,EAAIwC,EACXjB,GAAOvB,EAAIyC,EACXjB,GAAOxB,EAAI0C,EACXjB,GAAOzB,EAAI2C,EACXjB,GAAO1B,EAAI4C,EACXjB,GAAO3B,EAAI6C,EACXjB,GAAO5B,EAAI8C,EAEXhC,IADAd,EAAIzpC,EAAE,KACKwrC,EACXhB,GAAOf,EAAIgC,EACXhB,GAAOhB,EAAIiC,EACXhB,GAAOjB,EAAIkC,EACXhB,GAAOlB,EAAImC,EACXhB,GAAOnB,EAAIoC,EACXhB,GAAOpB,EAAIqC,EACXhB,GAAOrB,EAAIsC,EACXhB,GAAOtB,EAAIuC,EACXhB,GAAOvB,EAAIwC,EACXhB,GAAOxB,EAAIyC,EACXhB,GAAOzB,EAAI0C,EACXhB,GAAO1B,EAAI2C,EACXhB,GAAO3B,EAAI4C,EACXhB,GAAO5B,EAAI6C,EACXhB,GAAO7B,EAAI8C,EAEX/B,IADAf,EAAIzpC,EAAE,KACKwrC,EAkBXhvB,GAAO,IAhBPkuB,GAAOjB,EAAIiC,GAiBXjvB,GAAO,IAhBPkuB,GAAOlB,EAAIkC,GAiBXjvB,GAAO,IAhBPkuB,GAAOnB,EAAImC,GAiBXzW,GAAO,IAhBP0V,GAAOpB,EAAIoC,GAiBXlV,GAAO,IAhBPmU,GAAOrB,EAAIqC,GAiBXlV,GAAO,IAhBPmU,GAAOtB,EAAIsC,GAiBXlV,GAAO,IAhBPmU,GAAOvB,EAAIuC,GAiBX/B,GAAO,IAhBPgB,GAAOxB,EAAIwC,GAiBX/B,GAAO,IAhBPgB,GAAOzB,EAAIyC,GAiBX/B,GAAO,IAhBPgB,GAAO1B,EAAI0C,GAiBX/B,GAAO,IAhBPgB,GAAO3B,EAAI2C,GAiBX/B,GAAO,IAhBPgB,GAAO5B,EAAI4C,GAiBX/B,GAAO,IAhBPgB,GAAO7B,EAAI6C,GAiBX/B,GAAO,IAhBPgB,GAAO9B,EAAI8C,GAqBsCrX,GAAjDuU,GAnBAvU,GAAO,IAhBPuV,GAAOhB,EAAIgC,KAkCX19B,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK3O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKpnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK9oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSS,GAAjDT,EAAKS,EAAKn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQU,GAAhDV,EAAIU,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQW,GAAhDX,EAAIW,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQa,GAAhDb,EAAIa,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQc,GAAhDd,EAAIc,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQe,GAAhDf,EAAIe,EAAMz8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QAKSvU,GAAjDuU,GAJAvU,GAAMnnB,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK3O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKpnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK9oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACSS,GAAjDT,EAAKS,EAAKn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQU,GAAhDV,EAAIU,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQW,GAAhDX,EAAIW,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQa,GAAhDb,EAAIa,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQc,GAAhDd,EAAIc,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACQe,GAAhDf,EAAIe,EAAMz8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM88B,EAAI,QACxCvU,GAAMnnB,EAAE,EAAI,IAAMA,EAAE,GAEpBy7B,EAAG,GAAKtU,EACRsU,EAAG,GAAKhtB,EACRgtB,EAAG,GAAK/sB,EACR+sB,EAAG,GAAK9sB,EACR8sB,EAAG,GAAKrU,EACRqU,EAAG,GAAK7S,EACR6S,EAAG,GAAK5S,EACR4S,EAAG,GAAK3S,EACR2S,EAAG,GAAKS,EACRT,EAAG,GAAKU,EACRV,EAAE,IAAMW,EACRX,EAAE,IAAMY,EACRZ,EAAE,IAAMa,EACRb,EAAE,IAAMc,EACRd,EAAE,IAAMe,EACRf,EAAE,IAAMgB,CACV,CAEA,SAASnF,EAAEmE,EAAGxpC,GACZgqC,EAAER,EAAGxpC,EAAGA,EACV,CAEA,SAASwsC,EAAShD,EAAG90C,GACnB,IACIsL,EADA+N,EAAIy6B,IAER,IAAKxoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKtL,EAAEsL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBqlC,EAAEt3B,EAAGA,GACI,IAAN/N,GAAiB,IAANA,GAASgqC,EAAEj8B,EAAGA,EAAGrZ,GAEjC,IAAKsL,EAAI,EAAGA,EAAI,GAAIA,IAAKwpC,EAAExpC,GAAK+N,EAAE/N,EACpC,CAaA,SAASysC,EAAkBxsC,EAAGlC,EAAGimB,GAC/B,IAC8B1kB,EAAG5K,EAD7BolC,EAAI,IAAIxlC,WAAW,IACnBmK,EAAI,IAAIgqC,aAAa,IACrBzoC,EAAIwoC,IAAM5oC,EAAI4oC,IAAMz6B,EAAIy6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IAC5B,IAAK9zC,EAAI,EAAGA,EAAI,GAAIA,IAAKolC,EAAEplC,GAAKqJ,EAAErJ,GAIlC,IAHAolC,EAAE,IAAW,IAAN/7B,EAAE,IAAS,GAClB+7B,EAAE,IAAI,IACNgQ,EAAYrrC,EAAEulB,GACTtvB,EAAI,EAAGA,EAAI,GAAIA,IAClBkL,EAAElL,GAAG+J,EAAE/J,GACP2lB,EAAE3lB,GAAGsL,EAAEtL,GAAGqZ,EAAErZ,GAAG,EAGjB,IADAsL,EAAE,GAAGqa,EAAE,GAAG,EACL3lB,EAAE,IAAKA,GAAG,IAAKA,EAElBg1C,EAAS1pC,EAAEJ,EADXN,EAAGw6B,EAAEplC,IAAI,MAAQ,EAAFA,GAAM,GAErBg1C,EAAS37B,EAAEsM,EAAE/a,GACbu/B,EAAE7oC,EAAEgK,EAAE+N,GACNg8B,EAAE/pC,EAAEA,EAAE+N,GACN8wB,EAAE9wB,EAAEnO,EAAEya,GACN0vB,EAAEnqC,EAAEA,EAAEya,GACNgrB,EAAEhrB,EAAErkB,GACJqvC,EAAE/O,EAAEt2B,GACJgqC,EAAEhqC,EAAE+N,EAAE/N,GACNgqC,EAAEj8B,EAAEnO,EAAE5J,GACN6oC,EAAE7oC,EAAEgK,EAAE+N,GACNg8B,EAAE/pC,EAAEA,EAAE+N,GACNs3B,EAAEzlC,EAAEI,GACJ+pC,EAAEh8B,EAAEsM,EAAEic,GACN0T,EAAEhqC,EAAE+N,EAAE+6B,GACNjK,EAAE7+B,EAAEA,EAAEqa,GACN2vB,EAAEj8B,EAAEA,EAAE/N,GACNgqC,EAAEhqC,EAAEqa,EAAEic,GACN0T,EAAE3vB,EAAEza,EAAEnB,GACN4mC,EAAEzlC,EAAE5J,GACJ0zC,EAAS1pC,EAAEJ,EAAEN,GACboqC,EAAS37B,EAAEsM,EAAE/a,GAEf,IAAK5K,EAAI,EAAGA,EAAI,GAAIA,IAClB+J,EAAE/J,EAAE,IAAIsL,EAAEtL,GACV+J,EAAE/J,EAAE,IAAIqZ,EAAErZ,GACV+J,EAAE/J,EAAE,IAAIkL,EAAElL,GACV+J,EAAE/J,EAAE,IAAI2lB,EAAE3lB,GAEZ,IAAIg4C,EAAMjuC,EAAEb,SAAS,IACjB+uC,EAAMluC,EAAEb,SAAS,IAIrB,OAHA4uC,EAASE,EAAIA,GACb1C,EAAE2C,EAAIA,EAAID,GACV/C,EAAU1pC,EAAE0sC,GACL,CACT,CAEA,SAASC,EAAuB3sC,EAAGlC,GACjC,OAAO0uC,EAAkBxsC,EAAGlC,EAAG4qC,EACjC,CAOA,SAAS/wC,EAAIosB,EAAG/jB,GACd,IAAID,EAAIwoC,IAAM5oC,EAAI4oC,IAAMz6B,EAAIy6B,IACxBnuB,EAAImuB,IAAMxyC,EAAIwyC,IAAMlS,EAAIkS,IACxBjS,EAAIiS,IAAM16B,EAAI06B,IAAM54B,EAAI44B,IAE5BuB,EAAE/pC,EAAGgkB,EAAE,GAAIA,EAAE,IACb+lB,EAAEn6B,EAAG3P,EAAE,GAAIA,EAAE,IACb+pC,EAAEhqC,EAAGA,EAAG4P,GACRivB,EAAEj/B,EAAGokB,EAAE,GAAIA,EAAE,IACb6a,EAAEjvB,EAAG3P,EAAE,GAAIA,EAAE,IACb+pC,EAAEpqC,EAAGA,EAAGgQ,GACRo6B,EAAEj8B,EAAGiW,EAAE,GAAI/jB,EAAE,IACb+pC,EAAEj8B,EAAGA,EAAGg7B,GACRiB,EAAE3vB,EAAG2J,EAAE,GAAI/jB,EAAE,IACb4+B,EAAExkB,EAAGA,EAAGA,GACR0vB,EAAE/zC,EAAG4J,EAAGI,GACR+pC,EAAEzT,EAAGjc,EAAGtM,GACR8wB,EAAEtI,EAAGlc,EAAGtM,GACR8wB,EAAE/wB,EAAGlO,EAAGI,GAERgqC,EAAEhmB,EAAE,GAAIhuB,EAAGsgC,GACX0T,EAAEhmB,EAAE,GAAIlW,EAAGyoB,GACXyT,EAAEhmB,EAAE,GAAIuS,EAAGD,GACX0T,EAAEhmB,EAAE,GAAIhuB,EAAG8X,EACb,CAEA,SAAS++B,EAAM7oB,EAAG/jB,EAAGL,GACnB,IAAIlL,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjBg1C,EAAS1lB,EAAEtvB,GAAIuL,EAAEvL,GAAIkL,EAEzB,CAEA,SAASktC,EAAKxtC,EAAG0kB,GACf,IAAI+oB,EAAKvE,IAAMwE,EAAKxE,IAAMyE,EAAKzE,IAC/BgE,EAASS,EAAIjpB,EAAE,IACfgmB,EAAE+C,EAAI/oB,EAAE,GAAIipB,GACZjD,EAAEgD,EAAIhpB,EAAE,GAAIipB,GACZtD,EAAUrqC,EAAG0tC,GACb1tC,EAAE,KAAOuqC,EAASkD,IAAO,CAC3B,CAEA,SAASG,EAAWlpB,EAAG/jB,EAAGuP,GACxB,IAAI5P,EAAGlL,EAKP,IAJA40C,EAAStlB,EAAE,GAAI4kB,GACfU,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI4kB,GACVl0C,EAAI,IAAKA,GAAK,IAAKA,EAEtBm4C,EAAM7oB,EAAG/jB,EADTL,EAAK4P,EAAG9a,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BkD,EAAIqI,EAAG+jB,GACPpsB,EAAIosB,EAAGA,GACP6oB,EAAM7oB,EAAG/jB,EAAGL,EAEhB,CAEA,SAASutC,EAAWnpB,EAAGxU,GACrB,IAAIvP,EAAI,CAACuoC,IAAMA,IAAMA,IAAMA,KAC3Bc,EAASrpC,EAAE,GAAI+oC,GACfM,EAASrpC,EAAE,GAAIgpC,GACfK,EAASrpC,EAAE,GAAI4oC,GACfmB,EAAE/pC,EAAE,GAAI+oC,EAAGC,GACXiE,EAAWlpB,EAAG/jB,EAAGuP,EACnB,CAEA,SAAS49B,EAAoBC,EAAIC,EAAIC,GACnC,IAAIlzB,EAEA3lB,EADAsvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KAY3B,IATK+E,GAAQ7E,EAAY4E,EAAI,KAC7BjzB,EAAIkuB,EAAK5iC,KAAK2nC,EAAG1vC,SAAS,EAAG,MAC3B,IAAM,IACRyc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8yB,EAAWnpB,EAAG3J,GACdyyB,EAAKO,EAAIrpB,GAEJtvB,EAAI,EAAGA,EAAI,GAAIA,IAAK44C,EAAG54C,EAAE,IAAM24C,EAAG34C,GACvC,OAAO,CACT,CAEA,IAAI84C,EAAI,IAAI/E,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgF,EAAKnuC,EAAGb,GACf,IAAIi6B,EAAOhkC,EAAG4Z,EAAGV,EACjB,IAAKlZ,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAgkC,EAAQ,EACHpqB,EAAI5Z,EAAI,GAAIkZ,EAAIlZ,EAAI,GAAI4Z,EAAIV,IAAKU,EACpC7P,EAAE6P,IAAMoqB,EAAQ,GAAKj6B,EAAE/J,GAAK84C,EAAEl/B,GAAK5Z,EAAI,KACvCgkC,EAAQr7B,KAAKsP,OAAOlO,EAAE6P,GAAK,KAAO,KAClC7P,EAAE6P,IAAc,IAARoqB,EAEVj6B,EAAE6P,IAAMoqB,EACRj6B,EAAE/J,GAAK,EAGT,IADAgkC,EAAQ,EACHpqB,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE6P,IAAMoqB,GAASj6B,EAAE,KAAO,GAAK+uC,EAAEl/B,GACjCoqB,EAAQj6B,EAAE6P,IAAM,EAChB7P,EAAE6P,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK7P,EAAE6P,IAAMoqB,EAAQ8U,EAAEl/B,GAC3C,IAAK5Z,EAAI,EAAGA,EAAI,GAAIA,IAClB+J,EAAE/J,EAAE,IAAM+J,EAAE/J,IAAM,EAClB4K,EAAE5K,GAAY,IAAP+J,EAAE/J,EAEb,CAEA,SAASytB,EAAO7iB,GACd,IAA8B5K,EAA1B+J,EAAI,IAAIgqC,aAAa,IACzB,IAAK/zC,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK4K,EAAE5K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4K,EAAE5K,GAAK,EAChC+4C,EAAKnuC,EAAGb,EACV,CAsCA,SAASivC,EAAUpuC,EAAG0kB,GACpB,IAAIpU,EAAI44B,IAAMmF,EAAMnF,IAAM3P,EAAM2P,IAC5BoF,EAAMpF,IAAMqF,EAAOrF,IAAMsF,EAAOtF,IAChCuF,EAAOvF,IA2BX,OAzBAc,EAAShqC,EAAE,GAAIupC,GACfiB,EAAYxqC,EAAE,GAAI0kB,GAClBqhB,EAAExM,EAAKv5B,EAAE,IACT0qC,EAAE4D,EAAK/U,EAAKkG,GACZgL,EAAElR,EAAKA,EAAKv5B,EAAE,IACdu/B,EAAE+O,EAAKtuC,EAAE,GAAIsuC,GAEbvI,EAAEwI,EAAMD,GACRvI,EAAEyI,EAAMD,GACR7D,EAAE+D,EAAMD,EAAMD,GACd7D,EAAEp6B,EAAGm+B,EAAMlV,GACXmR,EAAEp6B,EAAGA,EAAGg+B,GAnPV,SAAiBpE,EAAG90C,GAClB,IACIsL,EADA+N,EAAIy6B,IAER,IAAKxoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKtL,EAAEsL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBqlC,EAAEt3B,EAAGA,GACI,IAAN/N,GAASgqC,EAAEj8B,EAAGA,EAAGrZ,GAExB,IAAKsL,EAAI,EAAGA,EAAI,GAAIA,IAAKwpC,EAAExpC,GAAK+N,EAAE/N,EACpC,CA4OEguC,CAAQp+B,EAAGA,GACXo6B,EAAEp6B,EAAGA,EAAGipB,GACRmR,EAAEp6B,EAAGA,EAAGg+B,GACR5D,EAAEp6B,EAAGA,EAAGg+B,GACR5D,EAAE1qC,EAAE,GAAIsQ,EAAGg+B,GAEXvI,EAAEsI,EAAKruC,EAAE,IACT0qC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAMmR,EAAE1qC,EAAE,GAAIA,EAAE,GAAIspB,GAEtCyc,EAAEsI,EAAKruC,EAAE,IACT0qC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAc,GAE5BgR,EAASvqC,EAAE,MAAS0kB,EAAE,KAAK,GAAI+lB,EAAEzqC,EAAE,GAAIspC,EAAKtpC,EAAE,IAElD0qC,EAAE1qC,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAII2uC,EAAoB,GAKxB,SAASC,IACP,IAAK,IAAIx5C,EAAI,EAAGA,EAAIy5C,UAAUx7C,OAAQ+B,IACpC,KAAMy5C,UAAUz5C,aAAcJ,YAC5B,MAAM,IAAImvB,UAAU,kCAE1B,CAEA,SAAS2qB,EAAQC,GACf,IAAK,IAAI35C,EAAI,EAAGA,EAAI25C,EAAI17C,OAAQ+B,IAAK25C,EAAI35C,GAAK,CAChD,CAEA6zC,EAAK+F,WAAa,SAASvwC,EAAGimB,GAE5B,GADAkqB,EAAgBnwC,EAAGimB,GApBe,KAqB9BjmB,EAAEpL,OAA0C,MAAUgC,MAAM,cAChE,GAvB4B,KAuBxBqvB,EAAErxB,OAAoC,MAAUgC,MAAM,cAC1D,IAAIsL,EAAI,IAAI3L,WAxBgB,IA0B5B,OADAm4C,EAAkBxsC,EAAGlC,EAAGimB,GACjB/jB,CACT,EAEAsoC,EAAKgG,IAAM,GAEXhG,EAAKgG,IAAIC,QAAU,WACjB,IAnQ0B3uC,EAAGpB,EAmQzB4uC,EAAK,IAAI/4C,WA9BiB,IA+B1Bg5C,EAAK,IAAIh5C,WA9BiB,IAgC9B,OAtQ0BuL,EAqQPwtC,EApQnB3E,EAD6BjqC,EAqQN6uC,EApQR,IACRV,EAAuB/sC,EAAGpB,GAoQ1B,CAACoF,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAKgG,IAAIC,QAAQC,cAAgB,SAAS5nC,GAExC,GADAqnC,EAAgBrnC,GApCc,KAqC1BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAClB,IAAI04C,EAAK,IAAI/4C,WAxCiB,IA0C9B,OADAs4C,EAAuBS,EAAIxmC,GACpB,CAAChD,UAAWwpC,EAAIxmC,UAAW,IAAIvS,WAAWuS,GACnD,EAEA0hC,EAAKmG,KAAO,SAASzX,EAAKpwB,GAExB,GADAqnC,EAAgBjX,EAAKpwB,GA1CU,KA2C3BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAClB,IAAIg6C,EAAY,IAAIr6C,WAAW25C,EAAkBhX,EAAItkC,QAErD,OA5JF,SAAqBi8C,EAAI7vC,EAAGhB,EAAGuvC,GAC7B,IAAIjzB,EAAGvM,EAAGxO,EACN5K,EAAG4Z,EAAG7P,EAAI,IAAIgqC,aAAa,IAC3BzkB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,MAE3BnuB,EAAIkuB,EAAK5iC,KAAK2nC,EAAG1vC,SAAS,EAAG,MAC3B,IAAM,IACRyc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIw0B,EAAQ9wC,EAAI,GAChB,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKk6C,EAAG,GAAKl6C,GAAKqK,EAAErK,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKk6C,EAAG,GAAKl6C,GAAK2lB,EAAE,GAAK3lB,GAO7C,IAJAytB,EADA7iB,EAAIipC,EAAK5iC,KAAKipC,EAAGhxC,SAAS,GAAIixC,KAE9B1B,EAAWnpB,EAAG1kB,GACdwtC,EAAK8B,EAAI5qB,GAEJtvB,EAAI,GAAIA,EAAI,GAAIA,IAAKk6C,EAAGl6C,GAAK44C,EAAG54C,GAIrC,IAFAytB,EADArU,EAAIy6B,EAAK5iC,KAAKipC,EAAGhxC,SAAS,EAAGixC,KAGxBn6C,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+J,EAAE/J,GAAK4K,EAAE5K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAK4Z,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE/J,EAAE4Z,IAAMR,EAAEpZ,GAAK2lB,EAAE/L,GAIvBm/B,EAAKmB,EAAGhxC,SAAS,IAAKa,EAExB,CA0HEqwC,CAAYH,EAAW1X,EAAKA,EAAItkC,OAAQkU,GACjC8nC,CACT,EAEApG,EAAKmG,KAAKK,SAAW,SAAS9X,EAAKpwB,GAGjC,IAFA,IAAI8nC,EAAYpG,EAAKmG,KAAKzX,EAAKpwB,GAC3BmoC,EAAM,IAAI16C,WAAW25C,GAChBv5C,EAAI,EAAGA,EAAIs6C,EAAIr8C,OAAQ+B,IAAKs6C,EAAIt6C,GAAKi6C,EAAUj6C,GACxD,OAAOs6C,CACT,EAEAzG,EAAKmG,KAAKK,SAASE,OAAS,SAAShY,EAAK+X,EAAKnrC,GAE7C,GADAqqC,EAAgBjX,EAAK+X,EAAKnrC,GACtBmrC,EAAIr8C,SAAWs7C,EACjB,MAAUt5C,MAAM,sBAClB,GA9D+B,KA8D3BkP,EAAUlR,OACZ,MAAUgC,MAAM,uBAClB,IAEID,EAFAk6C,EAAK,IAAIt6C,WAAW25C,EAAoBhX,EAAItkC,QAC5CoM,EAAI,IAAIzK,WAAW25C,EAAoBhX,EAAItkC,QAE/C,IAAK+B,EAAI,EAAGA,EAAIu5C,EAAmBv5C,IAAKk6C,EAAGl6C,GAAKs6C,EAAIt6C,GACpD,IAAKA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAKk6C,EAAGl6C,EAAEu5C,GAAqBhX,EAAIviC,GAC/D,OAxGF,SAA0BqK,EAAG6vC,EAAI7wC,EAAGsvC,GAClC,IAAI34C,EACwBoZ,EAAxB8B,EAAI,IAAItb,WAAW,IACnB0vB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KACvBvoC,EAAI,CAACuoC,IAAMA,IAAMA,IAAMA,KAE3B,GAAIzqC,EAAI,GAAI,OAAQ,EAEpB,GAAI2vC,EAAUztC,EAAGotC,GAAK,OAAQ,EAE9B,IAAK34C,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAKk6C,EAAGl6C,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqK,EAAErK,EAAE,IAAM24C,EAAG34C,GAUtC,GARAytB,EADArU,EAAIy6B,EAAK5iC,KAAK5G,EAAEnB,SAAS,EAAGG,KAE5BmvC,EAAWlpB,EAAG/jB,EAAG6N,GAEjBq/B,EAAWltC,EAAG2uC,EAAGhxC,SAAS,KAC1BhG,EAAIosB,EAAG/jB,GACP6sC,EAAKl9B,EAAGoU,GAERjmB,GAAK,GACDmrC,EAAiB0F,EAAI,EAAGh/B,EAAG,GAAI,CACjC,IAAKlb,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAK,EAC/B,OAAQ,EAGV,IAAKA,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAKqK,EAAErK,GAAKk6C,EAAGl6C,EAAI,IACtC,OAAOqJ,CACT,CA4EUmxC,CAAiBnwC,EAAG6vC,EAAIA,EAAGj8C,OAAQkR,IAAc,CAC3D,EAEA0kC,EAAKmG,KAAKF,QAAU,WAClB,IAAInB,EAAK,IAAI/4C,WAzEkB,IA0E3Bg5C,EAAK,IAAIh5C,WAzEkB,IA2E/B,OADA84C,EAAoBC,EAAIC,GACjB,CAACzpC,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAKmG,KAAKF,QAAQC,cAAgB,SAAS5nC,GAEzC,GADAqnC,EAAgBrnC,GA/Ee,KAgF3BA,EAAUlU,OACZ,MAAUgC,MAAM,uBAElB,IADA,IAAI04C,EAAK,IAAI/4C,WAnFkB,IAoFtBI,EAAI,EAAGA,EAAI24C,EAAG16C,OAAQ+B,IAAK24C,EAAG34C,GAAKmS,EAAU,GAAGnS,GACzD,MAAO,CAACmP,UAAWwpC,EAAIxmC,UAAW,IAAIvS,WAAWuS,GACnD,EAEA0hC,EAAKmG,KAAKF,QAAQW,SAAW,SAASC,GAEpC,GADAlB,EAAgBkB,GAvFU,KAwFtBA,EAAKz8C,OACP,MAAUgC,MAAM,iBAGlB,IAFA,IAAI04C,EAAK,IAAI/4C,WA5FkB,IA6F3Bg5C,EAAK,IAAIh5C,WA5FkB,IA6FtBI,EAAI,EAAGA,EAAI,GAAIA,IAAK44C,EAAG54C,GAAK06C,EAAK16C,GAE1C,OADA04C,EAAoBC,EAAIC,GAAI,GACrB,CAACzpC,UAAWwpC,EAAIxmC,UAAWymC,EACpC,EAEA/E,EAAK8G,QAAU,SAASzzC,GACtB8sC,EAAc9sC,CAChB,EAEA,WAGE,IAAIwU,EAAyB,oBAATk/B,KAAwBA,KAAKl/B,QAAUk/B,KAAKC,SAAY,KAC5E,GAAIn/B,GAAUA,EAAOo/B,gBAAiB,CAGpCjH,EAAK8G,SAAQ,SAAS5wC,EAAGV,GACvB,IAAIrJ,EAAG+0C,EAAI,IAAIn1C,WAAWyJ,GAC1B,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,GAHT,MAIR0b,EAAOo/B,gBAAgB/F,EAAE7rC,SAASlJ,EAAGA,EAAI2I,KAAKoyC,IAAI1xC,EAAIrJ,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK+J,EAAE/J,GAAK+0C,EAAE/0C,GACjC05C,EAAQ3E,gBAEkB,IAAZiG,KAEhBt/B,EAASrc,IACKqc,EAAOu/B,aACnBpH,EAAK8G,SAAQ,SAAS5wC,EAAGV,GACvB,IAAIrJ,EAAG+0C,EAAIr5B,EAAOu/B,YAAY5xC,GAC9B,IAAKrJ,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK+J,EAAE/J,GAAK+0C,EAAE/0C,GACjC05C,EAAQ3E,KAIf,CA1BD,EA4BC,CAn6BD,CAm6BoCvS,EAAO0Y,QAAU1Y,EAAO0Y,QAAWN,KAAK/G,KAAO+G,KAAK/G,MAAQ,OC34BhG,MAAMpI,GAAap0B,GAAKyE,gBAOjB,SAASq/B,GAAel9C,GAC7B,MAAMmgB,EAAM,IAAIxe,WAAW3B,GAC3B,GAAIwtC,GAAY,CACd,MAAMtnC,EAAQsnC,GAAWwP,YAAY78B,EAAIngB,QACzCmgB,EAAI/d,IAAI8D,OACH,IAAsB,oBAAXuX,SAA0BA,OAAOo/B,gBAGjD,MAAU76C,MAAM,gDAFhByb,OAAOo/B,gBAAgB18B,GAIzB,OAAOA,CACT,CASOpgB,eAAeo9C,GAAoBL,EAAKnyC,GAC7C,MAAMQ,QAAmBiO,GAAKuE,gBAE9B,GAAIhT,EAAIkD,GAAGivC,GACT,MAAU96C,MAAM,uCAGlB,MAAMo7C,EAAUzyC,EAAIqB,IAAI8wC,GAClB52C,EAAQk3C,EAAQj6C,aAMtB,OADU,IAAIgI,QAAiB+xC,GAAeh3C,EAAQ,IAC7CoG,IAAI8wC,GAASn4C,IAAI63C,EAC5B,8FClCO/8C,eAAes9C,GAAoB9/B,EAAMla,EAAG4X,GACjD,MAAM9P,QAAmBiO,GAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GACrB2xC,EAAMnuC,EAAIlB,UAAU,IAAItC,EAAWoS,EAAO,IAC1C+/B,EAAS,IAAInyC,EAAW,IAOxBoyC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE/FnyC,QAAU+xC,GAAoBL,EAAKA,EAAIrvC,UAAUkB,IACvD,IAAI5M,EAAIqJ,EAAEkB,IAAIgxC,GAAQlvC,WAEtB,GACEhD,EAAES,KAAK,IAAIV,EAAWoyC,EAAKx7C,KAC3BA,GAAKA,EAAIw7C,EAAKx7C,IAAMw7C,EAAKv9C,OAErBoL,EAAEqD,YAAc8O,IAClBnS,EAAEe,KAAK2wC,EAAIrvC,UAAUkB,IAAM9C,KAAKixC,GAChC/6C,EAAIqJ,EAAEkB,IAAIgxC,GAAQlvC,yBAENovC,GAAgBpyC,EAAG/H,EAAG4X,IACtC,OAAO7P,CACT,CAUOrL,eAAey9C,GAAgBpyC,EAAG/H,EAAG4X,GAC1C,QAAI5X,IAAM+H,EAAEQ,MAAMmB,IAAI1J,GAAGoJ,mBA8BpB1M,eAA4BqL,GACjC,MAAMD,QAAmBiO,GAAKuE,gBAC9B,OAAO8/B,GAAYC,OAAMtxC,GACa,IAA7BhB,EAAEkB,IAAI,IAAInB,EAAWiB,KAEhC,CAhCauxC,CAAavyC,aAqBnBrL,eAAsBqL,EAAG6B,GAC9B,MAAM9B,QAAmBiO,GAAKuE,gBAE9B,OADA1Q,EAAIA,GAAK,IAAI9B,EAAW,GACjB8B,EAAEV,OAAOnB,EAAEQ,MAAOR,GAAGqB,OAC9B,CAtBamxC,CAAOxyC,YAyJbrL,eAA2BqL,EAAG6P,EAAG4iC,GACtC,MAAM1yC,QAAmBiO,GAAKuE,gBACxB5O,EAAM3D,EAAEqD,YAETwM,IACHA,EAAIvQ,KAAKC,IAAI,EAAIoE,EAAM,GAAM,IAG/B,MAAM+c,EAAK1gB,EAAEQ,MAGb,IAAIiR,EAAI,EACR,MAAQiP,EAAGtd,OAAOqO,IAAMA,IACxB,MAAM6K,EAAItc,EAAEuC,WAAW,IAAIxC,EAAW0R,IAEtC,KAAO5B,EAAI,EAAGA,IAAK,CAGjB,IAKIlZ,EALA+J,GAFM+xC,EAAOA,UAAeV,GAAoB,IAAIhyC,EAAW,GAAI2gB,IAE7Dvf,OAAOmb,EAAGtc,GACpB,IAAIU,EAAEW,UAAWX,EAAE8B,MAAMke,GAAzB,CAKA,IAAK/pB,EAAI,EAAGA,EAAI8a,EAAG9a,IAAK,CAGtB,GAFA+J,EAAIA,EAAEI,IAAIJ,GAAGQ,IAAIlB,GAEbU,EAAEW,QACJ,OAAO,EAET,GAAIX,EAAE8B,MAAMke,GACV,MAIJ,GAAI/pB,IAAM8a,EACR,OAAO,GAIX,OAAO,CACT,CA/LaihC,CAAY1yC,EAAG6P,IAM5B,CAuBA,MAAMwiC,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MC1JtC,MAAMM,GAAe,GAyCd,SAASC,GAAUzlC,EAAS0lC,GACjC,MAAMC,EAAU3lC,EAAQvY,OAExB,GAAIk+C,EAAUD,EAAY,GACxB,MAAUj8C,MAAM,oBAIlB,MAAMm8C,EA7BR,SAAyBn+C,GACvB,MAAMK,EAAS,IAAIsB,WAAW3B,GAC9B,IAAI0iC,EAAQ,EACZ,KAAOA,EAAQ1iC,GAAQ,CACrB,MAAMg9C,EAAcE,GAAel9C,EAAS0iC,GAC5C,IAAK,IAAI3gC,EAAI,EAAGA,EAAIi7C,EAAYh9C,OAAQ+B,IACf,IAAnBi7C,EAAYj7C,KACd1B,EAAOqiC,KAAWsa,EAAYj7C,IAIpC,OAAO1B,CACT,CAiBa+9C,CAAgBH,EAAYC,EAAU,GAG3C79B,EAAU,IAAI1e,WAAWs8C,GAM/B,OAJA59B,EAAQ,GAAK,EACbA,EAAQje,IAAI+7C,EAAI,GAEhB99B,EAAQje,IAAImW,EAAS0lC,EAAYC,GAC1B79B,CACT,CAUO,SAASg+B,GAAUh+B,EAASi+B,GAEjC,IAAInvC,EAAS,EACTovC,EAAoB,EACxB,IAAK,IAAI5iC,EAAIxM,EAAQwM,EAAI0E,EAAQrgB,OAAQ2b,IACvC4iC,GAAoC,IAAfl+B,EAAQ1E,GAC7BxM,GAAUovC,EAGZ,MAAMC,EAAQrvC,EAAS,EACjBsvC,EAAUp+B,EAAQpV,SAASkE,EAAS,GACpCuvC,EAAgC,IAAfr+B,EAAQ,GAA0B,IAAfA,EAAQ,GAAWm+B,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOllC,GAAKuG,iBAAiB++B,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUz8C,MAAM,mBAClB,CAUOjC,eAAe4+C,GAAWlQ,EAAMvN,EAAQ0d,GAC7C,IAAI78C,EACJ,GAAIm/B,EAAOlhC,SAAWgT,GAAK07B,kBAAkBD,GAC3C,MAAUzsC,MAAM,uBAIlB,MAAM68C,EAAa,IAAIl9C,WAAWo8C,GAAatP,GAAMzuC,QACrD,IAAK+B,EAAI,EAAGA,EAAIg8C,GAAatP,GAAMzuC,OAAQ+B,IACzC88C,EAAW98C,GAAKg8C,GAAatP,GAAM1sC,GAGrC,MAAM+8C,EAAOD,EAAW7+C,OAASkhC,EAAOlhC,OACxC,GAAI4+C,EAAQE,EAAO,GACjB,MAAU98C,MAAM,6CAIlB,MAAMm8C,EAAK,IAAIx8C,WAAWi9C,EAAQE,EAAO,GAAGC,KAAK,KAI3CC,EAAK,IAAIr9C,WAAWi9C,GAK1B,OAJAI,EAAG,GAAK,EACRA,EAAG58C,IAAI+7C,EAAI,GACXa,EAAG58C,IAAIy8C,EAAYD,EAAQE,GAC3BE,EAAG58C,IAAI8+B,EAAQ0d,EAAQ1d,EAAOlhC,QACvBg/C,CACT,CAhIAjB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGChBd,MAAMxQ,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBohC,GAAOzR,GAAapsC,OAAqBvB,EAGzCq/C,GAAgB1R,GAAayR,GAAKE,OAAO,iBAAiB,WAC9DvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,kBAAkB0pC,MAC3B1gD,KAAKgX,IAAI,mBAAmB0pC,MAC5B1gD,KAAKgX,IAAI,UAAU0pC,MACnB1gD,KAAKgX,IAAI,UAAU0pC,MACnB1gD,KAAKgX,IAAI,aAAa0pC,MACtB1gD,KAAKgX,IAAI,aAAa0pC,MACtB1gD,KAAKgX,IAAI,eAAe0pC,MAE5B,SAAKz/C,EAEC0/C,GAAe/R,GAAayR,GAAKE,OAAO,iBAAiB,WAC7DvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,kBAAkB0pC,MAE/B,SAAKz/C,yDAgBEE,eAAoBy/C,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGoI,GAC3D,GAAIp4B,IAASsQ,GAAK9X,SAASwH,GACzB,GAAIsQ,GAAKoE,eACP,IACE,aAyPRzd,eAAuB0/C,EAAU32C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAQpD,MAAM4mB,QAyMR3/C,eAA4BqL,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACzC,MAAM3tB,QAAmBiO,GAAKuE,gBACxBgiC,EAAO,IAAIx0C,EAAWkmB,GACtBuuB,EAAO,IAAIz0C,EAAWmC,GACtBuyC,EAAO,IAAI10C,EAAWuc,GAE5B,IAAIo4B,EAAKD,EAAKvzC,IAAIszC,EAAKh0C,OACnBm0C,EAAKF,EAAKvzC,IAAIqzC,EAAK/zC,OAGvB,OAFAm0C,EAAKA,EAAG/wC,eACR8wC,EAAKA,EAAG9wC,eACD,CACLgxC,IAAK,MACL50C,EAAG0V,GAAgB1V,GAAG,GACtB/H,EAAGyd,GAAgBzd,GAAG,GACtBqkB,EAAG5G,GAAgB4G,GAAG,GAEtB2J,EAAGvQ,GAAgBxT,GAAG,GACtBA,EAAGwT,GAAgBuQ,GAAG,GAEtB0uB,GAAIj/B,GAAgBg/B,GAAI,GACxBA,GAAIh/B,GAAgBi/B,GAAI,GACxBE,GAAIn/B,GAAgBgY,GAAG,GACvBonB,KAAK,EAET,CAjOoBC,CAAa/0C,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACxC2V,EAAO,CACXvkC,KAAM,oBACN8I,KAAM,CAAE9I,KAAMu1C,IAEV7pC,QAAY23B,GAAUgC,UAAU,MAAOmQ,EAAKjR,GAAM,EAAO,CAAC,SAChE,OAAO,IAAI9sC,iBAAiB4rC,GAAUwO,KAAK,oBAAqBnmC,EAAK9M,GACvE,CAxQqBs3C,CAAQpgC,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GAAW12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC/E,MAAOunB,GACPjnC,GAAK4D,gBAAgBqjC,QAElB,GAAIjnC,GAAKyE,gBACd,OAqQN9d,eAAwBy/C,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GACrD,MAAQlb,QAAS0iC,SAAazhD,gDACxB0hD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAGhzC,GACfmzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMn0C,IAAIk0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMn0C,IAAIi0C,EAAMG,KAAK,IAC1B3E,EAAOvO,GAAWmT,WAAW3gC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC1DzD,EAAKr7C,MAAMoI,GACXizC,EAAKxxC,MACL,MAAMq2C,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAGhzC,GACf2zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,QAA2C,IAAhC0U,GAAW6T,iBAAkC,CACtD,MAAMC,EAAMpC,GAAchjC,OAAO0kC,EAAW,OAC5C,OAAO,IAAIj/C,WAAWo6C,EAAKA,KAAK,CAAEnmC,IAAK0rC,EAAKC,OAAQ,MAAOvoC,KAAM,WAEnE,MAAMwoC,EAAMtC,GAAchjC,OAAO0kC,EAAW,MAAO,CACjDa,MAAO,oBAET,OAAO,IAAI9/C,WAAWo6C,EAAKA,KAAKyF,GAClC,CApSaE,CAASlC,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAGnD,OAsOF/4B,eAAsBy/C,EAAUp0C,EAAGsc,EAAGwZ,GACpC,MAAM/1B,QAAmBiO,GAAKuE,gBAC9BvS,EAAI,IAAID,EAAWC,GACnB,MAAMgB,EAAI,IAAIjB,QAAiBwzC,GAAWa,EAAUte,EAAQ91B,EAAEjI,eAE9D,GADAukB,EAAI,IAAIvc,EAAWuc,GACftb,EAAE4B,IAAI5C,GACR,MAAUpJ,MAAM,2CAElB,OAAOoK,EAAEG,OAAOmb,EAAGtc,GAAG4D,aAAa,KAAM5D,EAAEjI,aAC7C,CA/OSw+C,CAAOnC,EAAUp0C,EAAGsc,EAAGwZ,EAChC,SAaOnhC,eAAsBy/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,EAAG69B,GACpD,GAAIp4B,IAASsQ,GAAK9X,SAASwH,GACzB,GAAIsQ,GAAKoE,eACP,IACE,aA8RRzd,eAAyB0/C,EAAU32C,EAAM+T,EAAGzR,EAAG/H,GAC7C,MAAMq8C,EAiLR,SAAqBt0C,EAAG/H,GACtB,MAAO,CACL28C,IAAK,MACL50C,EAAG0V,GAAgB1V,GAAG,GACtB/H,EAAGyd,GAAgBzd,GAAG,GACtB68C,KAAK,EAET,CAxLc0B,CAAYx2C,EAAG/H,GACrBuS,QAAY23B,GAAUgC,UAAU,MAAOmQ,EAAK,CAChDx1C,KAAM,oBACN8I,KAAM,CAAE9I,KAAOu1C,KACd,EAAO,CAAC,WACX,OAAOlS,GAAU+O,OAAO,oBAAqB1mC,EAAKiH,EAAG/T,EACvD,CArSqB+4C,CAAU7hC,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GAAW12C,EAAM+T,EAAGzR,EAAG/H,GACxE,MAAOg9C,GACPjnC,GAAK4D,gBAAgBqjC,QAElB,GAAIjnC,GAAKyE,gBACd,OAkSN9d,eAA0By/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAC9C,MAAQua,QAAS0iC,SAAazhD,gDAExBy9C,EAAS9O,GAAWsU,aAAa9hC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC9DlD,EAAO57C,MAAMoI,GACbwzC,EAAO/xC,MACP,MAAMq2C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADI2pC,GAAarjC,OAAO0kC,EAAW,OACzBW,OAAQ,MAAOvoC,KAAM,cAEvCpD,EAAM2pC,GAAarjC,OAAO0kC,EAAW,MAAO,CAC1Ca,MAAO,mBAGX,IACE,aAAanF,EAAOA,OAAO1mC,EAAKiH,GAChC,MAAOwjC,GACP,OAAO,EAEX,CA1Ta0B,CAAWvC,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAG5C,OAyQFtD,eAAwBy/C,EAAU3iC,EAAGzR,EAAG/H,EAAG69B,GACzC,MAAM/1B,QAAmBiO,GAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnByR,EAAI,IAAI1R,EAAW0R,GACnBxZ,EAAI,IAAI8H,EAAW9H,GACfwZ,EAAE7O,IAAI5C,GACR,MAAUpJ,MAAM,6CAElB,MAAMggD,EAAMnlC,EAAEtQ,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,cAC1C8+C,QAAYtD,GAAWa,EAAUte,EAAQ91B,EAAEjI,cACjD,OAAOiW,GAAKqD,iBAAiBulC,EAAKC,EACpC,CApRSC,CAAS1C,EAAU3iC,EAAGzR,EAAG/H,EAAG69B,EACrC,UAUOnhC,eAAuB+I,EAAMsC,EAAG/H,GACrC,OAAI+V,GAAKyE,gBA6SX9d,eAA2B+I,EAAMsC,EAAG/H,GAClC,MAAQua,QAAS0iC,SAAazhD,gDAExB+hD,EAAY,CAChBxD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADI2pC,GAAarjC,OAAO0kC,EAAW,OACzBW,OAAQ,MAAOvoC,KAAM,QAASoX,QAASod,GAAW2U,UAAUC,uBACzE,CAILxsC,EAAM,CAAEA,IAHI2pC,GAAarjC,OAAO0kC,EAAW,MAAO,CAChDa,MAAO,mBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,OAAO,IAAIzgD,WAAW6rC,GAAW6U,cAAczsC,EAAK9M,GACtD,CA9TWsmC,CAAYtmC,EAAMsC,EAAG/H,GAgUhCtD,eAAyB+I,EAAMsC,EAAG/H,GAChC,MAAM8H,QAAmBiO,GAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnBtC,EAAO,IAAIqC,EAAW6yC,GAAUl1C,EAAMsC,EAAEjI,eACxCE,EAAI,IAAI8H,EAAW9H,GACfyF,EAAKkF,IAAI5C,GACX,MAAUpJ,MAAM,2CAElB,OAAO8G,EAAKyD,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,aAChD,CAvUSm/C,CAAUx5C,EAAMsC,EAAG/H,EAC5B,UAiBOtD,eAAuB+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAIpD,GAAIllC,GAAKyE,kBAAoBygC,EAC3B,IACE,aAiTNv+C,eAA2B+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC9C,MAAQlb,QAAS0iC,SAAazhD,gDAExB0hD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAGhzC,GACfmzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMn0C,IAAIk0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMn0C,IAAIi0C,EAAMG,KAAK,IAC1BE,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGl1C,GAChB01C,eAAgB,IAAIR,EAAGj9C,GACvB09C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAGhzC,GACf2zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,IAAIljB,EACJ,QAA2C,IAAhC43B,GAAW6T,iBAAkC,CAEtDzrC,EAAM,CAAEA,IADIspC,GAAchjC,OAAO0kC,EAAW,OAC1BW,OAAQ,MAAQvoC,KAAM,QAASoX,QAASod,GAAW2U,UAAUC,uBAC1E,CAILxsC,EAAM,CAAEA,IAHIspC,GAAchjC,OAAO0kC,EAAW,MAAO,CACjDa,MAAO,oBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,IACE,OAAO,IAAIzgD,WAAW6rC,GAAW+U,eAAe3sC,EAAK9M,IACrD,MAAOu3C,GACP,MAAUr+C,MAAM,oBAEpB,CArVmBquC,CAAYvnC,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAC9C,MAAOunB,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,OAkVFtgD,eAAyB+I,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAC/C,MAAMnzC,QAAmBiO,GAAKuE,gBAQ9B,GAPA7U,EAAO,IAAIqC,EAAWrC,GACtBsC,EAAI,IAAID,EAAWC,GACnB/H,EAAI,IAAI8H,EAAW9H,GACnBqkB,EAAI,IAAIvc,EAAWuc,GACnB2J,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBwrB,EAAI,IAAI3tB,EAAW2tB,GACfhwB,EAAKkF,IAAI5C,GACX,MAAUpJ,MAAM,mBAElB,MAAM89C,EAAKp4B,EAAEpb,IAAIgB,EAAE1B,OACbm0C,EAAKr4B,EAAEpb,IAAI+kB,EAAEzlB,OAEb42C,SAAmBrF,GAAoB,IAAIhyC,EAAW,GAAIC,IAAIkB,IAAIlB,GAClEq3C,EAAUD,EAAU11C,OAAO1B,GAAGmB,OAAOlJ,EAAG+H,GAC9CtC,EAAOA,EAAKoD,IAAIu2C,GAASn2C,IAAIlB,GAG7B,MAAMs3C,EAAK55C,EAAKyD,OAAOwzC,EAAI1uB,GACrBsxB,EAAK75C,EAAKyD,OAAOuzC,EAAIxyC,GACrB6N,EAAI2d,EAAE5sB,IAAIy2C,EAAG32C,IAAI02C,IAAKp2C,IAAIgB,GAEhC,IAAIjN,EAAS8a,EAAEjP,IAAImlB,GAAGpsB,IAAIy9C,GAK1B,OAHAriD,EAASA,EAAO6L,IAAIs2C,GAAWl2C,IAAIlB,GAG5BizC,GAAUh+C,EAAO2O,aAAa,KAAM5D,EAAEjI,cAAem7C,EAC9D,CAhXSsE,CAAU95C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,EAC3C,WAeOv+C,eAAwBwd,EAAMla,GAMnC,GAHAA,EAAI,UAFqB+V,GAAKuE,iBAEXta,GAGf+V,GAAKoE,eAAgB,CACvB,MAAMqlC,EAAY,CAChB34C,KAAM,oBACN44C,cAAevlC,EACfujC,eAAgBz9C,EAAE2L,eAClBgE,KAAM,CACJ9I,KAAM,UAGJ2xC,QAAgBtO,GAAUwV,YAAYF,GAAW,EAAM,CAAC,OAAQ,WAIhEnD,QAAYnS,GAAUyV,UAAU,MAAOnH,EAAQrjC,YAErD,MAAO,CACLpN,EAAGuV,GAAgB++B,EAAIt0C,GACvB/H,EAAGA,EAAE2L,eACL0Y,EAAG/G,GAAgB++B,EAAIh4B,GAEvB2J,EAAG1Q,GAAgB++B,EAAIpyC,GACvBA,EAAGqT,GAAgB++B,EAAIruB,GAEvByH,EAAGnY,GAAgB++B,EAAIO,KAEpB,GAAI7mC,GAAKyE,iBAAmB2vB,GAAWyV,iBAAmB/D,GAAe,CAC9E,MAAMgE,EAAO,CACXJ,cAAevlC,EACfujC,eAAgBz9C,EAAE+K,WAClB+0C,kBAAmB,CAAEnqC,KAAM,QAASuoC,OAAQ,OAC5C6B,mBAAoB,CAAEpqC,KAAM,QAASuoC,OAAQ,QAEzC8B,QAAY,IAAIxkD,SAAQ,CAACC,EAASC,KACtCyuC,GAAWyV,gBAAgB,MAAOC,GAAM,CAAC7C,EAAKiD,EAAGhC,KAC3CjB,EACFthD,EAAOshD,GAEPvhD,EAAQogD,GAAc5iC,OAAOglC,EAAK,UAEpC,IAOJ,MAAO,CACLl2C,EAAGi4C,EAAIjG,QAAQmG,YAAY5hD,YAC3B0B,EAAGggD,EAAIvC,eAAeyC,YAAY5hD,YAClC+lB,EAAG27B,EAAItC,gBAAgBwC,YAAY5hD,YAEnC0vB,EAAGgyB,EAAIpC,OAAOsC,YAAY5hD,YAC1B2L,EAAG+1C,EAAIrC,OAAOuC,YAAY5hD,YAE1Bm3B,EAAGuqB,EAAIjC,YAAYmC,YAAY5hD,aAOnC,IAAI0vB,EACA/jB,EACAlC,EACJ,GACEkC,QAAU+vC,GAAoB9/B,GAAQA,GAAQ,GAAIla,EAAG,IACrDguB,QAAUgsB,GAAoB9/B,GAAQ,EAAGla,EAAG,IAC5C+H,EAAIimB,EAAEnlB,IAAIoB,SACHlC,EAAEqD,cAAgB8O,GAE3B,MAAMimC,EAAMnyB,EAAEzlB,MAAMK,KAAKqB,EAAE1B,OAM3B,OAJI0B,EAAEO,GAAGwjB,MACNA,EAAG/jB,GAAK,CAACA,EAAG+jB,IAGR,CACLjmB,EAAGA,EAAE4D,eACL3L,EAAGA,EAAE2L,eACL0Y,EAAGrkB,EAAEyJ,OAAO02C,GAAKx0C,eACjBqiB,EAAGA,EAAEriB,eACL1B,EAAGA,EAAE0B,eAGL8pB,EAAGzH,EAAEvkB,OAAOQ,GAAG0B,eAEnB,iBAaOjP,eAA8BqL,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAClD,MAAM3tB,QAAmBiO,GAAKuE,gBAM9B,GALAvS,EAAI,IAAID,EAAWC,GACnBimB,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,IAGd+jB,EAAEnlB,IAAIoB,GAAGM,MAAMxC,GAClB,OAAO,EAGT,MAAMqmC,EAAM,IAAItmC,EAAW,GAG3B,GADA2tB,EAAI,IAAI3tB,EAAW2tB,IACdzH,EAAEnlB,IAAI4sB,GAAGxsB,IAAIgB,GAAGb,QACnB,OAAO,EAGTpJ,EAAI,IAAI8H,EAAW9H,GACnBqkB,EAAI,IAAIvc,EAAWuc,GAQnB,MAAM+7B,EAAa,IAAIt4C,EAAWT,KAAKsP,MAAM5O,EAAEqD,YAAc,IACvD9B,QAAUwwC,GAAoB1L,EAAKA,EAAIhkC,UAAUg2C,IACjDC,EAAM/2C,EAAET,IAAIwb,GAAGxb,IAAI7I,GAGzB,SADoBqgD,EAAIp3C,IAAI+kB,EAAEzlB,OAAOgC,MAAMjB,KAAM+2C,EAAIp3C,IAAIgB,EAAE1B,OAAOgC,MAAMjB,GAM1E,8DCjRO5M,eAAuB+I,EAAMuoB,EAAGuS,EAAG12B,GACxC,MAAM/B,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnBuS,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEnB,MACMd,EAAI,IAAIjB,EADC6yC,GAAUl1C,EAAMuoB,EAAEluB,eAK3B8X,QAAUkiC,GAAoB,IAAIhyC,EAAW,GAAIkmB,EAAEzlB,OACzD,MAAO,CACL4gB,GAAIoX,EAAEr3B,OAAO0O,EAAGoW,GAAGriB,eACnByd,GAAIvf,EAAEX,OAAO0O,EAAGoW,GAAGplB,KAAKG,GAAGD,KAAKklB,GAAGriB,eAEvC,UAcOjP,eAAuBysB,EAAIC,EAAI4E,EAAGvlB,EAAGwyC,GAC1C,MAAMnzC,QAAmBiO,GAAKuE,gBAO9B,OANA6O,EAAK,IAAIrhB,EAAWqhB,GACpBC,EAAK,IAAIthB,EAAWshB,GACpB4E,EAAI,IAAIlmB,EAAWkmB,GACnBvlB,EAAI,IAAIX,EAAWW,GAGZuyC,GADQ7xB,EAAGjgB,OAAOT,EAAGulB,GAAGvkB,OAAOukB,GAAGplB,KAAKwgB,GAAItgB,KAAKklB,GAC/BriB,aAAa,KAAMqiB,EAAEluB,cAAem7C,EAC9D,iBAWOv+C,eAA8BsxB,EAAGuS,EAAG12B,EAAGpB,GAC5C,MAAMX,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnBuS,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIy4B,EAAE91B,IAAIa,IAAQi1B,EAAE51B,IAAIqjB,GACtB,OAAO,EAIT,MAAMsyB,EAAQ,IAAIx4C,EAAWkmB,EAAE5iB,aACzBm1C,EAAQ,IAAIz4C,EAAW,MAC7B,GAAIw4C,EAAM91C,GAAG+1C,GACX,OAAO,EAOT,IAAKhgB,EAAEr3B,OAAO8kB,EAAEzlB,MAAOylB,GAAG5kB,QACxB,OAAO,EAST,IAAI0B,EAAMy1B,EACV,MAAM7hC,EAAI,IAAIoJ,EAAW,GACnB04C,EAAY,IAAI14C,EAAW,GAAGsC,UAAU,IAAItC,EAAW,KAC7D,KAAOpJ,EAAE8L,GAAGg2C,IAAY,CAEtB,GADA11C,EAAMA,EAAIjC,IAAI03B,GAAGz3B,KAAKklB,GAClBljB,EAAI1B,QACN,OAAO,EAET1K,EAAE0J,OASJK,EAAI,IAAIX,EAAWW,GACnB,MAAM2lC,EAAM,IAAItmC,EAAW,GACrBwB,QAAUwwC,GAAoB1L,EAAIhkC,UAAUk2C,EAAM/3C,OAAQ6lC,EAAIhkC,UAAUk2C,IACxEG,EAAMzyB,EAAEzlB,MAAMK,KAAKU,GAAGd,KAAKC,GACjC,QAAKoB,EAAEU,MAAMg2B,EAAEr3B,OAAOu3C,EAAKzyB,GAK7B,IC5GA,MAAM0yB,GACJrlD,YAAYslD,GACV,GAAIA,aAAeD,GACjBnlD,KAAKolD,IAAMA,EAAIA,SACV,GAAI5qC,GAAKha,QAAQ4kD,IACb5qC,GAAK1X,aAAasiD,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIriD,WAAWqiD,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAIhkD,OAAS,EAC1B,MAAUgC,MAAM,sCAElBgiD,EAAMA,EAAI/4C,SAAS,GAErBrM,KAAKolD,IAAMA,OAEXplD,KAAKolD,IAAM,GASflkD,KAAKZ,GACH,GAAIA,EAAMc,QAAU,EAAG,CACrB,MAAMA,EAASd,EAAM,GACrB,GAAIA,EAAMc,QAAU,EAAIA,EAEtB,OADApB,KAAKolD,IAAM9kD,EAAM+L,SAAS,EAAG,EAAIjL,GAC1B,EAAIpB,KAAKolD,IAAIhkD,OAGxB,MAAUgC,MAAM,eAOlBtB,QACE,OAAO0Y,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKolD,IAAIhkD,SAAUpB,KAAKolD,MAOxE19B,QACE,OAAOlN,GAAK8B,gBAAgBtc,KAAKolD,KAOnCC,UACE,MAAM54C,EAAMzM,KAAK0nB,QACjB,GAAItG,GAAMxQ,MAAMnE,GACd,OAAO2U,GAAMtf,MAAMsf,GAAMxQ,MAAOnE,GAEhC,MAAUrJ,MAAM,qCCzEf,SAASkiD,GAAeC,EAAcC,GAE3C,OADgBD,EAAatI,QAAQ,CAAEuI,KAAMA,GAE/C,CAEO,SAASC,GAAcF,EAAcG,GAC1C,MAAMzI,EAAUsI,EAAatI,QAAQ,CAAEyI,IAAKA,IAC5C,IAAkC,IAA9BzI,EAAQ0I,WAAWlkD,OACrB,MAAU2B,MAAM,+BAElB,OAAO65C,CACT,CAEO97C,eAAeykD,GAAgBt6C,GACpC,IAAKwZ,GAAOV,mBACV,MAAUhhB,MAAM,gEAElB,MAAQ4b,QAAS6mC,SAAmB5lD,gDACpC,OAAO,IAAI4lD,EAASC,GAAGx6C,EACzB,CCjBO,SAASy6C,GAAiBz+C,GAC/B,IACIiJ,EADAJ,EAAM,EAEV,MAAMiK,EAAO9S,EAAM,GAcnB,OAXI8S,EAAO,MACRjK,GAAO7I,EACRiJ,EAAS,GACA6J,EAAO,KAChBjK,GAAQ7I,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CiJ,EAAS,GACS,MAAT6J,IACTjK,EAAMqK,GAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IACxCkE,EAAS,GAGJ,CACLJ,IAAKA,EACLI,OAAQA,EAEZ,CASO,SAASy1C,GAAkB5kD,GAChC,OAAIA,EAAS,IACJ,IAAI2B,WAAW,CAAC3B,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAI2B,WAAW,CAAyB,KAAtB3B,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEoZ,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOyX,GAAKM,YAAY1Z,EAAQ,IAChF,CAEO,SAAS6kD,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAU9iD,MAAM,iDAElB,OAAO,IAAIL,WAAW,CAAC,IAAMmjD,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIrjD,WAAW,CAAC,IAAOqjD,GAChC,CAUO,SAASC,GAAYD,EAAUhlD,GAEpC,OAAOoZ,GAAKxX,iBAAiB,CAACmjD,GAASC,GAAWJ,GAAkB5kD,IACtE,CAOO,SAASklD,GAAkB5lC,GAChC,MAAO,CACLU,GAAMnM,OAAOU,YACbyL,GAAMnM,OAAOO,eACb4L,GAAMnM,OAAOQ,2BACb2L,GAAMnM,OAAOe,mCACboL,GAAMnM,OAAOiB,mBACb2L,SAASnB,EACb,CASOvf,eAAeolD,GAAYjmD,EAAO+E,GACvC,MAAMM,EAASihB,EAAiBtmB,GAChC,IAAII,EACA8lD,EACJ,IACE,MAAMC,QAAoB9gD,EAAO0B,UAAU,GAE3C,IAAKo/C,GAAeA,EAAYrlD,OAAS,GAAiC,IAAV,IAAjBqlD,EAAY,IACzD,MAAUrjD,MAAM,iGAElB,MAAMsjD,QAAmB/gD,EAAOoB,WAChC,IAEI4/C,EAOAC,EATAlmC,GAAO,EACPiiC,GAAU,EAGdA,EAAS,EACmB,IAAV,GAAb+D,KACH/D,EAAS,GAIPA,EAEFjiC,EAAmB,GAAbgmC,GAGNhmC,GAAoB,GAAbgmC,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BP,GAAkB5lC,GAClD,IAiBIomC,EAjBA7xC,EAAS,KACb,GAAI4xC,EAAyB,CAC3B,GAA6B,UAAzBrsC,GAAK9X,SAASpC,GAAoB,CACpC,MAAMgM,EAAc,IAAIy6C,EACxBrmD,EAASmmB,EAAiBva,GAC1B2I,EAAS3I,MACJ,CACL,MAAM/D,EAAY,IAAIy+C,EACtBtmD,EAASmmB,EAAiBte,EAAUM,UACpCoM,EAAS1M,EAAUK,SAGrB49C,EAAmBnhD,EAAS,CAAEqb,MAAKzL,gBAEnCA,EAAS,GAIX,EAAG,CACD,GAAK0tC,EAiCE,CAEL,MAAMsE,QAAmBthD,EAAOoB,WAEhC,GADA+/C,GAAmB,EACfG,EAAa,IACfN,EAAeM,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CN,GAAiBM,EAAa,KAAQ,SAAYthD,EAAOoB,WAAc,SAElE,GAAIkgD,EAAa,KAAOA,EAAa,KAG1C,GAFAN,EAAe,IAAmB,GAAbM,GACrBH,GAAmB,GACdD,EACH,MAAM,IAAI30B,UAAU,2DAItBy0B,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,gBAlDtB,OAAQ6/C,GACN,KAAK,EAGHD,QAAqBhhD,EAAOoB,WAC5B,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,QAAWpB,EAAOoB,WAC7D,MACF,KAAK,EAGH4/C,QAAsBhhD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,WACpB,MACF,QAWE4/C,EAAe/6C,IAyBrB,GAAI+6C,EAAe,EAAG,CACpB,IAAI96C,EAAY,EAChB,OAAa,CACPnL,SAAcA,EAAO2I,MACzB,MAAM/H,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OACrC,GAAII,EAAM,CACR,GAAIqlD,IAAiB/6C,IAAU,MAC/B,MAAUxI,MAAM,4BAElB,MAAMrB,EAAQ4kD,IAAiB/6C,IAAWvK,EAAQA,EAAMgL,SAAS,EAAGs6C,EAAe96C,GAInF,GAHInL,QAAcA,EAAOoB,MAAMC,GAC1BkT,EAAOpT,KAAKE,GACjB8J,GAAaxK,EAAMD,OACfyK,GAAa86C,EAAc,CAC7BhhD,EAAOmB,QAAQzF,EAAMgL,SAASs6C,EAAe96C,EAAYxK,EAAMD,SAC/D,eAIC0lD,GAiCT,MAAMI,QAAmBvhD,EAAO0B,UAAUw/C,EAA0Bj7C,IAAW,GAS/E,OARIlL,SACIA,EAAO2I,YACP3I,EAAOsB,UAEbiT,EAASuF,GAAKxX,iBAAiBiS,SAEzB5P,EAAS,CAAEqb,MAAKzL,aAEhBiyC,IAAeA,EAAW9lD,OAClC,MAAOqD,GACP,GAAI/D,EAEF,aADMA,EAAOuB,MAAMwC,IACZ,EAEP,MAAMA,UAGJ/D,SACI8lD,EAER7gD,EAAO/E,cAEX,CAEO,MAAMumD,WAAyB/jD,MACpCtD,eAAesnD,GACbrnD,SAASqnD,GAELhkD,MAAMikD,mBACRjkD,MAAMikD,kBAAkBrnD,KAAMmnD,IAGhCnnD,KAAKsL,KAAO,oBAIT,MAAMg8C,GACXxnD,YAAY4gB,EAAK6mC,GACfvnD,KAAK0gB,IAAMA,EACX1gB,KAAKunD,WAAaA,EAGpBzlD,QACE,OAAO9B,KAAKunD,YC9RhB,MAAM5Y,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAElBuoC,GAAY,CAChB32C,KAAQ,QACRG,KAAQ,QACRE,KAAQ,SAEJu2C,GAAc7Y,GAAaA,GAAW8Y,YAAc,GACpDC,GAAa/Y,GAAa,CAC9Bx9B,UAAWq2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EAC7D4P,KAAM42C,GAAY5lC,SAAS,cAAgB,kBAAe5gB,EAC1D+P,KAAMy2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EACxDiQ,KAAMu2C,GAAY5lC,SAAS,aAAe,iBAAc5gB,EACxDsQ,QAASk2C,GAAY5lC,SAAS,WAAa,eAAY5gB,EACvD2Q,WAAY61C,GAAY5lC,SAAS,UAAY,cAAW5gB,EACxD6Q,gBAAiB21C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,EAC/E8Q,gBAAiB01C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,EAC/E+Q,gBAAiBy1C,GAAY5lC,SAAS,mBAAqB,uBAAoB5gB,GAC7E,GAEE2mD,GAAS,CACb/2C,KAAM,CACJu0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5DyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAW92C,KACjBk3C,IAAKP,GAAU32C,KACfm3C,YAAa,GACbC,WAAY,KAEdj3C,KAAM,CACJo0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKK,OACjByZ,OAAQ9M,GAAM/N,UAAUO,OACxBk0C,KAAMH,GAAW32C,KACjB+2C,IAAKP,GAAUx2C,KACfg3C,YAAa,GACbC,WAAY,KAEd/2C,KAAM,CACJk0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKM,OACjBwZ,OAAQ9M,GAAM/N,UAAUQ,OACxBi0C,KAAMH,GAAWz2C,KACjB62C,IAAKP,GAAUt2C,KACf82C,YAAa,GACbC,WAAY,KAEd72C,UAAW,CACTg0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAWv2C,UACjB42C,YAAa,IAEfz2C,QAAS,CACP6zC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClEyC,QAASzmC,GAAM9O,UAAUQ,YACzBsB,KAAMgN,GAAMhN,KAAKM,OACjBozC,MAAM,EACNE,YAAa,IAEfp2C,WAAY,CACVwzC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxEyC,QAASzmC,GAAM9O,UAAUM,KACzBwB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,MAAM,EACNE,YAAa,IAEfl2C,gBAAiB,CACfszC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKI,OACjB0Z,OAAQ9M,GAAM/N,UAAUM,OACxBm0C,KAAMH,GAAW71C,gBACjBk2C,YAAa,IAEfj2C,gBAAiB,CACfqzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKK,OACjByZ,OAAQ9M,GAAM/N,UAAUO,OACxBk0C,KAAMH,GAAW51C,gBACjBi2C,YAAa,IAEfh2C,gBAAiB,CACfozC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,GAAM9O,UAAUO,MACzBuB,KAAMgN,GAAMhN,KAAKM,OACjBwZ,OAAQ9M,GAAM/N,UAAUQ,OACxBi0C,KAAMH,GAAW31C,gBACjBg2C,YAAa,KAIjB,MAAME,GACJpoD,YAAYqoD,EAAWf,GACrB,KACM5sC,GAAKha,QAAQ2nD,IACb3tC,GAAK1X,aAAaqlD,MAEpBA,EAAY,IAAIhD,GAAIgD,IAElBA,aAAqBhD,KAEvBgD,EAAYA,EAAU9C,WAGxBrlD,KAAKsL,KAAO8V,GAAMtf,MAAMsf,GAAMxQ,MAAOu3C,GACrC,MAAO1G,GACP,MAAM,IAAI0F,GAAiB,iBAE7BC,EAASA,GAAUQ,GAAO5nD,KAAKsL,MAE/BtL,KAAK6nD,QAAUT,EAAOS,QAEtB7nD,KAAKolD,IAAMgC,EAAOhC,IAClBplD,KAAKoU,KAAOgzC,EAAOhzC,KACnBpU,KAAKkuB,OAASk5B,EAAOl5B,OACrBluB,KAAK8nD,KAAOV,EAAOU,MAAQF,GAAO5nD,KAAKsL,MACvCtL,KAAK+nD,IAAMX,EAAOW,KAAOH,GAAO5nD,KAAKsL,MACrCtL,KAAKgoD,YAAcZ,EAAOY,YACtBhoD,KAAK+nD,KAAOvtC,GAAKoE,eACnB5e,KAAKoa,KAAO,MACHpa,KAAK8nD,MAAQttC,GAAKyE,gBAC3Bjf,KAAKoa,KAAO,OACW,eAAdpa,KAAKsL,KACdtL,KAAKoa,KAAO,aACW,YAAdpa,KAAKsL,OACdtL,KAAKoa,KAAO,WAIhBjZ,mBACE,IAAI87C,EACJ,OAAQj9C,KAAKoa,MACX,IAAK,MACH,IACE,aAiIVjZ,eAA6BmK,GAE3B,MAAM88C,QAAqBzZ,GAAUwV,YAAY,CAAE74C,KAAM,QAAS+8C,WAAYb,GAAUl8C,KAAS,EAAM,CAAC,OAAQ,WAE1GsO,QAAmB+0B,GAAUyV,UAAU,MAAOgE,EAAaxuC,YAC3DtH,QAAkBq8B,GAAUyV,UAAU,MAAOgE,EAAa91C,WAEhE,MAAO,CACLA,UAAWg2C,GAAeh2C,GAC1BsH,WAAYmI,GAAgBnI,EAAWkP,GAE3C,CA5IuBy/B,CAAcvoD,KAAKsL,MAChC,MAAOm2C,GACPjnC,GAAK4D,gBAAgB,6CAA+CqjC,EAAI9nC,SACxE,MAEJ,IAAK,OACH,OAwIRxY,eAA8BmK,GAE5B,MAAMsH,EAAOg8B,GAAW4Z,WAAWb,GAAWr8C,IAE9C,aADMsH,EAAK61C,eACJ,CACLn2C,UAAW,IAAIvP,WAAW6P,EAAK81C,gBAC/B9uC,WAAY,IAAI7W,WAAW6P,EAAK+1C,iBAEpC,CAhJeC,CAAe5oD,KAAKsL,MAC7B,IAAK,aAAc,CACjB,MAAMsO,EAAa0kC,GAAe,IAClC1kC,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAClB,MAAMtE,EAAYsE,EAAWlY,QAAQ+O,UACrCwsC,EAAUjG,GAAKgG,IAAIC,QAAQC,cAAc5nC,GAEzC,MAAO,CAAEhD,UADSkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQk6C,EAAQ3qC,YACrDsH,cAEtB,IAAK,UAAW,CACd,MAAMA,EAAa0kC,GAAe,IAC5BrB,EAAUjG,GAAKmG,KAAKF,QAAQW,SAAShkC,GAE3C,MAAO,CAAEtH,UADSkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQk6C,EAAQ3qC,YACrDsH,eAGxB,MAAM2rC,QAAqBK,GAAgB5lD,KAAKsL,MAIhD,OAHA2xC,QAAgBsI,EAAasD,WAAW,CACtCC,QAAStuC,GAAKqC,mBAAmByhC,GAAe,OAE3C,CAAEhsC,UAAW,IAAIvP,WAAWk6C,EAAQ8L,UAAU,SAAS,IAASnvC,WAAYqjC,EAAQ+L,aAAarE,YAAY5hD,cAuCxH5B,eAAe8nD,GAAuBpZ,EAAMuV,EAAK8D,EAAGpgC,GAClD,MAAMqgC,EAAkB,CACtBt4C,MAAM,EACNG,MAAM,EACNE,MAAM,EACNE,WAAW,EACXQ,WAAYi+B,IAASzuB,GAAM9O,UAAUM,KACrCd,iBAAiB,EACjBC,iBAAiB,EACjBC,iBAAiB,GAIbo3C,EAAYhE,EAAIC,UACtB,IAAK8D,EAAgBC,GACnB,OAAO,EAGT,GAAkB,eAAdA,EAA4B,CAC9BtgC,EAAIA,EAAEpnB,QAAQ+O,UAEd,MAAM6B,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAcp0B,GAErDogC,EAAI,IAAInmD,WAAWmmD,GACnB,MAAMG,EAAK,IAAItmD,WAAW,CAAC,MAASuP,IACpC,QAAKkI,GAAKqD,iBAAiBwrC,EAAIH,GAOjC,MAAMt4C,QAAcg1C,GAAgBwD,GACpC,IAEEF,EAAIzD,GAAc70C,EAAOs4C,GAAGH,YAC5B,MAAOO,GACP,OAAO,EAQT,QADWhE,GAAe10C,EAAOkY,GAAGigC,YAC5BQ,GAAGL,EAKb,CA+CA,SAASZ,GAAexH,GACtB,MAAM0I,EAAOznC,GAAgB++B,EAAI5zC,GAC3Bu8C,EAAO1nC,GAAgB++B,EAAIxyC,GAC3BgE,EAAY,IAAIvP,WAAWymD,EAAKpoD,OAASqoD,EAAKroD,OAAS,GAI7D,OAHAkR,EAAU,GAAK,EACfA,EAAU9O,IAAIgmD,EAAM,GACpBl3C,EAAU9O,IAAIimD,EAAMD,EAAKpoD,OAAS,GAC3BkR,CACT,CASA,SAASo3C,GAAe1B,EAAa18C,EAAMgH,GACzC,MAAMnC,EAAM63C,EACNwB,EAAOl3C,EAAU5Q,MAAM,EAAGyO,EAAM,GAChCs5C,EAAOn3C,EAAU5Q,MAAMyO,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVixC,IAAK,KACLuI,IAAKr+C,EACL4B,EAAGgV,GAAgBsnC,GAAM,GACzBl7C,EAAG4T,GAAgBunC,GAAM,GACzBnI,KAAK,EAGT,CAUA,SAASC,GAAayG,EAAa18C,EAAMgH,EAAWsH,GAClD,MAAMknC,EAAM4I,GAAe1B,EAAa18C,EAAMgH,GAE9C,OADAwuC,EAAIh4B,EAAI5G,GAAgBtI,GAAY,GAC7BknC,CACT,CCjWA,MAAMnS,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAgBjB9d,eAAeg8C,GAAKiI,EAAKxE,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACxE,MAAM1xB,EAAQ,IAAIs3C,GAAa9C,GAC/B,GAAIzrC,IAAYa,GAAK9X,SAASiX,GAAU,CACtC,MAAMsjC,EAAU,CAAE3qC,YAAWsH,cAC7B,OAAQhJ,EAAMwJ,MACZ,IAAK,MAEH,IAEE,aAwHVjZ,eAAuByP,EAAOgwC,EAAUjnC,EAASsjC,GAC/C,MAAM9sC,EAAMS,EAAMo3C,YACZlH,EAAMS,GAAa3wC,EAAMo3C,YAAaR,GAAU52C,EAAMtF,MAAO2xC,EAAQ3qC,UAAW2qC,EAAQrjC,YACxF5C,QAAY23B,GAAUgC,UAC1B,MACAmQ,EACA,CACEx1C,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAAShE,EAAMwD,SAElD,EACA,CAAC,SAGGe,EAAY,IAAIpS,iBAAiB4rC,GAAUwO,KAC/C,CACE7xC,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,KAE5C5pC,EACA2C,IAGF,MAAO,CACL5L,EAAGoH,EAAUzT,MAAM,EAAGyO,GACtB8N,EAAG9I,EAAUzT,MAAMyO,EAAKA,GAAO,GAEnC,CArJuBqxC,CAAQ5wC,EAAOgwC,EAAUjnC,EAASsjC,GAC/C,MAAOwE,GAIP,GAAmB,SAAf7wC,EAAMtF,OAAiC,cAAbm2C,EAAIn2C,MAAqC,mBAAbm2C,EAAIn2C,MAC5D,MAAMm2C,EAERjnC,GAAK4D,gBAAgB,oCAAsCqjC,EAAI9nC,SAEjE,MAEF,IAAK,OAAQ,CACX,MAAMxE,QAsKdhU,eAAwByP,EAAOgwC,EAAUjnC,EAASsjC,GAChD,MAAME,EAAOvO,GAAWmT,WAAW3gC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC1DzD,EAAKr7C,MAAM6X,GACXwjC,EAAKxxC,MACL,MAAMqL,EAAM4yC,GAAatsC,OAAO,CAC9B2kC,QAAS,EACT4H,WAAYj5C,EAAMw0C,IAClBxrC,WAAY/Z,MAAMuiB,KAAK66B,EAAQrjC,YAC/BtH,UAAW,CAAEw3C,OAAQ,EAAG5/C,KAAMrK,MAAMuiB,KAAK66B,EAAQ3qC,aAChD,MAAO,CACRuwC,MAAO,mBAGT,OAAOkH,GAAersC,OAAOy/B,EAAKA,KAAKnmC,GAAM,MAC/C,CApLgC8rC,CAASlyC,EAAOgwC,EAAUjnC,EAASsjC,GAC3D,MAAO,CACLlvC,EAAGoH,EAAUpH,EAAE42C,YAAY5hD,YAC3Bkb,EAAG9I,EAAU8I,EAAE0mC,YAAY5hD,eAKnC,OAmFF5B,eAA4ByP,EAAO0xB,EAAQ1oB,GACzC,MAAM2rC,QAAqBK,GAAgBh1C,EAAMtF,MAC3C0L,EAAMsuC,GAAeC,EAAc3rC,GACnCzE,EAAY6B,EAAImmC,KAAK7a,GAC3B,MAAO,CACLv0B,EAAGoH,EAAUpH,EAAE42C,YAAY5hD,YAC3Bkb,EAAG9I,EAAU8I,EAAE0mC,YAAY5hD,YAE/B,CA3FSinD,CAAap5C,EAAO0xB,EAAQ1oB,EACrC,CAcOzY,eAAeu8C,GAAO0H,EAAKxE,EAAUzrC,EAAWwE,EAASrH,EAAWgwB,GACzE,MAAM1xB,EAAQ,IAAIs3C,GAAa9C,GAC/B,GAAIzrC,IAAYa,GAAK9X,SAASiX,GAC5B,OAAQ/I,EAAMwJ,MACZ,IAAK,MACH,IAEE,aA4GVjZ,eAAyByP,EAAOgwC,GAAU7yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC3D,MAAMwuC,EAAM4I,GAAe94C,EAAMo3C,YAAaR,GAAU52C,EAAMtF,MAAOgH,GAC/D0E,QAAY23B,GAAUgC,UAC1B,MACAmQ,EACA,CACEx1C,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAAShE,EAAMwD,SAElD,EACA,CAAC,WAGGe,EAAYqF,GAAKxX,iBAAiB,CAAC+K,EAAGkQ,IAAI5Z,OAEhD,OAAOsqC,GAAU+O,OACf,CACEpyC,KAAQ,QACR+8C,WAAcb,GAAU52C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM8V,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,KAE5C5pC,EACA7B,EACAwE,EAEJ,CAtIuBspC,CAAUryC,EAAOgwC,EAAUzrC,EAAWwE,EAASrH,GAC5D,MAAOmvC,GAIP,GAAmB,SAAf7wC,EAAMtF,OAAiC,cAAbm2C,EAAIn2C,MAAqC,mBAAbm2C,EAAIn2C,MAC5D,MAAMm2C,EAERjnC,GAAK4D,gBAAgB,sCAAwCqjC,EAAI9nC,SAEnE,MACF,IAAK,OACH,OA4IRxY,eAA0ByP,EAAOgwC,GAAU7yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC5D,MAAQ0M,QAAS0iC,SAAazhD,gDAExBy9C,EAAS9O,GAAWsU,aAAa9hC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,IAC9DlD,EAAO57C,MAAM6X,GACb+jC,EAAO/xC,MACP,MAAMqL,EAAMizC,GAAqB3sC,OAAO,CACtC4sC,UAAW,CACTA,UAAW,CAAC,EAAG,EAAG,IAAK,MAAO,EAAG,GACjCL,WAAYj5C,EAAMw0C,KAEpB+E,iBAAkB,CAAEL,OAAQ,EAAG5/C,KAAMrK,MAAMuiB,KAAK9P,KAC/C,MAAO,CACRuwC,MAAO,eAEH1tC,EAAY40C,GAAezsC,OAAO,CACtCvP,EAAG,IAAI2zC,EAAG3zC,GAAIkQ,EAAG,IAAIyjC,EAAGzjC,IACvB,OAEH,IACE,OAAOy/B,EAAOA,OAAO1mC,EAAK7B,GAC1B,MAAOssC,GACP,OAAO,EAEX,CApKe0B,CAAWvyC,EAAOgwC,EAAUzrC,EAAWwE,EAASrH,GAI7D,OAuDFnR,eAA8ByP,EAAOuE,EAAWgzB,EAAQ71B,GACtD,MAAMizC,QAAqBK,GAAgBh1C,EAAMtF,MAC3C0L,EAAMyuC,GAAcF,EAAcjzC,GACxC,OAAO0E,EAAI0mC,OAAOvV,EAAQhzB,EAC5B,CA3DSi1C,CAAex5C,EAAOuE,OADO,IAAbyrC,EAA4BjnC,EAAU2oB,EACbhwB,EAClD,CAsKA,MAAM+tC,GAAOzR,GAAapsC,OAAqBvB,EAEzC8oD,GAAiBnb,GACrByR,GAAKE,OAAO,kBAAkB,WAC5BvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,KAAK0pC,MACd1gD,KAAKgX,IAAI,KAAK0pC,eAEbz/C,EAED2oD,GAAehb,GACnByR,GAAKE,OAAO,gBAAgB,WAC1BvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,WAAW0pC,MACpB1gD,KAAKgX,IAAI,cAAcqzC,SACvBrqD,KAAKgX,IAAI,cAAcszC,SAAS,GAAGC,WAAWC,MAC9CxqD,KAAKgX,IAAI,aAAaszC,SAAS,GAAGC,WAAWE,kBAE5CxpD,EAEDypD,GAAsB9b,GAC1ByR,GAAKE,OAAO,uBAAuB,WACjCvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,aAAa2zC,QACtB3qD,KAAKgX,IAAI,cAAcuzC,WAAWC,eAEjCvpD,EAEDgpD,GAAuBrb,GAC3ByR,GAAKE,OAAO,wBAAwB,WAClCvgD,KAAKwgD,MAAMC,IACTzgD,KAAKgX,IAAI,aAAa4zC,IAAIF,IAC1B1qD,KAAKgX,IAAI,oBAAoByzC,kBAE5BxpD,qFA9LAE,eAA8BikD,EAAK8D,EAAGpgC,GAC3C,MAAMlY,EAAQ,IAAIs3C,GAAa9C,GAE/B,GAAIx0C,EAAMi3C,UAAYzmC,GAAM9O,UAAUO,MACpC,OAAO,EAKT,OAAQjC,EAAMwJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMT,EAAU2kC,GAAe,GACzBsC,EAAWx/B,GAAMhN,KAAKI,OACtB8tB,QAAeluB,GAAK+zB,OAAOyY,EAAUjnC,GAC3C,IACE,MAAMxE,QAAkBgoC,GAAKiI,EAAKxE,EAAUjnC,EAASuvC,EAAGpgC,EAAGwZ,GAC3D,aAAaob,GAAO0H,EAAKxE,EAAUzrC,EAAWwE,EAASuvC,EAAG5mB,GAC1D,MAAOmf,GACP,OAAO,GAGX,QACE,OAAOwH,GAAuB7nC,GAAM9O,UAAUO,MAAOuyC,EAAK8D,EAAGpgC,GAEnE,ICzHAkuB,GAAK5iC,KAAO9M,GAAS,IAAIvE,WAAW2R,KAASozB,OAAOxgC,GAAO6gC,iEAgBpDhnC,eAAoBikD,EAAKxE,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACxE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB1uB,GAAMhN,KAAKI,QAEvE,MAAUpR,MAAM,sCAElB,MAAMkS,EAAYkF,GAAKxX,iBAAiB,CAAC4W,EAAYtH,EAAUjG,SAAS,KAClE8I,EAAY6hC,GAAKmG,KAAKK,SAASlb,EAAQhtB,GAE7C,MAAO,CACLvH,EAAGoH,EAAU9I,SAAS,EAAG,IACzB4R,EAAG9I,EAAU9I,SAAS,IAE1B,SAcOlL,eAAsBikD,EAAKxE,GAAU7yC,EAAGkQ,EAAEA,GAAKzQ,EAAG8E,EAAWgwB,GAClE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB1uB,GAAMhN,KAAKI,QACvE,MAAUpR,MAAM,sCAElB,MAAM+R,EAAYqF,GAAKxX,iBAAiB,CAAC+K,EAAGkQ,IAC5C,OAAO+4B,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQntB,EAAW7C,EAAUjG,SAAS,GACzE,iBASOlL,eAA8BikD,EAAK8D,EAAG7sC,GAE3C,GAAsB,YAAlB+oC,EAAIC,UACN,OAAO,EAOT,MAAM/yC,UAAEA,GAAc0kC,GAAKmG,KAAKF,QAAQW,SAASvhC,GAC3CgtC,EAAK,IAAItmD,WAAW,CAAC,MAASuP,IACpC,OAAOkI,GAAKqD,iBAAiBqrC,EAAGG,EAElC,IC4BO,SAASwB,GAAqBhb,GACnC,GAAQA,IACDzuB,GAAM9O,UAAUf,QACnB,OAAO6P,GAAMhN,KAAKI,OAElB,MAAUpR,MAAM,qBAEtB,CA1GA4zC,GAAK5iC,KAAO9M,GAAS,IAAIvE,WAAW2R,KAASozB,OAAOxgC,GAAO6gC,qEAOpDhnC,eAAwB0uC,GAC7B,GAAQA,IACDzuB,GAAM9O,UAAUf,QAAS,CAC5B,MAAMssC,EAAOS,GAAe,KACpBhsC,UAAWg7B,GAAM0J,GAAKmG,KAAKF,QAAQW,SAASC,GACpD,MAAO,CAAEvQ,IAAGuQ,QAGZ,MAAUz6C,MAAM,8BAEtB,OAeOjC,eAAoB0uC,EAAM+Q,EAAUjnC,EAASrH,EAAWsH,EAAY0oB,GACzE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB+a,GAAqBhb,IACjF,MAAUzsC,MAAM,sCAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+D,EAAYkF,GAAKxX,iBAAiB,CAAC4W,EAAYtH,IAErD,MAAO,CAAEw4C,GADS9T,GAAKmG,KAAKK,SAASlb,EAAQhtB,IAG/C,KAAK8L,GAAM9O,UAAUc,MACrB,QACE,MAAUhQ,MAAM,+BAGtB,SAaOjC,eAAsB0uC,EAAM+Q,GAAUkK,GAAEA,GAAMt9C,EAAG8E,EAAWgwB,GACjE,GAAIluB,GAAK07B,kBAAkB8Q,GAAYxsC,GAAK07B,kBAAkB+a,GAAqBhb,IACjF,MAAUzsC,MAAM,sCAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUf,QACnB,OAAOylC,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQwoB,EAAIx4C,GAE/C,KAAK8O,GAAM9O,UAAUc,MACrB,QACE,MAAUhQ,MAAM,+BAEtB,iBAUOjC,eAA8B0uC,EAAMvC,EAAGuQ,GAC5C,OAAQhO,GACN,KAAKzuB,GAAM9O,UAAUf,QAAS,CAK5B,MAAMe,UAAEA,GAAc0kC,GAAKmG,KAAKF,QAAQW,SAASC,GACjD,OAAOrjC,GAAKqD,iBAAiByvB,EAAGh7B,GAGlC,KAAK8O,GAAM9O,UAAUc,MACrB,QACE,OAAO,EAEb,4BC7FO,SAAS23C,GAAK/zC,EAAK9M,GACxB,MAAM+oB,EAAM,IAAI/E,GAAO,MAAsB,EAAblX,EAAI5V,QAAa4V,GAC3Cg0C,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC4lC,EAAIC,GAAOhhD,GACjB,IAAIojC,EAAI0d,EACR,MAAMvgC,EAAIwgC,EACJz+C,EAAIy+C,EAAE7pD,OAAS,EACfid,EAAI,IAAIgH,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAItI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI5Z,EAAI,EAAGA,EAAIqJ,IAAKrJ,EACvBkb,EAAE,GAAK7R,EAAIuQ,GAAK,EAAI5Z,GAEpBoqC,EAAE,GAAKD,EAAE,GACTC,EAAE,GAAKD,EAAE,GAETC,EAAE,GAAK9iB,EAAE,EAAItnB,GACboqC,EAAE,GAAK9iB,EAAE,EAAItnB,EAAI,GAEjBoqC,EAAI2d,GAAOj4B,EAAIF,QAAQwoB,GAAKhO,KAE5BD,EAAIC,EAAElhC,SAAS,EAAG,GAClBihC,EAAE,IAAMjvB,EAAE,GACVivB,EAAE,IAAMjvB,EAAE,GAEVoM,EAAE,EAAItnB,GAAKoqC,EAAE,GACb9iB,EAAE,EAAItnB,EAAI,GAAKoqC,EAAE,GAGrB,OAAOgO,GAAKjO,EAAG7iB,EACjB,CAUO,SAAS0gC,GAAOn0C,EAAK9M,GAC1B,MAAM+oB,EAAM,IAAI/E,GAAO,MAAsB,EAAblX,EAAI5V,QAAa4V,GAC3Cg0C,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC6N,EAAIg4B,GAAOhhD,GACjB,IAAIojC,EAAIpa,EAAE7mB,SAAS,EAAG,GACtB,MAAMoe,EAAIyI,EAAE7mB,SAAS,GACfG,EAAI0mB,EAAE9xB,OAAS,EAAI,EACnBid,EAAI,IAAIgH,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAItI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI5Z,EAAIqJ,EAAI,EAAGrJ,GAAK,IAAKA,EAC5Bkb,EAAE,GAAK7R,EAAIuQ,GAAK5Z,EAAI,GAEpBoqC,EAAE,GAAKD,EAAE,GAAKjvB,EAAE,GAChBkvB,EAAE,GAAKD,EAAE,GAAKjvB,EAAE,GAEhBkvB,EAAE,GAAK9iB,EAAE,EAAItnB,GACboqC,EAAE,GAAK9iB,EAAE,EAAItnB,EAAI,GAEjBoqC,EAAI2d,GAAOj4B,EAAID,QAAQuoB,GAAKhO,KAE5BD,EAAIC,EAAElhC,SAAS,EAAG,GAElBoe,EAAE,EAAItnB,GAAKoqC,EAAE,GACb9iB,EAAE,EAAItnB,EAAI,GAAKoqC,EAAE,GAGrB,GAAID,EAAE,KAAO0d,EAAG,IAAM1d,EAAE,KAAO0d,EAAG,GAChC,OAAOzP,GAAK9wB,GAEd,MAAUrnB,MAAM,4BAClB,CAeA,SAAS8nD,GAAOhhD,GACd,MAAM9I,OAAEA,GAAW8I,EACb7F,EAfR,SAA2B6F,GACzB,GAAIsQ,GAAKC,SAASvQ,GAAO,CACvB,MAAM9I,OAAEA,GAAW8I,EACb7F,EAAS,IAAImhB,YAAYpkB,GACzB+wC,EAAO,IAAIpvC,WAAWsB,GAC5B,IAAK,IAAI0Y,EAAI,EAAGA,EAAI3b,IAAU2b,EAC5Bo1B,EAAKp1B,GAAK7S,EAAK0S,WAAWG,GAE5B,OAAO1Y,EAET,OAAO,IAAItB,WAAWmH,GAAM7F,MAC9B,CAIiB+mD,CAAkBlhD,GAC3BioC,EAAO,IAAI1sB,SAASphB,GACpBy4C,EAAM,IAAIz3B,YAAYjkB,EAAS,GACrC,IAAK,IAAI+B,EAAI,EAAGA,EAAI/B,EAAS,IAAK+B,EAChC25C,EAAI35C,GAAKgvC,EAAKpgB,UAAU,EAAI5uB,GAE9B,OAAO25C,CACT,CAEA,SAASvB,KACP,IAAIn6C,EAAS,EACb,IAAK,IAAIib,EAAI,EAAGA,EAAIugC,UAAUx7C,SAAUib,EACtCjb,GAAU,EAAIw7C,UAAUvgC,GAAGjb,OAE7B,MAAMiD,EAAS,IAAImhB,YAAYpkB,GACzB+wC,EAAO,IAAI1sB,SAASphB,GAC1B,IAAIkM,EAAS,EACb,IAAK,IAAIpN,EAAI,EAAGA,EAAIy5C,UAAUx7C,SAAU+B,EAAG,CACzC,IAAK,IAAI4Z,EAAI,EAAGA,EAAI6/B,UAAUz5C,GAAG/B,SAAU2b,EACzCo1B,EAAKkZ,UAAU96C,EAAS,EAAIwM,EAAG6/B,UAAUz5C,GAAG4Z,IAE9CxM,GAAU,EAAIqsC,UAAUz5C,GAAG/B,OAE7B,OAAO,IAAI2B,WAAWsB,EACxB,uECnHO,SAASiZ,GAAO3D,GACrB,MAAM6C,EAAI,EAAK7C,EAAQvY,OAAS,EAC1Bua,EAAS,IAAI5Y,WAAW4W,EAAQvY,OAASob,GAAG2jC,KAAK3jC,GAEvD,OADAb,EAAOnY,IAAImW,GACJgC,CACT,CAOO,SAAS+B,GAAO/D,GACrB,MAAMxJ,EAAMwJ,EAAQvY,OACpB,GAAI+O,EAAM,EAAG,CACX,MAAMqM,EAAI7C,EAAQxJ,EAAM,GACxB,GAAIqM,GAAK,EAAG,CACV,MAAM8uC,EAAW3xC,EAAQtN,SAAS8D,EAAMqM,GAClC+uC,EAAW,IAAIxoD,WAAWyZ,GAAG2jC,KAAK3jC,GACxC,GAAIhC,GAAKqD,iBAAiBytC,EAAUC,GAClC,OAAO5xC,EAAQtN,SAAS,EAAG8D,EAAMqM,IAIvC,MAAUpZ,MAAM,kBAClB,yECrBA,MAAMurC,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAexB,SAASusC,GAAeC,EAAarG,EAAKsG,EAAWC,GACnD,OAAOnxC,GAAKxX,iBAAiB,CAC3BoiD,EAAItjD,QACJ,IAAIiB,WAAW,CAAC0oD,IAChBC,EAAU5pD,QACV0Y,GAAKiC,mBAAmB,wBACxBkvC,EAAYt/C,SAAS,EAAG,KAE5B,CAGAlL,eAAeyqD,GAAIhL,EAAUnJ,EAAGr2C,EAAQyqD,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAI5oD,EACJ,GAAI2oD,EAAc,CAEhB,IAAK3oD,EAAI,EAAGA,EAAIs0C,EAAEr2C,QAAmB,IAATq2C,EAAEt0C,GAAUA,KACxCs0C,EAAIA,EAAEprC,SAASlJ,GAEjB,GAAI4oD,EAAe,CAEjB,IAAK5oD,EAAIs0C,EAAEr2C,OAAS,EAAG+B,GAAK,GAAc,IAATs0C,EAAEt0C,GAAUA,KAC7Cs0C,EAAIA,EAAEprC,SAAS,EAAGlJ,EAAI,GAOxB,aALqBiR,GAAK+zB,OAAOyY,EAAUpmC,GAAKxX,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzB00C,EACAoU,MAEYx/C,SAAS,EAAGjL,EAC5B,CAUAD,eAAe6qD,GAAsBp7C,EAAOs4C,GAC1C,OAAQt4C,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM0O,EAAIw1B,GAAe,KACnBhpC,UAAEA,EAAS22C,UAAEA,SAAoBC,GAAuBt7C,EAAOs4C,EAAG,KAAMpgC,GAC9E,IAAIxW,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAc5nC,GAEnD,OADAhD,EAAYkI,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQuP,IACpD,CAAEA,YAAW25C,aAEtB,IAAK,MACH,GAAIr7C,EAAMm3C,KAAOvtC,GAAKoE,eACpB,IACE,aAoKVzd,eAAqCyP,EAAOs4C,GAC1C,MAAMpI,EAAM4I,GAAe94C,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAKmB,GAC7D,IAAIjM,EAAUtO,GAAUwV,YACtB,CACE74C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEZoE,EAAYxd,GAAUgC,UACxB,MACAmQ,EACA,CACEx1C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,KAED9K,EAASkP,SAAmBlsD,QAAQ+H,IAAI,CAACi1C,EAASkP,IACnD,IAAIluC,EAAI0wB,GAAUyd,WAChB,CACE9gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,IACtBsE,OAAQF,GAEVlP,EAAQrjC,WACRhJ,EAAMm3C,IAAIE,YAERx1B,EAAIkc,GAAUyV,UAChB,MACAnH,EAAQ3qC,YAET2L,EAAGwU,SAAWxyB,QAAQ+H,IAAI,CAACiW,EAAGwU,IAC/B,MAAMw5B,EAAY,IAAIlpD,WAAWkb,GAC3B3L,EAAY,IAAIvP,WAAWulD,GAAe71B,IAChD,MAAO,CAAEngB,YAAW25C,YACtB,CA1MuBK,CAAsB17C,EAAOs4C,GAC1C,MAAOzH,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,MACF,IAAK,OACH,OAsQNtgD,eAAsCyP,EAAOs4C,GAC3C,MAAMqD,EAAS3d,GAAW4Z,WAAW53C,EAAMk3C,KAAKA,MAChDyE,EAAO9D,eACP,MAAMwD,EAAY,IAAIlpD,WAAWwpD,EAAOC,cAActD,IAChD52C,EAAY,IAAIvP,WAAWwpD,EAAO7D,gBACxC,MAAO,CAAEp2C,YAAW25C,YACtB,CA5QaQ,CAAuB77C,EAAOs4C,GAEzC,OA+NF/nD,eAA0CyP,EAAOs4C,GAC/C,MAAM3D,QAAqBK,GAAgBh1C,EAAMtF,MAC3C4sC,QAAUtnC,EAAMi4C,aACtBK,EAAIzD,GAAcF,EAAc2D,GAChC,MAAMwD,EAAIpH,GAAeC,EAAcrN,EAAEt+B,YACnCtH,EAAY4lC,EAAE5lC,UACdwhC,EAAI4Y,EAAEC,OAAOzD,EAAEH,aACf54C,EAAMo1C,EAAa30C,MAAM6hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY5hD,WAAY,KAAMoN,GAClD,MAAO,CAAEmC,YAAW25C,YACtB,CAzOSW,CAA2Bh8C,EAAOs4C,EAC3C,CAmCA/nD,eAAe+qD,GAAuBt7C,EAAO87C,EAAGxD,EAAGpgC,GACjD,GAAIA,EAAE1nB,SAAWwP,EAAMo3C,YAAa,CAClC,MAAMpuC,EAAa,IAAI7W,WAAW6N,EAAMo3C,aACxCpuC,EAAWpW,IAAIslB,EAAGlY,EAAMo3C,YAAcl/B,EAAE1nB,QACxC0nB,EAAIlP,EAEN,OAAQhJ,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM9E,EAAYwT,EAAEpnB,QAAQ+O,UAE5B,MAAO,CAAE6E,YAAW22C,UADFjV,GAAK+F,WAAWznC,EAAWo3C,EAAErgD,SAAS,KAG1D,IAAK,MACH,GAAIuE,EAAMm3C,KAAOvtC,GAAKoE,eACpB,IACE,aAqDVzd,eAAsCyP,EAAO87C,EAAGxD,EAAGpgC,GACjD,MAAMqjC,EAAY5K,GAAa3wC,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAKmB,EAAGpgC,GACpE,IAAIlP,EAAa+0B,GAAUgC,UACzB,MACAwb,EACA,CACE7gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEhB,MAAMjH,EAAM4I,GAAe94C,EAAMo3C,YAAap3C,EAAMm3C,IAAIA,IAAK2E,GAC7D,IAAIH,EAAS5d,GAAUgC,UACrB,MACAmQ,EACA,CACEx1C,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,MAExB,EACA,KAEDnuC,EAAY2yC,SAAgBtsD,QAAQ+H,IAAI,CAAC4R,EAAY2yC,IACtD,IAAIzY,EAAInF,GAAUyd,WAChB,CACE9gD,KAAM,OACN+8C,WAAYz3C,EAAMm3C,IAAIA,IACtBsE,OAAQE,GAEV3yC,EACAhJ,EAAMm3C,IAAIE,YAER4E,EAASle,GAAUyV,UACrB,MACAxqC,IAEDk6B,EAAG+Y,SAAgB5sD,QAAQ+H,IAAI,CAAC8rC,EAAG+Y,IACpC,MAAMZ,EAAY,IAAIlpD,WAAW+wC,GAEjC,MAAO,CAAEx+B,UADSyM,GAAgB8qC,EAAO/jC,GACrBmjC,YACtB,CA9FuBa,CAAuBl8C,EAAO87C,EAAGxD,EAAGpgC,GACjD,MAAO24B,GACPjnC,GAAK4D,gBAAgBqjC,GAGzB,MACF,IAAK,OACH,OA0LNtgD,eAAuCyP,EAAO87C,EAAG5jC,GAC/C,MAAMqjC,EAAYvd,GAAW4Z,WAAW53C,EAAMk3C,KAAKA,MACnDqE,EAAUY,cAAcjkC,GACxB,MAAMmjC,EAAY,IAAIlpD,WAAWopD,EAAUK,cAAcE,IAEzD,MAAO,CAAEp3C,UADS,IAAIvS,WAAWopD,EAAUxD,iBACvBsD,YACtB,CAhMae,CAAwBp8C,EAAO87C,EAAG5jC,GAE7C,OAgJF3nB,eAA2CyP,EAAO87C,EAAG5jC,GACnD,MAAMy8B,QAAqBK,GAAgBh1C,EAAMtF,MACjDohD,EAAIjH,GAAcF,EAAcmH,GAChC5jC,EAAIw8B,GAAeC,EAAcz8B,GACjC,MAAMxT,EAAY,IAAIvS,WAAW+lB,EAAEkgC,cAC7BlV,EAAIhrB,EAAE6jC,OAAOD,EAAE3D,aACf54C,EAAMo1C,EAAa30C,MAAM6hB,EAAEluB,aAC3B0nD,EAAYnY,EAAE6Q,YAAY5hD,WAAY,KAAMoN,GAClD,MAAO,CAAEmF,YAAW22C,YACtB,CAzJSgB,CAA4Br8C,EAAO87C,EAAG5jC,EAC/C,kEAjIO3nB,eAA8BikD,EAAK8D,EAAGpgC,GAC3C,OAAOmgC,GAAuB7nC,GAAM9O,UAAUM,KAAMwyC,EAAK8D,EAAGpgC,EAC9D,UAgFO3nB,eAAuBikD,EAAKsG,EAAWxhD,EAAMg/C,EAAGyC,GACrD,MAAMn+C,EAAI0/C,GAAahjD,GAEjB0G,EAAQ,IAAIs3C,GAAa9C,IACzB9yC,UAAEA,EAAS25C,UAAEA,SAAoBD,GAAsBp7C,EAAOs4C,GAC9D2C,EAAQL,GAAepqC,GAAM9O,UAAUM,KAAMwyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QAGxC,MAAO,CAAE5b,YAAW66C,WADDC,SADHxB,GAAIF,EAAUt3C,KAAM63C,EAAW34B,EAASu4B,GACvBr+C,GAEnC,UAoDOrM,eAAuBikD,EAAKsG,EAAWgB,EAAGx5B,EAAGg2B,EAAGpgC,EAAG6iC,GACxD,MAAM/6C,EAAQ,IAAIs3C,GAAa9C,IACzB6G,UAAEA,SAAoBC,GAAuBt7C,EAAO87C,EAAGxD,EAAGpgC,GAC1D+iC,EAAQL,GAAepqC,GAAM9O,UAAUM,KAAMwyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QACxC,IAAIuzB,EACJ,IAAK,IAAIt+C,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAGE,OAAOkqD,GAAaC,SADJ1B,GAAIF,EAAUt3C,KAAM63C,EAAW34B,EAASu4B,EAAa,IAAN1oD,EAAe,IAANA,GACpC+vB,IACpC,MAAOzuB,GACPg9C,EAAMh9C,EAGV,MAAMg9C,CACR,ICrMA,MAAM9S,GAAYn0B,GAAKoE,eACjBgwB,GAAap0B,GAAKyE,gBAClBsuC,GAAmB3e,IAAcA,GAAW4e,WAAa5e,GAAW4e,UAAU1uC,OAErE3d,eAAessD,GAAK7M,EAAU8M,EAAUC,EAAMC,EAAMC,GACjE,MAAMz5C,EAAOgN,GAAMlgB,KAAKkgB,GAAMxM,QAASgsC,GACvC,IAAKxsC,EAAM,MAAUhR,MAAM,qCAE3B,GAAIurC,IAAa4e,GAAkB,CACjC,MAAM1uC,EAAS8vB,IAAa4e,GACtBO,QAAoBjvC,EAAO8xB,UAAU,MAAO+c,EAAU,QAAQ,EAAO,CAAC,eACtE/uC,QAAaE,EAAOutC,WAAW,CAAE9gD,KAAM,OAAQ8I,OAAMu5C,OAAMC,QAAQE,EAAsB,EAATD,GACtF,OAAO,IAAI9qD,WAAW4b,GAGxB,GAAIiwB,GAAY,CACd,MAAMmf,EAAe3sC,GAAMlgB,KAAKkgB,GAAMhN,KAAMwsC,GAGtCoN,EAAc,CAACC,EAASC,IAAgBtf,GAAWuf,WAAWJ,EAAcE,GAASnmB,OAAOomB,GAAa/lB,SAGzGimB,EAAkBJ,EAAYL,EAAMD,GAEpCW,EAAUD,EAAgBhtD,OAI1BoL,EAAIV,KAAKmQ,KAAK4xC,EAASQ,GACvBC,EAAuB,IAAIvrD,WAAWyJ,EAAI6hD,GAG1CE,EAAa,IAAIxrD,WAAWsrD,EAAUT,EAAKxsD,OAAS,GAE1DmtD,EAAW/qD,IAAIoqD,EAAMS,GAErB,IAAK,IAAIlrD,EAAI,EAAGA,EAAIqJ,EAAGrJ,IAAK,CAG1BorD,EAAWA,EAAWntD,OAAS,GAAK+B,EAAI,EAExC,MAAMkb,EAAI2vC,EAAYI,EAAiBjrD,EAAI,EAAIorD,EAAaA,EAAWliD,SAASgiD,IAChFE,EAAW/qD,IAAI6a,EAAG,GAElBiwC,EAAqB9qD,IAAI6a,EAAGlb,EAAIkrD,GAGlC,OAAOC,EAAqBjiD,SAAS,EAAGwhD,GAG1C,MAAUzqD,MAAM,mCAClB,CC7CA,MAAMorD,GAAY,CAChBt7C,OAAQsH,GAAK0C,WAAW,8EAQnB/b,eAAwB0uC,GAC7B,GAAQA,IACDzuB,GAAM9O,UAAUY,OAAQ,CAE3B,MAAMmJ,EAAIiiC,GAAe,KACjBhsC,UAAWg7B,GAAM0J,GAAKgG,IAAIC,QAAQC,cAAc7gC,GACxD,MAAO,CAAEixB,IAAGjxB,KAGZ,MAAUjZ,MAAM,6BAEtB,iBAUOjC,eAA8B0uC,EAAMvC,EAAGjxB,GAC5C,GAAQwzB,IACDzuB,GAAM9O,UAAUY,OAAQ,CAK3B,MAAMZ,UAAEA,GAAc0kC,GAAKgG,IAAIC,QAAQC,cAAc7gC,GACrD,OAAO7B,GAAKqD,iBAAiByvB,EAAGh7B,GAIhC,OAAO,CAEb,UAcOnR,eAAuB0uC,EAAM3lC,EAAMukD,GACxC,GAAQ5e,IACDzuB,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMw7C,EAAqBpQ,GAAe,IACpCqQ,EAAe3X,GAAK+F,WAAW2R,EAAoBD,IACjDn8C,UAAWs8C,GAAuB5X,GAAKgG,IAAIC,QAAQC,cAAcwR,GACnEG,EAAYr0C,GAAKxX,iBAAiB,CACtC4rD,EACAH,EACAE,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,GAAM/N,UAAUM,QAG9C,MAAO,CAAEi7C,qBAAoBzB,WADVC,SADS0B,GAAY1tC,GAAMhN,KAAKI,OAAQq6C,EAAW,IAAI9rD,WAAcyrD,GAAUt7C,OAAQogB,GAC7DppB,IAK7C,MAAU9G,MAAM,6BAEtB,UAaOjC,eAAuB0uC,EAAM+e,EAAoBzB,EAAY7f,EAAGjxB,GACrE,GAAQwzB,IACDzuB,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMy7C,EAAe3X,GAAK+F,WAAW1gC,EAAGuyC,GAClCC,EAAYr0C,GAAKxX,iBAAiB,CACtC4rD,EACAthB,EACAqhB,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,GAAM/N,UAAUM,QAE9C,OAAO25C,SADqBwB,GAAY1tC,GAAMhN,KAAKI,OAAQq6C,EAAW,IAAI9rD,WAAcyrD,GAAUt7C,OAAQogB,GACvE65B,GAGnC,MAAU/pD,MAAM,6BAEtB,6HRqFAjC,eAAwByP,GACtB,MAAMrE,QAAmBiO,GAAKuE,gBAE9BnO,EAAQ,IAAIs3C,GAAat3C,GACzB,MAAMqsC,QAAgBrsC,EAAMi4C,aACtBK,EAAI,IAAI38C,EAAW0wC,EAAQ3qC,WAAWlC,eACtCy8C,EAAS,IAAItgD,EAAW0wC,EAAQrjC,YAAYxJ,aAAa,KAAMQ,EAAMo3C,aAC3E,MAAO,CACL5C,IAAKx0C,EAAMw0C,IACX8D,IACA2D,SACAz4C,KAAMxD,EAAMwD,KACZ8Z,OAAQtd,EAAMsd,OAElB,uBAOA,SAA8Bk3B,GAC5B,OAAOwC,GAAOxmC,GAAMtf,MAAMsf,GAAMxQ,MAAOw0C,EAAI19B,UAAUtT,IACvD,2DS3LOjT,eAAoBy/C,EAAUte,EAAQ0C,EAAGvS,EAAG/jB,EAAGxB,GACpD,MAAMX,QAAmBiO,GAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GAM3B,IAAI8P,EACAtO,EACAkQ,EACAI,EARJoU,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB93B,EAAI,IAAIX,EAAWW,GAMnB83B,EAAIA,EAAEt3B,IAAI+kB,GACVvlB,EAAIA,EAAEQ,IAAIgB,GAMV,MAAM6N,EAAI,IAAIhQ,EAAW+1B,EAAOj2B,SAAS,EAAGqC,EAAEnK,eAAemJ,IAAIgB,GAMjE,OAAa,CAIX,GAFA2N,QAAUkiC,GAAoBxuC,EAAKrB,GACnCX,EAAIi3B,EAAEr3B,OAAO0O,EAAGoW,GAAGllB,KAAKmB,GACpBX,EAAEH,SACJ,SAEF,MAAMmhD,EAAK7hD,EAAEI,IAAIS,GAAGR,KAAKmB,GAGzB,GAFA2P,EAAI9B,EAAElW,IAAI0oD,GAAIxhD,KAAKmB,GACnBuP,EAAI5B,EAAEnO,OAAOQ,GAAGrB,KAAKgR,GAAG9Q,KAAKmB,IACzBuP,EAAErQ,SAGN,MAEF,MAAO,CACLG,EAAGA,EAAEqC,aAAa,KAAM1B,EAAEnK,cAC1B0Z,EAAGA,EAAE7N,aAAa,KAAM1B,EAAEnK,cAE9B,SAeOpD,eAAsBy/C,EAAU7yC,EAAGkQ,EAAGqkB,EAAQ0C,EAAGvS,EAAG/jB,EAAGJ,GAC5D,MAAM/B,QAAmBiO,GAAKuE,gBACxBjP,EAAO,IAAIvD,EAAW,GAS5B,GARAwB,EAAI,IAAIxB,EAAWwB,GACnBkQ,EAAI,IAAI1R,EAAW0R,GAEnBwU,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GAEfP,EAAEmB,IAAIY,IAAS/B,EAAEqB,IAAIV,IACrBuP,EAAE/O,IAAIY,IAASmO,EAAE7O,IAAIV,GAEvB,OADA8L,GAAK0D,WAAW,0BACT,EAET,MAAM3B,EAAI,IAAIhQ,EAAW+1B,EAAOj2B,SAAS,EAAGqC,EAAEnK,eAAegJ,KAAKmB,GAC5D8oB,EAAIvZ,EAAE/P,OAAOQ,GACnB,GAAI8oB,EAAE5pB,SAEJ,OADA4M,GAAK0D,WAAW,0BACT,EAGT8mB,EAAIA,EAAEt3B,IAAI+kB,GACVnkB,EAAIA,EAAEZ,IAAI+kB,GACV,MAAMu8B,EAAKzyC,EAAEjP,IAAIkqB,GAAGjqB,KAAKmB,GACnBugD,EAAKlhD,EAAET,IAAIkqB,GAAGjqB,KAAKmB,GACnBuc,EAAK+Z,EAAEr3B,OAAOqhD,EAAIv8B,GAClBvH,EAAK5c,EAAEX,OAAOshD,EAAIx8B,GAExB,OADUxH,EAAG3d,IAAI4d,GAAI3d,KAAKklB,GAAGllB,KAAKmB,GACzBM,MAAMjB,EACjB,iBAYO5M,eAA8BsxB,EAAG/jB,EAAGs2B,EAAG12B,EAAGpB,GAC/C,MAAMX,QAAmBiO,GAAKuE,gBAC9B0T,EAAI,IAAIlmB,EAAWkmB,GACnB/jB,EAAI,IAAInC,EAAWmC,GACnBs2B,EAAI,IAAIz4B,EAAWy4B,GACnB12B,EAAI,IAAI/B,EAAW+B,GACnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIy4B,EAAE91B,IAAIa,IAAQi1B,EAAE51B,IAAIqjB,GACtB,OAAO,EAMT,IAAKA,EAAEzlB,MAAMU,IAAIgB,GAAGd,SAClB,OAAO,EAOT,IAAKo3B,EAAEr3B,OAAOe,EAAG+jB,GAAG5kB,QAClB,OAAO,EAMT,MAAMqhD,EAAQ,IAAI3iD,EAAWmC,EAAEmB,aACzBs/C,EAAO,IAAI5iD,EAAW,KAC5B,GAAI2iD,EAAMjgD,GAAGkgD,WAAiBvQ,GAAgBlwC,EAAG,KAAM,IACrD,OAAO,EASTxB,EAAI,IAAIX,EAAWW,GACnB,MAAM2lC,EAAM,IAAItmC,EAAW,GACrBwB,QAAUwwC,GAAoB1L,EAAIhkC,UAAUqgD,EAAMliD,OAAQ6lC,EAAIhkC,UAAUqgD,IACxEhK,EAAMx2C,EAAEpB,IAAIS,GAAG1H,IAAI6G,GACzB,QAAKoB,EAAEU,MAAMg2B,EAAEr3B,OAAOu3C,EAAKzyB,GAK7B,OCxLe,CAEb28B,IAAKA,GAEL18C,QAASA,GAETmzC,SAAUA,GAEVlzC,IAAKA,GAELqkC,KAAMA,2ECAD,SAA8BnH,EAAM16B,GACzC,IAAIjU,EAAO,EACX,OAAQ2uC,GAGN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAInB,MAAO,CAAEwL,EAHCzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,KAQ5C,KAAKkgB,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUO,MACrB,CACE,MAAM9E,EAAIyM,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAAQA,GAAQ6M,EAAE3M,OAAS,EAErE,MAAO,CAAE2M,IAAGkQ,EADFzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,KAM5C,KAAKkgB,GAAM9O,UAAUQ,YAAa,CAGhC,IAAI/E,EAAIyM,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAAQA,GAAQ6M,EAAE3M,OAAS,EACnE2M,EAAIyM,GAAKkB,QAAQ3N,EAAG,IACpB,IAAIkQ,EAAIzD,GAAKgB,QAAQrG,EAAU9I,SAASnL,IAExC,OADA+c,EAAIzD,GAAKkB,QAAQuC,EAAG,IACb,CAAElQ,IAAGkQ,KAId,KAAKmD,GAAM9O,UAAUf,QAAS,CAC5B,MAAMu5C,EAAK31C,EAAU9I,SAASnL,EAAMA,EAAO,IAC3C,OADgDA,GAAQ4pD,EAAG1pD,OACpD,CAAE0pD,MAEX,QACE,MAAM,IAAI3D,GAAiB,gCAEjC,SAgBOhmD,eAAsB0uC,EAAM+Q,EAAUzrC,EAAWk6C,EAAcnlD,EAAMo4B,GAC1E,OAAQuN,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM4qD,EACXpxC,EAAIzD,GAAKkB,QAAQvG,EAAU8I,EAAGzR,EAAEpL,QACtC,OAAOkR,GAAU88C,IAAI1R,OAAOkD,EAAU12C,EAAM+T,EAAGzR,EAAG/H,EAAG69B,GAEvD,KAAKlhB,GAAM9O,UAAUK,IAAK,CACxB,MAAMqyB,EAAEA,EAACvS,EAAEA,EAAC/jB,EAAEA,EAACJ,EAAEA,GAAM+gD,GACjBthD,EAAEA,EAACkQ,EAAEA,GAAM9I,EACjB,OAAO7C,GAAUK,IAAI+qC,OAAOkD,EAAU7yC,EAAGkQ,EAAGqkB,EAAQ0C,EAAGvS,EAAG/jB,EAAGJ,GAE/D,KAAK8S,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EACbC,EAAY,IAAIh9C,GAAUuzC,SAASqC,aAAa9C,GAAK4C,YAErDj6C,EAAIyM,GAAKkB,QAAQvG,EAAUpH,EAAGuhD,GAC9BrxC,EAAIzD,GAAKkB,QAAQvG,EAAU8I,EAAGqxC,GACpC,OAAOh9C,GAAUuzC,SAAShzC,MAAM6qC,OAAO0H,EAAKxE,EAAU,CAAE7yC,IAAGkQ,KAAK/T,EAAMg/C,EAAG5mB,GAE3E,KAAKlhB,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EAEnB,OAAO/8C,GAAUuzC,SAAS/yC,YAAY4qC,OAAO0H,EAAKxE,EAAUzrC,EAAWjL,EAAMg/C,EAAG5mB,GAElF,KAAKlhB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAM+hB,EACd,OAAO/8C,GAAUuzC,SAAS9yC,MAAM2qC,OAAO7N,EAAM+Q,EAAUzrC,EAAWjL,EAAMojC,EAAGhL,GAE7E,QACE,MAAUl/B,MAAM,gCAEtB,OAgBOjC,eAAoB0uC,EAAM+Q,EAAU2O,EAAiBC,EAAkBtlD,EAAMo4B,GAClF,IAAKitB,IAAoBC,EACvB,MAAUpsD,MAAM,0BAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMs1B,EAEvB,MAAO,CAAEvxC,QADO3L,GAAU88C,IAAIjS,KAAKyD,EAAU12C,EAAMsC,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGoI,IAGvE,KAAKlhB,GAAM9O,UAAUK,IAAK,CACxB,MAAMqyB,EAAEA,EAACvS,EAAEA,EAAC/jB,EAAEA,GAAM6gD,GACdriD,EAAEA,GAAMsiD,EACd,OAAOl9C,GAAUK,IAAIwqC,KAAKyD,EAAUte,EAAQ0C,EAAGvS,EAAG/jB,EAAGxB,GAEvD,KAAKkU,GAAM9O,UAAUI,QACnB,MAAUtP,MAAM,gEAElB,KAAKge,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACbzmC,EAAEA,GAAM0mC,EACd,OAAOl9C,GAAUuzC,SAAShzC,MAAMsqC,KAAKiI,EAAKxE,EAAU12C,EAAMg/C,EAAGpgC,EAAGwZ,GAElE,KAAKlhB,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACb1R,KAAEA,GAAS2R,EACjB,OAAOl9C,GAAUuzC,SAAS/yC,YAAYqqC,KAAKiI,EAAKxE,EAAU12C,EAAMg/C,EAAGrL,EAAMvb,GAE3E,KAAKlhB,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAMiiB,GACR1R,KAAEA,GAAS2R,EACjB,OAAOl9C,GAAUuzC,SAAS9yC,MAAMoqC,KAAKtN,EAAM+Q,EAAU12C,EAAMojC,EAAGuQ,EAAMvb,GAEtE,QACE,MAAUl/B,MAAM,gCAEtB,ICjJA,MAAMqsD,GACJ3vD,YAAYoK,GACNA,IACFlK,KAAKkK,KAAOA,GAWhBhJ,KAAKoG,GACH,GAAIA,EAAMlG,QAAU,EAAG,CACrB,MAAMA,EAASkG,EAAM,GACrB,GAAIA,EAAMlG,QAAU,EAAIA,EAEtB,OADApB,KAAKkK,KAAO5C,EAAM+E,SAAS,EAAG,EAAIjL,GAC3B,EAAIpB,KAAKkK,KAAK9I,OAGzB,MAAUgC,MAAM,yBAOlBtB,QACE,OAAO0Y,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKkK,KAAK9I,SAAUpB,KAAKkK,QCzB3E,MAAMwlD,GAKJ5vD,YAAYoK,GACV,GAAIA,EAAM,CACR,MAAMkK,KAAEA,EAAI8Z,OAAEA,GAAWhkB,EACzBlK,KAAKoU,KAAOA,EACZpU,KAAKkuB,OAASA,OAEdluB,KAAKoU,KAAO,KACZpU,KAAKkuB,OAAS,KASlBhtB,KAAKZ,GACH,GAAIA,EAAMc,OAAS,GAAkB,IAAbd,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAI6mD,GAAiB,yBAI7B,OAFAnnD,KAAKoU,KAAO9T,EAAM,GAClBN,KAAKkuB,OAAS5tB,EAAM,GACb,EAOTwB,QACE,OAAO,IAAIiB,WAAW,CAAC,EAAG,EAAG/C,KAAKoU,KAAMpU,KAAKkuB,UCxDjD,MAAMyhC,GACJ3nC,mBAAkBmlC,WAAEA,EAAUjD,UAAEA,IAC9B,MAAM0F,EAAW,IAAID,GAGrB,OAFAC,EAASzC,WAAaA,EACtByC,EAAS1F,UAAYA,EACd0F,EAST1uD,KAAKoG,GACH,IAAIpG,EAAO,EACP2uD,EAAevoD,EAAMpG,KACzBlB,KAAKkqD,UAAY2F,EAAe,EAAIvoD,EAAMpG,KAAU,KACpD2uD,GAAgBA,EAAe,EAC/B7vD,KAAKmtD,WAAa7lD,EAAM+E,SAASnL,EAAMA,EAAO2uD,GAAe3uD,GAAQ2uD,EAOvE/tD,QACE,OAAO0Y,GAAKxX,iBAAiB,CAC3BhD,KAAKkqD,UACH,IAAInnD,WAAW,CAAC/C,KAAKmtD,WAAW/rD,OAAS,EAAGpB,KAAKkqD,YACjD,IAAInnD,WAAW,CAAC/C,KAAKmtD,WAAW/rD,SAClCpB,KAAKmtD,cCsaX,SAAS2C,GAAoB1K,GAC3B,IACEA,EAAIC,UACJ,MAAO5gD,GACP,MAAM,IAAI0iD,GAAiB,qBAE/B,oEAnaOhmD,eAAgC4uD,EAASC,EAAeX,EAAcnlD,EAAMyhD,GACjF,OAAQoE,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eAAgB,CACnC,MAAM/F,EAAEA,EAAC/H,EAAEA,GAAM4qD,EAEjB,MAAO,CAAE7yC,QADOlK,GAAU88C,IAAIr8B,QAAQ7oB,EAAMsC,EAAG/H,IAGjD,KAAK2c,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAEA,EAACuS,EAAEA,EAAC12B,EAAEA,GAAM+gD,EACpB,OAAO/8C,GAAUI,QAAQqgB,QAAQ7oB,EAAMuoB,EAAGuS,EAAG12B,GAE/C,KAAK8S,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc2D,GACtB/8C,UAAWo6C,EAAGS,WAAYj6B,SAAY5gB,GAAUuzC,SAASjzC,KAAKmgB,QACpEqyB,EAAKsG,EAAWxhD,EAAMg/C,EAAGyC,GAC3B,MAAO,CAAEe,IAAGx5B,EAAG,IAAI+8B,GAAW/8B,IAEhC,KAAK9R,GAAM9O,UAAUY,OAAQ,CAC3B,IAAKsH,GAAK0G,MAAM8uC,GAEd,MAAU5sD,MAAM,iDAElB,MAAMkqC,EAAEA,GAAM+hB,GACRT,mBAAEA,EAAkBzB,WAAEA,SAAqB76C,GAAUuzC,SAASqK,MAAMn9B,QACxEg9B,EAAS7lD,EAAMojC,GAEjB,MAAO,CAAEshB,qBAAoB17B,EADnBy8B,GAAkBQ,WAAW,CAAEjG,UAAW8F,EAAe7C,gBAGrE,QACE,MAAO,GAEb,mBAgBOhsD,eAAgC0uC,EAAM0f,EAAiBC,EAAkBY,EAAkBzE,EAAajM,GAC7G,OAAQ7P,GACN,KAAKzuB,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUE,WAAY,CAC/B,MAAMgK,EAAEA,GAAM4zC,GACR5jD,EAAG/H,EAAEA,GAAM8qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMs1B,EACvB,OAAOl9C,GAAU88C,IAAIp8B,QAAQxW,EAAGhQ,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,EAAGwlB,GAEpD,KAAKt+B,GAAM9O,UAAUI,QAAS,CAC5B,MAAMkb,GAAEA,EAAEC,GAAEA,GAAOuiC,EACb39B,EAAI88B,EAAgB98B,EACpBvlB,EAAIsiD,EAAiBtiD,EAC3B,OAAOoF,GAAUI,QAAQsgB,QAAQpF,EAAIC,EAAI4E,EAAGvlB,EAAGwyC,GAEjD,KAAKt+B,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc6D,GACxBzmC,EAAEA,GAAM0mC,GACR9C,EAAEA,EAACx5B,EAAEA,GAAMk9B,EACjB,OAAO99C,GAAUuzC,SAASjzC,KAAKogB,QAC7BoyB,EAAKsG,EAAWgB,EAAGx5B,EAAEhpB,KAAMg/C,EAAGpgC,EAAG6iC,GAErC,KAAKvqC,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAEA,GAAMiiB,GACRlzC,EAAEA,GAAMmzC,GACRZ,mBAAEA,EAAkB17B,EAAEA,GAAMk9B,EAClC,IAAK51C,GAAK0G,MAAMgS,EAAEg3B,WAChB,MAAU9mD,MAAM,4BAElB,OAAOkP,GAAUuzC,SAASqK,MAAMl9B,QAC9B6c,EAAM+e,EAAoB17B,EAAEi6B,WAAY7f,EAAGjxB,GAE/C,QACE,MAAUjZ,MAAM,4CAEtB,uBAQO,SAA8BysC,EAAMvoC,GACzC,IAAIpG,EAAO,EACX,OAAQ2uC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAIgO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQsL,EAAEpL,OAAS,EACjE,MAAMqD,EAAI+V,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQuD,EAAErD,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE7iD,IAAG/H,MAEpC,KAAK2c,GAAM9O,UAAUK,IAAK,CACxB,MAAM8f,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAMsN,EAAI8L,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwN,EAAEtN,OAAS,EACjE,MAAM4jC,EAAIxqB,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ8jC,EAAE5jC,OAAS,EACjE,MAAMkN,EAAIkM,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQoN,EAAElN,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE58B,IAAG/jB,IAAGs2B,IAAG12B,MAE1C,KAAK8S,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAM4jC,EAAIxqB,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ8jC,EAAE5jC,OAAS,EACjE,MAAMkN,EAAIkM,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQoN,EAAElN,OAAS,EAC1D,CAAEF,OAAMmuD,aAAc,CAAE58B,IAAGuS,IAAG12B,MAEvC,KAAK8S,GAAM9O,UAAUO,MAAO,CAC1B,MAAMuyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQgoD,EAAE9nD,OAAS,EAC1D,CAAEF,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,GAAM9O,UAAUQ,YAAa,CAChC,MAAMsyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,IAAI8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEpC,OAF4CA,GAAQgoD,EAAE9nD,OAAS,EAC/D8nD,EAAI1uC,GAAKkB,QAAQwtC,EAAG,IACb,CAAEhoD,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,GAAM9O,UAAUM,KAAM,CACzB,MAAMwyC,EAAM,IAAID,GAAOjkD,GAAQkkD,EAAIlkD,KAAKoG,GACxCwoD,GAAoB1K,GACpB,MAAM8D,EAAI1uC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQgoD,EAAE9nD,OAAS,EACjE,MAAMsqD,EAAY,IAAIgE,GACtB,OADmCxuD,GAAQwqD,EAAUxqD,KAAKoG,EAAM+E,SAASnL,IAClE,CAAEA,KAAMA,EAAMmuD,aAAc,CAAEjK,MAAK8D,IAAGwC,cAE/C,KAAKtqC,GAAM9O,UAAUf,QACrB,KAAK6P,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAIhmC,EAAM+E,SAASnL,EAAMA,EAAO,IACtC,OAD2CA,GAAQosC,EAAElsC,OAC9C,CAAEF,OAAMmuD,aAAc,CAAE/hB,MAEjC,QACE,MAAM,IAAI6Z,GAAiB,4CAEjC,wBASO,SAA+BtX,EAAMvoC,EAAO+nD,GACjD,IAAInuD,EAAO,EACX,OAAQ2uC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMqW,EAAItO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ4nB,EAAE1nB,OAAS,EACjE,MAAMqxB,EAAIjY,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQuxB,EAAErxB,OAAS,EACjE,MAAMsN,EAAI8L,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwN,EAAEtN,OAAS,EACjE,MAAM84B,EAAI1f,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQg5B,EAAE94B,OAAS,EAC1D,CAAEF,OAAMmvD,cAAe,CAAEvnC,IAAG2J,IAAG/jB,IAAGwrB,MAE3C,KAAK9Y,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUI,QAAS,CAC5B,MAAMxF,EAAIsN,GAAKgB,QAAQlU,EAAM+E,SAASnL,IACtC,OAD8CA,GAAQgM,EAAE9L,OAAS,EAC1D,CAAEF,OAAMmvD,cAAe,CAAEnjD,MAElC,KAAKkU,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUM,KAAM,CACzB,MAAMhC,EAAQ,IAAIs3C,GAAamH,EAAajK,KAC5C,IAAIt8B,EAAItO,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEpC,OAF4CA,GAAQ4nB,EAAE1nB,OAAS,EAC/D0nB,EAAItO,GAAKkB,QAAQoN,EAAGlY,EAAMo3C,aACnB,CAAE9mD,OAAMmvD,cAAe,CAAEvnC,MAElC,KAAK1H,GAAM9O,UAAUQ,YAAa,CAChC,MAAMlC,EAAQ,IAAIs3C,GAAamH,EAAajK,KAC5C,IAAIvH,EAAOrjC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAEvC,OAF+CA,GAAQ28C,EAAKz8C,OAAS,EACrEy8C,EAAOrjC,GAAKkB,QAAQmiC,EAAMjtC,EAAMo3C,aACzB,CAAE9mD,OAAMmvD,cAAe,CAAExS,SAElC,KAAKz8B,GAAM9O,UAAUf,QAAS,CAC5B,MAAMssC,EAAOv2C,EAAM+E,SAASnL,EAAMA,EAAO,IACzC,OAD8CA,GAAQ28C,EAAKz8C,OACpD,CAAEF,OAAMmvD,cAAe,CAAExS,SAElC,KAAKz8B,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMmJ,EAAI/U,EAAM+E,SAASnL,EAAMA,EAAO,IACtC,OAD2CA,GAAQmb,EAAEjb,OAC9C,CAAEF,OAAMmvD,cAAe,CAAEh0C,MAElC,QACE,MAAM,IAAI8qC,GAAiB,4CAEjC,2BAOO,SAAkCtX,EAAMvoC,GAC7C,IAAIpG,EAAO,EACX,OAAQ2uC,GAGN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eAEnB,MAAO,CAAEiK,EADChC,GAAKgB,QAAQlU,EAAM+E,SAASnL,KAOxC,KAAKkgB,GAAM9O,UAAUI,QAAS,CAC5B,MAAMkb,EAAKpT,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQ0sB,EAAGxsB,OAAS,EAEnE,MAAO,CAAEwsB,KAAIC,GADFrT,GAAKgB,QAAQlU,EAAM+E,SAASnL,KAMzC,KAAKkgB,GAAM9O,UAAUM,KAAM,CACzB,MAAM85C,EAAIlyC,GAAKgB,QAAQlU,EAAM+E,SAASnL,IAAQA,GAAQwrD,EAAEtrD,OAAS,EACjE,MAAM8xB,EAAI,IAAI+8B,GACd,OAD4B/8B,EAAEhyB,KAAKoG,EAAM+E,SAASnL,IAC3C,CAAEwrD,IAAGx5B,KAOd,KAAK9R,GAAM9O,UAAUY,OAAQ,CAC3B,MAAM07C,EAAqBtnD,EAAM+E,SAASnL,EAAMA,EAAO,IAAKA,GAAQ0tD,EAAmBxtD,OACvF,MAAM8xB,EAAI,IAAIy8B,GACd,OADmCz8B,EAAEhyB,KAAKoG,EAAM+E,SAASnL,IAClD,CAAE0tD,qBAAoB17B,KAE/B,QACE,MAAM,IAAIi0B,GAAiB,4CAEjC,kBAQO,SAAyBtX,EAAMuX,GAEpC,MAAMkJ,EAAgC,IAAI7sC,IAAI,CAACrC,GAAM9O,UAAUf,QAAS6P,GAAM9O,UAAUY,SAClFq9C,EAAgBplD,OAAOqoB,KAAK4zB,GAAQ9+C,KAAIgD,IAC5C,MAAMugD,EAAQzE,EAAO97C,GACrB,OAAKkP,GAAK1X,aAAa+oD,GAChByE,EAA8BlqD,IAAIypC,GAAQgc,EAAQrxC,GAAKoB,gBAAgBiwC,GADxCA,EAAM/pD,OACwC,IAEtF,OAAO0Y,GAAKxX,iBAAiButD,EAC/B,iBAUO,SAAwB1gB,EAAMlxB,EAAMymC,GACzC,OAAQvV,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QACnB,OAAOH,GAAU88C,IAAIoB,SAAS7xC,EAAM,OAAO/c,MAAK,EAAG4K,IAAG/H,IAAGqkB,IAAG2J,IAAG/jB,IAAGwrB,SAChEm2B,cAAe,CAAEvnC,IAAG2J,IAAG/jB,IAAGwrB,KAC1Bm1B,aAAc,CAAE7iD,IAAG/H,SAGvB,KAAK2c,GAAM9O,UAAUO,MACnB,OAAOP,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,GAAM9O,UAAUQ,YACnB,OAAOR,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAExS,KAAMgP,GACvBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,GAAM9O,UAAUM,KACnB,OAAON,GAAUuzC,SAAS2K,SAASpL,GAAKxjD,MAAK,EAAGwjD,MAAK8D,IAAG2D,SAAQz4C,OAAM8Z,cACpEmiC,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CACZjK,IAAK,IAAID,GAAIC,GACb8D,IACAwC,UAAW,IAAIgE,GAAU,CAAEt7C,OAAM8Z,gBAGvC,KAAK9M,GAAM9O,UAAUf,QACnB,OAAOe,GAAUuzC,SAAS9yC,MAAMy9C,SAAS3gB,GAAMjuC,MAAK,EAAG0rC,IAAGuQ,YACxDwS,cAAe,CAAExS,QACjBwR,aAAc,CAAE/hB,SAEpB,KAAKlsB,GAAM9O,UAAUY,OACnB,OAAOZ,GAAUuzC,SAASqK,MAAMM,SAAS3gB,GAAMjuC,MAAK,EAAG0rC,IAAGjxB,SACxDg0C,cAAe,CAAEh0C,KACjBgzC,aAAc,CAAE/hB,SAEpB,KAAKlsB,GAAM9O,UAAUK,IACrB,KAAKyO,GAAM9O,UAAUI,QACnB,MAAUtP,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,iBAUOjC,eAA8B0uC,EAAMwf,EAAcgB,GACvD,IAAKhB,IAAiBgB,EACpB,MAAUjtD,MAAM,0BAElB,OAAQysC,GACN,KAAKzuB,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM4qD,GACXvmC,EAAEA,EAAC2J,EAAEA,EAAC/jB,EAAEA,EAACwrB,EAAEA,GAAMm2B,EACvB,OAAO/9C,GAAU88C,IAAIqB,eAAejkD,EAAG/H,EAAGqkB,EAAG2J,EAAG/jB,EAAGwrB,GAErD,KAAK9Y,GAAM9O,UAAUK,IAAK,CACxB,MAAM8f,EAAEA,EAAC/jB,EAAEA,EAACs2B,EAAEA,EAAC12B,EAAEA,GAAM+gD,GACjBniD,EAAEA,GAAMmjD,EACd,OAAO/9C,GAAUK,IAAI89C,eAAeh+B,EAAG/jB,EAAGs2B,EAAG12B,EAAGpB,GAElD,KAAKkU,GAAM9O,UAAUI,QAAS,CAC5B,MAAM+f,EAAEA,EAACuS,EAAEA,EAAC12B,EAAEA,GAAM+gD,GACdniD,EAAEA,GAAMmjD,EACd,OAAO/9C,GAAUI,QAAQ+9C,eAAeh+B,EAAGuS,EAAG12B,EAAGpB,GAEnD,KAAKkU,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUM,KAAM,CACzB,MAAM89C,EAAap+C,GAAUuzC,SAASzkC,GAAMlgB,KAAKkgB,GAAM9O,UAAWu9B,KAC5DuV,IAAEA,EAAG8D,EAAEA,GAAMmG,GACbvmC,EAAEA,GAAMunC,EACd,OAAOK,EAAWD,eAAerL,EAAK8D,EAAGpgC,GAE3C,KAAK1H,GAAM9O,UAAUQ,YAAa,CAChC,MAAMo2C,EAAEA,EAAC9D,IAAEA,GAAQiK,GACbxR,KAAEA,GAASwS,EACjB,OAAO/9C,GAAUuzC,SAAS/yC,YAAY29C,eAAerL,EAAK8D,EAAGrL,GAE/D,KAAKz8B,GAAM9O,UAAUf,QAAS,CAC5B,MAAM+7B,EAAEA,GAAM+hB,GACRxR,KAAEA,GAASwS,EACjB,OAAO/9C,GAAUuzC,SAAS9yC,MAAM09C,eAAe5gB,EAAMvC,EAAGuQ,GAE1D,KAAKz8B,GAAM9O,UAAUY,OAAQ,CAC3B,MAAMo6B,EAAEA,GAAM+hB,GACRhzC,EAAEA,GAAMg0C,EACd,OAAO/9C,GAAUuzC,SAASqK,MAAMO,eAAe5gB,EAAMvC,EAAGjxB,GAE1D,QACE,MAAUjZ,MAAM,iCAEtB,kBASOjC,eAA+B0uC,GACpC,MAAMxc,UAAEA,GAAc2c,GAAUH,GAC1B8gB,QAAqBrS,GAAejrB,GACpCu9B,EAAS,IAAI7tD,WAAW,CAAC4tD,EAAaA,EAAavvD,OAAS,GAAIuvD,EAAaA,EAAavvD,OAAS,KACzG,OAAOoZ,GAAK5T,OAAO,CAAC+pD,EAAcC,GACpC,qBAQO,SAA4B/gB,GACjC,MAAMvc,QAAEA,GAAY0c,GAAUH,GAC9B,OAAOyO,GAAehrB,EACxB,cAQO,SAAqBuc,GAC1B,MAAMI,EAAW7uB,GAAMlgB,KAAKkgB,GAAMvM,KAAMg7B,GACxC,OAAO1hB,GAAK8hB,EACd,yCAsBO,SAAmCJ,EAAMuV,GAC9C,OAAQvV,GACN,KAAKzuB,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACnB,OAAOR,GAAUuzC,SAASgF,qBAAqBzF,GACjD,KAAKhkC,GAAM9O,UAAUf,QACnB,OAAOe,GAAUuzC,SAAS9yC,MAAM83C,qBAAqBhb,GACvD,QACE,MAAUzsC,MAAM,iCAEtB,IC9cA,MAAMsK,GAAM,CAEVwgB,OAAQA,GAER9Z,KAAMA,GAEN+Z,KAAMA,GAEN7b,UAAWA,GAEX6C,UAAWA,GAEX07C,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT7lD,OAAO8lD,OAAOvjD,GAAKmR,IC1CnB,IAAIqyC,GAAiC,oBAAfnuD,YACG,oBAAhBouD,aACe,oBAAfC,WA+BF,SAASC,GAAU9vC,EAAKnc,GAC3B,OAAImc,EAAIngB,SAAWgE,EACRmc,EAEPA,EAAIlV,SACGkV,EAAIlV,SAAS,EAAGjH,IAE3Bmc,EAAIngB,OAASgE,EACNmc,EACX,CAGA,MAAM+vC,GAAU,CACZC,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUthD,EAAKuhD,GAC1C,GAAI76B,EAAIxqB,UAAYmlD,EAAKnlD,SACrBmlD,EAAKhuD,IAAIqzB,EAAIxqB,SAASolD,EAAUA,EAAWthD,GAAMuhD,QAIrD,IAAK,IAAIvuD,EAAI,EAAGA,EAAIgN,EAAKhN,IACrBquD,EAAKE,EAAYvuD,GAAK0zB,EAAI46B,EAAWtuD,IAI7CwuD,cAAe,SAAUC,GACrB,IAAIzuD,EAAG4zB,EAAG5mB,EAAK9M,EAAKtB,EAIpB,IADAoO,EAAM,EACDhN,EAAI,EAAG4zB,EAAI66B,EAAOxwD,OAAQ+B,EAAI4zB,EAAG5zB,IAClCgN,GAAOyhD,EAAOzuD,GAAG/B,OAIrB,MAAMK,EAAS,IAAIsB,WAAWoN,GAE9B,IADA9M,EAAM,EACDF,EAAI,EAAG4zB,EAAI66B,EAAOxwD,OAAQ+B,EAAI4zB,EAAG5zB,IAClCpB,EAAQ6vD,EAAOzuD,GACf1B,EAAO+B,IAAIzB,EAAOsB,GAClBA,GAAOtB,EAAMX,OAGjB,OAAOK,IAITowD,GAAY,CACdN,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUthD,EAAKuhD,GAC1C,IAAK,IAAIvuD,EAAI,EAAGA,EAAIgN,EAAKhN,IACrBquD,EAAKE,EAAYvuD,GAAK0zB,EAAI46B,EAAWtuD,IAI7CwuD,cAAe,SAAUC,GACrB,MAAO,GAAGhrD,OAAOqW,MAAM,GAAI20C,KAQ5B,IAAIE,GAAOZ,GAAWnuD,WAAalD,MAC/BkyD,GAAQb,GAAWC,YAActxD,MACjCmyD,GAAQd,GAAWE,WAAavxD,MAChC8xD,GAAgBT,GAAWI,GAAQK,cAAgBE,GAAUF,cAC7DJ,GAAWL,GAAWI,GAAQC,SAAWM,GAAUN,SChFvD,MAAMU,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAKrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAErBC,IAAqB,EACrBC,IAAqB,EAErBC,IAAqB,EAOrBC,IAA2B,EAG3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAI3BC,GAA2B,EAC3BC,GAA2B,EAE3BC,GAA2B,EAG3BC,GAA2B,EC7BxC,SAASxjD,GAAKyR,GACV,IAAIpR,EAAMoR,EAAIngB,OAAQ,OAAS+O,GAAO,GAClCoR,EAAIpR,GAAO,CAEnB,CAIA,MAAMojD,GAAe,EACfC,GAAe,EACfC,GAAe,EAYfC,GAAgB,GAGhBC,GAAgB,IAGhBC,GAAgBD,GAAW,EAAID,GAG/BG,GAAgB,GAGhBC,GAAgB,GAGhBC,GAAgB,EAAIH,GAAU,EAG9BI,GAAgB,GAGhBC,GAAgB,GAQhBC,GAAc,EAGdC,GAAc,IAGdC,GAAc,GAGdC,GAAc,GAGdC,GAAc,GAIdC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAErDC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAE9DC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAEjCC,GACJ,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAgBzCC,GAAoB90D,MAAsB,GAAf+zD,GAAU,IAC3C9jD,GAAK6kD,IAOL,MAAMC,GAAoB/0D,MAAgB,EAAVg0D,IAChC/jD,GAAK8kD,IAKL,MAAMC,GAAoBh1D,MAjBJ,KAkBtBiQ,GAAK+kD,IAML,MAAMC,GAAoBj1D,MAAMk1D,KAChCjlD,GAAKglD,IAGL,MAAME,GAAoBn1D,MAAM6zD,IAChC5jD,GAAKklD,IAGL,MAAMC,GAAoBp1D,MAAMg0D,IAKhC,SAASqB,GAAeC,EAAaC,EAAYC,EAAYC,EAAOC,GAEhEv1D,KAAKm1D,YAAeA,EACpBn1D,KAAKo1D,WAAeA,EACpBp1D,KAAKq1D,WAAeA,EACpBr1D,KAAKs1D,MAAeA,EACpBt1D,KAAKu1D,WAAeA,EAGpBv1D,KAAKw1D,UAAeL,GAAeA,EAAY/zD,MACnD,CAGA,IAAIq0D,GACAC,GACAC,GAGJ,SAASC,GAASC,EAAUC,GACxB91D,KAAK61D,SAAWA,EAChB71D,KAAK+1D,SAAW,EAChB/1D,KAAK81D,UAAYA,CACrB,CAIA,SAASE,GAAOC,GACZ,OAAOA,EAAO,IAAMpB,GAAWoB,GAAQpB,GAAW,KAAOoB,IAAS,GACtE,CAOA,SAASC,GAAUj4C,EAAGuZ,GAGlBvZ,EAAEk4C,YAAYl4C,EAAEupB,WAAiB,IAAJhQ,EAC7BvZ,EAAEk4C,YAAYl4C,EAAEupB,WAAahQ,IAAM,EAAI,GAC3C,CAOA,SAAS4+B,GAAUn4C,EAAG5c,EAAOD,GACrB6c,EAAEo4C,SAAWpC,GAAW7yD,GACxB6c,EAAEq4C,QAAUj1D,GAAS4c,EAAEo4C,SAAW,MAClCH,GAAUj4C,EAAGA,EAAEq4C,QACfr4C,EAAEq4C,OAASj1D,GAAS4yD,GAAWh2C,EAAEo4C,SACjCp4C,EAAEo4C,UAAYj1D,EAAS6yD,KAEvBh2C,EAAEq4C,QAAUj1D,GAAS4c,EAAEo4C,SAAW,MAClCp4C,EAAEo4C,UAAYj1D,EAEtB,CAGA,SAASm1D,GAAUt4C,EAAGzB,EAAGg6C,GACrBJ,GAAUn4C,EAAGu4C,EAAS,EAAJh6C,GAAiBg6C,EAAS,EAAJh6C,EAAQ,GACpD,CAQA,SAASi6C,GAAWC,EAAMvmD,GACtB,IAAIZ,EAAM,EACV,GACIA,GAAc,EAAPmnD,EACPA,KAAU,EACVnnD,IAAQ,UACDY,EAAM,GACjB,OAAOZ,IAAQ,CACnB,CAuIA,SAASonD,GAAUH,EAAMT,EAAUa,GAK/B,MAAMC,EAAgBh3D,MAAMm0D,GAAW,GACvC,IACIr1C,EACAnS,EAFAkqD,EAAO,EAOX,IAAK/3C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7Bk4C,EAAUl4C,GAAQ+3C,EAAOA,EAAOE,EAASj4C,EAAO,IAAM,EAS1D,IAAKnS,EAAI,EAAIA,GAAKupD,EAAUvpD,IAAK,CAC7B,MAAM2D,EAAMqmD,EAAS,EAAJhqD,EAAQ,GACb,IAAR2D,IAIJqmD,EAAS,EAAJhqD,GAAkBiqD,GAAWI,EAAU1mD,KAAQA,IAK5D,CA8GA,SAAS2mD,GAAW74C,GAChB,IAAIzR,EAGJ,IAAKA,EAAI,EAAGA,EAAIonD,GAAUpnD,IACtByR,EAAE84C,UAAc,EAAJvqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIqnD,GAAUrnD,IACtByR,EAAE+4C,UAAc,EAAJxqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIsnD,GAAUtnD,IACtByR,EAAEg5C,QAAY,EAAJzqD,GAAkB,EAGhCyR,EAAE84C,UAAsB,EAAZ5C,IAA0B,EACtCl2C,EAAEi5C,QAAUj5C,EAAEk5C,WAAa,EAC3Bl5C,EAAEm5C,SAAWn5C,EAAEo5C,QAAU,CAC7B,CAMA,SAASC,GAAUr5C,GACXA,EAAEo4C,SAAW,EACbH,GAAUj4C,EAAGA,EAAEq4C,QACRr4C,EAAEo4C,SAAW,IAEpBp4C,EAAEk4C,YAAYl4C,EAAEupB,WAAavpB,EAAEq4C,QAEnCr4C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,CACjB,CA6BA,SAASkB,GAAQf,EAAMhqD,EAAGgB,EAAGgqD,GACzB,MAAMC,EAAU,EAAJjrD,EACNkrD,EAAU,EAAJlqD,EACZ,OAAOgpD,EAAKiB,GAAgBjB,EAAKkB,IAC5BlB,EAAKiB,KAAkBjB,EAAKkB,IAAiBF,EAAMhrD,IAAMgrD,EAAMhqD,EACxE,CAQA,SAASmqD,GAAW15C,EAAGu4C,EAAMn6C,GAKzB,MAAM67B,EAAIj6B,EAAEiL,KAAK7M,GACjB,IAAIU,EAAIV,GAAK,EACb,KAAOU,GAAKkB,EAAE25C,WAEN76C,EAAIkB,EAAE25C,UACZL,GAAQf,EAAMv4C,EAAEiL,KAAKnM,EAAI,GAAIkB,EAAEiL,KAAKnM,GAAIkB,EAAEu5C,QACpCz6C,KAGAw6C,GAAQf,EAAMte,EAAGj6B,EAAEiL,KAAKnM,GAAIkB,EAAEu5C,SAKlCv5C,EAAEiL,KAAK7M,GAAK4B,EAAEiL,KAAKnM,GACnBV,EAAIU,EAGJA,IAAM,EAEVkB,EAAEiL,KAAK7M,GAAK67B,CAChB,CASA,SAAS2f,GAAe55C,EAAG65C,EAAOC,GAK9B,IAAI9B,EACA+B,EAEAtB,EACAuB,EAFAC,EAAK,EAIT,GAAmB,IAAfj6C,EAAEm5C,SACF,GACInB,EAAOh4C,EAAEk4C,YAAYl4C,EAAEk6C,MAAa,EAALD,IAAW,EAAIj6C,EAAEk4C,YAAYl4C,EAAEk6C,MAAa,EAALD,EAAS,GAC/EF,EAAK/5C,EAAEk4C,YAAYl4C,EAAEm6C,MAAQF,GAC7BA,IAEa,IAATjC,EACAM,GAAUt4C,EAAG+5C,EAAIF,IAIjBpB,EAAO5B,GAAakD,GACpBzB,GAAUt4C,EAAGy4C,EAAO/C,GAAW,EAAGmE,GAClCG,EAAQ1D,GAAYmC,GACN,IAAVuB,IACAD,GAAMhD,GAAY0B,GAClBN,GAAUn4C,EAAG+5C,EAAIC,IAErBhC,IACAS,EAAOV,GAAOC,GAGdM,GAAUt4C,EAAGy4C,EAAMqB,GACnBE,EAAQzD,GAAYkC,GACN,IAAVuB,IACAhC,GAAQhB,GAAUyB,GAClBN,GAAUn4C,EAAGg4C,EAAMgC,WAQtBC,EAAKj6C,EAAEm5C,UAGpBb,GAAUt4C,EAAGk2C,GAAW2D,EAC5B,CAWA,SAASO,GAAWp6C,EAAGq6C,GAInB,MAAM9B,EAAW8B,EAAKzC,SAChB0C,EAAWD,EAAKxC,UAAUX,YAC1BK,EAAY8C,EAAKxC,UAAUN,UAC3BF,EAAWgD,EAAKxC,UAAUR,MAChC,IAAI9oD,EAAGgB,EAEHs6C,EADAiO,GAAY,EAUhB,IAHA93C,EAAE25C,SAAW,EACb35C,EAAEu6C,SAAWzE,GAERvnD,EAAI,EAAGA,EAAI8oD,EAAO9oD,IACU,IAAzBgqD,EAAS,EAAJhqD,IACLyR,EAAEiL,OAAOjL,EAAE25C,UAAY7B,EAAWvpD,EAClCyR,EAAEu5C,MAAMhrD,GAAK,GAGbgqD,EAAS,EAAJhqD,EAAQ,GAAa,EASlC,KAAOyR,EAAE25C,SAAW,GAChB9P,EAAO7pC,EAAEiL,OAAOjL,EAAE25C,UAAY7B,EAAW,IAAMA,EAAW,EAC1DS,EAAY,EAAP1O,GAAqB,EAC1B7pC,EAAEu5C,MAAM1P,GAAQ,EAChB7pC,EAAEi5C,UAEE1B,IACAv3C,EAAEk5C,YAAcoB,EAAa,EAAPzQ,EAAW,IASzC,IALAwQ,EAAKvC,SAAWA,EAKXvpD,EAAIyR,EAAE25C,UAAY,EAAaprD,GAAK,EAAGA,IACxCmrD,GAAW15C,EAAGu4C,EAAMhqD,GAMxBs7C,EAAOwN,EACP,GAGI9oD,EAAIyR,EAAEiL,KAAK,GACXjL,EAAEiL,KAAK,GAAiBjL,EAAEiL,KAAKjL,EAAE25C,YACjCD,GAAW15C,EAAGu4C,EAAM,GAGpBhpD,EAAIyQ,EAAEiL,KAAK,GAEXjL,EAAEiL,OAAOjL,EAAEu6C,UAAYhsD,EACvByR,EAAEiL,OAAOjL,EAAEu6C,UAAYhrD,EAGvBgpD,EAAY,EAAP1O,GAAqB0O,EAAS,EAAJhqD,GAAkBgqD,EAAS,EAAJhpD,GACtDyQ,EAAEu5C,MAAM1P,IAAS7pC,EAAEu5C,MAAMhrD,IAAMyR,EAAEu5C,MAAMhqD,GAAKyQ,EAAEu5C,MAAMhrD,GAAKyR,EAAEu5C,MAAMhqD,IAAM,EACvEgpD,EAAS,EAAJhqD,EAAQ,GAAagqD,EAAS,EAAJhpD,EAAQ,GAAas6C,EAGpD7pC,EAAEiL,KAAK,GAAiB4+B,IACxB6P,GAAW15C,EAAGu4C,EAAM,SAEfv4C,EAAE25C,UAAY,GAEvB35C,EAAEiL,OAAOjL,EAAEu6C,UAAYv6C,EAAEiL,KAAK,GApflC,SAAoBjL,EAAGq6C,GAInB,MAAM9B,EAAkB8B,EAAKzC,SACvBE,EAAkBuC,EAAKvC,SACvBwC,EAAkBD,EAAKxC,UAAUX,YACjCK,EAAkB8C,EAAKxC,UAAUN,UACjCyC,EAAkBK,EAAKxC,UAAUV,WACjCqD,EAAkBH,EAAKxC,UAAUT,WACjCE,EAAkB+C,EAAKxC,UAAUP,WACvC,IAAIh5C,EACA/P,EAAGgB,EACHmR,EACA+5C,EACA3zB,EACA4zB,EAAW,EAEf,IAAKh6C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7BV,EAAE24C,SAASj4C,GAAQ,EAQvB,IAFA63C,EAA0B,EAArBv4C,EAAEiL,KAAKjL,EAAEu6C,UAAgB,GAAa,EAEtCj8C,EAAI0B,EAAEu6C,SAAW,EAAGj8C,EAAIw3C,GAAWx3C,IACpC/P,EAAIyR,EAAEiL,KAAK3M,GACXoC,EAAO63C,EAA+B,EAA1BA,EAAS,EAAJhqD,EAAQ,GAAiB,GAAa,EACnDmS,EAAO42C,IACP52C,EAAO42C,EACPoD,KAEJnC,EAAS,EAAJhqD,EAAQ,GAAamS,EAGtBnS,EAAIupD,IAIR93C,EAAE24C,SAASj4C,KACX+5C,EAAQ,EACJlsD,GAAKisD,IACLC,EAAQT,EAAMzrD,EAAIisD,IAEtB1zB,EAAIyxB,EAAS,EAAJhqD,GACTyR,EAAEi5C,SAAWnyB,GAAKpmB,EAAO+5C,GACrBlD,IACAv3C,EAAEk5C,YAAcpyB,GAAKwzB,EAAU,EAAJ/rD,EAAQ,GAAaksD,KAGxD,GAAiB,IAAbC,EAAJ,CAQA,EAAG,CAEC,IADAh6C,EAAO42C,EAAa,EACQ,IAArBt3C,EAAE24C,SAASj4C,IACdA,IAEJV,EAAE24C,SAASj4C,KACXV,EAAE24C,SAASj4C,EAAO,IAAM,EACxBV,EAAE24C,SAASrB,KAIXoD,GAAY,QACPA,EAAW,GAOpB,IAAKh6C,EAAO42C,EAAqB,IAAT52C,EAAYA,IAEhC,IADAnS,EAAIyR,EAAE24C,SAASj4C,GACF,IAANnS,GACHgB,EAAIyQ,EAAEiL,OAAO3M,GACT/O,EAAIuoD,IAGJS,EAAS,EAAJhpD,EAAQ,KAAemR,IAE5BV,EAAEi5C,UAAYv4C,EAAO63C,EAAS,EAAJhpD,EAAQ,IAAcgpD,EAAS,EAAJhpD,GACrDgpD,EAAS,EAAJhpD,EAAQ,GAAamR,GAE9BnS,KAGZ,CA2ZIosD,CAAW36C,EAAGq6C,GAGd3B,GAAUH,EAAMT,EAAU93C,EAAE24C,SAChC,CAOA,SAASiC,GAAU56C,EAAGu4C,EAAMT,GAKxB,IAAIvpD,EAEAssD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IANgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAEhB1C,EAAsB,GAAhBT,EAAW,GAAS,GAAa,MAElCvpD,EAAI,EAAGA,GAAKupD,EAAUvpD,IACvBssD,EAASE,EACTA,EAAUxC,EAAe,GAAThqD,EAAI,GAAS,KAEvBs3B,EAAQm1B,GAAaH,IAAWE,IAG3Bl1B,EAAQo1B,EACfj7C,EAAEg5C,QAAiB,EAAT6B,IAAwBh1B,EAEhB,IAAXg1B,GAEHA,IAAWC,GACX96C,EAAEg5C,QAAiB,EAAT6B,KAEd76C,EAAEg5C,QAAkB,EAAV7C,OAEHtwB,GAAS,GAChB7lB,EAAEg5C,QAAoB,EAAZ5C,MAGVp2C,EAAEg5C,QAAsB,EAAd3C,MAGdxwB,EAAQ,EACRi1B,EAAUD,EAEM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CAOA,SAASC,GAAUl7C,EAAGu4C,EAAMT,GAKxB,IAAIvpD,EAEAssD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IALgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAGX1sD,EAAI,EAAGA,GAAKupD,EAAUvpD,IAIvB,GAHAssD,EAASE,EACTA,EAAUxC,EAAe,GAAThqD,EAAI,GAAS,OAEvBs3B,EAAQm1B,GAAaH,IAAWE,GAAtC,CAGO,GAAIl1B,EAAQo1B,EACf,GACI3C,GAAUt4C,EAAG66C,EAAQ76C,EAAEg5C,eACN,KAAVnzB,QAEO,IAAXg1B,GACHA,IAAWC,IACXxC,GAAUt4C,EAAG66C,EAAQ76C,EAAEg5C,SACvBnzB,KAGJyyB,GAAUt4C,EAAGm2C,GAASn2C,EAAEg5C,SACxBb,GAAUn4C,EAAG6lB,EAAQ,EAAG,IAEjBA,GAAS,IAChByyB,GAAUt4C,EAAGo2C,GAAWp2C,EAAEg5C,SAC1Bb,GAAUn4C,EAAG6lB,EAAQ,EAAG,KAGxByyB,GAAUt4C,EAAGq2C,GAAar2C,EAAEg5C,SAC5Bb,GAAUn4C,EAAG6lB,EAAQ,GAAI,IAG7BA,EAAQ,EACRi1B,EAAUD,EACM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CA1vBAppD,GAAKmlD,IA82BL,IAAImE,IAAmB,EAKvB,SAASC,GAASp7C,GAETm7C,MApnBT,WACI,IAAI5sD,EACAmS,EACAvd,EACAs1D,EACAT,EACJ,MAAMW,EAAe/2D,MAAMm0D,GAAW,GAiBtC,IADA5yD,EAAS,EACJs1D,EAAO,EAAGA,EAAOhD,GAAe,EAAGgD,IAEpC,IADA1B,GAAY0B,GAAQt1D,EACfoL,EAAI,EAAGA,EAAI,GAAK+nD,GAAYmC,GAAOlqD,IACpCsoD,GAAa1zD,KAAYs1D,EAYjC,IAJA5B,GAAa1zD,EAAS,GAAKs1D,EAG3BT,EAAO,EACFS,EAAO,EAAGA,EAAO,GAAIA,IAEtB,IADAzB,GAAUyB,GAAQT,EACbzpD,EAAI,EAAGA,EAAI,GAAKgoD,GAAYkC,GAAOlqD,IACpCqoD,GAAWoB,KAAUS,EAK7B,IADAT,IAAS,EACFS,EAAO7C,GAAS6C,IAEnB,IADAzB,GAAUyB,GAAQT,GAAQ,EACrBzpD,EAAI,EAAGA,EAAI,GAAKgoD,GAAYkC,GAAQ,EAAGlqD,IACxCqoD,GAAW,IAAMoB,KAAUS,EAMnC,IAAK/3C,EAAO,EAAGA,GAAQq1C,GAAUr1C,IAC7Bi4C,EAASj4C,GAAQ,EAIrB,IADAnS,EAAI,EACGA,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KAEb,KAAOpqD,GAAK,KACRmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCA,IACAoqD,EAAS,KASb,IAHAD,GAAUhC,GAAcf,GAAU,EAAGgD,GAGhCpqD,EAAI,EAAGA,EAAIqnD,GAASrnD,IACrBooD,GAAiB,EAAJpoD,EAAQ,GAAa,EAClCooD,GAAiB,EAAJpoD,GAAkBiqD,GAAWjqD,EAAG,GAIjDipD,GAAgB,IAAIP,GAAeP,GAAcJ,GAAaZ,GAAW,EAAGC,GAASI,IACrF0B,GAAgB,IAAIR,GAAeN,GAAcJ,GAAa,EAAYX,GAASG,IACnF2B,GAAiB,IAAIT,MAA6BT,GAAc,EAAWX,GAAUI,GAGzF,CAmhBQoF,GACAF,IAAmB,GAGvBn7C,EAAEs7C,OAAU,IAAI3D,GAAS33C,EAAE84C,UAAWtB,IACtCx3C,EAAEu7C,OAAU,IAAI5D,GAAS33C,EAAE+4C,UAAWtB,IACtCz3C,EAAEw7C,QAAU,IAAI7D,GAAS33C,EAAEg5C,QAAStB,IAEpC13C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,EAGbS,GAAW74C,EACf,CAMA,SAASy7C,GAAiBz7C,EAAGsD,EAAKo4C,EAAYn7C,GAM1C43C,GAAUn4C,GAAIs1C,IAAgB,IAAM/0C,EAAO,EAAI,GAAI,GAhgBvD,SAAoBP,EAAGsD,EAAKpR,EAAKuU,GAM7B4yC,GAAUr5C,GAENyG,IACAwxC,GAAUj4C,EAAG9N,GACb+lD,GAAUj4C,GAAI9N,IAKlBypD,GAAe37C,EAAEk4C,YAAal4C,EAAE47C,OAAQt4C,EAAKpR,EAAK8N,EAAEupB,SACpDvpB,EAAEupB,SAAWr3B,CACjB,CAgfI2pD,CAAW77C,EAAGsD,EAAKo4C,GAAY,EACnC,CAOA,SAASI,GAAU97C,GACfm4C,GAAUn4C,EAAGu1C,IAAgB,EAAG,GAChC+C,GAAUt4C,EAAGk2C,GAAWQ,IAl0B5B,SAAkB12C,GACK,KAAfA,EAAEo4C,UACFH,GAAUj4C,EAAGA,EAAEq4C,QACfr4C,EAAEq4C,OAAS,EACXr4C,EAAEo4C,SAAW,GAENp4C,EAAEo4C,UAAY,IACrBp4C,EAAEk4C,YAAYl4C,EAAEupB,WAAwB,IAAXvpB,EAAEq4C,OAC/Br4C,EAAEq4C,SAAW,EACbr4C,EAAEo4C,UAAY,EAEtB,CAwzBI2D,CAAS/7C,EACb,CAOA,SAASg8C,GAAgBh8C,EAAGsD,EAAKo4C,EAAYn7C,GAMzC,IAAI07C,EAAUC,EACVC,EAAc,EAGdn8C,EAAEo8C,MAAQ,GAGNp8C,EAAEq8C,KAAKC,YAAclH,KACrBp1C,EAAEq8C,KAAKC,UApGnB,SAA0Bt8C,GAKtB,IACIzR,EADAguD,EAAa,WAIjB,IAAKhuD,EAAI,EAAGA,GAAK,GAAIA,IAAKguD,KAAgB,EACtC,GAAiB,EAAbA,GAAkD,IAAhCv8C,EAAE84C,UAAc,EAAJvqD,GAC9B,OAAO2mD,GAKf,GAAoC,IAAhCl1C,EAAE84C,UAAU,KAA0D,IAAjC94C,EAAE84C,UAAU,KAClB,IAAjC94C,EAAE84C,UAAU,IACV,OAAO3D,GAEX,IAAK5mD,EAAI,GAAIA,EAAImnD,GAAUnnD,IACvB,GAAoC,IAAhCyR,EAAE84C,UAAc,EAAJvqD,GACZ,OAAO4mD,GAOf,OAAOD,EACX,CAsE+BsH,CAAiBx8C,IAIxCo6C,GAAWp6C,EAAGA,EAAEs7C,QAIhBlB,GAAWp6C,EAAGA,EAAEu7C,QAUhBY,EAlMR,SAAuBn8C,GACnB,IAAIm8C,EAgBJ,IAbAvB,GAAU56C,EAAGA,EAAE84C,UAAW94C,EAAEs7C,OAAOxD,UACnC8C,GAAU56C,EAAGA,EAAE+4C,UAAW/4C,EAAEu7C,OAAOzD,UAGnCsC,GAAWp6C,EAAGA,EAAEw7C,SASXW,EAActG,GAAW,EAAGsG,GAAe,GACa,IAArDn8C,EAAEg5C,QAAgC,EAAxBvC,GAAS0F,GAAmB,GADKA,KAUnD,OAJAn8C,EAAEi5C,SAAW,GAAKkD,EAAc,GAAK,EAAI,EAAI,EAItCA,CACX,CAsKsBM,CAAcz8C,GAG5Bi8C,EAAWj8C,EAAEi5C,QAAU,EAAI,IAAM,EACjCiD,EAAcl8C,EAAEk5C,WAAa,EAAI,IAAM,EAMnCgD,GAAeD,IACfA,EAAWC,IAKfD,EAAWC,EAAcR,EAAa,EAGtCA,EAAa,GAAKO,IAAqB,IAAT34C,EAS9Bm4C,GAAiBz7C,EAAGsD,EAAKo4C,EAAYn7C,GAE9BP,EAAE08C,WAAazH,IAAWiH,IAAgBD,GAEjD9D,GAAUn4C,GAAIu1C,IAAgB,IAAMh1C,EAAO,EAAI,GAAI,GACnDq5C,GAAe55C,EAAG02C,GAAcC,MAGhCwB,GAAUn4C,GAAIw1C,IAAa,IAAMj1C,EAAO,EAAI,GAAI,GAlMxD,SAAwBP,EAAG28C,EAAQC,EAAQC,GAIvC,IAAIC,EASJ,IAHA3E,GAAUn4C,EAAG28C,EAAS,IAAK,GAC3BxE,GAAUn4C,EAAG48C,EAAS,EAAK,GAC3BzE,GAAUn4C,EAAG68C,EAAU,EAAI,GACtBC,EAAO,EAAGA,EAAOD,EAASC,IAE3B3E,GAAUn4C,EAAGA,EAAEg5C,QAAyB,EAAjBvC,GAASqG,GAAY,GAAY,GAI5D5B,GAAUl7C,EAAGA,EAAE84C,UAAW6D,EAAS,GAGnCzB,GAAUl7C,EAAGA,EAAE+4C,UAAW6D,EAAS,EAEvC,CA2KQG,CAAe/8C,EAAGA,EAAEs7C,OAAOxD,SAAW,EAAG93C,EAAEu7C,OAAOzD,SAAW,EAAGqE,EAAc,GAC9EvC,GAAe55C,EAAGA,EAAE84C,UAAW94C,EAAE+4C,YAMrCF,GAAW74C,GAEPO,GACA84C,GAAUr5C,EAIlB,CAMA,SAASg9C,GAAUh9C,EAAGg4C,EAAM+B,GAmDxB,OA5CA/5C,EAAEk4C,YAAYl4C,EAAEk6C,MAAqB,EAAbl6C,EAAEm5C,UAAoBnB,IAAS,EAAI,IAC3Dh4C,EAAEk4C,YAAYl4C,EAAEk6C,MAAqB,EAAbl6C,EAAEm5C,SAAe,GAAY,IAAPnB,EAE9Ch4C,EAAEk4C,YAAYl4C,EAAEm6C,MAAQn6C,EAAEm5C,UAAiB,IAALY,EACtC/5C,EAAEm5C,WAEW,IAATnB,EAEAh4C,EAAE84C,UAAe,EAALiB,MAEZ/5C,EAAEo5C,UAEFpB,IAKAh4C,EAAE84C,UAA8C,GAAnCjC,GAAakD,GAAMrE,GAAW,MAC3C11C,EAAE+4C,UAAyB,EAAfhB,GAAOC,OA0BhBh4C,EAAEm5C,WAAan5C,EAAEi9C,YAAc,CAK1C,CCxrCe,SAASC,GAAQC,EAAO75C,EAAKpR,EAAK9M,GAC7C,IAAImpB,EAAa,MAAR4uC,EAAgB,EACrB3uC,EAAK2uC,IAAU,GAAK,MAAQ,EAC5B5uD,EAAI,EAER,KAAe,IAAR2D,GAAW,CAId3D,EAAI2D,EAAM,IAAO,IAAOA,EACxBA,GAAO3D,EAEP,GACIggB,EAAKA,EAAKjL,EAAIle,KAAQ,EACtBopB,EAAKA,EAAKD,EAAI,UACPhgB,GAEXggB,GAAM,MACNC,GAAM,MAGV,OAAOD,EAAKC,GAAM,GAAI,CAC1B,CCLA,MAAM4uC,GAhBN,WACI,IAAI7+C,EACJ,MAAM8+C,EAAQ,GAEd,IAAK,IAAI9uD,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1BgQ,EAAIhQ,EACJ,IAAK,IAAI6P,EAAI,EAAGA,EAAI,EAAGA,IACnBG,EAAQ,EAAJA,EAAQ,WAAaA,IAAM,EAAIA,IAAM,EAE7C8+C,EAAM9uD,GAAKgQ,EAGf,OAAO8+C,CACX,CAGiBC,GAGF,SAASC,GAAMv2C,EAAK1D,EAAKpR,EAAK9M,GACzC,MAAMgb,EAAIg9C,GACN1vD,EAAMtI,EAAM8M,EAEhB8U,IAAQ,EAER,IAAK,IAAI9hB,EAAIE,EAAKF,EAAIwI,EAAKxI,IACvB8hB,EAAMA,IAAQ,EAAI5G,EAAmB,KAAhB4G,EAAM1D,EAAIpe,KAGnC,OAAc,EAAP8hB,CACX,CCnCA,OAAe,CACX,EAAQ,kBACR,EAAQ,aACR,EAAQ,GACR,KAAQ,aACR,KAAQ,eACR,KAAQ,aACR,KAAQ,sBACR,KAAQ,eACR,KAAQ,wBCwBZ,MAAMw2C,GAAgB,EAsBhBC,GAAY,EACZ3G,GAAY,IACZ4G,GAAiB5G,GAAY2G,GAAY,EAEzCE,GAAc,GAEdC,GAAa,GACbC,GAAc,GACdC,GAAa,GACbC,GAAgB,GAChBC,GAAa,IACbC,GAAa,IACbC,GAAe,IAEfC,GAAe,EACfC,GAAgB,EAChBC,GAAoB,EACpBC,GAAiB,EAEjBC,GAAU,EAEhB,SAAS/a,GAAI6Y,EAAMmC,GAEjB,OADAnC,EAAK50B,IAAMA,GAAI+2B,GACRA,CACT,CAEA,SAAS1B,GAAKh2B,GACZ,OAAQ,GAAO,IAAM,EAAM,EAAI,EAAI,EACrC,CAEA,SAASj1B,GAAKyR,GAAO,IAAIpR,EAAMoR,EAAIngB,OAAQ,OAAS+O,GAAO,GAAKoR,EAAIpR,GAAO,EAS3E,SAASusD,GAAcpC,GACrB,MAAMr8C,EAAIq8C,EAAK9qB,MAGf,IAAIr/B,EAAM8N,EAAEupB,QACRr3B,EAAMmqD,EAAKqC,YACbxsD,EAAMmqD,EAAKqC,WAED,IAARxsD,IAEJypD,GAAeU,EAAKrwD,OAAQgU,EAAEk4C,YAAal4C,EAAE2+C,YAAazsD,EAAKmqD,EAAKuC,UACpEvC,EAAKuC,UAAY1sD,EACjB8N,EAAE2+C,aAAezsD,EACjBmqD,EAAKwC,WAAa3sD,EAClBmqD,EAAKqC,WAAaxsD,EAClB8N,EAAEupB,SAAWr3B,EACK,IAAd8N,EAAEupB,UACJvpB,EAAE2+C,YAAc,GAEpB,CAGA,SAASG,GAAiB9+C,EAAGO,GAC3Bw+C,GAAsB/+C,EAAIA,EAAEg/C,aAAe,EAAIh/C,EAAEg/C,aAAe,EAAIh/C,EAAEi/C,SAAWj/C,EAAEg/C,YAAaz+C,GAChGP,EAAEg/C,YAAch/C,EAAEi/C,SAClBR,GAAcz+C,EAAEq8C,KAClB,CAGA,SAAS6C,GAASl/C,EAAG5P,GACnB4P,EAAEk4C,YAAYl4C,EAAEupB,WAAan5B,CAC/B,CAQA,SAAS+uD,GAAYn/C,EAAG5P,GAGtB4P,EAAEk4C,YAAYl4C,EAAEupB,WAAcn5B,IAAM,EAAK,IACzC4P,EAAEk4C,YAAYl4C,EAAEupB,WAAiB,IAAJn5B,CAC/B,CAUA,SAASgvD,GAAS/C,EAAM/4C,EAAKvd,EAAOoB,GAClC,IAAI+K,EAAMmqD,EAAKgD,SAGf,OADIntD,EAAM/K,IAAQ+K,EAAM/K,GACZ,IAAR+K,EAAoB,GAExBmqD,EAAKgD,UAAYntD,EAGjBypD,GAAer4C,EAAK+4C,EAAKh6D,MAAOg6D,EAAKiD,QAASptD,EAAKnM,GAC3B,IAApBs2D,EAAK9qB,MAAMub,KACbuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAO75C,EAAKpR,EAAKnM,GAGhB,IAApBs2D,EAAK9qB,MAAMub,OAClBuP,EAAKc,MAAQI,GAAMlB,EAAKc,MAAO75C,EAAKpR,EAAKnM,IAG3Cs2D,EAAKiD,SAAWptD,EAChBmqD,EAAKkD,UAAYrtD,EAEVA,EACT,CAYA,SAASstD,GAAcx/C,EAAGy/C,GACxB,IAEI/4C,EACAxU,EAHAwtD,EAAe1/C,EAAE2/C,iBACjBC,EAAO5/C,EAAEi/C,SAGTY,EAAW7/C,EAAE8/C,YACbC,EAAa//C,EAAE+/C,WACnB,MAAMC,EAAShgD,EAAEi/C,SAAYj/C,EAAEigD,OAASvC,GACtC19C,EAAEi/C,UAAYj/C,EAAEigD,OAASvC,IAAiB,EAEtCwC,EAAOlgD,EAAE47C,OAETuE,EAAQngD,EAAEogD,OACV31D,EAAOuV,EAAEvV,KAMT41D,EAASrgD,EAAEi/C,SAAWnI,GAC5B,IAAIwJ,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,GAQvB7/C,EAAE8/C,aAAe9/C,EAAEwgD,aACrBd,IAAiB,GAKfK,EAAa//C,EAAEygD,YAAaV,EAAa//C,EAAEygD,WAI/C,GAaE,GAXA/5C,EAAQ+4C,EAWJS,EAAKx5C,EAAQm5C,KAAcU,GAC7BL,EAAKx5C,EAAQm5C,EAAW,KAAOS,GAC/BJ,EAAKx5C,KAAWw5C,EAAKN,IACrBM,IAAOx5C,KAAWw5C,EAAKN,EAAO,GAHhC,CAaAA,GAAQ,EACRl5C,IAMA,UAESw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACnEw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACxDk5C,EAAOS,GAOT,GAHAnuD,EAAM4kD,IAAauJ,EAAST,GAC5BA,EAAOS,EAASvJ,GAEZ5kD,EAAM2tD,EAAU,CAGlB,GAFA7/C,EAAE0gD,YAAcjB,EAChBI,EAAW3tD,EACPA,GAAO6tD,EACT,MAEFO,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,YAEjBJ,EAAYh1D,EAAKg1D,EAAYU,IAAUH,GAA4B,KAAjBN,GAE5D,OAAIG,GAAY7/C,EAAEygD,UACTZ,EAEF7/C,EAAEygD,SACX,CAaA,SAASE,GAAY3gD,GACnB,MAAM4gD,EAAU5gD,EAAEigD,OAClB,IAAIzrC,EAAGjmB,EAAGgB,EAAGsxD,EAAMpiD,EAInB,EAAG,CAqBD,GApBAoiD,EAAO7gD,EAAE8gD,YAAc9gD,EAAEygD,UAAYzgD,EAAEi/C,SAoBnCj/C,EAAEi/C,UAAY2B,GAAWA,EAAUlD,IAAgB,CAErD/B,GAAe37C,EAAE47C,OAAQ57C,EAAE47C,OAAQgF,EAASA,EAAS,GACrD5gD,EAAE0gD,aAAeE,EACjB5gD,EAAEi/C,UAAY2B,EAEd5gD,EAAEg/C,aAAe4B,EASjBryD,EAAIyR,EAAE+gD,UACNvsC,EAAIjmB,EACJ,GACEgB,EAAIyQ,EAAEghD,OAAOxsC,GACbxU,EAAEghD,KAAKxsC,GAAMjlB,GAAKqxD,EAAUrxD,EAAIqxD,EAAU,UACjCryD,GAEXA,EAAIqyD,EACJpsC,EAAIjmB,EACJ,GACEgB,EAAIyQ,EAAEvV,OAAO+pB,GACbxU,EAAEvV,KAAK+pB,GAAMjlB,GAAKqxD,EAAUrxD,EAAIqxD,EAAU,UAIjCryD,GAEXsyD,GAAQD,EAEV,GAAwB,IAApB5gD,EAAEq8C,KAAKgD,SACT,MAmBF,GAJA9wD,EAAI6wD,GAASp/C,EAAEq8C,KAAMr8C,EAAE47C,OAAQ57C,EAAEi/C,SAAWj/C,EAAEygD,UAAWI,GACzD7gD,EAAEygD,WAAalyD,EAGXyR,EAAEygD,UAAYzgD,EAAEihD,QAAUxD,GAS5B,IARAh/C,EAAMuB,EAAEi/C,SAAWj/C,EAAEihD,OACrBjhD,EAAEkhD,MAAQlhD,EAAE47C,OAAOn9C,GAGnBuB,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAM,IAAMuB,EAAEohD,UAIvDphD,EAAEihD,SAEPjhD,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAMg/C,GAAY,IAAMz9C,EAAEohD,UAE1EphD,EAAEvV,KAAKgU,EAAMuB,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OAClClhD,EAAEghD,KAAKhhD,EAAEkhD,OAASziD,EAClBA,IACAuB,EAAEihD,WACEjhD,EAAEygD,UAAYzgD,EAAEihD,OAASxD,cAS1Bz9C,EAAEygD,UAAY/C,IAAqC,IAApB19C,EAAEq8C,KAAKgD,SAsCjD,CA6GA,SAASgC,GAAarhD,EAAGshD,GACvB,IAAIC,EACAC,EAEJ,OAAU,CAMR,GAAIxhD,EAAEygD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY3gD,GACRA,EAAEygD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UACJ,MA2BJ,GApBAc,EAAY,EACRvhD,EAAEygD,WAAahD,KAEjBz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,UAOJ,IAAdsC,GAA4BvhD,EAAEi/C,SAAWsC,GAAevhD,EAAEigD,OAASvC,KAKrE19C,EAAEyhD,aAAejC,GAAcx/C,EAAGuhD,IAGhCvhD,EAAEyhD,cAAgBhE,GAYpB,GAPA+D,EAASE,GAAgB1hD,EAAGA,EAAEi/C,SAAWj/C,EAAE0gD,YAAa1gD,EAAEyhD,aAAehE,IAEzEz9C,EAAEygD,WAAazgD,EAAEyhD,aAKbzhD,EAAEyhD,cAAgBzhD,EAAE2hD,gBAAuC3hD,EAAEygD,WAAahD,GAAW,CACvFz9C,EAAEyhD,eACF,GACEzhD,EAAEi/C,WAEFj/C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,eAKQ,KAAnBj/C,EAAEyhD,cACbzhD,EAAEi/C,gBAEFj/C,EAAEi/C,UAAYj/C,EAAEyhD,aAChBzhD,EAAEyhD,aAAe,EACjBzhD,EAAEkhD,MAAQlhD,EAAE47C,OAAO57C,EAAEi/C,UAErBj/C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAAMj/C,EAAEohD,eAavEI,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAE1Cj/C,EAAEygD,YACFzgD,EAAEi/C,WAEJ,GAAIuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAWjhD,EAAEi/C,SAAYxB,GAAY,EAAMz9C,EAAEi/C,SAAWxB,GAAY,EAClE6D,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CAOA,SAASwD,GAAa5hD,EAAGshD,GACvB,IAAIC,EACAC,EAEAK,EAGJ,OAAU,CAMR,GAAI7hD,EAAEygD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY3gD,GACRA,EAAEygD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UAAmB,MA0C3B,GApCAc,EAAY,EACRvhD,EAAEygD,WAAahD,KAEjBz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,UAMtBj/C,EAAE8/C,YAAc9/C,EAAEyhD,aAClBzhD,EAAE8hD,WAAa9hD,EAAE0gD,YACjB1gD,EAAEyhD,aAAehE,GAAY,EAEX,IAAd8D,GAA0BvhD,EAAE8/C,YAAc9/C,EAAE2hD,gBAC9C3hD,EAAEi/C,SAAWsC,GAAcvhD,EAAEigD,OAASvC,KAKtC19C,EAAEyhD,aAAejC,GAAcx/C,EAAGuhD,GAG9BvhD,EAAEyhD,cAAgB,IACnBzhD,EAAE08C,WAAa5H,IAAe90C,EAAEyhD,eAAiBhE,IAAaz9C,EAAEi/C,SAAWj/C,EAAE0gD,YAAc,QAK5F1gD,EAAEyhD,aAAehE,GAAY,IAM7Bz9C,EAAE8/C,aAAerC,IAAaz9C,EAAEyhD,cAAgBzhD,EAAE8/C,YAAa,CACjE+B,EAAa7hD,EAAEi/C,SAAWj/C,EAAEygD,UAAYhD,GAOxC+D,EAASE,GAAgB1hD,EAAGA,EAAEi/C,SAAW,EAAIj/C,EAAE8hD,WAAY9hD,EAAE8/C,YAAcrC,IAM3Ez9C,EAAEygD,WAAazgD,EAAE8/C,YAAc,EAC/B9/C,EAAE8/C,aAAe,EACjB,KACQ9/C,EAAEi/C,UAAY4C,IAElB7hD,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAO57C,EAAEi/C,SAAWxB,GAAY,IAAMz9C,EAAEohD,UACjFG,EAAYvhD,EAAEvV,KAAKuV,EAAEi/C,SAAWj/C,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OACrDlhD,EAAEghD,KAAKhhD,EAAEkhD,OAASlhD,EAAEi/C,gBAGK,KAAlBj/C,EAAE8/C,aAKb,GAJA9/C,EAAE+hD,gBAAkB,EACpB/hD,EAAEyhD,aAAehE,GAAY,EAC7Bz9C,EAAEi/C,WAEEuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,QAKN,GAAIn+C,EAAE+hD,iBAgBX,GATAP,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAEjDuC,GAEF1C,GAAiB9+C,GAAG,GAGtBA,EAAEi/C,WACFj/C,EAAEygD,YACuB,IAArBzgD,EAAEq8C,KAAKqC,UACT,OAAOP,QAMTn+C,EAAE+hD,gBAAkB,EACpB/hD,EAAEi/C,WACFj/C,EAAEygD,YAYN,OARIzgD,EAAE+hD,kBAGJP,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,SAAW,IAErDj/C,EAAE+hD,gBAAkB,GAEtB/hD,EAAEihD,OAASjhD,EAAEi/C,SAAWxB,GAAY,EAAIz9C,EAAEi/C,SAAWxB,GAAY,EAC7D6D,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAKJC,EACT,CAgKA,MAAM4D,GACJngE,YAAYogE,EAAaC,EAAUC,EAAaC,EAAWC,GACzDtgE,KAAKkgE,YAAcA,EACnBlgE,KAAKmgE,SAAWA,EAChBngE,KAAKogE,YAAcA,EACnBpgE,KAAKqgE,UAAYA,EACjBrgE,KAAKsgE,KAAOA,GAIhB,MAAMC,GAAsB,CAE1B,IAAIN,GAAO,EAAG,EAAG,EAAG,GAviBtB,SAAwBhiD,EAAGshD,GAIzB,IAAIiB,EAAiB,MAOrB,IALIA,EAAiBviD,EAAEwiD,iBAAmB,IACxCD,EAAiBviD,EAAEwiD,iBAAmB,KAI9B,CAER,GAAIxiD,EAAEygD,WAAa,EAAG,CAUpB,GADAE,GAAY3gD,GACQ,IAAhBA,EAAEygD,WAAmBa,IAAUtN,GACjC,OAAOmK,GAGT,GAAoB,IAAhBn+C,EAAEygD,UACJ,MAOJzgD,EAAEi/C,UAAYj/C,EAAEygD,UAChBzgD,EAAEygD,UAAY,EAGd,MAAMgC,EAAYziD,EAAEg/C,YAAcuD,EAElC,IAAmB,IAAfviD,EAAEi/C,UAAkBj/C,EAAEi/C,UAAYwD,KAEpCziD,EAAEygD,UAAYzgD,EAAEi/C,SAAWwD,EAC3BziD,EAAEi/C,SAAWwD,EAEb3D,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GASX,GAAIn+C,EAAEi/C,SAAWj/C,EAAEg/C,aAAgBh/C,EAAEigD,OAASvC,KAE5CoB,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAQb,OAFAn+C,EAAEihD,OAAS,EAEPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,KAGLt+C,EAAEi/C,SAAWj/C,EAAEg/C,cAEjBF,GAAiB9+C,GAAG,GAChBA,EAAEq8C,KAAKqC,WACFP,GAMb,IA+cE,IAAI6D,GAAO,EAAG,EAAG,EAAG,EAAGX,IACvB,IAAIW,GAAO,EAAG,EAAG,GAAI,EAAGX,IACxB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIX,IAEzB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIJ,IACzB,IAAII,GAAO,EAAG,GAAI,GAAI,GAAIJ,IAC1B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,IAC/B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,KA6BjC,MAAMc,GACJ7gE,cACEE,KAAKs6D,KAAO,KACZt6D,KAAK4gE,OAAS,EACd5gE,KAAKm2D,YAAc,KACnBn2D,KAAKygE,iBAAmB,EACxBzgE,KAAK48D,YAAc,EACnB58D,KAAKwnC,QAAU,EACfxnC,KAAK+qD,KAAO,EACZ/qD,KAAK6gE,OAAS,KACd7gE,KAAK8gE,QAAU,EACf9gE,KAAK+gE,OAASzN,GACdtzD,KAAKghE,YAAc,EAEnBhhE,KAAKk+D,OAAS,EACdl+D,KAAKihE,OAAS,EACdjhE,KAAKq+D,OAAS,EAEdr+D,KAAK65D,OAAS,KAQd75D,KAAK++D,YAAc,EAKnB/+D,KAAK0I,KAAO,KAMZ1I,KAAKi/D,KAAO,KAEZj/D,KAAKm/D,MAAQ,EACbn/D,KAAKg/D,UAAY,EACjBh/D,KAAKkhE,UAAY,EACjBlhE,KAAKq/D,UAAY,EAEjBr/D,KAAKo/D,WAAa,EAOlBp/D,KAAKi9D,YAAc,EAKnBj9D,KAAK0/D,aAAe,EACpB1/D,KAAK+/D,WAAa,EAClB//D,KAAKggE,gBAAkB,EACvBhgE,KAAKk9D,SAAW,EAChBl9D,KAAK2+D,YAAc,EACnB3+D,KAAK0+D,UAAY,EAEjB1+D,KAAK+9D,YAAc,EAKnB/9D,KAAK49D,iBAAmB,EAMxB59D,KAAK4/D,eAAiB,EAYtB5/D,KAAKq6D,MAAQ,EACbr6D,KAAK26D,SAAW,EAEhB36D,KAAKy+D,WAAa,EAGlBz+D,KAAKg+D,WAAa,EAYlBh+D,KAAK+2D,UAAa,IAAIoK,GAAYpN,MAClC/zD,KAAKg3D,UAAa,IAAImK,GAAY,KAClCnhE,KAAKi3D,QAAa,IAAIkK,GAAY,IAClCrxD,GAAK9P,KAAK+2D,WACVjnD,GAAK9P,KAAKg3D,WACVlnD,GAAK9P,KAAKi3D,SAEVj3D,KAAKu5D,OAAW,KAChBv5D,KAAKw5D,OAAW,KAChBx5D,KAAKy5D,QAAW,KAGhBz5D,KAAK42D,SAAW,IAAIuK,GAAYnN,IAIhCh0D,KAAKkpB,KAAO,IAAIi4C,GAAY,KAC5BrxD,GAAK9P,KAAKkpB,MAEVlpB,KAAK43D,SAAW,EAChB53D,KAAKw4D,SAAW,EAKhBx4D,KAAKw3D,MAAQ,IAAI2J,GAAY,KAC7BrxD,GAAK9P,KAAKw3D,OAIVx3D,KAAKo4D,MAAQ,EAEbp4D,KAAKk7D,YAAc,EAoBnBl7D,KAAKo3D,SAAW,EAEhBp3D,KAAKm4D,MAAQ,EAMbn4D,KAAKk3D,QAAU,EACfl3D,KAAKm3D,WAAa,EAClBn3D,KAAKq3D,QAAU,EACfr3D,KAAKk/D,OAAS,EAGdl/D,KAAKs2D,OAAS,EAIdt2D,KAAKq2D,SAAW,GA6CpB,SAAS+K,GAAa9G,GACpB,MAAMlsC,EA9BR,SAA0BksC,GACxB,IAAIr8C,EAEJ,OAAKq8C,GAASA,EAAK9qB,OAInB8qB,EAAKkD,SAAWlD,EAAKwC,UAAY,EACjCxC,EAAKC,UAAYlH,GAEjBp1C,EAAIq8C,EAAK9qB,MACTvxB,EAAEupB,QAAU,EACZvpB,EAAE2+C,YAAc,EAEZ3+C,EAAE8sC,KAAO,IACX9sC,EAAE8sC,MAAQ9sC,EAAE8sC,MAGd9sC,EAAE2iD,OAAU3iD,EAAE8sC,KAAO8Q,GAAaK,GAClC5B,EAAKc,MAAoB,IAAXn9C,EAAE8sC,KACd,EAEA,EACF9sC,EAAE+iD,WAAa/O,GACfoP,GAAepjD,GACRu0C,IArBE/Q,GAAI6Y,EAAM3H,GAsBrB,CAIc2O,CAAiBhH,GAI7B,OAHIlsC,IAAQokC,IAnPd,SAAiBv0C,GACfA,EAAE8gD,YAAc,EAAI9gD,EAAEigD,OAGtBpuD,GAAKmO,EAAEghD,MAIPhhD,EAAE2hD,eAAiBW,GAAoBtiD,EAAEo8C,OAAO8F,SAChDliD,EAAEwgD,WAAa8B,GAAoBtiD,EAAEo8C,OAAO6F,YAC5CjiD,EAAE+/C,WAAauC,GAAoBtiD,EAAEo8C,OAAO+F,YAC5CniD,EAAE2/C,iBAAmB2C,GAAoBtiD,EAAEo8C,OAAOgG,UAElDpiD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEygD,UAAY,EACdzgD,EAAEihD,OAAS,EACXjhD,EAAEyhD,aAAezhD,EAAE8/C,YAAcrC,GAAY,EAC7Cz9C,EAAE+hD,gBAAkB,EACpB/hD,EAAEkhD,MAAQ,CACZ,CAgOIoC,CAAQjH,EAAK9qB,OAERphB,CACT,CA6FA,SAASozC,GAAQlH,EAAMiF,GACrB,IAAIkC,EAAWxjD,EACXyjD,EAAKj8B,EAET,IAAK60B,IAASA,EAAK9qB,OACjB+vB,EAAQjN,IAAWiN,EAAQ,EAC3B,OAAOjF,EAAO7Y,GAAI6Y,EAAM3H,IAAkBA,GAK5C,GAFA10C,EAAIq8C,EAAK9qB,OAEJ8qB,EAAKrwD,SACNqwD,EAAKh6D,OAA2B,IAAlBg6D,EAAKgD,UACpBr/C,EAAE2iD,SAAWzE,IAAgBoD,IAAUlN,GACxC,OAAO5Q,GAAI6Y,EAA0B,IAAnBA,EAAKqC,UAAmB9J,GAAcF,IAQ1D,GALA10C,EAAEq8C,KAAOA,EACTmH,EAAYxjD,EAAE+iD,WACd/iD,EAAE+iD,WAAazB,EAGXthD,EAAE2iD,SAAW/E,GAEf,GAAe,IAAX59C,EAAE8sC,KACJuP,EAAKc,MAAQ,EACb+B,GAASl/C,EAAG,IACZk/C,GAASl/C,EAAG,KACZk/C,GAASl/C,EAAG,GACPA,EAAE4iD,QAaL1D,GAASl/C,GAAIA,EAAE4iD,OAAOxqD,KAAO,EAAI,IAC9B4H,EAAE4iD,OAAOc,KAAO,EAAI,IACnB1jD,EAAE4iD,OAAO5I,MAAY,EAAJ,IACjBh6C,EAAE4iD,OAAOv1D,KAAW,EAAJ,IAChB2S,EAAE4iD,OAAOe,QAAc,GAAJ,IAEvBzE,GAASl/C,EAAmB,IAAhBA,EAAE4iD,OAAO3lD,MACrBiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,EAAK,KACnCiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,GAAM,KACpCiiD,GAASl/C,EAAIA,EAAE4iD,OAAO3lD,MAAQ,GAAM,KACpCiiD,GAASl/C,EAAe,IAAZA,EAAEo8C,MAAc,EACzBp8C,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EACzC,EAAI,GACR8C,GAASl/C,EAAiB,IAAdA,EAAE4iD,OAAOgB,IACjB5jD,EAAE4iD,OAAO5I,OAASh6C,EAAE4iD,OAAO5I,MAAM72D,SACnC+7D,GAASl/C,EAA2B,IAAxBA,EAAE4iD,OAAO5I,MAAM72D,QAC3B+7D,GAASl/C,EAAIA,EAAE4iD,OAAO5I,MAAM72D,QAAU,EAAK,MAEzC6c,EAAE4iD,OAAOc,OACXrH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAS,IAE3DvpB,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS9E,KAlCXqB,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAG,GACZk/C,GAASl/C,EAAe,IAAZA,EAAEo8C,MAAc,EACzBp8C,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EACzC,EAAI,GACR8C,GAASl/C,EAAGu+C,IACZv+C,EAAE2iD,OAAS1E,QA6Bf,CACE,IAAIx3C,EAAU4uC,IAAer1C,EAAEgjD,OAAS,GAAM,IAAO,EACjDa,GAAe,EAGjBA,EADE7jD,EAAE08C,UAAY3H,IAAkB/0C,EAAEo8C,MAAQ,EAC9B,EACLp8C,EAAEo8C,MAAQ,EACL,EACO,IAAZp8C,EAAEo8C,MACG,EAEA,EAEhB31C,GAAWo9C,GAAe,EACP,IAAf7jD,EAAEi/C,WAAkBx4C,GAAUk3C,IAClCl3C,GAAU,GAAMA,EAAS,GAEzBzG,EAAE2iD,OAAS1E,GACXkB,GAAYn/C,EAAGyG,GAGI,IAAfzG,EAAEi/C,WACJE,GAAYn/C,EAAGq8C,EAAKc,QAAU,IAC9BgC,GAAYn/C,EAAgB,MAAbq8C,EAAKc,QAEtBd,EAAKc,MAAQ,EAKjB,GAAIn9C,EAAE2iD,SAAW9E,GACf,GAAI79C,EAAE4iD,OAAO5I,MAAqB,CAGhC,IAFAyJ,EAAMzjD,EAAEupB,QAEDvpB,EAAE6iD,SAAmC,MAAxB7iD,EAAE4iD,OAAO5I,MAAM72D,UAC7B6c,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,oBAItBtD,GAASl/C,EAA+B,IAA5BA,EAAE4iD,OAAO5I,MAAMh6C,EAAE6iD,UAC7B7iD,EAAE6iD,UAEA7iD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAE7DzjD,EAAE6iD,UAAY7iD,EAAE4iD,OAAO5I,MAAM72D,SAC/B6c,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS7E,SAIb99C,EAAE2iD,OAAS7E,GAGf,GAAI99C,EAAE2iD,SAAW7E,GACf,GAAI99C,EAAE4iD,OAAOv1D,KAAoB,CAC/Bo2D,EAAMzjD,EAAEupB,QAGR,EAAG,CACD,GAAIvpB,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADExnB,EAAE6iD,QAAU7iD,EAAE4iD,OAAOv1D,KAAKlK,OACkB,IAAxC6c,EAAE4iD,OAAOv1D,KAAKsR,WAAWqB,EAAE6iD,WAE3B,EAER3D,GAASl/C,EAAGwnB,SACG,IAARA,GAELxnB,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFxnB,EAAE6iD,QAAU,EACZ7iD,EAAE2iD,OAAS5E,SAIb/9C,EAAE2iD,OAAS5E,GAGf,GAAI/9C,EAAE2iD,SAAW5E,GACf,GAAI/9C,EAAE4iD,OAAOe,QAAuB,CAClCF,EAAMzjD,EAAEupB,QAGR,EAAG,CACD,GAAIvpB,EAAEupB,UAAYvpB,EAAEwiD,mBACdxiD,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMzjD,EAAEupB,QACJvpB,EAAEupB,UAAYvpB,EAAEwiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADExnB,EAAE6iD,QAAU7iD,EAAE4iD,OAAOe,QAAQxgE,OACkB,IAA3C6c,EAAE4iD,OAAOe,QAAQhlD,WAAWqB,EAAE6iD,WAE9B,EAER3D,GAASl/C,EAAGwnB,SACG,IAARA,GAELxnB,EAAE4iD,OAAOc,MAAQ1jD,EAAEupB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOn9C,EAAEk4C,YAAal4C,EAAEupB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFxnB,EAAE2iD,OAAS3E,SAIbh+C,EAAE2iD,OAAS3E,GAsBf,GAnBIh+C,EAAE2iD,SAAW3E,KACXh+C,EAAE4iD,OAAOc,MACP1jD,EAAEupB,QAAU,EAAIvpB,EAAEwiD,kBACpB/D,GAAcpC,GAEZr8C,EAAEupB,QAAU,GAAKvpB,EAAEwiD,mBACrBtD,GAASl/C,EAAgB,IAAbq8C,EAAKc,OACjB+B,GAASl/C,EAAIq8C,EAAKc,OAAS,EAAK,KAChCd,EAAKc,MAAQ,EACbn9C,EAAE2iD,OAAS1E,KAIbj+C,EAAE2iD,OAAS1E,IAMG,IAAdj+C,EAAEupB,SAEJ,GADAk1B,GAAcpC,GACS,IAAnBA,EAAKqC,UAQP,OADA1+C,EAAE+iD,YAAc,EACTxO,QAOJ,GAAsB,IAAlB8H,EAAKgD,UAAkBvC,GAAKwE,IAAUxE,GAAK0G,IACpDlC,IAAUlN,GACV,OAAO5Q,GAAI6Y,EAAMzH,IAInB,GAAI50C,EAAE2iD,SAAWzE,IAAkC,IAAlB7B,EAAKgD,SACpC,OAAO7b,GAAI6Y,EAAMzH,IAKnB,GAAsB,IAAlByH,EAAKgD,UAAkC,IAAhBr/C,EAAEygD,WAC1Ba,IAAUtN,IAAch0C,EAAE2iD,SAAWzE,GAAe,CACrD,IAAI4F,EAAU9jD,EAAE08C,WAAa3H,GAvqBjC,SAAsB/0C,EAAGshD,GACvB,IAAIE,EAEJ,OAAU,CAER,GAAoB,IAAhBxhD,EAAEygD,YACJE,GAAY3gD,GACQ,IAAhBA,EAAEygD,WAAiB,CACrB,GAAIa,IAAUtN,GACZ,OAAOmK,GAET,MAWJ,GANAn+C,EAAEyhD,aAAe,EAGjBD,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAC1Cj/C,EAAEygD,YACFzgD,EAAEi/C,WACEuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CAqnBmD2F,CAAa/jD,EAAGshD,GAC5DthD,EAAE08C,WAAa1H,GAvwBtB,SAAqBh1C,EAAGshD,GACtB,IAAIE,EACA/2D,EACAm1D,EAAMS,EAEV,MAAMH,EAAOlgD,EAAE47C,OAEf,OAAU,CAKR,GAAI57C,EAAEygD,WAAa3J,GAAW,CAE5B,GADA6J,GAAY3gD,GACRA,EAAEygD,WAAa3J,IAAawK,IAAUtN,GACxC,OAAOmK,GAET,GAAoB,IAAhBn+C,EAAEygD,UAAmB,MAK3B,GADAzgD,EAAEyhD,aAAe,EACbzhD,EAAEygD,WAAahD,IAAaz9C,EAAEi/C,SAAW,IAC3CW,EAAO5/C,EAAEi/C,SAAW,EACpBx0D,EAAOy1D,EAAKN,GACRn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAAO,CAC3ES,EAASrgD,EAAEi/C,SAAWnI,GACtB,UAESrsD,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IAClDn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACzCn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACzCn1D,IAASy1D,IAAON,IAASn1D,IAASy1D,IAAON,IACvCA,EAAOS,GACTrgD,EAAEyhD,aAAe3K,IAAauJ,EAAST,GACnC5/C,EAAEyhD,aAAezhD,EAAEygD,YACrBzgD,EAAEyhD,aAAezhD,EAAEygD,WAyBzB,GAlBIzgD,EAAEyhD,cAAgBhE,IAIpB+D,EAASE,GAAgB1hD,EAAG,EAAGA,EAAEyhD,aAAehE,IAEhDz9C,EAAEygD,WAAazgD,EAAEyhD,aACjBzhD,EAAEi/C,UAAYj/C,EAAEyhD,aAChBzhD,EAAEyhD,aAAe,IAKjBD,EAASE,GAAgB1hD,EAAG,EAAGA,EAAE47C,OAAO57C,EAAEi/C,WAE1Cj/C,EAAEygD,YACFzgD,EAAEi/C,YAEAuC,IAEF1C,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACT,OAAOP,GAMb,OADAn+C,EAAEihD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,UACFL,GAGFC,IAELt+C,EAAEm5C,WAEJ2F,GAAiB9+C,GAAG,GACK,IAArBA,EAAEq8C,KAAKqC,WACFP,GAIJC,EACT,CA8qB8B4F,CAAYhkD,EAAGshD,GACrCgB,GAAoBtiD,EAAEo8C,OAAOiG,KAAKriD,EAAGshD,GAKzC,GAHIwC,IAAWzF,IAAqByF,IAAWxF,KAC7Ct+C,EAAE2iD,OAASzE,IAET4F,IAAW3F,IAAgB2F,IAAWzF,GAKxC,OAJuB,IAAnBhC,EAAKqC,YACP1+C,EAAE+iD,YAAc,GAGXxO,GAST,GAAIuP,IAAW1F,KACTkD,IAAUrN,GACZgQ,GAAgBjkD,GAETshD,IAAUjN,KAEjB6P,GAAuBlkD,EAAG,EAAG,GAAG,GAI5BshD,IAAUnN,KAEZtiD,GAAKmO,EAAEghD,MAEa,IAAhBhhD,EAAEygD,YACJzgD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEihD,OAAS,KAIjBxC,GAAcpC,GACS,IAAnBA,EAAKqC,WAEP,OADA1+C,EAAE+iD,YAAc,EACTxO,GAOb,OAAI+M,IAAUlN,GAAmBG,GAC7Bv0C,EAAE8sC,MAAQ,EAAY0H,IAGX,IAAXx0C,EAAE8sC,MACJoS,GAASl/C,EAAgB,IAAbq8C,EAAKc,OACjB+B,GAASl/C,EAAIq8C,EAAKc,OAAS,EAAK,KAChC+B,GAASl/C,EAAIq8C,EAAKc,OAAS,GAAM,KACjC+B,GAASl/C,EAAIq8C,EAAKc,OAAS,GAAM,KACjC+B,GAASl/C,EAAmB,IAAhBq8C,EAAKkD,UACjBL,GAASl/C,EAAIq8C,EAAKkD,UAAY,EAAK,KACnCL,GAASl/C,EAAIq8C,EAAKkD,UAAY,GAAM,KACpCL,GAASl/C,EAAIq8C,EAAKkD,UAAY,GAAM,OAGpCJ,GAAYn/C,EAAGq8C,EAAKc,QAAU,IAC9BgC,GAAYn/C,EAAgB,MAAbq8C,EAAKc,QAGtBsB,GAAcpC,GAIVr8C,EAAE8sC,KAAO,IAAK9sC,EAAE8sC,MAAQ9sC,EAAE8sC,MAET,IAAd9sC,EAAEupB,QAAgBgrB,GAAOC,GAClC,CChqDA,IACI/3C,OAAOsC,aAAaC,KAAM,KAAQ,EACtC,CAAE,MAAOmlD,GAET,CACA,IACI1nD,OAAOsC,aAAaC,MAAM,KAAM,IAAIla,WAAW,GACnD,CAAE,MAAOq/D,GAET,CAMA,MAAMC,GAAW,IAAIC,GAAW,KAChC,IAAK,IAAI5zD,EAAI,EAAGA,EAAI,IAAKA,IACrB2zD,GAAS3zD,GAAKA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAI,EAMtF,SAAS6zD,GAAY7lD,GACxB,IAAIF,EAAGqR,EAAI20C,EAAOr/D,EAAGs/D,EAAU,EAC/B,MAAMC,EAAUhmD,EAAItb,OAGpB,IAAKohE,EAAQ,EAAGA,EAAQE,EAASF,IAC7BhmD,EAAIE,EAAIE,WAAW4lD,GACE,QAAZ,MAAJhmD,IAA0BgmD,EAAQ,EAAIE,IACvC70C,EAAKnR,EAAIE,WAAW4lD,EAAQ,GACN,QAAZ,MAAL30C,KACDrR,EAAI,OAAWA,EAAI,OAAU,KAAOqR,EAAK,OACzC20C,MAGRC,GAAWjmD,EAAI,IAAO,EAAIA,EAAI,KAAQ,EAAIA,EAAI,MAAU,EAAI,EAIhE,MAAM+E,EAAM,IAAI+gD,GAAWG,GAG3B,IAAKt/D,EAAI,EAAGq/D,EAAQ,EAAGr/D,EAAIs/D,EAASD,IAChChmD,EAAIE,EAAIE,WAAW4lD,GACE,QAAZ,MAAJhmD,IAA0BgmD,EAAQ,EAAIE,IACvC70C,EAAKnR,EAAIE,WAAW4lD,EAAQ,GACN,QAAZ,MAAL30C,KACDrR,EAAI,OAAWA,EAAI,OAAU,KAAOqR,EAAK,OACzC20C,MAGJhmD,EAAI,IAEJ+E,EAAIpe,KAAOqZ,EACJA,EAAI,MAEX+E,EAAIpe,KAAO,IAAOqZ,IAAM,EACxB+E,EAAIpe,KAAO,IAAW,GAAJqZ,GACXA,EAAI,OAEX+E,EAAIpe,KAAO,IAAOqZ,IAAM,GACxB+E,EAAIpe,KAAO,IAAOqZ,IAAM,EAAI,GAC5B+E,EAAIpe,KAAO,IAAW,GAAJqZ,IAGlB+E,EAAIpe,KAAO,IAAOqZ,IAAM,GACxB+E,EAAIpe,KAAO,IAAOqZ,IAAM,GAAK,GAC7B+E,EAAIpe,KAAO,IAAOqZ,IAAM,EAAI,GAC5B+E,EAAIpe,KAAO,IAAW,GAAJqZ,GAI1B,OAAO+E,CACX,CAxDA8gD,GAAS,KAAOA,GAAS,KAAO,ECbjB,MAAMM,GACnB7iE,cAEEE,KAAKM,MAAQ,KACbN,KAAKu9D,QAAU,EAEfv9D,KAAKs9D,SAAW,EAEhBt9D,KAAKw9D,SAAW,EAEhBx9D,KAAKiK,OAAS,KACdjK,KAAK68D,SAAW,EAEhB78D,KAAK28D,UAAY,EAEjB38D,KAAK88D,UAAY,EAEjB98D,KAAK0lC,IAAM,GAEX1lC,KAAKwvC,MAAQ,KAEbxvC,KAAKu6D,UAAY,EAEjBv6D,KAAKo7D,MAAQ,GCiEjB,MAAMwH,GACJ9iE,YAAYmF,GACVjF,KAAKiF,QAAU,CACbo1D,MAAOvH,GACPiO,OAAQzN,GACRuP,UAAW,MACXC,WAAY,GACZC,SAAU,EACVpI,SR/DkC,KQgE9B11D,GAAW,IAGjB,MAAM+9D,EAAMhjE,KAAKiF,QAEb+9D,EAAIC,KAAQD,EAAIF,WAAa,EAC/BE,EAAIF,YAAcE,EAAIF,WAGfE,EAAIE,MAASF,EAAIF,WAAa,GAAOE,EAAIF,WAAa,KAC7DE,EAAIF,YAAc,IAGpB9iE,KAAKyhD,IAAS,EACdzhD,KAAK0lC,IAAS,GACd1lC,KAAKmjE,OAAS,EACdnjE,KAAK4xD,OAAS,GAEd5xD,KAAKs6D,KAAO,IAAIqI,GAChB3iE,KAAKs6D,KAAKqC,UAAY,EAEtB,IH+nCsBrC,EAAM2E,EG/nCxB2B,EHuoCR,SAAsBtG,EAAMD,EAAO0G,EAAQ+B,EAAYC,EAAUpI,GAC/D,IAAKL,EACH,OAAO3H,GAET,IAAI5H,EAAO,EAiBX,GAfIsP,IAAUvH,KACZuH,EAAQ,GAGNyI,EAAa,GACf/X,EAAO,EACP+X,GAAcA,GAGPA,EAAa,KACpB/X,EAAO,EACP+X,GAAc,IAIZC,EAAW,GAAKA,EAAWtH,IAAiBsF,IAAWzN,IACzDwP,EAAa,GAAKA,EAAa,IAAMzI,EAAQ,GAAKA,EAAQ,GAC1DM,EAAW,GAAKA,EAAWzH,GAC3B,OAAOzR,GAAI6Y,EAAM3H,IAIA,IAAfmQ,IACFA,EAAa,GAIf,MAAM7kD,EAAI,IAAI0iD,GAyCd,OAvCArG,EAAK9qB,MAAQvxB,EACbA,EAAEq8C,KAAOA,EAETr8C,EAAE8sC,KAAOA,EACT9sC,EAAE4iD,OAAS,KACX5iD,EAAEgjD,OAAS6B,EACX7kD,EAAEigD,OAAS,GAAKjgD,EAAEgjD,OAClBhjD,EAAEogD,OAASpgD,EAAEigD,OAAS,EAEtBjgD,EAAEijD,UAAY6B,EAAW,EACzB9kD,EAAE+gD,UAAY,GAAK/gD,EAAEijD,UACrBjjD,EAAEohD,UAAYphD,EAAE+gD,UAAY,EAC5B/gD,EAAEmhD,eAAiBnhD,EAAEijD,UAAYxF,GAAY,GAAKA,IAClDz9C,EAAE47C,OAAS,IAAIyI,GAAsB,EAAXrkD,EAAEigD,QAC5BjgD,EAAEghD,KAAO,IAAIkC,GAAYljD,EAAE+gD,WAC3B/gD,EAAEvV,KAAO,IAAIy4D,GAAYljD,EAAEigD,QAK3BjgD,EAAEi9C,YAAc,GAAM6H,EAAW,EAEjC9kD,EAAEwiD,iBAAmC,EAAhBxiD,EAAEi9C,YAIvBj9C,EAAEk4C,YAAc,IAAImM,GAAWrkD,EAAEwiD,kBAIjCxiD,EAAEk6C,MAAQ,EAAIl6C,EAAEi9C,YAGhBj9C,EAAEm6C,MAAQ,EAAUn6C,EAAEi9C,YAEtBj9C,EAAEo8C,MAAQA,EACVp8C,EAAE08C,SAAWA,EACb18C,EAAE8iD,OAASA,EAEJK,GAAa9G,EACtB,CGltCiB8I,CACXpjE,KAAKs6D,KACL0I,EAAI3I,MACJ2I,EAAIjC,OACJiC,EAAIF,WACJE,EAAID,SACJC,EAAIrI,UAGN,GAAIiG,IAAWpO,GACb,MAAUpvD,MAAMsiC,GAAIk7B,IAOtB,GAJIoC,EAAIt+C,SHknCc41C,EGjnCUt6D,KAAKs6D,KHinCT2E,EGjnCe+D,EAAIt+C,OHknC5C41C,GAASA,EAAK9qB,QACK,IAApB8qB,EAAK9qB,MAAMub,OACfuP,EAAK9qB,MAAMqxB,OAAS5B,KGjnCd+D,EAAIK,WAAY,CAClB,IAAIC,EAaJ,GATEA,EAF4B,iBAAnBN,EAAIK,WAENE,GAAmBP,EAAIK,YACrBL,EAAIK,sBAAsB79C,YAC5B,IAAIziB,WAAWigE,EAAIK,YAEnBL,EAAIK,WAGbzC,EHsiDN,SAA8BtG,EAAM+I,GAClC,IAEIplD,EACAvB,EAAKlQ,EACLu+C,EACAyY,EACAC,EACAnjE,EACAojE,EARAC,EAAaN,EAAWjiE,OAU5B,IAAKk5D,IAAsBA,EAAK9qB,MAC9B,OAAOmjB,GAMT,GAHA10C,EAAIq8C,EAAK9qB,MACTub,EAAO9sC,EAAE8sC,KAEI,IAATA,GAAwB,IAATA,GAAc9sC,EAAE2iD,SAAW/E,IAAe59C,EAAEygD,UAC7D,OAAO/L,GAmCT,IA/Ba,IAAT5H,IAEFuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAOiI,EAAYM,EAAY,IAG3D1lD,EAAE8sC,KAAO,EAGL4Y,GAAc1lD,EAAEigD,SACL,IAATnT,IAEFj7C,GAAKmO,EAAEghD,MACPhhD,EAAEi/C,SAAW,EACbj/C,EAAEg/C,YAAc,EAChBh/C,EAAEihD,OAAS,GAIbwE,EAAU,IAAIpB,GAAWrkD,EAAEigD,QAC3BtE,GAAe8J,EAASL,EAAYM,EAAa1lD,EAAEigD,OAAQjgD,EAAEigD,OAAQ,GACrEmF,EAAaK,EACbC,EAAa1lD,EAAEigD,QAGjBsF,EAAQlJ,EAAKgD,SACbmG,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACbg6D,EAAKgD,SAAWqG,EAChBrJ,EAAKiD,QAAU,EACfjD,EAAKh6D,MAAQ+iE,EACbzE,GAAY3gD,GACLA,EAAEygD,WAAahD,IAAW,CAC/Bh/C,EAAMuB,EAAEi/C,SACR1wD,EAAIyR,EAAEygD,WAAahD,GAAY,GAC/B,GAEEz9C,EAAEkhD,OAAUlhD,EAAEkhD,OAASlhD,EAAEmhD,WAAcnhD,EAAE47C,OAAOn9C,EAAMg/C,GAAY,IAAMz9C,EAAEohD,UAE1EphD,EAAEvV,KAAKgU,EAAMuB,EAAEogD,QAAUpgD,EAAEghD,KAAKhhD,EAAEkhD,OAElClhD,EAAEghD,KAAKhhD,EAAEkhD,OAASziD,EAClBA,YACSlQ,GACXyR,EAAEi/C,SAAWxgD,EACbuB,EAAEygD,UAAYhD,GAAY,EAC1BkD,GAAY3gD,GAYd,OAVAA,EAAEi/C,UAAYj/C,EAAEygD,UAChBzgD,EAAEg/C,YAAch/C,EAAEi/C,SAClBj/C,EAAEihD,OAASjhD,EAAEygD,UACbzgD,EAAEygD,UAAY,EACdzgD,EAAEyhD,aAAezhD,EAAE8/C,YAAcrC,GAAY,EAC7Cz9C,EAAE+hD,gBAAkB,EACpB1F,EAAKiD,QAAUkG,EACfnJ,EAAKh6D,MAAQA,EACbg6D,EAAKgD,SAAWkG,EAChBvlD,EAAE8sC,KAAOA,EACFyH,EACT,CGvnDeoR,CAAkC5jE,KAAKs6D,KAAMgJ,GAElD1C,IAAWpO,GACb,MAAUpvD,MAAMsiC,GAAIk7B,IAGtB5gE,KAAK6jE,WAAY,GAiCrBhiE,KAAKqI,EAAMikB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,IAAgB7iE,KACzC,IAAI4gE,EAAQkD,EAEZ,GAAI9jE,KAAKmjE,MAAS,OAAO,EAEzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBkkC,GAAWJ,GAG7C,iBAAT/nD,EAETowD,EAAKh6D,MAAQijE,GAAmBr5D,GACvBA,aAAgBsb,YACzB80C,EAAKh6D,MAAQ,IAAIyC,WAAWmH,GAE5BowD,EAAKh6D,MAAQ4J,EAGfowD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAKh6D,MAAMc,OAE3B,EAAG,CAQD,GAPuB,IAAnBk5D,EAAKqC,YACPrC,EAAKrwD,OAAS,IAAIq4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,IAEnBjC,EAASmD,GAAqBzJ,EAAMwJ,MAErBrR,IAAgBmO,IAAWpO,GAGxC,OAFAxyD,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,GACN,EAEc,IAAnB7I,EAAKqC,YAAsC,IAAlBrC,EAAKgD,UAAmBwG,IAAUzR,IAAYyR,IAAU3R,KACnFnyD,KAAKikE,OAAOC,GAAgB5J,EAAKrwD,OAAQqwD,EAAKuC,kBAExCvC,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAWnO,IAGnE,OAAIqR,IAAUzR,IACZuO,EHy7CN,SAAoBtG,GAClB,IAAIsG,EAEJ,OAAKtG,GAAsBA,EAAK9qB,OAIhCoxB,EAAStG,EAAK9qB,MAAMoxB,OAChBA,IAAW/E,IACb+E,IAAW9E,IACX8E,IAAW7E,IACX6E,IAAW5E,IACX4E,IAAW3E,IACX2E,IAAW1E,IACX0E,IAAWzE,GAEJ1a,GAAI6Y,EAAM3H,KAGnB2H,EAAK9qB,MAAQ,KAENoxB,IAAW1E,GAAaza,GAAI6Y,EAAM1H,IAAgBJ,KAjBhDG,EAkBX,CG/8CewR,CAAwBnkE,KAAKs6D,MACtCt6D,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,EACNvC,IAAWpO,IAIhBsR,IAAU3R,KACZnyD,KAAKgkE,MAAMxR,IACX8H,EAAKqC,UAAY,GACV,GAcXsH,OAAOliE,GACL/B,KAAK4xD,OAAO/vD,KAAKE,GAanBiiE,MAAMpD,GAEAA,IAAWpO,KACbxyD,KAAKyB,OAAS2iE,GAAoBpkE,KAAK4xD,SAEzC5xD,KAAK4xD,OAAS,GACd5xD,KAAKyhD,IAAMmf,EACX5gE,KAAK0lC,IAAM1lC,KAAKs6D,KAAK50B,KC/QzB,MAAM2+B,GAAM,GACNC,GAAO,GAqCE,SAASC,GAAajK,EAAMt2D,GACvC,IAAIwgE,EACAC,EAEAC,EACA/lD,EACAgmD,EACAC,EAEAz0D,EACA8lD,EACA7zC,EACAyiD,EAKJ,MAAMr1B,EAAQ8qB,EAAK9qB,MAEnBg1B,EAAMlK,EAAKiD,QACX,MAAMj9D,EAAQg6D,EAAKh6D,MACbke,EAAOgmD,GAAOlK,EAAKgD,SAAW,GACpCmH,EAAOnK,EAAKuC,SACZ,MAAM5yD,EAASqwD,EAAKrwD,OACdy3D,EAAM+C,GAAQzgE,EAAQs2D,EAAKqC,WAC3BhxD,EAAM84D,GAAQnK,EAAKqC,UAAY,KAE/BmI,EAAOt1B,EAAMs1B,KAEbC,EAAQv1B,EAAMu1B,MACdC,EAAQx1B,EAAMw1B,MACdC,EAAQz1B,EAAMy1B,MACdC,EAAW11B,EAAMqqB,OACvB6K,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KACb,MAAMwmD,EAAQ31B,EAAM41B,QACdC,EAAQ71B,EAAM81B,SACdC,GAAS,GAAK/1B,EAAMg2B,SAAW,EAC/BC,GAAS,GAAKj2B,EAAMk2B,UAAY,EAMtCC,EACA,EAAG,CACKhnD,EAAO,KACP+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACR+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAGZgmD,EAAOQ,EAAMT,EAAOa,GAEpBK,EACA,OAAS,CAKL,GAJAhB,EAAKD,IAAS,GACdD,KAAUE,EACVjmD,GAAQimD,EACRA,EAAKD,IAAS,GAAK,IACR,IAAPC,EAIA36D,EAAOw6D,KAAiB,MAAPE,MACd,MAAS,GAALC,GAkKJ,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOQ,GAAc,MAAPR,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASgB,EACN,GAAS,GAALhB,EAAS,CAEhBp1B,EAAMrhB,KAAOm2C,GACb,MAAMqB,EAENrL,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA3KNx1D,EAAa,MAAPw0D,EACNC,GAAM,GACFA,IACIjmD,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAEZxO,GAAOu0D,GAAQ,GAAKE,GAAM,EAC1BF,KAAUE,EACVjmD,GAAQimD,GAGRjmD,EAAO,KACP+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACR+lD,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,GAEZgmD,EAAOU,EAAMX,EAAOe,GAEpBI,EACA,OAAS,CAML,GALAjB,EAAKD,IAAS,GACdD,KAAUE,EACVjmD,GAAQimD,EACRA,EAAKD,IAAS,GAAK,MAEV,GAALC,GA2HG,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOU,GAAc,MAAPV,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASiB,EAETvL,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EApHN,GAZA1P,EAAc,MAAP0O,EACPC,GAAM,GACFjmD,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,EACJA,EAAOimD,IACPF,GAAQpkE,EAAMkkE,MAAU7lD,EACxBA,GAAQ,IAGhBs3C,GAAQyO,GAAQ,GAAKE,GAAM,EAEvB3O,EAAO6O,EAAM,CACbxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EAOV,GAJAjB,KAAUE,EACVjmD,GAAQimD,EAERA,EAAKH,EAAO/C,EACRzL,EAAO2O,EAAI,CAEX,GADAA,EAAK3O,EAAO2O,EACRA,EAAKI,GACDx1B,EAAMs2B,KAAM,CACZxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA2Bd,GAFAvjD,EAAO,EACPyiD,EAAcK,EACA,IAAVD,GAEA,GADA7iD,GAAQ2iD,EAAQH,EACZA,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,QAEf,GAAIg7D,EAAQL,GAGf,GAFAxiD,GAAQ2iD,EAAQE,EAAQL,EACxBA,GAAMK,EACFL,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GAEX,GADAxiD,EAAO,EACH6iD,EAAQ90D,EAAK,CACby0D,EAAKK,EACL90D,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,SAKtB,GADAmY,GAAQ6iD,EAAQL,EACZA,EAAKz0D,EAAK,CACVA,GAAOy0D,EACP,GACI36D,EAAOw6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc56D,EAGtB,KAAOkG,EAAM,GACTlG,EAAOw6D,KAAUI,EAAYziD,KAC7BnY,EAAOw6D,KAAUI,EAAYziD,KAC7BnY,EAAOw6D,KAAUI,EAAYziD,KAC7BjS,GAAO,EAEPA,IACAlG,EAAOw6D,KAAUI,EAAYziD,KACzBjS,EAAM,IACNlG,EAAOw6D,KAAUI,EAAYziD,WAGlC,CACHA,EAAOqiD,EAAOxO,EACd,GACIhsD,EAAOw6D,KAAUx6D,EAAOmY,KACxBnY,EAAOw6D,KAAUx6D,EAAOmY,KACxBnY,EAAOw6D,KAAUx6D,EAAOmY,KACxBjS,GAAO,QACFA,EAAM,GACXA,IACAlG,EAAOw6D,KAAUx6D,EAAOmY,KACpBjS,EAAM,IACNlG,EAAOw6D,KAAUx6D,EAAOmY,OAaxC,OAeR,aAECoiD,EAAMhmD,GAAQimD,EAAO94D,GAG9BwE,EAAMwO,GAAQ,EACd6lD,GAAOr0D,EACPwO,GAAQxO,GAAO,EACfu0D,IAAS,GAAK/lD,GAAQ,EAGtB27C,EAAKiD,QAAUiH,EACflK,EAAKuC,SAAW4H,EAChBnK,EAAKgD,SAAWkH,EAAMhmD,EAAYA,EAAOgmD,EAAZ,EAAmB,GAAKA,EAAMhmD,GAC3D87C,EAAKqC,UAAY8H,EAAO94D,EAAaA,EAAM84D,EAAb,IAAqB,KAAOA,EAAO94D,GACjE6jC,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,CAEjB,CCxSA,MAAMonD,GAAU,GACVC,GAAc,IACdC,GAAe,IAGfC,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAERC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,EAAG,GAG3DC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAGtDC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IACtD,IAAK,IAAK,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KAClD,KAAM,MAAO,MAAO,MAAO,EAAG,GAG5BC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACpC,GAAI,GAAI,GAAI,GAAI,GAAI,IAGT,SAASC,GAAcrsD,EAAMssD,EAAMC,EAAYC,EAAOtL,EAAOuL,EAAaC,EAAMxiB,GAC3F,MAAM3lC,EAAO2lC,EAAK3lC,KAGlB,IASIooD,EACA5mB,EACA6mB,EACAvD,EAIA93D,EAhBAwE,EAAM,EACN82D,EAAM,EACN/oB,EAAM,EAAGnyC,EAAM,EACfm7D,EAAO,EACPp2C,EAAO,EACPq2C,EAAO,EACP/yC,EAAO,EACPgzC,EAAO,EACPC,EAAO,EAKP5O,EAAO,KACP6O,EAAa,EAGjB,MAAMxjC,EAAQ,IAAIq9B,GAAY4E,GAAU,GAClCwB,EAAO,IAAIpG,GAAY4E,GAAU,GACvC,IAGIyB,EAAWC,EAASC,EAHpBzP,EAAQ,KACR0P,EAAc,EAoClB,IAAKx3D,EAAM,EAAGA,GAAO41D,GAAS51D,IAC1B2zB,EAAM3zB,GAAO,EAEjB,IAAK82D,EAAM,EAAGA,EAAML,EAAOK,IACvBnjC,EAAM4iC,EAAKC,EAAaM,MAK5B,IADAC,EAAOvoD,EACF5S,EAAMg6D,GAASh6D,GAAO,GACJ,IAAf+3B,EAAM/3B,GADgBA,KAQ9B,GAHIm7D,EAAOn7D,IACPm7D,EAAOn7D,GAEC,IAARA,EAaA,OATAuvD,EAAMuL,KAAiB,SAMvBvL,EAAMuL,KAAiB,SAEvBviB,EAAK3lC,KAAO,EACL,EAEX,IAAKu/B,EAAM,EAAGA,EAAMnyC,GACG,IAAf+3B,EAAMoa,GADWA,KAWzB,IANIgpB,EAAOhpB,IACPgpB,EAAOhpB,GAIX9pB,EAAO,EACFjkB,EAAM,EAAGA,GAAO41D,GAAS51D,IAG1B,GAFAikB,IAAS,EACTA,GAAQ0P,EAAM3zB,GACVikB,EAAO,EACP,OAAQ,EAGhB,GAAIA,EAAO,IAAMha,IAAS8rD,IAAiB,IAARn6D,GAC/B,OAAQ,EAKZ,IADAw7D,EAAK,GAAK,EACLp3D,EAAM,EAAGA,EAAM41D,GAAS51D,IACzBo3D,EAAKp3D,EAAM,GAAKo3D,EAAKp3D,GAAO2zB,EAAM3zB,GAItC,IAAK82D,EAAM,EAAGA,EAAML,EAAOK,IACQ,IAA3BP,EAAKC,EAAaM,KAClBH,EAAKS,EAAKb,EAAKC,EAAaM,OAAWA,GAsC3C7sD,IAAS8rD,IACTzN,EAAOR,EAAQ6O,EACfn7D,EAAM,IAECyO,IAAS+rD,IAChB1N,EAAO4N,GACPiB,GAAc,IACdrP,EAAQqO,GACRqB,GAAe,IACfh8D,EAAM,MAGN8sD,EAAO8N,GACPtO,EAAQuO,GACR76D,GAAO,GAIX07D,EAAO,EACPJ,EAAM,EACN92D,EAAM+tC,EACNulB,EAAOoD,EACP/1C,EAAOo2C,EACPC,EAAO,EACPH,GAAO,EACPI,EAAO,GAAKF,EACZ,MAAMj1B,EAAOm1B,EAAO,EAGpB,GAAIhtD,IAAS+rD,IAAQiB,EAAOpB,IAC5B5rD,IAASgsD,IAASgB,EAAOnB,GACrB,OAAO,EAIX,OAAS,CAELuB,EAAYr3D,EAAMg3D,EACdL,EAAKG,GAAOt7D,GACZ87D,EAAU,EACVC,EAAWZ,EAAKG,IACTH,EAAKG,GAAOt7D,GACnB87D,EAAUxP,EAAM0P,EAAcb,EAAKG,IACnCS,EAAWjP,EAAK6O,EAAaR,EAAKG,MAElCQ,EAAU,GACVC,EAAW,GAIfX,EAAO,GAAK52D,EAAMg3D,EAClBhnB,EAAO,GAAKrvB,EACZotB,EAAMiC,EACN,GACIA,GAAQ4mB,EACRzL,EAAMmI,GAAQ4D,GAAQF,GAAQhnB,GAAQqnB,GAAa,GAAKC,GAAW,GAAKC,EAAU,QACpE,IAATvnB,GAIT,IADA4mB,EAAO,GAAK52D,EAAM,EACXk3D,EAAON,GACVA,IAAS,EAWb,GATa,IAATA,GACAM,GAAQN,EAAO,EACfM,GAAQN,GAERM,EAAO,EAIXJ,IACqB,KAAfnjC,EAAM3zB,GAAY,CACpB,GAAIA,IAAQpE,EACR,MAEJoE,EAAMu2D,EAAKC,EAAaG,EAAKG,IAIjC,GAAI92D,EAAM+2D,IAASG,EAAOp1B,KAAU+0B,EAAK,CAYrC,IAVa,IAATG,IACAA,EAAOD,GAIXzD,GAAQvlB,EAGRptB,EAAO3gB,EAAMg3D,EACb/yC,EAAO,GAAKtD,EACLA,EAAOq2C,EAAOp7D,IACjBqoB,GAAQ0P,EAAMhT,EAAOq2C,KACjB/yC,GAAQ,KAGZtD,IACAsD,IAAS,EAKb,GADAgzC,GAAQ,GAAKt2C,EACT1W,IAAS+rD,IAAQiB,EAAOpB,IAChC5rD,IAASgsD,IAASgB,EAAOnB,GACjB,OAAO,EAIXe,EAAMK,EAAOp1B,EAIbqpB,EAAM0L,GAAOE,GAAQ,GAAKp2C,GAAQ,GAAK2yC,EAAOoD,EAAa,GAiBnE,OAVa,IAATQ,IAIA/L,EAAMmI,EAAO4D,GAAQl3D,EAAMg3D,GAAQ,GAAK,IAAM,GAAI,GAKtD7iB,EAAK3lC,KAAOuoD,EACL,CACX,CC/TA,MAAMhB,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAsBLwB,GAAO,EACPC,GAAQ,EACRC,GAAO,EACPC,GAAK,EACLC,GAAQ,EACRC,GAAQ,EACR/jC,GAAO,EACPgkC,GAAU,EACVC,GAAO,EACPC,GAAS,GACTC,GAAO,GACH/D,GAAO,GACPgE,GAAS,GACTC,GAAS,GACTC,GAAQ,GACRC,GAAO,GACPC,GAAQ,GACRC,GAAU,GACVC,GAAW,GACPC,GAAO,GACPC,GAAM,GACNC,GAAS,GACTC,GAAO,GACPC,GAAU,GACVC,GAAQ,GACRC,GAAM,GACdC,GAAQ,GACRC,GAAS,GACTC,GAAO,GACPjF,GAAM,GAQT2B,GAAc,IACdC,GAAe,IAQrB,SAASsD,GAAQ76D,GACf,OAAWA,IAAM,GAAM,MACbA,IAAM,EAAK,SACP,MAAJA,IAAe,KACX,IAAJA,IAAa,GACzB,CAGA,MAAM86D,GACJ1pE,cACEE,KAAKmuB,KAAO,EACZnuB,KAAKwe,MAAO,EACZxe,KAAK+qD,KAAO,EACZ/qD,KAAKypE,UAAW,EAChBzpE,KAAK0pE,MAAQ,EACb1pE,KAAK8kE,KAAO,EACZ9kE,KAAK2pE,MAAQ,EACb3pE,KAAK4pE,MAAQ,EAEb5pE,KAAKi/D,KAAO,KAGZj/D,KAAK6pE,MAAQ,EACb7pE,KAAK+kE,MAAQ,EACb/kE,KAAKglE,MAAQ,EACbhlE,KAAKilE,MAAQ,EACbjlE,KAAK65D,OAAS,KAGd75D,KAAK0kE,KAAO,EACZ1kE,KAAK2e,KAAO,EAGZ3e,KAAKoB,OAAS,EACdpB,KAAKuQ,OAAS,EAGdvQ,KAAKi4D,MAAQ,EAGbj4D,KAAKolE,QAAU,KACfplE,KAAKslE,SAAW,KAChBtlE,KAAKwlE,QAAU,EACfxlE,KAAK0lE,SAAW,EAGhB1lE,KAAK8pE,MAAQ,EACb9pE,KAAK+pE,KAAO,EACZ/pE,KAAKgqE,MAAQ,EACbhqE,KAAKiqE,KAAO,EACZjqE,KAAKyjE,KAAO,KAEZzjE,KAAK0mE,KAAO,IAAIvF,GAAY,KAC5BnhE,KAAK8mE,KAAO,IAAI3F,GAAY,KAO5BnhE,KAAKkqE,OAAS,KACdlqE,KAAKmqE,QAAU,KACfnqE,KAAK8lE,KAAO,EACZ9lE,KAAKoqE,KAAO,EACZpqE,KAAKqqE,IAAM,GA+Bf,SAASC,GAAahQ,GACpB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACbA,EAAMu1B,MAAQ,EACdv1B,EAAMw1B,MAAQ,EACdx1B,EAAMy1B,MAAQ,EAlChB,SAA0B3K,GACxB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACb8qB,EAAKkD,SAAWlD,EAAKwC,UAAYttB,EAAMo6B,MAAQ,EAC/CtP,EAAK50B,IAAM,GACP8J,EAAMub,OACRuP,EAAKc,MAAqB,EAAb5rB,EAAMub,MAErBvb,EAAMrhB,KAAOy5C,GACbp4B,EAAMhxB,KAAO,EACbgxB,EAAMi6B,SAAW,EACjBj6B,EAAMs1B,KAAO,MACbt1B,EAAMyvB,KAAO,KACbzvB,EAAMk1B,KAAO,EACbl1B,EAAM7wB,KAAO,EAEb6wB,EAAM41B,QAAU51B,EAAM06B,OAAS,IAAIK,GAAYvE,IAC/Cx2B,EAAM81B,SAAW91B,EAAM26B,QAAU,IAAII,GAAYtE,IAEjDz2B,EAAMs2B,KAAO,EACbt2B,EAAM46B,MAAQ,EAEP5X,IArB4BG,EAsBrC,CAUS6X,CAAiBlQ,IALW3H,EAOrC,CAoCA,SAAS8X,GAAanQ,EAAMwI,GAC1B,IAAI10C,EACAohB,EAEJ,OAAK8qB,GAGL9qB,EAAQ,IAAIg6B,GAIZlP,EAAK9qB,MAAQA,EACbA,EAAMqqB,OAAS,KACfzrC,EA/CF,SAAuBksC,EAAMwI,GAC3B,IAAI/X,EACAvb,EAGJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MAGTszB,EAAa,GACf/X,EAAO,EACP+X,GAAcA,IAGd/X,EAA2B,GAAnB+X,GAAc,GAClBA,EAAa,KACfA,GAAc,KAKdA,IAAeA,EAAa,GAAKA,EAAa,IACzCnQ,IAEY,OAAjBnjB,EAAMqqB,QAAmBrqB,EAAMq6B,QAAU/G,IAC3CtzB,EAAMqqB,OAAS,MAIjBrqB,EAAMub,KAAOA,EACbvb,EAAMq6B,MAAQ/G,EACPwH,GAAahQ,KA1Be3H,EA2BrC,CAeQ+X,CAAcpQ,EAAMwI,GACtB10C,IAAQokC,KACV8H,EAAK9qB,MAAQ,MAERphB,GAbaukC,EActB,CAiBA,IAEIgY,GAAQC,GAFRC,IAAS,EAIb,SAASC,GAAYt7B,GAEnB,GAAIq7B,GAAQ,CACV,IAAI5D,EAOJ,IALA0D,GAAS,IAAIJ,GAAY,KACzBK,GAAU,IAAIL,GAAY,IAG1BtD,EAAM,EACCA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EAMxC,IAJAR,GAAcN,GAAO32B,EAAMk3B,KAAM,EAAG,IAAKiE,GAAU,EAAGn7B,EAAMs3B,KAAM,CAAEnoD,KAAM,IAG1EsoD,EAAM,EACCA,EAAM,IAAMz3B,EAAMk3B,KAAKO,KAAS,EAEvCR,GAAcL,GAAO52B,EAAMk3B,KAAM,EAAG,GAAMkE,GAAS,EAAGp7B,EAAMs3B,KAAM,CAAEnoD,KAAM,IAG1EksD,IAAS,EAGXr7B,EAAM41B,QAAUuF,GAChBn7B,EAAMg2B,QAAU,EAChBh2B,EAAM81B,SAAWsF,GACjBp7B,EAAMk2B,SAAW,CACnB,CAiBA,SAASqF,GAAazQ,EAAMzjC,EAAKlrB,EAAKq/D,GACpC,IAAI/U,EACJ,MAAMzmB,EAAQ8qB,EAAK9qB,MAqCnB,OAlCqB,OAAjBA,EAAMqqB,SACRrqB,EAAMu1B,MAAQ,GAAKv1B,EAAMq6B,MACzBr6B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQ,EAEdx1B,EAAMqqB,OAAS,IAAIyI,GAAW9yB,EAAMu1B,QAIlCiG,GAAQx7B,EAAMu1B,OAChBnL,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAM6jC,EAAMu1B,MAAOv1B,EAAMu1B,MAAO,GAClEv1B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpB9O,EAAOzmB,EAAMu1B,MAAQv1B,EAAMy1B,MACvBhP,EAAO+U,IACT/U,EAAO+U,GAGTpR,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAMq/D,EAAM/U,EAAMzmB,EAAMy1B,QAC1D+F,GAAQ/U,IAGN2D,GAAepqB,EAAMqqB,OAAQhjC,EAAKlrB,EAAMq/D,EAAMA,EAAM,GACpDx7B,EAAMy1B,MAAQ+F,EACdx7B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpBv1B,EAAMy1B,OAAShP,EACXzmB,EAAMy1B,QAAUz1B,EAAMu1B,QAASv1B,EAAMy1B,MAAQ,GAC7Cz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAASv1B,EAAMw1B,OAAS/O,KAG7C,CACT,CAEA,SAASgV,GAAQ3Q,EAAMiF,GACrB,IAAI/vB,EACAlvC,EAAO2J,EACPw5D,EACAyH,EACAjB,EAAM71C,EACNswC,EACA/lD,EACA6lD,EAAKC,EACLuG,EACA5oD,EACAyiD,EAEA2C,EAAWC,EAASC,EAEpByD,EAAWC,EAASC,EACpBl7D,EACAie,EAEAk2B,EAEA93C,EATAm4D,EAAO,EAMP2G,EAAO,IAAIhJ,GAAW,GAK1B,MAAMiJ,EACJ,CAAE,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAGlE,IAAKjR,IAASA,EAAK9qB,QAAU8qB,EAAKrwD,SAC5BqwD,EAAKh6D,OAA2B,IAAlBg6D,EAAKgD,SACvB,OAAO3K,GAGTnjB,EAAQ8qB,EAAK9qB,MACTA,EAAMrhB,OAASm2C,KAAQ90B,EAAMrhB,KAAOm6C,IAIxC4C,EAAM5Q,EAAKuC,SACX5yD,EAASqwD,EAAKrwD,OACdmqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACb2pE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KAGb6lD,EAAMyF,EACNxF,EAAOrwC,EACPhG,EAAMokC,GAENgZ,EACA,OACE,OAAQh8B,EAAMrhB,MACZ,KAAKy5C,GACH,GAAmB,IAAfp4B,EAAMub,KAAY,CACpBvb,EAAMrhB,KAAOm6C,GACb,MAGF,KAAO3pD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAkB,EAAb6wB,EAAMub,MAAsB,QAAT2Z,EAAiB,CACvCl1B,EAAMm6B,MAAQ,EAEd2B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,GAI1C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO05C,GACb,MAMF,GAJAr4B,EAAMk6B,MAAQ,EACVl6B,EAAMyvB,OACRzvB,EAAMyvB,KAAK39D,MAAO,KAED,EAAbkuC,EAAMub,UACA,IAAP2Z,IAA2B,IAAMA,GAAQ,IAAM,GAAI,CACtDpK,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,IAAY,GAAPK,KAA4BpR,GAAY,CAC3CgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAOF,GAJAK,KAAU,EACV/lD,GAAQ,EAERxO,EAAiC,GAAnB,GAAPu0D,GACa,IAAhBl1B,EAAMq6B,MACRr6B,EAAMq6B,MAAQ15D,OAEX,GAAIA,EAAMq/B,EAAMq6B,MAAO,CAC1BvP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMs1B,KAAO,GAAK30D,EAElBmqD,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAc,IAAPu2C,EAAe0D,GAAS9D,GAErCI,EAAO,EACP/lD,EAAO,EAEP,MACF,KAAKkpD,GAEH,KAAOlpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV,GADA6wB,EAAMk6B,MAAQhF,GACK,IAAdl1B,EAAMk6B,SAAkBpW,GAAY,CACvCgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,GAAkB,MAAd70B,EAAMk6B,MAAgB,CACxBpP,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAEE70B,EAAMyvB,OACRzvB,EAAMyvB,KAAK5oD,KAASquD,GAAQ,EAAK,GAEjB,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO25C,GAEf,KAAKA,GAEH,KAAOnpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGN6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK/jD,KAAOwpD,GAEF,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzB4G,EAAK,GAAM5G,IAAS,GAAM,IAC1B4G,EAAK,GAAM5G,IAAS,GAAM,IAC1Bl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO45C,GAEf,KAAKA,GAEH,KAAOppD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGN6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAKwM,OAAiB,IAAP/G,EACrBl1B,EAAMyvB,KAAK4C,GAAM6C,GAAQ,GAET,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAO65C,GAEf,KAAKA,GACH,GAAkB,KAAdx4B,EAAMk6B,MAAgB,CAExB,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMpuC,OAASsjE,EACXl1B,EAAMyvB,OACRzvB,EAAMyvB,KAAKyM,UAAYhH,GAEP,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP/lD,EAAO,OAGA6wB,EAAMyvB,OACbzvB,EAAMyvB,KAAKhH,MAAQ,MAErBzoB,EAAMrhB,KAAO85C,GAEf,KAAKA,GACH,GAAkB,KAAdz4B,EAAMk6B,QACRsB,EAAOx7B,EAAMpuC,OACT4pE,EAAOf,IAAQe,EAAOf,GACtBe,IACEx7B,EAAMyvB,OACR9uD,EAAMq/B,EAAMyvB,KAAKyM,UAAYl8B,EAAMpuC,OAC9BouC,EAAMyvB,KAAKhH,QAEdzoB,EAAMyvB,KAAKhH,MAAYp4D,MAAM2vC,EAAMyvB,KAAKyM,YAE1C9R,GACEpqB,EAAMyvB,KAAKhH,MACX33D,EACAmjE,EAGAuH,EAEA76D,IAMc,IAAdq/B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACRx7B,EAAMpuC,QAAU4pE,GAEdx7B,EAAMpuC,QAAU,MAAMoqE,EAE5Bh8B,EAAMpuC,OAAS,EACfouC,EAAMrhB,KAAO+V,GAEf,KAAKA,GACH,GAAkB,KAAdsL,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GAEE76D,EAAM7P,EAAMmjE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ9uD,GACbq/B,EAAMpuC,OAAS,QAClBouC,EAAMyvB,KAAK3zD,MAAQoP,OAAOsC,aAAa7M,UAElCA,GAAO66D,EAAOf,GAOvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ76D,EAAO,MAAMq7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK3zD,KAAO,MAEpBkkC,EAAMpuC,OAAS,EACfouC,EAAMrhB,KAAO+5C,GAEf,KAAKA,GACH,GAAkB,KAAd14B,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GACE76D,EAAM7P,EAAMmjE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ9uD,GACbq/B,EAAMpuC,OAAS,QAClBouC,EAAMyvB,KAAK2C,SAAWlnD,OAAOsC,aAAa7M,UAErCA,GAAO66D,EAAOf,GAMvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOrpE,EAAO0qE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ76D,EAAO,MAAMq7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK2C,QAAU,MAEvBpyB,EAAMrhB,KAAOg6C,GAEf,KAAKA,GACH,GAAkB,IAAd34B,EAAMk6B,MAAgB,CAExB,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+lD,KAAwB,MAAdl1B,EAAMm6B,OAAiB,CACnCrP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAGL6wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK0C,KAASnyB,EAAMk6B,OAAS,EAAK,EACxCl6B,EAAMyvB,KAAK39D,MAAO,GAEpBg5D,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GACb,MACF,KAAK8D,GAEH,KAAOzpD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV27C,EAAKc,MAAQ5rB,EAAMm6B,MAAQJ,GAAQ7E,GAEnCA,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAOk6C,GAEf,KAAKA,GACH,GAAuB,IAAnB74B,EAAMi6B,SASR,OAPAnP,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,EAEN+zC,GAET4H,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GAEf,KAAKA,GACH,GAAI/E,IAAUjN,IAAWiN,IAAUhN,GAAW,MAAMiZ,EAEtD,KAAKlD,GACH,GAAI94B,EAAMhxB,KAAM,CAEdkmD,KAAiB,EAAP/lD,EACVA,GAAe,EAAPA,EAER6wB,EAAMrhB,KAAOi7C,GACb,MAGF,KAAOzqD,EAAO,GAAG,CACf,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EASV,OANA6wB,EAAMhxB,KAAe,EAAPkmD,EAEdA,KAAU,EACV/lD,GAAQ,EAGQ,EAAP+lD,GACP,KAAK,EAGHl1B,EAAMrhB,KAAOo6C,GACb,MACF,KAAK,EAKH,GAJAuC,GAAYt7B,GAGZA,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAS,CAErBmS,KAAU,EACV/lD,GAAQ,EAER,MAAM6sD,EAER,MACF,KAAK,EAGHh8B,EAAMrhB,KAAOu6C,GACb,MACF,KAAK,EACHpO,EAAK50B,IAAM,qBACX8J,EAAMrhB,KAAOk2C,GAGjBK,KAAU,EACV/lD,GAAQ,EAER,MACF,KAAK4pD,GAMH,IAJA7D,KAAiB,EAAP/lD,EACVA,GAAe,EAAPA,EAGDA,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,IAAY,MAAP+lD,KAAqBA,IAAS,GAAM,OAAS,CAChDpK,EAAK50B,IAAM,+BACX8J,EAAMrhB,KAAOk2C,GACb,MAUF,GARA70B,EAAMpuC,OAAgB,MAAPsjE,EAIfA,EAAO,EACP/lD,EAAO,EAEP6wB,EAAMrhB,KAAOq6C,GACTjJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAKhD,GACHh5B,EAAMrhB,KAAOs6C,GAEf,KAAKA,GAEH,GADAuC,EAAOx7B,EAAMpuC,OACT4pE,EAAM,CAGR,GAFIA,EAAOf,IAAQe,EAAOf,GACtBe,EAAO52C,IAAQ42C,EAAO52C,GACb,IAAT42C,EAAc,MAAMQ,EAExB5R,GAAe3vD,EAAQ3J,EAAOmjE,EAAMuH,EAAME,GAE1CjB,GAAQe,EACRvH,GAAQuH,EACR52C,GAAQ42C,EACRE,GAAOF,EACPx7B,EAAMpuC,QAAU4pE,EAChB,MAGFx7B,EAAMrhB,KAAOm2C,GACb,MACF,KAAKoE,GAEH,KAAO/pD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAmBV,GAhBA6wB,EAAMu6B,KAAkC,KAAnB,GAAPrF,GAEdA,KAAU,EACV/lD,GAAQ,EAER6wB,EAAMw6B,MAAmC,GAAnB,GAAPtF,GAEfA,KAAU,EACV/lD,GAAQ,EAER6wB,EAAMs6B,MAAmC,GAAnB,GAAPpF,GAEfA,KAAU,EACV/lD,GAAQ,EAGJ6wB,EAAMu6B,KAAO,KAAOv6B,EAAMw6B,MAAQ,GAAI,CACxC1P,EAAK50B,IAAM,sCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOw6C,GAEf,KAAKA,GACH,KAAOn5B,EAAMy6B,KAAOz6B,EAAMs6B,OAAO,CAE/B,KAAOnrD,EAAO,GAAG,CACf,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAmB,EAAPvF,EAEnCA,KAAU,EACV/lD,GAAQ,EAGV,KAAO6wB,EAAMy6B,KAAO,IAClBz6B,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAW,EAapC,GAPAz6B,EAAM41B,QAAU51B,EAAM06B,OACtB16B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE3lC,KAAM6wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcP,GAAO12B,EAAMk3B,KAAM,EAAG,GAAIl3B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAC5E9U,EAAMg2B,QAAUlhB,EAAK3lC,KAEjByP,EAAK,CACPksC,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAGF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOy6C,GAEf,KAAKA,GACH,KAAOp5B,EAAMy6B,KAAOz6B,EAAMu6B,KAAOv6B,EAAMw6B,OAAO,CAC5C,KACErF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAehmD,IANZ,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+oD,EAAW,GAEbhD,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAMk3B,KAAKl3B,EAAMy6B,QAAUvC,MAExB,CACH,GAAiB,KAAbA,EAAiB,CAGnB,IADAl7D,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAOV,GAHA+lD,KAAU8C,EACV7oD,GAAQ6oD,EAEW,IAAfh4B,EAAMy6B,KAAY,CACpB3P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEFl0D,EAAMq/B,EAAMk3B,KAAKl3B,EAAMy6B,KAAO,GAC9Be,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV/lD,GAAQ,OAGL,GAAiB,KAAb+oD,EAAiB,CAGxB,IADAl7D,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAU8C,EACV7oD,GAAQ6oD,EAERr3D,EAAM,EACN66D,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV/lD,GAAQ,MAGL,CAGH,IADAnS,EAAIg7D,EAAY,EACT7oD,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAU8C,EACV7oD,GAAQ6oD,EAERr3D,EAAM,EACN66D,EAAO,IAAa,IAAPtG,GAEbA,KAAU,EACV/lD,GAAQ,EAGV,GAAI6wB,EAAMy6B,KAAOe,EAAOx7B,EAAMu6B,KAAOv6B,EAAMw6B,MAAO,CAChD1P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,KAAO2G,KACLx7B,EAAMk3B,KAAKl3B,EAAMy6B,QAAU95D,GAMjC,GAAIq/B,EAAMrhB,OAASk2C,GAAO,MAG1B,GAAwB,IAApB70B,EAAMk3B,KAAK,KAAY,CACzBpM,EAAK50B,IAAM,uCACX8J,EAAMrhB,KAAOk2C,GACb,MAeF,GATA70B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE3lC,KAAM6wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcN,GAAM32B,EAAMk3B,KAAM,EAAGl3B,EAAMu6B,KAAMv6B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAGnF9U,EAAMg2B,QAAUlhB,EAAK3lC,KAGjByP,EAAK,CACPksC,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAcF,GAXA70B,EAAMk2B,SAAW,EAGjBl2B,EAAM81B,SAAW91B,EAAM26B,QACvB7lB,EAAO,CAAE3lC,KAAM6wB,EAAMk2B,UACrBt3C,EAAMq4C,GAAcL,GAAO52B,EAAMk3B,KAAMl3B,EAAMu6B,KAAMv6B,EAAMw6B,MAAOx6B,EAAM81B,SAAU,EAAG91B,EAAMs3B,KAAMxiB,GAG/F9U,EAAMk2B,SAAWphB,EAAK3lC,KAGlByP,EAAK,CACPksC,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAIF,GADA70B,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAK3C,GACHr5B,EAAMrhB,KAAO26C,GAEf,KAAKA,GACH,GAAImB,GAAQ,GAAK71C,GAAQ,IAAK,CAE5BkmC,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,EAEb4lD,GAAajK,EAAMmK,GAEnByG,EAAM5Q,EAAKuC,SACX5yD,EAASqwD,EAAKrwD,OACdmqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZj9D,EAAQg6D,EAAKh6D,MACb2pE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb/lD,EAAO6wB,EAAM7wB,KAGT6wB,EAAMrhB,OAASm2C,KACjB90B,EAAM46B,MAAQ,GAEhB,MAGF,IADA56B,EAAM46B,KAAO,EAEXzF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP6C,GAAa7oD,IANV,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI8oD,GAAgC,IAAV,IAAVA,GAAuB,CAIrC,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM41B,QAAQiG,IACX3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc7oD,IAPxB,CASP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAUyG,EACVxsD,GAAQwsD,EAER37B,EAAM46B,MAAQe,EAQhB,GALAzG,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAM46B,MAAQ5C,EACdh4B,EAAMpuC,OAASsmE,EACC,IAAZD,EAAe,CAIjBj4B,EAAMrhB,KAAOg7C,GACb,MAEF,GAAc,GAAV1B,EAAc,CAEhBj4B,EAAM46B,MAAQ,EACd56B,EAAMrhB,KAAOm2C,GACb,MAEF,GAAc,GAAVmD,EAAc,CAChBnN,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMyoB,MAAkB,GAAVwP,EACdj4B,EAAMrhB,KAAO46C,GAEf,KAAKA,GACH,GAAIv5B,EAAMyoB,MAAO,CAGf,IADAzrD,EAAIgjC,EAAMyoB,MACHt5C,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMpuC,QAAUsjE,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBt5C,GAAQ6wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtBzoB,EAAM66B,IAAM76B,EAAMpuC,OAClBouC,EAAMrhB,KAAO66C,GAEf,KAAKA,GACH,KACErE,EAAOn1B,EAAM81B,SAASZ,GAAS,GAAKl1B,EAAMk2B,UAAY,GACtD8B,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAehmD,IANZ,CAQP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAyB,IAAV,IAAV8oD,GAAuB,CAI1B,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM81B,SAAS+F,IACZ3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc7oD,IAPxB,CASP,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAIV+lD,KAAUyG,EACVxsD,GAAQwsD,EAER37B,EAAM46B,MAAQe,EAOhB,GAJAzG,KAAU8C,EACV7oD,GAAQ6oD,EAERh4B,EAAM46B,MAAQ5C,EACA,GAAVC,EAAc,CAChBnN,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMj/B,OAASm3D,EACfl4B,EAAMyoB,MAAoB,GAAZ,EACdzoB,EAAMrhB,KAAO86C,GAEf,KAAKA,GACH,GAAIz5B,EAAMyoB,MAAO,CAGf,IADAzrD,EAAIgjC,EAAMyoB,MACHt5C,EAAOnS,GAAG,CACf,GAAa,IAATy9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV6wB,EAAMj/B,QAAUm0D,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBt5C,GAAQ6wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtB,GAAIzoB,EAAMj/B,OAASi/B,EAAMs1B,KAAM,CAC7BxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMrhB,KAAO+6C,GAEf,KAAKA,GACH,GAAa,IAAT90C,EAAc,MAAMo3C,EAExB,GADAR,EAAOvG,EAAOrwC,EACVob,EAAMj/B,OAASy6D,EAAM,CAEvB,GADAA,EAAOx7B,EAAMj/B,OAASy6D,EAClBA,EAAOx7B,EAAMw1B,OACXx1B,EAAMs2B,KAAM,CACdxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAkBA2G,EAAOx7B,EAAMy1B,OACf+F,GAAQx7B,EAAMy1B,MACd7iD,EAAOotB,EAAMu1B,MAAQiG,GAGrB5oD,EAAOotB,EAAMy1B,MAAQ+F,EAEnBA,EAAOx7B,EAAMpuC,SAAU4pE,EAAOx7B,EAAMpuC,QACxCyjE,EAAcr1B,EAAMqqB,YAGpBgL,EAAc56D,EACdmY,EAAO8oD,EAAM17B,EAAMj/B,OACnBy6D,EAAOx7B,EAAMpuC,OAEX4pE,EAAO52C,IAAQ42C,EAAO52C,GAC1BA,GAAQ42C,EACRx7B,EAAMpuC,QAAU4pE,EAChB,GACE/gE,EAAOihE,KAASrG,EAAYziD,aACnB4oD,GACU,IAAjBx7B,EAAMpuC,SAAgBouC,EAAMrhB,KAAO26C,IACvC,MACF,KAAKK,GACH,GAAa,IAAT/0C,EAAc,MAAMo3C,EACxBvhE,EAAOihE,KAAS17B,EAAMpuC,OACtBgzB,IACAob,EAAMrhB,KAAO26C,GACb,MACF,KAAKM,GACH,GAAI55B,EAAMub,KAAM,CAEd,KAAOpsC,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IAEAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAcV,GAXA8lD,GAAQrwC,EACRkmC,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXA,IACFnK,EAAKc,MAAQ5rB,EAAMm6B,MAEdn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMyG,EAAMzG,GAAQtJ,GAAQ3rB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMyG,EAAMzG,IAG7GA,EAAOrwC,GAEFob,EAAMk6B,MAAQhF,EAAO6E,GAAQ7E,MAAWl1B,EAAMm6B,MAAO,CACxDrP,EAAK50B,IAAM,uBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAIT6wB,EAAMrhB,KAAOk7C,GAEf,KAAKA,GACH,GAAI75B,EAAMub,MAAQvb,EAAMk6B,MAAO,CAE7B,KAAO/qD,EAAO,IAAI,CAChB,GAAa,IAATsrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQpkE,EAAMmjE,MAAW9kD,EACzBA,GAAQ,EAGV,GAAI+lD,KAAwB,WAAdl1B,EAAMo6B,OAAqB,CACvCtP,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP/lD,EAAO,EAIT6wB,EAAMrhB,KAAOm7C,GAEf,KAAKA,GACHl7C,EAAMqkC,GACN,MAAM+Y,EACR,KAAKnH,GACHj2C,EAAMwkC,GACN,MAAM4Y,EAKR,QACE,OAAO7Y,GA4Cb,OA9BA2H,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM7wB,KAAOA,GAGT6wB,EAAMu1B,OAAUN,IAASnK,EAAKqC,WAAantB,EAAMrhB,KAAOk2C,KACvC70B,EAAMrhB,KAAOi7C,IAAS7J,IAAUlN,MAC/C0Y,GAAazQ,EAAMA,EAAKrwD,OAAQqwD,EAAKuC,SAAU4H,EAAOnK,EAAKqC,WAKjE6H,GAAOlK,EAAKgD,SACZmH,GAAQnK,EAAKqC,UACbrC,EAAKkD,UAAYgH,EACjBlK,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXj1B,EAAMub,MAAQ0Z,IAChBnK,EAAKc,MAAQ5rB,EAAMm6B,MAChBn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMnK,EAAKuC,SAAW4H,GAAQtJ,GAAQ3rB,EAAMm6B,MAAO1/D,EAAQw6D,EAAMnK,EAAKuC,SAAW4H,IAE/HnK,EAAKC,UAAY/qB,EAAM7wB,MAAQ6wB,EAAMhxB,KAAO,GAAK,IAC9BgxB,EAAMrhB,OAASm2C,GAAO,IAAM,IAC5B90B,EAAMrhB,OAAS06C,IAAQr5B,EAAMrhB,OAASq6C,GAAQ,IAAM,IACzD,IAARhE,GAAsB,IAATC,GAAelF,IAAUlN,KAAajkC,IAAQokC,KAC/DpkC,EAAMykC,IAEDzkC,CACT,CA8BA,SAASu9C,GAAqBrR,EAAM+I,GAClC,MAAMM,EAAaN,EAAWjiE,OAE9B,IAAIouC,EACAo8B,EAIJ,OAAKtR,GAAyBA,EAAK9qB,OACnCA,EAAQ8qB,EAAK9qB,MAEM,IAAfA,EAAMub,MAAcvb,EAAMrhB,OAASk6C,GAC9B1V,GAILnjB,EAAMrhB,OAASk6C,KACjBuD,EAAS,EAETA,EAASzQ,GAAQyQ,EAAQvI,EAAYM,EAAY,GAC7CiI,IAAWp8B,EAAMm6B,OACZ/W,IAKLmY,GAAazQ,EAAM+I,EAAYM,EAAYA,GAKjDn0B,EAAMi6B,SAAW,EAEVjX,KAzB4DG,EA0BrE,CC59Ce,MAAMkZ,GACnB/rE,cAEEE,KAAKqW,KAAa,EAElBrW,KAAKkb,KAAa,EAElBlb,KAAKyrE,OAAa,EAElBzrE,KAAK6hE,GAAa,EAElB7hE,KAAKi4D,MAAa,KAElBj4D,KAAK0rE,UAAa,EAWlB1rE,KAAKsL,KAAa,GAIlBtL,KAAK4hE,QAAa,GAIlB5hE,KAAK2hE,KAAa,EAElB3hE,KAAKsB,MAAa,GCkCtB,MAAMwqE,GACJhsE,YAAYmF,GACVjF,KAAKiF,QAAU,CACb49D,UAAW,MACXC,WAAY,KACR79D,GAAW,IAGjB,MAAM+9D,EAAMhjE,KAAKiF,QAIb+9D,EAAIC,KAAQD,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KACxDE,EAAIF,YAAcE,EAAIF,WACC,IAAnBE,EAAIF,aAAoBE,EAAIF,YAAc,OAI3CE,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KAC3C79D,GAAWA,EAAQ69D,aACrBE,EAAIF,YAAc,IAKfE,EAAIF,WAAa,IAAQE,EAAIF,WAAa,IAGf,IAAR,GAAjBE,EAAIF,cACPE,EAAIF,YAAc,IAItB9iE,KAAKyhD,IAAS,EACdzhD,KAAK0lC,IAAS,GACd1lC,KAAKmjE,OAAS,EACdnjE,KAAK4xD,OAAS,GAEd5xD,KAAKs6D,KAAS,IAAIqI,GAClB3iE,KAAKs6D,KAAKqC,UAAY,EAEtB,IAAIiE,EAASmL,GACX/rE,KAAKs6D,KACL0I,EAAIF,YAGN,GAAIlC,IAAWoL,GACb,MAAU5oE,MAAMsiC,GAAIk7B,IAQtB,GALA5gE,KAAK0kB,OAAS,IAAImnD,GFszCtB,SAA0BvR,EAAM2E,GAC9B,IAAIzvB,EAGC8qB,GAASA,EAAK9qB,QACnBA,EAAQ8qB,EAAK9qB,MACY,IAAP,EAAbA,EAAMub,QAGXvb,EAAMyvB,KAAOA,EACbA,EAAK39D,MAAO,GAEd,CEh0CI2qE,CAA8BjsE,KAAKs6D,KAAMt6D,KAAK0kB,QAG1Cs+C,EAAIK,aAEwB,iBAAnBL,EAAIK,WACbL,EAAIK,WAAaE,GAAmBP,EAAIK,YAC/BL,EAAIK,sBAAsB79C,cACnCw9C,EAAIK,WAAa,IAAItgE,WAAWigE,EAAIK,aAElCL,EAAIC,MACNrC,EAASsL,GAAkClsE,KAAKs6D,KAAM0I,EAAIK,YACtDzC,IAAWoL,KACb,MAAU5oE,MAAMsiC,GAAIk7B,IAiC5B/+D,KAAKqI,EAAMikB,GACT,MAAMmsC,KAAEA,EAAMr1D,SAAS49D,UAAEA,EAASQ,WAAEA,IAAiBrjE,KACrD,IAAI4gE,EAAQkD,EAKRqI,GAAgB,EAEpB,GAAInsE,KAAKmjE,MAAS,OAAO,EACzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBi+C,GAAaC,GAG/C,iBAATniE,EAETowD,EAAKh6D,MPpFJ,SAAwBoc,GAC3B,MAAM6E,EAAM,IAAI+gD,GAAW5lD,EAAItb,QAC/B,IAAK,IAAI+B,EAAI,EAAGgN,EAAMoR,EAAIngB,OAAQ+B,EAAIgN,EAAKhN,IACvCoe,EAAIpe,GAAKuZ,EAAIE,WAAWzZ,GAE5B,OAAOoe,CACX,CO8EmB+qD,CAAsBpiE,GAC1BA,aAAgBsb,YACzB80C,EAAKh6D,MAAQ,IAAIyC,WAAWmH,GAE5BowD,EAAKh6D,MAAQ4J,EAGfowD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAKh6D,MAAMc,OAE3B,EAAG,CAkBD,GAjBuB,IAAnBk5D,EAAKqC,YACPrC,EAAKrwD,OAAS,IAAIq4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,GAGnBjC,EAAS2L,GAAqBjS,EAAM+R,IAEhCzL,IAAW4L,IAAiBnJ,IAC9BzC,EAASsL,GAAkClsE,KAAKs6D,KAAM+I,IAGpDzC,IAAW6L,KAAmC,IAAlBN,IAC9BvL,EAASoL,GACTG,GAAgB,GAGdvL,IAAW8L,IAAkB9L,IAAWoL,GAG1C,OAFAhsE,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,GACN,EAGL7I,EAAKuC,WACgB,IAAnBvC,EAAKqC,WAAmBiE,IAAW8L,KAAqC,IAAlBpS,EAAKgD,UAAmBwG,IAAUsI,IAActI,IAAU6I,KAClH3sE,KAAKikE,OAAOC,GAAgB5J,EAAKrwD,OAAQqwD,EAAKuC,YAW5B,IAAlBvC,EAAKgD,UAAqC,IAAnBhD,EAAKqC,YAC9BwP,GAAgB,UAGV7R,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAW8L,IAOnE,OALI9L,IAAW8L,KACb5I,EAAQsI,IAINtI,IAAUsI,IACZxL,EF8qCN,SAAoBtG,GAElB,IAAKA,IAASA,EAAK9qB,MACjB,OAAOmjB,GAGT,MAAMnjB,EAAQ8qB,EAAK9qB,MAKnB,OAJIA,EAAMqqB,SACRrqB,EAAMqqB,OAAS,MAEjBS,EAAK9qB,MAAQ,KACNgjB,EACT,CE1rCeoa,CAAwB5sE,KAAKs6D,MACtCt6D,KAAKgkE,MAAMpD,GACX5gE,KAAKmjE,OAAQ,EACNvC,IAAWoL,IAIhBlI,IAAU6I,KACZ3sE,KAAKgkE,MAAMgI,IACX1R,EAAKqC,UAAY,GACV,GAeXsH,OAAOliE,GACL/B,KAAK4xD,OAAO/vD,KAAKE,GAenBiiE,MAAMpD,GAEAA,IAAWoL,KACbhsE,KAAKyB,OAAS2iE,GAAoBpkE,KAAK4xD,SAEzC5xD,KAAK4xD,OAAS,GACd5xD,KAAKyhD,IAAMmf,EACX5gE,KAAK0lC,IAAM1lC,KAAKs6D,KAAK50B,KCxRzB,IAAImnC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS/rE,GACvBf,KAAKe,OAASA,EACdf,KAAK+sE,UAAY,EACjB/sE,KAAKgtE,QAAU,EACfhtE,KAAKitE,SAAU,CACjB,EAEAH,GAAU9rE,UAAUksE,YAAc,WAC3BltE,KAAKitE,UACRjtE,KAAKgtE,QAAUhtE,KAAKe,OAAOgG,WAC3B/G,KAAKitE,SAAU,EAEnB,EAGAH,GAAU9rE,UAAUE,KAAO,SAASyd,GAElC,IADA,IAAIld,EAAS,EACNkd,EAAO,GAAG,CACf3e,KAAKktE,cACL,IAAIC,EAAY,EAAIntE,KAAK+sE,UAEzB,GAAIpuD,GAAQwuD,EACV1rE,IAAW0rE,EACX1rE,GAAUorE,GAAQM,GAAantE,KAAKgtE,QACpChtE,KAAKitE,SAAU,EACfjtE,KAAK+sE,UAAY,EACjBpuD,GAAQwuD,MACH,CACL1rE,IAAWkd,EACX,IAAIrY,EAAQ6mE,EAAYxuD,EACxBld,IAAWzB,KAAKgtE,QAAWH,GAAQluD,IAASrY,IAAWA,EACvDtG,KAAK+sE,WAAapuD,EAClBA,EAAO,GAGX,OAAOld,CACT,EAGAqrE,GAAU9rE,UAAUosE,KAAO,SAAS/pE,GAClC,IAAIgqE,EAAQhqE,EAAM,EACdiqE,GAAUjqE,EAAMgqE,GAAS,EAC7BrtE,KAAK+sE,UAAYM,EACjBrtE,KAAKe,OAAOqsE,KAAKE,GACjBttE,KAAKitE,SAAU,CACjB,EAGAH,GAAU9rE,UAAUusE,GAAK,WACvB,IAA6BpqE,EAAzBoe,EAAM,IAAIxe,WAAW,GACzB,IAAKI,EAAI,EAAGA,EAAIoe,EAAIngB,OAAQ+B,IAC1Boe,EAAIpe,GAAKnD,KAAKkB,KAAK,GAErB,OAGF,SAAkBqgB,GAChB,OAAO1hB,MAAMmB,UAAUsH,IAAIxH,KAAKygB,GAAKrU,IAAM,KAAOA,EAAEP,SAAS,KAAKjL,OAAO,KAAIF,KAAK,GACpF,CALSgsE,CAASjsD,EAClB,EAMA,OAAiBurD,GC3FbW,GAAS,WACb,EAIAA,GAAOzsE,UAAU+F,SAAW,WAC1B,MAAU3D,MAAM,6CAClB,EAGAqqE,GAAOzsE,UAAUE,KAAO,SAASmD,EAAQqpE,EAAWtsE,GAElD,IADA,IAAIyK,EAAY,EACTA,EAAYzK,GAAQ,CACzB,IAAIob,EAAIxc,KAAK+G,WACb,GAAIyV,EAAI,EACN,OAAoB,IAAZ3Q,GAAkB,EAAIA,EAEhCxH,EAAOqpE,KAAelxD,EACtB3Q,IAEF,OAAOA,CACT,EACA4hE,GAAOzsE,UAAUosE,KAAO,SAASO,GAC/B,MAAUvqE,MAAM,yCAClB,EAGAqqE,GAAOzsE,UAAU4sE,UAAY,SAASC,GACpC,MAAUzqE,MAAM,6CAClB,EACAqqE,GAAOzsE,UAAUc,MAAQ,SAASuC,EAAQqpE,EAAWtsE,GACnD,IAAI+B,EACJ,IAAKA,EAAE,EAAGA,EAAE/B,EAAQ+B,IAClBnD,KAAK4tE,UAAUvpE,EAAOqpE,MAExB,OAAOtsE,CACT,EACAqsE,GAAOzsE,UAAUu+D,MAAQ,WACzB,EAEA,ICNMuO,MDMWL,OCNXK,GAAc,IAAIzoD,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKVjlB,KAAK+tE,OAAS,WACZ,OAAS9oD,IAAS,GAOpBjlB,KAAKguE,UAAY,SAAS3sE,GACxB4jB,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAM5jB,KAQjDrB,KAAKiuE,aAAe,SAAS5sE,EAAOyiC,GAClC,KAAOA,KAAU,GACf7e,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAM5jB,OCnDnD6sE,GAAM,SAASxvD,EAAOoB,GACxB,IAAwB3c,EAApB0zB,EAAMnY,EAAMoB,GAChB,IAAK3c,EAAI2c,EAAO3c,EAAI,EAAGA,IACrBub,EAAMvb,GAAKub,EAAMvb,EAAE,GAGrB,OADAub,EAAM,GAAKmY,EACJA,CACT,EAEIs3C,GAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,GACpBA,GAAcV,GAAIE,YAAyB,oBAC3CQ,GAAcV,GAAIG,eAAyB,gBAC3CO,GAAcV,GAAII,sBAAyB,uBAC3CM,GAAcV,GAAIK,uBAAyB,wBAC3CK,GAAcV,GAAIM,YAAyB,aAC3CI,GAAcV,GAAIO,eAAyB,gBAC3CG,GAAcV,GAAIQ,gBAAkB,kDAEpC,IAAIG,GAAS,SAASlO,EAAQmO,GAC5B,IAAIrpC,EAAMmpC,GAAcjO,IAAW,gBAC/BmO,IAAarpC,GAAO,KAAKqpC,GAC7B,IAAItqE,EAAI,IAAIytB,UAAUwT,GAEtB,MADAjhC,EAAEg4D,UAAYmE,EACRn8D,CACR,EAEIuqE,GAAS,SAASC,EAAaC,GACjClvE,KAAKmvE,SAAWnvE,KAAKovE,aAAepvE,KAAKqvE,WAAa,EAEtDrvE,KAAKsvE,cAAcL,EAAaC,EAClC,EACAF,GAAOhuE,UAAUuuE,YAAc,WAE7B,OADiBvvE,KAAKwvE,mBAKtBxvE,KAAKyvE,SAAW,IAAIC,IACb,IAJL1vE,KAAKqvE,YAAc,GACZ,EAIX,EAEAL,GAAOhuE,UAAUsuE,cAAgB,SAASL,EAAaC,GAErD,IAAI3tD,EAAM,IAAIxe,WAAW,GACW,IAAhCksE,EAAY/tE,KAAKqgB,EAAK,EAAG,IACuB,QAAhD7G,OAAOsC,aAAauE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CutD,GAAOX,GAAIG,cAAe,aAE5B,IAAIjU,EAAQ94C,EAAI,GAAK,IACjB84C,EAAQ,GAAKA,EAAQ,IACvByU,GAAOX,GAAIG,cAAe,sBAE5BtuE,KAAK2F,OAAS,IAAImnE,GAAUmC,GAI5BjvE,KAAK2vE,SAAW,IAAStV,EACzBr6D,KAAK4vE,WAAa,EAClB5vE,KAAKkvE,aAAeA,EACpBlvE,KAAK6vE,UAAY,CACnB,EACAb,GAAOhuE,UAAUwuE,gBAAkB,WACjC,IAAIrsE,EAAG4Z,EAAGV,EACN1W,EAAS3F,KAAK2F,OAId4W,EAAI5W,EAAO4nE,KACf,GAjFW,iBAiFPhxD,EACF,OAAO,EAnFG,iBAqFRA,GACFuyD,GAAOX,GAAIG,eACbtuE,KAAK8vE,eAAiBnqE,EAAOzE,KAAK,MAAQ,EAC1ClB,KAAK6vE,WAAa7vE,KAAK8vE,gBACH9vE,KAAK6vE,WAAa,EAAM7vE,KAAK6vE,YAAY,OAAU,EAInElqE,EAAOzE,KAAK,IACd4tE,GAAOX,GAAIQ,gBACb,IAAIoB,EAAcpqE,EAAOzE,KAAK,IAC1B6uE,EAAc/vE,KAAK2vE,UACrBb,GAAOX,GAAIM,WAAY,kCAMzB,IAAIpwD,EAAI1Y,EAAOzE,KAAK,IAChB8uE,EAAY,IAAIjtE,WAAW,KAAMktE,EAAW,EAChD,IAAK9sE,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIkb,EAAK,GAAM,GAAMlb,EAAK,CACxB,IAAI80C,EAAQ,GAAJ90C,EAER,IADAkZ,EAAI1W,EAAOzE,KAAK,IACX6b,EAAI,EAAGA,EAAI,GAAIA,IACdV,EAAK,GAAM,GAAMU,IACnBizD,EAAUC,KAAch4B,EAAIl7B,GAKpC,IAAImzD,EAAavqE,EAAOzE,KAAK,IACzBgvE,EAzHW,GAyHgBA,EAxHhB,IAyHbpB,GAAOX,GAAIM,YAKb,IAAI0B,EAAaxqE,EAAOzE,KAAK,IACV,IAAfivE,GACFrB,GAAOX,GAAIM,YAEb,IAAI2B,EAAY,IAAIrtE,WAAW,KAC/B,IAAKI,EAAI,EAAGA,EAAI+sE,EAAY/sE,IAC1BitE,EAAUjtE,GAAKA,EAEjB,IAAIktE,EAAY,IAAIttE,WAAWotE,GAE/B,IAAKhtE,EAAI,EAAGA,EAAIgtE,EAAYhtE,IAAK,CAE/B,IAAK4Z,EAAI,EAAGpX,EAAOzE,KAAK,GAAI6b,IACtBA,GAAKmzD,GAAYpB,GAAOX,GAAIM,YAElC4B,EAAUltE,GAAK+qE,GAAIkC,EAAWrzD,GAKhC,IACiBuzD,EADbC,EAAWN,EAAW,EACtBO,EAAS,GACb,IAAKzzD,EAAI,EAAGA,EAAImzD,EAAYnzD,IAAK,CAC/B,IAqBI0zD,EAASC,EArBTtvE,EAAS,IAAI2B,WAAWwtE,GAAWt8C,EAAO,IAAIk9B,YAAYwf,IAK9D,IADAtyD,EAAI1Y,EAAOzE,KAAK,GACXiC,EAAI,EAAGA,EAAIotE,EAAUptE,IAAK,CAC7B,MACMkb,EAAI,GAAKA,EAjKE,KAiKoBywD,GAAOX,GAAIM,YAG1C9oE,EAAOzE,KAAK,IAEZyE,EAAOzE,KAAK,GAGdmd,IAFAA,IAIJjd,EAAO+B,GAAKkb,EAMd,IADAoyD,EAASC,EAAStvE,EAAO,GACpB+B,EAAI,EAAGA,EAAIotE,EAAUptE,IACpB/B,EAAO+B,GAAKutE,EACdA,EAAStvE,EAAO+B,GACT/B,EAAO+B,GAAKstE,IACnBA,EAASrvE,EAAO+B,IAapBmtE,EAAW,GACXE,EAAO3uE,KAAKyuE,GACZA,EAASM,QAAU,IAAIzf,YAnMT,KAoMdmf,EAASrS,MAAQ,IAAI54C,YAAYsrD,IACjCL,EAAS7X,KAAO,IAAIpzC,YAAYsrD,IAChCL,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIG,EAAK,EACT,IAAK1tE,EAAIstE,EAAQttE,GAAKutE,EAAQvtE,IAE5B,IADA8wB,EAAK9wB,GAAKmtE,EAASrS,MAAM96D,GAAK,EACzBkb,EAAI,EAAGA,EAAIkyD,EAAUlyD,IACpBjd,EAAOid,KAAOlb,IAChBmtE,EAASM,QAAQC,KAAQxyD,GAG/B,IAAKlb,EAAI,EAAGA,EAAIotE,EAAUptE,IACxB8wB,EAAK7yB,EAAO+B,MAMd,IADA0tE,EAAKxyD,EAAI,EACJlb,EAAIstE,EAAQttE,EAAIutE,EAAQvtE,IAC3B0tE,GAAM58C,EAAK9wB,GAOXmtE,EAASrS,MAAM96D,GAAK0tE,EAAK,EACzBA,IAAO,EACPxyD,GAAK4V,EAAK9wB,GACVmtE,EAAS7X,KAAKt1D,EAAI,GAAK0tE,EAAKxyD,EAE9BiyD,EAASrS,MAAMyS,EAAS,GAAKhhE,OAAOohE,UACpCR,EAASrS,MAAMyS,GAAUG,EAAK58C,EAAKy8C,GAAU,EAC7CJ,EAAS7X,KAAKgY,GAAU,EAO1B,IAAIM,EAAY,IAAI1rD,YAAY,KAChC,IAAKliB,EAAI,EAAGA,EAAI,IAAKA,IACnBitE,EAAUjtE,GAAKA,EAEjB,IAA6C6tE,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOpxE,KAAKoxE,KAAO,IAAI/rD,YAAYrlB,KAAK2vE,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWc,GACPF,GAAYhB,GAAcrB,GAAOX,GAAIM,YACzC6B,EAAWE,EAAOH,EAAUc,OAG9BhuE,EAAImtE,EAASG,OACb1zD,EAAIpX,EAAOzE,KAAKiC,GAEVA,EAAImtE,EAASI,QAAU5B,GAAOX,GAAIM,cAClC1xD,GAAKuzD,EAASrS,MAAM96D,IAFnBA,IAIL4Z,EAAKA,GAAK,EAAKpX,EAAOzE,KAAK,KAG7B6b,GAAKuzD,EAAS7X,KAAKt1D,IACX,GAAK4Z,GAvQC,MAuQmB+xD,GAAOX,GAAIM,YAC5C,IAAI6C,EAAUhB,EAASM,QAAQ7zD,GAK/B,GA5Qc,IA4QVu0D,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY7yD,EAAIre,KAAK2vE,UAAYb,GAAOX,GAAIM,YAEhDsC,EADAC,EAAKhB,EAAUI,EAAU,MACR/xD,EACVA,KACL+yD,EAAKF,KAAeF,EAGxB,GAAIM,EAAUrB,EACZ,MAQEiB,GAAalxE,KAAK2vE,UAAYb,GAAOX,GAAIM,YAK7CsC,EAFAC,EAAKhB,EADLgB,EAAK9C,GAAIkC,EADTjtE,EAAImuE,EAAU,OAKdF,EAAKF,KAAeF,OA9CbC,IACHA,EAAS,EACT5yD,EAAI,GAUJA,GA1RU,IAyRRizD,EACGL,EAEA,EAAIA,EACXA,IAAW,EA0Cf,KAHIlB,EAAc,GAAKA,GAAemB,IAAapC,GAAOX,GAAIM,YAE9D1xD,EAAI,EACC5Z,EAAI,EAAGA,EAAI,IAAKA,IACnBkZ,EAAIU,EAAIg0D,EAAU5tE,GAClB4tE,EAAU5tE,GAAK4Z,EACfA,EAAIV,EAGN,IAAKlZ,EAAI,EAAGA,EAAI+tE,EAAW/tE,IAEzBiuE,EAAKL,EADLC,EAAe,IAAVI,EAAKjuE,MACcA,GAAK,EAC7B4tE,EAAUC,KAKZ,IAAI3tE,EAAM,EAAGkuE,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBluE,EAAM+tE,EAAKrB,IAEX1sE,IAAQ,EACRmuE,GAAO,GAETxxE,KAAKmvE,SAAW9rE,EAChBrD,KAAKovE,aAAemC,EACpBvxE,KAAKqvE,WAAa6B,EAClBlxE,KAAKyxE,SAAWD,GAET,CACT,EAOAxC,GAAOhuE,UAAU0wE,aAAe,SAASC,EAAcxhE,GACnD,IAAIyhE,EAAQC,EAAUC,EAKxB,GAAI9xE,KAAKqvE,WAAa,EAAK,OAAO,EAGlC,IAAI+B,EAAOpxE,KAAKoxE,KAAM/tE,EAAMrD,KAAKmvE,SAAUoC,EAAUvxE,KAAKovE,aACtD8B,EAAYlxE,KAAKqvE,WAAyBrvE,KAAK+xE,WAGnD,IAFA,IAAIP,EAAMxxE,KAAKyxE,SAERP,GAAW,CAehB,IAdAA,IACAW,EAAWN,EAEXA,EAAgB,KADhBluE,EAAM+tE,EAAK/tE,IAEXA,IAAQ,EACM,GAAVmuE,KACFI,EAASL,EACTO,EAAUD,EACVN,GAAW,IAEXK,EAAS,EACTE,EAAUP,GAEZvxE,KAAKyvE,SAASxB,aAAa6D,EAASF,GAC7BA,KACL5xE,KAAKkvE,aAAatB,UAAUkE,GAC5B9xE,KAAK4vE,aAEH2B,GAAWM,IACbL,EAAM,GASV,OAPAxxE,KAAKqvE,WAAa6B,EAEdlxE,KAAKyvE,SAAS1B,WAAa/tE,KAAK8vE,gBAClChB,GAAOX,GAAIM,WAAY,sBACRzuE,KAAKyvE,SAAS1B,SAASphE,SAAS,IACxC,aAAa3M,KAAK8vE,eAAenjE,SAAS,IAAI,KAEhD3M,KAAK4vE,UACd,EAEA,IAAIoC,GAAoB,SAAS1xE,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAI2uE,EAAc,IAAIxB,GAKtB,OAJAwB,EAAY5rE,IAAM,EAClB4rE,EAAYloE,SAAW,WAAa,OAAOzG,EAAMN,KAAKqD,QACtD4rE,EAAY7B,KAAO,SAAS/pE,GAAOrD,KAAKqD,IAAMA,GAC9C4rE,EAAYgD,IAAM,WAAa,OAAOjyE,KAAKqD,KAAO/C,EAAMc,QACjD6tE,CACT,EACIiD,GAAqB,SAASjoE,GAChC,IAAIilE,EAAe,IAAIzB,GACnB0E,GAAW,EACf,GAAIloE,EACF,GAAqB,mBACnBilE,EAAa7qE,OAAS,IAAItB,WAAWkH,GACrCkoE,GAAW,MACN,IAAI,cAAeloE,EACxB,OAAOA,EAEPilE,EAAa7qE,OAAS4F,EACtBkoE,GAAW,OAGbjD,EAAa7qE,OAAS,IAAItB,WAAW,OAuBvC,OArBAmsE,EAAa7rE,IAAM,EACnB6rE,EAAatB,UAAY,SAASC,GAChC,GAAIsE,GAAYnyE,KAAKqD,KAAOrD,KAAKqE,OAAOjD,OAAQ,CAC9C,IAAIgxE,EAAY,IAAIrvE,WAA8B,EAAnB/C,KAAKqE,OAAOjD,QAC3CgxE,EAAU5uE,IAAIxD,KAAKqE,QACnBrE,KAAKqE,OAAS+tE,EAEhBpyE,KAAKqE,OAAOrE,KAAKqD,OAASwqE,GAE5BqB,EAAamD,UAAY,WAEvB,GAAIryE,KAAKqD,MAAQrD,KAAKqE,OAAOjD,OAAQ,CACnC,IAAK+wE,EACH,MAAM,IAAIjgD,UAAU,2CACtB,IAAIkgD,EAAY,IAAIrvE,WAAW/C,KAAKqD,KACpC+uE,EAAU5uE,IAAIxD,KAAKqE,OAAOgI,SAAS,EAAGrM,KAAKqD,MAC3CrD,KAAKqE,OAAS+tE,EAEhB,OAAOpyE,KAAKqE,QAEd6qE,EAAaoD,UAAW,EACjBpD,CACT,EAqGA,OAhGe,SAAS5uE,EAAO2J,EAAQsoE,GAMrC,IAJA,IAAItD,EAAc+C,GAAkB1xE,GAChC4uE,EAAegD,GAAmBjoE,GAElCuoE,EAAK,IAAIxD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgD,OACxC,GAAIO,EAAGjD,cACLiD,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG7sE,OAAOzE,KAAK,MAAQ,EAM7C,GALIuxE,IAAoBD,EAAG3C,WACzBf,GAAOX,GAAIM,WAAY,uBACR+D,EAAG3C,UAAUljE,SAAS,IAC9B,aAAa8lE,EAAgB9lE,SAAS,IAAI,MAE/C4lE,KACA,QAAStD,IACRA,EAAYgD,MAGV,MADLO,EAAGlD,cAAcL,EAAaC,GAIpC,GAAI,cAAeA,EACjB,OAAOA,EAAamD,WACxB,EC/eA,MAAMK,GACOhyD,iBACT,OAAOU,GAAMnM,OAAOU,YAMtB7V,YAAY6yE,EAAO,IAAI33D,MACrBhb,KAAK2iD,OAASvhC,GAAMjL,QAAQG,KAC5BtW,KAAK2yE,KAAOn4D,GAAKc,cAAcq3D,GAC/B3yE,KAAKqW,KAAO,KACZrW,KAAKkK,KAAO,KACZlK,KAAK4yE,SAAW,GASlBC,QAAQx8D,EAAMssC,EAASvhC,GAAMjL,QAAQG,MACnCtW,KAAK2iD,OAASA,EACd3iD,KAAKqW,KAAOA,EACZrW,KAAKkK,KAAO,KASd4oE,QAAQnxE,GAAQ,GAId,OAHkB,OAAd3B,KAAKqW,MAAiBmE,GAAK9X,SAAS1C,KAAKqW,SAC3CrW,KAAKqW,KAAOmE,GAAK+C,WAAW/C,GAAKyF,UAAUjgB,KAAK+yE,SAASpxE,MAEpD3B,KAAKqW,KAQd28D,SAAS1rE,EAAOq7C,GACd3iD,KAAK2iD,OAASA,EACd3iD,KAAKkK,KAAO5C,EACZtH,KAAKqW,KAAO,KASd08D,SAASpxE,GAAQ,GAKf,OAJkB,OAAd3B,KAAKkK,OAEPlK,KAAKkK,KAAOsQ,GAAKoF,gBAAgBpF,GAAK0C,WAAWld,KAAKqW,QAEpD1U,EACKslB,EAAoBjnB,KAAKkK,MAE3BlK,KAAKkK,KAQd+oE,YAAYL,GACV5yE,KAAK4yE,SAAWA,EAQlBM,cACE,OAAOlzE,KAAK4yE,SAUdzxE,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UAExB,MAAMwhD,QAAeh9C,EAAOoB,WAEtBqsE,QAAqBztE,EAAOoB,WAClC/G,KAAK4yE,SAAWp4D,GAAK+C,iBAAiB5X,EAAOuB,UAAUksE,IAEvDpzE,KAAK2yE,KAAOn4D,GAAKO,eAAepV,EAAOuB,UAAU,IAEjD,IAAIgD,EAAOvE,EAAOmF,YACdsc,EAAqBld,KAAOA,QAAa8c,EAAiB9c,IAC9DlK,KAAKgzE,SAAS9oE,EAAMy4C,EAAO,IAS/B0D,cACE,MAAMusB,EAAWp4D,GAAK0C,WAAWld,KAAK4yE,UAChCS,EAAkB,IAAItwE,WAAW,CAAC6vE,EAASxxE,SAE3CuhD,EAAS,IAAI5/C,WAAW,CAAC/C,KAAK2iD,SAC9BgwB,EAAOn4D,GAAKS,UAAUjb,KAAK2yE,MAEjC,OAAOn4D,GAAKxX,iBAAiB,CAAC2/C,EAAQ0wB,EAAiBT,EAAUD,IAQnE7wE,QACE,MAAM4iB,EAAS1kB,KAAKqmD,cACdn8C,EAAOlK,KAAK+yE,WAElB,OAAOv4D,GAAK5T,OAAO,CAAC8d,EAAQxa,KCxIhC,MAAMopE,GAAW9zE,OAAO,YAKlB+zE,GAA4B,IAAI9vD,IAAI,CACxCrC,GAAM/J,mBAAmBW,OACzBoJ,GAAM/J,mBAAmByB,kBACzBsI,GAAM/J,mBAAmBwB,oBAW3B,MAAM26D,GACO9yD,iBACT,OAAOU,GAAMnM,OAAOE,UAGtBrV,cACEE,KAAKiiD,QAAU,KAEfjiD,KAAKyzE,cAAgB,KAErBzzE,KAAK0zE,cAAgB,KAErB1zE,KAAK2zE,mBAAqB,KAE1B3zE,KAAK4zE,cAAgB,KACrB5zE,KAAK6zE,mBAAqB,GAC1B7zE,KAAK8zE,gBAAkB,KAEvB9zE,KAAK+zE,QAAU,KACf/zE,KAAKuX,wBAA0B,KAC/BvX,KAAKg0E,uBAAwB,EAC7Bh0E,KAAKi0E,WAAa,KAClBj0E,KAAKk0E,WAAa,KAClBl0E,KAAKm0E,YAAc,KACnBn0E,KAAK0X,kBAAoB,KACzB1X,KAAK2X,UAAY,KACjB3X,KAAK4X,kBAAoB,KACzB5X,KAAKo0E,gBAAkB,KACvBp0E,KAAK8X,6BAA+B,KACpC9X,KAAKq0E,mBAAqB,KAC1Br0E,KAAKs0E,uBAAyB,KAC9Bt0E,KAAKu0E,yBAA2B,KAChCv0E,KAAKw0E,YAAc,IAAI/sD,GACvBznB,KAAKy0E,aAAe,GACpBz0E,KAAK00E,UAAY,GACjB10E,KAAKkY,wBAA0B,KAC/BlY,KAAKmY,+BAAiC,KACtCnY,KAAKoY,qBAAuB,KAC5BpY,KAAKqY,mBAAqB,KAC1BrY,KAAK20E,gBAAkB,KACvB30E,KAAKuY,UAAY,KACjBvY,KAAKwY,SAAW,KAChBxY,KAAKyY,cAAgB,KACrBzY,KAAK40E,wBAA0B,KAC/B50E,KAAK60E,0BAA4B,KACjC70E,KAAK2Y,SAAW,KAChB3Y,KAAK80E,kCAAoC,KACzC90E,KAAK+0E,6BAA+B,KACpC/0E,KAAKg1E,oBAAsB,KAC3Bh1E,KAAK6Y,kBAAoB,KACzB7Y,KAAKi1E,iBAAmB,KACxBj1E,KAAK8Y,kBAAoB,KACzB9Y,KAAK+Y,wBAA0B,KAE/B/Y,KAAKk1E,QAAU,KACfl1E,KAAKszE,IAAY,KAQnBpyE,KAAKoG,GACH,IAAInE,EAAI,EAGR,GAFAnD,KAAKiiD,QAAU36C,EAAMnE,KAEA,IAAjBnD,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAC7B,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,mDAS7C,GANAjiD,KAAKyzE,cAAgBnsE,EAAMnE,KAC3BnD,KAAK2zE,mBAAqBrsE,EAAMnE,KAChCnD,KAAK0zE,cAAgBpsE,EAAMnE,KAG3BA,GAAKnD,KAAKm1E,eAAe7tE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAAS,IACrDpB,KAAK+zE,QACR,MAAU3wE,MAAM,8CASlBpD,KAAK4zE,cAAgBtsE,EAAM+E,SAAS,EAAGlJ,GAGvCA,GAAKnD,KAAKm1E,eAAe7tE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAAS,GAG1DpB,KAAK8zE,gBAAkBxsE,EAAM+E,SAASlJ,EAAGA,EAAI,GAC7CA,GAAK,EAELnD,KAAKonD,OAASvoC,GAAO1J,UAAUigE,qBAAqBp1E,KAAK2zE,mBAAoBrsE,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAMvGi0E,cACE,OAAIr1E,KAAKonD,kBAAkBnnD,QAClBq1E,GACLn0E,SAAY0d,GAAO02D,gBAAgBv1E,KAAK2zE,yBAA0B3zE,KAAKonD,UAGpEvoC,GAAO02D,gBAAgBv1E,KAAK2zE,mBAAoB3zE,KAAKonD,QAG9DtlD,QACE,MAAMg7C,EAAM,GAKZ,OAJAA,EAAIj7C,KAAK7B,KAAK4zE,eACd92B,EAAIj7C,KAAK7B,KAAKw1E,2BACd14B,EAAIj7C,KAAK7B,KAAK8zE,iBACdh3B,EAAIj7C,KAAK7B,KAAKq1E,eACP76D,GAAK5T,OAAOk2C,GAYrB37C,WAAW6V,EAAK9M,EAAMyoE,EAAO,IAAI33D,KAAQwiC,GAAW,GAC9B,IAAhBxmC,EAAIirC,QACNjiD,KAAKiiD,QAAU,EAEfjiD,KAAKiiD,QAAU,EAEjB,MAAMnF,EAAM,CAAC,IAAI/5C,WAAW,CAAC/C,KAAKiiD,QAASjiD,KAAKyzE,cAAezzE,KAAK2zE,mBAAoB3zE,KAAK0zE,iBAE7F1zE,KAAK+zE,QAAUv5D,GAAKc,cAAcq3D,GAClC3yE,KAAKi1E,iBAAmBj+D,EAAIirC,QAC5BjiD,KAAK8Y,kBAAoB9B,EAAIy+D,sBAC7Bz1E,KAAKw0E,YAAcx9D,EAAI0+D,WAGvB54B,EAAIj7C,KAAK7B,KAAK21E,yBAKd31E,KAAK6zE,mBAAqB,GAE1B7zE,KAAK4zE,cAAgBp5D,GAAK5T,OAAOk2C,GAEjC,MAAM84B,EAAS51E,KAAK41E,OAAO51E,KAAKyzE,cAAevpE,EAAMszC,GAC/CppC,QAAapU,KAAKoU,KAAKpU,KAAKyzE,cAAevpE,EAAM0rE,EAAQp4B,GAE/Dx9C,KAAK8zE,gBAAkB+B,EAAaC,EAAa1hE,GAAO,EAAG,GAC3D,MAAMsF,EAASvY,SAAY0d,GAAO1J,UAAUgoC,KAC1Cn9C,KAAK2zE,mBAAoB3zE,KAAK0zE,cAAe18D,EAAIq4C,aAAcr4C,EAAIq5C,cAAeulB,QAAc5uD,EAAiB5S,IAE/GoG,GAAK9X,SAAS0R,GAChBpU,KAAKonD,OAAS1tC,KAEd1Z,KAAKonD,aAAe1tC,IAMpB1Z,KAAKszE,KAAY,GAQrBqC,wBACE,MAAMvoE,EAAMgU,GAAM/J,mBACZylC,EAAM,GACZ,IAAIx1C,EACJ,GAAqB,OAAjBtH,KAAK+zE,QACP,MAAU3wE,MAAM,mCAElB05C,EAAIj7C,KAAKk0E,GAAe3oE,EAAIkK,uBAAuB,EAAMkD,GAAKS,UAAUjb,KAAK+zE,WACxC,OAAjC/zE,KAAKuX,yBACPulC,EAAIj7C,KAAKk0E,GAAe3oE,EAAImK,yBAAyB,EAAMiD,GAAKM,YAAY9a,KAAKuX,wBAAyB,KAEpF,OAApBvX,KAAKi0E,YACPn3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIoK,yBAAyB,EAAM,IAAIzU,WAAW,CAAC/C,KAAKi0E,WAAa,EAAI,MAE3E,OAApBj0E,KAAKk0E,aACP5sE,EAAQ,IAAIvE,WAAW,CAAC/C,KAAKk0E,WAAYl0E,KAAKm0E,cAC9Cr3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIqK,gBAAgB,EAAMnQ,KAErB,OAA3BtH,KAAK0X,mBACPolC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIsK,mBAAmB,EAAM1X,KAAK0X,oBAErC,OAAnB1X,KAAK2X,WACPmlC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIuK,WAAW,EAAM,IAAI5U,WAAW,CAAC/C,KAAK2X,UAAY,EAAI,MAErD,OAA3B3X,KAAK4X,mBACPklC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIwK,mBAAmB,EAAM4C,GAAKM,YAAY9a,KAAK4X,kBAAmB,KAEtD,OAAtC5X,KAAK8X,+BACPxQ,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK8X,+BAC7DglC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI0K,8BAA8B,EAAOxQ,KAEnC,OAA5BtH,KAAKq0E,qBACP/sE,EAAQ,IAAIvE,WAAW,CAAC/C,KAAKq0E,mBAAoBr0E,KAAKs0E,yBACtDhtE,EAAQkT,GAAK5T,OAAO,CAACU,EAAOtH,KAAKu0E,2BACjCz3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAI2K,eAAe,EAAOzQ,KAE/CtH,KAAKw0E,YAAYzsD,UAAsC,IAA1B/nB,KAAKi1E,kBAGrCn4B,EAAIj7C,KAAKk0E,GAAe3oE,EAAI4K,QAAQ,EAAMhY,KAAKw0E,YAAY1yE,UAE7D9B,KAAKy0E,aAAanxE,SAAQ,EAAGgI,OAAMjK,QAAO20E,gBAAeC,eACvD3uE,EAAQ,CAAC,IAAIvE,WAAW,CAACizE,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAME,EAAc17D,GAAK0C,WAAW5R,GAEpChE,EAAMzF,KAAK2Y,GAAKM,YAAYo7D,EAAY90E,OAAQ,IAEhDkG,EAAMzF,KAAK2Y,GAAKM,YAAYzZ,EAAMD,OAAQ,IAC1CkG,EAAMzF,KAAKq0E,GACX5uE,EAAMzF,KAAKR,GACXiG,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAI6K,aAAcg+D,EAAU3uE,GAAO,IAExB,OAAjCtH,KAAKkY,0BACP5Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKkY,0BAC7D4kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI8K,yBAAyB,EAAO5Q,KAElB,OAAxCtH,KAAKmY,iCACP7Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKmY,iCAC7D2kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI+K,gCAAgC,EAAO7Q,KAEnC,OAA9BtH,KAAKoY,uBACP9Q,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKoY,uBAC7D0kC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIgL,sBAAsB,EAAO9Q,KAE3B,OAA5BtH,KAAKqY,oBACPykC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIiL,oBAAoB,EAAOmC,GAAK0C,WAAWld,KAAKqY,sBAEjD,OAAzBrY,KAAK20E,iBACP73B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIkL,eAAe,EAAO,IAAIvV,WAAW,CAAC/C,KAAK20E,gBAAkB,EAAI,MAExE,OAAnB30E,KAAKuY,WACPukC,EAAIj7C,KAAKk0E,GAAe3oE,EAAImL,WAAW,EAAOiC,GAAK0C,WAAWld,KAAKuY,aAE/C,OAAlBvY,KAAKwY,WACPlR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAKwY,WAC7DskC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIoL,UAAU,EAAMlR,KAEnB,OAAvBtH,KAAKyY,eACPqkC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIqL,eAAe,EAAO+B,GAAK0C,WAAWld,KAAKyY,iBAEpC,OAAjCzY,KAAK40E,0BACPttE,EAAQkT,GAAKiC,mBAAmB/B,OAAOsC,aAAahd,KAAK40E,yBAA2B50E,KAAK60E,2BACzF/3B,EAAIj7C,KAAKk0E,GAAe3oE,EAAIsL,qBAAqB,EAAMpR,KAEnC,OAAlBtH,KAAK2Y,WACPrR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK2Y,WAC7DmkC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIuL,UAAU,EAAOrR,KAEA,OAA3CtH,KAAK80E,oCACPxtE,EAAQ,CAAC,IAAIvE,WAAW,CAAC/C,KAAK80E,kCAAmC90E,KAAK+0E,gCACtEztE,EAAMzF,KAAK2Y,GAAKiC,mBAAmBzc,KAAKg1E,sBACxC1tE,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAIwL,iBAAiB,EAAMtR,KAEtB,OAA3BtH,KAAK6Y,mBACPikC,EAAIj7C,KAAKk0E,GAAe3oE,EAAIyL,mBAAmB,EAAM7Y,KAAK6Y,kBAAkB/W,UAE/C,OAA3B9B,KAAK8Y,oBACPxR,EAAQ,CAAC,IAAIvE,WAAW,CAAC/C,KAAKi1E,mBAAoBj1E,KAAK8Y,mBACvDxR,EAAQkT,GAAK5T,OAAOU,GACpBw1C,EAAIj7C,KAAKk0E,GAAe3oE,EAAI0L,kBAAoC,IAAjB9Y,KAAKiiD,QAAe36C,KAEhC,OAAjCtH,KAAK+Y,0BACPzR,EAAQkT,GAAKiC,mBAAmBjC,GAAKqC,mBAAmB7c,KAAK+Y,0BAC7D+jC,EAAIj7C,KAAKk0E,GAAe3oE,EAAI2L,yBAAyB,EAAOzR,KAG9D,MAAM7F,EAAS+Y,GAAK5T,OAAOk2C,GACrB17C,EAASoZ,GAAKM,YAAYrZ,EAAOL,OAAQ,GAE/C,OAAOoZ,GAAK5T,OAAO,CAACxF,EAAQK,IAO9B+zE,0BACE,MAAM14B,EAAM,GACZ98C,KAAK6zE,mBAAmBvwE,SAAQ4G,IAC9B4yC,EAAIj7C,KAAKmkD,GAAkB97C,EAAK9I,SAChC07C,EAAIj7C,KAAKqI,EAAK,IAGhB,MAAMzI,EAAS+Y,GAAK5T,OAAOk2C,GACrB17C,EAASoZ,GAAKM,YAAYrZ,EAAOL,OAAQ,GAE/C,OAAOoZ,GAAK5T,OAAO,CAACxF,EAAQK,IAI9B00E,cAAc7uE,EAAOg7B,GAAS,GAC5B,IAAI8zC,EAAQ,EAGZ,MAAMH,KAA6B,IAAf3uE,EAAM8uE,IACpBh8D,EAAsB,IAAf9S,EAAM8uE,GAEnB,GAAK9zC,IACHtiC,KAAK6zE,mBAAmBhyE,KAAKyF,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACpDmyE,GAA0BntE,IAAIgU,IAQrC,OAHAg8D,IAGQh8D,GACN,KAAKgH,GAAM/J,mBAAmBC,sBAE5BtX,KAAK+zE,QAAUv5D,GAAKO,SAASzT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACzD,MACF,KAAKggB,GAAM/J,mBAAmBE,wBAAyB,CAErD,MAAM8+D,EAAU77D,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAE5DpB,KAAKg0E,sBAAoC,IAAZqC,EAC7Br2E,KAAKuX,wBAA0B8+D,EAE/B,MAEF,KAAKj1D,GAAM/J,mBAAmBG,wBAE5BxX,KAAKi0E,WAAgC,IAAnB3sE,EAAM8uE,KACxB,MACF,KAAKh1D,GAAM/J,mBAAmBI,eAE5BzX,KAAKk0E,WAAa5sE,EAAM8uE,KACxBp2E,KAAKm0E,YAAc7sE,EAAM8uE,KACzB,MACF,KAAKh1D,GAAM/J,mBAAmBK,kBAE5B1X,KAAK0X,kBAAoBpQ,EAAM8uE,GAC/B,MACF,KAAKh1D,GAAM/J,mBAAmBM,UAE5B3X,KAAK2X,UAA+B,IAAnBrQ,EAAM8uE,KACvB,MACF,KAAKh1D,GAAM/J,mBAAmBO,kBAAmB,CAE/C,MAAMy+D,EAAU77D,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAE5DpB,KAAK4X,kBAAoBy+D,EACzBr2E,KAAKo0E,gBAA8B,IAAZiC,EAEvB,MAEF,KAAKj1D,GAAM/J,mBAAmBS,6BAE5B9X,KAAK8X,6BAA+B,IAAIxQ,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACpE,MACF,KAAKggB,GAAM/J,mBAAmBU,cAK5B/X,KAAKq0E,mBAAqB/sE,EAAM8uE,KAChCp2E,KAAKs0E,uBAAyBhtE,EAAM8uE,KACpCp2E,KAAKu0E,yBAA2BjtE,EAAM+E,SAAS+pE,EAAOA,EAAQ,IAC9D,MAEF,KAAKh1D,GAAM/J,mBAAmBW,OAE5BhY,KAAKw0E,YAAYtzE,KAAKoG,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAClD,MAEF,KAAKggB,GAAM/J,mBAAmBY,aAAc,CAE1C,MAAM+9D,KAAkC,IAAf1uE,EAAM8uE,IAG/BA,GAAS,EACT,MAAM5oE,EAAIgN,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAM5pE,EAAIgO,GAAKK,WAAWvT,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM9qE,EAAOkP,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAOA,EAAQ5oE,IACrDnM,EAAQiG,EAAM+E,SAAS+pE,EAAQ5oE,EAAG4oE,EAAQ5oE,EAAIhB,GAEpDxM,KAAKy0E,aAAa5yE,KAAK,CAAEyJ,OAAM0qE,gBAAe30E,QAAO40E,aAEjDD,IACFh2E,KAAK00E,UAAUppE,GAAQkP,GAAK+C,WAAWlc,IAEzC,MAEF,KAAK+f,GAAM/J,mBAAmBa,wBAE5BlY,KAAKkY,wBAA0B,IAAI5Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC/D,MACF,KAAKggB,GAAM/J,mBAAmBc,+BAE5BnY,KAAKmY,+BAAiC,IAAI7Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACtE,MACF,KAAKggB,GAAM/J,mBAAmBe,qBAE5BpY,KAAKoY,qBAAuB,IAAI9Q,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC5D,MACF,KAAKggB,GAAM/J,mBAAmBgB,mBAE5BrY,KAAKqY,mBAAqBmC,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACtE,MACF,KAAKggB,GAAM/J,mBAAmBiB,cAE5BtY,KAAK20E,gBAAqC,IAAnBrtE,EAAM8uE,KAC7B,MACF,KAAKh1D,GAAM/J,mBAAmBkB,UAE5BvY,KAAKuY,UAAYiC,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC7D,MACF,KAAKggB,GAAM/J,mBAAmBmB,SAE5BxY,KAAKwY,SAAW,IAAIlR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAChD,MACF,KAAKggB,GAAM/J,mBAAmBoB,cAE5BzY,KAAKyY,cAAgB+B,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACjE,MACF,KAAKggB,GAAM/J,mBAAmBqB,oBAE5B1Y,KAAK40E,wBAA0BttE,EAAM8uE,KACrCp2E,KAAK60E,0BAA4Br6D,GAAK+C,WAAWjW,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC7E,MACF,KAAKggB,GAAM/J,mBAAmBsB,SAE5B3Y,KAAK2Y,SAAW,IAAIrR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAChD,MACF,KAAKggB,GAAM/J,mBAAmBuB,gBAAiB,CAG7C5Y,KAAK80E,kCAAoCxtE,EAAM8uE,KAC/Cp2E,KAAK+0E,6BAA+BztE,EAAM8uE,KAE1C,MAAMjmE,EAAM0O,GAAOixB,kBAAkB9vC,KAAK+0E,8BAE1C/0E,KAAKg1E,oBAAsBx6D,GAAKqC,mBAAmBvV,EAAM+E,SAAS+pE,EAAOA,EAAQjmE,IACjF,MAEF,KAAKiR,GAAM/J,mBAAmBwB,kBAE5B7Y,KAAK6Y,kBAAoB,IAAI26D,GAC7BxzE,KAAK6Y,kBAAkB3X,KAAKoG,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SACxD,MACF,KAAKggB,GAAM/J,mBAAmByB,kBAE5B9Y,KAAKi1E,iBAAmB3tE,EAAM8uE,KAC9Bp2E,KAAK8Y,kBAAoBxR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,QACvB,IAA1BpB,KAAKi1E,iBACPj1E,KAAKw0E,YAAYtzE,KAAKlB,KAAK8Y,mBAE3B9Y,KAAKw0E,YAAYtzE,KAAKlB,KAAK8Y,kBAAkBzM,UAAU,IAEzD,MACF,KAAK+U,GAAM/J,mBAAmB0B,wBAE5B/Y,KAAK+Y,wBAA0B,IAAIzR,EAAM+E,SAAS+pE,EAAO9uE,EAAMlG,SAC/D,MACF,QAAS,CACP,MAAMqgD,EAAUr+C,MAAM,oCAAoCgX,GAC1D,GAAI67D,EACF,MAAMx0B,EAENjnC,GAAK0D,WAAWujC,KAMxB0zB,eAAe7tE,EAAOgvE,GAAU,EAAMxxD,GAEpC,MAAMyxD,EAAkB/7D,GAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IAE1D,IAAIlJ,EAAI,EAGR,KAAOA,EAAI,EAAIozE,GAAiB,CAC9B,MAAMpmE,EAAM41C,GAAiBz+C,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SACrD+B,GAAKgN,EAAII,OAETvQ,KAAKm2E,cAAc7uE,EAAM+E,SAASlJ,EAAGA,EAAIgN,EAAIA,KAAMmmE,EAASxxD,GAE5D3hB,GAAKgN,EAAIA,IAGX,OAAOhN,EAITqzE,OAAOp8D,EAAMlQ,GACX,MAAMmU,EAAI+C,GAAMjM,UAEhB,OAAQiF,GACN,KAAKiE,EAAEjI,OACL,OAAkB,OAAdlM,EAAKmM,KACAmE,GAAK0C,WAAWhT,EAAK4oE,SAAQ,IAE/B5oE,EAAK6oE,UAAS,GAEvB,KAAK10D,EAAEhI,KAAM,CACX,MAAM/O,EAAQ4C,EAAK6oE,UAAS,GAE5B,OAAOv4D,GAAKoF,gBAAgBtY,GAE9B,KAAK+W,EAAE7H,WACL,OAAO,IAAIzT,WAAW,GAExB,KAAKsb,EAAE5H,YACP,KAAK4H,EAAE3H,YACP,KAAK2H,EAAE1H,WACP,KAAK0H,EAAEzH,aACP,KAAKyH,EAAExH,eAAgB,CACrB,IAAI5B,EACAyL,EAEJ,GAAIxW,EAAK2L,OACP6K,EAAM,IACNzL,EAAS/K,EAAK2L,WACT,KAAI3L,EAAK6L,cAId,MAAU3S,MAAM,mFAHhBsd,EAAM,IACNzL,EAAS/K,EAAK6L,cAMhB,MAAMzO,EAAQ2N,EAAOnT,QAErB,OAAO0Y,GAAK5T,OAAO,CAAC5G,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GACrC,IAAInH,WAAW,CAAC2d,IAChBlG,GAAKM,YAAYxT,EAAMlG,OAAQ,GAC/BkG,IAEJ,KAAK+W,EAAEvH,cACP,KAAKuH,EAAEnH,iBACP,KAAKmH,EAAEtH,WACL,OAAOyD,GAAK5T,OAAO,CAAC5G,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GAAOlK,KAAKw2E,OAAOn4D,EAAErH,IAAK,CAC/DA,IAAK9M,EAAKrE,SAGd,KAAKwY,EAAErH,IACL,QAAiB/V,IAAbiJ,EAAK8M,IACP,MAAU5T,MAAM,8CAElB,OAAO8G,EAAK8M,IAAIy/D,aAAaz2E,KAAKiiD,SAEpC,KAAK5jC,EAAEpH,cACL,OAAOjX,KAAKw2E,OAAOn4D,EAAErH,IAAK9M,GAC5B,KAAKmU,EAAElH,UACL,OAAO,IAAIpU,WAAW,GACxB,KAAKsb,EAAEjH,WACL,MAAUhU,MAAM,mBAClB,QACE,MAAUA,MAAM,4BAItBszE,iBAAiBxsE,EAAMszC,GACrB,IAAIp8C,EAAS,EACb,OAAOub,EAAiBm5D,EAAa91E,KAAK4zE,gBAAgBvyE,IACxDD,GAAUC,EAAMD,MAAM,IACrB,KACD,MAAM07C,EAAM,GAeZ,OAdqB,IAAjB98C,KAAKiiD,SAAkBjiD,KAAKyzE,gBAAkBryD,GAAMjM,UAAUiB,QAAUpW,KAAKyzE,gBAAkBryD,GAAMjM,UAAUkB,OAC7GmnC,EACFV,EAAIj7C,KAAK,IAAIkB,WAAW,IAExB+5C,EAAIj7C,KAAKqI,EAAKm8C,gBAGlBvJ,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKiiD,QAAS,OAClB,IAAjBjiD,KAAKiiD,SACPnF,EAAIj7C,KAAK,IAAIkB,WAAW,IAE1B+5C,EAAIj7C,KAAK2Y,GAAKM,YAAY1Z,EAAQ,IAG3BoZ,GAAK5T,OAAOk2C,EAAI,IAI3B84B,OAAOnC,EAAevpE,EAAMszC,GAAW,GACrC,MAAMl2C,EAAQtH,KAAKw2E,OAAO/C,EAAevpE,GAEzC,OAAOsQ,GAAK5T,OAAO,CAACU,EAAOtH,KAAK4zE,cAAe5zE,KAAK02E,iBAAiBxsE,EAAMszC,KAG7Er8C,WAAWsyE,EAAevpE,EAAM0rE,EAAQp4B,GAAW,GAEjD,OADKo4B,IAAQA,EAAS51E,KAAK41E,OAAOnC,EAAevpE,EAAMszC,IAChD3+B,GAAOzK,KAAK+zB,OAAOnoC,KAAK0zE,cAAekC,GAehDz0E,aAAa6V,EAAKy8D,EAAevpE,EAAMyoE,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IACnF,IAAKpmB,KAAKw0E,YAAY7sD,OAAO3Q,EAAI0+D,YAC/B,MAAUtyE,MAAM,oDAElB,GAAIpD,KAAK2zE,qBAAuB38D,EAAIkzC,UAClC,MAAU9mD,MAAM,oFAGlB,MAAMuzE,EAAqBlD,IAAkBryD,GAAMjM,UAAUiB,QAAUq9D,IAAkBryD,GAAMjM,UAAUkB,KAIzG,KADmBrW,KAAKszE,MAAcqD,GACrB,CACf,IAAIf,EACAxhE,EAQJ,GAPIpU,KAAKsiC,OACPluB,QAAapU,KAAKsiC,QAElBszC,EAAS51E,KAAK41E,OAAOnC,EAAevpE,EAAMszC,GAC1CppC,QAAapU,KAAKoU,KAAKq/D,EAAevpE,EAAM0rE,IAE9CxhE,QAAa4S,EAAiB5S,GAC1BpU,KAAK8zE,gBAAgB,KAAO1/D,EAAK,IACjCpU,KAAK8zE,gBAAgB,KAAO1/D,EAAK,GACnC,MAAUhR,MAAM,+BAUlB,GAPApD,KAAKonD,aAAepnD,KAAKonD,OAEzBpnD,KAAKszE,UAAkBz0D,GAAO1J,UAAUuoC,OACtC19C,KAAK2zE,mBAAoB3zE,KAAK0zE,cAAe1zE,KAAKonD,OAAQpwC,EAAIq4C,aAC9DumB,EAAQxhE,IAGLpU,KAAKszE,IACR,MAAUlwE,MAAM,iCAIpB,MAAMwzE,EAAWp8D,GAAKc,cAAcq3D,GACpC,GAAIiE,GAAY52E,KAAK+zE,QAAU6C,EAC7B,MAAUxzE,MAAM,4CAElB,GAAIwzE,GAAYA,GAAY52E,KAAK62E,oBAC/B,MAAUzzE,MAAM,wBAElB,GAAI0hB,EAAOT,qBAAqBje,IAAIpG,KAAK0zE,eACvC,MAAUtwE,MAAM,4BAA8Bge,GAAMlgB,KAAKkgB,GAAMhN,KAAMpU,KAAK0zE,eAAeoD,eAE3F,GAAIhyD,EAAOR,4BAA4Ble,IAAIpG,KAAK0zE,gBAC9C,CAACtyD,GAAMjM,UAAUiB,OAAQgL,GAAMjM,UAAUkB,MAAMwL,SAAS7hB,KAAKyzE,eAC7D,MAAUrwE,MAAM,oCAAsCge,GAAMlgB,KAAKkgB,GAAMhN,KAAMpU,KAAK0zE,eAAeoD,eAOnG,GALA92E,KAAKy0E,aAAanxE,SAAQ,EAAGgI,OAAM2qE,eACjC,GAAIA,GAAanxD,EAAOX,eAAexd,QAAQ2E,GAAQ,EACrD,MAAUlI,MAAM,8BAA8BkI,MAGlB,OAA5BtL,KAAKq0E,mBACP,MAAUjxE,MAAM,iGASpB2zE,UAAUpE,EAAO,IAAI33D,MACnB,MAAM47D,EAAWp8D,GAAKc,cAAcq3D,GACpC,OAAiB,OAAbiE,KACO52E,KAAK+zE,SAAW6C,GAAYA,EAAW52E,KAAK62E,qBASzDA,oBACE,OAAO72E,KAAKg0E,sBAAwBpoE,IAAW,IAAIoP,KAAKhb,KAAK+zE,QAAQ14D,UAA2C,IAA/Brb,KAAKuX,0BAgB1F,SAASw+D,GAAe37D,EAAM67D,EAAU/rE,GACtC,MAAM4yC,EAAM,GAIZ,OAHAA,EAAIj7C,KAAKmkD,GAAkB97C,EAAK9I,OAAS,IACzC07C,EAAIj7C,KAAK,IAAIkB,WAAW,EAAEkzE,EAAW,IAAO,GAAK77D,KACjD0iC,EAAIj7C,KAAKqI,GACFsQ,GAAK5T,OAAOk2C,EACrB,CC9tBA,MAAMk6B,GACOt2D,iBACT,OAAOU,GAAMnM,OAAOI,iBAGtBvV,cAEEE,KAAKiiD,QAAU,KAQfjiD,KAAKyzE,cAAgB,KAMrBzzE,KAAK0zE,cAAgB,KAMrB1zE,KAAK2zE,mBAAqB,KAE1B3zE,KAAKw0E,YAAc,KAMnBx0E,KAAK0pE,MAAQ,KAQfxoE,KAAKoG,GACH,IAAI8uE,EAAQ,EAGZ,GADAp2E,KAAKiiD,QAAU36C,EAAM8uE,KA1DT,IA2DRp2E,KAAKiiD,QACP,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,4DAuB7C,OAlBAjiD,KAAKyzE,cAAgBnsE,EAAM8uE,KAG3Bp2E,KAAK0zE,cAAgBpsE,EAAM8uE,KAG3Bp2E,KAAK2zE,mBAAqBrsE,EAAM8uE,KAGhCp2E,KAAKw0E,YAAc,IAAI/sD,GACvBznB,KAAKw0E,YAAYtzE,KAAKoG,EAAM+E,SAAS+pE,EAAOA,EAAQ,IACpDA,GAAS,EAMTp2E,KAAK0pE,MAAQpiE,EAAM8uE,KACZp2E,KAOT8B,QACE,MAAMkC,EAAQ,IAAIjB,WAAW,CA3FjB,EA2F2B/C,KAAKyzE,cAAezzE,KAAK0zE,cAAe1zE,KAAK2zE,qBAE9EhoE,EAAM,IAAI5I,WAAW,CAAC/C,KAAK0pE,QAEjC,OAAOlvD,GAAKxX,iBAAiB,CAACgB,EAAOhE,KAAKw0E,YAAY1yE,QAAS6J,IAGjE+qE,oBAAoBzlD,GAClB,OAAOqkD,GAAiBn0E,SAAYqyE,GAAgBxyE,UAAU01E,iBAAiBz5D,YAAYjd,KAAKi3E,iBAAkBhmD,KAGpH9vB,eACE,MAAM81E,QAAyBj3E,KAAKi3E,iBACpC,IAAKA,GAAoBA,EAAiBn3E,YAAY4gB,MAAQU,GAAMnM,OAAOE,UACzE,MAAU/R,MAAM,0CAElB,GACE6zE,EAAiBxD,gBAAkBzzE,KAAKyzE,eACxCwD,EAAiBvD,gBAAkB1zE,KAAK0zE,eACxCuD,EAAiBtD,qBAAuB3zE,KAAK2zE,qBAC5CsD,EAAiBzC,YAAY7sD,OAAO3nB,KAAKw0E,aAE1C,MAAUpxE,MAAM,2EAGlB,OADA6zE,EAAiB30C,OAAStiC,KAAKsiC,OACxB20C,EAAiBv5B,OAAOzgC,MAAMg6D,EAAkBr6B,YCxHpD,SAASs6B,GAAiBx2D,EAAKy2D,GACpC,IAAKA,EAAez2D,GAAM,CAExB,IAAI02D,EACJ,IACEA,EAAah2D,GAAMlgB,KAAKkgB,GAAMnM,OAAQyL,GACtC,MAAOjc,GACP,MAAM,IAAI0iD,GAAiB,iCAAiCzmC,GAE9D,MAAUtd,MAAM,uCAAuCg0E,GAEzD,OAAO,IAAID,EAAez2D,EAC5B,CDgHAs2D,GAAuBh2E,UAAUoT,KAAOo/D,GAAgBxyE,UAAUoT,KAClE4iE,GAAuBh2E,UAAU40E,OAASpC,GAAgBxyE,UAAU40E,OACpEoB,GAAuBh2E,UAAUw1E,OAAShD,GAAgBxyE,UAAUw1E,OC1GpE,MAAMa,WAAmBx3E,MAWvBmoB,wBAAwB1gB,EAAO6vE,EAAgBryD,EAASsB,IACtD,MAAMkxD,EAAU,IAAID,GAEpB,aADMC,EAAQp2E,KAAKoG,EAAO6vE,EAAgBryD,GACnCwyD,EAWTn2E,WAAWmG,EAAO6vE,EAAgBryD,EAASsB,IACrCtB,EAAOjB,yBAAyBziB,SAClC+1E,EAAiB,IAAKA,KAAmB38D,GAAK+F,wBAAwBuE,EAAOjB,4BAE/E7jB,KAAKe,OAAS4lB,EAAqBrf,GAAOnG,MAAOyH,EAAUC,KACzD,MAAMnI,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,OACLnI,EAAO2I,MA6Bb,SA5BmBk9C,GAAY39C,GAAUzH,UACvC,IACE,GAAIo2E,EAAO72D,MAAQU,GAAMnM,OAAOS,QAAU6hE,EAAO72D,MAAQU,GAAMnM,OAAOW,MAIpE,OAEF,MAAMX,EAASiiE,GAAiBK,EAAO72D,IAAKy2D,GAC5CliE,EAAOqiE,QAAU,IAAID,GACrBpiE,EAAOuiE,WAAah9D,GAAK9X,SAAS60E,EAAOtiE,cACnCA,EAAO/T,KAAKq2E,EAAOtiE,OAAQ6P,SAC3BpkB,EAAOoB,MAAMmT,GACnB,MAAOxQ,GACP,MAAMgzE,GAAyB3yD,EAAOnB,0BAA4Blf,aAAa0iD,GACzEuwB,IAAuB5yD,EAAOlB,wBAA4Bnf,aAAa0iD,IAC7E,GAAIswB,GAAyBC,GAAuBpxB,GAAkBixB,EAAO72D,WAIrEhgB,EAAOuB,MAAMwC,OACd,CACL,MAAMkzE,EAAiB,IAAIrwB,GAAkBiwB,EAAO72D,IAAK62D,EAAOtiE,cAC1DvU,EAAOoB,MAAM61E,GAErBn9D,GAAK4D,gBAAgB3Z,OAMvB,aAFM/D,EAAO2I,iBACP3I,EAAOsB,SAIjB,MAAOyC,SACD/D,EAAOuB,MAAMwC,OAKvB,MAAMkB,EAASihB,EAAiB5mB,KAAKe,QACrC,OAAa,CACX,MAAMO,KAAEA,EAAID,MAAEA,SAAgBsE,EAAOzE,OAMrC,GALKI,EAGHtB,KAAKe,OAAS,KAFdf,KAAK6B,KAAKR,GAIRC,GAAQglD,GAAkBjlD,EAAMvB,YAAY4gB,KAC9C,MAGJ/a,EAAO/E,cAQTkB,QACE,MAAMg7C,EAAM,GAEZ,IAAK,IAAI35C,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,MAAMud,EAAM1gB,KAAKmD,aAAcmkD,GAAoBtnD,KAAKmD,GAAGud,IAAM1gB,KAAKmD,GAAGrD,YAAY4gB,IAC/Ek3D,EAAc53E,KAAKmD,GAAGrB,QAC5B,GAAI0Y,GAAK9X,SAASk1E,IAAgBtxB,GAAkBtmD,KAAKmD,GAAGrD,YAAY4gB,KAAM,CAC5E,IAAIrc,EAAS,GACT8C,EAAe,EACnB,MAAM0wE,EAAY,IAClB/6B,EAAIj7C,KAAKskD,GAASzlC,IAClBo8B,EAAIj7C,KAAK8a,EAAiBi7D,GAAav2E,IAGrC,GAFAgD,EAAOxC,KAAKR,GACZ8F,GAAgB9F,EAAMD,OAClB+F,GAAgB0wE,EAAW,CAC7B,MAAMC,EAAWhsE,KAAKoyC,IAAIpyC,KAAKqS,IAAIhX,GAAgB2E,KAAKisE,IAAM,EAAG,IAC3DlV,EAAY,GAAKiV,EACjB1wE,EAAeoT,GAAK5T,OAAO,CAACq/C,GAAmB6xB,IAAWlxE,OAAOvC,IAGvE,OAFAA,EAAS,CAAC+C,EAAaiF,SAAS,EAAIw2D,IACpC17D,EAAe9C,EAAO,GAAGjD,OAClBgG,EAAaiF,SAAS,EAAG,EAAIw2D,OAErC,IAAMroD,GAAK5T,OAAO,CAACo/C,GAAkB7+C,IAAeP,OAAOvC,WACzD,CACL,GAAImW,GAAK9X,SAASk1E,GAAc,CAC9B,IAAIx2E,EAAS,EACb07C,EAAIj7C,KAAK8a,EAAiBm5D,EAAa8B,IAAcv2E,IACnDD,GAAUC,EAAMD,MAAM,IACrB,IAAMilD,GAAY3lC,EAAKtf,WAE1B07C,EAAIj7C,KAAKwkD,GAAY3lC,EAAKk3D,EAAYx2E,SAExC07C,EAAIj7C,KAAK+1E,IAIb,OAAOp9D,GAAK5T,OAAOk2C,GAQrBk7B,eAAeC,GACb,MAAMC,EAAW,IAAIb,GAEfc,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAIj0E,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3B80E,EAAK5vE,KAAK8vE,EAAOn4E,KAAKmD,GAAGrD,YAAY4gB,OACvCw3D,EAASr2E,KAAK7B,KAAKmD,IAIvB,OAAO+0E,EAQTE,WAAW13D,GACT,OAAO1gB,KAAKq4E,MAAKpjE,GAAUA,EAAOnV,YAAY4gB,MAAQA,IAQxD43D,cAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOx4E,KAEPm4E,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAIj0E,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3B80E,EAAK5vE,KAAK8vE,EAAOK,EAAKr1E,GAAGrD,YAAY4gB,OACvC63D,EAAS12E,KAAKsB,GAGlB,OAAOo1E,GCzLX,MAAMpB,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACAsE,GACAxD,KAWF,MAAMiF,GACO/3D,iBACT,OAAOU,GAAMnM,OAAOO,eAMtB1V,YAAYglB,EAASsB,IAKnBpmB,KAAKs3E,QAAU,KAKft3E,KAAKkqD,UAAYplC,EAAOrC,8BAMxBziB,KAAK04E,WAAa,KAKlB14E,KAAK0iB,aAAeoC,EAAOpC,aAQ7BvhB,WAAWmG,EAAOwd,EAASsB,UACnB+sD,EAAa7rE,GAAOnG,UAGxBnB,KAAKkqD,gBAAkBvkD,EAAOoB,WAG9B/G,KAAK04E,WAAa/yE,EAAOmF,kBAEnB9K,KAAK24E,WAAW7zD,EAAO,IASjChjB,QAKE,OAJwB,OAApB9B,KAAK04E,YACP14E,KAAK44E,WAGAp+D,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAAC/C,KAAKkqD,YAAalqD,KAAK04E,aAS7Dv3E,iBAAiB2jB,EAASsB,IACxB,MAAMyyD,EAAkBz3D,GAAMlgB,KAAKkgB,GAAMrN,YAAa/T,KAAKkqD,WACrD4uB,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAU11E,MAASy1E,EAAH,gCAGlB74E,KAAKs3E,cAAgBD,GAAW2B,WAAWF,EAAgB94E,KAAK04E,YAAavB,GAAgBryD,GAM/F8zD,WACE,MAAMC,EAAkBz3D,GAAMlgB,KAAKkgB,GAAMrN,YAAa/T,KAAKkqD,WACrD+uB,EAAgBC,GAAaL,GACnC,IAAKI,EACH,MAAU71E,MAASy1E,EAAH,8BAGlB74E,KAAK04E,WAAaO,EAAcj5E,KAAKs3E,QAAQx1E,QAAS9B,KAAK0iB,eAa/D,MAAMy2D,GAAW3+D,GAAK0E,cAEtB,SAASlL,GAAa9J,GACpB,OAAOA,CACT,CAEA,SAASkvE,GAAU9Y,EAAM16B,EAAQ3gC,EAAU,IACzC,OAAO,SAAUiF,GACf,OAAKsQ,GAAK9X,SAASwH,IAASkd,EAAqBld,GACxCorE,GAAiB,IAAMtuD,EAAiB9c,GAAMtI,MAAKsI,GACjD,IAAIjK,SAAQ,CAACC,EAASC,KAC3BmgE,EAAKp2D,EAAMjF,GAAS,CAACw8C,EAAKhgD,KACxB,GAAIggD,EAAK,OAAOthD,EAAOshD,GACvBvhD,EAAQuB,EAAO,GACf,QAID43E,EAAiBC,EAAiBpvE,GAAMpB,KAAK88B,EAAO3gC,KAE/D,CAEA,SAASs0E,GAAUz5E,EAAamF,EAAU,IACxC,OAAO,SAASiF,GACd,MAAMu2C,EAAM,IAAI3gD,EAAYmF,GAC5B,OAAO0X,EAAiBzS,GAAM7I,IAC5B,GAAIA,EAAMD,OAER,OADAq/C,EAAI5+C,KAAKR,EAAO8wD,IACT1R,EAAIh/C,UAEZ,KACD,GAAI3B,IAAgB8iE,GAElB,OADAniB,EAAI5+C,KAAK,GAAIwwD,IACN5R,EAAIh/C,UAInB,CAEA,SAAS0S,GAAMmsD,GACb,OAAO,SAASp2D,GACd,OAAOorE,GAAiBn0E,SAAYm/D,QAAWt5C,EAAiB9c,MAEpE,CAEA,MAAMgvE,GAAeC,GAAW,CAC9BllE,iBAAmB,CAACykE,EAAYre,IAAU+e,GAAUD,GAASK,WAAYL,GAASM,iBAAkB,CAAEpf,SAA5D+e,CAAqEV,GAC/GxkE,kBAAoB,CAACwkE,EAAYre,IAAU+e,GAAUD,GAAS3X,QAAS2X,GAASO,cAAe,CAAErf,SAAtD+e,CAA+DV,IACxG,CACFzkE,iBAAmB,CAACykE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEK,KAAK,EAAM5I,SAAhCkf,CAAyCb,GACnFxkE,kBAAoB,CAACwkE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEvI,SAArBkf,CAA8Bb,IAGrEK,GAAiBI,GAAW,CAChCnlE,aAAcA,GACdC,iBAAmBmlE,GAAUD,GAASQ,WAAYR,GAASS,kBAC3D1lE,kBAAoBklE,GAAUD,GAASlO,QAASkO,GAASU,eACzD1lE,mBAAqBA,GAAM2lE,KACzB,CACF9lE,aAAcA,GACdC,iBAAmBslE,GAAUzN,GAAS,CAAE7I,KAAK,IAC7C/uD,kBAAoBqlE,GAAUzN,IAC9B33D,mBAAqBA,GAAM2lE,KCnLvB3C,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAeF,MAAMuG,GACOr5D,iBACT,OAAOU,GAAMnM,OAAOe,mCAGtBlW,cACEE,KAAKiiD,QAlBO,EAmBZjiD,KAAKg6E,UAAY,KACjBh6E,KAAKs3E,QAAU,KAGjBn2E,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UACxB,MAAM8gD,QAAgBt8C,EAAOoB,WAE7B,GA3BU,IA2BNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,wCAMxCjiD,KAAKg6E,UAAYr0E,EAAOmF,WAAW,IAIvChJ,QACE,OAAO0Y,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAvCvB,IAuCmC/C,KAAKg6E,YAYtD74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GAEvC,IAAI3yE,EAAQtH,KAAKs3E,QAAQx1E,QACrBslB,EAAqB9f,KAAQA,QAAc0f,EAAiB1f,IAChE,MAAM4U,QAAe2C,GAAOq7D,gBAAgBD,GACtCE,EAAM,IAAIp3E,WAAW,CAAC,IAAM,KAE5Bq3E,EAAS5/D,GAAK5T,OAAO,CAACsV,EAAQ5U,EAAO6yE,IACrC/lE,QAAayK,GAAOzK,KAAKE,KAAK2S,EAAoBmzD,IAClD9mE,EAAYkH,GAAK5T,OAAO,CAACwzE,EAAQhmE,IAGvC,OADApU,KAAKg6E,gBAAkBn7D,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAK1D,EAAW,IAAIvQ,WAAWswB,GAAYvO,IACxG,EAYT3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GACvC,IAAID,EAAYlE,EAAa91E,KAAKg6E,WAC9B5yD,EAAqB4yD,KAAYA,QAAkBhzD,EAAiBgzD,IACxE,MAAMK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQinD,EAAqBjjE,EAAKgjE,EAAW,IAAIj3E,WAAWswB,IAI9FinD,EAAWzE,EAAa5uD,EAAoBozD,IAAa,IACzDD,EAASvE,EAAawE,EAAW,GAAI,IACrCE,EAAat6E,QAAQ+H,IAAI,CAC7Bgf,QAAuBnI,GAAOzK,KAAKE,KAAK2S,EAAoBmzD,KAC5DpzD,EAAiBszD,KAChB14E,MAAK,EAAEwS,EAAM+lE,MACd,IAAK3/D,GAAKqD,iBAAiBzJ,EAAM+lE,GAC/B,MAAU/2E,MAAM,0BAElB,OAAO,IAAIL,UAAY,IAEnBuE,EAAQuuE,EAAauE,EAAQ/mD,EAAY,GAC/C,IAAIukD,EAAc/B,EAAavuE,EAAO,GAAI,GAM1C,OALAswE,EAAcj6D,EAAc,CAACi6D,EAAatC,GAAiB,IAAMiF,MAC5D//D,GAAK9X,SAASs3E,IAAel1D,EAAO9B,6BACvC40D,QAAoB5wD,EAAiB4wD,IAEvC53E,KAAKs3E,cAAgBD,GAAW2B,WAAWpB,EAAaT,GAAgBryD,IACjE,GC7GX,MAAMqyD,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAYF,MAAMgH,GACO95D,iBACT,OAAOU,GAAMnM,OAAOiB,kBAGtBpW,cACEE,KAAKiiD,QAfO,EAiBZjiD,KAAKy6E,gBAAkB,KAEvBz6E,KAAK06E,cAAgBt5D,GAAMvM,KAAKC,IAChC9U,KAAK26E,cAAgB,KACrB36E,KAAKuxB,GAAK,KACVvxB,KAAKg6E,UAAY,KACjBh6E,KAAKs3E,QAAU,KAQjBn2E,WAAWmG,SACH6rE,EAAa7rE,GAAOnG,UACxB,MAAM8gD,QAAgBt8C,EAAOoB,WAC7B,GAlCU,IAkCNk7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,yDAExCjiD,KAAKy6E,sBAAwB90E,EAAOoB,WACpC/G,KAAK06E,oBAAsB/0E,EAAOoB,WAClC/G,KAAK26E,oBAAsBh1E,EAAOoB,WAElC,MAAMonB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eACrC16E,KAAKuxB,SAAW5rB,EAAOuB,UAAUinB,EAAKwkB,UACtC3yC,KAAKg6E,UAAYr0E,EAAOmF,WAAW,IAQvChJ,QACE,OAAO0Y,GAAK5T,OAAO,CAAC,IAAI7D,WAAW,CAAC/C,KAAKiiD,QAASjiD,KAAKy6E,gBAAiBz6E,KAAK06E,cAAe16E,KAAK26E,gBAAiB36E,KAAKuxB,GAAIvxB,KAAKg6E,YAWlI74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/CpmB,KAAKs3E,cAAgBD,GAAW2B,iBACxBh5E,KAAKo0C,MAAM,UAAWp9B,EAAK8+D,EAAa91E,KAAKg6E,YACnD7C,GACAryD,GAYJ3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/CpmB,KAAKy6E,gBAAkBR,EAEvB,MAAMtnC,SAAEA,GAAa9zB,GAAO+7D,YAAY56E,KAAK06E,eAC7C16E,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAe3L,GACvC3yC,KAAK26E,cAAgB71D,EAAOjC,kBAC5B,MAAM3Y,EAAOlK,KAAKs3E,QAAQx1E,QAC1B9B,KAAKg6E,gBAAkBh6E,KAAKo0C,MAAM,UAAWp9B,EAAK9M,GAWpD/I,YAAYkJ,EAAI2M,EAAK9M,GACnB,MAAMikB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAC/BG,QAAqB1sD,EAAKnuB,KAAKy6E,gBAAiBzjE,GAChD8jE,EAA+B,YAAPzwE,EAAmB8jB,EAAKykB,UAAY,EAC5DmoC,EAA+B,YAAP1wE,EAAmB8jB,EAAKykB,UAAY,EAC5DiwB,EAAY,IAAM7iE,KAAK26E,cAAgB,GAAKG,EAC5CE,EAAc,IAAIx1D,YAAY,IAC9By1D,EAAa,IAAIl4E,WAAWi4E,EAAa,EAAG,IAC5CE,EAAgB,IAAIn4E,WAAWi4E,GAC/BG,EAAY,IAAI11D,SAASu1D,GACzBI,EAAkB,IAAIr4E,WAAWi4E,EAAa,EAAG,GACvDC,EAAWz3E,IAAI,CAAC,IAAOg3E,GAAwB95D,IAAK1gB,KAAKiiD,QAASjiD,KAAKy6E,gBAAiBz6E,KAAK06E,cAAe16E,KAAK26E,eAAgB,GACjI,IAAI/mC,EAAa,EACbynC,EAAgBp7E,QAAQC,UACxBo7E,EAAe,EACfC,EAAc,EAClB,MAAMhqD,EAAKvxB,KAAKuxB,GAChB,OAAO5K,EAAqBzc,GAAM/I,MAAOyH,EAAUC,KACjD,GAAgC,UAA5B2R,GAAK9X,SAASkG,GAAuB,CACvC,MAAMvE,EAAS,IAAI2iD,EAAuB,GAAI,CAC5Cj9C,cAAeyQ,GAAK6E,yBAA2B,IAAMrf,KAAK26E,cAAgB,GAC1Ev1E,KAAMsZ,GAASA,EAAMtd,SAEvB8lB,EAAY7iB,EAAOuE,SAAUC,GAC7BA,EAAWxE,EAAOwE,SAEpB,MAAMlD,EAASihB,EAAiBhe,GAC1BlI,EAASmmB,EAAiBhe,GAChC,IACE,OAAa,CACX,IAAI9G,QAAc4D,EAAOuB,UAAU27D,EAAYiY,IAA0B,IAAI/3E,WAC7E,MAAMy4E,EAAaz5E,EAAMsK,SAAStK,EAAMX,OAAS05E,GAEjD,IAAIW,EACAn6E,EAwBJ,GA1BAS,EAAQA,EAAMsK,SAAS,EAAGtK,EAAMX,OAAS05E,IAGpClnC,GAAc7xC,EAAMX,QACvBuE,EAAOmB,QAAQ00E,GACfC,EAAiBZ,EAAaxwE,GAAItI,EAAOosB,EAAKwlB,SAASpiB,EAAI6pD,GAAkBH,GAC7EM,GAAex5E,EAAMX,OAAS05E,EAAwBC,IAKtDI,EAAUO,SAAS,GAAQJ,GAC3BG,EAAiBZ,EAAaxwE,GAAImxE,EAAYrtD,EAAKwlB,SAASpiB,EAAI6pD,GAAkBF,GAClFK,GAAeR,EACfz5E,GAAO,GAETg6E,GAAgBv5E,EAAMX,OAAS05E,EAE/BO,EAAgBA,EAAcz5E,MAAK,IAAM65E,IAAgB75E,MAAKT,gBACtDT,EAAO2I,YACP3I,EAAOoB,MAAMqzC,GACnBomC,GAAepmC,EAAQ/zC,MAAM,IAC5BhB,OAAMqhD,GAAO/gD,EAAOuB,MAAMw/C,MACzBngD,GAAQi6E,EAAc76E,EAAOi7E,oBACzBN,EAEH/5E,EAEE,OACCZ,EAAOsB,QACb,MAHAm5E,EAAUO,SAAS,IAAS9nC,IAMhC,MAAOnvC,SACD/D,EAAOuB,MAAMwC,QChK3B,MAAMm3E,GACOl7D,iBACT,OAAOU,GAAMnM,OAAOC,6BAGtBpV,cACEE,KAAKiiD,QAAU,EAEfjiD,KAAK67E,YAAc,IAAIp0D,GACvBznB,KAAK2zE,mBAAqB,KAE1B3zE,KAAK87E,WAAa,KAKlB97E,KAAKi6E,oBAAsB,KAG3Bj6E,KAAKg6E,UAAY,GAQnB94E,KAAKoG,GACH,IAAInE,EAAI,EAER,GADAnD,KAAKiiD,QAAU36C,EAAMnE,KA/CT,IAgDRnD,KAAKiiD,QACP,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,+CAE7C9+C,GAAKnD,KAAK67E,YAAY36E,KAAKoG,EAAM+E,SAASlJ,IAC1CnD,KAAK2zE,mBAAqBrsE,EAAMnE,KAChCnD,KAAKg6E,UAAYn7D,GAAOk9D,yBAAyB/7E,KAAK2zE,mBAAoBrsE,EAAM+E,SAASlJ,GAAInD,KAAKiiD,SAC9FjiD,KAAK2zE,qBAAuBvyD,GAAM9O,UAAUY,SAC9ClT,KAAKi6E,oBAAsB74D,GAAMtf,MAAMsf,GAAM/N,UAAWrT,KAAKg6E,UAAU9mD,EAAEg3B,YAS7EpoD,QACE,MAAMg7C,EAAM,CACV,IAAI/5C,WAAW,CAAC/C,KAAKiiD,UACrBjiD,KAAK67E,YAAY/5E,QACjB,IAAIiB,WAAW,CAAC/C,KAAK2zE,qBACrB90D,GAAO02D,gBAAgBv1E,KAAK2zE,mBAAoB3zE,KAAKg6E,YAGvD,OAAOx/D,GAAKxX,iBAAiB85C,GAS/B37C,cAAc6V,GACZ,MAAM64B,EAAOzuB,GAAMtf,MAAMsf,GAAM9O,UAAWtS,KAAK2zE,oBACzClyD,EAAUu6D,GAAiBh8E,KAAKiiD,QAASpS,EAAM7vC,KAAKi6E,oBAAqBj6E,KAAK87E,YACpF97E,KAAKg6E,gBAAkBn7D,GAAOo9D,iBAC5BpsC,EAAM7vC,KAAKi6E,oBAAqBjjE,EAAIq4C,aAAc5tC,EAASzK,EAAIy+D,uBAWnEt0E,cAAc6V,EAAKklE,GAEjB,GAAIl8E,KAAK2zE,qBAAuB38D,EAAIkzC,UAClC,MAAU9mD,MAAM,oBAGlB,MAAMs8C,EAAgBw8B,EACpBF,GAAiBh8E,KAAKiiD,QAASjiD,KAAK2zE,mBAAoBuI,EAAiBjC,oBAAqBiC,EAAiBJ,YAC/G,KACIK,QAAsBt9D,GAAOu9D,iBAAiBp8E,KAAK2zE,mBAAoB38D,EAAIq4C,aAAcr4C,EAAIq5C,cAAerwD,KAAKg6E,UAAWhjE,EAAIy+D,sBAAuB/1B,IAEvJo8B,WAAEA,EAAU7B,oBAAEA,GAkCxB,SAA0Bh4B,EAAS8N,EAASosB,EAAeD,GACzD,OAAQnsB,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUI,QACrB,KAAK0O,GAAM9O,UAAUM,KAAM,CAEzB,MAAMnR,EAAS06E,EAAc9vE,SAAS,EAAG8vE,EAAc/6E,OAAS,GAC1D4kB,EAAWm2D,EAAc9vE,SAAS8vE,EAAc/6E,OAAS,GACzDi7E,EAAmB7hE,GAAKwD,cAAcvc,EAAO4K,SAAS5K,EAAOL,OAAS,IACtEk7E,EAAkBD,EAAiB,KAAOr2D,EAAS,GAAKq2D,EAAiB,KAAOr2D,EAAS,GACzFu2D,EAAsB,CAAEtC,oBAAqBx4E,EAAO,GAAIq6E,WAAYr6E,EAAO4K,SAAS,IAC1F,GAAI6vE,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBtC,sBAAwBiC,EAAiBjC,oBAC7DsC,EAAoBT,WAAW16E,SAAW86E,EAAiBJ,WAAW16E,OACxE,MAAO,CACL06E,WAAYthE,GAAKuG,iBAAiBy7D,EAAgBD,EAAoBT,WAAYI,EAAiBJ,YACnG7B,oBAAqBz/D,GAAKyG,YACxBu7D,EACAD,EAAoBtC,oBACpBiC,EAAiBjC,sBAKrB,GADuBqC,GAAmBl7D,GAAMlgB,KAAKkgB,GAAM/N,UAAWkpE,EAAoBtC,qBAExF,OAAOsC,EAEP,MAAUn5E,MAAM,oBAItB,KAAKge,GAAM9O,UAAUY,OACnB,MAAO,CACL4oE,WAAYK,GAEhB,QACE,MAAU/4E,MAAM,oCAEtB,CA5EgDq5E,CAAiBz8E,KAAKiiD,QAASjiD,KAAK2zE,mBAAoBwI,EAAeD,GAG/Gl8E,KAAK2zE,qBAAuBvyD,GAAM9O,UAAUY,SAC9ClT,KAAKi6E,oBAAsBA,GAE7Bj6E,KAAK87E,WAAaA,GAOtB,SAASE,GAAiB/5B,EAAS8N,EAAS5uC,EAAYu7D,GACtD,OAAQ3sB,GACN,KAAK3uC,GAAM9O,UAAUE,WACrB,KAAK4O,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUI,QACrB,KAAK0O,GAAM9O,UAAUM,KAEnB,OAAO4H,GAAKxX,iBAAiB,CAC3B,IAAID,WAAW,CAACoe,IAChBu7D,EACAliE,GAAKwD,cAAc0+D,EAAerwE,SAASqwE,EAAet7E,OAAS,MAGvE,KAAKggB,GAAM9O,UAAUY,OACnB,OAAOwpE,EACT,QACE,MAAUt5E,MAAM,oCAEtB,CC7HA,MAAMu5E,GAIJ78E,YAAYglB,EAASsB,IAKnBpmB,KAAKkqD,UAAY9oC,GAAMhN,KAAKI,OAK5BxU,KAAKoa,KAAO,WAEZpa,KAAKwc,EAAIsI,EAAOhC,sBAIhB9iB,KAAK2tD,KAAO,KAGdivB,WAIE,OAAQ,IAAe,GAAT58E,KAAKwc,IAFH,GAEiBxc,KAAKwc,GAAK,GAQ7Ctb,KAAKoG,GACH,IAAInE,EAAI,EACR,IACEnD,KAAKoa,KAAOgH,GAAMlgB,KAAKkgB,GAAMnP,IAAK3K,EAAMnE,MACxC,MAAOs+C,GACP,MAAM,IAAI0F,GAAiB,qBAI7B,OAFAnnD,KAAKkqD,UAAY5iD,EAAMnE,KAEfnD,KAAKoa,MACX,IAAK,SACH,MAEF,IAAK,SACHpa,KAAK2tD,KAAOrmD,EAAM+E,SAASlJ,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACHnD,KAAK2tD,KAAOrmD,EAAM+E,SAASlJ,EAAGA,EAAI,GAClCA,GAAK,EAGLnD,KAAKwc,EAAIlV,EAAMnE,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDqX,GAAKqC,mBAAmBvV,EAAM+E,SAASlJ,EAAGA,EAAI,IAUhD,MAAM,IAAIgkD,GAAiB,qBAT3BhkD,GAAK,EAEL,GAAmB,OADA,IAAOmE,EAAMnE,KAK9B,MAAM,IAAIgkD,GAAiB,oCAH3BnnD,KAAKoa,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI+sC,GAAiB,qBAG/B,OAAOhkD,EAOTrB,QACE,GAAkB,cAAd9B,KAAKoa,KACP,OAAO,IAAIrX,WAAW,CAAC,IAAK,KAAMyX,GAAKiC,mBAAmB,OAAQ,IAEpE,MAAMqgC,EAAM,CAAC,IAAI/5C,WAAW,CAACqe,GAAMtf,MAAMsf,GAAMnP,IAAKjS,KAAKoa,MAAOpa,KAAKkqD,aAErE,OAAQlqD,KAAKoa,MACX,IAAK,SACH,MACF,IAAK,SACH0iC,EAAIj7C,KAAK7B,KAAK2tD,MACd,MACF,IAAK,WACH7Q,EAAIj7C,KAAK7B,KAAK2tD,MACd7Q,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKwc,KAC9B,MACF,IAAK,MACH,MAAUpZ,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOoX,GAAKxX,iBAAiB85C,GAW/B37C,iBAAiB07E,EAAYC,GAC3BD,EAAariE,GAAK0C,WAAW2/D,GAE7B,MAAM//B,EAAM,GACZ,IAAIigC,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIlH,EACJ,OAAQ51E,KAAKoa,MACX,IAAK,SACHw7D,EAASp7D,GAAKxX,iBAAiB,CAAC,IAAID,WAAWi6E,GAAYH,IAC3D,MACF,IAAK,SACHjH,EAASp7D,GAAKxX,iBAAiB,CAAC,IAAID,WAAWi6E,GAAYh9E,KAAK2tD,KAAMkvB,IACtE,MACF,IAAK,WAAY,CACf,MAAM3yE,EAAOsQ,GAAKxX,iBAAiB,CAAChD,KAAK2tD,KAAMkvB,IAC/C,IAAII,EAAU/yE,EAAK9I,OACnB,MAAM0iC,EAAQh4B,KAAKC,IAAI/L,KAAK48E,WAAYK,GACxCrH,EAAS,IAAI7yE,WAAWi6E,EAAYl5C,GACpC8xC,EAAOpyE,IAAI0G,EAAM8yE,GACjB,IAAK,IAAI35E,EAAM25E,EAAYC,EAAS55E,EAAMygC,EAAOzgC,GAAO45E,EAASA,GAAW,EAC1ErH,EAAO11D,WAAW7c,EAAK25E,EAAW35E,GAEpC,MAEF,IAAK,MACH,MAAUD,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAM3B,QAAeod,GAAOzK,KAAK+zB,OAAOnoC,KAAKkqD,UAAW0rB,GACxD94B,EAAIj7C,KAAKJ,GACTs7E,GAAWt7E,EAAOL,OAClB47E,IAGF,OAAOxiE,GAAKxX,iBAAiB85C,GAAKzwC,SAAS,EAAGywE,IC7JlD,MAAMI,GACOx8D,iBACT,OAAOU,GAAMnM,OAAOG,uBAMtBtV,YAAYglB,EAASsB,IACnBpmB,KAAKiiD,QAAUn9B,EAAOnC,YAAc,EAAI,EACxC3iB,KAAK87E,WAAa,KAKlB97E,KAAKm9E,8BAAgC,KAKrCn9E,KAAKi6E,oBAAsB74D,GAAM/N,UAAUQ,OAK3C7T,KAAK06E,cAAgBt5D,GAAMtf,MAAMsf,GAAMvM,KAAMiQ,EAAOlC,wBACpD5iB,KAAKg6E,UAAY,KACjBh6E,KAAKiS,IAAM,KACXjS,KAAKuxB,GAAK,KAQZrwB,KAAKoG,GACH,IAAIiJ,EAAS,EAIb,GADAvQ,KAAKiiD,QAAU36C,EAAMiJ,KACA,IAAjBvQ,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAC7B,MAAM,IAAIkF,GAAiB,WAAWnnD,KAAKiiD,+CAI7C,MAAMpS,EAAOvoC,EAAMiJ,KAWnB,GATqB,IAAjBvQ,KAAKiiD,UAEPjiD,KAAK06E,cAAgBpzE,EAAMiJ,MAI7BvQ,KAAKiS,IAAM,IAAI0qE,GACfpsE,GAAUvQ,KAAKiS,IAAI/Q,KAAKoG,EAAM+E,SAASkE,EAAQjJ,EAAMlG,SAEhC,IAAjBpB,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAIrC16E,KAAKuxB,GAAKjqB,EAAM+E,SAASkE,EAAQA,GAAU4d,EAAKwkB,UAK7B,IAAjB3yC,KAAKiiD,SAAiB1xC,EAASjJ,EAAMlG,QACvCpB,KAAKg6E,UAAY1yE,EAAM+E,SAASkE,EAAQjJ,EAAMlG,QAC9CpB,KAAKm9E,8BAAgCttC,GAErC7vC,KAAKi6E,oBAAsBpqC,EAS/B/tC,QACE,MAAM+tC,EAA0B,OAAnB7vC,KAAKg6E,UAChBh6E,KAAKi6E,oBACLj6E,KAAKm9E,8BAEP,IAAI71E,EAYJ,OAVqB,IAAjBtH,KAAKiiD,QACP36C,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKiiD,QAASpS,EAAM7vC,KAAK06E,gBAAiB16E,KAAKiS,IAAInQ,QAAS9B,KAAKuxB,GAAIvxB,KAAKg6E,aAEzH1yE,EAAQkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC/C,KAAKiiD,QAASpS,IAAQ7vC,KAAKiS,IAAInQ,UAEvD,OAAnB9B,KAAKg6E,YACP1yE,EAAQkT,GAAKxX,iBAAiB,CAACsE,EAAOtH,KAAKg6E,cAIxC1yE,EASTnG,cAAc07E,GACZ,MAAMhtC,EAA8C,OAAvC7vC,KAAKm9E,8BAChBn9E,KAAKm9E,8BACLn9E,KAAKi6E,qBAED5mD,UAAEA,EAASC,QAAEA,GAAYzU,GAAOmxB,UAAUH,GAC1C74B,QAAYhX,KAAKiS,IAAImrE,WAAWP,EAAYvpD,GAElD,GAAqB,IAAjBtzB,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eAC/BrnC,EAAQ,IAAItwC,WAAW,CAAC,IAAOm6E,GAA6Bx8D,IAAK1gB,KAAKiiD,QAASjiD,KAAKm9E,8BAA+Bn9E,KAAK06E,gBACxHG,QAAqB1sD,EAAK0hB,EAAM74B,GACtChX,KAAK87E,iBAAmBjB,EAAa7nD,QAAQhzB,KAAKg6E,UAAWh6E,KAAKuxB,GAAI8hB,QACjE,GAAuB,OAAnBrzC,KAAKg6E,UAAoB,CAClC,MAAMK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQ6c,EAAM74B,EAAKhX,KAAKg6E,UAAW,IAAIj3E,WAAWswB,IAE1FrzB,KAAKi6E,oBAAsB74D,GAAMtf,MAAMsf,GAAM/N,UAAWgnE,EAAU,IAClEr6E,KAAK87E,WAAazB,EAAUhuE,SAAS,EAAGguE,EAAUj5E,aAElDpB,KAAK87E,WAAa9kE,EAWtB7V,cAAc07E,EAAY/3D,EAASsB,IACjC,MAAMypB,EAA8C,OAAvC7vC,KAAKm9E,8BAChBn9E,KAAKm9E,8BACLn9E,KAAKi6E,oBAEPj6E,KAAKm9E,8BAAgCttC,EAErC7vC,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAI07C,KAAO9uC,GAAOgyC,OAAOvS,eAAe,GAE7C,MAAMjrB,UAAEA,EAASC,QAAEA,GAAYzU,GAAOmxB,UAAUH,GAC1CwtC,QAAsBr9E,KAAKiS,IAAImrE,WAAWP,EAAYvpD,GAM5D,GAJwB,OAApBtzB,KAAK87E,aACP97E,KAAK87E,WAAaj9D,GAAOy+D,mBAAmBt9E,KAAKi6E,sBAG9B,IAAjBj6E,KAAKiiD,QAAe,CACtB,MAAM9zB,EAAOtP,GAAO+7D,YAAY56E,KAAK06E,eACrC16E,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAenwB,EAAKwkB,UAC5C,MAAM4qC,EAAiB,IAAIx6E,WAAW,CAAC,IAAOm6E,GAA6Bx8D,IAAK1gB,KAAKiiD,QAASjiD,KAAKm9E,8BAA+Bn9E,KAAK06E,gBACjIG,QAAqB1sD,EAAK0hB,EAAMwtC,GACtCr9E,KAAKg6E,gBAAkBa,EAAa9nD,QAAQ/yB,KAAK87E,WAAY97E,KAAKuxB,GAAIgsD,OACjE,CACL,MAAMC,EAAYhjE,GAAKxX,iBAAiB,CACtC,IAAID,WAAW,CAAC/C,KAAKi6E,sBACrBj6E,KAAK87E,aAEP97E,KAAKg6E,gBAAkBn7D,GAAOsP,KAAK6iB,IAAIje,QAAQ8c,EAAMwtC,EAAeG,EAAW,IAAIz6E,WAAWswB,GAAYvO,KCtKhH,MAAM24D,GACO/8D,iBACT,OAAOU,GAAMnM,OAAO3C,UAOtBxS,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IAKtCpmB,KAAKiiD,QAAUn9B,EAAO3K,OAAS,EAAI,EAKnCna,KAAK+zE,QAAUv5D,GAAKc,cAAcq3D,GAKlC3yE,KAAKkqD,UAAY,KAKjBlqD,KAAKqvD,aAAe,KAKpBrvD,KAAK09E,iBAAmB,EAKxB19E,KAAK2rD,YAAc,KAKnB3rD,KAAK4nB,MAAQ,KASfI,2BAA2B21D,GACzB,MAAMC,EAAY,IAAIH,IAChBx7B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBgyB,EAO1E,OANAC,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,EASTz8E,WAAWmG,GACT,IAAIjE,EAAM,EAIV,GAFArD,KAAKiiD,QAAU36C,EAAMjE,KAEA,IAAjBrD,KAAKiiD,SAAkC,IAAjBjiD,KAAKiiD,QAAe,CAE5CjiD,KAAK+zE,QAAUv5D,GAAKO,SAASzT,EAAM+E,SAAShJ,EAAKA,EAAM,IACvDA,GAAO,EAGPrD,KAAKkqD,UAAY5iD,EAAMjE,KAEF,IAAjBrD,KAAKiiD,UAEP5+C,GAAO,GAIT,MAAMnC,KAAEA,EAAImuD,aAAEA,GAAiBxwC,GAAOg/D,qBAAqB79E,KAAKkqD,UAAW5iD,EAAM+E,SAAShJ,IAM1F,OALArD,KAAKqvD,aAAeA,EACpBhsD,GAAOnC,QAGDlB,KAAK89E,6BACJz6E,EAET,MAAM,IAAI8jD,GAAiB,WAAWnnD,KAAKiiD,6CAO7CngD,QACE,MAAMg7C,EAAM,GAEZA,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKiiD,WAC9BnF,EAAIj7C,KAAK2Y,GAAKS,UAAUjb,KAAK+zE,UAE7Bj3B,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKkqD,aAE9B,MAAM9C,EAASvoC,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqvD,cAO3D,OANqB,IAAjBrvD,KAAKiiD,SAEPnF,EAAIj7C,KAAK2Y,GAAKM,YAAYssC,EAAOhmD,OAAQ,IAG3C07C,EAAIj7C,KAAKulD,GACF5sC,GAAKxX,iBAAiB85C,GAO/B25B,aAAax0B,GACX,MAAM36C,EAAQtH,KAAK+9E,iBAEnB,OAAgB,IAAZ97B,EACKznC,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQyX,GAAKM,YAAYxT,EAAMlG,OAAQ,GAAIkG,IAEpFkT,GAAKxX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQyX,GAAKM,YAAYxT,EAAMlG,OAAQ,GAAIkG,IAO3F02E,cACE,OAAO,KAOTC,kBACE,OAAOj+E,KAAK+zE,QAOd2B,WACE,OAAO11E,KAAK4nB,MAOdzmB,mCAIE,SAHMnB,KAAKk+E,qBACXl+E,KAAK4nB,MAAQ,IAAIH,GAEI,IAAjBznB,KAAKiiD,QACPjiD,KAAK4nB,MAAM1mB,KAAKlB,KAAK2rD,YAAYt/C,SAAS,EAAG,QACxC,IAAqB,IAAjBrM,KAAKiiD,QAGd,MAAU7+C,MAAM,2BAFhBpD,KAAK4nB,MAAM1mB,KAAKlB,KAAK2rD,YAAYt/C,SAAS,GAAI,MASlDlL,2BACE,MAAMy0E,EAAS51E,KAAKy2E,aAAaz2E,KAAKiiD,SAEtC,GAAqB,IAAjBjiD,KAAKiiD,QACPjiD,KAAK2rD,kBAAoB9sC,GAAOzK,KAAKI,OAAOohE,OACvC,IAAqB,IAAjB51E,KAAKiiD,QAGd,MAAU7+C,MAAM,2BAFhBpD,KAAK2rD,kBAAoB9sC,GAAOzK,KAAKE,KAAKshE,IAU9CH,sBACE,OAAOz1E,KAAK2rD,YAOdwyB,iBACE,OAAO3jE,GAAK8B,gBAAgBtc,KAAKy1E,uBAOnC2I,qBAAqBC,GACnB,OAAOr+E,KAAKiiD,UAAYo8B,EAAMp8B,SAAWznC,GAAKqD,iBAAiB7d,KAAK+9E,iBAAkBM,EAAMN,kBAO9FO,mBACE,MAAM78E,EAAS,GACfA,EAAOyoD,UAAY9oC,GAAMlgB,KAAKkgB,GAAM9O,UAAWtS,KAAKkqD,WAEpD,MAAMq0B,EAASv+E,KAAKqvD,aAAa7iD,GAAKxM,KAAKqvD,aAAa58B,EAMxD,OALI8rD,EACF98E,EAAOkd,KAAOnE,GAAKuB,oBAAoBwiE,GAC9Bv+E,KAAKqvD,aAAajK,MAC3B3jD,EAAOmP,MAAQ5Q,KAAKqvD,aAAajK,IAAIC,WAEhC5jD,GAQXg8E,GAAgBz8E,UAAUw9E,cAAgBf,GAAgBz8E,UAAUE,KAMpEu8E,GAAgBz8E,UAAU+8E,eAAiBN,GAAgBz8E,UAAUc,MCzPrE,MAAMq1E,gBAA+B38D,GAAK+F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAaF,MAAMiL,GACO/9D,iBACT,OAAOU,GAAMnM,OAAOQ,2BAGtB3V,cAIEE,KAAKg6E,UAAY,KAKjBh6E,KAAKs3E,QAAU,KAGjBp2E,KAAKoG,GACHtH,KAAKg6E,UAAY1yE,EAGnBxF,QACE,OAAO9B,KAAKg6E,UAad74E,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAE/C,IAAKtB,EAAO/B,6BACV,MAAU3f,MAAM,iCAGlB,MAAMiwB,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GACjCD,QAAkBhzD,EAAiB8uD,EAAa91E,KAAKg6E,YACrDK,QAAkBx7D,GAAOsP,KAAK6iB,IAAIhe,QAAQinD,EAAqBjjE,EACnEgjE,EAAU3tE,SAASgnB,EAAY,GAC/B2mD,EAAU3tE,SAAS,EAAGgnB,EAAY,IAGpCrzB,KAAKs3E,cAAgBD,GAAW2B,WAAWqB,EAAWlD,GAAgBryD,GAYxE3jB,cAAc84E,EAAqBjjE,EAAK8N,EAASsB,IAC/C,MAAMlc,EAAOlK,KAAKs3E,QAAQx1E,SACpBuxB,UAAEA,GAAcxU,GAAOmxB,UAAUiqC,GAEjC/9D,QAAe2C,GAAOq7D,gBAAgBD,GACtCyE,QAAY7/D,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAKkF,EAAQ,IAAInZ,WAAWswB,GAAYvO,GACjGusB,QAAmBxyB,GAAOsP,KAAK6iB,IAAIje,QAAQknD,EAAqBjjE,EAAK9M,EAAMw0E,EAAIryE,SAAS,GAAIyY,GAClG9kB,KAAKg6E,UAAYx/D,GAAK5T,OAAO,CAAC83E,EAAKrtC,KC9EvC,MAAMstC,GACOj+D,iBACT,OAAOU,GAAMnM,OAAOS,OAQtBxU,KAAKoG,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,GAMZxF,QACE,OAAO,IAAIiB,WAAW,CAAC,GAAM,GAAM,MC5BvC,MAAM67E,WAA2BnB,GACpB/8D,iBACT,OAAOU,GAAMnM,OAAOa,aAQtBhW,YAAY6yE,EAAM7tD,GAChB/kB,MAAM4yE,EAAM7tD,GASdkD,8BAA8B62D,GAC5B,MAAMjB,EAAY,IAAIgB,IAChB38B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBkzB,EAO1E,OANAjB,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,GCnBX,MAAMkB,GACOp+D,iBACT,OAAOU,GAAMnM,OAAOc,cAGtBjW,cACEE,KAAK++E,WAAa,GAOpB79E,KAAKoG,GACH,IAAInE,EAAI,EACR,KAAOA,EAAImE,EAAMlG,QAAQ,CACvB,MAAM+O,EAAM41C,GAAiBz+C,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SACrD+B,GAAKgN,EAAII,OAETvQ,KAAK++E,WAAWl9E,KAAK2Y,GAAKqC,mBAAmBvV,EAAM+E,SAASlJ,EAAGA,EAAIgN,EAAIA,OACvEhN,GAAKgN,EAAIA,KAQbrO,QACE,MAAMg7C,EAAM,GACZ,IAAK,IAAI35C,EAAI,EAAGA,EAAInD,KAAK++E,WAAW39E,OAAQ+B,IAC1C25C,EAAIj7C,KAAKmkD,GAAkBhmD,KAAK++E,WAAW57E,GAAG/B,SAC9C07C,EAAIj7C,KAAK2Y,GAAKiC,mBAAmBzc,KAAK++E,WAAW57E,KAEnD,OAAOqX,GAAKxX,iBAAiB85C,GAQ/Bn1B,OAAOq3D,GACL,SAAKA,GAAaA,aAAmBF,KAG9B9+E,KAAK++E,WAAWjgC,OAAM,SAASmgC,EAAMn/D,GAC1C,OAAOm/D,IAASD,EAAQD,WAAWj/D,OCtDzC,MAAMo/D,WAAwBzB,GACjB/8D,iBACT,OAAOU,GAAMnM,OAAOK,UAOtBxV,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtCrmB,MAAM4yE,EAAM7tD,GAIZ9kB,KAAKm/E,YAAc,KAInBn/E,KAAKo/E,YAAc,KAKnBp/E,KAAKq/E,SAAW,EAKhBr/E,KAAKiS,IAAM,KAKXjS,KAAKqT,UAAY,KAKjBrT,KAAK6U,KAAO,KAKZ7U,KAAKqwD,cAAgB,KAWvBlvD,WAAWmG,GAET,IAAInE,QAAUnD,KAAKw+E,cAAcl3E,GACjC,MAAMg4E,EAAuBn8E,EAM7BnD,KAAKq/E,SAAW/3E,EAAMnE,KAID,IAAjBnD,KAAKiiD,SACP9+C,IAGF,IAGE,GAAsB,MAAlBnD,KAAKq/E,UAAsC,MAAlBr/E,KAAKq/E,UAAsC,MAAlBr/E,KAAKq/E,UAezD,GAdAr/E,KAAKqT,UAAY/L,EAAMnE,KAID,MAAlBnD,KAAKq/E,WACPr/E,KAAK6U,KAAOvN,EAAMnE,MAMpBnD,KAAKiS,IAAM,IAAI0qE,GACfx5E,GAAKnD,KAAKiS,IAAI/Q,KAAKoG,EAAM+E,SAASlJ,EAAGmE,EAAMlG,SAErB,cAAlBpB,KAAKiS,IAAImI,KACX,YAEOpa,KAAKq/E,WACdr/E,KAAKqT,UAAYrT,KAAKq/E,UAMpBr/E,KAAKq/E,WACPr/E,KAAKuxB,GAAKjqB,EAAM+E,SACdlJ,EACAA,EAAI0b,GAAOmxB,UAAUhwC,KAAKqT,WAAWggB,WAGvClwB,GAAKnD,KAAKuxB,GAAGnwB,QAEf,MAAOqD,GAEP,IAAKzE,KAAKq/E,SAAU,MAAM56E,EAC1BzE,KAAKu/E,uBAAyBj4E,EAAM+E,SAASizE,GAC7Ct/E,KAAKo/E,aAAc,EAerB,GAVqB,IAAjBp/E,KAAKiiD,UACP9+C,GAAK,GAMPnD,KAAKm/E,YAAc73E,EAAM+E,SAASlJ,GAClCnD,KAAKo/E,cAAgBp/E,KAAKq/E,UAErBr/E,KAAKo/E,YAAa,CACrB,MAAMvpC,EAAY71C,KAAKm/E,YAAY9yE,SAAS,GAAI,GAChD,IAAKmO,GAAKqD,iBAAiBrD,GAAKwD,cAAc63B,GAAY71C,KAAKm/E,YAAY9yE,UAAU,IACnF,MAAUjJ,MAAM,yBAElB,IACE,MAAMitD,cAAEA,GAAkBxxC,GAAO2gE,sBAAsBx/E,KAAKkqD,UAAWrU,EAAW71C,KAAKqvD,cACvFrvD,KAAKqwD,cAAgBA,EACrB,MAAO5O,GACP,GAAIA,aAAe0F,GAAkB,MAAM1F,EAE3C,MAAUr+C,MAAM,wBAStBtB,QACE,MAAM29E,EAAsBz/E,KAAK+9E,iBACjC,GAAI/9E,KAAKu/E,uBACP,OAAO/kE,GAAKxX,iBAAiB,CAC3By8E,EACAz/E,KAAKu/E,yBAIT,MAAMziC,EAAM,CAAC2iC,GACb3iC,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC/C,KAAKq/E,YAE9B,MAAMK,EAAoB,GA6C1B,OA1CsB,MAAlB1/E,KAAKq/E,UAAsC,MAAlBr/E,KAAKq/E,UAAsC,MAAlBr/E,KAAKq/E,WACzDK,EAAkB79E,KAAK7B,KAAKqT,WAIN,MAAlBrT,KAAKq/E,UACPK,EAAkB79E,KAAK7B,KAAK6U,MAM9B6qE,EAAkB79E,QAAQ7B,KAAKiS,IAAInQ,UAMjC9B,KAAKq/E,UAA8B,cAAlBr/E,KAAKiS,IAAImI,MAC5BslE,EAAkB79E,QAAQ7B,KAAKuxB,IAGZ,IAAjBvxB,KAAKiiD,SACPnF,EAAIj7C,KAAK,IAAIkB,WAAW,CAAC28E,EAAkBt+E,UAE7C07C,EAAIj7C,KAAK,IAAIkB,WAAW28E,IAEnB1/E,KAAK2/E,YACH3/E,KAAKq/E,WACRr/E,KAAKm/E,YAActgE,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqwD,gBAG5C,IAAjBrwD,KAAKiiD,SACPnF,EAAIj7C,KAAK2Y,GAAKM,YAAY9a,KAAKm/E,YAAY/9E,OAAQ,IAErD07C,EAAIj7C,KAAK7B,KAAKm/E,aAETn/E,KAAKq/E,UACRviC,EAAIj7C,KAAK2Y,GAAKwD,cAAche,KAAKm/E,eAI9B3kE,GAAKxX,iBAAiB85C,GAQ/BkhC,cACE,OAA4B,IAArBh+E,KAAKo/E,YAWdQ,6BACE,YAAuC3+E,IAAhCjB,KAAKu/E,wBAAwCv/E,KAAK2/E,UAO3DA,UACE,SAAU3/E,KAAKiS,KAAyB,cAAlBjS,KAAKiS,IAAImI,MAQjCylE,UAAU/6D,EAASsB,IACbpmB,KAAK2/E,YAGL3/E,KAAKg+E,eACPh+E,KAAK8/E,4BAEA9/E,KAAKu/E,uBACZv/E,KAAKo/E,YAAc,KACnBp/E,KAAKm/E,YAAc,KACnBn/E,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAIi4C,UAAY,EACrBlqD,KAAKiS,IAAIuK,EAAI,EACbxc,KAAKiS,IAAImI,KAAO,YAChBpa,KAAKq/E,SAAW,IAChBr/E,KAAKqT,UAAY+N,GAAM/N,UAAUQ,QAanC1S,cAAc07E,EAAY/3D,EAASsB,IACjC,GAAIpmB,KAAK2/E,UACP,OAGF,IAAK3/E,KAAKg+E,cACR,MAAU56E,MAAM,mCAGlB,IAAKy5E,EACH,MAAUz5E,MAAM,0DAGlBpD,KAAKiS,IAAM,IAAI0qE,GAAI73D,GACnB9kB,KAAKiS,IAAI07C,KAAO9uC,GAAOgyC,OAAOvS,eAAe,GAC7C,MAAMzI,EAAYh3B,GAAO02D,gBAAgBv1E,KAAKkqD,UAAWlqD,KAAKqwD,eAC9DrwD,KAAKqT,UAAY+N,GAAM/N,UAAUQ,OACjC,MAAMmD,QAAY+oE,GAAqB//E,KAAKiS,IAAK4qE,EAAY78E,KAAKqT,YAE5DggB,UAAEA,GAAcxU,GAAOmxB,UAAUhwC,KAAKqT,WAG5C,GAFArT,KAAKuxB,GAAK1S,GAAOgyC,OAAOvS,eAAejrB,GAEnCvO,EAAOnC,YAAa,CACtB3iB,KAAKq/E,SAAW,IAChBr/E,KAAK6U,KAAOuM,GAAMvM,KAAKC,IACvB,MAAMqZ,EAAOtP,GAAO+7D,YAAY56E,KAAK6U,MAC/BgmE,QAAqB1sD,EAAKnuB,KAAKqT,UAAW2D,GAChDhX,KAAKm/E,kBAAoBtE,EAAa9nD,QAAQ8iB,EAAW71C,KAAKuxB,GAAGllB,SAAS,EAAG8hB,EAAKwkB,UAAW,IAAI5vC,iBAEjG/C,KAAKq/E,SAAW,IAChBr/E,KAAKm/E,kBAAoBtgE,GAAOsP,KAAK6iB,IAAIje,QAAQ/yB,KAAKqT,UAAW2D,EAAKwD,GAAKxX,iBAAiB,CAC1F6yC,QACMh3B,GAAOzK,KAAKE,KAAKuhC,EAAW/wB,KAChC9kB,KAAKuxB,GAAIzM,GAajB3jB,cAAc07E,GACZ,GAAI78E,KAAK2/E,UACP,OAAO,EAGT,GAAI3/E,KAAKu/E,uBACP,MAAUn8E,MAAM,kEAGlB,GAAIpD,KAAKg+E,cACP,MAAU56E,MAAM,oCAGlB,IAAI4T,EASA6+B,EARJ,GAAsB,MAAlB71C,KAAKq/E,UAAsC,MAAlBr/E,KAAKq/E,SAE3B,MAAsB,MAAlBr/E,KAAKq/E,SACJj8E,MAAM,0EAENA,MAAM,yEAIlB,GARE4T,QAAY+oE,GAAqB//E,KAAKiS,IAAK4qE,EAAY78E,KAAKqT,WAQxC,MAAlBrT,KAAKq/E,SAAkB,CACzB,MAAMlxD,EAAOtP,GAAO+7D,YAAY56E,KAAK6U,MAC/BgmE,QAAqB1sD,EAAKnuB,KAAKqT,UAAW2D,GAChD,IACE6+B,QAAkBglC,EAAa7nD,QAAQhzB,KAAKm/E,YAAan/E,KAAKuxB,GAAGllB,SAAS,EAAG8hB,EAAKwkB,UAAW,IAAI5vC,YACjG,MAAO0+C,GACP,GAAoB,gCAAhBA,EAAI9nC,QACN,MAAUvW,MAAM,6BAA+Bq+C,EAAI9nC,SAErD,MAAM8nC,OAEH,CACL,MAAMu+B,QAA0BnhE,GAAOsP,KAAK6iB,IAAIhe,QAAQhzB,KAAKqT,UAAW2D,EAAKhX,KAAKm/E,YAAan/E,KAAKuxB,IAEpGskB,EAAYmqC,EAAkB3zE,SAAS,GAAI,IAC3C,MAAM+H,QAAayK,GAAOzK,KAAKE,KAAKuhC,GAEpC,IAAKr7B,GAAKqD,iBAAiBzJ,EAAM4rE,EAAkB3zE,UAAU,KAC3D,MAAUjJ,MAAM,4BAIpB,IACE,MAAMitD,cAAEA,GAAkBxxC,GAAO2gE,sBAAsBx/E,KAAKkqD,UAAWrU,EAAW71C,KAAKqvD,cACvFrvD,KAAKqwD,cAAgBA,EACrB,MAAO5O,GACP,MAAUr+C,MAAM,sBAElBpD,KAAKo/E,aAAc,EACnBp/E,KAAKm/E,YAAc,KACnBn/E,KAAKq/E,SAAW,EAQlBl+E,iBACE,GAAInB,KAAK2/E,UACP,OAGF,IAAK3/E,KAAKg+E,cACR,MAAU56E,MAAM,wBAGlB,IAAI68E,EACJ,IAEEA,QAAoBphE,GAAO4xC,eAAezwD,KAAKkqD,UAAWlqD,KAAKqvD,aAAcrvD,KAAKqwD,eAClF,MAAO3L,GACPu7B,GAAc,EAEhB,IAAKA,EACH,MAAU78E,MAAM,kBAIpBjC,eAAewd,EAAM/N,GACnB,MAAMy/C,cAAEA,EAAahB,aAAEA,SAAuBxwC,GAAOqhE,eAAelgF,KAAKkqD,UAAWvrC,EAAM/N,GAC1F5Q,KAAKqwD,cAAgBA,EACrBrwD,KAAKqvD,aAAeA,EACpBrvD,KAAKo/E,aAAc,EAMrBU,qBACM9/E,KAAK4/E,+BAITz0E,OAAOqoB,KAAKxzB,KAAKqwD,eAAe/sD,SAAQgI,IACxBtL,KAAKqwD,cAAc/kD,GAC3B60C,KAAK,UACJngD,KAAKqwD,cAAc/kD,EAAK,IAEjCtL,KAAKqwD,cAAgB,KACrBrwD,KAAKo/E,aAAc,IAIvBj+E,eAAe4+E,GAAqB9tE,EAAK4qE,EAAY3yB,GACnD,MAAM52B,QAAEA,GAAYzU,GAAOmxB,UAAUka,GACrC,OAAOj4C,EAAImrE,WAAWP,EAAYvpD,EACpC,yBC5aC,SAAU6sD,GAGX,SAASC,EAAU97B,GAIf,SAAS+7B,IAAU,OAAOh9E,GAAM8M,GAEhC,SAASmwE,IAAW,OAAOj9E,GAC3B,SAASk9E,EAAOp9E,GAAKE,GAAMF,EAE3B,SAASq9E,IACLn9E,GAAM,EACN8M,GAAMswE,GAAYr/E,OAKtB,SAAS62C,EAAE3sC,EAAMjK,GACb,MAAO,CACHiK,KAAMA,EACNo1E,OAAQr/E,GAAS,GACjBs/E,SAAUt/E,GAAS,GACnBu/E,SAAU,IAIlB,SAAS71B,EAAKz/C,EAAMu1E,GAChB,IAAIr0E,EACJ,OAAY,OAARq0E,EAAuB,OAC3Br0E,EAAIyrC,EAAE3sC,IACJo1E,OAASG,EAAIH,OACfl0E,EAAEm0E,SAAWE,EAAIF,SACjBn0E,EAAEo0E,SAAS/+E,KAAKg/E,GACTr0E,GAGX,SAASnG,EAAIy6E,EAAQC,GAMjB,OALc,OAAVA,IACAD,EAAOJ,QAAUK,EAAML,OACvBI,EAAOH,UAAYI,EAAMJ,UAE7BG,EAAOF,SAAS/+E,KAAKk/E,GACdD,EAGX,SAASE,EAAaC,GAClB,IAAIC,EACJ,OAAKb,KAEDY,EADJC,EA1CuBT,GAAYp9E,MAGlBA,IAAO,EA0Cb40C,EAAE,QAASipC,IAJC,KAS3B,SAAS/qE,EAAQgrE,GACb,OAAO,WACH,OAAOp2B,EAAK,UAAWi2B,GAAa,SAAUE,GAC1C,OAAOA,IAAQC,OAK3B,SAASC,IACL,IAAInwD,EAAO2rB,UACX,OAAO,WACH,IAAIz5C,EAAG8a,EAAGxc,EAAQuC,EAGlB,IAFAA,EAAQs8E,IACRriE,EAAIg6B,EAAE,OACD90C,EAAI,EAAGA,EAAI8tB,EAAK7vB,OAAQ+B,GAAK,EAAG,CAEjC,GAAe,QADf1B,EAASwvB,EAAK9tB,MAGV,OADAo9E,EAAOv8E,GACA,KAEXqC,EAAI4X,EAAGxc,GAEX,OAAOwc,GAIf,SAASojE,IACL,IAAIpwD,EAAO2rB,UACX,OAAO,WACH,IAAIz5C,EAAG1B,EAAQuC,EAEf,IADAA,EAAQs8E,IACHn9E,EAAI,EAAGA,EAAI8tB,EAAK7vB,OAAQ+B,GAAK,EAAG,CAEjC,GAAe,QADf1B,EAASwvB,EAAK9tB,MAEV,OAAO1B,EAEX8+E,EAAOv8E,GAEX,OAAO,MAIf,SAASg/D,EAAIse,GACT,OAAO,WACH,IAAI7/E,EAAQuC,EAGZ,OAFAA,EAAQs8E,IAEO,QADf7+E,EAAS6/E,KAEE7/E,GAGP8+E,EAAOv8E,GACAi0C,EAAE,SAKrB,SAASspC,EAAMD,GACX,OAAO,WACH,IAAI7/E,EAAS6/E,IAIb,OAHe,OAAX7/E,IACAA,EAAOk/E,SAAW,IAEfl/E,GAIf,SAAS+/E,EAAOF,GACZ,OAAO,WACH,IAAI7/E,EAAS6/E,IAIb,OAHe,OAAX7/E,GAAmBA,EAAOk/E,SAASv/E,OAAS,IAC5CK,EAAOk/E,SAAW,KAEfl/E,GAIf,SAASggF,EAAKH,EAAMI,GAChB,OAAO,WACH,IAAIzjE,EAAGxc,EAAQqiC,EAAO9/B,EAAOk6C,EAK7B,IAJAl6C,EAAQs8E,IACRriE,EAAIg6B,EAAE,QACNnU,EAAQ,EACRoa,OAAkBj9C,IAAZygF,EAAwB,EAAIA,EACL,QAArBjgF,EAAS6/E,MACbx9C,GAAgB,EAChBz9B,EAAI4X,EAAGxc,GAEX,OAAIqiC,GAASoa,EACFjgC,GAGPsiE,EAAOv8E,GACA,OA2BnB,SAAS29E,EAAeT,GAIpB,OAAOA,EAAItkE,WAAW,IAAM,IAUhC,SAASglE,IAAO,OAAO72B,EAAK,KAAM50C,EAAQ,KAARA,IAIlC,SAAS0rE,IAAS,OAAO92B,EAAK,OAAQq2B,EAAIQ,EAAIE,EAARV,IAItC,SAASW,IAAW,OAAOh3B,EAAK,SAAU50C,EAAQ,IAARA,IAI1C,SAAS6rE,IAAS,OAAOj3B,EAAK,OAAQ50C,EAAQ,KAARA,IAItC,SAAS2rE,IAAO,OAAO/2B,EAAK,KAAM50C,EAAQ,KAARA,IAGlC,SAAS8rE,IAAO,OAAOl3B,EAAK,KAAM50C,EAAQ,IAARA,IAIlC,SAAS+rE,IACL,OAAOn3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIxqB,EAAOwqB,EAAItkE,WAAW,GACtBulE,EAAU,IAAQzrB,GAAQA,GAAQ,IAItC,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAMf,SAASE,IAAQ,OAAOt3B,EAAK,MAAOs2B,EAAGY,EAAID,EAAPX,IAQpC,SAASiB,IACL,IAAInoD,EAAK4wB,EAAK,cACds2B,EACID,EAAIjrE,EAAQ,MAAOkrE,EAAGa,EAAOG,IAC7BE,GAFJlB,IAIA,OAAW,OAAPlnD,EAAsB,MAG1BA,EAAGwmD,SAAWxmD,EAAGwmD,SAAS,GACnBxmD,GAMX,SAASqoD,IACL,OAAOz3B,EAAK,MAAOs2B,EACfoB,GACArB,EACIpe,EAAIoe,EACAK,EAAKY,GACLd,EAAMM,KAEVJ,EAAKY,EAAK,IAPChB,IAgBvB,SAASqB,IACL,OAAO33B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAItkE,WAAW,GACtBulE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfQ,GAdiBtB,IAmBzB,SAASuB,IACL,OAAO73B,EAAK,WAAYs2B,EAAGqB,EAAOJ,EAAY1gB,EAAtByf,IAI5B,SAASzf,IACL,OAAO7W,EAAK,UAAWq2B,EACnBjrE,EAAQ,KACRsrE,EAAKL,EAAIpe,EAAIwf,GAAMI,IACnB5f,EAAIwf,GACJrsE,EAAQ,KAJWirE,IAS3B,SAASyB,IACL,OAAO93B,EAAK,OAAQs2B,EAChBD,EACIK,EACIL,EAAIpe,EAAIwf,GAAM5gB,GACd,GAEJoB,EAAIwf,IAERA,EARgBnB,IAyBxB,SAASyB,IACL,OAAO/3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIiB,EACC,KAAOjB,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,CAAC,IAAK,IAAK,IAAK,IAAK,IAAK,IAAM,IAAK,IAAK,IAAK,IAC9C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,KAAKv6E,QAAQu6E,IAAQ,EAInE,OAHI58B,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAKf,SAASY,IACL,OAAOh4B,EAAK,OAAQq2B,EAAII,EAAOxe,EAAI6f,IAAQpB,EAAKqB,EAAO,GAAItB,EAAOxe,EAAI6f,IAAlDzB,IAIxB,SAAS4B,IACL,IAAI/kE,EAAGglE,EAEP,OAAU,QADVhlE,EAAI8sC,EAAK,gBAAiB02B,EAAKqB,EAAO,EAAZrB,MAGR,QADlBwB,EAAYxB,EAAKL,EAAIjrE,EAAQ,KAAMsrE,EAAKqB,EAAO,IAAnCrB,KAERp7E,EAAI4X,EAAGglE,GAHchlE,EAS7B,SAASilE,IACL,OAAOn4B,EAAK,WAAYq2B,EAAIG,EAAMve,EAAI6f,IAAQG,EAAazB,EAAMve,EAAI6f,IAA7CzB,IAS5B,SAAS+B,IACL,OAAOp4B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAItkE,WAAW,GACtBulE,EACC,KAAOzrB,GACP,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfiB,GAdiB/B,IAmBzB,SAASgC,IACL,OAAOt4B,EAAK,WAAYs2B,EAAG8B,EAAOb,EAAVjB,IAM5B,SAASiC,IACL,OAAOv4B,EAAK,gBAAiBq2B,EACzBG,EAAMve,EAAI6f,IACVtB,EAAMQ,GAASN,EAAKL,EAAIpe,EAAIwe,EAAOgB,IAAOa,IAAYrgB,EAAIue,EAAMiB,IAAOjB,EAAMQ,GAC7ER,EAAMve,EAAI6f,IAHezB,IAUjC,SAAS16C,IACL,OAAOqkB,EAAK,OAAQs2B,EAAG0B,EAAMO,EAATjC,IAUxB,SAASkC,IACL,OAAOx4B,EAAK,UAAWs2B,EAAGmC,EAASC,EAAZpC,IAI3B,SAASmC,IACL,OAAOz4B,EAAK,UAAWs2B,EAAGqC,EAAUC,EAAbtC,IAI3B,SAASqC,IACL,OAAO34B,EAAK,YAAaq2B,EAAIpe,EAAI4gB,GAAcC,EAAtBzC,IAK7B,SAASyC,IACL,OAAO94B,EAAK,aAAcs2B,EACtBD,EACIG,EAAMve,EAAI6f,IACV1sE,EAAQ,KACRwtE,EACAxtE,EAAQ,KACRorE,EAAMve,EAAI6f,KAEdiB,GARsBzC,IAa9B,SAASoC,IACL,OAAO14B,EAAK,QAASq2B,EACjBwC,EACAztE,EAAQ,KACR6sD,EAAI+gB,GACJ5tE,EAAQ,KACRorE,EAAMve,EAAI6f,IALOzB,IAUzB,SAASwC,IACL,OAAO74B,EAAK,gBAEO,QADXtpD,EAhDDspD,EAAK,SAAUs2B,EAAG2C,GAAWvC,EAAK/6C,EAAM,GAAzB26C,OAkDd5/E,EAAOk/E,SAnTnB,SAA4B1iE,GACxB,OAAOA,EAAEgE,QAAQ,iBAAkB,KAAKA,QAAQ,OAAQ,IAAIA,QAAQ,OAAQ,IAkTlDgiE,CAAmBxiF,EAAOk/E,WAEzCl/E,IALiB,IACpBA,EASZ,SAASyiF,IACL,OAAOn5B,EAAK,eAAgBs2B,EACxBD,EACIoC,EACA/B,EAAKL,EAAIjrE,EAAQ,KAAMqtE,KAE3BW,GALwB9C,IAUhC,SAAS+C,IACL,OAAOr5B,EAAK,eAAgBs2B,EACxBD,EACImC,EACA9B,EAAKL,EAAIjrE,EAAQ,KAAMotE,KAE3Bc,GALwBhD,IAUhC,SAAS0C,IACL,OAAOh5B,EAAK,aAAcs2B,EACtB6C,EACA3C,EAAMsB,GACNyB,GAHsBjD,IAU9B,SAASkD,IAGL,OAAOx5B,EAAK,aAAcs2B,EAAGmD,GAActB,EAASI,EAA1BjC,IAM9B,SAASoD,IACL,OAAO15B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAItkE,WAAW,GACtBulE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfuC,GAbiBrD,IAmBzB,SAASsD,IACL,OAAO55B,EAAK,iBAAkBq2B,EAC1BG,EAAMve,EAAI6f,IACV1sE,EAAQ,KACRsrE,EAAKL,EAAIpe,EAAIwf,GAAMiC,IACnBzhB,EAAIwf,GACJrsE,EAAQ,KACRorE,EAAMve,EAAI6f,IANgBzB,IAWlC,SAASwD,IACL,OAAO75B,EAAK,UACJtpD,EAAS4/E,EAAGwD,GAAW3B,EAASyB,EAAvBtD,GACT/8B,EAAKwgC,WACDrjF,GAAUA,EAAOk/E,UAAYl/E,EAAOk/E,SAASh6E,QAAQ,KAAO,EACrD,MAIXlF,IACAA,EAAOk/E,SAAWl/E,EAAOk/E,SAAS1+D,QAAQ,OAAQ,KAE/CxgB,KAXW,IACdA,EAeZ,SAASkiF,IACL,OAAO54B,EAAK,YAAaq2B,EACrBmD,EAAWpuE,EAAQ,KAAMyuE,EADJxD,IA0C7B,SAAS2D,KACL,OAAOzgC,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBi2B,GAAa,SAAUE,GACrE,IAAIxqB,EAAOwqB,EAAItkE,WAAW,GAC1B,OAAS,GAAK85C,GAAQA,GAAQ,GACrB,KAAOA,GAAQ,KAAOA,GACtB,IAAMA,GAAQA,GAAQ,IACtB,MAAQA,MAKzB,SAASisB,KAAa,OAAOr+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAAS3B,KAAa,OAAO9+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAASxC,KACL,OAAOj+B,EAAK0gC,OAAS,KAAOj6B,EAAK,SAAUq2B,EACvCjrE,EAAQ,MACRkrE,EAAGlrE,EAAQ,MAAO4uE,GAAYjD,EAAIF,GAFKR,IAO/C,SAAS4C,KACL,OAAI1/B,EAAK0gC,OAAgB,KAClB1gC,EAAK2gC,gBAAkBl6B,EAAK,aAAcq2B,EAC7C16C,EACA+6C,EAAKJ,EAAG36C,EAAMvwB,EAAQ,KAAMA,EAAQ,KAAMqrE,EAAOqB,KAFJzB,IAIjDr2B,EAAK,aAAcq2B,EACf16C,EACA+6C,EAAKJ,EAAG36C,EAAMvwB,EAAQ,KAAMqrE,EAAOqB,KAFpBzB,IAUvB,SAASqB,KACL,OAAOn+B,EAAK0gC,OAAS,KAAOj6B,EAAK,UAAW02B,EACxCL,EAAIG,EAAMve,EAAI6e,IAAQQ,GACtB,EAFwCZ,IAShD,SAASqC,KACL,OAAOx/B,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CG,EAAMve,EAAI6f,IACV1sE,EAAQ,KACR+uE,GACAvB,EACAxtE,EAAQ,KACRorE,EAAMve,EAAI6f,IANqCzB,IAWvD,SAAS8D,KACL,OAAO5gC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAaq2B,EAC1C+D,GACAhvE,EAAQ,KAFkCirE,IAQlD,SAAS+D,KACL,OAAO7gC,EAAK0gC,OAAS,KAAOj6B,EAAK,kBAAmBq2B,EAChDK,EAAKJ,EAAGE,EAAMsB,GAAO1sE,EAAQ,OAC7BA,EAAQ,KACRyuE,EACAnD,EAAKL,EACDjrE,EAAQ,KACRorE,EAAMve,EAAI6f,IACV7f,EAAIoe,EAAIjrE,EAAQ,KAAMyuE,MAPsBxD,IAaxD,SAAS+C,KACL,OAAO7/B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACV1sE,EAAQ,OAEZqtE,EACA/B,EAAKL,EACDjrE,EAAQ,KACR6sD,EAAIoe,EACAoC,EACAjC,EAAMsB,OAVgCzB,IAiBtD,SAASiD,KACL,OAAO//B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACV1sE,EAAQ,OAEZotE,EACA9B,EAAKL,EACDjrE,EAAQ,KACR6sD,EAAIoe,EACAmC,EACAhC,EAAMsB,OAVgCzB,IAiBtD,SAASkD,KACL,OAAOhgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CK,EAAKL,EACDG,EAAMve,EAAI6f,IACV1sE,EAAQ,MACT,GACHorE,EAAMve,EAAI6f,IALqCzB,IAUvD,SAASoD,KACL,OAAOlgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAAI16C,EAAM+6C,EAAKL,EAAIjrE,EAAQ,KAAMuwB,IAAjC06C,IAIvD,SAASyD,KACL,OAAOvgC,EAAK0gC,OAAS,KAAOj6B,EAAK,aAAcq2B,EAAI2B,EAAMtB,EAAKL,EAAIjrE,EAAQ,KAAM4sE,IAAjC3B,IAInD,SAASsD,KACL,OAAOpgC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAas2B,EAAG0D,GAAYzC,EAAfjB,IAOlD,SAAS+D,GAAS95E,EAAM47D,GACpB,IAAI/jE,EAAGkiF,EAAOv9B,EACd,GAAIof,QAAuC,OAAO,KAElD,IADAme,EAAQ,CAACne,GACFme,EAAMjkF,OAAS,GAAG,CAErB,IADA0mD,EAAOu9B,EAAM3zD,OACJpmB,OAASA,EACd,OAAOw8C,EAEX,IAAK3kD,EAAI2kD,EAAK84B,SAASx/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CkiF,EAAMxjF,KAAKimD,EAAK84B,SAASz9E,IAGjC,OAAO,KAoBX,SAASmiF,GAAuBC,EAAOre,GACnC,IAAI/jE,EAAGkiF,EAAOv9B,EAAMrmD,EAAQ+jF,EAC5B,GAAIte,QAAuC,OAAO,KAIlD,IAHAme,EAAQ,CAACne,GACTzlE,EAAS,GACT+jF,EAAc,GACTriF,EAAI,EAAGA,EAAIoiF,EAAMnkF,OAAQ+B,GAAK,EAC/BqiF,EAAYD,EAAMpiF,KAAM,EAG5B,KAAOkiF,EAAMjkF,OAAS,GAElB,IADA0mD,EAAOu9B,EAAM3zD,OACJpmB,QAAQk6E,EACb/jF,EAAOI,KAAKimD,QAGZ,IAAK3kD,EAAI2kD,EAAK84B,SAASx/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CkiF,EAAMxjF,KAAKimD,EAAK84B,SAASz9E,IAIrC,OAAO1B,EAGX,SAASgkF,GAAW5E,GAChB,IAAI6E,EAAWC,EAAoBxiF,EAAGyiF,EAAgBnkF,EACtD,GAAY,OAARo/E,EACA,OAAO,KAMX,IAJA6E,EAAY,GAGZC,EAAqBL,GAAuB,CAAC,QAAS,WAAYzE,GAC7D19E,EAAI,EAAGA,EAAKwiF,EAAmBvkF,OAAQ+B,GAAK,EAEjB,WAD5ByiF,EAAiBD,EAAmBxiF,IACjBmI,KACfo6E,EAAU7jF,KAAKgkF,GAAgBD,IACA,YAAxBA,EAAet6E,MACtBo6E,EAAU7jF,KAAKikF,GAAkBF,IAWzC,OAPAnkF,EAAS,CACLo/E,IAAKA,EACL6E,UAAWA,GAEXphC,EAAKpyC,SACLzQ,EA+DR,SAAwBA,GACpB,IAAI0B,EACJ,GAAI1B,GAAUA,EAAOikF,UACjB,IAAKviF,EAAI,EAAGA,EAAI1B,EAAOikF,UAAUtkF,OAAQ+B,GAAK,SACnC1B,EAAOikF,UAAUviF,GAAG2kD,KAGnC,OAAOrmD,EAtEMskF,CAAetkF,IAExB6iD,EAAK0hC,UAiFb,SAAmBvkF,GACf,IAAKA,EAAU,OAAO,KACtB,IAAK6iD,EAAK2hC,SAAWxkF,EAAOikF,UAAUtkF,OAAS,EAAK,OAAO,KAC3D,OAAOK,EAAOikF,WAAajkF,EAAOikF,UAAU,GAnFjCM,CAAUvkF,GAEjB6iD,EAAKpyC,OACEzQ,GAAUA,EAAOikF,UAEjBjkF,EAIf,SAASokF,GAAgBpC,GACrB,IAAItgF,EACA+iF,EAAYd,GAAS,eAAgB3B,GACrC0C,EAAuB,GACvBC,EAAYd,GAAuB,CAAC,WAAY7B,GACpD,IAAKtgF,EAAI,EAAGA,EAAIijF,EAAUhlF,OAAQ+B,GAAK,EACnCgjF,EAAqBtkF,KAAKikF,GAAkBM,EAAUjjF,KAE1D,MAAO,CACH2kD,KAAM27B,EACN38D,MAAO,CACHxb,KAAM46E,GAEV9rE,KAAMqpE,EAAMn4E,KACZA,KAAM+6E,GAAaH,GACnBR,UAAWS,GAInB,SAASL,GAAkBtC,GACvB,IAAIl4E,EAAO85E,GAAS,eAAgB5B,GAChC8C,EAAQlB,GAAS,YAAa5B,GAC9BX,EAlGR,SAAsBv3E,EAAM47D,GACxB,IAAI/jE,EAAGkiF,EAAOv9B,EAAMrmD,EACpB,GAAIylE,QAAuC,OAAO,KAGlD,IAFAme,EAAQ,CAACne,GACTzlE,EAAS,GACF4jF,EAAMjkF,OAAS,GAKlB,KAJA0mD,EAAOu9B,EAAM3zD,OACJpmB,OAASA,GACd7J,EAAOI,KAAKimD,GAEX3kD,EAAI2kD,EAAK84B,SAASx/E,OAAS,EAAG+B,GAAK,EAAGA,GAAK,EAC5CkiF,EAAMxjF,KAAKimD,EAAK84B,SAASz9E,IAGjC,OAAO1B,EAoFI8kF,CAAa,OAAQ/C,GAC5BgD,EAAWlB,GAAuB,CAAC,WAAY9B,GAG/CiD,EAAQrB,GAAS,aAAckB,GAC/B1B,EAASQ,GAAS,SAAUkB,GAChC,MAAO,CACHx+B,KAAM07B,EACN18D,MAAO,CACHxb,KAAMA,EACNi4E,QAAS+C,EACTG,MAAOA,EACP7B,OAAQA,EACR4B,SAAU3D,GAEdzoE,KAAMopE,EAAQl4E,KACdA,KAAM+6E,GAAa/6E,GACnBi4E,QAAS8C,GAAaC,GACtBG,MAAOJ,GAAaI,GACpB7B,OAAQyB,GAAazB,GACrB4B,SAAUE,GAAeF,GACzBN,UAAWG,GAAa7C,EAAQ0C,YAIxC,SAASG,GAAa75E,GAClB,OAAOA,QAAgCA,EAAEm0E,SAAW,KAaxD,SAAS+F,GAAeF,GACpB,IAAI/kF,EAAS,GACb,GAAI+kF,EACA,IAAK,IAAIrjF,EAAI,EAAGA,EAAIqjF,EAASplF,OAAQ+B,GAAK,EACtC1B,GAAU4kF,GAAaG,EAASrjF,IAGxC,OAAO1B,EAWX,IAAIg/E,GAAap9E,GAAK8M,GAAKonE,GAAQoP,GAGnC,GAAa,QADbriC,EAAOsiC,EAAWtiC,EAAM,KACH,OAAO,KAgB5B,GAdAm8B,GAAcn8B,EAAKhkD,MAEnBqmF,GAAkB,CACdpD,QAAWA,EACX,eAAgBa,EAChB,aAAcP,EACdzhE,KA1WJ,WACI,OAAO2oC,EAAK,OAAQs2B,EAChB6C,EACAE,EAFgB/C,KA0WpBoC,MAASA,EACTD,QAAWA,EACX,eAAgBU,EAChB,WA5VJ,WACI,OAAOn5B,EAAK,WAAYq5B,MA4VxB73B,OAtWJ,WACI,OAAOxB,EAAK,SAAUs2B,EAClBmC,EACAD,EAFkBlC,MAsWxB/8B,EAAKuiC,UAAYzC,GAEd9/B,EAAK0gC,OAAQ,CAId,GAHAxE,IACAl8B,EAAK0gC,QAAS,EACdzN,GAASoP,GAAgBlG,IACrBn8B,EAAK2hC,UAAY5F,IACjB,OAAOoF,GAAWlO,IAEtBjzB,EAAK0gC,QAAS,EAKlB,OAFAxE,IACAjJ,GAASoP,GAAgBlG,KACpBn8B,EAAK2hC,SAAW5F,IAAkB,KAChCoF,GAAWlO,GACtB,CA4CA,SAASqP,EAAWtiC,EAAMwiC,GACtB,SAASrsE,EAASiC,GACd,MAA+C,oBAAxCvR,OAAOnK,UAAU2L,SAAS7L,KAAK4b,GAO1C,SAASqqE,EAAY9uC,GACjB,OAAOA,QAGX,IAAI+uC,EAAU/uC,EAEd,GAAIx9B,EAAS6pC,GACTA,EAAO,CAAEhkD,MAAOgkD,QACb,IAZP,SAAkBrM,GACd,OAAOA,IAAM9sC,OAAO8sC,GAWZgvC,CAAS3iC,GACjB,OAAO,KAGX,IAAK7pC,EAAS6pC,EAAKhkD,OAAU,OAAO,KACpC,IAAKwmF,EAAQ,OAAO,KAapB,IAAK7uC,KAXL+uC,EAAW,CACPhB,WAAW,EACXC,SAAS,EACTnB,WAAW,EACX1C,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,eACT7B,QAAQ,EACRC,iBAAiB,GAIb8B,EAAYziC,EAAKrM,MACjBqM,EAAKrM,GAAM8uC,EAAYD,EAAK7uC,IAAgB+uC,EAAS/uC,GAAnB6uC,EAAK7uC,IAG/C,OAAOqM,CACX,CAEA87B,EAAU8G,gBArFV,SAA+B5iC,GAC3B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,iBAEjB,EA+EAzG,EAAU+G,iBA7EV,SAAgC7iC,GAC5B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,iBAEjB,EAwEAzG,EAAUgH,UAtEV,SAAyB9iC,GACrB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,SAEjB,EAiEAzG,EAAUiH,YA/DV,SAA2B/iC,GACvB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,WAEjB,EAyDAzG,EAAUkH,aAvDV,SAA4BhjC,GACxB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTlwE,QAAQ,EACR20E,QAAS,aAEjB,EAoDIlhD,UAAiBy6C,CAKrB,CAtiCA,MCKA,MAAMmH,GACO7mE,iBACT,OAAOU,GAAMnM,OAAOY,OAGtB/V,cAKEE,KAAK6V,OAAS,GAEd7V,KAAKsL,KAAO,GACZtL,KAAKwnF,MAAQ,GACbxnF,KAAK4hE,QAAU,GASjB55C,kBAAkBnS,GAChB,GAAI2E,GAAKC,SAAS5E,IACfA,EAAOvK,OAASkP,GAAKC,SAAS5E,EAAOvK,OACrCuK,EAAO2xE,QAAUhtE,GAAKkF,eAAe7J,EAAO2xE,QAC5C3xE,EAAO+rD,UAAYpnD,GAAKC,SAAS5E,EAAO+rD,SACzC,MAAUx+D,MAAM,0BAElB,MAAM6R,EAAS,IAAIsyE,GACnBp8E,OAAO8lD,OAAOh8C,EAAQY,GACtB,MAAM4xE,EAAa,GAKnB,OAJIxyE,EAAO3J,MAAMm8E,EAAW5lF,KAAKoT,EAAO3J,MACpC2J,EAAO2sD,SAAS6lB,EAAW5lF,KAAK,IAAIoT,EAAO2sD,YAC3C3sD,EAAOuyE,OAAOC,EAAW5lF,KAAK,IAAIoT,EAAOuyE,UAC7CvyE,EAAOY,OAAS4xE,EAAWjmF,KAAK,KACzByT,EAOT/T,KAAKoG,EAAOwd,EAASsB,IACnB,MAAMvQ,EAAS2E,GAAK+C,WAAWjW,GAC/B,GAAIuO,EAAOzU,OAAS0jB,EAAOZ,gBACzB,MAAU9gB,MAAM,8BAElB,IACE,MAAMkI,KAAEA,EAAMi4E,QAASiE,EAAKhB,SAAEA,GAAakB,GAAeR,gBAAgB,CAAE5mF,MAAOuV,EAAQovE,iBAAiB,IAC5GjlF,KAAK4hE,QAAU4kB,EAASvkE,QAAQ,WAAY,IAC5CjiB,KAAKsL,KAAOA,EACZtL,KAAKwnF,MAAQA,EACb,MAAO/iF,IACTzE,KAAK6V,OAASA,EAOhB/T,QACE,OAAO0Y,GAAK0C,WAAWld,KAAK6V,QAG9B8R,OAAOggE,GACL,OAAOA,GAAeA,EAAY9xE,SAAW7V,KAAK6V,QCzEtD,MAAM+xE,WAA2B1I,GACpBx+D,iBACT,OAAOU,GAAMnM,OAAOM,aAOtBzV,YAAY6yE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtCrmB,MAAM4yE,EAAM7tD,IClBhB,MAAM+iE,GACOnnE,iBACT,OAAOU,GAAMnM,OAAOW,MAOtB1U,OACE,MAAM,IAAIimD,GAAiB,mCAG7BrlD,QACE,MAAM,IAAIqlD,GAAiB,oCCR/B,MAAMgwB,gBAA+B38D,GAAK+F,wBAAwB,CAACizD,KAK5D,MAAMsU,GAIXhoF,YAAYioF,GACV/nF,KAAKs3E,QAAUyQ,GAAc,IAAI1Q,GAOnCv1E,QACE,OAAO9B,KAAKs3E,QAAQx1E,QAQtByX,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMpE,UAAWnV,KAAK8B,aAASb,OAAWA,OAAWA,EAAW6jB,GAOrFkjE,mBACE,OAAOhoF,KAAKs3E,QAAQhvE,KAAI2M,GAAUA,EAAOu/D,eActCrzE,eAAe8mF,IAAcC,iBAAEA,EAAgBC,gBAAEA,SAAiBrjE,KAAWsjE,IAClFtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQ4nF,GAAoBC,EAChC,IAAK7nF,EACH,MAAU8C,MAAM,8FAElB,GAAI8kF,IAAqB1tE,GAAKC,SAASytE,GACrC,MAAU9kF,MAAM,4DAElB,GAAI+kF,IAAoB3tE,GAAK1X,aAAaqlF,GACxC,MAAU/kF,MAAM,+DAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAI0mF,EAAkB,CACpB,MAAM9tE,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ7lB,EAAOwkB,GAC5C,GAAI1K,IAASgH,GAAM7H,MAAMpE,UACvB,MAAU/R,MAAM,sCAElB9C,EAAQ4J,EAEV,MAAM69E,QAAmB1Q,GAAW2B,WAAW14E,EAAO62E,GAAgBryD,GACtE,OAAO,IAAIgjE,GAAUC,EACvB,CChFO5mF,eAAemnF,GAAqBrjF,EAAS6f,GAClD,MAAM+5D,EAAqB,IAAI+I,GAAmB3iF,EAAQ0tE,KAAM7tD,GAKhE,OAJA+5D,EAAmBvH,QAAU,KAC7BuH,EAAmB30B,UAAY9oC,GAAMtf,MAAMsf,GAAM9O,UAAWrN,EAAQilD,iBAC9D20B,EAAmBruB,SAASvrD,EAAQsjF,QAAStjF,EAAQ2L,aACrDiuE,EAAmBf,6BAClBe,CACT,CAEO19E,eAAeqnF,GAAkBvjF,EAAS6f,GAC/C,MAAM64D,EAAkB,IAAIuB,GAAgBj6E,EAAQ0tE,KAAM7tD,GAK1D,OAJA64D,EAAgBrG,QAAU,KAC1BqG,EAAgBzzB,UAAY9oC,GAAMtf,MAAMsf,GAAM9O,UAAWrN,EAAQilD,iBAC3DyzB,EAAgBntB,SAASvrD,EAAQsjF,QAAStjF,EAAQ2L,MAAO3L,EAAQ6f,cACjE64D,EAAgBG,6BACfH,CACT,CAWOx8E,eAAesnF,GAAwBC,EAAYp2E,EAAWmhE,EAAekV,EAAchW,EAAO,IAAI33D,KAAQ8J,GACnH,IAAI8jE,EACA/nE,EACJ,IAAK,IAAI1d,EAAIulF,EAAWtnF,OAAS,EAAG+B,GAAK,EAAGA,IAC1C,MAEMylF,GAAeF,EAAWvlF,GAAG4wE,SAAW6U,EAAY7U,iBAEhD2U,EAAWvlF,GAAGu6C,OAAOprC,EAAWmhE,EAAekV,EAAchW,OAAM1xE,EAAW6jB,GACpF8jE,EAAcF,EAAWvlF,IAE3B,MAAOsB,GACPoc,EAAYpc,EAGhB,IAAKmkF,EACH,MAAMpuE,GAAK8F,UACT,wBAAwBc,GAAMlgB,KAAKkgB,GAAMjM,UAAWs+D,uBAAmCnhE,EAAUojE,WAAWhuD,UACzGzF,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACyiC,EAAGmkC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3DloE,GAEJ,OAAO+nE,CACT,CAEO,SAASI,GAAcpL,EAAWzoE,EAAWw9D,EAAO,IAAI33D,MAC7D,MAAM47D,EAAWp8D,GAAKc,cAAcq3D,GACpC,GAAiB,OAAbiE,EAAmB,CACrB,MAAMqS,EAAiBC,GAAqBtL,EAAWzoE,GACvD,QAASyoE,EAAU7J,SAAW6C,GAAYA,EAAWqS,GAEvD,OAAO,CACT,CASO9nF,eAAegoF,GAAuBC,EAAQC,EAAYpkF,EAAS6f,GACxE,MAAMwkE,EAAa,GACnBA,EAAWtyE,IAAMqyE,EACjBC,EAAWzjF,KAAOujF,EAClB,MAAMG,EAAsB,CAAE9V,cAAeryD,GAAMjM,UAAU2B,eACzD7R,EAAQk4C,MACVosC,EAAoB/wE,SAAW,CAAC4I,GAAM5I,SAASS,UAC/CswE,EAAoB1wE,wBAA0B2wE,GAAsBF,EAAY,KAAMF,EAAQ,CAC5F3V,cAAeryD,GAAMjM,UAAU4B,YAC9B9R,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,IAElDykE,EAAoB/wE,SAAW,CAAC4I,GAAM5I,SAASU,qBAAuBkI,GAAM5I,SAASW,gBAEnFlU,EAAQ2S,kBAAoB,IAC9B2xE,EAAoB3xE,kBAAoB3S,EAAQ2S,kBAChD2xE,EAAoBnV,iBAAkB,GAGxC,aADoCoV,GAAsBF,EAAY,KAAMD,EAAYE,EAAqBtkF,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,EAE9J,CAYO3jB,eAAe0pD,GAAqB7zC,EAAK4mE,EAAWjL,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,GACzF,IAAI87B,EAAW97B,EAAOvC,uBAClBknE,EAAW7oC,EACf,GAAI5pC,EAAK,CACP,MAAM0yE,QAAoB1yE,EAAI2yE,eAAehX,EAAM98D,EAAQiP,GACvD4kE,EAAYE,kBAAkB1xE,2BAC/BuxE,GAAYC,EAAYE,kBAAkB1xE,wBAC3C0oC,EAAW/hC,GAAOzK,KAAK07B,kBAAkB8Q,IAAa/hC,GAAOzK,KAAK07B,kBAAkB25C,GAClFA,EAAW7oC,GAGjB,OAAQg9B,EAAU1zB,WAChB,KAAK9oC,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACrB,KAAKsO,GAAM9O,UAAUf,QACnBk4E,EAAW5qE,GAAOgrE,0BAA0BjM,EAAU1zB,UAAW0zB,EAAUvuB,aAAajK,KAE5F,OAAOvmC,GAAOzK,KAAK07B,kBAAkB8Q,IAAa/hC,GAAOzK,KAAK07B,kBAAkB25C,GAC9EA,EAAW7oC,CACf,CAYOz/C,eAAe2oF,GAAiB1vE,EAAMoZ,EAAO,GAAIm/C,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIjlE,EAASsB,IAChG,MAAM4jE,EAAc,CAClB32E,UAAa+N,GAAM/N,UAAUM,OAC7BkB,KAAQuM,GAAMvM,KAAKC,IACnBf,YAAeqN,GAAMrN,YAAYC,cACjCoG,GACI6vE,EAAsB,CAC1B52E,UAAayR,EAAOtC,4BACpB3N,KAAQiQ,EAAOlC,uBACf7O,YAAe+Q,EAAOrC,+BACtBrI,GACI8vE,EAAmB,CACvB72E,UAAa,+BACbwB,KAAQ,0BACRd,YAAe,kCACfqG,GAKI+vE,QAA0BlqF,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,eAAe6V,EAAK7T,GACvE,MACMinF,SADoBpzE,EAAI2yE,eAAehX,EAAMoX,EAAQ5mF,GAAI2hB,IAC5B8kE,kBAAkBM,GACrD,QAASE,GAAkBA,EAAezjF,QAAQsjF,IAAwB,MAE5E,OAAOE,EAAkBrrC,MAAMurC,SAAWJ,EAAsBD,CAClE,CAgBO7oF,eAAeqoF,GAAsBF,EAAY1vE,EAAY0wE,EAAkBf,EAAqB5W,EAAM98D,EAAQ6+D,EAAY,GAAIl3B,GAAW,EAAO14B,GACzJ,GAAIwlE,EAAiB3K,UACnB,MAAUv8E,MAAM,qCAElB,IAAKknF,EAAiBtM,cACpB,MAAU56E,MAAM,iCAElB,MAAMmnF,EAAkB,IAAI/W,GAM5B,OALAroE,OAAO8lD,OAAOs5B,EAAiBhB,GAC/BgB,EAAgB5W,mBAAqB2W,EAAiBpgC,UACtDqgC,EAAgB7W,oBAAsB7oB,GAAqBjxC,EAAY0wE,EAAkB3X,EAAM98D,EAAQiP,GACvGylE,EAAgB9V,aAAeC,QACzB6V,EAAgBptC,KAAKmtC,EAAkBhB,EAAY3W,EAAMn1B,GACxD+sC,CACT,CAUOppF,eAAeqpF,GAAgBC,EAAQj5B,EAAMytB,EAAMtM,EAAO,IAAI33D,KAAQ0vE,IAC3ED,EAASA,EAAOxL,MAETztB,EAAKytB,GAAM79E,aAGRnB,QAAQ+H,IAAIyiF,EAAOniF,KAAInH,eAAewpF,GACrCA,EAAU5T,UAAUpE,IAAW+X,UAAiBA,EAAQC,IACxDn5B,EAAKytB,GAAM52E,MAAK,SAASuiF,GACxB,OAAOpwE,GAAKqD,iBAAiB+sE,EAAQvV,cAAesV,EAAUtV,mBAElE7jB,EAAKytB,GAAMp9E,KAAK8oF,OAPpBn5B,EAAKytB,GAAQwL,EAYnB,CAkBOtpF,eAAe0pF,GAAcxB,EAAY5V,EAAekV,EAAcmC,EAAa31E,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,GAC3H9N,EAAMA,GAAOqyE,EACb,MAAM0B,EAAmB,GAwBzB,aAvBM9qF,QAAQ+H,IAAI8iF,EAAYxiF,KAAInH,eAAe6pF,GAC/C,IAUK71E,IAAa61E,EAAoBxW,YAAY7sD,OAAOxS,EAAUq/D,qBAEzDwW,EAAoBttC,OACxB1mC,EAAKy8D,EAAekV,EAAc7jE,EAAO1B,kBAAoBuvD,EAAO,MAAM,EAAO7tD,GAInFimE,EAAiBlpF,KAAKmpF,EAAoBxW,cAE5C,MAAO/vE,SAGP0Q,GACFA,EAAU+/D,UAAU6V,EAAiB1iF,MAAKuf,GAASA,EAAMD,OAAOxS,EAAUq/D,iBACxEr/D,EAAU+/D,UAAW,GAChB//D,EAAU+/D,SAEZ6V,EAAiB3pF,OAAS,CACnC,CASO,SAAS8nF,GAAqBtL,EAAWzoE,GAC9C,IAAI8zE,EAKJ,OAHkC,IAA9B9zE,EAAUi/D,kBACZ6U,EAAiBrL,EAAU7J,QAAQ14D,UAA0C,IAA9BlG,EAAUyC,mBAEpDqxE,EAAiB,IAAIjuE,KAAKiuE,GAAkBr9E,GACrD,CAwBO,SAASq/E,GAAmBhmF,EAASimF,EAAiB,IAU3D,OATAjmF,EAAQmV,KAAOnV,EAAQmV,MAAQ8wE,EAAe9wE,KAC9CnV,EAAQ2L,MAAQ3L,EAAQ2L,OAASs6E,EAAet6E,MAChD3L,EAAQsjF,QAAUtjF,EAAQsjF,SAAW2C,EAAe3C,QACpDtjF,EAAQ2S,uBAAkD3W,IAA9BgE,EAAQ2S,kBAAkC3S,EAAQ2S,kBAAoBszE,EAAetzE,kBACjH3S,EAAQ43E,WAAariE,GAAKC,SAASxV,EAAQ43E,YAAc53E,EAAQ43E,WAAaqO,EAAerO,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQuY,EAAevY,KAE9C1tE,EAAQk4C,KAAOl4C,EAAQk4C,OAAQ,EAEvBl4C,EAAQmV,MACd,IAAK,MACH,IACEnV,EAAQ2L,MAAQwQ,GAAMtf,MAAMsf,GAAMxQ,MAAO3L,EAAQ2L,OACjD,MAAOnM,GACP,MAAUrB,MAAM,iBAEd6B,EAAQ2L,QAAUwQ,GAAMxQ,MAAMS,eAAiBpM,EAAQ2L,QAAUwQ,GAAMxQ,MAAMa,mBAC/ExM,EAAQ2L,MAAQ3L,EAAQk4C,KAAO/7B,GAAMxQ,MAAMS,cAAgB+P,GAAMxQ,MAAMa,kBAErExM,EAAQk4C,KACVl4C,EAAQilD,UAAYjlD,EAAQ2L,QAAUwQ,GAAMxQ,MAAMS,cAAgB+P,GAAM9O,UAAUQ,YAAcsO,GAAM9O,UAAUO,MAEhH5N,EAAQilD,UAAY9oC,GAAM9O,UAAUM,KAEtC,MACF,IAAK,MACH3N,EAAQilD,UAAY9oC,GAAM9O,UAAUC,eACpC,MACF,QACE,MAAUnP,MAAM,wBAAwB6B,EAAQmV,MAEpD,OAAOnV,CACT,CAEO,SAASkmF,GAAwBvN,EAAWzoE,GACjD,MAAM46C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,GAAM9O,UAAUE,YACjCu9C,IAAY3uC,GAAM9O,UAAUI,SAC5Bq9C,IAAY3uC,GAAM9O,UAAUM,MAC5Bm9C,IAAY3uC,GAAM9O,UAAUY,UAC1BiC,EAAUqD,UAC4C,IAArDrD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASS,UAC9C,CAEO,SAASmyE,GAA2BxN,EAAWzoE,GACpD,MAAM46C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,GAAM9O,UAAUK,KACjCo9C,IAAY3uC,GAAM9O,UAAUG,SAC5Bs9C,IAAY3uC,GAAM9O,UAAUO,OAC5Bk9C,IAAY3uC,GAAM9O,UAAUQ,aAC5Bi9C,IAAY3uC,GAAM9O,UAAUf,WAC1B4D,EAAUqD,UACwD,IAAjErD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASW,gBAC9C,CAEO,SAASkyE,GAA2Bl2E,EAAW2P,GACpD,QAAIA,EAAOzB,0CAKHlO,EAAUqD,UACkD,IAAjErD,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK4I,GAAM5I,SAASW,gBAC5C,CASO,SAASmyE,GAAqB1N,EAAW94D,GAC9C,MAAMirC,EAAU3uC,GAAMtf,MAAMsf,GAAM9O,UAAWsrE,EAAU1zB,WACjDqhC,EAAW3N,EAAUU,mBAC3B,GAAIx5D,EAAOP,0BAA0Bne,IAAI2pD,GACvC,MAAU3sD,MAASmoF,EAASrhC,UAAZ,kCAElB,OAAQ6F,GACN,KAAK3uC,GAAM9O,UAAUC,eACrB,KAAK6O,GAAM9O,UAAUG,QACrB,KAAK2O,GAAM9O,UAAUE,WACnB,GAAI+4E,EAAS5sE,KAAOmG,EAAO5B,WACzB,MAAU9f,MAAM,yBAAyB0hB,EAAO5B,4CAElD,MACF,KAAK9B,GAAM9O,UAAUO,MACrB,KAAKuO,GAAM9O,UAAUQ,YACrB,KAAKsO,GAAM9O,UAAUM,KACnB,GAAIkS,EAAON,aAAape,IAAImlF,EAAS36E,OACnC,MAAUxN,MAAM,eAAemoF,EAASrhC,8BAA8BqhC,EAAS36E,sBAMvF,CCjZA,MAAM46E,GACJ1rF,YAAY2rF,EAAYC,GACtB1rF,KAAK6V,OAAS41E,EAAW3rF,YAAY4gB,MAAQU,GAAMnM,OAAOY,OAAS41E,EAAa,KAChFzrF,KAAK+V,cAAgB01E,EAAW3rF,YAAY4gB,MAAQU,GAAMnM,OAAOc,cAAgB01E,EAAa,KAC9FzrF,KAAK2rF,mBAAqB,GAC1B3rF,KAAK4rF,oBAAsB,GAC3B5rF,KAAK6rF,qBAAuB,GAC5B7rF,KAAK0rF,QAAUA,EAOjBI,eACE,MAAM/D,EAAa,IAAI1Q,GAKvB,OAJA0Q,EAAWlmF,KAAK7B,KAAK6V,QAAU7V,KAAK+V,eACpCgyE,EAAWlmF,QAAQ7B,KAAK6rF,sBACxB9D,EAAWlmF,QAAQ7B,KAAK2rF,oBACxB5D,EAAWlmF,QAAQ7B,KAAK4rF,qBACjB7D,EAOTpmF,QACE,MAAMoqF,EAAO,IAAIP,GAAKxrF,KAAK6V,QAAU7V,KAAK+V,cAAe/V,KAAK0rF,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAI3rF,KAAK2rF,oBACnCI,EAAKH,oBAAsB,IAAI5rF,KAAK4rF,qBACpCG,EAAKF,qBAAuB,IAAI7rF,KAAK6rF,sBAC9BE,EAWT5qF,cAAc6qF,EAAarZ,EAAM7tD,GAC/B,MAAMukE,EAAarpF,KAAK0rF,QAAQ9N,UAC1B0L,EAAa,CACjBzzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAKqyE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWzzE,QAAUyzE,EAAWvzE,cAAe/V,KAAK0rF,SAgB1E,OAfAK,EAAKH,0BAA4B3rF,QAAQ+H,IAAIgkF,EAAY1jF,KAAInH,eAAeyY,GAC1E,IAAKA,EAAWqyE,YACd,MAAU7oF,MAAM,gCAElB,GAAIwW,EAAWwkE,qBAAqBiL,GAClC,MAAUjmF,MAAM,+DAElB,MAAM8oF,QAAmBtyE,EAAWuyE,mBAAclrF,EAAW0xE,OAAM1xE,EAAW6jB,GAC9E,OAAO0kE,GAAsBF,EAAY1vE,EAAYsyE,EAAWtO,UAAW,CAEzEnK,cAAeryD,GAAMjM,UAAUsB,YAC/B+B,SAAU,CAAC4I,GAAM5I,SAASQ,YAAcoI,GAAM5I,SAASS,WACtD05D,OAAM1xE,OAAWA,OAAWA,EAAW6jB,aAEtCinE,EAAKjkD,OAAO9nC,KAAM2yE,EAAM7tD,GACvBinE,EAeT5qF,gBAAgBirF,EAAaxO,EAAWjL,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClE,MAAMijE,EAAarpF,KAAK0rF,QAAQ9N,UAChC,OAAOiN,GAAcxB,EAAYjoE,GAAMjM,UAAU0B,eAAgB,CAC/DG,IAAKqyE,EACLxzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,eACnB/V,KAAK6rF,qBAAsBO,EAAaxO,EAAWjL,EAAM7tD,GAa9D3jB,wBAAwBirF,EAAaC,EAAkB1Z,EAAO,IAAI33D,KAAQ8J,GACxE,MAAM0zD,EAAOx4E,KACPqpF,EAAarpF,KAAK0rF,QAAQ9N,UAC1B+K,EAAe,CACnB9yE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAKqyE,IAED7U,YAAEA,GAAgB4X,EAClBE,EAAaD,EAAiB7kF,QAAOwP,GAAOA,EAAIu1E,QAAQ/X,GAAapzE,OAAS,IACpF,OAA0B,IAAtBkrF,EAAWlrF,OACN,YAEHnB,QAAQ+H,IAAIskF,EAAWhkF,KAAInH,UAC/B,MAAM+qF,QAAmBl1E,EAAIm1E,cAAc3X,EAAa4X,EAAYrY,aAAS9yE,EAAW6jB,GACxF,GAAIsnE,EAAYlX,eAAiBsD,EAAKgU,UAAUJ,EAAaF,EAAWtO,UAAWjL,EAAM7tD,GACvF,MAAU1hB,MAAM,+BAElB,UACQgpF,EAAY1uC,OAAOwuC,EAAWtO,UAAWx8D,GAAMjM,UAAUsB,YAAakyE,EAAchW,OAAM1xE,EAAW6jB,GAC3G,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,8BAA+B7b,SAGjD,GAeTtD,8BAA8BkrF,EAAkB1Z,EAAO,IAAI33D,KAAQ8J,GACjE,MAAM0zD,EAAOx4E,KACPysF,EAAiBzsF,KAAK2rF,mBAAmB/kF,OAAO5G,KAAK4rF,qBAC3D,OAAO3rF,QAAQ+H,IAAIykF,EAAenkF,KAAInH,WACpCymB,MAAO8kE,EAAclY,YACrBmY,YAAanU,EAAKoU,kBAAkBF,EAAeL,EAAkB1Z,EAAM7tD,GAAQ1kB,OAAM,KAAM,SAanGe,aAAawxE,EAAO,IAAI33D,KAAQ8J,GAC9B,IAAK9kB,KAAK2rF,mBAAmBvqF,OAC3B,MAAUgC,MAAM,gCAElB,MAAMo1E,EAAOx4E,KACPqpF,EAAarpF,KAAK0rF,QAAQ9N,UAC1B+K,EAAe,CACnB9yE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAKqyE,GAGP,IAAIxoE,EACJ,IAAK,IAAI1d,EAAInD,KAAK2rF,mBAAmBvqF,OAAS,EAAG+B,GAAK,EAAGA,IACvD,IACE,MAAMymF,EAAoB5pF,KAAK2rF,mBAAmBxoF,GAClD,GAAIymF,EAAkB1U,eAAiBsD,EAAKgU,UAAU5C,OAAmB3oF,EAAW0xE,EAAM7tD,GACxF,MAAU1hB,MAAM,iCAElB,UACQwmF,EAAkBlsC,OAAO2rC,EAAYjoE,GAAMjM,UAAUsB,YAAakyE,EAAchW,OAAM1xE,EAAW6jB,GACvG,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,gCAAiC7b,GAExD,OAAO,EACP,MAAOA,GACPoc,EAAYpc,EAGhB,MAAMoc,EAWR1f,aAAa0rF,EAAYla,EAAM7tD,GAC7B,MAAMukE,EAAarpF,KAAK0rF,QAAQ9N,UAC1B+K,EAAe,CACnB9yE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAKqyE,SAGDmB,GAAgBqC,EAAY7sF,KAAM,qBAAsB2yE,GAAMxxE,eAAe2rF,GACjF,IAEE,aADMA,EAAWpvC,OAAO2rC,EAAYjoE,GAAMjM,UAAUsB,YAAakyE,EAAchW,GAAM,EAAO7tD,IACrF,EACP,MAAOrgB,GACP,OAAO,YAIL+lF,GAAgBqC,EAAY7sF,KAAM,sBAAuB2yE,SAEzD6X,GAAgBqC,EAAY7sF,KAAM,uBAAwB2yE,GAAM,SAASoa,GAC7E,OAAOlC,GAAcxB,EAAYjoE,GAAMjM,UAAU0B,eAAgB8xE,EAAc,CAACoE,QAAY9rF,OAAWA,EAAW0xE,EAAM7tD,MAe5H3jB,aACEkoF,GAEE2D,KAAMpY,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1DozE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,MAAMkjE,EAAa,CACjBzzE,OAAQ7V,KAAK6V,OACbE,cAAe/V,KAAK+V,cACpBiB,IAAKqyE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWzzE,QAAUyzE,EAAWvzE,cAAe/V,KAAK0rF,SAO1E,OANAK,EAAKF,qBAAqBhqF,WAAW2nF,GAAsBF,EAAY,KAAMD,EAAY,CACvF5V,cAAeryD,GAAMjM,UAAU0B,eAC/B+9D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,GAAW,EAAO6jB,UAChCinE,EAAKjkD,OAAO9nC,MACX+rF,GC1PX,MAAMmB,GAKJptF,YAAYqtF,EAAczB,GACxB1rF,KAAK49E,UAAYuP,EACjBntF,KAAKotF,kBAAoB,GACzBptF,KAAK6rF,qBAAuB,GAC5B7rF,KAAK0rF,QAAUA,EAOjBI,eACE,MAAM/D,EAAa,IAAI1Q,GAIvB,OAHA0Q,EAAWlmF,KAAK7B,KAAK49E,WACrBmK,EAAWlmF,QAAQ7B,KAAK6rF,sBACxB9D,EAAWlmF,QAAQ7B,KAAKotF,mBACjBrF,EAOTpmF,QACE,MAAMynF,EAAS,IAAI8D,GAAOltF,KAAK49E,UAAW59E,KAAK0rF,SAG/C,OAFAtC,EAAOgE,kBAAoB,IAAIptF,KAAKotF,mBACpChE,EAAOyC,qBAAuB,IAAI7rF,KAAK6rF,sBAChCzC,EAeTjoF,gBAAgBgU,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,MAAMijE,EAAarpF,KAAK0rF,QAAQ9N,UAChC,OAAOyP,GACLhE,EAAYjoE,GAAMjM,UAAU+B,iBAAkB,CAC5CF,IAAKqyE,EACLxjF,KAAM7F,KAAK49E,WACV59E,KAAK6rF,qBAAsB12E,EAAW6B,EAAK27D,EAAM7tD,GAaxD3jB,aAAawxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACvC,MAAMijE,EAAarpF,KAAK0rF,QAAQ9N,UAC1B+K,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAM7F,KAAK49E,WAE7C0P,QAAyBC,GAA+BvtF,KAAKotF,kBAAmB/D,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,EAAM7tD,GAErJ,GAAIwoE,EAAiBpY,eAAiBl1E,KAAKwsF,UAAUc,EAAkB,KAAM3a,EAAM7tD,GACjF,MAAU1hB,MAAM,qBAGlB,GAAIoqF,GAAqBxtF,KAAK49E,UAAW0P,EAAkB3a,GACzD,MAAUvvE,MAAM,qBAElB,OAAOkqF,EAWTnsF,wBAAwBwxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClD,MAAMijE,EAAarpF,KAAK0rF,QAAQ9N,UAC1B+K,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAM7F,KAAK49E,WACnD,IAAI0P,EACJ,IACEA,QAAyBC,GAA+BvtF,KAAKotF,kBAAmB/D,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,EAAM7tD,GAC/I,MAAOrgB,GACP,OAAO,KAET,MAAMgpF,EAAYC,GAA4B1tF,KAAK49E,UAAW0P,GACxDK,EAAYL,EAAiBzW,oBACnC,OAAO4W,EAAYE,EAAYF,EAAYE,EAW7CxsF,aAAaioF,EAAQzW,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC/C,MAAMijE,EAAarpF,KAAK0rF,QAAQ9N,UAChC,IAAK59E,KAAKo+E,qBAAqBgL,GAC7B,MAAUhmF,MAAM,2DAGdpD,KAAK49E,UAAU99E,YAAY4gB,MAAQU,GAAMnM,OAAOa,cAChDszE,EAAOxL,UAAU99E,YAAY4gB,MAAQU,GAAMnM,OAAOM,eACpDvV,KAAK49E,UAAYwL,EAAOxL,WAG1B,MAAMpF,EAAOx4E,KACP2oF,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAM2yE,EAAKoF,iBAC7CgQ,GAAuBxE,EAAQppF,KAAM,oBAAqB2yE,GAAMxxE,eAAe0sF,GACnF,IAAK,IAAI1qF,EAAI,EAAGA,EAAIq1E,EAAK4U,kBAAkBhsF,OAAQ+B,IACjD,GAAIq1E,EAAK4U,kBAAkBjqF,GAAGqxE,YAAY7sD,OAAOkmE,EAAWrZ,aAI1D,OAHIqZ,EAAW9Z,QAAUyE,EAAK4U,kBAAkBjqF,GAAG4wE,UACjDyE,EAAK4U,kBAAkBjqF,GAAK0qF,IAEvB,EAGX,IAEE,aADMA,EAAWnwC,OAAO2rC,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,OAAM1xE,EAAW6jB,IAC3F,EACP,MAAOrgB,GACP,OAAO,YAILmpF,GAAuBxE,EAAQppF,KAAM,uBAAwB2yE,GAAM,SAASoa,GAChF,OAAOM,GAAqBhE,EAAYjoE,GAAMjM,UAAU+B,iBAAkByxE,EAAc,CAACoE,QAAY9rF,OAAWA,EAAW0xE,EAAM7tD,MAerI3jB,aACEkoF,GAEE2D,KAAMpY,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1DozE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,MAAMkjE,EAAa,CAAEtyE,IAAKqyE,EAAYxjF,KAAM7F,KAAK49E,WAC3CwL,EAAS,IAAI8D,GAAOltF,KAAK49E,UAAW59E,KAAK0rF,SAO/C,OANAtC,EAAOyC,qBAAqBhqF,WAAWisF,GAA6BxE,EAAY,KAAMD,EAAY,CAChG5V,cAAeryD,GAAMjM,UAAU+B,iBAC/B09D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,GAAW,EAAO6jB,UAChCskE,EAAOthD,OAAO9nC,MACbopF,EAGThL,qBAAqBC,GACnB,OAAOr+E,KAAK49E,UAAUQ,qBAAqBC,EAAMT,WAAaS,IAIlE,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe/6E,SAAQgI,IAC3F4hF,GAAOlsF,UAAUsK,GACf,WACE,OAAOtL,KAAK49E,UAAUtyE,KACvB,IC/KL,MAAMyiF,gBAAyCvzE,GAAK+F,wBAAwB,CAACizD,KACvEwa,GAAoB,IAAIvqE,IAAI,CAACrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAO2E,aAClEq0E,GAAgB,IAAIxqE,IAAI,CAC5BrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAO2E,WACrCwH,GAAMnM,OAAOa,aAAcsL,GAAMnM,OAAOi5E,gBAY1C,MAAMC,GAMJC,sBAAsBrG,EAAYsG,EAAoB,IAAI5qE,KACxD,IAAIsoE,EACAuC,EACAlF,EACAmF,EAEJ,IAAK,MAAMt5E,KAAU8yE,EAAY,CAE/B,GAAI9yE,aAAkBqyC,GAAmB,CACR2mC,GAAc7nF,IAAI6O,EAAOyL,OACzB6tE,IAI3BA,EADEP,GAAkB5nF,IAAI6O,EAAOyL,KACjBstE,GAEAC,IAGlB,SAGF,MAAMvtE,EAAMzL,EAAOnV,YAAY4gB,IAC/B,GAAI6tE,EAAa,CACf,IAAKA,EAAYnoF,IAAIsa,GAAM,SAC3B6tE,EAAc,KAEhB,GAAIF,EAAkBjoF,IAAIsa,GACxB,MAAUtd,MAAM,2BAA2Bsd,GAE7C,OAAQA,GACN,KAAKU,GAAMnM,OAAO3C,UAClB,KAAK8O,GAAMnM,OAAOK,UAChB,GAAItV,KAAK49E,UACP,MAAUx6E,MAAM,oCAIlB,GAFApD,KAAK49E,UAAY3oE,EACjBq5E,EAAetuF,KAAK01E,YACf4Y,EACH,MAAUlrF,MAAM,kBAElB,MACF,KAAKge,GAAMnM,OAAOY,OAClB,KAAKuL,GAAMnM,OAAOc,cAChBg2E,EAAO,IAAIP,GAAKv2E,EAAQjV,MACxBA,KAAKwuF,MAAM3sF,KAAKkqF,GAChB,MACF,KAAK3qE,GAAMnM,OAAOa,aAClB,KAAKsL,GAAMnM,OAAOM,aAChBw2E,EAAO,KACP3C,EAAS,IAAI8D,GAAOj4E,EAAQjV,MAC5BA,KAAKyuF,QAAQ5sF,KAAKunF,GAClB,MACF,KAAKhoE,GAAMnM,OAAOE,UAChB,OAAQF,EAAOw+D,eACb,KAAKryD,GAAMjM,UAAUsB,YACrB,KAAK2K,GAAMjM,UAAUuB,YACrB,KAAK0K,GAAMjM,UAAUwB,WACrB,KAAKyK,GAAMjM,UAAUyB,aACnB,IAAKm1E,EAAM,CACTvxE,GAAK0D,WAAW,mEAChB,SAEEjJ,EAAOu/D,YAAY7sD,OAAO2mE,GAC5BvC,EAAKJ,mBAAmB9pF,KAAKoT,GAE7B82E,EAAKH,oBAAoB/pF,KAAKoT,GAEhC,MACF,KAAKmM,GAAMjM,UAAU0B,eACfk1E,EACFA,EAAKF,qBAAqBhqF,KAAKoT,GAE/BjV,KAAK0uF,iBAAiB7sF,KAAKoT,GAE7B,MACF,KAAKmM,GAAMjM,UAAU6B,IACnBhX,KAAK0uF,iBAAiB7sF,KAAKoT,GAC3B,MACF,KAAKmM,GAAMjM,UAAU2B,cACnB,IAAKsyE,EAAQ,CACX5uE,GAAK0D,WAAW,qEAChB,SAEFkrE,EAAOgE,kBAAkBvrF,KAAKoT,GAC9B,MACF,KAAKmM,GAAMjM,UAAU8B,cACnBjX,KAAK6rF,qBAAqBhqF,KAAKoT,GAC/B,MACF,KAAKmM,GAAMjM,UAAU+B,iBACnB,IAAKkyE,EAAQ,CACX5uE,GAAK0D,WAAW,wEAChB,SAEFkrE,EAAOyC,qBAAqBhqF,KAAKoT,MAY7C62E,eACE,MAAM/D,EAAa,IAAI1Q,GAMvB,OALA0Q,EAAWlmF,KAAK7B,KAAK49E,WACrBmK,EAAWlmF,QAAQ7B,KAAK6rF,sBACxB9D,EAAWlmF,QAAQ7B,KAAK0uF,kBACxB1uF,KAAKwuF,MAAMlmF,KAAIyjF,GAAQhE,EAAWlmF,QAAQkqF,EAAKD,kBAC/C9rF,KAAKyuF,QAAQnmF,KAAI8gF,GAAUrB,EAAWlmF,QAAQunF,EAAO0C,kBAC9C/D,EAQTpmF,MAAMgtF,GAAqB,GACzB,MAAM33E,EAAM,IAAIhX,KAAKF,YAAYE,KAAK8rF,gBAiBtC,OAhBI6C,GACF33E,EAAIu1E,UAAUjpF,SAAQ+Y,IAMpB,GAJAA,EAAEuhE,UAAYzyE,OAAOy6B,OACnBz6B,OAAOyjF,eAAevyE,EAAEuhE,WACxBzyE,OAAOE,0BAA0BgR,EAAEuhE,aAEhCvhE,EAAEuhE,UAAUI,cAAe,OAEhC,MAAM3tB,EAAgB,GACtBllD,OAAOqoB,KAAKnX,EAAEuhE,UAAUvtB,eAAe/sD,SAAQgI,IAC7C+kD,EAAc/kD,GAAQ,IAAIvI,WAAWsZ,EAAEuhE,UAAUvtB,cAAc/kD,GAAM,IAEvE+Q,EAAEuhE,UAAUvtB,cAAgBA,CAAa,IAGtCr5C,EAST63E,WAAWjnE,EAAQ,MAIjB,OAHgB5nB,KAAKyuF,QAAQjnF,QAAO4hF,IACjCxhE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GAAO,KAW9C2kE,QAAQ3kE,EAAQ,MACd,MAAM4L,EAAO,GAIb,OAHK5L,IAAS5nB,KAAK01E,WAAW/tD,OAAOC,GAAO,IAC1C4L,EAAK3xB,KAAK7B,MAELwzB,EAAK5sB,OAAO5G,KAAK6uF,WAAWjnE,IAOrCknE,YACE,OAAO9uF,KAAKusF,UAAUjkF,KAAI0O,GAAOA,EAAI0+D,aAOvCqZ,aACE,OAAO/uF,KAAKwuF,MAAMlmF,KAAIyjF,GACbA,EAAKl2E,OAASk2E,EAAKl2E,OAAOA,OAAS,OACzCrO,QAAOqO,GAAqB,OAAXA,IAOtB/T,QACE,OAAO9B,KAAK8rF,eAAehqF,QAa7BX,oBAAoBymB,EAAQ,KAAM+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,UACnEpmB,KAAKgvF,iBAAiBrc,EAAM98D,EAAQiP,GAC1C,MAAMukE,EAAarpF,KAAK49E,UAClB6Q,EAAUzuF,KAAKyuF,QAAQ/sF,QAAQutF,MAAK,CAACxgF,EAAGJ,IAAMA,EAAEuvE,UAAU7J,QAAUtlE,EAAEmvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUqF,EACnB,IAAK7mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAMujF,EAAOxL,WAC/C0P,QAAyBC,GAC7BnE,EAAOgE,kBAAmB/D,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,EAAM7tD,GAE3F,IAAKoqE,GAA+B9F,EAAOxL,UAAW0P,GACpD,SAEF,IAAKA,EAAiBz0E,kBACpB,MAAUzV,MAAM,8BAOlB,aAJMmqF,GACJ,CAACD,EAAiBz0E,mBAAoBuwE,EAAOxL,UAAWx8D,GAAMjM,UAAU4B,WAAY4xE,EAAchW,EAAM7tD,GAE1GqqE,GAA4B/F,EAAOxL,UAAW94D,GACvCskE,EACP,MAAO3kF,GACPoc,EAAYpc,EAKlB,IACE,MAAMilF,QAAoB1pF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCsnE,GAA+B7F,EAAYK,EAAYE,mBAEzD,OADAuF,GAA4B9F,EAAYvkE,GACjC9kB,KAET,MAAOyE,GACPoc,EAAYpc,EAEd,MAAM+V,GAAK8F,UAAU,kDAAoDtgB,KAAK01E,WAAWhuD,QAAS7G,GAapG1f,uBAAuBymB,EAAO+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,UAC/DpmB,KAAKgvF,iBAAiBrc,EAAM98D,EAAQiP,GAC1C,MAAMukE,EAAarpF,KAAK49E,UAElB6Q,EAAUzuF,KAAKyuF,QAAQ/sF,QAAQutF,MAAK,CAACxgF,EAAGJ,IAAMA,EAAEuvE,UAAU7J,QAAUtlE,EAAEmvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUqF,EACnB,IAAK7mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAMujF,EAAOxL,WAC/C0P,QAAyBC,GAA+BnE,EAAOgE,kBAAmB/D,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,EAAM7tD,GACvJ,GAAIsqE,GAAkChG,EAAOxL,UAAW0P,GAEtD,OADA6B,GAA4B/F,EAAOxL,UAAW94D,GACvCskE,EAET,MAAO3kF,GACPoc,EAAYpc,EAKlB,IAEE,MAAMilF,QAAoB1pF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCwnE,GAAkC/F,EAAYK,EAAYE,mBAE5D,OADAuF,GAA4B9F,EAAYvkE,GACjC9kB,KAET,MAAOyE,GACPoc,EAAYpc,EAEd,MAAM+V,GAAK8F,UAAU,qDAAuDtgB,KAAK01E,WAAWhuD,QAAS7G,GAevG1f,gBAAgBgU,EAAW6B,EAAK27D,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,OAAOinE,GACLrtF,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAe,CAAED,IAAKhX,KAAK49E,WAAa59E,KAAK6rF,qBAAsB12E,EAAW6B,EAAK27D,EAAM7tD,GAa7H3jB,uBAAuBwxE,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IAC9D,MAAMijE,EAAarpF,KAAK49E,UAExB,SAAU59E,KAAKwsF,UAAU,KAAM,KAAM7Z,EAAM7tD,GACzC,MAAU1hB,MAAM,0BAGlB,MAAMwmF,kBAAEA,SAA4B5pF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAEtE,GAAI0oE,GAAqBnE,EAAYO,EAAmBjX,GACtD,MAAUvvE,MAAM,0BAGlB,MAAMisF,QAAwB9B,GAC5BvtF,KAAK0uF,iBAAkBrF,EAAYjoE,GAAMjM,UAAU6B,IAAK,CAAEA,IAAKqyE,GAAc1W,EAAM7tD,GACnF1kB,OAAM,SAER,GAAIivF,GAAmB7B,GAAqBnE,EAAYgG,EAAiB1c,GACvE,MAAUvvE,MAAM,0BAYpBjC,wBAAwB0U,EAAQiP,EAASsB,IACvC,IAAIkpE,EACJ,IACE,MAAM1F,kBAAEA,SAA4B5pF,KAAK2pF,eAAe,KAAM9zE,EAAQiP,GAChEyqE,EAAmB7B,GAA4B1tF,KAAK49E,UAAWgM,GAC/D4F,EAAgB5F,EAAkB/S,oBAClCwY,QAAwB9B,GAC5BvtF,KAAK0uF,iBAAkB1uF,KAAK49E,UAAWx8D,GAAMjM,UAAU6B,IAAK,CAAEA,IAAKhX,KAAK49E,WAAa,KAAM94D,GAC3F1kB,OAAM,SACR,GAAIivF,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4B1tF,KAAK49E,UAAWyR,GAGvEC,EAAmBxjF,KAAKoyC,IAAIqxC,EAAkBC,EAAeC,QAE7DH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,EAE3E,MAAO/qF,GACP6qF,EAAmB,KAGrB,OAAO90E,GAAKc,cAAcg0E,GAiB5BnuF,qBAAqBwxE,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IAC5D,MAAMijE,EAAarpF,KAAK49E,UAClB4Q,EAAQ,GACd,IAAI3tE,EACJ,IAAK,IAAI1d,EAAI,EAAGA,EAAInD,KAAKwuF,MAAMptF,OAAQ+B,IACrC,IACE,MAAM4oF,EAAO/rF,KAAKwuF,MAAMrrF,GACxB,IAAK4oF,EAAKl2E,OACR,SAEF,QACmB5U,IAAhB4U,EAAOvK,MAAsBygF,EAAKl2E,OAAOvK,OAASuK,EAAOvK,WACxCrK,IAAjB4U,EAAO2xE,OAAuBuE,EAAKl2E,OAAO2xE,QAAU3xE,EAAO2xE,YACxCvmF,IAAnB4U,EAAO+rD,SAAyBmqB,EAAKl2E,OAAO+rD,UAAY/rD,EAAO+rD,QAEhE,MAAUx+D,MAAM,iDAElB,MAAMulF,EAAe,CAAE9yE,OAAQk2E,EAAKl2E,OAAQmB,IAAKqyE,GAC3CO,QAA0B2D,GAA+BxB,EAAKJ,mBAAoBtC,EAAYjoE,GAAMjM,UAAUsB,YAAakyE,EAAchW,EAAM7tD,GACrJ0pE,EAAM3sF,KAAK,CAAEie,MAAO3c,EAAG4oF,OAAMnC,sBAC7B,MAAOnlF,GACPoc,EAAYpc,EAGhB,IAAK+pF,EAAMptF,OACT,MAAMyf,GAAiBzd,MAAM,qCAEzBnD,QAAQ+H,IAAIwmF,EAAMlmF,KAAInH,eAAgBsN,GAC1C,OAAOA,EAAEm7E,kBAAkB1U,SAAWzmE,EAAEs9E,KAAKS,UAAU/9E,EAAEm7E,kBAAmB,KAAMjX,EAAM7tD,OAG1F,MAAM4kE,EAAc8E,EAAMS,MAAK,SAASxgF,EAAGJ,GACzC,MAAMi/B,EAAI7+B,EAAEm7E,kBACNr8C,EAAIl/B,EAAEu7E,kBACZ,OAAOr8C,EAAE2nC,QAAU5nC,EAAE4nC,SAAW5nC,EAAEqnC,gBAAkBpnC,EAAEonC,iBAAmBrnC,EAAEymC,QAAUxmC,EAAEwmC,WACtFriD,OACGq6D,KAAEA,EAAMnC,kBAAmB8F,GAAShG,EAC1C,GAAIgG,EAAKxa,eAAiB6W,EAAKS,UAAUkD,EAAM,KAAM/c,EAAM7tD,GACzD,MAAU1hB,MAAM,2BAElB,OAAOsmF,EAgBTvoF,aAAawuF,EAAWhd,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClD,IAAKpmB,KAAKo+E,qBAAqBuR,GAC7B,MAAUvsF,MAAM,4DAElB,IAAKpD,KAAKisF,aAAe0D,EAAU1D,YAAa,CAQ9C,KANejsF,KAAKyuF,QAAQrtF,SAAWuuF,EAAUlB,QAAQrtF,QAClDpB,KAAKyuF,QAAQ3vC,OAAM8wC,GACXD,EAAUlB,QAAQpmF,MAAKwnF,GACrBD,EAAWxR,qBAAqByR,QAI/C,MAAUzsF,MAAM,iEAGlB,OAAOusF,EAAU7nD,OAAO9nC,KAAM8kB,GAMhC,MAAMgrE,EAAa9vF,KAAK2B,QA0CxB,aAxCMisF,GAAuB+B,EAAWG,EAAY,uBAAwBnd,GAAMoa,GACzEM,GAAqByC,EAAWlS,UAAWx8D,GAAMjM,UAAU8B,cAAe64E,EAAY,CAAC/C,GAAY,KAAM4C,EAAU/R,UAAWjL,EAAM7tD,WAGvI8oE,GAAuB+B,EAAWG,EAAY,mBAAoBnd,SAElE1yE,QAAQ+H,IAAI2nF,EAAUnB,MAAMlmF,KAAInH,UAGpC,MAAM4uF,EAAgBD,EAAWtB,MAAMhnF,QAAOwoF,GAC3CC,EAAQp6E,QAAUo6E,EAAQp6E,OAAO8R,OAAOqoE,EAAQn6E,SAChDo6E,EAAQl6E,eAAiBk6E,EAAQl6E,cAAc4R,OAAOqoE,EAAQj6E,iBAEjE,GAAIg6E,EAAc3uF,OAAS,QACnBnB,QAAQ+H,IACZ+nF,EAAcznF,KAAI4nF,GAAgBA,EAAapoD,OAAOmoD,EAAStd,EAAM7tD,UAElE,CACL,MAAMqrE,EAAUF,EAAQtuF,QACxBwuF,EAAQzE,QAAUoE,EAClBA,EAAWtB,MAAM3sF,KAAKsuF,cAIpBlwF,QAAQ+H,IAAI2nF,EAAUlB,QAAQnmF,KAAInH,UAEtC,MAAMivF,EAAkBN,EAAWrB,QAAQjnF,QAAO6oF,GAChDA,EAAUjS,qBAAqByR,KAEjC,GAAIO,EAAgBhvF,OAAS,QACrBnB,QAAQ+H,IACZooF,EAAgB9nF,KAAIgoF,GAAkBA,EAAexoD,OAAO+nD,EAAWld,EAAM7tD,UAE1E,CACL,MAAMyrE,EAAYV,EAAUluF,QAC5B4uF,EAAU7E,QAAUoE,EACpBA,EAAWrB,QAAQ5sF,KAAK0uF,QAIrBT,EAWT3uF,+BAA+BwxE,EAAO,IAAI33D,KAAQ8J,EAASsB,IACzD,MAAMuiE,EAAe,CAAE3xE,IAAKhX,KAAK49E,WAC3BoN,QAA4BuC,GAA+BvtF,KAAK6rF,qBAAsB7rF,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAe0xE,EAAchW,EAAM7tD,GACzJijE,EAAa,IAAI1Q,GAEvB,OADA0Q,EAAWlmF,KAAKmpF,GACTzxE,GAAM6H,GAAM7H,MAAMjH,UAAWy1E,EAAWjmF,QAAS,KAAM,KAAM,oCAatEX,iCAAiCqvF,EAAuB7d,EAAO,IAAI33D,KAAQ8J,EAASsB,IAClF,MAAM9lB,QAAc6lB,GAAQqqE,EAAuB1rE,GAE7CkmE,SADmB3T,GAAW2B,WAAW14E,EAAM4J,KAAM6jF,GAA0BjpE,IAC9CszD,WAAWh3D,GAAMnM,OAAOE,WAC/D,IAAK61E,GAAuBA,EAAoBvX,gBAAkBryD,GAAMjM,UAAU8B,cAChF,MAAU7T,MAAM,8CAElB,IAAK4nF,EAAoBxW,YAAY7sD,OAAO3nB,KAAK01E,YAC/C,MAAUtyE,MAAM,2CAElB,UACQ4nF,EAAoBttC,OAAO19C,KAAK49E,UAAWx8D,GAAMjM,UAAU8B,cAAe,CAAED,IAAKhX,KAAK49E,WAAajL,OAAM1xE,EAAW6jB,GAC1H,MAAOrgB,GACP,MAAM+V,GAAK8F,UAAU,wCAAyC7b,GAEhE,MAAMuS,EAAMhX,KAAK2B,QAEjB,OADAqV,EAAI60E,qBAAqBhqF,KAAKmpF,GACvBh0E,EAYT7V,sBAAsBsvF,EAAa9d,EAAM98D,EAAQiP,EAASsB,IACxD,MAAMtG,MAAEA,EAAKisE,KAAEA,SAAe/rF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAC1D4rE,QAAiB3E,EAAK4E,QAAQF,EAAa9d,EAAM7tD,GACjD9N,EAAMhX,KAAK2B,QAEjB,OADAqV,EAAIw3E,MAAM1uE,GAAS4wE,EACZ15E,EAWT7V,mBAAmBsvF,EAAa9d,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC1D,MAAMpP,EAAMhX,KAAK2B,QAIjB,OAHAqV,EAAIw3E,YAAcvuF,QAAQ+H,IAAIhI,KAAKwuF,MAAMlmF,KAAI,SAASyjF,GACpD,OAAOA,EAAK4E,QAAQF,EAAa9d,EAAM7tD,OAElC9N,EAkBT7V,wBAAwBkrF,EAAkB1Z,EAAO,IAAI33D,KAAQnF,EAAQiP,EAASsB,IAC5E,MAAMijE,EAAarpF,KAAK49E,WAClBmO,KAAEA,SAAe/rF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAIzD,OAHgBunE,QACRN,EAAK6E,wBAAwBvE,EAAkB1Z,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYiX,YAAaZ,EAAKruC,OAAOi1B,EAAM7tD,GAAQ1kB,OAAM,KAAM,MAmBxFe,qBAAqBkrF,EAAkB1Z,EAAO,IAAI33D,KAAQ8J,EAASsB,IACjE,MAAMijE,EAAarpF,KAAK49E,UAClBiT,EAAU,GAehB,aAdM5wF,QAAQ+H,IAAIhI,KAAKwuF,MAAMlmF,KAAInH,UAC/B,MAAMunF,EAAa2D,QACXN,EAAK6E,wBAAwBvE,EAAkB1Z,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYiX,YAAaZ,EAAKruC,OAAOi1B,EAAM7tD,GAAQ1kB,OAAM,KAAM,MAEtFywF,EAAQhvF,QAAQ6mF,EAAWpgF,KACzB6M,KACEU,OAAQk2E,EAAKl2E,OAASk2E,EAAKl2E,OAAOA,OAAS,KAC3CE,cAAeg2E,EAAKh2E,cACpB6R,MAAOzS,EAAUyS,MACjB+kE,MAAOx3E,EAAUw3E,UAEpB,KAEIkE,GAIX,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBvtF,SAAQgI,IACpG6iF,GAAIntF,UAAUsK,GACd4hF,GAAOlsF,UAAUsK,EAAK,IC7qBxB,MAAMwlF,WAAkB3C,GAItBruF,YAAYioF,GAOV,GANAhoF,QACAC,KAAK49E,UAAY,KACjB59E,KAAK6rF,qBAAuB,GAC5B7rF,KAAK0uF,iBAAmB,GACxB1uF,KAAKwuF,MAAQ,GACbxuF,KAAKyuF,QAAU,GACX1G,IACF/nF,KAAKouF,sBAAsBrG,EAAY,IAAItkE,IAAI,CAACrC,GAAMnM,OAAOK,UAAW8L,GAAMnM,OAAOM,iBAChFvV,KAAK49E,WACR,MAAUx6E,MAAM,0CAStB6oF,YACE,OAAO,EAOT8E,WACE,OAAO/wF,KAQTuZ,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMjH,UAAWtS,KAAK8rF,eAAehqF,aAASb,OAAWA,OAAWA,EAAW6jB,ICjDtG,MAAMksE,WAAmBF,GAIvBhxF,YAAYioF,GAGV,GAFAhoF,QACAC,KAAKouF,sBAAsBrG,EAAY,IAAItkE,IAAI,CAACrC,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAOa,iBAChF9V,KAAK49E,UACR,MAAUx6E,MAAM,2CAQpB6oF,YACE,OAAO,EAOT8E,WACE,MAAMhJ,EAAa,IAAI1Q,GACjB4Z,EAAajxF,KAAK8rF,eACxB,IAAK,MAAMlO,KAAaqT,EACtB,OAAQrT,EAAU99E,YAAY4gB,KAC5B,KAAKU,GAAMnM,OAAOK,UAAW,CAC3B,MAAM47E,EAAezT,GAAgB0T,oBAAoBvT,GACzDmK,EAAWlmF,KAAKqvF,GAChB,MAEF,KAAK9vE,GAAMnM,OAAOM,aAAc,CAC9B,MAAM67E,EAAkBxS,GAAmByS,uBAAuBzT,GAClEmK,EAAWlmF,KAAKuvF,GAChB,MAEF,QACErJ,EAAWlmF,KAAK+7E,GAGtB,OAAO,IAAIkT,GAAU/I,GAQvBxuE,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMK,WAAY5Z,KAAK8rF,eAAehqF,aAASb,OAAWA,OAAWA,EAAW6jB,GAarG3jB,wBAAwBymB,EAAO+qD,EAAO,IAAI33D,KAAQnF,EAAS,GAAIiP,EAASsB,IACtE,MAAMijE,EAAarpF,KAAK49E,UAClBpqD,EAAO,GACb,IAAK,IAAIrwB,EAAI,EAAGA,EAAInD,KAAKyuF,QAAQrtF,OAAQ+B,IACvC,IAAKykB,GAAS5nB,KAAKyuF,QAAQtrF,GAAGuyE,WAAW/tD,OAAOC,GAAO,GACrD,IACE,MAAM+gE,EAAe,CAAE3xE,IAAKqyE,EAAYxjF,KAAM7F,KAAKyuF,QAAQtrF,GAAGy6E,WAE1D0T,SAD2B/D,GAA+BvtF,KAAKyuF,QAAQtrF,GAAGiqF,kBAAmB/D,EAAYjoE,GAAMjM,UAAU2B,cAAe6xE,EAAchW,EAAM7tD,GACxGA,IACtD0O,EAAK3xB,KAAK7B,KAAKyuF,QAAQtrF,IAEzB,MAAOsB,IAKb,MAAMilF,QAAoB1pF,KAAK2pF,eAAehX,EAAM98D,EAAQiP,GAM5D,OALM8C,IAASyhE,EAAW3T,WAAW/tD,OAAOC,GAAO,KAC/C0pE,GAAkC5H,EAAYE,kBAAmB9kE,IACnE0O,EAAK3xB,KAAK7B,MAGLwzB,EAOTwqD,cACE,OAAOh+E,KAAKusF,UAAUlkF,MAAK,EAAGu1E,eAAgBA,EAAUI,gBAa1D78E,eAAe2jB,EAASsB,IACtB,IAAKpmB,KAAKisF,YACR,MAAU7oF,MAAM,gCAGlB,IAAIknF,EACJ,GAAKtqF,KAAK49E,UAAU+B,UAEb,CAKL,MAAMuM,QAAmBlsF,KAAKmsF,cAAc,KAAM,UAAMlrF,EAAW,IAAK6jB,EAAQP,0BAA2B,IAAId,IAAOP,WAAY,IAE9HgpE,IAAeA,EAAWtO,UAAU+B,YACtC2K,EAAmB4B,EAAWtO,gBAThC0M,EAAmBtqF,KAAK49E,UAa1B,GAAI0M,EACF,OAAOA,EAAiB3kC,WACnB,CACL,MAAMnyB,EAAOxzB,KAAKusF,UACZgF,EAAa/9D,EAAKlrB,KAAI0O,GAAOA,EAAI4mE,UAAU+B,YAAW7gC,MAAMurC,SAClE,GAAIkH,EACF,MAAUnuF,MAAM,wCAGlB,OAAOnD,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,SAAa6V,EAAI4mE,UAAUj4B,eAO3Dm6B,qBACE9/E,KAAKusF,UAAUjpF,SAAQ,EAAGs6E,gBACpBA,EAAUI,eACZJ,EAAUkC,wBAehB3+E,cAEI6rF,KAAMpY,EAA0BxzD,GAAM1I,oBAAoBmB,SAC1DozE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI33D,KACX8J,EAASsB,IAET,IAAKpmB,KAAKisF,YACR,MAAU7oF,MAAM,iCAElB,MAAMkmF,EAAa,CAAEtyE,IAAKhX,KAAK49E,WACzB5mE,EAAMhX,KAAK2B,QAMjB,OALAqV,EAAI60E,qBAAqBhqF,WAAWisF,GAA6BxE,EAAY,KAAMtpF,KAAK49E,UAAW,CACjGnK,cAAeryD,GAAMjM,UAAU8B,cAC/B29D,wBAAyBxzD,GAAMtf,MAAMsf,GAAM1I,oBAAqBk8D,GAChEC,6BACClC,OAAM1xE,OAAWA,OAAWA,EAAW6jB,IACnC9N,EAiBT7V,gBAAgB8D,EAAU,IACxB,MAAM6f,EAAS,IAAKsB,MAAkBnhB,EAAQ6f,QAC9C,GAAI7f,EAAQ43E,WACV,MAAUz5E,MAAM,gEAElB,GAAI6B,EAAQsjF,QAAUzjE,EAAO5B,WAC3B,MAAU9f,MAAM,8BAA8B0hB,EAAO5B,oBAAoBje,EAAQsjF,WAEnF,MAAM5K,EAAkB39E,KAAK49E,UAC7B,GAAID,EAAgBgC,UAClB,MAAUv8E,MAAM,8CAElB,IAAKu6E,EAAgBK,cACnB,MAAU56E,MAAM,wBAElB,MAAMouF,EAAiB7T,EAAgBW,mBACvCkT,EAAep3E,KAAOo3E,EAAe5gF,MAAQ,MAAQ,MACrD4gF,EAAejJ,QAAUiJ,EAAe7yE,MAAQ,KAChD6yE,EAAe5gF,MAAQ4gF,EAAe5gF,OAAS,aAC/C3L,EAAUwsF,GAA0BxsF,EAASusF,GAC7C,MAAM5T,QAAkB8T,GAA4BzsF,GACpDkqF,GAA4BvR,EAAW94D,GACvC,MAAMwoE,QAAyBqE,GAA8B/T,EAAWD,EAAiB14E,EAAS6f,GAC5F8sE,EAAa5xF,KAAK8rF,eAExB,OADA8F,EAAW/vF,KAAK+7E,EAAW0P,GACpB,IAAI0D,GAAWY,ICxM1B,MAAMC,gBAAkCr3E,GAAK+F,wBAAwB,CACnEk9D,GACAmB,GACAM,GACA0I,GACAL,GACAzI,GACAtL,KASF,SAASse,GAAU/J,GACjB,IAAK,MAAM9yE,KAAU8yE,EACnB,OAAQ9yE,EAAOnV,YAAY4gB,KACzB,KAAKU,GAAMnM,OAAOK,UAChB,OAAO,IAAI07E,GAAWjJ,GACxB,KAAK3mE,GAAMnM,OAAO3C,UAChB,OAAO,IAAIw+E,GAAU/I,GAG3B,MAAU3kF,MAAM,sBAClB,CAgHAjC,eAAe4wF,GAAcpU,EAAiBqU,EAAqB/sF,EAAS6f,GAEtE7f,EAAQ43E,kBACJc,EAAgB5qD,QAAQ9tB,EAAQ43E,WAAY/3D,SAG9C7kB,QAAQ+H,IAAIgqF,EAAoB1pF,KAAInH,eAAe09E,EAAoB/+D,GAC3E,MAAMmyE,EAAmBhtF,EAAQwpF,QAAQ3uE,GAAO+8D,WAC5CoV,SACIpT,EAAmB9rD,QAAQk/D,EAAkBntE,OAIvD,MAAMijE,EAAa,IAAI1Q,GACvB0Q,EAAWlmF,KAAK87E,SAEV19E,QAAQ+H,IAAI/C,EAAQ8kF,QAAQzhF,KAAInH,eAAe0U,EAAQiK,GAC3D,SAASoyE,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAM3qF,QAAOqoC,GAAQA,IAASuiD,KAG1D,MAAMC,EAAe9K,GAAap3B,WAAWt6C,GACvCyzE,EAAa,GACnBA,EAAWzzE,OAASw8E,EACpB/I,EAAWtyE,IAAM2mE,EAEjB,MAAM4L,EAAsB,GAC5BA,EAAoB9V,cAAgBryD,GAAMjM,UAAUsB,YACpD8yE,EAAoB/wE,SAAW,CAAC4I,GAAM5I,SAASQ,YAAcoI,GAAM5I,SAASS,UAC5EswE,EAAoBzxE,6BAA+Bo6E,EAAqB,CAEtE9wE,GAAM/N,UAAUQ,OAChBuN,GAAM/N,UAAUM,OAChByN,GAAM/N,UAAUO,QACfkR,EAAOtC,6BACNsC,EAAOnC,cACT4mE,EAAoBxwE,wBAA0Bm5E,EAAqB,CACjE9wE,GAAMvM,KAAKC,IACXsM,GAAMvM,KAAKE,KACV+P,EAAOlC,yBAEZ2mE,EAAoBrxE,wBAA0Bg6E,EAAqB,CAEjE9wE,GAAMhN,KAAKI,OACX4M,GAAMhN,KAAKM,QACVoQ,EAAOvC,wBACVgnE,EAAoBpxE,+BAAiC+5E,EAAqB,CACxE9wE,GAAMrN,YAAYG,KAClBkN,GAAMrN,YAAYE,IAClBmN,GAAMrN,YAAYC,cACjB8Q,EAAOrC,+BACI,IAAV3C,IACFypE,EAAoB5U,iBAAkB,GAGxC4U,EAAoB5wE,SAAW,CAAC,GAChC4wE,EAAoB5wE,SAAS,IAAMyI,GAAMzI,SAASuB,sBAC9C4K,EAAOnC,cACT4mE,EAAoB5wE,SAAS,IAAMyI,GAAMzI,SAAS9D,MAEhDiQ,EAAO3K,SACTovE,EAAoB5wE,SAAS,IAAMyI,GAAMzI,SAASwB,QAEhDlV,EAAQ2S,kBAAoB,IAC9B2xE,EAAoB3xE,kBAAoB3S,EAAQ2S,kBAChD2xE,EAAoBnV,iBAAkB,GAKxC,MAAO,CAAEie,eAAc9H,sBAFOuD,GAA6BxE,EAAY,KAAM3L,EAAiB4L,EAAqBtkF,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,QAGhKljB,MAAKwG,IACPA,EAAK9E,SAAQ,EAAG+uF,eAAc9H,sBAC5BxC,EAAWlmF,KAAKwwF,GAChBtK,EAAWlmF,KAAK0oF,EAAgB,GAChC,UAGEtqF,QAAQ+H,IAAIgqF,EAAoB1pF,KAAInH,eAAe09E,EAAoB/+D,GAC3E,MAAMwyE,EAAgBrtF,EAAQwpF,QAAQ3uE,GAEtC,MAAO,CAAE++D,qBAAoB0T,4BADOZ,GAA8B9S,EAAoBlB,EAAiB2U,EAAextE,QAEpHljB,MAAK01E,IACPA,EAAQh0E,SAAQ,EAAGu7E,qBAAoB0T,4BACrCxK,EAAWlmF,KAAKg9E,GAChBkJ,EAAWlmF,KAAK0wF,EAAsB,GACtC,IAKJ,MAAMjJ,EAAa,CAAEtyE,IAAK2mE,GAkB1B,OAjBAoK,EAAWlmF,WAAWisF,GAA6BxE,EAAY,KAAM3L,EAAiB,CACpFlK,cAAeryD,GAAMjM,UAAU8B,cAC/B29D,wBAAyBxzD,GAAM1I,oBAAoBmB,SACnDg7D,0BAA2B,IAC1B5vE,EAAQ0tE,UAAM1xE,OAAWA,OAAWA,EAAW6jB,IAE9C7f,EAAQ43E,YACVc,EAAgBmC,2BAGZ7/E,QAAQ+H,IAAIgqF,EAAoB1pF,KAAInH,eAAe09E,EAAoB/+D,GAClD7a,EAAQwpF,QAAQ3uE,GAAO+8D,YAE9CgC,EAAmBiB,yBAIhB,IAAIkR,GAAWjJ,EACxB,CAYO5mF,eAAeqxF,IAAQC,WAAEA,EAAUC,UAAEA,SAAW5tE,KAAWsjE,IAEhE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3B2tE,IAAeC,EAClB,MAAUtvF,MAAM,4EAElB,GAAIqvF,IAAej4E,GAAKC,SAASg4E,GAC/B,MAAUrvF,MAAM,gDAElB,GAAIsvF,IAAcl4E,GAAK1X,aAAa4vF,GAClC,MAAUtvF,MAAM,mDAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAAIlB,EACJ,GAAImyF,EAAY,CACd,MAAMr4E,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQssE,EAAY3tE,GACjD,GAAM1K,IAASgH,GAAM7H,MAAMjH,WAAa8H,IAASgH,GAAM7H,MAAMK,WAC3D,MAAUxW,MAAM,gCAElB9C,EAAQ4J,OAER5J,EAAQoyF,EAGV,OAAOZ,SADkBza,GAAW2B,WAAW14E,EAAOuxF,GAAmB/sE,GAE3E,CAYO3jB,eAAewxF,IAAeF,WAAEA,EAAUC,UAAEA,SAAW5tE,KAAWsjE,IAEvE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3B2tE,IAAeC,EAClB,MAAUtvF,MAAM,mFAElB,GAAIqvF,IAAej4E,GAAKC,SAASg4E,GAC/B,MAAUrvF,MAAM,uDAElB,GAAIsvF,IAAcl4E,GAAK1X,aAAa4vF,GAClC,MAAUtvF,MAAM,0DAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAAIlB,EACJ,GAAImyF,EAAY,CACd,MAAMr4E,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQssE,EAAY3tE,GACjD,GAAM1K,IAASgH,GAAM7H,MAAMK,WACzB,MAAUxW,MAAM,wCAElB9C,EAAQ4J,OAER5J,EAAQoyF,EAEV,MAAM3K,QAAmB1Q,GAAW2B,WAAW14E,EAAOuxF,GAAmB/sE,GACzE,OAAO,IAAIksE,GAAWjJ,EACxB,CAYO5mF,eAAeyxF,IAASC,YAAEA,EAAWC,WAAEA,SAAYhuE,KAAWsjE,IACnEtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQuyF,GAAeC,EAC3B,IAAKxyF,EACH,MAAU8C,MAAM,+EAElB,GAAIyvF,IAAgBr4E,GAAKC,SAASo4E,GAChC,MAAUzvF,MAAM,kDAElB,GAAI0vF,IAAet4E,GAAK1X,aAAagwF,GACnC,MAAU1vF,MAAM,qDAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAIqxF,EAAa,CACf,MAAMz4E,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ0sE,EAAa/tE,GAClD,GAAI1K,IAASgH,GAAM7H,MAAMjH,WAAa8H,IAASgH,GAAM7H,MAAMK,WACzD,MAAUxW,MAAM,gCAElB9C,EAAQ4J,EAEV,MAAMspB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAW14E,EAAOuxF,GAAmB/sE,GACnEiuE,EAAWhL,EAAWzP,WAAWl3D,GAAMnM,OAAO3C,UAAW8O,GAAMnM,OAAOK,WAC5E,GAAwB,IAApBy9E,EAAS3xF,OACX,MAAUgC,MAAM,uBAElB,IAAK,IAAID,EAAI,EAAGA,EAAI4vF,EAAS3xF,OAAQ+B,IAAK,CACxC,MACM6vF,EAASlB,GADI/J,EAAWrmF,MAAMqxF,EAAS5vF,GAAI4vF,EAAS5vF,EAAI,KAE9DqwB,EAAK3xB,KAAKmxF,GAEZ,OAAOx/D,CACT,CAYOryB,eAAe8xF,IAAgBJ,YAAEA,EAAWC,WAAEA,SAAYhuE,IAC/DA,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQuyF,GAAeC,EAC3B,IAAKxyF,EACH,MAAU8C,MAAM,sFAElB,GAAIyvF,IAAgBr4E,GAAKC,SAASo4E,GAChC,MAAUzvF,MAAM,yDAElB,GAAI0vF,IAAet4E,GAAK1X,aAAagwF,GACnC,MAAU1vF,MAAM,4DAElB,GAAIyvF,EAAa,CACf,MAAMz4E,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ0sE,EAAa/tE,GAClD,GAAI1K,IAASgH,GAAM7H,MAAMK,WACvB,MAAUxW,MAAM,wCAElB9C,EAAQ4J,EAEV,MAAMspB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAW14E,EAAOuxF,GAAmB/sE,GACnEiuE,EAAWhL,EAAWzP,WAAWl3D,GAAMnM,OAAOK,WACpD,GAAwB,IAApBy9E,EAAS3xF,OACX,MAAUgC,MAAM,8BAElB,IAAK,IAAID,EAAI,EAAGA,EAAI4vF,EAAS3xF,OAAQ+B,IAAK,CACxC,MAAM+vF,EAAanL,EAAWrmF,MAAMqxF,EAAS5vF,GAAI4vF,EAAS5vF,EAAI,IACxD6vF,EAAS,IAAIhC,GAAWkC,GAC9B1/D,EAAK3xB,KAAKmxF,GAEZ,OAAOx/D,CACT,CCtZA,MAAM2/D,gBAAsC34E,GAAK+F,wBAAwB,CACvEmyD,GACA+F,GACA+B,GACAT,GACA0E,GACA7C,GACAsB,GACAlG,GACAxD,KAGI4f,gBAA4C54E,GAAK+F,wBAAwB,CAAC28D,KAE1EmW,gBAAgD74E,GAAK+F,wBAAwB,CAACizD,KAO7E,MAAM8f,GAIXxzF,YAAYioF,GACV/nF,KAAKs3E,QAAUyQ,GAAc,IAAI1Q,GAOnCkc,sBACE,MAAMC,EAAS,GAKf,OAJ0BxzF,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOC,8BAC9C5R,SAAQ,SAAS2R,GACjCu+E,EAAO3xF,KAAKoT,EAAO4mE,gBAEd2X,EAOTxL,mBACE,MAAMtiD,EAAM1lC,KAAKyzF,mBAEXC,EAAiBhuD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOI,kBAC5D,GAAIq+E,EAAetyF,OAAS,EAC1B,OAAOsyF,EAAeprF,KAAI2M,GAAUA,EAAOu/D,cAI7C,OADsB9uC,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOE,WACtC7M,KAAI2M,GAAUA,EAAOu/D,cAa5CrzE,cAAcwyF,EAAgBC,EAAWC,EAAalhB,EAAO,IAAI33D,KAAQ8J,EAASsB,IAChF,MAAM0tE,EAAoBD,SAAqB7zF,KAAK+zF,mBAAmBJ,EAAgBC,EAAWjhB,EAAM7tD,GAElGkvE,EAAyBh0F,KAAKs3E,QAAQU,YAC1C52D,GAAMnM,OAAOQ,2BACb2L,GAAMnM,OAAOe,mCACboL,GAAMnM,OAAOiB,mBAGf,GAAsC,IAAlC89E,EAAuB5yF,OACzB,MAAUgC,MAAM,2BAGlB,MAAM6wF,EAAqBD,EAAuB,GAClD,IAAInzE,EAAY,KAChB,MAAMqzE,EAAmBj0F,QAAQ+H,IAAI8rF,EAAkBxrF,KAAInH,OAAS+oD,UAAWiqC,EAAejqF,WAC5F,IAAKsQ,GAAK1X,aAAaoH,KAAUsQ,GAAKC,SAAS05E,GAC7C,MAAU/wF,MAAM,uCAGlB,IACE,MAAMysC,EAAOzuB,GAAMtf,MAAMsf,GAAM/N,UAAW8gF,SACpCF,EAAmBjhE,QAAQ6c,EAAM3lC,EAAM4a,GAC7C,MAAOrgB,GACP+V,GAAK4D,gBAAgB3Z,GACrBoc,EAAYpc,OAQhB,GAJA2vF,EAAcH,EAAmBja,WACjCia,EAAmBja,UAAY,WACzBka,GAEDD,EAAmB3c,UAAY2c,EAAmB3c,QAAQl2E,OAC7D,MAAMyf,GAAiBzd,MAAM,sBAG/B,MAAMixF,EAAY,IAAIf,GAAQW,EAAmB3c,SAGjD,OAFA2c,EAAmB3c,QAAU,IAAID,GAE1Bgd,EAeTlzF,yBAAyBwyF,EAAgBC,EAAWjhB,EAAO,IAAI33D,KAAQ8J,EAASsB,IAC9E,IAEIvF,EAFAyzE,EAA6B,GAGjC,GAAIV,EAAW,CACb,MAAMW,EAAev0F,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOG,wBAC3D,GAA4B,IAAxBm/E,EAAanzF,OACf,MAAUgC,MAAM,8DAEZnD,QAAQ+H,IAAI4rF,EAAUtrF,KAAInH,eAAeqzF,EAAUrxF,GACvD,IAAIm0E,EAEFA,EADEn0E,QACck0E,GAAW2B,WAAWub,EAAazyF,QAASsxF,GAA6BtuE,GAE/EyvE,QAENt0F,QAAQ+H,IAAIsvE,EAAQhvE,KAAInH,eAAeszF,GAC3C,UACQA,EAAYzhE,QAAQwhE,GAC1BF,EAA2BzyF,KAAK4yF,GAChC,MAAOhzC,GACPjnC,GAAK4D,gBAAgBqjC,gBAItB,KAAIkyC,EAqFT,MAAUvwF,MAAM,iCArFS,CACzB,MAAMsxF,EAAe10F,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOC,8BAC3D,GAA4B,IAAxBw/E,EAAatzF,OACf,MAAUgC,MAAM,2DAEZnD,QAAQ+H,IAAI0sF,EAAapsF,KAAInH,eAAewzF,SAC1C10F,QAAQ+H,IAAI2rF,EAAerrF,KAAInH,eAAeyzF,GAClD,IAAIzC,EAAQ,CACV/wE,GAAM/N,UAAUQ,OAChBuN,GAAM/N,UAAUM,OAChByN,GAAM/N,UAAUG,UAChB4N,GAAM/N,UAAUI,OAElB,IACE,MAAMi2E,QAAoBkL,EAAcjL,eAAehX,OAAM1xE,EAAW6jB,GACpE4kE,EAAYE,kBAAkB9xE,+BAChCq6E,EAAQA,EAAMvrF,OAAO8iF,EAAYE,kBAAkB9xE,+BAErD,MAAOrT,IAGT,MAAMowF,SAA8BD,EAAcE,kBAAkBH,EAAY9Y,YAAa,UAAM56E,EAAW6jB,IAASxc,KAAI0O,GAAOA,EAAI4mE,kBAChI39E,QAAQ+H,IAAI6sF,EAAqBvsF,KAAInH,eAAe4zF,GACxD,IAAKA,GAAuBA,EAAoBpV,UAC9C,OAEF,IAAKoV,EAAoB/W,cACvB,MAAU56E,MAAM,oCAWlB,GAPiC0hB,EAAOvB,8BACtCoxE,EAAYhhB,qBAAuBvyD,GAAM9O,UAAUE,YACnDmiF,EAAYhhB,qBAAuBvyD,GAAM9O,UAAUC,gBACnDoiF,EAAYhhB,qBAAuBvyD,GAAM9O,UAAUG,SACnDkiF,EAAYhhB,qBAAuBvyD,GAAM9O,UAAUI,SAGvB,CAW5B,MAAMsiF,EAAkBL,EAAY7yF,cAC9B7B,QAAQ+H,IAAInI,MAAMuiB,KAAK0C,EAAOtB,yDAAyDlb,KAAInH,UAC/F,MAAM8zF,EAAkB,IAAIrZ,GAC5BqZ,EAAgB/zF,KAAK8zF,GACrB,MAAM9Y,EAAmB,CACvBjC,sBACA6B,WAAYj9D,GAAOy+D,mBAAmBrD,IAExC,UACQgb,EAAgBjiE,QAAQ+hE,EAAqB7Y,GACnDoY,EAA2BzyF,KAAKozF,GAChC,MAAOxzC,GAEPjnC,GAAK4D,gBAAgBqjC,GACrB5gC,EAAY4gC,YAKhB,IAEE,SADMkzC,EAAY3hE,QAAQ+hE,IACrB5C,EAAMtwE,SAAST,GAAMtf,MAAMsf,GAAM/N,UAAWshF,EAAY1a,sBAC3D,MAAU72E,MAAM,iDAElBkxF,EAA2BzyF,KAAK8yF,GAChC,MAAOlzC,GACPjnC,GAAK4D,gBAAgBqjC,GACrB5gC,EAAY4gC,WAKpB2yC,EAAcO,EAAY3a,WAC1B2a,EAAY3a,UAAY,UAM5B,GAAIsa,EAA2BlzF,OAAS,EAAG,CAEzC,GAAIkzF,EAA2BlzF,OAAS,EAAG,CACzC,MAAM8zF,EAAO,IAAIzxE,IACjB6wE,EAA6BA,EAA2B9sF,QAAO2tF,IAC7D,MAAM94E,EAAI84E,EAAKlb,oBAAsBz/D,GAAKqC,mBAAmBs4E,EAAKrZ,YAClE,OAAIoZ,EAAK9uF,IAAIiW,KAGb64E,EAAK7uF,IAAIgW,IACF,EAAI,IAIf,OAAOi4E,EAA2BhsF,KAAI2M,KACpC/K,KAAM+K,EAAO6mE,WACb5xB,UAAW9oC,GAAMlgB,KAAKkgB,GAAM/N,UAAW4B,EAAOglE,yBAGlD,MAAMp5D,GAAiBzd,MAAM,kCAO/BgyF,iBACE,MACMj/E,EADMnW,KAAKyzF,mBACGnc,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ48D,YAAe,KAO5CG,cACE,MACM/8D,EADMnW,KAAKyzF,mBACGnc,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ+8D,eAAkB,KAO/CJ,UACE,MACM38D,EADMnW,KAAKyzF,mBACGnc,QAAQc,WAAWh3D,GAAMnM,OAAOU,aACpD,OAAIQ,EACKA,EAAQ28D,UAEV,KAYT9qD,gCAAgCqtE,EAAiB,GAAI1iB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIjlE,EAASsB,IAC7F,MAAMypB,QAAai6C,GAAiB,YAAauL,EAAgB1iB,EAAMoX,EAASjlE,GAC1EqvE,EAAgB/yE,GAAMlgB,KAAKkgB,GAAM/N,UAAWw8B,GAC5CylD,EAAoBxwE,EAAOnC,mBPtC9BxhB,eAA+BqyB,EAAMm/C,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIjlE,EAASsB,IACpF,IAAImvE,GAAY,EAShB,aAPMt1F,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,eAAe6V,EAAK7T,GAC7C,MAAMumF,QAAoB1yE,EAAI2yE,eAAehX,EAAMoX,EAAQ5mF,GAAI2hB,GAC1D4kE,EAAYE,kBAAkBjxE,UAC7B+wE,EAAYE,kBAAkBjxE,SAAS,GAAKyI,GAAMzI,SAAS9D,OAC/D0gF,GAAY,OAGTA,CACT,CO2B0DC,CAAgBH,EAAgB1iB,EAAMoX,EAASjlE,GACnG1D,GAAMlgB,KAAKkgB,GAAMvM,WAAYi1E,GAAiB,OAAQuL,EAAgB1iB,EAAMoX,EAASjlE,SACrF7jB,QAEIhB,QAAQ+H,IAAIqtF,EAAe/sF,KAAI0O,GAAOA,EAAIy+E,mBAC7Cr1F,OAAM,IAAM,OACZwB,MAAK8zF,IACJ,GAAIA,GAAaA,EAAS9X,UAAU1zB,YAAc9oC,GAAM9O,UAAUY,SAAYsH,GAAK0G,MAAM2uB,GACvF,MAAUzsC,MAAM,yMAMtB,MAAO,CAAE8G,KADc2U,GAAOy+D,mBAAmBztC,GAClBqa,UAAWiqC,EAAezZ,cAAe4a,GAgB1En0F,cAAck0F,EAAgBzB,EAAW9X,EAAY6Z,GAAW,EAAOC,EAAmB,GAAIjjB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIjlE,EAASsB,IACtI,GAAI01D,GACF,IAAKthE,GAAK1X,aAAag5E,EAAW5xE,QAAUsQ,GAAKC,SAASqhE,EAAW5xB,WACnE,MAAU9mD,MAAM,4CAEb,GAAIiyF,GAAkBA,EAAej0F,OAC1C06E,QAAmBwX,GAAQhW,mBAAmB+X,EAAgB1iB,EAAMoX,EAASjlE,OACxE,KAAI8uE,IAAaA,EAAUxyF,OAGhC,MAAUgC,MAAM,gDAFhB04E,QAAmBwX,GAAQhW,wBAAmBr8E,OAAWA,OAAWA,EAAW6jB,GAKjF,MAAQ5a,KAAMwyE,EAAgBxyB,UAAWiqC,EAAezZ,cAAe4a,GAAsBxZ,EAEvFp2C,QAAY4tD,GAAQuC,kBAAkBnZ,EAAgByX,EAAemB,EAAmBD,EAAgBzB,EAAW+B,EAAUC,EAAkBjjB,EAAMoX,EAASjlE,GAEpK,IAAImvE,EACAqB,GACFrB,EAAqB,IAAIzZ,GACzByZ,EAAmBvZ,cAAgBt5D,GAAMtf,MAAMsf,GAAMvM,KAAMygF,IAE3DrB,EAAqB,IAAIla,GAE3Bka,EAAmB3c,QAAUt3E,KAAKs3E,QAElC,MAAMptB,EAAY9oC,GAAMtf,MAAMsf,GAAM/N,UAAW8gF,GAK/C,aAJMF,EAAmBlhE,QAAQm3B,EAAWwyB,EAAgB53D,GAE5D4gB,EAAI4xC,QAAQz1E,KAAKoyF,GACjBA,EAAmB3c,QAAU,IAAID,GAC1B3xC,EAkBT1d,+BAA+B8zD,EAAYqY,EAAemB,EAAmBD,EAAgBzB,EAAW+B,GAAW,EAAOC,EAAmB,GAAIjjB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIjlE,EAASsB,IACzL,MAAM2hE,EAAa,IAAI1Q,GACjBntB,EAAY9oC,GAAMtf,MAAMsf,GAAM/N,UAAW8gF,GACzCzZ,EAAgB4a,GAAqBl0E,GAAMtf,MAAMsf,GAAMvM,KAAMygF,GAEnE,GAAID,EAAgB,CAClB,MAAMxE,QAAgB5wF,QAAQ+H,IAAIqtF,EAAe/sF,KAAInH,eAAekoF,EAAYlmF,GAC9E,MAAMk6E,QAAsBgM,EAAWoM,iBAAiBG,EAAiBzyF,GAAIwvE,EAAMoX,EAASjlE,GACtFgxE,EAAgB,IAAIla,GAO1B,OANAka,EAAcja,YAAc8Z,EAAWluE,GAAMkuE,WAAatY,EAAc3H,WACxEogB,EAAcniB,mBAAqB0J,EAAcO,UAAU1zB,UAC3D4rC,EAAcha,WAAaA,EAC3Bga,EAAc7b,oBAAsB/vB,QAC9B4rC,EAAc/iE,QAAQsqD,EAAcO,kBACnCkY,EAAcha,WACdga,MAET/N,EAAWlmF,QAAQgvF,GAErB,GAAI+C,EAAW,CACb,MAAMmC,EAAc50F,eAAey8E,EAAW4W,GAC5C,IAEE,aADM5W,EAAU5qD,QAAQwhE,GACjB,EACP,MAAO/vF,GACP,OAAO,IAILosB,EAAM,CAACmlE,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB/0F,eAAe26E,EAAY5xB,EAAWwwB,EAAe8Z,GAC3E,MAAM2B,EAA+B,IAAIjZ,GAA6Bp4D,GAQtE,GAPAqxE,EAA6Bra,WAAaA,EAC1Cqa,EAA6Blc,oBAAsB/vB,EAC/CwwB,IACFyb,EAA6Bzb,cAAgBA,SAEzCyb,EAA6BpjE,QAAQyhE,EAAU1vE,GAEjDA,EAAO3B,uBAAwB,CAEjC,GAA4B,WADNljB,QAAQ+H,IAAI4rF,EAAUtrF,KAAI8tF,GAAOL,EAAYI,EAA8BC,OACrFxlE,OAAOC,GACjB,OAAOqlE,EAAgBpa,EAAY5xB,EAAWsqC,GAKlD,cADO2B,EAA6Bra,WAC7Bqa,GAGHtF,QAAgB5wF,QAAQ+H,IAAI4rF,EAAUtrF,KAAI8tF,GAAOF,EAAgBpa,EAAY5xB,EAAWwwB,EAAe0b,MAC7GrO,EAAWlmF,QAAQgvF,GAGrB,OAAO,IAAIyC,GAAQvL,GAerB5mF,WAAW6qF,EAAc,GAAI72E,EAAY,KAAMkhF,EAAgB,GAAI1jB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IAC3H,MAAM2hE,EAAa,IAAI1Q,GAEjBif,EAAoBt2F,KAAKs3E,QAAQc,WAAWh3D,GAAMnM,OAAOU,aAC/D,IAAK2gF,EACH,MAAUlzF,MAAM,mCAGlB,IAAID,EACAozF,EAEJ,MAAM9iB,EAA2C,OAA3B6iB,EAAkBjgF,KACtC+K,GAAMjM,UAAUiB,OAASgL,GAAMjM,UAAUkB,KAE3C,GAAIlB,EAEF,IADAohF,EAAwBphF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WAC9DhS,EAAIozF,EAAsBn1F,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACtD,MAAMonF,EAAkBgM,EAAsBpzF,GACxCqzF,EAAa,IAAIxf,GACvBwf,EAAW/iB,cAAgB8W,EAAgB9W,cAC3C+iB,EAAW9iB,cAAgB6W,EAAgB7W,cAC3C8iB,EAAW7iB,mBAAqB4W,EAAgB5W,mBAChD6iB,EAAWhiB,YAAc+V,EAAgB/V,YACpCwX,EAAY5qF,QAAgB,IAAN+B,IACzBqzF,EAAW9sB,MAAQ,GAErBqe,EAAWlmF,KAAK20F,GA0BpB,aAtBMv2F,QAAQ+H,IAAInI,MAAMuiB,KAAK4pE,GAAav7E,UAAUnI,KAAInH,eAAgBkoF,EAAYlmF,GAClF,IAAKkmF,EAAW4C,YACd,MAAU7oF,MAAM,gCAElB,MAAMqzF,EAAeJ,EAAcrK,EAAY5qF,OAAS,EAAI+B,GACtD+oF,QAAmB7C,EAAW8C,cAAcsK,EAAc9jB,EAAMoX,EAASjlE,GACzE0xE,EAAa,IAAIxf,GAQvB,OAPAwf,EAAW/iB,cAAgBA,EAC3B+iB,EAAW9iB,oBAAsB7oB,GAAqBw+B,EAAY6C,EAAWtO,UAAWjL,EAAMoX,EAASjlE,GACvG0xE,EAAW7iB,mBAAqBuY,EAAWtO,UAAU1zB,UACrDssC,EAAWhiB,YAAc0X,EAAWxW,WAChCvyE,IAAM6oF,EAAY5qF,OAAS,IAC7Bo1F,EAAW9sB,MAAQ,GAEd8sB,MACL50F,MAAK80F,IACPA,EAAqBpzF,SAAQkzF,GAAczO,EAAWlmF,KAAK20F,IAAY,IAGzEzO,EAAWlmF,KAAKy0F,GAChBvO,EAAWlmF,cAAe80F,GAAuBL,EAAmBtK,EAAa72E,EAAWkhF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAO5vD,IAErI,IAAIwuE,GAAQvL,GASrBnP,SAAS/oC,EAAM/qB,EAASsB,IACtB,GAAIypB,IAASzuB,GAAMrN,YAAYC,aAC7B,OAAOhU,KAGT,MAAM04E,EAAa,IAAID,GAAqB3zD,GAC5C4zD,EAAWxuB,UAAYra,EACvB6oC,EAAWpB,QAAUt3E,KAAKs3E,QAE1B,MAAMsa,EAAa,IAAIva,GAGvB,OAFAua,EAAW/vF,KAAK62E,GAET,IAAI4a,GAAQ1B,GAerBzwF,mBAAmB6qF,EAAc,GAAI72E,EAAY,KAAMkhF,EAAgB,GAAI1jB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACnI,MAAMkwE,EAAoBt2F,KAAKs3E,QAAQc,WAAWh3D,GAAMnM,OAAOU,aAC/D,IAAK2gF,EACH,MAAUlzF,MAAM,mCAElB,OAAO,IAAI0kF,SAAgB6O,GAAuBL,EAAmBtK,EAAa72E,EAAWkhF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAe9I3jB,aAAakrF,EAAkB1Z,EAAO,IAAI33D,KAAQ8J,EAASsB,IACzD,MAAMsf,EAAM1lC,KAAKyzF,mBACXmD,EAAkBlxD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOU,aAC7D,GAA+B,IAA3BihF,EAAgBx1F,OAClB,MAAUgC,MAAM,yDAEdgkB,EAAqBse,EAAI4xC,QAAQv2E,SACnC2kC,EAAI4xC,QAAQz1E,cAAcmlB,EAAiB0e,EAAI4xC,QAAQv2E,QAAQ2jD,GAAKA,GAAK,MAE3E,MAAMgvC,EAAiBhuD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOI,kBAAkB5E,UACxEomF,EAAgBnxD,EAAI4xC,QAAQU,YAAY52D,GAAMnM,OAAOE,WAC3D,OAAIu+E,EAAetyF,SAAWy1F,EAAcz1F,QAAUoZ,GAAK9X,SAASgjC,EAAI4xC,QAAQv2E,UAAYqmB,EAAqBse,EAAI4xC,QAAQv2E,eACrHd,QAAQ+H,IAAI0rF,EAAeprF,KAAInH,UACnCq1F,EAAWvf,iBAAmB,IAAIh3E,SAAQ,CAACC,EAASC,KAClDq2F,EAAWM,wBAA0B52F,EACrCs2F,EAAWO,uBAAyB52F,CAAM,IAE5Cq2F,EAAW5iB,cAAgB0B,GAAiBn0E,gBAAmBq1F,EAAWvf,kBAAkBrD,gBAC5F4iB,EAAWl0D,OAAStb,QAAuBwvE,EAAWpiF,KAAKoiF,EAAW/iB,cAAemjB,EAAgB,QAAI31F,GAAW,IACpHu1F,EAAWl0D,OAAOliC,OAAM,QAAS,KAEnCslC,EAAI4xC,QAAQv2E,OAAS4lB,EAAqB+e,EAAI4xC,QAAQv2E,QAAQI,MAAOyH,EAAUC,KAC7E,MAAMlD,EAASihB,EAAiBhe,GAC1BlI,EAASmmB,EAAiBhe,GAChC,IACE,IAAK,IAAI1F,EAAI,EAAGA,EAAIuwF,EAAetyF,OAAQ+B,IAAK,CAC9C,MAAQ9B,MAAO8T,SAAoBxP,EAAOzE,OAC1CwyF,EAAevwF,GAAG2zF,wBAAwB3hF,SAEtCxP,EAAOpE,kBACPb,EAAO2I,YACP3I,EAAOsB,QACb,MAAOyC,GACPivF,EAAepwF,SAAQkzF,IACrBA,EAAWO,uBAAuBtyF,EAAE,UAEhC/D,EAAOuB,MAAMwC,OAGhBuyF,GAA0BtD,EAAgBkD,EAAiBvK,EAAkB1Z,GAAM,EAAO7tD,IAE5FkyE,GAA0BH,EAAeD,EAAiBvK,EAAkB1Z,GAAM,EAAO7tD,GAgBlGmyE,eAAe9hF,EAAWk3E,EAAkB1Z,EAAO,IAAI33D,KAAQ8J,EAASsB,IACtE,MACMwwE,EADM52F,KAAKyzF,mBACWnc,QAAQU,YAAY52D,GAAMnM,OAAOU,aAC7D,GAA+B,IAA3BihF,EAAgBx1F,OAClB,MAAUgC,MAAM,yDAGlB,OAAO4zF,GADe7hF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WACjByhF,EAAiBvK,EAAkB1Z,GAAM,EAAM7tD,GAOjG2uE,mBACE,MAAM/a,EAAa14E,KAAKs3E,QAAQU,YAAY52D,GAAMnM,OAAOO,gBACzD,OAAIkjE,EAAWt3E,OACN,IAAIkyF,GAAQ5a,EAAW,GAAGpB,SAE5Bt3E,KAQTmB,sBAAsB+1F,EAAmBpyE,EAASsB,UAC1CpmB,KAAKs3E,QAAQp2E,KACjBsZ,GAAK1X,aAAao0F,GAAqBA,SAA2B/wE,GAAQ+wE,IAAoBhtF,KAC9FmpF,GACAvuE,GAQJhjB,QACE,OAAO9B,KAAKs3E,QAAQx1E,QAQtByX,MAAMuL,EAASsB,IACb,OAAO7M,GAAM6H,GAAM7H,MAAMI,QAAS3Z,KAAK8B,QAAS,KAAM,KAAM,KAAMgjB,IAmB/D3jB,eAAew1F,GAAuBL,EAAmBtK,EAAa72E,EAAY,KAAMkhF,EAAgB,GAAI1jB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIrV,EAAY,GAAIl3B,GAAW,EAAO14B,EAASsB,IAC7L,MAAM2hE,EAAa,IAAI1Q,GAGjB5D,EAA2C,OAA3B6iB,EAAkBjgF,KACtC+K,GAAMjM,UAAUiB,OAASgL,GAAMjM,UAAUkB,KAa3C,SAXMpW,QAAQ+H,IAAIgkF,EAAY1jF,KAAInH,MAAOkoF,EAAYlmF,KACnD,MAAM0S,EAASk0E,EAAQ5mF,GACvB,IAAKkmF,EAAW4C,YACd,MAAU7oF,MAAM,gCAElB,MAAM8oF,QAAmB7C,EAAW8C,cAAckK,EAAclzF,GAAIwvE,EAAM98D,EAAQiP,GAClF,OAAO0kE,GAAsB8M,EAAmBjN,EAAY6C,EAAWtO,UAAW,CAAEnK,iBAAiBd,EAAM98D,EAAQ6+D,EAAWl3B,EAAU14B,EAAO,KAC7IljB,MAAKi1F,IACP9O,EAAWlmF,QAAQg1F,EAAc,IAG/B1hF,EAAW,CACb,MAAMohF,EAAwBphF,EAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WACzE4yE,EAAWlmF,QAAQ00F,GAErB,OAAOxO,CACT,CAkGO5mF,eAAe61F,GAA0BH,EAAeD,EAAiBvK,EAAkB1Z,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IAC9I,OAAOnmB,QAAQ+H,IAAI6uF,EAAcrvF,QAAO,SAAS2N,GAC/C,MAAO,CAAC,OAAQ,UAAU0M,SAAST,GAAMlgB,KAAKkgB,GAAMjM,UAAWA,EAAUs+D,mBACxEnrE,KAAInH,eAAegU,GACpB,OApFJhU,eAAwCgU,EAAWyhF,EAAiBvK,EAAkB1Z,EAAO,IAAI33D,KAAQwiC,GAAW,EAAO14B,EAASsB,IAClI,IAAIijE,EACA8N,EAEJ,IAAK,MAAMngF,KAAOq1E,EAAkB,CAClC,MAAMC,EAAat1E,EAAIu1E,QAAQp3E,EAAUq/D,aACzC,GAAI8X,EAAWlrF,OAAS,EAAG,CACzBioF,EAAaryE,EACbmgF,EAAuB7K,EAAW,GAClC,OAIJ,MACM8K,EADqBjiF,aAAqB6hE,GACI7hE,EAAU8hE,iBAAmB9hE,EAE3EkiF,EAAc,CAClBzvE,MAAOzS,EAAUq/D,YACjBlB,SAAU,WACR,IAAK6jB,EACH,MAAU/zF,MAAM,0CAA0C+R,EAAUq/D,YAAY9sD,eAG5EvS,EAAUuoC,OAAOy5C,EAAqBvZ,UAAWzoE,EAAUs+D,cAAemjB,EAAgB,GAAIjkB,EAAMn1B,EAAU14B,GACpH,MAAMylE,QAAwB6M,EAC9B,GAAID,EAAqBlZ,kBAAoBsM,EAAgBxW,QAC3D,MAAU3wE,MAAM,mCAIlB,UACQimF,EAAW8C,cAAcgL,EAAqBzhB,WAAY6U,EAAgBxW,aAAS9yE,EAAW6jB,GACpG,MAAOrgB,GAKP,IAAIqgB,EAAOxB,+CAAgD7e,EAAEkV,QAAQgL,MAAM,4CAGzE,MAAMlgB,QAFA4kF,EAAW8C,cAAcgL,EAAqBzhB,WAAY/C,OAAM1xE,EAAW6jB,GAKrF,OAAO,CACR,EA1BS,GA2BV3P,UAAW,WACT,MAAMo1E,QAAwB6M,EACxBrP,EAAa,IAAI1Q,GAEvB,OADAkT,GAAmBxC,EAAWlmF,KAAK0oF,GAC5B,IAAIzC,GAAUC,EACtB,EALU,IAeb,OAHAsP,EAAYliF,UAAU/U,OAAM,SAC5Bi3F,EAAY/jB,SAASlzE,OAAM,SAEpBi3F,CACT,CAuBWC,CAAyBniF,EAAWyhF,EAAiBvK,EAAkB1Z,EAAMn1B,EAAU14B,MAElG,CAYO3jB,eAAeo2F,IAAYC,eAAEA,EAAcC,cAAEA,SAAe3yE,KAAWsjE,IAC5EtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAIxkB,EAAQk3F,GAAkBC,EAC9B,IAAKn3F,EACH,MAAU8C,MAAM,wFAElB,GAAIo0F,IAAmBh9E,GAAKC,SAAS+8E,KAAoBh9E,GAAK9X,SAAS80F,GACrE,MAAUp0F,MAAM,kEAElB,GAAIq0F,IAAkBj9E,GAAK1X,aAAa20F,KAAmBj9E,GAAK9X,SAAS+0F,GACvE,MAAUr0F,MAAM,qEAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,MAAMwE,EAAawU,GAAK9X,SAASpC,GAKjC,GAJI0F,UACI0xF,IACNp3F,EAAQq3F,EAAgBr3F,IAEtBk3F,EAAgB,CAClB,MAAMp9E,KAAEA,EAAIlQ,KAAEA,SAAeic,GAAQ7lB,EAAOwkB,GAC5C,GAAI1K,IAASgH,GAAM7H,MAAMI,QACvB,MAAUvW,MAAM,oCAElB9C,EAAQ4J,EAEV,MAAM69E,QAAmB1Q,GAAW2B,WAAW14E,EAAO6yF,GAAuBruE,GACvEnL,EAAU,IAAI25E,GAAQvL,GAE5B,OADApuE,EAAQ69D,WAAaxxE,EACd2T,CACT,CAcOxY,eAAey2F,IAAcvhF,KAAEA,EAAID,OAAEA,EAAMw8D,SAAEA,EAAQD,KAAEA,EAAO,IAAI33D,KAAM2nC,OAAEA,QAAkB1hD,IAAToV,EAAqB,OAAS,aAAa+xE,IACnI,IAAI9nF,OAAiBW,IAAToV,EAAqBA,EAAOD,EACxC,QAAcnV,IAAVX,EACF,MAAU8C,MAAM,yEAElB,GAAIiT,IAASmE,GAAKC,SAASpE,KAAUmE,GAAK9X,SAAS2T,GACjD,MAAUjT,MAAM,0DAElB,GAAIgT,IAAWoE,GAAK1X,aAAasT,KAAYoE,GAAK9X,SAAS0T,GACzD,MAAUhT,MAAM,gEAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,MAAMwE,EAAawU,GAAK9X,SAASpC,GAC7B0F,UACI0xF,IACNp3F,EAAQq3F,EAAgBr3F,IAE1B,MAAMg2F,EAAoB,IAAI5jB,GAAkBC,QACnC1xE,IAAToV,EACFigF,EAAkBzjB,QAAQvyE,EAAO8gB,GAAMtf,MAAMsf,GAAMjL,QAASwsC,IAE5D2zC,EAAkBtjB,SAAS1yE,EAAO8gB,GAAMtf,MAAMsf,GAAMjL,QAASwsC,SAE9C1hD,IAAb2xE,GACF0jB,EAAkBrjB,YAAYL,GAEhC,MAAMilB,EAAwB,IAAIxgB,GAClCwgB,EAAsBh2F,KAAKy0F,GAC3B,MAAM38E,EAAU,IAAI25E,GAAQuE,GAE5B,OADAl+E,EAAQ69D,WAAaxxE,EACd2T,CACT,CCl5BA,MAAMw9D,gBAA+B38D,GAAK+F,wBAAwB,CAACizD,KAM5D,MAAMskB,GAKXh4F,YAAYuW,EAAMlB,GAGhB,GADAnV,KAAKqW,KAAOmE,GAAK2F,qBAAqB9J,GAAM4L,QAAQ,SAAU,QAC1D9M,KAAeA,aAAqB2yE,IACtC,MAAU1kF,MAAM,2BAElBpD,KAAKmV,UAAYA,GAAa,IAAI2yE,GAAU,IAAIzQ,IAOlD2Q,mBACE,MAAMwL,EAAS,GAKf,OAJsBxzF,KAAKmV,UAAUmiE,QACvBh0E,SAAQ,SAAS2R,GAC7Bu+E,EAAO3xF,KAAKoT,EAAOu/D,gBAEdgf,EAeTryF,WAAWsvF,EAAat7E,EAAY,KAAMkhF,EAAgB,GAAI1jB,EAAO,IAAI33D,KAAQ+uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACtH,MAAMkwE,EAAoB,IAAI5jB,GAC9B4jB,EAAkBzjB,QAAQ7yE,KAAKqW,MAC/B,MAAM0hF,EAAe,IAAIjQ,SAAgB6O,GAAuBL,EAAmB7F,EAAat7E,EAAWkhF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAC1J,OAAO,IAAIgzE,GAAiB93F,KAAKqW,KAAM0hF,GAezCr6C,OAAOlqB,EAAMm/C,EAAO,IAAI33D,KAAQ8J,EAASsB,IACvC,MAAMywE,EAAgB72F,KAAKmV,UAAUmiE,QAAQU,YAAY52D,GAAMnM,OAAOE,WAChEmhF,EAAoB,IAAI5jB,GAG9B,OADA4jB,EAAkBzjB,QAAQ7yE,KAAKqW,MACxB2gF,GAA0BH,EAAe,CAACP,GAAoB9iE,EAAMm/C,GAAM,EAAM7tD,GAOzFguD,UAEE,OAAO9yE,KAAKqW,KAAK4L,QAAQ,QAAS,MAQpC1I,MAAMuL,EAASsB,IACb,IAAI4xE,EAASh4F,KAAKmV,UAAUmiE,QAAQhvE,KAAI,SAAS2M,GAC/C,OAAOmM,GAAMlgB,KAAKkgB,GAAMhN,KAAMa,EAAOy+D,eAAeoD,iBAEtDkhB,EAASA,EAAOxwF,QAAO,SAAS2tF,EAAMhyF,EAAG80F,GAAM,OAAOA,EAAGtxF,QAAQwuF,KAAUhyF,KAC3E,MAAM4iB,EAAO,CACX3R,KAAM4jF,EAAOx2F,OACb6U,KAAMrW,KAAKqW,KACXnM,KAAMlK,KAAKmV,UAAUmiE,QAAQx1E,SAE/B,OAAOyX,GAAM6H,GAAM7H,MAAMG,OAAQqM,OAAM9kB,OAAWA,OAAWA,EAAW6jB,IAarE3jB,eAAe+2F,IAAqBC,iBAAEA,SAAkBrzE,KAAWsjE,IAExE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3BqzE,EACH,MAAU/0F,MAAM,gFAElB,IAAKoX,GAAKC,SAAS09E,GACjB,MAAU/0F,MAAM,mEAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,MAAMlB,QAAc6lB,GAAQgyE,GAC5B,GAAI73F,EAAM8Z,OAASgH,GAAM7H,MAAMG,OAC7B,MAAUtW,MAAM,gCAElB,MAAM2kF,QAAmB1Q,GAAW2B,WAAW14E,EAAM4J,KAAMitE,GAAgBryD,IAY7E,SAAuBe,EAASkiE,GAC9B,MAAMqQ,EAAiB,SAASC,GAC9B,MAAM1uB,EAAQ10D,GAAU46B,GAAQ56B,EAAOy+D,gBAAkB7jC,EAEzD,IAAK,IAAI1sC,EAAI,EAAGA,EAAI4kF,EAAW3mF,OAAQ+B,IACrC,GAAI4kF,EAAW5kF,GAAGrD,YAAY4gB,MAAQU,GAAMnM,OAAOE,YAAckjF,EAAUhwF,KAAKshE,EAAMoe,EAAW5kF,KAC/F,OAAO,EAGX,OAAO,GAGT,IAAIm1F,EAAY,KACZD,EAAY,GAoBhB,GAnBAxyE,EAAQviB,SAAQ,SAASohB,GAEvB,GADA4zE,EAAY5zE,EAAOC,MAAM,iBACrB2zE,EAaF,MAAUl1F,MAAM,0DAZhBk1F,EAAYA,EAAU,GAAGr2E,QAAQ,MAAO,IACxCq2E,EAAYA,EAAUl4E,MAAM,KAC5Bk4E,EAAYA,EAAUhwF,KAAI,SAAS8L,GACjCA,EAAOA,EAAK20E,cACZ,IACE,OAAO3nE,GAAMtf,MAAMsf,GAAMhN,KAAMA,GAC/B,MAAO3P,GACP,MAAUrB,MAAM,2CAA6CgR,OAGjEikF,EAAYA,EAAUzxF,OAAO0xF,OAM5BD,EAAUj3F,SAAWg3F,EAAe,CAACh3E,GAAMhN,KAAKC,MACnD,MAAUjR,MAAM,qFACX,GAAIi1F,EAAUj3F,SAAWg3F,EAAeC,GAC7C,MAAUj1F,MAAM,wDAEpB,CAjDEwiB,CAActlB,EAAMulB,QAASkiE,GAC7B,MAAM5yE,EAAY,IAAI2yE,GAAUC,GAChC,OAAO,IAAI+P,GAAiBx3F,EAAM+V,KAAMlB,EAC1C,CAuDOhU,eAAeo3F,IAAuBliF,KAAEA,KAAS+xE,IACtD,IAAK/xE,EACH,MAAUjT,MAAM,sEAElB,IAAKoX,GAAKC,SAASpE,GACjB,MAAUjT,MAAM,yDAElB,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,OAAO,IAAIs2F,GAAiBzhF,EAC9B,CCnKOlV,eAAegjD,IAAY4lC,QAAEA,EAAU,GAAElN,WAAEA,EAAUziE,KAAEA,EAAO,MAAKmuE,QAAEA,EAAU,KAAI33E,MAAEA,EAAQ,aAAYgH,kBAAEA,EAAoB,EAAC+6D,KAAEA,EAAO,IAAI33D,KAAMyzE,QAAEA,EAAU,CAAC,IAAG9rC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC/JoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAuB,IAAnBuoF,EAAQ3oF,OACV,MAAUgC,MAAM,2CAElB,GAAa,QAATgX,GAAkBmuE,EAAUzjE,EAAO5B,WACrC,MAAU9f,MAAM,8BAA8B0hB,EAAO5B,oBAAoBqlE,KAG3E,MAAMtjF,EAAU,CAAE8kF,UAASlN,aAAYziE,OAAMmuE,UAAS33E,QAAOgH,oBAAmB+6D,OAAM8b,WAEtF,IACE,MAAMz3E,IAAEA,EAAGw5E,sBAAEA,SHaVrvF,eAAwB8D,EAAS6f,GACtC7f,EAAQk4C,MAAO,GACfl4C,EAAUwsF,GAA0BxsF,IAC5BwpF,QAAUxpF,EAAQwpF,QAAQnmF,KAAI,CAAC8gF,EAAQtpE,IAAU2xE,GAA0BxsF,EAAQwpF,QAAQ3uE,GAAQ7a,KAC3G,IAAI2b,EAAW,CAAC63E,GAAyBxzF,EAAS6f,IAClDlE,EAAWA,EAASha,OAAO3B,EAAQwpF,QAAQnmF,KAAIrD,GAAWysF,GAA4BzsF,EAAS6f,MAC/F,MAAMwyD,QAAgBr3E,QAAQ+H,IAAI4Y,GAE5B5J,QAAY+6E,GAAcza,EAAQ,GAAIA,EAAQ51E,MAAM,GAAIuD,EAAS6f,GACjE0rE,QAA8Bx5E,EAAI0hF,yBAAyBzzF,EAAQ0tE,KAAM7tD,GAE/E,OADA9N,EAAI60E,qBAAuB,GACpB,CAAE70E,MAAKw5E,wBAChB,CGzBiDhgC,CAASvrD,EAAS6f,GAG/D,OAFA9N,EAAIu1E,UAAUjpF,SAAQ,EAAGs6E,eAAgB0N,GAAqB1N,EAAW94D,KAElE,CACLlL,WAAY++E,GAAa3hF,EAAK2rC,EAAQ79B,GACtCxS,UAAWqmF,GAAa3hF,EAAI+5E,WAAYpuC,EAAQ79B,GAChD0rE,yBAEF,MAAO/uC,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,CAkBOtgD,eAAey3F,IAAYh/E,WAAEA,EAAUmwE,QAAEA,EAAU,GAAElN,WAAEA,EAAUjlE,kBAAEA,EAAoB,EAAC+6D,KAAEA,EAAIhwB,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC1FoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAuB,IAAnBuoF,EAAQ3oF,OACV,MAAUgC,MAAM,yCAElB,MAAM6B,EAAU,CAAE2U,aAAYmwE,UAASlN,aAAYjlE,oBAAmB+6D,QAEtE,IACE,MAAQ37D,IAAK6hF,EAAcrI,sBAAEA,SHE1BrvF,eAAwB8D,EAAS6f,GACtC7f,EAAU6zF,EAAS7zF,GACnB,MAAM2U,WAAEA,GAAe3U,EAEvB,IAAK2U,EAAWqyE,YACd,MAAU7oF,MAAM,gCAGlB,GAAIwW,EAAWgkE,UAAU+B,UACvB,MAAUv8E,MAAM,2CAIlB,IADoBwW,EAAW2yE,UAAUztC,OAAM,EAAG8+B,eAAgBA,EAAUI,gBAE1E,MAAU56E,MAAM,wBAGlB,MAAMu6E,EAAkB/jE,EAAWgkE,UAE9B34E,EAAQwpF,UACXxpF,EAAQwpF,cAAgBxuF,QAAQ+H,IAAI4R,EAAW60E,QAAQnmF,KAAInH,UACzD,MAAM09E,EAAqBuK,EAAOxL,UAC5B+K,EAAe,CAAE3xE,IAAK2mE,EAAiB93E,KAAMg5E,GAC7CyO,QACJC,GAA+BnE,EAAOgE,kBAAmBzP,EAAiBv8D,GAAMjM,UAAU2B,cAAe6xE,EAAc,KAAM7jE,GAC7H1kB,OAAM,MAAS,KACjB,MAAO,CACL+8C,KAAMmwC,EAAiB90E,UAAa80E,EAAiB90E,SAAS,GAAK4I,GAAM5I,SAASS,SACnF,MAIL,MAAM+4E,EAAsBp4E,EAAW60E,QAAQnmF,KAAI8gF,GAAUA,EAAOxL,YACpE,GAAI34E,EAAQwpF,QAAQrtF,SAAW4wF,EAAoB5wF,OACjD,MAAUgC,MAAM,6DAGlB6B,EAAQwpF,QAAUxpF,EAAQwpF,QAAQnmF,KAAIgqF,GAAiBwG,EAASxG,EAAertF,KAE/E,MAAM+R,QAAY+6E,GAAcpU,EAAiBqU,EAAqB/sF,EAAS6f,GACzE0rE,QAA8Bx5E,EAAI0hF,yBAAyBzzF,EAAQ0tE,KAAM7tD,GAE/E,OADA9N,EAAI60E,qBAAuB,GACpB,CAAE70E,MAAKw5E,yBAEd,SAASsI,EAAS7zF,EAASimF,EAAiB,IAK1C,OAJAjmF,EAAQ2S,kBAAoB3S,EAAQ2S,mBAAqBszE,EAAetzE,kBACxE3S,EAAQ43E,WAAariE,GAAKC,SAASxV,EAAQ43E,YAAc53E,EAAQ43E,WAAaqO,EAAerO,WAC7F53E,EAAQ0tE,KAAO1tE,EAAQ0tE,MAAQuY,EAAevY,KAEvC1tE,EAEX,CGrDiE8zF,CAAS9zF,EAAS6f,GAE/E,MAAO,CACLlL,WAAY++E,GAAaE,EAAgBl2C,EAAQ79B,GACjDxS,UAAWqmF,GAAaE,EAAe9H,WAAYpuC,EAAQ79B,GAC3D0rE,yBAEF,MAAO/uC,GACP,MAAMjnC,GAAK8F,UAAU,6BAA8BmhC,GAEvD,CAoBOtgD,eAAe63F,IAAUhiF,IAAEA,EAAGw5E,sBAAEA,EAAqB93E,oBAAEA,EAAmBi6D,KAAEA,EAAO,IAAI33D,KAAM2nC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IACzFoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IACE,MAAMy3F,EAAazI,QACXx5E,EAAIkiF,2BAA2B1I,EAAuB7d,EAAM7tD,SAC5D9N,EAAImiF,OAAOzgF,EAAqBi6D,EAAM7tD,GAE9C,OAAOm0E,EAAWhN,YAAc,CAC9BryE,WAAY++E,GAAaM,EAAYt2C,EAAQ79B,GAC7CxS,UAAWqmF,GAAaM,EAAWlI,WAAYpuC,EAAQ79B,IACrD,CACFlL,WAAY,KACZtH,UAAWqmF,GAAaM,EAAYt2C,EAAQ79B,IAE9C,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,qBAAsBmhC,GAE/C,CAYOtgD,eAAei4F,IAAWx/E,WAAEA,EAAUijE,WAAEA,SAAY/3D,KAAWsjE,IAC1BoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAAKoY,EAAWqyE,YACd,MAAU7oF,MAAM,+BAElB,MAAMi2F,EAAmBz/E,EAAWjY,OAAM,GACpC23F,EAAc9+E,GAAKha,QAAQq8E,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANM58E,QAAQ+H,IAAIqxF,EAAiB9M,UAAUjkF,KAAI0O,GAE/CwD,GAAKmG,WAAW24E,EAAYhxF,KAAIu0E,GAAc7lE,EAAI4mE,UAAU5qD,QAAQ6pD,eAGhEwc,EAAiB1zC,SAAS7gC,GACzBu0E,EACP,MAAO53C,GAEP,MADA43C,EAAiBvZ,qBACXtlE,GAAK8F,UAAU,+BAAgCmhC,GAEzD,CAYOtgD,eAAeo4F,IAAW3/E,WAAEA,EAAUijE,WAAEA,SAAY/3D,KAAWsjE,IAC1BoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAAKoY,EAAWqyE,YACd,MAAU7oF,MAAM,+BAElB,MAAMi2F,EAAmBz/E,EAAWjY,OAAM,GAEpC6xB,EAAO6lE,EAAiB9M,UACxB+M,EAAc9+E,GAAKha,QAAQq8E,GAAcA,EAAiBh9E,MAAM2zB,EAAKpyB,QAAQ++C,KAAK08B,GACxF,GAAIyc,EAAYl4F,SAAWoyB,EAAKpyB,OAC9B,MAAUgC,MAAM,0DAGlB,IAME,aALMnD,QAAQ+H,IAAIwrB,EAAKlrB,KAAInH,MAAO6V,EAAK7T,KACrC,MAAMy6E,UAAEA,GAAc5mE,QAChB4mE,EAAU7qD,QAAQumE,EAAYn2F,GAAI2hB,GACxC84D,EAAUkC,oBAAoB,KAEzBuZ,EACP,MAAO53C,GAEP,MADA43C,EAAiBvZ,qBACXtlE,GAAK8F,UAAU,+BAAgCmhC,GAEzD,CAiCOtgD,eAAe4xB,IAAQpZ,QAAEA,EAAO07E,eAAEA,EAAcrJ,YAAEA,EAAW4H,UAAEA,EAAS9X,WAAEA,EAAUn5B,OAAEA,EAAS,UAASxtC,UAAEA,EAAY,KAAIwgF,SAAEA,GAAW,EAAKU,cAAEA,EAAgB,GAAET,iBAAEA,EAAmB,GAAEjjB,KAAEA,EAAO,IAAI33D,KAAMw+E,eAAEA,EAAiB,GAAEC,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,UAAI50E,KAAWsjE,IAKlS,GAJ0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAahgF,GAAUigF,GAAyBj3C,GAChD0yC,EAAiBrtD,GAAQqtD,GAAiBrJ,EAAchkD,GAAQgkD,GAAc4H,EAAY5rD,GAAQ4rD,GAClGyC,EAAgBruD,GAAQquD,GAAgBT,EAAmB5tD,GAAQ4tD,GAAmB4D,EAAiBxxD,GAAQwxD,GAAiBC,EAAoBzxD,GAAQyxD,GAAoBC,EAAqB1xD,GAAQ0xD,GACzMtR,EAAK5qC,SACP,MAAUp6C,MAAM,+JAElB,GAAIglF,EAAKyR,WAAY,MAAUz2F,MAAM,gGACrC,GAAIglF,EAAKqI,YAAa,MAAUrtF,MAAM,8FACtC,QAAmBnC,IAAfmnF,EAAK7uE,MAAqB,MAAUnW,MAAM,oFAC9C,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAE3HwqF,IACHA,EAAc,IAEhB,MAAM8N,EAAYngF,EAAQ69D,WAC1B,IASE,IARIwU,EAAY5qF,QAAU+T,KACxBwE,QAAgBA,EAAQwjC,KAAK6uC,EAAa72E,EAAWkhF,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,IAEhHnL,EAAUA,EAAQi/D,eACVkR,GAAiB,cAAeuL,EAAgB1iB,EAAM8mB,EAAmB30E,GAC/EA,GAEFnL,QAAgBA,EAAQoZ,QAAQsiE,EAAgBzB,EAAW9X,EAAY6Z,EAAUC,EAAkBjjB,EAAM8mB,EAAmB30E,GAC7G,WAAX69B,EAAqB,OAAOhpC,EAEhC,MAAMJ,EAAmB,YAAXopC,EAEd,OAAOo3C,GADMxgF,EAAQI,EAAQJ,MAAMuL,GAAUnL,EAAQ7X,QAC1Bg4F,EAAWvgF,EAAQ,OAAS,UACvD,MAAOkoC,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,CAmCOtgD,eAAe6xB,IAAQrZ,QAAEA,EAAOg6E,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWxH,iBAAEA,EAAgB2N,aAAEA,GAAe,EAAKr3C,OAAEA,EAAS,OAAMxtC,UAAEA,EAAY,KAAIw9D,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWsjE,IAGxL,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAahgF,GAAU0yE,EAAmBrkD,GAAQqkD,GAAmBsH,EAAiB3rD,GAAQ2rD,GAAiBC,EAAY5rD,GAAQ4rD,GAAYC,EAAc7rD,GAAQ6rD,GACjKzL,EAAKqI,YAAa,MAAUrtF,MAAM,iGACtC,GAAIglF,EAAKyR,WAAY,MAAUz2F,MAAM,kGACrC,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IACE,MAAM64E,QAAkB1gE,EAAQqZ,QAAQ2gE,EAAgBC,EAAWC,EAAalhB,EAAM7tD,GACjFunE,IACHA,EAAmB,IAGrB,MAAM5qF,EAAS,GAKf,GAJAA,EAAOinF,WAAavzE,QAAkBklE,EAAU4c,eAAe9hF,EAAWk3E,EAAkB1Z,EAAM7tD,SAAgBu1D,EAAU38B,OAAO2uC,EAAkB1Z,EAAM7tD,GAC3JrjB,EAAOyI,KAAkB,WAAXy4C,EAAsB03B,EAAU+a,iBAAmB/a,EAAUvH,UAC3ErxE,EAAOmxE,SAAWyH,EAAUnH,cAC5B+mB,GAAYx4F,EAAQkY,GAChBqgF,EAAc,CAChB,GAAgC,IAA5B3N,EAAiBjrF,OACnB,MAAUgC,MAAM,+DAElB,GAAiC,IAA7B3B,EAAOinF,WAAWtnF,OACpB,MAAUgC,MAAM,yBAElB3B,EAAOyI,KAAOyT,EAAc,CAC1Blc,EAAOyI,KACPorE,GAAiBn0E,gBACTqZ,GAAKmG,WAAWlf,EAAOinF,WAAWpgF,KAAIm1C,GAAOA,EAAI61B,WAAU,MAKvE,OADA7xE,EAAOyI,WAAa6vF,GAAct4F,EAAOyI,KAAMyP,EAAQ69D,WAAY70B,GAC5DlhD,EACP,MAAOggD,GACP,MAAMjnC,GAAK8F,UAAU,2BAA4BmhC,GAErD,CA0BOtgD,eAAeg8C,IAAKxjC,QAAEA,EAAOqyE,YAAEA,EAAWrpC,OAAEA,EAAS,UAASnF,SAAEA,GAAW,EAAK64C,cAAEA,EAAgB,GAAE1jB,KAAEA,EAAO,IAAI33D,KAAMw+E,eAAEA,EAAiB,GAAEE,mBAAEA,EAAqB,UAAI50E,KAAWsjE,IAKvL,GAJ0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCo1E,GAAwBvgF,GAAUigF,GAAyBj3C,GAC3DqpC,EAAchkD,GAAQgkD,GAAcqK,EAAgBruD,GAAQquD,GAAgBmD,EAAiBxxD,GAAQwxD,GAAiBE,EAAqB1xD,GAAQ0xD,GAE/ItR,EAAKqI,YAAa,MAAUrtF,MAAM,2FACtC,QAAmBnC,IAAfmnF,EAAK7uE,MAAqB,MAAUnW,MAAM,iFAC9C,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAImY,aAAmBm+E,IAA+B,WAAXn1C,EAAqB,MAAUv/C,MAAM,2DAChF,GAAIuW,aAAmBm+E,IAAoBt6C,EAAU,MAAUp6C,MAAM,0CAErE,IAAK4oF,GAAsC,IAAvBA,EAAY5qF,OAC9B,MAAUgC,MAAM,4BAGlB,IACE,IAAI+R,EAMJ,GAJEA,EADEqoC,QACgB7jC,EAAQwgF,aAAanO,OAAa/qF,EAAWo1F,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,SAEtGnL,EAAQwjC,KAAK6uC,OAAa/qF,EAAWo1F,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,GAEnG,WAAX69B,EAAqB,OAAOxtC,EAEhC,MAAMoE,EAAmB,YAAXopC,EAUd,OATAxtC,EAAYoE,EAAQpE,EAAUoE,MAAMuL,GAAU3P,EAAUrT,QACpD07C,IACFroC,EAAYwR,EAAqBhN,EAAQ29D,QAAQx1E,SAASX,MAAOyH,EAAUC,WACnE5I,QAAQ+H,IAAI,CAChBkf,EAAY/R,EAAWtM,GACvBme,EAAiBpe,GAAUxI,OAAM,UACjC,KAGC25F,GAAc5kF,EAAWwE,EAAQ69D,WAAYj+D,EAAQ,OAAS,UACrE,MAAOkoC,GACP,MAAMjnC,GAAK8F,UAAU,wBAAyBmhC,GAElD,CA8BOtgD,eAAeu8C,IAAO/jC,QAAEA,EAAO0yE,iBAAEA,EAAgB2N,aAAEA,GAAe,EAAKr3C,OAAEA,EAAS,OAAMxtC,UAAEA,EAAY,KAAIw9D,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWsjE,IAG/I,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCo1E,GAAwBvgF,GAAU0yE,EAAmBrkD,GAAQqkD,GACzDjE,EAAKyR,WAAY,MAAUz2F,MAAM,iGACrC,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,GAAImY,aAAmBm+E,IAA+B,WAAXn1C,EAAqB,MAAUv/C,MAAM,iDAChF,GAAIuW,aAAmBm+E,IAAoB3iF,EAAW,MAAU/R,MAAM,6CAEtE,IACE,MAAM3B,EAAS,GAQf,GANEA,EAAOinF,WADLvzE,QACwBwE,EAAQs9E,eAAe9hF,EAAWk3E,EAAkB1Z,EAAM7tD,SAE1DnL,EAAQ+jC,OAAO2uC,EAAkB1Z,EAAM7tD,GAEnErjB,EAAOyI,KAAkB,WAAXy4C,EAAsBhpC,EAAQy7E,iBAAmBz7E,EAAQm5D,UACnEn5D,EAAQ69D,aAAeriE,GAAW8kF,GAAYx4F,EAAQkY,GACtDqgF,EAAc,CAChB,GAAiC,IAA7Bv4F,EAAOinF,WAAWtnF,OACpB,MAAUgC,MAAM,yBAElB3B,EAAOyI,KAAOyT,EAAc,CAC1Blc,EAAOyI,KACPorE,GAAiBn0E,gBACTqZ,GAAKmG,WAAWlf,EAAOinF,WAAWpgF,KAAIm1C,GAAOA,EAAI61B,WAAU,MAKvE,OADA7xE,EAAOyI,WAAa6vF,GAAct4F,EAAOyI,KAAMyP,EAAQ69D,WAAY70B,GAC5DlhD,EACP,MAAOggD,GACP,MAAMjnC,GAAK8F,UAAU,iCAAkCmhC,GAE3D,CAoBOtgD,eAAem8E,IAAmB+X,eAAEA,EAAc1iB,KAAEA,EAAO,IAAI33D,KAAMy+E,kBAAEA,EAAoB,UAAI30E,KAAWsjE,IAG/G,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCuwE,EAAiBrtD,GAAQqtD,GAAiBoE,EAAoBzxD,GAAQyxD,GAClErR,EAAKyR,WAAY,MAAUz2F,MAAM,2GACrC,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAEE,aAD0B8xF,GAAQhW,mBAAmB+X,EAAgB1iB,EAAM8mB,EAAmB30E,GAE9F,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,+BAAgCmhC,GAEzD,CAqBOtgD,eAAe00F,IAAkB3rF,KAAEA,EAAIggD,UAAEA,EAASwwB,cAAEA,EAAa2a,eAAEA,EAAczB,UAAEA,EAASjxC,OAAEA,EAAS,UAASgzC,SAAEA,GAAW,EAAKC,iBAAEA,EAAmB,GAAEjjB,KAAEA,EAAO,IAAI33D,KAAMy+E,kBAAEA,EAAoB,UAAI30E,KAAWsjE,IAItN,GAH0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAgElC,SAAqB5a,EAAMoB,GACzB,IAAKkP,GAAK1X,aAAaoH,GACrB,MAAU9G,MAAM,eAAiBkI,GAAQ,QAAU,+BAEvD,CAnEE8uF,CAAYlwF,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAKkP,GAAKC,SAASvQ,GACjB,MAAU9G,MAAM,eAAiBkI,GAAQ,QAAU,2BAEvD,CA9DqB+uF,CAAYnwC,EAAW,aAAc0vC,GAAyBj3C,GACjF0yC,EAAiBrtD,GAAQqtD,GAAiBzB,EAAY5rD,GAAQ4rD,GAAYgC,EAAmB5tD,GAAQ4tD,GAAmB6D,EAAoBzxD,GAAQyxD,GAChJrR,EAAKyR,WAAY,MAAUz2F,MAAM,0GACrC,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,KAAM6zF,GAA4C,IAA1BA,EAAej0F,QAAmBwyF,GAAkC,IAArBA,EAAUxyF,QAC/E,MAAUgC,MAAM,6CAGlB,IAEE,OAAOu1F,SADerF,GAAQuC,kBAAkB3rF,EAAMggD,EAAWwwB,EAAe2a,EAAgBzB,EAAW+B,EAAUC,EAAkBjjB,EAAM8mB,EAAmB30E,GACnI69B,EAAQ79B,GACrC,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,+BAAgCmhC,GAEzD,CAiBOtgD,eAAe4yF,IAAmBp6E,QAAEA,EAAOg6E,eAAEA,EAAcC,UAAEA,EAASjhB,KAAEA,EAAO,IAAI33D,YAAQ8J,KAAWsjE,IAG3G,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAahgF,GAAUg6E,EAAiB3rD,GAAQ2rD,GAAiBC,EAAY5rD,GAAQ4rD,GACjFxL,EAAKqI,YAAa,MAAUrtF,MAAM,4GACtC,MAAMilF,EAAiBl9E,OAAOqoB,KAAK40D,GAAO,GAAIC,EAAejnF,OAAS,EAAG,MAAUgC,MAAM,mBAAmBilF,EAAe7mF,KAAK,OAEhI,IAEE,aAD0BmY,EAAQo6E,mBAAmBJ,EAAgBC,EAAWjhB,EAAM7tD,GAEtF,MAAO28B,GACP,MAAMjnC,GAAK8F,UAAU,gCAAiCmhC,GAE1D,CAwBA,SAASk4C,GAAahgF,GACpB,KAAMA,aAAmB25E,IACvB,MAAUlwF,MAAM,kDAEpB,CACA,SAAS82F,GAAwBvgF,GAC/B,KAAMA,aAAmBm+E,IAAuBn+E,aAAmB25E,IACjE,MAAUlwF,MAAM,sEAEpB,CACA,SAASw2F,GAAyBj3C,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUv/C,MAAM,sBAAsBu/C,EAE1C,CACA,MAAM23C,GAA0BnvF,OAAOqoB,KAAKpN,IAAehlB,OAC3D,SAASo3F,GAAY1zE,GACnB,MAAMy1E,EAAmBpvF,OAAOqoB,KAAK1O,GACrC,GAAIy1E,EAAiBn5F,SAAWk5F,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiCt5F,IAA7BmlB,GAAco0E,GAChB,MAAUp3F,MAAM,4BAA4Bo3F,EAIpD,CAQA,SAASxyD,GAAQ6jB,GAIf,OAHIA,IAAUrxC,GAAKha,QAAQqrD,KACzBA,EAAQ,CAACA,IAEJA,CACT,CAWA1qD,eAAe44F,GAAc7vF,EAAM4vF,EAAWW,EAAW,QACvD,MAAMz0F,EAAawU,GAAK9X,SAASwH,GACjC,MAAmB,UAAflE,EACKghB,EAAiB9c,GAER,SAAd4vF,GACF5vF,EAAOovE,EAAiBpvE,GACP,WAAbuwF,GAAuBvwF,EAAKwwF,YAAYD,GACrCvwF,GAES,QAAd4vF,GAAsC,aAAf9zF,EAClB20F,EAAwBzwF,GAE1BA,CACT,CAUA,SAAS+vF,GAAYx4F,EAAQkY,GAC3BlY,EAAOyI,KAAOyc,EAAqBhN,EAAQ29D,QAAQv2E,QAAQI,MAAOyH,EAAUC,WACpEqe,EAAYzlB,EAAOyI,KAAMrB,EAAU,CACvCE,cAAc,IAEhB,MAAMrI,EAASmmB,EAAiBhe,GAChC,UAEQme,EAAiBpe,GAAU87C,GAAKA,UAChChkD,EAAOsB,QACb,MAAOyC,SACD/D,EAAOuB,MAAMwC,MAGzB,CASA,SAASk0F,GAAaiC,EAAQj4C,EAAQ79B,GACpC,OAAQ69B,GACN,IAAK,SACH,OAAOi4C,EACT,IAAK,UACH,OAAOA,EAAOrhF,MAAMuL,GACtB,IAAK,SACH,OAAO81E,EAAO94F,QAChB,QACE,MAAUsB,MAAM,sBAAsBu/C,GAE5C,CCrtBA,MAAMk4C,GAAmC,mBAAXr7F,QAAoD,iBAApBA,OAAOs7F,SACjEt7F,OACAu7F,GAAe,UAAUA,KAG7B,SAASC,KAET,CAaA,MAAMC,GAXkB,oBAATl9C,KACAA,KAEgB,oBAAX8b,OACLA,OAEgB,oBAAXsmB,OACLA,YADN,EAOT,SAAS+a,GAAahuF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CACA,MAAMiuF,GAAiCH,GAEjCI,GAAkBn7F,QAClBo7F,GAAsBp7F,QAAQe,UAAUY,KACxC05F,GAAyBr7F,QAAQC,QAAQ2F,KAAKu1F,IAC9CG,GAAwBt7F,QAAQE,OAAO0F,KAAKu1F,IAClD,SAASI,GAAWC,GAChB,OAAO,IAAIL,GAAgBK,EAC/B,CACA,SAASC,GAAoBr6F,GACzB,OAAOi6F,GAAuBj6F,EAClC,CACA,SAASs6F,GAAoBz5F,GACzB,OAAOq5F,GAAsBr5F,EACjC,CACA,SAAS05F,GAAmB96E,EAAS+6E,EAAaC,GAG9C,OAAOT,GAAoBv6F,KAAKggB,EAAS+6E,EAAaC,EAC1D,CACA,SAASC,GAAYj7E,EAAS+6E,EAAaC,GACvCF,GAAmBA,GAAmB96E,EAAS+6E,EAAaC,QAAa76F,EAAWk6F,GACxF,CACA,SAASa,GAAgBl7E,EAAS+6E,GAC9BE,GAAYj7E,EAAS+6E,EACzB,CACA,SAASI,GAAcn7E,EAASg7E,GAC5BC,GAAYj7E,OAAS7f,EAAW66F,EACpC,CACA,SAASI,GAAqBp7E,EAASq7E,EAAoBC,GACvD,OAAOR,GAAmB96E,EAASq7E,EAAoBC,EAC3D,CACA,SAASC,GAA0Bv7E,GAC/B86E,GAAmB96E,OAAS7f,EAAWk6F,GAC3C,CACA,MAAMmB,GAAiB,MACnB,MAAMC,EAAuBtB,IAAWA,GAAQqB,eAChD,GAAoC,mBAAzBC,EACP,OAAOA,EAEX,MAAMC,EAAkBd,QAAoBz6F,GAC5C,OAAQoJ,GAAOuxF,GAAmBY,EAAiBnyF,EACtD,EAPsB,GAQvB,SAASoyF,GAAYC,EAAGhwC,EAAGz7B,GACvB,GAAiB,mBAANyrE,EACP,MAAM,IAAIxqE,UAAU,8BAExB,OAAOyqE,SAAS37F,UAAUic,MAAMnc,KAAK47F,EAAGhwC,EAAGz7B,EAC/C,CACA,SAAS2rE,GAAYF,EAAGhwC,EAAGz7B,GACvB,IACI,OAAOyqE,GAAoBe,GAAYC,EAAGhwC,EAAGz7B,IAEjD,MAAO5vB,GACH,OAAOs6F,GAAoBt6F,GAEnC,CAWA,MAAMw7F,GACF/8F,cACIE,KAAK88F,QAAU,EACf98F,KAAK+8F,MAAQ,EAEb/8F,KAAKg9F,OAAS,CACVC,UAAW,GACXC,WAAOj8F,GAEXjB,KAAKm9F,MAAQn9F,KAAKg9F,OAIlBh9F,KAAK88F,QAAU,EAEf98F,KAAK+8F,MAAQ,EAEb37F,aACA,OAAOpB,KAAK+8F,MAMhBl7F,KAAK0B,GACD,MAAM65F,EAAUp9F,KAAKm9F,MACrB,IAAIE,EAAUD,EACmBE,QAA7BF,EAAQH,UAAU77F,SAClBi8F,EAAU,CACNJ,UAAW,GACXC,WAAOj8F,IAKfm8F,EAAQH,UAAUp7F,KAAK0B,GACnB85F,IAAYD,IACZp9F,KAAKm9F,MAAQE,EACbD,EAAQF,MAAQG,KAElBr9F,KAAK+8F,MAIXz2F,QACI,MAAMi3F,EAAWv9F,KAAKg9F,OACtB,IAAIQ,EAAWD,EACf,MAAME,EAAYz9F,KAAK88F,QACvB,IAAIY,EAAYD,EAAY,EAC5B,MAAME,EAAWJ,EAASN,UACpB15F,EAAUo6F,EAASF,GAazB,OAtEqB,QA0DjBC,IACAF,EAAWD,EAASL,MACpBQ,EAAY,KAGd19F,KAAK+8F,MACP/8F,KAAK88F,QAAUY,EACXH,IAAaC,IACbx9F,KAAKg9F,OAASQ,GAGlBG,EAASF,QAAax8F,EACfsC,EAUXD,QAAQ+B,GACJ,IAAIlC,EAAInD,KAAK88F,QACTh1C,EAAO9nD,KAAKg9F,OACZW,EAAW71C,EAAKm1C,UACpB,OAAO95F,IAAMw6F,EAASv8F,aAAyBH,IAAf6mD,EAAKo1C,OAC7B/5F,IAAMw6F,EAASv8F,SACf0mD,EAAOA,EAAKo1C,MACZS,EAAW71C,EAAKm1C,UAChB95F,EAAI,EACoB,IAApBw6F,EAASv8F,UAIjBiE,EAASs4F,EAASx6F,MAChBA,EAKVy6F,OACI,MAAMC,EAAQ79F,KAAKg9F,OACbjsE,EAAS/wB,KAAK88F,QACpB,OAAOe,EAAMZ,UAAUlsE,IAI/B,SAAS+sE,GAAsCn4F,EAAQ5E,GACnD4E,EAAOo4F,qBAAuBh9F,EAC9BA,EAAOmE,QAAUS,EACK,aAAlB5E,EAAOi9F,OACPC,GAAqCt4F,GAEd,WAAlB5E,EAAOi9F,OAsCpB,SAAwDr4F,GACpDs4F,GAAqCt4F,GACrCu4F,GAAkCv4F,EACtC,CAxCQw4F,CAA+Cx4F,GAG/Cy4F,GAA+Cz4F,EAAQ5E,EAAOs9F,aAEtE,CAGA,SAASC,GAAkC34F,EAAQzD,GAE/C,OAAOq8F,GADQ54F,EAAOo4F,qBACc77F,EACxC,CACA,SAASs8F,GAAmC74F,GACG,aAAvCA,EAAOo4F,qBAAqBC,OAC5BS,GAAiC94F,EAAQ,IAAIusB,UAAU,qFAoC/D,SAAmDvsB,EAAQzD,GACvDk8F,GAA+Cz4F,EAAQzD,EAC3D,CAnCQw8F,CAA0C/4F,EAAQ,IAAIusB,UAAU,qFAEpEvsB,EAAOo4F,qBAAqB74F,aAAUjE,EACtC0E,EAAOo4F,0BAAuB98F,CAClC,CAEA,SAAS09F,GAAoBrzF,GACzB,OAAO,IAAI4mB,UAAU,UAAY5mB,EAAO,oCAC5C,CAEA,SAAS2yF,GAAqCt4F,GAC1CA,EAAOi5F,eAAiBpD,IAAW,CAACt7F,EAASC,KACzCwF,EAAOk5F,uBAAyB3+F,EAChCyF,EAAOm5F,sBAAwB3+F,CAAM,GAE7C,CACA,SAASi+F,GAA+Cz4F,EAAQzD,GAC5D+7F,GAAqCt4F,GACrC84F,GAAiC94F,EAAQzD,EAC7C,CAKA,SAASu8F,GAAiC94F,EAAQzD,QACTjB,IAAjC0E,EAAOm5F,wBAGXzC,GAA0B12F,EAAOi5F,gBACjCj5F,EAAOm5F,sBAAsB58F,GAC7ByD,EAAOk5F,4BAAyB59F,EAChC0E,EAAOm5F,2BAAwB79F,EACnC,CAIA,SAASi9F,GAAkCv4F,QACD1E,IAAlC0E,EAAOk5F,yBAGXl5F,EAAOk5F,4BAAuB59F,GAC9B0E,EAAOk5F,4BAAyB59F,EAChC0E,EAAOm5F,2BAAwB79F,EACnC,CAEA,MAAM89F,GAAalE,GAAe,kBAC5BmE,GAAanE,GAAe,kBAC5BoE,GAAcpE,GAAe,mBAC7BqE,GAAYrE,GAAe,iBAI3BsE,GAAiBzvF,OAAO0vF,UAAY,SAAUlyF,GAChD,MAAoB,iBAANA,GAAkBkyF,SAASlyF,EAC7C,EAIMmyF,GAAYvzF,KAAKwzF,OAAS,SAAUpnD,GACtC,OAAOA,EAAI,EAAIpsC,KAAKmQ,KAAKi8B,GAAKpsC,KAAKsP,MAAM88B,EAC7C,EAMA,SAASqnD,GAAiB9+C,EAAK++C,GAC3B,QAAYv+F,IAARw/C,IAHgB,iBADFvzC,EAIqBuzC,IAHM,mBAANvzC,GAInC,MAAM,IAAIglB,UAAastE,EAAH,sBAL5B,IAAsBtyF,CAOtB,CAEA,SAASuyF,GAAevyF,EAAGsyF,GACvB,GAAiB,mBAANtyF,EACP,MAAM,IAAIglB,UAAastE,EAAH,sBAE5B,CAKA,SAASE,GAAaxyF,EAAGsyF,GACrB,IAJJ,SAAkBtyF,GACd,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAES+5E,CAAS/5E,GACV,MAAM,IAAIglB,UAAastE,EAAH,qBAE5B,CACA,SAASG,GAAuBzyF,EAAG0yF,EAAUJ,GACzC,QAAUv+F,IAANiM,EACA,MAAM,IAAIglB,UAAU,aAAa0tE,qBAA4BJ,MAErE,CACA,SAASK,GAAoB3yF,EAAG4yF,EAAON,GACnC,QAAUv+F,IAANiM,EACA,MAAM,IAAIglB,UAAU,GAAG4tE,qBAAyBN,MAExD,CAEA,SAASO,GAA0B1+F,GAC/B,OAAOqO,OAAOrO,EAClB,CACA,SAAS2+F,GAAmB9yF,GACxB,OAAa,IAANA,EAAU,EAAIA,CACzB,CAKA,SAAS+yF,GAAwC5+F,EAAOm+F,GACpD,MACMU,EAAaxwF,OAAOC,iBAC1B,IAAIzC,EAAIwC,OAAOrO,GAEf,GADA6L,EAAI8yF,GAAmB9yF,IAClBiyF,GAAejyF,GAChB,MAAM,IAAIglB,UAAastE,EAAH,2BAGxB,GADAtyF,EAZJ,SAAqBA,GACjB,OAAO8yF,GAAmBX,GAAUnyF,GACxC,CAUQizF,CAAYjzF,GACZA,EARe,GAQGA,EAAIgzF,EACtB,MAAM,IAAIhuE,UAAU,GAAGstE,2CAA6DU,gBAExF,OAAKf,GAAejyF,IAAY,IAANA,EAOnBA,EANI,CAOf,CAEA,SAASkzF,GAAqBlzF,EAAGsyF,GAC7B,IAAKa,GAAiBnzF,GAClB,MAAM,IAAIglB,UAAastE,EAAH,4BAE5B,CAGA,SAASc,GAAmCv/F,GACxC,OAAO,IAAIw/F,GAA4Bx/F,EAC3C,CAEA,SAASy/F,GAA6Bz/F,EAAQ0/F,GAC1C1/F,EAAOmE,QAAQw7F,cAAc7+F,KAAK4+F,EACtC,CACA,SAASE,GAAiC5/F,EAAQgB,EAAOT,GACrD,MACMm/F,EADS1/F,EAAOmE,QACKw7F,cAAcp6F,QACrChF,EACAm/F,EAAYG,cAGZH,EAAYI,YAAY9+F,EAEhC,CACA,SAAS++F,GAAiC//F,GACtC,OAAOA,EAAOmE,QAAQw7F,cAAct/F,MACxC,CACA,SAAS2/F,GAA+BhgG,GACpC,MAAM4E,EAAS5E,EAAOmE,QACtB,YAAejE,IAAX0E,KAGCq7F,GAA8Br7F,EAIvC,CAMA,MAAM46F,GACFzgG,YAAYiB,GAGR,GAFA4+F,GAAuB5+F,EAAQ,EAAG,+BAClCq/F,GAAqBr/F,EAAQ,mBACzBkgG,GAAuBlgG,GACvB,MAAM,IAAImxB,UAAU,+EAExB4rE,GAAsC99F,KAAMe,GAC5Cf,KAAK0gG,cAAgB,IAAI7D,GAMzBh8F,aACA,OAAKmgG,GAA8BhhG,MAG5BA,KAAK4+F,eAFDjD,GAAoBuF,GAAiC,WAOpEr8F,OAAO3C,EAASjB,WACZ,OAAK+/F,GAA8BhhG,WAGDiB,IAA9BjB,KAAK+9F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCt+F,KAAMkC,GALpCy5F,GAAoBuF,GAAiC,WAYpEhgG,OACI,IAAK8/F,GAA8BhhG,MAC/B,OAAO27F,GAAoBuF,GAAiC,SAEhE,QAAkCjgG,IAA9BjB,KAAK+9F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACt7F,EAASC,KACjCghG,EAAiBjhG,EACjBkhG,EAAgBjhG,CAAM,IAQ1B,OADAkhG,GAAgCrhG,KALZ,CAChB6gG,YAAa9+F,GAASo/F,EAAe,CAAE9/F,MAAOU,EAAOT,MAAM,IAC3Ds/F,YAAa,IAAMO,EAAe,CAAE9/F,WAAOJ,EAAWK,MAAM,IAC5DggG,YAAa78F,GAAK28F,EAAc38F,KAG7Bqc,EAWXlgB,cACI,IAAKogG,GAA8BhhG,MAC/B,MAAMkhG,GAAiC,eAE3C,QAAkCjgG,IAA9BjB,KAAK+9F,qBAAT,CAGA,GAAI/9F,KAAK0gG,cAAct/F,OAAS,EAC5B,MAAM,IAAI8wB,UAAU,uFAExBssE,GAAmCx+F,QAgB3C,SAASghG,GAA8B9zF,GACnC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,gBAIjD,CACA,SAASm0F,GAAgC17F,EAAQ86F,GAC7C,MAAM1/F,EAAS4E,EAAOo4F,qBACtBh9F,EAAOwgG,YAAa,EACE,WAAlBxgG,EAAOi9F,OACPyC,EAAYG,cAEW,YAAlB7/F,EAAOi9F,OACZyC,EAAYa,YAAYvgG,EAAOs9F,cAG/Bt9F,EAAOygG,0BAA0BtC,IAAWuB,EAEpD,CAEA,SAASS,GAAiC51F,GACtC,OAAO,IAAI4mB,UAAU,yCAAyC5mB,sDAClE,CAGA,IAAIm2F,GAzCJt2F,OAAOu2F,iBAAiBnB,GAA4Bv/F,UAAW,CAC3D6D,OAAQ,CAAEmhC,YAAY,GACtB9kC,KAAM,CAAE8kC,YAAY,GACpBplC,YAAa,CAAEolC,YAAY,GAC3BnlC,OAAQ,CAAEmlC,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe80F,GAA4Bv/F,UAAW65F,GAAe8G,YAAa,CACrFtgG,MAAO,8BACP4kC,cAAc,IAiCsB,iBAAjC40D,GAAe+G,gBAGtBH,GAAyB,CAGrB,CAAC5G,GAAe+G,iBACZ,OAAO5hG,OAGfmL,OAAOM,eAAeg2F,GAAwB5G,GAAe+G,cAAe,CAAE57D,YAAY,KAI9F,MAAM67D,GACF/hG,YAAY6F,EAAQyD,GAChBpJ,KAAK8hG,qBAAkB7gG,EACvBjB,KAAK+hG,aAAc,EACnB/hG,KAAKkF,QAAUS,EACf3F,KAAKgiG,eAAiB54F,EAE1Bq6D,OACI,MAAMw+B,EAAY,IAAMjiG,KAAKkiG,aAI7B,OAHAliG,KAAK8hG,gBAAkB9hG,KAAK8hG,gBACxB5F,GAAqBl8F,KAAK8hG,gBAAiBG,EAAWA,GACtDA,IACGjiG,KAAK8hG,gBAEhBK,OAAO9gG,GACH,MAAM+gG,EAAc,IAAMpiG,KAAKqiG,aAAahhG,GAC5C,OAAOrB,KAAK8hG,gBACR5F,GAAqBl8F,KAAK8hG,gBAAiBM,EAAaA,GACxDA,IAERF,aACI,GAAIliG,KAAK+hG,YACL,OAAO9hG,QAAQC,QAAQ,CAAEmB,WAAOJ,EAAWK,MAAM,IAErD,MAAMqE,EAAS3F,KAAKkF,QACpB,QAAoCjE,IAAhC0E,EAAOo4F,qBACP,OAAOpC,GAAoBgD,GAAoB,YAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACt7F,EAASC,KACjCghG,EAAiBjhG,EACjBkhG,EAAgBjhG,CAAM,IAuB1B,OADAkhG,GAAgC17F,EApBZ,CAChBk7F,YAAa9+F,IACT/B,KAAK8hG,qBAAkB7gG,EAGvBq7F,IAAe,IAAM6E,EAAe,CAAE9/F,MAAOU,EAAOT,MAAM,KAAS,EAEvEs/F,YAAa,KACT5gG,KAAK8hG,qBAAkB7gG,EACvBjB,KAAK+hG,aAAc,EACnBvD,GAAmC74F,GACnCw7F,EAAe,CAAE9/F,WAAOJ,EAAWK,MAAM,GAAO,EAEpDggG,YAAap/F,IACTlC,KAAK8hG,qBAAkB7gG,EACvBjB,KAAK+hG,aAAc,EACnBvD,GAAmC74F,GACnCy7F,EAAcl/F,EAAO,IAItB4e,EAEXuhF,aAAahhG,GACT,GAAIrB,KAAK+hG,YACL,OAAO9hG,QAAQC,QAAQ,CAAEmB,QAAOC,MAAM,IAE1CtB,KAAK+hG,aAAc,EACnB,MAAMp8F,EAAS3F,KAAKkF,QACpB,QAAoCjE,IAAhC0E,EAAOo4F,qBACP,OAAOpC,GAAoBgD,GAAoB,qBAEnD,IAAK3+F,KAAKgiG,eAAgB,CACtB,MAAMvgG,EAAS68F,GAAkC34F,EAAQtE,GAEzD,OADAm9F,GAAmC74F,GAC5Bu2F,GAAqBz6F,GAAQ,MAASJ,QAAOC,MAAM,MAG9D,OADAk9F,GAAmC74F,GAC5B+1F,GAAoB,CAAEr6F,QAAOC,MAAM,KAGlD,MAAMghG,GAAuC,CACzC7+B,OACI,OAAK8+B,GAA8BviG,MAG5BA,KAAKwiG,mBAAmB/+B,OAFpBk4B,GAAoB8G,GAAuC,UAI1EN,OAAO9gG,GACH,OAAKkhG,GAA8BviG,MAG5BA,KAAKwiG,mBAAmBL,OAAO9gG,GAF3Bs6F,GAAoB8G,GAAuC,aAgB9E,SAASF,GAA8Br1F,GACnC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,qBAIjD,CAEA,SAASu1F,GAAuCn3F,GAC5C,OAAO,IAAI4mB,UAAU,+BAA+B5mB,qDACxD,MAvB+BrK,IAA3BwgG,IACAt2F,OAAOu3F,eAAeJ,GAAsCb,IA0BhE,MAAMkB,GAAcjzF,OAAOkzF,OAAS,SAAU11F,GAE1C,OAAOA,GAAMA,CACjB,EAEA,SAAS21F,GAA0B3qD,GAC/B,QAQJ,SAA6BA,GACzB,GAAiB,iBAANA,EACP,OAAO,EAEX,GAAIyqD,GAAYzqD,GACZ,OAAO,EAEX,GAAIA,EAAI,EACJ,OAAO,EAEX,OAAO,CACX,CAnBS4qD,CAAoB5qD,IAGrBA,IAAMtsC,GAId,CAcA,SAASm3F,GAAaC,GAClB,MAAMC,EAAOD,EAAUE,OAAO58F,QAK9B,OAJA08F,EAAUG,iBAAmBF,EAAK79F,KAC9B49F,EAAUG,gBAAkB,IAC5BH,EAAUG,gBAAkB,GAEzBF,EAAK5hG,KAChB,CACA,SAAS+hG,GAAqBJ,EAAW3hG,EAAO+D,GAE5C,IAAKy9F,GADLz9F,EAAOsK,OAAOtK,IAEV,MAAM,IAAIwwC,WAAW,wDAEzBotD,EAAUE,OAAOrhG,KAAK,CAAER,QAAO+D,SAC/B49F,EAAUG,iBAAmB/9F,CACjC,CAKA,SAASi+F,GAAWL,GAChBA,EAAUE,OAAS,IAAIrG,GACvBmG,EAAUG,gBAAkB,CAChC,CAEA,SAASG,GAAoB3F,GAGzB,OAAOA,EAASj8F,OACpB,CAkBA,MAAM6hG,GACFzjG,cACI,MAAM,IAAIoyB,UAAU,uBAKpBigB,WACA,IAAKqxD,GAA4BxjG,MAC7B,MAAMyjG,GAA+B,QAEzC,OAAOzjG,KAAK0jG,MAEhBC,QAAQC,GACJ,IAAKJ,GAA4BxjG,MAC7B,MAAMyjG,GAA+B,WAIzC,GAFA9D,GAAuBiE,EAAc,EAAG,WACxCA,EAAe3D,GAAwC2D,EAAc,wBAChB3iG,IAAjDjB,KAAK6jG,wCACL,MAAM,IAAI3xE,UAAU,0CAEHlyB,KAAK0jG,MAAMr/F,OAufxC,SAA6CJ,EAAY2/F,GAErD,GADAA,EAAel0F,OAAOk0F,IACjBf,GAA0Be,GAC3B,MAAM,IAAIhuD,WAAW,iCAEzBkuD,GAA4C7/F,EAAY2/F,EAC5D,CA5fQG,CAAoC/jG,KAAK6jG,wCAAyCD,GAEtFI,mBAAmB7xD,GACf,IAAKqxD,GAA4BxjG,MAC7B,MAAMyjG,GAA+B,sBAGzC,GADA9D,GAAuBxtD,EAAM,EAAG,uBAC3B3sB,YAAYy+E,OAAO9xD,GACpB,MAAM,IAAIjgB,UAAU,gDAExB,GAAwB,IAApBigB,EAAK5tC,WACL,MAAM,IAAI2tB,UAAU,uCAExB,GAA+B,IAA3BigB,EAAK9tC,OAAOE,WACZ,MAAM,IAAI2tB,UAAU,gDAExB,QAAqDjxB,IAAjDjB,KAAK6jG,wCACL,MAAM,IAAI3xE,UAAU,2CA4ehC,SAAwDjuB,EAAYkuC,GAChE,MAAM+xD,EAAkBjgG,EAAWkgG,kBAAkBvG,OACrD,GAAIsG,EAAgB5/F,WAAa4/F,EAAgBE,cAAgBjyD,EAAK7tC,WAClE,MAAM,IAAIsxC,WAAW,2DAEzB,GAAIsuD,EAAgB3/F,aAAe4tC,EAAK5tC,WACpC,MAAM,IAAIqxC,WAAW,8DAEzBsuD,EAAgB7/F,OAAS8tC,EAAK9tC,OAC9By/F,GAA4C7/F,EAAYkuC,EAAK5tC,WACjE,CApfQ8/F,CAA+CrkG,KAAK6jG,wCAAyC1xD,IAGrGhnC,OAAOu2F,iBAAiB6B,GAA0BviG,UAAW,CACzD2iG,QAAS,CAAE39D,YAAY,GACvBg+D,mBAAoB,CAAEh+D,YAAY,GAClCmM,KAAM,CAAEnM,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe83F,GAA0BviG,UAAW65F,GAAe8G,YAAa,CACnFtgG,MAAO,4BACP4kC,cAAc,IAQtB,MAAMq+D,GACFxkG,cACI,MAAM,IAAIoyB,UAAU,uBAKpBqyE,kBACA,IAAKC,GAA+BxkG,MAChC,MAAMykG,GAAwC,eAElD,GAA0B,OAAtBzkG,KAAK0kG,cAAyB1kG,KAAKmkG,kBAAkB/iG,OAAS,EAAG,CACjE,MAAM8iG,EAAkBlkG,KAAKmkG,kBAAkBvG,OACzCzrD,EAAO,IAAIpvC,WAAWmhG,EAAgB7/F,OAAQ6/F,EAAgB5/F,WAAa4/F,EAAgBE,YAAaF,EAAgB3/F,WAAa2/F,EAAgBE,aACrJG,EAAcp5F,OAAOy6B,OAAO29D,GAA0BviG,YAggBxE,SAAwC2jG,EAAS1gG,EAAYkuC,GACzDwyD,EAAQd,wCAA0C5/F,EAClD0gG,EAAQjB,MAAQvxD,CACpB,CAlgBYyyD,CAA+BL,EAAavkG,KAAMmyC,GAClDnyC,KAAK0kG,aAAeH,EAExB,OAAOvkG,KAAK0kG,aAMZ/oB,kBACA,IAAK6oB,GAA+BxkG,MAChC,MAAMykG,GAAwC,eAElD,OAAOI,GAA2C7kG,MAMtDgC,QACI,IAAKwiG,GAA+BxkG,MAChC,MAAMykG,GAAwC,SAElD,GAAIzkG,KAAK8kG,gBACL,MAAM,IAAI5yE,UAAU,8DAExB,MAAMsd,EAAQxvC,KAAK+kG,8BAA8B/G,OACjD,GAAc,aAAVxuD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,+DAiWlD,SAA2CvrC,GACvC,MAAMlD,EAASkD,EAAW8gG,8BAC1B,GAAI9gG,EAAW6gG,iBAAqC,aAAlB/jG,EAAOi9F,OACrC,OAEJ,GAAI/5F,EAAWk/F,gBAAkB,EAE7B,YADAl/F,EAAW6gG,iBAAkB,GAGjC,GAAI7gG,EAAWkgG,kBAAkB/iG,OAAS,EAAG,CAEzC,GAD6B6C,EAAWkgG,kBAAkBvG,OACjCwG,YAAc,EAAG,CACtC,MAAM3/F,EAAI,IAAIytB,UAAU,2DAExB,MADA8yE,GAAkC/gG,EAAYQ,GACxCA,GAGdwgG,GAA4ChhG,GAC5CihG,GAAoBnkG,EACxB,CAlXQokG,CAAkCnlG,MAEtCwE,QAAQzC,GACJ,IAAKyiG,GAA+BxkG,MAChC,MAAMykG,GAAwC,WAGlD,GADA9E,GAAuB59F,EAAO,EAAG,YAC5ByjB,YAAYy+E,OAAOliG,GACpB,MAAM,IAAImwB,UAAU,sCAExB,GAAyB,IAArBnwB,EAAMwC,WACN,MAAM,IAAI2tB,UAAU,uCAExB,GAAgC,IAA5BnwB,EAAMsC,OAAOE,WACb,MAAM,IAAI2tB,UAAU,gDAExB,GAAIlyB,KAAK8kG,gBACL,MAAM,IAAI5yE,UAAU,gCAExB,MAAMsd,EAAQxvC,KAAK+kG,8BAA8B/G,OACjD,GAAc,aAAVxuD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,oEA8VlD,SAA6CvrC,EAAYlC,GACrD,MAAMhB,EAASkD,EAAW8gG,8BAC1B,GAAI9gG,EAAW6gG,iBAAqC,aAAlB/jG,EAAOi9F,OACrC,OAEJ,MAAM35F,EAAStC,EAAMsC,OACfC,EAAavC,EAAMuC,WACnBC,EAAaxC,EAAMwC,WACnB6gG,EAAwC/gG,EAC9C,GAAI08F,GAA+BhgG,GAC/B,GAAiD,IAA7C+/F,GAAiC//F,GACjCskG,GAAgDphG,EAAYmhG,EAAmB9gG,EAAYC,OAE1F,CAEDo8F,GAAiC5/F,EADT,IAAIgC,WAAWqiG,EAAmB9gG,EAAYC,IACZ,QAGzD+gG,GAA4BvkG,IAEjCskG,GAAgDphG,EAAYmhG,EAAmB9gG,EAAYC,GAC3FghG,GAAiEthG,IAGjEohG,GAAgDphG,EAAYmhG,EAAmB9gG,EAAYC,GAE/FihG,GAA6CvhG,EACjD,CAvXQwhG,CAAoCzlG,KAAM+B,GAK9C2C,MAAMD,EAAIxD,WACN,IAAKujG,GAA+BxkG,MAChC,MAAMykG,GAAwC,SAElDO,GAAkChlG,KAAMyE,GAG5Cw6F,CAACA,IAAa/8F,GACV,GAAIlC,KAAKmkG,kBAAkB/iG,OAAS,EAAG,CACXpB,KAAKmkG,kBAAkBvG,OAC/BwG,YAAc,EAElCf,GAAWrjG,MACX,MAAMyB,EAASzB,KAAK0lG,iBAAiBxjG,GAErC,OADA+iG,GAA4CjlG,MACrCyB,EAGXy9F,CAACA,IAAWuB,GACR,MAAM1/F,EAASf,KAAK+kG,8BACpB,GAAI/kG,KAAKmjG,gBAAkB,EAAG,CAC1B,MAAMwC,EAAQ3lG,KAAKkjG,OAAO58F,QAC1BtG,KAAKmjG,iBAAmBwC,EAAMphG,WAC9BqhG,GAA6C5lG,MAC7C,MAAMmyC,EAAO,IAAIpvC,WAAW4iG,EAAMthG,OAAQshG,EAAMrhG,WAAYqhG,EAAMphG,YAElE,YADAk8F,EAAYI,YAAY1uD,GAG5B,MAAM0zD,EAAwB7lG,KAAK8lG,uBACnC,QAA8B7kG,IAA1B4kG,EAAqC,CACrC,IAAIxhG,EACJ,IACIA,EAAS,IAAImhB,YAAYqgF,GAE7B,MAAOE,GAEH,YADAtF,EAAYa,YAAYyE,GAG5B,MAAMC,EAAqB,CACvB3hG,SACAC,WAAY,EACZC,WAAYshG,EACZzB,YAAa,EACb6B,YAAa,EACbC,gBAAiBnjG,WACjBojG,WAAY,WAEhBnmG,KAAKmkG,kBAAkBtiG,KAAKmkG,GAEhCxF,GAA6Bz/F,EAAQ0/F,GACrC+E,GAA6CxlG,OAiBrD,SAASwkG,GAA+Bt3F,GACpC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,gCAIjD,CACA,SAASs2F,GAA4Bt2F,GACjC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,0CAIjD,CACA,SAASs4F,GAA6CvhG,GAClD,MAAMmiG,EAiNV,SAAoDniG,GAChD,MAAMlD,EAASkD,EAAW8gG,8BAC1B,GAAsB,aAAlBhkG,EAAOi9F,OACP,OAAO,EAEX,GAAI/5F,EAAW6gG,gBACX,OAAO,EAEX,IAAK7gG,EAAWoiG,SACZ,OAAO,EAEX,GAAItF,GAA+BhgG,IAAW+/F,GAAiC//F,GAAU,EACrF,OAAO,EAEX,GAAIukG,GAA4BvkG,IAAWulG,GAAqCvlG,GAAU,EACtF,OAAO,EAEX,MAAM46E,EAAckpB,GAA2C5gG,GAC/D,GAAI03E,EAAc,EACd,OAAO,EAEX,OAAO,CACX,CAvOuB4qB,CAA2CtiG,GAC9D,IAAKmiG,EACD,OAEJ,GAAIniG,EAAWuiG,SAEX,YADAviG,EAAWwiG,YAAa,GAG5BxiG,EAAWuiG,UAAW,EAGtBzK,GADoB93F,EAAWyiG,kBACN,KACrBziG,EAAWuiG,UAAW,EAClBviG,EAAWwiG,aACXxiG,EAAWwiG,YAAa,EACxBjB,GAA6CvhG,OAElDQ,IACCugG,GAAkC/gG,EAAYQ,EAAE,GAExD,CAKA,SAASkiG,GAAqD5lG,EAAQilG,GAClE,IAAI1kG,GAAO,EACW,WAAlBP,EAAOi9F,SACP18F,GAAO,GAEX,MAAMslG,EAAaC,GAAsDb,GACnC,YAAlCA,EAAmBG,WACnBxF,GAAiC5/F,EAAQ6lG,EAAYtlG,GAoW7D,SAA8CP,EAAQgB,EAAOT,GACzD,MAAMqE,EAAS5E,EAAOmE,QAChB4hG,EAAkBnhG,EAAOohG,kBAAkBzgG,QAC7ChF,EACAwlG,EAAgBlG,YAAY7+F,GAG5B+kG,EAAgBjG,YAAY9+F,EAEpC,CA1WQilG,CAAqCjmG,EAAQ6lG,EAAYtlG,EAEjE,CACA,SAASulG,GAAsDb,GAC3D,MAAM5B,EAAc4B,EAAmB5B,YACjC6B,EAAcD,EAAmBC,YACvC,OAAO,IAAID,EAAmBE,gBAAgBF,EAAmB3hG,OAAQ2hG,EAAmB1hG,WAAY8/F,EAAc6B,EAC1H,CACA,SAASZ,GAAgDphG,EAAYI,EAAQC,EAAYC,GACrFN,EAAWi/F,OAAOrhG,KAAK,CAAEwC,SAAQC,aAAYC,eAC7CN,EAAWk/F,iBAAmB5+F,CAClC,CACA,SAAS0iG,GAA4DhjG,EAAY+hG,GAC7E,MAAMC,EAAcD,EAAmBC,YACjCiB,EAAsBlB,EAAmB5B,YAAc4B,EAAmB5B,YAAc6B,EACxFkB,EAAiBr7F,KAAKoyC,IAAIj6C,EAAWk/F,gBAAiB6C,EAAmBzhG,WAAayhG,EAAmB5B,aACzGgD,EAAiBpB,EAAmB5B,YAAc+C,EAClDE,EAAkBD,EAAiBA,EAAiBnB,EAC1D,IAAIqB,EAA4BH,EAC5B99F,GAAQ,EACRg+F,EAAkBH,IAClBI,EAA4BD,EAAkBrB,EAAmB5B,YACjE/6F,GAAQ,GAEZ,MAAMk+F,EAAQtjG,EAAWi/F,OACzB,KAAOoE,EAA4B,GAAG,CAClC,MAAME,EAAcD,EAAM3J,OACpB6J,EAAc37F,KAAKoyC,IAAIopD,EAA2BE,EAAYjjG,YAC9DmjG,EAAY1B,EAAmB1hG,WAAa0hG,EAAmB5B,YA5SjD5yC,EA6SDw0C,EAAmB3hG,OA7SZsjG,EA6SoBD,EA7SR7wE,EA6SmB2wE,EAAYnjG,OA7S1BujG,EA6SkCJ,EAAYljG,WA7SnCkI,EA6S+Ci7F,EA5SzG,IAAI1kG,WAAWyuD,GAAMhuD,IAAI,IAAIT,WAAW8zB,EAAK+wE,EAAWp7F,GAAIm7F,GA6SpDH,EAAYjjG,aAAekjG,EAC3BF,EAAMjhG,SAGNkhG,EAAYljG,YAAcmjG,EAC1BD,EAAYjjG,YAAckjG,GAE9BxjG,EAAWk/F,iBAAmBsE,EAC9BI,GAAuD5jG,EAAYwjG,EAAazB,GAChFsB,GAA6BG,EAvTrC,IAA4Bj2C,EAAMm2C,EAAY9wE,EAAK+wE,EAAWp7F,EAyT1D,OAAOnD,CACX,CACA,SAASw+F,GAAuD5jG,EAAYmB,EAAM4gG,GAC9E8B,GAAkD7jG,GAClD+hG,EAAmB5B,aAAeh/F,CACtC,CACA,SAASwgG,GAA6C3hG,GACf,IAA/BA,EAAWk/F,iBAAyBl/F,EAAW6gG,iBAC/CG,GAA4ChhG,GAC5CihG,GAAoBjhG,EAAW8gG,gCAG/BS,GAA6CvhG,EAErD,CACA,SAAS6jG,GAAkD7jG,GACvB,OAA5BA,EAAWygG,eAGfzgG,EAAWygG,aAAab,6CAA0C5iG,EAClEgD,EAAWygG,aAAahB,MAAQ,KAChCz/F,EAAWygG,aAAe,KAC9B,CACA,SAASa,GAAiEthG,GACtE,KAAOA,EAAWkgG,kBAAkB/iG,OAAS,GAAG,CAC5C,GAAmC,IAA/B6C,EAAWk/F,gBACX,OAEJ,MAAM6C,EAAqB/hG,EAAWkgG,kBAAkBvG,OACpDqJ,GAA4DhjG,EAAY+hG,KACxE+B,GAAiD9jG,GACjD0iG,GAAqD1iG,EAAW8gG,8BAA+BiB,IAG3G,CAgFA,SAASlC,GAA4C7/F,EAAY2/F,GAC7D,MAAMM,EAAkBjgG,EAAWkgG,kBAAkBvG,OAErD,GAAc,WADA35F,EAAW8gG,8BAA8B/G,OAC/B,CACpB,GAAqB,IAAjB4F,EACA,MAAM,IAAI1xE,UAAU,qEApChC,SAA0DjuB,EAAYigG,GAClEA,EAAgB7/F,OAA6B6/F,EAAgB7/F,OAC7D,MAAMtD,EAASkD,EAAW8gG,8BAC1B,GAAIO,GAA4BvkG,GAC5B,KAAOulG,GAAqCvlG,GAAU,GAElD4lG,GAAqD5lG,EAD1BgnG,GAAiD9jG,GAIxF,CA6BQ+jG,CAAiD/jG,EAAYigG,QA5BrE,SAA4DjgG,EAAY2/F,EAAcoC,GAClF,GAAIA,EAAmB5B,YAAcR,EAAeoC,EAAmBzhG,WACnE,MAAM,IAAIqxC,WAAW,6BAGzB,GADAiyD,GAAuD5jG,EAAY2/F,EAAcoC,GAC7EA,EAAmB5B,YAAc4B,EAAmBC,YAEpD,OAEJ8B,GAAiD9jG,GACjD,MAAMgkG,EAAgBjC,EAAmB5B,YAAc4B,EAAmBC,YAC1E,GAAIgC,EAAgB,EAAG,CACnB,MAAMt8F,EAAMq6F,EAAmB1hG,WAAa0hG,EAAmB5B,YACzDt5F,EAAYk7F,EAAmB3hG,OAAO3C,MAAMiK,EAAMs8F,EAAet8F,GACvE05F,GAAgDphG,EAAY6G,EAAW,EAAGA,EAAUvG,YAExFyhG,EAAmB3hG,OAA6B2hG,EAAmB3hG,OACnE2hG,EAAmB5B,aAAe6D,EAClCtB,GAAqD1iG,EAAW8gG,8BAA+BiB,GAC/FT,GAAiEthG,EACrE,CAWQikG,CAAmDjkG,EAAY2/F,EAAcM,GAEjFsB,GAA6CvhG,EACjD,CACA,SAAS8jG,GAAiD9jG,GACtD,MAAMsH,EAAatH,EAAWkgG,kBAAkB79F,QAEhD,OADAwhG,GAAkD7jG,GAC3CsH,CACX,CAwBA,SAAS05F,GAA4ChhG,GACjDA,EAAWyiG,oBAAiBzlG,EAC5BgD,EAAWyhG,sBAAmBzkG,CAClC,CAkDA,SAAS+jG,GAAkC/gG,EAAYQ,GACnD,MAAM1D,EAASkD,EAAW8gG,8BACJ,aAAlBhkG,EAAOi9F,UA1Qf,SAA2D/5F,GACvD6jG,GAAkD7jG,GAClDA,EAAWkgG,kBAAoB,IAAItH,EACvC,CA0QIsL,CAAkDlkG,GAClDo/F,GAAWp/F,GACXghG,GAA4ChhG,GAC5CmkG,GAAoBrnG,EAAQ0D,GAChC,CACA,SAASogG,GAA2C5gG,GAChD,MAAMurC,EAAQvrC,EAAW8gG,8BAA8B/G,OACvD,MAAc,YAAVxuD,EACO,KAEG,WAAVA,EACO,EAEJvrC,EAAWokG,aAAepkG,EAAWk/F,eAChD,CA2CA,SAASmF,GAAsDvnG,EAAQwnG,EAAsBx+F,GACzF,MAAM9F,EAAakH,OAAOy6B,OAAO0+D,GAA6BtjG,WAC9D,IAAIwnG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBz6F,GAC1CynG,EAAkB,IAAMhN,QAAoBz6F,QACbA,IAA/BsnG,EAAqBvkG,QACrBwkG,EAAiB,IAAMD,EAAqBvkG,MAAMC,SAEpBhD,IAA9BsnG,EAAqB5jG,OACrB8jG,EAAgB,IAAMF,EAAqB5jG,KAAKV,SAEhBhD,IAAhCsnG,EAAqB1jG,SACrB6jG,EAAkBxmG,GAAUqmG,EAAqB1jG,OAAO3C,IAE5D,MAAM2jG,EAAwB0C,EAAqB1C,sBACnD,GAA8B,IAA1BA,EACA,MAAM,IAAI3zE,UAAU,iDAxC5B,SAA2CnxB,EAAQkD,EAAYukG,EAAgBC,EAAeC,EAAiB3+F,EAAe87F,GAC1H5hG,EAAW8gG,8BAAgChkG,EAC3CkD,EAAWwiG,YAAa,EACxBxiG,EAAWuiG,UAAW,EACtBviG,EAAWygG,aAAe,KAE1BzgG,EAAWi/F,OAASj/F,EAAWk/F,qBAAkBliG,EACjDoiG,GAAWp/F,GACXA,EAAW6gG,iBAAkB,EAC7B7gG,EAAWoiG,UAAW,EACtBpiG,EAAWokG,aAAet+F,EAC1B9F,EAAWyiG,eAAiB+B,EAC5BxkG,EAAWyhG,iBAAmBgD,EAC9BzkG,EAAW6hG,uBAAyBD,EACpC5hG,EAAWkgG,kBAAoB,IAAItH,GACnC97F,EAAOygG,0BAA4Bv9F,EAEnC83F,GAAYL,GADQ8M,MAC0B,KAC1CvkG,EAAWoiG,UAAW,EACtBb,GAA6CvhG,EAAW,IACzD8J,IACCi3F,GAAkC/gG,EAAY8J,EAAE,GAExD,CAmBI46F,CAAkC5nG,EAAQkD,EAAYukG,EAAgBC,EAAeC,EAAiB3+F,EAAe87F,EACzH,CAMA,SAASpC,GAA+Bn4F,GACpC,OAAO,IAAI4mB,UAAU,uCAAuC5mB,oDAChE,CAEA,SAASm5F,GAAwCn5F,GAC7C,OAAO,IAAI4mB,UAAU,0CAA0C5mB,uDACnE,CAOA,SAASs9F,GAAiC7nG,EAAQ+lG,GAC9C/lG,EAAOmE,QAAQ6hG,kBAAkBllG,KAAKilG,EAC1C,CAWA,SAASR,GAAqCvlG,GAC1C,OAAOA,EAAOmE,QAAQ6hG,kBAAkB3lG,MAC5C,CACA,SAASkkG,GAA4BvkG,GACjC,MAAM4E,EAAS5E,EAAOmE,QACtB,YAAejE,IAAX0E,KAGCkjG,GAA2BljG,EAIpC,CA3bAwF,OAAOu2F,iBAAiB4C,GAA6BtjG,UAAW,CAC5DgB,MAAO,CAAEgkC,YAAY,GACrBxhC,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrBu+D,YAAa,CAAEv+D,YAAY,GAC3B21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe64F,GAA6BtjG,UAAW65F,GAAe8G,YAAa,CACtFtgG,MAAO,+BACP4kC,cAAc,IAubtB,MAAM6iE,GACFhpG,YAAYiB,GAGR,GAFA4+F,GAAuB5+F,EAAQ,EAAG,4BAClCq/F,GAAqBr/F,EAAQ,mBACzBkgG,GAAuBlgG,GACvB,MAAM,IAAImxB,UAAU,+EAExB,IAAKsyE,GAA+BzjG,EAAOygG,2BACvC,MAAM,IAAItvE,UAAU,+FAGxB4rE,GAAsC99F,KAAMe,GAC5Cf,KAAK+mG,kBAAoB,IAAIlK,GAM7Bh8F,aACA,OAAKgoG,GAA2B7oG,MAGzBA,KAAK4+F,eAFDjD,GAAoBoN,GAA8B,WAOjElkG,OAAO3C,EAASjB,WACZ,OAAK4nG,GAA2B7oG,WAGEiB,IAA9BjB,KAAK+9F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCt+F,KAAMkC,GALpCy5F,GAAoBoN,GAA8B,WAYjE7nG,KAAKixC,GACD,IAAK02D,GAA2B7oG,MAC5B,OAAO27F,GAAoBoN,GAA8B,SAE7D,IAAKvjF,YAAYy+E,OAAO9xD,GACpB,OAAOwpD,GAAoB,IAAIzpE,UAAU,sCAE7C,GAAwB,IAApBigB,EAAK5tC,WACL,OAAOo3F,GAAoB,IAAIzpE,UAAU,uCAE7C,GAA+B,IAA3BigB,EAAK9tC,OAAOE,WACZ,OAAOo3F,GAAoB,IAAIzpE,UAAU,gDAE7C,QAAkCjxB,IAA9BjB,KAAK+9F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACt7F,EAASC,KACjCghG,EAAiBjhG,EACjBkhG,EAAgBjhG,CAAM,IAQ1B,OA8CR,SAAsCwF,EAAQwsC,EAAM20D,GAChD,MAAM/lG,EAAS4E,EAAOo4F,qBACtBh9F,EAAOwgG,YAAa,EACE,YAAlBxgG,EAAOi9F,OACP8I,EAAgBxF,YAAYvgG,EAAOs9F,cAxa3C,SAA8Cp6F,EAAYkuC,EAAM20D,GAC5D,MAAM/lG,EAASkD,EAAW8gG,8BAC1B,IAAIkB,EAAc,EACd9zD,EAAKryC,cAAgB2lB,WACrBwgF,EAAc9zD,EAAKryC,YAAYkpG,mBAEnC,MAAMnjE,EAAOsM,EAAKryC,YAEZkmG,EAAqB,CACvB3hG,OAF+B8tC,EAAK9tC,OAGpCC,WAAY6tC,EAAK7tC,WACjBC,WAAY4tC,EAAK5tC,WACjB6/F,YAAa,EACb6B,cACAC,gBAAiBrgE,EACjBsgE,WAAY,QAEhB,GAAIliG,EAAWkgG,kBAAkB/iG,OAAS,EAMtC,OALA6C,EAAWkgG,kBAAkBtiG,KAAKmkG,QAIlC4C,GAAiC7nG,EAAQ+lG,GAG7C,GAAsB,WAAlB/lG,EAAOi9F,OAAX,CAKA,GAAI/5F,EAAWk/F,gBAAkB,EAAG,CAChC,GAAI8D,GAA4DhjG,EAAY+hG,GAAqB,CAC7F,MAAMY,EAAaC,GAAsDb,GAGzE,OAFAJ,GAA6C3hG,QAC7C6iG,EAAgBjG,YAAY+F,GAGhC,GAAI3iG,EAAW6gG,gBAAiB,CAC5B,MAAMrgG,EAAI,IAAIytB,UAAU,2DAGxB,OAFA8yE,GAAkC/gG,EAAYQ,QAC9CqiG,EAAgBxF,YAAY78F,IAIpCR,EAAWkgG,kBAAkBtiG,KAAKmkG,GAClC4C,GAAiC7nG,EAAQ+lG,GACzCtB,GAA6CvhG,OArB7C,CACI,MAAMglG,EAAY,IAAIpjE,EAAKmgE,EAAmB3hG,OAAQ2hG,EAAmB1hG,WAAY,GACrFwiG,EAAgBlG,YAAYqI,GAoBpC,CA4XQC,CAAqCnoG,EAAOygG,0BAA2BrvD,EAAM20D,EAErF,CAxDQqC,CAA6BnpG,KAAMmyC,EALX,CACpB0uD,YAAa9+F,GAASo/F,EAAe,CAAE9/F,MAAOU,EAAOT,MAAM,IAC3Ds/F,YAAa7+F,GAASo/F,EAAe,CAAE9/F,MAAOU,EAAOT,MAAM,IAC3DggG,YAAa78F,GAAK28F,EAAc38F,KAG7Bqc,EAWXlgB,cACI,IAAKioG,GAA2B7oG,MAC5B,MAAM+oG,GAA8B,eAExC,QAAkC9nG,IAA9BjB,KAAK+9F,qBAAT,CAGA,GAAI/9F,KAAK+mG,kBAAkB3lG,OAAS,EAChC,MAAM,IAAI8wB,UAAU,uFAExBssE,GAAmCx+F,QAgB3C,SAAS6oG,GAA2B37F,GAChC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,oBAIjD,CAYA,SAAS67F,GAA8Bz9F,GACnC,OAAO,IAAI4mB,UAAU,sCAAsC5mB,mDAC/D,CAEA,SAAS89F,GAAqBzuC,EAAU0uC,GACpC,MAAMt/F,cAAEA,GAAkB4wD,EAC1B,QAAsB15D,IAAlB8I,EACA,OAAOs/F,EAEX,GAAI1G,GAAY54F,IAAkBA,EAAgB,EAC9C,MAAM,IAAI6rC,WAAW,yBAEzB,OAAO7rC,CACX,CACA,SAASu/F,GAAqB3uC,GAC1B,MAAMv1D,KAAEA,GAASu1D,EACjB,OAAKv1D,GACM,KAAM,EAGrB,CAEA,SAASmkG,GAAuB7uE,EAAM8kE,GAClCD,GAAiB7kE,EAAM8kE,GACvB,MAAMz1F,EAAgB2wB,aAAmC,EAASA,EAAK3wB,cACjE3E,EAAOs1B,aAAmC,EAASA,EAAKt1B,KAC9D,MAAO,CACH2E,mBAAiC9I,IAAlB8I,OAA8B9I,EAAY8+F,GAA0Bh2F,GACnF3E,UAAenE,IAATmE,OAAqBnE,EAAYuoG,GAA2BpkG,EAASo6F,EAAH,2BAEhF,CACA,SAASgK,GAA2Bn/F,EAAIm1F,GAEpC,OADAC,GAAep1F,EAAIm1F,GACZz9F,GAASg+F,GAA0B11F,EAAGtI,GACjD,CAyBA,SAAS0nG,GAAmCp/F,EAAIq/F,EAAUlK,GAEtD,OADAC,GAAep1F,EAAIm1F,GACXt9F,GAAW06F,GAAYvyF,EAAIq/F,EAAU,CAACxnG,GAClD,CACA,SAASynG,GAAmCt/F,EAAIq/F,EAAUlK,GAEtD,OADAC,GAAep1F,EAAIm1F,GACZ,IAAM5C,GAAYvyF,EAAIq/F,EAAU,GAC3C,CACA,SAASE,GAAmCv/F,EAAIq/F,EAAUlK,GAEtD,OADAC,GAAep1F,EAAIm1F,GACXv7F,GAAew4F,GAAYpyF,EAAIq/F,EAAU,CAACzlG,GACtD,CACA,SAAS4lG,GAAmCx/F,EAAIq/F,EAAUlK,GAEtD,OADAC,GAAep1F,EAAIm1F,GACZ,CAACz9F,EAAOkC,IAAe24F,GAAYvyF,EAAIq/F,EAAU,CAAC3nG,EAAOkC,GACpE,CAEA,SAAS6lG,GAAqB58F,EAAGsyF,GAC7B,IAAKuK,GAAiB78F,GAClB,MAAM,IAAIglB,UAAastE,EAAH,4BAE5B,CAjHAr0F,OAAOu2F,iBAAiBoH,GAAyB9nG,UAAW,CACxD6D,OAAQ,CAAEmhC,YAAY,GACtB9kC,KAAM,CAAE8kC,YAAY,GACpBplC,YAAa,CAAEolC,YAAY,GAC3BnlC,OAAQ,CAAEmlC,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAeq9F,GAAyB9nG,UAAW65F,GAAe8G,YAAa,CAClFtgG,MAAO,2BACP4kC,cAAc,IA+GtB,MAAMt+B,GACF7H,YAAYkqG,EAAoB,GAAIC,EAAc,SACpBhpG,IAAtB+oG,EACAA,EAAoB,KAGpBtK,GAAasK,EAAmB,mBAEpC,MAAMrvC,EAAW4uC,GAAuBU,EAAa,oBAC/CC,EA5Dd,SAA+BR,EAAUlK,GACrCD,GAAiBmK,EAAUlK,GAC3B,MAAMv9F,EAAQynG,aAA2C,EAASA,EAASznG,MACrED,EAAQ0nG,aAA2C,EAASA,EAAS1nG,MACrEgC,EAAQ0lG,aAA2C,EAASA,EAAS1lG,MACrEoW,EAAOsvF,aAA2C,EAASA,EAAStvF,KACpEtY,EAAQ4nG,aAA2C,EAASA,EAAS5nG,MAC3E,MAAO,CACHG,WAAiBhB,IAAVgB,OACHhB,EACAwoG,GAAmCxnG,EAAOynG,EAAalK,EAAH,4BACxDx9F,WAAiBf,IAAVe,OACHf,EACA0oG,GAAmC3nG,EAAO0nG,EAAalK,EAAH,4BACxDx7F,WAAiB/C,IAAV+C,OACH/C,EACA2oG,GAAmC5lG,EAAO0lG,EAAalK,EAAH,4BACxD19F,WAAiBb,IAAVa,OACHb,EACA4oG,GAAmC/nG,EAAO4nG,EAAalK,EAAH,4BACxDplF,OAER,CAsC+B+vF,CAAsBH,EAAmB,mBAChEI,GAAyBpqG,MAEzB,QAAaiB,IADAipG,EAAe9vF,KAExB,MAAM,IAAIw7B,WAAW,6BAEzB,MAAMy0D,EAAgBf,GAAqB3uC,IAioBnD,SAAgE55D,EAAQmpG,EAAgBngG,EAAesgG,GACnG,MAAMpmG,EAAakH,OAAOy6B,OAAO0kE,GAAgCtpG,WACjE,IAAIwnG,EAAiB,KAAe,EAChC+B,EAAiB,IAAM7O,QAAoBz6F,GAC3CupG,EAAiB,IAAM9O,QAAoBz6F,GAC3CwpG,EAAiB,IAAM/O,QAAoBz6F,QAClBA,IAAzBipG,EAAelmG,QACfwkG,EAAiB,IAAM0B,EAAelmG,MAAMC,SAEnBhD,IAAzBipG,EAAepoG,QACfyoG,EAAiBxoG,GAASmoG,EAAepoG,MAAMC,EAAOkC,SAE7BhD,IAAzBipG,EAAeloG,QACfwoG,EAAiB,IAAMN,EAAeloG,cAEbf,IAAzBipG,EAAejoG,QACfwoG,EAAiBvoG,GAAUgoG,EAAejoG,MAAMC,IAEpDwoG,GAAqC3pG,EAAQkD,EAAYukG,EAAgB+B,EAAgBC,EAAgBC,EAAgB1gG,EAAesgG,EAC5I,CAlpBQM,CAAuD3qG,KAAMkqG,EADvCd,GAAqBzuC,EAAU,GACuC0vC,GAK5FO,aACA,IAAKb,GAAiB/pG,MAClB,MAAM6qG,GAA4B,UAEtC,OAAOC,GAAuB9qG,MAWlCiC,MAAMC,EAASjB,WACX,OAAK8oG,GAAiB/pG,MAGlB8qG,GAAuB9qG,MAChB27F,GAAoB,IAAIzpE,UAAU,oDAEtC64E,GAAoB/qG,KAAMkC,GALtBy5F,GAAoBkP,GAA4B,UAe/D7oG,QACI,OAAK+nG,GAAiB/pG,MAGlB8qG,GAAuB9qG,MAChB27F,GAAoB,IAAIzpE,UAAU,oDAEzC84E,GAAoChrG,MAC7B27F,GAAoB,IAAIzpE,UAAU,2CAEtC+4E,GAAoBjrG,MARhB27F,GAAoBkP,GAA4B,UAkB/DlqG,YACI,IAAKopG,GAAiB/pG,MAClB,MAAM6qG,GAA4B,aAEtC,OAAOK,GAAmClrG,OAgBlD,SAASkrG,GAAmCnqG,GACxC,OAAO,IAAIoqG,GAA4BpqG,EAC3C,CASA,SAASqpG,GAAyBrpG,GAC9BA,EAAOi9F,OAAS,WAGhBj9F,EAAOs9F,kBAAep9F,EACtBF,EAAOqqG,aAAUnqG,EAGjBF,EAAOsqG,+BAA4BpqG,EAGnCF,EAAOuqG,eAAiB,IAAIzO,GAG5B97F,EAAOwqG,2BAAwBtqG,EAG/BF,EAAOyqG,mBAAgBvqG,EAGvBF,EAAO0qG,2BAAwBxqG,EAE/BF,EAAO2qG,0BAAuBzqG,EAE9BF,EAAO4qG,eAAgB,CAC3B,CACA,SAAS5B,GAAiB78F,GACtB,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAAS49F,GAAuB/pG,GAC5B,YAAuBE,IAAnBF,EAAOqqG,OAIf,CACA,SAASL,GAAoBhqG,EAAQmB,GACjC,MAAMstC,EAAQzuC,EAAOi9F,OACrB,GAAc,WAAVxuD,GAAgC,YAAVA,EACtB,OAAOksD,QAAoBz6F,GAE/B,QAAoCA,IAAhCF,EAAO2qG,qBACP,OAAO3qG,EAAO2qG,qBAAqBE,SAEvC,IAAIC,GAAqB,EACX,aAAVr8D,IACAq8D,GAAqB,EAErB3pG,OAASjB,GAEb,MAAM6f,EAAU06E,IAAW,CAACt7F,EAASC,KACjCY,EAAO2qG,qBAAuB,CAC1BE,cAAU3qG,EACV6qG,SAAU5rG,EACV6rG,QAAS5rG,EACT6rG,QAAS9pG,EACT+pG,oBAAqBJ,EACxB,IAML,OAJA9qG,EAAO2qG,qBAAqBE,SAAW9qF,EAClC+qF,GACDK,GAA4BnrG,EAAQmB,GAEjC4e,CACX,CACA,SAASmqF,GAAoBlqG,GACzB,MAAMyuC,EAAQzuC,EAAOi9F,OACrB,GAAc,WAAVxuD,GAAgC,YAAVA,EACtB,OAAOmsD,GAAoB,IAAIzpE,UAAU,kBAAkBsd,+DAE/D,MAAM1uB,EAAU06E,IAAW,CAACt7F,EAASC,KACjC,MAAMgsG,EAAe,CACjBL,SAAU5rG,EACV6rG,QAAS5rG,GAEbY,EAAOyqG,cAAgBW,CAAY,IAEjCzrG,EAASK,EAAOqqG,QAgf1B,IAA8CnnG,EA3e1C,YAJehD,IAAXP,GAAwBK,EAAO4qG,eAA2B,aAAVn8D,GAChD48D,GAAiC1rG,GA+erC0iG,GAD0Cn/F,EA5eLlD,EAAOsqG,0BA6eXgB,GAAe,GAChDC,GAAoDroG,GA7e7C6c,CACX,CAYA,SAASyrF,GAAgCxrG,EAAQ2D,GAE/B,aADA3D,EAAOi9F,OAKrBwO,GAA6BzrG,GAHzBmrG,GAA4BnrG,EAAQ2D,EAI5C,CACA,SAASwnG,GAA4BnrG,EAAQmB,GACzC,MAAM+B,EAAalD,EAAOsqG,0BAC1BtqG,EAAOi9F,OAAS,WAChBj9F,EAAOs9F,aAAen8F,EACtB,MAAMxB,EAASK,EAAOqqG,aACPnqG,IAAXP,GACA+rG,GAAsD/rG,EAAQwB,IA8EtE,SAAkDnB,GAC9C,QAAqCE,IAAjCF,EAAOwqG,4BAAwEtqG,IAAjCF,EAAO0qG,sBACrD,OAAO,EAEX,OAAO,CACX,CAjFSiB,CAAyC3rG,IAAWkD,EAAWoiG,UAChEmG,GAA6BzrG,EAErC,CACA,SAASyrG,GAA6BzrG,GAClCA,EAAOi9F,OAAS,UAChBj9F,EAAOsqG,0BAA0BrM,MACjC,MAAM2N,EAAc5rG,EAAOs9F,aAK3B,GAJAt9F,EAAOuqG,eAAehoG,SAAQspG,IAC1BA,EAAab,QAAQY,EAAY,IAErC5rG,EAAOuqG,eAAiB,IAAIzO,QACQ57F,IAAhCF,EAAO2qG,qBAEP,YADAmB,GAAkD9rG,GAGtD,MAAM+rG,EAAe/rG,EAAO2qG,qBAE5B,GADA3qG,EAAO2qG,0BAAuBzqG,EAC1B6rG,EAAab,oBAGb,OAFAa,EAAaf,QAAQY,QACrBE,GAAkD9rG,GAItDg7F,GADgBh7F,EAAOsqG,0BAA0BtM,IAAY+N,EAAad,UACrD,KACjBc,EAAahB,WACbe,GAAkD9rG,EAAO,IACzDmB,IACA4qG,EAAaf,QAAQ7pG,GACrB2qG,GAAkD9rG,EAAO,GAEjE,CAuCA,SAASiqG,GAAoCjqG,GACzC,YAA6BE,IAAzBF,EAAOyqG,oBAAgEvqG,IAAjCF,EAAO0qG,qBAIrD,CAcA,SAASoB,GAAkD9rG,QAC1BE,IAAzBF,EAAOyqG,gBACPzqG,EAAOyqG,cAAcO,QAAQhrG,EAAOs9F,cACpCt9F,EAAOyqG,mBAAgBvqG,GAE3B,MAAMP,EAASK,EAAOqqG,aACPnqG,IAAXP,GACAqsG,GAAiCrsG,EAAQK,EAAOs9F,aAExD,CACA,SAAS2O,GAAiCjsG,EAAQksG,GAC9C,MAAMvsG,EAASK,EAAOqqG,aACPnqG,IAAXP,GAAwBusG,IAAiBlsG,EAAO4qG,gBAC5CsB,EAwhBZ,SAAwCvsG,GACpCwsG,GAAoCxsG,EACxC,CAzhBYysG,CAA+BzsG,GAG/B0rG,GAAiC1rG,IAGzCK,EAAO4qG,cAAgBsB,CAC3B,CA1PA9hG,OAAOu2F,iBAAiB/5F,GAAe3G,UAAW,CAC9CiB,MAAO,CAAE+jC,YAAY,GACrBhkC,MAAO,CAAEgkC,YAAY,GACrBrlC,UAAW,CAAEqlC,YAAY,GACzB4kE,OAAQ,CAAE5kE,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe9D,GAAe3G,UAAW65F,GAAe8G,YAAa,CACxEtgG,MAAO,iBACP4kC,cAAc,IAuPtB,MAAMklE,GACFrrG,YAAYiB,GAGR,GAFA4+F,GAAuB5+F,EAAQ,EAAG,+BAClC+oG,GAAqB/oG,EAAQ,mBACzB+pG,GAAuB/pG,GACvB,MAAM,IAAImxB,UAAU,+EAExBlyB,KAAKotG,qBAAuBrsG,EAC5BA,EAAOqqG,QAAUprG,KACjB,MAAMwvC,EAAQzuC,EAAOi9F,OACrB,GAAc,aAAVxuD,GACKw7D,GAAoCjqG,IAAWA,EAAO4qG,cACvDuB,GAAoCltG,MAGpCqtG,GAA8CrtG,MAElDstG,GAAqCttG,WAEpC,GAAc,aAAVwvC,EACL+9D,GAA8CvtG,KAAMe,EAAOs9F,cAC3DiP,GAAqCttG,WAEpC,GAAc,WAAVwvC,EACL69D,GAA8CrtG,MAgctDstG,GADoD5sG,EA9bGV,MAgcvDwtG,GAAkC9sG,OA9bzB,CACD,MAAMisG,EAAc5rG,EAAOs9F,aAC3BkP,GAA8CvtG,KAAM2sG,GACpDc,GAA+CztG,KAAM2sG,GAybjE,IAAwDjsG,EAlbhDG,aACA,OAAK6sG,GAA8B1tG,MAG5BA,KAAK4+F,eAFDjD,GAAoBgS,GAAiC,WAYhEhyB,kBACA,IAAK+xB,GAA8B1tG,MAC/B,MAAM2tG,GAAiC,eAE3C,QAAkC1sG,IAA9BjB,KAAKotG,qBACL,MAAMQ,GAA2B,eAErC,OAuIR,SAAmDltG,GAC/C,MAAMK,EAASL,EAAO0sG,qBAChB59D,EAAQzuC,EAAOi9F,OACrB,GAAc,YAAVxuD,GAAiC,aAAVA,EACvB,OAAO,KAEX,GAAc,WAAVA,EACA,OAAO,EAEX,OAAOq+D,GAA8C9sG,EAAOsqG,0BAChE,CAjJeyC,CAA0C9tG,MAUjDqJ,YACA,OAAKqkG,GAA8B1tG,MAG5BA,KAAK+tG,cAFDpS,GAAoBgS,GAAiC,UAOpE1rG,MAAMC,EAASjB,WACX,OAAKysG,GAA8B1tG,WAGDiB,IAA9BjB,KAAKotG,qBACEzR,GAAoBiS,GAA2B,UA4ElE,SAA0CltG,EAAQwB,GAC9C,MAAMnB,EAASL,EAAO0sG,qBACtB,OAAOrC,GAAoBhqG,EAAQmB,EACvC,CA7Ee8rG,CAAiChuG,KAAMkC,GALnCy5F,GAAoBgS,GAAiC,UAUpE3rG,QACI,IAAK0rG,GAA8B1tG,MAC/B,OAAO27F,GAAoBgS,GAAiC,UAEhE,MAAM5sG,EAASf,KAAKotG,qBACpB,YAAensG,IAAXF,EACO46F,GAAoBiS,GAA2B,UAEtD5C,GAAoCjqG,GAC7B46F,GAAoB,IAAIzpE,UAAU,2CAEtC+7E,GAAiCjuG,MAY5CY,cACI,IAAK8sG,GAA8B1tG,MAC/B,MAAM2tG,GAAiC,oBAG5B1sG,IADAjB,KAAKotG,sBAIpBc,GAAmCluG,MAEvC8B,MAAMC,EAAQd,WACV,OAAKysG,GAA8B1tG,WAGDiB,IAA9BjB,KAAKotG,qBACEzR,GAAoBiS,GAA2B,aAEnDO,GAAiCnuG,KAAM+B,GALnC45F,GAAoBgS,GAAiC,WAwBxE,SAASD,GAA8BxgG,GACnC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,uBAIjD,CAMA,SAAS+gG,GAAiCvtG,GAEtC,OAAOuqG,GADQvqG,EAAO0sG,qBAE1B,CAYA,SAASgB,GAAuD1tG,EAAQgE,GACjC,YAA/BhE,EAAO2tG,oBACPtB,GAAiCrsG,EAAQgE,GAkTjD,SAAmDhE,EAAQwB,GACvDurG,GAA+C/sG,EAAQwB,EAC3D,CAjTQosG,CAA0C5tG,EAAQgE,EAE1D,CACA,SAAS+nG,GAAsD/rG,EAAQgE,GACjC,YAA9BhE,EAAO6tG,mBACPC,GAAgC9tG,EAAQgE,GAkVhD,SAAkDhE,EAAQwB,GACtDqrG,GAA8C7sG,EAAQwB,EAC1D,CAjVQusG,CAAyC/tG,EAAQgE,EAEzD,CAYA,SAASwpG,GAAmCxtG,GACxC,MAAMK,EAASL,EAAO0sG,qBAChBsB,EAAgB,IAAIx8E,UAAU,oFACpCu6E,GAAsD/rG,EAAQguG,GAG9DN,GAAuD1tG,EAAQguG,GAC/D3tG,EAAOqqG,aAAUnqG,EACjBP,EAAO0sG,0BAAuBnsG,CAClC,CACA,SAASktG,GAAiCztG,EAAQqB,GAC9C,MAAMhB,EAASL,EAAO0sG,qBAChBnpG,EAAalD,EAAOsqG,0BACpBxoC,EAqIV,SAAqD5+D,EAAYlC,GAC7D,IACI,OAAOkC,EAAW0qG,uBAAuB5sG,GAE7C,MAAO6sG,GAEH,OADAC,GAA6C5qG,EAAY2qG,GAClD,EAEf,CA7IsBE,CAA4C7qG,EAAYlC,GAC1E,GAAIhB,IAAWL,EAAO0sG,qBAClB,OAAOzR,GAAoBiS,GAA2B,aAE1D,MAAMp+D,EAAQzuC,EAAOi9F,OACrB,GAAc,YAAVxuD,EACA,OAAOmsD,GAAoB56F,EAAOs9F,cAEtC,GAAI2M,GAAoCjqG,IAAqB,WAAVyuC,EAC/C,OAAOmsD,GAAoB,IAAIzpE,UAAU,6DAE7C,GAAc,aAAVsd,EACA,OAAOmsD,GAAoB56F,EAAOs9F,cAEtC,MAAMv9E,EArXV,SAAuC/f,GAQnC,OAPgBy6F,IAAW,CAACt7F,EAASC,KACjC,MAAMysG,EAAe,CACjBd,SAAU5rG,EACV6rG,QAAS5rG,GAEbY,EAAOuqG,eAAezpG,KAAK+qG,EAAa,GAGhD,CA4WoBmC,CAA8BhuG,GAE9C,OAiIJ,SAA8CkD,EAAYlC,EAAO8gE,GAC7D,IACIugC,GAAqBn/F,EAAYlC,EAAO8gE,GAE5C,MAAOmsC,GAEH,YADAH,GAA6C5qG,EAAY+qG,GAG7D,MAAMjuG,EAASkD,EAAWgrG,0BAC1B,IAAKjE,GAAoCjqG,IAA6B,aAAlBA,EAAOi9F,OAAuB,CAE9EgP,GAAiCjsG,EADZmuG,GAA+CjrG,IAGxEqoG,GAAoDroG,EACxD,CAhJIkrG,CAAqClrG,EAAYlC,EAAO8gE,GACjD/hD,CACX,CAtGA3V,OAAOu2F,iBAAiByJ,GAA4BnqG,UAAW,CAC3DiB,MAAO,CAAE+jC,YAAY,GACrBhkC,MAAO,CAAEgkC,YAAY,GACrBplC,YAAa,CAAEolC,YAAY,GAC3BlkC,MAAO,CAAEkkC,YAAY,GACrBnlC,OAAQ,CAAEmlC,YAAY,GACtB21C,YAAa,CAAE31C,YAAY,GAC3B38B,MAAO,CAAE28B,YAAY,KAEiB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe0/F,GAA4BnqG,UAAW65F,GAAe8G,YAAa,CACrFtgG,MAAO,8BACP4kC,cAAc,IA2FtB,MAAMomE,GAAgB,GAMtB,MAAM/B,GACFxqG,cACI,MAAM,IAAIoyB,UAAU,uBASxBxtB,MAAMD,EAAIxD,WACN,IAgCR,SAA2CiM,GACvC,IAAKguF,GAAahuF,GACd,OAAO,EAEX,IAAK/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BACzC,OAAO,EAEX,OAAO,CACX,CAxCakiG,CAAkCpvG,MACnC,MAAM,IAAIkyB,UAAU,yGAGV,aADAlyB,KAAKivG,0BAA0BjR,QAM7CqR,GAAqCrvG,KAAMyE,GAG/Cs6F,CAACA,IAAY78F,GACT,MAAMT,EAASzB,KAAKsvG,gBAAgBptG,GAEpC,OADAqtG,GAA+CvvG,MACxCyB,EAGXu9F,CAACA,MACGqE,GAAWrjG,OAsBnB,SAAS0qG,GAAqC3pG,EAAQkD,EAAYukG,EAAgB+B,EAAgBC,EAAgBC,EAAgB1gG,EAAesgG,GAC7IpmG,EAAWgrG,0BAA4BluG,EACvCA,EAAOsqG,0BAA4BpnG,EAEnCA,EAAWi/F,YAASjiG,EACpBgD,EAAWk/F,qBAAkBliG,EAC7BoiG,GAAWp/F,GACXA,EAAWoiG,UAAW,EACtBpiG,EAAW0qG,uBAAyBtE,EACpCpmG,EAAWokG,aAAet+F,EAC1B9F,EAAWurG,gBAAkBjF,EAC7BtmG,EAAWwrG,gBAAkBjF,EAC7BvmG,EAAWqrG,gBAAkB7E,EAC7B,MAAMwC,EAAeiC,GAA+CjrG,GACpE+oG,GAAiCjsG,EAAQksG,GAGzClR,GADqBL,GADD8M,MAEM,KACtBvkG,EAAWoiG,UAAW,EACtBiG,GAAoDroG,EAAW,IAChE8J,IACC9J,EAAWoiG,UAAW,EACtBkG,GAAgCxrG,EAAQgN,EAAE,GAElD,CAsBA,SAASwhG,GAA+CtrG,GACpDA,EAAWurG,qBAAkBvuG,EAC7BgD,EAAWwrG,qBAAkBxuG,EAC7BgD,EAAWqrG,qBAAkBruG,EAC7BgD,EAAW0qG,4BAAyB1tG,CACxC,CAcA,SAAS4sG,GAA8C5pG,GACnD,OAAOA,EAAWokG,aAAepkG,EAAWk/F,eAChD,CAiBA,SAASmJ,GAAoDroG,GACzD,MAAMlD,EAASkD,EAAWgrG,0BAC1B,IAAKhrG,EAAWoiG,SACZ,OAEJ,QAAqCplG,IAAjCF,EAAOwqG,sBACP,OAGJ,GAAc,aADAxqG,EAAOi9F,OAGjB,YADAwO,GAA6BzrG,GAGjC,GAAiC,IAA7BkD,EAAWi/F,OAAO9hG,OAClB,OAEJ,MAAMC,EAAuB4C,EA1kDNi/F,OAAOtF,OAClBv8F,MA0kDRA,IAAUgrG,GAYlB,SAAqDpoG,GACjD,MAAMlD,EAASkD,EAAWgrG,2BA1b9B,SAAgDluG,GAC5CA,EAAO0qG,sBAAwB1qG,EAAOyqG,cACtCzqG,EAAOyqG,mBAAgBvqG,CAC3B,EAwbIyuG,CAAuC3uG,GACvCgiG,GAAa9+F,GACb,MAAM0rG,EAAmB1rG,EAAWwrG,kBACpCF,GAA+CtrG,GAC/C83F,GAAY4T,GAAkB,MAxelC,SAA2C5uG,GACvCA,EAAO0qG,sBAAsBK,cAAS7qG,GACtCF,EAAO0qG,2BAAwBxqG,EAEjB,aADAF,EAAOi9F,SAGjBj9F,EAAOs9F,kBAAep9F,OACcA,IAAhCF,EAAO2qG,uBACP3qG,EAAO2qG,qBAAqBI,WAC5B/qG,EAAO2qG,0BAAuBzqG,IAGtCF,EAAOi9F,OAAS,SAChB,MAAMt9F,EAASK,EAAOqqG,aACPnqG,IAAXP,GACA8sG,GAAkC9sG,EAE1C,CAwdQkvG,CAAkC7uG,EAAO,IAC1CmB,KAxdP,SAAoDnB,EAAQ2D,GACxD3D,EAAO0qG,sBAAsBM,QAAQrnG,GACrC3D,EAAO0qG,2BAAwBxqG,OAEKA,IAAhCF,EAAO2qG,uBACP3qG,EAAO2qG,qBAAqBK,QAAQrnG,GACpC3D,EAAO2qG,0BAAuBzqG,GAElCsrG,GAAgCxrG,EAAQ2D,EAC5C,CAgdQmrG,CAA2C9uG,EAAQmB,EAAO,GAElE,CAtBQ4tG,CAA4C7rG,GAuBpD,SAAqDA,EAAYlC,GAC7D,MAAMhB,EAASkD,EAAWgrG,2BAlc9B,SAAqDluG,GACjDA,EAAOwqG,sBAAwBxqG,EAAOuqG,eAAehlG,OACzD,CAicIypG,CAA4ChvG,GAC5C,MAAMivG,EAAmB/rG,EAAWurG,gBAAgBztG,GACpDg6F,GAAYiU,GAAkB,MA3flC,SAA2CjvG,GACvCA,EAAOwqG,sBAAsBO,cAAS7qG,GACtCF,EAAOwqG,2BAAwBtqG,CACnC,CAyfQgvG,CAAkClvG,GAClC,MAAMyuC,EAAQzuC,EAAOi9F,OAErB,GADA+E,GAAa9+F,IACR+mG,GAAoCjqG,IAAqB,aAAVyuC,EAAsB,CACtE,MAAMy9D,EAAeiC,GAA+CjrG,GACpE+oG,GAAiCjsG,EAAQksG,GAE7CX,GAAoDroG,EAAW,IAChE/B,IACuB,aAAlBnB,EAAOi9F,QACPuR,GAA+CtrG,GAlgB3D,SAAoDlD,EAAQ2D,GACxD3D,EAAOwqG,sBAAsBQ,QAAQrnG,GACrC3D,EAAOwqG,2BAAwBtqG,EAC/BsrG,GAAgCxrG,EAAQ2D,EAC5C,CAggBQwrG,CAA2CnvG,EAAQmB,EAAO,GAElE,CAvCQiuG,CAA4ClsG,EAAY5C,EAEhE,CACA,SAASwtG,GAA6C5qG,EAAYS,GACV,aAAhDT,EAAWgrG,0BAA0BjR,QACrCqR,GAAqCprG,EAAYS,EAEzD,CAiCA,SAASwqG,GAA+CjrG,GAEpD,OADoB4pG,GAA8C5pG,IAC5C,CAC1B,CAEA,SAASorG,GAAqCprG,EAAYS,GACtD,MAAM3D,EAASkD,EAAWgrG,0BAC1BM,GAA+CtrG,GAC/CioG,GAA4BnrG,EAAQ2D,EACxC,CAEA,SAASmmG,GAA4Bv/F,GACjC,OAAO,IAAI4mB,UAAU,4BAA4B5mB,yCACrD,CAEA,SAASqiG,GAAiCriG,GACtC,OAAO,IAAI4mB,UAAU,yCAAyC5mB,sDAClE,CACA,SAASsiG,GAA2BtiG,GAChC,OAAO,IAAI4mB,UAAU,UAAY5mB,EAAO,oCAC5C,CACA,SAASgiG,GAAqC5sG,GAC1CA,EAAOk+F,eAAiBpD,IAAW,CAACt7F,EAASC,KACzCO,EAAOm+F,uBAAyB3+F,EAChCQ,EAAOo+F,sBAAwB3+F,EAC/BO,EAAO2tG,oBAAsB,SAAS,GAE9C,CACA,SAASZ,GAA+C/sG,EAAQwB,GAC5DorG,GAAqC5sG,GACrCqsG,GAAiCrsG,EAAQwB,EAC7C,CAKA,SAAS6qG,GAAiCrsG,EAAQwB,QACTjB,IAAjCP,EAAOo+F,wBAGXzC,GAA0B37F,EAAOk+F,gBACjCl+F,EAAOo+F,sBAAsB58F,GAC7BxB,EAAOm+F,4BAAyB59F,EAChCP,EAAOo+F,2BAAwB79F,EAC/BP,EAAO2tG,oBAAsB,WACjC,CAIA,SAASb,GAAkC9sG,QACDO,IAAlCP,EAAOm+F,yBAGXn+F,EAAOm+F,4BAAuB59F,GAC9BP,EAAOm+F,4BAAyB59F,EAChCP,EAAOo+F,2BAAwB79F,EAC/BP,EAAO2tG,oBAAsB,WACjC,CACA,SAASnB,GAAoCxsG,GACzCA,EAAOqtG,cAAgBvS,IAAW,CAACt7F,EAASC,KACxCO,EAAO0vG,sBAAwBlwG,EAC/BQ,EAAO2vG,qBAAuBlwG,CAAM,IAExCO,EAAO6tG,mBAAqB,SAChC,CACA,SAAShB,GAA8C7sG,EAAQwB,GAC3DgrG,GAAoCxsG,GACpC8tG,GAAgC9tG,EAAQwB,EAC5C,CACA,SAASmrG,GAA8C3sG,GACnDwsG,GAAoCxsG,GACpC0rG,GAAiC1rG,EACrC,CACA,SAAS8tG,GAAgC9tG,EAAQwB,QACTjB,IAAhCP,EAAO2vG,uBAGXhU,GAA0B37F,EAAOqtG,eACjCrtG,EAAO2vG,qBAAqBnuG,GAC5BxB,EAAO0vG,2BAAwBnvG,EAC/BP,EAAO2vG,0BAAuBpvG,EAC9BP,EAAO6tG,mBAAqB,WAChC,CAOA,SAASnC,GAAiC1rG,QACDO,IAAjCP,EAAO0vG,wBAGX1vG,EAAO0vG,2BAAsBnvG,GAC7BP,EAAO0vG,2BAAwBnvG,EAC/BP,EAAO2vG,0BAAuBpvG,EAC9BP,EAAO6tG,mBAAqB,YAChC,CArQApjG,OAAOu2F,iBAAiB4I,GAAgCtpG,UAAW,CAC/D0D,MAAO,CAAEshC,YAAY,KAEiB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe6+F,GAAgCtpG,UAAW65F,GAAe8G,YAAa,CACzFtgG,MAAO,kCACP4kC,cAAc,IA+QtB,MAAMqqE,GAA6C,oBAAjBC,aAA+BA,kBAAetvG,EA6BhF,MAAMuvG,GA1BN,SAAmC3qE,GAC/B,GAAsB,mBAATA,GAAuC,iBAATA,EACvC,OAAO,EAEX,IAEI,OADA,IAAIA,GACG,EAEX,MAAO4qE,GACH,OAAO,EAEf,CAeuBC,CAA0BJ,IAAsBA,GAdvE,WAEI,MAAMzqE,EAAO,SAAsBlsB,EAASrO,GACxCtL,KAAK2Z,QAAUA,GAAW,GAC1B3Z,KAAKsL,KAAOA,GAAQ,QAChBlI,MAAMikD,mBACNjkD,MAAMikD,kBAAkBrnD,KAAMA,KAAKF,cAK3C,OADAqL,OAAOM,eADPo6B,EAAK7kC,UAAYmK,OAAOy6B,OAAOxiC,MAAMpC,WACC,cAAe,CAAEK,MAAOwkC,EAAMh9B,UAAU,EAAMo9B,cAAc,IAC3FJ,CACX,CAE4F8qE,GAE5F,SAASC,GAAqBnmB,EAAQj5B,EAAMzoD,EAAcI,EAAcC,EAAeynG,GACnF,MAAMlrG,EAAS26F,GAAmC7V,GAC5C/pF,EAASwqG,GAAmC15C,GAClDi5B,EAAO8W,YAAa,EACpB,IAAIuP,GAAe,EAEfC,EAAerV,QAAoBz6F,GACvC,OAAOu6F,IAAW,CAACt7F,EAASC,KACxB,IAAIsqG,EACJ,QAAexpG,IAAX4vG,EAAsB,CAsBtB,GArBApG,EAAiB,KACb,MAAM/lG,EAAQ,IAAI8rG,GAAe,UAAW,cACtCQ,EAAU,GACX7nG,GACD6nG,EAAQnvG,MAAK,IACW,aAAhB2vD,EAAKwsC,OACE+M,GAAoBv5C,EAAM9sD,GAE9Bg3F,QAAoBz6F,KAG9BmI,GACD4nG,EAAQnvG,MAAK,IACa,aAAlB4oF,EAAOuT,OACAO,GAAqB9T,EAAQ/lF,GAEjCg3F,QAAoBz6F,KAGnCgwG,GAAmB,IAAMhxG,QAAQ+H,IAAIgpG,EAAQ1oG,KAAI4oG,GAAUA,SAAY,EAAMxsG,EAAM,EAEnFmsG,EAAOM,QAEP,YADA1G,IAGJoG,EAAOO,iBAAiB,QAAS3G,GAiErC,GA3BA4G,EAAmB5mB,EAAQ9kF,EAAOi5F,gBAAgB+N,IACzCxjG,EAIDmoG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAMlG,GAAoBv5C,EAAMm7C,KAAc,EAAMA,MAO/E0E,EAAmB7/C,EAAM9wD,EAAOk+F,gBAAgB+N,IACvCvjG,EAIDkoG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAM1S,GAAqB9T,EAAQkiB,KAAc,EAAMA,MAwClF,SAA2B5rG,EAAQ+f,EAASowF,GAClB,WAAlBnwG,EAAOi9F,OACPkT,IAGAlV,GAAgBl7E,EAASowF,GAtCjCK,CAAkB9mB,EAAQ9kF,EAAOi5F,gBAAgB,KACxC71F,EAIDuoG,IAHAL,GAAmB,IA9fnC,SAA8DvwG,GAC1D,MAAMK,EAASL,EAAO0sG,qBAChB59D,EAAQzuC,EAAOi9F,OACrB,OAAIgN,GAAoCjqG,IAAqB,WAAVyuC,EACxCksD,QAAoBz6F,GAEjB,YAAVuuC,EACOmsD,GAAoB56F,EAAOs9F,cAE/B4P,GAAiCvtG,EAC5C,CAofyC8wG,CAAqD9wG,QAOlFsqG,GAAoCx5C,IAAyB,WAAhBA,EAAKwsC,OAAqB,CACvE,MAAMyT,EAAa,IAAIv/E,UAAU,+EAC5B9oB,EAIDkoG,GAAS,EAAMG,GAHfR,GAAmB,IAAM1S,GAAqB9T,EAAQgnB,KAAa,EAAMA,GAOjF,SAASC,IAGL,MAAMC,EAAkBZ,EACxB,OAAOnV,GAAmBmV,GAAc,IAAMY,IAAoBZ,EAAeW,SAA0BzwG,IAE/G,SAASowG,EAAmBtwG,EAAQ+f,EAASowF,GACnB,YAAlBnwG,EAAOi9F,OACPkT,EAAOnwG,EAAOs9F,cAGdpC,GAAcn7E,EAASowF,GAW/B,SAASD,EAAmBC,EAAQU,EAAiBC,GAWjD,SAASC,IACL/V,GAAYmV,KAAU,IAAM72E,EAASu3E,EAAiBC,KAAgBE,GAAY13E,GAAS,EAAM03E,KAXjGjB,IAGJA,GAAe,EACK,aAAhBt/C,EAAKwsC,QAA0BgN,GAAoCx5C,GAInEsgD,IAHA9V,GAAgB0V,IAAyBI,IASjD,SAASR,EAASU,EAASttG,GACnBosG,IAGJA,GAAe,EACK,aAAhBt/C,EAAKwsC,QAA0BgN,GAAoCx5C,GAInEn3B,EAAS23E,EAASttG,GAHlBs3F,GAAgB0V,KAAyB,IAAMr3E,EAAS23E,EAASttG,MAMzE,SAAS21B,EAAS23E,EAASttG,GACvBwpG,GAAmCxtG,GACnC89F,GAAmC74F,QACpB1E,IAAX4vG,GACAA,EAAOoB,oBAAoB,QAASxH,GAEpCuH,EACA7xG,EAAOuE,GAGPxE,OAAQe,GA5DhBo7F,GApEWb,IAAW,CAAC0W,EAAaC,MAC5B,SAAS1uC,EAAKniE,GACNA,EACA4wG,IAKAtW,GAORkV,EACOpV,IAAoB,GAExBE,GAAmBl7F,EAAOqtG,eAAe,IACrCvS,IAAW,CAAC4W,EAAaC,KAC5BhR,GAAgC17F,EAAQ,CACpCk7F,YAAa9+F,IACTgvG,EAAenV,GAAmBuS,GAAiCztG,EAAQqB,QAAQd,EAAW+5F,IAC9FoX,GAAY,EAAM,EAEtBxR,YAAa,IAAMwR,GAAY,GAC/B9Q,YAAa+Q,GACf,MAnBiC5uC,EAAM0uC,GAG7C1uC,EAAK,EAAM,OAyH3B,CAOA,MAAM6uC,GACFxyG,cACI,MAAM,IAAIoyB,UAAU,uBAMpBypD,kBACA,IAAK42B,GAAkCvyG,MACnC,MAAMwyG,GAAuC,eAEjD,OAAOC,GAA8CzyG,MAMzDgC,QACI,IAAKuwG,GAAkCvyG,MACnC,MAAMwyG,GAAuC,SAEjD,IAAKE,GAAiD1yG,MAClD,MAAM,IAAIkyB,UAAU,mDAExBygF,GAAqC3yG,MAEzCwE,QAAQzC,EAAQd,WACZ,IAAKsxG,GAAkCvyG,MACnC,MAAMwyG,GAAuC,WAEjD,IAAKE,GAAiD1yG,MAClD,MAAM,IAAIkyB,UAAU,qDAExB,OAAO0gF,GAAuC5yG,KAAM+B,GAKxD2C,MAAMD,EAAIxD,WACN,IAAKsxG,GAAkCvyG,MACnC,MAAMwyG,GAAuC,SAEjDK,GAAqC7yG,KAAMyE,GAG/Cw6F,CAACA,IAAa/8F,GACVmhG,GAAWrjG,MACX,MAAMyB,EAASzB,KAAK0lG,iBAAiBxjG,GAErC,OADA4wG,GAA+C9yG,MACxCyB,EAGXy9F,CAACA,IAAWuB,GACR,MAAM1/F,EAASf,KAAK+yG,0BACpB,GAAI/yG,KAAKkjG,OAAO9hG,OAAS,EAAG,CACxB,MAAMW,EAAQghG,GAAa/iG,MACvBA,KAAK8kG,iBAA0C,IAAvB9kG,KAAKkjG,OAAO9hG,QACpC0xG,GAA+C9yG,MAC/CklG,GAAoBnkG,IAGpBiyG,GAAgDhzG,MAEpDygG,EAAYI,YAAY9+F,QAGxBy+F,GAA6Bz/F,EAAQ0/F,GACrCuS,GAAgDhzG,OAiB5D,SAASuyG,GAAkCrlG,GACvC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAAS8lG,GAAgD/uG,GAErD,IADmBgvG,GAA8ChvG,GAE7D,OAEJ,GAAIA,EAAWuiG,SAEX,YADAviG,EAAWwiG,YAAa,GAG5BxiG,EAAWuiG,UAAW,EAEtBzK,GADoB93F,EAAWyiG,kBACN,KACrBziG,EAAWuiG,UAAW,EAClBviG,EAAWwiG,aACXxiG,EAAWwiG,YAAa,EACxBuM,GAAgD/uG,OAErDQ,IACCouG,GAAqC5uG,EAAYQ,EAAE,GAE3D,CACA,SAASwuG,GAA8ChvG,GACnD,MAAMlD,EAASkD,EAAW8uG,0BAC1B,IAAKL,GAAiDzuG,GAClD,OAAO,EAEX,IAAKA,EAAWoiG,SACZ,OAAO,EAEX,GAAIpF,GAAuBlgG,IAAW+/F,GAAiC//F,GAAU,EAC7E,OAAO,EAGX,OADoB0xG,GAA8CxuG,GAChD,CAItB,CACA,SAAS6uG,GAA+C7uG,GACpDA,EAAWyiG,oBAAiBzlG,EAC5BgD,EAAWyhG,sBAAmBzkG,EAC9BgD,EAAW0qG,4BAAyB1tG,CACxC,CAEA,SAAS0xG,GAAqC1uG,GAC1C,IAAKyuG,GAAiDzuG,GAClD,OAEJ,MAAMlD,EAASkD,EAAW8uG,0BAC1B9uG,EAAW6gG,iBAAkB,EACI,IAA7B7gG,EAAWi/F,OAAO9hG,SAClB0xG,GAA+C7uG,GAC/CihG,GAAoBnkG,GAE5B,CACA,SAAS6xG,GAAuC3uG,EAAYlC,GACxD,IAAK2wG,GAAiDzuG,GAClD,OAEJ,MAAMlD,EAASkD,EAAW8uG,0BAC1B,GAAI9R,GAAuBlgG,IAAW+/F,GAAiC//F,GAAU,EAC7E4/F,GAAiC5/F,EAAQgB,GAAO,OAE/C,CACD,IAAI8gE,EACJ,IACIA,EAAY5+D,EAAW0qG,uBAAuB5sG,GAElD,MAAO6sG,GAEH,MADAiE,GAAqC5uG,EAAY2qG,GAC3CA,EAEV,IACIxL,GAAqBn/F,EAAYlC,EAAO8gE,GAE5C,MAAOmsC,GAEH,MADA6D,GAAqC5uG,EAAY+qG,GAC3CA,GAGdgE,GAAgD/uG,EACpD,CACA,SAAS4uG,GAAqC5uG,EAAYQ,GACtD,MAAM1D,EAASkD,EAAW8uG,0BACJ,aAAlBhyG,EAAOi9F,SAGXqF,GAAWp/F,GACX6uG,GAA+C7uG,GAC/CmkG,GAAoBrnG,EAAQ0D,GAChC,CACA,SAASguG,GAA8CxuG,GACnD,MAAMurC,EAAQvrC,EAAW8uG,0BAA0B/U,OACnD,MAAc,YAAVxuD,EACO,KAEG,WAAVA,EACO,EAEJvrC,EAAWokG,aAAepkG,EAAWk/F,eAChD,CAQA,SAASuP,GAAiDzuG,GACtD,MAAMurC,EAAQvrC,EAAW8uG,0BAA0B/U,OACnD,OAAK/5F,EAAW6gG,iBAA6B,aAAVt1D,CAIvC,CACA,SAAS0jE,GAAqCnyG,EAAQkD,EAAYukG,EAAgBC,EAAeC,EAAiB3+F,EAAesgG,GAC7HpmG,EAAW8uG,0BAA4BhyG,EACvCkD,EAAWi/F,YAASjiG,EACpBgD,EAAWk/F,qBAAkBliG,EAC7BoiG,GAAWp/F,GACXA,EAAWoiG,UAAW,EACtBpiG,EAAW6gG,iBAAkB,EAC7B7gG,EAAWwiG,YAAa,EACxBxiG,EAAWuiG,UAAW,EACtBviG,EAAW0qG,uBAAyBtE,EACpCpmG,EAAWokG,aAAet+F,EAC1B9F,EAAWyiG,eAAiB+B,EAC5BxkG,EAAWyhG,iBAAmBgD,EAC9B3nG,EAAOygG,0BAA4Bv9F,EAEnC83F,GAAYL,GADQ8M,MAC0B,KAC1CvkG,EAAWoiG,UAAW,EACtB2M,GAAgD/uG,EAAW,IAC5D8J,IACC8kG,GAAqC5uG,EAAY8J,EAAE,GAE3D,CAkBA,SAASykG,GAAuClnG,GAC5C,OAAO,IAAI4mB,UAAU,6CAA6C5mB,0DACtE,CAwHA,SAAS6nG,GAAsC9oG,EAAIq/F,EAAUlK,GAEzD,OADAC,GAAep1F,EAAIm1F,GACXt9F,GAAW06F,GAAYvyF,EAAIq/F,EAAU,CAACxnG,GAClD,CACA,SAASkxG,GAAoC/oG,EAAIq/F,EAAUlK,GAEvD,OADAC,GAAep1F,EAAIm1F,GACXv7F,GAAe24F,GAAYvyF,EAAIq/F,EAAU,CAACzlG,GACtD,CACA,SAASovG,GAAqChpG,EAAIq/F,EAAUlK,GAExD,OADAC,GAAep1F,EAAIm1F,GACXv7F,GAAew4F,GAAYpyF,EAAIq/F,EAAU,CAACzlG,GACtD,CACA,SAASqvG,GAA0Bl5F,EAAMolF,GAErC,GAAa,WADbplF,EAAO,GAAGA,GAEN,MAAM,IAAI8X,UAAU,GAAGstE,MAAYplF,8DAEvC,OAAOA,CACX,CASA,SAASm5F,GAAgCplF,EAAMqxE,GAE3C,GAAa,UADbrxE,EAAO,GAAGA,GAEN,MAAM,IAAI+D,UAAU,GAAGstE,MAAYrxE,oEAEvC,OAAOA,CACX,CAQA,SAASqlF,GAAmBvuG,EAASu6F,GACjCD,GAAiBt6F,EAASu6F,GAC1B,MAAMr2F,EAAelE,aAAyC,EAASA,EAAQkE,aACzEC,EAAgBnE,aAAyC,EAASA,EAAQmE,cAC1EL,EAAe9D,aAAyC,EAASA,EAAQ8D,aACzE8nG,EAAS5rG,aAAyC,EAASA,EAAQ4rG,OAIzE,YAHe5vG,IAAX4vG,GAUR,SAA2BA,EAAQrR,GAC/B,IA7oBJ,SAAuBn+F,GACnB,GAAqB,iBAAVA,GAAgC,OAAVA,EAC7B,OAAO,EAEX,IACI,MAAgC,kBAAlBA,EAAM8vG,QAExB,MAAOV,GAEH,OAAO,EAEf,CAkoBSgD,CAAc5C,GACf,MAAM,IAAI3+E,UAAastE,EAAH,0BAE5B,CAbQkU,CAAkB7C,EAAWrR,EAAH,6BAEvB,CACHr2F,eAAsBA,EACtBC,gBAAuBA,EACvBL,eAAsBA,EACtB8nG,SAER,CAlWA1lG,OAAOu2F,iBAAiB4Q,GAAgCtxG,UAAW,CAC/DgB,MAAO,CAAEgkC,YAAY,GACrBxhC,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe6mG,GAAgCtxG,UAAW65F,GAAe8G,YAAa,CACzFtgG,MAAO,kCACP4kC,cAAc,IAgXtB,MAAMtjC,GACF7C,YAAY6zG,EAAsB,GAAI1J,EAAc,SACpBhpG,IAAxB0yG,EACAA,EAAsB,KAGtBjU,GAAaiU,EAAqB,mBAEtC,MAAMh5C,EAAW4uC,GAAuBU,EAAa,oBAC/C2J,EAhHd,SAA8CnpB,EAAQ+U,GAClDD,GAAiB9U,EAAQ+U,GACzB,MAAMkK,EAAWjf,EACXob,EAAwB6D,aAA2C,EAASA,EAAS7D,sBACrFhhG,EAAS6kG,aAA2C,EAASA,EAAS7kG,OACtEF,EAAO+kG,aAA2C,EAASA,EAAS/kG,KACpEX,EAAQ0lG,aAA2C,EAASA,EAAS1lG,MACrEoW,EAAOsvF,aAA2C,EAASA,EAAStvF,KAC1E,MAAO,CACHyrF,2BAAiD5kG,IAA1B4kG,OACnB5kG,EACAg/F,GAAwC4F,EAA0BrG,EAAH,4CACnE36F,YAAmB5D,IAAX4D,OACJ5D,EACAkyG,GAAsCtuG,EAAQ6kG,EAAalK,EAAH,6BAC5D76F,UAAe1D,IAAT0D,OACF1D,EACAmyG,GAAoCzuG,EAAM+kG,EAAalK,EAAH,2BACxDx7F,WAAiB/C,IAAV+C,OACH/C,EACAoyG,GAAqCrvG,EAAO0lG,EAAalK,EAAH,4BAC1DplF,UAAenZ,IAATmZ,OAAqBnZ,EAAYqyG,GAA0Bl5F,EAASolF,EAAH,2BAE/E,CAyFiCqU,CAAqCF,EAAqB,mBAEnF,GADAG,GAAyB9zG,MACK,UAA1B4zG,EAAiBx5F,KAAkB,CACnC,QAAsBnZ,IAAlB05D,EAASv1D,KACT,MAAM,IAAIwwC,WAAW,8DAGzB0yD,GAAsDtoG,KAAM4zG,EADtCxK,GAAqBzuC,EAAU,QAGpD,CACD,MAAM0vC,EAAgBf,GAAqB3uC,IA7OvD,SAAkE55D,EAAQ6yG,EAAkB7pG,EAAesgG,GACvG,MAAMpmG,EAAakH,OAAOy6B,OAAO0sE,GAAgCtxG,WACjE,IAAIwnG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBz6F,GAC1CynG,EAAkB,IAAMhN,QAAoBz6F,QACjBA,IAA3B2yG,EAAiB5vG,QACjBwkG,EAAiB,IAAMoL,EAAiB5vG,MAAMC,SAEpBhD,IAA1B2yG,EAAiBjvG,OACjB8jG,EAAgB,IAAMmL,EAAiBjvG,KAAKV,SAEhBhD,IAA5B2yG,EAAiB/uG,SACjB6jG,EAAkBxmG,GAAU0xG,EAAiB/uG,OAAO3C,IAExDgxG,GAAqCnyG,EAAQkD,EAAYukG,EAAgBC,EAAeC,EAAiB3+F,EAAesgG,EAC5H,CAgOY0J,CAAyD/zG,KAAM4zG,EADzCxK,GAAqBzuC,EAAU,GAC2C0vC,IAMpGO,aACA,IAAKvK,GAAiBrgG,MAClB,MAAMg0G,GAA4B,UAEtC,OAAO/S,GAAuBjhG,MAQlC6E,OAAO3C,EAASjB,WACZ,OAAKo/F,GAAiBrgG,MAGlBihG,GAAuBjhG,MAChB27F,GAAoB,IAAIzpE,UAAU,qDAEtCqsE,GAAqBv+F,KAAMkC,GALvBy5F,GAAoBqY,GAA4B,WAO/DzzG,UAAU0zG,EAAahzG,WACnB,IAAKo/F,GAAiBrgG,MAClB,MAAMg0G,GAA4B,aAEtC,MAAM/uG,EA/Gd,SAA8BA,EAASu6F,GACnCD,GAAiBt6F,EAASu6F,GAC1B,MAAMrxE,EAAOlpB,aAAyC,EAASA,EAAQkpB,KACvE,MAAO,CACHA,UAAeltB,IAATktB,OAAqBltB,EAAYsyG,GAAgCplF,EAASqxE,EAAH,2BAErF,CAyGwB0U,CAAqBD,EAAY,mBACjD,YAAqBhzG,IAAjBgE,EAAQkpB,KACDmyE,GAAmCtgG,MA3zDtD,SAAyCe,GACrC,OAAO,IAAI+nG,GAAyB/nG,EACxC,CA2zDeozG,CAAgCn0G,MAE3Co0G,YAAYC,EAAcJ,EAAa,IACnC,IAAK5T,GAAiBrgG,MAClB,MAAMg0G,GAA4B,eAEtCrU,GAAuB0U,EAAc,EAAG,eACxC,MAAM9rG,EA/Ed,SAAqC06F,EAAMzD,GACvCD,GAAiB0D,EAAMzD,GACvB,MAAM52F,EAAWq6F,aAAmC,EAASA,EAAKr6F,SAClEi3F,GAAoBj3F,EAAU,WAAY,wBAC1Cw3F,GAAqBx3F,EAAa42F,EAAH,+BAC/B,MAAM32F,EAAWo6F,aAAmC,EAASA,EAAKp6F,SAGlE,OAFAg3F,GAAoBh3F,EAAU,WAAY,wBAC1CihG,GAAqBjhG,EAAa22F,EAAH,+BACxB,CAAE52F,WAAUC,WACvB,CAsE0ByrG,CAA4BD,EAAc,mBACtDpvG,EAAUuuG,GAAmBS,EAAY,oBAC/C,GAAIhT,GAAuBjhG,MACvB,MAAM,IAAIkyB,UAAU,kFAExB,GAAI44E,GAAuBviG,EAAUM,UACjC,MAAM,IAAIqpB,UAAU,kFAIxB,OADAmqE,GADgBuU,GAAqB5wG,KAAMuI,EAAUM,SAAU5D,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQ4rG,SAEnItoG,EAAUK,SAErBU,OAAOirG,EAAaN,EAAa,IAC7B,IAAK5T,GAAiBrgG,MAClB,OAAO27F,GAAoBqY,GAA4B,WAE3D,QAAoB/yG,IAAhBszG,EACA,OAAO5Y,GAAoB,wCAE/B,IAAKoO,GAAiBwK,GAClB,OAAO5Y,GAAoB,IAAIzpE,UAAU,8EAE7C,IAAIjtB,EACJ,IACIA,EAAUuuG,GAAmBS,EAAY,oBAE7C,MAAOxvG,GACH,OAAOk3F,GAAoBl3F,GAE/B,OAAIw8F,GAAuBjhG,MAChB27F,GAAoB,IAAIzpE,UAAU,8EAEzC44E,GAAuByJ,GAChB5Y,GAAoB,IAAIzpE,UAAU,8EAEtC0+E,GAAqB5wG,KAAMu0G,EAAatvG,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQ4rG,QAa9H7lG,MACI,IAAKq1F,GAAiBrgG,MAClB,MAAMg0G,GAA4B,OAEtC,MAAMQ,EAxTd,SAA2BzzG,EAAQ0zG,GAC/B,MAAM9uG,EAAS26F,GAAmCv/F,GAClD,IAGI2zG,EACAC,EACAC,EACAC,EACAC,EAPAC,GAAU,EACVC,GAAY,EACZC,GAAY,EAMhB,MAAMC,EAAgB1Z,IAAWt7F,IAC7B40G,EAAuB50G,CAAO,IAElC,SAASuoG,IACL,OAAIsM,IAGJA,GAAU,EAuCV1T,GAAgC17F,EAtCZ,CAChBk7F,YAAax/F,IAITi7F,IAAe,KACXyY,GAAU,EACV,MAAMI,EAAS9zG,EACT+zG,EAAS/zG,EAMV2zG,GACDpC,GAAuCgC,EAAQpT,0BAA2B2T,GAEzEF,GACDrC,GAAuCiC,EAAQrT,0BAA2B4T,KAEhF,EAENxU,YAAa,KACTmU,GAAU,EACLC,GACDrC,GAAqCiC,EAAQpT,2BAE5CyT,GACDtC,GAAqCkC,EAAQrT,2BAE5CwT,GAAcC,GACfH,OAAqB7zG,IAG7BqgG,YAAa,KACTyT,GAAU,CAAK,KAtCZrZ,QAAoBz6F,GAgEnC,SAASunG,KAYT,OATAoM,EAAUS,GAAqB7M,EAAgBC,GAvB/C,SAA0BvmG,GAGtB,GAFA8yG,GAAY,EACZN,EAAUxyG,EACN+yG,EAAW,CACX,MAAMK,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBx9F,EAAQu0G,GAClDR,EAAqBS,GAEzB,OAAOL,KAgBXL,EAAUQ,GAAqB7M,EAAgBC,GAd/C,SAA0BvmG,GAGtB,GAFA+yG,GAAY,EACZN,EAAUzyG,EACN8yG,EAAW,CACX,MAAMM,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBx9F,EAAQu0G,GAClDR,EAAqBS,GAEzB,OAAOL,KAOXjZ,GAAct2F,EAAOi5F,gBAAiB7wF,IAClC8kG,GAAqC+B,EAAQpT,0BAA2BzzF,GACxE8kG,GAAqCgC,EAAQrT,0BAA2BzzF,GACnEinG,GAAcC,GACfH,OAAqB7zG,MAGtB,CAAC2zG,EAASC,EACrB,CA4NyBW,CAAkBx1G,MACnC,OAAOsjG,GAAoBkR,GAE/BjtG,OAAO0sG,EAAahzG,WAChB,IAAKo/F,GAAiBrgG,MAClB,MAAMg0G,GAA4B,UAGtC,OA1jFR,SAA4CjzG,EAAQqI,GAChD,MAAMzD,EAAS26F,GAAmCv/F,GAC5C00G,EAAO,IAAI5T,GAAgCl8F,EAAQyD,GACnD0xF,EAAW3vF,OAAOy6B,OAAO08D,IAE/B,OADAxH,EAAS0H,mBAAqBiT,EACvB3a,CACX,CAojFe4a,CAAmC11G,KAvKlD,SAAgCiF,EAASu6F,GAGrC,OAFAD,GAAiBt6F,EAASu6F,GAEnB,CAAEp2F,iBADanE,aAAyC,EAASA,EAAQmE,eAEpF,CAkKwBusG,CAAuB1B,EAAY,mBACK7qG,gBA2BhE,SAASisG,GAAqB7M,EAAgBC,EAAeC,EAAiB3+F,EAAgB,EAAGsgG,EAAgB,KAAM,IACnH,MAAMtpG,EAASoK,OAAOy6B,OAAOjjC,GAAe3B,WAC5C8yG,GAAyB/yG,GAGzB,OADAmyG,GAAqCnyG,EADlBoK,OAAOy6B,OAAO0sE,GAAgCtxG,WACRwnG,EAAgBC,EAAeC,EAAiB3+F,EAAesgG,GACjHtpG,CACX,CACA,SAAS+yG,GAAyB/yG,GAC9BA,EAAOi9F,OAAS,WAChBj9F,EAAOmE,aAAUjE,EACjBF,EAAOs9F,kBAAep9F,EACtBF,EAAOwgG,YAAa,CACxB,CACA,SAASlB,GAAiBnzF,GACtB,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,4BAIjD,CACA,SAAS+zF,GAAuBlgG,GAC5B,YAAuBE,IAAnBF,EAAOmE,OAIf,CAEA,SAASq5F,GAAqBx9F,EAAQmB,GAElC,GADAnB,EAAOwgG,YAAa,EACE,WAAlBxgG,EAAOi9F,OACP,OAAOtC,QAAoBz6F,GAE/B,GAAsB,YAAlBF,EAAOi9F,OACP,OAAOrC,GAAoB56F,EAAOs9F,cAEtC6G,GAAoBnkG,GAEpB,OAAOm7F,GADqBn7F,EAAOygG,0BAA0BvC,IAAa/8F,GACzB84F,GACrD,CACA,SAASkK,GAAoBnkG,GACzBA,EAAOi9F,OAAS,SAChB,MAAMr4F,EAAS5E,EAAOmE,aACPjE,IAAX0E,IAGJu4F,GAAkCv4F,GAC9Bq7F,GAA8Br7F,KAC9BA,EAAO+6F,cAAcp9F,SAAQm9F,IACzBA,EAAYG,aAAa,IAE7Bj7F,EAAO+6F,cAAgB,IAAI7D,IAEnC,CACA,SAASuL,GAAoBrnG,EAAQ0D,GACjC1D,EAAOi9F,OAAS,UAChBj9F,EAAOs9F,aAAe55F,EACtB,MAAMkB,EAAS5E,EAAOmE,aACPjE,IAAX0E,IAGJ84F,GAAiC94F,EAAQlB,GACrCu8F,GAA8Br7F,IAC9BA,EAAO+6F,cAAcp9F,SAAQm9F,IACzBA,EAAYa,YAAY78F,EAAE,IAE9BkB,EAAO+6F,cAAgB,IAAI7D,KAG3Bl3F,EAAOohG,kBAAkBzjG,SAAQwjG,IAC7BA,EAAgBxF,YAAY78F,EAAE,IAElCkB,EAAOohG,kBAAoB,IAAIlK,IAEvC,CAEA,SAASmX,GAA4B1oG,GACjC,OAAO,IAAI4mB,UAAU,4BAA4B5mB,yCACrD,CAEA,SAASsqG,GAA2Bl7E,EAAM8kE,GACtCD,GAAiB7kE,EAAM8kE,GACvB,MAAMz1F,EAAgB2wB,aAAmC,EAASA,EAAK3wB,cAEvE,OADA81F,GAAoB91F,EAAe,gBAAiB,uBAC7C,CACHA,cAAeg2F,GAA0Bh2F,GAEjD,CAhHAoB,OAAOu2F,iBAAiB/+F,GAAe3B,UAAW,CAC9C6D,OAAQ,CAAEmhC,YAAY,GACtBzlC,UAAW,CAAEylC,YAAY,GACzBouE,YAAa,CAAEpuE,YAAY,GAC3B18B,OAAQ,CAAE08B,YAAY,GACtBh7B,IAAK,CAAEg7B,YAAY,GACnBz+B,OAAQ,CAAEy+B,YAAY,GACtB4kE,OAAQ,CAAE5kE,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe9I,GAAe3B,UAAW65F,GAAe8G,YAAa,CACxEtgG,MAAO,iBACP4kC,cAAc,IAGsB,iBAAjC40D,GAAe+G,eACtBz2F,OAAOM,eAAe9I,GAAe3B,UAAW65F,GAAe+G,cAAe,CAC1EvgG,MAAOsB,GAAe3B,UAAUuG,OAChCsB,UAAU,EACVo9B,cAAc,IA+FtB,MAAM4vE,GAAyB,SAAc9zG,GACzC,OAAOA,EAAMwC,UACjB,EAMA,MAAMuxG,GACFh2G,YAAYmF,GACR06F,GAAuB16F,EAAS,EAAG,6BACnCA,EAAU2wG,GAA2B3wG,EAAS,mBAC9CjF,KAAK+1G,wCAA0C9wG,EAAQ8E,cAKvDA,oBACA,IAAKisG,GAA4Bh2G,MAC7B,MAAMi2G,GAA8B,iBAExC,OAAOj2G,KAAK+1G,wCAKZ3wG,WACA,IAAK4wG,GAA4Bh2G,MAC7B,MAAMi2G,GAA8B,QAExC,OAAOJ,IAcf,SAASI,GAA8B3qG,GACnC,OAAO,IAAI4mB,UAAU,uCAAuC5mB,oDAChE,CACA,SAAS0qG,GAA4B9oG,GACjC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,0CAIjD,CAtBA/B,OAAOu2F,iBAAiBoU,GAA0B90G,UAAW,CACzD+I,cAAe,CAAEi8B,YAAY,GAC7B5gC,KAAM,CAAE4gC,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAeqqG,GAA0B90G,UAAW65F,GAAe8G,YAAa,CACnFtgG,MAAO,4BACP4kC,cAAc,IAiBtB,MAAMiwE,GAAoB,WACtB,OAAO,CACX,EAMA,MAAMC,GACFr2G,YAAYmF,GACR06F,GAAuB16F,EAAS,EAAG,wBACnCA,EAAU2wG,GAA2B3wG,EAAS,mBAC9CjF,KAAKo2G,mCAAqCnxG,EAAQ8E,cAKlDA,oBACA,IAAKssG,GAAuBr2G,MACxB,MAAMs2G,GAAyB,iBAEnC,OAAOt2G,KAAKo2G,mCAMZhxG,WACA,IAAKixG,GAAuBr2G,MACxB,MAAMs2G,GAAyB,QAEnC,OAAOJ,IAcf,SAASI,GAAyBhrG,GAC9B,OAAO,IAAI4mB,UAAU,kCAAkC5mB,+CAC3D,CACA,SAAS+qG,GAAuBnpG,GAC5B,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,qCAIjD,CAuBA,SAASqpG,GAAgClsG,EAAIq/F,EAAUlK,GAEnD,OADAC,GAAep1F,EAAIm1F,GACXv7F,GAAe24F,GAAYvyF,EAAIq/F,EAAU,CAACzlG,GACtD,CACA,SAASuyG,GAAgCnsG,EAAIq/F,EAAUlK,GAEnD,OADAC,GAAep1F,EAAIm1F,GACXv7F,GAAew4F,GAAYpyF,EAAIq/F,EAAU,CAACzlG,GACtD,CACA,SAASwyG,GAAoCpsG,EAAIq/F,EAAUlK,GAEvD,OADAC,GAAep1F,EAAIm1F,GACZ,CAACz9F,EAAOkC,IAAe24F,GAAYvyF,EAAIq/F,EAAU,CAAC3nG,EAAOkC,GACpE,CAxDAkH,OAAOu2F,iBAAiByU,GAAqBn1G,UAAW,CACpD+I,cAAe,CAAEi8B,YAAY,GAC7B5gC,KAAM,CAAE4gC,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe0qG,GAAqBn1G,UAAW65F,GAAe8G,YAAa,CAC9EtgG,MAAO,uBACP4kC,cAAc,IA4DtB,MAAMr+B,GACF9H,YAAY42G,EAAiB,GAAIC,EAAsB,GAAIC,EAAsB,SACtD31G,IAAnBy1G,IACAA,EAAiB,MAErB,MAAMG,EAAmBtN,GAAuBoN,EAAqB,oBAC/DG,EAAmBvN,GAAuBqN,EAAqB,mBAC/DG,EAlDd,SAA4BrN,EAAUlK,GAClCD,GAAiBmK,EAAUlK,GAC3B,MAAMjgC,EAAQmqC,aAA2C,EAASA,EAASnqC,MACrEy3C,EAAetN,aAA2C,EAASA,EAASsN,aAC5EhzG,EAAQ0lG,aAA2C,EAASA,EAAS1lG,MACrEuE,EAAYmhG,aAA2C,EAASA,EAASnhG,UACzE0uG,EAAevN,aAA2C,EAASA,EAASuN,aAClF,MAAO,CACH13C,WAAiBt+D,IAAVs+D,OACHt+D,EACAs1G,GAAgCh3C,EAAOmqC,EAAalK,EAAH,4BACrDwX,eACAhzG,WAAiB/C,IAAV+C,OACH/C,EACAu1G,GAAgCxyG,EAAO0lG,EAAalK,EAAH,4BACrDj3F,eAAyBtH,IAAdsH,OACPtH,EACAw1G,GAAoCluG,EAAWmhG,EAAalK,EAAH,gCAC7DyX,eAER,CA8B4BC,CAAmBR,EAAgB,mBACvD,QAAiCz1G,IAA7B81G,EAAYC,aACZ,MAAM,IAAIphE,WAAW,kCAEzB,QAAiC30C,IAA7B81G,EAAYE,aACZ,MAAM,IAAIrhE,WAAW,kCAEzB,MAAMuhE,EAAwB/N,GAAqB0N,EAAkB,GAC/DM,EAAwB9N,GAAqBwN,GAC7CO,EAAwBjO,GAAqByN,EAAkB,GAC/DS,EAAwBhO,GAAqBuN,GACnD,IAAIU,GA0CZ,SAAmCx2G,EAAQy2G,EAAcH,EAAuBC,EAAuBH,EAAuBC,GAC1H,SAAS5O,IACL,OAAOgP,EAEX,SAASjN,EAAexoG,GACpB,OAoMR,SAAkDhB,EAAQgB,GACtD,MAAMkC,EAAalD,EAAO02G,2BAC1B,GAAI12G,EAAO4qG,cAAe,CAEtB,OAAOzP,GAD2Bn7F,EAAO22G,4BACc,KACnD,MAAM7uG,EAAW9H,EAAO42G,UAExB,GAAc,aADA9uG,EAASm1F,OAEnB,MAAMn1F,EAASw1F,aAEnB,OAAOuZ,GAAiD3zG,EAAYlC,EAAM,IAGlF,OAAO61G,GAAiD3zG,EAAYlC,EACxE,CAlNe81G,CAAyC92G,EAAQgB,GAE5D,SAAS0oG,EAAevoG,GACpB,OAgNR,SAAkDnB,EAAQmB,GAItD,OADA41G,GAAqB/2G,EAAQmB,GACtBw5F,QAAoBz6F,EAC/B,CArNe82G,CAAyCh3G,EAAQmB,GAE5D,SAASsoG,IACL,OAmNR,SAAkDzpG,GAE9C,MAAM6H,EAAW7H,EAAOi3G,UAClB/zG,EAAalD,EAAO02G,2BACpBQ,EAAeh0G,EAAWi0G,kBAGhC,OAFAC,GAAgDl0G,GAEzCi4F,GAAqB+b,GAAc,KACtC,GAAwB,YAApBrvG,EAASo1F,OACT,MAAMp1F,EAASy1F,aAEnBsU,GAAqC/pG,EAAS44F,0BAA0B,IACzEzzF,IAEC,MADA+pG,GAAqB/2G,EAAQgN,GACvBnF,EAASy1F,YAAY,GAEnC,CAnOe+Z,CAAyCr3G,GAGpD,SAAS0nG,IACL,OAiOR,SAAmD1nG,GAI/C,OAFAs3G,GAA+Bt3G,GAAQ,GAEhCA,EAAO22G,0BAClB,CAtOeY,CAA0Cv3G,GAErD,SAAS2nG,EAAgBxmG,GAErB,OADAq2G,GAA4Cx3G,EAAQmB,GAC7Cw5F,QAAoBz6F,GAN/BF,EAAO42G,UAl4DX,SAA8BnP,EAAgB+B,EAAgBC,EAAgBC,EAAgB1gG,EAAgB,EAAGsgG,EAAgB,KAAM,IACnI,MAAMtpG,EAASoK,OAAOy6B,OAAOj+B,GAAe3G,WAI5C,OAHAopG,GAAyBrpG,GAEzB2pG,GAAqC3pG,EADlBoK,OAAOy6B,OAAO0kE,GAAgCtpG,WACRwnG,EAAgB+B,EAAgBC,EAAgBC,EAAgB1gG,EAAesgG,GACjItpG,CACX,CA43DuBy3G,CAAqBhQ,EAAgB+B,EAAgBC,EAAgBC,EAAgB4M,EAAuBC,GAQ/Hv2G,EAAOi3G,UAAY3C,GAAqB7M,EAAgBC,EAAeC,EAAiByO,EAAuBC,GAE/Gr2G,EAAO4qG,mBAAgB1qG,EACvBF,EAAO22G,gCAA6Bz2G,EACpCF,EAAO03G,wCAAqCx3G,EAC5Co3G,GAA+Bt3G,GAAQ,GACvCA,EAAO02G,gCAA6Bx2G,CACxC,CAlEQy3G,CAA0B14G,KAHLw7F,IAAWt7F,IAC5Bq3G,EAAuBr3G,CAAO,IAEYm3G,EAAuBC,EAAuBH,EAAuBC,GAgL3H,SAA8Dr2G,EAAQg2G,GAClE,MAAM9yG,EAAakH,OAAOy6B,OAAO+yE,GAAiC33G,WAClE,IAAI43G,EAAsB72G,IACtB,IAEI,OADA82G,GAAwC50G,EAAYlC,GAC7C25F,QAAoBz6F,GAE/B,MAAO63G,GACH,OAAOnd,GAAoBmd,KAG/BC,EAAiB,IAAMrd,QAAoBz6F,QACjBA,IAA1B81G,EAAYxuG,YACZqwG,EAAqB72G,GAASg1G,EAAYxuG,UAAUxG,EAAOkC,SAErChD,IAAtB81G,EAAYx3C,QACZw5C,EAAiB,IAAMhC,EAAYx3C,MAAMt7D,KAtBjD,SAA+ClD,EAAQkD,EAAY20G,EAAoBG,GACnF90G,EAAW+0G,2BAA6Bj4G,EACxCA,EAAO02G,2BAA6BxzG,EACpCA,EAAWg1G,oBAAsBL,EACjC30G,EAAWi0G,gBAAkBa,CACjC,CAmBIG,CAAsCn4G,EAAQkD,EAAY20G,EAAoBG,EAClF,CAlMQI,CAAqDn5G,KAAM+2G,QACjC91G,IAAtB81G,EAAY/yG,MACZuzG,EAAqBR,EAAY/yG,MAAMhE,KAAKy3G,6BAG5CF,OAAqBt2G,GAMzB2H,eACA,IAAKwwG,GAAkBp5G,MACnB,MAAMq5G,GAA0B,YAEpC,OAAOr5G,KAAKg4G,UAKZnvG,eACA,IAAKuwG,GAAkBp5G,MACnB,MAAMq5G,GAA0B,YAEpC,OAAOr5G,KAAK23G,WA0CpB,SAASyB,GAAkBlsG,GACvB,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BAIjD,CAEA,SAAS4qG,GAAqB/2G,EAAQ0D,GAClCouG,GAAqC9xG,EAAOi3G,UAAUxW,0BAA2B/8F,GACjF8zG,GAA4Cx3G,EAAQ0D,EACxD,CACA,SAAS8zG,GAA4Cx3G,EAAQ0D,GACzD0zG,GAAgDp3G,EAAO02G,4BACvD5I,GAA6C9tG,EAAO42G,UAAUtM,0BAA2B5mG,GACrF1D,EAAO4qG,eAIP0M,GAA+Bt3G,GAAQ,EAE/C,CACA,SAASs3G,GAA+Bt3G,EAAQksG,QAEFhsG,IAAtCF,EAAO22G,4BACP32G,EAAO03G,qCAEX13G,EAAO22G,2BAA6Blc,IAAWt7F,IAC3Ca,EAAO03G,mCAAqCv4G,CAAO,IAEvDa,EAAO4qG,cAAgBsB,CAC3B,CAxEA9hG,OAAOu2F,iBAAiB95F,GAAgB5G,UAAW,CAC/C4H,SAAU,CAAEo9B,YAAY,GACxBn9B,SAAU,CAAEm9B,YAAY,KAEc,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAe7D,GAAgB5G,UAAW65F,GAAe8G,YAAa,CACzEtgG,MAAO,kBACP4kC,cAAc,IAwEtB,MAAM0yE,GACF74G,cACI,MAAM,IAAIoyB,UAAU,uBAKpBypD,kBACA,IAAK29B,GAAmCt5G,MACpC,MAAMu5G,GAAqC,eAG/C,OAAO9G,GADoBzyG,KAAKg5G,2BAA2BhB,UAAUxW,2BAGzEh9F,QAAQzC,EAAQd,WACZ,IAAKq4G,GAAmCt5G,MACpC,MAAMu5G,GAAqC,WAE/CV,GAAwC74G,KAAM+B,GAMlD2C,MAAMxC,EAASjB,WACX,IAAKq4G,GAAmCt5G,MACpC,MAAMu5G,GAAqC,SAwFvD,IAA2D90G,IAtFPvC,EAuFhD41G,GAvF0C93G,KAuFVg5G,2BAA4Bv0G,GAjF5DuH,YACI,IAAKstG,GAAmCt5G,MACpC,MAAMu5G,GAAqC,cAwFvD,SAAmDt1G,GAC/C,MAAMlD,EAASkD,EAAW+0G,2BACpBQ,EAAqBz4G,EAAOi3G,UAAUxW,0BAC5CmR,GAAqC6G,GAErCjB,GAA4Cx3G,EAD9B,IAAImxB,UAAU,8BAEhC,CA5FQunF,CAA0Cz5G,OAgBlD,SAASs5G,GAAmCpsG,GACxC,QAAKguF,GAAahuF,MAGb/B,OAAOnK,UAAUwxB,eAAe1xB,KAAKoM,EAAG,6BAIjD,CA2BA,SAASirG,GAAgDl0G,GACrDA,EAAWg1G,yBAAsBh4G,EACjCgD,EAAWi0G,qBAAkBj3G,CACjC,CACA,SAAS43G,GAAwC50G,EAAYlC,GACzD,MAAMhB,EAASkD,EAAW+0G,2BACpBQ,EAAqBz4G,EAAOi3G,UAAUxW,0BAC5C,IAAKkR,GAAiD8G,GAClD,MAAM,IAAItnF,UAAU,wDAIxB,IACI0gF,GAAuC4G,EAAoBz3G,GAE/D,MAAO0C,GAGH,MADA8zG,GAA4Cx3G,EAAQ0D,GAC9C1D,EAAOi3G,UAAU3Z,aAE3B,MAAM4O,EAz3BV,SAAwDhpG,GACpD,OAAIgvG,GAA8ChvG,EAItD,CAo3ByBy1G,CAA+CF,GAChEvM,IAAiBlsG,EAAO4qG,eACxB0M,GAA+Bt3G,GAAQ,EAE/C,CAIA,SAAS62G,GAAiD3zG,EAAYlC,GAElE,OAAOm6F,GADkBj4F,EAAWg1G,oBAAoBl3G,QACVd,GAAW8M,IAErD,MADA+pG,GAAqB7zG,EAAW+0G,2BAA4BjrG,GACtDA,CAAC,GAEf,CAuDA,SAASwrG,GAAqCjuG,GAC1C,OAAO,IAAI4mB,UAAU,8CAA8C5mB,2DACvE,CAEA,SAAS+tG,GAA0B/tG,GAC/B,OAAO,IAAI4mB,UAAU,6BAA6B5mB,0CACtD,CA/IAH,OAAOu2F,iBAAiBiX,GAAiC33G,UAAW,CAChEwD,QAAS,CAAEwhC,YAAY,GACvBthC,MAAO,CAAEshC,YAAY,GACrBh6B,UAAW,CAAEg6B,YAAY,GACzB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBx2F,OAAOM,eAAektG,GAAiC33G,UAAW65F,GAAe8G,YAAa,CAC1FtgG,MAAO,mCACP4kC,cAAc,qaC3lHlB0zE,GAAgB,SAAS7wF,EAAGza,GAI5B,OAHAsrG,GAAgBxuG,OAAOu3F,gBAClB,CAAEkX,UAAW,cAAgB/5G,OAAS,SAAUipB,EAAGza,GAAKya,EAAE8wF,UAAYvrG,IACvE,SAAUya,EAAGza,GAAK,IAAK,IAAIokB,KAAKpkB,EAAOlD,OAAOnK,UAAUwxB,eAAe1xB,KAAKuN,EAAGokB,KAAI3J,EAAE2J,GAAKpkB,EAAEokB,KACzFknF,GAAc7wF,EAAGza,EAC5B;;;;;;;;;;;;;;gFAEA,SAASwrG,GAAU/wF,EAAGza,GAClB,GAAiB,mBAANA,GAA0B,OAANA,EAC3B,MAAM,IAAI6jB,UAAU,uBAAgC7jB,EAAK,iCAE7D,SAAS+zD,IAAOpiE,KAAKF,YAAcgpB,EADnC6wF,GAAc7wF,EAAGza,GAEjBya,EAAE9nB,UAAkB,OAANqN,EAAalD,OAAOy6B,OAAOv3B,IAAM+zD,EAAGphE,UAAYqN,EAAErN,UAAW,IAAIohE,EACnF,CAEA,SAAS58B,GAAO7lB,GACZ,IAAKA,EACD,MAAM,IAAIuS,UAAU,mBAE5B,CAEA,SAAS8oE,KAET,CACA,SAASE,GAAahuF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAEA,SAAS4sG,GAAoBj0E,GACzB,GAAoB,mBAATA,EACP,OAAO,EAEX,IAAIk0E,GAAc,EAClB,IACI,IAAIl0E,EAAK,CACL7hC,MAAO,WACH+1G,GAAc,KAI1B,MAAOt1G,IAGP,OAAOs1G,CACX,CACA,SAASC,GAAiBpxG,GACtB,QAAKsyF,GAAatyF,IAGgB,mBAAvBA,EAASrI,SAIxB,CAUA,SAAS05G,GAAiBpxG,GACtB,QAAKqyF,GAAaryF,IAGgB,mBAAvBA,EAASlI,SAIxB,CAUA,SAASu5G,GAAkB3xG,GACvB,QAAK2yF,GAAa3yF,OAGbyxG,GAAiBzxG,EAAUK,aAG3BqxG,GAAiB1xG,EAAUM,UAIpC,CAUA,SAASsxG,GAAmBvxG,GACxB,IAGI,OAFaA,EAASrI,UAAU,CAAE4tB,KAAM,SACjCvtB,eACA,EAEX,MAAO6vG,GACH,OAAO,EAEf,CAmCA,SAAS2J,GAA6BxxG,EAAU6nG,GAC5C,IAAkCr2F,QAAlB,IAAPq2F,EAAgB,GAAKA,GAAcr2F,KAW5C,OAVAorB,GAAOw0E,GAAiBpxG,IACxB48B,IAA2B,IAApB58B,EAASgiG,QAGH,WAFbxwF,EAAOigG,GAAkBjgG,IAGZ,IAAIkgG,GAAiC1xG,GAGrC,IAAI2xG,GAAoC3xG,EAGzD,CACA,SAASyxG,GAAkBjgG,GACvB,IAAIogG,EAAoBpgG,EAAPM,GACjB,GAAmB,UAAf8/F,EACA,OAAOA,EAEN,QAAav5G,IAATmZ,EACL,OAAOA,EAGP,MAAM,IAAIw7B,WAAW,4BAE7B,CACA,IAAI6kE,GAAsD,WACtD,SAASA,EAAqCC,GAC1C16G,KAAK26G,uBAAoB15G,EACzBjB,KAAK46G,iBAAc35G,EACnBjB,KAAKwhG,+BAA4BvgG,EACjCjB,KAAK66G,kBAAe55G,EACpBjB,KAAK86G,kBAAoBJ,EAEzB16G,KAAK+6G,uBA0FT,OAxFAN,EAAqCz5G,UAAUgD,MAAQ,SAAUC,GAC7DjE,KAAKwhG,0BAA4Bv9F,GAErCw2G,EAAqCz5G,UAAU6D,OAAS,SAAU3C,GAE9D,OADAsjC,QAAkCvkC,IAA3BjB,KAAK26G,mBACL36G,KAAK26G,kBAAkB91G,OAAO3C,IAEzCu4G,EAAqCz5G,UAAU+5G,qBAAuB,WAClE,GAAyB,YAArB/6G,KAAK46G,YAAT,CAGA56G,KAAKg7G,gBACL,IAAIr1G,EAAS3F,KAAK86G,kBAAkBv6G,YACpCP,KAAK46G,YAAc,UACnB56G,KAAKi7G,cAAct1G,KAEvB80G,EAAqCz5G,UAAUi6G,cAAgB,SAAUt1G,GACrE,IAAIu1G,EAAQl7G,KACZwlC,QAAkCvkC,IAA3BjB,KAAK26G,mBACZ36G,KAAK26G,kBAAoBh1G,EACzB,IAAI9E,EAASb,KAAK26G,kBAAkB95G,OAC/BA,GAGLA,EACKe,MAAK,WAAc,OAAOs5G,EAAMC,wBAChCv5G,MAAK,WACF+D,IAAWu1G,EAAMP,mBACjBO,EAAM1Z,0BAA0Bx/F,WAErC,SAAUE,GACLyD,IAAWu1G,EAAMP,mBACjBO,EAAM1Z,0BAA0B98F,MAAMxC,MAGzC9B,MAAM46F,KAEfyf,EAAqCz5G,UAAUg6G,cAAgB,gBAC5B/5G,IAA3BjB,KAAK26G,oBAGT36G,KAAK26G,kBAAkB/5G,cACvBZ,KAAK26G,uBAAoB15G,EACzBjB,KAAK46G,iBAAc35G,IAEvBw5G,EAAqCz5G,UAAUo6G,uBAAyB,WACpE,IAAIF,EAAQl7G,KACZA,KAAK+6G,uBAEL,IAAI75G,EAAOlB,KAAK26G,kBAAkBz5G,OAC7BU,MAAK,SAAUH,GAChB,IAAIwC,EAAai3G,EAAM1Z,0BACnB//F,EAAOH,KACP45G,EAAMG,YAGNp3G,EAAWO,QAAQ/C,EAAOJ,UAIlC,OADArB,KAAKs7G,gBAAgBp6G,GACdA,GAEXu5G,EAAqCz5G,UAAUq6G,UAAY,WACvD,IACIr7G,KAAKwhG,0BAA0Bx/F,QAEnC,MAAOyuG,MAIXgK,EAAqCz5G,UAAUs6G,gBAAkB,SAAUC,GACvE,IACIC,EADAN,EAAQl7G,KAERy7G,EAAa,WACTP,EAAML,eAAiBW,IACvBN,EAAML,kBAAe55G,IAG7BjB,KAAK66G,aAAeW,EAAcD,EAAY35G,KAAK65G,EAAYA,IAEnEhB,EAAqCz5G,UAAUm6G,mBAAqB,WAChE,IAAID,EAAQl7G,KACZ,GAAKA,KAAK66G,aAAV,CAGA,IAAIa,EAAY,WAAc,OAAOR,EAAMC,sBAC3C,OAAOn7G,KAAK66G,aAAaj5G,KAAK85G,EAAWA,KAEtCjB,CACX,IACIF,GAAqD,SAAUoB,GAE/D,SAASpB,IACL,OAAkB,OAAXoB,GAAmBA,EAAO1+F,MAAMjd,KAAM48C,YAAc58C,KAK/D,OAPA65G,GAAUU,EAAqCoB,GAI/CpB,EAAoCv5G,UAAU2D,KAAO,WACjD,OAAO3E,KAAKo7G,0BAETb,CACX,EAAEE,IACF,SAASrqG,GAAa+hC,GAClB,OAAO,IAAIpvC,WAAWovC,EAAK9tC,OAAQ8tC,EAAK7tC,WAAY6tC,EAAK5tC,WAC7D,CAMA,IAAI+1G,GAAkD,SAAUqB,GAE5D,SAASrB,EAAiCI,GACtC,IAAIQ,EAAQl7G,KACR47G,EAAezB,GAAmBO,GAGtC,OAFAQ,EAAQS,EAAO76G,KAAKd,KAAM06G,IAAqB16G,MACzC67G,cAAgBD,EACfV,EAkDX,OAxDArB,GAAUS,EAAkCqB,GAQ5CxwG,OAAOM,eAAe6uG,EAAiCt5G,UAAW,OAAQ,CACtEwK,IAAK,WACD,MAAO,SAEXw6B,YAAY,EACZC,cAAc,IAElBq0E,EAAiCt5G,UAAU86G,kBAAoB,WAC3D,GAAyB,SAArB97G,KAAK46G,YAAT,CAGAp1E,GAAOxlC,KAAK67G,eACZ77G,KAAKg7G,gBACL,IAAIr1G,EAAS3F,KAAK86G,kBAAkBv6G,UAAU,CAAE4tB,KAAM,SACtDnuB,KAAK46G,YAAc,OACnB56G,KAAKi7G,cAAct1G,KAEvB20G,EAAiCt5G,UAAU2D,KAAO,WAC9C,GAAI3E,KAAK67G,cAAe,CACpB,IAAItX,EAAcvkG,KAAKwhG,0BAA0B+C,YACjD,GAAIA,EACA,OAAOvkG,KAAK+7G,qBAAqBxX,GAGzC,OAAOvkG,KAAKo7G,0BAEhBd,EAAiCt5G,UAAU+6G,qBAAuB,SAAUxX,GACxE,IAAI2W,EAAQl7G,KACZA,KAAK87G,oBAGL,IAAIz3G,EAAS,IAAItB,WAAWwhG,EAAYpyD,KAAK5tC,YAEzCrD,EAAOlB,KAAK26G,kBAAkBz5G,KAAKmD,GAClCzC,MAAK,SAAUH,GAhD5B,IAA6B2gB,EAAM45F,EAC3BC,EAgDIf,EAAM1Z,0BACF//F,EAAOH,MACP45G,EAAMG,YACN9W,EAAYZ,QAAQ,KApDPvhF,EAuDO3gB,EAAOJ,MAvDR26G,EAuDezX,EAAYpyD,KAtDtD8pE,EAAY7rG,GAAagS,GACfhS,GAAa4rG,GACnBx4G,IAAIy4G,EAAW,GAqDX1X,EAAYZ,QAAQliG,EAAOJ,MAAMkD,gBAIzC,OADAvE,KAAKs7G,gBAAgBp6G,GACdA,GAEJo5G,CACX,EAAEG,IAYF,SAASyB,GAA2BrzG,GAChC28B,GAAOy0E,GAAiBpxG,IACxB28B,IAA2B,IAApB38B,EAAS+hG,QAChB,IAAIlqG,EAASmI,EAASlI,YACtB,OAAO,IAAIw7G,GAA2Bz7G,EAC1C,CACA,IAAIy7G,GAA4C,WAC5C,SAASA,EAA2BC,GAChC,IAAIlB,EAAQl7G,KACZA,KAAKqrG,+BAA4BpqG,EACjCjB,KAAKq8G,mBAAgBp7G,EACrBjB,KAAKg+F,OAAS,WACdh+F,KAAKq+F,kBAAep9F,EACpBjB,KAAKs8G,kBAAoBF,EACzBp8G,KAAKu8G,cAAgB,IAAIt8G,SAAQ,SAAUC,EAASC,GAChD+6G,EAAMsB,oBAAsBr8G,KAEhCH,KAAKu8G,cAAcn8G,MAAM46F,IAmF7B,OAjFAmhB,EAA2Bn7G,UAAUgD,MAAQ,SAAUC,GACnD,IAAIi3G,EAAQl7G,KACZA,KAAKqrG,0BAA4BpnG,EACjCjE,KAAKs8G,kBAAkBz7G,OAClBe,MAAK,WACNs5G,EAAMld,OAAS,YAEd59F,OAAM,SAAU8B,GAAU,OAAOg5G,EAAMuB,gBAAgBv6G,OAEhEi6G,EAA2Bn7G,UAAUc,MAAQ,SAAUC,GACnD,IAAIm5G,EAAQl7G,KACRU,EAASV,KAAKs8G,kBAElB,GAA2B,OAAvB57G,EAAOi7E,YACP,OAAOj7E,EAAO2I,MAElB,IAAIujG,EAAelsG,EAAOoB,MAAMC,GAEhC6qG,EAAaxsG,OAAM,SAAU8B,GAAU,OAAOg5G,EAAMuB,gBAAgBv6G,MACpExB,EAAO2I,MAAMjJ,OAAM,SAAU8B,GAAU,OAAOg5G,EAAMwB,eAAex6G,MAEnE,IAAIJ,EAAQ7B,QAAQ08G,KAAK,CAAC/P,EAAc5sG,KAAKu8G,gBAE7C,OADAv8G,KAAK48G,iBAAiB96G,GACfA,GAEXq6G,EAA2Bn7G,UAAUgB,MAAQ,WACzC,IAAIk5G,EAAQl7G,KACZ,YAA2BiB,IAAvBjB,KAAKq8G,cACEr8G,KAAKs8G,kBAAkBt6G,QAE3BhC,KAAK68G,sBAAsBj7G,MAAK,WAAc,OAAOs5G,EAAMl5G,YAEtEm6G,EAA2Bn7G,UAAUiB,MAAQ,SAAUC,GACnD,GAAoB,YAAhBlC,KAAKg+F,OAIT,OADah+F,KAAKs8G,kBACJr6G,MAAMC,IAExBi6G,EAA2Bn7G,UAAU47G,iBAAmB,SAAUE,GAC9D,IACIC,EADA7B,EAAQl7G,KAERg9G,EAAc,WACV9B,EAAMmB,gBAAkBU,IACxB7B,EAAMmB,mBAAgBp7G,IAG9BjB,KAAKq8G,cAAgBU,EAAeD,EAAal7G,KAAKo7G,EAAaA,IAEvEb,EAA2Bn7G,UAAU67G,oBAAsB,WACvD,IAAI3B,EAAQl7G,KACZ,QAA2BiB,IAAvBjB,KAAKq8G,cACL,OAAOp8G,QAAQC,UAEnB,IAAI+8G,EAAa,WAAc,OAAO/B,EAAM2B,uBAC5C,OAAO78G,KAAKq8G,cAAcz6G,KAAKq7G,EAAYA,IAE/Cd,EAA2Bn7G,UAAU07G,eAAiB,SAAUx6G,GAC5D,IAAIg5G,EAAQl7G,KACZ,GAAoB,aAAhBA,KAAKg+F,OAAsC,CAC3Ch+F,KAAKg+F,OAAS,WACdh+F,KAAKq+F,aAAen8F,EACpB,IAAI+6G,EAAa,WAAc,OAAO/B,EAAMuB,gBAAgBv6G,SACjCjB,IAAvBjB,KAAKq8G,cACLY,IAGAj9G,KAAK68G,sBAAsBj7G,KAAKq7G,EAAYA,GAEhDj9G,KAAKqrG,0BAA0B3mG,MAAMxC,KAG7Ci6G,EAA2Bn7G,UAAUy7G,gBAAkB,SAAUv6G,GACzC,aAAhBlC,KAAKg+F,QACLh+F,KAAK08G,eAAex6G,GAEJ,aAAhBlC,KAAKg+F,SACLh+F,KAAKg+F,OAAS,UACdh+F,KAAKw8G,oBAAoBx8G,KAAKq+F,gBAG/B8d,CACX,IAYA,SAASe,GAA0B30G,GAC/Bi9B,GAAO00E,GAAkB3xG,IACzB,IAAIK,EAAWL,EAAUK,SAAUC,EAAWN,EAAUM,SACxD28B,IAA2B,IAApB58B,EAASgiG,QAChBplE,IAA2B,IAApB38B,EAAS+hG,QAChB,IACIlqG,EADAiF,EAASiD,EAASrI,YAEtB,IACIG,EAASmI,EAASlI,YAEtB,MAAO8D,GAEH,MADAkB,EAAO/E,cACD6D,EAEV,OAAO,IAAI04G,GAAmCx3G,EAAQjF,EAC1D,CACA,IAAIy8G,GAAoD,WACpD,SAASA,EAAmCx3G,EAAQjF,GAChD,IAAIw6G,EAAQl7G,KACZA,KAAKy3G,gCAA6Bx2G,EAClCjB,KAAKo9G,QAAU,SAAU37G,GACrB,IAAIA,EAAOH,KAIX,OADA45G,EAAMzD,2BAA2BjzG,QAAQ/C,EAAOJ,OACzC65G,EAAMh2G,QAAQhE,OAAOU,KAAKs5G,EAAMkC,UAE3Cp9G,KAAKq9G,SAAW,SAAUn7G,GACtBg5G,EAAMoC,aAAap7G,GACnBg5G,EAAMzD,2BAA2B/yG,MAAMxC,GACvCg5G,EAAMh2G,QAAQL,OAAO3C,GAAQ9B,MAAM46F,IACnCkgB,EAAM9P,QAAQnpG,MAAMC,GAAQ9B,MAAM46F,KAEtCh7F,KAAKu9G,aAAe,WAChBrC,EAAMsC,gBACNtC,EAAMzD,2BAA2BzrG,YACjC,IAAItH,EAAQ,IAAIwtB,UAAU,8BAC1BgpF,EAAM9P,QAAQnpG,MAAMyC,GAAOtE,MAAM46F,KAErCh7F,KAAKkF,QAAUS,EACf3F,KAAKorG,QAAU1qG,EACfV,KAAKy9G,cAAgB,IAAIx9G,SAAQ,SAAUC,EAASC,GAChD+6G,EAAMsC,cAAgBt9G,EACtBg7G,EAAMoC,aAAen9G,KAsB7B,OAnBAg9G,EAAmCn8G,UAAUgD,MAAQ,SAAUC,GAC3DjE,KAAKy3G,2BAA6BxzG,EAClCjE,KAAKkF,QAAQhE,OACRU,KAAK5B,KAAKo9G,SACVx7G,KAAK5B,KAAKu9G,aAAcv9G,KAAKq9G,UAClC,IAAIK,EAAe19G,KAAKkF,QAAQrE,OAC5B68G,GACAA,EACK97G,KAAK5B,KAAKu9G,aAAcv9G,KAAKq9G,WAG1CF,EAAmCn8G,UAAUuH,UAAY,SAAUxG,GAC/D,OAAO/B,KAAKorG,QAAQtpG,MAAMC,IAE9Bo7G,EAAmCn8G,UAAUu+D,MAAQ,WACjD,IAAI27C,EAAQl7G,KACZ,OAAOA,KAAKorG,QAAQppG,QACfJ,MAAK,WAAc,OAAOs5G,EAAMuC,kBAElCN,CACX,8EAjaA,SAAqCt3E,GACjCL,GArEJ,SAAqCK,GACjC,QAAKi0E,GAAoBj0E,MAGpBm0E,GAAiB,IAAIn0E,EAI9B,CA6DW83E,CAA4B93E,IACnC,IAAI+3E,EAZR,SAA4B/3E,GACxB,IAEI,OADA,IAAIA,EAAK,CAAEzrB,KAAM,WACV,EAEX,MAAOq2F,GACH,OAAO,EAEf,CAI8BoN,CAAmBh4E,GAC7C,OAAO,SAAUj9B,EAAU6nG,GACvB,IAAkCr2F,QAAlB,IAAPq2F,EAAgB,GAAKA,GAAcr2F,KAK5C,GAHa,WADbA,EAAOigG,GAAkBjgG,KACAwjG,IACrBxjG,OAAOnZ,GAEP2H,EAAS9I,cAAgB+lC,IACZ,UAATzrB,GAAoB+/F,GAAmBvxG,IACvC,OAAOA,EAGf,GAAa,UAATwR,EAAkB,CAClB,IAAIqwE,EAAS2vB,GAA6BxxG,EAAU,CAAEwR,KAAMA,IAC5D,OAAO,IAAIyrB,EAAK4kD,GAGZA,EAAS2vB,GAA6BxxG,GAC1C,OAAO,IAAIi9B,EAAK4kD,GAG5B,+BA8TA,SAAsC5kD,GAElC,OADAL,GAnXJ,SAAsCK,GAClC,QAAKi0E,GAAoBj0E,MAGpBq0E,GAAkB,IAAIr0E,EAI/B,CA2WWi4E,CAA6Bj4E,IAC7B,SAAUt9B,GACb,GAAIA,EAAUzI,cAAgB+lC,EAC1B,OAAOt9B,EAEX,IAAIwuG,EAAcmG,GAA0B30G,GAC5C,OAAO,IAAIs9B,EAAKkxE,GAExB,yHA1HA,SAAqClxE,GAEjC,OADAL,GAvRJ,SAAqCK,GACjC,QAAKi0E,GAAoBj0E,MAGpBo0E,GAAiB,IAAIp0E,EAI9B,CA+QWk4E,CAA4Bl4E,IAC5B,SAAUh9B,GACb,GAAIA,EAAS/I,cAAgB+lC,EACzB,OAAOh9B,EAEX,IAAIm1G,EAAO9B,GAA2BrzG,GACtC,OAAO,IAAIg9B,EAAKm4E,GAExB,wBCvXA,SAAWr4E,EAAQ0Y,GAIjB,SAAS7Y,EAAQC,EAAKC,GACpB,IAAKD,EAAK,MAAUriC,MAAMsiC,GAAO,oBAKnC,SAASS,EAAUN,EAAMC,GACvBD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAASllC,UAAY8kC,EAAU9kC,UAC/B6kC,EAAK7kC,UAAY,IAAIklC,EACrBL,EAAK7kC,UAAUlB,YAAc+lC,EAK/B,SAAS6b,EAAIjyC,EAAQgpD,EAAMpoD,GACzB,GAAIqxC,EAAGu8D,KAAKxuG,GACV,OAAOA,EAGTzP,KAAKk+G,SAAW,EAChBl+G,KAAKm+G,MAAQ,KACbn+G,KAAKoB,OAAS,EAGdpB,KAAKo+G,IAAM,KAEI,OAAX3uG,IACW,OAATgpD,GAA0B,OAATA,IACnBpoD,EAASooD,EACTA,EAAO,IAGTz4D,KAAKq+G,MAAM5uG,GAAU,EAAGgpD,GAAQ,GAAIpoD,GAAU,OAYlD,IAAI3M,EATkB,iBAAXiiC,EACTA,EAAO0Y,QAAUqD,EAEjBrD,EAAQqD,GAAKA,EAGfA,EAAGA,GAAKA,EACRA,EAAG48D,SAAW,GAGd,IACE56G,EAASlB,EAAkBkB,OAC3B,MAAOe,IAoIT,SAAS85G,EAAU7hG,EAAK1Y,EAAO2H,GAG7B,IAFA,IAAIoC,EAAI,EACJoC,EAAMrE,KAAKoyC,IAAIxhC,EAAItb,OAAQuK,GACtBxI,EAAIa,EAAOb,EAAIgN,EAAKhN,IAAK,CAChC,IAAIqZ,EAAIE,EAAIE,WAAWzZ,GAAK,GAE5B4K,IAAM,EAIJA,GADEyO,GAAK,IAAMA,GAAK,GACbA,EAAI,GAAK,GAGLA,GAAK,IAAMA,GAAK,GACpBA,EAAI,GAAK,GAIL,GAAJA,EAGT,OAAOzO,EAiCT,SAASywG,EAAW9hG,EAAK1Y,EAAO2H,EAAK2B,GAGnC,IAFA,IAAIS,EAAI,EACJoC,EAAMrE,KAAKoyC,IAAIxhC,EAAItb,OAAQuK,GACtBxI,EAAIa,EAAOb,EAAIgN,EAAKhN,IAAK,CAChC,IAAIqZ,EAAIE,EAAIE,WAAWzZ,GAAK,GAE5B4K,GAAKT,EAIHS,GADEyO,GAAK,GACFA,EAAI,GAAK,GAGLA,GAAK,GACTA,EAAI,GAAK,GAITA,EAGT,OAAOzO,EA5MT2zC,EAAGu8D,KAAO,SAAe32E,GACvB,OAAIA,aAAeoa,GAIJ,OAARpa,GAA+B,iBAARA,GAC5BA,EAAIxnC,YAAYw+G,WAAa58D,EAAG48D,UAAYz+G,MAAMW,QAAQ8mC,EAAI62E,QAGlEz8D,EAAG31C,IAAM,SAAcqoB,EAAMC,GAC3B,OAAID,EAAKqqF,IAAIpqF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGxD,IAAM,SAAc9pB,EAAMC,GAC3B,OAAID,EAAKqqF,IAAIpqF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAG1gD,UAAUq9G,MAAQ,SAAe5uG,EAAQgpD,EAAMpoD,GAChD,GAAsB,iBAAXZ,EACT,OAAOzP,KAAK0+G,YAAYjvG,EAAQgpD,EAAMpoD,GAGxC,GAAsB,iBAAXZ,EACT,OAAOzP,KAAK2+G,WAAWlvG,EAAQgpD,EAAMpoD,GAG1B,QAATooD,IACFA,EAAO,IAETjzB,EAAOizB,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,IAGnD,IAAIz0D,EAAQ,EACM,OAFlByL,EAASA,EAAO9C,WAAWsV,QAAQ,OAAQ,KAEhC,IACTje,IAGW,KAATy0D,EACFz4D,KAAK4+G,UAAUnvG,EAAQzL,GAEvBhE,KAAK6+G,WAAWpvG,EAAQgpD,EAAMz0D,GAGd,MAAdyL,EAAO,KACTzP,KAAKk+G,SAAW,GAGlBl+G,KAAK8+G,QAEU,OAAXzuG,GAEJrQ,KAAK2+G,WAAW3+G,KAAKgoC,UAAWywB,EAAMpoD,IAGxCqxC,EAAG1gD,UAAU09G,YAAc,SAAsBjvG,EAAQgpD,EAAMpoD,GACzDZ,EAAS,IACXzP,KAAKk+G,SAAW,EAChBzuG,GAAUA,GAERA,EAAS,UACXzP,KAAKm+G,MAAQ,CAAW,SAAT1uG,GACfzP,KAAKoB,OAAS,GACLqO,EAAS,kBAClBzP,KAAKm+G,MAAQ,CACF,SAAT1uG,EACCA,EAAS,SAAa,UAEzBzP,KAAKoB,OAAS,IAEdokC,EAAO/1B,EAAS,kBAChBzP,KAAKm+G,MAAQ,CACF,SAAT1uG,EACCA,EAAS,SAAa,SACvB,GAEFzP,KAAKoB,OAAS,GAGD,OAAXiP,GAGJrQ,KAAK2+G,WAAW3+G,KAAKgoC,UAAWywB,EAAMpoD,IAGxCqxC,EAAG1gD,UAAU29G,WAAa,SAAqBlvG,EAAQgpD,EAAMpoD,GAG3D,GADAm1B,EAAgC,iBAAlB/1B,EAAOrO,QACjBqO,EAAOrO,QAAU,EAGnB,OAFApB,KAAKm+G,MAAQ,CAAE,GACfn+G,KAAKoB,OAAS,EACPpB,KAGTA,KAAKoB,OAAS0K,KAAKmQ,KAAKxM,EAAOrO,OAAS,GACxCpB,KAAKm+G,MAAYt+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BnD,KAAKm+G,MAAMh7G,GAAK,EAGlB,IAAI4Z,EAAGya,EACHwE,EAAM,EACV,GAAe,OAAX3rB,EACF,IAAKlN,EAAIsM,EAAOrO,OAAS,EAAG2b,EAAI,EAAG5Z,GAAK,EAAGA,GAAK,EAC9Cq0B,EAAI/nB,EAAOtM,GAAMsM,EAAOtM,EAAI,IAAM,EAAMsM,EAAOtM,EAAI,IAAM,GACzDnD,KAAKm+G,MAAMphG,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAKm+G,MAAMphG,EAAI,GAAMya,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPjf,UAGC,GAAe,OAAX1M,EACT,IAAKlN,EAAI,EAAG4Z,EAAI,EAAG5Z,EAAIsM,EAAOrO,OAAQ+B,GAAK,EACzCq0B,EAAI/nB,EAAOtM,GAAMsM,EAAOtM,EAAI,IAAM,EAAMsM,EAAOtM,EAAI,IAAM,GACzDnD,KAAKm+G,MAAMphG,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAKm+G,MAAMphG,EAAI,GAAMya,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPjf,KAIN,OAAO/c,KAAK8+G,SA2Bdp9D,EAAG1gD,UAAU49G,UAAY,SAAoBnvG,EAAQzL,GAEnDhE,KAAKoB,OAAS0K,KAAKmQ,MAAMxM,EAAOrO,OAAS4C,GAAS,GAClDhE,KAAKm+G,MAAYt+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BnD,KAAKm+G,MAAMh7G,GAAK,EAGlB,IAAI4Z,EAAGya,EAEHwE,EAAM,EACV,IAAK74B,EAAIsM,EAAOrO,OAAS,EAAG2b,EAAI,EAAG5Z,GAAKa,EAAOb,GAAK,EAClDq0B,EAAI+mF,EAAS9uG,EAAQtM,EAAGA,EAAI,GAC5BnD,KAAKm+G,MAAMphG,IAAOya,GAAKwE,EAAO,SAE9Bh8B,KAAKm+G,MAAMphG,EAAI,IAAMya,IAAO,GAAKwE,EAAO,SACxCA,GAAO,KACI,KACTA,GAAO,GACPjf,KAGA5Z,EAAI,IAAMa,IACZwzB,EAAI+mF,EAAS9uG,EAAQzL,EAAOb,EAAI,GAChCnD,KAAKm+G,MAAMphG,IAAOya,GAAKwE,EAAO,SAC9Bh8B,KAAKm+G,MAAMphG,EAAI,IAAMya,IAAO,GAAKwE,EAAO,SAE1Ch8B,KAAK8+G,SA2BPp9D,EAAG1gD,UAAU69G,WAAa,SAAqBpvG,EAAQgpD,EAAMz0D,GAE3DhE,KAAKm+G,MAAQ,CAAE,GACfn+G,KAAKoB,OAAS,EAGd,IAAK,IAAI29G,EAAU,EAAGC,EAAU,EAAGA,GAAW,SAAWA,GAAWvmD,EAClEsmD,IAEFA,IACAC,EAAWA,EAAUvmD,EAAQ,EAO7B,IALA,IAAImR,EAAQn6D,EAAOrO,OAAS4C,EACxB0J,EAAMk8D,EAAQm1C,EACdpzG,EAAMG,KAAKoyC,IAAI0rB,EAAOA,EAAQl8D,GAAO1J,EAErC0iC,EAAO,EACFvjC,EAAIa,EAAOb,EAAIwI,EAAKxI,GAAK47G,EAChCr4E,EAAO83E,EAAU/uG,EAAQtM,EAAGA,EAAI47G,EAAStmD,GAEzCz4D,KAAKi/G,MAAMD,GACPh/G,KAAKm+G,MAAM,GAAKz3E,EAAO,SACzB1mC,KAAKm+G,MAAM,IAAMz3E,EAEjB1mC,KAAKk/G,OAAOx4E,GAIhB,GAAY,IAARh5B,EAAW,CACb,IAAIwkC,EAAM,EAGV,IAFAxL,EAAO83E,EAAU/uG,EAAQtM,EAAGsM,EAAOrO,OAAQq3D,GAEtCt1D,EAAI,EAAGA,EAAIuK,EAAKvK,IACnB+uC,GAAOumB,EAGTz4D,KAAKi/G,MAAM/sE,GACPlyC,KAAKm+G,MAAM,GAAKz3E,EAAO,SACzB1mC,KAAKm+G,MAAM,IAAMz3E,EAEjB1mC,KAAKk/G,OAAOx4E,KAKlBgb,EAAG1gD,UAAUgqE,KAAO,SAAexZ,GACjCA,EAAK2sD,MAAYt+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI+B,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC/BquD,EAAK2sD,MAAMh7G,GAAKnD,KAAKm+G,MAAMh7G,GAE7BquD,EAAKpwD,OAASpB,KAAKoB,OACnBowD,EAAK0sD,SAAWl+G,KAAKk+G,SACrB1sD,EAAK4sD,IAAMp+G,KAAKo+G,KAGlB18D,EAAG1gD,UAAUW,MAAQ,WACnB,IAAIoM,EAAI,IAAI2zC,EAAG,MAEf,OADA1hD,KAAKgrE,KAAKj9D,GACHA,GAGT2zC,EAAG1gD,UAAUm+G,QAAU,SAAkB/5G,GACvC,KAAOpF,KAAKoB,OAASgE,GACnBpF,KAAKm+G,MAAMn+G,KAAKoB,UAAY,EAE9B,OAAOpB,MAIT0hD,EAAG1gD,UAAU89G,MAAQ,WACnB,KAAO9+G,KAAKoB,OAAS,GAAqC,IAAhCpB,KAAKm+G,MAAMn+G,KAAKoB,OAAS,IACjDpB,KAAKoB,SAEP,OAAOpB,KAAKo/G,aAGd19D,EAAG1gD,UAAUo+G,UAAY,WAKvB,OAHoB,IAAhBp/G,KAAKoB,QAAkC,IAAlBpB,KAAKm+G,MAAM,KAClCn+G,KAAKk+G,SAAW,GAEXl+G,MAGT0hD,EAAG1gD,UAAUq+G,QAAU,WACrB,OAAQr/G,KAAKo+G,IAAM,UAAY,SAAWp+G,KAAK2M,SAAS,IAAM,KAiChE,IAAI2yG,EAAQ,CACV,GACA,IACA,KACA,MACA,OACA,QACA,SACA,UACA,WACA,YACA,aACA,cACA,eACA,gBACA,iBACA,kBACA,mBACA,oBACA,qBACA,sBACA,uBACA,wBACA,yBACA,0BACA,2BACA,6BAGEC,EAAa,CACf,EAAG,EACH,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EACvB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAGhBC,EAAa,CACf,EAAG,EACH,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAC5D,SAAU,IAAU,SAAU,SAAU,SAAU,QAAS,SAC3D,SAAU,SAAU,SAAU,SAAU,KAAU,QAAS,QAC3D,QAAS,QAAS,QAAS,SAAU,SAAU,SAAU,SACzD,MAAU,SAAU,SAAU,SAAU,SAAU,SAAU,UAsjB9D,SAASC,EAAY1hE,EAAMzW,EAAKo4E,GAC9BA,EAAIxB,SAAW52E,EAAI42E,SAAWngE,EAAKmgE,SACnC,IAAI/tG,EAAO4tC,EAAK38C,OAASkmC,EAAIlmC,OAAU,EACvCs+G,EAAIt+G,OAAS+O,EACbA,EAAOA,EAAM,EAAK,EAGlB,IAAI1B,EAAoB,EAAhBsvC,EAAKogE,MAAM,GACf9vG,EAAmB,EAAfi5B,EAAI62E,MAAM,GACdpwG,EAAIU,EAAIJ,EAERi4B,EAAS,SAAJv4B,EACLo5B,EAASp5B,EAAI,SAAa,EAC9B2xG,EAAIvB,MAAM,GAAK73E,EAEf,IAAK,IAAIjqB,EAAI,EAAGA,EAAIlM,EAAKkM,IAAK,CAM5B,IAHA,IAAIsjG,EAASx4E,IAAU,GACnBy4E,EAAgB,SAARz4E,EACR04E,EAAO/zG,KAAKoyC,IAAI7hC,EAAGirB,EAAIlmC,OAAS,GAC3B2b,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAI0hC,EAAK38C,OAAS,GAAI2b,GAAK8iG,EAAM9iG,IAAK,CAC7D,IAAI5Z,EAAKkZ,EAAIU,EAAK,EAIlB4iG,IADA5xG,GAFAU,EAAoB,EAAhBsvC,EAAKogE,MAAMh7G,KACfkL,EAAmB,EAAfi5B,EAAI62E,MAAMphG,IACF6iG,GACG,SAAa,EAC5BA,EAAY,SAAJ7xG,EAEV2xG,EAAIvB,MAAM9hG,GAAa,EAARujG,EACfz4E,EAAiB,EAATw4E,EAQV,OANc,IAAVx4E,EACFu4E,EAAIvB,MAAM9hG,GAAa,EAAR8qB,EAEfu4E,EAAIt+G,SAGCs+G,EAAIZ,QAzlBbp9D,EAAG1gD,UAAU2L,SAAW,SAAmB8rD,EAAMjnC,GAI/C,IAAIkuF,EACJ,GAHAluF,EAAoB,EAAVA,GAAe,EAGZ,MAJbinC,EAAOA,GAAQ,KAIa,QAATA,EAAgB,CACjCinD,EAAM,GAGN,IAFA,IAAI1jF,EAAM,EACNmL,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIq0B,EAAIx3B,KAAKm+G,MAAMh7G,GACfujC,GAA+B,UAArBlP,GAAKwE,EAAOmL,IAAmBx6B,SAAS,IAGpD+yG,EADY,KADdv4E,EAAS3P,IAAO,GAAKwE,EAAQ,WACV74B,IAAMnD,KAAKoB,OAAS,EAC/Bk+G,EAAM,EAAI54E,EAAKtlC,QAAUslC,EAAOg5E,EAEhCh5E,EAAOg5E,GAEf1jF,GAAO,IACI,KACTA,GAAO,GACP74B,KAMJ,IAHc,IAAVgkC,IACFu4E,EAAMv4E,EAAMx6B,SAAS,IAAM+yG,GAEtBA,EAAIt+G,OAASowB,GAAY,GAC9BkuF,EAAM,IAAMA,EAKd,OAHsB,IAAlB1/G,KAAKk+G,WACPwB,EAAM,IAAMA,GAEPA,EAGT,GAAIjnD,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,GAAI,CAElD,IAAIqnD,EAAYP,EAAW9mD,GAEvBsnD,EAAYP,EAAW/mD,GAC3BinD,EAAM,GACN,IAAIljG,EAAIxc,KAAK2B,QAEb,IADA6a,EAAE0hG,SAAW,GACL1hG,EAAE5O,UAAU,CAClB,IAAIG,EAAIyO,EAAEwjG,KAAKD,GAAWpzG,SAAS8rD,GAMjCinD,GALFljG,EAAIA,EAAEyjG,MAAMF,IAELnyG,SAGCG,EAAI2xG,EAFJJ,EAAMQ,EAAY/xG,EAAE3M,QAAU2M,EAAI2xG,EAQ5C,IAHI1/G,KAAK4N,WACP8xG,EAAM,IAAMA,GAEPA,EAAIt+G,OAASowB,GAAY,GAC9BkuF,EAAM,IAAMA,EAKd,OAHsB,IAAlB1/G,KAAKk+G,WACPwB,EAAM,IAAMA,GAEPA,EAGTl6E,GAAO,EAAO,oCAGhBkc,EAAG1gD,UAAUwO,SAAW,WACtB,IAAI4e,EAAMpuB,KAAKm+G,MAAM,GASrB,OARoB,IAAhBn+G,KAAKoB,OACPgtB,GAAuB,SAAhBpuB,KAAKm+G,MAAM,GACO,IAAhBn+G,KAAKoB,QAAkC,IAAlBpB,KAAKm+G,MAAM,GAEzC/vF,GAAO,iBAAoC,SAAhBpuB,KAAKm+G,MAAM,GAC7Bn+G,KAAKoB,OAAS,GACvBokC,GAAO,EAAO,8CAEU,IAAlBxlC,KAAKk+G,UAAmB9vF,EAAMA,GAGxCszB,EAAG1gD,UAAUk/G,OAAS,WACpB,OAAOlgH,KAAK2M,SAAS,KAGvB+0C,EAAG1gD,UAAUm/G,SAAW,SAAmB9vG,EAAQjP,GAEjD,OADAokC,OAAyB,IAAX9hC,GACP1D,KAAK2kD,YAAYjhD,EAAQ2M,EAAQjP,IAG1CsgD,EAAG1gD,UAAUgnC,QAAU,SAAkB33B,EAAQjP,GAC/C,OAAOpB,KAAK2kD,YAAY9kD,MAAOwQ,EAAQjP,IAGzCsgD,EAAG1gD,UAAU2jD,YAAc,SAAsBy7D,EAAW/vG,EAAQjP,GAClE,IAAImD,EAAavE,KAAKuE,aAClB87G,EAAYj/G,GAAU0K,KAAKC,IAAI,EAAGxH,GACtCihC,EAAOjhC,GAAc87G,EAAW,yCAChC76E,EAAO66E,EAAY,EAAG,+BAEtBrgH,KAAK8+G,QACL,IAGIzwG,EAAGlL,EAHHm9G,EAA0B,OAAXjwG,EACfd,EAAM,IAAI6wG,EAAUC,GAGpB3xG,EAAI1O,KAAK2B,QACb,GAAK2+G,EAYE,CACL,IAAKn9G,EAAI,GAAIuL,EAAEd,SAAUzK,IACvBkL,EAAIK,EAAE6xG,MAAM,KACZ7xG,EAAE8xG,OAAO,GAETjxG,EAAIpM,GAAKkL,EAGX,KAAOlL,EAAIk9G,EAAWl9G,IACpBoM,EAAIpM,GAAK,MArBM,CAEjB,IAAKA,EAAI,EAAGA,EAAIk9G,EAAY97G,EAAYpB,IACtCoM,EAAIpM,GAAK,EAGX,IAAKA,EAAI,GAAIuL,EAAEd,SAAUzK,IACvBkL,EAAIK,EAAE6xG,MAAM,KACZ7xG,EAAE8xG,OAAO,GAETjxG,EAAI8wG,EAAYl9G,EAAI,GAAKkL,EAe7B,OAAOkB,GAIPmyC,EAAG1gD,UAAUy/G,WADX30G,KAAK40G,MACmB,SAAqBlpF,GAC7C,OAAO,GAAK1rB,KAAK40G,MAAMlpF,IAGC,SAAqBA,GAC7C,IAAInZ,EAAImZ,EACJzpB,EAAI,EAiBR,OAhBIsQ,GAAK,OACPtQ,GAAK,GACLsQ,KAAO,IAELA,GAAK,KACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAEFtQ,EAAIsQ,GAIfqjC,EAAG1gD,UAAU2/G,UAAY,SAAoBnpF,GAE3C,GAAU,IAANA,EAAS,OAAO,GAEpB,IAAInZ,EAAImZ,EACJzpB,EAAI,EAoBR,OAnBqB,IAAZ,KAAJsQ,KACHtQ,GAAK,GACLsQ,KAAO,IAEU,IAAV,IAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,GAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,IACHtQ,IAEKA,GAIT2zC,EAAG1gD,UAAU6O,UAAY,WACvB,IAAI2nB,EAAIx3B,KAAKm+G,MAAMn+G,KAAKoB,OAAS,GAC7BilC,EAAKrmC,KAAKygH,WAAWjpF,GACzB,OAA2B,IAAnBx3B,KAAKoB,OAAS,GAAUilC,GAiBlCqb,EAAG1gD,UAAU4/G,SAAW,WACtB,GAAI5gH,KAAK4N,SAAU,OAAO,EAG1B,IADA,IAAIG,EAAI,EACC5K,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIkL,EAAIrO,KAAK2gH,UAAU3gH,KAAKm+G,MAAMh7G,IAElC,GADA4K,GAAKM,EACK,KAANA,EAAU,MAEhB,OAAON,GAGT2zC,EAAG1gD,UAAUuD,WAAa,WACxB,OAAOuH,KAAKmQ,KAAKjc,KAAK6P,YAAc,IAGtC6xC,EAAG1gD,UAAU6/G,OAAS,SAAiBC,GACrC,OAAsB,IAAlB9gH,KAAKk+G,SACAl+G,KAAKsP,MAAMyxG,MAAMD,GAAOE,MAAM,GAEhChhH,KAAK2B,SAGd+/C,EAAG1gD,UAAUigH,SAAW,SAAmBH,GACzC,OAAI9gH,KAAKkhH,MAAMJ,EAAQ,GACd9gH,KAAKmhH,KAAKL,GAAOE,MAAM,GAAGI,OAE5BphH,KAAK2B,SAGd+/C,EAAG1gD,UAAUqgH,MAAQ,WACnB,OAAyB,IAAlBrhH,KAAKk+G,UAIdx8D,EAAG1gD,UAAUsgH,IAAM,WACjB,OAAOthH,KAAK2B,QAAQy/G,QAGtB1/D,EAAG1gD,UAAUogH,KAAO,WAKlB,OAJKphH,KAAK4N,WACR5N,KAAKk+G,UAAY,GAGZl+G,MAIT0hD,EAAG1gD,UAAUugH,KAAO,SAAej6E,GACjC,KAAOtnC,KAAKoB,OAASkmC,EAAIlmC,QACvBpB,KAAKm+G,MAAMn+G,KAAKoB,UAAY,EAG9B,IAAK,IAAI+B,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAC9BnD,KAAKm+G,MAAMh7G,GAAKnD,KAAKm+G,MAAMh7G,GAAKmkC,EAAI62E,MAAMh7G,GAG5C,OAAOnD,KAAK8+G,SAGdp9D,EAAG1gD,UAAUwgH,IAAM,SAAcl6E,GAE/B,OADA9B,EAA0C,IAAlCxlC,KAAKk+G,SAAW52E,EAAI42E,WACrBl+G,KAAKuhH,KAAKj6E,IAInBoa,EAAG1gD,UAAUqgF,GAAK,SAAa/5C,GAC7B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ6/G,IAAIl6E,GAC/CA,EAAI3lC,QAAQ6/G,IAAIxhH,OAGzB0hD,EAAG1gD,UAAUygH,IAAM,SAAcn6E,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ4/G,KAAKj6E,GAChDA,EAAI3lC,QAAQ4/G,KAAKvhH,OAI1B0hD,EAAG1gD,UAAU0gH,MAAQ,SAAgBp6E,GAEnC,IAAIj5B,EAEFA,EADErO,KAAKoB,OAASkmC,EAAIlmC,OAChBkmC,EAEAtnC,KAGN,IAAK,IAAImD,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5BnD,KAAKm+G,MAAMh7G,GAAKnD,KAAKm+G,MAAMh7G,GAAKmkC,EAAI62E,MAAMh7G,GAK5C,OAFAnD,KAAKoB,OAASiN,EAAEjN,OAETpB,KAAK8+G,SAGdp9D,EAAG1gD,UAAU2gH,KAAO,SAAer6E,GAEjC,OADA9B,EAA0C,IAAlCxlC,KAAKk+G,SAAW52E,EAAI42E,WACrBl+G,KAAK0hH,MAAMp6E,IAIpBoa,EAAG1gD,UAAUogF,IAAM,SAAc95C,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQggH,KAAKr6E,GAChDA,EAAI3lC,QAAQggH,KAAK3hH,OAG1B0hD,EAAG1gD,UAAU4gH,KAAO,SAAet6E,GACjC,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQ+/G,MAAMp6E,GACjDA,EAAI3lC,QAAQ+/G,MAAM1hH,OAI3B0hD,EAAG1gD,UAAU6gH,MAAQ,SAAgBv6E,GAEnC,IAAI74B,EACAJ,EACArO,KAAKoB,OAASkmC,EAAIlmC,QACpBqN,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAGN,IAAK,IAAImD,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5BnD,KAAKm+G,MAAMh7G,GAAKsL,EAAE0vG,MAAMh7G,GAAKkL,EAAE8vG,MAAMh7G,GAGvC,GAAInD,OAASyO,EACX,KAAOtL,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAKm+G,MAAMh7G,GAAKsL,EAAE0vG,MAAMh7G,GAM5B,OAFAnD,KAAKoB,OAASqN,EAAErN,OAETpB,KAAK8+G,SAGdp9D,EAAG1gD,UAAU8gH,KAAO,SAAex6E,GAEjC,OADA9B,EAA0C,IAAlCxlC,KAAKk+G,SAAW52E,EAAI42E,WACrBl+G,KAAK6hH,MAAMv6E,IAIpBoa,EAAG1gD,UAAU+yC,IAAM,SAAczM,GAC/B,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQmgH,KAAKx6E,GAChDA,EAAI3lC,QAAQmgH,KAAK9hH,OAG1B0hD,EAAG1gD,UAAU+gH,KAAO,SAAez6E,GACjC,OAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQkgH,MAAMv6E,GACjDA,EAAI3lC,QAAQkgH,MAAM7hH,OAI3B0hD,EAAG1gD,UAAU+/G,MAAQ,SAAgBD,GACnCt7E,EAAwB,iBAAVs7E,GAAsBA,GAAS,GAE7C,IAAIkB,EAAsC,EAAxBl2G,KAAKmQ,KAAK6kG,EAAQ,IAChCmB,EAAWnB,EAAQ,GAGvB9gH,KAAKm/G,QAAQ6C,GAETC,EAAW,GACbD,IAIF,IAAK,IAAI7+G,EAAI,EAAGA,EAAI6+G,EAAa7+G,IAC/BnD,KAAKm+G,MAAMh7G,GAAsB,UAAhBnD,KAAKm+G,MAAMh7G,GAS9B,OALI8+G,EAAW,IACbjiH,KAAKm+G,MAAMh7G,IAAMnD,KAAKm+G,MAAMh7G,GAAM,UAAc,GAAK8+G,GAIhDjiH,KAAK8+G,SAGdp9D,EAAG1gD,UAAUmgH,KAAO,SAAeL,GACjC,OAAO9gH,KAAK2B,QAAQo/G,MAAMD,IAI5Bp/D,EAAG1gD,UAAUkhH,KAAO,SAAeC,EAAK18E,GACtCD,EAAsB,iBAAR28E,GAAoBA,GAAO,GAEzC,IAAInmF,EAAOmmF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAUjB,OARAniH,KAAKm/G,QAAQnjF,EAAM,GAGjBh8B,KAAKm+G,MAAMniF,GADTyJ,EACgBzlC,KAAKm+G,MAAMniF,GAAQ,GAAKomF,EAExBpiH,KAAKm+G,MAAMniF,KAAS,GAAKomF,GAGtCpiH,KAAK8+G,SAIdp9D,EAAG1gD,UAAUiM,KAAO,SAAeq6B,GACjC,IAAIv5B,EAkBAU,EAAGJ,EAfP,GAAsB,IAAlBrO,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,SAI7B,OAHAl+G,KAAKk+G,SAAW,EAChBnwG,EAAI/N,KAAKmN,KAAKm6B,GACdtnC,KAAKk+G,UAAY,EACVl+G,KAAKo/G,YAGP,GAAsB,IAAlBp/G,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,SAIpC,OAHA52E,EAAI42E,SAAW,EACfnwG,EAAI/N,KAAKmN,KAAKm6B,GACdA,EAAI42E,SAAW,EACRnwG,EAAEqxG,YAKPp/G,KAAKoB,OAASkmC,EAAIlmC,QACpBqN,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAIN,IADA,IAAImnC,EAAQ,EACHhkC,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAC5B4K,GAAkB,EAAbU,EAAE0vG,MAAMh7G,KAAwB,EAAbkL,EAAE8vG,MAAMh7G,IAAUgkC,EAC1CnnC,KAAKm+G,MAAMh7G,GAAS,SAAJ4K,EAChBo5B,EAAQp5B,IAAM,GAEhB,KAAiB,IAAVo5B,GAAehkC,EAAIsL,EAAErN,OAAQ+B,IAClC4K,GAAkB,EAAbU,EAAE0vG,MAAMh7G,IAAUgkC,EACvBnnC,KAAKm+G,MAAMh7G,GAAS,SAAJ4K,EAChBo5B,EAAQp5B,IAAM,GAIhB,GADA/N,KAAKoB,OAASqN,EAAErN,OACF,IAAV+lC,EACFnnC,KAAKm+G,MAAMn+G,KAAKoB,QAAU+lC,EAC1BnnC,KAAKoB,cAEA,GAAIqN,IAAMzO,KACf,KAAOmD,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAKm+G,MAAMh7G,GAAKsL,EAAE0vG,MAAMh7G,GAI5B,OAAOnD,MAIT0hD,EAAG1gD,UAAUqF,IAAM,SAAcihC,GAC/B,IAAI/3B,EACJ,OAAqB,IAAjB+3B,EAAI42E,UAAoC,IAAlBl+G,KAAKk+G,UAC7B52E,EAAI42E,SAAW,EACf3uG,EAAMvP,KAAKoN,IAAIk6B,GACfA,EAAI42E,UAAY,EACT3uG,GACmB,IAAjB+3B,EAAI42E,UAAoC,IAAlBl+G,KAAKk+G,UACpCl+G,KAAKk+G,SAAW,EAChB3uG,EAAM+3B,EAAIl6B,IAAIpN,MACdA,KAAKk+G,SAAW,EACT3uG,GAGLvP,KAAKoB,OAASkmC,EAAIlmC,OAAepB,KAAK2B,QAAQsL,KAAKq6B,GAEhDA,EAAI3lC,QAAQsL,KAAKjN,OAI1B0hD,EAAG1gD,UAAUmM,KAAO,SAAem6B,GAEjC,GAAqB,IAAjBA,EAAI42E,SAAgB,CACtB52E,EAAI42E,SAAW,EACf,IAAInwG,EAAI/N,KAAKiN,KAAKq6B,GAElB,OADAA,EAAI42E,SAAW,EACRnwG,EAAEqxG,YAGJ,GAAsB,IAAlBp/G,KAAKk+G,SAId,OAHAl+G,KAAKk+G,SAAW,EAChBl+G,KAAKiN,KAAKq6B,GACVtnC,KAAKk+G,SAAW,EACTl+G,KAAKo/G,YAId,IAWI3wG,EAAGJ,EAXHowG,EAAMz+G,KAAKy+G,IAAIn3E,GAGnB,GAAY,IAARm3E,EAIF,OAHAz+G,KAAKk+G,SAAW,EAChBl+G,KAAKoB,OAAS,EACdpB,KAAKm+G,MAAM,GAAK,EACTn+G,KAKLy+G,EAAM,GACRhwG,EAAIzO,KACJqO,EAAIi5B,IAEJ74B,EAAI64B,EACJj5B,EAAIrO,MAIN,IADA,IAAImnC,EAAQ,EACHhkC,EAAI,EAAGA,EAAIkL,EAAEjN,OAAQ+B,IAE5BgkC,GADAp5B,GAAkB,EAAbU,EAAE0vG,MAAMh7G,KAAwB,EAAbkL,EAAE8vG,MAAMh7G,IAAUgkC,IAC7B,GACbnnC,KAAKm+G,MAAMh7G,GAAS,SAAJ4K,EAElB,KAAiB,IAAVo5B,GAAehkC,EAAIsL,EAAErN,OAAQ+B,IAElCgkC,GADAp5B,GAAkB,EAAbU,EAAE0vG,MAAMh7G,IAAUgkC,IACV,GACbnnC,KAAKm+G,MAAMh7G,GAAS,SAAJ4K,EAIlB,GAAc,IAAVo5B,GAAehkC,EAAIsL,EAAErN,QAAUqN,IAAMzO,KACvC,KAAOmD,EAAIsL,EAAErN,OAAQ+B,IACnBnD,KAAKm+G,MAAMh7G,GAAKsL,EAAE0vG,MAAMh7G,GAU5B,OANAnD,KAAKoB,OAAS0K,KAAKC,IAAI/L,KAAKoB,OAAQ+B,GAEhCsL,IAAMzO,OACRA,KAAKk+G,SAAW,GAGXl+G,KAAK8+G,SAIdp9D,EAAG1gD,UAAUoM,IAAM,SAAck6B,GAC/B,OAAOtnC,KAAK2B,QAAQwL,KAAKm6B,IA+C3B,IAAI+6E,EAAc,SAAsBtkE,EAAMzW,EAAKo4E,GACjD,IAIIp5E,EACAg8E,EACAj8E,EANA53B,EAAIsvC,EAAKogE,MACT9vG,EAAIi5B,EAAI62E,MACRlmE,EAAIynE,EAAIvB,MACR3hG,EAAI,EAIJ+lG,EAAY,EAAP9zG,EAAE,GACP+zG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPj0G,EAAE,GACPk0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPp0G,EAAE,GACPq0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPv0G,EAAE,GACPw0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP10G,EAAE,GACP20G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP70G,EAAE,GACP80G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPh1G,EAAE,GACPi1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPn1G,EAAE,GACPo1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPt1G,EAAE,GACPu1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPz1G,EAAE,GACP01G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbjqE,EAAY,EAAP5rC,EAAE,GACPg2G,EAAW,KAALpqE,EACNqqE,EAAMrqE,IAAO,GACbC,EAAY,EAAP7rC,EAAE,GACPk2G,EAAW,KAALrqE,EACNsqE,EAAMtqE,IAAO,GACbC,EAAY,EAAP9rC,EAAE,GACPo2G,EAAW,KAALtqE,EACNuqE,EAAMvqE,IAAO,GACbC,EAAY,EAAP/rC,EAAE,GACPs2G,EAAW,KAALvqE,EACNwqE,EAAMxqE,IAAO,GACbC,EAAY,EAAPhsC,EAAE,GACPw2G,EAAW,KAALxqE,EACNyqE,GAAMzqE,IAAO,GACbC,GAAY,EAAPjsC,EAAE,GACP02G,GAAW,KAALzqE,GACN0qE,GAAM1qE,KAAO,GACbC,GAAY,EAAPlsC,EAAE,GACP42G,GAAW,KAAL1qE,GACN2qE,GAAM3qE,KAAO,GACbC,GAAY,EAAPnsC,EAAE,GACP82G,GAAW,KAAL3qE,GACN4qE,GAAM5qE,KAAO,GACbC,GAAY,EAAPpsC,EAAE,GACPg3G,GAAW,KAAL5qE,GACN6qE,GAAM7qE,KAAO,GACbC,GAAY,EAAPrsC,EAAE,GACPk3G,GAAW,KAAL7qE,GACN8qE,GAAM9qE,KAAO,GAEjBglE,EAAIxB,SAAWngE,EAAKmgE,SAAW52E,EAAI42E,SACnCwB,EAAIt+G,OAAS,GAMb,IAAIy7B,IAAQrgB,GAJZ8pB,EAAKx6B,KAAKuB,KAAKm1G,EAAK6B,IAIE,KAAa,MAFnC/B,GADAA,EAAMx2G,KAAKuB,KAAKm1G,EAAK8B,IACRx4G,KAAKuB,KAAKo1G,EAAK4B,GAAQ,KAEU,IAAO,EACrD7nG,IAFA6pB,EAAKv6B,KAAKuB,KAAKo1G,EAAK6B,KAEPhC,IAAQ,IAAO,IAAMzlF,KAAO,IAAO,EAChDA,IAAM,SAENyJ,EAAKx6B,KAAKuB,KAAKs1G,EAAK0B,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAKs1G,EAAK2B,IACRx4G,KAAKuB,KAAKu1G,EAAKyB,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAKu1G,EAAK0B,GAKpB,IAAIxnF,IAAQtgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAK+B,GAAQ,GAIZ,KAAa,MAFnCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKgC,GAAQ,GACvB14G,KAAKuB,KAAKo1G,EAAK8B,GAAQ,KAEU,IAAO,EACrD/nG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAK+B,GAAQ,IAErBlC,IAAQ,IAAO,IAAMxlF,KAAO,IAAO,EAChDA,IAAM,SAENwJ,EAAKx6B,KAAKuB,KAAKy1G,EAAKuB,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAKy1G,EAAKwB,IACRx4G,KAAKuB,KAAK01G,EAAKsB,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAK01G,EAAKuB,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAK4B,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAK6B,GAAQ,GACvB14G,KAAKuB,KAAKu1G,EAAK2B,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAK4B,GAAQ,EAKlC,IAAIznF,IAAQvgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAKiC,GAAQ,GAIZ,KAAa,MAFnCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKkC,GAAQ,GACvB54G,KAAKuB,KAAKo1G,EAAKgC,GAAQ,KAEU,IAAO,EACrDjoG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAKiC,GAAQ,IAErBpC,IAAQ,IAAO,IAAMvlF,KAAO,IAAO,EAChDA,IAAM,SAENuJ,EAAKx6B,KAAKuB,KAAK41G,EAAKoB,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAK41G,EAAKqB,IACRx4G,KAAKuB,KAAK61G,EAAKmB,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAK61G,EAAKoB,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKyB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAK0B,GAAQ,GACvB14G,KAAKuB,KAAK01G,EAAKwB,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKyB,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAK8B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAK+B,GAAQ,GACvB54G,KAAKuB,KAAKu1G,EAAK6B,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAK8B,GAAQ,EAKlC,IAAI1nF,IAAQxgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAKmC,GAAQ,GAIZ,KAAa,MAFnCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKoC,GAAQ,GACvB94G,KAAKuB,KAAKo1G,EAAKkC,GAAQ,KAEU,IAAO,EACrDnoG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAKmC,GAAQ,IAErBtC,IAAQ,IAAO,IAAMtlF,KAAO,IAAO,EAChDA,IAAM,SAENsJ,EAAKx6B,KAAKuB,KAAK+1G,EAAKiB,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAK+1G,EAAKkB,IACRx4G,KAAKuB,KAAKg2G,EAAKgB,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAKg2G,EAAKiB,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKsB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKuB,GAAQ,GACvB14G,KAAKuB,KAAK61G,EAAKqB,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKsB,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAK2B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAK4B,GAAQ,GACvB54G,KAAKuB,KAAK01G,EAAK0B,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAK2B,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAKgC,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAKiC,GAAQ,GACvB94G,KAAKuB,KAAKu1G,EAAK+B,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAKgC,GAAQ,EAKlC,IAAI3nF,IAAQzgB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAKqC,GAAQ,GAIZ,KAAa,MAFnCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKsC,IAAQ,GACvBh5G,KAAKuB,KAAKo1G,EAAKoC,GAAQ,KAEU,IAAO,EACrDroG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAKqC,IAAQ,IAErBxC,IAAQ,IAAO,IAAMrlF,KAAO,IAAO,EAChDA,IAAM,SAENqJ,EAAKx6B,KAAKuB,KAAKk2G,EAAKc,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAKk2G,EAAKe,IACRx4G,KAAKuB,KAAKm2G,EAAKa,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAKm2G,EAAKc,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKmB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKoB,GAAQ,GACvB14G,KAAKuB,KAAKg2G,EAAKkB,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKmB,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKwB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKyB,GAAQ,GACvB54G,KAAKuB,KAAK61G,EAAKuB,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKwB,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAK6B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAK8B,GAAQ,GACvB94G,KAAKuB,KAAK01G,EAAK4B,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAK6B,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAKkC,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAKmC,IAAQ,GACvBh5G,KAAKuB,KAAKu1G,EAAKiC,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAKkC,IAAQ,EAKlC,IAAI5nF,IAAQ1gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAKuC,IAAQ,GAIZ,KAAa,MAFnCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKwC,IAAQ,GACvBl5G,KAAKuB,KAAKo1G,EAAKsC,IAAQ,KAEU,IAAO,EACrDvoG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAKuC,IAAQ,IAErB1C,IAAQ,IAAO,IAAMplF,KAAO,IAAO,EAChDA,IAAM,SAENoJ,EAAKx6B,KAAKuB,KAAKq2G,EAAKW,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAKq2G,EAAKY,IACRx4G,KAAKuB,KAAKs2G,EAAKU,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAKs2G,EAAKW,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKgB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKiB,GAAQ,GACvB14G,KAAKuB,KAAKm2G,EAAKe,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKgB,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKqB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKsB,GAAQ,GACvB54G,KAAKuB,KAAKg2G,EAAKoB,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKqB,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAK0B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAK2B,GAAQ,GACvB94G,KAAKuB,KAAK61G,EAAKyB,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAK0B,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAK+B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAKgC,IAAQ,GACvBh5G,KAAKuB,KAAK01G,EAAK8B,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAK+B,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAKoC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAKqC,IAAQ,GACvBl5G,KAAKuB,KAAKu1G,EAAKmC,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAKoC,IAAQ,EAKlC,IAAI7nF,IAAQ3gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAKyC,IAAQ,GAIZ,KAAa,MAFnC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAK0C,IAAQ,GACvBp5G,KAAKuB,KAAKo1G,EAAKwC,IAAQ,KAEU,IAAO,EACrDzoG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAKyC,IAAQ,IAErB5C,IAAQ,IAAO,IAAMnlF,KAAO,IAAO,EAChDA,IAAM,SAENmJ,EAAKx6B,KAAKuB,KAAKw2G,EAAKQ,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAKw2G,EAAKS,IACRx4G,KAAKuB,KAAKy2G,EAAKO,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAKy2G,EAAKQ,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKa,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKc,GAAQ,GACvB14G,KAAKuB,KAAKs2G,EAAKY,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKa,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKkB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKmB,GAAQ,GACvB54G,KAAKuB,KAAKm2G,EAAKiB,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKkB,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKuB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKwB,GAAQ,GACvB94G,KAAKuB,KAAKg2G,EAAKsB,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKuB,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAK4B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAK6B,IAAQ,GACvBh5G,KAAKuB,KAAK61G,EAAK2B,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAK4B,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKiC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAKkC,IAAQ,GACvBl5G,KAAKuB,KAAK01G,EAAKgC,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKiC,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAKsC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAKuC,IAAQ,GACvBp5G,KAAKuB,KAAKu1G,EAAKqC,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAKsC,IAAQ,EAKlC,IAAI9nF,IAAQ5gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAK2C,IAAQ,GAIZ,KAAa,MAFnC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAK4C,IAAQ,GACvBt5G,KAAKuB,KAAKo1G,EAAK0C,IAAQ,KAEU,IAAO,EACrD3oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAK2C,IAAQ,IAErB9C,IAAQ,IAAO,IAAMllF,KAAO,IAAO,EAChDA,IAAM,SAENkJ,EAAKx6B,KAAKuB,KAAK22G,EAAKK,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAK22G,EAAKM,IACRx4G,KAAKuB,KAAK42G,EAAKI,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAK42G,EAAKK,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKU,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKW,GAAQ,GACvB14G,KAAKuB,KAAKy2G,EAAKS,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKU,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKe,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKgB,GAAQ,GACvB54G,KAAKuB,KAAKs2G,EAAKc,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKe,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKoB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKqB,GAAQ,GACvB94G,KAAKuB,KAAKm2G,EAAKmB,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKoB,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKyB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAK0B,IAAQ,GACvBh5G,KAAKuB,KAAKg2G,EAAKwB,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKyB,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAK8B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAK+B,IAAQ,GACvBl5G,KAAKuB,KAAK61G,EAAK6B,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAK8B,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKmC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAKoC,IAAQ,GACvBp5G,KAAKuB,KAAK01G,EAAKkC,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKmC,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAKwC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAKyC,IAAQ,GACvBt5G,KAAKuB,KAAKu1G,EAAKuC,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAKwC,IAAQ,EAKlC,IAAI/nF,IAAQ7gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAK6C,IAAQ,GAIZ,KAAa,MAFnC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAK8C,IAAQ,GACvBx5G,KAAKuB,KAAKo1G,EAAK4C,IAAQ,KAEU,IAAO,EACrD7oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAK6C,IAAQ,IAErBhD,IAAQ,IAAO,IAAMjlF,KAAO,IAAO,EAChDA,IAAM,SAENiJ,EAAKx6B,KAAKuB,KAAK82G,EAAKE,GAEpB/B,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKG,IACRx4G,KAAKuB,KAAK+2G,EAAKC,GAAQ,EACpCh+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKE,GACpBh+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKO,GAAQ,EAElCjC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKQ,GAAQ,GACvB14G,KAAKuB,KAAK42G,EAAKM,GAAQ,EACpCl+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKO,GAAQ,EAClCl+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKY,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKa,GAAQ,GACvB54G,KAAKuB,KAAKy2G,EAAKW,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKY,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKiB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKkB,GAAQ,GACvB94G,KAAKuB,KAAKs2G,EAAKgB,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKiB,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKsB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKuB,IAAQ,GACvBh5G,KAAKuB,KAAKm2G,EAAKqB,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKsB,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAK2B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAK4B,IAAQ,GACvBl5G,KAAKuB,KAAKg2G,EAAK0B,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAK2B,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKgC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKiC,IAAQ,GACvBp5G,KAAKuB,KAAK61G,EAAK+B,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKgC,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKqC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAKsC,IAAQ,GACvBt5G,KAAKuB,KAAK01G,EAAKoC,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKqC,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAK0C,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAK2C,IAAQ,GACvBx5G,KAAKuB,KAAKu1G,EAAKyC,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAK0C,IAAQ,EAKlC,IAAIhoF,IAAQ9gB,GAJZ8pB,EAAMA,EAAKx6B,KAAKuB,KAAKm1G,EAAK+C,IAAQ,GAIZ,KAAa,MAFnCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKm1G,EAAKgD,IAAQ,GACvB15G,KAAKuB,KAAKo1G,EAAK8C,IAAQ,KAEU,IAAO,EACrD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKo1G,EAAK+C,IAAQ,IAErBlD,IAAQ,IAAO,IAAMhlF,KAAO,IAAO,EAChDA,IAAM,SAENgJ,EAAKx6B,KAAKuB,KAAK82G,EAAKI,GAEpBjC,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKK,IACR14G,KAAKuB,KAAK+2G,EAAKG,GAAQ,EACpCl+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKI,GACpBl+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKS,GAAQ,EAElCnC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKU,GAAQ,GACvB54G,KAAKuB,KAAK42G,EAAKQ,GAAQ,EACpCp+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKS,GAAQ,EAClCp+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKc,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKe,GAAQ,GACvB94G,KAAKuB,KAAKy2G,EAAKa,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKc,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKmB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKoB,IAAQ,GACvBh5G,KAAKuB,KAAKs2G,EAAKkB,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKmB,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKwB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKyB,IAAQ,GACvBl5G,KAAKuB,KAAKm2G,EAAKuB,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKwB,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAK6B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAK8B,IAAQ,GACvBp5G,KAAKuB,KAAKg2G,EAAK4B,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAK6B,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKkC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKmC,IAAQ,GACvBt5G,KAAKuB,KAAK61G,EAAKiC,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKkC,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKuC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAKwC,IAAQ,GACvBx5G,KAAKuB,KAAK01G,EAAKsC,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKuC,IAAQ,EAKlC,IAAI/nF,IAAS/gB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKs1G,EAAK4C,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKs1G,EAAK6C,IAAQ,GACvB15G,KAAKuB,KAAKu1G,EAAK2C,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKu1G,EAAK4C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM/kF,KAAQ,IAAO,EACjDA,IAAO,SAEP+I,EAAKx6B,KAAKuB,KAAK82G,EAAKM,GAEpBnC,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKO,IACR54G,KAAKuB,KAAK+2G,EAAKK,GAAQ,EACpCp+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKM,GACpBp+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKW,GAAQ,EAElCrC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKY,GAAQ,GACvB94G,KAAKuB,KAAK42G,EAAKU,GAAQ,EACpCt+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKW,GAAQ,EAClCt+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKgB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKiB,IAAQ,GACvBh5G,KAAKuB,KAAKy2G,EAAKe,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKgB,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKqB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKsB,IAAQ,GACvBl5G,KAAKuB,KAAKs2G,EAAKoB,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKqB,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAK0B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAK2B,IAAQ,GACvBp5G,KAAKuB,KAAKm2G,EAAKyB,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAK0B,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAK+B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKgC,IAAQ,GACvBt5G,KAAKuB,KAAKg2G,EAAK8B,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAK+B,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKoC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKqC,IAAQ,GACvBx5G,KAAKuB,KAAK61G,EAAKmC,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKoC,IAAQ,EAKlC,IAAI9nF,IAAShhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKy1G,EAAKyC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKy1G,EAAK0C,IAAQ,GACvB15G,KAAKuB,KAAK01G,EAAKwC,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK01G,EAAKyC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM9kF,KAAQ,IAAO,EACjDA,IAAO,SAEP8I,EAAKx6B,KAAKuB,KAAK82G,EAAKQ,GAEpBrC,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKS,IACR94G,KAAKuB,KAAK+2G,EAAKO,GAAQ,EACpCt+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKQ,GACpBt+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKa,GAAQ,EAElCvC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKc,IAAQ,GACvBh5G,KAAKuB,KAAK42G,EAAKY,GAAQ,EACpCx+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKa,IAAQ,EAClCx+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKkB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKmB,IAAQ,GACvBl5G,KAAKuB,KAAKy2G,EAAKiB,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKkB,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKuB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAKwB,IAAQ,GACvBp5G,KAAKuB,KAAKs2G,EAAKsB,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKuB,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAK4B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAK6B,IAAQ,GACvBt5G,KAAKuB,KAAKm2G,EAAK2B,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAK4B,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKiC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKkC,IAAQ,GACvBx5G,KAAKuB,KAAKg2G,EAAKgC,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKiC,IAAQ,EAKlC,IAAI7nF,IAASjhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAK41G,EAAKsC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK41G,EAAKuC,IAAQ,GACvB15G,KAAKuB,KAAK61G,EAAKqC,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK61G,EAAKsC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM7kF,KAAQ,IAAO,EACjDA,IAAO,SAEP6I,EAAKx6B,KAAKuB,KAAK82G,EAAKU,GAEpBvC,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKW,KACRh5G,KAAKuB,KAAK+2G,EAAKS,GAAQ,EACpCx+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKU,IACpBx+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKe,IAAQ,EAElCzC,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKgB,IAAQ,GACvBl5G,KAAKuB,KAAK42G,EAAKc,IAAQ,EACpC1+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKe,IAAQ,EAClC1+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKoB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKqB,IAAQ,GACvBp5G,KAAKuB,KAAKy2G,EAAKmB,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKoB,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAKyB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAK0B,IAAQ,GACvBt5G,KAAKuB,KAAKs2G,EAAKwB,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAKyB,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAK8B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAK+B,IAAQ,GACvBx5G,KAAKuB,KAAKm2G,EAAK6B,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAK8B,IAAQ,EAKlC,IAAI5nF,IAASlhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAK+1G,EAAKmC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK+1G,EAAKoC,IAAQ,GACvB15G,KAAKuB,KAAKg2G,EAAKkC,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKg2G,EAAKmC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM5kF,KAAQ,IAAO,EACjDA,IAAO,SAEP4I,EAAKx6B,KAAKuB,KAAK82G,EAAKY,IAEpBzC,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKa,KACRl5G,KAAKuB,KAAK+2G,EAAKW,IAAQ,EACpC1+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKY,IACpB1+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKiB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKkB,IAAQ,GACvBp5G,KAAKuB,KAAK42G,EAAKgB,IAAQ,EACpC5+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKiB,IAAQ,EAClC5+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKsB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKuB,IAAQ,GACvBt5G,KAAKuB,KAAKy2G,EAAKqB,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKsB,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAK2B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAK4B,IAAQ,GACvBx5G,KAAKuB,KAAKs2G,EAAK0B,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAK2B,IAAQ,EAKlC,IAAI3nF,IAASnhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKk2G,EAAKgC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKk2G,EAAKiC,IAAQ,GACvB15G,KAAKuB,KAAKm2G,EAAK+B,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKm2G,EAAKgC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM3kF,KAAQ,IAAO,EACjDA,IAAO,SAEP2I,EAAKx6B,KAAKuB,KAAK82G,EAAKc,IAEpB3C,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKe,KACRp5G,KAAKuB,KAAK+2G,EAAKa,IAAQ,EACpC5+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKc,IACpB5+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKmB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKoB,IAAQ,GACvBt5G,KAAKuB,KAAK42G,EAAKkB,IAAQ,EACpC9+E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKmB,IAAQ,EAClC9+E,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAKwB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAKyB,IAAQ,GACvBx5G,KAAKuB,KAAKy2G,EAAKuB,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAKwB,IAAQ,EAKlC,IAAI1nF,IAASphB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKq2G,EAAK6B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKq2G,EAAK8B,IAAQ,GACvB15G,KAAKuB,KAAKs2G,EAAK4B,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKs2G,EAAK6B,IAAQ,IAErBlD,IAAQ,IAAO,IAAM1kF,KAAQ,IAAO,EACjDA,IAAO,SAEP0I,EAAKx6B,KAAKuB,KAAK82G,EAAKgB,IAEpB7C,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKiB,KACRt5G,KAAKuB,KAAK+2G,EAAKe,IAAQ,EACpC9+E,EAAKv6B,KAAKuB,KAAK+2G,EAAKgB,IACpB9+E,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKqB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKsB,IAAQ,GACvBx5G,KAAKuB,KAAK42G,EAAKoB,IAAQ,EACpCh/E,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKqB,IAAQ,EAKlC,IAAIznF,IAASrhB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAKw2G,EAAK0B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAKw2G,EAAK2B,IAAQ,GACvB15G,KAAKuB,KAAKy2G,EAAKyB,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAKy2G,EAAK0B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMzkF,KAAQ,IAAO,EACjDA,IAAO,SAEPyI,EAAKx6B,KAAKuB,KAAK82G,EAAKkB,IAEpB/C,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKmB,KACRx5G,KAAKuB,KAAK+2G,EAAKiB,IAAQ,EACpCh/E,EAAKv6B,KAAKuB,KAAK+2G,EAAKkB,IAKpB,IAAIxnF,IAASthB,GAJb8pB,EAAMA,EAAKx6B,KAAKuB,KAAK22G,EAAKuB,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMx2G,KAAKuB,KAAK22G,EAAKwB,IAAQ,GACvB15G,KAAKuB,KAAK42G,EAAKsB,IAAQ,KAEW,IAAO,EACtD/oG,IAFA6pB,EAAMA,EAAKv6B,KAAKuB,KAAK42G,EAAKuB,IAAQ,IAErBlD,IAAQ,IAAO,IAAMxkF,KAAQ,IAAO,EACjDA,IAAO,SAMP,IAAIC,IAASvhB,GAJb8pB,EAAKx6B,KAAKuB,KAAK82G,EAAKoB,KAIG,KAAa,MAFpCjD,GADAA,EAAMx2G,KAAKuB,KAAK82G,EAAKqB,KACR15G,KAAKuB,KAAK+2G,EAAKmB,IAAQ,KAEW,IAAO,EA0BtD,OAzBA/oG,IAFA6pB,EAAKv6B,KAAKuB,KAAK+2G,EAAKoB,MAEPlD,IAAQ,IAAO,IAAMvkF,KAAQ,IAAO,EACjDA,IAAO,SACPka,EAAE,GAAKpb,GACPob,EAAE,GAAKnb,GACPmb,EAAE,GAAKlb,GACPkb,EAAE,GAAKjb,GACPib,EAAE,GAAKhb,GACPgb,EAAE,GAAK/a,GACP+a,EAAE,GAAK9a,GACP8a,EAAE,GAAK7a,GACP6a,EAAE,GAAK5a,GACP4a,EAAE,GAAK3a,GACP2a,EAAE,IAAM1a,GACR0a,EAAE,IAAMza,GACRya,EAAE,IAAMxa,GACRwa,EAAE,IAAMva,GACRua,EAAE,IAAMta,GACRsa,EAAE,IAAMra,GACRqa,EAAE,IAAMpa,GACRoa,EAAE,IAAMna,GACRma,EAAE,IAAMla,GACE,IAANvhB,IACFy7B,EAAE,IAAMz7B,EACRkjG,EAAIt+G,UAECs+G,GAiDT,SAAS+F,EAAY1nE,EAAMzW,EAAKo4E,GAE9B,OADW,IAAIgG,GACHC,KAAK5nE,EAAMzW,EAAKo4E,GAsB9B,SAASgG,EAAMx4G,EAAGoB,GAChBtO,KAAKkN,EAAIA,EACTlN,KAAKsO,EAAIA,EAvENxC,KAAKuB,OACRg1G,EAAc5C,GAiDhB/9D,EAAG1gD,UAAU4kH,MAAQ,SAAgBt+E,EAAKo4E,GACxC,IAAInwG,EACAY,EAAMnQ,KAAKoB,OAASkmC,EAAIlmC,OAW5B,OATEmO,EADkB,KAAhBvP,KAAKoB,QAAgC,KAAfkmC,EAAIlmC,OACtBihH,EAAYriH,KAAMsnC,EAAKo4E,GACpBvvG,EAAM,GACTsvG,EAAWz/G,KAAMsnC,EAAKo4E,GACnBvvG,EAAM,KArDnB,SAAmB4tC,EAAMzW,EAAKo4E,GAC5BA,EAAIxB,SAAW52E,EAAI42E,SAAWngE,EAAKmgE,SACnCwB,EAAIt+G,OAAS28C,EAAK38C,OAASkmC,EAAIlmC,OAI/B,IAFA,IAAI+lC,EAAQ,EACR0+E,EAAU,EACLxpG,EAAI,EAAGA,EAAIqjG,EAAIt+G,OAAS,EAAGib,IAAK,CAGvC,IAAIsjG,EAASkG,EACbA,EAAU,EAGV,IAFA,IAAIjG,EAAgB,SAARz4E,EACR04E,EAAO/zG,KAAKoyC,IAAI7hC,EAAGirB,EAAIlmC,OAAS,GAC3B2b,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAI0hC,EAAK38C,OAAS,GAAI2b,GAAK8iG,EAAM9iG,IAAK,CAC7D,IAAI5Z,EAAIkZ,EAAIU,EAGRhP,GAFoB,EAAhBgwC,EAAKogE,MAAMh7G,KACI,EAAfmkC,EAAI62E,MAAMphG,IAGdupB,EAAS,SAAJv4B,EAGT6xG,EAAa,UADbt5E,EAAMA,EAAKs5E,EAAS,GAIpBiG,IAFAlG,GAHAA,EAAUA,GAAW5xG,EAAI,SAAa,GAAM,IAGxBu4B,IAAO,IAAO,KAEZ,GACtBq5E,GAAU,SAEZD,EAAIvB,MAAM9hG,GAAKujG,EACfz4E,EAAQw4E,EACRA,EAASkG,EAQX,OANc,IAAV1+E,EACFu4E,EAAIvB,MAAM9hG,GAAK8qB,EAEfu4E,EAAIt+G,SAGCs+G,EAAIZ,QAgBHgH,CAAS9lH,KAAMsnC,EAAKo4E,GAEpB+F,EAAWzlH,KAAMsnC,EAAKo4E,GAGvBnwG,GAWTm2G,EAAK1kH,UAAU+kH,QAAU,SAAkBC,GAGzC,IAFA,IAAI3nG,EAAQxe,MAAMmmH,GACdjvF,EAAI2qB,EAAG1gD,UAAUy/G,WAAWuF,GAAK,EAC5B7iH,EAAI,EAAGA,EAAI6iH,EAAG7iH,IACrBkb,EAAElb,GAAKnD,KAAKimH,OAAO9iH,EAAG4zB,EAAGivF,GAG3B,OAAO3nG,GAITqnG,EAAK1kH,UAAUilH,OAAS,SAAiB/4G,EAAG6pB,EAAGivF,GAC7C,GAAU,IAAN94G,GAAWA,IAAM84G,EAAI,EAAG,OAAO94G,EAGnC,IADA,IAAIg5G,EAAK,EACA/iH,EAAI,EAAGA,EAAI4zB,EAAG5zB,IACrB+iH,IAAW,EAAJh5G,IAAW6pB,EAAI5zB,EAAI,EAC1B+J,IAAM,EAGR,OAAOg5G,GAKTR,EAAK1kH,UAAU4vE,QAAU,SAAkBu1C,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GACpE,IAAK,IAAI7iH,EAAI,EAAGA,EAAI6iH,EAAG7iH,IACrBmjH,EAAKnjH,GAAKijH,EAAID,EAAIhjH,IAClBojH,EAAKpjH,GAAKkjH,EAAIF,EAAIhjH,KAItBuiH,EAAK1kH,UAAUuH,UAAY,SAAoB69G,EAAKC,EAAKC,EAAMC,EAAMP,EAAGG,GACtEnmH,KAAK4wE,QAAQu1C,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GAExC,IAAK,IAAI/nG,EAAI,EAAGA,EAAI+nG,EAAG/nG,IAAM,EAM3B,IALA,IAAI8Y,EAAI9Y,GAAK,EAETuoG,EAAQ16G,KAAK26G,IAAI,EAAI36G,KAAK46G,GAAK3vF,GAC/B4vF,EAAQ76G,KAAK86G,IAAI,EAAI96G,KAAK46G,GAAK3vF,GAE1BtE,EAAI,EAAGA,EAAIuzF,EAAGvzF,GAAKsE,EAI1B,IAHA,IAAI8vF,EAASL,EACTM,EAASH,EAEJ5pG,EAAI,EAAGA,EAAIkB,EAAGlB,IAAK,CAC1B,IAAIgqG,EAAKT,EAAK7zF,EAAI1V,GACdiqG,EAAKT,EAAK9zF,EAAI1V,GAEdkqG,EAAKX,EAAK7zF,EAAI1V,EAAIkB,GAClBipG,EAAKX,EAAK9zF,EAAI1V,EAAIkB,GAElBhQ,EAAK44G,EAASI,EAAKH,EAASI,EAEhCA,EAAKL,EAASK,EAAKJ,EAASG,EAC5BA,EAAKh5G,EAELq4G,EAAK7zF,EAAI1V,GAAKgqG,EAAKE,EACnBV,EAAK9zF,EAAI1V,GAAKiqG,EAAKE,EAEnBZ,EAAK7zF,EAAI1V,EAAIkB,GAAK8oG,EAAKE,EACvBV,EAAK9zF,EAAI1V,EAAIkB,GAAK+oG,EAAKE,EAGnBnqG,IAAMga,IACR9oB,EAAKu4G,EAAQK,EAASF,EAAQG,EAE9BA,EAASN,EAAQM,EAASH,EAAQE,EAClCA,EAAS54G,KAOnBy3G,EAAK1kH,UAAUmmH,YAAc,SAAsB36G,EAAGgB,GACpD,IAAIw4G,EAAqB,EAAjBl6G,KAAKC,IAAIyB,EAAGhB,GAChB46G,EAAU,EAAJpB,EACN7iH,EAAI,EACR,IAAK6iH,EAAIA,EAAI,EAAI,EAAGA,EAAGA,KAAU,EAC/B7iH,IAGF,OAAO,GAAKA,EAAI,EAAIikH,GAGtB1B,EAAK1kH,UAAUqmH,UAAY,SAAoBjB,EAAKC,EAAKL,GACvD,KAAIA,GAAK,GAET,IAAK,IAAI7iH,EAAI,EAAGA,EAAI6iH,EAAI,EAAG7iH,IAAK,CAC9B,IAAIkb,EAAI+nG,EAAIjjH,GAEZijH,EAAIjjH,GAAKijH,EAAIJ,EAAI7iH,EAAI,GACrBijH,EAAIJ,EAAI7iH,EAAI,GAAKkb,EAEjBA,EAAIgoG,EAAIljH,GAERkjH,EAAIljH,IAAMkjH,EAAIL,EAAI7iH,EAAI,GACtBkjH,EAAIL,EAAI7iH,EAAI,IAAMkb,IAItBqnG,EAAK1kH,UAAUsmH,aAAe,SAAuBC,EAAIvB,GAEvD,IADA,IAAI7+E,EAAQ,EACHhkC,EAAI,EAAGA,EAAI6iH,EAAI,EAAG7iH,IAAK,CAC9B,IAAIq0B,EAAoC,KAAhC1rB,KAAK6rB,MAAM4vF,EAAG,EAAIpkH,EAAI,GAAK6iH,GACjCl6G,KAAK6rB,MAAM4vF,EAAG,EAAIpkH,GAAK6iH,GACvB7+E,EAEFogF,EAAGpkH,GAAS,SAAJq0B,EAGN2P,EADE3P,EAAI,SACE,EAEAA,EAAI,SAAY,EAI5B,OAAO+vF,GAGT7B,EAAK1kH,UAAUwmH,WAAa,SAAqBD,EAAIp3G,EAAKi2G,EAAKJ,GAE7D,IADA,IAAI7+E,EAAQ,EACHhkC,EAAI,EAAGA,EAAIgN,EAAKhN,IACvBgkC,GAAyB,EAARogF,EAAGpkH,GAEpBijH,EAAI,EAAIjjH,GAAa,KAARgkC,EAAgBA,KAAkB,GAC/Ci/E,EAAI,EAAIjjH,EAAI,GAAa,KAARgkC,EAAgBA,KAAkB,GAIrD,IAAKhkC,EAAI,EAAIgN,EAAKhN,EAAI6iH,IAAK7iH,EACzBijH,EAAIjjH,GAAK,EAGXqiC,EAAiB,IAAV2B,GACP3B,EAA6B,KAAb,KAAR2B,KAGVu+E,EAAK1kH,UAAUymH,KAAO,SAAezB,GAEnC,IADA,IAAI0B,EAAS7nH,MAAMmmH,GACV7iH,EAAI,EAAGA,EAAI6iH,EAAG7iH,IACrBukH,EAAGvkH,GAAK,EAGV,OAAOukH,GAGThC,EAAK1kH,UAAU2kH,KAAO,SAAez4G,EAAGoB,EAAGoxG,GACzC,IAAIsG,EAAI,EAAIhmH,KAAKmnH,YAAYj6G,EAAE9L,OAAQkN,EAAElN,QAErC+kH,EAAMnmH,KAAK+lH,QAAQC,GAEnBthE,EAAI1kD,KAAKynH,KAAKzB,GAEdI,EAAUvmH,MAAMmmH,GAChB2B,EAAW9nH,MAAMmmH,GACjB4B,EAAW/nH,MAAMmmH,GAEjB6B,EAAWhoH,MAAMmmH,GACjB8B,EAAYjoH,MAAMmmH,GAClB+B,EAAYloH,MAAMmmH,GAElBgC,EAAOtI,EAAIvB,MACf6J,EAAK5mH,OAAS4kH,EAEdhmH,KAAKwnH,WAAWt6G,EAAEixG,MAAOjxG,EAAE9L,OAAQglH,EAAKJ,GACxChmH,KAAKwnH,WAAWl5G,EAAE6vG,MAAO7vG,EAAElN,OAAQymH,EAAM7B,GAEzChmH,KAAKuI,UAAU69G,EAAK1hE,EAAGijE,EAAMC,EAAM5B,EAAGG,GACtCnmH,KAAKuI,UAAUs/G,EAAMnjE,EAAGojE,EAAOC,EAAO/B,EAAGG,GAEzC,IAAK,IAAIhjH,EAAI,EAAGA,EAAI6iH,EAAG7iH,IAAK,CAC1B,IAAI8K,EAAK05G,EAAKxkH,GAAK2kH,EAAM3kH,GAAKykH,EAAKzkH,GAAK4kH,EAAM5kH,GAC9CykH,EAAKzkH,GAAKwkH,EAAKxkH,GAAK4kH,EAAM5kH,GAAKykH,EAAKzkH,GAAK2kH,EAAM3kH,GAC/CwkH,EAAKxkH,GAAK8K,EAUZ,OAPAjO,KAAKqnH,UAAUM,EAAMC,EAAM5B,GAC3BhmH,KAAKuI,UAAUo/G,EAAMC,EAAMI,EAAMtjE,EAAGshE,EAAGG,GACvCnmH,KAAKqnH,UAAUW,EAAMtjE,EAAGshE,GACxBhmH,KAAKsnH,aAAaU,EAAMhC,GAExBtG,EAAIxB,SAAWhxG,EAAEgxG,SAAW5vG,EAAE4vG,SAC9BwB,EAAIt+G,OAAS8L,EAAE9L,OAASkN,EAAElN,OACnBs+G,EAAIZ,SAIbp9D,EAAG1gD,UAAUsM,IAAM,SAAcg6B,GAC/B,IAAIo4E,EAAM,IAAIh+D,EAAG,MAEjB,OADAg+D,EAAIvB,MAAYt+G,MAAMG,KAAKoB,OAASkmC,EAAIlmC,QACjCpB,KAAK4lH,MAAMt+E,EAAKo4E,IAIzBh+D,EAAG1gD,UAAUinH,KAAO,SAAe3gF,GACjC,IAAIo4E,EAAM,IAAIh+D,EAAG,MAEjB,OADAg+D,EAAIvB,MAAYt+G,MAAMG,KAAKoB,OAASkmC,EAAIlmC,QACjCqkH,EAAWzlH,KAAMsnC,EAAKo4E,IAI/Bh+D,EAAG1gD,UAAUqM,KAAO,SAAei6B,GACjC,OAAOtnC,KAAK2B,QAAQikH,MAAMt+E,EAAKtnC,OAGjC0hD,EAAG1gD,UAAUi+G,MAAQ,SAAgB33E,GACnC9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UAIb,IADA,IAAIH,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CACpC,IAAIq0B,GAAqB,EAAhBx3B,KAAKm+G,MAAMh7G,IAAUmkC,EAC1BhB,GAAU,SAAJ9O,IAA0B,SAAR2P,GAC5BA,IAAU,GACVA,GAAU3P,EAAI,SAAa,EAE3B2P,GAASb,IAAO,GAChBtmC,KAAKm+G,MAAMh7G,GAAU,SAALmjC,EAQlB,OALc,IAAVa,IACFnnC,KAAKm+G,MAAMh7G,GAAKgkC,EAChBnnC,KAAKoB,UAGApB,MAGT0hD,EAAG1gD,UAAUknH,KAAO,SAAe5gF,GACjC,OAAOtnC,KAAK2B,QAAQs9G,MAAM33E,IAI5Boa,EAAG1gD,UAAUmnH,IAAM,WACjB,OAAOnoH,KAAKsN,IAAItN,OAIlB0hD,EAAG1gD,UAAUonH,KAAO,WAClB,OAAOpoH,KAAKqN,KAAKrN,KAAK2B,UAIxB+/C,EAAG1gD,UAAUkxC,IAAM,SAAc5K,GAC/B,IAAI9P,EAxxCN,SAAqB8P,GAGnB,IAFA,IAAI9P,EAAQ33B,MAAMynC,EAAIz3B,aAEbsyG,EAAM,EAAGA,EAAM3qF,EAAEp2B,OAAQ+gH,IAAO,CACvC,IAAInmF,EAAOmmF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAEjB3qF,EAAE2qF,IAAQ76E,EAAI62E,MAAMniF,GAAQ,GAAKomF,KAAWA,EAG9C,OAAO5qF,EA8wCC6wF,CAAW/gF,GACnB,GAAiB,IAAb9P,EAAEp2B,OAAc,OAAO,IAAIsgD,EAAG,GAIlC,IADA,IAAInyC,EAAMvP,KACDmD,EAAI,EAAGA,EAAIq0B,EAAEp2B,QACP,IAATo2B,EAAEr0B,GADsBA,IAAKoM,EAAMA,EAAI44G,OAI7C,KAAMhlH,EAAIq0B,EAAEp2B,OACV,IAAK,IAAIsN,EAAIa,EAAI44G,MAAOhlH,EAAIq0B,EAAEp2B,OAAQ+B,IAAKuL,EAAIA,EAAEy5G,MAClC,IAAT3wF,EAAEr0B,KAENoM,EAAMA,EAAIjC,IAAIoB,IAIlB,OAAOa,GAITmyC,EAAG1gD,UAAUsnH,OAAS,SAAiB3pG,GACrC6mB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAC3C,IAGIxb,EAHA4K,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GACjBw6G,EAAa,WAAe,GAAKx6G,GAAQ,GAAKA,EAGlD,GAAU,IAANA,EAAS,CACX,IAAIo5B,EAAQ,EAEZ,IAAKhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAAK,CAChC,IAAIqlH,EAAWxoH,KAAKm+G,MAAMh7G,GAAKolH,EAC3B/rG,GAAsB,EAAhBxc,KAAKm+G,MAAMh7G,IAAUqlH,GAAaz6G,EAC5C/N,KAAKm+G,MAAMh7G,GAAKqZ,EAAI2qB,EACpBA,EAAQqhF,IAAc,GAAKz6G,EAGzBo5B,IACFnnC,KAAKm+G,MAAMh7G,GAAKgkC,EAChBnnC,KAAKoB,UAIT,GAAU,IAAN6c,EAAS,CACX,IAAK9a,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAChCnD,KAAKm+G,MAAMh7G,EAAI8a,GAAKje,KAAKm+G,MAAMh7G,GAGjC,IAAKA,EAAI,EAAGA,EAAI8a,EAAG9a,IACjBnD,KAAKm+G,MAAMh7G,GAAK,EAGlBnD,KAAKoB,QAAU6c,EAGjB,OAAOje,KAAK8+G,SAGdp9D,EAAG1gD,UAAUynH,MAAQ,SAAgB9pG,GAGnC,OADA6mB,EAAyB,IAAlBxlC,KAAKk+G,UACLl+G,KAAKsoH,OAAO3pG,IAMrB+iC,EAAG1gD,UAAUw/G,OAAS,SAAiB7hG,EAAM+pG,EAAMC,GAEjD,IAAIpsG,EADJipB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAGzCpC,EADEmsG,GACGA,EAAQA,EAAO,IAAO,GAEvB,EAGN,IAAI36G,EAAI4Q,EAAO,GACXV,EAAInS,KAAKoyC,KAAKv/B,EAAO5Q,GAAK,GAAI/N,KAAKoB,QACnC6wC,EAAO,SAAc,WAAclkC,GAAMA,EACzC66G,EAAcD,EAMlB,GAHApsG,EAAIzQ,KAAKC,IAAI,EADbwQ,GAAK0B,GAID2qG,EAAa,CACf,IAAK,IAAIzlH,EAAI,EAAGA,EAAI8a,EAAG9a,IACrBylH,EAAYzK,MAAMh7G,GAAKnD,KAAKm+G,MAAMh7G,GAEpCylH,EAAYxnH,OAAS6c,EAGvB,GAAU,IAANA,QAEG,GAAIje,KAAKoB,OAAS6c,EAEvB,IADAje,KAAKoB,QAAU6c,EACV9a,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAC3BnD,KAAKm+G,MAAMh7G,GAAKnD,KAAKm+G,MAAMh7G,EAAI8a,QAGjCje,KAAKm+G,MAAM,GAAK,EAChBn+G,KAAKoB,OAAS,EAGhB,IAAI+lC,EAAQ,EACZ,IAAKhkC,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,IAAgB,IAAVgkC,GAAehkC,GAAKoZ,GAAIpZ,IAAK,CAChE,IAAIujC,EAAuB,EAAhB1mC,KAAKm+G,MAAMh7G,GACtBnD,KAAKm+G,MAAMh7G,GAAMgkC,GAAU,GAAKp5B,EAAO24B,IAAS34B,EAChDo5B,EAAQT,EAAOuL,EAajB,OATI22E,GAAyB,IAAVzhF,IACjByhF,EAAYzK,MAAMyK,EAAYxnH,UAAY+lC,GAGxB,IAAhBnnC,KAAKoB,SACPpB,KAAKm+G,MAAM,GAAK,EAChBn+G,KAAKoB,OAAS,GAGTpB,KAAK8+G,SAGdp9D,EAAG1gD,UAAU6nH,MAAQ,SAAgBlqG,EAAM+pG,EAAMC,GAG/C,OADAnjF,EAAyB,IAAlBxlC,KAAKk+G,UACLl+G,KAAKwgH,OAAO7hG,EAAM+pG,EAAMC,IAIjCjnE,EAAG1gD,UAAU8nH,KAAO,SAAenqG,GACjC,OAAO3e,KAAK2B,QAAQ8mH,MAAM9pG,IAG5B+iC,EAAG1gD,UAAU+nH,MAAQ,SAAgBpqG,GACnC,OAAO3e,KAAK2B,QAAQ2mH,OAAO3pG,IAI7B+iC,EAAG1gD,UAAUgoH,KAAO,SAAerqG,GACjC,OAAO3e,KAAK2B,QAAQknH,MAAMlqG,IAG5B+iC,EAAG1gD,UAAUioH,MAAQ,SAAgBtqG,GACnC,OAAO3e,KAAK2B,QAAQ6+G,OAAO7hG,IAI7B+iC,EAAG1gD,UAAUkgH,MAAQ,SAAgBiB,GACnC38E,EAAsB,iBAAR28E,GAAoBA,GAAO,GACzC,IAAIp0G,EAAIo0G,EAAM,GACVlkG,GAAKkkG,EAAMp0G,GAAK,GAChBW,EAAI,GAAKX,EAGb,QAAI/N,KAAKoB,QAAU6c,OAGXje,KAAKm+G,MAAMlgG,GAELvP,IAIhBgzC,EAAG1gD,UAAUkoH,OAAS,SAAiBvqG,GACrC6mB,EAAuB,iBAAT7mB,GAAqBA,GAAQ,GAC3C,IAAI5Q,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GAIrB,GAFAy3B,EAAyB,IAAlBxlC,KAAKk+G,SAAgB,2CAExBl+G,KAAKoB,QAAU6c,EACjB,OAAOje,KAQT,GALU,IAAN+N,GACFkQ,IAEFje,KAAKoB,OAAS0K,KAAKoyC,IAAIjgC,EAAGje,KAAKoB,QAErB,IAAN2M,EAAS,CACX,IAAIkkC,EAAO,SAAc,WAAclkC,GAAMA,EAC7C/N,KAAKm+G,MAAMn+G,KAAKoB,OAAS,IAAM6wC,EAGjC,OAAOjyC,KAAK8+G,SAIdp9D,EAAG1gD,UAAUmoH,MAAQ,SAAgBxqG,GACnC,OAAO3e,KAAK2B,QAAQunH,OAAOvqG,IAI7B+iC,EAAG1gD,UAAUggH,MAAQ,SAAgB15E,GAGnC,OAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAUtnC,KAAKopH,OAAO9hF,GAGV,IAAlBtnC,KAAKk+G,SACa,IAAhBl+G,KAAKoB,SAAiC,EAAhBpB,KAAKm+G,MAAM,IAAU72E,GAC7CtnC,KAAKm+G,MAAM,GAAK72E,GAAuB,EAAhBtnC,KAAKm+G,MAAM,IAClCn+G,KAAKk+G,SAAW,EACTl+G,OAGTA,KAAKk+G,SAAW,EAChBl+G,KAAKopH,MAAM9hF,GACXtnC,KAAKk+G,SAAW,EACTl+G,MAIFA,KAAKk/G,OAAO53E,IAGrBoa,EAAG1gD,UAAUk+G,OAAS,SAAiB53E,GACrCtnC,KAAKm+G,MAAM,IAAM72E,EAGjB,IAAK,IAAInkC,EAAI,EAAGA,EAAInD,KAAKoB,QAAUpB,KAAKm+G,MAAMh7G,IAAM,SAAWA,IAC7DnD,KAAKm+G,MAAMh7G,IAAM,SACbA,IAAMnD,KAAKoB,OAAS,EACtBpB,KAAKm+G,MAAMh7G,EAAI,GAAK,EAEpBnD,KAAKm+G,MAAMh7G,EAAI,KAKnB,OAFAnD,KAAKoB,OAAS0K,KAAKC,IAAI/L,KAAKoB,OAAQ+B,EAAI,GAEjCnD,MAIT0hD,EAAG1gD,UAAUooH,MAAQ,SAAgB9hF,GAGnC,GAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAG,OAAOtnC,KAAKghH,OAAO15E,GAEhC,GAAsB,IAAlBtnC,KAAKk+G,SAIP,OAHAl+G,KAAKk+G,SAAW,EAChBl+G,KAAKghH,MAAM15E,GACXtnC,KAAKk+G,SAAW,EACTl+G,KAKT,GAFAA,KAAKm+G,MAAM,IAAM72E,EAEG,IAAhBtnC,KAAKoB,QAAgBpB,KAAKm+G,MAAM,GAAK,EACvCn+G,KAAKm+G,MAAM,IAAMn+G,KAAKm+G,MAAM,GAC5Bn+G,KAAKk+G,SAAW,OAGhB,IAAK,IAAI/6G,EAAI,EAAGA,EAAInD,KAAKoB,QAAUpB,KAAKm+G,MAAMh7G,GAAK,EAAGA,IACpDnD,KAAKm+G,MAAMh7G,IAAM,SACjBnD,KAAKm+G,MAAMh7G,EAAI,IAAM,EAIzB,OAAOnD,KAAK8+G,SAGdp9D,EAAG1gD,UAAUqoH,KAAO,SAAe/hF,GACjC,OAAOtnC,KAAK2B,QAAQq/G,MAAM15E,IAG5Boa,EAAG1gD,UAAU8gD,KAAO,SAAexa,GACjC,OAAOtnC,KAAK2B,QAAQynH,MAAM9hF,IAG5Boa,EAAG1gD,UAAUsoH,KAAO,WAGlB,OAFAtpH,KAAKk+G,SAAW,EAETl+G,MAGT0hD,EAAG1gD,UAAUsO,IAAM,WACjB,OAAOtP,KAAK2B,QAAQ2nH,QAGtB5nE,EAAG1gD,UAAUuoH,aAAe,SAAuBjiF,EAAKh6B,EAAKhH,GAC3D,IACInD,EAIAq0B,EALArnB,EAAMm3B,EAAIlmC,OAASkF,EAGvBtG,KAAKm/G,QAAQhvG,GAGb,IAAIg3B,EAAQ,EACZ,IAAKhkC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CAC/Bq0B,GAA6B,EAAxBx3B,KAAKm+G,MAAMh7G,EAAImD,IAAc6gC,EAClC,IAAI9S,GAAwB,EAAfiT,EAAI62E,MAAMh7G,IAAUmK,EAEjC65B,IADA3P,GAAa,SAARnD,IACS,KAAQA,EAAQ,SAAa,GAC3Cr0B,KAAKm+G,MAAMh7G,EAAImD,GAAa,SAAJkxB,EAE1B,KAAOr0B,EAAInD,KAAKoB,OAASkF,EAAOnD,IAE9BgkC,GADA3P,GAA6B,EAAxBx3B,KAAKm+G,MAAMh7G,EAAImD,IAAc6gC,IACrB,GACbnnC,KAAKm+G,MAAMh7G,EAAImD,GAAa,SAAJkxB,EAG1B,GAAc,IAAV2P,EAAa,OAAOnnC,KAAK8+G,QAK7B,IAFAt5E,GAAkB,IAAX2B,GACPA,EAAQ,EACHhkC,EAAI,EAAGA,EAAInD,KAAKoB,OAAQ+B,IAE3BgkC,GADA3P,IAAsB,EAAhBx3B,KAAKm+G,MAAMh7G,IAAUgkC,IACd,GACbnnC,KAAKm+G,MAAMh7G,GAAS,SAAJq0B,EAIlB,OAFAx3B,KAAKk+G,SAAW,EAETl+G,KAAK8+G,SAGdp9D,EAAG1gD,UAAUwoH,SAAW,SAAmBliF,EAAKnZ,GAC9C,IAAI7nB,GAAQtG,KAAKoB,OAASkmC,EAAIlmC,QAE1BqN,EAAIzO,KAAK2B,QACT0M,EAAIi5B,EAGJmiF,EAA8B,EAAxBp7G,EAAE8vG,MAAM9vG,EAAEjN,OAAS,GAGf,KADdkF,EAAQ,GADMtG,KAAKygH,WAAWgJ,MAG5Bp7G,EAAIA,EAAE06G,MAAMziH,GACZmI,EAAE65G,OAAOhiH,GACTmjH,EAA8B,EAAxBp7G,EAAE8vG,MAAM9vG,EAAEjN,OAAS,IAI3B,IACIsN,EADAlB,EAAIiB,EAAErN,OAASiN,EAAEjN,OAGrB,GAAa,QAAT+sB,EAAgB,EAClBzf,EAAI,IAAIgzC,EAAG,OACTtgD,OAASoM,EAAI,EACfkB,EAAEyvG,MAAYt+G,MAAM6O,EAAEtN,QACtB,IAAK,IAAI+B,EAAI,EAAGA,EAAIuL,EAAEtN,OAAQ+B,IAC5BuL,EAAEyvG,MAAMh7G,GAAK,EAIjB,IAAIumH,EAAOj7G,EAAE9M,QAAQ4nH,aAAal7G,EAAG,EAAGb,GAClB,IAAlBk8G,EAAKxL,WACPzvG,EAAIi7G,EACAh7G,IACFA,EAAEyvG,MAAM3wG,GAAK,IAIjB,IAAK,IAAIuP,EAAIvP,EAAI,EAAGuP,GAAK,EAAGA,IAAK,CAC/B,IAAI4sG,EAAmC,UAAL,EAAxBl7G,EAAE0vG,MAAM9vG,EAAEjN,OAAS2b,KACE,EAA5BtO,EAAE0vG,MAAM9vG,EAAEjN,OAAS2b,EAAI,IAO1B,IAHA4sG,EAAK79G,KAAKoyC,IAAKyrE,EAAKF,EAAO,EAAG,UAE9Bh7G,EAAE86G,aAAal7G,EAAGs7G,EAAI5sG,GACA,IAAftO,EAAEyvG,UACPyL,IACAl7G,EAAEyvG,SAAW,EACbzvG,EAAE86G,aAAal7G,EAAG,EAAG0O,GAChBtO,EAAEb,WACLa,EAAEyvG,UAAY,GAGdxvG,IACFA,EAAEyvG,MAAMphG,GAAK4sG,GAajB,OAVIj7G,GACFA,EAAEowG,QAEJrwG,EAAEqwG,QAGW,QAAT3wF,GAA4B,IAAV7nB,GACpBmI,EAAE+xG,OAAOl6G,GAGJ,CACLsjH,IAAKl7G,GAAK,KACVhB,IAAKe,IAQTizC,EAAG1gD,UAAU6oH,OAAS,SAAiBviF,EAAKnZ,EAAM27F,GAGhD,OAFAtkF,GAAQ8B,EAAI15B,UAER5N,KAAK4N,SACA,CACLg8G,IAAK,IAAIloE,EAAG,GACZh0C,IAAK,IAAIg0C,EAAG,IAKM,IAAlB1hD,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,UAC7B3uG,EAAMvP,KAAKshH,MAAMuI,OAAOviF,EAAKnZ,GAEhB,QAATA,IACFy7F,EAAMr6G,EAAIq6G,IAAItI,OAGH,QAATnzF,IACFzgB,EAAM6B,EAAI7B,IAAI4zG,MACVwI,GAA6B,IAAjBp8G,EAAIwwG,UAClBxwG,EAAIT,KAAKq6B,IAIN,CACLsiF,IAAKA,EACLl8G,IAAKA,IAIa,IAAlB1N,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,UAC7B3uG,EAAMvP,KAAK6pH,OAAOviF,EAAIg6E,MAAOnzF,GAEhB,QAATA,IACFy7F,EAAMr6G,EAAIq6G,IAAItI,OAGT,CACLsI,IAAKA,EACLl8G,IAAK6B,EAAI7B,MAI0B,IAAlC1N,KAAKk+G,SAAW52E,EAAI42E,WACvB3uG,EAAMvP,KAAKshH,MAAMuI,OAAOviF,EAAIg6E,MAAOnzF,GAEtB,QAATA,IACFzgB,EAAM6B,EAAI7B,IAAI4zG,MACVwI,GAA6B,IAAjBp8G,EAAIwwG,UAClBxwG,EAAIP,KAAKm6B,IAIN,CACLsiF,IAAKr6G,EAAIq6G,IACTl8G,IAAKA,IAOL45B,EAAIlmC,OAASpB,KAAKoB,QAAUpB,KAAKy+G,IAAIn3E,GAAO,EACvC,CACLsiF,IAAK,IAAIloE,EAAG,GACZh0C,IAAK1N,MAKU,IAAfsnC,EAAIlmC,OACO,QAAT+sB,EACK,CACLy7F,IAAK5pH,KAAK+pH,KAAKziF,EAAI62E,MAAM,IACzBzwG,IAAK,MAII,QAATygB,EACK,CACLy7F,IAAK,KACLl8G,IAAK,IAAIg0C,EAAG1hD,KAAKggH,KAAK14E,EAAI62E,MAAM,MAI7B,CACLyL,IAAK5pH,KAAK+pH,KAAKziF,EAAI62E,MAAM,IACzBzwG,IAAK,IAAIg0C,EAAG1hD,KAAKggH,KAAK14E,EAAI62E,MAAM,MAI7Bn+G,KAAKwpH,SAASliF,EAAKnZ,GAlF1B,IAAIy7F,EAAKl8G,EAAK6B,GAsFhBmyC,EAAG1gD,UAAU4oH,IAAM,SAActiF,GAC/B,OAAOtnC,KAAK6pH,OAAOviF,EAAK,OAAO,GAAOsiF,KAIxCloE,EAAG1gD,UAAU0M,IAAM,SAAc45B,GAC/B,OAAOtnC,KAAK6pH,OAAOviF,EAAK,OAAO,GAAO55B,KAGxCg0C,EAAG1gD,UAAUgpH,KAAO,SAAe1iF,GACjC,OAAOtnC,KAAK6pH,OAAOviF,EAAK,OAAO,GAAM55B,KAIvCg0C,EAAG1gD,UAAUipH,SAAW,SAAmB3iF,GACzC,IAAI4iF,EAAKlqH,KAAK6pH,OAAOviF,GAGrB,GAAI4iF,EAAGx8G,IAAIE,SAAU,OAAOs8G,EAAGN,IAE/B,IAAIl8G,EAA0B,IAApBw8G,EAAGN,IAAI1L,SAAiBgM,EAAGx8G,IAAIP,KAAKm6B,GAAO4iF,EAAGx8G,IAEpDgqB,EAAO4P,EAAI2hF,MAAM,GACjBkB,EAAK7iF,EAAIi5E,MAAM,GACf9B,EAAM/wG,EAAI+wG,IAAI/mF,GAGlB,OAAI+mF,EAAM,GAAY,IAAP0L,GAAoB,IAAR1L,EAAkByL,EAAGN,IAGrB,IAApBM,EAAGN,IAAI1L,SAAiBgM,EAAGN,IAAIR,MAAM,GAAKc,EAAGN,IAAI5I,MAAM,IAGhEt/D,EAAG1gD,UAAUg/G,KAAO,SAAe14E,GACjC9B,EAAO8B,GAAO,UAId,IAHA,IAAI7U,GAAK,GAAK,IAAM6U,EAEhB8iF,EAAM,EACDjnH,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IACpCinH,GAAO33F,EAAI23F,GAAuB,EAAhBpqH,KAAKm+G,MAAMh7G,KAAWmkC,EAG1C,OAAO8iF,GAIT1oE,EAAG1gD,UAAUi/G,MAAQ,SAAgB34E,GACnC9B,EAAO8B,GAAO,UAGd,IADA,IAAIH,EAAQ,EACHhkC,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACzC,IAAIq0B,GAAqB,EAAhBx3B,KAAKm+G,MAAMh7G,IAAkB,SAARgkC,EAC9BnnC,KAAKm+G,MAAMh7G,GAAMq0B,EAAI8P,EAAO,EAC5BH,EAAQ3P,EAAI8P,EAGd,OAAOtnC,KAAK8+G,SAGdp9D,EAAG1gD,UAAU+oH,KAAO,SAAeziF,GACjC,OAAOtnC,KAAK2B,QAAQs+G,MAAM34E,IAG5Boa,EAAG1gD,UAAUqpH,KAAO,SAAe53F,GACjC+S,EAAsB,IAAf/S,EAAEyrF,UACT14E,GAAQ/S,EAAE7kB,UAEV,IAAIV,EAAIlN,KACJsO,EAAImkB,EAAE9wB,QAGRuL,EADiB,IAAfA,EAAEgxG,SACAhxG,EAAE88G,KAAKv3F,GAEPvlB,EAAEvL,QAaR,IATA,IAAI2rC,EAAI,IAAIoU,EAAG,GACXnU,EAAI,IAAImU,EAAG,GAGXxuB,EAAI,IAAIwuB,EAAG,GACXlU,EAAI,IAAIkU,EAAG,GAEX1c,EAAI,EAED93B,EAAEmC,UAAYf,EAAEe,UACrBnC,EAAEszG,OAAO,GACTlyG,EAAEkyG,OAAO,KACPx7E,EAMJ,IAHA,IAAIslF,EAAKh8G,EAAE3M,QACP4oH,EAAKr9G,EAAEvL,SAEHuL,EAAEU,UAAU,CAClB,IAAK,IAAIzK,EAAI,EAAGqnH,EAAK,EAAyB,IAArBt9G,EAAEixG,MAAM,GAAKqM,IAAarnH,EAAI,KAAMA,EAAGqnH,IAAO,GACvE,GAAIrnH,EAAI,EAEN,IADA+J,EAAEszG,OAAOr9G,GACFA,KAAM,IACPmqC,EAAEm9E,SAAWl9E,EAAEk9E,WACjBn9E,EAAErgC,KAAKq9G,GACP/8E,EAAEpgC,KAAKo9G,IAGTj9E,EAAEkzE,OAAO,GACTjzE,EAAEizE,OAAO,GAIb,IAAK,IAAIzjG,EAAI,EAAG2tG,EAAK,EAAyB,IAArBp8G,EAAE6vG,MAAM,GAAKuM,IAAa3tG,EAAI,KAAMA,EAAG2tG,IAAO,GACvE,GAAI3tG,EAAI,EAEN,IADAzO,EAAEkyG,OAAOzjG,GACFA,KAAM,IACPmW,EAAEu3F,SAAWj9E,EAAEi9E,WACjBv3F,EAAEjmB,KAAKq9G,GACP98E,EAAErgC,KAAKo9G,IAGTr3F,EAAEstF,OAAO,GACThzE,EAAEgzE,OAAO,GAITtzG,EAAEuxG,IAAInwG,IAAM,GACdpB,EAAEC,KAAKmB,GACPg/B,EAAEngC,KAAK+lB,GACPqa,EAAEpgC,KAAKqgC,KAEPl/B,EAAEnB,KAAKD,GACPgmB,EAAE/lB,KAAKmgC,GACPE,EAAErgC,KAAKogC,IAIX,MAAO,CACL9+B,EAAGykB,EACH7kB,EAAGm/B,EACHr/B,IAAKG,EAAEg6G,OAAOtjF,KAOlB0c,EAAG1gD,UAAU2pH,OAAS,SAAiBl4F,GACrC+S,EAAsB,IAAf/S,EAAEyrF,UACT14E,GAAQ/S,EAAE7kB,UAEV,IAAIa,EAAIzO,KACJqO,EAAIokB,EAAE9wB,QAGR8M,EADiB,IAAfA,EAAEyvG,SACAzvG,EAAEu7G,KAAKv3F,GAEPhkB,EAAE9M,QAQR,IALA,IAuCI4N,EAvCAub,EAAK,IAAI42B,EAAG,GACZ32B,EAAK,IAAI22B,EAAG,GAEZkpE,EAAQv8G,EAAE1M,QAEP8M,EAAEo8G,KAAK,GAAK,GAAKx8G,EAAEw8G,KAAK,GAAK,GAAG,CACrC,IAAK,IAAI1nH,EAAI,EAAGqnH,EAAK,EAAyB,IAArB/7G,EAAE0vG,MAAM,GAAKqM,IAAarnH,EAAI,KAAMA,EAAGqnH,IAAO,GACvE,GAAIrnH,EAAI,EAEN,IADAsL,EAAE+xG,OAAOr9G,GACFA,KAAM,GACP2nB,EAAG2/F,SACL3/F,EAAG7d,KAAK29G,GAGV9/F,EAAG01F,OAAO,GAId,IAAK,IAAIzjG,EAAI,EAAG2tG,EAAK,EAAyB,IAArBr8G,EAAE8vG,MAAM,GAAKuM,IAAa3tG,EAAI,KAAMA,EAAG2tG,IAAO,GACvE,GAAI3tG,EAAI,EAEN,IADA1O,EAAEmyG,OAAOzjG,GACFA,KAAM,GACPgO,EAAG0/F,SACL1/F,EAAG9d,KAAK29G,GAGV7/F,EAAGy1F,OAAO,GAIV/xG,EAAEgwG,IAAIpwG,IAAM,GACdI,EAAEtB,KAAKkB,GACPyc,EAAG3d,KAAK4d,KAER1c,EAAElB,KAAKsB,GACPsc,EAAG5d,KAAK2d,IAeZ,OATEvb,EADgB,IAAdd,EAAEo8G,KAAK,GACH//F,EAEAC,GAGA8/F,KAAK,GAAK,GAChBt7G,EAAItC,KAAKwlB,GAGJljB,GAGTmyC,EAAG1gD,UAAUmN,IAAM,SAAcm5B,GAC/B,GAAItnC,KAAK4N,SAAU,OAAO05B,EAAIh4B,MAC9B,GAAIg4B,EAAI15B,SAAU,OAAO5N,KAAKsP,MAE9B,IAAIb,EAAIzO,KAAK2B,QACT0M,EAAIi5B,EAAI3lC,QACZ8M,EAAEyvG,SAAW,EACb7vG,EAAE6vG,SAAW,EAGb,IAAK,IAAI53G,EAAQ,EAAGmI,EAAEY,UAAYhB,EAAEgB,SAAU/I,IAC5CmI,EAAE+xG,OAAO,GACTnyG,EAAEmyG,OAAO,GAGX,OAAG,CACD,KAAO/xG,EAAEY,UACPZ,EAAE+xG,OAAO,GAEX,KAAOnyG,EAAEgB,UACPhB,EAAEmyG,OAAO,GAGX,IAAIzyG,EAAIU,EAAEgwG,IAAIpwG,GACd,GAAIN,EAAI,EAAG,CAET,IAAIsQ,EAAI5P,EACRA,EAAIJ,EACJA,EAAIgQ,OACC,GAAU,IAANtQ,GAAyB,IAAdM,EAAEw8G,KAAK,GAC3B,MAGFp8G,EAAEtB,KAAKkB,GAGT,OAAOA,EAAEi6G,OAAOhiH,IAIlBo7C,EAAG1gD,UAAU8pH,KAAO,SAAexjF,GACjC,OAAOtnC,KAAKqqH,KAAK/iF,GAAK74B,EAAEu7G,KAAK1iF,IAG/Boa,EAAG1gD,UAAUqO,OAAS,WACpB,OAA+B,IAAP,EAAhBrP,KAAKm+G,MAAM,KAGrBz8D,EAAG1gD,UAAUypH,MAAQ,WACnB,OAA+B,IAAP,EAAhBzqH,KAAKm+G,MAAM,KAIrBz8D,EAAG1gD,UAAUu/G,MAAQ,SAAgBj5E,GACnC,OAAOtnC,KAAKm+G,MAAM,GAAK72E,GAIzBoa,EAAG1gD,UAAU+pH,MAAQ,SAAgB5I,GACnC38E,EAAsB,iBAAR28E,GACd,IAAIp0G,EAAIo0G,EAAM,GACVlkG,GAAKkkG,EAAMp0G,GAAK,GAChBW,EAAI,GAAKX,EAGb,GAAI/N,KAAKoB,QAAU6c,EAGjB,OAFAje,KAAKm/G,QAAQlhG,EAAI,GACjBje,KAAKm+G,MAAMlgG,IAAMvP,EACV1O,KAKT,IADA,IAAImnC,EAAQz4B,EACHvL,EAAI8a,EAAa,IAAVkpB,GAAehkC,EAAInD,KAAKoB,OAAQ+B,IAAK,CACnD,IAAIq0B,EAAoB,EAAhBx3B,KAAKm+G,MAAMh7G,GAEnBgkC,GADA3P,GAAK2P,KACS,GACd3P,GAAK,SACLx3B,KAAKm+G,MAAMh7G,GAAKq0B,EAMlB,OAJc,IAAV2P,IACFnnC,KAAKm+G,MAAMh7G,GAAKgkC,EAChBnnC,KAAKoB,UAEApB,MAGT0hD,EAAG1gD,UAAU4M,OAAS,WACpB,OAAuB,IAAhB5N,KAAKoB,QAAkC,IAAlBpB,KAAKm+G,MAAM,IAGzCz8D,EAAG1gD,UAAU6pH,KAAO,SAAevjF,GACjC,IAOI/3B,EAPA2uG,EAAW52E,EAAM,EAErB,GAAsB,IAAlBtnC,KAAKk+G,WAAmBA,EAAU,OAAQ,EAC9C,GAAsB,IAAlBl+G,KAAKk+G,UAAkBA,EAAU,OAAO,EAK5C,GAHAl+G,KAAK8+G,QAGD9+G,KAAKoB,OAAS,EAChBmO,EAAM,MACD,CACD2uG,IACF52E,GAAOA,GAGT9B,EAAO8B,GAAO,SAAW,qBAEzB,IAAI9P,EAAoB,EAAhBx3B,KAAKm+G,MAAM,GACnB5uG,EAAMioB,IAAM8P,EAAM,EAAI9P,EAAI8P,GAAO,EAAI,EAEvC,OAAsB,IAAlBtnC,KAAKk+G,SAA8B,GAAN3uG,EAC1BA,GAOTmyC,EAAG1gD,UAAUy9G,IAAM,SAAcn3E,GAC/B,GAAsB,IAAlBtnC,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,SAAgB,OAAQ,EACvD,GAAsB,IAAlBl+G,KAAKk+G,UAAmC,IAAjB52E,EAAI42E,SAAgB,OAAO,EAEtD,IAAI3uG,EAAMvP,KAAKgrH,KAAK1jF,GACpB,OAAsB,IAAlBtnC,KAAKk+G,SAA8B,GAAN3uG,EAC1BA,GAITmyC,EAAG1gD,UAAUgqH,KAAO,SAAe1jF,GAEjC,GAAItnC,KAAKoB,OAASkmC,EAAIlmC,OAAQ,OAAO,EACrC,GAAIpB,KAAKoB,OAASkmC,EAAIlmC,OAAQ,OAAQ,EAGtC,IADA,IAAImO,EAAM,EACDpM,EAAInD,KAAKoB,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CACzC,IAAIsL,EAAoB,EAAhBzO,KAAKm+G,MAAMh7G,GACfkL,EAAmB,EAAfi5B,EAAI62E,MAAMh7G,GAElB,GAAIsL,IAAMJ,EAAV,CACII,EAAIJ,EACNkB,GAAO,EACEd,EAAIJ,IACbkB,EAAM,GAER,OAEF,OAAOA,GAGTmyC,EAAG1gD,UAAUiqH,IAAM,SAAc3jF,GAC/B,OAA0B,IAAnBtnC,KAAK6qH,KAAKvjF,IAGnBoa,EAAG1gD,UAAUmO,GAAK,SAAam4B,GAC7B,OAAyB,IAAlBtnC,KAAKy+G,IAAIn3E,IAGlBoa,EAAG1gD,UAAUkqH,KAAO,SAAe5jF,GACjC,OAAOtnC,KAAK6qH,KAAKvjF,IAAQ,GAG3Boa,EAAG1gD,UAAUoO,IAAM,SAAck4B,GAC/B,OAAOtnC,KAAKy+G,IAAIn3E,IAAQ,GAG1Boa,EAAG1gD,UAAUmqH,IAAM,SAAc7jF,GAC/B,OAA2B,IAApBtnC,KAAK6qH,KAAKvjF,IAGnBoa,EAAG1gD,UAAUiO,GAAK,SAAaq4B,GAC7B,OAA0B,IAAnBtnC,KAAKy+G,IAAIn3E,IAGlBoa,EAAG1gD,UAAUoqH,KAAO,SAAe9jF,GACjC,OAAOtnC,KAAK6qH,KAAKvjF,IAAQ,GAG3Boa,EAAG1gD,UAAUkO,IAAM,SAAco4B,GAC/B,OAAOtnC,KAAKy+G,IAAIn3E,IAAQ,GAG1Boa,EAAG1gD,UAAUqqH,IAAM,SAAc/jF,GAC/B,OAA0B,IAAnBtnC,KAAK6qH,KAAKvjF,IAGnBoa,EAAG1gD,UAAUuoD,GAAK,SAAajiB,GAC7B,OAAyB,IAAlBtnC,KAAKy+G,IAAIn3E,IAOlBoa,EAAG08D,IAAM,SAAc92E,GACrB,OAAO,IAAIgkF,EAAIhkF,IAGjBoa,EAAG1gD,UAAUuqH,MAAQ,SAAgBC,GAGnC,OAFAhmF,GAAQxlC,KAAKo+G,IAAK,yCAClB54E,EAAyB,IAAlBxlC,KAAKk+G,SAAgB,iCACrBsN,EAAIC,UAAUzrH,MAAM0rH,UAAUF,IAGvC9pE,EAAG1gD,UAAU2qH,QAAU,WAErB,OADAnmF,EAAOxlC,KAAKo+G,IAAK,wDACVp+G,KAAKo+G,IAAIwN,YAAY5rH,OAG9B0hD,EAAG1gD,UAAU0qH,UAAY,SAAoBF,GAE3C,OADAxrH,KAAKo+G,IAAMoN,EACJxrH,MAGT0hD,EAAG1gD,UAAU6qH,SAAW,SAAmBL,GAEzC,OADAhmF,GAAQxlC,KAAKo+G,IAAK,yCACXp+G,KAAK0rH,UAAUF,IAGxB9pE,EAAG1gD,UAAU8qH,OAAS,SAAiBxkF,GAErC,OADA9B,EAAOxlC,KAAKo+G,IAAK,sCACVp+G,KAAKo+G,IAAI/3G,IAAIrG,KAAMsnC,IAG5Boa,EAAG1gD,UAAU+qH,QAAU,SAAkBzkF,GAEvC,OADA9B,EAAOxlC,KAAKo+G,IAAK,uCACVp+G,KAAKo+G,IAAInxG,KAAKjN,KAAMsnC,IAG7Boa,EAAG1gD,UAAUgrH,OAAS,SAAiB1kF,GAErC,OADA9B,EAAOxlC,KAAKo+G,IAAK,sCACVp+G,KAAKo+G,IAAIhxG,IAAIpN,KAAMsnC,IAG5Boa,EAAG1gD,UAAUirH,QAAU,SAAkB3kF,GAEvC,OADA9B,EAAOxlC,KAAKo+G,IAAK,uCACVp+G,KAAKo+G,IAAIjxG,KAAKnN,KAAMsnC,IAG7Boa,EAAG1gD,UAAUkrH,OAAS,SAAiB5kF,GAErC,OADA9B,EAAOxlC,KAAKo+G,IAAK,sCACVp+G,KAAKo+G,IAAI+N,IAAInsH,KAAMsnC,IAG5Boa,EAAG1gD,UAAUorH,OAAS,SAAiB9kF,GAGrC,OAFA9B,EAAOxlC,KAAKo+G,IAAK,sCACjBp+G,KAAKo+G,IAAIiO,SAASrsH,KAAMsnC,GACjBtnC,KAAKo+G,IAAI9wG,IAAItN,KAAMsnC,IAG5Boa,EAAG1gD,UAAUsrH,QAAU,SAAkBhlF,GAGvC,OAFA9B,EAAOxlC,KAAKo+G,IAAK,sCACjBp+G,KAAKo+G,IAAIiO,SAASrsH,KAAMsnC,GACjBtnC,KAAKo+G,IAAI/wG,KAAKrN,KAAMsnC,IAG7Boa,EAAG1gD,UAAUurH,OAAS,WAGpB,OAFA/mF,EAAOxlC,KAAKo+G,IAAK,sCACjBp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAI+J,IAAInoH,OAGtB0hD,EAAG1gD,UAAUyrH,QAAU,WAGrB,OAFAjnF,EAAOxlC,KAAKo+G,IAAK,uCACjBp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAIgK,KAAKpoH,OAIvB0hD,EAAG1gD,UAAU0rH,QAAU,WAGrB,OAFAlnF,EAAOxlC,KAAKo+G,IAAK,uCACjBp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAIuO,KAAK3sH,OAGvB0hD,EAAG1gD,UAAU4rH,QAAU,WAGrB,OAFApnF,EAAOxlC,KAAKo+G,IAAK,uCACjBp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAI0M,KAAK9qH,OAIvB0hD,EAAG1gD,UAAU6rH,OAAS,WAGpB,OAFArnF,EAAOxlC,KAAKo+G,IAAK,sCACjBp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAIkD,IAAIthH,OAGtB0hD,EAAG1gD,UAAU8rH,OAAS,SAAiBxlF,GAGrC,OAFA9B,EAAOxlC,KAAKo+G,MAAQ92E,EAAI82E,IAAK,qBAC7Bp+G,KAAKo+G,IAAIoO,SAASxsH,MACXA,KAAKo+G,IAAIlsE,IAAIlyC,KAAMsnC,IAI5B,IAAIylF,EAAS,CACXC,KAAM,KACNC,KAAM,KACNC,KAAM,KACNC,OAAQ,MAIV,SAASC,EAAQ9hH,EAAMmnB,GAErBzyB,KAAKsL,KAAOA,EACZtL,KAAKyyB,EAAI,IAAIivB,EAAGjvB,EAAG,IACnBzyB,KAAKwM,EAAIxM,KAAKyyB,EAAE5iB,YAChB7P,KAAKqc,EAAI,IAAIqlC,EAAG,GAAG4mE,OAAOtoH,KAAKwM,GAAGW,KAAKnN,KAAKyyB,GAE5CzyB,KAAK2O,IAAM3O,KAAKqtH,OA2ClB,SAASC,IACPF,EAAOtsH,KACLd,KACA,OACA,2EA+DJ,SAASutH,IACPH,EAAOtsH,KACLd,KACA,OACA,kEAIJ,SAASwtH,IACPJ,EAAOtsH,KACLd,KACA,OACA,yDAIJ,SAASytH,IAEPL,EAAOtsH,KACLd,KACA,QACA,uEA8CJ,SAASsrH,EAAK99G,GACZ,GAAiB,iBAANA,EAAgB,CACzB,IAAIkgH,EAAQhsE,EAAGisE,OAAOngH,GACtBxN,KAAKwN,EAAIkgH,EAAMj7F,EACfzyB,KAAK0tH,MAAQA,OAEbloF,EAAOh4B,EAAEy9G,IAAI,GAAI,kCACjBjrH,KAAKwN,EAAIA,EACTxN,KAAK0tH,MAAQ,KAkOjB,SAASE,EAAMpgH,GACb89G,EAAIxqH,KAAKd,KAAMwN,GAEfxN,KAAKsG,MAAQtG,KAAKwN,EAAEqC,YAChB7P,KAAKsG,MAAQ,IAAO,IACtBtG,KAAKsG,OAAS,GAAMtG,KAAKsG,MAAQ,IAGnCtG,KAAK+N,EAAI,IAAI2zC,EAAG,GAAG4mE,OAAOtoH,KAAKsG,OAC/BtG,KAAKmqH,GAAKnqH,KAAKuN,KAAKvN,KAAK+N,EAAEo6G,OAC3BnoH,KAAK6tH,KAAO7tH,KAAK+N,EAAE48G,OAAO3qH,KAAKwN,GAE/BxN,KAAK8tH,KAAO9tH,KAAK6tH,KAAKvgH,IAAItN,KAAK+N,GAAGq7G,MAAM,GAAGQ,IAAI5pH,KAAKwN,GACpDxN,KAAK8tH,KAAO9tH,KAAK8tH,KAAK9D,KAAKhqH,KAAK+N,GAChC/N,KAAK8tH,KAAO9tH,KAAK+N,EAAEX,IAAIpN,KAAK8tH,MAta9BV,EAAOpsH,UAAUqsH,KAAO,WACtB,IAAI1+G,EAAM,IAAI+yC,EAAG,MAEjB,OADA/yC,EAAIwvG,MAAYt+G,MAAMiM,KAAKmQ,KAAKjc,KAAKwM,EAAI,KAClCmC,GAGTy+G,EAAOpsH,UAAU+sH,QAAU,SAAkBzmF,GAG3C,IACI/U,EADAxkB,EAAIu5B,EAGR,GACEtnC,KAAKogB,MAAMrS,EAAG/N,KAAK2O,KAGnB4jB,GADAxkB,GADAA,EAAI/N,KAAKguH,MAAMjgH,IACTd,KAAKjN,KAAK2O,MACPkB,kBACF0iB,EAAOvyB,KAAKwM,GAErB,IAAIiyG,EAAMlsF,EAAOvyB,KAAKwM,GAAK,EAAIuB,EAAEi9G,KAAKhrH,KAAKyyB,GAU3C,OATY,IAARgsF,GACF1wG,EAAEowG,MAAM,GAAK,EACbpwG,EAAE3M,OAAS,GACFq9G,EAAM,EACf1wG,EAAEZ,KAAKnN,KAAKyyB,GAEZ1kB,EAAE+wG,QAGG/wG,GAGTq/G,EAAOpsH,UAAUof,MAAQ,SAAgB9f,EAAOo/G,GAC9Cp/G,EAAMkgH,OAAOxgH,KAAKwM,EAAG,EAAGkzG,IAG1B0N,EAAOpsH,UAAUgtH,MAAQ,SAAgB1mF,GACvC,OAAOA,EAAIj6B,KAAKrN,KAAKqc,IASvB8pB,EAASmnF,EAAMF,GAEfE,EAAKtsH,UAAUof,MAAQ,SAAgB9f,EAAO2J,GAK5C,IAHA,IAAIgoC,EAAO,QAEP4b,EAAS/hD,KAAKoyC,IAAI59C,EAAMc,OAAQ,GAC3B+B,EAAI,EAAGA,EAAI0qD,EAAQ1qD,IAC1B8G,EAAOk0G,MAAMh7G,GAAK7C,EAAM69G,MAAMh7G,GAIhC,GAFA8G,EAAO7I,OAASysD,EAEZvtD,EAAMc,QAAU,EAGlB,OAFAd,EAAM69G,MAAM,GAAK,OACjB79G,EAAMc,OAAS,GAKjB,IAAIsH,EAAOpI,EAAM69G,MAAM,GAGvB,IAFAl0G,EAAOk0G,MAAMl0G,EAAO7I,UAAYsH,EAAOupC,EAElC9uC,EAAI,GAAIA,EAAI7C,EAAMc,OAAQ+B,IAAK,CAClC,IAAIsgE,EAAwB,EAAjBnjE,EAAM69G,MAAMh7G,GACvB7C,EAAM69G,MAAMh7G,EAAI,KAAQsgE,EAAOxxB,IAAS,EAAMvpC,IAAS,GACvDA,EAAO+6D,EAET/6D,KAAU,GACVpI,EAAM69G,MAAMh7G,EAAI,IAAMuF,EACT,IAATA,GAAcpI,EAAMc,OAAS,GAC/Bd,EAAMc,QAAU,GAEhBd,EAAMc,QAAU,GAIpBksH,EAAKtsH,UAAUgtH,MAAQ,SAAgB1mF,GAErCA,EAAI62E,MAAM72E,EAAIlmC,QAAU,EACxBkmC,EAAI62E,MAAM72E,EAAIlmC,OAAS,GAAK,EAC5BkmC,EAAIlmC,QAAU,EAId,IADA,IAAIklC,EAAK,EACAnjC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CACnC,IAAIq0B,EAAmB,EAAf8P,EAAI62E,MAAMh7G,GAClBmjC,GAAU,IAAJ9O,EACN8P,EAAI62E,MAAMh7G,GAAU,SAALmjC,EACfA,EAAS,GAAJ9O,GAAa8O,EAAK,SAAa,GAUtC,OANkC,IAA9BgB,EAAI62E,MAAM72E,EAAIlmC,OAAS,KACzBkmC,EAAIlmC,SAC8B,IAA9BkmC,EAAI62E,MAAM72E,EAAIlmC,OAAS,IACzBkmC,EAAIlmC,UAGDkmC,GASTnB,EAASonF,EAAMH,GAQfjnF,EAASqnF,EAAMJ,GASfjnF,EAASsnF,EAAQL,GAEjBK,EAAOzsH,UAAUgtH,MAAQ,SAAgB1mF,GAGvC,IADA,IAAIH,EAAQ,EACHhkC,EAAI,EAAGA,EAAImkC,EAAIlmC,OAAQ+B,IAAK,CACnC,IAAIkjC,EAA0B,IAAL,EAAfiB,EAAI62E,MAAMh7G,IAAiBgkC,EACjCb,EAAU,SAALD,EACTA,KAAQ,GAERiB,EAAI62E,MAAMh7G,GAAKmjC,EACfa,EAAQd,EAKV,OAHc,IAAVc,IACFG,EAAI62E,MAAM72E,EAAIlmC,UAAY+lC,GAErBG,GAIToa,EAAGisE,OAAS,SAAgBriH,GAE1B,GAAIyhH,EAAOzhH,GAAO,OAAOyhH,EAAOzhH,GAEhC,IAAIoiH,EACJ,GAAa,SAATpiH,EACFoiH,EAAQ,IAAIJ,OACP,GAAa,SAAThiH,EACToiH,EAAQ,IAAIH,OACP,GAAa,SAATjiH,EACToiH,EAAQ,IAAIF,MACP,IAAa,WAATliH,EAGT,MAAUlI,MAAM,iBAAmBkI,GAFnCoiH,EAAQ,IAAID,EAMd,OAFAV,EAAOzhH,GAAQoiH,EAERA,GAkBTpC,EAAItqH,UAAUwrH,SAAW,SAAmB/9G,GAC1C+2B,EAAsB,IAAf/2B,EAAEyvG,SAAgB,iCACzB14E,EAAO/2B,EAAE2vG,IAAK,oCAGhBkN,EAAItqH,UAAUqrH,SAAW,SAAmB59G,EAAGJ,GAC7Cm3B,EAAqC,IAA7B/2B,EAAEyvG,SAAW7vG,EAAE6vG,UAAiB,iCACxC14E,EAAO/2B,EAAE2vG,KAAO3vG,EAAE2vG,MAAQ/vG,EAAE+vG,IAC1B,oCAGJkN,EAAItqH,UAAUuM,KAAO,SAAekB,GAClC,OAAIzO,KAAK0tH,MAAc1tH,KAAK0tH,MAAMK,QAAQt/G,GAAGi9G,UAAU1rH,MAChDyO,EAAEu7G,KAAKhqH,KAAKwN,GAAGk+G,UAAU1rH,OAGlCsrH,EAAItqH,UAAUsgH,IAAM,SAAc7yG,GAChC,OAAIA,EAAEb,SACGa,EAAE9M,QAGJ3B,KAAKwN,EAAEJ,IAAIqB,GAAGi9G,UAAU1rH,OAGjCsrH,EAAItqH,UAAUqF,IAAM,SAAcoI,EAAGJ,GACnCrO,KAAKqsH,SAAS59G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEpI,IAAIgI,GAIhB,OAHIkB,EAAIkvG,IAAIz+G,KAAKwN,IAAM,GACrB+B,EAAIpC,KAAKnN,KAAKwN,GAET+B,EAAIm8G,UAAU1rH,OAGvBsrH,EAAItqH,UAAUiM,KAAO,SAAewB,EAAGJ,GACrCrO,KAAKqsH,SAAS59G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAExB,KAAKoB,GAIjB,OAHIkB,EAAIkvG,IAAIz+G,KAAKwN,IAAM,GACrB+B,EAAIpC,KAAKnN,KAAKwN,GAET+B,GAGT+7G,EAAItqH,UAAUoM,IAAM,SAAcqB,EAAGJ,GACnCrO,KAAKqsH,SAAS59G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAErB,IAAIiB,GAIhB,OAHIkB,EAAIs7G,KAAK,GAAK,GAChBt7G,EAAItC,KAAKjN,KAAKwN,GAET+B,EAAIm8G,UAAU1rH,OAGvBsrH,EAAItqH,UAAUmM,KAAO,SAAesB,EAAGJ,GACrCrO,KAAKqsH,SAAS59G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEtB,KAAKkB,GAIjB,OAHIkB,EAAIs7G,KAAK,GAAK,GAChBt7G,EAAItC,KAAKjN,KAAKwN,GAET+B,GAGT+7G,EAAItqH,UAAUmrH,IAAM,SAAc19G,EAAG64B,GAEnC,OADAtnC,KAAKwsH,SAAS/9G,GACPzO,KAAKuN,KAAKkB,EAAEs6G,MAAMzhF,KAG3BgkF,EAAItqH,UAAUqM,KAAO,SAAeoB,EAAGJ,GAErC,OADArO,KAAKqsH,SAAS59G,EAAGJ,GACVrO,KAAKuN,KAAKkB,EAAEpB,KAAKgB,KAG1Bi9G,EAAItqH,UAAUsM,IAAM,SAAcmB,EAAGJ,GAEnC,OADArO,KAAKqsH,SAAS59G,EAAGJ,GACVrO,KAAKuN,KAAKkB,EAAEnB,IAAIe,KAGzBi9G,EAAItqH,UAAUonH,KAAO,SAAe35G,GAClC,OAAOzO,KAAKqN,KAAKoB,EAAGA,EAAE9M,UAGxB2pH,EAAItqH,UAAUmnH,IAAM,SAAc15G,GAChC,OAAOzO,KAAKsN,IAAImB,EAAGA,IAGrB68G,EAAItqH,UAAU2rH,KAAO,SAAel+G,GAClC,GAAIA,EAAEb,SAAU,OAAOa,EAAE9M,QAEzB,IAAIssH,EAAOjuH,KAAKwN,EAAE+yG,MAAM,GAIxB,GAHA/6E,EAAOyoF,EAAO,GAAM,GAGP,IAATA,EAAY,CACd,IAAI/7E,EAAMlyC,KAAKwN,EAAEnH,IAAI,IAAIq7C,EAAG,IAAI8+D,OAAO,GACvC,OAAOxgH,KAAKkyC,IAAIzjC,EAAGyjC,GAQrB,IAFA,IAAIxjC,EAAI1O,KAAKwN,EAAEs0C,KAAK,GAChB7jC,EAAI,GACAvP,EAAEd,UAA2B,IAAfc,EAAE6xG,MAAM,IAC5BtiG,IACAvP,EAAE8xG,OAAO,GAEXh7E,GAAQ92B,EAAEd,UAEV,IAAImC,EAAM,IAAI2xC,EAAG,GAAG6pE,MAAMvrH,MACtBkuH,EAAOn+G,EAAI88G,SAIXsB,EAAOnuH,KAAKwN,EAAEs0C,KAAK,GAAG0+D,OAAO,GAC7Bj4E,EAAIvoC,KAAKwN,EAAEqC,YAGf,IAFA04B,EAAI,IAAImZ,EAAG,EAAInZ,EAAIA,GAAGgjF,MAAMvrH,MAEW,IAAhCA,KAAKkyC,IAAI3J,EAAG4lF,GAAM1P,IAAIyP,IAC3B3lF,EAAEwjF,QAAQmC,GAOZ,IAJA,IAAI1xG,EAAIxc,KAAKkyC,IAAI3J,EAAG75B,GAChBX,EAAI/N,KAAKkyC,IAAIzjC,EAAGC,EAAE26G,KAAK,GAAG7I,OAAO,IACjCniG,EAAIre,KAAKkyC,IAAIzjC,EAAGC,GAChBlB,EAAIyQ,EACc,IAAfI,EAAEogG,IAAI1uG,IAAY,CAEvB,IADA,IAAIpB,EAAM0P,EACDlb,EAAI,EAAoB,IAAjBwL,EAAI8vG,IAAI1uG,GAAY5M,IAClCwL,EAAMA,EAAI49G,SAEZ/mF,EAAOriC,EAAIqK,GACX,IAAIa,EAAIrO,KAAKkyC,IAAI11B,EAAG,IAAIklC,EAAG,GAAG4mE,OAAO96G,EAAIrK,EAAI,IAE7C4K,EAAIA,EAAEq+G,OAAO/9G,GACbmO,EAAInO,EAAEk+G,SACNluG,EAAIA,EAAE+tG,OAAO5vG,GACbhP,EAAIrK,EAGN,OAAO4K,GAGTu9G,EAAItqH,UAAU8pH,KAAO,SAAer8G,GAClC,IAAI2/G,EAAM3/G,EAAEk8G,OAAO3qH,KAAKwN,GACxB,OAAqB,IAAjB4gH,EAAIlQ,UACNkQ,EAAIlQ,SAAW,EACRl+G,KAAKuN,KAAK6gH,GAAKvB,UAEf7sH,KAAKuN,KAAK6gH,IAIrB9C,EAAItqH,UAAUkxC,IAAM,SAAczjC,EAAG64B,GACnC,GAAIA,EAAI15B,SAAU,OAAO,IAAI8zC,EAAG,GAAG6pE,MAAMvrH,MACzC,GAAoB,IAAhBsnC,EAAIujF,KAAK,GAAU,OAAOp8G,EAAE9M,QAEhC,IACI0sH,EAAUxuH,MAAM,IACpBwuH,EAAI,GAAK,IAAI3sE,EAAG,GAAG6pE,MAAMvrH,MACzBquH,EAAI,GAAK5/G,EACT,IAAK,IAAItL,EAAI,EAAGA,EAAIkrH,EAAIjtH,OAAQ+B,IAC9BkrH,EAAIlrH,GAAKnD,KAAKsN,IAAI+gH,EAAIlrH,EAAI,GAAIsL,GAGhC,IAAIc,EAAM8+G,EAAI,GACV98C,EAAU,EACV+8C,EAAa,EACbtqH,EAAQsjC,EAAIz3B,YAAc,GAK9B,IAJc,IAAV7L,IACFA,EAAQ,IAGLb,EAAImkC,EAAIlmC,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CAEpC,IADA,IAAIujC,EAAOY,EAAI62E,MAAMh7G,GACZ4Z,EAAI/Y,EAAQ,EAAG+Y,GAAK,EAAGA,IAAK,CACnC,IAAIolG,EAAOz7E,GAAQ3pB,EAAK,EACpBxN,IAAQ8+G,EAAI,KACd9+G,EAAMvP,KAAKmoH,IAAI54G,IAGL,IAAR4yG,GAAyB,IAAZ5wC,GAKjBA,IAAY,EACZA,GAAW4wC,GA9BE,MA+BbmM,GACwC,IAANnrH,GAAiB,IAAN4Z,KAE7CxN,EAAMvP,KAAKsN,IAAIiC,EAAK8+G,EAAI98C,IACxB+8C,EAAa,EACb/8C,EAAU,IAXR+8C,EAAa,EAajBtqH,EAAQ,GAGV,OAAOuL,GAGT+7G,EAAItqH,UAAUyqH,UAAY,SAAoBnkF,GAC5C,IAAIv5B,EAAIu5B,EAAI0iF,KAAKhqH,KAAKwN,GAEtB,OAAOO,IAAMu5B,EAAMv5B,EAAEpM,QAAUoM,GAGjCu9G,EAAItqH,UAAU4qH,YAAc,SAAsBtkF,GAChD,IAAI/3B,EAAM+3B,EAAI3lC,QAEd,OADA4N,EAAI6uG,IAAM,KACH7uG,GAOTmyC,EAAG6sE,KAAO,SAAejnF,GACvB,OAAO,IAAIsmF,EAAKtmF,IAmBlBnB,EAASynF,EAAMtC,GAEfsC,EAAK5sH,UAAUyqH,UAAY,SAAoBnkF,GAC7C,OAAOtnC,KAAKuN,KAAK+5B,EAAIyhF,MAAM/oH,KAAKsG,SAGlCsnH,EAAK5sH,UAAU4qH,YAAc,SAAsBtkF,GACjD,IAAIv5B,EAAI/N,KAAKuN,KAAK+5B,EAAIh6B,IAAItN,KAAK6tH,OAE/B,OADA9/G,EAAEqwG,IAAM,KACDrwG,GAGT6/G,EAAK5sH,UAAUqM,KAAO,SAAeoB,EAAGJ,GACtC,GAAII,EAAEb,UAAYS,EAAET,SAGlB,OAFAa,EAAE0vG,MAAM,GAAK,EACb1vG,EAAErN,OAAS,EACJqN,EAGT,IAAI4P,EAAI5P,EAAEpB,KAAKgB,GACXmO,EAAI6B,EAAE8qG,MAAMnpH,KAAKsG,OAAOgH,IAAItN,KAAK8tH,MAAM5E,OAAOlpH,KAAKsG,OAAOgH,IAAItN,KAAKwN,GACnE0sB,EAAI7b,EAAElR,KAAKqP,GAAGgkG,OAAOxgH,KAAKsG,OAC1BiJ,EAAM2qB,EAQV,OANIA,EAAEukF,IAAIz+G,KAAKwN,IAAM,EACnB+B,EAAM2qB,EAAE/sB,KAAKnN,KAAKwN,GACT0sB,EAAE2wF,KAAK,GAAK,IACrBt7G,EAAM2qB,EAAEjtB,KAAKjN,KAAKwN,IAGb+B,EAAIm8G,UAAU1rH,OAGvB4tH,EAAK5sH,UAAUsM,IAAM,SAAcmB,EAAGJ,GACpC,GAAII,EAAEb,UAAYS,EAAET,SAAU,OAAO,IAAI8zC,EAAG,GAAGgqE,UAAU1rH,MAEzD,IAAIqe,EAAI5P,EAAEnB,IAAIe,GACVmO,EAAI6B,EAAE8qG,MAAMnpH,KAAKsG,OAAOgH,IAAItN,KAAK8tH,MAAM5E,OAAOlpH,KAAKsG,OAAOgH,IAAItN,KAAKwN,GACnE0sB,EAAI7b,EAAElR,KAAKqP,GAAGgkG,OAAOxgH,KAAKsG,OAC1BiJ,EAAM2qB,EAOV,OANIA,EAAEukF,IAAIz+G,KAAKwN,IAAM,EACnB+B,EAAM2qB,EAAE/sB,KAAKnN,KAAKwN,GACT0sB,EAAE2wF,KAAK,GAAK,IACrBt7G,EAAM2qB,EAAEjtB,KAAKjN,KAAKwN,IAGb+B,EAAIm8G,UAAU1rH,OAGvB4tH,EAAK5sH,UAAU8pH,KAAO,SAAer8G,GAGnC,OADUzO,KAAKuN,KAAKkB,EAAEk8G,OAAO3qH,KAAKwN,GAAGF,IAAItN,KAAKmqH,KACnCuB,UAAU1rH,MAExB,CAl2GD,CAk2GoC2lC,EAAQ3lC,qFCr1G7B,MAAMuM,GAMnBzM,YAAY0M,GACV,QAAUvL,IAANuL,EACF,MAAUpJ,MAAM,4BAGlBpD,KAAKqB,MAAQ,IAAIqgD,GAAGl1C,GAGtB7K,QACE,MAAMA,EAAQ,IAAI4K,GAAW,MAE7B,OADAvM,KAAKqB,MAAM2pE,KAAKrpE,EAAMN,OACfM,EAMTkL,OAEE,OADA7M,KAAKqB,MAAM4L,KAAK,IAAIy0C,GAAG,IAChB1hD,KAOT8M,MACE,OAAO9M,KAAK2B,QAAQkL,OAMtBE,OAEE,OADA/M,KAAKqB,MAAM8L,KAAK,IAAIu0C,GAAG,IAChB1hD,KAOTgN,MACE,OAAOhN,KAAK2B,QAAQoL,OAQtBE,KAAKC,GAEH,OADAlN,KAAKqB,MAAM4L,KAAKC,EAAE7L,OACXrB,KAQTqG,IAAI6G,GACF,OAAOlN,KAAK2B,QAAQsL,KAAKC,GAO3BC,KAAKD,GAEH,OADAlN,KAAKqB,MAAM8L,KAAKD,EAAE7L,OACXrB,KAQToN,IAAIF,GACF,OAAOlN,KAAK2B,QAAQwL,KAAKD,GAO3BG,KAAKH,GAEH,OADAlN,KAAKqB,MAAMgM,KAAKH,EAAE7L,OACXrB,KAQTsN,IAAIJ,GACF,OAAOlN,KAAK2B,QAAQ0L,KAAKH,GAO3BK,KAAKC,GAEH,OADAxN,KAAKqB,MAAQrB,KAAKqB,MAAM2oH,KAAKx8G,EAAEnM,OACxBrB,KAQT0N,IAAIF,GACF,OAAOxN,KAAK2B,QAAQ4L,KAAKC,GAU3BG,OAAOlJ,EAAG+H,GAIR,MAAMgiH,EAAOhiH,EAAE6C,SAAWqyC,GAAG08D,IAAI5xG,EAAEnL,OAASqgD,GAAG6sE,KAAK/hH,EAAEnL,OAChD6L,EAAIlN,KAAK2B,QAEf,OADAuL,EAAE7L,MAAQ6L,EAAE7L,MAAMkqH,MAAMiD,GAAM1B,OAAOroH,EAAEpD,OAAOsqH,UACvCz+G,EAUTgB,OAAO1B,GAEL,IAAKxM,KAAKmO,IAAI3B,GAAGqB,QACf,MAAUzK,MAAM,0BAElB,OAAO,IAAImJ,GAAWvM,KAAKqB,MAAMypH,KAAKt+G,EAAEnL,QAQ1C8M,IAAI3B,GACF,OAAO,IAAID,GAAWvM,KAAKqB,MAAM8M,IAAI3B,EAAEnL,QAOzCuN,WAAW1B,GAET,OADAlN,KAAKqB,MAAMonH,MAAMv7G,EAAE7L,MAAMmO,YAClBxP,KAQT6O,UAAU3B,GACR,OAAOlN,KAAK2B,QAAQiN,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADAlN,KAAKqB,MAAMwnH,MAAM37G,EAAE7L,MAAMmO,YAClBxP,KAQT+O,WAAW7B,GACT,OAAOlN,KAAK2B,QAAQmN,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAOlN,KAAKqB,MAAMkoD,GAAGr8C,EAAE7L,OAQzB4N,GAAG/B,GACD,OAAOlN,KAAKqB,MAAM4N,GAAG/B,EAAE7L,OAQzB6N,IAAIhC,GACF,OAAOlN,KAAKqB,MAAM6N,IAAIhC,EAAE7L,OAQ1B8N,GAAGjC,GACD,OAAOlN,KAAKqB,MAAM8N,GAAGjC,EAAE7L,OAQzB+N,IAAIlC,GACF,OAAOlN,KAAKqB,MAAM+N,IAAIlC,EAAE7L,OAG1BuM,SACE,OAAO5N,KAAKqB,MAAMuM,SAGpBC,QACE,OAAO7N,KAAKqB,MAAMkoD,GAAG,IAAI7H,GAAG,IAG9Bj0C,aACE,OAAOzN,KAAKqB,MAAMggH,QAGpBhyG,SACE,OAAOrP,KAAKqB,MAAMgO,SAGpBC,MACE,MAAMC,EAAMvP,KAAK2B,QAEjB,OADA4N,EAAIlO,MAAQkO,EAAIlO,MAAMiO,MACfC,EAOT5C,WACE,OAAO3M,KAAKqB,MAAMsL,WAQpB6C,WACE,OAAOxP,KAAKqB,MAAMmO,WAQpBI,OAAOzM,GACL,OAAOnD,KAAKqB,MAAM6/G,MAAM/9G,GAAK,EAAI,EAOnC0M,YACE,OAAO7P,KAAKqB,MAAMwO,YAOpBtL,aACE,OAAOvE,KAAKqB,MAAMkD,aASpB6L,aAAaC,EAAS,KAAMjP,GAC1B,OAAOpB,KAAKqB,MAAMsjD,YAAY5hD,WAAYsN,EAAQjP,QC3UlD2M,mFCEJ,IAAIg6B,EAAQsW,EAkCZ,SAAS9X,EAAMG,GACb,OAAoB,IAAhBA,EAAKtlC,OACA,IAAMslC,EAENA,CACX,CAGA,SAAShf,EAAMge,GAEb,IADA,IAAIn2B,EAAM,GACDpM,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,GAAOg3B,EAAMb,EAAIviC,GAAGwJ,SAAS,KAC/B,OAAO4C,CACT,CAfAw4B,EAAMC,QA9BN,SAAiBtC,EAAKU,GACpB,GAAIvmC,MAAMW,QAAQklC,GAChB,OAAOA,EAAIhkC,QACb,IAAKgkC,EACH,MAAO,GACT,IAAIn2B,EAAM,GACV,GAAmB,iBAARm2B,EAAkB,CAC3B,IAAK,IAAIviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAC9BoM,EAAIpM,GAAc,EAATuiC,EAAIviC,GACf,OAAOoM,EAET,GAAY,QAAR62B,EAAe,EACjBV,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1B7gB,OAAS,GAAM,IACrBskC,EAAM,IAAMA,GACd,IAASviC,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,GAAK,EACnCoM,EAAI1N,KAAK2O,SAASk1B,EAAIviC,GAAKuiC,EAAIviC,EAAI,GAAI,UAEzC,IAASA,EAAI,EAAGA,EAAIuiC,EAAItkC,OAAQ+B,IAAK,CACnC,IAAIqZ,EAAIkpB,EAAI9oB,WAAWzZ,GACnBkjC,EAAK7pB,GAAK,EACV8pB,EAAS,IAAJ9pB,EACL6pB,EACF92B,EAAI1N,KAAKwkC,EAAIC,GAEb/2B,EAAI1N,KAAKykC,GAGf,OAAO/2B,CACT,EASAw4B,EAAMxB,MAAQA,EAQdwB,EAAMrgB,MAAQA,EAEdqgB,EAAMzqB,OAAS,SAAgBw/B,EAAK1W,GAClC,MAAY,QAARA,EACK1e,EAAMo1B,GAENA,CACX,0BCvDA,IAAI/U,EAAQsW,EAKZtW,EAAMvC,OAASipF,GACf1mF,EAAMC,QAAU0mF,GAAS1mF,QACzBD,EAAMxB,MAAQmoF,GAASnoF,MACvBwB,EAAMrgB,MAAQgnG,GAAShnG,MACvBqgB,EAAMzqB,OAASoxG,GAASpxG,OA8BxByqB,EAAM4mF,OA3BN,SAAgBrnF,EAAK9P,GAInB,IAHA,IAAIo3F,EAAM,GACNrH,EAAK,GAAM/vF,EAAI,EACfnb,EAAIirB,EAAI3lC,QACL0a,EAAEwuG,KAAK,IAAM,GAAG,CACrB,IAAItiF,EACJ,GAAIlsB,EAAEouG,QAAS,CACb,IAAI/8G,EAAM2O,EAAEkkG,MAAMgH,EAAK,GAErBh/E,EADE76B,GAAO65G,GAAM,GAAK,GACfA,GAAM,GAAK75G,EAEZA,EACN2O,EAAE+sG,MAAM7gF,QAERA,EAAI,EAENqmF,EAAI/sH,KAAK0mC,GAIT,IADA,IAAIjiC,EAAuB,IAAd+V,EAAEwuG,KAAK,IAAgC,IAApBxuG,EAAEkkG,MAAMgH,EAAK,GAAa/vF,EAAI,EAAK,EAC1Dr0B,EAAI,EAAGA,EAAImD,EAAOnD,IACzByrH,EAAI/sH,KAAK,GACXwa,EAAEmkG,OAAOl6G,GAGX,OAAOsoH,CACT,EA0DA7mF,EAAM8mF,OAtDN,SAAgBlgG,EAAIC,GAClB,IAAIkgG,EAAM,CACR,GACA,IAGFngG,EAAKA,EAAGhtB,QACRitB,EAAKA,EAAGjtB,QAGR,IAFA,IAAIotH,EAAK,EACLC,EAAK,EACFrgG,EAAGk8F,MAAMkE,GAAM,GAAKngG,EAAGi8F,MAAMmE,GAAM,GAAG,CAG3C,IAMIhgE,EAYAC,EAIEggE,EAtBFC,EAAOvgG,EAAG4xF,MAAM,GAAKwO,EAAM,EAC3BI,EAAOvgG,EAAG2xF,MAAM,GAAKyO,EAAM,EAM/B,GALY,IAARE,IACFA,GAAO,GACG,IAARC,IACFA,GAAO,GAES,IAAP,EAAND,GACHlgE,EAAK,OAMHA,EAHU,KADRigE,EAAMtgG,EAAG4xF,MAAM,GAAKwO,EAAM,IACN,IAAPE,GAAqB,IAARE,EAGvBD,GAFCA,EAOV,GAHAJ,EAAI,GAAGjtH,KAAKmtD,GAGM,IAAP,EAANmgE,GACHlgE,EAAK,OAMHA,EAHU,KADRggE,EAAMrgG,EAAG2xF,MAAM,GAAKyO,EAAM,IACN,IAAPC,GAAqB,IAARC,EAGvBC,GAFCA,EAIVL,EAAI,GAAGjtH,KAAKotD,GAGR,EAAI8/D,IAAO//D,EAAK,IAClB+/D,EAAK,EAAIA,GACP,EAAIC,IAAO//D,EAAK,IAClB+/D,EAAK,EAAIA,GACXrgG,EAAG6xF,OAAO,GACV5xF,EAAG4xF,OAAO,GAGZ,OAAOsO,CACT,EAUA/mF,EAAMqnF,eAPN,SAAwB3uE,EAAKn1C,EAAM+jH,GACjC,IAAIr4G,EAAM,IAAM1L,EAChBm1C,EAAIz/C,UAAUsK,GAAQ,WACpB,YAAqBrK,IAAdjB,KAAKgX,GAAqBhX,KAAKgX,GAC/BhX,KAAKgX,GAAOq4G,EAASvuH,KAAKd,MAErC,EAOA+nC,EAAMunF,WAJN,SAAoBhoH,GAClB,MAAwB,iBAAVA,EAAqBygC,EAAMC,QAAQ1gC,EAAO,OACrBA,CACrC,EAMAygC,EAAMwnF,UAHN,SAAmBjoH,GACjB,OAAO,IAAIo6C,GAAGp6C,EAAO,MAAO,KAC9B,QFnHiB,SAAc6I,GAI7B,OAHKpC,KACHA,GAAI,IAAIyhH,GAAK,OAERzhH,GAAEyiD,SAASrgD,EACpB,EAEA,SAASq/G,GAAKvwE,GACZj/C,KAAKi/C,KAAOA,CACd,CACA,OAAsBuwE,GAiBtB,GAfAA,GAAKxuH,UAAUwvD,SAAW,SAAkBrgD,GAC1C,OAAOnQ,KAAKyvH,MAAMt/G,EACpB,EAGAq/G,GAAKxuH,UAAUyuH,MAAQ,SAAejjH,GACpC,GAAIxM,KAAKi/C,KAAK8zB,SACZ,OAAO/yE,KAAKi/C,KAAK8zB,SAASvmE,GAG5B,IADA,IAAI+C,EAAM,IAAIxM,WAAWyJ,GAChBrJ,EAAI,EAAGA,EAAIoM,EAAInO,OAAQ+B,IAC9BoM,EAAIpM,GAAKnD,KAAKi/C,KAAKywE,UACrB,OAAOngH,CACT,EAEoB,iBAATwuC,KACLA,KAAKl/B,QAAUk/B,KAAKl/B,OAAOo/B,gBAE7BuxE,GAAKxuH,UAAUyuH,MAAQ,SAAejjH,GACpC,IAAIswC,EAAM,IAAI/5C,WAAWyJ,GAEzB,OADAuxC,KAAKl/B,OAAOo/B,gBAAgBnB,GACrBA,GAEAiB,KAAKC,UAAYD,KAAKC,SAASC,gBAExCuxE,GAAKxuH,UAAUyuH,MAAQ,SAAejjH,GACpC,IAAIswC,EAAM,IAAI/5C,WAAWyJ,GAEzB,OADAuxC,KAAKC,SAASC,gBAAgBnB,GACvBA,GAIkB,iBAAX+c,SAEhB21D,GAAKxuH,UAAUyuH,MAAQ,WACrB,MAAUrsH,MAAM,8BAKpB,IACE,IAAIyb,GAASrc,EACb,GAAkC,mBAAvBqc,GAAOu/B,YAChB,MAAUh7C,MAAM,iBAElBosH,GAAKxuH,UAAUyuH,MAAQ,SAAejjH,GACpC,OAAOqS,GAAOu/B,YAAY5xC,IAE5B,MAAO/H,eG1DX,IAAIkqH,GAAS5mF,GAAM4mF,OACfE,GAAS9mF,GAAM8mF,OACfrpF,GAASuC,GAAMvC,OAEnB,SAASmqF,GAAUv1G,EAAMw1G,GACvB5vH,KAAKoa,KAAOA,EACZpa,KAAKyyB,EAAI,IAAIivB,GAAGkuE,EAAKn9F,EAAG,IAGxBzyB,KAAKo+G,IAAMwR,EAAKlC,MAAQhsE,GAAG08D,IAAIwR,EAAKlC,OAAShsE,GAAG6sE,KAAKvuH,KAAKyyB,GAG1DzyB,KAAK8P,KAAO,IAAI4xC,GAAG,GAAG6pE,MAAMvrH,KAAKo+G,KACjCp+G,KAAK+P,IAAM,IAAI2xC,GAAG,GAAG6pE,MAAMvrH,KAAKo+G,KAChCp+G,KAAK6yC,IAAM,IAAI6O,GAAG,GAAG6pE,MAAMvrH,KAAKo+G,KAGhCp+G,KAAKwM,EAAIojH,EAAKpjH,GAAK,IAAIk1C,GAAGkuE,EAAKpjH,EAAG,IAClCxM,KAAKglC,EAAI4qF,EAAK5qF,GAAKhlC,KAAK6vH,cAAcD,EAAK5qF,EAAG4qF,EAAKE,MAGnD9vH,KAAK+vH,eACL/vH,KAAKgwH,eACLhwH,KAAKiwH,eACLjwH,KAAKkwH,eAGL,IAAIC,EAAcnwH,KAAKwM,GAAKxM,KAAKyyB,EAAEm3F,IAAI5pH,KAAKwM,IACvC2jH,GAAeA,EAAYtF,KAAK,KAAO,EAC1C7qH,KAAKowH,KAAO,MAEZpwH,KAAKqwH,eAAgB,EACrBrwH,KAAKowH,KAAOpwH,KAAKwM,EAAE++G,MAAMvrH,KAAKo+G,KAElC,CACA,OAAiBuR,GAgNjB,SAASW,GAAU1/G,EAAOwJ,GACxBpa,KAAK4Q,MAAQA,EACb5Q,KAAKoa,KAAOA,EACZpa,KAAKuwH,YAAc,IACrB,CAlNAZ,GAAU3uH,UAAUwvH,MAAQ,WAC1B,MAAUptH,MAAM,kBAClB,EAEAusH,GAAU3uH,UAAU2kD,SAAW,WAC7B,MAAUviD,MAAM,kBAClB,EAEAusH,GAAU3uH,UAAUyvH,aAAe,SAAsBh+F,EAAGpW,GAC1DmpB,GAAO/S,EAAE89F,aACT,IAAIG,EAAUj+F,EAAEk+F,cAEZ/B,EAAMD,GAAOtyG,EAAG,GAChBgb,GAAK,GAAMq5F,EAAQE,KAAO,IAAOF,EAAQE,KAAO,GAAM,EAAI,EAAI,GAClEv5F,GAAK,EAIL,IADA,IAAIw5F,EAAO,GACF9zG,EAAI,EAAGA,EAAI6xG,EAAIxtH,OAAQ2b,GAAK2zG,EAAQE,KAAM,CACjD,IAAIE,EAAO,EACX,IAASz0G,EAAIU,EAAI2zG,EAAQE,KAAO,EAAGv0G,GAAKU,EAAGV,IACzCy0G,GAAQA,GAAQ,GAAKlC,EAAIvyG,GAC3Bw0G,EAAKhvH,KAAKivH,GAKZ,IAFA,IAAIriH,EAAIzO,KAAK+wH,OAAO,KAAM,KAAM,MAC5B1iH,EAAIrO,KAAK+wH,OAAO,KAAM,KAAM,MACvB5tH,EAAIk0B,EAAGl0B,EAAI,EAAGA,IAAK,CAC1B,IAAS4Z,EAAI,EAAGA,EAAI8zG,EAAKzvH,OAAQ2b,IAAK,EAChC+zG,EAAOD,EAAK9zG,MACH5Z,EACXkL,EAAIA,EAAE2iH,SAASN,EAAQO,OAAOl0G,IACvB+zG,KAAU3tH,IACjBkL,EAAIA,EAAE2iH,SAASN,EAAQO,OAAOl0G,GAAGukG,QAErC7yG,EAAIA,EAAEpI,IAAIgI,GAEZ,OAAOI,EAAEyiH,KACX,EAEAvB,GAAU3uH,UAAUmwH,SAAW,SAAkB1+F,EAAGpW,GAClD,IAAImb,EAAI,EAGJ45F,EAAY3+F,EAAE4+F,cAAc75F,GAChCA,EAAI45F,EAAU/C,IAQd,IAPA,IAAIA,EAAM+C,EAAUH,OAGhBrC,EAAMD,GAAOtyG,EAAGmb,GAGhB4yF,EAAMpqH,KAAK+wH,OAAO,KAAM,KAAM,MACzB5tH,EAAIyrH,EAAIxtH,OAAS,EAAG+B,GAAK,EAAGA,IAAK,CAExC,IAASkZ,EAAI,EAAGlZ,GAAK,GAAgB,IAAXyrH,EAAIzrH,GAAUA,IACtCkZ,IAKF,GAJIlZ,GAAK,GACPkZ,IACF+tG,EAAMA,EAAIkH,KAAKj1G,GAEXlZ,EAAI,EACN,MACF,IAAIolC,EAAIqmF,EAAIzrH,GACZqiC,GAAa,IAAN+C,GAIH6hF,EAHW,WAAX33F,EAAErY,KAEAmuB,EAAI,EACA6hF,EAAI4G,SAAS3C,EAAK9lF,EAAI,GAAM,IAE5B6hF,EAAI4G,SAAS3C,GAAM9lF,EAAI,GAAM,GAAG+4E,OAGpC/4E,EAAI,EACA6hF,EAAI/jH,IAAIgoH,EAAK9lF,EAAI,GAAM,IAEvB6hF,EAAI/jH,IAAIgoH,GAAM9lF,EAAI,GAAM,GAAG+4E,OAGvC,MAAkB,WAAX7uF,EAAErY,KAAoBgwG,EAAI8G,MAAQ9G,CAC3C,EAEAuF,GAAU3uH,UAAUuwH,YAAc,SAAqBC,EACAP,EACAQ,EACAthH,EACAuhH,GAOrD,IANA,IAAIC,EAAW3xH,KAAK+vH,QAChB1B,EAAMruH,KAAKgwH,QACXpB,EAAM5uH,KAAKiwH,QAGXlkH,EAAM,EACD5I,EAAI,EAAGA,EAAIgN,EAAKhN,IAAK,CAC5B,IACIiuH,GADA3+F,EAAIw+F,EAAO9tH,IACGkuH,cAAcG,GAChCG,EAASxuH,GAAKiuH,EAAU/C,IACxBA,EAAIlrH,GAAKiuH,EAAUH,OAIrB,IAAS9tH,EAAIgN,EAAM,EAAGhN,GAAK,EAAGA,GAAK,EAAG,CACpC,IAAIsL,EAAItL,EAAI,EACRkL,EAAIlL,EACR,GAAoB,IAAhBwuH,EAASljH,IAA4B,IAAhBkjH,EAAStjH,GAAlC,CAQA,IAAIujH,EAAO,CACTX,EAAOxiH,GACP,KACA,KACAwiH,EAAO5iH,IAI4B,IAAjC4iH,EAAOxiH,GAAGH,EAAEmwG,IAAIwS,EAAO5iH,GAAGC,IAC5BsjH,EAAK,GAAKX,EAAOxiH,GAAGpI,IAAI4qH,EAAO5iH,IAC/BujH,EAAK,GAAKX,EAAOxiH,GAAGojH,MAAMb,SAASC,EAAO5iH,GAAGizG,QACM,IAA1C2P,EAAOxiH,GAAGH,EAAEmwG,IAAIwS,EAAO5iH,GAAGC,EAAEu+G,WACrC+E,EAAK,GAAKX,EAAOxiH,GAAGojH,MAAMb,SAASC,EAAO5iH,IAC1CujH,EAAK,GAAKX,EAAOxiH,GAAGpI,IAAI4qH,EAAO5iH,GAAGizG,SAElCsQ,EAAK,GAAKX,EAAOxiH,GAAGojH,MAAMb,SAASC,EAAO5iH,IAC1CujH,EAAK,GAAKX,EAAOxiH,GAAGojH,MAAMb,SAASC,EAAO5iH,GAAGizG,QAG/C,IAAIxhG,EAAQ,EACT,GACA,GACA,GACA,EACD,EACA,EACA,EACA,EACA,GAGEgvG,EAAMD,GAAO4C,EAAOhjH,GAAIgjH,EAAOpjH,IACnCtC,EAAMD,KAAKC,IAAI+iH,EAAI,GAAG1tH,OAAQ2K,GAC9B6iH,EAAIngH,GAAS5O,MAAMkM,GACnB6iH,EAAIvgH,GAASxO,MAAMkM,GACnB,IAAK,IAAIgR,EAAI,EAAGA,EAAIhR,EAAKgR,IAAK,CAC5B,IAAI+0G,EAAiB,EAAZhD,EAAI,GAAG/xG,GACZg1G,EAAiB,EAAZjD,EAAI,GAAG/xG,GAEhB6xG,EAAIngH,GAAGsO,GAAK+C,EAAiB,GAAVgyG,EAAK,IAAUC,EAAK,IACvCnD,EAAIvgH,GAAG0O,GAAK,EACZsxG,EAAI5/G,GAAKmjH,QAhDThD,EAAIngH,GAAKkgH,GAAO8C,EAAOhjH,GAAIkjH,EAASljH,IACpCmgH,EAAIvgH,GAAKsgH,GAAO8C,EAAOpjH,GAAIsjH,EAAStjH,IACpCtC,EAAMD,KAAKC,IAAI6iH,EAAIngH,GAAGrN,OAAQ2K,GAC9BA,EAAMD,KAAKC,IAAI6iH,EAAIvgH,GAAGjN,OAAQ2K,GAiDlC,IAAIq+G,EAAMpqH,KAAK+wH,OAAO,KAAM,KAAM,MAC9BpiH,EAAM3O,KAAKkwH,QACf,IAAS/sH,EAAI4I,EAAK5I,GAAK,EAAGA,IAAK,CAG7B,IAFA,IAAIkZ,EAAI,EAEDlZ,GAAK,GAAG,CACb,IAAI2M,GAAO,EACX,IAASiN,EAAI,EAAGA,EAAI5M,EAAK4M,IACvBpO,EAAIoO,GAAiB,EAAZ6xG,EAAI7xG,GAAG5Z,GACD,IAAXwL,EAAIoO,KACNjN,GAAO,GAEX,IAAKA,EACH,MACFuM,IACAlZ,IAKF,GAHIA,GAAK,GACPkZ,IACF+tG,EAAMA,EAAIkH,KAAKj1G,GACXlZ,EAAI,EACN,MAEF,IAAS4Z,EAAI,EAAGA,EAAI5M,EAAK4M,IAAK,CAC5B,IACI0V,EADA8V,EAAI55B,EAAIoO,GAEF,IAANwrB,IAEKA,EAAI,EACX9V,EAAI47F,EAAItxG,GAAIwrB,EAAI,GAAM,GACfA,EAAI,IACX9V,EAAI47F,EAAItxG,IAAKwrB,EAAI,GAAM,GAAG+4E,OAG1B8I,EADa,WAAX33F,EAAErY,KACEgwG,EAAI4G,SAASv+F,GAEb23F,EAAI/jH,IAAIosB,KAIpB,IAAStvB,EAAI,EAAGA,EAAIgN,EAAKhN,IACvBkrH,EAAIlrH,GAAK,KAEX,OAAIuuH,EACKtH,EAEAA,EAAI8G,KACf,EAOAvB,GAAUW,UAAYA,GAEtBA,GAAUtvH,UAAUuoD,GAAK,WACvB,MAAUnmD,MAAM,kBAClB,EAEAktH,GAAUtvH,UAAU2kD,SAAW,WAC7B,OAAO3lD,KAAK4Q,MAAM+0C,SAAS3lD,KAC7B,EAEA2vH,GAAU3uH,UAAUgxH,YAAc,SAAqB1qH,EAAO8+B,GAC5D9+B,EAAQygC,GAAMC,QAAQ1gC,EAAO8+B,GAE7B,IAAIj2B,EAAMnQ,KAAKyyB,EAAEluB,aAGjB,IAAkB,IAAb+C,EAAM,IAA4B,IAAbA,EAAM,IAA4B,IAAbA,EAAM,KACjDA,EAAMlG,OAAS,GAAM,EAAI+O,EAS3B,OARiB,IAAb7I,EAAM,GACRk+B,GAAOl+B,EAAMA,EAAMlG,OAAS,GAAK,GAAM,GACnB,IAAbkG,EAAM,IACbk+B,GAAOl+B,EAAMA,EAAMlG,OAAS,GAAK,GAAM,GAE9BpB,KAAKwwH,MAAMlpH,EAAM5F,MAAM,EAAG,EAAIyO,GACnB7I,EAAM5F,MAAM,EAAIyO,EAAK,EAAI,EAAIA,IAG9C,IAAkB,IAAb7I,EAAM,IAA4B,IAAbA,EAAM,KAC3BA,EAAMlG,OAAS,IAAM+O,EAC/B,OAAOnQ,KAAKiyH,WAAW3qH,EAAM5F,MAAM,EAAG,EAAIyO,GAAmB,IAAb7I,EAAM,IAExD,MAAUlE,MAAM,uBAClB,EAEAktH,GAAUtvH,UAAUkxH,iBAAmB,SAA0B9rF,GAC/D,OAAOpmC,KAAKsd,OAAO8oB,GAAK,EAC1B,EAEAkqF,GAAUtvH,UAAUmxH,QAAU,SAAiBC,GAC7C,IAAIjiH,EAAMnQ,KAAK4Q,MAAM6hB,EAAEluB,aACnB2I,EAAIlN,KAAKqyH,OAAOrqF,QAAQ,KAAM73B,GAElC,OAAIiiH,EACK,CAAEpyH,KAAKsyH,OAAOjjH,SAAW,EAAO,GAAOzI,OAAOsG,GAEhD,CAAE,GAAOtG,OAAOsG,EAAGlN,KAAKsyH,OAAOtqF,QAAQ,KAAM73B,GACtD,EAEAmgH,GAAUtvH,UAAUsc,OAAS,SAAgB8oB,EAAKgsF,GAChD,OAAOrqF,GAAMzqB,OAAOtd,KAAKmyH,QAAQC,GAAUhsF,EAC7C,EAEAkqF,GAAUtvH,UAAUuxH,WAAa,SAAoBrsE,GACnD,GAAIlmD,KAAKuwH,YACP,OAAOvwH,KAET,IAAIuwH,EAAc,CAChBG,QAAS,KACT9B,IAAK,KACL4D,KAAM,MAOR,OALAjC,EAAY3B,IAAM5uH,KAAKqxH,cAAc,GACrCd,EAAYG,QAAU1wH,KAAK2wH,YAAY,EAAGzqE,GAC1CqqE,EAAYiC,KAAOxyH,KAAKyyH,WACxBzyH,KAAKuwH,YAAcA,EAEZvwH,IACT,EAEAswH,GAAUtvH,UAAU0xH,YAAc,SAAqBr2G,GACrD,IAAKrc,KAAKuwH,YACR,OAAO,EAET,IAAIG,EAAU1wH,KAAKuwH,YAAYG,QAC/B,QAAKA,GAGEA,EAAQO,OAAO7vH,QAAU0K,KAAKmQ,MAAMI,EAAExM,YAAc,GAAK6gH,EAAQE,KAC1E,EAEAN,GAAUtvH,UAAU2vH,YAAc,SAAqBC,EAAM1qE,GAC3D,GAAIlmD,KAAKuwH,aAAevwH,KAAKuwH,YAAYG,QACvC,OAAO1wH,KAAKuwH,YAAYG,QAI1B,IAFA,IAAIA,EAAU,CAAE1wH,MACZoqH,EAAMpqH,KACDmD,EAAI,EAAGA,EAAI+iD,EAAO/iD,GAAKytH,EAAM,CACpC,IAAK,IAAI7zG,EAAI,EAAGA,EAAI6zG,EAAM7zG,IACxBqtG,EAAMA,EAAIuI,MACZjC,EAAQ7uH,KAAKuoH,GAEf,MAAO,CACLwG,KAAMA,EACNK,OAAQP,EAEZ,EAEAJ,GAAUtvH,UAAUqwH,cAAgB,SAAuBhD,GACzD,GAAIruH,KAAKuwH,aAAevwH,KAAKuwH,YAAY3B,IACvC,OAAO5uH,KAAKuwH,YAAY3B,IAK1B,IAHA,IAAIr/G,EAAM,CAAEvP,MACR+L,GAAO,GAAKsiH,GAAO,EACnBsE,EAAc,IAAR5mH,EAAY,KAAO/L,KAAK2yH,MACzBxvH,EAAI,EAAGA,EAAI4I,EAAK5I,IACvBoM,EAAIpM,GAAKoM,EAAIpM,EAAI,GAAGkD,IAAIssH,GAC1B,MAAO,CACLtE,IAAKA,EACL4C,OAAQ1hH,EAEZ,EAEA+gH,GAAUtvH,UAAUyxH,SAAW,WAC7B,OAAO,IACT,EAEAnC,GAAUtvH,UAAUswH,KAAO,SAAcj1G,GAEvC,IADA,IAAItO,EAAI/N,KACCmD,EAAI,EAAGA,EAAIkZ,EAAGlZ,IACrB4K,EAAIA,EAAE4kH,MACR,OAAO5kH,CACT,EC9WA,IAAIy3B,GAASuC,GAAMvC,OAEnB,SAASotF,GAAWhD,GAClBiD,GAAK/xH,KAAKd,KAAM,QAAS4vH,GAEzB5vH,KAAKyO,EAAI,IAAIizC,GAAGkuE,EAAKnhH,EAAG,IAAI88G,MAAMvrH,KAAKo+G,KACvCp+G,KAAKqO,EAAI,IAAIqzC,GAAGkuE,EAAKvhH,EAAG,IAAIk9G,MAAMvrH,KAAKo+G,KACvCp+G,KAAK8yH,KAAO9yH,KAAK6yC,IAAI+5E,UAErB5sH,KAAK+yH,MAAqC,IAA7B/yH,KAAKyO,EAAEk9G,UAAUd,KAAK,GACnC7qH,KAAKgzH,OAAmD,IAA1ChzH,KAAKyO,EAAEk9G,UAAUv+G,IAAIpN,KAAKyyB,GAAGo4F,MAAM,GAGjD7qH,KAAKizH,KAAOjzH,KAAKkzH,iBAAiBtD,GAClC5vH,KAAKmzH,mBACLnzH,KAAKozH,kBACP,CACAjtF,GAASysF,GAAYC,IACrB,OAAiBD,GAiOjB,SAASS,GAAMziH,EAAO1D,EAAGoB,EAAGglH,GAC1BT,GAAKvC,UAAUxvH,KAAKd,KAAM4Q,EAAO,UACvB,OAAN1D,GAAoB,OAANoB,GAChBtO,KAAKkN,EAAI,KACTlN,KAAKsO,EAAI,KACTtO,KAAKuzH,KAAM,IAEXvzH,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IAEfglH,IACFtzH,KAAKkN,EAAE2+G,SAAS7rH,KAAK4Q,MAAMwtG,KAC3Bp+G,KAAKsO,EAAEu9G,SAAS7rH,KAAK4Q,MAAMwtG,MAExBp+G,KAAKkN,EAAEkxG,MACVp+G,KAAKkN,EAAIlN,KAAKkN,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKsO,EAAE8vG,MACVp+G,KAAKsO,EAAItO,KAAKsO,EAAEi9G,MAAMvrH,KAAK4Q,MAAMwtG,MACnCp+G,KAAKuzH,KAAM,EAEf,CA2NA,SAASC,GAAO5iH,EAAO1D,EAAGoB,EAAGi6B,GAC3BsqF,GAAKvC,UAAUxvH,KAAKd,KAAM4Q,EAAO,YACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANi6B,GAC9BvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMb,IACpB/P,KAAKsO,EAAItO,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAI,IAAImZ,GAAG,KAEhB1hD,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IACnBtO,KAAKuoC,EAAI,IAAImZ,GAAGnZ,EAAG,KAEhBvoC,KAAKkN,EAAEkxG,MACVp+G,KAAKkN,EAAIlN,KAAKkN,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKsO,EAAE8vG,MACVp+G,KAAKsO,EAAItO,KAAKsO,EAAEi9G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKuoC,EAAE61E,MACVp+G,KAAKuoC,EAAIvoC,KAAKuoC,EAAEgjF,MAAMvrH,KAAK4Q,MAAMwtG,MAEnCp+G,KAAKyzH,KAAOzzH,KAAKuoC,IAAMvoC,KAAK4Q,MAAMb,GACpC,CCpfA,SAAS2jH,GAAU9D,GACjBiD,GAAK/xH,KAAKd,KAAM,OAAQ4vH,GAExB5vH,KAAKyO,EAAI,IAAIizC,GAAGkuE,EAAKnhH,EAAG,IAAI88G,MAAMvrH,KAAKo+G,KACvCp+G,KAAKqO,EAAI,IAAIqzC,GAAGkuE,EAAKvhH,EAAG,IAAIk9G,MAAMvrH,KAAKo+G,KACvCp+G,KAAK2zH,GAAK,IAAIjyE,GAAG,GAAG6pE,MAAMvrH,KAAKo+G,KAAKwO,UACpC5sH,KAAK6yC,IAAM,IAAI6O,GAAG,GAAG6pE,MAAMvrH,KAAKo+G,KAGhCp+G,KAAK4zH,IAAM5zH,KAAK2zH,GAAGvH,OAAOpsH,KAAKyO,EAAEq9G,OAAO9rH,KAAK6yC,KAC/C,CDSA+/E,GAAW5xH,UAAUkyH,iBAAmB,SAA0BtD,GAEhE,GAAK5vH,KAAK+yH,OAAU/yH,KAAKglC,GAAMhlC,KAAKwM,GAAwB,IAAnBxM,KAAKyyB,EAAEutF,KAAK,GAArD,CAIA,IAAIwS,EACAqB,EACJ,GAAIjE,EAAK4C,KACPA,EAAO,IAAI9wE,GAAGkuE,EAAK4C,KAAM,IAAIjH,MAAMvrH,KAAKo+G,SACnC,CACL,IAAI0V,EAAQ9zH,KAAK+zH,cAAc/zH,KAAKyyB,GAGpC+/F,GADAA,EAAOsB,EAAM,GAAGrV,IAAIqV,EAAM,IAAM,EAAIA,EAAM,GAAKA,EAAM,IACzCvI,MAAMvrH,KAAKo+G,KAEzB,GAAIwR,EAAKiE,OACPA,EAAS,IAAInyE,GAAGkuE,EAAKiE,OAAQ,QACxB,CAEL,IAAIG,EAAUh0H,KAAK+zH,cAAc/zH,KAAKwM,GACsB,IAAxDxM,KAAKglC,EAAE13B,IAAI0mH,EAAQ,IAAI9mH,EAAEuxG,IAAIz+G,KAAKglC,EAAE93B,EAAEk/G,OAAOoG,IAC/CqB,EAASG,EAAQ,IAEjBH,EAASG,EAAQ,GACjBxuF,GAA2D,IAApDxlC,KAAKglC,EAAE13B,IAAIumH,GAAQ3mH,EAAEuxG,IAAIz+G,KAAKglC,EAAE93B,EAAEk/G,OAAOoG,MAiBpD,MAAO,CACLA,KAAMA,EACNqB,OAAQA,EACRI,MAdErE,EAAKqE,MACCrE,EAAKqE,MAAM3rH,KAAI,SAAS4rH,GAC9B,MAAO,CACLzlH,EAAG,IAAIizC,GAAGwyE,EAAIzlH,EAAG,IACjBJ,EAAG,IAAIqzC,GAAGwyE,EAAI7lH,EAAG,QAIbrO,KAAKm0H,cAAcN,IAQ/B,EAEAjB,GAAW5xH,UAAU+yH,cAAgB,SAAuBzsF,GAI1D,IAAI82E,EAAM92E,IAAQtnC,KAAKyyB,EAAIzyB,KAAKo+G,IAAM18D,GAAG6sE,KAAKjnF,GAC1CwrF,EAAO,IAAIpxE,GAAG,GAAG6pE,MAAMnN,GAAKwO,UAC5BwH,EAAQtB,EAAKjG,SAEb5uG,EAAI,IAAIyjC,GAAG,GAAG6pE,MAAMnN,GAAKyO,SAASH,UAAUN,OAAO0G,GAIvD,MAAO,CAFEsB,EAAMtI,OAAO7tG,GAAG0tG,UAChByI,EAAMpI,OAAO/tG,GAAG0tG,UAE3B,EAEAiH,GAAW5xH,UAAUmzH,cAAgB,SAAuBN,GA2B1D,IAzBA,IAYItR,EACAtoE,EAEAyoE,EACAxoE,EAEA2oE,EACA1oE,EAEAk6E,EAEAtmH,EACAb,EAxBAonH,EAAWt0H,KAAKwM,EAAEy8G,MAAMn9G,KAAKsP,MAAMpb,KAAKwM,EAAEqD,YAAc,IAIxDqqB,EAAI25F,EACJ37E,EAAIl4C,KAAKwM,EAAE7K,QACXmpB,EAAK,IAAI42B,GAAG,GACZr2B,EAAK,IAAIq2B,GAAG,GACZ32B,EAAK,IAAI22B,GAAG,GACZp2B,EAAK,IAAIo2B,GAAG,GAaZv+C,EAAI,EAGa,IAAd+2B,EAAE2wF,KAAK,IAAU,CACtB,IAAIn8G,EAAIwpC,EAAE0xE,IAAI1vF,GACdnsB,EAAImqC,EAAE9qC,IAAIsB,EAAEpB,IAAI4sB,IAChBhtB,EAAI6d,EAAG3d,IAAIsB,EAAEpB,IAAIwd,IACjB,IAAIxc,EAAIgd,EAAGle,IAAIsB,EAAEpB,IAAI+d,IAErB,IAAKq3F,GAAM30G,EAAE0wG,IAAI6V,GAAY,EAC3B/R,EAAK8R,EAAM/S,MACXrnE,EAAKnvB,EACL43F,EAAK30G,EAAEuzG,MACPpnE,EAAKhtC,OACA,GAAIw1G,GAAc,KAANv/G,EACjB,MAEFkxH,EAAQtmH,EAERmqC,EAAIhe,EACJA,EAAInsB,EACJgd,EAAKD,EACLA,EAAK5d,EACLoe,EAAKD,EACLA,EAAK/c,EAEPu0G,EAAK90G,EAAEuzG,MACPnnE,EAAKjtC,EAEL,IAAIqnH,EAAO7R,EAAGyF,MAAM9hH,IAAI6zC,EAAGiuE,OAiB3B,OAhBWtF,EAAGsF,MAAM9hH,IAAI8zC,EAAGguE,OAClB1J,IAAI8V,IAAS,IACpB1R,EAAKN,EACLpoE,EAAKF,GAIHyoE,EAAGxE,WACLwE,EAAKA,EAAGpB,MACRpnE,EAAKA,EAAGonE,OAENuB,EAAG3E,WACL2E,EAAKA,EAAGvB,MACRnnE,EAAKA,EAAGmnE,OAGH,CACL,CAAE7yG,EAAGi0G,EAAIr0G,EAAG6rC,GACZ,CAAEzrC,EAAOJ,EAAG8rC,GAEhB,EAEAy4E,GAAW5xH,UAAUwzH,WAAa,SAAoBn4G,GACpD,IAAI43G,EAAQj0H,KAAKizH,KAAKgB,MAClBQ,EAAKR,EAAM,GACXS,EAAKT,EAAM,GAEXrmG,EAAK8mG,EAAGrmH,EAAEf,IAAI+O,GAAG4tG,SAASjqH,KAAKwM,GAC/BqhB,EAAK4mG,EAAGpmH,EAAEizG,MAAMh0G,IAAI+O,GAAG4tG,SAASjqH,KAAKwM,GAErCm2B,EAAK/U,EAAGtgB,IAAImnH,EAAGhmH,GACfm0B,EAAK/U,EAAGvgB,IAAIonH,EAAGjmH,GACfirB,EAAK9L,EAAGtgB,IAAImnH,EAAGpmH,GACfsrB,EAAK9L,EAAGvgB,IAAIonH,EAAGrmH,GAKnB,MAAO,CAAEsgB,GAFAtS,EAAEjP,IAAIu1B,GAAIv1B,IAAIw1B,GAENhU,GADR8K,EAAGrzB,IAAIszB,GAAI2nF,MAEtB,EAEAsR,GAAW5xH,UAAUixH,WAAa,SAAoB/kH,EAAGk6G,IACvDl6G,EAAI,IAAIw0C,GAAGx0C,EAAG,KACPkxG,MACLlxG,EAAIA,EAAEq+G,MAAMvrH,KAAKo+G,MAEnB,IAAI9yF,EAAKpe,EAAEq/G,SAASH,OAAOl/G,GAAG6+G,QAAQ7+G,EAAEk/G,OAAOpsH,KAAKyO,IAAIs9G,QAAQ/rH,KAAKqO,GACjEC,EAAIgd,EAAGohG,UACX,GAA6C,IAAzCp+G,EAAEi+G,SAASP,OAAO1gG,GAAImzF,IAAIz+G,KAAK8P,MACjC,MAAU1M,MAAM,iBAIlB,IAAIqnH,EAAQn8G,EAAEq9G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3Bn8G,EAAIA,EAAEu+G,UAED7sH,KAAKwwH,MAAMtjH,EAAGoB,EACvB,EAEAskH,GAAW5xH,UAAU2kD,SAAW,SAAkB6qE,GAChD,GAAIA,EAAM+C,IACR,OAAO,EAET,IAAIrmH,EAAIsjH,EAAMtjH,EACVoB,EAAIkiH,EAAMliH,EAEVqmH,EAAK30H,KAAKyO,EAAE29G,OAAOl/G,GACnB0nH,EAAM1nH,EAAEq/G,SAASH,OAAOl/G,GAAG6+G,QAAQ4I,GAAI5I,QAAQ/rH,KAAKqO,GACxD,OAA2C,IAApCC,EAAEi+G,SAASN,QAAQ2I,GAAK/J,KAAK,EACtC,EAEA+H,GAAW5xH,UAAU6zH,gBACjB,SAAyB5D,EAAQQ,EAAQC,GAG3C,IAFA,IAAIoD,EAAU90H,KAAKmzH,YACf4B,EAAU/0H,KAAKozH,YACVjwH,EAAI,EAAGA,EAAI8tH,EAAO7vH,OAAQ+B,IAAK,CACtC,IAAIid,EAAQpgB,KAAKw0H,WAAW/C,EAAOtuH,IAC/BsvB,EAAIw+F,EAAO9tH,GACXqvH,EAAO//F,EAAEggG,WAETryG,EAAMuO,GAAGuvF,WACX99F,EAAMuO,GAAGyyF,OACT3uF,EAAIA,EAAE6uF,KAAI,IAERlhG,EAAMwO,GAAGsvF,WACX99F,EAAMwO,GAAGwyF,OACToR,EAAOA,EAAKlR,KAAI,IAGlBwT,EAAY,EAAJ3xH,GAASsvB,EACjBqiG,EAAY,EAAJ3xH,EAAQ,GAAKqvH,EACrBuC,EAAY,EAAJ5xH,GAASid,EAAMuO,GACvBomG,EAAY,EAAJ5xH,EAAQ,GAAKid,EAAMwO,GAK7B,IAHA,IAAIrf,EAAMvP,KAAKuxH,YAAY,EAAGuD,EAASC,EAAa,EAAJ5xH,EAAOuuH,GAG9C30G,EAAI,EAAGA,EAAQ,EAAJ5Z,EAAO4Z,IACzB+3G,EAAQ/3G,GAAK,KACbg4G,EAAQh4G,GAAK,KAEf,OAAOxN,CACT,EAuBA42B,GAASktF,GAAOR,GAAKvC,WAErBsC,GAAW5xH,UAAUwvH,MAAQ,SAAetjH,EAAGoB,EAAGglH,GAChD,OAAO,IAAID,GAAMrzH,KAAMkN,EAAGoB,EAAGglH,EAC/B,EAEAV,GAAW5xH,UAAU6uH,cAAgB,SAAuBpvE,EAAK29D,GAC/D,OAAOiV,GAAM2B,SAASh1H,KAAMygD,EAAK29D,EACnC,EAEAiV,GAAMryH,UAAUyxH,SAAW,WACzB,GAAKzyH,KAAK4Q,MAAMqiH,KAAhB,CAGA,IAAIgC,EAAMj1H,KAAKuwH,YACf,GAAI0E,GAAOA,EAAIzC,KACb,OAAOyC,EAAIzC,KAEb,IAAIA,EAAOxyH,KAAK4Q,MAAM4/G,MAAMxwH,KAAKkN,EAAEk/G,OAAOpsH,KAAK4Q,MAAMqiH,KAAKT,MAAOxyH,KAAKsO,GACtE,GAAI2mH,EAAK,CACP,IAAIrkH,EAAQ5Q,KAAK4Q,MACbskH,EAAU,SAASziG,GACrB,OAAO7hB,EAAM4/G,MAAM/9F,EAAEvlB,EAAEk/G,OAAOx7G,EAAMqiH,KAAKT,MAAO//F,EAAEnkB,IAEpD2mH,EAAIzC,KAAOA,EACXA,EAAKjC,YAAc,CACjBiC,KAAM,KACN5D,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAO3oH,IAAI4sH,IAE7BxE,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAO3oH,IAAI4sH,KAIrC,OAAO1C,EACT,EAEAa,GAAMryH,UAAUk/G,OAAS,WACvB,OAAKlgH,KAAKuwH,YAGH,CAAEvwH,KAAKkN,EAAGlN,KAAKsO,EAAGtO,KAAKuwH,aAAe,CAC3CG,QAAS1wH,KAAKuwH,YAAYG,SAAW,CACnCE,KAAM5wH,KAAKuwH,YAAYG,QAAQE,KAC/BK,OAAQjxH,KAAKuwH,YAAYG,QAAQO,OAAOvvH,MAAM,IAEhDktH,IAAK5uH,KAAKuwH,YAAY3B,KAAO,CAC3BP,IAAKruH,KAAKuwH,YAAY3B,IAAIP,IAC1B4C,OAAQjxH,KAAKuwH,YAAY3B,IAAIqC,OAAOvvH,MAAM,MATrC,CAAE1B,KAAKkN,EAAGlN,KAAKsO,EAY1B,EAEA+kH,GAAM2B,SAAW,SAAkBpkH,EAAO6vC,EAAK29D,GAC1B,iBAAR39D,IACTA,EAAM00E,KAAKxqH,MAAM81C,IACnB,IAAIlxC,EAAMqB,EAAM4/G,MAAM/vE,EAAI,GAAIA,EAAI,GAAI29D,GACtC,IAAK39D,EAAI,GACP,OAAOlxC,EAET,SAAS6lH,EAAU30E,GACjB,OAAO7vC,EAAM4/G,MAAM/vE,EAAI,GAAIA,EAAI,GAAI29D,GAGrC,IAAI6W,EAAMx0E,EAAI,GAYd,OAXAlxC,EAAIghH,YAAc,CAChBiC,KAAM,KACN9B,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQ,CAAE1hH,GAAM3I,OAAOquH,EAAIvE,QAAQO,OAAO3oH,IAAI8sH,KAEhDxG,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQ,CAAE1hH,GAAM3I,OAAOquH,EAAIrG,IAAIqC,OAAO3oH,IAAI8sH,MAGvC7lH,CACT,EAEA8jH,GAAMryH,UAAUq+G,QAAU,WACxB,OAAIr/G,KAAKq1H,aACA,sBACF,gBAAkBr1H,KAAKkN,EAAEy+G,UAAUh/G,SAAS,GAAI,GACnD,OAAS3M,KAAKsO,EAAEq9G,UAAUh/G,SAAS,GAAI,GAAK,GAClD,EAEA0mH,GAAMryH,UAAUq0H,WAAa,WAC3B,OAAOr1H,KAAKuzH,GACd,EAEAF,GAAMryH,UAAUqF,IAAM,SAAaosB,GAEjC,GAAIzyB,KAAKuzH,IACP,OAAO9gG,EAGT,GAAIA,EAAE8gG,IACJ,OAAOvzH,KAGT,GAAIA,KAAKupD,GAAG92B,GACV,OAAOzyB,KAAK2yH,MAGd,GAAI3yH,KAAKshH,MAAM/3D,GAAG92B,GAChB,OAAOzyB,KAAK4Q,MAAM4/G,MAAM,KAAM,MAGhC,GAAwB,IAApBxwH,KAAKkN,EAAEuxG,IAAIhsF,EAAEvlB,GACf,OAAOlN,KAAK4Q,MAAM4/G,MAAM,KAAM,MAEhC,IAAIh0G,EAAIxc,KAAKsO,EAAE09G,OAAOv5F,EAAEnkB,GACN,IAAdkO,EAAEquG,KAAK,KACTruG,EAAIA,EAAE4vG,OAAOpsH,KAAKkN,EAAE8+G,OAAOv5F,EAAEvlB,GAAG0/G,YAClC,IAAI0I,EAAK94G,EAAE+vG,SAASN,QAAQjsH,KAAKkN,GAAG++G,QAAQx5F,EAAEvlB,GAC1CqoH,EAAK/4G,EAAE4vG,OAAOpsH,KAAKkN,EAAE8+G,OAAOsJ,IAAKrJ,QAAQjsH,KAAKsO,GAClD,OAAOtO,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMryH,UAAU2xH,IAAM,WACpB,GAAI3yH,KAAKuzH,IACP,OAAOvzH,KAGT,IAAIw1H,EAAMx1H,KAAKsO,EAAEw9G,OAAO9rH,KAAKsO,GAC7B,GAAoB,IAAhBknH,EAAI3K,KAAK,GACX,OAAO7qH,KAAK4Q,MAAM4/G,MAAM,KAAM,MAEhC,IAAI/hH,EAAIzO,KAAK4Q,MAAMnC,EAEfsc,EAAK/qB,KAAKkN,EAAEq/G,SACZkJ,EAAQD,EAAI5I,UACZpwG,EAAIuO,EAAG+gG,OAAO/gG,GAAIghG,QAAQhhG,GAAIghG,QAAQt9G,GAAG29G,OAAOqJ,GAEhDH,EAAK94G,EAAE+vG,SAASN,QAAQjsH,KAAKkN,EAAE4+G,OAAO9rH,KAAKkN,IAC3CqoH,EAAK/4G,EAAE4vG,OAAOpsH,KAAKkN,EAAE8+G,OAAOsJ,IAAKrJ,QAAQjsH,KAAKsO,GAClD,OAAOtO,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMryH,UAAUqxH,KAAO,WACrB,OAAOryH,KAAKkN,EAAEy+G,SAChB,EAEA0H,GAAMryH,UAAUsxH,KAAO,WACrB,OAAOtyH,KAAKsO,EAAEq9G,SAChB,EAEA0H,GAAMryH,UAAUsM,IAAM,SAAa+O,GAEjC,OADAA,EAAI,IAAIqlC,GAAGrlC,EAAG,IACVrc,KAAKq1H,aACAr1H,KACAA,KAAK0yH,YAAYr2G,GACjBrc,KAAK4Q,MAAM6/G,aAAazwH,KAAMqc,GAC9Brc,KAAK4Q,MAAMqiH,KACXjzH,KAAK4Q,MAAMikH,gBAAgB,CAAE70H,MAAQ,CAAEqc,IAEvCrc,KAAK4Q,MAAMugH,SAASnxH,KAAMqc,EACrC,EAEAg3G,GAAMryH,UAAU00H,OAAS,SAAgB/mG,EAAIiU,EAAIhU,GAC/C,IAAIqiG,EAAS,CAAEjxH,KAAM4iC,GACjB6uF,EAAS,CAAE9iG,EAAIC,GACnB,OAAI5uB,KAAK4Q,MAAMqiH,KACNjzH,KAAK4Q,MAAMikH,gBAAgB5D,EAAQQ,GAEnCzxH,KAAK4Q,MAAM2gH,YAAY,EAAGN,EAAQQ,EAAQ,EACrD,EAEA4B,GAAMryH,UAAU20H,QAAU,SAAiBhnG,EAAIiU,EAAIhU,GACjD,IAAIqiG,EAAS,CAAEjxH,KAAM4iC,GACjB6uF,EAAS,CAAE9iG,EAAIC,GACnB,OAAI5uB,KAAK4Q,MAAMqiH,KACNjzH,KAAK4Q,MAAMikH,gBAAgB5D,EAAQQ,GAAQ,GAE3CzxH,KAAK4Q,MAAM2gH,YAAY,EAAGN,EAAQQ,EAAQ,GAAG,EACxD,EAEA4B,GAAMryH,UAAUuoD,GAAK,SAAY92B,GAC/B,OAAOzyB,OAASyyB,GACTzyB,KAAKuzH,MAAQ9gG,EAAE8gG,MACVvzH,KAAKuzH,KAA2B,IAApBvzH,KAAKkN,EAAEuxG,IAAIhsF,EAAEvlB,IAAgC,IAApBlN,KAAKsO,EAAEmwG,IAAIhsF,EAAEnkB,GAChE,EAEA+kH,GAAMryH,UAAUsgH,IAAM,SAAasU,GACjC,GAAI51H,KAAKuzH,IACP,OAAOvzH,KAET,IAAIuP,EAAMvP,KAAK4Q,MAAM4/G,MAAMxwH,KAAKkN,EAAGlN,KAAKsO,EAAEu+G,UAC1C,GAAI+I,GAAe51H,KAAKuwH,YAAa,CACnC,IAAI0E,EAAMj1H,KAAKuwH,YACXsF,EAAS,SAASpjG,GACpB,OAAOA,EAAE6uF,OAEX/xG,EAAIghH,YAAc,CAChB3B,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAO3oH,IAAIutH,IAE7BnF,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAO3oH,IAAIutH,KAIrC,OAAOtmH,CACT,EAEA8jH,GAAMryH,UAAU6wH,IAAM,WACpB,OAAI7xH,KAAKuzH,IACAvzH,KAAK4Q,MAAMmgH,OAAO,KAAM,KAAM,MAE7B/wH,KAAK4Q,MAAMmgH,OAAO/wH,KAAKkN,EAAGlN,KAAKsO,EAAGtO,KAAK4Q,MAAMb,IAEzD,EAsBAo2B,GAASqtF,GAAQX,GAAKvC,WAEtBsC,GAAW5xH,UAAU+vH,OAAS,SAAgB7jH,EAAGoB,EAAGi6B,GAClD,OAAO,IAAIirF,GAAOxzH,KAAMkN,EAAGoB,EAAGi6B,EAChC,EAEAirF,GAAOxyH,UAAUkwH,IAAM,WACrB,GAAIlxH,KAAKq1H,aACP,OAAOr1H,KAAK4Q,MAAM4/G,MAAM,KAAM,MAEhC,IAAIsF,EAAO91H,KAAKuoC,EAAEqkF,UACdmJ,EAAQD,EAAKvJ,SACboI,EAAK30H,KAAKkN,EAAEk/G,OAAO2J,GACnBC,EAAKh2H,KAAKsO,EAAE89G,OAAO2J,GAAO3J,OAAO0J,GAErC,OAAO91H,KAAK4Q,MAAM4/G,MAAMmE,EAAIqB,EAC9B,EAEAxC,GAAOxyH,UAAUsgH,IAAM,WACrB,OAAOthH,KAAK4Q,MAAMmgH,OAAO/wH,KAAKkN,EAAGlN,KAAKsO,EAAEu+G,SAAU7sH,KAAKuoC,EACzD,EAEAirF,GAAOxyH,UAAUqF,IAAM,SAAaosB,GAElC,GAAIzyB,KAAKq1H,aACP,OAAO5iG,EAGT,GAAIA,EAAE4iG,aACJ,OAAOr1H,KAGT,IAAIi2H,EAAMxjG,EAAE8V,EAAEgkF,SACVpgG,EAAKnsB,KAAKuoC,EAAEgkF,SACZv9D,EAAKhvD,KAAKkN,EAAEk/G,OAAO6J,GACnBhnE,EAAKx8B,EAAEvlB,EAAEk/G,OAAOjgG,GAChBK,EAAKxsB,KAAKsO,EAAE89G,OAAO6J,EAAI7J,OAAO35F,EAAE8V,IAChC9b,EAAKgG,EAAEnkB,EAAE89G,OAAOjgG,EAAGigG,OAAOpsH,KAAKuoC,IAE/BhsB,EAAIyyC,EAAGg9D,OAAO/8D,GACdlhD,EAAIye,EAAGw/F,OAAOv/F,GAClB,GAAkB,IAAdlQ,EAAEsuG,KAAK,GACT,OAAkB,IAAd98G,EAAE88G,KAAK,GACF7qH,KAAK4Q,MAAMmgH,OAAO,KAAM,KAAM,MAE9B/wH,KAAK2yH,MAGhB,IAAI1wF,EAAK1lB,EAAEgwG,SACPrqF,EAAKD,EAAGmqF,OAAO7vG,GACf27B,EAAI8W,EAAGo9D,OAAOnqF,GAEdqzF,EAAKvnH,EAAEw+G,SAASR,QAAQ7pF,GAAI+pF,QAAQ/zE,GAAG+zE,QAAQ/zE,GAC/Cq9E,EAAKxnH,EAAEq+G,OAAOl0E,EAAE+zE,QAAQqJ,IAAKrJ,QAAQz/F,EAAG4/F,OAAOlqF,IAC/Cg0F,EAAKl2H,KAAKuoC,EAAE6jF,OAAO35F,EAAE8V,GAAG6jF,OAAO7vG,GAEnC,OAAOvc,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAUgwH,SAAW,SAAkBv+F,GAE5C,GAAIzyB,KAAKq1H,aACP,OAAO5iG,EAAEo/F,MAGX,GAAIp/F,EAAE4iG,aACJ,OAAOr1H,KAGT,IAAImsB,EAAKnsB,KAAKuoC,EAAEgkF,SACZv9D,EAAKhvD,KAAKkN,EACV+hD,EAAKx8B,EAAEvlB,EAAEk/G,OAAOjgG,GAChBK,EAAKxsB,KAAKsO,EACVme,EAAKgG,EAAEnkB,EAAE89G,OAAOjgG,GAAIigG,OAAOpsH,KAAKuoC,GAEhChsB,EAAIyyC,EAAGg9D,OAAO/8D,GACdlhD,EAAIye,EAAGw/F,OAAOv/F,GAClB,GAAkB,IAAdlQ,EAAEsuG,KAAK,GACT,OAAkB,IAAd98G,EAAE88G,KAAK,GACF7qH,KAAK4Q,MAAMmgH,OAAO,KAAM,KAAM,MAE9B/wH,KAAK2yH,MAGhB,IAAI1wF,EAAK1lB,EAAEgwG,SACPrqF,EAAKD,EAAGmqF,OAAO7vG,GACf27B,EAAI8W,EAAGo9D,OAAOnqF,GAEdqzF,EAAKvnH,EAAEw+G,SAASR,QAAQ7pF,GAAI+pF,QAAQ/zE,GAAG+zE,QAAQ/zE,GAC/Cq9E,EAAKxnH,EAAEq+G,OAAOl0E,EAAE+zE,QAAQqJ,IAAKrJ,QAAQz/F,EAAG4/F,OAAOlqF,IAC/Cg0F,EAAKl2H,KAAKuoC,EAAE6jF,OAAO7vG,GAEvB,OAAOvc,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAUswH,KAAO,SAAcp/E,GACpC,GAAY,IAARA,EACF,OAAOlyC,KACT,GAAIA,KAAKq1H,aACP,OAAOr1H,KACT,IAAKkyC,EACH,OAAOlyC,KAAK2yH,MAEd,GAAI3yH,KAAK4Q,MAAMmiH,OAAS/yH,KAAK4Q,MAAMoiH,OAAQ,CAEzC,IADA,IAAIjlH,EAAI/N,KACCmD,EAAI,EAAGA,EAAI+uC,EAAK/uC,IACvB4K,EAAIA,EAAE4kH,MACR,OAAO5kH,EAKT,IAAIU,EAAIzO,KAAK4Q,MAAMnC,EACfqkH,EAAO9yH,KAAK4Q,MAAMkiH,KAElBqD,EAAKn2H,KAAKkN,EACVkpH,EAAKp2H,KAAKsO,EACV+nH,EAAKr2H,KAAKuoC,EACV+tF,EAAMD,EAAG9J,SAASA,SAGlBgK,EAAMH,EAAGtK,OAAOsK,GACpB,IAASjzH,EAAI,EAAGA,EAAI+uC,EAAK/uC,IAAK,CAC5B,IAAIqzH,EAAML,EAAG5J,SACTkK,EAAOF,EAAIhK,SACXmK,EAAOD,EAAKlK,SACZ/vG,EAAIg6G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQt9G,EAAE29G,OAAOkK,IAElDrrG,EAAKkrG,EAAG/J,OAAOqK,GACfnB,EAAK94G,EAAE+vG,SAASN,QAAQhhG,EAAG6gG,OAAO7gG,IAClCC,EAAKD,EAAGghG,QAAQqJ,GAChBqB,EAAMn6G,EAAE4vG,OAAOlhG,GACnByrG,EAAMA,EAAI5K,QAAQ4K,GAAK1K,QAAQyK,GAC/B,IAAIR,EAAKK,EAAInK,OAAOiK,GAChBlzH,EAAI,EAAI+uC,IACVokF,EAAMA,EAAIlK,OAAOsK,IAEnBP,EAAKb,EACLe,EAAKH,EACLK,EAAMI,EAGR,OAAO32H,KAAK4Q,MAAMmgH,OAAOoF,EAAII,EAAInK,OAAO0G,GAAOuD,EACjD,EAEA7C,GAAOxyH,UAAU2xH,IAAM,WACrB,OAAI3yH,KAAKq1H,aACAr1H,KAELA,KAAK4Q,MAAMmiH,MACN/yH,KAAK42H,WACL52H,KAAK4Q,MAAMoiH,OACXhzH,KAAK62H,YAEL72H,KAAK82H,MAChB,EAEAtD,GAAOxyH,UAAU41H,SAAW,WAC1B,IAAItB,EACAC,EACAW,EAEJ,GAAIl2H,KAAKyzH,KAAM,CAMb,IAAIx4F,EAAKj7B,KAAKkN,EAAEq/G,SAEZpxF,EAAKn7B,KAAKsO,EAAEi+G,SAEZwK,EAAO57F,EAAGoxF,SAEVtuG,EAAIje,KAAKkN,EAAE4+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GACvD94G,EAAIA,EAAE8tG,QAAQ9tG,GAEd,IAAIzQ,EAAIytB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAE1B5c,EAAI7Q,EAAE++G,SAASN,QAAQhuG,GAAGguG,QAAQhuG,GAGlC+4G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GAGtB1B,EAAKj3G,EAELk3G,EAAK/nH,EAAE4+G,OAAOnuG,EAAEguG,QAAQ5tG,IAAI4tG,QAAQ+K,GAEpCd,EAAKl2H,KAAKsO,EAAEw9G,OAAO9rH,KAAKsO,OACnB,CAML,IAAIG,EAAIzO,KAAKkN,EAAEq/G,SAEXl+G,EAAIrO,KAAKsO,EAAEi+G,SAEX/vG,EAAInO,EAAEk+G,SAENzjG,EAAI9oB,KAAKkN,EAAE4+G,OAAOz9G,GAAGk+G,SAASN,QAAQx9G,GAAGw9G,QAAQzvG,GACrDsM,EAAIA,EAAEijG,QAAQjjG,GAEd,IAAIrkB,EAAIgK,EAAEq9G,OAAOr9G,GAAGs9G,QAAQt9G,GAExBs2B,EAAItgC,EAAE8nH,SAGN0K,EAAKz6G,EAAEuvG,QAAQvvG,GAEnBy6G,GADAA,EAAKA,EAAGlL,QAAQkL,IACRlL,QAAQkL,GAGhB3B,EAAKvwF,EAAEknF,QAAQnjG,GAAGmjG,QAAQnjG,GAE1BysG,EAAK9wH,EAAE2nH,OAAOtjG,EAAEmjG,QAAQqJ,IAAKrJ,QAAQgL,GAGrCf,GADAA,EAAKl2H,KAAKsO,EAAE89G,OAAOpsH,KAAKuoC,IAChBwjF,QAAQmK,GAGlB,OAAOl2H,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAU61H,UAAY,WAC3B,IAAIvB,EACAC,EACAW,EAEJ,GAAIl2H,KAAKyzH,KAAM,CAMb,IAAIx4F,EAAKj7B,KAAKkN,EAAEq/G,SAEZpxF,EAAKn7B,KAAKsO,EAAEi+G,SAEZwK,EAAO57F,EAAGoxF,SAEVtuG,EAAIje,KAAKkN,EAAE4+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GACvD94G,EAAIA,EAAE8tG,QAAQ9tG,GAEd,IAAIzQ,EAAIytB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAAI8wF,QAAQ/rH,KAAK4Q,MAAMnC,GAEjD4P,EAAI7Q,EAAE++G,SAASN,QAAQhuG,GAAGguG,QAAQhuG,GAEtCq3G,EAAKj3G,EAEL,IAAI24G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GACtBzB,EAAK/nH,EAAE4+G,OAAOnuG,EAAEguG,QAAQ5tG,IAAI4tG,QAAQ+K,GAEpCd,EAAKl2H,KAAKsO,EAAEw9G,OAAO9rH,KAAKsO,OACnB,CAKL,IAAIs8G,EAAQ5qH,KAAKuoC,EAAEgkF,SAEf2K,EAAQl3H,KAAKsO,EAAEi+G,SAEfiG,EAAOxyH,KAAKkN,EAAEk/G,OAAO8K,GAErBC,EAAQn3H,KAAKkN,EAAE8+G,OAAOpB,GAAOwB,OAAOpsH,KAAKkN,EAAE4+G,OAAOlB,IACtDuM,EAAQA,EAAMrL,OAAOqL,GAAOpL,QAAQoL,GAEpC,IAAIC,EAAQ5E,EAAKzG,QAAQyG,GAErB6E,GADJD,EAAQA,EAAMrL,QAAQqL,IACJtL,OAAOsL,GACzB9B,EAAK6B,EAAM5K,SAASN,QAAQoL,GAE5BnB,EAAKl2H,KAAKsO,EAAEw9G,OAAO9rH,KAAKuoC,GAAGgkF,SAASN,QAAQiL,GAAOjL,QAAQrB,GAE3D,IAAI0M,EAAUJ,EAAM3K,SAGpB+K,GADAA,GADAA,EAAUA,EAAQvL,QAAQuL,IACRvL,QAAQuL,IACRvL,QAAQuL,GAC1B/B,EAAK4B,EAAM/K,OAAOgL,EAAMnL,QAAQqJ,IAAKrJ,QAAQqL,GAG/C,OAAOt3H,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAU81H,KAAO,WACtB,IAAIroH,EAAIzO,KAAK4Q,MAAMnC,EAGf0nH,EAAKn2H,KAAKkN,EACVkpH,EAAKp2H,KAAKsO,EACV+nH,EAAKr2H,KAAKuoC,EACV+tF,EAAMD,EAAG9J,SAASA,SAElBiK,EAAML,EAAG5J,SACTgL,EAAMnB,EAAG7J,SAET/vG,EAAIg6G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQt9G,EAAE29G,OAAOkK,IAElDkB,EAAOrB,EAAGrK,OAAOqK,GAEjBlrG,GADJusG,EAAOA,EAAKzL,QAAQyL,IACNpL,OAAOmL,GACjBjC,EAAK94G,EAAE+vG,SAASN,QAAQhhG,EAAG6gG,OAAO7gG,IAClCC,EAAKD,EAAGghG,QAAQqJ,GAEhBmC,EAAOF,EAAIhL,SAGfkL,GADAA,GADAA,EAAOA,EAAK1L,QAAQ0L,IACR1L,QAAQ0L,IACR1L,QAAQ0L,GACpB,IAAIlC,EAAK/4G,EAAE4vG,OAAOlhG,GAAI+gG,QAAQwL,GAC1BvB,EAAKE,EAAGtK,OAAOsK,GAAIhK,OAAOiK,GAE9B,OAAOr2H,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAU02H,KAAO,WACtB,IAAK13H,KAAK4Q,MAAMmiH,MACd,OAAO/yH,KAAK2yH,MAAMtsH,IAAIrG,MAMxB,IAAIi7B,EAAKj7B,KAAKkN,EAAEq/G,SAEZpxF,EAAKn7B,KAAKsO,EAAEi+G,SAEZoL,EAAK33H,KAAKuoC,EAAEgkF,SAEZwK,EAAO57F,EAAGoxF,SAEV/+G,EAAIytB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAE1B28F,EAAKpqH,EAAE++G,SAEP9nH,EAAIzE,KAAKkN,EAAE4+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GAKnDc,GAFJpzH,GADAA,GADAA,EAAIA,EAAEsnH,QAAQtnH,IACRqnH,OAAOrnH,GAAGsnH,QAAQtnH,IAClBwnH,QAAQ2L,IAEHrL,SAEPluG,EAAI04G,EAAKhL,QAAQgL,GAGrB14G,GADAA,GADAA,EAAIA,EAAE0tG,QAAQ1tG,IACR0tG,QAAQ1tG,IACR0tG,QAAQ1tG,GAEd,IAAI6b,EAAI1sB,EAAEu+G,QAAQtnH,GAAG8nH,SAASN,QAAQ2L,GAAI3L,QAAQ4L,GAAI5L,QAAQ5tG,GAE1Dy5G,EAAO38F,EAAGixF,OAAOlyF,GAErB49F,GADAA,EAAOA,EAAK/L,QAAQ+L,IACR/L,QAAQ+L,GACpB,IAAIxC,EAAKt1H,KAAKkN,EAAEk/G,OAAOyL,GAAI5L,QAAQ6L,GAEnCxC,GADAA,EAAKA,EAAGvJ,QAAQuJ,IACRvJ,QAAQuJ,GAEhB,IAAIC,EAAKv1H,KAAKsO,EAAE89G,OAAOlyF,EAAEkyF,OAAO/tG,EAAE4tG,QAAQ/xF,IAAI+xF,QAAQxnH,EAAE2nH,OAAOyL,KAG/DtC,GADAA,GADAA,EAAKA,EAAGxJ,QAAQwJ,IACRxJ,QAAQwJ,IACRxJ,QAAQwJ,GAEhB,IAAIW,EAAKl2H,KAAKuoC,EAAEujF,OAAOrnH,GAAG8nH,SAASN,QAAQ0L,GAAI1L,QAAQ4L,GAEvD,OAAO73H,KAAK4Q,MAAMmgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOxyH,UAAUsM,IAAM,SAAa+O,EAAG07G,GAGrC,OAFA17G,EAAI,IAAIqlC,GAAGrlC,EAAG07G,GAEP/3H,KAAK4Q,MAAMugH,SAASnxH,KAAMqc,EACnC,EAEAm3G,GAAOxyH,UAAUuoD,GAAK,SAAY92B,GAChC,GAAe,WAAXA,EAAErY,KACJ,OAAOpa,KAAKupD,GAAG92B,EAAEo/F,OAEnB,GAAI7xH,OAASyyB,EACX,OAAO,EAGT,IAAItG,EAAKnsB,KAAKuoC,EAAEgkF,SACZ0J,EAAMxjG,EAAE8V,EAAEgkF,SACd,GAA2D,IAAvDvsH,KAAKkN,EAAEk/G,OAAO6J,GAAKhK,QAAQx5F,EAAEvlB,EAAEk/G,OAAOjgG,IAAK0+F,KAAK,GAClD,OAAO,EAGT,IAAIz+F,EAAKD,EAAGigG,OAAOpsH,KAAKuoC,GACpByvF,EAAM/B,EAAI7J,OAAO35F,EAAE8V,GACvB,OAA8D,IAAvDvoC,KAAKsO,EAAE89G,OAAO4L,GAAK/L,QAAQx5F,EAAEnkB,EAAE89G,OAAOhgG,IAAKy+F,KAAK,EACzD,EAEA2I,GAAOxyH,UAAUi3H,OAAS,SAAgB/qH,GACxC,IAAIgrH,EAAKl4H,KAAKuoC,EAAEgkF,SACZt+G,EAAKf,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,KAAKgO,OAAO8L,GACxC,GAAuB,IAAnBl4H,KAAKkN,EAAEuxG,IAAIxwG,GACb,OAAO,EAIT,IAFA,IAAIkqH,EAAKjrH,EAAEvL,QACP0c,EAAIre,KAAK4Q,MAAMw/G,KAAKhE,OAAO8L,KACtB,CAEP,GADAC,EAAGlrH,KAAKjN,KAAK4Q,MAAMpE,GACf2rH,EAAG1Z,IAAIz+G,KAAK4Q,MAAM6hB,IAAM,EAC1B,OAAO,EAGT,GADAxkB,EAAG89G,QAAQ1tG,GACY,IAAnBre,KAAKkN,EAAEuxG,IAAIxwG,GACb,OAAO,EAEb,EAEAulH,GAAOxyH,UAAUq+G,QAAU,WACzB,OAAIr/G,KAAKq1H,aACA,uBACF,iBAAmBr1H,KAAKkN,EAAEP,SAAS,GAAI,GAC1C,OAAS3M,KAAKsO,EAAE3B,SAAS,GAAI,GAC7B,OAAS3M,KAAKuoC,EAAE57B,SAAS,GAAI,GAAK,GACxC,EAEA6mH,GAAOxyH,UAAUq0H,WAAa,WAE5B,OAA0B,IAAnBr1H,KAAKuoC,EAAEsiF,KAAK,EACrB,ECr5BA1kF,GAASutF,GAAWb,IACpB,OAAiBa,GAWjB,SAASL,GAAMziH,EAAO1D,EAAGq7B,GACvBsqF,GAAKvC,UAAUxvH,KAAKd,KAAM4Q,EAAO,cACvB,OAAN1D,GAAoB,OAANq7B,GAChBvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAIvoC,KAAK4Q,MAAMd,OAEpB9P,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKuoC,EAAI,IAAImZ,GAAGnZ,EAAG,IACdvoC,KAAKkN,EAAEkxG,MACVp+G,KAAKkN,EAAIlN,KAAKkN,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKuoC,EAAE61E,MACVp+G,KAAKuoC,EAAIvoC,KAAKuoC,EAAEgjF,MAAMvrH,KAAK4Q,MAAMwtG,MAEvC,CAtBAsV,GAAU1yH,UAAU2kD,SAAW,SAAkB6qE,GAC/C,IAAItjH,EAAIsjH,EAAM4H,YAAYlrH,EACtB6d,EAAK7d,EAAEq/G,SACPqI,EAAM7pG,EAAGqhG,OAAOl/G,GAAG4+G,OAAO/gG,EAAGqhG,OAAOpsH,KAAKyO,IAAIq9G,OAAO5+G,GAGxD,OAA+B,IAFvB0nH,EAAIlI,UAEHH,SAAS9N,IAAImW,EACxB,EAgBAzuF,GAASktF,GAAOR,GAAKvC,WAErBoD,GAAU1yH,UAAUgxH,YAAc,SAAqB1qH,EAAO8+B,GAQ5D,GAFqB,MALjB9+B,EAAQygC,GAAMC,QAAQ1gC,EAAO8+B,IAKvBhlC,QAA8B,KAAbkG,EAAM,KAC/BA,EAAQA,EAAM5F,MAAM,EAAG,IAAI+O,WACR,KAAjBnJ,EAAMlG,OACR,MAAUgC,MAAM,oCAClB,OAAOpD,KAAKwwH,MAAMlpH,EAAO,EAC3B,EAEAosH,GAAU1yH,UAAUwvH,MAAQ,SAAetjH,EAAGq7B,GAC5C,OAAO,IAAI8qF,GAAMrzH,KAAMkN,EAAGq7B,EAC5B,EAEAmrF,GAAU1yH,UAAU6uH,cAAgB,SAAuBpvE,GACzD,OAAO4yE,GAAM2B,SAASh1H,KAAMygD,EAC9B,EAEA4yE,GAAMryH,UAAUuxH,WAAa,WAE7B,EAEAc,GAAMryH,UAAUmxH,QAAU,SAAiBC,GACzC,IAAIjiH,EAAMnQ,KAAK4Q,MAAM6hB,EAAEluB,aAIvB,OAAI6tH,EACK,CAAE,IAAOxrH,OAAO5G,KAAKqyH,OAAOrqF,QAAQ,KAAM73B,IAE1CnQ,KAAKqyH,OAAOrqF,QAAQ,KAAM73B,EAErC,EAEAkjH,GAAM2B,SAAW,SAAkBpkH,EAAO6vC,GACxC,OAAO,IAAI4yE,GAAMziH,EAAO6vC,EAAI,GAAIA,EAAI,IAAM7vC,EAAMb,IAClD,EAEAsjH,GAAMryH,UAAUq+G,QAAU,WACxB,OAAIr/G,KAAKq1H,aACA,sBACF,gBAAkBr1H,KAAKkN,EAAEy+G,UAAUh/G,SAAS,GAAI,GACnD,OAAS3M,KAAKuoC,EAAEojF,UAAUh/G,SAAS,GAAI,GAAK,GAClD,EAEA0mH,GAAMryH,UAAUq0H,WAAa,WAE3B,OAA0B,IAAnBr1H,KAAKuoC,EAAEsiF,KAAK,EACrB,EAEAwI,GAAMryH,UAAU2xH,IAAM,WAKpB,IAEIp3F,EAFIv7B,KAAKkN,EAAE4+G,OAAO9rH,KAAKuoC,GAEhBgkF,SAIPjxF,EAFIt7B,KAAKkN,EAAE8+G,OAAOhsH,KAAKuoC,GAEhBgkF,SAEP/vG,EAAI+e,EAAGywF,OAAO1wF,GAEdg6F,EAAK/5F,EAAG6wF,OAAO9wF,GAEf46F,EAAK15G,EAAE4vG,OAAO9wF,EAAGwwF,OAAO9rH,KAAK4Q,MAAMgjH,IAAIxH,OAAO5vG,KAClD,OAAOxc,KAAK4Q,MAAM4/G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMryH,UAAUqF,IAAM,WACpB,MAAUjD,MAAM,oCAClB,EAEAiwH,GAAMryH,UAAUq3H,QAAU,SAAiB5lG,EAAGi3F,GAK5C,IAAIj7G,EAAIzO,KAAKkN,EAAE4+G,OAAO9rH,KAAKuoC,GAEvBl6B,EAAIrO,KAAKkN,EAAE8+G,OAAOhsH,KAAKuoC,GAEvB/rB,EAAIiW,EAAEvlB,EAAE4+G,OAAOr5F,EAAE8V,GAIjB+vF,EAFI7lG,EAAEvlB,EAAE8+G,OAAOv5F,EAAE8V,GAEV6jF,OAAO39G,GAEd8pH,EAAK/7G,EAAE4vG,OAAO/9G,GAEdinH,EAAK5L,EAAKnhF,EAAE6jF,OAAOkM,EAAGxM,OAAOyM,GAAIhM,UAEjC2J,EAAKxM,EAAKx8G,EAAEk/G,OAAOkM,EAAGrM,QAAQsM,GAAIhM,UACtC,OAAOvsH,KAAK4Q,MAAM4/G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMryH,UAAUsM,IAAM,SAAa+O,GAQjC,IALA,IAAIgC,GAFJhC,EAAI,IAAIqlC,GAAGrlC,EAAG,KAEJ1a,QACN8M,EAAIzO,KACJqO,EAAIrO,KAAK4Q,MAAM4/G,MAAM,KAAM,MAGtB7xG,EAAO,GAAkB,IAAdN,EAAEwsG,KAAK,GAAUxsG,EAAEmiG,OAAO,GAC5C7hG,EAAK9c,KAAKwc,EAAEkiG,MAAM,IAEpB,IAAK,IAAIp9G,EAAIwb,EAAKvd,OAAS,EAAG+B,GAAK,EAAGA,IACpB,IAAZwb,EAAKxb,IAEPsL,EAAIA,EAAE4pH,QAAQhqH,EARVrO,MAUJqO,EAAIA,EAAEskH,QAGNtkH,EAAII,EAAE4pH,QAAQhqH,EAbVrO,MAeJyO,EAAIA,EAAEkkH,OAGV,OAAOtkH,CACT,EAEAglH,GAAMryH,UAAU00H,OAAS,WACvB,MAAUtyH,MAAM,oCAClB,EAEAiwH,GAAMryH,UAAUw3H,QAAU,WACxB,MAAUp1H,MAAM,oCAClB,EAEAiwH,GAAMryH,UAAUuoD,GAAK,SAAY80B,GAC/B,OAAyC,IAAlCr+E,KAAKqyH,OAAO5T,IAAIpgC,EAAMg0C,OAC/B,EAEAgB,GAAMryH,UAAUo3H,UAAY,WAG1B,OAFAp4H,KAAKkN,EAAIlN,KAAKkN,EAAEk/G,OAAOpsH,KAAKuoC,EAAEqkF,WAC9B5sH,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACb/P,IACT,EAEAqzH,GAAMryH,UAAUqxH,KAAO,WAIrB,OAFAryH,KAAKo4H,YAEEp4H,KAAKkN,EAAEy+G,SAChB,EC/LA,IAAInmF,GAASuC,GAAMvC,OAEnB,SAASizF,GAAa7I,GAEpB5vH,KAAK04H,QAA2B,IAAP,EAAT9I,EAAKnhH,GACrBzO,KAAK24H,MAAQ34H,KAAK04H,UAA6B,IAAR,EAAT9I,EAAKnhH,GACnCzO,KAAK2oH,SAAW3oH,KAAK24H,MAErB9F,GAAK/xH,KAAKd,KAAM,UAAW4vH,GAE3B5vH,KAAKyO,EAAI,IAAIizC,GAAGkuE,EAAKnhH,EAAG,IAAIu7G,KAAKhqH,KAAKo+G,IAAI5wG,GAC1CxN,KAAKyO,EAAIzO,KAAKyO,EAAE88G,MAAMvrH,KAAKo+G,KAC3Bp+G,KAAKwc,EAAI,IAAIklC,GAAGkuE,EAAKpzG,EAAG,IAAI+uG,MAAMvrH,KAAKo+G,KACvCp+G,KAAK6tB,GAAK7tB,KAAKwc,EAAE+vG,SACjBvsH,KAAK8oB,EAAI,IAAI44B,GAAGkuE,EAAK9mG,EAAG,IAAIyiG,MAAMvrH,KAAKo+G,KACvCp+G,KAAKo7B,GAAKp7B,KAAK8oB,EAAEgjG,OAAO9rH,KAAK8oB,GAE7B0c,IAAQxlC,KAAK04H,SAAwC,IAA7B14H,KAAKwc,EAAEmvG,UAAUd,KAAK,IAC9C7qH,KAAK44H,KAAwB,IAAP,EAAThJ,EAAKpzG,EACpB,CACA2pB,GAASsyF,GAAc5F,IACvB,OAAiB4F,GAqFjB,SAASpF,GAAMziH,EAAO1D,EAAGoB,EAAGi6B,EAAGlqB,GAC7Bw0G,GAAKvC,UAAUxvH,KAAKd,KAAM4Q,EAAO,cACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANi6B,GAC9BvoC,KAAKkN,EAAIlN,KAAK4Q,MAAMd,KACpB9P,KAAKsO,EAAItO,KAAK4Q,MAAMb,IACpB/P,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACpB/P,KAAKqe,EAAIre,KAAK4Q,MAAMd,KACpB9P,KAAKyzH,MAAO,IAEZzzH,KAAKkN,EAAI,IAAIw0C,GAAGx0C,EAAG,IACnBlN,KAAKsO,EAAI,IAAIozC,GAAGpzC,EAAG,IACnBtO,KAAKuoC,EAAIA,EAAI,IAAImZ,GAAGnZ,EAAG,IAAMvoC,KAAK4Q,MAAMb,IACxC/P,KAAKqe,EAAIA,GAAK,IAAIqjC,GAAGrjC,EAAG,IACnBre,KAAKkN,EAAEkxG,MACVp+G,KAAKkN,EAAIlN,KAAKkN,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKsO,EAAE8vG,MACVp+G,KAAKsO,EAAItO,KAAKsO,EAAEi9G,MAAMvrH,KAAK4Q,MAAMwtG,MAC9Bp+G,KAAKuoC,EAAE61E,MACVp+G,KAAKuoC,EAAIvoC,KAAKuoC,EAAEgjF,MAAMvrH,KAAK4Q,MAAMwtG,MAC/Bp+G,KAAKqe,IAAMre,KAAKqe,EAAE+/F,MACpBp+G,KAAKqe,EAAIre,KAAKqe,EAAEktG,MAAMvrH,KAAK4Q,MAAMwtG,MACnCp+G,KAAKyzH,KAAOzzH,KAAKuoC,IAAMvoC,KAAK4Q,MAAMb,IAG9B/P,KAAK4Q,MAAM+3G,WAAa3oH,KAAKqe,IAC/Bre,KAAKqe,EAAIre,KAAKkN,EAAEk/G,OAAOpsH,KAAKsO,GACvBtO,KAAKyzH,OACRzzH,KAAKqe,EAAIre,KAAKqe,EAAE+tG,OAAOpsH,KAAKuoC,EAAEqkF,aAGtC,CAjHA6L,GAAaz3H,UAAU63H,MAAQ,SAAevxF,GAC5C,OAAItnC,KAAK24H,MACArxF,EAAIulF,SAEJ7sH,KAAKyO,EAAE29G,OAAO9kF,EACzB,EAEAmxF,GAAaz3H,UAAU83H,MAAQ,SAAexxF,GAC5C,OAAItnC,KAAK44H,KACAtxF,EAEAtnC,KAAKwc,EAAE4vG,OAAO9kF,EACzB,EAGAmxF,GAAaz3H,UAAU+vH,OAAS,SAAgB7jH,EAAGoB,EAAGi6B,EAAGlqB,GACvD,OAAOre,KAAKwwH,MAAMtjH,EAAGoB,EAAGi6B,EAAGlqB,EAC7B,EAEAo6G,GAAaz3H,UAAUixH,WAAa,SAAoB/kH,EAAGk6G,IACzDl6G,EAAI,IAAIw0C,GAAGx0C,EAAG,KACPkxG,MACLlxG,EAAIA,EAAEq+G,MAAMvrH,KAAKo+G,MAEnB,IAAIrzF,EAAK7d,EAAEq/G,SACPqI,EAAM50H,KAAK6tB,GAAGm+F,OAAOhsH,KAAKyO,EAAE29G,OAAOrhG,IACnCguG,EAAM/4H,KAAK+P,IAAIi8G,OAAOhsH,KAAK6tB,GAAGu+F,OAAOpsH,KAAK8oB,GAAGsjG,OAAOrhG,IAEpDO,EAAKspG,EAAIxI,OAAO2M,EAAInM,WACpBt+G,EAAIgd,EAAGohG,UACX,GAA6C,IAAzCp+G,EAAEi+G,SAASP,OAAO1gG,GAAImzF,IAAIz+G,KAAK8P,MACjC,MAAU1M,MAAM,iBAElB,IAAIqnH,EAAQn8G,EAAEq9G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3Bn8G,EAAIA,EAAEu+G,UAED7sH,KAAKwwH,MAAMtjH,EAAGoB,EACvB,EAEAmqH,GAAaz3H,UAAUg4H,WAAa,SAAoB1qH,EAAG84G,IACzD94G,EAAI,IAAIozC,GAAGpzC,EAAG,KACP8vG,MACL9vG,EAAIA,EAAEi9G,MAAMvrH,KAAKo+G,MAGnB,IAAI9yF,EAAKhd,EAAEi+G,SACPwM,EAAMztG,EAAG0gG,OAAOhsH,KAAK6tB,IACrB+mG,EAAMtpG,EAAG8gG,OAAOpsH,KAAK8oB,GAAGsjG,OAAOpsH,KAAK6tB,IAAIm+F,OAAOhsH,KAAKyO,GACpDsc,EAAKguG,EAAI3M,OAAOwI,EAAIhI,WAExB,GAA0B,IAAtB7hG,EAAG0zF,IAAIz+G,KAAK8P,MAAa,CAC3B,GAAIs3G,EACF,MAAUhkH,MAAM,iBAEhB,OAAOpD,KAAKwwH,MAAMxwH,KAAK8P,KAAMxB,GAGjC,IAAIpB,EAAI6d,EAAG2hG,UACX,GAA6C,IAAzCx/G,EAAEq/G,SAASP,OAAOjhG,GAAI0zF,IAAIz+G,KAAK8P,MACjC,MAAU1M,MAAM,iBAKlB,OAHI8J,EAAEy+G,UAAUlB,UAAYrD,IAC1Bl6G,EAAIA,EAAE2/G,UAED7sH,KAAKwwH,MAAMtjH,EAAGoB,EACvB,EAEAmqH,GAAaz3H,UAAU2kD,SAAW,SAAkB6qE,GAClD,GAAIA,EAAM6E,aACR,OAAO,EAGT7E,EAAM4H,YAEN,IAAIrtG,EAAKylG,EAAMtjH,EAAEq/G,SACbjhG,EAAKklG,EAAMliH,EAAEi+G,SACbwM,EAAMhuG,EAAGqhG,OAAOpsH,KAAKyO,GAAGq9G,OAAOxgG,GAC/BspG,EAAM50H,KAAK6tB,GAAGu+F,OAAOpsH,KAAK+P,IAAI+7G,OAAO9rH,KAAK8oB,EAAEsjG,OAAOrhG,GAAIqhG,OAAO9gG,KAElE,OAAwB,IAAjBytG,EAAIta,IAAImW,EACjB,EAiCAzuF,GAASktF,GAAOR,GAAKvC,WAErBmI,GAAaz3H,UAAU6uH,cAAgB,SAAuBpvE,GAC5D,OAAO4yE,GAAM2B,SAASh1H,KAAMygD,EAC9B,EAEAg4E,GAAaz3H,UAAUwvH,MAAQ,SAAetjH,EAAGoB,EAAGi6B,EAAGlqB,GACrD,OAAO,IAAIg1G,GAAMrzH,KAAMkN,EAAGoB,EAAGi6B,EAAGlqB,EAClC,EAEAg1G,GAAM2B,SAAW,SAAkBpkH,EAAO6vC,GACxC,OAAO,IAAI4yE,GAAMziH,EAAO6vC,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAC9C,EAEA4yE,GAAMryH,UAAUq+G,QAAU,WACxB,OAAIr/G,KAAKq1H,aACA,sBACF,gBAAkBr1H,KAAKkN,EAAEy+G,UAAUh/G,SAAS,GAAI,GACnD,OAAS3M,KAAKsO,EAAEq9G,UAAUh/G,SAAS,GAAI,GACvC,OAAS3M,KAAKuoC,EAAEojF,UAAUh/G,SAAS,GAAI,GAAK,GAClD,EAEA0mH,GAAMryH,UAAUq0H,WAAa,WAE3B,OAA0B,IAAnBr1H,KAAKkN,EAAE29G,KAAK,KACO,IAAvB7qH,KAAKsO,EAAEmwG,IAAIz+G,KAAKuoC,IAChBvoC,KAAKyzH,MAAqC,IAA7BzzH,KAAKsO,EAAEmwG,IAAIz+G,KAAK4Q,MAAM4L,GACxC,EAEA62G,GAAMryH,UAAUi4H,QAAU,WAMxB,IAAIxqH,EAAIzO,KAAKkN,EAAEq/G,SAEXl+G,EAAIrO,KAAKsO,EAAEi+G,SAEX/vG,EAAIxc,KAAKuoC,EAAEgkF,SACf/vG,EAAIA,EAAEuvG,QAAQvvG,GAEd,IAAIsM,EAAI9oB,KAAK4Q,MAAMioH,MAAMpqH,GAErBhK,EAAIzE,KAAKkN,EAAE4+G,OAAO9rH,KAAKsO,GAAGi+G,SAASN,QAAQx9G,GAAGw9G,QAAQ59G,GAEtD22B,EAAIlc,EAAEgjG,OAAOz9G,GAEb02B,EAAIC,EAAEgnF,OAAOxvG,GAEbD,EAAIuM,EAAEkjG,OAAO39G,GAEbinH,EAAK7wH,EAAE2nH,OAAOrnF,GAEdwwF,EAAKvwF,EAAEonF,OAAO7vG,GAEd28G,EAAKz0H,EAAE2nH,OAAO7vG,GAEd25G,EAAKnxF,EAAEqnF,OAAOpnF,GAClB,OAAOhlC,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMryH,UAAUm4H,SAAW,WAQzB,IAMI7D,EACAC,EACAW,EARA7nH,EAAIrO,KAAKkN,EAAE4+G,OAAO9rH,KAAKsO,GAAGi+G,SAE1B/vG,EAAIxc,KAAKkN,EAAEq/G,SAEXzjG,EAAI9oB,KAAKsO,EAAEi+G,SAKf,GAAIvsH,KAAK4Q,MAAM8nH,QAAS,CAEtB,IAEI3zF,GAFAtgC,EAAIzE,KAAK4Q,MAAMioH,MAAMr8G,IAEfsvG,OAAOhjG,GACjB,GAAI9oB,KAAKyzH,KAEP6B,EAAKjnH,EAAE29G,OAAOxvG,GAAGwvG,OAAOljG,GAAGsjG,OAAOrnF,EAAEinF,OAAOhsH,KAAK4Q,MAAMiiC,MAEtD0iF,EAAKxwF,EAAEqnF,OAAO3nH,EAAEunH,OAAOljG,IAEvBotG,EAAKnxF,EAAEwnF,SAASP,OAAOjnF,GAAGinF,OAAOjnF,OAC5B,CAEL,IAAIxoB,EAAIvc,KAAKuoC,EAAEgkF,SAEXxvG,EAAIgoB,EAAEinF,OAAOzvG,GAAG0vG,QAAQ1vG,GAE5B+4G,EAAKjnH,EAAE29G,OAAOxvG,GAAGyvG,QAAQnjG,GAAGsjG,OAAOrvG,GAEnCw4G,EAAKxwF,EAAEqnF,OAAO3nH,EAAEunH,OAAOljG,IAEvBotG,EAAKnxF,EAAEqnF,OAAOrvG,QAEX,CAEL,IAAItY,EAAI+X,EAAEsvG,OAAOhjG,GAEbvM,EAAIvc,KAAK4Q,MAAMkoH,MAAM94H,KAAKuoC,GAAGgkF,SAE7BxvG,EAAItY,EAAEunH,OAAOzvG,GAAGyvG,OAAOzvG,GAE3B+4G,EAAKt1H,KAAK4Q,MAAMkoH,MAAMzqH,EAAE49G,QAAQxnH,IAAI2nH,OAAOrvG,GAE3Cw4G,EAAKv1H,KAAK4Q,MAAMkoH,MAAMr0H,GAAG2nH,OAAO5vG,EAAEyvG,QAAQnjG,IAE1CotG,EAAKzxH,EAAE2nH,OAAOrvG,GAEhB,OAAO/c,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMryH,UAAU2xH,IAAM,WACpB,OAAI3yH,KAAKq1H,aACAr1H,KAGLA,KAAK4Q,MAAM+3G,SACN3oH,KAAKi5H,UAELj5H,KAAKm5H,UAChB,EAEA9F,GAAMryH,UAAUo4H,QAAU,SAAiB3mG,GAMzC,IAAIhkB,EAAIzO,KAAKsO,EAAE09G,OAAOhsH,KAAKkN,GAAGk/G,OAAO35F,EAAEnkB,EAAE09G,OAAOv5F,EAAEvlB,IAE9CmB,EAAIrO,KAAKsO,EAAEw9G,OAAO9rH,KAAKkN,GAAGk/G,OAAO35F,EAAEnkB,EAAEw9G,OAAOr5F,EAAEvlB,IAE9CsP,EAAIxc,KAAKqe,EAAE+tG,OAAOpsH,KAAK4Q,MAAMwqB,IAAIgxF,OAAO35F,EAAEpU,GAE1CyK,EAAI9oB,KAAKuoC,EAAE6jF,OAAO35F,EAAE8V,EAAEujF,OAAOr5F,EAAE8V,IAE/B9jC,EAAI4J,EAAE29G,OAAOv9G,GAEbs2B,EAAIjc,EAAEkjG,OAAOxvG,GAEbwoB,EAAIlc,EAAEgjG,OAAOtvG,GAEbD,EAAIlO,EAAEy9G,OAAOr9G,GAEb6mH,EAAK7wH,EAAE2nH,OAAOrnF,GAEdwwF,EAAKvwF,EAAEonF,OAAO7vG,GAEd28G,EAAKz0H,EAAE2nH,OAAO7vG,GAEd25G,EAAKnxF,EAAEqnF,OAAOpnF,GAClB,OAAOhlC,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMryH,UAAUq4H,SAAW,SAAkB5mG,GAO3C,IAgBI8iG,EACAW,EAjBAznH,EAAIzO,KAAKuoC,EAAE6jF,OAAO35F,EAAE8V,GAEpBl6B,EAAII,EAAE89G,SAEN/vG,EAAIxc,KAAKkN,EAAEk/G,OAAO35F,EAAEvlB,GAEpB4b,EAAI9oB,KAAKsO,EAAE89G,OAAO35F,EAAEnkB,GAEpB7J,EAAIzE,KAAK4Q,MAAMkY,EAAEsjG,OAAO5vG,GAAG4vG,OAAOtjG,GAElCic,EAAI12B,EAAE29G,OAAOvnH,GAEbugC,EAAI32B,EAAEy9G,OAAOrnH,GAEbkK,EAAM3O,KAAKkN,EAAE4+G,OAAO9rH,KAAKsO,GAAG89G,OAAO35F,EAAEvlB,EAAE4+G,OAAOr5F,EAAEnkB,IAAI29G,QAAQzvG,GAAGyvG,QAAQnjG,GACvEwsG,EAAK7mH,EAAE29G,OAAOrnF,GAAGqnF,OAAOz9G,GAc5B,OAXI3O,KAAK4Q,MAAM8nH,SAEbnD,EAAK9mH,EAAE29G,OAAOpnF,GAAGonF,OAAOtjG,EAAEkjG,OAAOhsH,KAAK4Q,MAAMioH,MAAMr8G,KAElD05G,EAAKnxF,EAAEqnF,OAAOpnF,KAGduwF,EAAK9mH,EAAE29G,OAAOpnF,GAAGonF,OAAOtjG,EAAEkjG,OAAOxvG,IAEjC05G,EAAKl2H,KAAK4Q,MAAMkoH,MAAM/zF,GAAGqnF,OAAOpnF,IAE3BhlC,KAAK4Q,MAAM4/G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMryH,UAAUqF,IAAM,SAAaosB,GACjC,OAAIzyB,KAAKq1H,aACA5iG,EACLA,EAAE4iG,aACGr1H,KAELA,KAAK4Q,MAAM+3G,SACN3oH,KAAKo5H,QAAQ3mG,GAEbzyB,KAAKq5H,SAAS5mG,EACzB,EAEA4gG,GAAMryH,UAAUsM,IAAM,SAAa+O,GACjC,OAAIrc,KAAK0yH,YAAYr2G,GACZrc,KAAK4Q,MAAM6/G,aAAazwH,KAAMqc,GAE9Brc,KAAK4Q,MAAMugH,SAASnxH,KAAMqc,EACrC,EAEAg3G,GAAMryH,UAAU00H,OAAS,SAAgB/mG,EAAI8D,EAAG7D,GAC9C,OAAO5uB,KAAK4Q,MAAM2gH,YAAY,EAAG,CAAEvxH,KAAMyyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAykG,GAAMryH,UAAU20H,QAAU,SAAiBhnG,EAAI8D,EAAG7D,GAChD,OAAO5uB,KAAK4Q,MAAM2gH,YAAY,EAAG,CAAEvxH,KAAMyyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAykG,GAAMryH,UAAUo3H,UAAY,WAC1B,GAAIp4H,KAAKyzH,KACP,OAAOzzH,KAGT,IAAI07C,EAAK17C,KAAKuoC,EAAEqkF,UAOhB,OANA5sH,KAAKkN,EAAIlN,KAAKkN,EAAEk/G,OAAO1wE,GACvB17C,KAAKsO,EAAItO,KAAKsO,EAAE89G,OAAO1wE,GACnB17C,KAAKqe,IACPre,KAAKqe,EAAIre,KAAKqe,EAAE+tG,OAAO1wE,IACzB17C,KAAKuoC,EAAIvoC,KAAK4Q,MAAMb,IACpB/P,KAAKyzH,MAAO,EACLzzH,IACT,EAEAqzH,GAAMryH,UAAUsgH,IAAM,WACpB,OAAOthH,KAAK4Q,MAAM4/G,MAAMxwH,KAAKkN,EAAE2/G,SACP7sH,KAAKsO,EACLtO,KAAKuoC,EACLvoC,KAAKqe,GAAKre,KAAKqe,EAAEwuG,SAC3C,EAEAwG,GAAMryH,UAAUqxH,KAAO,WAErB,OADAryH,KAAKo4H,YACEp4H,KAAKkN,EAAEy+G,SAChB,EAEA0H,GAAMryH,UAAUsxH,KAAO,WAErB,OADAtyH,KAAKo4H,YACEp4H,KAAKsO,EAAEq9G,SAChB,EAEA0H,GAAMryH,UAAUuoD,GAAK,SAAY80B,GAC/B,OAAOr+E,OAASq+E,GACyB,IAAlCr+E,KAAKqyH,OAAO5T,IAAIpgC,EAAMg0C,SACY,IAAlCryH,KAAKsyH,OAAO7T,IAAIpgC,EAAMi0C,OAC/B,EAEAe,GAAMryH,UAAUi3H,OAAS,SAAgB/qH,GACvC,IAAIe,EAAKf,EAAEq+G,MAAMvrH,KAAK4Q,MAAMwtG,KAAKgO,OAAOpsH,KAAKuoC,GAC7C,GAAuB,IAAnBvoC,KAAKkN,EAAEuxG,IAAIxwG,GACb,OAAO,EAIT,IAFA,IAAIkqH,EAAKjrH,EAAEvL,QACP0c,EAAIre,KAAK4Q,MAAMw/G,KAAKhE,OAAOpsH,KAAKuoC,KAC3B,CAEP,GADA4vF,EAAGlrH,KAAKjN,KAAK4Q,MAAMpE,GACf2rH,EAAG1Z,IAAIz+G,KAAK4Q,MAAM6hB,IAAM,EAC1B,OAAO,EAGT,GADAxkB,EAAG89G,QAAQ1tG,GACY,IAAnBre,KAAKkN,EAAEuxG,IAAIxwG,GACb,OAAO,EAEb,EAGAolH,GAAMryH,UAAUkwH,IAAMmC,GAAMryH,UAAUo3H,UACtC/E,GAAMryH,UAAUgwH,SAAWqC,GAAMryH,UAAUqF,6BC7a3C,IAAIuK,EAAQytC,EAEZztC,EAAM6nD,KAAOj2D,GACboO,EAAM0oH,MAAQ31H,GACdiN,EAAM29G,KAAOnvG,GACbxO,EAAM2oH,QAAU/5G,MCDZytB,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACdE,GAAUd,GAAMc,QAChB2wF,GAAO1wF,GAAU0wF,KACjBjyF,GAAY4B,GAAO5B,UAEnBkyF,GAAS,CACX,WAAY,WACZ,WAAY,YAGd,SAASC,KACP,KAAM15H,gBAAgB05H,IACpB,OAAO,IAAIA,GAEbnyF,GAAUzmC,KAAKd,MACfA,KAAKuc,EAAI,CACP,WAAY,WAAY,WACxB,UAAY,YACdvc,KAAKspC,EAAQzpC,MAAM,GACrB,CAEAkoC,GAAM5B,SAASuzF,GAAMnyF,IACrB,OAAiBmyF,GAEjBA,GAAKrmG,UAAY,IACjBqmG,GAAKhyF,QAAU,IACfgyF,GAAK/xF,aAAe,GACpB+xF,GAAK5kG,UAAY,GAEjB4kG,GAAK14H,UAAUknC,QAAU,SAAiBxC,EAAK1hC,GAG7C,IAFA,IAAIslC,EAAItpC,KAAKspC,EAEJnmC,EAAI,EAAGA,EAAI,GAAIA,IACtBmmC,EAAEnmC,GAAKuiC,EAAI1hC,EAAQb,GAErB,KAAMA,EAAImmC,EAAEloC,OAAQ+B,IAClBmmC,EAAEnmC,GAAK8pC,GAAO3D,EAAEnmC,EAAI,GAAKmmC,EAAEnmC,EAAI,GAAKmmC,EAAEnmC,EAAI,IAAMmmC,EAAEnmC,EAAI,IAAK,GAE7D,IAAIsL,EAAIzO,KAAKuc,EAAE,GACXlO,EAAIrO,KAAKuc,EAAE,GACXC,EAAIxc,KAAKuc,EAAE,GACXuM,EAAI9oB,KAAKuc,EAAE,GACX9X,EAAIzE,KAAKuc,EAAE,GAEf,IAAKpZ,EAAI,EAAGA,EAAImmC,EAAEloC,OAAQ+B,IAAK,CAC7B,IAAI8a,KAAO9a,EAAI,IACXkb,EAAIwqB,GAAQoE,GAAOx+B,EAAG,GAAI+qH,GAAKv7G,EAAG5P,EAAGmO,EAAGsM,GAAIrkB,EAAG6kC,EAAEnmC,GAAIs2H,GAAOx7G,IAChExZ,EAAIqkB,EACJA,EAAItM,EACJA,EAAIywB,GAAO5+B,EAAG,IACdA,EAAII,EACJA,EAAI4P,EAGNre,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9N,GAC7BzO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIlO,GAC7BrO,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIC,GAC7Bxc,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAIuM,GAC7B9oB,KAAKuc,EAAE,GAAKosB,GAAM3oC,KAAKuc,EAAE,GAAI9X,EAC/B,EAEAi1H,GAAK14H,UAAUqnC,QAAU,SAAgBjC,GACvC,MAAY,QAARA,EACK2B,GAAM2B,QAAQ1pC,KAAKuc,EAAG,OAEtBwrB,GAAM4B,QAAQ3pC,KAAKuc,EAAG,MACjC,ECvEA,aAAe/Z,UACEmB,UACAyb,UACAI,UACAm6G,ICDjB,SAASC,GAAKxlH,EAAM4C,EAAKovB,GACvB,KAAMpmC,gBAAgB45H,IACpB,OAAO,IAAIA,GAAKxlH,EAAM4C,EAAKovB,GAC7BpmC,KAAK+jC,KAAO3vB,EACZpU,KAAKqzB,UAAYjf,EAAKif,UAAY,EAClCrzB,KAAK0nC,QAAUtzB,EAAKszB,QAAU,EAC9B1nC,KAAK65H,MAAQ,KACb75H,KAAK85H,MAAQ,KAEb95H,KAAKq+G,MAAMt2E,GAAMC,QAAQhxB,EAAKovB,GAChC,CACA,OAAiBwzF,GAEjBA,GAAK54H,UAAUq9G,MAAQ,SAAcrnG,GAE/BA,EAAI5V,OAASpB,KAAKqzB,YACpBrc,GAAM,IAAIhX,KAAK+jC,MAAO+D,OAAO9wB,GAAKmxB,UACpC3C,GAAOxuB,EAAI5V,QAAUpB,KAAKqzB,WAG1B,IAAK,IAAIlwB,EAAI6T,EAAI5V,OAAQ+B,EAAInD,KAAKqzB,UAAWlwB,IAC3C6T,EAAInV,KAAK,GAEX,IAAKsB,EAAI,EAAGA,EAAI6T,EAAI5V,OAAQ+B,IAC1B6T,EAAI7T,IAAM,GAIZ,IAHAnD,KAAK65H,OAAQ,IAAI75H,KAAK+jC,MAAO+D,OAAO9wB,GAG/B7T,EAAI,EAAGA,EAAI6T,EAAI5V,OAAQ+B,IAC1B6T,EAAI7T,IAAM,IACZnD,KAAK85H,OAAQ,IAAI95H,KAAK+jC,MAAO+D,OAAO9wB,EACtC,EAEA4iH,GAAK54H,UAAU8mC,OAAS,SAAgBpC,EAAKU,GAE3C,OADApmC,KAAK65H,MAAM/xF,OAAOpC,EAAKU,GAChBpmC,IACT,EAEA45H,GAAK54H,UAAUmnC,OAAS,SAAgB/B,GAEtC,OADApmC,KAAK85H,MAAMhyF,OAAO9nC,KAAK65H,MAAM1xF,UACtBnoC,KAAK85H,MAAM3xF,OAAO/B,EAC3B,2BC9CA,IAAIhyB,EAAOiqC,EAEXjqC,EAAK2zB,MAAQvlC,GACb4R,EAAK+0B,OAASxlC,GACdyQ,EAAK2lH,IAAM36G,GACXhL,EAAKG,OAASiL,GACdpL,EAAK4lH,KAAOL,GAGZvlH,EAAKE,KAAOF,EAAK2lH,IAAIzlH,KACrBF,EAAKI,OAASJ,EAAK2lH,IAAIvlH,OACvBJ,EAAKO,OAASP,EAAK2lH,IAAIplH,OACvBP,EAAKK,OAASL,EAAK2lH,IAAItlH,OACvBL,EAAKM,OAASN,EAAK2lH,IAAIrlH,OACvBN,EAAKw7B,UAAYx7B,EAAKG,OAAOq7B,gBCdZ,CACf8gF,QAAS,CACPE,KAAM,EACNK,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,kEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,sEAINrC,IAAK,CACHP,IAAK,EACL4C,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,iEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,4FCrwBR,IAsOIgE,EAtOArtE,EAASvJ,EAMT7Y,EAASuC,GAAMvC,OAEnB,SAASy0F,EAAYh1H,GACnB,GAAqB,UAAjBA,EAAQmV,KACVpa,KAAK4Q,MAAQ,IAAIA,GAAM0oH,MAAMr0H,QAC1B,GAAqB,YAAjBA,EAAQmV,KACfpa,KAAK4Q,MAAQ,IAAIA,GAAM2oH,QAAQt0H,OAC5B,IAAqB,SAAjBA,EAAQmV,KAEZ,MAAUhX,MAAM,uBADnBpD,KAAK4Q,MAAQ,IAAIA,GAAM29G,KAAKtpH,EACa,CAC3CjF,KAAKglC,EAAIhlC,KAAK4Q,MAAMo0B,EACpBhlC,KAAKwM,EAAIxM,KAAK4Q,MAAMpE,EACpBxM,KAAKoU,KAAOnP,EAAQmP,KAEpBoxB,EAAOxlC,KAAKglC,EAAE2gB,WAAY,iBAC1BngB,EAAOxlC,KAAKglC,EAAE13B,IAAItN,KAAKwM,GAAG6oH,aAAc,0BAC1C,CAGA,SAAS6E,EAAY5uH,EAAMrG,GACzBkG,OAAOM,eAAem8C,EAAQt8C,EAAM,CAClC26B,cAAc,EACdD,YAAY,EACZx6B,IAAK,WACH,IAAIoF,EAAQ,IAAIqpH,EAAYh1H,GAM5B,OALAkG,OAAOM,eAAem8C,EAAQt8C,EAAM,CAClC26B,cAAc,EACdD,YAAY,EACZ3kC,MAAOuP,IAEFA,IAGb,CAhBAg3C,EAAOqyE,YAAcA,EAkBrBC,EAAY,OAAQ,CAClB9/G,KAAM,QACNszG,MAAO,OACPj7F,EAAG,wDACHhkB,EAAG,wDACHJ,EAAG,wDACH7B,EAAG,wDACH4H,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,wDACA,2DAIJk1F,EAAY,OAAQ,CAClB9/G,KAAM,QACNszG,MAAO,OACPj7F,EAAG,iEACHhkB,EAAG,iEACHJ,EAAG,iEACH7B,EAAG,iEACH4H,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,iEACA,oEAIJk1F,EAAY,OAAQ,CAClB9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,0EACHhkB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,0EACA,6EAIJk1F,EAAY,OAAQ,CAClB9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,8GAEHhkB,EAAG,8GAEHJ,EAAG,8GAEH7B,EAAG,8GAEH4H,KAAMA,GAAKK,OACXq7G,MAAM,EACN9qF,EAAG,CACD,8GAEA,iHAKJk1F,EAAY,OAAQ,CAClB9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,2JAGHhkB,EAAG,2JAGHJ,EAAG,2JAGH7B,EAAG,2JAGH4H,KAAMA,GAAKM,OACXo7G,MAAM,EACN9qF,EAAG,CACD,2JAGA,8JAOJk1F,EAAY,aAAc,CACxB9/G,KAAM,OACNszG,MAAO,SACPj7F,EAAG,sEACHhkB,EAAG,QACHJ,EAAG,IACH7B,EAAG,sEACH2tH,SAAU,IACV/lH,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,OAIJk1F,EAAY,UAAW,CACrB9/G,KAAM,UACNszG,MAAO,SACPj7F,EAAG,sEACHhkB,EAAG,KACH+N,EAAG,IAEHsM,EAAG,sEACHtc,EAAG,sEACH2tH,SAAU,IACV/lH,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,mEAEA,sEAKJk1F,EAAY,kBAAmB,CAC7B9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,0EACHhkB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXs7G,MAAM,EACN9qF,EAAG,CACD,mEACA,sEAKJk1F,EAAY,kBAAmB,CAC7B9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,6GAEHhkB,EAAG,6GAEHJ,EAAG,6GAEH7B,EAAG,6GAEH4H,KAAMA,GAAKK,OACXq7G,MAAM,EACN9qF,EAAG,CACD,mGAEA,sGAMJk1F,EAAY,kBAAmB,CAC7B9/G,KAAM,QACNszG,MAAO,KACPj7F,EAAG,iJAEHhkB,EAAG,iJAEHJ,EAAG,iJAEH7B,EAAG,iJAEH4H,KAAMA,GAAKM,OACXo7G,MAAM,EACN9qF,EAAG,CACD,mIAEA,sIAOJ,IACEiwF,EAAMzyH,EACR,CAAE,MAAOiC,GACPwwH,OAAMh0H,CACR,CAEAi5H,EAAY,YAAa,CACvB9/G,KAAM,QACNszG,MAAO,OACPj7F,EAAG,0EACHhkB,EAAG,IACHJ,EAAG,IACH7B,EAAG,0EACH+P,EAAG,IACHnI,KAAMA,GAAKI,OAGXg+G,KAAM,mEACNqB,OAAQ,mEACRI,MAAO,CACL,CACExlH,EAAG,mCACHJ,EAAG,qCAEL,CACEI,EAAG,oCACHJ,EAAG,qCAIPyhH,MAAM,EACN9qF,EAAG,CACD,mEACA,mEACAiwF,QCrQJ,SAASmF,GAASn1H,GAChB,KAAMjF,gBAAgBo6H,IACpB,OAAO,IAAIA,GAASn1H,GACtBjF,KAAKoU,KAAOnP,EAAQmP,KACpBpU,KAAKq6H,aAAep1H,EAAQo1H,WAE5Br6H,KAAK6tD,OAAS7tD,KAAKoU,KAAKszB,QACxB1nC,KAAKs6H,WAAar1H,EAAQq1H,YAAct6H,KAAKoU,KAAKuzB,aAElD3nC,KAAKu6H,QAAU,KACfv6H,KAAKw6H,eAAiB,KACtBx6H,KAAKotC,EAAI,KACTptC,KAAK0sD,EAAI,KAET,IAAI5D,EAAU/gB,GAAMC,QAAQ/iC,EAAQ6jD,QAAS7jD,EAAQw1H,YAAc,OAC/D3oF,EAAQ/J,GAAMC,QAAQ/iC,EAAQ6sC,MAAO7sC,EAAQy1H,UAAY,OACzDC,EAAO5yF,GAAMC,QAAQ/iC,EAAQ01H,KAAM11H,EAAQ21H,SAAW,OAC1Dp1F,GAAOsjB,EAAQ1nD,QAAWpB,KAAKs6H,WAAa,EACrC,mCAAqCt6H,KAAKs6H,WAAa,SAC9Dt6H,KAAKq+G,MAAMv1D,EAAShX,EAAO6oF,EAC7B,CACA,OAAiBP,GAEjBA,GAASp5H,UAAUq9G,MAAQ,SAAcv1D,EAAShX,EAAO6oF,GACvD,IAAI98E,EAAOiL,EAAQliD,OAAOkrC,GAAOlrC,OAAO+zH,GAExC36H,KAAKotC,EAAQvtC,MAAMG,KAAK6tD,OAAS,GACjC7tD,KAAK0sD,EAAQ7sD,MAAMG,KAAK6tD,OAAS,GACjC,IAAK,IAAI1qD,EAAI,EAAGA,EAAInD,KAAK0sD,EAAEtrD,OAAQ+B,IACjCnD,KAAKotC,EAAEjqC,GAAK,EACZnD,KAAK0sD,EAAEvpD,GAAK,EAGdnD,KAAKkoC,QAAQ2V,GACb79C,KAAKu6H,QAAU,EACfv6H,KAAKw6H,eAAiB,eACxB,EAEAJ,GAASp5H,UAAU65H,MAAQ,WACzB,OAAO,IAAIzmH,GAAK4lH,KAAKh6H,KAAKoU,KAAMpU,KAAKotC,EACvC,EAEAgtF,GAASp5H,UAAUknC,QAAU,SAAgB2V,GAC3C,IAAIi9E,EAAO96H,KAAK66H,QACA/yF,OAAO9nC,KAAK0sD,GACZ5kB,OAAO,CAAE,IACrB+V,IACFi9E,EAAOA,EAAKhzF,OAAO+V,IACrB79C,KAAKotC,EAAI0tF,EAAK3yF,SACdnoC,KAAK0sD,EAAI1sD,KAAK66H,QAAQ/yF,OAAO9nC,KAAK0sD,GAAGvkB,SAChC0V,IAGL79C,KAAKotC,EAAIptC,KAAK66H,QACA/yF,OAAO9nC,KAAK0sD,GACZ5kB,OAAO,CAAE,IACTA,OAAO+V,GACP1V,SACdnoC,KAAK0sD,EAAI1sD,KAAK66H,QAAQ/yF,OAAO9nC,KAAK0sD,GAAGvkB,SACvC,EAEAiyF,GAASp5H,UAAU+5H,OAAS,SAAgBjyE,EAAS2xE,EAAYp0H,EAAK20H,GAE1C,iBAAfP,IACTO,EAAS30H,EACTA,EAAMo0H,EACNA,EAAa,MAGf3xE,EAAU/gB,GAAMC,QAAQ8gB,EAAS2xE,GACjCp0H,EAAM0hC,GAAMC,QAAQ3hC,EAAK20H,GAEzBx1F,GAAOsjB,EAAQ1nD,QAAWpB,KAAKs6H,WAAa,EACrC,mCAAqCt6H,KAAKs6H,WAAa,SAE9Dt6H,KAAKkoC,QAAQ4gB,EAAQliD,OAAOP,GAAO,KACnCrG,KAAKu6H,QAAU,CACjB,EAEAH,GAASp5H,UAAUwvD,SAAW,SAAkBrgD,EAAKi2B,EAAK//B,EAAK20H,GAC7D,GAAIh7H,KAAKu6H,QAAUv6H,KAAKw6H,eACtB,MAAUp3H,MAAM,sBAGC,iBAARgjC,IACT40F,EAAS30H,EACTA,EAAM+/B,EACNA,EAAM,MAIJ//B,IACFA,EAAM0hC,GAAMC,QAAQ3hC,EAAK20H,GAAU,OACnCh7H,KAAKkoC,QAAQ7hC,IAIf,IADA,IAAI4tB,EAAO,GACJA,EAAK7yB,OAAS+O,GACnBnQ,KAAK0sD,EAAI1sD,KAAK66H,QAAQ/yF,OAAO9nC,KAAK0sD,GAAGvkB,SACrClU,EAAOA,EAAKrtB,OAAO5G,KAAK0sD,GAG1B,IAAIn9C,EAAM0kB,EAAKvyB,MAAM,EAAGyO,GAGxB,OAFAnQ,KAAKkoC,QAAQ7hC,GACbrG,KAAKu6H,UACExyF,GAAMzqB,OAAO/N,EAAK62B,EAC3B,EC5GA,IAAIZ,GAASuC,GAAMvC,OAEnB,SAASy1F,GAAQn1E,EAAI7gD,GACnBjF,KAAK8lD,GAAKA,EACV9lD,KAAKwlD,KAAO,KACZxlD,KAAK0lD,IAAM,KAGPzgD,EAAQugD,MACVxlD,KAAKk7H,eAAej2H,EAAQugD,KAAMvgD,EAAQk2H,SACxCl2H,EAAQygD,KACV1lD,KAAKo7H,cAAcn2H,EAAQygD,IAAKzgD,EAAQo2H,OAC5C,CACA,OAAiBJ,GAEjBA,GAAQK,WAAa,SAAoBx1E,EAAIJ,EAAKtf,GAChD,OAAIsf,aAAeu1E,GACVv1E,EAEF,IAAIu1E,GAAQn1E,EAAI,CACrBJ,IAAKA,EACL21E,OAAQj1F,GAEZ,EAEA60F,GAAQM,YAAc,SAAqBz1E,EAAIN,EAAMpf,GACnD,OAAIof,aAAgBy1E,GACXz1E,EAEF,IAAIy1E,GAAQn1E,EAAI,CACrBN,KAAMA,EACN21E,QAAS/0F,GAEb,EAGA60F,GAAQj6H,UAAU2kD,SAAW,WAC3B,IAAID,EAAM1lD,KAAK+oD,YAEf,OAAIrD,EAAI2vE,aACC,CAAE5zH,QAAQ,EAAOS,OAAQ,sBAC7BwjD,EAAIC,WAEJD,EAAIp4C,IAAItN,KAAK8lD,GAAGl1C,MAAMpE,GAAG6oH,aAGvB,CAAE5zH,QAAQ,EAAMS,OAAQ,MAFtB,CAAET,QAAQ,EAAOS,OAAQ,uBAFzB,CAAET,QAAQ,EAAOS,OAAQ,4BAKpC,EAEA+4H,GAAQj6H,UAAU+nD,UAAY,SAAmB3iB,EAAKgsF,GAIpD,OAHKpyH,KAAK0lD,MACR1lD,KAAK0lD,IAAM1lD,KAAK8lD,GAAG9gB,EAAE13B,IAAItN,KAAKwlD,OAE3Bpf,EAGEpmC,KAAK0lD,IAAIpoC,OAAO8oB,EAAKgsF,GAFnBpyH,KAAK0lD,GAGhB,EAEAu1E,GAAQj6H,UAAUgoD,WAAa,SAAoB5iB,GACjD,MAAY,QAARA,EACKpmC,KAAKwlD,KAAK74C,SAAS,GAAI,GAEvB3M,KAAKwlD,IAChB,EAEAy1E,GAAQj6H,UAAUk6H,eAAiB,SAAwBlkH,EAAKovB,GAK9D,GAJApmC,KAAKwlD,KAAO,IAAI9D,GAAG1qC,EAAKovB,GAAO,IAIJ,SAAvBpmC,KAAK8lD,GAAGl1C,MAAMwJ,KAAiB,CACjC,IAAIrK,EAAM/P,KAAK8lD,GAAGl1C,MAAMb,IACpBkiC,EAAOliC,EAAIg5G,MAAM,KAAS37G,IAAI2C,GAAKg5G,MAAM,GAC7C/oH,KAAKwlD,KAAOxlD,KAAKwlD,KAAK67B,GAAGtxE,EAAIg5G,MAAM,MACnC/oH,KAAKwlD,KAAOxlD,KAAKwlD,KAAK47B,IAAInvC,QAI1BjyC,KAAKwlD,KAAOxlD,KAAKwlD,KAAKwkE,KAAKhqH,KAAK8lD,GAAGl1C,MAAMpE,EAC7C,EAEAyuH,GAAQj6H,UAAUo6H,cAAgB,SAAuBpkH,EAAKovB,GAC5D,GAAIpvB,EAAI9J,GAAK8J,EAAI1I,EAWf,MAP2B,SAAvBtO,KAAK8lD,GAAGl1C,MAAMwJ,KAChBorB,GAAOxuB,EAAI9J,EAAG,qBACkB,UAAvBlN,KAAK8lD,GAAGl1C,MAAMwJ,MACS,YAAvBpa,KAAK8lD,GAAGl1C,MAAMwJ,MACvBorB,GAAOxuB,EAAI9J,GAAK8J,EAAI1I,EAAG,qCAEzBtO,KAAK0lD,IAAM1lD,KAAK8lD,GAAGl1C,MAAM4/G,MAAMx5G,EAAI9J,EAAG8J,EAAI1I,IAG5CtO,KAAK0lD,IAAM1lD,KAAK8lD,GAAGl1C,MAAMohH,YAAYh7G,EAAKovB,EAC5C,EAGA60F,GAAQj6H,UAAU2rD,OAAS,SAAgBjH,GACzC,OAAOA,EAAIp4C,IAAItN,KAAKwlD,MAAM6sE,MAC5B,EAGA4I,GAAQj6H,UAAUm8C,KAAO,SAAczX,EAAKU,EAAKnhC,GAC/C,OAAOjF,KAAK8lD,GAAG3I,KAAKzX,EAAK1lC,KAAMomC,EAAKnhC,EACtC,EAEAg2H,GAAQj6H,UAAU08C,OAAS,SAAgBhY,EAAKvwB,GAC9C,OAAOnV,KAAK8lD,GAAGpI,OAAOhY,EAAKvwB,EAAWnV,KACxC,EAEAi7H,GAAQj6H,UAAUq+G,QAAU,WAC1B,MAAO,eAAiBr/G,KAAKwlD,MAAQxlD,KAAKwlD,KAAK74C,SAAS,GAAI,IACrD,UAAY3M,KAAK0lD,KAAO1lD,KAAK0lD,IAAI25D,WAAa,IACvD,ECnHA,IAAI75E,GAASuC,GAAMvC,OAEnB,SAASsiD,GAAU7iF,EAASmhC,GAC1B,GAAInhC,aAAmB6iF,GACrB,OAAO7iF,EAELjF,KAAKw7H,WAAWv2H,EAASmhC,KAG7BZ,GAAOvgC,EAAQ8I,GAAK9I,EAAQgZ,EAAG,4BAC/Bje,KAAK+N,EAAI,IAAI2zC,GAAGz8C,EAAQ8I,EAAG,IAC3B/N,KAAKie,EAAI,IAAIyjC,GAAGz8C,EAAQgZ,EAAG,SACGhd,IAA1BgE,EAAQw2H,cACVz7H,KAAKy7H,cAAgB,KAErBz7H,KAAKy7H,cAAgBx2H,EAAQw2H,cACjC,CACA,OAAiB3zC,GAEjB,SAAS4zC,KACP17H,KAAK27H,MAAQ,CACf,CAEA,SAASC,GAAUr6G,EAAKkR,GACtB,IAAIopG,EAAUt6G,EAAIkR,EAAEkpG,SACpB,KAAgB,IAAVE,GACJ,OAAOA,EAIT,IAFA,IAAIC,EAAqB,GAAVD,EACXp2F,EAAM,EACDtiC,EAAI,EAAG64B,EAAMvJ,EAAEkpG,MAAOx4H,EAAI24H,EAAU34H,IAAK64B,IAChDyJ,IAAQ,EACRA,GAAOlkB,EAAIya,GAGb,OADAvJ,EAAEkpG,MAAQ3/F,EACHyJ,CACT,CAEA,SAASs2F,GAAUx6G,GAGjB,IAFA,IAAIpe,EAAI,EACJgN,EAAMoR,EAAIngB,OAAS,GACfmgB,EAAIpe,MAAqB,IAAboe,EAAIpe,EAAI,KAAcA,EAAIgN,GAC5ChN,IAEF,OAAU,IAANA,EACKoe,EAEFA,EAAI7f,MAAMyB,EACnB,CAwCA,SAAS64H,GAAgBl/E,EAAK3sC,GAC5B,GAAIA,EAAM,IACR2sC,EAAIj7C,KAAKsO,OADX,CAIA,IAAI8rH,EAAS,GAAKnwH,KAAKqS,IAAIhO,GAAOrE,KAAKisE,MAAQ,GAE/C,IADAj7B,EAAIj7C,KAAc,IAATo6H,KACAA,GACPn/E,EAAIj7C,KAAMsO,KAAS8rH,GAAU,GAAM,KAErCn/E,EAAIj7C,KAAKsO,GACX,CAjDA23E,GAAU9mF,UAAUw6H,WAAa,SAAoBtxH,EAAMk8B,GACzDl8B,EAAO69B,GAAMC,QAAQ99B,EAAMk8B,GAC3B,IAAI3T,EAAI,IAAIipG,GACZ,GAAwB,KAApBxxH,EAAKuoB,EAAEkpG,SACT,OAAO,EAGT,GADUC,GAAU1xH,EAAMuoB,GACfA,EAAEkpG,QAAWzxH,EAAK9I,OAC3B,OAAO,EAET,GAAwB,IAApB8I,EAAKuoB,EAAEkpG,SACT,OAAO,EAET,IAAIppG,EAAOqpG,GAAU1xH,EAAMuoB,GACvB1kB,EAAI7D,EAAKxI,MAAM+wB,EAAEkpG,MAAOppG,EAAOE,EAAEkpG,OAErC,GADAlpG,EAAEkpG,OAASppG,EACa,IAApBroB,EAAKuoB,EAAEkpG,SACT,OAAO,EAET,IAAIO,EAAON,GAAU1xH,EAAMuoB,GAC3B,GAAIvoB,EAAK9I,SAAW86H,EAAOzpG,EAAEkpG,MAC3B,OAAO,EAET,IAAI19G,EAAI/T,EAAKxI,MAAM+wB,EAAEkpG,MAAOO,EAAOzpG,EAAEkpG,OAYrC,OAXa,IAAT5tH,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAErM,MAAM,IAED,IAATuc,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEvc,MAAM,IAGd1B,KAAK+N,EAAI,IAAI2zC,GAAG3zC,GAChB/N,KAAKie,EAAI,IAAIyjC,GAAGzjC,GAChBje,KAAKy7H,cAAgB,MAEd,CACT,EAeA3zC,GAAU9mF,UAAUm7H,MAAQ,SAAe/1F,GACzC,IAAIr4B,EAAI/N,KAAK+N,EAAEi6B,UACX/pB,EAAIje,KAAKie,EAAE+pB,UAYf,IATW,IAAPj6B,EAAE,KACJA,EAAI,CAAE,GAAInH,OAAOmH,IAER,IAAPkQ,EAAE,KACJA,EAAI,CAAE,GAAIrX,OAAOqX,IAEnBlQ,EAAIguH,GAAUhuH,GACdkQ,EAAI89G,GAAU99G,KAENA,EAAE,IAAe,IAAPA,EAAE,KAClBA,EAAIA,EAAEvc,MAAM,GAEd,IAAIo7C,EAAM,CAAE,GACZk/E,GAAgBl/E,EAAK/uC,EAAE3M,SACvB07C,EAAMA,EAAIl2C,OAAOmH,IACblM,KAAK,GACTm6H,GAAgBl/E,EAAK7+B,EAAE7c,QACvB,IAAIg7H,EAAWt/E,EAAIl2C,OAAOqX,GACtB1O,EAAM,CAAE,IAGZ,OAFAysH,GAAgBzsH,EAAK6sH,EAASh7H,QAC9BmO,EAAMA,EAAI3I,OAAOw1H,GACVr0F,GAAMzqB,OAAO/N,EAAK62B,EAC3B,EC9HA,IAAIZ,GAASuC,GAAMvC,OAKnB,SAAS62F,GAAGp3H,GACV,KAAMjF,gBAAgBq8H,IACpB,OAAO,IAAIA,GAAGp3H,GAGO,iBAAZA,IACTugC,GAAOoiB,GAAOp1B,eAAevtB,GAAU,iBAAmBA,GAE1DA,EAAU2iD,GAAO3iD,IAIfA,aAAmB2iD,GAAOqyE,cAC5Bh1H,EAAU,CAAE2L,MAAO3L,IAErBjF,KAAK4Q,MAAQ3L,EAAQ2L,MAAMA,MAC3B5Q,KAAKwM,EAAIxM,KAAK4Q,MAAMpE,EACpBxM,KAAKs8H,GAAKt8H,KAAKwM,EAAEy8G,MAAM,GACvBjpH,KAAKglC,EAAIhlC,KAAK4Q,MAAMo0B,EAGpBhlC,KAAKglC,EAAI//B,EAAQ2L,MAAMo0B,EACvBhlC,KAAKglC,EAAEutF,WAAWttH,EAAQ2L,MAAMpE,EAAEqD,YAAc,GAGhD7P,KAAKoU,KAAOnP,EAAQmP,MAAQnP,EAAQ2L,MAAMwD,IAC5C,CACA,OAAiBioH,GAEjBA,GAAGr7H,UAAUi8C,QAAU,SAAiBh4C,GACtC,OAAO,IAAIg2H,GAAQj7H,KAAMiF,EAC3B,EAEAo3H,GAAGr7H,UAAUskD,eAAiB,SAAwBE,EAAMpf,GAC1D,OAAO60F,GAAQM,YAAYv7H,KAAMwlD,EAAMpf,EACzC,EAEAi2F,GAAGr7H,UAAUykD,cAAgB,SAAuBC,EAAKtf,GACvD,OAAO60F,GAAQK,WAAWt7H,KAAM0lD,EAAKtf,EACvC,EAEAi2F,GAAGr7H,UAAU6nD,WAAa,SAAoB5jD,GACvCA,IACHA,EAAU,IAGZ,IAAIs3H,EAAO,IAAInC,GAAS,CACtBhmH,KAAMpU,KAAKoU,KACXumH,KAAM11H,EAAQ01H,KACdC,QAAS31H,EAAQ21H,SAAW,OAC5B9xE,QAAS7jD,EAAQ6jD,SAAW7J,GAAKj/C,KAAKoU,KAAKuzB,cAC3C8yF,WAAYx1H,EAAQ6jD,SAAW7jD,EAAQw1H,YAAc,OACrD3oF,MAAO9xC,KAAKwM,EAAEw7B,YAIhB,GAAwB,SAApBhoC,KAAK4Q,MAAMwJ,KAAiB,CAC9B,IAAIorC,EAAO,IAAI9D,GAAG66E,EAAK/rE,SAAS,KAChC,OAAOxwD,KAAKslD,eAAeE,GAK7B,IAFA,IAAIl+C,EAAQtH,KAAKwM,EAAEjI,aACfi4H,EAAMx8H,KAAKwM,EAAEY,IAAI,IAAIs0C,GAAG,MACzB,CAED,MADI8D,EAAO,IAAI9D,GAAG66E,EAAK/rE,SAASlpD,KACvBm3G,IAAI+d,GAAO,GAIpB,OADAh3E,EAAKw7D,MAAM,GACJhhH,KAAKslD,eAAeE,GAE/B,EAEA62E,GAAGr7H,UAAUy7H,aAAe,SAAqB/2F,EAAKg3F,EAAW5gH,GAE/D,IAAI8uG,GADJ9uG,EAAUA,GAA8B,EAAnB4pB,EAAInhC,cACHvE,KAAKwM,EAAEqD,YAG7B,OAFI+6G,EAAQ,IACVllF,EAAMA,EAAIujF,MAAM2B,KACb8R,GAAah3F,EAAI+4E,IAAIz+G,KAAKwM,IAAM,EAC5Bk5B,EAAIt4B,IAAIpN,KAAKwM,GAEbk5B,CACX,EAEA22F,GAAGr7H,UAAU27H,YAAe,SAAqBj3F,GAE/C,IAAI5pB,EAUJ,OATI4pB,aAAe3iC,YACjB+Y,EAA2B,EAAjB4pB,EAAInhC,WACdmhC,EAAM1lC,KAAKy8H,aAAa,IAAI/6E,GAAGhc,EAAK,KAAK,EAAO5pB,IACxB,iBAAR4pB,GAChB5pB,EAAuB,EAAb4pB,EAAItkC,OACdskC,EAAM1lC,KAAKy8H,aAAa,IAAI/6E,GAAGhc,EAAK,KAAK,EAAO5pB,IAEhD4pB,EAAM1lC,KAAKy8H,aAAa,IAAI/6E,GAAGhc,EAAK,KAE/BA,CACT,EAEA22F,GAAGr7H,UAAUm8C,KAAO,SAAczX,EAAK1uB,EAAKovB,EAAKnhC,GAC5B,iBAARmhC,IACTnhC,EAAUmhC,EACVA,EAAM,MAEHnhC,IACHA,EAAU,IAEZ+R,EAAMhX,KAAKslD,eAAetuC,EAAKovB,GAC/BV,EAAM1lC,KAAK28H,YAAYj3F,GAqBvB,IAlBA,IAAIp+B,EAAQtH,KAAKwM,EAAEjI,aACfq4H,EAAO5lH,EAAIgyC,aAAahhB,QAAQ,KAAM1gC,GAGtCwqC,EAAQpM,EAAIsC,QAAQ,KAAM1gC,GAG1Bi1H,EAAO,IAAInC,GAAS,CACtBhmH,KAAMpU,KAAKoU,KACX00C,QAAS8zE,EACT9qF,MAAOA,EACP6oF,KAAM11H,EAAQ01H,KACdC,QAAS31H,EAAQ21H,SAAW,SAI1BiC,EAAM78H,KAAKwM,EAAEY,IAAI,IAAIs0C,GAAG,IAEnBo7E,EAAO,GAASA,IAAQ,CAC/B,IAAIzgH,EAAIpX,EAAQoX,EACZpX,EAAQoX,EAAEygH,GACV,IAAIp7E,GAAG66E,EAAK/rE,SAASxwD,KAAKwM,EAAEjI,eAEhC,MADA8X,EAAIrc,KAAKy8H,aAAapgH,GAAG,IACnBwuG,KAAK,IAAM,GAAKxuG,EAAEoiG,IAAIoe,IAAQ,GAApC,CAGA,IAAIE,EAAK/8H,KAAKglC,EAAE13B,IAAI+O,GACpB,IAAI0gH,EAAG1H,aAAP,CAGA,IAAI2H,EAAMD,EAAG1K,OACTtkH,EAAIivH,EAAIhT,KAAKhqH,KAAKwM,GACtB,GAAkB,IAAduB,EAAE88G,KAAK,GAAX,CAGA,IAAI5sG,EAAI5B,EAAEyuG,KAAK9qH,KAAKwM,GAAGc,IAAIS,EAAET,IAAI0J,EAAIgyC,cAAc/7C,KAAKy4B,IAExD,GAAkB,KADlBznB,EAAIA,EAAE+rG,KAAKhqH,KAAKwM,IACVq+G,KAAK,GAAX,CAGA,IAAI4Q,GAAiBsB,EAAGzK,OAAO7H,QAAU,EAAI,IACT,IAAfuS,EAAIve,IAAI1wG,GAAW,EAAI,GAQ5C,OALI9I,EAAQg4H,WAAah/G,EAAEwgG,IAAIz+G,KAAKs8H,IAAM,IACxCr+G,EAAIje,KAAKwM,EAAEY,IAAI6Q,GACfw9G,GAAiB,GAGZ,IAAI3zC,GAAU,CAAE/5E,EAAGA,EAAGkQ,EAAGA,EAAGw9G,cAAeA,QAEtD,EAEAY,GAAGr7H,UAAU08C,OAAS,SAAgBhY,EAAKvwB,EAAW6B,EAAKovB,GAMzD,OALApvB,EAAMhX,KAAKylD,cAAczuC,EAAKovB,GAC9BjxB,EAAY,IAAI2yE,GAAU3yE,EAAW,OAE3BnV,KAAKk9H,QAAQl9H,KAAK28H,YAAYj3F,GAAMvwB,EAAW6B,IACzDhX,KAAKk9H,QAAQl9H,KAAKy8H,aAAa,IAAI/6E,GAAGhc,EAAK,KAAMvwB,EAAW6B,EAE9D,EAEAqlH,GAAGr7H,UAAUk8H,QAAU,SAAiBx3F,EAAKvwB,EAAW6B,GAEtD,IAAIjJ,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAClB,GAAIlQ,EAAE88G,KAAK,GAAK,GAAK98G,EAAE0wG,IAAIz+G,KAAKwM,IAAM,EACpC,OAAO,EACT,GAAIyR,EAAE4sG,KAAK,GAAK,GAAK5sG,EAAEwgG,IAAIz+G,KAAKwM,IAAM,EACpC,OAAO,EAGT,IAeIimB,EAfA0qG,EAAOl/G,EAAE6sG,KAAK9qH,KAAKwM,GACnBwiD,EAAKmuE,EAAK7vH,IAAIo4B,GAAKskF,KAAKhqH,KAAKwM,GAC7ByiD,EAAKkuE,EAAK7vH,IAAIS,GAAGi8G,KAAKhqH,KAAKwM,GAE/B,OAAKxM,KAAK4Q,MAAMy/G,gBAWZ59F,EAAIzyB,KAAKglC,EAAE2wF,QAAQ3mE,EAAIh4C,EAAI+xC,YAAakG,IACtComE,cAMC5iG,EAAEwlG,OAAOlqH,KAjBV0kB,EAAIzyB,KAAKglC,EAAE0wF,OAAO1mE,EAAIh4C,EAAI+xC,YAAakG,IACrComE,cAGkC,IAAjC5iG,EAAE4/F,OAAOrI,KAAKhqH,KAAKwM,GAAGiyG,IAAI1wG,EAcrC,EAEAsuH,GAAGr7H,UAAUo8H,cAAgB,SAAS13F,EAAKvwB,EAAW4H,EAAGqpB,GACvDZ,IAAQ,EAAIzoB,KAAOA,EAAG,4CACtB5H,EAAY,IAAI2yE,GAAU3yE,EAAWixB,GAErC,IAAI55B,EAAIxM,KAAKwM,EACT/H,EAAI,IAAIi9C,GAAGhc,GACX33B,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAGdo/G,EAAa,EAAJtgH,EACTugH,EAAcvgH,GAAK,EACvB,GAAIhP,EAAE0wG,IAAIz+G,KAAK4Q,MAAM6hB,EAAEu3F,KAAKhqH,KAAK4Q,MAAMpE,KAAO,GAAK8wH,EACjD,MAAUl6H,MAAM,wCAIhB2K,EADEuvH,EACEt9H,KAAK4Q,MAAMqhH,WAAWlkH,EAAE1H,IAAIrG,KAAK4Q,MAAMpE,GAAI6wH,GAE3Cr9H,KAAK4Q,MAAMqhH,WAAWlkH,EAAGsvH,GAE/B,IAAIE,EAAOpoH,EAAUpH,EAAE+8G,KAAKt+G,GACxBggB,EAAKhgB,EAAEY,IAAI3I,GAAG6I,IAAIiwH,GAAMvT,KAAKx9G,GAC7BigB,EAAKxO,EAAE3Q,IAAIiwH,GAAMvT,KAAKx9G,GAI1B,OAAOxM,KAAKglC,EAAE0wF,OAAOlpG,EAAIze,EAAG0e,EAC9B,EAEA4vG,GAAGr7H,UAAUw8H,oBAAsB,SAAS/4H,EAAG0Q,EAAW+zC,EAAG9iB,GAE3D,GAAgC,QADhCjxB,EAAY,IAAI2yE,GAAU3yE,EAAWixB,IACvBq1F,cACZ,OAAOtmH,EAAUsmH,cAEnB,IAAK,IAAIt4H,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAC1B,IAAIs6H,EACJ,IACEA,EAASz9H,KAAKo9H,cAAc34H,EAAG0Q,EAAWhS,GAC1C,MAAOsB,GACP,SAGF,GAAIg5H,EAAOl0E,GAAGL,GACZ,OAAO/lD,EAEX,MAAUC,MAAM,uCAClB,ECxQA,IAAIoiC,GAASuC,GAAMvC,OACf8pF,GAAavnF,GAAMunF,WACnBF,GAAiBrnF,GAAMqnF,eAW3B,SAAS6L,GAAQloH,EAAOq0C,GAItB,GAHApnD,KAAK+S,MAAQA,EACTq0C,EAAO50B,eAAe,YACxBxyB,KAAK09H,QAAUpO,GAAWloE,EAAOyF,SAC/B95C,EAAM4qH,QAAQv2E,EAAO1B,KACvB1lD,KAAK49H,KAAOx2E,EAAO1B,SAMnB,GAJA1lD,KAAK69H,UAAYvO,GAAWloE,EAAO1B,KAC/B1lD,KAAK69H,WAAuC,KAA1B79H,KAAK69H,UAAUz8H,QACX,KAAtBpB,KAAK69H,UAAU,KACjB79H,KAAK69H,UAAY79H,KAAK69H,UAAUn8H,MAAM,EAAG,KACvC1B,KAAK69H,WAAuC,KAA1B79H,KAAK69H,UAAUz8H,OACnC,MAAUgC,MAAM,mCAEtB,CAEA63H,GAAQK,WAAa,SAAoBvoH,EAAO2yC,GAC9C,OAAIA,aAAeu1E,GACVv1E,EACF,IAAIu1E,GAAQloH,EAAO,CAAE2yC,IAAKA,GACnC,EAEAu1E,GAAQ6C,WAAa,SAAoB/qH,EAAO85C,GAC9C,OAAIA,aAAkBouE,GACbpuE,EACF,IAAIouE,GAAQloH,EAAO,CAAE85C,OAAQA,GACtC,EAEAouE,GAAQj6H,UAAU6rD,OAAS,WACzB,OAAO7sD,KAAK09H,OACd,EAEAtO,GAAe6L,GAAS,YAAY,WAClC,OAAOj7H,KAAK+S,MAAMgrH,YAAY/9H,KAAK0lD,MACrC,IAEA0pE,GAAe6L,GAAS,OAAO,WAC7B,OAAIj7H,KAAK69H,UACA79H,KAAK+S,MAAMi/G,YAAYhyH,KAAK69H,WAC9B79H,KAAK+S,MAAMiyB,EAAE13B,IAAItN,KAAKwlD,OAC/B,IAEA4pE,GAAe6L,GAAS,aAAa,WACnC,IAAIloH,EAAQ/S,KAAK+S,MACbqB,EAAOpU,KAAKoU,OACZ4pH,EAASjrH,EAAMkrH,eAAiB,EAGhCxvH,EAAI2F,EAAK1S,MAAM,EAAGqR,EAAMkrH,gBAK5B,OAJAxvH,EAAE,IAAM,IACRA,EAAEuvH,IAAW,IACbvvH,EAAEuvH,IAAW,GAENvvH,CACT,IAEA2gH,GAAe6L,GAAS,QAAQ,WAC9B,OAAOj7H,KAAK+S,MAAMmrH,UAAUl+H,KAAKm+H,YACnC,IAEA/O,GAAe6L,GAAS,QAAQ,WAC9B,OAAOj7H,KAAK+S,MAAMqB,OAAO0zB,OAAO9nC,KAAK6sD,UAAU1kB,QACjD,IAEAinF,GAAe6L,GAAS,iBAAiB,WACvC,OAAOj7H,KAAKoU,OAAO1S,MAAM1B,KAAK+S,MAAMkrH,eACtC,IAEAhD,GAAQj6H,UAAUm8C,KAAO,SAAcxjC,GAErC,OADA6rB,GAAOxlC,KAAK09H,QAAS,2BACd19H,KAAK+S,MAAMoqC,KAAKxjC,EAAS3Z,KAClC,EAEAi7H,GAAQj6H,UAAU08C,OAAS,SAAgB/jC,EAAS8jC,GAClD,OAAOz9C,KAAK+S,MAAM2qC,OAAO/jC,EAAS8jC,EAAKz9C,KACzC,EAEAi7H,GAAQj6H,UAAUo9H,UAAY,SAAmBh4F,GAE/C,OADAZ,GAAOxlC,KAAK09H,QAAS,0BACd31F,GAAMzqB,OAAOtd,KAAK6sD,SAAUzmB,EACrC,EAEA60F,GAAQj6H,UAAU+nD,UAAY,SAAmB3iB,EAAKgsF,GACpD,OAAOrqF,GAAMzqB,QAAQ80G,EAAU,CAAE,IAAS,IAAIxrH,OAAO5G,KAAKq+H,YAAaj4F,EACzE,EAEA,OAAiB60F,GClGbz1F,GAASuC,GAAMvC,OACf4pF,GAAiBrnF,GAAMqnF,eACvBE,GAAavnF,GAAMunF,WAUvB,SAASxnC,GAAU/0E,EAAO0qC,GACxBz9C,KAAK+S,MAAQA,EAEM,iBAAR0qC,IACTA,EAAM6xE,GAAW7xE,IAEf59C,MAAMW,QAAQi9C,KAChBA,EAAM,CACJhzB,EAAGgzB,EAAI/7C,MAAM,EAAGqR,EAAMkrH,gBACtBnqF,EAAG2J,EAAI/7C,MAAMqR,EAAMkrH,kBAIvBz4F,GAAOiY,EAAIhzB,GAAKgzB,EAAI3J,EAAG,4BAEnB/gC,EAAM4qH,QAAQlgF,EAAIhzB,KACpBzqB,KAAKs+H,GAAK7gF,EAAIhzB,GACZgzB,EAAI3J,aAAa4N,KACnB1hD,KAAKu+H,GAAK9gF,EAAI3J,GAEhB9zC,KAAKw+H,UAAY3+H,MAAMW,QAAQi9C,EAAIhzB,GAAKgzB,EAAIhzB,EAAIgzB,EAAIghF,SACpDz+H,KAAK0+H,UAAY7+H,MAAMW,QAAQi9C,EAAI3J,GAAK2J,EAAI3J,EAAI2J,EAAIkhF,QACtD,CAEAvP,GAAetnC,GAAW,KAAK,WAC7B,OAAO9nF,KAAK+S,MAAMmrH,UAAUl+H,KAAK2+H,WACnC,IAEAvP,GAAetnC,GAAW,KAAK,WAC7B,OAAO9nF,KAAK+S,MAAMi/G,YAAYhyH,KAAKy+H,WACrC,IAEArP,GAAetnC,GAAW,YAAY,WACpC,OAAO9nF,KAAK+S,MAAMgrH,YAAY/9H,KAAKyqB,IACrC,IAEA2kG,GAAetnC,GAAW,YAAY,WACpC,OAAO9nF,KAAK+S,MAAM6rH,UAAU5+H,KAAK8zC,IACnC,IAEAg0C,GAAU9mF,UAAU69H,QAAU,WAC5B,OAAO7+H,KAAKy+H,WAAW73H,OAAO5G,KAAK2+H,WACrC,EAEA72C,GAAU9mF,UAAU0mB,MAAQ,WAC1B,OAAOqgB,GAAMzqB,OAAOtd,KAAK6+H,UAAW,OAAO/nD,aAC7C,EAEA,OAAiBgR,GCzDbtiD,GAASuC,GAAMvC,OACf8pF,GAAavnF,GAAMunF,WAIvB,SAASwP,GAAMluH,GAGb,GAFA40B,GAAiB,YAAV50B,EAAqB,qCAEtB5Q,gBAAgB8+H,IACpB,OAAO,IAAIA,GAAMluH,GAEfA,EAAQg3C,GAAOh3C,GAAOA,MAC1B5Q,KAAK4Q,MAAQA,EACb5Q,KAAKglC,EAAIp0B,EAAMo0B,EACfhlC,KAAKglC,EAAEutF,WAAW3hH,EAAMpE,EAAEqD,YAAc,GAExC7P,KAAK++H,WAAanuH,EAAM4/G,QAAQ1wH,YAChCE,KAAKi+H,eAAiBnyH,KAAKmQ,KAAKrL,EAAMpE,EAAEqD,YAAc,GACtD7P,KAAKoU,KAAOA,GAAKM,MACnB,CAEA,OAAiBoqH,GAOjBA,GAAM99H,UAAUm8C,KAAO,SAAcxjC,EAASkzC,GAC5ClzC,EAAU21G,GAAW31G,GACrB,IAAI3C,EAAMhX,KAAKg/H,cAAcnyE,GACzB9+C,EAAI/N,KAAKi/H,QAAQjoH,EAAIkoH,gBAAiBvlH,GACtC8Q,EAAIzqB,KAAKglC,EAAE13B,IAAIS,GACf0wH,EAAWz+H,KAAK+9H,YAAYtzG,GAC5B00G,EAAKn/H,KAAKi/H,QAAQR,EAAUznH,EAAIqnH,WAAY1kH,GAClCrM,IAAI0J,EAAIwuC,QAClB1R,EAAI/lC,EAAE1H,IAAI84H,GAAInV,KAAKhqH,KAAK4Q,MAAMpE,GAClC,OAAOxM,KAAKo/H,cAAc,CAAE30G,EAAGA,EAAGqpB,EAAGA,EAAG2qF,SAAUA,GACpD,EAQAK,GAAM99H,UAAU08C,OAAS,SAAgB/jC,EAAS8jC,EAAKiI,GACrD/rC,EAAU21G,GAAW31G,GACrB8jC,EAAMz9C,KAAKo/H,cAAc3hF,GACzB,IAAIzmC,EAAMhX,KAAKylD,cAAcC,GACzBnpC,EAAIvc,KAAKi/H,QAAQxhF,EAAIghF,WAAYznH,EAAIqnH,WAAY1kH,GACjD0lH,EAAKr/H,KAAKglC,EAAE13B,IAAImwC,EAAI3J,KAExB,OADc2J,EAAIhzB,IAAIpkB,IAAI2Q,EAAI0uC,MAAMp4C,IAAIiP,IACzBgtC,GAAG81E,EACpB,EAEAP,GAAM99H,UAAUi+H,QAAU,WAExB,IADA,IAAI7qH,EAAOpU,KAAKoU,OACPjR,EAAI,EAAGA,EAAIy5C,UAAUx7C,OAAQ+B,IACpCiR,EAAK0zB,OAAO8U,UAAUz5C,IACxB,OAAO4kC,GAAMwnF,UAAUn7G,EAAK+zB,UAAU6hF,KAAKhqH,KAAK4Q,MAAMpE,EACxD,EAEAsyH,GAAM99H,UAAUi8C,QAAU,SAAiBh4C,GACzC,OAAO,IAAIg2H,GAAQj7H,KAAMiF,EAC3B,EAEA65H,GAAM99H,UAAUykD,cAAgB,SAAuBC,GACrD,OAAOu1E,GAAQK,WAAWt7H,KAAM0lD,EAClC,EAEAo5E,GAAM99H,UAAUg+H,cAAgB,SAAuBnyE,GACrD,OAAOouE,GAAQ6C,WAAW99H,KAAM6sD,EAClC,EAEAiyE,GAAM99H,UAAU6nD,WAAa,SAAoB5jD,GAC1CA,IACHA,EAAU,IAGZ,IAAIs3H,EAAO,IAAInC,GAAS,CACtBhmH,KAAMpU,KAAKoU,KACXumH,KAAM11H,EAAQ01H,KACdC,QAAS31H,EAAQ21H,SAAW,OAC5B9xE,QAAS7jD,EAAQ6jD,SAAW7J,GAAKj/C,KAAKoU,KAAKuzB,cAC3C8yF,WAAYx1H,EAAQ6jD,SAAW7jD,EAAQw1H,YAAc,OACrD3oF,MAAO9xC,KAAK4Q,MAAMpE,EAAEw7B,YAGtB,OAAOhoC,KAAKg/H,cAAczC,EAAK/rE,SAAS,IAC1C,EAEAsuE,GAAM99H,UAAUo+H,cAAgB,SAAuB3hF,GACrD,OAAIA,aAAeqqC,GACVrqC,EACF,IAAIqqC,GAAU9nF,KAAMy9C,EAC7B,EAUAqhF,GAAM99H,UAAU+8H,YAAc,SAAqBvN,GACjD,IAAIpqF,EAAMoqF,EAAM8B,OAAOtqF,QAAQ,KAAMhoC,KAAKi+H,gBAE1C,OADA73F,EAAIpmC,KAAKi+H,eAAiB,IAAMzN,EAAM6B,OAAO5H,QAAU,IAAO,EACvDrkF,CACT,EAEA04F,GAAM99H,UAAUgxH,YAAc,SAAqB1qH,GAGjD,IAAI02H,GAFJ12H,EAAQygC,GAAMunF,WAAWhoH,IAENlG,OAAS,EACxBk+H,EAASh4H,EAAM5F,MAAM,EAAGs8H,GAAQp3H,QAAuB,IAAhBU,EAAM02H,IAC7CuB,EAAoC,IAAV,IAAhBj4H,EAAM02H,IAEhB1vH,EAAIy5B,GAAMwnF,UAAU+P,GACxB,OAAOt/H,KAAK4Q,MAAMooH,WAAW1qH,EAAGixH,EAClC,EAEAT,GAAM99H,UAAU49H,UAAY,SAAmBt3F,GAC7C,OAAOA,EAAIU,QAAQ,KAAMhoC,KAAKi+H,eAChC,EAEAa,GAAM99H,UAAUk9H,UAAY,SAAmB52H,GAC7C,OAAOygC,GAAMwnF,UAAUjoH,EACzB,EAEAw3H,GAAM99H,UAAU28H,QAAU,SAAiBl4F,GACzC,OAAOA,aAAezlC,KAAK++H,UAC7B,2BC1IA,IAAIl5E,EAAWxH,EAEfwH,EAAS9d,MAAQvlC,GACjBqjD,EAAS5G,KAAOt7C,GAChBkiD,EAASj1C,MAAQwO,GACjBymC,EAAS+B,OAASpoC,GAGlBqmC,EAASC,GAAK6zE,GACd9zE,EAAS9yC,MAAQysH"} \ No newline at end of file +{"version":3,"file":"openpgp.min.mjs","sources":["../../node_modules/@openpgp/web-stream-tools/lib/writer.js","../../node_modules/@openpgp/web-stream-tools/lib/util.js","../../node_modules/@openpgp/web-stream-tools/lib/reader.js","../../node_modules/@openpgp/web-stream-tools/lib/streams.js","../../src/enums.js","../../src/config/config.js","../../src/util.js","../../src/encoding/base64.js","../../src/encoding/armor.js","../../src/crypto/cipher/index.js","../../src/crypto/hash/md5.js","../../src/crypto/hash/index.js","../../node_modules/@noble/ciphers/esm/_assert.js","../../node_modules/@noble/ciphers/esm/utils.js","../../node_modules/@noble/ciphers/esm/_polyval.js","../../node_modules/@noble/ciphers/esm/aes.js","../../src/crypto/mode/cfb.js","../../src/crypto/cmac.js","../../src/crypto/mode/eax.js","../../src/crypto/mode/ocb.js","../../src/crypto/mode/gcm.js","../../src/crypto/mode/index.js","../../../../src/crypto/biginteger.ts","../../src/crypto/random.js","../../../../src/crypto/public_key/prime.ts","../../src/crypto/pkcs1.js","../../src/crypto/public_key/rsa.js","../../src/crypto/public_key/elgamal.js","../../node_modules/@openpgp/tweetnacl/crypto.js","../../node_modules/@openpgp/tweetnacl/nacl-fast.js","../../src/type/oid.js","../../src/packet/packet.js","../../src/crypto/public_key/elliptic/eddsa.js","../../src/crypto/aes_kw.js","../../src/crypto/hkdf.js","../../src/crypto/public_key/elliptic/ecdh_x.js","../../src/crypto/public_key/elliptic/oid_curves.js","../../src/crypto/public_key/elliptic/ecdsa.js","../../src/crypto/public_key/elliptic/eddsa_legacy.js","../../src/crypto/pkcs5.js","../../src/crypto/public_key/elliptic/ecdh.js","../../src/crypto/public_key/dsa.js","../../src/crypto/public_key/index.js","../../src/crypto/signature.js","../../src/type/ecdh_symkey.js","../../src/type/kdf_params.js","../../src/type/ecdh_x_symkey.js","../../src/crypto/crypto.js","../../src/crypto/index.js","../../src/type/s2k/argon2.js","../../src/type/s2k/generic.js","../../src/type/s2k/index.js","../../node_modules/fflate/esm/index.mjs","../../src/packet/literal_data.js","../../src/type/keyid.js","../../src/packet/signature.js","../../src/packet/one_pass_signature.js","../../src/packet/packetlist.js","../../src/packet/compressed_data.js","../../src/packet/sym_encrypted_integrity_protected_data.js","../../src/packet/aead_encrypted_data.js","../../src/packet/public_key_encrypted_session_key.js","../../src/packet/sym_encrypted_session_key.js","../../src/packet/public_key.js","../../src/packet/symmetrically_encrypted_data.js","../../src/packet/marker.js","../../src/packet/public_subkey.js","../../src/packet/user_attribute.js","../../src/packet/secret_key.js","../../src/packet/userid.js","../../src/packet/secret_subkey.js","../../src/packet/trust.js","../../src/packet/padding.js","../../src/signature.js","../../src/key/helper.js","../../src/key/user.js","../../src/key/subkey.js","../../src/key/key.js","../../src/key/public_key.js","../../src/key/private_key.js","../../src/key/factory.js","../../src/message.js","../../src/cleartext.js","../../src/openpgp.js","../../node_modules/@noble/hashes/esm/_assert.js","../../node_modules/@noble/hashes/esm/cryptoNode.js","../../node_modules/@noble/hashes/esm/utils.js","../../node_modules/@noble/hashes/esm/_md.js","../../node_modules/@noble/hashes/esm/sha256.js","../../node_modules/@noble/hashes/esm/hmac.js","../../node_modules/@noble/curves/esm/abstract/utils.js","../../node_modules/@noble/curves/esm/abstract/modular.js","../../node_modules/@noble/curves/esm/abstract/curve.js","../../node_modules/@noble/curves/esm/abstract/weierstrass.js","../../node_modules/@noble/curves/esm/_shortw_utils.js","../../node_modules/@noble/curves/esm/p256.js","../../node_modules/@noble/hashes/esm/_u64.js","../../node_modules/@noble/hashes/esm/sha512.js","../../node_modules/@noble/curves/esm/p384.js","../../node_modules/@noble/curves/esm/p521.js","../../node_modules/@noble/hashes/esm/sha3.js","../../node_modules/@noble/curves/esm/abstract/edwards.js","../../node_modules/@noble/curves/esm/abstract/montgomery.js","../../node_modules/@noble/curves/esm/ed448.js","../../node_modules/@noble/curves/esm/secp256k1.js","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP256r1.ts","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP384r1.ts","../../../../src/crypto/public_key/elliptic/brainpool/brainpoolP512r1.ts","../../src/crypto/public_key/elliptic/noble_curves.js","../../src/crypto/cipher/des.js","../../src/crypto/cipher/cast5.js","../../src/crypto/cipher/twofish.js","../../src/crypto/cipher/blowfish.js","../../src/crypto/cipher/legacy_ciphers.js","../../node_modules/@noble/hashes/esm/sha1.js","../../node_modules/@noble/hashes/esm/ripemd160.js","../../src/crypto/hash/noble_hashes.js","../../node_modules/argon2id/lib/blake2b.js","../../node_modules/argon2id/lib/argon2id.js","../../node_modules/argon2id/lib/setup.js","../../node_modules/argon2id/index.js","../../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../../node_modules/@openpgp/seek-bzip/lib/stream.js","../../node_modules/@openpgp/seek-bzip/lib/crc32.js","../../node_modules/@openpgp/seek-bzip/lib/index.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work\n Object.setPrototypeOf(this, ArrayStream.prototype);\n\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","/* eslint-disable no-prototype-builtins */\nimport { isArrayStream } from './writer.js';\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n // try and detect a node native stream without having to import its class\n if (input &&\n !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) &&\n typeof input._read === 'function' && typeof input._readableState === 'object') {\n throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`');\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isUint8Array, isStream, isArrayStream } from './util.js';\nimport * as streams from './streams.js';\n\nconst doneReadingSet = new WeakSet();\n/**\n * The external buffer is used to store values that have been peeked or unshifted from the original stream.\n * Because of how streams are implemented, such values cannot be \"put back\" in the original stream,\n * but they need to be returned first when reading from the input again.\n */\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = () => {};\n return;\n }\n let streamType = isStream(input);\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isStream, isArrayStream, isUint8Array, concatUint8Array } from './util.js';\nimport { Reader, externalBuffer } from './reader.js';\nimport { ArrayStream, Writer } from './writer.js';\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream.\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n }\n lastBytes = returnValue;\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input)) {\n return input.subarray(begin, end === Infinity ? input.length : end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n const cancelled = await input.cancel(reason);\n // the stream is not always cancelled at this point, so we wait some more\n await new Promise(setTimeout);\n return cancelled;\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n\nexport {\n ArrayStream,\n toStream,\n concatStream,\n concat,\n getReader,\n getWriter,\n pipe,\n transformRaw,\n transform,\n transformPair,\n parse,\n clone,\n passiveClone,\n slice,\n readToEnd,\n cancel,\n fromAsync\n};\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'nistP256': 'nistP256',\n /** @deprecated use `nistP256` instead */\n 'p256': 'nistP256',\n\n /** NIST P-384 Curve */\n 'nistP384': 'nistP384',\n /** @deprecated use `nistP384` instead */\n 'p384': 'nistP384',\n\n /** NIST P-521 Curve */\n 'nistP521': 'nistP521',\n /** @deprecated use `nistP521` instead */\n 'p521': 'nistP521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519Legacy',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519Legacy',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519Legacy',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519Legacy',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n argon2: 4,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11,\n sha3_256: 12,\n sha3_512: 14\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n gcm: 3,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n padding: 21\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuerKeyID: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34,\n preferredCipherSuites: 39\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4,\n seipdv2: 8\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha512,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * This option is applicable to:\n * - key generation (encryption key preferences),\n * - password-based message encryption, and\n * - private key encryption.\n * In the case of message encryption using public keys, the encryption key preferences are respected instead.\n * Note: not all OpenPGP implementations are compatible with this option.\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)\n * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,\n * this option must be set, otherwise key parsing and/or key decryption will fail.\n * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys\n * will be processed incorrectly.\n */\n parseAEADEncryptedV4KeysAsLegacy: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.gcm,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use v6 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v6Keys\n */\n v6Keys: false,\n /**\n * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet).\n * These are non-standard entities, which in the crypto-refresh have been superseded\n * by v6 keys and v6 signatures, respectively.\n * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries,\n * hence parsing them might be necessary in some cases.\n */\n enableParsingV5Entities: false,\n /**\n * S2K (String to Key) type, used for key derivation in the context of secret key encryption\n * and password-encrypted data. Weaker s2k options are not allowed.\n * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it\n * (pending standardisation).\n * @memberof module:config\n * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}\n */\n s2kType: enums.s2k.iterated,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:\n * Iteration Count Byte for Iterated and Salted S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.\n * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:\n * Argon2 parameters for S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.\n * Default settings correspond to the second recommendation from RFC9106 (\"uniformly safe option\"),\n * to ensure compatibility with memory-constrained environments.\n * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.\n * @memberof module:config\n * @property {Object} params\n * @property {Integer} params.passes - number of iterations t\n * @property {Integer} params.parallelism - degree of parallelism p\n * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.\n */\n s2kArgon2Params: {\n passes: 3,\n parallelism: 4, // lanes\n memoryExponent: 16 // 64 MiB of RAM\n },\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:\n * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL\n * (see https://efail.de/).\n * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.\n *\n * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n /**\n * Allow using keys that do not have any key flags set.\n * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages\n * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).\n * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.\n * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.\n */\n allowMissingKeyFlags: false,\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design).\n * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur\n * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of\n * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.\n * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases.\n */\n nonDeterministicSignaturesViaNotation: true,\n /**\n * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * @memberof module:config\n * @property {Boolean} useEllipticFallback\n */\n useEllipticFallback: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { createRequire } from 'module'; // Must be stripped in browser built\nimport enums from './enums';\nimport defaultConfig from './config';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n nodeRequire: createRequire(import.meta.url),\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n /**\n * Load noble-curves lib on demand and return the requested curve function\n * @param {enums.publicKey} publicKeyAlgo\n * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA)\n * @returns curve implementation\n * @throws on unrecognized curve, or curve not implemented by noble-curve\n */\n getNobleCurve: async (publicKeyAlgo, curveName) => {\n if (!defaultConfig.useEllipticFallback) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n\n const { nobleCurves } = await import('./crypto/public_key/elliptic/noble_curves');\n switch (publicKeyAlgo) {\n case enums.publicKey.ecdh:\n case enums.publicKey.ecdsa: {\n const curve = nobleCurves.get(curveName);\n if (!curve) throw new Error('Unsupported curve');\n return curve;\n }\n case enums.publicKey.x448:\n return nobleCurves.get('x448');\n case enums.publicKey.ed448:\n return nobleCurves.get('ed448');\n default:\n throw new Error('Unsupported curve');\n }\n },\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures,\n // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed\n // has not been authenticated (yet).\n // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues.\n // Also, AEAD is also not affected.\n return util.readExactSubarray(bytes, 2, 2 + bytelen);\n },\n\n /**\n * Read exactly `end - start` bytes from input.\n * This is a stricter version of `.subarray`.\n * @param {Uint8Array} input - Input data to parse\n * @returns {Uint8Array} subarray of size always equal to `end - start`\n * @throws if the input array is too short.\n */\n readExactSubarray: function (input, start, end) {\n if (input.length < (end - start)) {\n throw new Error('Input array too short');\n }\n return input.subarray(start, end);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n if (bytes.length > length) {\n throw new Error('Input array too long');\n }\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const hexAlphabet = '0123456789abcdef';\n let s = '';\n bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; });\n return s;\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography API.\n * @returns {Object} The SubtleCrypto API\n * @throws if the API is not available\n */\n getWebCrypto: function() {\n const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n // Fallback for Node 16, which does not expose WebCrypto as a global\n const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle;\n if (!webCrypto) {\n throw new Error('The WebCrypto API is not available');\n }\n return webCrypto;\n },\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return this.nodeRequire('crypto');\n },\n\n getNodeZlib: function() {\n return this.nodeRequire('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (this.nodeRequire('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = this.nodeRequire('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n /**\n * Test email format to ensure basic compliance:\n * - must include a single @\n * - no control or space unicode chars allowed\n * - no backslash and square brackets (as the latter can mess with the userID parsing)\n * - cannot end with a punctuation char\n * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation,\n * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)).\n */\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^[^\\p{C}\\p{Z}@<>\\\\]+@[^\\p{C}\\p{Z}@<>\\\\]+[^\\p{C}\\p{Z}\\p{P}]$/u;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n }\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n }\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n }\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n }\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n }\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n }\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Remove the (optional) checksum from an armored message.\n * @param {String} text - OpenPGP armored message\n * @returns {String} The body of the armored message.\n * @private\n */\nfunction removeChecksum(text) {\n let body = text;\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n }\n\n return body;\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n const data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== enums.armor.signed) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === enums.armor.signed) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const body = removeChecksum(parts[0].slice(0, -1));\n await writer.write(body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum\n * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug\n // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)\n const maybeBodyClone = emitChecksum && stream.passiveClone(body);\n\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push(hash ? `Hash: ${hash}\\n\\n` : '\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","import enums from '../../enums';\n\nexport async function getLegacyCipher(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n throw new Error('Not a legacy cipher');\n case enums.symmetric.cast5:\n case enums.symmetric.blowfish:\n case enums.symmetric.twofish:\n case enums.symmetric.tripledes: {\n const { legacyCiphers } = await import('./legacy_ciphers');\n const cipher = legacyCiphers.get(algo);\n if (!cipher) {\n throw new Error('Unsupported cipher algorithm');\n }\n return cipher;\n }\n default:\n throw new Error('Unsupported cipher algorithm');\n }\n}\n\n/**\n * Get block size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherBlockSize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 16;\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n case enums.symmetric.tripledes:\n return 8;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherKeySize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n return 16;\n case enums.symmetric.aes192:\n case enums.symmetric.tripledes:\n return 24;\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 32;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get block and key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nexport function getCipherParams(algo) {\n return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) };\n}\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction nobleHash(nobleHashName, webCryptoHashName) {\n const getNobleHash = async () => {\n const { nobleHashes } = await import('./noble_hashes');\n const hash = nobleHashes.get(nobleHashName);\n if (!hash) throw new Error('Unsupported hash');\n return hash;\n };\n\n return async function(data) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hash = await getNobleHash();\n\n const hashInstance = hash.create();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => hashInstance.digest());\n } else if (webCrypto && webCryptoHashName) {\n return new Uint8Array(await webCrypto.digest(webCryptoHashName, data));\n } else {\n const hash = await getNobleHash();\n\n return hash(data);\n }\n };\n}\n\nexport default {\n\n /** @see module:md5 */\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),\n sha224: nodeHash('sha224') || nobleHash('sha224'),\n sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),\n sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),\n sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),\n ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),\n sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),\n sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n case enums.hash.sha3_256:\n return this.sha3_256(data);\n case enums.hash.sha3_512:\n return this.sha3_512(data);\n default:\n throw new Error('Unsupported hash function');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n case enums.hash.sha3_256:\n return 32;\n case enums.hash.sha3_512:\n return 64;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(hash) {\n if (typeof hash !== 'function' || typeof hash.create !== 'function')\n throw new Error('hash must be wrapped by utils.wrapConstructor');\n number(hash.outputLen);\n number(hash.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\nimport { bytes as abytes, isBytes } from './_assert.js';\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u16 = (arr) => new Uint16Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 2));\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// big-endian hardware is rare. Just in case someone still decides to run ciphers:\n// early-throw an error because we don't support BE yet.\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\nif (!isLE)\n throw new Error('Non little-endian hardware is not supported');\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`string expected, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n else if (isBytes(data))\n data = copyBytes(data);\n else\n throw new Error(`Uint8Array expected, got ${typeof data}`);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n// For runtime check if class implements interface\nexport class Hash {\n}\n/**\n * @__NO_SIDE_EFFECTS__\n */\nexport const wrapCipher = (params, c) => {\n Object.assign(c, params);\n return c;\n};\n// Polyfill for Safari 14\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\nexport function u64Lengths(ciphertext, AAD) {\n const num = new Uint8Array(16);\n const view = createView(num);\n setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);\n setBigUint64(view, 8, BigInt(ciphertext.length), true);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n//# sourceMappingURL=utils.js.map","import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';\nimport { clean, copyBytes, createView, toBytes, u32 } from './utils.js';\n// GHash from AES-GCM and its little-endian \"mirror image\" Polyval from AES-SIV.\n// Implemented in terms of GHash with conversion function for keys\n// GCM GHASH from NIST SP800-38d, SIV from RFC 8452.\n// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf\n// GHASH modulo: x^128 + x^7 + x^2 + x + 1\n// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1\nconst BLOCK_SIZE = 16;\n// TODO: rewrite\n// temporary padding buffer\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\nconst ZEROS32 = u32(ZEROS16);\nconst POLY = 0xe1; // v = 2*v % POLY\n// v = 2*v % POLY\n// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x\n// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor)\nconst mul2 = (s0, s1, s2, s3) => {\n const hiBit = s3 & 1;\n return {\n s3: (s2 << 31) | (s3 >>> 1),\n s2: (s1 << 31) | (s2 >>> 1),\n s1: (s0 << 31) | (s1 >>> 1),\n s0: (s0 >>> 1) ^ ((POLY << 24) & -(hiBit & 1)), // reduce % poly\n };\n};\nconst swapLE = (n) => (((n >>> 0) & 0xff) << 24) |\n (((n >>> 8) & 0xff) << 16) |\n (((n >>> 16) & 0xff) << 8) |\n ((n >>> 24) & 0xff) |\n 0;\n/**\n * `mulX_POLYVAL(ByteReverse(H))` from spec\n * @param k mutated in place\n */\nexport function _toGHASHKey(k) {\n k.reverse();\n const hiBit = k[15] & 1;\n // k >>= 1\n let carry = 0;\n for (let i = 0; i < k.length; i++) {\n const t = k[i];\n k[i] = (t >>> 1) | carry;\n carry = (t & 1) << 7;\n }\n k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000;\n return k;\n}\nconst estimateWindow = (bytes) => {\n if (bytes > 64 * 1024)\n return 8;\n if (bytes > 1024)\n return 4;\n return 2;\n};\nclass GHASH {\n // We select bits per window adaptively based on expectedLength\n constructor(key, expectedLength) {\n this.blockLen = BLOCK_SIZE;\n this.outputLen = BLOCK_SIZE;\n this.s0 = 0;\n this.s1 = 0;\n this.s2 = 0;\n this.s3 = 0;\n this.finished = false;\n key = toBytes(key);\n abytes(key, 16);\n const kView = createView(key);\n let k0 = kView.getUint32(0, false);\n let k1 = kView.getUint32(4, false);\n let k2 = kView.getUint32(8, false);\n let k3 = kView.getUint32(12, false);\n // generate table of doubled keys (half of montgomery ladder)\n const doubles = [];\n for (let i = 0; i < 128; i++) {\n doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });\n ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));\n }\n const W = estimateWindow(expectedLength || 1024);\n if (![1, 2, 4, 8].includes(W))\n throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);\n this.W = W;\n const bits = 128; // always 128 bits;\n const windows = bits / W;\n const windowSize = (this.windowSize = 2 ** W);\n const items = [];\n // Create precompute table for window of W bits\n for (let w = 0; w < windows; w++) {\n // truth table: 00, 01, 10, 11\n for (let byte = 0; byte < windowSize; byte++) {\n // prettier-ignore\n let s0 = 0, s1 = 0, s2 = 0, s3 = 0;\n for (let j = 0; j < W; j++) {\n const bit = (byte >>> (W - j - 1)) & 1;\n if (!bit)\n continue;\n const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];\n (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3);\n }\n items.push({ s0, s1, s2, s3 });\n }\n }\n this.t = items;\n }\n _updateBlock(s0, s1, s2, s3) {\n (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3);\n const { W, t, windowSize } = this;\n // prettier-ignore\n let o0 = 0, o1 = 0, o2 = 0, o3 = 0;\n const mask = (1 << W) - 1; // 2**W will kill performance.\n let w = 0;\n for (const num of [s0, s1, s2, s3]) {\n for (let bytePos = 0; bytePos < 4; bytePos++) {\n const byte = (num >>> (8 * bytePos)) & 0xff;\n for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {\n const bit = (byte >>> (W * bitPos)) & mask;\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];\n (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3);\n w += 1;\n }\n }\n }\n this.s0 = o0;\n this.s1 = o1;\n this.s2 = o2;\n this.s3 = o3;\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n const left = data.length % BLOCK_SIZE;\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);\n clean(ZEROS32); // clean tmp buffer\n }\n return this;\n }\n destroy() {\n const { t } = this;\n // clean precompute table\n for (const elm of t) {\n (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0);\n }\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out;\n }\n digest() {\n const res = new Uint8Array(BLOCK_SIZE);\n this.digestInto(res);\n this.destroy();\n return res;\n }\n}\nclass Polyval extends GHASH {\n constructor(key, expectedLength) {\n key = toBytes(key);\n const ghKey = _toGHASHKey(copyBytes(key));\n super(ghKey, expectedLength);\n clean(ghKey);\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const left = data.length % BLOCK_SIZE;\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));\n clean(ZEROS32);\n }\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // tmp ugly hack\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out.reverse();\n }\n}\nfunction wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest();\n const tmp = hashCons(new Uint8Array(16), 0);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key, expectedLength) => hashCons(key, expectedLength);\n return hashC;\n}\nexport const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));\nexport const polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));\n//# sourceMappingURL=_polyval.js.map","// prettier-ignore\nimport { bytes as abytes } from './_assert.js';\nimport { ghash, polyval } from './_polyval.js';\nimport { clean, concatBytes, copyBytes, createView, equalBytes, isAligned32, setBigUint64, u32, u8, wrapCipher, } from './utils.js';\n/*\nAES (Advanced Encryption Standard) aka Rijndael block cipher.\n\nData is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round:\n1. **S-box**, table substitution\n2. **Shift rows**, cyclic shift left of all rows of data array\n3. **Mix columns**, multiplying every column by fixed polynomial\n4. **Add round key**, round_key xor i-th column of array\n\nResources:\n- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf\n- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf\n*/\nconst BLOCK_SIZE = 16;\nconst BLOCK_SIZE32 = 4;\nconst EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE);\nconst POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8\n// TODO: remove multiplication, binary ops only\nfunction mul2(n) {\n return (n << 1) ^ (POLY & -(n >> 7));\n}\nfunction mul(a, b) {\n let res = 0;\n for (; b > 0; b >>= 1) {\n // Montgomery ladder\n res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time).\n a = mul2(a); // a = 2*a\n }\n return res;\n}\n// AES S-box is generated using finite field inversion,\n// an affine transform, and xor of a constant 0x63.\nconst sbox = /* @__PURE__ */ (() => {\n const t = new Uint8Array(256);\n for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x))\n t[i] = x;\n const box = new Uint8Array(256);\n box[0] = 0x63; // first elm\n for (let i = 0; i < 255; i++) {\n let x = t[255 - i];\n x |= x << 8;\n box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff;\n }\n clean(t);\n return box;\n})();\n// Inverted S-box\nconst invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));\n// Rotate u32 by 8\nconst rotr32_8 = (n) => (n << 24) | (n >>> 8);\nconst rotl32_8 = (n) => (n << 8) | (n >>> 24);\n// The byte swap operation for uint32 (LE<->BE)\nconst byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes:\n// - LE instead of BE\n// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23;\n// so index is u16, instead of u8. This speeds up things, unexpectedly\nfunction genTtable(sbox, fn) {\n if (sbox.length !== 256)\n throw new Error('Wrong sbox length');\n const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j]));\n const T1 = T0.map(rotl32_8);\n const T2 = T1.map(rotl32_8);\n const T3 = T2.map(rotl32_8);\n const T01 = new Uint32Array(256 * 256);\n const T23 = new Uint32Array(256 * 256);\n const sbox2 = new Uint16Array(256 * 256);\n for (let i = 0; i < 256; i++) {\n for (let j = 0; j < 256; j++) {\n const idx = i * 256 + j;\n T01[idx] = T0[i] ^ T1[j];\n T23[idx] = T2[i] ^ T3[j];\n sbox2[idx] = (sbox[i] << 8) | sbox[j];\n }\n }\n return { sbox, sbox2, T0, T1, T2, T3, T01, T23 };\n}\nconst tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2));\nconst tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14));\nconst xPowers = /* @__PURE__ */ (() => {\n const p = new Uint8Array(16);\n for (let i = 0, x = 1; i < 16; i++, x = mul2(x))\n p[i] = x;\n return p;\n})();\nexport function expandKeyLE(key) {\n abytes(key);\n const len = key.length;\n if (![16, 24, 32].includes(len))\n throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);\n const { sbox2 } = tableEncoding;\n const toClean = [];\n if (!isAligned32(key))\n toClean.push((key = copyBytes(key)));\n const k32 = u32(key);\n const Nk = k32.length;\n const subByte = (n) => applySbox(sbox2, n, n, n, n);\n const xk = new Uint32Array(len + 28); // expanded key\n xk.set(k32);\n // 4.3.1 Key expansion\n for (let i = Nk; i < xk.length; i++) {\n let t = xk[i - 1];\n if (i % Nk === 0)\n t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1];\n else if (Nk > 6 && i % Nk === 4)\n t = subByte(t);\n xk[i] = xk[i - Nk] ^ t;\n }\n clean(...toClean);\n return xk;\n}\nexport function expandKeyDecLE(key) {\n const encKey = expandKeyLE(key);\n const xk = encKey.slice();\n const Nk = encKey.length;\n const { sbox2 } = tableEncoding;\n const { T0, T1, T2, T3 } = tableDecoding;\n // Inverse key by chunks of 4 (rounds)\n for (let i = 0; i < Nk; i += 4) {\n for (let j = 0; j < 4; j++)\n xk[i + j] = encKey[Nk - i - 4 + j];\n }\n clean(encKey);\n // apply InvMixColumn except first & last round\n for (let i = 4; i < Nk - 4; i++) {\n const x = xk[i];\n const w = applySbox(sbox2, x, x, x, x);\n xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24];\n }\n return xk;\n}\n// Apply tables\nfunction apply0123(T01, T23, s0, s1, s2, s3) {\n return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^\n T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]);\n}\nfunction applySbox(sbox2, s0, s1, s2, s3) {\n return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] |\n (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16));\n}\nfunction encrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableEncoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // last round (without mixcolumns, so using SBOX2 table)\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\n// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different\nfunction decrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableDecoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // Last round\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\nfunction getDst(len, dst) {\n if (dst === undefined)\n return new Uint8Array(len);\n abytes(dst);\n if (dst.length < len)\n throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);\n if (!isAligned32(dst))\n throw new Error('unaligned dst');\n return dst;\n}\n// TODO: investigate merging with ctr32\nfunction ctrCounter(xk, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const ctr = nonce;\n const c32 = u32(ctr);\n // Fill block (empty, ctr=0)\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n const src32 = u32(src);\n const dst32 = u32(dst);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n // Full 128 bit counter with wrap around\n let carry = 1;\n for (let i = ctr.length - 1; i >= 0; i--) {\n carry = (carry + (ctr[i] & 0xff)) | 0;\n ctr[i] = carry & 0xff;\n carry >>>= 8;\n }\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than block)\n // It's possible to handle > u32 fast, but is it worth it?\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n// AES CTR with overflowing 32 bit counter\n// It's possible to do 32le significantly simpler (and probably faster) by using u32.\n// But, we need both, and perf bottleneck is in ghash anyway.\nfunction ctr32(xk, isLE, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n dst = getDst(src.length, dst);\n const ctr = nonce; // write new value to nonce, so it can be re-used\n const c32 = u32(ctr);\n const view = createView(ctr);\n const src32 = u32(src);\n const dst32 = u32(dst);\n const ctrPos = isLE ? 0 : 12;\n const srcLen = src.length;\n // Fill block (empty, ctr=0)\n let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n ctrNum = (ctrNum + 1) >>> 0; // u32 wrap\n view.setUint32(ctrPos, ctrNum, isLE);\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than a block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n/**\n * CTR: counter mode. Creates stream cipher.\n * Requires good IV. Parallelizable. OK, but no MAC.\n */\nexport const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) {\n abytes(key);\n abytes(nonce, BLOCK_SIZE);\n function processCtr(buf, dst) {\n abytes(buf);\n if (dst !== undefined) {\n abytes(dst);\n if (!isAligned32(dst))\n throw new Error('unaligned destination');\n }\n const xk = expandKeyLE(key);\n const n = copyBytes(nonce); // align + avoid changing\n const toClean = [xk, n];\n if (!isAligned32(buf))\n toClean.push((buf = copyBytes(buf)));\n const out = ctrCounter(xk, n, buf, dst);\n clean(...toClean);\n return out;\n }\n return {\n encrypt: (plaintext, dst) => processCtr(plaintext, dst),\n decrypt: (ciphertext, dst) => processCtr(ciphertext, dst),\n };\n});\nfunction validateBlockDecrypt(data) {\n abytes(data);\n if (data.length % BLOCK_SIZE !== 0) {\n throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`);\n }\n}\nfunction validateBlockEncrypt(plaintext, pcks5, dst) {\n abytes(plaintext);\n let outLen = plaintext.length;\n const remaining = outLen % BLOCK_SIZE;\n if (!pcks5 && remaining !== 0)\n throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding');\n if (!isAligned32(plaintext))\n plaintext = copyBytes(plaintext);\n const b = u32(plaintext);\n if (pcks5) {\n let left = BLOCK_SIZE - remaining;\n if (!left)\n left = BLOCK_SIZE; // if no bytes left, create empty padding block\n outLen = outLen + left;\n }\n const out = getDst(outLen, dst);\n const o = u32(out);\n return { b, o, out };\n}\nfunction validatePCKS(data, pcks5) {\n if (!pcks5)\n return data;\n const len = data.length;\n if (!len)\n throw new Error('aes/pcks5: empty ciphertext not allowed');\n const lastByte = data[len - 1];\n if (lastByte <= 0 || lastByte > 16)\n throw new Error('aes/pcks5: wrong padding');\n const out = data.subarray(0, -lastByte);\n for (let i = 0; i < lastByte; i++)\n if (data[len - i - 1] !== lastByte)\n throw new Error('aes/pcks5: wrong padding');\n return out;\n}\nfunction padPCKS(left) {\n const tmp = new Uint8Array(16);\n const tmp32 = u32(tmp);\n tmp.set(left);\n const paddingByte = BLOCK_SIZE - left.length;\n for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++)\n tmp[i] = paddingByte;\n return tmp32;\n}\n/**\n * ECB: Electronic CodeBook. Simple deterministic replacement.\n * Dangerous: always map x to y. See [AES Penguin](https://words.filippo.io/the-ecb-penguin/).\n */\nexport const ecb = wrapCipher({ blockSize: 16 }, function ecb(key, opts = {}) {\n abytes(key);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n const xk = expandKeyLE(key);\n let i = 0;\n for (; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = encrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(xk);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n const out = getDst(ciphertext.length, dst);\n const toClean = [xk];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n for (let i = 0; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = decrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CBC: Cipher-Block-Chaining. Key is previous round’s block.\n * Fragile: needs proper padding. Unauthenticated: needs MAC.\n */\nexport const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) {\n abytes(key);\n abytes(iv, 16);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const xk = expandKeyLE(key);\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n let i = 0;\n for (; i + 4 <= b.length;) {\n (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n const out = getDst(ciphertext.length, dst);\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= b.length;) {\n // prettier-ignore\n const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;\n (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]);\n const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);\n (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output.\n * Unauthenticated: needs MAC.\n */\nexport const cfb = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) {\n abytes(key);\n abytes(iv, 16);\n function processCfb(src, isEncrypt, dst) {\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const xk = expandKeyLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n if (!isAligned32(src))\n toClean.push((src = copyBytes(src)));\n const src32 = u32(src);\n const dst32 = u32(dst);\n const next32 = isEncrypt ? dst32 : src32;\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= src32.length;) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt(xk, s0, s1, s2, s3);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]);\n }\n // leftovers (less than block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n const buf = u8(new Uint32Array([s0, s1, s2, s3]));\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(buf);\n }\n clean(...toClean);\n return dst;\n }\n return {\n encrypt: (plaintext, dst) => processCfb(plaintext, true, dst),\n decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst),\n };\n});\n// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen\nfunction computeTag(fn, isLE, key, data, AAD) {\n const aadLength = AAD == null ? 0 : AAD.length;\n const h = fn.create(key, data.length + aadLength);\n if (AAD)\n h.update(AAD);\n h.update(data);\n const num = new Uint8Array(16);\n const view = createView(num);\n if (AAD)\n setBigUint64(view, 0, BigInt(aadLength * 8), isLE);\n setBigUint64(view, 8, BigInt(data.length * 8), isLE);\n h.update(num);\n const res = h.digest();\n clean(num);\n return res;\n}\n/**\n * GCM: Galois/Counter Mode.\n * Modern, parallel version of CTR, with MAC.\n * Be careful: MACs can be forged.\n * Unsafe to use random nonces under the same key, due to collision chance.\n * As for nonce size, prefer 12-byte, instead of 8-byte.\n */\nexport const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) {\n abytes(key);\n abytes(nonce);\n if (AAD !== undefined)\n abytes(AAD);\n // NIST 800-38d doesn't enforce minimum nonce length.\n // We enforce 8 bytes for compat with openssl.\n // 12 bytes are recommended. More than 12 bytes would be converted into 12.\n if (nonce.length < 8)\n throw new Error('aes/gcm: invalid nonce length');\n const tagLength = 16;\n function _computeTag(authKey, tagMask, data) {\n const tag = computeTag(ghash, false, authKey, data, AAD);\n for (let i = 0; i < tagMask.length; i++)\n tag[i] ^= tagMask[i];\n return tag;\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const authKey = EMPTY_BLOCK.slice();\n const counter = EMPTY_BLOCK.slice();\n ctr32(xk, false, counter, counter, authKey);\n // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces\n if (nonce.length === 12) {\n counter.set(nonce);\n }\n else {\n const nonceLen = EMPTY_BLOCK.slice();\n const view = createView(nonceLen);\n setBigUint64(view, 8, BigInt(nonce.length * 8), false);\n // ghash(nonce || u64be(0) || u64be(nonceLen*8))\n const g = ghash.create(authKey).update(nonce).update(nonceLen);\n g.digestInto(counter); // digestInto doesn't trigger '.destroy'\n g.destroy();\n }\n const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);\n return { xk, authKey, counter, tagMask };\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const out = new Uint8Array(plaintext.length + tagLength);\n const toClean = [xk, authKey, counter, tagMask];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n ctr32(xk, false, counter, plaintext, out);\n const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));\n toClean.push(tag);\n out.set(tag, plaintext.length);\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n if (ciphertext.length < tagLength)\n throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const toClean = [xk, authKey, tagMask, counter];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = _computeTag(authKey, tagMask, data);\n toClean.push(tag);\n if (!equalBytes(tag, passedTag))\n throw new Error('aes/gcm: invalid ghash tag');\n const out = ctr32(xk, false, counter, data);\n clean(...toClean);\n return out;\n },\n };\n});\nconst limit = (name, min, max) => (value) => {\n if (!Number.isSafeInteger(value) || min > value || value > max)\n throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);\n};\n/**\n * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.\n * Guarantees that, when a nonce is repeated, the only security loss is that identical\n * plaintexts will produce identical ciphertexts.\n * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452\n */\nexport const siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv(key, nonce, AAD) {\n const tagLength = 16;\n // From RFC 8452: Section 6\n const AAD_LIMIT = limit('AAD', 0, 2 ** 36);\n const PLAIN_LIMIT = limit('plaintext', 0, 2 ** 36);\n const NONCE_LIMIT = limit('nonce', 12, 12);\n const CIPHER_LIMIT = limit('ciphertext', 16, 2 ** 36 + 16);\n abytes(key, 16, 24, 32);\n abytes(nonce);\n NONCE_LIMIT(nonce.length);\n if (AAD !== undefined) {\n abytes(AAD);\n AAD_LIMIT(AAD.length);\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const encKey = new Uint8Array(key.length);\n const authKey = new Uint8Array(16);\n const toClean = [xk, encKey];\n let _nonce = nonce;\n if (!isAligned32(_nonce))\n toClean.push((_nonce = copyBytes(_nonce)));\n const n32 = u32(_nonce);\n // prettier-ignore\n let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];\n let counter = 0;\n for (const derivedKey of [authKey, encKey].map(u32)) {\n const d32 = u32(derivedKey);\n for (let i = 0; i < d32.length; i += 2) {\n // aes(u32le(0) || nonce)[:8] || aes(u32le(1) || nonce)[:8] ...\n const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);\n d32[i + 0] = o0;\n d32[i + 1] = o1;\n s0 = ++counter; // increment counter inside state\n }\n }\n const res = { authKey, encKey: expandKeyLE(encKey) };\n // Cleanup\n clean(...toClean);\n return res;\n }\n function _computeTag(encKey, authKey, data) {\n const tag = computeTag(polyval, true, authKey, data, AAD);\n // Compute the expected tag by XORing S_s and the nonce, clearing the\n // most significant bit of the last byte and encrypting with the\n // message-encryption key.\n for (let i = 0; i < 12; i++)\n tag[i] ^= nonce[i];\n tag[15] &= 0x7f; // Clear the highest bit\n // encrypt tag as block\n const t32 = u32(tag);\n // prettier-ignore\n let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];\n ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));\n (t32[0] = s0), (t32[1] = s1), (t32[2] = s2), (t32[3] = s3);\n return tag;\n }\n // actual decrypt/encrypt of message.\n function processSiv(encKey, tag, input) {\n let block = copyBytes(tag);\n block[15] |= 0x80; // Force highest bit\n const res = ctr32(encKey, true, block, input);\n // Cleanup\n clean(block);\n return res;\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n PLAIN_LIMIT(plaintext.length);\n const { encKey, authKey } = deriveKeys();\n const tag = _computeTag(encKey, authKey, plaintext);\n const toClean = [encKey, authKey, tag];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n const out = new Uint8Array(plaintext.length + tagLength);\n out.set(tag, plaintext.length);\n out.set(processSiv(encKey, tag, plaintext));\n // Cleanup\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n CIPHER_LIMIT(ciphertext.length);\n const tag = ciphertext.subarray(-tagLength);\n const { encKey, authKey } = deriveKeys();\n const toClean = [encKey, authKey];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));\n const expectedTag = _computeTag(encKey, authKey, plaintext);\n toClean.push(expectedTag);\n if (!equalBytes(tag, expectedTag)) {\n clean(...toClean);\n throw new Error('invalid polyval tag');\n }\n // Cleanup\n clean(...toClean);\n return plaintext;\n },\n };\n});\nfunction isBytes32(a) {\n return (a != null &&\n typeof a === 'object' &&\n (a instanceof Uint32Array || a.constructor.name === 'Uint32Array'));\n}\nfunction encryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_encryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = encrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\nfunction decryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_decryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = decrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\n/**\n * AES-W (base for AESKW/AESKWP).\n * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf),\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/).\n */\nconst AESW = {\n /*\n High-level pseudocode:\n ```\n A: u64 = IV\n out = []\n for (let i=0, ctr = 0; i<6; i++) {\n for (const chunk of chunks(plaintext, 8)) {\n A ^= swapEndianess(ctr++)\n [A, res] = chunks(encrypt(A || chunk), 8);\n out ||= res\n }\n }\n out = A || out\n ```\n Decrypt is the same, but reversed.\n */\n encrypt(kek, out) {\n // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints.\n // If you need it larger, open an issue.\n if (out.length >= 2 ** 32)\n throw new Error('plaintext should be less than 4gb');\n const xk = expandKeyLE(kek);\n if (out.length === 16)\n encryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = 1; j < 6; j++) {\n for (let pos = 2; pos < o32.length; pos += 2, ctr++) {\n const { s0, s1, s2, s3 } = encrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n // A = MSB(64, B) ^ t where t = (n*j)+i\n (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1); // out = A || out\n }\n xk.fill(0);\n },\n decrypt(kek, out) {\n if (out.length - 8 >= 2 ** 32)\n throw new Error('ciphertext should be less than 4gb');\n const xk = expandKeyDecLE(kek);\n const chunks = out.length / 8 - 1; // first chunk is IV\n if (chunks === 1)\n decryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = chunks * 6; j < 6; j++) {\n for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) {\n a1 ^= byteSwap(ctr);\n const { s0, s1, s2, s3 } = decrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1);\n }\n xk.fill(0);\n },\n};\nconst AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6\n/**\n * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times.\n * Reduces block size from 16 to 8 bytes.\n * For padded version, use aeskwp.\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf).\n */\nexport const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length || plaintext.length % 8 !== 0)\n throw new Error('invalid plaintext length');\n if (plaintext.length === 8)\n throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead');\n const out = concatBytes(AESKW_IV, plaintext);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // ciphertext must be at least 24 bytes and a multiple of 8 bytes\n // 24 because should have at least two block (1 iv + 2).\n // Replace with 16 to enable '8-byte keys'\n if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n AESW.decrypt(kek, out);\n if (!equalBytes(out.subarray(0, 8), AESKW_IV))\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8);\n },\n}));\n/*\nWe don't support 8-byte keys. The rabbit hole:\n\n- Wycheproof says: \"NIST SP 800-38F does not define the wrapping of 8 byte keys.\n RFC 3394 Section 2 on the other hand specifies that 8 byte keys are wrapped\n by directly encrypting one block with AES.\"\n - https://github.com/C2SP/wycheproof/blob/master/doc/key_wrap.md\n - \"RFC 3394 specifies in Section 2, that the input for the key wrap\n algorithm must be at least two blocks and otherwise the constant\n field and key are simply encrypted with ECB as a single block\"\n- What RFC 3394 actually says (in Section 2):\n - \"Before being wrapped, the key data is parsed into n blocks of 64 bits.\n The only restriction the key wrap algorithm places on n is that n be\n at least two\"\n - \"For key data with length less than or equal to 64 bits, the constant\n field used in this specification and the key data form a single\n 128-bit codebook input making this key wrap unnecessary.\"\n- Which means \"assert(n >= 2)\" and \"use something else for 8 byte keys\"\n- NIST SP800-38F actually prohibits 8-byte in \"5.3.1 Mandatory Limits\".\n It states that plaintext for KW should be \"2 to 2^54 -1 semiblocks\".\n- So, where does \"directly encrypt single block with AES\" come from?\n - Not RFC 3394. Pseudocode of key wrap in 2.2 explicitly uses\n loop of 6 for any code path\n - There is a weird W3C spec:\n https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#kw-aes128\n - This spec is outdated, as admitted by Wycheproof authors\n - There is RFC 5649 for padded key wrap, which is padding construction on\n top of AESKW. In '4.1.2' it says: \"If the padded plaintext contains exactly\n eight octets, then prepend the AIV as defined in Section 3 above to P[1] and\n encrypt the resulting 128-bit block using AES in ECB mode [Modes] with key\n K (the KEK). In this case, the output is two 64-bit blocks C[0] and C[1]:\"\n - Browser subtle crypto is actually crashes on wrapping keys less than 16 bytes:\n `Error: error:1C8000E6:Provider routines::invalid input length] { opensslErrorStack: [ 'error:030000BD:digital envelope routines::update error' ]`\n\nIn the end, seems like a bug in Wycheproof.\nThe 8-byte check can be easily disabled inside of AES_W.\n*/\nconst AESKWP_IV = 0xa65959a6; // single u32le value\n/**\n * AES-KW, but with padding and allows random keys.\n * Second u32 of IV is used as counter for length.\n * [RFC 5649](https://www.rfc-editor.org/rfc/rfc5649)\n */\nexport const aeskwp = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length)\n throw new Error('invalid plaintext length');\n const padded = Math.ceil(plaintext.length / 8) * 8;\n const out = new Uint8Array(8 + padded);\n out.set(plaintext, 8);\n const out32 = u32(out);\n out32[0] = AESKWP_IV;\n out32[1] = byteSwap(plaintext.length);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // 16 because should have at least one block\n if (ciphertext.length < 16)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n const o32 = u32(out);\n AESW.decrypt(kek, out);\n const len = byteSwap(o32[1]) >>> 0;\n const padded = Math.ceil(len / 8) * 8;\n if (o32[0] !== AESKWP_IV || out.length - 8 !== padded)\n throw new Error('integrity check failed');\n for (let i = len; i < padded; i++)\n if (out[8 + i] !== 0)\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8, 8 + len);\n },\n}));\n// Private, unsafe low-level methods. Can change at any time.\nexport const unsafe = {\n expandKeyLE,\n expandKeyDecLE,\n encrypt,\n decrypt,\n encryptBlock,\n decryptBlock,\n ctrCounter,\n ctr32,\n};\n//# sourceMappingURL=aes.js.map","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n */\n\nimport { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../../util';\nimport enums from '../../enums';\nimport { getLegacyCipher, getCipherParams } from '../cipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (nodeCrypto && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nclass WebCryptoEncryptor {\n constructor(algo, key, iv) {\n const { blockSize } = getCipherParams(algo);\n this.key = key;\n this.prevBlock = iv;\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n this.zeroBlock = new Uint8Array(this.blockSize);\n }\n\n static async isSupported(algo) {\n const { keySize } = getCipherParams(algo);\n return webCrypto.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt'])\n .then(() => true, () => false);\n }\n\n async _runCBC(plaintext, nonZeroIV) {\n const mode = 'AES-CBC';\n this.keyRef = this.keyRef || await webCrypto.importKey('raw', this.key, mode, false, ['encrypt']);\n const ciphertext = await webCrypto.encrypt(\n { name: mode, iv: nonZeroIV || this.zeroBlock },\n this.keyRef,\n plaintext\n );\n return new Uint8Array(ciphertext).subarray(0, plaintext.length);\n }\n\n async encryptChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const plaintext = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n const toEncrypt = util.concatUint8Array([\n this.prevBlock,\n plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block \"early\", since we only need to xor the plaintext and pass it over as prevBlock\n ]);\n\n const encryptedBlocks = await this._runCBC(toEncrypt);\n xorMut(encryptedBlocks, plaintext);\n this.prevBlock = encryptedBlocks.slice(-this.blockSize);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return encryptedBlocks;\n }\n\n this.i += added.length;\n let encryptedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n const curBlock = this.nextBlock;\n encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n this.prevBlock = encryptedBlock.slice();\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n encryptedBlock = new Uint8Array();\n }\n\n return encryptedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n this.nextBlock = this.nextBlock.subarray(0, this.i);\n const curBlock = this.nextBlock;\n const encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n result = encryptedBlock.subarray(0, curBlock.length);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.keyRef = null;\n this.key = null;\n }\n\n async encrypt(plaintext) {\n // plaintext is internally padded to block length before encryption\n const encryptedWithPadding = await this._runCBC(\n util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]),\n this.iv\n );\n // drop encrypted padding\n const ct = encryptedWithPadding.subarray(0, plaintext.length);\n xorMut(ct, plaintext);\n this.clearSensitiveData();\n return ct;\n }\n}\n\nclass NobleStreamProcessor {\n constructor(forEncryption, algo, key, iv) {\n this.forEncryption = forEncryption;\n const { blockSize } = getCipherParams(algo);\n this.key = nobleAesHelpers.expandKeyLE(key);\n\n if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers\n this.prevBlock = getUint32Array(iv);\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n }\n\n _runCFB(src) {\n const src32 = getUint32Array(src);\n const dst = new Uint8Array(src.length);\n const dst32 = getUint32Array(dst);\n for (let i = 0; i + 4 <= dst32.length; i += 4) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = nobleAesHelpers.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4);\n }\n return dst;\n }\n\n async processChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const toProcess = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n\n const processedBlocks = this._runCFB(toProcess);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return processedBlocks;\n }\n\n this.i += added.length;\n\n let processedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n processedBlock = this._runCFB(this.nextBlock);\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n processedBlock = new Uint8Array();\n }\n\n return processedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n const processedBlock = this._runCFB(this.nextBlock);\n\n result = processedBlock.subarray(0, this.i);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.key.fill(0);\n }\n}\n\n\nasync function aesEncrypt(algo, key, pt, iv) {\n if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys\n const cfb = new WebCryptoEncryptor(algo, key, iv);\n return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);\n } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream\n const cfb = new NobleStreamProcessor(true, algo, key, iv);\n return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).encrypt(pt);\n}\n\nasync function aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new NobleStreamProcessor(false, algo, key, iv);\n return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).decrypt(ct);\n}\n\nfunction xorMut(a, b) {\n const aLength = Math.min(a.length, b.length);\n for (let i = 0; i < aLength; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nconst getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt) {\n return nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(pt);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n */\n\nimport { ctr as nobleAesCtr } from '@noble/ciphers/aes';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const keyRef = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, keyRef, pt);\n return new Uint8Array(ct);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt, iv) {\n return nobleAesCtr(key, iv).encrypt(pt);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport { getCipherParams } from '../cipher';\nimport util from '../../util';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n const { keySize } = getCipherParams(cipher);\n // sanity checks\n if (!util.isAES(cipher) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let maxNtz = 0;\n\n // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,\n // hence its execution cannot be broken up.\n // As a result, WebCrypto cannot currently be used for `encipher`.\n const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });\n const encipher = block => aes.encrypt(block);\n const decipher = block => aes.decrypt(block);\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables() {\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n */\n\nimport { gcm as nobleAesGcm } from '@noble/ciphers/aes';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages\n const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\\/13\\.\\d(\\.\\d)* Safari/) ||\n navigator.userAgent.match(/Version\\/(13|14)\\.\\d(\\.\\d)* Mobile\\/\\S* Safari/);\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && !pt.length) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n try {\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n } catch (e) {\n if (e.name === 'OperationError') {\n throw new Error('Authentication tag mismatch');\n }\n }\n }\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n },\n\n decrypt: async function(ct, iv, adata) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","// Operations are not constant time, but we try and limit timing leakage where we can\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\nexport function uint8ArrayToBigInt(bytes: Uint8Array) {\n const hexAlphabet = '0123456789ABCDEF';\n let s = '';\n bytes.forEach(v => {\n s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];\n });\n return BigInt('0x0' + s);\n}\n\nexport function mod(a: bigint, m: bigint) {\n const reduced = a % m;\n return reduced < _0n ? reduced + m : reduced;\n}\n\n/**\n * Compute modular exponentiation using square and multiply\n * @param {BigInt} a - Base\n * @param {BigInt} e - Exponent\n * @param {BigInt} n - Modulo\n * @returns {BigInt} b ** e mod n.\n */\nexport function modExp(b: bigint, e: bigint, n: bigint) {\n if (n === _0n) throw Error('Modulo cannot be zero');\n if (n === _1n) return BigInt(0);\n if (e < _0n) throw Error('Unsopported negative exponent');\n\n let exp = e;\n let x = b;\n\n x %= n;\n let r = BigInt(1);\n while (exp > _0n) {\n const lsb = exp & _1n;\n exp >>= _1n; // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n; // Square\n }\n return r;\n}\n\n\nfunction abs(x: bigint) {\n return x >= _0n ? x : -x;\n}\n\n/**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a and b, compute (x, y) such that ax + by = gdc(a, b).\n * Negative numbers are also supported.\n * @param {BigInt} a - First operand\n * @param {BigInt} b - Second operand\n * @returns {{ gcd, x, y: bigint }}\n */\nfunction _egcd(aInput: bigint, bInput: bigint) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n // Deal with negative numbers: run algo over absolute values,\n // and \"move\" the sign to the returned x and/or y.\n // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers\n let a = abs(aInput);\n let b = abs(bInput);\n const aNegated = aInput < _0n;\n const bNegated = bInput < _0n;\n\n while (b !== _0n) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: aNegated ? -xPrev : xPrev,\n y: bNegated ? -yPrev : yPrev,\n gcd: a\n };\n}\n\n/**\n * Compute the inverse of `a` modulo `n`\n * Note: `a` and and `n` must be relatively prime\n * @param {BigInt} a\n * @param {BigInt} n - Modulo\n * @returns {BigInt} x such that a*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\nexport function modInv(a: bigint, n: bigint) {\n const { gcd, x } = _egcd(a, n);\n if (gcd !== _1n) {\n throw new Error('Inverse does not exist');\n }\n return mod(x + n, n);\n}\n\n/**\n * Compute greatest common divisor between this and n\n * @param {BigInt} aInput - Operand\n * @param {BigInt} bInput - Operand\n * @returns {BigInt} gcd\n */\nexport function gcd(aInput: bigint, bInput: bigint) {\n let a = aInput;\n let b = bInput;\n while (b !== _0n) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return a;\n}\n\n/**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\nexport function bigIntToNumber(x: bigint) {\n const number = Number(x);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n}\n\n/**\n * Get value of i-th bit\n * @param {BigInt} x\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\nexport function getBit(x:bigint, i: number) {\n const bit = (x >> BigInt(i)) & _1n;\n return bit === _0n ? 0 : 1;\n}\n\n/**\n * Compute bit length\n */\nexport function bitLength(x: bigint) {\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = x < _0n ? BigInt(-1) : _0n;\n let bitlen = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _1n) !== target) {\n bitlen++;\n }\n return bitlen;\n}\n\n/**\n * Compute byte length\n */\nexport function byteLength(x: bigint) {\n const target = x < _0n ? BigInt(-1) : _0n;\n const _8n = BigInt(8);\n let len = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _8n) !== target) {\n len++;\n }\n return len;\n}\n\n/**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\nexport function bigIntToUint8Array(x: bigint, endian = 'be', length: number) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = x.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? length - rawLength : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n */\nimport { byteLength, mod, uint8ArrayToBigInt } from './biginteger';\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto?.webcrypto;\n if (webcrypto?.getRandomValues) {\n const buf = new Uint8Array(length);\n return webcrypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n}\n\n/**\n * Create a secure random BigInt that is greater than or equal to min and less than max.\n * @param {bigint} min - Lower bound, included\n * @param {bigint} max - Upper bound, excluded\n * @returns {bigint} Random BigInt.\n * @async\n */\nexport function getRandomBigInteger(min, max) {\n if (max < min) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max - min;\n const bytes = byteLength(modulus);\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));\n return mod(r, modulus) + min;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n */\nimport { bigIntToNumber, bitLength, gcd, getBit, mod, modExp } from '../biginteger';\nimport { getRandomBigInteger } from '../random';\n\nconst _1n = BigInt(1);\n\n/**\n * Generate a probably prime random number\n * @param bits - Bit length of the prime\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function randomProbablePrime(bits: number, e: bigint, k: number) {\n const _30n = BigInt(30);\n const min = _1n << BigInt(bits - 1);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n let n = getRandomBigInteger(min, min << _1n);\n let i = bigIntToNumber(mod(n, _30n));\n\n do {\n n += BigInt(adds[i]);\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (bitLength(n) > bits) {\n n = mod(n, min << _1n); n += min;\n i = bigIntToNumber(mod(n, _30n));\n }\n } while (!isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param n - Number to test\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function isProbablePrime(n: bigint, e: bigint, k: number) {\n if (e && gcd(n - _1n, e) !== _1n) {\n return false;\n }\n if (!divisionTest(n)) {\n return false;\n }\n if (!fermat(n)) {\n return false;\n }\n if (!millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param n - Number to test\n * @param b - Optional Fermat test base\n */\nexport function fermat(n: bigint, b = BigInt(2)) {\n return modExp(b, n - _1n, n) === _1n;\n}\n\nexport function divisionTest(n: bigint) {\n const _0n = BigInt(0);\n return smallPrimes.every(m => mod(n, m) !== _0n);\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n].map(n => BigInt(n));\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param n - Number to test\n * @param k - Optional number of iterations of Miller-Rabin test\n * @param rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport function millerRabin(n: bigint, k: number, rand?: () => bigint) {\n const len = bitLength(n);\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n - _1n; // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!getBit(n1, s)) { s++; }\n const d = n >> BigInt(s);\n\n for (; k > 0; k--) {\n const a = rand ? rand() : getRandomBigInteger(BigInt(2), n1);\n\n let x = modExp(a, d, n);\n if (x === _1n || x === n1) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = mod(x * x, n);\n\n if (x === _1n) {\n return false;\n }\n if (x === n1) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n */\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\nimport { bigIntToNumber, bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\nimport hash from '../hash';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst _1n = BigInt(1);\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (hash.getHashByteLength(hashAlgo) >= n.length) {\n // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error\n // e.g. if a 512-bit RSA key is used with a SHA-512 digest.\n // The size limit is actually slightly different but here we only care about throwing\n // on common key sizes.\n throw new Error('Digest size cannot exceed key modulus size');\n }\n\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n e = BigInt(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return jwkToPrivate(jwk, e);\n } else if (util.getNodeCrypto()) {\n const opts = {\n modulusLength: bits,\n publicExponent: bigIntToNumber(e),\n publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },\n privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }\n };\n const jwk = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => {\n if (err) {\n reject(err);\n } else {\n resolve(jwkPrivateKey);\n }\n });\n });\n return jwkToPrivate(jwk, e);\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = randomProbablePrime(bits - (bits >> 1), e, 40);\n p = randomProbablePrime(bits >> 1, e, 40);\n n = p * q;\n } while (bitLength(n) !== bits);\n\n const phi = (p - _1n) * (q - _1n);\n\n if (q < p) {\n [p, q] = [q, p];\n }\n\n return {\n n: bigIntToUint8Array(n),\n e: bigIntToUint8Array(e),\n d: bigIntToUint8Array(modInv(e, phi)),\n p: bigIntToUint8Array(p),\n q: bigIntToUint8Array(q),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: bigIntToUint8Array(modInv(p, q))\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n n = uint8ArrayToBigInt(n);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n\n // expect pq = n\n if ((p * q) !== n) {\n return false;\n }\n\n const _2n = BigInt(2);\n // expect p*u = 1 mod q\n u = uint8ArrayToBigInt(u);\n if (mod(p * u, q) !== BigInt(1)) {\n return false;\n }\n\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));\n const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r * d * e;\n\n const areInverses = mod(rde, p - _1n) === r && mod(rde, q - _1n) === r;\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n n = uint8ArrayToBigInt(n);\n const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));\n d = uint8ArrayToBigInt(d);\n return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n\n const jwk = await privateToJWK(n, e, d, p, q, u);\n return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' }));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n n = uint8ArrayToBigInt(n);\n s = uint8ArrayToBigInt(s);\n e = uint8ArrayToBigInt(e);\n if (s >= n) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));\n const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1' };\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n\n try {\n return verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n n = uint8ArrayToBigInt(n);\n data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));\n e = uint8ArrayToBigInt(e);\n if (data >= n) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n data = uint8ArrayToBigInt(data);\n n = uint8ArrayToBigInt(n);\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n u = uint8ArrayToBigInt(u);\n if (data >= n) {\n throw new Error('Data too large.');\n }\n const dq = mod(d, q - _1n); // d mod (q-1)\n const dp = mod(d, p - _1n); // d mod (p-1)\n\n const unblinder = getRandomBigInteger(BigInt(2), n);\n const blinder = modExp(modInv(unblinder, n), e, n);\n data = mod(data * blinder, n);\n\n const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p\n const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q\n const h = mod(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h * p + mp; // result < n due to relations above\n\n result = mod(result * unblinder, n);\n\n return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const pNum = uint8ArrayToBigInt(p);\n const qNum = uint8ArrayToBigInt(q);\n const dNum = uint8ArrayToBigInt(d);\n\n let dq = mod(dNum, qNum - _1n); // d mod (q-1)\n let dp = mod(dNum, pNum - _1n); // d mod (p-1)\n dp = bigIntToUint8Array(dp);\n dq = bigIntToUint8Array(dq);\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n\n/** Convert JWK private key to OpenPGP private key params */\nfunction jwkToPrivate(jwk, e) {\n return {\n n: b64ToUint8Array(jwk.n),\n e: bigIntToUint8Array(e),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n */\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\nconst _1n = BigInt(1);\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n const padded = emeEncode(data, byteLength(p));\n const m = uint8ArrayToBigInt(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = getRandomBigInteger(_1n, p - _1n);\n return {\n c1: bigIntToUint8Array(modExp(g, k, p)),\n c2: bigIntToUint8Array(mod(modExp(y, k, p) * m, p))\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n c1 = uint8ArrayToBigInt(c1);\n c2 = uint8ArrayToBigInt(c2);\n p = uint8ArrayToBigInt(p);\n x = uint8ArrayToBigInt(x);\n\n const padded = mod(modInv(modExp(c1, x, p), p) * c2, p);\n return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = BigInt(bitLength(p));\n const _1023n = BigInt(1023);\n if (pSize < _1023n) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (modExp(g, p - _1n, p) !== _1n) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n let i = BigInt(1);\n const _2n = BigInt(2);\n const threshold = _2n << BigInt(17); // we want order > threshold\n while (i < threshold) {\n res = mod(res * g, p);\n if (res === _1n) {\n return false;\n }\n i++;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const r = getRandomBigInteger(_2n << (pSize - _1n), _2n << pSize); // draw r of same size as p-1\n const rqx = (p - _1n) * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\nimport * as nc from 'node:crypto';\nexport const crypto =\n nc && typeof nc === 'object' && 'webcrypto' in nc ? nc.webcrypto : undefined;\n","import { crypto } from './crypto.js';\n\n'use strict';\nconst nacl = {};\nexport default nacl;\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction ts64(x, i, h, l) {\n x[i] = (h >> 24) & 0xff;\n x[i+1] = (h >> 16) & 0xff;\n x[i+2] = (h >> 8) & 0xff;\n x[i+3] = h & 0xff;\n x[i+4] = (l >> 24) & 0xff;\n x[i+5] = (l >> 16) & 0xff;\n x[i+6] = (l >> 8) & 0xff;\n x[i+7] = l & 0xff;\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nvar K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction crypto_hashblocks_hl(hh, hl, m, n) {\n var wh = new Int32Array(16), wl = new Int32Array(16),\n bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\n bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\n th, tl, i, j, h, l, a, b, c, d;\n\n var ah0 = hh[0],\n ah1 = hh[1],\n ah2 = hh[2],\n ah3 = hh[3],\n ah4 = hh[4],\n ah5 = hh[5],\n ah6 = hh[6],\n ah7 = hh[7],\n\n al0 = hl[0],\n al1 = hl[1],\n al2 = hl[2],\n al3 = hl[3],\n al4 = hl[4],\n al5 = hl[5],\n al6 = hl[6],\n al7 = hl[7];\n\n var pos = 0;\n while (n >= 128) {\n for (i = 0; i < 16; i++) {\n j = 8 * i + pos;\n wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];\n wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];\n }\n for (i = 0; i < 80; i++) {\n bh0 = ah0;\n bh1 = ah1;\n bh2 = ah2;\n bh3 = ah3;\n bh4 = ah4;\n bh5 = ah5;\n bh6 = ah6;\n bh7 = ah7;\n\n bl0 = al0;\n bl1 = al1;\n bl2 = al2;\n bl3 = al3;\n bl4 = al4;\n bl5 = al5;\n bl6 = al6;\n bl7 = al7;\n\n // add\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma1\n h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\n l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Ch\n h = (ah4 & ah5) ^ (~ah4 & ah6);\n l = (al4 & al5) ^ (~al4 & al6);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // K\n h = K[i*2];\n l = K[i*2+1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // w\n h = wh[i%16];\n l = wl[i%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n th = c & 0xffff | d << 16;\n tl = a & 0xffff | b << 16;\n\n // add\n h = th;\n l = tl;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma0\n h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\n l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Maj\n h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\n l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh7 = (c & 0xffff) | (d << 16);\n bl7 = (a & 0xffff) | (b << 16);\n\n // add\n h = bh3;\n l = bl3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = th;\n l = tl;\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh3 = (c & 0xffff) | (d << 16);\n bl3 = (a & 0xffff) | (b << 16);\n\n ah1 = bh0;\n ah2 = bh1;\n ah3 = bh2;\n ah4 = bh3;\n ah5 = bh4;\n ah6 = bh5;\n ah7 = bh6;\n ah0 = bh7;\n\n al1 = bl0;\n al2 = bl1;\n al3 = bl2;\n al4 = bl3;\n al5 = bl4;\n al6 = bl5;\n al7 = bl6;\n al0 = bl7;\n\n if (i%16 === 15) {\n for (j = 0; j < 16; j++) {\n // add\n h = wh[j];\n l = wl[j];\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = wh[(j+9)%16];\n l = wl[(j+9)%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma0\n th = wh[(j+1)%16];\n tl = wl[(j+1)%16];\n h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\n l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma1\n th = wh[(j+14)%16];\n tl = wl[(j+14)%16];\n h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\n l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n wh[j] = (c & 0xffff) | (d << 16);\n wl[j] = (a & 0xffff) | (b << 16);\n }\n }\n }\n\n // add\n h = ah0;\n l = al0;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[0];\n l = hl[0];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[0] = ah0 = (c & 0xffff) | (d << 16);\n hl[0] = al0 = (a & 0xffff) | (b << 16);\n\n h = ah1;\n l = al1;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[1];\n l = hl[1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[1] = ah1 = (c & 0xffff) | (d << 16);\n hl[1] = al1 = (a & 0xffff) | (b << 16);\n\n h = ah2;\n l = al2;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[2];\n l = hl[2];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[2] = ah2 = (c & 0xffff) | (d << 16);\n hl[2] = al2 = (a & 0xffff) | (b << 16);\n\n h = ah3;\n l = al3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[3];\n l = hl[3];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[3] = ah3 = (c & 0xffff) | (d << 16);\n hl[3] = al3 = (a & 0xffff) | (b << 16);\n\n h = ah4;\n l = al4;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[4];\n l = hl[4];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[4] = ah4 = (c & 0xffff) | (d << 16);\n hl[4] = al4 = (a & 0xffff) | (b << 16);\n\n h = ah5;\n l = al5;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[5];\n l = hl[5];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[5] = ah5 = (c & 0xffff) | (d << 16);\n hl[5] = al5 = (a & 0xffff) | (b << 16);\n\n h = ah6;\n l = al6;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[6];\n l = hl[6];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[6] = ah6 = (c & 0xffff) | (d << 16);\n hl[6] = al6 = (a & 0xffff) | (b << 16);\n\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[7];\n l = hl[7];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[7] = ah7 = (c & 0xffff) | (d << 16);\n hl[7] = al7 = (a & 0xffff) | (b << 16);\n\n pos += 128;\n n -= 128;\n }\n\n return n;\n}\n\nfunction crypto_hash(out, m, n) {\n var hh = new Int32Array(8),\n hl = new Int32Array(8),\n x = new Uint8Array(256),\n i, b = n;\n\n hh[0] = 0x6a09e667;\n hh[1] = 0xbb67ae85;\n hh[2] = 0x3c6ef372;\n hh[3] = 0xa54ff53a;\n hh[4] = 0x510e527f;\n hh[5] = 0x9b05688c;\n hh[6] = 0x1f83d9ab;\n hh[7] = 0x5be0cd19;\n\n hl[0] = 0xf3bcc908;\n hl[1] = 0x84caa73b;\n hl[2] = 0xfe94f82b;\n hl[3] = 0x5f1d36f1;\n hl[4] = 0xade682d1;\n hl[5] = 0x2b3e6c1f;\n hl[6] = 0xfb41bd6b;\n hl[7] = 0x137e2179;\n\n crypto_hashblocks_hl(hh, hl, m, n);\n n %= 128;\n\n for (i = 0; i < n; i++) x[i] = m[b-n+i];\n x[n] = 128;\n\n n = 256-128*(n<112?1:0);\n x[n-9] = 0;\n ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\n crypto_hashblocks_hl(hh, hl, x, n);\n\n for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\n\n return 0;\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n crypto_hash(r, sm.subarray(32), n+32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n crypto_hash(h, sm, n + 64);\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n crypto_hash(h, m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n if (crypto && crypto.getRandomValues) {\n // Browsers and Node v16+\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n})();\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nconst knownOIDs = {\n '2a8648ce3d030107': enums.curve.nistP256,\n '2b81040022': enums.curve.nistP384,\n '2b81040023': enums.curve.nistP521,\n '2b8104000a': enums.curve.secp256k1,\n '2b06010401da470f01': enums.curve.ed25519Legacy,\n '2b060104019755010501': enums.curve.curve25519Legacy,\n '2b2403030208010107': enums.curve.brainpoolP256r1,\n '2b240303020801010b': enums.curve.brainpoolP384r1,\n '2b240303020801010d': enums.curve.brainpoolP512r1\n};\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {enums.curve} String with the canonical name of the curve\n * @throws if unknown\n */\n getName() {\n const name = knownOIDs[this.toHex()];\n if (!name) {\n throw new Error('Unknown curve object identifier.');\n }\n\n return name;\n }\n}\n\nexport default OID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\n// unknown packet types are handled differently depending on the packet criticality\nexport class UnknownPacketError extends UnsupportedError {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnknownPacketError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n */\n\nimport ed25519 from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\nimport { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';\n\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n A: new Uint8Array(b64ToUint8Array(publicKey.x)),\n seed: b64ToUint8Array(privateKey.d, true)\n };\n } catch (err) {\n if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux\n throw err;\n }\n const seed = getRandomBytes(getPayloadSize(algo));\n const { publicKey: A } = ed25519.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const seed = ed448.utils.randomPrivateKey();\n const A = ed448.getPublicKey(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = privateKeyToJWK(algo, publicKey, privateKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']);\n\n const signature = new Uint8Array(\n await webCrypto.sign('Ed25519', key, hashed)\n );\n\n return { RS: signature };\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = ed25519.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const signature = ed448.sign(hashed, privateKey);\n return { RS: signature };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = publicKeyToJWK(algo, publicKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']);\n const verified = await webCrypto.verify('Ed25519', key, RS, hashed);\n return verified;\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n return ed25519.sign.detached.verify(hashed, RS, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n return ed448.verify(RS, hashed, publicKey);\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented\n */\n const { publicKey } = ed25519.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n\n const publicKey = ed448.getPublicKey(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n default:\n return false;\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return 32;\n\n case enums.publicKey.ed448:\n return 57;\n\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n case enums.publicKey.ed448:\n return enums.hash.sha512;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n\nconst publicKeyToJWK = (algo, publicKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = {\n kty: 'OKP',\n crv: 'Ed25519',\n x: uint8ArrayToB64(publicKey, true),\n ext: true\n };\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n\nconst privateKeyToJWK = (algo, publicKey, privateKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = publicKeyToJWK(algo, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n */\n\nimport { aeskw as nobleAesKW } from '@noble/ciphers/aes';\nimport { getCipherParams } from './cipher';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n/**\n * AES key wrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} dataToWrap\n * @returns {Uint8Array} wrapped key\n */\nexport async function wrap(algo, key, dataToWrap) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n try {\n const wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']);\n // Import data as HMAC key, as it has no key length requirements\n const keyToWrap = await webCrypto.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n const wrapped = await webCrypto.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' });\n return new Uint8Array(wrapped);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n\n return nobleAesKW(key).encrypt(dataToWrap);\n}\n\n/**\n * AES key unwrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} wrappedData\n * @returns {Uint8Array} unwrapped data\n */\nexport async function unwrap(algo, key, wrappedData) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let wrappingKey;\n try {\n wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n return nobleAesKW(key).decrypt(wrappedData);\n }\n\n try {\n const unwrapped = await webCrypto.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n return new Uint8Array(await webCrypto.exportKey('raw', unwrapped));\n } catch (err) {\n if (err.name === 'OperationError') {\n throw new Error('Key Data Integrity failed');\n }\n throw err;\n }\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n\nexport default async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n const importedKey = await webCrypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await webCrypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport x25519 from '@openpgp/tweetnacl';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport computeHKDF from '../../hkdf';\nimport { getCipherParams } from '../../cipher';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519'),\n x448: util.encodeUTF8('OpenPGP X448')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const k = x448.utils.randomPrivateKey();\n const A = x448.getPublicKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = x25519.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const publicKey = x448.getPublicKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.x25519:\n return 32;\n\n case enums.publicKey.x448:\n return 56;\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Generate shared secret and ephemeral public key for encryption\n * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret\n * @async\n */\nexport async function generateEphemeralEncryptionMaterial(algo, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));\n const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const ephemeralSecretKey = x448.utils.randomPrivateKey();\n const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * x25519 and x448 produce an all-zero value when given as input a point with small order.\n * This does not lead to a security issue in the context of ECDH, but it is still unexpected,\n * hence we throw.\n * @param {Uint8Array} sharedSecret\n */\nfunction assertNonZeroArray(sharedSecret) {\n let acc = 0;\n for (let i = 0; i < sharedSecret.length; i++) {\n acc |= sharedSecret[i];\n }\n if (acc === 0) {\n throw new Error('Unexpected low order point');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n */\nimport nacl from '@openpgp/tweetnacl';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { UnsupportedError } from '../../../packet/packet';\nimport { generate as eddsaGenerate } from './eddsa';\nimport { generate as ecdhXGenerate } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n [enums.curve.nistP256]: 'P-256',\n [enums.curve.nistP384]: 'P-384',\n [enums.curve.nistP521]: 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,\n [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n [enums.curve.nistP256]: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.nistP256],\n web: webCurves[enums.curve.nistP256],\n payloadSize: 32,\n sharedSize: 256,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP384]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.nistP384],\n web: webCurves[enums.curve.nistP384],\n payloadSize: 48,\n sharedSize: 384,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP521]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.nistP521],\n web: webCurves[enums.curve.nistP521],\n payloadSize: 66,\n sharedSize: 528,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.secp256k1]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.secp256k1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.ed25519Legacy]: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.curve25519Legacy]: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.brainpoolP256r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.brainpoolP256r1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP384r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.brainpoolP384r1],\n payloadSize: 48,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP512r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.brainpoolP512r1],\n payloadSize: 64,\n wireFormatLeadingByte: 0x04\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName) {\n try {\n this.name = oidOrName instanceof OID ?\n oidOrName.getName() :\n enums.write(enums.curve,oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n const params = curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node;\n this.web = params.web;\n this.payloadSize = params.payloadSize;\n this.sharedSize = params.sharedSize;\n this.wireFormatLeadingByte = params.wireFormatLeadingByte;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === enums.curve.curve25519Legacy) {\n this.type = 'curve25519Legacy';\n } else if (this.name === enums.curve.ed25519Legacy) {\n this.type = 'ed25519Legacy';\n }\n }\n\n async genKeyPair() {\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name, this.wireFormatLeadingByte);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n return jsGenKeyPair(this.name);\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519Legacy': {\n // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3\n const { k, A } = await ecdhXGenerate(enums.publicKey.x25519);\n const privateKey = k.slice().reverse();\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n case 'ed25519Legacy': {\n const { seed: privateKey, A } = await eddsaGenerate(enums.publicKey.ed25519);\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n default:\n return jsGenKeyPair(this.name);\n }\n }\n}\n\nasync function generate(curveName) {\n const curve = new CurveWithOID(curveName);\n const { oid, hash, cipher } = curve;\n const keyPair = await curve.genKeyPair();\n return {\n oid,\n Q: keyPair.publicKey,\n secret: util.leftPad(keyPair.privateKey, curve.payloadSize),\n hash,\n cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[oid.getName()].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n [enums.curve.nistP256]: true,\n [enums.curve.nistP384]: true,\n [enums.curve.nistP521]: true,\n [enums.curve.secp256k1]: true,\n [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh,\n [enums.curve.brainpoolP256r1]: true,\n [enums.curve.brainpoolP384r1]: true,\n [enums.curve.brainpoolP512r1]: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === enums.curve.curve25519Legacy) {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n /*\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = nobleCurve.getPublicKey(d, false);\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n}\n\n/**\n * Check whether the public point has a valid encoding.\n * NB: this function does not check e.g. whether the point belongs to the curve.\n */\nfunction checkPublicPointEnconding(curve, V) {\n const { payloadSize, wireFormatLeadingByte, name: curveName } = curve;\n\n const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2;\n\n if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) {\n throw new Error('Invalid point encoding');\n }\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\nasync function jsGenKeyPair(name) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n const privateKey = nobleCurve.utils.randomPrivateKey();\n const publicKey = nobleCurve.getPublicKey(privateKey, false);\n return { publicKey, privateKey };\n}\n\nasync function webGenKeyPair(name, wireFormatLeadingByte) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk, wireFormatLeadingByte) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = wireFormatLeadingByte;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';\nimport { bigIntToUint8Array } from '../../biginteger';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web':\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n case 'node':\n return nodeSign(curve, hashAlgo, message, privateKey);\n }\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });\n return {\n r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),\n s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)\n };\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n // See https://github.com/openpgpjs/openpgpjs/pull/948.\n // NB: the impact was more likely limited to Brainpool curves, since thanks\n // to WebCrypto availability, NIST curve should not have been affected.\n // Similarly, secp256k1 should have been used rarely enough.\n // However, we implement the fix for all curves, since it's only needed in case of\n // verification failure, which is unexpected, hence a minor slowdown is acceptable.\n const tryFallbackVerificationForOldBug = async () => (\n hashed[0] === 0 ?\n jsVerify(curve, signature, hashed.subarray(1), publicKey) :\n false\n );\n\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n const verified = await webVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node': {\n const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n }\n }\n }\n\n const verified = await jsVerify(curve, signature, hashed, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n // eslint-disable-next-line @typescript-eslint/return-await\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Fallback javascript implementation of ECDSA verification.\n * To be used if no native implementation is available for the given curve/operation.\n */\nasync function jsVerify(curve, signature, hashed, publicKey) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false });\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, privateKey) {\n // JWT encoding cannot be used for now, as Brainpool curves are not supported\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n privateKey: nodeBuffer.from(privateKey)\n });\n\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n\n const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' }));\n const len = curve.payloadSize;\n\n return {\n r: signature.subarray(0, len),\n s: signature.subarray(len, len << 1)\n };\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { publicKey: derPublicKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n publicKey: nodeBuffer.from(publicKey)\n });\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n\n const signature = util.concatUint8Array([r, s]);\n\n try {\n return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature);\n } catch (err) {\n return false;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n */\n\nimport nacl from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { CurveWithOID, checkPublicPointEnconding } from './oid_curves';\nimport { sign as eddsaSign, verify as eddsaVerify } from './eddsa';\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const { RS: signature } = await eddsaSign(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const RS = util.concatUint8Array([r, s]);\n return eddsaVerify(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed);\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { getCipherParams } from '../../cipher';\nimport { generateEphemeralEncryptionMaterial as ecdhXGenerateEphemeralEncryptionMaterial, recomputeSharedSecret as ecdhXRecomputeSharedSecret } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519Legacy': {\n const { sharedSecret: sharedKey, ephemeralPublicKey } = await ecdhXGenerateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1));\n const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n return jsPublicEphemeralKey(curve, Q);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n default:\n return jsPublicEphemeralKey(curve, Q);\n\n }\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = await aesKW.wrap(kdfParams.cipher, Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519Legacy': {\n const secretKey = d.slice().reverse();\n const sharedKey = await ecdhXRecomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey);\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n return jsPrivateEphemeralKey(curve, V, d);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n default:\n return jsPrivateEphemeralKey(curve, V, d);\n }\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n checkPublicPointEnconding(curve, V);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(await aesKW.unwrap(kdfParams.cipher, Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\nasync function jsPrivateEphemeralKey(curve, V, d) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { secretKey: d, sharedKey };\n}\n\nasync function jsPublicEphemeralKey(curve, Q) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n const { publicKey: V, privateKey: v } = await curve.genKeyPair();\n\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { publicKey: V, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: sender\n },\n privateKey,\n curve.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const _0n = BigInt(0);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n x = uint8ArrayToBigInt(x);\n\n let k;\n let r;\n let s;\n let t;\n g = mod(g, p);\n x = mod(x, q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = getRandomBigInteger(_1n, q); // returns in [1, q-1]\n r = mod(modExp(g, k, p), q); // (g**k mod p) mod q\n if (r === _0n) {\n continue;\n }\n const xr = mod(x * r, q);\n t = mod(h + xr, q); // H(m) + x*r mod q\n s = mod(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q\n if (s === _0n) {\n continue;\n }\n break;\n }\n return {\n r: bigIntToUint8Array(r, 'be', byteLength(p)),\n s: bigIntToUint8Array(s, 'be', byteLength(p))\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n r = uint8ArrayToBigInt(r);\n s = uint8ArrayToBigInt(s);\n\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n if (r <= _0n || r >= q ||\n s <= _0n || s >= q) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n const w = modInv(s, q); // s**-1 mod q\n if (w === _0n) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = mod(g, p);\n y = mod(y, p);\n const u1 = mod(h * w, q); // H(m) * w mod q\n const u2 = mod(r * w, q); // r * w mod q\n const t1 = modExp(g, u1, p); // g**u1 mod p\n const t2 = modExp(y, u2, p); // y**u2 mod p\n const v = mod(mod(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q\n return v === r;\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (mod(p - _1n, q) !== _0n) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (modExp(g, q, p) !== _1n) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = BigInt(bitLength(q));\n const _150n = BigInt(150);\n if (qSize < _150n || !isProbablePrime(q, null, 32)) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const _2n = BigInt(2);\n const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q\n const rqx = q * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n */\n\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { read, signatureParams: { s } };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n // If the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature\n // verification: if the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n // Algorithm-Specific Fields for Ed448 signatures:\n // - 114 octets of the native signature\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo);\n const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length;\n return { read, signatureParams: { RS } };\n }\n\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal:\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport { getCipherParams } from './cipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only)\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n if (symmetricAlgo && !util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 and X448 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (C.algorithm !== null && !util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const payloadSize = getCurvePayloadSize(algo);\n const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const payloadSize = getCurvePayloadSize(algo);\n const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 or X448 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448).\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const pointSize = getCurvePayloadSize(algo);\n const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([\n enums.publicKey.ed25519,\n enums.publicKey.x25519,\n enums.publicKey.ed448,\n enums.publicKey.x448\n ]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipherParams(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipherParams(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get encoded secret size for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getCurvePayloadSize(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh:\n case enums.publicKey.eddsaLegacy:\n return new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPayloadSize(algo);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.getPayloadSize(algo);\n default:\n throw new Error('Unknown elliptic algo');\n }\n}\n\n/**\n * Get preferred signing hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n\n\nexport { getCipherParams };\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","import defaultConfig from '../../config';\nimport enums from '../../enums';\nimport util from '../../util';\nimport crypto from '../../crypto';\n\nconst ARGON2_TYPE = 0x02; // id\nconst ARGON2_VERSION = 0x13;\nconst ARGON2_SALT_SIZE = 16;\n\nexport class Argon2OutOfMemoryError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Argon2OutOfMemoryError);\n }\n\n this.name = 'Argon2OutOfMemoryError';\n }\n}\n\n// cache argon wasm module\nlet loadArgonWasmModule;\nlet argon2Promise;\n// reload wasm module above this treshold, to deallocated used memory\nconst ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;\n\nclass Argon2S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n const { passes, parallelism, memoryExponent } = config.s2kArgon2Params;\n\n this.type = 'argon2';\n /**\n * 16 bytes of salt\n * @type {Uint8Array}\n */\n this.salt = null;\n /**\n * number of passes\n * @type {Integer}\n */\n this.t = passes;\n /**\n * degree of parallelism (lanes)\n * @type {Integer}\n */\n this.p = parallelism;\n /**\n * exponent indicating memory size\n * @type {Integer}\n */\n this.encodedM = memoryExponent;\n }\n\n generateSalt() {\n this.salt = crypto.random.getRandomBytes(ARGON2_SALT_SIZE);\n }\n\n /**\n * Parsing function for argon2 string-to-key specifier.\n * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n\n this.salt = bytes.subarray(i, i + 16);\n i += 16;\n\n this.t = bytes[i++];\n this.p = bytes[i++];\n this.encodedM = bytes[i++]; // memory size exponent, one-octect\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n const arr = [\n new Uint8Array([enums.write(enums.s2k, this.type)]),\n this.salt,\n new Uint8Array([this.t, this.p, this.encodedM])\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to `keySize`\n * @throws {Argon2OutOfMemoryError|Errors}\n * @async\n */\n async produceKey(passphrase, keySize) {\n const decodedM = 2 << (this.encodedM - 1);\n\n try {\n // on first load, the argon2 lib is imported and the WASM module is initialized.\n // the two steps need to be atomic to avoid race conditions causing multiple wasm modules\n // being loaded when `argon2Promise` is not initialized.\n loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;\n argon2Promise = argon2Promise || loadArgonWasmModule();\n\n // important to keep local ref to argon2 in case the module is reloaded by another instance\n const argon2 = await argon2Promise;\n\n const passwordBytes = util.encodeUTF8(passphrase);\n const hash = argon2({\n version: ARGON2_VERSION,\n type: ARGON2_TYPE,\n password: passwordBytes,\n salt: this.salt,\n tagLength: keySize,\n memorySize: decodedM,\n parallelism: this.p,\n passes: this.t\n });\n\n // a lot of memory was used, reload to deallocate\n if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {\n // it will be awaited if needed at the next `produceKey` invocation\n argon2Promise = loadArgonWasmModule();\n argon2Promise.catch(() => {});\n }\n return hash;\n } catch (e) {\n if (e.message && (\n e.message.includes('Unable to grow instance memory') || // Chrome\n e.message.includes('failed to grow memory') || // Firefox\n e.message.includes('WebAssembly.Memory.grow') || // Safari\n e.message.includes('Out of memory') // Safari iOS\n )) {\n throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');\n } else {\n throw e;\n }\n }\n }\n}\n\nexport default Argon2S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n */\n\nimport defaultConfig from '../../config';\nimport crypto from '../../crypto';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\nimport util from '../../util';\n\nclass GenericS2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(s2kType, config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = enums.read(enums.s2k, s2kType);\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n generateSalt() {\n switch (this.type) {\n case 'salted':\n case 'iterated':\n this.salt = crypto.random.getRandomBytes(8);\n }\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default GenericS2K;\n","import defaultConfig from '../../config';\nimport Argon2S2K, { Argon2OutOfMemoryError } from './argon2';\nimport GenericS2K from './generic';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\n\nconst allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);\n\n/**\n * Instantiate a new S2K instance of the given type\n * @param {module:enums.s2k} type\n * @oaram {Object} [config]\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromType(type, config = defaultConfig) {\n switch (type) {\n case enums.s2k.argon2:\n return new Argon2S2K(config);\n case enums.s2k.iterated:\n case enums.s2k.gnu:\n case enums.s2k.salted:\n case enums.s2k.simple:\n return new GenericS2K(type, config);\n default:\n throw new UnsupportedError('Unsupported S2K type');\n }\n}\n\n/**\n * Instantiate a new S2K instance based on the config settings\n * @oaram {Object} config\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromConfig(config) {\n const { s2kType } = config;\n\n if (!allowedS2KTypesForEncryption.has(s2kType)) {\n throw new Error('The provided `config.s2kType` value is not allowed');\n }\n\n return newS2KFromType(s2kType, config);\n}\n\nexport { Argon2OutOfMemoryError };\n","import { createRequire } from 'module';\nvar require = createRequire('/');\n// DEFLATE is a complex format; to read this code, you should probably check the RFC first:\n// https://tools.ietf.org/html/rfc1951\n// You may also wish to take a look at the guide I made about this program:\n// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad\n// Some of the following code is similar to that of UZIP.js:\n// https://github.com/photopea/UZIP.js\n// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size.\n// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint\n// is better for memory in most engines (I *think*).\n// Mediocre shim\nvar Worker;\nvar workerAdd = \";var __w=require('worker_threads');__w.parentPort.on('message',function(m){onmessage({data:m})}),postMessage=function(m,t){__w.parentPort.postMessage(m,t)},close=process.exit;self=global\";\ntry {\n Worker = require('worker_threads').Worker;\n}\ncatch (e) {\n}\nvar wk = Worker ? function (c, _, msg, transfer, cb) {\n var done = false;\n var w = new Worker(c + workerAdd, { eval: true })\n .on('error', function (e) { return cb(e, null); })\n .on('message', function (m) { return cb(null, m); })\n .on('exit', function (c) {\n if (c && !done)\n cb(new Error('exited with code ' + c), null);\n });\n w.postMessage(msg, transfer);\n w.terminate = function () {\n done = true;\n return Worker.prototype.terminate.call(w);\n };\n return w;\n} : function (_, __, ___, ____, cb) {\n setImmediate(function () { return cb(new Error('async operations unsupported - update to Node 12+ (or Node 10-11 with the --experimental-worker CLI flag)'), null); });\n var NOP = function () { };\n return {\n terminate: NOP,\n postMessage: NOP\n };\n};\n\n// aliases for shorter compressed code (most minifers don't do this)\nvar u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array;\n// fixed length extra bits\nvar fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]);\n// fixed distance extra bits\n// see fleb note\nvar fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]);\n// code length index map\nvar clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);\n// get base, reverse index map from extra bits\nvar freb = function (eb, start) {\n var b = new u16(31);\n for (var i = 0; i < 31; ++i) {\n b[i] = start += 1 << eb[i - 1];\n }\n // numbers here are at max 18 bits\n var r = new u32(b[30]);\n for (var i = 1; i < 30; ++i) {\n for (var j = b[i]; j < b[i + 1]; ++j) {\n r[j] = ((j - b[i]) << 5) | i;\n }\n }\n return [b, r];\n};\nvar _a = freb(fleb, 2), fl = _a[0], revfl = _a[1];\n// we can ignore the fact that the other numbers are wrong; they never happen anyway\nfl[28] = 258, revfl[258] = 28;\nvar _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1];\n// map of value to reverse (assuming 16 bits)\nvar rev = new u16(32768);\nfor (var i = 0; i < 32768; ++i) {\n // reverse table algorithm from SO\n var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1);\n x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2);\n x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4);\n rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1;\n}\n// create huffman tree from u8 \"map\": index -> code length for code index\n// mb (max bits) must be at most 15\n// TODO: optimize/split up?\nvar hMap = (function (cd, mb, r) {\n var s = cd.length;\n // index\n var i = 0;\n // u16 \"map\": index -> # of codes with bit length = index\n var l = new u16(mb);\n // length of cd must be 288 (total # of codes)\n for (; i < s; ++i) {\n if (cd[i])\n ++l[cd[i] - 1];\n }\n // u16 \"map\": index -> minimum code for bit length = index\n var le = new u16(mb);\n for (i = 0; i < mb; ++i) {\n le[i] = (le[i - 1] + l[i - 1]) << 1;\n }\n var co;\n if (r) {\n // u16 \"map\": index -> number of actual bits, symbol for code\n co = new u16(1 << mb);\n // bits to remove for reverser\n var rvb = 15 - mb;\n for (i = 0; i < s; ++i) {\n // ignore 0 lengths\n if (cd[i]) {\n // num encoding both symbol and bits read\n var sv = (i << 4) | cd[i];\n // free bits\n var r_1 = mb - cd[i];\n // start value\n var v = le[cd[i] - 1]++ << r_1;\n // m is end value\n for (var m = v | ((1 << r_1) - 1); v <= m; ++v) {\n // every 16 bit value starting with the code yields the same result\n co[rev[v] >>> rvb] = sv;\n }\n }\n }\n }\n else {\n co = new u16(s);\n for (i = 0; i < s; ++i) {\n if (cd[i]) {\n co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]);\n }\n }\n }\n return co;\n});\n// fixed length tree\nvar flt = new u8(288);\nfor (var i = 0; i < 144; ++i)\n flt[i] = 8;\nfor (var i = 144; i < 256; ++i)\n flt[i] = 9;\nfor (var i = 256; i < 280; ++i)\n flt[i] = 7;\nfor (var i = 280; i < 288; ++i)\n flt[i] = 8;\n// fixed distance tree\nvar fdt = new u8(32);\nfor (var i = 0; i < 32; ++i)\n fdt[i] = 5;\n// fixed length map\nvar flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1);\n// fixed distance map\nvar fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1);\n// find max of array\nvar max = function (a) {\n var m = a[0];\n for (var i = 1; i < a.length; ++i) {\n if (a[i] > m)\n m = a[i];\n }\n return m;\n};\n// read d, starting at bit p and mask with m\nvar bits = function (d, p, m) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m;\n};\n// read d, starting at bit p continuing for at least 16 bits\nvar bits16 = function (d, p) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7));\n};\n// get end of byte\nvar shft = function (p) { return ((p + 7) / 8) | 0; };\n// typed array slice - allows garbage collector to free original reference,\n// while being more compatible than .slice\nvar slc = function (v, s, e) {\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n // can't use .constructor in case user-supplied\n var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\n/**\n * Codes for errors generated within this library\n */\nexport var FlateErrorCode = {\n UnexpectedEOF: 0,\n InvalidBlockType: 1,\n InvalidLengthLiteral: 2,\n InvalidDistance: 3,\n StreamFinished: 4,\n NoStreamHandler: 5,\n InvalidHeader: 6,\n NoCallback: 7,\n InvalidUTF8: 8,\n ExtraFieldTooLong: 9,\n InvalidDate: 10,\n FilenameTooLong: 11,\n StreamFinishing: 12,\n InvalidZipData: 13,\n UnknownCompressionMethod: 14\n};\n// error codes\nvar ec = [\n 'unexpected EOF',\n 'invalid block type',\n 'invalid length/literal',\n 'invalid distance',\n 'stream finished',\n 'no stream handler',\n ,\n 'no callback',\n 'invalid UTF-8 data',\n 'extra field too long',\n 'date not in range 1980-2099',\n 'filename too long',\n 'stream finishing',\n 'invalid zip data'\n // determined by unknown compression method\n];\n;\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\n// expands raw DEFLATE data\nvar inflt = function (dat, buf, st) {\n // source length\n var sl = dat.length;\n if (!sl || (st && st.f && !st.l))\n return buf || new u8(0);\n // have to estimate size\n var noBuf = !buf || st;\n // no state\n var noSt = !st || st.i;\n if (!st)\n st = {};\n // Assumes roughly 33% compression ratio average\n if (!buf)\n buf = new u8(sl * 3);\n // ensure buffer can fit at least l elements\n var cbuf = function (l) {\n var bl = buf.length;\n // need to increase size to fit\n if (l > bl) {\n // Double or set to necessary, whichever is greater\n var nbuf = new u8(Math.max(bl * 2, l));\n nbuf.set(buf);\n buf = nbuf;\n }\n };\n // last chunk bitpos bytes\n var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;\n // total bits\n var tbts = sl * 8;\n do {\n if (!lm) {\n // BFINAL - this is only 1 when last chunk is next\n final = bits(dat, pos, 1);\n // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman\n var type = bits(dat, pos + 1, 3);\n pos += 3;\n if (!type) {\n // go to end of byte boundary\n var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l;\n if (t > sl) {\n if (noSt)\n err(0);\n break;\n }\n // ensure size\n if (noBuf)\n cbuf(bt + l);\n // Copy over uncompressed data\n buf.set(dat.subarray(s, t), bt);\n // Get new bitpos, update byte count\n st.b = bt += l, st.p = pos = t * 8, st.f = final;\n continue;\n }\n else if (type == 1)\n lm = flrm, dm = fdrm, lbt = 9, dbt = 5;\n else if (type == 2) {\n // literal lengths\n var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;\n var tl = hLit + bits(dat, pos + 5, 31) + 1;\n pos += 14;\n // length+distance tree\n var ldt = new u8(tl);\n // code length tree\n var clt = new u8(19);\n for (var i = 0; i < hcLen; ++i) {\n // use index map to get real code\n clt[clim[i]] = bits(dat, pos + i * 3, 7);\n }\n pos += hcLen * 3;\n // code lengths bits\n var clb = max(clt), clbmsk = (1 << clb) - 1;\n // code lengths map\n var clm = hMap(clt, clb, 1);\n for (var i = 0; i < tl;) {\n var r = clm[bits(dat, pos, clbmsk)];\n // bits read\n pos += r & 15;\n // symbol\n var s = r >>> 4;\n // code length to copy\n if (s < 16) {\n ldt[i++] = s;\n }\n else {\n // copy count\n var c = 0, n = 0;\n if (s == 16)\n n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1];\n else if (s == 17)\n n = 3 + bits(dat, pos, 7), pos += 3;\n else if (s == 18)\n n = 11 + bits(dat, pos, 127), pos += 7;\n while (n--)\n ldt[i++] = c;\n }\n }\n // length tree distance tree\n var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);\n // max length bits\n lbt = max(lt);\n // max dist bits\n dbt = max(dt);\n lm = hMap(lt, lbt, 1);\n dm = hMap(dt, dbt, 1);\n }\n else\n err(1);\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n }\n // Make sure the buffer can hold this + the largest possible addition\n // Maximum chunk size (practically, theoretically infinite) is 2^17;\n if (noBuf)\n cbuf(bt + 131072);\n var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;\n var lpos = pos;\n for (;; lpos = pos) {\n // bits read, code\n var c = lm[bits16(dat, pos) & lms], sym = c >>> 4;\n pos += c & 15;\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (!c)\n err(2);\n if (sym < 256)\n buf[bt++] = sym;\n else if (sym == 256) {\n lpos = pos, lm = null;\n break;\n }\n else {\n var add = sym - 254;\n // no extra bits needed if less\n if (sym > 264) {\n // index\n var i = sym - 257, b = fleb[i];\n add = bits(dat, pos, (1 << b) - 1) + fl[i];\n pos += b;\n }\n // dist\n var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4;\n if (!d)\n err(3);\n pos += d & 15;\n var dt = fd[dsym];\n if (dsym > 3) {\n var b = fdeb[dsym];\n dt += bits16(dat, pos) & ((1 << b) - 1), pos += b;\n }\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (noBuf)\n cbuf(bt + 131072);\n var end = bt + add;\n for (; bt < end; bt += 4) {\n buf[bt] = buf[bt - dt];\n buf[bt + 1] = buf[bt + 1 - dt];\n buf[bt + 2] = buf[bt + 2 - dt];\n buf[bt + 3] = buf[bt + 3 - dt];\n }\n bt = end;\n }\n }\n st.l = lm, st.p = lpos, st.b = bt, st.f = final;\n if (lm)\n final = 1, st.m = lbt, st.d = dm, st.n = dbt;\n } while (!final);\n return bt == buf.length ? buf : slc(buf, 0, bt);\n};\n// starting at p, write the minimum number of bits that can hold v to d\nvar wbits = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n};\n// starting at p, write the minimum number of bits (>8) that can hold v to d\nvar wbits16 = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n d[o + 2] |= v >>> 16;\n};\n// creates code lengths from a frequency table\nvar hTree = function (d, mb) {\n // Need extra info to make a tree\n var t = [];\n for (var i = 0; i < d.length; ++i) {\n if (d[i])\n t.push({ s: i, f: d[i] });\n }\n var s = t.length;\n var t2 = t.slice();\n if (!s)\n return [et, 0];\n if (s == 1) {\n var v = new u8(t[0].s + 1);\n v[t[0].s] = 1;\n return [v, 1];\n }\n t.sort(function (a, b) { return a.f - b.f; });\n // after i2 reaches last ind, will be stopped\n // freq must be greater than largest possible number of symbols\n t.push({ s: -1, f: 25001 });\n var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2;\n t[0] = { s: -1, f: l.f + r.f, l: l, r: r };\n // efficient algorithm from UZIP.js\n // i0 is lookbehind, i2 is lookahead - after processing two low-freq\n // symbols that combined have high freq, will start processing i2 (high-freq,\n // non-composite) symbols instead\n // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/\n while (i1 != s - 1) {\n l = t[t[i0].f < t[i2].f ? i0++ : i2++];\n r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++];\n t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r };\n }\n var maxSym = t2[0].s;\n for (var i = 1; i < s; ++i) {\n if (t2[i].s > maxSym)\n maxSym = t2[i].s;\n }\n // code lengths\n var tr = new u16(maxSym + 1);\n // max bits in tree\n var mbt = ln(t[i1 - 1], tr, 0);\n if (mbt > mb) {\n // more algorithms from UZIP.js\n // TODO: find out how this code works (debt)\n // ind debt\n var i = 0, dt = 0;\n // left cost\n var lft = mbt - mb, cst = 1 << lft;\n t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; });\n for (; i < s; ++i) {\n var i2_1 = t2[i].s;\n if (tr[i2_1] > mb) {\n dt += cst - (1 << (mbt - tr[i2_1]));\n tr[i2_1] = mb;\n }\n else\n break;\n }\n dt >>>= lft;\n while (dt > 0) {\n var i2_2 = t2[i].s;\n if (tr[i2_2] < mb)\n dt -= 1 << (mb - tr[i2_2]++ - 1);\n else\n ++i;\n }\n for (; i >= 0 && dt; --i) {\n var i2_3 = t2[i].s;\n if (tr[i2_3] == mb) {\n --tr[i2_3];\n ++dt;\n }\n }\n mbt = mb;\n }\n return [new u8(tr), mbt];\n};\n// get the max length and assign length codes\nvar ln = function (n, l, d) {\n return n.s == -1\n ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1))\n : (l[n.s] = d);\n};\n// length codes generation\nvar lc = function (c) {\n var s = c.length;\n // Note that the semicolon was intentional\n while (s && !c[--s])\n ;\n var cl = new u16(++s);\n // ind num streak\n var cli = 0, cln = c[0], cls = 1;\n var w = function (v) { cl[cli++] = v; };\n for (var i = 1; i <= s; ++i) {\n if (c[i] == cln && i != s)\n ++cls;\n else {\n if (!cln && cls > 2) {\n for (; cls > 138; cls -= 138)\n w(32754);\n if (cls > 2) {\n w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305);\n cls = 0;\n }\n }\n else if (cls > 3) {\n w(cln), --cls;\n for (; cls > 6; cls -= 6)\n w(8304);\n if (cls > 2)\n w(((cls - 3) << 5) | 8208), cls = 0;\n }\n while (cls--)\n w(cln);\n cls = 1;\n cln = c[i];\n }\n }\n return [cl.subarray(0, cli), s];\n};\n// calculate the length of output from tree, code lengths\nvar clen = function (cf, cl) {\n var l = 0;\n for (var i = 0; i < cl.length; ++i)\n l += cf[i] * cl[i];\n return l;\n};\n// writes a fixed block\n// returns the new bit pos\nvar wfblk = function (out, pos, dat) {\n // no need to write 00 as type: TypedArray defaults to 0\n var s = dat.length;\n var o = shft(pos + 2);\n out[o] = s & 255;\n out[o + 1] = s >>> 8;\n out[o + 2] = out[o] ^ 255;\n out[o + 3] = out[o + 1] ^ 255;\n for (var i = 0; i < s; ++i)\n out[o + i + 4] = dat[i];\n return (o + 4 + s) * 8;\n};\n// writes a block\nvar wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) {\n wbits(out, p++, final);\n ++lf[256];\n var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1];\n var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1];\n var _c = lc(dlt), lclt = _c[0], nlc = _c[1];\n var _d = lc(ddt), lcdt = _d[0], ndc = _d[1];\n var lcfreq = new u16(19);\n for (var i = 0; i < lclt.length; ++i)\n lcfreq[lclt[i] & 31]++;\n for (var i = 0; i < lcdt.length; ++i)\n lcfreq[lcdt[i] & 31]++;\n var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1];\n var nlcc = 19;\n for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc)\n ;\n var flen = (bl + 5) << 3;\n var ftlen = clen(lf, flt) + clen(df, fdt) + eb;\n var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]);\n if (flen <= ftlen && flen <= dtlen)\n return wfblk(out, p, dat.subarray(bs, bs + bl));\n var lm, ll, dm, dl;\n wbits(out, p, 1 + (dtlen < ftlen)), p += 2;\n if (dtlen < ftlen) {\n lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt;\n var llm = hMap(lct, mlcb, 0);\n wbits(out, p, nlc - 257);\n wbits(out, p + 5, ndc - 1);\n wbits(out, p + 10, nlcc - 4);\n p += 14;\n for (var i = 0; i < nlcc; ++i)\n wbits(out, p + 3 * i, lct[clim[i]]);\n p += 3 * nlcc;\n var lcts = [lclt, lcdt];\n for (var it = 0; it < 2; ++it) {\n var clct = lcts[it];\n for (var i = 0; i < clct.length; ++i) {\n var len = clct[i] & 31;\n wbits(out, p, llm[len]), p += lct[len];\n if (len > 15)\n wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12;\n }\n }\n }\n else {\n lm = flm, ll = flt, dm = fdm, dl = fdt;\n }\n for (var i = 0; i < li; ++i) {\n if (syms[i] > 255) {\n var len = (syms[i] >>> 18) & 31;\n wbits16(out, p, lm[len + 257]), p += ll[len + 257];\n if (len > 7)\n wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len];\n var dst = syms[i] & 31;\n wbits16(out, p, dm[dst]), p += dl[dst];\n if (dst > 3)\n wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst];\n }\n else {\n wbits16(out, p, lm[syms[i]]), p += ll[syms[i]];\n }\n }\n wbits16(out, p, lm[256]);\n return p + ll[256];\n};\n// deflate options (nice << 13) | chain\nvar deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]);\n// empty\nvar et = /*#__PURE__*/ new u8(0);\n// compresses data into a raw DEFLATE buffer\nvar dflt = function (dat, lvl, plvl, pre, post, lst) {\n var s = dat.length;\n var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post);\n // writing to this writes to the output buffer\n var w = o.subarray(pre, o.length - post);\n var pos = 0;\n if (!lvl || s < 8) {\n for (var i = 0; i <= s; i += 65535) {\n // end\n var e = i + 65535;\n if (e >= s) {\n // write final block\n w[pos >> 3] = lst;\n }\n pos = wfblk(w, pos + 1, dat.subarray(i, e));\n }\n }\n else {\n var opt = deo[lvl - 1];\n var n = opt >>> 13, c = opt & 8191;\n var msk_1 = (1 << plvl) - 1;\n // prev 2-byte val map curr 2-byte val map\n var prev = new u16(32768), head = new u16(msk_1 + 1);\n var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1;\n var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; };\n // 24576 is an arbitrary number of maximum symbols per block\n // 424 buffer for last block\n var syms = new u32(25000);\n // length/literal freq distance freq\n var lf = new u16(288), df = new u16(32);\n // l/lcnt exbits index l/lind waitdx bitpos\n var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0;\n for (; i < s; ++i) {\n // hash value\n // deopt when i > s - 3 - at end, deopt acceptable\n var hv = hsh(i);\n // index mod 32768 previous index mod\n var imod = i & 32767, pimod = head[hv];\n prev[imod] = pimod;\n head[hv] = imod;\n // We always should modify head and prev, but only add symbols if\n // this data is not yet processed (\"wait\" for wait index)\n if (wi <= i) {\n // bytes remaining\n var rem = s - i;\n if ((lc_1 > 7000 || li > 24576) && rem > 423) {\n pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos);\n li = lc_1 = eb = 0, bs = i;\n for (var j = 0; j < 286; ++j)\n lf[j] = 0;\n for (var j = 0; j < 30; ++j)\n df[j] = 0;\n }\n // len dist chain\n var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767;\n if (rem > 2 && hv == hsh(i - dif)) {\n var maxn = Math.min(n, rem) - 1;\n var maxd = Math.min(32767, i);\n // max possible length\n // not capped at dif because decompressors implement \"rolling\" index population\n var ml = Math.min(258, rem);\n while (dif <= maxd && --ch_1 && imod != pimod) {\n if (dat[i + l] == dat[i + l - dif]) {\n var nl = 0;\n for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl)\n ;\n if (nl > l) {\n l = nl, d = dif;\n // break out early when we reach \"nice\" (we are satisfied enough)\n if (nl > maxn)\n break;\n // now, find the rarest 2-byte sequence within this\n // length of literals and search for that instead.\n // Much faster than just using the start\n var mmd = Math.min(dif, nl - 2);\n var md = 0;\n for (var j = 0; j < mmd; ++j) {\n var ti = (i - dif + j + 32768) & 32767;\n var pti = prev[ti];\n var cd = (ti - pti + 32768) & 32767;\n if (cd > md)\n md = cd, pimod = ti;\n }\n }\n }\n // check the previous match\n imod = pimod, pimod = prev[imod];\n dif += (imod - pimod + 32768) & 32767;\n }\n }\n // d will be nonzero only when a match was found\n if (d) {\n // store both dist and len data in one Uint32\n // Make sure this is recognized as a len/dist with 28th bit (2^28)\n syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d];\n var lin = revfl[l] & 31, din = revfd[d] & 31;\n eb += fleb[lin] + fdeb[din];\n ++lf[257 + lin];\n ++df[din];\n wi = i + l;\n ++lc_1;\n }\n else {\n syms[li++] = dat[i];\n ++lf[dat[i]];\n }\n }\n }\n pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos);\n // this is the easiest way to avoid needing to maintain state\n if (!lst && pos & 7)\n pos = wfblk(w, pos + 1, et);\n }\n return slc(o, 0, pre + shft(pos) + post);\n};\n// CRC32 table\nvar crct = /*#__PURE__*/ (function () {\n var t = new Int32Array(256);\n for (var i = 0; i < 256; ++i) {\n var c = i, k = 9;\n while (--k)\n c = ((c & 1) && -306674912) ^ (c >>> 1);\n t[i] = c;\n }\n return t;\n})();\n// CRC32\nvar crc = function () {\n var c = -1;\n return {\n p: function (d) {\n // closures have awful performance\n var cr = c;\n for (var i = 0; i < d.length; ++i)\n cr = crct[(cr & 255) ^ d[i]] ^ (cr >>> 8);\n c = cr;\n },\n d: function () { return ~c; }\n };\n};\n// Alder32\nvar adler = function () {\n var a = 1, b = 0;\n return {\n p: function (d) {\n // closures have awful performance\n var n = a, m = b;\n var l = d.length | 0;\n for (var i = 0; i != l;) {\n var e = Math.min(i + 2655, l);\n for (; i < e; ++i)\n m += n += d[i];\n n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16);\n }\n a = n, b = m;\n },\n d: function () {\n a %= 65521, b %= 65521;\n return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8);\n }\n };\n};\n;\n// deflate with opts\nvar dopt = function (dat, opt, pre, post, st) {\n return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st);\n};\n// Walmart object spread\nvar mrg = function (a, b) {\n var o = {};\n for (var k in a)\n o[k] = a[k];\n for (var k in b)\n o[k] = b[k];\n return o;\n};\n// worker clone\n// This is possibly the craziest part of the entire codebase, despite how simple it may seem.\n// The only parameter to this function is a closure that returns an array of variables outside of the function scope.\n// We're going to try to figure out the variable names used in the closure as strings because that is crucial for workerization.\n// We will return an object mapping of true variable name to value (basically, the current scope as a JS object).\n// The reason we can't just use the original variable names is minifiers mangling the toplevel scope.\n// This took me three weeks to figure out how to do.\nvar wcln = function (fn, fnStr, td) {\n var dt = fn();\n var st = fn.toString();\n var ks = st.slice(st.indexOf('[') + 1, st.lastIndexOf(']')).replace(/\\s+/g, '').split(',');\n for (var i = 0; i < dt.length; ++i) {\n var v = dt[i], k = ks[i];\n if (typeof v == 'function') {\n fnStr += ';' + k + '=';\n var st_1 = v.toString();\n if (v.prototype) {\n // for global objects\n if (st_1.indexOf('[native code]') != -1) {\n var spInd = st_1.indexOf(' ', 8) + 1;\n fnStr += st_1.slice(spInd, st_1.indexOf('(', spInd));\n }\n else {\n fnStr += st_1;\n for (var t in v.prototype)\n fnStr += ';' + k + '.prototype.' + t + '=' + v.prototype[t].toString();\n }\n }\n else\n fnStr += st_1;\n }\n else\n td[k] = v;\n }\n return [fnStr, td];\n};\nvar ch = [];\n// clone bufs\nvar cbfs = function (v) {\n var tl = [];\n for (var k in v) {\n if (v[k].buffer) {\n tl.push((v[k] = new v[k].constructor(v[k])).buffer);\n }\n }\n return tl;\n};\n// use a worker to execute code\nvar wrkr = function (fns, init, id, cb) {\n var _a;\n if (!ch[id]) {\n var fnStr = '', td_1 = {}, m = fns.length - 1;\n for (var i = 0; i < m; ++i)\n _a = wcln(fns[i], fnStr, td_1), fnStr = _a[0], td_1 = _a[1];\n ch[id] = wcln(fns[m], fnStr, td_1);\n }\n var td = mrg({}, ch[id][1]);\n return wk(ch[id][0] + ';onmessage=function(e){for(var k in e.data)self[k]=e.data[k];onmessage=' + init.toString() + '}', id, td, cbfs(td), cb);\n};\n// base async inflate fn\nvar bInflt = function () { return [u8, u16, u32, fleb, fdeb, clim, fl, fd, flrm, fdrm, rev, ec, hMap, max, bits, bits16, shft, slc, err, inflt, inflateSync, pbf, gu8]; };\nvar bDflt = function () { return [u8, u16, u32, fleb, fdeb, clim, revfl, revfd, flm, flt, fdm, fdt, rev, deo, et, hMap, wbits, wbits16, hTree, ln, lc, clen, wfblk, wblk, shft, slc, dflt, dopt, deflateSync, pbf]; };\n// gzip extra\nvar gze = function () { return [gzh, gzhl, wbytes, crc, crct]; };\n// gunzip extra\nvar guze = function () { return [gzs, gzl]; };\n// zlib extra\nvar zle = function () { return [zlh, wbytes, adler]; };\n// unzlib extra\nvar zule = function () { return [zlv]; };\n// post buf\nvar pbf = function (msg) { return postMessage(msg, [msg.buffer]); };\n// get u8\nvar gu8 = function (o) { return o && o.size && new u8(o.size); };\n// async helper\nvar cbify = function (dat, opts, fns, init, id, cb) {\n var w = wrkr(fns, init, id, function (err, dat) {\n w.terminate();\n cb(err, dat);\n });\n w.postMessage([dat, opts], opts.consume ? [dat.buffer] : []);\n return function () { w.terminate(); };\n};\n// auto stream\nvar astrm = function (strm) {\n strm.ondata = function (dat, final) { return postMessage([dat, final], [dat.buffer]); };\n return function (ev) { return strm.push(ev.data[0], ev.data[1]); };\n};\n// async stream attach\nvar astrmify = function (fns, strm, opts, init, id) {\n var t;\n var w = wrkr(fns, init, id, function (err, dat) {\n if (err)\n w.terminate(), strm.ondata.call(strm, err);\n else {\n if (dat[1])\n w.terminate();\n strm.ondata.call(strm, err, dat[0], dat[1]);\n }\n });\n w.postMessage(opts);\n strm.push = function (d, f) {\n if (!strm.ondata)\n err(5);\n if (t)\n strm.ondata(err(4, 0, 1), null, !!f);\n w.postMessage([d, t = f], [d.buffer]);\n };\n strm.terminate = function () { w.terminate(); };\n};\n// read 2 bytes\nvar b2 = function (d, b) { return d[b] | (d[b + 1] << 8); };\n// read 4 bytes\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\nvar b8 = function (d, b) { return b4(d, b) + (b4(d, b + 4) * 4294967296); };\n// write bytes\nvar wbytes = function (d, b, v) {\n for (; v; ++b)\n d[b] = v, v >>>= 8;\n};\n// gzip header\nvar gzh = function (c, o) {\n var fn = o.filename;\n c[0] = 31, c[1] = 139, c[2] = 8, c[8] = o.level < 2 ? 4 : o.level == 9 ? 2 : 0, c[9] = 3; // assume Unix\n if (o.mtime != 0)\n wbytes(c, 4, Math.floor(new Date(o.mtime || Date.now()) / 1000));\n if (fn) {\n c[3] = 8;\n for (var i = 0; i <= fn.length; ++i)\n c[i + 10] = fn.charCodeAt(i);\n }\n};\n// gzip footer: -8 to -4 = CRC, -4 to -0 is length\n// gzip start\nvar gzs = function (d) {\n if (d[0] != 31 || d[1] != 139 || d[2] != 8)\n err(6, 'invalid gzip data');\n var flg = d[3];\n var st = 10;\n if (flg & 4)\n st += d[10] | (d[11] << 8) + 2;\n for (var zs = (flg >> 3 & 1) + (flg >> 4 & 1); zs > 0; zs -= !d[st++])\n ;\n return st + (flg & 2);\n};\n// gzip length\nvar gzl = function (d) {\n var l = d.length;\n return ((d[l - 4] | d[l - 3] << 8 | d[l - 2] << 16) | (d[l - 1] << 24)) >>> 0;\n};\n// gzip header length\nvar gzhl = function (o) { return 10 + ((o.filename && (o.filename.length + 1)) || 0); };\n// zlib header\nvar zlh = function (c, o) {\n var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2;\n c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1);\n};\n// zlib valid\nvar zlv = function (d) {\n if ((d[0] & 15) != 8 || (d[0] >>> 4) > 7 || ((d[0] << 8 | d[1]) % 31))\n err(6, 'invalid zlib data');\n if (d[1] & 32)\n err(6, 'invalid zlib data: preset dictionaries not supported');\n};\nfunction AsyncCmpStrm(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n return opts;\n}\n// zlib footer: -4 to -0 is Adler32\n/**\n * Streaming DEFLATE compression\n */\nvar Deflate = /*#__PURE__*/ (function () {\n function Deflate(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n this.o = opts || {};\n }\n Deflate.prototype.p = function (c, f) {\n this.ondata(dopt(c, this.o, 0, 0, !f), f);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Deflate.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.d = final;\n this.p(chunk, final || false);\n };\n return Deflate;\n}());\nexport { Deflate };\n/**\n * Asynchronous streaming DEFLATE compression\n */\nvar AsyncDeflate = /*#__PURE__*/ (function () {\n function AsyncDeflate(opts, cb) {\n astrmify([\n bDflt,\n function () { return [astrm, Deflate]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Deflate(ev.data);\n onmessage = astrm(strm);\n }, 6);\n }\n return AsyncDeflate;\n}());\nexport { AsyncDeflate };\nexport function deflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n ], function (ev) { return pbf(deflateSync(ev.data[0], ev.data[1])); }, 0, cb);\n}\n/**\n * Compresses data with DEFLATE without any wrapper\n * @param data The data to compress\n * @param opts The compression options\n * @returns The deflated version of the data\n */\nexport function deflateSync(data, opts) {\n return dopt(data, opts || {}, 0, 0);\n}\n/**\n * Streaming DEFLATE decompression\n */\nvar Inflate = /*#__PURE__*/ (function () {\n /**\n * Creates an inflation stream\n * @param cb The callback to call whenever data is inflated\n */\n function Inflate(cb) {\n this.s = {};\n this.p = new u8(0);\n this.ondata = cb;\n }\n Inflate.prototype.e = function (c) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n var l = this.p.length;\n var n = new u8(l + c.length);\n n.set(this.p), n.set(c, l), this.p = n;\n };\n Inflate.prototype.c = function (final) {\n this.d = this.s.i = final || false;\n var bts = this.s.b;\n var dt = inflt(this.p, this.o, this.s);\n this.ondata(slc(dt, bts, this.s.b), this.d);\n this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length;\n this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7;\n };\n /**\n * Pushes a chunk to be inflated\n * @param chunk The chunk to push\n * @param final Whether this is the final chunk\n */\n Inflate.prototype.push = function (chunk, final) {\n this.e(chunk), this.c(final);\n };\n return Inflate;\n}());\nexport { Inflate };\n/**\n * Asynchronous streaming DEFLATE decompression\n */\nvar AsyncInflate = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous inflation stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncInflate(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n function () { return [astrm, Inflate]; }\n ], this, 0, function () {\n var strm = new Inflate();\n onmessage = astrm(strm);\n }, 7);\n }\n return AsyncInflate;\n}());\nexport { AsyncInflate };\nexport function inflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt\n ], function (ev) { return pbf(inflateSync(ev.data[0], gu8(ev.data[1]))); }, 1, cb);\n}\n/**\n * Expands DEFLATE data with no wrapper\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function inflateSync(data, out) {\n return inflt(data, out);\n}\n// before you yell at me for not just using extends, my reason is that TS inheritance is hard to workerize.\n/**\n * Streaming GZIP compression\n */\nvar Gzip = /*#__PURE__*/ (function () {\n function Gzip(opts, cb) {\n this.c = crc();\n this.l = 0;\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be GZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gzip.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Gzip.prototype.p = function (c, f) {\n this.c.p(c);\n this.l += c.length;\n var raw = dopt(c, this.o, this.v && gzhl(this.o), f && 8, !f);\n if (this.v)\n gzh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 8, this.c.d()), wbytes(raw, raw.length - 4, this.l);\n this.ondata(raw, f);\n };\n return Gzip;\n}());\nexport { Gzip };\n/**\n * Asynchronous streaming GZIP compression\n */\nvar AsyncGzip = /*#__PURE__*/ (function () {\n function AsyncGzip(opts, cb) {\n astrmify([\n bDflt,\n gze,\n function () { return [astrm, Deflate, Gzip]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Gzip(ev.data);\n onmessage = astrm(strm);\n }, 8);\n }\n return AsyncGzip;\n}());\nexport { AsyncGzip };\nexport function gzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n gze,\n function () { return [gzipSync]; }\n ], function (ev) { return pbf(gzipSync(ev.data[0], ev.data[1])); }, 2, cb);\n}\n/**\n * Compresses data with GZIP\n * @param data The data to compress\n * @param opts The compression options\n * @returns The gzipped version of the data\n */\nexport function gzipSync(data, opts) {\n if (!opts)\n opts = {};\n var c = crc(), l = data.length;\n c.p(data);\n var d = dopt(data, opts, gzhl(opts), 8), s = d.length;\n return gzh(d, opts), wbytes(d, s - 8, c.d()), wbytes(d, s - 4, l), d;\n}\n/**\n * Streaming GZIP decompression\n */\nvar Gunzip = /*#__PURE__*/ (function () {\n /**\n * Creates a GUNZIP stream\n * @param cb The callback to call whenever data is inflated\n */\n function Gunzip(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be GUNZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gunzip.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n var s = this.p.length > 3 ? gzs(this.p) : 4;\n if (s >= this.p.length && !final)\n return;\n this.p = this.p.subarray(s), this.v = 0;\n }\n if (final) {\n if (this.p.length < 8)\n err(6, 'invalid gzip data');\n this.p = this.p.subarray(0, -8);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Gunzip;\n}());\nexport { Gunzip };\n/**\n * Asynchronous streaming GZIP decompression\n */\nvar AsyncGunzip = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous GUNZIP stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncGunzip(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n guze,\n function () { return [astrm, Inflate, Gunzip]; }\n ], this, 0, function () {\n var strm = new Gunzip();\n onmessage = astrm(strm);\n }, 9);\n }\n return AsyncGunzip;\n}());\nexport { AsyncGunzip };\nexport function gunzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n guze,\n function () { return [gunzipSync]; }\n ], function (ev) { return pbf(gunzipSync(ev.data[0])); }, 3, cb);\n}\n/**\n * Expands GZIP data\n * @param data The data to decompress\n * @param out Where to write the data. GZIP already encodes the output size, so providing this doesn't save memory.\n * @returns The decompressed version of the data\n */\nexport function gunzipSync(data, out) {\n return inflt(data.subarray(gzs(data), -8), out || new u8(gzl(data)));\n}\n/**\n * Streaming Zlib compression\n */\nvar Zlib = /*#__PURE__*/ (function () {\n function Zlib(opts, cb) {\n this.c = adler();\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be zlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Zlib.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Zlib.prototype.p = function (c, f) {\n this.c.p(c);\n var raw = dopt(c, this.o, this.v && 2, f && 4, !f);\n if (this.v)\n zlh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 4, this.c.d());\n this.ondata(raw, f);\n };\n return Zlib;\n}());\nexport { Zlib };\n/**\n * Asynchronous streaming Zlib compression\n */\nvar AsyncZlib = /*#__PURE__*/ (function () {\n function AsyncZlib(opts, cb) {\n astrmify([\n bDflt,\n zle,\n function () { return [astrm, Deflate, Zlib]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Zlib(ev.data);\n onmessage = astrm(strm);\n }, 10);\n }\n return AsyncZlib;\n}());\nexport { AsyncZlib };\nexport function zlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n zle,\n function () { return [zlibSync]; }\n ], function (ev) { return pbf(zlibSync(ev.data[0], ev.data[1])); }, 4, cb);\n}\n/**\n * Compress data with Zlib\n * @param data The data to compress\n * @param opts The compression options\n * @returns The zlib-compressed version of the data\n */\nexport function zlibSync(data, opts) {\n if (!opts)\n opts = {};\n var a = adler();\n a.p(data);\n var d = dopt(data, opts, 2, 4);\n return zlh(d, opts), wbytes(d, d.length - 4, a.d()), d;\n}\n/**\n * Streaming Zlib decompression\n */\nvar Unzlib = /*#__PURE__*/ (function () {\n /**\n * Creates a Zlib decompression stream\n * @param cb The callback to call whenever data is inflated\n */\n function Unzlib(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be unzlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzlib.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n if (this.p.length < 2 && !final)\n return;\n this.p = this.p.subarray(2), this.v = 0;\n }\n if (final) {\n if (this.p.length < 4)\n err(6, 'invalid zlib data');\n this.p = this.p.subarray(0, -4);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Unzlib;\n}());\nexport { Unzlib };\n/**\n * Asynchronous streaming Zlib decompression\n */\nvar AsyncUnzlib = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous Zlib decompression stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncUnzlib(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n zule,\n function () { return [astrm, Inflate, Unzlib]; }\n ], this, 0, function () {\n var strm = new Unzlib();\n onmessage = astrm(strm);\n }, 11);\n }\n return AsyncUnzlib;\n}());\nexport { AsyncUnzlib };\nexport function unzlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n zule,\n function () { return [unzlibSync]; }\n ], function (ev) { return pbf(unzlibSync(ev.data[0], gu8(ev.data[1]))); }, 5, cb);\n}\n/**\n * Expands Zlib data\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function unzlibSync(data, out) {\n return inflt((zlv(data), data.subarray(2, -4)), out);\n}\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzip as compress, AsyncGzip as AsyncCompress };\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzipSync as compressSync, Gzip as Compress };\n/**\n * Streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function Decompress(cb) {\n this.G = Gunzip;\n this.I = Inflate;\n this.Z = Unzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Decompress.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (!this.s) {\n if (this.p && this.p.length) {\n var n = new u8(this.p.length + chunk.length);\n n.set(this.p), n.set(chunk, this.p.length);\n }\n else\n this.p = chunk;\n if (this.p.length > 2) {\n var _this_1 = this;\n var cb = function () { _this_1.ondata.apply(_this_1, arguments); };\n this.s = (this.p[0] == 31 && this.p[1] == 139 && this.p[2] == 8)\n ? new this.G(cb)\n : ((this.p[0] & 15) != 8 || (this.p[0] >> 4) > 7 || ((this.p[0] << 8 | this.p[1]) % 31))\n ? new this.I(cb)\n : new this.Z(cb);\n this.s.push(this.p, final);\n this.p = null;\n }\n }\n else\n this.s.push(chunk, final);\n };\n return Decompress;\n}());\nexport { Decompress };\n/**\n * Asynchronous streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar AsyncDecompress = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function AsyncDecompress(cb) {\n this.G = AsyncGunzip;\n this.I = AsyncInflate;\n this.Z = AsyncUnzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncDecompress.prototype.push = function (chunk, final) {\n Decompress.prototype.push.call(this, chunk, final);\n };\n return AsyncDecompress;\n}());\nexport { AsyncDecompress };\nexport function decompress(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzip(data, opts, cb)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflate(data, opts, cb)\n : unzlib(data, opts, cb);\n}\n/**\n * Expands compressed GZIP, Zlib, or raw DEFLATE data, automatically detecting the format\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function decompressSync(data, out) {\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzipSync(data, out)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflateSync(data, out)\n : unzlibSync(data, out);\n}\n// flatten a directory structure\nvar fltn = function (d, p, t, o) {\n for (var k in d) {\n var val = d[k], n = p + k, op = o;\n if (Array.isArray(val))\n op = mrg(o, val[1]), val = val[0];\n if (val instanceof u8)\n t[n] = [val, op];\n else {\n t[n += '/'] = [new u8(0), op];\n fltn(val, n, t, o);\n }\n }\n};\n// text encoder\nvar te = typeof TextEncoder != 'undefined' && /*#__PURE__*/ new TextEncoder();\n// text decoder\nvar td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder();\n// text decoder stream\nvar tds = 0;\ntry {\n td.decode(et, { stream: true });\n tds = 1;\n}\ncatch (e) { }\n// decode UTF8\nvar dutf8 = function (d) {\n for (var r = '', i = 0;;) {\n var c = d[i++];\n var eb = (c > 127) + (c > 223) + (c > 239);\n if (i + eb > d.length)\n return [r, slc(d, i - 1)];\n if (!eb)\n r += String.fromCharCode(c);\n else if (eb == 3) {\n c = ((c & 15) << 18 | (d[i++] & 63) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63)) - 65536,\n r += String.fromCharCode(55296 | (c >> 10), 56320 | (c & 1023));\n }\n else if (eb & 1)\n r += String.fromCharCode((c & 31) << 6 | (d[i++] & 63));\n else\n r += String.fromCharCode((c & 15) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63));\n }\n};\n/**\n * Streaming UTF-8 decoding\n */\nvar DecodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is decoded\n */\n function DecodeUTF8(cb) {\n this.ondata = cb;\n if (tds)\n this.t = new TextDecoder();\n else\n this.p = et;\n }\n /**\n * Pushes a chunk to be decoded from UTF-8 binary\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n DecodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n final = !!final;\n if (this.t) {\n this.ondata(this.t.decode(chunk, { stream: true }), final);\n if (final) {\n if (this.t.decode().length)\n err(8);\n this.t = null;\n }\n return;\n }\n if (!this.p)\n err(4);\n var dat = new u8(this.p.length + chunk.length);\n dat.set(this.p);\n dat.set(chunk, this.p.length);\n var _a = dutf8(dat), ch = _a[0], np = _a[1];\n if (final) {\n if (np.length)\n err(8);\n this.p = null;\n }\n else\n this.p = np;\n this.ondata(ch, final);\n };\n return DecodeUTF8;\n}());\nexport { DecodeUTF8 };\n/**\n * Streaming UTF-8 encoding\n */\nvar EncodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is encoded\n */\n function EncodeUTF8(cb) {\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be encoded to UTF-8\n * @param chunk The string data to push\n * @param final Whether this is the last chunk\n */\n EncodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.ondata(strToU8(chunk), this.d = final || false);\n };\n return EncodeUTF8;\n}());\nexport { EncodeUTF8 };\n/**\n * Converts a string into a Uint8Array for use with compression/decompression methods\n * @param str The string to encode\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless decoding a binary string.\n * @returns The string encoded in UTF-8/Latin-1 binary\n */\nexport function strToU8(str, latin1) {\n if (latin1) {\n var ar_1 = new u8(str.length);\n for (var i = 0; i < str.length; ++i)\n ar_1[i] = str.charCodeAt(i);\n return ar_1;\n }\n if (te)\n return te.encode(str);\n var l = str.length;\n var ar = new u8(str.length + (str.length >> 1));\n var ai = 0;\n var w = function (v) { ar[ai++] = v; };\n for (var i = 0; i < l; ++i) {\n if (ai + 5 > ar.length) {\n var n = new u8(ai + 8 + ((l - i) << 1));\n n.set(ar);\n ar = n;\n }\n var c = str.charCodeAt(i);\n if (c < 128 || latin1)\n w(c);\n else if (c < 2048)\n w(192 | (c >> 6)), w(128 | (c & 63));\n else if (c > 55295 && c < 57344)\n c = 65536 + (c & 1023 << 10) | (str.charCodeAt(++i) & 1023),\n w(240 | (c >> 18)), w(128 | ((c >> 12) & 63)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n else\n w(224 | (c >> 12)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n }\n return slc(ar, 0, ai);\n}\n/**\n * Converts a Uint8Array to a string\n * @param dat The data to decode to string\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless encoding to binary string.\n * @returns The original UTF-8/Latin-1 string\n */\nexport function strFromU8(dat, latin1) {\n if (latin1) {\n var r = '';\n for (var i = 0; i < dat.length; i += 16384)\n r += String.fromCharCode.apply(null, dat.subarray(i, i + 16384));\n return r;\n }\n else if (td)\n return td.decode(dat);\n else {\n var _a = dutf8(dat), out = _a[0], ext = _a[1];\n if (ext.length)\n err(8);\n return out;\n }\n}\n;\n// deflate bit flag\nvar dbf = function (l) { return l == 1 ? 3 : l < 6 ? 2 : l == 9 ? 1 : 0; };\n// skip local zip header\nvar slzh = function (d, b) { return b + 30 + b2(d, b + 26) + b2(d, b + 28); };\n// read zip header\nvar zh = function (d, b, z) {\n var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);\n var _a = z && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a[0], su = _a[1], off = _a[2];\n return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];\n};\n// read zip64 extra field\nvar z64e = function (d, b) {\n for (; b2(d, b) != 1; b += 4 + b2(d, b + 2))\n ;\n return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];\n};\n// extra field length\nvar exfl = function (ex) {\n var le = 0;\n if (ex) {\n for (var k in ex) {\n var l = ex[k].length;\n if (l > 65535)\n err(9);\n le += l + 4;\n }\n }\n return le;\n};\n// write zip header\nvar wzh = function (d, b, f, fn, u, c, ce, co) {\n var fl = fn.length, ex = f.extra, col = co && co.length;\n var exl = exfl(ex);\n wbytes(d, b, ce != null ? 0x2014B50 : 0x4034B50), b += 4;\n if (ce != null)\n d[b++] = 20, d[b++] = f.os;\n d[b] = 20, b += 2; // spec compliance? what's that?\n d[b++] = (f.flag << 1) | (c < 0 && 8), d[b++] = u && 8;\n d[b++] = f.compression & 255, d[b++] = f.compression >> 8;\n var dt = new Date(f.mtime == null ? Date.now() : f.mtime), y = dt.getFullYear() - 1980;\n if (y < 0 || y > 119)\n err(10);\n wbytes(d, b, (y << 25) | ((dt.getMonth() + 1) << 21) | (dt.getDate() << 16) | (dt.getHours() << 11) | (dt.getMinutes() << 5) | (dt.getSeconds() >>> 1)), b += 4;\n if (c != -1) {\n wbytes(d, b, f.crc);\n wbytes(d, b + 4, c < 0 ? -c - 2 : c);\n wbytes(d, b + 8, f.size);\n }\n wbytes(d, b + 12, fl);\n wbytes(d, b + 14, exl), b += 16;\n if (ce != null) {\n wbytes(d, b, col);\n wbytes(d, b + 6, f.attrs);\n wbytes(d, b + 10, ce), b += 14;\n }\n d.set(fn, b);\n b += fl;\n if (exl) {\n for (var k in ex) {\n var exf = ex[k], l = exf.length;\n wbytes(d, b, +k);\n wbytes(d, b + 2, l);\n d.set(exf, b + 4), b += 4 + l;\n }\n }\n if (col)\n d.set(co, b), b += col;\n return b;\n};\n// write zip footer (end of central directory)\nvar wzf = function (o, b, c, d, e) {\n wbytes(o, b, 0x6054B50); // skip disk\n wbytes(o, b + 8, c);\n wbytes(o, b + 10, c);\n wbytes(o, b + 12, d);\n wbytes(o, b + 16, e);\n};\n/**\n * A pass-through stream to keep data uncompressed in a ZIP archive.\n */\nvar ZipPassThrough = /*#__PURE__*/ (function () {\n /**\n * Creates a pass-through stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n */\n function ZipPassThrough(filename) {\n this.filename = filename;\n this.c = crc();\n this.size = 0;\n this.compression = 0;\n }\n /**\n * Processes a chunk and pushes to the output stream. You can override this\n * method in a subclass for custom behavior, but by default this passes\n * the data through. You must call this.ondata(err, chunk, final) at some\n * point in this method.\n * @param chunk The chunk to process\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.process = function (chunk, final) {\n this.ondata(null, chunk, final);\n };\n /**\n * Pushes a chunk to be added. If you are subclassing this with a custom\n * compression algorithm, note that you must push data from the source\n * file only, pre-compression.\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n this.c.p(chunk);\n this.size += chunk.length;\n if (final)\n this.crc = this.c.d();\n this.process(chunk, final || false);\n };\n return ZipPassThrough;\n}());\nexport { ZipPassThrough };\n// I don't extend because TypeScript extension adds 1kB of runtime bloat\n/**\n * Streaming DEFLATE compression for ZIP archives. Prefer using AsyncZipDeflate\n * for better performance\n */\nvar ZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function ZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new Deflate(opts, function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n }\n ZipDeflate.prototype.process = function (chunk, final) {\n try {\n this.d.push(chunk, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return ZipDeflate;\n}());\nexport { ZipDeflate };\n/**\n * Asynchronous streaming DEFLATE compression for ZIP archives\n */\nvar AsyncZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function AsyncZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new AsyncDeflate(opts, function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n this.terminate = this.d.terminate;\n }\n AsyncZipDeflate.prototype.process = function (chunk, final) {\n this.d.push(chunk, final);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return AsyncZipDeflate;\n}());\nexport { AsyncZipDeflate };\n// TODO: Better tree shaking\n/**\n * A zippable archive to which files can incrementally be added\n */\nvar Zip = /*#__PURE__*/ (function () {\n /**\n * Creates an empty ZIP archive to which files can be added\n * @param cb The callback to call whenever data for the generated ZIP archive\n * is available\n */\n function Zip(cb) {\n this.ondata = cb;\n this.u = [];\n this.d = 1;\n }\n /**\n * Adds a file to the ZIP archive\n * @param file The file stream to add\n */\n Zip.prototype.add = function (file) {\n var _this_1 = this;\n if (!this.ondata)\n err(5);\n // finishing or finished\n if (this.d & 2)\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, false);\n else {\n var f = strToU8(file.filename), fl_1 = f.length;\n var com = file.comment, o = com && strToU8(com);\n var u = fl_1 != file.filename.length || (o && (com.length != o.length));\n var hl_1 = fl_1 + exfl(file.extra) + 30;\n if (fl_1 > 65535)\n this.ondata(err(11, 0, 1), null, false);\n var header = new u8(hl_1);\n wzh(header, 0, file, f, u, -1);\n var chks_1 = [header];\n var pAll_1 = function () {\n for (var _i = 0, chks_2 = chks_1; _i < chks_2.length; _i++) {\n var chk = chks_2[_i];\n _this_1.ondata(null, chk, false);\n }\n chks_1 = [];\n };\n var tr_1 = this.d;\n this.d = 0;\n var ind_1 = this.u.length;\n var uf_1 = mrg(file, {\n f: f,\n u: u,\n o: o,\n t: function () {\n if (file.terminate)\n file.terminate();\n },\n r: function () {\n pAll_1();\n if (tr_1) {\n var nxt = _this_1.u[ind_1 + 1];\n if (nxt)\n nxt.r();\n else\n _this_1.d = 1;\n }\n tr_1 = 1;\n }\n });\n var cl_1 = 0;\n file.ondata = function (err, dat, final) {\n if (err) {\n _this_1.ondata(err, dat, final);\n _this_1.terminate();\n }\n else {\n cl_1 += dat.length;\n chks_1.push(dat);\n if (final) {\n var dd = new u8(16);\n wbytes(dd, 0, 0x8074B50);\n wbytes(dd, 4, file.crc);\n wbytes(dd, 8, cl_1);\n wbytes(dd, 12, file.size);\n chks_1.push(dd);\n uf_1.c = cl_1, uf_1.b = hl_1 + cl_1 + 16, uf_1.crc = file.crc, uf_1.size = file.size;\n if (tr_1)\n uf_1.r();\n tr_1 = 1;\n }\n else if (tr_1)\n pAll_1();\n }\n };\n this.u.push(uf_1);\n }\n };\n /**\n * Ends the process of adding files and prepares to emit the final chunks.\n * This *must* be called after adding all desired files for the resulting\n * ZIP file to work properly.\n */\n Zip.prototype.end = function () {\n var _this_1 = this;\n if (this.d & 2) {\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, true);\n return;\n }\n if (this.d)\n this.e();\n else\n this.u.push({\n r: function () {\n if (!(_this_1.d & 1))\n return;\n _this_1.u.splice(-1, 1);\n _this_1.e();\n },\n t: function () { }\n });\n this.d = 3;\n };\n Zip.prototype.e = function () {\n var bt = 0, l = 0, tl = 0;\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n tl += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0);\n }\n var out = new u8(tl + 22);\n for (var _b = 0, _c = this.u; _b < _c.length; _b++) {\n var f = _c[_b];\n wzh(out, bt, f, f.f, f.u, -f.c - 2, l, f.o);\n bt += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0), l += f.b;\n }\n wzf(out, bt, this.u.length, tl, l);\n this.ondata(null, out, true);\n this.d = 2;\n };\n /**\n * A method to terminate any internal workers used by the stream. Subsequent\n * calls to add() will fail.\n */\n Zip.prototype.terminate = function () {\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n f.t();\n }\n this.d = 2;\n };\n return Zip;\n}());\nexport { Zip };\nexport function zip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var r = {};\n fltn(data, '', r, opts);\n var k = Object.keys(r);\n var lft = k.length, o = 0, tot = 0;\n var slft = lft, files = new Array(lft);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var cbf = function () {\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n tot = 0;\n for (var i = 0; i < slft; ++i) {\n var f = files[i];\n try {\n var l = f.c.length;\n wzh(out, tot, f, f.f, f.u, l);\n var badd = 30 + f.f.length + exfl(f.extra);\n var loc = tot + badd;\n out.set(f.c, loc);\n wzh(out, o, f, f.f, f.u, l, tot, f.m), o += 16 + badd + (f.m ? f.m.length : 0), tot = loc + l;\n }\n catch (e) {\n return cbd(e, null);\n }\n }\n wzf(out, o, files.length, cdl, oe);\n cbd(null, out);\n };\n if (!lft)\n cbf();\n var _loop_1 = function (i) {\n var fn = k[i];\n var _a = r[fn], file = _a[0], p = _a[1];\n var c = crc(), size = file.length;\n c.p(file);\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n var compression = p.level == 0 ? 0 : 8;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n var l = d.length;\n files[i] = mrg(p, {\n size: size,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n compression: compression\n });\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n if (!--lft)\n cbf();\n }\n };\n if (s > 65535)\n cbl(err(11, 0, 1), null);\n if (!compression)\n cbl(null, file);\n else if (size < 160000) {\n try {\n cbl(null, deflateSync(file, p));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(deflate(file, p, cbl));\n };\n // Cannot use lft because it can decrease\n for (var i = 0; i < slft; ++i) {\n _loop_1(i);\n }\n return tAll;\n}\n/**\n * Synchronously creates a ZIP file. Prefer using `zip` for better performance\n * with more than one file.\n * @param data The directory structure for the ZIP archive\n * @param opts The main options, merged with per-file options\n * @returns The generated ZIP archive\n */\nexport function zipSync(data, opts) {\n if (!opts)\n opts = {};\n var r = {};\n var files = [];\n fltn(data, '', r, opts);\n var o = 0;\n var tot = 0;\n for (var fn in r) {\n var _a = r[fn], file = _a[0], p = _a[1];\n var compression = p.level == 0 ? 0 : 8;\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n if (s > 65535)\n err(11);\n var d = compression ? deflateSync(file, p) : file, l = d.length;\n var c = crc();\n c.p(file);\n files.push(mrg(p, {\n size: file.length,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n o: o,\n compression: compression\n }));\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n }\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n for (var i = 0; i < files.length; ++i) {\n var f = files[i];\n wzh(out, f.o, f, f.f, f.u, f.c.length);\n var badd = 30 + f.f.length + exfl(f.extra);\n out.set(f.c, f.o + badd);\n wzh(out, o, f, f.f, f.u, f.c.length, f.o, f.m), o += 16 + badd + (f.m ? f.m.length : 0);\n }\n wzf(out, o, files.length, cdl, oe);\n return out;\n}\n/**\n * Streaming pass-through decompression for ZIP archives\n */\nvar UnzipPassThrough = /*#__PURE__*/ (function () {\n function UnzipPassThrough() {\n }\n UnzipPassThrough.prototype.push = function (data, final) {\n this.ondata(null, data, final);\n };\n UnzipPassThrough.compression = 0;\n return UnzipPassThrough;\n}());\nexport { UnzipPassThrough };\n/**\n * Streaming DEFLATE decompression for ZIP archives. Prefer AsyncZipInflate for\n * better performance.\n */\nvar UnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function UnzipInflate() {\n var _this_1 = this;\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n UnzipInflate.prototype.push = function (data, final) {\n try {\n this.i.push(data, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n UnzipInflate.compression = 8;\n return UnzipInflate;\n}());\nexport { UnzipInflate };\n/**\n * Asynchronous streaming DEFLATE decompression for ZIP archives\n */\nvar AsyncUnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function AsyncUnzipInflate(_, sz) {\n var _this_1 = this;\n if (sz < 320000) {\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n else {\n this.i = new AsyncInflate(function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.terminate = this.i.terminate;\n }\n }\n AsyncUnzipInflate.prototype.push = function (data, final) {\n if (this.i.terminate)\n data = slc(data, 0);\n this.i.push(data, final);\n };\n AsyncUnzipInflate.compression = 8;\n return AsyncUnzipInflate;\n}());\nexport { AsyncUnzipInflate };\n/**\n * A ZIP archive decompression stream that emits files as they are discovered\n */\nvar Unzip = /*#__PURE__*/ (function () {\n /**\n * Creates a ZIP decompression stream\n * @param cb The callback to call whenever a file in the ZIP archive is found\n */\n function Unzip(cb) {\n this.onfile = cb;\n this.k = [];\n this.o = {\n 0: UnzipPassThrough\n };\n this.p = et;\n }\n /**\n * Pushes a chunk to be unzipped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzip.prototype.push = function (chunk, final) {\n var _this_1 = this;\n if (!this.onfile)\n err(5);\n if (!this.p)\n err(4);\n if (this.c > 0) {\n var len = Math.min(this.c, chunk.length);\n var toAdd = chunk.subarray(0, len);\n this.c -= len;\n if (this.d)\n this.d.push(toAdd, !this.c);\n else\n this.k[0].push(toAdd);\n chunk = chunk.subarray(len);\n if (chunk.length)\n return this.push(chunk, final);\n }\n else {\n var f = 0, i = 0, is = void 0, buf = void 0;\n if (!this.p.length)\n buf = chunk;\n else if (!chunk.length)\n buf = this.p;\n else {\n buf = new u8(this.p.length + chunk.length);\n buf.set(this.p), buf.set(chunk, this.p.length);\n }\n var l = buf.length, oc = this.c, add = oc && this.d;\n var _loop_2 = function () {\n var _a;\n var sig = b4(buf, i);\n if (sig == 0x4034B50) {\n f = 1, is = i;\n this_1.d = null;\n this_1.c = 0;\n var bf = b2(buf, i + 6), cmp_1 = b2(buf, i + 8), u = bf & 2048, dd = bf & 8, fnl = b2(buf, i + 26), es = b2(buf, i + 28);\n if (l > i + 30 + fnl + es) {\n var chks_3 = [];\n this_1.k.unshift(chks_3);\n f = 2;\n var sc_1 = b4(buf, i + 18), su_1 = b4(buf, i + 22);\n var fn_1 = strFromU8(buf.subarray(i + 30, i += 30 + fnl), !u);\n if (sc_1 == 4294967295) {\n _a = dd ? [-2] : z64e(buf, i), sc_1 = _a[0], su_1 = _a[1];\n }\n else if (dd)\n sc_1 = -1;\n i += es;\n this_1.c = sc_1;\n var d_1;\n var file_1 = {\n name: fn_1,\n compression: cmp_1,\n start: function () {\n if (!file_1.ondata)\n err(5);\n if (!sc_1)\n file_1.ondata(null, et, true);\n else {\n var ctr = _this_1.o[cmp_1];\n if (!ctr)\n file_1.ondata(err(14, 'unknown compression type ' + cmp_1, 1), null, false);\n d_1 = sc_1 < 0 ? new ctr(fn_1) : new ctr(fn_1, sc_1, su_1);\n d_1.ondata = function (err, dat, final) { file_1.ondata(err, dat, final); };\n for (var _i = 0, chks_4 = chks_3; _i < chks_4.length; _i++) {\n var dat = chks_4[_i];\n d_1.push(dat, false);\n }\n if (_this_1.k[0] == chks_3 && _this_1.c)\n _this_1.d = d_1;\n else\n d_1.push(et, true);\n }\n },\n terminate: function () {\n if (d_1 && d_1.terminate)\n d_1.terminate();\n }\n };\n if (sc_1 >= 0)\n file_1.size = sc_1, file_1.originalSize = su_1;\n this_1.onfile(file_1);\n }\n return \"break\";\n }\n else if (oc) {\n if (sig == 0x8074B50) {\n is = i += 12 + (oc == -2 && 8), f = 3, this_1.c = 0;\n return \"break\";\n }\n else if (sig == 0x2014B50) {\n is = i -= 4, f = 3, this_1.c = 0;\n return \"break\";\n }\n }\n };\n var this_1 = this;\n for (; i < l - 4; ++i) {\n var state_1 = _loop_2();\n if (state_1 === \"break\")\n break;\n }\n this.p = et;\n if (oc < 0) {\n var dat = f ? buf.subarray(0, is - 12 - (oc == -2 && 8) - (b4(buf, is - 16) == 0x8074B50 && 4)) : buf.subarray(0, i);\n if (add)\n add.push(dat, !!f);\n else\n this.k[+(f == 2)].push(dat);\n }\n if (f & 2)\n return this.push(buf.subarray(i), final);\n this.p = buf.subarray(i);\n }\n if (final) {\n if (this.c)\n err(13);\n this.p = null;\n }\n };\n /**\n * Registers a decoder with the stream, allowing for files compressed with\n * the compression type provided to be expanded correctly\n * @param decoder The decoder constructor\n */\n Unzip.prototype.register = function (decoder) {\n this.o[decoder.compression] = decoder;\n };\n return Unzip;\n}());\nexport { Unzip };\nvar mt = typeof queueMicrotask == 'function' ? queueMicrotask : typeof setTimeout == 'function' ? setTimeout : function (fn) { fn(); };\nexport function unzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var files = {};\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558) {\n cbd(err(13, 0, 1), null);\n return tAll;\n }\n }\n ;\n var lft = b2(data, e + 8);\n if (lft) {\n var c = lft;\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = lft = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n var _loop_3 = function (i) {\n var _a = zh(data, o, z), c_1 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n if (d)\n files[fn] = d;\n if (!--lft)\n cbd(null, files);\n }\n };\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_1\n })) {\n if (!c_1)\n cbl(null, slc(data, b, b + sc));\n else if (c_1 == 8) {\n var infl = data.subarray(b, b + sc);\n if (sc < 320000) {\n try {\n cbl(null, inflateSync(infl, new u8(su)));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(inflate(infl, { size: su }, cbl));\n }\n else\n cbl(err(14, 'unknown compression type ' + c_1, 1), null);\n }\n else\n cbl(null, null);\n };\n for (var i = 0; i < c; ++i) {\n _loop_3(i);\n }\n }\n else\n cbd(null, {});\n return tAll;\n}\n/**\n * Synchronously decompresses a ZIP archive. Prefer using `unzip` for better\n * performance with more than one file.\n * @param data The raw compressed ZIP file\n * @param opts The ZIP extraction options\n * @returns The decompressed files\n */\nexport function unzipSync(data, opts) {\n var files = {};\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558)\n err(13);\n }\n ;\n var c = b2(data, e + 8);\n if (!c)\n return {};\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n for (var i = 0; i < c; ++i) {\n var _a = zh(data, o, z), c_2 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_2\n })) {\n if (!c_2)\n files[fn] = slc(data, b, b + sc);\n else if (c_2 == 8)\n files[fn] = inflateSync(data.subarray(b, b + sc), new u8(su));\n else\n err(14, 'unknown compression type ' + c_2);\n }\n }\n return files;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// A salt notation is used to randomize signatures.\n// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks\n// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).\n// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.\n// some chosen-prefix attacks.\n// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.\nconst SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org';\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuerKeyID,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.unknownSubpackets = [];\n this.signedHashValue = null;\n this.salt = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n this.preferredCipherSuites = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes, config = defaultConfig) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n // Only for v6 signatures, a variable-length field containing:\n if (this.version === 6) {\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[i++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(i, i + saltLength);\n i += saltLength;\n }\n\n const signatureMaterial = bytes.subarray(i, bytes.length);\n const { read, signatureParams } = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial);\n if (read < signatureMaterial.length) {\n throw new Error('Error reading MPIs');\n }\n this.params = signatureParams;\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n if (this.version === 6) {\n arr.push(new Uint8Array([this.salt.length]));\n arr.push(this.salt);\n }\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false, config) {\n this.version = key.version;\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n // add randomness to the signature\n if (this.version === 6) {\n const saltLength = saltLengthForHash(this.hashAlgorithm);\n if (this.salt === null) {\n this.salt = crypto.random.getRandomBytes(saltLength);\n } else if (saltLength !== this.salt.length) {\n throw new Error('Provided salt does not have the required length');\n }\n } else if (config.nonDeterministicSignaturesViaNotation) {\n const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME));\n // since re-signing the same object is not supported, it's not expected to have multiple salt notations,\n // but we guard against it as a sanity check\n if (saltNotations.length === 0) {\n const saltValue = crypto.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm));\n this.rawNotations.push({\n name: SALT_NOTATION_NAME,\n value: saltValue,\n humanReadable: false,\n critical: false\n });\n } else {\n throw new Error('Unexpected existing salt notation');\n }\n }\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n if (this.preferredCipherSuites !== null) {\n bytes = new Uint8Array([].concat(...this.preferredCipherSuites));\n arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = this.unhashedSubpackets.map(({ type, critical, body }) => {\n return writeSubPacket(type, critical, body);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n // Signature subpackets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n mypos++;\n\n if (!hashed) {\n this.unhashedSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuerKeyID:\n // Issuer\n if (this.version === 4) {\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n } else if (hashed) {\n // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature,\n // since the Issuer Fingerprint subpacket is to be used instead.\n // The `issuerKeyID` value will be set when reading the issuerFingerprint packet.\n // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it,\n // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed)\n // issuerFingerprint.\n // If the packet is hashed, then we reject the signature, to avoid verifying data different from\n // what was parsed.\n throw new Error('Unexpected Issuer Key ID subpacket');\n }\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion >= 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCipherSuites:\n // Preferred AEAD Cipher Suites\n this.preferredCipherSuites = [];\n for (let i = mypos; i < bytes.length; i += 2) {\n this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);\n }\n break;\n default:\n this.unknownSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n break;\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n const subpacketLengthBytes = this.version === 6 ? 4 : 2;\n\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes));\n\n let i = subpacketLengthBytes;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) {\n // avoid hashing unexpected salt size\n throw new Error('Signature salt does not have the expected length');\n }\n\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.unknownSubpackets.forEach(({ type, critical }) => {\n if (critical) {\n throw new Error(`Unknown critical signature subpacket type ${type}`);\n }\n });\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n\n/**\n * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh.\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5}\n * @param {enums.hash} hashAlgorithm - Hash algorithm.\n * @returns {Integer} Salt length.\n * @private\n */\nfunction saltLengthForHash(hashAlgorithm) {\n switch (hashAlgorithm) {\n case enums.hash.sha256: return 16;\n case enums.hash.sha384: return 24;\n case enums.hash.sha512: return 32;\n case enums.hash.sha224: return 16;\n case enums.hash.sha3_256: return 16;\n case enums.hash.sha3_512: return 32;\n default: throw new Error('Unsupported hash function');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n static fromSignaturePacket(signaturePacket, isLast) {\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.version = signaturePacket.version === 6 ? 6 : 3;\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n onePassSig.salt = signaturePacket.salt; // v6 only\n onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only\n\n onePassSig.flags = isLast ? 1 : 0;\n return onePassSig;\n }\n\n constructor() {\n /** A one-octet version number. The current versions are 3 and 6. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** Only for v6, a variable-length field containing the salt. */\n this.salt = null;\n /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */\n this.issuerFingerprint = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current versions are 3 or 6.\n this.version = bytes[mypos++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n if (this.version === 6) {\n // Only for v6 signatures, a variable-length field containing:\n\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[mypos++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(mypos, mypos + saltLength);\n mypos += saltLength;\n\n // Only for v6 packets, 32 octets of the fingerprint of the signing key.\n this.issuerFingerprint = bytes.subarray(mypos, mypos + 32);\n mypos += 32;\n this.issuerKeyID = new KeyID();\n // For v6 the Key ID is the high-order 64 bits of the fingerprint.\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n // Only for v3 packets, an eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n }\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const arr = [new Uint8Array([\n this.version,\n this.signatureType,\n this.hashAlgorithm,\n this.publicKeyAlgorithm\n ])];\n if (this.version === 6) {\n arr.push(\n new Uint8Array([this.salt.length]),\n this.salt,\n this.issuerFingerprint\n );\n } else {\n arr.push(this.issuerKeyID.write());\n }\n arr.push(new Uint8Array([this.flags]));\n return util.concatUint8Array(arr);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID) ||\n (this.version === 3 && correspondingSig.version === 6) ||\n (this.version === 6 && correspondingSig.version !== 6) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt))\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError,\n UnknownPacketError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence,\n // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored.\n // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical.\n if (e instanceof UnknownPacketError) {\n if (parsed.tag <= 39) {\n await writer.abort(e);\n } else {\n return;\n }\n }\n\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Inflate, Deflate, Zlib, Unzlib } from 'fflate';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write());\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise.\n * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator\n * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor\n * @returns {ReadableStream} compressed or decompressed data\n */\nfunction zlib(compressionStreamInstantiator, ZlibStreamedConstructor) {\n return data => {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(inputData => {\n return new Promise((resolve, reject) => {\n const zlibStream = new ZlibStreamedConstructor();\n zlibStream.ondata = processedData => {\n resolve(processedData);\n };\n try {\n zlibStream.push(inputData, true); // only one chunk to push\n } catch (err) {\n reject(err);\n }\n });\n }));\n }\n\n // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API)\n if (compressionStreamInstantiator) {\n try {\n const compressorOrDecompressor = compressionStreamInstantiator();\n return data.pipeThrough(compressorOrDecompressor);\n } catch (err) {\n // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate.\n if (err.name !== 'TypeError') {\n throw err;\n }\n }\n }\n\n // JS fallback\n const inputReader = data.getReader();\n const zlibStream = new ZlibStreamedConstructor();\n\n return new ReadableStream({\n async start(controller) {\n zlibStream.ondata = async (value, isLast) => {\n controller.enqueue(value);\n if (isLast) {\n controller.close();\n }\n };\n\n while (true) {\n const { done, value } = await inputReader.read();\n if (done) {\n zlibStream.push(new Uint8Array(), true);\n return;\n } else if (value.length) {\n zlibStream.push(value);\n }\n }\n }\n });\n };\n}\n\nfunction bzip2Decompress() {\n return async function(data) {\n const { decode: bunzipDecode } = await import('@openpgp/seek-bzip');\n return stream.fromAsync(async () => bunzipDecode(await stream.readToEnd(data)));\n };\n}\n\n/**\n * Get Compression Stream API instatiators if the constructors are implemented.\n * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported\n * (supported formats cannot be determined in advance).\n * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat\n * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }}\n */\nconst getCompressionStreamInstantiators = compressionFormat => ({\n compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)),\n decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat))\n});\n\nconst compress_fns = {\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib)\n};\n\nconst decompress_fns = {\n uncompressed: data => data,\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib),\n bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n static fromObject({ version, aeadAlgorithm }) {\n if (version !== 1 && version !== 2) {\n throw new Error('Unsupported SEIPD version');\n }\n\n const seip = new SymEncryptedIntegrityProtectedDataPacket();\n seip.version = version;\n if (version === 2) {\n seip.aeadAlgorithm = aeadAlgorithm;\n }\n\n return seip;\n }\n\n constructor() {\n this.version = null;\n\n // The following 4 fields are for V2 only.\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = null;\n this.chunkSizeByte = null;\n this.salt = null;\n\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n this.version = await reader.readByte();\n // - A one-octet version number with value 1 or 2.\n if (this.version !== 1 && this.version !== 2) {\n throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`);\n }\n\n if (this.version === 2) {\n // - A one-octet cipher algorithm.\n this.cipherAlgorithm = await reader.readByte();\n // - A one-octet AEAD algorithm.\n this.aeadAlgorithm = await reader.readByte();\n // - A one-octet chunk size.\n this.chunkSizeByte = await reader.readByte();\n // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique.\n this.salt = await reader.readBytes(32);\n }\n\n // For V1:\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n // For V2:\n // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode.\n // - A final, summary authentication tag for the AEAD mode.\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n if (this.version === 2) {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]);\n }\n return util.concat([new Uint8Array([this.version]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n const { blockSize, keySize } = crypto.getCipherParams(sessionKeyAlgorithm);\n if (key.length !== keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n\n if (this.version === 2) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n this.salt = crypto.random.getRandomBytes(32);\n this.chunkSizeByte = config.aeadChunkSizeByte;\n this.encrypted = await runAEAD(this, 'encrypt', key, bytes);\n } else {\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n }\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n if (key.length !== crypto.getCipherParams(sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n\n let packetbytes;\n if (this.version === 2) {\n if (this.cipherAlgorithm !== sessionKeyAlgorithm) {\n // sanity check\n throw new Error('Unexpected session key algorithm');\n }\n packetbytes = await runAEAD(this, 'decrypt', key, encrypted);\n } else {\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n }\n\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n\n/**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\nexport async function runAEAD(packet, fn, key, data) {\n const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2;\n const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import)\n if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type');\n\n const mode = crypto.getAEADMode(packet.aeadAlgorithm);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0;\n const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP);\n const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n let iv;\n let ivView;\n if (isSEIPDv2) {\n const { keySize } = crypto.getCipherParams(packet.cipherAlgorithm);\n const { ivLength } = mode;\n const info = new Uint8Array(adataBuffer, 0, 5);\n const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength);\n key = derived.subarray(0, keySize);\n iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy.\n iv.fill(0, iv.length - 8);\n ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n } else { // AEADEncryptedDataPacket\n iv = packet.iv;\n // ivView is unused in this case\n }\n const modeInstance = await mode(packet.cipherAlgorithm, key);\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n let nonce;\n if (isSEIPDv2) { // SEIPD V2\n nonce = iv;\n } else { // AEADEncryptedDataPacket\n nonce = iv.slice();\n for (let i = 0; i < 8; i++) {\n nonce[iv.length - 8 + i] ^= chunkIndexArray[i];\n }\n }\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, nonce, adataArray);\n cryptedPromise.catch(() => {});\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...)\n cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray);\n cryptedPromise.catch(() => {});\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line @typescript-eslint/no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n if (isSEIPDv2) { // SEIPD V2\n ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...)\n } else { // AEADEncryptedDataPacket\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n }\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.ready.catch(() => {});\n await writer.abort(e);\n }\n });\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\nimport { runAEAD } from './sym_encrypted_integrity_protected_data';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await runAEAD(this, 'decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await runAEAD(this, 'encrypt', key, data);\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = null;\n\n // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()`\n this.publicKeyID = new KeyID();\n\n // For version 6:\n this.publicKeyVersion = null;\n this.publicKeyFingerprint = null;\n\n // For all versions:\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n static fromObject({\n version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm\n }) {\n const pkesk = new PublicKeyEncryptedSessionKeyPacket();\n\n if (version !== 3 && version !== 6) {\n throw new Error('Unsupported PKESK version');\n }\n\n pkesk.version = version;\n\n if (version === 6) {\n pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version;\n pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes();\n }\n\n pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID();\n pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm;\n pkesk.sessionKey = sessionKey;\n pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm;\n\n return pkesk;\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let offset = 0;\n this.version = bytes[offset++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n if (this.version === 6) {\n // A one-octet size of the following two fields:\n // - A one octet key version number.\n // - The fingerprint of the public key or subkey to which the session key is encrypted.\n // The size may also be zero.\n const versionAndFingerprintLength = bytes[offset++];\n if (versionAndFingerprintLength) {\n this.publicKeyVersion = bytes[offset++];\n const fingerprintLength = versionAndFingerprintLength - 1;\n this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength;\n if (this.publicKeyVersion >= 5) {\n // For v5/6 the Key ID is the high-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint);\n } else {\n // For v4 The Key ID is the low-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8));\n }\n } else {\n // The size may also be zero, and the key version and\n // fingerprint omitted for an \"anonymous recipient\"\n this.publicKeyID = KeyID.wildcard();\n }\n } else {\n offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8));\n }\n this.publicKeyAlgorithm = bytes[offset++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset));\n if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) {\n if (this.version === 3) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n } else if (this.encrypted.C.algorithm !== null) {\n throw new Error('Unexpected cleartext symmetric algorithm');\n }\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version])\n ];\n\n if (this.version === 6) {\n if (this.publicKeyFingerprint !== null) {\n arr.push(new Uint8Array([\n this.publicKeyFingerprint.length + 1,\n this.publicKeyVersion]\n ));\n arr.push(this.publicKeyFingerprint);\n } else {\n arr.push(new Uint8Array([0]));\n }\n } else {\n arr.push(this.publicKeyID.write());\n }\n\n arr.push(\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n );\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a\n // v6 PKESK packet, as it is included in the v2 SEIPD packet.\n const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n if (this.version === 3) {\n // v3 Montgomery curves have cleartext cipher algo\n const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448;\n this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm;\n\n if (sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n // add checksum\n return util.concatUint8Array([\n new Uint8Array(version === 6 ? [] : [cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = version === 6 ?\n { sessionKeyAlgorithm: null, sessionKey: result } :\n { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: version === 6 ? null : util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && (\n version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm));\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return {\n sessionKeyAlgorithm: null,\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 6 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number with value 4, 5 or 6.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following 5 fields.\n offset++;\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version >= 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following field.\n offset++;\n }\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n const s2kType = bytes[offset++];\n this.s2k = newS2KFromType(s2kType);\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version >= 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n const s2k = this.s2k.write();\n if (this.version === 6) {\n const s2kLen = s2k.length;\n const fieldsLen = 3 + s2kLen + this.iv.length;\n bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]);\n } else if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n if (this.sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n } else {\n // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v6Keys ? 6 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes, config = defaultConfig) {\n let pos = 0;\n // A one-octet version number (4, 5 or 6).\n this.version = bytes[pos++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version === 4 || this.version === 5 || this.version === 6) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version >= 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (\n this.version === 6 &&\n publicParams.oid && (\n publicParams.oid.getName() === enums.curve.curve25519Legacy ||\n publicParams.oid.getName() === enums.curve.ed25519Legacy\n )\n ) {\n throw new Error('Legacy curve25519 cannot be used with v6 keys');\n }\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version >= 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n const versionOctet = 0x95 + version;\n const lengthOctets = version >= 5 ? 4 : 2;\n return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version >= 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version >= 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line @typescript-eslint/no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError, writeTag } from './packet';\nimport computeHKDF from '../crypto/hkdf';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis\n * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older).\n * This value is only relevant to know how to decrypt the key:\n * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism.\n * @type {Boolean}\n * @private\n */\n this.isLegacyAEAD = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n /**\n * `true` for keys whose integrity is already confirmed, based on\n * the AEAD encryption mechanism\n * @type {Boolean}\n * @private\n */\n this.usedModernAEAD = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes, config = defaultConfig) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes, config);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n // - Only for a version 6 packet where the secret key material is\n // encrypted (that is, where the previous octet is not zero), a one-\n // octet scalar octet count of the cumulative length of all the\n // following optional string-to-key parameter fields.\n if (this.version === 6 && this.s2kUsage) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n i++;\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n const s2kType = bytes[i++];\n this.s2k = newS2KFromType(s2kType);\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n\n if (this.s2kUsage) {\n // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5).\n // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format).\n // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always\n // fail if the key was parsed according to the wrong format, since the keys are processed differently.\n // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag.\n this.isLegacyAEAD = this.s2kUsage === 253 && (\n this.version === 5 || (this.version === 4 && config.parseAEADEncryptedV4KeysAsLegacy));\n // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV)\n // of the same length as the cipher's block size.\n // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the\n // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm.\n // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero\n if (this.s2kUsage !== 253 || this.isLegacyAEAD) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipherParams(this.symmetric).blockSize\n );\n this.usedModernAEAD = false;\n } else {\n // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted),\n // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which\n // is used as the nonce for the AEAD algorithm.\n this.iv = bytes.subarray(\n i,\n i + crypto.getAEADMode(this.aead).ivLength\n );\n // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation.\n this.usedModernAEAD = true;\n }\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n let cleartext;\n if (this.version === 6) {\n cleartext = this.keyMaterial;\n } else {\n cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n }\n try {\n const { read, privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n if (read < cleartext.length) {\n throw new Error('Error reading MPIs');\n }\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n const s2k = this.s2k.write();\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n optionalFieldsArr.push(s2k.length);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...s2k);\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5 || (this.version === 6 && this.s2kUsage)) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage && this.version !== 6) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = newS2KFromType(enums.s2k.gnu, config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n this.isLegacyAEAD = null;\n this.usedModernAEAD = null;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n\n const { blockSize } = crypto.getCipherParams(this.symmetric);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = config.preferredAEADAlgorithm;\n const mode = crypto.getAEADMode(this.aead);\n this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead.\n this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material\n\n const serializedPacketTag = writeTag(this.constructor.tag);\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n\n const modeInstance = await mode(this.symmetric, key);\n this.iv = this.isLegacyAEAD ? crypto.random.getRandomBytes(blockSize) : crypto.random.getRandomBytes(mode.ivLength);\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData);\n } else {\n this.s2kUsage = 254;\n this.usedModernAEAD = false;\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(\n this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData);\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n this.aead = null;\n this.symmetric = null;\n this.isLegacyAEAD = null;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n if (this.usedModernAEAD) {\n // key integrity confirmed by successful AEAD decryption\n return;\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (this.version === 6 && (\n (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||\n this.algorithm === enums.publicKey.eddsaLegacy\n )) {\n throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);\n }\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\n/**\n * Derive encryption key\n * @param {Number} keyVersion - key derivation differs for v5 keys\n * @param {module:type/s2k} s2k\n * @param {String} passphrase\n * @param {module:enums.symmetric} cipherAlgo\n * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5)\n * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5)\n * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only)\n * @returns encryption key\n */\nasync function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) {\n if (s2k.type === 'argon2' && !aeadMode) {\n throw new Error('Using Argon2 S2K without AEAD is not allowed');\n }\n if (s2k.type === 'simple' && keyVersion === 6) {\n throw new Error('Using Simple S2K with version 6 keys is not allowed');\n }\n const { keySize } = crypto.getCipherParams(cipherAlgo);\n const derivedKey = await s2k.produceKey(passphrase, keySize);\n if (!aeadMode || keyVersion === 5 || isLegacyAEAD) {\n return derivedKey;\n }\n const info = util.concatUint8Array([\n serializedPacketTag,\n new Uint8Array([keyVersion, cipherAlgo, aeadMode])\n ]);\n return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize);\n}\n\nexport default SecretKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n\n /**\n * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1,\n * as well comments placed between the name (if present) and the bracketed email address:\n * - name (comment) \n * - email\n * In the first case, the `email` is the only required part, and it must contain the `@` symbol.\n * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`,\n * since they interfere with `comment` parsing.\n */\n const re = /^(?[^()]+\\s+)?(?\\([^()]+\\)\\s+)?(?<\\S+@\\S+>)$/;\n const matches = re.exec(userID);\n if (matches !== null) {\n const { name, comment, email } = matches.groups;\n this.comment = comment?.replace(/^\\(|\\)|\\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace\n this.name = name?.trim() || '';\n this.email = email.substring(1, email.length - 1); // remove brackets\n } else if (/^[^\\s@]+@[^\\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace\n this.email = userID;\n }\n\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2022 Proton AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport crypto from '../crypto';\nimport enums from '../enums';\n\n/**\n * Implementation of the Padding Packet\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}:\n * Padding Packet\n */\nclass PaddingPacket {\n static get tag() {\n return enums.packet.padding;\n }\n\n constructor() {\n this.padding = null;\n }\n\n /**\n * Read a padding packet\n * @param {Uint8Array | ReadableStream} bytes\n */\n read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars\n // Padding packets are ignored, so this function is never called.\n }\n\n /**\n * Write the padding packet\n * @returns {Uint8Array} The padding packet.\n */\n write() {\n return this.padding;\n }\n\n /**\n * Create random padding.\n * @param {Number} length - The length of padding to be generated.\n * @throws {Error} if padding generation was not successful\n * @async\n */\n async createPadding(length) {\n this.padding = await crypto.random.getRandomBytes(length);\n }\n}\n\nexport default PaddingPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures,\n * `enums.signatures.certGeneric` should be given regardless of the actual trust level)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm for a set of keys.\n * @param {Array} [targetKeys] - The keys to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {\n /**\n * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the\n * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).\n * if no keys are available, `preferredSenderAlgo` is returned.\n * For ECC signing key, the curve preferred hash is taken into account as well (see logic below).\n */\n const defaultAlgo = enums.hash.sha256; // MUST implement\n const preferredSenderAlgo = config.preferredHashAlgorithm;\n\n const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => {\n const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config);\n const targetPrefs = selfCertification.preferredHashAlgorithms;\n return targetPrefs;\n }));\n const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys\n for (const supportedAlgos of supportedAlgosPerTarget) {\n for (const hashAlgo of supportedAlgos) {\n try {\n // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on\n const supportedAlgo = enums.write(enums.hash, hashAlgo);\n supportedAlgosMap.set(\n supportedAlgo,\n supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1\n );\n } catch {}\n }\n }\n const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo;\n const getStrongestSupportedHashAlgo = () => {\n if (supportedAlgosMap.size === 0) {\n return defaultAlgo;\n }\n const sortedHashAlgos = Array.from(supportedAlgosMap.keys())\n .filter(hashAlgo => isSupportedHashAlgo(hashAlgo))\n .sort((algoA, algoB) => crypto.hash.getHashByteLength(algoA) - crypto.hash.getHashByteLength(algoB));\n const strongestHashAlgo = sortedHashAlgos[0];\n // defaultAlgo is always implicilty supported, and might be stronger than the rest\n return crypto.hash.getHashByteLength(strongestHashAlgo) >= crypto.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo;\n };\n\n const eccAlgos = new Set([\n enums.publicKey.ecdsa,\n enums.publicKey.eddsaLegacy,\n enums.publicKey.ed25519,\n enums.publicKey.ed448\n ]);\n\n if (eccAlgos.has(signingKeyPacket.algorithm)) {\n // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:\n // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5\n // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough;\n // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve\n // preferred algo, even if not supported by all targets.\n const preferredCurveAlgo = crypto.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid);\n\n const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo);\n const preferredSenderAlgoStrongerThanCurveAlgo = crypto.hash.getHashByteLength(preferredSenderAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo);\n\n if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) {\n return preferredSenderAlgo;\n } else {\n const strongestSupportedAlgo = getStrongestSupportedHashAlgo();\n return crypto.hash.getHashByteLength(strongestSupportedAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo) ?\n strongestSupportedAlgo :\n preferredCurveAlgo;\n }\n }\n\n // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this,\n // since it was manually set by the sender.\n return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo();\n}\n\n/**\n * Returns the preferred compression algorithm for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred compression algorithm\n * @async\n */\nexport async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = enums.compression.uncompressed;\n const preferredSenderAlgo = config.preferredCompressionAlgorithm;\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config);\n const recipientPrefs = selfCertification.preferredCompressionAlgorithms;\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred\n * @async\n */\nexport async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));\n const withAEAD = keys.length ?\n selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :\n config.aeadProtect;\n\n if (withAEAD) {\n const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };\n const desiredCipherSuites = [\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },\n { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }\n ];\n for (const desiredCipherSuite of desiredCipherSuites) {\n if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(\n cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo\n ))) {\n return desiredCipherSuite;\n }\n }\n return defaultCipherSuite;\n }\n const defaultSymAlgo = enums.symmetric.aes128;\n const desiredSymAlgo = config.preferredSymmetricAlgorithm;\n return {\n symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ?\n desiredSymAlgo :\n defaultSymAlgo,\n aeadAlgo: undefined\n };\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {Array} recipientKeys - keys to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config);\n signaturePacket.rawNotations = [...notations];\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n const isHardRevocation = ![\n enums.reasonForRevocation.keyRetired,\n enums.reasonForRevocation.keySuperseded,\n enums.reasonForRevocation.userIDInvalid\n ].includes(revocationSignature.reasonForRevocationFlag);\n\n await revocationSignature.verify(\n key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve`\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy ||\n options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'curve25519':\n options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519;\n break;\n case 'curve448':\n options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448;\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function validateSigningKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateEncryptionKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateDecryptionKeyPacket(keyPacket, signature, config) {\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateSigningKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateEncryptionKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n if (primaryKey.version !== 6) {\n // check for expiration time in direct signatures (for V6 keys, the above already did so)\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const selfCertification = await this.getPrimarySelfSignature(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature.\n await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * For V4 keys, returns the self-signature of the primary user.\n * For V5 keys, returns the latest valid direct-key self-signature.\n * This self-signature is to be used to check the key expiration,\n * algorithm preferences, and so on.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} The primary self-signature\n * @async\n */\n async getPrimarySelfSignature(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n if (primaryKey.version === 6) {\n return helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n );\n }\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n return selfCertification;\n }\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config);\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @throws {Error} if no decryption key is found\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n let exception = null;\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n if (this.subkeys[i].keyPacket.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n continue;\n }\n\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n // evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && helper.validateDecryptionKeyPacket(primaryKey, selfCertification, config)) {\n if (primaryKey.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n } else {\n keys.push(this);\n }\n }\n\n if (keys.length === 0) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('No decryption key packets found');\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.\n * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).\n * Note: Curve448 and Curve25519 are not widely supported yet.\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n // Every subkey for a v4 primary key MUST be a v4 subkey.\n // Every subkey for a v6 primary key MUST be a v6 subkey.\n // For v5 keys, since we dropped generation support, a v4 subkey is added.\n // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.\n const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nfunction getDefaultSubkeyType(algoName) {\n const algo = enums.write(enums.publicKey, algoName);\n // NB: no encryption-only algos, since they cannot be in primary keys\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n return 'rsa';\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return 'ecc';\n case enums.publicKey.ed25519:\n return 'curve25519';\n case enums.publicKey.ed448:\n return 'curve448';\n default:\n throw new Error('Unsupported algorithm');\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format).\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n function getKeySignatureProperties() {\n const signatureProperties = {};\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n const symmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128\n ], config.preferredSymmetricAlgorithm);\n signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;\n if (config.aeadProtect) {\n const aeadAlgorithms = createPreferredAlgos([\n enums.aead.gcm,\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {\n return symmetricAlgorithms.map(symmetricAlgorithm => {\n return [symmetricAlgorithm, aeadAlgorithm];\n });\n });\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512,\n enums.hash.sha3_256,\n enums.hash.sha3_512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.uncompressed,\n enums.compression.zlib,\n enums.compression.zip\n ], config.preferredCompressionAlgorithm);\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.seipdv2;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n return signatureProperties;\n }\n\n if (secretKeyPacket.version === 6) { // add direct key signature with key prefs\n const dataToSign = {\n key: secretKeyPacket\n };\n\n const signatureProperties = getKeySignatureProperties();\n signatureProperties.signatureType = enums.signature.key;\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n packetlist.push(signaturePacket);\n }\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {\n userID: userIDPacket,\n key: secretKeyPacket\n };\n const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};\n signatureProperties.signatureType = enums.signature.certPositive;\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);\n return createKey(firstKeyPacketList);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n return new PrivateKey(firstPrivateKeyList);\n }\n throw new Error('No secret key packet found');\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n if (keys.length === 0) {\n throw new Error('No secret key packet found');\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport { Argon2OutOfMemoryError } from './type/s2k';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredCipherSuite, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm;\n\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config);\n\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable)\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n if (err instanceof Argon2OutOfMemoryError) {\n exception = err;\n }\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let decryptionKeyPackets;\n try {\n // do not check key expiration to allow decryption of old messages\n decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n } catch (err) {\n exception = err;\n return;\n }\n\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config); // TODO: Pass userID from somewhere.\n if (selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all((\n expectedSymmetricAlgorithm ?\n [expectedSymmetricAlgorithm] :\n Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)\n ).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm;\n if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config);\n const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo);\n const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) &&\n !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(symmetricAlgo);\n return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({\n version: aeadAlgorithmName ? 2 : 1,\n aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null\n });\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n\n const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({\n version: aeadAlgorithm ? 6 : 3,\n encryptionKeyPacket: encryptionKey.keyPacket,\n anonymousRecipient: wildcard,\n sessionKey,\n sessionKeyAlgorithm: symmetricAlgorithm\n });\n\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config); // this returns the existing signature packets as well\n const onePassSignaturePackets = signaturePackets.map(\n (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0))\n .reverse(); // innermost OPS refers to the first signature packet\n\n packetlist.push(...onePassSignaturePackets);\n packetlist.push(literalDataPacket);\n packetlist.push(...signaturePackets);\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n const trailingPacket = this.packets[this.packets.length - 1];\n // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer.\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ?\n trailingPacket.version !== 2 :\n this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const signingUserID = signingUserIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config);\n return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n const input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // emit header and checksum if one of the signatures has a version not 6\n const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6);\n const hash = emitHeaderAndChecksum ?\n Array.from(new Set(this.signature.packets.map(\n packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase()\n ))).join() :\n null;\n\n const body = {\n hash,\n text: this.text,\n data: this.signature.packets.write()\n };\n\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n const hashAlgos = [];\n headers.forEach(header => {\n const hashHeader = header.match(/^Hash: (.+)$/); // get header value\n if (hashHeader) {\n const parsedHashIDs = hashHeader[1]\n .replace(/\\s/g, '') // remove whitespace\n .split(',')\n .map(hashName => {\n try {\n return enums.write(enums.hash, hashName.toLowerCase());\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase());\n }\n });\n hashAlgos.push(...parsedHashIDs);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredCompressionAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).\n * Note: Curve448 and Curve25519 (new format) are not widely supported yet.\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:\n * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n if (!type && !curve) {\n type = config.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them)\n curve = 'curve25519Legacy'; // unused with type != 'ecc'\n } else {\n type = type || 'ecc';\n curve = curve || 'curve25519Legacy';\n }\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && !config.v6Keys) {\n throw new Error('UserIDs are required for V4 keys');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) {\n throw new Error('UserIDs are required for V4 keys');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return await convertStream(data);\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return await convertStream(signature);\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data) {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\n// copied from utils\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(h) {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.wrapConstructor');\n number(h.outputLen);\n number(h.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","// We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+.\n// Falls back to Node.js built-in crypto for Node.js <=v14\n// See utils.ts for details.\n// @ts-ignore\nimport * as nc from 'node:crypto';\nexport const crypto = nc && typeof nc === 'object' && 'webcrypto' in nc\n ? nc.webcrypto\n : nc && typeof nc === 'object' && 'randomBytes' in nc\n ? nc\n : undefined;\n//# sourceMappingURL=cryptoNode.js.map","/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0);\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// For runtime check if class implements interface\nexport class Hash {\n // Safe version that clones internal state\n clone() {\n return this._cloneInto();\n }\n}\nconst toStr = {}.toString;\nexport function checkOpts(defaults, opts) {\n if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n throw new Error('Options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\nexport function wrapConstructor(hashCons) {\n const hashC = (msg) => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\nexport function wrapConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\nexport function wrapXOFConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32) {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return crypto.randomBytes(bytesLength);\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n//# sourceMappingURL=utils.js.map","import { exists, output } from './_assert.js';\nimport { Hash, createView, toBytes } from './utils.js';\n/**\n * Polyfill for Safari 14\n */\nfunction setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/**\n * Choice: a ? b : c\n */\nexport const Chi = (a, b, c) => (a & b) ^ (~a & c);\n/**\n * Majority function, true if any two inputs is true\n */\nexport const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n */\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n exists(this);\n const { view, buffer, blockLen } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n exists(this);\n output(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n this.buffer.subarray(pos).fill(0);\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to || (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.length = length;\n to.pos = pos;\n to.finished = finished;\n to.destroyed = destroyed;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n}\n//# sourceMappingURL=_md.js.map","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotr, wrapConstructor } from './utils.js';\n// SHA2-256 need to try 2^128 hashes to execute birthday attack.\n// BTC network is doing 2^67 hashes/sec as per early 2023.\n// Round constants:\n// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ new Uint32Array([\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n// Initial state:\n// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19\n// prettier-ignore\nconst SHA256_IV = /* @__PURE__ */ new Uint32Array([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\nexport class SHA256 extends HashMD {\n constructor() {\n super(64, 32, 8, false);\n // We cannot use array here since array allows indexing by variable\n // which means optimizer/compiler cannot use registers.\n this.A = SHA256_IV[0] | 0;\n this.B = SHA256_IV[1] | 0;\n this.C = SHA256_IV[2] | 0;\n this.D = SHA256_IV[3] | 0;\n this.E = SHA256_IV[4] | 0;\n this.F = SHA256_IV[5] | 0;\n this.G = SHA256_IV[6] | 0;\n this.H = SHA256_IV[7] | 0;\n }\n get() {\n const { A, B, C, D, E, F, G, H } = this;\n return [A, B, C, D, E, F, G, H];\n }\n // prettier-ignore\n set(A, B, C, D, E, F, G, H) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n this.F = F | 0;\n this.G = G | 0;\n this.H = H | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4)\n SHA256_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 64; i++) {\n const W15 = SHA256_W[i - 15];\n const W2 = SHA256_W[i - 2];\n const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n }\n // Compression function main loop, 64 rounds\n let { A, B, C, D, E, F, G, H } = this;\n for (let i = 0; i < 64; i++) {\n const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n const T2 = (sigma0 + Maj(A, B, C)) | 0;\n H = G;\n G = F;\n F = E;\n E = (D + T1) | 0;\n D = C;\n C = B;\n B = A;\n A = (T1 + T2) | 0;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n F = (F + this.F) | 0;\n G = (G + this.G) | 0;\n H = (H + this.H) | 0;\n this.set(A, B, C, D, E, F, G, H);\n }\n roundClean() {\n SHA256_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\nclass SHA224 extends SHA256 {\n constructor() {\n super();\n this.A = 0xc1059ed8 | 0;\n this.B = 0x367cd507 | 0;\n this.C = 0x3070dd17 | 0;\n this.D = 0xf70e5939 | 0;\n this.E = 0xffc00b31 | 0;\n this.F = 0x68581511 | 0;\n this.G = 0x64f98fa7 | 0;\n this.H = 0xbefa4fa4 | 0;\n this.outputLen = 28;\n }\n}\n/**\n * SHA2-256 hash function\n * @param message - data that would be hashed\n */\nexport const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());\n/**\n * SHA2-224 hash function\n */\nexport const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224());\n//# sourceMappingURL=sha256.js.map","import { hash as assertHash, bytes as assertBytes, exists as assertExists } from './_assert.js';\nimport { Hash, toBytes } from './utils.js';\n// HMAC (RFC 2104)\nexport class HMAC extends Hash {\n constructor(hash, _key) {\n super();\n this.finished = false;\n this.destroyed = false;\n assertHash(hash);\n const key = toBytes(_key);\n this.iHash = hash.create();\n if (typeof this.iHash.update !== 'function')\n throw new Error('Expected instance of class which extends utils.Hash');\n this.blockLen = this.iHash.blockLen;\n this.outputLen = this.iHash.outputLen;\n const blockLen = this.blockLen;\n const pad = new Uint8Array(blockLen);\n // blockLen can be bigger than outputLen\n pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36;\n this.iHash.update(pad);\n // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone\n this.oHash = hash.create();\n // Undo internal XOR && apply outer XOR\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36 ^ 0x5c;\n this.oHash.update(pad);\n pad.fill(0);\n }\n update(buf) {\n assertExists(this);\n this.iHash.update(buf);\n return this;\n }\n digestInto(out) {\n assertExists(this);\n assertBytes(out, this.outputLen);\n this.finished = true;\n this.iHash.digestInto(out);\n this.oHash.update(out);\n this.oHash.digestInto(out);\n this.destroy();\n }\n digest() {\n const out = new Uint8Array(this.oHash.outputLen);\n this.digestInto(out);\n return out;\n }\n _cloneInto(to) {\n // Create new instance without calling constructor since key already in state and we don't know it.\n to || (to = Object.create(Object.getPrototypeOf(this), {}));\n const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;\n to = to;\n to.finished = finished;\n to.destroyed = destroyed;\n to.blockLen = blockLen;\n to.outputLen = outputLen;\n to.oHash = oHash._cloneInto(to.oHash);\n to.iHash = iHash._cloneInto(to.iHash);\n return to;\n }\n destroy() {\n this.destroyed = true;\n this.oHash.destroy();\n this.iHash.destroy();\n }\n}\n/**\n * HMAC: RFC2104 message authentication code.\n * @param hash - function that would be used e.g. sha256\n * @param key - message key\n * @param message - message data\n * @example\n * import { hmac } from '@noble/hashes/hmac';\n * import { sha256 } from '@noble/hashes/sha2';\n * const mac1 = hmac(sha256, 'key', 'message');\n */\nexport const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();\nhmac.create = (hash, key) => new HMAC(hash, key);\n//# sourceMappingURL=hmac.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// 100 lines of code in the file are duplicated from noble-hashes (utils).\n// This is OK: `abstract` directory does not use noble-hashes.\n// User may opt-in into using different hashing library. This way, noble-hashes\n// won't be included into their bundle.\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nexport function abytes(item) {\n if (!isBytes(item))\n throw new Error('Uint8Array expected');\n}\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(`${title} must be valid boolean, got \"${value}\".`);\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? `0${hex}` : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes(bytes);\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'private key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes(hex);\n }\n catch (e) {\n throw new Error(`${title} must be valid hex string, got \"${hex}\". Cause: ${e}`);\n }\n }\n else if (isBytes(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(`${title} must be hex string or Uint8Array`);\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);\n return res;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;\n// DRBG\nconst u8n = (data) => new Uint8Array(data); // creates Uint8Array\nconst u8fr = (arr) => Uint8Array.from(arr); // another shortcut\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n()) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error(`Invalid validator \"${type}\", expected function`);\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Utilities for modular arithmetics and finite fields\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js';\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);\n// prettier-ignore\nconst _9n = BigInt(9), _16n = BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/**\n * Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n */\n// TODO: use field version && remove\nexport function pow(num, power, modulo) {\n if (modulo <= _0n || power < _0n)\n throw new Error('Expected power/modulo > 0');\n if (modulo === _1n)\n return _0n;\n let res = _1n;\n while (power > _0n) {\n if (power & _1n)\n res = (res * num) % modulo;\n num = (num * num) % modulo;\n power >>= _1n;\n }\n return res;\n}\n// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res *= res;\n res %= modulo;\n }\n return res;\n}\n// Inverses number over modulo\nexport function invert(number, modulo) {\n if (number === _0n || modulo <= _0n) {\n throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);\n }\n // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u * q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n/**\n * Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * Will start an infinite loop if field order P is not prime.\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n */\nexport function tonelliShanks(P) {\n // Legendre constant: used to calculate Legendre symbol (a | p),\n // which denotes the value of a^((p-1)/2) (mod p).\n // (a | p) ≡ 1 if a is a square (mod p)\n // (a | p) ≡ -1 if a is not a square (mod p)\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreC = (P - _1n) / _2n;\n let Q, S, Z;\n // Step 1: By factoring out powers of 2 from p - 1,\n // find q and s such that p - 1 = q*(2^s) with q odd\n for (Q = P - _1n, S = 0; Q % _2n === _0n; Q /= _2n, S++)\n ;\n // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq\n for (Z = _2n; Z < P && pow(Z, legendreC, P) !== P - _1n; Z++)\n ;\n // Fast-path\n if (S === 1) {\n const p1div4 = (P + _1n) / _4n;\n return function tonelliFast(Fp, n) {\n const root = Fp.pow(n, p1div4);\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Slow-path\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1\n if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))\n throw new Error('Cannot find square root');\n let r = S;\n // TODO: will fail at Fp2/etc\n let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b\n let x = Fp.pow(n, Q1div2); // first guess at the square root\n let b = Fp.pow(n, Q); // first guess at the fudge factor\n while (!Fp.eql(b, Fp.ONE)) {\n if (Fp.eql(b, Fp.ZERO))\n return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0)\n // Find m such b^(2^m)==1\n let m = 1;\n for (let t2 = Fp.sqr(b); m < r; m++) {\n if (Fp.eql(t2, Fp.ONE))\n break;\n t2 = Fp.sqr(t2); // t2 *= t2\n }\n // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow\n const ge = Fp.pow(g, _1n << BigInt(r - m - 1)); // ge = 2^(r-m-1)\n g = Fp.sqr(ge); // g = ge * ge\n x = Fp.mul(x, ge); // x *= ge\n b = Fp.mul(b, g); // b *= g\n r = m;\n }\n return x;\n };\n}\nexport function FpSqrt(P) {\n // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.\n // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n // P ≡ 3 (mod 4)\n // √n = n^((P+1)/4)\n if (P % _4n === _3n) {\n // Not all roots possible!\n // const ORDER =\n // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn;\n // const NUM = 72057594037927816n;\n const p1div4 = (P + _1n) / _4n;\n return function sqrt3mod4(Fp, n) {\n const root = Fp.pow(n, p1div4);\n // Throw if root**2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10)\n if (P % _8n === _5n) {\n const c1 = (P - _5n) / _8n;\n return function sqrt5mod8(Fp, n) {\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, c1);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // P ≡ 9 (mod 16)\n if (P % _16n === _9n) {\n // NOTE: tonelli is too slow for bls-Fp2 calculations even on start\n // Means we cannot use sqrt for constants at all!\n //\n // const c1 = Fp.sqrt(Fp.negate(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n // const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n // const c3 = Fp.sqrt(Fp.negate(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n // const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n // sqrt = (x) => {\n // let tv1 = Fp.pow(x, c4); // 1. tv1 = x^c4\n // let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n // const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n // let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n // const e1 = Fp.equals(Fp.square(tv2), x); // 5. e1 = (tv2^2) == x\n // const e2 = Fp.equals(Fp.square(tv3), x); // 6. e2 = (tv3^2) == x\n // tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n // tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n // const e3 = Fp.equals(Fp.square(tv2), x); // 9. e3 = (tv2^2) == x\n // return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n // }\n }\n // Other cases: Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/**\n * Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n */\nexport function FpPow(f, num, power) {\n // Should have same speed as pow for bigints\n // TODO: benchmark!\n if (power < _0n)\n throw new Error('Expected power > 0');\n if (power === _0n)\n return f.ONE;\n if (power === _1n)\n return num;\n let p = f.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = f.mul(p, d);\n d = f.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/**\n * Efficiently invert an array of Field elements.\n * `inv(0)` will return `undefined` here: make sure to throw an error.\n */\nexport function FpInvertBatch(f, nums) {\n const tmp = new Array(nums.length);\n // Walk from first to last, multiply them by each other MOD p\n const lastMultiplied = nums.reduce((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = acc;\n return f.mul(acc, num);\n }, f.ONE);\n // Invert last element\n const inverted = f.inv(lastMultiplied);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = f.mul(acc, tmp[i]);\n return f.mul(acc, num);\n }, inverted);\n return tmp;\n}\nexport function FpDiv(f, lhs, rhs) {\n return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));\n}\nexport function FpLegendre(order) {\n // (a | p) ≡ 1 if a is a square (mod p), quadratic residue\n // (a | p) ≡ -1 if a is not a square (mod p), quadratic non residue\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreConst = (order - _1n) / _2n; // Integer arithmetic\n return (f, x) => f.pow(x, legendreConst);\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(f) {\n const legendre = FpLegendre(f.ORDER);\n return (x) => {\n const p = legendre(f, x);\n return f.eql(p, f.ZERO) || f.eql(p, f.ONE);\n };\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/**\n * Initializes a finite field over prime. **Non-primes are not supported.**\n * Do not init in loop: slow. Very fragile: always run a benchmark on a change.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * NOTE: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n */\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('Field lengths over 2048 bytes are not supported');\n const sqrtP = FpSqrt(ORDER);\n const f = Object.freeze({\n ORDER,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num * num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt || ((n) => sqrtP(f, n)),\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // TODO: do we really need constant cmov?\n // We don't have const-time bigints anyway, so probably will be not very useful\n cmov: (a, b, c) => (c ? b : a),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use mapKeyToField instead\n */\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 || hashLen < minLen || hashLen > 1024)\n throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/**\n * Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n */\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/**\n * Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n */\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 || len < minLen || len > 1024)\n throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);\n const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Abelian group utilities\nimport { validateField, nLength } from './modular.js';\nimport { validateObject, bitLen } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)\n// Elliptic curve multiplication of Point by scalar. Fragile.\n// Scalars should always be less than curve order: this should be checked inside of a curve itself.\n// Creates precomputation tables for fast multiplication:\n// - private scalar is split by fixed size windows of W bits\n// - every window point is collected from window's table & added to accumulator\n// - since windows are different, same point inside tables won't be accessed more than once per calc\n// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n// - +1 window is neccessary for wNAF\n// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow\n// windows to be in different memory locations\nexport function wNAF(c, bits) {\n const constTimeNegate = (condition, item) => {\n const neg = item.negate();\n return condition ? neg : item;\n };\n const validateW = (W) => {\n if (!Number.isSafeInteger(W) || W <= 0 || W > bits)\n throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);\n };\n const opts = (W) => {\n validateW(W);\n const windows = Math.ceil(bits / W) + 1; // +1, because\n const windowSize = 2 ** (W - 1); // -1 because we skip zero\n return { windows, windowSize };\n };\n return {\n constTimeNegate,\n // non-const time multiplication ladder\n unsafeLadder(elm, n) {\n let p = c.ZERO;\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /**\n * Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @returns precomputed point tables flattened to a single array\n */\n precomputeWindow(elm, W) {\n const { windows, windowSize } = opts(W);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // =1, because we skip zero\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /**\n * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n */\n wNAF(W, precomputes, n) {\n // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise\n // But need to carefully remove other checks before wNAF. ORDER == bits here\n const { windows, windowSize } = opts(W);\n let p = c.ZERO;\n let f = c.BASE;\n const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.\n const maxNumber = 2 ** W;\n const shiftBy = BigInt(W);\n for (let window = 0; window < windows; window++) {\n const offset = window * windowSize;\n // Extract W bits.\n let wbits = Number(n & mask);\n // Shift number by W bits.\n n >>= shiftBy;\n // If the bits are bigger than max size, we'll split those.\n // +224 => 256 - 32\n if (wbits > windowSize) {\n wbits -= maxNumber;\n n += _1n;\n }\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 ** W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n // Check if we're onto Zero point.\n // Add random point inside current window to f.\n const offset1 = offset;\n const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero\n const cond1 = window % 2 !== 0;\n const cond2 = wbits < 0;\n if (wbits === 0) {\n // The most important part for const-time getPublicKey\n f = f.add(constTimeNegate(cond1, precomputes[offset1]));\n }\n else {\n p = p.add(constTimeNegate(cond2, precomputes[offset2]));\n }\n }\n // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ()\n // Even if the variable is still unused, there are some checks which will\n // throw an exception, so compiler needs to prove they won't happen, which is hard.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n wNAFCached(P, n, transform) {\n const W = pointWindowSizes.get(P) || 1;\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return this.wNAF(W, comp, n);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/**\n * Pippenger algorithm for multi-scalar multiplication (MSM).\n * MSM is basically (Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster with precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param field field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n */\nexport function pippenger(c, field, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)\n throw new Error('arrays of points and scalars must have equal length');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error(`wrong scalar at index ${i}`);\n });\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error(`wrong point at index ${i}`);\n });\n const wbits = bitLen(BigInt(points.length));\n const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits\n const MASK = (1 << windowSize) - 1;\n const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array\n const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;\n let sum = c.ZERO;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(c.ZERO);\n for (let j = 0; j < scalars.length; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = c.ZERO; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Short Weierstrass curve. The formula is: y² = x³ + ax + b\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport * as mod from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\nfunction validateSigVerOpts(opts) {\n if (opts.lowS !== undefined)\n abool('lowS', opts.lowS);\n if (opts.prehash !== undefined)\n abool('prehash', opts.prehash);\n}\nfunction validatePointOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n a: 'field',\n b: 'field',\n }, {\n allowedPrivateKeyLengths: 'array',\n wrapPrivateKey: 'boolean',\n isTorsionFree: 'function',\n clearCofactor: 'function',\n allowInfinityPoint: 'boolean',\n fromBytes: 'function',\n toBytes: 'function',\n });\n const { endo, Fp, a } = opts;\n if (endo) {\n if (!Fp.eql(a, Fp.ZERO)) {\n throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');\n }\n if (typeof endo !== 'object' ||\n typeof endo.beta !== 'bigint' ||\n typeof endo.splitScalar !== 'function') {\n throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');\n }\n }\n return Object.freeze({ ...opts });\n}\nconst { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;\n/**\n * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:\n *\n * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]\n *\n * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html\n */\nexport const DER = {\n // asn.1 DER encoding utils\n Err: class DERErr extends Error {\n constructor(m = '') {\n super(m);\n }\n },\n // Basic building block is TLV (Tag-Length-Value)\n _tlv: {\n encode: (tag, data) => {\n const { Err: E } = DER;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length & 1)\n throw new E('tlv.encode: unpadded data');\n const dataLen = data.length / 2;\n const len = ut.numberToHexUnpadded(dataLen);\n if ((len.length / 2) & 128)\n throw new E('tlv.encode: long form length too big');\n // length of length with long form flag\n const lenLen = dataLen > 127 ? ut.numberToHexUnpadded((len.length / 2) | 128) : '';\n return `${ut.numberToHexUnpadded(tag)}${lenLen}${len}${data}`;\n },\n // v - value, l - left bytes (unparsed)\n decode(tag, data) {\n const { Err: E } = DER;\n let pos = 0;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length < 2 || data[pos++] !== tag)\n throw new E('tlv.decode: wrong tlv');\n const first = data[pos++];\n const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form\n let length = 0;\n if (!isLong)\n length = first;\n else {\n // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]\n const lenLen = first & 127;\n if (!lenLen)\n throw new E('tlv.decode(long): indefinite length not supported');\n if (lenLen > 4)\n throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js\n const lengthBytes = data.subarray(pos, pos + lenLen);\n if (lengthBytes.length !== lenLen)\n throw new E('tlv.decode: length bytes not complete');\n if (lengthBytes[0] === 0)\n throw new E('tlv.decode(long): zero leftmost byte');\n for (const b of lengthBytes)\n length = (length << 8) | b;\n pos += lenLen;\n if (length < 128)\n throw new E('tlv.decode(long): not minimal encoding');\n }\n const v = data.subarray(pos, pos + length);\n if (v.length !== length)\n throw new E('tlv.decode: wrong value length');\n return { v, l: data.subarray(pos + length) };\n },\n },\n // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,\n // since we always use positive integers here. It must always be empty:\n // - add zero byte if exists\n // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)\n _int: {\n encode(num) {\n const { Err: E } = DER;\n if (num < _0n)\n throw new E('integer: negative integers are not allowed');\n let hex = ut.numberToHexUnpadded(num);\n // Pad with zero byte if negative flag is present\n if (Number.parseInt(hex[0], 16) & 0b1000)\n hex = '00' + hex;\n if (hex.length & 1)\n throw new E('unexpected assertion');\n return hex;\n },\n decode(data) {\n const { Err: E } = DER;\n if (data[0] & 128)\n throw new E('Invalid signature integer: negative');\n if (data[0] === 0x00 && !(data[1] & 128))\n throw new E('Invalid signature integer: unnecessary leading zero');\n return b2n(data);\n },\n },\n toSig(hex) {\n // parse DER signature\n const { Err: E, _int: int, _tlv: tlv } = DER;\n const data = typeof hex === 'string' ? h2b(hex) : hex;\n ut.abytes(data);\n const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);\n if (seqLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);\n const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);\n if (sLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n return { r: int.decode(rBytes), s: int.decode(sBytes) };\n },\n hexFromSig(sig) {\n const { _tlv: tlv, _int: int } = DER;\n const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;\n return tlv.encode(0x30, seq);\n },\n};\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4);\nexport function weierstrassPoints(opts) {\n const CURVE = validatePointOpts(opts);\n const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ\n const Fn = mod.Field(CURVE.n, CURVE.nBitLength);\n const toBytes = CURVE.toBytes ||\n ((_c, point, _isCompressed) => {\n const a = point.toAffine();\n return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));\n });\n const fromBytes = CURVE.fromBytes ||\n ((bytes) => {\n // const head = bytes[0];\n const tail = bytes.subarray(1);\n // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n });\n /**\n * y² = x³ + ax + b: Short weierstrass curve formula\n * @returns y²\n */\n function weierstrassEquation(x) {\n const { a, b } = CURVE;\n const x2 = Fp.sqr(x); // x * x\n const x3 = Fp.mul(x2, x); // x2 * x\n return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b\n }\n // Validate whether the passed curve params are valid.\n // We check if curve equation works for generator point.\n // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381.\n // ProjectivePoint class has not been initialized yet.\n if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))\n throw new Error('bad generator point: equation left != right');\n // Valid group elements reside in range 1..n-1\n function isWithinCurveOrder(num) {\n return ut.inRange(num, _1n, CURVE.n);\n }\n // Validates if priv key is valid and converts it to bigint.\n // Supports options allowedPrivateKeyLengths and wrapPrivateKey.\n function normPrivateKeyToScalar(key) {\n const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;\n if (lengths && typeof key !== 'bigint') {\n if (ut.isBytes(key))\n key = ut.bytesToHex(key);\n // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes\n if (typeof key !== 'string' || !lengths.includes(key.length))\n throw new Error('Invalid key');\n key = key.padStart(nByteLength * 2, '0');\n }\n let num;\n try {\n num =\n typeof key === 'bigint'\n ? key\n : ut.bytesToNumberBE(ensureBytes('private key', key, nByteLength));\n }\n catch (error) {\n throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);\n }\n if (wrapPrivateKey)\n num = mod.mod(num, N); // disabled by default, enabled for BLS\n ut.aInRange('private key', num, _1n, N); // num in range [1..N-1]\n return num;\n }\n function assertPrjPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ProjectivePoint expected');\n }\n // Memoized toAffine / validity check. They are heavy. Points are immutable.\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n const toAffineMemo = memoized((p, iz) => {\n const { px: x, py: y, pz: z } = p;\n // Fast-path for normalized points\n if (Fp.eql(z, Fp.ONE))\n return { x, y };\n const is0 = p.is0();\n // If invZ was 0, we return zero point. However we still want to execute\n // all operations, so we replace invZ with a random number, 1.\n if (iz == null)\n iz = is0 ? Fp.ONE : Fp.inv(z);\n const ax = Fp.mul(x, iz);\n const ay = Fp.mul(y, iz);\n const zz = Fp.mul(z, iz);\n if (is0)\n return { x: Fp.ZERO, y: Fp.ZERO };\n if (!Fp.eql(zz, Fp.ONE))\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n // NOTE: on exception this will crash 'cached' and no value will be set.\n // Otherwise true will be return\n const assertValidMemo = memoized((p) => {\n if (p.is0()) {\n // (0, 1, 0) aka ZERO is invalid in most contexts.\n // In BLS, ZERO can be serialized, so we allow it.\n // (0, 0, 0) is wrong representation of ZERO and is always invalid.\n if (CURVE.allowInfinityPoint && !Fp.is0(p.py))\n return;\n throw new Error('bad point: ZERO');\n }\n // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`\n const { x, y } = p.toAffine();\n // Check if x, y are valid field elements\n if (!Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('bad point: x or y not FE');\n const left = Fp.sqr(y); // y²\n const right = weierstrassEquation(x); // x³ + ax + b\n if (!Fp.eql(left, right))\n throw new Error('bad point: equation left != right');\n if (!p.isTorsionFree())\n throw new Error('bad point: not in prime-order subgroup');\n return true;\n });\n /**\n * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)\n * Default Point works in 2d / affine coordinates: (x, y)\n * We're doing calculations in projective, because its operations don't require costly inversion.\n */\n class Point {\n constructor(px, py, pz) {\n this.px = px;\n this.py = py;\n this.pz = pz;\n if (px == null || !Fp.isValid(px))\n throw new Error('x required');\n if (py == null || !Fp.isValid(py))\n throw new Error('y required');\n if (pz == null || !Fp.isValid(pz))\n throw new Error('z required');\n Object.freeze(this);\n }\n // Does not validate if the point is on-curve.\n // Use fromHex instead, or call assertValidity() later.\n static fromAffine(p) {\n const { x, y } = p || {};\n if (!p || !Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('invalid affine point');\n if (p instanceof Point)\n throw new Error('projective point not allowed');\n const is0 = (i) => Fp.eql(i, Fp.ZERO);\n // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)\n if (is0(x) && is0(y))\n return Point.ZERO;\n return new Point(x, y, Fp.ONE);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n /**\n * Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n */\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.pz));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n /**\n * Converts hash string or Uint8Array to Point.\n * @param hex short/long ECDSA hex\n */\n static fromHex(hex) {\n const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));\n P.assertValidity();\n return P;\n }\n // Multiplies generator point by privateKey.\n static fromPrivateKey(privateKey) {\n return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // A point on curve is valid if it conforms to equation.\n assertValidity() {\n assertValidMemo(this);\n }\n hasEvenY() {\n const { y } = this.toAffine();\n if (Fp.isOdd)\n return !Fp.isOdd(y);\n throw new Error(\"Field doesn't support isOdd\");\n }\n /**\n * Compare one point to another.\n */\n equals(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));\n const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));\n return U1 && U2;\n }\n /**\n * Flips point to one corresponding to (x, -y) in Affine coordinates.\n */\n negate() {\n return new Point(this.px, Fp.neg(this.py), this.pz);\n }\n // Renes-Costello-Batina exception-free doubling formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 3\n // Cost: 8M + 3S + 3*a + 2*b3 + 15add.\n double() {\n const { a, b } = CURVE;\n const b3 = Fp.mul(b, _3n);\n const { px: X1, py: Y1, pz: Z1 } = this;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n let t0 = Fp.mul(X1, X1); // step 1\n let t1 = Fp.mul(Y1, Y1);\n let t2 = Fp.mul(Z1, Z1);\n let t3 = Fp.mul(X1, Y1);\n t3 = Fp.add(t3, t3); // step 5\n Z3 = Fp.mul(X1, Z1);\n Z3 = Fp.add(Z3, Z3);\n X3 = Fp.mul(a, Z3);\n Y3 = Fp.mul(b3, t2);\n Y3 = Fp.add(X3, Y3); // step 10\n X3 = Fp.sub(t1, Y3);\n Y3 = Fp.add(t1, Y3);\n Y3 = Fp.mul(X3, Y3);\n X3 = Fp.mul(t3, X3);\n Z3 = Fp.mul(b3, Z3); // step 15\n t2 = Fp.mul(a, t2);\n t3 = Fp.sub(t0, t2);\n t3 = Fp.mul(a, t3);\n t3 = Fp.add(t3, Z3);\n Z3 = Fp.add(t0, t0); // step 20\n t0 = Fp.add(Z3, t0);\n t0 = Fp.add(t0, t2);\n t0 = Fp.mul(t0, t3);\n Y3 = Fp.add(Y3, t0);\n t2 = Fp.mul(Y1, Z1); // step 25\n t2 = Fp.add(t2, t2);\n t0 = Fp.mul(t2, t3);\n X3 = Fp.sub(X3, t0);\n Z3 = Fp.mul(t2, t1);\n Z3 = Fp.add(Z3, Z3); // step 30\n Z3 = Fp.add(Z3, Z3);\n return new Point(X3, Y3, Z3);\n }\n // Renes-Costello-Batina exception-free addition formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 1\n // Cost: 12M + 0S + 3*a + 3*b3 + 23add.\n add(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n const a = CURVE.a;\n const b3 = Fp.mul(CURVE.b, _3n);\n let t0 = Fp.mul(X1, X2); // step 1\n let t1 = Fp.mul(Y1, Y2);\n let t2 = Fp.mul(Z1, Z2);\n let t3 = Fp.add(X1, Y1);\n let t4 = Fp.add(X2, Y2); // step 5\n t3 = Fp.mul(t3, t4);\n t4 = Fp.add(t0, t1);\n t3 = Fp.sub(t3, t4);\n t4 = Fp.add(X1, Z1);\n let t5 = Fp.add(X2, Z2); // step 10\n t4 = Fp.mul(t4, t5);\n t5 = Fp.add(t0, t2);\n t4 = Fp.sub(t4, t5);\n t5 = Fp.add(Y1, Z1);\n X3 = Fp.add(Y2, Z2); // step 15\n t5 = Fp.mul(t5, X3);\n X3 = Fp.add(t1, t2);\n t5 = Fp.sub(t5, X3);\n Z3 = Fp.mul(a, t4);\n X3 = Fp.mul(b3, t2); // step 20\n Z3 = Fp.add(X3, Z3);\n X3 = Fp.sub(t1, Z3);\n Z3 = Fp.add(t1, Z3);\n Y3 = Fp.mul(X3, Z3);\n t1 = Fp.add(t0, t0); // step 25\n t1 = Fp.add(t1, t0);\n t2 = Fp.mul(a, t2);\n t4 = Fp.mul(b3, t4);\n t1 = Fp.add(t1, t2);\n t2 = Fp.sub(t0, t2); // step 30\n t2 = Fp.mul(a, t2);\n t4 = Fp.add(t4, t2);\n t0 = Fp.mul(t1, t4);\n Y3 = Fp.add(Y3, t0);\n t0 = Fp.mul(t5, t4); // step 35\n X3 = Fp.mul(t3, X3);\n X3 = Fp.sub(X3, t0);\n t0 = Fp.mul(t3, t1);\n Z3 = Fp.mul(t5, Z3);\n Z3 = Fp.add(Z3, t0); // step 40\n return new Point(X3, Y3, Z3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n /**\n * Non-constant-time multiplication. Uses double-and-add algorithm.\n * It's faster, but should only be used when you don't care about\n * an exposed private key e.g. sig verification, which works over *public* keys.\n */\n multiplyUnsafe(sc) {\n ut.aInRange('scalar', sc, _0n, CURVE.n);\n const I = Point.ZERO;\n if (sc === _0n)\n return I;\n if (sc === _1n)\n return this;\n const { endo } = CURVE;\n if (!endo)\n return wnaf.unsafeLadder(this, sc);\n // Apply endomorphism\n let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);\n let k1p = I;\n let k2p = I;\n let d = this;\n while (k1 > _0n || k2 > _0n) {\n if (k1 & _1n)\n k1p = k1p.add(d);\n if (k2 & _1n)\n k2p = k2p.add(d);\n d = d.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n if (k1neg)\n k1p = k1p.negate();\n if (k2neg)\n k2p = k2p.negate();\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n return k1p.add(k2p);\n }\n /**\n * Constant time multiplication.\n * Uses wNAF method. Windowed method may be 10% faster,\n * but takes 2x longer to generate and consumes 2x memory.\n * Uses precomputes when available.\n * Uses endomorphism for Koblitz curves.\n * @param scalar by which the point would be multiplied\n * @returns New point\n */\n multiply(scalar) {\n const { endo, n: N } = CURVE;\n ut.aInRange('scalar', scalar, _1n, N);\n let point, fake; // Fake point is used to const-time mult\n if (endo) {\n const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);\n let { p: k1p, f: f1p } = this.wNAF(k1);\n let { p: k2p, f: f2p } = this.wNAF(k2);\n k1p = wnaf.constTimeNegate(k1neg, k1p);\n k2p = wnaf.constTimeNegate(k2neg, k2p);\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n point = k1p.add(k2p);\n fake = f1p.add(f2p);\n }\n else {\n const { p, f } = this.wNAF(scalar);\n point = p;\n fake = f;\n }\n // Normalize `z` for both points, but return only real one\n return Point.normalizeZ([point, fake])[0];\n }\n /**\n * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.\n * Not using Strauss-Shamir trick: precomputation tables are faster.\n * The trick could be useful if both P and Q are not G (not in our case).\n * @returns non-zero affine point\n */\n multiplyAndAddUnsafe(Q, a, b) {\n const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes\n const mul = (P, a // Select faster multiply() method\n ) => (a === _0n || a === _1n || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));\n const sum = mul(this, a).add(mul(Q, b));\n return sum.is0() ? undefined : sum;\n }\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n isTorsionFree() {\n const { h: cofactor, isTorsionFree } = CURVE;\n if (cofactor === _1n)\n return true; // No subgroups, always torsion-free\n if (isTorsionFree)\n return isTorsionFree(Point, this);\n throw new Error('isTorsionFree() has not been declared for the elliptic curve');\n }\n clearCofactor() {\n const { h: cofactor, clearCofactor } = CURVE;\n if (cofactor === _1n)\n return this; // Fast-path\n if (clearCofactor)\n return clearCofactor(Point, this);\n return this.multiplyUnsafe(CURVE.h);\n }\n toRawBytes(isCompressed = true) {\n abool('isCompressed', isCompressed);\n this.assertValidity();\n return toBytes(Point, this, isCompressed);\n }\n toHex(isCompressed = true) {\n abool('isCompressed', isCompressed);\n return ut.bytesToHex(this.toRawBytes(isCompressed));\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);\n Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO);\n const _bits = CURVE.nBitLength;\n const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits);\n // Validate if generator point is on curve\n return {\n CURVE,\n ProjectivePoint: Point,\n normPrivateKeyToScalar,\n weierstrassEquation,\n isWithinCurveOrder,\n };\n}\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n hash: 'hash',\n hmac: 'function',\n randomBytes: 'function',\n }, {\n bits2int: 'function',\n bits2int_modN: 'function',\n lowS: 'boolean',\n });\n return Object.freeze({ lowS: true, ...opts });\n}\n/**\n * Creates short weierstrass curve and ECDSA signature methods for it.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, b, p, n, Gx, Gy\n * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })\n */\nexport function weierstrass(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER } = CURVE;\n const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32\n const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32\n function modN(a) {\n return mod.mod(a, CURVE_ORDER);\n }\n function invN(a) {\n return mod.invert(a, CURVE_ORDER);\n }\n const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({\n ...CURVE,\n toBytes(_c, point, isCompressed) {\n const a = point.toAffine();\n const x = Fp.toBytes(a.x);\n const cat = ut.concatBytes;\n abool('isCompressed', isCompressed);\n if (isCompressed) {\n return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);\n }\n else {\n return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));\n }\n },\n fromBytes(bytes) {\n const len = bytes.length;\n const head = bytes[0];\n const tail = bytes.subarray(1);\n // this.assertValidity() is done inside of fromHex\n if (len === compressedLen && (head === 0x02 || head === 0x03)) {\n const x = ut.bytesToNumberBE(tail);\n if (!ut.inRange(x, _1n, Fp.ORDER))\n throw new Error('Point is not on curve');\n const y2 = weierstrassEquation(x); // y² = x³ + ax + b\n let y;\n try {\n y = Fp.sqrt(y2); // y = y² ^ (p+1)/4\n }\n catch (sqrtError) {\n const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';\n throw new Error('Point is not on curve' + suffix);\n }\n const isYOdd = (y & _1n) === _1n;\n // ECDSA\n const isHeadOdd = (head & 1) === 1;\n if (isHeadOdd !== isYOdd)\n y = Fp.neg(y);\n return { x, y };\n }\n else if (len === uncompressedLen && head === 0x04) {\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n }\n else {\n throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);\n }\n },\n });\n const numToNByteStr = (num) => ut.bytesToHex(ut.numberToBytesBE(num, CURVE.nByteLength));\n function isBiggerThanHalfOrder(number) {\n const HALF = CURVE_ORDER >> _1n;\n return number > HALF;\n }\n function normalizeS(s) {\n return isBiggerThanHalfOrder(s) ? modN(-s) : s;\n }\n // slice bytes num\n const slcNum = (b, from, to) => ut.bytesToNumberBE(b.slice(from, to));\n /**\n * ECDSA signature with its (r, s) properties. Supports DER & compact representations.\n */\n class Signature {\n constructor(r, s, recovery) {\n this.r = r;\n this.s = s;\n this.recovery = recovery;\n this.assertValidity();\n }\n // pair (bytes of r, bytes of s)\n static fromCompact(hex) {\n const l = CURVE.nByteLength;\n hex = ensureBytes('compactSignature', hex, l * 2);\n return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));\n }\n // DER encoded ECDSA signature\n // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script\n static fromDER(hex) {\n const { r, s } = DER.toSig(ensureBytes('DER', hex));\n return new Signature(r, s);\n }\n assertValidity() {\n ut.aInRange('r', this.r, _1n, CURVE_ORDER); // r in [1..N]\n ut.aInRange('s', this.s, _1n, CURVE_ORDER); // s in [1..N]\n }\n addRecoveryBit(recovery) {\n return new Signature(this.r, this.s, recovery);\n }\n recoverPublicKey(msgHash) {\n const { r, s, recovery: rec } = this;\n const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash\n if (rec == null || ![0, 1, 2, 3].includes(rec))\n throw new Error('recovery id invalid');\n const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;\n if (radj >= Fp.ORDER)\n throw new Error('recovery id 2 or 3 invalid');\n const prefix = (rec & 1) === 0 ? '02' : '03';\n const R = Point.fromHex(prefix + numToNByteStr(radj));\n const ir = invN(radj); // r^-1\n const u1 = modN(-h * ir); // -hr^-1\n const u2 = modN(s * ir); // sr^-1\n const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n if (!Q)\n throw new Error('point at infinify'); // unsafe is fine: no priv data leaked\n Q.assertValidity();\n return Q;\n }\n // Signatures should be low-s, to prevent malleability.\n hasHighS() {\n return isBiggerThanHalfOrder(this.s);\n }\n normalizeS() {\n return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;\n }\n // DER-encoded\n toDERRawBytes() {\n return ut.hexToBytes(this.toDERHex());\n }\n toDERHex() {\n return DER.hexFromSig({ r: this.r, s: this.s });\n }\n // padded bytes of r, then padded bytes of s\n toCompactRawBytes() {\n return ut.hexToBytes(this.toCompactHex());\n }\n toCompactHex() {\n return numToNByteStr(this.r) + numToNByteStr(this.s);\n }\n }\n const utils = {\n isValidPrivateKey(privateKey) {\n try {\n normPrivateKeyToScalar(privateKey);\n return true;\n }\n catch (error) {\n return false;\n }\n },\n normPrivateKeyToScalar: normPrivateKeyToScalar,\n /**\n * Produces cryptographically secure private key from random of size\n * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.\n */\n randomPrivateKey: () => {\n const length = mod.getMinHashLength(CURVE.n);\n return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);\n },\n /**\n * Creates precompute table for an arbitrary EC point. Makes point \"cached\".\n * Allows to massively speed-up `point.multiply(scalar)`.\n * @returns cached point\n * @example\n * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));\n * fast.multiply(privKey); // much faster ECDH now\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here\n return point;\n },\n };\n /**\n * Computes public key for a private key. Checks for validity of the private key.\n * @param privateKey private key\n * @param isCompressed whether to return compact (default), or full key\n * @returns Public key, full when isCompressed=false; short when isCompressed=true\n */\n function getPublicKey(privateKey, isCompressed = true) {\n return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);\n }\n /**\n * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.\n */\n function isProbPub(item) {\n const arr = ut.isBytes(item);\n const str = typeof item === 'string';\n const len = (arr || str) && item.length;\n if (arr)\n return len === compressedLen || len === uncompressedLen;\n if (str)\n return len === 2 * compressedLen || len === 2 * uncompressedLen;\n if (item instanceof Point)\n return true;\n return false;\n }\n /**\n * ECDH (Elliptic Curve Diffie Hellman).\n * Computes shared public key from private key and public key.\n * Checks: 1) private key validity 2) shared key is on-curve.\n * Does NOT hash the result.\n * @param privateA private key\n * @param publicB different public key\n * @param isCompressed whether to return compact (default), or full key\n * @returns shared public key\n */\n function getSharedSecret(privateA, publicB, isCompressed = true) {\n if (isProbPub(privateA))\n throw new Error('first arg must be private key');\n if (!isProbPub(publicB))\n throw new Error('second arg must be public key');\n const b = Point.fromHex(publicB); // check for being on-curve\n return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);\n }\n // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.\n // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.\n // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.\n // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors\n const bits2int = CURVE.bits2int ||\n function (bytes) {\n // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)\n // for some cases, since bytes.length * 8 is not actual bitLength.\n const num = ut.bytesToNumberBE(bytes); // check for == u8 done here\n const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits\n return delta > 0 ? num >> BigInt(delta) : num;\n };\n const bits2int_modN = CURVE.bits2int_modN ||\n function (bytes) {\n return modN(bits2int(bytes)); // can't use bytesToNumberBE here\n };\n // NOTE: pads output with zero as per spec\n const ORDER_MASK = ut.bitMask(CURVE.nBitLength);\n /**\n * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.\n */\n function int2octets(num) {\n ut.aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);\n // works with order, can have different size than numToField!\n return ut.numberToBytesBE(num, CURVE.nByteLength);\n }\n // Steps A, D of RFC6979 3.2\n // Creates RFC6979 seed; converts msg/privKey to numbers.\n // Used only in sign, not in verify.\n // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.\n // Also it can be bigger for P224 + SHA256\n function prepSig(msgHash, privateKey, opts = defaultSigOpts) {\n if (['recovered', 'canonical'].some((k) => k in opts))\n throw new Error('sign() legacy options not supported');\n const { hash, randomBytes } = CURVE;\n let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default\n if (lowS == null)\n lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash\n msgHash = ensureBytes('msgHash', msgHash);\n validateSigVerOpts(opts);\n if (prehash)\n msgHash = ensureBytes('prehashed msgHash', hash(msgHash));\n // We can't later call bits2octets, since nested bits2int is broken for curves\n // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.\n // const bits2octets = (bits) => int2octets(bits2int_modN(bits))\n const h1int = bits2int_modN(msgHash);\n const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint\n const seedArgs = [int2octets(d), int2octets(h1int)];\n // extraEntropy. RFC6979 3.6: additional k' (optional).\n if (ent != null && ent !== false) {\n // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is\n seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes\n }\n const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2\n const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!\n // Converts signature params into point w r/s, checks result for validity.\n function k2sig(kBytes) {\n // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n const k = bits2int(kBytes); // Cannot use fields methods, since it is group element\n if (!isWithinCurveOrder(k))\n return; // Important: all mod() calls here must be done over N\n const ik = invN(k); // k^-1 mod n\n const q = Point.BASE.multiply(k).toAffine(); // q = Gk\n const r = modN(q.x); // r = q.x mod n\n if (r === _0n)\n return;\n // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to\n // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:\n // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT\n const s = modN(ik * modN(m + r * d)); // Not using blinding here\n if (s === _0n)\n return;\n let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)\n let normS = s;\n if (lowS && isBiggerThanHalfOrder(s)) {\n normS = normalizeS(s); // if lowS was passed, ensure s is always\n recovery ^= 1; // // in the bottom half of N\n }\n return new Signature(r, normS, recovery); // use normS, not s\n }\n return { seed, k2sig };\n }\n const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };\n const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };\n /**\n * Signs message hash with a private key.\n * ```\n * sign(m, d, k) where\n * (x, y) = G × k\n * r = x mod n\n * s = (m + dr)/k mod n\n * ```\n * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.\n * @param privKey private key\n * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.\n * @returns signature with recovery param\n */\n function sign(msgHash, privKey, opts = defaultSigOpts) {\n const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.\n const C = CURVE;\n const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);\n return drbg(seed, k2sig); // Steps B, C, D, E, F, G\n }\n // Enable precomputes. Slows down first publicKey computation by 20ms.\n Point.BASE._setWindowSize(8);\n // utils.precompute(8, ProjectivePoint.BASE)\n /**\n * Verifies a signature against message hash and public key.\n * Rejects lowS signatures by default: to override,\n * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf:\n *\n * ```\n * verify(r, s, h, P) where\n * U1 = hs^-1 mod n\n * U2 = rs^-1 mod n\n * R = U1⋅G - U2⋅P\n * mod(R.x, n) == r\n * ```\n */\n function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {\n const sg = signature;\n msgHash = ensureBytes('msgHash', msgHash);\n publicKey = ensureBytes('publicKey', publicKey);\n if ('strict' in opts)\n throw new Error('options.strict was renamed to lowS');\n validateSigVerOpts(opts);\n const { lowS, prehash } = opts;\n let _sig = undefined;\n let P;\n try {\n if (typeof sg === 'string' || ut.isBytes(sg)) {\n // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).\n // Since DER can also be 2*nByteLength bytes, we check for it first.\n try {\n _sig = Signature.fromDER(sg);\n }\n catch (derError) {\n if (!(derError instanceof DER.Err))\n throw derError;\n _sig = Signature.fromCompact(sg);\n }\n }\n else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {\n const { r, s } = sg;\n _sig = new Signature(r, s);\n }\n else {\n throw new Error('PARSE');\n }\n P = Point.fromHex(publicKey);\n }\n catch (error) {\n if (error.message === 'PARSE')\n throw new Error(`signature must be Signature instance, Uint8Array or hex string`);\n return false;\n }\n if (lowS && _sig.hasHighS())\n return false;\n if (prehash)\n msgHash = CURVE.hash(msgHash);\n const { r, s } = _sig;\n const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element\n const is = invN(s); // s^-1\n const u1 = modN(h * is); // u1 = hs^-1 mod n\n const u2 = modN(r * is); // u2 = rs^-1 mod n\n const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P\n if (!R)\n return false;\n const v = modN(R.x);\n return v === r;\n }\n return {\n CURVE,\n getPublicKey,\n getSharedSecret,\n sign,\n verify,\n ProjectivePoint: Point,\n Signature,\n utils,\n };\n}\n/**\n * Implementation of the Shallue and van de Woestijne method for any weierstrass curve.\n * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.\n * b = True and y = sqrt(u / v) if (u / v) is square in F, and\n * b = False and y = sqrt(Z * (u / v)) otherwise.\n * @param Fp\n * @param Z\n * @returns\n */\nexport function SWUFpSqrtRatio(Fp, Z) {\n // Generic implementation\n const q = Fp.ORDER;\n let l = _0n;\n for (let o = q - _1n; o % _2n === _0n; o /= _2n)\n l += _1n;\n const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.\n // We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.\n // 2n ** c1 == 2n << (c1-1)\n const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);\n const _2n_pow_c1 = _2n_pow_c1_1 * _2n;\n const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic\n const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic\n const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic\n const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic\n const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2\n const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)\n let sqrtRatio = (u, v) => {\n let tv1 = c6; // 1. tv1 = c6\n let tv2 = Fp.pow(v, c4); // 2. tv2 = v^c4\n let tv3 = Fp.sqr(tv2); // 3. tv3 = tv2^2\n tv3 = Fp.mul(tv3, v); // 4. tv3 = tv3 * v\n let tv5 = Fp.mul(u, tv3); // 5. tv5 = u * tv3\n tv5 = Fp.pow(tv5, c3); // 6. tv5 = tv5^c3\n tv5 = Fp.mul(tv5, tv2); // 7. tv5 = tv5 * tv2\n tv2 = Fp.mul(tv5, v); // 8. tv2 = tv5 * v\n tv3 = Fp.mul(tv5, u); // 9. tv3 = tv5 * u\n let tv4 = Fp.mul(tv3, tv2); // 10. tv4 = tv3 * tv2\n tv5 = Fp.pow(tv4, c5); // 11. tv5 = tv4^c5\n let isQR = Fp.eql(tv5, Fp.ONE); // 12. isQR = tv5 == 1\n tv2 = Fp.mul(tv3, c7); // 13. tv2 = tv3 * c7\n tv5 = Fp.mul(tv4, tv1); // 14. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, isQR); // 15. tv3 = CMOV(tv2, tv3, isQR)\n tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)\n // 17. for i in (c1, c1 - 1, ..., 2):\n for (let i = c1; i > _1n; i--) {\n let tv5 = i - _2n; // 18. tv5 = i - 2\n tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5\n let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5\n const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1\n tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1\n tv1 = Fp.mul(tv1, tv1); // 23. tv1 = tv1 * tv1\n tvv5 = Fp.mul(tv4, tv1); // 24. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, e1); // 25. tv3 = CMOV(tv2, tv3, e1)\n tv4 = Fp.cmov(tvv5, tv4, e1); // 26. tv4 = CMOV(tv5, tv4, e1)\n }\n return { isValid: isQR, value: tv3 };\n };\n if (Fp.ORDER % _4n === _3n) {\n // sqrt_ratio_3mod4(u, v)\n const c1 = (Fp.ORDER - _3n) / _4n; // 1. c1 = (q - 3) / 4 # Integer arithmetic\n const c2 = Fp.sqrt(Fp.neg(Z)); // 2. c2 = sqrt(-Z)\n sqrtRatio = (u, v) => {\n let tv1 = Fp.sqr(v); // 1. tv1 = v^2\n const tv2 = Fp.mul(u, v); // 2. tv2 = u * v\n tv1 = Fp.mul(tv1, tv2); // 3. tv1 = tv1 * tv2\n let y1 = Fp.pow(tv1, c1); // 4. y1 = tv1^c1\n y1 = Fp.mul(y1, tv2); // 5. y1 = y1 * tv2\n const y2 = Fp.mul(y1, c2); // 6. y2 = y1 * c2\n const tv3 = Fp.mul(Fp.sqr(y1), v); // 7. tv3 = y1^2; 8. tv3 = tv3 * v\n const isQR = Fp.eql(tv3, u); // 9. isQR = tv3 == u\n let y = Fp.cmov(y2, y1, isQR); // 10. y = CMOV(y2, y1, isQR)\n return { isValid: isQR, value: y }; // 11. return (isQR, y) isQR ? y : y*c2\n };\n }\n // No curves uses that\n // if (Fp.ORDER % _8n === _5n) // sqrt_ratio_5mod8\n return sqrtRatio;\n}\n/**\n * Simplified Shallue-van de Woestijne-Ulas Method\n * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2\n */\nexport function mapToCurveSimpleSWU(Fp, opts) {\n mod.validateField(Fp);\n if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))\n throw new Error('mapToCurveSimpleSWU: invalid opts');\n const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);\n if (!Fp.isOdd)\n throw new Error('Fp.isOdd is not implemented!');\n // Input: u, an element of F.\n // Output: (x, y), a point on E.\n return (u) => {\n // prettier-ignore\n let tv1, tv2, tv3, tv4, tv5, tv6, x, y;\n tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, opts.Z); // 2. tv1 = Z * tv1\n tv2 = Fp.sqr(tv1); // 3. tv2 = tv1^2\n tv2 = Fp.add(tv2, tv1); // 4. tv2 = tv2 + tv1\n tv3 = Fp.add(tv2, Fp.ONE); // 5. tv3 = tv2 + 1\n tv3 = Fp.mul(tv3, opts.B); // 6. tv3 = B * tv3\n tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO)); // 7. tv4 = CMOV(Z, -tv2, tv2 != 0)\n tv4 = Fp.mul(tv4, opts.A); // 8. tv4 = A * tv4\n tv2 = Fp.sqr(tv3); // 9. tv2 = tv3^2\n tv6 = Fp.sqr(tv4); // 10. tv6 = tv4^2\n tv5 = Fp.mul(tv6, opts.A); // 11. tv5 = A * tv6\n tv2 = Fp.add(tv2, tv5); // 12. tv2 = tv2 + tv5\n tv2 = Fp.mul(tv2, tv3); // 13. tv2 = tv2 * tv3\n tv6 = Fp.mul(tv6, tv4); // 14. tv6 = tv6 * tv4\n tv5 = Fp.mul(tv6, opts.B); // 15. tv5 = B * tv6\n tv2 = Fp.add(tv2, tv5); // 16. tv2 = tv2 + tv5\n x = Fp.mul(tv1, tv3); // 17. x = tv1 * tv3\n const { isValid, value } = sqrtRatio(tv2, tv6); // 18. (is_gx1_square, y1) = sqrt_ratio(tv2, tv6)\n y = Fp.mul(tv1, u); // 19. y = tv1 * u -> Z * u^3 * y1\n y = Fp.mul(y, value); // 20. y = y * y1\n x = Fp.cmov(x, tv3, isValid); // 21. x = CMOV(x, tv3, is_gx1_square)\n y = Fp.cmov(y, value, isValid); // 22. y = CMOV(y, y1, is_gx1_square)\n const e1 = Fp.isOdd(u) === Fp.isOdd(y); // 23. e1 = sgn0(u) == sgn0(y)\n y = Fp.cmov(Fp.neg(y), y, e1); // 24. y = CMOV(-y, y, e1)\n x = Fp.div(x, tv4); // 25. x = x / tv4\n return { x, y };\n };\n}\n//# sourceMappingURL=weierstrass.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { hmac } from '@noble/hashes/hmac';\nimport { concatBytes, randomBytes } from '@noble/hashes/utils';\nimport { weierstrass } from './abstract/weierstrass.js';\n// connects noble-curves to noble-hashes\nexport function getHash(hash) {\n return {\n hash,\n hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),\n randomBytes,\n };\n}\nexport function createCurve(curveDef, defHash) {\n const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });\n return Object.freeze({ ...create(defHash), create });\n}\n//# sourceMappingURL=_shortw_utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp256r1 aka p256\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256\nconst Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));\nconst CURVE_A = Fp.create(BigInt('-3'));\nconst CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');\n// prettier-ignore\nexport const p256 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n\n // Curve order, total count of valid points in the field\n n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),\n Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),\n h: BigInt(1),\n lowS: false,\n}, sha256);\nexport const secp256r1 = p256;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-10')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P256_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p256.js.map","const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\n// We are not using BigUint64Array, because they are extremely slow as per 2022\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };\n}\nfunction split(lst, le = false) {\n let Ah = new Uint32Array(lst.length);\n let Al = new Uint32Array(lst.length);\n for (let i = 0; i < lst.length; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { fromBig, split, toBig, shrSH, shrSL, rotrSH, rotrSL, rotrBH, rotrBL, rotr32H, rotr32L, rotlSH, rotlSL, rotlBH, rotlBL, add, add3L, add3H, add4L, add4H, add5H, add5L, };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map","import { HashMD } from './_md.js';\nimport u64 from './_u64.js';\nimport { wrapConstructor } from './utils.js';\n// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):\n// prettier-ignore\nconst [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([\n '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\n// Temporary buffer, not used to store anything between runs\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA512 extends HashMD {\n constructor() {\n super(128, 64, 16, false);\n // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.\n // Also looks cleaner and easier to verify with spec.\n // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x6a09e667 | 0;\n this.Al = 0xf3bcc908 | 0;\n this.Bh = 0xbb67ae85 | 0;\n this.Bl = 0x84caa73b | 0;\n this.Ch = 0x3c6ef372 | 0;\n this.Cl = 0xfe94f82b | 0;\n this.Dh = 0xa54ff53a | 0;\n this.Dl = 0x5f1d36f1 | 0;\n this.Eh = 0x510e527f | 0;\n this.El = 0xade682d1 | 0;\n this.Fh = 0x9b05688c | 0;\n this.Fl = 0x2b3e6c1f | 0;\n this.Gh = 0x1f83d9ab | 0;\n this.Gl = 0xfb41bd6b | 0;\n this.Hh = 0x5be0cd19 | 0;\n this.Hl = 0x137e2179 | 0;\n }\n // prettier-ignore\n get() {\n const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n }\n // prettier-ignore\n set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {\n this.Ah = Ah | 0;\n this.Al = Al | 0;\n this.Bh = Bh | 0;\n this.Bl = Bl | 0;\n this.Ch = Ch | 0;\n this.Cl = Cl | 0;\n this.Dh = Dh | 0;\n this.Dl = Dl | 0;\n this.Eh = Eh | 0;\n this.El = El | 0;\n this.Fh = Fh | 0;\n this.Fl = Fl | 0;\n this.Gh = Gh | 0;\n this.Gl = Gl | 0;\n this.Hh = Hh | 0;\n this.Hl = Hl | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4) {\n SHA512_W_H[i] = view.getUint32(offset);\n SHA512_W_L[i] = view.getUint32((offset += 4));\n }\n for (let i = 16; i < 80; i++) {\n // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n const W15h = SHA512_W_H[i - 15] | 0;\n const W15l = SHA512_W_L[i - 15] | 0;\n const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n const W2h = SHA512_W_H[i - 2] | 0;\n const W2l = SHA512_W_L[i - 2] | 0;\n const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];\n const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n SHA512_W_H[i] = SUMh | 0;\n SHA512_W_L[i] = SUMl | 0;\n }\n let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n // Compression function main loop, 80 rounds\n for (let i = 0; i < 80; i++) {\n // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n const CHIl = (El & Fl) ^ (~El & Gl);\n // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n // prettier-ignore\n const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n const T1l = T1ll | 0;\n // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n Hh = Gh | 0;\n Hl = Gl | 0;\n Gh = Fh | 0;\n Gl = Fl | 0;\n Fh = Eh | 0;\n Fl = El | 0;\n ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n Dh = Ch | 0;\n Dl = Cl | 0;\n Ch = Bh | 0;\n Cl = Bl | 0;\n Bh = Ah | 0;\n Bl = Al | 0;\n const All = u64.add3L(T1l, sigma0l, MAJl);\n Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n Al = All | 0;\n }\n // Add the compressed chunk to the current hash value\n ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n }\n roundClean() {\n SHA512_W_H.fill(0);\n SHA512_W_L.fill(0);\n }\n destroy() {\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n }\n}\nexport class SHA512_224 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x8c3d37c8 | 0;\n this.Al = 0x19544da2 | 0;\n this.Bh = 0x73e19966 | 0;\n this.Bl = 0x89dcd4d6 | 0;\n this.Ch = 0x1dfab7ae | 0;\n this.Cl = 0x32ff9c82 | 0;\n this.Dh = 0x679dd514 | 0;\n this.Dl = 0x582f9fcf | 0;\n this.Eh = 0x0f6d2b69 | 0;\n this.El = 0x7bd44da8 | 0;\n this.Fh = 0x77e36f73 | 0;\n this.Fl = 0x04c48942 | 0;\n this.Gh = 0x3f9d85a8 | 0;\n this.Gl = 0x6a1d36c8 | 0;\n this.Hh = 0x1112e6ad | 0;\n this.Hl = 0x91d692a1 | 0;\n this.outputLen = 28;\n }\n}\nexport class SHA512_256 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x22312194 | 0;\n this.Al = 0xfc2bf72c | 0;\n this.Bh = 0x9f555fa3 | 0;\n this.Bl = 0xc84c64c2 | 0;\n this.Ch = 0x2393b86b | 0;\n this.Cl = 0x6f53b151 | 0;\n this.Dh = 0x96387719 | 0;\n this.Dl = 0x5940eabd | 0;\n this.Eh = 0x96283ee2 | 0;\n this.El = 0xa88effe3 | 0;\n this.Fh = 0xbe5e1e25 | 0;\n this.Fl = 0x53863992 | 0;\n this.Gh = 0x2b0199fc | 0;\n this.Gl = 0x2c85b8aa | 0;\n this.Hh = 0x0eb72ddc | 0;\n this.Hl = 0x81c52ca2 | 0;\n this.outputLen = 32;\n }\n}\nexport class SHA384 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0xcbbb9d5d | 0;\n this.Al = 0xc1059ed8 | 0;\n this.Bh = 0x629a292a | 0;\n this.Bl = 0x367cd507 | 0;\n this.Ch = 0x9159015a | 0;\n this.Cl = 0x3070dd17 | 0;\n this.Dh = 0x152fecd8 | 0;\n this.Dl = 0xf70e5939 | 0;\n this.Eh = 0x67332667 | 0;\n this.El = 0xffc00b31 | 0;\n this.Fh = 0x8eb44a87 | 0;\n this.Fl = 0x68581511 | 0;\n this.Gh = 0xdb0c2e0d | 0;\n this.Gl = 0x64f98fa7 | 0;\n this.Hh = 0x47b5481d | 0;\n this.Hl = 0xbefa4fa4 | 0;\n this.outputLen = 48;\n }\n}\nexport const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());\nexport const sha512_224 = /* @__PURE__ */ wrapConstructor(() => new SHA512_224());\nexport const sha512_256 = /* @__PURE__ */ wrapConstructor(() => new SHA512_256());\nexport const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384());\n//# sourceMappingURL=sha512.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha384 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp384r1 aka p384\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');\nconst Fp = Field(P);\nconst CURVE_A = Fp.create(BigInt('-3'));\n// prettier-ignore\nconst CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');\n// prettier-ignore\nexport const p384 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n\n // Curve order, total count of valid points in the field.\n n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),\n // Base (generator) point (x, y)\n Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),\n Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),\n h: BigInt(1),\n lowS: false,\n}, sha384);\nexport const secp384r1 = p384;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-12')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P384_XMD:SHA-384_SSWU_RO_',\n encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 192,\n expand: 'xmd',\n hash: sha384,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p384.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha512 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp521r1 aka p521\n// Note that it's 521, which differs from 512 of its hash function.\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst Fp = Field(P);\nconst CURVE = {\n a: Fp.create(BigInt('-3')),\n b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),\n Fp,\n n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),\n Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),\n Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),\n h: BigInt(1),\n};\n// prettier-ignore\nexport const p521 = createCurve({\n a: CURVE.a, // Equation params: a, b\n b: CURVE.b,\n Fp, // Field: 2n**521n - 1n\n // Curve order, total count of valid points in the field\n n: CURVE.n,\n Gx: CURVE.Gx, // Base point (x, y) aka generator point\n Gy: CURVE.Gy,\n h: CURVE.h,\n lowS: false,\n allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b\n}, sha512);\nexport const secp521r1 = p521;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE.a,\n B: CURVE.b,\n Z: Fp.create(BigInt('-4')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P521_XMD:SHA-512_SSWU_RO_',\n encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 256,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p521.js.map","import { bytes, exists, number, output } from './_assert.js';\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';\nimport { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';\n// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.\n// It's called a sponge function.\n// Various per round constants calculations\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nconst _7n = /* @__PURE__ */ BigInt(7);\nconst _256n = /* @__PURE__ */ BigInt(256);\nconst _0x71n = /* @__PURE__ */ BigInt(0x71);\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true);\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n// Same as keccakf1600, but allows to skip some rounds\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n B.fill(0);\n}\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n // Can be passed from user as dkLen\n number(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n if (0 >= this.blockLen || this.blockLen >= 200)\n throw new Error('Sha3 supports only keccak-f1600 function');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n keccak() {\n if (!isLE)\n byteSwap32(this.state32);\n keccakP(this.state32, this.rounds);\n if (!isLE)\n byteSwap32(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n exists(this);\n const { blockLen, state } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n exists(this, false);\n bytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n number(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n output(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n this.state.fill(0);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));\nexport const sha3_224 = /* @__PURE__ */ gen(0x06, 144, 224 / 8);\n/**\n * SHA3-256 hash function\n * @param message - that would be hashed\n */\nexport const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8);\nexport const sha3_384 = /* @__PURE__ */ gen(0x06, 104, 384 / 8);\nexport const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8);\nexport const keccak_224 = /* @__PURE__ */ gen(0x01, 144, 224 / 8);\n/**\n * keccak-256 hash function. Different from SHA3-256.\n * @param message - that would be hashed\n */\nexport const keccak_256 = /* @__PURE__ */ gen(0x01, 136, 256 / 8);\nexport const keccak_384 = /* @__PURE__ */ gen(0x01, 104, 384 / 8);\nexport const keccak_512 = /* @__PURE__ */ gen(0x01, 72, 512 / 8);\nconst genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\nexport const shake128 = /* @__PURE__ */ genShake(0x1f, 168, 128 / 8);\nexport const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8);\n//# sourceMappingURL=sha3.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport { mod, Field } from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/**\n * Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n */\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n const MASK = _2n << (BigInt(nByteLength * 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio ||\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP\n const domain = CURVE.domain ||\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length || phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n) {\n ut.aInRange('coordinate ' + title, n, _0n, MASK);\n }\n function assertPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T\n const XY = modP(X * Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez);\n aCoordinate('t', et);\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p || {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n assertPoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1*a + 6add + 1*2.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12\n const D = modP(a * A); // D = a*A\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1*a + 1*d + 7add.\n add(other) {\n assertPoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n // Faster algo for adding 2 Extended Points when curve's a=-1.\n // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4\n // Cost: 8M + 8add + 2*2.\n // Note: It does not check whether the `other` point is valid.\n if (a === BigInt(-1)) {\n const A = modP((Y1 - X1) * (Y2 + X2));\n const B = modP((Y1 + X1) * (Y2 - X2));\n const F = modP(B - A);\n if (F === _0n)\n return this.double(); // Same point. Tests say it doesn't affect timing\n const C = modP(Z1 * _2n * T2);\n const D = modP(T1 * _2n * Z2);\n const E = D + C;\n const G = B + A;\n const H = D - C;\n const X3 = modP(E * F);\n const Y3 = modP(G * H);\n const T3 = modP(E * H);\n const Z3 = modP(F * G);\n return new Point(X3, Y3, Z3, T3);\n }\n const A = modP(X1 * X2); // A = X1*X2\n const B = modP(Y1 * Y2); // B = Y1*Y2\n const C = modP(T1 * d * T2); // C = T1*d*T2\n const D = modP(Z1 * Z2); // D = Z1*Z2\n const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a * A); // H = B-a*A\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n multiplyUnsafe(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.equals(I) || n === _1n)\n return this;\n if (this.equals(G))\n return this.wNAF(n).p;\n return wnaf.unsafeLadder(this, n);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = ut.bytesToNumberLE(normed);\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n ut.aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n return getExtendedPublicKey(privKey).point;\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(ut.bytesToNumberLE(hash));\n }\n /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */\n function getExtendedPublicKey(key) {\n const len = nByteLength;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) || msgs)) mod N\n function hashDomainToScalar(context = new Uint8Array(), ...msgs) {\n const msg = ut.concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 */\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)\n const s = modN(r + k * scalar); // S = (r + k * s) mod L\n ut.aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, nByteLength * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));\n // zip215: true is good for consensus-critical apps and allows points < 2^256\n // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p\n let A, R, SB;\n try {\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /**\n * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { mod, pow } from './modular.js';\nimport { aInRange, bytesToNumberLE, ensureBytes, numberToBytesLE, validateObject, } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction validateOpts(curve) {\n validateObject(curve, {\n a: 'bigint',\n }, {\n montgomeryBits: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n adjustScalarBytes: 'function',\n domain: 'function',\n powPminus2: 'function',\n Gu: 'bigint',\n });\n // Set defaults\n return Object.freeze({ ...curve });\n}\n// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748)\n// Uses only one coordinate instead of two\nexport function montgomery(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { P } = CURVE;\n const modP = (n) => mod(n, P);\n const montgomeryBits = CURVE.montgomeryBits;\n const montgomeryBytes = Math.ceil(montgomeryBits / 8);\n const fieldLen = CURVE.nByteLength;\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes);\n const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P));\n // cswap from RFC7748. But it is not from RFC7748!\n /*\n cswap(swap, x_2, x_3):\n dummy = mask(swap) AND (x_2 XOR x_3)\n x_2 = x_2 XOR dummy\n x_3 = x_3 XOR dummy\n Return (x_2, x_3)\n Where mask(swap) is the all-1 or all-0 word of the same length as x_2\n and x_3, computed, e.g., as mask(swap) = 0 - swap.\n */\n function cswap(swap, x_2, x_3) {\n const dummy = modP(swap * (x_2 - x_3));\n x_2 = modP(x_2 - dummy);\n x_3 = modP(x_3 + dummy);\n return [x_2, x_3];\n }\n // x25519 from 4\n // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519\n const a24 = (CURVE.a - BigInt(2)) / BigInt(4);\n /**\n *\n * @param pointU u coordinate (x) on Montgomery Curve 25519\n * @param scalar by which the point would be multiplied\n * @returns new Point on Montgomery curve\n */\n function montgomeryLadder(u, scalar) {\n aInRange('u', u, _0n, P);\n aInRange('scalar', scalar, _0n, P);\n // Section 5: Implementations MUST accept non-canonical values and process them as\n // if they had been reduced modulo the field prime.\n const k = scalar;\n const x_1 = u;\n let x_2 = _1n;\n let z_2 = _0n;\n let x_3 = u;\n let z_3 = _1n;\n let swap = _0n;\n let sw;\n for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {\n const k_t = (k >> t) & _1n;\n swap ^= k_t;\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n swap = k_t;\n const A = x_2 + z_2;\n const AA = modP(A * A);\n const B = x_2 - z_2;\n const BB = modP(B * B);\n const E = AA - BB;\n const C = x_3 + z_3;\n const D = x_3 - z_3;\n const DA = modP(D * A);\n const CB = modP(C * B);\n const dacb = DA + CB;\n const da_cb = DA - CB;\n x_3 = modP(dacb * dacb);\n z_3 = modP(x_1 * modP(da_cb * da_cb));\n x_2 = modP(AA * BB);\n z_2 = modP(E * (AA + modP(a24 * E)));\n }\n // (x_2, x_3) = cswap(swap, x_2, x_3)\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n // (z_2, z_3) = cswap(swap, z_2, z_3)\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n // z_2^(p - 2)\n const z2 = powPminus2(z_2);\n // Return x_2 * (z_2^(p - 2))\n return modP(x_2 * z2);\n }\n function encodeUCoordinate(u) {\n return numberToBytesLE(modP(u), montgomeryBytes);\n }\n function decodeUCoordinate(uEnc) {\n // Section 5: When receiving such an array, implementations of X25519\n // MUST mask the most significant bit in the final byte.\n const u = ensureBytes('u coordinate', uEnc, montgomeryBytes);\n if (fieldLen === 32)\n u[31] &= 127; // 0b0111_1111\n return bytesToNumberLE(u);\n }\n function decodeScalar(n) {\n const bytes = ensureBytes('scalar', n);\n const len = bytes.length;\n if (len !== montgomeryBytes && len !== fieldLen)\n throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`);\n return bytesToNumberLE(adjustScalarBytes(bytes));\n }\n function scalarMult(scalar, u) {\n const pointU = decodeUCoordinate(u);\n const _scalar = decodeScalar(scalar);\n const pu = montgomeryLadder(pointU, _scalar);\n // The result was not contributory\n // https://cr.yp.to/ecdh.html#validate\n if (pu === _0n)\n throw new Error('Invalid private or public key received');\n return encodeUCoordinate(pu);\n }\n // Computes public key from private. By doing scalar multiplication of base point.\n const GuBytes = encodeUCoordinate(CURVE.Gu);\n function scalarMultBase(scalar) {\n return scalarMult(scalar, GuBytes);\n }\n return {\n scalarMult,\n scalarMultBase,\n getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),\n getPublicKey: (privateKey) => scalarMultBase(privateKey),\n utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },\n GuBytes: GuBytes,\n };\n}\n//# sourceMappingURL=montgomery.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3';\nimport { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';\nimport { twistedEdwards } from './abstract/edwards.js';\nimport { createHasher, expand_message_xof } from './abstract/hash-to-curve.js';\nimport { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js';\nimport { montgomery } from './abstract/montgomery.js';\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js';\n/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n */\nconst shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));\nconst ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448P;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most\n // significant bit of the last byte to 1.\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448P;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\nconst Fp = Field(ed448P, 456, true);\nconst ED448_DEF = {\n // Param: a\n a: BigInt(1),\n // -39081. Negative number is P - number\n d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),\n // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n\n Fp,\n // Subgroup order: how many points curve has;\n // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\n n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n nBitLength: 456,\n // Cofactor\n h: BigInt(4),\n // Base point (x, y) aka generator point\n Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),\n Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),\n // SHAKE256(dom4(phflag,context)||x, 114)\n hash: shake256_114,\n randomBytes,\n adjustScalarBytes,\n // dom4\n domain: (data, ctx, phflag) => {\n if (ctx.length > 255)\n throw new Error(`Context is too big: ${ctx.length}`);\n return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n },\n uvRatio,\n};\nexport const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF);\n// NOTE: there is no ed448ctx, since ed448 supports ctx by default\nexport const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 });\nexport const x448 = /* @__PURE__ */ (() => montgomery({\n a: BigInt(156326),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n montgomeryBits: 448,\n nByteLength: 56,\n P: ed448P,\n Gu: BigInt(5),\n powPminus2: (x) => {\n const P = ed448P;\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, BigInt(2), P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/**\n * Converts edwards448 public key to x448 public key. Uses formula:\n * * `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`\n * * `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`\n * @example\n * const aPub = ed448.getPublicKey(utils.randomPrivateKey());\n * x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))\n */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = Fp.invertBatch([xEd, yEd]); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\nconst htf = /* @__PURE__ */ (() => createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\nfunction assertDcfPoint(other) {\n if (!(other instanceof DcfPoint))\n throw new Error('DecafPoint expected');\n}\n// 1-d\nconst ONE_MINUS_D = BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_448B = BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes448ToNumberLE = (bytes) => ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);\n// Computes Elligator map for Decaf\n// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/**\n * Each ed448/ExtendedPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448\n */\nclass DcfPoint {\n // Private property to discourage combining ExtendedPoint + DecafPoint\n // Always use Decaf encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));\n }\n /**\n * Takes uniform output of 112-byte hash function like shake256 and converts it to `DecafPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * **Note:** this is one-way map, there is no conversion from point to hash.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\n * @param hex 112-byte output of a hash function\n */\n static hashToCurve(hex) {\n hex = ensureBytes('decafHash', hex, 112);\n const r1 = bytes448ToNumberLE(hex.slice(0, 56));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = bytes448ToNumberLE(hex.slice(56, 112));\n const R2 = calcElligatorDecafMap(r2);\n return new DcfPoint(R1.add(R2));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-decode-2\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n hex = ensureBytes('decafHex', hex, 56);\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';\n const s = bytes448ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 56), hex) || isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error(emsg);\n return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));\n }\n /**\n * Encodes decaf point to Uint8Array.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-encode-2\n */\n toRawBytes() {\n let { ex: x, ey: _y, ez: z, et: t } = this.ep;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const u1 = mod(mod(x + t) * mod(x - t)); // 1\n const x2 = mod(x * x);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * z - t); // 4\n let s = mod(ONE_MINUS_D * invsqrt * x * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 56);\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n // Compare one point to another.\n // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-equals-2\n equals(other) {\n assertDcfPoint(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed448.CURVE.Fp.create;\n // (x1 * y2 == y1 * x2)\n return mod(X1 * Y2) === mod(Y1 * X2);\n }\n add(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new DcfPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new DcfPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new DcfPoint(this.ep.double());\n }\n negate() {\n return new DcfPoint(this.ep.negate());\n }\n}\nexport const DecafPoint = /* @__PURE__ */ (() => {\n // decaf448 base point is ed448 base x 2\n // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699\n if (!DcfPoint.BASE)\n DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);\n if (!DcfPoint.ZERO)\n DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);\n return DcfPoint;\n})();\n// Hashing to decaf448. https://www.rfc-editor.org/rfc/rfc9380#appendix-C\nexport const hashToDecaf448 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xof(msg, DST, 112, 224, shake256);\n const P = DcfPoint.hashToCurve(uniform_bytes);\n return P;\n};\nexport const hash_to_decaf448 = hashToDecaf448; // legacy\n//# sourceMappingURL=ed448.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher, isogenyMap } from './abstract/hash-to-curve.js';\nimport { Field, mod, pow2 } from './abstract/modular.js';\nimport { inRange, aInRange, bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE, } from './abstract/utils.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\nconst secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');\nconst secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst divNearest = (a, b) => (a + b / _2n) / b;\n/**\n * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.\n * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]\n */\nfunction sqrtMod(y) {\n const P = secp256k1P;\n // prettier-ignore\n const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);\n // prettier-ignore\n const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);\n const b2 = (y * y * y) % P; // x^3, 11\n const b3 = (b2 * b2 * y) % P; // x^7\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b223 = (pow2(b220, _3n, P) * b3) % P;\n const t1 = (pow2(b223, _23n, P) * b22) % P;\n const t2 = (pow2(t1, _6n, P) * b2) % P;\n const root = pow2(t2, _2n, P);\n if (!Fp.eql(Fp.sqr(root), y))\n throw new Error('Cannot find square root');\n return root;\n}\nconst Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });\n/**\n * secp256k1 short weierstrass curve and ECDSA signatures over it.\n */\nexport const secp256k1 = createCurve({\n a: BigInt(0), // equation params: a, b\n b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975\n Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n\n n: secp256k1N, // Curve order, total count of valid points in the field\n // Base point (x, y) aka generator point\n Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),\n Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),\n h: BigInt(1), // Cofactor\n lowS: true, // Allow only low-S signatures by default in sign() and verify()\n /**\n * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.\n * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.\n * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.\n * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066\n */\n endo: {\n beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),\n splitScalar: (k) => {\n const n = secp256k1N;\n const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');\n const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');\n const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');\n const b2 = a1;\n const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)\n const c1 = divNearest(b2 * k, n);\n const c2 = divNearest(-b1 * k, n);\n let k1 = mod(k - c1 * a1 - c2 * a2, n);\n let k2 = mod(-c1 * b1 - c2 * b2, n);\n const k1neg = k1 > POW_2_128;\n const k2neg = k2 > POW_2_128;\n if (k1neg)\n k1 = n - k1;\n if (k2neg)\n k2 = n - k2;\n if (k1 > POW_2_128 || k2 > POW_2_128) {\n throw new Error('splitScalar: Endomorphism failed, k=' + k);\n }\n return { k1neg, k1, k2neg, k2 };\n },\n },\n}, sha256);\n// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.\n// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki\nconst _0n = BigInt(0);\n/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */\nconst TAGGED_HASH_PREFIXES = {};\nfunction taggedHash(tag, ...messages) {\n let tagP = TAGGED_HASH_PREFIXES[tag];\n if (tagP === undefined) {\n const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));\n tagP = concatBytes(tagH, tagH);\n TAGGED_HASH_PREFIXES[tag] = tagP;\n }\n return sha256(concatBytes(tagP, ...messages));\n}\n// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03\nconst pointToBytes = (point) => point.toRawBytes(true).slice(1);\nconst numTo32b = (n) => numberToBytesBE(n, 32);\nconst modP = (x) => mod(x, secp256k1P);\nconst modN = (x) => mod(x, secp256k1N);\nconst Point = secp256k1.ProjectivePoint;\nconst GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);\n// Calculate point, scalar and bytes\nfunction schnorrGetExtPubKey(priv) {\n let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey\n let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside\n const scalar = p.hasEvenY() ? d_ : modN(-d_);\n return { scalar: scalar, bytes: pointToBytes(p) };\n}\n/**\n * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.\n * @returns valid point checked for being on-curve\n */\nfunction lift_x(x) {\n aInRange('x', x, _1n, secp256k1P); // Fail if x ≥ p.\n const xx = modP(x * x);\n const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.\n let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.\n if (y % _2n !== _0n)\n y = modP(-y); // Return the unique point P such that x(P) = x and\n const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.\n p.assertValidity();\n return p;\n}\nconst num = bytesToNumberBE;\n/**\n * Create tagged hash, convert it to bigint, reduce modulo-n.\n */\nfunction challenge(...args) {\n return modN(num(taggedHash('BIP0340/challenge', ...args)));\n}\n/**\n * Schnorr public key is just `x` coordinate of Point as per BIP340.\n */\nfunction schnorrGetPublicKey(privateKey) {\n return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)\n}\n/**\n * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.\n * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.\n */\nfunction schnorrSign(message, privateKey, auxRand = randomBytes(32)) {\n const m = ensureBytes('message', message);\n const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder\n const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array\n const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)\n const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)\n const k_ = modN(num(rand)); // Let k' = int(rand) mod n\n if (k_ === _0n)\n throw new Error('sign failed: k is zero'); // Fail if k' = 0.\n const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.\n const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.\n const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).\n sig.set(rx, 0);\n sig.set(numTo32b(modN(k + e * d)), 32);\n // If Verify(bytes(P), m, sig) (see below) returns failure, abort\n if (!schnorrVerify(sig, m, px))\n throw new Error('sign: Invalid signature produced');\n return sig;\n}\n/**\n * Verifies Schnorr signature.\n * Will swallow errors & return false except for initial type validation of arguments.\n */\nfunction schnorrVerify(signature, message, publicKey) {\n const sig = ensureBytes('signature', signature, 64);\n const m = ensureBytes('message', message);\n const pub = ensureBytes('publicKey', publicKey, 32);\n try {\n const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails\n const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.\n if (!inRange(r, _1n, secp256k1P))\n return false;\n const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.\n if (!inRange(s, _1n, secp256k1N))\n return false;\n const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n\n const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P\n if (!R || !R.hasEvenY() || R.toAffine().x !== r)\n return false; // -eP == (n-e)P\n return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.\n }\n catch (error) {\n return false;\n }\n}\n/**\n * Schnorr signatures over secp256k1.\n */\nexport const schnorr = /* @__PURE__ */ (() => ({\n getPublicKey: schnorrGetPublicKey,\n sign: schnorrSign,\n verify: schnorrVerify,\n utils: {\n randomPrivateKey: secp256k1.utils.randomPrivateKey,\n lift_x,\n pointToBytes,\n numberToBytesBE,\n bytesToNumberBE,\n taggedHash,\n mod,\n },\n}))();\nconst isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [\n // xNum\n [\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',\n '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',\n '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',\n ],\n // xDen\n [\n '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',\n '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n // yNum\n [\n '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',\n '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',\n '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',\n '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',\n ],\n // yDen\n [\n '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',\n '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',\n '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n].map((i) => i.map((j) => BigInt(j)))))();\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),\n B: BigInt('1771'),\n Z: Fp.create(BigInt('-11')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {\n const { x, y } = mapSWU(Fp.create(scalars[0]));\n return isoMap(x, y);\n}, {\n DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=secp256k1.js.map","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'));\nconst CURVE_A = Fp.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'));\nconst CURVE_B = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6');\n\n// prettier-ignore\nexport const brainpoolP256r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),\n Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),\n h: BigInt(1),\n lowS: false\n} as const, sha256);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha384 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'));\nconst CURVE_A = Fp.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'));\nconst CURVE_B = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11');\n\n// prettier-ignore\nexport const brainpoolP384r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),\n Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),\n h: BigInt(1),\n lowS: false\n} as const, sha384);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha512 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'));\nconst CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'));\nconst CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723');\n\n// prettier-ignore\nexport const brainpoolP512r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),\n Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),\n h: BigInt(1),\n lowS: false\n} as const, sha512);\n","/**\n * This file is needed to dynamic import the noble-curves.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { p256 as nistP256 } from '@noble/curves/p256';\nimport { p384 as nistP384 } from '@noble/curves/p384';\nimport { p521 as nistP521 } from '@noble/curves/p521';\nimport { x448, ed448 } from '@noble/curves/ed448';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { brainpoolP256r1 } from './brainpool/brainpoolP256r1';\nimport { brainpoolP384r1 } from './brainpool/brainpoolP384r1';\nimport { brainpoolP512r1 } from './brainpool/brainpoolP512r1';\n\nexport const nobleCurves = new Map(Object.entries({\n nistP256,\n nistP384,\n nistP521,\n brainpoolP256r1,\n brainpoolP384r1,\n brainpoolP512r1,\n secp256k1,\n x448,\n ed448\n}));\n\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * This file is needed to dynamic import the legacy ciphers.\n * Separate dynamic imports are not convenient as they result in multiple chunks.\n */\n\nimport { TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TwoFish from './twofish';\nimport BlowFish from './blowfish';\nimport enums from '../../enums';\n\nexport const legacyCiphers = new Map([\n [enums.symmetric.tripledes, TripleDES],\n [enums.symmetric.cast5, CAST5],\n [enums.symmetric.blowfish, BlowFish],\n [enums.symmetric.twofish, TwoFish]\n]);\n","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms.\n// Initial state\nconst SHA1_IV = /* @__PURE__ */ new Uint32Array([\n 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA1_W = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA1 extends HashMD {\n constructor() {\n super(64, 20, 8, false);\n this.A = SHA1_IV[0] | 0;\n this.B = SHA1_IV[1] | 0;\n this.C = SHA1_IV[2] | 0;\n this.D = SHA1_IV[3] | 0;\n this.E = SHA1_IV[4] | 0;\n }\n get() {\n const { A, B, C, D, E } = this;\n return [A, B, C, D, E];\n }\n set(A, B, C, D, E) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n SHA1_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 80; i++)\n SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);\n // Compression function main loop, 80 rounds\n let { A, B, C, D, E } = this;\n for (let i = 0; i < 80; i++) {\n let F, K;\n if (i < 20) {\n F = Chi(B, C, D);\n K = 0x5a827999;\n }\n else if (i < 40) {\n F = B ^ C ^ D;\n K = 0x6ed9eba1;\n }\n else if (i < 60) {\n F = Maj(B, C, D);\n K = 0x8f1bbcdc;\n }\n else {\n F = B ^ C ^ D;\n K = 0xca62c1d6;\n }\n const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0;\n E = D;\n D = C;\n C = rotl(B, 30);\n B = A;\n A = T;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n this.set(A, B, C, D, E);\n }\n roundClean() {\n SHA1_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n/**\n * SHA1 (RFC 3174) hash function.\n * It was cryptographically broken: prefer newer algorithms.\n * @param message - data that would be hashed\n */\nexport const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1());\n//# sourceMappingURL=sha1.js.map","import { HashMD } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf\nconst Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);\nconst Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));\nconst Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16);\nlet idxL = [Id];\nlet idxR = [Pi];\nfor (let i = 0; i < 4; i++)\n for (let j of [idxL, idxR])\n j.push(j[i].map((k) => Rho[k]));\nconst shifts = /* @__PURE__ */ [\n [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],\n [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],\n [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],\n [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],\n [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],\n].map((i) => new Uint8Array(i));\nconst shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst Kl = /* @__PURE__ */ new Uint32Array([\n 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e,\n]);\nconst Kr = /* @__PURE__ */ new Uint32Array([\n 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000,\n]);\n// It's called f() in spec.\nfunction f(group, x, y, z) {\n if (group === 0)\n return x ^ y ^ z;\n else if (group === 1)\n return (x & y) | (~x & z);\n else if (group === 2)\n return (x | ~y) ^ z;\n else if (group === 3)\n return (x & z) | (y & ~z);\n else\n return x ^ (y | ~z);\n}\n// Temporary buffer, not used to store anything between runs\nconst R_BUF = /* @__PURE__ */ new Uint32Array(16);\nexport class RIPEMD160 extends HashMD {\n constructor() {\n super(64, 20, 8, true);\n this.h0 = 0x67452301 | 0;\n this.h1 = 0xefcdab89 | 0;\n this.h2 = 0x98badcfe | 0;\n this.h3 = 0x10325476 | 0;\n this.h4 = 0xc3d2e1f0 | 0;\n }\n get() {\n const { h0, h1, h2, h3, h4 } = this;\n return [h0, h1, h2, h3, h4];\n }\n set(h0, h1, h2, h3, h4) {\n this.h0 = h0 | 0;\n this.h1 = h1 | 0;\n this.h2 = h2 | 0;\n this.h3 = h3 | 0;\n this.h4 = h4 | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n R_BUF[i] = view.getUint32(offset, true);\n // prettier-ignore\n let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;\n // Instead of iterating 0 to 80, we split it into 5 groups\n // And use the groups in constants, functions, etc. Much simpler\n for (let group = 0; group < 5; group++) {\n const rGroup = 4 - group;\n const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore\n const rl = idxL[group], rr = idxR[group]; // prettier-ignore\n const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore\n for (let i = 0; i < 16; i++) {\n const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0;\n al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore\n }\n // 2 loops are 10% faster\n for (let i = 0; i < 16; i++) {\n const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0;\n ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore\n }\n }\n // Add the compressed chunk to the current hash value\n this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);\n }\n roundClean() {\n R_BUF.fill(0);\n }\n destroy() {\n this.destroyed = true;\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0);\n }\n}\n/**\n * RIPEMD-160 - a hash function from 1990s.\n * @param message - msg that would be hashed\n */\nexport const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160());\n//# sourceMappingURL=ripemd160.js.map","/**\n * This file is needed to dynamic import the noble-hashes.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { sha1 } from '@noble/hashes/sha1';\nimport { sha224, sha256 } from '@noble/hashes/sha256';\nimport { sha384, sha512 } from '@noble/hashes/sha512';\nimport { sha3_256, sha3_512 } from '@noble/hashes/sha3';\nimport { ripemd160 } from '@noble/hashes/ripemd160';\n\nexport const nobleHashes = new Map(Object.entries({\n sha1,\n sha224,\n sha256,\n sha384,\n sha512,\n sha3_256,\n sha3_512,\n ripemd160\n}));\n","// Adapted from the reference implementation in RFC7693\n// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes\n\n// Uint64 values are represented using two Uint32s, stored as little endian\n// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays\n// need to be manually handled\n\n// 64-bit unsigned addition (little endian, in place)\n// Sets a[i,i+1] += b[j,j+1]\n// `a` and `b` must be Uint32Array(2)\nfunction ADD64 (a, i, b, j) {\n a[i] += b[j];\n a[i+1] += b[j+1] + (a[i] < b[j]); // add carry\n}\n\n// Increment 64-bit little-endian unsigned value by `c` (in place)\n// `a` must be Uint32Array(2)\nfunction INC64 (a, c) {\n a[0] += c;\n a[1] += (a[0] < c);\n}\n\n// G Mixing function\n// The ROTRs are inlined for speed\nfunction G (v, m, a, b, c, d, ix, iy) {\n ADD64(v, a, v, b) // v[a,a+1] += v[b,b+1]\n ADD64(v, a, m, ix) // v[a, a+1] += x ... x0\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits\n let xor0 = v[d] ^ v[a]\n let xor1 = v[d + 1] ^ v[a + 1]\n v[d] = xor1\n v[d + 1] = xor0\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor0 >>> 24) ^ (xor1 << 8)\n v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8)\n\n ADD64(v, a, v, b)\n ADD64(v, a, m, iy)\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits\n xor0 = v[d] ^ v[a]\n xor1 = v[d + 1] ^ v[a + 1]\n v[d] = (xor0 >>> 16) ^ (xor1 << 16)\n v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16)\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor1 >>> 31) ^ (xor0 << 1)\n v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1)\n}\n\n// Initialization Vector\nconst BLAKE2B_IV32 = new Uint32Array([\n 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,\n 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,\n 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,\n 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19\n])\n\n// These are offsets into a Uint64 buffer.\n// Multiply them all by 2 to make them offsets into a Uint32 buffer\nconst SIGMA = new Uint8Array([\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,\n 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,\n 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,\n 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,\n 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,\n 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,\n 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,\n 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,\n 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3\n].map(x => x * 2))\n\n// Compression function. 'last' flag indicates last block.\n// Note: we're representing 16 uint64s as 32 uint32s\nfunction compress(S, last) {\n const v = new Uint32Array(32)\n const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32)\n\n // init work variables\n for (let i = 0; i < 16; i++) {\n v[i] = S.h[i]\n v[i + 16] = BLAKE2B_IV32[i]\n }\n\n // low 64 bits of offset\n v[24] ^= S.t0[0]\n v[25] ^= S.t0[1]\n // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1\n\n // if last block\n const f0 = last ? 0xFFFFFFFF : 0;\n v[28] ^= f0;\n v[29] ^= f0;\n\n // twelve rounds of mixing\n for (let i = 0; i < 12; i++) {\n // ROUND(r)\n const i16 = i << 4;\n G(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1])\n G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3])\n G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5])\n G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7])\n G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9])\n G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11])\n G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13])\n G(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15])\n }\n\n for (let i = 0; i < 16; i++) {\n S.h[i] ^= v[i] ^ v[i + 16]\n }\n}\n\n// Creates a BLAKE2b hashing context\n// Requires an output length between 1 and 64 bytes\n// Takes an optional Uint8Array key\nclass Blake2b {\n constructor(outlen, key, salt, personal) {\n const params = new Uint8Array(64)\n // 0: outlen, keylen, fanout, depth\n // 4: leaf length, sequential mode\n // 8: node offset\n // 12: node offset\n // 16: node depth, inner length, rfu\n // 20: rfu\n // 24: rfu\n // 28: rfu\n // 32: salt\n // 36: salt\n // 40: salt\n // 44: salt\n // 48: personal\n // 52: personal\n // 56: personal\n // 60: personal\n\n // init internal state\n this.S = {\n b: new Uint8Array(BLOCKBYTES),\n h: new Uint32Array(OUTBYTES_MAX / 4),\n t0: new Uint32Array(2), // input counter `t`, lower 64-bits only\n c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`\n outlen // output length in bytes\n }\n\n // init parameter block\n params[0] = outlen\n if (key) params[1] = key.length\n params[2] = 1 // fanout\n params[3] = 1 // depth\n if (salt) params.set(salt, 32)\n if (personal) params.set(personal, 48)\n const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);\n\n // initialize hash state\n for (let i = 0; i < 16; i++) {\n this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];\n }\n\n // key the hash, if applicable\n if (key) {\n const block = new Uint8Array(BLOCKBYTES)\n block.set(key)\n this.update(block)\n }\n }\n\n // Updates a BLAKE2b streaming hash\n // Requires Uint8Array (byte array)\n update(input) {\n if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')\n // for (let i = 0; i < input.length; i++) {\n // if (this.S.c === BLOCKBYTES) { // buffer full\n // INC64(this.S.t0, this.S.c) // add counters\n // compress(this.S, false)\n // this.S.c = 0 // empty buffer\n // }\n // this.S.b[this.S.c++] = input[i]\n // }\n let i = 0\n while(i < input.length) {\n if (this.S.c === BLOCKBYTES) { // buffer full\n INC64(this.S.t0, this.S.c) // add counters\n compress(this.S, false)\n this.S.c = 0 // empty buffer\n }\n let left = BLOCKBYTES - this.S.c\n this.S.b.set(input.subarray(i, i + left), this.S.c) // end index can be out of bounds\n const fill = Math.min(left, input.length - i)\n this.S.c += fill\n i += fill\n }\n return this\n }\n\n /**\n * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one\n * @param {Uint8Array} [prealloc] - optional preallocated buffer\n * @returns {ArrayBuffer} message digest\n */\n digest(prealloc) {\n INC64(this.S.t0, this.S.c) // mark last block offset\n\n // final block, padded\n this.S.b.fill(0, this.S.c);\n this.S.c = BLOCKBYTES;\n compress(this.S, true)\n\n const out = prealloc || new Uint8Array(this.S.outlen);\n for (let i = 0; i < this.S.outlen; i++) {\n // must be loaded individually since default Uint32 endianness is platform dependant\n out[i] = this.S.h[i >> 2] >> (8 * (i & 3))\n }\n this.S.h = null; // prevent calling `update` after `digest`\n return out.buffer;\n }\n}\n\n\nexport default function createHash(outlen, key, salt, personal) {\n if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)\n if (key) {\n if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')\n if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)\n }\n if (salt) {\n if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')\n if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)\n }\n if (personal) {\n if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')\n if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)\n }\n\n return new Blake2b(outlen, key, salt, personal)\n}\n\nconst OUTBYTES_MAX = 64;\nconst KEYBYTES_MAX = 64;\nconst SALTBYTES = 16;\nconst PERSONALBYTES = 16;\nconst BLOCKBYTES = 128;\n\n","import blake2b from \"./blake2b.js\"\nconst TYPE = 2; // Argon2id\nconst VERSION = 0x13;\nconst TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MIN = 8;\nconst passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst passwordBYTES_MIN = 8;\nconst MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)\nconst SECRETBYTES_MAX = 32; // key (optional)\n\nconst ARGON2_BLOCK_SIZE = 1024;\nconst ARGON2_PREHASH_DIGEST_LENGTH = 64;\n\nconst isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;\n\n// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])\nfunction LE32(buf, n, i) {\n buf[i+0] = n;\n buf[i+1] = n >> 8;\n buf[i+2] = n >> 16;\n buf[i+3] = n >> 24;\n return buf;\n}\n\n/**\n * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])\n * @param {Uint8Array} buf\n * @param {Number} n\n * @param {Number} i\n */\nfunction LE64(buf, n, i) {\n if (n > Number.MAX_SAFE_INTEGER) throw new Error(\"LE64: large numbers unsupported\");\n // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations\n // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)\n // so we manually extract each byte\n let remainder = n;\n for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER\n buf[offset] = remainder; // implicit & 0xff\n remainder = (remainder - buf[offset]) / 256;\n }\n return buf;\n}\n\n/**\n * Variable-Length Hash Function H'\n * @param {Number} outlen - T\n * @param {Uint8Array} X - value to hash\n * @param {Uint8Array} res - output buffer, of length `outlength` or larger\n */\nfunction H_(outlen, X, res) {\n const V = new Uint8Array(64); // no need to keep around all V_i\n\n const V1_in = new Uint8Array(4 + X.length);\n LE32(V1_in, outlen, 0);\n V1_in.set(X, 4);\n if (outlen <= 64) {\n // H'^T(A) = H^T(LE32(T)||A)\n blake2b(outlen).update(V1_in).digest(res);\n return res\n }\n\n const r = Math.ceil(outlen / 32) - 2;\n\n // Let V_i be a 64-byte block and W_i be its first 32 bytes.\n // V_1 = H^(64)(LE32(T)||A)\n // V_2 = H^(64)(V_1)\n // ...\n // V_r = H^(64)(V_{r-1})\n // V_{r+1} = H^(T-32*r)(V_{r})\n // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}\n for (let i = 0; i < r; i++) {\n blake2b(64).update(i === 0 ? V1_in : V).digest(V);\n // store W_i in result buffer already\n res.set(V.subarray(0, 32), i*32)\n }\n // V_{r+1}\n const V_r1 = new Uint8Array(blake2b(outlen - 32*r).update(V).digest());\n res.set(V_r1, r*32);\n\n return res;\n}\n\n// compute buf = xs ^ ys\nfunction XOR(wasmContext, buf, xs, ys) {\n wasmContext.fn.XOR(\n buf.byteOffset,\n xs.byteOffset,\n ys.byteOffset,\n );\n return buf\n}\n\n/**\n * @param {Uint8Array} X (read-only)\n * @param {Uint8Array} Y (read-only)\n * @param {Uint8Array} R - output buffer\n * @returns\n */\nfunction G(wasmContext, X, Y, R) {\n wasmContext.fn.G(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\nfunction G2(wasmContext, X, Y, R) {\n wasmContext.fn.G2(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\n// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.\nfunction* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {\n // For each segment, we do the following. First, we compute the value Z as:\n // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )\n wasmContext.refs.prngTmp.fill(0);\n const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);\n LE64(Z, pass, 0);\n LE64(Z, lane, 8);\n LE64(Z, slice, 16);\n LE64(Z, m_, 24);\n LE64(Z, totalPasses, 32);\n LE64(Z, TYPE, 40);\n\n // Then we compute q/(128*SL) 1024-byte values\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),\n // ...,\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),\n for(let i = 1; i <= segmentLength; i++) {\n // tmp.set(Z); // no need to re-copy\n LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed\n const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );\n\n // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2\n // NB: the first generated pair must be used for the first block of the segment, and so on.\n // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.\n for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {\n yield g2.subarray(k, k+8);\n }\n }\n return [];\n}\n\nfunction validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {\n const assertLength = (name, value, min, max) => {\n if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }\n }\n\n if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version');\n assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);\n assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);\n assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);\n assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);\n // optional fields\n ad && assertLength('associated data', ad, 0, ADBYTES_MAX);\n secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);\n\n return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };\n}\n\nconst KB = 1024;\nconst WASM_PAGE_SIZE = 64 * KB;\n\nexport default function argon2id(params, { memory, instance: wasmInstance }) {\n if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system\n\n const ctx = validateParams({ type: TYPE, version: VERSION, ...params });\n\n const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;\n const wasmRefs = {};\n const wasmFn = {};\n wasmFn.G = wasmG;\n wasmFn.G2 = wasmG2;\n wasmFn.XOR = wasmXOR;\n\n // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.\n const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));\n const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references\n if (memory.buffer.byteLength < requiredMemory) {\n const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE)\n // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.\n // Otherwise, the operation fails, and the original memory can still be used.\n memory.grow(missing)\n }\n\n let offset = 0;\n // Init wasm memory needed in other functions\n wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;\n wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;\n wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;\n wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;\n // Init wasm memory needed locally\n const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;\n const wasmContext = { fn: wasmFn, refs: wasmRefs };\n const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;\n const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);\n const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);\n\n // 1. Establish H_0\n const H0 = getH0(ctx);\n\n // 2. Allocate the memory as m' 1024-byte blocks\n // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.\n const q = m_ / ctx.lanes;\n const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));\n const initBlock = (i, j) => {\n B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);\n return B[i][j];\n }\n\n for (let i = 0; i < ctx.lanes; i++) {\n // const LEi = LE0; // since p = 1 for us\n const tmp = new Uint8Array(H0.length + 8);\n // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p\n // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))\n tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));\n // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p\n // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))\n LE32(tmp, 1, H0.length);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));\n }\n\n // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2\n // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes\n // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.\n const SL = 4; // vertical slices\n const segmentLength = q / SL;\n for (let pass = 0; pass < ctx.passes; pass++) {\n // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel\n for (let sl = 0; sl < SL; sl++) {\n const isDataIndependent = pass === 0 && sl <= 1;\n for (let i = 0; i < ctx.lanes; i++) { // lane\n // On the first slice of the first pass, blocks 0 and 1 are already filled\n let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;\n // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)\n const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;\n for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {\n const j = sl * segmentLength + segmentOffset;\n const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]\n\n // we can assume the PRNG is never done\n const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength)\n const l = lz[0]; const z = lz[1];\n // for (let i = 0; i < p; i++ )\n // B[i][j] = G(B[i][j-1], B[l][z])\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n if (pass === 0) initBlock(i, j);\n G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);\n\n // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one\n if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j])\n }\n }\n }\n }\n\n // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:\n // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]\n const C = B[0][q-1];\n for(let i = 1; i < ctx.lanes; i++) {\n XOR(wasmContext, C, C, B[i][q-1])\n }\n\n const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));\n // clear memory since the module might be cached\n allocatedMemory.fill(0) // clear sensitive contents\n memory.grow(0) // allow deallocation\n // 8. The output tag is computed as H'^T(C).\n return tag;\n\n}\n\nfunction getH0(ctx) {\n const H = blake2b(ARGON2_PREHASH_DIGEST_LENGTH);\n const ZERO32 = new Uint8Array(4);\n const params = new Uint8Array(24);\n LE32(params, ctx.lanes, 0);\n LE32(params, ctx.tagLength, 4);\n LE32(params, ctx.memorySize, 8);\n LE32(params, ctx.passes, 12);\n LE32(params, ctx.version, 16);\n LE32(params, ctx.type, 20);\n\n const toHash = [params];\n if (ctx.password) {\n toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0))\n toHash.push(ctx.password)\n } else {\n toHash.push(ZERO32) // context.password.length\n }\n\n if (ctx.salt) {\n toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0))\n toHash.push(ctx.salt)\n } else {\n toHash.push(ZERO32) // context.salt.length\n }\n\n if (ctx.secret) {\n toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0))\n toHash.push(ctx.secret)\n // todo clear secret?\n } else {\n toHash.push(ZERO32) // context.secret.length\n }\n\n if (ctx.ad) {\n toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0))\n toHash.push(ctx.ad)\n } else {\n toHash.push(ZERO32) // context.ad.length\n }\n H.update(concatArrays(toHash))\n\n const outputBuffer = H.digest();\n return new Uint8Array(outputBuffer);\n}\n\nfunction concatArrays(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!(arrays[i] instanceof Uint8Array)) {\n throw new Error('concatArrays: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach((element) => {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n","import argon2id from \"./argon2id.js\";\n\nlet isSIMDSupported;\nasync function wasmLoader(memory, getSIMD, getNonSIMD) {\n const importObject = { env: { memory } };\n if (isSIMDSupported === undefined) {\n try {\n const loaded = await getSIMD(importObject);\n isSIMDSupported = true;\n return loaded;\n } catch(e) {\n isSIMDSupported = false;\n }\n }\n\n const loader = isSIMDSupported ? getSIMD : getNonSIMD;\n return loader(importObject);\n}\n\nexport default async function setupWasm(getSIMD, getNonSIMD) {\n const memory = new WebAssembly.Memory({\n // in pages of 64KiB each\n // these values need to be compatible with those declared when building in `build-wasm`\n initial: 1040, // 65MB\n maximum: 65536, // 4GB\n });\n const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);\n\n /**\n * Argon2id hash function\n * @callback computeHash\n * @param {Object} params\n * @param {Uint8Array} params.password - password\n * @param {Uint8Array} params.salt - salt\n * @param {Integer} params.parallelism\n * @param {Integer} params.passes\n * @param {Integer} params.memorySize - in kibibytes\n * @param {Integer} params.tagLength - output tag length\n * @param {Uint8Array} [params.ad] - associated data (optional)\n * @param {Uint8Array} [params.secret] - secret data (optional)\n * @return {Uint8Array} argon2id hash\n */\n const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });\n\n return computeHash;\n}\n","import setupWasm from './lib/setup.js';\nimport wasmSIMD from './dist/simd.wasm';\nimport wasmNonSIMD from './dist/no-simd.wasm';\n\nconst loadWasm = async () => setupWasm(\n (instanceObject) => wasmSIMD(instanceObject),\n (instanceObject) => wasmNonSIMD(instanceObject),\n);\n\nexport default loadWasm;\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","Object","setPrototypeOf","this","prototype","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","isStream","globalThis","ReadableStream","isPrototypeOf","_read","_readableState","Error","isUint8Array","Uint8Array","concatUint8Array","arrays","length","totalLength","i","result","pos","forEach","element","set","undefined","read","async","value","done","readToEnd","join","slice","clone","then","push","write","chunk","close","abort","reason","process","versions","doneReadingSet","WeakSet","externalBuffer","Reader","reader","bind","_releaseLock","_cancel","cancel","doneReading","has","add","e","toStream","start","controller","enqueue","toArrayStream","concat","list","some","map","transform","transformWithCancel","all","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","options","transformStream","TransformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","pull","highWaterMark","WritableStream","error","finish","output","data","result1","result2","flush","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","destroy","arrayStream","shift","readLine","returnVal","buffer","streams.concat","lineEndIndex","indexOf","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","byteOffset","byteLength","filter","byValue","enums","curve","nistP256","p256","nistP384","p384","nistP521","p521","secp256k1","ed25519Legacy","ed25519","curve25519Legacy","curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","argon2","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","aedh","aedsa","x25519","x448","ed448","symmetric","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","sha3_256","sha3_512","webHash","aead","eax","ocb","gcm","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","padding","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuerKeyID","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","preferredCipherSuites","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","seipdv2","type","config","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","aeadProtect","parseAEADEncryptedV4KeysAsLegacy","preferredAEADAlgorithm","aeadChunkSizeByte","v6Keys","enableParsingV5Entities","s2kType","s2kIterationCountByte","s2kArgon2Params","passes","parallelism","memoryExponent","allowUnauthenticatedMessages","allowUnauthenticatedStream","minRSABits","passwordCollisionCheck","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","allowMissingKeyFlags","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","nonDeterministicSignaturesViaNotation","useEllipticFallback","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","debugMode","env","NODE_ENV","util","isString","String","nodeRequire","createRequire","url","stream.isUint8Array","stream.isStream","getNobleCurve","publicKeyAlgo","curveName","defaultConfig","nobleCurves","noble_curves","readNumber","n","writeNumber","b","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","readExactSubarray","leftPad","padded","offset","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","hex","k","parseInt","uint8ArrayToHex","hexAlphabet","s","v","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","printDebug","log","printDebugError","x","r","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","webCrypto","crypto","subtle","getNodeCrypto","webcrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","sub","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","a","selectUint8","isAES","cipherAlgo","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","getType","header","match","addheader","customComment","getCheckSum","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","base64.encode","from","toString","btoa","atob","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","removeChecksum","body","lastEquals","lastIndexOf","unarmor","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","stream.isArrayStream","stream.readToEnd","messageType","partIndex","partTotal","emitChecksum","maybeBodyClone","stream.passiveClone","getLegacyCipher","algo","legacyCiphers","legacy_ciphers","cipher","getCipherBlockSize","getCipherKeySize","getCipherParams","keySize","blockSize","md5cycle","c","d","ff","gg","hh","ii","add32","cmn","q","md5blk","md5blks","hex_chr","rhex","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","update","digest","nobleHash","nobleHashName","webCryptoHashName","getNobleHash","nobleHashes","noble_hashes","hashInstance","create","hash$1","entree","state","substring","tail","md51","getHashByteLength","isBytes","lengths","exists","instance","checkFinished","destroyed","finished","out","min","outputLen","u8","arr","u32","createView","toBytes","utf8ToBytes","copyBytes","equalBytes","diff","wrapCipher","params","assign","setBigUint64","view","isLE","_32n","BigInt","_u32_max","wh","Number","wl","setUint32","isAligned32","clean","fill","BLOCK_SIZE","ZEROS16","ZEROS32","swapLE","GHASH","expectedLength","blockLen","s0","s1","s2","s3","abytes","kView","k0","getUint32","k1","k2","k3","doubles","W","estimateWindow","windows","windowSize","items","w","d0","d1","d2","d3","_updateBlock","o0","o1","o2","o3","mask","num","bytePos","bitPos","bit","e0","e1","e2","e3","aexists","b32","blocks","left","elm","digestInto","aoutput","o32","res","Polyval","ghKey","reverse","hiBit","carry","_toGHASHKey","wrapConstructorWithKey","hashCons","hashC","msg","tmp","ghash","EMPTY_BLOCK","POLY","mul2","mul","sbox","box","invSbox","_","rotr32_8","rotl32_8","byteSwap","word","genTtable","T0","T1","T2","T3","T01","T23","sbox2","Uint16Array","idx","tableEncoding","tableDecoding","xPowers","p","expandKeyLE","len","toClean","k32","Nk","subByte","applySbox","xk","expandKeyDecLE","encKey","apply0123","encrypt","rounds","t0","t1","t2","t3","decrypt","getDst","dst","ctrCounter","nonce","src","srcLen","ctr","c32","src32","dst32","ctr32","ctrPos","ctrNum","nonceLength","processCtr","plaintext","ciphertext","cbc","iv","opts","pcks5","disablePadding","o","_out","outLen","remaining","validateBlockEncrypt","_iv","n32","tmp32","paddingByte","padPCKS","validateBlockDecrypt","ps0","ps1","ps2","ps3","lastByte","validatePCKS","cfb","processCfb","isEncrypt","next32","tagLength","AAD","_computeTag","authKey","tagMask","aadLength","h","computeTag","deriveKeys","counter","nonceLen","g","passedTag","isBytes32","encryptBlock","block","decryptBlock","AESW","kek","a0","a1","chunks","AESKW_IV","aeskw","sum","pad","concatBytes","unsafe","knownAlgos","getCiphers","nodeAlgos","WebCryptoEncryptor","prevBlock","nextBlock","zeroBlock","isSupported","importKey","_runCBC","nonZeroIV","mode","keyRef","encryptChunk","missing","added","leftover","toEncrypt","encryptedBlocks","xorMut","encryptedBlock","curBlock","clearSensitiveData","ct","NobleStreamProcessor","forEncryption","nobleAesHelpers","getUint32Array","_runCFB","processChunk","toProcess","processedBlocks","processedBlock","aLength","algoName","decipherObj","createDecipheriv","nodeDecrypt","nobleAesCfb","aesDecrypt","cipherfn","block_size","blockp","decblock","pt","cipherObj","createCipheriv","nodeEncrypt","aesEncrypt","blockc","encblock","blockLength","rightXORMut","CMAC","CBC","padding2","err","nobleAesCbc","ivLength","zero","one","two","OMAC","cmac","CTR","en","final","nobleAesCtr","EAX","omac","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","T","xor","OCB","maxNtz","aes","encipher","decipher","crypt","m","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","checksum","xorInput","$","cipherInput","mask_x","mask_$","constructKeyVariables","crypted","ALGO","GCM","setAAD","getAuthTag","de","setAuthTag","_key","webcryptoEmptyMessagesUnsupported","userAgent","nobleAesGcm","additionalData","_0n","_1n","uint8ArrayToBigInt","mod","reduced","modExp","exp","lsb","abs","modInv","gcd","aInput","bInput","y","xPrev","yPrev","aNegated","bNegated","_egcd","bigIntToNumber","number","MAX_SAFE_INTEGER","getBit","bitLength","bitlen","_8n","bigIntToUint8Array","endian","rawLength","getRandomBytes","getRandomValues","getRandomBigInteger","modulus","randomProbablePrime","_30n","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","n1","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","count","randomBytes","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","hashed","emLen","hashPrefix","tLen","EM","privateToJWK","u","pNum","qNum","dNum","dq","dp","kty","qi","ext","publicToJWK","jwkToPrivate","jwk","format","constants","RSA_PKCS1_PADDING","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","publicEncrypt","bnEncrypt","keyGenOpt","modulusLength","publicExponent","keyPair","generateKey","exportKey","publicKeyEncoding","privateKeyEncoding","generateKeyPair","jwkPrivateKey","phi","hashAlgo","hashName","sign","webSign","createSign","nodeSign","bnSign","_2n","rde","verify","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","c1","c2","pSize","threshold","nc","nacl","gf","init","Float64Array","randombytes","_9","gf0","gf1","_121665","D","D2","X","Y","I","ts64","l","crypto_verify_32","xi","yi","vn","set25519","car25519","sel25519","pack25519","neq25519","par25519","unpack25519","A","Z","M","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","z","f","x32","x16","crypto_scalarmult_base","K","crypto_hashblocks_hl","hl","bh0","bh1","bh2","bh3","bh4","bh5","bh6","bh7","bl0","bl1","bl2","bl3","bl4","bl5","bl6","bl7","th","tl","Int32Array","ah0","ah1","ah2","ah3","ah4","ah5","ah6","ah7","al0","al1","al2","al3","al4","al5","al6","al7","crypto_hash","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","reduce","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","TypeError","scalarMult","crypto_box_keypair","fromSecretKey","signedMsg","sm","smlen","crypto_sign","detached","sig","crypto_sign_open","fromSeed","seed","setPRNG","cleanup","knownOIDs","OID","oid","toHex","getName","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callback","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","lengthByte","nextPacket","UnsupportedError","captureStackTrace","UnknownPacketError","UnparseablePacket","rawContent","generate","webCryptoKey","getPayloadSize","utils","randomPrivateKey","getPublicKey","getPreferredHashAlgo","privateKeyToJWK","RS","publicKeyToJWK","crv","wrap","dataToWrap","wrappingKey","keyToWrap","wrapped","wrapKey","nobleAesKW","unwrap","wrappedData","unwrapped","unwrapKey","computeHKDF","inputKey","salt","info","importedKey","deriveBits","HKDF_INFO","generateEphemeralEncryptionMaterial","recipientA","ephemeralSecretKey","sharedSecret","assertNonZeroArray","ephemeralPublicKey","getSharedSecret","recomputeSharedSecret","acc","wrappedKey","hkdfInput","aesKW.unwrap","encryptionKey","aesKW.wrap","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","wireFormatLeadingByte","CurveWithOID","oidOrName","genKeyPair","namedCurve","jwkToRawPublic","webGenKeyPair","jsGenKeyPair","createECDH","generateKeys","getPrivateKey","nodeGenKeyPair","ecdhXGenerate","eddsaGenerate","validateStandardParams","Q","supportedCurves","dG","checkPublicPointEnconding","V","pointSize","nobleCurve","bufX","bufY","rawPublicToJWK","ecKeyUtils","nodeBuffer","derPrivateKey","generateDer","dsaEncoding","lowS","tryFallbackVerificationForOldBug","jsVerify","verified","derPublicKey","eddsaSign","eddsaVerify","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","ecdhXGenerateEphemeralEncryptionMaterial","recipient","public","webPublicEphemeralKey","jsPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","genPrivateEphemeralKey","ecdhXRecomputeSharedSecret","secret","webPrivateEphemeralKey","jsPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","C","pkcs5.decode","pkcs5.encode","xr","qSize","u1","u2","rsa","elliptic","signatureParams","rsSize","eddsa","publicKeyParams","privateKeyParams","publicParams","curveSize","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","fromObject","algorithm","followLength","checkSupportedCurve","getCurvePayloadSize","ecdhX","privateParams","prefixrandom","repeat","ECDHSymkey","sessionKeyParams","keyAlgo","symmetricAlgo","algosWithNativeRepresentation","orderedParams","keys","validateParams","algoModule","random","pkcs1","pkcs5","aesKW","Argon2OutOfMemoryError","loadArgonWasmModule","argon2Promise","Argon2S2K","encodedM","generateSalt","produceKey","passphrase","decodedM","index$1","default","version","password","memorySize","GenericS2K","getCount","numBytes","rlength","prefixlen","toHash","datalen","allowedS2KTypesForEncryption","newS2KFromType","newS2KFromConfig","require","Worker","u16","fleb","fdeb","clim","freb","eb","_a","fl","revfl","_b","fd","revfd","rev","hMap","cd","mb","co","le","rvb","sv","r_1","flt","fdt","flm","flrm","fdm","fdrm","bits16","shft","slc","BYTES_PER_ELEMENT","ec","ind","nt","code","wbits","wbits16","hTree","et","sort","i0","i1","i2","maxSym","tr","mbt","ln","dt","lft","cst","i2_1","i2_2","i2_3","lc","cl","cli","cln","cls","clen","cf","wfblk","dat","wblk","syms","lf","df","li","bl","dlt","mlb","ddt","mdb","_c","lclt","nlc","_d","lcdt","ndc","lcfreq","_e","lct","mlcb","nlcc","lm","ll","dm","dl","flen","ftlen","dtlen","llm","lcts","it","clct","deo","dopt","opt","pre","post","st","lvl","plvl","lst","msk_1","head","bs1_1","bs2_1","hsh","lc_1","wi","hv","imod","pimod","rem","ch_1","dif","maxn","maxd","ml","nl","mmd","md","ti","lin","din","dflt","level","mem","Deflate","cb","ondata","Inflate","bts","sl","noBuf","noSt","cbuf","nbuf","bt","lbt","dbt","tbts","hLit","hcLen","ldt","clt","clb","clbmsk","clm","lt","lms","dms","lpos","sym","dsym","inflt","Zlib","raw","lv","zlh","wbytes","Unzlib","td","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","KeyID","equals","keyID","matchWildcard","isWildcard","isNull","mapToHex","fromID","wildcard","SALT_NOTATION_NAME","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","unknownSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","saltLength","signatureMaterial","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","saltLengthForHash","saltValue","humanReadable","critical","writeHashedSubPackets","stream.slice","stream.clone","writeSubPacket","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLengthBytes","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","fromSignaturePacket","signaturePacket","isLast","onePassSig","flags","args","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","fromBinary","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","chunkSize","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","compressionFn","compress_fns","compressionStreamInstantiator","ZlibStreamedConstructor","inputData","zlibStream","processedData","compressorOrDecompressor","pipeThrough","inputReader","bzip2Decompress","bunzipDecode","getCompressionStreamInstantiators","compressionFormat","compressor","CompressionStream","decompressor","DecompressionStream","SymEncryptedIntegrityProtectedDataPacket","aeadAlgorithm","seip","cipherAlgorithm","chunkSizeByte","encrypted","sessionKeyAlgorithm","runAEAD","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","isSEIPDv2","isAEADP","getAEADMode","tagLengthIfDecrypting","tagLengthIfEncrypting","chunkIndexSizeIfAEADEP","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","ivView","latestPromise","cryptedBytes","queuedBytes","derived","modeInstance","size","stream.pipe","finalChunk","cryptedPromise","setInt32","desiredSize","AEADEncryptedDataPacket","PublicKeyEncryptedSessionKeyPacket","publicKeyID","publicKeyVersion","publicKeyFingerprint","sessionKey","encryptionKeyPacket","anonymousRecipient","pkesk","versionAndFingerprintLength","fingerprintLength","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","hasEncryptedAlgo","sessionKeyData","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","s2kLen","fieldsLen","generateSessionKey","PublicKeyPacket","expirationTimeV3","fromSecretKeyPacket","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","versionOctet","lengthOctets","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","fromSecretSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","isLegacyAEAD","usedModernAEAD","startOfSecretKeyData","unparseableKeyMaterial","cleartext","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","serializedPacketTag","produceEncryptionKey","associateData","cleartextWithHash","validate","validParams","generateParams","keyVersion","aeadMode","derivedKey","UserIDPacket","email","comment","components","matches","exec","groups","trim","otherUserID","SecretSubkeyPacket","TrustPacket","PaddingPacket","createPadding","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","recipientKeys","signingKeyPacket","recipientUserIDs","targetKeys","targetUserIDs","defaultAlgo","preferredSenderAlgo","supportedAlgosPerTarget","getPrimarySelfSignature","supportedAlgosMap","Map","supportedAlgos","supportedAlgo","isSupportedHashAlgo","getStrongestSupportedHashAlgo","strongestHashAlgo","algoA","algoB","preferredCurveAlgo","getPreferredCurveHashAlgo","preferredSenderAlgoIsSupported","preferredSenderAlgoStrongerThanCurveAlgo","strongestSupportedAlgo","mergeSignatures","source","dest","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","isHardRevocation","sanitizeKeyOptions","subkeyDefaults","validateSigningKeyPacket","validateEncryptionKeyPacket","validateDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","certify","signingKeys","isPrivate","signingKey","getSigningKey","isRevoked","certificate","verifyCertificate","verificationKeys","issuerKeys","getKeys","verifyAllCertifications","certifications","certification","valid","selfCertification","sourceUser","srcSelfSig","srcRevSig","revoke","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","helper.checkKeyRequirements","helper.validateSigningKeyPacket","getEncryptionKey","helper.validateEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","getPrimaryUser","primaryUser","B","pop","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","getRevocationCertificate","applyRevocationCertificate","revocationCertificate","signPrimaryUser","privateKeys","userSign","signAllUsers","verifyPrimaryUser","verifyAllUsers","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","pubSubkeyPacket","getDecryptionKeys","helper.validateDecryptionKeyPacket","Boolean","addSubkey","defaultOptions","getDefaultSubkeyType","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","getKeySignatureProperties","symmetricAlgorithms","aeadAlgorithms","flatMap","symmetricAlgorithm","userIDs","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","keyIndex","readPrivateKey","firstPrivateKeyList","readKeys","armoredKeys","binaryKeys","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","symEncryptedPacketlist","symEncryptedPacket","expectedSymmetricAlgorithm","sessionKeyObjects","decryptSessionKeys","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgo","selfSigs","selfSig","defaultCipherSuite","desiredCipherSuites","desiredCipherSuite","cipherSuite","defaultSymAlgo","desiredSymAlgo","getPreferredCipherSuite","symmetricAlgoName","aeadAlgoName","maybeKey","encryptionKeyIDs","aeadAlgorithmName","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","signingUserIDs","literalDataPacket","signaturePackets","createSignaturePackets","onePassSignaturePackets","signDetached","recipientKeyIDs","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","appendSignature","detachedSignature","trailingPacket","signingUserID","existingSigPacketlist","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","streamType","createMessage","literalDataPacketlist","CleartextMessage","newSignature","emitHeaderAndChecksum","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","check","hashHeader","parsedHashIDs","createCleartextMessage","checkConfig","toArray","helper.generateSecretKey","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","decryptKey","clonedPrivateKey","passphrases","encryptKey","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","senderAlgoSupport","recipientPrefs","getPreferredCompressionAlgo","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","object","isSafeInteger","rotr","rotl","byteSwap32","Hash","_cloneInto","wrapConstructor","bytesLength","Chi","Maj","HashMD","padOffset","take","dataView","roundClean","oview","to","SHA256_K","SHA256_IV","SHA256_W","SHA256","E","F","G","H","W15","W2","SHA224","HMAC","assertHash","iHash","oHash","assertExists","assertBytes","hmac","abool","title","hexes","padStart","bytesToHex","numberToHexUnpadded","hexToNumber","asciis","_0","_A","_F","_f","asciiToBase16","char","hexToBytes","al","ai","hi","n2","bytesToNumberBE","bytesToNumberLE","numberToBytesBE","numberToBytesLE","ensureBytes","isPosBig","inRange","aInRange","bitLen","bitMask","u8n","u8fr","createHmacDrbg","hashLen","qByteLen","hmacFn","reset","reseed","gen","pred","validatorFns","bigint","val","function","boolean","stringOrUint8Array","field","Fp","isValid","validateObject","validators","optValidators","checkField","fieldName","isOptional","checkVal","memoized","WeakMap","arg","_3n","_4n","_5n","pow","pow2","invert","FpSqrt","P","p1div4","root","eql","sqr","nv","ONE","legendreC","Q1div2","neg","ZERO","ge","tonelliShanks","FIELD_FIELDS","nLength","nBitLength","_nBitLength","nByteLength","Field","ORDER","redef","BITS","BYTES","sqrtP","freeze","MASK","is0","isOdd","lhs","rhs","FpPow","div","sqrN","addN","subN","mulN","inv","sqrt","invertBatch","nums","lastMultiplied","inverted","reduceRight","FpInvertBatch","cmov","fromBytes","getFieldBytesLength","fieldOrder","getMinHashLength","pointPrecomputes","pointWindowSizes","wNAF","constTimeNegate","condition","negate","validateW","unsafeLadder","precomputeWindow","points","base","window","precomputes","BASE","maxNumber","shiftBy","offset1","offset2","cond1","cond2","wNAFCached","comp","setWindowSize","delete","pippenger","scalars","buckets","lastBits","scalar","resI","sumI","validateBasic","Gx","Gy","validateSigVerOpts","prehash","b2n","h2b","ut","DER","Err","_tlv","dataLen","ut.numberToHexUnpadded","lenLen","first","lengthBytes","_int","toSig","int","tlv","ut.abytes","seqBytes","seqLeftBytes","rBytes","rLeftBytes","sBytes","sLeftBytes","hexFromSig","seq","weierstrassPoints","CURVE","ut.validateObject","allowedPrivateKeyLengths","wrapPrivateKey","isTorsionFree","clearCofactor","allowInfinityPoint","endo","beta","splitScalar","validatePointOpts","Fn","mod.Field","point","_isCompressed","toAffine","ut.concatBytes","weierstrassEquation","x2","x3","normPrivateKeyToScalar","N","ut.isBytes","ut.bytesToHex","ut.bytesToNumberBE","mod.mod","ut.aInRange","assertPrjPoint","Point","toAffineMemo","iz","px","py","pz","ax","ay","zz","assertValidMemo","right","fromAffine","normalizeZ","toInv","fromHex","assertValidity","fromPrivateKey","multiply","msm","_setWindowSize","wnaf","hasEvenY","X1","Y1","Z1","X2","Y2","Z2","U1","U2","X3","Y3","Z3","subtract","multiplyUnsafe","sc","k1neg","k2neg","k1p","k2p","fake","f1p","f2p","multiplyAndAddUnsafe","cofactor","toRawBytes","isCompressed","_bits","ProjectivePoint","isWithinCurveOrder","ut.inRange","weierstrass","curveDef","bits2int","bits2int_modN","validateOpts","compressedLen","uncompressedLen","modN","CURVE_ORDER","invN","mod.invert","cat","y2","sqrtError","suffix","numToNByteStr","ut.numberToBytesBE","isBiggerThanHalfOrder","slcNum","recovery","fromCompact","fromDER","addRecoveryBit","recoverPublicKey","msgHash","rec","radj","R","ir","hasHighS","normalizeS","toDERRawBytes","ut.hexToBytes","toDERHex","toCompactRawBytes","toCompactHex","isValidPrivateKey","mod.getMinHashLength","fieldLen","minLen","mod.mapHashToField","precompute","isProbPub","delta","ORDER_MASK","ut.bitMask","int2octets","prepSig","defaultSigOpts","extraEntropy","ent","h1int","seedArgs","k2sig","kBytes","ik","normS","defaultVerOpts","privateA","publicB","privKey","ut.createHmacDrbg","drbg","sg","_sig","derError","is","getHash","msgs","createCurve","defHash","U32_MASK64","fromBig","Ah","Al","rotlSH","rotlSL","rotlBH","rotlBL","u64","toBig","shrSH","_l","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","rotr32H","_h","rotr32L","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5H","Eh","add5L","El","SHA512_Kh","SHA512_Kl","SHA512_W_H","SHA512_W_L","SHA512","Fh","Fl","Gh","Gl","Hh","Hl","W15h","W15l","s0h","s0l","W2h","W2l","s1h","s1l","SUMl","SUMh","sigma1h","sigma1l","CHIh","CHIl","T1ll","T1h","T1l","sigma0h","sigma0l","MAJh","MAJl","All","SHA384","SHA3_PI","SHA3_ROTL","_SHA3_IOTA","_7n","_256n","_0x71n","round","SHA3_IOTA_H","SHA3_IOTA_L","rotlH","rotlL","Keccak","enableXOF","posOut","state32","keccak","idx1","idx0","B0","B1","Th","Tl","curH","curL","PI","keccakP","writeInto","bufferOut","xofInto","xof","shake256","wrapXOFConstructorWithOpts","dkLen","genShake","VERIFY_DEFAULT","zip215","twistedEdwards","adjustScalarBytes","domain","uvRatio","mapToCurve","cHash","modP","ctx","phflag","aCoordinate","assertPoint","ex","ey","ez","Z4","aX2","X1Z2","X2Z1","Y1Z2","Y2Z1","x1y1","isSmallOrder","normed","ut.bytesToNumberLE","isXOdd","isLastByteOdd","getExtendedPublicKey","ut.numberToBytesLE","modN_LE","pointBytes","hashDomainToScalar","context","verifyOpts","SB","ExtendedPoint","montgomery","montgomeryBits","powPminus2","Gu","montgomeryBytes","swap","x_2","x_3","dummy","a24","encodeUCoordinate","pointU","uEnc","decodeUCoordinate","_scalar","decodeScalar","pu","x_1","sw","z_2","z_3","k_t","AA","BB","DA","CB","dacb","da_cb","z2","montgomeryLadder","GuBytes","scalarMultBase","shake256_114","ed448P","_11n","_22n","_44n","_88n","_223n","ed448_pow_Pminus3div4","b22","b44","b88","b176","b220","b222","b223","ED448_DEF","u2v","u3v","u5v3","secp256k1P","secp256k1N","divNearest","_6n","_23n","a2","POW_2_128","des","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","looping","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","f1","f2","f3","scheduleA","scheduleB","sBox","inn","ki","half","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","dataL","dataR","parray","vector","off","ret","_decryptBlock","jj","kk","BlowFish","TwoFish","SHA1_IV","SHA1_W","SHA1","Rho","Id","Pi","idxL","idxR","shiftsL","shiftsR","Kl","Kr","group","R_BUF","RIPEMD160","h0","h1","h2","h3","h4","ar","br","cr","dr","el","er","rGroup","hbl","hbr","rl","rr","sr","ripemd160","ADD64","INC64","ix","iy","xor0","xor1","BLAKE2B_IV32","SIGMA","f0","i16","Blake2b","outlen","personal","BLOCKBYTES","OUTBYTES_MAX","params32","prealloc","TYPE","VERSION","TAGBYTES_MAX","TAGBYTES_MIN","SALTBYTES_MAX","SALTBYTES_MIN","passwordBYTES_MAX","passwordBYTES_MIN","MEMBYTES_MAX","ADBYTES_MAX","SECRETBYTES_MAX","ARGON2_BLOCK_SIZE","ARGON2_PREHASH_DIGEST_LENGTH","LE32","LE64","H_","V1_in","blake2b","V_r1","XOR","wasmContext","xs","ys","refs","gZ","G2","makePRNG","pass","lane","m_","totalPasses","segmentLength","segmentOffset","prngTmp","g2","ZERO1024","prngR","KB","WASM_PAGE_SIZE","argon2id","memory","wasmInstance","ad","assertLength","lanes","wasmG","wasmG2","wasmXOR","getLZ","wasmLZ","exports","wasmRefs","wasmFn","requiredMemory","grow","lz","newBlock","blockMemory","allocatedMemory","H0","ZERO32","concatArrays","outputBuffer","getH0","initBlock","isDataIndependent","PRNG","J1J2","next","isSIMDSupported","setupWasm","getSIMD","getNonSIMD","WebAssembly","Memory","initial","maximum","wasmModule","importObject","loaded","wasmLoader","instanceObject","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","seek","n_bit","n_byte","pi","bufToHex","bitreader","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","crc32","getCRC","updateCRC","updateCRCRun","require$$0","require$$1","CRC32","require$$2","mtf","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","status","optDetail","errorCode","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","maxLen","MAX_HUFCODE_BITS","permute","limit","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","lib","multistream","bz","targetStreamCRC","decodeBlock","writeCopies","table","delegate","position","assert"],"mappings":";6dAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxB,WAAAC,GACEC,QAEAC,OAAOC,eAAeC,KAAMN,EAAYO,WAExCD,KAAKX,GAAsB,IAAIa,SAAQ,CAACC,EAASC,KAC/CJ,KAAKT,GAAsBY,EAC3BH,KAAKR,GAAqBY,CAAM,IAElCJ,KAAKX,GAAoBgB,OAAM,QACnC,EAsCA,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAab,MAAMc,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,CACX,CACEX,KAAKgB,OAAST,CAChB,CCjEA,SAASU,EAASV,GAChB,GAAID,EAAcC,GAChB,MAAO,QAET,GAAIW,EAAWC,gBAAkBD,EAAWC,eAAelB,UAAUmB,cAAcb,GACjF,MAAO,MAGT,GAAIA,KACAW,EAAWC,gBAAkBZ,aAAiBW,EAAWC,iBACpC,mBAAhBZ,EAAMc,OAAwD,iBAAzBd,EAAMe,eAClD,MAAUC,MAAM,sIAElB,SAAIhB,IAASA,EAAMC,YACV,UAGX,CAOA,SAASgB,EAAajB,GACpB,OAAOkB,WAAWxB,UAAUmB,cAAcb,EAC5C,CAOA,SAASmB,EAAiBC,GACxB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACtC,IAAKN,EAAaG,EAAOG,IACvB,MAAUP,MAAM,8DAGlBM,GAAeF,EAAOG,GAAGF,MAC7B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAAQ,SAAUC,GACvBH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MACnB,IAESG,CACT,CD3CArC,EAAYO,UAAUO,UAAY,WAIhC,YAH2B4B,IAAvBpC,KAAKP,KACPO,KAAKP,GAAgB,GAEhB,CACL4C,KAAMC,gBACEtC,KAAKX,GACPW,KAAKP,KAAkBO,KAAK4B,OACvB,CAAEW,WAAOH,EAAWI,MAAM,GAE5B,CAAED,MAAOvC,KAAKA,KAAKP,MAAkB+C,MAAM,IAGxD,EAEA9C,EAAYO,UAAUwC,UAAYH,eAAeI,SACzC1C,KAAKX,GACX,MAAM0C,EAASW,EAAK1C,KAAK2C,MAAM3C,KAAKP,KAEpC,OADAO,KAAK4B,OAAS,EACPG,CACT,EAEArC,EAAYO,UAAU2C,MAAQ,WAC5B,MAAMA,EAAQ,IAAIlD,EAIlB,OAHAkD,EAAMvD,GAAsBW,KAAKX,GAAoBwD,MAAK,KACxDD,EAAME,QAAQ9C,KAAK,IAEd4C,CACT,EAkCAlC,EAAOT,UAAU8C,MAAQT,eAAeU,GACtChD,KAAKgB,OAAO8B,KAAKE,EACnB,EAOAtC,EAAOT,UAAUgD,MAAQX,iBACvBtC,KAAKgB,OAAOzB,IACd,EAOAmB,EAAOT,UAAUiD,MAAQZ,eAAea,GAEtC,OADAnD,KAAKgB,OAAOxB,GAAmB2D,GACxBA,CACT,EAOAzC,EAAOT,UAAUY,YAAc,WAAa,EC5GC,iBAAvBK,EAAWkC,SACxBlC,EAAWkC,QAAQC,SCA5B,MAAMC,EAAiB,IAAIC,QAMrBC,EAAiBlE,OAAO,kBAS9B,SAASmE,EAAOlD,GAKd,GAJAP,KAAKgB,OAAST,EACVA,EAAMiD,KACRxD,KAAKwD,GAAkBjD,EAAMiD,GAAgBb,SAE3CrC,EAAcC,GAAQ,CACxB,MAAMmD,EAASnD,EAAMC,YAIrB,OAHAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,YACpB5D,KAAK6D,QAAU,OAEnB,CAEE,GADiB5C,EAASV,GACV,CACd,MAAMmD,EAASnD,EAAMC,YAOrB,OANAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,KAClBF,EAAO5C,OAAOT,OAAM,eACpBqD,EAAO7C,aAAa,OAEtBb,KAAK6D,QAAUH,EAAOI,OAAOH,KAAKD,GAEtC,CACE,IAAIK,GAAc,EAClB/D,KAAKqB,MAAQiB,SACPyB,GAAeT,EAAeU,IAAIzD,GAC7B,CAAEgC,WAAOH,EAAWI,MAAM,IAEnCuB,GAAc,EACP,CAAExB,MAAOhC,EAAOiC,MAAM,IAE/BxC,KAAK4D,aAAe,KAClB,GAAIG,EACF,IACET,EAAeW,IAAI1D,EACpB,CAAC,MAAM2D,GAAG,CACjB,CAEA,CC/CA,SAASC,EAAS5D,GAEhB,OADiBU,EAASV,GAEjBA,EAEF,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJA,EAAWC,QAAQ/D,GACnB8D,EAAWpB,OACjB,GAEA,CAOA,SAASsB,EAAchE,GACrB,GAAIU,EAASV,GACX,OAAOA,EAET,MAAMS,EAAS,IAAItB,EAMnB,MALA,WACE,MAAMiB,EAASC,EAAUI,SACnBL,EAAOoC,MAAMxC,SACbI,EAAOsC,OACd,EAJD,GAKOjC,CACT,CAQA,SAASwD,EAAOC,GACd,OAAIA,EAAKC,MAAK1D,GAAUC,EAASD,KAAYV,EAAcU,KAiB7D,SAAsByD,GACpBA,EAAOA,EAAKE,IAAIR,GAChB,MAAMS,EAAYC,GAAoBvC,eAAea,SAC7CjD,QAAQ4E,IAAIC,EAAWJ,KAAI3D,GAAU8C,EAAO9C,EAAQmC,KAC9D,IACE,IAAI6B,EAAO9E,QAAQC,UACnB,MAAM4E,EAAaN,EAAKE,KAAI,CAAC3D,EAAQc,IAAMmD,EAAcjE,GAAQ,CAACkE,EAAUC,KAC1EH,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKF,EAAUN,EAAUO,SAAU,CACxDE,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,OAET,OAAOJ,EAAUM,QACnB,CA7BWI,CAAab,GAElBA,EAAKC,MAAK1D,GAAUV,EAAcU,KAkCxC,SAA2ByD,GACzB,MAAM1C,EAAS,IAAIrC,EACnB,IAAIsF,EAAO9E,QAAQC,UAOnB,OANAsE,EAAKxC,SAAQ,CAACjB,EAAQc,KACpBkD,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKpE,EAAQe,EAAQ,CAC1CsD,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,KAEFjD,CACT,CA3CWwD,CAAkBd,GAEJ,iBAAZA,EAAK,GACPA,EAAK/B,KAAK,IAEZhB,EAAiB+C,EAC1B,CA+CAnC,eAAe8C,EAAK7E,EAAOiF,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzE,EAASV,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4D,EAAS5D,GACjB,IACE,GAAIA,EAAMiD,GAAiB,CACzB,MAAM7C,EAASC,EAAU4E,GACzB,IAAK,IAAI1D,EAAI,EAAGA,EAAIvB,EAAMiD,GAAgB5B,OAAQE,UAC1CnB,EAAOgF,YACPhF,EAAOoC,MAAMxC,EAAMiD,GAAgB1B,IAE3CnB,EAAOE,aACf,OACYN,EAAMqF,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,iBAEH,CAAC,MAAMxB,GAAG,CACX,MACJ,CAEE,MAAMR,EAASlD,EADfD,EAAQgE,EAAchE,IAEhBI,EAASC,EAAU4E,GACzB,IAEE,OAAa,OACL7E,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACH6C,SAAoB1E,EAAOsC,QAChC,KACR,OACYtC,EAAOoC,MAAMR,EACzB,CACG,CAAC,MAAO2B,GACFuB,SAAoB9E,EAAOuC,MAAMgB,EAC1C,CAAY,QACRR,EAAO7C,cACPF,EAAOE,aACX,CACA,CAQA,SAASgF,EAAatF,EAAOuF,GAC3B,MAAMC,EAAkB,IAAIC,gBAAgBF,GAE5C,OADAV,EAAK7E,EAAOwF,EAAgBZ,UACrBY,EAAgBb,QACzB,CAOA,SAASL,EAAoBoB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLpB,SAAU,IAAI/D,eAAe,CAC3B,KAAAiD,CAAMC,GACJ+B,EAAmB/B,CACpB,EACD,IAAAkC,GACML,EACFA,IAEAG,GAAS,CAEZ,EACD,YAAMvC,CAAOX,GACXmD,GAAY,EACRL,SACIA,EAAa9C,GAEjBgD,GACFA,EAAgChD,EAE1C,GACO,CAACqD,cAAe,IACnBrB,SAAU,IAAIsB,eAAe,CAC3B1D,MAAOT,eAAeU,GACpB,GAAIsD,EACF,MAAU/E,MAAM,uBAElB6E,EAAiB9B,QAAQtB,GACpBqD,EAQHA,GAAS,SAPH,IAAInG,SAAQ,CAACC,EAASC,KAC1B8F,EAAmC/F,EACnCgG,EAAkC/F,CAAM,IAE1C8F,EAAmC,KACnCC,EAAkC,KAIrC,EACDlD,MAAOmD,EAAiBnD,MAAMU,KAAKyC,GACnClD,MAAOkD,EAAiBM,MAAM/C,KAAKyC,KAGzC,CASA,SAASxB,EAAUrE,EAAO6C,EAAU,KAAe,EAAEuD,EAAS,KAAe,GAC3E,GAAIrG,EAAcC,GAAQ,CACxB,MAAMqG,EAAS,IAAIlH,EAgBnB,MAfA,WACE,MAAMiB,EAASC,EAAUgG,GACzB,IACE,MAAMC,QAAapE,EAAUlC,GACvBuG,EAAU1D,EAAQyD,GAClBE,EAAUJ,IAChB,IAAI5E,EACgDA,OAApCK,IAAZ0E,QAAqC1E,IAAZ2E,EAAgCvC,EAAO,CAACsC,EAASC,SACpD3E,IAAZ0E,EAAwBA,EAAUC,QAC1CpG,EAAOoC,MAAMhB,SACbpB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,CACK,EAdD,GAeO0C,CACX,CACE,GAAI3F,EAASV,GACX,OAAOsF,EAAatF,EAAO,CACzB,eAAMqE,CAAUrC,EAAO8B,GACrB,IACE,MAAMtC,QAAeqB,EAAQb,QACdH,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACO,EACD,WAAM8C,CAAM3C,GACV,IACE,MAAMtC,QAAe4E,SACNvE,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACA,IAGE,MAAM4C,EAAU1D,EAAQ7C,GAClBwG,EAAUJ,IAChB,YAAgBvE,IAAZ0E,QAAqC1E,IAAZ2E,EAA8BvC,EAAO,CAACsC,EAASC,SACzD3E,IAAZ0E,EAAwBA,EAAUC,CAC3C,CAWA,SAAS9B,EAAc1E,EAAO0G,GAC5B,GAAIhG,EAASV,KAAWD,EAAcC,GAAQ,CAC5C,IAAI2G,EACJ,MAAMC,EAAW,IAAInB,gBAAgB,CACnC,KAAA5B,CAAMC,GACJ6C,EAA8B7C,CACtC,IAGU+C,EAAkBhC,EAAK7E,EAAO4G,EAAShC,UAEvCkC,EAAWxC,GAAoBvC,eAAea,GAClD+D,EAA4BR,MAAMvD,SAC5BiE,QACA,IAAIlH,QAAQoH,WACxB,IAEI,OADAL,EAAGE,EAASjC,SAAUmC,EAASlC,UACxBkC,EAASnC,QACpB,CACE3E,EAAQgE,EAAchE,GACtB,MAAMqG,EAAS,IAAIlH,EAEnB,OADAuH,EAAG1G,EAAOqG,GACHA,CACT,CAWA,SAASW,EAAMhH,EAAO0G,GACpB,IAAIO,EACJ,MAAMC,EAAcxC,EAAc1E,GAAO,CAAC2E,EAAUC,KAClD,MAAMzB,EAASlD,EAAU0E,GACzBxB,EAAOgE,UAAY,KACjBhE,EAAO7C,cACPuE,EAAKF,EAAUC,GACRsC,GAETD,EAAcP,EAAGvD,EAAO,IAE1B,OAAO8D,CACT,CA4BA,SAAS5E,EAAMrC,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqC,QAEf,GAAI3B,EAASV,GAAQ,CACnB,MAAMoH,EAxBV,SAAapH,GACX,GAAID,EAAcC,GAChB,MAAUgB,MAAM,qDAElB,GAAIN,EAASV,GAAQ,CACnB,MAAMoH,EAAOxD,EAAS5D,GAAOqH,MAE7B,OADAD,EAAK,GAAGnE,GAAkBmE,EAAK,GAAGnE,GAAkBjD,EAAMiD,GACnDmE,CACX,CACE,MAAO,CAAChF,EAAMpC,GAAQoC,EAAMpC,GAC9B,CAciBqH,CAAIrH,GAEjB,OADAsH,EAAUtH,EAAOoH,EAAK,IACfA,EAAK,EAChB,CACE,OAAOhF,EAAMpC,EACf,CAUA,SAASuH,EAAavH,GACpB,OAAID,EAAcC,GACTqC,EAAMrC,GAEXU,EAASV,GACJ,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJ,MAAMoD,EAAcxC,EAAc1E,GAAO+B,MAAO4C,EAAUC,KACxD,MAAMzB,EAASlD,EAAU0E,GACnBvE,EAASC,EAAUuE,GACzB,IAEE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,IAAM6B,EAAWpB,OAAU,CAAC,MAAMiB,GAAG,CAErC,kBADMvD,EAAOsC,OAE7B,CACc,IAAMoB,EAAWC,QAAQ/B,EAAO,CAAG,MAAM2B,GAAG,OACtCvD,EAAOoC,MAAMR,EACjC,CACW,CAAC,MAAM2B,GACNG,EAAWqC,MAAMxC,SACXvD,EAAOuC,MAAMgB,EAC/B,KAEQ2D,EAAUtH,EAAOkH,EACzB,IAGS9E,EAAMpC,EACf,CAQA,SAASsH,EAAUtH,EAAOqC,GAExB9C,OAAOiI,QAAQjI,OAAOkI,0BAA0BzH,EAAMX,YAAYK,YAAYgC,SAAQ,EAAEgG,EAAMC,MAC/E,gBAATD,IAGAC,EAAW3F,MACb2F,EAAW3F,MAAQ2F,EAAW3F,MAAMoB,KAAKf,GAEzCsF,EAAWC,IAAMD,EAAWC,IAAIxE,KAAKf,GAEvC9C,OAAOsI,eAAe7H,EAAO0H,EAAMC,GAAW,GAElD,CAOA,SAASvF,EAAMpC,EAAO8H,EAAM,EAAGC,EAAIC,KACjC,GAAIjI,EAAcC,GAChB,MAAUgB,MAAM,mBAElB,GAAIN,EAASV,GAAQ,CACnB,GAAI8H,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAO3C,EAAatF,EAAO,CACzB,SAAAqE,CAAUrC,EAAO8B,GACXmE,EAAYF,GACVE,EAAYjG,EAAMX,QAAUyG,GAC9BhE,EAAWC,QAAQ3B,EAAMJ,EAAOkG,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAajG,EAAMX,QAEnByC,EAAWsE,WAEvB,GAEA,CACI,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAOhE,EAAUrE,GAAOgC,IAClBA,EAAMX,SAAWyG,EAAOO,EAAY,CAACrG,GACpCqG,EAAU9F,KAAKP,EAAM,IACzB,IAAMI,EAAM6B,EAAOoE,GAAYP,EAAOC,IAC/C,CACI,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAOhE,EAAUrE,GAAOgC,IACtB,MAAMiF,EAAcoB,EAAYpE,EAAO,CAACoE,EAAWrG,IAAUA,EAC7D,GAAIiF,EAAY5F,SAAW0G,EAEzB,OADAM,EAAYjG,EAAM6E,EAAac,GACxB3F,EAAM6E,EAAaa,EAAOC,GAEjCM,EAAYpB,CAAW,GAEjC,CAEI,OADAqB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUzG,SAAYK,QAAYF,EAAUlC,GAAQ8H,EAAOC,IACtE,CAIE,OAHI/H,EAAMiD,KACRjD,EAAQiE,EAAOjE,EAAMiD,GAAgBgB,OAAO,CAACjE,MAE3CiB,EAAajB,GACRA,EAAMyI,SAASX,EAAOC,IAAQC,IAAWhI,EAAMqB,OAAS0G,GAE1D/H,EAAMoC,MAAM0F,EAAOC,EAC5B,CASAhG,eAAeG,EAAUlC,EAAOmC,EAAK8B,GACnC,OAAIlE,EAAcC,GACTA,EAAMkC,UAAUC,GAErBzB,EAASV,GACJC,EAAUD,GAAOkC,UAAUC,GAE7BnC,CACT,CASA+B,eAAewB,EAAOvD,EAAO4C,GAC3B,GAAIlC,EAASV,GAAQ,CACnB,GAAIA,EAAMuD,OAAQ,CAChB,MAAMwC,QAAkB/F,EAAMuD,OAAOX,GAGrC,aADM,IAAIjD,QAAQoH,YACXhB,CACb,CACI,GAAI/F,EAAM0I,QAGR,OAFA1I,EAAM0I,QAAQ9F,SACR,IAAIjD,QAAQoH,YACXnE,CAEb,CACA,CAOA,SAAS4F,EAAU9B,GACjB,MAAMiC,EAAc,IAAIxJ,EAUxB,MATA,WACE,MAAMiB,EAASC,EAAUsI,GACzB,UACQvI,EAAOoC,YAAYkE,WACnBtG,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,CACG,EARD,GASOgF,CACT,CAOA,SAAS1I,EAAUD,GACjB,OAAO,IAAIkD,EAAOlD,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CDhfAkD,EAAOxD,UAAUoC,KAAOC,iBACtB,GAAItC,KAAKwD,IAAmBxD,KAAKwD,GAAgB5B,OAAQ,CAEvD,MAAO,CAAEY,MAAM,EAAOD,MADRvC,KAAKwD,GAAgB2F,QAEvC,CACE,OAAOnJ,KAAKqB,OACd,EAKAoC,EAAOxD,UAAUY,YAAc,WACzBb,KAAKwD,KACPxD,KAAKgB,OAAOwC,GAAkBxD,KAAKwD,IAErCxD,KAAK4D,cACP,EAKAH,EAAOxD,UAAU6D,OAAS,SAASX,GACjC,OAAOnD,KAAK6D,QAAQV,EACtB,EAOAM,EAAOxD,UAAUmJ,SAAW9G,iBAC1B,IACI+G,EADAC,EAAS,GAEb,MAAQD,GAAW,CACjB,IAAI7G,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OAEjC,GADAE,GAAS,GACLC,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAEF,MAAME,EAAejH,EAAMkH,QAAQ,MAAQ,EACvCD,IACFH,EAAYE,EAAeD,EAAO9E,OAAOjC,EAAMmH,OAAO,EAAGF,KACzDF,EAAS,IAEPE,IAAiBjH,EAAMX,QACzB0H,EAAOxG,KAAKP,EAAMmH,OAAOF,GAE/B,CAEE,OADAxJ,KAAK2J,WAAWL,GACTD,CACT,EAOA5F,EAAOxD,UAAU2J,SAAWtH,iBAC1B,MAAME,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,OACV,MAAMqH,EAAOtH,EAAM,GAEnB,OADAvC,KAAK2J,QAAQG,EAAcvH,EAAO,IAC3BsH,CACT,EAOApG,EAAOxD,UAAU8J,UAAYzH,eAAeV,GAC1C,MAAM0H,EAAS,GACf,IAAIU,EAAe,EAEnB,OAAa,CACX,MAAMxH,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAIF,GAFAA,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBpI,EAAQ,CAC1B,MAAMqI,EAAeV,EAAeD,GAEpC,OADAtJ,KAAK2J,QAAQG,EAAcG,EAAcrI,IAClCkI,EAAcG,EAAc,EAAGrI,EAC5C,CACA,CACA,EAOA6B,EAAOxD,UAAUiK,UAAY5H,eAAeV,GAC1C,MAAMuI,QAAcnK,KAAK+J,UAAUnI,GAEnC,OADA5B,KAAK2J,QAAQQ,GACNA,CACT,EAOA1G,EAAOxD,UAAU0J,QAAU,YAAYS,GAChCpK,KAAKwD,KACRxD,KAAKwD,GAAkB,IAGL,IAAlB4G,EAAOxI,QAAgBJ,EAAa4I,EAAO,KAC3CpK,KAAKwD,GAAgB5B,QAAUwI,EAAO,GAAGxI,QACzC5B,KAAKwD,GAAgB,GAAG6G,YAAcD,EAAO,GAAGxI,OAEhD5B,KAAKwD,GAAgB,GAAK,IAAI/B,WAC5BzB,KAAKwD,GAAgB,GAAG8F,OACxBtJ,KAAKwD,GAAgB,GAAG6G,WAAaD,EAAO,GAAGxI,OAC/C5B,KAAKwD,GAAgB,GAAG8G,WAAaF,EAAO,GAAGxI,QAInD5B,KAAKwD,GAAgBmG,WAAWS,EAAOG,QAAOhI,GAASA,GAASA,EAAMX,SACxE,EAQA6B,EAAOxD,UAAUwC,UAAYH,eAAeI,EAAK6G,GAC/C,MAAMxH,EAAS,GAEf,OAAa,CACX,MAAMS,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,MACVT,EAAOe,KAAKP,EAChB,CACE,OAAOG,EAAKX,EACd,EExMA,MAAMyI,EAAUlL,OAAO,WAEvB,IAAemL,EAAA,CAObC,MAAO,CAELC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,UAA0B,YAG1BC,cAA0B,gBAE1BC,QAA0B,gBAG1BC,iBAA0B,mBAE1BC,WAA0B,mBAG1BC,gBAAyB,kBAGzBC,gBAAyB,kBAGzBC,gBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,OAAQ,EACRC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAENxB,QAAS,GAETyB,MAAO,IAOTC,UAAW,CAETC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,GACRC,SAAU,GACVC,SAAU,IAOZC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXjD,UAAW,EACXkD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,GACnBC,QAAS,IAOXC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRrB,UAAW,CAETkB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,YAAa,GACbC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,GACzBC,sBAAuB,IAOzBR,SAAU,CAERS,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTxH,UAAW,EACXyH,WAAY,EACZ3E,UAAW,GAObwD,oBAAqB,CAEnBoB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBvB,SAAU,CAERwB,sBAAuB,EAGvBxF,KAAM,EAGNyF,OAAQ,EACRC,QAAS,GAUXjR,MAAO,SAASkR,EAAM/P,GAKpB,GAJiB,iBAANA,IACTA,EAAIlE,KAAKqC,KAAK4R,EAAM/P,SAGN9B,IAAZ6R,EAAK/P,GACP,OAAO+P,EAAK/P,GAGd,MAAU3C,MAAM,sBACjB,EASDc,KAAM,SAAS4R,EAAM/P,GAQnB,GAPK+P,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChB1K,OAAOiI,QAAQkM,GAAMhS,SAAQ,EAAE0O,EAAKpO,MAClC0R,EAAKzJ,GAASjI,GAASoO,CAAG,UAILvO,IAArB6R,EAAKzJ,GAAStG,GAChB,OAAO+P,EAAKzJ,GAAStG,GAGvB,MAAU3C,MAAM,sBACpB,GCnce2S,EAAA,CAKbC,uBAAwB1J,EAAMkD,KAAKM,OAKnCmG,4BAA6B3J,EAAMoC,UAAUO,OAK7CiH,8BAA+B5J,EAAM6C,YAAYC,aAajD+G,aAAa,EAQbC,kCAAkC,EAOlCC,uBAAwB/J,EAAM6D,KAAKG,IAQnCgG,kBAAmB,GAQnBC,QAAQ,EAQRC,yBAAyB,EASzBC,QAASnK,EAAMgB,IAAIG,SASnBiJ,sBAAuB,IAcvBC,gBAAiB,CACfC,OAAQ,EACRC,YAAa,EACbC,eAAgB,IAUlBC,8BAA8B,EAe9BC,4BAA4B,EAO5BC,WAAY,KAOZC,wBAAwB,EAQxBC,wCAAwC,EASxCC,8CAA8C,EAQ9CC,sBAAsB,EAUtBC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAAClL,EAAMoC,UAAUK,OAAQzC,EAAMoC,UAAUM,OAAQ1C,EAAMoC,UAAUO,SAKlIwI,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,mBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,uCAAuC,EAOvCC,qBAAqB,EAMrBC,qBAAsB,IAAIZ,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,SAM1D0I,4BAA6B,IAAIb,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,OAAQrD,EAAMkD,KAAKE,OAMpF4I,0BAA2B,IAAId,IAAI,CAAClL,EAAMsB,UAAUI,QAAS1B,EAAMsB,UAAUK,MAM7EsK,aAAc,IAAIf,IAAI,CAAClL,EAAMC,MAAMO,aC7QrC,MAAM0L,EAAY,MAChB,IACE,MAAgC,gBAAzBvT,QAAQwT,IAAIC,QACpB,CAAC,MAAO3S,GAAG,CACZ,OAAO,CACR,EALiB,GAOZ4S,EAAO,CACXC,SAAU,SAASlQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBmQ,MACpD,EAEDC,YAAaC,cAA0BC,KAEvC1W,QAAS,SAASoG,GAChB,OAAOA,aAAgBlH,KACxB,EAED6B,aAAc4V,EAEdnW,SAAUoW,EASVC,cAAehV,MAAOiV,EAAeC,KACnC,IAAKC,EAAcnB,oBACjB,MAAU/U,MAAM,gEAGlB,MAAMmW,YAAEA,SAAsBxX,QAAmDC,UAAA0C,MAAA,WAAA,OAAA8U,EAAA,IACjF,OAAQJ,GACN,KAAK9M,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUO,MAAO,CAC1B,MAAM5B,EAAQgN,EAAYvP,IAAIqP,GAC9B,IAAK9M,EAAO,MAAUnJ,MAAM,qBAC5B,OAAOmJ,CACf,CACM,KAAKD,EAAMsB,UAAUY,KACnB,OAAO+K,EAAYvP,IAAI,QACzB,KAAKsC,EAAMsB,UAAUa,MACnB,OAAO8K,EAAYvP,IAAI,SACzB,QACE,MAAU5G,MAAM,qBACxB,EAGEqW,WAAY,SAAUzN,GACpB,IAAI0N,EAAI,EACR,IAAK,IAAI/V,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAChC+V,GAAM,KAAO/V,EAAKqI,EAAMA,EAAMvI,OAAS,EAAIE,GAE7C,OAAO+V,CACR,EAEDC,YAAa,SAAUD,EAAG1N,GACxB,MAAM4N,EAAI,IAAItW,WAAW0I,GACzB,IAAK,IAAIrI,EAAI,EAAGA,EAAIqI,EAAOrI,IACzBiW,EAAEjW,GAAM+V,GAAM,GAAK1N,EAAQrI,EAAI,GAAO,IAGxC,OAAOiW,CACR,EAEDC,SAAU,SAAU7N,GAClB,MAAM0N,EAAIf,EAAKc,WAAWzN,GAE1B,OADU,IAAI8N,KAAS,IAAJJ,EAEpB,EAEDK,UAAW,SAAUC,GACnB,MAAMC,EAAU3P,KAAK4P,MAAMF,EAAKG,UAAY,KAE5C,OAAOxB,EAAKgB,YAAYM,EAAS,EAClC,EAEDG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAS5P,IAAW4P,EAAO,IAAIF,KAAgC,IAA3BxP,KAAK4P,OAAOF,EAAO,KAChF,EAODM,QAAS,SAAUtO,GACjB,MACMuO,GADQvO,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAM/B,OAAO2M,EAAK6B,kBAAkBxO,EAAO,EAAG,EAAIuO,EAC7C,EASDC,kBAAmB,SAAUpY,EAAO6D,EAAOkE,GACzC,GAAI/H,EAAMqB,OAAU0G,EAAMlE,EACxB,MAAU7C,MAAM,yBAElB,OAAOhB,EAAMyI,SAAS5E,EAAOkE,EAC9B,EAQD,OAAAsQ,CAAQzO,EAAOvI,GACb,GAAIuI,EAAMvI,OAASA,EACjB,MAAUL,MAAM,wBAElB,MAAMsX,EAAS,IAAIpX,WAAWG,GACxBkX,EAASlX,EAASuI,EAAMvI,OAE9B,OADAiX,EAAO1W,IAAIgI,EAAO2O,GACXD,CACR,EAODE,gBAAiB,SAAUC,GACzB,MAAMC,EAAUnC,EAAKoC,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAU1X,MAAM,YAElB,MAAM4X,EAAWH,EAAIhQ,SAASgQ,EAAIpX,OAAS6G,KAAK2Q,KAAKH,EAAU,IACzDI,EAAS,IAAI5X,WAAW,EAAY,MAAVwX,IAAqB,EAAa,IAAVA,IACxD,OAAOnC,EAAKpV,iBAAiB,CAAC2X,EAAQF,GACvC,EAODD,oBAAqB,SAAUF,GAC7B,IAAIlX,EACJ,IAAKA,EAAI,EAAGA,EAAIkX,EAAIpX,QAA4B,IAAXoX,EAAIlX,GAAbA,KAC5B,GAAIA,IAAMkX,EAAIpX,OACZ,OAAO,EAET,MAAMuX,EAAWH,EAAIhQ,SAASlH,GAC9B,OAA+B,GAAvBqX,EAASvX,OAAS,GAASkV,EAAKwC,MAAMH,EAAS,GACxD,EAODI,gBAAiB,SAAUC,GACzB,MAAMzX,EAAS,IAAIN,WAAW+X,EAAI5X,QAAU,GAC5C,IAAK,IAAI6X,EAAI,EAAGA,EAAID,EAAI5X,QAAU,EAAG6X,IACnC1X,EAAO0X,GAAKC,SAASF,EAAI9P,OAAO+P,GAAK,EAAG,GAAI,IAE9C,OAAO1X,CACR,EAOD4X,gBAAiB,SAAUxP,GACzB,MAAMyP,EAAc,mBACpB,IAAIC,EAAI,GAER,OADA1P,EAAMlI,SAAQ6X,IAAOD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAC5DD,CACR,EAODE,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlD,EAAKC,SAASiD,GACjB,MAAUzY,MAAM,4DAGlB,MAAMQ,EAAS,IAAIN,WAAWuY,EAAIpY,QAClC,IAAK,IAAIE,EAAI,EAAGA,EAAIkY,EAAIpY,OAAQE,IAC9BC,EAAOD,GAAKkY,EAAIE,WAAWpY,GAE7B,OAAOC,CAAM,GAEhB,EAODoY,mBAAoB,SAAUhQ,GAE5B,MAAMpI,EAAS,GACTqY,EAAK,MACLC,GAHNlQ,EAAQ,IAAI1I,WAAW0I,IAGPvI,OAEhB,IAAK,IAAIE,EAAI,EAAGA,EAAIuY,EAAGvY,GAAKsY,EAC1BrY,EAAOe,KAAKkU,OAAOsD,aAAaC,MAAMvD,OAAQ7M,EAAMnB,SAASlH,EAAGA,EAAIsY,EAAKC,EAAIvY,EAAIsY,EAAKC,KAExF,OAAOtY,EAAOW,KAAK,GACpB,EAOD8X,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAStX,EAAQb,EAAOoY,GAAY,GAClC,OAAOF,EAAQG,OAAOrY,EAAO,CAAEvB,QAAS2Z,GAC9C,CACI,OAAOV,EAAiBD,EAAK5W,GAAS,IAAMA,EAAQ,IAAI,IACzD,EAODyX,WAAY,SAAU5K,GACpB,MAAM6K,EAAU,IAAIC,YAAY,SAEhC,SAAS3X,EAAQb,EAAOoY,GAAY,GAClC,OAAOG,EAAQE,OAAOzY,EAAO,CAAEvB,QAAS2Z,GAC9C,CACI,OAAOV,EAAiBhK,EAAM7M,GAAS,IAAMA,EAAQ,IAAI3B,YAAc,IACxE,EAQD+C,OAAQyW,EAORvZ,iBAAkBwZ,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvE,EAAKtV,aAAa4Z,KAAYtE,EAAKtV,aAAa6Z,GACnD,MAAU9Z,MAAM,4CAGlB,GAAI6Z,EAAOxZ,SAAWyZ,EAAOzZ,OAC3B,OAAO,EAGT,IAAK,IAAIE,EAAI,EAAGA,EAAIsZ,EAAOxZ,OAAQE,IACjC,GAAIsZ,EAAOtZ,KAAOuZ,EAAOvZ,GACvB,OAAO,EAGX,OAAO,CACR,EAQDwZ,cAAe,SAAUtL,GACvB,IAAI6J,EAAI,EACR,IAAK,IAAI/X,EAAI,EAAGA,EAAIkO,EAAKpO,OAAQE,IAC/B+X,EAAKA,EAAI7J,EAAKlO,GAAM,MAEtB,OAAOgV,EAAKgB,YAAY+B,EAAG,EAC5B,EAOD0B,WAAY,SAAUvB,GAChBrD,GACF9N,QAAQ2S,IAAI,qBAAsBxB,EAErC,EAODyB,gBAAiB,SAAU/U,GACrBiQ,GACF9N,QAAQnC,MAAM,qBAAsBA,EAEvC,EAGD4S,MAAO,SAAUoC,GACf,IAAIC,EAAI,EACJC,EAAIF,IAAM,GAyBd,OAxBU,IAANE,IACFF,EAAIE,EACJD,GAAK,IAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEAA,CACR,EAWDE,OAAQ,SAAShV,GACf,MAAMiV,EAAY,IAAIra,WAAWoF,EAAKjF,QAChCma,EAAOlV,EAAKjF,OAAS,EAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAIia,EAAMja,IACxBga,EAAUha,GAAM+E,EAAK/E,IAAM,EAAM+E,EAAK/E,EAAI,IAAM,EAGlD,OADAga,EAAUC,GAASlV,EAAKkV,IAAS,EAAuB,KAAhBlV,EAAK,IAAM,GAC5CiV,CACR,EASDE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIpa,EAAIma,EAAMra,OAAS,EAAGE,GAAK,EAAGA,IACrCma,EAAMna,KAAOoa,EACTpa,EAAI,IACNma,EAAMna,IAAOma,EAAMna,EAAI,IAAO,EAAIoa,GAIxC,OAAOD,CACR,EAODE,aAAc,WACZ,MAEMC,OAFwC,IAAflb,GAA8BA,EAAWmb,QAAUnb,EAAWmb,OAAOC,QAE/Dtc,KAAKuc,iBAAiBC,UAAUF,OACrE,IAAKF,EACH,MAAU7a,MAAM,sCAElB,OAAO6a,CACR,EAMDG,cAAe,WACb,OAAOvc,KAAKiX,YAAY,SACzB,EAEDwF,YAAa,WACX,OAAOzc,KAAKiX,YAAY,OACzB,EAODyF,cAAe,WACb,OAAQ1c,KAAKiX,YAAY,WAAa,CAAE,GAAE0F,MAC3C,EAEDC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADW9c,KAAKiX,YAAY,MAClB8F,OAAOnb,MAClB,EAWDob,eAAgB,SAASnW,GACvB,IAAKiQ,EAAKC,SAASlQ,GACjB,OAAO,EAGT,MADW,+DACDoW,KAAKpW,EAChB,EAMDqW,gBAAiB,SAASrW,GAGxB,IAAIsW,GAAc,EAElB,OAAOlD,EAAiBpT,GAAMsD,IAY5B,IAAIiT,EAXAD,IACFhT,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,KAN9C,KASLA,EAAMA,EAAMvI,OAAS,IACvBub,GAAc,EACdhT,EAAQA,EAAMnB,SAAS,GAAI,IAE3BmU,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIvb,EAAI,EACXsb,EAAQjT,EAAMV,QAlBP,GAkBmB3H,GAAK,EAC3Bsb,EAFYtb,EAAIsb,EAlBb,KAqBDjT,EAAMiT,EAAQ,IAAWC,EAAQva,KAAKsa,GAK9C,IAAKC,EAAQzb,OACX,OAAOuI,EAGT,MAAMmT,EAAa,IAAI7b,WAAW0I,EAAMvI,OAASyb,EAAQzb,QACzD,IAAIyY,EAAI,EACR,IAAK,IAAIvY,EAAI,EAAGA,EAAIub,EAAQzb,OAAQE,IAAK,CACvC,MAAMyb,EAAMpT,EAAMnB,SAASqU,EAAQvb,EAAI,IAAM,EAAGub,EAAQvb,IACxDwb,EAAWnb,IAAIob,EAAKlD,GACpBA,GAAKkD,EAAI3b,OACT0b,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,GACR,CAEM,OADAiD,EAAWnb,IAAIgI,EAAMnB,SAASqU,EAAQA,EAAQzb,OAAS,IAAM,GAAIyY,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAI1b,WAAW,CA1C5B,UA0CoCW,GAChD,EAMDob,UAAW,SAAS3W,GAGlB,IAAIsW,GAAc,EAElB,OAAOlD,EAAiBpT,GAAMsD,IAc5B,IAAIiT,EAlBK,MAMPjT,EADEgT,GAJK,KAIUhT,EAAM,GACf2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,IAE7C,IAAI1I,WAAW0I,IAGfA,EAAMvI,OAAS,IACvBub,GAAc,EACdhT,EAAQA,EAAMnB,SAAS,GAAI,IAE3BmU,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAIvY,EAAI,EAAGA,IAAMqI,EAAMvI,OAAQE,EAAIsb,EAAO,CAC7CA,EAAQjT,EAAMV,QArBP,GAqBmB3H,GAAK,EAC1Bsb,IAAOA,EAAQjT,EAAMvI,QAC1B,MAAMma,EAAOqB,GAtBN,KAsBejT,EAAMiT,GAAgB,EAAI,GAC5Ctb,GAAGqI,EAAMsT,WAAWpD,EAAGvY,EAAGia,GAC9B1B,GAAK0B,EAAOja,CACpB,CACM,OAAOqI,EAAMnB,SAAS,EAAGqR,EAAE,IAC1B,IAAO8C,EAAc,IAAI1b,WAAW,CA5B5B,UA4BoCW,GAChD,EAKDsb,qBAAsB,SAAS1N,GAC7B,OAAOA,EAAK2N,MAAM,MAAMhZ,KAAIiZ,IAC1B,IAAI9b,EAAI8b,EAAKhc,OAAS,EACtB,KAAOE,GAAK,IAAkB,MAAZ8b,EAAK9b,IAA0B,OAAZ8b,EAAK9b,IAA2B,OAAZ8b,EAAK9b,IAAcA,KAC5E,OAAO8b,EAAKlU,OAAO,EAAG5H,EAAI,EAAE,IAC3BY,KAAK,KACT,EAEDmb,UAAW,SAAStK,EAAS7M,GAC3B,IAAKA,EACH,OAAWnF,MAAMgS,GAInB,IACE7M,EAAM6M,QAAUA,EAAU,KAAO7M,EAAM6M,OACxC,CAAC,MAAOrP,GAAG,CAEZ,OAAOwC,CACR,EAQDoX,wBAAyB,SAASC,GAChC,MAAMpZ,EAAM,CAAE,EAOd,OANAoZ,EAAe9b,SAAQ+b,IACrB,IAAKA,EAAYC,IACf,MAAU1c,MAAM,0CAElBoD,EAAIqZ,EAAYC,KAAOD,CAAW,IAE7BrZ,CACR,EAUDuZ,WAAY,SAASC,GAEnB,OAAO,IAAIje,SAAQoC,MAAOnC,EAASC,KACjC,IAAIge,QACEle,QAAQ4E,IAAIqZ,EAASxZ,KAAIrC,UAC7B,IACEnC,QAAcke,EACf,CAAC,MAAOna,GACPka,EAAYla,CACtB,MAEM9D,EAAOge,EAAU,GAEpB,EASDE,iBAAkB,SAASC,EAAMC,EAAGzG,GAClC,MAAMnW,EAAS6G,KAAKC,IAAI8V,EAAE5c,OAAQmW,EAAEnW,QAC9BG,EAAS,IAAIN,WAAWG,GAC9B,IAAI0G,EAAM,EACV,IAAK,IAAIxG,EAAI,EAAGA,EAAIC,EAAOH,OAAQE,IACjCC,EAAOD,GAAM0c,EAAE1c,GAAM,IAAMyc,EAAUxG,EAAEjW,GAAM,IAAMyc,EACnDjW,GAAQiW,EAAOzc,EAAI0c,EAAE5c,OAAY,EAAI2c,EAAQzc,EAAIiW,EAAEnW,OAErD,OAAOG,EAAOiH,SAAS,EAAGV,EAC3B,EASDmW,YAAa,SAASF,EAAMC,EAAGzG,GAC7B,OAAQyG,EAAK,IAAMD,EAAUxG,EAAK,IAAMwG,CACzC,EAIDG,MAAO,SAASC,GACd,OAAOA,IAAelU,EAAMoC,UAAUK,QAAUyR,IAAelU,EAAMoC,UAAUM,QAAUwR,IAAelU,EAAMoC,UAAUO,MAC5H,GCtoBMuP,EAAS7F,EAAK4F,gBAEpB,IAAIkC,EACAC,EAkBG,SAASjE,EAAO/T,GACrB,IAAIiY,EAAM,IAAIrd,WACd,OAAOwY,EAAiBpT,GAAMtE,IAC5Buc,EAAMhI,EAAKpV,iBAAiB,CAACod,EAAKvc,IAClC,MAAMoZ,EAAI,GAEJoD,EAAQtW,KAAK4P,MAAMyG,EAAIld,OADR,IAEfuI,EAFe,GAEP4U,EACRC,EAAUJ,EAAYE,EAAI9V,SAAS,EAAGmB,IAC5C,IAAK,IAAIrI,EAAI,EAAGA,EAAIid,EAAOjd,IACzB6Z,EAAE7Y,KAAKkc,EAAQtV,OAAW,GAAJ5H,EAAQ,KAC9B6Z,EAAE7Y,KAAK,MAGT,OADAgc,EAAMA,EAAI9V,SAASmB,GACZwR,EAAEjZ,KAAK,GAAG,IAChB,IAAOoc,EAAIld,OAASgd,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS9D,EAAOnU,GACrB,IAAIiY,EAAM,GACV,OAAO7E,EAAiBpT,GAAMtE,IAC5Buc,GAAOvc,EAGP,IAAI0c,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIpd,EAAI,EAAGA,EAAIod,EAAWtd,OAAQE,IAAK,CAC1C,MAAMqd,EAAYD,EAAWpd,GAC7B,IAAK,IAAIE,EAAM8c,EAAIrV,QAAQ0V,IAAqB,IAATnd,EAAYA,EAAM8c,EAAIrV,QAAQ0V,EAAWnd,EAAM,GACpFid,GAER,CAII,IAAIrd,EAASkd,EAAIld,OACjB,KAAOA,EAAS,IAAMA,EAASqd,GAAU,GAAM,EAAGrd,IAC5Csd,EAAWE,SAASN,EAAIld,KAAUqd,IAGxC,MAAMI,EAAUR,EAAYC,EAAIpV,OAAO,EAAG9H,IAE1C,OADAkd,EAAMA,EAAIpV,OAAO9H,GACVyd,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,EAAgBC,GAC9B,OAAOvE,EAAOuE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,EAAgBtV,EAAOgN,GACrC,IAAI6H,EAAUpE,EAAOzQ,GAAOqV,QAAQ,UAAW,IAI/C,OAFER,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,IAEvER,CACT,CCjFA,SAASU,EAAQ1P,GACf,MAEM2P,EAAS3P,EAAK4P,MAFH,yIAIjB,IAAKD,EACH,MAAUpe,MAAM,4BAMlB,MAAI,yBAAyB0b,KAAK0C,EAAO,IAChClV,EAAM0I,MAAMC,iBAMjB,oBAAoB6J,KAAK0C,EAAO,IAC3BlV,EAAM0I,MAAME,cAGjB,iBAAiB4J,KAAK0C,EAAO,IACxBlV,EAAM0I,MAAMG,OAIjB,UAAU2J,KAAK0C,EAAO,IACjBlV,EAAM0I,MAAMI,QAIjB,mBAAmB0J,KAAK0C,EAAO,IAC1BlV,EAAM0I,MAAMpH,UAIjB,oBAAoBkR,KAAK0C,EAAO,IAC3BlV,EAAM0I,MAAMK,WAMjB,YAAYyJ,KAAK0C,EAAO,IACnBlV,EAAM0I,MAAMtE,eADrB,CAGF,CAWA,SAASgR,EAAUC,EAAe5L,GAChC,IAAInS,EAAS,GAWb,OAVImS,EAAO6B,cACThU,GAAU,YAAcmS,EAAO+B,cAAgB,MAE7C/B,EAAO8B,cACTjU,GAAU,YAAcmS,EAAOgC,cAAgB,MAE7C4J,IACF/d,GAAU,YAAc+d,EAAgB,MAE1C/d,GAAU,KACHA,CACT,CAQA,SAASge,EAAYlZ,GACnB,MAAMmZ,EA+CR,SAAqBzf,GACnB,IAAIyf,EAAM,SACV,OAAO/F,EAAiB1Z,GAAOgC,IAC7B,MAAM0d,EAAQC,EAAiBzX,KAAK4P,MAAM9V,EAAMX,OAAS,GAAK,EACxDue,EAAQ,IAAIC,YAAY7d,EAAM+G,OAAQ/G,EAAM8H,WAAY4V,GAC9D,IAAK,IAAIne,EAAI,EAAGA,EAAIme,EAAOne,IACzBke,GAAOG,EAAMre,GACbke,EACEK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,EAAK,KAC1BK,EAAU,GAAgB,IAAZL,GAElB,IAAK,IAAIle,EAAY,EAARme,EAAWne,EAAIS,EAAMX,OAAQE,IACxCke,EAAOA,GAAO,EAAKK,EAAU,GAAU,IAANL,EAAczd,EAAMT,GAC3D,IACK,IAAM,IAAIL,WAAW,CAACue,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYzZ,GACxB,OAAO0Z,EAAcP,EACvB,CD9FIrD,GACFiC,EAAcE,GAAOnC,EAAO6D,KAAK1B,GAAK2B,SAAS,UAC/C5B,EAAc7E,IACZ,MAAMjC,EAAI4E,EAAO6D,KAAKxG,EAAK,UAC3B,OAAO,IAAIvY,WAAWsW,EAAEzO,OAAQyO,EAAE1N,WAAY0N,EAAEzN,WAAW,IAG7DsU,EAAcE,GAAO4B,KAAK5J,EAAKqD,mBAAmB2E,IAClDD,EAAc7E,GAAOlD,EAAKiD,mBAAmB4G,KAAK3G,KC0FpD,MAAMqG,EAAY,CACZ1gB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAImC,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAIke,EAAMle,GAAK,GACf,IAAK,IAAIuY,EAAI,EAAGA,EAAI,EAAGA,IACrB2F,EAAOA,GAAO,GAAa,QAANA,EAAwB,QAAW,GAE1DK,EAAU,GAAGve,IACH,SAANke,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAIle,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBue,EAAU,GAAGve,GAAMue,EAAU,GAAGve,IAAM,EAAKue,EAAU,GAAqB,IAAlBA,EAAU,GAAGve,IAIvE,MAAMoe,EAAkB,WACtB,MAAM5W,EAAS,IAAIsX,YAAY,GAG/B,OAFA,IAAIC,SAASvX,GAAQwX,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWzX,GAAQ,EAChC,IAmCA,SAAS0X,EAAcC,GACrB,IAAK,IAAInf,EAAI,EAAGA,EAAImf,EAAQrf,OAAQE,IAC7B,mCAAmCmb,KAAKgE,EAAQnf,KACnDgV,EAAK2E,gBAAoBla,MAAM,sCAAwC0f,EAAQnf,KAE5E,iDAAiDmb,KAAKgE,EAAQnf,KACjEgV,EAAK2E,gBAAoBla,MAAM,mBAAqB0f,EAAQnf,IAGlE,CAQA,SAASof,EAAelR,GACtB,IAAImR,EAAOnR,EAEX,MAAMoR,EAAapR,EAAKqR,YAAY,KAMpC,OAJID,GAAc,GAAKA,IAAepR,EAAKpO,OAAS,IAClDuf,EAAOnR,EAAKrN,MAAM,EAAGye,IAGhBD,CACT,CAWO,SAASG,GAAQ/gB,GAEtB,OAAO,IAAIL,SAAQoC,MAAOnC,EAASC,KACjC,IACE,MAAMmhB,EAAU,qBACVC,EAAc,oDAEpB,IAAIvN,EACJ,MAAMgN,EAAU,GAChB,IACIQ,EAEAC,EAHAC,EAAcV,EAEdjR,EAAO,GAEX,MAAMnJ,EAAO+a,EAAcC,EAAqBthB,GAAO+B,MAAO4C,EAAUC,KACtE,MAAMzB,EAASoe,EAAiB5c,GAChC,IACE,OAAa,CACX,IAAI0Y,QAAala,EAAO0F,WACxB,QAAahH,IAATwb,EACF,MAAUrc,MAAM,0BAIlB,GADAqc,EAAO9G,EAAK4G,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpDvL,EAIE,GAAKwN,EAcAC,GAAYzN,IAASxJ,EAAM0I,MAAMG,SACtCiO,EAAQtE,KAAKW,IAIhB5N,EAAOA,EAAKtN,KAAK,QACjBgf,GAAW,EACXV,EAAcW,GACdA,EAAc,GACdF,GAAc,GANdzR,EAAKlN,KAAK8a,EAAK4B,QAAQ,MAAO,WAbhC,GAHI+B,EAAQtE,KAAKW,IACfxd,EAAWmB,MAAM,sEAEdigB,EAAYvE,KAAKW,IAKpB,GAFAoD,EAAcW,GACdF,GAAc,EACVC,GAAYzN,IAASxJ,EAAM0I,MAAMG,OAAQ,CAC3CnT,EAAQ,CAAE6P,OAAMnJ,OAAMoa,UAAShN,SAC/B,KAClB,OAPgB0N,EAAY7e,KAAK8a,QARf2D,EAAQtE,KAAKW,KACf3J,EAAOyL,EAAQ9B,GA4B/B,CACS,CAAC,MAAO1Z,GAEP,YADA9D,EAAO8D,EAEjB,CACQ,MAAMvD,EAASohB,EAAiB5c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EACF,MAAUjB,MAAM,0BAElB,MAAMqc,EAAOrb,EAAQ,GACrB,IAA2B,IAAvBqb,EAAKnU,QAAQ,OAAsC,IAAvBmU,EAAKnU,QAAQ,KAEtC,CACL,IAAI/B,QAAkBhE,EAAOjB,YACxBiF,EAAU9F,SAAQ8F,EAAY,IACnCA,EAAYkW,EAAOlW,EACnBA,EAAYoP,EAAK4G,qBAAqBhW,EAAU8X,QAAQ,MAAO,KAC/D,MAAMwC,EAAQta,EAAUiW,MAAM4D,GAC9B,GAAqB,IAAjBS,EAAMpgB,OACR,MAAUL,MAAM,0BAElB,MAAM4f,EAAOD,EAAec,EAAM,GAAGrf,MAAM,GAAI,UACzChC,EAAOoC,MAAMoe,GACnB,KACd,OAboBxgB,EAAOoC,MAAM6a,EAcjC,OACgBjd,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC7B,KAEK,CAAC,MAAOA,GACP9D,EAAO8D,EACb,KACKrB,MAAKP,UACF2f,EAAqBlgB,EAAO8E,QAC9B9E,EAAO8E,WAAaqb,EAAiBngB,EAAO8E,OAEvC9E,IAEX,CAgBO,SAASoR,GAAMgP,EAAahB,EAAMiB,EAAWC,EAAWvC,EAAewC,GAAe,EAAOpO,EAASuD,GAC3G,IAAIzH,EACArC,EACAwU,IAAgB1X,EAAM0I,MAAMG,SAC9BtD,EAAOmR,EAAKnR,KACZrC,EAAOwT,EAAKxT,KACZwT,EAAOA,EAAKta,MAId,MAAM0b,EAAiBD,GAAgBE,EAAoBrB,GAErDpf,EAAS,GACf,OAAQogB,GACN,KAAK1X,EAAM0I,MAAMC,iBACfrR,EAAOe,KAAK,gCAAkCsf,EAAY,IAAMC,EAAY,WAC5EtgB,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,8BAAgCsf,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAK5X,EAAM0I,MAAME,cACftR,EAAOe,KAAK,gCAAkCsf,EAAY,WAC1DrgB,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,8BAAgCsf,EAAY,WACxD,MACF,KAAK3X,EAAM0I,MAAMG,OACfvR,EAAOe,KAAK,wCACZf,EAAOe,KAAK6K,EAAO,SAASA,QAAa,MACzC5L,EAAOe,KAAKkN,EAAKwP,QAAQ,OAAQ,QACjCzd,EAAOe,KAAK,qCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,iCACZ,MACF,KAAK2H,EAAM0I,MAAMI,QACfxR,EAAOe,KAAK,iCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,+BACZ,MACF,KAAK2H,EAAM0I,MAAMpH,UACfhK,EAAOe,KAAK,0CACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,wCACZ,MACF,KAAK2H,EAAM0I,MAAMK,WACfzR,EAAOe,KAAK,2CACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,yCACZ,MACF,KAAK2H,EAAM0I,MAAMtE,UACf9M,EAAOe,KAAK,mCACZf,EAAOe,KAAK+c,EAAUC,EAAe5L,IACrCnS,EAAOe,KAAKyd,EAAcY,IAC1BoB,GAAkBxgB,EAAOe,KAAK,IAAKid,EAAYwC,IAC/CxgB,EAAOe,KAAK,iCAIhB,OAAOgU,EAAKtS,OAAOzC,EACrB,CCzZOO,eAAemgB,GAAgBC,GACpC,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACnB,MAAU7L,MAAM,uBAClB,KAAKkJ,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUQ,QACrB,KAAK5C,EAAMoC,UAAUE,UAAW,CAC9B,MAAM4V,cAAEA,SAAwBziB,QAA0BC,UAAA0C,MAAA,WAAA,OAAA+f,EAAA,IACpDC,EAASF,EAAcxa,IAAIua,GACjC,IAAKG,EACH,MAAUthB,MAAM,gCAElB,OAAOshB,CACb,CACI,QACE,MAAUthB,MAAM,gCAEtB,CAMA,SAASuhB,GAAmBJ,GAC1B,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,KAAK5C,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUE,UACnB,OAAO,EACT,QACE,MAAUxL,MAAM,sBAEtB,CAMA,SAASwhB,GAAiBL,GACxB,OAAQA,GACN,KAAKjY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACnB,OAAO,GACT,KAAKvC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUE,UACnB,OAAO,GACT,KAAKtC,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,QACE,MAAU9L,MAAM,sBAEtB,CAMO,SAASyhB,GAAgBN,GAC9B,MAAO,CAAEO,QAASF,GAAiBL,GAAOQ,UAAWJ,GAAmBJ,GAC1E,2FCjDA,SAASS,GAASzH,EAAGjC,GACnB,IAAI+E,EAAI9C,EAAE,GACN3D,EAAI2D,EAAE,GACN0H,EAAI1H,EAAE,GACN2H,EAAI3H,EAAE,GAEV8C,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,WAC9B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,YAC5B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,OAC/B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAI8E,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,YAC7B4J,EAAIC,GAAGD,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,UAC/B2J,EAAIE,GAAGF,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAIuL,GAAGvL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,GAAI,YAE9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,EAAG,UAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,WAC/B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,WAC5B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,GAAI,YAC9B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,GAAI,YAC7B+E,EAAI+E,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,GAAI,YAC9B4J,EAAIE,GAAGF,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,UAC7B2J,EAAIG,GAAGH,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,YAC7B1B,EAAIwL,GAAGxL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAE/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,QAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,YAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,UAC/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,WAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,WAC9B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,GAAI,UAC7B+E,EAAIgF,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAIG,GAAGH,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,WAC/B2J,EAAII,GAAGJ,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIyL,GAAGzL,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAE9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,GAAI,YAC7B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,IAAK,EAAG,YAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,GAAI,IAAK,YAC9B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,SAC/B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,EAAG,YAC5B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,UAC/B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,IAAK,GAAI,YAC9B+E,EAAIiF,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG5J,EAAE,GAAI,GAAI,WAC7B4J,EAAII,GAAGJ,EAAG7E,EAAGzG,EAAGqL,EAAG3J,EAAE,IAAK,IAAK,YAC/B2J,EAAIK,GAAGL,EAAGC,EAAG7E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAI0L,GAAG1L,EAAGqL,EAAGC,EAAG7E,EAAG/E,EAAE,GAAI,IAAK,WAE9BiC,EAAE,GAAKgI,GAAMlF,EAAG9C,EAAE,IAClBA,EAAE,GAAKgI,GAAM3L,EAAG2D,EAAE,IAClBA,EAAE,GAAKgI,GAAMN,EAAG1H,EAAE,IAClBA,EAAE,GAAKgI,GAAML,EAAG3H,EAAE,GACpB,CAEA,SAASiI,GAAIC,EAAGpF,EAAGzG,EAAG2D,EAAG7B,EAAG+B,GAE1B,OADA4C,EAAIkF,GAAMA,GAAMlF,EAAGoF,GAAIF,GAAMhI,EAAGE,IACzB8H,GAAOlF,GAAK3E,EAAM2E,IAAO,GAAK3E,EAAK9B,EAC5C,CAEA,SAASuL,GAAG9E,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAK5L,EAAIqL,GAAQrL,EAAKsL,EAAI7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS2H,GAAG/E,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAK5L,EAAIsL,EAAMD,GAAMC,EAAK7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS4H,GAAGhF,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAI5L,EAAIqL,EAAIC,EAAG7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACpC,CAEA,SAAS6H,GAAGjF,EAAGzG,EAAGqL,EAAGC,EAAG3H,EAAG7B,EAAG+B,GAC5B,OAAO+H,GAAIP,GAAKrL,GAAMsL,GAAK7E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACzC,CAyCA,SAASiI,GAAOhK,GACd,MAAMiK,EAAU,GAChB,IAAIhiB,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBgiB,EAAQhiB,GAAK,GAAK+X,EAAEK,WAAWpY,IAAM+X,EAAEK,WAAWpY,EAAI,IAAM,IAAM+X,EAAEK,WAAWpY,EAAI,IAAM,KAAO+X,EAAEK,WAAWpY,EAAI,IAC/G,IAEJ,OAAOgiB,CACT,CAEA,MAAMC,GAAU,mBAAmBpG,MAAM,IAEzC,SAASqG,GAAKnM,GACZ,IAAIgC,EAAI,GACJQ,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZR,GAAKkK,GAASlM,GAAU,EAAJwC,EAAQ,EAAM,IAAQ0J,GAASlM,GAAU,EAAJwC,EAAU,IAErE,OAAOR,CACT,CAeA,SAAS6J,GAAMlF,EAAGzG,GAChB,OAAQyG,EAAIzG,EAAK,UACnB,CC1LA,MAAMqE,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAClB2H,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAASnQ,GAChB,GAAKgQ,IAAeC,GAAiB9E,SAASnL,GAG9C,OAAO3R,eAAgBuE,GACrB,MAAMwd,EAASJ,GAAWK,WAAWrQ,GACrC,OAAOgG,EAAiBpT,GAAMtE,IAC5B8hB,EAAOE,OAAOhiB,EAAM,IACnB,IAAM,IAAId,WAAW4iB,EAAOG,WAChC,CACH,CAEA,SAASC,GAAUC,EAAeC,GAChC,MAAMC,EAAetiB,UACnB,MAAMuiB,YAAEA,SAAsB3kB,QAAwBC,UAAA0C,MAAA,WAAA,OAAAiiB,EAAA,IAChDnX,EAAOkX,EAAY1c,IAAIuc,GAC7B,IAAK/W,EAAM,MAAUpM,MAAM,oBAC3B,OAAOoM,CAAI,EAGb,OAAOrL,eAAeuE,GAIpB,GAHIob,EAAqBpb,KACvBA,QAAaqb,EAAiBrb,IAE5BiQ,EAAK7V,SAAS4F,GAAO,CACvB,MAEMke,SAFaH,KAEOI,SAC1B,OAAO/K,EAAiBpT,GAAMtE,IAC5BwiB,EAAaR,OAAOhiB,EAAM,IACzB,IAAMwiB,EAAaP,UAC5B,CAAW,GAAIpI,IAAauI,EACtB,OAAO,IAAIljB,iBAAiB2a,GAAUoI,OAAOG,EAAmB9d,IAIhE,aAFmB+d,KAEP/d,EAEf,CACH,CAEA,IAAeoe,GAAA,CAGbrX,IAAKwW,GAAS,QD3ChB9hB,eAAmB4iB,GACjB,MAAMV,EAyGR,SAAc3K,GACZ,MAAMhC,EAAIgC,EAAEjY,OACNujB,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIrjB,EACJ,IAAKA,EAAI,GAAIA,GAAK+X,EAAEjY,OAAQE,GAAK,GAC/BqhB,GAASgC,EAAOtB,GAAOhK,EAAEuL,UAAUtjB,EAAI,GAAIA,KAE7C+X,EAAIA,EAAEuL,UAAUtjB,EAAI,IACpB,MAAMujB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKvjB,EAAI,EAAGA,EAAI+X,EAAEjY,OAAQE,IACxBujB,EAAKvjB,GAAK,IAAM+X,EAAEK,WAAWpY,KAAQA,EAAI,GAAM,GAGjD,GADAujB,EAAKvjB,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADAqhB,GAASgC,EAAOE,GACXvjB,EAAI,EAAGA,EAAI,GAAIA,IAClBujB,EAAKvjB,GAAK,EAKd,OAFAujB,EAAK,IAAU,EAAJxN,EACXsL,GAASgC,EAAOE,GACTF,CACT,CA/HiBG,CAAKxO,EAAKqD,mBAAmB+K,IAC5C,OAAOpO,EAAKyC,gBAoKd,SAAamC,GACX,IAAK,IAAI5Z,EAAI,EAAGA,EAAI4Z,EAAE9Z,OAAQE,IAC5B4Z,EAAE5Z,GAAKkiB,GAAKtI,EAAE5Z,IAEhB,OAAO4Z,EAAEhZ,KAAK,GAChB,CAzK8B8W,CAAIgL,GAClC,ECyCE3W,KAAMuW,GAAS,SAAWK,GAAU,OAAQ,SAC5CvW,OAAQkW,GAAS,WAAaK,GAAU,UACxC1W,OAAQqW,GAAS,WAAaK,GAAU,SAAU,WAClDzW,OAAQoW,GAAS,WAAaK,GAAU,SAAU,WAClDxW,OAAQmW,GAAS,WAAaK,GAAU,SAAU,WAClD3W,OAAQsW,GAAS,cAAgBK,GAAU,aAC3CtW,SAAUiW,GAAS,aAAeK,GAAU,YAC5CrW,SAAUgW,GAAS,aAAeK,GAAU,YAQ5CD,OAAQ,SAAS9B,EAAM7b,GACrB,OAAQ6b,GACN,KAAKjY,EAAMkD,KAAKC,IACd,OAAO5N,KAAK4N,IAAI/G,GAClB,KAAK4D,EAAMkD,KAAKE,KACd,OAAO7N,KAAK6N,KAAKhH,GACnB,KAAK4D,EAAMkD,KAAKG,OACd,OAAO9N,KAAK8N,OAAOjH,GACrB,KAAK4D,EAAMkD,KAAKI,OACd,OAAO/N,KAAK+N,OAAOlH,GACrB,KAAK4D,EAAMkD,KAAKK,OACd,OAAOhO,KAAKgO,OAAOnH,GACrB,KAAK4D,EAAMkD,KAAKM,OACd,OAAOjO,KAAKiO,OAAOpH,GACrB,KAAK4D,EAAMkD,KAAKO,OACd,OAAOlO,KAAKkO,OAAOrH,GACrB,KAAK4D,EAAMkD,KAAKQ,SACd,OAAOnO,KAAKmO,SAAStH,GACvB,KAAK4D,EAAMkD,KAAKS,SACd,OAAOpO,KAAKoO,SAASvH,GACvB,QACE,MAAUtF,MAAM,6BAErB,EAODgkB,kBAAmB,SAAS7C,GAC1B,OAAQA,GACN,KAAKjY,EAAMkD,KAAKC,IACd,OAAO,GACT,KAAKnD,EAAMkD,KAAKE,KAChB,KAAKpD,EAAMkD,KAAKG,OACd,OAAO,GACT,KAAKrD,EAAMkD,KAAKI,OACd,OAAO,GACT,KAAKtD,EAAMkD,KAAKK,OACd,OAAO,GACT,KAAKvD,EAAMkD,KAAKM,OACd,OAAO,GACT,KAAKxD,EAAMkD,KAAKO,OACd,OAAO,GACT,KAAKzD,EAAMkD,KAAKQ,SACd,OAAO,GACT,KAAK1D,EAAMkD,KAAKS,SACd,OAAO,GACT,QACE,MAAU7M,MAAM,2BAExB,GCxHO,SAASikB,GAAQhH,GACpB,OAAQA,aAAa/c,YACX,MAAL+c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE5e,YAAYqI,IAC7D,CACA,SAASkC,GAAM4N,KAAM0N,GACjB,IAAKD,GAAQzN,GACT,MAAUxW,MAAM,uBACpB,GAAIkkB,EAAQ7jB,OAAS,IAAM6jB,EAAQrG,SAASrH,EAAEnW,QAC1C,MAAUL,MAAM,iCAAiCkkB,oBAA0B1N,EAAEnW,SACrF,CAOA,SAAS8jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUtkB,MAAM,oCACpB,GAAIqkB,GAAiBD,EAASG,SAC1B,MAAUvkB,MAAM,wCACxB,CACA,SAASqF,GAAOmf,EAAKJ,GACjBxb,GAAM4b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAInkB,OAASokB,EACb,MAAUzkB,MAAM,yDAAyDykB,EAEjF;uECjCO,MAAME,GAAMC,GAAQ,IAAI1kB,WAAW0kB,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAE7D8b,GAAOD,GAAQ,IAAI/F,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK4P,MAAM8N,EAAI7b,WAAa,IAEvF+b,GAAcF,GAAQ,IAAItF,SAASsF,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAIhF,KADgF,KAA5D,IAAI7I,WAAW,IAAI2e,YAAY,CAAC,YAAa9W,QAAQ,IAErE,MAAU/H,MAAM,+CAiGb,SAAS+kB,GAAQzf,GACpB,GAAoB,iBAATA,EACPA,EAlBD,SAAqBmT,GACxB,GAAmB,iBAARA,EACP,MAAUzY,MAAM,+BAA+ByY,GACnD,OAAO,IAAIvY,YAAW,IAAIiZ,aAAcE,OAAOZ,GACnD,CAceuM,CAAY1f,OAClB,KAAI2e,GAAQ3e,GAGb,MAAUtF,MAAM,mCAAmCsF,GAFnDA,EAAO2f,GAAU3f,EAEyC,CAC9D,OAAOA,CACX,CA0BO,SAAS4f,GAAWjI,EAAGzG,GAC1B,GAAIyG,EAAE5c,SAAWmW,EAAEnW,OACf,OAAO,EACX,IAAI8kB,EAAO,EACX,IAAK,IAAI5kB,EAAI,EAAGA,EAAI0c,EAAE5c,OAAQE,IAC1B4kB,GAAQlI,EAAE1c,GAAKiW,EAAEjW,GACrB,OAAgB,IAAT4kB,CACX,CAOO,MAAMC,GAAa,CAACC,EAAQxD,KAC/BtjB,OAAO+mB,OAAOzD,EAAGwD,GACVxD,GAGJ,SAAS0D,GAAaC,EAAM1c,EAAY9H,EAAOykB,GAClD,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAazc,EAAY9H,EAAOykB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ9kB,GAAS0kB,EAAQE,GAC9BG,EAAKD,OAAO9kB,EAAQ4kB,GAG1BJ,EAAKQ,UAAUld,EAFM,EAEU+c,EAAIJ,GACnCD,EAAKQ,UAAUld,EAFM,EAEUid,EAAIN,EACvC,CASO,SAASQ,GAAYrd,GACxB,OAAOA,EAAME,WAAa,GAAM,CACpC,CAEO,SAASmc,GAAUrc,GACtB,OAAO1I,WAAW+e,KAAKrW,EAC3B,CACO,SAASsd,MAAS9lB,GACrB,IAAK,IAAIG,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAC/BH,EAAOG,GAAG4lB,KAAK,EAEvB,CCzLA,MAAMC,GAAa,GAGbC,kBAA0B,IAAInmB,WAAW,IACzComB,GAAUzB,GAAIwB,IAcdE,GAAUjQ,IAASA,IAAM,EAAK,MAAS,IACtCA,IAAM,EAAK,MAAS,IACpBA,IAAM,GAAM,MAAS,EACtBA,IAAM,GAAM,IA0BlB,MAAMkQ,GAEF,WAAAnoB,CAAY+Q,EAAKqX,GACbhoB,KAAKioB,SAAWN,GAChB3nB,KAAKimB,UAAY0B,GACjB3nB,KAAKkoB,GAAK,EACVloB,KAAKmoB,GAAK,EACVnoB,KAAKooB,GAAK,EACVpoB,KAAKqoB,GAAK,EACVroB,KAAK8lB,UAAW,EAEhBwC,GADA3X,EAAM2V,GAAQ3V,GACF,IACZ,MAAM4X,EAAQlC,GAAW1V,GACzB,IAAI6X,EAAKD,EAAME,UAAU,GAAG,GACxBC,EAAKH,EAAME,UAAU,GAAG,GACxBE,EAAKJ,EAAME,UAAU,GAAG,GACxBG,EAAKL,EAAME,UAAU,IAAI,GAE7B,MAAMI,EAAU,GAChB,IAAK,IAAI/mB,EAAI,EAAGA,EAAI,IAAKA,IACrB+mB,EAAQ/lB,KAAK,CAAEolB,GAAIJ,GAAOU,GAAKL,GAAIL,GAAOY,GAAKN,GAAIN,GAAOa,GAAKN,GAAIP,GAAOc,OACvEV,GAAIM,EAAIL,GAAIO,EAAIN,GAAIO,EAAIN,GAAIO,GAzDhC,CACHP,IAHcD,EA2DyCO,IAxD5C,IAHON,EA2DyCO,KAxDlC,EACzBR,IAJUD,EA2DyCO,IAvDxC,GAAON,IAAO,EACzBD,IALMD,EA2DyCM,IAtDpC,GAAOL,IAAO,EACzBD,GAAKA,IAAO,EAVP,KAUsB,KAAgB,EALjCG,KADL,IAACH,EAAIC,EAAIC,EAAIC,EA6DlB,MAAMS,EA9BS,CAAC3e,GAChBA,EAAQ,MACD,EACPA,EAAQ,KACD,EACJ,EAyBO4e,CAAef,GAAkB,MAC3C,IAAK,CAAC,EAAG,EAAG,EAAG,GAAG5I,SAAS0J,GACvB,MAAUvnB,MAAM,4BAA4BunB,0BAChD9oB,KAAK8oB,EAAIA,EACT,MACME,EADO,IACUF,EACjBG,EAAcjpB,KAAKipB,WAAa,GAAKH,EACrCI,EAAQ,GAEd,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAASG,IAEzB,IAAK,IAAItf,EAAO,EAAGA,EAAOof,EAAYpf,IAAQ,CAE1C,IAAIqe,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,IAAK,IAAIhO,EAAI,EAAGA,EAAIyO,EAAGzO,IAAK,CAExB,KADaxQ,IAAUif,EAAIzO,EAAI,EAAM,GAEjC,SACJ,MAAQ6N,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,GAAOV,EAAQC,EAAIK,EAAI9O,GAC1D6N,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,CAC/D,CACgBL,EAAMpmB,KAAK,CAAEolB,KAAIC,KAAIC,KAAIC,MACzC,CAEQroB,KAAK4b,EAAIsN,CACjB,CACI,YAAAM,CAAatB,EAAIC,EAAIC,EAAIC,GACpBH,GAAMloB,KAAKkoB,GAAMC,GAAMnoB,KAAKmoB,GAAMC,GAAMpoB,KAAKooB,GAAMC,GAAMroB,KAAKqoB,GAC/D,MAAMS,EAAEA,EAAClN,EAAEA,EAACqN,WAAEA,GAAejpB,KAE7B,IAAIypB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,MAAMC,GAAQ,GAAKf,GAAK,EACxB,IAAIK,EAAI,EACR,IAAK,MAAMW,IAAO,CAAC5B,EAAIC,EAAIC,EAAIC,GAC3B,IAAK,IAAI0B,EAAU,EAAGA,EAAU,EAAGA,IAAW,CAC1C,MAAMlgB,EAAQigB,IAAS,EAAIC,EAAY,IACvC,IAAK,IAAIC,EAAS,EAAIlB,EAAI,EAAGkB,GAAU,EAAGA,IAAU,CAChD,MAAMC,EAAOpgB,IAAUif,EAAIkB,EAAWH,GAC9B3B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOzO,EAAEuN,EAAIF,EAAagB,GAC7DR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAC3ClB,GAAK,CACzB,CACA,CAEQnpB,KAAKkoB,GAAKuB,EACVzpB,KAAKmoB,GAAKuB,EACV1pB,KAAKooB,GAAKuB,EACV3pB,KAAKqoB,GAAKuB,CAClB,CACI,MAAArF,CAAO1d,GACHA,EAAOyf,GAAQzf,GACfyjB,GAAQtqB,MACR,MAAMuqB,EAAMnE,GAAIvf,GACV2jB,EAAS/hB,KAAK4P,MAAMxR,EAAKjF,OAAS+lB,IAClC8C,EAAO5jB,EAAKjF,OAAS+lB,GAC3B,IAAK,IAAI7lB,EAAI,EAAGA,EAAI0oB,EAAQ1oB,IACxB9B,KAAKwpB,aAAae,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,GAAIyoB,EAAQ,EAAJzoB,EAAQ,IAOlF,OALI2oB,IACA7C,GAAQzlB,IAAI0E,EAAKmC,SAASwhB,EAAS7C,KACnC3nB,KAAKwpB,aAAa3B,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,IAC9DJ,GAAMI,KAEH7nB,IACf,CACI,OAAAiJ,GACI,MAAM2S,EAAEA,GAAM5b,KAEd,IAAK,MAAM0qB,KAAO9O,EACb8O,EAAIxC,GAAK,EAAKwC,EAAIvC,GAAK,EAAKuC,EAAItC,GAAK,EAAKsC,EAAIrC,GAAK,CAEhE,CACI,UAAAsC,CAAW5E,GACPuE,GAAQtqB,MACR4qB,GAAQ7E,EAAK/lB,MACbA,KAAK8lB,UAAW,EAChB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOroB,KACrB6qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,CACf,CACI,MAAAvB,GACI,MAAMsG,EAAM,IAAIrpB,WAAWkmB,IAG3B,OAFA3nB,KAAK2qB,WAAWG,GAChB9qB,KAAKiJ,UACE6hB,CACf,EAEA,MAAMC,WAAgBhD,GAClB,WAAAnoB,CAAY+Q,EAAKqX,GAEb,MAAMgD,EAzIP,SAAqBvR,GACxBA,EAAEwR,UACF,MAAMC,EAAgB,EAARzR,EAAE,IAEhB,IAAI0R,EAAQ,EACZ,IAAK,IAAIrpB,EAAI,EAAGA,EAAI2X,EAAE7X,OAAQE,IAAK,CAC/B,MAAM8Z,EAAInC,EAAE3X,GACZ2X,EAAE3X,GAAM8Z,IAAM,EAAKuP,EACnBA,GAAa,EAAJvP,IAAU,CAC3B,CAEI,OADAnC,EAAE,IAAe,KAARyR,EACFzR,CACX,CA6HsB2R,CAAY5E,GAD1B7V,EAAM2V,GAAQ3V,KAEd9Q,MAAMmrB,EAAOhD,GACbP,GAAMuD,EACd,CACI,MAAAzG,CAAO1d,GACHA,EAAOyf,GAAQzf,GACfyjB,GAAQtqB,MACR,MAAMuqB,EAAMnE,GAAIvf,GACV4jB,EAAO5jB,EAAKjF,OAAS+lB,GACrB6C,EAAS/hB,KAAK4P,MAAMxR,EAAKjF,OAAS+lB,IACxC,IAAK,IAAI7lB,EAAI,EAAGA,EAAI0oB,EAAQ1oB,IACxB9B,KAAKwpB,aAAa1B,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,IAAKgmB,GAAOyC,EAAQ,EAAJzoB,EAAQ,KAOjH,OALI2oB,IACA7C,GAAQzlB,IAAI0E,EAAKmC,SAASwhB,EAAS7C,KACnC3nB,KAAKwpB,aAAa1B,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,KAC7FJ,GAAMI,KAEH7nB,IACf,CACI,UAAA2qB,CAAW5E,GACPuE,GAAQtqB,MACR4qB,GAAQ7E,EAAK/lB,MACbA,KAAK8lB,UAAW,EAEhB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOroB,KACrB6qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,EAAIkF,SACnB,EAEA,SAASI,GAAuBC,GAC5B,MAAMC,EAAQ,CAACC,EAAK7a,IAAQ2a,EAAS3a,EAAK6a,EAAI5pB,QAAQ2iB,OAAO+B,GAAQkF,IAAMhH,SACrEiH,EAAMH,EAAS,IAAI7pB,WAAW,IAAK,GAIzC,OAHA8pB,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,CAACrU,EAAKqX,IAAmBsD,EAAS3a,EAAKqX,GAC/CuD,CACX,CACO,MAAMG,GAAQL,IAAuB,CAAC1a,EAAKqX,IAAmB,IAAID,GAAMpX,EAAKqX,KAC7DqD,IAAuB,CAAC1a,EAAKqX,IAAmB,IAAI+C,GAAQpa,EAAKqX,KCtMxF,MAAML,GAAa,GAEbgE,GAAc,IAAIlqB,WAAWkmB,IAC7BiE,GAAO,IAEb,SAASC,GAAKhU,GACV,OAAQA,GAAK,EAAM+T,KAAS/T,GAAK,EACrC,CACA,SAASiU,GAAItN,EAAGzG,GACZ,IAAI+S,EAAM,EACV,KAAO/S,EAAI,EAAGA,IAAM,EAEhB+S,GAAOtM,IAAU,EAAJzG,GACbyG,EAAIqN,GAAKrN,GAEb,OAAOsM,CACX,CAGA,MAAMiB,kBAAuB,MACzB,MAAMnQ,EAAI,IAAIna,WAAW,KACzB,IAAK,IAAIK,EAAI,EAAG4Z,EAAI,EAAG5Z,EAAI,IAAKA,IAAK4Z,GAAKmQ,GAAKnQ,GAC3CE,EAAE9Z,GAAK4Z,EACX,MAAMsQ,EAAM,IAAIvqB,WAAW,KAC3BuqB,EAAI,GAAK,GACT,IAAK,IAAIlqB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,IAAI4Z,EAAIE,EAAE,IAAM9Z,GAChB4Z,GAAKA,GAAK,EACVsQ,EAAIpQ,EAAE9Z,IAA+D,KAAxD4Z,EAAKA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAK,GACrE,CAEI,OADA+L,GAAM7L,GACCoQ,CACV,EAb4B,GAevBC,kBAA0BF,GAAKpnB,KAAI,CAACunB,EAAG7R,IAAM0R,GAAKtiB,QAAQ4Q,KAE1D8R,GAAYtU,GAAOA,GAAK,GAAOA,IAAM,EACrCuU,GAAYvU,GAAOA,GAAK,EAAMA,IAAM,GAEpCwU,GAAYC,GAAWA,GAAQ,GAAM,WACrCA,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAKrB,SAASC,GAAUR,EAAM9kB,GACrB,GAAoB,MAAhB8kB,EAAKnqB,OACL,MAAUL,MAAM,qBACpB,MAAMirB,EAAK,IAAIpM,YAAY,KAAKzb,KAAI,CAACunB,EAAG7R,IAAMpT,EAAG8kB,EAAK1R,MAChDoS,EAAKD,EAAG7nB,IAAIynB,IACZM,EAAKD,EAAG9nB,IAAIynB,IACZO,EAAKD,EAAG/nB,IAAIynB,IACZQ,EAAM,IAAIxM,YAAY,OACtByM,EAAM,IAAIzM,YAAY,OACtB0M,EAAQ,IAAIC,YAAY,OAC9B,IAAK,IAAIjrB,EAAI,EAAGA,EAAI,IAAKA,IACrB,IAAK,IAAIuY,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,MAAM2S,EAAU,IAAJlrB,EAAUuY,EACtBuS,EAAII,GAAOR,EAAG1qB,GAAK2qB,EAAGpS,GACtBwS,EAAIG,GAAON,EAAG5qB,GAAK6qB,EAAGtS,GACtByS,EAAME,GAAQjB,EAAKjqB,IAAM,EAAKiqB,EAAK1R,EAC/C,CAEI,MAAO,CAAE0R,OAAMe,QAAON,KAAIC,KAAIC,KAAIC,KAAIC,MAAKC,MAC/C,CACA,MAAMI,kBAAgCV,GAAUR,IAAOlS,GAAOiS,GAAIjS,EAAG,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKiS,GAAIjS,EAAG,KACzGqT,kBAAgCX,GAAUN,IAAUpS,GAAOiS,GAAIjS,EAAG,KAAO,GAAOiS,GAAIjS,EAAG,KAAO,GAAOiS,GAAIjS,EAAG,IAAM,EAAKiS,GAAIjS,EAAG,MAC9HsT,kBAA0B,MAC5B,MAAMC,EAAI,IAAI3rB,WAAW,IACzB,IAAK,IAAIK,EAAI,EAAG4Z,EAAI,EAAG5Z,EAAI,GAAIA,IAAK4Z,EAAImQ,GAAKnQ,GACzC0R,EAAEtrB,GAAK4Z,EACX,OAAO0R,CACV,EAL+B,GAMzB,SAASC,GAAY1c,GACxB2X,GAAO3X,GACP,MAAM2c,EAAM3c,EAAI/O,OAChB,IAAK,CAAC,GAAI,GAAI,IAAIwd,SAASkO,GACvB,MAAU/rB,MAAM,qDAAqD+rB,GACzE,MAAMR,MAAEA,GAAUG,GACZM,EAAU,GACX/F,GAAY7W,IACb4c,EAAQzqB,KAAM6N,EAAM6V,GAAU7V,IAClC,MAAM6c,EAAMpH,GAAIzV,GACV8c,EAAKD,EAAI5rB,OACT8rB,EAAW7V,GAAM8V,GAAUb,EAAOjV,EAAGA,EAAGA,EAAGA,GAC3C+V,EAAK,IAAIxN,YAAYkN,EAAM,IACjCM,EAAGzrB,IAAIqrB,GAEP,IAAK,IAAI1rB,EAAI2rB,EAAI3rB,EAAI8rB,EAAGhsB,OAAQE,IAAK,CACjC,IAAI8Z,EAAIgS,EAAG9rB,EAAI,GACXA,EAAI2rB,GAAO,EACX7R,EAAI8R,EAAQvB,GAASvQ,IAAMuR,GAAQrrB,EAAI2rB,EAAK,GACvCA,EAAK,GAAK3rB,EAAI2rB,GAAO,IAC1B7R,EAAI8R,EAAQ9R,IAChBgS,EAAG9rB,GAAK8rB,EAAG9rB,EAAI2rB,GAAM7R,CAC7B,CAEI,OADA6L,MAAS8F,GACFK,CACX,CACO,SAASC,GAAeld,GAC3B,MAAMmd,EAAST,GAAY1c,GACrBid,EAAKE,EAAOnrB,QACZ8qB,EAAKK,EAAOlsB,QACZkrB,MAAEA,GAAUG,IACZT,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOO,GAE3B,IAAK,IAAIprB,EAAI,EAAGA,EAAI2rB,EAAI3rB,GAAK,EACzB,IAAK,IAAIuY,EAAI,EAAGA,EAAI,EAAGA,IACnBuT,EAAG9rB,EAAIuY,GAAKyT,EAAOL,EAAK3rB,EAAI,EAAIuY,GAExCoN,GAAMqG,GAEN,IAAK,IAAIhsB,EAAI,EAAGA,EAAI2rB,EAAK,EAAG3rB,IAAK,CAC7B,MAAM4Z,EAAIkS,EAAG9rB,GACPqnB,EAAIwE,GAAUb,EAAOpR,EAAGA,EAAGA,EAAGA,GACpCkS,EAAG9rB,GAAK0qB,EAAO,IAAJrD,GAAYsD,EAAItD,IAAM,EAAK,KAAQuD,EAAIvD,IAAM,GAAM,KAAQwD,EAAGxD,IAAM,GACvF,CACI,OAAOyE,CACX,CAEA,SAASG,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GACrC,OAAQuE,EAAM1E,GAAM,EAAK,MAAYC,IAAO,EAAK,KAC7C0E,EAAMzE,IAAO,EAAK,MAAYC,IAAO,GAAM,IACnD,CACA,SAASsF,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAClC,OAAQyE,EAAY,IAAL5E,EAAmB,MAALC,GACxB2E,EAAQ1E,IAAO,GAAM,IAAUC,IAAO,GAAM,QAAY,EACjE,CACA,SAAS2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQI,GAC5B,IAAIxT,EAAI,EACPyO,GAAM0F,EAAGnU,KAAQ0O,GAAMyF,EAAGnU,KAAQ2O,GAAMwF,EAAGnU,KAAQ4O,GAAMuF,EAAGnU,KAC7D,MAAMwU,EAASL,EAAGhsB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAImsB,EAAQnsB,IAAK,CAC7B,MAAMosB,EAAKN,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GAC/C8F,EAAKP,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAK1E,EAAIC,EAAIC,EAAIH,GAC/CkG,EAAKR,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAKzE,EAAIC,EAAIH,EAAIC,GAC/CkG,EAAKT,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAKxE,EAAIH,EAAIC,EAAIC,GACpDF,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGnU,KAAOkU,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAIjCF,GAHNyF,EAAGnU,KAAOkU,GAAUb,EAAO3E,EAAIC,EAAIC,EAAIH,GAGzBE,GAFdwF,EAAGnU,KAAOkU,GAAUb,EAAO1E,EAAIC,EAAIH,EAAIC,GAEjBE,GADtBuF,EAAGnU,KAAOkU,GAAUb,EAAOzE,EAAIH,EAAIC,EAAIC,GAEtD,CAEA,SAASkG,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQK,GAC5B,IAAIzT,EAAI,EACPyO,GAAM0F,EAAGnU,KAAQ0O,GAAMyF,EAAGnU,KAAQ2O,GAAMwF,EAAGnU,KAAQ4O,GAAMuF,EAAGnU,KAC7D,MAAMwU,EAASL,EAAGhsB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAImsB,EAAQnsB,IAAK,CAC7B,MAAMosB,EAAKN,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAK3E,EAAIG,EAAID,EAAID,GAC/CgG,EAAKP,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAK1E,EAAID,EAAIG,EAAID,GAC/CgG,EAAKR,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAKzE,EAAID,EAAID,EAAIG,GAC/CgG,EAAKT,EAAGnU,KAAOsU,GAAUnB,EAAKC,EAAKxE,EAAID,EAAID,EAAID,GACpDA,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGnU,KAAOkU,GAAUb,EAAO5E,EAAIG,EAAID,EAAID,GAIjCA,GAHNyF,EAAGnU,KAAOkU,GAAUb,EAAO3E,EAAID,EAAIG,EAAID,GAGzBA,GAFdwF,EAAGnU,KAAOkU,GAAUb,EAAO1E,EAAID,EAAID,EAAIG,GAEjBA,GADtBuF,EAAGnU,KAAOkU,GAAUb,EAAOzE,EAAID,EAAID,EAAID,GAEtD,CACA,SAASqG,GAAOjB,EAAKkB,GACjB,QAAYpsB,IAARosB,EACA,OAAO,IAAI/sB,WAAW6rB,GAE1B,GADAhF,GAAOkG,GACHA,EAAI5sB,OAAS0rB,EACb,MAAU/rB,MAAM,oDAAoD+rB,WAAakB,EAAI5sB,UACzF,IAAK4lB,GAAYgH,GACb,MAAUjtB,MAAM,iBACpB,OAAOitB,CACX,CAEA,SAASC,GAAWb,EAAIc,EAAOC,EAAKH,GAChClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACP,MAAMC,EAASD,EAAI/sB,OACnB4sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GAEhB,IAAI3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACjE,MAAMC,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GAElB,IAAK,IAAI1sB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EAAG,CAC3CktB,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKomB,EAC9B8G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqmB,EAC9B6G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsmB,EAC9B4G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKumB,EAE9B,IAAI8C,EAAQ,EACZ,IAAK,IAAIrpB,EAAI+sB,EAAIjtB,OAAS,EAAGE,GAAK,EAAGA,IACjCqpB,EAASA,GAAkB,IAAT0D,EAAI/sB,IAAc,EACpC+sB,EAAI/sB,GAAa,IAARqpB,EACTA,KAAW,IAEZjD,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACtE,CAGI,MAAM1qB,EAAQujB,GAAalf,KAAK4P,MAAM0W,EAAMntB,OA/M3B,GAgNjB,GAAIwC,EAAQwqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCvJ,EAAMoH,GAAGqE,GACf,IAAK,IAAIzoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAKgd,EAAI9c,GAC1BylB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAIA,SAASS,GAAMrB,EAAI5G,EAAM0H,EAAOC,EAAKH,GACjClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACPH,EAAMD,GAAOI,EAAI/sB,OAAQ4sB,GACzB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GACV9H,EAAOV,GAAWwI,GAClBE,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZU,EAASlI,EAAO,EAAI,GACpB4H,EAASD,EAAI/sB,OAEnB,IAAIutB,EAASpI,EAAK0B,UAAUyG,EAAQlI,IAChCkB,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,IAAK,IAAIhtB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EACxCktB,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKomB,EAC9B8G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqmB,EAC9B6G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsmB,EAC9B4G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKumB,EAC9B8G,EAAUA,EAAS,IAAO,EAC1BpI,EAAKQ,UAAU2H,EAAQC,EAAQnI,KAC5BkB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAGlE,MAAM1qB,EAAQujB,GAAalf,KAAK4P,MAAM0W,EAAMntB,OArP3B,GAsPjB,GAAIwC,EAAQwqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCvJ,EAAMoH,GAAGqE,GACf,IAAK,IAAIzoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAKgd,EAAI9c,GAC1BylB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAKO,MAAMK,GAAMlI,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK+d,GAGhF,SAASW,EAAWvQ,EAAK0P,GAErB,GADAlG,GAAOxJ,QACK1c,IAARosB,IACAlG,GAAOkG,IACFhH,GAAYgH,IACb,MAAUjtB,MAAM,yBAExB,MAAMqsB,EAAKP,GAAY1c,GACjBkH,EAAI2O,GAAUkI,GACdnB,EAAU,CAACK,EAAI/V,GAChB2P,GAAY1I,IACbyO,EAAQzqB,KAAMgc,EAAM0H,GAAU1H,IAClC,MAAMiH,EAAM0I,GAAWb,EAAI/V,EAAGiH,EAAK0P,GAEnC,OADA/G,MAAS8F,GACFxH,CACf,CACI,OAlBAuC,GAAO3X,GACP2X,GAAOoG,EAAO/G,IAiBP,CACHqG,QAAS,CAACsB,EAAWd,IAAQa,EAAWC,EAAWd,GACnDF,QAAS,CAACiB,EAAYf,IAAQa,EAAWE,EAAYf,GAE7D,IAgGO,MAAMgB,GAAM7I,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK8e,EAAIC,EAAO,CAAA,GAC3FpH,GAAO3X,GACP2X,GAAOmH,EAAI,IACX,MAAME,GAASD,EAAKE,eACpB,MAAO,CACH,OAAA5B,CAAQsB,EAAWd,GACf,MAAMZ,EAAKP,GAAY1c,IACjBoH,EAAEA,EAAC8X,EAAK9J,IAAK+J,GAhG/B,SAA8BR,EAAWK,EAAOnB,GAC5ClG,GAAOgH,GACP,IAAIS,EAAST,EAAU1tB,OACvB,MAAMouB,EAAYD,EAASpI,GAC3B,IAAKgI,GAAuB,IAAdK,EACV,MAAUzuB,MAAM,2DACfimB,GAAY8H,KACbA,EAAY9I,GAAU8I,IAC1B,MAAMvX,EAAIqO,GAAIkJ,GACd,GAAIK,EAAO,CACP,IAAIlF,EAAO9C,GAAaqI,EACnBvF,IACDA,EAAO9C,IACXoI,GAAkBtF,CAC1B,CACI,MAAM1E,EAAMwI,GAAOwB,EAAQvB,GAE3B,MAAO,CAAEzW,IAAG8X,EADFzJ,GAAIL,GACCA,MACnB,CA8EwCkK,CAAqBX,EAAWK,EAAOnB,GACnE,IAAI0B,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GAChDruB,EAAI,EACR,KAAOA,EAAI,GAAKiW,EAAEnW,QACbsmB,GAAMnQ,EAAEjW,EAAI,GAAMqmB,GAAMpQ,EAAEjW,EAAI,GAAMsmB,GAAMrQ,EAAEjW,EAAI,GAAMumB,GAAMtQ,EAAEjW,EAAI,KAChEomB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE/tB,KAAOomB,EAAM2H,EAAE/tB,KAAOqmB,EAAM0H,EAAE/tB,KAAOsmB,EAAMyH,EAAE/tB,KAAOumB,EAE3D,GAAIsH,EAAO,CACP,MAAMS,EA7EtB,SAAiB3F,GACb,MAAMgB,EAAM,IAAIhqB,WAAW,IACrB2uB,EAAQhK,GAAIqF,GAClBA,EAAItpB,IAAIsoB,GACR,MAAM4F,EAAc1I,GAAa8C,EAAK7oB,OACtC,IAAK,IAAIE,EAAI6lB,GAAa0I,EAAavuB,EAAI6lB,GAAY7lB,IACnD2pB,EAAI3pB,GAAKuuB,EACb,OAAOD,CACX,CAqE8BE,CAAQhB,EAAUtmB,SAAa,EAAJlH,IACxComB,GAAMkI,EAAM,GAAMjI,GAAMiI,EAAM,GAAMhI,GAAMgI,EAAM,GAAM/H,GAAM+H,EAAM,KAChElI,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE/tB,KAAOomB,EAAM2H,EAAE/tB,KAAOqmB,EAAM0H,EAAE/tB,KAAOsmB,EAAMyH,EAAE/tB,KAAOumB,CACvE,CAEY,OADAZ,MAAS8F,GACFuC,CACV,EACD,OAAAxB,CAAQiB,EAAYf,IA7H5B,SAA8B3nB,GAE1B,GADAyhB,GAAOzhB,GACHA,EAAKjF,OAAS+lB,IAAe,EAC7B,MAAUpmB,MAAM,yEAExB,CAyHYgvB,CAAqBhB,GACrB,MAAM3B,EAAKC,GAAeld,GAC1B,IAAIuf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GACVnK,EAAMwI,GAAOgB,EAAW3tB,OAAQ4sB,GACjChH,GAAY+H,IACbhC,EAAQzqB,KAAMysB,EAAa/I,GAAU+I,IACzC,MAAMxX,EAAIqO,GAAImJ,GACRM,EAAIzJ,GAAIL,GAEd,IAAImC,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAKiW,EAAEnW,QAAS,CAEhC,MAAM4uB,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EACzCH,EAAKnQ,EAAEjW,EAAI,GAAMqmB,EAAKpQ,EAAEjW,EAAI,GAAMsmB,EAAKrQ,EAAEjW,EAAI,GAAMumB,EAAKtQ,EAAEjW,EAAI,GAC/D,MAAQomB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAO0E,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAClEwH,EAAE/tB,KAAO2nB,EAAK+G,EAAOX,EAAE/tB,KAAO4nB,EAAK+G,EAAOZ,EAAE/tB,KAAO6nB,EAAK+G,EAAOb,EAAE/tB,KAAO8nB,EAAK+G,CAC9F,CAEY,OADAlJ,MAAS8F,GA1HrB,SAAsB1mB,EAAM8oB,GACxB,IAAKA,EACD,OAAO9oB,EACX,MAAMymB,EAAMzmB,EAAKjF,OACjB,IAAK0rB,EACD,MAAU/rB,MAAM,2CACpB,MAAMqvB,EAAW/pB,EAAKymB,EAAM,GAC5B,GAAIsD,GAAY,GAAKA,EAAW,GAC5B,MAAUrvB,MAAM,4BACpB,MAAMwkB,EAAMlf,EAAKmC,SAAS,GAAI4nB,GAC9B,IAAK,IAAI9uB,EAAI,EAAGA,EAAI8uB,EAAU9uB,IAC1B,GAAI+E,EAAKymB,EAAMxrB,EAAI,KAAO8uB,EACtB,MAAUrvB,MAAM,4BACxB,OAAOwkB,CACX,CA6GmB8K,CAAa9K,EAAK4J,EAC5B,EAET,IAKamB,GAAMnK,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaze,EAAK8e,GAGhF,SAASsB,EAAWpC,EAAKqC,EAAWxC,GAChClG,GAAOqG,GACP,MAAMC,EAASD,EAAI/sB,OACnB4sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMZ,EAAKP,GAAY1c,GACvB,IAAIuf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQzqB,KAAMotB,EAAM1J,GAAU0J,IAC7B1I,GAAYmH,IACbpB,EAAQzqB,KAAM6rB,EAAMnI,GAAUmI,IAClC,MAAMI,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZyC,EAASD,EAAYhC,EAAQD,EAC7BoB,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,QAAS,CACpC,MAAQsmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO2D,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GACnE2G,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKooB,EAC9B8E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqoB,EAC9B6E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsoB,EAC9B4E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKuoB,EAC7BnC,EAAK+I,EAAOnvB,KAAQqmB,EAAK8I,EAAOnvB,KAAQsmB,EAAK6I,EAAOnvB,KAAQumB,EAAK4I,EAAOnvB,IACrF,CAEQ,MAAMsC,EAAQujB,GAAalf,KAAK4P,MAAM0W,EAAMntB,OApd/B,GAqdb,GAAIwC,EAAQwqB,EAAQ,GACb1G,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC9C,MAAMvJ,EAAMoH,GAAG,IAAI9F,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,KAC5C,IAAK,IAAIvmB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI8sB,EAAQ9sB,IAAKE,IAC1CwsB,EAAI1sB,GAAK6sB,EAAI7sB,GAAKgd,EAAI9c,GAC1BylB,GAAM3I,EAClB,CAEQ,OADA2I,MAAS8F,GACFiB,CACf,CACI,OAvCAlG,GAAO3X,GACP2X,GAAOmH,EAAI,IAsCJ,CACHzB,QAAS,CAACsB,EAAWd,IAAQuC,EAAWzB,GAAW,EAAMd,GACzDF,QAAS,CAACiB,EAAYf,IAAQuC,EAAWxB,GAAY,EAAOf,GAEpE,IAyBO,MAAM/f,GAAMkY,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,GAAI8B,UAAW,KAAM,SAAavgB,EAAK+d,EAAOyC,GAQtG,GAPA7I,GAAO3X,GACP2X,GAAOoG,QACKtsB,IAAR+uB,GACA7I,GAAO6I,GAIPzC,EAAM9sB,OAAS,EACf,MAAUL,MAAM,iCACpB,MAAM2vB,EAAY,GAClB,SAASE,EAAYC,EAASC,EAASzqB,GACnC,MAAMoX,EAnCd,SAAoBhX,EAAI+f,EAAMrW,EAAK9J,EAAMsqB,GACrC,MAAMI,EAAmB,MAAPJ,EAAc,EAAIA,EAAIvvB,OAClC4vB,EAAIvqB,EAAG+d,OAAOrU,EAAK9J,EAAKjF,OAAS2vB,GACnCJ,GACAK,EAAEjN,OAAO4M,GACbK,EAAEjN,OAAO1d,GACT,MAAMijB,EAAM,IAAIroB,WAAW,IACrBslB,EAAOV,GAAWyD,GACpBqH,GACArK,GAAaC,EAAM,EAAGG,OAAmB,EAAZqK,GAAgBvK,GACjDF,GAAaC,EAAM,EAAGG,OAAqB,EAAdrgB,EAAKjF,QAAaolB,GAC/CwK,EAAEjN,OAAOuF,GACT,MAAMgB,EAAM0G,EAAEhN,SAEd,OADAiD,GAAMqC,GACCgB,CACX,CAoBoB2G,CAAW/F,IAAO,EAAO2F,EAASxqB,EAAMsqB,GACpD,IAAK,IAAIrvB,EAAI,EAAGA,EAAIwvB,EAAQ1vB,OAAQE,IAChCmc,EAAInc,IAAMwvB,EAAQxvB,GACtB,OAAOmc,CACf,CACI,SAASyT,IACL,MAAM9D,EAAKP,GAAY1c,GACjB0gB,EAAU1F,GAAYhpB,QACtBgvB,EAAUhG,GAAYhpB,QAG5B,GAFAssB,GAAMrB,GAAI,EAAO+D,EAASA,EAASN,GAEd,KAAjB3C,EAAM9sB,OACN+vB,EAAQxvB,IAAIusB,OAEX,CACD,MAAMkD,EAAWjG,GAAYhpB,QAE7BmkB,GADaT,GAAWuL,GACL,EAAG1K,OAAsB,EAAfwH,EAAM9sB,SAAa,GAEhD,MAAMiwB,EAAInG,GAAM1G,OAAOqM,GAAS9M,OAAOmK,GAAOnK,OAAOqN,GACrDC,EAAElH,WAAWgH,GACbE,EAAE5oB,SACd,CAEQ,MAAO,CAAE2kB,KAAIyD,UAASM,UAASL,QADfrC,GAAMrB,GAAI,EAAO+D,EAAShG,IAElD,CACI,MAAO,CACH,OAAAqC,CAAQsB,GACJhH,GAAOgH,GACP,MAAM1B,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpC3L,EAAM,IAAItkB,WAAW6tB,EAAU1tB,OAASsvB,GACxC3D,EAAU,CAACK,EAAIyD,EAASM,EAASL,GAClC9J,GAAY8H,IACb/B,EAAQzqB,KAAMwsB,EAAY9I,GAAU8I,IACxCL,GAAMrB,GAAI,EAAO+D,EAASrC,EAAWvJ,GACrC,MAAM9H,EAAMmT,EAAYC,EAASC,EAASvL,EAAI/c,SAAS,EAAG+c,EAAInkB,OAASsvB,IAIvE,OAHA3D,EAAQzqB,KAAKmb,GACb8H,EAAI5jB,IAAI8b,EAAKqR,EAAU1tB,QACvB6lB,MAAS8F,GACFxH,CACV,EACD,OAAAuI,CAAQiB,GAEJ,GADAjH,GAAOiH,GACHA,EAAW3tB,OAASsvB,EACpB,MAAU3vB,MAAM,6CACpB,MAAMqsB,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpCnE,EAAU,CAACK,EAAIyD,EAASC,EAASK,GAClCnK,GAAY+H,IACbhC,EAAQzqB,KAAMysB,EAAa/I,GAAU+I,IACzC,MAAM1oB,EAAO0oB,EAAWvmB,SAAS,GAAG,IAC9B8oB,EAAYvC,EAAWvmB,UAAS,IAChCiV,EAAMmT,EAAYC,EAASC,EAASzqB,GAE1C,GADA0mB,EAAQzqB,KAAKmb,IACRwI,GAAWxI,EAAK6T,GACjB,MAAUvwB,MAAM,8BACpB,MAAMwkB,EAAMkJ,GAAMrB,GAAI,EAAO+D,EAAS9qB,GAEtC,OADA4gB,MAAS8F,GACFxH,CACV,EAET,IAkHA,SAASgM,GAAUvT,GACf,OAAa,MAALA,GACS,iBAANA,IACNA,aAAa4B,aAAsC,gBAAvB5B,EAAE5e,YAAYqI,KACnD,CACA,SAAS+pB,GAAapE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUrsB,MAAM,+CACpB,MAAMgpB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CACA,SAASC,GAAatE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUrsB,MAAM,+CACpB,MAAMgpB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CAOA,MAAME,GAAO,CAiBT,OAAAnE,CAAQoE,EAAKrM,GAGT,GAAIA,EAAInkB,QAAU,GAAK,GACnB,MAAUL,MAAM,qCACpB,MAAMqsB,EAAKP,GAAY+E,GACvB,GAAmB,KAAfrM,EAAInkB,OACJowB,GAAapE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIxQ,EAAI,EAAGwU,EAAM,EAAGxU,EAAI,EAAGA,IAC5B,IAAK,IAAIrY,EAAM,EAAGA,EAAM6oB,EAAIjpB,OAAQI,GAAO,EAAG6sB,IAAO,CACjD,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIyE,EAAIC,EAAIzH,EAAI7oB,GAAM6oB,EAAI7oB,EAAM,IAElEqwB,EAAKnK,EAAMoK,EAAKnK,EAAKkE,GAASwC,GAAQhE,EAAI7oB,GAAOomB,EAAMyC,EAAI7oB,EAAM,GAAKqmB,CAC3F,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,EACD,OAAA4G,CAAQ8D,EAAKrM,GACT,GAAIA,EAAInkB,OAAS,GAAK,GAAK,GACvB,MAAUL,MAAM,sCACpB,MAAMqsB,EAAKC,GAAeuE,GACpBG,EAASxM,EAAInkB,OAAS,EAAI,EAChC,GAAe,IAAX2wB,EACAL,GAAatE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIxQ,EAAI,EAAGwU,EAAe,EAAT0D,EAAYlY,EAAI,EAAGA,IACrC,IAAK,IAAIrY,EAAe,EAATuwB,EAAYvwB,GAAO,EAAGA,GAAO,EAAG6sB,IAAO,CAClDyD,GAAMjG,GAASwC,GACf,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIyE,EAAIC,EAAIzH,EAAI7oB,GAAM6oB,EAAI7oB,EAAM,IAClEqwB,EAAKnK,EAAMoK,EAAKnK,EAAM0C,EAAI7oB,GAAOomB,EAAMyC,EAAI7oB,EAAM,GAAKqmB,CAC3E,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,GAEC8K,GAAW,IAAI/wB,WAAW,GAAGimB,KAAK,KAQ3B+K,GAAQ9L,GAAW,CAAEzD,UAAW,IAAMkP,IAAS,CACxD,OAAApE,CAAQsB,GAEJ,GADAhH,GAAOgH,IACFA,EAAU1tB,QAAU0tB,EAAU1tB,OAAS,GAAM,EAC9C,MAAUL,MAAM,4BACpB,GAAyB,IAArB+tB,EAAU1tB,OACV,MAAUL,MAAM,wDACpB,MAAMwkB,EF1rBP,YAAwBpkB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAM0c,EAAI7c,EAAOG,GACjBwmB,GAAO9J,GACPkU,GAAOlU,EAAE5c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAM0c,EAAI7c,EAAOG,GACjBgpB,EAAI3oB,IAAIqc,EAAGmU,GACXA,GAAOnU,EAAE5c,MACjB,CACI,OAAOkpB,CACX,CE4qBoB8H,CAAYJ,GAAUlD,GAElC,OADA6C,GAAKnE,QAAQoE,EAAKrM,GACXA,CACV,EACD,OAAAuI,CAAQiB,GAKJ,GAJAjH,GAAOiH,GAIHA,EAAW3tB,OAAS,GAAM,GAAK2tB,EAAW3tB,OAAS,GACnD,MAAUL,MAAM,6BACpB,MAAMwkB,EAAMS,GAAU+I,GAEtB,GADA4C,GAAK7D,QAAQ8D,EAAKrM,IACbU,GAAWV,EAAI/c,SAAS,EAAG,GAAIwpB,IAChC,MAAUjxB,MAAM,0BAEpB,OADAwkB,EAAI/c,SAAS,EAAG,GAAG0e,KAAK,GACjB3B,EAAI/c,SAAS,EACvB,MA+EQ6pB,GAAS,CAClBxF,eACAQ,kBACJG,QAAIA,GACJM,QAAIA,GACA0D,gBACAE,gBACAzD,cACAQ,UC73BE7S,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAElBuW,GAAa7O,GAAaA,GAAW8O,aAAe,GACpDC,GAAY,CAChBlmB,KAAMgmB,GAAW1T,SAAS,YAAc,gBAAahd,EACrD2K,UAAW+lB,GAAW1T,SAAS,gBAAkB,oBAAiBhd,EAClE4K,MAAO8lB,GAAW1T,SAAS,aAAe,iBAAchd,EACxD6K,SAAU6lB,GAAW1T,SAAS,UAAY,cAAWhd,EACrD8K,OAAQ4lB,GAAW1T,SAAS,eAAiB,mBAAgBhd,EAC7D+K,OAAQ2lB,GAAW1T,SAAS,eAAiB,mBAAgBhd,EAC7DgL,OAAQ0lB,GAAW1T,SAAS,eAAiB,mBAAgBhd,GA2F/D,MAAM6wB,GACJ,WAAArzB,CAAY8iB,EAAM/R,EAAK8e,GACrB,MAAMvM,UAAEA,GAAcF,GAAgBN,GACtC1iB,KAAK2Q,IAAMA,EACX3Q,KAAKkzB,UAAYzD,EACjBzvB,KAAKmzB,UAAY,IAAI1xB,WAAWyhB,GAChCljB,KAAK8B,EAAI,EACT9B,KAAKkjB,UAAYA,EACjBljB,KAAKozB,UAAY,IAAI3xB,WAAWzB,KAAKkjB,UACzC,CAEE,wBAAamQ,CAAY3Q,GACvB,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOtG,GAAUkX,UAAU,MAAO,IAAI7xB,WAAWwhB,GAAU,WAAW,EAAO,CAAC,YAC3EpgB,MAAK,KAAM,IAAM,KAAM,GAC9B,CAEE,aAAM0wB,CAAQjE,EAAWkE,GACvB,MAAMC,EAAO,UACbzzB,KAAK0zB,OAAS1zB,KAAK0zB,cAAgBtX,GAAUkX,UAAU,MAAOtzB,KAAK2Q,IAAK8iB,GAAM,EAAO,CAAC,YACtF,MAAMlE,QAAmBnT,GAAU4R,QACjC,CAAE/lB,KAAMwrB,EAAMhE,GAAI+D,GAAaxzB,KAAKozB,WACpCpzB,KAAK0zB,OACLpE,GAEF,OAAO,IAAI7tB,WAAW8tB,GAAYvmB,SAAS,EAAGsmB,EAAU1tB,OAC5D,CAEE,kBAAM+xB,CAAapxB,GACjB,MAAMqxB,EAAU5zB,KAAKmzB,UAAUvxB,OAAS5B,KAAK8B,EACvC+xB,EAAQtxB,EAAMyG,SAAS,EAAG4qB,GAEhC,GADA5zB,KAAKmzB,UAAUhxB,IAAI0xB,EAAO7zB,KAAK8B,GAC1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKkjB,UAAY,CACnD,MAAM4Q,GAAYvxB,EAAMX,OAASgyB,GAAW5zB,KAAKkjB,UAC3CoM,EAAYxY,EAAKpV,iBAAiB,CACtC1B,KAAKmzB,UACL5wB,EAAMyG,SAAS4qB,EAASrxB,EAAMX,OAASkyB,KAEnCC,EAAYjd,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL5D,EAAUtmB,SAAS,EAAGsmB,EAAU1tB,OAAS5B,KAAKkjB,aAG1C8Q,QAAwBh0B,KAAKuzB,QAAQQ,GAQ3C,OAPAE,GAAOD,EAAiB1E,GACxBtvB,KAAKkzB,UAAYc,EAAgBrxB,OAAO3C,KAAKkjB,WAGzC4Q,EAAW,GAAG9zB,KAAKmzB,UAAUhxB,IAAII,EAAMyG,UAAU8qB,IACrD9zB,KAAK8B,EAAIgyB,EAEFE,CACb,CAGI,IAAIE,EACJ,GAFAl0B,KAAK8B,GAAK+xB,EAAMjyB,OAEZ5B,KAAK8B,IAAM9B,KAAKmzB,UAAUvxB,OAAQ,CACpC,MAAMuyB,EAAWn0B,KAAKmzB,UACtBe,QAAuBl0B,KAAKuzB,QAAQvzB,KAAKkzB,WACzCe,GAAOC,EAAgBC,GACvBn0B,KAAKkzB,UAAYgB,EAAevxB,QAChC3C,KAAK8B,EAAI,EAET,MAAMkuB,EAAYztB,EAAMyG,SAAS6qB,EAAMjyB,QACvC5B,KAAKmzB,UAAUhxB,IAAI6tB,EAAWhwB,KAAK8B,GACnC9B,KAAK8B,GAAKkuB,EAAUpuB,MAC1B,MACMsyB,EAAiB,IAAIzyB,WAGvB,OAAOyyB,CACX,CAEE,YAAMvtB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CACLzB,KAAKmzB,UAAYnzB,KAAKmzB,UAAUnqB,SAAS,EAAGhJ,KAAK8B,GACjD,MAAMqyB,EAAWn0B,KAAKmzB,UAChBe,QAAuBl0B,KAAKuzB,QAAQvzB,KAAKkzB,WAC/Ce,GAAOC,EAAgBC,GACvBpyB,EAASmyB,EAAelrB,SAAS,EAAGmrB,EAASvyB,OACnD,CAGI,OADA5B,KAAKo0B,qBACEryB,CACX,CAEE,kBAAAqyB,GACEp0B,KAAKmzB,UAAUzL,KAAK,GACpB1nB,KAAKkzB,UAAUxL,KAAK,GACpB1nB,KAAK0zB,OAAS,KACd1zB,KAAK2Q,IAAM,IACf,CAEE,aAAMqd,CAAQsB,GAEZ,MAKM+E,SAL6Br0B,KAAKuzB,QACtCzc,EAAKpV,iBAAiB,CAAC,IAAID,WAAWzB,KAAKkjB,WAAYoM,IACvDtvB,KAAKyvB,KAGyBzmB,SAAS,EAAGsmB,EAAU1tB,QAGtD,OAFAqyB,GAAOI,EAAI/E,GACXtvB,KAAKo0B,qBACEC,CACX,EAGA,MAAMC,GACJ,WAAA10B,CAAY20B,EAAe7R,EAAM/R,EAAK8e,GACpCzvB,KAAKu0B,cAAgBA,EACrB,MAAMrR,UAAEA,GAAcF,GAAgBN,GACtC1iB,KAAK2Q,IAAM6jB,GAAgBnH,YAAY1c,GAEnC8e,EAAGplB,WAAa,GAAM,IAAGolB,EAAKA,EAAG9sB,SACrC3C,KAAKkzB,UAAYuB,GAAehF,GAChCzvB,KAAKmzB,UAAY,IAAI1xB,WAAWyhB,GAChCljB,KAAK8B,EAAI,EACT9B,KAAKkjB,UAAYA,CACrB,CAEE,OAAAwR,CAAQ/F,GACN,MAAMI,EAAQ0F,GAAe9F,GACvBH,EAAM,IAAI/sB,WAAWktB,EAAI/sB,QACzBotB,EAAQyF,GAAejG,GAC7B,IAAK,IAAI1sB,EAAI,EAAGA,EAAI,GAAKktB,EAAMptB,OAAQE,GAAK,EAAG,CAC7C,MAAQomB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOmK,GAAgBxG,QAAQhuB,KAAK2Q,IAAK3Q,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,GAAIlzB,KAAKkzB,UAAU,IACrJlE,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKooB,EAC9B8E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKqoB,EAC9B6E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKsoB,EAC9B4E,EAAMltB,EAAI,GAAKitB,EAAMjtB,EAAI,GAAKuoB,EAC9BrqB,KAAKkzB,WAAalzB,KAAKu0B,cAAgBvF,EAAQD,GAAOpsB,MAAMb,EAAGA,EAAI,EACzE,CACI,OAAO0sB,CACX,CAEE,kBAAMmG,CAAapyB,GACjB,MAAMqxB,EAAU5zB,KAAKmzB,UAAUvxB,OAAS5B,KAAK8B,EACvC+xB,EAAQtxB,EAAMyG,SAAS,EAAG4qB,GAGhC,GAFA5zB,KAAKmzB,UAAUhxB,IAAI0xB,EAAO7zB,KAAK8B,GAE1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKkjB,UAAY,CACnD,MAAM4Q,GAAYvxB,EAAMX,OAASgyB,GAAW5zB,KAAKkjB,UAC3C0R,EAAY9d,EAAKpV,iBAAiB,CACtC1B,KAAKmzB,UACL5wB,EAAMyG,SAAS4qB,EAASrxB,EAAMX,OAASkyB,KAGnCe,EAAkB70B,KAAK00B,QAAQE,GAMrC,OAHId,EAAW,GAAG9zB,KAAKmzB,UAAUhxB,IAAII,EAAMyG,UAAU8qB,IACrD9zB,KAAK8B,EAAIgyB,EAEFe,CACb,CAII,IAAIC,EACJ,GAHA90B,KAAK8B,GAAK+xB,EAAMjyB,OAGZ5B,KAAK8B,IAAM9B,KAAKmzB,UAAUvxB,OAAQ,CACpCkzB,EAAiB90B,KAAK00B,QAAQ10B,KAAKmzB,WACnCnzB,KAAK8B,EAAI,EAET,MAAMkuB,EAAYztB,EAAMyG,SAAS6qB,EAAMjyB,QACvC5B,KAAKmzB,UAAUhxB,IAAI6tB,EAAWhwB,KAAK8B,GACnC9B,KAAK8B,GAAKkuB,EAAUpuB,MAC1B,MACMkzB,EAAiB,IAAIrzB,WAGvB,OAAOqzB,CACX,CAEE,YAAMnuB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CAGLM,EAFuB/B,KAAK00B,QAAQ10B,KAAKmzB,WAEjBnqB,SAAS,EAAGhJ,KAAK8B,EAC/C,CAGI,OADA9B,KAAKo0B,qBACEryB,CACX,CAEE,kBAAAqyB,GACEp0B,KAAKmzB,UAAUzL,KAAK,GACpB1nB,KAAKkzB,UAAUxL,KAAK,GACpB1nB,KAAK2Q,IAAI+W,KAAK,EAClB,EAuBA,SAASuM,GAAOzV,EAAGzG,GACjB,MAAMgd,EAAUtsB,KAAKud,IAAIxH,EAAE5c,OAAQmW,EAAEnW,QACrC,IAAK,IAAIE,EAAI,EAAGA,EAAIizB,EAASjzB,IAC3B0c,EAAE1c,GAAK0c,EAAE1c,GAAKiW,EAAEjW,EAEpB,CAEA,MAAM2yB,GAAiBtO,GAAO,IAAI/F,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK4P,MAAM8N,EAAI7b,WAAa,8DAnQ/FhI,eAAuBogB,EAAM/R,EAAK4e,EAAYE,GACnD,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GAC7C,GAAIuB,IAAc+O,GAAUgC,GAC1B,OAwQJ,SAAqBtS,EAAM/R,EAAK0jB,EAAI5E,GAClC,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GACvCuS,EAAc,IAAIhR,GAAWiR,iBAAiBlC,GAAUgC,GAAWrkB,EAAK8e,GAC9E,OAAOxV,EAAiBoa,GAAI9xB,GAAS,IAAId,WAAWwzB,EAAY1Q,OAAOhiB,KACzE,CA5QW4yB,CAAYzS,EAAM/R,EAAK4e,EAAYE,GAE5C,GAAI3Y,EAAK4H,MAAMgE,GACb,OA8OJpgB,eAA0BogB,EAAM/R,EAAK0jB,EAAI5E,GACvC,GAAI3Y,EAAK7V,SAASozB,GAAK,CACrB,MAAMvD,EAAM,IAAIwD,IAAqB,EAAO5R,EAAM/R,EAAK8e,GACvD,OAAOxV,EAAiBoa,GAAI9xB,GAASuuB,EAAI6D,aAAapyB,KAAQ,IAAMuuB,EAAInqB,UAC5E,CACE,OAAOyuB,GAAYzkB,EAAK8e,GAAInB,QAAQ+F,EACtC,CApPWgB,CAAW3S,EAAM/R,EAAK4e,EAAYE,GAG3C,MACM6F,EAAW,UADU7S,GAAgBC,IACT/R,GAC5B4kB,EAAaD,EAASpS,UAE5B,IAAIsS,EAAS/F,EACT4E,EAAK,IAAI5yB,WACb,MAAM2B,EAAUJ,IACVA,IACFqxB,EAAKvd,EAAKpV,iBAAiB,CAAC2yB,EAAIrxB,KAElC,MAAMssB,EAAY,IAAI7tB,WAAW4yB,EAAGzyB,QACpC,IAAIE,EACAuY,EAAI,EACR,KAAOrX,EAAQqxB,EAAGzyB,QAAU2zB,EAAalB,EAAGzyB,QAAQ,CAClD,MAAM6zB,EAAWH,EAAStH,QAAQwH,GAElC,IADAA,EAASnB,EAAGrrB,SAAS,EAAGusB,GACnBzzB,EAAI,EAAGA,EAAIyzB,EAAYzzB,IAC1BwtB,EAAUjV,KAAOmb,EAAO1zB,GAAK2zB,EAAS3zB,GAExCuyB,EAAKA,EAAGrrB,SAASusB,EACvB,CACI,OAAOjG,EAAUtmB,SAAS,EAAGqR,EAAE,EAEjC,OAAOJ,EAAiBsV,EAAYnsB,EAASA,EAC/C,UA5EOd,eAAuBogB,EAAM/R,EAAK2e,EAAWG,EAAIvb,GACtD,MAAM8gB,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GAC7C,GAAI5L,EAAKyF,iBAAmByW,GAAUgC,GACpC,OA6SJ,SAAqBtS,EAAM/R,EAAK+kB,EAAIjG,GAClC,MAAMuF,EAAWvqB,EAAMpI,KAAKoI,EAAMoC,UAAW6V,GACvCiT,EAAY,IAAI1R,GAAW2R,eAAe5C,GAAUgC,GAAWrkB,EAAK8e,GAC1E,OAAOxV,EAAiByb,GAAInzB,GAAS,IAAId,WAAWk0B,EAAUpR,OAAOhiB,KACvE,CAjTWszB,CAAYnT,EAAM/R,EAAK2e,EAAWG,GAE3C,GAAI3Y,EAAK4H,MAAMgE,GACb,OA8QJpgB,eAA0BogB,EAAM/R,EAAK+kB,EAAIjG,GACvC,GAAIrT,UAAmB6W,GAAmBI,YAAY3Q,GAAO,CAC3D,MAAMoO,EAAM,IAAImC,GAAmBvQ,EAAM/R,EAAK8e,GAC9C,OAAO3Y,EAAK7V,SAASy0B,GAAMzb,EAAiByb,GAAInzB,GAASuuB,EAAI6C,aAAapxB,KAAQ,IAAMuuB,EAAInqB,WAAYmqB,EAAI9C,QAAQ0H,EACrH,CAAM,GAAI5e,EAAK7V,SAASy0B,GAAK,CAC5B,MAAM5E,EAAM,IAAIwD,IAAqB,EAAM5R,EAAM/R,EAAK8e,GACtD,OAAOxV,EAAiByb,GAAInzB,GAASuuB,EAAI6D,aAAapyB,KAAQ,IAAMuuB,EAAInqB,UAC5E,CACE,OAAOyuB,GAAYzkB,EAAK8e,GAAIzB,QAAQ0H,EACtC,CAvRWI,CAAWpT,EAAM/R,EAAK2e,EAAWG,GAG1C,MACM6F,EAAW,UADU7S,GAAgBC,IACT/R,GAC5B4kB,EAAaD,EAASpS,UAEtB6S,EAAStG,EAAG9sB,QAClB,IAAI+yB,EAAK,IAAIj0B,WACb,MAAM2B,EAAUJ,IACVA,IACF0yB,EAAK5e,EAAKpV,iBAAiB,CAACg0B,EAAI1yB,KAElC,MAAMusB,EAAa,IAAI9tB,WAAWi0B,EAAG9zB,QACrC,IAAIE,EACAuY,EAAI,EACR,KAAOrX,EAAQ0yB,EAAG9zB,QAAU2zB,EAAaG,EAAG9zB,QAAQ,CAClD,MAAMo0B,EAAWV,EAAStH,QAAQ+H,GAClC,IAAKj0B,EAAI,EAAGA,EAAIyzB,EAAYzzB,IAC1Bi0B,EAAOj0B,GAAK4zB,EAAG5zB,GAAKk0B,EAASl0B,GAC7BytB,EAAWlV,KAAO0b,EAAOj0B,GAE3B4zB,EAAKA,EAAG1sB,SAASusB,EACvB,CACI,OAAOhG,EAAWvmB,SAAS,EAAGqR,EAAE,EAElC,OAAOJ,EAAiBqV,EAAWlsB,EAASA,EAC9C,IC9EA,MAAMgZ,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAgBlB0Z,GAAc,GAWpB,SAASC,GAAYrvB,EAAMgJ,GACzB,MAAMiJ,EAASjS,EAAKjF,OAASq0B,GAC7B,IAAK,IAAIn0B,EAAI,EAAGA,EAAIm0B,GAAan0B,IAC/B+E,EAAK/E,EAAIgX,IAAWjJ,EAAQ/N,GAE9B,OAAO+E,CACT,CAeA,MAAMusB,GAAY,IAAI3xB,WAAWw0B,IAElB3zB,eAAe6zB,GAAKxlB,GACjC,MAAM6e,QAAY4G,GAAIzlB,GAGhBd,EAAUiH,EAAK+E,aAAa2T,EAAI4D,KAChCiD,EAAWvf,EAAK+E,OAAOhM,GAE7B,OAAOvN,eAAeuE,GAEpB,aAAc2oB,EAxBlB,SAAa3oB,EAAMgJ,EAASwmB,GAE1B,GAAIxvB,EAAKjF,QAAUiF,EAAKjF,OAASq0B,IAAgB,EAE/C,OAAOC,GAAYrvB,EAAMgJ,GAG3B,MAAMgJ,EAAS,IAAIpX,WAAWoF,EAAKjF,QAAUq0B,GAAepvB,EAAKjF,OAASq0B,KAG1E,OAFApd,EAAO1W,IAAI0E,GACXgS,EAAOhS,EAAKjF,QAAU,IACfs0B,GAAYrd,EAAQwd,EAC7B,CAasB1D,CAAI9rB,EAAMgJ,EAASwmB,KAAYrtB,UAAUitB,GAC5D,CACH,CAEA3zB,eAAe8zB,GAAIzlB,GACjB,GAAImG,EAAKyF,gBACP,OAAOja,eAAeozB,GACpB,MACMrB,EADK,IAAIpQ,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAKyiB,IACpE7O,OAAOmR,GACrB,OAAO,IAAIj0B,WAAW4yB,EACvB,EAGH,GAAIvd,EAAKqF,eACP,IAEE,OADAxL,QAAYyL,GAAUkX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1FU,eAAeozB,GACpB,MAAMrB,QAAWjY,GAAU4R,QAAQ,CAAE/lB,KAAM,UAAWwnB,GAAI2D,GAAWxxB,OAAsB,EAAdq0B,IAAmBtlB,EAAK+kB,GACrG,OAAO,IAAIj0B,WAAW4yB,GAAIrrB,SAAS,EAAGqrB,EAAG/pB,WAAa2rB,GACvD,CACF,CAAC,MAAOK,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,QACvE,CAGE,OAAOjR,eAAeozB,GACpB,OAAOa,GAAY5lB,EAAKyiB,GAAW,CAAExD,gBAAgB,IAAQ5B,QAAQ0H,EACtE,CACH,CC1EA,MAAMtZ,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAClBI,GAAS7F,EAAK4F,gBAGduZ,GAAc,GACdO,GAAWP,GACX/E,GAAY+E,GAEZQ,GAAO,IAAIh1B,WAAWw0B,IACtBS,GAAM,IAAIj1B,WAAWw0B,IAAcS,GAAIT,GAAc,GAAK,EAChE,MAAMU,GAAM,IAAIl1B,WAAWw0B,IAE3B3zB,eAAes0B,GAAKjmB,GAClB,MAAMkmB,QAAaV,GAAKxlB,GACxB,OAAO,SAASiL,EAAGrI,GACjB,OAAOsjB,EAAK/f,EAAKpV,iBAAiB,CAACka,EAAGrI,IACvC,CACH,CAEAjR,eAAew0B,GAAInmB,GACjB,GAAImG,EAAKyF,gBACP,OAAOja,eAAeozB,EAAIjG,GACxB,MAAMsH,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GAC5E4E,EAAK1X,GAAOnY,OAAO,CAACuyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,UAC5C,OAAO,IAAIv1B,WAAW4yB,EACvB,EAGH,GAAIvd,EAAKqF,eACP,IACE,MAAMuX,QAAetX,GAAUkX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1G,OAAOU,eAAeozB,EAAIjG,GACxB,MAAM4E,QAAWjY,GAAU4R,QAAQ,CAAE/lB,KAAM,UAAW0pB,QAASlC,EAAI7tB,OAAsB,EAAdq0B,IAAmBvC,EAAQgC,GACtG,OAAO,IAAIj0B,WAAW4yB,EACvB,CACF,CAAC,MAAOiC,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,QACvE,CAGE,OAAOjR,eAAeozB,EAAIjG,GACxB,OAAOwH,GAAYtmB,EAAK8e,GAAIzB,QAAQ0H,EACrC,CACH,CAQApzB,eAAe40B,GAAIrU,EAAQlS,GACzB,GAAIkS,IAAWpY,EAAMoC,UAAUK,QAC7B2V,IAAWpY,EAAMoC,UAAUM,QAC3B0V,IAAWpY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,MACE41B,EACAtI,SACQ3uB,QAAQ4E,IAAI,CACpB8xB,GAAKjmB,GACLmmB,GAAInmB,KAGN,MAAO,CAQLqd,QAAS1rB,eAAegtB,EAAWZ,EAAO0I,GACxC,MACEC,EACAC,SACQp3B,QAAQ4E,IAAI,CACpBqyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,KAENG,QAAiB1I,EAAIS,EAAW+H,GAEhCpZ,QADqBkZ,EAAKR,GAAKY,GAErC,IAAK,IAAIz1B,EAAI,EAAGA,EAAIovB,GAAWpvB,IAC7Bmc,EAAInc,IAAMw1B,EAAUx1B,GAAKu1B,EAAUv1B,GAErC,OAAOgV,EAAKpV,iBAAiB,CAAC61B,EAAUtZ,GACzC,EASDqQ,QAAShsB,eAAeitB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW3tB,OAASsvB,GAAW,MAAU3vB,MAAM,0BACnD,MAAMg2B,EAAWhI,EAAWvmB,SAAS,GAAIkoB,IACnCsG,EAAQjI,EAAWvmB,UAAUkoB,KAEjCmG,EACAC,EACAG,SACQv3B,QAAQ4E,IAAI,CACpBqyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,GACVD,EAAKR,GAAKY,KAENtZ,EAAMwZ,EACZ,IAAK,IAAI31B,EAAI,EAAGA,EAAIovB,GAAWpvB,IAC7Bmc,EAAInc,IAAMw1B,EAAUx1B,GAAKu1B,EAAUv1B,GAErC,IAAKgV,EAAKqE,iBAAiBqc,EAAOvZ,GAAM,MAAU1c,MAAM,+BAExD,aADwBstB,EAAI0I,EAAUF,EAE5C,EAEA,CAnHyCV,GAAIV,GAAc,GAAK,EA2HhEiB,GAAIQ,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEAwI,GAAIjB,YAAcA,GAClBiB,GAAIV,SAAWA,GACfU,GAAIhG,UAAYA,GClJhB,MAAM+E,GAAc,GAOd/E,GAAY,GAGlB,SAAS0G,GAAI/f,GACX,IAAI+f,EAAM,EACV,IAAK,IAAI91B,EAAI,IAAI+V,EAAI/V,GAAUA,IAAM,EACnC81B,IAEF,OAAOA,CACT,CAEA,SAAS3D,GAAO4D,EAAGC,GACjB,IAAK,IAAIh2B,EAAI,EAAGA,EAAI+1B,EAAEj2B,OAAQE,IAC5B+1B,EAAE/1B,IAAMg2B,EAAEh2B,GAEZ,OAAO+1B,CACT,CAEA,SAASE,GAAIF,EAAGC,GACd,OAAO7D,GAAO4D,EAAEl1B,QAASm1B,EAC3B,CAEA,MAAM1E,GAAY,IAAI3xB,WAAWw0B,IAC3BS,GAAM,IAAIj1B,WAAW,CAAC,IAO5Ba,eAAe01B,GAAInV,EAAQlS,GACzB,MAAMsS,QAAEA,GAAYD,GAAgBH,GAEpC,IAAK/L,EAAK4H,MAAMmE,IAAWlS,EAAI/O,SAAWqhB,EACxC,MAAU1hB,MAAM,oCAGlB,IAAI02B,EAAS,EAKb,MAAMC,EAAM3B,GAAY5lB,EAAKyiB,GAAW,CAAExD,gBAAgB,IACpDuI,EAAWlG,GAASiG,EAAIlK,QAAQiE,GAChCmG,EAAWnG,GAASiG,EAAI5J,QAAQ2D,GACtC,IAAIpI,EAmEJ,SAASwO,EAAMpxB,EAAI+I,EAAM0e,EAAO0I,GAI9B,MAAMkB,EAAItoB,EAAKpO,OAASq0B,GAAc,GAxDxC,SAA4BjmB,EAAMonB,GAChC,MAAMmB,EAAYzhB,EAAKwC,MAAM7Q,KAAKC,IAAIsH,EAAKpO,OAAQw1B,EAAMx1B,QAAUq0B,GAAc,GAAK,EACtF,IAAK,IAAIn0B,EAAIm2B,EAAS,EAAGn2B,GAAKy2B,EAAWz2B,IACvC+nB,EAAK/nB,GAAKgV,EAAK+E,OAAOgO,EAAK/nB,EAAI,IAEjCm2B,EAASM,CACb,CAuDIC,CAAmBxoB,EAAMonB,GAOzB,MAAMqB,EAAc3hB,EAAKpV,iBAAiB,CAAC0xB,GAAUpqB,SAAS,EAtIjD,GAsI+D0lB,EAAM9sB,QAAS80B,GAAKhI,IAE1FgK,EAAwC,GAA/BD,EAAYxC,IAE3BwC,EAAYxC,KAAoB,IAChC,MAAM0C,EAAOR,EAASM,GAEhBG,EAAY9hB,EAAKpV,iBAAiB,CAACi3B,EAAMZ,GAAIY,EAAK3vB,SAAS,EAAG,GAAI2vB,EAAK3vB,SAAS,EAAG,MAEnF8P,EAAShC,EAAKkF,WAAW4c,EAAU5vB,SAAS,GAAK0vB,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAa1vB,SAAS,GAE/G6vB,EAAW,IAAIp3B,WAAWw0B,IAE1B5B,EAAK,IAAI5yB,WAAWuO,EAAKpO,OAASsvB,IAKxC,IAAIpvB,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIw2B,EAAGx2B,IAEjBmyB,GAAOnb,EAAQ+Q,EAAK+N,GAAI91B,EAAI,KAG5BuyB,EAAGlyB,IAAI8xB,GAAOhtB,EAAG8wB,GAAIjf,EAAQ9I,IAAQ8I,GAAS9W,GAE9CiyB,GAAO4E,EAAU5xB,IAAOkxB,EAAWnoB,EAAOqkB,EAAGrrB,SAAShH,IAEtDgO,EAAOA,EAAKhH,SAASitB,IACrBj0B,GAAOi0B,GAMT,GAAIjmB,EAAKpO,OAAQ,CAEfqyB,GAAOnb,EAAQ+Q,EAAKnO,GAEpB,MAAM7L,EAAUsoB,EAASrf,GAEzBub,EAAGlyB,IAAI41B,GAAI/nB,EAAMH,GAAU7N,GAG3B,MAAM82B,EAAW,IAAIr3B,WAAWw0B,IAChC6C,EAAS32B,IAAI8E,IAAOkxB,EAAWnoB,EAAOqkB,EAAGrrB,SAAShH,GAAK,IAAa,GACpE82B,EAAS9oB,EAAKpO,QAAU,IACxBqyB,GAAO4E,EAAUC,GACjB92B,GAAOgO,EAAKpO,MAClB,CAEI,MAAMqc,EAAMgW,GAAOkE,EAASlE,GAAOA,GAAO4E,EAAU/f,GAAS+Q,EAAKkP,IAhHpE,SAAc3B,GACZ,IAAKA,EAAMx1B,OAET,OAAOwxB,GAMT,MAAMkF,EAAIlB,EAAMx1B,OAASq0B,GAAc,EAEjCnd,EAAS,IAAIrX,WAAWw0B,IACxBvD,EAAM,IAAIjxB,WAAWw0B,IAC3B,IAAK,IAAIn0B,EAAI,EAAGA,EAAIw2B,EAAGx2B,IACrBmyB,GAAOnb,EAAQ+Q,EAAK+N,GAAI91B,EAAI,KAC5BmyB,GAAOvB,EAAKyF,EAASJ,GAAIjf,EAAQse,KACjCA,EAAQA,EAAMpuB,SAASitB,IAMzB,GAAImB,EAAMx1B,OAAQ,CAChBqyB,GAAOnb,EAAQ+Q,EAAKnO,GAEpB,MAAMsd,EAAc,IAAIv3B,WAAWw0B,IACnC+C,EAAY72B,IAAIi1B,EAAO,GACvB4B,EAAY5B,EAAMx1B,QAAU,IAC5BqyB,GAAO+E,EAAalgB,GAEpBmb,GAAOvB,EAAKyF,EAASa,GAC3B,CAEI,OAAOtG,CACX,CA8E2E/kB,CAAKypB,IAO5E,OADA/C,EAAGlyB,IAAI8b,EAAKjc,GACLqyB,CACX,CAGE,OA9IA,WACE,MAAM4E,EAASd,EAAS/E,IAClB8F,EAASpiB,EAAK+E,OAAOod,GAC3BpP,EAAO,GACPA,EAAK,GAAK/S,EAAK+E,OAAOqd,GAGtBrP,EAAKnO,EAAIud,EACTpP,EAAKkP,EAAIG,CACb,CAXEC,GAgJO,CAQLnL,QAAS1rB,eAAegtB,EAAWZ,EAAO0I,GACxC,OAAOiB,EAAMF,EAAU7I,EAAWZ,EAAO0I,EAC1C,EASD9I,QAAShsB,eAAeitB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW3tB,OAASsvB,GAAW,MAAU3vB,MAAM,0BAEnD,MAAM0c,EAAMsR,EAAWvmB,UAAS,IAChCumB,EAAaA,EAAWvmB,SAAS,GAAG,IAEpC,MAAMowB,EAAUf,EAAMD,EAAU7I,EAAYb,EAAO0I,GAEnD,GAAItgB,EAAKqE,iBAAiB8C,EAAKmb,EAAQpwB,UAAS,KAC9C,OAAOowB,EAAQpwB,SAAS,GAAG,IAE7B,MAAUzH,MAAM,8BACtB,EAEA,CAQAy2B,GAAIN,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEAsJ,GAAI/B,YAAcA,GAClB+B,GAAIxB,SAvPa,GAwPjBwB,GAAI9G,UAAYA,GCxPhB,MAAM9U,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAClBI,GAAS7F,EAAK4F,gBAIdwU,GAAY,GACZmI,GAAO,UAOb/2B,eAAeg3B,GAAIzW,EAAQlS,GACzB,GAAIkS,IAAWpY,EAAMoC,UAAUK,QAC7B2V,IAAWpY,EAAMoC,UAAUM,QAC3B0V,IAAWpY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,GAAIuV,EAAKyF,gBACP,MAAO,CACLyR,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,EAAQ,IAAI31B,YAC1C,MAAMs1B,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbjlB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GAClFsH,EAAGwC,OAAOnC,GACV,MAAM/C,EAAK1X,GAAOnY,OAAO,CAACuyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,QAASD,EAAGyC,eACxD,OAAO,IAAI/3B,WAAW4yB,EACvB,EAED/F,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,EAAQ,IAAI31B,YAC1C,MAAMg4B,EAAK,IAAIxV,GAAWiR,iBAAiB,OAAuB,EAAbvkB,EAAI/O,OAAc,OAAQ+O,EAAK8e,GACpFgK,EAAGF,OAAOnC,GACVqC,EAAGC,WAAWrF,EAAG1xB,MAAM0xB,EAAGzyB,OAASsvB,GAAWmD,EAAGzyB,SACjD,MAAM8zB,EAAK/Y,GAAOnY,OAAO,CAACi1B,EAAGlV,OAAO8P,EAAG1xB,MAAM,EAAG0xB,EAAGzyB,OAASsvB,KAAauI,EAAGzC,UAC5E,OAAO,IAAIv1B,WAAWi0B,EAC9B,GAIE,GAAI5e,EAAKqF,eACP,IACE,MAAMwd,QAAavd,GAAUkX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAMoxB,KAAQ,EAAO,CAAC,UAAW,YAEhFO,EAAoC/c,UAAUgd,UAAUja,MAAM,kCAClE/C,UAAUgd,UAAUja,MAAM,kDAC5B,MAAO,CACLoO,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,EAAQ,IAAI31B,YAC1C,GAAIm4B,IAAsClE,EAAG9zB,OAC3C,OAAOk4B,GAAYnpB,EAAK8e,EAAI2H,GAAOpJ,QAAQ0H,GAE7C,MAAMrB,QAAWjY,GAAU4R,QAAQ,CAAE/lB,KAAMoxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMjE,GAC9G,OAAO,IAAIj0B,WAAW4yB,EACvB,EAED/F,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,EAAQ,IAAI31B,YAC1C,GAAIm4B,GAAqCvF,EAAGzyB,SAAWsvB,GACrD,OAAO4I,GAAYnpB,EAAK8e,EAAI2H,GAAO9I,QAAQ+F,GAE7C,IACE,MAAMqB,QAAWtZ,GAAUkS,QAAQ,CAAErmB,KAAMoxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMtF,GAC9G,OAAO,IAAI5yB,WAAWi0B,EACvB,CAAC,MAAOxxB,GACP,GAAe,mBAAXA,EAAE+D,KACJ,MAAU1G,MAAM,8BAE9B,CACA,EAEK,CAAC,MAAO+0B,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,QACvE,CAGE,MAAO,CACLya,QAAS1rB,eAAeozB,EAAIjG,EAAI2H,GAC9B,OAAO0C,GAAYnpB,EAAK8e,EAAI2H,GAAOpJ,QAAQ0H,EAC5C,EAEDpH,QAAShsB,eAAe+xB,EAAI5E,EAAI2H,GAC9B,OAAO0C,GAAYnpB,EAAK8e,EAAI2H,GAAO9I,QAAQ+F,EACjD,EAEA,CAWAiF,GAAI5B,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG9sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI61B,EAAW/1B,OAAQE,IACrC4sB,EAAM,EAAI5sB,IAAM61B,EAAW71B,GAE7B,OAAO4sB,CACT,EAEA4K,GAAIrD,YAvGgB,GAwGpBqD,GAAI9C,SAvGa,GAwGjB8C,GAAIpI,UAAYA,GC9HhB,IAAeuC,GAAA,CAEb3C,IAAKA,GAELriB,IAAKA,GACLC,gBAAiBD,GAEjBF,IAAKA,GAELC,IAAKA,ICjBP,MAAMwrB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAEb,SAAUgT,GAAmB/vB,GACjC,MAAMyP,EAAc,mBACpB,IAAIC,EAAI,GAIR,OAHA1P,EAAMlI,SAAQ6X,IACZD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAEzCoN,OAAO,MAAQrN,EACxB,CAEgB,SAAAsgB,GAAI3b,EAAW8Z,GAC7B,MAAM8B,EAAU5b,EAAI8Z,EACpB,OAAO8B,EAAUJ,GAAMI,EAAU9B,EAAI8B,CACvC,UASgBC,GAAOtiB,EAAW7T,EAAW2T,GAC3C,GAAIA,IAAMmiB,GAAK,MAAMz4B,MAAM,yBAC3B,GAAIsW,IAAMoiB,GAAK,OAAO/S,OAAO,GAC7B,GAAIhjB,EAAI81B,GAAK,MAAMz4B,MAAM,iCAEzB,IAAI+4B,EAAMp2B,EACNwX,EAAI3D,EAER2D,GAAK7D,EACL,IAAI8D,EAAIuL,OAAO,GACf,KAAOoT,EAAMN,IAAK,CAChB,MAAMO,EAAMD,EAAML,GAClBK,IAAQL,GAIRte,EAAI4e,EAFQ5e,EAAID,EAAK7D,EAEN8D,EACfD,EAAKA,EAAIA,EAAK7D,EAEhB,OAAO8D,CACT,CAGA,SAAS6e,GAAI9e,GACX,OAAOA,GAAKse,GAAMte,GAAKA,CACzB,CAsDgB,SAAA+e,GAAOjc,EAAW3G,GAChC,MAAM6iB,IAAEA,EAAGhf,EAAEA,GA7Cf,SAAeif,EAAgBC,GAC7B,IAAIlf,EAAIwL,OAAO,GACX2T,EAAI3T,OAAO,GACX4T,EAAQ5T,OAAO,GACf6T,EAAQ7T,OAAO,GAKf1I,EAAIgc,GAAIG,GACR5iB,EAAIyiB,GAAII,GACZ,MAAMI,EAAWL,EAASX,GACpBiB,EAAWL,EAASZ,GAE1B,KAAOjiB,IAAMiiB,IAAK,CAChB,MAAMpW,EAAIpF,EAAIzG,EACd,IAAI0T,EAAM/P,EACVA,EAAIof,EAAQlX,EAAIlI,EAChBof,EAAQrP,EAERA,EAAMoP,EACNA,EAAIE,EAAQnX,EAAIiX,EAChBE,EAAQtP,EAERA,EAAM1T,EACNA,EAAIyG,EAAIzG,EACRyG,EAAIiN,EAGN,MAAO,CACL/P,EAAGsf,GAAYF,EAAQA,EACvBD,EAAGI,GAAYF,EAAQA,EACvBL,IAAKlc,EAET,CAWqB0c,CAAM1c,EAAG3G,GAC5B,GAAI6iB,IAAQT,GACV,MAAU14B,MAAM,0BAElB,OAAO44B,GAAIze,EAAI7D,EAAGA,EACpB,CAwBM,SAAUsjB,GAAezf,GAC7B,MAAM0f,EAAS/T,OAAO3L,GACtB,GAAI0f,EAAS/T,OAAOgU,iBAElB,MAAU95B,MAAM,8CAElB,OAAO65B,CACT,CAQgB,SAAAE,GAAO5f,EAAU5Z,GAE/B,OADa4Z,GAAKwL,OAAOplB,GAAMm4B,MAChBD,GAAM,EAAI,CAC3B,CAKM,SAAUuB,GAAU7f,GAGxB,MAAMlW,EAASkW,EAAIse,GAAM9S,QAAQ,GAAK8S,GACtC,IAAIwB,EAAS,EACT/P,EAAM/P,EAEV,MAAQ+P,IAAQwO,MAASz0B,GACvBg2B,IAEF,OAAOA,CACT,CAKM,SAAUlxB,GAAWoR,GACzB,MAAMlW,EAASkW,EAAIse,GAAM9S,QAAQ,GAAK8S,GAChCyB,EAAMvU,OAAO,GACnB,IAAIoG,EAAM,EACN7B,EAAM/P,EAEV,MAAQ+P,IAAQgQ,KAASj2B,GACvB8nB,IAEF,OAAOA,CACT,CAQM,SAAUoO,GAAmBhgB,EAAWigB,EAAS,KAAM/5B,GAG3D,IAAI4X,EAAMkC,EAAE+E,SAAS,IACjBjH,EAAI5X,OAAS,GAAM,IACrB4X,EAAM,IAAMA,GAGd,MAAMoiB,EAAYpiB,EAAI5X,OAAS,EACzBuI,EAAQ,IAAI1I,WAAWG,GAAUg6B,GAEjC9iB,EAASlX,EAASA,EAASg6B,EAAY,EAC7C,IAAI95B,EAAI,EACR,KAAOA,EAAI85B,GACTzxB,EAAMrI,EAAIgX,GAAUY,SAASF,EAAI7W,MAAM,EAAIb,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAX65B,GACFxxB,EAAM8gB,UAGD9gB,CACT,CC7LA,MAAM8Z,GAAanN,EAAKyF,gBAOjB,SAASsf,GAAej6B,GAC7B,MAAM4a,EAA8B,oBAAXH,OAAyBA,OAAS4H,IAAYzH,UACvE,GAAIA,GAAWsf,gBAAiB,CAC9B,MAAMhd,EAAM,IAAIrd,WAAWG,GAC3B,OAAO4a,EAAUsf,gBAAgBhd,EACrC,CACI,MAAUvd,MAAM,+CAEpB,CASO,SAASw6B,GAAoB/V,EAAKtd,GACvC,GAAIA,EAAMsd,EACR,MAAUzkB,MAAM,uCAGlB,MAAMy6B,EAAUtzB,EAAMsd,EAOtB,OAAOmU,GADGD,GAAmB2B,GALfvxB,GAAW0xB,GAK2B,IACtCA,GAAWhW,CAC3B,8FCvCA,MAAMiU,GAAM/S,OAAO,YAQH+U,GAAoB/f,EAAchY,EAAWuV,GAC3D,MAAMyiB,EAAOhV,OAAO,IACdlB,EAAMiU,IAAO/S,OAAOhL,EAAO,GAO3BigB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAErG,IAAItkB,EAAIkkB,GAAoB/V,EAAKA,GAAOiU,IACpCn4B,EAAIq5B,GAAehB,GAAItiB,EAAGqkB,IAE9B,GACErkB,GAAKqP,OAAOiV,EAAKr6B,IACjBA,GAAKA,EAAIq6B,EAAKr6B,IAAMq6B,EAAKv6B,OAErB25B,GAAU1jB,GAAKqE,IACjBrE,EAAIsiB,GAAItiB,EAAGmO,GAAOiU,IAAMpiB,GAAKmO,EAC7BlkB,EAAIq5B,GAAehB,GAAItiB,EAAGqkB,YAEpBE,GAAgBvkB,EAAG3T,EAAGuV,IAChC,OAAO5B,CACT,UAQgBukB,GAAgBvkB,EAAW3T,EAAWuV,GACpD,QAAIvV,GFsDU,SAAIy2B,EAAgBC,GAClC,IAAIpc,EAAImc,EACJ5iB,EAAI6iB,EACR,KAAO7iB,IAAMiiB,IAAK,CAChB,MAAMvO,EAAM1T,EACZA,EAAIyG,EAAIzG,EACRyG,EAAIiN,EAEN,OAAOjN,CACT,CE/DWkc,CAAI7iB,EAAIoiB,GAAK/1B,KAAO+1B,QA2BzB,SAAuBpiB,GAC3B,MAAMmiB,EAAM9S,OAAO,GACnB,OAAOmV,GAAYC,OAAMhE,GAAK6B,GAAItiB,EAAGygB,KAAO0B,GAC9C,CA3BOuC,CAAa1kB,OAoBd,SAAiBA,EAAWE,EAAImP,OAAO,IAC3C,OAAOmT,GAAOtiB,EAAGF,EAAIoiB,GAAKpiB,KAAOoiB,EACnC,CAnBOuC,CAAO3kB,eAoJcA,EAAW4B,GACrC,MAAM6T,EAAMiO,GAAU1jB,GAEjB4B,IACHA,EAAIhR,KAAKC,IAAI,EAAI4kB,EAAM,GAAM,IAG/B,MAAMmP,EAAK5kB,EAAIoiB,GAGf,IAAIpgB,EAAI,EACR,MAAQyhB,GAAOmB,EAAI5iB,IAAMA,IACzB,MAAMwJ,EAAIxL,GAAKqP,OAAOrN,GAEtB,KAAOJ,EAAI,EAAGA,IAAK,CAGjB,IAKI3X,EALA4Z,EAAI2e,GAFkB0B,GAAoB7U,OAAO,GAAIuV,GAEvCpZ,EAAGxL,GACrB,GAAI6D,IAAMue,IAAOve,IAAM+gB,EAAvB,CAKA,IAAK36B,EAAI,EAAGA,EAAI+X,EAAG/X,IAAK,CAGtB,GAFA4Z,EAAIye,GAAIze,EAAIA,EAAG7D,GAEX6D,IAAMue,GACR,OAAO,EAET,GAAIve,IAAM+gB,EACR,MAIJ,GAAI36B,IAAM+X,EACR,OAAO,GAIX,OAAO,CACT,CAzLO6iB,CAAY7kB,EAAG4B,IAMtB,CAkBA,MAAM4iB,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MACpC13B,KAAIkT,GAAKqP,OAAOrP,KCjJlB,MAAM8kB,GAAe,GAyCd,SAASC,GAAUrpB,EAASspB,GACjC,MAAMC,EAAUvpB,EAAQ3R,OAExB,GAAIk7B,EAAUD,EAAY,GACxB,MAAUt7B,MAAM,oBAIlB,MAAMw7B,EA7BR,SAAyBn7B,GACvB,MAAMG,EAAS,IAAIN,WAAWG,GAC9B,IAAIo7B,EAAQ,EACZ,KAAOA,EAAQp7B,GAAQ,CACrB,MAAMq7B,EAAcpB,GAAej6B,EAASo7B,GAC5C,IAAK,IAAIl7B,EAAI,EAAGA,EAAIm7B,EAAYr7B,OAAQE,IACf,IAAnBm7B,EAAYn7B,KACdC,EAAOi7B,KAAWC,EAAYn7B,GAGtC,CACE,OAAOC,CACT,CAiBam7B,CAAgBL,EAAYC,EAAU,GAG3C9d,EAAU,IAAIvd,WAAWo7B,GAM/B,OAJA7d,EAAQ,GAAK,EACbA,EAAQ7c,IAAI46B,EAAI,GAEhB/d,EAAQ7c,IAAIoR,EAASspB,EAAYC,GAC1B9d,CACT,CAUO,SAASme,GAAUne,EAASoe,GAEjC,IAAItkB,EAAS,EACTukB,EAAoB,EACxB,IAAK,IAAIhjB,EAAIvB,EAAQuB,EAAI2E,EAAQpd,OAAQyY,IACvCgjB,GAAoC,IAAfre,EAAQ3E,GAC7BvB,GAAUukB,EAGZ,MAAMC,EAAQxkB,EAAS,EACjBykB,EAAUve,EAAQhW,SAAS8P,EAAS,GACpC0kB,EAAgC,IAAfxe,EAAQ,GAA0B,IAAfA,EAAQ,GAAWse,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOtmB,EAAKwH,iBAAiBkf,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUh8B,MAAM,mBAClB,CAUO,SAASk8B,GAAW/a,EAAMgb,EAAQC,GACvC,IAAI77B,EACJ,GAAI47B,EAAO97B,SAAW+L,GAAK4X,kBAAkB7C,GAC3C,MAAUnhB,MAAM,uBAIlB,MAAMq8B,EAAa,IAAIn8B,WAAWk7B,GAAaja,GAAM9gB,QACrD,IAAKE,EAAI,EAAGA,EAAI66B,GAAaja,GAAM9gB,OAAQE,IACzC87B,EAAW97B,GAAK66B,GAAaja,GAAM5gB,GAGrC,MAAM+7B,EAAOD,EAAWh8B,OAAS87B,EAAO97B,OACxC,GAAI+7B,EAAQE,EAAO,GACjB,MAAUt8B,MAAM,6CAIlB,MAAMw7B,EAAK,IAAIt7B,WAAWk8B,EAAQE,EAAO,GAAGnW,KAAK,KAI3CoW,EAAK,IAAIr8B,WAAWk8B,GAK1B,OAJAG,EAAG,GAAK,EACRA,EAAG37B,IAAI46B,EAAI,GACXe,EAAG37B,IAAIy7B,EAAYD,EAAQE,GAC3BC,EAAG37B,IAAIu7B,EAAQC,EAAQD,EAAO97B,QACvBk8B,CACT,CAhIAnB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGCfd,MAAMvgB,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAClB0d,GAAM/S,OAAO,GAuXnB5kB,eAAey7B,GAAalmB,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACzC,MAAMC,EAAO/D,GAAmB9M,GAC1B8Q,EAAOhE,GAAmBtW,GAC1Bua,EAAOjE,GAAmB7W,GAEhC,IAAI+a,EAAKjE,GAAIgE,EAAMD,EAAOjE,IACtBoE,EAAKlE,GAAIgE,EAAMF,EAAOhE,IAG1B,OAFAoE,EAAK3C,GAAmB2C,GACxBD,EAAK1C,GAAmB0C,GACjB,CACLE,IAAK,MACLzmB,EAAG4H,EAAgB5H,GACnB3T,EAAGub,EAAgBvb,GACnBmf,EAAG5D,EAAgB4D,GAEnB+J,EAAG3N,EAAgBmE,GACnBA,EAAGnE,EAAgB2N,GAEnBiR,GAAI5e,EAAgB2e,GACpBA,GAAI3e,EAAgB4e,GACpBE,GAAI9e,EAAgBue,GACpBQ,KAAK,EAET,CAQA,SAASC,GAAY5mB,EAAG3T,GACtB,MAAO,CACLo6B,IAAK,MACLzmB,EAAG4H,EAAgB5H,GACnB3T,EAAGub,EAAgBvb,GACnBs6B,KAAK,EAET,CAGA,SAASE,GAAaC,EAAKz6B,GACzB,MAAO,CACL2T,EAAGyH,EAAgBqf,EAAI9mB,GACvB3T,EAAGw3B,GAAmBx3B,GACtBmf,EAAG/D,EAAgBqf,EAAItb,GAEvB+J,EAAG9N,EAAgBqf,EAAI/a,GACvBA,EAAGtE,EAAgBqf,EAAIvR,GAEvB4Q,EAAG1e,EAAgBqf,EAAIJ,IAE3B,2DA7UOj8B,eAAuBuE,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAIpD,GAAItmB,EAAKyF,kBAAoB6gB,EAC3B,IACE,aAiON96B,eAA2BuE,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,MAAMW,QAAYZ,GAAalmB,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACxCrtB,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAQ3qB,KAAM,QAASpE,QAASoU,GAAW4a,UAAUC,mBAErF,IACE,OAAO,IAAIr9B,WAAWwiB,GAAW8a,eAAepuB,EAAK9J,GACtD,CAAC,MAAOyvB,GACP,MAAU/0B,MAAM,mBACpB,CACA,CA1OmB4zB,CAAYtuB,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAC/C,CAAC,MAAO1H,GACPxf,EAAK2E,gBAAgB6a,EAC3B,CAEE,OAuOFh0B,eAAyBuE,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAQ/C,GAPAv2B,EAAOqzB,GAAmBrzB,GAC1BgR,EAAIqiB,GAAmBriB,GACvB3T,EAAIg2B,GAAmBh2B,GACvBmf,EAAI6W,GAAmB7W,GACvB+J,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBoa,EAAI9D,GAAmB8D,GACnBn3B,GAAQgR,EACV,MAAUtW,MAAM,mBAElB,MAAM68B,EAAKjE,GAAI9W,EAAGO,EAAIqW,IAChBoE,EAAKlE,GAAI9W,EAAG+J,EAAI6M,IAEhB+E,EAAYjD,GAAoB7U,OAAO,GAAIrP,GAC3ConB,EAAU5E,GAAOI,GAAOuE,EAAWnnB,GAAI3T,EAAG2T,GAChDhR,EAAOszB,GAAItzB,EAAOo4B,EAASpnB,GAE3B,MAAMqnB,EAAK7E,GAAOxzB,EAAMw3B,EAAIjR,GACtB+R,EAAK9E,GAAOxzB,EAAMu3B,EAAIxa,GACtB4N,EAAI2I,GAAI6D,GAAKmB,EAAKD,GAAKtb,GAE7B,IAAI7hB,EAASyvB,EAAIpE,EAAI8R,EAIrB,OAFAn9B,EAASo4B,GAAIp4B,EAASi9B,EAAWnnB,GAE1BslB,GAAUzB,GAAmB35B,EAAQ,KAAMuI,GAAWuN,IAAKulB,EACpE,CAlQSgC,CAAUv4B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EAC3C,UAlCO96B,eAAuBuE,EAAMgR,EAAG3T,GACrC,OAAI4S,EAAKyF,gBA2OXja,eAA2BuE,EAAMgR,EAAG3T,GAClC,MAAMy6B,EAAMF,GAAY5mB,EAAG3T,GACrByM,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,QAASpE,QAASoU,GAAW4a,UAAUC,mBAEpF,OAAO,IAAIr9B,WAAWwiB,GAAWob,cAAc1uB,EAAK9J,GACtD,CA/OWgvB,CAAYhvB,EAAMgR,EAAG3T,GAiPhC5B,eAAyBuE,EAAMgR,EAAG3T,GAIhC,GAHA2T,EAAIqiB,GAAmBriB,GACvBhR,EAAOqzB,GAAmB0C,GAAU/1B,EAAMyD,GAAWuN,KACrD3T,EAAIg2B,GAAmBh2B,GACnB2C,GAAQgR,EACV,MAAUtW,MAAM,2CAElB,OAAOm6B,GAAmBrB,GAAOxzB,EAAM3C,EAAG2T,GAAI,KAAMvN,GAAWuN,GACjE,CAvPSynB,CAAUz4B,EAAMgR,EAAG3T,EAC5B,WA4CO5B,eAAwB4Z,EAAMhY,GAInC,GAHAA,EAAIgjB,OAAOhjB,GAGP4S,EAAKqF,eAAgB,CACvB,MAAMojB,EAAY,CAChBt3B,KAAM,oBACNu3B,cAAetjB,EACfujB,eAAgB/D,GAAmBx3B,GACnCyJ,KAAM,CACJ1F,KAAM,UAGJy3B,QAAgBtjB,GAAUujB,YAAYJ,GAAW,EAAM,CAAC,OAAQ,WAMtE,OAAOb,SAFWtiB,GAAUwjB,UAAU,MAAOF,EAAQlsB,YAE5BtP,EAC7B,CAAS,GAAI4S,EAAKyF,gBAAiB,CAC/B,MAAMmT,EAAO,CACX8P,cAAetjB,EACfujB,eAAgBtE,GAAej3B,GAC/B27B,kBAAmB,CAAE5rB,KAAM,QAAS2qB,OAAQ,OAC5CkB,mBAAoB,CAAE7rB,KAAM,QAAS2qB,OAAQ,QAEzCD,QAAY,IAAIz+B,SAAQ,CAACC,EAASC,KACtC6jB,GAAW8b,gBAAgB,MAAOrQ,GAAM,CAAC4G,EAAKpK,EAAG8T,KAC3C1J,EACFl2B,EAAOk2B,GAEPn2B,EAAQ6/B,EAClB,GACQ,IAEJ,OAAOtB,GAAaC,EAAKz6B,EAC7B,CAKE,IAAIkpB,EACAxJ,EACA/L,EACJ,GACE+L,EAAIqY,GAAoB/f,GAAQA,GAAQ,GAAIhY,EAAG,IAC/CkpB,EAAI6O,GAAoB/f,GAAQ,EAAGhY,EAAG,IACtC2T,EAAIuV,EAAIxJ,QACD2X,GAAU1jB,KAAOqE,GAE1B,MAAM+jB,GAAO7S,EAAI6M,KAAQrW,EAAIqW,IAM7B,OAJIrW,EAAIwJ,KACLA,EAAGxJ,GAAK,CAACA,EAAGwJ,IAGR,CACLvV,EAAG6jB,GAAmB7jB,GACtB3T,EAAGw3B,GAAmBx3B,GACtBmf,EAAGqY,GAAmBjB,GAAOv2B,EAAG+7B,IAChC7S,EAAGsO,GAAmBtO,GACtBxJ,EAAG8X,GAAmB9X,GAGtBoa,EAAGtC,GAAmBjB,GAAOrN,EAAGxJ,IAEpC,OA7KOthB,eAAoB49B,EAAUr5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAC3D,GAAI/vB,GAAK4X,kBAAkB2a,IAAaroB,EAAEjW,OAKxC,MAAUL,MAAM,8CAGlB,GAAIsF,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKqF,eACP,IACE,aA2NR7Z,eAAuB69B,EAAUt5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAQpD,MAAMW,QAAYZ,GAAalmB,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACxCtb,EAAO,CACXza,KAAM,oBACN0F,KAAM,CAAE1F,KAAMk4B,IAEVxvB,QAAYyL,GAAUkX,UAAU,MAAOqL,EAAKjc,GAAM,EAAO,CAAC,SAChE,OAAO,IAAIjhB,iBAAiB2a,GAAUgkB,KAAK,oBAAqBzvB,EAAK9J,GACvE,CA1OqBw5B,CAAQ51B,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GAAWr5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAChF,CAAC,MAAO1H,GACPxf,EAAK2E,gBAAgB6a,EAC7B,MACW,GAAIxf,EAAKyF,gBACd,OAuONja,eAAwB49B,EAAUr5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GACrD,MAAMoC,EAAOnc,GAAWqc,WAAW71B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC1DE,EAAKr9B,MAAM8D,GACXu5B,EAAK93B,MAEL,MAAMq2B,QAAYZ,GAAalmB,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,OAAO,IAAIv8B,WAAW2+B,EAAKA,KAAK,CAAEzvB,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,UACnE,CA9OassB,CAASL,EAAUr5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAGnD,OA4MF17B,eAAsB49B,EAAUroB,EAAGwL,EAAGqa,GACpC7lB,EAAIqiB,GAAmBriB,GACvB,MAAMygB,EAAI4B,GAAmBuD,GAAWyC,EAAUxC,EAAQpzB,GAAWuN,KAErE,OADAwL,EAAI6W,GAAmB7W,GAChBqY,GAAmBrB,GAAO/B,EAAGjV,EAAGxL,GAAI,KAAMvN,GAAWuN,GAC9D,CAjNS2oB,CAAON,EAAUroB,EAAGwL,EAAGqa,EAChC,iBAqKOp7B,eAA8BuV,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,GAMlD,GALAnmB,EAAIqiB,GAAmBriB,IACvBuV,EAAI8M,GAAmB9M,KACvBxJ,EAAIsW,GAAmBtW,MAGP/L,EACd,OAAO,EAGT,MAAM4oB,EAAMvZ,OAAO,GAGnB,GAAIiT,GAAI/M,GADR4Q,EAAI9D,GAAmB8D,IACRpa,KAAOsD,OAAO,GAC3B,OAAO,EAGThjB,EAAIg2B,GAAmBh2B,GACvBmf,EAAI6W,GAAmB7W,GAQvB,MACM1H,EAAIogB,GAAoB0E,EAAKA,GADhBvZ,OAAOze,KAAK4P,MAAMkjB,GAAU1jB,GAAK,KAE9C6oB,EAAM/kB,EAAI0H,EAAInf,EAGpB,QADoBi2B,GAAIuG,EAAKtT,EAAI6M,MAASte,GAAKwe,GAAIuG,EAAK9c,EAAIqW,MAASte,EAMvE,SA5LOrZ,eAAsB49B,EAAUr5B,EAAMgT,EAAGhC,EAAG3T,EAAGw5B,GACpD,GAAI72B,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKqF,eACP,IACE,aAuOR7Z,eAAyB69B,EAAUt5B,EAAMgT,EAAGhC,EAAG3T,GAC7C,MAAMy6B,EAAMF,GAAY5mB,EAAG3T,GACrByM,QAAYyL,GAAUkX,UAAU,MAAOqL,EAAK,CAChD12B,KAAM,oBACN0F,KAAM,CAAE1F,KAAOk4B,KACd,EAAO,CAAC,WACX,OAAO/jB,GAAUukB,OAAO,oBAAqBhwB,EAAKkJ,EAAGhT,EACvD,CA9OqB+5B,CAAUn2B,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GAAWr5B,EAAMgT,EAAGhC,EAAG3T,EACzE,CAAC,MAAOoyB,GACPxf,EAAK2E,gBAAgB6a,EAC7B,MACW,GAAIxf,EAAKyF,gBACd,OA2ONja,eAA0B49B,EAAUr5B,EAAMgT,EAAGhC,EAAG3T,GAC9C,MAAMy6B,EAAMF,GAAY5mB,EAAG3T,GACrByM,EAAM,CAAEA,IAAKguB,EAAKC,OAAQ,MAAO3qB,KAAM,SAEvC0sB,EAAS1c,GAAW4c,aAAap2B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC9DS,EAAO59B,MAAM8D,GACb85B,EAAOr4B,MAEP,IACE,OAAOq4B,EAAOA,OAAOhwB,EAAKkJ,EAC3B,CAAC,MAAOyc,GACP,OAAO,CACX,CACA,CAxPawK,CAAWZ,EAAUr5B,EAAMgT,EAAGhC,EAAG3T,GAG5C,OAmNF5B,eAAwB49B,EAAUrmB,EAAGhC,EAAG3T,EAAGw5B,GAIzC,GAHA7lB,EAAIqiB,GAAmBriB,GACvBgC,EAAIqgB,GAAmBrgB,GACvB3V,EAAIg2B,GAAmBh2B,GACnB2V,GAAKhC,EACP,MAAUtW,MAAM,6CAElB,MAAMw/B,EAAMrF,GAAmBrB,GAAOxgB,EAAG3V,EAAG2T,GAAI,KAAMvN,GAAWuN,IAC3DmpB,EAAMvD,GAAWyC,EAAUxC,EAAQpzB,GAAWuN,IACpD,OAAOf,EAAKqE,iBAAiB4lB,EAAKC,EACpC,CA7NSC,CAASf,EAAUrmB,EAAGhC,EAAG3T,EAAGw5B,EACrC,ICrEA,MAAMzD,GAAM/S,OAAO,6DAyCZ5kB,eAAuB4+B,EAAIC,EAAI/T,EAAG1R,EAAG0hB,GAO1C,OANA8D,EAAKhH,GAAmBgH,GACxBC,EAAKjH,GAAmBiH,GACxB/T,EAAI8M,GAAmB9M,GAIhB+P,GAAUzB,GADFvB,GAAIM,GAAOJ,GAAO6G,EAFjCxlB,EAAIwe,GAAmBxe,GAEiB0R,GAAIA,GAAK+T,EAAI/T,GACT,KAAM9iB,GAAW8iB,IAAKgQ,EACpE,UArCO96B,eAAuBuE,EAAMumB,EAAGyE,EAAGgJ,GACxCzN,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEvB,MACMvC,EAAI4B,GADK0C,GAAU/1B,EAAMyD,GAAW8iB,KAKpC3T,EAAIsiB,GAAoB9B,GAAK7M,EAAI6M,IACvC,MAAO,CACLiH,GAAIxF,GAAmBrB,GAAOxI,EAAGpY,EAAG2T,IACpC+T,GAAIzF,GAAmBvB,GAAIE,GAAOQ,EAAGphB,EAAG2T,GAAKkL,EAAGlL,IAEpD,iBAiCO9qB,eAA8B8qB,EAAGyE,EAAGgJ,EAAGnf,GAM5C,GALA0R,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAGnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAIT,MAAMgU,EAAQla,OAAOqU,GAAUnO,IAE/B,GAAIgU,EADWla,OAAO,MAEpB,OAAO,EAOT,GAAImT,GAAOxI,EAAGzE,EAAI6M,GAAK7M,KAAO6M,GAC5B,OAAO,EAST,IAAInP,EAAM+G,EACN/vB,EAAIolB,OAAO,GACf,MAAMuZ,EAAMvZ,OAAO,GACbma,EAAYZ,GAAOvZ,OAAO,IAChC,KAAOplB,EAAIu/B,GAAW,CAEpB,GADAvW,EAAMqP,GAAIrP,EAAM+G,EAAGzE,GACftC,IAAQmP,GACV,OAAO,EAETn4B,GACJ,CAQE4Z,EAAIwe,GAAmBxe,GACvB,MAAMC,EAAIogB,GAAoB0E,GAAQW,EAAQnH,GAAMwG,GAAOW,GAE3D,OAAIvG,IAAMR,GAAOxI,GADJzE,EAAI6M,IAAOte,EAAID,EACH0R,EAK3B,IC3IO,MAAM/Q,GACXilB,GAAoB,iBAAPA,GAAmB,cAAeA,EAAKA,EAAG9kB,eAAYpa,ECD/Dm/B,GAAO,CAAE,EASf,IAAIC,GAAK,SAASC,GAChB,IAAI3/B,EAAG6Z,EAAI,IAAI+lB,aAAa,IAC5B,GAAID,EAAM,IAAK3/B,EAAI,EAAGA,EAAI2/B,EAAK7/B,OAAQE,IAAK6Z,EAAE7Z,GAAK2/B,EAAK3/B,GACxD,OAAO6Z,CACT,EAGIgmB,GAAc,WAAuB,MAAUpgC,MAAM,UAAa,EAElEqgC,GAAK,IAAIngC,WAAW,IAAKmgC,GAAG,GAAK,EAErC,IAAIC,GAAML,KACNM,GAAMN,GAAG,CAAC,IACVO,GAAUP,GAAG,CAAC,MAAQ,IACtBQ,GAAIR,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIS,GAAKT,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIU,GAAIV,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIW,GAAIX,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIY,GAAIZ,GAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAEpI,SAASa,GAAK3mB,EAAG5Z,EAAG0vB,EAAG8Q,GACrB5mB,EAAE5Z,GAAQ0vB,GAAK,GAAM,IACrB9V,EAAE5Z,EAAE,GAAM0vB,GAAK,GAAM,IACrB9V,EAAE5Z,EAAE,GAAM0vB,GAAM,EAAK,IACrB9V,EAAE5Z,EAAE,GAAS,IAAJ0vB,EACT9V,EAAE5Z,EAAE,GAAMwgC,GAAK,GAAO,IACtB5mB,EAAE5Z,EAAE,GAAMwgC,GAAK,GAAO,IACtB5mB,EAAE5Z,EAAE,GAAMwgC,GAAM,EAAM,IACtB5mB,EAAE5Z,EAAE,GAAS,IAAJwgC,CACX,CAQA,SAASC,GAAiB7mB,EAAG8mB,EAAI3H,EAAG4H,GAClC,OAPF,SAAY/mB,EAAG8mB,EAAI3H,EAAG4H,EAAI5qB,GACxB,IAAI/V,EAAEuhB,EAAI,EACV,IAAKvhB,EAAI,EAAGA,EAAI+V,EAAG/V,IAAKuhB,GAAK3H,EAAE8mB,EAAG1gC,GAAG+4B,EAAE4H,EAAG3gC,GAC1C,OAAQ,EAAMuhB,EAAI,IAAO,GAAM,CACjC,CAGSqf,CAAGhnB,EAAE8mB,EAAG3H,EAAE4H,EAAG,GACtB,CAEA,SAASE,GAAShnB,EAAG6C,GACnB,IAAI1c,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6Z,EAAE7Z,GAAU,EAAL0c,EAAE1c,EACpC,CAEA,SAAS8gC,GAAS/S,GAChB,IAAI/tB,EAAGgY,EAAGsJ,EAAI,EACd,IAAKthB,EAAI,EAAGA,EAAI,GAAIA,IAClBgY,EAAI+V,EAAE/tB,GAAKshB,EAAI,MACfA,EAAI3a,KAAK4P,MAAMyB,EAAI,OACnB+V,EAAE/tB,GAAKgY,EAAQ,MAAJsJ,EAEbyM,EAAE,IAAMzM,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAASyf,GAASzV,EAAGxJ,EAAG7L,GAEtB,IADA,IAAI6D,EAAGwH,IAAMrL,EAAE,GACNjW,EAAI,EAAGA,EAAI,GAAIA,IACtB8Z,EAAIwH,GAAKgK,EAAEtrB,GAAK8hB,EAAE9hB,IAClBsrB,EAAEtrB,IAAM8Z,EACRgI,EAAE9hB,IAAM8Z,CAEZ,CAEA,SAASknB,GAAUjT,EAAGhY,GACpB,IAAI/V,EAAGuY,EAAGtC,EACNugB,EAAIkJ,KAAM5lB,EAAI4lB,KAClB,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAK8Z,EAAE9Z,GAAK+V,EAAE/V,GAIlC,IAHA8gC,GAAShnB,GACTgnB,GAAShnB,GACTgnB,GAAShnB,GACJvB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAie,EAAE,GAAK1c,EAAE,GAAK,MACT9Z,EAAI,EAAGA,EAAI,GAAIA,IAClBw2B,EAAEx2B,GAAK8Z,EAAE9Z,GAAK,OAAWw2B,EAAEx2B,EAAE,IAAI,GAAM,GACvCw2B,EAAEx2B,EAAE,IAAM,MAEZw2B,EAAE,IAAM1c,EAAE,IAAM,OAAW0c,EAAE,KAAK,GAAM,GACxCvgB,EAAKugB,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACTuK,GAASjnB,EAAG0c,EAAG,EAAEvgB,EACrB,CACE,IAAKjW,EAAI,EAAGA,EAAI,GAAIA,IAClB+tB,EAAE,EAAE/tB,GAAY,IAAP8Z,EAAE9Z,GACX+tB,EAAE,EAAE/tB,EAAE,GAAK8Z,EAAE9Z,IAAI,CAErB,CAEA,SAASihC,GAASvkB,EAAGzG,GACnB,IAAIqL,EAAI,IAAI3hB,WAAW,IAAK4hB,EAAI,IAAI5hB,WAAW,IAG/C,OAFAqhC,GAAU1f,EAAG5E,GACbskB,GAAUzf,EAAGtL,GACNwqB,GAAiBnf,EAAG,EAAGC,EAAG,EACnC,CAEA,SAAS2f,GAASxkB,GAChB,IAAI6E,EAAI,IAAI5hB,WAAW,IAEvB,OADAqhC,GAAUzf,EAAG7E,GACC,EAAP6E,EAAE,EACX,CAEA,SAAS4f,GAAYpT,EAAGhY,GACtB,IAAI/V,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAK+V,EAAE,EAAE/V,IAAM+V,EAAE,EAAE/V,EAAE,IAAM,GACtD+tB,EAAE,KAAO,KACX,CAEA,SAASqT,GAAErT,EAAGrR,EAAGzG,GACf,IAAK,IAAIjW,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAK0c,EAAE1c,GAAKiW,EAAEjW,EAC/C,CAEA,SAASqhC,GAAEtT,EAAGrR,EAAGzG,GACf,IAAK,IAAIjW,EAAI,EAAGA,EAAI,GAAIA,IAAK+tB,EAAE/tB,GAAK0c,EAAE1c,GAAKiW,EAAEjW,EAC/C,CAEA,SAASshC,GAAEvT,EAAGrR,EAAGzG,GACf,IAAI+B,EAAGsJ,EACJ8K,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIgV,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAKjtB,EAAE,GACPktB,EAAKltB,EAAE,GACPmtB,EAAKntB,EAAE,GACPotB,EAAKptB,EAAE,GACPqtB,EAAKrtB,EAAE,GACPstB,EAAKttB,EAAE,GACPutB,EAAKvtB,EAAE,GACPwtB,EAAKxtB,EAAE,GACPytB,EAAKztB,EAAE,GACP0tB,EAAK1tB,EAAE,GACP2tB,EAAM3tB,EAAE,IACR4tB,EAAM5tB,EAAE,IACR6tB,EAAM7tB,EAAE,IACR8tB,EAAM9tB,EAAE,IACR+tB,EAAM/tB,EAAE,IACRguB,EAAMhuB,EAAE,IAGVmW,IADApU,EAAI0E,EAAE,IACIwmB,EACV7W,GAAMrU,EAAImrB,EACV7W,GAAMtU,EAAIorB,EACV7W,GAAMvU,EAAIqrB,EACV9B,GAAMvpB,EAAIsrB,EACV9B,GAAMxpB,EAAIurB,EACV9B,GAAMzpB,EAAIwrB,EACV9B,GAAM1pB,EAAIyrB,EACV9B,GAAM3pB,EAAI0rB,EACV9B,GAAM5pB,EAAI2rB,EACV9B,GAAO7pB,EAAI4rB,EACX9B,GAAO9pB,EAAI6rB,EACX9B,GAAO/pB,EAAI8rB,EACX9B,GAAOhqB,EAAI+rB,EACX9B,GAAOjqB,EAAIgsB,EACX9B,GAAOlqB,EAAIisB,EAEX5X,IADArU,EAAI0E,EAAE,IACIwmB,EACV5W,GAAMtU,EAAImrB,EACV5W,GAAMvU,EAAIorB,EACV7B,GAAMvpB,EAAIqrB,EACV7B,GAAMxpB,EAAIsrB,EACV7B,GAAMzpB,EAAIurB,EACV7B,GAAM1pB,EAAIwrB,EACV7B,GAAM3pB,EAAIyrB,EACV7B,GAAM5pB,EAAI0rB,EACV7B,GAAO7pB,EAAI2rB,EACX7B,GAAO9pB,EAAI4rB,EACX7B,GAAO/pB,EAAI6rB,EACX7B,GAAOhqB,EAAI8rB,EACX7B,GAAOjqB,EAAI+rB,EACX7B,GAAOlqB,EAAIgsB,EACX7B,GAAOnqB,EAAIisB,EAEX3X,IADAtU,EAAI0E,EAAE,IACIwmB,EACV3W,GAAMvU,EAAImrB,EACV5B,GAAMvpB,EAAIorB,EACV5B,GAAMxpB,EAAIqrB,EACV5B,GAAMzpB,EAAIsrB,EACV5B,GAAM1pB,EAAIurB,EACV5B,GAAM3pB,EAAIwrB,EACV5B,GAAM5pB,EAAIyrB,EACV5B,GAAO7pB,EAAI0rB,EACX5B,GAAO9pB,EAAI2rB,EACX5B,GAAO/pB,EAAI4rB,EACX5B,GAAOhqB,EAAI6rB,EACX5B,GAAOjqB,EAAI8rB,EACX5B,GAAOlqB,EAAI+rB,EACX5B,GAAOnqB,EAAIgsB,EACX5B,GAAOpqB,EAAIisB,EAEX1X,IADAvU,EAAI0E,EAAE,IACIwmB,EACV3B,GAAMvpB,EAAImrB,EACV3B,GAAMxpB,EAAIorB,EACV3B,GAAMzpB,EAAIqrB,EACV3B,GAAM1pB,EAAIsrB,EACV3B,GAAM3pB,EAAIurB,EACV3B,GAAM5pB,EAAIwrB,EACV3B,GAAO7pB,EAAIyrB,EACX3B,GAAO9pB,EAAI0rB,EACX3B,GAAO/pB,EAAI2rB,EACX3B,GAAOhqB,EAAI4rB,EACX3B,GAAOjqB,EAAI6rB,EACX3B,GAAOlqB,EAAI8rB,EACX3B,GAAOnqB,EAAI+rB,EACX3B,GAAOpqB,EAAIgsB,EACX3B,GAAOrqB,EAAIisB,EAEX1C,IADAvpB,EAAI0E,EAAE,IACIwmB,EACV1B,GAAMxpB,EAAImrB,EACV1B,GAAMzpB,EAAIorB,EACV1B,GAAM1pB,EAAIqrB,EACV1B,GAAM3pB,EAAIsrB,EACV1B,GAAM5pB,EAAIurB,EACV1B,GAAO7pB,EAAIwrB,EACX1B,GAAO9pB,EAAIyrB,EACX1B,GAAO/pB,EAAI0rB,EACX1B,GAAOhqB,EAAI2rB,EACX1B,GAAOjqB,EAAI4rB,EACX1B,GAAOlqB,EAAI6rB,EACX1B,GAAOnqB,EAAI8rB,EACX1B,GAAOpqB,EAAI+rB,EACX1B,GAAOrqB,EAAIgsB,EACX1B,GAAOtqB,EAAIisB,EAEXzC,IADAxpB,EAAI0E,EAAE,IACIwmB,EACVzB,GAAMzpB,EAAImrB,EACVzB,GAAM1pB,EAAIorB,EACVzB,GAAM3pB,EAAIqrB,EACVzB,GAAM5pB,EAAIsrB,EACVzB,GAAO7pB,EAAIurB,EACXzB,GAAO9pB,EAAIwrB,EACXzB,GAAO/pB,EAAIyrB,EACXzB,GAAOhqB,EAAI0rB,EACXzB,GAAOjqB,EAAI2rB,EACXzB,GAAOlqB,EAAI4rB,EACXzB,GAAOnqB,EAAI6rB,EACXzB,GAAOpqB,EAAI8rB,EACXzB,GAAOrqB,EAAI+rB,EACXzB,GAAOtqB,EAAIgsB,EACXzB,GAAOvqB,EAAIisB,EAEXxC,IADAzpB,EAAI0E,EAAE,IACIwmB,EACVxB,GAAM1pB,EAAImrB,EACVxB,GAAM3pB,EAAIorB,EACVxB,GAAM5pB,EAAIqrB,EACVxB,GAAO7pB,EAAIsrB,EACXxB,GAAO9pB,EAAIurB,EACXxB,GAAO/pB,EAAIwrB,EACXxB,GAAOhqB,EAAIyrB,EACXxB,GAAOjqB,EAAI0rB,EACXxB,GAAOlqB,EAAI2rB,EACXxB,GAAOnqB,EAAI4rB,EACXxB,GAAOpqB,EAAI6rB,EACXxB,GAAOrqB,EAAI8rB,EACXxB,GAAOtqB,EAAI+rB,EACXxB,GAAOvqB,EAAIgsB,EACXxB,GAAOxqB,EAAIisB,EAEXvC,IADA1pB,EAAI0E,EAAE,IACIwmB,EACVvB,GAAM3pB,EAAImrB,EACVvB,GAAM5pB,EAAIorB,EACVvB,GAAO7pB,EAAIqrB,EACXvB,GAAO9pB,EAAIsrB,EACXvB,GAAO/pB,EAAIurB,EACXvB,GAAOhqB,EAAIwrB,EACXvB,GAAOjqB,EAAIyrB,EACXvB,GAAOlqB,EAAI0rB,EACXvB,GAAOnqB,EAAI2rB,EACXvB,GAAOpqB,EAAI4rB,EACXvB,GAAOrqB,EAAI6rB,EACXvB,GAAOtqB,EAAI8rB,EACXvB,GAAOvqB,EAAI+rB,EACXvB,GAAOxqB,EAAIgsB,EACXvB,GAAOzqB,EAAIisB,EAEXtC,IADA3pB,EAAI0E,EAAE,IACIwmB,EACVtB,GAAM5pB,EAAImrB,EACVtB,GAAO7pB,EAAIorB,EACXtB,GAAO9pB,EAAIqrB,EACXtB,GAAO/pB,EAAIsrB,EACXtB,GAAOhqB,EAAIurB,EACXtB,GAAOjqB,EAAIwrB,EACXtB,GAAOlqB,EAAIyrB,EACXtB,GAAOnqB,EAAI0rB,EACXtB,GAAOpqB,EAAI2rB,EACXtB,GAAOrqB,EAAI4rB,EACXtB,GAAOtqB,EAAI6rB,EACXtB,GAAOvqB,EAAI8rB,EACXtB,GAAOxqB,EAAI+rB,EACXtB,GAAOzqB,EAAIgsB,EACXtB,GAAO1qB,EAAIisB,EAEXrC,IADA5pB,EAAI0E,EAAE,IACIwmB,EACVrB,GAAO7pB,EAAImrB,EACXrB,GAAO9pB,EAAIorB,EACXrB,GAAO/pB,EAAIqrB,EACXrB,GAAOhqB,EAAIsrB,EACXrB,GAAOjqB,EAAIurB,EACXrB,GAAOlqB,EAAIwrB,EACXrB,GAAOnqB,EAAIyrB,EACXrB,GAAOpqB,EAAI0rB,EACXrB,GAAOrqB,EAAI2rB,EACXrB,GAAOtqB,EAAI4rB,EACXrB,GAAOvqB,EAAI6rB,EACXrB,GAAOxqB,EAAI8rB,EACXrB,GAAOzqB,EAAI+rB,EACXrB,GAAO1qB,EAAIgsB,EACXrB,GAAO3qB,EAAIisB,EAEXpC,IADA7pB,EAAI0E,EAAE,KACKwmB,EACXpB,GAAO9pB,EAAImrB,EACXpB,GAAO/pB,EAAIorB,EACXpB,GAAOhqB,EAAIqrB,EACXpB,GAAOjqB,EAAIsrB,EACXpB,GAAOlqB,EAAIurB,EACXpB,GAAOnqB,EAAIwrB,EACXpB,GAAOpqB,EAAIyrB,EACXpB,GAAOrqB,EAAI0rB,EACXpB,GAAOtqB,EAAI2rB,EACXpB,GAAOvqB,EAAI4rB,EACXpB,GAAOxqB,EAAI6rB,EACXpB,GAAOzqB,EAAI8rB,EACXpB,GAAO1qB,EAAI+rB,EACXpB,GAAO3qB,EAAIgsB,EACXpB,GAAO5qB,EAAIisB,EAEXnC,IADA9pB,EAAI0E,EAAE,KACKwmB,EACXnB,GAAO/pB,EAAImrB,EACXnB,GAAOhqB,EAAIorB,EACXnB,GAAOjqB,EAAIqrB,EACXnB,GAAOlqB,EAAIsrB,EACXnB,GAAOnqB,EAAIurB,EACXnB,GAAOpqB,EAAIwrB,EACXnB,GAAOrqB,EAAIyrB,EACXnB,GAAOtqB,EAAI0rB,EACXnB,GAAOvqB,EAAI2rB,EACXnB,GAAOxqB,EAAI4rB,EACXnB,GAAOzqB,EAAI6rB,EACXnB,GAAO1qB,EAAI8rB,EACXnB,GAAO3qB,EAAI+rB,EACXnB,GAAO5qB,EAAIgsB,EACXnB,GAAO7qB,EAAIisB,EAEXlC,IADA/pB,EAAI0E,EAAE,KACKwmB,EACXlB,GAAOhqB,EAAImrB,EACXlB,GAAOjqB,EAAIorB,EACXlB,GAAOlqB,EAAIqrB,EACXlB,GAAOnqB,EAAIsrB,EACXlB,GAAOpqB,EAAIurB,EACXlB,GAAOrqB,EAAIwrB,EACXlB,GAAOtqB,EAAIyrB,EACXlB,GAAOvqB,EAAI0rB,EACXlB,GAAOxqB,EAAI2rB,EACXlB,GAAOzqB,EAAI4rB,EACXlB,GAAO1qB,EAAI6rB,EACXlB,GAAO3qB,EAAI8rB,EACXlB,GAAO5qB,EAAI+rB,EACXlB,GAAO7qB,EAAIgsB,EACXlB,GAAO9qB,EAAIisB,EAEXjC,IADAhqB,EAAI0E,EAAE,KACKwmB,EACXjB,GAAOjqB,EAAImrB,EACXjB,GAAOlqB,EAAIorB,EACXjB,GAAOnqB,EAAIqrB,EACXjB,GAAOpqB,EAAIsrB,EACXjB,GAAOrqB,EAAIurB,EACXjB,GAAOtqB,EAAIwrB,EACXjB,GAAOvqB,EAAIyrB,EACXjB,GAAOxqB,EAAI0rB,EACXjB,GAAOzqB,EAAI2rB,EACXjB,GAAO1qB,EAAI4rB,EACXjB,GAAO3qB,EAAI6rB,EACXjB,GAAO5qB,EAAI8rB,EACXjB,GAAO7qB,EAAI+rB,EACXjB,GAAO9qB,EAAIgsB,EACXjB,GAAO/qB,EAAIisB,EAEXhC,IADAjqB,EAAI0E,EAAE,KACKwmB,EACXhB,GAAOlqB,EAAImrB,EACXhB,GAAOnqB,EAAIorB,EACXhB,GAAOpqB,EAAIqrB,EACXhB,GAAOrqB,EAAIsrB,EACXhB,GAAOtqB,EAAIurB,EACXhB,GAAOvqB,EAAIwrB,EACXhB,GAAOxqB,EAAIyrB,EACXhB,GAAOzqB,EAAI0rB,EACXhB,GAAO1qB,EAAI2rB,EACXhB,GAAO3qB,EAAI4rB,EACXhB,GAAO5qB,EAAI6rB,EACXhB,GAAO7qB,EAAI8rB,EACXhB,GAAO9qB,EAAI+rB,EACXhB,GAAO/qB,EAAIgsB,EACXhB,GAAOhrB,EAAIisB,EAEX/B,IADAlqB,EAAI0E,EAAE,KACKwmB,EAkBX7W,GAAO,IAhBP+V,GAAOpqB,EAAIorB,GAiBX9W,GAAO,IAhBP+V,GAAOrqB,EAAIqrB,GAiBX9W,GAAO,IAhBP+V,GAAOtqB,EAAIsrB,GAiBX/B,GAAO,IAhBPgB,GAAOvqB,EAAIurB,GAiBX/B,GAAO,IAhBPgB,GAAOxqB,EAAIwrB,GAiBX/B,GAAO,IAhBPgB,GAAOzqB,EAAIyrB,GAiBX/B,GAAO,IAhBPgB,GAAO1qB,EAAI0rB,GAiBX/B,GAAO,IAhBPgB,GAAO3qB,EAAI2rB,GAiBX/B,GAAO,IAhBPgB,GAAO5qB,EAAI4rB,GAiBX/B,GAAO,IAhBPgB,GAAO7qB,EAAI6rB,GAiBX/B,GAAO,IAhBPgB,GAAO9qB,EAAI8rB,GAiBX/B,GAAO,IAhBPgB,GAAO/qB,EAAI+rB,GAiBX/B,GAAO,IAhBPgB,GAAOhrB,EAAIgsB,GAiBX/B,GAAO,IAhBPgB,GAAOjrB,EAAIisB,GAqBsC7X,GAAjDpU,GAnBAoU,GAAO,IAhBP+V,GAAOnqB,EAAImrB,KAkCX7hB,EAAI,GACU,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSqU,GAAjDrU,EAAKqU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKtgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM5gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QAKSoU,GAAjDpU,GAJAoU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSqU,GAAjDrU,EAAKqU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKtgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM5gB,EAAI,OAAgD,OAAzCA,EAAI3a,KAAK4P,MAAMyB,EAAI,QACxCoU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,GAEpByM,EAAG,GAAK3B,EACR2B,EAAG,GAAK1B,EACR0B,EAAG,GAAKzB,EACRyB,EAAG,GAAKxB,EACRwB,EAAG,GAAKwT,EACRxT,EAAG,GAAKyT,EACRzT,EAAG,GAAK0T,EACR1T,EAAG,GAAK2T,EACR3T,EAAG,GAAK4T,EACR5T,EAAG,GAAK6T,EACR7T,EAAE,IAAM8T,EACR9T,EAAE,IAAM+T,EACR/T,EAAE,IAAMgU,EACRhU,EAAE,IAAMiU,EACRjU,EAAE,IAAMkU,EACRlU,EAAE,IAAMmU,CACV,CAEA,SAASnM,GAAEhI,EAAGrR,GACZ4kB,GAAEvT,EAAGrR,EAAGA,EACV,CAEA,SAASwnB,GAASnW,EAAG/tB,GACnB,IACI0c,EADA4E,EAAIoe,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK4E,EAAE5E,GAAK1c,EAAE0c,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBqZ,GAAEzU,EAAGA,GACI,IAAN5E,GAAiB,IAANA,GAAS4kB,GAAEhgB,EAAGA,EAAGthB,GAEjC,IAAK0c,EAAI,EAAGA,EAAI,GAAIA,IAAKqR,EAAErR,GAAK4E,EAAE5E,EACpC,CAaA,SAASynB,GAAkBriB,EAAG/L,EAAGuV,GAC/B,IAC8BzR,EAAG7Z,EAD7BokC,EAAI,IAAIzkC,WAAW,IACnBia,EAAI,IAAIgmB,aAAa,IACrBljB,EAAIgjB,KAAMzpB,EAAIypB,KAAMpe,EAAIoe,KACxBne,EAAIme,KAAMt9B,EAAIs9B,KAAM2E,EAAI3E,KAC5B,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAKokC,EAAEpkC,GAAK+V,EAAE/V,GAIlC,IAHAokC,EAAE,IAAW,IAANruB,EAAE,IAAS,GAClBquB,EAAE,IAAI,IACNjD,GAAYvnB,EAAE0R,GACTtrB,EAAI,EAAGA,EAAI,GAAIA,IAClBiW,EAAEjW,GAAG4Z,EAAE5Z,GACPuhB,EAAEvhB,GAAG0c,EAAE1c,GAAGshB,EAAEthB,GAAG,EAGjB,IADA0c,EAAE,GAAG6E,EAAE,GAAG,EACLvhB,EAAE,IAAKA,GAAG,IAAKA,EAElB+gC,GAASrkB,EAAEzG,EADX4D,EAAGuqB,EAAEpkC,IAAI,MAAQ,EAAFA,GAAM,GAErB+gC,GAASzf,EAAEC,EAAE1H,GACbunB,GAAEh/B,EAAEsa,EAAE4E,GACN+f,GAAE3kB,EAAEA,EAAE4E,GACN8f,GAAE9f,EAAErL,EAAEsL,GACN8f,GAAEprB,EAAEA,EAAEsL,GACNwU,GAAExU,EAAEnf,GACJ2zB,GAAEsO,EAAE3nB,GACJ4kB,GAAE5kB,EAAE4E,EAAE5E,GACN4kB,GAAEhgB,EAAErL,EAAE7T,GACNg/B,GAAEh/B,EAAEsa,EAAE4E,GACN+f,GAAE3kB,EAAEA,EAAE4E,GACNyU,GAAE9f,EAAEyG,GACJ2kB,GAAE/f,EAAEC,EAAE8iB,GACN/C,GAAE5kB,EAAE4E,EAAE2e,IACNmB,GAAE1kB,EAAEA,EAAE6E,GACN+f,GAAEhgB,EAAEA,EAAE5E,GACN4kB,GAAE5kB,EAAE6E,EAAE8iB,GACN/C,GAAE/f,EAAEtL,EAAE2D,GACNmc,GAAE9f,EAAE7T,GACJ2+B,GAASrkB,EAAEzG,EAAE4D,GACbknB,GAASzf,EAAEC,EAAE1H,GAEf,IAAK7Z,EAAI,EAAGA,EAAI,GAAIA,IAClB4Z,EAAE5Z,EAAE,IAAI0c,EAAE1c,GACV4Z,EAAE5Z,EAAE,IAAIshB,EAAEthB,GACV4Z,EAAE5Z,EAAE,IAAIiW,EAAEjW,GACV4Z,EAAE5Z,EAAE,IAAIuhB,EAAEvhB,GAEZ,IAAIskC,EAAM1qB,EAAE1S,SAAS,IACjBq9B,EAAM3qB,EAAE1S,SAAS,IAIrB,OAHAg9B,GAASI,EAAIA,GACbhD,GAAEiD,EAAIA,EAAID,GACVtD,GAAUlf,EAAEyiB,GACL,CACT,CAEA,SAASC,GAAuB1iB,EAAG/L,GACjC,OAAOouB,GAAkBriB,EAAG/L,EAAG+pB,GACjC,CAOA,IAAI2E,GAAI,CACN,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,GAAqBhjB,EAAIijB,EAAInO,EAAGzgB,GAyBvC,IAxBA,IACI6uB,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAIC,EAAI7lC,EAAGuY,EAAGmX,EAAG8Q,EAAG9jB,EAAGzG,EAAGqL,EAAGC,EAH7B+D,EAAK,IAAIwgB,WAAW,IAAKtgB,EAAK,IAAIsgB,WAAW,IAK7CC,EAAMrkB,EAAG,GACTskB,EAAMtkB,EAAG,GACTukB,EAAMvkB,EAAG,GACTwkB,EAAMxkB,EAAG,GACTykB,EAAMzkB,EAAG,GACT0kB,EAAM1kB,EAAG,GACT2kB,EAAM3kB,EAAG,GACT4kB,EAAM5kB,EAAG,GAET6kB,EAAM5B,EAAG,GACT6B,EAAM7B,EAAG,GACT8B,EAAM9B,EAAG,GACT+B,EAAM/B,EAAG,GACTgC,EAAMhC,EAAG,GACTiC,EAAMjC,EAAG,GACTkC,EAAMlC,EAAG,GACTmC,EAAMnC,EAAG,GAETzkC,EAAM,EACH6V,GAAK,KAAK,CACf,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,IAClBuY,EAAI,EAAIvY,EAAIE,EACZolB,EAAGtlB,GAAMw2B,EAAEje,EAAE,IAAM,GAAOie,EAAEje,EAAE,IAAM,GAAOie,EAAEje,EAAE,IAAM,EAAKie,EAAEje,EAAE,GAC9DiN,EAAGxlB,GAAMw2B,EAAEje,EAAE,IAAM,GAAOie,EAAEje,EAAE,IAAM,GAAOie,EAAEje,EAAE,IAAM,EAAKie,EAAEje,EAAE,GAEhE,IAAKvY,EAAI,EAAGA,EAAI,GAAIA,IA+HlB,GA9HA4kC,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAENlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAMNpqB,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI4W,GAIY/kB,EAAImO,IAAM,GAM1BhT,GAAS,OAFT8jB,GAAMmG,IAAQ,GAAOR,GAAQ,KAAaQ,IAAQ,GAAOR,GAAQ,KAAaA,IAAG,EAAiBQ,GAAG,KAEpF1wB,GAAKuqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMyW,IAAQ,GAAOQ,GAAQ,KAAaR,IAAQ,GAAOQ,GAAQ,KAAaA,IAAG,EAAiBR,GAAG,KAIpF5kB,GAAKmO,IAAM,GAM5BhT,GAAS,OAFT8jB,EAAKmG,EAAMC,GAASD,EAAME,GAET5wB,GAAKuqB,IAAM,GAC5Blf,GAAS,OAJToO,EAAKyW,EAAMC,GAASD,EAAME,GAIT9kB,GAAKmO,IAAM,GAG5BA,EAAI+U,GAAI,EAAFzkC,GAGN0c,GAAS,OAFT8jB,EAAIiE,GAAI,EAAFzkC,EAAI,IAEOiW,GAAKuqB,IAAM,GAC5Blf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BA,EAAIpK,EAAGtlB,EAAE,IAGQiW,IAFjBuqB,EAAIhb,EAAGxlB,EAAE,OAEmB,GAC5BshB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BpO,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,GAUX9jB,EAAQ,OAFR8jB,EAJAqF,EAAS,MAAJnpB,EAAazG,GAAK,IAMPA,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAJAkW,EAAS,MAAJtkB,GAFLC,GAAKD,IAAM,KAEY,IAQPC,EAAImO,IAAM,GAM1BhT,GAAS,OAFT8jB,GAAM+F,IAAQ,GAAOR,GAAG,IAAkBA,IAAG,EAAiBQ,GAAQ,KAAkBR,IAAG,EAAiBQ,GAAG,KAE9FtwB,GAAKuqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMqW,IAAQ,GAAOQ,GAAG,IAAkBA,IAAG,EAAiBR,GAAQ,KAAkBQ,IAAG,EAAiBR,GAAG,KAI9FxkB,GAAKmO,IAAM,GAMXzZ,IAFjBuqB,EAAK+F,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,KAEX,GAC5BnlB,GAAS,OAJToO,EAAKqW,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,GAItB1kB,GAAKmO,IAAM,GAM5ByV,EAAW,OAHX7jB,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXjf,GAAKD,IAAM,KAEgB,GAC3BqkB,EAAW,MAAJjpB,EAAezG,GAAK,GAM3ByG,EAAQ,OAFR8jB,EAAI+E,GAEYtvB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIqV,GAIYxjB,EAAImO,IAAM,GAKTzZ,IAFjBuqB,EAAIqF,KAEwB,GAC5BvkB,GAAS,OAJToO,EAAIkW,GAIarkB,GAAKmO,IAAM,GAS5BsW,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EANApB,EAAW,OAHXzjB,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXjf,GAAKD,IAAM,KAEgB,GAO3B8kB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAENqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAdApB,EAAW,MAAJ7oB,EAAezG,GAAK,GAe3B2wB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAEF3lC,EAAE,IAAO,GACX,IAAKuY,EAAI,EAAGA,EAAI,GAAIA,IAElBmX,EAAIpK,EAAG/M,GAGPmE,EAAQ,OAFR8jB,EAAIhb,EAAGjN,IAEStC,EAAIuqB,IAAM,GAC1Blf,EAAQ,MAAJoO,EAAYnO,EAAImO,IAAM,GAE1BA,EAAIpK,GAAI/M,EAAE,GAAG,IAGbmE,GAAS,OAFT8jB,EAAIhb,GAAIjN,EAAE,GAAG,KAEItC,GAAKuqB,IAAM,GAC5Blf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BkW,EAAKtgB,GAAI/M,EAAE,GAAG,IAKdmE,GAAS,OAFT8jB,IAFAqF,EAAKrgB,GAAIjN,EAAE,GAAG,OAED,EAAMqtB,QAAmBC,IAAO,EAAMD,GAAE,KAAiBC,IAAO,EAAMD,GAAO,KAEzE3vB,GAAKuqB,IAAM,GAC5Blf,GAAS,OAJToO,GAAMkW,IAAO,EAAMC,GAAO,KAAYD,IAAO,EAAMC,OAAkBD,IAAO,GAI3DrkB,GAAKmO,IAAM,GAG5BkW,EAAKtgB,GAAI/M,EAAE,IAAI,IAKEtC,IAFjBuqB,IAFAqF,EAAKrgB,GAAIjN,EAAE,IAAI,OAEF,GAAOqtB,GAAO,KAAaA,IAAQ,GAAWC,GAAO,IAAkBA,IAAO,EAAMD,GAAE,OAEvE,GAC5BtkB,GAAS,OAJToO,GAAMkW,IAAO,GAAOC,GAAE,KAAkBA,IAAE,GAAiBD,GAAO,GAAiBA,IAAO,GAIzErkB,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEXlb,EAAG/M,GAAU,MAAJ+I,EAAeC,GAAK,GAC7BiE,EAAGjN,GAAU,MAAJmE,EAAezG,GAAK,GASnCyG,EAAQ,OAFR8jB,EAAI+F,GAEYtwB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIqW,GAIYxkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKqkB,EAAW,MAAJzkB,EAAeC,GAAK,GACnCojB,EAAG,GAAK4B,EAAW,MAAJ7pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIgG,GAEYvwB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIsW,GAIYzkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKskB,EAAW,MAAJ1kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK6B,EAAW,MAAJ9pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIiG,GAEYxwB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIuW,GAIY1kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKukB,EAAW,MAAJ3kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK8B,EAAW,MAAJ/pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIkG,GAEYzwB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIwW,GAIY3kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKwkB,EAAW,MAAJ5kB,EAAeC,GAAK,GACnCojB,EAAG,GAAK+B,EAAW,MAAJhqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAImG,GAEY1wB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAIyW,GAIY5kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAKykB,EAAW,MAAJ7kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKgC,EAAW,MAAJjqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIoG,GAEY3wB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI0W,GAIY7kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK0kB,EAAW,MAAJ9kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKiC,EAAW,MAAJlqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIqG,GAEY5wB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK2kB,EAAW,MAAJ/kB,EAAeC,GAAK,GACnCojB,EAAG,GAAKkC,EAAW,MAAJnqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Blf,EAAQ,OAJRoO,EAAI4W,GAIY/kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGUzL,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BrjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADArL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX9e,EAAG,GAAK4kB,EAAW,MAAJhlB,EAAeC,GAAK,GACnCojB,EAAG,GAAKmC,EAAW,MAAJpqB,EAAezG,GAAK,GAEnC/V,GAAO,IACP6V,GAAK,GACT,CAEE,OAAOA,CACT,CAEA,SAASgxB,GAAY9iB,EAAKuS,EAAGzgB,GAC3B,IAGI/V,EAHA0hB,EAAK,IAAIokB,WAAW,GACpBnB,EAAK,IAAImB,WAAW,GACpBlsB,EAAI,IAAIja,WAAW,KAChBsW,EAAIF,EAuBX,IArBA2L,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WAERijB,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UAERD,GAAqBhjB,EAAIijB,EAAInO,EAAGzgB,GAChCA,GAAK,IAEA/V,EAAI,EAAGA,EAAI+V,EAAG/V,IAAK4Z,EAAE5Z,GAAKw2B,EAAEvgB,EAAEF,EAAE/V,GAQrC,IAPA4Z,EAAE7D,GAAK,IAGP6D,GADA7D,EAAI,IAAI,KAAKA,EAAE,IAAI,EAAE,IACjB,GAAK,EACTwqB,GAAK3mB,EAAG7D,EAAE,EAAKE,EAAI,UAAc,EAAGA,GAAK,GACzCyuB,GAAqBhjB,EAAIijB,EAAI/qB,EAAG7D,GAE3B/V,EAAI,EAAGA,EAAI,EAAGA,IAAKugC,GAAKtc,EAAK,EAAEjkB,EAAG0hB,EAAG1hB,GAAI2kC,EAAG3kC,IAEjD,OAAO,CACT,CAEA,SAASmC,GAAImpB,EAAGxJ,GACd,IAAIpF,EAAIgjB,KAAMzpB,EAAIypB,KAAMpe,EAAIoe,KACxBne,EAAIme,KAAMt9B,EAAIs9B,KAAM2E,EAAI3E,KACxB3P,EAAI2P,KAAMhQ,EAAIgQ,KAAM5lB,EAAI4lB,KAE5B2B,GAAE3kB,EAAG4O,EAAE,GAAIA,EAAE,IACb+V,GAAEvnB,EAAGgI,EAAE,GAAIA,EAAE,IACbwf,GAAE5kB,EAAGA,EAAG5C,GACRsnB,GAAEnrB,EAAGqV,EAAE,GAAIA,EAAE,IACb8V,GAAEtnB,EAAGgI,EAAE,GAAIA,EAAE,IACbwf,GAAErrB,EAAGA,EAAG6D,GACRwnB,GAAEhgB,EAAGgK,EAAE,GAAIxJ,EAAE,IACbwf,GAAEhgB,EAAGA,EAAG6e,IACRmB,GAAE/f,EAAG+J,EAAE,GAAIxJ,EAAE,IACbsf,GAAE7f,EAAGA,EAAGA,GACR8f,GAAEj/B,EAAG6T,EAAGyG,GACR2kB,GAAEgD,EAAG9iB,EAAGD,GACR8f,GAAErR,EAAGxO,EAAGD,GACR8f,GAAE1R,EAAGzZ,EAAGyG,GAER4kB,GAAEhW,EAAE,GAAIlpB,EAAGiiC,GACX/C,GAAEhW,EAAE,GAAIoE,EAAGK,GACXuR,GAAEhW,EAAE,GAAIyE,EAAGsU,GACX/C,GAAEhW,EAAE,GAAIlpB,EAAGstB,EACb,CAEA,SAASsX,GAAM1b,EAAGxJ,EAAG7L,GACnB,IAAIjW,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB+gC,GAASzV,EAAEtrB,GAAI8hB,EAAE9hB,GAAIiW,EAEzB,CAEA,SAASgxB,GAAKptB,EAAGyR,GACf,IAAI4b,EAAKxH,KAAMyH,EAAKzH,KAAM0H,EAAK1H,KAC/BwE,GAASkD,EAAI9b,EAAE,IACfgW,GAAE4F,EAAI5b,EAAE,GAAI8b,GACZ9F,GAAE6F,EAAI7b,EAAE,GAAI8b,GACZpG,GAAUnnB,EAAGstB,GACbttB,EAAE,KAAOqnB,GAASgG,IAAO,CAC3B,CAEA,SAASG,GAAW/b,EAAGxJ,EAAG/J,GACxB,IAAI9B,EAAGjW,EAKP,IAJA6gC,GAASvV,EAAE,GAAIyU,IACfc,GAASvV,EAAE,GAAI0U,IACfa,GAASvV,EAAE,GAAI0U,IACfa,GAASvV,EAAE,GAAIyU,IACV//B,EAAI,IAAKA,GAAK,IAAKA,EAEtBgnC,GAAM1b,EAAGxJ,EADT7L,EAAK8B,EAAG/X,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BmC,GAAI2f,EAAGwJ,GACPnpB,GAAImpB,EAAGA,GACP0b,GAAM1b,EAAGxJ,EAAG7L,EAEhB,CAEA,SAASqxB,GAAWhc,EAAGvT,GACrB,IAAI+J,EAAI,CAAC4d,KAAMA,KAAMA,KAAMA,MAC3BmB,GAAS/e,EAAE,GAAIse,IACfS,GAAS/e,EAAE,GAAIue,IACfQ,GAAS/e,EAAE,GAAIke,IACfsB,GAAExf,EAAE,GAAIse,GAAGC,IACXgH,GAAW/b,EAAGxJ,EAAG/J,EACnB,CAEA,SAASwvB,GAAoBC,EAAIC,EAAIC,GACnC,IAEI1nC,EAFAuhB,EAAI,IAAI5hB,WAAW,IACnB2rB,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MAY3B,IATKgI,GAAQ7H,GAAY4H,EAAI,IAC7BV,GAAYxlB,EAAGkmB,EAAI,IACnBlmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET+lB,GAAWhc,EAAG/J,GACd0lB,GAAKO,EAAIlc,GAEJtrB,EAAI,EAAGA,EAAI,GAAIA,IAAKynC,EAAGznC,EAAE,IAAMwnC,EAAGxnC,GACvC,OAAO,CACT,CAEA,IAAI2nC,GAAI,IAAI/H,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgI,GAAK/tB,EAAGD,GACf,IAAIyP,EAAOrpB,EAAGuY,EAAGZ,EACjB,IAAK3X,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAqpB,EAAQ,EACH9Q,EAAIvY,EAAI,GAAI2X,EAAI3X,EAAI,GAAIuY,EAAIZ,IAAKY,EACpCqB,EAAErB,IAAM8Q,EAAQ,GAAKzP,EAAE5Z,GAAK2nC,GAAEpvB,GAAKvY,EAAI,KACvCqpB,EAAQ1iB,KAAK4P,OAAOqD,EAAErB,GAAK,KAAO,KAClCqB,EAAErB,IAAc,IAAR8Q,EAEVzP,EAAErB,IAAM8Q,EACRzP,EAAE5Z,GAAK,CACX,CAEE,IADAqpB,EAAQ,EACH9Q,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAErB,IAAM8Q,GAASzP,EAAE,KAAO,GAAK+tB,GAAEpvB,GACjC8Q,EAAQzP,EAAErB,IAAM,EAChBqB,EAAErB,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqB,EAAErB,IAAM8Q,EAAQse,GAAEpvB,GAC3C,IAAKvY,EAAI,EAAGA,EAAI,GAAIA,IAClB4Z,EAAE5Z,EAAE,IAAM4Z,EAAE5Z,IAAM,EAClB6Z,EAAE7Z,GAAY,IAAP4Z,EAAE5Z,EAEb,CAEA,SAAS6nC,GAAOhuB,GACd,IAA8B7Z,EAA1B4Z,EAAI,IAAIgmB,aAAa,IACzB,IAAK5/B,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK6Z,EAAE7Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6Z,EAAE7Z,GAAK,EAChC4nC,GAAK/tB,EAAGD,EACV,CAsCA,SAASkuB,GAAUjuB,EAAGyR,GACpB,IAAIxR,EAAI4lB,KAAMqI,EAAMrI,KAAM1X,EAAM0X,KAC5BsI,EAAMtI,KAAMuI,EAAOvI,KAAMwI,EAAOxI,KAChCyI,EAAOzI,KA2BX,OAzBAmB,GAAShnB,EAAE,GAAImmB,IACfmB,GAAYtnB,EAAE,GAAIyR,GAClByK,GAAE/N,EAAKnO,EAAE,IACTynB,GAAE0G,EAAKhgB,EAAKkY,IACZmB,GAAErZ,EAAKA,EAAKnO,EAAE,IACdunB,GAAE4G,EAAKnuB,EAAE,GAAImuB,GAEbjS,GAAEkS,EAAMD,GACRjS,GAAEmS,EAAMD,GACR3G,GAAE6G,EAAMD,EAAMD,GACd3G,GAAExnB,EAAGquB,EAAMngB,GACXsZ,GAAExnB,EAAGA,EAAGkuB,GA/qBV,SAAiBja,EAAG/tB,GAClB,IACI0c,EADA4E,EAAIoe,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK4E,EAAE5E,GAAK1c,EAAE0c,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBqZ,GAAEzU,EAAGA,GACI,IAAN5E,GAAS4kB,GAAEhgB,EAAGA,EAAGthB,GAExB,IAAK0c,EAAI,EAAGA,EAAI,GAAIA,IAAKqR,EAAErR,GAAK4E,EAAE5E,EACpC,CAwqBE0rB,CAAQtuB,EAAGA,GACXwnB,GAAExnB,EAAGA,EAAGkO,GACRsZ,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAEznB,EAAE,GAAIC,EAAGkuB,GAEXjS,GAAEgS,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK/f,IAAMsZ,GAAEznB,EAAE,GAAIA,EAAE,GAAIymB,IAEtCvK,GAAEgS,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK/f,IAAc,GAE5BkZ,GAASrnB,EAAE,MAASyR,EAAE,KAAK,GAAI+V,GAAExnB,EAAE,GAAIkmB,GAAKlmB,EAAE,IAElDynB,GAAEznB,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAIIwuB,GAAoB,GAKxB,SAASC,KACP,IAAK,IAAItoC,EAAI,EAAGA,EAAIuoC,UAAUzoC,OAAQE,IACpC,KAAMuoC,UAAUvoC,aAAcL,YAC5B,MAAM,IAAI6oC,UAAU,kCAE1B,CAMA/I,GAAKgJ,WAAa,SAAS1yB,EAAGuV,GAE5B,GADAgd,GAAgBvyB,EAAGuV,GApBe,KAqB9BvV,EAAEjW,OAA0C,MAAUL,MAAM,cAChE,GAvB4B,KAuBxB6rB,EAAExrB,OAAoC,MAAUL,MAAM,cAC1D,IAAIqiB,EAAI,IAAIniB,WAxBgB,IA0B5B,OADAwkC,GAAkBriB,EAAG/L,EAAGuV,GACjBxJ,CACT,EAEA2d,GAAKvV,IAAM,CAAE,EAEbuV,GAAKvV,IAAI0T,QAAU,WACjB,IAAI4J,EAAK,IAAI7nC,WA9BiB,IA+B1B8nC,EAAK,IAAI9nC,WA9BiB,IAgC9B,OAlsBF,SAA4Bo5B,EAAGnf,GAC7BimB,GAAYjmB,EAAG,IACR4qB,GAAuBzL,EAAGnf,EACnC,CA8rBE8uB,CAAmBlB,EAAIC,GAChB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAKvV,IAAI0T,QAAQ+K,cAAgB,SAASz7B,GAExC,GADAo7B,GAAgBp7B,GApCc,KAqC1BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI+nC,EAAK,IAAI7nC,WAxCiB,IA0C9B,OADA6kC,GAAuBgD,EAAIt6B,GACpB,CAACjD,UAAWu9B,EAAIt6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAuyB,GAAKnB,KAAO,SAAS5U,EAAKxc,GAExB,GADAo7B,GAAgB5e,EAAKxc,GA1CU,KA2C3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAImpC,EAAY,IAAIjpC,WAAW0oC,GAAkB3e,EAAI5pB,QAErD,OA5JF,SAAqB+oC,EAAIrS,EAAGzgB,EAAG0xB,GAC7B,IACIznC,EAAGuY,EADHgJ,EAAI,IAAI5hB,WAAW,IAAK+vB,EAAI,IAAI/vB,WAAW,IAAKka,EAAI,IAAIla,WAAW,IAC7Dia,EAAI,IAAIgmB,aAAa,IAC3BtU,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MAE3BqH,GAAYxlB,EAAGkmB,EAAI,IACnBlmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIunB,EAAQ/yB,EAAI,GAChB,IAAK/V,EAAI,EAAGA,EAAI+V,EAAG/V,IAAK6oC,EAAG,GAAK7oC,GAAKw2B,EAAEx2B,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6oC,EAAG,GAAK7oC,GAAKuhB,EAAE,GAAKvhB,GAO7C,IALA+mC,GAAYltB,EAAGgvB,EAAG3hC,SAAS,IAAK6O,EAAE,IAClC8xB,GAAOhuB,GACPytB,GAAWhc,EAAGzR,GACdotB,GAAK4B,EAAIvd,GAEJtrB,EAAI,GAAIA,EAAI,GAAIA,IAAK6oC,EAAG7oC,GAAKynC,EAAGznC,GAIrC,IAHA+mC,GAAYrX,EAAGmZ,EAAI9yB,EAAI,IACvB8xB,GAAOnY,GAEF1vB,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK6Z,EAAE7Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAKuY,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAE5Z,EAAEuY,IAAMmX,EAAE1vB,GAAKuhB,EAAEhJ,GAIvBqvB,GAAKiB,EAAG3hC,SAAS,IAAK0S,EAExB,CA0HEmvB,CAAYH,EAAWlf,EAAKA,EAAI5pB,OAAQoN,GACjC07B,CACT,EAEAnJ,GAAKnB,KAAK0K,SAAW,SAAStf,EAAKxc,GAGjC,IAFA,IAAI07B,EAAYnJ,GAAKnB,KAAK5U,EAAKxc,GAC3B+7B,EAAM,IAAItpC,WAAW0oC,IAChBroC,EAAI,EAAGA,EAAIipC,EAAInpC,OAAQE,IAAKipC,EAAIjpC,GAAK4oC,EAAU5oC,GACxD,OAAOipC,CACT,EAEAxJ,GAAKnB,KAAK0K,SAASnK,OAAS,SAASnV,EAAKuf,EAAKh/B,GAE7C,GADAq+B,GAAgB5e,EAAKuf,EAAKh/B,GACtBg/B,EAAInpC,SAAWuoC,GACjB,MAAU5oC,MAAM,sBAClB,GA9D+B,KA8D3BwK,EAAUnK,OACZ,MAAUL,MAAM,uBAClB,IAEIO,EAFA6oC,EAAK,IAAIlpC,WAAW0oC,GAAoB3e,EAAI5pB,QAC5C02B,EAAI,IAAI72B,WAAW0oC,GAAoB3e,EAAI5pB,QAE/C,IAAKE,EAAI,EAAGA,EAAIqoC,GAAmBroC,IAAK6oC,EAAG7oC,GAAKipC,EAAIjpC,GACpD,IAAKA,EAAI,EAAGA,EAAI0pB,EAAI5pB,OAAQE,IAAK6oC,EAAG7oC,EAAEqoC,IAAqB3e,EAAI1pB,GAC/D,OAxGF,SAA0Bw2B,EAAGqS,EAAI9yB,EAAGyxB,GAClC,IAAIxnC,EACA8Z,EAAI,IAAIna,WAAW,IAAK+vB,EAAI,IAAI/vB,WAAW,IAC3C2rB,EAAI,CAACoU,KAAMA,KAAMA,KAAMA,MACvB5d,EAAI,CAAC4d,KAAMA,KAAMA,KAAMA,MAE3B,GAAI3pB,EAAI,GAAI,OAAQ,EAEpB,GAAI+xB,GAAUhmB,EAAG0lB,GAAK,OAAQ,EAE9B,IAAKxnC,EAAI,EAAGA,EAAI+V,EAAG/V,IAAKw2B,EAAEx2B,GAAK6oC,EAAG7oC,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKw2B,EAAEx2B,EAAE,IAAMwnC,EAAGxnC,GAUtC,GATA+mC,GAAYrX,EAAG8G,EAAGzgB,GAClB8xB,GAAOnY,GACP2X,GAAW/b,EAAGxJ,EAAG4N,GAEjB4X,GAAWxlB,EAAG+mB,EAAG3hC,SAAS,KAC1B/E,GAAImpB,EAAGxJ,GACPmlB,GAAKntB,EAAGwR,GAERvV,GAAK,GACD0qB,GAAiBoI,EAAI,EAAG/uB,EAAG,GAAI,CACjC,IAAK9Z,EAAI,EAAGA,EAAI+V,EAAG/V,IAAKw2B,EAAEx2B,GAAK,EAC/B,OAAQ,CACZ,CAEE,IAAKA,EAAI,EAAGA,EAAI+V,EAAG/V,IAAKw2B,EAAEx2B,GAAK6oC,EAAG7oC,EAAI,IACtC,OAAO+V,CACT,CA4EUmzB,CAAiB1S,EAAGqS,EAAIA,EAAG/oC,OAAQmK,IAAc,CAC3D,EAEAw1B,GAAKnB,KAAKV,QAAU,WAClB,IAAI4J,EAAK,IAAI7nC,WAzEkB,IA0E3B8nC,EAAK,IAAI9nC,WAzEkB,IA2E/B,OADA4nC,GAAoBC,EAAIC,GACjB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAKnB,KAAKV,QAAQ+K,cAAgB,SAASz7B,GAEzC,GADAo7B,GAAgBp7B,GA/Ee,KAgF3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAElB,IADA,IAAI+nC,EAAK,IAAI7nC,WAnFkB,IAoFtBK,EAAI,EAAGA,EAAIwnC,EAAG1nC,OAAQE,IAAKwnC,EAAGxnC,GAAKkN,EAAU,GAAGlN,GACzD,MAAO,CAACiK,UAAWu9B,EAAIt6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAuyB,GAAKnB,KAAKV,QAAQuL,SAAW,SAASC,GAEpC,GADAd,GAAgBc,GAvFU,KAwFtBA,EAAKtpC,OACP,MAAUL,MAAM,iBAGlB,IAFA,IAAI+nC,EAAK,IAAI7nC,WA5FkB,IA6F3B8nC,EAAK,IAAI9nC,WA5FkB,IA6FtBK,EAAI,EAAGA,EAAI,GAAIA,IAAKynC,EAAGznC,GAAKopC,EAAKppC,GAE1C,OADAunC,GAAoBC,EAAIC,GAAI,GACrB,CAACx9B,UAAWu9B,EAAIt6B,UAAWu6B,EACpC,EAEAhI,GAAK4J,QAAU,SAASlkC,GACtB06B,GAAc16B,CAChB,EAEA,WAGE,GAAIoV,IAAUA,GAAOyf,gBAAiB,CAGpCyF,GAAK4J,SAAQ,SAASzvB,EAAG7D,GACvB,IAAI/V,EAAGgY,EAAI,IAAIrY,WAAWoW,GAC1B,IAAK/V,EAAI,EAAGA,EAAI+V,EAAG/V,GAHT,MAIRua,GAAOyf,gBAAgBhiB,EAAE9Q,SAASlH,EAAGA,EAAI2G,KAAKud,IAAInO,EAAI/V,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAI+V,EAAG/V,IAAK4Z,EAAE5Z,GAAKgY,EAAEhY,IAvGvC,SAAiBqkB,GACf,IAAK,IAAIrkB,EAAI,EAAGA,EAAIqkB,EAAIvkB,OAAQE,IAAKqkB,EAAIrkB,GAAK,CAChD,CAsGMspC,CAAQtxB,EACd,GACA,CACC,CAfD,GC5yCA,MAAMuxB,GAAY,CAChB,mBAAoB5gC,EAAMC,MAAMC,SAChC,aAAcF,EAAMC,MAAMG,SAC1B,aAAcJ,EAAMC,MAAMK,SAC1B,aAAcN,EAAMC,MAAMO,UAC1B,qBAAsBR,EAAMC,MAAMQ,cAClC,uBAAwBT,EAAMC,MAAMU,iBACpC,qBAAsBX,EAAMC,MAAMY,gBAClC,qBAAsBb,EAAMC,MAAMa,gBAClC,qBAAsBd,EAAMC,MAAMc,iBAGpC,MAAM8/B,GACJ,WAAA1rC,CAAY2rC,GACV,GAAIA,aAAeD,GACjBtrC,KAAKurC,IAAMA,EAAIA,SACV,GAAIz0B,EAAKrW,QAAQ8qC,IACbz0B,EAAKtV,aAAa+pC,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAI9pC,WAAW8pC,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAI3pC,OAAS,EAC1B,MAAUL,MAAM,sCAElBgqC,EAAMA,EAAIviC,SAAS,EAC3B,CACMhJ,KAAKurC,IAAMA,CACjB,MACMvrC,KAAKurC,IAAM,EAEjB,CAOE,IAAAlpC,CAAK9B,GACH,GAAIA,EAAMqB,QAAU,EAAG,CACrB,MAAMA,EAASrB,EAAM,GACrB,GAAIA,EAAMqB,QAAU,EAAIA,EAEtB,OADA5B,KAAKurC,IAAMhrC,EAAMyI,SAAS,EAAG,EAAIpH,GAC1B,EAAI5B,KAAKurC,IAAI3pC,MAE5B,CACI,MAAUL,MAAM,cACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKurC,IAAI3pC,SAAU5B,KAAKurC,KAC1E,CAME,KAAAC,GACE,OAAO10B,EAAK6C,gBAAgB3Z,KAAKurC,IACrC,CAOE,OAAAE,GACE,MAAMxjC,EAAOojC,GAAUrrC,KAAKwrC,SAC5B,IAAKvjC,EACH,MAAU1G,MAAM,oCAGlB,OAAO0G,CACX,ECtFO,SAASyjC,GAAiBvhC,GAC/B,IACI2O,EADAwU,EAAM,EAEV,MAAMrZ,EAAO9J,EAAM,GAcnB,OAXI8J,EAAO,MACRqZ,GAAOnjB,EACR2O,EAAS,GACA7E,EAAO,KAChBqZ,GAAQnjB,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7C2O,EAAS,GACS,MAAT7E,IACTqZ,EAAMxW,EAAKc,WAAWzN,EAAMnB,SAAS,EAAG,IACxC8P,EAAS,GAGJ,CACLwU,IAAKA,EACLxU,OAAQA,EAEZ,CASO,SAAS6yB,GAAkB/pC,GAChC,OAAIA,EAAS,IACJ,IAAIH,WAAW,CAACG,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIH,WAAW,CAAyB,KAAtBG,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEkV,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOqV,EAAKgB,YAAYlW,EAAQ,IAChF,CAEO,SAASgqC,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAUtqC,MAAM,iDAElB,OAAO,IAAIE,WAAW,CAAC,IAAMoqC,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAItqC,WAAW,CAAC,IAAOsqC,GAChC,CAUO,SAASC,GAAYD,EAAUnqC,GAEpC,OAAOkV,EAAKpV,iBAAiB,CAACoqC,GAASC,GAAWJ,GAAkB/pC,IACtE,CAOO,SAASqqC,GAAkBhuB,GAChC,MAAO,CACLxT,EAAMkE,OAAOU,YACb5E,EAAMkE,OAAOO,eACbzE,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBACbwP,SAASnB,EACb,CASO3b,eAAe4pC,GAAY3rC,EAAO4rC,GACvC,MAAMzoC,EAASoe,EAAiBvhB,GAChC,IAAII,EACAyrC,EACJ,IACE,MAAMC,QAAoB3oC,EAAOwG,UAAU,GAE3C,IAAKmiC,GAAeA,EAAYzqC,OAAS,KAAuB,IAAjByqC,EAAY,IACzD,MAAU9qC,MAAM,iGAElB,MAAM+qC,QAAmB5oC,EAAOkG,WAChC,IAEI2iC,EAOAC,EATAvuB,GAAO,EACP2gB,GAAU,EAGdA,EAAS,EACS,GAAb0N,IACH1N,EAAS,GAIPA,EAEF3gB,EAAmB,GAAbquB,GAGNruB,GAAoB,GAAbquB,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BR,GAAkBhuB,GAClD,IAiBIyuB,EAjBA/9B,EAAS,KACb,GAAI89B,EAAyB,CAC3B,GAA6B,UAAzB31B,EAAK7V,SAASV,GAAoB,CACpC,MAAM2I,EAAc,IAAIyjC,EACxBhsC,EAASohB,EAAiB7Y,GAC1ByF,EAASzF,CACjB,KAAa,CACL,MAAMtE,EAAY,IAAIoB,gBACtBrF,EAASohB,EAAiBnd,EAAUO,UACpCwJ,EAAS/J,EAAUM,QAC3B,CAEMknC,EAAmBD,EAAS,CAAEluB,MAAKtP,UACzC,MACMA,EAAS,GAIX,EAAG,CACD,GAAKiwB,EAiCE,CAEL,MAAMgO,QAAmBlpC,EAAOkG,WAEhC,GADA8iC,GAAmB,EACfE,EAAa,IACfL,EAAeK,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CL,GAAiBK,EAAa,KAAQ,SAAYlpC,EAAOkG,WAAc,SAElE,GAAIgjC,EAAa,KAAOA,EAAa,KAG1C,GAFAL,EAAe,IAAmB,GAAbK,GACrBF,GAAmB,GACdD,EACH,MAAM,IAAInC,UAAU,2DAItBiC,QAAsB7oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,UAE9B,MApDQ,OAAQ4iC,GACN,KAAK,EAGHD,QAAqB7oC,EAAOkG,WAC5B,MACF,KAAK,EAGH2iC,QAAsB7oC,EAAOkG,YAAc,QAAWlG,EAAOkG,WAC7D,MACF,KAAK,EAGH2iC,QAAsB7oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,WACpB,MACF,QAWE2iC,EAAehkC,IAyBrB,GAAIgkC,EAAe,EAAG,CACpB,IAAI/jC,EAAY,EAChB,OAAa,CACP7H,SAAcA,EAAOgF,MACzB,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,GAAI+pC,IAAiBhkC,IAAU,MAC/B,MAAUhH,MAAM,2BAC5B,CACU,MAAMyB,EAAQupC,IAAiBhkC,IAAWhG,EAAQA,EAAMyG,SAAS,EAAGujC,EAAe/jC,GAInF,GAHI7H,QAAcA,EAAOoC,MAAMC,GAC1B2L,EAAO7L,KAAKE,GACjBwF,GAAajG,EAAMX,OACf4G,GAAa+jC,EAAc,CAC7B7oC,EAAOiG,QAAQpH,EAAMyG,SAASujC,EAAe/jC,EAAYjG,EAAMX,SAC/D,KACZ,CACA,CACA,CACA,OAAa8qC,GAiCT,MAAMG,QAAmBnpC,EAAOwG,UAAUuiC,EAA0BlkC,IAAW,GAS/E,OARI5H,SACIA,EAAOgF,YACPhF,EAAOsC,UAEb0L,EAASmI,EAAKpV,iBAAiBiN,SAEzBw9B,EAAS,CAAEluB,MAAKtP,aAEhBk+B,IAAeA,EAAWjrC,MACnC,CAAC,MAAOsC,GACP,GAAIvD,EAEF,aADMA,EAAOuC,MAAMgB,IACZ,EAEP,MAAMA,CAEZ,CAAY,QACJvD,SACIyrC,EAER1oC,EAAO7C,aACX,CACA,CAEO,MAAMisC,WAAyBvrC,MACpC,WAAA3B,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAM8sC,IAGhC9sC,KAAKiI,KAAO,kBAChB,EAIO,MAAM+kC,WAA2BF,GACtC,WAAAltC,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAM8sC,IAGhC9sC,KAAKiI,KAAO,oBAChB,EAGO,MAAMglC,GACX,WAAArtC,CAAYqe,EAAKivB,GACfltC,KAAKie,IAAMA,EACXje,KAAKktC,WAAaA,CACtB,CAEE,KAAAnqC,GACE,OAAO/C,KAAKktC,UAChB,ECxSO5qC,eAAe6qC,GAASzqB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMiR,EAAYtF,EAAKqF,eACjBixB,QAAqBhxB,EAAUujB,YAAY,WAAW,EAAM,CAAC,OAAQ,WAErEnsB,QAAmB4I,EAAUwjB,UAAU,MAAOwN,EAAa55B,YAC3DzH,QAAkBqQ,EAAUwjB,UAAU,MAAOwN,EAAarhC,WAEhE,MAAO,CACLm3B,EAAG,IAAIzhC,WAAW6d,EAAgBvT,EAAU2P,IAC5CwvB,KAAM5rB,EAAgB9L,EAAW6P,GAEpC,CAAC,MAAOiT,GACP,GAAiB,sBAAbA,EAAIruB,MAA6C,mBAAbquB,EAAIruB,KAC1C,MAAMquB,EAER,MAAM4U,EAAOrP,GAAewR,GAAe3qB,KACnC3W,UAAWm3B,GAAM/3B,GAAQi1B,KAAKV,QAAQuL,SAASC,GACvD,MAAO,CAAEhI,IAAGgI,OACpB,CAEI,KAAKzgC,EAAMsB,UAAUa,MAAO,CAC1B,MAAMA,QAAckK,EAAKQ,cAAc7M,EAAMsB,UAAUa,OACjDs+B,EAAOt+B,EAAM0gC,MAAMC,mBAEzB,MAAO,CAAErK,EADCt2B,EAAM4gC,aAAatC,GACjBA,OAClB,CACI,QACE,MAAU3pC,MAAM,+BAEtB,CAeOe,eAAe89B,GAAK1d,EAAMwd,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GACzE,GAAI/vB,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkBkoB,GAAqB/qB,IAIjF,MAAUnhB,MAAM,sCAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMiR,EAAYtF,EAAKqF,eACjBwiB,EAAM+O,GAAgBhrB,EAAM3W,EAAWyH,GACvC7C,QAAYyL,EAAUkX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,SAMrE,MAAO,CAAEgP,GAJS,IAAIlsC,iBACd2a,EAAUgkB,KAAK,UAAWzvB,EAAK+sB,IAIxC,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIruB,KACN,MAAMquB,EAER,MAAMtnB,EAAY8H,EAAKpV,iBAAiB,CAAC8R,EAAYzH,IAErD,MAAO,CAAE4hC,GADSxiC,GAAQi1B,KAAK0K,SAASpN,EAAQ1uB,GAExD,CAEI,KAAKvE,EAAMsB,UAAUa,MAGnB,MAAO,CAAE+gC,UAFW72B,EAAKQ,cAAc7M,EAAMsB,UAAUa,QAC/BwzB,KAAK1C,EAAQlqB,IAGvC,QACE,MAAUjS,MAAM,+BAGtB,CAaOe,eAAeq+B,GAAOje,EAAMwd,GAAUyN,GAAEA,GAAMrV,EAAGvsB,EAAW2xB,GACjE,GAAI/vB,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkBkoB,GAAqB/qB,IAIjF,MAAUnhB,MAAM,sCAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,IACE,MAAMiR,EAAYtF,EAAKqF,eACjBwiB,EAAMiP,GAAelrB,EAAM3W,GAC3B4E,QAAYyL,EAAUkX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,WAErE,aADuBviB,EAAUukB,OAAO,UAAWhwB,EAAKg9B,EAAIjQ,EAE7D,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIruB,KACN,MAAMquB,EAER,OAAOnrB,GAAQi1B,KAAK0K,SAASnK,OAAOjD,EAAQiQ,EAAI5hC,EACxD,CAEI,KAAKtB,EAAMsB,UAAUa,MAEnB,aADoBkK,EAAKQ,cAAc7M,EAAMsB,UAAUa,QAC1C+zB,OAAOgN,EAAIjQ,EAAQ3xB,GAElC,QACE,MAAUxK,MAAM,+BAEtB,CAiCO,SAAS8rC,GAAe3qB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,OAAO,GAET,KAAKV,EAAMsB,UAAUa,MACnB,OAAO,GAET,QACE,MAAUrL,MAAM,+BAEtB,CAEO,SAASksC,GAAqB/qB,GACnC,OAAQA,GACN,KAAKjY,EAAMsB,UAAUZ,QACnB,OAAOV,EAAMkD,KAAKI,OACpB,KAAKtD,EAAMsB,UAAUa,MACnB,OAAOnC,EAAMkD,KAAKM,OACpB,QACE,MAAU1M,MAAM,sBAEtB,CAEA,MAAMqsC,GAAiB,CAAClrB,EAAM3W,KAC5B,GAAQ2W,IACDjY,EAAMsB,UAAUZ,QAAS,CAO5B,MANY,CACVmzB,IAAK,MACLuP,IAAK,UACLnyB,EAAG+D,EAAgB1T,GACnByyB,KAAK,EAGb,CAEM,MAAUj9B,MAAM,8BACtB,EAGMmsC,GAAkB,CAAChrB,EAAM3W,EAAWyH,KACxC,GAAQkP,IACDjY,EAAMsB,UAAUZ,QAAS,CAC5B,MAAMwzB,EAAMiP,GAAelrB,EAAM3W,GAEjC,OADA4yB,EAAItb,EAAI5D,EAAgBjM,GACjBmrB,CACb,CAEM,MAAUp9B,MAAM,8BACtB,iIAxEOe,eAA8BogB,EAAMwgB,EAAGgI,GAC5C,OAAQxoB,GACN,KAAKjY,EAAMsB,UAAUZ,QAAS,CAM5B,MAAMY,UAAEA,GAAcZ,GAAQi1B,KAAKV,QAAQuL,SAASC,GACpD,OAAOp0B,EAAKqE,iBAAiB+nB,EAAGn3B,EACtC,CAEI,KAAKtB,EAAMsB,UAAUa,MAAO,CAC1B,MAEMb,SAFc+K,EAAKQ,cAAc7M,EAAMsB,UAAUa,QAE/B4gC,aAAatC,GACrC,OAAOp0B,EAAKqE,iBAAiB+nB,EAAGn3B,EACtC,CACI,QACE,OAAO,EAEb,cCrKA,MAAMqQ,GAAYtF,EAAKqF,eAQhB7Z,eAAewrC,GAAKprB,EAAM/R,EAAKo9B,GACpC,MAAM9qB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK5L,EAAK4H,MAAMgE,IAAS/R,EAAI/O,SAAWqhB,EACtC,MAAU1hB,MAAM,oCAGlB,IACE,MAAMysC,QAAoB5xB,GAAUkX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,YAEhFgmC,QAAkB7xB,GAAUkX,UAAU,MAAOya,EAAY,CAAE9lC,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SACnGugC,QAAgB9xB,GAAU+xB,QAAQ,MAAOF,EAAWD,EAAa,CAAE/lC,KAAM,WAC/E,OAAO,IAAIxG,WAAWysC,EACvB,CAAC,MAAO5X,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAERxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,QACrE,CAEE,OAAO66B,GAAWz9B,GAAKqd,QAAQ+f,EACjC,CASOzrC,eAAe+rC,GAAO3rB,EAAM/R,EAAK29B,GACtC,MAAMrrB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK5L,EAAK4H,MAAMgE,IAAS/R,EAAI/O,SAAWqhB,EACtC,MAAU1hB,MAAM,oCAGlB,IAAIysC,EACJ,IACEA,QAAoB5xB,GAAUkX,UAAU,MAAO3iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,aACjF,CAAC,MAAOquB,GAEP,GAAiB,sBAAbA,EAAIruB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAb00B,EAAIruB,MAC3B,MAAMquB,EAGR,OADAxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,SAC1D66B,GAAWz9B,GAAK2d,QAAQggB,EACnC,CAEE,IACE,MAAMC,QAAkBnyB,GAAUoyB,UAAU,MAAOF,EAAaN,EAAa,CAAE/lC,KAAM,UAAY,CAAEA,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SAC3I,OAAO,IAAIlM,iBAAiB2a,GAAUwjB,UAAU,MAAO2O,GACxD,CAAC,MAAOjY,GACP,GAAiB,mBAAbA,EAAIruB,KACN,MAAU1G,MAAM,6BAElB,MAAM+0B,CACV,CACA,uECxFA,MAAMla,GAAYtF,EAAKqF,eAER7Z,eAAemsC,GAAYvO,EAAUwO,EAAUC,EAAMC,EAAM7e,GACxE,MAAMpiB,EAAOlD,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,GACvC,IAAKvyB,EAAM,MAAUpM,MAAM,qCAE3B,MAAMstC,QAAoBzyB,GAAUkX,UAAU,MAAOob,EAAU,QAAQ,EAAO,CAAC,eACzExyB,QAAaE,GAAU0yB,WAAW,CAAE7mC,KAAM,OAAQ0F,OAAMghC,OAAMC,QAAQC,EAAsB,EAAT9e,GACzF,OAAO,IAAItuB,WAAWya,EACxB,CCHA,MAAM6yB,GAAY,CAChBriC,OAAQoK,EAAK0D,WAAW,kBACxB7N,KAAMmK,EAAK0D,WAAW,iBAQjBlY,eAAe6qC,GAASzqB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAE3B,MAAM+M,EAAIoiB,GAAe,KACjB9vB,UAAWm3B,GAAMx2B,GAAOsf,IAAI0T,QAAQ+K,cAAchxB,GAC1D,MAAO,CAAEypB,IAAGzpB,IAClB,CAEI,KAAKhP,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKQ,cAAc7M,EAAMsB,UAAUY,MAChD8M,EAAI9M,EAAK2gC,MAAMC,mBAErB,MAAO,CAAErK,EADCv2B,EAAK6gC,aAAa/zB,GAChBA,IAClB,CACI,QACE,MAAUlY,MAAM,8BAEtB,CA+GO,SAAS8rC,GAAe3qB,GAC7B,OAAQA,GACN,KAAKjY,EAAMsB,UAAUW,OACnB,OAAO,GAET,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO,GAET,QACE,MAAUpL,MAAM,8BAEtB,CAOOe,eAAe0sC,GAAoCtsB,EAAMusB,GAC9D,OAAQvsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMwiC,EAAqBrT,GAAewR,GAAe3qB,IACnDysB,EAAeziC,GAAO69B,WAAW2E,EAAoBD,GAC3DG,GAAmBD,GACnB,MAAQpjC,UAAWsjC,GAAuB3iC,GAAOsf,IAAI0T,QAAQ+K,cAAcyE,GAC3E,MAAO,CAAEG,qBAAoBF,eACnC,CACI,KAAK1kC,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKQ,cAAc7M,EAAMsB,UAAUY,MAChDuiC,EAAqBviC,EAAK2gC,MAAMC,mBAChC4B,EAAexiC,EAAK2iC,gBAAgBJ,EAAoBD,GAC9DG,GAAmBD,GAEnB,MAAO,CAAEE,mBADkB1iC,EAAK6gC,aAAa0B,GAChBC,eACnC,CACI,QACE,MAAU5tC,MAAM,8BAEtB,CAEOe,eAAeitC,GAAsB7sB,EAAM2sB,EAAoBnM,EAAGzpB,GACvE,OAAQiJ,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMyiC,EAAeziC,GAAO69B,WAAW9wB,EAAG41B,GAE1C,OADAD,GAAmBD,GACZA,CACb,CACI,KAAK1kC,EAAMsB,UAAUY,KAAM,CACzB,MACMwiC,SADar4B,EAAKQ,cAAc7M,EAAMsB,UAAUY,OAC5B2iC,gBAAgB71B,EAAG41B,GAE7C,OADAD,GAAmBD,GACZA,CACb,CACI,QACE,MAAU5tC,MAAM,8BAEtB,CAQA,SAAS6tC,GAAmBD,GAC1B,IAAIK,EAAM,EACV,IAAK,IAAI1tC,EAAI,EAAGA,EAAIqtC,EAAavtC,OAAQE,IACvC0tC,GAAOL,EAAartC,GAEtB,GAAY,IAAR0tC,EACF,MAAUjuC,MAAM,6BAEpB,2DAjGOe,eAAuBogB,EAAM2sB,EAAoBI,EAAYvM,EAAGzpB,GACrE,MAAM01B,QAAqBI,GAAsB7sB,EAAM2sB,EAAoBnM,EAAGzpB,GACxEi2B,EAAY54B,EAAKpV,iBAAiB,CACtC2tC,EACAnM,EACAiM,IAEF,OAAQzsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMiS,EAAalU,EAAMoC,UAAUK,QAC7B+V,QAAEA,GAAYD,GAAgBrE,GAEpC,OAAOgxB,GAAahxB,QADQ8vB,GAAYhkC,EAAMkD,KAAKI,OAAQ2hC,EAAW,IAAIjuC,WAAcstC,GAAUriC,OAAQuW,GAC3DwsB,EACrD,CACI,KAAKhlC,EAAMsB,UAAUY,KAAM,CACzB,MAAMgS,EAAalU,EAAMoC,UAAUO,QAC7B6V,QAAEA,GAAYD,GAAgBvY,EAAMoC,UAAUO,QAEpD,OAAOuiC,GAAahxB,QADQ8vB,GAAYhkC,EAAMkD,KAAKM,OAAQyhC,EAAW,IAAIjuC,WAAcstC,GAAUpiC,KAAMsW,GACzDwsB,EACrD,CACI,QACE,MAAUluC,MAAM,8BAEtB,UA9DOe,eAAuBogB,EAAM7b,EAAMooC,GACxC,MAAMI,mBAAEA,EAAkBF,aAAEA,SAAuBH,GAAoCtsB,EAAMusB,GACvFS,EAAY54B,EAAKpV,iBAAiB,CACtC2tC,EACAJ,EACAE,IAEF,OAAQzsB,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMiS,EAAalU,EAAMoC,UAAUK,QAC7B+V,QAAEA,GAAYD,GAAgBrE,GAC9BixB,QAAsBnB,GAAYhkC,EAAMkD,KAAKI,OAAQ2hC,EAAW,IAAIjuC,WAAcstC,GAAUriC,OAAQuW,GAE1G,MAAO,CAAEosB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe/oC,GAErE,CACI,KAAK4D,EAAMsB,UAAUY,KAAM,CACzB,MAAMgS,EAAalU,EAAMoC,UAAUO,QAC7B6V,QAAEA,GAAYD,GAAgBvY,EAAMoC,UAAUO,QAC9CwiC,QAAsBnB,GAAYhkC,EAAMkD,KAAKM,OAAQyhC,EAAW,IAAIjuC,WAAcstC,GAAUpiC,KAAMsW,GAExG,MAAO,CAAEosB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe/oC,GAErE,CAEI,QACE,MAAUtF,MAAM,8BAEtB,+GA/DOe,eAA8BogB,EAAMwgB,EAAGzpB,GAC5C,OAAQiJ,GACN,KAAKjY,EAAMsB,UAAUW,OAAQ,CAK3B,MAAMX,UAAEA,GAAcW,GAAOsf,IAAI0T,QAAQ+K,cAAchxB,GACvD,OAAO3C,EAAKqE,iBAAiB+nB,EAAGn3B,EACtC,CACI,KAAKtB,EAAMsB,UAAUY,KAAM,CACzB,MAKMZ,SALa+K,EAAKQ,cAAc7M,EAAMsB,UAAUY,OAK/B6gC,aAAa/zB,GACpC,OAAO3C,EAAKqE,iBAAiB+nB,EAAGn3B,EACtC,CAEI,QACE,OAAO,EAEb,IC7CA,MAAMqQ,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAElBuzB,GAAY,CAChB,CAACrlC,EAAMC,MAAMC,UAAW,QACxB,CAACF,EAAMC,MAAMG,UAAW,QACxB,CAACJ,EAAMC,MAAMK,UAAW,SAEpBglC,GAAc9rB,GAAaA,GAAW+rB,YAAc,GACpDC,GAAahsB,GAAa,CAC9B,CAACxZ,EAAMC,MAAMO,WAAY8kC,GAAY3wB,SAAS,aAAe,iBAAchd,EAC3E,CAACqI,EAAMC,MAAMC,UAAWolC,GAAY3wB,SAAS,cAAgB,kBAAehd,EAC5E,CAACqI,EAAMC,MAAMG,UAAWklC,GAAY3wB,SAAS,aAAe,iBAAchd,EAC1E,CAACqI,EAAMC,MAAMK,UAAWglC,GAAY3wB,SAAS,aAAe,iBAAchd,EAC1E,CAACqI,EAAMC,MAAMQ,eAAgB6kC,GAAY3wB,SAAS,WAAa,eAAYhd,EAC3E,CAACqI,EAAMC,MAAMU,kBAAmB2kC,GAAY3wB,SAAS,UAAY,cAAWhd,EAC5E,CAACqI,EAAMC,MAAMY,iBAAkBykC,GAAY3wB,SAAS,mBAAqB,uBAAoBhd,EAC7F,CAACqI,EAAMC,MAAMa,iBAAkBwkC,GAAY3wB,SAAS,mBAAqB,uBAAoBhd,EAC7F,CAACqI,EAAMC,MAAMc,iBAAkBukC,GAAY3wB,SAAS,mBAAqB,uBAAoBhd,GAC3F,CAAE,EAEA8tC,GAAS,CACb,CAACzlC,EAAMC,MAAMC,UAAW,CACtB4gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5D4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMC,UAC7B0lC,IAAKP,GAAUrlC,EAAMC,MAAMC,UAC3B2lC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMG,UAAW,CACtB0gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB6U,OAAQpY,EAAMoC,UAAUM,OACxBijC,KAAMH,GAAWxlC,EAAMC,MAAMG,UAC7BwlC,IAAKP,GAAUrlC,EAAMC,MAAMG,UAC3BylC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMK,UAAW,CACtBwgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB4U,OAAQpY,EAAMoC,UAAUO,OACxBgjC,KAAMH,GAAWxlC,EAAMC,MAAMK,UAC7BslC,IAAKP,GAAUrlC,EAAMC,MAAMK,UAC3BulC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMO,WAAY,CACvBsgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMO,WAC7BqlC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMQ,eAAgB,CAC3BqgC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClE4E,QAAS1lC,EAAMsB,UAAUQ,YACzBoB,KAAMlD,EAAMkD,KAAKM,OACjBmiC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC/lC,EAAMC,MAAMU,kBAAmB,CAC9BmgC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxE4E,QAAS1lC,EAAMsB,UAAUM,KACzBsB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC/lC,EAAMC,MAAMY,iBAAkB,CAC7BigC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB8U,OAAQpY,EAAMoC,UAAUK,OACxBkjC,KAAMH,GAAWxlC,EAAMC,MAAMY,iBAC7BglC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMa,iBAAkB,CAC7BggC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB6U,OAAQpY,EAAMoC,UAAUM,OACxBijC,KAAMH,GAAWxlC,EAAMC,MAAMa,iBAC7B+kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC/lC,EAAMC,MAAMc,iBAAkB,CAC7B+/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAAS1lC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB4U,OAAQpY,EAAMoC,UAAUO,OACxBgjC,KAAMH,GAAWxlC,EAAMC,MAAMc,iBAC7B8kC,YAAa,GACbE,sBAAuB,IAI3B,MAAMC,GACJ,WAAA7wC,CAAY8wC,GACV,IACE1wC,KAAKiI,KAAOyoC,aAAqBpF,GAC/BoF,EAAUjF,UACVhhC,EAAM1H,MAAM0H,EAAMC,MAAMgmC,EAC3B,CAAC,MAAOpa,GACP,MAAM,IAAIwW,GAAiB,gBACjC,CACI,MAAMlmB,EAASspB,GAAOlwC,KAAKiI,MAE3BjI,KAAKmwC,QAAUvpB,EAAOupB,QAEtBnwC,KAAKurC,IAAM3kB,EAAO2kB,IAClBvrC,KAAK2N,KAAOiZ,EAAOjZ,KACnB3N,KAAK6iB,OAAS+D,EAAO/D,OACrB7iB,KAAKowC,KAAOxpB,EAAOwpB,KACnBpwC,KAAKqwC,IAAMzpB,EAAOypB,IAClBrwC,KAAKswC,YAAc1pB,EAAO0pB,YAC1BtwC,KAAKuwC,WAAa3pB,EAAO2pB,WACzBvwC,KAAKwwC,sBAAwB5pB,EAAO4pB,sBAChCxwC,KAAKqwC,KAAOv5B,EAAKqF,eACnBnc,KAAKiU,KAAO,MACHjU,KAAKowC,MAAQt5B,EAAKyF,gBAC3Bvc,KAAKiU,KAAO,OACHjU,KAAKiI,OAASwC,EAAMC,MAAMU,iBACnCpL,KAAKiU,KAAO,mBACHjU,KAAKiI,OAASwC,EAAMC,MAAMQ,gBACnClL,KAAKiU,KAAO,gBAElB,CAEE,gBAAM08B,GACJ,OAAQ3wC,KAAKiU,MACX,IAAK,MACH,IACE,aAsIV3R,eAA6B2F,EAAMuoC,GAEjC,MAAMpD,QAAqBhxB,GAAUujB,YAAY,CAAE13B,KAAM,QAAS2oC,WAAYd,GAAU7nC,KAAS,EAAM,CAAC,OAAQ,WAE1GuL,QAAmB4I,GAAUwjB,UAAU,MAAOwN,EAAa55B,YAC3DzH,QAAkBqQ,GAAUwjB,UAAU,MAAOwN,EAAarhC,WAEhE,MAAO,CACLA,UAAW8kC,GAAe9kC,EAAWykC,GACrCh9B,WAAY8L,EAAgB9L,EAAW6P,GAE3C,CAjJuBytB,CAAc9wC,KAAKiI,KAAMjI,KAAKwwC,sBAC5C,CAAC,MAAOla,GAEP,OADAxf,EAAK2E,gBAAgB,6CAA+C6a,EAAI/iB,SACjEw9B,GAAa/wC,KAAKiI,KACnC,CACM,IAAK,OACH,OA6IR3F,eAA8B2F,GAE5B,MAAMoE,EAAO4X,GAAW+sB,WAAWf,GAAWhoC,IAE9C,aADMoE,EAAK4kC,eACJ,CACLllC,UAAW,IAAItK,WAAW4K,EAAKmhC,gBAC/Bh6B,WAAY,IAAI/R,WAAW4K,EAAK6kC,iBAEpC,CArJeC,CAAenxC,KAAKiI,MAC7B,IAAK,mBAAoB,CAEvB,MAAMwR,EAAEA,EAACypB,EAAEA,SAAYkO,GAAc3mC,EAAMsB,UAAUW,QAC/C8G,EAAaiG,EAAE9W,QAAQsoB,UAC7BzX,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAElB,MAAO,CAAEzH,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKwwC,wBAAyBtN,IACnE1vB,aAC5B,CACM,IAAK,gBAAiB,CACpB,MAAQ03B,KAAM13B,EAAU0vB,EAAEA,SAAYmO,GAAc5mC,EAAMsB,UAAUZ,SAEpE,MAAO,CAAEY,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKwwC,wBAAyBtN,IACnE1vB,aAC5B,CACM,QACE,OAAOu9B,GAAa/wC,KAAKiI,MAEjC,EAmCA3F,eAAegvC,GAAuB5uB,EAAM6oB,EAAKgG,EAAGluB,GAClD,MAAMmuB,EAAkB,CACtB,CAAC/mC,EAAMC,MAAMC,WAAW,EACxB,CAACF,EAAMC,MAAMG,WAAW,EACxB,CAACJ,EAAMC,MAAMK,WAAW,EACxB,CAACN,EAAMC,MAAMO,YAAY,EACzB,CAACR,EAAMC,MAAMU,kBAAmBsX,IAASjY,EAAMsB,UAAUM,KACzD,CAAC5B,EAAMC,MAAMY,kBAAkB,EAC/B,CAACb,EAAMC,MAAMa,kBAAkB,EAC/B,CAACd,EAAMC,MAAMc,kBAAkB,GAI3BgM,EAAY+zB,EAAIE,UACtB,IAAK+F,EAAgBh6B,GACnB,OAAO,EAGT,GAAIA,IAAc/M,EAAMC,MAAMU,iBAAkB,CAC9CiY,EAAIA,EAAE1gB,QAAQsoB,UAEd,MAAMlf,UAAEA,GAAcw1B,GAAKvV,IAAI0T,QAAQ+K,cAAcpnB,GAErDkuB,EAAI,IAAI9vC,WAAW8vC,GACnB,MAAME,EAAK,IAAIhwC,WAAW,CAAC,MAASsK,IACpC,QAAK+K,EAAKqE,iBAAiBs2B,EAAIF,EAKnC,CAEE,MAKME,SALmB36B,EAAKQ,cAAc7M,EAAMsB,UAAUO,MAAOkL,IAK7Cg2B,aAAanqB,GAAG,GACtC,QAAKvM,EAAKqE,iBAAiBs2B,EAAIF,EAKjC,CAMA,SAASG,GAA0BhnC,EAAOinC,GACxC,MAAMrB,YAAEA,EAAWE,sBAAEA,EAAuBvoC,KAAMuP,GAAc9M,EAE1DknC,EAAap6B,IAAc/M,EAAMC,MAAMU,kBAAoBoM,IAAc/M,EAAMC,MAAMQ,cAAiBolC,EAA4B,EAAdA,EAE1H,GAAIqB,EAAE,KAAOnB,GAAyBmB,EAAE/vC,SAAWgwC,EAAY,EAC7D,MAAUrwC,MAAM,yBAEpB,CAWAe,eAAeyuC,GAAa9oC,GAC1B,MAAM4pC,QAAmB/6B,EAAKQ,cAAc7M,EAAMsB,UAAUO,MAAOrE,GAC7DuL,EAAaq+B,EAAWvE,MAAMC,mBAEpC,MAAO,CAAExhC,UADS8lC,EAAWrE,aAAah6B,GAAY,GAClCA,aACtB,CAoCA,SAASq9B,GAAelS,EAAK6R,GAC3B,MAAMsB,EAAOxyB,EAAgBqf,EAAIjjB,GAC3Bq2B,EAAOzyB,EAAgBqf,EAAI9D,GAC3B9uB,EAAY,IAAItK,WAAWqwC,EAAKlwC,OAASmwC,EAAKnwC,OAAS,GAI7D,OAHAmK,EAAU,GAAKykC,EACfzkC,EAAU5J,IAAI2vC,EAAM,GACpB/lC,EAAU5J,IAAI4vC,EAAMD,EAAKlwC,OAAS,GAC3BmK,CACT,CASA,SAASimC,GAAe1B,EAAaroC,EAAM8D,GACzC,MAAMuhB,EAAMgjB,EACNwB,EAAO/lC,EAAUpJ,MAAM,EAAG2qB,EAAM,GAChCykB,EAAOhmC,EAAUpJ,MAAM2qB,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgR,IAAK,KACLuP,IAAK5lC,EACLyT,EAAG+D,EAAgBqyB,GACnBjX,EAAGpb,EAAgBsyB,GACnBvT,KAAK,EAGT,CAUA,SAAST,GAAauS,EAAaroC,EAAM8D,EAAWyH,GAClD,MAAMmrB,EAAMqT,GAAe1B,EAAaroC,EAAM8D,GAE9C,OADA4yB,EAAItb,EAAI5D,EAAgBjM,GACjBmrB,CACT,CCvWA,MAAMviB,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAgBjBja,eAAe89B,GAAKmL,EAAKrL,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GACxE,MAAMhzB,EAAQ,IAAI+lC,GAAalF,GAE/B,GADAmG,GAA0BhnC,EAAOqB,GAC7BwH,IAAYuD,EAAK7V,SAASsS,GAAU,CACtC,MAAMmsB,EAAU,CAAE3zB,YAAWyH,cAC7B,OAAQ9I,EAAMuJ,MACZ,IAAK,MAEH,IAEE,aAqIV3R,eAAuBoI,EAAOw1B,EAAU3sB,EAASmsB,GAC/C,MAAMpS,EAAM5iB,EAAM4lC,YACZ3R,EAAMZ,GAAarzB,EAAM4lC,YAAaR,GAAUplC,EAAMzC,MAAOy3B,EAAQ3zB,UAAW2zB,EAAQlsB,YACxF7C,QAAYyL,GAAUkX,UAC1B,MACAqL,EACA,CACE12B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,SAGGkB,EAAY,IAAIpN,iBAAiB2a,GAAUgkB,KAC/C,CACEn4B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,KAE5CvvB,EACA4C,IAGF,MAAO,CACLoI,EAAG9M,EAAUlM,MAAM,EAAG2qB,GACtBzT,EAAGhL,EAAUlM,MAAM2qB,EAAKA,GAAO,GAEnC,CAlKuB+S,CAAQ31B,EAAOw1B,EAAU3sB,EAASmsB,EAChD,CAAC,MAAOpJ,GAIP,GAAmB,aAAf5rB,EAAMzC,OAAqC,cAAbquB,EAAIruB,MAAqC,mBAAbquB,EAAIruB,MAChE,MAAMquB,EAERxf,EAAK2E,gBAAgB,oCAAsC6a,EAAI/iB,QACzE,CACQ,MACF,IAAK,OACH,OAoLRjR,eAAwBoI,EAAOw1B,EAAU3sB,EAASC,GAEhD,MAAMy+B,EAAan7B,EAAKG,YAAY,eAC9Bi7B,EAAap7B,EAAK4F,iBAChBlJ,WAAY2+B,GAAkBF,EAAWG,YAAY,CAC3D56B,UAAWy4B,GAAWvlC,EAAMzC,MAC5BuL,WAAY0+B,EAAW1xB,KAAKhN,KAGxB4sB,EAAOnc,GAAWqc,WAAW71B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC1DE,EAAKr9B,MAAMwQ,GACX6sB,EAAK93B,MAEL,MAAMuG,EAAY,IAAIpN,WAAW2+B,EAAKA,KAAK,CAAEzvB,IAAKwhC,EAAevT,OAAQ,MAAO3qB,KAAM,OAAQo+B,YAAa,gBACrG/kB,EAAM5iB,EAAM4lC,YAElB,MAAO,CACL30B,EAAG9M,EAAU7F,SAAS,EAAGskB,GACzBzT,EAAGhL,EAAU7F,SAASskB,EAAKA,GAAO,GAEtC,CAxMeiT,CAAS71B,EAAOw1B,EAAU3sB,EAASC,GAElD,CAEE,MAEM3E,SAFmBiI,EAAKQ,cAAc7M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAE5Cm4B,KAAK1C,EAAQlqB,EAAY,CAAE8+B,MAAM,IAC9D,MAAO,CACL32B,EAAG+f,GAAmB7sB,EAAU8M,EAAG,KAAMjR,EAAM4lC,aAC/Cz2B,EAAG6hB,GAAmB7sB,EAAUgL,EAAG,KAAMnP,EAAM4lC,aAEnD,CAcOhuC,eAAeq+B,GAAO4K,EAAKrL,EAAUrxB,EAAW0E,EAASxH,EAAW2xB,GACzE,MAAMhzB,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAOqB,GAOjC,MAAMwmC,EAAmCjwC,SACzB,IAAdo7B,EAAO,IACL8U,GAAS9nC,EAAOmE,EAAW6uB,EAAO10B,SAAS,GAAI+C,GAInD,GAAIwH,IAAYuD,EAAK7V,SAASsS,GAC5B,OAAQ7I,EAAMuJ,MACZ,IAAK,MACH,IAEE,MAAMw+B,QA2GhBnwC,eAAyBoI,EAAOw1B,GAAUvkB,EAAG9B,EAAEA,GAAKtG,EAASxH,GAC3D,MAAM4yB,EAAMqT,GAAetnC,EAAM4lC,YAAaR,GAAUplC,EAAMzC,MAAO8D,GAC/D4E,QAAYyL,GAAUkX,UAC1B,MACAqL,EACA,CACE12B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,WAGGkB,EAAYiI,EAAKpV,iBAAiB,CAACia,EAAG9B,IAAIvQ,OAEhD,OAAO8S,GAAUukB,OACf,CACE14B,KAAQ,QACR2oC,WAAcd,GAAUplC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS6xB,KAE5CvvB,EACA9B,EACA0E,EAEJ,CArIiCqtB,CAAUl2B,EAAOw1B,EAAUrxB,EAAW0E,EAASxH,GACtE,OAAO0mC,GAAYF,GACpB,CAAC,MAAOjc,GAIP,GAAmB,aAAf5rB,EAAMzC,OAAqC,cAAbquB,EAAIruB,MAAqC,mBAAbquB,EAAIruB,MAChE,MAAMquB,EAERxf,EAAK2E,gBAAgB,sCAAwC6a,EAAI/iB,QAC3E,CACQ,MACF,IAAK,OAAQ,CACX,MAAMk/B,QAgJdnwC,eAA0BoI,EAAOw1B,GAAUvkB,EAAG9B,EAAEA,GAAKtG,EAASxH,GAC5D,MAAMkmC,EAAan7B,EAAKG,YAAY,eAC9Bi7B,EAAap7B,EAAK4F,iBAChB3Q,UAAW2mC,GAAiBT,EAAWG,YAAY,CACzD56B,UAAWy4B,GAAWvlC,EAAMzC,MAC5B8D,UAAWmmC,EAAW1xB,KAAKzU,KAGvB40B,EAAS1c,GAAW4c,aAAap2B,EAAMpI,KAAKoI,EAAMkD,KAAMuyB,IAC9DS,EAAO59B,MAAMwQ,GACbotB,EAAOr4B,MAEP,MAAMuG,EAAYiI,EAAKpV,iBAAiB,CAACia,EAAG9B,IAE5C,IACE,OAAO8mB,EAAOA,OAAO,CAAEhwB,IAAK+hC,EAAc9T,OAAQ,MAAO3qB,KAAM,OAAQo+B,YAAa,cAAgBxjC,EACrG,CAAC,MAAOynB,GACP,OAAO,CACX,CACA,CAnK+BwK,CAAWp2B,EAAOw1B,EAAUrxB,EAAW0E,EAASxH,GACvE,OAAO0mC,GAAYF,GAC3B,EAKE,aADuBC,GAAS9nC,EAAOmE,EAAW6uB,EAAQ3xB,IACvCwmC,GACrB,CAiDAjwC,eAAekwC,GAAS9nC,EAAOmE,EAAW6uB,EAAQ3xB,GAGhD,aAFyB+K,EAAKQ,cAAc7M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAEvD04B,OAAO7pB,EAAKpV,iBAAiB,CAACmN,EAAU8M,EAAG9M,EAAUgL,IAAK6jB,EAAQ3xB,EAAW,CAAEumC,MAAM,GACzG,0EA3COhwC,eAA8BipC,EAAKgG,EAAGluB,GAC3C,MAAM3Y,EAAQ,IAAI+lC,GAAalF,GAE/B,GAAI7gC,EAAMylC,UAAY1lC,EAAMsB,UAAUO,MACpC,OAAO,EAKT,OAAQ5B,EAAMuJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMV,EAAUsoB,GAAe,GACzBqE,EAAWz1B,EAAMkD,KAAKI,OACtB2vB,QAAe/vB,GAAK6W,OAAO0b,EAAU3sB,GAC3C,IACE,MAAM1E,QAAkBuxB,GAAKmL,EAAKrL,EAAU3sB,EAASg+B,EAAGluB,EAAGqa,GAE3D,aAAaiD,GAAO4K,EAAKrL,EAAUrxB,EAAW0E,EAASg+B,EAAG7T,EAC3D,CAAC,MAAOpH,GACP,OAAO,CACf,CACA,CACI,QACE,OAAOgb,GAAuB7mC,EAAMsB,UAAUO,MAAOi/B,EAAKgG,EAAGluB,GAEnE,qEC9HO/gB,eAAoBipC,EAAKrL,EAAU3sB,EAASxH,EAAWyH,EAAYkqB,GAGxE,GADAgU,GADc,IAAIjB,GAAalF,GACEx/B,GAC7B4B,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkB9a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAQosC,GAAI9+B,SAAoB8jC,GAAUloC,EAAMsB,UAAUZ,QAAS+0B,EAAU3sB,EAASxH,EAAU/C,SAAS,GAAIwK,EAAYkqB,GAEzH,MAAO,CACL/hB,EAAG9M,EAAU7F,SAAS,EAAG,IACzB6Q,EAAGhL,EAAU7F,SAAS,IAE1B,iBAkCO1G,eAA8BipC,EAAKgG,EAAG93B,GAE3C,GAAI8xB,EAAIE,YAAchhC,EAAMC,MAAMQ,cAChC,OAAO,EAOT,MAAMa,UAAEA,GAAcw1B,GAAKnB,KAAKV,QAAQuL,SAASxxB,GAC3Cg4B,EAAK,IAAIhwC,WAAW,CAAC,MAASsK,IACpC,OAAO+K,EAAKqE,iBAAiBo2B,EAAGE,EAElC,SAlCOnvC,eAAsBipC,EAAKrL,GAAUvkB,EAAG9B,EAAEA,GAAKye,EAAGvsB,EAAW2xB,GAGlE,GADAgU,GADc,IAAIjB,GAAalF,GACEx/B,GAC7B4B,GAAK4X,kBAAkB2a,GAAYvyB,GAAK4X,kBAAkB9a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAMosC,EAAK72B,EAAKpV,iBAAiB,CAACia,EAAG9B,IACrC,OAAO+4B,GAAYnoC,EAAMsB,UAAUZ,QAAS+0B,EAAU,CAAEyN,MAAMrV,EAAGvsB,EAAU/C,SAAS,GAAI00B,EAC1F,ICrDO,SAAS9iB,GAAOrH,GACrB,MAAM6P,EAAI,EAAK7P,EAAQ3R,OAAS,EAC1BiX,EAAS,IAAIpX,WAAW8R,EAAQ3R,OAASwhB,GAAGsE,KAAKtE,GAEvD,OADAvK,EAAO1W,IAAIoR,GACJsF,CACT,CAOO,SAASmC,GAAOzH,GACrB,MAAM+Z,EAAM/Z,EAAQ3R,OACpB,GAAI0rB,EAAM,EAAG,CACX,MAAMlK,EAAI7P,EAAQ+Z,EAAM,GACxB,GAAIlK,GAAK,EAAG,CACV,MAAMyvB,EAAWt/B,EAAQvK,SAASskB,EAAMlK,GAClC0vB,EAAW,IAAIrxC,WAAW2hB,GAAGsE,KAAKtE,GACxC,GAAItM,EAAKqE,iBAAiB03B,EAAUC,GAClC,OAAOv/B,EAAQvK,SAAS,EAAGskB,EAAMlK,EAEzC,CACA,CACE,MAAU7hB,MAAM,kBAClB,yECxBA,MAAM6a,GAAYtF,EAAKqF,eACjB8H,GAAanN,EAAKyF,gBAexB,SAASw2B,GAAeC,EAAazH,EAAK0H,EAAWC,GACnD,OAAOp8B,EAAKpV,iBAAiB,CAC3B6pC,EAAIxoC,QACJ,IAAItB,WAAW,CAACuxC,IAChBC,EAAUlwC,QACV+T,EAAKiD,mBAAmB,wBACxBm5B,GAEJ,CAGA5wC,eAAe6wC,GAAIjT,EAAUgC,EAAGtgC,EAAQwxC,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAIxxC,EACJ,GAAIuxC,EAAc,CAEhB,IAAKvxC,EAAI,EAAGA,EAAIogC,EAAEtgC,QAAmB,IAATsgC,EAAEpgC,GAAUA,KACxCogC,EAAIA,EAAEl5B,SAASlH,EACnB,CACE,GAAIwxC,EAAe,CAEjB,IAAKxxC,EAAIogC,EAAEtgC,OAAS,EAAGE,GAAK,GAAc,IAATogC,EAAEpgC,GAAUA,KAC7CogC,EAAIA,EAAEl5B,SAAS,EAAGlH,EAAI,EAC1B,CAME,aALqB6L,GAAK6W,OAAO0b,EAAUppB,EAAKpV,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBygC,EACAkR,MAEYpqC,SAAS,EAAGpH,EAC5B,CAUAU,eAAeixC,GAAsB7oC,EAAO6mC,GAC1C,OAAQ7mC,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAQk7B,aAAcqE,EAASnE,mBAAEA,SAA6BoE,GAAyChpC,EAAMsB,UAAUW,OAAQ6kC,EAAEvoC,SAAS,IAE1I,MAAO,CAAE+C,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACiJ,EAAM8lC,wBAAyBnB,IACpEmE,YAC1B,CACI,IAAK,MACH,GAAI9oC,EAAM2lC,KAAOv5B,EAAKqF,eACpB,IACE,aA8LV7Z,eAAqCoI,EAAO6mC,GAC1C,MAAM5S,EAAMqT,GAAetnC,EAAM4lC,YAAa5lC,EAAM2lC,IAAKkB,GACzD,IAAI7R,EAAUtjB,GAAUujB,YACtB,CACE13B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,CAAC,YAAa,eAEZqD,EAAYt3B,GAAUkX,UACxB,MACAqL,EACA,CACE12B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,KAED3Q,EAASgU,SAAmBxzC,QAAQ4E,IAAI,CAAC46B,EAASgU,IACnD,IAAI75B,EAAIuC,GAAU0yB,WAChB,CACE7mC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,IAClBsD,OAAQD,GAEVhU,EAAQlsB,WACR9I,EAAM6lC,YAEJnjB,EAAIhR,GAAUwjB,UAChB,MACAF,EAAQ3zB,YAET8N,EAAGuT,SAAWltB,QAAQ4E,IAAI,CAAC+U,EAAGuT,IAC/B,MAAMomB,EAAY,IAAI/xC,WAAWoY,GAC3B9N,EAAY,IAAItK,WAAWovC,GAAezjB,EAAG1iB,EAAM8lC,wBACzD,MAAO,CAAEzkC,YAAWynC,YACtB,CApOuBI,CAAsBlpC,EAAO6mC,EAC3C,CAAC,MAAOjb,GAEP,OADAxf,EAAK2E,gBAAgB6a,GACdud,GAAqBnpC,EAAO6mC,EAC7C,CAEM,MACF,IAAK,OACH,OAuPNjvC,eAAsCoI,EAAO6mC,GAC3C,MAAMuC,EAAS7vB,GAAW+sB,WAAWtmC,EAAM0lC,MAC3C0D,EAAO7C,eACP,MAAMuC,EAAY,IAAI/xC,WAAWqyC,EAAOC,cAAcxC,IAChDxlC,EAAY,IAAItK,WAAWqyC,EAAOtG,gBACxC,MAAO,CAAEzhC,YAAWynC,YACtB,CA7PaQ,CAAuBtpC,EAAO6mC,GACvC,QACE,OAAOsC,GAAqBnpC,EAAO6mC,GAGzC,CAoCAjvC,eAAe2xC,GAAuBvpC,EAAOinC,EAAGJ,EAAGluB,GACjD,GAAIA,EAAEzhB,SAAW8I,EAAM4lC,YAAa,CAClC,MAAM98B,EAAa,IAAI/R,WAAWiJ,EAAM4lC,aACxC98B,EAAWrR,IAAIkhB,EAAG3Y,EAAM4lC,YAAcjtB,EAAEzhB,QACxCyhB,EAAI7P,CACR,CACE,OAAQ9I,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAMjF,EAAYqU,EAAE1gB,QAAQsoB,UAE5B,MAAO,CAAEjc,YAAWwkC,gBADIU,GAA2BzpC,EAAMsB,UAAUW,OAAQilC,EAAE3oC,SAAS,GAAIuoC,EAAEvoC,SAAS,GAAIgG,GAE/G,CACI,IAAK,MACH,GAAItE,EAAM2lC,KAAOv5B,EAAKqF,eACpB,IACE,aA2EV7Z,eAAsCoI,EAAOinC,EAAGJ,EAAGluB,GACjD,MAAMqwB,EAAY3V,GAAarzB,EAAM4lC,YAAa5lC,EAAM2lC,IAAKkB,EAAGluB,GAChE,IAAI7P,EAAa4I,GAAUkX,UACzB,MACAogB,EACA,CACEzrC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,CAAC,YAAa,eAEhB,MAAM1R,EAAMqT,GAAetnC,EAAM4lC,YAAa5lC,EAAM2lC,IAAKsB,GACzD,IAAImC,EAAS13B,GAAUkX,UACrB,MACAqL,EACA,CACE12B,KAAM,OACN2oC,WAAYlmC,EAAM2lC,MAEpB,EACA,KAED78B,EAAYsgC,SAAgB5zC,QAAQ4E,IAAI,CAAC0O,EAAYsgC,IACtD,IAAIjc,EAAIzb,GAAU0yB,WAChB,CACE7mC,KAAM,OACN2oC,WAAYlmC,EAAM2lC,IAClBsD,OAAQG,GAEVtgC,EACA9I,EAAM6lC,YAEJ4D,EAAS/3B,GAAUwjB,UACrB,MACApsB,IAEDqkB,EAAGsc,SAAgBj0C,QAAQ4E,IAAI,CAAC+yB,EAAGsc,IACpC,MAAMX,EAAY,IAAI/xC,WAAWo2B,GAEjC,MAAO,CAAE7oB,UADSsQ,EAAgB60B,EAAO9wB,GACrBmwB,YACtB,CApHuBY,CAAuB1pC,EAAOinC,EAAGJ,EAAGluB,EAClD,CAAC,MAAOiT,GAEP,OADAxf,EAAK2E,gBAAgB6a,GACd+d,GAAsB3pC,EAAOinC,EAAGtuB,EACjD,CAEM,MACF,IAAK,OACH,OAuKN/gB,eAAuCoI,EAAOinC,EAAGtuB,GAC/C,MAAMqwB,EAAYzvB,GAAW+sB,WAAWtmC,EAAM0lC,MAC9CsD,EAAUY,cAAcjxB,GACxB,MAAMmwB,EAAY,IAAI/xC,WAAWiyC,EAAUK,cAAcpC,IAEzD,MAAO,CAAE3iC,UADS,IAAIvN,WAAWiyC,EAAUxC,iBACvBsC,YACtB,CA7Kae,CAAwB7pC,EAAOinC,EAAGtuB,GAC3C,QACE,OAAOgxB,GAAsB3pC,EAAOinC,EAAGtuB,GAE7C,CAmCA/gB,eAAe+xC,GAAsB3pC,EAAOinC,EAAGtuB,GAK7C,MAAO,CAAErU,UAAWqU,EAAGmwB,iBAJE18B,EAAKQ,cAAc7M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAE9BqnC,gBAAgBjsB,EAAGsuB,GACpB3oC,SAAS,GAEpD,CAEA1G,eAAeuxC,GAAqBnpC,EAAO6mC,GACzC,MAAMM,QAAmB/6B,EAAKQ,cAAc7M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAChE8D,UAAW4lC,EAAGn+B,WAAYsG,SAAYpP,EAAMimC,aAKpD,MAAO,CAAE5kC,UAAW4lC,EAAG6B,UAFQ3B,EAAWvC,gBAAgBx1B,EAAGy3B,GACpBvoC,SAAS,GAEpD,2DApCO1G,eAAuBipC,EAAK0H,EAAWtB,EAAG6C,EAAGjD,EAAGluB,EAAG6vB,GACxD,MAAMxoC,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAO6mC,GACjCG,GAA0BhnC,EAAOinC,GACjC,MAAM6B,UAAEA,SAAoBS,GAAuBvpC,EAAOinC,EAAGJ,EAAGluB,GAC1D+vB,EAAQL,GAAetoC,EAAMsB,UAAUM,KAAMk/B,EAAK0H,EAAWC,IAC7DjwB,QAAEA,GAAYD,GAAgBiwB,EAAUpwB,QAC9C,IAAIyT,EACJ,IAAK,IAAIx0B,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAEE,MAAMqhC,QAAUgQ,GAAIF,EAAUtlC,KAAM6lC,EAAWvwB,EAASmwB,EAAa,IAANtxC,EAAe,IAANA,GACxE,OAAO2yC,SAAmB9E,GAAasD,EAAUpwB,OAAQsgB,EAAGqR,GAC7D,CAAC,MAAOtwC,GACPoyB,EAAMpyB,CACZ,CAEE,MAAMoyB,CACR,UAnFOh0B,eAAuBipC,EAAK0H,EAAWpsC,EAAM0qC,EAAG2B,GACrD,MAAM5a,EAAIoc,GAAa7tC,GAEjB6D,EAAQ,IAAI+lC,GAAalF,GAC/BmG,GAA0BhnC,EAAO6mC,GACjC,MAAMxlC,UAAEA,EAASynC,UAAEA,SAAoBD,GAAsB7oC,EAAO6mC,GAC9D6B,EAAQL,GAAetoC,EAAMsB,UAAUM,KAAMk/B,EAAK0H,EAAWC,IAC7DjwB,QAAEA,GAAYD,GAAgBiwB,EAAUpwB,QACxCsgB,QAAUgQ,GAAIF,EAAUtlC,KAAM6lC,EAAWvwB,EAASmwB,GAExD,MAAO,CAAErnC,YAAW0jC,iBADKI,GAAWoD,EAAUpwB,OAAQsgB,EAAG7K,GAE3D,iBA9FOh2B,eAA8BipC,EAAKgG,EAAGluB,GAC3C,OAAOiuB,GAAuB7mC,EAAMsB,UAAUM,KAAMk/B,EAAKgG,EAAGluB,EAC9D,6HJ8JA/gB,eAAwBkV,GACtB,MAAM9M,EAAQ,IAAI+lC,GAAaj5B,IACzB+zB,IAAEA,EAAG59B,KAAEA,EAAIkV,OAAEA,GAAWnY,EACxBg1B,QAAgBh1B,EAAMimC,aAC5B,MAAO,CACLpF,MACAgG,EAAG7R,EAAQ3zB,UACXooC,OAAQr9B,EAAK8B,QAAQ8mB,EAAQlsB,WAAY9I,EAAM4lC,aAC/C3iC,OACAkV,SAEJ,uBAOA,SAA8B0oB,GAC5B,OAAO2E,GAAO3E,EAAIE,WAAW99B,IAC/B,IK/LA,MAAMqsB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,0DAaZ5kB,eAAoB49B,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGlI,GACpD,MAAMse,EAAM9S,OAAO,GAMnB,IAAIzN,EACAkC,EACA9B,EACA+B,EARJwR,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBnW,EAAIwe,GAAmBxe,GAMvBmW,EAAIsI,GAAItI,EAAGzE,GACX1R,EAAIye,GAAIze,EAAGkI,GAMX,MAAM4N,EAAI2I,GAAID,GAAmBwD,EAAO10B,SAAS,EAAGsB,GAAWsZ,KAAMA,GAMrE,OAAa,CAIX,GAFAnK,EAAIsiB,GAAoB9B,GAAKrW,GAC7BjI,EAAIwe,GAAIE,GAAOxI,EAAGpY,EAAG2T,GAAIxJ,GACrBjI,IAAMqe,EACR,SAEF,MAAM2a,EAAKxa,GAAIze,EAAIC,EAAGiI,GAGtB,GAFAhI,EAAIue,GAAI3I,EAAImjB,EAAI/wB,GAChB/J,EAAIsgB,GAAIM,GAAOhhB,EAAGmK,GAAKhI,EAAGgI,GACtB/J,IAAMmgB,EAGV,KACJ,CACE,MAAO,CACLre,EAAG+f,GAAmB/f,EAAG,KAAMrR,GAAW8iB,IAC1CvT,EAAG6hB,GAAmB7hB,EAAG,KAAMvP,GAAW8iB,IAE9C,iBAwDO9qB,eAA8B8qB,EAAGxJ,EAAGiO,EAAGgJ,EAAGnf,GAM/C,GALA0R,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAMT,GAAI+M,GAAI/M,EAAI6M,GAAKrW,KAAOoW,GACtB,OAAO,EAOT,GAAIK,GAAOxI,EAAGjO,EAAGwJ,KAAO6M,GACtB,OAAO,EAMT,MAAM2a,EAAQ1tB,OAAOqU,GAAU3X,IAE/B,GAAIgxB,EADU1tB,OAAO,OACCkV,GAAgBxY,EAAG,KAAM,IAC7C,OAAO,EASTlI,EAAIwe,GAAmBxe,GACvB,MAAM+kB,EAAMvZ,OAAO,GAGnB,OAAI2T,IAAMR,GAAOxI,EADLjO,EADFmY,GAAoB0E,GAAQmU,EAAQ3a,GAAMwG,GAAOmU,GACvCl5B,EACK0R,EAK3B,SA1FO9qB,eAAsB49B,EAAUvkB,EAAG9B,EAAG6jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,GAS5D,GARAlf,EAAIue,GAAmBve,GACvB9B,EAAIqgB,GAAmBrgB,GAEvBuT,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBlf,GAAKqe,IAAOre,GAAKiI,GACjB/J,GAAKmgB,IAAOngB,GAAK+J,EAEnB,OADA9M,EAAKyE,WAAW,0BACT,EAET,MAAMiW,EAAI2I,GAAID,GAAmBwD,EAAO10B,SAAS,EAAGsB,GAAWsZ,KAAMA,GAC/DuF,EAAIsR,GAAO5gB,EAAG+J,GACpB,GAAIuF,IAAM6Q,GAER,OADAljB,EAAKyE,WAAW,0BACT,EAGTsW,EAAIsI,GAAItI,EAAGzE,GACXyN,EAAIV,GAAIU,EAAGzN,GACX,MAAMynB,EAAK1a,GAAI3I,EAAIrI,EAAGvF,GAChBkxB,EAAK3a,GAAIxe,EAAIwN,EAAGvF,GAItB,OADUuW,GAAIA,GAFHE,GAAOxI,EAAGgjB,EAAIznB,GACdiN,GAAOQ,EAAGia,EAAI1nB,GACEA,GAAIxJ,KAClBjI,CACf,IC3He5P,GAAA,CAEbgpC,IAAKA,GAEL5oC,QAASA,GAET6oC,SAAUA,GAEV5oC,IAAKA,2ECGA,SAA8BsW,EAAM7T,GACzC,IAAIxM,EAAO,EACX,OAAQqgB,GAGN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM2N,EAAI/C,EAAK2B,QAAQ5J,EAAU7F,SAAS3G,IAG1C,OAHkDA,GAAQwX,EAAEjY,OAAS,EAG9D,CAAES,OAAM4yC,gBAAiB,CAAEp7B,KACxC,CAII,KAAKpP,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,CAGE,MAAMqP,EAAI7E,EAAK2B,QAAQ5J,EAAU7F,SAAS3G,IAAQA,GAAQsZ,EAAE/Z,OAAS,EACrE,MAAMiY,EAAI/C,EAAK2B,QAAQ5J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQwX,EAAEjY,OAAS,EAC9D,CAAES,OAAM4yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAII,KAAKpP,EAAMsB,UAAUQ,YAAa,CAIhC,MAAMoP,EAAI7E,EAAK2B,QAAQ5J,EAAU7F,SAAS3G,IAAQA,GAAQsZ,EAAE/Z,OAAS,EACrE,MAAMiY,EAAI/C,EAAK2B,QAAQ5J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQwX,EAAEjY,OAAS,EAC9D,CAAES,OAAM4yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAKI,KAAKpP,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMsoC,EAAS,EAAInpC,GAAUipC,SAASG,MAAM9H,eAAe3qB,GACrDirB,EAAK72B,EAAK6B,kBAAkB9J,EAAWxM,EAAMA,EAAO6yC,GAC1D,OADmE7yC,GAAQsrC,EAAG/rC,OACvE,CAAES,OAAM4yC,gBAAiB,CAAEtH,MACxC,CAEI,QACE,MAAM,IAAIb,GAAiB,gCAEjC,OAuEOxqC,eAAoBogB,EAAMwd,EAAUkV,EAAiBC,EAAkBxuC,EAAM62B,GAClF,IAAK0X,IAAoBC,EACvB,MAAU9zC,MAAM,0BAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM2L,EAAEA,EAAC3T,EAAEA,GAAMkxC,GACX/xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQqX,EAEvB,MAAO,CAAEx7B,QADO9N,GAAUgpC,IAAI3U,KAAKF,EAAUr5B,EAAMgR,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAE3E,CACI,KAAKjzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMylB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,GAAMwxB,GACd15B,EAAEA,GAAM25B,EACd,OAAOtpC,GAAUK,IAAIg0B,KAAKF,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGlI,EAC3D,CACI,KAAKjR,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,gEAClB,KAAKkJ,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACb/xB,EAAEA,GAAMgyB,EACd,OAAOtpC,GAAUipC,SAAS1oC,MAAM8zB,KAAKmL,EAAKrL,EAAUr5B,EAAM0qC,EAAGluB,EAAGqa,EACtE,CACI,KAAKjzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACblK,KAAEA,GAASmK,EACjB,OAAOtpC,GAAUipC,SAASzoC,YAAY6zB,KAAKmL,EAAKrL,EAAUr5B,EAAM0qC,EAAGrG,EAAMxN,EAC/E,CACI,KAAKjzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMkS,GACRlK,KAAEA,GAASmK,EACjB,OAAOtpC,GAAUipC,SAASG,MAAM/U,KAAK1d,EAAMwd,EAAUr5B,EAAMq8B,EAAGgI,EAAMxN,EAC1E,CACI,QACE,MAAUn8B,MAAM,gCAEtB,SA9FOe,eAAsBogB,EAAMwd,EAAUrxB,EAAWymC,EAAczuC,EAAM62B,GAC1E,OAAQhb,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM2L,EAAEA,EAAC3T,EAAEA,GAAMoxC,EACXz7B,EAAI/C,EAAK8B,QAAQ/J,EAAUgL,EAAGhC,EAAEjW,QACtC,OAAOmK,GAAUgpC,IAAIpU,OAAOT,EAAUr5B,EAAMgT,EAAGhC,EAAG3T,EAAGw5B,EAC3D,CACI,KAAKjzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMylB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,EAACiX,EAAEA,GAAMya,GACjB35B,EAAEA,EAAC9B,EAAEA,GAAMhL,EACjB,OAAO9C,GAAUK,IAAIu0B,OAAOT,EAAUvkB,EAAG9B,EAAG6jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,EACnE,CACI,KAAKpwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAIxpC,GAAUipC,SAASvE,aAAalF,GAAK+E,YAErD30B,EAAI7E,EAAK8B,QAAQ/J,EAAU8M,EAAG45B,GAC9B17B,EAAI/C,EAAK8B,QAAQ/J,EAAUgL,EAAG07B,GACpC,OAAOxpC,GAAUipC,SAAS1oC,MAAMq0B,OAAO4K,EAAKrL,EAAU,CAAEvkB,IAAG9B,KAAKhT,EAAM0qC,EAAG7T,EAC/E,CACI,KAAKjzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAIxpC,GAAUipC,SAASvE,aAAalF,GAAK+E,YAGrD30B,EAAI7E,EAAK8B,QAAQ/J,EAAU8M,EAAG45B,GAC9B17B,EAAI/C,EAAK8B,QAAQ/J,EAAUgL,EAAG07B,GACpC,OAAOxpC,GAAUipC,SAASzoC,YAAYo0B,OAAO4K,EAAKrL,EAAU,CAAEvkB,IAAG9B,KAAKhT,EAAM0qC,EAAG7T,EACrF,CACI,KAAKjzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMoS,EACd,OAAOvpC,GAAUipC,SAASG,MAAMxU,OAAOje,EAAMwd,EAAUrxB,EAAWhI,EAAMq8B,EAAGxF,EACjF,CACI,QACE,MAAUn8B,MAAM,gCAEtB,ICrGA,MAAMi0C,GACJ,WAAA51C,CAAYiH,GACNA,IACF7G,KAAK6G,KAAOA,EAElB,CASE,IAAAxE,CAAK8H,GACH,GAAIA,EAAMvI,QAAU,EAAG,CACrB,MAAMA,EAASuI,EAAM,GACrB,GAAIA,EAAMvI,QAAU,EAAIA,EAEtB,OADA5B,KAAK6G,KAAOsD,EAAMnB,SAAS,EAAG,EAAIpH,GAC3B,EAAI5B,KAAK6G,KAAKjF,MAE7B,CACI,MAAUL,MAAM,wBACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK6G,KAAKjF,SAAU5B,KAAK6G,MAC3E,ECzBA,MAAM4uC,GAKJ,WAAA71C,CAAYiH,GACV,GAAIA,EAAM,CACR,MAAM8G,KAAEA,EAAIkV,OAAEA,GAAWhc,EACzB7G,KAAK2N,KAAOA,EACZ3N,KAAK6iB,OAASA,CACpB,MACM7iB,KAAK2N,KAAO,KACZ3N,KAAK6iB,OAAS,IAEpB,CAOE,IAAAxgB,CAAK9B,GACH,GAAIA,EAAMqB,OAAS,GAAkB,IAAbrB,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIusC,GAAiB,yBAI7B,OAFA9sC,KAAK2N,KAAOpN,EAAM,GAClBP,KAAK6iB,OAAStiB,EAAM,GACb,CACX,CAME,KAAAwC,GACE,OAAO,IAAItB,WAAW,CAAC,EAAG,EAAGzB,KAAK2N,KAAM3N,KAAK6iB,QACjD,ECzDA,MAAM6yB,GACJ,iBAAOC,EAAWlG,WAAEA,EAAUmG,UAAEA,IAC9B,MAAMjwB,EAAW,IAAI+vB,GAGrB,OAFA/vB,EAAS8pB,WAAaA,EACtB9pB,EAASiwB,UAAYA,EACdjwB,CACX,CAQE,IAAAtjB,CAAK8H,GACH,IAAI9H,EAAO,EACPwzC,EAAe1rC,EAAM9H,KACzBrC,KAAK41C,UAAYC,EAAe,EAAI1rC,EAAM9H,KAAU,KACpDwzC,GAAgBA,EAAe,EAC/B71C,KAAKyvC,WAAa34B,EAAK6B,kBAAkBxO,EAAO9H,EAAMA,EAAOwzC,GAAexzC,GAAQwzC,CACxF,CAME,KAAA9yC,GACE,OAAO+T,EAAKpV,iBAAiB,CAC3B1B,KAAK41C,UACH,IAAIn0C,WAAW,CAACzB,KAAKyvC,WAAW7tC,OAAS,EAAG5B,KAAK41C,YACjD,IAAIn0C,WAAW,CAACzB,KAAKyvC,WAAW7tC,SAClC5B,KAAKyvC,YAEX,ECwbA,SAASqG,GAAoBvK,GAC3B,IACEA,EAAIE,SACL,CAAC,MAAOvnC,GACP,MAAM,IAAI4oC,GAAiB,oBAC/B,CACA,CAOO,SAASiJ,GAAoBrzB,EAAM6oB,GACxC,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUQ,YACnB,OAAO,IAAIR,GAAUipC,SAASvE,aAAalF,GAAK+E,YAClD,KAAK7lC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAM9H,eAAe3qB,GACjD,KAAKjY,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAUipC,SAASgB,MAAM3I,eAAe3qB,GACjD,QACE,MAAUnhB,MAAM,yBAEtB,kEAhLO,SAAwBmhB,EAAMxG,EAAMqvB,GACzC,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACnB,OAAOH,GAAUgpC,IAAI5H,SAASjxB,EAAM,OAAOrZ,MAAK,EAAGgV,IAAG3T,IAAGmf,IAAG+J,IAAGxJ,IAAGoa,QAAS,CACzEiY,cAAe,CAAE5yB,IAAG+J,IAAGxJ,IAAGoa,KAC1BsX,aAAc,CAAEz9B,IAAG3T,SAEvB,KAAKuG,EAAMsB,UAAUO,MACnB,OAAOP,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE5yB,EAAG8wB,GACpBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK9mC,EAAMsB,UAAUQ,YACnB,OAAOR,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE/K,KAAMiJ,GACvBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK9mC,EAAMsB,UAAUM,KACnB,OAAON,GAAUipC,SAAS7H,SAAS5B,GAAK1oC,MAAK,EAAG0oC,MAAKgG,IAAG4C,SAAQxmC,OAAMkV,aAAc,CAClFozB,cAAe,CAAE5yB,EAAG8wB,GACpBmB,aAAc,CACZ/J,IAAK,IAAID,GAAIC,GACbgG,IACA0B,UAAW,IAAIwC,GAAU,CAAE9nC,OAAMkV,gBAGvC,KAAKpY,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAMhI,SAASzqB,GAAM7f,MAAK,EAAGqgC,IAAGgI,WAAY,CACpE+K,cAAe,CAAE/K,QACjBoK,aAAc,CAAEpS,SAEpB,KAAKz4B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAUipC,SAASgB,MAAM7I,SAASzqB,GAAM7f,MAAK,EAAGqgC,IAAGzpB,QAAS,CACjEw8B,cAAe,CAAEx8B,KACjB67B,aAAc,CAAEpS,SAEpB,KAAKz4B,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,qBAiFO,SAA4BmhB,GACjC,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOmZ,GAAe5Y,EACxB,cAQO,SAAqBP,GAC1B,MAAMsS,EAAWvqB,EAAMpI,KAAKoI,EAAM6D,KAAMoU,GACxC,OAAO+Q,GAAKuB,EACd,sEA0CO,SAAmCtS,EAAM6oB,GAC9C,OAAQ7oB,GACN,KAAKjY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,OAAOR,GAAUipC,SAASvH,qBAAqBlC,GACjD,KAAK9gC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAUipC,SAASG,MAAM1H,qBAAqB/qB,GACvD,QACE,MAAUnhB,MAAM,iCAEtB,kBAhFOe,eAA+BogB,GACpC,MAAMQ,UAAEA,GAAcF,GAAgBN,GAChCwzB,QAAqBra,GAAe3Y,GACpCizB,EAAS,IAAI10C,WAAW,CAACy0C,EAAaA,EAAat0C,OAAS,GAAIs0C,EAAaA,EAAat0C,OAAS,KACzG,OAAOkV,EAAKtS,OAAO,CAAC0xC,EAAcC,GACpC,2BAjMO,SAAkCzzB,EAAMvY,GAC7C,IAAI9H,EAAO,EACX,OAAQqgB,GAGN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAEnB,MAAO,CAAEoX,EADCtM,EAAK2B,QAAQtO,EAAMnB,SAAS3G,KAOxC,KAAKoI,EAAMsB,UAAUI,QAAS,CAC5B,MAAM+0B,EAAKpqB,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQ6+B,EAAGt/B,OAAS,EAEnE,MAAO,CAAEs/B,KAAIC,GADFrqB,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAE7C,CAII,KAAKoI,EAAMsB,UAAUM,KAAM,CACzB,MAAMslC,EAAI76B,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQsvC,EAAE/vC,OAAS,EACjE,MAAM4yC,EAAI,IAAI4B,GACd,OAD4B5B,EAAEnyC,KAAK8H,EAAMnB,SAAS3G,IAC3C,CAAEsvC,IAAG6C,IAClB,CAMI,KAAK/pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMilC,EAAYmE,GAAoBrzB,GAChC2sB,EAAqBv4B,EAAK6B,kBAAkBxO,EAAO9H,EAAMA,EAAOuvC,GAAYvvC,GAAQgtC,EAAmBztC,OAC7G,MAAM4yC,EAAI,IAAIkB,GACd,OADmClB,EAAEnyC,KAAK8H,EAAMnB,SAAS3G,IAClD,CAAEgtC,qBAAoBmF,IACnC,CACI,QACE,MAAM,IAAI1H,GAAiB,4CAEjC,wBAjGO,SAA+BpqB,EAAMvY,EAAOmrC,GACjD,IAAIjzC,EAAO,EACX,OAAQqgB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMmX,EAAIvM,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQghB,EAAEzhB,OAAS,EACjE,MAAMwrB,EAAItW,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMgiB,EAAI9M,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQuhB,EAAEhiB,OAAS,EACjE,MAAMo8B,EAAIlnB,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ27B,EAAEp8B,OAAS,EAC1D,CAAES,OAAM4zC,cAAe,CAAE5yB,IAAG+J,IAAGxJ,IAAGoa,KAC/C,CACI,KAAKvzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QAAS,CAC5B,MAAMuP,EAAI5E,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQqZ,EAAE9Z,OAAS,EAC1D,CAAES,OAAM4zC,cAAe,CAAEv6B,KACtC,CACI,KAAKjR,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMikC,EAAcyF,GAAoBrzB,EAAM4yB,EAAa/J,KAC3D,IAAIloB,EAAIvM,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQghB,EAAEzhB,OAAS,EAC/DyhB,EAAIvM,EAAK8B,QAAQyK,EAAGitB,GACb,CAAEjuC,OAAM4zC,cAAe,CAAE5yB,KACtC,CACI,KAAK5Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM+jC,EAAcyF,GAAoBrzB,EAAM4yB,EAAa/J,KAC3D,GAAI+J,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMQ,cAC7C,MAAU3J,MAAM,kCAElB,IAAI2pC,EAAOp0B,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAEvC,OAF+CA,GAAQ6oC,EAAKtpC,OAAS,EACrEspC,EAAOp0B,EAAK8B,QAAQsyB,EAAMoF,GACnB,CAAEjuC,OAAM4zC,cAAe,CAAE/K,QACtC,CACI,KAAKzgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAM0jC,EAAcyF,GAAoBrzB,GAClCwoB,EAAOp0B,EAAK6B,kBAAkBxO,EAAO9H,EAAMA,EAAOiuC,GACxD,OADsEjuC,GAAQ6oC,EAAKtpC,OAC5E,CAAES,OAAM4zC,cAAe,CAAE/K,QACtC,CACI,KAAKzgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAM2jC,EAAcyF,GAAoBrzB,GAClCjJ,EAAI3C,EAAK6B,kBAAkBxO,EAAO9H,EAAMA,EAAOiuC,GACrD,OADmEjuC,GAAQoX,EAAE7X,OACtE,CAAES,OAAM4zC,cAAe,CAAEx8B,KACtC,CACI,QACE,MAAM,IAAIqzB,GAAiB,4CAEjC,uBAjHO,SAA8BpqB,EAAMvY,GACzC,IAAI9H,EAAO,EACX,OAAQqgB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM2L,EAAIf,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQwV,EAAEjW,OAAS,EACjE,MAAMsC,EAAI4S,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6B,EAAEtC,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAEz9B,IAAG3T,KACxC,CACI,KAAKuG,EAAMsB,UAAUK,IAAK,CACxB,MAAMghB,EAAItW,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMgiB,EAAI9M,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQuhB,EAAEhiB,OAAS,EACjE,MAAMiwB,EAAI/a,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQwvB,EAAEjwB,OAAS,EACjE,MAAMi5B,EAAI/jB,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQw4B,EAAEj5B,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAEloB,IAAGxJ,IAAGiO,IAAGgJ,KAC9C,CACI,KAAKpwB,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAItW,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQ+qB,EAAExrB,OAAS,EACjE,MAAMiwB,EAAI/a,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQwvB,EAAEjwB,OAAS,EACjE,MAAMi5B,EAAI/jB,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQw4B,EAAEj5B,OAAS,EAC1D,CAAES,OAAMizC,aAAc,CAAEloB,IAAGyE,IAAGgJ,KAC3C,CACI,KAAKpwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAMi/B,EAAM,IAAID,GAAOjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GACpB,MAAMgG,EAAIz6B,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQkvC,EAAE3vC,OAAS,EAC1D,CAAES,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK9mC,EAAMsB,UAAUQ,YAAa,CAChC,MAAMg/B,EAAM,IAAID,GAEhB,GAFuBjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GAChBA,EAAIE,YAAchhC,EAAMC,MAAMQ,cAChC,MAAU3J,MAAM,kCAElB,IAAIgwC,EAAIz6B,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQkvC,EAAE3vC,OAAS,EAC/D2vC,EAAIz6B,EAAK8B,QAAQ24B,EAAG,IACb,CAAElvC,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK9mC,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,EAAM,IAAID,GAAOjpC,GAAQkpC,EAAIlpC,KAAK8H,GACxC2rC,GAAoBvK,GACpB,MAAMgG,EAAIz6B,EAAK2B,QAAQtO,EAAMnB,SAAS3G,IAAQA,GAAQkvC,EAAE3vC,OAAS,EACjE,MAAMqxC,EAAY,IAAIwC,GACtB,OADmCpzC,GAAQ4wC,EAAU5wC,KAAK8H,EAAMnB,SAAS3G,IAClE,CAAEA,KAAMA,EAAMizC,aAAc,CAAE/J,MAAKgG,IAAG0B,aACnD,CACI,KAAKxoC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACrB,KAAKnC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAIpsB,EAAK6B,kBAAkBxO,EAAO9H,EAAMA,EAAO0zC,GAAoBrzB,IACzE,OADiFrgB,GAAQ6gC,EAAEthC,OACpF,CAAES,OAAMizC,aAAc,CAAEpS,KACrC,CACI,QACE,MAAM,IAAI4J,GAAiB,4CAEjC,mBApGOxqC,eAAgCogB,EAAM0yB,EAAiBC,EAAkBgB,EAAkBnD,EAAa9V,GAC7G,OAAQ1a,GACN,KAAKjY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WAAY,CAC/B,MAAMmX,EAAEA,GAAMizB,GACRx+B,EAAEA,EAAC3T,EAAEA,GAAMkxC,GACX/xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQqX,EACvB,OAAOtpC,GAAUgpC,IAAIzmB,QAAQlL,EAAGvL,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EACxD,CACI,KAAK3yB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM+0B,GAAEA,EAAEC,GAAEA,GAAOkV,EACbjpB,EAAIgoB,EAAgBhoB,EACpB1R,EAAI25B,EAAiB35B,EAC3B,OAAO3P,GAAUI,QAAQmiB,QAAQ4S,EAAIC,EAAI/T,EAAG1R,EAAG0hB,EACrD,CACI,KAAK3yB,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcmC,GACxB/xB,EAAEA,GAAMgyB,GACR1D,EAAEA,EAAC6C,EAAEA,GAAM6B,EACjB,OAAOtqC,GAAUipC,SAAS3oC,KAAKiiB,QAC7Bid,EAAK0H,EAAWtB,EAAG6C,EAAE3tC,KAAM0qC,EAAGluB,EAAG6vB,EACzC,CACI,KAAKzoC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAEA,GAAMkS,GACR37B,EAAEA,GAAM47B,GACRhG,mBAAEA,EAAkBmF,EAAEA,GAAM6B,EAClC,GAAoB,OAAhB7B,EAAEoB,YAAuB9+B,EAAK4H,MAAM81B,EAAEoB,WACxC,MAAUr0C,MAAM,4BAElB,OAAOwK,GAAUipC,SAASgB,MAAM1nB,QAC9B5L,EAAM2sB,EAAoBmF,EAAE/E,WAAYvM,EAAGzpB,EACnD,CACI,QACE,MAAUlY,MAAM,4CAEtB,mBArFOe,eAAgCg0C,EAASC,EAAejB,EAAczuC,EAAMqsC,GACjF,OAAQoD,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAAgB,CACnC,MAAM6L,EAAEA,EAAC3T,EAAEA,GAAMoxC,EAEjB,MAAO,CAAElyB,QADOrX,GAAUgpC,IAAI/mB,QAAQnnB,EAAMgR,EAAG3T,GAErD,CACI,KAAKuG,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMya,EACpB,OAAOvpC,GAAUI,QAAQ6hB,QAAQnnB,EAAMumB,EAAGyE,EAAGgJ,EACnD,CACI,KAAKpwB,EAAMsB,UAAUM,KAAM,CACzB,MAAMk/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcqC,GACtBvpC,UAAW4lC,EAAGlC,WAAY+E,SAAYzoC,GAAUipC,SAAS3oC,KAAK2hB,QACpEud,EAAK0H,EAAWpsC,EAAM0qC,EAAG2B,GAC3B,MAAO,CAAEvB,IAAG6C,EAAG,IAAI4B,GAAW5B,GACpC,CACI,KAAK/pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,GAAI4pC,IAAkBz/B,EAAK4H,MAAM63B,GAE/B,MAAUh1C,MAAM,0DAElB,MAAM2hC,EAAEA,GAAMoS,GACRjG,mBAAEA,EAAkBI,WAAEA,SAAqB1jC,GAAUipC,SAASgB,MAAMhoB,QACxEsoB,EAASzvC,EAAMq8B,GAEjB,MAAO,CAAEmM,qBAAoBmF,EADnBkB,GAAkBC,WAAW,CAAEC,UAAWW,EAAe9G,eAEzE,CACI,QACE,MAAO,GAEb,kBAsOO,SAAyB/sB,EAAMkE,GAEpC,MAAM4vB,EAAgC,IAAI7gC,IAAI,CAC5ClL,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUW,OAChBjC,EAAMsB,UAAUa,MAChBnC,EAAMsB,UAAUY,OAEZ8pC,EAAgB32C,OAAO42C,KAAK9vB,GAAQjiB,KAAIsD,IAC5C,MAAMmrC,EAAQxsB,EAAO3e,GACrB,OAAK6O,EAAKtV,aAAa4xC,GAChBoD,EAA8BxyC,IAAI0e,GAAQ0wB,EAAQt8B,EAAKiC,gBAAgBq6B,GADxCA,EAAMrwC,OACwC,IAEtF,OAAO+T,EAAKpV,iBAAiB+0C,EAC/B,iBAkEOn0C,eAA8BogB,EAAM4yB,EAAcW,GACvD,IAAKX,IAAiBW,EACpB,MAAU10C,MAAM,0BAElB,OAAQmhB,GACN,KAAKjY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAM2L,EAAEA,EAAC3T,EAAEA,GAAMoxC,GACXjyB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,EAAEA,GAAMiY,EACvB,OAAOlqC,GAAUgpC,IAAI4B,eAAe9+B,EAAG3T,EAAGmf,EAAG+J,EAAGxJ,EAAGoa,EACzD,CACI,KAAKvzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMghB,EAAEA,EAACxJ,EAAEA,EAACiO,EAAEA,EAACgJ,EAAEA,GAAMya,GACjB55B,EAAEA,GAAMu6B,EACd,OAAOlqC,GAAUK,IAAIuqC,eAAevpB,EAAGxJ,EAAGiO,EAAGgJ,EAAGnf,EACtD,CACI,KAAKjR,EAAMsB,UAAUI,QAAS,CAC5B,MAAMihB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMya,GACd55B,EAAEA,GAAMu6B,EACd,OAAOlqC,GAAUI,QAAQwqC,eAAevpB,EAAGyE,EAAGgJ,EAAGnf,EACvD,CACI,KAAKjR,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMuqC,EAAa7qC,GAAUipC,SAASvqC,EAAMpI,KAAKoI,EAAMsB,UAAW2W,KAC5D6oB,IAAEA,EAAGgG,EAAEA,GAAM+D,GACbjyB,EAAEA,GAAM4yB,EACd,OAAOW,EAAWD,eAAepL,EAAKgG,EAAGluB,EAC/C,CACI,KAAK5Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAMglC,EAAEA,EAAChG,IAAEA,GAAQ+J,GACbpK,KAAEA,GAAS+K,EACjB,OAAOlqC,GAAUipC,SAASzoC,YAAYoqC,eAAepL,EAAKgG,EAAGrG,EACnE,CACI,KAAKzgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMs2B,EAAEA,GAAMoS,GACRpK,KAAEA,GAAS+K,EACjB,OAAOlqC,GAAUipC,SAASG,MAAMwB,eAAej0B,EAAMwgB,EAAGgI,EAC9D,CACI,KAAKzgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMu2B,EAAEA,GAAMoS,GACR77B,EAAEA,GAAMw8B,EACd,OAAOlqC,GAAUipC,SAASgB,MAAMW,eAAej0B,EAAMwgB,EAAGzpB,EAC9D,CACI,QACE,MAAUlY,MAAM,iCAEtB,ICjaA,MAAM44B,GAAM,CAEVtX,OAAQA,GAERlV,KAAMA,GAEN8lB,KAAMA,GAEN1nB,UAAWA,GAEX8C,UAAWA,GAEXgoC,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGTl3C,OAAO+mB,OAAOsT,GAAK9d,ICnCZ,MAAM46B,WAA+B11C,MAC1C,WAAA3B,IAAegnB,GACb/mB,SAAS+mB,GAELrlB,MAAMwrC,mBACRxrC,MAAMwrC,kBAAkB/sC,KAAMi3C,IAGhCj3C,KAAKiI,KAAO,wBAChB,EAIA,IAAIivC,GACAC,GAIJ,MAAMC,GAIJ,WAAAx3C,CAAYsU,EAASuD,GACnB,MAAM1C,OAAEA,EAAMC,YAAEA,EAAWC,eAAEA,GAAmBf,EAAOY,gBAEvD9U,KAAKiU,KAAO,SAKZjU,KAAK2uC,KAAO,KAKZ3uC,KAAK4b,EAAI7G,EAKT/U,KAAKotB,EAAIpY,EAKThV,KAAKq3C,SAAWpiC,CACpB,CAEE,YAAAqiC,GACEt3C,KAAK2uC,KAAOtyB,GAAOw6B,OAAOhb,eAnDL,GAoDzB,CAOE,IAAAx5B,CAAK8H,GACH,IAAIrI,EAAI,EASR,OAPA9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,IAClCA,GAAK,GAEL9B,KAAK4b,EAAIzR,EAAMrI,KACf9B,KAAKotB,EAAIjjB,EAAMrI,KACf9B,KAAKq3C,SAAWltC,EAAMrI,KAEfA,CACX,CAME,KAAAiB,GACE,MAAMojB,EAAM,CACV,IAAI1kB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,QAC5CjU,KAAK2uC,KACL,IAAIltC,WAAW,CAACzB,KAAK4b,EAAG5b,KAAKotB,EAAGptB,KAAKq3C,YAGvC,OAAOvgC,EAAKpV,iBAAiBykB,EACjC,CAUE,gBAAMoxB,CAAWC,EAAYv0B,GAC3B,MAAMw0B,EAAW,GAAMz3C,KAAKq3C,SAAW,EAEvC,IAIEH,GAAsBA,WAA8Bh3C,QAAAC,UAAA0C,MAAA,WAAA,OAAA60C,EAAA,KAAoBC,QACxER,GAAgBA,IAAiBD,KAGjC,MAAMrrC,QAAesrC,GAGfxpC,EAAO9B,EAAO,CAClB+rC,QA9Ge,GA+Gf3jC,KAhHY,EAiHZ4jC,SAJoB/gC,EAAK0D,WAAWg9B,GAKpC7I,KAAM3uC,KAAK2uC,KACXzd,UAAWjO,EACX60B,WAAYL,EACZziC,YAAahV,KAAKotB,EAClBrY,OAAQ/U,KAAK4b,IASf,OALI67B,EAtGkC,UAwGpCN,GAAgBD,KAChBC,GAAc92C,OAAM,UAEfsN,CACR,CAAC,MAAOzJ,GACP,MAAIA,EAAEqP,UACJrP,EAAEqP,QAAQ6L,SAAS,mCACnBlb,EAAEqP,QAAQ6L,SAAS,0BACnBlb,EAAEqP,QAAQ6L,SAAS,4BACnBlb,EAAEqP,QAAQ6L,SAAS,kBAEb,IAAI63B,GAAuB,iDAE3B/yC,CAEd,CACA,EC9GA,MAAM6zC,GAIJ,WAAAn4C,CAAYgV,EAASV,EAASuD,GAK5BzX,KAAK41C,UAAYnrC,EAAMkD,KAAKI,OAK5B/N,KAAKiU,KAAOxJ,EAAMpI,KAAKoI,EAAMgB,IAAKmJ,GAElC5U,KAAKojB,EAAIlP,EAAOW,sBAIhB7U,KAAK2uC,KAAO,IAChB,CAEE,YAAA2I,GACE,OAAQt3C,KAAKiU,MACX,IAAK,SACL,IAAK,WACHjU,KAAK2uC,KAAOtyB,GAAOw6B,OAAOhb,eAAe,GAEjD,CAEE,QAAAmc,GAIE,OAAQ,IAAe,GAATh4C,KAAKojB,IAFH,GAEiBpjB,KAAKojB,GAAK,EAC/C,CAOE,IAAA/gB,CAAK8H,GACH,IAAIrI,EAAI,EAGR,OAFA9B,KAAK41C,UAAYzrC,EAAMrI,KAEf9B,KAAKiU,MACX,IAAK,SACH,MAEF,IAAK,SACHjU,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACH9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EAGL9B,KAAKojB,EAAIjZ,EAAMrI,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDgV,EAAKqD,mBAAmBhQ,EAAMnB,SAASlH,EAAGA,EAAI,IAUhD,MAAM,IAAIgrC,GAAiB,qBAT3BhrC,GAAK,EAEL,GAAmB,OADA,IAAOqI,EAAMrI,KAK9B,MAAM,IAAIgrC,GAAiB,oCAH3B9sC,KAAKiU,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI64B,GAAiB,qBAG/B,OAAOhrC,CACX,CAME,KAAAiB,GACE,GAAkB,cAAd/C,KAAKiU,KACP,OAAO,IAAIxS,WAAW,CAAC,IAAK,KAAMqV,EAAKiD,mBAAmB,OAAQ,IAEpE,MAAMoM,EAAM,CAAC,IAAI1kB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,MAAOjU,KAAK41C,aAErE,OAAQ51C,KAAKiU,MACX,IAAK,SACH,MACF,IAAK,SACHkS,EAAIrjB,KAAK9C,KAAK2uC,MACd,MACF,IAAK,WACHxoB,EAAIrjB,KAAK9C,KAAK2uC,MACdxoB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKojB,KAC9B,MACF,IAAK,MACH,MAAU7hB,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOuV,EAAKpV,iBAAiBykB,EACjC,CAUE,gBAAMoxB,CAAWC,EAAYS,GAC3BT,EAAa1gC,EAAK0D,WAAWg9B,GAE7B,MAAMrxB,EAAM,GACZ,IAAI+xB,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIG,EACJ,OAAQp4C,KAAKiU,MACX,IAAK,SACHmkC,EAASthC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW02C,GAAYX,IAC3D,MACF,IAAK,SACHY,EAASthC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW02C,GAAYn4C,KAAK2uC,KAAM6I,IACtE,MACF,IAAK,WAAY,CACf,MAAM3wC,EAAOiQ,EAAKpV,iBAAiB,CAAC1B,KAAK2uC,KAAM6I,IAC/C,IAAIa,EAAUxxC,EAAKjF,OACnB,MAAMo7B,EAAQv0B,KAAKC,IAAI1I,KAAKg4C,WAAYK,GACxCD,EAAS,IAAI32C,WAAW02C,EAAYnb,GACpCob,EAAOj2C,IAAI0E,EAAMsxC,GACjB,IAAK,IAAIn2C,EAAMm2C,EAAYE,EAASr2C,EAAMg7B,EAAOh7B,GAAOq2C,EAASA,GAAW,EAC1ED,EAAO36B,WAAWzb,EAAKm2C,EAAWn2C,GAEpC,KACV,CACQ,IAAK,MACH,MAAUT,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMQ,QAAesa,GAAO1O,KAAK6W,OAAOxkB,KAAK41C,UAAWwC,GACxDjyB,EAAIrjB,KAAKf,GACTm2C,GAAWn2C,EAAOH,OAClBu2C,GACN,CAEI,OAAOrhC,EAAKpV,iBAAiBykB,GAAKnd,SAAS,EAAGivC,EAClD,EC/LA,MAAMK,GAA+B,IAAI3iC,IAAI,CAAClL,EAAMgB,IAAII,OAAQpB,EAAMgB,IAAIG,WASnE,SAAS2sC,GAAetkC,EAAMC,EAASuD,GAC5C,OAAQxD,GACN,KAAKxJ,EAAMgB,IAAII,OACb,OAAO,IAAIurC,GAAUljC,GACvB,KAAKzJ,EAAMgB,IAAIG,SACf,KAAKnB,EAAMgB,IAAIK,IACf,KAAKrB,EAAMgB,IAAIE,OACf,KAAKlB,EAAMgB,IAAIC,OACb,OAAO,IAAIqsC,GAAW9jC,EAAMC,GAC9B,QACE,MAAM,IAAI44B,GAAiB,wBAEjC,CAQO,SAAS0L,GAAiBtkC,GAC/B,MAAMU,QAAEA,GAAYV,EAEpB,IAAKokC,GAA6Bt0C,IAAI4Q,GACpC,MAAUrT,MAAM,sDAGlB,OAAOg3C,GAAe3jC,EAASV,EACjC,CC1CA,IAAIukC,GAAUvhC,EAAc,KAa5B,IACauhC,GAAQ,kBAAkBC,MACvC,CACA,MAAOx0C,GACP,CA0BA,IAAIgiB,GAAKzkB,WAAYk3C,GAAM5rB,YAAa3G,GAAMhG,YAE1Cw4B,GAAO,IAAI1yB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAgB,EAAG,EAAoB,IAG1I2yB,GAAO,IAAI3yB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAiB,EAAG,IAEjI4yB,GAAO,IAAI5yB,GAAG,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,KAE7E6yB,GAAO,SAAUC,EAAI50C,GAErB,IADA,IAAI2T,EAAI,IAAI4gC,GAAI,IACP72C,EAAI,EAAGA,EAAI,KAAMA,EACtBiW,EAAEjW,GAAKsC,GAAS,GAAK40C,EAAGl3C,EAAI,GAGhC,IAAI6Z,EAAI,IAAIyK,GAAIrO,EAAE,KAClB,IAASjW,EAAI,EAAGA,EAAI,KAAMA,EACtB,IAAK,IAAIuY,EAAItC,EAAEjW,GAAIuY,EAAItC,EAAEjW,EAAI,KAAMuY,EAC/BsB,EAAEtB,GAAOA,EAAItC,EAAEjW,IAAO,EAAKA,EAGnC,MAAO,CAACiW,EAAG4D,EACf,EACIs9B,GAAKF,GAAKH,GAAM,GAAIM,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE/CC,GAAG,IAAM,IAAKC,GAAM,KAAO,GAI3B,IAHA,IAAIC,GAAKL,GAAKF,GAAM,GAAIQ,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE3CG,GAAM,IAAIZ,GAAI,OACT72C,GAAI,EAAGA,GAAI,QAASA,GAAG,CAE5B,IAAI4Z,IAAU,MAAJ5Z,MAAgB,GAAW,MAAJA,KAAe,EAEhD4Z,IAAU,OADVA,IAAU,MAAJA,MAAgB,GAAW,MAAJA,KAAe,MACtB,GAAW,KAAJA,KAAe,EAC5C69B,GAAIz3C,MAAY,MAAJ4Z,MAAgB,GAAW,IAAJA,KAAe,KAAQ,CAC9D,CAIA,IAAI89B,YAAkBC,EAAIC,EAAI/9B,GAO1B,IANA,IAAI9B,EAAI4/B,EAAG73C,OAEPE,EAAI,EAEJwgC,EAAI,IAAIqW,GAAIe,GAET53C,EAAI+X,IAAK/X,EACR23C,EAAG33C,MACDwgC,EAAEmX,EAAG33C,GAAK,GAGpB,IAII63C,EAJAC,EAAK,IAAIjB,GAAIe,GACjB,IAAK53C,EAAI,EAAGA,EAAI43C,IAAM53C,EAClB83C,EAAG93C,GAAM83C,EAAG93C,EAAI,GAAKwgC,EAAExgC,EAAI,IAAO,EAGtC,GAAI6Z,EAAG,CAEHg+B,EAAK,IAAIhB,GAAI,GAAKe,GAElB,IAAIG,EAAM,GAAKH,EACf,IAAK53C,EAAI,EAAGA,EAAI+X,IAAK/X,EAEjB,GAAI23C,EAAG33C,GAQH,IANA,IAAIg4C,EAAMh4C,GAAK,EAAK23C,EAAG33C,GAEnBi4C,EAAML,EAAKD,EAAG33C,GAEdgY,EAAI8/B,EAAGH,EAAG33C,GAAK,MAAQi4C,EAElBzhB,EAAIxe,GAAM,GAAKigC,GAAO,EAAIjgC,GAAKwe,IAAKxe,EAEzC6/B,EAAGJ,GAAIz/B,KAAO+/B,GAAOC,CAIzC,MAGQ,IADAH,EAAK,IAAIhB,GAAI9+B,GACR/X,EAAI,EAAGA,EAAI+X,IAAK/X,EACb23C,EAAG33C,KACH63C,EAAG73C,GAAKy3C,GAAIK,EAAGH,EAAG33C,GAAK,QAAW,GAAK23C,EAAG33C,IAItD,OAAO63C,CACV,EAEGK,GAAM,IAAI9zB,GAAG,KACjB,IAASpkB,GAAI,EAAGA,GAAI,MAAOA,GACvBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzBk4C,GAAIl4C,IAAK,EAEb,IAAIm4C,GAAM,IAAI/zB,GAAG,IACjB,IAASpkB,GAAI,EAAGA,GAAI,KAAMA,GACtBm4C,GAAIn4C,IAAK,EAEb,IAAIo4C,gBAAoBV,GAAKQ,GAAK,EAAG,GAAIG,gBAAqBX,GAAKQ,GAAK,EAAG,GAEvEI,gBAAoBZ,GAAKS,GAAK,EAAG,GAAII,gBAAqBb,GAAKS,GAAK,EAAG,GAEvEvxC,GAAM,SAAU8V,GAEhB,IADA,IAAI8Z,EAAI9Z,EAAE,GACD1c,EAAI,EAAGA,EAAI0c,EAAE5c,SAAUE,EACxB0c,EAAE1c,GAAKw2B,IACPA,EAAI9Z,EAAE1c,IAEd,OAAOw2B,CACX,EAEIpc,GAAO,SAAUmH,EAAG+J,EAAGkL,GACvB,IAAIzI,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,KAAY,EAAJzC,GAAUkL,CACnD,EAEIgiB,GAAS,SAAUj3B,EAAG+J,GACtB,IAAIyC,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,EAAMxM,EAAEwM,EAAI,IAAM,MAAa,EAAJzC,EAC5D,EAEImtB,GAAO,SAAUntB,GAAK,OAASA,EAAI,GAAK,EAAK,CAAI,EAGjDotB,GAAM,SAAU1gC,EAAGD,EAAG3V,IACb,MAAL2V,GAAaA,EAAI,KACjBA,EAAI,IACC,MAAL3V,GAAaA,EAAI4V,EAAElY,UACnBsC,EAAI4V,EAAElY,QAEV,IAAIiW,EAAI,IAA4B,GAAvBiC,EAAE2gC,kBAAyB9B,GAA6B,GAAvB7+B,EAAE2gC,kBAAyBr0B,GAAMF,IAAIhiB,EAAI2V,GAEvF,OADAhC,EAAE1V,IAAI2X,EAAE9Q,SAAS6Q,EAAG3V,IACb2T,CACX,EAsBI6iC,GAAK,CACL,iBACA,qBACA,yBACA,mBACA,kBACA,oBACJ,CACI,cACA,qBACA,uBACA,8BACA,oBACA,mBACA,oBAIApkB,GAAM,SAAUqkB,EAAKnvB,EAAKovB,GAC1B,IAAI12C,EAAQ3C,MAAMiqB,GAAOkvB,GAAGC,IAI5B,GAHAz2C,EAAE22C,KAAOF,EACLp5C,MAAMwrC,mBACNxrC,MAAMwrC,kBAAkB7oC,EAAGoyB,KAC1BskB,EACD,MAAM12C,EACV,OAAOA,CACX,EAqLI42C,GAAQ,SAAUz3B,EAAG+J,EAAGtT,GACxBA,IAAU,EAAJsT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAM/V,EACRuJ,EAAEwM,EAAI,IAAM/V,IAAM,CACtB,EAEIihC,GAAU,SAAU13B,EAAG+J,EAAGtT,GAC1BA,IAAU,EAAJsT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAM/V,EACRuJ,EAAEwM,EAAI,IAAM/V,IAAM,EAClBuJ,EAAEwM,EAAI,IAAM/V,IAAM,EACtB,EAEIkhC,GAAQ,SAAU33B,EAAGq2B,GAGrB,IADA,IAAI99B,EAAI,GACC9Z,EAAI,EAAGA,EAAIuhB,EAAEzhB,SAAUE,EACxBuhB,EAAEvhB,IACF8Z,EAAE9Y,KAAK,CAAE+W,EAAG/X,EAAGqkC,EAAG9iB,EAAEvhB,KAE5B,IAAI+X,EAAI+B,EAAEha,OACNwsB,EAAKxS,EAAEjZ,QACX,IAAKkX,EACD,MAAO,CAACohC,GAAI,GAChB,GAAS,GAALphC,EAAQ,CACR,IAAIC,EAAI,IAAIoM,GAAGtK,EAAE,GAAG/B,EAAI,GAExB,OADAC,EAAE8B,EAAE,GAAG/B,GAAK,EACL,CAACC,EAAG,EACnB,CACI8B,EAAEs/B,MAAK,SAAU18B,EAAGzG,GAAK,OAAOyG,EAAE2nB,EAAIpuB,EAAEouB,KAGxCvqB,EAAE9Y,KAAK,CAAE+W,GAAI,EAAGssB,EAAG,QACnB,IAAI7D,EAAI1mB,EAAE,GAAID,EAAIC,EAAE,GAAIu/B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAO7C,IANAz/B,EAAE,GAAK,CAAE/B,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAMhCy/B,GAAMvhC,EAAI,GACbyoB,EAAI1mB,EAAEA,EAAEu/B,GAAIhV,EAAIvqB,EAAEy/B,GAAIlV,EAAIgV,IAAOE,KACjC1/B,EAAIC,EAAEu/B,GAAMC,GAAMx/B,EAAEu/B,GAAIhV,EAAIvqB,EAAEy/B,GAAIlV,EAAIgV,IAAOE,KAC7Cz/B,EAAEw/B,KAAQ,CAAEvhC,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAE9C,IAAI2/B,EAASltB,EAAG,GAAGvU,EACnB,IAAS/X,EAAI,EAAGA,EAAI+X,IAAK/X,EACjBssB,EAAGtsB,GAAG+X,EAAIyhC,IACVA,EAASltB,EAAGtsB,GAAG+X,GAGvB,IAAI0hC,EAAK,IAAI5C,GAAI2C,EAAS,GAEtBE,EAAMC,GAAG7/B,EAAEw/B,EAAK,GAAIG,EAAI,GAC5B,GAAIC,EAAM9B,EAAI,CAIN53C,EAAI,EAAR,IAAW45C,EAAK,EAEZC,EAAMH,EAAM9B,EAAIkC,EAAM,GAAKD,EAE/B,IADAvtB,EAAG8sB,MAAK,SAAU18B,EAAGzG,GAAK,OAAOwjC,EAAGxjC,EAAE8B,GAAK0hC,EAAG/8B,EAAE3E,IAAM2E,EAAE2nB,EAAIpuB,EAAEouB,KACvDrkC,EAAI+X,IAAK/X,EAAG,CACf,IAAI+5C,EAAOztB,EAAGtsB,GAAG+X,EACjB,KAAI0hC,EAAGM,GAAQnC,GAKX,MAJAgC,GAAME,GAAO,GAAMJ,EAAMD,EAAGM,IAC5BN,EAAGM,GAAQnC,CAI3B,CAEQ,IADAgC,KAAQC,EACDD,EAAK,GAAG,CACX,IAAII,EAAO1tB,EAAGtsB,GAAG+X,EACb0hC,EAAGO,GAAQpC,EACXgC,GAAM,GAAMhC,EAAK6B,EAAGO,KAAU,IAE5Bh6C,CAClB,CACQ,KAAOA,GAAK,GAAK45C,IAAM55C,EAAG,CACtB,IAAIi6C,EAAO3tB,EAAGtsB,GAAG+X,EACb0hC,EAAGQ,IAASrC,MACV6B,EAAGQ,KACHL,EAElB,CACQF,EAAM9B,CACd,CACI,MAAO,CAAC,IAAIxzB,GAAGq1B,GAAKC,EACxB,EAEIC,GAAK,SAAU5jC,EAAGyqB,EAAGjf,GACrB,OAAe,GAARxL,EAAEgC,EACHpR,KAAKC,IAAI+yC,GAAG5jC,EAAEyqB,EAAGA,EAAGjf,EAAI,GAAIo4B,GAAG5jC,EAAE8D,EAAG2mB,EAAGjf,EAAI,IAC1Cif,EAAEzqB,EAAEgC,GAAKwJ,CACpB,EAEI24B,GAAK,SAAU54B,GAGf,IAFA,IAAIvJ,EAAIuJ,EAAExhB,OAEHiY,IAAMuJ,IAAIvJ,KAMjB,IAJA,IAAIoiC,EAAK,IAAItD,KAAM9+B,GAEfqiC,EAAM,EAAGC,EAAM/4B,EAAE,GAAIg5B,EAAM,EAC3BjzB,EAAI,SAAUrP,GAAKmiC,EAAGC,KAASpiC,CAAI,EAC9BhY,EAAI,EAAGA,GAAK+X,IAAK/X,EACtB,GAAIshB,EAAEthB,IAAMq6C,GAAOr6C,GAAK+X,IAClBuiC,MACD,CACD,IAAKD,GAAOC,EAAM,EAAG,CACjB,KAAOA,EAAM,IAAKA,GAAO,IACrBjzB,EAAE,OACFizB,EAAM,IACNjzB,EAAEizB,EAAM,GAAOA,EAAM,IAAO,EAAK,MAAUA,EAAM,GAAM,EAAK,OAC5DA,EAAM,EAE1B,MACiB,GAAIA,EAAM,EAAG,CAEd,IADAjzB,EAAEgzB,KAAQC,EACHA,EAAM,EAAGA,GAAO,EACnBjzB,EAAE,MACFizB,EAAM,IACNjzB,EAAIizB,EAAM,GAAM,EAAK,MAAOA,EAAM,EACtD,CACY,KAAOA,KACHjzB,EAAEgzB,GACNC,EAAM,EACND,EAAM/4B,EAAEthB,EACpB,CAEI,MAAO,CAACm6C,EAAGjzC,SAAS,EAAGkzC,GAAMriC,EACjC,EAEIwiC,GAAO,SAAUC,EAAIL,GAErB,IADA,IAAI3Z,EAAI,EACCxgC,EAAI,EAAGA,EAAIm6C,EAAGr6C,SAAUE,EAC7BwgC,GAAKga,EAAGx6C,GAAKm6C,EAAGn6C,GACpB,OAAOwgC,CACX,EAGIia,GAAQ,SAAUx2B,EAAK/jB,EAAKw6C,GAE5B,IAAI3iC,EAAI2iC,EAAI56C,OACRiuB,EAAI0qB,GAAKv4C,EAAM,GACnB+jB,EAAI8J,GAAS,IAAJhW,EACTkM,EAAI8J,EAAI,GAAKhW,IAAM,EACnBkM,EAAI8J,EAAI,GAAc,IAAT9J,EAAI8J,GACjB9J,EAAI8J,EAAI,GAAkB,IAAb9J,EAAI8J,EAAI,GACrB,IAAK,IAAI/tB,EAAI,EAAGA,EAAI+X,IAAK/X,EACrBikB,EAAI8J,EAAI/tB,EAAI,GAAK06C,EAAI16C,GACzB,OAAqB,GAAb+tB,EAAI,EAAIhW,EACpB,EAEI4iC,GAAO,SAAUD,EAAKz2B,EAAKiR,EAAO0lB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIziC,EAAI0iC,EAAI1vB,GAChE0tB,GAAM/0B,EAAKqH,IAAK4J,KACd2lB,EAAG,KAML,IALA,IAAI1D,EAAK+B,GAAM2B,EAAI,IAAKI,EAAM9D,EAAG,GAAI+D,EAAM/D,EAAG,GAC1CG,EAAK4B,GAAM4B,EAAI,IAAKK,EAAM7D,EAAG,GAAI8D,EAAM9D,EAAG,GAC1C+D,EAAKnB,GAAGe,GAAMK,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAKtB,GAAGiB,GAAMM,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAS,IAAI9E,GAAI,IACZ72C,EAAI,EAAGA,EAAIs7C,EAAKx7C,SAAUE,EAC/B27C,EAAiB,GAAVL,EAAKt7C,MAChB,IAASA,EAAI,EAAGA,EAAIy7C,EAAK37C,SAAUE,EAC/B27C,EAAiB,GAAVF,EAAKz7C,MAGhB,IAFA,IAAI47C,EAAK1C,GAAMyC,EAAQ,GAAIE,EAAMD,EAAG,GAAIE,EAAOF,EAAG,GAC9CG,EAAO,GACJA,EAAO,IAAMF,EAAI7E,GAAK+E,EAAO,MAAOA,GAE3C,IAKIC,EAAIC,EAAIC,EAAIC,EALZC,EAAQpB,EAAK,GAAM,EACnBqB,EAAQ9B,GAAKM,EAAI3C,IAAOqC,GAAKO,EAAI3C,IAAOjB,EACxCoF,EAAQ/B,GAAKM,EAAII,GAAOV,GAAKO,EAAIK,GAAOjE,EAAK,GAAK,EAAI6E,EAAOxB,GAAKoB,EAAQE,IAAQ,EAAIF,EAAO,IAAM,EAAIA,EAAO,IAAM,EAAIA,EAAO,KACnI,GAAIS,GAAQC,GAASD,GAAQE,EACzB,OAAO7B,GAAMx2B,EAAKqH,EAAGovB,EAAIxzC,SAASoR,EAAIA,EAAK0iC,IAG/C,GADAhC,GAAM/0B,EAAKqH,EAAG,GAAKgxB,EAAQD,IAAS/wB,GAAK,EACrCgxB,EAAQD,EAAO,CACfL,EAAKtE,GAAKuD,EAAKC,EAAK,GAAIe,EAAKhB,EAAKiB,EAAKxE,GAAKyD,EAAKC,EAAK,GAAIe,EAAKhB,EAC/D,IAAIoB,EAAM7E,GAAKmE,EAAKC,EAAM,GAC1B9C,GAAM/0B,EAAKqH,EAAGiwB,EAAM,KACpBvC,GAAM/0B,EAAKqH,EAAI,EAAGowB,EAAM,GACxB1C,GAAM/0B,EAAKqH,EAAI,GAAIywB,EAAO,GAC1BzwB,GAAK,GACL,IAAStrB,EAAI,EAAGA,EAAI+7C,IAAQ/7C,EACxBg5C,GAAM/0B,EAAKqH,EAAI,EAAItrB,EAAG67C,EAAI7E,GAAKh3C,KACnCsrB,GAAK,EAAIywB,EAET,IADA,IAAIS,EAAO,CAAClB,EAAMG,GACTgB,EAAK,EAAGA,EAAK,IAAKA,EACvB,KAAIC,EAAOF,EAAKC,GAChB,IAASz8C,EAAI,EAAGA,EAAI08C,EAAK58C,SAAUE,EAAG,CAClC,IAAIwrB,EAAgB,GAAVkxB,EAAK18C,GACfg5C,GAAM/0B,EAAKqH,EAAGixB,EAAI/wB,IAAOF,GAAKuwB,EAAIrwB,GAC9BA,EAAM,KACNwtB,GAAM/0B,EAAKqH,EAAIoxB,EAAK18C,KAAO,EAAK,KAAMsrB,GAAKoxB,EAAK18C,KAAO,GAC3E,CAN+B,CAQ/B,MAEQg8C,EAAK5D,GAAK6D,EAAK/D,GAAKgE,EAAK5D,GAAK6D,EAAKhE,GAEvC,IAASn4C,EAAI,EAAGA,EAAI+6C,IAAM/6C,EACtB,GAAI46C,EAAK56C,GAAK,IAAK,CACXwrB,EAAOovB,EAAK56C,KAAO,GAAM,GAC7Bi5C,GAAQh1B,EAAKqH,EAAG0wB,EAAGxwB,EAAM,MAAOF,GAAK2wB,EAAGzwB,EAAM,KAC1CA,EAAM,IACNwtB,GAAM/0B,EAAKqH,EAAIsvB,EAAK56C,KAAO,GAAM,IAAKsrB,GAAKwrB,GAAKtrB,IACpD,IAAIkB,EAAgB,GAAVkuB,EAAK56C,GACfi5C,GAAQh1B,EAAKqH,EAAG4wB,EAAGxvB,IAAOpB,GAAK6wB,EAAGzvB,GAC9BA,EAAM,IACNusB,GAAQh1B,EAAKqH,EAAIsvB,EAAK56C,KAAO,EAAK,MAAOsrB,GAAKyrB,GAAKrqB,GACnE,MAEYusB,GAAQh1B,EAAKqH,EAAG0wB,EAAGpB,EAAK56C,KAAMsrB,GAAK2wB,EAAGrB,EAAK56C,IAInD,OADAi5C,GAAQh1B,EAAKqH,EAAG0wB,EAAG,MACZ1wB,EAAI2wB,EAAG,IAClB,EAEIU,gBAAoB,IAAIr4B,GAAI,CAAC,MAAO,OAAQ,OAAQ,OAAQ,OAAQ,QAAS,QAAS,QAAS,UAE/F60B,gBAAmB,IAAI/0B,GAAG,GAsK1Bw4B,GAAO,SAAUlC,EAAKmC,EAAKC,EAAKC,EAAMC,GACtC,OArKO,SAAUtC,EAAKuC,EAAKC,EAAMJ,EAAKC,EAAMI,GAC5C,IAAIplC,EAAI2iC,EAAI56C,OACRiuB,EAAI,IAAI3J,GAAG04B,EAAM/kC,EAAI,GAAK,EAAIpR,KAAK2Q,KAAKS,EAAI,MAASglC,GAErD11B,EAAI0G,EAAE7mB,SAAS41C,EAAK/uB,EAAEjuB,OAASi9C,GAC/B78C,EAAM,EACV,IAAK+8C,GAAOllC,EAAI,EACZ,IAAK,IAAI/X,EAAI,EAAGA,GAAK+X,EAAG/X,GAAK,MAAO,CAEhC,IAAIoC,EAAIpC,EAAI,MACRoC,GAAK2V,IAELsP,EAAEnnB,GAAO,GAAKi9C,GAElBj9C,EAAMu6C,GAAMpzB,EAAGnnB,EAAM,EAAGw6C,EAAIxzC,SAASlH,EAAGoC,GACpD,KAES,CAeD,IAdA,IAAIy6C,EAAMF,GAAIM,EAAM,GAChBlnC,EAAI8mC,IAAQ,GAAIv7B,EAAU,KAANu7B,EACpBO,GAAS,GAAKF,GAAQ,EAEtBh6C,EAAO,IAAI2zC,GAAI,OAAQwG,EAAO,IAAIxG,GAAIuG,EAAQ,GAC9CE,EAAQ32C,KAAK2Q,KAAK4lC,EAAO,GAAIK,EAAQ,EAAID,EACzCE,EAAM,SAAUx9C,GAAK,OAAQ06C,EAAI16C,GAAM06C,EAAI16C,EAAI,IAAMs9C,EAAU5C,EAAI16C,EAAI,IAAMu9C,GAAUH,CAAQ,EAG/FxC,EAAO,IAAIt2B,GAAI,MAEfu2B,EAAK,IAAIhE,GAAI,KAAMiE,EAAK,IAAIjE,GAAI,IAEhC4G,EAAO,EAAGvG,EAAK,EAAU6D,GAAP/6C,EAAI,EAAQ,GAAG09C,EAAK,EAAGplC,EAAK,EAC3CtY,EAAI+X,IAAK/X,EAAG,CAGf,IAAI29C,EAAKH,EAAIx9C,GAET49C,EAAW,MAAJ59C,EAAW69C,EAAQR,EAAKM,GAKnC,GAJAz6C,EAAK06C,GAAQC,EACbR,EAAKM,GAAMC,EAGPF,GAAM19C,EAAG,CAET,IAAI89C,EAAM/lC,EAAI/X,EACd,IAAKy9C,EAAO,KAAQ1C,EAAK,QAAU+C,EAAM,IAAK,CAC1C59C,EAAMy6C,GAAKD,EAAKrzB,EAAG,EAAGuzB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIziC,EAAItY,EAAIsY,EAAIpY,GACxD66C,EAAK0C,EAAOvG,EAAK,EAAG5+B,EAAKtY,EACzB,IAAK,IAAIuY,EAAI,EAAGA,EAAI,MAAOA,EACvBsiC,EAAGtiC,GAAK,EACZ,IAASA,EAAI,EAAGA,EAAI,KAAMA,EACtBuiC,EAAGviC,GAAK,CAChC,CAEgB,IAAIioB,EAAI,EAAGjf,EAAI,EAAGw8B,EAAOz8B,EAAG08B,EAAOJ,EAAOC,EAAS,MACnD,GAAIC,EAAM,GAAKH,GAAMH,EAAIx9C,EAAIg+C,GAMzB,IALA,IAAIC,EAAOt3C,KAAKud,IAAInO,EAAG+nC,GAAO,EAC1BI,EAAOv3C,KAAKud,IAAI,MAAOlkB,GAGvBm+C,EAAKx3C,KAAKud,IAAI,IAAK45B,GAChBE,GAAOE,KAAUH,GAAQH,GAAQC,GAAO,CAC3C,GAAInD,EAAI16C,EAAIwgC,IAAMka,EAAI16C,EAAIwgC,EAAIwd,GAAM,CAEhC,IADA,IAAII,EAAK,EACFA,EAAKD,GAAMzD,EAAI16C,EAAIo+C,IAAO1D,EAAI16C,EAAIo+C,EAAKJ,KAAQI,GAEtD,GAAIA,EAAK5d,EAAG,CAGR,GAFAA,EAAI4d,EAAI78B,EAAIy8B,EAERI,EAAKH,EACL,MAIJ,IAAII,EAAM13C,KAAKud,IAAI85B,EAAKI,EAAK,GACzBE,EAAK,EACT,IAAS/lC,EAAI,EAAGA,EAAI8lC,IAAO9lC,EAAG,CAC1B,IAAIgmC,EAAMv+C,EAAIg+C,EAAMzlC,EAAI,MAAS,MAE7Bo/B,EAAM4G,EADAr7C,EAAKq7C,GACM,MAAS,MAC1B5G,EAAK2G,IACLA,EAAK3G,EAAIkG,EAAQU,EACzD,CACA,CACA,CAGwBP,IADAJ,EAAOC,IAAOA,EAAQ36C,EAAK06C,IACJ,MAAS,KACxD,CAGgB,GAAIr8B,EAAG,CAGHq5B,EAAKG,KAAQ,UAAa1D,GAAM7W,IAAM,GAAMgX,GAAMj2B,GAClD,IAAIi9B,EAAiB,GAAXnH,GAAM7W,GAASie,EAAiB,GAAXjH,GAAMj2B,GACrC21B,GAAMJ,GAAK0H,GAAOzH,GAAK0H,KACrB5D,EAAG,IAAM2D,KACT1D,EAAG2D,GACLf,EAAK19C,EAAIwgC,IACPid,CACtB,MAEoB7C,EAAKG,KAAQL,EAAI16C,KACf66C,EAAGH,EAAI16C,GAE7B,CACA,CACQE,EAAMy6C,GAAKD,EAAKrzB,EAAG81B,EAAKvC,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIziC,EAAItY,EAAIsY,EAAIpY,IAErDi9C,GAAa,EAANj9C,IACRA,EAAMu6C,GAAMpzB,EAAGnnB,EAAM,EAAGi5C,IACpC,CACI,OAAOT,GAAI3qB,EAAG,EAAG+uB,EAAMrE,GAAKv4C,GAAO68C,EACvC,CAmDW2B,CAAKhE,EAAkB,MAAbmC,EAAI8B,MAAgB,EAAI9B,EAAI8B,MAAkB,MAAX9B,EAAI+B,IAAcj4C,KAAK2Q,KAAuD,IAAlD3Q,KAAKC,IAAI,EAAGD,KAAKud,IAAI,GAAIvd,KAAK+S,IAAIghC,EAAI56C,WAAoB,GAAK+8C,EAAI+B,IAAM9B,EAAKC,GAAOC,EACzK,EAwLI6B,gBAAyB,WACzB,SAASA,EAAQjxB,EAAMkxB,GACdA,GAAqB,mBAARlxB,IACdkxB,EAAKlxB,EAAMA,EAAO,CAAE,GACxB1vB,KAAK6gD,OAASD,EACd5gD,KAAK6vB,EAAIH,GAAQ,CAAE,CAC3B,CAiBI,OAhBAixB,EAAQ1gD,UAAUmtB,EAAI,SAAUhK,EAAG+iB,GAC/BnmC,KAAK6gD,OAAOnC,GAAKt7B,EAAGpjB,KAAK6vB,EAAG,EAAG,GAAIsW,GAAIA,EAC1C,EAMDwa,EAAQ1gD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACjCh3B,KAAK6gD,QACNvqB,GAAI,GACJt2B,KAAKqjB,GACLiT,GAAI,GACRt2B,KAAKqjB,EAAI2T,EACTh3B,KAAKotB,EAAEpqB,EAAOg0B,IAAS,EAC1B,EACM2pB,CACX,IAuCIG,gBAAyB,WAKzB,SAASA,EAAQF,GACb5gD,KAAK6Z,EAAI,CAAE,EACX7Z,KAAKotB,EAAI,IAAIlH,GAAG,GAChBlmB,KAAK6gD,OAASD,CACtB,CA0BI,OAzBAE,EAAQ7gD,UAAUiE,EAAI,SAAUkf,GACvBpjB,KAAK6gD,QACNvqB,GAAI,GACJt2B,KAAKqjB,GACLiT,GAAI,GACR,IAAIgM,EAAItiC,KAAKotB,EAAExrB,OACXiW,EAAI,IAAIqO,GAAGoc,EAAIlf,EAAExhB,QACrBiW,EAAE1V,IAAInC,KAAKotB,GAAIvV,EAAE1V,IAAIihB,EAAGkf,GAAItiC,KAAKotB,EAAIvV,CACxC,EACDipC,EAAQ7gD,UAAUmjB,EAAI,SAAU4T,GAC5Bh3B,KAAKqjB,EAAIrjB,KAAK6Z,EAAE/X,EAAIk1B,IAAS,EAC7B,IAAI+pB,EAAM/gD,KAAK6Z,EAAE9B,EACb2jC,EAz0BA,SAAUc,EAAK19B,EAAKggC,GAE5B,IAAIkC,EAAKxE,EAAI56C,OACb,IAAKo/C,GAAOlC,GAAMA,EAAG3Y,IAAM2Y,EAAGxc,EAC1B,OAAOxjB,GAAO,IAAIoH,GAAG,GAEzB,IAAI+6B,GAASniC,GAAOggC,EAEhBoC,GAAQpC,GAAMA,EAAGh9C,EAChBg9C,IACDA,EAAK,CAAE,GAENhgC,IACDA,EAAM,IAAIoH,GAAQ,EAAL86B,IAEjB,IAAIG,EAAO,SAAU7e,GACjB,IAAIwa,EAAKh+B,EAAIld,OAEb,GAAI0gC,EAAIwa,EAAI,CAER,IAAIsE,EAAO,IAAIl7B,GAAGzd,KAAKC,IAAS,EAALo0C,EAAQxa,IACnC8e,EAAKj/C,IAAI2c,GACTA,EAAMsiC,CAClB,CACK,EAEGpqB,EAAQ8nB,EAAG3Y,GAAK,EAAGnkC,EAAM88C,EAAG1xB,GAAK,EAAGi0B,EAAKvC,EAAG/mC,GAAK,EAAG+lC,EAAKgB,EAAGxc,EAAG0b,EAAKc,EAAGz7B,EAAGi+B,EAAMxC,EAAGxmB,EAAGipB,EAAMzC,EAAGjnC,EAE/F2pC,EAAY,EAALR,EACX,EAAG,CACC,IAAKlD,EAAI,CAEL9mB,EAAQ9a,GAAKsgC,EAAKx6C,EAAK,GAEvB,IAAIiS,EAAOiI,GAAKsgC,EAAKx6C,EAAM,EAAG,GAE9B,GADAA,GAAO,GACFiS,EAAM,CAEP,IAAuBquB,EAAIka,GAAvB3iC,EAAI0gC,GAAKv4C,GAAO,GAAe,GAAMw6C,EAAI3iC,EAAI,IAAM,EAAI+B,EAAI/B,EAAIyoB,EACnE,GAAI1mB,EAAIolC,EAAI,CACJE,GACA5qB,GAAI,GACR,KACpB,CAEoB2qB,GACAE,EAAKE,EAAK/e,GAEdxjB,EAAI3c,IAAIq6C,EAAIxzC,SAAS6Q,EAAG+B,GAAIylC,GAE5BvC,EAAG/mC,EAAIspC,GAAM/e,EAAGwc,EAAG1xB,EAAIprB,EAAU,EAAJ4Z,EAAOkjC,EAAG3Y,EAAInP,EAC3C,QAChB,CACiB,GAAY,GAAR/iB,EACL6pC,EAAK3D,GAAM6D,EAAK3D,GAAMiH,EAAM,EAAGC,EAAM,OACpC,GAAY,GAARttC,EAAW,CAEhB,IAAIwtC,EAAOvlC,GAAKsgC,EAAKx6C,EAAK,IAAM,IAAK0/C,EAAQxlC,GAAKsgC,EAAKx6C,EAAM,GAAI,IAAM,EACnE2lC,EAAK8Z,EAAOvlC,GAAKsgC,EAAKx6C,EAAM,EAAG,IAAM,EACzCA,GAAO,GAKP,IAHA,IAAI2/C,EAAM,IAAIz7B,GAAGyhB,GAEbia,EAAM,IAAI17B,GAAG,IACRpkB,EAAI,EAAGA,EAAI4/C,IAAS5/C,EAEzB8/C,EAAI9I,GAAKh3C,IAAMoa,GAAKsgC,EAAKx6C,EAAU,EAAJF,EAAO,GAE1CE,GAAe,EAAR0/C,EAEP,IAAIG,EAAMn5C,GAAIk5C,GAAME,GAAU,GAAKD,GAAO,EAEtCE,EAAMvI,GAAKoI,EAAKC,EAAK,GACzB,IAAS//C,EAAI,EAAGA,EAAI6lC,GAAK,CACrB,IAII9tB,EAJA8B,EAAIomC,EAAI7lC,GAAKsgC,EAAKx6C,EAAK8/C,IAM3B,GAJA9/C,GAAW,GAAJ2Z,GAEH9B,EAAI8B,IAAM,GAEN,GACJgmC,EAAI7/C,KAAO+X,MAEV,CAED,IAAIuJ,EAAI,EAAGvL,EAAI,EAOf,IANS,IAALgC,GACAhC,EAAI,EAAIqE,GAAKsgC,EAAKx6C,EAAK,GAAIA,GAAO,EAAGohB,EAAIu+B,EAAI7/C,EAAI,IACvC,IAAL+X,GACLhC,EAAI,EAAIqE,GAAKsgC,EAAKx6C,EAAK,GAAIA,GAAO,GACxB,IAAL6X,IACLhC,EAAI,GAAKqE,GAAKsgC,EAAKx6C,EAAK,KAAMA,GAAO,GAClC6V,KACH8pC,EAAI7/C,KAAOshB,CACvC,CACA,CAEgB,IAAI4+B,EAAKL,EAAI34C,SAAS,EAAGy4C,GAAO/F,EAAKiG,EAAI34C,SAASy4C,GAElDH,EAAM54C,GAAIs5C,GAEVT,EAAM74C,GAAIgzC,GACVoC,EAAKtE,GAAKwI,EAAIV,EAAK,GACnBtD,EAAKxE,GAAKkC,EAAI6F,EAAK,EACnC,MAEgBjrB,GAAI,GACR,GAAIt0B,EAAMw/C,EAAM,CACRN,GACA5qB,GAAI,GACR,KAChB,CACA,CAGY2qB,GACAE,EAAKE,EAAK,QAGd,IAFA,IAAIY,GAAO,GAAKX,GAAO,EAAGY,GAAO,GAAKX,GAAO,EACzCY,EAAOngD,GACHmgD,EAAOngD,EAAK,CAEhB,IAAoCogD,GAAhCh/B,EAAI06B,EAAGxD,GAAOkC,EAAKx6C,GAAOigD,MAAkB,EAEhD,IADAjgD,GAAW,GAAJohB,GACGo+B,EAAM,CACRN,GACA5qB,GAAI,GACR,KAChB,CAGY,GAFKlT,GACDkT,GAAI,GACJ8rB,EAAM,IACNtjC,EAAIuiC,KAAQe,MACX,IAAW,KAAPA,EAAY,CACjBD,EAAOngD,EAAK87C,EAAK,KACjB,KAChB,CAEgB,IAAI75C,EAAMm+C,EAAM,IAEhB,GAAIA,EAAM,IAAK,CAEX,IAAmBrqC,EAAI6gC,GAAnB92C,EAAIsgD,EAAM,KACdn+C,EAAMiY,GAAKsgC,EAAKx6C,GAAM,GAAK+V,GAAK,GAAKmhC,GAAGp3C,GACxCE,GAAO+V,CAC3B,CAEgB,IAAIsL,EAAI26B,EAAG1D,GAAOkC,EAAKx6C,GAAOkgD,GAAMG,EAAOh/B,IAAM,EASjD,GARKA,GACDiT,GAAI,GACRt0B,GAAW,GAAJqhB,EACHq4B,EAAKrC,GAAGgJ,GACRA,EAAO,IACHtqC,EAAI8gC,GAAKwJ,GACb3G,GAAMpB,GAAOkC,EAAKx6C,IAAS,GAAK+V,GAAK,EAAI/V,GAAO+V,GAEhD/V,EAAMw/C,EAAM,CACRN,GACA5qB,GAAI,GACR,KACpB,CACoB2qB,GACAE,EAAKE,EAAK,QAEd,IADA,IAAI/4C,EAAM+4C,EAAKp9C,EACRo9C,EAAK/4C,EAAK+4C,GAAM,EACnBviC,EAAIuiC,GAAMviC,EAAIuiC,EAAK3F,GACnB58B,EAAIuiC,EAAK,GAAKviC,EAAIuiC,EAAK,EAAI3F,GAC3B58B,EAAIuiC,EAAK,GAAKviC,EAAIuiC,EAAK,EAAI3F,GAC3B58B,EAAIuiC,EAAK,GAAKviC,EAAIuiC,EAAK,EAAI3F,GAE/B2F,EAAK/4C,CACrB,CACA,CACQw2C,EAAGxc,EAAIwb,EAAIgB,EAAG1xB,EAAI+0B,EAAMrD,EAAG/mC,EAAIspC,EAAIvC,EAAG3Y,EAAInP,EACtC8mB,IACA9mB,EAAQ,EAAG8nB,EAAGxmB,EAAIgpB,EAAKxC,EAAGz7B,EAAI26B,EAAIc,EAAGjnC,EAAI0pC,EAChD,QAASvqB,GACV,OAAOqqB,GAAMviC,EAAIld,OAASkd,EAAM07B,GAAI17B,EAAK,EAAGuiC,EAChD,CAwpBiBiB,CAAMtiD,KAAKotB,EAAGptB,KAAK6vB,EAAG7vB,KAAK6Z,GACpC7Z,KAAK6gD,OAAOrG,GAAIkB,EAAIqF,EAAK/gD,KAAK6Z,EAAE9B,GAAI/X,KAAKqjB,GACzCrjB,KAAK6vB,EAAI2qB,GAAIkB,EAAI17C,KAAK6Z,EAAE9B,EAAI,OAAQ/X,KAAK6Z,EAAE9B,EAAI/X,KAAK6vB,EAAEjuB,OACtD5B,KAAKotB,EAAIotB,GAAIx6C,KAAKotB,EAAIptB,KAAK6Z,EAAEuT,EAAI,EAAK,GAAIptB,KAAK6Z,EAAEuT,GAAK,CACzD,EAMD0zB,EAAQ7gD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACtCh3B,KAAKkE,EAAElB,GAAQhD,KAAKojB,EAAE4T,EACzB,EACM8pB,CACX,IAqMIyB,gBAAsB,WACtB,SAASA,EAAK7yB,EAAMkxB,GA1fZ,IACJpiC,EAAOzG,EA0fP/X,KAAKojB,GA1fL5E,EAAI,EAAGzG,EAAI,EACR,CACHqV,EAAG,SAAU/J,GAIT,IAFA,IAAIxL,EAAI2G,EAAG8Z,EAAIvgB,EACXuqB,EAAe,EAAXjf,EAAEzhB,OACDE,EAAI,EAAGA,GAAKwgC,GAAI,CAErB,IADA,IAAIp+B,EAAIuE,KAAKud,IAAIlkB,EAAI,KAAMwgC,GACpBxgC,EAAIoC,IAAKpC,EACZw2B,GAAKzgB,GAAKwL,EAAEvhB,GAChB+V,GAAS,MAAJA,GAAa,IAAMA,GAAK,IAAKygB,GAAS,MAAJA,GAAa,IAAMA,GAAK,GAC/E,CACY9Z,EAAI3G,EAAGE,EAAIugB,CACd,EACDjV,EAAG,WAEC,OAAY,KADZ7E,GAAK,SACe,GAAMA,IAAM,GAAM,IAAU,KADpCzG,GAAK,SACuC,EAAKA,IAAM,CAC/E,IA0eQ/X,KAAK8Z,EAAI,EACT6mC,GAAQ5/C,KAAKf,KAAM0vB,EAAMkxB,EACjC,CAkBI,OAZA2B,EAAKtiD,UAAU6C,KAAO,SAAUE,EAAOg0B,GACnC2pB,GAAQ1gD,UAAU6C,KAAK/B,KAAKf,KAAMgD,EAAOg0B,EAC5C,EACDurB,EAAKtiD,UAAUmtB,EAAI,SAAUhK,EAAG+iB,GAC5BnmC,KAAKojB,EAAEgK,EAAEhK,GACT,IAAIo/B,EAAM9D,GAAKt7B,EAAGpjB,KAAK6vB,EAAG7vB,KAAK8Z,GAAK,EAAGqsB,GAAK,GAAIA,GAC5CnmC,KAAK8Z,IA9UP,SAAUsJ,EAAGyM,GACnB,IAAI4yB,EAAK5yB,EAAE4wB,MAAOvH,EAAW,GAANuJ,EAAU,EAAIA,EAAK,EAAI,EAAU,GAANA,EAAU,EAAI,EAChEr/B,EAAE,GAAK,IAAKA,EAAE,GAAM81B,GAAM,GAAMA,EAAM,GAAK,EAAIA,EAAM,EACzD,CA4UYwJ,CAAIF,EAAKxiD,KAAK6vB,GAAI7vB,KAAK8Z,EAAI,GAC3BqsB,GArXC,SAAU9iB,EAAGtL,EAAG+B,GACzB,KAAOA,IAAK/B,EACRsL,EAAEtL,GAAK+B,EAAGA,KAAO,CACzB,CAmXY6oC,CAAOH,EAAKA,EAAI5gD,OAAS,EAAG5B,KAAKojB,EAAEC,KACvCrjB,KAAK6gD,OAAO2B,EAAKrc,EACpB,EACMoc,CACX,IA+CIK,gBAAwB,WAKxB,SAASA,EAAOhC,GACZ5gD,KAAK8Z,EAAI,EACTgnC,GAAQ//C,KAAKf,KAAM4gD,EAC3B,CAsBI,OAhBAgC,EAAO3iD,UAAU6C,KAAO,SAAUE,EAAOg0B,GAErC,GADA8pB,GAAQ7gD,UAAUiE,EAAEnD,KAAKf,KAAMgD,GAC3BhD,KAAK8Z,EAAG,CACR,GAAI9Z,KAAKotB,EAAExrB,OAAS,IAAMo1B,EACtB,OACJh3B,KAAKotB,EAAIptB,KAAKotB,EAAEpkB,SAAS,GAAIhJ,KAAK8Z,EAAI,CAClD,CACYkd,IACIh3B,KAAKotB,EAAExrB,OAAS,GAChB00B,GAAI,EAAG,qBACXt2B,KAAKotB,EAAIptB,KAAKotB,EAAEpkB,SAAS,GAAI,IAIjC83C,GAAQ7gD,UAAUmjB,EAAEriB,KAAKf,KAAMg3B,EAClC,EACM4rB,CACX,IAiKIC,GAA2B,oBAAf9nC,0BAA4C,IAAIA,YAGhE,IACI8nC,GAAG7nC,OAAOigC,GAAI,CAAEj6C,QAAQ,IAClB,CACV,CACA,MAAOkD,GAAG,CCt/CV,MAAM4+C,GACJ,cAAW7kC,GACT,OAAOxT,EAAMkE,OAAOU,WACxB,CAKE,WAAAzP,CAAYmjD,EAAO,IAAI9qC,MACrBjY,KAAK4+B,OAASn0B,EAAMqF,QAAQG,KAC5BjQ,KAAK+iD,KAAOjsC,EAAKyB,cAAcwqC,GAC/B/iD,KAAKgQ,KAAO,KACZhQ,KAAK6G,KAAO,KACZ7G,KAAKgjD,SAAW,EACpB,CAQE,OAAAC,CAAQjzC,EAAM4uB,EAASn0B,EAAMqF,QAAQG,MACnCjQ,KAAK4+B,OAASA,EACd5+B,KAAKgQ,KAAOA,EACZhQ,KAAK6G,KAAO,IAChB,CAQE,OAAAq8C,CAAQtgD,GAAQ,GAId,OAHkB,OAAd5C,KAAKgQ,MAAiB8G,EAAK7V,SAASjB,KAAKgQ,SAC3ChQ,KAAKgQ,KAAO8G,EAAK+D,WAAW/D,EAAK0G,UAAUxd,KAAKmjD,SAASvgD,MAEpD5C,KAAKgQ,IAChB,CAOE,QAAAozC,CAASj5C,EAAOy0B,GACd5+B,KAAK4+B,OAASA,EACd5+B,KAAK6G,KAAOsD,EACZnK,KAAKgQ,KAAO,IAChB,CAQE,QAAAmzC,CAASvgD,GAAQ,GAKf,OAJkB,OAAd5C,KAAK6G,OAEP7G,KAAK6G,KAAOiQ,EAAKoG,gBAAgBpG,EAAK0D,WAAWxa,KAAKgQ,QAEpDpN,EACK4f,EAAoBxiB,KAAK6G,MAE3B7G,KAAK6G,IAChB,CAOE,WAAAw8C,CAAYL,GACVhjD,KAAKgjD,SAAWA,CACpB,CAOE,WAAAM,GACE,OAAOtjD,KAAKgjD,QAChB,CASE,UAAM3gD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UAExB,MAAMs8B,QAAel7B,EAAOkG,WAEtB45C,QAAqB9/C,EAAOkG,WAClC5J,KAAKgjD,SAAWlsC,EAAK+D,iBAAiBnX,EAAOqG,UAAUy5C,IAEvDxjD,KAAK+iD,KAAOjsC,EAAKkB,eAAetU,EAAOqG,UAAU,IAEjD,IAAIlD,EAAOnD,EAAOgE,YACdua,EAAqBpb,KAAOA,QAAaqb,EAAiBrb,IAC9D7G,KAAKojD,SAASv8C,EAAM+3B,EAAO,GAEjC,CAOE,WAAAoN,GACE,MAAMgX,EAAWlsC,EAAK0D,WAAWxa,KAAKgjD,UAChCS,EAAkB,IAAIhiD,WAAW,CAACuhD,EAASphD,SAE3Cg9B,EAAS,IAAIn9B,WAAW,CAACzB,KAAK4+B,SAC9BmkB,EAAOjsC,EAAKoB,UAAUlY,KAAK+iD,MAEjC,OAAOjsC,EAAKpV,iBAAiB,CAACk9B,EAAQ6kB,EAAiBT,EAAUD,GACrE,CAOE,KAAAhgD,GACE,MAAM4c,EAAS3f,KAAKgsC,cACdnlC,EAAO7G,KAAKmjD,WAElB,OAAOrsC,EAAKtS,OAAO,CAACmb,EAAQ9Y,GAChC,ECnIA,MAAM68C,GACJ,WAAA9jD,GACEI,KAAKmK,MAAQ,EACjB,CAME,IAAA9H,CAAK8H,GAEH,OADAnK,KAAKmK,MAAQ2M,EAAKqD,mBAAmBhQ,EAAMnB,SAAS,EAAG,IAChDhJ,KAAKmK,MAAMvI,MACtB,CAME,KAAAmB,GACE,OAAO+T,EAAKiD,mBAAmB/Z,KAAKmK,MACxC,CAME,KAAAqhC,GACE,OAAO10B,EAAK6C,gBAAgB7C,EAAKiD,mBAAmB/Z,KAAKmK,OAC7D,CAOE,MAAAw5C,CAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB9jD,KAAK8jD,eAAkB9jD,KAAKmK,QAAUy5C,EAAMz5C,KAChG,CAME,MAAA45C,GACE,MAAsB,KAAf/jD,KAAKmK,KAChB,CAME,UAAA25C,GACE,MAAO,OAAO7mC,KAAKjd,KAAKwrC,QAC5B,CAEE,eAAOwY,CAASJ,GACd,OAAOA,EAAMpY,OACjB,CAEE,aAAOyY,CAAOzqC,GACZ,MAAMoqC,EAAQ,IAAIF,GAElB,OADAE,EAAMvhD,KAAKyU,EAAKyC,gBAAgBC,IACzBoqC,CACX,CAEE,eAAOM,GACL,MAAMN,EAAQ,IAAIF,GAElB,OADAE,EAAMvhD,KAAK,IAAIZ,WAAW,IACnBmiD,CACX,EC3EA,MAAMnR,GAAWnzC,OAAO,YAQlB6kD,GAAqB,+BAKrBC,GAA4B,IAAIzuC,IAAI,CACxClL,EAAMuG,mBAAmBW,YACzBlH,EAAMuG,mBAAmByB,kBACzBhI,EAAMuG,mBAAmBwB,oBAW3B,MAAM6xC,GACJ,cAAWpmC,GACT,OAAOxT,EAAMkE,OAAOE,SACxB,CAEE,WAAAjP,GACEI,KAAK43C,QAAU,KAEf53C,KAAKskD,cAAgB,KAErBtkD,KAAKukD,cAAgB,KAErBvkD,KAAKwkD,mBAAqB,KAE1BxkD,KAAKykD,cAAgB,KACrBzkD,KAAK0kD,mBAAqB,GAC1B1kD,KAAK2kD,kBAAoB,GACzB3kD,KAAK4kD,gBAAkB,KACvB5kD,KAAK2uC,KAAO,KAEZ3uC,KAAK6kD,QAAU,KACf7kD,KAAKkR,wBAA0B,KAC/BlR,KAAK8kD,uBAAwB,EAC7B9kD,KAAK+kD,WAAa,KAClB/kD,KAAKglD,WAAa,KAClBhlD,KAAKilD,YAAc,KACnBjlD,KAAKqR,kBAAoB,KACzBrR,KAAKsR,UAAY,KACjBtR,KAAKuR,kBAAoB,KACzBvR,KAAKklD,gBAAkB,KACvBllD,KAAKyR,6BAA+B,KACpCzR,KAAKmlD,mBAAqB,KAC1BnlD,KAAKolD,uBAAyB,KAC9BplD,KAAKqlD,yBAA2B,KAChCrlD,KAAK2R,YAAc,IAAI+xC,GACvB1jD,KAAKslD,aAAe,GACpBtlD,KAAKulD,UAAY,CAAE,EACnBvlD,KAAK6R,wBAA0B,KAC/B7R,KAAK8R,+BAAiC,KACtC9R,KAAK+R,qBAAuB,KAC5B/R,KAAKgS,mBAAqB,KAC1BhS,KAAKwlD,gBAAkB,KACvBxlD,KAAKkS,UAAY,KACjBlS,KAAKmS,SAAW,KAChBnS,KAAKoS,cAAgB,KACrBpS,KAAKylD,wBAA0B,KAC/BzlD,KAAK0lD,0BAA4B,KACjC1lD,KAAKsS,SAAW,KAChBtS,KAAK2lD,kCAAoC,KACzC3lD,KAAK4lD,6BAA+B,KACpC5lD,KAAK6lD,oBAAsB,KAC3B7lD,KAAKwS,kBAAoB,KACzBxS,KAAK8lD,iBAAmB,KACxB9lD,KAAKyS,kBAAoB,KACzBzS,KAAK0S,wBAA0B,KAC/B1S,KAAK2S,sBAAwB,KAE7B3S,KAAK+lD,QAAU,KACf/lD,KAAKyyC,IAAY,IACrB,CAOE,IAAApwC,CAAK8H,EAAO+J,EAASuD,GACnB,IAAI3V,EAAI,EAER,GADA9B,KAAK43C,QAAUztC,EAAMrI,KACA,IAAjB9B,KAAK43C,UAAkB1jC,EAAOS,wBAChC,MAAM,IAAIm4B,GAAiB,2FAG7B,GAAqB,IAAjB9sC,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QACnD,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,mDAS7C,GANA53C,KAAKskD,cAAgBn6C,EAAMrI,KAC3B9B,KAAKwkD,mBAAqBr6C,EAAMrI,KAChC9B,KAAKukD,cAAgBp6C,EAAMrI,KAG3BA,GAAK9B,KAAKgmD,eAAe77C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,IACrD5B,KAAK6kD,QACR,MAAUtjD,MAAM,8CAmBlB,GAVAvB,KAAKykD,cAAgBt6C,EAAMnB,SAAS,EAAGlH,GAGvCA,GAAK9B,KAAKgmD,eAAe77C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,GAG1D5B,KAAK4kD,gBAAkBz6C,EAAMnB,SAASlH,EAAGA,EAAI,GAC7CA,GAAK,EAGgB,IAAjB9B,KAAK43C,QAAe,CAItB,MAAMqO,EAAa97C,EAAMrI,KAGzB9B,KAAK2uC,KAAOxkC,EAAMnB,SAASlH,EAAGA,EAAImkD,GAClCnkD,GAAKmkD,CACX,CAEI,MAAMC,EAAoB/7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAC5CS,KAAEA,EAAI4yC,gBAAEA,GAAoB54B,GAAOxN,UAAUs3C,qBAAqBnmD,KAAKwkD,mBAAoB0B,GACjG,GAAI7jD,EAAO6jD,EAAkBtkD,OAC3B,MAAUL,MAAM,sBAElBvB,KAAK4mB,OAASquB,CAClB,CAKE,WAAAmR,GACE,OAAIpmD,KAAK4mB,kBAAkB1mB,QAClBmmD,GACL/jD,SAAY+Z,GAAOiqC,gBAAgBtmD,KAAKwkD,yBAA0BxkD,KAAK4mB,UAGpEvK,GAAOiqC,gBAAgBtmD,KAAKwkD,mBAAoBxkD,KAAK4mB,OAChE,CAEE,KAAA7jB,GACE,MAAMojB,EAAM,GASZ,OARAA,EAAIrjB,KAAK9C,KAAKykD,eACdt+B,EAAIrjB,KAAK9C,KAAKumD,2BACdpgC,EAAIrjB,KAAK9C,KAAK4kD,iBACO,IAAjB5kD,KAAK43C,UACPzxB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK2uC,KAAK/sC,UACnCukB,EAAIrjB,KAAK9C,KAAK2uC,OAEhBxoB,EAAIrjB,KAAK9C,KAAKomD,eACPtvC,EAAKtS,OAAO2hB,EACvB,CAWE,UAAMia,CAAKzvB,EAAK9J,EAAMk8C,EAAO,IAAI9qC,KAAQ6yB,GAAW,EAAO52B,GACzDlU,KAAK43C,QAAUjnC,EAAIinC,QAEnB53C,KAAK6kD,QAAU/tC,EAAKyB,cAAcwqC,GAClC/iD,KAAK8lD,iBAAmBn1C,EAAIinC,QAC5B53C,KAAKyS,kBAAoB9B,EAAI61C,sBAC7BxmD,KAAK2R,YAAchB,EAAI81C,WAEvB,MAAMtgC,EAAM,CAAC,IAAI1kB,WAAW,CAACzB,KAAK43C,QAAS53C,KAAKskD,cAAetkD,KAAKwkD,mBAAoBxkD,KAAKukD,iBAG7F,GAAqB,IAAjBvkD,KAAK43C,QAAe,CACtB,MAAMqO,EAAaS,GAAkB1mD,KAAKukD,eAC1C,GAAkB,OAAdvkD,KAAK2uC,KACP3uC,KAAK2uC,KAAOtyB,GAAOw6B,OAAOhb,eAAeoqB,QACpC,GAAIA,IAAejmD,KAAK2uC,KAAK/sC,OAClC,MAAUL,MAAM,kDAExB,MAAW,GAAI2S,EAAOmC,sCAAuC,CAIvD,GAA6B,IAHPrW,KAAKslD,aAAa/6C,QAAO,EAAGtC,UAAYA,IAASk8C,KAGrDviD,OAShB,MAAUL,MAAM,qCATc,CAC9B,MAAMolD,EAAYtqC,GAAOw6B,OAAOhb,eAAe6qB,GAAkB1mD,KAAKukD,gBACtEvkD,KAAKslD,aAAaxiD,KAAK,CACrBmF,KAAMk8C,GACN5hD,MAAOokD,EACPC,eAAe,EACfC,UAAU,GAEpB,CAGA,CAGI1gC,EAAIrjB,KAAK9C,KAAK8mD,yBAKd9mD,KAAK0kD,mBAAqB,GAE1B1kD,KAAKykD,cAAgB3tC,EAAKtS,OAAO2hB,GAEjC,MAAMiyB,EAASp4C,KAAKo4C,OAAOp4C,KAAKskD,cAAez9C,EAAMikC,GAC/Cn9B,QAAa3N,KAAK2N,KAAK3N,KAAKskD,cAAez9C,EAAMuxC,EAAQtN,GAE/D9qC,KAAK4kD,gBAAkBmC,EAAaC,EAAar5C,GAAO,EAAG,GAC3D,MAAM2F,EAAShR,SAAY+Z,GAAOxN,UAAUuxB,KAC1CpgC,KAAKwkD,mBAAoBxkD,KAAKukD,cAAe5zC,EAAI2kC,aAAc3kC,EAAIslC,cAAemC,QAAcl2B,EAAiBvU,IAE/GmJ,EAAK7V,SAAS0M,GAChB3N,KAAK4mB,OAAStT,KAEdtT,KAAK4mB,aAAetT,IAMpBtT,KAAKyyC,KAAY,EAEvB,CAME,qBAAAqU,GACE,MAAMvpC,EAAM9S,EAAMuG,mBACZmV,EAAM,GACZ,IAAIhc,EACJ,GAAqB,OAAjBnK,KAAK6kD,QACP,MAAUtjD,MAAM,mCAElB4kB,EAAIrjB,KAAKmkD,GAAe1pC,EAAItM,uBAAuB,EAAM6F,EAAKoB,UAAUlY,KAAK6kD,WACxC,OAAjC7kD,KAAKkR,yBACPiV,EAAIrjB,KAAKmkD,GAAe1pC,EAAIrM,yBAAyB,EAAM4F,EAAKgB,YAAY9X,KAAKkR,wBAAyB,KAEpF,OAApBlR,KAAK+kD,YACP5+B,EAAIrjB,KAAKmkD,GAAe1pC,EAAIpM,yBAAyB,EAAM,IAAI1P,WAAW,CAACzB,KAAK+kD,WAAa,EAAI,MAE3E,OAApB/kD,KAAKglD,aACP76C,EAAQ,IAAI1I,WAAW,CAACzB,KAAKglD,WAAYhlD,KAAKilD,cAC9C9+B,EAAIrjB,KAAKmkD,GAAe1pC,EAAInM,gBAAgB,EAAMjH,KAErB,OAA3BnK,KAAKqR,mBACP8U,EAAIrjB,KAAKmkD,GAAe1pC,EAAIlM,mBAAmB,EAAMrR,KAAKqR,oBAErC,OAAnBrR,KAAKsR,WACP6U,EAAIrjB,KAAKmkD,GAAe1pC,EAAIjM,WAAW,EAAM,IAAI7P,WAAW,CAACzB,KAAKsR,UAAY,EAAI,MAErD,OAA3BtR,KAAKuR,mBACP4U,EAAIrjB,KAAKmkD,GAAe1pC,EAAIhM,mBAAmB,EAAMuF,EAAKgB,YAAY9X,KAAKuR,kBAAmB,KAEtD,OAAtCvR,KAAKyR,+BACPtH,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAKyR,+BAC7D0U,EAAIrjB,KAAKmkD,GAAe1pC,EAAI9L,8BAA8B,EAAOtH,KAEnC,OAA5BnK,KAAKmlD,qBACPh7C,EAAQ,IAAI1I,WAAW,CAACzB,KAAKmlD,mBAAoBnlD,KAAKolD,yBACtDj7C,EAAQ2M,EAAKtS,OAAO,CAAC2F,EAAOnK,KAAKqlD,2BACjCl/B,EAAIrjB,KAAKmkD,GAAe1pC,EAAI7L,eAAe,EAAOvH,MAE/CnK,KAAK2R,YAAYoyC,UAAY/jD,KAAK8lD,iBAAmB,GAGxD3/B,EAAIrjB,KAAKmkD,GAAe1pC,EAAI5L,aAAa,EAAM3R,KAAK2R,YAAY5O,UAElE/C,KAAKslD,aAAarjD,SAAQ,EAAGgG,OAAM1F,QAAOqkD,gBAAeC,eACvD18C,EAAQ,CAAC,IAAI1I,WAAW,CAACmlD,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAMM,EAAcpwC,EAAK0D,WAAWvS,GAEpCkC,EAAMrH,KAAKgU,EAAKgB,YAAYovC,EAAYtlD,OAAQ,IAEhDuI,EAAMrH,KAAKgU,EAAKgB,YAAYvV,EAAMX,OAAQ,IAC1CuI,EAAMrH,KAAKokD,GACX/8C,EAAMrH,KAAKP,GACX4H,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe1pC,EAAI3L,aAAci1C,EAAU18C,GAAO,IAExB,OAAjCnK,KAAK6R,0BACP1H,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAK6R,0BAC7DsU,EAAIrjB,KAAKmkD,GAAe1pC,EAAI1L,yBAAyB,EAAO1H,KAElB,OAAxCnK,KAAK8R,iCACP3H,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAK8R,iCAC7DqU,EAAIrjB,KAAKmkD,GAAe1pC,EAAIzL,gCAAgC,EAAO3H,KAEnC,OAA9BnK,KAAK+R,uBACP5H,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAK+R,uBAC7DoU,EAAIrjB,KAAKmkD,GAAe1pC,EAAIxL,sBAAsB,EAAO5H,KAE3B,OAA5BnK,KAAKgS,oBACPmU,EAAIrjB,KAAKmkD,GAAe1pC,EAAIvL,oBAAoB,EAAO8E,EAAK0D,WAAWxa,KAAKgS,sBAEjD,OAAzBhS,KAAKwlD,iBACPr/B,EAAIrjB,KAAKmkD,GAAe1pC,EAAItL,eAAe,EAAO,IAAIxQ,WAAW,CAACzB,KAAKwlD,gBAAkB,EAAI,MAExE,OAAnBxlD,KAAKkS,WACPiU,EAAIrjB,KAAKmkD,GAAe1pC,EAAIrL,WAAW,EAAO4E,EAAK0D,WAAWxa,KAAKkS,aAE/C,OAAlBlS,KAAKmS,WACPhI,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAKmS,WAC7DgU,EAAIrjB,KAAKmkD,GAAe1pC,EAAIpL,UAAU,EAAMhI,KAEnB,OAAvBnK,KAAKoS,eACP+T,EAAIrjB,KAAKmkD,GAAe1pC,EAAInL,eAAe,EAAO0E,EAAK0D,WAAWxa,KAAKoS,iBAEpC,OAAjCpS,KAAKylD,0BACPt7C,EAAQ2M,EAAKiD,mBAAmB/C,OAAOsD,aAAata,KAAKylD,yBAA2BzlD,KAAK0lD,2BACzFv/B,EAAIrjB,KAAKmkD,GAAe1pC,EAAIlL,qBAAqB,EAAMlI,KAEnC,OAAlBnK,KAAKsS,WACPnI,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAKsS,WAC7D6T,EAAIrjB,KAAKmkD,GAAe1pC,EAAIjL,UAAU,EAAOnI,KAEA,OAA3CnK,KAAK2lD,oCACPx7C,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK2lD,kCAAmC3lD,KAAK4lD,gCACtEz7C,EAAMrH,KAAKgU,EAAKiD,mBAAmB/Z,KAAK6lD,sBACxC17C,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe1pC,EAAIhL,iBAAiB,EAAMpI,KAEtB,OAA3BnK,KAAKwS,mBACP2T,EAAIrjB,KAAKmkD,GAAe1pC,EAAI/K,mBAAmB,EAAMxS,KAAKwS,kBAAkBzP,UAE/C,OAA3B/C,KAAKyS,oBACPtI,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK8lD,mBAAoB9lD,KAAKyS,mBACvDtI,EAAQ2M,EAAKtS,OAAO2F,GACpBgc,EAAIrjB,KAAKmkD,GAAe1pC,EAAI9K,kBAAmBzS,KAAK43C,SAAW,EAAGztC,KAE/B,OAAjCnK,KAAK0S,0BACPvI,EAAQ2M,EAAKiD,mBAAmBjD,EAAKqD,mBAAmBna,KAAK0S,0BAC7DyT,EAAIrjB,KAAKmkD,GAAe1pC,EAAI7K,yBAAyB,EAAOvI,KAE3B,OAA/BnK,KAAK2S,wBACPxI,EAAQ,IAAI1I,WAAW,GAAG+C,UAAUxE,KAAK2S,wBACzCwT,EAAIrjB,KAAKmkD,GAAe1pC,EAAI5K,uBAAuB,EAAOxI,KAG5D,MAAMpI,EAAS+U,EAAKtS,OAAO2hB,GACrBvkB,EAASkV,EAAKgB,YAAY/V,EAAOH,OAAyB,IAAjB5B,KAAK43C,QAAgB,EAAI,GAExE,OAAO9gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAME,uBAAAwkD,GACE,MAAMpgC,EAAMnmB,KAAK0kD,mBAAmB//C,KAAI,EAAGsP,OAAM4yC,WAAU1lC,UAClD8lC,GAAehzC,EAAM4yC,EAAU1lC,KAGlCpf,EAAS+U,EAAKtS,OAAO2hB,GACrBvkB,EAASkV,EAAKgB,YAAY/V,EAAOH,OAAyB,IAAjB5B,KAAK43C,QAAgB,EAAI,GAExE,OAAO9gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAGE,aAAAolD,CAAch9C,EAAOuzB,GAAS,GAC5B,IAAI0pB,EAAQ,EAGZ,MAAMP,KAA6B,IAAf18C,EAAMi9C,IACpBnzC,EAAsB,IAAf9J,EAAMi9C,GAInB,GAFAA,IAEK1pB,IACH19B,KAAK0kD,mBAAmB5hD,KAAK,CAC3BmR,OACA4yC,WACA1lC,KAAMhX,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,UAE/BwiD,GAA0BpgD,IAAIiQ,IAMrC,OAAQA,GACN,KAAKxJ,EAAMuG,mBAAmBC,sBAE5BjR,KAAK6kD,QAAU/tC,EAAKkB,SAAS7N,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACzD,MACF,KAAK6I,EAAMuG,mBAAmBE,wBAAyB,CAErD,MAAMm2C,EAAUvwC,EAAKc,WAAWzN,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAE5D5B,KAAK8kD,sBAAoC,IAAZuC,EAC7BrnD,KAAKkR,wBAA0Bm2C,EAE/B,KACR,CACM,KAAK58C,EAAMuG,mBAAmBG,wBAE5BnR,KAAK+kD,WAAgC,IAAnB56C,EAAMi9C,KACxB,MACF,KAAK38C,EAAMuG,mBAAmBI,eAE5BpR,KAAKglD,WAAa76C,EAAMi9C,KACxBpnD,KAAKilD,YAAc96C,EAAMi9C,KACzB,MACF,KAAK38C,EAAMuG,mBAAmBK,kBAE5BrR,KAAKqR,kBAAoBlH,EAAMi9C,GAC/B,MACF,KAAK38C,EAAMuG,mBAAmBM,UAE5BtR,KAAKsR,UAA+B,IAAnBnH,EAAMi9C,KACvB,MACF,KAAK38C,EAAMuG,mBAAmBO,kBAAmB,CAE/C,MAAM81C,EAAUvwC,EAAKc,WAAWzN,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAE5D5B,KAAKuR,kBAAoB81C,EACzBrnD,KAAKklD,gBAA8B,IAAZmC,EAEvB,KACR,CACM,KAAK58C,EAAMuG,mBAAmBS,6BAE5BzR,KAAKyR,6BAA+B,IAAItH,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACpE,MACF,KAAK6I,EAAMuG,mBAAmBU,cAK5B1R,KAAKmlD,mBAAqBh7C,EAAMi9C,KAChCpnD,KAAKolD,uBAAyBj7C,EAAMi9C,KACpCpnD,KAAKqlD,yBAA2Bl7C,EAAMnB,SAASo+C,EAAOA,EAAQ,IAC9D,MAEF,KAAK38C,EAAMuG,mBAAmBW,YAE5B,GAAqB,IAAjB3R,KAAK43C,QACP53C,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,cAC7C,GAAI87B,EAST,MAAUn8B,MAAM,sCAElB,MAEF,KAAKkJ,EAAMuG,mBAAmBY,aAAc,CAE1C,MAAMg1C,KAAkC,IAAfz8C,EAAMi9C,IAG/BA,GAAS,EACT,MAAM9uB,EAAIxhB,EAAKc,WAAWzN,EAAMnB,SAASo+C,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAMvvC,EAAIf,EAAKc,WAAWzN,EAAMnB,SAASo+C,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAMn/C,EAAO6O,EAAK+D,WAAW1Q,EAAMnB,SAASo+C,EAAOA,EAAQ9uB,IACrD/1B,EAAQ4H,EAAMnB,SAASo+C,EAAQ9uB,EAAG8uB,EAAQ9uB,EAAIzgB,GAEpD7X,KAAKslD,aAAaxiD,KAAK,CAAEmF,OAAM2+C,gBAAerkD,QAAOskD,aAEjDD,IACF5mD,KAAKulD,UAAUt9C,GAAQ6O,EAAK+D,WAAWtY,IAEzC,KACR,CACM,KAAKkI,EAAMuG,mBAAmBa,wBAE5B7R,KAAK6R,wBAA0B,IAAI1H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmBc,+BAE5B9R,KAAK8R,+BAAiC,IAAI3H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBe,qBAE5B/R,KAAK+R,qBAAuB,IAAI5H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC5D,MACF,KAAK6I,EAAMuG,mBAAmBgB,mBAE5BhS,KAAKgS,mBAAqB8E,EAAK+D,WAAW1Q,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBiB,cAE5BjS,KAAKwlD,gBAAqC,IAAnBr7C,EAAMi9C,KAC7B,MACF,KAAK38C,EAAMuG,mBAAmBkB,UAE5BlS,KAAKkS,UAAY4E,EAAK+D,WAAW1Q,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC7D,MACF,KAAK6I,EAAMuG,mBAAmBmB,SAE5BnS,KAAKmS,SAAW,IAAIhI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBoB,cAE5BpS,KAAKoS,cAAgB0E,EAAK+D,WAAW1Q,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACjE,MACF,KAAK6I,EAAMuG,mBAAmBqB,oBAE5BrS,KAAKylD,wBAA0Bt7C,EAAMi9C,KACrCpnD,KAAK0lD,0BAA4B5uC,EAAK+D,WAAW1Q,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC7E,MACF,KAAK6I,EAAMuG,mBAAmBsB,SAE5BtS,KAAKsS,SAAW,IAAInI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBuB,gBAAiB,CAG7CvS,KAAK2lD,kCAAoCx7C,EAAMi9C,KAC/CpnD,KAAK4lD,6BAA+Bz7C,EAAMi9C,KAE1C,MAAM95B,EAAMjR,GAAOkJ,kBAAkBvlB,KAAK4lD,8BAE1C5lD,KAAK6lD,oBAAsB/uC,EAAKqD,mBAAmBhQ,EAAMnB,SAASo+C,EAAOA,EAAQ95B,IACjF,KACR,CACM,KAAK7iB,EAAMuG,mBAAmBwB,kBAE5BxS,KAAKwS,kBAAoB,IAAI6xC,GAC7BrkD,KAAKwS,kBAAkBnQ,KAAK8H,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SACxD,MACF,KAAK6I,EAAMuG,mBAAmByB,kBAE5BzS,KAAK8lD,iBAAmB37C,EAAMi9C,KAC9BpnD,KAAKyS,kBAAoBtI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,QACjD5B,KAAK8lD,kBAAoB,EAC3B9lD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,mBAE3BzS,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBAAkBzJ,UAAU,IAEzD,MACF,KAAKyB,EAAMuG,mBAAmB0B,wBAE5B1S,KAAK0S,wBAA0B,IAAIvI,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmB2B,sBAE5B3S,KAAK2S,sBAAwB,GAC7B,IAAK,IAAI7Q,EAAIslD,EAAOtlD,EAAIqI,EAAMvI,OAAQE,GAAK,EACzC9B,KAAK2S,sBAAsB7P,KAAK,CAACqH,EAAMrI,GAAIqI,EAAMrI,EAAI,KAEvD,MACF,QACE9B,KAAK2kD,kBAAkB7hD,KAAK,CAC1BmR,OACA4yC,WACA1lC,KAAMhX,EAAMnB,SAASo+C,EAAOj9C,EAAMvI,UAI5C,CAEE,cAAAokD,CAAe77C,EAAOm9C,GAAU,EAAMpzC,GACpC,MAAMqzC,EAAwC,IAAjBvnD,KAAK43C,QAAgB,EAAI,EAGhD4P,EAAkB1wC,EAAKc,WAAWzN,EAAMnB,SAAS,EAAGu+C,IAE1D,IAAIzlD,EAAIylD,EAGR,KAAOzlD,EAAI,EAAI0lD,GAAiB,CAC9B,MAAMl6B,EAAMoe,GAAiBvhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKwrB,EAAIxU,OAET9Y,KAAKmnD,cAAch9C,EAAMnB,SAASlH,EAAGA,EAAIwrB,EAAIA,KAAMg6B,EAASpzC,GAE5DpS,GAAKwrB,EAAIA,GACf,CAEI,OAAOxrB,CACX,CAGE,MAAA2lD,CAAOxzC,EAAMpN,GACX,MAAM+U,EAAInR,EAAMoE,UAEhB,OAAQoF,GACN,KAAK2H,EAAE7L,OACL,OAAkB,OAAdlJ,EAAKmJ,KACA8G,EAAK0D,WAAW3T,EAAKq8C,SAAQ,IAE/Br8C,EAAKs8C,UAAS,GAEvB,KAAKvnC,EAAE5L,KAAM,CACX,MAAM7F,EAAQtD,EAAKs8C,UAAS,GAE5B,OAAOrsC,EAAKoG,gBAAgB/S,EACpC,CACM,KAAKyR,EAAEzL,WACL,OAAO,IAAI1O,WAAW,GAExB,KAAKma,EAAExL,YACP,KAAKwL,EAAEvL,YACP,KAAKuL,EAAEtL,WACP,KAAKsL,EAAErL,aACP,KAAKqL,EAAEpL,eAAgB,CACrB,IAAI7B,EACAsP,EAEJ,GAAIpX,EAAK0I,OACP0O,EAAM,IACNtP,EAAS9H,EAAK0I,WACT,KAAI1I,EAAK4I,cAId,MAAUlO,MAAM,mFAHhB0c,EAAM,IACNtP,EAAS9H,EAAK4I,aAIxB,CAEQ,MAAMtF,EAAQwE,EAAO5L,QAErB,OAAO+T,EAAKtS,OAAO,CAACxE,KAAKynD,OAAO7rC,EAAEjL,IAAK9J,GACrC,IAAIpF,WAAW,CAACwc,IAChBnH,EAAKgB,YAAY3N,EAAMvI,OAAQ,GAC/BuI,GACV,CACM,KAAKyR,EAAEnL,cACP,KAAKmL,EAAE/K,iBACP,KAAK+K,EAAElL,WACL,OAAOoG,EAAKtS,OAAO,CAACxE,KAAKynD,OAAO7rC,EAAEjL,IAAK9J,GAAO7G,KAAKynD,OAAO7rC,EAAEjL,IAAK,CAC/DA,IAAK9J,EAAKlD,SAGd,KAAKiY,EAAEjL,IACL,QAAiBvO,IAAbyE,EAAK8J,IACP,MAAUpP,MAAM,8CAElB,OAAOsF,EAAK8J,IAAI+2C,aAAa1nD,KAAK43C,SAEpC,KAAKh8B,EAAEhL,cACL,OAAO5Q,KAAKynD,OAAO7rC,EAAEjL,IAAK9J,GAC5B,KAAK+U,EAAE9K,UACL,OAAO,IAAIrP,WAAW,GACxB,KAAKma,EAAE7K,WACL,MAAUxP,MAAM,mBAClB,QACE,MAAUA,MAAM,2BAExB,CAEE,gBAAAomD,CAAiB9gD,EAAMikC,GACrB,IAAIlpC,EAAS,EACb,OAAOqY,EAAiB+sC,EAAahnD,KAAKykD,gBAAgBliD,IACxDX,GAAUW,EAAMX,MAAM,IACrB,KACD,MAAMukB,EAAM,GAeZ,OAdqB,IAAjBnmB,KAAK43C,SAAkB53C,KAAKskD,gBAAkB75C,EAAMoE,UAAUkB,QAAU/P,KAAKskD,gBAAkB75C,EAAMoE,UAAUmB,OAC7G86B,EACF3kB,EAAIrjB,KAAK,IAAIrB,WAAW,IAExB0kB,EAAIrjB,KAAK+D,EAAKmlC,gBAGlB7lB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK43C,QAAS,OAClB,IAAjB53C,KAAK43C,SACPzxB,EAAIrjB,KAAK,IAAIrB,WAAW,IAE1B0kB,EAAIrjB,KAAKgU,EAAKgB,YAAYlW,EAAQ,IAG3BkV,EAAKtS,OAAO2hB,EAAI,GAE7B,CAEE,MAAAiyB,CAAOkM,EAAez9C,EAAMikC,GAAW,GACrC,MAAM3gC,EAAQnK,KAAKynD,OAAOnD,EAAez9C,GAEzC,OAAOiQ,EAAKtS,OAAO,CAACxE,KAAK2uC,MAAQ,IAAIltC,WAAc0I,EAAOnK,KAAKykD,cAAezkD,KAAK2nD,iBAAiB9gD,EAAMikC,IAC9G,CAEE,UAAMn9B,CAAK22C,EAAez9C,EAAMuxC,EAAQtN,GAAW,GACjD,GAAqB,IAAjB9qC,KAAK43C,SAAiB53C,KAAK2uC,KAAK/sC,SAAW8kD,GAAkB1mD,KAAKukD,eAEpE,MAAUhjD,MAAM,oDAIlB,OADK62C,IAAQA,EAASp4C,KAAKo4C,OAAOkM,EAAez9C,EAAMikC,IAChDzuB,GAAO1O,KAAK6W,OAAOxkB,KAAKukD,cAAenM,EAClD,CAcE,YAAMzX,CAAOhwB,EAAK2zC,EAAez9C,EAAMk8C,EAAO,IAAI9qC,KAAQ6yB,GAAW,EAAO52B,EAASuD,GACnF,IAAKzX,KAAK2R,YAAYgyC,OAAOhzC,EAAI81C,YAC/B,MAAUllD,MAAM,oDAElB,GAAIvB,KAAKwkD,qBAAuB7zC,EAAIilC,UAClC,MAAUr0C,MAAM,oFAGlB,MAAMqmD,EAAqBtD,IAAkB75C,EAAMoE,UAAUkB,QAAUu0C,IAAkB75C,EAAMoE,UAAUmB,KAIzG,KADmBhQ,KAAKyyC,MAAcmV,GACrB,CACf,IAAIxP,EACAzqC,EAQJ,GAPI3N,KAAK09B,OACP/vB,QAAa3N,KAAK09B,QAElB0a,EAASp4C,KAAKo4C,OAAOkM,EAAez9C,EAAMikC,GAC1Cn9B,QAAa3N,KAAK2N,KAAK22C,EAAez9C,EAAMuxC,IAE9CzqC,QAAauU,EAAiBvU,GAC1B3N,KAAK4kD,gBAAgB,KAAOj3C,EAAK,IACjC3N,KAAK4kD,gBAAgB,KAAOj3C,EAAK,GACnC,MAAUpM,MAAM,+BAUlB,GAPAvB,KAAK4mB,aAAe5mB,KAAK4mB,OAEzB5mB,KAAKyyC,UAAkBp2B,GAAOxN,UAAU8xB,OACtC3gC,KAAKwkD,mBAAoBxkD,KAAKukD,cAAevkD,KAAK4mB,OAAQjW,EAAI2kC,aAC9D8C,EAAQzqC,IAGL3N,KAAKyyC,IACR,MAAUlxC,MAAM,gCAExB,CAEI,MAAMsmD,EAAW/wC,EAAKyB,cAAcwqC,GACpC,GAAI8E,GAAY7nD,KAAK6kD,QAAUgD,EAC7B,MAAUtmD,MAAM,4CAElB,GAAIsmD,GAAYA,GAAY7nD,KAAK8nD,oBAC/B,MAAUvmD,MAAM,wBAElB,GAAI2S,EAAOqC,qBAAqBvS,IAAIhE,KAAKukD,eACvC,MAAUhjD,MAAM,4BAA8BkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKukD,eAAewD,eAE3F,GAAI7zC,EAAOsC,4BAA4BxS,IAAIhE,KAAKukD,gBAC9C,CAAC95C,EAAMoE,UAAUkB,OAAQtF,EAAMoE,UAAUmB,MAAMoP,SAASpf,KAAKskD,eAC7D,MAAU/iD,MAAM,oCAAsCkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKukD,eAAewD,eAYnG,GAVA/nD,KAAK2kD,kBAAkB1iD,SAAQ,EAAGgS,OAAM4yC,eACtC,GAAIA,EACF,MAAUtlD,MAAM,6CAA6C0S,EACrE,IAEIjU,KAAKslD,aAAarjD,SAAQ,EAAGgG,OAAM4+C,eACjC,GAAIA,GAAa3yC,EAAOkC,eAAe3M,QAAQxB,GAAQ,EACrD,MAAU1G,MAAM,8BAA8B0G,EACtD,IAEoC,OAA5BjI,KAAKmlD,mBACP,MAAU5jD,MAAM,gGAEtB,CAOE,SAAAymD,CAAUjF,EAAO,IAAI9qC,MACnB,MAAM4vC,EAAW/wC,EAAKyB,cAAcwqC,GACpC,OAAiB,OAAb8E,KACO7nD,KAAK6kD,SAAWgD,GAAYA,EAAW7nD,KAAK8nD,oBAG3D,CAME,iBAAAA,GACE,OAAO9nD,KAAK8kD,sBAAwBv8C,IAAW,IAAI0P,KAAKjY,KAAK6kD,QAAQvsC,UAA2C,IAA/BtY,KAAKkR,wBAC1F,EAeA,SAAS+1C,GAAehzC,EAAM4yC,EAAUhgD,GACtC,MAAMsf,EAAM,GAIZ,OAHAA,EAAIrjB,KAAK6oC,GAAkB9kC,EAAKjF,OAAS,IACzCukB,EAAIrjB,KAAK,IAAIrB,WAAW,EAAEolD,EAAW,IAAO,GAAK5yC,KACjDkS,EAAIrjB,KAAK+D,GACFiQ,EAAKtS,OAAO2hB,EACrB,CASA,SAASugC,GAAkBnC,GACzB,OAAQA,GACN,KAAK95C,EAAMkD,KAAKI,OAAQ,OAAO,GAC/B,KAAKtD,EAAMkD,KAAKK,OAAQ,OAAO,GAC/B,KAAKvD,EAAMkD,KAAKM,OAAQ,OAAO,GAC/B,KAAKxD,EAAMkD,KAAKO,OAChB,KAAKzD,EAAMkD,KAAKQ,SAAU,OAAO,GACjC,KAAK1D,EAAMkD,KAAKS,SAAU,OAAO,GACjC,QAAS,MAAU7M,MAAM,6BAE7B,CCh1BA,MAAM0mD,GACJ,cAAWhqC,GACT,OAAOxT,EAAMkE,OAAOI,gBACxB,CAEE,0BAAOm5C,CAAoBC,EAAiBC,GAC1C,MAAMC,EAAa,IAAIJ,GAUvB,OATAI,EAAWzQ,QAAsC,IAA5BuQ,EAAgBvQ,QAAgB,EAAI,EACzDyQ,EAAW/D,cAAgB6D,EAAgB7D,cAC3C+D,EAAW9D,cAAgB4D,EAAgB5D,cAC3C8D,EAAW7D,mBAAqB2D,EAAgB3D,mBAChD6D,EAAW12C,YAAcw2C,EAAgBx2C,YACzC02C,EAAW1Z,KAAOwZ,EAAgBxZ,KAClC0Z,EAAW51C,kBAAoB01C,EAAgB11C,kBAE/C41C,EAAWC,MAAQF,EAAS,EAAI,EACzBC,CACX,CAEE,WAAAzoD,GAEEI,KAAK43C,QAAU,KAQf53C,KAAKskD,cAAgB,KAMrBtkD,KAAKukD,cAAgB,KAMrBvkD,KAAKwkD,mBAAqB,KAE1BxkD,KAAK2uC,KAAO,KAEZ3uC,KAAK2R,YAAc,KAEnB3R,KAAKyS,kBAAoB,KAMzBzS,KAAKsoD,MAAQ,IACjB,CAOE,IAAAjmD,CAAK8H,GACH,IAAIi9C,EAAQ,EAGZ,GADApnD,KAAK43C,QAAUztC,EAAMi9C,KACA,IAAjBpnD,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,4DAa7C,GARA53C,KAAKskD,cAAgBn6C,EAAMi9C,KAG3BpnD,KAAKukD,cAAgBp6C,EAAMi9C,KAG3BpnD,KAAKwkD,mBAAqBr6C,EAAMi9C,KAEX,IAAjBpnD,KAAK43C,QAAe,CAMtB,MAAMqO,EAAa97C,EAAMi9C,KAGzBpnD,KAAK2uC,KAAOxkC,EAAMnB,SAASo+C,EAAOA,EAAQnB,GAC1CmB,GAASnB,EAGTjmD,KAAKyS,kBAAoBtI,EAAMnB,SAASo+C,EAAOA,EAAQ,IACvDA,GAAS,GACTpnD,KAAK2R,YAAc,IAAI+xC,GAEvB1jD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBACjC,MAEMzS,KAAK2R,YAAc,IAAI+xC,GACvB1jD,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASo+C,EAAOA,EAAQ,IACpDA,GAAS,EAQX,OADApnD,KAAKsoD,MAAQn+C,EAAMi9C,KACZpnD,IACX,CAME,KAAA+C,GACE,MAAMojB,EAAM,CAAC,IAAI1kB,WAAW,CAC1BzB,KAAK43C,QACL53C,KAAKskD,cACLtkD,KAAKukD,cACLvkD,KAAKwkD,sBAYP,OAVqB,IAAjBxkD,KAAK43C,QACPzxB,EAAIrjB,KACF,IAAIrB,WAAW,CAACzB,KAAK2uC,KAAK/sC,SAC1B5B,KAAK2uC,KACL3uC,KAAKyS,mBAGP0T,EAAIrjB,KAAK9C,KAAK2R,YAAY5O,SAE5BojB,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKsoD,SACvBxxC,EAAKpV,iBAAiBykB,EACjC,CAEE,gBAAAwhC,IAAoBY,GAClB,OAAOlC,GAAiB/jD,SAAY+hD,GAAgBpkD,UAAU0nD,iBAAiBptC,YAAYva,KAAKwoD,iBAAkBD,IACtH,CAEE,YAAM5nB,GACJ,MAAM6nB,QAAyBxoD,KAAKwoD,iBACpC,IAAKA,GAAoBA,EAAiB5oD,YAAYqe,MAAQxT,EAAMkE,OAAOE,UACzE,MAAUtN,MAAM,0CAElB,GACEinD,EAAiBlE,gBAAkBtkD,KAAKskD,eACxCkE,EAAiBjE,gBAAkBvkD,KAAKukD,eACxCiE,EAAiBhE,qBAAuBxkD,KAAKwkD,qBAC5CgE,EAAiB72C,YAAYgyC,OAAO3jD,KAAK2R,cACxB,IAAjB3R,KAAK43C,SAA8C,IAA7B4Q,EAAiB5Q,SACtB,IAAjB53C,KAAK43C,SAA8C,IAA7B4Q,EAAiB5Q,SACtB,IAAjB53C,KAAK43C,UAAkB9gC,EAAKqE,iBAAiBqtC,EAAiB/1C,kBAAmBzS,KAAKyS,oBACrE,IAAjBzS,KAAK43C,UAAkB9gC,EAAKqE,iBAAiBqtC,EAAiB7Z,KAAM3uC,KAAK2uC,MAE1E,MAAUptC,MAAM,2EAGlB,OADAinD,EAAiB9qB,OAAS19B,KAAK09B,OACxB8qB,EAAiB7nB,OAAOpmB,MAAMiuC,EAAkBne,UAC3D,EC5KO,SAASoe,GAAiBxqC,EAAKyqC,GACpC,IAAKA,EAAezqC,GAAM,CAExB,IAAI0qC,EACJ,IACEA,EAAal+C,EAAMpI,KAAKoI,EAAMkE,OAAQsP,EACvC,CAAC,MAAO/Z,GACP,MAAM,IAAI8oC,GAAmB,iCAAiC/uB,EACpE,CACI,MAAU1c,MAAM,uCAAuConD,EAC3D,CACE,OAAO,IAAID,EAAezqC,EAC5B,CDmKAgqC,GAAuBhoD,UAAU0N,KAAO02C,GAAgBpkD,UAAU0N,KAClEs6C,GAAuBhoD,UAAUm4C,OAASiM,GAAgBpkD,UAAUm4C,OACpE6P,GAAuBhoD,UAAUwnD,OAASpD,GAAgBpkD,UAAUwnD,OC7JpE,MAAMmB,WAAmBjpD,MAWvB,uBAAakpD,CAAW1+C,EAAOu+C,EAAgBx0C,EAASuD,GACtD,MAAMqxC,EAAU,IAAIF,GAEpB,aADME,EAAQzmD,KAAK8H,EAAOu+C,EAAgBx0C,GACnC40C,CACX,CAUE,UAAMzmD,CAAK8H,EAAOu+C,EAAgBx0C,EAASuD,GACrCvD,EAAO4B,yBAAyBlU,SAClC8mD,EAAiB,IAAKA,KAAmB5xC,EAAKgH,wBAAwB5J,EAAO4B,4BAE/E9V,KAAKgB,OAAS6gB,EAAqB1X,GAAO7H,MAAO4C,EAAUC,KACzD,MAAMxE,EAASohB,EAAiB5c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MAyCb,SAxCmBumC,GAAYhnC,GAAU5C,UACvC,IACE,GAAIymD,EAAO9qC,MAAQxT,EAAMkE,OAAOS,QAAU25C,EAAO9qC,MAAQxT,EAAMkE,OAAOW,OAASy5C,EAAO9qC,MAAQxT,EAAMkE,OAAOkB,QAKzG,OAEF,MAAMlB,EAAS85C,GAAiBM,EAAO9qC,IAAKyqC,GAC5C/5C,EAAOm6C,QAAU,IAAIF,GACrBj6C,EAAOq6C,WAAalyC,EAAK7V,SAAS8nD,EAAOp6C,cACnCA,EAAOtM,KAAK0mD,EAAOp6C,OAAQuF,SAC3BvT,EAAOoC,MAAM4L,EACpB,CAAC,MAAOzK,GAIP,GAAIA,aAAa8oC,GAAoB,CACnC,KAAI+b,EAAO9qC,KAAO,IAGhB,aAFMtd,EAAOuC,MAAMgB,EAIrC,CAEc,MAAM+kD,GAAyB/0C,EAAO0B,0BAA4B1R,aAAa4oC,GACzEoc,IAAuBh1C,EAAO2B,wBAA4B3R,aAAa4oC,IAC7E,GAAImc,GAAyBC,GAAuBjd,GAAkB8c,EAAO9qC,WAIrEtd,EAAOuC,MAAMgB,OACd,CACL,MAAMilD,EAAiB,IAAIlc,GAAkB8b,EAAO9qC,IAAK8qC,EAAOp6C,cAC1DhO,EAAOoC,MAAMomD,EACnC,CACcryC,EAAK2E,gBAAgBvX,EACnC,KAKY,aAFMvD,EAAOgF,iBACPhF,EAAOsC,OAGzB,CACO,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,KAII,MAAMR,EAASoe,EAAiB9hB,KAAKgB,QACrC,OAAa,CACX,MAAMwB,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OAMrC,GALKG,EAGHxC,KAAKgB,OAAS,KAFdhB,KAAK8C,KAAKP,GAIRC,GAAQypC,GAAkB1pC,EAAM3C,YAAYqe,KAC9C,KAER,CACIva,EAAO7C,aACX,CAOE,KAAAkC,GACE,MAAMojB,EAAM,GAEZ,IAAK,IAAIrkB,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAAK,CACpC,MAAMmc,EAAMje,KAAK8B,aAAcmrC,GAAoBjtC,KAAK8B,GAAGmc,IAAMje,KAAK8B,GAAGlC,YAAYqe,IAC/EmrC,EAAcppD,KAAK8B,GAAGiB,QAC5B,GAAI+T,EAAK7V,SAASmoD,IAAgBnd,GAAkBjsC,KAAK8B,GAAGlC,YAAYqe,KAAM,CAC5E,IAAI3U,EAAS,GACTU,EAAe,EACnB,MAAMq/C,EAAY,IAClBljC,EAAIrjB,KAAKgpC,GAAS7tB,IAClBkI,EAAIrjB,KAAKmX,EAAiBmvC,GAAa7mD,IAGrC,GAFA+G,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBq/C,EAAW,CAC7B,MAAMC,EAAW7gD,KAAKud,IAAIvd,KAAK+S,IAAIxR,GAAgBvB,KAAK8gD,IAAM,EAAG,IAC3DC,EAAY,GAAKF,EACjBr/C,EAAe6M,EAAKtS,OAAO,CAAConC,GAAmB0d,IAAW9kD,OAAO8E,IAGvE,OAFAA,EAAS,CAACW,EAAajB,SAAS,EAAIwgD,IACpCx/C,EAAeV,EAAO,GAAG1H,OAClBqI,EAAajB,SAAS,EAAG,EAAIwgD,EAChD,KACW,IAAM1yC,EAAKtS,OAAO,CAACmnC,GAAkB3hC,IAAexF,OAAO8E,MACtE,KAAa,CACL,GAAIwN,EAAK7V,SAASmoD,GAAc,CAC9B,IAAIxnD,EAAS,EACbukB,EAAIrjB,KAAKmX,EAAiB+sC,EAAaoC,IAAc7mD,IACnDX,GAAUW,EAAMX,MAAM,IACrB,IAAMoqC,GAAY/tB,EAAKrc,KACpC,MACUukB,EAAIrjB,KAAKkpC,GAAY/tB,EAAKmrC,EAAYxnD,SAExCukB,EAAIrjB,KAAKsmD,EACjB,CACA,CAEI,OAAOtyC,EAAKtS,OAAO2hB,EACvB,CAOE,WAAAsjC,IAAeC,GACb,MAAMC,EAAW,IAAIf,GAEfgB,EAAS3rC,GAAO0qC,GAAc1qC,IAAQ0qC,EAE5C,IAAK,IAAI7mD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3B4nD,EAAKhlD,KAAKklD,EAAO5pD,KAAK8B,GAAGlC,YAAYqe,OACvC0rC,EAAS7mD,KAAK9C,KAAK8B,IAIvB,OAAO6nD,CACX,CAOE,UAAAE,CAAW5rC,GACT,OAAOje,KAAK8pD,MAAKn7C,GAAUA,EAAO/O,YAAYqe,MAAQA,GAC1D,CAOE,UAAA8rC,IAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOjqD,KAEP4pD,EAAS3rC,GAAO0qC,GAAc1qC,IAAQ0qC,EAE5C,IAAK,IAAI7mD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3B4nD,EAAKhlD,KAAKklD,EAAOK,EAAKnoD,GAAGlC,YAAYqe,OACvC+rC,EAASlnD,KAAKhB,GAGlB,OAAOkoD,CACX,EC1MA,MAAMtB,gBAA+B5xC,EAAKgH,wBAAwB,CAChEglC,GACAmF,GACA5D,KAWF,MAAM6F,GACJ,cAAWjsC,GACT,OAAOxT,EAAMkE,OAAOO,cACxB,CAKE,WAAAtP,CAAYsU,EAASuD,GAKnBzX,KAAK8oD,QAAU,KAKf9oD,KAAK41C,UAAY1hC,EAAOG,8BAMxBrU,KAAKmqD,WAAa,IACtB,CAOE,UAAM9nD,CAAK8H,EAAO+J,EAASuD,SACnB8rC,EAAap5C,GAAO7H,UAGxBtC,KAAK41C,gBAAkBlyC,EAAOkG,WAG9B5J,KAAKmqD,WAAazmD,EAAOgE,kBAEnB1H,KAAKoqD,WAAWl2C,EAAO,GAEnC,CAOE,KAAAnR,GAKE,OAJwB,OAApB/C,KAAKmqD,YACPnqD,KAAKqqD,WAGAvzC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK41C,YAAa51C,KAAKmqD,YAC/D,CAQE,gBAAMC,CAAWl2C,EAASuD,GACxB,MAAM6yC,EAAkB7/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK41C,WACrD2U,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUhpD,MAAS+oD,EAAH,gCAGlBtqD,KAAK8oD,cAAgBF,GAAWC,iBAAiB0B,EAAgBvqD,KAAKmqD,YAAazB,GAAgBx0C,EACvG,CAKE,QAAAm2C,GACE,MAAMC,EAAkB7/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK41C,WACrD6U,EAAgBC,GAAaJ,GACnC,IAAKG,EACH,MAAUlpD,MAAS+oD,EAAH,8BAGlBtqD,KAAKmqD,WAAaM,EAAczqD,KAAK8oD,QAAQ/lD,QACjD,EAiBA,SAAS0K,GAAKk9C,EAA+BC,GAC3C,OAAO/jD,IACL,IAAKiQ,EAAK7V,SAAS4F,IAASob,EAAqBpb,GAC/C,OAAOw/C,GAAiB,IAAMnkC,EAAiBrb,GAAMhE,MAAKgoD,GACjD,IAAI3qD,SAAQ,CAACC,EAASC,KAC3B,MAAM0qD,EAAa,IAAIF,EACvBE,EAAWjK,OAASkK,IAClB5qD,EAAQ4qD,EAAc,EAExB,IACED,EAAWhoD,KAAK+nD,GAAW,EAC5B,CAAC,MAAOv0B,GACPl2B,EAAOk2B,EACnB,SAMI,GAAIq0B,EACF,IACE,MAAMK,EAA2BL,IACjC,OAAO9jD,EAAKokD,YAAYD,EACzB,CAAC,MAAO10B,GAEP,GAAiB,cAAbA,EAAIruB,KACN,MAAMquB,CAEhB,CAII,MAAM40B,EAAcrkD,EAAKrG,YACnBsqD,EAAa,IAAIF,EAEvB,OAAO,IAAIzpD,eAAe,CACxB,WAAMiD,CAAMC,GAQV,IAPAymD,EAAWjK,OAASv+C,MAAOC,EAAO6lD,KAChC/jD,EAAWC,QAAQ/B,GACf6lD,GACF/jD,EAAWpB,OACvB,IAGqB,CACX,MAAMT,KAAEA,EAAID,MAAEA,SAAgB2oD,EAAY7oD,OAC1C,GAAIG,EAEF,YADAsoD,EAAWhoD,KAAK,IAAIrB,YAAc,GAEzBc,EAAMX,QACfkpD,EAAWhoD,KAAKP,EAE5B,CACA,GACM,CAEN,CAEA,SAAS4oD,KACP,OAAO7oD,eAAeuE,GACpB,MAAQmU,OAAQowC,SAAuBlrD,QAA4BC,UAAA0C,MAAA,WAAA,OAAAua,EAAA,IACnE,OAAOipC,GAAiB/jD,SAAY8oD,QAAmBlpC,EAAiBrb,KACzE,CACH,CASA,MAAMwkD,GAAoCC,IAAsB,CAC9DC,WAAyC,oBAAtBC,mBAAsC,KAAM,IAAIA,kBAAkBF,IACrFG,aAA6C,oBAAxBC,qBAAwC,KAAM,IAAIA,oBAAoBJ,MAGvFZ,GAAe,CACnBl9C,iBAAmBC,GAAK49C,GAAkC,eAAeE,WAAY5K,IACrFlzC,kBAAoBA,GAAK49C,GAAkC,WAAWE,WAAYhJ,KAG9EiI,GAAiB,CACrBj9C,aAAc1G,GAAQA,EACtB2G,iBAAmBC,GAAK49C,GAAkC,eAAeI,aAAc3K,IACvFrzC,kBAAoBA,GAAK49C,GAAkC,WAAWI,aAAc7I,IACpFl1C,mBAAqBy9C,MCvMjBzC,gBAA+B5xC,EAAKgH,wBAAwB,CAChEglC,GACAoH,GACAjC,GACA5D,KAaF,MAAMsH,GACJ,cAAW1tC,GACT,OAAOxT,EAAMkE,OAAOe,kCACxB,CAEE,iBAAOimC,EAAWiC,QAAEA,EAAOgU,cAAEA,IAC3B,GAAgB,IAAZhU,GAA6B,IAAZA,EACnB,MAAUr2C,MAAM,6BAGlB,MAAMsqD,EAAO,IAAIF,GAMjB,OALAE,EAAKjU,QAAUA,EACC,IAAZA,IACFiU,EAAKD,cAAgBA,GAGhBC,CACX,CAEE,WAAAjsD,GACEI,KAAK43C,QAAU,KAIf53C,KAAK8rD,gBAAkB,KAEvB9rD,KAAK4rD,cAAgB,KACrB5rD,KAAK+rD,cAAgB,KACrB/rD,KAAK2uC,KAAO,KAEZ3uC,KAAKgsD,UAAY,KACjBhsD,KAAK8oD,QAAU,IACnB,CAEE,UAAMzmD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UAGxB,GAFAtC,KAAK43C,cAAgBl0C,EAAOkG,WAEP,IAAjB5J,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,8CAGxB,IAAjB53C,KAAK43C,UAEP53C,KAAK8rD,sBAAwBpoD,EAAOkG,WAEpC5J,KAAK4rD,oBAAsBloD,EAAOkG,WAElC5J,KAAK+rD,oBAAsBroD,EAAOkG,WAElC5J,KAAK2uC,WAAajrC,EAAOqG,UAAU,KAUrC/J,KAAKgsD,UAAYtoD,EAAOgE,WAAW,GAEzC,CAEE,KAAA3E,GACE,OAAqB,IAAjB/C,KAAK43C,QACA9gC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,QAAS53C,KAAK8rD,gBAAiB9rD,KAAK4rD,cAAe5rD,KAAK+rD,gBAAiB/rD,KAAK2uC,KAAM3uC,KAAKgsD,YAE7Hl1C,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,UAAW53C,KAAKgsD,WAC7D,CAWE,aAAMh+B,CAAQi+B,EAAqBt7C,EAAKuD,EAASuD,GAM/C,MAAMyL,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgBipC,GACtD,GAAIt7C,EAAI/O,SAAWqhB,EACjB,MAAU1hB,MAAM,+BAGlB,IAAI4I,EAAQnK,KAAK8oD,QAAQ/lD,QAGzB,GAFIkf,EAAqB9X,KAAQA,QAAc+X,EAAiB/X,IAE3C,IAAjBnK,KAAK43C,QACP53C,KAAK8rD,gBAAkBG,EAEvBjsD,KAAK2uC,KAAOtyB,GAAOw6B,OAAOhb,eAAe,IACzC77B,KAAK+rD,cAAgB73C,EAAOO,kBAC5BzU,KAAKgsD,gBAAkBE,GAAQlsD,KAAM,UAAW2Q,EAAKxG,OAChD,CACL,MAAMkP,QAAegD,GAAO8vC,gBAAgBF,GACtCG,EAAM,IAAI3qD,WAAW,CAAC,IAAM,KAE5B4qD,EAASv1C,EAAKtS,OAAO,CAAC6U,EAAQlP,EAAOiiD,IACrCz+C,QAAa0O,GAAO1O,KAAKE,KAAK2U,EAAoB6pC,IAClD/8B,EAAYxY,EAAKtS,OAAO,CAAC6nD,EAAQ1+C,IAEvC3N,KAAKgsD,gBAAkB3vC,GAAOoX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAK2e,EAAW,IAAI7tB,WAAWyhB,GAAYhP,EACrH,CACI,OAAO,CACX,CAWE,aAAMoa,CAAQ29B,EAAqBt7C,EAAKuD,EAASuD,GAM/C,GAAI9G,EAAI/O,SAAWya,GAAO2G,gBAAgBipC,GAAqBhpC,QAC7D,MAAU1hB,MAAM,+BAGlB,IAGI6nD,EAHA4C,EAAYhF,EAAahnD,KAAKgsD,WAIlC,GAHI/pC,EAAqB+pC,KAAYA,QAAkB9pC,EAAiB8pC,IAGnD,IAAjBhsD,KAAK43C,QAAe,CACtB,GAAI53C,KAAK8rD,kBAAoBG,EAE3B,MAAU1qD,MAAM,oCAElB6nD,QAAoB8C,GAAQlsD,KAAM,UAAW2Q,EAAKq7C,EACxD,KAAW,CACL,MAAM9oC,UAAEA,GAAc7G,GAAO2G,gBAAgBipC,GACvCK,QAAkBjwC,GAAOoX,KAAK3C,IAAIxC,QAAQ29B,EAAqBt7C,EAAKq7C,EAAW,IAAIvqD,WAAWyhB,IAI9FqpC,EAAWxF,EAAavkC,EAAoB8pC,IAAa,IACzDD,EAAStF,EAAauF,EAAW,GAAI,IACrCE,EAAatsD,QAAQ4E,IAAI,CAC7Bod,QAAuB7F,GAAO1O,KAAKE,KAAK2U,EAAoB6pC,KAC5DnqC,EAAiBqqC,KAChB1pD,MAAK,EAAE8K,EAAMy+C,MACd,IAAKt1C,EAAKqE,iBAAiBxN,EAAMy+C,GAC/B,MAAU7qD,MAAM,0BAElB,OAAO,IAAIE,UAAY,IAEnB0I,EAAQ48C,EAAasF,EAAQnpC,EAAY,GAC/CkmC,EAAcrC,EAAa58C,EAAO,GAAI,GACtCi/C,EAAcnuC,EAAc,CAACmuC,EAAa/C,GAAiB,IAAMmG,MAC5D11C,EAAK7V,SAAS+qD,IAAe93C,EAAOiB,6BACvCi0C,QAAoBlnC,EAAiBknC,GAE7C,CAGI,OADAppD,KAAK8oD,cAAgBF,GAAWC,WAAWO,EAAaV,GAAgBx0C,IACjE,CACX,EAaO5R,eAAe4pD,GAAQv9C,EAAQ1H,EAAI0J,EAAK9J,GAC7C,MAAM4lD,EAAY99C,aAAkBg9C,IAA+D,IAAnBh9C,EAAOipC,QACjF8U,GAAWD,GAAa99C,EAAO/O,YAAYqe,MAAQxT,EAAMkE,OAAOiB,kBACtE,IAAK68C,IAAcC,EAAS,MAAUnrD,MAAM,0BAE5C,MAAMkyB,EAAOpX,GAAOswC,YAAYh+C,EAAOi9C,eACjCgB,EAA+B,YAAP3lD,EAAmBwsB,EAAKvC,UAAY,EAC5D27B,EAA+B,YAAP5lD,EAAmBwsB,EAAKvC,UAAY,EAC5Ds4B,EAAY,IAAM76C,EAAOo9C,cAAgB,GAAKa,EAC9CE,EAAyBJ,EAAU,EAAI,EACvCK,EAAc,IAAInsC,YAAY,GAAKksC,GACnCE,EAAa,IAAIvrD,WAAWsrD,EAAa,EAAG,EAAID,GAChDG,EAAgB,IAAIxrD,WAAWsrD,GAC/BG,EAAY,IAAIrsC,SAASksC,GACzBI,EAAkB,IAAI1rD,WAAWsrD,EAAa,EAAG,GACvDC,EAAW7qD,IAAI,CAAC,IAAOwM,EAAO/O,YAAYqe,IAAKtP,EAAOipC,QAASjpC,EAAOm9C,gBAAiBn9C,EAAOi9C,cAAej9C,EAAOo9C,eAAgB,GACpI,IAIIt8B,EACA29B,EALAz1B,EAAa,EACb01B,EAAgBntD,QAAQC,UACxBmtD,EAAe,EACfC,EAAc,EAGlB,GAAId,EAAW,CACb,MAAMxpC,QAAEA,GAAY5G,GAAO2G,gBAAgBrU,EAAOm9C,kBAC5Ct1B,SAAEA,GAAa/C,EACfmb,EAAO,IAAIntC,WAAWsrD,EAAa,EAAG,GACtCS,QAAgB/e,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAKhC,EAAOggC,KAAMC,EAAM3rB,EAAUuT,GACvF7lB,EAAM68C,EAAQxkD,SAAS,EAAGia,GAC1BwM,EAAK+9B,EAAQxkD,SAASia,GACtBwM,EAAG/H,KAAK,EAAG+H,EAAG7tB,OAAS,GACvBwrD,EAAS,IAAIvsC,SAAS4O,EAAGnmB,OAAQmmB,EAAGplB,WAAYolB,EAAGnlB,WACvD,MACImlB,EAAK9gB,EAAO8gB,GAGd,MAAMg+B,QAAqBh6B,EAAK9kB,EAAOm9C,gBAAiBn7C,GACxD,OAAOkR,EAAqBhb,GAAMvE,MAAO4C,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7V,SAASiE,GAAuB,CACvC,MAAMoE,EAAS,IAAItD,gBAAgB,GAAI,CACrCQ,cAAesQ,EAAK8F,yBAA2B,IAAMjO,EAAOo9C,cAAgB,GAC5E2B,KAAMzxC,GAASA,EAAMra,SAEvB+rD,EAAYrkD,EAAOpE,SAAUC,GAC7BA,EAAWmE,EAAOnE,QACxB,CACI,MAAMzB,EAASoe,EAAiB5c,GAC1BvE,EAASohB,EAAiB5c,GAChC,IACE,OAAa,CACX,IAAInC,QAAcU,EAAOqG,UAAUy/C,EAAYoD,IAA0B,IAAInrD,WAC7E,MAAMmsD,EAAa5qD,EAAMgG,SAAShG,EAAMpB,OAASgrD,GAEjD,IAAIiB,EACArrD,EACAksB,EACJ,GAJA1rB,EAAQA,EAAMgG,SAAS,EAAGhG,EAAMpB,OAASgrD,GAIrCH,EACF/9B,EAAQe,MACH,CACLf,EAAQe,EAAG9sB,QACX,IAAK,IAAIb,EAAI,EAAGA,EAAI,EAAGA,IACrB4sB,EAAMe,EAAG7tB,OAAS,EAAIE,IAAMqrD,EAAgBrrD,EAExD,CA0BQ,IAzBK61B,GAAc30B,EAAMpB,QACvB8B,EAAOiG,QAAQikD,GACfC,EAAiBJ,EAAaxmD,GAAIjE,EAAO0rB,EAAOs+B,GAChDa,EAAextD,OAAM,SACrBktD,GAAevqD,EAAMpB,OAASgrD,EAAwBC,IAKtDK,EAAUY,SAAS,EAAIhB,EAAyB,EAAGQ,GACnDO,EAAiBJ,EAAaxmD,GAAI2mD,EAAYl/B,EAAOu+B,GACrDY,EAAextD,OAAM,SACrBktD,GAAeV,EACfrqD,GAAO,GAET8qD,GAAgBtqD,EAAMpB,OAASgrD,EAE/BS,EAAgBA,EAAcxqD,MAAK,IAAMgrD,IAAgBhrD,MAAKP,gBACtD3B,EAAOgF,YACPhF,EAAOoC,MAAMq2B,GACnBm0B,GAAen0B,EAAQx3B,MAAM,IAC5BvB,OAAMi2B,GAAO31B,EAAOuC,MAAMozB,MACzB9zB,GAAQ+qD,EAAc5sD,EAAOotD,oBACzBV,EAEH7qD,EAME,OACC7B,EAAOsC,QACb,KACV,CARcwpD,EACFW,EAAOU,SAASr+B,EAAG7tB,OAAS,IAAK+1B,GAEjCu1B,EAAUY,SAAS,IAASn2B,EAMxC,CACK,CAAC,MAAOzzB,SACDvD,EAAOgF,MAAMtF,OAAM,eACnBM,EAAOuC,MAAMgB,EACzB,IAEA,CC/SA,MAAMwkD,gBAA+B5xC,EAAKgH,wBAAwB,CAChEglC,GACAoH,GACAjC,GACA5D,KAYF,MAAM2J,GACJ,cAAW/vC,GACT,OAAOxT,EAAMkE,OAAOiB,iBACxB,CAEE,WAAAhQ,GACEI,KAAK43C,QAfO,EAiBZ53C,KAAK8rD,gBAAkB,KAEvB9rD,KAAK4rD,cAAgBnhD,EAAM6D,KAAKC,IAChCvO,KAAK+rD,cAAgB,KACrB/rD,KAAKyvB,GAAK,KACVzvB,KAAKgsD,UAAY,KACjBhsD,KAAK8oD,QAAU,IACnB,CAOE,UAAMzmD,CAAK8H,SACHo5C,EAAap5C,GAAO7H,UACxB,MAAMs1C,QAAgBl0C,EAAOkG,WAC7B,GAlCU,IAkCNguC,EACF,MAAM,IAAI9K,GAAiB,WAAW8K,yDAExC53C,KAAK8rD,sBAAwBpoD,EAAOkG,WACpC5J,KAAK4rD,oBAAsBloD,EAAOkG,WAClC5J,KAAK+rD,oBAAsBroD,EAAOkG,WAElC,MAAM6pB,EAAOpX,GAAOswC,YAAY3sD,KAAK4rD,eACrC5rD,KAAKyvB,SAAW/rB,EAAOqG,UAAU0pB,EAAK+C,UACtCx2B,KAAKgsD,UAAYtoD,EAAOgE,WAAW,GAEzC,CAME,KAAA3E,GACE,OAAO+T,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK43C,QAAS53C,KAAK8rD,gBAAiB9rD,KAAK4rD,cAAe5rD,KAAK+rD,gBAAiB/rD,KAAKyvB,GAAIzvB,KAAKgsD,WACpI,CAUE,aAAM19B,CAAQ29B,EAAqBt7C,EAAKuD,EAASuD,GAC/CzX,KAAK8oD,cAAgBF,GAAWC,iBACxBqD,GAAQlsD,KAAM,UAAW2Q,EAAKq2C,EAAahnD,KAAKgsD,YACtDtD,GACAx0C,EAEN,CAUE,aAAM8Z,CAAQi+B,EAAqBt7C,EAAKuD,EAASuD,GAC/CzX,KAAK8rD,gBAAkBG,EAEvB,MAAMz1B,SAAEA,GAAana,GAAOswC,YAAY3sD,KAAK4rD,eAC7C5rD,KAAKyvB,GAAKpT,GAAOw6B,OAAOhb,eAAerF,GACvCx2B,KAAK+rD,cAAgB73C,EAAOO,kBAC5B,MAAM5N,EAAO7G,KAAK8oD,QAAQ/lD,QAC1B/C,KAAKgsD,gBAAkBE,GAAQlsD,KAAM,UAAW2Q,EAAK9J,EACzD,ECvFA,MAAMonD,GACJ,cAAWhwC,GACT,OAAOxT,EAAMkE,OAAOC,4BACxB,CAEE,WAAAhP,GACEI,KAAK43C,QAAU,KAGf53C,KAAKkuD,YAAc,IAAIxK,GAGvB1jD,KAAKmuD,iBAAmB,KACxBnuD,KAAKouD,qBAAuB,KAG5BpuD,KAAKwkD,mBAAqB,KAE1BxkD,KAAKquD,WAAa,KAKlBruD,KAAKisD,oBAAsB,KAG3BjsD,KAAKgsD,UAAY,CAAE,CACvB,CAEE,iBAAOrW,EAAWiC,QAChBA,EAAO0W,oBAAEA,EAAmBC,mBAAEA,EAAkBF,WAAEA,EAAUpC,oBAAEA,IAE9D,MAAMuC,EAAQ,IAAIP,GAElB,GAAgB,IAAZrW,GAA6B,IAAZA,EACnB,MAAUr2C,MAAM,6BAelB,OAZAitD,EAAM5W,QAAUA,EAEA,IAAZA,IACF4W,EAAML,iBAAmBI,EAAqB,KAAOD,EAAoB1W,QACzE4W,EAAMJ,qBAAuBG,EAAqB,KAAOD,EAAoB9H,uBAG/EgI,EAAMN,YAAcK,EAAqB7K,GAAMQ,WAAaoK,EAAoB7H,WAChF+H,EAAMhK,mBAAqB8J,EAAoB1Y,UAC/C4Y,EAAMH,WAAaA,EACnBG,EAAMvC,oBAAsBA,EAErBuC,CACX,CAOE,IAAAnsD,CAAK8H,GACH,IAAI2O,EAAS,EAEb,GADA9Y,KAAK43C,QAAUztC,EAAM2O,KACA,IAAjB9Y,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,+CAE7C,GAAqB,IAAjB53C,KAAK43C,QAAe,CAKtB,MAAM6W,EAA8BtkD,EAAM2O,KAC1C,GAAI21C,EAA6B,CAC/BzuD,KAAKmuD,iBAAmBhkD,EAAM2O,KAC9B,MAAM41C,EAAoBD,EAA8B,EACxDzuD,KAAKouD,qBAAuBjkD,EAAMnB,SAAS8P,EAAQA,EAAS41C,GAAoB51C,GAAU41C,EACtF1uD,KAAKmuD,kBAAoB,EAE3BnuD,KAAKkuD,YAAY7rD,KAAKrC,KAAKouD,sBAG3BpuD,KAAKkuD,YAAY7rD,KAAKrC,KAAKouD,qBAAqBplD,UAAU,GAEpE,MAGQhJ,KAAKkuD,YAAcxK,GAAMQ,UAEjC,MACMprC,GAAU9Y,KAAKkuD,YAAY7rD,KAAK8H,EAAMnB,SAAS8P,EAAQA,EAAS,IAIlE,GAFA9Y,KAAKwkD,mBAAqBr6C,EAAM2O,KAChC9Y,KAAKgsD,UAAY3vC,GAAOsyC,yBAAyB3uD,KAAKwkD,mBAAoBr6C,EAAMnB,SAAS8P,IACrF9Y,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUW,QAAU1M,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUY,KACpG,GAAqB,IAAjB3M,KAAK43C,QACP53C,KAAKisD,oBAAsBxhD,EAAM1H,MAAM0H,EAAMoC,UAAW7M,KAAKgsD,UAAUxX,EAAEoB,gBACpE,GAAmC,OAA/B51C,KAAKgsD,UAAUxX,EAAEoB,UAC1B,MAAUr0C,MAAM,2CAGxB,CAOE,KAAAwB,GACE,MAAMojB,EAAM,CACV,IAAI1kB,WAAW,CAACzB,KAAK43C,WAsBvB,OAnBqB,IAAjB53C,KAAK43C,QAC2B,OAA9B53C,KAAKouD,sBACPjoC,EAAIrjB,KAAK,IAAIrB,WAAW,CACtBzB,KAAKouD,qBAAqBxsD,OAAS,EACnC5B,KAAKmuD,oBAEPhoC,EAAIrjB,KAAK9C,KAAKouD,uBAEdjoC,EAAIrjB,KAAK,IAAIrB,WAAW,CAAC,KAG3B0kB,EAAIrjB,KAAK9C,KAAKkuD,YAAYnrD,SAG5BojB,EAAIrjB,KACF,IAAIrB,WAAW,CAACzB,KAAKwkD,qBACrBnoC,GAAOiqC,gBAAgBtmD,KAAKwkD,mBAAoBxkD,KAAKgsD,YAGhDl1C,EAAKpV,iBAAiBykB,EACjC,CAQE,aAAM6H,CAAQrd,GACZ,MAAM+R,EAAOjY,EAAM1H,MAAM0H,EAAMsB,UAAW/L,KAAKwkD,oBAGzCyH,EAAuC,IAAjBjsD,KAAK43C,QAAgB53C,KAAKisD,oBAAsB,KACtE/Y,EAA8B,IAAhBviC,EAAIinC,QAAgBjnC,EAAI61C,sBAAsBx9C,SAAS,EAAG,IAAM2H,EAAI61C,sBAClFxnC,EAAU4vC,GAAiB5uD,KAAK43C,QAASl1B,EAAMupC,EAAqBjsD,KAAKquD,YAC/EruD,KAAKgsD,gBAAkB3vC,GAAOwyC,iBAC5BnsC,EAAMupC,EAAqBt7C,EAAI2kC,aAAct2B,EAASk0B,EAC5D,CAUE,aAAM5kB,CAAQ3d,EAAKm+C,GAEjB,GAAI9uD,KAAKwkD,qBAAuB7zC,EAAIilC,UAClC,MAAUr0C,MAAM,oBAGlB,MAAM67B,EAAgB0xB,EACpBF,GAAiB5uD,KAAK43C,QAAS53C,KAAKwkD,mBAAoBsK,EAAiB7C,oBAAqB6C,EAAiBT,YAC/G,KACInb,EAA8B,IAAhBviC,EAAIinC,QAAgBjnC,EAAI61C,sBAAsBx9C,SAAS,EAAG,IAAM2H,EAAI61C,sBAClFuI,QAAsB1yC,GAAO2yC,iBAAiBhvD,KAAKwkD,mBAAoB7zC,EAAI2kC,aAAc3kC,EAAIslC,cAAej2C,KAAKgsD,UAAW9Y,EAAa9V,IAEzIixB,WAAEA,EAAUpC,oBAAEA,GAuCxB,SAA0BrU,EAAStB,EAASyY,EAAeD,GACzD,OAAQxY,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAAM,CAEzB,MAAMtK,EAASgtD,EAAc/lD,SAAS,EAAG+lD,EAAcntD,OAAS,GAC1Di3B,EAAWk2B,EAAc/lD,SAAS+lD,EAAcntD,OAAS,GACzDqtD,EAAmBn4C,EAAKwE,cAAcvZ,EAAOiH,SAASjH,EAAOH,OAAS,IACtEstD,EAAkBD,EAAiB,KAAOp2B,EAAS,GAAKo2B,EAAiB,KAAOp2B,EAAS,GACzFs2B,EAAkC,IAAZvX,EAC1B,CAAEqU,oBAAqB,KAAMoC,WAAYtsD,GACzC,CAAEkqD,oBAAqBlqD,EAAO,GAAIssD,WAAYtsD,EAAOiH,SAAS,IAChE,GAAI8lD,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBlD,sBAAwB6C,EAAiB7C,oBAC7DkD,EAAoBd,WAAWzsD,SAAWktD,EAAiBT,WAAWzsD,OACxE,MAAO,CACLysD,WAAYv3C,EAAKwH,iBAAiB8wC,EAAgBD,EAAoBd,WAAYS,EAAiBT,YACnGpC,oBAAiC,IAAZrU,EAAgB,KAAO9gC,EAAK2H,YAC/C2wC,EACAD,EAAoBlD,oBACpB6C,EAAiB7C,qBAG7B,CAGQ,GAFuBiD,IACT,IAAZtX,GAAiBntC,EAAMpI,KAAKoI,EAAMoC,UAAWsiD,EAAoBlD,sBAEjE,OAAOkD,EAEP,MAAU5tD,MAAM,mBAG1B,CACI,KAAKkJ,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,MAAO,CACLs/C,oBAAqB,KACrBoC,WAAYU,GAEhB,QACE,MAAUxtD,MAAM,oCAEtB,CAtFgD8tD,CAAiBrvD,KAAK43C,QAAS53C,KAAKwkD,mBAAoBuK,EAAeD,GAEnH,GAAqB,IAAjB9uD,KAAK43C,QAAe,CAEtB,MAAM0X,EAAmBtvD,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUW,QAAU1M,KAAKwkD,qBAAuB/5C,EAAMsB,UAAUY,KAG3H,GAFA3M,KAAKisD,oBAAsBqD,EAAmBrD,EAAsBjsD,KAAKisD,oBAErEoC,EAAWzsD,SAAWya,GAAO2G,gBAAgBhjB,KAAKisD,qBAAqBhpC,QACzE,MAAU1hB,MAAM,8BAExB,CACIvB,KAAKquD,WAAaA,CACtB,EAMA,SAASO,GAAiBhX,EAAStB,EAAS33B,EAAY4wC,GACtD,OAAQjZ,GACN,KAAK7rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAEnB,OAAOyK,EAAKpV,iBAAiB,CAC3B,IAAID,WAAuB,IAAZm2C,EAAgB,GAAK,CAACj5B,IACrC4wC,EACAz4C,EAAKwE,cAAci0C,EAAevmD,SAASumD,EAAe3tD,OAAS,MAEvE,KAAK6I,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO4iD,EACT,QACE,MAAUhuD,MAAM,oCAEtB,CC9MA,MAAMiuD,GACJ,cAAWvxC,GACT,OAAOxT,EAAMkE,OAAOG,sBACxB,CAKE,WAAAlP,CAAYsU,EAASuD,GACnBzX,KAAK43C,QAAU1jC,EAAOI,YAAc,EAAI,EACxCtU,KAAKquD,WAAa,KAKlBruD,KAAKyvD,8BAAgC,KAKrCzvD,KAAKisD,oBAAsB,KAK3BjsD,KAAK4rD,cAAgBnhD,EAAM1H,MAAM0H,EAAM6D,KAAM4F,EAAOM,wBACpDxU,KAAKgsD,UAAY,KACjBhsD,KAAKyL,IAAM,KACXzL,KAAKyvB,GAAK,IACd,CAOE,IAAAptB,CAAK8H,GACH,IAAI2O,EAAS,EAIb,GADA9Y,KAAK43C,QAAUztC,EAAM2O,KACA,IAAjB9Y,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QACnD,MAAM,IAAI9K,GAAiB,WAAW9sC,KAAK43C,+CAGxB,IAAjB53C,KAAK43C,SAEP9+B,IAIF,MAAM4J,EAAOvY,EAAM2O,KAEf9Y,KAAK43C,SAAW,IAElB53C,KAAK4rD,cAAgBzhD,EAAM2O,KAEN,IAAjB9Y,KAAK43C,SAEP9+B,KAKJ,MAAMlE,EAAUzK,EAAM2O,KAItB,GAHA9Y,KAAKyL,IAAM8sC,GAAe3jC,GAC1BkE,GAAU9Y,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAAS8P,EAAQ3O,EAAMvI,SAEjD5B,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOpX,GAAOswC,YAAY3sD,KAAK4rD,eAIrC5rD,KAAKyvB,GAAKtlB,EAAMnB,SAAS8P,EAAQA,GAAU2a,EAAK+C,SACtD,CAIQx2B,KAAK43C,SAAW,GAAK9+B,EAAS3O,EAAMvI,QACtC5B,KAAKgsD,UAAY7hD,EAAMnB,SAAS8P,EAAQ3O,EAAMvI,QAC9C5B,KAAKyvD,8BAAgC/sC,GAErC1iB,KAAKisD,oBAAsBvpC,CAEjC,CAOE,KAAA3f,GACE,MAAM2f,EAA0B,OAAnB1iB,KAAKgsD,UAChBhsD,KAAKisD,oBACLjsD,KAAKyvD,8BAEP,IAAItlD,EAEJ,MAAMsB,EAAMzL,KAAKyL,IAAI1I,QACrB,GAAqB,IAAjB/C,KAAK43C,QAAe,CACtB,MAAM8X,EAASjkD,EAAI7J,OACb+tD,EAAY,EAAID,EAAS1vD,KAAKyvB,GAAG7tB,OACvCuI,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAAS+X,EAAWjtC,EAAM1iB,KAAK4rD,cAAe8D,IAAUjkD,EAAKzL,KAAKyvB,GAAIzvB,KAAKgsD,WACrI,MAAgC,IAAjBhsD,KAAK43C,QACdztC,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAASl1B,EAAM1iB,KAAK4rD,gBAAiBngD,EAAKzL,KAAKyvB,GAAIzvB,KAAKgsD,aAE5G7hD,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK43C,QAASl1B,IAAQjX,IAE9C,OAAnBzL,KAAKgsD,YACP7hD,EAAQ2M,EAAKpV,iBAAiB,CAACyI,EAAOnK,KAAKgsD,cAI/C,OAAO7hD,CACX,CAQE,aAAMmkB,CAAQkpB,GACZ,MAAM90B,EAA8C,OAAvC1iB,KAAKyvD,8BAChBzvD,KAAKyvD,8BACLzvD,KAAKisD,qBAED/oC,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgBN,GAChD/R,QAAY3Q,KAAKyL,IAAI8rC,WAAWC,EAAYv0B,GAElD,GAAIjjB,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOpX,GAAOswC,YAAY3sD,KAAK4rD,eAC/Bx0B,EAAQ,IAAI31B,WAAW,CAAC,IAAO+tD,GAA6BvxC,IAAKje,KAAK43C,QAAS53C,KAAKyvD,8BAA+BzvD,KAAK4rD,gBACxHhc,EAAiC,IAAjB5vC,KAAK43C,cAAsBnJ,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc21B,EAAOnU,GAAWtS,EACnH88C,QAAqBh6B,EAAK/Q,EAAMktB,GACtC5vC,KAAKquD,iBAAmBZ,EAAan/B,QAAQtuB,KAAKgsD,UAAWhsD,KAAKyvB,GAAI2H,EAC5E,MAAW,GAAuB,OAAnBp3B,KAAKgsD,UAAoB,CAClC,MAAMM,QAAkBjwC,GAAOoX,KAAK3C,IAAIxC,QAAQ5L,EAAM/R,EAAK3Q,KAAKgsD,UAAW,IAAIvqD,WAAWyhB,IAI1F,GAFAljB,KAAKisD,oBAAsBxhD,EAAM1H,MAAM0H,EAAMoC,UAAWy/C,EAAU,IAClEtsD,KAAKquD,WAAa/B,EAAUtjD,SAAS,EAAGsjD,EAAU1qD,QAC9C5B,KAAKquD,WAAWzsD,SAAWya,GAAO2G,gBAAgBhjB,KAAKisD,qBAAqBhpC,QAC9E,MAAU1hB,MAAM,8BAExB,MAEMvB,KAAKquD,WAAa19C,CAExB,CASE,aAAMqd,CAAQwpB,EAAYtjC,EAASuD,GACjC,MAAMiL,EAA8C,OAAvC1iB,KAAKyvD,8BAChBzvD,KAAKyvD,8BACLzvD,KAAKisD,oBAEPjsD,KAAKyvD,8BAAgC/sC,EAErC1iB,KAAKyL,IAAM+sC,GAAiBtkC,GAC5BlU,KAAKyL,IAAI6rC,eAET,MAAMp0B,UAAEA,EAASD,QAAEA,GAAY5G,GAAO2G,gBAAgBN,GAChD/R,QAAY3Q,KAAKyL,IAAI8rC,WAAWC,EAAYv0B,GAMlD,GAJwB,OAApBjjB,KAAKquD,aACPruD,KAAKquD,WAAahyC,GAAOuzC,mBAAmB5vD,KAAKisD,sBAG/CjsD,KAAK43C,SAAW,EAAG,CACrB,MAAMnkB,EAAOpX,GAAOswC,YAAY3sD,KAAK4rD,eACrC5rD,KAAKyvB,GAAKpT,GAAOw6B,OAAOhb,eAAepI,EAAK+C,UAC5C,MAAMY,EAAQ,IAAI31B,WAAW,CAAC,IAAO+tD,GAA6BvxC,IAAKje,KAAK43C,QAAS53C,KAAKyvD,8BAA+BzvD,KAAK4rD,gBACxHhc,EAAiC,IAAjB5vC,KAAK43C,cAAsBnJ,GAAYhkC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc21B,EAAOnU,GAAWtS,EACnH88C,QAAqBh6B,EAAK/Q,EAAMktB,GACtC5vC,KAAKgsD,gBAAkByB,EAAaz/B,QAAQhuB,KAAKquD,WAAYruD,KAAKyvB,GAAI2H,EAC5E,KAAW,CACL,MAAMrD,EAAYjd,EAAKpV,iBAAiB,CACtC,IAAID,WAAW,CAACzB,KAAKisD,sBACrBjsD,KAAKquD,aAEPruD,KAAKgsD,gBAAkB3vC,GAAOoX,KAAK3C,IAAI9C,QAAQtL,EAAM/R,EAAKojB,EAAW,IAAItyB,WAAWyhB,GAAYhP,EACtG,CACA,EC/LA,MAAM27C,GACJ,cAAW5xC,GACT,OAAOxT,EAAMkE,OAAO5C,SACxB,CAME,WAAAnM,CAAYmjD,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAKtCzX,KAAK43C,QAAU1jC,EAAOQ,OAAS,EAAI,EAKnC1U,KAAK6kD,QAAU/tC,EAAKyB,cAAcwqC,GAKlC/iD,KAAK41C,UAAY,KAKjB51C,KAAKs1C,aAAe,KAKpBt1C,KAAK8vD,iBAAmB,EAKxB9vD,KAAKkzC,YAAc,KAKnBlzC,KAAK4jD,MAAQ,IACjB,CAQE,0BAAOmM,CAAoBC,GACzB,MAAMC,EAAY,IAAIJ,IAChBjY,QAAEA,EAAOiN,QAAEA,EAAOjP,UAAEA,EAASN,aAAEA,EAAYsO,MAAEA,EAAK1Q,YAAEA,GAAgB8c,EAO1E,OANAC,EAAUrY,QAAUA,EACpBqY,EAAUpL,QAAUA,EACpBoL,EAAUra,UAAYA,EACtBqa,EAAU3a,aAAeA,EACzB2a,EAAUrM,MAAQA,EAClBqM,EAAU/c,YAAcA,EACjB+c,CACX,CAQE,UAAM5tD,CAAK8H,EAAO+J,EAASuD,GACzB,IAAIzV,EAAM,EAGV,GADAhC,KAAK43C,QAAUztC,EAAMnI,KACA,IAAjBhC,KAAK43C,UAAkB1jC,EAAOS,wBAChC,MAAM,IAAIm4B,GAAiB,mGAG7B,GAAqB,IAAjB9sC,KAAK43C,SAAkC,IAAjB53C,KAAK43C,SAAkC,IAAjB53C,KAAK43C,QAAe,CAElE53C,KAAK6kD,QAAU/tC,EAAKkB,SAAS7N,EAAMnB,SAAShH,EAAKA,EAAM,IACvDA,GAAO,EAGPhC,KAAK41C,UAAYzrC,EAAMnI,KAEnBhC,KAAK43C,SAAW,IAElB51C,GAAO,GAIT,MAAMK,KAAEA,EAAIizC,aAAEA,GAAiBj5B,GAAO6zC,qBAAqBlwD,KAAK41C,UAAWzrC,EAAMnB,SAAShH,IAG1F,GACmB,IAAjBhC,KAAK43C,SACLtC,EAAa/J,MACX+J,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMU,kBAC3CkqC,EAAa/J,IAAIE,YAAchhC,EAAMC,MAAMQ,eAG7C,MAAU3J,MAAM,iDAOlB,OALAvB,KAAKs1C,aAAeA,EACpBtzC,GAAOK,QAGDrC,KAAKmwD,6BACJnuD,CACb,CACI,MAAM,IAAI8qC,GAAiB,WAAW9sC,KAAK43C,4CAC/C,CAME,KAAA70C,GACE,MAAMojB,EAAM,GAEZA,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK43C,WAC9BzxB,EAAIrjB,KAAKgU,EAAKoB,UAAUlY,KAAK6kD,UAE7B1+B,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK41C,aAE9B,MAAMhvB,EAASvK,GAAOiqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKs1C,cAO3D,OANIt1C,KAAK43C,SAAW,GAElBzxB,EAAIrjB,KAAKgU,EAAKgB,YAAY8O,EAAOhlB,OAAQ,IAG3CukB,EAAIrjB,KAAK8jB,GACF9P,EAAKpV,iBAAiBykB,EACjC,CAME,YAAAuhC,CAAa9P,GACX,MAAMztC,EAAQnK,KAAKowD,iBAEbC,EAAe,IAAOzY,EACtB0Y,EAAe1Y,GAAW,EAAI,EAAI,EACxC,OAAO9gC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC4uD,IAAgBv5C,EAAKgB,YAAY3N,EAAMvI,OAAQ0uD,GAAenmD,GAChH,CAME,WAAAomD,GACE,OAAO,IACX,CAME,eAAAC,GACE,OAAOxwD,KAAK6kD,OAChB,CAME,QAAA4B,GACE,OAAOzmD,KAAK4jD,KAChB,CAME,gCAAMuM,GAIJ,SAHMnwD,KAAKywD,qBACXzwD,KAAK4jD,MAAQ,IAAIF,GAEb1jD,KAAK43C,SAAW,EAClB53C,KAAK4jD,MAAMvhD,KAAKrC,KAAKkzC,YAAYlqC,SAAS,EAAG,QACxC,IAAqB,IAAjBhJ,KAAK43C,QAGd,MAAUr2C,MAAM,2BAFhBvB,KAAK4jD,MAAMvhD,KAAKrC,KAAKkzC,YAAYlqC,SAAS,GAAI,IAGpD,CACA,CAKE,wBAAMynD,GACJ,MAAMrY,EAASp4C,KAAK0nD,aAAa1nD,KAAK43C,SAEtC,GAAI53C,KAAK43C,SAAW,EAClB53C,KAAKkzC,kBAAoB72B,GAAO1O,KAAKI,OAAOqqC,OACvC,IAAqB,IAAjBp4C,KAAK43C,QAGd,MAAUr2C,MAAM,2BAFhBvB,KAAKkzC,kBAAoB72B,GAAO1O,KAAKE,KAAKuqC,EAGhD,CACA,CAME,mBAAAoO,GACE,OAAOxmD,KAAKkzC,WAChB,CAME,cAAAwd,GACE,OAAO55C,EAAK6C,gBAAgB3Z,KAAKwmD,sBACrC,CAME,oBAAAmK,CAAqBC,GACnB,OAAO5wD,KAAK43C,UAAYgZ,EAAMhZ,SAAW9gC,EAAKqE,iBAAiBnb,KAAKowD,iBAAkBQ,EAAMR,iBAChG,CAME,gBAAAS,GACE,MAAM9uD,EAAS,CAAE,EACjBA,EAAO6zC,UAAYnrC,EAAMpI,KAAKoI,EAAMsB,UAAW/L,KAAK41C,WAEpD,MAAMkb,EAAS9wD,KAAKs1C,aAAaz9B,GAAK7X,KAAKs1C,aAAaloB,EAMxD,OALI0jC,EACF/uD,EAAOma,KAAOpF,EAAKoC,oBAAoB43C,GAC9B9wD,KAAKs1C,aAAa/J,MAC3BxpC,EAAO2I,MAAQ1K,KAAKs1C,aAAa/J,IAAIE,WAEhC1pC,CACX,EAOA8tD,GAAgB5vD,UAAU8wD,cAAgBlB,GAAgB5vD,UAAUoC,KAMpEwtD,GAAgB5vD,UAAUmwD,eAAiBP,GAAgB5vD,UAAU8C,MCtQrE,MAAM2lD,gBAA+B5xC,EAAKgH,wBAAwB,CAChEglC,GACAoH,GACAjC,GACA5D,KAaF,MAAM2M,GACJ,cAAW/yC,GACT,OAAOxT,EAAMkE,OAAOQ,0BACxB,CAEE,WAAAvP,GAIEI,KAAKgsD,UAAY,KAKjBhsD,KAAK8oD,QAAU,IACnB,CAEE,IAAAzmD,CAAK8H,GACHnK,KAAKgsD,UAAY7hD,CACrB,CAEE,KAAApH,GACE,OAAO/C,KAAKgsD,SAChB,CAYE,aAAM19B,CAAQ29B,EAAqBt7C,EAAKuD,EAASuD,GAE/C,IAAKvD,EAAOgB,6BACV,MAAU3T,MAAM,iCAGlB,MAAM2hB,UAAEA,GAAc7G,GAAO2G,gBAAgBipC,GACvCD,QAAkB9pC,EAAiB8kC,EAAahnD,KAAKgsD,YACrDM,QAAkBjwC,GAAOoX,KAAK3C,IAAIxC,QAAQ29B,EAAqBt7C,EACnEq7C,EAAUhjD,SAASka,EAAY,GAC/B8oC,EAAUhjD,SAAS,EAAGka,EAAY,IAGpCljB,KAAK8oD,cAAgBF,GAAWC,WAAWyD,EAAW5D,GAAgBx0C,EAC1E,CAWE,aAAM8Z,CAAQi+B,EAAqBt7C,EAAKuD,EAASuD,GAC/C,MAAM5Q,EAAO7G,KAAK8oD,QAAQ/lD,SACpBmgB,UAAEA,GAAc7G,GAAO2G,gBAAgBipC,GAEvC5yC,QAAegD,GAAO8vC,gBAAgBF,GACtCgF,QAAY50C,GAAOoX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAK0I,EAAQ,IAAI5X,WAAWyhB,GAAYhP,GACjGqb,QAAmBlT,GAAOoX,KAAK3C,IAAI9C,QAAQi+B,EAAqBt7C,EAAK9J,EAAMoqD,EAAIjoD,SAAS,GAAIkL,GAClGlU,KAAKgsD,UAAYl1C,EAAKtS,OAAO,CAACysD,EAAK1hC,GACvC,EC/EA,MAAM2hC,GACJ,cAAWjzC,GACT,OAAOxT,EAAMkE,OAAOS,MACxB,CAOE,IAAA/M,CAAK8H,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,EAId,CAEE,KAAApH,GACE,OAAO,IAAItB,WAAW,CAAC,GAAM,GAAM,IACvC,EC7BA,MAAM0vD,WAA2BtB,GAC/B,cAAW5xC,GACT,OAAOxT,EAAMkE,OAAOa,YACxB,CAOE,WAAA5P,CAAYmjD,EAAM7uC,GAChBrU,MAAMkjD,EAAM7uC,EAChB,CAQE,6BAAOk9C,CAAuBC,GAC5B,MAAMpB,EAAY,IAAIkB,IAChBvZ,QAAEA,EAAOiN,QAAEA,EAAOjP,UAAEA,EAASN,aAAEA,EAAYsO,MAAEA,EAAK1Q,YAAEA,GAAgBme,EAO1E,OANApB,EAAUrY,QAAUA,EACpBqY,EAAUpL,QAAUA,EACpBoL,EAAUra,UAAYA,EACtBqa,EAAU3a,aAAeA,EACzB2a,EAAUrM,MAAQA,EAClBqM,EAAU/c,YAAcA,EACjB+c,CACX,ECpBA,MAAMqB,GACJ,cAAWrzC,GACT,OAAOxT,EAAMkE,OAAOc,aACxB,CAEE,WAAA7P,GACEI,KAAKuxD,WAAa,EACtB,CAME,IAAAlvD,CAAK8H,GACH,IAAIrI,EAAI,EACR,KAAOA,EAAIqI,EAAMvI,QAAQ,CACvB,MAAM0rB,EAAMoe,GAAiBvhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKwrB,EAAIxU,OAET9Y,KAAKuxD,WAAWzuD,KAAKgU,EAAKqD,mBAAmBhQ,EAAMnB,SAASlH,EAAGA,EAAIwrB,EAAIA,OACvExrB,GAAKwrB,EAAIA,GACf,CACA,CAME,KAAAvqB,GACE,MAAMojB,EAAM,GACZ,IAAK,IAAIrkB,EAAI,EAAGA,EAAI9B,KAAKuxD,WAAW3vD,OAAQE,IAC1CqkB,EAAIrjB,KAAK6oC,GAAkB3rC,KAAKuxD,WAAWzvD,GAAGF,SAC9CukB,EAAIrjB,KAAKgU,EAAKiD,mBAAmB/Z,KAAKuxD,WAAWzvD,KAEnD,OAAOgV,EAAKpV,iBAAiBykB,EACjC,CAOE,MAAAw9B,CAAO6N,GACL,SAAKA,GAAaA,aAAmBF,KAG9BtxD,KAAKuxD,WAAWj1B,OAAM,SAASm1B,EAAMr0C,GAC1C,OAAOq0C,IAASD,EAAQD,WAAWn0C,EACzC,GACA,ECvDA,MAAMs0C,WAAwB7B,GAC5B,cAAW5xC,GACT,OAAOxT,EAAMkE,OAAOK,SACxB,CAME,WAAApP,CAAYmjD,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACtC5X,MAAMkjD,EAAM7uC,GAIZlU,KAAK2xD,YAAc,KAInB3xD,KAAK4xD,YAAc,KAKnB5xD,KAAK6xD,SAAW,EAKhB7xD,KAAKyL,IAAM,KAKXzL,KAAK6M,UAAY,KAKjB7M,KAAKsO,KAAO,KASZtO,KAAK8xD,aAAe,KAKpB9xD,KAAKi2C,cAAgB,KAOrBj2C,KAAK+xD,eAAiB,IAC1B,CAUE,UAAM1vD,CAAK8H,EAAO+J,EAASuD,GAEzB,IAAI3V,QAAU9B,KAAK+wD,cAAc5mD,EAAO+J,GACxC,MAAM89C,EAAuBlwD,EAM7B9B,KAAK6xD,SAAW1nD,EAAMrI,KAID,IAAjB9B,KAAK43C,SACP91C,IAOmB,IAAjB9B,KAAK43C,SAAiB53C,KAAK6xD,UAC7B/vD,IAGF,IAGE,GAAsB,MAAlB9B,KAAK6xD,UAAsC,MAAlB7xD,KAAK6xD,UAAsC,MAAlB7xD,KAAK6xD,SAAkB,CAC3E7xD,KAAK6M,UAAY1C,EAAMrI,KAID,MAAlB9B,KAAK6xD,WACP7xD,KAAKsO,KAAOnE,EAAMrI,MAKC,IAAjB9B,KAAK43C,SACP91C,IAMF,MAAM8S,EAAUzK,EAAMrI,KAItB,GAHA9B,KAAKyL,IAAM8sC,GAAe3jC,GAC1B9S,GAAK9B,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAErB,cAAlB5B,KAAKyL,IAAIwI,KACX,MAEV,MAAiBjU,KAAK6xD,WACd7xD,KAAK6M,UAAY7M,KAAK6xD,UAIpB7xD,KAAK6xD,WAMP7xD,KAAK8xD,aAAiC,MAAlB9xD,KAAK6xD,WACN,IAAjB7xD,KAAK43C,SAAmC,IAAjB53C,KAAK43C,SAAiB1jC,EAAOK,kCAMhC,MAAlBvU,KAAK6xD,UAAoB7xD,KAAK8xD,cAChC9xD,KAAKyvB,GAAKtlB,EAAMnB,SACdlH,EACAA,EAAIua,GAAO2G,gBAAgBhjB,KAAK6M,WAAWqW,WAE7CljB,KAAK+xD,gBAAiB,IAKtB/xD,KAAKyvB,GAAKtlB,EAAMnB,SACdlH,EACAA,EAAIua,GAAOswC,YAAY3sD,KAAKsO,MAAMkoB,UAGpCx2B,KAAK+xD,gBAAiB,GAGxBjwD,GAAK9B,KAAKyvB,GAAG7tB,OAEhB,CAAC,MAAOsC,GAEP,IAAKlE,KAAK6xD,SAAU,MAAM3tD,EAC1BlE,KAAKiyD,uBAAyB9nD,EAAMnB,SAASgpD,GAC7ChyD,KAAK4xD,aAAc,CACzB,CAcI,GAVqB,IAAjB5xD,KAAK43C,UACP91C,GAAK,GAMP9B,KAAK2xD,YAAcxnD,EAAMnB,SAASlH,GAClC9B,KAAK4xD,cAAgB5xD,KAAK6xD,UAErB7xD,KAAK4xD,YAAa,CACrB,IAAIM,EACJ,GAAqB,IAAjBlyD,KAAK43C,QACPsa,EAAYlyD,KAAK2xD,iBAGjB,GADAO,EAAYlyD,KAAK2xD,YAAY3oD,SAAS,GAAI,IACrC8N,EAAKqE,iBAAiBrE,EAAKwE,cAAc42C,GAAYlyD,KAAK2xD,YAAY3oD,UAAU,IACnF,MAAUzH,MAAM,yBAGpB,IACE,MAAMc,KAAEA,EAAI4zC,cAAEA,GAAkB55B,GAAO81C,sBAAsBnyD,KAAK41C,UAAWsc,EAAWlyD,KAAKs1C,cAC7F,GAAIjzC,EAAO6vD,EAAUtwD,OACnB,MAAUL,MAAM,sBAElBvB,KAAKi2C,cAAgBA,CACtB,CAAC,MAAO3f,GACP,GAAIA,aAAewW,GAAkB,MAAMxW,EAE3C,MAAU/0B,MAAM,qBACxB,CACA,CACA,CAME,KAAAwB,GACE,MAAMqvD,EAAsBpyD,KAAKowD,iBACjC,GAAIpwD,KAAKiyD,uBACP,OAAOn7C,EAAKpV,iBAAiB,CAC3B0wD,EACApyD,KAAKiyD,yBAIT,MAAM9rC,EAAM,CAACisC,GACbjsC,EAAIrjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK6xD,YAE9B,MAAMQ,EAAoB,GAG1B,GAAsB,MAAlBryD,KAAK6xD,UAAsC,MAAlB7xD,KAAK6xD,UAAsC,MAAlB7xD,KAAK6xD,SAAkB,CAC3EQ,EAAkBvvD,KAAK9C,KAAK6M,WAIN,MAAlB7M,KAAK6xD,UACPQ,EAAkBvvD,KAAK9C,KAAKsO,MAG9B,MAAM7C,EAAMzL,KAAKyL,IAAI1I,QAIA,IAAjB/C,KAAK43C,SACPya,EAAkBvvD,KAAK2I,EAAI7J,QAM7BywD,EAAkBvvD,QAAQ2I,EAChC,CA6BI,OAxBIzL,KAAK6xD,UAA8B,cAAlB7xD,KAAKyL,IAAIwI,MAC5Bo+C,EAAkBvvD,QAAQ9C,KAAKyvB,KAGZ,IAAjBzvB,KAAK43C,SAAmC,IAAjB53C,KAAK43C,SAAiB53C,KAAK6xD,WACpD1rC,EAAIrjB,KAAK,IAAIrB,WAAW,CAAC4wD,EAAkBzwD,UAE7CukB,EAAIrjB,KAAK,IAAIrB,WAAW4wD,IAEnBryD,KAAKsyD,YACHtyD,KAAK6xD,WACR7xD,KAAK2xD,YAAct1C,GAAOiqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKi2C,gBAG5C,IAAjBj2C,KAAK43C,SACPzxB,EAAIrjB,KAAKgU,EAAKgB,YAAY9X,KAAK2xD,YAAY/vD,OAAQ,IAErDukB,EAAIrjB,KAAK9C,KAAK2xD,aAET3xD,KAAK6xD,UAA6B,IAAjB7xD,KAAK43C,SACzBzxB,EAAIrjB,KAAKgU,EAAKwE,cAActb,KAAK2xD,eAI9B76C,EAAKpV,iBAAiBykB,EACjC,CAOE,WAAAoqC,GACE,OAA4B,IAArBvwD,KAAK4xD,WAChB,CAUE,0BAAAW,GACE,YAAuCnwD,IAAhCpC,KAAKiyD,wBAAwCjyD,KAAKsyD,SAC7D,CAME,OAAAA,GACE,SAAUtyD,KAAKyL,KAAyB,cAAlBzL,KAAKyL,IAAIwI,KACnC,CAOE,SAAAu+C,CAAUt+C,EAASuD,GACbzX,KAAKsyD,YAGLtyD,KAAKuwD,eACPvwD,KAAKyyD,4BAEAzyD,KAAKiyD,uBACZjyD,KAAK4xD,YAAc,KACnB5xD,KAAK2xD,YAAc,KACnB3xD,KAAKyL,IAAM8sC,GAAe9tC,EAAMgB,IAAIK,IAAKoI,GACzClU,KAAKyL,IAAImqC,UAAY,EACrB51C,KAAKyL,IAAI2X,EAAI,EACbpjB,KAAKyL,IAAIwI,KAAO,YAChBjU,KAAK6xD,SAAW,IAChB7xD,KAAK6M,UAAYpC,EAAMoC,UAAUO,OACjCpN,KAAK8xD,aAAe,KACpB9xD,KAAK+xD,eAAiB,KAC1B,CAYE,aAAM/jC,CAAQwpB,EAAYtjC,EAASuD,GACjC,GAAIzX,KAAKsyD,UACP,OAGF,IAAKtyD,KAAKuwD,cACR,MAAUhvD,MAAM,mCAGlB,IAAKi2C,EACH,MAAUj2C,MAAM,0DAGlBvB,KAAKyL,IAAM+sC,GAAiBtkC,GAC5BlU,KAAKyL,IAAI6rC,eACT,MAAM4a,EAAY71C,GAAOiqC,gBAAgBtmD,KAAK41C,UAAW51C,KAAKi2C,eAC9Dj2C,KAAK6M,UAAYpC,EAAMoC,UAAUO,OAEjC,MAAM8V,UAAEA,GAAc7G,GAAO2G,gBAAgBhjB,KAAK6M,WAElD,GAAIqH,EAAOI,YAAa,CACtBtU,KAAK6xD,SAAW,IAChB7xD,KAAKsO,KAAO4F,EAAOM,uBACnB,MAAMif,EAAOpX,GAAOswC,YAAY3sD,KAAKsO,MACrCtO,KAAK8xD,aAAgC,IAAjB9xD,KAAK43C,QACzB53C,KAAK+xD,gBAAkB/xD,KAAK8xD,aAE5B,MAAMY,EAAsB5mB,GAAS9rC,KAAKJ,YAAYqe,KAChDtN,QAAYgiD,GAAqB3yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,UAAW7M,KAAKsO,KAAMokD,EAAqB1yD,KAAK8xD,cAE1HrE,QAAqBh6B,EAAKzzB,KAAK6M,UAAW8D,GAChD3Q,KAAKyvB,GAAKzvB,KAAK8xD,aAAez1C,GAAOw6B,OAAOhb,eAAe3Y,GAAa7G,GAAOw6B,OAAOhb,eAAepI,EAAK+C,UAC1G,MAAMo8B,EAAgB5yD,KAAK8xD,aACzB,IAAIrwD,WACJqV,EAAKpV,iBAAiB,CAACgxD,EAAqB1yD,KAAKowD,mBAEnDpwD,KAAK2xD,kBAAoBlE,EAAaz/B,QAAQkkC,EAAWlyD,KAAKyvB,GAAGzmB,SAAS,EAAGyqB,EAAK+C,UAAWo8B,EACnG,KAAW,CACL5yD,KAAK6xD,SAAW,IAChB7xD,KAAK+xD,gBAAiB,EACtB,MAAMphD,QAAYgiD,GAAqB3yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,WAChF7M,KAAKyvB,GAAKpT,GAAOw6B,OAAOhb,eAAe3Y,GACvCljB,KAAK2xD,kBAAoBt1C,GAAOoX,KAAK3C,IAAI9C,QAAQhuB,KAAK6M,UAAW8D,EAAKmG,EAAKpV,iBAAiB,CAC1FwwD,QACM71C,GAAO1O,KAAKE,KAAKqkD,EAAWh+C,KAChClU,KAAKyvB,GAAIvb,EACnB,CACA,CAWE,aAAMoa,CAAQkpB,GACZ,GAAIx3C,KAAKsyD,UACP,OAAO,EAGT,GAAItyD,KAAKiyD,uBACP,MAAU1wD,MAAM,kEAGlB,GAAIvB,KAAKuwD,cACP,MAAUhvD,MAAM,oCAGlB,IAAIoP,EACJ,MAAM+hD,EAAsB5mB,GAAS9rC,KAAKJ,YAAYqe,KACtD,GAAsB,MAAlBje,KAAK6xD,UAAsC,MAAlB7xD,KAAK6xD,SAG3B,MAAsB,MAAlB7xD,KAAK6xD,SACJtwD,MAAM,0EAENA,MAAM,yEAGlB,IAAI2wD,EACJ,GATEvhD,QAAYgiD,GACV3yD,KAAK43C,QAAS53C,KAAKyL,IAAK+rC,EAAYx3C,KAAK6M,UAAW7M,KAAKsO,KAAMokD,EAAqB1yD,KAAK8xD,cAQvE,MAAlB9xD,KAAK6xD,SAAkB,CACzB,MAAMp+B,EAAOpX,GAAOswC,YAAY3sD,KAAKsO,MAC/Bm/C,QAAqBh6B,EAAKzzB,KAAK6M,UAAW8D,GAChD,IACE,MAAMiiD,EAAgB5yD,KAAK8xD,aACzB,IAAIrwD,WACJqV,EAAKpV,iBAAiB,CAACgxD,EAAqB1yD,KAAKowD,mBACnD8B,QAAkBzE,EAAan/B,QAAQtuB,KAAK2xD,YAAa3xD,KAAKyvB,GAAGzmB,SAAS,EAAGyqB,EAAK+C,UAAWo8B,EAC9F,CAAC,MAAOt8B,GACP,GAAoB,gCAAhBA,EAAI/iB,QACN,MAAUhS,MAAM,6BAA+B+0B,EAAI/iB,SAErD,MAAM+iB,CACd,CACA,KAAW,CACL,MAAMu8B,QAA0Bx2C,GAAOoX,KAAK3C,IAAIxC,QAAQtuB,KAAK6M,UAAW8D,EAAK3Q,KAAK2xD,YAAa3xD,KAAKyvB,IAEpGyiC,EAAYW,EAAkB7pD,SAAS,GAAI,IAC3C,MAAM2E,QAAa0O,GAAO1O,KAAKE,KAAKqkD,GAEpC,IAAKp7C,EAAKqE,iBAAiBxN,EAAMklD,EAAkB7pD,UAAU,KAC3D,MAAUzH,MAAM,2BAExB,CAEI,IACE,MAAM00C,cAAEA,GAAkB55B,GAAO81C,sBAAsBnyD,KAAK41C,UAAWsc,EAAWlyD,KAAKs1C,cACvFt1C,KAAKi2C,cAAgBA,CACtB,CAAC,MAAO3f,GACP,MAAU/0B,MAAM,qBACtB,CACIvB,KAAK4xD,aAAc,EACnB5xD,KAAK2xD,YAAc,KACnB3xD,KAAK6xD,SAAW,EAChB7xD,KAAKsO,KAAO,KACZtO,KAAK6M,UAAY,KACjB7M,KAAK8xD,aAAe,IACxB,CAOE,cAAMgB,GACJ,GAAI9yD,KAAKsyD,UACP,OAGF,IAAKtyD,KAAKuwD,cACR,MAAUhvD,MAAM,wBAGlB,GAAIvB,KAAK+xD,eAEP,OAGF,IAAIgB,EACJ,IAEEA,QAAoB12C,GAAOs6B,eAAe32C,KAAK41C,UAAW51C,KAAKs1C,aAAct1C,KAAKi2C,cACnF,CAAC,MAAO/pB,GACP6mC,GAAc,CACpB,CACI,IAAKA,EACH,MAAUxxD,MAAM,iBAEtB,CAEE,cAAM4rC,CAASjxB,EAAMxR,GAGnB,GAAqB,IAAjB1K,KAAK43C,UACN53C,KAAK41C,YAAcnrC,EAAMsB,UAAUM,MAAQ3B,IAAUD,EAAMC,MAAMU,kBAClEpL,KAAK41C,YAAcnrC,EAAMsB,UAAUQ,aAEnC,MAAUhL,MAAM,oDAAoDmJ,kDAEtE,MAAMurC,cAAEA,EAAaX,aAAEA,SAAuBj5B,GAAO22C,eAAehzD,KAAK41C,UAAW15B,EAAMxR,GAC1F1K,KAAKi2C,cAAgBA,EACrBj2C,KAAKs1C,aAAeA,EACpBt1C,KAAK4xD,aAAc,CACvB,CAKE,kBAAAa,GACMzyD,KAAKuyD,+BAITzyD,OAAO42C,KAAK12C,KAAKi2C,eAAeh0C,SAAQgG,IACxBjI,KAAKi2C,cAAchuC,GAC3Byf,KAAK,UACJ1nB,KAAKi2C,cAAchuC,EAAK,IAEjCjI,KAAKi2C,cAAgB,KACrBj2C,KAAK4xD,aAAc,EACvB,EAcAtvD,eAAeqwD,GAAqBM,EAAYxnD,EAAK+rC,EAAY74B,EAAYu0C,EAAUR,EAAqBZ,GAC1G,GAAiB,WAAbrmD,EAAIwI,OAAsBi/C,EAC5B,MAAU3xD,MAAM,gDAElB,GAAiB,WAAbkK,EAAIwI,MAAoC,IAAfg/C,EAC3B,MAAU1xD,MAAM,uDAElB,MAAM0hB,QAAEA,GAAY5G,GAAO2G,gBAAgBrE,GACrCw0C,QAAmB1nD,EAAI8rC,WAAWC,EAAYv0B,GACpD,IAAKiwC,GAA2B,IAAfD,GAAoBnB,EACnC,OAAOqB,EAET,MAAMvkB,EAAO93B,EAAKpV,iBAAiB,CACjCgxD,EACA,IAAIjxD,WAAW,CAACwxD,EAAYt0C,EAAYu0C,MAE1C,OAAOzkB,GAAYhkC,EAAMkD,KAAKI,OAAQolD,EAAY,IAAI1xD,WAAcmtC,EAAM3rB,EAC5E,CC5iBA,MAAMmwC,GACJ,cAAWn1C,GACT,OAAOxT,EAAMkE,OAAOY,MACxB,CAEE,WAAA3P,GAKEI,KAAKuP,OAAS,GAEdvP,KAAKiI,KAAO,GACZjI,KAAKqzD,MAAQ,GACbrzD,KAAKszD,QAAU,EACnB,CAQE,iBAAO3d,CAAWpmC,GAChB,GAAIuH,EAAKC,SAASxH,IACfA,EAAOtH,OAAS6O,EAAKC,SAASxH,EAAOtH,OACrCsH,EAAO8jD,QAAUv8C,EAAKkG,eAAezN,EAAO8jD,QAC5C9jD,EAAO+jD,UAAYx8C,EAAKC,SAASxH,EAAO+jD,SACzC,MAAU/xD,MAAM,0BAElB,MAAMoN,EAAS,IAAIykD,GACnBtzD,OAAO+mB,OAAOlY,EAAQY,GACtB,MAAMgkD,EAAa,GAKnB,OAJI5kD,EAAO1G,MAAMsrD,EAAWzwD,KAAK6L,EAAO1G,MACpC0G,EAAO2kD,SAASC,EAAWzwD,KAAK,IAAI6L,EAAO2kD,YAC3C3kD,EAAO0kD,OAAOE,EAAWzwD,KAAK,IAAI6L,EAAO0kD,UAC7C1kD,EAAOY,OAASgkD,EAAW7wD,KAAK,KACzBiM,CACX,CAME,IAAAtM,CAAK8H,EAAO+J,EAASuD,GACnB,MAAMlI,EAASuH,EAAK+D,WAAW1Q,GAC/B,GAAIoF,EAAO3N,OAASsS,EAAOiC,gBACzB,MAAU5U,MAAM,8BAYlB,MACMiyD,EADK,qEACQC,KAAKlkD,GACxB,GAAgB,OAAZikD,EAAkB,CACpB,MAAMvrD,KAAEA,EAAIqrD,QAAEA,EAAOD,MAAEA,GAAUG,EAAQE,OACzC1zD,KAAKszD,QAAUA,GAAS9zC,QAAQ,cAAe,IAAIm0C,QAAU,GAC7D3zD,KAAKiI,KAAOA,GAAM0rD,QAAU,GAC5B3zD,KAAKqzD,MAAQA,EAAMjuC,UAAU,EAAGiuC,EAAMzxD,OAAS,EAChD,KAAU,oBAAoBqb,KAAK1N,KAClCvP,KAAKqzD,MAAQ9jD,GAGfvP,KAAKuP,OAASA,CAClB,CAME,KAAAxM,GACE,OAAO+T,EAAK0D,WAAWxa,KAAKuP,OAChC,CAEE,MAAAo0C,CAAOiQ,GACL,OAAOA,GAAeA,EAAYrkD,SAAWvP,KAAKuP,MACtD,ECvFA,MAAMskD,WAA2BnC,GAC/B,cAAWzzC,GACT,OAAOxT,EAAMkE,OAAOM,YACxB,CAME,WAAArP,CAAYmjD,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACtC5X,MAAMkjD,EAAM7uC,EAChB,ECnBA,MAAM4/C,GACJ,cAAW71C,GACT,OAAOxT,EAAMkE,OAAOW,KACxB,CAME,IAAAjN,GACE,MAAM,IAAIyqC,GAAiB,kCAC/B,CAEE,KAAA/pC,GACE,MAAM,IAAI+pC,GAAiB,kCAC/B,ECPA,MAAMinB,GACJ,cAAW91C,GACT,OAAOxT,EAAMkE,OAAOkB,OACxB,CAEE,WAAAjQ,GACEI,KAAK6P,QAAU,IACnB,CAME,IAAAxN,CAAK8H,GAEP,CAME,KAAApH,GACE,OAAO/C,KAAK6P,OAChB,CAQE,mBAAMmkD,CAAcpyD,GAClB5B,KAAK6P,cAAgBwM,GAAOw6B,OAAOhb,eAAej6B,EACtD,ECnCA,MAAM8mD,gBAA+B5xC,EAAKgH,wBAAwB,CAACumC,KAK5D,MAAM4P,GAIX,WAAAr0D,CAAYs0D,GACVl0D,KAAK8oD,QAAUoL,GAAc,IAAItL,EACrC,CAME,KAAA7lD,GACE,OAAO/C,KAAK8oD,QAAQ/lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASuD,GAEb,MAAM6K,EAAetiB,KAAK8oD,QAAQpkD,MAAKiK,GAAUA,EAAO/O,YAAYqe,MAAQomC,GAAgBpmC,KAA0B,IAAnBtP,EAAOipC,UAC1G,OAAOzkC,GAAM1I,EAAM0I,MAAMtE,UAAW7O,KAAK+C,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACrG,CAME,gBAAAigD,GACE,OAAOn0D,KAAK8oD,QAAQnkD,KAAIgK,GAAUA,EAAOgD,aAC7C,EAaOrP,eAAe8xD,IAAcC,iBAAEA,EAAgBC,gBAAEA,EAAiBpgD,OAAAA,KAAWqgD,IAClFrgD,EAAS,IAAKuD,KAAkBvD,GAChC,IAAI3T,EAAQ8zD,GAAoBC,EAChC,IAAK/zD,EACH,MAAUgB,MAAM,8FAElB,GAAI8yD,IAAqBv9C,EAAKC,SAASs9C,GACrC,MAAU9yD,MAAM,4DAElB,GAAI+yD,IAAoBx9C,EAAKtV,aAAa8yD,GACxC,MAAU/yD,MAAM,+DAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAI2xD,EAAkB,CACpB,MAAMpgD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQ/gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMtE,UACvB,MAAUtN,MAAM,sCAElBhB,EAAQsG,CACZ,CACE,MAAMqtD,QAAmBtL,GAAWC,WAAWtoD,EAAOmoD,GAAgBx0C,GACtE,OAAO,IAAI+/C,GAAUC,EACvB,CCnFO5xD,eAAemyD,GAAqB3uD,EAASoO,GAClD,MAAMm9C,EAAqB,IAAIwC,GAAmB/tD,EAAQi9C,KAAM7uC,GAKhE,OAJAm9C,EAAmBvI,QAAU,KAC7BuI,EAAmBzb,UAAYnrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ8vC,iBAC9Dyb,EAAmBlkB,SAASrnC,EAAQ4uD,QAAS5uD,EAAQ4E,aACrD2mD,EAAmBlB,6BAClBkB,CACT,CAEO/uD,eAAeqyD,GAAkB7uD,EAASoO,GAC/C,MAAM87C,EAAkB,IAAI0B,GAAgB5rD,EAAQi9C,KAAM7uC,GAK1D,OAJA87C,EAAgBlH,QAAU,KAC1BkH,EAAgBpa,UAAYnrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ8vC,iBAC3Doa,EAAgB7iB,SAASrnC,EAAQ4uD,QAAS5uD,EAAQ4E,MAAO5E,EAAQoO,cACjE87C,EAAgBG,6BACfH,CACT,CAaO1tD,eAAesyD,GAAwBC,EAAY9oD,EAAWu4C,EAAewQ,EAAc/R,EAAO,IAAI9qC,KAAQ/D,GACnH,IAAI6gD,EACA32C,EACJ,IAAK,IAAItc,EAAI+yD,EAAWjzD,OAAS,EAAGE,GAAK,EAAGA,IAC1C,MAEMizD,GAAeF,EAAW/yD,GAAG+iD,SAAWkQ,EAAYlQ,iBAEhDgQ,EAAW/yD,GAAG6+B,OAAO50B,EAAWu4C,EAAewQ,EAAc/R,OAAM3gD,EAAW8R,GACpF6gD,EAAcF,EAAW/yD,GAE5B,CAAC,MAAOoC,GACPka,EAAYla,CAClB,CAEE,IAAK6wD,EACH,MAAMj+C,EAAK+G,UACT,wBAAwBpT,EAAMpI,KAAKoI,EAAMoE,UAAWy1C,uBAAmCv4C,EAAU06C,WAAWjb,UACzGhsB,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAAC0M,EAAG8oC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3D92C,GAEJ,OAAO22C,CACT,CAEO,SAASI,GAAclF,EAAWphD,EAAWk0C,EAAO,IAAI9qC,MAC7D,MAAM4vC,EAAW/wC,EAAKyB,cAAcwqC,GACpC,GAAiB,OAAb8E,EAAmB,CACrB,MAAMuN,EAAiBC,GAAqBpF,EAAWphD,GACvD,QAASohD,EAAUpL,SAAWgD,GAAYA,EAAWuN,EACzD,CACE,OAAO,CACT,CASO9yD,eAAegzD,GAAuBC,EAAQC,EAAY1vD,EAASoO,GACxE,MAAMuhD,EAAa,CAAE,EACrBA,EAAW9kD,IAAM6kD,EACjBC,EAAW9xD,KAAO4xD,EAClB,MAAMG,EAAsB,CAAEpR,cAAe75C,EAAMoE,UAAU4B,eACzD3K,EAAQs6B,MACVs1B,EAAoBvjD,SAAW,CAAC1H,EAAM0H,SAASU,UAC/C6iD,EAAoBljD,wBAA0BmjD,GAAsBF,EAAY,GAAIF,EAAQ,CAC1FjR,cAAe75C,EAAMoE,UAAU6B,YAC9B5K,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,IAElDwhD,EAAoBvjD,SAAW,CAAC1H,EAAM0H,SAASW,qBAAuBrI,EAAM0H,SAASY,gBAEnFjN,EAAQyL,kBAAoB,IAC9BmkD,EAAoBnkD,kBAAoBzL,EAAQyL,kBAChDmkD,EAAoBxQ,iBAAkB,GAGxC,aADoCyQ,GAAsBF,EAAY,GAAID,EAAYE,EAAqB5vD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,EAE5J,CAwKO5R,eAAeqzD,GAAsBF,EAAYG,EAAeC,EAAkBH,EAAqB3S,EAAM+S,EAAkBvQ,EAAY,GAAIza,GAAW,EAAO52B,GACtK,GAAI2hD,EAAiBvD,UACnB,MAAU/wD,MAAM,qCAElB,IAAKs0D,EAAiBtF,cACpB,MAAUhvD,MAAM,iCAElB,MAAM4mD,EAAkB,IAAI9D,GAM5B,OALAvkD,OAAO+mB,OAAOshC,EAAiBuN,GAC/BvN,EAAgB3D,mBAAqBqR,EAAiBjgB,UACtDuS,EAAgB5D,oBAtKXjiD,eAAoCyzD,EAAYF,EAAkB9S,EAAO,IAAI9qC,KAAQ+9C,EAAgB,GAAI9hD,GAO9G,MAAM+hD,EAAcxrD,EAAMkD,KAAKI,OACzBmoD,EAAsBhiD,EAAOC,uBAE7BgiD,QAAgCj2D,QAAQ4E,IAAIixD,EAAWpxD,KAAIrC,MAAOqO,EAAK7O,WAC3C6O,EAAIylD,wBAAwBrT,EAAMiT,EAAcl0D,GAAIoS,IAC9CrC,2BAGlCwkD,EAAoB,IAAIC,IAC9B,IAAK,MAAMC,KAAkBJ,EAC3B,IAAK,MAAMj2B,KAAYq2B,EACrB,IAEE,MAAMC,EAAgB/rD,EAAM1H,MAAM0H,EAAMkD,KAAMuyB,GAC9Cm2B,EAAkBl0D,IAChBq0D,EACAH,EAAkBryD,IAAIwyD,GAAiBH,EAAkBluD,IAAIquD,GAAiB,EAAI,EAE5F,CAAQ,MAAM,CAGZ,MAAMC,EAAsBv2B,GAAkC,IAAtB61B,EAAWn0D,QAAgBy0D,EAAkBluD,IAAI+3B,KAAc61B,EAAWn0D,QAAUs+B,IAAa+1B,EACnIS,EAAgC,KACpC,GAA+B,IAA3BL,EAAkB3I,KACpB,OAAOuI,EAET,MAGMU,EAHkBh3D,MAAM6gB,KAAK61C,EAAkB3f,QAClDnsC,QAAO21B,GAAYu2B,EAAoBv2B,KACvCgb,MAAK,CAAC0b,EAAOC,IAAUx6C,GAAO1O,KAAK4X,kBAAkBqxC,GAASv6C,GAAO1O,KAAK4X,kBAAkBsxC,KACrD,GAE1C,OAAOx6C,GAAO1O,KAAK4X,kBAAkBoxC,IAAsBt6C,GAAO1O,KAAK4X,kBAAkB0wC,GAAeU,EAAoBV,CAAW,EAUzI,GAPiB,IAAItgD,IAAI,CACvBlL,EAAMsB,UAAUO,MAChB7B,EAAMsB,UAAUQ,YAChB9B,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUa,QAGL5I,IAAI6xD,EAAiBjgB,WAAY,CAS5C,MAAMkhB,EAAqBz6C,GAAO06C,0BAA0BlB,EAAiBjgB,UAAWigB,EAAiBvgB,aAAa/J,KAEhHyrB,EAAiCP,EAAoBP,GACrDe,EAA2C56C,GAAO1O,KAAK4X,kBAAkB2wC,IAAwB75C,GAAO1O,KAAK4X,kBAAkBuxC,GAErI,GAAIE,GAAkCC,EACpC,OAAOf,EACF,CACL,MAAMgB,EAAyBR,IAC/B,OAAOr6C,GAAO1O,KAAK4X,kBAAkB2xC,IAA2B76C,GAAO1O,KAAK4X,kBAAkBuxC,GAC5FI,EACAJ,CACR,CACA,CAIE,OAAOL,EAAoBP,GAAuBA,EAAsBQ,GAC1E,CA2FwCjpB,CAAqBmoB,EAAeC,EAAkB9S,EAAM+S,EAAkB5hD,GACpHi0C,EAAgB7C,aAAe,IAAIC,SAC7B4C,EAAgB/nB,KAAKy1B,EAAkBJ,EAAY1S,EAAMjY,EAAU52B,GAClEi0C,CACT,CAUO7lD,eAAe60D,GAAgBC,EAAQC,EAAM5F,EAAM1O,EAAO,IAAI9qC,KAAQq/C,IAC3EF,EAASA,EAAO3F,MAET4F,EAAK5F,GAAM7vD,aAGR1B,QAAQ4E,IAAIsyD,EAAOzyD,KAAIrC,eAAei1D,GACrCA,EAAUvP,UAAUjF,IAAWuU,UAAiBA,EAAQC,IACxDF,EAAK5F,GAAM/sD,MAAK,SAAS8yD,GACxB,OAAO1gD,EAAKqE,iBAAiBq8C,EAAQpR,cAAemR,EAAUnR,cAC5E,KACUiR,EAAK5F,GAAM3uD,KAAKy0D,EAE1B,KATMF,EAAK5F,GAAQ2F,EAYnB,CAkBO90D,eAAem1D,GAAcjC,EAAYlR,EAAewQ,EAAc4C,EAAa7oD,EAAW8B,EAAKoyC,EAAO,IAAI9qC,KAAQ/D,GAC3HvD,EAAMA,GAAO6kD,EACb,MAAMmC,EAAmB,GA8BzB,aA7BMz3D,QAAQ4E,IAAI4yD,EAAY/yD,KAAIrC,eAAes1D,GAC/C,IACE,IASG/oD,GAAa+oD,EAAoBjmD,YAAYgyC,OAAO90C,EAAU8C,aAC/D,CACA,MAAMkmD,GAAoB,CACxBptD,EAAM4H,oBAAoBuB,WAC1BnJ,EAAM4H,oBAAoBqB,cAC1BjJ,EAAM4H,oBAAoBwB,eAC1BuL,SAASw4C,EAAoBnS,+BAEzBmS,EAAoBj3B,OACxBhwB,EAAK2zC,EAAewQ,EAAc+C,EAAmB,KAAO9U,GAAM,EAAO7uC,GAI3EyjD,EAAiB70D,KAAK80D,EAAoBjmD,YAClD,CACK,CAAC,MAAOzN,GAAG,CAChB,KAEM2K,GACFA,EAAUk3C,UAAU4R,EAAiBjzD,MAAKk/C,GAASA,EAAMD,OAAO90C,EAAU8C,iBACxE9C,EAAUk3C,UAAW,GAChBl3C,EAAUk3C,SAEZ4R,EAAiB/1D,OAAS,CACnC,CASO,SAASyzD,GAAqBpF,EAAWphD,GAC9C,IAAIumD,EAKJ,OAHkC,IAA9BvmD,EAAUq2C,kBACZkQ,EAAiBnF,EAAUpL,QAAQvsC,UAA0C,IAA9BzJ,EAAU0C,mBAEpD6jD,EAAiB,IAAIn9C,KAAKm9C,GAAkB7sD,GACrD,CAEO,SAASuvD,GAAmBhyD,EAASiyD,EAAiB,IAU3D,OATAjyD,EAAQmO,KAAOnO,EAAQmO,MAAQ8jD,EAAe9jD,KAC9CnO,EAAQ4E,MAAQ5E,EAAQ4E,OAASqtD,EAAertD,MAChD5E,EAAQ4uD,QAAU5uD,EAAQ4uD,SAAWqD,EAAerD,QACpD5uD,EAAQyL,uBAAkDnP,IAA9B0D,EAAQyL,kBAAkCzL,EAAQyL,kBAAoBwmD,EAAexmD,kBACjHzL,EAAQ0xC,WAAa1gC,EAAKC,SAASjR,EAAQ0xC,YAAc1xC,EAAQ0xC,WAAaugB,EAAevgB,WAC7F1xC,EAAQi9C,KAAOj9C,EAAQi9C,MAAQgV,EAAehV,KAE9Cj9C,EAAQs6B,KAAOt6B,EAAQs6B,OAAQ,EAEvBt6B,EAAQmO,MACd,IAAK,MACH,IACEnO,EAAQ4E,MAAQD,EAAM1H,MAAM0H,EAAMC,MAAO5E,EAAQ4E,MAClD,CAAC,MAAOxG,GACP,MAAU3C,MAAM,gBACxB,CACUuE,EAAQ4E,QAAUD,EAAMC,MAAMQ,eAAiBpF,EAAQ4E,QAAUD,EAAMC,MAAMU,kBAC7D,YAAlBtF,EAAQ4E,OAAyC,eAAlB5E,EAAQ4E,QACvC5E,EAAQ4E,MAAQ5E,EAAQs6B,KAAO31B,EAAMC,MAAMQ,cAAgBT,EAAMC,MAAMU,kBAErEtF,EAAQs6B,KACVt6B,EAAQ8vC,UAAY9vC,EAAQ4E,QAAUD,EAAMC,MAAMQ,cAAgBT,EAAMsB,UAAUQ,YAAc9B,EAAMsB,UAAUO,MAEhHxG,EAAQ8vC,UAAYnrC,EAAMsB,UAAUM,KAEtC,MACF,IAAK,aACHvG,EAAQ8vC,UAAY9vC,EAAQs6B,KAAO31B,EAAMsB,UAAUZ,QAAUV,EAAMsB,UAAUW,OAC7E,MACF,IAAK,WACH5G,EAAQ8vC,UAAY9vC,EAAQs6B,KAAO31B,EAAMsB,UAAUa,MAAQnC,EAAMsB,UAAUY,KAC3E,MACF,IAAK,MACH7G,EAAQ8vC,UAAYnrC,EAAMsB,UAAUC,eACpC,MACF,QACE,MAAUzK,MAAM,wBAAwBuE,EAAQmO,MAEpD,OAAOnO,CACT,CAEO,SAASkyD,GAAyB/H,EAAWphD,EAAWqF,GAC7D,OAAQ+7C,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,IAAKiC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,UAC5C,QACE,OAAO,EAEb,CAEO,SAASolD,GAA4BhI,EAAWphD,EAAWqF,GAChE,OAAQ+7C,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,IAAKkC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,gBAC5C,QACE,OAAO,EAEb,CAEO,SAASmlD,GAA4BjI,EAAWphD,EAAWqF,GAChE,IAAKrF,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAGlB,OAAQ0uD,EAAUra,WAChB,KAAKnrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAEnB,WADiCkC,EAAUsD,aAAatD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,aAChEqB,EAAOoB,2CAK9BzG,EAAUsD,aACjBtD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,iBAE1C,QACE,OAAO,EAEb,CASO,SAASolD,GAAqBlI,EAAW/7C,GAC9C,MAAMoiC,EAAU7rC,EAAM1H,MAAM0H,EAAMsB,UAAWkkD,EAAUra,WACjDwiB,EAAWnI,EAAUY,mBAC3B,GAAI38C,EAAOuC,0BAA0BzS,IAAIsyC,GACvC,MAAU/0C,MAAS62D,EAASxiB,UAAZ,kCAElB,OAAQU,GACN,KAAK7rC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUE,WACnB,GAAImsD,EAASl8C,KAAOhI,EAAOkB,WACzB,MAAU7T,MAAM,yBAAyB2S,EAAOkB,4CAElD,MACF,KAAK3K,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUM,KACnB,GAAI6H,EAAOwC,aAAa1S,IAAIo0D,EAAS1tD,OACnC,MAAUnJ,MAAM,eAAe62D,EAASxiB,8BAA8BwiB,EAAS1tD,sBAMvF,CC7fA,MAAM2tD,GACJ,WAAAz4D,CAAY04D,EAAYC,GACtBv4D,KAAKuP,OAAS+oD,EAAW14D,YAAYqe,MAAQxT,EAAMkE,OAAOY,OAAS+oD,EAAa,KAChFt4D,KAAKyP,cAAgB6oD,EAAW14D,YAAYqe,MAAQxT,EAAMkE,OAAOc,cAAgB6oD,EAAa,KAC9Ft4D,KAAKw4D,mBAAqB,GAC1Bx4D,KAAKy4D,oBAAsB,GAC3Bz4D,KAAK04D,qBAAuB,GAC5B14D,KAAKu4D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAKvB,OAJAsL,EAAWpxD,KAAK9C,KAAKuP,QAAUvP,KAAKyP,eACpCykD,EAAWpxD,QAAQ9C,KAAK04D,sBACxBxE,EAAWpxD,QAAQ9C,KAAKw4D,oBACxBtE,EAAWpxD,QAAQ9C,KAAKy4D,qBACjBvE,CACX,CAME,KAAAtxD,GACE,MAAMg2D,EAAO,IAAIP,GAAKr4D,KAAKuP,QAAUvP,KAAKyP,cAAezP,KAAKu4D,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAIx4D,KAAKw4D,oBACnCI,EAAKH,oBAAsB,IAAIz4D,KAAKy4D,qBACpCG,EAAKF,qBAAuB,IAAI14D,KAAK04D,sBAC9BE,CACX,CAUE,aAAMC,CAAQC,EAAa/V,EAAM7uC,GAC/B,MAAMshD,EAAax1D,KAAKu4D,QAAQtI,UAC1BwF,EAAa,CACjBlmD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAK6kD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWlmD,QAAUkmD,EAAWhmD,cAAezP,KAAKu4D,SAgB1E,OAfAK,EAAKH,0BAA4Bv4D,QAAQ4E,IAAIg0D,EAAYn0D,KAAIrC,eAAekR,GAC1E,IAAKA,EAAWulD,YACd,MAAUx3D,MAAM,gCAElB,GAAIiS,EAAWm9C,qBAAqB6E,GAClC,MAAUj0D,MAAM,+DAElB,MAAMy3D,QAAmBxlD,EAAWylD,mBAAc72D,EAAW2gD,OAAM3gD,EAAW8R,GAC9E,OAAOyhD,GAAsBF,EAAY,CAACjiD,GAAawlD,EAAW/I,UAAW,CAE3E3L,cAAe75C,EAAMoE,UAAUuB,YAC/B+B,SAAU,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,WACtDkwC,OAAM3gD,OAAWA,OAAWA,EAAW8R,EAChD,WACU0kD,EAAKr0C,OAAOvkB,KAAM+iD,EAAM7uC,GACvB0kD,CACX,CAcE,eAAMM,CAAUC,EAAalJ,EAAWlN,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAClE,MAAM+9C,EAAax1D,KAAKu4D,QAAQtI,UAChC,OAAOwH,GAAcjC,EAAY/qD,EAAMoE,UAAU2B,eAAgB,CAC/DG,IAAK6kD,EACLjmD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,eACnBzP,KAAK04D,qBAAsBS,EAAalJ,EAAWlN,EAAM7uC,EAChE,CAYE,uBAAMklD,CAAkBD,EAAaE,EAAkBtW,EAAO,IAAI9qC,KAAQ/D,GACxE,MAAM+1C,EAAOjqD,KACPw1D,EAAax1D,KAAKu4D,QAAQtI,UAC1B6E,EAAe,CACnBvlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAK6kD,IAED7jD,YAAEA,GAAgBwnD,EAClBG,EAAaD,EAAiB9uD,QAAOoG,GAAOA,EAAI4oD,QAAQ5nD,GAAa/P,OAAS,IACpF,OAA0B,IAAtB03D,EAAW13D,OACN,YAEH1B,QAAQ4E,IAAIw0D,EAAW30D,KAAIrC,UAC/B,MAAM02D,QAAmBroD,EAAIsoD,cAActnD,EAAawnD,EAAYtU,aAASziD,EAAW8R,GACxF,GAAIilD,EAAYpT,eAAiBkE,EAAKiP,UAAUC,EAAaH,EAAW/I,UAAWlN,EAAM7uC,GACvF,MAAU3S,MAAM,+BAElB,UACQ43D,EAAYx4B,OAAOq4B,EAAW/I,UAAWxlD,EAAMoE,UAAUuB,YAAa0kD,EAAc/R,OAAM3gD,EAAW8R,EAC5G,CAAC,MAAOhQ,GACP,MAAM4S,EAAK+G,UAAU,8BAA+B3Z,EAC5D,OAEW,EACX,CAcE,6BAAMs1D,CAAwBH,EAAkBtW,EAAO,IAAI9qC,KAAQ/D,GACjE,MAAM+1C,EAAOjqD,KACPy5D,EAAiBz5D,KAAKw4D,mBAAmBh0D,OAAOxE,KAAKy4D,qBAC3D,OAAOv4D,QAAQ4E,IAAI20D,EAAe90D,KAAIrC,UAAwB,CAC5DshD,MAAO8V,EAAc/nD,YACrBgoD,YAAa1P,EAAKmP,kBAAkBM,EAAeL,EAAkBtW,EAAM7uC,GAAQ7T,OAAM,KAAM,QAErG,CAWE,YAAMsgC,CAAOoiB,EAAO,IAAI9qC,KAAQ/D,GAC9B,IAAKlU,KAAKw4D,mBAAmB52D,OAC3B,MAAUL,MAAM,gCAElB,MAAM0oD,EAAOjqD,KACPw1D,EAAax1D,KAAKu4D,QAAQtI,UAC1B6E,EAAe,CACnBvlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAK6kD,GAGP,IAAIp3C,EACJ,IAAK,IAAItc,EAAI9B,KAAKw4D,mBAAmB52D,OAAS,EAAGE,GAAK,EAAGA,IACvD,IACE,MAAM83D,EAAoB55D,KAAKw4D,mBAAmB12D,GAClD,GAAI83D,EAAkB7T,eAAiBkE,EAAKiP,UAAUU,OAAmBx3D,EAAW2gD,EAAM7uC,GACxF,MAAU3S,MAAM,iCAElB,UACQq4D,EAAkBj5B,OAAO60B,EAAY/qD,EAAMoE,UAAUuB,YAAa0kD,EAAc/R,OAAM3gD,EAAW8R,EACxG,CAAC,MAAOhQ,GACP,MAAM4S,EAAK+G,UAAU,gCAAiC3Z,EAChE,CACQ,OAAO,CACR,CAAC,MAAOA,GACPka,EAAYla,CACpB,CAEI,MAAMka,CACV,CAUE,YAAMmG,CAAOs1C,EAAY9W,EAAM7uC,GAC7B,MAAMshD,EAAax1D,KAAKu4D,QAAQtI,UAC1B6E,EAAe,CACnBvlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAK6kD,SAGD2B,GAAgB0C,EAAY75D,KAAM,qBAAsB+iD,GAAMzgD,eAAew3D,GACjF,IAEE,aADMA,EAAWn5B,OAAO60B,EAAY/qD,EAAMoE,UAAUuB,YAAa0kD,EAAc/R,GAAM,EAAO7uC,IACrF,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUizD,GAAgB0C,EAAY75D,KAAM,sBAAuB+iD,SAEzDoU,GAAgB0C,EAAY75D,KAAM,uBAAwB+iD,GAAM,SAASgX,GAC7E,OAAOtC,GAAcjC,EAAY/qD,EAAMoE,UAAU2B,eAAgBskD,EAAc,CAACiF,QAAY33D,OAAWA,EAAW2gD,EAAM7uC,EAC9H,GACA,CAaE,YAAM8lD,CACJxE,GAEEyE,KAAMxU,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DymD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI9qC,KACX/D,EAASuD,GAET,MAAMg+C,EAAa,CACjBlmD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAK6kD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWlmD,QAAUkmD,EAAWhmD,cAAezP,KAAKu4D,SAO1E,OANAK,EAAKF,qBAAqB51D,WAAW6yD,GAAsBF,EAAY,GAAID,EAAY,CACrFlR,cAAe75C,EAAMoE,UAAU2B,eAC/Bi1C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,GAAW,EAAO8R,UAChC0kD,EAAKr0C,OAAOvkB,MACX44D,CACX,EC3PA,MAAMuB,GAKJ,WAAAv6D,CAAYw6D,EAAc7B,GACxBv4D,KAAKiwD,UAAYmK,EACjBp6D,KAAKq6D,kBAAoB,GACzBr6D,KAAK04D,qBAAuB,GAC5B14D,KAAKu4D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAIvB,OAHAsL,EAAWpxD,KAAK9C,KAAKiwD,WACrBiE,EAAWpxD,QAAQ9C,KAAK04D,sBACxBxE,EAAWpxD,QAAQ9C,KAAKq6D,mBACjBnG,CACX,CAME,KAAAtxD,GACE,MAAM2yD,EAAS,IAAI4E,GAAOn6D,KAAKiwD,UAAWjwD,KAAKu4D,SAG/C,OAFAhD,EAAO8E,kBAAoB,IAAIr6D,KAAKq6D,mBACpC9E,EAAOmD,qBAAuB,IAAI14D,KAAK04D,sBAChCnD,CACX,CAcE,eAAM2D,CAAUrqD,EAAW8B,EAAKoyC,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAC1D,MAAM+9C,EAAax1D,KAAKu4D,QAAQtI,UAChC,OAAOqK,GACL9E,EAAY/qD,EAAMoE,UAAUgC,iBAAkB,CAC5CF,IAAK6kD,EACL7xD,KAAM3D,KAAKiwD,WACVjwD,KAAK04D,qBAAsB7pD,EAAW8B,EAAKoyC,EAAM7uC,EAE1D,CAWE,YAAMysB,CAAOoiB,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACvC,MAAM+9C,EAAax1D,KAAKu4D,QAAQtI,UAC1B6E,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAM3D,KAAKiwD,WAE7CsK,QAAyBC,GAA+Bx6D,KAAKq6D,kBAAmB7E,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,EAAM7uC,GAErJ,GAAIqmD,EAAiBxU,eAAiB/lD,KAAKk5D,UAAUqB,EAAkB,KAAMxX,EAAM7uC,GACjF,MAAU3S,MAAM,qBAGlB,GAAIk5D,GAAqBz6D,KAAKiwD,UAAWsK,EAAkBxX,GACzD,MAAUxhD,MAAM,qBAElB,OAAOg5D,CACX,CAUE,uBAAMzS,CAAkB/E,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAClD,MAAM+9C,EAAax1D,KAAKu4D,QAAQtI,UAC1B6E,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAM3D,KAAKiwD,WACnD,IAAIsK,EACJ,IACEA,QAAyBC,GAA+Bx6D,KAAKq6D,kBAAmB7E,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,EAAM7uC,EAChJ,CAAC,MAAOhQ,GACP,OAAO,IACb,CACI,MAAMw2D,EAAYC,GAA4B36D,KAAKiwD,UAAWsK,GACxDK,EAAYL,EAAiBzS,oBACnC,OAAO4S,EAAYE,EAAYF,EAAYE,CAC/C,CAUE,YAAMr2C,CAAOgxC,EAAQxS,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAC/C,MAAM+9C,EAAax1D,KAAKu4D,QAAQtI,UAChC,IAAKjwD,KAAK2wD,qBAAqB4E,GAC7B,MAAUh0D,MAAM,2DAGdvB,KAAKiwD,UAAUrwD,YAAYqe,MAAQxT,EAAMkE,OAAOa,cAChD+lD,EAAOtF,UAAUrwD,YAAYqe,MAAQxT,EAAMkE,OAAOM,eACpDjP,KAAKiwD,UAAYsF,EAAOtF,WAG1B,MAAMhG,EAAOjqD,KACP80D,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAMsmD,EAAKgG,iBAC7C4K,GAAuBtF,EAAQv1D,KAAM,oBAAqB+iD,GAAMzgD,eAAew4D,GACnF,IAAK,IAAIh5D,EAAI,EAAGA,EAAImoD,EAAKoQ,kBAAkBz4D,OAAQE,IACjD,GAAImoD,EAAKoQ,kBAAkBv4D,GAAG6P,YAAYgyC,OAAOmX,EAAWnpD,aAI1D,OAHImpD,EAAWjW,QAAUoF,EAAKoQ,kBAAkBv4D,GAAG+iD,UACjDoF,EAAKoQ,kBAAkBv4D,GAAKg5D,IAEvB,EAGX,IAEE,aADMA,EAAWn6B,OAAO60B,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,OAAM3gD,EAAW8R,IAC3F,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEU22D,GAAuBtF,EAAQv1D,KAAM,uBAAwB+iD,GAAM,SAASgX,GAChF,OAAOO,GAAqB9E,EAAY/qD,EAAMoE,UAAUgC,iBAAkBikD,EAAc,CAACiF,QAAY33D,OAAWA,EAAW2gD,EAAM7uC,EACvI,GACA,CAaE,YAAM8lD,CACJxE,GAEEyE,KAAMxU,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DymD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI9qC,KACX/D,EAASuD,GAET,MAAMg+C,EAAa,CAAE9kD,IAAK6kD,EAAY7xD,KAAM3D,KAAKiwD,WAC3CsF,EAAS,IAAI4E,GAAOn6D,KAAKiwD,UAAWjwD,KAAKu4D,SAO/C,OANAhD,EAAOmD,qBAAqB51D,WAAWi4D,GAA6BtF,EAAY,GAAID,EAAY,CAC9FlR,cAAe75C,EAAMoE,UAAUgC,iBAC/B40C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,GAAW,EAAO8R,UAChCqhD,EAAOhxC,OAAOvkB,MACbu1D,CACX,CAEE,oBAAA5E,CAAqBC,GACnB,OAAO5wD,KAAKiwD,UAAUU,qBAAqBC,EAAMX,WAAaW,EAClE,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe3uD,SAAQgG,IAC3FkyD,GAAOl6D,UAAUgI,GACf,WACE,OAAOjI,KAAKiwD,UAAUhoD,IACvB,CAAA,IC9KL,MAAM+yD,gBAAyClkD,EAAKgH,wBAAwB,CAACumC,KACvE4W,GAAoB,IAAItlD,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,aAClE0nD,GAAgB,IAAIvlD,IAAI,CAC5BlL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,WACrC/I,EAAMkE,OAAOa,aAAc/E,EAAMkE,OAAOwsD,gBAY1C,MAAMC,GAMJ,qBAAAC,CAAsBnH,EAAYoH,EAAoB,IAAI3lD,KACxD,IAAIijD,EACA2C,EACAhG,EACAiG,EAEJ,IAAK,MAAM7sD,KAAUulD,EAAY,CAE/B,GAAIvlD,aAAkBs+B,GAAmB,CACRiuB,GAAcl3D,IAAI2K,EAAOsP,OACzBu9C,IAI3BA,EADEP,GAAkBj3D,IAAI2K,EAAOsP,KACjBg9C,GAEAC,IAGlB,QACR,CAEM,MAAMj9C,EAAMtP,EAAO/O,YAAYqe,IAC/B,GAAIu9C,EAAa,CACf,IAAKA,EAAYx3D,IAAIia,GAAM,SAC3Bu9C,EAAc,IACtB,CACM,GAAIF,EAAkBt3D,IAAIia,GACxB,MAAU1c,MAAM,2BAA2B0c,GAE7C,OAAQA,GACN,KAAKxT,EAAMkE,OAAO5C,UAClB,KAAKtB,EAAMkE,OAAOK,UAChB,GAAIhP,KAAKiwD,UACP,MAAU1uD,MAAM,oCAIlB,GAFAvB,KAAKiwD,UAAYthD,EACjB4sD,EAAev7D,KAAKymD,YACf8U,EACH,MAAUh6D,MAAM,kBAElB,MACF,KAAKkJ,EAAMkE,OAAOY,OAClB,KAAK9E,EAAMkE,OAAOc,cAChBmpD,EAAO,IAAIP,GAAK1pD,EAAQ3O,MACxBA,KAAKy7D,MAAM34D,KAAK81D,GAChB,MACF,KAAKnuD,EAAMkE,OAAOa,aAClB,KAAK/E,EAAMkE,OAAOM,aAChB2pD,EAAO,KACPrD,EAAS,IAAI4E,GAAOxrD,EAAQ3O,MAC5BA,KAAK07D,QAAQ54D,KAAKyyD,GAClB,MACF,KAAK9qD,EAAMkE,OAAOE,UAChB,OAAQF,EAAO21C,eACb,KAAK75C,EAAMoE,UAAUuB,YACrB,KAAK3F,EAAMoE,UAAUwB,YACrB,KAAK5F,EAAMoE,UAAUyB,WACrB,KAAK7F,EAAMoE,UAAU0B,aACnB,IAAKqoD,EAAM,CACT9hD,EAAKyE,WAAW,mEAChB,QAChB,CACkB5M,EAAOgD,YAAYgyC,OAAO4X,GAC5B3C,EAAKJ,mBAAmB11D,KAAK6L,GAE7BiqD,EAAKH,oBAAoB31D,KAAK6L,GAEhC,MACF,KAAKlE,EAAMoE,UAAU2B,eACfooD,EACFA,EAAKF,qBAAqB51D,KAAK6L,GAE/B3O,KAAK27D,iBAAiB74D,KAAK6L,GAE7B,MACF,KAAKlE,EAAMoE,UAAU8B,IACnB3Q,KAAK27D,iBAAiB74D,KAAK6L,GAC3B,MACF,KAAKlE,EAAMoE,UAAU4B,cACnB,IAAK8kD,EAAQ,CACXz+C,EAAKyE,WAAW,qEAChB,QAChB,CACcg6C,EAAO8E,kBAAkBv3D,KAAK6L,GAC9B,MACF,KAAKlE,EAAMoE,UAAU+B,cACnB5Q,KAAK04D,qBAAqB51D,KAAK6L,GAC/B,MACF,KAAKlE,EAAMoE,UAAUgC,iBACnB,IAAK0kD,EAAQ,CACXz+C,EAAKyE,WAAW,wEAChB,QAChB,CACcg6C,EAAOmD,qBAAqB51D,KAAK6L,IAK/C,CACA,CAME,YAAAgqD,GACE,MAAMzE,EAAa,IAAItL,GAMvB,OALAsL,EAAWpxD,KAAK9C,KAAKiwD,WACrBiE,EAAWpxD,QAAQ9C,KAAK04D,sBACxBxE,EAAWpxD,QAAQ9C,KAAK27D,kBACxB37D,KAAKy7D,MAAM92D,KAAIi0D,GAAQ1E,EAAWpxD,QAAQ81D,EAAKD,kBAC/C34D,KAAK07D,QAAQ/2D,KAAI4wD,GAAUrB,EAAWpxD,QAAQyyD,EAAOoD,kBAC9CzE,CACX,CAOE,KAAAtxD,CAAMg5D,GAAqB,GACzB,MAAMjrD,EAAM,IAAI3Q,KAAKJ,YAAYI,KAAK24D,gBAiBtC,OAhBIiD,GACFjrD,EAAI4oD,UAAUt3D,SAAQwX,IAMpB,GAJAA,EAAEw2C,UAAYnwD,OAAOklB,OACnBllB,OAAO+7D,eAAepiD,EAAEw2C,WACxBnwD,OAAOkI,0BAA0ByR,EAAEw2C,aAEhCx2C,EAAEw2C,UAAUM,cAAe,OAEhC,MAAMta,EAAgB,CAAE,EACxBn2C,OAAO42C,KAAKj9B,EAAEw2C,UAAUha,eAAeh0C,SAAQgG,IAC7CguC,EAAchuC,GAAQ,IAAIxG,WAAWgY,EAAEw2C,UAAUha,cAAchuC,GAAM,IAEvEwR,EAAEw2C,UAAUha,cAAgBA,CAAa,IAGtCtlC,CACX,CAQE,UAAAmrD,CAAWlY,EAAQ,MAIjB,OAHgB5jD,KAAK07D,QAAQnxD,QAAOgrD,IACjC3R,GAAS2R,EAAO9O,WAAW9C,OAAOC,GAAO,IAGhD,CAQE,OAAA2V,CAAQ3V,EAAQ,MACd,MAAMlN,EAAO,GAIb,OAHKkN,IAAS5jD,KAAKymD,WAAW9C,OAAOC,GAAO,IAC1ClN,EAAK5zC,KAAK9C,MAEL02C,EAAKlyC,OAAOxE,KAAK87D,WAAWlY,GACvC,CAME,SAAAmY,GACE,OAAO/7D,KAAKu5D,UAAU50D,KAAIgM,GAAOA,EAAI81C,YACzC,CAME,UAAAuV,GACE,OAAOh8D,KAAKy7D,MAAM92D,KAAIi0D,GACbA,EAAKrpD,OAASqpD,EAAKrpD,OAAOA,OAAS,OACzChF,QAAOgF,GAAqB,OAAXA,GACxB,CAME,KAAAxM,GACE,OAAO/C,KAAK24D,eAAe51D,OAC/B,CAYE,mBAAMk2D,CAAcrV,EAAQ,KAAMb,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAA,EAAI2E,EAASuD,SACnEzX,KAAKi8D,iBAAiBlZ,EAAMxzC,EAAQ2E,GAC1C,MAAMshD,EAAax1D,KAAKiwD,UACxB,IACEiM,GAA4B1G,EAAYthD,EACzC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,+BAAgCyY,EAC3D,CACI,MAAMolC,EAAU17D,KAAK07D,QAAQ/4D,QAAQu4C,MAAK,CAAC18B,EAAGzG,IAAMA,EAAEk4C,UAAUpL,QAAUrmC,EAAEyxC,UAAUpL,UACtF,IAAIzmC,EACJ,IAAK,MAAMm3C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAO50B,OAAOoiB,EAAM7uC,GAC1B,MAAM4gD,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAM4xD,EAAOtF,WAC/CsK,QAAyBC,GAC7BjF,EAAO8E,kBAAmB7E,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,EAAM7uC,GAE3F,IAAKioD,GAAgC5G,EAAOtF,UAAWsK,EAAkBrmD,GACvE,SAEF,IAAKqmD,EAAiB/nD,kBACpB,MAAUjR,MAAM,8BAOlB,aAJMi5D,GACJ,CAACD,EAAiB/nD,mBAAoB+iD,EAAOtF,UAAWxlD,EAAMoE,UAAU6B,WAAYokD,EAAc/R,EAAM7uC,GAE1GgoD,GAA4B3G,EAAOtF,UAAW/7C,GACvCqhD,CACR,CAAC,MAAOrxD,GACPka,EAAYla,CACtB,CAII,IACE,MAAM01D,QAA0B55D,KAAKo2D,wBAAwBrT,EAAMxzC,EAAQ2E,GAC3E,KAAM0vC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCuY,GAAgC3G,EAAYoE,EAAmB1lD,GAEjE,OADAgoD,GAA4B1G,EAAYthD,GACjClU,IAEV,CAAC,MAAOkE,GACPka,EAAYla,CAClB,CACI,MAAM4S,EAAK+G,UAAU,kDAAoD7d,KAAKymD,WAAWjb,QAASptB,EACtG,CAYE,sBAAMg+C,CAAiBxY,EAAOb,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAA,EAAI2E,EAASuD,SAC/DzX,KAAKi8D,iBAAiBlZ,EAAMxzC,EAAQ2E,GAC1C,MAAMshD,EAAax1D,KAAKiwD,UACxB,IACEiM,GAA4B1G,EAAYthD,EACzC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,+BAAgCyY,EAC3D,CAEI,MAAMolC,EAAU17D,KAAK07D,QAAQ/4D,QAAQu4C,MAAK,CAAC18B,EAAGzG,IAAMA,EAAEk4C,UAAUpL,QAAUrmC,EAAEyxC,UAAUpL,UACtF,IAAIzmC,EACJ,IAAK,MAAMm3C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAO50B,OAAOoiB,EAAM7uC,GAC1B,MAAM4gD,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAM4xD,EAAOtF,WAC/CsK,QAAyBC,GAA+BjF,EAAO8E,kBAAmB7E,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,EAAM7uC,GACvJ,GAAImoD,GAAmC9G,EAAOtF,UAAWsK,EAAkBrmD,GAEzE,OADAgoD,GAA4B3G,EAAOtF,UAAW/7C,GACvCqhD,CAEV,CAAC,MAAOrxD,GACPka,EAAYla,CACtB,CAII,IAEE,MAAM01D,QAA0B55D,KAAKo2D,wBAAwBrT,EAAMxzC,EAAQ2E,GAC3E,KAAM0vC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCyY,GAAmC7G,EAAYoE,EAAmB1lD,GAEpE,OADAgoD,GAA4B1G,EAAYthD,GACjClU,IAEV,CAAC,MAAOkE,GACPka,EAAYla,CAClB,CACI,MAAM4S,EAAK+G,UAAU,qDAAuD7d,KAAKymD,WAAWjb,QAASptB,EACzG,CAcE,eAAM86C,CAAUrqD,EAAW8B,EAAKoyC,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAC1D,OAAO6iD,GACLt6D,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKiwD,WAAajwD,KAAK04D,qBAAsB7pD,EAAW8B,EAAKoyC,EAAM7uC,EAE/H,CAWE,sBAAM+nD,CAAiBlZ,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAE,EAAE2E,EAASuD,GAC9D,MAAM+9C,EAAax1D,KAAKiwD,UAExB,SAAUjwD,KAAKk5D,UAAU,KAAM,KAAMnW,EAAM7uC,GACzC,MAAU3S,MAAM,0BAKlB,GAAIk5D,GAAqBjF,QAFOx1D,KAAKo2D,wBAAwBrT,EAAMxzC,EAAQ2E,GAEnB6uC,GACtD,MAAUxhD,MAAM,0BAElB,GAA2B,IAAvBi0D,EAAW5d,QAAe,CAE5B,MAAM0kB,QAAwB9B,GAC5Bx6D,KAAK27D,iBAAkBnG,EAAY/qD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK6kD,GAAczS,EAAM7uC,GACnF7T,OAAM,SAER,GAAIi8D,GAAmB7B,GAAqBjF,EAAY8G,EAAiBvZ,GACvE,MAAUxhD,MAAM,yBAExB,CACA,CAUE,uBAAMumD,CAAkBv4C,EAAQ2E,EAASuD,GACvC,IAAI8kD,EACJ,IACE,MAAM3C,QAA0B55D,KAAKo2D,wBAAwB,KAAM7mD,EAAQ2E,GACrEsoD,EAAmB7B,GAA4B36D,KAAKiwD,UAAW2J,GAC/D6C,EAAgB7C,EAAkB9R,oBAClCwU,EAA6C,IAA3Bt8D,KAAKiwD,UAAUrY,eAC/B4iB,GACJx6D,KAAK27D,iBAAkB37D,KAAKiwD,UAAWxlD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK3Q,KAAKiwD,WAAa,KAAM/7C,GAC3F7T,OAAM,SACV,GAAIi8D,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4B36D,KAAKiwD,UAAWqM,GAGvEC,EAAmB9zD,KAAKud,IAAIw2C,EAAkBC,EAAeC,EACrE,MACQH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,CAE5E,CAAC,MAAOv4D,GACPq4D,EAAmB,IACzB,CAEI,OAAOzlD,EAAKyB,cAAcgkD,EAC9B,CAcE,6BAAMnG,CAAwBrT,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAE,EAAE2E,EAASuD,GACrE,MAAM+9C,EAAax1D,KAAKiwD,UACxB,GAA2B,IAAvBuF,EAAW5d,QACb,OAAO4iB,GACLx6D,KAAK27D,iBAAkBnG,EAAY/qD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK6kD,GAAczS,EAAM7uC,GAGvF,MAAM0lD,kBAAEA,SAA4B55D,KAAK28D,eAAe5Z,EAAMxzC,EAAQ2E,GACtE,OAAO0lD,CACX,CAeE,oBAAM+C,CAAe5Z,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAE,EAAE2E,EAASuD,GAC5D,MAAM+9C,EAAax1D,KAAKiwD,UAClBwL,EAAQ,GACd,IAAIr9C,EACJ,IAAK,IAAItc,EAAI,EAAGA,EAAI9B,KAAKy7D,MAAM75D,OAAQE,IACrC,IACE,MAAM82D,EAAO54D,KAAKy7D,MAAM35D,GACxB,IAAK82D,EAAKrpD,OACR,SAEF,QACmBnN,IAAhBmN,EAAOtH,MAAsB2wD,EAAKrpD,OAAOtH,OAASsH,EAAOtH,WACxC7F,IAAjBmN,EAAO8jD,OAAuBuF,EAAKrpD,OAAO8jD,QAAU9jD,EAAO8jD,YACxCjxD,IAAnBmN,EAAO+jD,SAAyBsF,EAAKrpD,OAAO+jD,UAAY/jD,EAAO+jD,QAEhE,MAAU/xD,MAAM,iDAElB,MAAMuzD,EAAe,CAAEvlD,OAAQqpD,EAAKrpD,OAAQoB,IAAK6kD,GAC3CoE,QAA0BY,GAA+B5B,EAAKJ,mBAAoBhD,EAAY/qD,EAAMoE,UAAUuB,YAAa0kD,EAAc/R,EAAM7uC,GACrJunD,EAAM34D,KAAK,CAAEsa,MAAOtb,EAAG82D,OAAMgB,qBAC9B,CAAC,MAAO11D,GACPka,EAAYla,CACpB,CAEI,IAAKu3D,EAAM75D,OAET,MAAMwc,GAAiB7c,MAAM,qCAEzBrB,QAAQ4E,IAAI22D,EAAM92D,KAAIrC,eAAgBkc,GAC1C,OAAOA,EAAEo7C,kBAAkB7T,SAAWvnC,EAAEo6C,KAAKM,UAAU16C,EAAEo7C,kBAAmB,KAAM7W,EAAM7uC,EAC9F,KAEI,MAAM0oD,EAAcnB,EAAMvgB,MAAK,SAAS18B,EAAGzG,GACzC,MAAMmrB,EAAI1kB,EAAEo7C,kBACNiD,EAAI9kD,EAAE6hD,kBACZ,OAAOiD,EAAE9W,QAAU7iB,EAAE6iB,SAAW7iB,EAAEsiB,gBAAkBqX,EAAErX,iBAAmBtiB,EAAE2hB,QAAUgY,EAAEhY,OACxF,IAAEiY,OACGlE,KAAEA,EAAMgB,kBAAmBmD,GAASH,EAC1C,GAAIG,EAAKhX,eAAiB6S,EAAKM,UAAU6D,EAAM,KAAMha,EAAM7uC,GACzD,MAAU3S,MAAM,2BAElB,OAAOq7D,CACX,CAeE,YAAMr4C,CAAOy4C,EAAWja,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAClD,IAAKzX,KAAK2wD,qBAAqBqM,GAC7B,MAAUz7D,MAAM,4DAElB,IAAKvB,KAAK+4D,aAAeiE,EAAUjE,YAAa,CAQ9C,KANe/4D,KAAK07D,QAAQ95D,SAAWo7D,EAAUtB,QAAQ95D,QAClD5B,KAAK07D,QAAQp/B,OAAM2gC,GACXD,EAAUtB,QAAQh3D,MAAKw4D,GACrBD,EAAWtM,qBAAqBuM,QAI/C,MAAU37D,MAAM,iEAGlB,OAAOy7D,EAAUz4C,OAAOvkB,KAAMkU,EACpC,CAKI,MAAMipD,EAAan9D,KAAK4C,QA0CxB,aAxCMi4D,GAAuBmC,EAAWG,EAAY,uBAAwBpa,GAAMgX,GACzEO,GAAqB6C,EAAWlN,UAAWxlD,EAAMoE,UAAU+B,cAAeusD,EAAY,CAACpD,GAAY,KAAMiD,EAAU/M,UAAWlN,EAAM7uC,WAGvI2mD,GAAuBmC,EAAWG,EAAY,mBAAoBpa,SAElE7iD,QAAQ4E,IAAIk4D,EAAUvB,MAAM92D,KAAIrC,UAGpC,MAAM86D,EAAgBD,EAAW1B,MAAMlxD,QAAO8yD,GAC3CC,EAAQ/tD,QAAU+tD,EAAQ/tD,OAAOo0C,OAAO0Z,EAAQ9tD,SAChD+tD,EAAQ7tD,eAAiB6tD,EAAQ7tD,cAAck0C,OAAO0Z,EAAQ5tD,iBAEjE,GAAI2tD,EAAcx7D,OAAS,QACnB1B,QAAQ4E,IACZs4D,EAAcz4D,KAAI44D,GAAgBA,EAAah5C,OAAO+4C,EAASva,EAAM7uC,UAElE,CACL,MAAMspD,EAAUF,EAAQ16D,QACxB46D,EAAQjF,QAAU4E,EAClBA,EAAW1B,MAAM34D,KAAK06D,EAC9B,YAGUt9D,QAAQ4E,IAAIk4D,EAAUtB,QAAQ/2D,KAAIrC,UAEtC,MAAMm7D,EAAkBN,EAAWzB,QAAQnxD,QAAOmzD,GAChDA,EAAU/M,qBAAqBuM,KAEjC,GAAIO,EAAgB77D,OAAS,QACrB1B,QAAQ4E,IACZ24D,EAAgB94D,KAAIg5D,GAAkBA,EAAep5C,OAAO24C,EAAWna,EAAM7uC,UAE1E,CACL,MAAM0pD,EAAYV,EAAUt6D,QAC5Bg7D,EAAUrF,QAAU4E,EACpBA,EAAWzB,QAAQ54D,KAAK86D,EAChC,MAGWT,CACX,CAUE,8BAAMU,CAAyB9a,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACzD,MAAMq9C,EAAe,CAAEnkD,IAAK3Q,KAAKiwD,WAC3B2H,QAA4B4C,GAA+Bx6D,KAAK04D,qBAAsB14D,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAekkD,EAAc/R,EAAM7uC,GACzJggD,EAAa,IAAItL,GACvBsL,EAAWpxD,KAAK80D,GAEhB,MAAMt1C,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMpH,UAAWmoD,EAAWnxD,QAAS,KAAM,KAAM,mCAAoCuf,EAAcpO,EAC1H,CAYE,gCAAM4pD,CAA2BC,EAAuBhb,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAClF,MAAMlX,QAAc+gB,GAAQy8C,GAEtBnG,SADmBhP,GAAWC,WAAWtoD,EAAMsG,KAAMm0D,GAA0B9mD,IAC9C21C,WAAWp/C,EAAMkE,OAAOE,WAC/D,IAAK+oD,GAAuBA,EAAoBtT,gBAAkB75C,EAAMoE,UAAU+B,cAChF,MAAUrP,MAAM,8CAElB,IAAKq2D,EAAoBjmD,YAAYgyC,OAAO3jD,KAAKymD,YAC/C,MAAUllD,MAAM,2CAElB,UACQq2D,EAAoBj3B,OAAO3gC,KAAKiwD,UAAWxlD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAKiwD,WAAalN,OAAM3gD,EAAW8R,EAC3H,CAAC,MAAOhQ,GACP,MAAM4S,EAAK+G,UAAU,wCAAyC3Z,EACpE,CACI,MAAMyM,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAI+nD,qBAAqB51D,KAAK80D,GACvBjnD,CACX,CAWE,qBAAMqtD,CAAgBC,EAAalb,EAAMxzC,EAAQ2E,EAASuD,GACxD,MAAM2F,MAAEA,EAAKw7C,KAAEA,SAAe54D,KAAK28D,eAAe5Z,EAAMxzC,EAAQ2E,GAC1DgqD,QAAiBtF,EAAKC,QAAQoF,EAAalb,EAAM7uC,GACjDvD,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAI8qD,MAAMr+C,GAAS8gD,EACZvtD,CACX,CAUE,kBAAMwtD,CAAaF,EAAalb,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAC1D,MAAM9G,EAAM3Q,KAAK4C,QAIjB,OAHA+N,EAAI8qD,YAAcv7D,QAAQ4E,IAAI9E,KAAKy7D,MAAM92D,KAAI,SAASi0D,GACpD,OAAOA,EAAKC,QAAQoF,EAAalb,EAAM7uC,EAC7C,KACWvD,CACX,CAiBE,uBAAMytD,CAAkB/E,EAAkBtW,EAAO,IAAI9qC,KAAQ1I,EAAQ2E,EAASuD,GAC5E,MAAM+9C,EAAax1D,KAAKiwD,WAClB2I,KAAEA,SAAe54D,KAAK28D,eAAe5Z,EAAMxzC,EAAQ2E,GAIzD,OAHgBmlD,QACRT,EAAKY,wBAAwBH,EAAkBtW,EAAM7uC,GAC3D,CAAC,CAAE0vC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAKj4B,OAAOoiB,EAAM7uC,GAAQ7T,OAAM,KAAM,KAE1F,CAiBE,oBAAMg+D,CAAehF,EAAkBtW,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACjE,MAAM+9C,EAAax1D,KAAKiwD,UAClBqO,EAAU,GAehB,aAdMp+D,QAAQ4E,IAAI9E,KAAKy7D,MAAM92D,KAAIrC,UAC/B,MAAMuyD,EAAawE,QACXT,EAAKY,wBAAwBH,EAAkBtW,EAAM7uC,GAC3D,CAAC,CAAE0vC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAKj4B,OAAOoiB,EAAM7uC,GAAQ7T,OAAM,KAAM,MAEtFi+D,EAAQx7D,QAAQ+xD,EAAWlwD,KACzBkK,IAAc,CACZU,OAAQqpD,EAAKrpD,OAASqpD,EAAKrpD,OAAOA,OAAS,KAC3CE,cAAempD,EAAKnpD,cACpBm0C,MAAO/0C,EAAU+0C,MACjB+V,MAAO9qD,EAAU8qD,UAEpB,KAEI2E,CACX,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBr8D,SAAQgG,IACpGmzD,GAAIn7D,UAAUgI,GACdkyD,GAAOl6D,UAAUgI,EAAK,ICntBxB,MAAMs2D,WAAkBnD,GAItB,WAAAx7D,CAAYs0D,GAOV,GANAr0D,QACAG,KAAKiwD,UAAY,KACjBjwD,KAAK04D,qBAAuB,GAC5B14D,KAAK27D,iBAAmB,GACxB37D,KAAKy7D,MAAQ,GACbz7D,KAAK07D,QAAU,GACXxH,IACFl0D,KAAKq7D,sBAAsBnH,EAAY,IAAIv+C,IAAI,CAAClL,EAAMkE,OAAOK,UAAWvE,EAAMkE,OAAOM,iBAChFjP,KAAKiwD,WACR,MAAU1uD,MAAM,yCAGxB,CAME,SAAAw3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,OAAOx+D,IACX,CAOE,KAAAmT,CAAMe,EAASuD,GAEb,MAAM6K,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMpH,UAAW/L,KAAK24D,eAAe51D,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACpH,ECpDA,MAAMuqD,WAAmBF,GAIvB,WAAA3+D,CAAYs0D,GAGV,GAFAr0D,QACAG,KAAKq7D,sBAAsBnH,EAAY,IAAIv+C,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOa,iBAChFxP,KAAKiwD,UACR,MAAU1uD,MAAM,0CAEtB,CAME,SAAAw3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,MAAMtK,EAAa,IAAItL,GACjB8V,EAAa1+D,KAAK24D,eACxB,IAAK,MAAM1I,KAAayO,EACtB,OAAQzO,EAAUrwD,YAAYqe,KAC5B,KAAKxT,EAAMkE,OAAOK,UAAW,CAC3B,MAAM2vD,EAAe9O,GAAgBE,oBAAoBE,GACzDiE,EAAWpxD,KAAK67D,GAChB,KACV,CACQ,KAAKl0D,EAAMkE,OAAOM,aAAc,CAC9B,MAAM2vD,EAAkBzN,GAAmBC,uBAAuBnB,GAClEiE,EAAWpxD,KAAK87D,GAChB,KACV,CACQ,QACE1K,EAAWpxD,KAAKmtD,GAGtB,OAAO,IAAIsO,GAAUrK,EACzB,CAOE,KAAA/gD,CAAMe,EAASuD,GAEb,MAAM6K,EAA0C,IAA3BtiB,KAAKiwD,UAAUrY,QACpC,OAAOzkC,GAAM1I,EAAM0I,MAAMK,WAAYxT,KAAK24D,eAAe51D,aAASX,OAAWA,OAAWA,EAAWkgB,EAAcpO,EACrH,CAaE,uBAAM2qD,CAAkBjb,EAAOb,EAAO,IAAI9qC,KAAQ1I,EAAS,CAAA,EAAI2E,EAASuD,GACtE,MAAM+9C,EAAax1D,KAAKiwD,UAClBvZ,EAAO,GACb,IAAIt4B,EAAY,KAChB,IAAK,IAAItc,EAAI,EAAGA,EAAI9B,KAAK07D,QAAQ95D,OAAQE,IACvC,IAAK8hD,GAAS5jD,KAAK07D,QAAQ55D,GAAG2kD,WAAW9C,OAAOC,GAAO,GAAO,CAC5D,GAAI5jD,KAAK07D,QAAQ55D,GAAGmuD,UAAUqC,UAAW,CACvCl0C,EAAYA,GAAiB7c,MAAM,uDACnC,QACV,CAEQ,IACE,MAAMuzD,EAAe,CAAEnkD,IAAK6kD,EAAY7xD,KAAM3D,KAAK07D,QAAQ55D,GAAGmuD,WACxDsK,QAAyBC,GAA+Bx6D,KAAK07D,QAAQ55D,GAAGu4D,kBAAmB7E,EAAY/qD,EAAMoE,UAAU4B,cAAeqkD,EAAc/R,EAAM7uC,GAC5J4qD,GAAmC9+D,KAAK07D,QAAQ55D,GAAGmuD,UAAWsK,EAAkBrmD,IAClFwiC,EAAK5zC,KAAK9C,KAAK07D,QAAQ55D,GAE1B,CAAC,MAAOoC,GACPka,EAAYla,CACtB,CACA,CAII,MAAM01D,QAA0B55D,KAAKo2D,wBAAwBrT,EAAMxzC,EAAQ2E,GAS3E,GARM0vC,IAAS4R,EAAW/O,WAAW9C,OAAOC,GAAO,KAAUkb,GAAmCtJ,EAAYoE,EAAmB1lD,KACzHshD,EAAWlD,UACbl0C,EAAYA,GAAiB7c,MAAM,uDAEnCm1C,EAAK5zC,KAAK9C,OAIM,IAAhB02C,EAAK90C,OAEP,MAAMwc,GAAiB7c,MAAM,mCAG/B,OAAOm1C,CACX,CAME,WAAA6Z,GACE,OAAOvwD,KAAKu5D,UAAU70D,MAAK,EAAGurD,eAAgBA,EAAUM,eAC5D,CAYE,cAAMuC,CAAS5+C,EAASuD,GACtB,IAAKzX,KAAK+4D,YACR,MAAUx3D,MAAM,gCAGlB,IAAIs0D,EACJ,GAAK71D,KAAKiwD,UAAUqC,UAEb,CAKL,MAAM0G,QAAmBh5D,KAAKi5D,cAAc,KAAM,UAAM72D,EAAW,IAAK8R,EAAQuC,0BAA2B,IAAId,IAAOP,WAAY,IAE9H4jD,IAAeA,EAAW/I,UAAUqC,YACtCuD,EAAmBmD,EAAW/I,UAEtC,MAXM4F,EAAmB71D,KAAKiwD,UAa1B,GAAI4F,EACF,OAAOA,EAAiB/C,WACnB,CACL,MAAMpc,EAAO12C,KAAKu5D,UAElB,GADmB7iB,EAAK/xC,KAAIgM,GAAOA,EAAIs/C,UAAUqC,YAAWh2B,MAAMyiC,SAEhE,MAAUx9D,MAAM,wCAGlB,OAAOrB,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,SAAaqO,EAAIs/C,UAAU6C,aAC7D,CACA,CAKE,kBAAAL,GACEzyD,KAAKu5D,UAAUt3D,SAAQ,EAAGguD,gBACpBA,EAAUM,eACZN,EAAUwC,oBAClB,GAEA,CAYE,YAAMuH,EAEFC,KAAMxU,EAA0Bh7C,EAAM4H,oBAAoBoB,SAC1DymD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI9qC,KACX/D,EAASuD,GAET,IAAKzX,KAAK+4D,YACR,MAAUx3D,MAAM,iCAElB,MAAMk0D,EAAa,CAAE9kD,IAAK3Q,KAAKiwD,WACzBt/C,EAAM3Q,KAAK4C,QAMjB,OALA+N,EAAI+nD,qBAAqB51D,WAAWi4D,GAA6BtF,EAAY,GAAIz1D,KAAKiwD,UAAW,CAC/F3L,cAAe75C,EAAMoE,UAAU+B,cAC/B60C,wBAAyBh7C,EAAM1H,MAAM0H,EAAM4H,oBAAqBozC,GAChEC,6BACC3C,OAAM3gD,OAAWA,OAAWA,EAAW8R,IACnCvD,CACX,CAkBE,eAAMquD,CAAUl5D,EAAU,IACxB,MAAMoO,EAAS,IAAKuD,KAAkB3R,EAAQoO,QAC9C,GAAIpO,EAAQ0xC,WACV,MAAUj2C,MAAM,gEAElB,GAAIuE,EAAQ4uD,QAAUxgD,EAAOkB,WAC3B,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBtP,EAAQ4uD,WAEnF,MAAM1E,EAAkBhwD,KAAKiwD,UAC7B,GAAID,EAAgBsC,UAClB,MAAU/wD,MAAM,8CAElB,IAAKyuD,EAAgBO,cACnB,MAAUhvD,MAAM,wBAElB,MAAM09D,EAAiBjP,EAAgBa,mBACvCoO,EAAehrD,KAiBnB,SAA8B+gB,GAG5B,OAFavqB,EAAM1H,MAAM0H,EAAMsB,UAAWipB,IAGxC,KAAKvqB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACnB,MAAO,MACT,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,MAAO,MACT,KAAK9B,EAAMsB,UAAUZ,QACnB,MAAO,aACT,KAAKV,EAAMsB,UAAUa,MACnB,MAAO,WACT,QACE,MAAUrL,MAAM,yBAEtB,CApC0B29D,CAAqBD,EAAerpB,WAC1DqpB,EAAevK,QAAUuK,EAAe/iD,MAAQ,KAChD+iD,EAAev0D,MAAQu0D,EAAev0D,OAAS,mBAC/C5E,EAAUq5D,GAA0Br5D,EAASm5D,GAK7C,MAAMhP,QAAkBmP,GAA4Bt5D,EAAS,IAAKoO,EAAQQ,OAAmC,IAA3B1U,KAAKiwD,UAAUrY,UACjGskB,GAA4BjM,EAAW/7C,GACvC,MAAMqmD,QAAyB8E,GAA8BpP,EAAWD,EAAiBlqD,EAASoO,GAC5ForD,EAAat/D,KAAK24D,eAExB,OADA2G,EAAWx8D,KAAKmtD,EAAWsK,GACpB,IAAIkE,GAAWa,EAC1B,EClOA,MAAMC,gBAAkCzoD,EAAKgH,wBAAwB,CACnE+xC,GACAsB,GACAO,GACAmC,GACAT,GACA9B,GACAjN,KASF,SAASmb,GAAUtL,GACjB,IAAK,MAAMvlD,KAAUulD,EACnB,OAAQvlD,EAAO/O,YAAYqe,KACzB,KAAKxT,EAAMkE,OAAOK,UAChB,OAAO,IAAIyvD,GAAWvK,GACxB,KAAKzpD,EAAMkE,OAAO5C,UAChB,OAAO,IAAIwyD,GAAUrK,GAG3B,MAAU3yD,MAAM,sBAClB,CAgHAe,eAAem9D,GAAczP,EAAiB0P,EAAqB55D,EAASoO,GAEtEpO,EAAQ0xC,kBACJwY,EAAgBhiC,QAAQloB,EAAQ0xC,WAAYtjC,SAG9ChU,QAAQ4E,IAAI46D,EAAoB/6D,KAAIrC,eAAe+uD,EAAoBj0C,GAC3E,MAAMuiD,EAAmB75D,EAAQ41D,QAAQt+C,GAAOo6B,WAC5CmoB,SACItO,EAAmBrjC,QAAQ2xC,EAAkBzrD,EAEzD,KAEE,MAAMggD,EAAa,IAAItL,GAGvB,SAASgX,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMt1D,QAAOmY,GAAQA,IAASo9C,IAC5D,CAEE,SAASC,IACP,MAAMrK,EAAsB,CAAE,EAC9BA,EAAoBvjD,SAAW,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,UAC5E,MAAMmtD,EAAsBJ,EAAqB,CAE/Cn1D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,QACfgH,EAAOE,6BAEV,GADAshD,EAAoBjkD,6BAA+BuuD,EAC/C9rD,EAAOI,YAAa,CACtB,MAAM2rD,EAAiBL,EAAqB,CAC1Cn1D,EAAM6D,KAAKG,IACXhE,EAAM6D,KAAKC,IACX9D,EAAM6D,KAAKE,KACV0F,EAAOM,wBACVkhD,EAAoB/iD,sBAAwBstD,EAAeC,SAAQtU,GAC1DoU,EAAoBr7D,KAAIw7D,GACtB,CAACA,EAAoBvU,MAGtC,CAuBI,OAtBA8J,EAAoB7jD,wBAA0B+tD,EAAqB,CAEjEn1D,EAAMkD,KAAKI,OACXtD,EAAMkD,KAAKM,OACXxD,EAAMkD,KAAKQ,SACX1D,EAAMkD,KAAKS,UACV8F,EAAOC,wBACVuhD,EAAoB5jD,+BAAiC8tD,EAAqB,CACxEn1D,EAAM6C,YAAYC,aAClB9C,EAAM6C,YAAYG,KAClBhD,EAAM6C,YAAYE,KACjB0G,EAAOG,+BAEVqhD,EAAoBpjD,SAAW,CAAC,GAChCojD,EAAoBpjD,SAAS,IAAM7H,EAAM6H,SAASwB,sBAC9CI,EAAOI,cACTohD,EAAoBpjD,SAAS,IAAM7H,EAAM6H,SAAS0B,SAEhDlO,EAAQyL,kBAAoB,IAC9BmkD,EAAoBnkD,kBAAoBzL,EAAQyL,kBAChDmkD,EAAoBxQ,iBAAkB,GAEjCwQ,CACX,CAEE,GApDAxB,EAAWpxD,KAAKktD,GAoDgB,IAA5BA,EAAgBpY,QAAe,CACjC,MAAM6d,EAAa,CACjB9kD,IAAKq/C,GAGD0F,EAAsBqK,IAC5BrK,EAAoBpR,cAAgB75C,EAAMoE,UAAU8B,IAEpD,MAAMw3C,QAAwB4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqB5vD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,GAChKggD,EAAWpxD,KAAKqlD,EACpB,OAEQjoD,QAAQ4E,IAAIgB,EAAQs6D,QAAQz7D,KAAIrC,eAAeiN,EAAQ6N,GAC3D,MAAMijD,EAAejN,GAAazd,WAAWpmC,GACvCkmD,EAAa,CACjBlmD,OAAQ8wD,EACR1vD,IAAKq/C,GAED0F,EAAkD,IAA5B1F,EAAgBpY,QAAgBmoB,IAA8B,CAAE,EAC5FrK,EAAoBpR,cAAgB75C,EAAMoE,UAAU0B,aACtC,IAAV6M,IACFs4C,EAAoBlQ,iBAAkB,GAKxC,MAAO,CAAE6a,eAAclY,sBAFO4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqB5vD,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,GAGpK,KAAMrR,MAAK4B,IACPA,EAAKxC,SAAQ,EAAGo+D,eAAclY,sBAC5B+L,EAAWpxD,KAAKu9D,GAChBnM,EAAWpxD,KAAKqlD,EAAgB,GAChC,UAGEjoD,QAAQ4E,IAAI46D,EAAoB/6D,KAAIrC,eAAe+uD,EAAoBj0C,GAC3E,MAAMkjD,EAAgBx6D,EAAQ41D,QAAQt+C,GAEtC,MAAO,CAAEi0C,qBAAoBkP,4BADOlB,GAA8BhO,EAAoBrB,EAAiBsQ,EAAepsD,GAE1H,KAAMrR,MAAKimD,IACPA,EAAQ7mD,SAAQ,EAAGovD,qBAAoBkP,4BACrCrM,EAAWpxD,KAAKuuD,GAChB6C,EAAWpxD,KAAKy9D,EAAsB,GACtC,IAKJ,MAAM9K,EAAa,CAAE9kD,IAAKq/C,GAkB1B,OAjBAkE,EAAWpxD,WAAWi4D,GAA6BtF,EAAY,GAAIzF,EAAiB,CAClF1L,cAAe75C,EAAMoE,UAAU+B,cAC/B60C,wBAAyBh7C,EAAM4H,oBAAoBoB,SACnDiyC,0BAA2B,IAC1B5/C,EAAQi9C,UAAM3gD,OAAWA,OAAWA,EAAW8R,IAE9CpO,EAAQ0xC,YACVwY,EAAgByC,2BAGZvyD,QAAQ4E,IAAI46D,EAAoB/6D,KAAIrC,eAAe+uD,EAAoBj0C,GAClDtX,EAAQ41D,QAAQt+C,GAAOo6B,YAE9C6Z,EAAmBoB,oBAEzB,KAES,IAAIgM,GAAWvK,EACxB,CAYO5xD,eAAek+D,IAAQC,WAAEA,EAAUC,UAAEA,EAAWxsD,OAAAA,KAAWqgD,IAEhE,GADArgD,EAAS,IAAKuD,KAAkBvD,IAC3BusD,IAAeC,EAClB,MAAUn/D,MAAM,4EAElB,GAAIk/D,IAAe3pD,EAAKC,SAAS0pD,GAC/B,MAAUl/D,MAAM,gDAElB,GAAIm/D,IAAc5pD,EAAKtV,aAAak/D,GAClC,MAAUn/D,MAAM,mDAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAAInC,EACJ,GAAIkgE,EAAY,CACd,MAAMxsD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQm/C,GACrC,GAAMxsD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WAC3D,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,MACItG,EAAQmgE,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAWtoD,EAAOg/D,GAAmBrrD,GACnEysD,EAAWzM,EAAWnK,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB2xD,EAAS/+D,OACX,MAAUL,MAAM,uBAGlB,OAAOi+D,GADoBtL,EAAWvxD,MAAMg+D,EAAS,GAAIA,EAAS,IAEpE,CAYOr+D,eAAes+D,IAAeH,WAAEA,EAAUC,UAAEA,EAAWxsD,OAAAA,KAAWqgD,IAEvE,GADArgD,EAAS,IAAKuD,KAAkBvD,IAC3BusD,IAAeC,EAClB,MAAUn/D,MAAM,mFAElB,GAAIk/D,IAAe3pD,EAAKC,SAAS0pD,GAC/B,MAAUl/D,MAAM,uDAElB,GAAIm/D,IAAc5pD,EAAKtV,aAAak/D,GAClC,MAAUn/D,MAAM,0DAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAAInC,EACJ,GAAIkgE,EAAY,CACd,MAAMxsD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQm/C,GACrC,GAAMxsD,IAASxJ,EAAM0I,MAAMK,WACzB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,MACItG,EAAQmgE,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAWtoD,EAAOg/D,GAAmBrrD,GACnEysD,EAAWzM,EAAWnK,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAI6+D,EAAS/+D,OAAQE,IAAK,CACxC,GAAIoyD,EAAWyM,EAAS7+D,IAAIlC,YAAYqe,MAAQxT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAM80D,EAAsB3M,EAAWvxD,MAAMg+D,EAAS7+D,GAAI6+D,EAAS7+D,EAAI,IACvE,OAAO,IAAI28D,GAAWoC,EAC1B,CACE,MAAUt/D,MAAM,6BAClB,CAYOe,eAAew+D,IAASC,YAAEA,EAAWC,WAAEA,EAAY9sD,OAAAA,KAAWqgD,IACnErgD,EAAS,IAAKuD,KAAkBvD,GAChC,IAAI3T,EAAQwgE,GAAeC,EAC3B,IAAKzgE,EACH,MAAUgB,MAAM,+EAElB,GAAIw/D,IAAgBjqD,EAAKC,SAASgqD,GAChC,MAAUx/D,MAAM,kDAElB,GAAIy/D,IAAelqD,EAAKtV,aAAaw/D,GACnC,MAAUz/D,MAAM,qDAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAIq+D,EAAa,CACf,MAAM9sD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQy/C,GACrC,GAAI9sD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WACzD,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,CACE,MAAM6vC,EAAO,GACPwd,QAAmBtL,GAAWC,WAAWtoD,EAAOg/D,GAAmBrrD,GACnEysD,EAAWzM,EAAWnK,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB2xD,EAAS/+D,OACX,MAAUL,MAAM,uBAElB,IAAK,IAAIO,EAAI,EAAGA,EAAI6+D,EAAS/+D,OAAQE,IAAK,CACxC,MACMm/D,EAASzB,GADItL,EAAWvxD,MAAMg+D,EAAS7+D,GAAI6+D,EAAS7+D,EAAI,KAE9D40C,EAAK5zC,KAAKm+D,EACd,CACE,OAAOvqB,CACT,CAYOp0C,eAAe4+D,IAAgBH,YAAEA,EAAWC,WAAEA,EAAU9sD,OAAEA,IAC/DA,EAAS,IAAKuD,KAAkBvD,GAChC,IAAI3T,EAAQwgE,GAAeC,EAC3B,IAAKzgE,EACH,MAAUgB,MAAM,sFAElB,GAAIw/D,IAAgBjqD,EAAKC,SAASgqD,GAChC,MAAUx/D,MAAM,yDAElB,GAAIy/D,IAAelqD,EAAKtV,aAAaw/D,GACnC,MAAUz/D,MAAM,4DAElB,GAAIw/D,EAAa,CACf,MAAM9sD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQy/C,GACrC,GAAI9sD,IAASxJ,EAAM0I,MAAMK,WACvB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,CACE,MAAM6vC,EAAO,GACPwd,QAAmBtL,GAAWC,WAAWtoD,EAAOg/D,GAAmBrrD,GACnEysD,EAAWzM,EAAWnK,WAAWt/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAI6+D,EAAS/+D,OAAQE,IAAK,CACxC,GAAIoyD,EAAWyM,EAAS7+D,IAAIlC,YAAYqe,MAAQxT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMo1D,EAAajN,EAAWvxD,MAAMg+D,EAAS7+D,GAAI6+D,EAAS7+D,EAAI,IACxDm/D,EAAS,IAAIxC,GAAW0C,GAC9BzqB,EAAK5zC,KAAKm+D,EACd,CACE,GAAoB,IAAhBvqB,EAAK90C,OACP,MAAUL,MAAM,8BAElB,OAAOm1C,CACT,CC5bA,MAAM0qB,gBAAsCtqD,EAAKgH,wBAAwB,CACvEglC,GACAoH,GACA8D,GACArC,GACAqF,GACA/C,GACAuB,GACAvH,GACA5D,KAGIgd,gBAA4CvqD,EAAKgH,wBAAwB,CAAC0xC,KAE1E8R,gBAAgDxqD,EAAKgH,wBAAwB,CAACumC,KAO7E,MAAMkd,GAIX,WAAA3hE,CAAYs0D,GACVl0D,KAAK8oD,QAAUoL,GAAc,IAAItL,EACrC,CAME,mBAAA4Y,GACE,MAAMC,EAAS,GAKf,OAJ0BzhE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOC,8BAC9C3M,SAAQ,SAAS0M,GACjC8yD,EAAO3+D,KAAK6L,EAAOu/C,YACzB,IACWuT,CACX,CAME,gBAAAtN,GACE,MAAM3oC,EAAMxrB,KAAK0hE,mBAEXC,EAAiBn2C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOI,kBAC5D,GAAI4yD,EAAe//D,OAAS,EAC1B,OAAO+/D,EAAeh9D,KAAIgK,GAAUA,EAAOgD,cAI7C,OADsB6Z,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACtClK,KAAIgK,GAAUA,EAAOgD,aAC9C,CAYE,aAAM2c,CAAQszC,EAAgBC,EAAWC,EAAa/e,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAChF,MAAMsqD,EAAyB/hE,KAAK8oD,QAAQW,YAC1Ch/C,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBAGf,GAAsC,IAAlCmyD,EAAuBngE,OACzB,MAAUL,MAAM,2BAGlB,MAAMygE,EAAqBD,EAAuB,GAC5CE,EAA6BD,EAAmBlW,gBAEhDoW,EAAoBJ,SAAqB9hE,KAAKmiE,mBAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAM7uC,GAEpI,IAAIkK,EAAY,KAChB,MAAMgkD,EAAmBliE,QAAQ4E,IAAIo9D,EAAkBv9D,KAAIrC,OAASszC,UAAWysB,EAAex7D,WAC5F,IAAKiQ,EAAKtV,aAAaqF,KAAWm7D,EAAmBlW,kBAAoBh1C,EAAKC,SAASsrD,GACrF,MAAU9gE,MAAM,uCAGlB,IACE,MAAMmhB,EAAOs/C,EAAmBlW,iBAAmBrhD,EAAM1H,MAAM0H,EAAMoC,UAAWw1D,SAC1EL,EAAmB1zC,QAAQ5L,EAAM7b,EAAMqN,EAC9C,CAAC,MAAOhQ,GACP4S,EAAK2E,gBAAgBvX,GACrBka,EAAYla,CACpB,MAOI,GAJAo+D,EAAcN,EAAmBhW,WACjCgW,EAAmBhW,UAAY,WACzBoW,GAEDJ,EAAmBlZ,UAAYkZ,EAAmBlZ,QAAQlnD,OAC7D,MAAMwc,GAAiB7c,MAAM,sBAG/B,MAAMghE,EAAY,IAAIhB,GAAQS,EAAmBlZ,SAGjD,OAFAkZ,EAAmBlZ,QAAU,IAAIF,GAE1B2Z,CACX,CAeE,wBAAMJ,CAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAO,IAAI9qC,KAAQ/D,EAASuD,GAC1G,IAEI2G,EAFAokD,EAA6B,GAGjC,GAAIX,EAAW,CACb,MAAMY,EAAeziE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOG,wBAC3D,GAA4B,IAAxB2zD,EAAa7gE,OACf,MAAUL,MAAM,8DAEZrB,QAAQ4E,IAAI+8D,EAAUl9D,KAAIrC,eAAeu1C,EAAU/1C,GACvD,IAAIgnD,EAEFA,EADEhnD,QACc8mD,GAAWC,WAAW4Z,EAAa1/D,QAASs+D,GAA6BntD,GAE/EuuD,QAENviE,QAAQ4E,IAAIgkD,EAAQnkD,KAAIrC,eAAeogE,GAC3C,UACQA,EAAYp0C,QAAQupB,GAC1B2qB,EAA2B1/D,KAAK4/D,EACjC,CAAC,MAAOpsC,GACPxf,EAAK2E,gBAAgB6a,GACjBA,aAAe2gB,KACjB74B,EAAYkY,EAE1B,CACA,IACA,IACK,KAAM,KAAIsrC,EA8FT,MAAUrgE,MAAM,iCA9FS,CACzB,MAAMohE,EAAe3iE,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOC,8BAC3D,GAA4B,IAAxB+zD,EAAa/gE,OACf,MAAUL,MAAM,2DAEZrB,QAAQ4E,IAAI69D,EAAah+D,KAAIrC,eAAesgE,SAC1C1iE,QAAQ4E,IAAI88D,EAAej9D,KAAIrC,eAAeugE,GAClD,IAAIC,EACJ,IAEEA,SAA8BD,EAAchE,kBAAkB+D,EAAY1U,YAAa,UAAM9rD,EAAW8R,IAASvP,KAAIgM,GAAOA,EAAIs/C,WACjI,CAAC,MAAO35B,GAEP,YADAlY,EAAYkY,EAExB,CAEU,IAAIupC,EAAQ,CACVp1D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,OAChBzC,EAAMoC,UAAUE,UAChBtC,EAAMoC,UAAUG,OAElB,IACE,MAAM4sD,QAA0BiJ,EAAczM,wBAAwBrT,OAAM3gD,EAAW8R,GACnF0lD,EAAkBnoD,+BACpBouD,EAAQA,EAAMr7D,OAAOo1D,EAAkBnoD,8BAE1C,CAAC,MAAOvN,GAAG,OAENhE,QAAQ4E,IAAIg+D,EAAqBn+D,KAAIrC,eAAeygE,GACxD,IAAKA,EAAoBxS,cACvB,MAAUhvD,MAAM,oCAWlB,GAPiC2S,EAAOuB,8BACtCmtD,EAAYpe,qBAAuB/5C,EAAMsB,UAAUE,YACnD22D,EAAYpe,qBAAuB/5C,EAAMsB,UAAUC,gBACnD42D,EAAYpe,qBAAuB/5C,EAAMsB,UAAUG,SACnD02D,EAAYpe,qBAAuB/5C,EAAMsB,UAAUI,SAGvB,CAW5B,MAAM62D,EAAkBJ,EAAY7/D,cAC9B7C,QAAQ4E,KACZm9D,EACE,CAACA,GACDtiE,MAAM6gB,KAAKtM,EAAOwB,0DACpB/Q,KAAIrC,UACJ,MAAM2gE,EAAkB,IAAIhV,GAC5BgV,EAAgB5gE,KAAK2gE,GACrB,MAAMlU,EAAmB,CACvB7C,sBACAoC,WAAYhyC,GAAOuzC,mBAAmB3D,IAExC,UACQgX,EAAgB30C,QAAQy0C,EAAqBjU,GACnD0T,EAA2B1/D,KAAKmgE,EACjC,CAAC,MAAO3sC,GAEPxf,EAAK2E,gBAAgB6a,GACrBlY,EAAYkY,CAC9B,KAGA,MACc,UACQssC,EAAYt0C,QAAQy0C,GAC1B,MAAM5C,EAAqB8B,GAA8BW,EAAY3W,oBACrE,GAAIkU,IAAuBN,EAAMzgD,SAAS3U,EAAM1H,MAAM0H,EAAMoC,UAAWszD,IACrE,MAAU5+D,MAAM,iDAElBihE,EAA2B1/D,KAAK8/D,EACjC,CAAC,MAAOtsC,GACPxf,EAAK2E,gBAAgB6a,GACrBlY,EAAYkY,CAC5B,CAEA,IACA,KACQgsC,EAAcM,EAAY5W,WAC1B4W,EAAY5W,UAAY,IAChC,IACA,CAEA,CAEI,GAAIwW,EAA2B5gE,OAAS,EAAG,CAEzC,GAAI4gE,EAA2B5gE,OAAS,EAAG,CACzC,MAAMshE,EAAO,IAAIvtD,IACjB6sD,EAA6BA,EAA2Bj4D,QAAO44D,IAC7D,MAAM1pD,EAAI0pD,EAAKlX,oBAAsBn1C,EAAKqD,mBAAmBgpD,EAAK9U,YAClE,OAAI6U,EAAKl/D,IAAIyV,KAGbypD,EAAKj/D,IAAIwV,IACF,EAAI,GAErB,CAEM,OAAO+oD,EAA2B79D,KAAIgK,IAAW,CAC/C9H,KAAM8H,EAAO0/C,WACbzY,UAAWjnC,EAAOs9C,qBAAuBxhD,EAAMpI,KAAKoI,EAAMoC,UAAW8B,EAAOs9C,wBAEpF,CACI,MAAM7tC,GAAiB7c,MAAM,iCACjC,CAME,cAAA6hE,GACE,MACMtzD,EADM9P,KAAK0hE,mBACG5Y,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQqzC,YAAe,IAC9C,CAME,WAAAG,GACE,MACMxzC,EADM9P,KAAK0hE,mBACG5Y,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQwzC,eAAkB,IACjD,CAME,OAAAJ,GACE,MACMpzC,EADM9P,KAAK0hE,mBACG5Y,QAAQe,WAAWp/C,EAAMkE,OAAOU,aACpD,OAAIS,EACKA,EAAQozC,UAEV,IACX,CAWE,+BAAa0M,CAAmByT,EAAiB,GAAItgB,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAIlsD,EAASuD,GAC7F,MAAM8+B,cAAEA,EAAa+sB,SAAEA,SPlIpBhhE,eAAuCo0C,EAAO,GAAIqM,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAIlsD,EAASuD,GACjG,MAAM8rD,QAAiBrjE,QAAQ4E,IAAI4xC,EAAK/xC,KAAI,CAACgM,EAAK7O,IAAM6O,EAAIylD,wBAAwBrT,EAAMqd,EAAQt+D,GAAIoS,MAKtG,GAJiBwiC,EAAK90C,OACpB2hE,EAASjnC,OAAMknC,GAAWA,EAAQlxD,UAAakxD,EAAQlxD,SAAS,GAAK7H,EAAM6H,SAAS0B,UACpFE,EAAOI,YAEK,CACZ,MAAMmvD,EAAqB,CAAEltB,cAAe9rC,EAAMoC,UAAUK,OAAQo2D,SAAU74D,EAAM6D,KAAKE,KACnFk1D,EAAsB,CAC1B,CAAEntB,cAAeriC,EAAOE,4BAA6BkvD,SAAUpvD,EAAOM,wBACtE,CAAE+hC,cAAeriC,EAAOE,4BAA6BkvD,SAAU74D,EAAM6D,KAAKE,KAC1E,CAAE+nC,cAAe9rC,EAAMoC,UAAUK,OAAQo2D,SAAUpvD,EAAOM,yBAE5D,IAAK,MAAMmvD,KAAsBD,EAC/B,GAAIH,EAASjnC,OAAMknC,GAAWA,EAAQ7wD,uBAAyB6wD,EAAQ7wD,sBAAsBjO,MAC3Fk/D,GAAeA,EAAY,KAAOD,EAAmBptB,eAAiBqtB,EAAY,KAAOD,EAAmBL,aAE5G,OAAOK,EAGX,OAAOF,CACX,CACE,MAAMI,EAAiBp5D,EAAMoC,UAAUK,OACjC42D,EAAiB5vD,EAAOE,4BAC9B,MAAO,CACLmiC,cAAegtB,EAASjnC,OAAMknC,GAAWA,EAAQ/xD,8BAAgC+xD,EAAQ/xD,6BAA6B2N,SAAS0kD,KAC7HA,EACAD,EACFP,cAAUlhE,EAEd,COoG8C2hE,CAAwBV,EAAgBtgB,EAAMqd,EAASlsD,GAC3F8vD,EAAoBv5D,EAAMpI,KAAKoI,EAAMoC,UAAW0pC,GAChD0tB,EAAeX,EAAW74D,EAAMpI,KAAKoI,EAAM6D,KAAMg1D,QAAYlhE,QAE7DlC,QAAQ4E,IAAIu+D,EAAe1+D,KAAIgM,GAAOA,EAAIyrD,mBAC7C/7D,OAAM,IAAM,OACZwC,MAAKqhE,IACJ,GAAIA,IAAaA,EAASjU,UAAUra,YAAcnrC,EAAMsB,UAAUW,QAAUw3D,EAASjU,UAAUra,YAAcnrC,EAAMsB,UAAUY,QAC1Hs3D,IAAiBntD,EAAK4H,MAAM63B,GAC7B,MAAUh1C,MAAM,2MAC1B,OAKI,MAAO,CAAEsF,KADcwV,GAAOuzC,mBAAmBrZ,GAClBX,UAAWouB,EAAmBpY,cAAeqY,EAChF,CAeE,aAAMj2C,CAAQq1C,EAAgBxB,EAAWxT,EAAYnK,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAIlsD,EAASuD,GACtI,GAAI42C,GACF,IAAKv3C,EAAKtV,aAAa6sD,EAAWxnD,QAAUiQ,EAAKC,SAASs3C,EAAWzY,WACnE,MAAUr0C,MAAM,4CAEb,GAAI8hE,GAAkBA,EAAezhE,OAC1CysD,QAAmBkT,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMqd,EAASlsD,OACxE,KAAI2tD,IAAaA,EAAUjgE,OAGhC,MAAUL,MAAM,gDAFhB8sD,QAAmBkT,GAAQ3R,wBAAmBxtD,OAAWA,OAAWA,EAAW8R,EAGrF,CAEI,MAAQrN,KAAM0oD,EAAgB3Z,UAAWysB,EAAezW,cAAewY,GAAsB/V,EAEvF7iC,QAAY+1C,GAAQ8C,kBAAkB9U,EAAgB8S,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMqd,EAASlsD,GAE9J8tD,EAAqBrW,GAAyChW,WAAW,CAC7EiC,QAASwsB,EAAoB,EAAI,EACjCxY,cAAewY,EAAoB35D,EAAM1H,MAAM0H,EAAM6D,KAAM81D,GAAqB,OAElFpC,EAAmBlZ,QAAU9oD,KAAK8oD,QAElC,MAAMlT,EAAYnrC,EAAM1H,MAAM0H,EAAMoC,UAAWw1D,GAK/C,aAJML,EAAmBh0C,QAAQ4nB,EAAW2Z,EAAgBr7C,GAE5DsX,EAAIs9B,QAAQhmD,KAAKk/D,GACjBA,EAAmBlZ,QAAU,IAAIF,GAC1Bp9B,CACX,CAiBE,8BAAa64C,CAAkBhW,EAAYgU,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAIlsD,EAASuD,GACzL,MAAMy8C,EAAa,IAAItL,GACjBuX,EAAqB11D,EAAM1H,MAAM0H,EAAMoC,UAAWw1D,GAClDzW,EAAgBwY,GAAqB35D,EAAM1H,MAAM0H,EAAM6D,KAAM81D,GAEnE,GAAIf,EAAgB,CAClB,MAAM/E,QAAgBp+D,QAAQ4E,IAAIu+D,EAAe1+D,KAAIrC,eAAekzD,EAAY1zD,GAC9E,MAAM8tC,QAAsB4lB,EAAW4G,iBAAiB+H,EAAiBriE,GAAIihD,EAAMqd,EAASlsD,GAEtFowD,EAAgBrW,GAAmCtY,WAAW,CAClEiC,QAASgU,EAAgB,EAAI,EAC7B0C,oBAAqB1e,EAAcqgB,UACnC1B,mBAAoBrK,EACpBmK,aACApC,oBAAqBkU,IAKvB,aAFMmE,EAAct2C,QAAQ4hB,EAAcqgB,kBACnCqU,EAAcjW,WACdiW,CACf,KACMpQ,EAAWpxD,QAAQw7D,EACzB,CACI,GAAIuD,EAAW,CACb,MAAM0C,EAAcjiE,eAAe2tD,EAAWpY,GAC5C,IAEE,aADMoY,EAAU3hC,QAAQupB,GACjB,CACR,CAAC,MAAO3zC,GACP,OAAO,CACjB,CACO,EAEKwuB,EAAM,CAAC8xC,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkBpiE,eAAe+rD,EAAYzY,EAAWgW,EAAe/T,GAC3E,MAAM8sB,EAA+B,IAAInV,GAA6Bt7C,GAQtE,GAPAywD,EAA6BtW,WAAaA,EAC1CsW,EAA6B1Y,oBAAsBrW,EAC/CgW,IACF+Y,EAA6B/Y,cAAgBA,SAEzC+Y,EAA6B32C,QAAQ6pB,EAAU3jC,GAEjDA,EAAOmB,uBAAwB,CAEjC,GAA4B,WADNnV,QAAQ4E,IAAI+8D,EAAUl9D,KAAIigE,GAAOL,EAAYI,EAA8BC,OACrFj7B,OAAOjX,GACjB,OAAOgyC,EAAgBrW,EAAYzY,EAAWiC,EAE1D,CAGQ,cADO8sB,EAA6BtW,WAC7BsW,CACR,EAEKrG,QAAgBp+D,QAAQ4E,IAAI+8D,EAAUl9D,KAAIigE,GAAOF,EAAgBrW,EAAY8R,EAAoBvU,EAAegZ,MACtH1Q,EAAWpxD,QAAQw7D,EACzB,CAEI,OAAO,IAAIiD,GAAQrN,EACvB,CAgBE,UAAM9zB,CAAK04B,EAAc,GAAIlD,EAAgB,GAAI/mD,EAAY,KAAMg2D,EAAgB,GAAI9hB,EAAO,IAAI9qC,KAAQ6sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIrxC,EAASuD,GAC7K,MAAMy8C,EAAa,IAAItL,GAEjBmc,EAAoB/kE,KAAK8oD,QAAQe,WAAWp/C,EAAMkE,OAAOU,aAC/D,IAAK01D,EACH,MAAUxjE,MAAM,mCAGlB,MAAMyjE,QAAyBC,GAAuBF,EAAmBjM,EAAalD,EAAe/mD,EAAWg2D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAOrxC,GACnLgxD,EAA0BF,EAAiBrgE,KAC/C,CAACwjD,EAAiBrmD,IAAMmmD,GAAuBC,oBAAoBC,EAAuB,IAANrmD,KACnFmpB,UAMH,OAJAipC,EAAWpxD,QAAQoiE,GACnBhR,EAAWpxD,KAAKiiE,GAChB7Q,EAAWpxD,QAAQkiE,GAEZ,IAAIzD,GAAQrN,EACvB,CAQE,QAAA7J,CAAS3nC,EAAMxO,EAASuD,GACtB,GAAIiL,IAASjY,EAAM6C,YAAYC,aAC7B,OAAOvN,KAGT,MAAMmqD,EAAa,IAAID,GAAqBh2C,GAC5Ci2C,EAAWvU,UAAYlzB,EACvBynC,EAAWrB,QAAU9oD,KAAK8oD,QAE1B,MAAMwW,EAAa,IAAI1W,GAGvB,OAFA0W,EAAWx8D,KAAKqnD,GAET,IAAIoX,GAAQjC,EACvB,CAgBE,kBAAM6F,CAAarM,EAAc,GAAIlD,EAAgB,GAAI/mD,EAAY,KAAMg2D,EAAgB,GAAIO,EAAkB,GAAIriB,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAI7a,EAAY,GAAIrxC,EAASuD,GAC7K,MAAMstD,EAAoB/kE,KAAK8oD,QAAQe,WAAWp/C,EAAMkE,OAAOU,aAC/D,IAAK01D,EACH,MAAUxjE,MAAM,mCAElB,OAAO,IAAI0yD,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAe/mD,EAAWg2D,EAAeO,EAAiBriB,EAAMqd,EAAS7a,GAAW,EAAMrxC,GAChL,CAcE,YAAMysB,CAAO04B,EAAkBtW,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACzD,MAAM+T,EAAMxrB,KAAK0hE,mBACX2D,EAAkB75C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bg2D,EAAgBzjE,OAClB,MAAUL,MAAM,yDAEd0gB,EAAqBuJ,EAAIs9B,QAAQ9nD,SACnCwqB,EAAIs9B,QAAQhmD,cAAcof,EAAiBsJ,EAAIs9B,QAAQ9nD,QAAQkrB,GAAKA,GAAK,MAE3E,MAAMy1C,EAAiBn2C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOI,kBAAkBkc,UACxEq6C,EAAgB95C,EAAIs9B,QAAQW,YAAYh/C,EAAMkE,OAAOE,WAC3D,OAAI8yD,EAAe//D,SAAW0jE,EAAc1jE,QAAUkV,EAAK7V,SAASuqB,EAAIs9B,QAAQ9nD,UAAYihB,EAAqBuJ,EAAIs9B,QAAQ9nD,eACrHd,QAAQ4E,IAAI68D,EAAeh9D,KAAIrC,UACnC+lD,EAAWG,iBAAmB,IAAItoD,SAAQ,CAACC,EAASC,KAClDioD,EAAWkd,wBAA0BplE,EACrCkoD,EAAWmd,uBAAyBplE,CAAM,IAE5CioD,EAAW5D,cAAgB4B,GAAiB/jD,gBAAmB+lD,EAAWG,kBAAkB/D,gBAC5F4D,EAAW3qB,OAASxb,QAAuBmmC,EAAW16C,KAAK06C,EAAW/D,cAAe+gB,EAAgB,QAAIjjE,GAAW,IACpHimD,EAAW3qB,OAAOr9B,OAAM,QAAS,KAEnCmrB,EAAIs9B,QAAQ9nD,OAAS6gB,EAAqB2J,EAAIs9B,QAAQ9nD,QAAQsB,MAAO4C,EAAUC,KAC7E,MAAMzB,EAASoe,EAAiB5c,GAC1BvE,EAASohB,EAAiB5c,GAChC,IACE,IAAK,IAAIrD,EAAI,EAAGA,EAAI6/D,EAAe//D,OAAQE,IAAK,CAC9C,MAAQS,MAAOsM,SAAoBnL,EAAOrB,OAC1Cs/D,EAAe7/D,GAAGyjE,wBAAwB12D,EACtD,OACgBnL,EAAOjB,kBACP9B,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,GACPy9D,EAAe1/D,SAAQomD,IACrBA,EAAWmd,uBAAuBthE,EAAE,UAEhCvD,EAAOuC,MAAMgB,EAC7B,KAEauhE,GAA0B9D,EAAgB0D,EAAiBhM,EAAkBtW,GAAM,EAAO7uC,IAE5FuxD,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,GAAM,EAAO7uC,EACpG,CAeE,cAAAwxD,CAAe72D,EAAWwqD,EAAkBtW,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACtE,MACM4tD,EADMrlE,KAAK0hE,mBACW5Y,QAAQW,YAAYh/C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bg2D,EAAgBzjE,OAClB,MAAUL,MAAM,yDAGlB,OAAOkkE,GADe52D,EAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACjBw2D,EAAiBhM,EAAkBtW,GAAM,EAAM7uC,EACnG,CAME,gBAAAwtD,GACE,MAAMvX,EAAanqD,KAAK8oD,QAAQW,YAAYh/C,EAAMkE,OAAOO,gBACzD,OAAIi7C,EAAWvoD,OACN,IAAI2/D,GAAQpX,EAAW,GAAGrB,SAE5B9oD,IACX,CAOE,qBAAM2lE,CAAgBC,EAAmB1xD,EAASuD,SAC1CzX,KAAK8oD,QAAQzmD,KACjByU,EAAKtV,aAAaokE,GAAqBA,SAA2BtkD,GAAQskD,IAAoB/+D,KAC9Fy6D,GACAptD,EAEN,CAME,KAAAnR,GACE,OAAO/C,KAAK8oD,QAAQ/lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASuD,GACb,MAAMouD,EAAiB7lE,KAAK8oD,QAAQ9oD,KAAK8oD,QAAQlnD,OAAS,GAGpD0gB,EAAeujD,EAAejmE,YAAYqe,MAAQ0tC,GAAyC1tC,IACpE,IAA3B4nD,EAAejuB,QACf53C,KAAK8oD,QAAQpkD,MAAKiK,GAAUA,EAAO/O,YAAYqe,MAAQomC,GAAgBpmC,KAA0B,IAAnBtP,EAAOipC,UACvF,OAAOzkC,GAAM1I,EAAM0I,MAAMI,QAASvT,KAAK+C,QAAS,KAAM,KAAM,KAAMuf,EAAcpO,EACpF,EAqBO5R,eAAe2iE,GAAuBF,EAAmBjM,EAAalD,EAAgB,GAAI/mD,EAAY,KAAMg2D,EAAgB,GAAI9hB,EAAO,IAAI9qC,KAAQ6sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIza,GAAW,EAAO52B,EAASuD,GAC/O,MAAMy8C,EAAa,IAAItL,GAGjBtE,EAA2C,OAA3BygB,EAAkB/0D,KACtCvF,EAAMoE,UAAUkB,OAAStF,EAAMoE,UAAUmB,KAa3C,SAXM9P,QAAQ4E,IAAIg0D,EAAYn0D,KAAIrC,MAAOkzD,EAAY1zD,KACnD,MAAMgkE,EAAgBhB,EAAehjE,GACrC,IAAK0zD,EAAWuD,YACd,MAAUx3D,MAAM,gCAElB,MAAMy3D,QAAmBxD,EAAWyD,cAAc4L,EAAc/iE,GAAIihD,EAAM+iB,EAAe5xD,GACzF,OAAOyhD,GAAsBoP,EAAmBnP,EAAch0D,OAASg0D,EAAgB,CAACJ,GAAawD,EAAW/I,UAAW,CAAE3L,iBAAiBvB,EAAM+S,EAAkBvQ,EAAWza,EAAU52B,EAAO,KAChMrR,MAAKyiE,IACPpR,EAAWpxD,QAAQwiE,EAAc,IAG/Bz2D,EAAW,CACb,MAAMk3D,EAAwBl3D,EAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WACzEqlD,EAAWpxD,QAAQijE,EACvB,CACE,OAAO7R,CACT,CAkGO5xD,eAAemjE,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,EAAO,IAAI9qC,KAAQ6yB,GAAW,EAAO52B,EAASuD,GAC9I,OAAOvX,QAAQ4E,IAAIwgE,EAAc/6D,QAAO,SAASsE,GAC/C,MAAO,CAAC,OAAQ,UAAUuQ,SAAS3U,EAAMpI,KAAKoI,EAAMoE,UAAWA,EAAUy1C,eAC7E,IAAK3/C,KAAIrC,eAAeuM,GACpB,OApFJvM,eAAwCuM,EAAWw2D,EAAiBhM,EAAkBtW,EAAO,IAAI9qC,KAAQ6yB,GAAW,EAAO52B,EAASuD,GAClI,IAAI+9C,EACAwQ,EAEJ,IAAK,MAAMr1D,KAAO0oD,EAAkB,CAClC,MAAMC,EAAa3oD,EAAI4oD,QAAQ1qD,EAAU8C,aACzC,GAAI2nD,EAAW13D,OAAS,EAAG,CACzB4zD,EAAa7kD,EACbq1D,EAAuB1M,EAAW,GAClC,KACN,CACA,CAEE,MACM2M,EADqBp3D,aAAqBo5C,GACIp5C,EAAU25C,iBAAmB35C,EAE3Eq3D,EAAc,CAClBtiB,MAAO/0C,EAAU8C,YACjB8gC,SAAU,WACR,IAAKuzB,EACH,MAAUzkE,MAAM,0CAA0CsN,EAAU8C,YAAY65B,eAG5E38B,EAAU8xB,OAAOqlC,EAAqB/V,UAAWphD,EAAUy1C,cAAe+gB,EAAgB,GAAItiB,EAAMjY,EAAU52B,GACpH,MAAMi0C,QAAwB8d,EAC9B,GAAID,EAAqBxV,kBAAoBrI,EAAgBtD,QAC3D,MAAUtjD,MAAM,mCAIlB,UACQi0D,EAAWyD,cAAc+M,EAAqBvf,WAAY0B,EAAgBtD,aAASziD,EAAW8R,EACrG,CAAC,MAAOhQ,GAKP,IAAIgQ,EAAOqB,+CAAgDrR,EAAEqP,QAAQqM,MAAM,4CAGzE,MAAM1b,QAFAsxD,EAAWyD,cAAc+M,EAAqBvf,WAAY1D,OAAM3gD,EAAW8R,EAI3F,CACM,OAAO,CACR,EA1BS,GA2BVrF,UAAW,WACT,MAAMs5C,QAAwB8d,EACxB/R,EAAa,IAAItL,GAEvB,OADAT,GAAmB+L,EAAWpxD,KAAKqlD,GAC5B,IAAI8L,GAAUC,EACtB,EALU,IAeb,OAHAgS,EAAYr3D,UAAUxO,OAAM,SAC5B6lE,EAAYzzB,SAASpyC,OAAM,SAEpB6lE,CACT,CAuBWC,CAAyBt3D,EAAWw2D,EAAiBhM,EAAkBtW,EAAMjY,EAAU52B,EAClG,IACA,CAYO5R,eAAe8jE,IAAYC,eAAEA,EAAcC,cAAEA,EAAepyD,OAAAA,KAAWqgD,IAC5ErgD,EAAS,IAAKuD,KAAkBvD,GAChC,IAAI3T,EAAQ8lE,GAAkBC,EAC9B,IAAK/lE,EACH,MAAUgB,MAAM,wFAElB,GAAI8kE,IAAmBvvD,EAAKC,SAASsvD,KAAoBvvD,EAAK7V,SAASolE,GACrE,MAAU9kE,MAAM,kEAElB,GAAI+kE,IAAkBxvD,EAAKtV,aAAa8kE,KAAmBxvD,EAAK7V,SAASqlE,GACvE,MAAU/kE,MAAM,qEAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,MAAM6jE,EAAazvD,EAAK7V,SAASV,GACjC,GAAI8lE,EAAgB,CAClB,MAAMpyD,KAAEA,EAAIpN,KAAEA,SAAeya,GAAQ/gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMI,QACvB,MAAUhS,MAAM,oCAElBhB,EAAQsG,CACZ,CACE,MAAMqtD,QAAmBtL,GAAWC,WAAWtoD,EAAO6gE,GAAuBltD,GACvEX,EAAU,IAAIguD,GAAQrN,GAE5B,OADA3gD,EAAQy1C,WAAaud,EACdhzD,CACT,CAcOjR,eAAekkE,IAAcx2D,KAAEA,EAAID,OAAEA,EAAMizC,SAAEA,EAAQD,KAAEA,EAAO,IAAI9qC,KAAM2mB,OAAEA,QAAkBx8B,IAAT4N,EAAqB,OAAS,aAAaukD,IACnI,MAAMh0D,OAAiB6B,IAAT4N,EAAqBA,EAAOD,EAC1C,QAAc3N,IAAV7B,EACF,MAAUgB,MAAM,yEAElB,GAAIyO,IAAS8G,EAAKC,SAAS/G,KAAU8G,EAAK7V,SAAS+O,GACjD,MAAUzO,MAAM,0DAElB,GAAIwO,IAAW+G,EAAKtV,aAAauO,KAAY+G,EAAK7V,SAAS8O,GACzD,MAAUxO,MAAM,gEAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,MAAM6jE,EAAazvD,EAAK7V,SAASV,GAC3BwkE,EAAoB,IAAIjiB,GAAkBC,QACnC3gD,IAAT4N,EACF+0D,EAAkB9hB,QAAQ1iD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS8uB,IAE5DmmC,EAAkB3hB,SAAS7iD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS8uB,SAE9Cx8B,IAAb4gD,GACF+hB,EAAkB1hB,YAAYL,GAEhC,MAAMyjB,EAAwB,IAAI7d,GAClC6d,EAAsB3jE,KAAKiiE,GAC3B,MAAMxxD,EAAU,IAAIguD,GAAQkF,GAE5B,OADAlzD,EAAQy1C,WAAaud,EACdhzD,CACT,CCn4BA,MAAMm1C,gBAA+B5xC,EAAKgH,wBAAwB,CAACumC,KAM5D,MAAMqiB,GAKX,WAAA9mE,CAAYoQ,EAAMnB,GAGhB,GADA7O,KAAKgQ,KAAO8G,EAAK4G,qBAAqB1N,GAAMwP,QAAQ,SAAU,QAC1D3Q,KAAeA,aAAqBolD,IACtC,MAAU1yD,MAAM,2BAElBvB,KAAK6O,UAAYA,GAAa,IAAIolD,GAAU,IAAIrL,GACpD,CAME,gBAAAuL,GACE,MAAMsN,EAAS,GAKf,OAJsBzhE,KAAK6O,UAAUi6C,QACvB7mD,SAAQ,SAAS0M,GAC7B8yD,EAAO3+D,KAAK6L,EAAOgD,YACzB,IACW8vD,CACX,CAgBE,UAAMrhC,CAAK04B,EAAalD,EAAgB,GAAI/mD,EAAY,KAAMg2D,EAAgB,GAAI9hB,EAAO,IAAI9qC,KAAQ6sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIrxC,EAASuD,GACxK,MAAMstD,EAAoB,IAAIjiB,GAC9BiiB,EAAkB9hB,QAAQjjD,KAAKgQ,MAC/B,MAAM22D,EAAe,IAAI1S,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAe/mD,EAAWg2D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAMrxC,IAClM,OAAO,IAAIwyD,GAAiB1mE,KAAKgQ,KAAM22D,EAC3C,CAcE,MAAAhmC,CAAO+V,EAAMqM,EAAO,IAAI9qC,KAAQ/D,EAASuD,GACvC,MAAM6tD,EAAgBtlE,KAAK6O,UAAUi6C,QAAQW,YAAYh/C,EAAMkE,OAAOE,WAChEk2D,EAAoB,IAAIjiB,GAG9B,OADAiiB,EAAkB9hB,QAAQjjD,KAAKgQ,MACxBy1D,GAA0BH,EAAe,CAACP,GAAoBruB,EAAMqM,GAAM,EAAM7uC,EAC3F,CAME,OAAAgvC,GAEE,OAAOljD,KAAKgQ,KAAKwP,QAAQ,QAAS,KACtC,CAOE,KAAArM,CAAMe,EAASuD,GAEb,MAAMmvD,EAAwB5mE,KAAK6O,UAAUi6C,QAAQpkD,MAAKiK,GAA6B,IAAnBA,EAAOipC,UAOrEz2B,EAAO,CACXxT,KAPWi5D,EACXjnE,MAAM6gB,KAAK,IAAI7K,IAAI3V,KAAK6O,UAAUi6C,QAAQnkD,KACxCgK,GAAUlE,EAAMpI,KAAKoI,EAAMkD,KAAMgB,EAAO41C,eAAewD,kBACrDrlD,OACJ,KAIAsN,KAAMhQ,KAAKgQ,KACXnJ,KAAM7G,KAAK6O,UAAUi6C,QAAQ/lD,SAI/B,OAAOoQ,GAAM1I,EAAM0I,MAAMG,OAAQ6N,OAAM/e,OAAWA,OAAWA,EAAWwkE,EAAuB1yD,EACnG,EAYO5R,eAAeukE,IAAqBC,iBAAEA,EAAgB5yD,OAAEA,KAAWqgD,IAExE,GADArgD,EAAS,IAAKuD,KAAkBvD,IAC3B4yD,EACH,MAAUvlE,MAAM,gFAElB,IAAKuV,EAAKC,SAAS+vD,GACjB,MAAUvlE,MAAM,mEAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,MAAMnC,QAAc+gB,GAAQwlD,GAC5B,GAAIvmE,EAAM0T,OAASxJ,EAAM0I,MAAMG,OAC7B,MAAU/R,MAAM,gCAElB,MAAM2yD,QAAmBtL,GAAWC,WAAWtoD,EAAMsG,KAAM6hD,GAAgBx0C,IAY7E,SAAuB+M,EAASizC,GAC9B,MAAM6S,EAAiB,SAASC,GAC9B,MAAMC,EAAQt4D,GAAU+T,GAAQ/T,EAAO41C,gBAAkB7hC,EAEzD,IAAK,IAAI5gB,EAAI,EAAGA,EAAIoyD,EAAWtyD,OAAQE,IACrC,GAAIoyD,EAAWpyD,GAAGlC,YAAYqe,MAAQxT,EAAMkE,OAAOE,YAAcm4D,EAAUtiE,KAAKuiE,EAAM/S,EAAWpyD,KAC/F,OAAO,EAGX,OAAO,CACR,EAEKklE,EAAY,GAoBlB,GAnBA/lD,EAAQhf,SAAQ0d,IACd,MAAMunD,EAAavnD,EAAOC,MAAM,gBAChC,IAAIsnD,EAaF,MAAU3lE,MAAM,0DAbF,CACd,MAAM4lE,EAAgBD,EAAW,GAC9B1nD,QAAQ,MAAO,IACf7B,MAAM,KACNhZ,KAAIw7B,IACH,IACE,OAAO11B,EAAM1H,MAAM0H,EAAMkD,KAAMwyB,EAAS+0B,cACzC,CAAC,MAAOhxD,GACP,MAAU3C,MAAM,2CAA6C4+B,EAAS+0B,cAClF,KAEM8R,EAAUlkE,QAAQqkE,EACxB,CAEA,IAGMH,EAAUplE,SAAWmlE,EAAeC,GACtC,MAAUzlE,MAAM,wDAEpB,CA9CEyf,CAAczgB,EAAM0gB,QAASizC,GAC7B,MAAMrlD,EAAY,IAAIolD,GAAUC,GAChC,OAAO,IAAIwS,GAAiBnmE,EAAMyP,KAAMnB,EAC1C,CAoDOvM,eAAe8kE,IAAuBp3D,KAAEA,KAASukD,IACtD,IAAKvkD,EACH,MAAUzO,MAAM,sEAElB,IAAKuV,EAAKC,SAAS/G,GACjB,MAAUzO,MAAM,yDAElB,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,OAAO,IAAIgkE,GAAiB12D,EAC9B,CCtKO1N,eAAeq9B,IAAYygC,QAAEA,EAAU,GAAE5oB,WAAEA,EAAUvjC,KAAEA,EAAIvJ,MAAEA,EAAKgqD,QAAEA,EAAU,KAAInjD,kBAAEA,EAAoB,EAACwxC,KAAEA,EAAO,IAAI9qC,KAAMyjD,QAAEA,EAAU,CAAC,CAAE,GAAC98B,OAAEA,EAAS,UAAW1qB,OAAAA,KAAWqgD,IACxI8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAC3BD,GAASvJ,GAIZuJ,EAAOA,GAAQ,MACfvJ,EAAQA,GAAS,qBAJjBuJ,EAAOC,EAAOQ,OAAS,aAAe,MACtChK,EAAQ,oBAKV01D,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAuB,IAAnB09D,EAAQx+D,SAAiBsS,EAAOQ,OAClC,MAAUnT,MAAM,oCAElB,GAAa,QAAT0S,GAAkBygD,EAAUxgD,EAAOkB,WACrC,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBs/C,KAG3E,MAAM5uD,EAAU,CAAEs6D,UAAS5oB,aAAYvjC,OAAMygD,UAAShqD,QAAO6G,oBAAmBwxC,OAAM2Y,WAEtF,IACE,MAAM/qD,IAAEA,EAAGotD,sBAAEA,SHIVz7D,eAAwBwD,EAASoO,GACtCpO,EAAQs6B,MAAO,GACft6B,EAAUq5D,GAA0Br5D,IAC5B41D,QAAU51D,EAAQ41D,QAAQ/2D,KAAI,CAAC4wD,EAAQn4C,IAAU+hD,GAA0Br5D,EAAQ41D,QAAQt+C,GAAQtX,KAC3G,IAAIqY,EAAW,CAACopD,GAAyBzhE,EAASoO,IAClDiK,EAAWA,EAAS3Z,OAAOsB,EAAQ41D,QAAQ/2D,KAAImB,GAAWs5D,GAA4Bt5D,EAASoO,MAC/F,MAAM40C,QAAgB5oD,QAAQ4E,IAAIqZ,GAE5BxN,QAAY8uD,GAAc3W,EAAQ,GAAIA,EAAQnmD,MAAM,GAAImD,EAASoO,GACjE6pD,QAA8BptD,EAAIktD,yBAAyB/3D,EAAQi9C,KAAM7uC,GAE/E,OADAvD,EAAI+nD,qBAAuB,GACpB,CAAE/nD,MAAKotD,wBAChB,CGhBiD5wB,CAASrnC,EAASoO,GAG/D,OAFAvD,EAAI4oD,UAAUt3D,SAAQ,EAAGguD,eAAgBkI,GAAqBlI,EAAW/7C,KAElE,CACLV,WAAYg0D,GAAa72D,EAAKiuB,EAAQ1qB,GACtCnI,UAAWy7D,GAAa72D,EAAI6tD,WAAY5/B,EAAQ1qB,GAChD6pD,wBAEH,CAAC,MAAOznC,GACP,MAAMxf,EAAK+G,UAAU,2BAA4ByY,EACrD,CACA,CAkBOh0B,eAAemlE,IAAYj0D,WAAEA,EAAU4sD,QAAEA,EAAU,GAAE5oB,WAAEA,EAAUjmC,kBAAEA,EAAoB,EAACwxC,KAAEA,EAAInkB,OAAEA,EAAS,UAAW1qB,OAAAA,KAAWqgD,IAC1F8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChCksD,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAuB,IAAnB09D,EAAQx+D,QAAiD,IAAjC4R,EAAWy8C,UAAUrY,QAC/C,MAAUr2C,MAAM,oCAElB,MAAMuE,EAAU,CAAE0N,aAAY4sD,UAAS5oB,aAAYjmC,oBAAmBwxC,QAEtE,IACE,MAAQpyC,IAAK+2D,EAAc3J,sBAAEA,SHP1Bz7D,eAAwBwD,EAASoO,GACtCpO,EAAU6hE,EAAS7hE,GACnB,MAAM0N,WAAEA,GAAe1N,EAEvB,IAAK0N,EAAWulD,YACd,MAAUx3D,MAAM,gCAGlB,GAAIiS,EAAWy8C,UAAUqC,UACvB,MAAU/wD,MAAM,2CAIlB,IADoBiS,EAAW+lD,UAAUj9B,OAAM,EAAG2zB,eAAgBA,EAAUM,gBAE1E,MAAUhvD,MAAM,wBAGlB,MAAMyuD,EAAkBx8C,EAAWy8C,UAE9BnqD,EAAQ41D,UACX51D,EAAQ41D,cAAgBx7D,QAAQ4E,IAAI0O,EAAWkoD,QAAQ/2D,KAAIrC,UACzD,MAAM+uD,EAAqBkE,EAAOtF,UAC5B6E,EAAe,CAAEnkD,IAAKq/C,EAAiBrsD,KAAM0tD,GAC7CkJ,QACJC,GAA+BjF,EAAO8E,kBAAmBrK,EAAiBvlD,EAAMoE,UAAU4B,cAAeqkD,EAAc,KAAM5gD,GAC7H7T,OAAM,KAAO,CAAE,KACjB,MAAO,CACL+/B,KAAMm6B,EAAiBpoD,UAAaooD,EAAiBpoD,SAAS,GAAK1H,EAAM0H,SAASU,SACnF,MAIL,MAAM6sD,EAAsBlsD,EAAWkoD,QAAQ/2D,KAAI4wD,GAAUA,EAAOtF,YACpE,GAAInqD,EAAQ41D,QAAQ95D,SAAW89D,EAAoB99D,OACjD,MAAUL,MAAM,6DAGlBuE,EAAQ41D,QAAU51D,EAAQ41D,QAAQ/2D,KAAI27D,GAAiBqH,EAASrH,EAAex6D,KAE/E,MAAM6K,QAAY8uD,GAAczP,EAAiB0P,EAAqB55D,EAASoO,GACzE6pD,QAA8BptD,EAAIktD,yBAAyB/3D,EAAQi9C,KAAM7uC,GAE/E,OADAvD,EAAI+nD,qBAAuB,GACpB,CAAE/nD,MAAKotD,yBAEd,SAAS4J,EAAS7hE,EAASiyD,EAAiB,IAK1C,OAJAjyD,EAAQyL,kBAAoBzL,EAAQyL,mBAAqBwmD,EAAexmD,kBACxEzL,EAAQ0xC,WAAa1gC,EAAKC,SAASjR,EAAQ0xC,YAAc1xC,EAAQ0xC,WAAaugB,EAAevgB,WAC7F1xC,EAAQi9C,KAAOj9C,EAAQi9C,MAAQgV,EAAehV,KAEvCj9C,CACX,CACA,CG5CiE8hE,CAAS9hE,EAASoO,GAE/E,MAAO,CACLV,WAAYg0D,GAAaE,EAAgB9oC,EAAQ1qB,GACjDnI,UAAWy7D,GAAaE,EAAelJ,WAAY5/B,EAAQ1qB,GAC3D6pD,wBAEH,CAAC,MAAOznC,GACP,MAAMxf,EAAK+G,UAAU,6BAA8ByY,EACvD,CACA,CAoBOh0B,eAAeulE,IAAUl3D,IAAEA,EAAGotD,sBAAEA,EAAqB1rD,oBAAEA,EAAmB0wC,KAAEA,EAAO,IAAI9qC,KAAM2mB,OAAEA,EAAS,UAAS1qB,OAAEA,KAAWqgD,IACzF8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChC,MAAMsgD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IACE,MAAMolE,EAAa/J,QACXptD,EAAImtD,2BAA2BC,EAAuBhb,EAAM7uC,SAC5DvD,EAAIqpD,OAAO3nD,EAAqB0wC,EAAM7uC,GAE9C,OAAO4zD,EAAW/O,YAAc,CAC9BvlD,WAAYg0D,GAAaM,EAAYlpC,EAAQ1qB,GAC7CnI,UAAWy7D,GAAaM,EAAWtJ,WAAY5/B,EAAQ1qB,IACrD,CACFV,WAAY,KACZzH,UAAWy7D,GAAaM,EAAYlpC,EAAQ1qB,GAE/C,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,qBAAsByY,EAC/C,CACA,CAYOh0B,eAAeylE,IAAWv0D,WAAEA,EAAUgkC,WAAEA,EAAYtjC,OAAAA,KAAWqgD,IAC1B8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChC,MAAMsgD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAAK8Q,EAAWulD,YACd,MAAUx3D,MAAM,+BAElB,MAAMymE,EAAmBx0D,EAAW5Q,OAAM,GACpCqlE,EAAcnxD,EAAKrW,QAAQ+2C,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMt3C,QAAQ4E,IAAIkjE,EAAiBzO,UAAU50D,KAAIgM,GAE/CmG,EAAKoH,WAAW+pD,EAAYtjE,KAAI6yC,GAAc7mC,EAAIs/C,UAAU3hC,QAAQkpB,eAGhEwwB,EAAiBlV,SAAS5+C,GACzB8zD,CACR,CAAC,MAAO1xC,GAEP,MADA0xC,EAAiBvV,qBACX37C,EAAK+G,UAAU,+BAAgCyY,EACzD,CACA,CAYOh0B,eAAe4lE,IAAW10D,WAAEA,EAAUgkC,WAAEA,EAAYtjC,OAAAA,KAAWqgD,IAC1B8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChC,MAAMsgD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAAK8Q,EAAWulD,YACd,MAAUx3D,MAAM,+BAElB,MAAMymE,EAAmBx0D,EAAW5Q,OAAM,GAEpC8zC,EAAOsxB,EAAiBzO,UACxB0O,EAAcnxD,EAAKrW,QAAQ+2C,GAAcA,EAAiB73C,MAAM+2C,EAAK90C,QAAQ8lB,KAAK8vB,GACxF,GAAIywB,EAAYrmE,SAAW80C,EAAK90C,OAC9B,MAAUL,MAAM,0DAGlB,IAME,aALMrB,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,MAAOqO,EAAK7O,KACrC,MAAMmuD,UAAEA,GAAct/C,QAChBs/C,EAAUjiC,QAAQi6C,EAAYnmE,GAAIoS,GACxC+7C,EAAUwC,oBAAoB,KAEzBuV,CACR,CAAC,MAAO1xC,GAEP,MADA0xC,EAAiBvV,qBACX37C,EAAK+G,UAAU,+BAAgCyY,EACzD,CACA,CAiCOh0B,eAAe0rB,IAAQza,QAAEA,EAAO8vD,eAAEA,EAAcvK,YAAEA,EAAW+I,UAAEA,EAASxT,WAAEA,EAAUzvB,OAAEA,EAAS,UAAS/vB,UAAEA,EAAY,KAAIq1C,SAAEA,GAAW,EAAK2gB,cAAEA,EAAgB,GAAEV,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAI9qC,KAAM6sD,eAAEA,EAAiB,GAAEqD,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,GAAIl0D,OAAAA,KAAWqgD,IAKlS,GAJ0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChCm0D,GAAa90D,GAAU+0D,GAAyB1pC,GAChDykC,EAAiBiE,GAAQjE,GAAiBvK,EAAcwO,GAAQxO,GAAc+I,EAAYyF,GAAQzF,GAClGgD,EAAgByC,GAAQzC,GAAgBV,EAAmBmD,GAAQnD,GAAmBW,EAAiBwC,GAAQxC,GAAiBqD,EAAoBb,GAAQa,GAAoBC,EAAqBd,GAAQc,GACzM7T,EAAKzpB,SACP,MAAUvpC,MAAM,+JAElB,GAAIgzD,EAAKgU,WAAY,MAAUhnE,MAAM,gGACrC,GAAIgzD,EAAK0J,YAAa,MAAU18D,MAAM,8FACtC,QAAmBa,IAAfmyD,EAAKphD,MAAqB,MAAU5R,MAAM,oFAC9C,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAE3Ho2D,IACHA,EAAc,IAGhB,IASE,IARIA,EAAYl3D,QAAUiN,KACxB0E,QAAgBA,EAAQ6sB,KAAK04B,EAAauK,EAAgBx0D,EAAWg2D,EAAe9hB,EAAM+hB,EAAgBX,EAAkBiE,EAAoBl0D,IAElJX,EAAUA,EAAQ82C,eT5Ff/nD,eAA2Co0C,EAAO,GAAIqM,EAAO,IAAI9qC,KAAQmoD,EAAU,GAAIlsD,EAASuD,GACrG,MAAMw+C,EAAcxrD,EAAM6C,YAAYC,aAChC2oD,EAAsBhiD,EAAOG,8BAK7Bm0D,QAA0BtoE,QAAQ4E,IAAI4xC,EAAK/xC,KAAIrC,eAAeqO,EAAK7O,GACvE,MACM2mE,SAD0B93D,EAAIylD,wBAAwBrT,EAAMqd,EAAQt+D,GAAIoS,IACrCpC,+BACzC,QAAS22D,GAAkBA,EAAeh/D,QAAQysD,IAAwB,CAC9E,KACE,OAAOsS,EAAkBlsC,MAAMyiC,SAAW7I,EAAsBD,CAClE,CSgFYyS,CAA4BrF,EAAgBtgB,EAAMolB,EAAmBj0D,GAC3EA,GAEFX,QAAgBA,EAAQya,QAAQq1C,EAAgBxB,EAAWxT,EAAYnK,EAAUigB,EAAkBphB,EAAMolB,EAAmBj0D,GAC7G,WAAX0qB,EAAqB,OAAOrrB,EAEhC,MACM1M,EADmB,YAAX+3B,EACOrrB,EAAQJ,MAAMe,GAAUX,EAAQxQ,QACrD,aAAa4lE,GAAc9hE,EAC5B,CAAC,MAAOyvB,GACP,MAAMxf,EAAK+G,UAAU,2BAA4ByY,EACrD,CACA,CAmCOh0B,eAAegsB,IAAQ/a,QAAEA,EAAOquD,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWzI,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAKhqC,OAAEA,EAAS,OAAM/vB,UAAEA,EAAY,KAAIk0C,KAAEA,EAAO,IAAI9qC,YAAQ/D,KAAWqgD,IAGxL,GAF0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChCm0D,GAAa90D,GAAU8lD,EAAmBiO,GAAQjO,GAAmBuI,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GAAYC,EAAcwF,GAAQxF,GACjKvN,EAAK0J,YAAa,MAAU18D,MAAM,iGACtC,GAAIgzD,EAAKgU,WAAY,MAAUhnE,MAAM,kGACrC,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IACE,MAAM4pD,QAAkB/4C,EAAQ+a,QAAQszC,EAAgBC,EAAWC,EAAa/e,EAAM7uC,GACjFmlD,IACHA,EAAmB,IAGrB,MAAMt3D,EAAS,CAAE,EAKjB,GAJAA,EAAO8yD,WAAahmD,QAAkBy9C,EAAUoZ,eAAe72D,EAAWwqD,EAAkBtW,EAAM7uC,SAAgBo4C,EAAU3rB,OAAO04B,EAAkBtW,EAAM7uC,GAC3JnS,EAAO8E,KAAkB,WAAX+3B,EAAsB0tB,EAAU8W,iBAAmB9W,EAAUpJ,UAC3EnhD,EAAOihD,SAAWsJ,EAAUhJ,cAC5BulB,GAAY9mE,EAAQwR,GAChBq1D,EAAc,CAChB,GAAgC,IAA5BvP,EAAiBz3D,OACnB,MAAUL,MAAM,+DAElB,GAAiC,IAA7BQ,EAAO8yD,WAAWjzD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOoU,EAAc,CAC1BlZ,EAAO8E,KACPw/C,GAAiB/jD,gBACTwU,EAAKoH,WAAWnc,EAAO8yD,WAAWlwD,KAAIomC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADA1wC,EAAO8E,WAAa8hE,GAAc5mE,EAAO8E,MAClC9E,CACR,CAAC,MAAOu0B,GACP,MAAMxf,EAAK+G,UAAU,2BAA4ByY,EACrD,CACA,CA4BOh0B,eAAe89B,IAAK7sB,QAAEA,EAAOulD,YAAEA,EAAWlD,cAAEA,EAAgB,GAAEh3B,OAAEA,EAAS,UAASkM,SAAEA,GAAW,EAAK+5B,cAAEA,EAAgB,GAAE9hB,KAAEA,EAAO,IAAI9qC,KAAM6sD,eAAEA,EAAiB,GAAEhP,iBAAEA,EAAmB,GAAEsS,mBAAEA,EAAqB,GAAEl0D,OAAEA,KAAWqgD,IAKlO,GAJ0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChC40D,GAAwBv1D,GAAU+0D,GAAyB1pC,GAC3Dk6B,EAAcwO,GAAQxO,GAAc+L,EAAgByC,GAAQzC,GAAgBC,EAAiBwC,GAAQxC,GAAiBlP,EAAgB0R,GAAQ1R,GAAgBE,EAAmBwR,GAAQxR,GAAmBsS,EAAqBd,GAAQc,GAErO7T,EAAK0J,YAAa,MAAU18D,MAAM,2FACtC,QAAmBa,IAAfmyD,EAAKphD,MAAqB,MAAU5R,MAAM,iFAC9C,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAI6Q,aAAmBmzD,IAA+B,WAAX9nC,EAAqB,MAAUr9B,MAAM,2DAChF,GAAIgS,aAAmBmzD,IAAoB57B,EAAU,MAAUvpC,MAAM,0CAErE,IAAKu3D,GAAsC,IAAvBA,EAAYl3D,OAC9B,MAAUL,MAAM,4BAGlB,IACE,IAAIsN,EAMJ,GAJEA,EADEi8B,QACgBv3B,EAAQ4xD,aAAarM,EAAalD,OAAexzD,EAAWyiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoBl0D,SAEvIX,EAAQ6sB,KAAK04B,EAAalD,OAAexzD,EAAWyiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoBl0D,GAEpI,WAAX0qB,EAAqB,OAAO/vB,EAYhC,OATAA,EADyB,YAAX+vB,EACM/vB,EAAUsE,MAAMe,GAAUrF,EAAU9L,QACpD+nC,IACFj8B,EAAYgT,EAAqBtO,EAAQu1C,QAAQ/lD,SAAST,MAAO4C,EAAUC,WACnEjF,QAAQ4E,IAAI,CAChB6oD,EAAY9+C,EAAW1J,GACvB+c,EAAiBhd,GAAU7E,OAAM,UACjC,WAGOsoE,GAAc95D,EAC5B,CAAC,MAAOynB,GACP,MAAMxf,EAAK+G,UAAU,wBAAyByY,EAClD,CACA,CA8BOh0B,eAAeq+B,IAAOptB,QAAEA,EAAO8lD,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAKhqC,OAAEA,EAAS,OAAM/vB,UAAEA,EAAY,KAAIk0C,KAAEA,EAAO,IAAI9qC,KAAM/D,OAAEA,KAAWqgD,IAG/I,GAF0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChC40D,GAAwBv1D,GAAU8lD,EAAmBiO,GAAQjO,GACzD9E,EAAKgU,WAAY,MAAUhnE,MAAM,iGACrC,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,GAAI6Q,aAAmBmzD,IAA+B,WAAX9nC,EAAqB,MAAUr9B,MAAM,iDAChF,GAAIgS,aAAmBmzD,IAAoB73D,EAAW,MAAUtN,MAAM,6CAEtE,IACE,MAAMQ,EAAS,CAAE,EAQjB,GANEA,EAAO8yD,WADLhmD,QACwB0E,EAAQmyD,eAAe72D,EAAWwqD,EAAkBtW,EAAM7uC,SAE1DX,EAAQotB,OAAO04B,EAAkBtW,EAAM7uC,GAEnEnS,EAAO8E,KAAkB,WAAX+3B,EAAsBrrB,EAAQ6vD,iBAAmB7vD,EAAQ2vC,UACnE3vC,EAAQy1C,aAAen6C,GAAWg6D,GAAY9mE,EAAQwR,GACtDq1D,EAAc,CAChB,GAAiC,IAA7B7mE,EAAO8yD,WAAWjzD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOoU,EAAc,CAC1BlZ,EAAO8E,KACPw/C,GAAiB/jD,gBACTwU,EAAKoH,WAAWnc,EAAO8yD,WAAWlwD,KAAIomC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADA1wC,EAAO8E,WAAa8hE,GAAc5mE,EAAO8E,MAClC9E,CACR,CAAC,MAAOu0B,GACP,MAAMxf,EAAK+G,UAAU,iCAAkCyY,EAC3D,CACA,CAoBOh0B,eAAestD,IAAmByT,eAAEA,EAActgB,KAAEA,EAAO,IAAI9qC,KAAMkwD,kBAAEA,EAAoB,GAAIj0D,OAAAA,KAAWqgD,IAG/G,GAF0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChCmvD,EAAiBiE,GAAQjE,GAAiB8E,EAAoBb,GAAQa,GAClE5T,EAAKgU,WAAY,MAAUhnE,MAAM,2GACrC,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAEE,aAD0B6+D,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMolB,EAAmBj0D,EAE/F,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,+BAAgCyY,EACzD,CACA,CAqBOh0B,eAAe+hE,IAAkBx9D,KAAEA,EAAI+uC,UAAEA,EAASgW,cAAEA,EAAayX,eAAEA,EAAcxB,UAAEA,EAASjjC,OAAEA,EAAS,UAASslB,SAAEA,GAAW,EAAKigB,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAI9qC,KAAMkwD,kBAAEA,EAAoB,GAAIj0D,OAAAA,KAAWqgD,IAItN,GAH0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAgElC,SAAqBrN,GACnB,IAAKiQ,EAAKtV,aAAaqF,GACrB,MAAUtF,MAAM,8CAEpB,CAnEEwnE,CAAYliE,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAK6O,EAAKC,SAASlQ,GACjB,MAAUtF,MAAM,gBAAmC,2BAEvD,CA9DqBynE,CAAYpzB,EAAW,aAAc0yB,GAAyB1pC,GACjFykC,EAAiBiE,GAAQjE,GAAiBxB,EAAYyF,GAAQzF,GAAYsC,EAAmBmD,GAAQnD,GAAmBgE,EAAoBb,GAAQa,GAChJ5T,EAAKgU,WAAY,MAAUhnE,MAAM,0GACrC,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,KAAM2gE,GAA4C,IAA1BA,EAAezhE,QAAmBigE,GAAkC,IAArBA,EAAUjgE,QAC/E,MAAUL,MAAM,6CAGlB,IAEE,OAAOimE,SADejG,GAAQ8C,kBAAkBx9D,EAAM+uC,EAAWgW,EAAeyX,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMolB,EAAmBj0D,GACnI0qB,EAAQ1qB,EACtC,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,+BAAgCyY,EACzD,CACA,CAiBOh0B,eAAe6/D,IAAmB5uD,QAAEA,EAAOquD,eAAEA,EAAcC,UAAEA,EAAS9e,KAAEA,EAAO,IAAI9qC,KAAQ/D,OAAAA,KAAWqgD,IAG3G,GAF0C8S,GAA1CnzD,EAAS,IAAKuD,KAAkBvD,IAChCm0D,GAAa90D,GAAUquD,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GACjFtN,EAAK0J,YAAa,MAAU18D,MAAM,4GACtC,MAAMizD,EAAiB10D,OAAO42C,KAAK6d,GAAO,GAAIC,EAAe5yD,OAAS,EAAG,MAAUL,MAAM,mBAAmBizD,EAAe9xD,KAAK,OAEhI,IAEE,aAD0B6Q,EAAQ4uD,mBAAmBP,EAAgBC,OAAWz/D,EAAW2gD,EAAM7uC,EAElG,CAAC,MAAOoiB,GACP,MAAMxf,EAAK+G,UAAU,gCAAiCyY,EAC1D,CACA,CAwBA,SAAS+xC,GAAa90D,GACpB,KAAMA,aAAmBguD,IACvB,MAAUhgE,MAAM,kDAEpB,CACA,SAASunE,GAAwBv1D,GAC/B,KAAMA,aAAmBmzD,IAAuBnzD,aAAmBguD,IACjE,MAAUhgE,MAAM,sEAEpB,CACA,SAAS+mE,GAAyB1pC,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUr9B,MAAM,sBAAsBq9B,EAE1C,CACA,MAAMqqC,GAA0BnpE,OAAO42C,KAAKj/B,GAAe7V,OAC3D,SAASylE,GAAYnzD,GACnB,MAAMg1D,EAAmBppE,OAAO42C,KAAKxiC,GACrC,GAAIg1D,EAAiBtnE,SAAWqnE,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiC9mE,IAA7BqV,EAAc0xD,GAChB,MAAU5nE,MAAM,4BAA4B4nE,EAIpD,CAQA,SAAS7B,GAAQl0B,GAIf,OAHIA,IAAUt8B,EAAKrW,QAAQ2yC,KACzBA,EAAQ,CAACA,IAEJA,CACT,CASA9wC,eAAeqmE,GAAc9hE,GAE3B,MAAmB,UADAiQ,EAAK7V,SAAS4F,GAExBqb,EAAiBrb,GAEnBA,CACT,CAUA,SAASgiE,GAAY9mE,EAAQwR,GAC3BxR,EAAO8E,KAAOgb,EAAqBtO,EAAQu1C,QAAQ9nD,QAAQsB,MAAO4C,EAAUC,WACpEwoD,EAAY5rD,EAAO8E,KAAM1B,EAAU,CACvCE,cAAc,IAEhB,MAAM1E,EAASohB,EAAiB5c,GAChC,UAEQ+c,EAAiBhd,GAAUgnB,GAAKA,UAChCvrB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,IAEA,CASA,SAASsjE,GAAa4B,EAAQxqC,EAAQ1qB,GACpC,OAAQ0qB,GACN,IAAK,SACH,OAAOwqC,EACT,IAAK,UACH,OAAOA,EAAOj2D,MAAMe,GACtB,IAAK,SACH,OAAOk1D,EAAOrmE,QAChB,QACE,MAAUxB,MAAM,sBAAsBq9B,GAE5C,CC1tBA,SAASxD,GAAOvjB,GACZ,IAAKwP,OAAOgiD,cAAcxxD,IAAMA,EAAI,EAChC,MAAUtW,MAAM,kCAAkCsW,EAC1D,CAUA,SAAS1N,GAAM4N,KAAM0N,GACjB,MALoBjH,EAKPzG,aAJQtW,YACX,MAAL+c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE5e,YAAYqI,MAIrD,MAAU1G,MAAM,uBANjB,IAAiBid,EAOpB,GAAIiH,EAAQ7jB,OAAS,IAAM6jB,EAAQrG,SAASrH,EAAEnW,QAC1C,MAAUL,MAAM,iCAAiCkkB,oBAA0B1N,EAAEnW,SACrF,CAOA,SAAS8jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUtkB,MAAM,oCACpB,GAAIqkB,GAAiBD,EAASG,SAC1B,MAAUvkB,MAAM,wCACxB,CACA,SAASqF,GAAOmf,EAAKJ,GACjBxb,GAAM4b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAInkB,OAASokB,EACb,MAAUzkB,MAAM,yDAAyDykB,EAEjF,CChCO,MAAM3J,GAASilB,GAAoB,iBAAPA,GAAmB,cAAeA,EAC/DA,EAAG9kB,UACH8kB,GAAoB,iBAAPA,GAAmB,gBAAiBA,EAC7CA,OACAl/B,ECUGikB,GAAcF,GAAQ,IAAItF,SAASsF,EAAI7c,OAAQ6c,EAAI9b,WAAY8b,EAAI7b,YAEnEg/D,GAAO,CAACh9C,EAAMnjB,IAAWmjB,GAAS,GAAKnjB,EAAWmjB,IAASnjB,EAE3DogE,GAAO,CAACj9C,EAAMnjB,IAAWmjB,GAAQnjB,EAAWmjB,IAAU,GAAKnjB,IAAY,EACvE6d,GAAmE,KAA5D,IAAIvlB,WAAW,IAAI2e,YAAY,CAAC,YAAa9W,QAAQ;sEASlE,SAASkgE,GAAWrjD,GACvB,IAAK,IAAIrkB,EAAI,EAAGA,EAAIqkB,EAAIvkB,OAAQE,IAC5BqkB,EAAIrkB,IATawqB,EASCnG,EAAIrkB,KATc,GAAM,WAC5CwqB,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAHG,IAACA,CAWzB,CAoEO,SAAS/F,GAAYvM,GACxB,GAAmB,iBAARA,EACP,MAAUzY,MAAM,2CAA2CyY,GAC/D,OAAO,IAAIvY,YAAW,IAAIiZ,aAAcE,OAAOZ,GACnD,CAMO,SAASsM,GAAQzf,GAIpB,MAHoB,iBAATA,IACPA,EAAO0f,GAAY1f,IACvByhB,GAAOzhB,GACAA,CACX,CAIO,SAAS+rB,MAAejxB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAM0c,EAAI7c,EAAOG,GACjBwmB,GAAO9J,GACPkU,GAAOlU,EAAE5c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAM0c,EAAI7c,EAAOG,GACjBgpB,EAAI3oB,IAAIqc,EAAGmU,GACXA,GAAOnU,EAAE5c,MACjB,CACI,OAAOkpB,CACX,CAEO,MAAM2+C,GAET,KAAA7mE,GACI,OAAO5C,KAAK0pE,YACpB,EASO,SAASC,GAAgBr+C,GAC5B,MAAMC,EAASC,GAAQF,IAAW/G,OAAO+B,GAAQkF,IAAMhH,SACjDiH,EAAMH,IAIZ,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,IAAMsG,IACdC,CACX,CAoBO,SAAS0R,GAAY2sC,EAAc,IACtC,GAAIvtD,IAA4C,mBAA3BA,GAAOyf,gBACxB,OAAOzf,GAAOyf,gBAAgB,IAAIr6B,WAAWmoE,IAGjD,GAAIvtD,IAAwC,mBAAvBA,GAAO4gB,YACxB,OAAO5gB,GAAO4gB,YAAY2sC,GAE9B,MAAUroE,MAAM,yCACpB,CCzKO,MAAMsoE,GAAM,CAACrrD,EAAGzG,EAAGqL,IAAO5E,EAAIzG,GAAOyG,EAAI4E,EAInC0mD,GAAM,CAACtrD,EAAGzG,EAAGqL,IAAO5E,EAAIzG,EAAMyG,EAAI4E,EAAMrL,EAAIqL,EAKlD,MAAM2mD,WAAeN,GACxB,WAAA7pE,CAAYqoB,EAAUhC,EAAW+jD,EAAWhjD,GACxCnnB,QACAG,KAAKioB,SAAWA,EAChBjoB,KAAKimB,UAAYA,EACjBjmB,KAAKgqE,UAAYA,EACjBhqE,KAAKgnB,KAAOA,EACZhnB,KAAK8lB,UAAW,EAChB9lB,KAAK4B,OAAS,EACd5B,KAAKgC,IAAM,EACXhC,KAAK6lB,WAAY,EACjB7lB,KAAKsJ,OAAS,IAAI7H,WAAWwmB,GAC7BjoB,KAAK+mB,KAAOV,GAAWrmB,KAAKsJ,OACpC,CACI,MAAAib,CAAO1d,GACH6e,GAAO1lB,MACP,MAAM+mB,KAAEA,EAAIzd,OAAEA,EAAM2e,SAAEA,GAAajoB,KAE7BstB,GADNzmB,EAAOyf,GAAQzf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMsrB,GAAM,CAC1B,MAAM28C,EAAOxhE,KAAKud,IAAIiC,EAAWjoB,KAAKgC,IAAKsrB,EAAMtrB,GAEjD,GAAIioE,IAAShiD,EAMb3e,EAAOnH,IAAI0E,EAAKmC,SAAShH,EAAKA,EAAMioE,GAAOjqE,KAAKgC,KAChDhC,KAAKgC,KAAOioE,EACZjoE,GAAOioE,EACHjqE,KAAKgC,MAAQimB,IACbjoB,KAAKoD,QAAQ2jB,EAAM,GACnB/mB,KAAKgC,IAAM,OAXf,CACI,MAAMkoE,EAAW7jD,GAAWxf,GAC5B,KAAOohB,GAAYqF,EAAMtrB,EAAKA,GAAOimB,EACjCjoB,KAAKoD,QAAQ8mE,EAAUloE,EAE3C,CAQA,CAGQ,OAFAhC,KAAK4B,QAAUiF,EAAKjF,OACpB5B,KAAKmqE,aACEnqE,IACf,CACI,UAAA2qB,CAAW5E,GACPL,GAAO1lB,MACP4G,GAAOmf,EAAK/lB,MACZA,KAAK8lB,UAAW,EAIhB,MAAMxc,OAAEA,EAAMyd,KAAEA,EAAIkB,SAAEA,EAAQjB,KAAEA,GAAShnB,KACzC,IAAIgC,IAAEA,GAAQhC,KAEdsJ,EAAOtH,KAAS,IAChBhC,KAAKsJ,OAAON,SAAShH,GAAK0lB,KAAK,GAG3B1nB,KAAKgqE,UAAY/hD,EAAWjmB,IAC5BhC,KAAKoD,QAAQ2jB,EAAM,GACnB/kB,EAAM,GAGV,IAAK,IAAIF,EAAIE,EAAKF,EAAImmB,EAAUnmB,IAC5BwH,EAAOxH,GAAK,GApFxB,SAAsBilB,EAAM1c,EAAY9H,EAAOykB,GAC3C,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAazc,EAAY9H,EAAOykB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ9kB,GAAS0kB,EAAQE,GAC9BG,EAAKD,OAAO9kB,EAAQ4kB,GACpBqK,EAAIxK,EAAO,EAAI,EACfsb,EAAItb,EAAO,EAAI,EACrBD,EAAKQ,UAAUld,EAAamnB,EAAGpK,EAAIJ,GACnCD,EAAKQ,UAAUld,EAAai4B,EAAGhb,EAAIN,EACvC,CA6EQF,CAAaC,EAAMkB,EAAW,EAAGf,OAAqB,EAAdlnB,KAAK4B,QAAaolB,GAC1DhnB,KAAKoD,QAAQ2jB,EAAM,GACnB,MAAMqjD,EAAQ/jD,GAAWN,GACnBuH,EAAMttB,KAAKimB,UAEjB,GAAIqH,EAAM,EACN,MAAU/rB,MAAM,+CACpB,MAAMwuB,EAASzC,EAAM,EACfnI,EAAQnlB,KAAKmI,MACnB,GAAI4nB,EAAS5K,EAAMvjB,OACf,MAAUL,MAAM,sCACpB,IAAK,IAAIO,EAAI,EAAGA,EAAIiuB,EAAQjuB,IACxBsoE,EAAM7iD,UAAU,EAAIzlB,EAAGqjB,EAAMrjB,GAAIklB,EAC7C,CACI,MAAAxC,GACI,MAAMlb,OAAEA,EAAM2c,UAAEA,GAAcjmB,KAC9BA,KAAK2qB,WAAWrhB,GAChB,MAAMwhB,EAAMxhB,EAAO3G,MAAM,EAAGsjB,GAE5B,OADAjmB,KAAKiJ,UACE6hB,CACf,CACI,UAAA4+C,CAAWW,GACPA,IAAOA,EAAK,IAAIrqE,KAAKJ,aACrByqE,EAAGloE,OAAOnC,KAAKmI,OACf,MAAM8f,SAAEA,EAAQ3e,OAAEA,EAAM1H,OAAEA,EAAMkkB,SAAEA,EAAQD,UAAEA,EAAS7jB,IAAEA,GAAQhC,KAO/D,OANAqqE,EAAGzoE,OAASA,EACZyoE,EAAGroE,IAAMA,EACTqoE,EAAGvkD,SAAWA,EACdukD,EAAGxkD,UAAYA,EACXjkB,EAASqmB,GACToiD,EAAG/gE,OAAOnH,IAAImH,GACX+gE,CACf,ECtHA,MAAMC,kBAA2B,IAAIlqD,YAAY,CAC7C,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAKlFmqD,kBAA4B,IAAInqD,YAAY,CAC9C,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAIlFoqD,kBAA2B,IAAIpqD,YAAY,IAC1C,MAAMqqD,WAAeV,GACxB,WAAAnqE,GACIC,MAAM,GAAI,GAAI,GAAG,GAGjBG,KAAKkjC,EAAmB,EAAfqnC,GAAU,GACnBvqE,KAAK68D,EAAmB,EAAf0N,GAAU,GACnBvqE,KAAKw0C,EAAmB,EAAf+1B,GAAU,GACnBvqE,KAAKgiC,EAAmB,EAAfuoC,GAAU,GACnBvqE,KAAK0qE,EAAmB,EAAfH,GAAU,GACnBvqE,KAAK2qE,EAAmB,EAAfJ,GAAU,GACnBvqE,KAAK4qE,EAAmB,EAAfL,GAAU,GACnBvqE,KAAK6qE,EAAmB,EAAfN,GAAU,EAC3B,CACI,GAAApiE,GACI,MAAM+6B,EAAEA,EAAC25B,EAAEA,EAACroB,EAAEA,EAACxS,EAAEA,EAAC0oC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAM7qE,KACnC,MAAO,CAACkjC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,EAAGC,EAAGC,EAAGC,EACrC,CAEI,GAAA1oE,CAAI+gC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,EAAGC,EAAGC,EAAGC,GACrB7qE,KAAKkjC,EAAQ,EAAJA,EACTljC,KAAK68D,EAAQ,EAAJA,EACT78D,KAAKw0C,EAAQ,EAAJA,EACTx0C,KAAKgiC,EAAQ,EAAJA,EACThiC,KAAK0qE,EAAQ,EAAJA,EACT1qE,KAAK2qE,EAAQ,EAAJA,EACT3qE,KAAK4qE,EAAQ,EAAJA,EACT5qE,KAAK6qE,EAAQ,EAAJA,CACjB,CACI,OAAAznE,CAAQ2jB,EAAMjO,GAEV,IAAK,IAAIhX,EAAI,EAAGA,EAAI,GAAIA,IAAKgX,GAAU,EACnC0xD,GAAS1oE,GAAKilB,EAAK0B,UAAU3P,GAAQ,GACzC,IAAK,IAAIhX,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAC1B,MAAMgpE,EAAMN,GAAS1oE,EAAI,IACnBipE,EAAKP,GAAS1oE,EAAI,GAClBomB,EAAKohD,GAAKwB,EAAK,GAAKxB,GAAKwB,EAAK,IAAOA,IAAQ,EAC7C3iD,EAAKmhD,GAAKyB,EAAI,IAAMzB,GAAKyB,EAAI,IAAOA,IAAO,GACjDP,GAAS1oE,GAAMqmB,EAAKqiD,GAAS1oE,EAAI,GAAKomB,EAAKsiD,GAAS1oE,EAAI,IAAO,CAC3E,CAEQ,IAAIohC,EAAEA,EAAC25B,EAAEA,EAACroB,EAAEA,EAACxS,EAAEA,EAAC0oC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAM7qE,KACjC,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MACM2qB,EAAMo+C,GADGvB,GAAKoB,EAAG,GAAKpB,GAAKoB,EAAG,IAAMpB,GAAKoB,EAAG,KACzBb,GAAIa,EAAGC,EAAGC,GAAKN,GAASxoE,GAAK0oE,GAAS1oE,GAAM,EAE/D4qB,GADS48C,GAAKpmC,EAAG,GAAKomC,GAAKpmC,EAAG,IAAMomC,GAAKpmC,EAAG,KAC7B4mC,GAAI5mC,EAAG25B,EAAGroB,GAAM,EACrCq2B,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAK1oC,EAAIvV,EAAM,EACfuV,EAAIwS,EACJA,EAAIqoB,EACJA,EAAI35B,EACJA,EAAKzW,EAAKC,EAAM,CAC5B,CAEQwW,EAAKA,EAAIljC,KAAKkjC,EAAK,EACnB25B,EAAKA,EAAI78D,KAAK68D,EAAK,EACnBroB,EAAKA,EAAIx0C,KAAKw0C,EAAK,EACnBxS,EAAKA,EAAIhiC,KAAKgiC,EAAK,EACnB0oC,EAAKA,EAAI1qE,KAAK0qE,EAAK,EACnBC,EAAKA,EAAI3qE,KAAK2qE,EAAK,EACnBC,EAAKA,EAAI5qE,KAAK4qE,EAAK,EACnBC,EAAKA,EAAI7qE,KAAK6qE,EAAK,EACnB7qE,KAAKmC,IAAI+gC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,EAAGC,EAAGC,EAAGC,EACtC,CACI,UAAAV,GACIK,GAAS9iD,KAAK,EACtB,CACI,OAAAze,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC9BnC,KAAKsJ,OAAOoe,KAAK,EACzB,EAGA,MAAMsjD,WAAeP,GACjB,WAAA7qE,GACIC,QACAG,KAAKkjC,GAAI,WACTljC,KAAK68D,EAAI,UACT78D,KAAKw0C,EAAI,UACTx0C,KAAKgiC,GAAI,UACThiC,KAAK0qE,GAAI,QACT1qE,KAAK2qE,EAAI,WACT3qE,KAAK4qE,EAAI,WACT5qE,KAAK6qE,GAAI,WACT7qE,KAAKimB,UAAY,EACzB,EAMO,MAAMlY,kBAAyB47D,IAAgB,IAAM,IAAIc,KAInDv8D,kBAAyBy7D,IAAgB,IAAM,IAAIqB,KCzHzD,MAAMC,WAAaxB,GACtB,WAAA7pE,CAAY+N,EAAMgsB,GACd95B,QACAG,KAAK8lB,UAAW,EAChB9lB,KAAK6lB,WAAY,ELYzB,SAAc2L,GACV,GAAiB,mBAANA,GAAwC,mBAAbA,EAAExM,OACpC,MAAUzjB,MAAM,mDACpB65B,GAAO5J,EAAEvL,WACTmV,GAAO5J,EAAEvJ,SACb,CKhBQijD,CAAWv9D,GACX,MAAMgD,EAAM2V,GAAQqT,GAEpB,GADA35B,KAAKmrE,MAAQx9D,EAAKqX,SACe,mBAAtBhlB,KAAKmrE,MAAM5mD,OAClB,MAAUhjB,MAAM,uDACpBvB,KAAKioB,SAAWjoB,KAAKmrE,MAAMljD,SAC3BjoB,KAAKimB,UAAYjmB,KAAKmrE,MAAMllD,UAC5B,MAAMgC,EAAWjoB,KAAKioB,SAChB0K,EAAM,IAAIlxB,WAAWwmB,GAE3B0K,EAAIxwB,IAAIwO,EAAI/O,OAASqmB,EAAWta,EAAKqX,SAAST,OAAO5T,GAAK6T,SAAW7T,GACrE,IAAK,IAAI7O,EAAI,EAAGA,EAAI6wB,EAAI/wB,OAAQE,IAC5B6wB,EAAI7wB,IAAM,GACd9B,KAAKmrE,MAAM5mD,OAAOoO,GAElB3yB,KAAKorE,MAAQz9D,EAAKqX,SAElB,IAAK,IAAIljB,EAAI,EAAGA,EAAI6wB,EAAI/wB,OAAQE,IAC5B6wB,EAAI7wB,IAAM,IACd9B,KAAKorE,MAAM7mD,OAAOoO,GAClBA,EAAIjL,KAAK,EACjB,CACI,MAAAnD,CAAOzF,GAGH,OAFAusD,GAAarrE,MACbA,KAAKmrE,MAAM5mD,OAAOzF,GACX9e,IACf,CACI,UAAA2qB,CAAW5E,GACPslD,GAAarrE,MACbsrE,GAAYvlD,EAAK/lB,KAAKimB,WACtBjmB,KAAK8lB,UAAW,EAChB9lB,KAAKmrE,MAAMxgD,WAAW5E,GACtB/lB,KAAKorE,MAAM7mD,OAAOwB,GAClB/lB,KAAKorE,MAAMzgD,WAAW5E,GACtB/lB,KAAKiJ,SACb,CACI,MAAAub,GACI,MAAMuB,EAAM,IAAItkB,WAAWzB,KAAKorE,MAAMnlD,WAEtC,OADAjmB,KAAK2qB,WAAW5E,GACTA,CACf,CACI,UAAA2jD,CAAWW,GAEPA,IAAOA,EAAKvqE,OAAOklB,OAAOllB,OAAO+7D,eAAe77D,MAAO,CAAA,IACvD,MAAMorE,MAAEA,EAAKD,MAAEA,EAAKrlD,SAAEA,EAAQD,UAAEA,EAASoC,SAAEA,EAAQhC,UAAEA,GAAcjmB,KAQnE,OANAqqE,EAAGvkD,SAAWA,EACdukD,EAAGxkD,UAAYA,EACfwkD,EAAGpiD,SAAWA,EACdoiD,EAAGpkD,UAAYA,EACfokD,EAAGe,MAAQA,EAAM1B,WAAWW,EAAGe,OAC/Bf,EAAGc,MAAQA,EAAMzB,WAAWW,EAAGc,OACxBd,CACf,CACI,OAAAphE,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAKorE,MAAMniE,UACXjJ,KAAKmrE,MAAMliE,SACnB,EAYO,MAAMsiE,GAAO,CAAC59D,EAAMgD,EAAK4C,IAAY,IAAI03D,GAAKt9D,EAAMgD,GAAK4T,OAAOhR,GAASiR,SAChF+mD,GAAKvmD,OAAS,CAACrX,EAAMgD,IAAQ,IAAIs6D,GAAKt9D,EAAMgD;uEC1E5C,MAAMqpB,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC5B,SAAS1B,GAAQhH,GACpB,OAAQA,aAAa/c,YACX,MAAL+c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE5e,YAAYqI,IAC7D,CACO,SAASqgB,GAAO66C,GACnB,IAAK39C,GAAQ29C,GACT,MAAU5hE,MAAM,sBACxB,CACO,SAASiqE,GAAMC,EAAOlpE,GACzB,GAAqB,kBAAVA,EACP,MAAUhB,MAAM,GAAGkqE,iCAAqClpE,MAChE,CAEA,MAAMmpE,kBAAwB/rE,MAAM6gB,KAAK,CAAE5e,OAAQ,MAAO,CAACsqB,EAAGpqB,IAAMA,EAAE2e,SAAS,IAAIkrD,SAAS,EAAG,OAIxF,SAASC,GAAWzhE,GACvBme,GAAOne,GAEP,IAAIqP,EAAM,GACV,IAAK,IAAI1X,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAC9B0X,GAAOkyD,GAAMvhE,EAAMrI,IAEvB,OAAO0X,CACX,CACO,SAASqyD,GAAoB/hD,GAChC,MAAMtQ,EAAMsQ,EAAIrJ,SAAS,IACzB,OAAoB,EAAbjH,EAAI5X,OAAa,IAAI4X,EAAQA,CACxC,CACO,SAASsyD,GAAYtyD,GACxB,GAAmB,iBAARA,EACP,MAAUjY,MAAM,mCAAqCiY,GAEzD,OAAO0N,OAAe,KAAR1N,EAAa,IAAM,KAAKA,EAC1C,CAEA,MAAMuyD,GAAS,CAAEC,GAAI,GAAIpqC,GAAI,GAAIqqC,GAAI,GAAIC,GAAI,GAAIjzB,GAAI,GAAIkzB,GAAI,KAC7D,SAASC,GAAcC,GACnB,OAAIA,GAAQN,GAAOC,IAAMK,GAAQN,GAAOnqC,GAC7ByqC,EAAON,GAAOC,GACrBK,GAAQN,GAAOE,IAAMI,GAAQN,GAAOG,GAC7BG,GAAQN,GAAOE,GAAK,IAC3BI,GAAQN,GAAO9yB,IAAMozB,GAAQN,GAAOI,GAC7BE,GAAQN,GAAO9yB,GAAK,SAD/B,CAGJ,CAIO,SAASqzB,GAAW9yD,GACvB,GAAmB,iBAARA,EACP,MAAUjY,MAAM,mCAAqCiY,GACzD,MAAMitB,EAAKjtB,EAAI5X,OACT2qE,EAAK9lC,EAAK,EAChB,GAAIA,EAAK,EACL,MAAUllC,MAAM,0DAA4DklC,GAChF,MAAMxqB,EAAQ,IAAIxa,WAAW8qE,GAC7B,IAAK,IAAIC,EAAK,EAAGC,EAAK,EAAGD,EAAKD,EAAIC,IAAMC,GAAM,EAAG,CAC7C,MAAMhwC,EAAK2vC,GAAc5yD,EAAIU,WAAWuyD,IAClCC,EAAKN,GAAc5yD,EAAIU,WAAWuyD,EAAK,IAC7C,QAAWrqE,IAAPq6B,QAA2Br6B,IAAPsqE,EAAkB,CACtC,MAAML,EAAO7yD,EAAIizD,GAAMjzD,EAAIizD,EAAK,GAChC,MAAUlrE,MAAM,+CAAiD8qE,EAAO,cAAgBI,EACpG,CACQxwD,EAAMuwD,GAAW,GAAL/vC,EAAUiwC,CAC9B,CACI,OAAOzwD,CACX,CAEO,SAAS0wD,GAAgBxiE,GAC5B,OAAO2hE,GAAYF,GAAWzhE,GAClC,CACO,SAASyiE,GAAgBziE,GAE5B,OADAme,GAAOne,GACA2hE,GAAYF,GAAWnqE,WAAW+e,KAAKrW,GAAO8gB,WACzD,CACO,SAAS4hD,GAAgBh1D,EAAGyV,GAC/B,OAAOg/C,GAAWz0D,EAAE4I,SAAS,IAAIkrD,SAAe,EAANr+C,EAAS,KACvD,CACO,SAASw/C,GAAgBj1D,EAAGyV,GAC/B,OAAOu/C,GAAgBh1D,EAAGyV,GAAKrC,SACnC,CAcO,SAAS8hD,GAAYtB,EAAOjyD,EAAKwO,GACpC,IAAI8C,EACJ,GAAmB,iBAARtR,EACP,IACIsR,EAAMwhD,GAAW9yD,EAC7B,CACQ,MAAOtV,GACH,MAAU3C,MAAM,GAAGkqE,oCAAwCjyD,cAAgBtV,IACvF,KAES,KAAIshB,GAAQhM,GAMb,MAAUjY,MAASkqE,EAAH,qCAHhB3gD,EAAMrpB,WAAW+e,KAAKhH,EAI9B,CACI,MAAM8T,EAAMxC,EAAIlpB,OAChB,GAA8B,iBAAnBomB,GAA+BsF,IAAQtF,EAC9C,MAAUzmB,MAAM,GAAGkqE,cAAkBzjD,gBAA6BsF,KACtE,OAAOxC,CACX,CAIO,SAAS8H,MAAejxB,GAC3B,IAAI+wB,EAAM,EACV,IAAK,IAAI5wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAM0c,EAAI7c,EAAOG,GACjBwmB,GAAO9J,GACPkU,GAAOlU,EAAE5c,MACjB,CACI,MAAMkpB,EAAM,IAAIrpB,WAAWixB,GAC3B,IAAK,IAAI5wB,EAAI,EAAG6wB,EAAM,EAAG7wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAM0c,EAAI7c,EAAOG,GACjBgpB,EAAI3oB,IAAIqc,EAAGmU,GACXA,GAAOnU,EAAE5c,MACjB,CACI,OAAOkpB,CACX,CAmBA,MAAMkiD,GAAYn1D,GAAmB,iBAANA,GAAkBmiB,IAAOniB,EACjD,SAASo1D,GAAQp1D,EAAGmO,EAAKtd,GAC5B,OAAOskE,GAASn1D,IAAMm1D,GAAShnD,IAAQgnD,GAAStkE,IAAQsd,GAAOnO,GAAKA,EAAInP,CAC5E,CAMO,SAASwkE,GAASzB,EAAO5zD,EAAGmO,EAAKtd,GAMpC,IAAKukE,GAAQp1D,EAAGmO,EAAKtd,GACjB,MAAUnH,MAAM,kBAAkBkqE,MAAUzlD,YAActd,iBAAmBmP,KAAKA,IAC1F,CAMO,SAASs1D,GAAOt1D,GACnB,IAAIyV,EACJ,IAAKA,EAAM,EAAGzV,EAAImiB,GAAKniB,IAAMoiB,GAAK3M,GAAO,GAEzC,OAAOA,CACX,CAmBO,MAAM8/C,GAAWv1D,IAAO4oB,IAAOvZ,OAAOrP,EAAI,IAAMoiB,GAEjDozC,GAAOxmE,GAAS,IAAIpF,WAAWoF,GAC/BymE,GAAQnnD,GAAQ1kB,WAAW+e,KAAK2F,GAQ/B,SAASonD,GAAeC,EAASC,EAAUC,GAC9C,GAAuB,iBAAZF,GAAwBA,EAAU,EACzC,MAAUjsE,MAAM,4BACpB,GAAwB,iBAAbksE,GAAyBA,EAAW,EAC3C,MAAUlsE,MAAM,6BACpB,GAAsB,mBAAXmsE,EACP,MAAUnsE,MAAM,6BAEpB,IAAIuY,EAAIuzD,GAAIG,GACR/zD,EAAI4zD,GAAIG,GACR1rE,EAAI,EACR,MAAM6rE,EAAQ,KACV7zD,EAAE4N,KAAK,GACPjO,EAAEiO,KAAK,GACP5lB,EAAI,CAAC,EAEH0vB,EAAI,IAAIzZ,IAAM21D,EAAOj0D,EAAGK,KAAM/B,GAC9B61D,EAAS,CAAC1iC,EAAOmiC,QAEnB5zD,EAAI+X,EAAE87C,GAAK,CAAC,IAAQpiC,GACpBpxB,EAAI0X,IACgB,IAAhB0Z,EAAKtpC,SAET6X,EAAI+X,EAAE87C,GAAK,CAAC,IAAQpiC,GACpBpxB,EAAI0X,IAAG,EAELq8C,EAAM,KAER,GAAI/rE,KAAO,IACP,MAAUP,MAAM,2BACpB,IAAI+rB,EAAM,EACV,MAAMvH,EAAM,GACZ,KAAOuH,EAAMmgD,GAAU,CACnB3zD,EAAI0X,IACJ,MAAMwvB,EAAKlnC,EAAEnX,QACbojB,EAAIjjB,KAAKk+C,GACT1zB,GAAOxT,EAAElY,MACrB,CACQ,OAAOgxB,MAAe7M,EAAI,EAW9B,MATiB,CAACmlB,EAAM4iC,KAGpB,IAAIhjD,EACJ,IAHA6iD,IACAC,EAAO1iC,KAEEpgB,EAAMgjD,EAAKD,OAChBD,IAEJ,OADAD,IACO7iD,CAAG,CAGlB,CAEA,MAAMijD,GAAe,CACjBC,OAASC,GAAuB,iBAARA,EACxBC,SAAWD,GAAuB,mBAARA,EAC1BE,QAAUF,GAAuB,kBAARA,EACzB/T,OAAS+T,GAAuB,iBAARA,EACxBG,mBAAqBH,GAAuB,iBAARA,GAAoBzoD,GAAQyoD,GAChE5E,cAAgB4E,GAAQ5mD,OAAOgiD,cAAc4E,GAC7ChyD,MAAQgyD,GAAQtuE,MAAMc,QAAQwtE,GAC9BI,MAAO,CAACJ,EAAK7E,IAAWA,EAAOkF,GAAGC,QAAQN,GAC1CtgE,KAAOsgE,GAAuB,mBAARA,GAAsB5mD,OAAOgiD,cAAc4E,EAAIhoD,YAGlE,SAASuoD,GAAepF,EAAQqF,EAAYC,EAAgB,CAAA,GAC/D,MAAMC,EAAa,CAACC,EAAW36D,EAAM46D,KACjC,MAAMC,EAAWf,GAAa95D,GAC9B,GAAwB,mBAAb66D,EACP,MAAUvtE,MAAM,sBAAsB0S,yBAC1C,MAAMg6D,EAAM7E,EAAOwF,GACnB,KAAIC,QAAsBzsE,IAAR6rE,GAEba,EAASb,EAAK7E,IACf,MAAU7nE,MAAM,iBAAwBqtE,EAAP53D,MAAqBi3D,aAAeA,gBAAkBh6D,IACnG,EAEI,IAAK,MAAO26D,EAAW36D,KAASnU,OAAOiI,QAAQ0mE,GAC3CE,EAAWC,EAAW36D,GAAM,GAChC,IAAK,MAAO26D,EAAW36D,KAASnU,OAAOiI,QAAQ2mE,GAC3CC,EAAWC,EAAW36D,GAAM,GAChC,OAAOm1D,CACX,CAmBO,SAAS2F,GAAS9nE,GACrB,MAAMtC,EAAM,IAAIqqE,QAChB,MAAO,CAACC,KAAQ1mB,KACZ,MAAM0lB,EAAMtpE,EAAIwD,IAAI8mE,GACpB,QAAY7sE,IAAR6rE,EACA,OAAOA,EACX,MAAMn7B,EAAW7rC,EAAGgoE,KAAQ1mB,GAE5B,OADA5jD,EAAIxC,IAAI8sE,EAAKn8B,GACNA,CAAQ,CAEvB,yFAtIO,SAAgBj7B,EAAG7V,GACtB,OAAQ6V,GAAKqP,OAAOllB,GAAQi4B,EAChC,8BAIO,SAAgBpiB,EAAG7V,EAAKO,GAC3B,OAAOsV,GAAMtV,EAAQ03B,GAAMD,KAAQ9S,OAAOllB,EAC9C,iHA3DO,SAAoBwc,EAAGzG,GAC1B,GAAIyG,EAAE5c,SAAWmW,EAAEnW,OACf,OAAO,EACX,IAAI8kB,EAAO,EACX,IAAK,IAAI5kB,EAAI,EAAGA,EAAI0c,EAAE5c,OAAQE,IAC1B4kB,GAAQlI,EAAE1c,GAAKiW,EAAEjW,GACrB,OAAgB,IAAT4kB,CACX,gFAiK8B,KAC1B,MAAUnlB,MAAM,kBAAkB,kFA/N/B,SAA4BsW,GAC/B,OAAOy0D,GAAWT,GAAoBh0D,GAC1C,cA+DO,SAAqBmC,GACxB,GAAmB,iBAARA,EACP,MAAUzY,MAAM,2CAA2CyY,GAC/D,OAAO,IAAIvY,YAAW,IAAIiZ,aAAcE,OAAOZ,GACnD;sEC7JA,MAAMggB,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIgoD,GAAMhoD,OAAO,GAEhEioD,GAAMjoD,OAAO,GAAIkoD,GAAMloD,OAAO,GAAIuU,GAAMvU,OAAO,GAI9C,SAASiT,GAAI3b,EAAGzG,GACnB,MAAMhW,EAASyc,EAAIzG,EACnB,OAAOhW,GAAUi4B,GAAMj4B,EAASgW,EAAIhW,CACxC,CAQO,SAASstE,GAAIvlD,EAAK+hB,EAAOilB,GAC5B,GAAIA,GAAU92B,IAAO6R,EAAQ7R,GACzB,MAAUz4B,MAAM,6BACpB,GAAIuvD,IAAW72B,GACX,OAAOD,GACX,IAAIlP,EAAMmP,GACV,KAAO4R,EAAQ7R,IACP6R,EAAQ5R,KACRnP,EAAOA,EAAMhB,EAAOgnC,GACxBhnC,EAAOA,EAAMA,EAAOgnC,EACpBjlB,IAAU5R,GAEd,OAAOnP,CACX,CAEO,SAASwkD,GAAK5zD,EAAGmwB,EAAOilB,GAC3B,IAAIhmC,EAAMpP,EACV,KAAOmwB,KAAU7R,IACblP,GAAOA,EACPA,GAAOgmC,EAEX,OAAOhmC,CACX,CAEO,SAASykD,GAAOn0C,EAAQ01B,GAC3B,GAAI11B,IAAWpB,IAAO82B,GAAU92B,GAC5B,MAAUz4B,MAAM,6CAA6C65B,SAAc01B,KAI/E,IAAItyC,EAAI2b,GAAIiB,EAAQ01B,GAChB/4C,EAAI+4C,EAEJp1C,EAAIse,GAAcgE,EAAI/D,GAC1B,KAAOzb,IAAMwb,IAAK,CAEd,MACMre,EAAI5D,EAAIyG,EACR8Z,EAAI5c,EAAIsiB,GAFJjmB,EAAIyG,GAKdzG,EAAIyG,EAAGA,EAAI7C,EAAGD,EAAIsiB,EAAUA,EAAI1F,CACxC,CAEI,GADYvgB,IACAkiB,GACR,MAAU14B,MAAM,0BACpB,OAAO44B,GAAIze,EAAGo1C,EAClB,CAiEO,SAAS0e,GAAOC,GAKnB,GAAIA,EAAIN,KAAQD,GAAK,CAKjB,MAAMQ,GAAUD,EAAIx1C,IAAOk1C,GAC3B,OAAO,SAAmBb,EAAIz2D,GAC1B,MAAM83D,EAAOrB,EAAGe,IAAIx3D,EAAG63D,GAEvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO93D,GACtB,MAAUtW,MAAM,2BACpB,OAAOouE,CACV,CACT,CAEI,GAAIF,EAAIh0C,KAAQ2zC,GAAK,CACjB,MAAMluC,GAAMuuC,EAAIL,IAAO3zC,GACvB,OAAO,SAAmB6yC,EAAIz2D,GAC1B,MAAM60D,EAAK4B,EAAGxiD,IAAIjU,EAAG4oB,IACf3mB,EAAIw0D,EAAGe,IAAI3C,EAAIxrC,GACf4uC,EAAKxB,EAAGxiD,IAAIjU,EAAGiC,GACfhY,EAAIwsE,EAAGxiD,IAAIwiD,EAAGxiD,IAAIgkD,EAAIrvC,IAAM3mB,GAC5B61D,EAAOrB,EAAGxiD,IAAIgkD,EAAIxB,EAAG/wD,IAAIzb,EAAGwsE,EAAGyB,MACrC,IAAKzB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO93D,GACtB,MAAUtW,MAAM,2BACpB,OAAOouE,CACV,CACT,CAwBI,OAhHG,SAAuBF,GAM1B,MAAMO,GAAaP,EAAIx1C,IAAOwG,GAC9B,IAAI8Q,EAAG1Z,EAAGsL,EAGV,IAAKoO,EAAIk+B,EAAIx1C,GAAKpC,EAAI,EAAG0Z,EAAI9Q,KAAQzG,GAAKuX,GAAK9Q,GAAK5I,KAGpD,IAAKsL,EAAI1C,GAAK0C,EAAIssC,GAAKJ,GAAIlsC,EAAG6sC,EAAWP,KAAOA,EAAIx1C,GAAKkJ,KAGzD,GAAU,IAANtL,EAAS,CACT,MAAM63C,GAAUD,EAAIx1C,IAAOk1C,GAC3B,OAAO,SAAqBb,EAAIz2D,GAC5B,MAAM83D,EAAOrB,EAAGe,IAAIx3D,EAAG63D,GACvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO93D,GACtB,MAAUtW,MAAM,2BACpB,OAAOouE,CACV,CACT,CAEI,MAAMM,GAAU1+B,EAAItX,IAAOwG,GAC3B,OAAO,SAAqB6tC,EAAIz2D,GAE5B,GAAIy2D,EAAGe,IAAIx3D,EAAGm4D,KAAe1B,EAAG4B,IAAI5B,EAAGyB,KACnC,MAAUxuE,MAAM,2BACpB,IAAIoa,EAAIkc,EAEJhG,EAAIy8C,EAAGe,IAAIf,EAAGxiD,IAAIwiD,EAAGyB,IAAK5sC,GAAIoO,GAC9B71B,EAAI4yD,EAAGe,IAAIx3D,EAAGo4D,GACdl4D,EAAIu2D,EAAGe,IAAIx3D,EAAG05B,GAClB,MAAQ+8B,EAAGsB,IAAI73D,EAAGu2D,EAAGyB,MAAM,CACvB,GAAIzB,EAAGsB,IAAI73D,EAAGu2D,EAAG6B,MACb,OAAO7B,EAAG6B,KAEd,IAAI73C,EAAI,EACR,IAAK,IAAIlK,EAAKkgD,EAAGuB,IAAI93D,GAAIugB,EAAI3c,IACrB2yD,EAAGsB,IAAIxhD,EAAIkgD,EAAGyB,KADUz3C,IAG5BlK,EAAKkgD,EAAGuB,IAAIzhD,GAGhB,MAAMgiD,EAAK9B,EAAGe,IAAIx9C,EAAGoI,IAAO/S,OAAOvL,EAAI2c,EAAI,IAC3CzG,EAAIy8C,EAAGuB,IAAIO,GACX10D,EAAI4yD,EAAGxiD,IAAIpQ,EAAG00D,GACdr4D,EAAIu2D,EAAGxiD,IAAI/T,EAAG8Z,GACdlW,EAAI2c,CAChB,CACQ,OAAO5c,CACV,CACL,CAyDW20D,CAAcZ,EACzB,CAtLYvoD,OAAO,GAAWA,OAAO,IA0LrC,MAAMopD,GAAe,CACjB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAkFrB,SAASC,GAAQ14D,EAAG24D,GAEvB,MAAMC,OAA6BruE,IAAfouE,EAA2BA,EAAa34D,EAAE4I,SAAS,GAAG7e,OAE1E,MAAO,CAAE4uE,WAAYC,EAAaC,YADdjoE,KAAK2Q,KAAKq3D,EAAc,GAEhD,CAgBO,SAASE,GAAMC,EAAOzD,EAAQnmD,GAAO,EAAO6pD,EAAQ,IACvD,GAAID,GAAS52C,GACT,MAAUz4B,MAAM,iCAAiCqvE,GACrD,MAAQJ,WAAYM,EAAMJ,YAAaK,GAAUR,GAAQK,EAAOzD,GAChE,GAAI4D,EAAQ,KACR,MAAUxvE,MAAM,mDACpB,MAAMyvE,EAAQxB,GAAOoB,GACfzqC,EAAIrmC,OAAOmxE,OAAO,CACpBL,QACAE,OACAC,QACAG,KAAM9D,GAAQ0D,GACdX,KAAMn2C,GACN+1C,IAAK91C,GACLjV,OAAS8E,GAAQqQ,GAAIrQ,EAAK8mD,GAC1BrC,QAAUzkD,IACN,GAAmB,iBAARA,EACP,MAAUvoB,MAAM,sDAAsDuoB,GAC1E,OAAOkQ,IAAOlQ,GAAOA,EAAM8mD,CAAK,EAEpCO,IAAMrnD,GAAQA,IAAQkQ,GACtBo3C,MAAQtnD,IAASA,EAAMmQ,MAASA,GAChCi2C,IAAMpmD,GAAQqQ,IAAKrQ,EAAK8mD,GACxBhB,IAAK,CAACyB,EAAKC,IAAQD,IAAQC,EAC3BzB,IAAM/lD,GAAQqQ,GAAIrQ,EAAMA,EAAK8mD,GAC7B3sE,IAAK,CAACotE,EAAKC,IAAQn3C,GAAIk3C,EAAMC,EAAKV,GAClCrzD,IAAK,CAAC8zD,EAAKC,IAAQn3C,GAAIk3C,EAAMC,EAAKV,GAClC9kD,IAAK,CAACulD,EAAKC,IAAQn3C,GAAIk3C,EAAMC,EAAKV,GAClCvB,IAAK,CAACvlD,EAAK+hB,IA/GZ,SAAe1F,EAAGrc,EAAK+hB,GAG1B,GAAIA,EAAQ7R,GACR,MAAUz4B,MAAM,sBACpB,GAAIsqC,IAAU7R,GACV,OAAOmM,EAAE4pC,IACb,GAAIlkC,IAAU5R,GACV,OAAOnQ,EACX,IAAIsD,EAAI+Y,EAAE4pC,IACN1sD,EAAIyG,EACR,KAAO+hB,EAAQ7R,IACP6R,EAAQ5R,KACR7M,EAAI+Y,EAAEra,IAAIsB,EAAG/J,IACjBA,EAAI8iB,EAAE0pC,IAAIxsD,GACVwoB,IAAU5R,GAEd,OAAO7M,CACX,CA6F6BmkD,CAAMprC,EAAGrc,EAAK+hB,GACnC2lC,IAAK,CAACH,EAAKC,IAAQn3C,GAAIk3C,EAAM9B,GAAO+B,EAAKV,GAAQA,GAEjDa,KAAO3nD,GAAQA,EAAMA,EACrB4nD,KAAM,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAM,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAM,CAACP,EAAKC,IAAQD,EAAMC,EAC1BO,IAAM/nD,GAAQylD,GAAOzlD,EAAK8mD,GAC1BkB,KAAMjB,EAAMiB,MAAS,CAACj6D,GAAMm5D,EAAM7qC,EAAGtuB,IACrCk6D,YAAc9yB,GAjGf,SAAuB9Y,EAAG6rC,GAC7B,MAAMvmD,EAAU9rB,MAAMqyE,EAAKpwE,QAErBqwE,EAAiBD,EAAKroC,QAAO,CAAC6F,EAAK1lB,EAAKhoB,IACtCqkC,EAAEgrC,IAAIrnD,GACC0lB,GACX/jB,EAAI3pB,GAAK0tC,EACFrJ,EAAEra,IAAI0jB,EAAK1lB,KACnBqc,EAAE4pC,KAECmC,EAAW/rC,EAAE0rC,IAAII,GAQvB,OANAD,EAAKG,aAAY,CAAC3iC,EAAK1lB,EAAKhoB,IACpBqkC,EAAEgrC,IAAIrnD,GACC0lB,GACX/jB,EAAI3pB,GAAKqkC,EAAEra,IAAI0jB,EAAK/jB,EAAI3pB,IACjBqkC,EAAEra,IAAI0jB,EAAK1lB,KACnBooD,GACIzmD,CACX,CA8E8B2mD,CAAcjsC,EAAG8Y,GAGvCozB,KAAM,CAAC7zD,EAAGzG,EAAGqL,IAAOA,EAAIrL,EAAIyG,EAC5B8H,QAAUwD,GAAS9C,EAAO8lD,GAAgBhjD,EAAKinD,GAASlE,GAAgB/iD,EAAKinD,GAC7EuB,UAAYnoE,IACR,GAAIA,EAAMvI,SAAWmvE,EACjB,MAAUxvE,MAAM,0BAA0BwvE,UAAc5mE,EAAMvI,UAClE,OAAOolB,EAAO4lD,GAAgBziE,GAASwiE,GAAgBxiE,EAAM,IAGrE,OAAOrK,OAAOmxE,OAAO9qC,EACzB,CAkCO,SAASosC,GAAoBC,GAChC,GAA0B,iBAAfA,EACP,MAAUjxE,MAAM,8BACpB,MAAMg6B,EAAYi3C,EAAW/xD,SAAS,GAAG7e,OACzC,OAAO6G,KAAK2Q,KAAKmiB,EAAY,EACjC,CAQO,SAASk3C,GAAiBD,GAC7B,MAAM5wE,EAAS2wE,GAAoBC,GACnC,OAAO5wE,EAAS6G,KAAK2Q,KAAKxX,EAAS,EACvC;;AC3YA,MAAMo4B,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAGbwrD,GAAmB,IAAI1D,QACvB2D,GAAmB,IAAI3D,QAYtB,SAAS4D,GAAKxvD,EAAGlH,GACpB,MAAM22D,EAAkB,CAACC,EAAW3P,KAChC,MAAM+M,EAAM/M,EAAK4P,SACjB,OAAOD,EAAY5C,EAAM/M,CAAI,EAE3B6P,EAAalqD,IACf,IAAKzB,OAAOgiD,cAAcvgD,IAAMA,GAAK,GAAKA,EAAI5M,EAC1C,MAAU3a,MAAM,qBAAqBunB,oBAAoB5M,KAAQ,EAEnEwT,EAAQ5G,IACVkqD,EAAUlqD,GAGV,MAAO,CAAEE,QAFOvgB,KAAK2Q,KAAK8C,EAAO4M,GAAK,EAEpBG,WADC,IAAMH,EAAI,GACC,EAElC,MAAO,CACH+pD,kBAEA,YAAAI,CAAavoD,EAAK7S,GACd,IAAIuV,EAAIhK,EAAE+sD,KACN9sD,EAAIqH,EACR,KAAO7S,EAAImiB,IACHniB,EAAIoiB,KACJ7M,EAAIA,EAAEnpB,IAAIof,IACdA,EAAIA,EAAExH,SACNhE,IAAMoiB,GAEV,OAAO7M,CACV,EAWD,gBAAA8lD,CAAiBxoD,EAAK5B,GAClB,MAAME,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GAC/BqqD,EAAS,GACf,IAAI/lD,EAAI1C,EACJ0oD,EAAOhmD,EACX,IAAK,IAAIimD,EAAS,EAAGA,EAASrqD,EAASqqD,IAAU,CAC7CD,EAAOhmD,EACP+lD,EAAOrwE,KAAKswE,GAEZ,IAAK,IAAItxE,EAAI,EAAGA,EAAImnB,EAAYnnB,IAC5BsxE,EAAOA,EAAKnvE,IAAImpB,GAChB+lD,EAAOrwE,KAAKswE,GAEhBhmD,EAAIgmD,EAAKv3D,QACzB,CACY,OAAOs3D,CACV,EAQD,IAAAP,CAAK9pD,EAAGwqD,EAAaz7D,GAGjB,MAAMmR,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GACrC,IAAIsE,EAAIhK,EAAE+sD,KACNhqC,EAAI/iB,EAAEmwD,KACV,MAAM1pD,EAAO3C,OAAO,GAAK4B,EAAI,GACvB0qD,EAAY,GAAK1qD,EACjB2qD,EAAUvsD,OAAO4B,GACvB,IAAK,IAAIuqD,EAAS,EAAGA,EAASrqD,EAASqqD,IAAU,CAC7C,MAAMv6D,EAASu6D,EAASpqD,EAExB,IAAI6xB,EAAQzzB,OAAOxP,EAAIgS,GAEvBhS,IAAM47D,EAGF34B,EAAQ7xB,IACR6xB,GAAS04B,EACT37D,GAAKoiB,IAST,MAAMy5C,EAAU56D,EACV66D,EAAU76D,EAASrQ,KAAK+xB,IAAIsgB,GAAS,EACrC84B,EAAQP,EAAS,GAAM,EACvBQ,EAAQ/4B,EAAQ,EACR,IAAVA,EAEA3U,EAAIA,EAAEliC,IAAI4uE,EAAgBe,EAAON,EAAYI,KAG7CtmD,EAAIA,EAAEnpB,IAAI4uE,EAAgBgB,EAAOP,EAAYK,IAEjE,CAMY,MAAO,CAAEvmD,IAAG+Y,IACf,EACD,UAAA2tC,CAAWrE,EAAG53D,EAAGjT,GACb,MAAMkkB,EAAI6pD,GAAiBxqE,IAAIsnE,IAAM,EAErC,IAAIsE,EAAOrB,GAAiBvqE,IAAIsnE,GAMhC,OALKsE,IACDA,EAAO/zE,KAAKkzE,iBAAiBzD,EAAG3mD,GACtB,IAANA,GACA4pD,GAAiBvwE,IAAIstE,EAAG7qE,EAAUmvE,KAEnC/zE,KAAK4yE,KAAK9pD,EAAGirD,EAAMl8D,EAC7B,EAID,aAAAm8D,CAAcvE,EAAG3mD,GACbkqD,EAAUlqD,GACV6pD,GAAiBxwE,IAAIstE,EAAG3mD,GACxB4pD,GAAiBuB,OAAOxE,EAC3B,EAET,CAYO,SAASyE,GAAU9wD,EAAGirD,EAAO8E,EAAQgB,GAOxC,IAAKx0E,MAAMc,QAAQ0yE,KAAYxzE,MAAMc,QAAQ0zE,IAAYA,EAAQvyE,SAAWuxE,EAAOvxE,OAC/E,MAAUL,MAAM,uDACpB4yE,EAAQlyE,SAAQ,CAAC4X,EAAG/X,KAChB,IAAKusE,EAAME,QAAQ10D,GACf,MAAUtY,MAAM,yBAAyBO,EAAI,IAErDqxE,EAAOlxE,SAAQ,CAACmrB,EAAGtrB,KACf,KAAMsrB,aAAahK,GACf,MAAU7hB,MAAM,wBAAwBO,EAAI,IAEpD,MAAMg5C,EAAQqyB,GAAOjmD,OAAOisD,EAAOvxE,SAC7BqnB,EAAa6xB,EAAQ,GAAKA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAI,EAC1Eo2B,GAAQ,GAAKjoD,GAAc,EAC3BmrD,EAAcz0E,MAAMuxE,EAAO,GAAGxpD,KAAKtE,EAAE+sD,MACrCkE,EAAW5rE,KAAK4P,OAAOg2D,EAAMyC,KAAO,GAAK7nD,GAAcA,EAC7D,IAAIyJ,EAAMtP,EAAE+sD,KACZ,IAAK,IAAIruE,EAAIuyE,EAAUvyE,GAAK,EAAGA,GAAKmnB,EAAY,CAC5CmrD,EAAQ1sD,KAAKtE,EAAE+sD,MACf,IAAK,IAAI91D,EAAI,EAAGA,EAAI85D,EAAQvyE,OAAQyY,IAAK,CACrC,MAAMi6D,EAASH,EAAQ95D,GACjBygC,EAAQzzB,OAAQitD,GAAUptD,OAAOplB,GAAMolB,OAAOgqD,IACpDkD,EAAQt5B,GAASs5B,EAAQt5B,GAAO72C,IAAIkvE,EAAO94D,GACvD,CACQ,IAAIk6D,EAAOnxD,EAAE+sD,KAEb,IAAK,IAAI91D,EAAI+5D,EAAQxyE,OAAS,EAAG4yE,EAAOpxD,EAAE+sD,KAAM91D,EAAI,EAAGA,IACnDm6D,EAAOA,EAAKvwE,IAAImwE,EAAQ/5D,IACxBk6D,EAAOA,EAAKtwE,IAAIuwE,GAGpB,GADA9hD,EAAMA,EAAIzuB,IAAIswE,GACJ,IAANzyE,EACA,IAAK,IAAIuY,EAAI,EAAGA,EAAI4O,EAAY5O,IAC5BqY,EAAMA,EAAI7W,QAC1B,CACI,OAAO6W,CACX,CACO,SAAS+hD,GAAc/pE,GAY1B,ODRO8jE,GCHO9jE,EAAM4jE,GDDPgC,GAAa3mC,QAAO,CAAChlC,EAAKspE,KACnCtpE,EAAIspE,GAAO,WACJtpE,IARK,CACZisE,MAAO,SACPM,KAAM,SACNH,MAAO,gBACPD,KAAM,mBCIVtC,GAAe9jE,EAAO,CAClBmN,EAAG,SACH2Z,EAAG,SACHkjD,GAAI,QACJC,GAAI,SACL,CACCnE,WAAY,gBACZE,YAAa,kBAGV5wE,OAAOmxE,OAAO,IACdV,GAAQ7lE,EAAMmN,EAAGnN,EAAM8lE,eACvB9lE,EACE0iB,EAAG1iB,EAAM4jE,GAAGsC,OAEzB;sECzNA,SAASgE,GAAmBllD,QACNttB,IAAdstB,EAAK4iB,MACLk5B,GAAM,OAAQ97C,EAAK4iB,WACFlwC,IAAjBstB,EAAKmlD,SACLrJ,GAAM,UAAW97C,EAAKmlD,QAC9B,CA4BA,MAAQlI,gBAAiBmI,GAAKxI,WAAYyI,IAAQC,GAQrCC,GAAM,CAEfC,IAAK,cAAqB3zE,MACtB,WAAA3B,CAAY04B,EAAI,IACZz4B,MAAMy4B,EAClB,GAGI68C,KAAM,CACFv6D,OAAQ,CAACqD,EAAKpX,KACV,MAAQquE,IAAKxK,GAAMuK,GACnB,GAAIh3D,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIysD,EAAE,yBAChB,GAAkB,EAAd7jE,EAAKjF,OACL,MAAM,IAAI8oE,EAAE,6BAChB,MAAM0K,EAAUvuE,EAAKjF,OAAS,EACxB0rB,EAAM+nD,GAAuBD,GACnC,GAAK9nD,EAAI1rB,OAAS,EAAK,IACnB,MAAM,IAAI8oE,EAAE,wCAEhB,MAAM4K,EAASF,EAAU,IAAMC,GAAwB/nD,EAAI1rB,OAAS,EAAK,KAAO,GAChF,MAAO,GAAGyzE,GAAuBp3D,KAAOq3D,IAAShoD,IAAMzmB,GAAM,EAGjE,MAAAmU,CAAOiD,EAAKpX,GACR,MAAQquE,IAAKxK,GAAMuK,GACnB,IAAIjzE,EAAM,EACV,GAAIic,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIysD,EAAE,yBAChB,GAAI7jE,EAAKjF,OAAS,GAAKiF,EAAK7E,OAAWic,EACnC,MAAM,IAAIysD,EAAE,yBAChB,MAAM6K,EAAQ1uE,EAAK7E,KAEnB,IAAIJ,EAAS,EACb,MAF0B,IAAR2zE,GAIb,CAED,MAAMD,EAAiB,IAARC,EACf,IAAKD,EACD,MAAM,IAAI5K,EAAE,qDAChB,GAAI4K,EAAS,EACT,MAAM,IAAI5K,EAAE,4CAChB,MAAM8K,EAAc3uE,EAAKmC,SAAShH,EAAKA,EAAMszE,GAC7C,GAAIE,EAAY5zE,SAAW0zE,EACvB,MAAM,IAAI5K,EAAE,yCAChB,GAAuB,IAAnB8K,EAAY,GACZ,MAAM,IAAI9K,EAAE,wCAChB,IAAK,MAAM3yD,KAAKy9D,EACZ5zE,EAAUA,GAAU,EAAKmW,EAE7B,GADA/V,GAAOszE,EACH1zE,EAAS,IACT,MAAM,IAAI8oE,EAAE,yCAChC,MAlBgB9oE,EAAS2zE,EAmBb,MAAMz7D,EAAIjT,EAAKmC,SAAShH,EAAKA,EAAMJ,GACnC,GAAIkY,EAAElY,SAAWA,EACb,MAAM,IAAI8oE,EAAE,kCAChB,MAAO,CAAE5wD,IAAGwoB,EAAGz7B,EAAKmC,SAAShH,EAAMJ,GACtC,GAML6zE,KAAM,CACF,MAAA76D,CAAOkP,GACH,MAAQorD,IAAKxK,GAAMuK,GACnB,GAAInrD,EAAMkQ,GACN,MAAM,IAAI0wC,EAAE,8CAChB,IAAIlxD,EAAM67D,GAAuBvrD,GAIjC,GAFkC,EAA9BzC,OAAO3N,SAASF,EAAI,GAAI,MACxBA,EAAM,KAAOA,GACA,EAAbA,EAAI5X,OACJ,MAAM,IAAI8oE,EAAE,wBAChB,OAAOlxD,CACV,EACD,MAAAwB,CAAOnU,GACH,MAAQquE,IAAKxK,GAAMuK,GACnB,GAAc,IAAVpuE,EAAK,GACL,MAAM,IAAI6jE,EAAE,uCAChB,GAAgB,IAAZ7jE,EAAK,MAA2B,IAAVA,EAAK,IAC3B,MAAM,IAAI6jE,EAAE,uDAChB,OAAOoK,GAAIjuE,EACd,GAEL,KAAA6uE,CAAMl8D,GAEF,MAAQ07D,IAAKxK,EAAG+K,KAAME,EAAKR,KAAMS,GAAQX,GACnCpuE,EAAsB,iBAAR2S,EAAmBu7D,GAAIv7D,GAAOA,EAClDq8D,GAAUhvE,GACV,MAAQiT,EAAGg8D,EAAUxzC,EAAGyzC,GAAiBH,EAAI56D,OAAO,GAAMnU,GAC1D,GAAIkvE,EAAan0E,OACb,MAAM,IAAI8oE,EAAE,+CAChB,MAAQ5wD,EAAGk8D,EAAQ1zC,EAAG2zC,GAAeL,EAAI56D,OAAO,EAAM86D,IAC9Ch8D,EAAGo8D,EAAQ5zC,EAAG6zC,GAAeP,EAAI56D,OAAO,EAAMi7D,GACtD,GAAIE,EAAWv0E,OACX,MAAM,IAAI8oE,EAAE,+CAChB,MAAO,CAAE/uD,EAAGg6D,EAAI36D,OAAOg7D,GAASn8D,EAAG87D,EAAI36D,OAAOk7D,GACjD,EACD,UAAAE,CAAWrrC,GACP,MAAQoqC,KAAMS,EAAKH,KAAME,GAAQV,GAC3BoB,EAAM,GAAGT,EAAIh7D,OAAO,EAAM+6D,EAAI/6D,OAAOmwB,EAAIpvB,MAAMi6D,EAAIh7D,OAAO,EAAM+6D,EAAI/6D,OAAOmwB,EAAIlxB,MACrF,OAAO+7D,EAAIh7D,OAAO,GAAMy7D,EAC3B,GAICr8C,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAUA,OAAO,GAAG,MAACgoD,GAAMhoD,OAAO,GAC/D,SAASovD,GAAkB5mD,GAC9B,MAAM6mD,EAjJV,SAA2B7rE,GACvB,MAAMglB,EAAO+kD,GAAc/pE,GAC3B8rE,GAAkB9mD,EAAM,CACpBlR,EAAG,QACHzG,EAAG,SACJ,CACC0+D,yBAA0B,QAC1BC,eAAgB,UAChBC,cAAe,WACfC,cAAe,WACfC,mBAAoB,UACpBvE,UAAW,WACXhsD,QAAS,aAEb,MAAMwwD,KAAEA,EAAIxI,GAAEA,EAAE9vD,EAAEA,GAAMkR,EACxB,GAAIonD,EAAM,CACN,IAAKxI,EAAGsB,IAAIpxD,EAAG8vD,EAAG6B,MACd,MAAU5uE,MAAM,qEAEpB,GAAoB,iBAATu1E,GACc,iBAAdA,EAAKC,MACgB,mBAArBD,EAAKE,YACZ,MAAUz1E,MAAM,oEAE5B,CACI,OAAOzB,OAAOmxE,OAAO,IAAKvhD,GAC9B,CAuHkBunD,CAAkBvnD,IAC1B4+C,GAAEA,GAAOiI,EACTW,EAAKC,GAAUZ,EAAM1+D,EAAG0+D,EAAM/F,YAC9BlqD,EAAUiwD,EAAMjwD,SAC1B,EAAU62B,EAAIi6B,EAAOC,KACT,MAAM74D,EAAI44D,EAAME,WAChB,OAAOC,GAAe91E,WAAW+e,KAAK,CAAC,IAAQ8tD,EAAGhoD,QAAQ9H,EAAE9C,GAAI4yD,EAAGhoD,QAAQ9H,EAAEqc,GAChF,GACCy3C,EAAYiE,EAAMjE,WACnB,CAACnoE,IAEE,MAAMkb,EAAOlb,EAAMnB,SAAS,GAI5B,MAAO,CAAE0S,EAFC4yD,EAAGgE,UAAUjtD,EAAKrc,SAAS,EAAGslE,EAAGyC,QAE/Bl2C,EADFyzC,EAAGgE,UAAUjtD,EAAKrc,SAASslE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEzD,GAKL,SAASyG,EAAoB97D,GACzB,MAAM8C,EAAEA,EAACzG,EAAEA,GAAMw+D,EACXkB,EAAKnJ,EAAGuB,IAAIn0D,GACZg8D,EAAKpJ,EAAGxiD,IAAI2rD,EAAI/7D,GACtB,OAAO4yD,EAAGrqE,IAAIqqE,EAAGrqE,IAAIyzE,EAAIpJ,EAAGxiD,IAAIpQ,EAAG8C,IAAKzG,EAChD,CAKI,IAAKu2D,EAAGsB,IAAItB,EAAGuB,IAAI0G,EAAM5B,IAAK6C,EAAoBjB,EAAM7B,KACpD,MAAUnzE,MAAM,+CAOpB,SAASo2E,EAAuBhnE,GAC5B,MAAQ8lE,yBAA0BhxD,EAAOirD,YAAEA,EAAWgG,eAAEA,EAAgB7+D,EAAG+/D,GAAMrB,EACjF,GAAI9wD,GAA0B,iBAAR9U,EAAkB,CAIpC,GAHIknE,GAAWlnE,KACXA,EAAMmnE,GAAcnnE,IAEL,iBAARA,IAAqB8U,EAAQrG,SAASzO,EAAI/O,QACjD,MAAUL,MAAM,eACpBoP,EAAMA,EAAIg7D,SAAuB,EAAd+E,EAAiB,IAChD,CACQ,IAAI5mD,EACJ,IACIA,EACmB,iBAARnZ,EACDA,EACAonE,GAAmBhL,GAAY,cAAep8D,EAAK+/D,GACzE,CACQ,MAAOhqE,GACH,MAAUnF,MAAM,uBAAuBmvE,sCAAgD//D,IACnG,CAIQ,OAHI+lE,IACA5sD,EAAMkuD,GAAQluD,EAAK8tD,IACvBK,GAAY,cAAenuD,EAAKmQ,GAAK29C,GAC9B9tD,CACf,CACI,SAASouD,EAAetnB,GACpB,KAAMA,aAAiBunB,GACnB,MAAU52E,MAAM,2BAC5B,CAKI,MAAM62E,EAAerJ,IAAS,CAAC3hD,EAAGirD,KAC9B,MAAQC,GAAI58D,EAAG68D,GAAI19C,EAAG29C,GAAItyC,GAAM9Y,EAEhC,GAAIkhD,EAAGsB,IAAI1pC,EAAGooC,EAAGyB,KACb,MAAO,CAAEr0D,IAAGmf,KAChB,MAAMs2C,EAAM/jD,EAAE+jD,MAGJ,MAANkH,IACAA,EAAKlH,EAAM7C,EAAGyB,IAAMzB,EAAGuD,IAAI3rC,IAC/B,MAAMuyC,EAAKnK,EAAGxiD,IAAIpQ,EAAG28D,GACfK,EAAKpK,EAAGxiD,IAAI+O,EAAGw9C,GACfM,EAAKrK,EAAGxiD,IAAIoa,EAAGmyC,GACrB,GAAIlH,EACA,MAAO,CAAEz1D,EAAG4yD,EAAG6B,KAAMt1C,EAAGyzC,EAAG6B,MAC/B,IAAK7B,EAAGsB,IAAI+I,EAAIrK,EAAGyB,KACf,MAAUxuE,MAAM,oBACpB,MAAO,CAAEma,EAAG+8D,EAAI59C,EAAG69C,EAAI,IAIrBE,EAAkB7J,IAAU3hD,IAC9B,GAAIA,EAAE+jD,MAAO,CAIT,GAAIoF,EAAMM,qBAAuBvI,EAAG6C,IAAI/jD,EAAEmrD,IACtC,OACJ,MAAUh3E,MAAM,kBAC5B,CAEQ,MAAMma,EAAEA,EAACmf,EAAEA,GAAMzN,EAAEkqD,WAEnB,IAAKhJ,EAAGC,QAAQ7yD,KAAO4yD,EAAGC,QAAQ1zC,GAC9B,MAAUt5B,MAAM,4BACpB,MAAMkpB,EAAO6jD,EAAGuB,IAAIh1C,GACdg+C,EAAQrB,EAAoB97D,GAClC,IAAK4yD,EAAGsB,IAAInlD,EAAMouD,GACd,MAAUt3E,MAAM,qCACpB,IAAK6rB,EAAEupD,gBACH,MAAUp1E,MAAM,0CACpB,OAAO,CAAI,IAOf,MAAM42E,EACF,WAAAv4E,CAAY04E,EAAIC,EAAIC,GAIhB,GAHAx4E,KAAKs4E,GAAKA,EACVt4E,KAAKu4E,GAAKA,EACVv4E,KAAKw4E,GAAKA,EACA,MAANF,IAAehK,EAAGC,QAAQ+J,GAC1B,MAAU/2E,MAAM,cACpB,GAAU,MAANg3E,IAAejK,EAAGC,QAAQgK,GAC1B,MAAUh3E,MAAM,cACpB,GAAU,MAANi3E,IAAelK,EAAGC,QAAQiK,GAC1B,MAAUj3E,MAAM,cACpBzB,OAAOmxE,OAAOjxE,KAC1B,CAGQ,iBAAO84E,CAAW1rD,GACd,MAAM1R,EAAEA,EAACmf,EAAEA,GAAMzN,GAAK,CAAE,EACxB,IAAKA,IAAMkhD,EAAGC,QAAQ7yD,KAAO4yD,EAAGC,QAAQ1zC,GACpC,MAAUt5B,MAAM,wBACpB,GAAI6rB,aAAa+qD,EACb,MAAU52E,MAAM,gCACpB,MAAM4vE,EAAOrvE,GAAMwsE,EAAGsB,IAAI9tE,EAAGwsE,EAAG6B,MAEhC,OAAIgB,EAAIz1D,IAAMy1D,EAAIt2C,GACPs9C,EAAMhI,KACV,IAAIgI,EAAMz8D,EAAGmf,EAAGyzC,EAAGyB,IACtC,CACQ,KAAIr0D,GACA,OAAO1b,KAAKs3E,WAAW57D,CACnC,CACQ,KAAImf,GACA,OAAO76B,KAAKs3E,WAAWz8C,CACnC,CAOQ,iBAAOk+C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOxuE,KAAKyoB,GAAMA,EAAEorD,MACjD,OAAOrF,EAAOxuE,KAAI,CAACyoB,EAAGtrB,IAAMsrB,EAAEkqD,SAAS0B,EAAMl3E,MAAK6C,IAAIwzE,EAAMW,WACxE,CAKQ,cAAOG,CAAQz/D,GACX,MAAMi2D,EAAI0I,EAAMW,WAAWxG,EAAUvF,GAAY,WAAYvzD,KAE7D,OADAi2D,EAAEyJ,iBACKzJ,CACnB,CAEQ,qBAAO0J,CAAe3lE,GAClB,OAAO2kE,EAAM5E,KAAK6F,SAASzB,EAAuBnkE,GAC9D,CAEQ,UAAO6lE,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAerwD,GACXswD,EAAKvF,cAAch0E,KAAMipB,EACrC,CAEQ,cAAAiwD,GACIN,EAAgB54E,KAC5B,CACQ,QAAAw5E,GACI,MAAM3+C,EAAEA,GAAM76B,KAAKs3E,WACnB,GAAIhJ,EAAG8C,MACH,OAAQ9C,EAAG8C,MAAMv2C,GACrB,MAAUt5B,MAAM,8BAC5B,CAIQ,MAAAoiD,CAAOiN,GACHsnB,EAAetnB,GACf,MAAQ0nB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAO35E,MAC3Bs4E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAOlpB,EAC7BmpB,EAAKzL,EAAGsB,IAAItB,EAAGxiD,IAAI2tD,EAAIK,GAAKxL,EAAGxiD,IAAI8tD,EAAID,IACvCK,EAAK1L,EAAGsB,IAAItB,EAAGxiD,IAAI4tD,EAAII,GAAKxL,EAAGxiD,IAAI+tD,EAAIF,IAC7C,OAAOI,GAAMC,CACzB,CAIQ,MAAAjH,GACI,OAAO,IAAIoF,EAAMn4E,KAAKs4E,GAAIhK,EAAG4B,IAAIlwE,KAAKu4E,IAAKv4E,KAAKw4E,GAC5D,CAKQ,MAAA38D,GACI,MAAM2C,EAAEA,EAACzG,EAAEA,GAAMw+D,EACXpxC,EAAKmpC,EAAGxiD,IAAI/T,EAAGm3D,KACboJ,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAO35E,KACnC,IAAIi6E,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACpCjiD,EAAKogD,EAAGxiD,IAAI2tD,EAAIA,GAChBtrD,EAAKmgD,EAAGxiD,IAAI4tD,EAAIA,GAChBtrD,EAAKkgD,EAAGxiD,IAAI6tD,EAAIA,GAChBtrD,EAAKigD,EAAGxiD,IAAI2tD,EAAIC,GA4BpB,OA3BArrD,EAAKigD,EAAGrqE,IAAIoqB,EAAIA,GAChB8rD,EAAK7L,EAAGxiD,IAAI2tD,EAAIE,GAChBQ,EAAK7L,EAAGrqE,IAAIk2E,EAAIA,GAChBF,EAAK3L,EAAGxiD,IAAItN,EAAG27D,GACfD,EAAK5L,EAAGxiD,IAAIqZ,EAAI/W,GAChB8rD,EAAK5L,EAAGrqE,IAAIg2E,EAAIC,GAChBD,EAAK3L,EAAG/wD,IAAI4Q,EAAI+rD,GAChBA,EAAK5L,EAAGrqE,IAAIkqB,EAAI+rD,GAChBA,EAAK5L,EAAGxiD,IAAImuD,EAAIC,GAChBD,EAAK3L,EAAGxiD,IAAIuC,EAAI4rD,GAChBE,EAAK7L,EAAGxiD,IAAIqZ,EAAIg1C,GAChB/rD,EAAKkgD,EAAGxiD,IAAItN,EAAG4P,GACfC,EAAKigD,EAAG/wD,IAAI2Q,EAAIE,GAChBC,EAAKigD,EAAGxiD,IAAItN,EAAG6P,GACfA,EAAKigD,EAAGrqE,IAAIoqB,EAAI8rD,GAChBA,EAAK7L,EAAGrqE,IAAIiqB,EAAIA,GAChBA,EAAKogD,EAAGrqE,IAAIk2E,EAAIjsD,GAChBA,EAAKogD,EAAGrqE,IAAIiqB,EAAIE,GAChBF,EAAKogD,EAAGxiD,IAAIoC,EAAIG,GAChB6rD,EAAK5L,EAAGrqE,IAAIi2E,EAAIhsD,GAChBE,EAAKkgD,EAAGxiD,IAAI4tD,EAAIC,GAChBvrD,EAAKkgD,EAAGrqE,IAAImqB,EAAIA,GAChBF,EAAKogD,EAAGxiD,IAAIsC,EAAIC,GAChB4rD,EAAK3L,EAAG/wD,IAAI08D,EAAI/rD,GAChBisD,EAAK7L,EAAGxiD,IAAIsC,EAAID,GAChBgsD,EAAK7L,EAAGrqE,IAAIk2E,EAAIA,GAChBA,EAAK7L,EAAGrqE,IAAIk2E,EAAIA,GACT,IAAIhC,EAAM8B,EAAIC,EAAIC,EACrC,CAKQ,GAAAl2E,CAAI2sD,GACAsnB,EAAetnB,GACf,MAAQ0nB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAO35E,MAC3Bs4E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAOlpB,EACnC,IAAIqpB,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACxC,MAAM3xD,EAAI+3D,EAAM/3D,EACV2mB,EAAKmpC,EAAGxiD,IAAIyqD,EAAMx+D,EAAGm3D,IAC3B,IAAIhhD,EAAKogD,EAAGxiD,IAAI2tD,EAAIG,GAChBzrD,EAAKmgD,EAAGxiD,IAAI4tD,EAAIG,GAChBzrD,EAAKkgD,EAAGxiD,IAAI6tD,EAAIG,GAChBzrD,EAAKigD,EAAGrqE,IAAIw1E,EAAIC,GAChBr2C,EAAKirC,EAAGrqE,IAAI21E,EAAIC,GACpBxrD,EAAKigD,EAAGxiD,IAAIuC,EAAIgV,GAChBA,EAAKirC,EAAGrqE,IAAIiqB,EAAIC,GAChBE,EAAKigD,EAAG/wD,IAAI8Q,EAAIgV,GAChBA,EAAKirC,EAAGrqE,IAAIw1E,EAAIE,GAChB,IAAIr2C,EAAKgrC,EAAGrqE,IAAI21E,EAAIE,GA+BpB,OA9BAz2C,EAAKirC,EAAGxiD,IAAIuX,EAAIC,GAChBA,EAAKgrC,EAAGrqE,IAAIiqB,EAAIE,GAChBiV,EAAKirC,EAAG/wD,IAAI8lB,EAAIC,GAChBA,EAAKgrC,EAAGrqE,IAAIy1E,EAAIC,GAChBM,EAAK3L,EAAGrqE,IAAI41E,EAAIC,GAChBx2C,EAAKgrC,EAAGxiD,IAAIwX,EAAI22C,GAChBA,EAAK3L,EAAGrqE,IAAIkqB,EAAIC,GAChBkV,EAAKgrC,EAAG/wD,IAAI+lB,EAAI22C,GAChBE,EAAK7L,EAAGxiD,IAAItN,EAAG6kB,GACf42C,EAAK3L,EAAGxiD,IAAIqZ,EAAI/W,GAChB+rD,EAAK7L,EAAGrqE,IAAIg2E,EAAIE,GAChBF,EAAK3L,EAAG/wD,IAAI4Q,EAAIgsD,GAChBA,EAAK7L,EAAGrqE,IAAIkqB,EAAIgsD,GAChBD,EAAK5L,EAAGxiD,IAAImuD,EAAIE,GAChBhsD,EAAKmgD,EAAGrqE,IAAIiqB,EAAIA,GAChBC,EAAKmgD,EAAGrqE,IAAIkqB,EAAID,GAChBE,EAAKkgD,EAAGxiD,IAAItN,EAAG4P,GACfiV,EAAKirC,EAAGxiD,IAAIqZ,EAAI9B,GAChBlV,EAAKmgD,EAAGrqE,IAAIkqB,EAAIC,GAChBA,EAAKkgD,EAAG/wD,IAAI2Q,EAAIE,GAChBA,EAAKkgD,EAAGxiD,IAAItN,EAAG4P,GACfiV,EAAKirC,EAAGrqE,IAAIo/B,EAAIjV,GAChBF,EAAKogD,EAAGxiD,IAAIqC,EAAIkV,GAChB62C,EAAK5L,EAAGrqE,IAAIi2E,EAAIhsD,GAChBA,EAAKogD,EAAGxiD,IAAIwX,EAAID,GAChB42C,EAAK3L,EAAGxiD,IAAIuC,EAAI4rD,GAChBA,EAAK3L,EAAG/wD,IAAI08D,EAAI/rD,GAChBA,EAAKogD,EAAGxiD,IAAIuC,EAAIF,GAChBgsD,EAAK7L,EAAGxiD,IAAIwX,EAAI62C,GAChBA,EAAK7L,EAAGrqE,IAAIk2E,EAAIjsD,GACT,IAAIiqD,EAAM8B,EAAIC,EAAIC,EACrC,CACQ,QAAAC,CAASxpB,GACL,OAAO5wD,KAAKiE,IAAI2sD,EAAMmiB,SAClC,CACQ,GAAA5B,GACI,OAAOnxE,KAAK2jD,OAAOw0B,EAAMhI,KACrC,CACQ,IAAAyC,CAAK/6D,GACD,OAAO0hE,EAAKzF,WAAW9zE,KAAM6X,EAAGsgE,EAAMY,WAClD,CAMQ,cAAAsB,CAAeC,GACXrC,GAAY,SAAUqC,EAAItgD,GAAKu8C,EAAM1+D,GACrC,MAAMuqB,EAAI+1C,EAAMhI,KAChB,GAAImK,IAAOtgD,GACP,OAAOoI,EACX,GAAIk4C,IAAOrgD,GACP,OAAOj6B,KACX,MAAM82E,KAAEA,GAASP,EACjB,IAAKO,EACD,OAAOyC,EAAKtG,aAAajzE,KAAMs6E,GAEnC,IAAIC,MAAEA,EAAK7xD,GAAEA,EAAE8xD,MAAEA,EAAK7xD,GAAEA,GAAOmuD,EAAKE,YAAYsD,GAC5CG,EAAMr4C,EACNs4C,EAAMt4C,EACN/e,EAAIrjB,KACR,KAAO0oB,EAAKsR,IAAOrR,EAAKqR,IAChBtR,EAAKuR,KACLwgD,EAAMA,EAAIx2E,IAAIof,IACdsF,EAAKsR,KACLygD,EAAMA,EAAIz2E,IAAIof,IAClBA,EAAIA,EAAExH,SACN6M,IAAOuR,GACPtR,IAAOsR,GAOX,OALIsgD,IACAE,EAAMA,EAAI1H,UACVyH,IACAE,EAAMA,EAAI3H,UACd2H,EAAM,IAAIvC,EAAM7J,EAAGxiD,IAAI4uD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IAChDiC,EAAIx2E,IAAIy2E,EAC3B,CAUQ,QAAAtB,CAAS9E,GACL,MAAMwC,KAAEA,EAAMj/D,EAAG+/D,GAAMrB,EAEvB,IAAIa,EAAOuD,EACX,GAFA1C,GAAY,SAAU3D,EAAQr6C,GAAK29C,GAE/Bd,EAAM,CACN,MAAMyD,MAAEA,EAAK7xD,GAAEA,EAAE8xD,MAAEA,EAAK7xD,GAAEA,GAAOmuD,EAAKE,YAAY1C,GAClD,IAAMlnD,EAAGqtD,EAAKt0C,EAAGy0C,GAAQ56E,KAAK4yE,KAAKlqD,IAC7B0E,EAAGstD,EAAKv0C,EAAG00C,GAAQ76E,KAAK4yE,KAAKjqD,GACnC8xD,EAAMlB,EAAK1G,gBAAgB0H,EAAOE,GAClCC,EAAMnB,EAAK1G,gBAAgB2H,EAAOE,GAClCA,EAAM,IAAIvC,EAAM7J,EAAGxiD,IAAI4uD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IACvDpB,EAAQqD,EAAIx2E,IAAIy2E,GAChBC,EAAOC,EAAI32E,IAAI42E,EAC/B,KACiB,CACD,MAAMztD,EAAEA,EAAC+Y,EAAEA,GAAMnmC,KAAK4yE,KAAK0B,GAC3B8C,EAAQhqD,EACRutD,EAAOx0C,CACvB,CAEY,OAAOgyC,EAAMY,WAAW,CAAC3B,EAAOuD,IAAO,EACnD,CAOQ,oBAAAG,CAAqBvpC,EAAG/yB,EAAGzG,GACvB,MAAM6yD,EAAIuN,EAAM5E,KACVznD,EAAM,CAAC2jD,EAAGjxD,IACVA,IAAMwb,IAAOxb,IAAMyb,IAAQw1C,EAAE9rB,OAAOinB,GAA2B6E,EAAE2J,SAAS56D,GAAjCixD,EAAE4K,eAAe77D,GAC1DkU,EAAM5G,EAAI9rB,KAAMwe,GAAGva,IAAI6nB,EAAIylB,EAAGx5B,IACpC,OAAO2a,EAAIy+C,WAAQ/uE,EAAYswB,CAC3C,CAIQ,QAAA4kD,CAASe,GACL,OAAOD,EAAap4E,KAAMq4E,EACtC,CACQ,aAAA1B,GACI,MAAQnlD,EAAGupD,EAAQpE,cAAEA,GAAkBJ,EACvC,GAAIwE,IAAa9gD,GACb,OAAO,EACX,GAAI08C,EACA,OAAOA,EAAcwB,EAAOn4E,MAChC,MAAUuB,MAAM,+DAC5B,CACQ,aAAAq1E,GACI,MAAQplD,EAAGupD,EAAQnE,cAAEA,GAAkBL,EACvC,OAAIwE,IAAa9gD,GACNj6B,KACP42E,EACOA,EAAcuB,EAAOn4E,MACzBA,KAAKq6E,eAAe9D,EAAM/kD,EAC7C,CACQ,UAAAwpD,CAAWC,GAAe,GAGtB,OAFAzP,GAAM,eAAgByP,GACtBj7E,KAAKk5E,iBACE5yD,EAAQ6xD,EAAOn4E,KAAMi7E,EACxC,CACQ,KAAAzvC,CAAMyvC,GAAe,GAEjB,OADAzP,GAAM,eAAgByP,GACfnD,GAAc93E,KAAKg7E,WAAWC,GACjD,EAEI9C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIrG,EAAGyB,KAC9CoI,EAAMhI,KAAO,IAAIgI,EAAM7J,EAAG6B,KAAM7B,EAAGyB,IAAKzB,EAAG6B,MAC3C,MAAM+K,EAAQ3E,EAAM/F,WACd+I,EAAO3G,GAAKuF,EAAO5B,EAAMO,KAAOruE,KAAK2Q,KAAK8hE,EAAQ,GAAKA,GAE7D,MAAO,CACH3E,QACA4E,gBAAiBhD,EACjBR,yBACAH,sBACA4D,mBAnZJ,SAA4BtxD,GACxB,OAAOuxD,GAAWvxD,EAAKmQ,GAAKs8C,EAAM1+D,EAC1C,EAmZA,CAqBO,SAASyjE,GAAYC,GACxB,MAAMhF,EArBV,SAAsB7rE,GAClB,MAAMglB,EAAO+kD,GAAc/pE,GAU3B,OATA8rE,GAAkB9mD,EAAM,CACpB/hB,KAAM,OACN49D,KAAM,WACNtuC,YAAa,YACd,CACCu+C,SAAU,WACVC,cAAe,WACfnpC,KAAM,YAEHxyC,OAAOmxE,OAAO,CAAE3+B,MAAM,KAAS5iB,GAC1C,CASkBgsD,CAAaH,IACrBjN,GAAEA,EAAIz2D,GAAmB0+D,EACzBoF,EAAgBrN,EAAGyC,MAAQ,EAC3B6K,EAAkB,EAAItN,EAAGyC,MAAQ,EACvC,SAAS8K,EAAKr9D,GACV,OAAOw5D,GAAQx5D,EAAGs9D,EAC1B,CACI,SAASC,EAAKv9D,GACV,OAAOw9D,GAAWx9D,EAAGs9D,EAC7B,CACI,MAAQX,gBAAiBhD,EAAKR,uBAAEA,EAAsBH,oBAAEA,EAAmB4D,mBAAEA,GAAwB9E,GAAkB,IAChHC,EACH,OAAAjwD,CAAQ62B,EAAIi6B,EAAO6D,GACf,MAAMz8D,EAAI44D,EAAME,WACV57D,EAAI4yD,EAAGhoD,QAAQ9H,EAAE9C,GACjBugE,EAAM1E,GAEZ,OADA/L,GAAM,eAAgByP,GAClBA,EACOgB,EAAIx6E,WAAW+e,KAAK,CAAC42D,EAAMoC,WAAa,EAAO,IAAQ99D,GAGvDugE,EAAIx6E,WAAW+e,KAAK,CAAC,IAAQ9E,EAAG4yD,EAAGhoD,QAAQ9H,EAAEqc,GAE3D,EACD,SAAAy3C,CAAUnoE,GACN,MAAMmjB,EAAMnjB,EAAMvI,OACZu9C,EAAOh1C,EAAM,GACbkb,EAAOlb,EAAMnB,SAAS,GAE5B,GAAIskB,IAAQquD,GAA2B,IAATx8B,GAA0B,IAATA,EAoB1C,IAAI7xB,IAAQsuD,GAA4B,IAATz8B,EAAe,CAG/C,MAAO,CAAEzjC,EAFC4yD,EAAGgE,UAAUjtD,EAAKrc,SAAS,EAAGslE,EAAGyC,QAE/Bl2C,EADFyzC,EAAGgE,UAAUjtD,EAAKrc,SAASslE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEtE,CAEgB,MAAUxvE,MAAM,mBAAmB+rB,2BAA6BquD,yBAAqCC,uBACrH,CA3B2E,CAC3D,MAAMlgE,EAAIq8D,GAAmB1yD,GAC7B,IAAKg2D,GAAW3/D,EAAGue,GAAKq0C,EAAGsC,OACvB,MAAUrvE,MAAM,yBACpB,MAAM26E,EAAK1E,EAAoB97D,GAC/B,IAAImf,EACJ,IACIA,EAAIyzC,EAAGwD,KAAKoK,EAChC,CACgB,MAAOC,GACH,MAAMC,EAASD,aAAqB56E,MAAQ,KAAO46E,EAAU5oE,QAAU,GACvE,MAAUhS,MAAM,wBAA0B66E,EAC9D,CAMgB,QAHiC,GAAdj9B,OAFHtkB,EAAIZ,MAASA,MAIzBY,EAAIyzC,EAAG4B,IAAIr1C,IACR,CAAEnf,IAAGmf,IAC5B,CASS,IAECwhD,EAAiBvyD,GAAQguD,GAAcwE,GAAmBxyD,EAAKysD,EAAM7F,cAC3E,SAAS6L,EAAsBnhD,GAE3B,OAAOA,EADM0gD,GAAe7hD,EAEpC,CAKI,MAAMuiD,EAAS,CAACzkE,EAAGyI,EAAM6pD,IAAO0N,GAAmBhgE,EAAEpV,MAAM6d,EAAM6pD,IAIjE,MAAMpW,EACF,WAAAr0D,CAAY+b,EAAG9B,EAAG4iE,GACdz8E,KAAK2b,EAAIA,EACT3b,KAAK6Z,EAAIA,EACT7Z,KAAKy8E,SAAWA,EAChBz8E,KAAKk5E,gBACjB,CAEQ,kBAAOwD,CAAYljE,GACf,MAAM8oB,EAAIi0C,EAAM7F,YAEhB,OADAl3D,EAAMuzD,GAAY,mBAAoBvzD,EAAS,EAAJ8oB,GACpC,IAAI2xB,EAAUuoB,EAAOhjE,EAAK,EAAG8oB,GAAIk6C,EAAOhjE,EAAK8oB,EAAG,EAAIA,GACvE,CAGQ,cAAOq6C,CAAQnjE,GACX,MAAMmC,EAAEA,EAAC9B,EAAEA,GAAMo7D,GAAIS,MAAM3I,GAAY,MAAOvzD,IAC9C,OAAO,IAAIy6C,EAAUt4C,EAAG9B,EACpC,CACQ,cAAAq/D,GACIjB,GAAY,IAAKj4E,KAAK2b,EAAGse,GAAK6hD,GAC9B7D,GAAY,IAAKj4E,KAAK6Z,EAAGogB,GAAK6hD,EAC1C,CACQ,cAAAc,CAAeH,GACX,OAAO,IAAIxoB,EAAUj0D,KAAK2b,EAAG3b,KAAK6Z,EAAG4iE,EACjD,CACQ,gBAAAI,CAAiBC,GACb,MAAMnhE,EAAEA,EAAC9B,EAAEA,EAAG4iE,SAAUM,GAAQ/8E,KAC1BwxB,EAAIiqD,EAAc1O,GAAY,UAAW+P,IAC/C,GAAW,MAAPC,IAAgB,CAAC,EAAG,EAAG,EAAG,GAAG39D,SAAS29D,GACtC,MAAUx7E,MAAM,uBACpB,MAAMy7E,EAAe,IAARD,GAAqB,IAARA,EAAYphE,EAAI46D,EAAM1+D,EAAI8D,EACpD,GAAIqhE,GAAQ1O,EAAGsC,MACX,MAAUrvE,MAAM,8BACpB,MAAM8X,EAAgB,EAAN0jE,EAAwB,KAAP,KAC3BE,EAAI9E,EAAMc,QAAQ5/D,EAASgjE,EAAcW,IACzCE,EAAKnB,EAAKiB,GACVnoC,EAAKgnC,GAAMrqD,EAAI0rD,GACfpoC,EAAK+mC,EAAKhiE,EAAIqjE,GACd3rC,EAAI4mC,EAAM5E,KAAKuH,qBAAqBmC,EAAGpoC,EAAIC,GACjD,IAAKvD,EACD,MAAUhwC,MAAM,qBAEpB,OADAgwC,EAAE2nC,iBACK3nC,CACnB,CAEQ,QAAA4rC,GACI,OAAOZ,EAAsBv8E,KAAK6Z,EAC9C,CACQ,UAAAujE,GACI,OAAOp9E,KAAKm9E,WAAa,IAAIlpB,EAAUj0D,KAAK2b,EAAGkgE,GAAM77E,KAAK6Z,GAAI7Z,KAAKy8E,UAAYz8E,IAC3F,CAEQ,aAAAq9E,GACI,OAAOC,GAAct9E,KAAKu9E,WACtC,CACQ,QAAAA,GACI,OAAOtI,GAAImB,WAAW,CAAEz6D,EAAG3b,KAAK2b,EAAG9B,EAAG7Z,KAAK6Z,GACvD,CAEQ,iBAAA2jE,GACI,OAAOF,GAAct9E,KAAKy9E,eACtC,CACQ,YAAAA,GACI,OAAOpB,EAAcr8E,KAAK2b,GAAK0gE,EAAcr8E,KAAK6Z,EAC9D,EAEI,MAAMyzB,EAAQ,CACV,iBAAAowC,CAAkBlqE,GACd,IAEI,OADAmkE,EAAuBnkE,IAChB,CACvB,CACY,MAAO9M,GACH,OAAO,CACvB,CACS,EACDixE,uBAAwBA,EAKxBpqC,iBAAkB,KACd,MAAM3rC,EAAS+7E,GAAqBpH,EAAM1+D,GAC1C,OFzWL,SAAwBlH,EAAK6hE,EAAYxrD,GAAO,GACnD,MAAMsG,EAAM3c,EAAI/O,OACVg8E,EAAWrL,GAAoBC,GAC/BqL,EAASpL,GAAiBD,GAEhC,GAAIllD,EAAM,IAAMA,EAAMuwD,GAAUvwD,EAAM,KAClC,MAAU/rB,MAAM,YAAYs8E,8BAAmCvwD,KACnE,MAEM8M,EAAUD,GAFJnT,EAAO2lD,GAAgBh8D,GAAOi8D,GAAgBj8D,GAEjC6hE,EAAav4C,IAAOA,GAC7C,OAAOjT,EAAO8lD,GAAgB1yC,EAASwjD,GAAY/Q,GAAgBzyC,EAASwjD,EAChF,CE8VmBE,CAAmBvH,EAAMt5C,YAAYr7B,GAAS20E,EAAM1+D,EAAE,EAUjEkmE,WAAU,CAAC90D,EAAa,EAAGmuD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAerwD,GACrBmuD,EAAMgC,SAASlyD,OAAO,IACfkwD,IAef,SAAS4G,EAAU7a,GACf,MAAMh9C,EAAM0xD,GAAW1U,GACjBnpD,EAAsB,iBAATmpD,EACb71C,GAAOnH,GAAOnM,IAAQmpD,EAAKvhE,OACjC,OAAIukB,EACOmH,IAAQquD,GAAiBruD,IAAQsuD,EACxC5hE,EACOsT,IAAQ,EAAIquD,GAAiBruD,IAAQ,EAAIsuD,EAChDzY,aAAgBgV,CAG5B,CAuBI,MAAMqD,EAAWjF,EAAMiF,UACnB,SAAUrxE,GAGN,MAAM2f,EAAMiuD,GAAmB5tE,GACzB8zE,EAAuB,EAAf9zE,EAAMvI,OAAa20E,EAAM/F,WACvC,OAAOyN,EAAQ,EAAIn0D,GAAO5C,OAAO+2D,GAASn0D,CAC7C,EACC2xD,EAAgBlF,EAAMkF,eACxB,SAAUtxE,GACN,OAAO0xE,EAAKL,EAASrxE,GACxB,EAEC+zE,EAAaC,GAAW5H,EAAM/F,YAIpC,SAAS4N,EAAWt0D,GAGhB,OAFAmuD,GAAY,WAAW1B,EAAM/F,WAAc1mD,EAAKkQ,GAAKkkD,GAE9C5B,GAAmBxyD,EAAKysD,EAAM7F,YAC7C,CAMI,SAAS2N,EAAQvB,EAAStpE,EAAYkc,EAAO4uD,GACzC,GAAI,CAAC,YAAa,aAAa55E,MAAM+U,GAAMA,KAAKiW,IAC5C,MAAUnuB,MAAM,uCACpB,MAAMoM,KAAEA,EAAIsvB,YAAEA,GAAgBs5C,EAC9B,IAAIjkC,KAAEA,EAAIuiC,QAAEA,EAAS0J,aAAcC,GAAQ9uD,EAC/B,MAAR4iB,IACAA,GAAO,GACXwqC,EAAU/P,GAAY,UAAW+P,GACjClI,GAAmBllD,GACfmlD,IACAiI,EAAU/P,GAAY,oBAAqBp/D,EAAKmvE,KAIpD,MAAM2B,EAAQhD,EAAcqB,GACtBz5D,EAAIs0D,EAAuBnkE,GAC3BkrE,EAAW,CAACN,EAAW/6D,GAAI+6D,EAAWK,IAE5C,GAAW,MAAPD,IAAuB,IAARA,EAAe,CAE9B,MAAMt6E,GAAY,IAARs6E,EAAevhD,EAAYqxC,EAAGyC,OAASyN,EACjDE,EAAS57E,KAAKiqE,GAAY,eAAgB7oE,GACtD,CACQ,MAAMgnC,EAAOqsC,MAAkBmH,GACzBpmD,EAAImmD,EA0BV,MAAO,CAAEvzC,OAAMyzC,MAxBf,SAAeC,GAEX,MAAMnlE,EAAI+hE,EAASoD,GACnB,IAAKxD,EAAmB3hE,GACpB,OACJ,MAAMolE,EAAK9C,EAAKtiE,GACVmK,EAAIu0D,EAAM5E,KAAK6F,SAAS3/D,GAAG69D,WAC3B37D,EAAIkgE,EAAKj4D,EAAElI,GACjB,GAAIC,IAAMqe,GACN,OAIJ,MAAMngB,EAAIgiE,EAAKgD,EAAKhD,EAAKvjD,EAAI3c,EAAI0H,IACjC,GAAIxJ,IAAMmgB,GACN,OACJ,IAAIyiD,GAAY74D,EAAElI,IAAMC,EAAI,EAAI,GAAK0L,OAAOzD,EAAEiX,EAAIZ,IAC9C6kD,EAAQjlE,EAKZ,OAJIy4B,GAAQiqC,EAAsB1iE,KAC9BilE,EAlOZ,SAAoBjlE,GAChB,OAAO0iE,EAAsB1iE,GAAKgiE,GAAMhiE,GAAKA,CACrD,CAgOwBujE,CAAWvjE,GACnB4iE,GAAY,GAET,IAAIxoB,EAAUt4C,EAAGmjE,EAAOrC,EAC3C,EAEA,CACI,MAAM6B,EAAiB,CAAEhsC,KAAMikC,EAAMjkC,KAAMuiC,SAAS,GAC9CkK,EAAiB,CAAEzsC,KAAMikC,EAAMjkC,KAAMuiC,SAAS,GAwFpD,OAnEAsD,EAAM5E,KAAK+F,eAAe,GAmEnB,CACH/C,QACA/oC,aAlNJ,SAAsBh6B,EAAYynE,GAAe,GAC7C,OAAO9C,EAAMgB,eAAe3lE,GAAYwnE,WAAWC,EAC3D,EAiNQ3rC,gBAvLJ,SAAyB0vC,EAAUC,EAAShE,GAAe,GACvD,GAAI+C,EAAUgB,GACV,MAAUz9E,MAAM,iCACpB,IAAKy8E,EAAUiB,GACX,MAAU19E,MAAM,iCAEpB,OADU42E,EAAMc,QAAQgG,GACf7F,SAASzB,EAAuBqH,IAAWhE,WAAWC,EACvE,EAiLQ76C,KA9EJ,SAAc08C,EAASoC,EAASxvD,EAAO4uD,GACnC,MAAMpzC,KAAEA,EAAIyzC,MAAEA,GAAUN,EAAQvB,EAASoC,EAASxvD,GAC5C8kB,EAAI+hC,EAEV,OADa4I,GAAkB3qC,EAAE7mC,KAAKsY,UAAWuuB,EAAEk8B,YAAal8B,EAAE+2B,KAC3D6T,CAAKl0C,EAAMyzC,EAC1B,EA0EQh+C,OAzDJ,SAAgB9xB,EAAWiuE,EAAS/wE,EAAW2jB,EAAOqvD,GAClD,MAAMM,EAAKxwE,EAGX,GAFAiuE,EAAU/P,GAAY,UAAW+P,GACjC/wE,EAAYghE,GAAY,YAAahhE,GACjC,WAAY2jB,EACZ,MAAUnuB,MAAM,sCACpBqzE,GAAmBllD,GACnB,MAAM4iB,KAAEA,EAAIuiC,QAAEA,GAAYnlD,EAC1B,IAAI4vD,EACA7P,EACJ,IACI,GAAkB,iBAAP4P,GAAmBxH,GAAWwH,GAGrC,IACIC,EAAOrrB,EAAU0oB,QAAQ0C,EAC7C,CACgB,MAAOE,GACH,KAAMA,aAAoBtK,GAAIC,KAC1B,MAAMqK,EACVD,EAAOrrB,EAAUyoB,YAAY2C,EACjD,KAEiB,IAAkB,iBAAPA,GAAmC,iBAATA,EAAG1jE,GAAkC,iBAAT0jE,EAAGxlE,EAKrE,MAAUtY,MAAM,SALqE,CACrF,MAAMoa,EAAEA,EAAC9B,EAAEA,GAAMwlE,EACjBC,EAAO,IAAIrrB,EAAUt4C,EAAG9B,EACxC,CAGA,CACY41D,EAAI0I,EAAMc,QAAQltE,EAC9B,CACQ,MAAOrF,GACH,GAAsB,UAAlBA,EAAM6M,QACN,MAAUhS,MAAM,kEACpB,OAAO,CACnB,CACQ,GAAI+wC,GAAQgtC,EAAKnC,WACb,OAAO,EACPtI,IACAiI,EAAUvG,EAAM5oE,KAAKmvE,IACzB,MAAMnhE,EAAEA,EAAC9B,EAAEA,GAAMylE,EACX9tD,EAAIiqD,EAAcqB,GAClB0C,EAAKzD,EAAKliE,GACVg7B,EAAKgnC,EAAKrqD,EAAIguD,GACd1qC,EAAK+mC,EAAKlgE,EAAI6jE,GACdvC,EAAI9E,EAAM5E,KAAKuH,qBAAqBrL,EAAG56B,EAAIC,IAAKwiC,WACtD,QAAK2F,GAEKpB,EAAKoB,EAAEvhE,KACJC,CACrB,EAOQw/D,gBAAiBhD,EACjBlkB,YACA3mB,QAER;sECj/BO,SAASmyC,GAAQ9xE,GACpB,MAAO,CACHA,OACA49D,KAAM,CAAC56D,KAAQ+uE,IAASnU,GAAK59D,EAAMgD,EAAKiiB,MAAe8sD,IACvDziD,eAER,CACO,SAAS0iD,GAAYpE,EAAUqE,GAClC,MAAM56D,EAAUrX,GAAS2tE,GAAY,IAAKC,KAAakE,GAAQ9xE,KAC/D,OAAO7N,OAAOmxE,OAAO,IAAKjsD,EAAO46D,GAAU56D,UAC/C;sED4IgFkC,OAAO,GEnJvF,MAAMonD,GAAKqC,GAAMzpD,OAAO,uEAIXtc,GAAO+0E,GAAY,CAC5BnhE,EAJY8vD,GAAGtpD,OAAOkC,OAAO,OAK7BnP,EAJYmP,OAAO,sEAKvBonD,GAAIA,GAEAz2D,EAAGqP,OAAO,sEAEVwtD,GAAIxtD,OAAO,sEACXytD,GAAIztD,OAAO,sEACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACPvkC,ICvBG8xE,kBAA6B34D,OAAO,GAAK,GAAK,GAC9CD,kBAAuBC,OAAO,IAEpC,SAAS44D,GAAQjoE,EAAG+hC,GAAK,GACrB,OAAIA,EACO,CAAEpoB,EAAGnK,OAAOxP,EAAIgoE,IAAav9C,EAAGjb,OAAQxP,GAAKoP,GAAQ44D,KACzD,CAAEruD,EAAsC,EAAnCnK,OAAQxP,GAAKoP,GAAQ44D,IAAiBv9C,EAA4B,EAAzBjb,OAAOxP,EAAIgoE,IACpE,CACA,SAASliE,GAAMshC,EAAKrF,GAAK,GACrB,IAAImmC,EAAK,IAAI3/D,YAAY6+B,EAAIr9C,QACzBo+E,EAAK,IAAI5/D,YAAY6+B,EAAIr9C,QAC7B,IAAK,IAAIE,EAAI,EAAGA,EAAIm9C,EAAIr9C,OAAQE,IAAK,CACjC,MAAM0vB,EAAEA,EAAC8Q,EAAEA,GAAMw9C,GAAQ7gC,EAAIn9C,GAAI83C,IAChCmmC,EAAGj+E,GAAIk+E,EAAGl+E,IAAM,CAAC0vB,EAAG8Q,EAC7B,CACI,MAAO,CAACy9C,EAAIC,EAChB,CACA,MAcMC,GAAS,CAACzuD,EAAG8Q,EAAGzoB,IAAO2X,GAAK3X,EAAMyoB,IAAO,GAAKzoB,EAC9CqmE,GAAS,CAAC1uD,EAAG8Q,EAAGzoB,IAAOyoB,GAAKzoB,EAAM2X,IAAO,GAAK3X,EAE9CsmE,GAAS,CAAC3uD,EAAG8Q,EAAGzoB,IAAOyoB,GAAMzoB,EAAI,GAAQ2X,IAAO,GAAK3X,EACrDumE,GAAS,CAAC5uD,EAAG8Q,EAAGzoB,IAAO2X,GAAM3X,EAAI,GAAQyoB,IAAO,GAAKzoB,EAQ3D,MASMwmE,GAAM,CACRP,WAASniE,SAAO2iE,MApCN,CAAC9uD,EAAG8Q,IAAOpb,OAAOsK,IAAM,IAAMvK,GAAQC,OAAOob,IAAM,GAqC7Di+C,MAnCU,CAAC/uD,EAAGgvD,EAAI3mE,IAAM2X,IAAM3X,EAmCvB4mE,MAlCG,CAACjvD,EAAG8Q,EAAGzoB,IAAO2X,GAAM,GAAK3X,EAAOyoB,IAAMzoB,EAmChD6mE,OAjCW,CAAClvD,EAAG8Q,EAAGzoB,IAAO2X,IAAM3X,EAAMyoB,GAAM,GAAKzoB,EAiCxC8mE,OAhCG,CAACnvD,EAAG8Q,EAAGzoB,IAAO2X,GAAM,GAAK3X,EAAOyoB,IAAMzoB,EAgCjC+mE,OA9BL,CAACpvD,EAAG8Q,EAAGzoB,IAAO2X,GAAM,GAAK3X,EAAOyoB,IAAOzoB,EAAI,GA8B9BgnE,OA7Bb,CAACrvD,EAAG8Q,EAAGzoB,IAAO2X,IAAO3X,EAAI,GAAQyoB,GAAM,GAAKzoB,EA8BvDinE,QA5BY,CAACC,EAAIz+C,IAAMA,EA4Bd0+C,QA3BG,CAACxvD,EAAGgvD,IAAOhvD,EA4BvByuD,UAAQC,UAAQC,UAAQC,UACxBn8E,IApBJ,SAAa87E,EAAIC,EAAIiB,EAAIC,GACrB,MAAM5+C,GAAK09C,IAAO,IAAMkB,IAAO,GAC/B,MAAO,CAAE1vD,EAAIuuD,EAAKkB,GAAO3+C,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACxD,EAiBS6+C,MAfK,CAACnB,EAAIkB,EAAIE,KAAQpB,IAAO,IAAMkB,IAAO,IAAME,IAAO,GAehDC,MAdF,CAACC,EAAKvB,EAAIkB,EAAIM,IAAQxB,EAAKkB,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EAcrDE,MAbT,CAACxB,EAAIkB,EAAIE,EAAIK,KAAQzB,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,GAanDC,MAZhB,CAACJ,EAAKvB,EAAIkB,EAAIM,EAAII,IAAQ5B,EAAKkB,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAYhDM,MAVvB,CAACN,EAAKvB,EAAIkB,EAAIM,EAAII,EAAIE,IAAQ9B,EAAKkB,EAAKM,EAAKI,EAAKE,GAAOP,EAAM,GAAK,GAAM,GAAM,EAUlDQ,MAX9B,CAAC9B,EAAIkB,EAAIE,EAAIK,EAAIM,KAAQ/B,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMM,IAAO,KC1C3FC,GAAWC,mBAA6B,KAAO5B,GAAI1iE,MAAM,CAC5D,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,sBACpEhZ,KAAIkT,GAAKqP,OAAOrP,MArB6B,GAuBzCqqE,kBAA6B,IAAI9hE,YAAY,IAC7C+hE,kBAA6B,IAAI/hE,YAAY,IAC5C,MAAMgiE,WAAerY,GACxB,WAAAnqE,GACIC,MAAM,IAAK,GAAI,IAAI,GAKnBG,KAAK+/E,GAAK,WACV//E,KAAKggF,IAAK,UACVhgF,KAAKihF,IAAK,WACVjhF,KAAKkhF,IAAK,WACVlhF,KAAKuhF,GAAK,WACVvhF,KAAKohF,IAAK,SACVphF,KAAK2hF,IAAK,WACV3hF,KAAKyhF,GAAK,WACVzhF,KAAK6hF,GAAK,WACV7hF,KAAK+hF,IAAK,WACV/hF,KAAKqiF,IAAK,WACVriF,KAAKsiF,GAAK,UACVtiF,KAAKuiF,GAAK,UACVviF,KAAKwiF,IAAK,SACVxiF,KAAKyiF,GAAK,WACVziF,KAAK0iF,GAAK,SAClB,CAEI,GAAAv6E,GACI,MAAM43E,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO1iF,KAC3E,MAAO,CAAC+/E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC5E,CAEI,GAAAvgF,CAAI49E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC5D1iF,KAAK+/E,GAAU,EAALA,EACV//E,KAAKggF,GAAU,EAALA,EACVhgF,KAAKihF,GAAU,EAALA,EACVjhF,KAAKkhF,GAAU,EAALA,EACVlhF,KAAKuhF,GAAU,EAALA,EACVvhF,KAAKohF,GAAU,EAALA,EACVphF,KAAK2hF,GAAU,EAALA,EACV3hF,KAAKyhF,GAAU,EAALA,EACVzhF,KAAK6hF,GAAU,EAALA,EACV7hF,KAAK+hF,GAAU,EAALA,EACV/hF,KAAKqiF,GAAU,EAALA,EACVriF,KAAKsiF,GAAU,EAALA,EACVtiF,KAAKuiF,GAAU,EAALA,EACVviF,KAAKwiF,GAAU,EAALA,EACVxiF,KAAKyiF,GAAU,EAALA,EACVziF,KAAK0iF,GAAU,EAALA,CAClB,CACI,OAAAt/E,CAAQ2jB,EAAMjO,GAEV,IAAK,IAAIhX,EAAI,EAAGA,EAAI,GAAIA,IAAKgX,GAAU,EACnCopE,GAAWpgF,GAAKilB,EAAK0B,UAAU3P,GAC/BqpE,GAAWrgF,GAAKilB,EAAK0B,UAAW3P,GAAU,GAE9C,IAAK,IAAIhX,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAE1B,MAAM6gF,EAA4B,EAArBT,GAAWpgF,EAAI,IACtB8gF,EAA4B,EAArBT,GAAWrgF,EAAI,IACtB+gF,EAAMxC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIE,MAAMoC,EAAMC,EAAM,GACpFE,EAAMzC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAII,MAAMkC,EAAMC,EAAM,GAEpFG,EAA0B,EAApBb,GAAWpgF,EAAI,GACrBkhF,EAA0B,EAApBb,GAAWrgF,EAAI,GACrBmhF,EAAM5C,GAAIK,OAAOqC,EAAKC,EAAK,IAAM3C,GAAIO,OAAOmC,EAAKC,EAAK,IAAM3C,GAAIE,MAAMwC,EAAKC,EAAK,GAChFE,EAAM7C,GAAIM,OAAOoC,EAAKC,EAAK,IAAM3C,GAAIQ,OAAOkC,EAAKC,EAAK,IAAM3C,GAAII,MAAMsC,EAAKC,EAAK,GAEhFG,EAAO9C,GAAImB,MAAMsB,EAAKI,EAAKf,GAAWrgF,EAAI,GAAIqgF,GAAWrgF,EAAI,KAC7DshF,EAAO/C,GAAIqB,MAAMyB,EAAMN,EAAKI,EAAKf,GAAWpgF,EAAI,GAAIogF,GAAWpgF,EAAI,KACzEogF,GAAWpgF,GAAY,EAAPshF,EAChBjB,GAAWrgF,GAAY,EAAPqhF,CAC5B,CACQ,IAAIpD,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO1iF,KAEzE,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAEzB,MAAMuhF,EAAUhD,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIO,OAAOiB,EAAIE,EAAI,IAC/EuB,EAAUjD,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIQ,OAAOgB,EAAIE,EAAI,IAE/EwB,EAAQ1B,EAAKQ,GAAQR,EAAKU,EAC1BiB,EAAQzB,EAAKO,GAAQP,EAAKS,EAG1BiB,EAAOpD,GAAIyB,MAAMY,EAAIY,EAASE,EAAMvB,GAAUngF,GAAIqgF,GAAWrgF,IAC7D4hF,EAAMrD,GAAIuB,MAAM6B,EAAMhB,EAAIY,EAASE,EAAMvB,GAAUlgF,GAAIogF,GAAWpgF,IAClE6hF,EAAa,EAAPF,EAENG,EAAUvD,GAAIK,OAAOX,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAC/E6D,EAAUxD,GAAIM,OAAOZ,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAC/E8D,EAAQ/D,EAAKkB,EAAOlB,EAAKwB,EAAON,EAAKM,EACrCwC,EAAQ/D,EAAKkB,EAAOlB,EAAKoB,EAAOF,EAAKE,EAC3CqB,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALR,EACLS,EAAU,EAALP,IACFvwD,EAAGqwD,EAAIv/C,GAAU+9C,GAAIp8E,IAAS,EAAL09E,EAAa,EAALF,EAAc,EAANiC,EAAe,EAANC,IACrDhC,EAAU,EAALJ,EACLE,EAAU,EAALL,EACLG,EAAU,EAALN,EACLG,EAAU,EAALF,EACLD,EAAU,EAALlB,EACLmB,EAAU,EAALlB,EACL,MAAMgE,EAAM3D,GAAIc,MAAMwC,EAAKE,EAASE,GACpChE,EAAKM,GAAIgB,MAAM2C,EAAKN,EAAKE,EAASE,GAClC9D,EAAW,EAANgE,CACjB,GAEWxyD,EAAGuuD,EAAIz9C,EAAG09C,GAAOK,GAAIp8E,IAAc,EAAVjE,KAAK+/E,GAAkB,EAAV//E,KAAKggF,GAAa,EAALD,EAAa,EAALC,MAC3DxuD,EAAGyvD,EAAI3+C,EAAG4+C,GAAOb,GAAIp8E,IAAc,EAAVjE,KAAKihF,GAAkB,EAAVjhF,KAAKkhF,GAAa,EAALD,EAAa,EAALC,MAC3D1vD,EAAG+vD,EAAIj/C,EAAG8+C,GAAOf,GAAIp8E,IAAc,EAAVjE,KAAKuhF,GAAkB,EAAVvhF,KAAKohF,GAAa,EAALG,EAAa,EAALH,MAC3D5vD,EAAGmwD,EAAIr/C,EAAGm/C,GAAOpB,GAAIp8E,IAAc,EAAVjE,KAAK2hF,GAAkB,EAAV3hF,KAAKyhF,GAAa,EAALE,EAAa,EAALF,MAC3DjwD,EAAGqwD,EAAIv/C,GAAU+9C,GAAIp8E,IAAc,EAAVjE,KAAK6hF,GAAkB,EAAV7hF,KAAK+hF,GAAa,EAALF,EAAa,EAALE,MAC3DvwD,EAAG6wD,EAAI//C,EAAGggD,GAAOjC,GAAIp8E,IAAc,EAAVjE,KAAKqiF,GAAkB,EAAVriF,KAAKsiF,GAAa,EAALD,EAAa,EAALC,MAC3D9wD,EAAG+wD,EAAIjgD,EAAGkgD,GAAOnC,GAAIp8E,IAAc,EAAVjE,KAAKuiF,GAAkB,EAAVviF,KAAKwiF,GAAa,EAALD,EAAa,EAALC,MAC3DhxD,EAAGixD,EAAIngD,EAAGogD,GAAOrC,GAAIp8E,IAAc,EAAVjE,KAAKyiF,GAAkB,EAAVziF,KAAK0iF,GAAa,EAALD,EAAa,EAALC,IAC9D1iF,KAAKmC,IAAI49E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC7E,CACI,UAAAvY,GACI+X,GAAWx6D,KAAK,GAChBy6D,GAAWz6D,KAAK,EACxB,CACI,OAAAze,GACIjJ,KAAKsJ,OAAOoe,KAAK,GACjB1nB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC9D,EAgDO,MAAM8hF,WAAe7B,GACxB,WAAAxiF,GACIC,QAEAG,KAAK+/E,IAAK,UACV//E,KAAKggF,IAAK,WACVhgF,KAAKihF,GAAK,WACVjhF,KAAKkhF,GAAK,UACVlhF,KAAKuhF,IAAK,WACVvhF,KAAKohF,GAAK,UACVphF,KAAK2hF,GAAK,UACV3hF,KAAKyhF,IAAK,UACVzhF,KAAK6hF,GAAK,WACV7hF,KAAK+hF,IAAK,QACV/hF,KAAKqiF,IAAK,WACVriF,KAAKsiF,GAAK,WACVtiF,KAAKuiF,IAAK,UACVviF,KAAKwiF,GAAK,WACVxiF,KAAKyiF,GAAK,WACVziF,KAAK0iF,IAAK,WACV1iF,KAAKimB,UAAY,EACzB,EAEO,MAAMhY,kBAAyB07D,IAAgB,IAAM,IAAIyY,KAGnDp0E,kBAAyB27D,IAAgB,IAAM,IAAIsa,KC1N1D3V,GAAKqC,GADDzpD,OAAO,uGAMJpc,GAAO60E,GAAY,CAC5BnhE,EALY8vD,GAAGtpD,OAAOkC,OAAO,OAM7BnP,EAJYmP,OAAO,sGAKvBonD,GAAIA,GAEAz2D,EAAGqP,OAAO,sGAEVwtD,GAAIxtD,OAAO,sGACXytD,GAAIztD,OAAO,sGACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACPtkC,ICfGsgE,GAAKqC,GADDzpD,OAAO,0IAEXqvD,GAAQ,CACV/3D,EAAG8vD,GAAGtpD,OAAOkC,OAAO,OACpBnP,EAAGmP,OAAO,0IACdonD,GAAIA,GACAz2D,EAAGqP,OAAO,0IACVwtD,GAAIxtD,OAAO,0IACXytD,GAAIztD,OAAO,0IACXsK,EAAGtK,OAAO,IAGDlc,GAAO20E,GAAY,CAC5BnhE,EAAG+3D,GAAM/3D,EACTzG,EAAGw+D,GAAMx+D,EACbu2D,GAAIA,GAEAz2D,EAAG0+D,GAAM1+D,EACT68D,GAAI6B,GAAM7B,GACVC,GAAI4B,GAAM5B,GACVnjD,EAAG+kD,GAAM/kD,EACT8gB,MAAM,EACNmkC,yBAA0B,CAAC,IAAK,IAAK,MACtCxoE,IC5BGi2E,GAAU,GACVC,GAAY,GACZC,GAAa,GACbpqD,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC7Bm9D,kBAAsBn9D,OAAO,GAC7Bo9D,kBAAwBp9D,OAAO,KAC/Bq9D,kBAAyBr9D,OAAO,KACtC,IAAK,IAAIs9D,EAAQ,EAAGvH,EAAIhjD,GAAKve,EAAI,EAAGmf,EAAI,EAAG2pD,EAAQ,GAAIA,IAAS,EAE3D9oE,EAAGmf,GAAK,CAACA,GAAI,EAAInf,EAAI,EAAImf,GAAK,GAC/BqpD,GAAQphF,KAAK,GAAK,EAAI+3B,EAAInf,IAE1ByoE,GAAUrhF,MAAQ0hF,EAAQ,IAAMA,EAAQ,GAAM,EAAK,IAEnD,IAAI5oE,EAAIoe,GACR,IAAK,IAAI3f,EAAI,EAAGA,EAAI,EAAGA,IACnB4iE,GAAMA,GAAKhjD,IAASgjD,GAAKoH,IAAOE,IAAWD,GACvCrH,EAAIx8C,KACJ7kB,GAAKqe,KAASA,mBAAuB/S,OAAO7M,IAAM4f,IAE1DmqD,GAAWthF,KAAK8Y,EACpB,CACA,MAAO6oE,GAAaC,mBAA+B/mE,GAAMymE,IAAY,GAE/DO,GAAQ,CAACnzD,EAAG8Q,EAAGzoB,IAAOA,EAAI,GAAKsmE,GAAO3uD,EAAG8Q,EAAGzoB,GAAKomE,GAAOzuD,EAAG8Q,EAAGzoB,GAC9D+qE,GAAQ,CAACpzD,EAAG8Q,EAAGzoB,IAAOA,EAAI,GAAKumE,GAAO5uD,EAAG8Q,EAAGzoB,GAAKqmE,GAAO1uD,EAAG8Q,EAAGzoB,GA+C7D,MAAMgrE,WAAepb,GAExB,WAAA7pE,CAAYqoB,EAAUm0D,EAAQn2D,EAAW6+D,GAAY,EAAO72D,EAAS,IAcjE,GAbApuB,QACAG,KAAKioB,SAAWA,EAChBjoB,KAAKo8E,OAASA,EACdp8E,KAAKimB,UAAYA,EACjBjmB,KAAK8kF,UAAYA,EACjB9kF,KAAKiuB,OAASA,EACdjuB,KAAKgC,IAAM,EACXhC,KAAK+kF,OAAS,EACd/kF,KAAK8lB,UAAW,EAChB9lB,KAAK6lB,WAAY,EAEjBuV,GAAOnV,GAEH,GAAKjmB,KAAKioB,UAAYjoB,KAAKioB,UAAY,IACvC,MAAU1mB,MAAM,4CdhFT,IAAC4kB,EciFZnmB,KAAKmlB,MAAQ,IAAI1jB,WAAW,KAC5BzB,KAAKglF,SdlFO7+D,EckFOnmB,KAAKmlB,MdlFJ,IAAI/E,YAAY+F,EAAI7c,OAAQ6c,EAAI9b,WAAY5B,KAAK4P,MAAM8N,EAAI7b,WAAa,IcmFpG,CACI,MAAA26E,GACSj+D,IACDwiD,GAAWxpE,KAAKglF,SApErB,SAAiBnrE,EAAGoU,EAAS,IAChC,MAAM4uC,EAAI,IAAIz8C,YAAY,IAE1B,IAAK,IAAIokE,EAAQ,GAAKv2D,EAAQu2D,EAAQ,GAAIA,IAAS,CAE/C,IAAK,IAAI9oE,EAAI,EAAGA,EAAI,GAAIA,IACpBmhD,EAAEnhD,GAAK7B,EAAE6B,GAAK7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAC5D,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EAAG,CAC5B,MAAMwpE,GAAQxpE,EAAI,GAAK,GACjBypE,GAAQzpE,EAAI,GAAK,GACjB0pE,EAAKvoB,EAAEsoB,GACPE,EAAKxoB,EAAEsoB,EAAO,GACdG,EAAKX,GAAMS,EAAIC,EAAI,GAAKxoB,EAAEqoB,GAC1BK,EAAKX,GAAMQ,EAAIC,EAAI,GAAKxoB,EAAEqoB,EAAO,GACvC,IAAK,IAAIrqD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GACzBhhB,EAAE6B,EAAImf,IAAMyqD,EACZzrE,EAAE6B,EAAImf,EAAI,IAAM0qD,CAEhC,CAEQ,IAAIC,EAAO3rE,EAAE,GACT4rE,EAAO5rE,EAAE,GACb,IAAK,IAAI+B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMzS,EAAQg7E,GAAUvoE,GAClB0pE,EAAKX,GAAMa,EAAMC,EAAMt8E,GACvBo8E,EAAKX,GAAMY,EAAMC,EAAMt8E,GACvBu8E,EAAKxB,GAAQtoE,GACnB4pE,EAAO3rE,EAAE6rE,GACTD,EAAO5rE,EAAE6rE,EAAK,GACd7rE,EAAE6rE,GAAMJ,EACRzrE,EAAE6rE,EAAK,GAAKH,CACxB,CAEQ,IAAK,IAAI1qD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GAAI,CAC7B,IAAK,IAAInf,EAAI,EAAGA,EAAI,GAAIA,IACpBmhD,EAAEnhD,GAAK7B,EAAEghB,EAAInf,GACjB,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACpB7B,EAAEghB,EAAInf,KAAOmhD,GAAGnhD,EAAI,GAAK,IAAMmhD,GAAGnhD,EAAI,GAAK,GAC3D,CAEQ7B,EAAE,IAAM4qE,GAAYD,GACpB3qE,EAAE,IAAM6qE,GAAYF,EAC5B,CACI3nB,EAAEn1C,KAAK,EACX,CAyBQi+D,CAAQ3lF,KAAKglF,QAAShlF,KAAKiuB,QACtBjH,IACDwiD,GAAWxpE,KAAKglF,SACpBhlF,KAAK+kF,OAAS,EACd/kF,KAAKgC,IAAM,CACnB,CACI,MAAAuiB,CAAO1d,GACH6e,GAAO1lB,MACP,MAAMioB,SAAEA,EAAQ9C,MAAEA,GAAUnlB,KAEtBstB,GADNzmB,EAAOyf,GAAQzf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMsrB,GAAM,CAC1B,MAAM28C,EAAOxhE,KAAKud,IAAIiC,EAAWjoB,KAAKgC,IAAKsrB,EAAMtrB,GACjD,IAAK,IAAIF,EAAI,EAAGA,EAAImoE,EAAMnoE,IACtBqjB,EAAMnlB,KAAKgC,QAAU6E,EAAK7E,KAC1BhC,KAAKgC,MAAQimB,GACbjoB,KAAKilF,QACrB,CACQ,OAAOjlF,IACf,CACI,MAAA2G,GACI,GAAI3G,KAAK8lB,SACL,OACJ9lB,KAAK8lB,UAAW,EAChB,MAAMX,MAAEA,EAAKi3D,OAAEA,EAAMp6E,IAAEA,EAAGimB,SAAEA,GAAajoB,KAEzCmlB,EAAMnjB,IAAQo6E,EACA,IAATA,GAAwBp6E,IAAQimB,EAAW,GAC5CjoB,KAAKilF,SACT9/D,EAAM8C,EAAW,IAAM,IACvBjoB,KAAKilF,QACb,CACI,SAAAW,CAAU7/D,GACNL,GAAO1lB,MAAM,GACbmK,GAAM4b,GACN/lB,KAAK2G,SACL,MAAMk/E,EAAY7lF,KAAKmlB,OACjB8C,SAAEA,GAAajoB,KACrB,IAAK,IAAIgC,EAAM,EAAGsrB,EAAMvH,EAAInkB,OAAQI,EAAMsrB,GAAM,CACxCttB,KAAK+kF,QAAU98D,GACfjoB,KAAKilF,SACT,MAAMhb,EAAOxhE,KAAKud,IAAIiC,EAAWjoB,KAAK+kF,OAAQz3D,EAAMtrB,GACpD+jB,EAAI5jB,IAAI0jF,EAAU78E,SAAShJ,KAAK+kF,OAAQ/kF,KAAK+kF,OAAS9a,GAAOjoE,GAC7DhC,KAAK+kF,QAAU9a,EACfjoE,GAAOioE,CACnB,CACQ,OAAOlkD,CACf,CACI,OAAA+/D,CAAQ//D,GAEJ,IAAK/lB,KAAK8kF,UACN,MAAUvjF,MAAM,yCACpB,OAAOvB,KAAK4lF,UAAU7/D,EAC9B,CACI,GAAAggE,CAAI57E,GAEA,OADAixB,GAAOjxB,GACAnK,KAAK8lF,QAAQ,IAAIrkF,WAAW0I,GAC3C,CACI,UAAAwgB,CAAW5E,GAEP,GADAnf,GAAOmf,EAAK/lB,MACRA,KAAK8lB,SACL,MAAUvkB,MAAM,+BAGpB,OAFAvB,KAAK4lF,UAAU7/D,GACf/lB,KAAKiJ,UACE8c,CACf,CACI,MAAAvB,GACI,OAAOxkB,KAAK2qB,WAAW,IAAIlpB,WAAWzB,KAAKimB,WACnD,CACI,OAAAhd,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAKmlB,MAAMuC,KAAK,EACxB,CACI,UAAAgiD,CAAWW,GACP,MAAMpiD,SAAEA,EAAQm0D,OAAEA,EAAMn2D,UAAEA,EAASgI,OAAEA,EAAM62D,UAAEA,GAAc9kF,KAY3D,OAXAqqE,IAAOA,EAAK,IAAIwa,GAAO58D,EAAUm0D,EAAQn2D,EAAW6+D,EAAW72D,IAC/Do8C,EAAG2a,QAAQ7iF,IAAInC,KAAKglF,SACpB3a,EAAGroE,IAAMhC,KAAKgC,IACdqoE,EAAG0a,OAAS/kF,KAAK+kF,OACjB1a,EAAGvkD,SAAW9lB,KAAK8lB,SACnBukD,EAAGp8C,OAASA,EAEZo8C,EAAG+R,OAASA,EACZ/R,EAAGpkD,UAAYA,EACfokD,EAAGya,UAAYA,EACfza,EAAGxkD,UAAY7lB,KAAK6lB,UACbwkD,CACf,EAEA,MAAMwD,GAAM,CAACuO,EAAQn0D,EAAUhC,IAAc0jD,IAAgB,IAAM,IAAIkb,GAAO58D,EAAUm0D,EAAQn2D,KAMnF9X,kBAA2B0/D,GAAI,EAAM,IAAK,IAE1Cz/D,kBAA2By/D,GAAI,EAAM,GAAI,IAWzCmY,kBAFI,EAAC5J,EAAQn0D,EAAUhC,IdzC7B,SAAoCqF,GACvC,MAAMC,EAAQ,CAACC,EAAKkE,IAASpE,EAASoE,GAAMnL,OAAO+B,GAAQkF,IAAMhH,SAC3DiH,EAAMH,EAAS,IAIrB,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAU0K,GAASpE,EAASoE,GAC3BnE,CACX,CckCkD06D,EAA2B,CAACv2D,EAAO,CAAA,IAAO,IAAIm1D,GAAO58D,EAAUm0D,OAAuBh6E,IAAfstB,EAAKw2D,MAAsBjgE,EAAYyJ,EAAKw2D,OAAO,KAEpIC,CAAS,GAAM,IAAK,IC5MtDnsD,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIuU,GAAMvU,OAAO,GAEhEk/D,GAAiB,CAAEC,QAAQ,GAwB1B,SAASC,GAAe/K,GAC3B,MAAMhF,EAxBV,SAAsB7rE,GAClB,MAAMglB,EAAO+kD,GAAc/pE,GAa3B,OAZA8rE,GAAkB9rE,EAAO,CACrBiD,KAAM,WACN6Q,EAAG,SACH6E,EAAG,SACH4Z,YAAa,YACd,CACCspD,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAGT5mF,OAAOmxE,OAAO,IAAKvhD,GAC9B,CASkBgsD,CAAaH,IACrBjN,GAAEA,EAAIz2D,EAAgBg9D,QAASA,EAASlnE,KAAMg5E,EAAK1pD,YAAEA,EAAWyzC,YAAEA,EAAal/C,EAAGupD,GAAcxE,EAChGrF,EAAOzwC,IAAQvZ,OAAqB,EAAdwpD,GAAmBz2C,GACzC2sD,EAAOtY,EAAGtpD,OACVkyD,EAAKvG,GAAM4F,EAAM1+D,EAAG0+D,EAAM/F,YAE1BiW,EAAUlQ,EAAMkQ,SAC1B,EAAUzoD,EAAGlkB,KACD,IACI,MAAO,CAAEy0D,SAAS,EAAMhsE,MAAO+rE,EAAGwD,KAAK9zC,EAAIswC,EAAGuD,IAAI/3D,IAClE,CACY,MAAO5V,GACH,MAAO,CAAEqqE,SAAS,EAAOhsE,MAAOy3B,GAChD,CACS,GACCusD,EAAoBhQ,EAAMgQ,mBAAsB,CAACp8E,GAAUA,GAC3Dq8E,EAASjQ,EAAMiQ,QACzB,EAAU3/E,EAAMggF,EAAKC,KAET,GADAtb,GAAM,SAAUsb,GACZD,EAAIjlF,QAAUklF,EACd,MAAUvlF,MAAM,uCACpB,OAAOsF,CACV,GAGL,SAASkgF,EAAYtb,EAAO5zD,GACxBogE,GAAY,cAAgBxM,EAAO5zD,EAAGmiB,GAAKk3C,EACnD,CACI,SAAS8V,EAAYp2B,GACjB,KAAMA,aAAiBunB,GACnB,MAAU52E,MAAM,yBAC5B,CAGI,MAAM62E,EAAerJ,IAAS,CAAC3hD,EAAGirD,KAC9B,MAAQ4O,GAAIvrE,EAAGwrE,GAAIrsD,EAAGssD,GAAIjhD,GAAM9Y,EAC1B+jD,EAAM/jD,EAAE+jD,MACJ,MAANkH,IACAA,EAAKlH,EAAM11C,GAAM6yC,EAAGuD,IAAI3rC,IAC5B,MAAMuyC,EAAKmO,EAAKlrE,EAAI28D,GACdK,EAAKkO,EAAK/rD,EAAIw9C,GACdM,EAAKiO,EAAK1gD,EAAImyC,GACpB,GAAIlH,EACA,MAAO,CAAEz1D,EAAGse,GAAKa,EAAGZ,IACxB,GAAI0+C,IAAO1+C,GACP,MAAU14B,MAAM,oBACpB,MAAO,CAAEma,EAAG+8D,EAAI59C,EAAG69C,EAAI,IAErBE,EAAkB7J,IAAU3hD,IAC9B,MAAM5O,EAAEA,EAAC6E,EAAEA,GAAMkzD,EACjB,GAAInpD,EAAE+jD,MACF,MAAU5vE,MAAM,mBAGpB,MAAQ0lF,GAAI/kD,EAAGglD,GAAI/kD,EAAGglD,GAAIhkD,EAAG8X,GAAInjB,GAAM1K,EACjCwsD,EAAKgN,EAAK1kD,EAAIA,GACd23C,EAAK+M,EAAKzkD,EAAIA,GACd23C,EAAK8M,EAAKzjD,EAAIA,GACdikD,EAAKR,EAAK9M,EAAKA,GACfuN,EAAMT,EAAKhN,EAAKp7D,GAGtB,GAFaooE,EAAK9M,EAAK8M,EAAKS,EAAMxN,MACpB+M,EAAKQ,EAAKR,EAAKvjE,EAAIujE,EAAKhN,EAAKC,KAEvC,MAAUt4E,MAAM,yCAIpB,GAFWqlF,EAAK1kD,EAAIC,KACTykD,EAAKzjD,EAAIrL,GAEhB,MAAUv2B,MAAM,yCACpB,OAAO,CAAI,IAIf,MAAM42E,EACF,WAAAv4E,CAAYqnF,EAAIC,EAAIC,EAAIlsC,GACpBj7C,KAAKinF,GAAKA,EACVjnF,KAAKknF,GAAKA,EACVlnF,KAAKmnF,GAAKA,EACVnnF,KAAKi7C,GAAKA,EACV8rC,EAAY,IAAKE,GACjBF,EAAY,IAAKG,GACjBH,EAAY,IAAKI,GACjBJ,EAAY,IAAK9rC,GACjBn7C,OAAOmxE,OAAOjxE,KAC1B,CACQ,KAAI0b,GACA,OAAO1b,KAAKs3E,WAAW57D,CACnC,CACQ,KAAImf,GACA,OAAO76B,KAAKs3E,WAAWz8C,CACnC,CACQ,iBAAOi+C,CAAW1rD,GACd,GAAIA,aAAa+qD,EACb,MAAU52E,MAAM,8BACpB,MAAMma,EAAEA,EAACmf,EAAEA,GAAMzN,GAAK,CAAE,EAGxB,OAFA25D,EAAY,IAAKrrE,GACjBqrE,EAAY,IAAKlsD,GACV,IAAIs9C,EAAMz8D,EAAGmf,EAAGZ,GAAK2sD,EAAKlrE,EAAImf,GACjD,CACQ,iBAAOk+C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOxuE,KAAKyoB,GAAMA,EAAE+5D,MACjD,OAAOhU,EAAOxuE,KAAI,CAACyoB,EAAGtrB,IAAMsrB,EAAEkqD,SAAS0B,EAAMl3E,MAAK6C,IAAIwzE,EAAMW,WACxE,CAEQ,UAAOO,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAerwD,GACXswD,EAAKvF,cAAch0E,KAAMipB,EACrC,CAGQ,cAAAiwD,GACIN,EAAgB54E,KAC5B,CAEQ,MAAA2jD,CAAOiN,GACHo2B,EAAYp2B,GACZ,MAAQq2B,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAO35E,MAC3BinF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,GAAOlpB,EAC7B02B,EAAOV,EAAKnN,EAAKK,GACjByN,EAAOX,EAAKhN,EAAKD,GACjB6N,EAAOZ,EAAKlN,EAAKI,GACjB2N,EAAOb,EAAK/M,EAAKF,GACvB,OAAO2N,IAASC,GAAQC,IAASC,CAC7C,CACQ,GAAAtW,GACI,OAAOnxE,KAAK2jD,OAAOw0B,EAAMhI,KACrC,CACQ,MAAA4C,GAEI,OAAO,IAAIoF,EAAMyO,GAAM5mF,KAAKinF,IAAKjnF,KAAKknF,GAAIlnF,KAAKmnF,GAAIP,GAAM5mF,KAAKi7C,IAC1E,CAIQ,MAAAp/B,GACI,MAAM2C,EAAEA,GAAM+3D,GACN0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAO35E,KAC7BkjC,EAAI0jD,EAAKnN,EAAKA,GACd5c,EAAI+pB,EAAKlN,EAAKA,GACdllC,EAAIoyC,EAAKnmD,GAAMmmD,EAAKjN,EAAKA,IACzB33C,EAAI4kD,EAAKpoE,EAAI0kB,GACbwkD,EAAOjO,EAAKC,EACZhP,EAAIkc,EAAKA,EAAKc,EAAOA,GAAQxkD,EAAI25B,GACjC+N,EAAI5oC,EAAI66B,EACR8N,EAAIC,EAAIp2B,EACRq2B,EAAI7oC,EAAI66B,EACRod,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdl+C,EAAKi6D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIxtD,EACzC,CAIQ,GAAA1oB,CAAI2sD,GACAo2B,EAAYp2B,GACZ,MAAMpyC,EAAEA,EAAC6E,EAAEA,GAAMkzD,GACT0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,EAAI1+B,GAAIxuB,GAAOzsB,MACnCinF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,EAAI7+B,GAAIvuB,GAAOkkC,EAK3C,GAAIpyC,IAAM0I,QAAQ,GAAI,CAClB,MAAMgc,EAAI0jD,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3B/c,EAAI+pB,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3BjP,EAAIic,EAAK/pB,EAAI35B,GACnB,GAAIynC,IAAM3wC,GACN,OAAOh6B,KAAK6b,SAChB,MAAM24B,EAAIoyC,EAAKjN,EAAKl5C,GAAM/T,GACpBsV,EAAI4kD,EAAKn6D,EAAKgU,GAAMq5C,GACpBpP,EAAI1oC,EAAIwS,EACRo2B,EAAI/N,EAAI35B,EACR2nC,EAAI7oC,EAAIwS,EACRylC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdl+C,EAAKi6D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIxtD,EAC7C,CACY,MAAMuW,EAAI0jD,EAAKnN,EAAKG,GACd/c,EAAI+pB,EAAKlN,EAAKG,GACdrlC,EAAIoyC,EAAKn6D,EAAKpJ,EAAIqJ,GAClBsV,EAAI4kD,EAAKjN,EAAKG,GACdpP,EAAIkc,GAAMnN,EAAKC,IAAOE,EAAKC,GAAM32C,EAAI25B,GACrC8N,EAAI3oC,EAAIwS,EACRo2B,EAAI5oC,EAAIwS,EACRq2B,EAAI+b,EAAK/pB,EAAIr+C,EAAI0kB,GACjB+2C,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdl+C,EAAKi6D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIxtD,EACzC,CACQ,QAAAytD,CAASxpB,GACL,OAAO5wD,KAAKiE,IAAI2sD,EAAMmiB,SAClC,CACQ,IAAAH,CAAK/6D,GACD,OAAO0hE,EAAKzF,WAAW9zE,KAAM6X,EAAGsgE,EAAMY,WAClD,CAEQ,QAAAK,CAAS9E,GACL,MAAMz8D,EAAIy8D,EACV2D,GAAY,SAAUpgE,EAAGoiB,GAAK6hD,GAC9B,MAAM1uD,EAAEA,EAAC+Y,EAAEA,GAAMnmC,KAAK4yE,KAAK/6D,GAC3B,OAAOsgE,EAAMY,WAAW,CAAC3rD,EAAG+Y,IAAI,EAC5C,CAKQ,cAAAk0C,CAAe/F,GACX,MAAMz8D,EAAIy8D,EAEV,OADA2D,GAAY,SAAUpgE,EAAGmiB,GAAK8hD,GAC1BjkE,IAAMmiB,GACCoI,EACPpiC,KAAK2jD,OAAOvhB,IAAMvqB,IAAMoiB,GACjBj6B,KACPA,KAAK2jD,OAAOinB,GACL5qE,KAAK4yE,KAAK/6D,GAAGuV,EACjBmsD,EAAKtG,aAAajzE,KAAM6X,EAC3C,CAKQ,YAAA8vE,GACI,OAAO3nF,KAAKq6E,eAAeU,GAAU5J,KACjD,CAGQ,aAAAwF,GACI,OAAO4C,EAAKtG,aAAajzE,KAAM87E,GAAa3K,KACxD,CAGQ,QAAAmG,CAASe,GACL,OAAOD,EAAap4E,KAAMq4E,EACtC,CACQ,aAAAzB,GACI,MAAQplD,EAAGupD,GAAaxE,EACxB,OAAIwE,IAAa9gD,GACNj6B,KACJA,KAAKq6E,eAAeU,EACvC,CAGQ,cAAO9B,CAAQz/D,EAAK6sE,GAAS,GACzB,MAAMhjE,EAAEA,EAAC7E,EAAEA,GAAM+3D,EACXjpD,EAAMghD,EAAGyC,MACfv3D,EAAMuzD,GAAY,WAAYvzD,EAAK8T,GACnCk+C,GAAM,SAAU6a,GAChB,MAAMuB,EAASpuE,EAAI7W,QACbiuB,EAAWpX,EAAI8T,EAAM,GAC3Bs6D,EAAOt6D,EAAM,IAAgB,IAAXsD,EAClB,MAAMiK,EAAIgtD,GAAmBD,GAIvBl/E,EAAM29E,EAASnV,EAAO5C,EAAGsC,MAC/BqH,GAAY,aAAcp9C,EAAGb,GAAKtxB,GAGlC,MAAMwzE,EAAK0K,EAAK/rD,EAAIA,GACdmD,EAAI4oD,EAAK1K,EAAKjiD,IACdngB,EAAI8sE,EAAKvjE,EAAI64D,EAAK19D,GACxB,IAAI+vD,QAAEA,EAAShsE,MAAOmZ,GAAM+qE,EAAQzoD,EAAGlkB,GACvC,IAAKy0D,EACD,MAAUhtE,MAAM,uCACpB,MAAMumF,GAAUpsE,EAAIue,MAASA,GACvB8tD,KAA4B,IAAXn3D,GACvB,IAAKy1D,GAAU3qE,IAAMse,IAAO+tD,EAExB,MAAUxmF,MAAM,gCAGpB,OAFIwmF,IAAkBD,IAClBpsE,EAAIkrE,GAAMlrE,IACPy8D,EAAMW,WAAW,CAAEp9D,IAAGmf,KACzC,CACQ,qBAAOs+C,CAAe+F,GAClB,OAAO8I,EAAqB9I,GAAS9H,KACjD,CACQ,UAAA4D,GACI,MAAMt/D,EAAEA,EAACmf,EAAEA,GAAM76B,KAAKs3E,WAChBntE,EAAQ89E,GAAmBptD,EAAGyzC,EAAGyC,OAEvC,OADA5mE,EAAMA,EAAMvI,OAAS,IAAM8Z,EAAIue,GAAM,IAAO,EACrC9vB,CACnB,CACQ,KAAAqhC,GACI,OAAOssC,GAAc93E,KAAKg7E,aACtC,EAEI7C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAI16C,GAAK2sD,EAAKrQ,EAAM7B,GAAK6B,EAAM5B,KACtEwD,EAAMhI,KAAO,IAAIgI,EAAMn+C,GAAKC,GAAKA,GAAKD,IACtC,MAAQu5C,KAAM3I,EAAGuF,KAAM/tC,GAAM+1C,EACvBoB,EAAO3G,GAAKuF,EAAqB,EAAdzH,GACzB,SAASmL,EAAKr9D,GACV,OAAO2b,GAAI3b,EAAGs9D,EACtB,CAEI,SAASoM,EAAQv6E,GACb,OAAOkuE,EAAKgM,GAAmBl6E,GACvC,CAEI,SAASq6E,EAAqBr3E,GAC1B,MAAM2c,EAAMojD,EACZ//D,EAAMo8D,GAAY,cAAep8D,EAAK2c,GAGtC,MAAMoQ,EAASqvC,GAAY,qBAAsB4Z,EAAMh2E,GAAM,EAAI2c,GAC3D6xB,EAAOonC,EAAkB7oD,EAAO/6B,MAAM,EAAG2qB,IACzCjU,EAASqkB,EAAO/6B,MAAM2qB,EAAK,EAAIA,GAC/BgnD,EAAS4T,EAAQ/oC,GACjBi4B,EAAQxM,EAAEwO,SAAS9E,GACnB6T,EAAa/Q,EAAM4D,aACzB,MAAO,CAAE77B,OAAM9lC,SAAQi7D,SAAQ8C,QAAO+Q,aAC9C,CAMI,SAASC,EAAmBC,EAAU,IAAI5mF,cAAiBi+E,GACvD,MAAMl0D,EAAM+rD,MAAkBmI,GAC9B,OAAOwI,EAAQvB,EAAMH,EAAOh7D,EAAKuhD,GAAY,UAAWsb,KAAYxT,IAC5E,CAeI,MAAMyT,EAAalC,GA6BnBxb,EAAE0O,eAAe,GAiBjB,MAAO,CACH/C,QACA/oC,aAtEJ,SAAsB0xC,GAClB,OAAO8I,EAAqB9I,GAASiJ,UAC7C,EAqEQ/nD,KA9DJ,SAAc5U,EAAK0zD,EAASp5E,EAAU,CAAA,GAClC0lB,EAAMuhD,GAAY,UAAWvhD,GACzBqpD,IACArpD,EAAMqpD,EAAQrpD,IAClB,MAAMnS,OAAEA,EAAMi7D,OAAEA,EAAM6T,WAAEA,GAAeH,EAAqB9I,GACtDvjE,EAAIysE,EAAmBtiF,EAAQuiF,QAAShvE,EAAQmS,GAChDyxD,EAAIrS,EAAEwO,SAASz9D,GAAGq/D,aAElBnhE,EAAIgiE,EAAKlgE,EADLysE,EAAmBtiF,EAAQuiF,QAASpL,EAAGkL,EAAY38D,GACtC8oD,GAGvB,OAFA2D,GAAY,cAAep+D,EAAGmgB,GAAK8hD,GAE5B/O,GAAY,SADPwK,GAAe0F,EAAGgL,GAAmBpuE,EAAGy0D,EAAGyC,QACP,EAAdL,EAC1C,EAmDQ/vC,OAjDJ,SAAgBoK,EAAKvf,EAAKzf,EAAWjG,EAAUwiF,GAC3C,MAAMD,QAAEA,EAAOhC,OAAEA,GAAWvgF,EACtBwnB,EAAMghD,EAAGyC,MACfhmC,EAAMgiC,GAAY,YAAahiC,EAAK,EAAIzd,GACxC9B,EAAMuhD,GAAY,UAAWvhD,QACdppB,IAAXikF,GACA7a,GAAM,SAAU6a,GAChBxR,IACArpD,EAAMqpD,EAAQrpD,IAClB,MAAM3R,EAAIguE,GAAmB98C,EAAIpoC,MAAM2qB,EAAK,EAAIA,IAGhD,IAAI4V,EAAG+5C,EAAGsL,EACV,IACIrlD,EAAIi1C,EAAMc,QAAQltE,EAAWs6E,GAC7BpJ,EAAI9E,EAAMc,QAAQluC,EAAIpoC,MAAM,EAAG2qB,GAAM+4D,GACrCkC,EAAK3d,EAAEyP,eAAexgE,EAClC,CACQ,MAAOnT,GACH,OAAO,CACnB,CACQ,IAAK2/E,GAAUnjD,EAAEykD,eACb,OAAO,EACX,MAAMluE,EAAI2uE,EAAmBC,EAASpL,EAAEjC,aAAc93C,EAAE83C,aAAcxvD,GAGtE,OAFYyxD,EAAEh5E,IAAIi/B,EAAEm3C,eAAe5gE,IAExB2gE,SAASmO,GAAI3R,gBAAgBjzB,OAAOw0B,EAAMhI,KAC7D,EAuBQqY,cAAerQ,EACf7qC,MAtBU,CACV06C,uBAEAz6C,iBAAkB,IAAMtQ,EAAYqxC,EAAGyC,OAOvCgN,WAAU,CAAC90D,EAAa,EAAGmuD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAerwD,GACrBmuD,EAAMgC,SAASlyD,OAAO,IACfkwD,IAWnB;sEC7aA,MAAMp9C,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAiBZ,SAASuhE,GAAWlN,GACvB,MAAMhF,GAhBN/H,GADkB9jE,EAiBS6wE,EAhBL,CAClB/8D,EAAG,UACJ,CACCkqE,eAAgB,gBAChBhY,YAAa,gBACb6V,kBAAmB,WACnBC,OAAQ,WACRmC,WAAY,WACZC,GAAI,WAGD9oF,OAAOmxE,OAAO,IAAKvmE,KAZ9B,IAAsBA,EAkBlB,MAAM+kE,EAAEA,GAAM8G,EACRqQ,EAAQ/uE,GAAMsiB,GAAItiB,EAAG43D,GACrBiZ,EAAiBnS,EAAMmS,eACvBG,EAAkBpgF,KAAK2Q,KAAKsvE,EAAiB,GAC7C9K,EAAWrH,EAAM7F,YACjB6V,EAAoBhQ,EAAMgQ,mBAAiB,CAAMp8E,GAAUA,GAC3Dw+E,EAAapS,EAAMoS,YAAU,CAAMjtE,GAAM2zD,GAAI3zD,EAAG+zD,EAAIvoD,OAAO,GAAIuoD,IAWrE,SAAS3mC,EAAMggD,EAAMC,EAAKC,GACtB,MAAMC,EAAQrC,EAAKkC,GAAQC,EAAMC,IAGjC,MAAO,CAFPD,EAAMnC,EAAKmC,EAAME,GACjBD,EAAMpC,EAAKoC,EAAMC,GAEzB,CAGI,MAAMC,GAAO3S,EAAM/3D,EAAI0I,OAAO,IAAMA,OAAO,GA2D3C,SAASiiE,EAAkBnrD,GACvB,OAAO8uC,GAAgB8Z,EAAK5oD,GAAI6qD,EACxC,CAgBI,SAASt+C,EAAW+pC,EAAQt2C,GACxB,MAAMorD,EAhBV,SAA2BC,GAGvB,MAAMrrD,EAAI+uC,GAAY,eAAgBsc,EAAMR,GAG5C,OAFiB,KAAbjL,IACA5/C,EAAE,KAAO,KACN4uC,GAAgB5uC,EAC/B,CASuBsrD,CAAkBtrD,GAC3BurD,EATV,SAAsB1xE,GAClB,MAAM1N,EAAQ4iE,GAAY,SAAUl1D,GAC9ByV,EAAMnjB,EAAMvI,OAClB,GAAI0rB,IAAQu7D,GAAmBv7D,IAAQswD,EACnC,MAAUr8E,MAAM,YAAYsnF,QAAsBjL,gBAAuBtwD,KAC7E,OAAOs/C,GAAgB2Z,EAAkBp8E,GACjD,CAGwBq/E,CAAalV,GACvBmV,EAzEV,SAA0BzrD,EAAGs2C,GACzBpH,GAAS,IAAKlvC,EAAGhE,GAAKy1C,GACtBvC,GAAS,SAAUoH,EAAQt6C,GAAKy1C,GAGhC,MAAMh2D,EAAI66D,EACJoV,EAAM1rD,EACZ,IAKI2rD,EALAZ,EAAM9uD,GACN2vD,EAAM5vD,GACNgvD,EAAMhrD,EACN6rD,EAAM5vD,GACN6uD,EAAO9uD,GAEX,IAAK,IAAIpe,EAAIsL,OAAOwhE,EAAiB,GAAI9sE,GAAKoe,GAAKpe,IAAK,CACpD,MAAMkuE,EAAOrwE,GAAKmC,EAAKqe,GACvB6uD,GAAQgB,EACRH,EAAK7gD,EAAMggD,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GACTA,EAAK7gD,EAAMggD,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GACTb,EAAOgB,EACP,MAAM5mD,EAAI6lD,EAAMa,EACVG,EAAKnD,EAAK1jD,EAAIA,GACd25B,EAAIksB,EAAMa,EACVI,EAAKpD,EAAK/pB,EAAIA,GACd6N,EAAIqf,EAAKC,EACTx1C,EAAIw0C,EAAMa,EAEVI,EAAKrD,GADDoC,EAAMa,GACI3mD,GACdgnD,EAAKtD,EAAKpyC,EAAIqoB,GACdstB,EAAOF,EAAKC,EACZE,EAAQH,EAAKC,EACnBlB,EAAMpC,EAAKuD,EAAOA,GAClBN,EAAMjD,EAAK8C,EAAM9C,EAAKwD,EAAQA,IAC9BrB,EAAMnC,EAAKmD,EAAKC,GAChBJ,EAAMhD,EAAKlc,GAAKqf,EAAKnD,EAAKsC,EAAMxe,IAC5C,CAEQif,EAAK7gD,EAAMggD,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GAETA,EAAK7gD,EAAMggD,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GAET,MAAMU,EAAK1B,EAAWiB,GAEtB,OAAOhD,EAAKmC,EAAMsB,EAC1B,CAsBmBC,CAAiBlB,EAAQG,GAGpC,GAAIE,IAAOzvD,GACP,MAAUz4B,MAAM,0CACpB,OAAO4nF,EAAkBM,EACjC,CAEI,MAAMc,EAAUpB,EAAkB5S,EAAMqS,IACxC,SAAS4B,EAAelW,GACpB,OAAO/pC,EAAW+pC,EAAQiW,EAClC,CACI,MAAO,CACHhgD,aACAigD,iBACAl7C,gBAAiB,CAAC97B,EAAYzH,IAAcw+B,EAAW/2B,EAAYzH,GACnEyhC,aAAeh6B,GAAeg3E,EAAeh3E,GAC7C85B,MAAO,CAAEC,iBAAkB,IAAMgpC,EAAMt5C,YAAYs5C,EAAM7F,cACzD6Z,QAASA,EAEjB;sECrIA,MAAME,GAAe9gB,IAAgB,IAAMqc,GAAShhE,OAAO,CAAEkhE,MAAO,QAE9DwE,IADc/gB,IAAgB,IAAMqc,GAAShhE,OAAO,CAAEkhE,MAAO,OACpDh/D,OAAO,4IAEhB+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIgoD,GAAMhoD,OAAO,GAAUA,OAAO,GAAI,MAAAyjE,GAAOzjE,OAAO,IAElF0jE,GAAO1jE,OAAO,IAAK2jE,GAAO3jE,OAAO,IAAK4jE,GAAO5jE,OAAO,IAAK6jE,GAAQ7jE,OAAO,KAI9E,SAAS8jE,GAAsBtvE,GAC3B,MAAM+zD,EAAIib,GACJxlD,EAAMxpB,EAAIA,EAAIA,EAAK+zD,EACnBtqC,EAAMD,EAAKA,EAAKxpB,EAAK+zD,EACrBnqC,EAAMgqC,GAAKnqC,EAAI+pC,GAAKO,GAAKtqC,EAAMsqC,EAC/BhqC,EAAM6pC,GAAKhqC,EAAI4pC,GAAKO,GAAKtqC,EAAMsqC,EAC/B9pC,EAAO2pC,GAAK7pC,EAAIhF,GAAKgvC,GAAKvqC,EAAMuqC,EAChCwb,EAAO3b,GAAK3pC,EAAKglD,GAAMlb,GAAK9pC,EAAO8pC,EACnCyb,EAAO5b,GAAK2b,EAAKL,GAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,GAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,GAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,GAAMpb,GAAKyb,EAAOzb,EACrC6b,EAAQhc,GAAK+b,EAAM5qD,GAAKgvC,GAAKvqC,EAAMuqC,EACnC8b,EAAQjc,GAAKgc,EAAMrxD,GAAKw1C,GAAK/zD,EAAK+zD,EACxC,OAAQH,GAAKic,EAAMR,GAAOtb,GAAK6b,EAAQ7b,CAC3C,CACA,SAAS8W,GAAkBp8E,GAQvB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,IAAM,EACLA,CACX,CAsBA,MAAMmkE,GAAKqC,GAAM+Z,GAAQ,KAAK,GACxBc,GAAY,CAEdhtE,EAAG0I,OAAO,GAEV7D,EAAG6D,OAAO,2IAEdonD,GAAIA,GAGAz2D,EAAGqP,OAAO,2IAEVspD,WAAY,IAEZh/C,EAAGtK,OAAO,GAEVwtD,GAAIxtD,OAAO,2IACXytD,GAAIztD,OAAO,2IAEXvZ,KAAM88E,GACNxtD,eACAspD,qBAEAC,OAAQ,CAAC3/E,EAAMggF,EAAKC,KAChB,GAAID,EAAIjlF,OAAS,IACb,MAAUL,MAAM,uBAAuBslF,EAAIjlF,QAC/C,OAAOgxB,GAAYrM,GAAY,YAAa,IAAI9kB,WAAW,CAACqlF,EAAS,EAAI,EAAGD,EAAIjlF,SAAUilF,EAAKhgF,EAAK,EAExG4/E,QA/CJ,SAAiBzoD,EAAGlkB,GAChB,MAAM21D,EAAIib,GAOJe,EAAMtxD,GAAI6D,EAAIA,EAAIlkB,EAAG21D,GACrBic,EAAMvxD,GAAIsxD,EAAMztD,EAAGyxC,GACnBkc,EAAOxxD,GAAIuxD,EAAMD,EAAM3xE,EAAG21D,GAE1B/zD,EAAIye,GAAIuxD,EADDV,GAAsBW,GACTlc,GAEpBgI,EAAKt9C,GAAIze,EAAIA,EAAG+zD,GAGtB,MAAO,CAAElB,QAASp0C,GAAIs9C,EAAK39D,EAAG21D,KAAOzxC,EAAGz7B,MAAOmZ,EACnD,GA+Ba9O,kBAAwB05E,GAAekF,IAGvC7+E,kBAAuB,KAAO87E,GAAW,CAClDjqE,EAAG0I,OAAO,QAEVwhE,eAAgB,IAChBhY,YAAa,GACbjB,EAAGib,GACH9B,GAAI1hE,OAAO,GACXyhE,WAAajtE,IACT,MAAM+zD,EAAIib,GAGV,OAAOvwD,GADSm1C,GADI0b,GAAsBtvE,GACRwL,OAAO,GAAIuoD,GACxB/zD,EAAG+zD,EAAE,EAE9B8W,qBACAtpD,iBAdgC,GAgCnBqxC,GAAGsC,MAAQ1pD,OAAO,GAAMA,OAAO,GACjCA,OAAO,QAuFFA,OAAO,SAEHA,OAAO,SAEVA,OAAO,0IAEJA,OAAO,2IAGdA,OAAO;;AClOxB,MAAM0kE,GAAa1kE,OAAO,sEACpB2kE,GAAa3kE,OAAO,sEACpB+S,GAAM/S,OAAO,GACbuZ,GAAMvZ,OAAO,GACb4kE,GAAa,CAACttE,EAAGzG,KAAOyG,EAAIzG,EAAI0oB,IAAO1oB,EA6B7C,MAAMu2D,GAAKqC,GAAMib,QAAYxpF,OAAWA,EAAW,CAAE0vE,KAxBrD,SAAiBj3C,GACb,MAAM40C,EAAImc,GAEJ1c,EAAMhoD,OAAO,GAAI6kE,EAAM7kE,OAAO,GAAIyjE,EAAOzjE,OAAO,IAAK0jE,EAAO1jE,OAAO,IAEnE8kE,EAAO9kE,OAAO,IAAK2jE,EAAO3jE,OAAO,IAAK4jE,EAAO5jE,OAAO,IACpDge,EAAMrK,EAAIA,EAAIA,EAAK40C,EACnBtqC,EAAMD,EAAKA,EAAKrK,EAAK40C,EACrBnqC,EAAMgqC,GAAKnqC,EAAI+pC,EAAKO,GAAKtqC,EAAMsqC,EAC/BhqC,EAAM6pC,GAAKhqC,EAAI4pC,EAAKO,GAAKtqC,EAAMsqC,EAC/B9pC,EAAO2pC,GAAK7pC,EAAIhF,GAAKgvC,GAAKvqC,EAAMuqC,EAChCwb,EAAO3b,GAAK3pC,EAAKglD,EAAMlb,GAAK9pC,EAAO8pC,EACnCyb,EAAO5b,GAAK2b,EAAKL,EAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,EAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,EAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,EAAMpb,GAAKyb,EAAOzb,EACrC8b,EAAQjc,GAAK+b,EAAMnc,EAAKO,GAAKtqC,EAAMsqC,EACnCthD,EAAMmhD,GAAKic,EAAMS,EAAMvc,GAAKwb,EAAOxb,EACnCrhD,EAAMkhD,GAAKnhD,EAAI49D,EAAKtc,GAAKvqC,EAAMuqC,EAC/BE,EAAOL,GAAKlhD,EAAIqS,GAAKgvC,GAC3B,IAAKnB,GAAGsB,IAAItB,GAAGuB,IAAIF,GAAO90C,GACtB,MAAUt5B,MAAM,2BACpB,OAAOouE,CACX,IAKa1kE,GAAY00E,GAAY,CACjCnhE,EAAG0I,OAAO,GACVnP,EAAGmP,OAAO,GACdonD,GAAIA,GACAz2D,EAAGg0E,GAEHnX,GAAIxtD,OAAO,iFACXytD,GAAIztD,OAAO,iFACXsK,EAAGtK,OAAO,GACVorB,MAAM,EAONwkC,KAAM,CACFC,KAAM7vD,OAAO,sEACb8vD,YAAcv9D,IACV,MAAM5B,EAAIg0E,GACJv5D,EAAKpL,OAAO,sCACZ+d,GAAMhL,GAAM/S,OAAO,sCACnB+kE,EAAK/kE,OAAO,uCACZge,EAAK5S,EACL45D,EAAYhlE,OAAO,uCACnBga,EAAK4qD,GAAW5mD,EAAKzrB,EAAG5B,GACxBspB,EAAK2qD,IAAY7mD,EAAKxrB,EAAG5B,GAC/B,IAAI6Q,EAAKyR,GAAI1gB,EAAIynB,EAAK5O,EAAK6O,EAAK8qD,EAAIp0E,GAChC8Q,EAAKwR,IAAK+G,EAAK+D,EAAK9D,EAAK+D,EAAIrtB,GACjC,MAAM0iE,EAAQ7xD,EAAKwjE,EACb1R,EAAQ7xD,EAAKujE,EAKnB,GAJI3R,IACA7xD,EAAK7Q,EAAI6Q,GACT8xD,IACA7xD,EAAK9Q,EAAI8Q,GACTD,EAAKwjE,GAAavjE,EAAKujE,EACvB,MAAU3qF,MAAM,uCAAyCkY,GAE7D,MAAO,CAAE8gE,QAAO7xD,KAAI8xD,QAAO7xD,KAAI,IAGxC5a,IAGSmZ,OAAO,GAiBLjc,GAAUkwE,gBCnGxB,MAAM7M,GAAKqC,GAAMzpD,OAAO,uEAKX5b,GAAkBq0E,GAAY,CACzCnhE,EALc8vD,GAAGtpD,OAAOkC,OAAO,uEAM/BnP,EALcmP,OAAO,yEAMrBonD,GAEAz2D,EAAGqP,OAAO,sEAEVwtD,GAAIxtD,OAAO,sEACXytD,GAAIztD,OAAO,sEACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACIvkC,IChBNugE,GAAKqC,GAAMzpD,OAAO,uGAKX3b,GAAkBo0E,GAAY,CACzCnhE,EALc8vD,GAAGtpD,OAAOkC,OAAO,uGAM/BnP,EALcmP,OAAO,yGAMrBonD,GAEAz2D,EAAGqP,OAAO,sGAEVwtD,GAAIxtD,OAAO,sGACXytD,GAAIztD,OAAO,sGACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACItkC,IChBNsgE,GAAKqC,GAAMzpD,OAAO,uIAKX1b,GAAkBm0E,GAAY,CACzCnhE,EALc8vD,GAAGtpD,OAAOkC,OAAO,uIAM/BnP,EALcmP,OAAO,sIAMrBonD,MAEAz2D,EAAGqP,OAAO,sIAEVwtD,GAAIxtD,OAAO,sIACXytD,GAAIztD,OAAO,sIACXsK,EAAGtK,OAAO,GACVorB,MAAM,GACIrkC,ICRCyJ,GAAc,IAAI4+C,IAAIx2D,OAAOiI,QAAQ,CAClD4C,SAAEA,GACFE,SAAEA,GACFE,SAAEA,GACAO,mBACAC,mBACAC,mBACAP,aACA0B,QACAC,+ECDF,SAASu/E,GAAIz1C,EAAMnjC,EAASya,EAASyF,EAAMhE,EAAI5f,GAE7C,MAAMu8E,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI7qF,EACAuY,EACAuyE,EACAC,EACAC,EACAriE,EACAouD,EACAkU,EAKAC,EACAC,EAdA30D,EAAI,EAeJhL,EAAM/Z,EAAQ3R,OAGlB,MAAMsrF,EAA6B,KAAhBx2C,EAAK90C,OAAgB,EAAI,EAE1CmrF,EADiB,IAAfG,EACQl/D,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFza,EAqQJ,SAAuBA,GACrB,MAAM45E,EAAY,EAAK55E,EAAQ3R,OAAS,EAExC,IAAI+wB,EAKG,KAAiBw6D,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAO55E,EAEP,MAAUhS,MAAM,uBACpB,CALIoxB,EAAM,EAOR,MAAMy6D,EAAgB,IAAI3rF,WAAW8R,EAAQ3R,OAASurF,GACtD,IAAK,IAAIrrF,EAAI,EAAGA,EAAIyR,EAAQ3R,OAAQE,IAClCsrF,EAActrF,GAAKyR,EAAQzR,GAE7B,IAAK,IAAIuY,EAAI,EAAGA,EAAI8yE,EAAW9yE,IAC7B+yE,EAAc75E,EAAQ3R,OAASyY,GAAKsY,EAGtC,OAAOy6D,CACT,CA9RcC,CAAc95E,GACxB+Z,EAAM/Z,EAAQ3R,QAIhB,IAAIG,EAAS,IAAIN,WAAW6rB,GACxB7T,EAAI,EASR,KAAO6e,EAAIhL,GAAK,CAsCd,IArCA7C,EAAQlX,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,EAAK/kB,EAAQ+kB,KACnFugD,EAAStlE,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,GAAO/kB,EAAQ+kB,MAAQ,EAAK/kB,EAAQ+kB,KAgBpFs0D,EAAgC,WAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EACjBA,EAAiC,OAAxBniE,IAAS,GAAMouD,GACxBA,GAAS+T,EACTniE,GAASmiE,GAAQ,GACjBA,EAAgC,WAAvB/T,IAAU,EAAKpuD,GACxBA,GAAQmiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,UAAvB/T,IAAU,EAAKpuD,GACxBA,GAAQmiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EAEjBniE,EAASA,GAAQ,EAAMA,IAAS,GAChCouD,EAAUA,GAAS,EAAMA,IAAU,GAG9Bx+D,EAAI,EAAGA,EAAI6yE,EAAY7yE,GAAK,EAAG,CAIlC,IAHA2yE,EAAUD,EAAQ1yE,EAAI,GACtB4yE,EAAUF,EAAQ1yE,EAAI,GAEjBvY,EAAIirF,EAAQ1yE,GAAIvY,IAAMkrF,EAASlrF,GAAKmrF,EACvCJ,EAAShU,EAAQniC,EAAK50C,GACtBgrF,GAAWjU,IAAU,EAAMA,GAAS,IAAOniC,EAAK50C,EAAI,GAEpD8qF,EAAOniE,EACPA,EAAOouD,EACPA,EAAQ+T,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOniE,EACPA,EAAOouD,EACPA,EAAQ+T,CACT,CAGDniE,EAASA,IAAS,EAAMA,GAAQ,GAChCouD,EAAUA,IAAU,EAAMA,GAAS,GAGnC+T,EAAgC,YAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAKpuD,GACxBA,GAAQmiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,WAAvB/T,IAAU,EAAKpuD,GACxBA,GAAQmiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAiC,OAAxBniE,IAAS,GAAMouD,GACxBA,GAAS+T,EACTniE,GAASmiE,GAAQ,GACjBA,EAAgC,WAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EAajB7qF,EAAO0X,KAAQgR,IAAS,GACxB1oB,EAAO0X,KAASgR,IAAS,GAAM,IAC/B1oB,EAAO0X,KAASgR,IAAS,EAAK,IAC9B1oB,EAAO0X,KAAe,IAAPgR,EACf1oB,EAAO0X,KAAQo/D,IAAU,GACzB92E,EAAO0X,KAASo/D,IAAU,GAAM,IAChC92E,EAAO0X,KAASo/D,IAAU,EAAK,IAC/B92E,EAAO0X,KAAgB,IAARo/D,CAChB,CAOD,OAJK7qD,IACHjsB,EA4KJ,SAA0BwR,GACxB,IACIof,EADAw6D,EAAY,KAYhB,GALEx6D,EAAM,GAKHw6D,EAAW,CAEd,IADAA,EAAY,EACL55E,EAAQA,EAAQ3R,OAASurF,KAAex6D,GAC7Cw6D,IAEFA,GACJ,CAEE,OAAO55E,EAAQvK,SAAS,EAAGuK,EAAQ3R,OAASurF,EAC9C,CAlMaG,CAAiBvrF,IAGrBA,CACT,CAOA,SAASwrF,GAAc58E,GAErB,MAAM68E,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAav8E,EAAI/O,OAAS,EAAI,EAAI,EAElC80C,EAAW/2C,MAAM,GAAKutF,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGA5B,EAFAt0D,EAAI,EACJzgB,EAAI,EAGR,IAAK,IAAIwC,EAAI,EAAGA,EAAI6yE,EAAY7yE,IAAK,CACnC,IAAIoQ,EAAQ9Z,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,EAAK3nB,EAAI2nB,KACnEugD,EAASloE,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,GAAO3nB,EAAI2nB,MAAQ,EAAK3nB,EAAI2nB,KAExEs0D,EAAgC,WAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAMpuD,GAC1BA,GAAQmiE,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,WAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAMpuD,GAC1BA,GAAQmiE,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,YAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAKpuD,GACxBA,GAAQmiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBniE,IAAS,EAAKouD,GACvBA,GAAS+T,EACTniE,GAASmiE,GAAQ,EAGjBA,EAAQniE,GAAQ,EAAOouD,IAAU,GAAM,IAEvCpuD,EAAQouD,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQ+T,EAGR,IAAK,IAAI9qF,EAAI,EAAGA,EAAIwsF,GAAexsF,IAE7BwsF,EAAOxsF,IACT2oB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BouD,EAASA,GAAS,EAAMA,IAAU,KAElCpuD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BouD,EAASA,GAAS,EAAMA,IAAU,IAEpCpuD,IAAS,GACTouD,IAAU,GAMV0V,EAAWf,EAAU/iE,IAAS,IAAMgjE,EAAWhjE,IAAS,GAAM,IAAOijE,EAAWjjE,IAAS,GAAM,IAAOkjE,EACpGljE,IAAS,GAAM,IAAOmjE,EAAWnjE,IAAS,GAAM,IAAOojE,EAAWpjE,IAAS,EAAK,IAAOqjE,EAAWrjE,IAAS,EAC3G,IACF+jE,EAAYT,EAAUlV,IAAU,IAAMmV,EAAWnV,IAAU,GAAM,IAAOoV,EAAWpV,IAAU,GAAM,IACjGqV,EAAYrV,IAAU,GAAM,IAAOsV,EAAYtV,IAAU,GAAM,IAAOuV,EAAYvV,IAAU,EAAK,IACjGwV,EAAYxV,IAAU,EAAK,IAC7B+T,EAAyC,OAAhC4B,IAAc,GAAMD,GAC7B73C,EAAK7+B,KAAO02E,EAAW3B,EACvBl2C,EAAK7+B,KAAO22E,EAAa5B,GAAQ,EAEpC,CAED,OAAOl2C,CACT,CAwDO,SAAS+3C,GAAU99E,GACxB3Q,KAAK2Q,IAAM,GAEX,IAAK,IAAI7O,EAAI,EAAGA,EAAI,EAAGA,IACrB9B,KAAK2Q,IAAI7N,KAAK,IAAIrB,WAAWkP,EAAI3H,SAAa,EAAJlH,EAAY,EAAJA,EAAS,KAG7D9B,KAAKguB,QAAU,SAASiE,GACtB,OAAOk6D,GACLoB,GAAcvtF,KAAK2Q,IAAI,IACvBw7E,GACEoB,GAAcvtF,KAAK2Q,IAAI,IACvBw7E,GACEoB,GAAcvtF,KAAK2Q,IAAI,IACvBshB,GAAO,IAET,IACC,EAEN,CACH,CCtbA,SAASy8D,KACP1uF,KAAK2uF,UAAY,EACjB3uF,KAAK4uF,QAAU,GAEf5uF,KAAK6uF,OAAS,SAASl+E,GAMrB,GALA3Q,KAAK8uF,QAAcnvF,MAAM,IACzBK,KAAK+uF,OAAapvF,MAAM,IAExBK,KAAK2tE,QAEDh9D,EAAI/O,SAAW5B,KAAK4uF,QAGtB,MAAUrtF,MAAM,mCAElB,OAJEvB,KAAKgvF,YAAYr+E,IAIZ,CACR,EAED3Q,KAAK2tE,MAAQ,WACX,IAAK,IAAI7rE,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK8uF,QAAQhtF,GAAK,EAClB9B,KAAK+uF,OAAOjtF,GAAK,CAEpB,EAED9B,KAAKivF,aAAe,WAClB,OAAOjvF,KAAK2uF,SACb,EAED3uF,KAAKguB,QAAU,SAASW,GACtB,MAAMH,EAAU7uB,MAAMgvB,EAAI/sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI6sB,EAAI/sB,OAAQE,GAAK,EAAG,CACtC,IAEI8Z,EAFA0mB,EAAK3T,EAAI7sB,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GACtE6Z,EAAKgT,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GAG9E8Z,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EAEJ4S,EAAI1sB,GAAM6Z,IAAM,GAAM,IACtB6S,EAAI1sB,EAAI,GAAM6Z,IAAM,GAAM,IAC1B6S,EAAI1sB,EAAI,GAAM6Z,IAAM,EAAK,IACzB6S,EAAI1sB,EAAI,GAAS,IAAJ6Z,EACb6S,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,IAAM,EAAK,IACzB9T,EAAI1sB,EAAI,GAAS,IAAJwgC,CACnB,CAEI,OAAO9T,CACR,EAEDxuB,KAAKsuB,QAAU,SAASK,GACtB,MAAMH,EAAU7uB,MAAMgvB,EAAI/sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI6sB,EAAI/sB,OAAQE,GAAK,EAAG,CACtC,IAEI8Z,EAFA0mB,EAAK3T,EAAI7sB,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GACtE6Z,EAAKgT,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,GAAO6sB,EAAI7sB,EAAI,IAAM,EAAK6sB,EAAI7sB,EAAI,GAG9E8Z,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,IAAK9uF,KAAK+uF,OAAO,KAC5CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI8sD,EAAGzzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI6sD,EAAGxzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAG3b,KAAK8uF,QAAQ,GAAI9uF,KAAK+uF,OAAO,IAC3CzsD,EAAI1mB,EAEJ4S,EAAI1sB,GAAM6Z,IAAM,GAAM,IACtB6S,EAAI1sB,EAAI,GAAM6Z,IAAM,GAAM,IAC1B6S,EAAI1sB,EAAI,GAAM6Z,IAAM,EAAK,IACzB6S,EAAI1sB,EAAI,GAAS,IAAJ6Z,EACb6S,EAAI1sB,EAAI,GAAMwgC,IAAM,GAAM,IAC1B9T,EAAI1sB,EAAI,GAAMwgC,GAAK,GAAM,IACzB9T,EAAI1sB,EAAI,GAAMwgC,GAAK,EAAK,IACxB9T,EAAI1sB,EAAI,GAAS,IAAJwgC,CACnB,CAEI,OAAO9T,CACR,EACD,MAAM6gE,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAG7rE,EAAGiV,EAAG3c,GAChB,MAAMC,EAAI0c,EAAIjV,EACR+e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS4zE,EAAK,GAAGntD,IAAM,IAAMmtD,EAAK,GAAIntD,IAAM,GAAM,MAAQmtD,EAAK,GAAIntD,IAAM,EAAK,KAAQmtD,EAAK,GAAO,IAAJntD,EAClG,CAEE,SAAS+sD,EAAG9rE,EAAGiV,EAAG3c,GAChB,MAAMC,EAAI0c,EAAIjV,EACR+e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS4zE,EAAK,GAAGntD,IAAM,IAAMmtD,EAAK,GAAIntD,IAAM,GAAM,KAAQmtD,EAAK,GAAIntD,IAAM,EAAK,KAAQmtD,EAAK,GAAO,IAAJntD,EAClG,CAEE,SAASgtD,EAAG/rE,EAAGiV,EAAG3c,GAChB,MAAMC,EAAI0c,EAAIjV,EACR+e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS4zE,EAAK,GAAGntD,IAAM,IAAMmtD,EAAK,GAAIntD,IAAM,GAAM,KAAQmtD,EAAK,GAAIntD,IAAM,EAAK,MAAQmtD,EAAK,GAAO,IAAJntD,EAClG,CA9FEktD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnCtvF,KAAKgvF,YAAc,SAASQ,GAC1B,MAAM5zE,aACAnC,EAAQ9Z,MAAM,IAEpB,IAAI0a,EAEJ,IAAK,IAAIvY,EAAI,EAAGA,EAAI,EAAGA,IACrBuY,EAAQ,EAAJvY,EACJ8Z,EAAE9Z,GAAM0tF,EAAIn1E,IAAM,GAAOm1E,EAAIn1E,EAAI,IAAM,GAAOm1E,EAAIn1E,EAAI,IAAM,EAAKm1E,EAAIn1E,EAAI,GAG3E,MAAMqB,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIyN,EADAsmE,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIlL,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAKnqE,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMmE,EAAI6wE,EAAU7K,GAAOnqE,GAC3B8O,EAAIvN,EAAE4C,EAAE,IAER2K,GAAKomE,EAAK,GAAI3zE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD2K,GAAKomE,EAAK,GAAI3zE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD2K,GAAKomE,EAAK,GAAI3zE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD2K,GAAKomE,EAAK,GAAI3zE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD2K,GAAKomE,EAAK7zE,EAAErB,IAAKuB,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D5C,EAAE4C,EAAE,IAAM2K,CACpB,CAEQ,IAAK9O,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtC,EAAIu3E,EAAU9K,GAAOnqE,GAC3B8O,EAAIomE,EAAK,GAAI3zE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDoR,GAAKomE,EAAK,GAAI3zE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDoR,GAAKomE,EAAK,GAAI3zE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDoR,GAAKomE,EAAK,GAAI3zE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDoR,GAAKomE,EAAK,EAAIl1E,GAAIuB,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7D0B,EAAEg2E,GAAMtmE,EACRsmE,GACV,CACA,CAGI,IAAK,IAAI3tF,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK8uF,QAAQhtF,GAAK2X,EAAE3X,GACpB9B,KAAK+uF,OAAOjtF,GAAiB,GAAZ2X,EAAE,GAAK3X,EAE3B,EAsBD,MAAMytF,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASI,GAAMh/E,GACb3Q,KAAKgN,MAAQ,IAAI0hF,GACjB1uF,KAAKgN,MAAM6hF,OAAOl+E,GAElB3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAKgN,MAAMghB,QAAQiE,EAC3B,CACH,CDpJAw8D,GAAUxrE,QAAUwrE,GAAUxuF,UAAUgjB,QAAU,GAClDwrE,GAAUvrE,UAAYurE,GAAUxuF,UAAUijB,UAAY,ECqJtDysE,GAAMzsE,UAAYysE,GAAM1vF,UAAUijB,UAAY,EAC9CysE,GAAM1sE,QAAU0sE,GAAM1vF,UAAUgjB,QAAU,GCpkB1C,MAAM2sE,GAAS,WAEf,SAASC,GAAK1mE,EAAGtR,GACf,OAAQsR,GAAKtR,EAAIsR,IAAO,GAAKtR,GAAM+3E,EACrC,CAEA,SAASE,GAAKtxE,EAAG1c,GACf,OAAO0c,EAAE1c,GAAK0c,EAAE1c,EAAI,IAAM,EAAI0c,EAAE1c,EAAI,IAAM,GAAK0c,EAAE1c,EAAI,IAAM,EAC7D,CAEA,SAASiuF,GAAKvxE,EAAG1c,EAAGqnB,GAClB3K,EAAEwxE,OAAOluF,EAAG,EAAO,IAAJqnB,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAAS8mE,GAAKv0E,EAAG7D,GACf,OAAQ6D,IAAW,EAAJ7D,EAAU,GAC3B,CAkSA,SAASq4E,GAAGv/E,GACV3Q,KAAKmwF,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAM/0E,GACb,OAAO80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,GAC7F,CAEE,SAASg1E,EAAMh1E,GACb,OAAO80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,IAAM80E,EAAK,GAAGP,GAAKv0E,EAAG,GAC7F,CAEE,SAASi1E,EAAQh1E,EAAGi1E,GAClB,IAAIpyE,EAAIiyE,EAAMG,EAAI,IACd74E,EAAI24E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMpyE,EAAIzG,EAAIw4E,EAAO,EAAI50E,EAAI,GAAMi0E,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpyE,EAAI,EAAIzG,EAAIw4E,EAAO,EAAI50E,EAAI,GAAMi0E,GAC7DpxE,EAAIiyE,EAAMG,EAAI,IACd74E,EAAI24E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMpyE,EAAIzG,EAAIw4E,EAAO,EAAI50E,EAAI,IAAOi0E,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpyE,EAAI,EAAIzG,EAAIw4E,EAAO,EAAI50E,EAAI,IAAOi0E,EAClE,CAEE,SAASiB,EAAQ/uF,EAAG8uF,GAClB,IAAIpyE,EAAIiyE,EAAMG,EAAI,IACd74E,EAAI24E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpyE,EAAIzG,EAAIw4E,EAAO,EAAIzuF,EAAI,IAAO8tF,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpyE,EAAI,EAAIzG,EAAIw4E,EAAO,EAAIzuF,EAAI,IAAO8tF,GAAQ,IAClEpxE,EAAIiyE,EAAMG,EAAI,IACd74E,EAAI24E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMpyE,EAAIzG,EAAIw4E,EAAO,EAAIzuF,EAAI,GAAM8tF,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMpyE,EAAI,EAAIzG,EAAIw4E,EAAO,EAAIzuF,EAAI,GAAM8tF,GAAQ,GACrE,CAqDE,MAAO,CACL3nF,KAAM,UACN6oF,UAAW,GACXC,KAhQF,SAAiBpgF,GAEf,IAAI7O,EACA0c,EACAzG,EACAqL,EACAC,EALJ+sE,EAAWz/E,EAMX,MAAMqgF,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DjuE,EAAI,CACR,GACA,IAEI0U,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASw5D,EAAMp2E,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,EAC9C,CAEI,SAASq2E,EAAMr2E,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,EACzD,CAEI,SAASs2E,EAAO5kE,EAAGxJ,GACjB,IAAI9hB,EACA8Z,EACAoiB,EACJ,IAAKl8B,EAAI,EAAGA,EAAI,EAAGA,IACjB8Z,EAAIgI,IAAM,GACVA,EAAMA,GAAK,EAAKgsE,GAAUxiE,IAAM,GAChCA,EAAKA,GAAK,EAAKwiE,GACf5xD,EAAIpiB,GAAK,EACD,IAAJA,IACFoiB,GAAK,KAEPpa,GAAKhI,EAAKoiB,GAAK,GACfA,GAAKpiB,IAAM,EACH,EAAJA,IACFoiB,GAAK,KAEPpa,GAAKoa,GAAK,GAAKA,GAAK,EAEtB,OAAOpa,CACb,CAEI,SAASquE,EAAGp6E,EAAG6D,GACb,MAAM8C,EAAI9C,GAAK,EACT3D,EAAQ,GAAJ2D,EACJ0H,EAAIouE,EAAG35E,GAAG2G,EAAIzG,GACdsL,EAAIouE,EAAG55E,GAAG+5E,EAAK75E,GAAK85E,EAAKrzE,IAC/B,OAAOmzE,EAAG95E,GAAG+5E,EAAKvuE,GAAKwuE,EAAKzuE,KAAO,EAAIsuE,EAAG75E,GAAGuL,EAAIC,EACvD,CAEI,SAAS6uE,EAAKx2E,EAAG/K,GACf,IAAI6N,EAAIyxE,GAAKv0E,EAAG,GACZ3D,EAAIk4E,GAAKv0E,EAAG,GACZ0H,EAAI6sE,GAAKv0E,EAAG,GACZ2H,EAAI4sE,GAAKv0E,EAAG,GAChB,OAAQy1E,GACN,KAAK,EACH3yE,EAAIoF,EAAE,GAAGpF,GAAKyxE,GAAKt/E,EAAI,GAAI,GAC3BoH,EAAI6L,EAAE,GAAG7L,GAAKk4E,GAAKt/E,EAAI,GAAI,GAC3ByS,EAAIQ,EAAE,GAAGR,GAAK6sE,GAAKt/E,EAAI,GAAI,GAC3B0S,EAAIO,EAAE,GAAGP,GAAK4sE,GAAKt/E,EAAI,GAAI,GAC7B,KAAK,EACH6N,EAAIoF,EAAE,GAAGpF,GAAKyxE,GAAKt/E,EAAI,GAAI,GAC3BoH,EAAI6L,EAAE,GAAG7L,GAAKk4E,GAAKt/E,EAAI,GAAI,GAC3ByS,EAAIQ,EAAE,GAAGR,GAAK6sE,GAAKt/E,EAAI,GAAI,GAC3B0S,EAAIO,EAAE,GAAGP,GAAK4sE,GAAKt/E,EAAI,GAAI,GAC7B,KAAK,EACH6N,EAAIoF,EAAE,GAAGA,EAAE,GAAGpF,GAAKyxE,GAAKt/E,EAAI,GAAI,IAAMs/E,GAAKt/E,EAAI,GAAI,GACnDoH,EAAI6L,EAAE,GAAGA,EAAE,GAAG7L,GAAKk4E,GAAKt/E,EAAI,GAAI,IAAMs/E,GAAKt/E,EAAI,GAAI,GACnDyS,EAAIQ,EAAE,GAAGA,EAAE,GAAGR,GAAK6sE,GAAKt/E,EAAI,GAAI,IAAMs/E,GAAKt/E,EAAI,GAAI,GACnD0S,EAAIO,EAAE,GAAGA,EAAE,GAAGP,GAAK4sE,GAAKt/E,EAAI,GAAI,IAAMs/E,GAAKt/E,EAAI,GAAI,GAEvD,OAAO2nB,EAAE,GAAG9Z,GAAK8Z,EAAE,GAAGvgB,GAAKugB,EAAE,GAAGlV,GAAKkV,EAAE,GAAGjV,EAChD,CAII,IAFA+sE,EAAWA,EAASztF,MAAM,EAAG,IAC7Bb,EAAIsuF,EAASxuF,OACA,KAANE,GAAkB,KAANA,GAAkB,KAANA,GAC7BsuF,EAAStuF,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAIsuF,EAASxuF,OAAQE,GAAK,EACpCovF,EAAMpvF,GAAK,GAAKguF,GAAKM,EAAUtuF,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnB8hB,EAAE,GAAG9hB,GAAKmwF,EAAG,EAAGnwF,GAChB8hB,EAAE,GAAG9hB,GAAKmwF,EAAG,EAAGnwF,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBuvF,EAAMztE,EAAE,GAAG9hB,GACXwvF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ/4D,EAAE,GAAGx2B,GAAKuvF,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnDj5D,EAAE,GAAGx2B,GAAKwvF,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAMztE,EAAE,GAAG9hB,GACXwvF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ/4D,EAAE,GAAGx2B,GAAKyvF,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD/4D,EAAE,GAAGx2B,GAAKwvF,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAMtvF,OAAS,EACjBE,EAAI,EAAGA,EAAIqvF,EAAMrvF,IACpB0c,EAAI0yE,EAAMpvF,EAAIA,GACdkvF,EAAMlvF,GAAK0c,EACXzG,EAAIm5E,EAAMpvF,EAAIA,EAAI,GAClBmvF,EAAMnvF,GAAKiW,EACXq5E,EAAKD,EAAOrvF,EAAI,GAAKkwF,EAAOxzE,EAAGzG,GAEjC,IAAKjW,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvB0c,EAAI,SAAY1c,EAChBiW,EAAIyG,EAAI,SACRA,EAAI0zE,EAAK1zE,EAAGwyE,GACZj5E,EAAI83E,GAAKqC,EAAKn6E,EAAGk5E,GAAQ,GACzBV,EAAOzuF,GAAM0c,EAAIzG,EAAK63E,GACtBW,EAAOzuF,EAAI,GAAK+tF,GAAKrxE,EAAI,EAAIzG,EAAG,GAElC,IAAKjW,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADA0c,EAAIzG,EAAIqL,EAAIC,EAAIvhB,EACRqvF,GACN,KAAK,EACH3yE,EAAIoF,EAAE,GAAGpF,GAAKyxE,GAAKmB,EAAK,GAAI,GAC5Br5E,EAAI6L,EAAE,GAAG7L,GAAKk4E,GAAKmB,EAAK,GAAI,GAC5BhuE,EAAIQ,EAAE,GAAGR,GAAK6sE,GAAKmB,EAAK,GAAI,GAC5B/tE,EAAIO,EAAE,GAAGP,GAAK4sE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH5yE,EAAIoF,EAAE,GAAGpF,GAAKyxE,GAAKmB,EAAK,GAAI,GAC5Br5E,EAAI6L,EAAE,GAAG7L,GAAKk4E,GAAKmB,EAAK,GAAI,GAC5BhuE,EAAIQ,EAAE,GAAGR,GAAK6sE,GAAKmB,EAAK,GAAI,GAC5B/tE,EAAIO,EAAE,GAAGP,GAAK4sE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAG1uF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGpF,GAAKyxE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG1uF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAG7L,GAAKk4E,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG1uF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGR,GAAK6sE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG1uF,GAAKw2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGP,GAAK4sE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IAG7E,EAuFInuF,MAvDF,WACEstF,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,GAEN,EAgDIxiE,QA9CF,SAAoBnnB,EAAMiS,GACxBu3E,EAAYxpF,EACZypF,EAAax3E,EACb,MAAM83E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIl2E,EAAI,EAAGA,EAAI,EAAGA,IACrBs2E,EAAQt2E,EAAGu2E,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,CACX,EA+BI/hE,QA7BF,SAAoBznB,EAAMiS,GACxBu3E,EAAYxpF,EACZypF,EAAax3E,EACb,MAAM83E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIl2E,EAAI,EAAGA,GAAK,EAAGA,IACtBw2E,EAAQx2E,EAAGu2E,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,EAClB,EAgBI6B,SAZF,WACE,OAAO9B,CACX,EAYA,CAKY+B,GACVpyF,KAAKmwF,GAAGY,KAAKpxF,MAAM6gB,KAAK7P,GAAM,GAE9B3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAKmwF,GAAGniE,QAAQruB,MAAM6gB,KAAKyR,GAAQ,EAC3C,CACH,CCxUA,SAASogE,KAAW,CAqXpB,SAASC,GAAG3hF,GACV3Q,KAAKuyF,GAAK,IAAIF,GACdryF,KAAKuyF,GAAG9wD,KAAK9wB,GAEb3Q,KAAKguB,QAAU,SAASiE,GACtB,OAAOjyB,KAAKuyF,GAAGvgE,aAAaC,EAC7B,CACH,CDlDAi+D,GAAGjtE,QAAUitE,GAAGjwF,UAAUgjB,QAAU,GACpCitE,GAAGhtE,UAAYgtE,GAAGjwF,UAAUijB,UAAY,GCrUxCmvE,GAASpyF,UAAUuyF,UAAY,EAK/BH,GAASpyF,UAAUwyF,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCJ,GAASpyF,UAAUyyF,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DL,GAASpyF,UAAU0yF,GAAK,GASxBN,GAASpyF,UAAU2yF,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,UACd,CACE,OAAOA,CACT,EAKAR,GAASpyF,UAAUisE,GAAK,SAAS2mB,GAC/B,IAAIC,EAEJ,MAAMC,EAAU,IAALF,EAELG,EAAU,KADhBH,KAAQ,GAGFI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAOR,OAJAC,EAAK9yF,KAAKmzF,OAAO,GAAGD,GAAMlzF,KAAKmzF,OAAO,GAAGF,GACzCH,GAAM9yF,KAAKmzF,OAAO,GAAGH,GACrBF,GAAM9yF,KAAKmzF,OAAO,GAAGJ,GAEdD,CACT,EAMAT,GAASpyF,UAAUmzF,cAAgB,SAASC,GAC1C,IAGI5vE,EAHA6vE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAK5vE,EAAK,EAAGA,EAAKzjB,KAAK2yF,KAAMlvE,EAAI,CAC/B6vE,GAAStzF,KAAKwzF,OAAO/vE,GACrB8vE,EAAQvzF,KAAKksE,GAAGonB,GAASC,EAEzB,MAAM9nE,EAAM6nE,EACZA,EAAQC,EACRA,EAAQ9nE,CACZ,CAEE6nE,GAAStzF,KAAKwzF,OAAOxzF,KAAK2yF,GAAK,GAC/BY,GAASvzF,KAAKwzF,OAAOxzF,KAAK2yF,GAAK,GAE/BU,EAAK,GAAKrzF,KAAK4yF,OAAOW,GACtBF,EAAK,GAAKrzF,KAAK4yF,OAAOU,EACxB,EAWAjB,GAASpyF,UAAU+xB,aAAe,SAASyhE,GACzC,IAAIhwE,EACJ,MAAM4vE,EAAO,CAAC,EAAG,GACXK,EAAM1zF,KAAKwyF,UAAY,EAC7B,IAAK/uE,EAAK,EAAGA,EAAKzjB,KAAKwyF,UAAY,IAAK/uE,EACtC4vE,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBI,EAAOhwE,EAAK,GACxC4vE,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBI,EAAOhwE,EAAKiwE,GAG1C1zF,KAAKozF,cAAcC,GAEnB,MAAMM,EAAM,GACZ,IAAKlwE,EAAK,EAAGA,EAAKzjB,KAAKwyF,UAAY,IAAK/uE,EACtCkwE,EAAIlwE,EAAK,GAAO4vE,EAAK,KAAQ,GAAK,EAAC,EAAY,IAC/CM,EAAIlwE,EAAKiwE,GAASL,EAAK,KAAQ,GAAK,EAAC,EAAY,IAKnD,OAAOM,CACT,EAMAtB,GAASpyF,UAAU2zF,cAAgB,SAASP,GAC1C,IAGI5vE,EAHA6vE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAK5vE,EAAKzjB,KAAK2yF,GAAK,EAAGlvE,EAAK,IAAKA,EAAI,CACnC6vE,GAAStzF,KAAKwzF,OAAO/vE,GACrB8vE,EAAQvzF,KAAKksE,GAAGonB,GAASC,EAEzB,MAAM9nE,EAAM6nE,EACZA,EAAQC,EACRA,EAAQ9nE,CACZ,CAEE6nE,GAAStzF,KAAKwzF,OAAO,GACrBD,GAASvzF,KAAKwzF,OAAO,GAErBH,EAAK,GAAKrzF,KAAK4yF,OAAOW,GACtBF,EAAK,GAAKrzF,KAAK4yF,OAAOU,EACxB,EAMAjB,GAASpyF,UAAUwhC,KAAO,SAAS9wB,GACjC,IAAI8S,EACAowE,EAAK,EAGT,IADA7zF,KAAKwzF,OAAS,GACT/vE,EAAK,EAAGA,EAAKzjB,KAAK2yF,GAAK,IAAKlvE,EAAI,CACnC,IAAI5c,EAAO,EACX,IAAK,IAAIitF,EAAK,EAAGA,EAAK,IAAKA,EACzBjtF,EAAQA,GAAQ,EAAgB,IAAV8J,EAAIkjF,KACpBA,GAAMljF,EAAI/O,SACdiyF,EAAK,GAGT7zF,KAAKwzF,OAAO/vE,GAAMzjB,KAAK0yF,OAAOjvE,GAAM5c,CACxC,CAGE,IADA7G,KAAKmzF,OAAS,GACT1vE,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAzjB,KAAKmzF,OAAO1vE,GAAM,GACbowE,EAAK,EAAGA,EAAK,MAAOA,EACvB7zF,KAAKmzF,OAAO1vE,GAAIowE,GAAM7zF,KAAKyyF,OAAOhvE,GAAIowE,GAI1C,MAAMR,EAAO,CAAC,EAAY,GAE1B,IAAK5vE,EAAK,EAAGA,EAAKzjB,KAAK2yF,GAAK,EAAGlvE,GAAM,EACnCzjB,KAAKozF,cAAcC,GACnBrzF,KAAKwzF,OAAO/vE,EAAK,GAAK4vE,EAAK,GAC3BrzF,KAAKwzF,OAAO/vE,EAAK,GAAK4vE,EAAK,GAG7B,IAAK5vE,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKowE,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3B7zF,KAAKozF,cAAcC,GACnBrzF,KAAKmzF,OAAO1vE,GAAIowE,EAAK,GAAKR,EAAK,GAC/BrzF,KAAKmzF,OAAO1vE,GAAIowE,EAAK,GAAKR,EAAK,EAGrC,EAYAf,GAAGrvE,QAAUqvE,GAAGryF,UAAUgjB,QAAU,GACpCqvE,GAAGpvE,UAAYovE,GAAGryF,UAAUijB,UAAY,EChYjC,MAAMP,GAAgB,IAAI2zC,IAAI,CACnC,CAAC7rD,EAAMoC,UAAUE,UAAW0hF,IAC5B,CAAChkF,EAAMoC,UAAUG,MAAO2iF,IACxB,CAACllF,EAAMoC,UAAUI,SAAU8mF,IAC3B,CAACtpF,EAAMoC,UAAUQ,QAAS2mF,2ECX5B,MAAMC,kBAA0B,IAAI7zE,YAAY,CAC5C,WAAY,WAAY,WAAY,UAAY,aAI9C8zE,kBAAyB,IAAI9zE,YAAY,IACxC,MAAM+zE,WAAapqB,GACtB,WAAAnqE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKkjC,EAAiB,EAAb+wD,GAAQ,GACjBj0F,KAAK68D,EAAiB,EAAbo3B,GAAQ,GACjBj0F,KAAKw0C,EAAiB,EAAby/C,GAAQ,GACjBj0F,KAAKgiC,EAAiB,EAAbiyD,GAAQ,GACjBj0F,KAAK0qE,EAAiB,EAAbupB,GAAQ,EACzB,CACI,GAAA9rF,GACI,MAAM+6B,EAAEA,EAAC25B,EAAEA,EAACroB,EAAEA,EAACxS,EAAEA,EAAC0oC,EAAEA,GAAM1qE,KAC1B,MAAO,CAACkjC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,EAC5B,CACI,GAAAvoE,CAAI+gC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,GACZ1qE,KAAKkjC,EAAQ,EAAJA,EACTljC,KAAK68D,EAAQ,EAAJA,EACT78D,KAAKw0C,EAAQ,EAAJA,EACTx0C,KAAKgiC,EAAQ,EAAJA,EACThiC,KAAK0qE,EAAQ,EAAJA,CACjB,CACI,OAAAtnE,CAAQ2jB,EAAMjO,GACV,IAAK,IAAIhX,EAAI,EAAGA,EAAI,GAAIA,IAAKgX,GAAU,EACnCo7E,GAAOpyF,GAAKilB,EAAK0B,UAAU3P,GAAQ,GACvC,IAAK,IAAIhX,EAAI,GAAIA,EAAI,GAAIA,IACrBoyF,GAAOpyF,GAAKynE,GAAK2qB,GAAOpyF,EAAI,GAAKoyF,GAAOpyF,EAAI,GAAKoyF,GAAOpyF,EAAI,IAAMoyF,GAAOpyF,EAAI,IAAK,GAEtF,IAAIohC,EAAEA,EAAC25B,EAAEA,EAACroB,EAAEA,EAACxS,EAAEA,EAAC0oC,EAAEA,GAAM1qE,KACxB,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,IAAI6oE,EAAGpkC,EACHzkC,EAAI,IACJ6oE,EAAId,GAAIhN,EAAGroB,EAAGxS,GACduE,EAAI,YAECzkC,EAAI,IACT6oE,EAAI9N,EAAIroB,EAAIxS,EACZuE,EAAI,YAECzkC,EAAI,IACT6oE,EAAIb,GAAIjN,EAAGroB,EAAGxS,GACduE,EAAI,aAGJokC,EAAI9N,EAAIroB,EAAIxS,EACZuE,EAAI,YAER,MAAMzO,EAAKyxC,GAAKrmC,EAAG,GAAKynC,EAAID,EAAInkC,EAAI2tD,GAAOpyF,GAAM,EACjD4oE,EAAI1oC,EACJA,EAAIwS,EACJA,EAAI+0B,GAAK1M,EAAG,IACZA,EAAI35B,EACJA,EAAIpL,CAChB,CAEQoL,EAAKA,EAAIljC,KAAKkjC,EAAK,EACnB25B,EAAKA,EAAI78D,KAAK68D,EAAK,EACnBroB,EAAKA,EAAIx0C,KAAKw0C,EAAK,EACnBxS,EAAKA,EAAIhiC,KAAKgiC,EAAK,EACnB0oC,EAAKA,EAAI1qE,KAAK0qE,EAAK,EACnB1qE,KAAKmC,IAAI+gC,EAAG25B,EAAGroB,EAAGxS,EAAG0oC,EAC7B,CACI,UAAAP,GACI+pB,GAAOxsE,KAAK,EACpB,CACI,OAAAze,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,GACrBnC,KAAKsJ,OAAOoe,KAAK,EACzB,EAOO,MAAM7Z,kBAAuB87D,IAAgB,IAAM,IAAIwqB,KC/ExDC,kBAAsB,IAAI3yF,WAAW,CAAC,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IACzF4yF,kBAAqB,IAAI5yF,WAAe9B,MAAM,IAAI+nB,KAAK,GAAG/iB,KAAI,CAACunB,EAAGpqB,IAAMA,KACxEwyF,kBAAqBD,GAAG1vF,KAAK7C,IAAO,EAAIA,EAAI,GAAK,KACvD,IAAIyyF,GAAO,CAACF,IACRG,GAAO,CAACF,IACZ,IAAK,IAAIxyF,EAAI,EAAGA,EAAI,EAAGA,IACnB,IAAK,IAAIuY,IAAK,CAACk6E,GAAMC,IACjBn6E,EAAEvX,KAAKuX,EAAEvY,GAAG6C,KAAK8U,GAAM26E,GAAI36E,MACnC,MAAM60E,kBAAyB,CAC3B,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,IACxD3pF,KAAK7C,GAAM,IAAIL,WAAWK,KACtB2yF,kBAA0BF,GAAK5vF,KAAI,CAACqoB,EAAKlrB,IAAMkrB,EAAIroB,KAAK0V,GAAMi0E,GAAOxsF,GAAGuY,OACxEq6E,kBAA0BF,GAAK7vF,KAAI,CAACqoB,EAAKlrB,IAAMkrB,EAAIroB,KAAK0V,GAAMi0E,GAAOxsF,GAAGuY,OACxEs6E,kBAAqB,IAAIv0E,YAAY,CACvC,EAAY,WAAY,WAAY,WAAY,aAE9Cw0E,kBAAqB,IAAIx0E,YAAY,CACvC,WAAY,WAAY,WAAY,WAAY,IAGpD,SAAS+lB,GAAE0uD,EAAOn5E,EAAGmf,EAAGqL,GACpB,OAAc,IAAV2uD,EACOn5E,EAAImf,EAAIqL,EACA,IAAV2uD,EACGn5E,EAAImf,GAAOnf,EAAIwqB,EACR,IAAV2uD,GACGn5E,GAAKmf,GAAKqL,EACH,IAAV2uD,EACGn5E,EAAIwqB,EAAMrL,GAAKqL,EAEhBxqB,GAAKmf,GAAKqL,EACzB,CAEA,MAAM4uD,kBAAwB,IAAI10E,YAAY,IACvC,MAAM20E,WAAkBhrB,GAC3B,WAAAnqE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKg1F,GAAK,WACVh1F,KAAKi1F,IAAK,UACVj1F,KAAKk1F,IAAK,WACVl1F,KAAKm1F,GAAK,UACVn1F,KAAKo1F,IAAK,UAClB,CACI,GAAAjtF,GACI,MAAM6sF,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOp1F,KAC/B,MAAO,CAACg1F,EAAIC,EAAIC,EAAIC,EAAIC,EAChC,CACI,GAAAjzF,CAAI6yF,EAAIC,EAAIC,EAAIC,EAAIC,GAChBp1F,KAAKg1F,GAAU,EAALA,EACVh1F,KAAKi1F,GAAU,EAALA,EACVj1F,KAAKk1F,GAAU,EAALA,EACVl1F,KAAKm1F,GAAU,EAALA,EACVn1F,KAAKo1F,GAAU,EAALA,CAClB,CACI,OAAAhyF,CAAQ2jB,EAAMjO,GACV,IAAK,IAAIhX,EAAI,EAAGA,EAAI,GAAIA,IAAKgX,GAAU,EACnCg8E,GAAMhzF,GAAKilB,EAAK0B,UAAU3P,GAAQ,GAEtC,IAAIyzD,EAAe,EAAVvsE,KAAKg1F,GAAQK,EAAK9oB,EAAIzvB,EAAe,EAAV98C,KAAKi1F,GAAQK,EAAKx4C,EAAIb,EAAe,EAAVj8C,KAAKk1F,GAAQK,EAAKt5C,EAAIgC,EAAe,EAAVj+C,KAAKm1F,GAAQK,EAAKv3C,EAAIw3C,EAAe,EAAVz1F,KAAKo1F,GAAQM,EAAKD,EAGvI,IAAK,IAAIZ,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACpC,MAAMc,EAAS,EAAId,EACbe,EAAMjB,GAAGE,GAAQgB,EAAMjB,GAAGC,GAC1BiB,EAAKvB,GAAKM,GAAQkB,EAAKvB,GAAKK,GAC5B7zC,EAAKyzC,GAAQI,GAAQmB,EAAKtB,GAAQG,GACxC,IAAK,IAAI/yF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM6lC,EAAM4hC,GAAKgD,EAAKpmC,GAAE0uD,EAAO/3C,EAAIb,EAAIgC,GAAM62C,GAAMgB,EAAGh0F,IAAM8zF,EAAK50C,EAAGl/C,IAAM2zF,EAAM,EAChFlpB,EAAKkpB,EAAIA,EAAKx3C,EAAIA,EAAoB,EAAfsrB,GAAKttB,EAAI,IAASA,EAAKa,EAAIA,EAAKnV,CACvE,CAEY,IAAK,IAAI7lC,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMy5C,EAAMguB,GAAK8rB,EAAKlvD,GAAEwvD,EAAQL,EAAIC,EAAIC,GAAMV,GAAMiB,EAAGj0F,IAAM+zF,EAAKG,EAAGl0F,IAAM4zF,EAAM,EACjFL,EAAKK,EAAIA,EAAKF,EAAIA,EAAoB,EAAfjsB,GAAKgsB,EAAI,IAASA,EAAKD,EAAIA,EAAK/5C,CACvE,CACA,CAEQv7C,KAAKmC,IAAKnC,KAAKi1F,GAAKh5C,EAAKu5C,EAAM,EAAIx1F,KAAKk1F,GAAKj3C,EAAKy3C,EAAM,EAAI11F,KAAKm1F,GAAKM,EAAKJ,EAAM,EAAIr1F,KAAKo1F,GAAK7oB,EAAK+oB,EAAM,EAAIt1F,KAAKg1F,GAAKl4C,EAAKy4C,EAAM,EAC3I,CACI,UAAAprB,GACI2qB,GAAMptE,KAAK,EACnB,CACI,OAAAze,GACIjJ,KAAK6lB,WAAY,EACjB7lB,KAAKsJ,OAAOoe,KAAK,GACjB1nB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAC7B,EAMO,MCxFM0iB,GAAc,IAAIyxC,IAAIx2D,OAAOiI,QAAQ,CAChD8F,QACAK,UACAH,UACAC,UACAC,UACAE,YACAC,YACA6nF,yBDgFuCtsB,IAAgB,IAAM,IAAIorB,2EE1FnE,SAASmB,GAAO13E,EAAG1c,EAAGiW,EAAGsC,GACvBmE,EAAE1c,IAAMiW,EAAEsC,GACVmE,EAAE1c,EAAE,IAAMiW,EAAEsC,EAAE,IAAMmE,EAAE1c,GAAKiW,EAAEsC,GAC/B,CAIA,SAAS87E,GAAO33E,EAAG4E,GACjB5E,EAAE,IAAM4E,EACR5E,EAAE,IAAOA,EAAE,GAAK4E,CAClB,CAIA,SAASwnD,GAAG9wD,EAAGwe,EAAG9Z,EAAGzG,EAAGqL,EAAGC,EAAG+yE,EAAIC,GAChCH,GAAMp8E,EAAG0E,EAAG1E,EAAG/B,GACfm+E,GAAMp8E,EAAG0E,EAAG8Z,EAAG89D,GAGf,IAAIE,EAAOx8E,EAAEuJ,GAAKvJ,EAAE0E,GAChB+3E,EAAOz8E,EAAEuJ,EAAI,GAAKvJ,EAAE0E,EAAI,GAC5B1E,EAAEuJ,GAAKkzE,EACPz8E,EAAEuJ,EAAI,GAAKizE,EAEXJ,GAAMp8E,EAAGsJ,EAAGtJ,EAAGuJ,GAGfizE,EAAOx8E,EAAE/B,GAAK+B,EAAEsJ,GAChBmzE,EAAOz8E,EAAE/B,EAAI,GAAK+B,EAAEsJ,EAAI,GACxBtJ,EAAE/B,GAAMu+E,IAAS,GAAOC,GAAQ,EAChCz8E,EAAE/B,EAAI,GAAMw+E,IAAS,GAAOD,GAAQ,EAEpCJ,GAAMp8E,EAAG0E,EAAG1E,EAAG/B,GACfm+E,GAAMp8E,EAAG0E,EAAG8Z,EAAG+9D,GAGfC,EAAOx8E,EAAEuJ,GAAKvJ,EAAE0E,GAChB+3E,EAAOz8E,EAAEuJ,EAAI,GAAKvJ,EAAE0E,EAAI,GACxB1E,EAAEuJ,GAAMizE,IAAS,GAAOC,GAAQ,GAChCz8E,EAAEuJ,EAAI,GAAMkzE,IAAS,GAAOD,GAAQ,GAEpCJ,GAAMp8E,EAAGsJ,EAAGtJ,EAAGuJ,GAGfizE,EAAOx8E,EAAE/B,GAAK+B,EAAEsJ,GAChBmzE,EAAOz8E,EAAE/B,EAAI,GAAK+B,EAAEsJ,EAAI,GACxBtJ,EAAE/B,GAAMw+E,IAAS,GAAOD,GAAQ,EAChCx8E,EAAE/B,EAAI,GAAMu+E,IAAS,GAAOC,GAAQ,CACtC,CAGA,MAAMC,GAAe,IAAIp2E,YAAY,CACnC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,WAAY,UAAY,UAAY,aAKhCq2E,GAAQ,IAAIh1F,WAAW,CAC3B,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EACnD,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EACnD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAClD,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GACnDkD,KAAI+W,GAAS,EAAJA,KAIX,SAAS2uC,GAASxyB,EAAG9b,GACnB,MAAMjC,EAAI,IAAIsG,YAAY,IACpBkY,EAAI,IAAIlY,YAAYyX,EAAE9f,EAAEzO,OAAQuuB,EAAE9f,EAAE1N,WAAY,IAGtD,IAAK,IAAIvI,EAAI,EAAGA,EAAI,GAAIA,IACtBgY,EAAEhY,GAAK+1B,EAAErG,EAAE1vB,GACXgY,EAAEhY,EAAI,IAAM00F,GAAa10F,GAI3BgY,EAAE,KAAO+d,EAAE3J,GAAG,GACdpU,EAAE,KAAO+d,EAAE3J,GAAG,GAId,MAAMwoE,EAAK36E,EAAO,WAAa,EAC/BjC,EAAE,KAAO48E,EACT58E,EAAE,KAAO48E,EAGT,IAAK,IAAI50F,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAE3B,MAAM60F,EAAM70F,GAAK,EACjB8oE,GAAE9wD,EAAGwe,EAAG,EAAG,EAAG,GAAI,GAAKm+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,GAAI,GAAI,GAAIm+D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAE9wD,EAAGwe,EAAG,EAAG,EAAG,GAAI,GAAKm+D,GAAME,EAAM,IAAKF,GAAME,EAAM,IACxD,CAEE,IAAK,IAAI70F,EAAI,EAAGA,EAAI,GAAIA,IACtB+1B,EAAErG,EAAE1vB,IAAMgY,EAAEhY,GAAKgY,EAAEhY,EAAI,GAE3B,CAKA,MAAM80F,GACJ,WAAAh3F,CAAYi3F,EAAQlmF,EAAKg+B,EAAMmoD,GAC7B,MAAMlwE,EAAS,IAAInlB,WAAW,IAmB9BzB,KAAK63B,EAAI,CACP9f,EAAG,IAAItW,WAAWs1F,IAClBvlE,EAAG,IAAIpR,YAAY42E,GAAe,GAClC9oE,GAAI,IAAI9N,YAAY,GACpBgD,EAAG,EACHyzE,UAIFjwE,EAAO,GAAKiwE,EACRlmF,IAAKiW,EAAO,GAAKjW,EAAI/O,QACzBglB,EAAO,GAAK,EACZA,EAAO,GAAK,EACR+nB,GAAM/nB,EAAOzkB,IAAIwsC,EAAM,IACvBmoD,GAAUlwE,EAAOzkB,IAAI20F,EAAU,IACnC,MAAMG,EAAW,IAAI72E,YAAYwG,EAAOtd,OAAQsd,EAAOvc,WAAYuc,EAAOhlB,OAASwe,YAAYq6B,mBAG/F,IAAK,IAAI34C,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK63B,EAAErG,EAAE1vB,GAAK00F,GAAa10F,GAAKm1F,EAASn1F,GAI3C,GAAI6O,EAAK,CACP,MAAMshB,EAAQ,IAAIxwB,WAAWs1F,IAC7B9kE,EAAM9vB,IAAIwO,GACV3Q,KAAKukB,OAAO0N,EAClB,CACA,CAIE,MAAA1N,CAAOhkB,GACL,KAAMA,aAAiBkB,YAAa,MAAUF,MAAM,sCASpD,IAAIO,EAAI,EACR,KAAMA,EAAIvB,EAAMqB,QAAQ,CAClB5B,KAAK63B,EAAEzU,IAAM2zE,KACfZ,GAAMn2F,KAAK63B,EAAE3J,GAAIluB,KAAK63B,EAAEzU,GACxBinC,GAASrqD,KAAK63B,GAAG,GACjB73B,KAAK63B,EAAEzU,EAAI,GAEb,IAAIqH,EAAOssE,GAAa/2F,KAAK63B,EAAEzU,EAC/BpjB,KAAK63B,EAAE9f,EAAE5V,IAAI5B,EAAMyI,SAASlH,EAAGA,EAAI2oB,GAAOzqB,KAAK63B,EAAEzU,GACjD,MAAMsE,EAAOjf,KAAKud,IAAIyE,EAAMlqB,EAAMqB,OAASE,GAC3C9B,KAAK63B,EAAEzU,GAAKsE,EACZ5lB,GAAK4lB,CACX,CACI,OAAO1nB,IACX,CAOE,MAAAwkB,CAAO0yE,GACLf,GAAMn2F,KAAK63B,EAAE3J,GAAIluB,KAAK63B,EAAEzU,GAGxBpjB,KAAK63B,EAAE9f,EAAE2P,KAAK,EAAG1nB,KAAK63B,EAAEzU,GACxBpjB,KAAK63B,EAAEzU,EAAI2zE,GACX1sC,GAASrqD,KAAK63B,GAAG,GAEjB,MAAM9R,EAAMmxE,GAAY,IAAIz1F,WAAWzB,KAAK63B,EAAEg/D,QAC9C,IAAK,IAAI/0F,EAAI,EAAGA,EAAI9B,KAAK63B,EAAEg/D,OAAQ/0F,IAEjCikB,EAAIjkB,GAAK9B,KAAK63B,EAAErG,EAAE1vB,GAAK,IAAO,GAAS,EAAJA,GAGrC,OADA9B,KAAK63B,EAAErG,EAAI,KACJzL,EAAIzc,MACf,EAIe,SAASgb,GAAWuyE,EAAQlmF,EAAKg+B,EAAMmoD,GACpD,GAAID,EAASG,GAAc,MAAUz1F,MAAM,0BAA0By1F,cAAwBH,MAc7F,OAAO,IAAID,GAAQC,EAAQlmF,EAAKg+B,EAAMmoD,EACxC,CAEA,MAAME,GAAe,GAIfD,GAAa,IC7PbI,GAAO,EACPC,GAAU,GACVC,GAAe,WACfC,GAAe,EACfC,GAAgB,WAChBC,GAAgB,EAChBC,GAAoB,WACpBC,GAAoB,EACpBC,GAAe,WACfC,GAAc,WACdC,GAAkB,GAElBC,GAAoB,KACpBC,GAA+B,GAE/B73E,GAAyE,MAAxD,IAAIze,WAAW,IAAIsrB,YAAY,CAAC,QAASzjB,QAAQ,GAGxE,SAAS0uF,GAAKl5E,EAAKjH,EAAG/V,GAKpB,OAJAgd,EAAIhd,EAAE,GAAK+V,EACXiH,EAAIhd,EAAE,GAAK+V,GAAM,EACjBiH,EAAIhd,EAAE,GAAK+V,GAAK,GAChBiH,EAAIhd,EAAE,GAAK+V,GAAK,GACTiH,CACT,CAQA,SAASm5E,GAAKn5E,EAAKjH,EAAG/V,GACpB,GAAI+V,EAAIwP,OAAOgU,iBAAkB,MAAU95B,MAAM,mCAIjD,IAAImG,EAAYmQ,EAChB,IAAK,IAAIiB,EAAShX,EAAGgX,EAAShX,EAAE,EAAGgX,IACjCgG,EAAIhG,GAAUpR,EACdA,GAAaA,EAAYoX,EAAIhG,IAAW,IAE1C,OAAOgG,CACT,CAQA,SAASo5E,GAAGrB,EAAQ30D,EAAGpX,GACrB,MAAM6mB,EAAI,IAAIlwC,WAAW,IAEnB02F,EAAQ,IAAI12F,WAAW,EAAIygC,EAAEtgC,QAGnC,GAFAo2F,GAAKG,EAAOtB,EAAQ,GACpBsB,EAAMh2F,IAAI+/B,EAAG,GACT20D,GAAU,GAGZ,OADAuB,GAAQvB,GAAQtyE,OAAO4zE,GAAO3zE,OAAOsG,GAC9BA,EAGT,MAAMnP,EAAIlT,KAAK2Q,KAAKy9E,EAAS,IAAM,EASnC,IAAK,IAAI/0F,EAAI,EAAGA,EAAI6Z,EAAG7Z,IACrBs2F,GAAQ,IAAI7zE,OAAa,IAANziB,EAAUq2F,EAAQxmD,GAAGntB,OAAOmtB,GAE/C7mB,EAAI3oB,IAAIwvC,EAAE3oC,SAAS,EAAG,IAAO,GAAFlH,GAG7B,MAAMu2F,EAAO,IAAI52F,WAAW22F,GAAQvB,EAAS,GAAGl7E,GAAG4I,OAAOotB,GAAGntB,UAG7D,OAFAsG,EAAI3oB,IAAIk2F,EAAQ,GAAF18E,GAEPmP,CACT,CAGA,SAASwtE,GAAIC,EAAaz5E,EAAK05E,EAAIC,GAMjC,OALAF,EAAYtxF,GAAGqxF,IACbx5E,EAAIzU,WACJmuF,EAAGnuF,WACHouF,EAAGpuF,YAEEyU,CACT,CAQA,SAAS8rD,GAAE2tB,EAAar2D,EAAGC,EAAG86C,GAO5B,OANAsb,EAAYtxF,GAAG2jE,EACb1oC,EAAE73B,WACF83B,EAAE93B,WACF4yE,EAAE5yE,WACFkuF,EAAYG,KAAKC,GAAGtuF,YAEf4yE,CACT,CAEA,SAAS2b,GAAGL,EAAar2D,EAAGC,EAAG86C,GAO7B,OANAsb,EAAYtxF,GAAG2xF,GACb12D,EAAE73B,WACF83B,EAAE93B,WACF4yE,EAAE5yE,WACFkuF,EAAYG,KAAKC,GAAGtuF,YAEf4yE,CACT,CAGA,SAAU4b,GAASN,EAAaO,EAAMC,EAAMp2F,EAAOq2F,EAAIC,EAAaC,EAAeC,GAGjFZ,EAAYG,KAAKU,QAAQ1xE,KAAK,GAC9B,MAAMyb,EAAIo1D,EAAYG,KAAKU,QAAQpwF,SAAS,EAAG,IAC/CivF,GAAK90D,EAAG21D,EAAM,GACdb,GAAK90D,EAAG41D,EAAM,GACdd,GAAK90D,EAAGxgC,EAAO,IACfs1F,GAAK90D,EAAG61D,EAAI,IACZf,GAAK90D,EAAG81D,EAAa,IACrBhB,GAAK90D,EAAGg0D,GAAM,IAQd,IAAI,IAAIr1F,EAAI,EAAGA,GAAKo3F,EAAep3F,IAAK,CAEtCm2F,GAAKM,EAAYG,KAAKU,QAASt3F,EAAGqhC,EAAEvhC,QACpC,MAAMy3F,EAAKT,GAAGL,EAAaA,EAAYG,KAAKY,SAAUf,EAAYG,KAAKU,QAASb,EAAYG,KAAKa,OAKjG,IAAI,IAAI9/E,EAAU,IAAN3X,EAAwB,EAAdq3F,EAAkB,EAAG1/E,EAAI4/E,EAAGz3F,OAAQ6X,GAAK,QACtD4/E,EAAGrwF,SAASyQ,EAAGA,EAAE,EAE9B,CACE,MAAO,EACT,CAmBA,MAAM+/E,GAAK,KACLC,GAAiB,GAAKD,GAEb,SAASE,GAAS9yE,GAAQ+yE,OAAEA,EAAQh0E,SAAUi0E,IAC3D,IAAK15E,GAAgB,MAAU3e,MAAM,kCAErC,MAAMslF,EAvBR,UAAwB5yE,KAAEA,EAAI2jC,QAAEA,EAAO1mB,UAAEA,EAAS2mB,SAAEA,EAAQlJ,KAAEA,EAAIkrD,GAAEA,EAAE1lD,OAAEA,EAAMn/B,YAAEA,EAAW8iC,WAAEA,EAAU/iC,OAAEA,IACvG,MAAM+kF,EAAe,CAAC7xF,EAAM1F,EAAOyjB,EAAKtd,KACtC,GAAInG,EAAQyjB,GAAOzjB,EAAQmG,EAAO,MAAUnH,MAAM,GAAG0G,4BAA+B+d,SAAWtd,UAAa,EAG9G,GAAIuL,IAASkjF,IAAQv/C,IAAYw/C,GAAS,MAAU71F,MAAM,+BAS1D,OARAu4F,EAAa,WAAYjiD,EAAU6/C,GAAmBD,IACtDqC,EAAa,OAAQnrD,EAAM6oD,GAAeD,IAC1CuC,EAAa,MAAO5oE,EAAWomE,GAAcD,IAC7CyC,EAAa,SAAUhiD,EAAY,EAAE9iC,EAAa2iF,IAElDkC,GAAMC,EAAa,kBAAmBD,EAAI,EAAGjC,IAC7CzjD,GAAU2lD,EAAa,SAAU3lD,EAAQ,EAAG0jD,IAErC,CAAE5jF,OAAM2jC,UAAS1mB,YAAW2mB,WAAUlJ,OAAMkrD,KAAI1lD,SAAQ4lD,MAAO/kF,EAAa8iC,aAAY/iC,SACjG,CAQc4hC,CAAe,CAAE1iC,KAAMkjF,GAAMv/C,QAASw/C,MAAYxwE,KAEtDgkD,EAAEovB,EAAOpB,GAAGqB,EAAQliE,IAAImiE,EAASC,MAAMC,GAAWR,EAAaS,QACjEC,EAAW,CAAE,EACbC,EAAS,CAAE,EACjBA,EAAO3vB,EAAIovB,EACXO,EAAO3B,GAAKqB,EACZM,EAAOjC,IAAM4B,EAGb,MAAMlB,EAAK,EAAInS,EAAIkT,MAAQtxF,KAAK4P,MAAMwuE,EAAI/uC,YAAc,EAAI+uC,EAAIkT,QAC1DS,EAAiBxB,EAAKlB,GAAoB,GAAK0B,GACrD,GAAIG,EAAOrwF,OAAOgB,WAAakwF,EAAgB,CAC7C,MAAM5mE,EAAUnrB,KAAK2Q,MAAMohF,EAAiBb,EAAOrwF,OAAOgB,YAAcmvF,IAGxEE,EAAOc,KAAK7mE,EAChB,CAEE,IAAI9a,EAAS,EAEbwhF,EAAS3B,GAAK,IAAIl3F,WAAWk4F,EAAOrwF,OAAQwP,EAAQg/E,IAAoBh/E,GAASwhF,EAAS3B,GAAG/2F,OAC7F04F,EAASf,MAAQ,IAAI93F,WAAWk4F,EAAOrwF,OAAQwP,EAAQg/E,IAAoBh/E,GAAQwhF,EAASf,MAAM33F,OAClG04F,EAASlB,QAAU,IAAI33F,WAAWk4F,EAAOrwF,OAAQwP,EAAQg/E,IAAoBh/E,GAAQwhF,EAASlB,QAAQx3F,OACtG04F,EAAShB,SAAW,IAAI73F,WAAWk4F,EAAOrwF,OAAQwP,EAAQ,MAAOA,GAAQwhF,EAAShB,SAAS13F,OAE3F,MAAM84F,EAAK,IAAIt6E,YAAYu5E,EAAOrwF,OAAQwP,EAAQ,GAAIA,GAAQ4hF,EAAG94F,OAASwe,YAAYq6B,kBACtF,MAAM89C,EAAc,CAAEtxF,GAAIszF,EAAQ7B,KAAM4B,GAClCK,EAAW,IAAIl5F,WAAWk4F,EAAOrwF,OAAQwP,EAAQg/E,IAAoBh/E,GAAQ6hF,EAAS/4F,OAC5F,MAAMg5F,EAAc,IAAIn5F,WAAWk4F,EAAOrwF,OAAQwP,EAAQ+tE,EAAI/uC,WAAaggD,IACrE+C,EAAkB,IAAIp5F,WAAWk4F,EAAOrwF,OAAQ,EAAGwP,GAGnDgiF,EA4ER,SAAejU,GACb,MAAMhc,EAAIutB,GAAQL,IACZgD,EAAS,IAAIt5F,WAAW,GACxBmlB,EAAS,IAAInlB,WAAW,IAC9Bu2F,GAAKpxE,EAAQigE,EAAIkT,MAAO,GACxB/B,GAAKpxE,EAAQigE,EAAI31D,UAAW,GAC5B8mE,GAAKpxE,EAAQigE,EAAI/uC,WAAY,GAC7BkgD,GAAKpxE,EAAQigE,EAAI9xE,OAAQ,IACzBijF,GAAKpxE,EAAQigE,EAAIjvC,QAAS,IAC1BogD,GAAKpxE,EAAQigE,EAAI5yE,KAAM,IAEvB,MAAMmkC,EAAS,CAACxxB,GACZigE,EAAIhvC,UACNO,EAAOt1C,KAAKk1F,GAAK,IAAIv2F,WAAW,GAAIolF,EAAIhvC,SAASj2C,OAAQ,IACzDw2C,EAAOt1C,KAAK+jF,EAAIhvC,WAEhBO,EAAOt1C,KAAKi4F,GAGVlU,EAAIl4C,MACNyJ,EAAOt1C,KAAKk1F,GAAK,IAAIv2F,WAAW,GAAIolF,EAAIl4C,KAAK/sC,OAAQ,IACrDw2C,EAAOt1C,KAAK+jF,EAAIl4C,OAEhByJ,EAAOt1C,KAAKi4F,GAGVlU,EAAI1yC,QACNiE,EAAOt1C,KAAKk1F,GAAK,IAAIv2F,WAAW,GAAIolF,EAAI1yC,OAAOvyC,OAAQ,IACvDw2C,EAAOt1C,KAAK+jF,EAAI1yC,SAGhBiE,EAAOt1C,KAAKi4F,GAGVlU,EAAIgT,IACNzhD,EAAOt1C,KAAKk1F,GAAK,IAAIv2F,WAAW,GAAIolF,EAAIgT,GAAGj4F,OAAQ,IACnDw2C,EAAOt1C,KAAK+jF,EAAIgT,KAEhBzhD,EAAOt1C,KAAKi4F,GAEdlwB,EAAEtmD,OAMJ,SAAsB5iB,GACpB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,KAAMH,EAAOG,aAAcL,YACvB,MAAUF,MAAM,0DAGpBM,GAAeF,EAAOG,GAAGF,MAC/B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAASC,IACZH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MAAM,IAGlBG,CACT,CA1BWi5F,CAAa5iD,IAEtB,MAAM6iD,EAAepwB,EAAErmD,SACvB,OAAO,IAAI/iB,WAAWw5F,EACxB,CAxHaC,CAAMrU,GAIXjjE,EAAIo1E,EAAKnS,EAAIkT,MACbl9B,EAAQl9D,MAAMknF,EAAIkT,OAAOryE,KAAK,MAAM/iB,KAAI,IAAUhF,MAAMikB,KACxDu3E,EAAY,CAACr5F,EAAGuY,KACpBwiD,EAAE/6D,GAAGuY,GAAKugF,EAAY5xF,SAASlH,EAAE8hB,EAAE,KAAS,KAAFvJ,EAASvY,EAAE8hB,EAAE,KAAS,KAAFvJ,EAAUy9E,IACjEj7B,EAAE/6D,GAAGuY,IAGd,IAAK,IAAIvY,EAAI,EAAGA,EAAI+kF,EAAIkT,MAAOj4F,IAAK,CAElC,MAAM2pB,EAAM,IAAIhqB,WAAWq5F,EAAGl5F,OAAS,GAGvC6pB,EAAItpB,IAAI24F,GAAK9C,GAAKvsE,EAAK,EAAGqvE,EAAGl5F,QAASo2F,GAAKvsE,EAAK3pB,EAAGg5F,EAAGl5F,OAAS,GAC/Ds2F,GAAGJ,GAAmBrsE,EAAK0vE,EAAUr5F,EAAG,IAGxCk2F,GAAKvsE,EAAK,EAAGqvE,EAAGl5F,QAChBs2F,GAAGJ,GAAmBrsE,EAAK0vE,EAAUr5F,EAAG,GAC5C,CAKE,MACMo3F,EAAgBt1E,EADX,EAEX,IAAK,IAAIk1E,EAAO,EAAGA,EAAOjS,EAAI9xE,OAAQ+jF,IAEpC,IAAK,IAAI93C,EAAK,EAAGA,EAJR,EAIiBA,IAAM,CAC9B,MAAMo6C,EAA6B,IAATtC,GAAc93C,GAAM,EAC9C,IAAK,IAAIl/C,EAAI,EAAGA,EAAI+kF,EAAIkT,MAAOj4F,IAAK,CAElC,IAAIq3F,EAAuB,IAAPn4C,GAAqB,IAAT83C,EAAa,EAAI,EAEjD,MAAMuC,EAAOD,EAAoBvC,GAASN,EAAaO,EAAMh3F,EAAGk/C,EAAIg4C,EAAInS,EAAI9xE,OAAQmkF,EAAeC,GAAiB,KACpH,KAAoBA,EAAgBD,EAAeC,IAAiB,CAClE,MAAM9+E,EAAI2mC,EAAKk4C,EAAgBC,EACzBjmE,EAAY7Y,EAAI,EAAIwiD,EAAE/6D,GAAGuY,EAAE,GAAKwiD,EAAE/6D,GAAG8hB,EAAE,GAGvC03E,EAAOF,EAAoBC,EAAKE,OAAOh5F,MAAQ2wB,EAErDknE,EAAOM,EAAGrwF,WAAYixF,EAAKjxF,WAAYvI,EAAG+kF,EAAIkT,MAAOjB,EAAM93C,EAAIm4C,EAlB5D,EAkB+ED,GAClF,MAAM52D,EAAIo4D,EAAG,GAAUx0D,EAAIw0D,EAAG,GAIjB,IAAT5B,GAAYqC,EAAUr5F,EAAGuY,GAC7BuwD,GAAE2tB,EAAarlE,EAAW2pC,EAAEv6B,GAAG4D,GAAI4yD,EAAO,EAAI6B,EAAW99B,EAAE/6D,GAAGuY,IAG1Dy+E,EAAO,GAAGR,GAAIC,EAAa17B,EAAE/6D,GAAGuY,GAAIsgF,EAAU99B,EAAE/6D,GAAGuY,GACjE,CACA,CACA,CAKE,MAAMm6B,EAAIqoB,EAAE,GAAGj5C,EAAE,GACjB,IAAI,IAAI9hB,EAAI,EAAGA,EAAI+kF,EAAIkT,MAAOj4F,IAC5Bw2F,GAAIC,EAAa/jD,EAAGA,EAAGqoB,EAAE/6D,GAAG8hB,EAAE,IAGhC,MAAM3F,EAAMi6E,GAAGrR,EAAI31D,UAAWsjB,EAAG,IAAI/yC,WAAWolF,EAAI31D,YAKpD,OAHA2pE,EAAgBnzE,KAAK,GACrBiyE,EAAOc,KAAK,GAELx8E,CAET,CC3RA,IAAIu9E,GAiBWl5F,eAAem5F,GAAUC,EAASC,GAC/C,MAAMhC,EAAS,IAAIiC,YAAYC,OAAO,CAGpCC,QAAS,KACTC,QAAS,QAELC,QAvBR15F,eAA0Bq3F,EAAQ+B,EAASC,GACzC,MAAMM,EAAe,CAAErlF,IAAK,CAAE+iF,WAC9B,QAAwBv3F,IAApBo5F,GACF,IACE,MAAMU,QAAeR,EAAQO,GAE7B,OADAT,IAAkB,EACXU,CACR,CAAC,MAAMh4F,GACNs3F,IAAkB,CACxB,CAIE,OADeA,GAAkBE,EAAUC,GAC7BM,EAChB,CAS2BE,CAAWxC,EAAQ+B,EAASC,GAkBrD,OAFqB/0E,GAAW8yE,GAAS9yE,EAAQ,CAAEjB,SAAUq2E,EAAWr2E,SAAUg0E,UAGpF,0MCzCiBr3F,SAAYm5F,IAC1BW,6wLAA4BA,KAC5BA,yyJAA+BA,OCuB9BC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAASt7F,GACvBhB,KAAKgB,OAASA,EACdhB,KAAKu8F,UAAY,EACjBv8F,KAAKw8F,QAAU,EACfx8F,KAAKy8F,SAAU,CACjB,EAEAH,GAAUr8F,UAAUy8F,YAAc,WAC3B18F,KAAKy8F,UACRz8F,KAAKw8F,QAAUx8F,KAAKgB,OAAO4I,WAC3B5J,KAAKy8F,SAAU,EAEnB,EAGAH,GAAUr8F,UAAUoC,KAAO,SAAS6Z,GAElC,IADA,IAAIna,EAAS,EACNma,EAAO,GAAG,CACflc,KAAK08F,cACL,IAAI1sE,EAAY,EAAIhwB,KAAKu8F,UAEzB,GAAIrgF,GAAQ8T,EACVjuB,IAAWiuB,EACXjuB,GAAUs6F,GAAQrsE,GAAahwB,KAAKw8F,QACpCx8F,KAAKy8F,SAAU,EACfz8F,KAAKu8F,UAAY,EACjBrgF,GAAQ8T,MACH,CACLjuB,IAAWma,EACX,IAAI/S,EAAQ6mB,EAAY9T,EACxBna,IAAW/B,KAAKw8F,QAAWH,GAAQngF,IAAS/S,IAAWA,EACvDnJ,KAAKu8F,WAAargF,EAClBA,EAAO,CACb,CACA,CACE,OAAOna,CACT,EAGAu6F,GAAUr8F,UAAU08F,KAAO,SAAS36F,GAClC,IAAI46F,EAAQ56F,EAAM,EACd66F,GAAU76F,EAAM46F,GAAS,EAC7B58F,KAAKu8F,UAAYK,EACjB58F,KAAKgB,OAAO27F,KAAKE,GACjB78F,KAAKy8F,SAAU,CACjB,EAGAH,GAAUr8F,UAAU68F,GAAK,WACvB,IAA6Bh7F,EAAzBgd,EAAM,IAAIrd,WAAW,GACzB,IAAKK,EAAI,EAAGA,EAAIgd,EAAIld,OAAQE,IAC1Bgd,EAAIhd,GAAK9B,KAAKqC,KAAK,GAErB,OAGF,SAAkByc,GAChB,OAAOnf,MAAMM,UAAU0E,IAAI5D,KAAK+d,GAAKpD,IAAM,KAAOA,EAAE+E,SAAS,KAAK9d,OAAO,KAAID,KAAK,GACpF,CALSq6F,CAASj+E,EAClB,EAMA,IAAAk+E,GAAiBV,GC3FbW,GAAS,WACb,EAIAA,GAAOh9F,UAAU2J,SAAW,WAC1B,MAAUrI,MAAM,6CAClB,EAGA07F,GAAOh9F,UAAUoC,KAAO,SAASiH,EAAQ4zF,EAAWt7F,GAElD,IADA,IAAI4G,EAAY,EACTA,EAAY5G,GAAQ,CACzB,IAAIwhB,EAAIpjB,KAAK4J,WACb,GAAIwZ,EAAI,EACN,OAAoB,IAAZ5a,GAAkB,EAAIA,EAEhCc,EAAO4zF,KAAe95E,EACtB5a,GACJ,CACE,OAAOA,CACT,EACAy0F,GAAOh9F,UAAU08F,KAAO,SAASQ,GAC/B,MAAU57F,MAAM,yCAClB,EAGA07F,GAAOh9F,UAAUm9F,UAAY,SAASC,GACpC,MAAU97F,MAAM,6CAClB,EACA07F,GAAOh9F,UAAU8C,MAAQ,SAASuG,EAAQ4zF,EAAWt7F,GACnD,IAAIE,EACJ,IAAKA,EAAE,EAAGA,EAAEF,EAAQE,IAClB9B,KAAKo9F,UAAU9zF,EAAO4zF,MAExB,OAAOt7F,CACT,EACAq7F,GAAOh9F,UAAU+G,MAAQ,WACzB,EAEA,ICNMs2F,GDMNt8F,GAAiBi8F,GCXjBM,IAKMD,GAAc,IAAIl9E,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKVhgB,KAAKw9F,OAAS,WACZ,OAASx9E,IAAS,CACnB,EAMDhgB,KAAKy9F,UAAY,SAASl7F,GACxByd,EAAOA,GAAO,EAAKs9E,GAAqC,KAAvBt9E,IAAQ,GAAMzd,GAChD,EAODvC,KAAK09F,aAAe,SAASn7F,EAAOy6B,GAClC,KAAOA,KAAU,GACfhd,EAAOA,GAAO,EAAKs9E,GAAqC,KAAvBt9E,IAAQ,GAAMzd,GAElD,CACF,GCrEC+5F,GAAYqB,GACZV,GAASW,GACTC,GAAQC,GAaRC,GAAM,SAAS9hF,EAAOmB,GACxB,IAAwBtb,EAApB6sB,EAAM1S,EAAMmB,GAChB,IAAKtb,EAAIsb,EAAOtb,EAAI,EAAGA,IACrBma,EAAMna,GAAKma,EAAMna,EAAE,GAGrB,OADAma,EAAM,GAAK0S,EACJA,CACT,EAEIumD,GAAM,CACR8oB,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,CAAE,EACtBA,GAAcvpB,GAAI+oB,YAAyB,oBAC3CQ,GAAcvpB,GAAIgpB,eAAyB,gBAC3CO,GAAcvpB,GAAIipB,sBAAyB,uBAC3CM,GAAcvpB,GAAIkpB,uBAAyB,wBAC3CK,GAAcvpB,GAAImpB,YAAyB,aAC3CI,GAAcvpB,GAAIopB,eAAyB,gBAC3CG,GAAcvpB,GAAIqpB,gBAAkB,kDAEpC,IAAIG,GAAS,SAASC,EAAQC,GAC5B,IAAIpzE,EAAMizE,GAAcE,IAAW,gBAC/BC,IAAapzE,GAAO,KAAKozE,GAC7B,IAAI16F,EAAI,IAAIomC,UAAU9e,GAEtB,MADAtnB,EAAE26F,UAAYF,EACRz6F,CACR,EAEI46F,GAAS,SAASC,EAAaC,GACjCh/F,KAAKi/F,SAAWj/F,KAAKk/F,aAAel/F,KAAKm/F,WAAa,EAEtDn/F,KAAKo/F,cAAcL,EAAaC,EAClC,EACAF,GAAO7+F,UAAUo/F,YAAc,WAE7B,OADiBr/F,KAAKs/F,mBAKtBt/F,KAAKu/F,SAAW,IAAI1B,IACb,IAJL79F,KAAKm/F,YAAc,GACZ,EAIX,EAEAL,GAAO7+F,UAAUm/F,cAAgB,SAASL,EAAaC,GAErD,IAAIlgF,EAAM,IAAIrd,WAAW,GACW,IAAhCs9F,EAAY18F,KAAKyc,EAAK,EAAG,IACuB,QAAhD9H,OAAOsD,aAAawE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1C4/E,GAAOxpB,GAAIgpB,cAAe,aAE5B,IAAIz9C,EAAQ3hC,EAAI,GAAK,IACjB2hC,EAAQ,GAAKA,EAAQ,IACvBi+C,GAAOxpB,GAAIgpB,cAAe,sBAE5Bl+F,KAAK0D,OAAS,IAAI44F,GAAUyC,GAI5B/+F,KAAKw/F,SAAW,IAAS/+C,EACzBzgD,KAAKy/F,WAAa,EAClBz/F,KAAKg/F,aAAeA,EACpBh/F,KAAK0/F,UAAY,CACnB,EACAZ,GAAO7+F,UAAUq/F,gBAAkB,WACjC,IAAIx9F,EAAGuY,EAAGZ,EACN/V,EAAS1D,KAAK0D,OAId8tB,EAAI9tB,EAAOo5F,KACf,GAjFW,iBAiFPtrE,EACF,OAAO,EAnFG,iBAqFRA,GACFktE,GAAOxpB,GAAIgpB,eACbl+F,KAAK2/F,eAAiBj8F,EAAOrB,KAAK,MAAQ,EAC1CrC,KAAK0/F,WAAa1/F,KAAK2/F,gBACH3/F,KAAK0/F,WAAa,EAAM1/F,KAAK0/F,YAAY,OAAU,EAInEh8F,EAAOrB,KAAK,IACdq8F,GAAOxpB,GAAIqpB,gBACb,IAAIqB,EAAcl8F,EAAOrB,KAAK,IAC1Bu9F,EAAc5/F,KAAKw/F,UACrBd,GAAOxpB,GAAImpB,WAAY,kCAMzB,IAAIziF,EAAIlY,EAAOrB,KAAK,IAChBw9F,EAAY,IAAIp+F,WAAW,KAAMq+F,EAAW,EAChD,IAAKh+F,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAI8Z,EAAK,GAAM,GAAM9Z,EAAK,CACxB,IAAI+tB,EAAQ,GAAJ/tB,EAER,IADA2X,EAAI/V,EAAOrB,KAAK,IACXgY,EAAI,EAAGA,EAAI,GAAIA,IACdZ,EAAK,GAAM,GAAMY,IACnBwlF,EAAUC,KAAcjwE,EAAIxV,EACtC,CAIE,IAAI0lF,EAAar8F,EAAOrB,KAAK,IACzB09F,EAzHW,GAyHgBA,EAxHhB,IAyHbrB,GAAOxpB,GAAImpB,YAKb,IAAI2B,EAAat8F,EAAOrB,KAAK,IACV,IAAf29F,GACFtB,GAAOxpB,GAAImpB,YAEb,IAAI4B,EAAY,IAAIx+F,WAAW,KAC/B,IAAKK,EAAI,EAAGA,EAAIi+F,EAAYj+F,IAC1Bm+F,EAAUn+F,GAAKA,EAEjB,IAAIo+F,EAAY,IAAIz+F,WAAWu+F,GAE/B,IAAKl+F,EAAI,EAAGA,EAAIk+F,EAAYl+F,IAAK,CAE/B,IAAKuY,EAAI,EAAG3W,EAAOrB,KAAK,GAAIgY,IACtBA,GAAK0lF,GAAYrB,GAAOxpB,GAAImpB,YAElC6B,EAAUp+F,GAAKi8F,GAAIkC,EAAW5lF,EAClC,CAIE,IACiB8lF,EADbC,EAAWN,EAAW,EACtBpsC,EAAS,GACb,IAAKr5C,EAAI,EAAGA,EAAI0lF,EAAY1lF,IAAK,CAC/B,IAqBIwjE,EAASwiB,EArBTz+F,EAAS,IAAIH,WAAW2+F,GAAWxT,EAAO,IAAI7/D,YAAYuzE,IAK9D,IADA1kF,EAAIlY,EAAOrB,KAAK,GACXP,EAAI,EAAGA,EAAIs+F,EAAUt+F,IAAK,CAC7B,MACM8Z,EAAI,GAAKA,EAjKE,KAiKoB8iF,GAAOxpB,GAAImpB,YAG1C36F,EAAOrB,KAAK,IAEZqB,EAAOrB,KAAK,GAGduZ,IAFAA,IAIJha,EAAOE,GAAK8Z,CAClB,CAKI,IADAiiE,EAASwiB,EAASz+F,EAAO,GACpBE,EAAI,EAAGA,EAAIs+F,EAAUt+F,IACpBF,EAAOE,GAAKu+F,EACdA,EAASz+F,EAAOE,GACTF,EAAOE,GAAK+7E,IACnBA,EAASj8E,EAAOE,IAapBq+F,EAAW,CAAE,EACbzsC,EAAO5wD,KAAKq9F,GACZA,EAASI,QAAU,IAAIxzE,YAnMT,KAoMdozE,EAASK,MAAQ,IAAIpgF,YAAYkgF,IACjCH,EAAS/sB,KAAO,IAAIhzD,YAAYkgF,IAChCH,EAAStiB,OAASA,EAClBsiB,EAASE,OAASA,EAElB,IAAII,EAAK,EACT,IAAK3+F,EAAI+7E,EAAQ/7E,GAAKu+F,EAAQv+F,IAE5B,IADA8qF,EAAK9qF,GAAKq+F,EAASK,MAAM1+F,GAAK,EACzB8Z,EAAI,EAAGA,EAAIwkF,EAAUxkF,IACpBha,EAAOga,KAAO9Z,IAChBq+F,EAASI,QAAQE,KAAQ7kF,GAG/B,IAAK9Z,EAAI,EAAGA,EAAIs+F,EAAUt+F,IACxB8qF,EAAKhrF,EAAOE,MAMd,IADA2+F,EAAK7kF,EAAI,EACJ9Z,EAAI+7E,EAAQ/7E,EAAIu+F,EAAQv+F,IAC3B2+F,GAAM7T,EAAK9qF,GAOXq+F,EAASK,MAAM1+F,GAAK2+F,EAAK,EACzBA,IAAO,EACP7kF,GAAKgxE,EAAK9qF,GACVq+F,EAAS/sB,KAAKtxE,EAAI,GAAK2+F,EAAK7kF,EAE9BukF,EAASK,MAAMH,EAAS,GAAKh5E,OAAOq5E,UACpCP,EAASK,MAAMH,GAAUI,EAAK7T,EAAKyT,GAAU,EAC7CF,EAAS/sB,KAAKyK,GAAU,CAC5B,CAME,IAAI8iB,EAAY,IAAIvgF,YAAY,KAChC,IAAKte,EAAI,EAAGA,EAAI,IAAKA,IACnBm+F,EAAUn+F,GAAKA,EAEjB,IAA6C8+F,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOhhG,KAAKghG,KAAO,IAAI5gF,YAAYpgB,KAAKw/F,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWa,GACPF,GAAYf,GAActB,GAAOxpB,GAAImpB,YACzC8B,EAAWzsC,EAAOwsC,EAAUa,OAG9Bj/F,EAAIq+F,EAAStiB,OACbxjE,EAAI3W,EAAOrB,KAAKP,GAEVA,EAAIq+F,EAASE,QAAU3B,GAAOxpB,GAAImpB,cAClChkF,GAAK8lF,EAASK,MAAM1+F,IAFnBA,IAILuY,EAAKA,GAAK,EAAK3W,EAAOrB,KAAK,KAG7BgY,GAAK8lF,EAAS/sB,KAAKtxE,IACX,GAAKuY,GAvQC,MAuQmBqkF,GAAOxpB,GAAImpB,YAC5C,IAAI6C,EAAUf,EAASI,QAAQlmF,GAK/B,GA5Qc,IA4QV6mF,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAYllF,EAAI5b,KAAKw/F,UAAYd,GAAOxpB,GAAImpB,YAEhDsC,EADAC,EAAKf,EAAUI,EAAU,MACRrkF,EACVA,KACLolF,EAAKF,KAAeF,EAGxB,GAAIM,EAAUpB,EACZ,MAQEgB,GAAa9gG,KAAKw/F,UAAYd,GAAOxpB,GAAImpB,YAK7CsC,EAFAC,EAAKf,EADLe,EAAK7C,GAAIkC,EADTn+F,EAAIo/F,EAAU,OAKdF,EAAKF,KAAeF,CA7BxB,MAjBWC,IACHA,EAAS,EACTjlF,EAAI,GAUJA,GA1RU,IAyRRslF,EACGL,EAEA,EAAIA,EACXA,IAAW,CAgCjB,CAUE,KAHIjB,EAAc,GAAKA,GAAekB,IAAapC,GAAOxpB,GAAImpB,YAE9DhkF,EAAI,EACCvY,EAAI,EAAGA,EAAI,IAAKA,IACnB2X,EAAIY,EAAIsmF,EAAU7+F,GAClB6+F,EAAU7+F,GAAKuY,EACfA,EAAIZ,EAGN,IAAK3X,EAAI,EAAGA,EAAIg/F,EAAWh/F,IAEzBk/F,EAAKL,EADLC,EAAe,IAAVI,EAAKl/F,MACcA,GAAK,EAC7B6+F,EAAUC,KAKZ,IAAI5+F,EAAM,EAAGm/F,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBn/F,EAAMg/F,EAAKpB,IAEX59F,IAAQ,EACRo/F,GAAO,GAETphG,KAAKi/F,SAAWj9F,EAChBhC,KAAKk/F,aAAeiC,EACpBnhG,KAAKm/F,WAAa2B,EAClB9gG,KAAKqhG,SAAWD,GAET,CACT,EAOAtC,GAAO7+F,UAAUqhG,aAAe,SAASrG,EAAc3tE,GACnD,IAAIi0E,EAAQC,EAAUC,EAKxB,GAAIzhG,KAAKm/F,WAAa,EAAK,OAAO,EAGlC,IAAI6B,EAAOhhG,KAAKghG,KAAMh/F,EAAMhC,KAAKi/F,SAAUkC,EAAUnhG,KAAKk/F,aACtD4B,EAAY9gG,KAAKm/F,WAAyBn/F,KAAK0hG,WAGnD,IAFA,IAAIN,EAAMphG,KAAKqhG,SAERP,GAAW,CAehB,IAdAA,IACAU,EAAWL,EAEXA,EAAgB,KADhBn/F,EAAMg/F,EAAKh/F,IAEXA,IAAQ,EACM,GAAVo/F,KACFG,EAASJ,EACTM,EAAUD,EACVL,GAAW,IAEXI,EAAS,EACTE,EAAUN,GAEZnhG,KAAKu/F,SAAS7B,aAAa+D,EAASF,GAC7BA,KACLvhG,KAAKg/F,aAAa5B,UAAUqE,GAC5BzhG,KAAKy/F,aAEH0B,GAAWK,IACbJ,EAAM,EACZ,CAQE,OAPAphG,KAAKm/F,WAAa2B,EAEd9gG,KAAKu/F,SAAS/B,WAAax9F,KAAK2/F,gBAClCjB,GAAOxpB,GAAImpB,WAAY,sBACRr+F,KAAKu/F,SAAS/B,SAAS/8E,SAAS,IACxC,aAAazgB,KAAK2/F,eAAel/E,SAAS,IAAI,KAEhDzgB,KAAKy/F,UACd,EAEA,IAAIkC,GAAoB,SAASphG,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIw+F,EAAc,IAAI9B,GAKtB,OAJA8B,EAAY/8F,IAAM,EAClB+8F,EAAYn1F,SAAW,WAAa,OAAOrJ,EAAMP,KAAKgC,MAAS,EAC/D+8F,EAAYpC,KAAO,SAAS36F,GAAOhC,KAAKgC,IAAMA,CAAM,EACpD+8F,EAAY6C,IAAM,WAAa,OAAO5hG,KAAKgC,KAAOzB,EAAMqB,MAAS,EAC1Dm9F,CACT,EACI8C,GAAqB,SAASj7F,GAChC,IAAIo4F,EAAe,IAAI/B,GACnB6E,GAAW,EACf,GAAIl7F,EACF,GAAqB,iBAAV,EACTo4F,EAAa11F,OAAS,IAAI7H,WAAWmF,GACrCk7F,GAAW,MACN,IAAI,cAAel7F,EACxB,OAAOA,EAEPo4F,EAAa11F,OAAS1C,EACtBk7F,GAAW,CACjB,MAEI9C,EAAa11F,OAAS,IAAI7H,WAAW,OAuBvC,OArBAu9F,EAAah9F,IAAM,EACnBg9F,EAAa5B,UAAY,SAASC,GAChC,GAAIyE,GAAY9hG,KAAKgC,KAAOhC,KAAKsJ,OAAO1H,OAAQ,CAC9C,IAAImgG,EAAY,IAAItgG,WAA8B,EAAnBzB,KAAKsJ,OAAO1H,QAC3CmgG,EAAU5/F,IAAInC,KAAKsJ,QACnBtJ,KAAKsJ,OAASy4F,CACpB,CACI/hG,KAAKsJ,OAAOtJ,KAAKgC,OAASq7F,CAC3B,EACD2B,EAAagD,UAAY,WAEvB,GAAIhiG,KAAKgC,MAAQhC,KAAKsJ,OAAO1H,OAAQ,CACnC,IAAKkgG,EACH,MAAM,IAAIx3D,UAAU,2CACtB,IAAIy3D,EAAY,IAAItgG,WAAWzB,KAAKgC,KACpC+/F,EAAU5/F,IAAInC,KAAKsJ,OAAON,SAAS,EAAGhJ,KAAKgC,MAC3ChC,KAAKsJ,OAASy4F,CACpB,CACI,OAAO/hG,KAAKsJ,MACb,EACD01F,EAAaiD,UAAW,EACjBjD,CACT,EAqGA,IAAAkD,GAAiB,CACfpD,UACA7B,UACA/nB,OACAl6D,OApGa,SAASza,EAAOqG,EAAQu7F,GAMrC,IAJA,IAAIpD,EAAc4C,GAAkBphG,GAChCy+F,EAAe6C,GAAmBj7F,GAElCw7F,EAAK,IAAItD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAY6C,OACxC,GAAIQ,EAAG/C,cACL+C,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG1+F,OAAOrB,KAAK,MAAQ,EAM7C,GALIggG,IAAoBD,EAAG1C,WACzBhB,GAAOxpB,GAAImpB,WAAY,uBACR+D,EAAG1C,UAAUj/E,SAAS,IAC9B,aAAa4hF,EAAgB5hF,SAAS,IAAI,MAE/C0hF,KACA,QAASpD,IACRA,EAAY6C,MAGV,MADLQ,EAAGhD,cAAcL,EAAaC,EAEtC,CAEE,GAAI,cAAeA,EACjB,OAAOA,EAAagD,WACxB,EA0EEM,YAzEkB,SAAS/hG,EAAOyB,EAAK4E,GAEvC,IAAIm4F,EAAc4C,GAAkBphG,GAChCy+F,EAAe6C,GAAmBj7F,GAClCw7F,EAAK,IAAItD,GAAOC,EAAaC,GAejC,GAdAoD,EAAG1+F,OAAOi5F,KAAK36F,GAEEogG,EAAG9C,oBAGlB8C,EAAG7C,SAAW,IAAI1B,GAGlBuE,EAAGG,YAAc,EAGjBH,EAAGd,gBAGD,cAAetC,EACjB,OAAOA,EAAagD,WACxB,EAqDEQ,MAhDY,SAASjiG,EAAO4rC,EAAUg2D,GAEtC,IAAIpD,EAAc,IAAI9B,GACtB8B,EAAY0D,SAAWd,GAAkBphG,GACzCw+F,EAAY/8F,IAAM,EAClB+8F,EAAYn1F,SAAW,WAErB,OADA5J,KAAKgC,MACEhC,KAAKyiG,SAAS74F,UACtB,EACGm1F,EAAY0D,SAASb,MACvB7C,EAAY6C,IAAM7C,EAAY0D,SAASb,IAAIj+F,KAAKo7F,EAAY0D,WAE9D,IAAIzD,EAAe,IAAI/B,GACvB+B,EAAah9F,IAAM,EACnBg9F,EAAa5B,UAAY,WAAap9F,KAAKgC,KAAQ,EAInD,IAFA,IAAIogG,EAAK,IAAItD,GAAOC,EAAaC,GAC7B97E,EAAYk/E,EAAG5C,WAEb,QAAST,KAAeA,EAAY6C,OAD7B,CAGX,IAAIc,EAA2B,EAAhB3D,EAAY/8F,IAAQogG,EAAG1+F,OAAO64F,UAG7C,GAFI6F,EAAG1+F,OAAO+4F,UAAWiG,GAAY,GAEjCN,EAAG/C,cAAe,CACpB,IAAIj7F,EAAQ46F,EAAah9F,IACzBogG,EAAGd,eACHn1D,EAASu2D,EAAU1D,EAAah9F,IAAMoC,EAC5C,KAAW,CAEL,GADUg+F,EAAG1+F,OAAOrB,KAAK,KACrB8/F,KACA,QAASpD,IACRA,EAAY6C,MAKV,MAHLQ,EAAGhD,cAAcL,EAAaC,GAC9Bn2F,QAAQ85F,OAAOP,EAAG5C,WAAat8E,EAChB,sDAEvB,CACA,CACA","x_google_ignoreList":[0,1,2,3,12,13,14,15,28,29,52,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,114,115,117,118,119,120,121,122,123,124]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/node/openpgp.mjs b/app/node_modules/openpgp/dist/node/openpgp.mjs index 6139df836..fdf4e8398 100644 --- a/app/node_modules/openpgp/dist/node/openpgp.mjs +++ b/app/node_modules/openpgp/dist/node/openpgp.mjs @@ -1,13 +1,23 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; -import buffer from 'buffer'; -import stream$1 from 'stream'; -import crypto$3 from 'crypto'; -import zlib from 'zlib'; -import os from 'os'; -import util$1 from 'util'; -import asn1$2 from 'asn1.js'; +import { createRequire } from 'module'; +import * as nc from 'node:crypto'; + +function _mergeNamespaces(n, m) { + m.forEach(function (e) { + e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) { + if (k !== 'default' && !(k in n)) { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + }); + return Object.freeze(n); +} const doneWritingPromise = Symbol('doneWritingPromise'); const doneWritingResolve = Symbol('doneWritingResolve'); @@ -18,6 +28,9 @@ const readingIndex = Symbol('readingIndex'); class ArrayStream extends Array { constructor() { super(); + // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work + Object.setPrototypeOf(this, ArrayStream.prototype); + this[doneWritingPromise] = new Promise((resolve, reject) => { this[doneWritingResolve] = resolve; this[doneWritingReject] = reject; @@ -118,15 +131,14 @@ Writer.prototype.abort = async function(reason) { */ Writer.prototype.releaseLock = function() {}; -const isNode = typeof globalThis.process === 'object' && +/* eslint-disable no-prototype-builtins */ +typeof globalThis.process === 'object' && typeof globalThis.process.versions === 'object'; -const NodeReadableStream = isNode && stream$1.Readable; - /** * Check whether data is a Stream, and if so of which type * @param {Any} input data to check - * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false} + * @returns {'web'|'node'|'array'|'web-like'|false} */ function isStream(input) { if (isArrayStream(input)) { @@ -135,11 +147,11 @@ function isStream(input) { if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { return 'web'; } - if (ReadableStream && ReadableStream.prototype.isPrototypeOf(input)) { - return 'ponyfill'; - } - if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) { - return 'node'; + // try and detect a node native stream without having to import its class + if (input && + !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) && + typeof input._read === 'function' && typeof input._readableState === 'object') { + throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`'); } if (input && input.getReader) { return 'web-like'; @@ -183,99 +195,12 @@ function concatUint8Array(arrays) { return result; } -const NodeBuffer = isNode && buffer.Buffer; -const NodeReadableStream$1 = isNode && stream$1.Readable; - +const doneReadingSet = new WeakSet(); /** - * Web / node stream conversion functions - * From https://github.com/gwicke/node-web-streams + * The external buffer is used to store values that have been peeked or unshifted from the original stream. + * Because of how streams are implemented, such values cannot be "put back" in the original stream, + * but they need to be returned first when reading from the input again. */ - -let nodeToWeb; -let webToNode; - -if (NodeReadableStream$1) { - - /** - * Convert a Node Readable Stream to a Web ReadableStream - * @param {Readable} nodeStream - * @returns {ReadableStream} - */ - nodeToWeb = function(nodeStream) { - let canceled = false; - return new ReadableStream({ - start(controller) { - nodeStream.pause(); - nodeStream.on('data', chunk => { - if (canceled) { - return; - } - if (NodeBuffer.isBuffer(chunk)) { - chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength); - } - controller.enqueue(chunk); - nodeStream.pause(); - }); - nodeStream.on('end', () => { - if (canceled) { - return; - } - controller.close(); - }); - nodeStream.on('error', e => controller.error(e)); - }, - pull() { - nodeStream.resume(); - }, - cancel(reason) { - canceled = true; - nodeStream.destroy(reason); - } - }); - }; - - - class NodeReadable extends NodeReadableStream$1 { - constructor(webStream, options) { - super(options); - this._reader = getReader(webStream); - } - - async _read(size) { - try { - while (true) { - const { done, value } = await this._reader.read(); - if (done) { - this.push(null); - break; - } - if (!this.push(value)) { - break; - } - } - } catch (e) { - this.destroy(e); - } - } - - async _destroy(error, callback) { - this._reader.cancel(error).then(callback, callback); - } - } - - /** - * Convert a Web ReadableStream to a Node Readable Stream - * @param {ReadableStream} webStream - * @param {Object} options - * @returns {Readable} - */ - webToNode = function(webStream, options) { - return new NodeReadable(webStream, options); - }; - -} - -const doneReadingSet = new WeakSet(); const externalBuffer = Symbol('externalBuffer'); /** @@ -294,13 +219,10 @@ function Reader(input) { const reader = input.getReader(); this._read = reader.read.bind(reader); this._releaseLock = () => {}; - this._cancel = async () => {}; + this._cancel = () => {}; return; } let streamType = isStream(input); - if (streamType === 'node') { - input = nodeToWeb(input); - } if (streamType) { const reader = input.getReader(); this._read = reader.read.bind(reader); @@ -407,6 +329,7 @@ Reader.prototype.readByte = async function() { Reader.prototype.readBytes = async function(length) { const buffer = []; let bufferLength = 0; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) { @@ -466,6 +389,7 @@ Reader.prototype.unshift = function(...values) { */ Reader.prototype.readToEnd = async function(join=concat) { const result = []; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) break; @@ -474,32 +398,6 @@ Reader.prototype.readToEnd = async function(join=concat) { return join(result); }; -let { ReadableStream, WritableStream, TransformStream } = globalThis; - -let toPonyfillReadable, toNativeReadable; - -async function loadStreamsPonyfill() { - if (TransformStream) { - return; - } - - const [ponyfill, adapter] = await Promise.all([ - Promise.resolve().then(function () { return ponyfill_es6; }), - Promise.resolve().then(function () { return webStreamsAdapter; }) - ]); - - ({ ReadableStream, WritableStream, TransformStream } = ponyfill); - - const { createReadableStreamWrapper } = adapter; - - if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) { - toPonyfillReadable = createReadableStreamWrapper(ReadableStream); - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } -} - -const NodeBuffer$1 = isNode && buffer.Buffer; - /** * Convert data to Stream * @param {ReadableStream|Uint8array|String} input data to convert @@ -507,12 +405,6 @@ const NodeBuffer$1 = isNode && buffer.Buffer; */ function toStream(input) { let streamType = isStream(input); - if (streamType === 'node') { - return nodeToWeb(input); - } - if (streamType === 'web' && toPonyfillReadable) { - return toPonyfillReadable(input); - } if (streamType) { return input; } @@ -525,7 +417,7 @@ function toStream(input) { } /** - * Convert data to ArrayStream + * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream. * @param {Object} input data to convert * @returns {ArrayStream} Converted data */ @@ -558,9 +450,6 @@ function concat(list) { if (typeof list[0] === 'string') { return list.join(''); } - if (NodeBuffer$1 && NodeBuffer$1.isBuffer(list[0])) { - return NodeBuffer$1.concat(list); - } return concatUint8Array(list); } @@ -601,24 +490,6 @@ function concatArrayStream(list) { return result; } -/** - * Get a Reader - * @param {ReadableStream|Uint8array|String} input - * @returns {Reader} - */ -function getReader(input) { - return new Reader(input); -} - -/** - * Get a Writer - * @param {WritableStream} input - * @returns {Writer} - */ -function getWriter(input) { - return new Writer(input); -} - /** * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. * @param {ReadableStream|Uint8array|String} input @@ -655,6 +526,7 @@ async function pipe(input, target, { const reader = getReader(input); const writer = getWriter(target); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -906,6 +778,7 @@ function passiveClone(input) { const reader = getReader(readable); const writer = getWriter(writable); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -989,9 +862,8 @@ function slice(input, begin=0, end=Infinity) { if (returnValue.length >= -end) { lastBytes = slice(returnValue, end); return slice(returnValue, begin, end); - } else { - lastBytes = returnValue; } + lastBytes = returnValue; }); } console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); @@ -1000,9 +872,8 @@ function slice(input, begin=0, end=Infinity) { if (input[externalBuffer]) { input = concat(input[externalBuffer].concat([input])); } - if (isUint8Array(input) && !(NodeBuffer$1 && NodeBuffer$1.isBuffer(input))) { - if (end === Infinity) end = input.length; - return input.subarray(begin, end); + if (isUint8Array(input)) { + return input.subarray(begin, end === Infinity ? input.length : end); } return input.slice(begin, end); } @@ -1034,7 +905,10 @@ async function readToEnd(input, join=concat) { async function cancel(input, reason) { if (isStream(input)) { if (input.cancel) { - return input.cancel(reason); + const cancelled = await input.cancel(reason); + // the stream is not always cancelled at this point, so we wait some more + await new Promise(setTimeout); + return cancelled; } if (input.destroy) { input.destroy(reason); @@ -1063,636 +937,152 @@ function fromAsync(fn) { return arrayStream; } -/* eslint-disable new-cap */ +/** + * Get a Reader + * @param {ReadableStream|Uint8array|String} input + * @returns {Reader} + */ +function getReader(input) { + return new Reader(input); +} /** - * @fileoverview - * BigInteger implementation of basic operations - * that wraps the native BigInt library. - * Operations are not constant time, - * but we try and limit timing leakage where we can - * @module biginteger/native - * @private + * Get a Writer + * @param {WritableStream} input + * @returns {Writer} */ +function getWriter(input) { + return new Writer(input); +} /** - * @private + * @module enums */ -class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on null or undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - if (n instanceof Uint8Array) { - const bytes = n; - const hex = new Array(bytes.length); - for (let i = 0; i < bytes.length; i++) { - const hexByte = bytes[i].toString(16); - hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte; - } - this.value = BigInt('0x0' + hex.join('')); - } else { - this.value = BigInt(n); - } - } +const byValue = Symbol('byValue'); - clone() { - return new BigInteger(this.value); - } +var enums = { - /** - * BigInteger increment in place + /** Maps curve names under various standards to one + * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} + * @enum {String} + * @readonly */ - iinc() { - this.value++; - return this; - } + curve: { + /** NIST P-256 Curve */ + 'nistP256': 'nistP256', + /** @deprecated use `nistP256` instead */ + 'p256': 'nistP256', - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } + /** NIST P-384 Curve */ + 'nistP384': 'nistP384', + /** @deprecated use `nistP384` instead */ + 'p384': 'nistP384', - /** - * BigInteger decrement in place - */ - idec() { - this.value--; - return this; - } + /** NIST P-521 Curve */ + 'nistP521': 'nistP521', + /** @deprecated use `nistP521` instead */ + 'p521': 'nistP521', - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + /** SECG SECP256k1 Curve */ + 'secp256k1': 'secp256k1', - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value += x.value; - return this; - } + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519Legacy', + /** @deprecated use `ed25519Legacy` instead */ + 'ed25519': 'ed25519Legacy', - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'curve25519Legacy': 'curve25519Legacy', + /** @deprecated use `curve25519Legacy` instead */ + 'curve25519': 'curve25519Legacy', - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value -= x.value; - return this; - } + /** BrainpoolP256r1 Curve */ + 'brainpoolP256r1': 'brainpoolP256r1', - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } + /** BrainpoolP384r1 Curve */ + 'brainpoolP384r1': 'brainpoolP384r1', - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value *= x.value; - return this; - } + /** BrainpoolP512r1 Curve */ + 'brainpoolP512r1': 'brainpoolP512r1' + }, - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. + /** A string to key specifier type + * @enum {Integer} + * @readonly */ - mul(x) { - return this.clone().imul(x); - } + s2k: { + simple: 0, + salted: 1, + iterated: 3, + argon2: 4, + gnu: 101 + }, - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} + * @enum {Integer} + * @readonly */ - imod(m) { - this.value %= m.value; - if (this.isNegative()) { - this.iadd(m); - } - return this; - } + publicKey: { + /** RSA (Encrypt or Sign) [HAC] */ + rsaEncryptSign: 1, + /** RSA (Encrypt only) [HAC] */ + rsaEncrypt: 2, + /** RSA (Sign only) [HAC] */ + rsaSign: 3, + /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ + elgamal: 16, + /** DSA (Sign only) [FIPS186] [HAC] */ + dsa: 17, + /** ECDH (Encrypt only) [RFC6637] */ + ecdh: 18, + /** ECDSA (Sign only) [RFC6637] */ + ecdsa: 19, + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) + * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ + eddsaLegacy: 22, + /** Reserved for AEDH */ + aedh: 23, + /** Reserved for AEDSA */ + aedsa: 24, + /** X25519 (Encrypt only) */ + x25519: 25, + /** X448 (Encrypt only) */ + x448: 26, + /** Ed25519 (Sign only) */ + ed25519: 27, + /** Ed448 (Sign only) */ + ed448: 28 + }, - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} + * @enum {Integer} + * @readonly */ - mod(m) { - return this.clone().imod(m); - } + symmetric: { + /** Not implemented! */ + idea: 1, + tripledes: 2, + cast5: 3, + blowfish: 4, + aes128: 7, + aes192: 8, + aes256: 9, + twofish: 10 + }, - /** - * Compute modular exponentiation using square and multiply - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} + * @enum {Integer} + * @readonly */ - modExp(e, n) { - if (n.isZero()) throw Error('Modulo cannot be zero'); - if (n.isOne()) return new BigInteger(0); - if (e.isNegative()) throw Error('Unsopported negative exponent'); - - let exp = e.value; - let x = this.value; - - x %= n.value; - let r = BigInt(1); - while (exp > BigInt(0)) { - const lsb = exp & BigInt(1); - exp >>= BigInt(1); // e / 2 - // Always compute multiplication step, to reduce timing leakage - const rx = (r * x) % n.value; - // Update r only if lsb is 1 (odd exponent) - r = lsb ? rx : r; - x = (x * x) % n.value; // Square - } - return new BigInteger(r); - } - - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - const { gcd, x } = this._egcd(n); - if (!gcd.isOne()) { - throw new Error('Inverse does not exist'); - } - return x.add(n).mod(n); - } - - /** - * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) - * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b) - * @param {BigInteger} b - Second operand - * @returns {{ gcd, x, y: BigInteger }} - */ - _egcd(b) { - let x = BigInt(0); - let y = BigInt(1); - let xPrev = BigInt(1); - let yPrev = BigInt(0); - - let a = this.value; - b = b.value; - - while (b !== BigInt(0)) { - const q = a / b; - let tmp = x; - x = xPrev - q * x; - xPrev = tmp; - - tmp = y; - y = yPrev - q * y; - yPrev = tmp; - - tmp = b; - b = a % b; - a = tmp; - } - - return { - x: new BigInteger(xPrev), - y: new BigInteger(yPrev), - gcd: new BigInteger(a) - }; - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} b - Operand - * @returns {BigInteger} gcd - */ - gcd(b) { - let a = this.value; - b = b.value; - while (b !== BigInt(0)) { - const tmp = b; - b = a % b; - a = tmp; - } - return new BigInteger(a); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value <<= x.value; - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value >>= x.value; - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value === x.value; - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value < x.value; - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value <= x.value; - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value > x.value; - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value >= x.value; - } - - isZero() { - return this.value === BigInt(0); - } - - isOne() { - return this.value === BigInt(1); - } - - isNegative() { - return this.value < BigInt(0); - } - - isEven() { - return !(this.value & BigInt(1)); - } - - abs() { - const res = this.clone(); - if (this.isNegative()) { - res.value = -res.value; - } - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - const number = Number(this.value); - if (number > Number.MAX_SAFE_INTEGER) { - // We throw and error to conform with the bn.js implementation - throw new Error('Number can only safely store up to 53 bits'); - } - return number; - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - const bit = (this.value >> BigInt(i)) & BigInt(1); - return (bit === BigInt(0)) ? 0 : 1; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - const zero = new BigInteger(0); - const one = new BigInteger(1); - const negOne = new BigInteger(-1); - - // -1n >> -1n is -1n - // 1n >> 1n is 0n - const target = this.isNegative() ? negOne : zero; - let bitlen = 1; - const tmp = this.clone(); - while (!tmp.irightShift(one).equal(target)) { - bitlen++; - } - return bitlen; - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - const zero = new BigInteger(0); - const negOne = new BigInteger(-1); - - const target = this.isNegative() ? negOne : zero; - const eight = new BigInteger(8); - let len = 1; - const tmp = this.clone(); - while (!tmp.irightShift(eight).equal(target)) { - len++; - } - return len; - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) - // this is faster than shift+mod iterations - let hex = this.value.toString(16); - if (hex.length % 2 === 1) { - hex = '0' + hex; - } - - const rawLength = hex.length / 2; - const bytes = new Uint8Array(length || rawLength); - // parse hex - const offset = length ? (length - rawLength) : 0; - let i = 0; - while (i < rawLength) { - bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); - i++; - } - - if (endian !== 'be') { - bytes.reverse(); - } - - return bytes; - } -} - -const detectBigInt = () => typeof BigInt !== 'undefined'; - -async function getBigInteger() { - if (detectBigInt()) { - return BigInteger; - } else { - const { default: BigInteger } = await Promise.resolve().then(function () { return bn_interface; }); - return BigInteger; - } -} - -/** - * @module enums - */ - -const byValue = Symbol('byValue'); - -var enums = { - - /** Maps curve names under various standards to one - * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} - * @enum {String} - * @readonly - */ - curve: { - /** NIST P-256 Curve */ - 'p256': 'p256', - 'P-256': 'p256', - 'secp256r1': 'p256', - 'prime256v1': 'p256', - '1.2.840.10045.3.1.7': 'p256', - '2a8648ce3d030107': 'p256', - '2A8648CE3D030107': 'p256', - - /** NIST P-384 Curve */ - 'p384': 'p384', - 'P-384': 'p384', - 'secp384r1': 'p384', - '1.3.132.0.34': 'p384', - '2b81040022': 'p384', - '2B81040022': 'p384', - - /** NIST P-521 Curve */ - 'p521': 'p521', - 'P-521': 'p521', - 'secp521r1': 'p521', - '1.3.132.0.35': 'p521', - '2b81040023': 'p521', - '2B81040023': 'p521', - - /** SECG SECP256k1 Curve */ - 'secp256k1': 'secp256k1', - '1.3.132.0.10': 'secp256k1', - '2b8104000a': 'secp256k1', - '2B8104000A': 'secp256k1', - - /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ - 'ed25519Legacy': 'ed25519', - 'ED25519': 'ed25519', - /** @deprecated use `ed25519Legacy` instead */ - 'ed25519': 'ed25519', - 'Ed25519': 'ed25519', - '1.3.6.1.4.1.11591.15.1': 'ed25519', - '2b06010401da470f01': 'ed25519', - '2B06010401DA470F01': 'ed25519', - - /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ - 'curve25519Legacy': 'curve25519', - 'X25519': 'curve25519', - 'cv25519': 'curve25519', - /** @deprecated use `curve25519Legacy` instead */ - 'curve25519': 'curve25519', - 'Curve25519': 'curve25519', - '1.3.6.1.4.1.3029.1.5.1': 'curve25519', - '2b060104019755010501': 'curve25519', - '2B060104019755010501': 'curve25519', - - /** BrainpoolP256r1 Curve */ - 'brainpoolP256r1': 'brainpoolP256r1', - '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1', - '2b2403030208010107': 'brainpoolP256r1', - '2B2403030208010107': 'brainpoolP256r1', - - /** BrainpoolP384r1 Curve */ - 'brainpoolP384r1': 'brainpoolP384r1', - '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1', - '2b240303020801010b': 'brainpoolP384r1', - '2B240303020801010B': 'brainpoolP384r1', - - /** BrainpoolP512r1 Curve */ - 'brainpoolP512r1': 'brainpoolP512r1', - '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1', - '2b240303020801010d': 'brainpoolP512r1', - '2B240303020801010D': 'brainpoolP512r1' - }, - - /** A string to key specifier type - * @enum {Integer} - * @readonly - */ - s2k: { - simple: 0, - salted: 1, - iterated: 3, - gnu: 101 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} - * @enum {Integer} - * @readonly - */ - publicKey: { - /** RSA (Encrypt or Sign) [HAC] */ - rsaEncryptSign: 1, - /** RSA (Encrypt only) [HAC] */ - rsaEncrypt: 2, - /** RSA (Sign only) [HAC] */ - rsaSign: 3, - /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ - elgamal: 16, - /** DSA (Sign only) [FIPS186] [HAC] */ - dsa: 17, - /** ECDH (Encrypt only) [RFC6637] */ - ecdh: 18, - /** ECDSA (Sign only) [RFC6637] */ - ecdsa: 19, - /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) - * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility - /** @deprecated use `eddsaLegacy` instead */ - ed25519Legacy: 22, - /** @deprecated use `eddsaLegacy` instead */ - eddsa: 22, - /** Reserved for AEDH */ - aedh: 23, - /** Reserved for AEDSA */ - aedsa: 24, - /** X25519 (Encrypt only) */ - x25519: 25, - /** X448 (Encrypt only) */ - x448: 26, - /** Ed25519 (Sign only) */ - ed25519: 27, - /** Ed448 (Sign only) */ - ed448: 28 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} - * @enum {Integer} - * @readonly - */ - symmetric: { - plaintext: 0, - /** Not implemented! */ - idea: 1, - tripledes: 2, - cast5: 3, - blowfish: 4, - aes128: 7, - aes192: 8, - aes256: 9, - twofish: 10 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} - * @enum {Integer} - * @readonly - */ - compression: { - uncompressed: 0, - /** RFC1951 */ - zip: 1, - /** RFC1950 */ - zlib: 2, - bzip2: 3 - }, + compression: { + uncompressed: 0, + /** RFC1951 */ + zip: 1, + /** RFC1950 */ + zlib: 2, + bzip2: 3 + }, /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} * @enum {Integer} @@ -1705,7 +1095,9 @@ var enums = { sha256: 8, sha384: 9, sha512: 10, - sha224: 11 + sha224: 11, + sha3_256: 12, + sha3_512: 14 }, /** A list of hash names as accepted by webCrypto functions. @@ -1726,6 +1118,7 @@ var enums = { aead: { eax: 1, ocb: 2, + gcm: 3, experimentalGCM: 100 // Private algorithm }, @@ -1751,7 +1144,8 @@ var enums = { userAttribute: 17, symEncryptedIntegrityProtectedData: 18, modificationDetectionCode: 19, - aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + padding: 21 }, /** Data types in the literal packet @@ -1907,7 +1301,7 @@ var enums = { placeholderBackwardsCompatibility: 10, preferredSymmetricAlgorithms: 11, revocationKey: 12, - issuer: 16, + issuerKeyID: 16, notationData: 20, preferredHashAlgorithms: 21, preferredCompressionAlgorithms: 22, @@ -1922,7 +1316,8 @@ var enums = { signatureTarget: 31, embeddedSignature: 32, issuerFingerprint: 33, - preferredAEADAlgorithms: 34 + preferredAEADAlgorithms: 34, + preferredCipherSuites: 39 }, /** Key flags @@ -1991,7 +1386,8 @@ var enums = { aead: 2, /** 0x04 - Version 5 Public-Key Packet format and corresponding new * fingerprint format */ - v5Keys: 4 + v5Keys: 4, + seipdv2: 8 }, /** @@ -2036,10 +1432,330 @@ var enums = { } }; -const debugMode = (() => { - try { - return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env - } catch (e) {} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +var config = { + /** + * @memberof module:config + * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} + */ + preferredHashAlgorithm: enums.hash.sha512, + /** + * @memberof module:config + * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} + */ + preferredSymmetricAlgorithm: enums.symmetric.aes256, + /** + * @memberof module:config + * @property {Integer} compression Default compression algorithm {@link module:enums.compression} + */ + preferredCompressionAlgorithm: enums.compression.uncompressed, + /** + * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. + * This option is applicable to: + * - key generation (encryption key preferences), + * - password-based message encryption, and + * - private key encryption. + * In the case of message encryption using public keys, the encryption key preferences are respected instead. + * Note: not all OpenPGP implementations are compatible with this option. + * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10} + * @memberof module:config + * @property {Boolean} aeadProtect + */ + aeadProtect: false, + /** + * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`) + * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`, + * this option must be set, otherwise key parsing and/or key decryption will fail. + * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys + * will be processed incorrectly. + */ + parseAEADEncryptedV4KeysAsLegacy: false, + /** + * Default Authenticated Encryption with Additional Data (AEAD) encryption mode + * Only has an effect when aeadProtect is set to true. + * @memberof module:config + * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} + */ + preferredAEADAlgorithm: enums.aead.gcm, + /** + * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode + * Only has an effect when aeadProtect is set to true. + * Must be an integer value from 0 to 56. + * @memberof module:config + * @property {Integer} aeadChunkSizeByte + */ + aeadChunkSizeByte: 12, + /** + * Use v6 keys. + * Note: not all OpenPGP implementations are compatible with this option. + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v6Keys + */ + v6Keys: false, + /** + * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet). + * These are non-standard entities, which in the crypto-refresh have been superseded + * by v6 keys and v6 signatures, respectively. + * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries, + * hence parsing them might be necessary in some cases. + */ + enableParsingV5Entities: false, + /** + * S2K (String to Key) type, used for key derivation in the context of secret key encryption + * and password-encrypted data. Weaker s2k options are not allowed. + * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it + * (pending standardisation). + * @memberof module:config + * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k} + */ + s2kType: enums.s2k.iterated, + /** + * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}: + * Iteration Count Byte for Iterated and Salted S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`. + * Note: this is the exponent value, not the final number of iterations (refer to specs for more details). + * @memberof module:config + * @property {Integer} s2kIterationCountByte + */ + s2kIterationCountByte: 224, + /** + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}: + * Argon2 parameters for S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`. + * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"), + * to ensure compatibility with memory-constrained environments. + * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. + * @memberof module:config + * @property {Object} params + * @property {Integer} params.passes - number of iterations t + * @property {Integer} params.parallelism - degree of parallelism p + * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes. + */ + s2kArgon2Params: { + passes: 3, + parallelism: 4, // lanes + memoryExponent: 16 // 64 MiB of RAM + }, + /** + * Allow decryption of messages without integrity protection. + * This is an **insecure** setting: + * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. + * - it enables downgrade attacks against integrity-protected messages. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedMessages + */ + allowUnauthenticatedMessages: false, + /** + * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to + * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible + * and deferring checking their integrity until the decrypted stream has been read in full. + * + * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity: + * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL + * (see https://efail.de/). + * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data. + * + * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedStream + */ + allowUnauthenticatedStream: false, + /** + * Minimum RSA key size allowed for key generation and message signing, verification and encryption. + * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. + * @memberof module:config + * @property {Number} minRSABits + */ + minRSABits: 2047, + /** + * Work-around for rare GPG decryption bug when encrypting with multiple passwords. + * **Slower and slightly less secure** + * @memberof module:config + * @property {Boolean} passwordCollisionCheck + */ + passwordCollisionCheck: false, + /** + * Allow decryption using RSA keys without `encrypt` flag. + * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug + * where key flags were ignored when selecting a key for encryption. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureDecryptionWithSigningKeys: false, + /** + * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. + * Instead, a verification key will also be consider valid as long as it is valid at the current time. + * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, + * and have self-signature's creation date that does not match the primary key creation date. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureVerificationWithReformattedKeys: false, + /** + * Allow using keys that do not have any key flags set. + * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages + * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29). + * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation. + * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm. + */ + allowMissingKeyFlags: false, + /** + * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). + * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: + * - new/incoming messages are automatically decrypted (without user interaction); + * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). + * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. + * @memberof module:config + * @property {Boolean} constantTimePKCS1Decryption + */ + constantTimePKCS1Decryption: false, + /** + * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. + * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. + * However, the more algorithms are added, the slower the decryption procedure becomes. + * @memberof module:config + * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} + */ + constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), + /** + * @memberof module:config + * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error + */ + ignoreUnsupportedPackets: true, + /** + * @memberof module:config + * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error + */ + ignoreMalformedPackets: false, + /** + * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only + * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable + * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). + * @memberof module:config + * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] + */ + additionalAllowedPackets: [], + /** + * @memberof module:config + * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages + */ + showVersion: false, + /** + * @memberof module:config + * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages + */ + showComment: false, + /** + * @memberof module:config + * @property {String} versionString A version string to be included in armored messages + */ + versionString: 'OpenPGP.js 6.0.0', + /** + * @memberof module:config + * @property {String} commentString A comment string to be included in armored messages + */ + commentString: 'https://openpgpjs.org', + + /** + * Max userID string length (used for parsing) + * @memberof module:config + * @property {Integer} maxUserIDLength + */ + maxUserIDLength: 1024 * 5, + /** + * Contains notatations that are considered "known". Known notations do not trigger + * validation error when the notation is marked as critical. + * @memberof module:config + * @property {Array} knownNotations + */ + knownNotations: [], + /** + * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design). + * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur + * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of + * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. + * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. + */ + nonDeterministicSignaturesViaNotation: true, + /** + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. + * When false, certain standard curves will not be supported (depending on the platform). + * @memberof module:config + * @property {Boolean} useEllipticFallback + */ + useEllipticFallback: true, + /** + * Reject insecure hash algorithms + * @memberof module:config + * @property {Set} rejectHashAlgorithms {@link module:enums.hash} + */ + rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), + /** + * Reject insecure message hash algorithms + * @memberof module:config + * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} + */ + rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), + /** + * Reject insecure public key algorithms for key generation and message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} + */ + rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), + /** + * Reject non-standard curves for key generation, message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectCurves {@link module:enums.curve} + */ + rejectCurves: new Set([enums.curve.secp256k1]) +}; + +/** + * @fileoverview This object contains global configuration values. + * @see module:config/config + * @module config + */ + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const debugMode = (() => { + try { + return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env + } catch (e) {} return false; })(); @@ -2048,6 +1764,8 @@ const util = { return typeof data === 'string' || data instanceof String; }, + nodeRequire: createRequire(import.meta.url), + isArray: function(data) { return data instanceof Array; }, @@ -2056,6 +1774,35 @@ const util = { isStream: isStream, + /** + * Load noble-curves lib on demand and return the requested curve function + * @param {enums.publicKey} publicKeyAlgo + * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA) + * @returns curve implementation + * @throws on unrecognized curve, or curve not implemented by noble-curve + */ + getNobleCurve: async (publicKeyAlgo, curveName) => { + if (!config.useEllipticFallback) { + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } + + const { nobleCurves } = await Promise.resolve().then(function () { return noble_curves; }); + switch (publicKeyAlgo) { + case enums.publicKey.ecdh: + case enums.publicKey.ecdsa: { + const curve = nobleCurves.get(curveName); + if (!curve) throw new Error('Unsupported curve'); + return curve; + } + case enums.publicKey.x448: + return nobleCurves.get('x448'); + case enums.publicKey.ed448: + return nobleCurves.get('ed448'); + default: + throw new Error('Unsupported curve'); + } + }, + readNumber: function (bytes) { let n = 0; for (let i = 0; i < bytes.length; i++) { @@ -2097,7 +1844,26 @@ const util = { readMPI: function (bytes) { const bits = (bytes[0] << 8) | bytes[1]; const bytelen = (bits + 7) >>> 3; - return bytes.subarray(2, 2 + bytelen); + // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures, + // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed + // has not been authenticated (yet). + // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues. + // Also, AEAD is also not affected. + return util.readExactSubarray(bytes, 2, 2 + bytelen); + }, + + /** + * Read exactly `end - start` bytes from input. + * This is a stricter version of `.subarray`. + * @param {Uint8Array} input - Input data to parse + * @returns {Uint8Array} subarray of size always equal to `end - start` + * @throws if the input array is too short. + */ + readExactSubarray: function (input, start, end) { + if (input.length < (end - start)) { + throw new Error('Input array too short'); + } + return input.subarray(start, end); }, /** @@ -2107,6 +1873,9 @@ const util = { * @returns {Uint8Array} Padded bytes. */ leftPad(bytes, length) { + if (bytes.length > length) { + throw new Error('Input array too long'); + } const padded = new Uint8Array(length); const offset = length - bytes.length; padded.set(bytes, offset); @@ -2162,18 +1931,10 @@ const util = { * @returns {String} Hexadecimal representation of the array. */ uint8ArrayToHex: function (bytes) { - const r = []; - const e = bytes.length; - let c = 0; - let h; - while (c < e) { - h = bytes[c++].toString(16); - while (h.length < 2) { - h = '0' + h; - } - r.push('' + h); - } - return r.join(''); + const hexAlphabet = '0123456789abcdef'; + let s = ''; + bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; }); + return s; }, /** @@ -2384,32 +2145,30 @@ const util = { }, /** - * Get native Web Cryptography api, only the current version of the spec. - * @returns {Object} The SubtleCrypto api or 'undefined'. + * Get native Web Cryptography API. + * @returns {Object} The SubtleCrypto API + * @throws if the API is not available */ getWebCrypto: function() { - return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + // Fallback for Node 16, which does not expose WebCrypto as a global + const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle; + if (!webCrypto) { + throw new Error('The WebCrypto API is not available'); + } + return webCrypto; }, - /** - * Get BigInteger class - * It wraps the native BigInt type if it's available - * Otherwise it relies on bn.js - * @returns {BigInteger} - * @async - */ - getBigInteger, - /** * Get native Node.js crypto api. * @returns {Object} The crypto module or 'undefined'. */ getNodeCrypto: function() { - return crypto$3; + return this.nodeRequire('crypto'); }, getNodeZlib: function() { - return zlib; + return this.nodeRequire('zlib'); }, /** @@ -2418,7 +2177,7 @@ const util = { * @returns {Function} The Buffer constructor or 'undefined'. */ getNodeBuffer: function() { - return (buffer || {}).Buffer; + return (this.nodeRequire('buffer') || {}).Buffer; }, getHardwareConcurrency: function() { @@ -2426,15 +2185,24 @@ const util = { return navigator.hardwareConcurrency || 1; } - const os$1 = os; // Assume we're on Node.js. - return os$1.cpus().length; + const os = this.nodeRequire('os'); // Assume we're on Node.js. + return os.cpus().length; }, + /** + * Test email format to ensure basic compliance: + * - must include a single @ + * - no control or space unicode chars allowed + * - no backslash and square brackets (as the latter can mess with the userID parsing) + * - cannot end with a punctuation char + * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation, + * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)). + */ isEmailAddress: function(data) { if (!util.isString(data)) { return false; } - const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/; + const re = /^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u; return re.test(data); }, @@ -2637,14 +2405,15 @@ const util = { * provided with the application or distribution. */ -const Buffer = util.getNodeBuffer(); + +const Buffer$3 = util.getNodeBuffer(); let encodeChunk; let decodeChunk; -if (Buffer) { - encodeChunk = buf => Buffer.from(buf).toString('base64'); +if (Buffer$3) { + encodeChunk = buf => Buffer$3.from(buf).toString('base64'); decodeChunk = str => { - const b = Buffer.from(str, 'base64'); + const b = Buffer$3.from(str, 'base64'); return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); }; } else { @@ -2658,7 +2427,7 @@ if (Buffer) { * @returns {String | ReadableStream} Radix-64 version of input string. * @static */ -function encode(data) { +function encode$1(data) { let buf = new Uint8Array(); return transform(data, value => { buf = util.concatUint8Array([buf, value]); @@ -2682,7 +2451,7 @@ function encode(data) { * @returns {Uint8Array | ReadableStream} Binary array version of input string. * @static */ -function decode(data) { +function decode$2(data) { let buf = ''; return transform(data, value => { buf += value; @@ -2718,7 +2487,7 @@ function decode(data) { * @returns {Uint8Array} An array of 8-bit integers. */ function b64ToUint8Array(base64) { - return decode(base64.replace(/-/g, '+').replace(/_/g, '/')); + return decode$2(base64.replace(/-/g, '+').replace(/_/g, '/')); } /** @@ -2728,254 +2497,30 @@ function b64ToUint8Array(base64) { * @returns {String} Base-64 encoded string. */ function uint8ArrayToB64(bytes, url) { - let encoded = encode(bytes).replace(/[\r\n]/g, ''); - if (url) { + let encoded = encode$1(bytes).replace(/[\r\n]/g, ''); + { encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); } return encoded; } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -var config = { - /** - * @memberof module:config - * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} - */ - preferredHashAlgorithm: enums.hash.sha256, - /** - * @memberof module:config - * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} - */ - preferredSymmetricAlgorithm: enums.symmetric.aes256, - /** - * @memberof module:config - * @property {Integer} compression Default compression algorithm {@link module:enums.compression} - */ - preferredCompressionAlgorithm: enums.compression.uncompressed, - /** - * @memberof module:config - * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9 - */ - deflateLevel: 6, - - /** - * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07} - * @memberof module:config - * @property {Boolean} aeadProtect - */ - aeadProtect: false, - /** - * Default Authenticated Encryption with Additional Data (AEAD) encryption mode - * Only has an effect when aeadProtect is set to true. - * @memberof module:config - * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} - */ - preferredAEADAlgorithm: enums.aead.eax, - /** - * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode - * Only has an effect when aeadProtect is set to true. - * Must be an integer value from 0 to 56. - * @memberof module:config - * @property {Integer} aeadChunkSizeByte - */ - aeadChunkSizeByte: 12, - /** - * Use V5 keys. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @memberof module:config - * @property {Boolean} v5Keys - */ - v5Keys: false, - /** - * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: - * Iteration Count Byte for S2K (String to Key) - * @memberof module:config - * @property {Integer} s2kIterationCountByte - */ - s2kIterationCountByte: 224, - /** - * Allow decryption of messages without integrity protection. - * This is an **insecure** setting: - * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. - * - it enables downgrade attacks against integrity-protected messages. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedMessages - */ - allowUnauthenticatedMessages: false, - /** - * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to - * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible - * and deferring checking their integrity until the decrypted stream has been read in full. - * - * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedStream - */ - allowUnauthenticatedStream: false, - /** - * @memberof module:config - * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum - */ - checksumRequired: false, - /** - * Minimum RSA key size allowed for key generation and message signing, verification and encryption. - * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. - * @memberof module:config - * @property {Number} minRSABits - */ - minRSABits: 2047, - /** - * Work-around for rare GPG decryption bug when encrypting with multiple passwords. - * **Slower and slightly less secure** - * @memberof module:config - * @property {Boolean} passwordCollisionCheck - */ - passwordCollisionCheck: false, - /** - * @memberof module:config - * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored - */ - revocationsExpire: false, - /** - * Allow decryption using RSA keys without `encrypt` flag. - * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug - * where key flags were ignored when selecting a key for encryption. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureDecryptionWithSigningKeys: false, - /** - * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. - * Instead, a verification key will also be consider valid as long as it is valid at the current time. - * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, - * and have self-signature's creation date that does not match the primary key creation date. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureVerificationWithReformattedKeys: false, - - /** - * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). - * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: - * - new/incoming messages are automatically decrypted (without user interaction); - * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). - * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. - * @memberof module:config - * @property {Boolean} constantTimePKCS1Decryption - */ - constantTimePKCS1Decryption: false, - /** - * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. - * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. - * However, the more algorithms are added, the slower the decryption procedure becomes. - * @memberof module:config - * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} - */ - constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), - - /** - * @memberof module:config - * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available - */ - minBytesForWebCrypto: 1000, - /** - * @memberof module:config - * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error - */ - ignoreUnsupportedPackets: true, - /** - * @memberof module:config - * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error - */ - ignoreMalformedPackets: false, - /** - * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only - * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable - * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). - * @memberof module:config - * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] - */ - additionalAllowedPackets: [], - /** - * @memberof module:config - * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages - */ - showVersion: false, - /** - * @memberof module:config - * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages - */ - showComment: false, - /** - * @memberof module:config - * @property {String} versionString A version string to be included in armored messages - */ - versionString: 'OpenPGP.js 5.11.2', - /** - * @memberof module:config - * @property {String} commentString A comment string to be included in armored messages - */ - commentString: 'https://openpgpjs.org', - - /** - * Max userID string length (used for parsing) - * @memberof module:config - * @property {Integer} maxUserIDLength - */ - maxUserIDLength: 1024 * 5, - /** - * Contains notatations that are considered "known". Known notations do not trigger - * validation error when the notation is marked as critical. - * @memberof module:config - * @property {Array} knownNotations - */ - knownNotations: [], - /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. - * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. - * @memberof module:config - * @property {Boolean} useIndutnyElliptic - */ - useIndutnyElliptic: true, - /** - * Reject insecure hash algorithms - * @memberof module:config - * @property {Set} rejectHashAlgorithms {@link module:enums.hash} - */ - rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), - /** - * Reject insecure message hash algorithms - * @memberof module:config - * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} - */ - rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), - /** - * Reject insecure public key algorithms for key generation and message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} - */ - rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), - /** - * Reject non-standard curves for key generation, message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectCurves {@link module:enums.curve} - */ - rejectCurves: new Set([enums.curve.secp256k1]) -}; - -/** - * @fileoverview This object contains global configuration values. - * @see module:config/config - * @module config - */ - -// GPG4Browsers - An OpenPGP implementation in javascript /** * Finds out which Ascii Armoring type is used. Throws error if unknown type. @@ -3003,33 +2548,33 @@ function getType(text) { // parts, and this is the Xth part out of Y. if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { return enums.armor.multipartSection; - } else + } // BEGIN PGP MESSAGE, PART X // Used for multi-part messages, where this is the Xth part of an // unspecified number of parts. Requires the MESSAGE-ID Armor // Header to be used. if (/MESSAGE, PART \d+/.test(header[1])) { return enums.armor.multipartLast; - } else + } // BEGIN PGP SIGNED MESSAGE if (/SIGNED MESSAGE/.test(header[1])) { return enums.armor.signed; - } else + } // BEGIN PGP MESSAGE // Used for signed, encrypted, or compressed files. if (/MESSAGE/.test(header[1])) { return enums.armor.message; - } else + } // BEGIN PGP PUBLIC KEY BLOCK // Used for armoring public keys. if (/PUBLIC KEY BLOCK/.test(header[1])) { return enums.armor.publicKey; - } else + } // BEGIN PGP PRIVATE KEY BLOCK // Used for armoring private keys. if (/PRIVATE KEY BLOCK/.test(header[1])) { return enums.armor.privateKey; - } else + } // BEGIN PGP SIGNATURE // Used for detached signatures, OpenPGP/MIME signatures, and // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE @@ -3063,7 +2608,6 @@ function addheader(customComment, config) { return result; } - /** * Calculates a checksum over the given data and returns it base64 encoded * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for @@ -3072,7 +2616,7 @@ function addheader(customComment, config) { */ function getCheckSum(data) { const crc = createcrc24(data); - return encode(crc); + return encode$1(crc); } // https://create.stephan-brumme.com/crc32/#slicing-by-8-overview @@ -3105,7 +2649,7 @@ for (let i = 0; i <= 0xFF; i++) { } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness -const isLittleEndian = (function() { +const isLittleEndian$1 = (function() { const buffer = new ArrayBuffer(2); new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */); // Int16Array uses the platform's endianness. @@ -3121,7 +2665,7 @@ const isLittleEndian = (function() { function createcrc24(input) { let crc = 0xCE04B7; return transform(input, value => { - const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0; + const len32 = isLittleEndian$1 ? Math.floor(value.length / 4) : 0; const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32); for (let i = 0; i < len32; i++) { crc ^= arr32[i]; @@ -3145,7 +2689,7 @@ function createcrc24(input) { * @private * @param {Array} headers - Armor headers */ -function verifyHeaders(headers) { +function verifyHeaders$1(headers) { for (let i = 0; i < headers.length; i++) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); @@ -3157,24 +2701,21 @@ function verifyHeaders(headers) { } /** - * Splits a message into two parts, the body and the checksum. This is an internal function - * @param {String} text - OpenPGP armored message part - * @returns {Object} An object with attribute "body" containing the body. - * and an attribute "checksum" containing the checksum. + * Remove the (optional) checksum from an armored message. + * @param {String} text - OpenPGP armored message + * @returns {String} The body of the armored message. * @private */ -function splitChecksum(text) { +function removeChecksum(text) { let body = text; - let checksum = ''; const lastEquals = text.lastIndexOf('='); if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum body = text.slice(0, lastEquals); - checksum = text.slice(lastEquals + 1).substr(0, 4); } - return { body: body, checksum: checksum }; + return body; } /** @@ -3186,7 +2727,7 @@ function splitChecksum(text) { * @async * @static */ -function unarmor(input, config$1 = config) { +function unarmor(input) { // eslint-disable-next-line no-async-promise-executor return new Promise(async (resolve, reject) => { try { @@ -3199,8 +2740,7 @@ function unarmor(input, config$1 = config) { let headersDone; let text = []; let textDone; - let checksum; - let data = decode(transformPair(input, async (readable, writable) => { + const data = decode$2(transformPair(input, async (readable, writable) => { const reader = getReader(readable); try { while (true) { @@ -3221,21 +2761,21 @@ function unarmor(input, config$1 = config) { if (!reEmptyLine.test(line)) { lastHeaders.push(line); } else { - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); headersDone = true; - if (textDone || type !== 2) { + if (textDone || type !== enums.armor.signed) { resolve({ text, data, headers, type }); break; } } - } else if (!textDone && type === 2) { + } else if (!textDone && type === enums.armor.signed) { if (!reSplit.test(line)) { // Reverse dash-escaping for msg text.push(line.replace(/^- /, '')); } else { text = text.join('\r\n'); textDone = true; - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); lastHeaders = []; headersDone = false; } @@ -3265,9 +2805,8 @@ function unarmor(input, config$1 = config) { if (parts.length === 1) { throw new Error('Misformed armored text'); } - const split = splitChecksum(parts[0].slice(0, -1)); - checksum = split.checksum; - await writer.write(split.body); + const body = removeChecksum(parts[0].slice(0, -1)); + await writer.write(body); break; } } @@ -3277,24 +2816,6 @@ function unarmor(input, config$1 = config) { await writer.abort(e); } })); - data = transformPair(data, async (readable, writable) => { - const checksumVerified = readToEnd(getCheckSum(passiveClone(readable))); - checksumVerified.catch(() => {}); - await pipe(readable, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - const checksumVerifiedString = (await checksumVerified).replace('\n', ''); - if (checksum !== checksumVerifiedString && (checksum || config$1.checksumRequired)) { - throw new Error('Ascii armor integrity check failed'); - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); } catch (e) { reject(e); } @@ -3314,10 +2835,13 @@ function unarmor(input, config$1 = config) { * @param {Integer} [partIndex] * @param {Integer} [partTotal] * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {String | ReadableStream} Armored text. * @static */ -function armor(messageType, body, partIndex, partTotal, customComment, config$1 = config) { +function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config$1 = config) { let text; let hash; if (messageType === enums.armor.signed) { @@ -3325,59 +2849,62 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 hash = body.hash; body = body.data; } - const bodyClone = passiveClone(body); + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && passiveClone(body); + const result = []; switch (messageType) { case enums.armor.multipartSection: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); break; case enums.armor.multipartLast: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); break; case enums.armor.signed: result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); - result.push('Hash: ' + hash + '\n\n'); + result.push(hash ? `Hash: ${hash}\n\n` : '\n'); result.push(text.replace(/^-/mg, '- -')); result.push('\n-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; case enums.armor.message: result.push('-----BEGIN PGP MESSAGE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE-----\n'); break; case enums.armor.publicKey: result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); break; case enums.armor.privateKey: result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); break; case enums.armor.signature: result.push('-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; } @@ -3385,40695 +2912,25668 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 return util.concat(result); } -// GPG4Browsers - An OpenPGP implementation in javascript +async function getLegacyCipher(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + throw new Error('Not a legacy cipher'); + case enums.symmetric.cast5: + case enums.symmetric.blowfish: + case enums.symmetric.twofish: + case enums.symmetric.tripledes: { + const { legacyCiphers } = await Promise.resolve().then(function () { return legacy_ciphers; }); + const cipher = legacyCiphers.get(algo); + if (!cipher) { + throw new Error('Unsupported cipher algorithm'); + } + return cipher; + } + default: + throw new Error('Unsupported cipher algorithm'); + } +} /** - * Implementation of type key id - * - * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: - * A Key ID is an eight-octet scalar that identifies a key. - * Implementations SHOULD NOT assume that Key IDs are unique. The - * section "Enhanced Key Formats" below describes how Key IDs are - * formed. + * Get block size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -class KeyID { - constructor() { - this.bytes = ''; - } - - /** - * Parsing method for a key id - * @param {Uint8Array} bytes - Input to read the key id from - */ - read(bytes) { - this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); - return this.bytes.length; - } - - /** - * Serializes the Key ID - * @returns {Uint8Array} Key ID as a Uint8Array. - */ - write() { - return util.stringToUint8Array(this.bytes); - } - - /** - * Returns the Key ID represented as a hexadecimal string - * @returns {String} Key ID as a hexadecimal string. - */ - toHex() { - return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); - } - - /** - * Checks equality of Key ID's - * @param {KeyID} keyID - * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard - */ - equals(keyID, matchWildcard = false) { - return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; - } - - /** - * Checks to see if the Key ID is unset - * @returns {Boolean} True if the Key ID is null. - */ - isNull() { - return this.bytes === ''; - } - - /** - * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) - * @returns {Boolean} True if this is a wildcard Key ID. - */ - isWildcard() { - return /^0+$/.test(this.toHex()); - } - - static mapToHex(keyID) { - return keyID.toHex(); - } - - static fromID(hex) { - const keyID = new KeyID(); - keyID.read(util.hexToUint8Array(hex)); - return keyID; +function getCipherBlockSize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 16; + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + case enums.symmetric.tripledes: + return 8; + default: + throw new Error('Unsupported cipher'); } +} - static wildcard() { - const keyID = new KeyID(); - keyID.read(new Uint8Array(8)); - return keyID; +/** + * Get key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherKeySize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + return 16; + case enums.symmetric.aes192: + case enums.symmetric.tripledes: + return 24; + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 32; + default: + throw new Error('Unsupported cipher'); } } /** - * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}. - * @author Artem S Vybornov - * @license MIT + * Get block and key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -var AES_asm = function () { - - /** - * Galois Field stuff init flag - */ - var ginit_done = false; +function getCipherParams(algo) { + return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) }; +} - /** - * Galois Field exponentiation and logarithm tables for 3 (the generator) - */ - var gexp3, glog3; +var cipher = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCipherParams: getCipherParams, + getLegacyCipher: getLegacyCipher +}); - /** - * Init Galois Field tables - */ - function ginit() { - gexp3 = [], - glog3 = []; +/** + * A fast MD5 JavaScript implementation + * Copyright (c) 2012 Joseph Myers + * http://www.myersdaily.org/joseph/javascript/md5-text.html + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purposes and without + * fee is hereby granted provided that this copyright notice + * appears in all copies. + * + * Of course, this soft is provided "as is" without express or implied + * warranty of any kind. + */ - var a = 1, c, d; - for (c = 0; c < 255; c++) { - gexp3[c] = a; - // Multiply by three - d = a & 0x80, a <<= 1, a &= 255; - if (d === 0x80) a ^= 0x1b; - a ^= gexp3[c]; +// MD5 Digest +async function md5(entree) { + const digest = md51(util.uint8ArrayToString(entree)); + return util.hexToUint8Array(hex(digest)); +} - // Set the log table value - glog3[gexp3[c]] = c; - } - gexp3[255] = gexp3[0]; - glog3[0] = 0; +function md5cycle(x, k) { + let a = x[0]; + let b = x[1]; + let c = x[2]; + let d = x[3]; - ginit_done = true; - } + a = ff(a, b, c, d, k[0], 7, -680876936); + d = ff(d, a, b, c, k[1], 12, -389564586); + c = ff(c, d, a, b, k[2], 17, 606105819); + b = ff(b, c, d, a, k[3], 22, -1044525330); + a = ff(a, b, c, d, k[4], 7, -176418897); + d = ff(d, a, b, c, k[5], 12, 1200080426); + c = ff(c, d, a, b, k[6], 17, -1473231341); + b = ff(b, c, d, a, k[7], 22, -45705983); + a = ff(a, b, c, d, k[8], 7, 1770035416); + d = ff(d, a, b, c, k[9], 12, -1958414417); + c = ff(c, d, a, b, k[10], 17, -42063); + b = ff(b, c, d, a, k[11], 22, -1990404162); + a = ff(a, b, c, d, k[12], 7, 1804603682); + d = ff(d, a, b, c, k[13], 12, -40341101); + c = ff(c, d, a, b, k[14], 17, -1502002290); + b = ff(b, c, d, a, k[15], 22, 1236535329); - /** - * Galois Field multiplication - * @param {number} a - * @param {number} b - * @return {number} - */ - function gmul(a, b) { - var c = gexp3[(glog3[a] + glog3[b]) % 255]; - if (a === 0 || b === 0) c = 0; - return c; - } + a = gg(a, b, c, d, k[1], 5, -165796510); + d = gg(d, a, b, c, k[6], 9, -1069501632); + c = gg(c, d, a, b, k[11], 14, 643717713); + b = gg(b, c, d, a, k[0], 20, -373897302); + a = gg(a, b, c, d, k[5], 5, -701558691); + d = gg(d, a, b, c, k[10], 9, 38016083); + c = gg(c, d, a, b, k[15], 14, -660478335); + b = gg(b, c, d, a, k[4], 20, -405537848); + a = gg(a, b, c, d, k[9], 5, 568446438); + d = gg(d, a, b, c, k[14], 9, -1019803690); + c = gg(c, d, a, b, k[3], 14, -187363961); + b = gg(b, c, d, a, k[8], 20, 1163531501); + a = gg(a, b, c, d, k[13], 5, -1444681467); + d = gg(d, a, b, c, k[2], 9, -51403784); + c = gg(c, d, a, b, k[7], 14, 1735328473); + b = gg(b, c, d, a, k[12], 20, -1926607734); - /** - * Galois Field reciprocal - * @param {number} a - * @return {number} - */ - function ginv(a) { - var i = gexp3[255 - glog3[a]]; - if (a === 0) i = 0; - return i; - } + a = hh(a, b, c, d, k[5], 4, -378558); + d = hh(d, a, b, c, k[8], 11, -2022574463); + c = hh(c, d, a, b, k[11], 16, 1839030562); + b = hh(b, c, d, a, k[14], 23, -35309556); + a = hh(a, b, c, d, k[1], 4, -1530992060); + d = hh(d, a, b, c, k[4], 11, 1272893353); + c = hh(c, d, a, b, k[7], 16, -155497632); + b = hh(b, c, d, a, k[10], 23, -1094730640); + a = hh(a, b, c, d, k[13], 4, 681279174); + d = hh(d, a, b, c, k[0], 11, -358537222); + c = hh(c, d, a, b, k[3], 16, -722521979); + b = hh(b, c, d, a, k[6], 23, 76029189); + a = hh(a, b, c, d, k[9], 4, -640364487); + d = hh(d, a, b, c, k[12], 11, -421815835); + c = hh(c, d, a, b, k[15], 16, 530742520); + b = hh(b, c, d, a, k[2], 23, -995338651); - /** - * AES stuff init flag - */ - var aes_init_done = false; + a = ii(a, b, c, d, k[0], 6, -198630844); + d = ii(d, a, b, c, k[7], 10, 1126891415); + c = ii(c, d, a, b, k[14], 15, -1416354905); + b = ii(b, c, d, a, k[5], 21, -57434055); + a = ii(a, b, c, d, k[12], 6, 1700485571); + d = ii(d, a, b, c, k[3], 10, -1894986606); + c = ii(c, d, a, b, k[10], 15, -1051523); + b = ii(b, c, d, a, k[1], 21, -2054922799); + a = ii(a, b, c, d, k[8], 6, 1873313359); + d = ii(d, a, b, c, k[15], 10, -30611744); + c = ii(c, d, a, b, k[6], 15, -1560198380); + b = ii(b, c, d, a, k[13], 21, 1309151649); + a = ii(a, b, c, d, k[4], 6, -145523070); + d = ii(d, a, b, c, k[11], 10, -1120210379); + c = ii(c, d, a, b, k[2], 15, 718787259); + b = ii(b, c, d, a, k[9], 21, -343485551); - /** - * Encryption, Decryption, S-Box and KeyTransform tables - * - * @type {number[]} - */ - var aes_sbox; + x[0] = add32(a, x[0]); + x[1] = add32(b, x[1]); + x[2] = add32(c, x[2]); + x[3] = add32(d, x[3]); +} - /** - * @type {number[]} - */ - var aes_sinv; +function cmn(q, a, b, x, s, t) { + a = add32(add32(a, q), add32(x, t)); + return add32((a << s) | (a >>> (32 - s)), b); +} - /** - * @type {number[][]} - */ - var aes_enc; +function ff(a, b, c, d, x, s, t) { + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} - /** - * @type {number[][]} - */ - var aes_dec; +function gg(a, b, c, d, x, s, t) { + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} - /** - * Init AES tables - */ - function aes_init() { - if (!ginit_done) ginit(); +function hh(a, b, c, d, x, s, t) { + return cmn(b ^ c ^ d, a, b, x, s, t); +} - // Calculates AES S-Box value - function _s(a) { - var c, s, x; - s = x = ginv(a); - for (c = 0; c < 4; c++) { - s = ((s << 1) | (s >>> 7)) & 255; - x ^= s; - } - x ^= 99; - return x; - } - - // Tables - aes_sbox = [], - aes_sinv = [], - aes_enc = [[], [], [], []], - aes_dec = [[], [], [], []]; - - for (var i = 0; i < 256; i++) { - var s = _s(i); - - // S-Box and its inverse - aes_sbox[i] = s; - aes_sinv[s] = i; - - // Ecryption and Decryption tables - aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s); - aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i); - // Rotate tables - for (var t = 1; t < 4; t++) { - aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24); - aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24); - } - } +function ii(a, b, c, d, x, s, t) { + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} - aes_init_done = true; +function md51(s) { + const n = s.length; + const state = [1732584193, -271733879, -1732584194, 271733878]; + let i; + for (i = 64; i <= s.length; i += 64) { + md5cycle(state, md5blk(s.substring(i - 64, i))); } - - /** - * Asm.js module constructor. - * - *

- * Heap buffer layout by offset: - * 

-   * 0x0000   encryption key schedule
-   * 0x0400   decryption key schedule
-   * 0x0800   sbox
-   * 0x0c00   inv sbox
-   * 0x1000   encryption tables
-   * 0x2000   decryption tables
-   * 0x3000   reserved (future GCM multiplication lookup table)
-   * 0x4000   data
-   *
- * Don't touch anything before 0x400. - *

- * - * @alias AES_asm - * @class - * @param foreign - ignored - * @param buffer - heap buffer to link with - */ - var wrapper = function (foreign, buffer) { - // Init AES stuff for the first time - if (!aes_init_done) aes_init(); - - // Fill up AES tables - var heap = new Uint32Array(buffer); - heap.set(aes_sbox, 0x0800 >> 2); - heap.set(aes_sinv, 0x0c00 >> 2); - for (var i = 0; i < 4; i++) { - heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2); - heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2); + s = s.substring(i - 64); + const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for (i = 0; i < s.length; i++) { + tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + } + tail[i >> 2] |= 0x80 << ((i % 4) << 3); + if (i > 55) { + md5cycle(state, tail); + for (i = 0; i < 16; i++) { + tail[i] = 0; } + } + tail[14] = n * 8; + md5cycle(state, tail); + return state; +} - /** - * Calculate AES key schedules. - * @instance - * @memberof AES_asm - * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly) - * @param {number} k0 - key vector components - * @param {number} k1 - key vector components - * @param {number} k2 - key vector components - * @param {number} k3 - key vector components - * @param {number} k4 - key vector components - * @param {number} k5 - key vector components - * @param {number} k6 - key vector components - * @param {number} k7 - key vector components - */ - function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) { - var ekeys = heap.subarray(0x000, 60), - dkeys = heap.subarray(0x100, 0x100 + 60); - - // Encryption key schedule - ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]); - for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) { - var k = ekeys[i - 1]; - if ((i % ks === 0) || (ks === 8 && i % ks === 4)) { - k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255]; - } - if (i % ks === 0) { - k = (k << 8) ^ (k >>> 24) ^ (rcon << 24); - rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0); - } - ekeys[i] = ekeys[i - ks] ^ k; - } - - // Decryption key schedule - for (var j = 0; j < i; j += 4) { - for (var jj = 0; jj < 4; jj++) { - var k = ekeys[i - (4 + j) + (4 - jj) % 4]; - if (j < 4 || j >= i - 4) { - dkeys[j + jj] = k; - } else { - dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]] - ^ aes_dec[1][aes_sbox[k >>> 16 & 255]] - ^ aes_dec[2][aes_sbox[k >>> 8 & 255]] - ^ aes_dec[3][aes_sbox[k & 255]]; - } - } - } - - // Set rounds number - asm.set_rounds(ks + 5); - } - - // create library object with necessary properties - var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array}; - - var asm = function (stdlib, foreign, buffer) { - "use asm"; - - var S0 = 0, S1 = 0, S2 = 0, S3 = 0, - I0 = 0, I1 = 0, I2 = 0, I3 = 0, - N0 = 0, N1 = 0, N2 = 0, N3 = 0, - M0 = 0, M1 = 0, M2 = 0, M3 = 0, - H0 = 0, H1 = 0, H2 = 0, H3 = 0, - R = 0; - - var HEAP = new stdlib.Uint32Array(buffer), - DATA = new stdlib.Uint8Array(buffer); - - /** - * AES core - * @param {number} k - precomputed key schedule offset - * @param {number} s - precomputed sbox table offset - * @param {number} t - precomputed round table offset - * @param {number} r - number of inner rounds to perform - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _core(k, s, t, r, x0, x1, x2, x3) { - k = k | 0; - s = s | 0; - t = t | 0; - r = r | 0; - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t1 = 0, t2 = 0, t3 = 0, - y0 = 0, y1 = 0, y2 = 0, y3 = 0, - i = 0; - - t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00; - - // round 0 - x0 = x0 ^ HEAP[(k | 0) >> 2], - x1 = x1 ^ HEAP[(k | 4) >> 2], - x2 = x2 ^ HEAP[(k | 8) >> 2], - x3 = x3 ^ HEAP[(k | 12) >> 2]; - - // round 1..r - for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) { - y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - x0 = y0, x1 = y1, x2 = y2, x3 = y3; - } - - // final round - S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - } - - /** - * ECB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - x0, - x1, - x2, - x3 - ); - } - - /** - * ECB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - } - - - /** - * CBC mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0 ^ x0, - I1 ^ x1, - I2 ^ x2, - I3 ^ x3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - } - - /** - * CBC mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - - S0 = S0 ^ I0, - S1 = S1 ^ I1, - S2 = S2 ^ I2, - S3 = S3 ^ I3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * CFB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0 = S0 ^ x0, - I1 = S1 = S1 ^ x1, - I2 = S2 = S2 ^ x2, - I3 = S3 = S3 ^ x3; - } - - - /** - * CFB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * OFB mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ofb(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - } - - /** - * CTR mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ctr(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - N0, - N1, - N2, - N3 - ); - - N3 = (~M3 & N3) | M3 & (N3 + 1); - N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0)); - N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0)); - N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0)); - - S0 = S0 ^ x0; - S1 = S1 ^ x1; - S2 = S2 ^ x2; - S3 = S3 ^ x3; - } - - /** - * GCM mode MAC calculation - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _gcm_mac(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var y0 = 0, y1 = 0, y2 = 0, y3 = 0, - z0 = 0, z1 = 0, z2 = 0, z3 = 0, - i = 0, c = 0; - - x0 = x0 ^ I0, - x1 = x1 ^ I1, - x2 = x2 ^ I2, - x3 = x3 ^ I3; - - y0 = H0 | 0, - y1 = H1 | 0, - y2 = H2 | 0, - y3 = H3 | 0; - - for (; (i | 0) < 128; i = (i + 1) | 0) { - if (y0 >>> 31) { - z0 = z0 ^ x0, - z1 = z1 ^ x1, - z2 = z2 ^ x2, - z3 = z3 ^ x3; - } - - y0 = (y0 << 1) | (y1 >>> 31), - y1 = (y1 << 1) | (y2 >>> 31), - y2 = (y2 << 1) | (y3 >>> 31), - y3 = (y3 << 1); - - c = x3 & 1; - - x3 = (x3 >>> 1) | (x2 << 31), - x2 = (x2 >>> 1) | (x1 << 31), - x1 = (x1 >>> 1) | (x0 << 31), - x0 = (x0 >>> 1); - - if (c) x0 = x0 ^ 0xe1000000; - } - - I0 = z0, - I1 = z1, - I2 = z2, - I3 = z3; - } - - /** - * Set the internal rounds number. - * @instance - * @memberof AES_asm - * @param {number} r - number if inner AES rounds - */ - function set_rounds(r) { - r = r | 0; - R = r; - } - - /** - * Populate the internal state of the module. - * @instance - * @memberof AES_asm - * @param {number} s0 - state vector - * @param {number} s1 - state vector - * @param {number} s2 - state vector - * @param {number} s3 - state vector - */ - function set_state(s0, s1, s2, s3) { - s0 = s0 | 0; - s1 = s1 | 0; - s2 = s2 | 0; - s3 = s3 | 0; - - S0 = s0, - S1 = s1, - S2 = s2, - S3 = s3; - } - - /** - * Populate the internal iv of the module. - * @instance - * @memberof AES_asm - * @param {number} i0 - iv vector - * @param {number} i1 - iv vector - * @param {number} i2 - iv vector - * @param {number} i3 - iv vector - */ - function set_iv(i0, i1, i2, i3) { - i0 = i0 | 0; - i1 = i1 | 0; - i2 = i2 | 0; - i3 = i3 | 0; - - I0 = i0, - I1 = i1, - I2 = i2, - I3 = i3; - } - - /** - * Set nonce for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} n0 - nonce vector - * @param {number} n1 - nonce vector - * @param {number} n2 - nonce vector - * @param {number} n3 - nonce vector - */ - function set_nonce(n0, n1, n2, n3) { - n0 = n0 | 0; - n1 = n1 | 0; - n2 = n2 | 0; - n3 = n3 | 0; - - N0 = n0, - N1 = n1, - N2 = n2, - N3 = n3; - } - - /** - * Set counter mask for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} m0 - counter mask vector - * @param {number} m1 - counter mask vector - * @param {number} m2 - counter mask vector - * @param {number} m3 - counter mask vector - */ - function set_mask(m0, m1, m2, m3) { - m0 = m0 | 0; - m1 = m1 | 0; - m2 = m2 | 0; - m3 = m3 | 0; - - M0 = m0, - M1 = m1, - M2 = m2, - M3 = m3; - } - - /** - * Set counter for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} c0 - counter vector - * @param {number} c1 - counter vector - * @param {number} c2 - counter vector - * @param {number} c3 - counter vector - */ - function set_counter(c0, c1, c2, c3) { - c0 = c0 | 0; - c1 = c1 | 0; - c2 = c2 | 0; - c3 = c3 | 0; - - N3 = (~M3 & N3) | M3 & c3, - N2 = (~M2 & N2) | M2 & c2, - N1 = (~M1 & N1) | M1 & c1, - N0 = (~M0 & N0) | M0 & c0; - } - - /** - * Store the internal state vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_state(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - return 16; - } - - /** - * Store the internal iv vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_iv(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = I0 >>> 24, - DATA[pos | 1] = I0 >>> 16 & 255, - DATA[pos | 2] = I0 >>> 8 & 255, - DATA[pos | 3] = I0 & 255, - DATA[pos | 4] = I1 >>> 24, - DATA[pos | 5] = I1 >>> 16 & 255, - DATA[pos | 6] = I1 >>> 8 & 255, - DATA[pos | 7] = I1 & 255, - DATA[pos | 8] = I2 >>> 24, - DATA[pos | 9] = I2 >>> 16 & 255, - DATA[pos | 10] = I2 >>> 8 & 255, - DATA[pos | 11] = I2 & 255, - DATA[pos | 12] = I3 >>> 24, - DATA[pos | 13] = I3 >>> 16 & 255, - DATA[pos | 14] = I3 >>> 8 & 255, - DATA[pos | 15] = I3 & 255; - - return 16; - } - - /** - * GCM initialization. - * @instance - * @memberof AES_asm - */ - function gcm_init() { - _ecb_enc(0, 0, 0, 0); - H0 = S0, - H1 = S1, - H2 = S2, - H3 = S3; - } - - /** - * Perform ciphering operation on the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function cipher(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; - - var ret = 0; +/* there needs to be support for Unicode here, + * unless we pretend that we can redefine the MD-5 + * algorithm for multi-byte characters (perhaps + * by adding every four 16-bit characters and + * shortening the sum to 32 bits). Otherwise + * I suggest performing MD-5 as if every character + * was two bytes--e.g., 0040 0025 = @%--but then + * how will an ordinary MD-5 sum be matched? + * There is no way to standardize text to something + * like UTF-8 before transformation; speed cost is + * utterly prohibitive. The JavaScript standard + * itself needs to look at this: it should start + * providing access to strings as preformed UTF-8 + * 8-bit unsigned value arrays. + */ +function md5blk(s) { /* I figured global was faster. */ + const md5blks = []; + let i; /* Andy King said do it this way. */ + for (i = 0; i < 64; i += 4) { + md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << + 24); + } + return md5blks; +} - if (pos & 15) return -1; +const hex_chr = '0123456789abcdef'.split(''); - while ((len | 0) >= 16) { - _cipher_modes[mode & 7]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); +function rhex(n) { + let s = ''; + let j = 0; + for (; j < 4; j++) { + s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; + } + return s; +} - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } +function hex(x) { + for (let i = 0; i < x.length; i++) { + x[i] = rhex(x[i]); + } + return x.join(''); +} - return ret | 0; - } +/* this function is much faster, +so if possible we use it. Some IEs +are the only ones I know of that +need the idiotic second function, +generated by an if clause. */ - /** - * Calculates MAC of the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function mac(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; +function add32(a, b) { + return (a + b) & 0xFFFFFFFF; +} - var ret = 0; +/** + * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. + * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} + * @see {@link https://github.com/indutny/hash.js|hash.js} + * @module crypto/hash + */ - if (pos & 15) return -1; - while ((len | 0) >= 16) { - _mac_modes[mode & 1]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); +const webCrypto$a = util.getWebCrypto(); +const nodeCrypto$9 = util.getNodeCrypto(); +const nodeCryptoHashes = nodeCrypto$9 && nodeCrypto$9.getHashes(); - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } +function nodeHash(type) { + if (!nodeCrypto$9 || !nodeCryptoHashes.includes(type)) { + return; + } + return async function (data) { + const shasum = nodeCrypto$9.createHash(type); + return transform(data, value => { + shasum.update(value); + }, () => new Uint8Array(shasum.digest())); + }; +} - return ret | 0; - } +function nobleHash(nobleHashName, webCryptoHashName) { + const getNobleHash = async () => { + const { nobleHashes } = await Promise.resolve().then(function () { return noble_hashes; }); + const hash = nobleHashes.get(nobleHashName); + if (!hash) throw new Error('Unsupported hash'); + return hash; + }; - /** - * AES cipher modes table (virual methods) - */ - var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr]; + return async function(data) { + if (isArrayStream(data)) { + data = await readToEnd(data); + } + if (util.isStream(data)) { + const hash = await getNobleHash(); - /** - * AES MAC modes table (virual methods) - */ - var _mac_modes = [_cbc_enc, _gcm_mac]; + const hashInstance = hash.create(); + return transform(data, value => { + hashInstance.update(value); + }, () => hashInstance.digest()); + } else if (webCrypto$a && webCryptoHashName) { + return new Uint8Array(await webCrypto$a.digest(webCryptoHashName, data)); + } else { + const hash = await getNobleHash(); - /** - * Asm.js module exports - */ - return { - set_rounds: set_rounds, - set_state: set_state, - set_iv: set_iv, - set_nonce: set_nonce, - set_mask: set_mask, - set_counter: set_counter, - get_state: get_state, - get_iv: get_iv, - gcm_init: gcm_init, - cipher: cipher, - mac: mac, - }; - }(stdlib, foreign, buffer); + return hash(data); + } + }; +} - asm.set_key = set_key; +var hash$1 = { - return asm; - }; + /** @see module:md5 */ + md5: nodeHash('md5') || md5, + sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'), + sha224: nodeHash('sha224') || nobleHash('sha224'), + sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'), + sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'), + sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'), + ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'), + sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'), + sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'), /** - * AES enciphering mode constants - * @enum {number} - * @const + * Create a hash on the specified data using the specified algorithm + * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @param {Uint8Array} data - Data to be hashed + * @returns {Promise} Hash value. */ - wrapper.ENC = { - ECB: 0, - CBC: 2, - CFB: 4, - OFB: 6, - CTR: 7, + digest: function(algo, data) { + switch (algo) { + case enums.hash.md5: + return this.md5(data); + case enums.hash.sha1: + return this.sha1(data); + case enums.hash.ripemd: + return this.ripemd(data); + case enums.hash.sha256: + return this.sha256(data); + case enums.hash.sha384: + return this.sha384(data); + case enums.hash.sha512: + return this.sha512(data); + case enums.hash.sha224: + return this.sha224(data); + case enums.hash.sha3_256: + return this.sha3_256(data); + case enums.hash.sha3_512: + return this.sha3_512(data); + default: + throw new Error('Unsupported hash function'); + } }, - /** - * AES deciphering mode constants - * @enum {number} - * @const - */ - wrapper.DEC = { - ECB: 1, - CBC: 3, - CFB: 5, - OFB: 6, - CTR: 7, - }, - - /** - * AES MAC mode constants - * @enum {number} - * @const - */ - wrapper.MAC = { - CBC: 0, - GCM: 1, - }; - /** - * Heap data offset - * @type {number} - * @const + * Returns the hash size in bytes of the specified hash algorithm type + * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @returns {Integer} Size in bytes of the resulting hash. */ - wrapper.HEAP_DATA = 0x4000; - - return wrapper; -}(); - -function is_bytes(a) { - return a instanceof Uint8Array; -} -function _heap_init(heap, heapSize) { - const size = heap ? heap.byteLength : heapSize || 65536; - if (size & 0xfff || size <= 0) - throw new Error('heap size must be a positive integer and a multiple of 4096'); - heap = heap || new Uint8Array(new ArrayBuffer(size)); - return heap; -} -function _heap_write(heap, hpos, data, dpos, dlen) { - const hlen = heap.length - hpos; - const wlen = hlen < dlen ? hlen : dlen; - heap.set(data.subarray(dpos, dpos + wlen), hpos); - return wlen; -} -function joinBytes(...arg) { - const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0); - const ret = new Uint8Array(totalLenght); - let cursor = 0; - for (let i = 0; i < arg.length; i++) { - ret.set(arg[i], cursor); - cursor += arg[i].length; - } - return ret; -} - -class IllegalStateError extends Error { - constructor(...args) { - super(...args); + getHashByteLength: function(algo) { + switch (algo) { + case enums.hash.md5: + return 16; + case enums.hash.sha1: + case enums.hash.ripemd: + return 20; + case enums.hash.sha256: + return 32; + case enums.hash.sha384: + return 48; + case enums.hash.sha512: + return 64; + case enums.hash.sha224: + return 28; + case enums.hash.sha3_256: + return 32; + case enums.hash.sha3_512: + return 64; + default: + throw new Error('Invalid hash algorithm.'); } + } +}; + +function isBytes$2(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); } -class IllegalArgumentError extends Error { - constructor(...args) { - super(...args); - } +function bytes$1(b, ...lengths) { + if (!isBytes$2(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); } -class SecurityError extends Error { - constructor(...args) { - super(...args); +function exists$1(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output$1(out, instance) { + bytes$1(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); } } -const heap_pool = []; -const asm_pool = []; -class AES { - constructor(key, iv, padding = true, mode, heap, asm) { - this.pos = 0; - this.len = 0; - this.mode = mode; - // The AES object state - this.pos = 0; - this.len = 0; - this.key = key; - this.iv = iv; - this.padding = padding; - // The AES "worker" - this.acquire_asm(heap, asm); - } - acquire_asm(heap, asm) { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA); - this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer); - this.reset(this.key, this.iv); - } - return { heap: this.heap, asm: this.asm }; +/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */ +// Cast array to different type +const u8$1 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength); +const u32$2 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView$1 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// big-endian hardware is rare. Just in case someone still decides to run ciphers: +// early-throw an error because we don't support BE yet. +const isLE$1 = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +if (!isLE$1) + throw new Error('Non little-endian hardware is not supported'); +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$2(str) { + if (typeof str !== 'string') + throw new Error(`string expected, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes$1(data) { + if (typeof data === 'string') + data = utf8ToBytes$2(data); + else if (isBytes$2(data)) + data = copyBytes(data); + else + throw new Error(`Uint8Array expected, got ${typeof data}`); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$2(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes$1(a); + sum += a.length; } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool.push(this.heap); - asm_pool.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - reset(key, iv) { - const { asm } = this.acquire_asm(); - // Key - const keylen = key.length; - if (keylen !== 16 && keylen !== 24 && keylen !== 32) - throw new IllegalArgumentError('illegal key size'); - const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength); - asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0); - // IV - if (iv !== undefined) { - if (iv.length !== 16) - throw new IllegalArgumentError('illegal iv size'); - let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); - asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12)); - } - else { - asm.set_iv(0, 0, 0, 0); - } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; } - AES_Encrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - let result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes$1(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @__NO_SIDE_EFFECTS__ + */ +const wrapCipher = (params, c) => { + Object.assign(c, params); + return c; +}; +// Polyfill for Safari 14 +function setBigUint64$1(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = 0; + const l = 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +// Is byte array aligned to 4 byte offset (u32)? +function isAligned32(bytes) { + return bytes.byteOffset % 4 === 0; +} +// copy bytes to new u8a (aligned). Because Buffer.slice is broken. +function copyBytes(bytes) { + return Uint8Array.from(bytes); +} +function clean(...arrays) { + for (let i = 0; i < arrays.length; i++) { + arrays[i].fill(0); + } +} + +// GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV. +// Implemented in terms of GHash with conversion function for keys +// GCM GHASH from NIST SP800-38d, SIV from RFC 8452. +// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf +// GHASH modulo: x^128 + x^7 + x^2 + x + 1 +// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1 +const BLOCK_SIZE$1 = 16; +// TODO: rewrite +// temporary padding buffer +const ZEROS16 = /* @__PURE__ */ new Uint8Array(16); +const ZEROS32 = u32$2(ZEROS16); +const POLY$1 = 0xe1; // v = 2*v % POLY +// v = 2*v % POLY +// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x +// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor) +const mul2$1 = (s0, s1, s2, s3) => { + const hiBit = s3 & 1; + return { + s3: (s2 << 31) | (s3 >>> 1), + s2: (s1 << 31) | (s2 >>> 1), + s1: (s0 << 31) | (s1 >>> 1), + s0: (s0 >>> 1) ^ ((POLY$1 << 24) & -(hiBit & 1)), // reduce % poly + }; +}; +const swapLE = (n) => (((n >>> 0) & 0xff) << 24) | + (((n >>> 8) & 0xff) << 16) | + (((n >>> 16) & 0xff) << 8) | + ((n >>> 24) & 0xff) | + 0; +/** + * `mulX_POLYVAL(ByteReverse(H))` from spec + * @param k mutated in place + */ +function _toGHASHKey(k) { + k.reverse(); + const hiBit = k[15] & 1; + // k >>= 1 + let carry = 0; + for (let i = 0; i < k.length; i++) { + const t = k[i]; + k[i] = (t >>> 1) | carry; + carry = (t & 1) << 7; + } + k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000; + return k; +} +const estimateWindow = (bytes) => { + if (bytes > 64 * 1024) + return 8; + if (bytes > 1024) + return 4; + return 2; +}; +class GHASH { + // We select bits per window adaptively based on expectedLength + constructor(key, expectedLength) { + this.blockLen = BLOCK_SIZE$1; + this.outputLen = BLOCK_SIZE$1; + this.s0 = 0; + this.s1 = 0; + this.s2 = 0; + this.s3 = 0; + this.finished = false; + key = toBytes$1(key); + bytes$1(key, 16); + const kView = createView$1(key); + let k0 = kView.getUint32(0, false); + let k1 = kView.getUint32(4, false); + let k2 = kView.getUint32(8, false); + let k3 = kView.getUint32(12, false); + // generate table of doubled keys (half of montgomery ladder) + const doubles = []; + for (let i = 0; i < 128; i++) { + doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) }); + ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2$1(k0, k1, k2, k3)); + } + const W = estimateWindow(expectedLength || 1024); + if (![1, 2, 4, 8].includes(W)) + throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`); + this.W = W; + const bits = 128; // always 128 bits; + const windows = bits / W; + const windowSize = (this.windowSize = 2 ** W); + const items = []; + // Create precompute table for window of W bits + for (let w = 0; w < windows; w++) { + // truth table: 00, 01, 10, 11 + for (let byte = 0; byte < windowSize; byte++) { + // prettier-ignore + let s0 = 0, s1 = 0, s2 = 0, s3 = 0; + for (let j = 0; j < W; j++) { + const bit = (byte >>> (W - j - 1)) & 1; + if (!bit) + continue; + const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j]; + (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3); + } + items.push({ s0, s1, s2, s3 }); } } - this.pos = pos; - this.len = len; - return result; - } - AES_Encrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let plen = 16 - (len % 16); - let rlen = len; - if (this.hasOwnProperty('padding')) { - if (this.padding) { - for (let p = 0; p < plen; ++p) { - heap[pos + len + p] = plen; + this.t = items; + } + _updateBlock(s0, s1, s2, s3) { + (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3); + const { W, t, windowSize } = this; + // prettier-ignore + let o0 = 0, o1 = 0, o2 = 0, o3 = 0; + const mask = (1 << W) - 1; // 2**W will kill performance. + let w = 0; + for (const num of [s0, s1, s2, s3]) { + for (let bytePos = 0; bytePos < 4; bytePos++) { + const byte = (num >>> (8 * bytePos)) & 0xff; + for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) { + const bit = (byte >>> (W * bitPos)) & mask; + const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit]; + (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3); + w += 1; } - len += plen; - rlen = len; - } - else if (len % 16) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); } } - else { - len += plen; + this.s0 = o0; + this.s1 = o1; + this.s2 = o2; + this.s3 = o3; + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + const left = data.length % BLOCK_SIZE$1; + for (let i = 0; i < blocks; i++) { + this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]); + clean(ZEROS32); // clean tmp buffer } - const result = new Uint8Array(rlen); - if (len) - asm.cipher(amode, hpos + pos, len); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - AES_Decrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let plen = 0; - let wlen = 0; - if (this.padding) { - plen = len + dlen - rlen || 16; - rlen -= plen; + return this; + } + destroy() { + const { t } = this; + // clean precompute table + for (const elm of t) { + (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0); + } + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out; + } + digest() { + const res = new Uint8Array(BLOCK_SIZE$1); + this.digestInto(res); + this.destroy(); + return res; + } +} +class Polyval extends GHASH { + constructor(key, expectedLength) { + key = toBytes$1(key); + const ghKey = _toGHASHKey(copyBytes(key)); + super(ghKey, expectedLength); + clean(ghKey); + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const left = data.length % BLOCK_SIZE$1; + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + for (let i = 0; i < blocks; i++) { + this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0])); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0])); + clean(ZEROS32); } - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0)); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; + return this; + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + // tmp ugly hack + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out.reverse(); + } +} +function wrapConstructorWithKey(hashCons) { + const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes$1(msg)).digest(); + const tmp = hashCons(new Uint8Array(16), 0); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (key, expectedLength) => hashCons(key, expectedLength); + return hashC; +} +const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength)); +wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength)); + +// prettier-ignore +/* +AES (Advanced Encryption Standard) aka Rijndael block cipher. + +Data is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round: +1. **S-box**, table substitution +2. **Shift rows**, cyclic shift left of all rows of data array +3. **Mix columns**, multiplying every column by fixed polynomial +4. **Add round key**, round_key xor i-th column of array + +Resources: +- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf +- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf +*/ +const BLOCK_SIZE = 16; +const BLOCK_SIZE32 = 4; +const EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE); +const POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8 +// TODO: remove multiplication, binary ops only +function mul2(n) { + return (n << 1) ^ (POLY & -(n >> 7)); +} +function mul(a, b) { + let res = 0; + for (; b > 0; b >>= 1) { + // Montgomery ladder + res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time). + a = mul2(a); // a = 2*a + } + return res; +} +// AES S-box is generated using finite field inversion, +// an affine transform, and xor of a constant 0x63. +const sbox = /* @__PURE__ */ (() => { + const t = new Uint8Array(256); + for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x)) + t[i] = x; + const box = new Uint8Array(256); + box[0] = 0x63; // first elm + for (let i = 0; i < 255; i++) { + let x = t[255 - i]; + x |= x << 8; + box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff; + } + clean(t); + return box; +})(); +// Inverted S-box +const invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j)); +// Rotate u32 by 8 +const rotr32_8 = (n) => (n << 24) | (n >>> 8); +const rotl32_8 = (n) => (n << 8) | (n >>> 24); +// The byte swap operation for uint32 (LE<->BE) +const byteSwap$1 = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes: +// - LE instead of BE +// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23; +// so index is u16, instead of u8. This speeds up things, unexpectedly +function genTtable(sbox, fn) { + if (sbox.length !== 256) + throw new Error('Wrong sbox length'); + const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j])); + const T1 = T0.map(rotl32_8); + const T2 = T1.map(rotl32_8); + const T3 = T2.map(rotl32_8); + const T01 = new Uint32Array(256 * 256); + const T23 = new Uint32Array(256 * 256); + const sbox2 = new Uint16Array(256 * 256); + for (let i = 0; i < 256; i++) { + for (let j = 0; j < 256; j++) { + const idx = i * 256 + j; + T01[idx] = T0[i] ^ T1[j]; + T23[idx] = T2[i] ^ T3[j]; + sbox2[idx] = (sbox[i] << 8) | sbox[j]; + } + } + return { sbox, sbox2, T0, T1, T2, T3, T01, T23 }; +} +const tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2)); +const tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14)); +const xPowers = /* @__PURE__ */ (() => { + const p = new Uint8Array(16); + for (let i = 0, x = 1; i < 16; i++, x = mul2(x)) + p[i] = x; + return p; +})(); +function expandKeyLE(key) { + bytes$1(key); + const len = key.length; + if (![16, 24, 32].includes(len)) + throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`); + const { sbox2 } = tableEncoding; + const toClean = []; + if (!isAligned32(key)) + toClean.push((key = copyBytes(key))); + const k32 = u32$2(key); + const Nk = k32.length; + const subByte = (n) => applySbox(sbox2, n, n, n, n); + const xk = new Uint32Array(len + 28); // expanded key + xk.set(k32); + // 4.3.1 Key expansion + for (let i = Nk; i < xk.length; i++) { + let t = xk[i - 1]; + if (i % Nk === 0) + t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1]; + else if (Nk > 6 && i % Nk === 4) + t = subByte(t); + xk[i] = xk[i - Nk] ^ t; + } + clean(...toClean); + return xk; +} +function expandKeyDecLE(key) { + const encKey = expandKeyLE(key); + const xk = encKey.slice(); + const Nk = encKey.length; + const { sbox2 } = tableEncoding; + const { T0, T1, T2, T3 } = tableDecoding; + // Inverse key by chunks of 4 (rounds) + for (let i = 0; i < Nk; i += 4) { + for (let j = 0; j < 4; j++) + xk[i + j] = encKey[Nk - i - 4 + j]; + } + clean(encKey); + // apply InvMixColumn except first & last round + for (let i = 4; i < Nk - 4; i++) { + const x = xk[i]; + const w = applySbox(sbox2, x, x, x, x); + xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24]; + } + return xk; +} +// Apply tables +function apply0123(T01, T23, s0, s1, s2, s3) { + return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^ + T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]); +} +function applySbox(sbox2, s0, s1, s2, s3) { + return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] | + (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16)); +} +function encrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableEncoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // last round (without mixcolumns, so using SBOX2 table) + const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different +function decrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableDecoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // Last round + const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +function getDst(len, dst) { + if (dst === undefined) + return new Uint8Array(len); + bytes$1(dst); + if (dst.length < len) + throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`); + if (!isAligned32(dst)) + throw new Error('unaligned dst'); + return dst; +} +// TODO: investigate merging with ctr32 +function ctrCounter(xk, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const ctr = nonce; + const c32 = u32$2(ctr); + // Fill block (empty, ctr=0) + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + // Full 128 bit counter with wrap around + let carry = 1; + for (let i = ctr.length - 1; i >= 0; i--) { + carry = (carry + (ctr[i] & 0xff)) | 0; + ctr[i] = carry & 0xff; + carry >>>= 8; + } + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than block) + // It's possible to handle > u32 fast, but is it worth it? + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +// AES CTR with overflowing 32 bit counter +// It's possible to do 32le significantly simpler (and probably faster) by using u32. +// But, we need both, and perf bottleneck is in ghash anyway. +function ctr32(xk, isLE, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + dst = getDst(src.length, dst); + const ctr = nonce; // write new value to nonce, so it can be re-used + const c32 = u32$2(ctr); + const view = createView$1(ctr); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const ctrPos = isLE ? 0 : 12; + const srcLen = src.length; + // Fill block (empty, ctr=0) + let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + ctrNum = (ctrNum + 1) >>> 0; // u32 wrap + view.setUint32(ctrPos, ctrNum, isLE); + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than a block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +/** + * CTR: counter mode. Creates stream cipher. + * Requires good IV. Parallelizable. OK, but no MAC. + */ +const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) { + bytes$1(key); + bytes$1(nonce, BLOCK_SIZE); + function processCtr(buf, dst) { + bytes$1(buf); + if (dst !== undefined) { + bytes$1(dst); + if (!isAligned32(dst)) + throw new Error('unaligned destination'); + } + const xk = expandKeyLE(key); + const n = copyBytes(nonce); // align + avoid changing + const toClean = [xk, n]; + if (!isAligned32(buf)) + toClean.push((buf = copyBytes(buf))); + const out = ctrCounter(xk, n, buf, dst); + clean(...toClean); + return out; + } + return { + encrypt: (plaintext, dst) => processCtr(plaintext, dst), + decrypt: (ciphertext, dst) => processCtr(ciphertext, dst), + }; +}); +function validateBlockDecrypt(data) { + bytes$1(data); + if (data.length % BLOCK_SIZE !== 0) { + throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`); + } +} +function validateBlockEncrypt(plaintext, pcks5, dst) { + bytes$1(plaintext); + let outLen = plaintext.length; + const remaining = outLen % BLOCK_SIZE; + if (!pcks5 && remaining !== 0) + throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding'); + if (!isAligned32(plaintext)) + plaintext = copyBytes(plaintext); + const b = u32$2(plaintext); + if (pcks5) { + let left = BLOCK_SIZE - remaining; + if (!left) + left = BLOCK_SIZE; // if no bytes left, create empty padding block + outLen = outLen + left; + } + const out = getDst(outLen, dst); + const o = u32$2(out); + return { b, o, out }; +} +function validatePCKS(data, pcks5) { + if (!pcks5) + return data; + const len = data.length; + if (!len) + throw new Error('aes/pcks5: empty ciphertext not allowed'); + const lastByte = data[len - 1]; + if (lastByte <= 0 || lastByte > 16) + throw new Error('aes/pcks5: wrong padding'); + const out = data.subarray(0, -lastByte); + for (let i = 0; i < lastByte; i++) + if (data[len - i - 1] !== lastByte) + throw new Error('aes/pcks5: wrong padding'); + return out; +} +function padPCKS(left) { + const tmp = new Uint8Array(16); + const tmp32 = u32$2(tmp); + tmp.set(left); + const paddingByte = BLOCK_SIZE - left.length; + for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++) + tmp[i] = paddingByte; + return tmp32; +} +/** + * CBC: Cipher-Block-Chaining. Key is previous round’s block. + * Fragile: needs proper padding. Unauthenticated: needs MAC. + */ +const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) { + bytes$1(key); + bytes$1(iv, 16); + const pcks5 = !opts.disablePadding; + return { + encrypt(plaintext, dst) { + const xk = expandKeyLE(key); + const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + let i = 0; + for (; i + 4 <= b.length;) { + (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); } - else { - pos = 0; - len = 0; + if (pcks5) { + const tmp32 = padPCKS(plaintext.subarray(i * 4)); + (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + clean(...toClean); + return _out; + }, + decrypt(ciphertext, dst) { + validateBlockDecrypt(ciphertext); + const xk = expandKeyDecLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + const out = getDst(ciphertext.length, dst); + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const b = u32$2(ciphertext); + const o = u32$2(out); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= b.length;) { + // prettier-ignore + const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3; + (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]); + const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt$6(xk, s0, s1, s2, s3); + (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3); } + clean(...toClean); + return validatePCKS(out, pcks5); + }, + }; +}); +/** + * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output. + * Unauthenticated: needs MAC. + */ +const cfb$1 = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) { + bytes$1(key); + bytes$1(iv, 16); + function processCfb(src, isEncrypt, dst) { + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const xk = expandKeyLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + if (!isAligned32(src)) + toClean.push((src = copyBytes(src))); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const next32 = isEncrypt ? dst32 : src32; + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= src32.length;) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt$6(xk, s0, s1, s2, s3); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]); + } + // leftovers (less than block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + const buf = u8$1(new Uint32Array([s0, s1, s2, s3])); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(buf); + } + clean(...toClean); + return dst; + } + return { + encrypt: (plaintext, dst) => processCfb(plaintext, true, dst), + decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst), + }; +}); +// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen +function computeTag(fn, isLE, key, data, AAD) { + const aadLength = AAD == null ? 0 : AAD.length; + const h = fn.create(key, data.length + aadLength); + if (AAD) + h.update(AAD); + h.update(data); + const num = new Uint8Array(16); + const view = createView$1(num); + if (AAD) + setBigUint64$1(view, 0, BigInt(aadLength * 8), isLE); + setBigUint64$1(view, 8, BigInt(data.length * 8), isLE); + h.update(num); + const res = h.digest(); + clean(num); + return res; +} +/** + * GCM: Galois/Counter Mode. + * Modern, parallel version of CTR, with MAC. + * Be careful: MACs can be forged. + * Unsafe to use random nonces under the same key, due to collision chance. + * As for nonce size, prefer 12-byte, instead of 8-byte. + */ +const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) { + bytes$1(key); + bytes$1(nonce); + if (AAD !== undefined) + bytes$1(AAD); + // NIST 800-38d doesn't enforce minimum nonce length. + // We enforce 8 bytes for compat with openssl. + // 12 bytes are recommended. More than 12 bytes would be converted into 12. + if (nonce.length < 8) + throw new Error('aes/gcm: invalid nonce length'); + const tagLength = 16; + function _computeTag(authKey, tagMask, data) { + const tag = computeTag(ghash, false, authKey, data, AAD); + for (let i = 0; i < tagMask.length; i++) + tag[i] ^= tagMask[i]; + return tag; + } + function deriveKeys() { + const xk = expandKeyLE(key); + const authKey = EMPTY_BLOCK.slice(); + const counter = EMPTY_BLOCK.slice(); + ctr32(xk, false, counter, counter, authKey); + // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces + if (nonce.length === 12) { + counter.set(nonce); } - this.pos = pos; - this.len = len; - return result; - } - AES_Decrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let rlen = len; - if (len > 0) { - if (len % 16) { - if (this.hasOwnProperty('padding')) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - else { - len += 16 - (len % 16); + else { + const nonceLen = EMPTY_BLOCK.slice(); + const view = createView$1(nonceLen); + setBigUint64$1(view, 8, BigInt(nonce.length * 8), false); + // ghash(nonce || u64be(0) || u64be(nonceLen*8)) + const g = ghash.create(authKey).update(nonce).update(nonceLen); + g.digestInto(counter); // digestInto doesn't trigger '.destroy' + g.destroy(); + } + const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK); + return { xk, authKey, counter, tagMask }; + } + return { + encrypt(plaintext) { + bytes$1(plaintext); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const out = new Uint8Array(plaintext.length + tagLength); + const toClean = [xk, authKey, counter, tagMask]; + if (!isAligned32(plaintext)) + toClean.push((plaintext = copyBytes(plaintext))); + ctr32(xk, false, counter, plaintext, out); + const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength)); + toClean.push(tag); + out.set(tag, plaintext.length); + clean(...toClean); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + if (ciphertext.length < tagLength) + throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const toClean = [xk, authKey, tagMask, counter]; + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const data = ciphertext.subarray(0, -tagLength); + const passedTag = ciphertext.subarray(-tagLength); + const tag = _computeTag(authKey, tagMask, data); + toClean.push(tag); + if (!equalBytes$1(tag, passedTag)) + throw new Error('aes/gcm: invalid ghash tag'); + const out = ctr32(xk, false, counter, data); + clean(...toClean); + return out; + }, + }; +}); +function isBytes32(a) { + return (a != null && + typeof a === 'object' && + (a instanceof Uint32Array || a.constructor.name === 'Uint32Array')); +} +function encryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_encryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = encrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +function decryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_decryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = decrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +/** + * AES-W (base for AESKW/AESKWP). + * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf), + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/). + */ +const AESW = { + /* + High-level pseudocode: + ``` + A: u64 = IV + out = [] + for (let i=0, ctr = 0; i<6; i++) { + for (const chunk of chunks(plaintext, 8)) { + A ^= swapEndianess(ctr++) + [A, res] = chunks(encrypt(A || chunk), 8); + out ||= res + } + } + out = A || out + ``` + Decrypt is the same, but reversed. + */ + encrypt(kek, out) { + // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints. + // If you need it larger, open an issue. + if (out.length >= 2 ** 32) + throw new Error('plaintext should be less than 4gb'); + const xk = expandKeyLE(kek); + if (out.length === 16) + encryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = 1; j < 6; j++) { + for (let pos = 2; pos < o32.length; pos += 2, ctr++) { + const { s0, s1, s2, s3 } = encrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + // A = MSB(64, B) ^ t where t = (n*j)+i + (a0 = s0), (a1 = s1 ^ byteSwap$1(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3); } } - asm.cipher(amode, hpos + pos, len); - if (this.hasOwnProperty('padding') && this.padding) { - let pad = heap[pos + rlen - 1]; - if (pad < 1 || pad > 16 || pad > rlen) - throw new SecurityError('bad padding'); - let pcheck = 0; - for (let i = pad; i > 1; i--) - pcheck |= pad ^ heap[pos + rlen - i]; - if (pcheck) - throw new SecurityError('bad padding'); - rlen -= pad; - } + (o32[0] = a0), (o32[1] = a1); // out = A || out } - const result = new Uint8Array(rlen); - if (rlen > 0) { - result.set(heap.subarray(pos, pos + rlen)); + xk.fill(0); + }, + decrypt(kek, out) { + if (out.length - 8 >= 2 ** 32) + throw new Error('ciphertext should be less than 4gb'); + const xk = expandKeyDecLE(kek); + const chunks = out.length / 8 - 1; // first chunk is IV + if (chunks === 1) + decryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = chunks * 6; j < 6; j++) { + for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) { + a1 ^= byteSwap$1(ctr); + const { s0, s1, s2, s3 } = decrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); } - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } -} + xk.fill(0); + }, +}; +const AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6 +/** + * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times. + * Reduces block size from 16 to 8 bytes. + * For padded version, use aeskwp. + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + */ +const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({ + encrypt(plaintext) { + bytes$1(plaintext); + if (!plaintext.length || plaintext.length % 8 !== 0) + throw new Error('invalid plaintext length'); + if (plaintext.length === 8) + throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead'); + const out = concatBytes$2(AESKW_IV, plaintext); + AESW.encrypt(kek, out); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + // ciphertext must be at least 24 bytes and a multiple of 8 bytes + // 24 because should have at least two block (1 iv + 2). + // Replace with 16 to enable '8-byte keys' + if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8) + throw new Error('invalid ciphertext length'); + const out = copyBytes(ciphertext); + AESW.decrypt(kek, out); + if (!equalBytes$1(out.subarray(0, 8), AESKW_IV)) + throw new Error('integrity check failed'); + out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway + return out.subarray(8); + }, +})); +// Private, unsafe low-level methods. Can change at any time. +const unsafe = { + expandKeyLE, + expandKeyDecLE, + encrypt: encrypt$6, + decrypt: decrypt$6, + encryptBlock, + decryptBlock, + ctrCounter, + ctr32, +}; -class AES_ECB { - static encrypt(data, key, padding = false) { - return new AES_ECB(key, padding).encrypt(data); - } - static decrypt(data, key, padding = false) { - return new AES_ECB(key, padding).decrypt(data); - } - constructor(key, padding = false, aes) { - this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); +// Modified by ProtonTech AG + + +const webCrypto$9 = util.getWebCrypto(); +const nodeCrypto$8 = util.getNodeCrypto(); + +const knownAlgos = nodeCrypto$8 ? nodeCrypto$8.getCiphers() : []; +const nodeAlgos = { + idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ + tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, + cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, + blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, + aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, + aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, + aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined + /* twofish is not implemented in OpenSSL */ +}; + +/** + * CFB encryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} plaintext + * @param {Uint8Array} iv + * @param {Object} config - full configuration, defaults to openpgp.config + * @returns MaybeStream + */ +async function encrypt$5(algo, key, plaintext, iv, config) { + const algoName = enums.read(enums.symmetric, algo); + if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. + return nodeEncrypt$1(algo, key, plaintext, iv); + } + if (util.isAES(algo)) { + return aesEncrypt(algo, key, plaintext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; + + const blockc = iv.slice(); + let pt = new Uint8Array(); + const process = chunk => { + if (chunk) { + pt = util.concatUint8Array([pt, chunk]); } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); + const ciphertext = new Uint8Array(pt.length); + let i; + let j = 0; + while (chunk ? pt.length >= block_size : pt.length) { + const encblock = cipherfn.encrypt(blockc); + for (i = 0; i < block_size; i++) { + blockc[i] = pt[i] ^ encblock[i]; + ciphertext[j++] = blockc[i]; + } + pt = pt.subarray(block_size); } + return ciphertext.subarray(0, j); + }; + return transform(plaintext, process, process); } /** - * Javascript AES implementation. - * This is used as fallback if the native Crypto APIs are not available. + * CFB decryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} ciphertext + * @param {Uint8Array} iv + * @returns MaybeStream */ -function aes(length) { - const C = function(key) { - const aesECB = new AES_ECB(key); +async function decrypt$5(algo, key, ciphertext, iv) { + const algoName = enums.read(enums.symmetric, algo); + if (nodeCrypto$8 && nodeAlgos[algoName]) { // Node crypto library. + return nodeDecrypt$1(algo, key, ciphertext, iv); + } + if (util.isAES(algo)) { + return aesDecrypt(algo, key, ciphertext, iv); + } - this.encrypt = function(block) { - return aesECB.encrypt(block); - }; + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; - this.decrypt = function(block) { - return aesECB.decrypt(block); - }; + let blockp = iv; + let ct = new Uint8Array(); + const process = chunk => { + if (chunk) { + ct = util.concatUint8Array([ct, chunk]); + } + const plaintext = new Uint8Array(ct.length); + let i; + let j = 0; + while (chunk ? ct.length >= block_size : ct.length) { + const decblock = cipherfn.encrypt(blockp); + blockp = ct.subarray(0, block_size); + for (i = 0; i < block_size; i++) { + plaintext[j++] = blockp[i] ^ decblock[i]; + } + ct = ct.subarray(block_size); + } + return plaintext.subarray(0, j); }; + return transform(ciphertext, process, process); +} - C.blockSize = C.prototype.blockSize = 16; - C.keySize = C.prototype.keySize = length / 8; +class WebCryptoEncryptor { + constructor(algo, key, iv) { + const { blockSize } = getCipherParams(algo); + this.key = key; + this.prevBlock = iv; + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + this.zeroBlock = new Uint8Array(this.blockSize); + } - return C; -} + static async isSupported(algo) { + const { keySize } = getCipherParams(algo); + return webCrypto$9.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt']) + .then(() => true, () => false); + } -//Paul Tero, July 2001 -//http://www.tero.co.uk/des/ -// -//Optimised for performance with large blocks by Michael Hayworth, November 2001 -//http://www.netdealing.com -// -// Modified by Recurity Labs GmbH + async _runCBC(plaintext, nonZeroIV) { + const mode = 'AES-CBC'; + this.keyRef = this.keyRef || await webCrypto$9.importKey('raw', this.key, mode, false, ['encrypt']); + const ciphertext = await webCrypto$9.encrypt( + { name: mode, iv: nonZeroIV || this.zeroBlock }, + this.keyRef, + plaintext + ); + return new Uint8Array(ciphertext).subarray(0, plaintext.length); + } + + async encryptChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const plaintext = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + const toEncrypt = util.concatUint8Array([ + this.prevBlock, + plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block "early", since we only need to xor the plaintext and pass it over as prevBlock + ]); -//THIS SOFTWARE IS PROVIDED "AS IS" AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. + const encryptedBlocks = await this._runCBC(toEncrypt); + xorMut$1(encryptedBlocks, plaintext); + this.prevBlock = encryptedBlocks.slice(-this.blockSize); -//des -//this takes the key, the message, and whether to encrypt or decrypt + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; -function des(keys, message, encrypt, mode, iv, padding) { - //declaring this locally speeds things up a bit - const spfunction1 = [ - 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, - 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, - 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, - 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, - 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, - 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 - ]; - const spfunction2 = [ - -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, - 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - -0x7fef7fe0, 0x108000 - ]; - const spfunction3 = [ - 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, - 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, - 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, - 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, - 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, - 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 - ]; - const spfunction4 = [ - 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, - 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, - 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, - 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, - 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 - ]; - const spfunction5 = [ - 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, - 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, - 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, - 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, - 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, - 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, - 0x40080000, 0x2080100, 0x40000100 - ]; - const spfunction6 = [ - 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, - 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, - 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, - 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, - 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, - 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 - ]; - const spfunction7 = [ - 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, - 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, - 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, - 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, - 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, - 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 - ]; - const spfunction8 = [ - 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, - 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, - 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, - 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, - 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 - ]; + return encryptedBlocks; + } - //create the 16 or 48 subkeys we will need - let m = 0; - let i; - let j; - let temp; - let right1; - let right2; - let left; - let right; - let looping; - let cbcleft; - let cbcleft2; - let cbcright; - let cbcright2; - let endloop; - let loopinc; - let len = message.length; + this.i += added.length; + let encryptedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + const curBlock = this.nextBlock; + encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + this.prevBlock = encryptedBlock.slice(); + this.i = 0; - //set up the loops for single and triple des - const iterations = keys.length === 32 ? 3 : 9; //single or triple des - if (iterations === 3) { - looping = encrypt ? [0, 32, 2] : [30, -2, -2]; - } else { - looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + encryptedBlock = new Uint8Array(); + } + + return encryptedBlock; } - //pad the message depending on the padding parameter - //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt - if (encrypt) { - message = desAddPadding(message, padding); - len = message.length; + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + this.nextBlock = this.nextBlock.subarray(0, this.i); + const curBlock = this.nextBlock; + const encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + result = encryptedBlock.subarray(0, curBlock.length); + } + + this.clearSensitiveData(); + return result; } - //store the result here - let result = new Uint8Array(len); - let k = 0; + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.keyRef = null; + this.key = null; + } - if (mode === 1) { //CBC mode - cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - m = 0; + async encrypt(plaintext) { + // plaintext is internally padded to block length before encryption + const encryptedWithPadding = await this._runCBC( + util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]), + this.iv + ); + // drop encrypted padding + const ct = encryptedWithPadding.subarray(0, plaintext.length); + xorMut$1(ct, plaintext); + this.clearSensitiveData(); + return ct; } +} - //loop through each 64 bit chunk of the message - while (m < len) { - left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; +class NobleStreamProcessor { + constructor(forEncryption, algo, key, iv) { + this.forEncryption = forEncryption; + const { blockSize } = getCipherParams(algo); + this.key = unsafe.expandKeyLE(key); - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - left ^= cbcleft; - right ^= cbcright; - } else { - cbcleft2 = cbcleft; - cbcright2 = cbcright; - cbcleft = left; - cbcright = right; - } + if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers + this.prevBlock = getUint32Array(iv); + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + } + + _runCFB(src) { + const src32 = getUint32Array(src); + const dst = new Uint8Array(src.length); + const dst32 = getUint32Array(dst); + for (let i = 0; i + 4 <= dst32.length; i += 4) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = unsafe.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4); } + return dst; + } - //first each 64 but chunk of the message must be permuted according to IP - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); + async processChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); - left = ((left << 1) | (left >>> 31)); - right = ((right << 1) | (right >>> 31)); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const toProcess = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); - //do this either 1 or 3 times for each chunk of the message - for (j = 0; j < iterations; j += 3) { - endloop = looping[j + 1]; - loopinc = looping[j + 2]; - //now go through and perform the encryption or decryption - for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency - right1 = right ^ keys[i]; - right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; - //the result is attained by passing these bytes through the S selection functions - temp = left; - left = right; - right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> - 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & - 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); - } - temp = left; - left = right; - right = temp; //unreverse left and right - } //for either 1 or 3 iterations + const processedBlocks = this._runCFB(toProcess); - //move then each one bit to the right - left = ((left >>> 1) | (left << 31)); - right = ((right >>> 1) | (right << 31)); + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - //now perform IP-1, which is IP in the opposite direction - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); + return processedBlocks; + } - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - cbcleft = left; - cbcright = right; - } else { - left ^= cbcleft2; - right ^= cbcright2; - } + this.i += added.length; + + let processedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + processedBlock = this._runCFB(this.nextBlock); + this.i = 0; + + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + processedBlock = new Uint8Array(); } - result[k++] = (left >>> 24); - result[k++] = ((left >>> 16) & 0xff); - result[k++] = ((left >>> 8) & 0xff); - result[k++] = (left & 0xff); - result[k++] = (right >>> 24); - result[k++] = ((right >>> 16) & 0xff); - result[k++] = ((right >>> 8) & 0xff); - result[k++] = (right & 0xff); - } //for every 8 characters, or 64 bits in the message + return processedBlock; + } - //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt - if (!encrypt) { - result = desRemovePadding(result, padding); + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + const processedBlock = this._runCFB(this.nextBlock); + + result = processedBlock.subarray(0, this.i); + } + + this.clearSensitiveData(); + return result; } - return result; -} //end of des + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.key.fill(0); + } +} -//desCreateKeys -//this takes as input a 64 bit key (even though only 56 bits are used) -//as an array of 2 integers, and returns 16 48 bit keys +async function aesEncrypt(algo, key, pt, iv) { + if (webCrypto$9 && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys + const cfb = new WebCryptoEncryptor(algo, key, iv); + return util.isStream(pt) ? transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt); + } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream + const cfb = new NobleStreamProcessor(true, algo, key, iv); + return transform(pt, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).encrypt(pt); +} -function desCreateKeys(key) { - //declaring this locally speeds things up a bit - const pc2bytes0 = [ - 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, - 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 - ]; - const pc2bytes1 = [ - 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, - 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 - ]; - const pc2bytes2 = [ - 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, - 0x1000000, 0x1000008, 0x1000800, 0x1000808 - ]; - const pc2bytes3 = [ - 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, - 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 - ]; - const pc2bytes4 = [ - 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, - 0x41000, 0x1010, 0x41010 - ]; - const pc2bytes5 = [ - 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, - 0x2000000, 0x2000400, 0x2000020, 0x2000420 - ]; - const pc2bytes6 = [ - 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, - 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 - ]; - const pc2bytes7 = [ - 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, - 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 - ]; - const pc2bytes8 = [ - 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, - 0x2000002, 0x2040002, 0x2000002, 0x2040002 - ]; - const pc2bytes9 = [ - 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, - 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 - ]; - const pc2bytes10 = [ - 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, - 0x102000, 0x102020, 0x102000, 0x102020 - ]; - const pc2bytes11 = [ - 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, - 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 - ]; - const pc2bytes12 = [ - 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, - 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 - ]; - const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; +async function aesDecrypt(algo, key, ct, iv) { + if (util.isStream(ct)) { + const cfb = new NobleStreamProcessor(false, algo, key, iv); + return transform(ct, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).decrypt(ct); +} - //how many iterations (1 for des, 3 for triple des) - const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys - //stores the return keys - const keys = new Array(32 * iterations); - //now define the left shifts which need to be done - const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - //other variables - let lefttemp; - let righttemp; - let m = 0; - let n = 0; - let temp; +function xorMut$1(a, b) { + const aLength = Math.min(a.length, b.length); + for (let i = 0; i < aLength; i++) { + a[i] = a[i] ^ b[i]; + } +} - for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations - let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; +const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 2) ^ right) & 0x33333333; - right ^= temp; - left ^= (temp << 2); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); +function nodeEncrypt$1(algo, key, pt, iv) { + const algoName = enums.read(enums.symmetric, algo); + const cipherObj = new nodeCrypto$8.createCipheriv(nodeAlgos[algoName], key, iv); + return transform(pt, value => new Uint8Array(cipherObj.update(value))); +} - //the right side needs to be shifted and to get the last four bits of the left side - temp = (left << 8) | ((right >>> 20) & 0x000000f0); - //left needs to be put upside down - left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); - right = temp; +function nodeDecrypt$1(algo, key, ct, iv) { + const algoName = enums.read(enums.symmetric, algo); + const decipherObj = new nodeCrypto$8.createDecipheriv(nodeAlgos[algoName], key, iv); + return transform(ct, value => new Uint8Array(decipherObj.update(value))); +} - //now go through and perform these shifts on the left and right keys - for (let i = 0; i < shifts.length; i++) { - //shift the keys either one or two bits to the left - if (shifts[i]) { - left = (left << 2) | (left >>> 26); - right = (right << 2) | (right >>> 26); - } else { - left = (left << 1) | (left >>> 27); - right = (right << 1) | (right >>> 27); - } - left &= -0xf; - right &= -0xf; +var cfb = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$5, + encrypt: encrypt$5 +}); - //now apply PC-2, in such a way that E is easier when encrypting or decrypting - //this conversion will look like PC-2 except only the last 6 bits of each byte are used - //rather than 48 consecutive bits and the order of lines will be according to - //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 - lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( - left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & - 0xf]; - righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | - pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | - pc2bytes13[(right >>> 4) & 0xf]; - temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; - keys[n++] = lefttemp ^ temp; - keys[n++] = righttemp ^ (temp << 16); - } - } //for each iterations - //return the keys we've created - return keys; -} //end of desCreateKeys +/** + * @fileoverview This module implements AES-CMAC on top of + * native AES-CBC using either the WebCrypto API or Node.js' crypto API. + * @module crypto/cmac + */ -function desAddPadding(message, padding) { - const padLength = 8 - (message.length % 8); +const webCrypto$8 = util.getWebCrypto(); +const nodeCrypto$7 = util.getNodeCrypto(); - let pad; - if (padding === 2 && (padLength < 8)) { //pad the message with spaces - pad = ' '.charCodeAt(0); - } else if (padding === 1) { //PKCS7 padding - pad = padLength; - } else if (!padding && (padLength < 8)) { //pad the message out with null bytes - pad = 0; - } else if (padLength === 8) { - return message; - } else { - throw new Error('des: invalid padding'); - } - const paddedMessage = new Uint8Array(message.length + padLength); - for (let i = 0; i < message.length; i++) { - paddedMessage[i] = message[i]; - } - for (let j = 0; j < padLength; j++) { - paddedMessage[message.length + j] = pad; - } +/** + * This implementation of CMAC is based on the description of OMAC in + * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that + * document: + * + * We have made a small modification to the OMAC algorithm as it was + * originally presented, changing one of its two constants. + * Specifically, the constant 4 at line 85 was the constant 1/2 (the + * multiplicative inverse of 2) in the original definition of OMAC [14]. + * The OMAC authors indicate that they will promulgate this modification + * [15], which slightly simplifies implementations. + */ - return paddedMessage; -} +const blockLength$3 = 16; -function desRemovePadding(message, padding) { - let padLength = null; - let pad; - if (padding === 2) { // space padded - pad = ' '.charCodeAt(0); - } else if (padding === 1) { // PKCS7 - padLength = message[message.length - 1]; - } else if (!padding) { // null padding - pad = 0; - } else { - throw new Error('des: invalid padding'); - } - if (!padLength) { - padLength = 1; - while (message[message.length - padLength] === pad) { - padLength++; - } - padLength--; +/** + * xor `padding` into the end of `data`. This function implements "the + * operation xor→ [which] xors the shorter string into the end of longer + * one". Since data is always as least as long as padding, we can + * simplify the implementation. + * @param {Uint8Array} data + * @param {Uint8Array} padding + */ +function rightXORMut(data, padding) { + const offset = data.length - blockLength$3; + for (let i = 0; i < blockLength$3; i++) { + data[i + offset] ^= padding[i]; } + return data; +} - return message.subarray(0, message.length - padLength); +function pad(data, padding, padding2) { + // if |M| in {n, 2n, 3n, ...} + if (data.length && data.length % blockLength$3 === 0) { + // then return M xor→ B, + return rightXORMut(data, padding); + } + // else return (M || 10^(n−1−(|M| mod n))) xor→ P + const padded = new Uint8Array(data.length + (blockLength$3 - (data.length % blockLength$3))); + padded.set(data); + padded[data.length] = 0b10000000; + return rightXORMut(padded, padding2); } -// added by Recurity Labs +const zeroBlock$1 = new Uint8Array(blockLength$3); -function TripleDES(key) { - this.key = []; +async function CMAC(key) { + const cbc = await CBC(key); - for (let i = 0; i < 3; i++) { - this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); - } + // L ← E_K(0^n); B ← 2L; P ← 4L + const padding = util.double(await cbc(zeroBlock$1)); + const padding2 = util.double(padding); - this.encrypt = function(block) { - return des( - desCreateKeys(this.key[2]), - des( - desCreateKeys(this.key[1]), - des( - desCreateKeys(this.key[0]), - block, true, 0, null, null - ), - false, 0, null, null - ), true, 0, null, null - ); + return async function(data) { + // return CBC_K(pad(M; B, P)) + return (await cbc(pad(data, padding, padding2))).subarray(-blockLength$3); }; } -TripleDES.keySize = TripleDES.prototype.keySize = 24; -TripleDES.blockSize = TripleDES.prototype.blockSize = 8; - -// This is "original" DES - -function DES(key) { - this.key = key; +async function CBC(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt) { + const en = new nodeCrypto$7.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock$1); + const ct = en.update(pt); + return new Uint8Array(ct); + }; + } - this.encrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, true, 0, null, padding); - }; + if (util.getWebCrypto()) { + try { + key = await webCrypto$8.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); + return async function(pt) { + const ct = await webCrypto$8.encrypt({ name: 'AES-CBC', iv: zeroBlock$1, length: blockLength$3 * 8 }, key, pt); + return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength$3); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - this.decrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, false, 0, null, padding); + return async function(pt) { + return cbc(key, zeroBlock$1, { disablePadding: true }).encrypt(pt); }; } -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Copyright 2010 pjacobs@xeekr.com . All rights reserved. - -// Modified by Recurity Labs GmbH +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// fixed/modified by Herbert Hanewinkel, www.haneWIN.de -// check www.haneWIN.de for the latest version -// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. -// CAST-128 is a common OpenPGP cipher. +const webCrypto$7 = util.getWebCrypto(); +const nodeCrypto$6 = util.getNodeCrypto(); +const Buffer$2 = util.getNodeBuffer(); -// CAST5 constructor +const blockLength$2 = 16; +const ivLength$2 = blockLength$2; +const tagLength$2 = blockLength$2; -function OpenPGPSymEncCAST5() { - this.BlockSize = 8; - this.KeySize = 16; +const zero = new Uint8Array(blockLength$2); +const one$1 = new Uint8Array(blockLength$2); one$1[blockLength$2 - 1] = 1; +const two = new Uint8Array(blockLength$2); two[blockLength$2 - 1] = 2; - this.setKey = function(key) { - this.masking = new Array(16); - this.rotate = new Array(16); +async function OMAC(key) { + const cmac = await CMAC(key); + return function(t, message) { + return cmac(util.concatUint8Array([t, message])); + }; +} - this.reset(); +async function CTR(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt, iv) { + const en = new nodeCrypto$6.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); + const ct = Buffer$2.concat([en.update(pt), en.final()]); + return new Uint8Array(ct); + }; + } - if (key.length === this.KeySize) { - this.keySchedule(key); - } else { - throw new Error('CAST-128: keys must be 16 bytes'); + if (util.getWebCrypto()) { + try { + const keyRef = await webCrypto$7.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); + return async function(pt, iv) { + const ct = await webCrypto$7.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$2 * 8 }, keyRef, pt); + return new Uint8Array(ct); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); } - return true; + } + + return async function(pt, iv) { + return ctr(key, iv).encrypt(pt); }; +} - this.reset = function() { - for (let i = 0; i < 16; i++) { - this.masking[i] = 0; - this.rotate[i] = 0; + +/** + * Class to en/decrypt using EAX mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function EAX(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('EAX mode supports only AES cipher'); + } + + const [ + omac, + ctr + ] = await Promise.all([ + OMAC(key), + CTR(key) + ]); + + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + const [ + omacNonce, + omacAdata + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata) + ]); + const ciphered = await ctr(plaintext, omacNonce); + const omacCiphered = await omac(two, ciphered); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + return util.concatUint8Array([ciphered, tag]); + }, + + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to verify + * @returns {Promise} The plaintext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$2) throw new Error('Invalid EAX ciphertext'); + const ciphered = ciphertext.subarray(0, -tagLength$2); + const ctTag = ciphertext.subarray(-tagLength$2); + const [ + omacNonce, + omacAdata, + omacCiphered + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata), + omac(two, ciphered) + ]); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); + const plaintext = await ctr(ciphered, omacNonce); + return plaintext; } }; +} - this.getBlockSize = function() { - return this.BlockSize; - }; - this.encrypt = function(src) { - const dst = new Array(src.length); +/** + * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. + * @param {Uint8Array} iv - The initialization vector (16 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +EAX.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[8 + i] ^= chunkIndex[i]; + } + return nonce; +}; - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; +EAX.blockLength = blockLength$2; +EAX.ivLength = ivLength$2; +EAX.tagLength = tagLength$2; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; +const blockLength$1 = 16; +const ivLength$1 = 15; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; +// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: +// While OCB [RFC7253] allows the authentication tag length to be of any +// number up to 128 bits long, this document requires a fixed +// authentication tag length of 128 bits (16 octets) for simplicity. +const tagLength$1 = 16; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >>> 16) & 255; - dst[i + 6] = (l >>> 8) & 255; - dst[i + 7] = l & 255; - } - return dst; - }; +function ntz(n) { + let ntz = 0; + for (let i = 1; (n & i) === 0; i <<= 1) { + ntz++; + } + return ntz; +} - this.decrypt = function(src) { - const dst = new Array(src.length); +function xorMut(S, T) { + for (let i = 0; i < S.length; i++) { + S[i] ^= T[i]; + } + return S; +} - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; +function xor(S, T) { + return xorMut(S.slice(), T); +} - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; +const zeroBlock = new Uint8Array(blockLength$1); +const one = new Uint8Array([1]); - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; +/** + * Class to en/decrypt using OCB mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function OCB(cipher, key) { + const { keySize } = getCipherParams(cipher); + // sanity checks + if (!util.isAES(cipher) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; + let maxNtz = 0; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; + // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls, + // hence its execution cannot be broken up. + // As a result, WebCrypto cannot currently be used for `encipher`. + const aes = cbc(key, zeroBlock, { disablePadding: true }); + const encipher = block => aes.encrypt(block); + const decipher = block => aes.decrypt(block); + let mask; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >> 16) & 255; - dst[i + 6] = (l >> 8) & 255; - dst[i + 7] = l & 255; - } + constructKeyVariables(); - return dst; - }; - const scheduleA = new Array(4); + function constructKeyVariables() { + const mask_x = encipher(zeroBlock); + const mask_$ = util.double(mask_x); + mask = []; + mask[0] = util.double(mask_$); - scheduleA[0] = new Array(4); - scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; - scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - scheduleA[1] = new Array(4); - scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + mask.x = mask_x; + mask.$ = mask_$; + } - scheduleA[2] = new Array(4); - scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; - scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + function extendKeyVariables(text, adata) { + const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$1 | 0) - 1; + for (let i = maxNtz + 1; i <= newMaxNtz; i++) { + mask[i] = util.double(mask[i - 1]); + } + maxNtz = newMaxNtz; + } + function hash(adata) { + if (!adata.length) { + // Fast path + return zeroBlock; + } - scheduleA[3] = new Array(4); - scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + // + // Consider A as a sequence of 128-bit blocks + // + const m = adata.length / blockLength$1 | 0; - const scheduleB = new Array(4); + const offset = new Uint8Array(blockLength$1); + const sum = new Uint8Array(blockLength$1); + for (let i = 0; i < m; i++) { + xorMut(offset, mask[ntz(i + 1)]); + xorMut(sum, encipher(xor(offset, adata))); + adata = adata.subarray(blockLength$1); + } - scheduleB[0] = new Array(4); - scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; - scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; - scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; - scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; + // + // Process any final partial block; compute final hash value + // + if (adata.length) { + xorMut(offset, mask.x); - scheduleB[1] = new Array(4); - scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; - scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; - scheduleB[1][2] = [7, 6, 8, 9, 3]; - scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; + const cipherInput = new Uint8Array(blockLength$1); + cipherInput.set(adata, 0); + cipherInput[adata.length] = 0b10000000; + xorMut(cipherInput, offset); + xorMut(sum, encipher(cipherInput)); + } - scheduleB[2] = new Array(4); - scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; - scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; - scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; - scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; + return sum; + } + + /** + * Encrypt/decrypt data. + * @param {encipher|decipher} fn - Encryption/decryption block cipher function + * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. + */ + function crypt(fn, text, nonce, adata) { + // + // Consider P as a sequence of 128-bit blocks + // + const m = text.length / blockLength$1 | 0; + // + // Key-dependent variables + // + extendKeyVariables(text, adata); - scheduleB[3] = new Array(4); - scheduleB[3][0] = [8, 9, 7, 6, 3]; - scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; - scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; - scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; + // + // Nonce-dependent and per-encryption variables + // + // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N + // Note: We assume here that tagLength mod 16 == 0. + const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength$1 - nonce.length), one, nonce]); + // bottom = str2num(Nonce[123..128]) + const bottom = paddedNonce[blockLength$1 - 1] & 0b111111; + // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) + paddedNonce[blockLength$1 - 1] &= 0b11000000; + const kTop = encipher(paddedNonce); + // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) + const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); + // Offset_0 = Stretch[1+bottom..128+bottom] + const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); + // Checksum_0 = zeros(128) + const checksum = new Uint8Array(blockLength$1); - // changed 'in' to 'inn' (in javascript 'in' is a reserved word) - this.keySchedule = function(inn) { - const t = new Array(8); - const k = new Array(32); + const ct = new Uint8Array(text.length + tagLength$1); - let j; + // + // Process any whole blocks + // + let i; + let pos = 0; + for (i = 0; i < m; i++) { + // Offset_i = Offset_{i-1} xor L_{ntz(i)} + xorMut(offset, mask[ntz(i + 1)]); + // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) + // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) + ct.set(xorMut(fn(xor(offset, text)), offset), pos); + // Checksum_i = Checksum_{i-1} xor P_i + xorMut(checksum, fn === encipher ? text : ct.subarray(pos)); - for (let i = 0; i < 4; i++) { - j = i * 4; - t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + text = text.subarray(blockLength$1); + pos += blockLength$1; } - const x = [6, 7, 4, 5]; - let ki = 0; - let w; + // + // Process any final partial block and compute raw tag + // + if (text.length) { + // Offset_* = Offset_m xor L_* + xorMut(offset, mask.x); + // Pad = ENCIPHER(K, Offset_*) + const padding = encipher(offset); + // C_* = P_* xor Pad[1..bitlen(P_*)] + ct.set(xor(text, padding), pos); - for (let half = 0; half < 2; half++) { - for (let round = 0; round < 4; round++) { - for (j = 0; j < 4; j++) { - const a = scheduleA[round][j]; - w = t[a[1]]; + // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) + const xorInput = new Uint8Array(blockLength$1); + xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); + xorInput[text.length] = 0b10000000; + xorMut(checksum, xorInput); + pos += text.length; + } + // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) + const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata)); - w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; - w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; - w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; - w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; - w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; - t[a[0]] = w; - } + // + // Assemble ciphertext + // + // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] + ct.set(tag, pos); + return ct; + } - for (j = 0; j < 4; j++) { - const b = scheduleB[round][j]; - w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; - w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; - w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; - w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; - k[ki] = w; - ki++; - } - } - } + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + return crypt(encipher, plaintext, nonce, adata); + }, - for (let i = 0; i < 16; i++) { - this.masking[i] = k[i]; - this.rotate[i] = k[16 + i] & 0x1f; + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); + + const tag = ciphertext.subarray(-tagLength$1); + ciphertext = ciphertext.subarray(0, -tagLength$1); + + const crypted = crypt(decipher, ciphertext, nonce, adata); + // if (Tag[1..TAGLEN] == T) + if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { + return crypted.subarray(0, -tagLength$1); + } + throw new Error('Authentication tag mismatch'); } }; +} - // These are the three 'f' functions. See RFC 2144, section 2.2. - function f1(d, m, r) { - const t = m + d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; +/** + * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. + * @param {Uint8Array} iv - The initialization vector (15 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +OCB.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[7 + i] ^= chunkIndex[i]; } + return nonce; +}; - function f2(d, m, r) { - const t = m ^ d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; - } +OCB.blockLength = blockLength$1; +OCB.ivLength = ivLength$1; +OCB.tagLength = tagLength$1; - function f3(d, m, r) { - const t = m - d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$6 = util.getWebCrypto(); +const nodeCrypto$5 = util.getNodeCrypto(); +const Buffer$1 = util.getNodeBuffer(); + +const blockLength = 16; +const ivLength = 12; // size of the IV in bytes +const tagLength = 16; // size of the tag in bytes +const ALGO = 'AES-GCM'; + +/** + * Class to en/decrypt using GCM mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function GCM(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('GCM mode supports only AES cipher'); } - const sBox = new Array(8); - sBox[0] = [ - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf - ]; + if (util.getNodeCrypto()) { // Node crypto library + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + const en = new nodeCrypto$5.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + en.setAAD(adata); + const ct = Buffer$1.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext + return new Uint8Array(ct); + }, - sBox[1] = [ - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + const de = new nodeCrypto$5.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + de.setAAD(adata); + de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext + const pt = Buffer$1.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]); + return new Uint8Array(pt); + } + }; + } - sBox[2] = [ - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 - ]; + if (util.getWebCrypto()) { + try { + const _key = await webCrypto$6.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); + // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages + const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/) || + navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/); + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && !pt.length) { + return gcm(key, iv, adata).encrypt(pt); + } + const ct = await webCrypto$6.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt); + return new Uint8Array(ct); + }, - sBox[3] = [ - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) { + return gcm(key, iv, adata).decrypt(ct); + } + try { + const pt = await webCrypto$6.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct); + return new Uint8Array(pt); + } catch (e) { + if (e.name === 'OperationError') { + throw new Error('Authentication tag mismatch'); + } + } + } + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - sBox[4] = [ - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 - ]; + return { + encrypt: async function(pt, iv, adata) { + return gcm(key, iv, adata).encrypt(pt); + }, - sBox[5] = [ - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f - ]; + decrypt: async function(ct, iv, adata) { + return gcm(key, iv, adata).decrypt(ct); + } + }; +} - sBox[6] = [ - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 - ]; - - sBox[7] = [ - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e - ]; -} - -function CAST5(key) { - this.cast5 = new OpenPGPSymEncCAST5(); - this.cast5.setKey(key); - - this.encrypt = function(block) { - return this.cast5.encrypt(block); - }; -} - -CAST5.blockSize = CAST5.prototype.blockSize = 8; -CAST5.keySize = CAST5.prototype.keySize = 16; -/* eslint-disable no-mixed-operators, no-fallthrough */ +/** + * Get GCM nonce. Note: this operation is not defined by the standard. + * A future version of the standard may define GCM mode differently, + * hopefully under a different ID (we use Private/Experimental algorithm + * ID 100) so that we can maintain backwards compatibility. + * @param {Uint8Array} iv - The initialization vector (12 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +GCM.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[4 + i] ^= chunkIndex[i]; + } + return nonce; +}; +GCM.blockLength = blockLength; +GCM.ivLength = ivLength; +GCM.tagLength = tagLength; -/* Modified by Recurity Labs GmbH - * - * Cipher.js - * A block-cipher algorithm implementation on JavaScript - * See Cipher.readme.txt for further information. - * - * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] - * This script file is distributed under the LGPL - * - * ACKNOWLEDGMENT - * - * The main subroutines are written by Michiel van Everdingen. - * - * Michiel van Everdingen - * http://home.versatel.nl/MAvanEverdingen/index.html - * - * All rights for these routines are reserved to Michiel van Everdingen. - * +/** + * @fileoverview Cipher modes + * @module crypto/mode */ -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -//Math -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -const MAXINT = 0xFFFFFFFF; +var mode = { + /** @see module:crypto/mode/cfb */ + cfb: cfb, + /** @see module:crypto/mode/gcm */ + gcm: GCM, + experimentalGCM: GCM, + /** @see module:crypto/mode/eax */ + eax: EAX, + /** @see module:crypto/mode/ocb */ + ocb: OCB +}; -function rotw(w, n) { - return (w << n | w >>> (32 - n)) & MAXINT; +// Operations are not constant time, but we try and limit timing leakage where we can +const _0n$8 = BigInt(0); +const _1n$d = BigInt(1); +function uint8ArrayToBigInt(bytes) { + const hexAlphabet = '0123456789ABCDEF'; + let s = ''; + bytes.forEach(v => { + s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; + }); + return BigInt('0x0' + s); +} +function mod$2(a, m) { + const reduced = a % m; + return reduced < _0n$8 ? reduced + m : reduced; +} +/** + * Compute modular exponentiation using square and multiply + * @param {BigInt} a - Base + * @param {BigInt} e - Exponent + * @param {BigInt} n - Modulo + * @returns {BigInt} b ** e mod n. + */ +function modExp(b, e, n) { + if (n === _0n$8) + throw Error('Modulo cannot be zero'); + if (n === _1n$d) + return BigInt(0); + if (e < _0n$8) + throw Error('Unsopported negative exponent'); + let exp = e; + let x = b; + x %= n; + let r = BigInt(1); + while (exp > _0n$8) { + const lsb = exp & _1n$d; + exp >>= _1n$d; // e / 2 + // Always compute multiplication step, to reduce timing leakage + const rx = (r * x) % n; + // Update r only if lsb is 1 (odd exponent) + r = lsb ? rx : r; + x = (x * x) % n; // Square + } + return r; } - -function getW(a, i) { - return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +function abs(x) { + return x >= _0n$8 ? x : -x; } - -function setW(a, i, w) { - a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +/** + * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) + * Given a and b, compute (x, y) such that ax + by = gdc(a, b). + * Negative numbers are also supported. + * @param {BigInt} a - First operand + * @param {BigInt} b - Second operand + * @returns {{ gcd, x, y: bigint }} + */ +function _egcd(aInput, bInput) { + let x = BigInt(0); + let y = BigInt(1); + let xPrev = BigInt(1); + let yPrev = BigInt(0); + // Deal with negative numbers: run algo over absolute values, + // and "move" the sign to the returned x and/or y. + // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers + let a = abs(aInput); + let b = abs(bInput); + const aNegated = aInput < _0n$8; + const bNegated = bInput < _0n$8; + while (b !== _0n$8) { + const q = a / b; + let tmp = x; + x = xPrev - q * x; + xPrev = tmp; + tmp = y; + y = yPrev - q * y; + yPrev = tmp; + tmp = b; + b = a % b; + a = tmp; + } + return { + x: aNegated ? -xPrev : xPrev, + y: bNegated ? -yPrev : yPrev, + gcd: a + }; +} +/** + * Compute the inverse of `a` modulo `n` + * Note: `a` and and `n` must be relatively prime + * @param {BigInt} a + * @param {BigInt} n - Modulo + * @returns {BigInt} x such that a*x = 1 mod n + * @throws {Error} if the inverse does not exist + */ +function modInv(a, n) { + const { gcd, x } = _egcd(a, n); + if (gcd !== _1n$d) { + throw new Error('Inverse does not exist'); + } + return mod$2(x + n, n); +} +/** + * Compute greatest common divisor between this and n + * @param {BigInt} aInput - Operand + * @param {BigInt} bInput - Operand + * @returns {BigInt} gcd + */ +function gcd(aInput, bInput) { + let a = aInput; + let b = bInput; + while (b !== _0n$8) { + const tmp = b; + b = a % b; + a = tmp; + } + return a; +} +/** + * Get this value as an exact Number (max 53 bits) + * Fails if this value is too large + * @returns {Number} + */ +function bigIntToNumber(x) { + const number = Number(x); + if (number > Number.MAX_SAFE_INTEGER) { + // We throw and error to conform with the bn.js implementation + throw new Error('Number can only safely store up to 53 bits'); + } + return number; +} +/** + * Get value of i-th bit + * @param {BigInt} x + * @param {Number} i - Bit index + * @returns {Number} Bit value. + */ +function getBit(x, i) { + const bit = (x >> BigInt(i)) & _1n$d; + return bit === _0n$8 ? 0 : 1; +} +/** + * Compute bit length + */ +function bitLength(x) { + // -1n >> -1n is -1n + // 1n >> 1n is 0n + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + let bitlen = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _1n$d) !== target) { + bitlen++; + } + return bitlen; +} +/** + * Compute byte length + */ +function byteLength(x) { + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + const _8n = BigInt(8); + let len = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _8n) !== target) { + len++; + } + return len; +} +/** + * Get Uint8Array representation of this number + * @param {String} endian - Endianess of output array (defaults to 'be') + * @param {Number} length - Of output array + * @returns {Uint8Array} + */ +function bigIntToUint8Array(x, endian = 'be', length) { + // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) + // this is faster than shift+mod iterations + let hex = x.toString(16); + if (hex.length % 2 === 1) { + hex = '0' + hex; + } + const rawLength = hex.length / 2; + const bytes = new Uint8Array(length || rawLength); + // parse hex + const offset = length ? length - rawLength : 0; + let i = 0; + while (i < rawLength) { + bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); + i++; + } + if (endian !== 'be') { + bytes.reverse(); + } + return bytes; } -function getB(x, n) { - return (x >>> (n * 8)) & 0xFF; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const nodeCrypto$4 = util.getNodeCrypto(); + +/** + * Retrieve secure random byte array of the specified length + * @param {Integer} length - Length in bytes to generate + * @returns {Uint8Array} Random byte array. + */ +function getRandomBytes(length) { + const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto$4?.webcrypto; + if (webcrypto?.getRandomValues) { + const buf = new Uint8Array(length); + return webcrypto.getRandomValues(buf); + } else { + throw new Error('No secure random number generator available.'); + } } -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Twofish -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +/** + * Create a secure random BigInt that is greater than or equal to min and less than max. + * @param {bigint} min - Lower bound, included + * @param {bigint} max - Upper bound, excluded + * @returns {bigint} Random BigInt. + * @async + */ +function getRandomBigInteger(min, max) { + if (max < min) { + throw new Error('Illegal parameter value: max <= min'); + } -function createTwofish() { - // - let keyBytes = null; - let dataBytes = null; - let dataOffset = -1; - // var dataLength = -1; - // var idx2 = -1; - // + const modulus = max - min; + const bytes = byteLength(modulus); - let tfsKey = []; - let tfsM = [ - [], - [], - [], - [] - ]; + // Using a while loop is necessary to avoid bias introduced by the mod operation. + // However, we request 64 extra random bits so that the bias is negligible. + // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8)); + return mod$2(r, modulus) + min; +} - function tfsInit(key) { - keyBytes = key; - let i; - let a; - let b; - let c; - let d; - const meKey = []; - const moKey = []; - const inKey = []; - let kLen; - const sKey = []; - let f01; - let f5b; - let fef; +var random = /*#__PURE__*/Object.freeze({ + __proto__: null, + getRandomBigInteger: getRandomBigInteger, + getRandomBytes: getRandomBytes +}); - const q0 = [ - [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], - [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] - ]; - const q1 = [ - [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], - [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] - ]; - const q2 = [ - [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], - [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] - ]; - const q3 = [ - [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], - [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] - ]; - const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; - const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; - const q = [ - [], - [] - ]; - const m = [ - [], - [], - [], - [] - ]; - - function ffm5b(x) { - return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +/** + * @fileoverview Algorithms for probabilistic random prime generation + * @module crypto/public_key/prime + */ +const _1n$c = BigInt(1); +/** + * Generate a probably prime random number + * @param bits - Bit length of the prime + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function randomProbablePrime(bits, e, k) { + const _30n = BigInt(30); + const min = _1n$c << BigInt(bits - 1); + /* + * We can avoid any multiples of 3 and 5 by looking at n mod 30 + * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 + * the next possible prime is mod 30: + * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 + */ + const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; + let n = getRandomBigInteger(min, min << _1n$c); + let i = bigIntToNumber(mod$2(n, _30n)); + do { + n += BigInt(adds[i]); + i = (i + adds[i]) % adds.length; + // If reached the maximum, go back to the minimum. + if (bitLength(n) > bits) { + n = mod$2(n, min << _1n$c); + n += min; + i = bigIntToNumber(mod$2(n, _30n)); + } + } while (!isProbablePrime(n, e, k)); + return n; +} +/** + * Probabilistic primality testing + * @param n - Number to test + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function isProbablePrime(n, e, k) { + if (e && gcd(n - _1n$c, e) !== _1n$c) { + return false; } - - function ffmEf(x) { - return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + if (!divisionTest(n)) { + return false; } - - function mdsRem(p, q) { - let i; - let t; - let u; - for (i = 0; i < 8; i++) { - t = q >>> 24; - q = ((q << 8) & MAXINT) | p >>> 24; - p = (p << 8) & MAXINT; - u = t << 1; - if (t & 128) { - u ^= 333; + if (!fermat(n)) { + return false; + } + if (!millerRabin(n, k)) { + return false; + } + // TODO implement the Lucas test + // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + return true; +} +/** + * Tests whether n is probably prime or not using Fermat's test with b = 2. + * Fails if b^(n-1) mod n != 1. + * @param n - Number to test + * @param b - Optional Fermat test base + */ +function fermat(n, b = BigInt(2)) { + return modExp(b, n - _1n$c, n) === _1n$c; +} +function divisionTest(n) { + const _0n = BigInt(0); + return smallPrimes.every(m => mod$2(n, m) !== _0n); +} +// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c +const smallPrimes = [ + 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +].map(n => BigInt(n)); +// Miller-Rabin - Miller Rabin algorithm for primality test +// Copyright Fedor Indutny, 2014. +// +// This software is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. +// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin +// Sample syntax for Fixed-Base Miller-Rabin: +// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) +/** + * Tests whether n is probably prime or not using the Miller-Rabin test. + * See HAC Remark 4.28. + * @param n - Number to test + * @param k - Optional number of iterations of Miller-Rabin test + * @param rand - Optional function to generate potential witnesses + * @returns {boolean} + * @async + */ +function millerRabin(n, k, rand) { + const len = bitLength(n); + if (!k) { + k = Math.max(1, (len / 48) | 0); + } + const n1 = n - _1n$c; // n - 1 + // Find d and s, (n - 1) = (2 ^ s) * d; + let s = 0; + while (!getBit(n1, s)) { + s++; + } + const d = n >> BigInt(s); + for (; k > 0; k--) { + const a = getRandomBigInteger(BigInt(2), n1); + let x = modExp(a, d, n); + if (x === _1n$c || x === n1) { + continue; } - q ^= t ^ (u << 16); - u ^= t >>> 1; - if (t & 1) { - u ^= 166; + let i; + for (i = 1; i < s; i++) { + x = mod$2(x * x, n); + if (x === _1n$c) { + return false; + } + if (x === n1) { + break; + } + } + if (i === s) { + return false; } - q ^= u << 24 | u << 8; - } - return q; - } - - function qp(n, x) { - const a = x >> 4; - const b = x & 15; - const c = q0[n][a ^ b]; - const d = q1[n][ror4[b] ^ ashx[a]]; - return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; } + return true; +} - function hFun(x, key) { - let a = getB(x, 0); - let b = getB(x, 1); - let c = getB(x, 2); - let d = getB(x, 3); - switch (kLen) { - case 4: - a = q[1][a] ^ getB(key[3], 0); - b = q[0][b] ^ getB(key[3], 1); - c = q[0][c] ^ getB(key[3], 2); - d = q[1][d] ^ getB(key[3], 3); - case 3: - a = q[1][a] ^ getB(key[2], 0); - b = q[1][b] ^ getB(key[2], 1); - c = q[0][c] ^ getB(key[2], 2); - d = q[0][d] ^ getB(key[2], 3); - case 2: - a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); - b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); - c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); - d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); - } - return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - keyBytes = keyBytes.slice(0, 32); - i = keyBytes.length; - while (i !== 16 && i !== 24 && i !== 32) { - keyBytes[i++] = 0; - } - for (i = 0; i < keyBytes.length; i += 4) { - inKey[i >> 2] = getW(keyBytes, i); - } - for (i = 0; i < 256; i++) { - q[0][i] = qp(0, i); - q[1][i] = qp(1, i); - } - for (i = 0; i < 256; i++) { - f01 = q[1][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); - m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); - f01 = q[0][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); - m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); - } +/** + * ASN1 object identifiers for hashes + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} + */ +const hash_headers = []; +hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, + 0x10]; +hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; +hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; +hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20]; +hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, + 0x04, 0x30]; +hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40]; +hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, + 0x00, 0x04, 0x1C]; - kLen = inKey.length / 2; - for (i = 0; i < kLen; i++) { - a = inKey[i + i]; - meKey[i] = a; - b = inKey[i + i + 1]; - moKey[i] = b; - sKey[kLen - i - 1] = mdsRem(a, b); - } - for (i = 0; i < 40; i += 2) { - a = 0x1010101 * i; - b = a + 0x1010101; - a = hFun(a, meKey); - b = rotw(hFun(b, moKey), 8); - tfsKey[i] = (a + b) & MAXINT; - tfsKey[i + 1] = rotw(a + 2 * b, 9); - } - for (i = 0; i < 256; i++) { - a = b = c = d = i; - switch (kLen) { - case 4: - a = q[1][a] ^ getB(sKey[3], 0); - b = q[0][b] ^ getB(sKey[3], 1); - c = q[0][c] ^ getB(sKey[3], 2); - d = q[1][d] ^ getB(sKey[3], 3); - case 3: - a = q[1][a] ^ getB(sKey[2], 0); - b = q[1][b] ^ getB(sKey[2], 1); - c = q[0][c] ^ getB(sKey[2], 2); - d = q[0][d] ^ getB(sKey[2], 3); - case 2: - tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; - tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; - tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; - tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; +/** + * Create padding with secure random data + * @private + * @param {Integer} length - Length of the padding in bytes + * @returns {Uint8Array} Random padding. + */ +function getPKCS1Padding(length) { + const result = new Uint8Array(length); + let count = 0; + while (count < length) { + const randomBytes = getRandomBytes(length - count); + for (let i = 0; i < randomBytes.length; i++) { + if (randomBytes[i] !== 0) { + result[count++] = randomBytes[i]; } } } + return result; +} - function tfsG0(x) { - return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; - } - - function tfsG1(x) { - return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; - } - - function tfsFrnd(r, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); - blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); - blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; +/** + * Create a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} + * @param {Uint8Array} message - Message to be encoded + * @param {Integer} keyLength - The length in octets of the key modulus + * @returns {Uint8Array} EME-PKCS1 padded message. + */ +function emeEncode(message, keyLength) { + const mLength = message.length; + // length checking + if (mLength > keyLength - 11) { + throw new Error('Message too long'); } + // Generate an octet string PS of length k - mLen - 3 consisting of + // pseudo-randomly generated nonzero octets + const PS = getPKCS1Padding(keyLength - mLength - 3); + // Concatenate PS, the message M, and other padding to form an + // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. + const encoded = new Uint8Array(keyLength); + // 0x00 byte + encoded[1] = 2; + encoded.set(PS, 2); + // 0x00 bytes + encoded.set(message, keyLength - mLength); + return encoded; +} - function tfsIrnd(i, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; - blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; - blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); +/** + * Decode a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} + * @param {Uint8Array} encoded - Encoded message bytes + * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) + * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) + * @throws {Error} on decoding failure, unless `randomPayload` is provided + */ +function emeDecode(encoded, randomPayload) { + // encoded format: 0x00 0x02 0x00 + let offset = 2; + let separatorNotFound = 1; + for (let j = offset; j < encoded.length; j++) { + separatorNotFound &= encoded[j] !== 0; + offset += separatorNotFound; } - function tfsClose() { - tfsKey = []; - tfsM = [ - [], - [], - [], - [] - ]; - } + const psLen = offset - 2; + const payload = encoded.subarray(offset + 1); // discard the 0x00 separator + const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - function tfsEncrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], - getW(dataBytes, dataOffset + 4) ^ tfsKey[1], - getW(dataBytes, dataOffset + 8) ^ tfsKey[2], - getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; - for (let j = 0; j < 8; j++) { - tfsFrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); - dataOffset += 16; - return dataBytes; + if (randomPayload) { + return util.selectUint8Array(isValidPadding, payload, randomPayload); } - function tfsDecrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], - getW(dataBytes, dataOffset + 4) ^ tfsKey[5], - getW(dataBytes, dataOffset + 8) ^ tfsKey[6], - getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; - for (let j = 7; j >= 0; j--) { - tfsIrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); - dataOffset += 16; + if (isValidPadding) { + return payload; } - // added by Recurity Labs + throw new Error('Decryption error'); +} - function tfsFinal() { - return dataBytes; +/** + * Create a EMSA-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} + * @param {Integer} algo - Hash algorithm type used + * @param {Uint8Array} hashed - Message to be encoded + * @param {Integer} emLen - Intended length in octets of the encoded message + * @returns {Uint8Array} Encoded message. + */ +function emsaEncode(algo, hashed, emLen) { + let i; + if (hashed.length !== hash$1.getHashByteLength(algo)) { + throw new Error('Invalid hash length'); + } + // produce an ASN.1 DER value for the hash function used. + // Let T be the full hash prefix + const hashPrefix = new Uint8Array(hash_headers[algo].length); + for (i = 0; i < hash_headers[algo].length; i++) { + hashPrefix[i] = hash_headers[algo][i]; + } + // and let tLen be the length in octets prefix and hashed data + const tLen = hashPrefix.length + hashed.length; + if (emLen < tLen + 11) { + throw new Error('Intended encoded message length too short'); } + // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF + // The length of PS will be at least 8 octets + const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - return { - name: 'twofish', - blocksize: 128 / 8, - open: tfsInit, - close: tfsClose, - encrypt: tfsEncrypt, - decrypt: tfsDecrypt, - // added by Recurity Labs - finalize: tfsFinal - }; + // Concatenate PS, the hash prefix, hashed data, and other padding to form the + // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed + const EM = new Uint8Array(emLen); + EM[1] = 0x01; + EM.set(PS, 2); + EM.set(hashPrefix, emLen - tLen); + EM.set(hashed, emLen - hashed.length); + return EM; } -// added by Recurity Labs +var pkcs1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + emeDecode: emeDecode, + emeEncode: emeEncode, + emsaEncode: emsaEncode +}); -function TF(key) { - this.tf = createTwofish(); - this.tf.open(Array.from(key), 0); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - this.encrypt = function(block) { - return this.tf.encrypt(Array.from(block), 0); - }; -} -TF.keySize = TF.prototype.keySize = 32; -TF.blockSize = TF.prototype.blockSize = 16; +const webCrypto$5 = util.getWebCrypto(); +const nodeCrypto$3 = util.getNodeCrypto(); +const _1n$b = BigInt(1); -/* Modified by Recurity Labs GmbH - * - * Originally written by nklein software (nklein.com) +/** Create signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} hashed - Hashed message + * @returns {Promise} RSA Signature. + * @async */ +async function sign$6(hashAlgo, data, n, e, d, p, q, u, hashed) { + if (hash$1.getHashByteLength(hashAlgo) >= n.length) { + // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error + // e.g. if a 512-bit RSA key is used with a SHA-512 digest. + // The size limit is actually slightly different but here we only care about throwing + // on common key sizes. + throw new Error('Digest size cannot exceed key modulus size'); + } -/* - * Javascript implementation based on Bruce Schneier's reference implementation. - * - * - * The constructor doesn't do much of anything. It's just here - * so we can start defining properties and methods and such. - */ -function Blowfish() {} + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webSign$1(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeSign$1(hashAlgo, data, n, e, d, p, q, u); + } + } + return bnSign(hashAlgo, n, d, hashed); +} -/* - * Declare the block size so that protocols know what size - * Initialization Vector (IV) they will need. +/** + * Verify signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} s - Signature + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} hashed - Hashed message + * @returns {Boolean} + * @async */ -Blowfish.prototype.BLOCKSIZE = 8; +async function verify$6(hashAlgo, data, s, n, e, hashed) { + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webVerify$1(enums.read(enums.webHash, hashAlgo), data, s, n, e); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeVerify$1(hashAlgo, data, s, n, e); + } + } + return bnVerify(hashAlgo, s, n, e, hashed); +} -/* - * These are the default SBOXES. +/** + * Encrypt message + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @returns {Promise} RSA Ciphertext. + * @async */ -Blowfish.prototype.SBOXES = [ - [ - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, - 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, - 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, - 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, - 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, - 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, - 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, - 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, - 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, - 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, - 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, - 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, - 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, - 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, - 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, - 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, - 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, - 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, - 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, - 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, - 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, - 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a - ], - [ - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 - ], - [ - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 - ], - [ - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 - ] -]; - -//* -//* This is the default PARRAY -//* -Blowfish.prototype.PARRAY = [ - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b -]; - -//* -//* This is the number of rounds the cipher will go -//* -Blowfish.prototype.NN = 16; - -//* -//* This function is needed to get rid of problems -//* with the high-bit getting set. If we don't do -//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not -//* equal to ( bb & 0x00FFFFFFFF ) even when they -//* agree bit-for-bit for the first 32 bits. -//* -Blowfish.prototype._clean = function(xx) { - if (xx < 0) { - const yy = xx & 0x7FFFFFFF; - xx = yy + 0x80000000; +async function encrypt$4(data, n, e) { + if (util.getNodeCrypto()) { + return nodeEncrypt(data, n, e); } - return xx; -}; - -//* -//* This is the mixing function that uses the sboxes -//* -Blowfish.prototype._F = function(xx) { - let yy; - - const dd = xx & 0x00FF; - xx >>>= 8; - const cc = xx & 0x00FF; - xx >>>= 8; - const bb = xx & 0x00FF; - xx >>>= 8; - const aa = xx & 0x00FF; + return bnEncrypt(data, n, e); +} - yy = this.sboxes[0][aa] + this.sboxes[1][bb]; - yy ^= this.sboxes[2][cc]; - yy += this.sboxes[3][dd]; +/** + * Decrypt RSA message + * @param {Uint8Array} m - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} RSA Plaintext. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$4(data, n, e, d, p, q, u, randomPayload) { + // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, + // and we want to avoid checking the error type to decide if the random payload + // should indeed be returned. + if (util.getNodeCrypto() && !randomPayload) { + try { + return await nodeDecrypt(data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } + return bnDecrypt(data, n, e, d, p, q, u, randomPayload); +} - return yy; -}; +/** + * Generate a new random private key B bits long with public exponent E. + * + * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using + * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. + * @see module:crypto/public_key/prime + * @param {Integer} bits - RSA bit length + * @param {Integer} e - RSA public exponent + * @returns {{n, e, d, + * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, + * RSA private prime p, RSA private prime q, u = p ** -1 mod q + * @async + */ +async function generate$4(bits, e) { + e = BigInt(e); -//* -//* This method takes an array with two values, left and right -//* and does NN rounds of Blowfish on them. -//* -Blowfish.prototype._encryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; + // Native RSA keygen using Web Crypto + if (util.getWebCrypto()) { + const keyGenOpt = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: bits, // the specified keysize in bits + publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent + hash: { + name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' + } + }; + const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - let ii; + // export the generated keys as JsonWebKey (JWK) + // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 + const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); + // map JWK parameters to corresponding OpenPGP names + return jwkToPrivate(jwk, e); + } else if (util.getNodeCrypto()) { + const opts = { + modulusLength: bits, + publicExponent: bigIntToNumber(e), + publicKeyEncoding: { type: 'pkcs1', format: 'jwk' }, + privateKeyEncoding: { type: 'pkcs1', format: 'jwk' } + }; + const jwk = await new Promise((resolve, reject) => { + nodeCrypto$3.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => { + if (err) { + reject(err); + } else { + resolve(jwkPrivateKey); + } + }); + }); + return jwkToPrivate(jwk, e); + } - for (ii = 0; ii < this.NN; ++ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; + // RSA keygen fallback using 40 iterations of the Miller-Rabin test + // See https://stackoverflow.com/a/6330138 for justification + // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST + let p; + let q; + let n; + do { + q = randomProbablePrime(bits - (bits >> 1), e, 40); + p = randomProbablePrime(bits >> 1, e, 40); + n = p * q; + } while (bitLength(n) !== bits); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + const phi = (p - _1n$b) * (q - _1n$b); + + if (q < p) { + [p, q] = [q, p]; } - dataL ^= this.parray[this.NN + 0]; - dataR ^= this.parray[this.NN + 1]; + return { + n: bigIntToUint8Array(n), + e: bigIntToUint8Array(e), + d: bigIntToUint8Array(modInv(e, phi)), + p: bigIntToUint8Array(p), + q: bigIntToUint8Array(q), + // dp: d.mod(p.subn(1)), + // dq: d.mod(q.subn(1)), + u: bigIntToUint8Array(modInv(p, q)) + }; +} - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; +/** + * Validate RSA parameters + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA inverse of p w.r.t. q + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$9(n, e, d, p, q, u) { + n = uint8ArrayToBigInt(n); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); -//* -//* This method takes a vector of numbers and turns them -//* into long words so that they can be processed by the -//* real algorithm. -//* -//* Maybe I should make the real algorithm above take a vector -//* instead. That will involve more looping, but it won't require -//* the F() method to deconstruct the vector. -//* -Blowfish.prototype.encryptBlock = function(vector) { - let ii; - const vals = [0, 0]; - const off = this.BLOCKSIZE / 2; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); - vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); + // expect pq = n + if ((p * q) !== n) { + return false; } - this._encryptBlock(vals); + const _2n = BigInt(2); + // expect p*u = 1 mod q + u = uint8ArrayToBigInt(u); + if (mod$2(p * u, q) !== BigInt(1)) { + return false; + } - const ret = []; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); - ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); - // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); - // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + /** + * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) + * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] + * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] + * + * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) + */ + const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3)); + const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q + const rde = r * d * e; + + const areInverses = mod$2(rde, p - _1n$b) === r && mod$2(rde, q - _1n$b) === r; + if (!areInverses) { + return false; } - return ret; -}; + return true; +} -//* -//* This method takes an array with two values, left and right -//* and undoes NN rounds of Blowfish on them. -//* -Blowfish.prototype._decryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; +async function bnSign(hashAlgo, n, d, hashed) { + n = uint8ArrayToBigInt(n); + const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n))); + d = uint8ArrayToBigInt(d); + return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n)); +} - let ii; +async function webSign$1(hashName, data, n, e, d, p, q, u) { + /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. + * We swap them in privateToJWK, so it usually works out, but nevertheless, + * not all OpenPGP keys are compatible with this requirement. + * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still + * does if the underlying Web Crypto does so (though the tested implementations + * don't do so). + */ + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const algo = { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }; + const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); + return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); +} - for (ii = this.NN + 1; ii > 1; --ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; +async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) { + const sign = nodeCrypto$3.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(data); + sign.end(); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + const jwk = await privateToJWK$1(n, e, d, p, q, u); + return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' })); +} + +async function bnVerify(hashAlgo, s, n, e, hashed) { + n = uint8ArrayToBigInt(n); + s = uint8ArrayToBigInt(s); + e = uint8ArrayToBigInt(e); + if (s >= n) { + throw new Error('Signature size cannot exceed modulus size'); } + const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n)); + const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n)); + return util.equalsUint8Array(EM1, EM2); +} - dataL ^= this.parray[1]; - dataR ^= this.parray[0]; +async function webVerify$1(hashName, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = await webCrypto$5.importKey('jwk', jwk, { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }, false, ['verify']); + return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); +} - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; +async function nodeVerify$1(hashAlgo, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1' }; -//* -//* This method takes a key array and initializes the -//* sboxes and parray for this encryption. -//* -Blowfish.prototype.init = function(key) { - let ii; - let jj = 0; + const verify = nodeCrypto$3.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(data); + verify.end(); - this.parray = []; - for (ii = 0; ii < this.NN + 2; ++ii) { - let data = 0x00000000; - for (let kk = 0; kk < 4; ++kk) { - data = (data << 8) | (key[jj] & 0x00FF); - if (++jj >= key.length) { - jj = 0; - } - } - this.parray[ii] = this.PARRAY[ii] ^ data; + try { + return verify.verify(key, s); + } catch (err) { + return false; } +} - this.sboxes = []; - for (ii = 0; ii < 4; ++ii) { - this.sboxes[ii] = []; - for (jj = 0; jj < 256; ++jj) { - this.sboxes[ii][jj] = this.SBOXES[ii][jj]; - } +async function nodeEncrypt(data, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; + + return new Uint8Array(nodeCrypto$3.publicEncrypt(key, data)); +} + +async function bnEncrypt(data, n, e) { + n = uint8ArrayToBigInt(n); + data = uint8ArrayToBigInt(emeEncode(data, byteLength(n))); + e = uint8ArrayToBigInt(e); + if (data >= n) { + throw new Error('Message size cannot exceed modulus size'); } + return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n)); +} - const vals = [0x00000000, 0x00000000]; +async function nodeDecrypt(data, n, e, d, p, q, u) { + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; - for (ii = 0; ii < this.NN + 2; ii += 2) { - this._encryptBlock(vals); - this.parray[ii + 0] = vals[0]; - this.parray[ii + 1] = vals[1]; + try { + return new Uint8Array(nodeCrypto$3.privateDecrypt(key, data)); + } catch (err) { + throw new Error('Decryption error'); } +} - for (ii = 0; ii < 4; ++ii) { - for (jj = 0; jj < 256; jj += 2) { - this._encryptBlock(vals); - this.sboxes[ii][jj + 0] = vals[0]; - this.sboxes[ii][jj + 1] = vals[1]; - } +async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { + data = uint8ArrayToBigInt(data); + n = uint8ArrayToBigInt(n); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + u = uint8ArrayToBigInt(u); + if (data >= n) { + throw new Error('Data too large.'); } -}; + const dq = mod$2(d, q - _1n$b); // d mod (q-1) + const dp = mod$2(d, p - _1n$b); // d mod (p-1) -// added by Recurity Labs -function BF(key) { - this.bf = new Blowfish(); - this.bf.init(key); + const unblinder = getRandomBigInteger(BigInt(2), n); + const blinder = modExp(modInv(unblinder, n), e, n); + data = mod$2(data * blinder, n); - this.encrypt = function(block) { - return this.bf.encryptBlock(block); - }; -} + const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p + const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q + const h = mod$2(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q) -BF.keySize = BF.prototype.keySize = 16; -BF.blockSize = BF.prototype.blockSize = 8; + let result = h * p + mp; // result < n due to relations above -/** - * @fileoverview Symmetric cryptography functions - * @module crypto/cipher - * @private + result = mod$2(result * unblinder, n); + + return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload); +} + +/** Convert Openpgp private key params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + * @param {Uint8Array} d + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} u */ +async function privateToJWK$1(n, e, d, p, q, u) { + const pNum = uint8ArrayToBigInt(p); + const qNum = uint8ArrayToBigInt(q); + const dNum = uint8ArrayToBigInt(d); -/** - * AES-128 encryption and decryption (ID 7) - * @function - * @param {String} key - 128-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} + let dq = mod$2(dNum, qNum - _1n$b); // d mod (q-1) + let dp = mod$2(dNum, pNum - _1n$b); // d mod (p-1) + dp = bigIntToUint8Array(dp); + dq = bigIntToUint8Array(dq); + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + d: uint8ArrayToB64(d), + // switch p and q + p: uint8ArrayToB64(q), + q: uint8ArrayToB64(p), + // switch dp and dq + dp: uint8ArrayToB64(dq), + dq: uint8ArrayToB64(dp), + qi: uint8ArrayToB64(u), + ext: true + }; +} + +/** Convert Openpgp key public params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e */ -const aes128 = aes(128); -/** - * AES-128 Block Cipher (ID 8) - * @function - * @param {String} key - 192-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes192 = aes(192); -/** - * AES-128 Block Cipher (ID 9) - * @function - * @param {String} key - 256-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes256 = aes(256); -// Not in OpenPGP specifications -const des$1 = DES; -/** - * Triple DES Block Cipher (ID 2) - * @function - * @param {String} key - 192-bit key - * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67} - * @returns {Object} - */ -const tripledes = TripleDES; -/** - * CAST-128 Block Cipher (ID 3) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm} - * @returns {Object} - */ -const cast5 = CAST5; -/** - * Twofish Block Cipher (ID 10) - * @function - * @param {String} key - 256-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH} - * @returns {Object} - */ -const twofish = TF; -/** - * Blowfish Block Cipher (ID 4) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH} - * @returns {Object} - */ -const blowfish = BF; -/** - * Not implemented - * @function - * @throws {Error} - */ -const idea = function() { - throw new Error('IDEA symmetric-key algorithm not implemented'); -}; +function publicToJWK(n, e) { + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + ext: true + }; +} -var cipher = /*#__PURE__*/Object.freeze({ +/** Convert JWK private key to OpenPGP private key params */ +function jwkToPrivate(jwk, e) { + return { + n: b64ToUint8Array(jwk.n), + e: bigIntToUint8Array(e), + d: b64ToUint8Array(jwk.d), + // switch p and q + p: b64ToUint8Array(jwk.q), + q: b64ToUint8Array(jwk.p), + // Since p and q are switched in places, u is the inverse of jwk.q + u: b64ToUint8Array(jwk.qi) + }; +} + +var rsa = /*#__PURE__*/Object.freeze({ __proto__: null, - aes128: aes128, - aes192: aes192, - aes256: aes256, - des: des$1, - tripledes: tripledes, - cast5: cast5, - twofish: twofish, - blowfish: blowfish, - idea: idea + decrypt: decrypt$4, + encrypt: encrypt$4, + generate: generate$4, + sign: sign$6, + validateParams: validateParams$9, + verify: verify$6 }); -var sha1_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0, - w16 = 0, w17 = 0, w18 = 0, w19 = 0, - w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0, - w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0, - w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0, - w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0, - w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0, - w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - - // 0 - t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 1 - t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 2 - t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 3 - t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 4 - t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 5 - t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 6 - t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 7 - t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 8 - t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 9 - t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 10 - t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 11 - t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 12 - t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 13 - t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 14 - t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 15 - t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 16 - n = w13 ^ w8 ^ w2 ^ w0; - w16 = (n << 1) | (n >>> 31); - t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 17 - n = w14 ^ w9 ^ w3 ^ w1; - w17 = (n << 1) | (n >>> 31); - t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 18 - n = w15 ^ w10 ^ w4 ^ w2; - w18 = (n << 1) | (n >>> 31); - t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 19 - n = w16 ^ w11 ^ w5 ^ w3; - w19 = (n << 1) | (n >>> 31); - t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 20 - n = w17 ^ w12 ^ w6 ^ w4; - w20 = (n << 1) | (n >>> 31); - t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 21 - n = w18 ^ w13 ^ w7 ^ w5; - w21 = (n << 1) | (n >>> 31); - t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 22 - n = w19 ^ w14 ^ w8 ^ w6; - w22 = (n << 1) | (n >>> 31); - t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 23 - n = w20 ^ w15 ^ w9 ^ w7; - w23 = (n << 1) | (n >>> 31); - t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 24 - n = w21 ^ w16 ^ w10 ^ w8; - w24 = (n << 1) | (n >>> 31); - t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 25 - n = w22 ^ w17 ^ w11 ^ w9; - w25 = (n << 1) | (n >>> 31); - t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 26 - n = w23 ^ w18 ^ w12 ^ w10; - w26 = (n << 1) | (n >>> 31); - t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 27 - n = w24 ^ w19 ^ w13 ^ w11; - w27 = (n << 1) | (n >>> 31); - t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 28 - n = w25 ^ w20 ^ w14 ^ w12; - w28 = (n << 1) | (n >>> 31); - t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 29 - n = w26 ^ w21 ^ w15 ^ w13; - w29 = (n << 1) | (n >>> 31); - t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 30 - n = w27 ^ w22 ^ w16 ^ w14; - w30 = (n << 1) | (n >>> 31); - t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 31 - n = w28 ^ w23 ^ w17 ^ w15; - w31 = (n << 1) | (n >>> 31); - t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 32 - n = w29 ^ w24 ^ w18 ^ w16; - w32 = (n << 1) | (n >>> 31); - t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 33 - n = w30 ^ w25 ^ w19 ^ w17; - w33 = (n << 1) | (n >>> 31); - t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 34 - n = w31 ^ w26 ^ w20 ^ w18; - w34 = (n << 1) | (n >>> 31); - t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 35 - n = w32 ^ w27 ^ w21 ^ w19; - w35 = (n << 1) | (n >>> 31); - t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 36 - n = w33 ^ w28 ^ w22 ^ w20; - w36 = (n << 1) | (n >>> 31); - t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 37 - n = w34 ^ w29 ^ w23 ^ w21; - w37 = (n << 1) | (n >>> 31); - t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 38 - n = w35 ^ w30 ^ w24 ^ w22; - w38 = (n << 1) | (n >>> 31); - t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 39 - n = w36 ^ w31 ^ w25 ^ w23; - w39 = (n << 1) | (n >>> 31); - t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 40 - n = w37 ^ w32 ^ w26 ^ w24; - w40 = (n << 1) | (n >>> 31); - t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 41 - n = w38 ^ w33 ^ w27 ^ w25; - w41 = (n << 1) | (n >>> 31); - t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 42 - n = w39 ^ w34 ^ w28 ^ w26; - w42 = (n << 1) | (n >>> 31); - t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 43 - n = w40 ^ w35 ^ w29 ^ w27; - w43 = (n << 1) | (n >>> 31); - t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 44 - n = w41 ^ w36 ^ w30 ^ w28; - w44 = (n << 1) | (n >>> 31); - t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 45 - n = w42 ^ w37 ^ w31 ^ w29; - w45 = (n << 1) | (n >>> 31); - t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 46 - n = w43 ^ w38 ^ w32 ^ w30; - w46 = (n << 1) | (n >>> 31); - t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 47 - n = w44 ^ w39 ^ w33 ^ w31; - w47 = (n << 1) | (n >>> 31); - t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 48 - n = w45 ^ w40 ^ w34 ^ w32; - w48 = (n << 1) | (n >>> 31); - t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 49 - n = w46 ^ w41 ^ w35 ^ w33; - w49 = (n << 1) | (n >>> 31); - t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 50 - n = w47 ^ w42 ^ w36 ^ w34; - w50 = (n << 1) | (n >>> 31); - t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 51 - n = w48 ^ w43 ^ w37 ^ w35; - w51 = (n << 1) | (n >>> 31); - t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 52 - n = w49 ^ w44 ^ w38 ^ w36; - w52 = (n << 1) | (n >>> 31); - t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 53 - n = w50 ^ w45 ^ w39 ^ w37; - w53 = (n << 1) | (n >>> 31); - t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 54 - n = w51 ^ w46 ^ w40 ^ w38; - w54 = (n << 1) | (n >>> 31); - t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 55 - n = w52 ^ w47 ^ w41 ^ w39; - w55 = (n << 1) | (n >>> 31); - t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 56 - n = w53 ^ w48 ^ w42 ^ w40; - w56 = (n << 1) | (n >>> 31); - t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 57 - n = w54 ^ w49 ^ w43 ^ w41; - w57 = (n << 1) | (n >>> 31); - t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 58 - n = w55 ^ w50 ^ w44 ^ w42; - w58 = (n << 1) | (n >>> 31); - t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 59 - n = w56 ^ w51 ^ w45 ^ w43; - w59 = (n << 1) | (n >>> 31); - t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 60 - n = w57 ^ w52 ^ w46 ^ w44; - w60 = (n << 1) | (n >>> 31); - t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 61 - n = w58 ^ w53 ^ w47 ^ w45; - w61 = (n << 1) | (n >>> 31); - t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 62 - n = w59 ^ w54 ^ w48 ^ w46; - w62 = (n << 1) | (n >>> 31); - t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 63 - n = w60 ^ w55 ^ w49 ^ w47; - w63 = (n << 1) | (n >>> 31); - t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 64 - n = w61 ^ w56 ^ w50 ^ w48; - w64 = (n << 1) | (n >>> 31); - t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 65 - n = w62 ^ w57 ^ w51 ^ w49; - w65 = (n << 1) | (n >>> 31); - t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 66 - n = w63 ^ w58 ^ w52 ^ w50; - w66 = (n << 1) | (n >>> 31); - t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 67 - n = w64 ^ w59 ^ w53 ^ w51; - w67 = (n << 1) | (n >>> 31); - t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 68 - n = w65 ^ w60 ^ w54 ^ w52; - w68 = (n << 1) | (n >>> 31); - t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 69 - n = w66 ^ w61 ^ w55 ^ w53; - w69 = (n << 1) | (n >>> 31); - t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 70 - n = w67 ^ w62 ^ w56 ^ w54; - w70 = (n << 1) | (n >>> 31); - t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 71 - n = w68 ^ w63 ^ w57 ^ w55; - w71 = (n << 1) | (n >>> 31); - t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 72 - n = w69 ^ w64 ^ w58 ^ w56; - w72 = (n << 1) | (n >>> 31); - t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 73 - n = w70 ^ w65 ^ w59 ^ w57; - w73 = (n << 1) | (n >>> 31); - t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 74 - n = w71 ^ w66 ^ w60 ^ w58; - w74 = (n << 1) | (n >>> 31); - t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 75 - n = w72 ^ w67 ^ w61 ^ w59; - w75 = (n << 1) | (n >>> 31); - t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 76 - n = w73 ^ w68 ^ w62 ^ w60; - w76 = (n << 1) | (n >>> 31); - t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 77 - n = w74 ^ w69 ^ w63 ^ w61; - w77 = (n << 1) | (n >>> 31); - t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 78 - n = w75 ^ w70 ^ w64 ^ w62; - w78 = (n << 1) | (n >>> 31); - t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 79 - n = w76 ^ w71 ^ w65 ^ w63; - w79 = (n << 1) | (n >>> 31); - t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - } - - function reset () { - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if ( offset & 63 ) - return -1; - if ( ~output ) - if ( output & 31 ) - return -1; +const _1n$a = BigInt(1); - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; +/** + * ElGamal Encryption function + * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) + * @param {Uint8Array} data - To be padded and encrypted + * @param {Uint8Array} p + * @param {Uint8Array} g + * @param {Uint8Array} y + * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} + * @async + */ +async function encrypt$3(data, p, g, y) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } + const padded = emeEncode(data, byteLength(p)); + const m = uint8ArrayToBigInt(padded); - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0; + // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* + // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] + const k = getRandomBigInteger(_1n$a, p - _1n$a); + return { + c1: bigIntToUint8Array(modExp(g, k, p)), + c2: bigIntToUint8Array(mod$2(modExp(y, k, p) * m, p)) + }; +} - HEAP[offset|length] = 0x80; +/** + * ElGamal Encryption function + * @param {Uint8Array} c1 + * @param {Uint8Array} c2 + * @param {Uint8Array} p + * @param {Uint8Array} x + * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} Unpadded message. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$3(c1, c2, p, x, randomPayload) { + c1 = uint8ArrayToBigInt(c1); + c2 = uint8ArrayToBigInt(c2); + p = uint8ArrayToBigInt(p); + x = uint8ArrayToBigInt(x); - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - _core_heap(offset); + const padded = mod$2(modInv(modExp(c1, x, p), p) * c2, p); + return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload); +} - length = 0; +/** + * Validate ElGamal parameters + * @param {Uint8Array} p - ElGamal prime + * @param {Uint8Array} g - ElGamal group generator + * @param {Uint8Array} y - ElGamal public key + * @param {Uint8Array} x - ElGamal private exponent + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$8(p, g, y, x) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - HEAP[offset|0] = 0; - } + // Check that 1 < g < p + if (g <= _1n$a || g >= p) { + return false; + } - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; + // Expect p-1 to be large + const pSize = BigInt(bitLength(p)); + const _1023n = BigInt(1023); + if (pSize < _1023n) { + return false; + } - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; + /** + * g should have order p-1 + * Check that g ** (p-1) = 1 mod p + */ + if (modExp(g, p - _1n$a, p) !== _1n$a) { + return false; + } - TOTAL0 = 64; - TOTAL1 = 0; + /** + * Since p-1 is not prime, g might have a smaller order that divides p-1 + * We want to make sure that the order is large enough to hinder a small subgroup attack + * + * We just check g**i != 1 for all i up to a threshold + */ + let res = g; + let i = BigInt(1); + const _2n = BigInt(2); + const threshold = _2n << BigInt(17); // we want order > threshold + while (i < threshold) { + res = mod$2(res * g, p); + if (res === _1n$a) { + return false; } + i++; + } - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{r(p-1) + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const r = getRandomBigInteger(_2n << (pSize - _1n$a), _2n << pSize); // draw r of same size as p-1 + const rqx = (p - _1n$a) * r + x; + if (y !== modExp(g, rqx, p)) { + return false; + } - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); + return true; +} - if ( ~output ) - _state_to_heap(output); +var elgamal = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$3, + encrypt: encrypt$3, + validateParams: validateParams$8 +}); - return hashed|0; - } +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// See utils.ts for details. +const crypto$3 = + nc && typeof nc === 'object' && 'webcrypto' in nc ? nc.webcrypto : undefined; - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; +const nacl = {}; - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; +// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. +// Public domain. +// +// Implementation derived from TweetNaCl version 20140427. +// See for details: http://tweetnacl.cr.yp.to/ - if ( offset & 63 ) - return -1; +var gf = function(init) { + var i, r = new Float64Array(16); + if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; + return r; +}; - if ( ~output ) - if ( output & 31 ) - return -1; +// Pluggable, initialized in high-level API below. +var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; +var _9 = new Uint8Array(32); _9[0] = 9; - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4; - count = (count-1)|0; +var gf0 = gf(), + gf1 = gf([1]), + _121665 = gf([0xdb41, 1]), + D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), + D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), + X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), + Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), + I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; +function ts64(x, i, h, l) { + x[i] = (h >> 24) & 0xff; + x[i+1] = (h >> 16) & 0xff; + x[i+2] = (h >> 8) & 0xff; + x[i+3] = h & 0xff; + x[i+4] = (l >> 24) & 0xff; + x[i+5] = (l >> 16) & 0xff; + x[i+6] = (l >> 8) & 0xff; + x[i+7] = l & 0xff; +} - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; +function vn(x, xi, y, yi, n) { + var i,d = 0; + for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; + return (1 & ((d - 1) >>> 8)) - 1; +} - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; +function crypto_verify_32(x, xi, y, yi) { + return vn(x,xi,y,yi,32); +} - count = (count-1)|0; - } +function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) r[i] = a[i]|0; +} - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; +function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; i++) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c-1 + 37 * (c-1); +} - if ( ~output ) - _state_to_heap(output); +function sel25519(p, q, b) { + var t, c = ~(b-1); + for (var i = 0; i < 16; i++) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; + } +} - return 0; +function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; i++) t[i] = n[i]; + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; j++) { + m[0] = t[0] - 0xffed; + for (i = 1; i < 15; i++) { + m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); + m[i-1] &= 0xffff; } + m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); + b = (m[15]>>16) & 1; + m[14] &= 0xffff; + sel25519(t, m, 1-b); + } + for (i = 0; i < 16; i++) { + o[2*i] = t[i] & 0xff; + o[2*i+1] = t[i]>>8; + } +} - return { - // SHA1 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA1 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA1 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; +function neq25519(a, b) { + var c = new Uint8Array(32), d = new Uint8Array(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); +} -class Hash { - constructor() { - this.pos = 0; - this.len = 0; - } - reset() { - const { asm } = this.acquire_asm(); - this.result = null; - this.pos = 0; - this.len = 0; - asm.reset(); - return this; - } - process(data) { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - let hpos = this.pos; - let hlen = this.len; - let dpos = 0; - let dlen = data.length; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen); - hlen += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.process(hpos, hlen); - hpos += wlen; - hlen -= wlen; - if (!hlen) - hpos = 0; - } - this.pos = hpos; - this.len = hlen; - return this; - } - finish() { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - asm.finish(this.pos, this.len, 0); - this.result = new Uint8Array(this.HASH_SIZE); - this.result.set(heap.subarray(0, this.HASH_SIZE)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return this; - } +function par25519(a) { + var d = new Uint8Array(32); + pack25519(d, a); + return d[0] & 1; } -const _sha1_block_size = 64; -const _sha1_hash_size = 20; -const heap_pool$1 = []; -const asm_pool$1 = []; -class Sha1 extends Hash { - constructor() { - super(); - this.NAME = 'sha1'; - this.BLOCK_SIZE = _sha1_block_size; - this.HASH_SIZE = _sha1_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$1.pop() || _heap_init(); - this.asm = asm_pool$1.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$1.push(this.heap); - asm_pool$1.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha1().process(data).finish().result; - } -} -Sha1.NAME = 'sha1'; -Sha1.heap_pool = []; -Sha1.asm_pool = []; -Sha1.asm_function = sha1_asm; - -var sha256_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - f = H5; - g = H6; - h = H7; - - // 0 - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 1 - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 2 - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 3 - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 4 - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 5 - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 6 - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 7 - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 8 - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 9 - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 10 - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 11 - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 12 - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 13 - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 14 - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 15 - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 16 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 17 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 18 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 19 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 20 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 21 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 22 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 23 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 24 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 25 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 26 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 27 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 28 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 29 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 30 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 31 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 32 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 33 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 34 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 35 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 36 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 37 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 38 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 39 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 40 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 41 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 42 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 43 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 44 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 45 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 46 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 47 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 48 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 49 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 50 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 51 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 52 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 53 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 54 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 55 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 56 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 57 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 58 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 59 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 60 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 61 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 62 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 63 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - H5 = ( H5 + f )|0; - H6 = ( H6 + g )|0; - H7 = ( H7 + h )|0; - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } +function unpack25519(o, n) { + var i; + for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); + o[15] &= 0x7fff; +} - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - HEAP[output|20] = H5>>>24; - HEAP[output|21] = H5>>>16&255; - HEAP[output|22] = H5>>>8&255; - HEAP[output|23] = H5&255; - HEAP[output|24] = H6>>>24; - HEAP[output|25] = H6>>>16&255; - HEAP[output|26] = H6>>>8&255; - HEAP[output|27] = H6&255; - HEAP[output|28] = H7>>>24; - HEAP[output|29] = H7>>>16&255; - HEAP[output|30] = H7>>>8&255; - HEAP[output|31] = H7&255; - } - - function reset () { - H0 = 0x6a09e667; - H1 = 0xbb67ae85; - H2 = 0x3c6ef372; - H3 = 0xa54ff53a; - H4 = 0x510e527f; - H5 = 0x9b05688c; - H6 = 0x1f83d9ab; - H7 = 0x5be0cd19; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - h5 = h5|0; - h6 = h6|0; - h7 = h7|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } +function A(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; +} - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; +function Z(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; +} - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - H5 = I5; - H6 = I6; - H7 = I7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - H5 = O5; - H6 = O6; - H7 = O7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - O5 = H5; - O6 = H6; - O7 = H7; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - I5 = H5; - I6 = H6; - I7 = H7; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - h5 = h5 ^ H5; - h6 = h6 ^ H6; - h7 = h7 ^ H7; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA256 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA256 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA256 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; - -const _sha256_block_size = 64; -const _sha256_hash_size = 32; -const heap_pool$2 = []; -const asm_pool$2 = []; -class Sha256 extends Hash { - constructor() { - super(); - this.NAME = 'sha256'; - this.BLOCK_SIZE = _sha256_block_size; - this.HASH_SIZE = _sha256_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$2.pop() || _heap_init(); - this.asm = asm_pool$2.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$2.push(this.heap); - asm_pool$2.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha256().process(data).finish().result; - } -} -Sha256.NAME = 'sha256'; - -var minimalisticAssert = assert; - -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} - -assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); -}; - -var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -function createCommonjsModule(fn, module) { - return module = { exports: {} }, fn(module, module.exports), module.exports; -} - -function commonjsRequire () { - throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs'); -} - -var inherits_browser = createCommonjsModule(function (module) { -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - }; -} -}); - -var inherits = createCommonjsModule(function (module) { -try { - var util = util$1; - if (typeof util.inherits !== 'function') throw ''; - module.exports = util.inherits; -} catch (e) { - module.exports = inherits_browser; -} -}); - -var inherits_1 = inherits; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; -} -var toArray_1 = toArray; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -var toHex_1 = toHex; - -function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; -} -var htonl_1 = htonl; - -function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); - } - return res; -} -var toHex32_1 = toHex32; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -var zero2_1 = zero2; - -function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; -} -var zero8_1 = zero8; - -function join32(msg, start, end, endian) { - var len = end - start; - minimalisticAssert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; - } - return res; -} -var join32_1 = join32; - -function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; - } - } - return res; -} -var split32_1 = split32; - -function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); -} -var rotr32_1 = rotr32; - -function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); -} -var rotl32_1 = rotl32; - -function sum32(a, b) { - return (a + b) >>> 0; -} -var sum32_1 = sum32; - -function sum32_3(a, b, c) { - return (a + b + c) >>> 0; -} -var sum32_3_1 = sum32_3; - -function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; -} -var sum32_4_1 = sum32_4; - -function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; -} -var sum32_5_1 = sum32_5; - -function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; - - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; -} -var sum64_1 = sum64; - -function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; -} -var sum64_hi_1 = sum64_hi; - -function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; -} -var sum64_lo_1 = sum64_lo; - -function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; -} -var sum64_4_hi_1 = sum64_4_hi; - -function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; -} -var sum64_4_lo_1 = sum64_4_lo; - -function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; - - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; -} -var sum64_5_hi_1 = sum64_5_hi; - -function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; - - return lo >>> 0; -} -var sum64_5_lo_1 = sum64_5_lo; - -function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; -} -var rotr64_hi_1 = rotr64_hi; - -function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var rotr64_lo_1 = rotr64_lo; - -function shr64_hi(ah, al, num) { - return ah >>> num; -} -var shr64_hi_1 = shr64_hi; - -function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var shr64_lo_1 = shr64_lo; - -var utils = { - inherits: inherits_1, - toArray: toArray_1, - toHex: toHex_1, - htonl: htonl_1, - toHex32: toHex32_1, - zero2: zero2_1, - zero8: zero8_1, - join32: join32_1, - split32: split32_1, - rotr32: rotr32_1, - rotl32: rotl32_1, - sum32: sum32_1, - sum32_3: sum32_3_1, - sum32_4: sum32_4_1, - sum32_5: sum32_5_1, - sum64: sum64_1, - sum64_hi: sum64_hi_1, - sum64_lo: sum64_lo_1, - sum64_4_hi: sum64_4_hi_1, - sum64_4_lo: sum64_4_lo_1, - sum64_5_hi: sum64_5_hi_1, - sum64_5_lo: sum64_5_lo_1, - rotr64_hi: rotr64_hi_1, - rotr64_lo: rotr64_lo_1, - shr64_hi: shr64_hi_1, - shr64_lo: shr64_lo_1 -}; - -function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; - - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; -} -var BlockHash_1 = BlockHash; - -BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; - - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; - - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; - - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); - } - - return this; -}; - -BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - minimalisticAssert(this.pending === null); - - return this._digest(enc); -}; - -BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; - } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (t = 8; t < this.padLength; t++) - res[i++] = 0; - } - - return res; -}; - -var common = { - BlockHash: BlockHash_1 -}; - -var rotr32$1 = utils.rotr32; - -function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); -} -var ft_1_1 = ft_1; - -function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); -} -var ch32_1 = ch32; - -function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); -} -var maj32_1 = maj32; - -function p32(x, y, z) { - return x ^ y ^ z; -} -var p32_1 = p32; - -function s0_256(x) { - return rotr32$1(x, 2) ^ rotr32$1(x, 13) ^ rotr32$1(x, 22); -} -var s0_256_1 = s0_256; - -function s1_256(x) { - return rotr32$1(x, 6) ^ rotr32$1(x, 11) ^ rotr32$1(x, 25); -} -var s1_256_1 = s1_256; - -function g0_256(x) { - return rotr32$1(x, 7) ^ rotr32$1(x, 18) ^ (x >>> 3); -} -var g0_256_1 = g0_256; - -function g1_256(x) { - return rotr32$1(x, 17) ^ rotr32$1(x, 19) ^ (x >>> 10); -} -var g1_256_1 = g1_256; - -var common$1 = { - ft_1: ft_1_1, - ch32: ch32_1, - maj32: maj32_1, - p32: p32_1, - s0_256: s0_256_1, - s1_256: s1_256_1, - g0_256: g0_256_1, - g1_256: g1_256_1 -}; - -var sum32$1 = utils.sum32; -var sum32_4$1 = utils.sum32_4; -var sum32_5$1 = utils.sum32_5; -var ch32$1 = common$1.ch32; -var maj32$1 = common$1.maj32; -var s0_256$1 = common$1.s0_256; -var s1_256$1 = common$1.s1_256; -var g0_256$1 = common$1.g0_256; -var g1_256$1 = common$1.g1_256; - -var BlockHash$1 = common.BlockHash; - -var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; - -function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); - - BlockHash$1.call(this); - this.h = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 - ]; - this.k = sha256_K; - this.W = new Array(64); -} -utils.inherits(SHA256, BlockHash$1); -var _256 = SHA256; - -SHA256.blockSize = 512; -SHA256.outSize = 256; -SHA256.hmacStrength = 192; -SHA256.padLength = 64; - -SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4$1(g1_256$1(W[i - 2]), W[i - 7], g0_256$1(W[i - 15]), W[i - 16]); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; - - minimalisticAssert(this.k.length === W.length); - for (i = 0; i < W.length; i++) { - var T1 = sum32_5$1(h, s1_256$1(e), ch32$1(e, f, g), this.k[i], W[i]); - var T2 = sum32$1(s0_256$1(a), maj32$1(a, b, c)); - h = g; - g = f; - f = e; - e = sum32$1(d, T1); - d = c; - c = b; - b = a; - a = sum32$1(T1, T2); - } - - this.h[0] = sum32$1(this.h[0], a); - this.h[1] = sum32$1(this.h[1], b); - this.h[2] = sum32$1(this.h[2], c); - this.h[3] = sum32$1(this.h[3], d); - this.h[4] = sum32$1(this.h[4], e); - this.h[5] = sum32$1(this.h[5], f); - this.h[6] = sum32$1(this.h[6], g); - this.h[7] = sum32$1(this.h[7], h); -}; - -SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - - _256.call(this); - this.h = [ - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; -} -utils.inherits(SHA224, _256); -var _224 = SHA224; - -SHA224.blockSize = 512; -SHA224.outSize = 224; -SHA224.hmacStrength = 192; -SHA224.padLength = 64; - -SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); -}; - -var rotr64_hi$1 = utils.rotr64_hi; -var rotr64_lo$1 = utils.rotr64_lo; -var shr64_hi$1 = utils.shr64_hi; -var shr64_lo$1 = utils.shr64_lo; -var sum64$1 = utils.sum64; -var sum64_hi$1 = utils.sum64_hi; -var sum64_lo$1 = utils.sum64_lo; -var sum64_4_hi$1 = utils.sum64_4_hi; -var sum64_4_lo$1 = utils.sum64_4_lo; -var sum64_5_hi$1 = utils.sum64_5_hi; -var sum64_5_lo$1 = utils.sum64_5_lo; - -var BlockHash$2 = common.BlockHash; - -var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 -]; - -function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - - BlockHash$2.call(this); - this.h = [ - 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); -} -utils.inherits(SHA512, BlockHash$2); -var _512 = SHA512; - -SHA512.blockSize = 1024; -SHA512.outSize = 512; -SHA512.hmacStrength = 192; -SHA512.padLength = 128; - -SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; - - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - - W[i] = sum64_4_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - } -}; - -SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; - - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; - - minimalisticAssert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; - - var T1_hi = sum64_5_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - - c0_hi = s0_512_hi(ah, al); - c0_lo = s0_512_lo(ah, al); - c1_hi = maj64_hi(ah, al, bh, bl, ch); - c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); - - var T2_hi = sum64_hi$1(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo$1(c0_hi, c0_lo, c1_hi, c1_lo); - - hh = gh; - hl = gl; - - gh = fh; - gl = fl; - - fh = eh; - fl = el; - - eh = sum64_hi$1(dh, dl, T1_hi, T1_lo); - el = sum64_lo$1(dl, dl, T1_hi, T1_lo); - - dh = ch; - dl = cl; - - ch = bh; - cl = bl; - - bh = ah; - bl = al; - - ah = sum64_hi$1(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo$1(T1_hi, T1_lo, T2_hi, T2_lo); - } - - sum64$1(this.h, 0, ah, al); - sum64$1(this.h, 2, bh, bl); - sum64$1(this.h, 4, ch, cl); - sum64$1(this.h, 6, dh, dl); - sum64$1(this.h, 8, eh, el); - sum64$1(this.h, 10, fh, fl); - sum64$1(this.h, 12, gh, gl); - sum64$1(this.h, 14, hh, hl); -}; - -SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function ch64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 28); - var c1_hi = rotr64_hi$1(xl, xh, 2); // 34 - var c2_hi = rotr64_hi$1(xl, xh, 7); // 39 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 28); - var c1_lo = rotr64_lo$1(xl, xh, 2); // 34 - var c2_lo = rotr64_lo$1(xl, xh, 7); // 39 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 14); - var c1_hi = rotr64_hi$1(xh, xl, 18); - var c2_hi = rotr64_hi$1(xl, xh, 9); // 41 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 14); - var c1_lo = rotr64_lo$1(xh, xl, 18); - var c2_lo = rotr64_lo$1(xl, xh, 9); // 41 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 1); - var c1_hi = rotr64_hi$1(xh, xl, 8); - var c2_hi = shr64_hi$1(xh, xl, 7); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 1); - var c1_lo = rotr64_lo$1(xh, xl, 8); - var c2_lo = shr64_lo$1(xh, xl, 7); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 19); - var c1_hi = rotr64_hi$1(xl, xh, 29); // 61 - var c2_hi = shr64_hi$1(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 19); - var c1_lo = rotr64_lo$1(xl, xh, 29); // 61 - var c2_lo = shr64_lo$1(xh, xl, 6); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - _512.call(this); - this.h = [ - 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; -} -utils.inherits(SHA384, _512); -var _384 = SHA384; - -SHA384.blockSize = 1024; -SHA384.outSize = 384; -SHA384.hmacStrength = 192; -SHA384.padLength = 128; - -SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); -}; - -var rotl32$1 = utils.rotl32; -var sum32$2 = utils.sum32; -var sum32_3$1 = utils.sum32_3; -var sum32_4$2 = utils.sum32_4; -var BlockHash$3 = common.BlockHash; - -function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash$3.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; -} -utils.inherits(RIPEMD160, BlockHash$3); -var ripemd160 = RIPEMD160; - -RIPEMD160.blockSize = 512; -RIPEMD160.outSize = 160; -RIPEMD160.hmacStrength = 192; -RIPEMD160.padLength = 64; - -RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32$2( - rotl32$1( - sum32_4$2(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32$1(C, 10); - C = B; - B = T; - T = sum32$2( - rotl32$1( - sum32_4$2(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32$1(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3$1(this.h[1], C, Dh); - this.h[1] = sum32_3$1(this.h[2], D, Eh); - this.h[2] = sum32_3$1(this.h[3], E, Ah); - this.h[3] = sum32_3$1(this.h[4], A, Bh); - this.h[4] = sum32_3$1(this.h[0], B, Ch); - this.h[0] = T; -}; - -RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); -}; - -function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); -} - -function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; -} - -function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; -} - -var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -]; - -var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -]; - -var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -]; - -var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -]; - -var ripemd = { - ripemd160: ripemd160 -}; - -/** - * A fast MD5 JavaScript implementation - * Copyright (c) 2012 Joseph Myers - * http://www.myersdaily.org/joseph/javascript/md5-text.html - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purposes and without - * fee is hereby granted provided that this copyright notice - * appears in all copies. - * - * Of course, this soft is provided "as is" without express or implied - * warranty of any kind. - */ - -// MD5 Digest -async function md5(entree) { - const digest = md51(util.uint8ArrayToString(entree)); - return util.hexToUint8Array(hex(digest)); -} - -function md5cycle(x, k) { - let a = x[0]; - let b = x[1]; - let c = x[2]; - let d = x[3]; - - a = ff(a, b, c, d, k[0], 7, -680876936); - d = ff(d, a, b, c, k[1], 12, -389564586); - c = ff(c, d, a, b, k[2], 17, 606105819); - b = ff(b, c, d, a, k[3], 22, -1044525330); - a = ff(a, b, c, d, k[4], 7, -176418897); - d = ff(d, a, b, c, k[5], 12, 1200080426); - c = ff(c, d, a, b, k[6], 17, -1473231341); - b = ff(b, c, d, a, k[7], 22, -45705983); - a = ff(a, b, c, d, k[8], 7, 1770035416); - d = ff(d, a, b, c, k[9], 12, -1958414417); - c = ff(c, d, a, b, k[10], 17, -42063); - b = ff(b, c, d, a, k[11], 22, -1990404162); - a = ff(a, b, c, d, k[12], 7, 1804603682); - d = ff(d, a, b, c, k[13], 12, -40341101); - c = ff(c, d, a, b, k[14], 17, -1502002290); - b = ff(b, c, d, a, k[15], 22, 1236535329); - - a = gg(a, b, c, d, k[1], 5, -165796510); - d = gg(d, a, b, c, k[6], 9, -1069501632); - c = gg(c, d, a, b, k[11], 14, 643717713); - b = gg(b, c, d, a, k[0], 20, -373897302); - a = gg(a, b, c, d, k[5], 5, -701558691); - d = gg(d, a, b, c, k[10], 9, 38016083); - c = gg(c, d, a, b, k[15], 14, -660478335); - b = gg(b, c, d, a, k[4], 20, -405537848); - a = gg(a, b, c, d, k[9], 5, 568446438); - d = gg(d, a, b, c, k[14], 9, -1019803690); - c = gg(c, d, a, b, k[3], 14, -187363961); - b = gg(b, c, d, a, k[8], 20, 1163531501); - a = gg(a, b, c, d, k[13], 5, -1444681467); - d = gg(d, a, b, c, k[2], 9, -51403784); - c = gg(c, d, a, b, k[7], 14, 1735328473); - b = gg(b, c, d, a, k[12], 20, -1926607734); - - a = hh(a, b, c, d, k[5], 4, -378558); - d = hh(d, a, b, c, k[8], 11, -2022574463); - c = hh(c, d, a, b, k[11], 16, 1839030562); - b = hh(b, c, d, a, k[14], 23, -35309556); - a = hh(a, b, c, d, k[1], 4, -1530992060); - d = hh(d, a, b, c, k[4], 11, 1272893353); - c = hh(c, d, a, b, k[7], 16, -155497632); - b = hh(b, c, d, a, k[10], 23, -1094730640); - a = hh(a, b, c, d, k[13], 4, 681279174); - d = hh(d, a, b, c, k[0], 11, -358537222); - c = hh(c, d, a, b, k[3], 16, -722521979); - b = hh(b, c, d, a, k[6], 23, 76029189); - a = hh(a, b, c, d, k[9], 4, -640364487); - d = hh(d, a, b, c, k[12], 11, -421815835); - c = hh(c, d, a, b, k[15], 16, 530742520); - b = hh(b, c, d, a, k[2], 23, -995338651); - - a = ii(a, b, c, d, k[0], 6, -198630844); - d = ii(d, a, b, c, k[7], 10, 1126891415); - c = ii(c, d, a, b, k[14], 15, -1416354905); - b = ii(b, c, d, a, k[5], 21, -57434055); - a = ii(a, b, c, d, k[12], 6, 1700485571); - d = ii(d, a, b, c, k[3], 10, -1894986606); - c = ii(c, d, a, b, k[10], 15, -1051523); - b = ii(b, c, d, a, k[1], 21, -2054922799); - a = ii(a, b, c, d, k[8], 6, 1873313359); - d = ii(d, a, b, c, k[15], 10, -30611744); - c = ii(c, d, a, b, k[6], 15, -1560198380); - b = ii(b, c, d, a, k[13], 21, 1309151649); - a = ii(a, b, c, d, k[4], 6, -145523070); - d = ii(d, a, b, c, k[11], 10, -1120210379); - c = ii(c, d, a, b, k[2], 15, 718787259); - b = ii(b, c, d, a, k[9], 21, -343485551); - - x[0] = add32(a, x[0]); - x[1] = add32(b, x[1]); - x[2] = add32(c, x[2]); - x[3] = add32(d, x[3]); -} - -function cmn(q, a, b, x, s, t) { - a = add32(add32(a, q), add32(x, t)); - return add32((a << s) | (a >>> (32 - s)), b); -} - -function ff(a, b, c, d, x, s, t) { - return cmn((b & c) | ((~b) & d), a, b, x, s, t); -} - -function gg(a, b, c, d, x, s, t) { - return cmn((b & d) | (c & (~d)), a, b, x, s, t); -} - -function hh(a, b, c, d, x, s, t) { - return cmn(b ^ c ^ d, a, b, x, s, t); -} - -function ii(a, b, c, d, x, s, t) { - return cmn(c ^ (b | (~d)), a, b, x, s, t); -} - -function md51(s) { - const n = s.length; - const state = [1732584193, -271733879, -1732584194, 271733878]; - let i; - for (i = 64; i <= s.length; i += 64) { - md5cycle(state, md5blk(s.substring(i - 64, i))); - } - s = s.substring(i - 64); - const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (i = 0; i < s.length; i++) { - tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); - } - tail[i >> 2] |= 0x80 << ((i % 4) << 3); - if (i > 55) { - md5cycle(state, tail); - for (i = 0; i < 16; i++) { - tail[i] = 0; - } - } - tail[14] = n * 8; - md5cycle(state, tail); - return state; -} - -/* there needs to be support for Unicode here, - * unless we pretend that we can redefine the MD-5 - * algorithm for multi-byte characters (perhaps - * by adding every four 16-bit characters and - * shortening the sum to 32 bits). Otherwise - * I suggest performing MD-5 as if every character - * was two bytes--e.g., 0040 0025 = @%--but then - * how will an ordinary MD-5 sum be matched? - * There is no way to standardize text to something - * like UTF-8 before transformation; speed cost is - * utterly prohibitive. The JavaScript standard - * itself needs to look at this: it should start - * providing access to strings as preformed UTF-8 - * 8-bit unsigned value arrays. - */ -function md5blk(s) { /* I figured global was faster. */ - const md5blks = []; - let i; /* Andy King said do it this way. */ - for (i = 0; i < 64; i += 4) { - md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << - 24); - } - return md5blks; -} - -const hex_chr = '0123456789abcdef'.split(''); - -function rhex(n) { - let s = ''; - let j = 0; - for (; j < 4; j++) { - s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; - } - return s; -} - -function hex(x) { - for (let i = 0; i < x.length; i++) { - x[i] = rhex(x[i]); - } - return x.join(''); -} - -/* this function is much faster, -so if possible we use it. Some IEs -are the only ones I know of that -need the idiotic second function, -generated by an if clause. */ - -function add32(a, b) { - return (a + b) & 0xFFFFFFFF; -} - -/** - * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://github.com/indutny/hash.js|hash.js} - * @module crypto/hash - * @private - */ - -const webCrypto = util.getWebCrypto(); -const nodeCrypto = util.getNodeCrypto(); -const nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes(); - -function nodeHash(type) { - if (!nodeCrypto || !nodeCryptoHashes.includes(type)) { - return; - } - return async function (data) { - const shasum = nodeCrypto.createHash(type); - return transform(data, value => { - shasum.update(value); - }, () => new Uint8Array(shasum.digest())); - }; -} - -function hashjsHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } - const hashInstance = hash(); - return transform(data, value => { - hashInstance.update(value); - }, () => new Uint8Array(hashInstance.digest())); - }; -} - -function asmcryptoHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (util.isStream(data)) { - const hashInstance = new hash(); - return transform(data, value => { - hashInstance.process(value); - }, () => hashInstance.finish().result); - } else if (webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } else { - return hash.bytes(data); - } - }; -} - -const hashFunctions = { - md5: nodeHash('md5') || md5, - sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'), - sha224: nodeHash('sha224') || hashjsHash(_224), - sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'), - sha384: nodeHash('sha384') || hashjsHash(_384, 'SHA-384'), - sha512: nodeHash('sha512') || hashjsHash(_512, 'SHA-512'), // asmcrypto sha512 is huge. - ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160) -}; - -var hash = { - - /** @see module:md5 */ - md5: hashFunctions.md5, - /** @see asmCrypto */ - sha1: hashFunctions.sha1, - /** @see hash.js */ - sha224: hashFunctions.sha224, - /** @see asmCrypto */ - sha256: hashFunctions.sha256, - /** @see hash.js */ - sha384: hashFunctions.sha384, - /** @see asmCrypto */ - sha512: hashFunctions.sha512, - /** @see hash.js */ - ripemd: hashFunctions.ripemd, - - /** - * Create a hash on the specified data using the specified algorithm - * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @param {Uint8Array} data - Data to be hashed - * @returns {Promise} Hash value. - */ - digest: function(algo, data) { - switch (algo) { - case enums.hash.md5: - return this.md5(data); - case enums.hash.sha1: - return this.sha1(data); - case enums.hash.ripemd: - return this.ripemd(data); - case enums.hash.sha256: - return this.sha256(data); - case enums.hash.sha384: - return this.sha384(data); - case enums.hash.sha512: - return this.sha512(data); - case enums.hash.sha224: - return this.sha224(data); - default: - throw new Error('Invalid hash function.'); - } - }, - - /** - * Returns the hash size in bytes of the specified hash algorithm type - * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @returns {Integer} Size in bytes of the resulting hash. - */ - getHashByteLength: function(algo) { - switch (algo) { - case enums.hash.md5: - return 16; - case enums.hash.sha1: - case enums.hash.ripemd: - return 20; - case enums.hash.sha256: - return 32; - case enums.hash.sha384: - return 48; - case enums.hash.sha512: - return 64; - case enums.hash.sha224: - return 28; - default: - throw new Error('Invalid hash algorithm.'); - } - } -}; - -class AES_CFB { - static encrypt(data, key, iv) { - return new AES_CFB(key, iv).encrypt(data); - } - static decrypt(data, key, iv) { - return new AES_CFB(key, iv).decrypt(data); - } - constructor(key, iv, aes) { - this.aes = aes ? aes : new AES(key, iv, true, 'CFB'); - delete this.aes.padding; - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * Get implementation of the given cipher - * @param {enums.symmetric} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getCipher(algo) { - const algoName = enums.read(enums.symmetric, algo); - return cipher[algoName]; -} - -// Modified by ProtonTech AG - -const webCrypto$1 = util.getWebCrypto(); -const nodeCrypto$1 = util.getNodeCrypto(); - -const knownAlgos = nodeCrypto$1 ? nodeCrypto$1.getCiphers() : []; -const nodeAlgos = { - idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ - tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, - cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, - blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, - aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, - aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, - aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined - /* twofish is not implemented in OpenSSL */ -}; - -/** - * CFB encryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} plaintext - * @param {Uint8Array} iv - * @param {Object} config - full configuration, defaults to openpgp.config - * @returns MaybeStream - */ -async function encrypt(algo, key, plaintext, iv, config) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeEncrypt(algo, key, plaintext, iv); - } - if (util.isAES(algo)) { - return aesEncrypt(algo, key, plaintext, iv, config); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - const blockc = iv.slice(); - let pt = new Uint8Array(); - const process = chunk => { - if (chunk) { - pt = util.concatUint8Array([pt, chunk]); - } - const ciphertext = new Uint8Array(pt.length); - let i; - let j = 0; - while (chunk ? pt.length >= block_size : pt.length) { - const encblock = cipherfn.encrypt(blockc); - for (i = 0; i < block_size; i++) { - blockc[i] = pt[i] ^ encblock[i]; - ciphertext[j++] = blockc[i]; - } - pt = pt.subarray(block_size); - } - return ciphertext.subarray(0, j); - }; - return transform(plaintext, process, process); -} - -/** - * CFB decryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} ciphertext - * @param {Uint8Array} iv - * @returns MaybeStream - */ -async function decrypt(algo, key, ciphertext, iv) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeDecrypt(algo, key, ciphertext, iv); - } - if (util.isAES(algo)) { - return aesDecrypt(algo, key, ciphertext, iv); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - let blockp = iv; - let ct = new Uint8Array(); - const process = chunk => { - if (chunk) { - ct = util.concatUint8Array([ct, chunk]); - } - const plaintext = new Uint8Array(ct.length); - let i; - let j = 0; - while (chunk ? ct.length >= block_size : ct.length) { - const decblock = cipherfn.encrypt(blockp); - blockp = ct.subarray(0, block_size); - for (i = 0; i < block_size; i++) { - plaintext[j++] = blockp[i] ^ decblock[i]; - } - ct = ct.subarray(block_size); - } - return plaintext.subarray(0, j); - }; - return transform(ciphertext, process, process); -} - -function aesEncrypt(algo, key, pt, iv, config) { - if ( - util.getWebCrypto() && - key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support - !util.isStream(pt) && - pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2 - ) { // Web Crypto - return webEncrypt(algo, key, pt, iv); - } - // asm.js fallback - const cfb = new AES_CFB(key, iv); - return transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish()); -} - -function aesDecrypt(algo, key, ct, iv) { - if (util.isStream(ct)) { - const cfb = new AES_CFB(key, iv); - return transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish()); - } - return AES_CFB.decrypt(ct, key, iv); -} - -function xorMut(a, b) { - for (let i = 0; i < a.length; i++) { - a[i] = a[i] ^ b[i]; - } -} - -async function webEncrypt(algo, key, pt, iv) { - const ALGO = 'AES-CBC'; - const _key = await webCrypto$1.importKey('raw', key, { name: ALGO }, false, ['encrypt']); - const { blockSize } = getCipher(algo); - const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]); - const ct = new Uint8Array(await webCrypto$1.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length); - xorMut(ct, pt); - return ct; -} - -function nodeEncrypt(algo, key, pt, iv) { - const algoName = enums.read(enums.symmetric, algo); - const cipherObj = new nodeCrypto$1.createCipheriv(nodeAlgos[algoName], key, iv); - return transform(pt, value => new Uint8Array(cipherObj.update(value))); -} - -function nodeDecrypt(algo, key, ct, iv) { - const algoName = enums.read(enums.symmetric, algo); - const decipherObj = new nodeCrypto$1.createDecipheriv(nodeAlgos[algoName], key, iv); - return transform(ct, value => new Uint8Array(decipherObj.update(value))); -} - -var cfb = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt, - decrypt: decrypt -}); - -class AES_CTR { - static encrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - static decrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - constructor(key, nonce, aes) { - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - delete this.aes.padding; - this.AES_CTR_set_options(nonce); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - AES_CTR_set_options(nonce, counter, size) { - let { asm } = this.aes.acquire_asm(); - if (size !== undefined) { - if (size < 8 || size > 48) - throw new IllegalArgumentError('illegal counter size'); - let mask = Math.pow(2, size) - 1; - asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0); - } - else { - size = 48; - asm.set_mask(0, 0, 0xffff, 0xffffffff); - } - if (nonce !== undefined) { - let len = nonce.length; - if (!len || len > 16) - throw new IllegalArgumentError('illegal nonce size'); - let view = new DataView(new ArrayBuffer(16)); - new Uint8Array(view.buffer).set(nonce); - asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12)); - } - else { - throw new Error('nonce is required'); - } - if (counter !== undefined) { - if (counter < 0 || counter >= Math.pow(2, size)) - throw new IllegalArgumentError('illegal counter value'); - asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0); - } - } -} - -class AES_CBC { - static encrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).encrypt(data); - } - static decrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).decrypt(data); - } - constructor(key, iv, padding = true, aes) { - this.aes = aes ? aes : new AES(key, iv, padding, 'CBC'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * @fileoverview This module implements AES-CMAC on top of - * native AES-CBC using either the WebCrypto API or Node.js' crypto API. - * @module crypto/cmac - * @private - */ - -const webCrypto$2 = util.getWebCrypto(); -const nodeCrypto$2 = util.getNodeCrypto(); - - -/** - * This implementation of CMAC is based on the description of OMAC in - * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that - * document: - * - * We have made a small modification to the OMAC algorithm as it was - * originally presented, changing one of its two constants. - * Specifically, the constant 4 at line 85 was the constant 1/2 (the - * multiplicative inverse of 2) in the original definition of OMAC [14]. - * The OMAC authors indicate that they will promulgate this modification - * [15], which slightly simplifies implementations. - */ - -const blockLength = 16; - - -/** - * xor `padding` into the end of `data`. This function implements "the - * operation xor→ [which] xors the shorter string into the end of longer - * one". Since data is always as least as long as padding, we can - * simplify the implementation. - * @param {Uint8Array} data - * @param {Uint8Array} padding - */ -function rightXORMut(data, padding) { - const offset = data.length - blockLength; - for (let i = 0; i < blockLength; i++) { - data[i + offset] ^= padding[i]; - } - return data; -} - -function pad(data, padding, padding2) { - // if |M| in {n, 2n, 3n, ...} - if (data.length && data.length % blockLength === 0) { - // then return M xor→ B, - return rightXORMut(data, padding); - } - // else return (M || 10^(n−1−(|M| mod n))) xor→ P - const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength))); - padded.set(data); - padded[data.length] = 0b10000000; - return rightXORMut(padded, padding2); -} - -const zeroBlock = new Uint8Array(blockLength); - -async function CMAC(key) { - const cbc = await CBC(key); - - // L ← E_K(0^n); B ← 2L; P ← 4L - const padding = util.double(await cbc(zeroBlock)); - const padding2 = util.double(padding); - - return async function(data) { - // return CBC_K(pad(M; B, P)) - return (await cbc(pad(data, padding, padding2))).subarray(-blockLength); - }; -} - -async function CBC(key) { - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - key = await webCrypto$2.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); - return async function(pt) { - const ct = await webCrypto$2.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt); - return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt) { - const en = new nodeCrypto$2.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock); - const ct = en.update(pt); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt) { - return AES_CBC.encrypt(pt, key, false, zeroBlock); - }; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$3 = util.getWebCrypto(); -const nodeCrypto$3 = util.getNodeCrypto(); -const Buffer$1 = util.getNodeBuffer(); - - -const blockLength$1 = 16; -const ivLength = blockLength$1; -const tagLength = blockLength$1; - -const zero = new Uint8Array(blockLength$1); -const one = new Uint8Array(blockLength$1); one[blockLength$1 - 1] = 1; -const two = new Uint8Array(blockLength$1); two[blockLength$1 - 1] = 2; - -async function OMAC(key) { - const cmac = await CMAC(key); - return function(t, message) { - return cmac(util.concatUint8Array([t, message])); - }; -} - -async function CTR(key) { - if ( - util.getWebCrypto() && - key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - ) { - key = await webCrypto$3.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); - return async function(pt, iv) { - const ct = await webCrypto$3.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$1 * 8 }, key, pt); - return new Uint8Array(ct); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt, iv) { - const en = new nodeCrypto$3.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); - const ct = Buffer$1.concat([en.update(pt), en.final()]); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt, iv) { - return AES_CTR.encrypt(pt, key, iv); - }; -} - - -/** - * Class to en/decrypt using EAX mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function EAX(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('EAX mode supports only AES cipher'); - } - - const [ - omac, - ctr - ] = await Promise.all([ - OMAC(key), - CTR(key) - ]); - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - const [ - omacNonce, - omacAdata - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata) - ]); - const ciphered = await ctr(plaintext, omacNonce); - const omacCiphered = await omac(two, ciphered); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - return util.concatUint8Array([ciphered, tag]); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to verify - * @returns {Promise} The plaintext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext'); - const ciphered = ciphertext.subarray(0, -tagLength); - const ctTag = ciphertext.subarray(-tagLength); - const [ - omacNonce, - omacAdata, - omacCiphered - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata), - omac(two, ciphered) - ]); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); - const plaintext = await ctr(ciphered, omacNonce); - return plaintext; - } - }; -} - - -/** - * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. - * @param {Uint8Array} iv - The initialization vector (16 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -EAX.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[8 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -EAX.blockLength = blockLength$1; -EAX.ivLength = ivLength; -EAX.tagLength = tagLength; - -// OpenPGP.js - An OpenPGP implementation in javascript - -const blockLength$2 = 16; -const ivLength$1 = 15; - -// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: -// While OCB [RFC7253] allows the authentication tag length to be of any -// number up to 128 bits long, this document requires a fixed -// authentication tag length of 128 bits (16 octets) for simplicity. -const tagLength$1 = 16; - - -function ntz(n) { - let ntz = 0; - for (let i = 1; (n & i) === 0; i <<= 1) { - ntz++; - } - return ntz; -} - -function xorMut$1(S, T) { - for (let i = 0; i < S.length; i++) { - S[i] ^= T[i]; - } - return S; -} - -function xor(S, T) { - return xorMut$1(S.slice(), T); -} - -const zeroBlock$1 = new Uint8Array(blockLength$2); -const one$1 = new Uint8Array([1]); - -/** - * Class to en/decrypt using OCB mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function OCB(cipher$1, key) { - - let maxNtz = 0; - let encipher; - let decipher; - let mask; - - constructKeyVariables(cipher$1, key); - - function constructKeyVariables(cipher$1, key) { - const cipherName = enums.read(enums.symmetric, cipher$1); - const aes = new cipher[cipherName](key); - encipher = aes.encrypt.bind(aes); - decipher = aes.decrypt.bind(aes); - - const mask_x = encipher(zeroBlock$1); - const mask_$ = util.double(mask_x); - mask = []; - mask[0] = util.double(mask_$); - - - mask.x = mask_x; - mask.$ = mask_$; - } - - function extendKeyVariables(text, adata) { - const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$2 | 0) - 1; - for (let i = maxNtz + 1; i <= newMaxNtz; i++) { - mask[i] = util.double(mask[i - 1]); - } - maxNtz = newMaxNtz; - } - - function hash(adata) { - if (!adata.length) { - // Fast path - return zeroBlock$1; - } - - // - // Consider A as a sequence of 128-bit blocks - // - const m = adata.length / blockLength$2 | 0; - - const offset = new Uint8Array(blockLength$2); - const sum = new Uint8Array(blockLength$2); - for (let i = 0; i < m; i++) { - xorMut$1(offset, mask[ntz(i + 1)]); - xorMut$1(sum, encipher(xor(offset, adata))); - adata = adata.subarray(blockLength$2); - } - - // - // Process any final partial block; compute final hash value - // - if (adata.length) { - xorMut$1(offset, mask.x); - - const cipherInput = new Uint8Array(blockLength$2); - cipherInput.set(adata, 0); - cipherInput[adata.length] = 0b10000000; - xorMut$1(cipherInput, offset); - - xorMut$1(sum, encipher(cipherInput)); - } - - return sum; - } - - /** - * Encrypt/decrypt data. - * @param {encipher|decipher} fn - Encryption/decryption block cipher function - * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. - */ - function crypt(fn, text, nonce, adata) { - // - // Consider P as a sequence of 128-bit blocks - // - const m = text.length / blockLength$2 | 0; - - // - // Key-dependent variables - // - extendKeyVariables(text, adata); - - // - // Nonce-dependent and per-encryption variables - // - // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N - // Note: We assume here that tagLength mod 16 == 0. - const paddedNonce = util.concatUint8Array([zeroBlock$1.subarray(0, ivLength$1 - nonce.length), one$1, nonce]); - // bottom = str2num(Nonce[123..128]) - const bottom = paddedNonce[blockLength$2 - 1] & 0b111111; - // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) - paddedNonce[blockLength$2 - 1] &= 0b11000000; - const kTop = encipher(paddedNonce); - // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) - const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); - // Offset_0 = Stretch[1+bottom..128+bottom] - const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); - // Checksum_0 = zeros(128) - const checksum = new Uint8Array(blockLength$2); - - const ct = new Uint8Array(text.length + tagLength$1); - - // - // Process any whole blocks - // - let i; - let pos = 0; - for (i = 0; i < m; i++) { - // Offset_i = Offset_{i-1} xor L_{ntz(i)} - xorMut$1(offset, mask[ntz(i + 1)]); - // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) - // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) - ct.set(xorMut$1(fn(xor(offset, text)), offset), pos); - // Checksum_i = Checksum_{i-1} xor P_i - xorMut$1(checksum, fn === encipher ? text : ct.subarray(pos)); - - text = text.subarray(blockLength$2); - pos += blockLength$2; - } - - // - // Process any final partial block and compute raw tag - // - if (text.length) { - // Offset_* = Offset_m xor L_* - xorMut$1(offset, mask.x); - // Pad = ENCIPHER(K, Offset_*) - const padding = encipher(offset); - // C_* = P_* xor Pad[1..bitlen(P_*)] - ct.set(xor(text, padding), pos); - - // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) - const xorInput = new Uint8Array(blockLength$2); - xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); - xorInput[text.length] = 0b10000000; - xorMut$1(checksum, xorInput); - pos += text.length; - } - // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - const tag = xorMut$1(encipher(xorMut$1(xorMut$1(checksum, offset), mask.$)), hash(adata)); - - // - // Assemble ciphertext - // - // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] - ct.set(tag, pos); - return ct; - } - - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - return crypt(encipher, plaintext, nonce, adata); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); - - const tag = ciphertext.subarray(-tagLength$1); - ciphertext = ciphertext.subarray(0, -tagLength$1); - - const crypted = crypt(decipher, ciphertext, nonce, adata); - // if (Tag[1..TAGLEN] == T) - if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { - return crypted.subarray(0, -tagLength$1); - } - throw new Error('Authentication tag mismatch'); - } - }; -} - - -/** - * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. - * @param {Uint8Array} iv - The initialization vector (15 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -OCB.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[7 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -OCB.blockLength = blockLength$2; -OCB.ivLength = ivLength$1; -OCB.tagLength = tagLength$1; - -const _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5 -class AES_GCM { - constructor(key, nonce, adata, tagSize = 16, aes) { - this.tagSize = tagSize; - this.gamma0 = 0; - this.counter = 1; - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - let { asm, heap } = this.aes.acquire_asm(); - // Init GCM - asm.gcm_init(); - // Tag size - if (this.tagSize < 4 || this.tagSize > 16) - throw new IllegalArgumentError('illegal tagSize value'); - // Nonce - const noncelen = nonce.length || 0; - const noncebuf = new Uint8Array(16); - if (noncelen !== 12) { - this._gcm_mac_process(nonce); - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = 0; - heap[4] = 0; - heap[5] = 0; - heap[6] = 0; - heap[7] = 0; - heap[8] = 0; - heap[9] = 0; - heap[10] = 0; - heap[11] = noncelen >>> 29; - heap[12] = (noncelen >>> 21) & 255; - heap[13] = (noncelen >>> 13) & 255; - heap[14] = (noncelen >>> 5) & 255; - heap[15] = (noncelen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_iv(0, 0, 0, 0); - noncebuf.set(heap.subarray(0, 16)); - } - else { - noncebuf.set(nonce); - noncebuf[15] = 1; - } - const nonceview = new DataView(noncebuf.buffer); - this.gamma0 = nonceview.getUint32(12); - asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0); - asm.set_mask(0, 0, 0, 0xffffffff); - // Associated data - if (adata !== undefined) { - if (adata.length > _AES_GCM_data_maxLength) - throw new IllegalArgumentError('illegal adata length'); - if (adata.length) { - this.adata = adata; - this._gcm_mac_process(adata); - } - else { - this.adata = undefined; - } - } - else { - this.adata = undefined; - } - // Counter - if (this.counter < 1 || this.counter > 0xffffffff) - throw new RangeError('counter must be a positive 32-bit integer'); - asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0); - } - static encrypt(cleartext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext); - } - static decrypt(ciphertext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext); - } - encrypt(data) { - return this.AES_GCM_encrypt(data); - } - decrypt(data) { - return this.AES_GCM_decrypt(data); - } - AES_GCM_Encrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len); - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Encrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let adata = this.adata; - let pos = this.aes.pos; - let len = this.aes.len; - const result = new Uint8Array(len + tagSize); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16); - if (len) - result.set(heap.subarray(pos, pos + len)); - let i = len; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - result.set(heap.subarray(0, tagSize), len); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_Decrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0; - let tlen = len + dlen - rlen; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > tlen) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - pos = 0; - len = 0; - } - if (dlen > 0) { - len += _heap_write(heap, 0, data, dpos, dlen); - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Decrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let tagSize = this.tagSize; - let adata = this.adata; - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rlen = len - tagSize; - if (len < tagSize) - throw new IllegalStateError('authentication tag not found'); - const result = new Uint8Array(rlen); - const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len)); - let i = rlen; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len - tagSize; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - let acheck = 0; - for (let i = 0; i < tagSize; ++i) - acheck |= atag[i] ^ heap[i]; - if (acheck) - throw new SecurityError('data integrity check failed'); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_decrypt(data) { - const result1 = this.AES_GCM_Decrypt_process(data); - const result2 = this.AES_GCM_Decrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - AES_GCM_encrypt(data) { - const result1 = this.AES_GCM_Encrypt_process(data); - const result2 = this.AES_GCM_Encrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - _gcm_mac_process(data) { - let { asm, heap } = this.aes.acquire_asm(); - let dpos = 0; - let dlen = data.length || 0; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, 0, data, dpos, dlen); - dpos += wlen; - dlen -= wlen; - while (wlen & 15) - heap[wlen++] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$4 = util.getWebCrypto(); -const nodeCrypto$4 = util.getNodeCrypto(); -const Buffer$2 = util.getNodeBuffer(); - -const blockLength$3 = 16; -const ivLength$2 = 12; // size of the IV in bytes -const tagLength$2 = 16; // size of the tag in bytes -const ALGO = 'AES-GCM'; - -/** - * Class to en/decrypt using GCM mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function GCM(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('GCM mode supports only AES cipher'); - } - - if (util.getNodeCrypto()) { // Node crypto library - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - const en = new nodeCrypto$4.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - en.setAAD(adata); - const ct = Buffer$2.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - const de = new nodeCrypto$4.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - de.setAAD(adata); - de.setAuthTag(ct.slice(ct.length - tagLength$2, ct.length)); // read auth tag at end of ciphertext - const pt = Buffer$2.concat([de.update(ct.slice(0, ct.length - tagLength$2)), de.final()]); - return new Uint8Array(pt); - } - }; - } - - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - const _key = await webCrypto$4.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); - - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.encrypt(pt, key, iv, adata); - } - const ct = await webCrypto$4.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, pt); - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - if (ct.length === tagLength$2) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.decrypt(ct, key, iv, adata); - } - const pt = await webCrypto$4.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, ct); - return new Uint8Array(pt); - } - }; - } - - return { - encrypt: async function(pt, iv, adata) { - return AES_GCM.encrypt(pt, key, iv, adata); - }, - - decrypt: async function(ct, iv, adata) { - return AES_GCM.decrypt(ct, key, iv, adata); - } - }; -} - - -/** - * Get GCM nonce. Note: this operation is not defined by the standard. - * A future version of the standard may define GCM mode differently, - * hopefully under a different ID (we use Private/Experimental algorithm - * ID 100) so that we can maintain backwards compatibility. - * @param {Uint8Array} iv - The initialization vector (12 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -GCM.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[4 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -GCM.blockLength = blockLength$3; -GCM.ivLength = ivLength$2; -GCM.tagLength = tagLength$2; - -/** - * @fileoverview Cipher modes - * @module crypto/mode - * @private - */ - -var mode = { - /** @see module:crypto/mode/cfb */ - cfb: cfb, - /** @see module:crypto/mode/gcm */ - gcm: GCM, - experimentalGCM: GCM, - /** @see module:crypto/mode/eax */ - eax: EAX, - /** @see module:crypto/mode/ocb */ - ocb: OCB -}; - -var naclFastLight = createCommonjsModule(function (module) { -/*jshint bitwise: false*/ - -(function(nacl) { - -// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. -// Public domain. -// -// Implementation derived from TweetNaCl version 20140427. -// See for details: http://tweetnacl.cr.yp.to/ - -var gf = function(init) { - var i, r = new Float64Array(16); - if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; - return r; -}; - -// Pluggable, initialized in high-level API below. -var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - -var _9 = new Uint8Array(32); _9[0] = 9; - -var gf0 = gf(), - gf1 = gf([1]), - _121665 = gf([0xdb41, 1]), - D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), - D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), - X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), - Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), - I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - -function vn(x, xi, y, yi, n) { - var i,d = 0; - for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; - return (1 & ((d - 1) >>> 8)) - 1; -} - -function crypto_verify_32(x, xi, y, yi) { - return vn(x,xi,y,yi,32); -} - -function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) r[i] = a[i]|0; -} - -function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; i++) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c-1 + 37 * (c-1); -} - -function sel25519(p, q, b) { - var t, c = ~(b-1); - for (var i = 0; i < 16; i++) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } -} - -function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; i++) t[i] = n[i]; - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; j++) { - m[0] = t[0] - 0xffed; - for (i = 1; i < 15; i++) { - m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); - m[i-1] &= 0xffff; - } - m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); - b = (m[15]>>16) & 1; - m[14] &= 0xffff; - sel25519(t, m, 1-b); - } - for (i = 0; i < 16; i++) { - o[2*i] = t[i] & 0xff; - o[2*i+1] = t[i]>>8; - } -} - -function neq25519(a, b) { - var c = new Uint8Array(32), d = new Uint8Array(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); -} - -function par25519(a) { - var d = new Uint8Array(32); - pack25519(d, a); - return d[0] & 1; -} - -function unpack25519(o, n) { - var i; - for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); - o[15] &= 0x7fff; -} - -function A(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; -} - -function Z(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; -} - -function M(o, a, b) { - var v, c, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, - t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, - t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, - b0 = b[0], - b1 = b[1], - b2 = b[2], - b3 = b[3], - b4 = b[4], - b5 = b[5], - b6 = b[6], - b7 = b[7], - b8 = b[8], - b9 = b[9], - b10 = b[10], - b11 = b[11], - b12 = b[12], - b13 = b[13], - b14 = b[14], - b15 = b[15]; - - v = a[0]; - t0 += v * b0; - t1 += v * b1; - t2 += v * b2; - t3 += v * b3; - t4 += v * b4; - t5 += v * b5; - t6 += v * b6; - t7 += v * b7; - t8 += v * b8; - t9 += v * b9; - t10 += v * b10; - t11 += v * b11; - t12 += v * b12; - t13 += v * b13; - t14 += v * b14; - t15 += v * b15; - v = a[1]; - t1 += v * b0; - t2 += v * b1; - t3 += v * b2; - t4 += v * b3; - t5 += v * b4; - t6 += v * b5; - t7 += v * b6; - t8 += v * b7; - t9 += v * b8; - t10 += v * b9; - t11 += v * b10; - t12 += v * b11; - t13 += v * b12; - t14 += v * b13; - t15 += v * b14; - t16 += v * b15; - v = a[2]; - t2 += v * b0; - t3 += v * b1; - t4 += v * b2; - t5 += v * b3; - t6 += v * b4; - t7 += v * b5; - t8 += v * b6; - t9 += v * b7; - t10 += v * b8; - t11 += v * b9; - t12 += v * b10; - t13 += v * b11; - t14 += v * b12; - t15 += v * b13; - t16 += v * b14; - t17 += v * b15; - v = a[3]; - t3 += v * b0; - t4 += v * b1; - t5 += v * b2; - t6 += v * b3; - t7 += v * b4; - t8 += v * b5; - t9 += v * b6; - t10 += v * b7; - t11 += v * b8; - t12 += v * b9; - t13 += v * b10; - t14 += v * b11; - t15 += v * b12; - t16 += v * b13; - t17 += v * b14; - t18 += v * b15; - v = a[4]; - t4 += v * b0; - t5 += v * b1; - t6 += v * b2; - t7 += v * b3; - t8 += v * b4; - t9 += v * b5; - t10 += v * b6; - t11 += v * b7; - t12 += v * b8; - t13 += v * b9; - t14 += v * b10; - t15 += v * b11; - t16 += v * b12; - t17 += v * b13; - t18 += v * b14; - t19 += v * b15; - v = a[5]; - t5 += v * b0; - t6 += v * b1; - t7 += v * b2; - t8 += v * b3; - t9 += v * b4; - t10 += v * b5; - t11 += v * b6; - t12 += v * b7; - t13 += v * b8; - t14 += v * b9; - t15 += v * b10; - t16 += v * b11; - t17 += v * b12; - t18 += v * b13; - t19 += v * b14; - t20 += v * b15; - v = a[6]; - t6 += v * b0; - t7 += v * b1; - t8 += v * b2; - t9 += v * b3; - t10 += v * b4; - t11 += v * b5; - t12 += v * b6; - t13 += v * b7; - t14 += v * b8; - t15 += v * b9; - t16 += v * b10; - t17 += v * b11; - t18 += v * b12; - t19 += v * b13; - t20 += v * b14; - t21 += v * b15; - v = a[7]; - t7 += v * b0; - t8 += v * b1; - t9 += v * b2; - t10 += v * b3; - t11 += v * b4; - t12 += v * b5; - t13 += v * b6; - t14 += v * b7; - t15 += v * b8; - t16 += v * b9; - t17 += v * b10; - t18 += v * b11; - t19 += v * b12; - t20 += v * b13; - t21 += v * b14; - t22 += v * b15; - v = a[8]; - t8 += v * b0; - t9 += v * b1; - t10 += v * b2; - t11 += v * b3; - t12 += v * b4; - t13 += v * b5; - t14 += v * b6; - t15 += v * b7; - t16 += v * b8; - t17 += v * b9; - t18 += v * b10; - t19 += v * b11; - t20 += v * b12; - t21 += v * b13; - t22 += v * b14; - t23 += v * b15; - v = a[9]; - t9 += v * b0; - t10 += v * b1; - t11 += v * b2; - t12 += v * b3; - t13 += v * b4; - t14 += v * b5; - t15 += v * b6; - t16 += v * b7; - t17 += v * b8; - t18 += v * b9; - t19 += v * b10; - t20 += v * b11; - t21 += v * b12; - t22 += v * b13; - t23 += v * b14; - t24 += v * b15; - v = a[10]; - t10 += v * b0; - t11 += v * b1; - t12 += v * b2; - t13 += v * b3; - t14 += v * b4; - t15 += v * b5; - t16 += v * b6; - t17 += v * b7; - t18 += v * b8; - t19 += v * b9; - t20 += v * b10; - t21 += v * b11; - t22 += v * b12; - t23 += v * b13; - t24 += v * b14; - t25 += v * b15; - v = a[11]; - t11 += v * b0; - t12 += v * b1; - t13 += v * b2; - t14 += v * b3; - t15 += v * b4; - t16 += v * b5; - t17 += v * b6; - t18 += v * b7; - t19 += v * b8; - t20 += v * b9; - t21 += v * b10; - t22 += v * b11; - t23 += v * b12; - t24 += v * b13; - t25 += v * b14; - t26 += v * b15; - v = a[12]; - t12 += v * b0; - t13 += v * b1; - t14 += v * b2; - t15 += v * b3; - t16 += v * b4; - t17 += v * b5; - t18 += v * b6; - t19 += v * b7; - t20 += v * b8; - t21 += v * b9; - t22 += v * b10; - t23 += v * b11; - t24 += v * b12; - t25 += v * b13; - t26 += v * b14; - t27 += v * b15; - v = a[13]; - t13 += v * b0; - t14 += v * b1; - t15 += v * b2; - t16 += v * b3; - t17 += v * b4; - t18 += v * b5; - t19 += v * b6; - t20 += v * b7; - t21 += v * b8; - t22 += v * b9; - t23 += v * b10; - t24 += v * b11; - t25 += v * b12; - t26 += v * b13; - t27 += v * b14; - t28 += v * b15; - v = a[14]; - t14 += v * b0; - t15 += v * b1; - t16 += v * b2; - t17 += v * b3; - t18 += v * b4; - t19 += v * b5; - t20 += v * b6; - t21 += v * b7; - t22 += v * b8; - t23 += v * b9; - t24 += v * b10; - t25 += v * b11; - t26 += v * b12; - t27 += v * b13; - t28 += v * b14; - t29 += v * b15; - v = a[15]; - t15 += v * b0; - t16 += v * b1; - t17 += v * b2; - t18 += v * b3; - t19 += v * b4; - t20 += v * b5; - t21 += v * b6; - t22 += v * b7; - t23 += v * b8; - t24 += v * b9; - t25 += v * b10; - t26 += v * b11; - t27 += v * b12; - t28 += v * b13; - t29 += v * b14; - t30 += v * b15; - - t0 += 38 * t16; - t1 += 38 * t17; - t2 += 38 * t18; - t3 += 38 * t19; - t4 += 38 * t20; - t5 += 38 * t21; - t6 += 38 * t22; - t7 += 38 * t23; - t8 += 38 * t24; - t9 += 38 * t25; - t10 += 38 * t26; - t11 += 38 * t27; - t12 += 38 * t28; - t13 += 38 * t29; - t14 += 38 * t30; - // t15 left as is - - // first car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - // second car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - o[ 0] = t0; - o[ 1] = t1; - o[ 2] = t2; - o[ 3] = t3; - o[ 4] = t4; - o[ 5] = t5; - o[ 6] = t6; - o[ 7] = t7; - o[ 8] = t8; - o[ 9] = t9; - o[10] = t10; - o[11] = t11; - o[12] = t12; - o[13] = t13; - o[14] = t14; - o[15] = t15; -} - -function S(o, a) { - M(o, a, a); -} - -function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 253; a >= 0; a--) { - S(c, c); - if(a !== 2 && a !== 4) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 250; a >= 0; a--) { - S(c, c); - if(a !== 1) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function crypto_scalarmult(q, n, p) { - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; -} - -function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); -} - -function crypto_box_keypair(y, x) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); -} - -function add(p, q) { - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(), - g = gf(), h = gf(), t = gf(); - - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); -} - -function cswap(p, q, b) { - var i; - for (i = 0; i < 4; i++) { - sel25519(p[i], q[i], b); - } -} - -function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; -} - -function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = (s[(i/8)|0] >> (i&7)) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } -} - -function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); -} - -function crypto_sign_keypair(pk, sk, seeded) { - var d; - var p = [gf(), gf(), gf(), gf()]; - var i; - - if (!seeded) randombytes(sk, 32); - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - scalarbase(p, d); - pack(pk, p); - - for (i = 0; i < 32; i++) sk[i+32] = pk[i]; - return 0; -} - -var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - -function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = Math.floor((x[j] + 128) / 256); - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; j++) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; j++) x[j] -= carry * L[j]; - for (i = 0; i < 32; i++) { - x[i+1] += x[i] >> 8; - r[i] = x[i] & 255; - } -} - -function reduce(r) { - var x = new Float64Array(64), i; - for (i = 0; i < 64; i++) x[i] = r[i]; - for (i = 0; i < 64; i++) r[i] = 0; - modL(r, x); -} - -// Note: difference from C - smlen returned, not passed as argument. -function crypto_sign(sm, m, n, sk) { - var d, h, r; - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - var smlen = n + 64; - for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - - r = nacl.hash(sm.subarray(32, smlen)); - reduce(r); - scalarbase(p, r); - pack(sm, p); - - for (i = 32; i < 64; i++) sm[i] = sk[i]; - h = nacl.hash(sm.subarray(0, smlen)); - reduce(h); - - for (i = 0; i < 64; i++) x[i] = 0; - for (i = 0; i < 32; i++) x[i] = r[i]; - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - x[i+j] += h[i] * d[j]; - } - } - - modL(sm.subarray(32), x); - return smlen; -} - -function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), - den = gf(), den2 = gf(), den4 = gf(), - den6 = gf(); - - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) M(r[0], r[0], I); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) return -1; - - if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); - - M(r[3], r[0], r[1]); - return 0; -} - -function crypto_sign_open(m, sm, n, pk) { - var i; - var t = new Uint8Array(32), h; - var p = [gf(), gf(), gf(), gf()], - q = [gf(), gf(), gf(), gf()]; - - if (n < 64) return -1; - - if (unpackneg(q, pk)) return -1; - - for (i = 0; i < n; i++) m[i] = sm[i]; - for (i = 0; i < 32; i++) m[i+32] = pk[i]; - h = nacl.hash(m.subarray(0, n)); - reduce(h); - scalarmult(p, q, h); - - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; i++) m[i] = 0; - return -1; - } - - for (i = 0; i < n; i++) m[i] = sm[i + 64]; - return n; -} - -var crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_sign_BYTES = 64, - crypto_sign_PUBLICKEYBYTES = 32, - crypto_sign_SECRETKEYBYTES = 64, - crypto_sign_SEEDBYTES = 32; - -function checkArrayTypes() { - for (var i = 0; i < arguments.length; i++) { - if (!(arguments[i] instanceof Uint8Array)) - throw new TypeError('unexpected type, use Uint8Array'); - } -} - -function cleanup(arr) { - for (var i = 0; i < arr.length; i++) arr[i] = 0; -} - -nacl.scalarMult = function(n, p) { - checkArrayTypes(n, p); - if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); - if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); - var q = new Uint8Array(crypto_scalarmult_BYTES); - crypto_scalarmult(q, n, p); - return q; -}; - -nacl.box = {}; - -nacl.box.keyPair = function() { - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.box.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign = function(msg, secretKey) { - checkArrayTypes(msg, secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); - crypto_sign(signedMsg, msg, msg.length, secretKey); - return signedMsg; -}; - -nacl.sign.detached = function(msg, secretKey) { - var signedMsg = nacl.sign(msg, secretKey); - var sig = new Uint8Array(crypto_sign_BYTES); - for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; - return sig; -}; - -nacl.sign.detached.verify = function(msg, sig, publicKey) { - checkArrayTypes(msg, sig, publicKey); - if (sig.length !== crypto_sign_BYTES) - throw new Error('bad signature size'); - if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) - throw new Error('bad public key size'); - var sm = new Uint8Array(crypto_sign_BYTES + msg.length); - var m = new Uint8Array(crypto_sign_BYTES + msg.length); - var i; - for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; - for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; - return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); -}; - -nacl.sign.keyPair = function() { - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.sign.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign.keyPair.fromSeed = function(seed) { - checkArrayTypes(seed); - if (seed.length !== crypto_sign_SEEDBYTES) - throw new Error('bad seed size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - for (var i = 0; i < 32; i++) sk[i] = seed[i]; - crypto_sign_keypair(pk, sk, true); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.setPRNG = function(fn) { - randombytes = fn; -}; - -(function() { - // Initialize PRNG if environment provides CSPRNG. - // If not, methods calling randombytes will throw. - var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; - if (crypto && crypto.getRandomValues) { - // Browsers. - var QUOTA = 65536; - nacl.setPRNG(function(x, n) { - var i, v = new Uint8Array(n); - for (i = 0; i < n; i += QUOTA) { - crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); - } - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } else if (typeof commonjsRequire !== 'undefined') { - // Node.js. - crypto = crypto$3; - if (crypto && crypto.randomBytes) { - nacl.setPRNG(function(x, n) { - var i, v = crypto.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } - } -})(); - -})(module.exports ? module.exports : (self.nacl = self.nacl || {})); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const nodeCrypto$5 = util.getNodeCrypto(); - -/** - * Retrieve secure random byte array of the specified length - * @param {Integer} length - Length in bytes to generate - * @returns {Uint8Array} Random byte array. - */ -function getRandomBytes(length) { - const buf = new Uint8Array(length); - if (nodeCrypto$5) { - const bytes = nodeCrypto$5.randomBytes(buf.length); - buf.set(bytes); - } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) { - crypto.getRandomValues(buf); - } else { - throw new Error('No secure random number generator available.'); - } - return buf; -} - -/** - * Create a secure random BigInteger that is greater than or equal to min and less than max. - * @param {module:BigInteger} min - Lower bound, included - * @param {module:BigInteger} max - Upper bound, excluded - * @returns {Promise} Random BigInteger. - * @async - */ -async function getRandomBigInteger(min, max) { - const BigInteger = await util.getBigInteger(); - - if (max.lt(min)) { - throw new Error('Illegal parameter value: max <= min'); - } - - const modulus = max.sub(min); - const bytes = modulus.byteLength(); - - // Using a while loop is necessary to avoid bias introduced by the mod operation. - // However, we request 64 extra random bits so that the bias is negligible. - // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - const r = new BigInteger(await getRandomBytes(bytes + 8)); - return r.mod(modulus).add(min); -} - -var random = /*#__PURE__*/Object.freeze({ - __proto__: null, - getRandomBytes: getRandomBytes, - getRandomBigInteger: getRandomBigInteger -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Generate a probably prime random number - * @param {Integer} bits - Bit length of the prime - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns BigInteger - * @async - */ -async function randomProbablePrime(bits, e, k) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - const min = one.leftShift(new BigInteger(bits - 1)); - const thirty = new BigInteger(30); - /* - * We can avoid any multiples of 3 and 5 by looking at n mod 30 - * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 - * the next possible prime is mod 30: - * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 - */ - const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; - - const n = await getRandomBigInteger(min, min.leftShift(one)); - let i = n.mod(thirty).toNumber(); - - do { - n.iadd(new BigInteger(adds[i])); - i = (i + adds[i]) % adds.length; - // If reached the maximum, go back to the minimum. - if (n.bitLength() > bits) { - n.imod(min.leftShift(one)).iadd(min); - i = n.mod(thirty).toNumber(); - } - } while (!await isProbablePrime(n, e, k)); - return n; -} - -/** - * Probabilistic primality testing - * @param {BigInteger} n - Number to test - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns {boolean} - * @async - */ -async function isProbablePrime(n, e, k) { - if (e && !n.dec().gcd(e).isOne()) { - return false; - } - if (!await divisionTest(n)) { - return false; - } - if (!await fermat(n)) { - return false; - } - if (!await millerRabin(n, k)) { - return false; - } - // TODO implement the Lucas test - // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - return true; -} - -/** - * Tests whether n is probably prime or not using Fermat's test with b = 2. - * Fails if b^(n-1) mod n != 1. - * @param {BigInteger} n - Number to test - * @param {BigInteger} b - Optional Fermat test base - * @returns {boolean} - */ -async function fermat(n, b) { - const BigInteger = await util.getBigInteger(); - b = b || new BigInteger(2); - return b.modExp(n.dec(), n).isOne(); -} - -async function divisionTest(n) { - const BigInteger = await util.getBigInteger(); - return smallPrimes.every(m => { - return n.mod(new BigInteger(m)) !== 0; - }); -} - -// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c -const smallPrimes = [ - 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 -]; - - -// Miller-Rabin - Miller Rabin algorithm for primality test -// Copyright Fedor Indutny, 2014. -// -// This software is licensed under the MIT License. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin - -// Sample syntax for Fixed-Base Miller-Rabin: -// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) - -/** - * Tests whether n is probably prime or not using the Miller-Rabin test. - * See HAC Remark 4.28. - * @param {BigInteger} n - Number to test - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @param {Function} rand - Optional function to generate potential witnesses - * @returns {boolean} - * @async - */ -async function millerRabin(n, k, rand) { - const BigInteger = await util.getBigInteger(); - const len = n.bitLength(); - - if (!k) { - k = Math.max(1, (len / 48) | 0); - } - - const n1 = n.dec(); // n - 1 - - // Find d and s, (n - 1) = (2 ^ s) * d; - let s = 0; - while (!n1.getBit(s)) { s++; } - const d = n.rightShift(new BigInteger(s)); - - for (; k > 0; k--) { - const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1); - - let x = a.modExp(d, n); - if (x.isOne() || x.equal(n1)) { - continue; - } - - let i; - for (i = 1; i < s; i++) { - x = x.mul(x).mod(n); - - if (x.isOne()) { - return false; - } - if (x.equal(n1)) { - break; - } - } - - if (i === s) { - return false; - } - } - - return true; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ASN1 object identifiers for hashes - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} - */ -const hash_headers = []; -hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, - 0x10]; -hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; -hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; -hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, - 0x04, 0x20]; -hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, - 0x04, 0x30]; -hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, - 0x00, 0x04, 0x40]; -hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, - 0x00, 0x04, 0x1C]; - -/** - * Create padding with secure random data - * @private - * @param {Integer} length - Length of the padding in bytes - * @returns {Uint8Array} Random padding. - */ -function getPKCS1Padding(length) { - const result = new Uint8Array(length); - let count = 0; - while (count < length) { - const randomBytes = getRandomBytes(length - count); - for (let i = 0; i < randomBytes.length; i++) { - if (randomBytes[i] !== 0) { - result[count++] = randomBytes[i]; - } - } - } - return result; -} - -/** - * Create a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} - * @param {Uint8Array} message - Message to be encoded - * @param {Integer} keyLength - The length in octets of the key modulus - * @returns {Uint8Array} EME-PKCS1 padded message. - */ -function emeEncode(message, keyLength) { - const mLength = message.length; - // length checking - if (mLength > keyLength - 11) { - throw new Error('Message too long'); - } - // Generate an octet string PS of length k - mLen - 3 consisting of - // pseudo-randomly generated nonzero octets - const PS = getPKCS1Padding(keyLength - mLength - 3); - // Concatenate PS, the message M, and other padding to form an - // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. - const encoded = new Uint8Array(keyLength); - // 0x00 byte - encoded[1] = 2; - encoded.set(PS, 2); - // 0x00 bytes - encoded.set(message, keyLength - mLength); - return encoded; -} - -/** - * Decode a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} - * @param {Uint8Array} encoded - Encoded message bytes - * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) - * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) - * @throws {Error} on decoding failure, unless `randomPayload` is provided - */ -function emeDecode(encoded, randomPayload) { - // encoded format: 0x00 0x02 0x00 - let offset = 2; - let separatorNotFound = 1; - for (let j = offset; j < encoded.length; j++) { - separatorNotFound &= encoded[j] !== 0; - offset += separatorNotFound; - } - - const psLen = offset - 2; - const payload = encoded.subarray(offset + 1); // discard the 0x00 separator - const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - - if (randomPayload) { - return util.selectUint8Array(isValidPadding, payload, randomPayload); - } - - if (isValidPadding) { - return payload; - } - - throw new Error('Decryption error'); -} - -/** - * Create a EMSA-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} - * @param {Integer} algo - Hash algorithm type used - * @param {Uint8Array} hashed - Message to be encoded - * @param {Integer} emLen - Intended length in octets of the encoded message - * @returns {Uint8Array} Encoded message. - */ -async function emsaEncode(algo, hashed, emLen) { - let i; - if (hashed.length !== hash.getHashByteLength(algo)) { - throw new Error('Invalid hash length'); - } - // produce an ASN.1 DER value for the hash function used. - // Let T be the full hash prefix - const hashPrefix = new Uint8Array(hash_headers[algo].length); - for (i = 0; i < hash_headers[algo].length; i++) { - hashPrefix[i] = hash_headers[algo][i]; - } - // and let tLen be the length in octets prefix and hashed data - const tLen = hashPrefix.length + hashed.length; - if (emLen < tLen + 11) { - throw new Error('Intended encoded message length too short'); - } - // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF - // The length of PS will be at least 8 octets - const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - - // Concatenate PS, the hash prefix, hashed data, and other padding to form the - // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed - const EM = new Uint8Array(emLen); - EM[1] = 0x01; - EM.set(PS, 2); - EM.set(hashPrefix, emLen - tLen); - EM.set(hashed, emLen - hashed.length); - return EM; -} - -var pkcs1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - emeEncode: emeEncode, - emeDecode: emeDecode, - emsaEncode: emsaEncode -}); - -const webCrypto$5 = util.getWebCrypto(); -const nodeCrypto$6 = util.getNodeCrypto(); -const asn1 = nodeCrypto$6 ? asn1$2 : undefined; - -/* eslint-disable no-invalid-this */ -const RSAPrivateKey = nodeCrypto$6 ? asn1.define('RSAPrivateKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('version').int(), // 0 - this.key('modulus').int(), // n - this.key('publicExponent').int(), // e - this.key('privateExponent').int(), // d - this.key('prime1').int(), // p - this.key('prime2').int(), // q - this.key('exponent1').int(), // dp - this.key('exponent2').int(), // dq - this.key('coefficient').int() // u - ); -}) : undefined; - -const RSAPublicKey = nodeCrypto$6 ? asn1.define('RSAPubliceKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('modulus').int(), // n - this.key('publicExponent').int() // e - ); -}) : undefined; -/* eslint-enable no-invalid-this */ - -/** Create signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} hashed - Hashed message - * @returns {Promise} RSA Signature. - * @async - */ -async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeSign(hashAlgo, data, n, e, d, p, q, u); - } - } - return bnSign(hashAlgo, n, d, hashed); -} - -/** - * Verify signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} s - Signature - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} hashed - Hashed message - * @returns {Boolean} - * @async - */ -async function verify(hashAlgo, data, s, n, e, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeVerify(hashAlgo, data, s, n, e); - } - } - return bnVerify(hashAlgo, s, n, e, hashed); -} - -/** - * Encrypt message - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @returns {Promise} RSA Ciphertext. - * @async - */ -async function encrypt$1(data, n, e) { - if (util.getNodeCrypto()) { - return nodeEncrypt$1(data, n, e); - } - return bnEncrypt(data, n, e); -} - -/** - * Decrypt RSA message - * @param {Uint8Array} m - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} RSA Plaintext. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$1(data, n, e, d, p, q, u, randomPayload) { - // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, - // and we want to avoid checking the error type to decide if the random payload - // should indeed be returned. - if (util.getNodeCrypto() && !randomPayload) { - try { - return await nodeDecrypt$1(data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } - return bnDecrypt(data, n, e, d, p, q, u, randomPayload); -} - -/** - * Generate a new random private key B bits long with public exponent E. - * - * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using - * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. - * @see module:crypto/public_key/prime - * @param {Integer} bits - RSA bit length - * @param {Integer} e - RSA public exponent - * @returns {{n, e, d, - * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, - * RSA private prime p, RSA private prime q, u = p ** -1 mod q - * @async - */ -async function generate(bits, e) { - const BigInteger = await util.getBigInteger(); - - e = new BigInteger(e); - - // Native RSA keygen using Web Crypto - if (util.getWebCrypto()) { - const keyGenOpt = { - name: 'RSASSA-PKCS1-v1_5', - modulusLength: bits, // the specified keysize in bits - publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent - hash: { - name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' - } - }; - const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - - // export the generated keys as JsonWebKey (JWK) - // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 - const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); - // map JWK parameters to corresponding OpenPGP names - return { - n: b64ToUint8Array(jwk.n), - e: e.toUint8Array(), - d: b64ToUint8Array(jwk.d), - // switch p and q - p: b64ToUint8Array(jwk.q), - q: b64ToUint8Array(jwk.p), - // Since p and q are switched in places, u is the inverse of jwk.q - u: b64ToUint8Array(jwk.qi) - }; - } else if (util.getNodeCrypto() && nodeCrypto$6.generateKeyPair && RSAPrivateKey) { - const opts = { - modulusLength: bits, - publicExponent: e.toNumber(), - publicKeyEncoding: { type: 'pkcs1', format: 'der' }, - privateKeyEncoding: { type: 'pkcs1', format: 'der' } - }; - const prv = await new Promise((resolve, reject) => { - nodeCrypto$6.generateKeyPair('rsa', opts, (err, _, der) => { - if (err) { - reject(err); - } else { - resolve(RSAPrivateKey.decode(der, 'der')); - } - }); - }); - /** - * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`. - * @link https://tools.ietf.org/html/rfc3447#section-3.2 - * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1 - */ - return { - n: prv.modulus.toArrayLike(Uint8Array), - e: prv.publicExponent.toArrayLike(Uint8Array), - d: prv.privateExponent.toArrayLike(Uint8Array), - // switch p and q - p: prv.prime2.toArrayLike(Uint8Array), - q: prv.prime1.toArrayLike(Uint8Array), - // Since p and q are switched in places, we can keep u as defined by DER - u: prv.coefficient.toArrayLike(Uint8Array) - }; - } - - // RSA keygen fallback using 40 iterations of the Miller-Rabin test - // See https://stackoverflow.com/a/6330138 for justification - // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST - let p; - let q; - let n; - do { - q = await randomProbablePrime(bits - (bits >> 1), e, 40); - p = await randomProbablePrime(bits >> 1, e, 40); - n = p.mul(q); - } while (n.bitLength() !== bits); - - const phi = p.dec().imul(q.dec()); - - if (q.lt(p)) { - [p, q] = [q, p]; - } - - return { - n: n.toUint8Array(), - e: e.toUint8Array(), - d: e.modInv(phi).toUint8Array(), - p: p.toUint8Array(), - q: q.toUint8Array(), - // dp: d.mod(p.subn(1)), - // dq: d.mod(q.subn(1)), - u: p.modInv(q).toUint8Array() - }; -} - -/** - * Validate RSA parameters - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA inverse of p w.r.t. q - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - p = new BigInteger(p); - q = new BigInteger(q); - - // expect pq = n - if (!p.mul(q).equal(n)) { - return false; - } - - const two = new BigInteger(2); - // expect p*u = 1 mod q - u = new BigInteger(u); - if (!p.mul(u).mod(q).isOne()) { - return false; - } - - e = new BigInteger(e); - d = new BigInteger(d); - /** - * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) - * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] - * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] - * - * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) - */ - const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3)); - const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q - const rde = r.mul(d).mul(e); - - const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r); - if (!areInverses) { - return false; - } - - return true; -} - -async function bnSign(hashAlgo, n, d, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength())); - d = new BigInteger(d); - if (m.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return m.modExp(d, n).toUint8Array('be', n.byteLength()); -} - -async function webSign(hashName, data, n, e, d, p, q, u) { - /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. - * We swap them in privateToJWK, so it usually works out, but nevertheless, - * not all OpenPGP keys are compatible with this requirement. - * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still - * does if the underlying Web Crypto does so (though the tested implementations - * don't do so). - */ - const jwk = await privateToJWK(n, e, d, p, q, u); - const algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }; - const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); - return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); -} - -async function nodeSign(hashAlgo, data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const sign = nodeCrypto$6.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(data); - sign.end(); - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPrivateKey.encode(keyObject, 'der'); - return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' })); - } - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - return new Uint8Array(sign.sign(pem)); -} - -async function bnVerify(hashAlgo, s, n, e, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - s = new BigInteger(s); - e = new BigInteger(e); - if (s.gte(n)) { - throw new Error('Signature size cannot exceed modulus size'); - } - const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength()); - const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength()); - return util.equalsUint8Array(EM1, EM2); -} - -async function webVerify(hashName, data, s, n, e) { - const jwk = publicToJWK(n, e); - const key = await webCrypto$5.importKey('jwk', jwk, { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }, false, ['verify']); - return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); -} - -async function nodeVerify(hashAlgo, data, s, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$6.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(data); - verify.end(); - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1' }; - } else { - key = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - } - try { - return await verify.verify(key, s); - } catch (err) { - return false; - } -} - -async function nodeEncrypt$1(data, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - return new Uint8Array(nodeCrypto$6.publicEncrypt(key, data)); -} - -async function bnEncrypt(data, n, e) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - data = new BigInteger(emeEncode(data, n.byteLength())); - e = new BigInteger(e); - if (data.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return data.modExp(e, n).toUint8Array('be', n.byteLength()); -} - -async function nodeDecrypt$1(data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPrivateKey.encode(keyObject, 'der'); - key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - try { - return new Uint8Array(nodeCrypto$6.privateDecrypt(key, data)); - } catch (err) { - throw new Error('Decryption error'); - } -} - -async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { - const BigInteger = await util.getBigInteger(); - data = new BigInteger(data); - n = new BigInteger(n); - e = new BigInteger(e); - d = new BigInteger(d); - p = new BigInteger(p); - q = new BigInteger(q); - u = new BigInteger(u); - if (data.gte(n)) { - throw new Error('Data too large.'); - } - const dq = d.mod(q.dec()); // d mod (q-1) - const dp = d.mod(p.dec()); // d mod (p-1) - - const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n); - const blinder = unblinder.modInv(n).modExp(e, n); - data = data.mul(blinder).mod(n); - - - const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p - const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q - const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q) - - let result = h.mul(p).add(mp); // result < n due to relations above - - result = result.mul(unblinder).mod(n); - - - return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload); -} - -/** Convert Openpgp private key params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - * @param {Uint8Array} d - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} u - */ -async function privateToJWK(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - const pNum = new BigInteger(p); - const qNum = new BigInteger(q); - const dNum = new BigInteger(d); - - let dq = dNum.mod(qNum.dec()); // d mod (q-1) - let dp = dNum.mod(pNum.dec()); // d mod (p-1) - dp = dp.toUint8Array(); - dq = dq.toUint8Array(); - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - d: uint8ArrayToB64(d, true), - // switch p and q - p: uint8ArrayToB64(q, true), - q: uint8ArrayToB64(p, true), - // switch dp and dq - dp: uint8ArrayToB64(dq, true), - dq: uint8ArrayToB64(dp, true), - qi: uint8ArrayToB64(u, true), - ext: true - }; -} - -/** Convert Openpgp key public params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - */ -function publicToJWK(n, e) { - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - ext: true - }; -} - -var rsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign, - verify: verify, - encrypt: encrypt$1, - decrypt: decrypt$1, - generate: generate, - validateParams: validateParams -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ElGamal Encryption function - * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) - * @param {Uint8Array} data - To be padded and encrypted - * @param {Uint8Array} p - * @param {Uint8Array} g - * @param {Uint8Array} y - * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} - * @async - */ -async function encrypt$2(data, p, g, y) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const padded = emeEncode(data, p.byteLength()); - const m = new BigInteger(padded); - - // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* - // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] - const k = await getRandomBigInteger(new BigInteger(1), p.dec()); - return { - c1: g.modExp(k, p).toUint8Array(), - c2: y.modExp(k, p).imul(m).imod(p).toUint8Array() - }; -} - -/** - * ElGamal Encryption function - * @param {Uint8Array} c1 - * @param {Uint8Array} c2 - * @param {Uint8Array} p - * @param {Uint8Array} x - * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} Unpadded message. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$2(c1, c2, p, x, randomPayload) { - const BigInteger = await util.getBigInteger(); - c1 = new BigInteger(c1); - c2 = new BigInteger(c2); - p = new BigInteger(p); - x = new BigInteger(x); - - const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p); - return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload); -} - -/** - * Validate ElGamal parameters - * @param {Uint8Array} p - ElGamal prime - * @param {Uint8Array} g - ElGamal group generator - * @param {Uint8Array} y - ElGamal public key - * @param {Uint8Array} x - ElGamal private exponent - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$1(p, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - // Expect p-1 to be large - const pSize = new BigInteger(p.bitLength()); - const n1023 = new BigInteger(1023); - if (pSize.lt(n1023)) { - return false; - } - - /** - * g should have order p-1 - * Check that g ** (p-1) = 1 mod p - */ - if (!g.modExp(p.dec(), p).isOne()) { - return false; - } - - /** - * Since p-1 is not prime, g might have a smaller order that divides p-1 - * We want to make sure that the order is large enough to hinder a small subgroup attack - * - * We just check g**i != 1 for all i up to a threshold - */ - let res = g; - const i = new BigInteger(1); - const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold - while (i.lt(threshold)) { - res = res.mul(g).imod(p); - if (res.isOne()) { - return false; - } - i.iinc(); - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{r(p-1) + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1 - const rqx = p.dec().imul(r).iadd(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var elgamal = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt$2, - decrypt: decrypt$2, - validateParams: validateParams$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class OID { - constructor(oid) { - if (oid instanceof OID) { - this.oid = oid.oid; - } else if (util.isArray(oid) || - util.isUint8Array(oid)) { - oid = new Uint8Array(oid); - if (oid[0] === 0x06) { // DER encoded oid byte array - if (oid[1] !== oid.length - 2) { - throw new Error('Length mismatch in DER encoded oid'); - } - oid = oid.subarray(2); - } - this.oid = oid; - } else { - this.oid = ''; - } - } - - /** - * Method to read an OID object - * @param {Uint8Array} input - Where to read the OID from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length >= 1) { - const length = input[0]; - if (input.length >= 1 + length) { - this.oid = input.subarray(1, 1 + length); - return 1 + this.oid.length; - } - } - throw new Error('Invalid oid'); - } - - /** - * Serialize an OID object - * @returns {Uint8Array} Array with the serialized value the OID. - */ - write() { - return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); - } - - /** - * Serialize an OID object as a hex string - * @returns {string} String with the hex value of the OID. - */ - toHex() { - return util.uint8ArrayToHex(this.oid); - } - - /** - * If a known curve object identifier, return the canonical name of the curve - * @returns {string} String with the canonical name of the curve. - */ - getName() { - const hex = this.toHex(); - if (enums.curve[hex]) { - return enums.write(enums.curve, hex); - } else { - throw new Error('Unknown curve object identifier.'); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -function keyFromPrivate(indutnyCurve, priv) { - const keyPair = indutnyCurve.keyPair({ priv: priv }); - return keyPair; -} - -function keyFromPublic(indutnyCurve, pub) { - const keyPair = indutnyCurve.keyPair({ pub: pub }); - if (keyPair.validate().result !== true) { - throw new Error('Invalid elliptic public key'); - } - return keyPair; -} - -async function getIndutnyCurve(name) { - if (!config.useIndutnyElliptic) { - throw new Error('This curve is only supported in the full build of OpenPGP.js'); - } - const { default: elliptic } = await Promise.resolve().then(function () { return elliptic$1; }); - return new elliptic.ec(name); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -function readSimpleLength(bytes) { - let len = 0; - let offset; - const type = bytes[0]; - - - if (type < 192) { - [len] = bytes; - offset = 1; - } else if (type < 255) { - len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; - offset = 2; - } else if (type === 255) { - len = util.readNumber(bytes.subarray(1, 1 + 4)); - offset = 5; - } - - return { - len: len, - offset: offset - }; -} - -/** - * Encodes a given integer of length to the openpgp length specifier to a - * string - * - * @param {Integer} length - The length to encode - * @returns {Uint8Array} String with openpgp length representation. - */ -function writeSimpleLength(length) { - if (length < 192) { - return new Uint8Array([length]); - } else if (length > 191 && length < 8384) { - /* - * let a = (total data packet length) - 192 let bc = two octet - * representation of a let d = b + 192 - */ - return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); - } - return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); -} - -function writePartialLength(power) { - if (power < 0 || power > 30) { - throw new Error('Partial Length power must be between 1 and 30'); - } - return new Uint8Array([224 + power]); -} - -function writeTag(tag_type) { - /* we're only generating v4 packet headers here */ - return new Uint8Array([0xC0 | tag_type]); -} - -/** - * Writes a packet header version 4 with the given tag_type and length to a - * string - * - * @param {Integer} tag_type - Tag type - * @param {Integer} length - Length of the payload - * @returns {String} String of the header. - */ -function writeHeader(tag_type, length) { - /* we're only generating v4 packet headers here */ - return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); -} - -/** - * Whether the packet type supports partial lengths per RFC4880 - * @param {Integer} tag - Tag type - * @returns {Boolean} String of the header. - */ -function supportsStreaming(tag) { - return [ - enums.packet.literalData, - enums.packet.compressedData, - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ].includes(tag); -} - -/** - * Generic static Packet Parser function - * - * @param {Uint8Array | ReadableStream} input - Input stream as string - * @param {Function} callback - Function to call with the parsed packet - * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. - */ -async function readPackets(input, callback) { - const reader = getReader(input); - let writer; - let callbackReturned; - try { - const peekedBytes = await reader.peekBytes(2); - // some sanity checks - if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { - throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); - } - const headerByte = await reader.readByte(); - let tag = -1; - let format = -1; - let packetLength; - - format = 0; // 0 = old format; 1 = new format - if ((headerByte & 0x40) !== 0) { - format = 1; - } - - let packetLengthType; - if (format) { - // new format header - tag = headerByte & 0x3F; // bit 5-0 - } else { - // old format header - tag = (headerByte & 0x3F) >> 2; // bit 5-2 - packetLengthType = headerByte & 0x03; // bit 1-0 - } - - const packetSupportsStreaming = supportsStreaming(tag); - let packet = null; - if (packetSupportsStreaming) { - if (util.isStream(input) === 'array') { - const arrayStream = new ArrayStream(); - writer = getWriter(arrayStream); - packet = arrayStream; - } else { - const transform = new TransformStream(); - writer = getWriter(transform.writable); - packet = transform.readable; - } - // eslint-disable-next-line callback-return - callbackReturned = callback({ tag, packet }); - } else { - packet = []; - } - - let wasPartialLength; - do { - if (!format) { - // 4.2.1. Old Format Packet Lengths - switch (packetLengthType) { - case 0: - // The packet has a one-octet length. The header is 2 octets - // long. - packetLength = await reader.readByte(); - break; - case 1: - // The packet has a two-octet length. The header is 3 octets - // long. - packetLength = (await reader.readByte() << 8) | await reader.readByte(); - break; - case 2: - // The packet has a four-octet length. The header is 5 - // octets long. - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - break; - default: - // 3 - The packet is of indeterminate length. The header is 1 - // octet long, and the implementation must determine how long - // the packet is. If the packet is in a file, this means that - // the packet extends until the end of the file. In general, - // an implementation SHOULD NOT use indeterminate-length - // packets except where the end of the data will be clear - // from the context, and even then it is better to use a - // definite length, or a new format header. The new format - // headers described below have a mechanism for precisely - // encoding data of indeterminate length. - packetLength = Infinity; - break; - } - } else { // 4.2.2. New Format Packet Lengths - // 4.2.2.1. One-Octet Lengths - const lengthByte = await reader.readByte(); - wasPartialLength = false; - if (lengthByte < 192) { - packetLength = lengthByte; - // 4.2.2.2. Two-Octet Lengths - } else if (lengthByte >= 192 && lengthByte < 224) { - packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; - // 4.2.2.4. Partial Body Lengths - } else if (lengthByte > 223 && lengthByte < 255) { - packetLength = 1 << (lengthByte & 0x1F); - wasPartialLength = true; - if (!packetSupportsStreaming) { - throw new TypeError('This packet type does not support partial lengths.'); - } - // 4.2.2.3. Five-Octet Lengths - } else { - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - } - } - if (packetLength > 0) { - let bytesRead = 0; - while (true) { - if (writer) await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (packetLength === Infinity) break; - throw new Error('Unexpected end of packet'); - } - const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); - if (writer) await writer.write(chunk); - else packet.push(chunk); - bytesRead += value.length; - if (bytesRead >= packetLength) { - reader.unshift(value.subarray(packetLength - bytesRead + value.length)); - break; - } - } - } - } while (wasPartialLength); - - // If this was not a packet that "supports streaming", we peek to check - // whether it is the last packet in the message. We peek 2 bytes instead - // of 1 because the beginning of this function also peeks 2 bytes, and we - // want to cut a `subarray` of the correct length into `web-stream-tools`' - // `externalBuffer` as a tiny optimization here. - // - // If it *was* a streaming packet (i.e. the data packets), we peek at the - // entire remainder of the stream, in order to forward errors in the - // remainder of the stream to the packet data. (Note that this means we - // read/peek at all signature packets before closing the literal data - // packet, for example.) This forwards MDC errors to the literal data - // stream, for example, so that they don't get lost / forgotten on - // decryptedMessage.packets.stream, which we never look at. - // - // An example of what we do when stream-parsing a message containing - // [ one-pass signature packet, literal data packet, signature packet ]: - // 1. Read the one-pass signature packet - // 2. Peek 2 bytes of the literal data packet - // 3. Parse the one-pass signature packet - // - // 4. Read the literal data packet, simultaneously stream-parsing it - // 5. Peek until the end of the message - // 6. Finish parsing the literal data packet - // - // 7. Read the signature packet again (we already peeked at it in step 5) - // 8. Peek at the end of the stream again (`peekBytes` returns undefined) - // 9. Parse the signature packet - // - // Note that this means that if there's an error in the very end of the - // stream, such as an MDC error, we throw in step 5 instead of in step 8 - // (or never), which is the point of this exercise. - const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); - if (writer) { - await writer.ready; - await writer.close(); - } else { - packet = util.concatUint8Array(packet); - // eslint-disable-next-line callback-return - await callback({ tag, packet }); - } - return !nextPacket || !nextPacket.length; - } catch (e) { - if (writer) { - await writer.abort(e); - return true; - } else { - throw e; - } - } finally { - if (writer) { - await callbackReturned; - } - reader.releaseLock(); - } -} - -class UnsupportedError extends Error { - constructor(...params) { - super(...params); - - if (Error.captureStackTrace) { - Error.captureStackTrace(this, UnsupportedError); - } - - this.name = 'UnsupportedError'; - } -} - -class UnparseablePacket { - constructor(tag, rawContent) { - this.tag = tag; - this.rawContent = rawContent; - } - - write() { - return this.rawContent; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$6 = util.getWebCrypto(); -const nodeCrypto$7 = util.getNodeCrypto(); - -const webCurves = { - 'p256': 'P-256', - 'p384': 'P-384', - 'p521': 'P-521' -}; -const knownCurves = nodeCrypto$7 ? nodeCrypto$7.getCurves() : []; -const nodeCurves = nodeCrypto$7 ? { - secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, - p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, - p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, - p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, - ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined, - curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined, - brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, - brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, - brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined -} : {}; - -const curves = { - p256: { - oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.p256, - web: webCurves.p256, - payloadSize: 32, - sharedSize: 256 - }, - p384: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.p384, - web: webCurves.p384, - payloadSize: 48, - sharedSize: 384 - }, - p521: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.p521, - web: webCurves.p521, - payloadSize: 66, - sharedSize: 528 - }, - secp256k1: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.secp256k1, - payloadSize: 32 - }, - ed25519: { - oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], - keyType: enums.publicKey.eddsaLegacy, - hash: enums.hash.sha512, - node: false, // nodeCurves.ed25519 TODO - payloadSize: 32 - }, - curve25519: { - oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], - keyType: enums.publicKey.ecdh, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: false, // nodeCurves.curve25519 TODO - payloadSize: 32 - }, - brainpoolP256r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.brainpoolP256r1, - payloadSize: 32 - }, - brainpoolP384r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.brainpoolP384r1, - payloadSize: 48 - }, - brainpoolP512r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.brainpoolP512r1, - payloadSize: 64 - } -}; - -class CurveWithOID { - constructor(oidOrName, params) { - try { - if (util.isArray(oidOrName) || - util.isUint8Array(oidOrName)) { - // by oid byte array - oidOrName = new OID(oidOrName); - } - if (oidOrName instanceof OID) { - // by curve OID - oidOrName = oidOrName.getName(); - } - // by curve name or oid string - this.name = enums.write(enums.curve, oidOrName); - } catch (err) { - throw new UnsupportedError('Unknown curve'); - } - params = params || curves[this.name]; - - this.keyType = params.keyType; - - this.oid = params.oid; - this.hash = params.hash; - this.cipher = params.cipher; - this.node = params.node && curves[this.name]; - this.web = params.web && curves[this.name]; - this.payloadSize = params.payloadSize; - if (this.web && util.getWebCrypto()) { - this.type = 'web'; - } else if (this.node && util.getNodeCrypto()) { - this.type = 'node'; - } else if (this.name === 'curve25519') { - this.type = 'curve25519'; - } else if (this.name === 'ed25519') { - this.type = 'ed25519'; - } - } - - async genKeyPair() { - let keyPair; - switch (this.type) { - case 'web': - try { - return await webGenKeyPair(this.name); - } catch (err) { - util.printDebugError('Browser did not support generating ec key ' + err.message); - break; - } - case 'node': - return nodeGenKeyPair(this.name); - case 'curve25519': { - const privateKey = getRandomBytes(32); - privateKey[0] = (privateKey[0] & 127) | 64; - privateKey[31] &= 248; - const secretKey = privateKey.slice().reverse(); - keyPair = naclFastLight.box.keyPair.fromSecretKey(secretKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - case 'ed25519': { - const privateKey = getRandomBytes(32); - const keyPair = naclFastLight.sign.keyPair.fromSeed(privateKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - } - const indutnyCurve = await getIndutnyCurve(this.name); - keyPair = await indutnyCurve.genKeyPair({ - entropy: util.uint8ArrayToString(getRandomBytes(32)) - }); - return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) }; - } -} - -async function generate$1(curve) { - const BigInteger = await util.getBigInteger(); - - curve = new CurveWithOID(curve); - const keyPair = await curve.genKeyPair(); - const Q = new BigInteger(keyPair.publicKey).toUint8Array(); - const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize); - return { - oid: curve.oid, - Q, - secret, - hash: curve.hash, - cipher: curve.cipher - }; -} - -/** - * Get preferred hash algo to use with the given curve - * @param {module:type/oid} oid - curve oid - * @returns {enums.hash} hash algorithm - */ -function getPreferredHashAlgo(oid) { - return curves[enums.write(enums.curve, oid.toHex())].hash; -} - -/** - * Validate ECDH and ECDSA parameters - * Not suitable for EdDSA (different secret key format) - * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves - * @param {module:type/oid} oid - EC object identifier - * @param {Uint8Array} Q - EC public point - * @param {Uint8Array} d - EC secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateStandardParams(algo, oid, Q, d) { - const supportedCurves = { - p256: true, - p384: true, - p521: true, - secp256k1: true, - curve25519: algo === enums.publicKey.ecdh, - brainpoolP256r1: true, - brainpoolP384r1: true, - brainpoolP512r1: true - }; - - // Check whether the given curve is supported - const curveName = oid.getName(); - if (!supportedCurves[curveName]) { - return false; - } - - if (curveName === 'curve25519') { - d = d.slice().reverse(); - // Re-derive public point Q' - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(d); - - Q = new Uint8Array(Q); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - if (!util.equalsUint8Array(dG, Q)) { - return false; - } - - return true; - } - - const curve = await getIndutnyCurve(curveName); - try { - // Parse Q and check that it is on the curve but not at infinity - Q = keyFromPublic(curve, Q).getPublic(); - } catch (validationErrors) { - return false; - } - - /** - * Re-derive public point Q' = dG from private key - * Expect Q == Q' - */ - const dG = keyFromPrivate(curve, d).getPublic(); - if (!dG.eq(Q)) { - return false; - } - - return true; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -async function webGenKeyPair(name) { - // Note: keys generated with ECDSA and ECDH are structurally equivalent - const webCryptoKey = await webCrypto$6.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - - const privateKey = await webCrypto$6.exportKey('jwk', webCryptoKey.privateKey); - const publicKey = await webCrypto$6.exportKey('jwk', webCryptoKey.publicKey); - - return { - publicKey: jwkToRawPublic(publicKey), - privateKey: b64ToUint8Array(privateKey.d) - }; -} - -async function nodeGenKeyPair(name) { - // Note: ECDSA and ECDH key generation is structurally equivalent - const ecdh = nodeCrypto$7.createECDH(nodeCurves[name]); - await ecdh.generateKeys(); - return { - publicKey: new Uint8Array(ecdh.getPublicKey()), - privateKey: new Uint8Array(ecdh.getPrivateKey()) - }; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -/** - * @param {JsonWebKey} jwk - key for conversion - * - * @returns {Uint8Array} Raw public key. - */ -function jwkToRawPublic(jwk) { - const bufX = b64ToUint8Array(jwk.x); - const bufY = b64ToUint8Array(jwk.y); - const publicKey = new Uint8Array(bufX.length + bufY.length + 1); - publicKey[0] = 0x04; - publicKey.set(bufX, 1); - publicKey.set(bufY, bufX.length + 1); - return publicKey; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * - * @returns {JsonWebKey} Public key in jwk format. - */ -function rawPublicToJWK(payloadSize, name, publicKey) { - const len = payloadSize; - const bufX = publicKey.slice(1, len + 1); - const bufY = publicKey.slice(len + 1, len * 2 + 1); - // https://www.rfc-editor.org/rfc/rfc7518.txt - const jwk = { - kty: 'EC', - crv: name, - x: uint8ArrayToB64(bufX, true), - y: uint8ArrayToB64(bufY, true), - ext: true - }; - return jwk; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * @param {Uint8Array} privateKey - private key - * - * @returns {JsonWebKey} Private key in jwk format. - */ -function privateToJWK$1(payloadSize, name, publicKey, privateKey) { - const jwk = rawPublicToJWK(payloadSize, name, publicKey); - jwk.d = uint8ArrayToB64(privateKey, true); - return jwk; -} - -const webCrypto$7 = util.getWebCrypto(); -const nodeCrypto$8 = util.getNodeCrypto(); - -/** - * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$1(oid, hashAlgo, message, publicKey, privateKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - const keyPair = { publicKey, privateKey }; - switch (curve.type) { - case 'web': { - // If browser doesn't support a curve, we'll catch it - try { - // Need to await to make sure browser succeeds - return await webSign$1(curve, hashAlgo, message, keyPair); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunaley Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support signing: ' + err.message); - } - break; - } - case 'node': { - const signature = await nodeSign$1(curve, hashAlgo, message, keyPair); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - } - } - return ellipticSign(curve, hashed, privateKey); -} - -/** - * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify - * @param {Uint8Array} message - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$1(oid, hashAlgo, signature, message, publicKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - switch (curve.type) { - case 'web': - try { - // Need to await to make sure browser succeeds - return await webVerify$1(curve, hashAlgo, signature, message, publicKey); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunately Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support verifying: ' + err.message); - } - break; - case 'node': - return nodeVerify$1(curve, hashAlgo, signature, message, publicKey); - } - } - const digest = (typeof hashAlgo === 'undefined') ? message : hashed; - return ellipticVerify(curve, signature, digest, publicKey); -} - -/** - * Validate ECDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDSA public point - * @param {Uint8Array} d - ECDSA secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$2(oid, Q, d) { - const curve = new CurveWithOID(oid); - // Reject curves x25519 and ed25519 - if (curve.keyType !== enums.publicKey.ecdsa) { - return false; - } - - // To speed up the validation, we try to use node- or webcrypto when available - // and sign + verify a random message - switch (curve.type) { - case 'web': - case 'node': { - const message = getRandomBytes(8); - const hashAlgo = enums.hash.sha256; - const hashed = await hash.digest(hashAlgo, message); - try { - const signature = await sign$1(oid, hashAlgo, message, Q, d, hashed); - return await verify$1(oid, hashAlgo, signature, message, Q, hashed); - } catch (err) { - return false; - } - } - default: - return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); - } -} - - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -async function ellipticSign(curve, hashed, privateKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPrivate(indutnyCurve, privateKey); - const signature = key.sign(hashed); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; -} - -async function ellipticVerify(curve, signature, digest, publicKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPublic(indutnyCurve, publicKey); - return key.verify(digest, signature); -} - -async function webSign$1(curve, hashAlgo, message, keyPair) { - const len = curve.payloadSize; - const jwk = privateToJWK$1(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['sign'] - ); - - const signature = new Uint8Array(await webCrypto$7.sign( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - message - )); - - return { - r: signature.slice(0, len), - s: signature.slice(len, len << 1) - }; -} - -async function webVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['verify'] - ); - - const signature = util.concatUint8Array([r, s]).buffer; - - return webCrypto$7.verify( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - signature, - message - ); -} - -async function nodeSign$1(curve, hashAlgo, message, keyPair) { - const sign = nodeCrypto$8.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(message); - sign.end(); - const key = ECPrivateKey.encode({ - version: 1, - parameters: curve.oid, - privateKey: Array.from(keyPair.privateKey), - publicKey: { unused: 0, data: Array.from(keyPair.publicKey) } - }, 'pem', { - label: 'EC PRIVATE KEY' - }); - - return ECDSASignature.decode(sign.sign(key), 'der'); -} - -async function nodeVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$8.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(message); - verify.end(); - const key = SubjectPublicKeyInfo.encode({ - algorithm: { - algorithm: [1, 2, 840, 10045, 2, 1], - parameters: curve.oid - }, - subjectPublicKey: { unused: 0, data: Array.from(publicKey) } - }, 'pem', { - label: 'PUBLIC KEY' - }); - const signature = ECDSASignature.encode({ - r: new BN(r), s: new BN(s) - }, 'der'); - - try { - return verify.verify(key, signature); - } catch (err) { - return false; - } -} - -// Originally written by Owen Smith https://github.com/omsmith -// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/ - -/* eslint-disable no-invalid-this */ - -const asn1$1 = nodeCrypto$8 ? asn1$2 : undefined; - -const ECDSASignature = nodeCrypto$8 ? - asn1$1.define('ECDSASignature', function() { - this.seq().obj( - this.key('r').int(), - this.key('s').int() - ); - }) : undefined; - -const ECPrivateKey = nodeCrypto$8 ? - asn1$1.define('ECPrivateKey', function() { - this.seq().obj( - this.key('version').int(), - this.key('privateKey').octstr(), - this.key('parameters').explicit(0).optional().any(), - this.key('publicKey').explicit(1).optional().bitstr() - ); - }) : undefined; - -const AlgorithmIdentifier = nodeCrypto$8 ? - asn1$1.define('AlgorithmIdentifier', function() { - this.seq().obj( - this.key('algorithm').objid(), - this.key('parameters').optional().any() - ); - }) : undefined; - -const SubjectPublicKeyInfo = nodeCrypto$8 ? - asn1$1.define('SubjectPublicKeyInfo', function() { - this.seq().obj( - this.key('algorithm').use(AlgorithmIdentifier), - this.key('subjectPublicKey').bitstr() - ); - }) : undefined; - -var ecdsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$1, - verify: verify$1, - validateParams: validateParams$2 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Sign a message using the provided legacy EdDSA key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$2(oid, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; -} - -/** - * Verifies if a legacy EdDSA signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$2(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const signature = util.concatUint8Array([r, s]); - return naclFastLight.sign.detached.verify(hashed, signature, publicKey.subarray(1)); -} -/** - * Validate legacy EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point - * @param {Uint8Array} k - EdDSA secret seed - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$3(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } - - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); - -} - -var eddsa_legacy = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$2, - verify: verify$2, - validateParams: validateParams$3 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Generate (non-legacy) EdDSA key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} - */ -async function generate$2(algo) { - switch (algo) { - case enums.publicKey.ed25519: { - const seed = getRandomBytes(32); - const { publicKey: A } = naclFastLight.sign.keyPair.fromSeed(seed); - return { A, seed }; - } - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} - -/** - * Sign a message using the provided key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * RS: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$3(algo, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - const secretKey = util.concatUint8Array([privateKey, publicKey]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - return { RS: signature }; - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - -} - -/** - * Verifies if a signature is valid for a message - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{ RS: Uint8Array }} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$3(algo, hashAlgo, { RS }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - return naclFastLight.sign.detached.verify(hashed, RS, publicKey); - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} -/** - * Validate (non-legacy) EdDSA parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - EdDSA public point - * @param {Uint8Array} seed - EdDSA secret seed - * @param {Uint8Array} oid - (legacy only) EdDSA OID - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$4(algo, A, seed) { - switch (algo) { - case enums.publicKey.ed25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(seed); - return util.equalsUint8Array(A, publicKey); - } - - case enums.publicKey.ed448: // unsupported - default: - return false; - } -} - -function getPreferredHashAlgo$1(algo) { - switch (algo) { - case enums.publicKey.ed25519: - return enums.hash.sha256; - default: - throw new Error('Unknown EdDSA algo'); - } -} - -var eddsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$2, - sign: sign$3, - verify: verify$3, - validateParams: validateParams$4, - getPreferredHashAlgo: getPreferredHashAlgo$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * AES key wrap - * @function - * @param {Uint8Array} key - * @param {Uint8Array} data - * @returns {Uint8Array} - */ -function wrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const P = unpack(data); - let A = IV; - const R = P; - const n = P.length / 2; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 0; j <= 5; ++j) { - for (let i = 0; i < n; ++i) { - t[1] = n * j + (1 + i); - // B = A - B[0] = A[0]; - B[1] = A[1]; - // B = A || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES(K, B) - B = unpack(aes.encrypt(pack(B))); - // A = MSB(64, B) ^ t - A = B.subarray(0, 2); - A[0] ^= t[0]; - A[1] ^= t[1]; - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - return pack(A, R); -} - -/** - * AES key unwrap - * @function - * @param {String} key - * @param {String} data - * @returns {Uint8Array} - * @throws {Error} - */ -function unwrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const C = unpack(data); - let A = C.subarray(0, 2); - const R = C.subarray(2); - const n = C.length / 2 - 1; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 5; j >= 0; --j) { - for (let i = n - 1; i >= 0; --i) { - t[1] = n * j + (i + 1); - // B = A ^ t - B[0] = A[0] ^ t[0]; - B[1] = A[1] ^ t[1]; - // B = (A ^ t) || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES-1(B) - B = unpack(aes.decrypt(pack(B))); - // A = MSB(64, B) - A = B.subarray(0, 2); - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - if (A[0] === IV[0] && A[1] === IV[1]) { - return pack(R); - } - throw new Error('Key Data Integrity failed'); -} - -function createArrayBuffer(data) { - if (util.isString(data)) { - const { length } = data; - const buffer = new ArrayBuffer(length); - const view = new Uint8Array(buffer); - for (let j = 0; j < length; ++j) { - view[j] = data.charCodeAt(j); - } - return buffer; - } - return new Uint8Array(data).buffer; -} - -function unpack(data) { - const { length } = data; - const buffer = createArrayBuffer(data); - const view = new DataView(buffer); - const arr = new Uint32Array(length / 4); - for (let i = 0; i < length / 4; ++i) { - arr[i] = view.getUint32(4 * i); - } - return arr; -} - -function pack() { - let length = 0; - for (let k = 0; k < arguments.length; ++k) { - length += 4 * arguments[k].length; - } - const buffer = new ArrayBuffer(length); - const view = new DataView(buffer); - let offset = 0; - for (let i = 0; i < arguments.length; ++i) { - for (let j = 0; j < arguments[i].length; ++j) { - view.setUint32(offset + 4 * j, arguments[i][j]); - } - offset += 4 * arguments[i].length; - } - return new Uint8Array(buffer); -} - -var aesKW = /*#__PURE__*/Object.freeze({ - __proto__: null, - wrap: wrap, - unwrap: unwrap -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * @fileoverview Functions to add and remove PKCS5 padding - * @see PublicKeyEncryptedSessionKeyPacket - * @module crypto/pkcs5 - * @private - */ - -/** - * Add pkcs5 padding to a message - * @param {Uint8Array} message - message to pad - * @returns {Uint8Array} Padded message. - */ -function encode$1(message) { - const c = 8 - (message.length % 8); - const padded = new Uint8Array(message.length + c).fill(c); - padded.set(message); - return padded; -} - -/** - * Remove pkcs5 padding from a message - * @param {Uint8Array} message - message to remove padding from - * @returns {Uint8Array} Message without padding. - */ -function decode$1(message) { - const len = message.length; - if (len > 0) { - const c = message[len - 1]; - if (c >= 1) { - const provided = message.subarray(len - c); - const computed = new Uint8Array(c).fill(c); - if (util.equalsUint8Array(provided, computed)) { - return message.subarray(0, len - c); - } - } - } - throw new Error('Invalid padding'); -} - -var pkcs5 = /*#__PURE__*/Object.freeze({ - __proto__: null, - encode: encode$1, - decode: decode$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$8 = util.getWebCrypto(); -const nodeCrypto$9 = util.getNodeCrypto(); - -/** - * Validate ECDH parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDH public point - * @param {Uint8Array} d - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$5(oid, Q, d) { - return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); -} - -// Build Param for ECDH algorithm (RFC 6637) -function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { - return util.concatUint8Array([ - oid.write(), - new Uint8Array([public_algo]), - kdfParams.write(), - util.stringToUint8Array('Anonymous Sender '), - fingerprint.subarray(0, 20) - ]); -} - -// Key Derivation Function (RFC 6637) -async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { - // Note: X is little endian for Curve25519, big-endian for all others. - // This is not ideal, but the RFC's are unclear - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - let i; - if (stripLeading) { - // Work around old go crypto bug - for (i = 0; i < X.length && X[i] === 0; i++); - X = X.subarray(i); - } - if (stripTrailing) { - // Work around old OpenPGP.js bug - for (i = X.length - 1; i >= 0 && X[i] === 0; i--); - X = X.subarray(0, i + 1); - } - const digest = await hash.digest(hashAlgo, util.concatUint8Array([ - new Uint8Array([0, 0, 0, 1]), - X, - param - ])); - return digest.subarray(0, length); -} - -/** - * Generate ECDHE ephemeral key and secret from public key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPublicEphemeralKey(curve, Q) { - switch (curve.type) { - case 'curve25519': { - const d = getRandomBytes(32); - const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d); - let { publicKey } = naclFastLight.box.keyPair.fromSecretKey(secretKey); - publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]); - return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPublicEphemeralKey(curve, Q); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePublicEphemeralKey(curve, Q); - } - return ellipticPublicEphemeralKey(curve, Q); -} - -/** - * Encrypt and wrap a session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} data - Unpadded session key data - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} - * @async - */ -async function encrypt$3(oid, kdfParams, data, Q, fingerprint) { - const m = encode$1(data); - - const curve = new CurveWithOID(oid); - const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); - const wrappedKey = wrap(Z, m); - return { publicKey, wrappedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPrivateEphemeralKey(curve, V, Q, d) { - if (d.length !== curve.payloadSize) { - const privateKey = new Uint8Array(curve.payloadSize); - privateKey.set(d, curve.payloadSize - d.length); - d = privateKey; - } - switch (curve.type) { - case 'curve25519': { - const secretKey = d.slice().reverse(); - const sharedKey = naclFastLight.scalarMult(secretKey, V.subarray(1)); - return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPrivateEphemeralKey(curve, V, Q, d); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePrivateEphemeralKey(curve, V, d); - } - return ellipticPrivateEphemeralKey(curve, V, d); -} - -/** - * Decrypt and unwrap the value derived from session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} C - Encrypted and wrapped value derived from session key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Value derived from session key. - * @async - */ -async function decrypt$3(oid, kdfParams, V, C, Q, d, fingerprint) { - const curve = new CurveWithOID(oid); - const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - let err; - for (let i = 0; i < 3; i++) { - try { - // Work around old go crypto bug and old OpenPGP.js bug, respectively. - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); - return decode$1(unwrap(Z, C)); - } catch (e) { - err = e; - } - } - throw err; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPrivateEphemeralKey(curve, V, Q, d) { - const recipient = privateToJWK$1(curve.payloadSize, curve.web.web, Q, d); - let privateKey = webCrypto$8.importKey( - 'jwk', - recipient, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V); - let sender = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - [] - ); - [privateKey, sender] = await Promise.all([privateKey, sender]); - let S = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: sender - }, - privateKey, - curve.web.sharedSize - ); - let secret = webCrypto$8.exportKey( - 'jwk', - privateKey - ); - [S, secret] = await Promise.all([S, secret]); - const sharedKey = new Uint8Array(S); - const secretKey = b64ToUint8Array(secret.d); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPublicEphemeralKey(curve, Q) { - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q); - let keyPair = webCrypto$8.generateKey( - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - let recipient = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - false, - [] - ); - [keyPair, recipient] = await Promise.all([keyPair, recipient]); - let s = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: recipient - }, - keyPair.privateKey, - curve.web.sharedSize - ); - let p = webCrypto$8.exportKey( - 'jwk', - keyPair.publicKey - ); - [s, p] = await Promise.all([s, p]); - const sharedKey = new Uint8Array(s); - const publicKey = new Uint8Array(jwkToRawPublic(p)); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPrivateEphemeralKey(curve, V, d) { - const indutnyCurve = await getIndutnyCurve(curve.name); - V = keyFromPublic(indutnyCurve, V); - d = keyFromPrivate(indutnyCurve, d); - const secretKey = new Uint8Array(d.getPrivate()); - const S = d.derive(V.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPublicEphemeralKey(curve, Q) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const v = await curve.genKeyPair(); - Q = keyFromPublic(indutnyCurve, Q); - const V = keyFromPrivate(indutnyCurve, v.privateKey); - const publicKey = v.publicKey; - const S = V.derive(Q.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePrivateEphemeralKey(curve, V, d) { - const recipient = nodeCrypto$9.createECDH(curve.node.node); - recipient.setPrivateKey(d); - const sharedKey = new Uint8Array(recipient.computeSecret(V)); - const secretKey = new Uint8Array(recipient.getPrivateKey()); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePublicEphemeralKey(curve, Q) { - const sender = nodeCrypto$9.createECDH(curve.node.node); - sender.generateKeys(); - const sharedKey = new Uint8Array(sender.computeSecret(Q)); - const publicKey = new Uint8Array(sender.getPublicKey()); - return { publicKey, sharedKey }; -} - -var ecdh = /*#__PURE__*/Object.freeze({ - __proto__: null, - validateParams: validateParams$5, - encrypt: encrypt$3, - decrypt: decrypt$3 -}); - -/** - * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. - * @module crypto/hkdf - * @private - */ - -const webCrypto$9 = util.getWebCrypto(); -const nodeCrypto$a = util.getNodeCrypto(); -const nodeSubtleCrypto = nodeCrypto$a && nodeCrypto$a.webcrypto && nodeCrypto$a.webcrypto.subtle; - -async function HKDF(hashAlgo, inputKey, salt, info, outLen) { - const hash = enums.read(enums.webHash, hashAlgo); - if (!hash) throw new Error('Hash algo not supported with HKDF'); - - if (webCrypto$9 || nodeSubtleCrypto) { - const crypto = webCrypto$9 || nodeSubtleCrypto; - const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); - const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); - return new Uint8Array(bits); - } - - if (nodeCrypto$a) { - const hashAlgoName = enums.read(enums.hash, hashAlgo); - // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869 - - const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto$a.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest(); - // Step 1: Extract - // PRK = HMAC-Hash(salt, IKM) - const pseudoRandomKey = computeHMAC(salt, inputKey); - - const hashLen = pseudoRandomKey.length; - - // Step 2: Expand - // HKDF-Expand(PRK, info, L) -> OKM - const n = Math.ceil(outLen / hashLen); - const outputKeyingMaterial = new Uint8Array(n * hashLen); - - // HMAC input buffer updated at each iteration - const roundInput = new Uint8Array(hashLen + info.length + 1); - // T_i and last byte are updated at each iteration, but `info` remains constant - roundInput.set(info, hashLen); - - for (let i = 0; i < n; i++) { - // T(0) = empty string (zero length) - // T(i) = HMAC-Hash(PRK, T(i-1) | info | i) - roundInput[roundInput.length - 1] = i + 1; - // t = T(i+1) - const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen)); - roundInput.set(t, 0); - - outputKeyingMaterial.set(t, i * hashLen); - } - - return outputKeyingMaterial.subarray(0, outLen); - } - - throw new Error('No HKDF implementation available'); -} - -/** - * @fileoverview Key encryption and decryption for RFC 6637 ECDH - * @module crypto/public_key/elliptic/ecdh - * @private - */ - -const HKDF_INFO = { - x25519: util.encodeUTF8('OpenPGP X25519') -}; - -/** - * Generate ECDH key for Montgomery curves - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} - */ -async function generate$3(algo) { - switch (algo) { - case enums.publicKey.x25519: { - // k stays in little-endian, unlike legacy ECDH over curve25519 - const k = getRandomBytes(32); - const { publicKey: A } = naclFastLight.box.keyPair.fromSecretKey(k); - return { A, k }; - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** -* Validate ECDH parameters -* @param {module:enums.publicKey} algo - Algorithm identifier -* @param {Uint8Array} A - ECDH public point -* @param {Uint8Array} k - ECDH secret scalar -* @returns {Promise} Whether params are valid. -* @async -*/ -async function validateParams$6(algo, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(k); - return util.equalsUint8Array(A, publicKey); - } - - default: - return false; - } -} - -/** - * Wrap and encrypt a session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} data - session key data to be encrypted - * @param {Uint8Array} recipientA - Recipient public key (K_B) - * @returns {Promise<{ - * ephemeralPublicKey: Uint8Array, - * wrappedKey: Uint8Array - * }>} ephemeral public key (K_A) and encrypted key - * @async - */ -async function encrypt$4(algo, data, recipientA) { - switch (algo) { - case enums.publicKey.x25519: { - const ephemeralSecretKey = getRandomBytes(32); - const sharedSecret = naclFastLight.scalarMult(ephemeralSecretKey, recipientA); - const { publicKey: ephemeralPublicKey } = naclFastLight.box.keyPair.fromSecretKey(ephemeralSecretKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - recipientA, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - const wrappedKey = wrap(encryptionKey, data); - return { ephemeralPublicKey, wrappedKey }; - } - - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** - * Decrypt and unwrap the session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} ephemeralPublicKey - (K_A) - * @param {Uint8Array} wrappedKey, - * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF - * @param {Uint8Array} k - Recipient secret key (b) - * @returns {Promise} decrypted session key data - * @async - */ -async function decrypt$4(algo, ephemeralPublicKey, wrappedKey, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - const sharedSecret = naclFastLight.scalarMult(k, ephemeralPublicKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - A, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - return unwrap(encryptionKey, wrappedKey); - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -var ecdh_x = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$3, - validateParams: validateParams$6, - encrypt: encrypt$4, - decrypt: decrypt$4 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -var elliptic = /*#__PURE__*/Object.freeze({ - __proto__: null, - CurveWithOID: CurveWithOID, - ecdh: ecdh, - ecdhX: ecdh_x, - ecdsa: ecdsa, - eddsaLegacy: eddsa_legacy, - eddsa: eddsa, - generate: generate$1, - getPreferredHashAlgo: getPreferredHashAlgo -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/* - TODO regarding the hash function, read: - https://tools.ietf.org/html/rfc4880#section-13.6 - https://tools.ietf.org/html/rfc4880#section-14 -*/ - -/** - * DSA Sign function - * @param {Integer} hashAlgo - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} x - * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} - * @async - */ -async function sign$4(hashAlgo, hashed, g, p, q, x) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - x = new BigInteger(x); - - let k; - let r; - let s; - let t; - g = g.mod(p); - x = x.mod(q); - // If the output size of the chosen hash is larger than the number of - // bits of q, the hash result is truncated to fit by taking the number - // of leftmost bits equal to the number of bits of q. This (possibly - // truncated) hash function result is treated as a number and used - // directly in the DSA signature algorithm. - const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q); - // FIPS-186-4, section 4.6: - // The values of r and s shall be checked to determine if r = 0 or s = 0. - // If either r = 0 or s = 0, a new value of k shall be generated, and the - // signature shall be recalculated. It is extremely unlikely that r = 0 - // or s = 0 if signatures are generated properly. - while (true) { - // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - k = await getRandomBigInteger(one, q); // returns in [1, q-1] - r = g.modExp(k, p).imod(q); // (g**k mod p) mod q - if (r.isZero()) { - continue; - } - const xr = x.mul(r).imod(q); - t = h.add(xr).imod(q); // H(m) + x*r mod q - s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q - if (s.isZero()) { - continue; - } - break; - } - return { - r: r.toUint8Array('be', q.byteLength()), - s: s.toUint8Array('be', q.byteLength()) - }; -} - -/** - * DSA Verify function - * @param {Integer} hashAlgo - * @param {Uint8Array} r - * @param {Uint8Array} s - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} y - * @returns {boolean} - * @async - */ -async function verify$4(hashAlgo, r, s, hashed, g, p, q, y) { - const BigInteger = await util.getBigInteger(); - const zero = new BigInteger(0); - r = new BigInteger(r); - s = new BigInteger(s); - - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - - if (r.lte(zero) || r.gte(q) || - s.lte(zero) || s.gte(q)) { - util.printDebug('invalid DSA Signature'); - return false; - } - const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q); - const w = s.modInv(q); // s**-1 mod q - if (w.isZero()) { - util.printDebug('invalid DSA Signature'); - return false; - } - - g = g.mod(p); - y = y.mod(p); - const u1 = h.mul(w).imod(q); // H(m) * w mod q - const u2 = r.mul(w).imod(q); // r * w mod q - const t1 = g.modExp(u1, p); // g**u1 mod p - const t2 = y.modExp(u2, p); // y**u2 mod p - const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q - return v.equal(r); -} - -/** - * Validate DSA parameters - * @param {Uint8Array} p - DSA prime - * @param {Uint8Array} q - DSA group order - * @param {Uint8Array} g - DSA sub-group generator - * @param {Uint8Array} y - DSA public key - * @param {Uint8Array} x - DSA private key - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$7(p, q, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - /** - * Check that subgroup order q divides p-1 - */ - if (!p.dec().mod(q).isZero()) { - return false; - } - - /** - * g has order q - * Check that g ** q = 1 mod p - */ - if (!g.modExp(q, p).isOne()) { - return false; - } - - /** - * Check q is large and probably prime (we mainly want to avoid small factors) - */ - const qSize = new BigInteger(q.bitLength()); - const n150 = new BigInteger(150); - if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) { - return false; - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{rq + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q - const rqx = q.mul(r).add(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var dsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$4, - verify: verify$4, - validateParams: validateParams$7 -}); - -/** - * @fileoverview Asymmetric cryptography functions - * @module crypto/public_key - * @private - */ - -var publicKey = { - /** @see module:crypto/public_key/rsa */ - rsa: rsa, - /** @see module:crypto/public_key/elgamal */ - elgamal: elgamal, - /** @see module:crypto/public_key/elliptic */ - elliptic: elliptic, - /** @see module:crypto/public_key/dsa */ - dsa: dsa, - /** @see tweetnacl */ - nacl: naclFastLight -}; - -/** - * @fileoverview Provides functions for asymmetric signing and signature verification - * @module crypto/signature - * @private - */ - -/** - * Parse signature in binary form to get the parameters. - * The returned values are only padded for EdDSA, since in the other cases their expected length - * depends on the key params, hence we delegate the padding to the signature verification function. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Uint8Array} signature - Data for which the signature was created - * @returns {Promise} True if signature is valid. - * @async - */ -function parseSignatureParams(algo, signature) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA signatures: - // - MPI of RSA signature value m**d mod n. - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const s = util.readMPI(signature.subarray(read)); - // The signature needs to be the same length as the public key modulo n. - // We pad s on signature verification, where we have access to n. - return { s }; - } - // Algorithm-Specific Fields for DSA or ECDSA signatures: - // - MPI of DSA or ECDSA value r. - // - MPI of DSA or ECDSA value s. - case enums.publicKey.dsa: - case enums.publicKey.ecdsa: - { - const r = util.readMPI(signature.subarray(read)); read += r.length + 2; - const s = util.readMPI(signature.subarray(read)); - return { r, s }; - } - // Algorithm-Specific Fields for legacy EdDSA signatures: - // - MPI of an EC point r. - // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsaLegacy: { - // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: - // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 - let r = util.readMPI(signature.subarray(read)); read += r.length + 2; - r = util.leftPad(r, 32); - let s = util.readMPI(signature.subarray(read)); - s = util.leftPad(s, 32); - return { r, s }; - } - // Algorithm-Specific Fields for Ed25519 signatures: - // - 64 octets of the native signature - case enums.publicKey.ed25519: { - const RS = signature.subarray(read, read + 64); read += RS.length; - return { RS }; - } - default: - throw new UnsupportedError('Unknown signature algorithm.'); - } -} - -/** - * Verifies the signature provided for data using specified algorithms and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} signature - Named algorithm-specific signature parameters - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Data for which the signature was created - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} True if signature is valid. - * @async - */ -async function verify$5(algo, hashAlgo, signature, publicParams, data, hashed) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto - return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); - } - case enums.publicKey.dsa: { - const { g, p, q, y } = publicParams; - const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers - return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicParams; - const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; - // padding needed for webcrypto - const r = util.leftPad(signature.r, curveSize); - const s = util.leftPad(signature.s, curveSize); - return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicParams; - // signature already padded on parsing - return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -/** - * Creates a signature on data using specified algorithms and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters - * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters - * @param {Uint8Array} data - Data to be signed - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} Signature Object containing named signature parameters. - * @async - */ -async function sign$5(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { - if (!publicKeyParams || !privateKeyParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); - return { s }; - } - case enums.publicKey.dsa: { - const { g, p, q } = publicKeyParams; - const { x } = privateKeyParams; - return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); - } - case enums.publicKey.elgamal: { - throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicKeyParams; - const { d } = privateKeyParams; - return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -var signature = /*#__PURE__*/Object.freeze({ - __proto__: null, - parseSignatureParams: parseSignatureParams, - verify: verify$5, - sign: sign$5 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class ECDHSymmetricKey { - constructor(data) { - if (data) { - this.data = data; - } - } - - /** - * Read an ECDHSymmetricKey from an Uint8Array: - * - 1 octect for the length `l` - * - `l` octects of encoded session key data - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - if (bytes.length >= 1) { - const length = bytes[0]; - if (bytes.length >= 1 + length) { - this.data = bytes.subarray(1, 1 + length); - return 1 + this.data.length; - } - } - throw new Error('Invalid symmetric key'); - } - - /** - * Write an ECDHSymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Implementation of type KDF parameters - * - * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: - * A key derivation function (KDF) is necessary to implement the EC - * encryption. The Concatenation Key Derivation Function (Approved - * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is - * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. - * @module type/kdf_params - * @private - */ - -class KDFParams { - /** - * @param {enums.hash} hash - Hash algorithm - * @param {enums.symmetric} cipher - Symmetric algorithm - */ - constructor(data) { - if (data) { - const { hash, cipher } = data; - this.hash = hash; - this.cipher = cipher; - } else { - this.hash = null; - this.cipher = null; - } - } - - /** - * Read KDFParams from an Uint8Array - * @param {Uint8Array} input - Where to read the KDFParams from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { - throw new UnsupportedError('Cannot read KDFParams'); - } - this.hash = input[2]; - this.cipher = input[3]; - return 4; - } - - /** - * Write KDFParams to an Uint8Array - * @returns {Uint8Array} Array with the KDFParams value - */ - write() { - return new Uint8Array([3, 1, this.hash, this.cipher]); - } -} - -/** - * Encoded symmetric key for x25519 and x448 - * The payload format varies for v3 and v6 PKESK: - * the former includes an algorithm byte preceeding the encrypted session key. - * - * @module type/x25519x448_symkey - */ - -class ECDHXSymmetricKey { - static fromObject({ wrappedKey, algorithm }) { - const instance = new ECDHXSymmetricKey(); - instance.wrappedKey = wrappedKey; - instance.algorithm = algorithm; - return instance; - } - - /** - * - 1 octect for the length `l` - * - `l` octects of encoded session key data (with optional leading algorithm byte) - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - let read = 0; - let followLength = bytes[read++]; - this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even - followLength -= followLength % 2; - this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength; - } - - /** - * Write an MontgomerySymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([ - this.algorithm ? - new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : - new Uint8Array([this.wrappedKey.length]), - this.wrappedKey - ]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Encrypts data using specified algorithm and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. - * @param {module:enums.publicKey} keyAlgo - Public key algorithm - * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Session key data to be encrypted - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Encrypted session key parameters. - * @async - */ -async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const { n, e } = publicParams; - const c = await publicKey.rsa.encrypt(data, n, e); - return { c }; - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - return publicKey.elgamal.encrypt(data, p, g, y); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicParams; - const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( - oid, kdfParams, data, Q, fingerprint); - return { V, C: new ECDHSymmetricKey(C) }; - } - case enums.publicKey.x25519: { - if (!util.isAES(symmetricAlgo)) { - // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 - throw new Error('X25519 keys can only encrypt AES session keys'); - } - const { A } = publicParams; - const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( - keyAlgo, data, A); - const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); - return { ephemeralPublicKey, C }; - } - default: - return []; - } -} - -/** - * Decrypts data using specified algorithm and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Object} publicKeyParams - Algorithm-specific public key parameters - * @param {Object} privateKeyParams - Algorithm-specific private key parameters - * @param {Object} sessionKeyParams - Encrypted session key parameters - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing - * (needed for constant-time processing in RSA and ElGamal) - * @returns {Promise} Decrypted data. - * @throws {Error} on sensitive decryption error, unless `randomPayload` is given - * @async - */ -async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: { - const { c } = sessionKeyParams; - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); - } - case enums.publicKey.elgamal: { - const { c1, c2 } = sessionKeyParams; - const p = publicKeyParams.p; - const x = privateKeyParams.x; - return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicKeyParams; - const { d } = privateKeyParams; - const { V, C } = sessionKeyParams; - return publicKey.elliptic.ecdh.decrypt( - oid, kdfParams, V, C.data, Q, d, fingerprint); - } - case enums.publicKey.x25519: { - const { A } = publicKeyParams; - const { k } = privateKeyParams; - const { ephemeralPublicKey, C } = sessionKeyParams; - if (!util.isAES(C.algorithm)) { - throw new Error('AES session key expected'); - } - return publicKey.elliptic.ecdhX.decrypt( - algo, ephemeralPublicKey, C.wrappedKey, A, k); - } - default: - throw new Error('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse public key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. - */ -function parsePublicKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; - const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; - return { read, publicParams: { n, e } }; - } - case enums.publicKey.dsa: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, q, g, y } }; - } - case enums.publicKey.elgamal: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, g, y } }; - } - case enums.publicKey.ecdsa: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.eddsaLegacy: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - Q = util.leftPad(Q, 33); - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.ecdh: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); - return { read: read, publicParams: { oid, Q, kdfParams } }; - } - case enums.publicKey.ed25519: - case enums.publicKey.x25519: { - const A = bytes.subarray(read, read + 32); read += A.length; - return { read, publicParams: { A } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse private key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @param {Object} publicParams - (ECC only) public params, needed to format some private params - * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. - */ -function parsePrivateKeyParams(algo, bytes, publicParams) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; - return { read, privateParams: { d, p, q, u } }; - } - case enums.publicKey.dsa: - case enums.publicKey.elgamal: { - const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; - return { read, privateParams: { x } }; - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const curve = new CurveWithOID(publicParams.oid); - let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - d = util.leftPad(d, curve.payloadSize); - return { read, privateParams: { d } }; - } - case enums.publicKey.eddsaLegacy: { - const curve = new CurveWithOID(publicParams.oid); - let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; - seed = util.leftPad(seed, curve.payloadSize); - return { read, privateParams: { seed } }; - } - case enums.publicKey.ed25519: { - const seed = bytes.subarray(read, read + 32); read += seed.length; - return { read, privateParams: { seed } }; - } - case enums.publicKey.x25519: { - const k = bytes.subarray(read, read + 32); read += k.length; - return { read, privateParams: { k } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** Returns the types comprising the encrypted session key of an algorithm - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {Object} The session key parameters referenced by name. - */ -function parseEncSessionKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA encrypted session keys: - // - MPI of RSA encrypted value m**e mod n. - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const c = util.readMPI(bytes.subarray(read)); - return { c }; - } - - // Algorithm-Specific Fields for Elgamal encrypted session keys: - // - MPI of Elgamal value g**k mod p - // - MPI of Elgamal value m * y**k mod p - case enums.publicKey.elgamal: { - const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; - const c2 = util.readMPI(bytes.subarray(read)); - return { c1, c2 }; - } - // Algorithm-Specific Fields for ECDH encrypted session keys: - // - MPI containing the ephemeral key used to establish the shared secret - // - ECDH Symmetric Key - case enums.publicKey.ecdh: { - const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; - const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); - return { V, C }; - } - // Algorithm-Specific Fields for X25519 encrypted session keys: - // - 32 octets representing an ephemeral X25519 public key. - // - A one-octet size of the following fields. - // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - // - The encrypted session key. - case enums.publicKey.x25519: { - const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length; - const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); - return { ephemeralPublicKey, C }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Convert params to MPI and serializes them in the proper order - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} params - The key parameters indexed by name - * @returns {Uint8Array} The array containing the MPIs. - */ -function serializeParams(algo, params) { - // Some algorithms do not rely on MPIs to store the binary params - const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]); - const orderedParams = Object.keys(params).map(name => { - const param = params[name]; - if (!util.isUint8Array(param)) return param.write(); - return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); - }); - return util.concatUint8Array(orderedParams); -} - -/** - * Generate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Integer} bits - Bit length for RSA keys - * @param {module:type/oid} oid - Object identifier for ECC keys - * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. - * @async - */ -function generateParams(algo, bits, oid) { - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ - privateParams: { d, p, q, u }, - publicParams: { n, e } - })); - } - case enums.publicKey.ecdsa: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { d: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { seed: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.ecdh: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ - privateParams: { d: secret }, - publicParams: { - oid: new OID(oid), - Q, - kdfParams: new KDFParams({ hash, cipher }) - } - })); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ - privateParams: { seed }, - publicParams: { A } - })); - case enums.publicKey.x25519: - return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ - privateParams: { k }, - publicParams: { A } - })); - case enums.publicKey.dsa: - case enums.publicKey.elgamal: - throw new Error('Unsupported algorithm for key generation.'); - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Validate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Object} privateParams - Algorithm-specific private key parameters - * @returns {Promise} Whether the parameters are valid. - * @async - */ -async function validateParams$8(algo, publicParams, privateParams) { - if (!publicParams || !privateParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const { d, p, q, u } = privateParams; - return publicKey.rsa.validateParams(n, e, d, p, q, u); - } - case enums.publicKey.dsa: { - const { p, q, g, y } = publicParams; - const { x } = privateParams; - return publicKey.dsa.validateParams(p, q, g, y, x); - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - const { x } = privateParams; - return publicKey.elgamal.validateParams(p, g, y, x); - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; - const { oid, Q } = publicParams; - const { d } = privateParams; - return algoModule.validateParams(oid, Q, d); - } - case enums.publicKey.eddsaLegacy: { - const { Q, oid } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(algo, A, seed); - } - case enums.publicKey.x25519: { - const { A } = publicParams; - const { k } = privateParams; - return publicKey.elliptic.ecdhX.validateParams(algo, A, k); - } - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Generates a random byte prefix for the specified algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. - * @async - */ -async function getPrefixRandom(algo) { - const { blockSize } = getCipher(algo); - const prefixrandom = await getRandomBytes(blockSize); - const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); - return util.concat([prefixrandom, repeat]); -} - -/** - * Generating a session key for the specified symmetric algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Uint8Array} Random bytes as a string to be used as a key. - */ -function generateSessionKey(algo) { - const { keySize } = getCipher(algo); - return getRandomBytes(keySize); -} - -/** - * Get implementation of the given AEAD mode - * @param {enums.aead} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getAEADMode(algo) { - const algoName = enums.read(enums.aead, algo); - return mode[algoName]; -} - -/** - * Check whether the given curve OID is supported - * @param {module:type/oid} oid - EC object identifier - * @throws {UnsupportedError} if curve is not supported - */ -function checkSupportedCurve(oid) { - try { - oid.getName(); - } catch (e) { - throw new UnsupportedError('Unknown curve OID'); - } -} - -/** - * Get preferred hash algo for a given elliptic algo - * @param {module:enums.publicKey} algo - alrogithm identifier - * @param {module:type/oid} [oid] - curve OID if needed by algo - */ -function getPreferredCurveHashAlgo(algo, oid) { - switch (algo) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.getPreferredHashAlgo(oid); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); - default: - throw new Error('Unknown elliptic signing algo'); - } -} - -var crypto$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - publicKeyEncrypt: publicKeyEncrypt, - publicKeyDecrypt: publicKeyDecrypt, - parsePublicKeyParams: parsePublicKeyParams, - parsePrivateKeyParams: parsePrivateKeyParams, - parseEncSessionKeyParams: parseEncSessionKeyParams, - serializeParams: serializeParams, - generateParams: generateParams, - validateParams: validateParams$8, - getPrefixRandom: getPrefixRandom, - generateSessionKey: generateSessionKey, - getAEADMode: getAEADMode, - getCipher: getCipher, - getPreferredCurveHashAlgo: getPreferredCurveHashAlgo -}); - -/** - * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js - * @see module:crypto/crypto - * @see module:crypto/signature - * @see module:crypto/public_key - * @see module:crypto/cipher - * @see module:crypto/random - * @see module:crypto/hash - * @module crypto - * @private - */ - -// TODO move cfb and gcm to cipher -const mod = { - /** @see module:crypto/cipher */ - cipher: cipher, - /** @see module:crypto/hash */ - hash: hash, - /** @see module:crypto/mode */ - mode: mode, - /** @see module:crypto/public_key */ - publicKey: publicKey, - /** @see module:crypto/signature */ - signature: signature, - /** @see module:crypto/random */ - random: random, - /** @see module:crypto/pkcs1 */ - pkcs1: pkcs1, - /** @see module:crypto/pkcs5 */ - pkcs5: pkcs5, - /** @see module:crypto/aes_kw */ - aesKW: aesKW -}; - -Object.assign(mod, crypto$1); - -var TYPED_OK = typeof Uint8Array !== "undefined" && - typeof Uint16Array !== "undefined" && - typeof Int32Array !== "undefined"; - - -// reduce buffer size, avoiding mem copy -function shrinkBuf(buf, size) { - if (buf.length === size) { - return buf; - } - if (buf.subarray) { - return buf.subarray(0, size); - } - buf.length = size; - return buf; -} - - -const fnTyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - if (src.subarray && dest.subarray) { - dest.set(src.subarray(src_offs, src_offs + len), dest_offs); - return; - } - // Fallback to ordinary array - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - let i, l, len, pos, chunk; - - // calculate data length - len = 0; - for (i = 0, l = chunks.length; i < l; i++) { - len += chunks[i].length; - } - - // join chunks - const result = new Uint8Array(len); - pos = 0; - for (i = 0, l = chunks.length; i < l; i++) { - chunk = chunks[i]; - result.set(chunk, pos); - pos += chunk.length; - } - - return result; - } -}; - -const fnUntyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - return [].concat.apply([], chunks); - } -}; - - -// Enable/Disable typed arrays use, for testing -// - -let Buf8 = TYPED_OK ? Uint8Array : Array; -let Buf16 = TYPED_OK ? Uint16Array : Array; -let Buf32 = TYPED_OK ? Int32Array : Array; -let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks; -let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet; - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -/* Allowed flush values; see deflate() and inflate() below for details */ -const Z_NO_FLUSH = 0; -const Z_PARTIAL_FLUSH = 1; -const Z_SYNC_FLUSH = 2; -const Z_FULL_FLUSH = 3; -const Z_FINISH = 4; -const Z_BLOCK = 5; -const Z_TREES = 6; - -/* Return codes for the compression/decompression functions. Negative values - * are errors, positive values are used for special but normal events. - */ -const Z_OK = 0; -const Z_STREAM_END = 1; -const Z_NEED_DICT = 2; -const Z_STREAM_ERROR = -2; -const Z_DATA_ERROR = -3; -//export const Z_MEM_ERROR = -4; -const Z_BUF_ERROR = -5; -const Z_DEFAULT_COMPRESSION = -1; - - -const Z_FILTERED = 1; -const Z_HUFFMAN_ONLY = 2; -const Z_RLE = 3; -const Z_FIXED = 4; -const Z_DEFAULT_STRATEGY = 0; - -/* Possible values of the data_type field (though see inflate()) */ -const Z_BINARY = 0; -const Z_TEXT = 1; -//export const Z_ASCII = 1; // = Z_TEXT (deprecated) -const Z_UNKNOWN = 2; - -/* The deflate compression method */ -const Z_DEFLATED = 8; -//export const Z_NULL = null // Use -1 or null inline, depending on var type - -/*============================================================================*/ - - -function zero$1(buf) { - let len = buf.length; while (--len >= 0) { - buf[len] = 0; - } -} - -// From zutil.h - -const STORED_BLOCK = 0; -const STATIC_TREES = 1; -const DYN_TREES = 2; -/* The three kinds of block type */ - -const MIN_MATCH = 3; -const MAX_MATCH = 258; -/* The minimum and maximum match lengths */ - -// From deflate.h -/* =========================================================================== - * Internal compression state. - */ - -const LENGTH_CODES = 29; -/* number of length codes, not counting the special END_BLOCK code */ - -const LITERALS = 256; -/* number of literal bytes 0..255 */ - -const L_CODES = LITERALS + 1 + LENGTH_CODES; -/* number of Literal or Length codes, including the END_BLOCK code */ - -const D_CODES = 30; -/* number of distance codes */ - -const BL_CODES = 19; -/* number of codes used to transfer the bit lengths */ - -const HEAP_SIZE = 2 * L_CODES + 1; -/* maximum heap size */ - -const MAX_BITS = 15; -/* All codes must not exceed MAX_BITS bits */ - -const Buf_size = 16; -/* size of bit buffer in bi_buf */ - - -/* =========================================================================== - * Constants - */ - -const MAX_BL_BITS = 7; -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -const END_BLOCK = 256; -/* end of block literal code */ - -const REP_3_6 = 16; -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -const REPZ_3_10 = 17; -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -const REPZ_11_138 = 18; -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -/* eslint-disable comma-spacing,array-bracket-spacing */ -const extra_lbits = /* extra bits for each length code */ - [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]; - -const extra_dbits = /* extra bits for each distance code */ - [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]; - -const extra_blbits = /* extra bits for each bit length code */ - [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]; - -const bl_order = - [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]; -/* eslint-enable comma-spacing,array-bracket-spacing */ - -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -/* =========================================================================== - * Local data. These are initialized only once. - */ - -// We pre-fill arrays with 0 to avoid uninitialized gaps - -const DIST_CODE_LEN = 512; /* see definition of array dist_code below */ - -// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1 -const static_ltree = new Array((L_CODES + 2) * 2); -zero$1(static_ltree); -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - -const static_dtree = new Array(D_CODES * 2); -zero$1(static_dtree); -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -const _dist_code = new Array(DIST_CODE_LEN); -zero$1(_dist_code); -/* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -const _length_code = new Array(MAX_MATCH - MIN_MATCH + 1); -zero$1(_length_code); -/* length code for each normalized match length (0 == MIN_MATCH) */ - -const base_length = new Array(LENGTH_CODES); -zero$1(base_length); -/* First normalized length for each code (0 = MIN_MATCH) */ - -const base_dist = new Array(D_CODES); -zero$1(base_dist); -/* First normalized distance for each code (0 = distance of 1) */ - - -function StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) { - - this.static_tree = static_tree; /* static tree or NULL */ - this.extra_bits = extra_bits; /* extra bits for each code or NULL */ - this.extra_base = extra_base; /* base index for extra_bits */ - this.elems = elems; /* max number of elements in the tree */ - this.max_length = max_length; /* max bit length for the codes */ - - // show if `static_tree` has data or dummy - needed for monomorphic objects - this.has_stree = static_tree && static_tree.length; -} - - -let static_l_desc; -let static_d_desc; -let static_bl_desc; - - -function TreeDesc(dyn_tree, stat_desc) { - this.dyn_tree = dyn_tree; /* the dynamic tree */ - this.max_code = 0; /* largest code with non zero frequency */ - this.stat_desc = stat_desc; /* the corresponding static tree */ -} - - - -function d_code(dist) { - return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)]; -} - - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -function put_short(s, w) { -// put_byte(s, (uch)((w) & 0xff)); -// put_byte(s, (uch)((ush)(w) >> 8)); - s.pending_buf[s.pending++] = w & 0xff; - s.pending_buf[s.pending++] = w >>> 8 & 0xff; -} - - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -function send_bits(s, value, length) { - if (s.bi_valid > Buf_size - length) { - s.bi_buf |= value << s.bi_valid & 0xffff; - put_short(s, s.bi_buf); - s.bi_buf = value >> Buf_size - s.bi_valid; - s.bi_valid += length - Buf_size; - } else { - s.bi_buf |= value << s.bi_valid & 0xffff; - s.bi_valid += length; - } -} - - -function send_code(s, c, tree) { - send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/); -} - - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -function bi_reverse(code, len) { - let res = 0; - do { - res |= code & 1; - code >>>= 1; - res <<= 1; - } while (--len > 0); - return res >>> 1; -} - - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -function bi_flush(s) { - if (s.bi_valid === 16) { - put_short(s, s.bi_buf); - s.bi_buf = 0; - s.bi_valid = 0; - - } else if (s.bi_valid >= 8) { - s.pending_buf[s.pending++] = s.bi_buf & 0xff; - s.bi_buf >>= 8; - s.bi_valid -= 8; - } -} - - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -function gen_bitlen(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const max_code = desc.max_code; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const extra = desc.stat_desc.extra_bits; - const base = desc.stat_desc.extra_base; - const max_length = desc.stat_desc.max_length; - let h; /* heap index */ - let n, m; /* iterate over the tree elements */ - let bits; /* bit length */ - let xbits; /* extra bits */ - let f; /* frequency */ - let overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) { - s.bl_count[bits] = 0; - } - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */ - - for (h = s.heap_max + 1; h < HEAP_SIZE; h++) { - n = s.heap[h]; - bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1; - if (bits > max_length) { - bits = max_length; - overflow++; - } - tree[n * 2 + 1]/*.Len*/ = bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) { - continue; - } /* not a leaf node */ - - s.bl_count[bits]++; - xbits = 0; - if (n >= base) { - xbits = extra[n - base]; - } - f = tree[n * 2]/*.Freq*/; - s.opt_len += f * (bits + xbits); - if (has_stree) { - s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits); - } - } - if (overflow === 0) { - return; - } - - // Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length - 1; - while (s.bl_count[bits] === 0) { - bits--; - } - s.bl_count[bits]--; /* move one leaf down the tree */ - s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */ - s.bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits !== 0; bits--) { - n = s.bl_count[bits]; - while (n !== 0) { - m = s.heap[--h]; - if (m > max_code) { - continue; - } - if (tree[m * 2 + 1]/*.Len*/ !== bits) { - // Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/; - tree[m * 2 + 1]/*.Len*/ = bits; - } - n--; - } - } -} - - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -function gen_codes(tree, max_code, bl_count) -// ct_data *tree; /* the tree to decorate */ -// int max_code; /* largest code with non zero frequency */ -// ushf *bl_count; /* number of codes at each bit length */ -{ - const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */ - let code = 0; /* running code value */ - let bits; /* bit index */ - let n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = code + bl_count[bits - 1] << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES - 1; code++) { - base_length[code] = length; - for (n = 0; n < 1 << extra_lbits[code]; n++) { - _length_code[length++] = code; - } - } - //Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - _length_code[length - 1] = code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < 1 << extra_dbits[code]; n++) { - _dist_code[dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for (; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < 1 << extra_dbits[code] - 7; n++) { - _dist_code[256 + dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) { - bl_count[bits] = 0; - } - - n = 0; - while (n <= 143) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - while (n <= 255) { - static_ltree[n * 2 + 1]/*.Len*/ = 9; - n++; - bl_count[9]++; - } - while (n <= 279) { - static_ltree[n * 2 + 1]/*.Len*/ = 7; - n++; - bl_count[7]++; - } - while (n <= 287) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes(static_ltree, L_CODES + 1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n * 2 + 1]/*.Len*/ = 5; - static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5); - } - - // Now data ready and we can init static trees - static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS); - static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS); - static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS); - - //static_init_done = true; -} - - -/* =========================================================================== - * Initialize a new block. - */ -function init_block(s) { - let n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) { - s.dyn_ltree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < D_CODES; n++) { - s.dyn_dtree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < BL_CODES; n++) { - s.bl_tree[n * 2]/*.Freq*/ = 0; - } - - s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1; - s.opt_len = s.static_len = 0; - s.last_lit = s.matches = 0; -} - - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -function bi_windup(s) { - if (s.bi_valid > 8) { - put_short(s, s.bi_buf); - } else if (s.bi_valid > 0) { - //put_byte(s, (Byte)s->bi_buf); - s.pending_buf[s.pending++] = s.bi_buf; - } - s.bi_buf = 0; - s.bi_valid = 0; -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -function copy_block(s, buf, len, header) -//DeflateState *s; -//charf *buf; /* the input data */ -//unsigned len; /* its length */ -//int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - - if (header) { - put_short(s, len); - put_short(s, ~len); - } - // while (len--) { - // put_byte(s, *buf++); - // } - arraySet(s.pending_buf, s.window, buf, len, s.pending); - s.pending += len; -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -function smaller(tree, n, m, depth) { - const _n2 = n * 2; - const _m2 = m * 2; - return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ || - tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m]; -} - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -function pqdownheap(s, tree, k) -// deflate_state *s; -// ct_data *tree; /* the tree to restore */ -// int k; /* node to move down */ -{ - const v = s.heap[k]; - let j = k << 1; /* left son of k */ - while (j <= s.heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s.heap_len && - smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s.heap[j], s.depth)) { - break; - } - - /* Exchange v with the smallest son */ - s.heap[k] = s.heap[j]; - k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s.heap[k] = v; -} - - -// inlined manually -// var SMALLEST = 1; - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -function compress_block(s, ltree, dtree) -// deflate_state *s; -// const ct_data *ltree; /* literal tree */ -// const ct_data *dtree; /* distance tree */ -{ - let dist; /* distance of matched string */ - let lc; /* match length or unmatched char (if dist == 0) */ - let lx = 0; /* running index in l_buf */ - let code; /* the code to send */ - let extra; /* number of extra bits to send */ - - if (s.last_lit !== 0) { - do { - dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1]; - lc = s.pending_buf[s.l_buf + lx]; - lx++; - - if (dist === 0) { - send_code(s, lc, ltree); /* send a literal byte */ - //Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code + LITERALS + 1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra !== 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - //Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra !== 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - // "pendingBuf overflow"); - - } while (lx < s.last_lit); - } - - send_code(s, END_BLOCK, ltree); -} - - -/* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ -function build_tree(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const elems = desc.stat_desc.elems; - let n, m; /* iterate over heap elements */ - let max_code = -1; /* largest code with non zero frequency */ - let node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s.heap_len = 0; - s.heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n * 2]/*.Freq*/ !== 0) { - s.heap[++s.heap_len] = max_code = n; - s.depth[n] = 0; - - } else { - tree[n * 2 + 1]/*.Len*/ = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s.heap_len < 2) { - node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0; - tree[node * 2]/*.Freq*/ = 1; - s.depth[node] = 0; - s.opt_len--; - - if (has_stree) { - s.static_len -= stree[node * 2 + 1]/*.Len*/; - } - /* node is 0 or 1 so it does not have extra bits */ - } - desc.max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) { - pqdownheap(s, tree, n); - } - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - //pqremove(s, tree, n); /* n = node of least frequency */ - /*** pqremove ***/ - n = s.heap[1/*SMALLEST*/]; - s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--]; - pqdownheap(s, tree, 1/*SMALLEST*/); - /***/ - - m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */ - - s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */ - s.heap[--s.heap_max] = m; - - /* Create a new node father of n and m */ - tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/; - s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1; - tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node; - - /* and insert the new node in the heap */ - s.heap[1/*SMALLEST*/] = node++; - pqdownheap(s, tree, 1/*SMALLEST*/); - - } while (s.heap_len >= 2); - - s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes(tree, max_code, s.bl_count); -} - - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -function scan_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - s.bl_tree[curlen * 2]/*.Freq*/ += count; - - } else if (curlen !== 0) { - - if (curlen !== prevlen) { - s.bl_tree[curlen * 2]/*.Freq*/++; - } - s.bl_tree[REP_3_6 * 2]/*.Freq*/++; - - } else if (count <= 10) { - s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++; - - } else { - s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++; - } - - count = 0; - prevlen = curlen; - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -function send_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - do { - send_code(s, curlen, s.bl_tree); - } while (--count !== 0); - - } else if (curlen !== 0) { - if (curlen !== prevlen) { - send_code(s, curlen, s.bl_tree); - count--; - } - //Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s.bl_tree); - send_bits(s, count - 3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s.bl_tree); - send_bits(s, count - 3, 3); - - } else { - send_code(s, REPZ_11_138, s.bl_tree); - send_bits(s, count - 11, 7); - } - - count = 0; - prevlen = curlen; - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -function build_bl_tree(s) { - let max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, s.dyn_ltree, s.l_desc.max_code); - scan_tree(s, s.dyn_dtree, s.d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, s.bl_desc); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) { - if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) { - break; - } - } - /* Update opt_len to include the bit length tree and counts */ - s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4; - //Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - // s->opt_len, s->static_len)); - - return max_blindex; -} - - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -function send_all_trees(s, lcodes, dcodes, blcodes) -// deflate_state *s; -// int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - let rank; /* index in bl_order */ - - //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - // "too many codes"); - //Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes - 1, 5); - send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - //Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3); - } - //Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */ - //Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */ - //Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - - -/* =========================================================================== - * Check if the data type is TEXT or BINARY, using the following algorithm: - * - TEXT if the two conditions below are satisfied: - * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). - * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). - * - BINARY otherwise. - * - The following partially-portable control characters form a - * "gray list" that is ignored in this detection algorithm: - * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). - * IN assertion: the fields Freq of dyn_ltree are set. - */ -function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes - * set bits 0..6, 14..25, and 28..31 - * 0xf3ffc07f = binary 11110011111111111100000001111111 - */ - let black_mask = 0xf3ffc07f; - let n; - - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_BINARY; - } - } - - /* Check for textual ("white-listed") bytes. */ - if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || - s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - for (n = 32; n < LITERALS; n++) { - if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - } - - /* There are no "black-listed" or "white-listed" bytes: - * this stream either is empty or has tolerated ("gray-listed") bytes only. - */ - return Z_BINARY; -} - - -let static_init_done = false; - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -function _tr_init(s) { - - if (!static_init_done) { - tr_static_init(); - static_init_done = true; - } - - s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc); - s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc); - s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc); - - s.bi_buf = 0; - s.bi_valid = 0; - - /* Initialize the first block of the first file: */ - init_block(s); -} - - -/* =========================================================================== - * Send a stored block - */ -function _tr_stored_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */ - copy_block(s, buf, stored_len, true); /* with header */ -} - - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - */ -function _tr_align(s) { - send_bits(s, STATIC_TREES << 1, 3); - send_code(s, END_BLOCK, static_ltree); - bi_flush(s); -} - - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. - */ -function _tr_flush_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block, or NULL if too old */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - let opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - let max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s.level > 0) { - - /* Check if the file is binary or text */ - if (s.strm.data_type === Z_UNKNOWN) { - s.strm.data_type = detect_data_type(s); - } - - /* Construct the literal and distance trees */ - build_tree(s, s.l_desc); - // Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - - build_tree(s, s.d_desc); - // Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute the block lengths in bytes. */ - opt_lenb = s.opt_len + 3 + 7 >>> 3; - static_lenb = s.static_len + 3 + 7 >>> 3; - - // Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - // s->last_lit)); - - if (static_lenb <= opt_lenb) { - opt_lenb = static_lenb; - } - - } else { - // Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - - if (stored_len + 4 <= opt_lenb && buf !== -1) { - /* 4: two words for the lengths */ - - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, last); - - } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) { - - send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3); - compress_block(s, static_ltree, static_dtree); - - } else { - send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3); - send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1); - compress_block(s, s.dyn_ltree, s.dyn_dtree); - } - // Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); - - if (last) { - bi_windup(s); - } - // Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - // s->compressed_len-7*last)); -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -function _tr_tally(s, dist, lc) -// deflate_state *s; -// unsigned dist; /* distance of matched string */ -// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - //var out_length, in_length, dcode; - - s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff; - s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff; - - s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff; - s.last_lit++; - - if (dist === 0) { - /* lc is the unmatched char */ - s.dyn_ltree[lc * 2]/*.Freq*/++; - } else { - s.matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - //Assert((ush)dist < (ush)MAX_DIST(s) && - // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - // (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++; - s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - - //#ifdef TRUNCATE_BLOCK - // /* Try to guess if it is profitable to stop the current block here */ - // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) { - // /* Compute an upper bound for the compressed length */ - // out_length = s.last_lit*8; - // in_length = s.strstart - s.block_start; - // - // for (dcode = 0; dcode < D_CODES; dcode++) { - // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]); - // } - // out_length >>>= 3; - // //Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - // // s->last_lit, in_length, out_length, - // // 100L - out_length*100L/in_length)); - // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) { - // return true; - // } - // } - //#endif - - return s.last_lit === s.lit_bufsize - 1; - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -// Note: adler32 takes 12% for level 0 and 2% for level 6. -// It isn't worth it to make additional optimizations as in original. -// Small size is preferable. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -function adler32(adler, buf, len, pos) { - let s1 = adler & 0xffff |0, - s2 = adler >>> 16 & 0xffff |0, - n = 0; - - while (len !== 0) { - // Set limit ~ twice less than 5552, to keep - // s2 in 31-bits, because we force signed ints. - // in other case %= will fail. - n = len > 2000 ? 2000 : len; - len -= n; - - do { - s1 = s1 + buf[pos++] |0; - s2 = s2 + s1 |0; - } while (--n); - - s1 %= 65521; - s2 %= 65521; - } - - return s1 | s2 << 16 |0; -} - -// Note: we can't get significant speed boost here. -// So write code to minimize size - no pregenerated tables -// and array tools dependencies. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// Use ordinary array, since untyped makes no boost here -function makeTable() { - let c; - const table = []; - - for (let n = 0; n < 256; n++) { - c = n; - for (let k = 0; k < 8; k++) { - c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1; - } - table[n] = c; - } - - return table; -} - -// Create table on load. Just 255 signed longs. Not a problem. -const crcTable = makeTable(); - - -function crc32(crc, buf, len, pos) { - const t = crcTable, - end = pos + len; - - crc ^= -1; - - for (let i = pos; i < end; i++) { - crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF]; - } - - return crc ^ -1; // >>> 0; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -var msg = { - 2: "need dictionary", /* Z_NEED_DICT 2 */ - 1: "stream end", /* Z_STREAM_END 1 */ - 0: "", /* Z_OK 0 */ - "-1": "file error", /* Z_ERRNO (-1) */ - "-2": "stream error", /* Z_STREAM_ERROR (-2) */ - "-3": "data error", /* Z_DATA_ERROR (-3) */ - "-4": "insufficient memory", /* Z_MEM_ERROR (-4) */ - "-5": "buffer error", /* Z_BUF_ERROR (-5) */ - "-6": "incompatible version" /* Z_VERSION_ERROR (-6) */ -}; - -/*============================================================================*/ - - -const MAX_MEM_LEVEL = 9; - - -const LENGTH_CODES$1 = 29; -/* number of length codes, not counting the special END_BLOCK code */ -const LITERALS$1 = 256; -/* number of literal bytes 0..255 */ -const L_CODES$1 = LITERALS$1 + 1 + LENGTH_CODES$1; -/* number of Literal or Length codes, including the END_BLOCK code */ -const D_CODES$1 = 30; -/* number of distance codes */ -const BL_CODES$1 = 19; -/* number of codes used to transfer the bit lengths */ -const HEAP_SIZE$1 = 2 * L_CODES$1 + 1; -/* maximum heap size */ -const MAX_BITS$1 = 15; -/* All codes must not exceed MAX_BITS bits */ - -const MIN_MATCH$1 = 3; -const MAX_MATCH$1 = 258; -const MIN_LOOKAHEAD = (MAX_MATCH$1 + MIN_MATCH$1 + 1); - -const PRESET_DICT = 0x20; - -const INIT_STATE = 42; -const EXTRA_STATE = 69; -const NAME_STATE = 73; -const COMMENT_STATE = 91; -const HCRC_STATE = 103; -const BUSY_STATE = 113; -const FINISH_STATE = 666; - -const BS_NEED_MORE = 1; /* block not completed, need more input or more output */ -const BS_BLOCK_DONE = 2; /* block flush performed */ -const BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */ -const BS_FINISH_DONE = 4; /* finish done, accept no more input or output */ - -const OS_CODE = 0x03; // Unix :) . Don't detect, use this default. - -function err(strm, errorCode) { - strm.msg = msg[errorCode]; - return errorCode; -} - -function rank(f) { - return ((f) << 1) - ((f) > 4 ? 9 : 0); -} - -function zero$2(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } } - - -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->output buffer and copying into it. - * (See also read_buf()). - */ -function flush_pending(strm) { - const s = strm.state; - - //_tr_flush_bits(s); - let len = s.pending; - if (len > strm.avail_out) { - len = strm.avail_out; - } - if (len === 0) { return; } - - arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out); - strm.next_out += len; - s.pending_out += len; - strm.total_out += len; - strm.avail_out -= len; - s.pending -= len; - if (s.pending === 0) { - s.pending_out = 0; - } -} - - -function flush_block_only(s, last) { - _tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last); - s.block_start = s.strstart; - flush_pending(s.strm); -} - - -function put_byte(s, b) { - s.pending_buf[s.pending++] = b; -} - - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -function putShortMSB(s, b) { - // put_byte(s, (Byte)(b >> 8)); - // put_byte(s, (Byte)(b & 0xff)); - s.pending_buf[s.pending++] = (b >>> 8) & 0xff; - s.pending_buf[s.pending++] = b & 0xff; -} - - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->input buffer and copying from it. - * (See also flush_pending()). - */ -function read_buf(strm, buf, start, size) { - let len = strm.avail_in; - - if (len > size) { len = size; } - if (len === 0) { return 0; } - - strm.avail_in -= len; - - // zmemcpy(buf, strm->next_in, len); - arraySet(buf, strm.input, strm.next_in, len, start); - if (strm.state.wrap === 1) { - strm.adler = adler32(strm.adler, buf, len, start); - } - - else if (strm.state.wrap === 2) { - strm.adler = crc32(strm.adler, buf, len, start); - } - - strm.next_in += len; - strm.total_in += len; - - return len; -} - - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -function longest_match(s, cur_match) { - let chain_length = s.max_chain_length; /* max hash chain length */ - let scan = s.strstart; /* current string */ - let match; /* matched string */ - let len; /* length of current match */ - let best_len = s.prev_length; /* best match length so far */ - let nice_match = s.nice_match; /* stop if match long enough */ - const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ? - s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/; - - const _win = s.window; // shortcut - - const wmask = s.w_mask; - const prev = s.prev; - - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - - const strend = s.strstart + MAX_MATCH$1; - let scan_end1 = _win[scan + best_len - 1]; - let scan_end = _win[scan + best_len]; - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s.prev_length >= s.good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if (nice_match > s.lookahead) { nice_match = s.lookahead; } - - // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - // Assert(cur_match < s->strstart, "no future"); - match = cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2. Note that the checks below - * for insufficient lookahead only occur occasionally for performance - * reasons. Therefore uninitialized memory will be accessed, and - * conditional jumps will be made that depend on those values. - * However the length of the match is limited to the lookahead, so - * the output of deflate is not affected by the uninitialized values. - */ - - if (_win[match + best_len] !== scan_end || - _win[match + best_len - 1] !== scan_end1 || - _win[match] !== _win[scan] || - _win[++match] !== _win[scan + 1]) { - continue; - } - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2; - match++; - // Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - /*jshint noempty:false*/ - } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - scan < strend); - - // Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH$1 - (strend - scan); - scan = strend - MAX_MATCH$1; - - if (len > best_len) { - s.match_start = cur_match; - best_len = len; - if (len >= nice_match) { - break; - } - scan_end1 = _win[scan + best_len - 1]; - scan_end = _win[scan + best_len]; - } - } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0); - - if (best_len <= s.lookahead) { - return best_len; - } - return s.lookahead; -} - - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -function fill_window(s) { - const _w_size = s.w_size; - let p, n, m, more, str; - - //Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); - - do { - more = s.window_size - s.lookahead - s.strstart; - - // JS ints have 32 bit, block below not needed - /* Deal with !@#$% 64K limit: */ - //if (sizeof(int) <= 2) { - // if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - // more = wsize; - // - // } else if (more == (unsigned)(-1)) { - // /* Very unlikely, but possible on 16 bit machine if - // * strstart == 0 && lookahead == 1 (input done a byte at time) - // */ - // more--; - // } - //} - - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) { - - arraySet(s.window, s.window, _w_size, _w_size, 0); - s.match_start -= _w_size; - s.strstart -= _w_size; - /* we now have strstart >= MAX_DIST */ - s.block_start -= _w_size; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - - n = s.hash_size; - p = n; - do { - m = s.head[--p]; - s.head[p] = (m >= _w_size ? m - _w_size : 0); - } while (--n); - - n = _w_size; - p = n; - do { - m = s.prev[--p]; - s.prev[p] = (m >= _w_size ? m - _w_size : 0); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += _w_size; - } - if (s.strm.avail_in === 0) { - break; - } - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - //Assert(more >= 2, "more < 2"); - n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more); - s.lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s.lookahead + s.insert >= MIN_MATCH$1) { - str = s.strstart - s.insert; - s.ins_h = s.window[str]; - - /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask; - //#if MIN_MATCH != 3 - // Call update_hash() MIN_MATCH-3 more times - //#endif - while (s.insert) { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = str; - str++; - s.insert--; - if (s.lookahead + s.insert < MIN_MATCH$1) { - break; - } - } - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0); - - /* If the WIN_INIT bytes after the end of the current data have never been - * written, then zero those bytes in order to avoid memory check reports of - * the use of uninitialized (or uninitialised as Julian writes) bytes by - * the longest match routines. Update the high water mark for the next - * time through here. WIN_INIT is set to MAX_MATCH since the longest match - * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. - */ - // if (s.high_water < s.window_size) { - // var curr = s.strstart + s.lookahead; - // var init = 0; - // - // if (s.high_water < curr) { - // /* Previous high water mark below current data -- zero WIN_INIT - // * bytes or up to end of window, whichever is less. - // */ - // init = s.window_size - curr; - // if (init > WIN_INIT) - // init = WIN_INIT; - // zmemzero(s->window + curr, (unsigned)init); - // s->high_water = curr + init; - // } - // else if (s->high_water < (ulg)curr + WIN_INIT) { - // /* High water mark at or above current data, but below current data - // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up - // * to end of window, whichever is less. - // */ - // init = (ulg)curr + WIN_INIT - s->high_water; - // if (init > s->window_size - s->high_water) - // init = s->window_size - s->high_water; - // zmemzero(s->window + s->high_water, (unsigned)init); - // s->high_water += init; - // } - // } - // - // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, - // "not enough room for search"); -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ -function deflate_stored(s, flush) { - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - let max_block_size = 0xffff; - - if (max_block_size > s.pending_buf_size - 5) { - max_block_size = s.pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (; ;) { - /* Fill the window as much as possible: */ - if (s.lookahead <= 1) { - - //Assert(s->strstart < s->w_size+MAX_DIST(s) || - // s->block_start >= (long)s->w_size, "slide too late"); - // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) || - // s.block_start >= s.w_size)) { - // throw new Error("slide too late"); - // } - - fill_window(s); - if (s.lookahead === 0 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - - if (s.lookahead === 0) { - break; - } - /* flush the current block */ - } - //Assert(s->block_start >= 0L, "block gone"); - // if (s.block_start < 0) throw new Error("block gone"); - - s.strstart += s.lookahead; - s.lookahead = 0; - - /* Emit a stored block if pending_buf will be full: */ - const max_start = s.block_start + max_block_size; - - if (s.strstart === 0 || s.strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s.lookahead = s.strstart - max_start; - s.strstart = max_start; - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - - - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - - s.insert = 0; - - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - - if (s.strstart > s.block_start) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_NEED_MORE; -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -function deflate_fast(s, flush) { - let hash_head; /* head of the hash chain */ - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { - break; /* flush the current block */ - } - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - } - if (s.match_length >= MIN_MATCH$1) { - // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only - - /*** _tr_tally_dist(s, s.strstart - s.match_start, - s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH$1) { - s.match_length--; /* string at strstart already in table */ - do { - s.strstart++; - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s.match_length !== 0); - s.strstart++; - } else { - s.strstart += s.match_length; - s.match_length = 0; - s.ins_h = s.window[s.strstart]; - /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask; - - //#if MIN_MATCH != 3 - // Call UPDATE_HASH() MIN_MATCH-3 more times - //#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s.window[s.strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = ((s.strstart < (MIN_MATCH$1 - 1)) ? s.strstart : MIN_MATCH$1 - 1); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -function deflate_slow(s, flush) { - let hash_head; /* head of hash chain */ - let bflush; /* set if current block must be flushed */ - - let max_insert; - - /* Process the input block. */ - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - */ - s.prev_length = s.match_length; - s.prev_match = s.match_start; - s.match_length = MIN_MATCH$1 - 1; - - if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match && - s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - - if (s.match_length <= 5 && - (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH$1 && s.strstart - s.match_start > 4096/*TOO_FAR*/))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s.match_length = MIN_MATCH$1 - 1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s.prev_length >= MIN_MATCH$1 && s.match_length <= s.prev_length) { - max_insert = s.strstart + s.lookahead - MIN_MATCH$1; - /* Do not insert strings in hash table beyond this. */ - - //check_match(s, s.strstart-1, s.prev_match, s.prev_length); - - /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match, - s.prev_length - MIN_MATCH, bflush);***/ - bflush = _tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH$1); - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s.lookahead -= s.prev_length - 1; - s.prev_length -= 2; - do { - if (++s.strstart <= max_insert) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - } while (--s.prev_length !== 0); - s.match_available = 0; - s.match_length = MIN_MATCH$1 - 1; - s.strstart++; - - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - } else if (s.match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - if (bflush) { - /*** FLUSH_BLOCK_ONLY(s, 0) ***/ - flush_block_only(s, false); - /***/ - } - s.strstart++; - s.lookahead--; - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s.match_available = 1; - s.strstart++; - s.lookahead--; - } - } - //Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s.match_available) { - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - s.match_available = 0; - } - s.insert = s.strstart < MIN_MATCH$1 - 1 ? s.strstart : MIN_MATCH$1 - 1; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_BLOCK_DONE; -} - - -/* =========================================================================== - * For Z_RLE, simply look for runs of bytes, generate matches only of distance - * one. Do not maintain a hash table. (It will be regenerated if this run of - * deflate switches away from Z_RLE.) - */ -function deflate_rle(s, flush) { - let bflush; /* set if current block must be flushed */ - let prev; /* byte at distance one to match */ - let scan, strend; /* scan goes up to strend for length of run */ - - const _win = s.window; - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the longest run, plus one for the unrolled loop. - */ - if (s.lookahead <= MAX_MATCH$1) { - fill_window(s); - if (s.lookahead <= MAX_MATCH$1 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* See how many times the previous byte repeats */ - s.match_length = 0; - if (s.lookahead >= MIN_MATCH$1 && s.strstart > 0) { - scan = s.strstart - 1; - prev = _win[scan]; - if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) { - strend = s.strstart + MAX_MATCH$1; - do { - /*jshint noempty:false*/ - } while (prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - scan < strend); - s.match_length = MAX_MATCH$1 - (strend - scan); - if (s.match_length > s.lookahead) { - s.match_length = s.lookahead; - } - } - //Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); - } - - /* Emit match if have run of MIN_MATCH or longer, else emit literal */ - if (s.match_length >= MIN_MATCH$1) { - //check_match(s, s.strstart, s.strstart - 1, s.match_length); - - /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, 1, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - s.strstart += s.match_length; - s.match_length = 0; - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. - * (It will be regenerated if this run of deflate switches away from Huffman.) - */ -function deflate_huff(s, flush) { - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we have a literal to write. */ - if (s.lookahead === 0) { - fill_window(s); - if (s.lookahead === 0) { - if (flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - break; /* flush the current block */ - } - } - - /* Output a literal byte */ - s.match_length = 0; - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - s.lookahead--; - s.strstart++; - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ -class Config { - constructor(good_length, max_lazy, nice_length, max_chain, func) { - this.good_length = good_length; - this.max_lazy = max_lazy; - this.nice_length = nice_length; - this.max_chain = max_chain; - this.func = func; - } -} -const configuration_table = [ - /* good lazy nice chain */ - new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */ - new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */ - new Config(4, 5, 16, 8, deflate_fast), /* 2 */ - new Config(4, 6, 32, 32, deflate_fast), /* 3 */ - - new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */ - new Config(8, 16, 32, 32, deflate_slow), /* 5 */ - new Config(8, 16, 128, 128, deflate_slow), /* 6 */ - new Config(8, 32, 128, 256, deflate_slow), /* 7 */ - new Config(32, 128, 258, 1024, deflate_slow), /* 8 */ - new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */ -]; - - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -function lm_init(s) { - s.window_size = 2 * s.w_size; - - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - - /* Set the default configuration parameters: - */ - s.max_lazy_match = configuration_table[s.level].max_lazy; - s.good_match = configuration_table[s.level].good_length; - s.nice_match = configuration_table[s.level].nice_length; - s.max_chain_length = configuration_table[s.level].max_chain; - - s.strstart = 0; - s.block_start = 0; - s.lookahead = 0; - s.insert = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - s.ins_h = 0; -} - -class DeflateState { - constructor() { - this.strm = null; /* pointer back to this zlib stream */ - this.status = 0; /* as the name implies */ - this.pending_buf = null; /* output still pending */ - this.pending_buf_size = 0; /* size of pending_buf */ - this.pending_out = 0; /* next pending byte to output to the stream */ - this.pending = 0; /* nb of bytes in the pending buffer */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.gzhead = null; /* gzip header information to write */ - this.gzindex = 0; /* where in extra, name, or comment */ - this.method = Z_DEFLATED; /* can only be DEFLATED */ - this.last_flush = -1; /* value of flush param for previous deflate call */ - - this.w_size = 0; /* LZ77 window size (32K by default) */ - this.w_bits = 0; /* log2(w_size) (8..16) */ - this.w_mask = 0; /* w_size - 1 */ - - this.window = null; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. - */ - - this.window_size = 0; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - this.prev = null; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - this.head = null; /* Heads of the hash chains or NIL. */ - - this.ins_h = 0; /* hash index of string to be inserted */ - this.hash_size = 0; /* number of elements in hash table */ - this.hash_bits = 0; /* log2(hash_size) */ - this.hash_mask = 0; /* hash_size-1 */ - - this.hash_shift = 0; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - this.block_start = 0; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - this.match_length = 0; /* length of best match */ - this.prev_match = 0; /* previous match */ - this.match_available = 0; /* set if previous match exists */ - this.strstart = 0; /* start of string to insert */ - this.match_start = 0; /* start of matching string */ - this.lookahead = 0; /* number of valid bytes ahead in window */ - - this.prev_length = 0; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - this.max_chain_length = 0; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - this.max_lazy_match = 0; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ - // That's alias to max_lazy_match, don't use directly - //this.max_insert_length = 0; - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - this.level = 0; /* compression level (1..9) */ - this.strategy = 0; /* favor or force Huffman coding*/ - - this.good_match = 0; - /* Use a faster search when the previous match is longer than this */ - - this.nice_match = 0; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - - /* Didn't use ct_data typedef below to suppress compiler warning */ - - // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - // Use flat array of DOUBLE size, with interleaved fata, - // because JS does not support effective - this.dyn_ltree = new Buf16(HEAP_SIZE$1 * 2); - this.dyn_dtree = new Buf16((2 * D_CODES$1 + 1) * 2); - this.bl_tree = new Buf16((2 * BL_CODES$1 + 1) * 2); - zero$2(this.dyn_ltree); - zero$2(this.dyn_dtree); - zero$2(this.bl_tree); - - this.l_desc = null; /* desc. for literal tree */ - this.d_desc = null; /* desc. for distance tree */ - this.bl_desc = null; /* desc. for bit length tree */ - - //ush bl_count[MAX_BITS+1]; - this.bl_count = new Buf16(MAX_BITS$1 + 1); - /* number of codes at each bit length for an optimal tree */ - - //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - this.heap = new Buf16(2 * L_CODES$1 + 1); /* heap used to build the Huffman trees */ - zero$2(this.heap); - - this.heap_len = 0; /* number of elements in the heap */ - this.heap_max = 0; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - this.depth = new Buf16(2 * L_CODES$1 + 1); //uch depth[2*L_CODES+1]; - zero$2(this.depth); - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - this.l_buf = 0; /* buffer index for literals or lengths */ - - this.lit_bufsize = 0; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - this.last_lit = 0; /* running index in l_buf */ - - this.d_buf = 0; - /* Buffer index for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - this.opt_len = 0; /* bit length of current block with optimal trees */ - this.static_len = 0; /* bit length of current block with static trees */ - this.matches = 0; /* number of string matches in current block */ - this.insert = 0; /* bytes at end of window left to insert */ - - - this.bi_buf = 0; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - this.bi_valid = 0; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - - // Used for window memory init. We safely ignore it for JS. That makes - // sense only for pointers and memory check tools. - //this.high_water = 0; - /* High water mark offset in window for initialized bytes -- bytes above - * this are set to zero in order to avoid memory check warnings when - * longest match routines access bytes past the input. This is then - * updated to the new high water mark. - */ - } -} - -function deflateResetKeep(strm) { - let s; - - if (!strm || !strm.state) { - return err(strm, Z_STREAM_ERROR); - } - - strm.total_in = strm.total_out = 0; - strm.data_type = Z_UNKNOWN; - - s = strm.state; - s.pending = 0; - s.pending_out = 0; - - if (s.wrap < 0) { - s.wrap = -s.wrap; - /* was made negative by deflate(..., Z_FINISH); */ - } - s.status = (s.wrap ? INIT_STATE : BUSY_STATE); - strm.adler = (s.wrap === 2) ? - 0 // crc32(0, Z_NULL, 0) - : - 1; // adler32(0, Z_NULL, 0) - s.last_flush = Z_NO_FLUSH; - _tr_init(s); - return Z_OK; -} - - -function deflateReset(strm) { - const ret = deflateResetKeep(strm); - if (ret === Z_OK) { - lm_init(strm.state); - } - return ret; -} - - -function deflateSetHeader(strm, head) { - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; } - strm.state.gzhead = head; - return Z_OK; -} - - -function deflateInit2(strm, level, method, windowBits, memLevel, strategy) { - if (!strm) { // === Z_NULL - return Z_STREAM_ERROR; - } - let wrap = 1; - - if (level === Z_DEFAULT_COMPRESSION) { - level = 6; - } - - if (windowBits < 0) { /* suppress zlib wrapper */ - wrap = 0; - windowBits = -windowBits; - } - - else if (windowBits > 15) { - wrap = 2; /* write gzip wrapper instead */ - windowBits -= 16; - } - - - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_FIXED) { - return err(strm, Z_STREAM_ERROR); - } - - - if (windowBits === 8) { - windowBits = 9; - } - /* until 256-byte window bug fixed */ - - const s = new DeflateState(); - - strm.state = s; - s.strm = strm; - - s.wrap = wrap; - s.gzhead = null; - s.w_bits = windowBits; - s.w_size = 1 << s.w_bits; - s.w_mask = s.w_size - 1; - - s.hash_bits = memLevel + 7; - s.hash_size = 1 << s.hash_bits; - s.hash_mask = s.hash_size - 1; - s.hash_shift = ~~((s.hash_bits + MIN_MATCH$1 - 1) / MIN_MATCH$1); - s.window = new Buf8(s.w_size * 2); - s.head = new Buf16(s.hash_size); - s.prev = new Buf16(s.w_size); - - // Don't need mem init magic for JS. - //s.high_water = 0; /* nothing written to s->window yet */ - - s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s.pending_buf_size = s.lit_bufsize * 4; - - //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - //s->pending_buf = (uchf *) overlay; - s.pending_buf = new Buf8(s.pending_buf_size); - - // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`) - //s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s.d_buf = 1 * s.lit_bufsize; - - //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - s.l_buf = (1 + 2) * s.lit_bufsize; - - s.level = level; - s.strategy = strategy; - s.method = method; - - return deflateReset(strm); -} - - -function deflate(strm, flush) { - let old_flush, s; - let beg, val; // for gzip header write only - - if (!strm || !strm.state || - flush > Z_BLOCK || flush < 0) { - return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR; - } - - s = strm.state; - - if (!strm.output || - (!strm.input && strm.avail_in !== 0) || - (s.status === FINISH_STATE && flush !== Z_FINISH)) { - return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR); - } - - s.strm = strm; /* just in case */ - old_flush = s.last_flush; - s.last_flush = flush; - - /* Write the header */ - if (s.status === INIT_STATE) { - - if (s.wrap === 2) { // GZIP header - strm.adler = 0; //crc32(0L, Z_NULL, 0); - put_byte(s, 31); - put_byte(s, 139); - put_byte(s, 8); - if (!s.gzhead) { // s->gzhead == Z_NULL - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, OS_CODE); - s.status = BUSY_STATE; - } - else { - put_byte(s, (s.gzhead.text ? 1 : 0) + - (s.gzhead.hcrc ? 2 : 0) + - (!s.gzhead.extra ? 0 : 4) + - (!s.gzhead.name ? 0 : 8) + - (!s.gzhead.comment ? 0 : 16) - ); - put_byte(s, s.gzhead.time & 0xff); - put_byte(s, (s.gzhead.time >> 8) & 0xff); - put_byte(s, (s.gzhead.time >> 16) & 0xff); - put_byte(s, (s.gzhead.time >> 24) & 0xff); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, s.gzhead.os & 0xff); - if (s.gzhead.extra && s.gzhead.extra.length) { - put_byte(s, s.gzhead.extra.length & 0xff); - put_byte(s, (s.gzhead.extra.length >> 8) & 0xff); - } - if (s.gzhead.hcrc) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0); - } - s.gzindex = 0; - s.status = EXTRA_STATE; - } - } - else // DEFLATE header - { - let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8; - let level_flags = -1; - - if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) { - level_flags = 0; - } else if (s.level < 6) { - level_flags = 1; - } else if (s.level === 6) { - level_flags = 2; - } else { - level_flags = 3; - } - header |= (level_flags << 6); - if (s.strstart !== 0) { header |= PRESET_DICT; } - header += 31 - (header % 31); - - s.status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s.strstart !== 0) { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - strm.adler = 1; // adler32(0L, Z_NULL, 0); - } - } - - //#ifdef GZIP - if (s.status === EXTRA_STATE) { - if (s.gzhead.extra/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - - while (s.gzindex < (s.gzhead.extra.length & 0xffff)) { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - break; - } - } - put_byte(s, s.gzhead.extra[s.gzindex] & 0xff); - s.gzindex++; - } - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (s.gzindex === s.gzhead.extra.length) { - s.gzindex = 0; - s.status = NAME_STATE; - } - } - else { - s.status = NAME_STATE; - } - } - if (s.status === NAME_STATE) { - if (s.gzhead.name/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.name.length) { - val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.gzindex = 0; - s.status = COMMENT_STATE; - } - } - else { - s.status = COMMENT_STATE; - } - } - if (s.status === COMMENT_STATE) { - if (s.gzhead.comment/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.comment.length) { - val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.status = HCRC_STATE; - } - } - else { - s.status = HCRC_STATE; - } - } - if (s.status === HCRC_STATE) { - if (s.gzhead.hcrc) { - if (s.pending + 2 > s.pending_buf_size) { - flush_pending(strm); - } - if (s.pending + 2 <= s.pending_buf_size) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - strm.adler = 0; //crc32(0L, Z_NULL, 0); - s.status = BUSY_STATE; - } - } - else { - s.status = BUSY_STATE; - } - } - //#endif - - /* Flush as much pending output as possible */ - if (s.pending !== 0) { - flush_pending(strm); - if (strm.avail_out === 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s.last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUF_ERROR. - */ - } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) && - flush !== Z_FINISH) { - return err(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s.status === FINISH_STATE && strm.avail_in !== 0) { - return err(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm.avail_in !== 0 || s.lookahead !== 0 || - (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) { - var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) : - (s.strategy === Z_RLE ? deflate_rle(s, flush) : - configuration_table[s.level].func(s, flush)); - - if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) { - s.status = FINISH_STATE; - } - if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) { - if (strm.avail_out === 0) { - s.last_flush = -1; - /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate === BS_BLOCK_DONE) { - if (flush === Z_PARTIAL_FLUSH) { - _tr_align(s); - } - else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ - - _tr_stored_block(s, 0, 0, false); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush === Z_FULL_FLUSH) { - /*** CLEAR_HASH(s); ***/ /* forget history */ - zero$2(s.head); // Fill with NIL (= 0); - - if (s.lookahead === 0) { - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - } - } - flush_pending(strm); - if (strm.avail_out === 0) { - s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - //Assert(strm->avail_out > 0, "bug2"); - //if (strm.avail_out <= 0) { throw new Error("bug2");} - - if (flush !== Z_FINISH) { return Z_OK; } - if (s.wrap <= 0) { return Z_STREAM_END; } - - /* Write the trailer */ - if (s.wrap === 2) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - put_byte(s, (strm.adler >> 16) & 0xff); - put_byte(s, (strm.adler >> 24) & 0xff); - put_byte(s, strm.total_in & 0xff); - put_byte(s, (strm.total_in >> 8) & 0xff); - put_byte(s, (strm.total_in >> 16) & 0xff); - put_byte(s, (strm.total_in >> 24) & 0xff); - } - else { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - if (s.wrap > 0) { s.wrap = -s.wrap; } - /* write the trailer only once! */ - return s.pending !== 0 ? Z_OK : Z_STREAM_END; -} - -function deflateEnd(strm) { - let status; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - status = strm.state.status; - if (status !== INIT_STATE && - status !== EXTRA_STATE && - status !== NAME_STATE && - status !== COMMENT_STATE && - status !== HCRC_STATE && - status !== BUSY_STATE && - status !== FINISH_STATE - ) { - return err(strm, Z_STREAM_ERROR); - } - - strm.state = null; - - return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK; -} - - -/* ========================================================================= - * Initializes the compression dictionary from the given byte - * sequence without producing any compressed output. - */ -function deflateSetDictionary(strm, dictionary) { - let dictLength = dictionary.length; - - let s; - let str, n; - let wrap; - let avail; - let next; - let input; - let tmpDict; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - s = strm.state; - wrap = s.wrap; - - if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) { - return Z_STREAM_ERROR; - } - - /* when using zlib wrappers, compute Adler-32 for provided dictionary */ - if (wrap === 1) { - /* adler32(strm->adler, dictionary, dictLength); */ - strm.adler = adler32(strm.adler, dictionary, dictLength, 0); - } - - s.wrap = 0; /* avoid computing Adler-32 in read_buf */ - - /* if dictionary would fill window, just replace the history */ - if (dictLength >= s.w_size) { - if (wrap === 0) { /* already empty otherwise */ - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - /* use the tail */ - // dictionary = dictionary.slice(dictLength - s.w_size); - tmpDict = new Buf8(s.w_size); - arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0); - dictionary = tmpDict; - dictLength = s.w_size; - } - /* insert dictionary into window and hash */ - avail = strm.avail_in; - next = strm.next_in; - input = strm.input; - strm.avail_in = dictLength; - strm.next_in = 0; - strm.input = dictionary; - fill_window(s); - while (s.lookahead >= MIN_MATCH$1) { - str = s.strstart; - n = s.lookahead - (MIN_MATCH$1 - 1); - do { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - - s.head[s.ins_h] = str; - str++; - } while (--n); - s.strstart = str; - s.lookahead = MIN_MATCH$1 - 1; - fill_window(s); - } - s.strstart += s.lookahead; - s.block_start = s.strstart; - s.insert = s.lookahead; - s.lookahead = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - strm.next_in = next; - strm.input = input; - strm.avail_in = avail; - s.wrap = wrap; - return Z_OK; -} - -/* Not implemented -exports.deflateBound = deflateBound; -exports.deflateCopy = deflateCopy; -exports.deflateParams = deflateParams; -exports.deflatePending = deflatePending; -exports.deflatePrime = deflatePrime; -exports.deflateTune = deflateTune; -*/ - -// String encode/decode helpers - -try { - String.fromCharCode.apply(null, [ 0 ]); -} catch (__) { -} -try { - String.fromCharCode.apply(null, new Uint8Array(1)); -} catch (__) { -} - - -// Table with utf8 lengths (calculated by first byte of sequence) -// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS, -// because max possible codepoint is 0x10ffff -const _utf8len = new Buf8(256); -for (let q = 0; q < 256; q++) { - _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1; -} -_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start - - -// convert string to array (typed, when possible) -function string2buf (str) { - let c, c2, m_pos, i, buf_len = 0; - const str_len = str.length; - - // count binary size - for (m_pos = 0; m_pos < str_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4; - } - - // allocate buffer - const buf = new Buf8(buf_len); - - // convert - for (i = 0, m_pos = 0; i < buf_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - if (c < 0x80) { - /* one byte */ - buf[i++] = c; - } else if (c < 0x800) { - /* two bytes */ - buf[i++] = 0xC0 | c >>> 6; - buf[i++] = 0x80 | c & 0x3f; - } else if (c < 0x10000) { - /* three bytes */ - buf[i++] = 0xE0 | c >>> 12; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } else { - /* four bytes */ - buf[i++] = 0xf0 | c >>> 18; - buf[i++] = 0x80 | c >>> 12 & 0x3f; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } - } - - return buf; -} - - -// Convert binary string (typed, when possible) -function binstring2buf (str) { - const buf = new Buf8(str.length); - for (let i = 0, len = buf.length; i < len; i++) { - buf[i] = str.charCodeAt(i); - } - return buf; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class ZStream { - constructor() { - /* next input byte */ - this.input = null; // JS specific, because we have no pointers - this.next_in = 0; - /* number of bytes available at input */ - this.avail_in = 0; - /* total number of input bytes read so far */ - this.total_in = 0; - /* next output byte should be put there */ - this.output = null; // JS specific, because we have no pointers - this.next_out = 0; - /* remaining free space at output */ - this.avail_out = 0; - /* total number of bytes output so far */ - this.total_out = 0; - /* last error message, NULL if no error */ - this.msg = ''/*Z_NULL*/; - /* not visible by applications */ - this.state = null; - /* best guess about the data type: binary or text */ - this.data_type = 2/*Z_UNKNOWN*/; - /* adler32 value of the uncompressed data */ - this.adler = 0; - } -} - -/* ===========================================================================*/ - - -/** - * class Deflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[deflate]], - * [[deflateRaw]] and [[gzip]]. - **/ - -/* internal - * Deflate.chunks -> Array - * - * Chunks of output data, if [[Deflate#onData]] not overridden. - **/ - -/** - * Deflate.result -> Uint8Array|Array - * - * Compressed result, generated by default [[Deflate#onData]] - * and [[Deflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Deflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Deflate.err -> Number - * - * Error code after deflate finished. 0 (Z_OK) on success. - * You will not need it in real life, because deflate errors - * are possible only on wrong options or bad `onData` / `onEnd` - * custom handlers. - **/ - -/** - * Deflate.msg -> String - * - * Error message, if [[Deflate.err]] != 0 - **/ - - -/** - * new Deflate(options) - * - options (Object): zlib deflate options. - * - * Creates new deflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `level` - * - `windowBits` - * - `memLevel` - * - `strategy` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw deflate - * - `gzip` (Boolean) - create gzip wrapper - * - `to` (String) - if equal to 'string', then result will be "binary string" - * (each char code [0..255]) - * - `header` (Object) - custom header for gzip - * - `text` (Boolean) - true if compressed data believed to be text - * - `time` (Number) - modification time, unix timestamp - * - `os` (Number) - operation system code - * - `extra` (Array) - array of bytes with extra data (max 65536) - * - `name` (String) - file name (binary string) - * - `comment` (String) - comment (binary string) - * - `hcrc` (Boolean) - true if header crc should be added - * - * ##### Example: - * - * ```javascript - * var pako = require('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var deflate = new pako.Deflate({ level: 3}); - * - * deflate.push(chunk1, false); - * deflate.push(chunk2, true); // true -> last chunk - * - * if (deflate.err) { throw new Error(deflate.err); } - * - * console.log(deflate.result); - * ``` - **/ - -class Deflate { - constructor(options) { - this.options = { - level: Z_DEFAULT_COMPRESSION, - method: Z_DEFLATED, - chunkSize: 16384, - windowBits: 15, - memLevel: 8, - strategy: Z_DEFAULT_STRATEGY, - ...(options || {}) - }; - - const opt = this.options; - - if (opt.raw && (opt.windowBits > 0)) { - opt.windowBits = -opt.windowBits; - } - - else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) { - opt.windowBits += 16; - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - var status = deflateInit2( - this.strm, - opt.level, - opt.method, - opt.windowBits, - opt.memLevel, - opt.strategy - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - if (opt.header) { - deflateSetHeader(this.strm, opt.header); - } - - if (opt.dictionary) { - let dict; - // Convert data if needed - if (typeof opt.dictionary === 'string') { - // If we need to compress text, change encoding to utf8. - dict = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - dict = new Uint8Array(opt.dictionary); - } else { - dict = opt.dictionary; - } - - status = deflateSetDictionary(this.strm, dict); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this._dict_set = true; - } - } - - /** - * Deflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be - * converted to utf8 byte sequence. - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with - * new compressed chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the compression context. - * - * On fail call [[Deflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * array format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize } } = this; - var status, _mode; - - if (this.ended) { return false; } - - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // If we need to compress text, change encoding to utf8. - strm.input = string2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = deflate(strm, _mode); /* no bad return value */ - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = deflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - /** - * Deflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - /** - * Deflate#onEnd(status) -> Void - * - status (Number): deflate status. 0 (Z_OK) on success, - * other if not. - * - * Called once after you tell deflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// See state defs from inflate.js -const BAD = 30; /* got a data error -- remain here until reset */ -const TYPE = 12; /* i: waiting for type bits, including last-flag bit */ - -/* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is - available, an end-of-block is encountered, or a data error is encountered. - When large enough input and output buffers are supplied to inflate(), for - example, a 16K input buffer and a 64K output buffer, more than 95% of the - inflate execution time is spent in this routine. - - Entry assumptions: - - state.mode === LEN - strm.avail_in >= 6 - strm.avail_out >= 258 - start >= strm.avail_out - state.bits < 8 - - On return, state.mode is one of: - - LEN -- ran out of enough output space or enough available input - TYPE -- reached end of block code, inflate() to interpret next block - BAD -- error in block data - - Notes: - - - The maximum input bits used by a length/distance pair is 15 bits for the - length code, 5 bits for the length extra, 15 bits for the distance code, - and 13 bits for the distance extra. This totals 48 bits, or six bytes. - Therefore if strm.avail_in >= 6, then there is enough input to avoid - checking for available input while decoding. - - - The maximum bytes that a single length/distance pair can output is 258 - bytes, which is the maximum length that can be coded. inflate_fast() - requires strm.avail_out >= 258 for each loop to avoid checking for - output space. - */ -function inflate_fast(strm, start) { - let _in; /* local strm.input */ - let _out; /* local strm.output */ - // Use `s_window` instead `window`, avoid conflict with instrumentation tools - let hold; /* local strm.hold */ - let bits; /* local strm.bits */ - let here; /* retrieved table entry */ - let op; /* code bits, operation, extra bits, or */ - /* window position, window bytes to copy */ - let len; /* match length, unused bytes */ - let dist; /* match distance */ - let from; /* where to copy match from */ - let from_source; - - - - /* copy state to local variables */ - const state = strm.state; - //here = state.here; - _in = strm.next_in; - const input = strm.input; - const last = _in + (strm.avail_in - 5); - _out = strm.next_out; - const output = strm.output; - const beg = _out - (start - strm.avail_out); - const end = _out + (strm.avail_out - 257); - //#ifdef INFLATE_STRICT - const dmax = state.dmax; - //#endif - const wsize = state.wsize; - const whave = state.whave; - const wnext = state.wnext; - const s_window = state.window; - hold = state.hold; - bits = state.bits; - const lcode = state.lencode; - const dcode = state.distcode; - const lmask = (1 << state.lenbits) - 1; - const dmask = (1 << state.distbits) - 1; - - - /* decode literals and length/distances until end-of-block or not enough - input data or output space */ - - top: - do { - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - - here = lcode[hold & lmask]; - - dolen: - for (;;) { // Goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - if (op === 0) { /* literal */ - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - output[_out++] = here & 0xffff/*here.val*/; - } else if (op & 16) { /* length base */ - len = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - len += hold & (1 << op) - 1; - hold >>>= op; - bits -= op; - } - //Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - here = dcode[hold & dmask]; - - dodist: - for (;;) { // goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - - if (op & 16) { /* distance base */ - dist = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - } - dist += hold & (1 << op) - 1; - //#ifdef INFLATE_STRICT - if (dist > dmax) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - //#endif - hold >>>= op; - bits -= op; - //Tracevv((stderr, "inflate: distance %u\n", dist)); - op = _out - beg; /* max distance in output */ - if (dist > op) { /* see if copy from window */ - op = dist - op; /* distance back in window */ - if (op > whave) { - if (state.sane) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // if (len <= op - whave) { - // do { - // output[_out++] = 0; - // } while (--len); - // continue top; - // } - // len -= op - whave; - // do { - // output[_out++] = 0; - // } while (--op > whave); - // if (op === 0) { - // from = _out - dist; - // do { - // output[_out++] = output[from++]; - // } while (--len); - // continue top; - // } - //#endif - } - from = 0; // window index - from_source = s_window; - if (wnext === 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; - if (op < len) { /* some from end of window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = 0; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - } else { /* contiguous in window */ - from += wnext - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - while (len > 2) { - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - len -= 3; - } - if (len) { - output[_out++] = from_source[from++]; - if (len > 1) { - output[_out++] = from_source[from++]; - } - } - } else { - from = _out - dist; /* copy direct from output */ - do { /* minimum length is three */ - output[_out++] = output[from++]; - output[_out++] = output[from++]; - output[_out++] = output[from++]; - len -= 3; - } while (len > 2); - if (len) { - output[_out++] = output[from++]; - if (len > 1) { - output[_out++] = output[from++]; - } - } - } - } else if ((op & 64) === 0) { /* 2nd level distance code */ - here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dodist; - } else { - strm.msg = "invalid distance code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } else if ((op & 64) === 0) { /* 2nd level length code */ - here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dolen; - } else if (op & 32) { /* end-of-block */ - //Tracevv((stderr, "inflate: end of block\n")); - state.mode = TYPE; - break top; - } else { - strm.msg = "invalid literal/length code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } while (_in < last && _out < end); - - /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ - len = bits >> 3; - _in -= len; - bits -= len << 3; - hold &= (1 << bits) - 1; - - /* update state and return */ - strm.next_in = _in; - strm.next_out = _out; - strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last); - strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end); - state.hold = hold; - state.bits = bits; - return; -} - -const MAXBITS = 15; -const ENOUGH_LENS = 852; -const ENOUGH_DISTS = 592; -//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS); - -const CODES = 0; -const LENS = 1; -const DISTS = 2; - -const lbase = [ /* Length codes 257..285 base */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 -]; - -const lext = [ /* Length codes 257..285 extra */ - 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78 -]; - -const dbase = [ /* Distance codes 0..29 base */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577, 0, 0 -]; - -const dext = [ /* Distance codes 0..29 extra */ - 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, - 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, - 28, 28, 29, 29, 64, 64 -]; - -function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) { - const bits = opts.bits; - //here = opts.here; /* table entry for duplication */ - - let len = 0; /* a code's length in bits */ - let sym = 0; /* index of code symbols */ - let min = 0, max = 0; /* minimum and maximum code lengths */ - let root = 0; /* number of index bits for root table */ - let curr = 0; /* number of index bits for current table */ - let drop = 0; /* code bits to drop for sub-table */ - let left = 0; /* number of prefix codes available */ - let used = 0; /* code entries in table used */ - let huff = 0; /* Huffman code */ - let incr; /* for incrementing code, index */ - let fill; /* index for replicating entries */ - let low; /* low bits for current root entry */ - let next; /* next available space in table */ - let base = null; /* base value table to use */ - let base_index = 0; - // var shoextra; /* extra bits table to use */ - let end; /* use base and extra for symbol > end */ - const count = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */ - const offs = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */ - let extra = null; - let extra_index = 0; - - let here_bits, here_op, here_val; - - /* - Process a set of code lengths to create a canonical Huffman code. The - code lengths are lens[0..codes-1]. Each length corresponds to the - symbols 0..codes-1. The Huffman code is generated by first sorting the - symbols by length from short to long, and retaining the symbol order - for codes with equal lengths. Then the code starts with all zero bits - for the first code of the shortest length, and the codes are integer - increments for the same length, and zeros are appended as the length - increases. For the deflate format, these bits are stored backwards - from their more natural integer increment ordering, and so when the - decoding tables are built in the large loop below, the integer codes - are incremented backwards. - - This routine assumes, but does not check, that all of the entries in - lens[] are in the range 0..MAXBITS. The caller must assure this. - 1..MAXBITS is interpreted as that code length. zero means that that - symbol does not occur in this code. - - The codes are sorted by computing a count of codes for each length, - creating from that a table of starting indices for each length in the - sorted table, and then entering the symbols in order in the sorted - table. The sorted table is work[], with that space being provided by - the caller. - - The length counts are used for other purposes as well, i.e. finding - the minimum and maximum length codes, determining if there are any - codes at all, checking for a valid set of lengths, and looking ahead - at length counts to determine sub-table sizes when building the - decoding tables. - */ - - /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ - for (len = 0; len <= MAXBITS; len++) { - count[len] = 0; - } - for (sym = 0; sym < codes; sym++) { - count[lens[lens_index + sym]]++; - } - - /* bound code lengths, force root to be within code lengths */ - root = bits; - for (max = MAXBITS; max >= 1; max--) { - if (count[max] !== 0) { - break; - } - } - if (root > max) { - root = max; - } - if (max === 0) { /* no symbols to code at all */ - //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */ - //table.bits[opts.table_index] = 1; //here.bits = (var char)1; - //table.val[opts.table_index++] = 0; //here.val = (var short)0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - - //table.op[opts.table_index] = 64; - //table.bits[opts.table_index] = 1; - //table.val[opts.table_index++] = 0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - opts.bits = 1; - return 0; /* no symbols, but wait for decoding to report error */ - } - for (min = 1; min < max; min++) { - if (count[min] !== 0) { - break; - } - } - if (root < min) { - root = min; - } - - /* check for an over-subscribed or incomplete set of lengths */ - left = 1; - for (len = 1; len <= MAXBITS; len++) { - left <<= 1; - left -= count[len]; - if (left < 0) { - return -1; - } /* over-subscribed */ - } - if (left > 0 && (type === CODES || max !== 1)) { - return -1; /* incomplete set */ - } - - /* generate offsets into symbol table for each length for sorting */ - offs[1] = 0; - for (len = 1; len < MAXBITS; len++) { - offs[len + 1] = offs[len] + count[len]; - } - - /* sort symbols by length, by symbol order within each length */ - for (sym = 0; sym < codes; sym++) { - if (lens[lens_index + sym] !== 0) { - work[offs[lens[lens_index + sym]]++] = sym; - } - } - - /* - Create and fill in decoding tables. In this loop, the table being - filled is at next and has curr index bits. The code being used is huff - with length len. That code is converted to an index by dropping drop - bits off of the bottom. For codes where len is less than drop + curr, - those top drop + curr - len bits are incremented through all values to - fill the table with replicated entries. - - root is the number of index bits for the root table. When len exceeds - root, sub-tables are created pointed to by the root entry with an index - of the low root bits of huff. This is saved in low to check for when a - new sub-table should be started. drop is zero when the root table is - being filled, and drop is root when sub-tables are being filled. - - When a new sub-table is needed, it is necessary to look ahead in the - code lengths to determine what size sub-table is needed. The length - counts are used for this, and so count[] is decremented as codes are - entered in the tables. - - used keeps track of how many table entries have been allocated from the - provided *table space. It is checked for LENS and DIST tables against - the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in - the initial root table size constants. See the comments in inftrees.h - for more information. - - sym increments through all symbols, and the loop terminates when - all codes of length max, i.e. all codes, have been processed. This - routine permits incomplete codes, so another loop after this one fills - in the rest of the decoding tables with invalid code markers. - */ - - /* set up for code type */ - // poor man optimization - use if-else instead of switch, - // to avoid deopts in old v8 - if (type === CODES) { - base = extra = work; /* dummy value--not used */ - end = 19; - - } else if (type === LENS) { - base = lbase; - base_index -= 257; - extra = lext; - extra_index -= 257; - end = 256; - - } else { /* DISTS */ - base = dbase; - extra = dext; - end = -1; - } - - /* initialize opts for loop */ - huff = 0; /* starting code */ - sym = 0; /* starting code symbol */ - len = min; /* starting code length */ - next = table_index; /* current table to fill in */ - curr = root; /* current table index bits */ - drop = 0; /* current bits to drop from code for index */ - low = -1; /* trigger new sub-table when len > root */ - used = 1 << root; /* use root table entries */ - const mask = used - 1; /* mask for comparing low */ - - /* check available table space */ - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* process all codes and make table entries */ - for (;;) { - /* create table entry */ - here_bits = len - drop; - if (work[sym] < end) { - here_op = 0; - here_val = work[sym]; - } else if (work[sym] > end) { - here_op = extra[extra_index + work[sym]]; - here_val = base[base_index + work[sym]]; - } else { - here_op = 32 + 64; /* end of block */ - here_val = 0; - } - - /* replicate for those indices with low len bits equal to huff */ - incr = 1 << len - drop; - fill = 1 << curr; - min = fill; /* save offset to next table */ - do { - fill -= incr; - table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0; - } while (fill !== 0); - - /* backwards increment the len-bit code huff */ - incr = 1 << len - 1; - while (huff & incr) { - incr >>= 1; - } - if (incr !== 0) { - huff &= incr - 1; - huff += incr; - } else { - huff = 0; - } - - /* go to next symbol, update count, len */ - sym++; - if (--count[len] === 0) { - if (len === max) { - break; - } - len = lens[lens_index + work[sym]]; - } - - /* create new sub-table if needed */ - if (len > root && (huff & mask) !== low) { - /* if first time, transition to sub-tables */ - if (drop === 0) { - drop = root; - } - - /* increment past last table */ - next += min; /* here min is 1 << curr */ - - /* determine length of next table */ - curr = len - drop; - left = 1 << curr; - while (curr + drop < max) { - left -= count[curr + drop]; - if (left <= 0) { - break; - } - curr++; - left <<= 1; - } - - /* check for enough space */ - used += 1 << curr; - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* point entry in root table to sub-table */ - low = huff & mask; - /*table.op[low] = curr; - table.bits[low] = root; - table.val[low] = next - opts.table_index;*/ - table[low] = root << 24 | curr << 16 | next - table_index |0; - } - } - - /* fill in remaining table entry if code is incomplete (guaranteed to have - at most one remaining entry, since if the code is incomplete, the - maximum code length that was allowed to get this far is one bit) */ - if (huff !== 0) { - //table.op[next + huff] = 64; /* invalid code marker */ - //table.bits[next + huff] = len - drop; - //table.val[next + huff] = 0; - table[next + huff] = len - drop << 24 | 64 << 16 |0; - } - - /* set return parameters */ - //opts.table_index += used; - opts.bits = root; - return 0; -} - -const CODES$1 = 0; -const LENS$1 = 1; -const DISTS$1 = 2; - -/* STATES ====================================================================*/ -/* ===========================================================================*/ - - -const HEAD = 1; /* i: waiting for magic header */ -const FLAGS = 2; /* i: waiting for method and flags (gzip) */ -const TIME = 3; /* i: waiting for modification time (gzip) */ -const OS = 4; /* i: waiting for extra flags and operating system (gzip) */ -const EXLEN = 5; /* i: waiting for extra length (gzip) */ -const EXTRA = 6; /* i: waiting for extra bytes (gzip) */ -const NAME = 7; /* i: waiting for end of file name (gzip) */ -const COMMENT = 8; /* i: waiting for end of comment (gzip) */ -const HCRC = 9; /* i: waiting for header crc (gzip) */ -const DICTID = 10; /* i: waiting for dictionary check value */ -const DICT = 11; /* waiting for inflateSetDictionary() call */ -const TYPE$1 = 12; /* i: waiting for type bits, including last-flag bit */ -const TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */ -const STORED = 14; /* i: waiting for stored size (length and complement) */ -const COPY_ = 15; /* i/o: same as COPY below, but only first time in */ -const COPY = 16; /* i/o: waiting for input or output to copy stored block */ -const TABLE = 17; /* i: waiting for dynamic block table lengths */ -const LENLENS = 18; /* i: waiting for code length code lengths */ -const CODELENS = 19; /* i: waiting for length/lit and distance code lengths */ -const LEN_ = 20; /* i: same as LEN below, but only first time in */ -const LEN = 21; /* i: waiting for length/lit/eob code */ -const LENEXT = 22; /* i: waiting for length extra bits */ -const DIST = 23; /* i: waiting for distance code */ -const DISTEXT = 24; /* i: waiting for distance extra bits */ -const MATCH = 25; /* o: waiting for output space to copy string */ -const LIT = 26; /* o: waiting for output space to write literal */ -const CHECK = 27; /* i: waiting for 32-bit check value */ -const LENGTH = 28; /* i: waiting for 32-bit length (gzip) */ -const DONE = 29; /* finished check, done -- remain here until reset */ -const BAD$1 = 30; /* got a data error -- remain here until reset */ -//const MEM = 31; /* got an inflate() memory error -- remain here until reset */ -const SYNC = 32; /* looking for synchronization bytes to restart inflate() */ - -/* ===========================================================================*/ - - - -const ENOUGH_LENS$1 = 852; -const ENOUGH_DISTS$1 = 592; - - -function zswap32(q) { - return (((q >>> 24) & 0xff) + - ((q >>> 8) & 0xff00) + - ((q & 0xff00) << 8) + - ((q & 0xff) << 24)); -} - - -class InflateState { - constructor() { - this.mode = 0; /* current inflate mode */ - this.last = false; /* true if processing last block */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.havedict = false; /* true if dictionary provided */ - this.flags = 0; /* gzip header method and flags (0 if zlib) */ - this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */ - this.check = 0; /* protected copy of check value */ - this.total = 0; /* protected copy of output count */ - // TODO: may be {} - this.head = null; /* where to save gzip header information */ - - /* sliding window */ - this.wbits = 0; /* log base 2 of requested window size */ - this.wsize = 0; /* window size or zero if not using window */ - this.whave = 0; /* valid bytes in the window */ - this.wnext = 0; /* window write index */ - this.window = null; /* allocated sliding window, if needed */ - - /* bit accumulator */ - this.hold = 0; /* input bit accumulator */ - this.bits = 0; /* number of bits in "in" */ - - /* for string and stored block copying */ - this.length = 0; /* literal or length of data to copy */ - this.offset = 0; /* distance back to copy string from */ - - /* for table and code decoding */ - this.extra = 0; /* extra bits needed */ - - /* fixed and dynamic code tables */ - this.lencode = null; /* starting table for length/literal codes */ - this.distcode = null; /* starting table for distance codes */ - this.lenbits = 0; /* index bits for lencode */ - this.distbits = 0; /* index bits for distcode */ - - /* dynamic table building */ - this.ncode = 0; /* number of code length code lengths */ - this.nlen = 0; /* number of length code lengths */ - this.ndist = 0; /* number of distance code lengths */ - this.have = 0; /* number of code lengths in lens[] */ - this.next = null; /* next available space in codes[] */ - - this.lens = new Buf16(320); /* temporary storage for code lengths */ - this.work = new Buf16(288); /* work area for code table building */ - - /* - because we don't have pointers in js, we use lencode and distcode directly - as buffers so we don't need codes - */ - //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */ - this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */ - this.distdyn = null; /* dynamic table for distance codes (JS specific) */ - this.sane = 0; /* if false, allow invalid distance too far */ - this.back = 0; /* bits back of last unprocessed length/lit */ - this.was = 0; /* initial length of match */ - } -} - -function inflateResetKeep(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - strm.total_in = strm.total_out = state.total = 0; - strm.msg = ''; /*Z_NULL*/ - if (state.wrap) { /* to support ill-conceived Java test suite */ - strm.adler = state.wrap & 1; - } - state.mode = HEAD; - state.last = 0; - state.havedict = 0; - state.dmax = 32768; - state.head = null/*Z_NULL*/; - state.hold = 0; - state.bits = 0; - //state.lencode = state.distcode = state.next = state.codes; - state.lencode = state.lendyn = new Buf32(ENOUGH_LENS$1); - state.distcode = state.distdyn = new Buf32(ENOUGH_DISTS$1); - - state.sane = 1; - state.back = -1; - //Tracev((stderr, "inflate: reset\n")); - return Z_OK; -} - -function inflateReset(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - state.wsize = 0; - state.whave = 0; - state.wnext = 0; - return inflateResetKeep(strm); - -} - -function inflateReset2(strm, windowBits) { - let wrap; - let state; - - /* get the state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - - /* extract wrap request from windowBits parameter */ - if (windowBits < 0) { - wrap = 0; - windowBits = -windowBits; - } - else { - wrap = (windowBits >> 4) + 1; - if (windowBits < 48) { - windowBits &= 15; - } - } - - /* set number of window bits, free window if different */ - if (windowBits && (windowBits < 8 || windowBits > 15)) { - return Z_STREAM_ERROR; - } - if (state.window !== null && state.wbits !== windowBits) { - state.window = null; - } - - /* update state and reset the rest of it */ - state.wrap = wrap; - state.wbits = windowBits; - return inflateReset(strm); -} - -function inflateInit2(strm, windowBits) { - let ret; - let state; - - if (!strm) { return Z_STREAM_ERROR; } - //strm.msg = Z_NULL; /* in case we return an error */ - - state = new InflateState(); - - //if (state === Z_NULL) return Z_MEM_ERROR; - //Tracev((stderr, "inflate: allocated\n")); - strm.state = state; - state.window = null/*Z_NULL*/; - ret = inflateReset2(strm, windowBits); - if (ret !== Z_OK) { - strm.state = null/*Z_NULL*/; - } - return ret; -} - - -/* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ -let virgin = true; - -let lenfix, distfix; // We have no pointers in JS, so keep tables separate - -function fixedtables(state) { - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - let sym; - - lenfix = new Buf32(512); - distfix = new Buf32(32); - - /* literal/length table */ - sym = 0; - while (sym < 144) { state.lens[sym++] = 8; } - while (sym < 256) { state.lens[sym++] = 9; } - while (sym < 280) { state.lens[sym++] = 7; } - while (sym < 288) { state.lens[sym++] = 8; } - - inflate_table(LENS$1, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 }); - - /* distance table */ - sym = 0; - while (sym < 32) { state.lens[sym++] = 5; } - - inflate_table(DISTS$1, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 }); - - /* do this just once */ - virgin = false; - } - - state.lencode = lenfix; - state.lenbits = 9; - state.distcode = distfix; - state.distbits = 5; -} - - -/* - Update the window with the last wsize (normally 32K) bytes written before - returning. If window does not exist yet, create it. This is only called - when a window is already in use, or when output has been written during this - inflate call, but the end of the deflate stream has not been reached yet. - It is also called to create a window for dictionary data when a dictionary - is loaded. - - Providing output buffers larger than 32K to inflate() should provide a speed - advantage, since only the last 32K of output is copied to the sliding window - upon return from inflate(), and since all distances after the first 32K of - output will fall in the output data, making match copies simpler and faster. - The advantage may be dependent on the size of the processor's data caches. - */ -function updatewindow(strm, src, end, copy) { - let dist; - const state = strm.state; - - /* if it hasn't been done already, allocate space for the window */ - if (state.window === null) { - state.wsize = 1 << state.wbits; - state.wnext = 0; - state.whave = 0; - - state.window = new Buf8(state.wsize); - } - - /* copy state->wsize or less output bytes into the circular window */ - if (copy >= state.wsize) { - arraySet(state.window, src, end - state.wsize, state.wsize, 0); - state.wnext = 0; - state.whave = state.wsize; - } - else { - dist = state.wsize - state.wnext; - if (dist > copy) { - dist = copy; - } - //zmemcpy(state->window + state->wnext, end - copy, dist); - arraySet(state.window, src, end - copy, dist, state.wnext); - copy -= dist; - if (copy) { - //zmemcpy(state->window, end - copy, copy); - arraySet(state.window, src, end - copy, copy, 0); - state.wnext = copy; - state.whave = state.wsize; - } - else { - state.wnext += dist; - if (state.wnext === state.wsize) { state.wnext = 0; } - if (state.whave < state.wsize) { state.whave += dist; } - } - } - return 0; -} - -function inflate(strm, flush) { - let state; - let input, output; // input/output buffers - let next; /* next input INDEX */ - let put; /* next output INDEX */ - let have, left; /* available input and output */ - let hold; /* bit buffer */ - let bits; /* bits in bit buffer */ - let _in, _out; /* save starting available input and output */ - let copy; /* number of stored or match bytes to copy */ - let from; /* where to copy match bytes from */ - let from_source; - let here = 0; /* current decoding table entry */ - let here_bits, here_op, here_val; // paked "here" denormalized (JS specific) - //var last; /* parent table entry */ - let last_bits, last_op, last_val; // paked "last" denormalized (JS specific) - let len; /* length to copy for repeats, bits to drop */ - let ret; /* return code */ - let hbuf = new Buf8(4); /* buffer for gzip header crc calculation */ - let opts; - - let n; // temporary var for NEED_BITS - - const order = /* permutation of code lengths */ - [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ]; - - - if (!strm || !strm.state || !strm.output || - (!strm.input && strm.avail_in !== 0)) { - return Z_STREAM_ERROR; - } - - state = strm.state; - if (state.mode === TYPE$1) { state.mode = TYPEDO; } /* skip check */ - - - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - _in = have; - _out = left; - ret = Z_OK; - - inf_leave: // goto emulation - for (;;) { - switch (state.mode) { - case HEAD: - if (state.wrap === 0) { - state.mode = TYPEDO; - break; - } - //=== NEEDBITS(16); - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */ - state.check = 0/*crc32(0L, Z_NULL, 0)*/; - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = FLAGS; - break; - } - state.flags = 0; /* expect zlib header */ - if (state.head) { - state.head.done = false; - } - if (!(state.wrap & 1) || /* check if zlib header allowed */ - (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) { - strm.msg = 'incorrect header check'; - state.mode = BAD$1; - break; - } - if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - len = (hold & 0x0f)/*BITS(4)*/ + 8; - if (state.wbits === 0) { - state.wbits = len; - } - else if (len > state.wbits) { - strm.msg = 'invalid window size'; - state.mode = BAD$1; - break; - } - state.dmax = 1 << len; - //Tracev((stderr, "inflate: zlib header ok\n")); - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = hold & 0x200 ? DICTID : TYPE$1; - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - break; - case FLAGS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.flags = hold; - if ((state.flags & 0xff) !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - if (state.flags & 0xe000) { - strm.msg = 'unknown header flags set'; - state.mode = BAD$1; - break; - } - if (state.head) { - state.head.text = ((hold >> 8) & 1); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = TIME; - /* falls through */ - case TIME: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.time = hold; - } - if (state.flags & 0x0200) { - //=== CRC4(state.check, hold) - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - hbuf[2] = (hold >>> 16) & 0xff; - hbuf[3] = (hold >>> 24) & 0xff; - state.check = crc32(state.check, hbuf, 4, 0); - //=== - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = OS; - /* falls through */ - case OS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.xflags = (hold & 0xff); - state.head.os = (hold >> 8); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = EXLEN; - /* falls through */ - case EXLEN: - if (state.flags & 0x0400) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length = hold; - if (state.head) { - state.head.extra_len = hold; - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - else if (state.head) { - state.head.extra = null/*Z_NULL*/; - } - state.mode = EXTRA; - /* falls through */ - case EXTRA: - if (state.flags & 0x0400) { - copy = state.length; - if (copy > have) { copy = have; } - if (copy) { - if (state.head) { - len = state.head.extra_len - state.length; - if (!state.head.extra) { - // Use untyped array for more convenient processing later - state.head.extra = new Array(state.head.extra_len); - } - arraySet( - state.head.extra, - input, - next, - // extra field is limited to 65536 bytes - // - no need for additional size check - copy, - /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/ - len - ); - //zmemcpy(state.head.extra + len, next, - // len + copy > state.head.extra_max ? - // state.head.extra_max - len : copy); - } - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - state.length -= copy; - } - if (state.length) { break inf_leave; } - } - state.length = 0; - state.mode = NAME; - /* falls through */ - case NAME: - if (state.flags & 0x0800) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - // TODO: 2 or 1 bytes? - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.name_max*/)) { - state.head.name += String.fromCharCode(len); - } - } while (len && copy < have); - - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.name = null; - } - state.length = 0; - state.mode = COMMENT; - /* falls through */ - case COMMENT: - if (state.flags & 0x1000) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.comm_max*/)) { - state.head.comment += String.fromCharCode(len); - } - } while (len && copy < have); - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.comment = null; - } - state.mode = HCRC; - /* falls through */ - case HCRC: - if (state.flags & 0x0200) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.check & 0xffff)) { - strm.msg = 'header crc mismatch'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - if (state.head) { - state.head.hcrc = ((state.flags >> 9) & 1); - state.head.done = true; - } - strm.adler = state.check = 0; - state.mode = TYPE$1; - break; - case DICTID: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - strm.adler = state.check = zswap32(hold); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = DICT; - /* falls through */ - case DICT: - if (state.havedict === 0) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - return Z_NEED_DICT; - } - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = TYPE$1; - /* falls through */ - case TYPE$1: - if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; } - /* falls through */ - case TYPEDO: - if (state.last) { - //--- BYTEBITS() ---// - hold >>>= bits & 7; - bits -= bits & 7; - //---// - state.mode = CHECK; - break; - } - //=== NEEDBITS(3); */ - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.last = (hold & 0x01)/*BITS(1)*/; - //--- DROPBITS(1) ---// - hold >>>= 1; - bits -= 1; - //---// - - switch ((hold & 0x03)/*BITS(2)*/) { - case 0: /* stored block */ - //Tracev((stderr, "inflate: stored block%s\n", - // state.last ? " (last)" : "")); - state.mode = STORED; - break; - case 1: /* fixed block */ - fixedtables(state); - //Tracev((stderr, "inflate: fixed codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = LEN_; /* decode codes */ - if (flush === Z_TREES) { - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break inf_leave; - } - break; - case 2: /* dynamic block */ - //Tracev((stderr, "inflate: dynamic codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = TABLE; - break; - case 3: - strm.msg = 'invalid block type'; - state.mode = BAD$1; - } - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break; - case STORED: - //--- BYTEBITS() ---// /* go to byte boundary */ - hold >>>= bits & 7; - bits -= bits & 7; - //---// - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) { - strm.msg = 'invalid stored block lengths'; - state.mode = BAD$1; - break; - } - state.length = hold & 0xffff; - //Tracev((stderr, "inflate: stored length %u\n", - // state.length)); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = COPY_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case COPY_: - state.mode = COPY; - /* falls through */ - case COPY: - copy = state.length; - if (copy) { - if (copy > have) { copy = have; } - if (copy > left) { copy = left; } - if (copy === 0) { break inf_leave; } - //--- zmemcpy(put, next, copy); --- - arraySet(output, input, next, copy, put); - //---// - have -= copy; - next += copy; - left -= copy; - put += copy; - state.length -= copy; - break; - } - //Tracev((stderr, "inflate: stored end\n")); - state.mode = TYPE$1; - break; - case TABLE: - //=== NEEDBITS(14); */ - while (bits < 14) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4; - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// -//#ifndef PKZIP_BUG_WORKAROUND - if (state.nlen > 286 || state.ndist > 30) { - strm.msg = 'too many length or distance symbols'; - state.mode = BAD$1; - break; - } -//#endif - //Tracev((stderr, "inflate: table sizes ok\n")); - state.have = 0; - state.mode = LENLENS; - /* falls through */ - case LENLENS: - while (state.have < state.ncode) { - //=== NEEDBITS(3); - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.lens[order[state.have++]] = (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - while (state.have < 19) { - state.lens[order[state.have++]] = 0; - } - // We have separate tables & no pointers. 2 commented lines below not needed. - //state.next = state.codes; - //state.lencode = state.next; - // Switch to use dynamic table - state.lencode = state.lendyn; - state.lenbits = 7; - - opts = { bits: state.lenbits }; - ret = inflate_table(CODES$1, state.lens, 0, 19, state.lencode, 0, state.work, opts); - state.lenbits = opts.bits; - - if (ret) { - strm.msg = 'invalid code lengths set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, "inflate: code lengths ok\n")); - state.have = 0; - state.mode = CODELENS; - /* falls through */ - case CODELENS: - while (state.have < state.nlen + state.ndist) { - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_val < 16) { - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.lens[state.have++] = here_val; - } - else { - if (here_val === 16) { - //=== NEEDBITS(here.bits + 2); - n = here_bits + 2; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - if (state.have === 0) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - len = state.lens[state.have - 1]; - copy = 3 + (hold & 0x03);//BITS(2); - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - } - else if (here_val === 17) { - //=== NEEDBITS(here.bits + 3); - n = here_bits + 3; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 3 + (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - else { - //=== NEEDBITS(here.bits + 7); - n = here_bits + 7; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 11 + (hold & 0x7f);//BITS(7); - //--- DROPBITS(7) ---// - hold >>>= 7; - bits -= 7; - //---// - } - if (state.have + copy > state.nlen + state.ndist) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - while (copy--) { - state.lens[state.have++] = len; - } - } - } - - /* handle error breaks in while */ - if (state.mode === BAD$1) { break; } - - /* check for end-of-block code (better have one) */ - if (state.lens[256] === 0) { - strm.msg = 'invalid code -- missing end-of-block'; - state.mode = BAD$1; - break; - } - - /* build code tables -- note: do not change the lenbits or distbits - values here (9 and 6) without reading the comments in inftrees.h - concerning the ENOUGH constants, which depend on those values */ - state.lenbits = 9; - - opts = { bits: state.lenbits }; - ret = inflate_table(LENS$1, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.lenbits = opts.bits; - // state.lencode = state.next; - - if (ret) { - strm.msg = 'invalid literal/lengths set'; - state.mode = BAD$1; - break; - } - - state.distbits = 6; - //state.distcode.copy(state.codes); - // Switch to use dynamic table - state.distcode = state.distdyn; - opts = { bits: state.distbits }; - ret = inflate_table(DISTS$1, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.distbits = opts.bits; - // state.distcode = state.next; - - if (ret) { - strm.msg = 'invalid distances set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, 'inflate: codes ok\n')); - state.mode = LEN_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case LEN_: - state.mode = LEN; - /* falls through */ - case LEN: - if (have >= 6 && left >= 258) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - inflate_fast(strm, _out); - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - if (state.mode === TYPE$1) { - state.back = -1; - } - break; - } - state.back = 0; - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if (here_bits <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_op && (here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.lencode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - state.length = here_val; - if (here_op === 0) { - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - state.mode = LIT; - break; - } - if (here_op & 32) { - //Tracevv((stderr, "inflate: end of block\n")); - state.back = -1; - state.mode = TYPE$1; - break; - } - if (here_op & 64) { - strm.msg = 'invalid literal/length code'; - state.mode = BAD$1; - break; - } - state.extra = here_op & 15; - state.mode = LENEXT; - /* falls through */ - case LENEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //Tracevv((stderr, "inflate: length %u\n", state.length)); - state.was = state.length; - state.mode = DIST; - /* falls through */ - case DIST: - for (;;) { - here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if ((here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.distcode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - if (here_op & 64) { - strm.msg = 'invalid distance code'; - state.mode = BAD$1; - break; - } - state.offset = here_val; - state.extra = (here_op) & 15; - state.mode = DISTEXT; - /* falls through */ - case DISTEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } -//#ifdef INFLATE_STRICT - if (state.offset > state.dmax) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -//#endif - //Tracevv((stderr, "inflate: distance %u\n", state.offset)); - state.mode = MATCH; - /* falls through */ - case MATCH: - if (left === 0) { break inf_leave; } - copy = _out - left; - if (state.offset > copy) { /* copy from window */ - copy = state.offset - copy; - if (copy > state.whave) { - if (state.sane) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -// (!) This block is disabled in zlib defaults, -// don't enable it for binary compatibility -//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR -// Trace((stderr, "inflate.c too far\n")); -// copy -= state.whave; -// if (copy > state.length) { copy = state.length; } -// if (copy > left) { copy = left; } -// left -= copy; -// state.length -= copy; -// do { -// output[put++] = 0; -// } while (--copy); -// if (state.length === 0) { state.mode = LEN; } -// break; -//#endif - } - if (copy > state.wnext) { - copy -= state.wnext; - from = state.wsize - copy; - } - else { - from = state.wnext - copy; - } - if (copy > state.length) { copy = state.length; } - from_source = state.window; - } - else { /* copy from output */ - from_source = output; - from = put - state.offset; - copy = state.length; - } - if (copy > left) { copy = left; } - left -= copy; - state.length -= copy; - do { - output[put++] = from_source[from++]; - } while (--copy); - if (state.length === 0) { state.mode = LEN; } - break; - case LIT: - if (left === 0) { break inf_leave; } - output[put++] = state.length; - left--; - state.mode = LEN; - break; - case CHECK: - if (state.wrap) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - // Use '|' instead of '+' to make sure that result is signed - hold |= input[next++] << bits; - bits += 8; - } - //===// - _out -= left; - strm.total_out += _out; - state.total += _out; - if (_out) { - strm.adler = state.check = - /*UPDATE(state.check, put - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out)); - - } - _out = left; - // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too - if ((state.flags ? hold : zswap32(hold)) !== state.check) { - strm.msg = 'incorrect data check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: check matches trailer\n")); - } - state.mode = LENGTH; - /* falls through */ - case LENGTH: - if (state.wrap && state.flags) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.total & 0xffffffff)) { - strm.msg = 'incorrect length check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: length matches trailer\n")); - } - state.mode = DONE; - /* falls through */ - case DONE: - ret = Z_STREAM_END; - break inf_leave; - case BAD$1: - ret = Z_DATA_ERROR; - break inf_leave; - // case MEM: - // return Z_MEM_ERROR; - case SYNC: - /* falls through */ - default: - return Z_STREAM_ERROR; - } - } - - // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave" - - /* - Return from inflate(), updating the total counts and the check value. - If there was no progress during the inflate() call, return a buffer - error. Call updatewindow() to create and/or update the window state. - Note: a memory error from inflate() is non-recoverable. - */ - - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - - if (state.wsize || (_out !== strm.avail_out && state.mode < BAD$1 && - (state.mode < CHECK || flush !== Z_FINISH))) { - if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) ; - } - _in -= strm.avail_in; - _out -= strm.avail_out; - strm.total_in += _in; - strm.total_out += _out; - state.total += _out; - if (state.wrap && _out) { - strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out)); - } - strm.data_type = state.bits + (state.last ? 64 : 0) + - (state.mode === TYPE$1 ? 128 : 0) + - (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0); - if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) { - ret = Z_BUF_ERROR; - } - return ret; -} - -function inflateEnd(strm) { - - if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) { - return Z_STREAM_ERROR; - } - - const state = strm.state; - if (state.window) { - state.window = null; - } - strm.state = null; - return Z_OK; -} - -function inflateGetHeader(strm, head) { - let state; - - /* check state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; } - - /* save header structure */ - state.head = head; - head.done = false; - return Z_OK; -} - -function inflateSetDictionary(strm, dictionary) { - const dictLength = dictionary.length; - - let state; - let dictid; - - /* check state */ - if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; } - state = strm.state; - - if (state.wrap !== 0 && state.mode !== DICT) { - return Z_STREAM_ERROR; - } - - /* check for correct dictionary identifier */ - if (state.mode === DICT) { - dictid = 1; /* adler32(0, null, 0)*/ - /* dictid = adler32(dictid, dictionary, dictLength); */ - dictid = adler32(dictid, dictionary, dictLength, 0); - if (dictid !== state.check) { - return Z_DATA_ERROR; - } - } - /* copy dictionary to window using updatewindow(), which will amend the - existing dictionary if appropriate */ - updatewindow(strm, dictionary, dictLength, dictLength); - // if (ret) { - // state.mode = MEM; - // return Z_MEM_ERROR; - // } - state.havedict = 1; - // Tracev((stderr, "inflate: dictionary set\n")); - return Z_OK; -} - -/* Not implemented -exports.inflateCopy = inflateCopy; -exports.inflateGetDictionary = inflateGetDictionary; -exports.inflateMark = inflateMark; -exports.inflatePrime = inflatePrime; -exports.inflateSync = inflateSync; -exports.inflateSyncPoint = inflateSyncPoint; -exports.inflateUndermine = inflateUndermine; -*/ - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class GZheader { - constructor() { - /* true if compressed data believed to be text */ - this.text = 0; - /* modification time */ - this.time = 0; - /* extra flags (not used when writing a gzip file) */ - this.xflags = 0; - /* operating system */ - this.os = 0; - /* pointer to extra field or Z_NULL if none */ - this.extra = null; - /* extra field length (valid if extra != Z_NULL) */ - this.extra_len = 0; // Actually, we don't need it in JS, - // but leave for few code modifications - - // - // Setup limits is not necessary because in js we should not preallocate memory - // for inflate use constant limit in 65536 bytes - // - - /* space at extra (only when reading header) */ - // this.extra_max = 0; - /* pointer to zero-terminated file name or Z_NULL */ - this.name = ''; - /* space at name (only when reading header) */ - // this.name_max = 0; - /* pointer to zero-terminated comment or Z_NULL */ - this.comment = ''; - /* space at comment (only when reading header) */ - // this.comm_max = 0; - /* true if there was or will be a header crc */ - this.hcrc = 0; - /* true when done reading gzip header (not used when writing a gzip file) */ - this.done = false; - } -} - -/** - * class Inflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[inflate]] - * and [[inflateRaw]]. - **/ - -/* internal - * inflate.chunks -> Array - * - * Chunks of output data, if [[Inflate#onData]] not overridden. - **/ - -/** - * Inflate.result -> Uint8Array|Array|String - * - * Uncompressed result, generated by default [[Inflate#onData]] - * and [[Inflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Inflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Inflate.err -> Number - * - * Error code after inflate finished. 0 (Z_OK) on success. - * Should be checked if broken data possible. - **/ - -/** - * Inflate.msg -> String - * - * Error message, if [[Inflate.err]] != 0 - **/ - - -/** - * new Inflate(options) - * - options (Object): zlib inflate options. - * - * Creates new inflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `windowBits` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw inflate - * - `to` (String) - if equal to 'string', then result will be converted - * from utf8 to utf16 (javascript) string. When string output requested, - * chunk length can differ from `chunkSize`, depending on content. - * - * By default, when no options set, autodetect deflate/gzip data format via - * wrapper header. - * - * ##### Example: - * - * ```javascript - * var pako = require('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var inflate = new pako.Inflate({ level: 3}); - * - * inflate.push(chunk1, false); - * inflate.push(chunk2, true); // true -> last chunk - * - * if (inflate.err) { throw new Error(inflate.err); } - * - * console.log(inflate.result); - * ``` - **/ -class Inflate { - constructor(options) { - this.options = { - chunkSize: 16384, - windowBits: 0, - ...(options || {}) - }; - - const opt = this.options; - - // Force window size for `raw` data, if not set directly, - // because we have no header for autodetect. - if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) { - opt.windowBits = -opt.windowBits; - if (opt.windowBits === 0) { opt.windowBits = -15; } - } - - // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate - if ((opt.windowBits >= 0) && (opt.windowBits < 16) && - !(options && options.windowBits)) { - opt.windowBits += 32; - } - - // Gzip header has no info about windows size, we can do autodetect only - // for deflate. So, if window size not set, force it to max when gzip possible - if ((opt.windowBits > 15) && (opt.windowBits < 48)) { - // bit 3 (16) -> gzipped data - // bit 4 (32) -> autodetect gzip/deflate - if ((opt.windowBits & 15) === 0) { - opt.windowBits |= 15; - } - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - let status = inflateInit2( - this.strm, - opt.windowBits - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this.header = new GZheader(); - - inflateGetHeader(this.strm, this.header); - - // Setup dictionary - if (opt.dictionary) { - // Convert data if needed - if (typeof opt.dictionary === 'string') { - opt.dictionary = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - opt.dictionary = new Uint8Array(opt.dictionary); - } - if (opt.raw) { //In raw mode we need to set the dictionary early - status = inflateSetDictionary(this.strm, opt.dictionary); - if (status !== Z_OK) { - throw new Error(msg[status]); - } - } - } - } - /** - * Inflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with - * new output chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the decompression context. - * - * On fail call [[Inflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize, dictionary } } = this; - let status, _mode; - - // Flag to properly process Z_BUF_ERROR on testing inflate call - // when we check that all output data was flushed. - let allowBufError = false; - - if (this.ended) { return false; } - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // Only binary strings can be decompressed on practice - strm.input = binstring2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - - status = inflate(strm, Z_NO_FLUSH); /* no bad return value */ - - if (status === Z_NEED_DICT && dictionary) { - status = inflateSetDictionary(this.strm, dictionary); - } - - if (status === Z_BUF_ERROR && allowBufError === true) { - status = Z_OK; - allowBufError = false; - } - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - - if (strm.next_out) { - if (strm.avail_out === 0 || status === Z_STREAM_END || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } - - // When no more input data, we should check that internal inflate buffers - // are flushed. The only way to do it when avail_out = 0 - run one more - // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR. - // Here we set flag to process this error properly. - // - // NOTE. Deflate does not return error in this case and does not needs such - // logic. - if (strm.avail_in === 0 && strm.avail_out === 0) { - allowBufError = true; - } - - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - if (status === Z_STREAM_END) { - _mode = Z_FINISH; - } - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = inflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - - /** - * Inflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - - - /** - * Inflate#onEnd(status) -> Void - * - status (Number): inflate status. 0 (Z_OK) on success, - * other if not. - * - * Called either after you tell inflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -/* -node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - -Copyright (C) 2012 Eli Skeggs - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - -var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; - -// offset in bytes -var BitReader = function(stream) { - this.stream = stream; - this.bitOffset = 0; - this.curByte = 0; - this.hasByte = false; -}; - -BitReader.prototype._ensureByte = function() { - if (!this.hasByte) { - this.curByte = this.stream.readByte(); - this.hasByte = true; - } -}; - -// reads bits from the buffer -BitReader.prototype.read = function(bits) { - var result = 0; - while (bits > 0) { - this._ensureByte(); - var remaining = 8 - this.bitOffset; - // if we're in a byte - if (bits >= remaining) { - result <<= remaining; - result |= BITMASK[remaining] & this.curByte; - this.hasByte = false; - this.bitOffset = 0; - bits -= remaining; - } else { - result <<= bits; - var shift = remaining - bits; - result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; - this.bitOffset += bits; - bits = 0; - } - } - return result; -}; - -// seek to an arbitrary point in the buffer (expressed in bits) -BitReader.prototype.seek = function(pos) { - var n_bit = pos % 8; - var n_byte = (pos - n_bit) / 8; - this.bitOffset = n_bit; - this.stream.seek(n_byte); - this.hasByte = false; -}; - -// reads 6 bytes worth of data using the read method -BitReader.prototype.pi = function() { - var buf = new Uint8Array(6), i; - for (i = 0; i < buf.length; i++) { - buf[i] = this.read(8); - } - return bufToHex(buf); -}; - -function bufToHex(buf) { - return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); -} - -var bitreader = BitReader; - -/* very simple input/output stream interface */ -var Stream = function() { -}; - -// input streams ////////////// -/** Returns the next byte, or -1 for EOF. */ -Stream.prototype.readByte = function() { - throw new Error("abstract method readByte() not implemented"); -}; -/** Attempts to fill the buffer; returns number of bytes read, or - * -1 for EOF. */ -Stream.prototype.read = function(buffer, bufOffset, length) { - var bytesRead = 0; - while (bytesRead < length) { - var c = this.readByte(); - if (c < 0) { // EOF - return (bytesRead===0) ? -1 : bytesRead; - } - buffer[bufOffset++] = c; - bytesRead++; - } - return bytesRead; -}; -Stream.prototype.seek = function(new_pos) { - throw new Error("abstract method seek() not implemented"); -}; - -// output streams /////////// -Stream.prototype.writeByte = function(_byte) { - throw new Error("abstract method readByte() not implemented"); -}; -Stream.prototype.write = function(buffer, bufOffset, length) { - var i; - for (i=0; i>> 0; // return an unsigned value - }; - - /** - * Update the CRC with a single byte - * @param value The value to update the CRC with - */ - this.updateCRC = function(value) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - }; - - /** - * Update the CRC with a sequence of identical bytes - * @param value The value to update the CRC with - * @param count The number of bytes - */ - this.updateCRCRun = function(value, count) { - while (count-- > 0) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - } - }; - }; - return CRC32; -})(); - -/* -seek-bzip - a pure-javascript module for seeking within bzip2 data - -Copyright (C) 2013 C. Scott Ananian -Copyright (C) 2012 Eli Skeggs -Copyright (C) 2011 Kevin Kwok - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from node-bzip, copyright 2012 Eli Skeggs. -Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - - - - - -var MAX_HUFCODE_BITS = 20; -var MAX_SYMBOLS = 258; -var SYMBOL_RUNA = 0; -var SYMBOL_RUNB = 1; -var MIN_GROUPS = 2; -var MAX_GROUPS = 6; -var GROUP_SIZE = 50; - -var WHOLEPI = "314159265359"; -var SQRTPI = "177245385090"; - -var mtf = function(array, index) { - var src = array[index], i; - for (i = index; i > 0; i--) { - array[i] = array[i-1]; - } - array[0] = src; - return src; -}; - -var Err = { - OK: 0, - LAST_BLOCK: -1, - NOT_BZIP_DATA: -2, - UNEXPECTED_INPUT_EOF: -3, - UNEXPECTED_OUTPUT_EOF: -4, - DATA_ERROR: -5, - OUT_OF_MEMORY: -6, - OBSOLETE_INPUT: -7, - END_OF_BLOCK: -8 -}; -var ErrorMessages = {}; -ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; -ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; -ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; -ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; -ErrorMessages[Err.DATA_ERROR] = "Data error"; -ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; -ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - -var _throw = function(status, optDetail) { - var msg = ErrorMessages[status] || 'unknown error'; - if (optDetail) { msg += ': '+optDetail; } - var e = new TypeError(msg); - e.errorCode = status; - throw e; -}; - -var Bunzip = function(inputStream, outputStream) { - this.writePos = this.writeCurrent = this.writeCount = 0; - - this._start_bunzip(inputStream, outputStream); -}; -Bunzip.prototype._init_block = function() { - var moreBlocks = this._get_next_block(); - if ( !moreBlocks ) { - this.writeCount = -1; - return false; /* no more blocks */ - } - this.blockCRC = new crc32$1(); - return true; -}; -/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ -Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { - /* Ensure that file starts with "BZh['1'-'9']." */ - var buf = new Uint8Array(4); - if (inputStream.read(buf, 0, 4) !== 4 || - String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') - _throw(Err.NOT_BZIP_DATA, 'bad magic'); - - var level = buf[3] - 0x30; - if (level < 1 || level > 9) - _throw(Err.NOT_BZIP_DATA, 'level out of range'); - - this.reader = new bitreader(inputStream); - - /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of - uncompressed data. Allocate intermediate buffer for block. */ - this.dbufSize = 100000 * level; - this.nextoutput = 0; - this.outputStream = outputStream; - this.streamCRC = 0; -}; -Bunzip.prototype._get_next_block = function() { - var i, j, k; - var reader = this.reader; - // this is get_next_block() function from micro-bunzip: - /* Read in header signature and CRC, then validate signature. - (last block signature means CRC is for whole file, return now) */ - var h = reader.pi(); - if (h === SQRTPI) { // last block - return false; /* no more blocks */ - } - if (h !== WHOLEPI) - _throw(Err.NOT_BZIP_DATA); - this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) - this.streamCRC = (this.targetBlockCRC ^ - ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; - /* We can add support for blockRandomised if anybody complains. There was - some code for this in busybox 1.0.0-pre3, but nobody ever noticed that - it didn't actually work. */ - if (reader.read(1)) - _throw(Err.OBSOLETE_INPUT); - var origPointer = reader.read(24); - if (origPointer > this.dbufSize) - _throw(Err.DATA_ERROR, 'initial position out of bounds'); - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer - symbols to deal with, and writes a sparse bitfield indicating which - values were present. We make a translation table to convert the symbols - back to the corresponding bytes. */ - var t = reader.read(16); - var symToByte = new Uint8Array(256), symTotal = 0; - for (i = 0; i < 16; i++) { - if (t & (1 << (0xF - i))) { - var o = i * 16; - k = reader.read(16); - for (j = 0; j < 16; j++) - if (k & (1 << (0xF - j))) - symToByte[symTotal++] = o + j; - } - } - - /* How many different huffman coding groups does this block use? */ - var groupCount = reader.read(3); - if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) - _throw(Err.DATA_ERROR); - /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding - group. Read in the group selector list, which is stored as MTF encoded - bit runs. (MTF=Move To Front, as each value is used it's moved to the - start of the list.) */ - var nSelectors = reader.read(15); - if (nSelectors === 0) - _throw(Err.DATA_ERROR); - - var mtfSymbol = new Uint8Array(256); - for (i = 0; i < groupCount; i++) - mtfSymbol[i] = i; - - var selectors = new Uint8Array(nSelectors); // was 32768... - - for (i = 0; i < nSelectors; i++) { - /* Get next value */ - for (j = 0; reader.read(1); j++) - if (j >= groupCount) _throw(Err.DATA_ERROR); - /* Decode MTF to get the next selector */ - selectors[i] = mtf(mtfSymbol, j); - } - - /* Read the huffman coding tables for each group, which code for symTotal - literal symbols, plus two run symbols (RUNA, RUNB) */ - var symCount = symTotal + 2; - var groups = [], hufGroup; - for (j = 0; j < groupCount; j++) { - var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); - /* Read huffman code lengths for each symbol. They're stored in - a way similar to mtf; record a starting value for the first symbol, - and an offset from the previous value for everys symbol after that. */ - t = reader.read(5); // lengths - for (i = 0; i < symCount; i++) { - for (;;) { - if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); - /* If first bit is 0, stop. Else second bit indicates whether - to increment or decrement the value. */ - if(!reader.read(1)) - break; - if(!reader.read(1)) - t++; - else - t--; - } - length[i] = t; - } - - /* Find largest and smallest lengths in this group */ - var minLen, maxLen; - minLen = maxLen = length[0]; - for (i = 1; i < symCount; i++) { - if (length[i] > maxLen) - maxLen = length[i]; - else if (length[i] < minLen) - minLen = length[i]; - } - - /* Calculate permute[], base[], and limit[] tables from length[]. - * - * permute[] is the lookup table for converting huffman coded symbols - * into decoded symbols. base[] is the amount to subtract from the - * value of a huffman symbol of a given length when using permute[]. - * - * limit[] indicates the largest numerical value a symbol with a given - * number of bits can have. This is how the huffman codes can vary in - * length: each code with a value>limit[length] needs another bit. - */ - hufGroup = {}; - groups.push(hufGroup); - hufGroup.permute = new Uint16Array(MAX_SYMBOLS); - hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); - hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); - hufGroup.minLen = minLen; - hufGroup.maxLen = maxLen; - /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ - var pp = 0; - for (i = minLen; i <= maxLen; i++) { - temp[i] = hufGroup.limit[i] = 0; - for (t = 0; t < symCount; t++) - if (length[t] === i) - hufGroup.permute[pp++] = t; - } - /* Count symbols coded for at each bit length */ - for (i = 0; i < symCount; i++) - temp[length[i]]++; - /* Calculate limit[] (the largest symbol-coding value at each bit - * length, which is (previous limit<<1)+symbols at this level), and - * base[] (number of symbols to ignore at each bit length, which is - * limit minus the cumulative count of symbols coded for already). */ - pp = t = 0; - for (i = minLen; i < maxLen; i++) { - pp += temp[i]; - /* We read the largest possible symbol size and then unget bits - after determining how many we need, and those extra bits could - be set to anything. (They're noise from future symbols.) At - each level we're really only interested in the first few bits, - so here we set all the trailing to-be-ignored bits to 1 so they - don't affect the value>limit[length] comparison. */ - hufGroup.limit[i] = pp - 1; - pp <<= 1; - t += temp[i]; - hufGroup.base[i + 1] = pp - t; - } - hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ - hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; - hufGroup.base[minLen] = 0; - } - /* We've finished reading and digesting the block header. Now read this - block's huffman coded symbols from the file and undo the huffman coding - and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - - /* Initialize symbol occurrence counters and symbol Move To Front table */ - var byteCount = new Uint32Array(256); - for (i = 0; i < 256; i++) - mtfSymbol[i] = i; - /* Loop through compressed symbols. */ - var runPos = 0, dbufCount = 0, selector = 0, uc; - var dbuf = this.dbuf = new Uint32Array(this.dbufSize); - symCount = 0; - for (;;) { - /* Determine which huffman coding group to use. */ - if (!(symCount--)) { - symCount = GROUP_SIZE - 1; - if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } - hufGroup = groups[selectors[selector++]]; - } - /* Read next huffman-coded symbol. */ - i = hufGroup.minLen; - j = reader.read(i); - for (;;i++) { - if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } - if (j <= hufGroup.limit[i]) - break; - j = (j << 1) | reader.read(1); - } - /* Huffman decode value to get nextSym (with bounds checking) */ - j -= hufGroup.base[i]; - if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } - var nextSym = hufGroup.permute[j]; - /* We have now decoded the symbol, which indicates either a new literal - byte, or a repeated run of the most recent literal byte. First, - check if nextSym indicates a repeated run, and if so loop collecting - how many times to repeat the last literal. */ - if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { - /* If this is the start of a new run, zero out counter */ - if (!runPos){ - runPos = 1; - t = 0; - } - /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at - each bit position, add 1 or 2 instead. For example, - 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. - You can make any bit pattern that way using 1 less symbol than - the basic or 0/1 method (except all bits 0, which would use no - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - if (nextSym === SYMBOL_RUNA) - t += runPos; - else - t += 2 * runPos; - runPos <<= 1; - continue; - } - /* When we hit the first non-run symbol after a run, we now know - how many times to repeat the last literal, so append that many - copies to our buffer of decoded symbols (dbuf) now. (The last - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos){ - runPos = 0; - if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } - uc = symToByte[mtfSymbol[0]]; - byteCount[uc] += t; - while (t--) - dbuf[dbufCount++] = uc; - } - /* Is this the terminating symbol? */ - if (nextSym > symTotal) - break; - /* At this point, nextSym indicates a new literal character. Subtract - one to get the position in the MTF array at which this literal is - currently to be found. (Note that the result can't be -1 or 0, - because 0 and 1 are RUNA and RUNB. But another instance of the - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ - if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } - i = nextSym - 1; - uc = mtf(mtfSymbol, i); - uc = symToByte[uc]; - /* We have our literal byte. Save it into dbuf. */ - byteCount[uc]++; - dbuf[dbufCount++] = uc; - } - /* At this point, we've read all the huffman-coded symbols (and repeated - runs) for this block from the input stream, and decoded them into the - intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. - Now undo the Burrows-Wheeler transform on dbuf. - See http://dogma.net/markn/articles/bwt/bwt.htm - */ - if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } - /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ - j = 0; - for (i = 0; i < 256; i++) { - k = j + byteCount[i]; - byteCount[i] = j; - j = k; - } - /* Figure out what order dbuf would be in if we sorted it. */ - for (i = 0; i < dbufCount; i++) { - uc = dbuf[i] & 0xff; - dbuf[byteCount[uc]] |= (i << 8); - byteCount[uc]++; - } - /* Decode first byte by hand to initialize "previous" byte. Note that it - doesn't get output, and if the first three characters are identical - it doesn't qualify as a run (hence writeRunCountdown=5). */ - var pos = 0, current = 0, run = 0; - if (dbufCount) { - pos = dbuf[origPointer]; - current = (pos & 0xff); - pos >>= 8; - run = -1; - } - this.writePos = pos; - this.writeCurrent = current; - this.writeCount = dbufCount; - this.writeRun = run; - - return true; /* more blocks to come */ -}; -/* Undo burrows-wheeler transform on intermediate buffer to produce output. - If start_bunzip was initialized with out_fd=-1, then up to len bytes of - data are written to outbuf. Return value is number of bytes written or - error (all errors are negative numbers). If out_fd!=-1, outbuf and len - are ignored, data is written to out_fd and return is RETVAL_OK or error. -*/ -Bunzip.prototype._read_bunzip = function(outputBuffer, len) { - var copies, previous, outbyte; - /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully - decoded, which results in this returning RETVAL_LAST_BLOCK, also - equal to -1... Confusing, I'm returning 0 here to indicate no - bytes written into the buffer */ - if (this.writeCount < 0) { return 0; } - var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; - var dbufCount = this.writeCount; this.outputsize; - var run = this.writeRun; - - while (dbufCount) { - dbufCount--; - previous = current; - pos = dbuf[pos]; - current = pos & 0xff; - pos >>= 8; - if (run++ === 3){ - copies = current; - outbyte = previous; - current = -1; - } else { - copies = 1; - outbyte = current; - } - this.blockCRC.updateCRCRun(outbyte, copies); - while (copies--) { - this.outputStream.writeByte(outbyte); - this.nextoutput++; - } - if (current != previous) - run = 0; - } - this.writeCount = dbufCount; - // check CRC - if (this.blockCRC.getCRC() !== this.targetBlockCRC) { - _throw(Err.DATA_ERROR, "Bad block CRC "+ - "(got "+this.blockCRC.getCRC().toString(16)+ - " expected "+this.targetBlockCRC.toString(16)+")"); - } - return this.nextoutput; -}; - -var coerceInputStream = function(input) { - if ('readByte' in input) { return input; } - var inputStream = new stream(); - inputStream.pos = 0; - inputStream.readByte = function() { return input[this.pos++]; }; - inputStream.seek = function(pos) { this.pos = pos; }; - inputStream.eof = function() { return this.pos >= input.length; }; - return inputStream; -}; -var coerceOutputStream = function(output) { - var outputStream = new stream(); - var resizeOk = true; - if (output) { - if (typeof(output)==='number') { - outputStream.buffer = new Uint8Array(output); - resizeOk = false; - } else if ('writeByte' in output) { - return output; - } else { - outputStream.buffer = output; - resizeOk = false; - } - } else { - outputStream.buffer = new Uint8Array(16384); - } - outputStream.pos = 0; - outputStream.writeByte = function(_byte) { - if (resizeOk && this.pos >= this.buffer.length) { - var newBuffer = new Uint8Array(this.buffer.length*2); - newBuffer.set(this.buffer); - this.buffer = newBuffer; - } - this.buffer[this.pos++] = _byte; - }; - outputStream.getBuffer = function() { - // trim buffer - if (this.pos !== this.buffer.length) { - if (!resizeOk) - throw new TypeError('outputsize does not match decoded input'); - var newBuffer = new Uint8Array(this.pos); - newBuffer.set(this.buffer.subarray(0, this.pos)); - this.buffer = newBuffer; - } - return this.buffer; - }; - outputStream._coerced = true; - return outputStream; -}; - -/* Static helper functions */ -// 'input' can be a stream or a buffer -// 'output' can be a stream or a buffer or a number (buffer size) -const decode$2 = function(input, output, multistream) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - - var bz = new Bunzip(inputStream, outputStream); - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - if (bz._init_block()) { - bz._read_bunzip(); - } else { - var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) - if (targetStreamCRC !== bz.streamCRC) { - _throw(Err.DATA_ERROR, "Bad stream CRC "+ - "(got "+bz.streamCRC.toString(16)+ - " expected "+targetStreamCRC.toString(16)+")"); - } - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - } else break; - } - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -const decodeBlock = function(input, pos, output) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - var bz = new Bunzip(inputStream, outputStream); - bz.reader.seek(pos); - /* Fill the decode buffer for the block */ - var moreBlocks = bz._get_next_block(); - if (moreBlocks) { - /* Init the CRC for writing */ - bz.blockCRC = new crc32$1(); - - /* Zero this so the current byte from before the seek is not written */ - bz.writeCopies = 0; - - /* Decompress the block and write to stdout */ - bz._read_bunzip(); - // XXX keep writing? - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -/* Reads bzip2 file from stream or buffer `input`, and invoke - * `callback(position, size)` once for each bzip2 block, - * where position gives the starting position (in *bits*) - * and size gives uncompressed size of the block (in *bytes*). */ -const table = function(input, callback, multistream) { - // make a stream from a buffer, if necessary - var inputStream = new stream(); - inputStream.delegate = coerceInputStream(input); - inputStream.pos = 0; - inputStream.readByte = function() { - this.pos++; - return this.delegate.readByte(); - }; - if (inputStream.delegate.eof) { - inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); - } - var outputStream = new stream(); - outputStream.pos = 0; - outputStream.writeByte = function() { this.pos++; }; - - var bz = new Bunzip(inputStream, outputStream); - var blockSize = bz.dbufSize; - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - - var position = inputStream.pos*8 + bz.reader.bitOffset; - if (bz.reader.hasByte) { position -= 8; } - - if (bz._init_block()) { - var start = outputStream.pos; - bz._read_bunzip(); - callback(position, outputStream.pos - start); - } else { - bz.reader.read(32); // (but we ignore the crc) - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - console.assert(bz.dbufSize === blockSize, - "shouldn't change block size within multistream file"); - } else break; - } - } -}; - -var lib = { - Bunzip, - Stream: stream, - Err, - decode: decode$2, - decodeBlock, - table -}; -var lib_4 = lib.decode; - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the Literal Data Packet (Tag 11) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: - * A Literal Data packet contains the body of a message; data that is not to be - * further interpreted. - */ -class LiteralDataPacket { - static get tag() { - return enums.packet.literalData; - } - - /** - * @param {Date} date - The creation date of the literal package - */ - constructor(date = new Date()) { - this.format = enums.literal.utf8; // default format for literal data packets - this.date = util.normalizeDate(date); - this.text = null; // textual data representation - this.data = null; // literal data representation - this.filename = ''; - } - - /** - * Set the packet data to a javascript native string, end of line - * will be normalized to \r\n and by default text is converted to UTF8 - * @param {String | ReadableStream} text - Any native javascript string - * @param {enums.literal} [format] - The format of the string of bytes - */ - setText(text, format = enums.literal.utf8) { - this.format = format; - this.text = text; - this.data = null; - } - - /** - * Returns literal data packets as native JavaScript string - * with normalized end of line to \n - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {String | ReadableStream} Literal data as text. - */ - getText(clone = false) { - if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read - this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); - } - return this.text; - } - - /** - * Set the packet data to value represented by the provided string of bytes. - * @param {Uint8Array | ReadableStream} bytes - The string of bytes - * @param {enums.literal} format - The format of the string of bytes - */ - setBytes(bytes, format) { - this.format = format; - this.data = bytes; - this.text = null; - } - - - /** - * Get the byte sequence representing the literal packet data - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {Uint8Array | ReadableStream} A sequence of bytes. - */ - getBytes(clone = false) { - if (this.data === null) { - // encode UTF8 and normalize EOL to \r\n - this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); - } - if (clone) { - return passiveClone(this.data); - } - return this.data; - } - - - /** - * Sets the filename of the literal packet data - * @param {String} filename - Any native javascript string - */ - setFilename(filename) { - this.filename = filename; - } - - - /** - * Get the filename of the literal packet data - * @returns {String} Filename. - */ - getFilename() { - return this.filename; - } - - /** - * Parsing function for a literal data packet (tag 11). - * - * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet - * @returns {Promise} Object representation. - * @async - */ - async read(bytes) { - await parse(bytes, async reader => { - // - A one-octet field that describes how the data is formatted. - const format = await reader.readByte(); // enums.literal - - const filename_len = await reader.readByte(); - this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - - this.date = util.readDate(await reader.readBytes(4)); - - let data = reader.remainder(); - if (isArrayStream(data)) data = await readToEnd(data); - this.setBytes(data, format); - }); - } - - /** - * Creates a Uint8Array representation of the packet, excluding the data - * - * @returns {Uint8Array} Uint8Array representation of the packet. - */ - writeHeader() { - const filename = util.encodeUTF8(this.filename); - const filename_length = new Uint8Array([filename.length]); - - const format = new Uint8Array([this.format]); - const date = util.writeDate(this.date); - - return util.concatUint8Array([format, filename_length, filename, date]); - } - - /** - * Creates a Uint8Array representation of the packet - * - * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. - */ - write() { - const header = this.writeHeader(); - const data = this.getBytes(); - - return util.concat([header, data]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. -const verified = Symbol('verified'); - -// GPG puts the Issuer and Signature subpackets in the unhashed area. -// Tampering with those invalidates the signature, so we still trust them and parse them. -// All other unhashed subpackets are ignored. -const allowedUnhashedSubpackets = new Set([ - enums.signatureSubpacket.issuer, - enums.signatureSubpacket.issuerFingerprint, - enums.signatureSubpacket.embeddedSignature -]); - -/** - * Implementation of the Signature Packet (Tag 2) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: - * A Signature packet describes a binding between some public key and - * some data. The most common signatures are a signature of a file or a - * block of text, and a signature that is a certification of a User ID. - */ -class SignaturePacket { - static get tag() { - return enums.packet.signature; - } - - constructor() { - this.version = null; - /** @type {enums.signature} */ - this.signatureType = null; - /** @type {enums.hash} */ - this.hashAlgorithm = null; - /** @type {enums.publicKey} */ - this.publicKeyAlgorithm = null; - - this.signatureData = null; - this.unhashedSubpackets = []; - this.signedHashValue = null; - - this.created = null; - this.signatureExpirationTime = null; - this.signatureNeverExpires = true; - this.exportable = null; - this.trustLevel = null; - this.trustAmount = null; - this.regularExpression = null; - this.revocable = null; - this.keyExpirationTime = null; - this.keyNeverExpires = null; - this.preferredSymmetricAlgorithms = null; - this.revocationKeyClass = null; - this.revocationKeyAlgorithm = null; - this.revocationKeyFingerprint = null; - this.issuerKeyID = new KeyID(); - this.rawNotations = []; - this.notations = {}; - this.preferredHashAlgorithms = null; - this.preferredCompressionAlgorithms = null; - this.keyServerPreferences = null; - this.preferredKeyServer = null; - this.isPrimaryUserID = null; - this.policyURI = null; - this.keyFlags = null; - this.signersUserID = null; - this.reasonForRevocationFlag = null; - this.reasonForRevocationString = null; - this.features = null; - this.signatureTargetPublicKeyAlgorithm = null; - this.signatureTargetHashAlgorithm = null; - this.signatureTargetHash = null; - this.embeddedSignature = null; - this.issuerKeyVersion = null; - this.issuerFingerprint = null; - this.preferredAEADAlgorithms = null; - - this.revoked = null; - this[verified] = null; - } - - /** - * parsing function for a signature packet (tag 2). - * @param {String} bytes - Payload of a tag 2 packet - * @returns {SignaturePacket} Object representation. - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); - } - - this.signatureType = bytes[i++]; - this.publicKeyAlgorithm = bytes[i++]; - this.hashAlgorithm = bytes[i++]; - - // hashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), true); - if (!this.created) { - throw new Error('Missing signature creation time subpacket.'); - } - - // A V4 signature hashes the packet body - // starting from its first field, the version number, through the end - // of the hashed subpacket data. Thus, the fields hashed are the - // signature version, the signature type, the public-key algorithm, the - // hash algorithm, the hashed subpacket length, and the hashed - // subpacket body. - this.signatureData = bytes.subarray(0, i); - - // unhashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - - // Two-octet field holding left 16 bits of signed hash value. - this.signedHashValue = bytes.subarray(i, i + 2); - i += 2; - - this.params = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length)); - } - - /** - * @returns {Uint8Array | ReadableStream} - */ - writeParams() { - if (this.params instanceof Promise) { - return fromAsync( - async () => mod.serializeParams(this.publicKeyAlgorithm, await this.params) - ); - } - return mod.serializeParams(this.publicKeyAlgorithm, this.params); - } - - write() { - const arr = []; - arr.push(this.signatureData); - arr.push(this.writeUnhashedSubPackets()); - arr.push(this.signedHashValue); - arr.push(this.writeParams()); - return util.concat(arr); - } - - /** - * Signs provided data. This needs to be done prior to serialization. - * @param {SecretKeyPacket} key - Private key used to sign the message. - * @param {Object} data - Contains packets to be signed. - * @param {Date} [date] - The signature creation time. - * @param {Boolean} [detached] - Whether to create a detached signature - * @throws {Error} if signing failed - * @async - */ - async sign(key, data, date = new Date(), detached = false) { - if (key.version === 5) { - this.version = 5; - } else { - this.version = 4; - } - const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; - - this.created = util.normalizeDate(date); - this.issuerKeyVersion = key.version; - this.issuerFingerprint = key.getFingerprintBytes(); - this.issuerKeyID = key.getKeyID(); - - // Add hashed subpackets - arr.push(this.writeHashedSubPackets()); - - // Remove unhashed subpackets, in case some allowed unhashed - // subpackets existed, in order not to duplicate them (in both - // the hashed and unhashed subpackets) when re-signing. - this.unhashedSubpackets = []; - - this.signatureData = util.concat(arr); - - const toHash = this.toHash(this.signatureType, data, detached); - const hash = await this.hash(this.signatureType, data, toHash, detached); - - this.signedHashValue = slice(clone(hash), 0, 2); - const signed = async () => mod.signature.sign( - this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) - ); - if (util.isStream(hash)) { - this.params = signed(); - } else { - this.params = await signed(); - - // Store the fact that this signature is valid, e.g. for when we call `await - // getLatestValidSignature(this.revocationSignatures, key, data)` later. - // Note that this only holds up if the key and data passed to verify are the - // same as the ones passed to sign. - this[verified] = true; - } - } - - /** - * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeHashedSubPackets() { - const sub = enums.signatureSubpacket; - const arr = []; - let bytes; - if (this.created === null) { - throw new Error('Missing signature creation time'); - } - arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); - if (this.signatureExpirationTime !== null) { - arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); - } - if (this.exportable !== null) { - arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); - } - if (this.trustLevel !== null) { - bytes = new Uint8Array([this.trustLevel, this.trustAmount]); - arr.push(writeSubPacket(sub.trustSignature, true, bytes)); - } - if (this.regularExpression !== null) { - arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); - } - if (this.revocable !== null) { - arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); - } - if (this.keyExpirationTime !== null) { - arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); - } - if (this.preferredSymmetricAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); - arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); - } - if (this.revocationKeyClass !== null) { - bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); - bytes = util.concat([bytes, this.revocationKeyFingerprint]); - arr.push(writeSubPacket(sub.revocationKey, false, bytes)); - } - if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { - // If the version of [the] key is greater than 4, this subpacket - // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write())); - } - this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { - bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; - const encodedName = util.encodeUTF8(name); - // 2 octets of name length - bytes.push(util.writeNumber(encodedName.length, 2)); - // 2 octets of value length - bytes.push(util.writeNumber(value.length, 2)); - bytes.push(encodedName); - bytes.push(value); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.notationData, critical, bytes)); - }); - if (this.preferredHashAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); - arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); - } - if (this.preferredCompressionAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); - arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); - } - if (this.keyServerPreferences !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); - arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); - } - if (this.preferredKeyServer !== null) { - arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); - } - if (this.isPrimaryUserID !== null) { - arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); - } - if (this.policyURI !== null) { - arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); - } - if (this.keyFlags !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); - arr.push(writeSubPacket(sub.keyFlags, true, bytes)); - } - if (this.signersUserID !== null) { - arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); - } - if (this.reasonForRevocationFlag !== null) { - bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); - arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); - } - if (this.features !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); - arr.push(writeSubPacket(sub.features, false, bytes)); - } - if (this.signatureTargetPublicKeyAlgorithm !== null) { - bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; - bytes.push(util.stringToUint8Array(this.signatureTargetHash)); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); - } - if (this.embeddedSignature !== null) { - arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); - } - if (this.issuerFingerprint !== null) { - bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes)); - } - if (this.preferredAEADAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); - arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); - } - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - /** - * Creates an Uint8Array containing the unhashed subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeUnhashedSubPackets() { - const arr = []; - this.unhashedSubpackets.forEach(data => { - arr.push(writeSimpleLength(data.length)); - arr.push(data); - }); - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - // V4 signature sub packets - readSubPacket(bytes, hashed = true) { - let mypos = 0; - - // The leftmost bit denotes a "critical" packet - const critical = !!(bytes[mypos] & 0x80); - const type = bytes[mypos] & 0x7F; - - if (!hashed) { - this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); - if (!allowedUnhashedSubpackets.has(type)) { - return; - } - } - - mypos++; - - // subpacket type - switch (type) { - case enums.signatureSubpacket.signatureCreationTime: - // Signature Creation Time - this.created = util.readDate(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.signatureExpirationTime: { - // Signature Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.signatureNeverExpires = seconds === 0; - this.signatureExpirationTime = seconds; - - break; - } - case enums.signatureSubpacket.exportableCertification: - // Exportable Certification - this.exportable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.trustSignature: - // Trust Signature - this.trustLevel = bytes[mypos++]; - this.trustAmount = bytes[mypos++]; - break; - case enums.signatureSubpacket.regularExpression: - // Regular Expression - this.regularExpression = bytes[mypos]; - break; - case enums.signatureSubpacket.revocable: - // Revocable - this.revocable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.keyExpirationTime: { - // Key Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.keyExpirationTime = seconds; - this.keyNeverExpires = seconds === 0; - - break; - } - case enums.signatureSubpacket.preferredSymmetricAlgorithms: - // Preferred Symmetric Algorithms - this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.revocationKey: - // Revocation Key - // (1 octet of class, 1 octet of public-key algorithm ID, 20 - // octets of - // fingerprint) - this.revocationKeyClass = bytes[mypos++]; - this.revocationKeyAlgorithm = bytes[mypos++]; - this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); - break; - - case enums.signatureSubpacket.issuer: - // Issuer - this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); - break; - - case enums.signatureSubpacket.notationData: { - // Notation Data - const humanReadable = !!(bytes[mypos] & 0x80); - - // We extract key/value tuple from the byte stream. - mypos += 4; - const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - - const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); - const value = bytes.subarray(mypos + m, mypos + m + n); - - this.rawNotations.push({ name, humanReadable, value, critical }); - - if (humanReadable) { - this.notations[name] = util.decodeUTF8(value); - } - break; - } - case enums.signatureSubpacket.preferredHashAlgorithms: - // Preferred Hash Algorithms - this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredCompressionAlgorithms: - // Preferred Compression Algorithms - this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.keyServerPreferences: - // Key Server Preferences - this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredKeyServer: - // Preferred Key Server - this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.primaryUserID: - // Primary User ID - this.isPrimaryUserID = bytes[mypos++] !== 0; - break; - case enums.signatureSubpacket.policyURI: - // Policy URI - this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.keyFlags: - // Key Flags - this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signersUserID: - // Signer's User ID - this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.reasonForRevocation: - // Reason for Revocation - this.reasonForRevocationFlag = bytes[mypos++]; - this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.features: - // Features - this.features = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signatureTarget: { - // Signature Target - // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) - this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; - this.signatureTargetHashAlgorithm = bytes[mypos++]; - - const len = mod.getHashByteLength(this.signatureTargetHashAlgorithm); - - this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); - break; - } - case enums.signatureSubpacket.embeddedSignature: - // Embedded Signature - this.embeddedSignature = new SignaturePacket(); - this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.issuerFingerprint: - // Issuer Fingerprint - this.issuerKeyVersion = bytes[mypos++]; - this.issuerFingerprint = bytes.subarray(mypos, bytes.length); - if (this.issuerKeyVersion === 5) { - this.issuerKeyID.read(this.issuerFingerprint); - } else { - this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); - } - break; - case enums.signatureSubpacket.preferredAEADAlgorithms: - // Preferred AEAD Algorithms - this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - default: { - const err = new Error(`Unknown signature subpacket type ${type}`); - if (critical) { - throw err; - } else { - util.printDebug(err); - } - } - } - } - - readSubPackets(bytes, trusted = true, config) { - // Two-octet scalar octet count for following subpacket data. - const subpacketLength = util.readNumber(bytes.subarray(0, 2)); - - let i = 2; - - // subpacket data set (zero or more subpackets) - while (i < 2 + subpacketLength) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); - - i += len.len; - } - - return i; - } - - // Produces data to produce signature on - toSign(type, data) { - const t = enums.signature; - - switch (type) { - case t.binary: - if (data.text !== null) { - return util.encodeUTF8(data.getText(true)); - } - return data.getBytes(true); - - case t.text: { - const bytes = data.getBytes(true); - // normalize EOL to \r\n - return util.canonicalizeEOL(bytes); - } - case t.standalone: - return new Uint8Array(0); - - case t.certGeneric: - case t.certPersona: - case t.certCasual: - case t.certPositive: - case t.certRevocation: { - let packet; - let tag; - - if (data.userID) { - tag = 0xB4; - packet = data.userID; - } else if (data.userAttribute) { - tag = 0xD1; - packet = data.userAttribute; - } else { - throw new Error('Either a userID or userAttribute packet needs to be ' + - 'supplied for certification.'); - } - - const bytes = packet.write(); - - return util.concat([this.toSign(t.key, data), - new Uint8Array([tag]), - util.writeNumber(bytes.length, 4), - bytes]); - } - case t.subkeyBinding: - case t.subkeyRevocation: - case t.keyBinding: - return util.concat([this.toSign(t.key, data), this.toSign(t.key, { - key: data.bind - })]); - - case t.key: - if (data.key === undefined) { - throw new Error('Key packet is required for this signature.'); - } - return data.key.writeForHash(this.version); - - case t.keyRevocation: - return this.toSign(t.key, data); - case t.timestamp: - return new Uint8Array(0); - case t.thirdParty: - throw new Error('Not implemented'); - default: - throw new Error('Unknown signature type.'); - } - } - - calculateTrailer(data, detached) { - let length = 0; - return transform(clone(this.signatureData), value => { - length += value.length; - }, () => { - const arr = []; - if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { - if (detached) { - arr.push(new Uint8Array(6)); - } else { - arr.push(data.writeHeader()); - } - } - arr.push(new Uint8Array([this.version, 0xFF])); - if (this.version === 5) { - arr.push(new Uint8Array(4)); - } - arr.push(util.writeNumber(length, 4)); - // For v5, this should really be writeNumber(length, 8) rather than the - // hardcoded 4 zero bytes above - return util.concat(arr); - }); - } - - toHash(signatureType, data, detached = false) { - const bytes = this.toSign(signatureType, data); - - return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]); - } - - async hash(signatureType, data, toHash, detached = false) { - if (!toHash) toHash = this.toHash(signatureType, data, detached); - return mod.hash.digest(this.hashAlgorithm, toHash); - } - - /** - * verifies the signature packet. Note: not all signature types are implemented - * @param {PublicSubkeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature - * @param {module:enums.signature} signatureType - Expected signature type - * @param {Uint8Array|Object} data - Data which on the signature applies - * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration - * @param {Boolean} [detached] - Whether to verify a detached signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if signature validation failed - * @async - */ - async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { - if (!this.issuerKeyID.equals(key.getKeyID())) { - throw new Error('Signature was not issued by the given public key'); - } - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); - } - - const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; - // Cryptographic validity is cached after one successful verification. - // However, for message signatures, we always re-verify, since the passed `data` can change - const skipVerify = this[verified] && !isMessageSignature; - if (!skipVerify) { - let toHash; - let hash; - if (this.hashed) { - hash = await this.hashed; - } else { - toHash = this.toHash(signatureType, data, detached); - hash = await this.hash(signatureType, data, toHash); - } - hash = await readToEnd(hash); - if (this.signedHashValue[0] !== hash[0] || - this.signedHashValue[1] !== hash[1]) { - throw new Error('Signed digest did not match'); - } - - this.params = await this.params; - - this[verified] = await mod.signature.verify( - this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, - toHash, hash - ); - - if (!this[verified]) { - throw new Error('Signature verification failed'); - } - } - - const normDate = util.normalizeDate(date); - if (normDate && this.created > normDate) { - throw new Error('Signature creation time is in the future'); - } - if (normDate && normDate >= this.getExpirationTime()) { - throw new Error('Signature is expired'); - } - if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { - throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && - [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { - throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - this.rawNotations.forEach(({ name, critical }) => { - if (critical && (config$1.knownNotations.indexOf(name) < 0)) { - throw new Error(`Unknown critical notation: ${name}`); - } - }); - if (this.revocationKeyClass !== null) { - throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); - } - } - - /** - * Verifies signature expiration date - * @param {Date} [date] - Use the given date for verification instead of the current time - * @returns {Boolean} True if expired. - */ - isExpired(date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - return !(this.created <= normDate && normDate < this.getExpirationTime()); - } - return false; - } - - /** - * Returns the expiration time of the signature or Infinity if signature does not expire - * @returns {Date | Infinity} Expiration time. - */ - getExpirationTime() { - return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); - } -} - -/** - * Creates a Uint8Array representation of a sub signature packet - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} - * @param {Integer} type - Subpacket signature type. - * @param {Boolean} critical - Whether the subpacket should be critical. - * @param {String} data - Data to be included - * @returns {Uint8Array} The signature subpacket. - * @private - */ -function writeSubPacket(type, critical, data) { - const arr = []; - arr.push(writeSimpleLength(data.length + 1)); - arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); - arr.push(data); - return util.concat(arr); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -const VERSION = 3; - -/** - * Implementation of the One-Pass Signature Packets (Tag 4) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: - * The One-Pass Signature packet precedes the signed data and contains - * enough information to allow the receiver to begin calculating any - * hashes needed to verify the signature. It allows the Signature - * packet to be placed at the end of the message, so that the signer - * can compute the entire signed message in one pass. - */ -class OnePassSignaturePacket { - static get tag() { - return enums.packet.onePassSignature; - } - - constructor() { - /** A one-octet version number. The current version is 3. */ - this.version = null; - /** - * A one-octet signature type. - * Signature types are described in - * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. - * @type {enums.signature} - - */ - this.signatureType = null; - /** - * A one-octet number describing the hash algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} - * @type {enums.hash} - */ - this.hashAlgorithm = null; - /** - * A one-octet number describing the public-key algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} - * @type {enums.publicKey} - */ - this.publicKeyAlgorithm = null; - /** An eight-octet number holding the Key ID of the signing key. */ - this.issuerKeyID = null; - /** - * A one-octet number holding a flag showing whether the signature is nested. - * A zero value indicates that the next packet is another One-Pass Signature packet - * that describes another signature to be applied to the same message data. - */ - this.flags = null; - } - - /** - * parsing function for a one-pass signature packet (tag 4). - * @param {Uint8Array} bytes - Payload of a tag 4 packet - * @returns {OnePassSignaturePacket} Object representation. - */ - read(bytes) { - let mypos = 0; - // A one-octet version number. The current version is 3. - this.version = bytes[mypos++]; - if (this.version !== VERSION) { - throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); - } - - // A one-octet signature type. Signature types are described in - // Section 5.2.1. - this.signatureType = bytes[mypos++]; - - // A one-octet number describing the hash algorithm used. - this.hashAlgorithm = bytes[mypos++]; - - // A one-octet number describing the public-key algorithm used. - this.publicKeyAlgorithm = bytes[mypos++]; - - // An eight-octet number holding the Key ID of the signing key. - this.issuerKeyID = new KeyID(); - this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); - mypos += 8; - - // A one-octet number holding a flag showing whether the signature - // is nested. A zero value indicates that the next packet is - // another One-Pass Signature packet that describes another - // signature to be applied to the same message data. - this.flags = bytes[mypos++]; - return this; - } - - /** - * creates a string representation of a one-pass signature packet - * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. - */ - write() { - const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]); - - const end = new Uint8Array([this.flags]); - - return util.concatUint8Array([start, this.issuerKeyID.write(), end]); - } - - calculateTrailer(...args) { - return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); - } - - async verify() { - const correspondingSig = await this.correspondingSig; - if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { - throw new Error('Corresponding signature packet missing'); - } - if ( - correspondingSig.signatureType !== this.signatureType || - correspondingSig.hashAlgorithm !== this.hashAlgorithm || - correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || - !correspondingSig.issuerKeyID.equals(this.issuerKeyID) - ) { - throw new Error('Corresponding signature packet does not match one-pass signature packet'); - } - correspondingSig.hashed = this.hashed; - return correspondingSig.verify.apply(correspondingSig, arguments); - } -} - -OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; -OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; -OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; - -/** - * Instantiate a new packet given its tag - * @function newPacketFromTag - * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @returns {Object} New packet object with type based on tag - * @throws {Error|UnsupportedError} for disallowed or unknown packets - */ -function newPacketFromTag(tag, allowedPackets) { - if (!allowedPackets[tag]) { - // distinguish between disallowed packets and unknown ones - let packetType; - try { - packetType = enums.read(enums.packet, tag); - } catch (e) { - throw new UnsupportedError(`Unknown packet type with tag: ${tag}`); - } - throw new Error(`Packet not allowed in this context: ${packetType}`); - } - return new allowedPackets[tag](); -} - -/** - * This class represents a list of openpgp packets. - * Take care when iterating over it - the packets themselves - * are stored as numerical indices. - * @extends Array - */ -class PacketList extends Array { - /** - * Parses the given binary data and returns a list of packets. - * Equivalent to calling `read` on an empty PacketList instance. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @returns {PacketList} parsed list of packets - * @throws on parsing errors - * @async - */ - static async fromBinary(bytes, allowedPackets, config$1 = config) { - const packets = new PacketList(); - await packets.read(bytes, allowedPackets, config$1); - return packets; - } - - /** - * Reads a stream of binary data and interprets it as a list of packets. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @throws on parsing errors - * @async - */ - async read(bytes, allowedPackets, config$1 = config) { - if (config$1.additionalAllowedPackets.length) { - allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; - } - this.stream = transformPair(bytes, async (readable, writable) => { - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const done = await readPackets(readable, async parsed => { - try { - if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) { - // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: - // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 - // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 - return; - } - const packet = newPacketFromTag(parsed.tag, allowedPackets); - packet.packets = new PacketList(); - packet.fromStream = util.isStream(parsed.packet); - await packet.read(parsed.packet, config$1); - await writer.write(packet); - } catch (e) { - const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; - const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); - if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { - // The packets that support streaming are the ones that contain message data. - // Those are also the ones we want to be more strict about and throw on parse errors - // (since we likely cannot process the message without these packets anyway). - await writer.abort(e); - } else { - const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); - await writer.write(unparsedPacket); - } - util.printDebugError(e); - } - }); - if (done) { - await writer.ready; - await writer.close(); - return; - } - } - } catch (e) { - await writer.abort(e); - } - }); - - // Wait until first few packets have been read - const reader = getReader(this.stream); - while (true) { - const { done, value } = await reader.read(); - if (!done) { - this.push(value); - } else { - this.stream = null; - } - if (done || supportsStreaming(value.constructor.tag)) { - break; - } - } - reader.releaseLock(); - } - - /** - * Creates a binary representation of openpgp objects contained within the - * class instance. - * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. - */ - write() { - const arr = []; - - for (let i = 0; i < this.length; i++) { - const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; - const packetbytes = this[i].write(); - if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { - let buffer = []; - let bufferLength = 0; - const minLength = 512; - arr.push(writeTag(tag)); - arr.push(transform(packetbytes, value => { - buffer.push(value); - bufferLength += value.length; - if (bufferLength >= minLength) { - const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); - const chunkSize = 2 ** powerOf2; - const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); - buffer = [bufferConcat.subarray(1 + chunkSize)]; - bufferLength = buffer[0].length; - return bufferConcat.subarray(0, 1 + chunkSize); - } - }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); - } else { - if (util.isStream(packetbytes)) { - let length = 0; - arr.push(transform(clone(packetbytes), value => { - length += value.length; - }, () => writeHeader(tag, length))); - } else { - arr.push(writeHeader(tag, packetbytes.length)); - } - arr.push(packetbytes); - } - } - - return util.concat(arr); - } - - /** - * Creates a new PacketList with all packets matching the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {PacketList} - */ - filterByTag(...tags) { - const filtered = new PacketList(); - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(this[i].constructor.tag))) { - filtered.push(this[i]); - } - } - - return filtered; - } - - /** - * Traverses packet list and returns first packet with matching tag - * @param {module:enums.packet} tag - The packet tag - * @returns {Packet|undefined} - */ - findPacket(tag) { - return this.find(packet => packet.constructor.tag === tag); - } - - /** - * Find indices of packets with the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {Integer[]} packet indices - */ - indexOfTag(...tags) { - const tagIndex = []; - const that = this; - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(that[i].constructor.tag))) { - tagIndex.push(i); - } - } - return tagIndex; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Compressed Data packet can contain the following packet types -const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -/** - * Implementation of the Compressed Data Packet (Tag 8) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: - * The Compressed Data packet contains compressed data. Typically, - * this packet is found as the contents of an encrypted packet, or following - * a Signature or One-Pass Signature packet, and contains a literal data packet. - */ -class CompressedDataPacket { - static get tag() { - return enums.packet.compressedData; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * List of packets - * @type {PacketList} - */ - this.packets = null; - /** - * Compression algorithm - * @type {enums.compression} - */ - this.algorithm = config$1.preferredCompressionAlgorithm; - - /** - * Compressed packet data - * @type {Uint8Array | ReadableStream} - */ - this.compressed = null; - - /** - * zip/zlib compression level, between 1 and 9 - */ - this.deflateLevel = config$1.deflateLevel; - } - - /** - * Parsing function for the packet. - * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async read(bytes, config$1 = config) { - await parse(bytes, async reader => { - - // One octet that gives the algorithm used to compress the packet. - this.algorithm = await reader.readByte(); - - // Compressed data, which makes up the remainder of the packet. - this.compressed = reader.remainder(); - - await this.decompress(config$1); - }); - } - - - /** - * Return the compressed packet. - * @returns {Uint8Array | ReadableStream} Binary compressed packet. - */ - write() { - if (this.compressed === null) { - this.compress(); - } - - return util.concat([new Uint8Array([this.algorithm]), this.compressed]); - } - - - /** - * Decompression method for decompressing the compressed data - * read by read_packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async decompress(config$1 = config) { - const compressionName = enums.read(enums.compression, this.algorithm); - const decompressionFn = decompress_fns[compressionName]; - if (!decompressionFn) { - throw new Error(`${compressionName} decompression not supported`); - } - - this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config$1); - } - - /** - * Compress the packet data (member decompressedData) - */ - compress() { - const compressionName = enums.read(enums.compression, this.algorithm); - const compressionFn = compress_fns[compressionName]; - if (!compressionFn) { - throw new Error(`${compressionName} compression not supported`); - } - - this.compressed = compressionFn(this.packets.write(), this.deflateLevel); - } -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -const nodeZlib = util.getNodeZlib(); - -function uncompressed(data) { - return data; -} - -function node_zlib(func, create, options = {}) { - return function (data) { - if (!util.isStream(data) || isArrayStream(data)) { - return fromAsync(() => readToEnd(data).then(data => { - return new Promise((resolve, reject) => { - func(data, options, (err, result) => { - if (err) return reject(err); - resolve(result); - }); - }); - })); - } - return nodeToWeb(webToNode(data).pipe(create(options))); - }; -} - -function pako_zlib(constructor, options = {}) { - return function(data) { - const obj = new constructor(options); - return transform(data, value => { - if (value.length) { - obj.push(value, Z_SYNC_FLUSH); - return obj.result; - } - }, () => { - if (constructor === Deflate) { - obj.push([], Z_FINISH); - return obj.result; - } - }); - }; -} - -function bzip2(func) { - return function(data) { - return fromAsync(async () => func(await readToEnd(data))); - }; -} - -const compress_fns = nodeZlib ? { - zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed) -} : { - zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed) -}; - -const decompress_fns = nodeZlib ? { - uncompressed: uncompressed, - zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw), - zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -} : { - uncompressed: uncompressed, - zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }), - zlib: /*#__PURE__*/ pako_zlib(Inflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -}; - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A SEIP packet can contain the following packet types -const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$1 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: - * The Symmetrically Encrypted Integrity Protected Data packet is - * a variant of the Symmetrically Encrypted Data packet. It is a new feature - * created for OpenPGP that addresses the problem of detecting a modification to - * encrypted data. It is used in combination with a Modification Detection Code - * packet. - */ -class SymEncryptedIntegrityProtectedDataPacket { - static get tag() { - return enums.packet.symEncryptedIntegrityProtectedData; - } - - constructor() { - this.version = VERSION$1; - this.encrypted = null; - this.packets = null; - } - - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - // - A one-octet version number. The only currently defined value is 1. - if (version !== VERSION$1) { - throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`); - } - - // - Encrypted data, the output of the selected symmetric-key cipher - // operating in Cipher Feedback mode with shift amount equal to the - // block size of the cipher (CFB-n where n is the block size). - this.encrypted = reader.remainder(); - }); - } - - write() { - return util.concat([new Uint8Array([VERSION$1]), this.encrypted]); - } - - /** - * Encrypt the payload in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on encryption failure - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - - let bytes = this.packets.write(); - if (isArrayStream(bytes)) bytes = await readToEnd(bytes); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet - - const tohash = util.concat([prefix, bytes, mdc]); - const hash = await mod.hash.sha1(passiveClone(tohash)); - const plaintext = util.concat([tohash, hash]); - - this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); - return true; - } - - /** - * Decrypts the encrypted data contained in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on decryption failure - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - let encrypted = clone(this.encrypted); - if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); - - // there must be a modification detection code packet as the - // last packet and everything gets hashed except the hash itself - const realHash = slice(passiveClone(decrypted), -20); - const tohash = slice(decrypted, 0, -20); - const verifyHash = Promise.all([ - readToEnd(await mod.hash.sha1(passiveClone(tohash))), - readToEnd(realHash) - ]).then(([hash, mdc]) => { - if (!util.equalsUint8Array(hash, mdc)) { - throw new Error('Modification detected.'); - } - return new Uint8Array(); - }); - const bytes = slice(tohash, blockSize + 2); // Remove random prefix - let packetbytes = slice(bytes, 0, -2); // Remove MDC packet - packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); - if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { - packetbytes = await readToEnd(packetbytes); - } - this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$1, config$1); - return true; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -// An AEAD-encrypted Data packet can contain the following packet types -const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$2 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Symmetrically Encrypted Authenticated Encryption with - * Additional Data (AEAD) Protected Data Packet - * - * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: - * AEAD Protected Data Packet - */ -class AEADEncryptedDataPacket { - static get tag() { - return enums.packet.aeadEncryptedData; - } - - constructor() { - this.version = VERSION$2; - /** @type {enums.symmetric} */ - this.cipherAlgorithm = null; - /** @type {enums.aead} */ - this.aeadAlgorithm = enums.aead.eax; - this.chunkSizeByte = null; - this.iv = null; - this.encrypted = null; - this.packets = null; - } - - /** - * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @param {Uint8Array | ReadableStream} bytes - * @throws {Error} on parsing failure - */ - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - if (version !== VERSION$2) { // The only currently defined value is 1. - throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); - } - this.cipherAlgorithm = await reader.readByte(); - this.aeadAlgorithm = await reader.readByte(); - this.chunkSizeByte = await reader.readByte(); - - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = await reader.readBytes(mode.ivLength); - this.encrypted = reader.remainder(); - }); - } - - /** - * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @returns {Uint8Array | ReadableStream} The encrypted payload. - */ - write() { - return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); - } - - /** - * Decrypt the encrypted payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.packets = await PacketList.fromBinary( - await this.crypt('decrypt', key, clone(this.encrypted)), - allowedPackets$2, - config$1 - ); - } - - /** - * Encrypt the packet payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.cipherAlgorithm = sessionKeyAlgorithm; - - const { ivLength } = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(ivLength); // generate new random IV - this.chunkSizeByte = config$1.aeadChunkSizeByte; - const data = this.packets.write(); - this.encrypted = await this.crypt('encrypt', key, data); - } - - /** - * En/decrypt the payload. - * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt - * @param {Uint8Array} key - The session key used to en/decrypt the payload - * @param {Uint8Array | ReadableStream} data - The data to en/decrypt - * @returns {Promise>} - * @async - */ - async crypt(fn, key, data) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const modeInstance = await mode(this.cipherAlgorithm, key); - const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; - const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; - const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) - const adataBuffer = new ArrayBuffer(21); - const adataArray = new Uint8Array(adataBuffer, 0, 13); - const adataTagArray = new Uint8Array(adataBuffer); - const adataView = new DataView(adataBuffer); - const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); - adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0); - let chunkIndex = 0; - let latestPromise = Promise.resolve(); - let cryptedBytes = 0; - let queuedBytes = 0; - const iv = this.iv; - return transformPair(data, async (readable, writable) => { - if (util.isStream(readable) !== 'array') { - const buffer = new TransformStream({}, { - highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6), - size: array => array.length - }); - pipe(buffer.readable, writable); - writable = buffer.writable; - } - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); - const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); - chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); - let cryptedPromise; - let done; - if (!chunkIndex || chunk.length) { - reader.unshift(finalChunk); - cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray); - queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; - } else { - // After the last chunk, we either encrypt a final, empty - // data chunk to get the final authentication tag or - // validate that final authentication tag. - adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...) - cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray); - queuedBytes += tagLengthIfEncrypting; - done = true; - } - cryptedBytes += chunk.length - tagLengthIfDecrypting; - // eslint-disable-next-line no-loop-func - latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { - await writer.ready; - await writer.write(crypted); - queuedBytes -= crypted.length; - }).catch(err => writer.abort(err)); - if (done || queuedBytes > writer.desiredSize) { - await latestPromise; // Respect backpressure - } - if (!done) { - adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) - } else { - await writer.close(); - break; - } - } - } catch (e) { - await writer.abort(e); - } - }); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -const VERSION$3 = 3; - -/** - * Public-Key Encrypted Session Key Packets (Tag 1) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: - * A Public-Key Encrypted Session Key packet holds the session key - * used to encrypt a message. Zero or more Public-Key Encrypted Session Key - * packets and/or Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data Packet, which holds an encrypted message. The - * message is encrypted with the session key, and the session key is itself - * encrypted and stored in the Encrypted Session Key packet(s). The - * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted - * Session Key packet for each OpenPGP key to which the message is encrypted. - * The recipient of the message finds a session key that is encrypted to their - * public key, decrypts the session key, and then uses the session key to - * decrypt the message. - */ -class PublicKeyEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.publicKeyEncryptedSessionKey; - } - - constructor() { - this.version = 3; - - this.publicKeyID = new KeyID(); - this.publicKeyAlgorithm = null; - - this.sessionKey = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = null; - - /** @type {Object} */ - this.encrypted = {}; - } - - /** - * Parsing function for a publickey encrypted session key packet (tag 1). - * - * @param {Uint8Array} bytes - Payload of a tag 1 packet - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - if (this.version !== VERSION$3) { - throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); - } - i += this.publicKeyID.read(bytes.subarray(i)); - this.publicKeyAlgorithm = bytes[i++]; - this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version); - if (this.publicKeyAlgorithm === enums.publicKey.x25519) { - this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); - } - } - - /** - * Create a binary representation of a tag 1 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const arr = [ - new Uint8Array([this.version]), - this.publicKeyID.write(), - new Uint8Array([this.publicKeyAlgorithm]), - mod.serializeParams(this.publicKeyAlgorithm, this.encrypted) - ]; - - return util.concatUint8Array(arr); - } - - /** - * Encrypt session key packet - * @param {PublicKeyPacket} key - Public key - * @throws {Error} if encryption failed - * @async - */ - async encrypt(key) { - const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); - const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey); - this.encrypted = await mod.publicKeyEncrypt( - algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes()); - } - - /** - * Decrypts the session key (only for public key encrypted session key packets (tag 1) - * @param {SecretKeyPacket} key - decrypted private key - * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. - * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } - * @throws {Error} if decryption failed, unless `randomSessionKey` is given - * @async - */ - async decrypt(key, randomSessionKey) { - // check that session key algo matches the secret key algo - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Decryption error'); - } - - const randomPayload = randomSessionKey ? - encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : - null; - const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload); - - const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); - - // v3 Montgomery curves have cleartext cipher algo - if (this.publicKeyAlgorithm !== enums.publicKey.x25519) { - this.sessionKeyAlgorithm = sessionKeyAlgorithm; - } - this.sessionKey = sessionKey; - } -} - - -function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // add checksum - return util.concatUint8Array([ - new Uint8Array([cipherAlgo]), - sessionKeyData, - util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) - ]); - } - case enums.publicKey.x25519: - return sessionKeyData; - default: - throw new Error('Unsupported public key algorithm'); - } -} - - -function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // verify checksum in constant time - const result = decryptedData.subarray(0, decryptedData.length - 2); - const checksum = decryptedData.subarray(decryptedData.length - 2); - const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); - const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; - const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; - if (randomSessionKey) { - // We must not leak info about the validity of the decrypted checksum or cipher algo. - // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. - const isValidPayload = isValidChecksum & - decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & - decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; - return { - sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), - sessionKeyAlgorithm: util.selectUint8( - isValidPayload, - decryptedSessionKey.sessionKeyAlgorithm, - randomSessionKey.sessionKeyAlgorithm - ) - }; - } else { - const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm); - if (isValidPayload) { - return decryptedSessionKey; - } else { - throw new Error('Decryption error'); - } - } - } - case enums.publicKey.x25519: - return { - sessionKey: decryptedData - }; - default: - throw new Error('Unsupported public key algorithm'); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -class S2K { - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * Hash function identifier, or 0 for gnu-dummy keys - * @type {module:enums.hash | 0} - */ - this.algorithm = enums.hash.sha256; - /** - * enums.s2k identifier or 'gnu-dummy' - * @type {String} - */ - this.type = 'iterated'; - /** @type {Integer} */ - this.c = config$1.s2kIterationCountByte; - /** Eight bytes of salt in a binary string. - * @type {Uint8Array} - */ - this.salt = null; - } - - getCount() { - // Exponent bias, defined in RFC4880 - const expbias = 6; - - return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); - } - - /** - * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). - * @param {Uint8Array} bytes - Payload of string-to-key specifier - * @returns {Integer} Actual length of the object. - */ - read(bytes) { - let i = 0; - try { - this.type = enums.read(enums.s2k, bytes[i++]); - } catch (err) { - throw new UnsupportedError('Unknown S2K type.'); - } - this.algorithm = bytes[i++]; - - switch (this.type) { - case 'simple': - break; - - case 'salted': - this.salt = bytes.subarray(i, i + 8); - i += 8; - break; - - case 'iterated': - this.salt = bytes.subarray(i, i + 8); - i += 8; - - // Octet 10: count, a one-octet, coded value - this.c = bytes[i++]; - break; - - case 'gnu': - if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { - i += 3; // GNU - const gnuExtType = 1000 + bytes[i++]; - if (gnuExtType === 1001) { - this.type = 'gnu-dummy'; - // GnuPG extension mode 1001 -- don't write secret key at all - } else { - throw new UnsupportedError('Unknown s2k gnu protection mode.'); - } - } else { - throw new UnsupportedError('Unknown s2k type.'); - } - break; - - default: - throw new UnsupportedError('Unknown s2k type.'); // unreachable - } - - return i; - } - - /** - * Serializes s2k information - * @returns {Uint8Array} Binary representation of s2k. - */ - write() { - if (this.type === 'gnu-dummy') { - return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); - } - const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; - - switch (this.type) { - case 'simple': - break; - case 'salted': - arr.push(this.salt); - break; - case 'iterated': - arr.push(this.salt); - arr.push(new Uint8Array([this.c])); - break; - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - - return util.concatUint8Array(arr); - } - - /** - * Produces a key using the specified passphrase and the defined - * hashAlgorithm - * @param {String} passphrase - Passphrase containing user input - * @returns {Promise} Produced key with a length corresponding to. - * hashAlgorithm hash length - * @async - */ - async produceKey(passphrase, numBytes) { - passphrase = util.encodeUTF8(passphrase); - - const arr = []; - let rlength = 0; - - let prefixlen = 0; - while (rlength < numBytes) { - let toHash; - switch (this.type) { - case 'simple': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); - break; - case 'salted': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); - break; - case 'iterated': { - const data = util.concatUint8Array([this.salt, passphrase]); - let datalen = data.length; - const count = Math.max(this.getCount(), datalen); - toHash = new Uint8Array(prefixlen + count); - toHash.set(data, prefixlen); - for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { - toHash.copyWithin(pos, prefixlen, pos); - } - break; - } - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } - const result = await mod.hash.digest(this.algorithm, toHash); - arr.push(result); - rlength += result.length; - prefixlen++; - } - - return util.concatUint8Array(arr).subarray(0, numBytes); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Symmetric-Key Encrypted Session Key Packets (Tag 3) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: - * The Symmetric-Key Encrypted Session Key packet holds the - * symmetric-key encryption of a session key used to encrypt a message. - * Zero or more Public-Key Encrypted Session Key packets and/or - * Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data packet that holds an encrypted message. - * The message is encrypted with a session key, and the session key is - * itself encrypted and stored in the Encrypted Session Key packet or - * the Symmetric-Key Encrypted Session Key packet. - */ -class SymEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.symEncryptedSessionKey; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - this.version = config$1.aeadProtect ? 5 : 4; - this.sessionKey = null; - /** - * Algorithm to encrypt the session key with - * @type {enums.symmetric} - */ - this.sessionKeyEncryptionAlgorithm = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = enums.symmetric.aes256; - /** - * AEAD mode to encrypt the session key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); - this.encrypted = null; - this.s2k = null; - this.iv = null; - } - - /** - * Parsing function for a symmetric encrypted session key packet (tag 3). - * - * @param {Uint8Array} bytes - Payload of a tag 3 packet - */ - read(bytes) { - let offset = 0; - - // A one-octet version number. The only currently defined version is 4. - this.version = bytes[offset++]; - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); - } - - // A one-octet number describing the symmetric algorithm used. - const algo = bytes[offset++]; - - if (this.version === 5) { - // A one-octet AEAD algorithm. - this.aeadAlgorithm = bytes[offset++]; - } - - // A string-to-key (S2K) specifier, length as defined above. - this.s2k = new S2K(); - offset += this.s2k.read(bytes.subarray(offset, bytes.length)); - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - - // A starting initialization vector of size specified by the AEAD - // algorithm. - this.iv = bytes.subarray(offset, offset += mode.ivLength); - } - - // The encrypted session key itself, which is decrypted with the - // string-to-key object. This is optional in version 4. - if (this.version === 5 || offset < bytes.length) { - this.encrypted = bytes.subarray(offset, bytes.length); - this.sessionKeyEncryptionAlgorithm = algo; - } else { - this.sessionKeyAlgorithm = algo; - } - } - - /** - * Create a binary representation of a tag 3 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const algo = this.encrypted === null ? - this.sessionKeyAlgorithm : - this.sessionKeyEncryptionAlgorithm; - - let bytes; - - if (this.version === 5) { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]); - } else { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]); - - if (this.encrypted !== null) { - bytes = util.concatUint8Array([bytes, this.encrypted]); - } - } - - return bytes; - } - - /** - * Decrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(passphrase) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; - - const { blockSize, keySize } = mod.getCipher(algo); - const key = await this.s2k.produceKey(passphrase, keySize); - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, key); - this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); - } else if (this.encrypted !== null) { - const decrypted = await mod.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); - - this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); - this.sessionKey = decrypted.subarray(1, decrypted.length); - } else { - this.sessionKey = key; - } - } - - /** - * Encrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; - - this.sessionKeyEncryptionAlgorithm = algo; - - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - - const { blockSize, keySize } = mod.getCipher(algo); - const encryptionKey = await this.s2k.produceKey(passphrase, keySize); - - if (this.sessionKey === null) { - this.sessionKey = mod.generateSessionKey(this.sessionKeyAlgorithm); - } - - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(mode.ivLength); // generate new random IV - const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, encryptionKey); - this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData); - } else { - const toEncrypt = util.concatUint8Array([ - new Uint8Array([this.sessionKeyAlgorithm]), - this.sessionKey - ]); - this.encrypted = await mod.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config$1); - } - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the Key Material Packet (Tag 5,6,7,14) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: - * A key material packet contains all the information about a public or - * private key. There are four variants of this packet type, and two - * major versions. - * - * A Public-Key packet starts a series of packets that forms an OpenPGP - * key (sometimes called an OpenPGP certificate). - */ -class PublicKeyPacket { - static get tag() { - return enums.packet.publicKey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - /** - * Packet version - * @type {Integer} - */ - this.version = config$1.v5Keys ? 5 : 4; - /** - * Key creation date. - * @type {Date} - */ - this.created = util.normalizeDate(date); - /** - * Public key algorithm. - * @type {enums.publicKey} - */ - this.algorithm = null; - /** - * Algorithm specific public params - * @type {Object} - */ - this.publicParams = null; - /** - * Time until expiration in days (V3 only) - * @type {Integer} - */ - this.expirationTimeV3 = 0; - /** - * Fingerprint bytes - * @type {Uint8Array} - */ - this.fingerprint = null; - /** - * KeyID - * @type {module:type/keyid~KeyID} - */ - this.keyID = null; - } - - /** - * Create a PublicKeyPacket from a SecretKeyPacket - * @param {SecretKeyPacket} secretKeyPacket - key packet to convert - * @returns {PublicKeyPacket} public key packet - * @static - */ - static fromSecretKeyPacket(secretKeyPacket) { - const keyPacket = new PublicKeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } - - /** - * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} - * @param {Uint8Array} bytes - Input array to read the packet from - * @returns {Object} This object with attributes set by the parser - * @async - */ - async read(bytes) { - let pos = 0; - // A one-octet version number (3, 4 or 5). - this.version = bytes[pos++]; - - if (this.version === 4 || this.version === 5) { - // - A four-octet number denoting the time that the key was created. - this.created = util.readDate(bytes.subarray(pos, pos + 4)); - pos += 4; - - // - A one-octet number denoting the public-key algorithm of this key. - this.algorithm = bytes[pos++]; - - if (this.version === 5) { - // - A four-octet scalar octet count for the following key material. - pos += 4; - } - - // - A series of values comprising the key material. - const { read, publicParams } = mod.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); - this.publicParams = publicParams; - pos += read; - - // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor - await this.computeFingerprintAndKeyID(); - return pos; - } - throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); - } - - /** - * Creates an OpenPGP public key packet for the given key. - * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. - */ - write() { - const arr = []; - // Version - arr.push(new Uint8Array([this.version])); - arr.push(util.writeDate(this.created)); - // A one-octet number denoting the public-key algorithm of this key - arr.push(new Uint8Array([this.algorithm])); - - const params = mod.serializeParams(this.algorithm, this.publicParams); - if (this.version === 5) { - // A four-octet scalar octet count for the following key material - arr.push(util.writeNumber(params.length, 4)); - } - // Algorithm-specific params - arr.push(params); - return util.concatUint8Array(arr); - } - - /** - * Write packet in order to be hashed; either for a signature or a fingerprint - * @param {Integer} version - target version of signature or key - */ - writeForHash(version) { - const bytes = this.writePublicKey(); - - if (version === 5) { - return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]); - } - return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]); - } - - /** - * Check whether secret-key data is available in decrypted form. Returns null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return null; - } - - /** - * Returns the creation time of the key - * @returns {Date} - */ - getCreationTime() { - return this.created; - } - - /** - * Return the key ID of the key - * @returns {module:type/keyid~KeyID} The 8-byte key ID - */ - getKeyID() { - return this.keyID; - } +function M(o, a, b) { + var v, c, + t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, + t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, + t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, + t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, + b0 = b[0], + b1 = b[1], + b2 = b[2], + b3 = b[3], + b4 = b[4], + b5 = b[5], + b6 = b[6], + b7 = b[7], + b8 = b[8], + b9 = b[9], + b10 = b[10], + b11 = b[11], + b12 = b[12], + b13 = b[13], + b14 = b[14], + b15 = b[15]; - /** - * Computes and set the key ID and fingerprint of the key - * @async - */ - async computeFingerprintAndKeyID() { - await this.computeFingerprint(); - this.keyID = new KeyID(); + v = a[0]; + t0 += v * b0; + t1 += v * b1; + t2 += v * b2; + t3 += v * b3; + t4 += v * b4; + t5 += v * b5; + t6 += v * b6; + t7 += v * b7; + t8 += v * b8; + t9 += v * b9; + t10 += v * b10; + t11 += v * b11; + t12 += v * b12; + t13 += v * b13; + t14 += v * b14; + t15 += v * b15; + v = a[1]; + t1 += v * b0; + t2 += v * b1; + t3 += v * b2; + t4 += v * b3; + t5 += v * b4; + t6 += v * b5; + t7 += v * b6; + t8 += v * b7; + t9 += v * b8; + t10 += v * b9; + t11 += v * b10; + t12 += v * b11; + t13 += v * b12; + t14 += v * b13; + t15 += v * b14; + t16 += v * b15; + v = a[2]; + t2 += v * b0; + t3 += v * b1; + t4 += v * b2; + t5 += v * b3; + t6 += v * b4; + t7 += v * b5; + t8 += v * b6; + t9 += v * b7; + t10 += v * b8; + t11 += v * b9; + t12 += v * b10; + t13 += v * b11; + t14 += v * b12; + t15 += v * b13; + t16 += v * b14; + t17 += v * b15; + v = a[3]; + t3 += v * b0; + t4 += v * b1; + t5 += v * b2; + t6 += v * b3; + t7 += v * b4; + t8 += v * b5; + t9 += v * b6; + t10 += v * b7; + t11 += v * b8; + t12 += v * b9; + t13 += v * b10; + t14 += v * b11; + t15 += v * b12; + t16 += v * b13; + t17 += v * b14; + t18 += v * b15; + v = a[4]; + t4 += v * b0; + t5 += v * b1; + t6 += v * b2; + t7 += v * b3; + t8 += v * b4; + t9 += v * b5; + t10 += v * b6; + t11 += v * b7; + t12 += v * b8; + t13 += v * b9; + t14 += v * b10; + t15 += v * b11; + t16 += v * b12; + t17 += v * b13; + t18 += v * b14; + t19 += v * b15; + v = a[5]; + t5 += v * b0; + t6 += v * b1; + t7 += v * b2; + t8 += v * b3; + t9 += v * b4; + t10 += v * b5; + t11 += v * b6; + t12 += v * b7; + t13 += v * b8; + t14 += v * b9; + t15 += v * b10; + t16 += v * b11; + t17 += v * b12; + t18 += v * b13; + t19 += v * b14; + t20 += v * b15; + v = a[6]; + t6 += v * b0; + t7 += v * b1; + t8 += v * b2; + t9 += v * b3; + t10 += v * b4; + t11 += v * b5; + t12 += v * b6; + t13 += v * b7; + t14 += v * b8; + t15 += v * b9; + t16 += v * b10; + t17 += v * b11; + t18 += v * b12; + t19 += v * b13; + t20 += v * b14; + t21 += v * b15; + v = a[7]; + t7 += v * b0; + t8 += v * b1; + t9 += v * b2; + t10 += v * b3; + t11 += v * b4; + t12 += v * b5; + t13 += v * b6; + t14 += v * b7; + t15 += v * b8; + t16 += v * b9; + t17 += v * b10; + t18 += v * b11; + t19 += v * b12; + t20 += v * b13; + t21 += v * b14; + t22 += v * b15; + v = a[8]; + t8 += v * b0; + t9 += v * b1; + t10 += v * b2; + t11 += v * b3; + t12 += v * b4; + t13 += v * b5; + t14 += v * b6; + t15 += v * b7; + t16 += v * b8; + t17 += v * b9; + t18 += v * b10; + t19 += v * b11; + t20 += v * b12; + t21 += v * b13; + t22 += v * b14; + t23 += v * b15; + v = a[9]; + t9 += v * b0; + t10 += v * b1; + t11 += v * b2; + t12 += v * b3; + t13 += v * b4; + t14 += v * b5; + t15 += v * b6; + t16 += v * b7; + t17 += v * b8; + t18 += v * b9; + t19 += v * b10; + t20 += v * b11; + t21 += v * b12; + t22 += v * b13; + t23 += v * b14; + t24 += v * b15; + v = a[10]; + t10 += v * b0; + t11 += v * b1; + t12 += v * b2; + t13 += v * b3; + t14 += v * b4; + t15 += v * b5; + t16 += v * b6; + t17 += v * b7; + t18 += v * b8; + t19 += v * b9; + t20 += v * b10; + t21 += v * b11; + t22 += v * b12; + t23 += v * b13; + t24 += v * b14; + t25 += v * b15; + v = a[11]; + t11 += v * b0; + t12 += v * b1; + t13 += v * b2; + t14 += v * b3; + t15 += v * b4; + t16 += v * b5; + t17 += v * b6; + t18 += v * b7; + t19 += v * b8; + t20 += v * b9; + t21 += v * b10; + t22 += v * b11; + t23 += v * b12; + t24 += v * b13; + t25 += v * b14; + t26 += v * b15; + v = a[12]; + t12 += v * b0; + t13 += v * b1; + t14 += v * b2; + t15 += v * b3; + t16 += v * b4; + t17 += v * b5; + t18 += v * b6; + t19 += v * b7; + t20 += v * b8; + t21 += v * b9; + t22 += v * b10; + t23 += v * b11; + t24 += v * b12; + t25 += v * b13; + t26 += v * b14; + t27 += v * b15; + v = a[13]; + t13 += v * b0; + t14 += v * b1; + t15 += v * b2; + t16 += v * b3; + t17 += v * b4; + t18 += v * b5; + t19 += v * b6; + t20 += v * b7; + t21 += v * b8; + t22 += v * b9; + t23 += v * b10; + t24 += v * b11; + t25 += v * b12; + t26 += v * b13; + t27 += v * b14; + t28 += v * b15; + v = a[14]; + t14 += v * b0; + t15 += v * b1; + t16 += v * b2; + t17 += v * b3; + t18 += v * b4; + t19 += v * b5; + t20 += v * b6; + t21 += v * b7; + t22 += v * b8; + t23 += v * b9; + t24 += v * b10; + t25 += v * b11; + t26 += v * b12; + t27 += v * b13; + t28 += v * b14; + t29 += v * b15; + v = a[15]; + t15 += v * b0; + t16 += v * b1; + t17 += v * b2; + t18 += v * b3; + t19 += v * b4; + t20 += v * b5; + t21 += v * b6; + t22 += v * b7; + t23 += v * b8; + t24 += v * b9; + t25 += v * b10; + t26 += v * b11; + t27 += v * b12; + t28 += v * b13; + t29 += v * b14; + t30 += v * b15; - if (this.version === 5) { - this.keyID.read(this.fingerprint.subarray(0, 8)); - } else if (this.version === 4) { - this.keyID.read(this.fingerprint.subarray(12, 20)); - } else { - throw new Error('Unsupported key version'); - } - } + t0 += 38 * t16; + t1 += 38 * t17; + t2 += 38 * t18; + t3 += 38 * t19; + t4 += 38 * t20; + t5 += 38 * t21; + t6 += 38 * t22; + t7 += 38 * t23; + t8 += 38 * t24; + t9 += 38 * t25; + t10 += 38 * t26; + t11 += 38 * t27; + t12 += 38 * t28; + t13 += 38 * t29; + t14 += 38 * t30; + // t15 left as is - /** - * Computes and set the fingerprint of the key - */ - async computeFingerprint() { - const toHash = this.writeForHash(this.version); + // first car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - if (this.version === 5) { - this.fingerprint = await mod.hash.sha256(toHash); - } else if (this.version === 4) { - this.fingerprint = await mod.hash.sha1(toHash); - } else { - throw new Error('Unsupported key version'); - } - } + // second car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - /** - * Returns the fingerprint of the key, as an array of bytes - * @returns {Uint8Array} A Uint8Array containing the fingerprint - */ - getFingerprintBytes() { - return this.fingerprint; - } + o[ 0] = t0; + o[ 1] = t1; + o[ 2] = t2; + o[ 3] = t3; + o[ 4] = t4; + o[ 5] = t5; + o[ 6] = t6; + o[ 7] = t7; + o[ 8] = t8; + o[ 9] = t9; + o[10] = t10; + o[11] = t11; + o[12] = t12; + o[13] = t13; + o[14] = t14; + o[15] = t15; +} - /** - * Calculates and returns the fingerprint of the key, as a string - * @returns {String} A string containing the fingerprint in lowercase hex - */ - getFingerprint() { - return util.uint8ArrayToHex(this.getFingerprintBytes()); - } +function S(o, a) { + M(o, a, a); +} - /** - * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint - * @returns {Boolean} Whether the two keys have the same version and public key data. - */ - hasSameFingerprintAs(other) { - return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); +function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 253; a >= 0; a--) { + S(c, c); + if(a !== 2 && a !== 4) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; +} - /** - * Returns algorithm information - * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. - */ - getAlgorithmInfo() { - const result = {}; - result.algorithm = enums.read(enums.publicKey, this.algorithm); - // RSA, DSA or ElGamal public modulo - const modulo = this.publicParams.n || this.publicParams.p; - if (modulo) { - result.bits = util.uint8ArrayBitLength(modulo); - } else if (this.publicParams.oid) { - result.curve = this.publicParams.oid.getName(); - } - return result; +function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 250; a >= 0; a--) { + S(c, c); + if(a !== 1) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; } -/** - * Alias of read() - * @see PublicKeyPacket#read - */ -PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; - -/** - * Alias of write() - * @see PublicKeyPacket#write - */ -PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A SE packet can contain the following packet types -const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -/** - * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: - * The Symmetrically Encrypted Data packet contains data encrypted with a - * symmetric-key algorithm. When it has been decrypted, it contains other - * packets (usually a literal data packet or compressed data packet, but in - * theory other Symmetrically Encrypted Data packets or sequences of packets - * that form whole OpenPGP messages). - */ -class SymmetricallyEncryptedDataPacket { - static get tag() { - return enums.packet.symmetricallyEncryptedData; +function crypto_scalarmult(q, n, p) { + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; } - - constructor() { - /** - * Encrypted secret-key data - */ - this.encrypted = null; - /** - * Decrypted packets contained within. - * @type {PacketList} - */ - this.packets = null; + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); } - - read(bytes) { - this.encrypted = bytes; + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; +} - write() { - return this.encrypted; - } +function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); +} - /** - * Decrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config +function crypto_box_keypair(y, x) { + randombytes(x, 32); + return crypto_scalarmult_base(y, x); +} + +var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 +]; - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error - if (!config$1.allowUnauthenticatedMessages) { - throw new Error('Message is not authenticated.'); +function crypto_hashblocks_hl(hh, hl, m, n) { + var wh = new Int32Array(16), wl = new Int32Array(16), + bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, + bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, + th, tl, i, j, h, l, a, b, c, d; + + var ah0 = hh[0], + ah1 = hh[1], + ah2 = hh[2], + ah3 = hh[3], + ah4 = hh[4], + ah5 = hh[5], + ah6 = hh[6], + ah7 = hh[7], + + al0 = hl[0], + al1 = hl[1], + al2 = hl[2], + al3 = hl[3], + al4 = hl[4], + al5 = hl[5], + al6 = hl[6], + al7 = hl[7]; + + var pos = 0; + while (n >= 128) { + for (i = 0; i < 16; i++) { + j = 8 * i + pos; + wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; + wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; } + for (i = 0; i < 80; i++) { + bh0 = ah0; + bh1 = ah1; + bh2 = ah2; + bh3 = ah3; + bh4 = ah4; + bh5 = ah5; + bh6 = ah6; + bh7 = ah7; - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - const encrypted = await readToEnd(clone(this.encrypted)); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, - encrypted.subarray(blockSize + 2), - encrypted.subarray(2, blockSize + 2) - ); - - this.packets = await PacketList.fromBinary(decrypted, allowedPackets$3, config$1); - } + bl0 = al0; + bl1 = al1; + bl2 = al2; + bl3 = al3; + bl4 = al4; + bl5 = al5; + bl6 = al6; + bl7 = al7; - /** - * Encrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const data = this.packets.write(); - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + // add + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma1 + h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); + l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Ch + h = (ah4 & ah5) ^ (~ah4 & ah6); + l = (al4 & al5) ^ (~al4 & al6); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // K + h = K[i*2]; + l = K[i*2+1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // w + h = wh[i%16]; + l = wl[i%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + th = c & 0xffff | d << 16; + tl = a & 0xffff | b << 16; + + // add + h = th; + l = tl; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma0 + h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); + l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const FRE = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); - const ciphertext = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); - this.encrypted = util.concat([FRE, ciphertext]); - } -} + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; -// GPG4Browsers - An OpenPGP implementation in javascript + // Maj + h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); + l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); -/** - * Implementation of the strange "Marker packet" (Tag 10) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: - * An experimental version of PGP used this packet as the Literal - * packet, but no released version of PGP generated Literal packets with this - * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as - * the Marker packet. - * - * The body of this packet consists of: - * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). - * - * Such a packet MUST be ignored when received. It may be placed at the - * beginning of a message that uses features not available in PGP - * version 2.6 in order to cause that version to report that newer - * software is necessary to process the message. - */ -class MarkerPacket { - static get tag() { - return enums.packet.marker; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Parsing function for a marker data packet (tag 10). - * @param {Uint8Array} bytes - Payload of a tag 10 packet - * @returns {Boolean} whether the packet payload contains "PGP" - */ - read(bytes) { - if (bytes[0] === 0x50 && // P - bytes[1] === 0x47 && // G - bytes[2] === 0x50) { // P - return true; - } - return false; - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - write() { - return new Uint8Array([0x50, 0x47, 0x50]); - } -} + bh7 = (c & 0xffff) | (d << 16); + bl7 = (a & 0xffff) | (b << 16); -// GPG4Browsers - An OpenPGP implementation in javascript + // add + h = bh3; + l = bl3; -/** - * A Public-Subkey packet (tag 14) has exactly the same format as a - * Public-Key packet, but denotes a subkey. One or more subkeys may be - * associated with a top-level key. By convention, the top-level key - * provides signature services, and the subkeys provide encryption - * services. - * @extends PublicKeyPacket - */ -class PublicSubkeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.publicSubkey; - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - // eslint-disable-next-line no-useless-constructor - constructor(date, config) { - super(date, config); - } + h = th; + l = tl; - /** - * Create a PublicSubkeyPacket from a SecretSubkeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert - * @returns {SecretSubkeyPacket} public key packet - * @static - */ - static fromSecretSubkeyPacket(secretSubkeyPacket) { - const keyPacket = new PublicSubkeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } -} + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; -// GPG4Browsers - An OpenPGP implementation in javascript + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; -/** - * Implementation of the User Attribute Packet (Tag 17) - * - * The User Attribute packet is a variation of the User ID packet. It - * is capable of storing more types of data than the User ID packet, - * which is limited to text. Like the User ID packet, a User Attribute - * packet may be certified by the key owner ("self-signed") or any other - * key owner who cares to certify it. Except as noted, a User Attribute - * packet may be used anywhere that a User ID packet may be used. - * - * While User Attribute packets are not a required part of the OpenPGP - * standard, implementations SHOULD provide at least enough - * compatibility to properly handle a certification signature on the - * User Attribute packet. A simple way to do this is by treating the - * User Attribute packet as a User ID packet with opaque contents, but - * an implementation may use any method desired. - */ -class UserAttributePacket { - static get tag() { - return enums.packet.userAttribute; - } + bh3 = (c & 0xffff) | (d << 16); + bl3 = (a & 0xffff) | (b << 16); - constructor() { - this.attributes = []; - } + ah1 = bh0; + ah2 = bh1; + ah3 = bh2; + ah4 = bh3; + ah5 = bh4; + ah6 = bh5; + ah7 = bh6; + ah0 = bh7; - /** - * parsing function for a user attribute packet (tag 17). - * @param {Uint8Array} input - Payload of a tag 17 packet - */ - read(bytes) { - let i = 0; - while (i < bytes.length) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; + al1 = bl0; + al2 = bl1; + al3 = bl2; + al4 = bl3; + al5 = bl4; + al6 = bl5; + al7 = bl6; + al0 = bl7; - this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); - i += len.len; - } - } + if (i%16 === 15) { + for (j = 0; j < 16; j++) { + // add + h = wh[j]; + l = wl[j]; - /** - * Creates a binary representation of the user attribute packet - * @returns {Uint8Array} String representation. - */ - write() { - const arr = []; - for (let i = 0; i < this.attributes.length; i++) { - arr.push(writeSimpleLength(this.attributes[i].length)); - arr.push(util.stringToUint8Array(this.attributes[i])); - } - return util.concatUint8Array(arr); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - /** - * Compare for equality - * @param {UserAttributePacket} usrAttr - * @returns {Boolean} True if equal. - */ - equals(usrAttr) { - if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { - return false; - } - return this.attributes.every(function(attr, index) { - return attr === usrAttr.attributes[index]; - }); - } -} + h = wh[(j+9)%16]; + l = wl[(j+9)%16]; -// GPG4Browsers - An OpenPGP implementation in javascript + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; -/** - * A Secret-Key packet contains all the information that is found in a - * Public-Key packet, including the public-key material, but also - * includes the secret-key material after all the public-key fields. - * @extends PublicKeyPacket - */ -class SecretKeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.secretKey; - } + // sigma0 + th = wh[(j+1)%16]; + tl = wl[(j+1)%16]; + h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); + l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - /** - * Secret-key data - */ - this.keyMaterial = null; - /** - * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. - */ - this.isEncrypted = null; - /** - * S2K usage - * @type {enums.symmetric} - */ - this.s2kUsage = 0; - /** - * S2K object - * @type {type/s2k} - */ - this.s2k = null; - /** - * Symmetric algorithm to encrypt the key with - * @type {enums.symmetric} - */ - this.symmetric = null; - /** - * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aead = null; - /** - * Decrypted private parameters, referenced by name - * @type {Object} - */ - this.privateParams = null; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - // 5.5.3. Secret-Key Packet Formats + // sigma1 + th = wh[(j+14)%16]; + tl = wl[(j+14)%16]; + h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); + l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); - /** - * Internal parser for private keys as specified in - * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} - * @param {Uint8Array} bytes - Input string to read the packet from - * @async - */ - async read(bytes) { - // - A Public-Key or Public-Subkey packet, as described above. - let i = await this.readPublicKey(bytes); - const startOfSecretKeyData = i; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - // - One octet indicating string-to-key usage conventions. Zero - // indicates that the secret-key data is not encrypted. 255 or 254 - // indicates that a string-to-key specifier is being given. Any - // other value is a symmetric-key encryption algorithm identifier. - this.s2kUsage = bytes[i++]; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - // - Only for a version 5 packet, a one-octet scalar octet count of - // the next 4 optional fields. - if (this.version === 5) { - i++; + wh[j] = (c & 0xffff) | (d << 16); + wl[j] = (a & 0xffff) | (b << 16); + } + } } - try { - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one-octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - this.symmetric = bytes[i++]; + // add + h = ah0; + l = al0; - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - this.aead = bytes[i++]; - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - this.s2k = new S2K(); - i += this.s2k.read(bytes.subarray(i, bytes.length)); + h = hh[0]; + l = hl[0]; - if (this.s2k.type === 'gnu-dummy') { - return; - } - } else if (this.s2kUsage) { - this.symmetric = this.s2kUsage; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage) { - this.iv = bytes.subarray( - i, - i + mod.getCipher(this.symmetric).blockSize - ); + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - i += this.iv.length; - } - } catch (e) { - // if the s2k is unsupported, we still want to support encrypting and verifying with the given key - if (!this.s2kUsage) throw e; // always throw for decrypted keys - this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); - this.isEncrypted = true; - } + hh[0] = ah0 = (c & 0xffff) | (d << 16); + hl[0] = al0 = (a & 0xffff) | (b << 16); - // - Only for a version 5 packet, a four-octet scalar octet count for - // the following key material. - if (this.version === 5) { - i += 4; - } + h = ah1; + l = al1; - // - Plain or encrypted multiprecision integers comprising the secret - // key data. These algorithm-specific fields are as described - // below. - this.keyMaterial = bytes.subarray(i); - this.isEncrypted = !!this.s2kUsage; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (!this.isEncrypted) { - const cleartext = this.keyMaterial.subarray(0, -2); - if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { - throw new Error('Key checksum mismatch'); - } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - if (err instanceof UnsupportedError) throw err; - // avoid throwing potentially sensitive errors - throw new Error('Error reading MPIs'); - } - } - } + h = hh[1]; + l = hl[1]; - /** - * Creates an OpenPGP key packet for the given key. - * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. - */ - write() { - const serializedPublicKey = this.writePublicKey(); - if (this.unparseableKeyMaterial) { - return util.concatUint8Array([ - serializedPublicKey, - this.unparseableKeyMaterial - ]); - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - const arr = [serializedPublicKey]; - arr.push(new Uint8Array([this.s2kUsage])); + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - const optionalFieldsArr = []; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one- octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - optionalFieldsArr.push(this.symmetric); + hh[1] = ah1 = (c & 0xffff) | (d << 16); + hl[1] = al1 = (a & 0xffff) | (b << 16); - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - optionalFieldsArr.push(this.aead); - } + h = ah2; + l = al2; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - optionalFieldsArr.push(...this.s2k.write()); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { - optionalFieldsArr.push(...this.iv); - } + h = hh[2]; + l = hl[2]; - if (this.version === 5) { - arr.push(new Uint8Array([optionalFieldsArr.length])); - } - arr.push(new Uint8Array(optionalFieldsArr)); + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - if (!this.isDummy()) { - if (!this.s2kUsage) { - this.keyMaterial = mod.serializeParams(this.algorithm, this.privateParams); - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - if (this.version === 5) { - arr.push(util.writeNumber(this.keyMaterial.length, 4)); - } - arr.push(this.keyMaterial); + hh[2] = ah2 = (c & 0xffff) | (d << 16); + hl[2] = al2 = (a & 0xffff) | (b << 16); - if (!this.s2kUsage) { - arr.push(util.writeChecksum(this.keyMaterial)); - } - } + h = ah3; + l = al3; - return util.concatUint8Array(arr); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - /** - * Check whether secret-key data is available in decrypted form. - * Returns false for gnu-dummy keys and null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return this.isEncrypted === false; - } + h = hh[3]; + l = hl[3]; - /** - * Check whether the key includes secret key material. - * Some secret keys do not include it, and can thus only be used - * for public-key operations (encryption and verification). - * Such keys are: - * - GNU-dummy keys, where the secret material has been stripped away - * - encrypted keys with unsupported S2K or cipher - */ - isMissingSecretKeyMaterial() { - return this.unparseableKeyMaterial !== undefined || this.isDummy(); - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Check whether this is a gnu-dummy key - * @returns {Boolean} - */ - isDummy() { - return !!(this.s2k && this.s2k.type === 'gnu-dummy'); - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - /** - * Remove private key material, converting the key to a dummy one. - * The resulting key cannot be used for signing/decrypting but can still verify signatures. - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - makeDummy(config$1 = config) { - if (this.isDummy()) { - return; - } - if (this.isDecrypted()) { - this.clearPrivateParams(); - } - delete this.unparseableKeyMaterial; - this.isEncrypted = null; - this.keyMaterial = null; - this.s2k = new S2K(config$1); - this.s2k.algorithm = 0; - this.s2k.c = 0; - this.s2k.type = 'gnu-dummy'; - this.s2kUsage = 254; - this.symmetric = enums.symmetric.aes256; - } + hh[3] = ah3 = (c & 0xffff) | (d << 16); + hl[3] = al3 = (a & 0xffff) | (b << 16); - /** - * Encrypt the payload. By default, we use aes256 and iterated, salted string - * to key specifier. If the key is in a decrypted state (isEncrypted === false) - * and the passphrase is empty or undefined, the key will be set as not encrypted. - * This can be used to remove passphrase protection after calling decrypt(). - * @param {String} passphrase - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - if (this.isDummy()) { - return; - } + h = ah4; + l = al4; - if (!this.isDecrypted()) { - throw new Error('Key packet is already encrypted'); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (!passphrase) { - throw new Error('A non-empty passphrase is required for key encryption.'); - } + h = hh[4]; + l = hl[4]; - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - const cleartext = mod.serializeParams(this.algorithm, this.privateParams); - this.symmetric = enums.symmetric.aes256; - const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - const { blockSize } = mod.getCipher(this.symmetric); - this.iv = mod.random.getRandomBytes(blockSize); + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - if (config$1.aeadProtect) { - this.s2kUsage = 253; - this.aead = enums.aead.eax; - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } else { - this.s2kUsage = 254; - this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ - cleartext, - await mod.hash.sha1(cleartext, config$1) - ]), this.iv, config$1); - } - } + hh[4] = ah4 = (c & 0xffff) | (d << 16); + hl[4] = al4 = (a & 0xffff) | (b << 16); - /** - * Decrypts the private key params which are needed to use the key. - * Successful decryption does not imply key integrity, call validate() to confirm that. - * {@link SecretKeyPacket.isDecrypted} should be false, as - * otherwise calls to this function will throw an error. - * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if the key is already decrypted, or if decryption was not successful - * @async - */ - async decrypt(passphrase) { - if (this.isDummy()) { - return false; - } + h = ah5; + l = al5; - if (this.unparseableKeyMaterial) { - throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (this.isDecrypted()) { - throw new Error('Key packet is already decrypted.'); - } + h = hh[5]; + l = hl[5]; - let key; - if (this.s2kUsage === 254 || this.s2kUsage === 253) { - key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - } else if (this.s2kUsage === 255) { - throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); - } else { - throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - let cleartext; - if (this.s2kUsage === 253) { - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - try { - cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } catch (err) { - if (err.message === 'Authentication tag mismatch') { - throw new Error('Incorrect key passphrase: ' + err.message); - } - throw err; - } - } else { - const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[5] = ah5 = (c & 0xffff) | (d << 16); + hl[5] = al5 = (a & 0xffff) | (b << 16); + + h = ah6; + l = al6; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[6]; + l = hl[6]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[6] = ah6 = (c & 0xffff) | (d << 16); + hl[6] = al6 = (a & 0xffff) | (b << 16); + + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[7]; + l = hl[7]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[7] = ah7 = (c & 0xffff) | (d << 16); + hl[7] = al7 = (a & 0xffff) | (b << 16); + + pos += 128; + n -= 128; + } + + return n; +} + +function crypto_hash(out, m, n) { + var hh = new Int32Array(8), + hl = new Int32Array(8), + x = new Uint8Array(256), + i, b = n; - cleartext = cleartextWithHash.subarray(0, -20); - const hash = await mod.hash.sha1(cleartext); + hh[0] = 0x6a09e667; + hh[1] = 0xbb67ae85; + hh[2] = 0x3c6ef372; + hh[3] = 0xa54ff53a; + hh[4] = 0x510e527f; + hh[5] = 0x9b05688c; + hh[6] = 0x1f83d9ab; + hh[7] = 0x5be0cd19; - if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { - throw new Error('Incorrect key passphrase'); - } - } + hl[0] = 0xf3bcc908; + hl[1] = 0x84caa73b; + hl[2] = 0xfe94f82b; + hl[3] = 0x5f1d36f1; + hl[4] = 0xade682d1; + hl[5] = 0x2b3e6c1f; + hl[6] = 0xfb41bd6b; + hl[7] = 0x137e2179; - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - throw new Error('Error reading MPIs'); - } - this.isEncrypted = false; - this.keyMaterial = null; - this.s2kUsage = 0; - } + crypto_hashblocks_hl(hh, hl, m, n); + n %= 128; - /** - * Checks that the key parameters are consistent - * @throws {Error} if validation was not successful - * @async - */ - async validate() { - if (this.isDummy()) { - return; - } + for (i = 0; i < n; i++) x[i] = m[b-n+i]; + x[n] = 128; - if (!this.isDecrypted()) { - throw new Error('Key is not decrypted'); - } + n = 256-128*(n<112?1:0); + x[n-9] = 0; + ts64(x, n-8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(hh, hl, x, n); - let validParams; - try { - // this can throw if some parameters are undefined - validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); - } catch (_) { - validParams = false; - } - if (!validParams) { - throw new Error('Key is invalid'); - } - } + for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); - async generate(bits, curve) { - const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); - this.privateParams = privateParams; - this.publicParams = publicParams; - this.isEncrypted = false; + return 0; +} + +function add$1(p, q) { + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(), + g = gf(), h = gf(), t = gf(); + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); + + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); +} + +function cswap(p, q, b) { + var i; + for (i = 0; i < 4; i++) { + sel25519(p[i], q[i], b); } +} - /** - * Clear private key parameters - */ - clearPrivateParams() { - if (this.isMissingSecretKeyMaterial()) { - return; - } +function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; +} - Object.keys(this.privateParams).forEach(name => { - const param = this.privateParams[name]; - param.fill(0); - delete this.privateParams[name]; - }); - this.privateParams = null; - this.isEncrypted = true; +function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = (s[(i/8)|0] >> (i&7)) & 1; + cswap(p, q, b); + add$1(q, p); + add$1(p, p); + cswap(p, q, b); } } -async function produceEncryptionKey(s2k, passphrase, algorithm) { - const { keySize } = mod.getCipher(algorithm); - return s2k.produceKey(passphrase, keySize); +function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); } -var emailAddresses = createCommonjsModule(function (module) { -// email-addresses.js - RFC 5322 email address parser -// v 3.1.0 -// -// http://tools.ietf.org/html/rfc5322 -// -// This library does not validate email addresses. -// emailAddresses attempts to parse addresses using the (fairly liberal) -// grammar specified in RFC 5322. -// -// email-addresses returns { -// ast: , -// addresses: [{ -// node: , -// name: , -// address: , -// local: , -// domain: -// }, ...] -// } -// -// emailAddresses.parseOneAddress and emailAddresses.parseAddressList -// work as you might expect. Try it out. -// -// Many thanks to Dominic Sayers and his documentation on the is_email function, -// http://code.google.com/p/isemail/ , which helped greatly in writing this parser. +function crypto_sign_keypair(pk, sk, seeded) { + var d = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()]; + var i; -(function (global) { + if (!seeded) randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; -function parse5322(opts) { + scalarbase(p, d); + pack(pk, p); + + for (i = 0; i < 32; i++) sk[i+32] = pk[i]; + return 0; +} - // tokenizing functions +var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - function inStr() { return pos < len; } - function curTok() { return parseString[pos]; } - function getPos() { return pos; } - function setPos(i) { pos = i; } - function nextTok() { pos += 1; } - function initialize() { - pos = 0; - len = parseString.length; +function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = Math.floor((x[j] + 128) / 256); + x[j] -= carry * 256; } + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; j++) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; j++) x[j] -= carry * L[j]; + for (i = 0; i < 32; i++) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; + } +} - // parser helper functions +function reduce(r) { + var x = new Float64Array(64), i; + for (i = 0; i < 64; i++) x[i] = r[i]; + for (i = 0; i < 64; i++) r[i] = 0; + modL(r, x); +} - function o(name, value) { - return { - name: name, - tokens: value || "", - semantic: value || "", - children: [] - }; - } +// Note: difference from C - smlen returned, not passed as argument. +function crypto_sign(sm, m, n, sk) { + var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; - function wrap(name, ast) { - var n; - if (ast === null) { return null; } - n = o(name); - n.tokens = ast.tokens; - n.semantic = ast.semantic; - n.children.push(ast); - return n; - } + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; - function add(parent, child) { - if (child !== null) { - parent.tokens += child.tokens; - parent.semantic += child.semantic; - } - parent.children.push(child); - return parent; - } + var smlen = n + 64; + for (i = 0; i < n; i++) sm[64 + i] = m[i]; + for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - function compareToken(fxnCompare) { - var tok; - if (!inStr()) { return null; } - tok = curTok(); - if (fxnCompare(tok)) { - nextTok(); - return o('token', tok); - } - return null; - } + crypto_hash(r, sm.subarray(32), n+32); + reduce(r); + scalarbase(p, r); + pack(sm, p); - function literal(lit) { - return function literalFunc() { - return wrap('literal', compareToken(function (tok) { - return tok === lit; - })); - }; - } + for (i = 32; i < 64; i++) sm[i] = sk[i]; + crypto_hash(h, sm, n + 64); + reduce(h); - function and() { - var args = arguments; - return function andFunc() { - var i, s, result, start; - start = getPos(); - s = o('and'); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result === null) { - setPos(start); - return null; - } - add(s, result); - } - return s; - }; + for (i = 0; i < 64; i++) x[i] = 0; + for (i = 0; i < 32; i++) x[i] = r[i]; + for (i = 0; i < 32; i++) { + for (j = 0; j < 32; j++) { + x[i+j] += h[i] * d[j]; } + } - function or() { - var args = arguments; - return function orFunc() { - var i, result, start; - start = getPos(); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result !== null) { - return result; - } - setPos(start); - } - return null; - }; - } + modL(sm.subarray(32), x); + return smlen; +} - function opt(prod) { - return function optFunc() { - var result, start; - start = getPos(); - result = prod(); - if (result !== null) { - return result; - } - else { - setPos(start); - return o('opt'); - } - }; - } +function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), + den = gf(), den2 = gf(), den4 = gf(), + den6 = gf(); - function invis(prod) { - return function invisFunc() { - var result = prod(); - if (result !== null) { - result.semantic = ""; - } - return result; - }; - } + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); - function colwsp(prod) { - return function collapseSemanticWhitespace() { - var result = prod(); - if (result !== null && result.semantic.length > 0) { - result.semantic = " "; - } - return result; - }; - } + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); - function star(prod, minimum) { - return function starFunc() { - var s, result, count, start, min; - start = getPos(); - s = o('star'); - count = 0; - min = minimum === undefined ? 0 : minimum; - while ((result = prod()) !== null) { - count = count + 1; - add(s, result); - } - if (count >= min) { - return s; - } - else { - setPos(start); - return null; - } - }; - } + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); - // One expects names to get normalized like this: - // " First Last " -> "First Last" - // "First Last" -> "First Last" - // "First Last" -> "First Last" - function collapseWhitespace(s) { - return s.replace(/([ \t]|\r\n)+/g, ' ').replace(/^\s*/, '').replace(/\s*$/, ''); - } + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) M(r[0], r[0], I); - // UTF-8 pseudo-production (RFC 6532) - // RFC 6532 extends RFC 5322 productions to include UTF-8 - // using the following productions: - // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4 - // UTF8-2 = - // UTF8-3 = - // UTF8-4 = - // - // For reference, the extended RFC 5322 productions are: - // VCHAR =/ UTF8-non-ascii - // ctext =/ UTF8-non-ascii - // atext =/ UTF8-non-ascii - // qtext =/ UTF8-non-ascii - // dtext =/ UTF8-non-ascii - function isUTF8NonAscii(tok) { - // In JavaScript, we just deal directly with Unicode code points, - // so we aren't checking individual bytes for UTF-8 encoding. - // Just check that the character is non-ascii. - return tok.charCodeAt(0) >= 128; - } - - - // common productions (RFC 5234) - // http://tools.ietf.org/html/rfc5234 - // B.1. Core Rules - - // CR = %x0D - // ; carriage return - function cr() { return wrap('cr', literal('\r')()); } - - // CRLF = CR LF - // ; Internet standard newline - function crlf() { return wrap('crlf', and(cr, lf)()); } - - // DQUOTE = %x22 - // ; " (Double Quote) - function dquote() { return wrap('dquote', literal('"')()); } - - // HTAB = %x09 - // ; horizontal tab - function htab() { return wrap('htab', literal('\t')()); } - - // LF = %x0A - // ; linefeed - function lf() { return wrap('lf', literal('\n')()); } - - // SP = %x20 - function sp() { return wrap('sp', literal(' ')()); } - - // VCHAR = %x21-7E - // ; visible (printing) characters - function vchar() { - return wrap('vchar', compareToken(function vcharFunc(tok) { - var code = tok.charCodeAt(0); - var accept = (0x21 <= code && code <= 0x7E); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) return -1; + + if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); + + M(r[3], r[0], r[1]); + return 0; +} - // WSP = SP / HTAB - // ; white space - function wsp() { return wrap('wsp', or(sp, htab)()); } - - - // email productions (RFC 5322) - // http://tools.ietf.org/html/rfc5322 - // 3.2.1. Quoted characters - - // quoted-pair = ("\" (VCHAR / WSP)) / obs-qp - function quotedPair() { - var qp = wrap('quoted-pair', - or( - and(literal('\\'), or(vchar, wsp)), - obsQP - )()); - if (qp === null) { return null; } - // a quoted pair will be two characters, and the "\" character - // should be semantically "invisible" (RFC 5322 3.2.1) - qp.semantic = qp.semantic[1]; - return qp; - } - - // 3.2.2. Folding White Space and Comments - - // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS - function fws() { - return wrap('fws', or( - obsFws, - and( - opt(and( - star(wsp), - invis(crlf) - )), - star(wsp, 1) - ) - )()); - } - - // ctext = %d33-39 / ; Printable US-ASCII - // %d42-91 / ; characters not including - // %d93-126 / ; "(", ")", or "\" - // obs-ctext - function ctext() { - return wrap('ctext', or( - function ctextFunc1() { - return compareToken(function ctextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 39) || - (42 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsCtext - )()); - } - - // ccontent = ctext / quoted-pair / comment - function ccontent() { - return wrap('ccontent', or(ctext, quotedPair, comment)()); - } - - // comment = "(" *([FWS] ccontent) [FWS] ")" - function comment() { - return wrap('comment', and( - literal('('), - star(and(opt(fws), ccontent)), - opt(fws), - literal(')') - )()); - } - - // CFWS = (1*([FWS] comment) [FWS]) / FWS - function cfws() { - return wrap('cfws', or( - and( - star( - and(opt(fws), comment), - 1 - ), - opt(fws) - ), - fws - )()); - } - - // 3.2.3. Atom - - //atext = ALPHA / DIGIT / ; Printable US-ASCII - // "!" / "#" / ; characters not including - // "$" / "%" / ; specials. Used for atoms. - // "&" / "'" / - // "*" / "+" / - // "-" / "/" / - // "=" / "?" / - // "^" / "_" / - // "`" / "{" / - // "|" / "}" / - // "~" - function atext() { - return wrap('atext', compareToken(function atextFunc(tok) { - var accept = - ('a' <= tok && tok <= 'z') || - ('A' <= tok && tok <= 'Z') || - ('0' <= tok && tok <= '9') || - (['!', '#', '$', '%', '&', '\'', '*', '+', '-', '/', - '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } +function crypto_sign_open(m, sm, n, pk) { + var i; + var t = new Uint8Array(32), h = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()], + q = [gf(), gf(), gf(), gf()]; - // atom = [CFWS] 1*atext [CFWS] - function atom() { - return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))()); - } + if (n < 64) return -1; - // dot-atom-text = 1*atext *("." 1*atext) - function dotAtomText() { - var s, maybeText; - s = wrap('dot-atom-text', star(atext, 1)()); - if (s === null) { return s; } - maybeText = star(and(literal('.'), star(atext, 1)))(); - if (maybeText !== null) { - add(s, maybeText); - } - return s; - } - - // dot-atom = [CFWS] dot-atom-text [CFWS] - function dotAtom() { - return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))()); - } - - // 3.2.4. Quoted Strings - - // qtext = %d33 / ; Printable US-ASCII - // %d35-91 / ; characters not including - // %d93-126 / ; "\" or the quote character - // obs-qtext - function qtext() { - return wrap('qtext', or( - function qtextFunc1() { - return compareToken(function qtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 === code) || - (35 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsQtext - )()); - } + if (unpackneg(q, pk)) return -1; - // qcontent = qtext / quoted-pair - function qcontent() { - return wrap('qcontent', or(qtext, quotedPair)()); - } + for (i = 0; i < n; i++) m[i] = sm[i]; + for (i = 0; i < 32; i++) m[i+32] = pk[i]; + crypto_hash(h, m, n); + reduce(h); + scalarmult(p, q, h); - // quoted-string = [CFWS] - // DQUOTE *([FWS] qcontent) [FWS] DQUOTE - // [CFWS] - function quotedString() { - return wrap('quoted-string', and( - invis(opt(cfws)), - invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote), - invis(opt(cfws)) - )()); - } + scalarbase(q, sm.subarray(32)); + add$1(p, q); + pack(t, p); - // 3.2.5 Miscellaneous Tokens + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; i++) m[i] = 0; + return -1; + } - // word = atom / quoted-string - function word() { - return wrap('word', or(atom, quotedString)()); - } + for (i = 0; i < n; i++) m[i] = sm[i + 64]; + return n; +} - // phrase = 1*word / obs-phrase - function phrase() { - return wrap('phrase', or(obsPhrase, star(word, 1))()); - } +var crypto_scalarmult_BYTES = 32, + crypto_scalarmult_SCALARBYTES = 32, + crypto_box_PUBLICKEYBYTES = 32, + crypto_box_SECRETKEYBYTES = 32, + crypto_sign_BYTES = 64, + crypto_sign_PUBLICKEYBYTES = 32, + crypto_sign_SECRETKEYBYTES = 64, + crypto_sign_SEEDBYTES = 32; - // 3.4. Address Specification - // address = mailbox / group - function address() { - return wrap('address', or(mailbox, group)()); - } +function checkArrayTypes() { + for (var i = 0; i < arguments.length; i++) { + if (!(arguments[i] instanceof Uint8Array)) + throw new TypeError('unexpected type, use Uint8Array'); + } +} - // mailbox = name-addr / addr-spec - function mailbox() { - return wrap('mailbox', or(nameAddr, addrSpec)()); - } +function cleanup(arr) { + for (var i = 0; i < arr.length; i++) arr[i] = 0; +} - // name-addr = [display-name] angle-addr - function nameAddr() { - return wrap('name-addr', and(opt(displayName), angleAddr)()); - } +nacl.scalarMult = function(n, p) { + checkArrayTypes(n, p); + if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); + if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); + var q = new Uint8Array(crypto_scalarmult_BYTES); + crypto_scalarmult(q, n, p); + return q; +}; - // angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / - // obs-angle-addr - function angleAddr() { - return wrap('angle-addr', or( - and( - invis(opt(cfws)), - literal('<'), - addrSpec, - literal('>'), - invis(opt(cfws)) - ), - obsAngleAddr - )()); - } +nacl.box = {}; - // group = display-name ":" [group-list] ";" [CFWS] - function group() { - return wrap('group', and( - displayName, - literal(':'), - opt(groupList), - literal(';'), - invis(opt(cfws)) - )()); - } +nacl.box.keyPair = function() { + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); + crypto_box_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; - // display-name = phrase - function displayName() { - return wrap('display-name', function phraseFixedSemantic() { - var result = phrase(); - if (result !== null) { - result.semantic = collapseWhitespace(result.semantic); - } - return result; - }()); - } - - // mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list - function mailboxList() { - return wrap('mailbox-list', or( - and( - mailbox, - star(and(literal(','), mailbox)) - ), - obsMboxList - )()); - } - - // address-list = (address *("," address)) / obs-addr-list - function addressList() { - return wrap('address-list', or( - and( - address, - star(and(literal(','), address)) - ), - obsAddrList - )()); - } - - // group-list = mailbox-list / CFWS / obs-group-list - function groupList() { - return wrap('group-list', or( - mailboxList, - invis(cfws), - obsGroupList - )()); - } - - // 3.4.1 Addr-Spec Specification - - // local-part = dot-atom / quoted-string / obs-local-part - function localPart() { - // note: quoted-string, dotAtom are proper subsets of obs-local-part - // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree - return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)()); - } - - // dtext = %d33-90 / ; Printable US-ASCII - // %d94-126 / ; characters not including - // obs-dtext ; "[", "]", or "\" - function dtext() { - return wrap('dtext', or( - function dtextFunc1() { - return compareToken(function dtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 90) || - (94 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsDtext - )() - ); - } +nacl.box.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_box_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + crypto_scalarmult_base(pk, secretKey); + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; - // domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS] - function domainLiteral() { - return wrap('domain-literal', and( - invis(opt(cfws)), - literal('['), - star(and(opt(fws), dtext)), - opt(fws), - literal(']'), - invis(opt(cfws)) - )()); - } - - // domain = dot-atom / domain-literal / obs-domain - function domain() { - return wrap('domain', function domainCheckTLD() { - var result = or(obsDomain, dotAtom, domainLiteral)(); - if (opts.rejectTLD) { - if (result && result.semantic && result.semantic.indexOf('.') < 0) { - return null; - } - } - // strip all whitespace from domains - if (result) { - result.semantic = result.semantic.replace(/\s+/g, ''); - } - return result; - }()); - } - - // addr-spec = local-part "@" domain - function addrSpec() { - return wrap('addr-spec', and( - localPart, literal('@'), domain - )()); - } - - // 3.6.2 Originator Fields - // Below we only parse the field body, not the name of the field - // like "From:", "Sender:", or "Reply-To:". Other libraries that - // parse email headers can parse those and defer to these productions - // for the "RFC 5322" part. - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // from = "From:" (mailbox-list / address-list) CRLF - function fromSpec() { - return wrap('from', or( - mailboxList, - addressList - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // sender = "Sender:" (mailbox / address) CRLF - function senderSpec() { - return wrap('sender', or( - mailbox, - address - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // reply-to = "Reply-To:" address-list CRLF - function replyToSpec() { - return wrap('reply-to', addressList()); - } - - // 4.1. Miscellaneous Obsolete Tokens - - // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control - // %d11 / ; characters that do not - // %d12 / ; include the carriage - // %d14-31 / ; return, line feed, and - // %d127 ; white space characters - function obsNoWsCtl() { - return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) { - var code = tok.charCodeAt(0); - return ((1 <= code && code <= 8) || - (11 === code || 12 === code) || - (14 <= code && code <= 31) || - (127 === code)); - })); - } +nacl.sign = function(msg, secretKey) { + checkArrayTypes(msg, secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); + crypto_sign(signedMsg, msg, msg.length, secretKey); + return signedMsg; +}; - // obs-ctext = obs-NO-WS-CTL - function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); } - - // obs-qtext = obs-NO-WS-CTL - function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); } - - // obs-qp = "\" (%d0 / obs-NO-WS-CTL / LF / CR) - function obsQP() { - return opts.strict ? null : wrap('obs-qp', and( - literal('\\'), - or(literal('\0'), obsNoWsCtl, lf, cr) - )()); - } - - // obs-phrase = word *(word / "." / CFWS) - function obsPhrase() { - if (opts.strict ) return null; - return opts.atInDisplayName ? wrap('obs-phrase', and( - word, - star(or(word, literal('.'), literal('@'), colwsp(cfws))) - )()) : - wrap('obs-phrase', and( - word, - star(or(word, literal('.'), colwsp(cfws))) - )()); - } - - // 4.2. Obsolete Folding White Space - - // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908 - // obs-FWS = 1*([CRLF] WSP) - function obsFws() { - return opts.strict ? null : wrap('obs-FWS', star( - and(invis(opt(crlf)), wsp), - 1 - )()); - } - - // 4.4. Obsolete Addressing - - // obs-angle-addr = [CFWS] "<" obs-route addr-spec ">" [CFWS] - function obsAngleAddr() { - return opts.strict ? null : wrap('obs-angle-addr', and( - invis(opt(cfws)), - literal('<'), - obsRoute, - addrSpec, - literal('>'), - invis(opt(cfws)) - )()); - } - - // obs-route = obs-domain-list ":" - function obsRoute() { - return opts.strict ? null : wrap('obs-route', and( - obsDomainList, - literal(':') - )()); - } - - // obs-domain-list = *(CFWS / ",") "@" domain - // *("," [CFWS] ["@" domain]) - function obsDomainList() { - return opts.strict ? null : wrap('obs-domain-list', and( - star(or(invis(cfws), literal(','))), - literal('@'), - domain, - star(and( - literal(','), - invis(opt(cfws)), - opt(and(literal('@'), domain)) - )) - )()); - } - - // obs-mbox-list = *([CFWS] ",") mailbox *("," [mailbox / CFWS]) - function obsMboxList() { - return opts.strict ? null : wrap('obs-mbox-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - mailbox, - star(and( - literal(','), - opt(and( - mailbox, - invis(cfws) - )) - )) - )()); - } - - // obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) - function obsAddrList() { - return opts.strict ? null : wrap('obs-addr-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - address, - star(and( - literal(','), - opt(and( - address, - invis(cfws) - )) - )) - )()); - } - - // obs-group-list = 1*([CFWS] ",") [CFWS] - function obsGroupList() { - return opts.strict ? null : wrap('obs-group-list', and( - star(and( - invis(opt(cfws)), - literal(',') - ), 1), - invis(opt(cfws)) - )()); - } - - // obs-local-part = word *("." word) - function obsLocalPart() { - return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))()); - } - - // obs-domain = atom *("." atom) - function obsDomain() { - return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))()); - } - - // obs-dtext = obs-NO-WS-CTL / quoted-pair - function obsDtext() { - return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)()); - } - - ///////////////////////////////////////////////////// - - // ast analysis - - function findNode(name, root) { - var i, stack, node; - if (root === null || root === undefined) { return null; } - stack = [root]; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - return node; - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return null; - } - - function findAllNodes(name, root) { - var i, stack, node, result; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - result.push(node); - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return result; - } +nacl.sign.detached = function(msg, secretKey) { + var signedMsg = nacl.sign(msg, secretKey); + var sig = new Uint8Array(crypto_sign_BYTES); + for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; + return sig; +}; - function findAllNodesNoChildren(names, root) { - var i, stack, node, result, namesLookup; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - namesLookup = {}; - for (i = 0; i < names.length; i += 1) { - namesLookup[names[i]] = true; - } +nacl.sign.detached.verify = function(msg, sig, publicKey) { + checkArrayTypes(msg, sig, publicKey); + if (sig.length !== crypto_sign_BYTES) + throw new Error('bad signature size'); + if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) + throw new Error('bad public key size'); + var sm = new Uint8Array(crypto_sign_BYTES + msg.length); + var m = new Uint8Array(crypto_sign_BYTES + msg.length); + var i; + for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; + for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; + return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); +}; - while (stack.length > 0) { - node = stack.pop(); - if (node.name in namesLookup) { - result.push(node); - // don't look at children (hence findAllNodesNoChildren) - } else { - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - } - return result; - } +nacl.sign.keyPair = function() { + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + crypto_sign_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; - function giveResult(ast) { - var addresses, groupsAndMailboxes, i, groupOrMailbox, result; - if (ast === null) { - return null; - } - addresses = []; - - // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'. - groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast); - for (i = 0; i < groupsAndMailboxes.length; i += 1) { - groupOrMailbox = groupsAndMailboxes[i]; - if (groupOrMailbox.name === 'group') { - addresses.push(giveResultGroup(groupOrMailbox)); - } else if (groupOrMailbox.name === 'mailbox') { - addresses.push(giveResultMailbox(groupOrMailbox)); - } - } +nacl.sign.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; - result = { - ast: ast, - addresses: addresses, - }; - if (opts.simple) { - result = simplifyResult(result); - } - if (opts.oneResult) { - return oneResult(result); - } - if (opts.simple) { - return result && result.addresses; - } else { - return result; - } - } +nacl.sign.keyPair.fromSeed = function(seed) { + checkArrayTypes(seed); + if (seed.length !== crypto_sign_SEEDBYTES) + throw new Error('bad seed size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + for (var i = 0; i < 32; i++) sk[i] = seed[i]; + crypto_sign_keypair(pk, sk, true); + return {publicKey: pk, secretKey: sk}; +}; - function giveResultGroup(group) { - var i; - var groupName = findNode('display-name', group); - var groupResultMailboxes = []; - var mailboxes = findAllNodesNoChildren(['mailbox'], group); - for (i = 0; i < mailboxes.length; i += 1) { - groupResultMailboxes.push(giveResultMailbox(mailboxes[i])); - } - return { - node: group, - parts: { - name: groupName, - }, - type: group.name, // 'group' - name: grabSemantic(groupName), - addresses: groupResultMailboxes, - }; - } +nacl.setPRNG = function(fn) { + randombytes = fn; +}; - function giveResultMailbox(mailbox) { - var name = findNode('display-name', mailbox); - var aspec = findNode('addr-spec', mailbox); - var cfws = findAllNodes('cfws', mailbox); - var comments = findAllNodesNoChildren(['comment'], mailbox); +(function() { + // Initialize PRNG if environment provides CSPRNG. + // If not, methods calling randombytes will throw. + if (crypto$3 && crypto$3.getRandomValues) { + // Browsers and Node v16+ + var QUOTA = 65536; + nacl.setPRNG(function(x, n) { + var i, v = new Uint8Array(n); + for (i = 0; i < n; i += QUOTA) { + crypto$3.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); + } + for (i = 0; i < n; i++) x[i] = v[i]; + cleanup(v); + }); + } +})(); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - var local = findNode('local-part', aspec); - var domain = findNode('domain', aspec); - return { - node: mailbox, - parts: { - name: name, - address: aspec, - local: local, - domain: domain, - comments: cfws - }, - type: mailbox.name, // 'mailbox' - name: grabSemantic(name), - address: grabSemantic(aspec), - local: grabSemantic(local), - domain: grabSemantic(domain), - comments: concatComments(comments), - groupName: grabSemantic(mailbox.groupName), - }; - } - function grabSemantic(n) { - return n !== null && n !== undefined ? n.semantic : null; - } +const knownOIDs = { + '2a8648ce3d030107': enums.curve.nistP256, + '2b81040022': enums.curve.nistP384, + '2b81040023': enums.curve.nistP521, + '2b8104000a': enums.curve.secp256k1, + '2b06010401da470f01': enums.curve.ed25519Legacy, + '2b060104019755010501': enums.curve.curve25519Legacy, + '2b2403030208010107': enums.curve.brainpoolP256r1, + '2b240303020801010b': enums.curve.brainpoolP384r1, + '2b240303020801010d': enums.curve.brainpoolP512r1 +}; - function simplifyResult(result) { - var i; - if (result && result.addresses) { - for (i = 0; i < result.addresses.length; i += 1) { - delete result.addresses[i].node; - } +class OID { + constructor(oid) { + if (oid instanceof OID) { + this.oid = oid.oid; + } else if (util.isArray(oid) || + util.isUint8Array(oid)) { + oid = new Uint8Array(oid); + if (oid[0] === 0x06) { // DER encoded oid byte array + if (oid[1] !== oid.length - 2) { + throw new Error('Length mismatch in DER encoded oid'); } - return result; + oid = oid.subarray(2); + } + this.oid = oid; + } else { + this.oid = ''; } + } - function concatComments(comments) { - var result = ''; - if (comments) { - for (var i = 0; i < comments.length; i += 1) { - result += grabSemantic(comments[i]); - } - } - return result; + /** + * Method to read an OID object + * @param {Uint8Array} input - Where to read the OID from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length >= 1) { + const length = input[0]; + if (input.length >= 1 + length) { + this.oid = input.subarray(1, 1 + length); + return 1 + this.oid.length; + } } + throw new Error('Invalid oid'); + } + + /** + * Serialize an OID object + * @returns {Uint8Array} Array with the serialized value the OID. + */ + write() { + return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); + } + + /** + * Serialize an OID object as a hex string + * @returns {string} String with the hex value of the OID. + */ + toHex() { + return util.uint8ArrayToHex(this.oid); + } - function oneResult(result) { - if (!result) { return null; } - if (!opts.partial && result.addresses.length > 1) { return null; } - return result.addresses && result.addresses[0]; + /** + * If a known curve object identifier, return the canonical name of the curve + * @returns {enums.curve} String with the canonical name of the curve + * @throws if unknown + */ + getName() { + const name = knownOIDs[this.toHex()]; + if (!name) { + throw new Error('Unknown curve object identifier.'); } - ///////////////////////////////////////////////////// + return name; + } +} - var parseString, pos, len, parsed, startProduction; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - opts = handleOpts(opts, {}); - if (opts === null) { return null; } - parseString = opts.input; +function readSimpleLength(bytes) { + let len = 0; + let offset; + const type = bytes[0]; - startProduction = { - 'address': address, - 'address-list': addressList, - 'angle-addr': angleAddr, - 'from': fromSpec, - 'group': group, - 'mailbox': mailbox, - 'mailbox-list': mailboxList, - 'reply-to': replyToSpec, - 'sender': senderSpec, - }[opts.startAt] || addressList; - if (!opts.strict) { - initialize(); - opts.strict = true; - parsed = startProduction(parseString); - if (opts.partial || !inStr()) { - return giveResult(parsed); - } - opts.strict = false; - } + if (type < 192) { + [len] = bytes; + offset = 1; + } else if (type < 255) { + len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; + offset = 2; + } else if (type === 255) { + len = util.readNumber(bytes.subarray(1, 1 + 4)); + offset = 5; + } - initialize(); - parsed = startProduction(parseString); - if (!opts.partial && inStr()) { return null; } - return giveResult(parsed); + return { + len: len, + offset: offset + }; } -function parseOneAddressSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'address-list', - })); +/** + * Encodes a given integer of length to the openpgp length specifier to a + * string + * + * @param {Integer} length - The length to encode + * @returns {Uint8Array} String with openpgp length representation. + */ +function writeSimpleLength(length) { + if (length < 192) { + return new Uint8Array([length]); + } else if (length > 191 && length < 8384) { + /* + * let a = (total data packet length) - 192 let bc = two octet + * representation of a let d = b + 192 + */ + return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); + } + return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); } -function parseAddressListSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'address-list', - })); +function writePartialLength(power) { + if (power < 0 || power > 30) { + throw new Error('Partial Length power must be between 1 and 30'); + } + return new Uint8Array([224 + power]); } -function parseFromSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'from', - })); +function writeTag(tag_type) { + /* we're only generating v4 packet headers here */ + return new Uint8Array([0xC0 | tag_type]); } -function parseSenderSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'sender', - })); +/** + * Writes a packet header version 4 with the given tag_type and length to a + * string + * + * @param {Integer} tag_type - Tag type + * @param {Integer} length - Length of the payload + * @returns {String} String of the header. + */ +function writeHeader(tag_type, length) { + /* we're only generating v4 packet headers here */ + return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); } -function parseReplyToSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'reply-to', - })); +/** + * Whether the packet type supports partial lengths per RFC4880 + * @param {Integer} tag - Tag type + * @returns {Boolean} String of the header. + */ +function supportsStreaming(tag) { + return [ + enums.packet.literalData, + enums.packet.compressedData, + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ].includes(tag); } -function handleOpts(opts, defs) { - function isString(str) { - return Object.prototype.toString.call(str) === '[object String]'; +/** + * Generic static Packet Parser function + * + * @param {Uint8Array | ReadableStream} input - Input stream as string + * @param {Function} callback - Function to call with the parsed packet + * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. + */ +async function readPackets(input, callback) { + const reader = getReader(input); + let writer; + let callbackReturned; + try { + const peekedBytes = await reader.peekBytes(2); + // some sanity checks + if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { + throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); } + const headerByte = await reader.readByte(); + let tag = -1; + let format = -1; + let packetLength; - function isObject(o) { - return o === Object(o); + format = 0; // 0 = old format; 1 = new format + if ((headerByte & 0x40) !== 0) { + format = 1; } - function isNullUndef(o) { - return o === null || o === undefined; + let packetLengthType; + if (format) { + // new format header + tag = headerByte & 0x3F; // bit 5-0 + } else { + // old format header + tag = (headerByte & 0x3F) >> 2; // bit 5-2 + packetLengthType = headerByte & 0x03; // bit 1-0 } - var defaults, o; - - if (isString(opts)) { - opts = { input: opts }; - } else if (!isObject(opts)) { - return null; + const packetSupportsStreaming = supportsStreaming(tag); + let packet = null; + if (packetSupportsStreaming) { + if (util.isStream(input) === 'array') { + const arrayStream = new ArrayStream(); + writer = getWriter(arrayStream); + packet = arrayStream; + } else { + const transform = new TransformStream(); + writer = getWriter(transform.writable); + packet = transform.readable; + } + // eslint-disable-next-line callback-return + callbackReturned = callback({ tag, packet }); + } else { + packet = []; } - if (!isString(opts.input)) { return null; } - if (!defs) { return null; } - - defaults = { - oneResult: false, - partial: false, - rejectTLD: false, - rfc6532: false, - simple: false, - startAt: 'address-list', - strict: false, - atInDisplayName: false - }; - - for (o in defaults) { - if (isNullUndef(opts[o])) { - opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o]; + let wasPartialLength; + do { + if (!format) { + // 4.2.1. Old Format Packet Lengths + switch (packetLengthType) { + case 0: + // The packet has a one-octet length. The header is 2 octets + // long. + packetLength = await reader.readByte(); + break; + case 1: + // The packet has a two-octet length. The header is 3 octets + // long. + packetLength = (await reader.readByte() << 8) | await reader.readByte(); + break; + case 2: + // The packet has a four-octet length. The header is 5 + // octets long. + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + break; + default: + // 3 - The packet is of indeterminate length. The header is 1 + // octet long, and the implementation must determine how long + // the packet is. If the packet is in a file, this means that + // the packet extends until the end of the file. In general, + // an implementation SHOULD NOT use indeterminate-length + // packets except where the end of the data will be clear + // from the context, and even then it is better to use a + // definite length, or a new format header. The new format + // headers described below have a mechanism for precisely + // encoding data of indeterminate length. + packetLength = Infinity; + break; } - } - return opts; -} - -parse5322.parseOneAddress = parseOneAddressSimple; -parse5322.parseAddressList = parseAddressListSimple; -parse5322.parseFrom = parseFromSimple; -parse5322.parseSender = parseSenderSimple; -parse5322.parseReplyTo = parseReplyToSimple; - -{ - module.exports = parse5322; -} - -}()); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the User ID Packet (Tag 13) - * - * A User ID packet consists of UTF-8 text that is intended to represent - * the name and email address of the key holder. By convention, it - * includes an RFC 2822 [RFC2822] mail name-addr, but there are no - * restrictions on its content. The packet length in the header - * specifies the length of the User ID. - */ -class UserIDPacket { - static get tag() { - return enums.packet.userID; - } - - constructor() { - /** A string containing the user id. Usually in the form - * John Doe - * @type {String} - */ - this.userID = ''; - - this.name = ''; - this.email = ''; - this.comment = ''; - } + } else { // 4.2.2. New Format Packet Lengths + // 4.2.2.1. One-Octet Lengths + const lengthByte = await reader.readByte(); + wasPartialLength = false; + if (lengthByte < 192) { + packetLength = lengthByte; + // 4.2.2.2. Two-Octet Lengths + } else if (lengthByte >= 192 && lengthByte < 224) { + packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; + // 4.2.2.4. Partial Body Lengths + } else if (lengthByte > 223 && lengthByte < 255) { + packetLength = 1 << (lengthByte & 0x1F); + wasPartialLength = true; + if (!packetSupportsStreaming) { + throw new TypeError('This packet type does not support partial lengths.'); + } + // 4.2.2.3. Five-Octet Lengths + } else { + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + } + } + if (packetLength > 0) { + let bytesRead = 0; + while (true) { + if (writer) await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (packetLength === Infinity) break; + throw new Error('Unexpected end of packet'); + } + const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); + if (writer) await writer.write(chunk); + else packet.push(chunk); + bytesRead += value.length; + if (bytesRead >= packetLength) { + reader.unshift(value.subarray(packetLength - bytesRead + value.length)); + break; + } + } + } + } while (wasPartialLength); - /** - * Create UserIDPacket instance from object - * @param {Object} userID - Object specifying userID name, email and comment - * @returns {UserIDPacket} - * @static - */ - static fromObject(userID) { - if (util.isString(userID) || - (userID.name && !util.isString(userID.name)) || - (userID.email && !util.isEmailAddress(userID.email)) || - (userID.comment && !util.isString(userID.comment))) { - throw new Error('Invalid user ID format'); + // If this was not a packet that "supports streaming", we peek to check + // whether it is the last packet in the message. We peek 2 bytes instead + // of 1 because the beginning of this function also peeks 2 bytes, and we + // want to cut a `subarray` of the correct length into `web-stream-tools`' + // `externalBuffer` as a tiny optimization here. + // + // If it *was* a streaming packet (i.e. the data packets), we peek at the + // entire remainder of the stream, in order to forward errors in the + // remainder of the stream to the packet data. (Note that this means we + // read/peek at all signature packets before closing the literal data + // packet, for example.) This forwards MDC errors to the literal data + // stream, for example, so that they don't get lost / forgotten on + // decryptedMessage.packets.stream, which we never look at. + // + // An example of what we do when stream-parsing a message containing + // [ one-pass signature packet, literal data packet, signature packet ]: + // 1. Read the one-pass signature packet + // 2. Peek 2 bytes of the literal data packet + // 3. Parse the one-pass signature packet + // + // 4. Read the literal data packet, simultaneously stream-parsing it + // 5. Peek until the end of the message + // 6. Finish parsing the literal data packet + // + // 7. Read the signature packet again (we already peeked at it in step 5) + // 8. Peek at the end of the stream again (`peekBytes` returns undefined) + // 9. Parse the signature packet + // + // Note that this means that if there's an error in the very end of the + // stream, such as an MDC error, we throw in step 5 instead of in step 8 + // (or never), which is the point of this exercise. + const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); + if (writer) { + await writer.ready; + await writer.close(); + } else { + packet = util.concatUint8Array(packet); + // eslint-disable-next-line callback-return + await callback({ tag, packet }); } - const packet = new UserIDPacket(); - Object.assign(packet, userID); - const components = []; - if (packet.name) components.push(packet.name); - if (packet.comment) components.push(`(${packet.comment})`); - if (packet.email) components.push(`<${packet.email}>`); - packet.userID = components.join(' '); - return packet; - } - - /** - * Parsing function for a user id packet (tag 13). - * @param {Uint8Array} input - Payload of a tag 13 packet - */ - read(bytes, config$1 = config) { - const userID = util.decodeUTF8(bytes); - if (userID.length > config$1.maxUserIDLength) { - throw new Error('User ID string is too long'); + return !nextPacket || !nextPacket.length; + } catch (e) { + if (writer) { + await writer.abort(e); + return true; + } else { + throw e; } - try { - const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true }); - this.comment = comments.replace(/^\(|\)$/g, ''); - this.name = name; - this.email = email; - } catch (e) {} - this.userID = userID; - } - - /** - * Creates a binary representation of the user id packet - * @returns {Uint8Array} Binary representation. - */ - write() { - return util.encodeUTF8(this.userID); - } - - equals(otherUserID) { - return otherUserID && otherUserID.userID === this.userID; + } finally { + if (writer) { + await callbackReturned; + } + reader.releaseLock(); } } -// GPG4Browsers - An OpenPGP implementation in javascript +class UnsupportedError extends Error { + constructor(...params) { + super(...params); -/** - * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret - * Key packet and has exactly the same format. - * @extends SecretKeyPacket - */ -class SecretSubkeyPacket extends SecretKeyPacket { - static get tag() { - return enums.packet.secretSubkey; - } + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); + } - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); + this.name = 'UnsupportedError'; } } -/** - * Implementation of the Trust Packet (Tag 12) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: - * The Trust packet is used only within keyrings and is not normally - * exported. Trust packets contain data that record the user's - * specifications of which key holders are trustworthy introducers, - * along with other information that implementing software uses for - * trust information. The format of Trust packets is defined by a given - * implementation. - * - * Trust packets SHOULD NOT be emitted to output streams that are - * transferred to other users, and they SHOULD be ignored on any input - * other than local keyring files. - */ -class TrustPacket { - static get tag() { - return enums.packet.trust; - } +// unknown packet types are handled differently depending on the packet criticality +class UnknownPacketError extends UnsupportedError { + constructor(...params) { + super(...params); - /** - * Parsing function for a trust packet (tag 12). - * Currently not implemented as we ignore trust packets - */ - read() { - throw new UnsupportedError('Trust packets are not supported'); - } + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); + } - write() { - throw new UnsupportedError('Trust packets are not supported'); + this.name = 'UnknownPacketError'; } } -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Signature can contain the following packets -const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - -/** - * Class that represents an OpenPGP signature. - */ -class Signature { - /** - * @param {PacketList} packetlist - The signature packets - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); +class UnparseablePacket { + constructor(tag, rawContent) { + this.tag = tag; + this.rawContent = rawContent; } - /** - * Returns binary encoded signature - * @returns {ReadableStream} Binary signature. - */ write() { - return this.packets.write(); - } - - /** - * Returns ASCII armored text of signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config$1); - } - - /** - * Returns an array of KeyIDs of all of the issuers who created this signature - * @returns {Array} The Key IDs of the signing keys - */ - getSigningKeyIDs() { - return this.packets.map(packet => packet.issuerKeyID); - } -} - -/** - * reads an (optionally armored) OpenPGP signature and returns a signature object - * @param {Object} options - * @param {String} [options.armoredSignature] - Armored signature to be parsed - * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New signature object. - * @async - * @static - */ -async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredSignature || binarySignature; - if (!input) { - throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); - } - if (armoredSignature && !util.isString(armoredSignature)) { - throw new Error('readSignature: options.armoredSignature must be a string'); - } - if (binarySignature && !util.isUint8Array(binarySignature)) { - throw new Error('readSignature: options.binarySignature must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (armoredSignature) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.signature) { - throw new Error('Armored text not of type signature'); - } - input = data; - } - const packetlist = await PacketList.fromBinary(input, allowedPackets$4, config$1); - return new Signature(packetlist); -} - -/** - * @fileoverview Provides helpers methods for key module - * @module key/helper - * @private - */ - -async function generateSecretSubkey(options, config) { - const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); - secretSubkeyPacket.packets = null; - secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretSubkeyPacket.generate(options.rsaBits, options.curve); - await secretSubkeyPacket.computeFingerprintAndKeyID(); - return secretSubkeyPacket; -} - -async function generateSecretKey(options, config) { - const secretKeyPacket = new SecretKeyPacket(options.date, config); - secretKeyPacket.packets = null; - secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); - await secretKeyPacket.computeFingerprintAndKeyID(); - return secretKeyPacket; -} - -/** - * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. - * @param {Array} signatures - List of signatures - * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - full configuration - * @returns {Promise} The latest valid signature. - * @async - */ -async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { - let latestValid; - let exception; - for (let i = signatures.length - 1; i >= 0; i--) { - try { - if ( - (!latestValid || signatures[i].created >= latestValid.created) - ) { - await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); - latestValid = signatures[i]; - } - } catch (e) { - exception = e; - } - } - if (!latestValid) { - throw util.wrapError( - `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` - .replace('certGeneric ', 'self-') - .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), - exception); + return this.rawContent; } - return latestValid; } -function isDataExpired(keyPacket, signature, date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - const expirationTime = getKeyExpirationTime(keyPacket, signature); - return !(keyPacket.created <= normDate && normDate < expirationTime); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +/** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} + */ +async function generate$3(algo) { + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']); + + const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey); + + return { + A: new Uint8Array(b64ToUint8Array(publicKey.x)), + seed: b64ToUint8Array(privateKey.d, true) + }; + } catch (err) { + if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux + throw err; + } + const seed = getRandomBytes(getPayloadSize$1(algo)); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const seed = ed448.utils.randomPrivateKey(); + const A = ed448.getPublicKey(seed); + return { A, seed }; + } + default: + throw new Error('Unsupported EdDSA algorithm'); } - return false; } /** - * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} - * @param {SecretSubkeyPacket} subkey - Subkey key packet - * @param {SecretKeyPacket} primaryKey - Primary key packet - * @param {Object} options - * @param {Object} config - Full configuration + * Sign a message using the provided key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * RS: Uint8Array + * }>} Signature of the message + * @async */ -async function createBindingSignature(subkey, primaryKey, options, config) { - const dataToSign = {}; - dataToSign.key = primaryKey; - dataToSign.bind = subkey; - const signatureProperties = { signatureType: enums.signature.subkeyBinding }; - if (options.sign) { - signatureProperties.keyFlags = [enums.keyFlags.signData]; - signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, { - signatureType: enums.signature.keyBinding - }, options.date, undefined, undefined, undefined, config); - } else { - signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; +async function sign$5(algo, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = privateKeyToJWK(algo, publicKey, privateKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']); + + const signature = new Uint8Array( + await webCrypto.sign('Ed25519', key, hashed) + ); + + return { RS: signature }; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const signature = ed448.sign(hashed, privateKey); + return { RS: signature }; + } + default: + throw new Error('Unsupported EdDSA algorithm'); } - const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); - return subkeySignaturePacket; + } /** - * Returns the preferred signature hash algorithm of a key - * @param {Key} [key] - The key to get preferences from - * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} config - full configuration - * @returns {Promise} + * Verifies if a signature is valid for a message + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{ RS: Uint8Array }} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} * @async */ -async function getPreferredHashAlgo$2(key, keyPacket, date = new Date(), userID = {}, config) { - let hashAlgo = config.preferredHashAlgorithm; - let prefAlgo = hashAlgo; - if (key) { - const primaryUser = await key.getPrimaryUser(date, userID, config); - if (primaryUser.selfCertification.preferredHashAlgorithms) { - [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms; - hashAlgo = mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; - } +async function verify$5(algo, hashAlgo, { RS }, m, publicKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); } - switch (keyPacket.algorithm) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: + switch (algo) { case enums.publicKey.ed25519: - prefAlgo = mod.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid); + try { + const webCrypto = util.getWebCrypto(); + const jwk = publicKeyToJWK(algo, publicKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']); + const verified = await webCrypto.verify('Ed25519', key, RS, hashed); + return verified; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + return nacl.sign.detached.verify(hashed, RS, publicKey); + } + + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + return ed448.verify(RS, hashed, publicKey); + } + default: + throw new Error('Unsupported EdDSA algorithm'); } - return mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; } - /** - * Returns the preferred symmetric/aead/compression algorithm for a set of keys - * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return - * @param {Array} [keys] - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Preferred algorithm + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point + * @param {Uint8Array} seed - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID + * @returns {Promise} Whether params are valid. * @async */ -async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config$1 = config) { - const defaultAlgo = { // these are all must-implement in rfc4880bis - 'symmetric': enums.symmetric.aes128, - 'aead': enums.aead.eax, - 'compression': enums.compression.uncompressed - }[type]; - const preferredSenderAlgo = { - 'symmetric': config$1.preferredSymmetricAlgorithm, - 'aead': config$1.preferredAEADAlgorithm, - 'compression': config$1.preferredCompressionAlgorithm - }[type]; - const prefPropertyName = { - 'symmetric': 'preferredSymmetricAlgorithms', - 'aead': 'preferredAEADAlgorithms', - 'compression': 'preferredCompressionAlgorithms' - }[type]; +async function validateParams$7(algo, A, seed) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(seed); + return util.equalsUint8Array(A, publicKey); + } - // if preferredSenderAlgo appears in the prefs of all recipients, we pick it - // otherwise we use the default algo - // if no keys are available, preferredSenderAlgo is returned - const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - const recipientPrefs = primaryUser.selfCertification[prefPropertyName]; - return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; - })); - return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + + const publicKey = ed448.getPublicKey(seed); + return util.equalsUint8Array(A, publicKey); + } + default: + return false; + } } -/** - * Create signature packet - * @param {Object} dataToSign - Contains packets to be signed - * @param {PrivateKey} privateKey - key to get preferences from - * @param {SecretKeyPacket| - * SecretSubkeyPacket} signingKeyPacket secret key packet for signing - * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing - * @param {Date} [date] - Override the creationtime of the signature - * @param {Object} [userID] - User ID - * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [detached] - Whether to create a detached signature packet - * @param {Object} config - full configuration - * @returns {Promise} Signature packet. - */ -async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) { - if (signingKeyPacket.isDummy()) { - throw new Error('Cannot sign with a gnu-dummy key.'); +function getPayloadSize$1(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return 32; + + case enums.publicKey.ed448: + return 57; + + default: + throw new Error('Unsupported EdDSA algorithm'); } - if (!signingKeyPacket.isDecrypted()) { - throw new Error('Signing key is not decrypted.'); +} + +function getPreferredHashAlgo$2(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return enums.hash.sha256; + case enums.publicKey.ed448: + return enums.hash.sha512; + default: + throw new Error('Unknown EdDSA algo'); } - const signaturePacket = new SignaturePacket(); - Object.assign(signaturePacket, signatureProperties); - signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; - signaturePacket.hashAlgorithm = await getPreferredHashAlgo$2(privateKey, signingKeyPacket, date, userID, config); - signaturePacket.rawNotations = notations; - await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached); - return signaturePacket; } -/** - * Merges signatures from source[attr] to dest[attr] - * @param {Object} source - * @param {Object} dest - * @param {String} attr - * @param {Date} [date] - date to use for signature expiration check, instead of the current time - * @param {Function} [checkFn] - signature only merged if true - */ -async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { - source = source[attr]; - if (source) { - if (!dest[attr].length) { - dest[attr] = source; - } else { - await Promise.all(source.map(async function(sourceSig) { - if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && - !dest[attr].some(function(destSig) { - return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); - })) { - dest[attr].push(sourceSig); - } - })); +const publicKeyToJWK = (algo, publicKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = { + kty: 'OKP', + crv: 'Ed25519', + x: uint8ArrayToB64(publicKey), + ext: true + }; + return jwk; } + default: + throw new Error('Unsupported EdDSA algorithm'); } -} +}; -/** - * Checks if a given certificate or binding signature is revoked - * @param {SecretKeyPacket| - * PublicKeyPacket} primaryKey The primary key packet - * @param {Object} dataToVerify - The data to check - * @param {Array} revocations - The revocation signatures to check - * @param {SignaturePacket} signature - The certificate or signature to check - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the signature revokes the data. - * @async - */ -async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { - key = key || primaryKey; - const revocationKeyIDs = []; - await Promise.all(revocations.map(async function(revocationSignature) { - try { - if ( - // Note: a third-party revocation signature could legitimately revoke a - // self-signature if the signature has an authorized revocation key. - // However, we don't support passing authorized revocation keys, nor - // verifying such revocation signatures. Instead, we indicate an error - // when parsing a key with an authorized revocation key, and ignore - // third-party revocation signatures here. (It could also be revoking a - // third-party key certification, which should only affect - // `verifyAllCertifications`.) - !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) - ) { - await revocationSignature.verify( - key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config - ); +const privateKeyToJWK = (algo, publicKey, privateKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = publicKeyToJWK(algo, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; + +var eddsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + generate: generate$3, + getPayloadSize: getPayloadSize$1, + getPreferredHashAlgo: getPreferredHashAlgo$2, + sign: sign$5, + validateParams: validateParams$7, + verify: verify$5 +}); - // TODO get an identifier of the revoked object instead - revocationKeyIDs.push(revocationSignature.issuerKeyID); - } - } catch (e) {} - })); - // TODO further verify that this is the signature that should be revoked - if (signature) { - signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : - signature.revoked || false; - return signature.revoked; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$4 = util.getWebCrypto(); +/** + * AES key wrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} dataToWrap + * @returns {Uint8Array} wrapped key + */ +async function wrap(algo, key, dataToWrap) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); } - return revocationKeyIDs.length > 0; + + try { + const wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']); + // Import data as HMAC key, as it has no key length requirements + const keyToWrap = await webCrypto$4.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + const wrapped = await webCrypto$4.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' }); + return new Uint8Array(wrapped); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + + return aeskw(key).encrypt(dataToWrap); } /** - * Returns key expiration time based on the given certification signature. - * The expiration time of the signature is ignored. - * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check - * @param {SignaturePacket} signature - signature to process - * @returns {Date|Infinity} expiration time or infinity if the key does not expire + * AES key unwrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} wrappedData + * @returns {Uint8Array} unwrapped data */ -function getKeyExpirationTime(keyPacket, signature) { - let expirationTime; - // check V4 expiration time - if (signature.keyNeverExpires === false) { - expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; +async function unwrap(algo, key, wrappedData) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } + + let wrappingKey; + try { + wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + return aeskw(key).decrypt(wrappedData); + } + + try { + const unwrapped = await webCrypto$4.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + return new Uint8Array(await webCrypto$4.exportKey('raw', unwrapped)); + } catch (err) { + if (err.name === 'OperationError') { + throw new Error('Key Data Integrity failed'); + } + throw err; } - return expirationTime ? new Date(expirationTime) : Infinity; } +var aesKW = /*#__PURE__*/Object.freeze({ + __proto__: null, + unwrap: unwrap, + wrap: wrap +}); + /** - * Returns whether aead is supported by all keys in the set - * @param {Array} keys - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} config - full configuration - * @returns {Promise} - * @async + * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. + * @module crypto/hkdf */ -async function isAEADSupported(keys, date = new Date(), userIDs = [], config$1 = config) { - let supported = true; - // TODO replace when Promise.some or Promise.any are implemented - await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - if (!primaryUser.selfCertification.features || - !(primaryUser.selfCertification.features[0] & enums.features.aead)) { - supported = false; - } - })); - return supported; + + +const webCrypto$3 = util.getWebCrypto(); + +async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) { + const hash = enums.read(enums.webHash, hashAlgo); + if (!hash) throw new Error('Hash algo not supported with HKDF'); + + const importedKey = await webCrypto$3.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); + const bits = await webCrypto$3.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); + return new Uint8Array(bits); } -function sanitizeKeyOptions(options, subkeyDefaults = {}) { - options.type = options.type || subkeyDefaults.type; - options.curve = options.curve || subkeyDefaults.curve; - options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; - options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; +/** + * @fileoverview Key encryption and decryption for RFC 6637 ECDH + * @module crypto/public_key/elliptic/ecdh + */ - options.sign = options.sign || false; - switch (options.type) { - case 'ecc': - try { - options.curve = enums.write(enums.curve, options.curve); - } catch (e) { - throw new Error('Unknown curve'); - } - if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) { - options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; - } - if (options.sign) { - options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; - } else { - options.algorithm = enums.publicKey.ecdh; - } - break; - case 'rsa': - options.algorithm = enums.publicKey.rsaEncryptSign; - break; +const HKDF_INFO = { + x25519: util.encodeUTF8('OpenPGP X25519'), + x448: util.encodeUTF8('OpenPGP X448') +}; + +/** + * Generate ECDH key for Montgomery curves + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} + */ +async function generate$2(algo) { + switch (algo) { + case enums.publicKey.x25519: { + // k stays in little-endian, unlike legacy ECDH over curve25519 + const k = getRandomBytes(32); + const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k); + return { A, k }; + } + + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const k = x448.utils.randomPrivateKey(); + const A = x448.getPublicKey(k); + return { A, k }; + } default: - throw new Error(`Unsupported key type ${options.type}`); + throw new Error('Unsupported ECDH algorithm'); } - return options; } -function isValidSigningKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.rsaEncrypt && - keyAlgo !== enums.publicKey.elgamal && - keyAlgo !== enums.publicKey.ecdh && - keyAlgo !== enums.publicKey.x25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.signData) !== 0); -} - -function isValidEncryptionKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.dsa && - keyAlgo !== enums.publicKey.rsaSign && - keyAlgo !== enums.publicKey.ecdsa && - keyAlgo !== enums.publicKey.eddsaLegacy && - keyAlgo !== enums.publicKey.ed25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0); -} +/** +* Validate ECDH parameters +* @param {module:enums.publicKey} algo - Algorithm identifier +* @param {Uint8Array} A - ECDH public point +* @param {Uint8Array} k - ECDH secret scalar +* @returns {Promise} Whether params are valid. +* @async +*/ +async function validateParams$6(algo, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.box.keyPair.fromSecretKey(k); + return util.equalsUint8Array(A, publicKey); + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + /** + * Derive public point A' from private key + * and expect A == A' + */ + const publicKey = x448.getPublicKey(k); + return util.equalsUint8Array(A, publicKey); + } -function isValidDecryptionKeyPacket(signature, config) { - if (config.allowInsecureDecryptionWithSigningKeys) { - // This is only relevant for RSA keys, all other signing algorithms cannot decrypt - return true; + default: + return false; } - - return !signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; } /** - * Check key against blacklisted algorithms and minimum strength requirements. - * @param {SecretKeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket - * @param {Config} config - * @throws {Error} if the key packet does not meet the requirements + * Wrap and encrypt a session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} data - session key data to be encrypted + * @param {Uint8Array} recipientA - Recipient public key (K_B) + * @returns {Promise<{ + * ephemeralPublicKey: Uint8Array, + * wrappedKey: Uint8Array + * }>} ephemeral public key (K_A) and encrypted key + * @async */ -function checkKeyRequirements(keyPacket, config) { - const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); - const algoInfo = keyPacket.getAlgorithmInfo(); - if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { - throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); - } - switch (keyAlgo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: - case enums.publicKey.rsaEncrypt: - if (algoInfo.bits < config.minRSABits) { - throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); - } - break; - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ecdh: - if (config.rejectCurves.has(algoInfo.curve)) { - throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); - } - break; +async function encrypt$2(algo, data, recipientA) { + const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + recipientA, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; + } + + default: + throw new Error('Unsupported ECDH algorithm'); } } /** - * @module key/User - * @private + * Decrypt and unwrap the session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} ephemeralPublicKey - (K_A) + * @param {Uint8Array} wrappedKey, + * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF + * @param {Uint8Array} k - Recipient secret key (b) + * @returns {Promise} decrypted session key data + * @async */ +async function decrypt$2(algo, ephemeralPublicKey, wrappedKey, A, k) { + const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + A, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); + } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} + +function getPayloadSize(algo) { + switch (algo) { + case enums.publicKey.x25519: + return 32; + + case enums.publicKey.x448: + return 56; + + default: + throw new Error('Unsupported ECDH algorithm'); + } +} /** - * Class that represents an user ID or attribute packet and the relevant signatures. - * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info - * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + * Generate shared secret and ephemeral public key for encryption + * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret + * @async */ -class User { - constructor(userPacket, mainKey) { - this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; - this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; - this.selfCertifications = []; - this.otherCertifications = []; - this.revocationSignatures = []; - this.mainKey = mainKey; +async function generateEphemeralEncryptionMaterial(algo, recipientA) { + switch (algo) { + case enums.publicKey.x25519: { + const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo)); + const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const ephemeralSecretKey = x448.utils.randomPrivateKey(); + const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + default: + throw new Error('Unsupported ECDH algorithm'); } +} - /** - * Transforms structured user data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.userID || this.userAttribute); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.selfCertifications); - packetlist.push(...this.otherCertifications); - return packetlist; +async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; + } + default: + throw new Error('Unsupported ECDH algorithm'); } +} - /** - * Shallow clone - * @returns {User} - */ - clone() { - const user = new User(this.userID || this.userAttribute, this.mainKey); - user.selfCertifications = [...this.selfCertifications]; - user.otherCertifications = [...this.otherCertifications]; - user.revocationSignatures = [...this.revocationSignatures]; - return user; +/** + * x25519 and x448 produce an all-zero value when given as input a point with small order. + * This does not lead to a security issue in the context of ECDH, but it is still unexpected, + * hence we throw. + * @param {Uint8Array} sharedSecret + */ +function assertNonZeroArray(sharedSecret) { + let acc = 0; + for (let i = 0; i < sharedSecret.length; i++) { + acc |= sharedSecret[i]; } - - /** - * Generate third-party certifications over this user and its primary key - * @param {Array} signingKeys - Decrypted private keys for signing - * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} New user with new certifications. - * @async - */ - async certify(signingKeys, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { - if (!privateKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - if (privateKey.hasSameFingerprintAs(primaryKey)) { - throw new Error("The user's own key can only be used for self-certifications"); - } - const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); - return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, { - // Most OpenPGP implementations use generic certification (0x10) - signatureType: enums.signature.certGeneric, - keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] - }, date, undefined, undefined, undefined, config); - })); - await user.update(this, date, config); - return user; + if (acc === 0) { + throw new Error('Unexpected low order point'); } +} - /** - * Checks if a given certificate of the user is revoked - * @param {SignaturePacket} certificate - The certificate to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked(primaryKey, enums.signature.certRevocation, { - key: primaryKey, - userID: this.userID, - userAttribute: this.userAttribute - }, this.revocationSignatures, certificate, keyPacket, date, config$1); +var ecdh_x = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$2, + encrypt: encrypt$2, + generate: generate$2, + generateEphemeralEncryptionMaterial: generateEphemeralEncryptionMaterial, + getPayloadSize: getPayloadSize, + recomputeSharedSecret: recomputeSharedSecret, + validateParams: validateParams$6 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$2 = util.getWebCrypto(); +const nodeCrypto$2 = util.getNodeCrypto(); + +const webCurves = { + [enums.curve.nistP256]: 'P-256', + [enums.curve.nistP384]: 'P-384', + [enums.curve.nistP521]: 'P-521' +}; +const knownCurves = nodeCrypto$2 ? nodeCrypto$2.getCurves() : []; +const nodeCurves = nodeCrypto$2 ? { + [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, + [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, + [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, + [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, + [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined, + [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined, + [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, + [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, + [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined +} : {}; + +const curves = { + [enums.curve.nistP256]: { + oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.nistP256], + web: webCurves[enums.curve.nistP256], + payloadSize: 32, + sharedSize: 256, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP384]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.nistP384], + web: webCurves[enums.curve.nistP384], + payloadSize: 48, + sharedSize: 384, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP521]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.nistP521], + web: webCurves[enums.curve.nistP521], + payloadSize: 66, + sharedSize: 528, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.secp256k1]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.secp256k1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.ed25519Legacy]: { + oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], + keyType: enums.publicKey.eddsaLegacy, + hash: enums.hash.sha512, + node: false, // nodeCurves.ed25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.curve25519Legacy]: { + oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], + keyType: enums.publicKey.ecdh, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: false, // nodeCurves.curve25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.brainpoolP256r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.brainpoolP256r1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP384r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.brainpoolP384r1], + payloadSize: 48, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP512r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.brainpoolP512r1], + payloadSize: 64, + wireFormatLeadingByte: 0x04 } +}; - /** - * Verifies the user certificate. - * @param {SignaturePacket} certificate - A certificate of this user - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate - * @throws if the user certificate is invalid. - * @async - */ - async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const { issuerKeyID } = certificate; - const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); - if (issuerKeys.length === 0) { - return null; +class CurveWithOID { + constructor(oidOrName) { + try { + this.name = oidOrName instanceof OID ? + oidOrName.getName() : + enums.write(enums.curve,oidOrName); + } catch (err) { + throw new UnsupportedError('Unknown curve'); } - await Promise.all(issuerKeys.map(async key => { - const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); - if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { - throw new Error('User certificate is revoked'); - } - try { - await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('User certificate is invalid', e); - } - })); - return true; - } + const params = curves[this.name]; - /** - * Verifies all user certificates - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllCertifications(verificationKeys, date = new Date(), config) { - const that = this; - const certifications = this.selfCertifications.concat(this.otherCertifications); - return Promise.all(certifications.map(async certification => ({ - keyID: certification.issuerKeyID, - valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) - }))); - } + this.keyType = params.keyType; - /** - * Verify User. Checks for existence of self signatures, revocation signatures - * and validity of self signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} Status of user. - * @throws {Error} if there are no valid self signatures. - * @async - */ - async verify(date = new Date(), config) { - if (!this.selfCertifications.length) { - throw new Error('No self-certifications found'); + this.oid = params.oid; + this.hash = params.hash; + this.cipher = params.cipher; + this.node = params.node; + this.web = params.web; + this.payloadSize = params.payloadSize; + this.sharedSize = params.sharedSize; + this.wireFormatLeadingByte = params.wireFormatLeadingByte; + if (this.web && util.getWebCrypto()) { + this.type = 'web'; + } else if (this.node && util.getNodeCrypto()) { + this.type = 'node'; + } else if (this.name === enums.curve.curve25519Legacy) { + this.type = 'curve25519Legacy'; + } else if (this.name === enums.curve.ed25519Legacy) { + this.type = 'ed25519Legacy'; } - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // TODO replace when Promise.some or Promise.any are implemented - let exception; - for (let i = this.selfCertifications.length - 1; i >= 0; i--) { - try { - const selfCertification = this.selfCertifications[i]; - if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { - throw new Error('Self-certification is revoked'); - } + } + + async genKeyPair() { + switch (this.type) { + case 'web': try { - await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('Self-certification is invalid', e); + return await webGenKeyPair(this.name, this.wireFormatLeadingByte); + } catch (err) { + util.printDebugError('Browser did not support generating ec key ' + err.message); + return jsGenKeyPair(this.name); } - return true; - } catch (e) { - exception = e; + case 'node': + return nodeGenKeyPair(this.name); + case 'curve25519Legacy': { + // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3 + const { k, A } = await generate$2(enums.publicKey.x25519); + const privateKey = k.slice().reverse(); + privateKey[0] = (privateKey[0] & 127) | 64; + privateKey[31] &= 248; + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + case 'ed25519Legacy': { + const { seed: privateKey, A } = await generate$3(enums.publicKey.ed25519); + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; } + default: + return jsGenKeyPair(this.name); } - throw exception; - } - - /** - * Update user with new components from specified user - * @param {User} sourceUser - Source user to merge - * @param {Date} date - Date to verify the validity of signatures - * @param {Object} config - Full configuration - * @returns {Promise} - * @async - */ - async update(sourceUser, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // self signatures - await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { - try { - await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); - return true; - } catch (e) { - return false; - } - }); - // other signatures - await mergeSignatures(sourceUser, this, 'otherCertifications', date); - // revocation signatures - await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); - }); } +} - /** - * Revokes the user - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New user with revocation signature. - * @async - */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.certRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await user.update(this); - return user; - } +async function generate$1(curveName) { + const curve = new CurveWithOID(curveName); + const { oid, hash, cipher } = curve; + const keyPair = await curve.genKeyPair(); + return { + oid, + Q: keyPair.publicKey, + secret: util.leftPad(keyPair.privateKey, curve.payloadSize), + hash, + cipher + }; } /** - * @module key/Subkey - * @private + * Get preferred hash algo to use with the given curve + * @param {module:type/oid} oid - curve oid + * @returns {enums.hash} hash algorithm */ +function getPreferredHashAlgo$1(oid) { + return curves[oid.getName()].hash; +} /** - * Class that represents a subkey packet and the relevant signatures. - * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID - * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint - * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs - * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo - * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime - * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + * Validate ECDH and ECDSA parameters + * Not suitable for EdDSA (different secret key format) + * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves + * @param {module:type/oid} oid - EC object identifier + * @param {Uint8Array} Q - EC public point + * @param {Uint8Array} d - EC secret scalar + * @returns {Promise} Whether params are valid. + * @async */ -class Subkey { - /** - * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey - * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey - */ - constructor(subkeyPacket, mainKey) { - this.keyPacket = subkeyPacket; - this.bindingSignatures = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } - - /** - * Transforms structured subkey data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.bindingSignatures); - return packetlist; - } - - /** - * Shallow clone - * @return {Subkey} - */ - clone() { - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.bindingSignatures = [...this.bindingSignatures]; - subkey.revocationSignatures = [...this.revocationSignatures]; - return subkey; - } +async function validateStandardParams(algo, oid, Q, d) { + const supportedCurves = { + [enums.curve.nistP256]: true, + [enums.curve.nistP384]: true, + [enums.curve.nistP521]: true, + [enums.curve.secp256k1]: true, + [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh, + [enums.curve.brainpoolP256r1]: true, + [enums.curve.brainpoolP384r1]: true, + [enums.curve.brainpoolP512r1]: true + }; - /** - * Checks if a binding signature of a subkey is revoked - * @param {SignaturePacket} signature - The binding signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the binding signature is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked( - primaryKey, enums.signature.subkeyRevocation, { - key: primaryKey, - bind: this.keyPacket - }, this.revocationSignatures, signature, key, date, config$1 - ); + // Check whether the given curve is supported + const curveName = oid.getName(); + if (!supportedCurves[curveName]) { + return false; } - /** - * Verify subkey. Checks for revocation signatures, expiration time - * and valid binding signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} if the subkey is invalid. - * @async - */ - async verify(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - // check subkey binding signatures - const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - // check binding signature is not revoked - if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { - throw new Error('Subkey is revoked'); - } - // check for expiration time - if (isDataExpired(this.keyPacket, bindingSignature, date)) { - throw new Error('Subkey is expired'); - } - return bindingSignature; - } + if (curveName === enums.curve.curve25519Legacy) { + d = d.slice().reverse(); + // Re-derive public point Q' + const { publicKey } = nacl.box.keyPair.fromSecretKey(d); - /** - * Returns the expiration time of the subkey or Infinity if key does not expire. - * Returns null if the subkey is invalid. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async - */ - async getExpirationTime(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - let bindingSignature; - try { - bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - } catch (e) { - return null; + Q = new Uint8Array(Q); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + if (!util.equalsUint8Array(dG, Q)) { + return false; } - const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); - const sigExpiry = bindingSignature.getExpirationTime(); - return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; - } - /** - * Update subkey with new components from specified subkey - * @param {Subkey} subkey - Source subkey to merge - * @param {Date} [date] - Date to verify validity of signatures - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if update failed - * @async - */ - async update(subkey, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - if (!this.hasSameFingerprintAs(subkey)) { - throw new Error('Subkey update method: fingerprints of subkeys not equal'); - } - // key packet - if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && - subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { - this.keyPacket = subkey.keyPacket; - } - // update missing binding signatures - const that = this; - const dataToVerify = { key: primaryKey, bind: that.keyPacket }; - await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { - for (let i = 0; i < that.bindingSignatures.length; i++) { - if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { - if (srcBindSig.created > that.bindingSignatures[i].created) { - that.bindingSignatures[i] = srcBindSig; - } - return false; - } - } - try { - await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); - return true; - } catch (e) { - return false; - } - }); - // revocation signatures - await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); - }); + return true; } - /** - * Revokes the subkey - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New subkey with revocation signature. - * @async + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + /* + * Re-derive public point Q' = dG from private key + * Expect Q == Q' */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { key: primaryKey, bind: this.keyPacket }; - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.subkeyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await subkey.update(this); - return subkey; + const dG = nobleCurve.getPublicKey(d, false); + if (!util.equalsUint8Array(dG, Q)) { + return false; } - hasSameFingerprintAs(other) { - return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + return true; +} + +/** + * Check whether the public point has a valid encoding. + * NB: this function does not check e.g. whether the point belongs to the curve. + */ +function checkPublicPointEnconding(curve, V) { + const { payloadSize, wireFormatLeadingByte, name: curveName } = curve; + + const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2; + + if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) { + throw new Error('Invalid point encoding'); } } -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { - Subkey.prototype[name] = - function() { - return this.keyPacket[name](); - }; -}); +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// +async function jsGenKeyPair(name) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + const privateKey = nobleCurve.utils.randomPrivateKey(); + const publicKey = nobleCurve.getPublicKey(privateKey, false); + return { publicKey, privateKey }; +} -// GPG4Browsers - An OpenPGP implementation in javascript +async function webGenKeyPair(name, wireFormatLeadingByte) { + // Note: keys generated with ECDSA and ECDH are structurally equivalent + const webCryptoKey = await webCrypto$2.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); -// A key revocation certificate can contain the following packets -const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); -const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); -const keyPacketTags = new Set([ - enums.packet.publicKey, enums.packet.privateKey, - enums.packet.publicSubkey, enums.packet.privateSubkey -]); + const privateKey = await webCrypto$2.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto$2.exportKey('jwk', webCryptoKey.publicKey); + + return { + publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte), + privateKey: b64ToUint8Array(privateKey.d) + }; +} + +async function nodeGenKeyPair(name) { + // Note: ECDSA and ECDH key generation is structurally equivalent + const ecdh = nodeCrypto$2.createECDH(nodeCurves[name]); + await ecdh.generateKeys(); + return { + publicKey: new Uint8Array(ecdh.getPublicKey()), + privateKey: new Uint8Array(ecdh.getPrivateKey()) + }; +} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// /** - * Abstract class that represents an OpenPGP key. Must contain a primary key. - * Can contain additional subkeys, signatures, user ids, user attributes. - * @borrows PublicKeyPacket#getKeyID as Key#getKeyID - * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint - * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs - * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo - * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + * @param {JsonWebKey} jwk - key for conversion + * + * @returns {Uint8Array} Raw public key. */ -class Key { - /** - * Transforms packetlist to structured key data - * @param {PacketList} packetlist - The packets that form a key - * @param {Set} disallowedPackets - disallowed packet tags - */ - packetListToStructure(packetlist, disallowedPackets = new Set()) { - let user; - let primaryKeyID; - let subkey; - let ignoreUntil; +function jwkToRawPublic(jwk, wireFormatLeadingByte) { + const bufX = b64ToUint8Array(jwk.x); + const bufY = b64ToUint8Array(jwk.y); + const publicKey = new Uint8Array(bufX.length + bufY.length + 1); + publicKey[0] = wireFormatLeadingByte; + publicKey.set(bufX, 1); + publicKey.set(bufY, bufX.length + 1); + return publicKey; +} - for (const packet of packetlist) { +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * + * @returns {JsonWebKey} Public key in jwk format. + */ +function rawPublicToJWK(payloadSize, name, publicKey) { + const len = payloadSize; + const bufX = publicKey.slice(1, len + 1); + const bufY = publicKey.slice(len + 1, len * 2 + 1); + // https://www.rfc-editor.org/rfc/rfc7518.txt + const jwk = { + kty: 'EC', + crv: name, + x: uint8ArrayToB64(bufX), + y: uint8ArrayToB64(bufY), + ext: true + }; + return jwk; +} - if (packet instanceof UnparseablePacket) { - const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); - if (isUnparseableKeyPacket && !ignoreUntil) { - // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must - // discard all non-key packets that follow, until another (sub)key packet is found. - if (mainKeyPacketTags.has(packet.tag)) { - ignoreUntil = mainKeyPacketTags; - } else { - ignoreUntil = keyPacketTags; - } - } - continue; - } +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * @param {Uint8Array} privateKey - private key + * + * @returns {JsonWebKey} Private key in jwk format. + */ +function privateToJWK(payloadSize, name, publicKey, privateKey) { + const jwk = rawPublicToJWK(payloadSize, name, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; +} - const tag = packet.constructor.tag; - if (ignoreUntil) { - if (!ignoreUntil.has(tag)) continue; - ignoreUntil = null; - } - if (disallowedPackets.has(tag)) { - throw new Error(`Unexpected packet type: ${tag}`); - } - switch (tag) { - case enums.packet.publicKey: - case enums.packet.secretKey: - if (this.keyPacket) { - throw new Error('Key block contains multiple keys'); - } - this.keyPacket = packet; - primaryKeyID = this.getKeyID(); - if (!primaryKeyID) { - throw new Error('Missing Key ID'); - } - break; - case enums.packet.userID: - case enums.packet.userAttribute: - user = new User(packet, this); - this.users.push(user); - break; - case enums.packet.publicSubkey: - case enums.packet.secretSubkey: - user = null; - subkey = new Subkey(packet, this); - this.subkeys.push(subkey); - break; - case enums.packet.signature: - switch (packet.signatureType) { - case enums.signature.certGeneric: - case enums.signature.certPersona: - case enums.signature.certCasual: - case enums.signature.certPositive: - if (!user) { - util.printDebug('Dropping certification signatures without preceding user packet'); - continue; - } - if (packet.issuerKeyID.equals(primaryKeyID)) { - user.selfCertifications.push(packet); - } else { - user.otherCertifications.push(packet); - } - break; - case enums.signature.certRevocation: - if (user) { - user.revocationSignatures.push(packet); - } else { - this.directSignatures.push(packet); - } - break; - case enums.signature.key: - this.directSignatures.push(packet); - break; - case enums.signature.subkeyBinding: - if (!subkey) { - util.printDebug('Dropping subkey binding signature without preceding subkey packet'); - continue; - } - subkey.bindingSignatures.push(packet); - break; - case enums.signature.keyRevocation: - this.revocationSignatures.push(packet); - break; - case enums.signature.subkeyRevocation: - if (!subkey) { - util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); - continue; - } - subkey.revocationSignatures.push(packet); - break; - } - break; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$1 = util.getWebCrypto(); +const nodeCrypto$1 = util.getNodeCrypto(); + +/** + * Sign a message using the provided key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$4(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (message && !util.isStream(message)) { + const keyPair = { publicKey, privateKey }; + switch (curve.type) { + case 'web': + // If browser doesn't support a curve, we'll catch it + try { + // Need to await to make sure browser succeeds + return await webSign(curve, hashAlgo, message, keyPair); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunaley Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support signing: ' + err.message); + } + break; + case 'node': + return nodeSign(curve, hashAlgo, message, privateKey); } } - /** - * Transforms structured key data to packetlist - * @returns {PacketList} The packets that form a key. - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.directSignatures); - this.users.map(user => packetlist.push(...user.toPacketList())); - this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); - return packetlist; - } + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + const signature = nobleCurve.sign(hashed, privateKey, { lowS: false }); + return { + r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize), + s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize) + }; +} - /** - * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. - * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. - * @returns {Promise} Clone of the key. - */ - clone(clonePrivateParams = false) { - const key = new this.constructor(this.toPacketList()); - if (clonePrivateParams) { - key.getKeys().forEach(k => { - // shallow clone the key packets - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - if (!k.keyPacket.isDecrypted()) return; - // deep clone the private params, which are cleared during encryption - const privateParams = {}; - Object.keys(k.keyPacket.privateParams).forEach(name => { - privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); - }); - k.keyPacket.privateParams = privateParams; - }); +/** + * Verifies if a signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify + * @param {Uint8Array} message - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$4(oid, hashAlgo, signature, message, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + // See https://github.com/openpgpjs/openpgpjs/pull/948. + // NB: the impact was more likely limited to Brainpool curves, since thanks + // to WebCrypto availability, NIST curve should not have been affected. + // Similarly, secp256k1 should have been used rarely enough. + // However, we implement the fix for all curves, since it's only needed in case of + // verification failure, which is unexpected, hence a minor slowdown is acceptable. + const tryFallbackVerificationForOldBug = async () => ( + hashed[0] === 0 ? + jsVerify(curve, signature, hashed.subarray(1), publicKey) : + false + ); + + if (message && !util.isStream(message)) { + switch (curve.type) { + case 'web': + try { + // Need to await to make sure browser succeeds + const verified = await webVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunately Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support verifying: ' + err.message); + } + break; + case 'node': { + const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } } - return key; } - /** - * Returns an array containing all public or private subkeys matching keyID; - * If no keyID is given, returns all subkeys. - * @param {type/keyID} [keyID] - key ID to look for - * @returns {Array} array of subkeys - */ - getSubkeys(keyID = null) { - const subkeys = this.subkeys.filter(subkey => ( - !keyID || subkey.getKeyID().equals(keyID, true) - )); - return subkeys; + const verified = await jsVerify(curve, signature, hashed, publicKey); + return verified || tryFallbackVerificationForOldBug(); +} + +/** + * Validate ECDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDSA public point + * @param {Uint8Array} d - ECDSA secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$5(oid, Q, d) { + const curve = new CurveWithOID(oid); + // Reject curves x25519 and ed25519 + if (curve.keyType !== enums.publicKey.ecdsa) { + return false; } - /** - * Returns an array containing all public or private keys matching keyID. - * If no keyID is given, returns all keys, starting with the primary key. - * @param {type/keyid~KeyID} [keyID] - key ID to look for - * @returns {Array} array of keys - */ - getKeys(keyID = null) { - const keys = []; - if (!keyID || this.getKeyID().equals(keyID, true)) { - keys.push(this); + // To speed up the validation, we try to use node- or webcrypto when available + // and sign + verify a random message + switch (curve.type) { + case 'web': + case 'node': { + const message = getRandomBytes(8); + const hashAlgo = enums.hash.sha256; + const hashed = await hash$1.digest(hashAlgo, message); + try { + const signature = await sign$4(oid, hashAlgo, message, Q, d, hashed); + // eslint-disable-next-line @typescript-eslint/return-await + return await verify$4(oid, hashAlgo, signature, message, Q, hashed); + } catch (err) { + return false; + } } - return keys.concat(this.getSubkeys(keyID)); + default: + return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); } +} - /** - * Returns key IDs of all keys - * @returns {Array} - */ - getKeyIDs() { - return this.getKeys().map(key => key.getKeyID()); - } - /** - * Returns userIDs - * @returns {Array} Array of userIDs. - */ - getUserIDs() { - return this.users.map(user => { - return user.userID ? user.userID.userID : null; - }).filter(userID => userID !== null); - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// - /** - * Returns binary encoded key - * @returns {Uint8Array} Binary key. - */ - write() { - return this.toPacketList().write(); - } +/** + * Fallback javascript implementation of ECDSA verification. + * To be used if no native implementation is available for the given curve/operation. + */ +async function jsVerify(curve, signature, hashed, publicKey) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false }); +} - /** - * Returns last created key or key by given keyID that is available for signing and verification - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} signing key - * @throws if no valid signing key was found - * @async - */ - async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature( - subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 - ); - if (!isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) { - continue; - } - if (!bindingSignature.embeddedSignature) { - throw new Error('Missing embedded signature'); - } - // verify embedded signature - await getLatestValidSignature( - [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 - ); - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } catch (e) { - exception = e; - } - } - } +async function webSign(curve, hashAlgo, message, keyPair) { + const len = curve.payloadSize; + const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['sign'] + ); + + const signature = new Uint8Array(await webCrypto$1.sign( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + message + )); + + return { + r: signature.slice(0, len), + s: signature.slice(len, len << 1) + }; +} + +async function webVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['verify'] + ); + + const signature = util.concatUint8Array([r, s]).buffer; + + return webCrypto$1.verify( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + signature, + message + ); +} + +async function nodeSign(curve, hashAlgo, message, privateKey) { + // JWT encoding cannot be used for now, as Brainpool curves are not supported + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + privateKey: nodeBuffer.from(privateKey) + }); + + const sign = nodeCrypto$1.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(message); + sign.end(); + + const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' })); + const len = curve.payloadSize; + + return { + r: signature.subarray(0, len), + s: signature.subarray(len, len << 1) + }; +} - try { - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config$1)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; - } - throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); +async function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { publicKey: derPublicKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + publicKey: nodeBuffer.from(publicKey) + }); + + const verify = nodeCrypto$1.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(message); + verify.end(); + + const signature = util.concatUint8Array([r, s]); + + try { + return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature); + } catch (err) { + return false; } +} - /** - * Returns last created key or key by given keyID that is available for encryption or decryption - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} encryption key - * @throws if no valid encryption key was found - * @async - */ - async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - // V4: by convention subkeys are preferred for encryption service - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) { - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } - } catch (e) { - exception = e; - } - } - } +var ecdsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$4, + validateParams: validateParams$5, + verify: verify$4 +}); - try { - // if no valid subkey for encryption, evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; - } - throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$3(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); } + const { RS: signature } = await sign$5(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; +} - /** - * Checks if a signature on a key is revoked - * @param {SignaturePacket} signature - The signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - return isDataRevoked( - this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 - ); +/** + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$3(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + const RS = util.concatUint8Array([r, s]); + return verify$5(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed); +} +/** + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$4(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== enums.curve.ed25519Legacy) { + return false; } /** - * Verify primary key. Checks for revocation signatures, expiration time - * and valid self signature. Throws if the primary key is invalid. - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} If key verification failed - * @async + * Derive public point Q' = dG from private key + * and expect Q == Q' */ - async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - // check for key revocation signatures - if (await this.isRevoked(null, null, date, config$1)) { - throw new Error('Primary key is revoked'); - } - // check for valid, unrevoked, unexpired self signature - const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); - // check for expiration time in binding signatures - if (isDataExpired(primaryKey, selfCertification, date)) { - throw new Error('Primary key is expired'); - } - // check for expiration time in direct signatures - const directSignature = await getLatestValidSignature( - this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 - ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); - if (directSignature && isDataExpired(primaryKey, directSignature, date)) { - throw new Error('Primary key is expired'); - } - } +} - /** - * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. - * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. - * @param {Object} [userID] - User ID to consider instead of the primary user - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async - */ - async getExpirationTime(userID, config$1 = config) { - let primaryKeyExpiry; - try { - const { selfCertification } = await this.getPrimaryUser(null, userID, config$1); - const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); - const selfSigExpiry = selfCertification.getExpirationTime(); - const directSignature = await getLatestValidSignature( - this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 - ).catch(() => {}); - if (directSignature) { - const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); - // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, - // causing a discountinous validy period for the key - primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); - } else { - primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; - } - } catch (e) { - primaryKeyExpiry = null; - } +var eddsa_legacy = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$3, + validateParams: validateParams$4, + verify: verify$3 +}); - return util.normalizeDate(primaryKeyExpiry); - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /** - * Returns primary user and most significant (latest valid) self signature - * - if multiple primary users exist, returns the one with the latest self signature - * - otherwise, returns the user with the latest self signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * user: User, - * selfCertification: SignaturePacket - * }>} The primary user and the self signature - * @async - */ - async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const users = []; - let exception; - for (let i = 0; i < this.users.length; i++) { - try { - const user = this.users[i]; - if (!user.userID) { - continue; - } - if ( - (userID.name !== undefined && user.userID.name !== userID.name) || - (userID.email !== undefined && user.userID.email !== userID.email) || - (userID.comment !== undefined && user.userID.comment !== userID.comment) - ) { - throw new Error('Could not find user that matches that user ID'); - } - const dataToVerify = { userID: user.userID, key: primaryKey }; - const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); - users.push({ index: i, user, selfCertification }); - } catch (e) { - exception = e; +/** + * @fileoverview Functions to add and remove PKCS5 padding + * @see PublicKeyEncryptedSessionKeyPacket + * @module crypto/pkcs5 + * @private + */ + +/** + * Add pkcs5 padding to a message + * @param {Uint8Array} message - message to pad + * @returns {Uint8Array} Padded message. + */ +function encode(message) { + const c = 8 - (message.length % 8); + const padded = new Uint8Array(message.length + c).fill(c); + padded.set(message); + return padded; +} + +/** + * Remove pkcs5 padding from a message + * @param {Uint8Array} message - message to remove padding from + * @returns {Uint8Array} Message without padding. + */ +function decode$1(message) { + const len = message.length; + if (len > 0) { + const c = message[len - 1]; + if (c >= 1) { + const provided = message.subarray(len - c); + const computed = new Uint8Array(c).fill(c); + if (util.equalsUint8Array(provided, computed)) { + return message.subarray(0, len - c); } } - if (!users.length) { - throw exception || new Error('Could not find primary user'); - } - await Promise.all(users.map(async function (a) { - return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); - })); - // sort by primary user flag and signature creation time - const primaryUser = users.sort(function(a, b) { - const A = a.selfCertification; - const B = b.selfCertification; - return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; - }).pop(); - const { user, selfCertification: cert } = primaryUser; - if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { - throw new Error('Primary user is revoked'); - } - return primaryUser; } + throw new Error('Invalid padding'); +} - /** - * Update key with new components from specified key with same key ID: - * users, subkeys, certificates are merged into the destination key, - * duplicates and expired signatures are ignored. - * - * If the source key is a private key and the destination key is public, - * a private key is returned. - * @param {Key} sourceKey - Source key to merge - * @param {Date} [date] - Date to verify validity of signatures and keys - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} updated key - * @async - */ - async update(sourceKey, date = new Date(), config$1 = config) { - if (!this.hasSameFingerprintAs(sourceKey)) { - throw new Error('Primary key fingerprints must be equal to update the key'); - } - if (!this.isPrivate() && sourceKey.isPrivate()) { - // check for equal subkey packets - const equal = (this.subkeys.length === sourceKey.subkeys.length) && - (this.subkeys.every(destSubkey => { - return sourceKey.subkeys.some(srcSubkey => { - return destSubkey.hasSameFingerprintAs(srcSubkey); - }); - })); - if (!equal) { - throw new Error('Cannot update public key with private key if subkeys mismatch'); - } +var pkcs5 = /*#__PURE__*/Object.freeze({ + __proto__: null, + decode: decode$1, + encode: encode +}); - return sourceKey.update(this, config$1); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto = util.getWebCrypto(); +const nodeCrypto = util.getNodeCrypto(); + +/** + * Validate ECDH parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDH public point + * @param {Uint8Array} d - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$3(oid, Q, d) { + return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); +} + +// Build Param for ECDH algorithm (RFC 6637) +function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { + return util.concatUint8Array([ + oid.write(), + new Uint8Array([public_algo]), + kdfParams.write(), + util.stringToUint8Array('Anonymous Sender '), + fingerprint + ]); +} + +// Key Derivation Function (RFC 6637) +async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { + // Note: X is little endian for Curve25519, big-endian for all others. + // This is not ideal, but the RFC's are unclear + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B + let i; + if (stripLeading) { + // Work around old go crypto bug + for (i = 0; i < X.length && X[i] === 0; i++); + X = X.subarray(i); + } + if (stripTrailing) { + // Work around old OpenPGP.js bug + for (i = X.length - 1; i >= 0 && X[i] === 0; i--); + X = X.subarray(0, i + 1); + } + const digest = await hash$1.digest(hashAlgo, util.concatUint8Array([ + new Uint8Array([0, 0, 0, 1]), + X, + param + ])); + return digest.subarray(0, length); +} + +/** + * Generate ECDHE ephemeral key and secret from public key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPublicEphemeralKey(curve, Q) { + switch (curve.type) { + case 'curve25519Legacy': { + const { sharedSecret: sharedKey, ephemeralPublicKey } = await generateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1)); + const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]); + return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below } - // from here on, either: - // - destination key is private, source key is public - // - the keys are of the same type - // hence we don't need to convert the destination key type - const updatedKey = this.clone(); - // revocation signatures - await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { - return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); - }); - // direct signatures - await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); - // update users - await Promise.all(sourceKey.users.map(async srcUser => { - // multiple users with the same ID/attribute are not explicitly disallowed by the spec - // hence we support them, just in case - const usersToUpdate = updatedKey.users.filter(dstUser => ( - (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || - (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) - )); - if (usersToUpdate.length > 0) { - await Promise.all( - usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) - ); - } else { - const newUser = srcUser.clone(); - newUser.mainKey = updatedKey; - updatedKey.users.push(newUser); - } - })); - // update subkeys - await Promise.all(sourceKey.subkeys.map(async srcSubkey => { - // multiple subkeys with same fingerprint might be preset - const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( - dstSubkey.hasSameFingerprintAs(srcSubkey) - )); - if (subkeysToUpdate.length > 0) { - await Promise.all( - subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) - ); - } else { - const newSubkey = srcSubkey.clone(); - newSubkey.mainKey = updatedKey; - updatedKey.subkeys.push(newSubkey); + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPublicEphemeralKey(curve, Q); + } catch (err) { + util.printDebugError(err); + return jsPublicEphemeralKey(curve, Q); + } } - })); + break; + case 'node': + return nodePublicEphemeralKey(curve, Q); + default: + return jsPublicEphemeralKey(curve, Q); - return updatedKey; } +} - /** - * Get revocation certificate from a revoked key. - * (To get a revocation certificate for an unrevoked key, call revoke() first.) - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Armored revocation certificate. - * @async - */ - async getRevocationCertificate(date = new Date(), config$1 = config) { - const dataToVerify = { key: this.keyPacket }; - const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); - const packetlist = new PacketList(); - packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); - } +/** + * Encrypt and wrap a session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} data - Unpadded session key data + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} + * @async + */ +async function encrypt$1(oid, kdfParams, data, Q, fingerprint) { + const m = encode(data); - /** - * Applies a revocation certificate to a key - * This adds the first signature packet in the armored text to the key, - * if it is a valid revocation signature. - * @param {String} revocationCertificate - armored revocation certificate - * @param {Date} [date] - Date to verify the certificate - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Revoked key. - * @async - */ - async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { - const input = await unarmor(revocationCertificate, config$1); - const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); - const revocationSignature = packetlist.findPacket(enums.packet.signature); - if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { - throw new Error('Could not find revocation signature packet'); - } - if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { - throw new Error('Revocation signature does not match key'); + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); + const wrappedKey = await wrap(kdfParams.cipher, Z, m); + return { publicKey, wrappedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPrivateEphemeralKey(curve, V, Q, d) { + if (d.length !== curve.payloadSize) { + const privateKey = new Uint8Array(curve.payloadSize); + privateKey.set(d, curve.payloadSize - d.length); + d = privateKey; + } + switch (curve.type) { + case 'curve25519Legacy': { + const secretKey = d.slice().reverse(); + const sharedKey = await recomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey); + return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPrivateEphemeralKey(curve, V, Q, d); + } catch (err) { + util.printDebugError(err); + return jsPrivateEphemeralKey(curve, V, d); + } + } + break; + case 'node': + return nodePrivateEphemeralKey(curve, V, d); + default: + return jsPrivateEphemeralKey(curve, V, d); + } +} + +/** + * Decrypt and unwrap the value derived from session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} C - Encrypted and wrapped value derived from session key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise} Value derived from session key. + * @async + */ +async function decrypt$1(oid, kdfParams, V, C, Q, d, fingerprint) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + checkPublicPointEnconding(curve, V); + const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + let err; + for (let i = 0; i < 3; i++) { try { - await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); + // Work around old go crypto bug and old OpenPGP.js bug, respectively. + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); + return decode$1(await unwrap(kdfParams.cipher, Z, C)); } catch (e) { - throw util.wrapError('Could not verify revocation signature', e); + err = e; } - const key = this.clone(); - key.revocationSignatures.push(revocationSignature); - return key; } + throw err; +} - /** - * Signs primary user of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signPrimaryUser(privateKeys, date, userID, config$1 = config) { - const { index, user } = await this.getPrimaryUser(date, userID, config$1); - const userSign = await user.certify(privateKeys, date, config$1); - const key = this.clone(); - key.users[index] = userSign; - return key; - } +async function jsPrivateEphemeralKey(curve, V, d) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V); + const sharedKey = sharedSecretWithParity.subarray(1); + return { secretKey: d, sharedKey }; +} - /** - * Signs all users of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for signing, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signAllUsers(privateKeys, date = new Date(), config$1 = config) { - const key = this.clone(); - key.users = await Promise.all(this.users.map(function(user) { - return user.certify(privateKeys, date, config$1); - })); - return key; - } +async function jsPublicEphemeralKey(curve, Q) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + const { publicKey: V, privateKey: v } = await curve.genKeyPair(); - /** - * Verifies primary user of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { - const primaryKey = this.keyPacket; - const { user } = await this.getPrimaryUser(date, userID, config$1); - const results = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - return results; - } + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q); + const sharedKey = sharedSecretWithParity.subarray(1); + return { publicKey: V, sharedKey }; +} - /** - * Verifies all users of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of userID, signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { - const primaryKey = this.keyPacket; - const results = []; - await Promise.all(this.users.map(async user => { - const signatures = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; +/** + * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPrivateEphemeralKey(curve, V, Q, d) { + const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d); + let privateKey = webCrypto.importKey( + 'jwk', + recipient, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V); + let sender = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + [] + ); + [privateKey, sender] = await Promise.all([privateKey, sender]); + let S = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: sender + }, + privateKey, + curve.sharedSize + ); + let secret = webCrypto.exportKey( + 'jwk', + privateKey + ); + [S, secret] = await Promise.all([S, secret]); + const sharedKey = new Uint8Array(S); + const secretKey = b64ToUint8Array(secret.d); + return { secretKey, sharedKey }; +} - results.push(...signatures.map( - signature => ({ - userID: user.userID ? user.userID.userID : null, - userAttribute: user.userAttribute, - keyID: signature.keyID, - valid: signature.valid - })) - ); - })); - return results; - } +/** + * Generate ECDHE ephemeral key and secret from public key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPublicEphemeralKey(curve, Q) { + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q); + let keyPair = webCrypto.generateKey( + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + let recipient = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + false, + [] + ); + [keyPair, recipient] = await Promise.all([keyPair, recipient]); + let s = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: recipient + }, + keyPair.privateKey, + curve.sharedSize + ); + let p = webCrypto.exportKey( + 'jwk', + keyPair.publicKey + ); + [s, p] = await Promise.all([s, p]); + const sharedKey = new Uint8Array(s); + const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte)); + return { publicKey, sharedKey }; } -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { - Key.prototype[name] = - Subkey.prototype[name]; +/** + * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePrivateEphemeralKey(curve, V, d) { + const recipient = nodeCrypto.createECDH(curve.node); + recipient.setPrivateKey(d); + const sharedKey = new Uint8Array(recipient.computeSecret(V)); + const secretKey = new Uint8Array(recipient.getPrivateKey()); + return { secretKey, sharedKey }; +} + +/** + * Generate ECDHE ephemeral key and secret from public key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePublicEphemeralKey(curve, Q) { + const sender = nodeCrypto.createECDH(curve.node); + sender.generateKeys(); + const sharedKey = new Uint8Array(sender.computeSecret(Q)); + const publicKey = new Uint8Array(sender.getPublicKey()); + return { publicKey, sharedKey }; +} + +var ecdh = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$1, + encrypt: encrypt$1, + validateParams: validateParams$3 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +var elliptic = /*#__PURE__*/Object.freeze({ + __proto__: null, + CurveWithOID: CurveWithOID, + ecdh: ecdh, + ecdhX: ecdh_x, + ecdsa: ecdsa, + eddsa: eddsa, + eddsaLegacy: eddsa_legacy, + generate: generate$1, + getPreferredHashAlgo: getPreferredHashAlgo$1 }); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// // This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/** - * Class that represents an OpenPGP Public Key - */ -class PublicKey extends Key { - /** - * @param {PacketList} packetlist - The packets that form this key - */ - constructor(packetlist) { - super(); - this.keyPacket = null; - this.revocationSignatures = []; - this.directSignatures = []; - this.users = []; - this.subkeys = []; - if (packetlist) { - this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing public-key packet'); - } - } - } - /** - * Returns true if this is a private key - * @returns {false} - */ - isPrivate() { - return false; - } +/* + TODO regarding the hash function, read: + https://tools.ietf.org/html/rfc4880#section-13.6 + https://tools.ietf.org/html/rfc4880#section-14 +*/ - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - return this; - } +const _0n$7 = BigInt(0); +const _1n$9 = BigInt(1); - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); +/** + * DSA Sign function + * @param {Integer} hashAlgo + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} x + * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} + * @async + */ +async function sign$2(hashAlgo, hashed, g, p, q, x) { + const _0n = BigInt(0); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + x = uint8ArrayToBigInt(x); + + let k; + let r; + let s; + let t; + g = mod$2(g, p); + x = mod$2(x, q); + // If the output size of the chosen hash is larger than the number of + // bits of q, the hash result is truncated to fit by taking the number + // of leftmost bits equal to the number of bits of q. This (possibly + // truncated) hash function result is treated as a number and used + // directly in the DSA signature algorithm. + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + // FIPS-186-4, section 4.6: + // The values of r and s shall be checked to determine if r = 0 or s = 0. + // If either r = 0 or s = 0, a new value of k shall be generated, and the + // signature shall be recalculated. It is extremely unlikely that r = 0 + // or s = 0 if signatures are generated properly. + while (true) { + // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + k = getRandomBigInteger(_1n$9, q); // returns in [1, q-1] + r = mod$2(modExp(g, k, p), q); // (g**k mod p) mod q + if (r === _0n) { + continue; + } + const xr = mod$2(x * r, q); + t = mod$2(h + xr, q); // H(m) + x*r mod q + s = mod$2(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q + if (s === _0n) { + continue; + } + break; } + return { + r: bigIntToUint8Array(r, 'be', byteLength(p)), + s: bigIntToUint8Array(s, 'be', byteLength(p)) + }; } /** - * Class that represents an OpenPGP Private key - */ -class PrivateKey extends PublicKey { - /** - * @param {PacketList} packetlist - The packets that form this key + * DSA Verify function + * @param {Integer} hashAlgo + * @param {Uint8Array} r + * @param {Uint8Array} s + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} y + * @returns {boolean} + * @async */ - constructor(packetlist) { - super(); - this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing private-key packet'); - } - } +async function verify$2(hashAlgo, r, s, hashed, g, p, q, y) { + r = uint8ArrayToBigInt(r); + s = uint8ArrayToBigInt(s); - /** - * Returns true if this is a private key - * @returns {Boolean} - */ - isPrivate() { - return true; - } + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - const packetlist = new PacketList(); - const keyPackets = this.toPacketList(); - for (const keyPacket of keyPackets) { - switch (keyPacket.constructor.tag) { - case enums.packet.secretKey: { - const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); - packetlist.push(pubKeyPacket); - break; - } - case enums.packet.secretSubkey: { - const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); - packetlist.push(pubSubkeyPacket); - break; - } - default: - packetlist.push(keyPacket); - } - } - return new PublicKey(packetlist); + if (r <= _0n$7 || r >= q || + s <= _0n$7 || s >= q) { + util.printDebug('invalid DSA Signature'); + return false; } - - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + const w = modInv(s, q); // s**-1 mod q + if (w === _0n$7) { + util.printDebug('invalid DSA Signature'); + return false; } - /** - * Returns all keys that are available for decryption, matching the keyID when given - * This is useful to retrieve keys for session key decryption - * @param {module:type/keyid~KeyID} keyID, optional - * @param {Date} date, optional - * @param {String} userID, optional - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} Array of decryption keys. - * @async - */ - async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const keys = []; - for (let i = 0; i < this.subkeys.length; i++) { - if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { - try { - const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; - const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidDecryptionKeyPacket(bindingSignature, config$1)) { - keys.push(this.subkeys[i]); - } - } catch (e) {} - } - } - - // evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && - isValidDecryptionKeyPacket(primaryUser.selfCertification, config$1)) { - keys.push(this); - } + g = mod$2(g, p); + y = mod$2(y, p); + const u1 = mod$2(h * w, q); // H(m) * w mod q + const u2 = mod$2(r * w, q); // r * w mod q + const t1 = modExp(g, u1, p); // g**u1 mod p + const t2 = modExp(y, u2, p); // y**u2 mod p + const v = mod$2(mod$2(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q + return v === r; +} - return keys; +/** + * Validate DSA parameters + * @param {Uint8Array} p - DSA prime + * @param {Uint8Array} q - DSA group order + * @param {Uint8Array} g - DSA sub-group generator + * @param {Uint8Array} y - DSA public key + * @param {Uint8Array} x - DSA private key + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$2(p, q, g, y, x) { + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + // Check that 1 < g < p + if (g <= _1n$9 || g >= p) { + return false; } /** - * Returns true if the primary key or any subkey is decrypted. - * A dummy key is considered encrypted. + * Check that subgroup order q divides p-1 */ - isDecrypted() { - return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); + if (mod$2(p - _1n$9, q) !== _0n$7) { + return false; } /** - * Check whether the private and public primary key parameters correspond - * Together with verification of binding signatures, this guarantees key integrity - * In case of gnu-dummy primary key, it is enough to validate any signing subkeys - * otherwise all encryption subkeys are validated - * If only gnu-dummy keys are found, we cannot properly validate so we throw an error - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if validation was not successful and the key cannot be trusted - * @async + * g has order q + * Check that g ** q = 1 mod p */ - async validate(config$1 = config) { - if (!this.isPrivate()) { - throw new Error('Cannot validate a public key'); - } - - let signingKeyPacket; - if (!this.keyPacket.isDummy()) { - signingKeyPacket = this.keyPacket; - } else { - /** - * It is enough to validate any signing keys - * since its binding signatures are also checked - */ - const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); - // This could again be a dummy key - if (signingKey && !signingKey.keyPacket.isDummy()) { - signingKeyPacket = signingKey.keyPacket; - } - } - - if (signingKeyPacket) { - return signingKeyPacket.validate(); - } else { - const keys = this.getKeys(); - const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); - if (allDummies) { - throw new Error('Cannot validate an all-gnu-dummy key'); - } - - return Promise.all(keys.map(async key => key.keyPacket.validate())); - } + if (modExp(g, q, p) !== _1n$9) { + return false; } /** - * Clear private key parameters + * Check q is large and probably prime (we mainly want to avoid small factors) */ - clearPrivateParams() { - this.getKeys().forEach(({ keyPacket }) => { - if (keyPacket.isDecrypted()) { - keyPacket.clearPrivateParams(); - } - }); + const qSize = BigInt(bitLength(q)); + const _150n = BigInt(150); + if (qSize < _150n || !isProbablePrime(q, null, 32)) { + return false; } /** - * Revokes the key - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New key with revocation signature. - * @async + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{rq + x} to compare to y */ - async revoke( - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - if (!this.isPrivate()) { - throw new Error('Need private key for revoking'); - } - const dataToSign = { key: this.keyPacket }; - const key = this.clone(); - key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.keyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, undefined, config$1)); - return key; + x = uint8ArrayToBigInt(x); + const _2n = BigInt(2); + const r = getRandomBigInteger(_2n << (qSize - _1n$9), _2n << qSize); // draw r of same size as q + const rqx = q * r + x; + if (y !== modExp(g, rqx, p)) { + return false; } + return true; +} + +var dsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$2, + validateParams: validateParams$2, + verify: verify$2 +}); - /** - * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. - * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. - * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA - * @param {String} options.curve (optional) Elliptic curve for ECC keys - * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date (optional) Override the creation date of the key and the key signatures - * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false - * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} - * @async - */ - async addSubkey(options = {}) { - const config$1 = { ...config, ...options.config }; - if (options.passphrase) { - throw new Error('Subkey could not be encrypted here, please encrypt whole key'); +/** + * @fileoverview Asymmetric cryptography functions + * @module crypto/public_key + */ + + +var publicKey = { + /** @see module:crypto/public_key/rsa */ + rsa: rsa, + /** @see module:crypto/public_key/elgamal */ + elgamal: elgamal, + /** @see module:crypto/public_key/elliptic */ + elliptic: elliptic, + /** @see module:crypto/public_key/dsa */ + dsa: dsa +}; + +/** + * @fileoverview Provides functions for asymmetric signing and signature verification + * @module crypto/signature + */ + + +/** + * Parse signature in binary form to get the parameters. + * The returned values are only padded for EdDSA, since in the other cases their expected length + * depends on the key params, hence we delegate the padding to the signature verification function. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Uint8Array} signature - Data for which the signature was created + * @returns {Promise} True if signature is valid. + * @async + */ +function parseSignatureParams(algo, signature) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA signatures: + // - MPI of RSA signature value m**d mod n. + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + // The signature needs to be the same length as the public key modulo n. + // We pad s on signature verification, where we have access to n. + return { read, signatureParams: { s } }; } - if (options.rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); + // Algorithm-Specific Fields for DSA or ECDSA signatures: + // - MPI of DSA or ECDSA value r. + // - MPI of DSA or ECDSA value s. + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + { + // If the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; } - const secretKeyPacket = this.keyPacket; - if (secretKeyPacket.isDummy()) { - throw new Error('Cannot add subkey to gnu-dummy primary key'); + // Algorithm-Specific Fields for legacy EdDSA signatures: + // - MPI of an EC point r. + // - EdDSA value s, in MPI, in the little endian representation + case enums.publicKey.eddsaLegacy: { + // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature + // verification: if the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; } - if (!secretKeyPacket.isDecrypted()) { - throw new Error('Key is not decrypted'); + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + // Algorithm-Specific Fields for Ed448 signatures: + // - 114 octets of the native signature + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo); + const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length; + return { read, signatureParams: { RS } }; } - const defaultOptions = secretKeyPacket.getAlgorithmInfo(); - defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA - defaultOptions.rsaBits = defaultOptions.bits || 4096; - defaultOptions.curve = defaultOptions.curve || 'curve25519'; - options = sanitizeKeyOptions(options, defaultOptions); - const keyPacket = await generateSecretSubkey(options); - checkKeyRequirements(keyPacket, config$1); - const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); - const packetList = this.toPacketList(); - packetList.push(keyPacket, bindingSignature); - return new PrivateKey(packetList); + + default: + throw new UnsupportedError('Unknown signature algorithm.'); } } -// OpenPGP.js - An OpenPGP implementation in javascript - -// A Key can contain the following packets -const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ - PublicKeyPacket, - PublicSubkeyPacket, - SecretKeyPacket, - SecretSubkeyPacket, - UserIDPacket, - UserAttributePacket, - SignaturePacket -]); - /** - * Creates a PublicKey or PrivateKey depending on the packetlist in input - * @param {PacketList} - packets to parse - * @return {Key} parsed key - * @throws if no key packet was found + * Verifies the signature provided for data using specified algorithms and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} signature - Named algorithm-specific signature parameters + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Data for which the signature was created + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} True if signature is valid. + * @async */ -function createKey(packetlist) { - for (const packet of packetlist) { - switch (packet.constructor.tag) { - case enums.packet.secretKey: - return new PrivateKey(packetlist); - case enums.packet.publicKey: - return new PublicKey(packetlist); +async function verify$1(algo, hashAlgo, signature, publicParams, data, hashed) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto + return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); + } + case enums.publicKey.dsa: { + const { g, p, q, y } = publicParams; + const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers + return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); + } + case enums.publicKey.ecdsa: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // padding needed for webcrypto + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values: + // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed); } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); } - throw new Error('No key packet found'); } - /** - * Generates a new OpenPGP key. Supports RSA and ECC keys. - * By default, primary and subkeys will be of same type. - * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA - * @param {String} options.curve Elliptic curve for ECC keys - * @param {Integer} options.rsaBits Number of bits for RSA keys - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Creation date of the key and the key signatures - * @param {Object} config - Full configuration - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * Creates a signature on data using specified algorithms and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters + * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters + * @param {Uint8Array} data - Data to be signed + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} Signature Object containing named signature parameters. * @async - * @static - * @private */ -async function generate$4(options, config) { - options.sign = true; // primary key is always a signing key - options = sanitizeKeyOptions(options); - options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); - let promises = [generateSecretKey(options, config)]; - promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); - const packets = await Promise.all(promises); - - const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; +async function sign$1(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { + if (!publicKeyParams || !privateKeyParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); + return { s }; + } + case enums.publicKey.dsa: { + const { g, p, q } = publicKeyParams; + const { x } = privateKeyParams; + return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); + } + case enums.publicKey.elgamal: + throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); + case enums.publicKey.ecdsa: { + const { oid, Q } = publicKeyParams; + const { d } = privateKeyParams; + return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); + } } -/** - * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. - * @param {PrivateKey} options.privateKey The private key to reformat - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Override the creation date of the key signatures - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * @param {Object} config - Full configuration - * - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ -async function reformat(options, config) { - options = sanitize(options); - const { privateKey } = options; +var signature = /*#__PURE__*/Object.freeze({ + __proto__: null, + parseSignatureParams: parseSignatureParams, + sign: sign$1, + verify: verify$1 +}); - if (!privateKey.isPrivate()) { - throw new Error('Cannot reformat a public key'); - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (privateKey.keyPacket.isDummy()) { - throw new Error('Cannot reformat a gnu-dummy primary key'); - } - const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); - if (!isDecrypted) { - throw new Error('Key is not decrypted'); +class ECDHSymmetricKey { + constructor(data) { + if (data) { + this.data = data; + } } - const secretKeyPacket = privateKey.keyPacket; - - if (!options.subkeys) { - options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { - const secretSubkeyPacket = subkey.keyPacket; - const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; - const bindingSignature = await ( - getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) - ).catch(() => ({})); - return { - sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) - }; - })); + /** + * Read an ECDHSymmetricKey from an Uint8Array: + * - 1 octect for the length `l` + * - `l` octects of encoded session key data + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + if (bytes.length >= 1) { + const length = bytes[0]; + if (bytes.length >= 1 + length) { + this.data = bytes.subarray(1, 1 + length); + return 1 + this.data.length; + } + } + throw new Error('Invalid symmetric key'); } - const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); - if (options.subkeys.length !== secretSubkeyPackets.length) { - throw new Error('Number of subkey options does not match number of subkeys'); + /** + * Write an ECDHSymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); } +} - options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); - - const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; - - function sanitize(options, subkeyDefaults = {}) { - options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return options; - } -} /** - * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection - * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. - * @param {SecretKeyPacket} secretKeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPackets - * @param {Object} options - * @param {Object} config - Full configuration - * @returns {PrivateKey} + * Implementation of type KDF parameters + * + * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: + * A key derivation function (KDF) is necessary to implement the EC + * encryption. The Concatenation Key Derivation Function (Approved + * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is + * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. + * @module type/kdf_params + * @private */ -async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { - // set passphrase protection - if (options.passphrase) { - await secretKeyPacket.encrypt(options.passphrase, config); - } - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - await secretSubkeyPacket.encrypt(subkeyPassphrase, config); +class KDFParams { + /** + * @param {enums.hash} hash - Hash algorithm + * @param {enums.symmetric} cipher - Symmetric algorithm + */ + constructor(data) { + if (data) { + const { hash, cipher } = data; + this.hash = hash; + this.cipher = cipher; + } else { + this.hash = null; + this.cipher = null; } - })); - - const packetlist = new PacketList(); - packetlist.push(secretKeyPacket); + } - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + /** + * Read KDFParams from an Uint8Array + * @param {Uint8Array} input - Where to read the KDFParams from + * @returns {Number} Number of read bytes. + */ + read(input) { + if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { + throw new UnsupportedError('Cannot read KDFParams'); } + this.hash = input[2]; + this.cipher = input[3]; + return 4; + } - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; - - const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; - signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; - signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ - // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) - enums.symmetric.aes256, - enums.symmetric.aes128, - enums.symmetric.aes192 - ], config.preferredSymmetricAlgorithm); - if (config.aeadProtect) { - signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([ - enums.aead.eax, - enums.aead.ocb - ], config.preferredAEADAlgorithm); - } - signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ - // prefer fast asm.js implementations (SHA-256) - enums.hash.sha256, - enums.hash.sha512 - ], config.preferredHashAlgorithm); - signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ - enums.compression.zlib, - enums.compression.zip, - enums.compression.uncompressed - ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } - // integrity protection always enabled - signatureProperties.features = [0]; - signatureProperties.features[0] |= enums.features.modificationDetection; - if (config.aeadProtect) { - signatureProperties.features[0] |= enums.features.aead; - } - if (config.v5Keys) { - signatureProperties.features[0] |= enums.features.v5Keys; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; - } + /** + * Write KDFParams to an Uint8Array + * @returns {Uint8Array} Array with the KDFParams value + */ + write() { + return new Uint8Array([3, 1, this.hash, this.cipher]); + } +} - const signaturePacket = await createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); +/** + * Encoded symmetric key for x25519 and x448 + * The payload format varies for v3 and v6 PKESK: + * the former includes an algorithm byte preceeding the encrypted session key. + * + * @module type/x25519x448_symkey + */ - return { userIDPacket, signaturePacket }; - })).then(list => { - list.forEach(({ userIDPacket, signaturePacket }) => { - packetlist.push(userIDPacket); - packetlist.push(signaturePacket); - }); - }); - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyOptions = options.subkeys[index]; - const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); - return { secretSubkeyPacket, subkeySignaturePacket }; - })).then(packets => { - packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { - packetlist.push(secretSubkeyPacket); - packetlist.push(subkeySignaturePacket); - }); - }); +class ECDHXSymmetricKey { + static fromObject({ wrappedKey, algorithm }) { + const instance = new ECDHXSymmetricKey(); + instance.wrappedKey = wrappedKey; + instance.algorithm = algorithm; + return instance; + } - // Add revocation signature packet for creating a revocation certificate. - // This packet should be removed before returning the key. - const dataToSign = { key: secretKeyPacket }; - packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.reasonForRevocation.noReason, - reasonForRevocationString: '' - }, options.date, undefined, undefined, undefined, config)); + /** + * - 1 octect for the length `l` + * - `l` octects of encoded session key data (with optional leading algorithm byte) + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. + */ + read(bytes) { + let read = 0; + let followLength = bytes[read++]; + this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even + followLength -= followLength % 2; + this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength; + } - if (options.passphrase) { - secretKeyPacket.clearPrivateParams(); + /** + * Write an MontgomerySymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data + */ + write() { + return util.concatUint8Array([ + this.algorithm ? + new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : + new Uint8Array([this.wrappedKey.length]), + this.wrappedKey + ]); } +} - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - secretSubkeyPacket.clearPrivateParams(); - } - })); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return new PrivateKey(packetlist); -} /** - * Reads an (optionally armored) OpenPGP key and returns a key object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. + * Encrypts data using specified algorithm and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. + * @param {module:enums.publicKey} keyAlgo - Public key algorithm + * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only) + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Session key data to be encrypted + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @returns {Promise} Encrypted session key parameters. * @async - * @static */ -async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { - throw new Error('Armored text not of type key'); +async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const { n, e } = publicParams; + const c = await publicKey.rsa.encrypt(data, n, e); + return { c }; } - input = data; - } else { - input = binaryKey; + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + return publicKey.elgamal.encrypt(data, p, g, y); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicParams; + const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( + oid, kdfParams, data, Q, fingerprint); + return { V, C: new ECDHSymmetricKey(C) }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + if (symmetricAlgo && !util.isAES(symmetricAlgo)) { + // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 + throw new Error('X25519 and X448 keys can only encrypt AES session keys'); + } + const { A } = publicParams; + const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( + keyAlgo, data, A); + const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); + return { ephemeralPublicKey, C }; + } + default: + return []; } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return createKey(packetlist); } /** - * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. + * Decrypts data using specified algorithm and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Object} publicKeyParams - Algorithm-specific public key parameters + * @param {Object} privateKeyParams - Algorithm-specific private key parameters + * @param {Object} sessionKeyParams - Encrypted session key parameters + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing + * (needed for constant-time processing in RSA and ElGamal) + * @returns {Promise} Decrypted data. + * @throws {Error} on sensitive decryption error, unless `randomPayload` is given * @async - * @static */ -async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readPrivateKey: options.armoredKey must be a string'); +async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: { + const { c } = sessionKeyParams; + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); + } + case enums.publicKey.elgamal: { + const { c1, c2 } = sessionKeyParams; + const p = publicKeyParams.p; + const x = privateKeyParams.x; + return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicKeyParams; + const { d } = privateKeyParams; + const { V, C } = sessionKeyParams; + return publicKey.elliptic.ecdh.decrypt( + oid, kdfParams, V, C.data, Q, d, fingerprint); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicKeyParams; + const { k } = privateKeyParams; + const { ephemeralPublicKey, C } = sessionKeyParams; + if (C.algorithm !== null && !util.isAES(C.algorithm)) { + throw new Error('AES session key expected'); + } + return publicKey.elliptic.ecdhX.decrypt( + algo, ephemeralPublicKey, C.wrappedKey, A, k); + } + default: + throw new Error('Unknown public key encryption algorithm.'); } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); +} + +/** + * Parse public key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. + */ +function parsePublicKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; + const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; + return { read, publicParams: { n, e } }; + } + case enums.publicKey.dsa: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, q, g, y } }; + } + case enums.publicKey.elgamal: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, g, y } }; + } + case enums.publicKey.ecdsa: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.eddsaLegacy: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + if (oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + Q = util.leftPad(Q, 33); + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.ecdh: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); + return { read: read, publicParams: { oid, Q, kdfParams } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length; + return { read, publicParams: { A } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +} - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.privateKey)) { - throw new Error('Armored text not of type private key'); +/** + * Parse private key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @param {Object} publicParams - (ECC only) public params, needed to format some private params + * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. + */ +function parsePrivateKeyParams(algo, bytes, publicParams) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; + return { read, privateParams: { d, p, q, u } }; + } + case enums.publicKey.dsa: + case enums.publicKey.elgamal: { + const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; + return { read, privateParams: { x } }; + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + d = util.leftPad(d, payloadSize); + return { read, privateParams: { d } }; + } + case enums.publicKey.eddsaLegacy: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; + seed = util.leftPad(seed, payloadSize); + return { read, privateParams: { seed } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const payloadSize = getCurvePayloadSize(algo); + const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length; + return { read, privateParams: { seed } }; } - input = data; - } else { - input = binaryKey; + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const payloadSize = getCurvePayloadSize(algo); + const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length; + return { read, privateParams: { k } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return new PrivateKey(packetlist); } -/** - * Reads an (optionally armored) OpenPGP key block and returns a list of key objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static +/** Returns the types comprising the encrypted session key of an algorithm + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {Object} The session key parameters referenced by name. */ -async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +function parseEncSessionKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA encrypted session keys: + // - MPI of RSA encrypted value m**e mod n. + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const c = util.readMPI(bytes.subarray(read)); + return { c }; + } - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { - throw new Error('Armored text not of type key'); + // Algorithm-Specific Fields for Elgamal encrypted session keys: + // - MPI of Elgamal value g**k mod p + // - MPI of Elgamal value m * y**k mod p + case enums.publicKey.elgamal: { + const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; + const c2 = util.readMPI(bytes.subarray(read)); + return { c1, c2 }; } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = createKey(oneKeyList); - keys.push(newKey); + // Algorithm-Specific Fields for ECDH encrypted session keys: + // - MPI containing the ephemeral key used to establish the shared secret + // - ECDH Symmetric Key + case enums.publicKey.ecdh: { + const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; + const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); + return { V, C }; + } + // Algorithm-Specific Fields for X25519 or X448 encrypted session keys: + // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448). + // - A one-octet size of the following fields. + // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). + // - The encrypted session key. + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const pointSize = getCurvePayloadSize(algo); + const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length; + const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); + return { ephemeralPublicKey, C }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } - return keys; } /** - * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static + * Convert params to MPI and serializes them in the proper order + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} params - The key parameters indexed by name + * @returns {Uint8Array} The array containing the MPIs. */ -async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readPrivateKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); - } - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.privateKey) { - throw new Error('Armored text not of type private key'); - } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No secret key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = new PrivateKey(oneKeyList); - keys.push(newKey); - } - return keys; +function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([ + enums.publicKey.ed25519, + enums.publicKey.x25519, + enums.publicKey.ed448, + enums.publicKey.x448 + ]); + const orderedParams = Object.keys(params).map(name => { + const param = params[name]; + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); + }); + return util.concatUint8Array(orderedParams); } -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Message can contain the following packets -const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - AEADEncryptedDataPacket, - SymEncryptedIntegrityProtectedDataPacket, - SymmetricallyEncryptedDataPacket, - PublicKeyEncryptedSessionKeyPacket, - SymEncryptedSessionKeyPacket, - OnePassSignaturePacket, - SignaturePacket -]); -// A SKESK packet can contain the following packets -const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); -// A detached signature can contain the following packets -const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - /** - * Class that represents an OpenPGP message. - * Can be an encrypted message, signed message, compressed message or literal message - * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + * Generate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Integer} bits - Bit length for RSA keys + * @param {module:type/oid} oid - Object identifier for ECC keys + * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. + * @async */ -class Message { - /** - * @param {PacketList} packetlist - The packets that form this message - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); - } - - /** - * Returns the key IDs of the keys to which the session key is encrypted - * @returns {Array} Array of keyID objects. - */ - getEncryptionKeyIDs() { - const keyIDs = []; - const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - pkESKeyPacketlist.forEach(function(packet) { - keyIDs.push(packet.publicKeyID); - }); - return keyIDs; - } - - /** - * Returns the key IDs of the keys that signed the message - * @returns {Array} Array of keyID objects. - */ - getSigningKeyIDs() { - const msg = this.unwrapCompressed(); - // search for one pass signatures - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); - if (onePassSigList.length > 0) { - return onePassSigList.map(packet => packet.issuerKeyID); - } - // if nothing found look for signature packets - const signatureList = msg.packets.filterByTag(enums.packet.signature); - return signatureList.map(packet => packet.issuerKeyID); - } - - /** - * Decrypt the message. Either a private key, a session key, or a password must be specified. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Date} [date] - Use the given date for key verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with decrypted content. - * @async - */ - async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { - const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - - const symEncryptedPacketlist = this.packets.filterByTag( - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ); +function generateParams(algo, bits, oid) { + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ + privateParams: { d, p, q, u }, + publicParams: { n, e } + })); + case enums.publicKey.ecdsa: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { d: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { seed: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.ecdh: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ + privateParams: { d: secret }, + publicParams: { + oid: new OID(oid), + Q, + kdfParams: new KDFParams({ hash, cipher }) + } + })); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ + privateParams: { k }, + publicParams: { A } + })); + case enums.publicKey.dsa: + case enums.publicKey.elgamal: + throw new Error('Unsupported algorithm for key generation.'); + default: + throw new Error('Unknown public key algorithm.'); + } +} - if (symEncryptedPacketlist.length === 0) { - throw new Error('No encrypted data found'); +/** + * Validate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Object} privateParams - Algorithm-specific private key parameters + * @returns {Promise} Whether the parameters are valid. + * @async + */ +async function validateParams$1(algo, publicParams, privateParams) { + if (!publicParams || !privateParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const { d, p, q, u } = privateParams; + return publicKey.rsa.validateParams(n, e, d, p, q, u); } - - const symEncryptedPacket = symEncryptedPacketlist[0]; - let exception = null; - const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { - if (!util.isUint8Array(data) || !util.isString(algorithmName)) { - throw new Error('Invalid session key for decryption.'); - } - - try { - const algo = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.decrypt(algo, data, config$1); - } catch (e) { - util.printDebugError(e); - exception = e; - } - })); - // We don't await stream.cancel here because it only returns when the other copy is canceled too. - cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. - symEncryptedPacket.encrypted = null; - await decryptedPromise; - - if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { - throw exception || new Error('Decryption failed.'); + case enums.publicKey.dsa: { + const { p, q, g, y } = publicParams; + const { x } = privateParams; + return publicKey.dsa.validateParams(p, q, g, y, x); } - - const resultMsg = new Message(symEncryptedPacket.packets); - symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - - return resultMsg; + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + const { x } = privateParams; + return publicKey.elgamal.validateParams(p, g, y, x); + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; + const { oid, Q } = publicParams; + const { d } = privateParams; + return algoModule.validateParams(oid, Q, d); + } + case enums.publicKey.eddsaLegacy: { + const { Q, oid } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicParams; + const { k } = privateParams; + return publicKey.elliptic.ecdhX.validateParams(algo, A, k); + } + default: + throw new Error('Unknown public key algorithm.'); } +} - /** - * Decrypt encrypted session keys either with private keys or passwords. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Date} [date] - Use the given date for key verification, instead of current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} array of object with potential sessionKey, algorithm pairs - * @async - */ - async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config$1 = config) { - let decryptedSessionKeyPackets = []; - - let exception; - if (passwords) { - const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); - if (skeskPackets.length === 0) { - throw new Error('No symmetrically encrypted session key packet found.'); - } - await Promise.all(passwords.map(async function(password, i) { - let packets; - if (i) { - packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); - } else { - packets = skeskPackets; - } - await Promise.all(packets.map(async function(skeskPacket) { - try { - await skeskPacket.decrypt(password); - decryptedSessionKeyPackets.push(skeskPacket); - } catch (err) { - util.printDebugError(err); - } - })); - })); - } else if (decryptionKeys) { - const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - if (pkeskPackets.length === 0) { - throw new Error('No public key encrypted session key packet found.'); - } - await Promise.all(pkeskPackets.map(async function(pkeskPacket) { - await Promise.all(decryptionKeys.map(async function(decryptionKey) { - let algos = [ - enums.symmetric.aes256, // Old OpenPGP.js default fallback - enums.symmetric.aes128, // RFC4880bis fallback - enums.symmetric.tripledes, // RFC4880 fallback - enums.symmetric.cast5 // Golang OpenPGP fallback - ]; - try { - const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config$1); // TODO: Pass userID from somewhere. - if (primaryUser.selfCertification.preferredSymmetricAlgorithms) { - algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms); - } - } catch (e) {} - - // do not check key expiration to allow decryption of old messages - const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); - await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { - if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) { - return; - } - if (!decryptionKeyPacket.isDecrypted()) { - throw new Error('Decryption key is not decrypted.'); - } - - // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. - const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal - ); - - if (doConstantTimeDecryption) { - // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, - // either with the successfully decrypted session key, or with a randomly generated one. - // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on - // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: - // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the - // randomly generated keys of the remaining key types. - // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly - // generated session keys. - // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. - - const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times - await Promise.all(Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => { - const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); - pkeskPacketCopy.read(serialisedPKESK); - const randomSessionKey = { - sessionKeyAlgorithm, - sessionKey: mod.generateSessionKey(sessionKeyAlgorithm) - }; - try { - await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); - decryptedSessionKeyPackets.push(pkeskPacketCopy); - } catch (err) { - // `decrypt` can still throw some non-security-sensitive errors - util.printDebugError(err); - exception = err; - } - })); +/** + * Generates a random byte prefix for the specified algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. + * @async + */ +async function getPrefixRandom(algo) { + const { blockSize } = getCipherParams(algo); + const prefixrandom = await getRandomBytes(blockSize); + const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); + return util.concat([prefixrandom, repeat]); +} - } else { - try { - await pkeskPacket.decrypt(decryptionKeyPacket); - if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) { - throw new Error('A non-preferred symmetric algorithm was used.'); - } - decryptedSessionKeyPackets.push(pkeskPacket); - } catch (err) { - util.printDebugError(err); - exception = err; - } - } - })); - })); - cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. - pkeskPacket.encrypted = null; - })); - } else { - throw new Error('No key or password specified.'); - } +/** + * Generating a session key for the specified symmetric algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Uint8Array} Random bytes as a string to be used as a key. + */ +function generateSessionKey$1(algo) { + const { keySize } = getCipherParams(algo); + return getRandomBytes(keySize); +} - if (decryptedSessionKeyPackets.length > 0) { - // Return only unique session keys - if (decryptedSessionKeyPackets.length > 1) { - const seen = new Set(); - decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { - const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); - if (seen.has(k)) { - return false; - } - seen.add(k); - return true; - }); - } +/** + * Get implementation of the given AEAD mode + * @param {enums.aead} algo + * @returns {Object} + * @throws {Error} on invalid algo + */ +function getAEADMode(algo) { + const algoName = enums.read(enums.aead, algo); + return mode[algoName]; +} - return decryptedSessionKeyPackets.map(packet => ({ - data: packet.sessionKey, - algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm) - })); - } - throw exception || new Error('Session key decryption failed.'); +/** + * Check whether the given curve OID is supported + * @param {module:type/oid} oid - EC object identifier + * @throws {UnsupportedError} if curve is not supported + */ +function checkSupportedCurve(oid) { + try { + oid.getName(); + } catch (e) { + throw new UnsupportedError('Unknown curve OID'); } +} - /** - * Get literal data that is the body of the message - * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. - */ - getLiteralData() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getBytes()) || null; +/** + * Get encoded secret size for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getCurvePayloadSize(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: + case enums.publicKey.eddsaLegacy: + return new publicKey.elliptic.CurveWithOID(oid).payloadSize; + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPayloadSize(algo); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.getPayloadSize(algo); + default: + throw new Error('Unknown elliptic algo'); } +} - /** - * Get filename from literal data packet - * @returns {(String|null)} Filename of literal data packet as string. - */ - getFilename() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getFilename()) || null; +/** + * Get preferred signing hash algo for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getPreferredCurveHashAlgo(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.getPreferredHashAlgo(oid); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); + default: + throw new Error('Unknown elliptic signing algo'); } +} - /** - * Get literal data as text - * @returns {(String|null)} Literal body of the message interpreted as text. - */ - getText() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - if (literal) { - return literal.getText(); - } - return null; - } +var crypto$2 = /*#__PURE__*/Object.freeze({ + __proto__: null, + generateParams: generateParams, + generateSessionKey: generateSessionKey$1, + getAEADMode: getAEADMode, + getCipherParams: getCipherParams, + getCurvePayloadSize: getCurvePayloadSize, + getPreferredCurveHashAlgo: getPreferredCurveHashAlgo, + getPrefixRandom: getPrefixRandom, + parseEncSessionKeyParams: parseEncSessionKeyParams, + parsePrivateKeyParams: parsePrivateKeyParams, + parsePublicKeyParams: parsePublicKeyParams, + publicKeyDecrypt: publicKeyDecrypt, + publicKeyEncrypt: publicKeyEncrypt, + serializeParams: serializeParams, + validateParams: validateParams$1 +}); - /** - * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. - * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for - * @param {Date} [date] - Date to select algorithm preferences at - * @param {Array} [userIDs] - User IDs to select algorithm preferences for - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. - * @async - */ - static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { - const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config$1); - const algorithmName = enums.read(enums.symmetric, algo); - const aeadAlgorithmName = config$1.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config$1) ? - enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config$1)) : - undefined; +/** + * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js + * @see module:crypto/crypto + * @see module:crypto/signature + * @see module:crypto/public_key + * @see module:crypto/cipher + * @see module:crypto/random + * @see module:crypto/hash + * @module crypto + */ - await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() - .catch(() => null) // ignore key strength requirements - .then(maybeKey => { - if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { - throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); - } - }) - )); - const sessionKeyData = mod.generateSessionKey(algo); - return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName }; - } +// TODO move cfb and gcm to cipher +const mod$1 = { + /** @see module:crypto/cipher */ + cipher: cipher, + /** @see module:crypto/hash */ + hash: hash$1, + /** @see module:crypto/mode */ + mode: mode, + /** @see module:crypto/public_key */ + publicKey: publicKey, + /** @see module:crypto/signature */ + signature: signature, + /** @see module:crypto/random */ + random: random, + /** @see module:crypto/pkcs1 */ + pkcs1: pkcs1, + /** @see module:crypto/pkcs5 */ + pkcs5: pkcs5, + /** @see module:crypto/aes_kw */ + aesKW: aesKW +}; - /** - * Encrypt the message either with public keys, passwords, or both at once. - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - Password(s) for message encryption - * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] - * @param {Date} [date] - Override the creation date of the literal package - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async - */ - async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - if (sessionKey) { - if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { - throw new Error('Invalid session key for encryption.'); - } - } else if (encryptionKeys && encryptionKeys.length) { - sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); - } else if (passwords && passwords.length) { - sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); - } else { - throw new Error('No keys, passwords, or session key provided.'); - } +Object.assign(mod$1, crypto$2); - const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; +const ARGON2_TYPE = 0x02; // id +const ARGON2_VERSION = 0x13; +const ARGON2_SALT_SIZE = 16; - const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); +class Argon2OutOfMemoryError extends Error { + constructor(...params) { + super(...params); - let symEncryptedPacket; - if (aeadAlgorithmName) { - symEncryptedPacket = new AEADEncryptedDataPacket(); - symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName); - } else { - symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket(); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, Argon2OutOfMemoryError); } - symEncryptedPacket.packets = this.packets; - - const algorithm = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); - msg.packets.push(symEncryptedPacket); - symEncryptedPacket.packets = new PacketList(); // remove packets after encryption - return msg; + this.name = 'Argon2OutOfMemoryError'; } +} - /** - * Encrypt a session key either with public keys, passwords, or both at once. - * @param {Uint8Array} sessionKey - session key for encryption - * @param {String} algorithmName - session key algorithm - * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - For message encryption - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [date] - Override the date - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async - */ - static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - const packetlist = new PacketList(); - const algorithm = enums.write(enums.symmetric, algorithmName); - const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); +// cache argon wasm module +let loadArgonWasmModule; +let argon2Promise; +// reload wasm module above this treshold, to deallocated used memory +const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19; - if (encryptionKeys) { - const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { - const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket(); - pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID(); - pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm; - pkESKeyPacket.sessionKey = sessionKey; - pkESKeyPacket.sessionKeyAlgorithm = algorithm; - await pkESKeyPacket.encrypt(encryptionKey.keyPacket); - delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption - return pkESKeyPacket; - })); - packetlist.push(...results); - } - if (passwords) { - const testDecrypt = async function(keyPacket, password) { - try { - await keyPacket.decrypt(password); - return 1; - } catch (e) { - return 0; - } - }; +class Argon2S2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params; - const sum = (accumulator, currentValue) => accumulator + currentValue; + this.type = 'argon2'; + /** + * 16 bytes of salt + * @type {Uint8Array} + */ + this.salt = null; + /** + * number of passes + * @type {Integer} + */ + this.t = passes; + /** + * degree of parallelism (lanes) + * @type {Integer} + */ + this.p = parallelism; + /** + * exponent indicating memory size + * @type {Integer} + */ + this.encodedM = memoryExponent; + } - const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { - const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); - symEncryptedSessionKeyPacket.sessionKey = sessionKey; - symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; - if (aeadAlgorithm) { - symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; - } - await symEncryptedSessionKeyPacket.encrypt(password, config$1); + generateSalt() { + this.salt = mod$1.random.getRandomBytes(ARGON2_SALT_SIZE); + } - if (config$1.passwordCollisionCheck) { - const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); - if (results.reduce(sum) !== 1) { - return encryptPassword(sessionKey, algorithm, password); - } - } + /** + * Parsing function for argon2 string-to-key specifier. + * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; - delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption - return symEncryptedSessionKeyPacket; - }; + this.salt = bytes.subarray(i, i + 16); + i += 16; - const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd))); - packetlist.push(...results); - } + this.t = bytes[i++]; + this.p = bytes[i++]; + this.encodedM = bytes[i++]; // memory size exponent, one-octect - return new Message(packetlist); + return i; } /** - * Sign the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to add to the message - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with signed content. - * @async - */ - async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const packetlist = new PacketList(); + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + const arr = [ + new Uint8Array([enums.write(enums.s2k, this.type)]), + this.salt, + new Uint8Array([this.t, this.p, this.encodedM]) + ]; - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); - } + return util.concatUint8Array(arr); + } - let i; - let existingSigPacketlist; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to `keySize` + * @throws {Argon2OutOfMemoryError|Errors} + * @async + */ + async produceKey(passphrase, keySize) { + const decodedM = 2 << (this.encodedM - 1); - if (signature) { - existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - for (i = existingSigPacketlist.length - 1; i >= 0; i--) { - const signaturePacket = existingSigPacketlist[i]; - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signaturePacket.signatureType; - onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; - onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; - onePassSig.issuerKeyID = signaturePacket.issuerKeyID; - if (!signingKeys.length && i === 0) { - onePassSig.flags = 1; - } - packetlist.push(onePassSig); - } - } + try { + // on first load, the argon2 lib is imported and the WASM module is initialized. + // the two steps need to be atomic to avoid race conditions causing multiple wasm modules + // being loaded when `argon2Promise` is not initialized. + loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index$1; })).default; + argon2Promise = argon2Promise || loadArgonWasmModule(); + + // important to keep local ref to argon2 in case the module is reloaded by another instance + const argon2 = await argon2Promise; + + const passwordBytes = util.encodeUTF8(passphrase); + const hash = argon2({ + version: ARGON2_VERSION, + type: ARGON2_TYPE, + password: passwordBytes, + salt: this.salt, + tagLength: keySize, + memorySize: decodedM, + parallelism: this.p, + passes: this.t + }); - await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); + // a lot of memory was used, reload to deallocate + if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) { + // it will be awaited if needed at the next `produceKey` invocation + argon2Promise = loadArgonWasmModule(); + argon2Promise.catch(() => {}); } - const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; - const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config$1); - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signatureType; - onePassSig.hashAlgorithm = await getPreferredHashAlgo$2(primaryKey, signingKey.keyPacket, date, userIDs, config$1); - onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm; - onePassSig.issuerKeyID = signingKey.getKeyID(); - if (i === signingKeys.length - 1) { - onePassSig.flags = 1; + return hash; + } catch (e) { + if (e.message && ( + e.message.includes('Unable to grow instance memory') || // Chrome + e.message.includes('failed to grow memory') || // Firefox + e.message.includes('WebAssembly.Memory.grow') || // Safari + e.message.includes('Out of memory') // Safari iOS + )) { + throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2'); + } else { + throw e; } - return onePassSig; - })).then(onePassSignatureList => { - onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig)); - }); + } + } +} - packetlist.push(literalDataPacket); - packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config$1))); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return new Message(packetlist); - } +class GenericS2K { /** - * Compresses the message (the literal and -if signed- signature data packets of the message) - * @param {module:enums.compression} algo - compression algorithm * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Message} New message with compressed content. */ - compress(algo, config$1 = config) { - if (algo === enums.compression.uncompressed) { - return this; - } + constructor(s2kType, config$1 = config) { + /** + * Hash function identifier, or 0 for gnu-dummy keys + * @type {module:enums.hash | 0} + */ + this.algorithm = enums.hash.sha256; + /** + * enums.s2k identifier or 'gnu-dummy' + * @type {String} + */ + this.type = enums.read(enums.s2k, s2kType); + /** @type {Integer} */ + this.c = config$1.s2kIterationCountByte; + /** Eight bytes of salt in a binary string. + * @type {Uint8Array} + */ + this.salt = null; + } - const compressed = new CompressedDataPacket(config$1); - compressed.algorithm = algo; - compressed.packets = this.packets; + generateSalt() { + switch (this.type) { + case 'salted': + case 'iterated': + this.salt = mod$1.random.getRandomBytes(8); + } + } - const packetList = new PacketList(); - packetList.push(compressed); + getCount() { + // Exponent bias, defined in RFC4880 + const expbias = 6; - return new Message(packetList); + return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); } /** - * Create a detached signature for the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New detached signature of message content. - * @async + * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). + * @param {Uint8Array} bytes - Payload of string-to-key specifier + * @returns {Integer} Actual length of the object. */ - async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); - } - return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - } + read(bytes) { + let i = 0; + this.algorithm = bytes[i++]; - /** - * Verify message signatures - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signatures. - * @async - */ - async verify(verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); - } - if (isArrayStream(msg.packets.stream)) { - msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); - } - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); - const signatureList = msg.packets.filterByTag(enums.packet.signature); - if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { - await Promise.all(onePassSigList.map(async onePassSig => { - onePassSig.correspondingSig = new Promise((resolve, reject) => { - onePassSig.correspondingSigResolve = resolve; - onePassSig.correspondingSigReject = reject; - }); - onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); - onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); - onePassSig.hashed.catch(() => {}); - })); - msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { - const reader = getReader(readable); - const writer = getWriter(writable); - try { - for (let i = 0; i < onePassSigList.length; i++) { - const { value: signature } = await reader.read(); - onePassSigList[i].correspondingSigResolve(signature); + switch (this.type) { + case 'simple': + break; + + case 'salted': + this.salt = bytes.subarray(i, i + 8); + i += 8; + break; + + case 'iterated': + this.salt = bytes.subarray(i, i + 8); + i += 8; + + // Octet 10: count, a one-octet, coded value + this.c = bytes[i++]; + break; + + case 'gnu': + if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { + i += 3; // GNU + const gnuExtType = 1000 + bytes[i++]; + if (gnuExtType === 1001) { + this.type = 'gnu-dummy'; + // GnuPG extension mode 1001 -- don't write secret key at all + } else { + throw new UnsupportedError('Unknown s2k gnu protection mode.'); } - await reader.readToEnd(); - await writer.ready; - await writer.close(); - } catch (e) { - onePassSigList.forEach(onePassSig => { - onePassSig.correspondingSigReject(e); - }); - await writer.abort(e); + } else { + throw new UnsupportedError('Unknown s2k type.'); } - }); - return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + break; + + default: + throw new UnsupportedError('Unknown s2k type.'); // unreachable } - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); + + return i; } /** - * Verify detached message signature - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Signature} signature - * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. */ - verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); + write() { + if (this.type === 'gnu-dummy') { + return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); } - const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); + const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; + + switch (this.type) { + case 'simple': + break; + case 'salted': + arr.push(this.salt); + break; + case 'iterated': + arr.push(this.salt); + arr.push(new Uint8Array([this.c])); + break; + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + + return util.concatUint8Array(arr); } /** - * Unwrap compressed message - * @returns {Message} Message Content of compressed message. + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to. + * hashAlgorithm hash length + * @async */ - unwrapCompressed() { - const compressed = this.packets.filterByTag(enums.packet.compressedData); - if (compressed.length) { - return new Message(compressed[0].packets); + async produceKey(passphrase, numBytes) { + passphrase = util.encodeUTF8(passphrase); + + const arr = []; + let rlength = 0; + + let prefixlen = 0; + while (rlength < numBytes) { + let toHash; + switch (this.type) { + case 'simple': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); + break; + case 'salted': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); + break; + case 'iterated': { + const data = util.concatUint8Array([this.salt, passphrase]); + let datalen = data.length; + const count = Math.max(this.getCount(), datalen); + toHash = new Uint8Array(prefixlen + count); + toHash.set(data, prefixlen); + for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { + toHash.copyWithin(pos, prefixlen, pos); + } + break; + } + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + const result = await mod$1.hash.digest(this.algorithm, toHash); + arr.push(result); + rlength += result.length; + prefixlen++; } - return this; - } - - /** - * Append signature to unencrypted message object - * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async appendSignature(detachedSignature, config$1 = config) { - await this.packets.read( - util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, - allowedDetachedSignaturePackets, - config$1 - ); - } - - /** - * Returns binary encoded message - * @returns {ReadableStream} Binary message. - */ - write() { - return this.packets.write(); - } - /** - * Returns ASCII armored text of message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.message, this.write(), null, null, null, config$1); + return util.concatUint8Array(arr).subarray(0, numBytes); } } +const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]); + /** - * Create signature packets for the message - * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign - * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to append - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creationtime of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Boolean} [detached] - Whether to create detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} List of signature packets. - * @async - * @private + * Instantiate a new S2K instance of the given type + * @param {module:enums.s2k} type + * @oaram {Object} [config] + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types */ -async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config$1 = config) { - const packetlist = new PacketList(); - - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; - - await Promise.all(signingKeys.map(async (primaryKey, i) => { - const userID = userIDs[i]; - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config$1); - return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config$1); - })).then(signatureList => { - packetlist.push(...signatureList); - }); - - if (signature) { - const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - packetlist.push(...existingSigPacketlist); +function newS2KFromType(type, config$1 = config) { + switch (type) { + case enums.s2k.argon2: + return new Argon2S2K(config$1); + case enums.s2k.iterated: + case enums.s2k.gnu: + case enums.s2k.salted: + case enums.s2k.simple: + return new GenericS2K(type, config$1); + default: + throw new UnsupportedError('Unsupported S2K type'); } - return packetlist; } /** - * Create object containing signer's keyID and validity of signature - * @param {SignaturePacket} signature - Signature packet - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Check signature validity with respect to the given date - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * keyID: module:type/keyid~KeyID, - * signature: Promise, - * verified: Promise - * }>} signer's keyID and validity of signature - * @async - * @private + * Instantiate a new S2K instance based on the config settings + * @oaram {Object} config + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types */ -async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - let primaryKey; - let unverifiedSigningKey; +function newS2KFromConfig(config) { + const { s2kType } = config; - for (const key of verificationKeys) { - const issuerKeys = key.getKeys(signature.issuerKeyID); - if (issuerKeys.length > 0) { - primaryKey = key; - unverifiedSigningKey = issuerKeys[0]; - break; - } + if (!allowedS2KTypesForEncryption.has(s2kType)) { + throw new Error('The provided `config.s2kType` value is not allowed'); } - const isOnePassSignature = signature instanceof OnePassSignaturePacket; - const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; - - const verifiedSig = { - keyID: signature.issuerKeyID, - verified: (async () => { - if (!unverifiedSigningKey) { - throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); - } - - await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); - const signaturePacket = await signaturePacketPromise; - if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { - throw new Error('Key is newer than the signature'); - } - // We pass the signature creation time to check whether the key was expired at the time of signing. - // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before - try { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); - } catch (e) { - // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, - // making the key invalid at the time of signing. - // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. - // Note: we do not support the edge case of a key that was reformatted and it has expired. - if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); - } else { - throw e; - } - } - return true; - })(), - signature: (async () => { - const signaturePacket = await signaturePacketPromise; - const packetlist = new PacketList(); - signaturePacket && packetlist.push(signaturePacket); - return new Signature(packetlist); - })() - }; - - // Mark potential promise rejections as "handled". This is needed because in - // some cases, we reject them before the user has a reasonable chance to - // handle them (e.g. `await readToEnd(result.data); await result.verified` and - // the data stream errors). - verifiedSig.signature.catch(() => {}); - verifiedSig.verified.catch(() => {}); - - return verifiedSig; + return newS2KFromType(s2kType, config); } +var require = createRequire('/'); +// DEFLATE is a complex format; to read this code, you should probably check the RFC first: +// https://tools.ietf.org/html/rfc1951 +// You may also wish to take a look at the guide I made about this program: +// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad +// Some of the following code is similar to that of UZIP.js: +// https://github.com/photopea/UZIP.js +// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size. +// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint +// is better for memory in most engines (I *think*). +// Mediocre shim +var Worker; +try { + Worker = require('worker_threads').Worker; +} +catch (e) { +} + +// aliases for shorter compressed code (most minifers don't do this) +var u8 = Uint8Array, u16 = Uint16Array, u32$1 = Uint32Array; +// fixed length extra bits +var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]); +// fixed distance extra bits +// see fleb note +var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]); +// code length index map +var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]); +// get base, reverse index map from extra bits +var freb = function (eb, start) { + var b = new u16(31); + for (var i = 0; i < 31; ++i) { + b[i] = start += 1 << eb[i - 1]; + } + // numbers here are at max 18 bits + var r = new u32$1(b[30]); + for (var i = 1; i < 30; ++i) { + for (var j = b[i]; j < b[i + 1]; ++j) { + r[j] = ((j - b[i]) << 5) | i; + } + } + return [b, r]; +}; +var _a = freb(fleb, 2), fl = _a[0], revfl = _a[1]; +// we can ignore the fact that the other numbers are wrong; they never happen anyway +fl[28] = 258, revfl[258] = 28; +var _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1]; +// map of value to reverse (assuming 16 bits) +var rev = new u16(32768); +for (var i = 0; i < 32768; ++i) { + // reverse table algorithm from SO + var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1); + x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2); + x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4); + rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1; +} +// create huffman tree from u8 "map": index -> code length for code index +// mb (max bits) must be at most 15 +// TODO: optimize/split up? +var hMap = (function (cd, mb, r) { + var s = cd.length; + // index + var i = 0; + // u16 "map": index -> # of codes with bit length = index + var l = new u16(mb); + // length of cd must be 288 (total # of codes) + for (; i < s; ++i) { + if (cd[i]) + ++l[cd[i] - 1]; + } + // u16 "map": index -> minimum code for bit length = index + var le = new u16(mb); + for (i = 0; i < mb; ++i) { + le[i] = (le[i - 1] + l[i - 1]) << 1; + } + var co; + if (r) { + // u16 "map": index -> number of actual bits, symbol for code + co = new u16(1 << mb); + // bits to remove for reverser + var rvb = 15 - mb; + for (i = 0; i < s; ++i) { + // ignore 0 lengths + if (cd[i]) { + // num encoding both symbol and bits read + var sv = (i << 4) | cd[i]; + // free bits + var r_1 = mb - cd[i]; + // start value + var v = le[cd[i] - 1]++ << r_1; + // m is end value + for (var m = v | ((1 << r_1) - 1); v <= m; ++v) { + // every 16 bit value starting with the code yields the same result + co[rev[v] >>> rvb] = sv; + } + } + } + } + else { + co = new u16(s); + for (i = 0; i < s; ++i) { + if (cd[i]) { + co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]); + } + } + } + return co; +}); +// fixed length tree +var flt = new u8(288); +for (var i = 0; i < 144; ++i) + flt[i] = 8; +for (var i = 144; i < 256; ++i) + flt[i] = 9; +for (var i = 256; i < 280; ++i) + flt[i] = 7; +for (var i = 280; i < 288; ++i) + flt[i] = 8; +// fixed distance tree +var fdt = new u8(32); +for (var i = 0; i < 32; ++i) + fdt[i] = 5; +// fixed length map +var flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1); +// fixed distance map +var fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1); +// find max of array +var max = function (a) { + var m = a[0]; + for (var i = 1; i < a.length; ++i) { + if (a[i] > m) + m = a[i]; + } + return m; +}; +// read d, starting at bit p and mask with m +var bits = function (d, p, m) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m; +}; +// read d, starting at bit p continuing for at least 16 bits +var bits16 = function (d, p) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7)); +}; +// get end of byte +var shft = function (p) { return ((p + 7) / 8) | 0; }; +// typed array slice - allows garbage collector to free original reference, +// while being more compatible than .slice +var slc = function (v, s, e) { + if (s == null || s < 0) + s = 0; + if (e == null || e > v.length) + e = v.length; + // can't use .constructor in case user-supplied + var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32$1 : u8)(e - s); + n.set(v.subarray(s, e)); + return n; +}; +// error codes +var ec = [ + 'unexpected EOF', + 'invalid block type', + 'invalid length/literal', + 'invalid distance', + 'stream finished', + 'no stream handler', + , + 'no callback', + 'invalid UTF-8 data', + 'extra field too long', + 'date not in range 1980-2099', + 'filename too long', + 'stream finishing', + 'invalid zip data' + // determined by unknown compression method +]; +var err = function (ind, msg, nt) { + var e = new Error(msg || ec[ind]); + e.code = ind; + if (Error.captureStackTrace) + Error.captureStackTrace(e, err); + if (!nt) + throw e; + return e; +}; +// expands raw DEFLATE data +var inflt = function (dat, buf, st) { + // source length + var sl = dat.length; + if (!sl || (st && st.f && !st.l)) + return buf || new u8(0); + // have to estimate size + var noBuf = !buf || st; + // no state + var noSt = !st || st.i; + if (!st) + st = {}; + // Assumes roughly 33% compression ratio average + if (!buf) + buf = new u8(sl * 3); + // ensure buffer can fit at least l elements + var cbuf = function (l) { + var bl = buf.length; + // need to increase size to fit + if (l > bl) { + // Double or set to necessary, whichever is greater + var nbuf = new u8(Math.max(bl * 2, l)); + nbuf.set(buf); + buf = nbuf; + } + }; + // last chunk bitpos bytes + var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n; + // total bits + var tbts = sl * 8; + do { + if (!lm) { + // BFINAL - this is only 1 when last chunk is next + final = bits(dat, pos, 1); + // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman + var type = bits(dat, pos + 1, 3); + pos += 3; + if (!type) { + // go to end of byte boundary + var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l; + if (t > sl) { + if (noSt) + err(0); + break; + } + // ensure size + if (noBuf) + cbuf(bt + l); + // Copy over uncompressed data + buf.set(dat.subarray(s, t), bt); + // Get new bitpos, update byte count + st.b = bt += l, st.p = pos = t * 8, st.f = final; + continue; + } + else if (type == 1) + lm = flrm, dm = fdrm, lbt = 9, dbt = 5; + else if (type == 2) { + // literal lengths + var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4; + var tl = hLit + bits(dat, pos + 5, 31) + 1; + pos += 14; + // length+distance tree + var ldt = new u8(tl); + // code length tree + var clt = new u8(19); + for (var i = 0; i < hcLen; ++i) { + // use index map to get real code + clt[clim[i]] = bits(dat, pos + i * 3, 7); + } + pos += hcLen * 3; + // code lengths bits + var clb = max(clt), clbmsk = (1 << clb) - 1; + // code lengths map + var clm = hMap(clt, clb, 1); + for (var i = 0; i < tl;) { + var r = clm[bits(dat, pos, clbmsk)]; + // bits read + pos += r & 15; + // symbol + var s = r >>> 4; + // code length to copy + if (s < 16) { + ldt[i++] = s; + } + else { + // copy count + var c = 0, n = 0; + if (s == 16) + n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1]; + else if (s == 17) + n = 3 + bits(dat, pos, 7), pos += 3; + else if (s == 18) + n = 11 + bits(dat, pos, 127), pos += 7; + while (n--) + ldt[i++] = c; + } + } + // length tree distance tree + var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit); + // max length bits + lbt = max(lt); + // max dist bits + dbt = max(dt); + lm = hMap(lt, lbt, 1); + dm = hMap(dt, dbt, 1); + } + else + err(1); + if (pos > tbts) { + if (noSt) + err(0); + break; + } + } + // Make sure the buffer can hold this + the largest possible addition + // Maximum chunk size (practically, theoretically infinite) is 2^17; + if (noBuf) + cbuf(bt + 131072); + var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1; + var lpos = pos; + for (;; lpos = pos) { + // bits read, code + var c = lm[bits16(dat, pos) & lms], sym = c >>> 4; + pos += c & 15; + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (!c) + err(2); + if (sym < 256) + buf[bt++] = sym; + else if (sym == 256) { + lpos = pos, lm = null; + break; + } + else { + var add = sym - 254; + // no extra bits needed if less + if (sym > 264) { + // index + var i = sym - 257, b = fleb[i]; + add = bits(dat, pos, (1 << b) - 1) + fl[i]; + pos += b; + } + // dist + var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4; + if (!d) + err(3); + pos += d & 15; + var dt = fd[dsym]; + if (dsym > 3) { + var b = fdeb[dsym]; + dt += bits16(dat, pos) & ((1 << b) - 1), pos += b; + } + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (noBuf) + cbuf(bt + 131072); + var end = bt + add; + for (; bt < end; bt += 4) { + buf[bt] = buf[bt - dt]; + buf[bt + 1] = buf[bt + 1 - dt]; + buf[bt + 2] = buf[bt + 2 - dt]; + buf[bt + 3] = buf[bt + 3 - dt]; + } + bt = end; + } + } + st.l = lm, st.p = lpos, st.b = bt, st.f = final; + if (lm) + final = 1, st.m = lbt, st.d = dm, st.n = dbt; + } while (!final); + return bt == buf.length ? buf : slc(buf, 0, bt); +}; +// starting at p, write the minimum number of bits that can hold v to d +var wbits = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; +}; +// starting at p, write the minimum number of bits (>8) that can hold v to d +var wbits16 = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + d[o + 2] |= v >>> 16; +}; +// creates code lengths from a frequency table +var hTree = function (d, mb) { + // Need extra info to make a tree + var t = []; + for (var i = 0; i < d.length; ++i) { + if (d[i]) + t.push({ s: i, f: d[i] }); + } + var s = t.length; + var t2 = t.slice(); + if (!s) + return [et, 0]; + if (s == 1) { + var v = new u8(t[0].s + 1); + v[t[0].s] = 1; + return [v, 1]; + } + t.sort(function (a, b) { return a.f - b.f; }); + // after i2 reaches last ind, will be stopped + // freq must be greater than largest possible number of symbols + t.push({ s: -1, f: 25001 }); + var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2; + t[0] = { s: -1, f: l.f + r.f, l: l, r: r }; + // efficient algorithm from UZIP.js + // i0 is lookbehind, i2 is lookahead - after processing two low-freq + // symbols that combined have high freq, will start processing i2 (high-freq, + // non-composite) symbols instead + // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/ + while (i1 != s - 1) { + l = t[t[i0].f < t[i2].f ? i0++ : i2++]; + r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++]; + t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r }; + } + var maxSym = t2[0].s; + for (var i = 1; i < s; ++i) { + if (t2[i].s > maxSym) + maxSym = t2[i].s; + } + // code lengths + var tr = new u16(maxSym + 1); + // max bits in tree + var mbt = ln(t[i1 - 1], tr, 0); + if (mbt > mb) { + // more algorithms from UZIP.js + // TODO: find out how this code works (debt) + // ind debt + var i = 0, dt = 0; + // left cost + var lft = mbt - mb, cst = 1 << lft; + t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; }); + for (; i < s; ++i) { + var i2_1 = t2[i].s; + if (tr[i2_1] > mb) { + dt += cst - (1 << (mbt - tr[i2_1])); + tr[i2_1] = mb; + } + else + break; + } + dt >>>= lft; + while (dt > 0) { + var i2_2 = t2[i].s; + if (tr[i2_2] < mb) + dt -= 1 << (mb - tr[i2_2]++ - 1); + else + ++i; + } + for (; i >= 0 && dt; --i) { + var i2_3 = t2[i].s; + if (tr[i2_3] == mb) { + --tr[i2_3]; + ++dt; + } + } + mbt = mb; + } + return [new u8(tr), mbt]; +}; +// get the max length and assign length codes +var ln = function (n, l, d) { + return n.s == -1 + ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1)) + : (l[n.s] = d); +}; +// length codes generation +var lc = function (c) { + var s = c.length; + // Note that the semicolon was intentional + while (s && !c[--s]) + ; + var cl = new u16(++s); + // ind num streak + var cli = 0, cln = c[0], cls = 1; + var w = function (v) { cl[cli++] = v; }; + for (var i = 1; i <= s; ++i) { + if (c[i] == cln && i != s) + ++cls; + else { + if (!cln && cls > 2) { + for (; cls > 138; cls -= 138) + w(32754); + if (cls > 2) { + w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305); + cls = 0; + } + } + else if (cls > 3) { + w(cln), --cls; + for (; cls > 6; cls -= 6) + w(8304); + if (cls > 2) + w(((cls - 3) << 5) | 8208), cls = 0; + } + while (cls--) + w(cln); + cls = 1; + cln = c[i]; + } + } + return [cl.subarray(0, cli), s]; +}; +// calculate the length of output from tree, code lengths +var clen = function (cf, cl) { + var l = 0; + for (var i = 0; i < cl.length; ++i) + l += cf[i] * cl[i]; + return l; +}; +// writes a fixed block +// returns the new bit pos +var wfblk = function (out, pos, dat) { + // no need to write 00 as type: TypedArray defaults to 0 + var s = dat.length; + var o = shft(pos + 2); + out[o] = s & 255; + out[o + 1] = s >>> 8; + out[o + 2] = out[o] ^ 255; + out[o + 3] = out[o + 1] ^ 255; + for (var i = 0; i < s; ++i) + out[o + i + 4] = dat[i]; + return (o + 4 + s) * 8; +}; +// writes a block +var wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) { + wbits(out, p++, final); + ++lf[256]; + var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1]; + var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1]; + var _c = lc(dlt), lclt = _c[0], nlc = _c[1]; + var _d = lc(ddt), lcdt = _d[0], ndc = _d[1]; + var lcfreq = new u16(19); + for (var i = 0; i < lclt.length; ++i) + lcfreq[lclt[i] & 31]++; + for (var i = 0; i < lcdt.length; ++i) + lcfreq[lcdt[i] & 31]++; + var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1]; + var nlcc = 19; + for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc) + ; + var flen = (bl + 5) << 3; + var ftlen = clen(lf, flt) + clen(df, fdt) + eb; + var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]); + if (flen <= ftlen && flen <= dtlen) + return wfblk(out, p, dat.subarray(bs, bs + bl)); + var lm, ll, dm, dl; + wbits(out, p, 1 + (dtlen < ftlen)), p += 2; + if (dtlen < ftlen) { + lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt; + var llm = hMap(lct, mlcb, 0); + wbits(out, p, nlc - 257); + wbits(out, p + 5, ndc - 1); + wbits(out, p + 10, nlcc - 4); + p += 14; + for (var i = 0; i < nlcc; ++i) + wbits(out, p + 3 * i, lct[clim[i]]); + p += 3 * nlcc; + var lcts = [lclt, lcdt]; + for (var it = 0; it < 2; ++it) { + var clct = lcts[it]; + for (var i = 0; i < clct.length; ++i) { + var len = clct[i] & 31; + wbits(out, p, llm[len]), p += lct[len]; + if (len > 15) + wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12; + } + } + } + else { + lm = flm, ll = flt, dm = fdm, dl = fdt; + } + for (var i = 0; i < li; ++i) { + if (syms[i] > 255) { + var len = (syms[i] >>> 18) & 31; + wbits16(out, p, lm[len + 257]), p += ll[len + 257]; + if (len > 7) + wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len]; + var dst = syms[i] & 31; + wbits16(out, p, dm[dst]), p += dl[dst]; + if (dst > 3) + wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst]; + } + else { + wbits16(out, p, lm[syms[i]]), p += ll[syms[i]]; + } + } + wbits16(out, p, lm[256]); + return p + ll[256]; +}; +// deflate options (nice << 13) | chain +var deo = /*#__PURE__*/ new u32$1([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]); +// empty +var et = /*#__PURE__*/ new u8(0); +// compresses data into a raw DEFLATE buffer +var dflt = function (dat, lvl, plvl, pre, post, lst) { + var s = dat.length; + var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post); + // writing to this writes to the output buffer + var w = o.subarray(pre, o.length - post); + var pos = 0; + if (!lvl || s < 8) { + for (var i = 0; i <= s; i += 65535) { + // end + var e = i + 65535; + if (e >= s) { + // write final block + w[pos >> 3] = lst; + } + pos = wfblk(w, pos + 1, dat.subarray(i, e)); + } + } + else { + var opt = deo[lvl - 1]; + var n = opt >>> 13, c = opt & 8191; + var msk_1 = (1 << plvl) - 1; + // prev 2-byte val map curr 2-byte val map + var prev = new u16(32768), head = new u16(msk_1 + 1); + var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1; + var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; }; + // 24576 is an arbitrary number of maximum symbols per block + // 424 buffer for last block + var syms = new u32$1(25000); + // length/literal freq distance freq + var lf = new u16(288), df = new u16(32); + // l/lcnt exbits index l/lind waitdx bitpos + var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0; + for (; i < s; ++i) { + // hash value + // deopt when i > s - 3 - at end, deopt acceptable + var hv = hsh(i); + // index mod 32768 previous index mod + var imod = i & 32767, pimod = head[hv]; + prev[imod] = pimod; + head[hv] = imod; + // We always should modify head and prev, but only add symbols if + // this data is not yet processed ("wait" for wait index) + if (wi <= i) { + // bytes remaining + var rem = s - i; + if ((lc_1 > 7000 || li > 24576) && rem > 423) { + pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos); + li = lc_1 = eb = 0, bs = i; + for (var j = 0; j < 286; ++j) + lf[j] = 0; + for (var j = 0; j < 30; ++j) + df[j] = 0; + } + // len dist chain + var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767; + if (rem > 2 && hv == hsh(i - dif)) { + var maxn = Math.min(n, rem) - 1; + var maxd = Math.min(32767, i); + // max possible length + // not capped at dif because decompressors implement "rolling" index population + var ml = Math.min(258, rem); + while (dif <= maxd && --ch_1 && imod != pimod) { + if (dat[i + l] == dat[i + l - dif]) { + var nl = 0; + for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl) + ; + if (nl > l) { + l = nl, d = dif; + // break out early when we reach "nice" (we are satisfied enough) + if (nl > maxn) + break; + // now, find the rarest 2-byte sequence within this + // length of literals and search for that instead. + // Much faster than just using the start + var mmd = Math.min(dif, nl - 2); + var md = 0; + for (var j = 0; j < mmd; ++j) { + var ti = (i - dif + j + 32768) & 32767; + var pti = prev[ti]; + var cd = (ti - pti + 32768) & 32767; + if (cd > md) + md = cd, pimod = ti; + } + } + } + // check the previous match + imod = pimod, pimod = prev[imod]; + dif += (imod - pimod + 32768) & 32767; + } + } + // d will be nonzero only when a match was found + if (d) { + // store both dist and len data in one Uint32 + // Make sure this is recognized as a len/dist with 28th bit (2^28) + syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d]; + var lin = revfl[l] & 31, din = revfd[d] & 31; + eb += fleb[lin] + fdeb[din]; + ++lf[257 + lin]; + ++df[din]; + wi = i + l; + ++lc_1; + } + else { + syms[li++] = dat[i]; + ++lf[dat[i]]; + } + } + } + pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos); + // this is the easiest way to avoid needing to maintain state + if (!lst && pos & 7) + pos = wfblk(w, pos + 1, et); + } + return slc(o, 0, pre + shft(pos) + post); +}; +// Alder32 +var adler = function () { + var a = 1, b = 0; + return { + p: function (d) { + // closures have awful performance + var n = a, m = b; + var l = d.length | 0; + for (var i = 0; i != l;) { + var e = Math.min(i + 2655, l); + for (; i < e; ++i) + m += n += d[i]; + n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16); + } + a = n, b = m; + }, + d: function () { + a %= 65521, b %= 65521; + return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8); + } + }; +}; +// deflate with opts +var dopt = function (dat, opt, pre, post, st) { + return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st); +}; +// write bytes +var wbytes = function (d, b, v) { + for (; v; ++b) + d[b] = v, v >>>= 8; +}; +// zlib header +var zlh = function (c, o) { + var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2; + c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1); +}; +// zlib footer: -4 to -0 is Adler32 /** - * Create list of objects containing signer's keyID and validity of signature - * @param {Array} signatureList - Array of signature packets - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} date - Verify the signature against the given date, - * i.e. check signature creation time < date < expiration time - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) - * @async - * @private + * Streaming DEFLATE compression + */ +var Deflate = /*#__PURE__*/ (function () { + function Deflate(opts, cb) { + if (!cb && typeof opts == 'function') + cb = opts, opts = {}; + this.ondata = cb; + this.o = opts || {}; + } + Deflate.prototype.p = function (c, f) { + this.ondata(dopt(c, this.o, 0, 0, !f), f); + }; + /** + * Pushes a chunk to be deflated + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Deflate.prototype.push = function (chunk, final) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + this.d = final; + this.p(chunk, final || false); + }; + return Deflate; +}()); +/** + * Streaming DEFLATE decompression + */ +var Inflate = /*#__PURE__*/ (function () { + /** + * Creates an inflation stream + * @param cb The callback to call whenever data is inflated + */ + function Inflate(cb) { + this.s = {}; + this.p = new u8(0); + this.ondata = cb; + } + Inflate.prototype.e = function (c) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + var l = this.p.length; + var n = new u8(l + c.length); + n.set(this.p), n.set(c, l), this.p = n; + }; + Inflate.prototype.c = function (final) { + this.d = this.s.i = final || false; + var bts = this.s.b; + var dt = inflt(this.p, this.o, this.s); + this.ondata(slc(dt, bts, this.s.b), this.d); + this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length; + this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7; + }; + /** + * Pushes a chunk to be inflated + * @param chunk The chunk to push + * @param final Whether this is the final chunk + */ + Inflate.prototype.push = function (chunk, final) { + this.e(chunk), this.c(final); + }; + return Inflate; +}()); +/** + * Streaming Zlib compression + */ +var Zlib = /*#__PURE__*/ (function () { + function Zlib(opts, cb) { + this.c = adler(); + this.v = 1; + Deflate.call(this, opts, cb); + } + /** + * Pushes a chunk to be zlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Zlib.prototype.push = function (chunk, final) { + Deflate.prototype.push.call(this, chunk, final); + }; + Zlib.prototype.p = function (c, f) { + this.c.p(c); + var raw = dopt(c, this.o, this.v && 2, f && 4, !f); + if (this.v) + zlh(raw, this.o), this.v = 0; + if (f) + wbytes(raw, raw.length - 4, this.c.d()); + this.ondata(raw, f); + }; + return Zlib; +}()); +/** + * Streaming Zlib decompression */ -async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - return Promise.all(signatureList.filter(function(signature) { - return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); - }).map(async function(signature) { - return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); - })); +var Unzlib = /*#__PURE__*/ (function () { + /** + * Creates a Zlib decompression stream + * @param cb The callback to call whenever data is inflated + */ + function Unzlib(cb) { + this.v = 1; + Inflate.call(this, cb); + } + /** + * Pushes a chunk to be unzlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Unzlib.prototype.push = function (chunk, final) { + Inflate.prototype.e.call(this, chunk); + if (this.v) { + if (this.p.length < 2 && !final) + return; + this.p = this.p.subarray(2), this.v = 0; + } + if (final) { + if (this.p.length < 4) + err(6, 'invalid zlib data'); + this.p = this.p.subarray(0, -4); + } + // necessary to prevent TS from using the closure value + // This allows for workerization to function correctly + Inflate.prototype.c.call(this, final); + }; + return Unzlib; +}()); +// text decoder +var td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder(); +// text decoder stream +var tds = 0; +try { + td.decode(et, { stream: true }); + tds = 1; } +catch (e) { } + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** - * Reads an (optionally armored) OpenPGP message and returns a Message object - * @param {Object} options - * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed - * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New message object. - * @async - * @static + * Implementation of the Literal Data Packet (Tag 11) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: + * A Literal Data packet contains the body of a message; data that is not to be + * further interpreted. */ -async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredMessage || binaryMessage; - if (!input) { - throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); - } - if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { - throw new Error('readMessage: options.armoredMessage must be a string or stream'); +class LiteralDataPacket { + static get tag() { + return enums.packet.literalData; } - if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { - throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); + + /** + * @param {Date} date - The creation date of the literal package + */ + constructor(date = new Date()) { + this.format = enums.literal.utf8; // default format for literal data packets + this.date = util.normalizeDate(date); + this.text = null; // textual data representation + this.data = null; // literal data representation + this.filename = ''; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); + /** + * Set the packet data to a javascript native string, end of line + * will be normalized to \r\n and by default text is converted to UTF8 + * @param {String | ReadableStream} text - Any native javascript string + * @param {enums.literal} [format] - The format of the string of bytes + */ + setText(text, format = enums.literal.utf8) { + this.format = format; + this.text = text; + this.data = null; } - if (armoredMessage) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.message) { - throw new Error('Armored text not of type message'); + + /** + * Returns literal data packets as native JavaScript string + * with normalized end of line to \n + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {String | ReadableStream} Literal data as text. + */ + getText(clone = false) { + if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read + this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); } - input = data; + return this.text; } - const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); - const message = new Message(packetlist); - message.fromStream = streamType; - return message; -} -/** - * Creates new message object from text or binary data. - * @param {Object} options - * @param {String | ReadableStream} [options.text] - The text message contents - * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents - * @param {String} [options.filename=""] - Name of the file (if any) - * @param {Date} [options.date=current date] - Date of the message, or modification date of the file - * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type - * @returns {Promise} New message object. - * @async - * @static - */ -async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { - let input = text !== undefined ? text : binary; - if (input === undefined) { - throw new Error('createMessage: must pass options object containing `text` or `binary`'); + /** + * Set the packet data to value represented by the provided string of bytes. + * @param {Uint8Array | ReadableStream} bytes - The string of bytes + * @param {enums.literal} format - The format of the string of bytes + */ + setBytes(bytes, format) { + this.format = format; + this.data = bytes; + this.text = null; } - if (text && !util.isString(text) && !util.isStream(text)) { - throw new Error('createMessage: options.text must be a string or stream'); + + + /** + * Get the byte sequence representing the literal packet data + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {Uint8Array | ReadableStream} A sequence of bytes. + */ + getBytes(clone = false) { + if (this.data === null) { + // encode UTF8 and normalize EOL to \r\n + this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); + } + if (clone) { + return passiveClone(this.data); + } + return this.data; } - if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { - throw new Error('createMessage: options.binary must be a Uint8Array or stream'); + + + /** + * Sets the filename of the literal packet data + * @param {String} filename - Any native javascript string + */ + setFilename(filename) { + this.filename = filename; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); + + /** + * Get the filename of the literal packet data + * @returns {String} Filename. + */ + getFilename() { + return this.filename; } - const literalDataPacket = new LiteralDataPacket(date); - if (text !== undefined) { - literalDataPacket.setText(input, enums.write(enums.literal, format)); - } else { - literalDataPacket.setBytes(input, enums.write(enums.literal, format)); + + /** + * Parsing function for a literal data packet (tag 11). + * + * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet + * @returns {Promise} Object representation. + * @async + */ + async read(bytes) { + await parse(bytes, async reader => { + // - A one-octet field that describes how the data is formatted. + const format = await reader.readByte(); // enums.literal + + const filename_len = await reader.readByte(); + this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); + + this.date = util.readDate(await reader.readBytes(4)); + + let data = reader.remainder(); + if (isArrayStream(data)) data = await readToEnd(data); + this.setBytes(data, format); + }); } - if (filename !== undefined) { - literalDataPacket.setFilename(filename); + + /** + * Creates a Uint8Array representation of the packet, excluding the data + * + * @returns {Uint8Array} Uint8Array representation of the packet. + */ + writeHeader() { + const filename = util.encodeUTF8(this.filename); + const filename_length = new Uint8Array([filename.length]); + + const format = new Uint8Array([this.format]); + const date = util.writeDate(this.date); + + return util.concatUint8Array([format, filename_length, filename, date]); + } + + /** + * Creates a Uint8Array representation of the packet + * + * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. + */ + write() { + const header = this.writeHeader(); + const data = this.getBytes(); + + return util.concat([header, data]); } - const literalDataPacketlist = new PacketList(); - literalDataPacketlist.push(literalDataPacket); - const message = new Message(literalDataPacketlist); - message.fromStream = streamType; - return message; } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// A Cleartext message can contain the following packets -const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); /** - * Class that represents an OpenPGP cleartext signed message. - * See {@link https://tools.ietf.org/html/rfc4880#section-7} + * Implementation of type key id + * + * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: + * A Key ID is an eight-octet scalar that identifies a key. + * Implementations SHOULD NOT assume that Key IDs are unique. The + * section "Enhanced Key Formats" below describes how Key IDs are + * formed. */ -class CleartextMessage { +class KeyID { + constructor() { + this.bytes = ''; + } + /** - * @param {String} text - The cleartext of the signed message - * @param {Signature} signature - The detached signature or an empty signature for unsigned messages - */ - constructor(text, signature) { - // remove trailing whitespace and normalize EOL to canonical form - this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); - if (signature && !(signature instanceof Signature)) { - throw new Error('Invalid signature input'); - } - this.signature = signature || new Signature(new PacketList()); + * Parsing method for a key id + * @param {Uint8Array} bytes - Input to read the key id from + */ + read(bytes) { + this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); + return this.bytes.length; } /** - * Returns the key IDs of the keys that signed the cleartext message - * @returns {Array} Array of keyID objects. + * Serializes the Key ID + * @returns {Uint8Array} Key ID as a Uint8Array. */ - getSigningKeyIDs() { - const keyIDs = []; - const signatureList = this.signature.packets; - signatureList.forEach(function(packet) { - keyIDs.push(packet.issuerKeyID); - }); - return keyIDs; + write() { + return util.stringToUint8Array(this.bytes); } /** - * Sign the cleartext message - * @param {Array} privateKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] - * @param {Date} [date] - The creation time of the signature that should be created - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New cleartext message with signed content. - * @async + * Returns the Key ID represented as a hexadecimal string + * @returns {String} Key ID as a hexadecimal string. */ - async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = new LiteralDataPacket(); - literalDataPacket.setText(this.text); - const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - return new CleartextMessage(this.text, newSignature); + toHex() { + return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); } /** - * Verify signatures of cleartext signed message - * @param {Array} keys - Array of keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async + * Checks equality of Key ID's + * @param {KeyID} keyID + * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard */ - verify(keys, date = new Date(), config$1 = config) { - const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - const literalDataPacket = new LiteralDataPacket(); - // we assume that cleartext signature is generated based on UTF8 cleartext - literalDataPacket.setText(this.text); - return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + equals(keyID, matchWildcard = false) { + return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; } /** - * Get cleartext - * @returns {String} Cleartext of message. + * Checks to see if the Key ID is unset + * @returns {Boolean} True if the Key ID is null. */ - getText() { - // normalize end of line to \n - return this.text.replace(/\r\n/g, '\n'); + isNull() { + return this.bytes === ''; } /** - * Returns ASCII armored text of cleartext signed message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {String | ReadableStream} ASCII armor. + * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) + * @returns {Boolean} True if this is a wildcard Key ID. */ - armor(config$1 = config) { - let hashes = this.signature.packets.map(function(packet) { - return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase(); - }); - hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; }); - const body = { - hash: hashes.join(), - text: this.text, - data: this.signature.packets.write() - }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config$1); + isWildcard() { + return /^0+$/.test(this.toHex()); } -} -/** - * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object - * @param {Object} options - * @param {String} options.cleartextMessage - Text to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New cleartext message object. - * @async - * @static - */ -async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!cleartextMessage) { - throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); + static mapToHex(keyID) { + return keyID.toHex(); } - if (!util.isString(cleartextMessage)) { - throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); + + static fromID(hex) { + const keyID = new KeyID(); + keyID.read(util.hexToUint8Array(hex)); + return keyID; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - const input = await unarmor(cleartextMessage); - if (input.type !== enums.armor.signed) { - throw new Error('No cleartext signed message.'); + static wildcard() { + const keyID = new KeyID(); + keyID.read(new Uint8Array(8)); + return keyID; } - const packetlist = await PacketList.fromBinary(input.data, allowedPackets$5, config$1); - verifyHeaders$1(input.headers, packetlist); - const signature = new Signature(packetlist); - return new CleartextMessage(input.text, signature); } -/** - * Compare hash algorithm specified in the armor header with signatures - * @param {Array} headers - Armor headers - * @param {PacketList} packetlist - The packetlist with signature packets - * @private - */ -function verifyHeaders$1(headers, packetlist) { - const checkHashAlgos = function(hashAlgos) { - const check = packet => algo => packet.hashAlgorithm === algo; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - for (let i = 0; i < packetlist.length; i++) { - if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { - return false; - } - } - return true; - }; - let oneHeader = null; - let hashAlgos = []; - headers.forEach(function(header) { - oneHeader = header.match(/^Hash: (.+)$/); // get header value - if (oneHeader) { - oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace - oneHeader = oneHeader.split(','); - oneHeader = oneHeader.map(function(hash) { - hash = hash.toLowerCase(); - try { - return enums.write(enums.hash, hash); - } catch (e) { - throw new Error('Unknown hash algorithm in armor header: ' + hash); - } - }); - hashAlgos = hashAlgos.concat(oneHeader); - } else { - throw new Error('Only "Hash" header allowed in cleartext signed message'); - } - }); +// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. +const verified = Symbol('verified'); - if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { - throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); - } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { - throw new Error('Hash algorithm mismatch in armor header and signature'); - } -} +// A salt notation is used to randomize signatures. +// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks +// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170). +// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g. +// some chosen-prefix attacks. +// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt. +const SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org'; + +// GPG puts the Issuer and Signature subpackets in the unhashed area. +// Tampering with those invalidates the signature, so we still trust them and parse them. +// All other unhashed subpackets are ignored. +const allowedUnhashedSubpackets = new Set([ + enums.signatureSubpacket.issuerKeyID, + enums.signatureSubpacket.issuerFingerprint, + enums.signatureSubpacket.embeddedSignature +]); /** - * Creates a new CleartextMessage object from text - * @param {Object} options - * @param {String} options.text - * @static - * @async + * Implementation of the Signature Packet (Tag 2) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: + * A Signature packet describes a binding between some public key and + * some data. The most common signatures are a signature of a file or a + * block of text, and a signature that is a certification of a User ID. */ -async function createCleartextMessage({ text, ...rest }) { - if (!text) { - throw new Error('createCleartextMessage: must pass options object containing `text`'); +class SignaturePacket { + static get tag() { + return enums.packet.signature; } - if (!util.isString(text)) { - throw new Error('createCleartextMessage: options.text must be a string'); + + constructor() { + this.version = null; + /** @type {enums.signature} */ + this.signatureType = null; + /** @type {enums.hash} */ + this.hashAlgorithm = null; + /** @type {enums.publicKey} */ + this.publicKeyAlgorithm = null; + + this.signatureData = null; + this.unhashedSubpackets = []; + this.unknownSubpackets = []; + this.signedHashValue = null; + this.salt = null; + + this.created = null; + this.signatureExpirationTime = null; + this.signatureNeverExpires = true; + this.exportable = null; + this.trustLevel = null; + this.trustAmount = null; + this.regularExpression = null; + this.revocable = null; + this.keyExpirationTime = null; + this.keyNeverExpires = null; + this.preferredSymmetricAlgorithms = null; + this.revocationKeyClass = null; + this.revocationKeyAlgorithm = null; + this.revocationKeyFingerprint = null; + this.issuerKeyID = new KeyID(); + this.rawNotations = []; + this.notations = {}; + this.preferredHashAlgorithms = null; + this.preferredCompressionAlgorithms = null; + this.keyServerPreferences = null; + this.preferredKeyServer = null; + this.isPrimaryUserID = null; + this.policyURI = null; + this.keyFlags = null; + this.signersUserID = null; + this.reasonForRevocationFlag = null; + this.reasonForRevocationString = null; + this.features = null; + this.signatureTargetPublicKeyAlgorithm = null; + this.signatureTargetHashAlgorithm = null; + this.signatureTargetHash = null; + this.embeddedSignature = null; + this.issuerKeyVersion = null; + this.issuerFingerprint = null; + this.preferredAEADAlgorithms = null; + this.preferredCipherSuites = null; + + this.revoked = null; + this[verified] = null; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - return new CleartextMessage(text); -} + /** + * parsing function for a signature packet (tag 2). + * @param {String} bytes - Payload of a tag 2 packet + * @returns {SignaturePacket} Object representation. + */ + read(bytes, config$1 = config) { + let i = 0; + this.version = bytes[i++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } -// OpenPGP.js - An OpenPGP implementation in javascript + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); + } + + this.signatureType = bytes[i++]; + this.publicKeyAlgorithm = bytes[i++]; + this.hashAlgorithm = bytes[i++]; + + // hashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), true); + if (!this.created) { + throw new Error('Missing signature creation time subpacket.'); + } + + // A V4 signature hashes the packet body + // starting from its first field, the version number, through the end + // of the hashed subpacket data. Thus, the fields hashed are the + // signature version, the signature type, the public-key algorithm, the + // hash algorithm, the hashed subpacket length, and the hashed + // subpacket body. + this.signatureData = bytes.subarray(0, i); + + // unhashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), false); + // Two-octet field holding left 16 bits of signed hash value. + this.signedHashValue = bytes.subarray(i, i + 2); + i += 2; -////////////////////// -// // -// Key handling // -// // -////////////////////// + // Only for v6 signatures, a variable-length field containing: + if (this.version === 6) { + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[i++]; + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(i, i + saltLength); + i += saltLength; + } -/** - * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. - * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. - * @param {Object} options - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys - * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: - * curve25519 (default), p256, p384, p521, secp256k1, - * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 - * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` - * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static - */ -async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const signatureMaterial = bytes.subarray(i, bytes.length); + const { read, signatureParams } = mod$1.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial); + if (read < signatureMaterial.length) { + throw new Error('Error reading MPIs'); + } + this.params = signatureParams; + } - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key generation'); + /** + * @returns {Uint8Array | ReadableStream} + */ + writeParams() { + if (this.params instanceof Promise) { + return fromAsync( + async () => mod$1.serializeParams(this.publicKeyAlgorithm, await this.params) + ); + } + return mod$1.serializeParams(this.publicKeyAlgorithm, this.params); } - if (type === 'rsa' && rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + + write() { + const arr = []; + arr.push(this.signatureData); + arr.push(this.writeUnhashedSubPackets()); + arr.push(this.signedHashValue); + if (this.version === 6) { + arr.push(new Uint8Array([this.salt.length])); + arr.push(this.salt); + } + arr.push(this.writeParams()); + return util.concat(arr); } - const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; + /** + * Signs provided data. This needs to be done prior to serialization. + * @param {SecretKeyPacket} key - Private key used to sign the message. + * @param {Object} data - Contains packets to be signed. + * @param {Date} [date] - The signature creation time. + * @param {Boolean} [detached] - Whether to create a detached signature + * @throws {Error} if signing failed + * @async + */ + async sign(key, data, date = new Date(), detached = false, config) { + this.version = key.version; - try { - const { key, revocationCertificate } = await generate$4(options, config$1); - key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); + this.created = util.normalizeDate(date); + this.issuerKeyVersion = key.version; + this.issuerFingerprint = key.getFingerprintBytes(); + this.issuerKeyID = key.getKeyID(); - return { - privateKey: formatObject(key, format, config$1), - publicKey: formatObject(key.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error generating keypair', err); - } -} + const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; -/** - * Reformats signature packets for a key and rewraps key object. - * @param {Object} options - * @param {PrivateKey} options.privateKey - Private key to reformat - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended - * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static - */ -async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // add randomness to the signature + if (this.version === 6) { + const saltLength = saltLengthForHash(this.hashAlgorithm); + if (this.salt === null) { + this.salt = mod$1.random.getRandomBytes(saltLength); + } else if (saltLength !== this.salt.length) { + throw new Error('Provided salt does not have the required length'); + } + } else if (config.nonDeterministicSignaturesViaNotation) { + const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME)); + // since re-signing the same object is not supported, it's not expected to have multiple salt notations, + // but we guard against it as a sanity check + if (saltNotations.length === 0) { + const saltValue = mod$1.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm)); + this.rawNotations.push({ + name: SALT_NOTATION_NAME, + value: saltValue, + humanReadable: false, + critical: false + }); + } else { + throw new Error('Unexpected existing salt notation'); + } + } - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key reformat'); - } - const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; + // Add hashed subpackets + arr.push(this.writeHashedSubPackets()); - try { - const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); + // Remove unhashed subpackets, in case some allowed unhashed + // subpackets existed, in order not to duplicate them (in both + // the hashed and unhashed subpackets) when re-signing. + this.unhashedSubpackets = []; - return { - privateKey: formatObject(reformattedKey, format, config$1), - publicKey: formatObject(reformattedKey.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error reformatting keypair', err); + this.signatureData = util.concat(arr); + + const toHash = this.toHash(this.signatureType, data, detached); + const hash = await this.hash(this.signatureType, data, toHash, detached); + + this.signedHashValue = slice(clone(hash), 0, 2); + const signed = async () => mod$1.signature.sign( + this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) + ); + if (util.isStream(hash)) { + this.params = signed(); + } else { + this.params = await signed(); + + // Store the fact that this signature is valid, e.g. for when we call `await + // getLatestValidSignature(this.revocationSignatures, key, data)` later. + // Note that this only holds up if the key and data passed to verify are the + // same as the ones passed to sign. + this[verified] = true; + } } -} -/** - * Revokes a key. Requires either a private key or a revocation certificate. - * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. - * @param {Object} options - * @param {Key} options.key - Public or private key to revoke - * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with - * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation - * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation - * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The revoked key in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or - * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise - * @async - * @static - */ -async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + /** + * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets + * @returns {Uint8Array} Subpacket data. + */ + writeHashedSubPackets() { + const sub = enums.signatureSubpacket; + const arr = []; + let bytes; + if (this.created === null) { + throw new Error('Missing signature creation time'); + } + arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); + if (this.signatureExpirationTime !== null) { + arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); + } + if (this.exportable !== null) { + arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); + } + if (this.trustLevel !== null) { + bytes = new Uint8Array([this.trustLevel, this.trustAmount]); + arr.push(writeSubPacket(sub.trustSignature, true, bytes)); + } + if (this.regularExpression !== null) { + arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); + } + if (this.revocable !== null) { + arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); + } + if (this.keyExpirationTime !== null) { + arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); + } + if (this.preferredSymmetricAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); + arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); + } + if (this.revocationKeyClass !== null) { + bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); + bytes = util.concat([bytes, this.revocationKeyFingerprint]); + arr.push(writeSubPacket(sub.revocationKey, false, bytes)); + } + if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) { + // If the version of [the] key is greater than 4, this subpacket + // MUST NOT be included in the signature. + arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write())); + } + this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { + bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; + const encodedName = util.encodeUTF8(name); + // 2 octets of name length + bytes.push(util.writeNumber(encodedName.length, 2)); + // 2 octets of value length + bytes.push(util.writeNumber(value.length, 2)); + bytes.push(encodedName); + bytes.push(value); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.notationData, critical, bytes)); + }); + if (this.preferredHashAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); + arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); + } + if (this.preferredCompressionAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); + arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); + } + if (this.keyServerPreferences !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); + arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); + } + if (this.preferredKeyServer !== null) { + arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); + } + if (this.isPrimaryUserID !== null) { + arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); + } + if (this.policyURI !== null) { + arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); + } + if (this.keyFlags !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); + arr.push(writeSubPacket(sub.keyFlags, true, bytes)); + } + if (this.signersUserID !== null) { + arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); + } + if (this.reasonForRevocationFlag !== null) { + bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); + arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); + } + if (this.features !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); + arr.push(writeSubPacket(sub.features, false, bytes)); + } + if (this.signatureTargetPublicKeyAlgorithm !== null) { + bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; + bytes.push(util.stringToUint8Array(this.signatureTargetHash)); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); + } + if (this.embeddedSignature !== null) { + arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); + } + if (this.issuerFingerprint !== null) { + bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes)); + } + if (this.preferredAEADAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); + arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); + } + if (this.preferredCipherSuites !== null) { + bytes = new Uint8Array([].concat(...this.preferredCipherSuites)); + arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes)); + } - try { - const revokedKey = revocationCertificate ? - await key.applyRevocationCertificate(revocationCertificate, date, config$1) : - await key.revoke(reasonForRevocation, date, config$1); + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); - return revokedKey.isPrivate() ? { - privateKey: formatObject(revokedKey, format, config$1), - publicKey: formatObject(revokedKey.toPublic(), format, config$1) - } : { - privateKey: null, - publicKey: formatObject(revokedKey, format, config$1) - }; - } catch (err) { - throw util.wrapError('Error revoking key', err); + return util.concat([length, result]); } -} - -/** - * Unlock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to decrypt - * @param {String|Array} options.passphrase - The user's passphrase(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The unlocked key object. - * @async - */ -async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (!privateKey.isPrivate()) { - throw new Error('Cannot decrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); - const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; + /** + * Creates an Uint8Array containing the unhashed subpackets + * @returns {Uint8Array} Subpacket data. + */ + writeUnhashedSubPackets() { + const arr = this.unhashedSubpackets.map(({ type, critical, body }) => { + return writeSubPacket(type, critical, body); + }); - try { - await Promise.all(clonedPrivateKey.getKeys().map(key => ( - // try to decrypt each key with any of the given passphrases - util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) - ))); + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); - await clonedPrivateKey.validate(config$1); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error decrypting private key', err); + return util.concat([length, result]); } -} -/** - * Lock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to encrypt - * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The locked key object. - * @async - */ -async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // Signature subpackets + readSubPacket(bytes, hashed = true) { + let mypos = 0; - if (!privateKey.isPrivate()) { - throw new Error('Cannot encrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); + // The leftmost bit denotes a "critical" packet + const critical = !!(bytes[mypos] & 0x80); + const type = bytes[mypos] & 0x7F; - const keys = clonedPrivateKey.getKeys(); - const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); - if (passphrases.length !== keys.length) { - throw new Error('Invalid number of passphrases given for key encryption'); - } + mypos++; - try { - await Promise.all(keys.map(async (key, i) => { - const { keyPacket } = key; - await keyPacket.encrypt(passphrases[i], config$1); - keyPacket.clearPrivateParams(); - })); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error encrypting private key', err); - } -} + if (!hashed) { + this.unhashedSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + if (!allowedUnhashedSubpackets.has(type)) { + return; + } + } + // subpacket type + switch (type) { + case enums.signatureSubpacket.signatureCreationTime: + // Signature Creation Time + this.created = util.readDate(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.signatureExpirationTime: { + // Signature Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); -/////////////////////////////////////////// -// // -// Message encryption and decryption // -// // -/////////////////////////////////////////// + this.signatureNeverExpires = seconds === 0; + this.signatureExpirationTime = seconds; + break; + } + case enums.signatureSubpacket.exportableCertification: + // Exportable Certification + this.exportable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.trustSignature: + // Trust Signature + this.trustLevel = bytes[mypos++]; + this.trustAmount = bytes[mypos++]; + break; + case enums.signatureSubpacket.regularExpression: + // Regular Expression + this.regularExpression = bytes[mypos]; + break; + case enums.signatureSubpacket.revocable: + // Revocable + this.revocable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.keyExpirationTime: { + // Key Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); -/** - * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` - * must be specified. If signing keys are specified, those will be used to sign the message. - * @param {Object} options - * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message - * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed - * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message - * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Signature} [options.signature] - A detached signature to add to the encrypted message - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` - * @param {Date} [options.date=current date] - Override the creation date of the message signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); signingKeys = toArray$1(signingKeys); passwords = toArray$1(passwords); - signingKeyIDs = toArray$1(signingKeyIDs); encryptionKeyIDs = toArray$1(encryptionKeyIDs); signingUserIDs = toArray$1(signingUserIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); signatureNotations = toArray$1(signatureNotations); - if (rest.detached) { - throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); - } - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + this.keyExpirationTime = seconds; + this.keyNeverExpires = seconds === 0; - if (!signingKeys) { - signingKeys = []; - } - const streaming = message.fromStream; - try { - if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified - message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - message = message.compress( - await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config$1), - config$1 - ); - message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - if (format === 'object') return message; - // serialize data - const armor = format === 'armored'; - const data = armor ? message.armor(config$1) : message.write(); - return convertStream(data, streaming, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error encrypting message', err); - } -} + break; + } + case enums.signatureSubpacket.preferredSymmetricAlgorithms: + // Preferred Symmetric Algorithms + this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.revocationKey: + // Revocation Key + // (1 octet of class, 1 octet of public-key algorithm ID, 20 + // octets of + // fingerprint) + this.revocationKeyClass = bytes[mypos++]; + this.revocationKeyAlgorithm = bytes[mypos++]; + this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); + break; -/** - * Decrypts a message with the user's private key, a session key or a password. - * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). - * @param {Object} options - * @param {Message} options.message - The message object with the encrypted data - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key - * @param {String|String[]} [options.passwords] - Passwords to decrypt the message - * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } - * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing decrypted and verified message in the form: - * - * { - * data: MaybeStream, (if format was 'utf8', the default) - * data: MaybeStream, (if format was 'binary') - * filename: String, - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static - */ -async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); verificationKeys = toArray$1(verificationKeys); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); sessionKeys = toArray$1(sessionKeys); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + case enums.signatureSubpacket.issuerKeyID: + // Issuer + if (this.version === 4) { + this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + } else if (hashed) { + // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature, + // since the Issuer Fingerprint subpacket is to be used instead. + // The `issuerKeyID` value will be set when reading the issuerFingerprint packet. + // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it, + // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed) + // issuerFingerprint. + // If the packet is hashed, then we reject the signature, to avoid verifying data different from + // what was parsed. + throw new Error('Unexpected Issuer Key ID subpacket'); + } + break; - try { - const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); - if (!verificationKeys) { - verificationKeys = []; - } + case enums.signatureSubpacket.notationData: { + // Notation Data + const humanReadable = !!(bytes[mypos] & 0x80); - const result = {}; - result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); - result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); - result.filename = decrypted.getFilename(); - linkStreams(result, message); - if (expectSigned) { - if (verificationKeys.length === 0) { - throw new Error('Verification keys are required to verify message signatures'); + // We extract key/value tuple from the byte stream. + mypos += 4; + const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + + const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); + const value = bytes.subarray(mypos + m, mypos + m + n); + + this.rawNotations.push({ name, humanReadable, value, critical }); + + if (humanReadable) { + this.notations[name] = util.decodeUTF8(value); + } + break; } - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); + case enums.signatureSubpacket.preferredHashAlgorithms: + // Preferred Hash Algorithms + this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCompressionAlgorithms: + // Preferred Compression Algorithms + this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.keyServerPreferences: + // Key Server Preferences + this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredKeyServer: + // Preferred Key Server + this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.primaryUserID: + // Primary User ID + this.isPrimaryUserID = bytes[mypos++] !== 0; + break; + case enums.signatureSubpacket.policyURI: + // Policy URI + this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.keyFlags: + // Key Flags + this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signersUserID: + // Signer's User ID + this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.reasonForRevocation: + // Reason for Revocation + this.reasonForRevocationFlag = bytes[mypos++]; + this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.features: + // Features + this.features = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signatureTarget: { + // Signature Target + // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) + this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; + this.signatureTargetHashAlgorithm = bytes[mypos++]; + + const len = mod$1.getHashByteLength(this.signatureTargetHashAlgorithm); + + this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); + break; } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); + case enums.signatureSubpacket.embeddedSignature: + // Embedded Signature + this.embeddedSignature = new SignaturePacket(); + this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.issuerFingerprint: + // Issuer Fingerprint + this.issuerKeyVersion = bytes[mypos++]; + this.issuerFingerprint = bytes.subarray(mypos, bytes.length); + if (this.issuerKeyVersion >= 5) { + this.issuerKeyID.read(this.issuerFingerprint); + } else { + this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); + } + break; + case enums.signatureSubpacket.preferredAEADAlgorithms: + // Preferred AEAD Algorithms + this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCipherSuites: + // Preferred AEAD Cipher Suites + this.preferredCipherSuites = []; + for (let i = mypos; i < bytes.length; i += 2) { + this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); + } + break; + default: + this.unknownSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + break; } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error decrypting message', err); } -} + readSubPackets(bytes, trusted = true, config) { + const subpacketLengthBytes = this.version === 6 ? 4 : 2; -////////////////////////////////////////// -// // -// Message signing and verification // -// // -////////////////////////////////////////// + // Two-octet scalar octet count for following subpacket data. + const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes)); + let i = subpacketLengthBytes; -/** - * Signs a message. - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed - * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [options.date=current date] - Override the creation date of the signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function sign$6({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); checkOutputMessageFormat(format); - signingKeys = toArray$1(signingKeys); signingKeyIDs = toArray$1(signingKeyIDs); signingUserIDs = toArray$1(signingUserIDs); signatureNotations = toArray$1(signatureNotations); + // subpacket data set (zero or more subpackets) + while (i < 2 + subpacketLength) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); - if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); - if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); + i += len.len; + } - if (!signingKeys || signingKeys.length === 0) { - throw new Error('No signing keys provided'); + return i; } - try { - let signature; - if (detached) { - signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } else { - signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - if (format === 'object') return signature; + // Produces data to produce signature on + toSign(type, data) { + const t = enums.signature; - const armor = format === 'armored'; - signature = armor ? signature.armor(config$1) : signature.write(); - if (detached) { - signature = transformPair(message.packets.write(), async (readable, writable) => { - await Promise.all([ - pipe(signature, writable), - readToEnd(readable).catch(() => {}) - ]); - }); - } - return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error signing message', err); - } -} + switch (type) { + case t.binary: + if (data.text !== null) { + return util.encodeUTF8(data.getText(true)); + } + return data.getBytes(true); -/** - * Verifies signatures of cleartext signed message - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures - * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing verified message in the form: - * - * { - * data: MaybeStream, (if `message` was a CleartextMessage) - * data: MaybeStream, (if `message` was a Message) - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static - */ -async function verify$6({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); verificationKeys = toArray$1(verificationKeys); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + case t.text: { + const bytes = data.getBytes(true); + // normalize EOL to \r\n + return util.canonicalizeEOL(bytes); + } + case t.standalone: + return new Uint8Array(0); + + case t.certGeneric: + case t.certPersona: + case t.certCasual: + case t.certPositive: + case t.certRevocation: { + let packet; + let tag; + + if (data.userID) { + tag = 0xB4; + packet = data.userID; + } else if (data.userAttribute) { + tag = 0xD1; + packet = data.userAttribute; + } else { + throw new Error('Either a userID or userAttribute packet needs to be ' + + 'supplied for certification.'); + } + + const bytes = packet.write(); + + return util.concat([this.toSign(t.key, data), + new Uint8Array([tag]), + util.writeNumber(bytes.length, 4), + bytes]); + } + case t.subkeyBinding: + case t.subkeyRevocation: + case t.keyBinding: + return util.concat([this.toSign(t.key, data), this.toSign(t.key, { + key: data.bind + })]); - if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); - if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); + case t.key: + if (data.key === undefined) { + throw new Error('Key packet is required for this signature.'); + } + return data.key.writeForHash(this.version); - try { - const result = {}; - if (signature) { - result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); - } else { - result.signatures = await message.verify(verificationKeys, date, config$1); - } - result.data = format === 'binary' ? message.getLiteralData() : message.getText(); - if (message.fromStream && !signature) linkStreams(result, message); - if (expectSigned) { - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); - } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); + case t.keyRevocation: + return this.toSign(t.key, data); + case t.timestamp: + return new Uint8Array(0); + case t.thirdParty: + throw new Error('Not implemented'); + default: + throw new Error('Unknown signature type.'); } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error verifying signed message', err); } -} - - -/////////////////////////////////////////////// -// // -// Session key encryption and decryption // -// // -/////////////////////////////////////////////// - -/** - * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. - * @param {Object} options - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} - * @param {Date} [options.date=current date] - Date to select algorithm preferences at - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. - * @async - * @static - */ -async function generateSessionKey$1({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - encryptionKeys = toArray$1(encryptionKeys); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - try { - const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error generating session key', err); + calculateTrailer(data, detached) { + let length = 0; + return transform(clone(this.signatureData), value => { + length += value.length; + }, () => { + const arr = []; + if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { + if (detached) { + arr.push(new Uint8Array(6)); + } else { + arr.push(data.writeHeader()); + } + } + arr.push(new Uint8Array([this.version, 0xFF])); + if (this.version === 5) { + arr.push(new Uint8Array(4)); + } + arr.push(util.writeNumber(length, 4)); + // For v5, this should really be writeNumber(length, 8) rather than the + // hardcoded 4 zero bytes above + return util.concat(arr); + }); } -} -/** - * Encrypt a symmetric session key with public keys, passwords, or both at once. - * At least one of `encryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) - * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' - * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key - * @param {String|String[]} [options.passwords] - Passwords for the message - * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [options.date=current date] - Override the date - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); passwords = toArray$1(passwords); encryptionKeyIDs = toArray$1(encryptionKeyIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + toHash(signatureType, data, detached = false) { + const bytes = this.toSign(signatureType, data); - if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { - throw new Error('No encryption keys or passwords provided.'); + return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]); } - try { - const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - return formatObject(message, format, config$1); - } catch (err) { - throw util.wrapError('Error encrypting session key', err); + async hash(signatureType, data, toHash, detached = false) { + if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) { + // avoid hashing unexpected salt size + throw new Error('Signature salt does not have the expected length'); + } + + if (!toHash) toHash = this.toHash(signatureType, data, detached); + return mod$1.hash.digest(this.hashAlgorithm, toHash); } -} -/** - * Decrypt symmetric session keys using private keys or passwords (not both). - * One of `decryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Message} options.message - A message object containing the encrypted session key packets - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data - * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key - * @param {Date} [options.date] - Date to use for key verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: - * { data:Uint8Array, algorithm:String } - * @throws if no session key could be found or decrypted - * @async - * @static - */ -async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + /** + * verifies the signature packet. Note: not all signature types are implemented + * @param {PublicSubkeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature + * @param {module:enums.signature} signatureType - Expected signature type + * @param {Uint8Array|Object} data - Data which on the signature applies + * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration + * @param {Boolean} [detached] - Whether to verify a detached signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if signature validation failed + * @async + */ + async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { + if (!this.issuerKeyID.equals(key.getKeyID())) { + throw new Error('Signature was not issued by the given public key'); + } + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); + } - try { - const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error decrypting session keys', err); - } -} + const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; + // Cryptographic validity is cached after one successful verification. + // However, for message signatures, we always re-verify, since the passed `data` can change + const skipVerify = this[verified] && !isMessageSignature; + if (!skipVerify) { + let toHash; + let hash; + if (this.hashed) { + hash = await this.hashed; + } else { + toHash = this.toHash(signatureType, data, detached); + hash = await this.hash(signatureType, data, toHash); + } + hash = await readToEnd(hash); + if (this.signedHashValue[0] !== hash[0] || + this.signedHashValue[1] !== hash[1]) { + throw new Error('Signed digest did not match'); + } + this.params = await this.params; -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// + this[verified] = await mod$1.signature.verify( + this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, + toHash, hash + ); + if (!this[verified]) { + throw new Error('Signature verification failed'); + } + } -/** - * Input validation - * @private - */ -function checkString(data, name) { - if (!util.isString(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type String'); - } -} -function checkBinary(data, name) { - if (!util.isUint8Array(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array'); - } -} -function checkMessage(message) { - if (!(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message'); - } -} -function checkCleartextOrMessage(message) { - if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); - } -} -function checkOutputMessageFormat(format) { - if (format !== 'armored' && format !== 'binary' && format !== 'object') { - throw new Error(`Unsupported format ${format}`); - } -} -const defaultConfigPropsCount = Object.keys(config).length; -function checkConfig(config$1) { - const inputConfigProps = Object.keys(config$1); - if (inputConfigProps.length !== defaultConfigPropsCount) { - for (const inputProp of inputConfigProps) { - if (config[inputProp] === undefined) { - throw new Error(`Unknown config property: ${inputProp}`); + const normDate = util.normalizeDate(date); + if (normDate && this.created > normDate) { + throw new Error('Signature creation time is in the future'); + } + if (normDate && normDate >= this.getExpirationTime()) { + throw new Error('Signature is expired'); + } + if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { + throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && + [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { + throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + this.unknownSubpackets.forEach(({ type, critical }) => { + if (critical) { + throw new Error(`Unknown critical signature subpacket type ${type}`); + } + }); + this.rawNotations.forEach(({ name, critical }) => { + if (critical && (config$1.knownNotations.indexOf(name) < 0)) { + throw new Error(`Unknown critical notation: ${name}`); } + }); + if (this.revocationKeyClass !== null) { + throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); } } -} -/** - * Normalize parameter to an array if it is not undefined. - * @param {Object} param - the parameter to be normalized - * @returns {Array|undefined} The resulting array or undefined. - * @private - */ -function toArray$1(param) { - if (param && !util.isArray(param)) { - param = [param]; + /** + * Verifies signature expiration date + * @param {Date} [date] - Use the given date for verification instead of the current time + * @returns {Boolean} True if expired. + */ + isExpired(date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + return !(this.created <= normDate && normDate < this.getExpirationTime()); + } + return false; } - return param; -} -/** - * Convert data to or from Stream - * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams - * @returns {Promise} The data in the respective format. - * @async - * @private - */ -async function convertStream(data, streaming, encoding = 'utf8') { - const streamType = util.isStream(data); - if (streamType === 'array') { - return readToEnd(data); - } - if (streaming === 'node') { - data = webToNode(data); - if (encoding !== 'binary') data.setEncoding(encoding); - return data; - } - if (streaming === 'web' && streamType === 'ponyfill') { - return toNativeReadable(data); + /** + * Returns the expiration time of the signature or Infinity if signature does not expire + * @returns {Date | Infinity} Expiration time. + */ + getExpirationTime() { + return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); } - return data; } /** - * Link result.data to the message stream for cancellation. - * Also, forward errors in the message to result.data. - * @param {Object} result - the data to convert - * @param {Message} message - message object - * @returns {Object} + * Creates a Uint8Array representation of a sub signature packet + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} + * @param {Integer} type - Subpacket signature type. + * @param {Boolean} critical - Whether the subpacket should be critical. + * @param {String} data - Data to be included + * @returns {Uint8Array} The signature subpacket. * @private */ -function linkStreams(result, message) { - result.data = transformPair(message.packets.stream, async (readable, writable) => { - await pipe(result.data, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - // Forward errors in the message stream to result.data. - await readToEnd(readable, _ => _); - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); +function writeSubPacket(type, critical, data) { + const arr = []; + arr.push(writeSimpleLength(data.length + 1)); + arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); + arr.push(data); + return util.concat(arr); } /** - * Convert the object to the given format - * @param {Key|Message} object - * @param {'armored'|'binary'|'object'} format - * @param {Object} config - Full configuration - * @returns {String|Uint8Array|Object} + * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. + * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5} + * @param {enums.hash} hashAlgorithm - Hash algorithm. + * @returns {Integer} Salt length. + * @private */ -function formatObject(object, format, config) { - switch (format) { - case 'object': - return object; - case 'armored': - return object.armor(config); - case 'binary': - return object.write(); - default: - throw new Error(`Unsupported format ${format}`); +function saltLengthForHash(hashAlgorithm) { + switch (hashAlgorithm) { + case enums.hash.sha256: return 16; + case enums.hash.sha384: return 24; + case enums.hash.sha512: return 32; + case enums.hash.sha224: return 16; + case enums.hash.sha3_256: return 16; + case enums.hash.sha3_512: return 32; + default: throw new Error('Unsupported hash function'); } } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * web-streams-polyfill v3.0.3 + * Implementation of the One-Pass Signature Packets (Tag 4) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: + * The One-Pass Signature packet precedes the signed data and contains + * enough information to allow the receiver to begin calculating any + * hashes needed to verify the signature. It allows the Signature + * packet to be placed at the end of the message, so that the signer + * can compute the entire signed message in one pass. */ -/// -const SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? - Symbol : - description => `Symbol(${description})`; +class OnePassSignaturePacket { + static get tag() { + return enums.packet.onePassSignature; + } -/// -function noop() { - return undefined; -} -function getGlobals() { - if (typeof self !== 'undefined') { - return self; - } - else if (typeof window !== 'undefined') { - return window; - } - else if (typeof global !== 'undefined') { - return global; - } - return undefined; -} -const globals = getGlobals(); + static fromSignaturePacket(signaturePacket, isLast) { + const onePassSig = new OnePassSignaturePacket(); + onePassSig.version = signaturePacket.version === 6 ? 6 : 3; + onePassSig.signatureType = signaturePacket.signatureType; + onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; + onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; + onePassSig.issuerKeyID = signaturePacket.issuerKeyID; + onePassSig.salt = signaturePacket.salt; // v6 only + onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only -function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -const rethrowAssertionErrorRejection = noop; + onePassSig.flags = isLast ? 1 : 0; + return onePassSig; + } -const originalPromise = Promise; -const originalPromiseThen = Promise.prototype.then; -const originalPromiseResolve = Promise.resolve.bind(originalPromise); -const originalPromiseReject = Promise.reject.bind(originalPromise); -function newPromise(executor) { - return new originalPromise(executor); -} -function promiseResolvedWith(value) { - return originalPromiseResolve(value); -} -function promiseRejectedWith(reason) { - return originalPromiseReject(reason); -} -function PerformPromiseThen(promise, onFulfilled, onRejected) { - // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an - // approximation. - return originalPromiseThen.call(promise, onFulfilled, onRejected); -} -function uponPromise(promise, onFulfilled, onRejected) { - PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection); -} -function uponFulfillment(promise, onFulfilled) { - uponPromise(promise, onFulfilled); -} -function uponRejection(promise, onRejected) { - uponPromise(promise, undefined, onRejected); -} -function transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) { - return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler); -} -function setPromiseIsHandledToTrue(promise) { - PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection); -} -const queueMicrotask = (() => { - const globalQueueMicrotask = globals && globals.queueMicrotask; - if (typeof globalQueueMicrotask === 'function') { - return globalQueueMicrotask; - } - const resolvedPromise = promiseResolvedWith(undefined); - return (fn) => PerformPromiseThen(resolvedPromise, fn); -})(); -function reflectCall(F, V, args) { - if (typeof F !== 'function') { - throw new TypeError('Argument is not a function'); - } - return Function.prototype.apply.call(F, V, args); -} -function promiseCall(F, V, args) { - try { - return promiseResolvedWith(reflectCall(F, V, args)); - } - catch (value) { - return promiseRejectedWith(value); - } -} + constructor() { + /** A one-octet version number. The current versions are 3 and 6. */ + this.version = null; + /** + * A one-octet signature type. + * Signature types are described in + * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. + * @type {enums.signature} -// Original from Chromium -// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js -const QUEUE_MAX_ARRAY_SIZE = 16384; -/** - * Simple queue structure. - * - * Avoids scalability issues with using a packed array directly by using - * multiple arrays in a linked list and keeping the array size bounded. - */ -class SimpleQueue { - constructor() { - this._cursor = 0; - this._size = 0; - // _front and _back are always defined. - this._front = { - _elements: [], - _next: undefined - }; - this._back = this._front; - // The cursor is used to avoid calling Array.shift(). - // It contains the index of the front element of the array inside the - // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE). - this._cursor = 0; - // When there is only one node, size === elements.length - cursor. - this._size = 0; - } - get length() { - return this._size; - } - // For exception safety, this method is structured in order: - // 1. Read state - // 2. Calculate required state mutations - // 3. Perform state mutations - push(element) { - const oldBack = this._back; - let newBack = oldBack; - if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) { - newBack = { - _elements: [], - _next: undefined - }; - } - // push() is the mutation most likely to throw an exception, so it - // goes first. - oldBack._elements.push(element); - if (newBack !== oldBack) { - this._back = newBack; - oldBack._next = newBack; - } - ++this._size; - } - // Like push(), shift() follows the read -> calculate -> mutate pattern for - // exception safety. - shift() { // must not be called on an empty queue - const oldFront = this._front; - let newFront = oldFront; - const oldCursor = this._cursor; - let newCursor = oldCursor + 1; - const elements = oldFront._elements; - const element = elements[oldCursor]; - if (newCursor === QUEUE_MAX_ARRAY_SIZE) { - newFront = oldFront._next; - newCursor = 0; - } - // No mutations before this point. - --this._size; - this._cursor = newCursor; - if (oldFront !== newFront) { - this._front = newFront; - } - // Permit shifted element to be garbage collected. - elements[oldCursor] = undefined; - return element; - } - // The tricky thing about forEach() is that it can be called - // re-entrantly. The queue may be mutated inside the callback. It is easy to - // see that push() within the callback has no negative effects since the end - // of the queue is checked for on every iteration. If shift() is called - // repeatedly within the callback then the next iteration may return an - // element that has been removed. In this case the callback will be called - // with undefined values until we either "catch up" with elements that still - // exist or reach the back of the queue. - forEach(callback) { - let i = this._cursor; - let node = this._front; - let elements = node._elements; - while (i !== elements.length || node._next !== undefined) { - if (i === elements.length) { - node = node._next; - elements = node._elements; - i = 0; - if (elements.length === 0) { - break; - } - } - callback(elements[i]); - ++i; - } - } - // Return the element that would be returned if shift() was called now, - // without modifying the queue. - peek() { // must not be called on an empty queue - const front = this._front; - const cursor = this._cursor; - return front._elements[cursor]; - } -} + */ + this.signatureType = null; + /** + * A one-octet number describing the hash algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} + * @type {enums.hash} + */ + this.hashAlgorithm = null; + /** + * A one-octet number describing the public-key algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} + * @type {enums.publicKey} + */ + this.publicKeyAlgorithm = null; + /** Only for v6, a variable-length field containing the salt. */ + this.salt = null; + /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */ + this.issuerKeyID = null; + /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */ + this.issuerFingerprint = null; + /** + * A one-octet number holding a flag showing whether the signature is nested. + * A zero value indicates that the next packet is another One-Pass Signature packet + * that describes another signature to be applied to the same message data. + */ + this.flags = null; + } -function ReadableStreamReaderGenericInitialize(reader, stream) { - reader._ownerReadableStream = stream; - stream._reader = reader; - if (stream._state === 'readable') { - defaultReaderClosedPromiseInitialize(reader); - } - else if (stream._state === 'closed') { - defaultReaderClosedPromiseInitializeAsResolved(reader); - } - else { - defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError); - } -} -// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state -// check. -function ReadableStreamReaderGenericCancel(reader, reason) { - const stream = reader._ownerReadableStream; - return ReadableStreamCancel(stream, reason); -} -function ReadableStreamReaderGenericRelease(reader) { - if (reader._ownerReadableStream._state === 'readable') { - defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - else { - defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - reader._ownerReadableStream._reader = undefined; - reader._ownerReadableStream = undefined; -} -// Helper functions for the readers. -function readerLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released reader'); -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderClosedPromiseInitialize(reader) { - reader._closedPromise = newPromise((resolve, reject) => { - reader._closedPromise_resolve = resolve; - reader._closedPromise_reject = reject; - }); -} -function defaultReaderClosedPromiseInitializeAsRejected(reader, reason) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseReject(reader, reason); -} -function defaultReaderClosedPromiseInitializeAsResolved(reader) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseResolve(reader); -} -function defaultReaderClosedPromiseReject(reader, reason) { - if (reader._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(reader._closedPromise); - reader._closedPromise_reject(reason); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -function defaultReaderClosedPromiseResetToRejected(reader, reason) { - defaultReaderClosedPromiseInitializeAsRejected(reader, reason); -} -function defaultReaderClosedPromiseResolve(reader) { - if (reader._closedPromise_resolve === undefined) { - return; + /** + * parsing function for a one-pass signature packet (tag 4). + * @param {Uint8Array} bytes - Payload of a tag 4 packet + * @returns {OnePassSignaturePacket} Object representation. + */ + read(bytes) { + let mypos = 0; + // A one-octet version number. The current versions are 3 or 6. + this.version = bytes[mypos++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); } - reader._closedPromise_resolve(undefined); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -const AbortSteps = SymbolPolyfill('[[AbortSteps]]'); -const ErrorSteps = SymbolPolyfill('[[ErrorSteps]]'); -const CancelSteps = SymbolPolyfill('[[CancelSteps]]'); -const PullSteps = SymbolPolyfill('[[PullSteps]]'); + // A one-octet signature type. Signature types are described in + // Section 5.2.1. + this.signatureType = bytes[mypos++]; -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill -const NumberIsFinite = Number.isFinite || function (x) { - return typeof x === 'number' && isFinite(x); -}; + // A one-octet number describing the hash algorithm used. + this.hashAlgorithm = bytes[mypos++]; -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill -const MathTrunc = Math.trunc || function (v) { - return v < 0 ? Math.ceil(v) : Math.floor(v); -}; + // A one-octet number describing the public-key algorithm used. + this.publicKeyAlgorithm = bytes[mypos++]; -// https://heycam.github.io/webidl/#idl-dictionaries -function isDictionary(x) { - return typeof x === 'object' || typeof x === 'function'; -} -function assertDictionary(obj, context) { - if (obj !== undefined && !isDictionary(obj)) { - throw new TypeError(`${context} is not an object.`); - } -} -// https://heycam.github.io/webidl/#idl-callback-functions -function assertFunction(x, context) { - if (typeof x !== 'function') { - throw new TypeError(`${context} is not a function.`); - } -} -// https://heycam.github.io/webidl/#idl-object -function isObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -function assertObject(x, context) { - if (!isObject(x)) { - throw new TypeError(`${context} is not an object.`); - } -} -function assertRequiredArgument(x, position, context) { - if (x === undefined) { - throw new TypeError(`Parameter ${position} is required in '${context}'.`); - } -} -function assertRequiredField(x, field, context) { - if (x === undefined) { - throw new TypeError(`${field} is required in '${context}'.`); - } -} -// https://heycam.github.io/webidl/#idl-unrestricted-double -function convertUnrestrictedDouble(value) { - return Number(value); -} -function censorNegativeZero(x) { - return x === 0 ? 0 : x; -} -function integerPart(x) { - return censorNegativeZero(MathTrunc(x)); -} -// https://heycam.github.io/webidl/#idl-unsigned-long-long -function convertUnsignedLongLongWithEnforceRange(value, context) { - const lowerBound = 0; - const upperBound = Number.MAX_SAFE_INTEGER; - let x = Number(value); - x = censorNegativeZero(x); - if (!NumberIsFinite(x)) { - throw new TypeError(`${context} is not a finite number`); - } - x = integerPart(x); - if (x < lowerBound || x > upperBound) { - throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`); + if (this.version === 6) { + // Only for v6 signatures, a variable-length field containing: + + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[mypos++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(mypos, mypos + saltLength); + mypos += saltLength; + + // Only for v6 packets, 32 octets of the fingerprint of the signing key. + this.issuerFingerprint = bytes.subarray(mypos, mypos + 32); + mypos += 32; + this.issuerKeyID = new KeyID(); + // For v6 the Key ID is the high-order 64 bits of the fingerprint. + this.issuerKeyID.read(this.issuerFingerprint); + } else { + // Only for v3 packets, an eight-octet number holding the Key ID of the signing key. + this.issuerKeyID = new KeyID(); + this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); + mypos += 8; } - if (!NumberIsFinite(x) || x === 0) { - return 0; + + // A one-octet number holding a flag showing whether the signature + // is nested. A zero value indicates that the next packet is + // another One-Pass Signature packet that describes another + // signature to be applied to the same message data. + this.flags = bytes[mypos++]; + return this; + } + + /** + * creates a string representation of a one-pass signature packet + * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. + */ + write() { + const arr = [new Uint8Array([ + this.version, + this.signatureType, + this.hashAlgorithm, + this.publicKeyAlgorithm + ])]; + if (this.version === 6) { + arr.push( + new Uint8Array([this.salt.length]), + this.salt, + this.issuerFingerprint + ); + } else { + arr.push(this.issuerKeyID.write()); } - // TODO Use BigInt if supported? - // let xBigInt = BigInt(integerPart(x)); - // xBigInt = BigInt.asUintN(64, xBigInt); - // return Number(xBigInt); - return x; -} + arr.push(new Uint8Array([this.flags])); + return util.concatUint8Array(arr); + } -function assertReadableStream(x, context) { - if (!IsReadableStream(x)) { - throw new TypeError(`${context} is not a ReadableStream.`); - } -} + calculateTrailer(...args) { + return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); + } -// Abstract operations for the ReadableStream. -function AcquireReadableStreamDefaultReader(stream) { - return new ReadableStreamDefaultReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadRequest(stream, readRequest) { - stream._reader._readRequests.push(readRequest); -} -function ReadableStreamFulfillReadRequest(stream, chunk, done) { - const reader = stream._reader; - const readRequest = reader._readRequests.shift(); - if (done) { - readRequest._closeSteps(); + async verify() { + const correspondingSig = await this.correspondingSig; + if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { + throw new Error('Corresponding signature packet missing'); } - else { - readRequest._chunkSteps(chunk); + if ( + correspondingSig.signatureType !== this.signatureType || + correspondingSig.hashAlgorithm !== this.hashAlgorithm || + correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || + !correspondingSig.issuerKeyID.equals(this.issuerKeyID) || + (this.version === 3 && correspondingSig.version === 6) || + (this.version === 6 && correspondingSig.version !== 6) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt)) + ) { + throw new Error('Corresponding signature packet does not match one-pass signature packet'); } + correspondingSig.hashed = this.hashed; + return correspondingSig.verify.apply(correspondingSig, arguments); + } } -function ReadableStreamGetNumReadRequests(stream) { - return stream._reader._readRequests.length; -} -function ReadableStreamHasDefaultReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamDefaultReader(reader)) { - return false; + +OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; +OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; +OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; + +/** + * Instantiate a new packet given its tag + * @function newPacketFromTag + * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @returns {Object} New packet object with type based on tag + * @throws {Error|UnsupportedError} for disallowed or unknown packets + */ +function newPacketFromTag(tag, allowedPackets) { + if (!allowedPackets[tag]) { + // distinguish between disallowed packets and unknown ones + let packetType; + try { + packetType = enums.read(enums.packet, tag); + } catch (e) { + throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`); } - return true; + throw new Error(`Packet not allowed in this context: ${packetType}`); + } + return new allowedPackets[tag](); } + /** - * A default reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamDefaultReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, - * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } - /** - * Returns a promise that allows access to the next chunk from the stream's internal queue, if available. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('read')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: () => resolvePromise({ value: undefined, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamDefaultReaderRead(this, readRequest); - return promise; + * This class represents a list of openpgp packets. + * Take care when iterating over it - the packets themselves + * are stored as numerical indices. + * @extends Array + */ +class PacketList extends Array { + /** + * Parses the given binary data and returns a list of packets. + * Equivalent to calling `read` on an empty PacketList instance. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @returns {PacketList} parsed list of packets + * @throws on parsing errors + * @async + */ + static async fromBinary(bytes, allowedPackets, config$1 = config) { + const packets = new PacketList(); + await packets.read(bytes, allowedPackets, config$1); + return packets; + } + + /** + * Reads a stream of binary data and interprets it as a list of packets. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @throws on parsing errors + * @async + */ + async read(bytes, allowedPackets, config$1 = config) { + if (config$1.additionalAllowedPackets.length) { + allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamDefaultReader(this)) { - throw defaultReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { + this.stream = transformPair(bytes, async (readable, writable) => { + const writer = getWriter(writable); + try { + while (true) { + await writer.ready; + const done = await readPackets(readable, async parsed => { + try { + if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) { + // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: + // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 + // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 + // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 + return; + } + const packet = newPacketFromTag(parsed.tag, allowedPackets); + packet.packets = new PacketList(); + packet.fromStream = util.isStream(parsed.packet); + await packet.read(parsed.packet, config$1); + await writer.write(packet); + } catch (e) { + // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence, + // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored. + // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical. + if (e instanceof UnknownPacketError) { + if (parsed.tag <= 39) { + await writer.abort(e); + } else { + return; + } + } + + const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; + const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); + if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { + // The packets that support streaming are the ones that contain message data. + // Those are also the ones we want to be more strict about and throw on parse errors + // (since we likely cannot process the message without these packets anyway). + await writer.abort(e); + } else { + const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); + await writer.write(unparsedPacket); + } + util.printDebugError(e); + } + }); + if (done) { + await writer.ready; + await writer.close(); return; + } } - if (this._readRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamDefaultReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultReader', - configurable: true + } catch (e) { + await writer.abort(e); + } }); -} -// Abstract operations for the readers. -function IsReadableStreamDefaultReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) { - return false; - } - return true; -} -function ReadableStreamDefaultReaderRead(reader, readRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'closed') { - readRequest._closeSteps(); - } - else if (stream._state === 'errored') { - readRequest._errorSteps(stream._storedError); - } - else { - stream._readableStreamController[PullSteps](readRequest); - } -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`); -} -/// -let AsyncIteratorPrototype; -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - // We're running inside a ES2018+ environment, but we're compiling to an older syntax. - // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it. - AsyncIteratorPrototype = { - // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( ) - // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator - [SymbolPolyfill.asyncIterator]() { - return this; - } - }; - Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false }); -} - -/// -class ReadableStreamAsyncIteratorImpl { - constructor(reader, preventCancel) { - this._ongoingPromise = undefined; - this._isFinished = false; - this._reader = reader; - this._preventCancel = preventCancel; - } - next() { - const nextSteps = () => this._nextSteps(); - this._ongoingPromise = this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) : - nextSteps(); - return this._ongoingPromise; - } - return(value) { - const returnSteps = () => this._returnSteps(value); - return this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) : - returnSteps(); - } - _nextSteps() { - if (this._isFinished) { - return Promise.resolve({ value: undefined, done: true }); - } - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('iterate')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => { - this._ongoingPromise = undefined; - // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test. - // FIXME Is this a bug in the specification, or in the test? - queueMicrotask(() => resolvePromise({ value: chunk, done: false })); - }, - _closeSteps: () => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - resolvePromise({ value: undefined, done: true }); - }, - _errorSteps: reason => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - rejectPromise(reason); - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promise; - } - _returnSteps(value) { - if (this._isFinished) { - return Promise.resolve({ value, done: true }); - } - this._isFinished = true; - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('finish iterating')); - } - if (!this._preventCancel) { - const result = ReadableStreamReaderGenericCancel(reader, value); - ReadableStreamReaderGenericRelease(reader); - return transformPromiseWith(result, () => ({ value, done: true })); - } - ReadableStreamReaderGenericRelease(reader); - return promiseResolvedWith({ value, done: true }); + // Wait until first few packets have been read + const reader = getReader(this.stream); + while (true) { + const { done, value } = await reader.read(); + if (!done) { + this.push(value); + } else { + this.stream = null; + } + if (done || supportsStreaming(value.constructor.tag)) { + break; + } } -} -const ReadableStreamAsyncIteratorPrototype = { - next() { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next')); - } - return this._asyncIteratorImpl.next(); - }, - return(value) { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return')); + reader.releaseLock(); + } + + /** + * Creates a binary representation of openpgp objects contained within the + * class instance. + * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. + */ + write() { + const arr = []; + + for (let i = 0; i < this.length; i++) { + const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; + const packetbytes = this[i].write(); + if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { + let buffer = []; + let bufferLength = 0; + const minLength = 512; + arr.push(writeTag(tag)); + arr.push(transform(packetbytes, value => { + buffer.push(value); + bufferLength += value.length; + if (bufferLength >= minLength) { + const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); + const chunkSize = 2 ** powerOf2; + const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); + buffer = [bufferConcat.subarray(1 + chunkSize)]; + bufferLength = buffer[0].length; + return bufferConcat.subarray(0, 1 + chunkSize); + } + }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); + } else { + if (util.isStream(packetbytes)) { + let length = 0; + arr.push(transform(clone(packetbytes), value => { + length += value.length; + }, () => writeHeader(tag, length))); + } else { + arr.push(writeHeader(tag, packetbytes.length)); } - return this._asyncIteratorImpl.return(value); - } -}; -if (AsyncIteratorPrototype !== undefined) { - Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype); -} -// Abstract operations for the ReadableStream. -function AcquireReadableStreamAsyncIterator(stream, preventCancel) { - const reader = AcquireReadableStreamDefaultReader(stream); - const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel); - const iterator = Object.create(ReadableStreamAsyncIteratorPrototype); - iterator._asyncIteratorImpl = impl; - return iterator; -} -function IsReadableStreamAsyncIterator(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) { - return false; + arr.push(packetbytes); + } } - return true; -} -// Helper functions for the ReadableStream. -function streamAsyncIteratorBrandCheckException(name) { - return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`); -} -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill -const NumberIsNaN = Number.isNaN || function (x) { - // eslint-disable-next-line no-self-compare - return x !== x; -}; + return util.concat(arr); + } + + /** + * Creates a new PacketList with all packets matching the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {PacketList} + */ + filterByTag(...tags) { + const filtered = new PacketList(); + + const handle = tag => packetType => tag === packetType; -function IsFiniteNonNegativeNumber(v) { - if (!IsNonNegativeNumber(v)) { - return false; - } - if (v === Infinity) { - return false; - } - return true; -} -function IsNonNegativeNumber(v) { - if (typeof v !== 'number') { - return false; - } - if (NumberIsNaN(v)) { - return false; - } - if (v < 0) { - return false; + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(this[i].constructor.tag))) { + filtered.push(this[i]); + } } - return true; -} -function DequeueValue(container) { - const pair = container._queue.shift(); - container._queueTotalSize -= pair.size; - if (container._queueTotalSize < 0) { - container._queueTotalSize = 0; - } - return pair.value; -} -function EnqueueValueWithSize(container, value, size) { - size = Number(size); - if (!IsFiniteNonNegativeNumber(size)) { - throw new RangeError('Size must be a finite, non-NaN, non-negative number.'); - } - container._queue.push({ value, size }); - container._queueTotalSize += size; -} -function PeekQueueValue(container) { - const pair = container._queue.peek(); - return pair.value; -} -function ResetQueue(container) { - container._queue = new SimpleQueue(); - container._queueTotalSize = 0; -} + return filtered; + } -function CreateArrayFromList(elements) { - // We use arrays to represent lists, so this is basically a no-op. - // Do a slice though just in case we happen to depend on the unique-ness. - return elements.slice(); -} -function CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) { - new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset); -} -// Not implemented correctly -function TransferArrayBuffer(O) { - return O; -} -// Not implemented correctly -function IsDetachedBuffer(O) { - return false; -} + /** + * Traverses packet list and returns first packet with matching tag + * @param {module:enums.packet} tag - The packet tag + * @returns {Packet|undefined} + */ + findPacket(tag) { + return this.find(packet => packet.constructor.tag === tag); + } -/** - * A pull-into request in a {@link ReadableByteStreamController}. - * - * @public - */ -class ReadableStreamBYOBRequest { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the view for writing in to, or `null` if the BYOB request has already been responded to. - */ - get view() { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('view'); - } - return this._view; - } - respond(bytesWritten) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respond'); - } - assertRequiredArgument(bytesWritten, 1, 'respond'); - bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter'); - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - if (IsDetachedBuffer(this._view.buffer)) ; - ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten); - } - respondWithNewView(view) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respondWithNewView'); - } - assertRequiredArgument(view, 1, 'respondWithNewView'); - if (!ArrayBuffer.isView(view)) { - throw new TypeError('You can only respond with array buffer views'); - } - if (view.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (view.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view); + /** + * Find indices of packets with the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {Integer[]} packet indices + */ + indexOfTag(...tags) { + const tagIndex = []; + const that = this; + + const handle = tag => packetType => tag === packetType; + + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(that[i].constructor.tag))) { + tagIndex.push(i); + } } + return tagIndex; + } } -Object.defineProperties(ReadableStreamBYOBRequest.prototype, { - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, - view: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBRequest', - configurable: true - }); -} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Compressed Data packet can contain the following packet types +const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + /** - * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue. + * Implementation of the Compressed Data Packet (Tag 8) * - * @public + * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: + * The Compressed Data packet contains compressed data. Typically, + * this packet is found as the contents of an encrypted packet, or following + * a Signature or One-Pass Signature packet, and contains a literal data packet. */ -class ReadableByteStreamController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the current BYOB pull request, or `null` if there isn't one. - */ - get byobRequest() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('byobRequest'); - } - if (this._byobRequest === null && this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled); - const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype); - SetUpReadableStreamBYOBRequest(byobRequest, this, view); - this._byobRequest = byobRequest; - } - return this._byobRequest; - } +class CompressedDataPacket { + static get tag() { + return enums.packet.compressedData; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure. + * List of packets + * @type {PacketList} */ - get desiredSize() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('desiredSize'); - } - return ReadableByteStreamControllerGetDesiredSize(this); - } + this.packets = null; /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. + * Compression algorithm + * @type {enums.compression} */ - close() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('close'); - } - if (this._closeRequested) { - throw new TypeError('The stream has already been closed; do not close it again!'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`); - } - ReadableByteStreamControllerClose(this); - } - enqueue(chunk) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('enqueue'); - } - assertRequiredArgument(chunk, 1, 'enqueue'); - if (!ArrayBuffer.isView(chunk)) { - throw new TypeError('chunk must be an array buffer view'); - } - if (chunk.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (chunk.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._closeRequested) { - throw new TypeError('stream is closed or draining'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`); - } - ReadableByteStreamControllerEnqueue(this, chunk); - } + this.algorithm = config$1.preferredCompressionAlgorithm; + /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. + * Compressed packet data + * @type {Uint8Array | ReadableStream} */ - error(e = undefined) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('error'); - } - ReadableByteStreamControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - if (this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - firstDescriptor.bytesFilled = 0; - } - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableByteStreamControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableByteStream; - if (this._queueTotalSize > 0) { - const entry = this._queue.shift(); - this._queueTotalSize -= entry.byteLength; - ReadableByteStreamControllerHandleQueueDrain(this); - const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength); - readRequest._chunkSteps(view); - return; - } - const autoAllocateChunkSize = this._autoAllocateChunkSize; - if (autoAllocateChunkSize !== undefined) { - let buffer; - try { - buffer = new ArrayBuffer(autoAllocateChunkSize); - } - catch (bufferE) { - readRequest._errorSteps(bufferE); - return; - } - const pullIntoDescriptor = { - buffer, - byteOffset: 0, - byteLength: autoAllocateChunkSize, - bytesFilled: 0, - elementSize: 1, - viewConstructor: Uint8Array, - readerType: 'default' - }; - this._pendingPullIntos.push(pullIntoDescriptor); - } - ReadableStreamAddReadRequest(stream, readRequest); - ReadableByteStreamControllerCallPullIfNeeded(this); - } -} -Object.defineProperties(ReadableByteStreamController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableByteStreamController', - configurable: true - }); -} -// Abstract operations for the ReadableByteStreamController. -function IsReadableByteStreamController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) { - return false; - } - return true; -} -function IsReadableStreamBYOBRequest(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) { - return false; - } - return true; -} -function ReadableByteStreamControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableByteStreamControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - // TODO: Test controller argument - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableByteStreamControllerError(controller, e); + this.compressed = null; + } + + /** + * Parsing function for the packet. + * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async read(bytes, config$1 = config) { + await parse(bytes, async reader => { + + // One octet that gives the algorithm used to compress the packet. + this.algorithm = await reader.readByte(); + + // Compressed data, which makes up the remainder of the packet. + this.compressed = reader.remainder(); + + await this.decompress(config$1); }); -} -function ReadableByteStreamControllerClearPendingPullIntos(controller) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - controller._pendingPullIntos = new SimpleQueue(); -} -function ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) { - let done = false; - if (stream._state === 'closed') { - done = true; - } - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - if (pullIntoDescriptor.readerType === 'default') { - ReadableStreamFulfillReadRequest(stream, filledView, done); - } - else { - ReadableStreamFulfillReadIntoRequest(stream, filledView, done); - } -} -function ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) { - const bytesFilled = pullIntoDescriptor.bytesFilled; - const elementSize = pullIntoDescriptor.elementSize; - return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize); -} -function ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) { - controller._queue.push({ buffer, byteOffset, byteLength }); - controller._queueTotalSize += byteLength; -} -function ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) { - const elementSize = pullIntoDescriptor.elementSize; - const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize; - const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled); - const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy; - const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize; - let totalBytesToCopyRemaining = maxBytesToCopy; - let ready = false; - if (maxAlignedBytes > currentAlignedBytes) { - totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled; - ready = true; - } - const queue = controller._queue; - while (totalBytesToCopyRemaining > 0) { - const headOfQueue = queue.peek(); - const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength); - const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy); - if (headOfQueue.byteLength === bytesToCopy) { - queue.shift(); - } - else { - headOfQueue.byteOffset += bytesToCopy; - headOfQueue.byteLength -= bytesToCopy; - } - controller._queueTotalSize -= bytesToCopy; - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor); - totalBytesToCopyRemaining -= bytesToCopy; - } - return ready; -} -function ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - pullIntoDescriptor.bytesFilled += size; -} -function ReadableByteStreamControllerHandleQueueDrain(controller) { - if (controller._queueTotalSize === 0 && controller._closeRequested) { - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(controller._controlledReadableByteStream); - } - else { - ReadableByteStreamControllerCallPullIfNeeded(controller); + } + + + /** + * Return the compressed packet. + * @returns {Uint8Array | ReadableStream} Binary compressed packet. + */ + write() { + if (this.compressed === null) { + this.compress(); } -} -function ReadableByteStreamControllerInvalidateBYOBRequest(controller) { - if (controller._byobRequest === null) { - return; + + return util.concat([new Uint8Array([this.algorithm]), this.compressed]); + } + + + /** + * Decompression method for decompressing the compressed data + * read by read_packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async decompress(config$1 = config) { + const compressionName = enums.read(enums.compression, this.algorithm); + const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async + if (!decompressionFn) { + throw new Error(`${compressionName} decompression not supported`); } - controller._byobRequest._associatedReadableByteStreamController = undefined; - controller._byobRequest._view = null; - controller._byobRequest = null; -} -function ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) { - while (controller._pendingPullIntos.length > 0) { - if (controller._queueTotalSize === 0) { - return; - } - const pullIntoDescriptor = controller._pendingPullIntos.peek(); - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - } + + this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets$5, config$1); + } + + /** + * Compress the packet data (member decompressedData) + */ + compress() { + const compressionName = enums.read(enums.compression, this.algorithm); + const compressionFn = compress_fns[compressionName]; + if (!compressionFn) { + throw new Error(`${compressionName} compression not supported`); } + + this.compressed = compressionFn(this.packets.write()); + } } -function ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) { - const stream = controller._controlledReadableByteStream; - let elementSize = 1; - if (view.constructor !== DataView) { - elementSize = view.constructor.BYTES_PER_ELEMENT; - } - const ctor = view.constructor; - const buffer = TransferArrayBuffer(view.buffer); - const pullIntoDescriptor = { - buffer, - byteOffset: view.byteOffset, - byteLength: view.byteLength, - bytesFilled: 0, - elementSize, - viewConstructor: ctor, - readerType: 'byob' - }; - if (controller._pendingPullIntos.length > 0) { - controller._pendingPullIntos.push(pullIntoDescriptor); - // No ReadableByteStreamControllerCallPullIfNeeded() call since: - // - No change happens on desiredSize - // - The source has already been notified of that there's at least 1 pending read(view) - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - return; - } - if (stream._state === 'closed') { - const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0); - readIntoRequest._closeSteps(emptyView); - return; - } - if (controller._queueTotalSize > 0) { - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - ReadableByteStreamControllerHandleQueueDrain(controller); - readIntoRequest._chunkSteps(filledView); - return; - } - if (controller._closeRequested) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - readIntoRequest._errorSteps(e); - return; - } + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + +/** + * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise. + * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator + * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor + * @returns {ReadableStream} compressed or decompressed data + */ +function zlib(compressionStreamInstantiator, ZlibStreamedConstructor) { + return data => { + if (!util.isStream(data) || isArrayStream(data)) { + return fromAsync(() => readToEnd(data).then(inputData => { + return new Promise((resolve, reject) => { + const zlibStream = new ZlibStreamedConstructor(); + zlibStream.ondata = processedData => { + resolve(processedData); + }; + try { + zlibStream.push(inputData, true); // only one chunk to push + } catch (err) { + reject(err); + } + }); + })); } - controller._pendingPullIntos.push(pullIntoDescriptor); - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) { - firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer); - const stream = controller._controlledReadableByteStream; - if (ReadableStreamHasBYOBReader(stream)) { - while (ReadableStreamGetNumReadIntoRequests(stream) > 0) { - const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor); + + // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API) + if (compressionStreamInstantiator) { + try { + const compressorOrDecompressor = compressionStreamInstantiator(); + return data.pipeThrough(compressorOrDecompressor); + } catch (err) { + // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate. + if (err.name !== 'TypeError') { + throw err; } + } } -} -function ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) { - if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) { - throw new RangeError('bytesWritten out of range'); - } - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor); - if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) { - // TODO: Figure out whether we should detach the buffer or not here. - return; - } - ReadableByteStreamControllerShiftPendingPullInto(controller); - const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize; - if (remainderSize > 0) { - const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end); - ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength); - } - pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer); - pullIntoDescriptor.bytesFilled -= remainderSize; - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); -} -function ReadableByteStreamControllerRespondInternal(controller, bytesWritten) { - const firstDescriptor = controller._pendingPullIntos.peek(); - const state = controller._controlledReadableByteStream._state; - if (state === 'closed') { - if (bytesWritten !== 0) { - throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream'); + + // JS fallback + const inputReader = data.getReader(); + const zlibStream = new ZlibStreamedConstructor(); + + return new ReadableStream({ + async start(controller) { + zlibStream.ondata = async (value, isLast) => { + controller.enqueue(value); + if (isLast) { + controller.close(); + } + }; + + while (true) { + const { done, value } = await inputReader.read(); + if (done) { + zlibStream.push(new Uint8Array(), true); + return; + } else if (value.length) { + zlibStream.push(value); + } } - ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor); - } - else { - ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); + } + }); + }; } -function ReadableByteStreamControllerShiftPendingPullInto(controller) { - const descriptor = controller._pendingPullIntos.shift(); - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - return descriptor; + +function bzip2Decompress() { + return async function(data) { + const { decode: bunzipDecode } = await Promise.resolve().then(function () { return index; }); + return fromAsync(async () => bunzipDecode(await readToEnd(data))); + }; } -function ReadableByteStreamControllerShouldCallPull(controller) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return false; - } - if (controller._closeRequested) { - return false; - } - if (!controller._started) { - return false; + +/** + * Get Compression Stream API instatiators if the constructors are implemented. + * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported + * (supported formats cannot be determined in advance). + * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat + * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }} + */ +const getCompressionStreamInstantiators = compressionFormat => ({ + compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)), + decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat)) +}); + +const compress_fns = { + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib) +}; + +const decompress_fns = { + uncompressed: data => data, + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib), + bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import +}; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A SEIP packet can contain the following packet types +const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +/** + * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: + * The Symmetrically Encrypted Integrity Protected Data packet is + * a variant of the Symmetrically Encrypted Data packet. It is a new feature + * created for OpenPGP that addresses the problem of detecting a modification to + * encrypted data. It is used in combination with a Modification Detection Code + * packet. + */ +class SymEncryptedIntegrityProtectedDataPacket { + static get tag() { + return enums.packet.symEncryptedIntegrityProtectedData; + } + + static fromObject({ version, aeadAlgorithm }) { + if (version !== 1 && version !== 2) { + throw new Error('Unsupported SEIPD version'); } - if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; + + const seip = new SymEncryptedIntegrityProtectedDataPacket(); + seip.version = version; + if (version === 2) { + seip.aeadAlgorithm = aeadAlgorithm; } - if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) { - return true; + + return seip; + } + + constructor() { + this.version = null; + + // The following 4 fields are for V2 only. + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = null; + this.chunkSizeByte = null; + this.salt = null; + + this.encrypted = null; + this.packets = null; + } + + async read(bytes) { + await parse(bytes, async reader => { + this.version = await reader.readByte(); + // - A one-octet version number with value 1 or 2. + if (this.version !== 1 && this.version !== 2) { + throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`); + } + + if (this.version === 2) { + // - A one-octet cipher algorithm. + this.cipherAlgorithm = await reader.readByte(); + // - A one-octet AEAD algorithm. + this.aeadAlgorithm = await reader.readByte(); + // - A one-octet chunk size. + this.chunkSizeByte = await reader.readByte(); + // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique. + this.salt = await reader.readBytes(32); + } + + // For V1: + // - Encrypted data, the output of the selected symmetric-key cipher + // operating in Cipher Feedback mode with shift amount equal to the + // block size of the cipher (CFB-n where n is the block size). + // For V2: + // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode. + // - A final, summary authentication tag for the AEAD mode. + this.encrypted = reader.remainder(); + }); + } + + write() { + if (this.version === 2) { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]); } - const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; + return util.concat([new Uint8Array([this.version]), this.encrypted]); + } + + /** + * Encrypt the payload in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on encryption failure + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + const { blockSize, keySize } = mod$1.getCipherParams(sessionKeyAlgorithm); + if (key.length !== keySize) { + throw new Error('Unexpected session key size'); } - return false; -} -function ReadableByteStreamControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; -} -// A client of ReadableByteStreamController may use these functions directly to bypass state check. -function ReadableByteStreamControllerClose(controller) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + + let bytes = this.packets.write(); + if (isArrayStream(bytes)) bytes = await readToEnd(bytes); + + if (this.version === 2) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + this.salt = mod$1.random.getRandomBytes(32); + this.chunkSizeByte = config$1.aeadChunkSizeByte; + this.encrypted = await runAEAD(this, 'encrypt', key, bytes); + } else { + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet + + const tohash = util.concat([prefix, bytes, mdc]); + const hash = await mod$1.hash.sha1(passiveClone(tohash)); + const plaintext = util.concat([tohash, hash]); + + this.encrypted = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); } - if (controller._queueTotalSize > 0) { - controller._closeRequested = true; - return; + return true; + } + + /** + * Decrypts the encrypted data contained in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on decryption failure + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + if (key.length !== mod$1.getCipherParams(sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); } - if (controller._pendingPullIntos.length > 0) { - const firstPendingPullInto = controller._pendingPullIntos.peek(); - if (firstPendingPullInto.bytesFilled > 0) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - throw e; - } + + let encrypted = clone(this.encrypted); + if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); + + let packetbytes; + if (this.version === 2) { + if (this.cipherAlgorithm !== sessionKeyAlgorithm) { + // sanity check + throw new Error('Unexpected session key algorithm'); + } + packetbytes = await runAEAD(this, 'decrypt', key, encrypted); + } else { + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); + + // there must be a modification detection code packet as the + // last packet and everything gets hashed except the hash itself + const realHash = slice(passiveClone(decrypted), -20); + const tohash = slice(decrypted, 0, -20); + const verifyHash = Promise.all([ + readToEnd(await mod$1.hash.sha1(passiveClone(tohash))), + readToEnd(realHash) + ]).then(([hash, mdc]) => { + if (!util.equalsUint8Array(hash, mdc)) { + throw new Error('Modification detected.'); + } + return new Uint8Array(); + }); + const bytes = slice(tohash, blockSize + 2); // Remove random prefix + packetbytes = slice(bytes, 0, -2); // Remove MDC packet + packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); + if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { + packetbytes = await readToEnd(packetbytes); + } } - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(stream); + + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$4, config$1); + return true; + } } -function ReadableByteStreamControllerEnqueue(controller, chunk) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + +/** + * En/decrypt the payload. + * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt + * @param {Uint8Array} key - The session key used to en/decrypt the payload + * @param {Uint8Array | ReadableStream} data - The data to en/decrypt + * @returns {Promise>} + * @async + */ +async function runAEAD(packet, fn, key, data) { + const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2; + const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import) + if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type'); + + const mode = mod$1.getAEADMode(packet.aeadAlgorithm); + const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; + const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; + const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) + const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0; + const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP); + const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP); + const adataTagArray = new Uint8Array(adataBuffer); + const adataView = new DataView(adataBuffer); + const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); + adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0); + let chunkIndex = 0; + let latestPromise = Promise.resolve(); + let cryptedBytes = 0; + let queuedBytes = 0; + let iv; + let ivView; + if (isSEIPDv2) { + const { keySize } = mod$1.getCipherParams(packet.cipherAlgorithm); + const { ivLength } = mode; + const info = new Uint8Array(adataBuffer, 0, 5); + const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength); + key = derived.subarray(0, keySize); + iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy. + iv.fill(0, iv.length - 8); + ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); + } else { // AEADEncryptedDataPacket + iv = packet.iv; + // ivView is unused in this case + } + const modeInstance = await mode(packet.cipherAlgorithm, key); + return transformPair(data, async (readable, writable) => { + if (util.isStream(readable) !== 'array') { + const buffer = new TransformStream({}, { + highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6), + size: array => array.length + }); + pipe(buffer.readable, writable); + writable = buffer.writable; } - const buffer = chunk.buffer; - const byteOffset = chunk.byteOffset; - const byteLength = chunk.byteLength; - const transferredBuffer = TransferArrayBuffer(buffer); - if (ReadableStreamHasDefaultReader(stream)) { - if (ReadableStreamGetNumReadRequests(stream) === 0) { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); + const reader = getReader(readable); + const writer = getWriter(writable); + try { + while (true) { + let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); + const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); + chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); + let cryptedPromise; + let done; + let nonce; + if (isSEIPDv2) { // SEIPD V2 + nonce = iv; + } else { // AEADEncryptedDataPacket + nonce = iv.slice(); + for (let i = 0; i < 8; i++) { + nonce[iv.length - 8 + i] ^= chunkIndexArray[i]; + } } - else { - const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength); - ReadableStreamFulfillReadRequest(stream, transferredView, false); + if (!chunkIndex || chunk.length) { + reader.unshift(finalChunk); + cryptedPromise = modeInstance[fn](chunk, nonce, adataArray); + cryptedPromise.catch(() => {}); + queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; + } else { + // After the last chunk, we either encrypt a final, empty + // data chunk to get the final authentication tag or + // validate that final authentication tag. + adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...) + cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray); + cryptedPromise.catch(() => {}); + queuedBytes += tagLengthIfEncrypting; + done = true; + } + cryptedBytes += chunk.length - tagLengthIfDecrypting; + // eslint-disable-next-line @typescript-eslint/no-loop-func + latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { + await writer.ready; + await writer.write(crypted); + queuedBytes -= crypted.length; + }).catch(err => writer.abort(err)); + if (done || queuedBytes > writer.desiredSize) { + await latestPromise; // Respect backpressure + } + if (!done) { + if (isSEIPDv2) { // SEIPD V2 + ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...) + } else { // AEADEncryptedDataPacket + adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) + } + } else { + await writer.close(); + break; } + } + } catch (e) { + await writer.ready.catch(() => {}); + await writer.abort(e); } - else if (ReadableStreamHasBYOBReader(stream)) { - // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully. - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); - } - else { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerError(controller, e) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return; - } - ReadableByteStreamControllerClearPendingPullIntos(controller); - ResetQueue(controller); - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableByteStreamControllerGetDesiredSize(controller) { - const state = controller._controlledReadableByteStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -function ReadableByteStreamControllerRespond(controller, bytesWritten) { - bytesWritten = Number(bytesWritten); - if (!IsFiniteNonNegativeNumber(bytesWritten)) { - throw new RangeError('bytesWritten must be a finite'); - } - ReadableByteStreamControllerRespondInternal(controller, bytesWritten); -} -function ReadableByteStreamControllerRespondWithNewView(controller, view) { - const firstDescriptor = controller._pendingPullIntos.peek(); - if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) { - throw new RangeError('The region specified by view does not match byobRequest'); - } - if (firstDescriptor.byteLength !== view.byteLength) { - throw new RangeError('The buffer of view has different capacity than byobRequest'); - } - firstDescriptor.buffer = view.buffer; - ReadableByteStreamControllerRespondInternal(controller, view.byteLength); -} -function SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) { - controller._controlledReadableByteStream = stream; - controller._pullAgain = false; - controller._pulling = false; - controller._byobRequest = null; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._closeRequested = false; - controller._started = false; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - controller._autoAllocateChunkSize = autoAllocateChunkSize; - controller._pendingPullIntos = new SimpleQueue(); - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableByteStreamControllerCallPullIfNeeded(controller); - }, r => { - ReadableByteStreamControllerError(controller, r); - }); -} -function SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) { - const controller = Object.create(ReadableByteStreamController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingByteSource.start !== undefined) { - startAlgorithm = () => underlyingByteSource.start(controller); - } - if (underlyingByteSource.pull !== undefined) { - pullAlgorithm = () => underlyingByteSource.pull(controller); - } - if (underlyingByteSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingByteSource.cancel(reason); - } - const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize; - if (autoAllocateChunkSize === 0) { - throw new TypeError('autoAllocateChunkSize must be greater than 0'); - } - SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize); -} -function SetUpReadableStreamBYOBRequest(request, controller, view) { - request._associatedReadableByteStreamController = controller; - request._view = view; -} -// Helper functions for the ReadableStreamBYOBRequest. -function byobRequestBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`); -} -// Helper functions for the ReadableByteStreamController. -function byteStreamControllerBrandCheckException(name) { - return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`); + }); } -// Abstract operations for the ReadableStream. -function AcquireReadableStreamBYOBReader(stream) { - return new ReadableStreamBYOBReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadIntoRequest(stream, readIntoRequest) { - stream._reader._readIntoRequests.push(readIntoRequest); -} -function ReadableStreamFulfillReadIntoRequest(stream, chunk, done) { - const reader = stream._reader; - const readIntoRequest = reader._readIntoRequests.shift(); - if (done) { - readIntoRequest._closeSteps(chunk); - } - else { - readIntoRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadIntoRequests(stream) { - return stream._reader._readIntoRequests.length; -} -function ReadableStreamHasBYOBReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamBYOBReader(reader)) { - return false; - } - return true; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// An AEAD-encrypted Data packet can contain the following packet types +const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + +const VERSION$1 = 1; // A one-octet version number of the data packet. + +/** + * Implementation of the Symmetrically Encrypted Authenticated Encryption with + * Additional Data (AEAD) Protected Data Packet + * + * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: + * AEAD Protected Data Packet + */ +class AEADEncryptedDataPacket { + static get tag() { + return enums.packet.aeadEncryptedData; + } + + constructor() { + this.version = VERSION$1; + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = enums.aead.eax; + this.chunkSizeByte = null; + this.iv = null; + this.encrypted = null; + this.packets = null; + } + + /** + * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @param {Uint8Array | ReadableStream} bytes + * @throws {Error} on parsing failure + */ + async read(bytes) { + await parse(bytes, async reader => { + const version = await reader.readByte(); + if (version !== VERSION$1) { // The only currently defined value is 1. + throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); + } + this.cipherAlgorithm = await reader.readByte(); + this.aeadAlgorithm = await reader.readByte(); + this.chunkSizeByte = await reader.readByte(); + + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = await reader.readBytes(mode.ivLength); + this.encrypted = reader.remainder(); + }); + } + + /** + * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @returns {Uint8Array | ReadableStream} The encrypted payload. + */ + write() { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); + } + + /** + * Decrypt the encrypted payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.packets = await PacketList.fromBinary( + await runAEAD(this, 'decrypt', key, clone(this.encrypted)), + allowedPackets$3, + config$1 + ); + } + + /** + * Encrypt the packet payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + const { ivLength } = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(ivLength); // generate new random IV + this.chunkSizeByte = config$1.aeadChunkSizeByte; + const data = this.packets.write(); + this.encrypted = await runAEAD(this, 'encrypt', key, data); + } } + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * A BYOB reader vended by a {@link ReadableStream}. + * Public-Key Encrypted Session Key Packets (Tag 1) * - * @public - */ -class ReadableStreamBYOBReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - if (!IsReadableByteStreamController(stream._readableStreamController)) { - throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' + - 'source'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readIntoRequests = new SimpleQueue(); - } + * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: + * A Public-Key Encrypted Session Key packet holds the session key + * used to encrypt a message. Zero or more Public-Key Encrypted Session Key + * packets and/or Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data Packet, which holds an encrypted message. The + * message is encrypted with the session key, and the session key is itself + * encrypted and stored in the Encrypted Session Key packet(s). The + * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted + * Session Key packet for each OpenPGP key to which the message is encrypted. + * The recipient of the message finds a session key that is encrypted to their + * public key, decrypts the session key, and then uses the session key to + * decrypt the message. + */ +class PublicKeyEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.publicKeyEncryptedSessionKey; + } + + constructor() { + this.version = null; + + // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()` + this.publicKeyID = new KeyID(); + + // For version 6: + this.publicKeyVersion = null; + this.publicKeyFingerprint = null; + + // For all versions: + this.publicKeyAlgorithm = null; + + this.sessionKey = null; /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the reader's lock is released before the stream finishes closing. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - get closed() { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('closed')); - } - return this._closedPromise; + this.sessionKeyAlgorithm = null; + + /** @type {Object} */ + this.encrypted = {}; + } + + static fromObject({ + version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm + }) { + const pkesk = new PublicKeyEncryptedSessionKeyPacket(); + + if (version !== 3 && version !== 6) { + throw new Error('Unsupported PKESK version'); } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); + + pkesk.version = version; + + if (version === 6) { + pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version; + pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes(); } - /** - * Attempts to reads bytes into view, and returns a promise resolved with the result. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read(view) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('read')); - } - if (!ArrayBuffer.isView(view)) { - return promiseRejectedWith(new TypeError('view must be an array buffer view')); - } - if (view.byteLength === 0) { - return promiseRejectedWith(new TypeError('view must have non-zero byteLength')); - } - if (view.buffer.byteLength === 0) { - return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`)); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readIntoRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: chunk => resolvePromise({ value: chunk, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamBYOBReaderRead(this, view, readIntoRequest); - return promise; + + pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID(); + pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm; + pkesk.sessionKey = sessionKey; + pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm; + + return pkesk; + } + + /** + * Parsing function for a publickey encrypted session key packet (tag 1). + * + * @param {Uint8Array} bytes - Payload of a tag 1 packet + */ + read(bytes) { + let offset = 0; + this.version = bytes[offset++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamBYOBReader(this)) { - throw byobReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readIntoRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); + if (this.version === 6) { + // A one-octet size of the following two fields: + // - A one octet key version number. + // - The fingerprint of the public key or subkey to which the session key is encrypted. + // The size may also be zero. + const versionAndFingerprintLength = bytes[offset++]; + if (versionAndFingerprintLength) { + this.publicKeyVersion = bytes[offset++]; + const fingerprintLength = versionAndFingerprintLength - 1; + this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength; + if (this.publicKeyVersion >= 5) { + // For v5/6 the Key ID is the high-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint); + } else { + // For v4 The Key ID is the low-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8)); } - ReadableStreamReaderGenericRelease(this); + } else { + // The size may also be zero, and the key version and + // fingerprint omitted for an "anonymous recipient" + this.publicKeyID = KeyID.wildcard(); + } + } else { + offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8)); } -} -Object.defineProperties(ReadableStreamBYOBReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamBYOBReader(x) { - if (!typeIsObject(x)) { - return false; + this.publicKeyAlgorithm = bytes[offset++]; + this.encrypted = mod$1.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset)); + if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) { + if (this.version === 3) { + this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + } else if (this.encrypted.C.algorithm !== null) { + throw new Error('Unexpected cleartext symmetric algorithm'); + } } - if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) { - return false; + } + + /** + * Create a binary representation of a tag 1 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const arr = [ + new Uint8Array([this.version]) + ]; + + if (this.version === 6) { + if (this.publicKeyFingerprint !== null) { + arr.push(new Uint8Array([ + this.publicKeyFingerprint.length + 1, + this.publicKeyVersion] + )); + arr.push(this.publicKeyFingerprint); + } else { + arr.push(new Uint8Array([0])); + } + } else { + arr.push(this.publicKeyID.write()); } - return true; -} -function ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'errored') { - readIntoRequest._errorSteps(stream._storedError); + + arr.push( + new Uint8Array([this.publicKeyAlgorithm]), + mod$1.serializeParams(this.publicKeyAlgorithm, this.encrypted) + ); + + return util.concatUint8Array(arr); + } + + /** + * Encrypt session key packet + * @param {PublicKeyPacket} key - Public key + * @throws {Error} if encryption failed + * @async + */ + async encrypt(key) { + const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); + // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a + // v6 PKESK packet, as it is included in the v2 SEIPD packet. + const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey); + this.encrypted = await mod$1.publicKeyEncrypt( + algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint); + } + + /** + * Decrypts the session key (only for public key encrypted session key packets (tag 1) + * @param {SecretKeyPacket} key - decrypted private key + * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. + * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } + * @throws {Error} if decryption failed, unless `randomSessionKey` is given + * @async + */ + async decrypt(key, randomSessionKey) { + // check that session key algo matches the secret key algo + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Decryption error'); } - else { - ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest); + + const randomPayload = randomSessionKey ? + encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : + null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const decryptedData = await mod$1.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload); + + const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); + + if (this.version === 3) { + // v3 Montgomery curves have cleartext cipher algo + const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448; + this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm; + + if (sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } } -} -// Helper functions for the ReadableStreamBYOBReader. -function byobReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`); + this.sessionKey = sessionKey; + } } -function ExtractHighWaterMark(strategy, defaultHWM) { - const { highWaterMark } = strategy; - if (highWaterMark === undefined) { - return defaultHWM; - } - if (NumberIsNaN(highWaterMark) || highWaterMark < 0) { - throw new RangeError('Invalid highWaterMark'); - } - return highWaterMark; + +function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + // add checksum + return util.concatUint8Array([ + new Uint8Array(version === 6 ? [] : [cipherAlgo]), + sessionKeyData, + util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) + ]); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return sessionKeyData; + default: + throw new Error('Unsupported public key algorithm'); + } } -function ExtractSizeAlgorithm(strategy) { - const { size } = strategy; - if (!size) { - return () => 1; + + +function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: { + // verify checksum in constant time + const result = decryptedData.subarray(0, decryptedData.length - 2); + const checksum = decryptedData.subarray(decryptedData.length - 2); + const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); + const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; + const decryptedSessionKey = version === 6 ? + { sessionKeyAlgorithm: null, sessionKey: result } : + { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; + if (randomSessionKey) { + // We must not leak info about the validity of the decrypted checksum or cipher algo. + // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. + const isValidPayload = isValidChecksum & + decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & + decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; + return { + sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), + sessionKeyAlgorithm: version === 6 ? null : util.selectUint8( + isValidPayload, + decryptedSessionKey.sessionKeyAlgorithm, + randomSessionKey.sessionKeyAlgorithm + ) + }; + } else { + const isValidPayload = isValidChecksum && ( + version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm)); + if (isValidPayload) { + return decryptedSessionKey; + } else { + throw new Error('Decryption error'); + } + } } - return size; -} - -function convertQueuingStrategy(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - const size = init === null || init === void 0 ? void 0 : init.size; - return { - highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark), - size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`) - }; -} -function convertQueuingStrategySize(fn, context) { - assertFunction(fn, context); - return chunk => convertUnrestrictedDouble(fn(chunk)); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return { + sessionKeyAlgorithm: null, + sessionKey: decryptedData + }; + default: + throw new Error('Unsupported public key algorithm'); + } } -function convertUnderlyingSink(original, context) { - assertDictionary(original, context); - const abort = original === null || original === void 0 ? void 0 : original.abort; - const close = original === null || original === void 0 ? void 0 : original.close; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - const write = original === null || original === void 0 ? void 0 : original.write; - return { - abort: abort === undefined ? - undefined : - convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`), - close: close === undefined ? - undefined : - convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`), - start: start === undefined ? - undefined : - convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`), - write: write === undefined ? - undefined : - convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`), - type - }; -} -function convertUnderlyingSinkAbortCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSinkCloseCallback(fn, original, context) { - assertFunction(fn, context); - return () => promiseCall(fn, original, []); -} -function convertUnderlyingSinkStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertUnderlyingSinkWriteCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function assertWritableStream(x, context) { - if (!IsWritableStream(x)) { - throw new TypeError(`${context} is not a WritableStream.`); - } -} /** - * A writable stream represents a destination for data, into which you can write. + * Symmetric-Key Encrypted Session Key Packets (Tag 3) * - * @public + * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: + * The Symmetric-Key Encrypted Session Key packet holds the + * symmetric-key encryption of a session key used to encrypt a message. + * Zero or more Public-Key Encrypted Session Key packets and/or + * Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data packet that holds an encrypted message. + * The message is encrypted with a session key, and the session key is + * itself encrypted and stored in the Encrypted Session Key packet or + * the Symmetric-Key Encrypted Session Key packet. */ -class WritableStream$1 { - constructor(rawUnderlyingSink = {}, rawStrategy = {}) { - if (rawUnderlyingSink === undefined) { - rawUnderlyingSink = null; - } - else { - assertObject(rawUnderlyingSink, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter'); - InitializeWritableStream(this); - const type = underlyingSink.type; - if (type !== undefined) { - throw new RangeError('Invalid type is specified'); - } - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm); - } - /** - * Returns whether or not the writable stream is locked to a writer. - */ - get locked() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('locked'); - } - return IsWritableStreamLocked(this); - } +class SymEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.symEncryptedSessionKey; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + this.version = config$1.aeadProtect ? 6 : 4; + this.sessionKey = null; /** - * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be - * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort - * mechanism of the underlying sink. - * - * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled - * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel - * the stream) if the stream is currently locked. + * Algorithm to encrypt the session key with + * @type {enums.symmetric} */ - abort(reason = undefined) { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('abort')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer')); - } - return WritableStreamAbort(this, reason); - } + this.sessionKeyEncryptionAlgorithm = null; /** - * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its - * close behavior. During this time any further attempts to write will fail (without erroring the stream). - * - * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream - * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with - * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - close() { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('close')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer')); - } - if (WritableStreamCloseQueuedOrInFlight(this)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamClose(this); - } + this.sessionKeyAlgorithm = null; /** - * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream - * is locked, no other writer can be acquired until this one is released. - * - * This functionality is especially useful for creating abstractions that desire the ability to write to a stream - * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at - * the same time, which would cause the resulting written data to be unpredictable and probably useless. + * AEAD mode to encrypt the session key with (if AEAD protection is enabled) + * @type {enums.aead} */ - getWriter() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('getWriter'); - } - return AcquireWritableStreamDefaultWriter(this); - } -} -Object.defineProperties(WritableStream$1.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStream', - configurable: true - }); -} -// Abstract operations for the WritableStream. -function AcquireWritableStreamDefaultWriter(stream) { - return new WritableStreamDefaultWriter(stream); -} -// Throws if and only if startAlgorithm throws. -function CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(WritableStream$1.prototype); - InitializeWritableStream(stream); - const controller = Object.create(WritableStreamDefaultController.prototype); - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeWritableStream(stream) { - stream._state = 'writable'; - // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is - // 'erroring' or 'errored'. May be set to an undefined value. - stream._storedError = undefined; - stream._writer = undefined; - // Initialize to undefined first because the constructor of the controller checks this - // variable to validate the caller. - stream._writableStreamController = undefined; - // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data - // producer without waiting for the queued writes to finish. - stream._writeRequests = new SimpleQueue(); - // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents - // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here. - stream._inFlightWriteRequest = undefined; - // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer - // has been detached. - stream._closeRequest = undefined; - // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it - // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here. - stream._inFlightCloseRequest = undefined; - // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached. - stream._pendingAbortRequest = undefined; - // The backpressure signal set by the controller. - stream._backpressure = false; -} -function IsWritableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) { - return false; - } - return true; -} -function IsWritableStreamLocked(stream) { - if (stream._writer === undefined) { - return false; - } - return true; -} -function WritableStreamAbort(stream, reason) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseResolvedWith(undefined); - } - if (stream._pendingAbortRequest !== undefined) { - return stream._pendingAbortRequest._promise; - } - let wasAlreadyErroring = false; - if (state === 'erroring') { - wasAlreadyErroring = true; - // reason will not be used, so don't keep a reference to it. - reason = undefined; - } - const promise = newPromise((resolve, reject) => { - stream._pendingAbortRequest = { - _promise: undefined, - _resolve: resolve, - _reject: reject, - _reason: reason, - _wasAlreadyErroring: wasAlreadyErroring - }; - }); - stream._pendingAbortRequest._promise = promise; - if (!wasAlreadyErroring) { - WritableStreamStartErroring(stream, reason); - } - return promise; -} -function WritableStreamClose(stream) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`)); - } - const promise = newPromise((resolve, reject) => { - const closeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._closeRequest = closeRequest; - }); - const writer = stream._writer; - if (writer !== undefined && stream._backpressure && state === 'writable') { - defaultWriterReadyPromiseResolve(writer); - } - WritableStreamDefaultControllerClose(stream._writableStreamController); - return promise; -} -// WritableStream API exposed for controllers. -function WritableStreamAddWriteRequest(stream) { - const promise = newPromise((resolve, reject) => { - const writeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._writeRequests.push(writeRequest); - }); - return promise; -} -function WritableStreamDealWithRejection(stream, error) { - const state = stream._state; - if (state === 'writable') { - WritableStreamStartErroring(stream, error); - return; - } - WritableStreamFinishErroring(stream); -} -function WritableStreamStartErroring(stream, reason) { - const controller = stream._writableStreamController; - stream._state = 'erroring'; - stream._storedError = reason; - const writer = stream._writer; - if (writer !== undefined) { - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason); - } - if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) { - WritableStreamFinishErroring(stream); - } -} -function WritableStreamFinishErroring(stream) { - stream._state = 'errored'; - stream._writableStreamController[ErrorSteps](); - const storedError = stream._storedError; - stream._writeRequests.forEach(writeRequest => { - writeRequest._reject(storedError); - }); - stream._writeRequests = new SimpleQueue(); - if (stream._pendingAbortRequest === undefined) { - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const abortRequest = stream._pendingAbortRequest; - stream._pendingAbortRequest = undefined; - if (abortRequest._wasAlreadyErroring) { - abortRequest._reject(storedError); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; + this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); + this.encrypted = null; + this.s2k = null; + this.iv = null; + } + + /** + * Parsing function for a symmetric encrypted session key packet (tag 3). + * + * @param {Uint8Array} bytes - Payload of a tag 3 packet + */ + read(bytes) { + let offset = 0; + + // A one-octet version number with value 4, 5 or 6. + this.version = bytes[offset++]; + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); } - const promise = stream._writableStreamController[AbortSteps](abortRequest._reason); - uponPromise(promise, () => { - abortRequest._resolve(); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }, (reason) => { - abortRequest._reject(reason); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }); -} -function WritableStreamFinishInFlightWrite(stream) { - stream._inFlightWriteRequest._resolve(undefined); - stream._inFlightWriteRequest = undefined; -} -function WritableStreamFinishInFlightWriteWithError(stream, error) { - stream._inFlightWriteRequest._reject(error); - stream._inFlightWriteRequest = undefined; - WritableStreamDealWithRejection(stream, error); -} -function WritableStreamFinishInFlightClose(stream) { - stream._inFlightCloseRequest._resolve(undefined); - stream._inFlightCloseRequest = undefined; - const state = stream._state; - if (state === 'erroring') { - // The error was too late to do anything, so it is ignored. - stream._storedError = undefined; - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._resolve(); - stream._pendingAbortRequest = undefined; - } + + if (this.version === 6) { + // A one-octet scalar octet count of the following 5 fields. + offset++; } - stream._state = 'closed'; - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseResolve(writer); + + // A one-octet number describing the symmetric algorithm used. + const algo = bytes[offset++]; + + if (this.version >= 5) { + // A one-octet AEAD algorithm. + this.aeadAlgorithm = bytes[offset++]; + + if (this.version === 6) { + // A one-octet scalar octet count of the following field. + offset++; + } } -} -function WritableStreamFinishInFlightCloseWithError(stream, error) { - stream._inFlightCloseRequest._reject(error); - stream._inFlightCloseRequest = undefined; - // Never execute sink abort() after sink close(). - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._reject(error); - stream._pendingAbortRequest = undefined; + + // A string-to-key (S2K) specifier, length as defined above. + const s2kType = bytes[offset++]; + this.s2k = newS2KFromType(s2kType); + offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + + // A starting initialization vector of size specified by the AEAD + // algorithm. + this.iv = bytes.subarray(offset, offset += mode.ivLength); } - WritableStreamDealWithRejection(stream, error); -} -// TODO(ricea): Fix alphabetical order. -function WritableStreamCloseQueuedOrInFlight(stream) { - if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; + + // The encrypted session key itself, which is decrypted with the + // string-to-key object. This is optional in version 4. + if (this.version >= 5 || offset < bytes.length) { + this.encrypted = bytes.subarray(offset, bytes.length); + this.sessionKeyEncryptionAlgorithm = algo; + } else { + this.sessionKeyAlgorithm = algo; } - return true; -} -function WritableStreamHasOperationMarkedInFlight(stream) { - if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; + } + + /** + * Create a binary representation of a tag 3 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const algo = this.encrypted === null ? + this.sessionKeyAlgorithm : + this.sessionKeyEncryptionAlgorithm; + + let bytes; + + const s2k = this.s2k.write(); + if (this.version === 6) { + const s2kLen = s2k.length; + const fieldsLen = 3 + s2kLen + this.iv.length; + bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]); + } else if (this.version === 5) { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]); + } else { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]); + + if (this.encrypted !== null) { + bytes = util.concatUint8Array([bytes, this.encrypted]); + } } - return true; -} -function WritableStreamMarkCloseRequestInFlight(stream) { - stream._inFlightCloseRequest = stream._closeRequest; - stream._closeRequest = undefined; -} -function WritableStreamMarkFirstWriteRequestInFlight(stream) { - stream._inFlightWriteRequest = stream._writeRequests.shift(); -} -function WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) { - if (stream._closeRequest !== undefined) { - stream._closeRequest._reject(stream._storedError); - stream._closeRequest = undefined; + + return bytes; + } + + /** + * Decrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(passphrase) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); + } else if (this.encrypted !== null) { + const decrypted = await mod$1.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + + this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); + this.sessionKey = decrypted.subarray(1, decrypted.length); + if (this.sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + } else { + // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo + this.sessionKey = key; } - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseReject(writer, stream._storedError); + } + + /** + * Encrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + this.sessionKeyEncryptionAlgorithm = algo; + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.sessionKey === null) { + this.sessionKey = mod$1.generateSessionKey(this.sessionKeyAlgorithm); } -} -function WritableStreamUpdateBackpressure(stream, backpressure) { - const writer = stream._writer; - if (writer !== undefined && backpressure !== stream._backpressure) { - if (backpressure) { - defaultWriterReadyPromiseReset(writer); - } - else { - defaultWriterReadyPromiseResolve(writer); - } + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(mode.ivLength); // generate new random IV + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata); + } else { + const toEncrypt = util.concatUint8Array([ + new Uint8Array([this.sessionKeyAlgorithm]), + this.sessionKey + ]); + this.encrypted = await mod$1.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config$1); } - stream._backpressure = backpressure; + } } + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * A default writer vended by a {@link WritableStream}. + * Implementation of the Key Material Packet (Tag 5,6,7,14) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: + * A key material packet contains all the information about a public or + * private key. There are four variants of this packet type, and two + * major versions. * - * @public - */ -class WritableStreamDefaultWriter { - constructor(stream) { - assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter'); - assertWritableStream(stream, 'First parameter'); - if (IsWritableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive writing by another writer'); - } - this._ownerWritableStream = stream; - stream._writer = this; - const state = stream._state; - if (state === 'writable') { - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) { - defaultWriterReadyPromiseInitialize(this); - } - else { - defaultWriterReadyPromiseInitializeAsResolved(this); - } - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'erroring') { - defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError); - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'closed') { - defaultWriterReadyPromiseInitializeAsResolved(this); - defaultWriterClosedPromiseInitializeAsResolved(this); - } - else { - const storedError = stream._storedError; - defaultWriterReadyPromiseInitializeAsRejected(this, storedError); - defaultWriterClosedPromiseInitializeAsRejected(this, storedError); - } - } + * A Public-Key packet starts a series of packets that forms an OpenPGP + * key (sometimes called an OpenPGP certificate). + */ +class PublicKeyPacket { + static get tag() { + return enums.packet.publicKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the writer’s lock is released before the stream finishes closing. + * Packet version + * @type {Integer} */ - get closed() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('closed')); - } - return this._closedPromise; - } + this.version = config$1.v6Keys ? 6 : 4; /** - * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full. - * A producer can use this information to determine the right amount of data to write. - * - * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort - * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when - * the writer’s lock is released. + * Key creation date. + * @type {Date} */ - get desiredSize() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('desiredSize'); - } - if (this._ownerWritableStream === undefined) { - throw defaultWriterLockException('desiredSize'); - } - return WritableStreamDefaultWriterGetDesiredSize(this); - } + this.created = util.normalizeDate(date); /** - * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions - * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips - * back to zero or below, the getter will return a new promise that stays pending until the next transition. - * - * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become - * rejected. + * Public key algorithm. + * @type {enums.publicKey} */ - get ready() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('ready')); - } - return this._readyPromise; - } + this.algorithm = null; /** - * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}. + * Algorithm specific public params + * @type {Object} */ - abort(reason = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('abort')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('abort')); - } - return WritableStreamDefaultWriterAbort(this, reason); - } + this.publicParams = null; /** - * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}. + * Time until expiration in days (V3 only) + * @type {Integer} */ - close() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('close')); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return promiseRejectedWith(defaultWriterLockException('close')); - } - if (WritableStreamCloseQueuedOrInFlight(stream)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamDefaultWriterClose(this); - } + this.expirationTimeV3 = 0; /** - * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active. - * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from - * now on; otherwise, the writer will appear closed. - * - * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the - * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled). - * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents - * other producers from writing in an interleaved manner. + * Fingerprint bytes + * @type {Uint8Array} */ - releaseLock() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('releaseLock'); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return; - } - WritableStreamDefaultWriterRelease(this); - } - write(chunk = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('write')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - return WritableStreamDefaultWriterWrite(this, chunk); - } -} -Object.defineProperties(WritableStreamDefaultWriter.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, - closed: { enumerable: true }, - desiredSize: { enumerable: true }, - ready: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultWriter', - configurable: true - }); -} -// Abstract operations for the WritableStreamDefaultWriter. -function IsWritableStreamDefaultWriter(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) { - return false; - } - return true; -} -// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check. -function WritableStreamDefaultWriterAbort(writer, reason) { - const stream = writer._ownerWritableStream; - return WritableStreamAbort(stream, reason); -} -function WritableStreamDefaultWriterClose(writer) { - const stream = writer._ownerWritableStream; - return WritableStreamClose(stream); -} -function WritableStreamDefaultWriterCloseWithErrorPropagation(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseResolvedWith(undefined); - } - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - return WritableStreamDefaultWriterClose(writer); -} -function WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) { - if (writer._closedPromiseState === 'pending') { - defaultWriterClosedPromiseReject(writer, error); - } - else { - defaultWriterClosedPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) { - if (writer._readyPromiseState === 'pending') { - defaultWriterReadyPromiseReject(writer, error); - } - else { - defaultWriterReadyPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterGetDesiredSize(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (state === 'errored' || state === 'erroring') { - return null; + this.fingerprint = null; + /** + * KeyID + * @type {module:type/keyid~KeyID} + */ + this.keyID = null; + } + + /** + * Create a PublicKeyPacket from a SecretKeyPacket + * @param {SecretKeyPacket} secretKeyPacket - key packet to convert + * @returns {PublicKeyPacket} public key packet + * @static + */ + static fromSecretKeyPacket(secretKeyPacket) { + const keyPacket = new PublicKeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } + + /** + * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} + * @param {Uint8Array} bytes - Input array to read the packet from + * @returns {Object} This object with attributes set by the parser + * @async + */ + async read(bytes, config$1 = config) { + let pos = 0; + // A one-octet version number (4, 5 or 6). + this.version = bytes[pos++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); } - if (state === 'closed') { - return 0; + + if (this.version === 4 || this.version === 5 || this.version === 6) { + // - A four-octet number denoting the time that the key was created. + this.created = util.readDate(bytes.subarray(pos, pos + 4)); + pos += 4; + + // - A one-octet number denoting the public-key algorithm of this key. + this.algorithm = bytes[pos++]; + + if (this.version >= 5) { + // - A four-octet scalar octet count for the following key material. + pos += 4; + } + + // - A series of values comprising the key material. + const { read, publicParams } = mod$1.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } + this.publicParams = publicParams; + pos += read; + + // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor + await this.computeFingerprintAndKeyID(); + return pos; } - return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController); -} -function WritableStreamDefaultWriterRelease(writer) { - const stream = writer._ownerWritableStream; - const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`); - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError); - // The state transitions to "errored" before the sink abort() method runs, but the writer.closed promise is not - // rejected until afterwards. This means that simply testing state will not work. - WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError); - stream._writer = undefined; - writer._ownerWritableStream = undefined; -} -function WritableStreamDefaultWriterWrite(writer, chunk) { - const stream = writer._ownerWritableStream; - const controller = stream._writableStreamController; - const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk); - if (stream !== writer._ownerWritableStream) { - return promiseRejectedWith(defaultWriterLockException('write to')); + throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); + } + + /** + * Creates an OpenPGP public key packet for the given key. + * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. + */ + write() { + const arr = []; + // Version + arr.push(new Uint8Array([this.version])); + arr.push(util.writeDate(this.created)); + // A one-octet number denoting the public-key algorithm of this key + arr.push(new Uint8Array([this.algorithm])); + + const params = mod$1.serializeParams(this.algorithm, this.publicParams); + if (this.version >= 5) { + // A four-octet scalar octet count for the following key material + arr.push(util.writeNumber(params.length, 4)); } - const state = stream._state; - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); + // Algorithm-specific params + arr.push(params); + return util.concatUint8Array(arr); + } + + /** + * Write packet in order to be hashed; either for a signature or a fingerprint + * @param {Integer} version - target version of signature or key + */ + writeForHash(version) { + const bytes = this.writePublicKey(); + + const versionOctet = 0x95 + version; + const lengthOctets = version >= 5 ? 4 : 2; + return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]); + } + + /** + * Check whether secret-key data is available in decrypted form. Returns null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return null; + } + + /** + * Returns the creation time of the key + * @returns {Date} + */ + getCreationTime() { + return this.created; + } + + /** + * Return the key ID of the key + * @returns {module:type/keyid~KeyID} The 8-byte key ID + */ + getKeyID() { + return this.keyID; + } + + /** + * Computes and set the key ID and fingerprint of the key + * @async + */ + async computeFingerprintAndKeyID() { + await this.computeFingerprint(); + this.keyID = new KeyID(); + + if (this.version >= 5) { + this.keyID.read(this.fingerprint.subarray(0, 8)); + } else if (this.version === 4) { + this.keyID.read(this.fingerprint.subarray(12, 20)); + } else { + throw new Error('Unsupported key version'); } - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to')); + } + + /** + * Computes and set the fingerprint of the key + */ + async computeFingerprint() { + const toHash = this.writeForHash(this.version); + + if (this.version >= 5) { + this.fingerprint = await mod$1.hash.sha256(toHash); + } else if (this.version === 4) { + this.fingerprint = await mod$1.hash.sha1(toHash); + } else { + throw new Error('Unsupported key version'); } - if (state === 'erroring') { - return promiseRejectedWith(stream._storedError); + } + + /** + * Returns the fingerprint of the key, as an array of bytes + * @returns {Uint8Array} A Uint8Array containing the fingerprint + */ + getFingerprintBytes() { + return this.fingerprint; + } + + /** + * Calculates and returns the fingerprint of the key, as a string + * @returns {String} A string containing the fingerprint in lowercase hex + */ + getFingerprint() { + return util.uint8ArrayToHex(this.getFingerprintBytes()); + } + + /** + * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint + * @returns {Boolean} Whether the two keys have the same version and public key data. + */ + hasSameFingerprintAs(other) { + return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); + } + + /** + * Returns algorithm information + * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. + */ + getAlgorithmInfo() { + const result = {}; + result.algorithm = enums.read(enums.publicKey, this.algorithm); + // RSA, DSA or ElGamal public modulo + const modulo = this.publicParams.n || this.publicParams.p; + if (modulo) { + result.bits = util.uint8ArrayBitLength(modulo); + } else if (this.publicParams.oid) { + result.curve = this.publicParams.oid.getName(); } - const promise = WritableStreamAddWriteRequest(stream); - WritableStreamDefaultControllerWrite(controller, chunk, chunkSize); - return promise; + return result; + } } -const closeSentinel = {}; + +/** + * Alias of read() + * @see PublicKeyPacket#read + */ +PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; + +/** + * Alias of write() + * @see PublicKeyPacket#write + */ +PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A SE packet can contain the following packet types +const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + /** - * Allows control of a {@link WritableStream | writable stream}'s state and internal queue. + * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) * - * @public + * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: + * The Symmetrically Encrypted Data packet contains data encrypted with a + * symmetric-key algorithm. When it has been decrypted, it contains other + * packets (usually a literal data packet or compressed data packet, but in + * theory other Symmetrically Encrypted Data packets or sequences of packets + * that form whole OpenPGP messages). */ -class WritableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } +class SymmetricallyEncryptedDataPacket { + static get tag() { + return enums.packet.symmetricallyEncryptedData; + } + + constructor() { /** - * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`. - * - * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying - * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the - * normal lifecycle of interactions with the underlying sink. + * Encrypted secret-key data */ - error(e = undefined) { - if (!IsWritableStreamDefaultController(this)) { - throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController'); - } - const state = this._controlledWritableStream._state; - if (state !== 'writable') { - // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so - // just treat it as a no-op. - return; - } - WritableStreamDefaultControllerError(this, e); - } - /** @internal */ - [AbortSteps](reason) { - const result = this._abortAlgorithm(reason); - WritableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [ErrorSteps]() { - ResetQueue(this); - } -} -Object.defineProperties(WritableStreamDefaultController.prototype, { - error: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultController', - configurable: true - }); -} -// Abstract operations implementing interface required by the WritableStream. -function IsWritableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) { - return false; - } - return true; -} -function SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledWritableStream = stream; - stream._writableStreamController = controller; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._writeAlgorithm = writeAlgorithm; - controller._closeAlgorithm = closeAlgorithm; - controller._abortAlgorithm = abortAlgorithm; - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - const startResult = startAlgorithm(); - const startPromise = promiseResolvedWith(startResult); - uponPromise(startPromise, () => { - controller._started = true; - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, r => { - controller._started = true; - WritableStreamDealWithRejection(stream, r); - }); -} -function SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) { - const controller = Object.create(WritableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let writeAlgorithm = () => promiseResolvedWith(undefined); - let closeAlgorithm = () => promiseResolvedWith(undefined); - let abortAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSink.start !== undefined) { - startAlgorithm = () => underlyingSink.start(controller); - } - if (underlyingSink.write !== undefined) { - writeAlgorithm = chunk => underlyingSink.write(chunk, controller); - } - if (underlyingSink.close !== undefined) { - closeAlgorithm = () => underlyingSink.close(); - } - if (underlyingSink.abort !== undefined) { - abortAlgorithm = reason => underlyingSink.abort(reason); - } - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); -} -// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls. -function WritableStreamDefaultControllerClearAlgorithms(controller) { - controller._writeAlgorithm = undefined; - controller._closeAlgorithm = undefined; - controller._abortAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -function WritableStreamDefaultControllerClose(controller) { - EnqueueValueWithSize(controller, closeSentinel, 0); - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -function WritableStreamDefaultControllerGetChunkSize(controller, chunk) { - try { - return controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE); - return 1; - } -} -function WritableStreamDefaultControllerGetDesiredSize(controller) { - return controller._strategyHWM - controller._queueTotalSize; -} -function WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) { - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE); - return; - } - const stream = controller._controlledWritableStream; - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -// Abstract operations for the WritableStreamDefaultController. -function WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) { - const stream = controller._controlledWritableStream; - if (!controller._started) { - return; - } - if (stream._inFlightWriteRequest !== undefined) { - return; - } - const state = stream._state; - if (state === 'erroring') { - WritableStreamFinishErroring(stream); - return; - } - if (controller._queue.length === 0) { - return; - } - const value = PeekQueueValue(controller); - if (value === closeSentinel) { - WritableStreamDefaultControllerProcessClose(controller); - } - else { - WritableStreamDefaultControllerProcessWrite(controller, value); - } -} -function WritableStreamDefaultControllerErrorIfNeeded(controller, error) { - if (controller._controlledWritableStream._state === 'writable') { - WritableStreamDefaultControllerError(controller, error); - } -} -function WritableStreamDefaultControllerProcessClose(controller) { - const stream = controller._controlledWritableStream; - WritableStreamMarkCloseRequestInFlight(stream); - DequeueValue(controller); - const sinkClosePromise = controller._closeAlgorithm(); - WritableStreamDefaultControllerClearAlgorithms(controller); - uponPromise(sinkClosePromise, () => { - WritableStreamFinishInFlightClose(stream); - }, reason => { - WritableStreamFinishInFlightCloseWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerProcessWrite(controller, chunk) { - const stream = controller._controlledWritableStream; - WritableStreamMarkFirstWriteRequestInFlight(stream); - const sinkWritePromise = controller._writeAlgorithm(chunk); - uponPromise(sinkWritePromise, () => { - WritableStreamFinishInFlightWrite(stream); - const state = stream._state; - DequeueValue(controller); - if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, reason => { - if (stream._state === 'writable') { - WritableStreamDefaultControllerClearAlgorithms(controller); - } - WritableStreamFinishInFlightWriteWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerGetBackpressure(controller) { - const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller); - return desiredSize <= 0; -} -// A client of WritableStreamDefaultController may use these functions directly to bypass state check. -function WritableStreamDefaultControllerError(controller, error) { - const stream = controller._controlledWritableStream; - WritableStreamDefaultControllerClearAlgorithms(controller); - WritableStreamStartErroring(stream, error); -} -// Helper functions for the WritableStream. -function streamBrandCheckException$2(name) { - return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`); -} -// Helper functions for the WritableStreamDefaultWriter. -function defaultWriterBrandCheckException(name) { - return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`); -} -function defaultWriterLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released writer'); -} -function defaultWriterClosedPromiseInitialize(writer) { - writer._closedPromise = newPromise((resolve, reject) => { - writer._closedPromise_resolve = resolve; - writer._closedPromise_reject = reject; - writer._closedPromiseState = 'pending'; - }); -} -function defaultWriterClosedPromiseInitializeAsRejected(writer, reason) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseReject(writer, reason); -} -function defaultWriterClosedPromiseInitializeAsResolved(writer) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseResolve(writer); -} -function defaultWriterClosedPromiseReject(writer, reason) { - if (writer._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._closedPromise); - writer._closedPromise_reject(reason); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'rejected'; -} -function defaultWriterClosedPromiseResetToRejected(writer, reason) { - defaultWriterClosedPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterClosedPromiseResolve(writer) { - if (writer._closedPromise_resolve === undefined) { - return; - } - writer._closedPromise_resolve(undefined); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'resolved'; -} -function defaultWriterReadyPromiseInitialize(writer) { - writer._readyPromise = newPromise((resolve, reject) => { - writer._readyPromise_resolve = resolve; - writer._readyPromise_reject = reject; - }); - writer._readyPromiseState = 'pending'; -} -function defaultWriterReadyPromiseInitializeAsRejected(writer, reason) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseReject(writer, reason); -} -function defaultWriterReadyPromiseInitializeAsResolved(writer) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseResolve(writer); -} -function defaultWriterReadyPromiseReject(writer, reason) { - if (writer._readyPromise_reject === undefined) { - return; + this.encrypted = null; + /** + * Decrypted packets contained within. + * @type {PacketList} + */ + this.packets = null; + } + + read(bytes) { + this.encrypted = bytes; + } + + write() { + return this.encrypted; + } + + /** + * Decrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error + if (!config$1.allowUnauthenticatedMessages) { + throw new Error('Message is not authenticated.'); } - setPromiseIsHandledToTrue(writer._readyPromise); - writer._readyPromise_reject(reason); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'rejected'; -} -function defaultWriterReadyPromiseReset(writer) { - defaultWriterReadyPromiseInitialize(writer); -} -function defaultWriterReadyPromiseResetToRejected(writer, reason) { - defaultWriterReadyPromiseInitializeAsRejected(writer, reason); + + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const encrypted = await readToEnd(clone(this.encrypted)); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, + encrypted.subarray(blockSize + 2), + encrypted.subarray(2, blockSize + 2) + ); + + this.packets = await PacketList.fromBinary(decrypted, allowedPackets$2, config$1); + } + + /** + * Encrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + const data = this.packets.write(); + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const FRE = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); + const ciphertext = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); + this.encrypted = util.concat([FRE, ciphertext]); + } } -function defaultWriterReadyPromiseResolve(writer) { - if (writer._readyPromise_resolve === undefined) { - return; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the strange "Marker packet" (Tag 10) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: + * An experimental version of PGP used this packet as the Literal + * packet, but no released version of PGP generated Literal packets with this + * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as + * the Marker packet. + * + * The body of this packet consists of: + * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). + * + * Such a packet MUST be ignored when received. It may be placed at the + * beginning of a message that uses features not available in PGP + * version 2.6 in order to cause that version to report that newer + * software is necessary to process the message. + */ +class MarkerPacket { + static get tag() { + return enums.packet.marker; + } + + /** + * Parsing function for a marker data packet (tag 10). + * @param {Uint8Array} bytes - Payload of a tag 10 packet + * @returns {Boolean} whether the packet payload contains "PGP" + */ + read(bytes) { + if (bytes[0] === 0x50 && // P + bytes[1] === 0x47 && // G + bytes[2] === 0x50) { // P + return true; } - writer._readyPromise_resolve(undefined); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'fulfilled'; + return false; + } + + write() { + return new Uint8Array([0x50, 0x47, 0x50]); + } } -function isAbortSignal(value) { - if (typeof value !== 'object' || value === null) { - return false; - } - try { - return typeof value.aborted === 'boolean'; - } - catch (_a) { - // AbortSignal.prototype.aborted throws if its brand check fails - return false; - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Public-Subkey packet (tag 14) has exactly the same format as a + * Public-Key packet, but denotes a subkey. One or more subkeys may be + * associated with a top-level key. By convention, the top-level key + * provides signature services, and the subkeys provide encryption + * services. + * @extends PublicKeyPacket + */ +class PublicSubkeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.publicSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + // eslint-disable-next-line @typescript-eslint/no-useless-constructor + constructor(date, config) { + super(date, config); + } + + /** + * Create a PublicSubkeyPacket from a SecretSubkeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert + * @returns {SecretSubkeyPacket} public key packet + * @static + */ + static fromSecretSubkeyPacket(secretSubkeyPacket) { + const keyPacket = new PublicSubkeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } } -/// -const NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + -/// -function isDOMExceptionConstructor(ctor) { - if (!(typeof ctor === 'function' || typeof ctor === 'object')) { - return false; +/** + * Implementation of the User Attribute Packet (Tag 17) + * + * The User Attribute packet is a variation of the User ID packet. It + * is capable of storing more types of data than the User ID packet, + * which is limited to text. Like the User ID packet, a User Attribute + * packet may be certified by the key owner ("self-signed") or any other + * key owner who cares to certify it. Except as noted, a User Attribute + * packet may be used anywhere that a User ID packet may be used. + * + * While User Attribute packets are not a required part of the OpenPGP + * standard, implementations SHOULD provide at least enough + * compatibility to properly handle a certification signature on the + * User Attribute packet. A simple way to do this is by treating the + * User Attribute packet as a User ID packet with opaque contents, but + * an implementation may use any method desired. + */ +class UserAttributePacket { + static get tag() { + return enums.packet.userAttribute; + } + + constructor() { + this.attributes = []; + } + + /** + * parsing function for a user attribute packet (tag 17). + * @param {Uint8Array} input - Payload of a tag 17 packet + */ + read(bytes) { + let i = 0; + while (i < bytes.length) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; + + this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); + i += len.len; } - try { - new ctor(); - return true; + } + + /** + * Creates a binary representation of the user attribute packet + * @returns {Uint8Array} String representation. + */ + write() { + const arr = []; + for (let i = 0; i < this.attributes.length; i++) { + arr.push(writeSimpleLength(this.attributes[i].length)); + arr.push(util.stringToUint8Array(this.attributes[i])); } - catch (_a) { - return false; + return util.concatUint8Array(arr); + } + + /** + * Compare for equality + * @param {UserAttributePacket} usrAttr + * @returns {Boolean} True if equal. + */ + equals(usrAttr) { + if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { + return false; } -} -function createDOMExceptionPolyfill() { - // eslint-disable-next-line no-shadow - const ctor = function DOMException(message, name) { - this.message = message || ''; - this.name = name || 'Error'; - if (Error.captureStackTrace) { - Error.captureStackTrace(this, this.constructor); - } - }; - ctor.prototype = Object.create(Error.prototype); - Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true }); - return ctor; -} -// eslint-disable-next-line no-redeclare -const DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill(); - -function ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) { - const reader = AcquireReadableStreamDefaultReader(source); - const writer = AcquireWritableStreamDefaultWriter(dest); - source._disturbed = true; - let shuttingDown = false; - // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown. - let currentWrite = promiseResolvedWith(undefined); - return newPromise((resolve, reject) => { - let abortAlgorithm; - if (signal !== undefined) { - abortAlgorithm = () => { - const error = new DOMException$1('Aborted', 'AbortError'); - const actions = []; - if (!preventAbort) { - actions.push(() => { - if (dest._state === 'writable') { - return WritableStreamAbort(dest, error); - } - return promiseResolvedWith(undefined); - }); - } - if (!preventCancel) { - actions.push(() => { - if (source._state === 'readable') { - return ReadableStreamCancel(source, error); - } - return promiseResolvedWith(undefined); - }); - } - shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error); - }; - if (signal.aborted) { - abortAlgorithm(); - return; - } - signal.addEventListener('abort', abortAlgorithm); - } - // Using reader and writer, read all chunks from this and write them to dest - // - Backpressure must be enforced - // - Shutdown must stop all activity - function pipeLoop() { - return newPromise((resolveLoop, rejectLoop) => { - function next(done) { - if (done) { - resolveLoop(); - } - else { - // Use `PerformPromiseThen` instead of `uponPromise` to avoid - // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers - PerformPromiseThen(pipeStep(), next, rejectLoop); - } - } - next(false); - }); - } - function pipeStep() { - if (shuttingDown) { - return promiseResolvedWith(true); - } - return PerformPromiseThen(writer._readyPromise, () => { - return newPromise((resolveRead, rejectRead) => { - ReadableStreamDefaultReaderRead(reader, { - _chunkSteps: chunk => { - currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop); - resolveRead(false); - }, - _closeSteps: () => resolveRead(true), - _errorSteps: rejectRead - }); - }); - }); - } - // Errors must be propagated forward - isOrBecomesErrored(source, reader._closedPromise, storedError => { - if (!preventAbort) { - shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Errors must be propagated backward - isOrBecomesErrored(dest, writer._closedPromise, storedError => { - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Closing must be propagated forward - isOrBecomesClosed(source, reader._closedPromise, () => { - if (!preventClose) { - shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer)); - } - else { - shutdown(); - } - }); - // Closing must be propagated backward - if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') { - const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it'); - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed); - } - else { - shutdown(true, destClosed); - } - } - setPromiseIsHandledToTrue(pipeLoop()); - function waitForWritesToFinish() { - // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait - // for that too. - const oldCurrentWrite = currentWrite; - return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined); - } - function isOrBecomesErrored(stream, promise, action) { - if (stream._state === 'errored') { - action(stream._storedError); - } - else { - uponRejection(promise, action); - } - } - function isOrBecomesClosed(stream, promise, action) { - if (stream._state === 'closed') { - action(); - } - else { - uponFulfillment(promise, action); - } - } - function shutdownWithAction(action, originalIsError, originalError) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), doTheRest); - } - else { - doTheRest(); - } - function doTheRest() { - uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError)); - } - } - function shutdown(isError, error) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error)); - } - else { - finalize(isError, error); - } - } - function finalize(isError, error) { - WritableStreamDefaultWriterRelease(writer); - ReadableStreamReaderGenericRelease(reader); - if (signal !== undefined) { - signal.removeEventListener('abort', abortAlgorithm); - } - if (isError) { - reject(error); - } - else { - resolve(undefined); - } - } + return this.attributes.every(function(attr, index) { + return attr === usrAttr.attributes[index]; }); + } } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue. - * - * @public + * A Secret-Key packet contains all the information that is found in a + * Public-Key packet, including the public-key material, but also + * includes the secret-key material after all the public-key fields. + * @extends PublicKeyPacket */ -class ReadableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } +class SecretKeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.secretKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying source ought to use this information to determine when and how to apply backpressure. + * Secret-key data */ - get desiredSize() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('desiredSize'); - } - return ReadableStreamDefaultControllerGetDesiredSize(this); - } + this.keyMaterial = null; /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. + * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. */ - close() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('close'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits close'); - } - ReadableStreamDefaultControllerClose(this); + this.isEncrypted = null; + /** + * S2K usage + * @type {enums.symmetric} + */ + this.s2kUsage = 0; + /** + * S2K object + * @type {type/s2k} + */ + this.s2k = null; + /** + * Symmetric algorithm to encrypt the key with + * @type {enums.symmetric} + */ + this.symmetric = null; + /** + * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) + * @type {enums.aead} + */ + this.aead = null; + /** + * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis + * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older). + * This value is only relevant to know how to decrypt the key: + * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism. + * @type {Boolean} + * @private + */ + this.isLegacyAEAD = null; + /** + * Decrypted private parameters, referenced by name + * @type {Object} + */ + this.privateParams = null; + /** + * `true` for keys whose integrity is already confirmed, based on + * the AEAD encryption mechanism + * @type {Boolean} + * @private + */ + this.usedModernAEAD = null; + } + + // 5.5.3. Secret-Key Packet Formats + + /** + * Internal parser for private keys as specified in + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} + * @param {Uint8Array} bytes - Input string to read the packet from + * @async + */ + async read(bytes, config$1 = config) { + // - A Public-Key or Public-Subkey packet, as described above. + let i = await this.readPublicKey(bytes, config$1); + const startOfSecretKeyData = i; + + // - One octet indicating string-to-key usage conventions. Zero + // indicates that the secret-key data is not encrypted. 255 or 254 + // indicates that a string-to-key specifier is being given. Any + // other value is a symmetric-key encryption algorithm identifier. + this.s2kUsage = bytes[i++]; + + // - Only for a version 5 packet, a one-octet scalar octet count of + // the next 4 optional fields. + if (this.version === 5) { + i++; } - enqueue(chunk = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('enqueue'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits enqueue'); + + // - Only for a version 6 packet where the secret key material is + // encrypted (that is, where the previous octet is not zero), a one- + // octet scalar octet count of the cumulative length of all the + // following optional string-to-key parameter fields. + if (this.version === 6 && this.s2kUsage) { + i++; + } + + try { + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one-octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + this.symmetric = bytes[i++]; + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + this.aead = bytes[i++]; } - return ReadableStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('error'); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + i++; } - ReadableStreamDefaultControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableStream; - if (this._queue.length > 0) { - const chunk = DequeueValue(this); - if (this._closeRequested && this._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(this); - ReadableStreamClose(stream); - } - else { - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - readRequest._chunkSteps(chunk); + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + const s2kType = bytes[i++]; + this.s2k = newS2KFromType(s2kType); + i += this.s2k.read(bytes.subarray(i, bytes.length)); + + if (this.s2k.type === 'gnu-dummy') { + return; } - else { - ReadableStreamAddReadRequest(stream, readRequest); - ReadableStreamDefaultControllerCallPullIfNeeded(this); + } else if (this.s2kUsage) { + this.symmetric = this.s2kUsage; + } + + + if (this.s2kUsage) { + // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5). + // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format). + // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always + // fail if the key was parsed according to the wrong format, since the keys are processed differently. + // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag. + this.isLegacyAEAD = this.s2kUsage === 253 && ( + this.version === 5 || (this.version === 4 && config$1.parseAEADEncryptedV4KeysAsLegacy)); + // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV) + // of the same length as the cipher's block size. + // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the + // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm. + // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero + if (this.s2kUsage !== 253 || this.isLegacyAEAD) { + this.iv = bytes.subarray( + i, + i + mod$1.getCipherParams(this.symmetric).blockSize + ); + this.usedModernAEAD = false; + } else { + // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted), + // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which + // is used as the nonce for the AEAD algorithm. + this.iv = bytes.subarray( + i, + i + mod$1.getAEADMode(this.aead).ivLength + ); + // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation. + this.usedModernAEAD = true; } + + i += this.iv.length; + } + } catch (e) { + // if the s2k is unsupported, we still want to support encrypting and verifying with the given key + if (!this.s2kUsage) throw e; // always throw for decrypted keys + this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); + this.isEncrypted = true; } -} -Object.defineProperties(ReadableStreamDefaultController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultController', - configurable: true - }); -} -// Abstract operations for the ReadableStreamDefaultController. -function IsReadableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) { - return false; - } - return true; -} -function ReadableStreamDefaultControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; + + // - Only for a version 5 packet, a four-octet scalar octet count for + // the following key material. + if (this.version === 5) { + i += 4; } - controller._pulling = true; - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); + + // - Plain or encrypted multiprecision integers comprising the secret + // key data. These algorithm-specific fields are as described + // below. + this.keyMaterial = bytes.subarray(i); + this.isEncrypted = !!this.s2kUsage; + + if (!this.isEncrypted) { + let cleartext; + if (this.version === 6) { + cleartext = this.keyMaterial; + } else { + cleartext = this.keyMaterial.subarray(0, -2); + if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { + throw new Error('Key checksum mismatch'); } - }, e => { - ReadableStreamDefaultControllerError(controller, e); - }); -} -function ReadableStreamDefaultControllerShouldCallPull(controller) { - const stream = controller._controlledReadableStream; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return false; - } - if (!controller._started) { - return false; - } - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; - } - return false; -} -function ReadableStreamDefaultControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -// A client of ReadableStreamDefaultController may use these functions directly to bypass state check. -function ReadableStreamDefaultControllerClose(controller) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; - } - const stream = controller._controlledReadableStream; - controller._closeRequested = true; - if (controller._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamClose(stream); + } + try { + const { read, privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + if (read < cleartext.length) { + throw new Error('Error reading MPIs'); + } + this.privateParams = privateParams; + } catch (err) { + if (err instanceof UnsupportedError) throw err; + // avoid throwing potentially sensitive errors + throw new Error('Error reading MPIs'); + } } -} -function ReadableStreamDefaultControllerEnqueue(controller, chunk) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; + } + + /** + * Creates an OpenPGP key packet for the given key. + * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. + */ + write() { + const serializedPublicKey = this.writePublicKey(); + if (this.unparseableKeyMaterial) { + return util.concatUint8Array([ + serializedPublicKey, + this.unparseableKeyMaterial + ]); } - const stream = controller._controlledReadableStream; - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - ReadableStreamFulfillReadRequest(stream, chunk, false); + + const arr = [serializedPublicKey]; + arr.push(new Uint8Array([this.s2kUsage])); + + const optionalFieldsArr = []; + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one- octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + optionalFieldsArr.push(this.symmetric); + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + optionalFieldsArr.push(this.aead); + } + + const s2k = this.s2k.write(); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + optionalFieldsArr.push(s2k.length); + } + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + optionalFieldsArr.push(...s2k); } - else { - let chunkSize; - try { - chunkSize = controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - ReadableStreamDefaultControllerError(controller, chunkSizeE); - throw chunkSizeE; - } - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - ReadableStreamDefaultControllerError(controller, enqueueE); - throw enqueueE; - } + + // - [Optional] If secret data is encrypted (string-to-key usage octet + // not zero), an Initial Vector (IV) of the same length as the + // cipher's block size. + if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { + optionalFieldsArr.push(...this.iv); } - ReadableStreamDefaultControllerCallPullIfNeeded(controller); -} -function ReadableStreamDefaultControllerError(controller, e) { - const stream = controller._controlledReadableStream; - if (stream._state !== 'readable') { - return; + + if (this.version === 5 || (this.version === 6 && this.s2kUsage)) { + arr.push(new Uint8Array([optionalFieldsArr.length])); } - ResetQueue(controller); - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableStreamDefaultControllerGetDesiredSize(controller) { - const state = controller._controlledReadableStream._state; - if (state === 'errored') { - return null; + arr.push(new Uint8Array(optionalFieldsArr)); + + if (!this.isDummy()) { + if (!this.s2kUsage) { + this.keyMaterial = mod$1.serializeParams(this.algorithm, this.privateParams); + } + + if (this.version === 5) { + arr.push(util.writeNumber(this.keyMaterial.length, 4)); + } + arr.push(this.keyMaterial); + + if (!this.s2kUsage && this.version !== 6) { + arr.push(util.writeChecksum(this.keyMaterial)); + } } - if (state === 'closed') { - return 0; + + return util.concatUint8Array(arr); + } + + /** + * Check whether secret-key data is available in decrypted form. + * Returns false for gnu-dummy keys and null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return this.isEncrypted === false; + } + + /** + * Check whether the key includes secret key material. + * Some secret keys do not include it, and can thus only be used + * for public-key operations (encryption and verification). + * Such keys are: + * - GNU-dummy keys, where the secret material has been stripped away + * - encrypted keys with unsupported S2K or cipher + */ + isMissingSecretKeyMaterial() { + return this.unparseableKeyMaterial !== undefined || this.isDummy(); + } + + /** + * Check whether this is a gnu-dummy key + * @returns {Boolean} + */ + isDummy() { + return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + } + + /** + * Remove private key material, converting the key to a dummy one. + * The resulting key cannot be used for signing/decrypting but can still verify signatures. + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + makeDummy(config$1 = config) { + if (this.isDummy()) { + return; } - return controller._strategyHWM - controller._queueTotalSize; -} -// This is used in the implementation of TransformStream. -function ReadableStreamDefaultControllerHasBackpressure(controller) { - if (ReadableStreamDefaultControllerShouldCallPull(controller)) { - return false; + if (this.isDecrypted()) { + this.clearPrivateParams(); } - return true; -} -function ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) { - const state = controller._controlledReadableStream._state; - if (!controller._closeRequested && state === 'readable') { - return true; + delete this.unparseableKeyMaterial; + this.isEncrypted = null; + this.keyMaterial = null; + this.s2k = newS2KFromType(enums.s2k.gnu, config$1); + this.s2k.algorithm = 0; + this.s2k.c = 0; + this.s2k.type = 'gnu-dummy'; + this.s2kUsage = 254; + this.symmetric = enums.symmetric.aes256; + this.isLegacyAEAD = null; + this.usedModernAEAD = null; + } + + /** + * Encrypt the payload. By default, we use aes256 and iterated, salted string + * to key specifier. If the key is in a decrypted state (isEncrypted === false) + * and the passphrase is empty or undefined, the key will be set as not encrypted. + * This can be used to remove passphrase protection after calling decrypt(). + * @param {String} passphrase + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + if (this.isDummy()) { + return; } - return false; -} -function SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledReadableStream = stream; - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._closeRequested = false; - controller._pullAgain = false; - controller._pulling = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - }, r => { - ReadableStreamDefaultControllerError(controller, r); - }); -} -function SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) { - const controller = Object.create(ReadableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSource.start !== undefined) { - startAlgorithm = () => underlyingSource.start(controller); - } - if (underlyingSource.pull !== undefined) { - pullAlgorithm = () => underlyingSource.pull(controller); - } - if (underlyingSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingSource.cancel(reason); - } - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); -} -// Helper functions for the ReadableStreamDefaultController. -function defaultControllerBrandCheckException$1(name) { - return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`); -} - -function ReadableStreamTee(stream, cloneForBranch2) { - const reader = AcquireReadableStreamDefaultReader(stream); - let reading = false; - let canceled1 = false; - let canceled2 = false; - let reason1; - let reason2; - let branch1; - let branch2; - let resolveCancelPromise; - const cancelPromise = newPromise(resolve => { - resolveCancelPromise = resolve; - }); - function pullAlgorithm() { - if (reading) { - return promiseResolvedWith(undefined); - } - reading = true; - const readRequest = { - _chunkSteps: value => { - // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using - // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let - // successful synchronously-available reads get ahead of asynchronously-available errors. - queueMicrotask(() => { - reading = false; - const value1 = value; - const value2 = value; - // There is no way to access the cloning code right now in the reference implementation. - // If we add one then we'll need an implementation for serializable objects. - // if (!canceled2 && cloneForBranch2) { - // value2 = StructuredDeserialize(StructuredSerialize(value2)); - // } - if (!canceled1) { - ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1); - } - if (!canceled2) { - ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2); - } - }); - }, - _closeSteps: () => { - reading = false; - if (!canceled1) { - ReadableStreamDefaultControllerClose(branch1._readableStreamController); - } - if (!canceled2) { - ReadableStreamDefaultControllerClose(branch2._readableStreamController); - } - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }, - _errorSteps: () => { - reading = false; - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promiseResolvedWith(undefined); - } - function cancel1Algorithm(reason) { - canceled1 = true; - reason1 = reason; - if (canceled2) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function cancel2Algorithm(reason) { - canceled2 = true; - reason2 = reason; - if (canceled1) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function startAlgorithm() { - // do nothing - } - branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm); - branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm); - uponRejection(reader._closedPromise, (r) => { - ReadableStreamDefaultControllerError(branch1._readableStreamController, r); - ReadableStreamDefaultControllerError(branch2._readableStreamController, r); - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }); - return [branch1, branch2]; -} -function convertUnderlyingDefaultOrByteSource(source, context) { - assertDictionary(source, context); - const original = source; - const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize; - const cancel = original === null || original === void 0 ? void 0 : original.cancel; - const pull = original === null || original === void 0 ? void 0 : original.pull; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - return { - autoAllocateChunkSize: autoAllocateChunkSize === undefined ? - undefined : - convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`), - cancel: cancel === undefined ? - undefined : - convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`), - pull: pull === undefined ? - undefined : - convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`), - start: start === undefined ? - undefined : - convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`), - type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`) - }; -} -function convertUnderlyingSourceCancelCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSourcePullCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertUnderlyingSourceStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertReadableStreamType(type, context) { - type = `${type}`; - if (type !== 'bytes') { - throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`); + if (!this.isDecrypted()) { + throw new Error('Key packet is already encrypted'); } - return type; -} -function convertReaderOptions(options, context) { - assertDictionary(options, context); - const mode = options === null || options === void 0 ? void 0 : options.mode; - return { - mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`) - }; -} -function convertReadableStreamReaderMode(mode, context) { - mode = `${mode}`; - if (mode !== 'byob') { - throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`); + if (!passphrase) { + throw new Error('A non-empty passphrase is required for key encryption.'); } - return mode; -} -function convertIteratorOptions(options, context) { - assertDictionary(options, context); - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - return { preventCancel: Boolean(preventCancel) }; -} + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + const cleartext = mod$1.serializeParams(this.algorithm, this.privateParams); + this.symmetric = enums.symmetric.aes256; -function convertPipeOptions(options, context) { - assertDictionary(options, context); - const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort; - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - const preventClose = options === null || options === void 0 ? void 0 : options.preventClose; - const signal = options === null || options === void 0 ? void 0 : options.signal; - if (signal !== undefined) { - assertAbortSignal(signal, `${context} has member 'signal' that`); - } - return { - preventAbort: Boolean(preventAbort), - preventCancel: Boolean(preventCancel), - preventClose: Boolean(preventClose), - signal - }; -} -function assertAbortSignal(signal, context) { - if (!isAbortSignal(signal)) { - throw new TypeError(`${context} is not an AbortSignal.`); - } -} + const { blockSize } = mod$1.getCipherParams(this.symmetric); -function convertReadableWritablePair(pair, context) { - assertDictionary(pair, context); - const readable = pair === null || pair === void 0 ? void 0 : pair.readable; - assertRequiredField(readable, 'readable', 'ReadableWritablePair'); - assertReadableStream(readable, `${context} has member 'readable' that`); - const writable = pair === null || pair === void 0 ? void 0 : pair.writable; - assertRequiredField(writable, 'writable', 'ReadableWritablePair'); - assertWritableStream(writable, `${context} has member 'writable' that`); - return { readable, writable }; -} + if (config$1.aeadProtect) { + this.s2kUsage = 253; + this.aead = config$1.preferredAEADAlgorithm; + const mode = mod$1.getAEADMode(this.aead); + this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead. + this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material -/** - * A readable stream represents a source of data, from which you can read. - * - * @public - */ -class ReadableStream$1 { - constructor(rawUnderlyingSource = {}, rawStrategy = {}) { - if (rawUnderlyingSource === undefined) { - rawUnderlyingSource = null; - } - else { - assertObject(rawUnderlyingSource, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter'); - InitializeReadableStream(this); - if (underlyingSource.type === 'bytes') { - if (strategy.size !== undefined) { - throw new RangeError('The strategy for a byte stream cannot have a size function'); - } - const highWaterMark = ExtractHighWaterMark(strategy, 0); - SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark); - } - else { - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm); - } - } - /** - * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}. - */ - get locked() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('locked'); - } - return IsReadableStreamLocked(this); + const serializedPacketTag = writeTag(this.constructor.tag); + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + + const modeInstance = await mode(this.symmetric, key); + this.iv = this.isLegacyAEAD ? mod$1.random.getRandomBytes(blockSize) : mod$1.random.getRandomBytes(mode.ivLength); + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + + this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData); + } else { + this.s2kUsage = 254; + this.usedModernAEAD = false; + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric); + this.iv = mod$1.random.getRandomBytes(blockSize); + this.keyMaterial = await mod$1.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ + cleartext, + await mod$1.hash.sha1(cleartext, config$1) + ]), this.iv, config$1); } - /** - * Cancels the stream, signaling a loss of interest in the stream by a consumer. - * - * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()} - * method, which might or might not use it. - */ - cancel(reason = undefined) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('cancel')); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader')); - } - return ReadableStreamCancel(this, reason); + } + + /** + * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. + * {@link SecretKeyPacket.isDecrypted} should be false, as + * otherwise calls to this function will throw an error. + * @param {String} passphrase - The passphrase for this private key as string + * @throws {Error} if the key is already decrypted, or if decryption was not successful + * @async + */ + async decrypt(passphrase) { + if (this.isDummy()) { + return false; } - getReader(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('getReader'); - } - const options = convertReaderOptions(rawOptions, 'First parameter'); - if (options.mode === undefined) { - return AcquireReadableStreamDefaultReader(this); - } - return AcquireReadableStreamBYOBReader(this); + + if (this.unparseableKeyMaterial) { + throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); } - pipeThrough(rawTransform, rawOptions = {}) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('pipeThrough'); - } - assertRequiredArgument(rawTransform, 1, 'pipeThrough'); - const transform = convertReadableWritablePair(rawTransform, 'First parameter'); - const options = convertPipeOptions(rawOptions, 'Second parameter'); - if (IsReadableStreamLocked(this)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream'); - } - if (IsWritableStreamLocked(transform.writable)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream'); - } - const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - setPromiseIsHandledToTrue(promise); - return transform.readable; + + if (this.isDecrypted()) { + throw new Error('Key packet is already decrypted.'); } - pipeTo(destination, rawOptions = {}) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('pipeTo')); - } - if (destination === undefined) { - return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`); - } - if (!IsWritableStream(destination)) { - return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`)); - } - let options; - try { - options = convertPipeOptions(rawOptions, 'Second parameter'); - } - catch (e) { - return promiseRejectedWith(e); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream')); - } - if (IsWritableStreamLocked(destination)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream')); - } - return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal); + + let key; + const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only + if (this.s2kUsage === 254 || this.s2kUsage === 253) { + key = await produceEncryptionKey( + this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + } else if (this.s2kUsage === 255) { + throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); + } else { + throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); } - /** - * Tees this readable stream, returning a two-element array containing the two resulting branches as - * new {@link ReadableStream} instances. - * - * Teeing a stream will lock it, preventing any other consumer from acquiring a reader. - * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be - * propagated to the stream's underlying source. - * - * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable, - * this could allow interference between the two branches. - */ - tee() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('tee'); + + let cleartext; + if (this.s2kUsage === 253) { + const mode = mod$1.getAEADMode(this.aead); + const modeInstance = await mode(this.symmetric, key); + try { + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData); + } catch (err) { + if (err.message === 'Authentication tag mismatch') { + throw new Error('Incorrect key passphrase: ' + err.message); } - const branches = ReadableStreamTee(this); - return CreateArrayFromList(branches); + throw err; + } + } else { + const cleartextWithHash = await mod$1.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); + + cleartext = cleartextWithHash.subarray(0, -20); + const hash = await mod$1.hash.sha1(cleartext); + + if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { + throw new Error('Incorrect key passphrase'); + } } - values(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('values'); - } - const options = convertIteratorOptions(rawOptions, 'First parameter'); - return AcquireReadableStreamAsyncIterator(this, options.preventCancel); - } -} -Object.defineProperties(ReadableStream$1.prototype, { - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, - values: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStream', - configurable: true - }); -} -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.asyncIterator, { - value: ReadableStream$1.prototype.values, - writable: true, - configurable: true - }); -} -// Abstract operations for the ReadableStream. -// Throws if and only if startAlgorithm throws. -function CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(ReadableStream$1.prototype); - InitializeReadableStream(stream); - const controller = Object.create(ReadableStreamDefaultController.prototype); - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeReadableStream(stream) { - stream._state = 'readable'; - stream._reader = undefined; - stream._storedError = undefined; - stream._disturbed = false; -} -function IsReadableStream(x) { - if (!typeIsObject(x)) { - return false; + + try { + const { privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + this.privateParams = privateParams; + } catch (err) { + throw new Error('Error reading MPIs'); } - if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) { - return false; + this.isEncrypted = false; + this.keyMaterial = null; + this.s2kUsage = 0; + this.aead = null; + this.symmetric = null; + this.isLegacyAEAD = null; + } + + /** + * Checks that the key parameters are consistent + * @throws {Error} if validation was not successful + * @async + */ + async validate() { + if (this.isDummy()) { + return; } - return true; -} -function IsReadableStreamLocked(stream) { - if (stream._reader === undefined) { - return false; + + if (!this.isDecrypted()) { + throw new Error('Key is not decrypted'); } - return true; -} -// ReadableStream API exposed for controllers. -function ReadableStreamCancel(stream, reason) { - stream._disturbed = true; - if (stream._state === 'closed') { - return promiseResolvedWith(undefined); + + if (this.usedModernAEAD) { + // key integrity confirmed by successful AEAD decryption + return; } - if (stream._state === 'errored') { - return promiseRejectedWith(stream._storedError); + + let validParams; + try { + // this can throw if some parameters are undefined + validParams = await mod$1.validateParams(this.algorithm, this.publicParams, this.privateParams); + } catch (_) { + validParams = false; } - ReadableStreamClose(stream); - const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason); - return transformPromiseWith(sourceCancelPromise, noop); -} -function ReadableStreamClose(stream) { - stream._state = 'closed'; - const reader = stream._reader; - if (reader === undefined) { - return; + if (!validParams) { + throw new Error('Key is invalid'); } - defaultReaderClosedPromiseResolve(reader); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._closeSteps(); - }); - reader._readRequests = new SimpleQueue(); + } + + async generate(bits, curve) { + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if (this.version === 6 && ( + (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) || + this.algorithm === enums.publicKey.eddsaLegacy + )) { + throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`); + } + const { privateParams, publicParams } = await mod$1.generateParams(this.algorithm, bits, curve); + this.privateParams = privateParams; + this.publicParams = publicParams; + this.isEncrypted = false; + } + + /** + * Clear private key parameters + */ + clearPrivateParams() { + if (this.isMissingSecretKeyMaterial()) { + return; } + + Object.keys(this.privateParams).forEach(name => { + const param = this.privateParams[name]; + param.fill(0); + delete this.privateParams[name]; + }); + this.privateParams = null; + this.isEncrypted = true; + } } -function ReadableStreamError(stream, e) { - stream._state = 'errored'; - stream._storedError = e; - const reader = stream._reader; - if (reader === undefined) { - return; + +/** + * Derive encryption key + * @param {Number} keyVersion - key derivation differs for v5 keys + * @param {module:type/s2k} s2k + * @param {String} passphrase + * @param {module:enums.symmetric} cipherAlgo + * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5) + * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5) + * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only) + * @returns encryption key + */ +async function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) { + if (s2k.type === 'argon2' && !aeadMode) { + throw new Error('Using Argon2 S2K without AEAD is not allowed'); + } + if (s2k.type === 'simple' && keyVersion === 6) { + throw new Error('Using Simple S2K with version 6 keys is not allowed'); + } + const { keySize } = mod$1.getCipherParams(cipherAlgo); + const derivedKey = await s2k.produceKey(passphrase, keySize); + if (!aeadMode || keyVersion === 5 || isLegacyAEAD) { + return derivedKey; + } + const info = util.concatUint8Array([ + serializedPacketTag, + new Uint8Array([keyVersion, cipherAlgo, aeadMode]) + ]); + return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize); +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the User ID Packet (Tag 13) + * + * A User ID packet consists of UTF-8 text that is intended to represent + * the name and email address of the key holder. By convention, it + * includes an RFC 2822 [RFC2822] mail name-addr, but there are no + * restrictions on its content. The packet length in the header + * specifies the length of the User ID. + */ +class UserIDPacket { + static get tag() { + return enums.packet.userID; + } + + constructor() { + /** A string containing the user id. Usually in the form + * John Doe + * @type {String} + */ + this.userID = ''; + + this.name = ''; + this.email = ''; + this.comment = ''; + } + + /** + * Create UserIDPacket instance from object + * @param {Object} userID - Object specifying userID name, email and comment + * @returns {UserIDPacket} + * @static + */ + static fromObject(userID) { + if (util.isString(userID) || + (userID.name && !util.isString(userID.name)) || + (userID.email && !util.isEmailAddress(userID.email)) || + (userID.comment && !util.isString(userID.comment))) { + throw new Error('Invalid user ID format'); } - defaultReaderClosedPromiseReject(reader, e); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._errorSteps(e); - }); - reader._readRequests = new SimpleQueue(); + const packet = new UserIDPacket(); + Object.assign(packet, userID); + const components = []; + if (packet.name) components.push(packet.name); + if (packet.comment) components.push(`(${packet.comment})`); + if (packet.email) components.push(`<${packet.email}>`); + packet.userID = components.join(' '); + return packet; + } + + /** + * Parsing function for a user id packet (tag 13). + * @param {Uint8Array} input - Payload of a tag 13 packet + */ + read(bytes, config$1 = config) { + const userID = util.decodeUTF8(bytes); + if (userID.length > config$1.maxUserIDLength) { + throw new Error('User ID string is too long'); } - else { - reader._readIntoRequests.forEach(readIntoRequest => { - readIntoRequest._errorSteps(e); - }); - reader._readIntoRequests = new SimpleQueue(); + + /** + * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1, + * as well comments placed between the name (if present) and the bracketed email address: + * - name (comment) + * - email + * In the first case, the `email` is the only required part, and it must contain the `@` symbol. + * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`, + * since they interfere with `comment` parsing. + */ + const re = /^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/; + const matches = re.exec(userID); + if (matches !== null) { + const { name, comment, email } = matches.groups; + this.comment = comment?.replace(/^\(|\)|\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace + this.name = name?.trim() || ''; + this.email = email.substring(1, email.length - 1); // remove brackets + } else if (/^[^\s@]+@[^\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace + this.email = userID; } -} -// Helper functions for the ReadableStream. -function streamBrandCheckException$1(name) { - return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`); -} -function convertQueuingStrategyInit(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit'); - return { - highWaterMark: convertUnrestrictedDouble(highWaterMark) - }; + this.userID = userID; + } + + /** + * Creates a binary representation of the user id packet + * @returns {Uint8Array} Binary representation. + */ + write() { + return util.encodeUTF8(this.userID); + } + + equals(otherUserID) { + return otherUserID && otherUserID.userID === this.userID; + } } -const byteLengthSizeFunction = function size(chunk) { - return chunk.byteLength; -}; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * A queuing strategy that counts the number of bytes in each chunk. - * - * @public + * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret + * Key packet and has exactly the same format. + * @extends SecretKeyPacket */ -class ByteLengthQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('highWaterMark'); - } - return this._byteLengthQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by returning the value of its `byteLength` property. - */ - get size() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('size'); - } - return byteLengthSizeFunction; - } -} -Object.defineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'ByteLengthQueuingStrategy', - configurable: true - }); -} -// Helper functions for the ByteLengthQueuingStrategy. -function byteLengthBrandCheckException(name) { - return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`); -} -function IsByteLengthQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) { - return false; - } - return true; +class SecretSubkeyPacket extends SecretKeyPacket { + static get tag() { + return enums.packet.secretSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); + } } -const countSizeFunction = function size() { - return 1; -}; /** - * A queuing strategy that counts the number of chunks. + * Implementation of the Trust Packet (Tag 12) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: + * The Trust packet is used only within keyrings and is not normally + * exported. Trust packets contain data that record the user's + * specifications of which key holders are trustworthy introducers, + * along with other information that implementing software uses for + * trust information. The format of Trust packets is defined by a given + * implementation. * - * @public + * Trust packets SHOULD NOT be emitted to output streams that are + * transferred to other users, and they SHOULD be ignored on any input + * other than local keyring files. */ -class CountQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'CountQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._countQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('highWaterMark'); - } - return this._countQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by always returning 1. - * This ensures that the total queue size is a count of the number of chunks in the queue. - */ - get size() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('size'); - } - return countSizeFunction; - } -} -Object.defineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'CountQueuingStrategy', - configurable: true - }); -} -// Helper functions for the CountQueuingStrategy. -function countBrandCheckException(name) { - return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`); -} -function IsCountQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) { - return false; - } - return true; -} +class TrustPacket { + static get tag() { + return enums.packet.trust; + } -function convertTransformer(original, context) { - assertDictionary(original, context); - const flush = original === null || original === void 0 ? void 0 : original.flush; - const readableType = original === null || original === void 0 ? void 0 : original.readableType; - const start = original === null || original === void 0 ? void 0 : original.start; - const transform = original === null || original === void 0 ? void 0 : original.transform; - const writableType = original === null || original === void 0 ? void 0 : original.writableType; - return { - flush: flush === undefined ? - undefined : - convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`), - readableType, - start: start === undefined ? - undefined : - convertTransformerStartCallback(start, original, `${context} has member 'start' that`), - transform: transform === undefined ? - undefined : - convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`), - writableType - }; -} -function convertTransformerFlushCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertTransformerStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertTransformerTransformCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); + /** + * Parsing function for a trust packet (tag 12). + * Currently not implemented as we ignore trust packets + */ + read() { + throw new UnsupportedError('Trust packets are not supported'); + } + + write() { + throw new UnsupportedError('Trust packets are not supported'); + } } -// Class TransformStream +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2022 Proton AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream}, - * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side. - * In a manner specific to the transform stream in question, writes to the writable side result in new data being - * made available for reading from the readable side. + * Implementation of the Padding Packet * - * @public + * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}: + * Padding Packet */ -class TransformStream$1 { - constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) { - if (rawTransformer === undefined) { - rawTransformer = null; - } - const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter'); - const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter'); - const transformer = convertTransformer(rawTransformer, 'First parameter'); - if (transformer.readableType !== undefined) { - throw new RangeError('Invalid readableType specified'); - } - if (transformer.writableType !== undefined) { - throw new RangeError('Invalid writableType specified'); - } - const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0); - const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy); - const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1); - const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy); - let startPromise_resolve; - const startPromise = newPromise(resolve => { - startPromise_resolve = resolve; - }); - InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - SetUpTransformStreamDefaultControllerFromTransformer(this, transformer); - if (transformer.start !== undefined) { - startPromise_resolve(transformer.start(this._transformStreamController)); - } - else { - startPromise_resolve(undefined); - } - } - /** - * The readable side of the transform stream. - */ - get readable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('readable'); - } - return this._readable; - } - /** - * The writable side of the transform stream. - */ - get writable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('writable'); - } - return this._writable; - } -} -Object.defineProperties(TransformStream$1.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStream', - configurable: true - }); -} -function InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) { - function startAlgorithm() { - return startPromise; - } - function writeAlgorithm(chunk) { - return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk); - } - function abortAlgorithm(reason) { - return TransformStreamDefaultSinkAbortAlgorithm(stream, reason); - } - function closeAlgorithm() { - return TransformStreamDefaultSinkCloseAlgorithm(stream); - } - stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm); - function pullAlgorithm() { - return TransformStreamDefaultSourcePullAlgorithm(stream); - } - function cancelAlgorithm(reason) { - TransformStreamErrorWritableAndUnblockWrite(stream, reason); - return promiseResolvedWith(undefined); - } - stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure. - stream._backpressure = undefined; - stream._backpressureChangePromise = undefined; - stream._backpressureChangePromise_resolve = undefined; - TransformStreamSetBackpressure(stream, true); - stream._transformStreamController = undefined; -} -function IsTransformStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) { - return false; - } - return true; -} -// This is a no-op if both sides are already errored. -function TransformStreamError(stream, e) { - ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e); - TransformStreamErrorWritableAndUnblockWrite(stream, e); -} -function TransformStreamErrorWritableAndUnblockWrite(stream, e) { - TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController); - WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e); - if (stream._backpressure) { - // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure() - // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time - // _backpressure is set. - TransformStreamSetBackpressure(stream, false); - } -} -function TransformStreamSetBackpressure(stream, backpressure) { - // Passes also when called during construction. - if (stream._backpressureChangePromise !== undefined) { - stream._backpressureChangePromise_resolve(); - } - stream._backpressureChangePromise = newPromise(resolve => { - stream._backpressureChangePromise_resolve = resolve; - }); - stream._backpressure = backpressure; +class PaddingPacket { + static get tag() { + return enums.packet.padding; + } + + constructor() { + this.padding = null; + } + + /** + * Read a padding packet + * @param {Uint8Array | ReadableStream} bytes + */ + read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars + // Padding packets are ignored, so this function is never called. + } + + /** + * Write the padding packet + * @returns {Uint8Array} The padding packet. + */ + write() { + return this.padding; + } + + /** + * Create random padding. + * @param {Number} length - The length of padding to be generated. + * @throws {Error} if padding generation was not successful + * @async + */ + async createPadding(length) { + this.padding = await mod$1.random.getRandomBytes(length); + } } -// Class TransformStreamDefaultController + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Signature can contain the following packets +const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + /** - * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}. - * - * @public + * Class that represents an OpenPGP signature. */ -class TransformStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full. - */ - get desiredSize() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('desiredSize'); - } - const readableController = this._controlledTransformStream._readable._readableStreamController; - return ReadableStreamDefaultControllerGetDesiredSize(readableController); - } - enqueue(chunk = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('enqueue'); - } - TransformStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors both the readable side and the writable side of the controlled transform stream, making all future - * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded. - */ - error(reason = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('error'); - } - TransformStreamDefaultControllerError(this, reason); - } - /** - * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the - * transformer only needs to consume a portion of the chunks written to the writable side. - */ - terminate() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('terminate'); - } - TransformStreamDefaultControllerTerminate(this); - } -} -Object.defineProperties(TransformStreamDefaultController.prototype, { - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStreamDefaultController', - configurable: true - }); -} -// Transform Stream Default Controller Abstract Operations -function IsTransformStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) { - return false; - } - return true; -} -function SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) { - controller._controlledTransformStream = stream; - stream._transformStreamController = controller; - controller._transformAlgorithm = transformAlgorithm; - controller._flushAlgorithm = flushAlgorithm; -} -function SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) { - const controller = Object.create(TransformStreamDefaultController.prototype); - let transformAlgorithm = (chunk) => { - try { - TransformStreamDefaultControllerEnqueue(controller, chunk); - return promiseResolvedWith(undefined); - } - catch (transformResultE) { - return promiseRejectedWith(transformResultE); - } - }; - let flushAlgorithm = () => promiseResolvedWith(undefined); - if (transformer.transform !== undefined) { - transformAlgorithm = chunk => transformer.transform(chunk, controller); - } - if (transformer.flush !== undefined) { - flushAlgorithm = () => transformer.flush(controller); - } - SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm); -} -function TransformStreamDefaultControllerClearAlgorithms(controller) { - controller._transformAlgorithm = undefined; - controller._flushAlgorithm = undefined; -} -function TransformStreamDefaultControllerEnqueue(controller, chunk) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) { - throw new TypeError('Readable side is not in a state that permits enqueue'); - } - // We throttle transform invocations based on the backpressure of the ReadableStream, but we still - // accept TransformStreamDefaultControllerEnqueue() calls. - try { - ReadableStreamDefaultControllerEnqueue(readableController, chunk); - } - catch (e) { - // This happens when readableStrategy.size() throws. - TransformStreamErrorWritableAndUnblockWrite(stream, e); - throw stream._readable._storedError; - } - const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController); - if (backpressure !== stream._backpressure) { - TransformStreamSetBackpressure(stream, true); - } -} -function TransformStreamDefaultControllerError(controller, e) { - TransformStreamError(controller._controlledTransformStream, e); -} -function TransformStreamDefaultControllerPerformTransform(controller, chunk) { - const transformPromise = controller._transformAlgorithm(chunk); - return transformPromiseWith(transformPromise, undefined, r => { - TransformStreamError(controller._controlledTransformStream, r); - throw r; - }); -} -function TransformStreamDefaultControllerTerminate(controller) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - ReadableStreamDefaultControllerClose(readableController); - const error = new TypeError('TransformStream terminated'); - TransformStreamErrorWritableAndUnblockWrite(stream, error); -} -// TransformStreamDefaultSink Algorithms -function TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) { - const controller = stream._transformStreamController; - if (stream._backpressure) { - const backpressureChangePromise = stream._backpressureChangePromise; - return transformPromiseWith(backpressureChangePromise, () => { - const writable = stream._writable; - const state = writable._state; - if (state === 'erroring') { - throw writable._storedError; - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - }); - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); -} -function TransformStreamDefaultSinkAbortAlgorithm(stream, reason) { - // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already - // errored. - TransformStreamError(stream, reason); - return promiseResolvedWith(undefined); -} -function TransformStreamDefaultSinkCloseAlgorithm(stream) { - // stream._readable cannot change after construction, so caching it across a call to user code is safe. - const readable = stream._readable; - const controller = stream._transformStreamController; - const flushPromise = controller._flushAlgorithm(); - TransformStreamDefaultControllerClearAlgorithms(controller); - // Return a promise that is fulfilled with undefined on success. - return transformPromiseWith(flushPromise, () => { - if (readable._state === 'errored') { - throw readable._storedError; - } - ReadableStreamDefaultControllerClose(readable._readableStreamController); - }, r => { - TransformStreamError(stream, r); - throw readable._storedError; - }); -} -// TransformStreamDefaultSource Algorithms -function TransformStreamDefaultSourcePullAlgorithm(stream) { - // Invariant. Enforced by the promises returned by start() and pull(). - TransformStreamSetBackpressure(stream, false); - // Prevent the next pull() call until there is backpressure. - return stream._backpressureChangePromise; -} -// Helper functions for the TransformStreamDefaultController. -function defaultControllerBrandCheckException(name) { - return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`); -} -// Helper functions for the TransformStream. -function streamBrandCheckException(name) { - return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`); -} +class Signature { + /** + * @param {PacketList} packetlist - The signature packets + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } -var ponyfill_es6 = /*#__PURE__*/Object.freeze({ - __proto__: null, - ByteLengthQueuingStrategy: ByteLengthQueuingStrategy, - CountQueuingStrategy: CountQueuingStrategy, - ReadableByteStreamController: ReadableByteStreamController, - ReadableStream: ReadableStream$1, - ReadableStreamBYOBReader: ReadableStreamBYOBReader, - ReadableStreamBYOBRequest: ReadableStreamBYOBRequest, - ReadableStreamDefaultController: ReadableStreamDefaultController, - ReadableStreamDefaultReader: ReadableStreamDefaultReader, - TransformStream: TransformStream$1, - TransformStreamDefaultController: TransformStreamDefaultController, - WritableStream: WritableStream$1, - WritableStreamDefaultController: WritableStreamDefaultController, - WritableStreamDefaultWriter: WritableStreamDefaultWriter -}); + /** + * Returns binary encoded signature + * @returns {ReadableStream} Binary signature. + */ + write() { + return this.packets.write(); + } -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise */ - -var extendStatics = function(d, b) { - extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return extendStatics(d, b); -}; + /** + * Returns ASCII armored text of signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config$1); + } -function __extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); + /** + * Returns an array of KeyIDs of all of the issuers who created this signature + * @returns {Array} The Key IDs of the signing keys + */ + getSigningKeyIDs() { + return this.packets.map(packet => packet.issuerKeyID); + } } -function assert$1(test) { - if (!test) { - throw new TypeError('Assertion failed'); +/** + * reads an (optionally armored) OpenPGP signature and returns a signature object + * @param {Object} options + * @param {String} [options.armoredSignature] - Armored signature to be parsed + * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New signature object. + * @async + * @static + */ +async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredSignature || binarySignature; + if (!input) { + throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); + } + if (armoredSignature && !util.isString(armoredSignature)) { + throw new Error('readSignature: options.armoredSignature must be a string'); + } + if (binarySignature && !util.isUint8Array(binarySignature)) { + throw new Error('readSignature: options.binarySignature must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (armoredSignature) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.signature) { + throw new Error('Armored text not of type signature'); } + input = data; + } + const packetlist = await PacketList.fromBinary(input, allowedPackets$1, config$1); + return new Signature(packetlist); } -function noop$1() { - return; -} -function typeIsObject$1(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} +/** + * @fileoverview Provides helpers methods for key module + * @module key/helper + */ -function isStreamConstructor(ctor) { - if (typeof ctor !== 'function') { - return false; - } - var startCalled = false; - try { - new ctor({ - start: function () { - startCalled = true; - } - }); - } - catch (e) { - // ignore - } - return startCalled; -} -function isReadableStream(readable) { - if (!typeIsObject$1(readable)) { - return false; - } - if (typeof readable.getReader !== 'function') { - return false; - } - return true; -} -function isReadableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isReadableStream(new ctor())) { - return false; - } - return true; -} -function isWritableStream(writable) { - if (!typeIsObject$1(writable)) { - return false; - } - if (typeof writable.getWriter !== 'function') { - return false; - } - return true; -} -function isWritableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isWritableStream(new ctor())) { - return false; - } - return true; -} -function isTransformStream(transform) { - if (!typeIsObject$1(transform)) { - return false; - } - if (!isReadableStream(transform.readable)) { - return false; - } - if (!isWritableStream(transform.writable)) { - return false; - } - return true; -} -function isTransformStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isTransformStream(new ctor())) { - return false; - } - return true; + +async function generateSecretSubkey(options, config) { + const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); + secretSubkeyPacket.packets = null; + secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretSubkeyPacket.generate(options.rsaBits, options.curve); + await secretSubkeyPacket.computeFingerprintAndKeyID(); + return secretSubkeyPacket; } -function supportsByobReader(readable) { - try { - var reader = readable.getReader({ mode: 'byob' }); - reader.releaseLock(); - return true; - } - catch (_a) { - return false; - } + +async function generateSecretKey(options, config) { + const secretKeyPacket = new SecretKeyPacket(options.date, config); + secretKeyPacket.packets = null; + secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); + await secretKeyPacket.computeFingerprintAndKeyID(); + return secretKeyPacket; } -function supportsByteSource(ctor) { + +/** + * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. + * @param {Array} signatures - List of signatures + * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature + * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures, + * `enums.signatures.certGeneric` should be given regardless of the actual trust level) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - full configuration + * @returns {Promise} The latest valid signature. + * @async + */ +async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { + let latestValid; + let exception; + for (let i = signatures.length - 1; i >= 0; i--) { try { - new ctor({ type: 'bytes' }); - return true; - } - catch (_a) { - return false; + if ( + (!latestValid || signatures[i].created >= latestValid.created) + ) { + await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); + latestValid = signatures[i]; + } + } catch (e) { + exception = e; } + } + if (!latestValid) { + throw util.wrapError( + `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` + .replace('certGeneric ', 'self-') + .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), + exception); + } + return latestValid; } -function createReadableStreamWrapper(ctor) { - assert$1(isReadableStreamConstructor(ctor)); - var byteSourceSupported = supportsByteSource(ctor); - return function (readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - type = parseReadableType(type); - if (type === 'bytes' && !byteSourceSupported) { - type = undefined; - } - if (readable.constructor === ctor) { - if (type !== 'bytes' || supportsByobReader(readable)) { - return readable; - } - } - if (type === 'bytes') { - var source = createWrappingReadableSource(readable, { type: type }); - return new ctor(source); - } - else { - var source = createWrappingReadableSource(readable); - return new ctor(source); - } - }; -} -function createWrappingReadableSource(readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - assert$1(isReadableStream(readable)); - assert$1(readable.locked === false); - type = parseReadableType(type); - var source; - if (type === 'bytes') { - source = new WrappingReadableByteStreamSource(readable); - } - else { - source = new WrappingReadableStreamDefaultSource(readable); - } - return source; -} -function parseReadableType(type) { - var typeString = String(type); - if (typeString === 'bytes') { - return typeString; - } - else if (type === undefined) { - return type; - } - else { - throw new RangeError('Invalid type is specified'); - } -} -var AbstractWrappingReadableStreamSource = /** @class */ (function () { - function AbstractWrappingReadableStreamSource(underlyingStream) { - this._underlyingReader = undefined; - this._readerMode = undefined; - this._readableStreamController = undefined; - this._pendingRead = undefined; - this._underlyingStream = underlyingStream; - // always keep a reader attached to detect close/error - this._attachDefaultReader(); - } - AbstractWrappingReadableStreamSource.prototype.start = function (controller) { - this._readableStreamController = controller; - }; - AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) { - assert$1(this._underlyingReader !== undefined); - return this._underlyingReader.cancel(reason); - }; - AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () { - if (this._readerMode === "default" /* DEFAULT */) { - return; - } - this._detachReader(); - var reader = this._underlyingStream.getReader(); - this._readerMode = "default" /* DEFAULT */; - this._attachReader(reader); - }; - AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) { - var _this = this; - assert$1(this._underlyingReader === undefined); - this._underlyingReader = reader; - var closed = this._underlyingReader.closed; - if (!closed) { - return; - } - closed - .then(function () { return _this._finishPendingRead(); }) - .then(function () { - if (reader === _this._underlyingReader) { - _this._readableStreamController.close(); - } - }, function (reason) { - if (reader === _this._underlyingReader) { - _this._readableStreamController.error(reason); - } - }) - .catch(noop$1); - }; - AbstractWrappingReadableStreamSource.prototype._detachReader = function () { - if (this._underlyingReader === undefined) { - return; - } - this._underlyingReader.releaseLock(); - this._underlyingReader = undefined; - this._readerMode = undefined; - }; - AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () { - var _this = this; - this._attachDefaultReader(); - // TODO Backpressure? - var read = this._underlyingReader.read() - .then(function (result) { - var controller = _this._readableStreamController; - if (result.done) { - _this._tryClose(); - } - else { - controller.enqueue(result.value); - } - }); - this._setPendingRead(read); - return read; - }; - AbstractWrappingReadableStreamSource.prototype._tryClose = function () { - try { - this._readableStreamController.close(); - } - catch (_a) { - // already errored or closed - } - }; - AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) { - var _this = this; - var pendingRead; - var finishRead = function () { - if (_this._pendingRead === pendingRead) { - _this._pendingRead = undefined; - } - }; - this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead); - }; - AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () { - var _this = this; - if (!this._pendingRead) { - return undefined; - } - var afterRead = function () { return _this._finishPendingRead(); }; - return this._pendingRead.then(afterRead, afterRead); - }; - return AbstractWrappingReadableStreamSource; -}()); -var WrappingReadableStreamDefaultSource = /** @class */ (function (_super) { - __extends(WrappingReadableStreamDefaultSource, _super); - function WrappingReadableStreamDefaultSource() { - return _super !== null && _super.apply(this, arguments) || this; - } - WrappingReadableStreamDefaultSource.prototype.pull = function () { - return this._pullWithDefaultReader(); - }; - return WrappingReadableStreamDefaultSource; -}(AbstractWrappingReadableStreamSource)); -function toUint8Array(view) { - return new Uint8Array(view.buffer, view.byteOffset, view.byteLength); -} -function copyArrayBufferView(from, to) { - var fromArray = toUint8Array(from); - var toArray = toUint8Array(to); - toArray.set(fromArray, 0); -} -var WrappingReadableByteStreamSource = /** @class */ (function (_super) { - __extends(WrappingReadableByteStreamSource, _super); - function WrappingReadableByteStreamSource(underlyingStream) { - var _this = this; - var supportsByob = supportsByobReader(underlyingStream); - _this = _super.call(this, underlyingStream) || this; - _this._supportsByob = supportsByob; - return _this; - } - Object.defineProperty(WrappingReadableByteStreamSource.prototype, "type", { - get: function () { - return 'bytes'; - }, - enumerable: false, - configurable: true - }); - WrappingReadableByteStreamSource.prototype._attachByobReader = function () { - if (this._readerMode === "byob" /* BYOB */) { - return; - } - assert$1(this._supportsByob); - this._detachReader(); - var reader = this._underlyingStream.getReader({ mode: 'byob' }); - this._readerMode = "byob" /* BYOB */; - this._attachReader(reader); - }; - WrappingReadableByteStreamSource.prototype.pull = function () { - if (this._supportsByob) { - var byobRequest = this._readableStreamController.byobRequest; - if (byobRequest) { - return this._pullWithByobRequest(byobRequest); - } - } - return this._pullWithDefaultReader(); - }; - WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) { - var _this = this; - this._attachByobReader(); - // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly - // create a separate buffer to read into, then copy that to byobRequest.view - var buffer = new Uint8Array(byobRequest.view.byteLength); - // TODO Backpressure? - var read = this._underlyingReader.read(buffer) - .then(function (result) { - _this._readableStreamController; - if (result.done) { - _this._tryClose(); - byobRequest.respond(0); - } - else { - copyArrayBufferView(result.value, byobRequest.view); - byobRequest.respond(result.value.byteLength); - } - }); - this._setPendingRead(read); - return read; - }; - return WrappingReadableByteStreamSource; -}(AbstractWrappingReadableStreamSource)); - -function createWritableStreamWrapper(ctor) { - assert$1(isWritableStreamConstructor(ctor)); - return function (writable) { - if (writable.constructor === ctor) { - return writable; - } - var sink = createWrappingWritableSink(writable); - return new ctor(sink); - }; +function isDataExpired(keyPacket, signature, date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + const expirationTime = getKeyExpirationTime(keyPacket, signature); + return !(keyPacket.created <= normDate && normDate < expirationTime); + } + return false; } -function createWrappingWritableSink(writable) { - assert$1(isWritableStream(writable)); - assert$1(writable.locked === false); - var writer = writable.getWriter(); - return new WrappingWritableStreamSink(writer); -} -var WrappingWritableStreamSink = /** @class */ (function () { - function WrappingWritableStreamSink(underlyingWriter) { - var _this = this; - this._writableStreamController = undefined; - this._pendingWrite = undefined; - this._state = "writable" /* WRITABLE */; - this._storedError = undefined; - this._underlyingWriter = underlyingWriter; - this._errorPromise = new Promise(function (resolve, reject) { - _this._errorPromiseReject = reject; - }); - this._errorPromise.catch(noop$1); - } - WrappingWritableStreamSink.prototype.start = function (controller) { - var _this = this; - this._writableStreamController = controller; - this._underlyingWriter.closed - .then(function () { - _this._state = "closed" /* CLOSED */; - }) - .catch(function (reason) { return _this._finishErroring(reason); }); - }; - WrappingWritableStreamSink.prototype.write = function (chunk) { - var _this = this; - var writer = this._underlyingWriter; - // Detect past errors - if (writer.desiredSize === null) { - return writer.ready; - } - var writeRequest = writer.write(chunk); - // Detect future errors - writeRequest.catch(function (reason) { return _this._finishErroring(reason); }); - writer.ready.catch(function (reason) { return _this._startErroring(reason); }); - // Reject write when errored - var write = Promise.race([writeRequest, this._errorPromise]); - this._setPendingWrite(write); - return write; - }; - WrappingWritableStreamSink.prototype.close = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return this._underlyingWriter.close(); - } - return this._finishPendingWrite().then(function () { return _this.close(); }); - }; - WrappingWritableStreamSink.prototype.abort = function (reason) { - if (this._state === "errored" /* ERRORED */) { - return undefined; - } - var writer = this._underlyingWriter; - return writer.abort(reason); - }; - WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) { - var _this = this; - var pendingWrite; - var finishWrite = function () { - if (_this._pendingWrite === pendingWrite) { - _this._pendingWrite = undefined; - } - }; - this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite); - }; - WrappingWritableStreamSink.prototype._finishPendingWrite = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return Promise.resolve(); - } - var afterWrite = function () { return _this._finishPendingWrite(); }; - return this._pendingWrite.then(afterWrite, afterWrite); - }; - WrappingWritableStreamSink.prototype._startErroring = function (reason) { - var _this = this; - if (this._state === "writable" /* WRITABLE */) { - this._state = "erroring" /* ERRORING */; - this._storedError = reason; - var afterWrite = function () { return _this._finishErroring(reason); }; - if (this._pendingWrite === undefined) { - afterWrite(); - } - else { - this._finishPendingWrite().then(afterWrite, afterWrite); - } - this._writableStreamController.error(reason); - } - }; - WrappingWritableStreamSink.prototype._finishErroring = function (reason) { - if (this._state === "writable" /* WRITABLE */) { - this._startErroring(reason); - } - if (this._state === "erroring" /* ERRORING */) { - this._state = "errored" /* ERRORED */; - this._errorPromiseReject(this._storedError); - } - }; - return WrappingWritableStreamSink; -}()); -function createTransformStreamWrapper(ctor) { - assert$1(isTransformStreamConstructor(ctor)); - return function (transform) { - if (transform.constructor === ctor) { - return transform; - } - var transformer = createWrappingTransformer(transform); - return new ctor(transformer); - }; +/** + * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} + * @param {SecretSubkeyPacket} subkey - Subkey key packet + * @param {SecretKeyPacket} primaryKey - Primary key packet + * @param {Object} options + * @param {Object} config - Full configuration + */ +async function createBindingSignature(subkey, primaryKey, options, config) { + const dataToSign = {}; + dataToSign.key = primaryKey; + dataToSign.bind = subkey; + const signatureProperties = { signatureType: enums.signature.subkeyBinding }; + if (options.sign) { + signatureProperties.keyFlags = [enums.keyFlags.signData]; + signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, { + signatureType: enums.signature.keyBinding + }, options.date, undefined, undefined, undefined, config); + } else { + signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; + } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; + } + const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); + return subkeySignaturePacket; } -function createWrappingTransformer(transform) { - assert$1(isTransformStream(transform)); - var readable = transform.readable, writable = transform.writable; - assert$1(readable.locked === false); - assert$1(writable.locked === false); - var reader = readable.getReader(); - var writer; - try { - writer = writable.getWriter(); + +/** + * Returns the preferred signature hash algorithm for a set of keys. + * @param {Array} [targetKeys] - The keys to get preferences from + * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from + * @param {Object} config - full configuration + * @returns {Promise} + * @async + */ +async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { + /** + * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the + * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). + * if no keys are available, `preferredSenderAlgo` is returned. + * For ECC signing key, the curve preferred hash is taken into account as well (see logic below). + */ + const defaultAlgo = enums.hash.sha256; // MUST implement + const preferredSenderAlgo = config.preferredHashAlgorithm; + + const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => { + const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config); + const targetPrefs = selfCertification.preferredHashAlgorithms; + return targetPrefs; + })); + const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys + for (const supportedAlgos of supportedAlgosPerTarget) { + for (const hashAlgo of supportedAlgos) { + try { + // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on + const supportedAlgo = enums.write(enums.hash, hashAlgo); + supportedAlgosMap.set( + supportedAlgo, + supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1 + ); + } catch {} } - catch (e) { - reader.releaseLock(); // do not leak reader - throw e; + } + const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo; + const getStrongestSupportedHashAlgo = () => { + if (supportedAlgosMap.size === 0) { + return defaultAlgo; } - return new WrappingTransformStreamTransformer(reader, writer); -} -var WrappingTransformStreamTransformer = /** @class */ (function () { - function WrappingTransformStreamTransformer(reader, writer) { - var _this = this; - this._transformStreamController = undefined; - this._onRead = function (result) { - if (result.done) { - return; - } - _this._transformStreamController.enqueue(result.value); - return _this._reader.read().then(_this._onRead); - }; - this._onError = function (reason) { - _this._flushReject(reason); - _this._transformStreamController.error(reason); - _this._reader.cancel(reason).catch(noop$1); - _this._writer.abort(reason).catch(noop$1); - }; - this._onTerminate = function () { - _this._flushResolve(); - _this._transformStreamController.terminate(); - var error = new TypeError('TransformStream terminated'); - _this._writer.abort(error).catch(noop$1); - }; - this._reader = reader; - this._writer = writer; - this._flushPromise = new Promise(function (resolve, reject) { - _this._flushResolve = resolve; - _this._flushReject = reject; - }); + const sortedHashAlgos = Array.from(supportedAlgosMap.keys()) + .filter(hashAlgo => isSupportedHashAlgo(hashAlgo)) + .sort((algoA, algoB) => mod$1.hash.getHashByteLength(algoA) - mod$1.hash.getHashByteLength(algoB)); + const strongestHashAlgo = sortedHashAlgos[0]; + // defaultAlgo is always implicilty supported, and might be stronger than the rest + return mod$1.hash.getHashByteLength(strongestHashAlgo) >= mod$1.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo; + }; + + const eccAlgos = new Set([ + enums.publicKey.ecdsa, + enums.publicKey.eddsaLegacy, + enums.publicKey.ed25519, + enums.publicKey.ed448 + ]); + + if (eccAlgos.has(signingKeyPacket.algorithm)) { + // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: + // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 + // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough; + // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve + // preferred algo, even if not supported by all targets. + const preferredCurveAlgo = mod$1.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid); + + const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo); + const preferredSenderAlgoStrongerThanCurveAlgo = mod$1.hash.getHashByteLength(preferredSenderAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo); + + if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) { + return preferredSenderAlgo; + } else { + const strongestSupportedAlgo = getStrongestSupportedHashAlgo(); + return mod$1.hash.getHashByteLength(strongestSupportedAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo) ? + strongestSupportedAlgo : + preferredCurveAlgo; } - WrappingTransformStreamTransformer.prototype.start = function (controller) { - this._transformStreamController = controller; - this._reader.read() - .then(this._onRead) - .then(this._onTerminate, this._onError); - var readerClosed = this._reader.closed; - if (readerClosed) { - readerClosed - .then(this._onTerminate, this._onError); - } - }; - WrappingTransformStreamTransformer.prototype.transform = function (chunk) { - return this._writer.write(chunk); - }; - WrappingTransformStreamTransformer.prototype.flush = function () { - var _this = this; - return this._writer.close() - .then(function () { return _this._flushPromise; }); - }; - return WrappingTransformStreamTransformer; -}()); + } -var webStreamsAdapter = /*#__PURE__*/Object.freeze({ - __proto__: null, - createReadableStreamWrapper: createReadableStreamWrapper, - createTransformStreamWrapper: createTransformStreamWrapper, - createWrappingReadableSource: createWrappingReadableSource, - createWrappingTransformer: createWrappingTransformer, - createWrappingWritableSink: createWrappingWritableSink, - createWritableStreamWrapper: createWritableStreamWrapper -}); + // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this, + // since it was manually set by the sender. + return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo(); +} + +/** + * Returns the preferred compression algorithm for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Preferred compression algorithm + * @async + */ +async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const defaultAlgo = enums.compression.uncompressed; + const preferredSenderAlgo = config$1.preferredCompressionAlgorithm; -var bn = createCommonjsModule(function (module) { -(function (module, exports) { + // if preferredSenderAlgo appears in the prefs of all recipients, we pick it + // otherwise we use the default algo + // if no keys are available, preferredSenderAlgo is returned + const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { + const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config$1); + const recipientPrefs = selfCertification.preferredCompressionAlgorithms; + return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; + })); + return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; +} - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); +/** + * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred + * @async + */ +async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1))); + const withAEAD = keys.length ? + selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) : + config$1.aeadProtect; + + if (withAEAD) { + const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb }; + const desiredCipherSuites = [ + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: config$1.preferredAEADAlgorithm }, + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb }, + { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config$1.preferredAEADAlgorithm } + ]; + for (const desiredCipherSuite of desiredCipherSuites) { + if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some( + cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo + ))) { + return desiredCipherSuite; + } + } + return defaultCipherSuite; } + const defaultSymAlgo = enums.symmetric.aes128; + const desiredSymAlgo = config$1.preferredSymmetricAlgorithm; + return { + symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ? + desiredSymAlgo : + defaultSymAlgo, + aeadAlgo: undefined + }; +} - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; +/** + * Create signature packet + * @param {Object} dataToSign - Contains packets to be signed + * @param {Array} recipientKeys - keys to get preferences from + * @param {SecretKeyPacket| + * SecretSubkeyPacket} signingKeyPacket secret key packet for signing + * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing + * @param {Date} [date] - Override the creationtime of the signature + * @param {Object} [userID] - User ID + * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [detached] - Whether to create a detached signature packet + * @param {Object} config - full configuration + * @returns {Promise} Signature packet. + */ +async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) { + if (signingKeyPacket.isDummy()) { + throw new Error('Cannot sign with a gnu-dummy key.'); } + if (!signingKeyPacket.isDecrypted()) { + throw new Error('Signing key is not decrypted.'); + } + const signaturePacket = new SignaturePacket(); + Object.assign(signaturePacket, signatureProperties); + signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; + signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config); + signaturePacket.rawNotations = [...notations]; + await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config); + return signaturePacket; +} - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; +/** + * Merges signatures from source[attr] to dest[attr] + * @param {Object} source + * @param {Object} dest + * @param {String} attr + * @param {Date} [date] - date to use for signature expiration check, instead of the current time + * @param {Function} [checkFn] - signature only merged if true + */ +async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { + source = source[attr]; + if (source) { + if (!dest[attr].length) { + dest[attr] = source; + } else { + await Promise.all(source.map(async function(sourceSig) { + if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && + !dest[attr].some(function(destSig) { + return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); + })) { + dest[attr].push(sourceSig); + } + })); } + } +} - this.negative = 0; - this.words = null; - this.length = 0; +/** + * Checks if a given certificate or binding signature is revoked + * @param {SecretKeyPacket| + * PublicKeyPacket} primaryKey The primary key packet + * @param {Object} dataToVerify - The data to check + * @param {Array} revocations - The revocation signatures to check + * @param {SignaturePacket} signature - The certificate or signature to check + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the signature revokes the data. + * @async + */ +async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { + key = key || primaryKey; + const revocationKeyIDs = []; + await Promise.all(revocations.map(async function(revocationSignature) { + try { + if ( + // Note: a third-party revocation signature could legitimately revoke a + // self-signature if the signature has an authorized revocation key. + // However, we don't support passing authorized revocation keys, nor + // verifying such revocation signatures. Instead, we indicate an error + // when parsing a key with an authorized revocation key, and ignore + // third-party revocation signatures here. (It could also be revoking a + // third-party key certification, which should only affect + // `verifyAllCertifications`.) + !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) + ) { + const isHardRevocation = ![ + enums.reasonForRevocation.keyRetired, + enums.reasonForRevocation.keySuperseded, + enums.reasonForRevocation.userIDInvalid + ].includes(revocationSignature.reasonForRevocationFlag); - // Reduction context - this.red = null; + await revocationSignature.verify( + key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config + ); - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; + // TODO get an identifier of the revoked object instead + revocationKeyIDs.push(revocationSignature.issuerKeyID); } + } catch (e) {} + })); + // TODO further verify that this is the signature that should be revoked + if (signature) { + signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : + signature.revoked || false; + return signature.revoked; + } + return revocationKeyIDs.length > 0; +} - this._init(number || 0, base || 10, endian || 'be'); - } +/** + * Returns key expiration time based on the given certification signature. + * The expiration time of the signature is ignored. + * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check + * @param {SignaturePacket} signature - signature to process + * @returns {Date|Infinity} expiration time or infinity if the key does not expire + */ +function getKeyExpirationTime(keyPacket, signature) { + let expirationTime; + // check V4 expiration time + if (signature.keyNeverExpires === false) { + expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; + return expirationTime ? new Date(expirationTime) : Infinity; +} + +function sanitizeKeyOptions(options, subkeyDefaults = {}) { + options.type = options.type || subkeyDefaults.type; + options.curve = options.curve || subkeyDefaults.curve; + options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; + options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; + + options.sign = options.sign || false; + + switch (options.type) { + case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve` + try { + options.curve = enums.write(enums.curve, options.curve); + } catch (e) { + throw new Error('Unknown curve'); + } + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy || + options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now + options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; + } + if (options.sign) { + options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; + } else { + options.algorithm = enums.publicKey.ecdh; + } + break; + case 'curve25519': + options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519; + break; + case 'curve448': + options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448; + break; + case 'rsa': + options.algorithm = enums.publicKey.rsaEncryptSign; + break; + default: + throw new Error(`Unsupported key type ${options.type}`); } + return options; +} - BN.BN = BN; - BN.wordSize = 26; +function validateSigningKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + default: + return false; + } +} - var Buffer; - try { - Buffer = buffer.Buffer; - } catch (e) { +function validateEncryptionKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + default: + return false; } +} - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; +function validateDecryptionKeyPacket(keyPacket, signature, config) { + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) { + // This is only relevant for RSA keys, all other signing algorithms cannot decrypt + return true; + } - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; } + default: + return false; + } +} - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } +/** + * Check key against blacklisted algorithms and minimum strength requirements. + * @param {SecretKeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket + * @param {Config} config + * @throws {Error} if the key packet does not meet the requirements + */ +function checkKeyRequirements(keyPacket, config) { + const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); + const algoInfo = keyPacket.getAlgorithmInfo(); + if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { + throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); + } + switch (keyAlgo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.rsaEncrypt: + if (algoInfo.bits < config.minRSABits) { + throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); + } + break; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ecdh: + if (config.rejectCurves.has(algoInfo.curve)) { + throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); + } + break; + } +} - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); +/** + * @module key/User + */ - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - } - if (base === 16) { - this._parseHex(number, start); - } else { - this._parseBase(number, base, start); - } +/** + * Class that represents an user ID or attribute packet and the relevant signatures. + * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info + * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + */ +class User { + constructor(userPacket, mainKey) { + this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; + this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; + this.selfCertifications = []; + this.otherCertifications = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } - if (number[0] === '-') { - this.negative = 1; - } + /** + * Transforms structured user data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.userID || this.userAttribute); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.selfCertifications); + packetlist.push(...this.otherCertifications); + return packetlist; + } - this.strip(); + /** + * Shallow clone + * @returns {User} + */ + clone() { + const user = new User(this.userID || this.userAttribute, this.mainKey); + user.selfCertifications = [...this.selfCertifications]; + user.otherCertifications = [...this.otherCertifications]; + user.revocationSignatures = [...this.revocationSignatures]; + return user; + } - if (endian !== 'le') return; + /** + * Generate third-party certifications over this user and its primary key + * @param {Array} signingKeys - Decrypted private keys for signing + * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} New user with new certifications. + * @async + */ + async certify(signingKeys, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { + if (!privateKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + if (privateKey.hasSameFingerprintAs(primaryKey)) { + throw new Error("The user's own key can only be used for self-certifications"); + } + const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); + return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, { + // Most OpenPGP implementations use generic certification (0x10) + signatureType: enums.signature.certGeneric, + keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] + }, date, undefined, undefined, undefined, config); + })); + await user.update(this, date, config); + return user; + } - this._initArray(this.toArray(), base, endian); - }; + /** + * Checks if a given certificate of the user is revoked + * @param {SignaturePacket} certificate - The certificate to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked(primaryKey, enums.signature.certRevocation, { + key: primaryKey, + userID: this.userID, + userAttribute: this.userAttribute + }, this.revocationSignatures, certificate, keyPacket, date, config$1); + } - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; + /** + * Verifies the user certificate. + * @param {SignaturePacket} certificate - A certificate of this user + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate + * @throws if the user certificate is invalid. + * @async + */ + async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const { issuerKeyID } = certificate; + const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); + if (issuerKeys.length === 0) { + return null; } + await Promise.all(issuerKeys.map(async key => { + const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); + if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { + throw new Error('User certificate is revoked'); + } + try { + await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('User certificate is invalid', e); + } + })); + return true; + } - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } + /** + * Verifies all user certificates + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllCertifications(verificationKeys, date = new Date(), config) { + const that = this; + const certifications = this.selfCertifications.concat(this.otherCertifications); + return Promise.all(certifications.map(async certification => ({ + keyID: certification.issuerKeyID, + valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) + }))); + } - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; + /** + * Verify User. Checks for existence of self signatures, revocation signatures + * and validity of self signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} Status of user. + * @throws {Error} if there are no valid self signatures. + * @async + */ + async verify(date = new Date(), config) { + if (!this.selfCertifications.length) { + throw new Error('No self-certifications found'); } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // TODO replace when Promise.some or Promise.any are implemented + let exception; + for (let i = this.selfCertifications.length - 1; i >= 0; i--) { + try { + const selfCertification = this.selfCertifications[i]; + if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { + throw new Error('Self-certification is revoked'); } - } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; + try { + await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('Self-certification is invalid', e); } + return true; + } catch (e) { + exception = e; } } - return this.strip(); - }; - - function parseHex (str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r <<= 4; - - // 'a' - 'f' - if (c >= 49 && c <= 54) { - r |= c - 49 + 0xa; - - // 'A' - 'F' - } else if (c >= 17 && c <= 22) { - r |= c - 17 + 0xa; - - // '0' - '9' - } else { - r |= c & 0xf; - } - } - return r; + throw exception; } - BN.prototype._parseHex = function _parseHex (number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (i = number.length - 6, j = 0; i >= start; i -= 6) { - w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - if (i + 6 !== start) { - w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - } - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; - - // '0' - '9' - } else { - r += c; + /** + * Update user with new components from specified user + * @param {User} sourceUser - Source user to merge + * @param {Date} date - Date to verify the validity of signatures + * @param {Object} config - Full configuration + * @returns {Promise} + * @async + */ + async update(sourceUser, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // self signatures + await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { + try { + await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); + return true; + } catch (e) { + return false; } - } - return r; + }); + // other signatures + await mergeSignatures(sourceUser, this, 'otherCertifications', date); + // revocation signatures + await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); + }); } - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; - } - limbLen--; - limbPow = (limbPow / base) | 0; + /** + * Revokes the user + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New user with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.certRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await user.update(this); + return user; + } +} - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; +/** + * @module key/Subkey + */ - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } +/** + * Class that represents a subkey packet and the relevant signatures. + * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID + * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint + * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs + * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo + * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime + * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + */ +class Subkey { + /** + * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey + * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey + */ + constructor(subkeyPacket, mainKey) { + this.keyPacket = subkeyPacket; + this.bindingSignatures = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); + /** + * Transforms structured subkey data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.bindingSignatures); + return packetlist; + } - for (i = 0; i < mod; i++) { - pow *= base; - } + /** + * Shallow clone + * @return {Subkey} + */ + clone() { + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.bindingSignatures = [...this.bindingSignatures]; + subkey.revocationSignatures = [...this.revocationSignatures]; + return subkey; + } - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - }; + /** + * Checks if a binding signature of a subkey is revoked + * @param {SignaturePacket} signature - The binding signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the binding signature is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked( + primaryKey, enums.signature.subkeyRevocation, { + key: primaryKey, + bind: this.keyPacket + }, this.revocationSignatures, signature, key, date, config$1 + ); + } - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; + /** + * Verify subkey. Checks for revocation signatures, expiration time + * and valid binding signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} if the subkey is invalid. + * @async + */ + async verify(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + // check subkey binding signatures + const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + // check binding signature is not revoked + if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { + throw new Error('Subkey is revoked'); } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; + // check for expiration time + if (isDataExpired(this.keyPacket, bindingSignature, date)) { + throw new Error('Subkey is expired'); } - return this; - }; + return bindingSignature; + } - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; + /** + * Returns the expiration time of the subkey or Infinity if key does not expire. + * Returns null if the subkey is invalid. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + let bindingSignature; + try { + bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + } catch (e) { + return null; } - return this._normSign(); - }; + const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); + const sigExpiry = bindingSignature.getExpirationTime(); + return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; + } - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; + /** + * Update subkey with new components from specified subkey + * @param {Subkey} subkey - Source subkey to merge + * @param {Date} [date] - Date to verify validity of signatures + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if update failed + * @async + */ + async update(subkey, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + if (!this.hasSameFingerprintAs(subkey)) { + throw new Error('Subkey update method: fingerprints of subkeys not equal'); } - return this; - }; - - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; - - /* - - var zeros = []; - var groupSizes = []; - var groupBases = []; - - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; + // key packet + if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && + subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { + this.keyPacket = subkey.keyPacket; } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } - - */ - - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; - - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; - - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; - - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; + // update missing binding signatures + const that = this; + const dataToVerify = { key: primaryKey, bind: that.keyPacket }; + await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { + for (let i = 0; i < that.bindingSignatures.length; i++) { + if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { + if (srcBindSig.created > that.bindingSignatures[i].created) { + that.bindingSignatures[i] = srcBindSig; + } + return false; } } - if (this.isZero()) { - out = '0' + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; + try { + await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); + return true; + } catch (e) { + return false; } - return out; - } - - assert(false, 'Base should be between 2 and 36'); - }; + }); + // revocation signatures + await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); + }); + } - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; + /** + * Revokes the subkey + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New subkey with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { key: primaryKey, bind: this.keyPacket }; + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.subkeyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await subkey.update(this); + return subkey; + } - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; + hasSameFingerprintAs(other) { + return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + } +} - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { + Subkey.prototype[name] = + function() { + return this.keyPacket[name](); + }; +}); - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); +// A key revocation certificate can contain the following packets +const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); +const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); +const keyPacketTags = new Set([ + enums.packet.publicKey, enums.packet.privateKey, + enums.packet.publicSubkey, enums.packet.privateSubkey +]); - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); +/** + * Abstract class that represents an OpenPGP key. Must contain a primary key. + * Can contain additional subkeys, signatures, user ids, user attributes. + * @borrows PublicKeyPacket#getKeyID as Key#getKeyID + * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint + * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs + * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo + * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + */ +class Key { + /** + * Transforms packetlist to structured key data + * @param {PacketList} packetlist - The packets that form a key + * @param {Set} disallowedPackets - disallowed packet tags + */ + packetListToStructure(packetlist, disallowedPackets = new Set()) { + let user; + let primaryKeyID; + let subkey; + let ignoreUntil; - res[i] = b; - } + for (const packet of packetlist) { - for (; i < reqLength; i++) { - res[i] = 0; + if (packet instanceof UnparseablePacket) { + const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); + if (isUnparseableKeyPacket && !ignoreUntil) { + // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must + // discard all non-key packets that follow, until another (sub)key packet is found. + if (mainKeyPacketTags.has(packet.tag)) { + ignoreUntil = mainKeyPacketTags; + } else { + ignoreUntil = keyPacketTags; + } + } + continue; } - } - - return res; - }; - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; + const tag = packet.constructor.tag; + if (ignoreUntil) { + if (!ignoreUntil.has(tag)) continue; + ignoreUntil = null; } - if (t >= 0x8) { - r += 4; - t >>>= 4; + if (disallowedPackets.has(tag)) { + throw new Error(`Unexpected packet type: ${tag}`); } - if (t >= 0x02) { - r += 2; - t >>>= 2; + switch (tag) { + case enums.packet.publicKey: + case enums.packet.secretKey: + if (this.keyPacket) { + throw new Error('Key block contains multiple keys'); + } + this.keyPacket = packet; + primaryKeyID = this.getKeyID(); + if (!primaryKeyID) { + throw new Error('Missing Key ID'); + } + break; + case enums.packet.userID: + case enums.packet.userAttribute: + user = new User(packet, this); + this.users.push(user); + break; + case enums.packet.publicSubkey: + case enums.packet.secretSubkey: + user = null; + subkey = new Subkey(packet, this); + this.subkeys.push(subkey); + break; + case enums.packet.signature: + switch (packet.signatureType) { + case enums.signature.certGeneric: + case enums.signature.certPersona: + case enums.signature.certCasual: + case enums.signature.certPositive: + if (!user) { + util.printDebug('Dropping certification signatures without preceding user packet'); + continue; + } + if (packet.issuerKeyID.equals(primaryKeyID)) { + user.selfCertifications.push(packet); + } else { + user.otherCertifications.push(packet); + } + break; + case enums.signature.certRevocation: + if (user) { + user.revocationSignatures.push(packet); + } else { + this.directSignatures.push(packet); + } + break; + case enums.signature.key: + this.directSignatures.push(packet); + break; + case enums.signature.subkeyBinding: + if (!subkey) { + util.printDebug('Dropping subkey binding signature without preceding subkey packet'); + continue; + } + subkey.bindingSignatures.push(packet); + break; + case enums.signature.keyRevocation: + this.revocationSignatures.push(packet); + break; + case enums.signature.subkeyRevocation: + if (!subkey) { + util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); + continue; + } + subkey.revocationSignatures.push(packet); + break; + } + break; } - return r + t; - }; + } } - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; + /** + * Transforms structured key data to packetlist + * @returns {PacketList} The packets that form a key. + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.directSignatures); + this.users.map(user => packetlist.push(...user.toPacketList())); + this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); + return packetlist; + } - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; + /** + * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. + * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. + * @returns {Promise} Clone of the key. + */ + clone(clonePrivateParams = false) { + const key = new this.constructor(this.toPacketList()); + if (clonePrivateParams) { + key.getKeys().forEach(k => { + // shallow clone the key packets + k.keyPacket = Object.create( + Object.getPrototypeOf(k.keyPacket), + Object.getOwnPropertyDescriptors(k.keyPacket) + ); + if (!k.keyPacket.isDecrypted()) return; + // deep clone the private params, which are cleared during encryption + const privateParams = {}; + Object.keys(k.keyPacket.privateParams).forEach(name => { + privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); + }); + k.keyPacket.privateParams = privateParams; + }); } - if ((t & 0x1) === 0) { - r++; + return key; + } + + /** + * Returns an array containing all public or private subkeys matching keyID; + * If no keyID is given, returns all subkeys. + * @param {type/keyID} [keyID] - key ID to look for + * @returns {Array} array of subkeys + */ + getSubkeys(keyID = null) { + const subkeys = this.subkeys.filter(subkey => ( + !keyID || subkey.getKeyID().equals(keyID, true) + )); + return subkeys; + } + + /** + * Returns an array containing all public or private keys matching keyID. + * If no keyID is given, returns all keys, starting with the primary key. + * @param {type/keyid~KeyID} [keyID] - key ID to look for + * @returns {Array} array of keys + */ + getKeys(keyID = null) { + const keys = []; + if (!keyID || this.getKeyID().equals(keyID, true)) { + keys.push(this); } - return r; - }; - - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; + return keys.concat(this.getSubkeys(keyID)); + } - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; - } + /** + * Returns key IDs of all keys + * @returns {Array} + */ + getKeyIDs() { + return this.getKeys().map(key => key.getKeyID()); + } - return w; + /** + * Returns userIDs + * @returns {Array} Array of userIDs. + */ + getUserIDs() { + return this.users.map(user => { + return user.userID ? user.userID.userID : null; + }).filter(userID => userID !== null); } - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; + /** + * Returns binary encoded key + * @returns {Uint8Array} Binary key. + */ + write() { + return this.toPacketList().write(); + } - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; + /** + * Returns last created key or key by given keyID that is available for signing and verification + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} signing key + * @throws if no valid signing key was found + * @async + */ + async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature( + subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 + ); + if (!validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + continue; + } + if (!bindingSignature.embeddedSignature) { + throw new Error('Missing embedded signature'); + } + // verify embedded signature + await getLatestValidSignature( + [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 + ); + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } catch (e) { + exception = e; + } + } } - return this.clone(); - }; - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); + try { + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateSigningKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; + throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); + } - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; + /** + * Returns last created key or key by given keyID that is available for encryption or decryption + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} encryption key + * @throws if no valid encryption key was found + * @async + */ + async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - - return this; - }; - - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; + // V4: by convention subkeys are preferred for encryption service + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } + } catch (e) { + exception = e; + } + } } - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; + try { + // if no valid subkey for encryption, evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateEncryptionKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } + throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + } - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; + /** + * Checks if a signature on a key is revoked + * @param {SignaturePacket} signature - The signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + return isDataRevoked( + this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 + ); + } - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; + /** + * Verify primary key. Checks for revocation signatures, expiration time + * and valid self signature. Throws if the primary key is invalid. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} If key verification failed + * @async + */ + async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + // check for key revocation signatures + if (await this.isRevoked(null, null, date, config$1)) { + throw new Error('Primary key is revoked'); } - - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; + // check for valid, unrevoked, unexpired self signature + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + // check for expiration time in binding signatures + if (isDataExpired(primaryKey, selfCertification, date)) { + throw new Error('Primary key is expired'); } + if (primaryKey.version !== 6) { + // check for expiration time in direct signatures (for V6 keys, the above already did so) + const directSignature = await getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; + if (directSignature && isDataExpired(primaryKey, directSignature, date)) { + throw new Error('Primary key is expired'); + } + } + } - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; + /** + * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. + * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. + * @param {Object} [userID] - User ID to consider instead of the primary user + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(userID, config$1 = config) { + let primaryKeyExpiry; + try { + const selfCertification = await this.getPrimarySelfSignature(null, userID, config$1); + const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); + const selfSigExpiry = selfCertification.getExpirationTime(); + const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature. + await getLatestValidSignature( + this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 + ).catch(() => {}); + if (directSignature) { + const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); + // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, + // causing a discountinous validy period for the key + primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); + } else { + primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; + } + } catch (e) { + primaryKeyExpiry = null; + } - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; + return util.normalizeDate(primaryKeyExpiry); + } - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; + /** + * For V4 keys, returns the self-signature of the primary user. + * For V5 keys, returns the latest valid direct-key self-signature. + * This self-signature is to be used to check the key expiration, + * algorithm preferences, and so on. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} The primary self-signature + * @async + */ + async getPrimarySelfSignature(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + if (primaryKey.version === 6) { + return getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ); } + const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + return selfCertification; + } - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + /** + * Returns primary user and most significant (latest valid) self signature + * - if multiple primary users exist, returns the one with the latest self signature + * - otherwise, returns the user with the latest self signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * user: User, + * selfCertification: SignaturePacket + * }>} The primary user and the self signature + * @async + */ + async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const users = []; + let exception; + for (let i = 0; i < this.users.length; i++) { + try { + const user = this.users[i]; + if (!user.userID) { + continue; + } + if ( + (userID.name !== undefined && user.userID.name !== userID.name) || + (userID.email !== undefined && user.userID.email !== userID.email) || + (userID.comment !== undefined && user.userID.comment !== userID.comment) + ) { + throw new Error('Could not find user that matches that user ID'); + } + const dataToVerify = { userID: user.userID, key: primaryKey }; + const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); + users.push({ index: i, user, selfCertification }); + } catch (e) { + exception = e; } } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; + if (!users.length) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('Could not find primary user'); } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); + await Promise.all(users.map(async function (a) { + return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); + })); + // sort by primary user flag and signature creation time + const primaryUser = users.sort(function(a, b) { + const A = a.selfCertification; + const B = b.selfCertification; + return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; + }).pop(); + const { user, selfCertification: cert } = primaryUser; + if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { + throw new Error('Primary user is revoked'); } + return primaryUser; + } - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); + /** + * Update key with new components from specified key with same key ID: + * users, subkeys, certificates are merged into the destination key, + * duplicates and expired signatures are ignored. + * + * If the source key is a private key and the destination key is public, + * a private key is returned. + * @param {Key} sourceKey - Source key to merge + * @param {Date} [date] - Date to verify validity of signatures and keys + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} updated key + * @async + */ + async update(sourceKey, date = new Date(), config$1 = config) { + if (!this.hasSameFingerprintAs(sourceKey)) { + throw new Error('Primary key fingerprints must be equal to update the key'); } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + if (!this.isPrivate() && sourceKey.isPrivate()) { + // check for equal subkey packets + const equal = (this.subkeys.length === sourceKey.subkeys.length) && + (this.subkeys.every(destSubkey => { + return sourceKey.subkeys.some(srcSubkey => { + return destSubkey.hasSameFingerprintAs(srcSubkey); + }); + })); + if (!equal) { + throw new Error('Cannot update public key with private key if subkeys mismatch'); } - } - - return this; - }; - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; + return sourceKey.update(this, config$1); } + // from here on, either: + // - destination key is private, source key is public + // - the keys are of the same type + // hence we don't need to convert the destination key type + const updatedKey = this.clone(); + // revocation signatures + await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { + return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); + }); + // direct signatures + await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); + // update users + await Promise.all(sourceKey.users.map(async srcUser => { + // multiple users with the same ID/attribute are not explicitly disallowed by the spec + // hence we support them, just in case + const usersToUpdate = updatedKey.users.filter(dstUser => ( + (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || + (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) + )); + if (usersToUpdate.length > 0) { + await Promise.all( + usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) + ); + } else { + const newUser = srcUser.clone(); + newUser.mainKey = updatedKey; + updatedKey.users.push(newUser); + } + })); + // update subkeys + await Promise.all(sourceKey.subkeys.map(async srcSubkey => { + // multiple subkeys with same fingerprint might be preset + const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( + dstSubkey.hasSameFingerprintAs(srcSubkey) + )); + if (subkeysToUpdate.length > 0) { + await Promise.all( + subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) + ); + } else { + const newSubkey = srcSubkey.clone(); + newSubkey.mainKey = updatedKey; + updatedKey.subkeys.push(newSubkey); + } + })); - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; + return updatedKey; + } - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } + /** + * Get revocation certificate from a revoked key. + * (To get a revocation certificate for an unrevoked key, call revoke() first.) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Armored revocation certificate. + * @async + */ + async getRevocationCertificate(date = new Date(), config$1 = config) { + const dataToVerify = { key: this.keyPacket }; + const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); + const packetlist = new PacketList(); + packetlist.push(revocationSignature); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config$1); + } - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; + /** + * Applies a revocation certificate to a key + * This adds the first signature packet in the armored text to the key, + * if it is a valid revocation signature. + * @param {String} revocationCertificate - armored revocation certificate + * @param {Date} [date] - Date to verify the certificate + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Revoked key. + * @async + */ + async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { + const input = await unarmor(revocationCertificate); + const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); + const revocationSignature = packetlist.findPacket(enums.packet.signature); + if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { + throw new Error('Could not find revocation signature packet'); } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { + throw new Error('Revocation signature does not match key'); } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + try { + await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); + } catch (e) { + throw util.wrapError('Could not verify revocation signature', e); } + const key = this.clone(); + key.revocationSignatures.push(revocationSignature); + return key; + } - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } + /** + * Signs primary user of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signPrimaryUser(privateKeys, date, userID, config$1 = config) { + const { index, user } = await this.getPrimaryUser(date, userID, config$1); + const userSign = await user.certify(privateKeys, date, config$1); + const key = this.clone(); + key.users[index] = userSign; + return key; + } - this.length = Math.max(this.length, i); + /** + * Signs all users of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for signing, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signAllUsers(privateKeys, date = new Date(), config$1 = config) { + const key = this.clone(); + key.users = await Promise.all(this.users.map(function(user) { + return user.certify(privateKeys, date, config$1); + })); + return key; + } - if (a !== this) { - this.negative = 1; - } + /** + * Verifies primary user of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { + const primaryKey = this.keyPacket; + const { user } = await this.getPrimaryUser(date, userID, config$1); + const results = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + return results; + } + + /** + * Verifies all users of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of userID, signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { + const primaryKey = this.keyPacket; + const results = []; + await Promise.all(this.users.map(async user => { + const signatures = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + + results.push(...signatures.map( + signature => ({ + userID: user.userID ? user.userID.userID : null, + userAttribute: user.userAttribute, + keyID: signature.keyID, + valid: signature.valid + })) + ); + })); + return results; + } +} - return this.strip(); - }; +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { + Key.prototype[name] = + Subkey.prototype[name]; +}); - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; +/** + * Class that represents an OpenPGP Public Key + */ +class PublicKey extends Key { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.keyPacket = null; + this.revocationSignatures = []; + this.directSignatures = []; + this.users = []; + this.subkeys = []; + if (packetlist) { + this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing public-key packet'); } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; - } - - return out.strip(); } - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); + /** + * Returns true if this is a private key + * @returns {false} + */ + isPrivate() { + return false; } - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + return this; } - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } +} - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; +/** + * Class that represents an OpenPGP Private key + */ +class PrivateKey extends PublicKey { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing private-key packet'); } + } - return rb; - }; + /** + * Returns true if this is a private key + * @returns {Boolean} + */ + isPrivate() { + return true; + } - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + const packetlist = new PacketList(); + const keyPackets = this.toPacketList(); + for (const keyPacket of keyPackets) { + switch (keyPacket.constructor.tag) { + case enums.packet.secretKey: { + const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); + packetlist.push(pubKeyPacket); + break; + } + case enums.packet.secretSubkey: { + const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); + packetlist.push(pubSubkeyPacket); + break; + } + default: + packetlist.push(keyPacket); + } } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; + return new PublicKey(packetlist); + } - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; + /** + * Returns all keys that are available for decryption, matching the keyID when given + * This is useful to retrieve keys for session key decryption + * @param {module:type/keyid~KeyID} keyID, optional + * @param {Date} date, optional + * @param {String} userID, optional + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} Array of decryption keys. + * @throws {Error} if no decryption key is found + * @async + */ + async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const keys = []; + let exception = null; + for (let i = 0; i < this.subkeys.length; i++) { + if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { + if (this.subkeys[i].keyPacket.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + continue; + } - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; + try { + const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; + const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config$1)) { + keys.push(this.subkeys[i]); } + } catch (e) { + exception = e; } } } - }; - - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; - } - - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; - - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; - - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; - - t = iws[i]; - - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; - } - }; - - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; - - ws[i] = w & 0x3ffffff; - if (w < 0x4000000) { - carry = 0; + // evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && validateDecryptionKeyPacket(primaryKey, selfCertification, config$1)) { + if (primaryKey.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); } else { - carry = w / 0x4000000 | 0; + keys.push(this); } } - return ws; - }; - - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; - } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; - } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; - } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; - } - - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; - - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; - - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; + if (keys.length === 0) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('No decryption key packets found'); } - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; - - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; + return keys; + } - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); + /** + * Returns true if the primary key or any subkey is decrypted. + * A dummy key is considered encrypted. + */ + isDecrypted() { + return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); + } - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; + /** + * Check whether the private and public primary key parameters correspond + * Together with verification of binding signatures, this guarantees key integrity + * In case of gnu-dummy primary key, it is enough to validate any signing subkeys + * otherwise all encryption subkeys are validated + * If only gnu-dummy keys are found, we cannot properly validate so we throw an error + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if validation was not successful and the key cannot be trusted + * @async + */ + async validate(config$1 = config) { + if (!this.isPrivate()) { + throw new Error('Cannot validate a public key'); } - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; - - res = res.mul(q); + let signingKeyPacket; + if (!this.keyPacket.isDummy()) { + signingKeyPacket = this.keyPacket; + } else { + /** + * It is enough to validate any signing keys + * since its binding signatures are also checked + */ + const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); + // This could again be a dummy key + if (signingKey && !signingKey.keyPacket.isDummy()) { + signingKeyPacket = signingKey.keyPacket; } } - return res; - }; - - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); + if (signingKeyPacket) { + return signingKeyPacket.validate(); + } else { + const keys = this.getKeys(); + const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); + if (allDummies) { + throw new Error('Cannot validate an all-gnu-dummy key'); } - if (carry) { - this.words[i] = carry; - this.length++; - } + return Promise.all(keys.map(async key => key.keyPacket.validate())); } + } - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } - - for (i = 0; i < s; i++) { - this.words[i] = 0; + /** + * Clear private key parameters + */ + clearPrivateParams() { + this.getKeys().forEach(({ keyPacket }) => { + if (keyPacket.isDecrypted()) { + keyPacket.clearPrivateParams(); } + }); + } - this.length += s; + /** + * Revokes the key + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New key with revocation signature. + * @async + */ + async revoke( + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + if (!this.isPrivate()) { + throw new Error('Need private key for revoking'); } + const dataToSign = { key: this.keyPacket }; + const key = this.clone(); + key.revocationSignatures.push(await createSignaturePacket(dataToSign, [], this.keyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, undefined, config$1)); + return key; + } - return this.strip(); - }; - - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; + /** + * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. + * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519. + * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. + * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format). + * Note: Curve448 and Curve25519 are not widely supported yet. + * @param {String} options.curve (optional) Elliptic curve for ECC keys + * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date (optional) Override the creation date of the key and the key signatures + * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false + * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} + * @async + */ + async addSubkey(options = {}) { + const config$1 = { ...config, ...options.config }; + if (options.passphrase) { + throw new Error('Subkey could not be encrypted here, please encrypt whole key'); } - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; + if (options.rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); } - - if (s === 0) ; else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; + const secretKeyPacket = this.keyPacket; + if (secretKeyPacket.isDummy()) { + throw new Error('Cannot add subkey to gnu-dummy primary key'); } - - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; + if (!secretKeyPacket.isDecrypted()) { + throw new Error('Key is not decrypted'); } + const defaultOptions = secretKeyPacket.getAlgorithmInfo(); + defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm); + defaultOptions.rsaBits = defaultOptions.bits || 4096; + defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy'; + options = sanitizeKeyOptions(options, defaultOptions); + // Every subkey for a v4 primary key MUST be a v4 subkey. + // Every subkey for a v6 primary key MUST be a v6 subkey. + // For v5 keys, since we dropped generation support, a v4 subkey is added. + // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user. + const keyPacket = await generateSecretSubkey(options, { ...config$1, v6Keys: this.keyPacket.version === 6 }); + checkKeyRequirements(keyPacket, config$1); + const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); + const packetList = this.toPacketList(); + packetList.push(keyPacket, bindingSignature); + return new PrivateKey(packetList); + } +} - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; - } +function getDefaultSubkeyType(algoName) { + const algo = enums.write(enums.publicKey, algoName); + // NB: no encryption-only algos, since they cannot be in primary keys + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + return 'rsa'; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return 'ecc'; + case enums.publicKey.ed25519: + return 'curve25519'; + case enums.publicKey.ed448: + return 'curve448'; + default: + throw new Error('Unsupported algorithm'); + } +} - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return this.strip(); - }; - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; +// A Key can contain the following packets +const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ + PublicKeyPacket, + PublicSubkeyPacket, + SecretKeyPacket, + SecretSubkeyPacket, + UserIDPacket, + UserAttributePacket, + SignaturePacket +]); - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; +/** + * Creates a PublicKey or PrivateKey depending on the packetlist in input + * @param {PacketList} - packets to parse + * @return {Key} parsed key + * @throws if no key packet was found + */ +function createKey(packetlist) { + for (const packet of packetlist) { + switch (packet.constructor.tag) { + case enums.packet.secretKey: + return new PrivateKey(packetlist); + case enums.packet.publicKey: + return new PublicKey(packetlist); + } + } + throw new Error('No key packet found'); +} - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; +/** + * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format). + * @param {String} options.curve Elliptic curve for ECC keys + * @param {Integer} options.rsaBits Number of bits for RSA keys + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Creation date of the key and the key signatures + * @param {Object} config - Full configuration + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function generate(options, config) { + options.sign = true; // primary key is always a signing key + options = sanitizeKeyOptions(options); + options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); + let promises = [generateSecretKey(options, config)]; + promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); + const packets = await Promise.all(promises); - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; + const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; +} - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; +/** + * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. + * @param {PrivateKey} options.privateKey The private key to reformat + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Override the creation date of the key signatures + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * @param {Object} config - Full configuration + * + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function reformat(options, config) { + options = sanitize(options); + const { privateKey } = options; - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; + if (!privateKey.isPrivate()) { + throw new Error('Cannot reformat a public key'); + } - // Check bit and return - var w = this.words[s]; + if (privateKey.keyPacket.isDummy()) { + throw new Error('Cannot reformat a gnu-dummy primary key'); + } - return !!(w & q); - }; + const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); + if (!isDecrypted) { + throw new Error('Key is not decrypted'); + } - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; + const secretKeyPacket = privateKey.keyPacket; - assert(this.negative === 0, 'imaskn works only with positive numbers'); + if (!options.subkeys) { + options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { + const secretSubkeyPacket = subkey.keyPacket; + const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; + const bindingSignature = await ( + getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) + ).catch(() => ({})); + return { + sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) + }; + })); + } - if (this.length <= s) { - return this; - } + const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); + if (options.subkeys.length !== secretSubkeyPackets.length) { + throw new Error('Number of subkey options does not match number of subkeys'); + } - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); + options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } + const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; - return this.strip(); - }; + function sanitize(options, subkeyDefaults = {}) { + options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; + return options; + } +} - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } +/** + * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection + * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. + * @param {SecretKeyPacket} secretKeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPackets + * @param {Object} options + * @param {Object} config - Full configuration + * @returns {PrivateKey} + */ +async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { + // set passphrase protection + if (options.passphrase) { + await secretKeyPacket.encrypt(options.passphrase, config); + } - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + await secretSubkeyPacket.encrypt(subkeyPassphrase, config); } + })); - // Add without checks - return this._iaddn(num); - }; + const packetlist = new PacketList(); + packetlist.push(secretKeyPacket); - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } + function getKeySignatureProperties() { + const signatureProperties = {}; + signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; + const symmetricAlgorithms = createPreferredAlgos([ + // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support) + enums.symmetric.aes256, + enums.symmetric.aes128 + ], config.preferredSymmetricAlgorithm); + signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms; + if (config.aeadProtect) { + const aeadAlgorithms = createPreferredAlgos([ + enums.aead.gcm, + enums.aead.eax, + enums.aead.ocb + ], config.preferredAEADAlgorithm); + signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => { + return symmetricAlgorithms.map(symmetricAlgorithm => { + return [symmetricAlgorithm, aeadAlgorithm]; + }); + }); } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); - - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; + signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ + // prefer fast asm.js implementations (SHA-256) + enums.hash.sha256, + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 + ], config.preferredHashAlgorithm); + signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ + enums.compression.uncompressed, + enums.compression.zlib, + enums.compression.zip + ], config.preferredCompressionAlgorithm); + // integrity protection always enabled + signatureProperties.features = [0]; + signatureProperties.features[0] |= enums.features.modificationDetection; + if (config.aeadProtect) { + signatureProperties.features[0] |= enums.features.seipdv2; } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; } + return signatureProperties; + } - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; - - return this; - }; - - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; - this._expand(len); + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certPositive; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; } - if (carry === 0) return this.strip(); + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; - } - this.negative = 1; + return { userIDPacket, signaturePacket }; + })).then(list => { + list.forEach(({ userIDPacket, signaturePacket }) => { + packetlist.push(userIDPacket); + packetlist.push(signaturePacket); + }); + }); - return this.strip(); - }; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyOptions = options.subkeys[index]; + const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); + return { secretSubkeyPacket, subkeySignaturePacket }; + })).then(packets => { + packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { + packetlist.push(secretSubkeyPacket); + packetlist.push(subkeySignaturePacket); + }); + }); - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; + // Add revocation signature packet for creating a revocation certificate. + // This packet should be removed before returning the key. + const dataToSign = { key: secretKeyPacket }; + packetlist.push(await createSignaturePacket(dataToSign, [], secretKeyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.reasonForRevocation.noReason, + reasonForRevocationString: '' + }, options.date, undefined, undefined, undefined, config)); - var a = this.clone(); - var b = num; + if (options.passphrase) { + secretKeyPacket.clearPrivateParams(); + } - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + secretSubkeyPacket.clearPrivateParams(); } + })); - // Initialize quotient - var m = a.length - b.length; - var q; + return new PrivateKey(packetlist); +} - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; - } - } +/** + * Reads an (optionally armored) OpenPGP key and returns a key object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; - } + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { + throw new Error('Armored text not of type key'); } + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]); + return createKey(firstKeyPacketList); +} - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); - - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); +/** + * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readPrivateKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } - } - if (q) { - q.words[j] = qj; - } - } - if (q) { - q.strip(); + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.privateKey)) { + throw new Error('Armored text not of type private key'); } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; } + const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + return new PrivateKey(firstPrivateKeyList); + } + throw new Error('No secret key packet found'); +} - return { - div: q || null, - mod: a - }; - }; +/** + * Reads an (optionally armored) OpenPGP key block and returns a list of key objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { + throw new Error('Armored text not of type key'); + } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + for (let i = 0; i < keyIndex.length; i++) { + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = createKey(oneKeyList); + keys.push(newKey); + } + return keys; +} - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; +/** + * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readPrivateKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); + } + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.privateKey) { + throw new Error('Armored text not of type private key'); } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = new PrivateKey(oneKeyList); + keys.push(newKey); + } + if (keys.length === 0) { + throw new Error('No secret key packet found'); + } + return keys; +} - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } - return { - div: div, - mod: mod - }; - } +// A Message can contain the following packets +const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + AEADEncryptedDataPacket, + SymEncryptedIntegrityProtectedDataPacket, + SymmetricallyEncryptedDataPacket, + PublicKeyEncryptedSessionKeyPacket, + SymEncryptedSessionKeyPacket, + OnePassSignaturePacket, + SignaturePacket +]); +// A SKESK packet can contain the following packets +const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); +// A detached signature can contain the following packets +const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); +/** + * Class that represents an OpenPGP message. + * Can be an encrypted message, signed message, compressed message or literal message + * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + */ +class Message { + /** + * @param {PacketList} packetlist - The packets that form this message + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } - if (mode !== 'mod') { - div = res.div.neg(); - } + /** + * Returns the key IDs of the keys to which the session key is encrypted + * @returns {Array} Array of keyID objects. + */ + getEncryptionKeyIDs() { + const keyIDs = []; + const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + pkESKeyPacketlist.forEach(function(packet) { + keyIDs.push(packet.publicKeyID); + }); + return keyIDs; + } - return { - div: div, - mod: res.mod - }; + /** + * Returns the key IDs of the keys that signed the message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const msg = this.unwrapCompressed(); + // search for one pass signatures + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); + if (onePassSigList.length > 0) { + return onePassSigList.map(packet => packet.issuerKeyID); } + // if nothing found look for signature packets + const signatureList = msg.packets.filterByTag(enums.packet.signature); + return signatureList.map(packet => packet.issuerKeyID); + } - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } + /** + * Decrypt the message. Either a private key, a session key, or a password must be specified. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Date} [date] - Use the given date for key verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with decrypted content. + * @async + */ + async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { + const symEncryptedPacketlist = this.packets.filterByTag( + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ); - return { - div: res.div, - mod: mod - }; + if (symEncryptedPacketlist.length === 0) { + throw new Error('No encrypted data found'); } - // Both numbers are positive at this point + const symEncryptedPacket = symEncryptedPacketlist[0]; + const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm; - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } + const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config$1); - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; + let exception = null; + const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { + if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) { + throw new Error('Invalid session key for decryption.'); } - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; + try { + const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.decrypt(algo, data, config$1); + } catch (e) { + util.printDebugError(e); + exception = e; } + })); + // We don't await stream.cancel here because it only returns when the other copy is canceled too. + cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. + symEncryptedPacket.encrypted = null; + await decryptedPromise; - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; - } - - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; - - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); - - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; - - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; - - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; - - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; + if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { + throw exception || new Error('Decryption failed.'); } - return acc; - }; - - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); - - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; - } + const resultMsg = new Message(symEncryptedPacket.packets); + symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - return this.strip(); - }; + return resultMsg; + } - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; + /** + * Decrypt encrypted session keys either with private keys or passwords. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable) + * @param {Date} [date] - Use the given date for key verification, instead of current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * @async + */ + async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config$1 = config) { + let decryptedSessionKeyPackets = []; - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); + let exception; + if (passwords) { + const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); + if (skeskPackets.length === 0) { + throw new Error('No symmetrically encrypted session key packet found.'); + } + await Promise.all(passwords.map(async function(password, i) { + let packets; + if (i) { + packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); + } else { + packets = skeskPackets; + } + await Promise.all(packets.map(async function(skeskPacket) { + try { + await skeskPacket.decrypt(password); + decryptedSessionKeyPackets.push(skeskPacket); + } catch (err) { + util.printDebugError(err); + if (err instanceof Argon2OutOfMemoryError) { + exception = err; + } + } + })); + })); + } else if (decryptionKeys) { + const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + if (pkeskPackets.length === 0) { + throw new Error('No public key encrypted session key packet found.'); + } + await Promise.all(pkeskPackets.map(async function(pkeskPacket) { + await Promise.all(decryptionKeys.map(async function(decryptionKey) { + let decryptionKeyPackets; + try { + // do not check key expiration to allow decryption of old messages + decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); + } catch (err) { + exception = err; + return; + } - var x = this; - var y = p.clone(); + let algos = [ + enums.symmetric.aes256, // Old OpenPGP.js default fallback + enums.symmetric.aes128, // RFC4880bis fallback + enums.symmetric.tripledes, // RFC4880 fallback + enums.symmetric.cast5 // Golang OpenPGP fallback + ]; + try { + const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config$1); // TODO: Pass userID from somewhere. + if (selfCertification.preferredSymmetricAlgorithms) { + algos = algos.concat(selfCertification.preferredSymmetricAlgorithms); + } + } catch (e) {} - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); - } + await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { + if (!decryptionKeyPacket.isDecrypted()) { + throw new Error('Decryption key is not decrypted.'); + } - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); + // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. + const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal + ); - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); + if (doConstantTimeDecryption) { + // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, + // either with the successfully decrypted session key, or with a randomly generated one. + // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on + // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: + // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the + // randomly generated keys of the remaining key types. + // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly + // generated session keys. + // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. - var g = 0; + const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times + await Promise.all(( + expectedSymmetricAlgorithm ? + [expectedSymmetricAlgorithm] : + Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms) + ).map(async sessionKeyAlgorithm => { + const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); + pkeskPacketCopy.read(serialisedPKESK); + const randomSessionKey = { + sessionKeyAlgorithm, + sessionKey: mod$1.generateSessionKey(sessionKeyAlgorithm) + }; + try { + await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); + decryptedSessionKeyPackets.push(pkeskPacketCopy); + } catch (err) { + // `decrypt` can still throw some non-security-sensitive errors + util.printDebugError(err); + exception = err; + } + })); - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; + } else { + try { + await pkeskPacket.decrypt(decryptionKeyPacket); + const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm; + if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) { + throw new Error('A non-preferred symmetric algorithm was used.'); + } + decryptedSessionKeyPackets.push(pkeskPacket); + } catch (err) { + util.printDebugError(err); + exception = err; + } + } + })); + })); + cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. + pkeskPacket.encrypted = null; + })); + } else { + throw new Error('No key or password specified.'); } - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } - - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); + if (decryptedSessionKeyPackets.length > 0) { + // Return only unique session keys + if (decryptedSessionKeyPackets.length > 1) { + const seen = new Set(); + decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { + const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); + if (seen.has(k)) { + return false; } - - C.iushrn(1); - D.iushrn(1); - } + seen.add(k); + return true; + }); } - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } + return decryptedSessionKeyPackets.map(packet => ({ + data: packet.sessionKey, + algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm) + })); } + throw exception || new Error('Session key decryption failed.'); + } - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; - - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); + /** + * Get literal data that is the body of the message + * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + */ + getLiteralData() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getBytes()) || null; + } - var a = this; - var b = p.clone(); + /** + * Get filename from literal data packet + * @returns {(String|null)} Filename of literal data packet as string. + */ + getFilename() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getFilename()) || null; + } - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); + /** + * Get literal data as text + * @returns {(String|null)} Literal body of the message interpreted as text. + */ + getText() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + if (literal) { + return literal.getText(); } + return null; + } - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } + /** + * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. + * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for + * @param {Date} [date] - Date to select algorithm preferences at + * @param {Array} [userIDs] - User IDs to select algorithm preferences for + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. + * @async + */ + static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { + const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config$1); + const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo); + const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined; - x1.iushrn(1); + await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() + .catch(() => null) // ignore key strength requirements + .then(maybeKey => { + if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) && + !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted + throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); - } + }) + )); - x2.iushrn(1); - } - } + const sessionKeyData = mod$1.generateSessionKey(symmetricAlgo); + return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName }; + } - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); + /** + * Encrypt the message either with public keys, passwords, or both at once. + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - Password(s) for message encryption + * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] + * @param {Date} [date] - Override the creation date of the literal package + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + if (sessionKey) { + if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { + throw new Error('Invalid session key for encryption.'); } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; + } else if (encryptionKeys && encryptionKeys.length) { + sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); + } else if (passwords && passwords.length) { + sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); + throw new Error('No keys, passwords, or session key provided.'); } - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } + const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; - a.isub(b); - } while (true); + const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); - return b.iushln(shift); - }; + const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({ + version: aeadAlgorithmName ? 2 : 1, + aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null + }); + symEncryptedPacket.packets = this.packets; - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; + const algorithm = enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; + msg.packets.push(symEncryptedPacket); + symEncryptedPacket.packets = new PacketList(); // remove packets after encryption + return msg; + } - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; + /** + * Encrypt a session key either with public keys, passwords, or both at once. + * @param {Uint8Array} sessionKey - session key for encryption + * @param {String} algorithmName - session key algorithm + * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - For message encryption + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [date] - Override the date + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + const packetlist = new PacketList(); + const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName); + const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; + if (encryptionKeys) { + const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { + const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; - } + const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({ + version: aeadAlgorithm ? 6 : 3, + encryptionKeyPacket: encryptionKey.keyPacket, + anonymousRecipient: wildcard, + sessionKey, + sessionKeyAlgorithm: symmetricAlgorithm + }); - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; + await pkESKeyPacket.encrypt(encryptionKey.keyPacket); + delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption + return pkESKeyPacket; + })); + packetlist.push(...results); } - return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; - - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; + if (passwords) { + const testDecrypt = async function(keyPacket, password) { + try { + await keyPacket.decrypt(password); + return 1; + } catch (e) { + return 0; + } + }; - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; + const sum = (accumulator, currentValue) => accumulator + currentValue; - this.strip(); + const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { + const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); + symEncryptedSessionKeyPacket.sessionKey = sessionKey; + symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; + if (aeadAlgorithm) { + symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; + } + await symEncryptedSessionKeyPacket.encrypt(password, config$1); - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } + if (config$1.passwordCollisionCheck) { + const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); + if (results.reduce(sum) !== 1) { + return encryptPassword(sessionKey, algorithm, password); + } + } - assert(num <= 0x3ffffff, 'Number is too big'); + delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption + return symEncryptedSessionKeyPacket; + }; - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; + const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd))); + packetlist.push(...results); } - if (this.negative !== 0) return -res | 0; - return res; - }; - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; + return new Message(packetlist); + } - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; + /** + * Sign the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to add to the message + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with signed content. + * @async + */ + async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const packetlist = new PacketList(); - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } - break; + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; + const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config$1); // this returns the existing signature packets as well + const onePassSignaturePackets = signaturePackets.map( + (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0)) + .reverse(); // innermost OPS refers to the first signature packet - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; + packetlist.push(...onePassSignaturePackets); + packetlist.push(literalDataPacket); + packetlist.push(...signaturePackets); - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; + return new Message(packetlist); + } - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; + /** + * Compresses the message (the literal and -if signed- signature data packets of the message) + * @param {module:enums.compression} algo - compression algorithm + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Message} New message with compressed content. + */ + compress(algo, config$1 = config) { + if (algo === enums.compression.uncompressed) { + return this; + } - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; + const compressed = new CompressedDataPacket(config$1); + compressed.algorithm = algo; + compressed.packets = this.packets; - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; + const packetList = new PacketList(); + packetList.push(compressed); - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; + return new Message(packetList); + } - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; + /** + * Create a detached signature for the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New detached signature of message content. + * @async + */ + async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); + } + return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config$1)); + } - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; + /** + * Verify message signatures + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signatures. + * @async + */ + async verify(verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + if (isArrayStream(msg.packets.stream)) { + msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + } + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); + const signatureList = msg.packets.filterByTag(enums.packet.signature); + if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { + await Promise.all(onePassSigList.map(async onePassSig => { + onePassSig.correspondingSig = new Promise((resolve, reject) => { + onePassSig.correspondingSigResolve = resolve; + onePassSig.correspondingSigReject = reject; + }); + onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); + onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); + onePassSig.hashed.catch(() => {}); + })); + msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { + const reader = getReader(readable); + const writer = getWriter(writable); + try { + for (let i = 0; i < onePassSigList.length; i++) { + const { value: signature } = await reader.read(); + onePassSigList[i].correspondingSigResolve(signature); + } + await reader.readToEnd(); + await writer.ready; + await writer.close(); + } catch (e) { + onePassSigList.forEach(onePassSig => { + onePassSig.correspondingSigReject(e); + }); + await writer.abort(e); + } + }); + return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + } + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); + } - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; + /** + * Verify detached message signature + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Signature} signature + * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); + } - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; + /** + * Unwrap compressed message + * @returns {Message} Message Content of compressed message. + */ + unwrapCompressed() { + const compressed = this.packets.filterByTag(enums.packet.compressedData); + if (compressed.length) { + return new Message(compressed[0].packets); + } return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; + } - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; + /** + * Append signature to unencrypted message object + * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async appendSignature(detachedSignature, config$1 = config) { + await this.packets.read( + util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, + allowedDetachedSignaturePackets, + config$1 + ); + } - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; + /** + * Returns binary encoded message + * @returns {ReadableStream} Binary message. + */ + write() { + return this.packets.write(); + } - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; + /** + * Returns ASCII armored text of message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config$1); + } +} - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; +/** + * Create signature packets for the message + * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign + * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing + * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to append + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creationtime of the signature + * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures + * @param {Boolean} [detached] - Whether to create detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} List of signature packets. + * @async + * @private + */ +async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config$1 = config) { + const packetlist = new PacketList(); - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; + // If data packet was created from Uint8Array, use binary, otherwise use text + const signatureType = literalDataPacket.text === null ? + enums.signature.binary : enums.signature.text; - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; + await Promise.all(signingKeys.map(async (primaryKey, i) => { + const signingUserID = signingUserIDs[i]; + if (!primaryKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config$1); + return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config$1); + })).then(signatureList => { + packetlist.push(...signatureList); + }); - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; + if (signature) { + const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); + packetlist.push(...existingSigPacketlist); + } + return packetlist; +} - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; +/** + * Create object containing signer's keyID and validity of signature + * @param {SignaturePacket} signature - Signature packet + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Check signature validity with respect to the given date + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * keyID: module:type/keyid~KeyID, + * signature: Promise, + * verified: Promise + * }>} signer's keyID and validity of signature + * @async + * @private + */ +async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + let primaryKey; + let unverifiedSigningKey; - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; + for (const key of verificationKeys) { + const issuerKeys = key.getKeys(signature.issuerKeyID); + if (issuerKeys.length > 0) { + primaryKey = key; + unverifiedSigningKey = issuerKeys[0]; + break; + } + } - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; + const isOnePassSignature = signature instanceof OnePassSignaturePacket; + const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; + const verifiedSig = { + keyID: signature.issuerKeyID, + verified: (async () => { + if (!unverifiedSigningKey) { + throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + } - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); + await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); + const signaturePacket = await signaturePacketPromise; + if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { + throw new Error('Key is newer than the signature'); + } + // We pass the signature creation time to check whether the key was expired at the time of signing. + // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before + try { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); + } catch (e) { + // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, + // making the key invalid at the time of signing. + // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. + // Note: we do not support the edge case of a key that was reformatted and it has expired. + if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + } else { + throw e; + } + } + return true; + })(), + signature: (async () => { + const signaturePacket = await signaturePacketPromise; + const packetlist = new PacketList(); + signaturePacket && packetlist.push(signaturePacket); + return new Signature(packetlist); + })() }; - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; + // Mark potential promise rejections as "handled". This is needed because in + // some cases, we reject them before the user has a reasonable chance to + // handle them (e.g. `await readToEnd(result.data); await result.verified` and + // the data stream errors). + verifiedSig.signature.catch(() => {}); + verifiedSig.verified.catch(() => {}); - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; + return verifiedSig; +} - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); +/** + * Create list of objects containing signer's keyID and validity of signature + * @param {Array} signatureList - Array of signature packets + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} date - Verify the signature against the given date, + * i.e. check signature creation time < date < expiration time + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) + * @async + * @private + */ +async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + return Promise.all(signatureList.filter(function(signature) { + return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); + }).map(async function(signature) { + return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); + })); +} - this.tmp = this._tmp(); +/** + * Reads an (optionally armored) OpenPGP message and returns a Message object + * @param {Object} options + * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed + * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New message object. + * @async + * @static + */ +async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredMessage || binaryMessage; + if (!input) { + throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); + if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { + throw new Error('readMessage: options.armoredMessage must be a string or stream'); } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; + if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { + throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } + const streamType = util.isStream(input); + if (armoredMessage) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.message) { + throw new Error('Armored text not of type message'); } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); + input = data; } - inherits(P224, MPrime); + const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); + const message = new Message(packetlist); + message.fromStream = streamType; + return message; +} - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); +/** + * Creates new message object from text or binary data. + * @param {Object} options + * @param {String | ReadableStream} [options.text] - The text message contents + * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents + * @param {String} [options.filename=""] - Name of the file (if any) + * @param {Date} [options.date=current date] - Date of the message, or modification date of the file + * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type + * @returns {Promise} New message object. + * @async + * @static + */ +async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { + const input = text !== undefined ? text : binary; + if (input === undefined) { + throw new Error('createMessage: must pass options object containing `text` or `binary`'); } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); + if (text && !util.isString(text) && !util.isStream(text)) { + throw new Error('createMessage: options.text must be a string or stream'); } - inherits(P25519, MPrime); + if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { + throw new Error('createMessage: options.binary must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; + const streamType = util.isStream(input); + const literalDataPacket = new LiteralDataPacket(date); + if (text !== undefined) { + literalDataPacket.setText(input, enums.write(enums.literal, format)); + } else { + literalDataPacket.setBytes(input, enums.write(enums.literal, format)); + } + if (filename !== undefined) { + literalDataPacket.setFilename(filename); + } + const literalDataPacketlist = new PacketList(); + literalDataPacketlist.push(literalDataPacket); + const message = new Message(literalDataPacketlist); + message.fromStream = streamType; + return message; +} - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - return prime; - }; +// A Cleartext message can contain the following packets +const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; +/** + * Class that represents an OpenPGP cleartext signed message. + * See {@link https://tools.ietf.org/html/rfc4880#section-7} + */ +class CleartextMessage { + /** + * @param {String} text - The cleartext of the signed message + * @param {Signature} signature - The detached signature or an empty signature for unsigned messages + */ + constructor(text, signature) { + // remove trailing whitespace and normalize EOL to canonical form + this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); + if (signature && !(signature instanceof Signature)) { + throw new Error('Invalid signature input'); } + this.signature = signature || new Signature(new PacketList()); } - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; + /** + * Returns the key IDs of the keys that signed the cleartext message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const keyIDs = []; + const signatureList = this.signature.packets; + signatureList.forEach(function(packet) { + keyIDs.push(packet.issuerKeyID); + }); + return keyIDs; + } - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; + /** + * Sign the cleartext message + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] + * @param {Date} [date] - The creation time of the signature that should be created + * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New cleartext message with signed content. + * @async + */ + async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const literalDataPacket = new LiteralDataPacket(); + literalDataPacket.setText(this.text); + const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config$1)); + return new CleartextMessage(this.text, newSignature); + } - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; + /** + * Verify signatures of cleartext signed message + * @param {Array} keys - Array of keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verify(keys, date = new Date(), config$1 = config) { + const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + const literalDataPacket = new LiteralDataPacket(); + // we assume that cleartext signature is generated based on UTF8 cleartext + literalDataPacket.setText(this.text); + return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + } - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } + /** + * Get cleartext + * @returns {String} Cleartext of message. + */ + getText() { + // normalize end of line to \n + return this.text.replace(/\r\n/g, '\n'); + } - return this.m.sub(a)._forceRed(this); - }; + /** + * Returns ASCII armored text of cleartext signed message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {String | ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? + Array.from(new Set(this.signature.packets.map( + packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() + ))).join() : + null; - Red.prototype.add = function add (a, b) { - this._verify2(a, b); + const body = { + hash, + text: this.text, + data: this.signature.packets.write() + }; - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config$1); + } +} - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); +/** + * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object + * @param {Object} options + * @param {String} options.cleartextMessage - Text to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New cleartext message object. + * @async + * @static + */ +async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!cleartextMessage) { + throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); + } + if (!util.isString(cleartextMessage)) { + throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; + const input = await unarmor(cleartextMessage); + if (input.type !== enums.armor.signed) { + throw new Error('No cleartext signed message.'); + } + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config$1); + verifyHeaders(input.headers, packetlist); + const signature = new Signature(packetlist); + return new CleartextMessage(input.text, signature); +} - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); +/** + * Compare hash algorithm specified in the armor header with signatures + * @param {Array} headers - Armor headers + * @param {PacketList} packetlist - The packetlist with signature packets + * @private + */ +function verifyHeaders(headers, packetlist) { + const checkHashAlgos = function(hashAlgos) { + const check = packet => algo => packet.hashAlgorithm === algo; - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + for (let i = 0; i < packetlist.length; i++) { + if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { + return false; + } } - return res._forceRed(this); + return true; }; - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + const hashAlgos = []; + headers.forEach(header => { + const hashHeader = header.match(/^Hash: (.+)$/); // get header value + if (hashHeader) { + const parsedHashIDs = hashHeader[1] + .replace(/\s/g, '') // remove whitespace + .split(',') + .map(hashName => { + try { + return enums.write(enums.hash, hashName.toLowerCase()); + } catch (e) { + throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase()); + } + }); + hashAlgos.push(...parsedHashIDs); + } else { + throw new Error('Only "Hash" header allowed in cleartext signed message'); } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; + }); - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; + if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { + throw new Error('Hash algorithm mismatch in armor header and signature'); + } +} - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; +/** + * Creates a new CleartextMessage object from text + * @param {Object} options + * @param {String} options.text + * @static + * @async + */ +async function createCleartextMessage({ text, ...rest }) { + if (!text) { + throw new Error('createCleartextMessage: must pass options object containing `text`'); + } + if (!util.isString(text)) { + throw new Error('createCleartextMessage: options.text must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); + return new CleartextMessage(text); +} - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } +////////////////////// +// // +// Key handling // +// // +////////////////////// - return r; - }; - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; +/** + * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. + * @param {Object} options + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys). + * Note: Curve448 and Curve25519 (new format) are not widely supported yet. + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys + * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys: + * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1, + * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 + * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` + * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + if (!type && !curve) { + type = config$1.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them) + curve = 'curve25519Legacy'; // unused with type != 'ecc' + } else { + type = type || 'ecc'; + curve = curve || 'curve25519Legacy'; + } + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); + if (userIDs.length === 0 && !config$1.v6Keys) { + throw new Error('UserIDs are required for V4 keys'); + } + if (type === 'rsa' && rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + } - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } + const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } + try { + const { key, revocationCertificate } = await generate(options, config$1); + key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } + return { + privateKey: formatObject(key, format, config$1), + publicKey: formatObject(key.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error generating keypair', err); + } +} - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } +/** + * Reformats signature packets for a key and rewraps key object. + * @param {Object} options + * @param {PrivateKey} options.privateKey - Private key to reformat + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended + * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; + if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) { + throw new Error('UserIDs are required for V4 keys'); + } + const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } + try { + const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); - return res; - }; + return { + privateKey: formatObject(reformattedKey, format, config$1), + publicKey: formatObject(reformattedKey.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error reformatting keypair', err); + } +} - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); +/** + * Revokes a key. Requires either a private key or a revocation certificate. + * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. + * @param {Object} options + * @param {Key} options.key - Public or private key to revoke + * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with + * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation + * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation + * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The revoked key in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or + * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise + * @async + * @static + */ +async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - return r === num ? r.clone() : r; - }; + try { + const revokedKey = revocationCertificate ? + await key.applyRevocationCertificate(revocationCertificate, date, config$1) : + await key.revoke(reasonForRevocation, date, config$1); - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; + return revokedKey.isPrivate() ? { + privateKey: formatObject(revokedKey, format, config$1), + publicKey: formatObject(revokedKey.toPublic(), format, config$1) + } : { + privateKey: null, + publicKey: formatObject(revokedKey, format, config$1) + }; + } catch (err) { + throw util.wrapError('Error revoking key', err); + } +} - // - // Montgomery method engine - // +/** + * Unlock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to decrypt + * @param {String|Array} options.passphrase - The user's passphrase(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The unlocked key object. + * @async + */ +async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - BN.mont = function mont (num) { - return new Mont(num); - }; + if (!privateKey.isPrivate()) { + throw new Error('Cannot decrypt a public key'); + } + const clonedPrivateKey = privateKey.clone(true); + const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; - function Mont (m) { - Red.call(this, m); + try { + await Promise.all(clonedPrivateKey.getKeys().map(key => ( + // try to decrypt each key with any of the given passphrases + util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) + ))); - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } + await clonedPrivateKey.validate(config$1); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error decrypting private key', err); + } +} - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); +/** + * Lock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to encrypt + * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The locked key object. + * @async + */ +async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); + if (!privateKey.isPrivate()) { + throw new Error('Cannot encrypt a public key'); } - inherits(Mont, Red); + const clonedPrivateKey = privateKey.clone(true); - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; + const keys = clonedPrivateKey.getKeys(); + const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); + if (passphrases.length !== keys.length) { + throw new Error('Invalid number of passphrases given for key encryption'); + } - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; + try { + await Promise.all(keys.map(async (key, i) => { + const { keyPacket } = key; + await keyPacket.encrypt(passphrases[i], config$1); + keyPacket.clearPrivateParams(); + })); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error encrypting private key', err); + } +} - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; +/////////////////////////////////////////// +// // +// Message encryption and decryption // +// // +/////////////////////////////////////////// - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - return res._forceRed(this); - }; +/** + * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` + * must be specified. If signing keys are specified, those will be used to sign the message. + * @param {Object} options + * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message + * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed + * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message + * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Signature} [options.signature] - A detached signature to add to the encrypted message + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` + * @param {Date} [options.date=current date] - Override the creation date of the message signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); + signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations); + if (rest.detached) { + throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); + } + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); + if (!signingKeys) { + signingKeys = []; + } - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); + try { + if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified + message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config$1); } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; -})(module, commonjsGlobal); -}); - -var bn$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': bn, - __moduleExports: bn -}); + message = message.compress( + await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config$1), + config$1 + ); + message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + if (format === 'object') return message; + // serialize data + const armor = format === 'armored'; + const data = armor ? message.armor(config$1) : message.write(); + return await convertStream(data); + } catch (err) { + throw util.wrapError('Error encrypting message', err); + } +} /** - * @fileoverview - * BigInteger implementation of basic operations - * Wrapper of bn.js library (wwww.github.com/indutny/bn.js) - * @module biginteger/bn - * @private + * Decrypts a message with the user's private key, a session key or a password. + * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). + * @param {Object} options + * @param {Message} options.message - The message object with the encrypted data + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key + * @param {String|String[]} [options.passwords] - Passwords to decrypt the message + * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } + * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing decrypted and verified message in the form: + * + * { + * data: MaybeStream, (if format was 'utf8', the default) + * data: MaybeStream, (if format was 'binary') + * filename: String, + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static */ +async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); -/** - * @private - */ -class BigInteger$1 { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); + try { + const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); + if (!verificationKeys) { + verificationKeys = []; } - this.value = new bn(n); + const result = {}; + result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); + result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); + result.filename = decrypted.getFilename(); + linkStreams(result, message); + if (expectSigned) { + if (verificationKeys.length === 0) { + throw new Error('Verification keys are required to verify message signatures'); + } + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error decrypting message', err); } +} - clone() { - const clone = new BigInteger$1(null); - this.value.copy(clone.value); - return clone; - } - /** - * BigInteger increment in place - */ - iinc() { - this.value.iadd(new bn(1)); - return this; - } +////////////////////////////////////////// +// // +// Message signing and verification // +// // +////////////////////////////////////////// - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - /** - * BigInteger decrement in place - */ - idec() { - this.value.isub(new bn(1)); - return this; - } +/** + * Signs a message. + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed + * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext + * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [options.date=current date] - Override the creation date of the signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); checkOutputMessageFormat(format); + signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations); - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); + if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value.iadd(x.value); - return this; + if (!signingKeys || signingKeys.length === 0) { + throw new Error('No signing keys provided'); } - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + try { + let signature; + if (detached) { + signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } else { + signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } + if (format === 'object') return signature; - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value.isub(x.value); - return this; + const armor = format === 'armored'; + signature = armor ? signature.armor(config$1) : signature.write(); + if (detached) { + signature = transformPair(message.packets.write(), async (readable, writable) => { + await Promise.all([ + pipe(signature, writable), + readToEnd(readable).catch(() => {}) + ]); + }); + } + return await convertStream(signature); + } catch (err) { + throw util.wrapError('Error signing message', err); } +} - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } +/** + * Verifies signatures of cleartext signed message + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures + * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing verified message in the form: + * + * { + * data: MaybeStream, (if `message` was a CleartextMessage) + * data: MaybeStream, (if `message` was a Message) + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static + */ +async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value.imul(x.value); - return this; - } + if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); + if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); + try { + const result = {}; + if (signature) { + result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); + } else { + result.signatures = await message.verify(verificationKeys, date, config$1); + } + result.data = format === 'binary' ? message.getLiteralData() : message.getText(); + if (message.fromStream && !signature) linkStreams(result, message); + if (expectSigned) { + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error verifying signed message', err); } +} - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value = this.value.umod(m.value); - return this; - } - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } +/////////////////////////////////////////////// +// // +// Session key encryption and decryption // +// // +/////////////////////////////////////////////// - /** - * Compute modular exponentiation - * Much faster than this.exp(e).mod(n) - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - // We use either Montgomery or normal reduction context - // Montgomery requires coprime n and R (montogmery multiplier) - // bn.js picks R as power of 2, so n must be odd - const nred = n.isEven() ? bn.red(n.value) : bn.mont(n.value); - const x = this.clone(); - x.value = x.value.toRed(nred).redPow(e.value).fromRed(); - return x; - } +/** + * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. + * @param {Object} options + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} + * @param {Date} [options.date=current date] - Date to select algorithm preferences at + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. + * @async + * @static + */ +async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - // invm returns a wrong result if the inverse does not exist - if (!this.gcd(n).isOne()) { - throw new Error('Inverse does not exist'); - } - return new BigInteger$1(this.value.invm(n.value)); + try { + const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error generating session key', err); } +} - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} n - Operand - * @returns {BigInteger} gcd - */ - gcd(n) { - return new BigInteger$1(this.value.gcd(n.value)); - } +/** + * Encrypt a symmetric session key with public keys, passwords, or both at once. + * At least one of `encryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) + * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' + * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key + * @param {String|String[]} [options.passwords] - Passwords for the message + * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [options.date=current date] - Override the date + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value.ishln(x.value.toNumber()); - return this; + if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { + throw new Error('No encryption keys or passwords provided.'); } - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); + try { + const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + return formatObject(message, format, config$1); + } catch (err) { + throw util.wrapError('Error encrypting session key', err); } +} - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value.ishrn(x.value.toNumber()); - return this; - } +/** + * Decrypt symmetric session keys using private keys or passwords (not both). + * One of `decryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Message} options.message - A message object containing the encrypted session key packets + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data + * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key + * @param {Date} [options.date] - Date to use for key verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: + * { data:Uint8Array, algorithm:String } + * @throws if no session key could be found or decrypted + * @async + * @static + */ +async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); + try { + const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error decrypting session keys', err); } +} - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value.eq(x.value); - } - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value.lt(x.value); - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value.lte(x.value); - } - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value.gt(x.value); +/** + * Input validation + * @private + */ +function checkString(data, name) { + if (!util.isString(data)) { + throw new Error('Parameter [' + (name) + '] must be of type String'); } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value.gte(x.value); +} +function checkBinary(data, name) { + if (!util.isUint8Array(data)) { + throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array'); } - - isZero() { - return this.value.isZero(); +} +function checkMessage(message) { + if (!(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message'); } - - isOne() { - return this.value.eq(new bn(1)); +} +function checkCleartextOrMessage(message) { + if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); } - - isNegative() { - return this.value.isNeg(); +} +function checkOutputMessageFormat(format) { + if (format !== 'armored' && format !== 'binary' && format !== 'object') { + throw new Error(`Unsupported format ${format}`); } - - isEven() { - return this.value.isEven(); +} +const defaultConfigPropsCount = Object.keys(config).length; +function checkConfig(config$1) { + const inputConfigProps = Object.keys(config$1); + if (inputConfigProps.length !== defaultConfigPropsCount) { + for (const inputProp of inputConfigProps) { + if (config[inputProp] === undefined) { + throw new Error(`Unknown config property: ${inputProp}`); + } + } } +} - abs() { - const res = this.clone(); - res.value = res.value.abs(); - return res; +/** + * Normalize parameter to an array if it is not undefined. + * @param {Object} param - the parameter to be normalized + * @returns {Array|undefined} The resulting array or undefined. + * @private + */ +function toArray(param) { + if (param && !util.isArray(param)) { + param = [param]; } + return param; +} - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); +/** + * Convert data to or from Stream + * @param {Object} data - the data to convert + * @returns {Promise} The data in the respective format. + * @async + * @private + */ +async function convertStream(data) { + const streamType = util.isStream(data); + if (streamType === 'array') { + return readToEnd(data); } + return data; +} - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - return this.value.toNumber(); - } +/** + * Link result.data to the message stream for cancellation. + * Also, forward errors in the message to result.data. + * @param {Object} result - the data to convert + * @param {Message} message - message object + * @returns {Object} + * @private + */ +function linkStreams(result, message) { + result.data = transformPair(message.packets.stream, async (readable, writable) => { + await pipe(result.data, writable, { + preventClose: true + }); + const writer = getWriter(writable); + try { + // Forward errors in the message stream to result.data. + await readToEnd(readable, _ => _); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + }); +} - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - return this.value.testn(i) ? 1 : 0; +/** + * Convert the object to the given format + * @param {Key|Message} object + * @param {'armored'|'binary'|'object'} format + * @param {Object} config - Full configuration + * @returns {String|Uint8Array|Object} + */ +function formatObject(object, format, config) { + switch (format) { + case 'object': + return object; + case 'armored': + return object.armor(config); + case 'binary': + return object.write(); + default: + throw new Error(`Unsupported format ${format}`); } +} - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - return this.value.bitLength(); - } +function number(n) { + if (!Number.isSafeInteger(n) || n < 0) + throw new Error(`positive integer expected, not ${n}`); +} +// copied from utils +function isBytes$1(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes(b, ...lengths) { + if (!isBytes$1(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function hash(h) { + if (typeof h !== 'function' || typeof h.create !== 'function') + throw new Error('Hash should be wrapped by utils.wrapConstructor'); + number(h.outputLen); + number(h.blockLen); +} +function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +// We prefer WebCrypto aka globalThis.crypto, which exists in node.js 16+. +// Falls back to Node.js built-in crypto for Node.js <=v14 +// See utils.ts for details. +// @ts-ignore +const crypto$1 = nc && typeof nc === 'object' && 'webcrypto' in nc + ? nc.webcrypto + : nc && typeof nc === 'object' && 'randomBytes' in nc + ? nc + : undefined; + +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// node.js versions earlier than v19 don't declare it in global scope. +// For node.js, package.json#exports field mapping rewrites import +// from `crypto` to `cryptoNode`, which imports native module. +// Makes the utils un-importable in browsers without a bundler. +// Once node.js 18 is deprecated (2025-04-30), we can just drop the import. +const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// The rotate right (circular right shift) operation for uint32 +const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift); +// The rotate left (circular left shift) operation for uint32 +const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0); +const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +// The byte swap operation for uint32 +const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// In place byte swap for Uint32Array +function byteSwap32(arr) { + for (let i = 0; i < arr.length; i++) { + arr[i] = byteSwap(arr[i]); + } +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$1(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes$1(data); + bytes(data); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$1(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// For runtime check if class implements interface +class Hash { + // Safe version that clones internal state + clone() { + return this._cloneInto(); + } +} +function wrapConstructor(hashCons) { + const hashC = (msg) => hashCons().update(toBytes(msg)).digest(); + const tmp = hashCons(); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = () => hashCons(); + return hashC; +} +function wrapXOFConstructorWithOpts(hashCons) { + const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest(); + const tmp = hashCons({}); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (opts) => hashCons(opts); + return hashC; +} +/** + * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS. + */ +function randomBytes(bytesLength = 32) { + if (crypto$1 && typeof crypto$1.getRandomValues === 'function') { + return crypto$1.getRandomValues(new Uint8Array(bytesLength)); + } + // Legacy Node.js compatibility + if (crypto$1 && typeof crypto$1.randomBytes === 'function') { + return crypto$1.randomBytes(bytesLength); + } + throw new Error('crypto.getRandomValues must be defined'); +} - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - return this.value.byteLength(); - } +/** + * Polyfill for Safari 14 + */ +function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = isLE ? 4 : 0; + const l = isLE ? 0 : 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +/** + * Choice: a ? b : c + */ +const Chi = (a, b, c) => (a & b) ^ (~a & c); +/** + * Majority function, true if any two inputs is true + */ +const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c); +/** + * Merkle-Damgard hash construction base class. + * Could be used to create MD5, RIPEMD, SHA1, SHA2. + */ +class HashMD extends Hash { + constructor(blockLen, outputLen, padOffset, isLE) { + super(); + this.blockLen = blockLen; + this.outputLen = outputLen; + this.padOffset = padOffset; + this.isLE = isLE; + this.finished = false; + this.length = 0; + this.pos = 0; + this.destroyed = false; + this.buffer = new Uint8Array(blockLen); + this.view = createView(this.buffer); + } + update(data) { + exists(this); + const { view, buffer, blockLen } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + // Fast path: we have at least one block in input, cast it to view and process + if (take === blockLen) { + const dataView = createView(data); + for (; blockLen <= len - pos; pos += blockLen) + this.process(dataView, pos); + continue; + } + buffer.set(data.subarray(pos, pos + take), this.pos); + this.pos += take; + pos += take; + if (this.pos === blockLen) { + this.process(view, 0); + this.pos = 0; + } + } + this.length += data.length; + this.roundClean(); + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // Padding + // We can avoid allocation of buffer for padding completely if it + // was previously not allocated here. But it won't change performance. + const { buffer, view, blockLen, isLE } = this; + let { pos } = this; + // append the bit '1' to the message + buffer[pos++] = 0b10000000; + this.buffer.subarray(pos).fill(0); + // we have less than padOffset left in buffer, so we cannot put length in + // current block, need process it and pad again + if (this.padOffset > blockLen - pos) { + this.process(view, 0); + pos = 0; + } + // Pad until full block byte with zeros + for (let i = pos; i < blockLen; i++) + buffer[i] = 0; + // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that + // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen. + // So we just write lowest 64 bits of that value. + setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE); + this.process(view, 0); + const oview = createView(out); + const len = this.outputLen; + // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT + if (len % 4) + throw new Error('_sha2: outputLen should be aligned to 32bit'); + const outLen = len / 4; + const state = this.get(); + if (outLen > state.length) + throw new Error('_sha2: outputLen bigger than state'); + for (let i = 0; i < outLen; i++) + oview.setUint32(4 * i, state[i], isLE); + } + digest() { + const { buffer, outputLen } = this; + this.digestInto(buffer); + const res = buffer.slice(0, outputLen); + this.destroy(); + return res; + } + _cloneInto(to) { + to || (to = new this.constructor()); + to.set(...this.get()); + const { blockLen, buffer, length, finished, destroyed, pos } = this; + to.length = length; + to.pos = pos; + to.finished = finished; + to.destroyed = destroyed; + if (length % blockLen) + to.buffer.set(buffer); + return to; + } +} + +// SHA2-256 need to try 2^128 hashes to execute birthday attack. +// BTC network is doing 2^67 hashes/sec as per early 2023. +// Round constants: +// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) +// prettier-ignore +const SHA256_K = /* @__PURE__ */ new Uint32Array([ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +]); +// Initial state: +// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19 +// prettier-ignore +const SHA256_IV = /* @__PURE__ */ new Uint32Array([ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA256_W = /* @__PURE__ */ new Uint32Array(64); +class SHA256 extends HashMD { + constructor() { + super(64, 32, 8, false); + // We cannot use array here since array allows indexing by variable + // which means optimizer/compiler cannot use registers. + this.A = SHA256_IV[0] | 0; + this.B = SHA256_IV[1] | 0; + this.C = SHA256_IV[2] | 0; + this.D = SHA256_IV[3] | 0; + this.E = SHA256_IV[4] | 0; + this.F = SHA256_IV[5] | 0; + this.G = SHA256_IV[6] | 0; + this.H = SHA256_IV[7] | 0; + } + get() { + const { A, B, C, D, E, F, G, H } = this; + return [A, B, C, D, E, F, G, H]; + } + // prettier-ignore + set(A, B, C, D, E, F, G, H) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + this.F = F | 0; + this.G = G | 0; + this.H = H | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) + SHA256_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 64; i++) { + const W15 = SHA256_W[i - 15]; + const W2 = SHA256_W[i - 2]; + const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3); + const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10); + SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0; + } + // Compression function main loop, 64 rounds + let { A, B, C, D, E, F, G, H } = this; + for (let i = 0; i < 64; i++) { + const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25); + const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22); + const T2 = (sigma0 + Maj(A, B, C)) | 0; + H = G; + G = F; + F = E; + E = (D + T1) | 0; + D = C; + C = B; + B = A; + A = (T1 + T2) | 0; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + F = (F + this.F) | 0; + G = (G + this.G) | 0; + H = (H + this.H) | 0; + this.set(A, B, C, D, E, F, G, H); + } + roundClean() { + SHA256_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf +class SHA224 extends SHA256 { + constructor() { + super(); + this.A = 0xc1059ed8 | 0; + this.B = 0x367cd507 | 0; + this.C = 0x3070dd17 | 0; + this.D = 0xf70e5939 | 0; + this.E = 0xffc00b31 | 0; + this.F = 0x68581511 | 0; + this.G = 0x64f98fa7 | 0; + this.H = 0xbefa4fa4 | 0; + this.outputLen = 28; + } +} +/** + * SHA2-256 hash function + * @param message - data that would be hashed + */ +const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256()); +/** + * SHA2-224 hash function + */ +const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224()); - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - return this.value.toArrayLike(Uint8Array, endian, length); - } +// HMAC (RFC 2104) +class HMAC extends Hash { + constructor(hash$1, _key) { + super(); + this.finished = false; + this.destroyed = false; + hash(hash$1); + const key = toBytes(_key); + this.iHash = hash$1.create(); + if (typeof this.iHash.update !== 'function') + throw new Error('Expected instance of class which extends utils.Hash'); + this.blockLen = this.iHash.blockLen; + this.outputLen = this.iHash.outputLen; + const blockLen = this.blockLen; + const pad = new Uint8Array(blockLen); + // blockLen can be bigger than outputLen + pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key); + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36; + this.iHash.update(pad); + // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone + this.oHash = hash$1.create(); + // Undo internal XOR && apply outer XOR + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36 ^ 0x5c; + this.oHash.update(pad); + pad.fill(0); + } + update(buf) { + exists(this); + this.iHash.update(buf); + return this; + } + digestInto(out) { + exists(this); + bytes(out, this.outputLen); + this.finished = true; + this.iHash.digestInto(out); + this.oHash.update(out); + this.oHash.digestInto(out); + this.destroy(); + } + digest() { + const out = new Uint8Array(this.oHash.outputLen); + this.digestInto(out); + return out; + } + _cloneInto(to) { + // Create new instance without calling constructor since key already in state and we don't know it. + to || (to = Object.create(Object.getPrototypeOf(this), {})); + const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this; + to = to; + to.finished = finished; + to.destroyed = destroyed; + to.blockLen = blockLen; + to.outputLen = outputLen; + to.oHash = oHash._cloneInto(to.oHash); + to.iHash = iHash._cloneInto(to.iHash); + return to; + } + destroy() { + this.destroyed = true; + this.oHash.destroy(); + this.iHash.destroy(); + } +} +/** + * HMAC: RFC2104 message authentication code. + * @param hash - function that would be used e.g. sha256 + * @param key - message key + * @param message - message data + * @example + * import { hmac } from '@noble/hashes/hmac'; + * import { sha256 } from '@noble/hashes/sha2'; + * const mac1 = hmac(sha256, 'key', 'message'); + */ +const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); +hmac.create = (hash, key) => new HMAC(hash, key); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// 100 lines of code in the file are duplicated from noble-hashes (utils). +// This is OK: `abstract` directory does not use noble-hashes. +// User may opt-in into using different hashing library. This way, noble-hashes +// won't be included into their bundle. +const _0n$6 = /* @__PURE__ */ BigInt(0); +const _1n$8 = /* @__PURE__ */ BigInt(1); +const _2n$5 = /* @__PURE__ */ BigInt(2); +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function abytes(item) { + if (!isBytes(item)) + throw new Error('Uint8Array expected'); +} +function abool(title, value) { + if (typeof value !== 'boolean') + throw new Error(`${title} must be valid boolean, got "${value}".`); +} +// Array where index 0xf0 (240) is mapped to string 'f0' +const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); +/** + * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123' + */ +function bytesToHex(bytes) { + abytes(bytes); + // pre-caching improves the speed 6x + let hex = ''; + for (let i = 0; i < bytes.length; i++) { + hex += hexes[bytes[i]]; + } + return hex; +} +function numberToHexUnpadded(num) { + const hex = num.toString(16); + return hex.length & 1 ? `0${hex}` : hex; +} +function hexToNumber(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + // Big Endian + return BigInt(hex === '' ? '0' : `0x${hex}`); +} +// We use optimized technique to convert hex string to byte array +const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; +function asciiToBase16(char) { + if (char >= asciis._0 && char <= asciis._9) + return char - asciis._0; + if (char >= asciis._A && char <= asciis._F) + return char - (asciis._A - 10); + if (char >= asciis._a && char <= asciis._f) + return char - (asciis._a - 10); + return; +} +/** + * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23]) + */ +function hexToBytes(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + const hl = hex.length; + const al = hl / 2; + if (hl % 2) + throw new Error('padded hex string expected, got unpadded hex of length ' + hl); + const array = new Uint8Array(al); + for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) { + const n1 = asciiToBase16(hex.charCodeAt(hi)); + const n2 = asciiToBase16(hex.charCodeAt(hi + 1)); + if (n1 === undefined || n2 === undefined) { + const char = hex[hi] + hex[hi + 1]; + throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi); + } + array[ai] = n1 * 16 + n2; + } + return array; +} +// BE: Big Endian, LE: Little Endian +function bytesToNumberBE(bytes) { + return hexToNumber(bytesToHex(bytes)); +} +function bytesToNumberLE(bytes) { + abytes(bytes); + return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse())); +} +function numberToBytesBE(n, len) { + return hexToBytes(n.toString(16).padStart(len * 2, '0')); +} +function numberToBytesLE(n, len) { + return numberToBytesBE(n, len).reverse(); +} +// Unpadded, rarely used +function numberToVarBytesBE(n) { + return hexToBytes(numberToHexUnpadded(n)); +} +/** + * Takes hex string or Uint8Array, converts to Uint8Array. + * Validates output length. + * Will throw error for other types. + * @param title descriptive title for an error e.g. 'private key' + * @param hex hex string or Uint8Array + * @param expectedLength optional, will compare to result array's length + * @returns + */ +function ensureBytes(title, hex, expectedLength) { + let res; + if (typeof hex === 'string') { + try { + res = hexToBytes(hex); + } + catch (e) { + throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`); + } + } + else if (isBytes(hex)) { + // Uint8Array.from() instead of hash.slice() because node.js Buffer + // is instance of Uint8Array, and its slice() creates **mutable** copy + res = Uint8Array.from(hex); + } + else { + throw new Error(`${title} must be hex string or Uint8Array`); + } + const len = res.length; + if (typeof expectedLength === 'number' && len !== expectedLength) + throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`); + return res; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + abytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +// Is positive bigint +const isPosBig = (n) => typeof n === 'bigint' && _0n$6 <= n; +function inRange(n, min, max) { + return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max; +} +/** + * Asserts min <= n < max. NOTE: It's < max and not <= max. + * @example + * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n) + */ +function aInRange(title, n, min, max) { + // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)? + // consider P=256n, min=0n, max=P + // - a for min=0 would require -1: `inRange('x', x, -1n, P)` + // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)` + // - our way is the cleanest: `inRange('x', x, 0n, P) + if (!inRange(n, min, max)) + throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`); +} +// Bit operations +/** + * Calculates amount of bits in a bigint. + * Same as `n.toString(2).length` + */ +function bitLen(n) { + let len; + for (len = 0; n > _0n$6; n >>= _1n$8, len += 1) + ; + return len; +} +/** + * Gets single bit at position. + * NOTE: first bit position is 0 (same as arrays) + * Same as `!!+Array.from(n.toString(2)).reverse()[pos]` + */ +function bitGet(n, pos) { + return (n >> BigInt(pos)) & _1n$8; +} +/** + * Sets single bit at position. + */ +function bitSet(n, pos, value) { + return n | ((value ? _1n$8 : _0n$6) << BigInt(pos)); +} +/** + * Calculate mask for N bits. Not using ** operator with bigints because of old engines. + * Same as BigInt(`0b${Array(i).fill('1').join('')}`) + */ +const bitMask = (n) => (_2n$5 << BigInt(n - 1)) - _1n$8; +// DRBG +const u8n = (data) => new Uint8Array(data); // creates Uint8Array +const u8fr = (arr) => Uint8Array.from(arr); // another shortcut +/** + * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + * @returns function that will call DRBG until 2nd arg returns something meaningful + * @example + * const drbg = createHmacDRBG(32, 32, hmac); + * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined + */ +function createHmacDrbg(hashLen, qByteLen, hmacFn) { + if (typeof hashLen !== 'number' || hashLen < 2) + throw new Error('hashLen must be a number'); + if (typeof qByteLen !== 'number' || qByteLen < 2) + throw new Error('qByteLen must be a number'); + if (typeof hmacFn !== 'function') + throw new Error('hmacFn must be a function'); + // Step B, Step C: set hashLen to 8*ceil(hlen/8) + let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same + let i = 0; // Iterations counter, will throw when over 1000 + const reset = () => { + v.fill(1); + k.fill(0); + i = 0; + }; + const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values) + const reseed = (seed = u8n()) => { + // HMAC-DRBG reseed() function. Steps D-G + k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed) + v = h(); // v = hmac(k || v) + if (seed.length === 0) + return; + k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed) + v = h(); // v = hmac(k || v) + }; + const gen = () => { + // HMAC-DRBG generate() function + if (i++ >= 1000) + throw new Error('drbg: tried 1000 values'); + let len = 0; + const out = []; + while (len < qByteLen) { + v = h(); + const sl = v.slice(); + out.push(sl); + len += v.length; + } + return concatBytes(...out); + }; + const genUntil = (seed, pred) => { + reset(); + reseed(seed); // Steps D-G + let res = undefined; // Step H: grind until k is in [1..n-1] + while (!(res = pred(gen()))) + reseed(); + reset(); + return res; + }; + return genUntil; +} +// Validating curves and fields +const validatorFns = { + bigint: (val) => typeof val === 'bigint', + function: (val) => typeof val === 'function', + boolean: (val) => typeof val === 'boolean', + string: (val) => typeof val === 'string', + stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val), + isSafeInteger: (val) => Number.isSafeInteger(val), + array: (val) => Array.isArray(val), + field: (val, object) => object.Fp.isValid(val), + hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen), +}; +// type Record = { [P in K]: T; } +function validateObject(object, validators, optValidators = {}) { + const checkField = (fieldName, type, isOptional) => { + const checkVal = validatorFns[type]; + if (typeof checkVal !== 'function') + throw new Error(`Invalid validator "${type}", expected function`); + const val = object[fieldName]; + if (isOptional && val === undefined) + return; + if (!checkVal(val, object)) { + throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`); + } + }; + for (const [fieldName, type] of Object.entries(validators)) + checkField(fieldName, type, false); + for (const [fieldName, type] of Object.entries(optValidators)) + checkField(fieldName, type, true); + return object; +} +// validate type tests +// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; +// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok! +// // Should fail type-check +// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' }); +// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' }); +// const z3 = validateObject(o, { test: 'boolean', z: 'bug' }); +// const z4 = validateObject(o, { a: 'boolean', z: 'bug' }); +/** + * throws not implemented error + */ +const notImplemented = () => { + throw new Error('not implemented'); +}; +/** + * Memoizes (caches) computation result. + * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed. + */ +function memoized(fn) { + const map = new WeakMap(); + return (arg, ...args) => { + const val = map.get(arg); + if (val !== undefined) + return val; + const computed = fn(arg, ...args); + map.set(arg, computed); + return computed; + }; } -var bn_interface = /*#__PURE__*/Object.freeze({ +var ut = /*#__PURE__*/Object.freeze({ __proto__: null, - 'default': BigInteger$1 + aInRange: aInRange, + abool: abool, + abytes: abytes, + bitGet: bitGet, + bitLen: bitLen, + bitMask: bitMask, + bitSet: bitSet, + bytesToHex: bytesToHex, + bytesToNumberBE: bytesToNumberBE, + bytesToNumberLE: bytesToNumberLE, + concatBytes: concatBytes, + createHmacDrbg: createHmacDrbg, + ensureBytes: ensureBytes, + equalBytes: equalBytes, + hexToBytes: hexToBytes, + hexToNumber: hexToNumber, + inRange: inRange, + isBytes: isBytes, + memoized: memoized, + notImplemented: notImplemented, + numberToBytesBE: numberToBytesBE, + numberToBytesLE: numberToBytesLE, + numberToHexUnpadded: numberToHexUnpadded, + numberToVarBytesBE: numberToVarBytesBE, + utf8ToBytes: utf8ToBytes, + validateObject: validateObject }); -var utils_1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Utilities for modular arithmetics and finite fields +// prettier-ignore +const _0n$5 = BigInt(0), _1n$7 = BigInt(1), _2n$4 = BigInt(2), _3n$2 = BigInt(3); +// prettier-ignore +const _4n = BigInt(4), _5n = BigInt(5), _8n$1 = BigInt(8); +// prettier-ignore +BigInt(9); BigInt(16); +// Calculates a modulo b +function mod(a, b) { + const result = a % b; + return result >= _0n$5 ? result : b + result; +} +/** + * Efficiently raise num to power and do modular division. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + * @example + * pow(2n, 6n, 11n) // 64n % 11n == 9n + */ +// TODO: use field version && remove +function pow(num, power, modulo) { + if (modulo <= _0n$5 || power < _0n$5) + throw new Error('Expected power/modulo > 0'); + if (modulo === _1n$7) + return _0n$5; + let res = _1n$7; + while (power > _0n$5) { + if (power & _1n$7) + res = (res * num) % modulo; + num = (num * num) % modulo; + power >>= _1n$7; + } return res; - } - if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } else { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); +} +// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) +function pow2(x, power, modulo) { + let res = x; + while (power-- > _0n$5) { + res *= res; + res %= modulo; } - } - return res; + return res; } -utils.toArray = toArray; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; +// Inverses number over modulo +function invert(number, modulo) { + if (number === _0n$5 || modulo <= _0n$5) { + throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); + } + // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/ + // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower. + let a = mod(number, modulo); + let b = modulo; + // prettier-ignore + let x = _0n$5, u = _1n$7; + while (a !== _0n$5) { + // JIT applies optimization if those two lines follow each other + const q = b / a; + const r = b % a; + const m = x - u * q; + // prettier-ignore + b = a, a = r, x = u, u = m; + } + const gcd = b; + if (gcd !== _1n$7) + throw new Error('invert: does not exist'); + return mod(x, modulo); +} +/** + * Tonelli-Shanks square root search algorithm. + * 1. https://eprint.iacr.org/2012/685.pdf (page 12) + * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks + * Will start an infinite loop if field order P is not prime. + * @param P field order + * @returns function that takes field Fp (created from P) and number n + */ +function tonelliShanks(P) { + // Legendre constant: used to calculate Legendre symbol (a | p), + // which denotes the value of a^((p-1)/2) (mod p). + // (a | p) ≡ 1 if a is a square (mod p) + // (a | p) ≡ -1 if a is not a square (mod p) + // (a | p) ≡ 0 if a ≡ 0 (mod p) + const legendreC = (P - _1n$7) / _2n$4; + let Q, S, Z; + // Step 1: By factoring out powers of 2 from p - 1, + // find q and s such that p - 1 = q*(2^s) with q odd + for (Q = P - _1n$7, S = 0; Q % _2n$4 === _0n$5; Q /= _2n$4, S++) + ; + // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq + for (Z = _2n$4; Z < P && pow(Z, legendreC, P) !== P - _1n$7; Z++) + ; + // Fast-path + if (S === 1) { + const p1div4 = (P + _1n$7) / _4n; + return function tonelliFast(Fp, n) { + const root = Fp.pow(n, p1div4); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Slow-path + const Q1div2 = (Q + _1n$7) / _2n$4; + return function tonelliSlow(Fp, n) { + // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1 + if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) + throw new Error('Cannot find square root'); + let r = S; + // TODO: will fail at Fp2/etc + let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b + let x = Fp.pow(n, Q1div2); // first guess at the square root + let b = Fp.pow(n, Q); // first guess at the fudge factor + while (!Fp.eql(b, Fp.ONE)) { + if (Fp.eql(b, Fp.ZERO)) + return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0) + // Find m such b^(2^m)==1 + let m = 1; + for (let t2 = Fp.sqr(b); m < r; m++) { + if (Fp.eql(t2, Fp.ONE)) + break; + t2 = Fp.sqr(t2); // t2 *= t2 + } + // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow + const ge = Fp.pow(g, _1n$7 << BigInt(r - m - 1)); // ge = 2^(r-m-1) + g = Fp.sqr(ge); // g = ge * ge + x = Fp.mul(x, ge); // x *= ge + b = Fp.mul(b, g); // b *= g + r = m; + } + return x; + }; +} +function FpSqrt(P) { + // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. + // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve). + // P ≡ 3 (mod 4) + // √n = n^((P+1)/4) + if (P % _4n === _3n$2) { + // Not all roots possible! + // const ORDER = + // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn; + // const NUM = 72057594037927816n; + const p1div4 = (P + _1n$7) / _4n; + return function sqrt3mod4(Fp, n) { + const root = Fp.pow(n, p1div4); + // Throw if root**2 != n + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10) + if (P % _8n$1 === _5n) { + const c1 = (P - _5n) / _8n$1; + return function sqrt5mod8(Fp, n) { + const n2 = Fp.mul(n, _2n$4); + const v = Fp.pow(n2, c1); + const nv = Fp.mul(n, v); + const i = Fp.mul(Fp.mul(nv, _2n$4), v); + const root = Fp.mul(nv, Fp.sub(i, Fp.ONE)); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Other cases: Tonelli-Shanks algorithm + return tonelliShanks(P); +} +// prettier-ignore +const FIELD_FIELDS = [ + 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr', + 'eql', 'add', 'sub', 'mul', 'pow', 'div', + 'addN', 'subN', 'mulN', 'sqrN' +]; +function validateField(field) { + const initial = { + ORDER: 'bigint', + MASK: 'bigint', + BYTES: 'isSafeInteger', + BITS: 'isSafeInteger', + }; + const opts = FIELD_FIELDS.reduce((map, val) => { + map[val] = 'function'; + return map; + }, initial); + return validateObject(field, opts); +} +// Generic field functions +/** + * Same as `pow` but for Fp: non-constant-time. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + */ +function FpPow(f, num, power) { + // Should have same speed as pow for bigints + // TODO: benchmark! + if (power < _0n$5) + throw new Error('Expected power > 0'); + if (power === _0n$5) + return f.ONE; + if (power === _1n$7) + return num; + let p = f.ONE; + let d = num; + while (power > _0n$5) { + if (power & _1n$7) + p = f.mul(p, d); + d = f.sqr(d); + power >>= _1n$7; + } + return p; +} +/** + * Efficiently invert an array of Field elements. + * `inv(0)` will return `undefined` here: make sure to throw an error. + */ +function FpInvertBatch(f, nums) { + const tmp = new Array(nums.length); + // Walk from first to last, multiply them by each other MOD p + const lastMultiplied = nums.reduce((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = acc; + return f.mul(acc, num); + }, f.ONE); + // Invert last element + const inverted = f.inv(lastMultiplied); + // Walk from last to first, multiply them by inverted each other MOD p + nums.reduceRight((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = f.mul(acc, tmp[i]); + return f.mul(acc, num); + }, inverted); + return tmp; +} +// CURVE.n lengths +function nLength(n, nBitLength) { + // Bit size, byte size of CURVE.n + const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; + const nByteLength = Math.ceil(_nBitLength / 8); + return { nBitLength: _nBitLength, nByteLength }; +} +/** + * Initializes a finite field over prime. **Non-primes are not supported.** + * Do not init in loop: slow. Very fragile: always run a benchmark on a change. + * Major performance optimizations: + * * a) denormalized operations like mulN instead of mul + * * b) same object shape: never add or remove keys + * * c) Object.freeze + * NOTE: operations don't check 'isValid' for all elements for performance reasons, + * it is caller responsibility to check this. + * This is low-level code, please make sure you know what you doing. + * @param ORDER prime positive bigint + * @param bitLen how many bits the field consumes + * @param isLE (def: false) if encoding / decoding should be in little-endian + * @param redef optional faster redefinitions of sqrt and other methods + */ +function Field(ORDER, bitLen, isLE = false, redef = {}) { + if (ORDER <= _0n$5) + throw new Error(`Expected Field ORDER > 0, got ${ORDER}`); + const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen); + if (BYTES > 2048) + throw new Error('Field lengths over 2048 bytes are not supported'); + const sqrtP = FpSqrt(ORDER); + const f = Object.freeze({ + ORDER, + BITS, + BYTES, + MASK: bitMask(BITS), + ZERO: _0n$5, + ONE: _1n$7, + create: (num) => mod(num, ORDER), + isValid: (num) => { + if (typeof num !== 'bigint') + throw new Error(`Invalid field element: expected bigint, got ${typeof num}`); + return _0n$5 <= num && num < ORDER; // 0 is valid element, but it's not invertible + }, + is0: (num) => num === _0n$5, + isOdd: (num) => (num & _1n$7) === _1n$7, + neg: (num) => mod(-num, ORDER), + eql: (lhs, rhs) => lhs === rhs, + sqr: (num) => mod(num * num, ORDER), + add: (lhs, rhs) => mod(lhs + rhs, ORDER), + sub: (lhs, rhs) => mod(lhs - rhs, ORDER), + mul: (lhs, rhs) => mod(lhs * rhs, ORDER), + pow: (num, power) => FpPow(f, num, power), + div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), + // Same as above, but doesn't normalize + sqrN: (num) => num * num, + addN: (lhs, rhs) => lhs + rhs, + subN: (lhs, rhs) => lhs - rhs, + mulN: (lhs, rhs) => lhs * rhs, + inv: (num) => invert(num, ORDER), + sqrt: redef.sqrt || ((n) => sqrtP(f, n)), + invertBatch: (lst) => FpInvertBatch(f, lst), + // TODO: do we really need constant cmov? + // We don't have const-time bigints anyway, so probably will be not very useful + cmov: (a, b, c) => (c ? b : a), + toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)), + fromBytes: (bytes) => { + if (bytes.length !== BYTES) + throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`); + return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes); + }, + }); + return Object.freeze(f); +} +/** + * Returns total number of bytes consumed by the field element. + * For example, 32 bytes for usual 256-bit weierstrass curve. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of field + */ +function getFieldBytesLength(fieldOrder) { + if (typeof fieldOrder !== 'bigint') + throw new Error('field order must be bigint'); + const bitLength = fieldOrder.toString(2).length; + return Math.ceil(bitLength / 8); +} +/** + * Returns minimal amount of bytes that can be safely reduced + * by field order. + * Should be 2^-128 for 128-bit curve such as P256. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of target hash + */ +function getMinHashLength(fieldOrder) { + const length = getFieldBytesLength(fieldOrder); + return length + Math.ceil(length / 2); +} +/** + * "Constant-time" private key generation utility. + * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF + * and convert them into private scalar, with the modulo bias being negligible. + * Needs at least 48 bytes of input for 32-byte private key. + * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/ + * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final + * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5 + * @param hash hash output from SHA3 or a similar function + * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n) + * @param isLE interpret hash bytes as LE num + * @returns valid private scalar + */ +function mapHashToField(key, fieldOrder, isLE = false) { + const len = key.length; + const fieldLen = getFieldBytesLength(fieldOrder); + const minLen = getMinHashLength(fieldOrder); + // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings. + if (len < 16 || len < minLen || len > 1024) + throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`); + const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key); + // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0 + const reduced = mod(num, fieldOrder - _1n$7) + _1n$7; + return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Abelian group utilities +const _0n$4 = BigInt(0); +const _1n$6 = BigInt(1); +// Since points in different groups cannot be equal (different object constructor), +// we can have single place to store precomputes +const pointPrecomputes = new WeakMap(); +const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside) +// Elliptic curve multiplication of Point by scalar. Fragile. +// Scalars should always be less than curve order: this should be checked inside of a curve itself. +// Creates precomputation tables for fast multiplication: +// - private scalar is split by fixed size windows of W bits +// - every window point is collected from window's table & added to accumulator +// - since windows are different, same point inside tables won't be accessed more than once per calc +// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar) +// - +1 window is neccessary for wNAF +// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication +// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow +// windows to be in different memory locations +function wNAF(c, bits) { + const constTimeNegate = (condition, item) => { + const neg = item.negate(); + return condition ? neg : item; + }; + const validateW = (W) => { + if (!Number.isSafeInteger(W) || W <= 0 || W > bits) + throw new Error(`Wrong window size=${W}, should be [1..${bits}]`); + }; + const opts = (W) => { + validateW(W); + const windows = Math.ceil(bits / W) + 1; // +1, because + const windowSize = 2 ** (W - 1); // -1 because we skip zero + return { windows, windowSize }; + }; + return { + constTimeNegate, + // non-const time multiplication ladder + unsafeLadder(elm, n) { + let p = c.ZERO; + let d = elm; + while (n > _0n$4) { + if (n & _1n$6) + p = p.add(d); + d = d.double(); + n >>= _1n$6; + } + return p; + }, + /** + * Creates a wNAF precomputation window. Used for caching. + * Default window size is set by `utils.precompute()` and is equal to 8. + * Number of precomputed points depends on the curve size: + * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: + * - 𝑊 is the window size + * - 𝑛 is the bitlength of the curve order. + * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. + * @returns precomputed point tables flattened to a single array + */ + precomputeWindow(elm, W) { + const { windows, windowSize } = opts(W); + const points = []; + let p = elm; + let base = p; + for (let window = 0; window < windows; window++) { + base = p; + points.push(base); + // =1, because we skip zero + for (let i = 1; i < windowSize; i++) { + base = base.add(p); + points.push(base); + } + p = base.double(); + } + return points; + }, + /** + * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. + * @param W window size + * @param precomputes precomputed tables + * @param n scalar (we don't check here, but should be less than curve order) + * @returns real and fake (for const-time) points + */ + wNAF(W, precomputes, n) { + // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise + // But need to carefully remove other checks before wNAF. ORDER == bits here + const { windows, windowSize } = opts(W); + let p = c.ZERO; + let f = c.BASE; + const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc. + const maxNumber = 2 ** W; + const shiftBy = BigInt(W); + for (let window = 0; window < windows; window++) { + const offset = window * windowSize; + // Extract W bits. + let wbits = Number(n & mask); + // Shift number by W bits. + n >>= shiftBy; + // If the bits are bigger than max size, we'll split those. + // +224 => 256 - 32 + if (wbits > windowSize) { + wbits -= maxNumber; + n += _1n$6; + } + // This code was first written with assumption that 'f' and 'p' will never be infinity point: + // since each addition is multiplied by 2 ** W, it cannot cancel each other. However, + // there is negate now: it is possible that negated element from low value + // would be the same as high element, which will create carry into next window. + // It's not obvious how this can fail, but still worth investigating later. + // Check if we're onto Zero point. + // Add random point inside current window to f. + const offset1 = offset; + const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero + const cond1 = window % 2 !== 0; + const cond2 = wbits < 0; + if (wbits === 0) { + // The most important part for const-time getPublicKey + f = f.add(constTimeNegate(cond1, precomputes[offset1])); + } + else { + p = p.add(constTimeNegate(cond2, precomputes[offset2])); + } + } + // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ() + // Even if the variable is still unused, there are some checks which will + // throw an exception, so compiler needs to prove they won't happen, which is hard. + // At this point there is a way to F be infinity-point even if p is not, + // which makes it less const-time: around 1 bigint multiply. + return { p, f }; + }, + wNAFCached(P, n, transform) { + const W = pointWindowSizes.get(P) || 1; + // Calculate precomputes on a first run, reuse them after + let comp = pointPrecomputes.get(P); + if (!comp) { + comp = this.precomputeWindow(P, W); + if (W !== 1) + pointPrecomputes.set(P, transform(comp)); + } + return this.wNAF(W, comp, n); + }, + // We calculate precomputes for elliptic curve point multiplication + // using windowed method. This specifies window size and + // stores precomputed values. Usually only base point would be precomputed. + setWindowSize(P, W) { + validateW(W); + pointWindowSizes.set(P, W); + pointPrecomputes.delete(P); + }, + }; +} +/** + * Pippenger algorithm for multi-scalar multiplication (MSM). + * MSM is basically (Pa + Qb + Rc + ...). + * 30x faster vs naive addition on L=4096, 10x faster with precomputes. + * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL. + * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0. + * @param c Curve Point constructor + * @param field field over CURVE.N - important that it's not over CURVE.P + * @param points array of L curve points + * @param scalars array of L scalars (aka private keys / bigints) + */ +function pippenger(c, field, points, scalars) { + // If we split scalars by some window (let's say 8 bits), every chunk will only + // take 256 buckets even if there are 4096 scalars, also re-uses double. + // TODO: + // - https://eprint.iacr.org/2024/750.pdf + // - https://tches.iacr.org/index.php/TCHES/article/view/10287 + // 0 is accepted in scalars + if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length) + throw new Error('arrays of points and scalars must have equal length'); + scalars.forEach((s, i) => { + if (!field.isValid(s)) + throw new Error(`wrong scalar at index ${i}`); + }); + points.forEach((p, i) => { + if (!(p instanceof c)) + throw new Error(`wrong point at index ${i}`); + }); + const wbits = bitLen(BigInt(points.length)); + const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits + const MASK = (1 << windowSize) - 1; + const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array + const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize; + let sum = c.ZERO; + for (let i = lastBits; i >= 0; i -= windowSize) { + buckets.fill(c.ZERO); + for (let j = 0; j < scalars.length; j++) { + const scalar = scalars[j]; + const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK)); + buckets[wbits] = buckets[wbits].add(points[j]); + } + let resI = c.ZERO; // not using this will do small speed-up, but will lose ct + // Skip first bucket, because it is zero + for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) { + sumI = sumI.add(buckets[j]); + resI = resI.add(sumI); + } + sum = sum.add(resI); + if (i !== 0) + for (let j = 0; j < windowSize; j++) + sum = sum.double(); + } + return sum; +} +function validateBasic(curve) { + validateField(curve.Fp); + validateObject(curve, { + n: 'bigint', + h: 'bigint', + Gx: 'field', + Gy: 'field', + }, { + nBitLength: 'isSafeInteger', + nByteLength: 'isSafeInteger', + }); + // Set defaults + return Object.freeze({ + ...nLength(curve.n, curve.nBitLength), + ...curve, + ...{ p: curve.Fp.ORDER }, + }); } -utils.zero2 = zero2; -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Short Weierstrass curve. The formula is: y² = x³ + ax + b +function validateSigVerOpts(opts) { + if (opts.lowS !== undefined) + abool('lowS', opts.lowS); + if (opts.prehash !== undefined) + abool('prehash', opts.prehash); +} +function validatePointOpts(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + a: 'field', + b: 'field', + }, { + allowedPrivateKeyLengths: 'array', + wrapPrivateKey: 'boolean', + isTorsionFree: 'function', + clearCofactor: 'function', + allowInfinityPoint: 'boolean', + fromBytes: 'function', + toBytes: 'function', + }); + const { endo, Fp, a } = opts; + if (endo) { + if (!Fp.eql(a, Fp.ZERO)) { + throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0'); + } + if (typeof endo !== 'object' || + typeof endo.beta !== 'bigint' || + typeof endo.splitScalar !== 'function') { + throw new Error('Expected endomorphism with beta: bigint and splitScalar: function'); + } + } + return Object.freeze({ ...opts }); +} +const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut; +/** + * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format: + * + * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S] + * + * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html + */ +const DER = { + // asn.1 DER encoding utils + Err: class DERErr extends Error { + constructor(m = '') { + super(m); + } + }, + // Basic building block is TLV (Tag-Length-Value) + _tlv: { + encode: (tag, data) => { + const { Err: E } = DER; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length & 1) + throw new E('tlv.encode: unpadded data'); + const dataLen = data.length / 2; + const len = numberToHexUnpadded(dataLen); + if ((len.length / 2) & 128) + throw new E('tlv.encode: long form length too big'); + // length of length with long form flag + const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : ''; + return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`; + }, + // v - value, l - left bytes (unparsed) + decode(tag, data) { + const { Err: E } = DER; + let pos = 0; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length < 2 || data[pos++] !== tag) + throw new E('tlv.decode: wrong tlv'); + const first = data[pos++]; + const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form + let length = 0; + if (!isLong) + length = first; + else { + // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)] + const lenLen = first & 127; + if (!lenLen) + throw new E('tlv.decode(long): indefinite length not supported'); + if (lenLen > 4) + throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js + const lengthBytes = data.subarray(pos, pos + lenLen); + if (lengthBytes.length !== lenLen) + throw new E('tlv.decode: length bytes not complete'); + if (lengthBytes[0] === 0) + throw new E('tlv.decode(long): zero leftmost byte'); + for (const b of lengthBytes) + length = (length << 8) | b; + pos += lenLen; + if (length < 128) + throw new E('tlv.decode(long): not minimal encoding'); + } + const v = data.subarray(pos, pos + length); + if (v.length !== length) + throw new E('tlv.decode: wrong value length'); + return { v, l: data.subarray(pos + length) }; + }, + }, + // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, + // since we always use positive integers here. It must always be empty: + // - add zero byte if exists + // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) + _int: { + encode(num) { + const { Err: E } = DER; + if (num < _0n$3) + throw new E('integer: negative integers are not allowed'); + let hex = numberToHexUnpadded(num); + // Pad with zero byte if negative flag is present + if (Number.parseInt(hex[0], 16) & 0b1000) + hex = '00' + hex; + if (hex.length & 1) + throw new E('unexpected assertion'); + return hex; + }, + decode(data) { + const { Err: E } = DER; + if (data[0] & 128) + throw new E('Invalid signature integer: negative'); + if (data[0] === 0x00 && !(data[1] & 128)) + throw new E('Invalid signature integer: unnecessary leading zero'); + return b2n(data); + }, + }, + toSig(hex) { + // parse DER signature + const { Err: E, _int: int, _tlv: tlv } = DER; + const data = typeof hex === 'string' ? h2b(hex) : hex; + abytes(data); + const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data); + if (seqLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes); + const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes); + if (sLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + return { r: int.decode(rBytes), s: int.decode(sBytes) }; + }, + hexFromSig(sig) { + const { _tlv: tlv, _int: int } = DER; + const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`; + return tlv.encode(0x30, seq); + }, +}; +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$3 = BigInt(0), _1n$5 = BigInt(1); BigInt(2); const _3n$1 = BigInt(3); BigInt(4); +function weierstrassPoints(opts) { + const CURVE = validatePointOpts(opts); + const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ + const Fn = Field(CURVE.n, CURVE.nBitLength); + const toBytes = CURVE.toBytes || + ((_c, point, _isCompressed) => { + const a = point.toAffine(); + return concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y)); + }); + const fromBytes = CURVE.fromBytes || + ((bytes) => { + // const head = bytes[0]; + const tail = bytes.subarray(1); + // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported'); + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + }); + /** + * y² = x³ + ax + b: Short weierstrass curve formula + * @returns y² + */ + function weierstrassEquation(x) { + const { a, b } = CURVE; + const x2 = Fp.sqr(x); // x * x + const x3 = Fp.mul(x2, x); // x2 * x + return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b + } + // Validate whether the passed curve params are valid. + // We check if curve equation works for generator point. + // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381. + // ProjectivePoint class has not been initialized yet. + if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx))) + throw new Error('bad generator point: equation left != right'); + // Valid group elements reside in range 1..n-1 + function isWithinCurveOrder(num) { + return inRange(num, _1n$5, CURVE.n); + } + // Validates if priv key is valid and converts it to bigint. + // Supports options allowedPrivateKeyLengths and wrapPrivateKey. + function normPrivateKeyToScalar(key) { + const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE; + if (lengths && typeof key !== 'bigint') { + if (isBytes(key)) + key = bytesToHex(key); + // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes + if (typeof key !== 'string' || !lengths.includes(key.length)) + throw new Error('Invalid key'); + key = key.padStart(nByteLength * 2, '0'); + } + let num; + try { + num = + typeof key === 'bigint' + ? key + : bytesToNumberBE(ensureBytes('private key', key, nByteLength)); + } + catch (error) { + throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`); + } + if (wrapPrivateKey) + num = mod(num, N); // disabled by default, enabled for BLS + aInRange('private key', num, _1n$5, N); // num in range [1..N-1] + return num; + } + function assertPrjPoint(other) { + if (!(other instanceof Point)) + throw new Error('ProjectivePoint expected'); + } + // Memoized toAffine / validity check. They are heavy. Points are immutable. + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + const toAffineMemo = memoized((p, iz) => { + const { px: x, py: y, pz: z } = p; + // Fast-path for normalized points + if (Fp.eql(z, Fp.ONE)) + return { x, y }; + const is0 = p.is0(); + // If invZ was 0, we return zero point. However we still want to execute + // all operations, so we replace invZ with a random number, 1. + if (iz == null) + iz = is0 ? Fp.ONE : Fp.inv(z); + const ax = Fp.mul(x, iz); + const ay = Fp.mul(y, iz); + const zz = Fp.mul(z, iz); + if (is0) + return { x: Fp.ZERO, y: Fp.ZERO }; + if (!Fp.eql(zz, Fp.ONE)) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + // NOTE: on exception this will crash 'cached' and no value will be set. + // Otherwise true will be return + const assertValidMemo = memoized((p) => { + if (p.is0()) { + // (0, 1, 0) aka ZERO is invalid in most contexts. + // In BLS, ZERO can be serialized, so we allow it. + // (0, 0, 0) is wrong representation of ZERO and is always invalid. + if (CURVE.allowInfinityPoint && !Fp.is0(p.py)) + return; + throw new Error('bad point: ZERO'); + } + // Some 3rd-party test vectors require different wording between here & `fromCompressedHex` + const { x, y } = p.toAffine(); + // Check if x, y are valid field elements + if (!Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('bad point: x or y not FE'); + const left = Fp.sqr(y); // y² + const right = weierstrassEquation(x); // x³ + ax + b + if (!Fp.eql(left, right)) + throw new Error('bad point: equation left != right'); + if (!p.isTorsionFree()) + throw new Error('bad point: not in prime-order subgroup'); + return true; + }); + /** + * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z) + * Default Point works in 2d / affine coordinates: (x, y) + * We're doing calculations in projective, because its operations don't require costly inversion. + */ + class Point { + constructor(px, py, pz) { + this.px = px; + this.py = py; + this.pz = pz; + if (px == null || !Fp.isValid(px)) + throw new Error('x required'); + if (py == null || !Fp.isValid(py)) + throw new Error('y required'); + if (pz == null || !Fp.isValid(pz)) + throw new Error('z required'); + Object.freeze(this); + } + // Does not validate if the point is on-curve. + // Use fromHex instead, or call assertValidity() later. + static fromAffine(p) { + const { x, y } = p || {}; + if (!p || !Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('invalid affine point'); + if (p instanceof Point) + throw new Error('projective point not allowed'); + const is0 = (i) => Fp.eql(i, Fp.ZERO); + // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0) + if (is0(x) && is0(y)) + return Point.ZERO; + return new Point(x, y, Fp.ONE); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + /** + * Takes a bunch of Projective Points but executes only one + * inversion on all of them. Inversion is very slow operation, + * so this improves performance massively. + * Optimization: converts a list of projective points to a list of identical points with Z=1. + */ + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.pz)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + /** + * Converts hash string or Uint8Array to Point. + * @param hex short/long ECDSA hex + */ + static fromHex(hex) { + const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex))); + P.assertValidity(); + return P; + } + // Multiplies generator point by privateKey. + static fromPrivateKey(privateKey) { + return Point.BASE.multiply(normPrivateKeyToScalar(privateKey)); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // A point on curve is valid if it conforms to equation. + assertValidity() { + assertValidMemo(this); + } + hasEvenY() { + const { y } = this.toAffine(); + if (Fp.isOdd) + return !Fp.isOdd(y); + throw new Error("Field doesn't support isOdd"); + } + /** + * Compare one point to another. + */ + equals(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1)); + const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1)); + return U1 && U2; + } + /** + * Flips point to one corresponding to (x, -y) in Affine coordinates. + */ + negate() { + return new Point(this.px, Fp.neg(this.py), this.pz); + } + // Renes-Costello-Batina exception-free doubling formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 3 + // Cost: 8M + 3S + 3*a + 2*b3 + 15add. + double() { + const { a, b } = CURVE; + const b3 = Fp.mul(b, _3n$1); + const { px: X1, py: Y1, pz: Z1 } = this; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + let t0 = Fp.mul(X1, X1); // step 1 + let t1 = Fp.mul(Y1, Y1); + let t2 = Fp.mul(Z1, Z1); + let t3 = Fp.mul(X1, Y1); + t3 = Fp.add(t3, t3); // step 5 + Z3 = Fp.mul(X1, Z1); + Z3 = Fp.add(Z3, Z3); + X3 = Fp.mul(a, Z3); + Y3 = Fp.mul(b3, t2); + Y3 = Fp.add(X3, Y3); // step 10 + X3 = Fp.sub(t1, Y3); + Y3 = Fp.add(t1, Y3); + Y3 = Fp.mul(X3, Y3); + X3 = Fp.mul(t3, X3); + Z3 = Fp.mul(b3, Z3); // step 15 + t2 = Fp.mul(a, t2); + t3 = Fp.sub(t0, t2); + t3 = Fp.mul(a, t3); + t3 = Fp.add(t3, Z3); + Z3 = Fp.add(t0, t0); // step 20 + t0 = Fp.add(Z3, t0); + t0 = Fp.add(t0, t2); + t0 = Fp.mul(t0, t3); + Y3 = Fp.add(Y3, t0); + t2 = Fp.mul(Y1, Z1); // step 25 + t2 = Fp.add(t2, t2); + t0 = Fp.mul(t2, t3); + X3 = Fp.sub(X3, t0); + Z3 = Fp.mul(t2, t1); + Z3 = Fp.add(Z3, Z3); // step 30 + Z3 = Fp.add(Z3, Z3); + return new Point(X3, Y3, Z3); + } + // Renes-Costello-Batina exception-free addition formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 1 + // Cost: 12M + 0S + 3*a + 3*b3 + 23add. + add(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + const a = CURVE.a; + const b3 = Fp.mul(CURVE.b, _3n$1); + let t0 = Fp.mul(X1, X2); // step 1 + let t1 = Fp.mul(Y1, Y2); + let t2 = Fp.mul(Z1, Z2); + let t3 = Fp.add(X1, Y1); + let t4 = Fp.add(X2, Y2); // step 5 + t3 = Fp.mul(t3, t4); + t4 = Fp.add(t0, t1); + t3 = Fp.sub(t3, t4); + t4 = Fp.add(X1, Z1); + let t5 = Fp.add(X2, Z2); // step 10 + t4 = Fp.mul(t4, t5); + t5 = Fp.add(t0, t2); + t4 = Fp.sub(t4, t5); + t5 = Fp.add(Y1, Z1); + X3 = Fp.add(Y2, Z2); // step 15 + t5 = Fp.mul(t5, X3); + X3 = Fp.add(t1, t2); + t5 = Fp.sub(t5, X3); + Z3 = Fp.mul(a, t4); + X3 = Fp.mul(b3, t2); // step 20 + Z3 = Fp.add(X3, Z3); + X3 = Fp.sub(t1, Z3); + Z3 = Fp.add(t1, Z3); + Y3 = Fp.mul(X3, Z3); + t1 = Fp.add(t0, t0); // step 25 + t1 = Fp.add(t1, t0); + t2 = Fp.mul(a, t2); + t4 = Fp.mul(b3, t4); + t1 = Fp.add(t1, t2); + t2 = Fp.sub(t0, t2); // step 30 + t2 = Fp.mul(a, t2); + t4 = Fp.add(t4, t2); + t0 = Fp.mul(t1, t4); + Y3 = Fp.add(Y3, t0); + t0 = Fp.mul(t5, t4); // step 35 + X3 = Fp.mul(t3, X3); + X3 = Fp.sub(X3, t0); + t0 = Fp.mul(t3, t1); + Z3 = Fp.mul(t5, Z3); + Z3 = Fp.add(Z3, t0); // step 40 + return new Point(X3, Y3, Z3); + } + subtract(other) { + return this.add(other.negate()); + } + is0() { + return this.equals(Point.ZERO); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + /** + * Non-constant-time multiplication. Uses double-and-add algorithm. + * It's faster, but should only be used when you don't care about + * an exposed private key e.g. sig verification, which works over *public* keys. + */ + multiplyUnsafe(sc) { + aInRange('scalar', sc, _0n$3, CURVE.n); + const I = Point.ZERO; + if (sc === _0n$3) + return I; + if (sc === _1n$5) + return this; + const { endo } = CURVE; + if (!endo) + return wnaf.unsafeLadder(this, sc); + // Apply endomorphism + let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc); + let k1p = I; + let k2p = I; + let d = this; + while (k1 > _0n$3 || k2 > _0n$3) { + if (k1 & _1n$5) + k1p = k1p.add(d); + if (k2 & _1n$5) + k2p = k2p.add(d); + d = d.double(); + k1 >>= _1n$5; + k2 >>= _1n$5; + } + if (k1neg) + k1p = k1p.negate(); + if (k2neg) + k2p = k2p.negate(); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + return k1p.add(k2p); + } + /** + * Constant time multiplication. + * Uses wNAF method. Windowed method may be 10% faster, + * but takes 2x longer to generate and consumes 2x memory. + * Uses precomputes when available. + * Uses endomorphism for Koblitz curves. + * @param scalar by which the point would be multiplied + * @returns New point + */ + multiply(scalar) { + const { endo, n: N } = CURVE; + aInRange('scalar', scalar, _1n$5, N); + let point, fake; // Fake point is used to const-time mult + if (endo) { + const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar); + let { p: k1p, f: f1p } = this.wNAF(k1); + let { p: k2p, f: f2p } = this.wNAF(k2); + k1p = wnaf.constTimeNegate(k1neg, k1p); + k2p = wnaf.constTimeNegate(k2neg, k2p); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + point = k1p.add(k2p); + fake = f1p.add(f2p); + } + else { + const { p, f } = this.wNAF(scalar); + point = p; + fake = f; + } + // Normalize `z` for both points, but return only real one + return Point.normalizeZ([point, fake])[0]; + } + /** + * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly. + * Not using Strauss-Shamir trick: precomputation tables are faster. + * The trick could be useful if both P and Q are not G (not in our case). + * @returns non-zero affine point + */ + multiplyAndAddUnsafe(Q, a, b) { + const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes + const mul = (P, a // Select faster multiply() method + ) => (a === _0n$3 || a === _1n$5 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a)); + const sum = mul(this, a).add(mul(Q, b)); + return sum.is0() ? undefined : sum; + } + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + toAffine(iz) { + return toAffineMemo(this, iz); + } + isTorsionFree() { + const { h: cofactor, isTorsionFree } = CURVE; + if (cofactor === _1n$5) + return true; // No subgroups, always torsion-free + if (isTorsionFree) + return isTorsionFree(Point, this); + throw new Error('isTorsionFree() has not been declared for the elliptic curve'); + } + clearCofactor() { + const { h: cofactor, clearCofactor } = CURVE; + if (cofactor === _1n$5) + return this; // Fast-path + if (clearCofactor) + return clearCofactor(Point, this); + return this.multiplyUnsafe(CURVE.h); + } + toRawBytes(isCompressed = true) { + abool('isCompressed', isCompressed); + this.assertValidity(); + return toBytes(Point, this, isCompressed); + } + toHex(isCompressed = true) { + abool('isCompressed', isCompressed); + return bytesToHex(this.toRawBytes(isCompressed)); + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); + Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); + const _bits = CURVE.nBitLength; + const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); + // Validate if generator point is on curve + return { + CURVE, + ProjectivePoint: Point, + normPrivateKeyToScalar, + weierstrassEquation, + isWithinCurveOrder, + }; } -utils.toHex = toHex; - -utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; -}; -}); - -var utils_1$1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - - - - -utils.assert = minimalisticAssert; -utils.toArray = utils_1.toArray; -utils.zero2 = utils_1.zero2; -utils.toHex = utils_1.toHex; -utils.encode = utils_1.encode; - -// Represent num in a w-NAF form -function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; +function validateOpts$2(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + hash: 'hash', + hmac: 'function', + randomBytes: 'function', + }, { + bits2int: 'function', + bits2int_modN: 'function', + lowS: 'boolean', + }); + return Object.freeze({ lowS: true, ...opts }); +} +/** + * Creates short weierstrass curve and ECDSA signature methods for it. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, b, p, n, Gx, Gy + * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n }) + */ +function weierstrass(curveDef) { + const CURVE = validateOpts$2(curveDef); + const { Fp, n: CURVE_ORDER } = CURVE; + const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32 + const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32 + function modN(a) { + return mod(a, CURVE_ORDER); + } + function invN(a) { + return invert(a, CURVE_ORDER); + } + const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({ + ...CURVE, + toBytes(_c, point, isCompressed) { + const a = point.toAffine(); + const x = Fp.toBytes(a.x); + const cat = concatBytes; + abool('isCompressed', isCompressed); + if (isCompressed) { + return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x); + } + else { + return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y)); + } + }, + fromBytes(bytes) { + const len = bytes.length; + const head = bytes[0]; + const tail = bytes.subarray(1); + // this.assertValidity() is done inside of fromHex + if (len === compressedLen && (head === 0x02 || head === 0x03)) { + const x = bytesToNumberBE(tail); + if (!inRange(x, _1n$5, Fp.ORDER)) + throw new Error('Point is not on curve'); + const y2 = weierstrassEquation(x); // y² = x³ + ax + b + let y; + try { + y = Fp.sqrt(y2); // y = y² ^ (p+1)/4 + } + catch (sqrtError) { + const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : ''; + throw new Error('Point is not on curve' + suffix); + } + const isYOdd = (y & _1n$5) === _1n$5; + // ECDSA + const isHeadOdd = (head & 1) === 1; + if (isHeadOdd !== isYOdd) + y = Fp.neg(y); + return { x, y }; + } + else if (len === uncompressedLen && head === 0x04) { + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + } + else { + throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`); + } + }, + }); + const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength)); + function isBiggerThanHalfOrder(number) { + const HALF = CURVE_ORDER >> _1n$5; + return number > HALF; } - naf.push(z); - - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.iushrn(shift); - } - - return naf; -} -utils.getNAF = getNAF; - -// Represent k1, k2 in a Joint Sparse Form -function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; + function normalizeS(s) { + return isBiggerThanHalfOrder(s) ? modN(-s) : s; } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; + // slice bytes num + const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to)); + /** + * ECDSA signature with its (r, s) properties. Supports DER & compact representations. + */ + class Signature { + constructor(r, s, recovery) { + this.r = r; + this.s = s; + this.recovery = recovery; + this.assertValidity(); + } + // pair (bytes of r, bytes of s) + static fromCompact(hex) { + const l = CURVE.nByteLength; + hex = ensureBytes('compactSignature', hex, l * 2); + return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l)); + } + // DER encoded ECDSA signature + // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script + static fromDER(hex) { + const { r, s } = DER.toSig(ensureBytes('DER', hex)); + return new Signature(r, s); + } + assertValidity() { + aInRange('r', this.r, _1n$5, CURVE_ORDER); // r in [1..N] + aInRange('s', this.s, _1n$5, CURVE_ORDER); // s in [1..N] + } + addRecoveryBit(recovery) { + return new Signature(this.r, this.s, recovery); + } + recoverPublicKey(msgHash) { + const { r, s, recovery: rec } = this; + const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash + if (rec == null || ![0, 1, 2, 3].includes(rec)) + throw new Error('recovery id invalid'); + const radj = rec === 2 || rec === 3 ? r + CURVE.n : r; + if (radj >= Fp.ORDER) + throw new Error('recovery id 2 or 3 invalid'); + const prefix = (rec & 1) === 0 ? '02' : '03'; + const R = Point.fromHex(prefix + numToNByteStr(radj)); + const ir = invN(radj); // r^-1 + const u1 = modN(-h * ir); // -hr^-1 + const u2 = modN(s * ir); // sr^-1 + const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1) + if (!Q) + throw new Error('point at infinify'); // unsafe is fine: no priv data leaked + Q.assertValidity(); + return Q; + } + // Signatures should be low-s, to prevent malleability. + hasHighS() { + return isBiggerThanHalfOrder(this.s); + } + normalizeS() { + return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this; + } + // DER-encoded + toDERRawBytes() { + return hexToBytes(this.toDERHex()); + } + toDERHex() { + return DER.hexFromSig({ r: this.r, s: this.s }); + } + // padded bytes of r, then padded bytes of s + toCompactRawBytes() { + return hexToBytes(this.toCompactHex()); + } + toCompactHex() { + return numToNByteStr(this.r) + numToNByteStr(this.s); + } + } + const utils = { + isValidPrivateKey(privateKey) { + try { + normPrivateKeyToScalar(privateKey); + return true; + } + catch (error) { + return false; + } + }, + normPrivateKeyToScalar: normPrivateKeyToScalar, + /** + * Produces cryptographically secure private key from random of size + * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible. + */ + randomPrivateKey: () => { + const length = getMinHashLength(CURVE.n); + return mapHashToField(CURVE.randomBytes(length), CURVE.n); + }, + /** + * Creates precompute table for an arbitrary EC point. Makes point "cached". + * Allows to massively speed-up `point.multiply(scalar)`. + * @returns cached point + * @example + * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey)); + * fast.multiply(privKey); // much faster ECDH now + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here + return point; + }, + }; + /** + * Computes public key for a private key. Checks for validity of the private key. + * @param privateKey private key + * @param isCompressed whether to return compact (default), or full key + * @returns Public key, full when isCompressed=false; short when isCompressed=true + */ + function getPublicKey(privateKey, isCompressed = true) { + return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed); } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.iushrn(1); - k2.iushrn(1); - } - - return jsf; + /** + * Quick and dirty check for item being public key. Does not validate hex, or being on-curve. + */ + function isProbPub(item) { + const arr = isBytes(item); + const str = typeof item === 'string'; + const len = (arr || str) && item.length; + if (arr) + return len === compressedLen || len === uncompressedLen; + if (str) + return len === 2 * compressedLen || len === 2 * uncompressedLen; + if (item instanceof Point) + return true; + return false; + } + /** + * ECDH (Elliptic Curve Diffie Hellman). + * Computes shared public key from private key and public key. + * Checks: 1) private key validity 2) shared key is on-curve. + * Does NOT hash the result. + * @param privateA private key + * @param publicB different public key + * @param isCompressed whether to return compact (default), or full key + * @returns shared public key + */ + function getSharedSecret(privateA, publicB, isCompressed = true) { + if (isProbPub(privateA)) + throw new Error('first arg must be private key'); + if (!isProbPub(publicB)) + throw new Error('second arg must be public key'); + const b = Point.fromHex(publicB); // check for being on-curve + return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed); + } + // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets. + // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int. + // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same. + // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors + const bits2int = CURVE.bits2int || + function (bytes) { + // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m) + // for some cases, since bytes.length * 8 is not actual bitLength. + const num = bytesToNumberBE(bytes); // check for == u8 done here + const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits + return delta > 0 ? num >> BigInt(delta) : num; + }; + const bits2int_modN = CURVE.bits2int_modN || + function (bytes) { + return modN(bits2int(bytes)); // can't use bytesToNumberBE here + }; + // NOTE: pads output with zero as per spec + const ORDER_MASK = bitMask(CURVE.nBitLength); + /** + * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`. + */ + function int2octets(num) { + aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n$3, ORDER_MASK); + // works with order, can have different size than numToField! + return numberToBytesBE(num, CURVE.nByteLength); + } + // Steps A, D of RFC6979 3.2 + // Creates RFC6979 seed; converts msg/privKey to numbers. + // Used only in sign, not in verify. + // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521. + // Also it can be bigger for P224 + SHA256 + function prepSig(msgHash, privateKey, opts = defaultSigOpts) { + if (['recovered', 'canonical'].some((k) => k in opts)) + throw new Error('sign() legacy options not supported'); + const { hash, randomBytes } = CURVE; + let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default + if (lowS == null) + lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash + msgHash = ensureBytes('msgHash', msgHash); + validateSigVerOpts(opts); + if (prehash) + msgHash = ensureBytes('prehashed msgHash', hash(msgHash)); + // We can't later call bits2octets, since nested bits2int is broken for curves + // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call. + // const bits2octets = (bits) => int2octets(bits2int_modN(bits)) + const h1int = bits2int_modN(msgHash); + const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint + const seedArgs = [int2octets(d), int2octets(h1int)]; + // extraEntropy. RFC6979 3.6: additional k' (optional). + if (ent != null && ent !== false) { + // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') + const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is + seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes + } + const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2 + const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash! + // Converts signature params into point w r/s, checks result for validity. + function k2sig(kBytes) { + // RFC 6979 Section 3.2, step 3: k = bits2int(T) + const k = bits2int(kBytes); // Cannot use fields methods, since it is group element + if (!isWithinCurveOrder(k)) + return; // Important: all mod() calls here must be done over N + const ik = invN(k); // k^-1 mod n + const q = Point.BASE.multiply(k).toAffine(); // q = Gk + const r = modN(q.x); // r = q.x mod n + if (r === _0n$3) + return; + // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to + // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it: + // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT + const s = modN(ik * modN(m + r * d)); // Not using blinding here + if (s === _0n$3) + return; + let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$5); // recovery bit (2 or 3, when q.x > n) + let normS = s; + if (lowS && isBiggerThanHalfOrder(s)) { + normS = normalizeS(s); // if lowS was passed, ensure s is always + recovery ^= 1; // // in the bottom half of N + } + return new Signature(r, normS, recovery); // use normS, not s + } + return { seed, k2sig }; + } + const defaultSigOpts = { lowS: CURVE.lowS, prehash: false }; + const defaultVerOpts = { lowS: CURVE.lowS, prehash: false }; + /** + * Signs message hash with a private key. + * ``` + * sign(m, d, k) where + * (x, y) = G × k + * r = x mod n + * s = (m + dr)/k mod n + * ``` + * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`. + * @param privKey private key + * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg. + * @returns signature with recovery param + */ + function sign(msgHash, privKey, opts = defaultSigOpts) { + const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2. + const C = CURVE; + const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac); + return drbg(seed, k2sig); // Steps B, C, D, E, F, G + } + // Enable precomputes. Slows down first publicKey computation by 20ms. + Point.BASE._setWindowSize(8); + // utils.precompute(8, ProjectivePoint.BASE) + /** + * Verifies a signature against message hash and public key. + * Rejects lowS signatures by default: to override, + * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf: + * + * ``` + * verify(r, s, h, P) where + * U1 = hs^-1 mod n + * U2 = rs^-1 mod n + * R = U1⋅G - U2⋅P + * mod(R.x, n) == r + * ``` + */ + function verify(signature, msgHash, publicKey, opts = defaultVerOpts) { + const sg = signature; + msgHash = ensureBytes('msgHash', msgHash); + publicKey = ensureBytes('publicKey', publicKey); + if ('strict' in opts) + throw new Error('options.strict was renamed to lowS'); + validateSigVerOpts(opts); + const { lowS, prehash } = opts; + let _sig = undefined; + let P; + try { + if (typeof sg === 'string' || isBytes(sg)) { + // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). + // Since DER can also be 2*nByteLength bytes, we check for it first. + try { + _sig = Signature.fromDER(sg); + } + catch (derError) { + if (!(derError instanceof DER.Err)) + throw derError; + _sig = Signature.fromCompact(sg); + } + } + else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') { + const { r, s } = sg; + _sig = new Signature(r, s); + } + else { + throw new Error('PARSE'); + } + P = Point.fromHex(publicKey); + } + catch (error) { + if (error.message === 'PARSE') + throw new Error(`signature must be Signature instance, Uint8Array or hex string`); + return false; + } + if (lowS && _sig.hasHighS()) + return false; + if (prehash) + msgHash = CURVE.hash(msgHash); + const { r, s } = _sig; + const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element + const is = invN(s); // s^-1 + const u1 = modN(h * is); // u1 = hs^-1 mod n + const u2 = modN(r * is); // u2 = rs^-1 mod n + const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P + if (!R) + return false; + const v = modN(R.x); + return v === r; + } + return { + CURVE, + getPublicKey, + getSharedSecret, + sign, + verify, + ProjectivePoint: Point, + Signature, + utils, + }; } -utils.getJSF = getJSF; -function cachedProperty(obj, name, computer) { - var key = '_' + name; - obj.prototype[name] = function cachedProperty() { - return this[key] !== undefined ? this[key] : - this[key] = computer.call(this); - }; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// connects noble-curves to noble-hashes +function getHash(hash) { + return { + hash, + hmac: (key, ...msgs) => hmac(hash, key, concatBytes$1(...msgs)), + randomBytes, + }; +} +function createCurve(curveDef, defHash) { + const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); + return Object.freeze({ ...create(defHash), create }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp256r1 aka p256 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 +const Fp$7 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')); +const CURVE_A$4 = Fp$7.create(BigInt('-3')); +const CURVE_B$4 = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'); +// prettier-ignore +const p256 = createCurve({ + a: CURVE_A$4, // Equation params: a, b + b: CURVE_B$4, + Fp: Fp$7, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n + // Curve order, total count of valid points in the field + n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'), + // Base (generator) point (x, y) + Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'), + Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'), + h: BigInt(1), + lowS: false, +}, sha256); + +const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1); +const _32n = /* @__PURE__ */ BigInt(32); +// We are not using BigUint64Array, because they are extremely slow as per 2022 +function fromBig(n, le = false) { + if (le) + return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) }; + return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 }; +} +function split(lst, le = false) { + let Ah = new Uint32Array(lst.length); + let Al = new Uint32Array(lst.length); + for (let i = 0; i < lst.length; i++) { + const { h, l } = fromBig(lst[i], le); + [Ah[i], Al[i]] = [h, l]; + } + return [Ah, Al]; +} +const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0); +// for Shift in [0, 32) +const shrSH = (h, _l, s) => h >>> s; +const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in [1, 32) +const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s)); +const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32)); +const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s)); +// Right rotate for shift===32 (just swaps l&h) +const rotr32H = (_h, l) => l; +const rotr32L = (h, _l) => h; +// Left rotate for Shift in [1, 32) +const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s)); +const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s)); +// Left rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s)); +const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s)); +// JS uses 32-bit signed integers for bitwise operations which means we cannot +// simple take carry out of low bit sum by shift, we need to use division. +function add(Ah, Al, Bh, Bl) { + const l = (Al >>> 0) + (Bl >>> 0); + return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 }; +} +// Addition with more than 2 elements +const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0); +const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0; +const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0); +const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0; +const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0); +const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0; +// prettier-ignore +const u64 = { + fromBig, split, toBig, + shrSH, shrSL, + rotrSH, rotrSL, rotrBH, rotrBL, + rotr32H, rotr32L, + rotlSH, rotlSL, rotlBH, rotlBL, + add, add3L, add3H, add4L, add4H, add5H, add5L, +}; + +// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409): +// prettier-ignore +const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([ + '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc', + '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118', + '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2', + '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694', + '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65', + '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5', + '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4', + '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70', + '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df', + '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b', + '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30', + '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8', + '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8', + '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3', + '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec', + '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b', + '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178', + '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b', + '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c', + '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817' +].map(n => BigInt(n))))(); +// Temporary buffer, not used to store anything between runs +const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80); +const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80); +class SHA512 extends HashMD { + constructor() { + super(128, 64, 16, false); + // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers. + // Also looks cleaner and easier to verify with spec. + // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19): + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0x6a09e667 | 0; + this.Al = 0xf3bcc908 | 0; + this.Bh = 0xbb67ae85 | 0; + this.Bl = 0x84caa73b | 0; + this.Ch = 0x3c6ef372 | 0; + this.Cl = 0xfe94f82b | 0; + this.Dh = 0xa54ff53a | 0; + this.Dl = 0x5f1d36f1 | 0; + this.Eh = 0x510e527f | 0; + this.El = 0xade682d1 | 0; + this.Fh = 0x9b05688c | 0; + this.Fl = 0x2b3e6c1f | 0; + this.Gh = 0x1f83d9ab | 0; + this.Gl = 0xfb41bd6b | 0; + this.Hh = 0x5be0cd19 | 0; + this.Hl = 0x137e2179 | 0; + } + // prettier-ignore + get() { + const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl]; + } + // prettier-ignore + set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) { + this.Ah = Ah | 0; + this.Al = Al | 0; + this.Bh = Bh | 0; + this.Bl = Bl | 0; + this.Ch = Ch | 0; + this.Cl = Cl | 0; + this.Dh = Dh | 0; + this.Dl = Dl | 0; + this.Eh = Eh | 0; + this.El = El | 0; + this.Fh = Fh | 0; + this.Fl = Fl | 0; + this.Gh = Gh | 0; + this.Gl = Gl | 0; + this.Hh = Hh | 0; + this.Hl = Hl | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) { + SHA512_W_H[i] = view.getUint32(offset); + SHA512_W_L[i] = view.getUint32((offset += 4)); + } + for (let i = 16; i < 80; i++) { + // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7) + const W15h = SHA512_W_H[i - 15] | 0; + const W15l = SHA512_W_L[i - 15] | 0; + const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7); + const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7); + // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6) + const W2h = SHA512_W_H[i - 2] | 0; + const W2l = SHA512_W_L[i - 2] | 0; + const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6); + const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6); + // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16]; + const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]); + const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]); + SHA512_W_H[i] = SUMh | 0; + SHA512_W_L[i] = SUMl | 0; + } + let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + // Compression function main loop, 80 rounds + for (let i = 0; i < 80; i++) { + // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41) + const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41); + const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41); + //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const CHIh = (Eh & Fh) ^ (~Eh & Gh); + const CHIl = (El & Fl) ^ (~El & Gl); + // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i] + // prettier-ignore + const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]); + const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]); + const T1l = T1ll | 0; + // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39) + const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39); + const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39); + const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch); + const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl); + Hh = Gh | 0; + Hl = Gl | 0; + Gh = Fh | 0; + Gl = Fl | 0; + Fh = Eh | 0; + Fl = El | 0; + ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0)); + Dh = Ch | 0; + Dl = Cl | 0; + Ch = Bh | 0; + Cl = Bl | 0; + Bh = Ah | 0; + Bl = Al | 0; + const All = u64.add3L(T1l, sigma0l, MAJl); + Ah = u64.add3H(All, T1h, sigma0h, MAJh); + Al = All | 0; + } + // Add the compressed chunk to the current hash value + ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0)); + ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0)); + ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0)); + ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0)); + ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0)); + ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0)); + ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0)); + ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0)); + this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl); + } + roundClean() { + SHA512_W_H.fill(0); + SHA512_W_L.fill(0); + } + destroy() { + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + } +} +class SHA384 extends SHA512 { + constructor() { + super(); + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0xcbbb9d5d | 0; + this.Al = 0xc1059ed8 | 0; + this.Bh = 0x629a292a | 0; + this.Bl = 0x367cd507 | 0; + this.Ch = 0x9159015a | 0; + this.Cl = 0x3070dd17 | 0; + this.Dh = 0x152fecd8 | 0; + this.Dl = 0xf70e5939 | 0; + this.Eh = 0x67332667 | 0; + this.El = 0xffc00b31 | 0; + this.Fh = 0x8eb44a87 | 0; + this.Fl = 0x68581511 | 0; + this.Gh = 0xdb0c2e0d | 0; + this.Gl = 0x64f98fa7 | 0; + this.Hh = 0x47b5481d | 0; + this.Hl = 0xbefa4fa4 | 0; + this.outputLen = 48; + } +} +const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512()); +const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384()); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp384r1 aka p384 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 +// Field over which we'll do calculations. +// prettier-ignore +const P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'); +const Fp$6 = Field(P$1); +const CURVE_A$3 = Fp$6.create(BigInt('-3')); +// prettier-ignore +const CURVE_B$3 = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'); +// prettier-ignore +const p384 = createCurve({ + a: CURVE_A$3, // Equation params: a, b + b: CURVE_B$3, + Fp: Fp$6, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n + // Curve order, total count of valid points in the field. + n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'), + // Base (generator) point (x, y) + Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'), + Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'), + h: BigInt(1), + lowS: false, +}, sha384); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp521r1 aka p521 +// Note that it's 521, which differs from 512 of its hash function. +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521 +// Field over which we'll do calculations. +// prettier-ignore +const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); +const Fp$5 = Field(P); +const CURVE = { + a: Fp$5.create(BigInt('-3')), + b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'), + Fp: Fp$5, + n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'), + Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'), + Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'), + h: BigInt(1), +}; +// prettier-ignore +const p521 = createCurve({ + a: CURVE.a, // Equation params: a, b + b: CURVE.b, + Fp: Fp$5, // Field: 2n**521n - 1n + // Curve order, total count of valid points in the field + n: CURVE.n, + Gx: CURVE.Gx, // Base point (x, y) aka generator point + Gy: CURVE.Gy, + h: CURVE.h, + lowS: false, + allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b +}, sha512); + +// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size. +// It's called a sponge function. +// Various per round constants calculations +const SHA3_PI = []; +const SHA3_ROTL = []; +const _SHA3_IOTA = []; +const _0n$2 = /* @__PURE__ */ BigInt(0); +const _1n$4 = /* @__PURE__ */ BigInt(1); +const _2n$3 = /* @__PURE__ */ BigInt(2); +const _7n = /* @__PURE__ */ BigInt(7); +const _256n = /* @__PURE__ */ BigInt(256); +const _0x71n = /* @__PURE__ */ BigInt(0x71); +for (let round = 0, R = _1n$4, x = 1, y = 0; round < 24; round++) { + // Pi + [x, y] = [y, (2 * x + 3 * y) % 5]; + SHA3_PI.push(2 * (5 * y + x)); + // Rotational + SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64); + // Iota + let t = _0n$2; + for (let j = 0; j < 7; j++) { + R = ((R << _1n$4) ^ ((R >> _7n) * _0x71n)) % _256n; + if (R & _2n$3) + t ^= _1n$4 << ((_1n$4 << /* @__PURE__ */ BigInt(j)) - _1n$4); + } + _SHA3_IOTA.push(t); +} +const [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true); +// Left rotation (without 0, 32, 64) +const rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s)); +const rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s)); +// Same as keccakf1600, but allows to skip some rounds +function keccakP(s, rounds = 24) { + const B = new Uint32Array(5 * 2); + // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js) + for (let round = 24 - rounds; round < 24; round++) { + // Theta θ + for (let x = 0; x < 10; x++) + B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40]; + for (let x = 0; x < 10; x += 2) { + const idx1 = (x + 8) % 10; + const idx0 = (x + 2) % 10; + const B0 = B[idx0]; + const B1 = B[idx0 + 1]; + const Th = rotlH(B0, B1, 1) ^ B[idx1]; + const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1]; + for (let y = 0; y < 50; y += 10) { + s[x + y] ^= Th; + s[x + y + 1] ^= Tl; + } + } + // Rho (ρ) and Pi (π) + let curH = s[2]; + let curL = s[3]; + for (let t = 0; t < 24; t++) { + const shift = SHA3_ROTL[t]; + const Th = rotlH(curH, curL, shift); + const Tl = rotlL(curH, curL, shift); + const PI = SHA3_PI[t]; + curH = s[PI]; + curL = s[PI + 1]; + s[PI] = Th; + s[PI + 1] = Tl; + } + // Chi (χ) + for (let y = 0; y < 50; y += 10) { + for (let x = 0; x < 10; x++) + B[x] = s[y + x]; + for (let x = 0; x < 10; x++) + s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10]; + } + // Iota (ι) + s[0] ^= SHA3_IOTA_H[round]; + s[1] ^= SHA3_IOTA_L[round]; + } + B.fill(0); +} +class Keccak extends Hash { + // NOTE: we accept arguments in bytes instead of bits here. + constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) { + super(); + this.blockLen = blockLen; + this.suffix = suffix; + this.outputLen = outputLen; + this.enableXOF = enableXOF; + this.rounds = rounds; + this.pos = 0; + this.posOut = 0; + this.finished = false; + this.destroyed = false; + // Can be passed from user as dkLen + number(outputLen); + // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes + if (0 >= this.blockLen || this.blockLen >= 200) + throw new Error('Sha3 supports only keccak-f1600 function'); + this.state = new Uint8Array(200); + this.state32 = u32(this.state); + } + keccak() { + if (!isLE) + byteSwap32(this.state32); + keccakP(this.state32, this.rounds); + if (!isLE) + byteSwap32(this.state32); + this.posOut = 0; + this.pos = 0; + } + update(data) { + exists(this); + const { blockLen, state } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + for (let i = 0; i < take; i++) + state[this.pos++] ^= data[pos++]; + if (this.pos === blockLen) + this.keccak(); + } + return this; + } + finish() { + if (this.finished) + return; + this.finished = true; + const { state, suffix, pos, blockLen } = this; + // Do the padding + state[pos] ^= suffix; + if ((suffix & 0x80) !== 0 && pos === blockLen - 1) + this.keccak(); + state[blockLen - 1] ^= 0x80; + this.keccak(); + } + writeInto(out) { + exists(this, false); + bytes(out); + this.finish(); + const bufferOut = this.state; + const { blockLen } = this; + for (let pos = 0, len = out.length; pos < len;) { + if (this.posOut >= blockLen) + this.keccak(); + const take = Math.min(blockLen - this.posOut, len - pos); + out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos); + this.posOut += take; + pos += take; + } + return out; + } + xofInto(out) { + // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF + if (!this.enableXOF) + throw new Error('XOF is not possible for this instance'); + return this.writeInto(out); + } + xof(bytes) { + number(bytes); + return this.xofInto(new Uint8Array(bytes)); + } + digestInto(out) { + output(out, this); + if (this.finished) + throw new Error('digest() was already called'); + this.writeInto(out); + this.destroy(); + return out; + } + digest() { + return this.digestInto(new Uint8Array(this.outputLen)); + } + destroy() { + this.destroyed = true; + this.state.fill(0); + } + _cloneInto(to) { + const { blockLen, suffix, outputLen, rounds, enableXOF } = this; + to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds)); + to.state32.set(this.state32); + to.pos = this.pos; + to.posOut = this.posOut; + to.finished = this.finished; + to.rounds = rounds; + // Suffix can change in cSHAKE + to.suffix = suffix; + to.outputLen = outputLen; + to.enableXOF = enableXOF; + to.destroyed = this.destroyed; + return to; + } +} +const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen)); +/** + * SHA3-256 hash function + * @param message - that would be hashed + */ +const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8); +const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8); +const genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true)); +const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n = BigInt(8); +// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex: +const VERIFY_DEFAULT = { zip215: true }; +function validateOpts$1(curve) { + const opts = validateBasic(curve); + validateObject(curve, { + hash: 'function', + a: 'bigint', + d: 'bigint', + randomBytes: 'function', + }, { + adjustScalarBytes: 'function', + domain: 'function', + uvRatio: 'function', + mapToCurve: 'function', + }); + // Set defaults + return Object.freeze({ ...opts }); +} +/** + * Creates Twisted Edwards curve with EdDSA signatures. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h + * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h }) + */ +function twistedEdwards(curveDef) { + const CURVE = validateOpts$1(curveDef); + const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE; + const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3); + const modP = Fp.create; // Function overrides + const Fn = Field(CURVE.n, CURVE.nBitLength); + // sqrt(u/v) + const uvRatio = CURVE.uvRatio || + ((u, v) => { + try { + return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) }; + } + catch (e) { + return { isValid: false, value: _0n$1 }; + } + }); + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP + const domain = CURVE.domain || + ((data, ctx, phflag) => { + abool('phflag', phflag); + if (ctx.length || phflag) + throw new Error('Contexts/pre-hash are not supported'); + return data; + }); // NOOP + // 0 <= n < MASK + // Coordinates larger than Fp.ORDER are allowed for zip215 + function aCoordinate(title, n) { + aInRange('coordinate ' + title, n, _0n$1, MASK); + } + function assertPoint(other) { + if (!(other instanceof Point)) + throw new Error('ExtendedPoint expected'); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + const toAffineMemo = memoized((p, iz) => { + const { ex: x, ey: y, ez: z } = p; + const is0 = p.is0(); + if (iz == null) + iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily + const ax = modP(x * iz); + const ay = modP(y * iz); + const zz = modP(z * iz); + if (is0) + return { x: _0n$1, y: _1n$3 }; + if (zz !== _1n$3) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + const assertValidMemo = memoized((p) => { + const { a, d } = CURVE; + if (p.is0()) + throw new Error('bad point: ZERO'); // TODO: optimize, with vars below? + // Equation in affine coordinates: ax² + y² = 1 + dx²y² + // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y² + const { ex: X, ey: Y, ez: Z, et: T } = p; + const X2 = modP(X * X); // X² + const Y2 = modP(Y * Y); // Y² + const Z2 = modP(Z * Z); // Z² + const Z4 = modP(Z2 * Z2); // Z⁴ + const aX2 = modP(X2 * a); // aX² + const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z² + const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y² + if (left !== right) + throw new Error('bad point: equation left != right (1)'); + // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T + const XY = modP(X * Y); + const ZT = modP(Z * T); + if (XY !== ZT) + throw new Error('bad point: equation left != right (2)'); + return true; + }); + // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy). + // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates + class Point { + constructor(ex, ey, ez, et) { + this.ex = ex; + this.ey = ey; + this.ez = ez; + this.et = et; + aCoordinate('x', ex); + aCoordinate('y', ey); + aCoordinate('z', ez); + aCoordinate('t', et); + Object.freeze(this); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + static fromAffine(p) { + if (p instanceof Point) + throw new Error('extended point not allowed'); + const { x, y } = p || {}; + aCoordinate('x', x); + aCoordinate('y', y); + return new Point(x, y, _1n$3, modP(x * y)); + } + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.ez)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // Not required for fromHex(), which always creates valid points. + // Could be useful for fromAffine(). + assertValidity() { + assertValidMemo(this); + } + // Compare one point to another. + equals(other) { + assertPoint(other); + const { ex: X1, ey: Y1, ez: Z1 } = this; + const { ex: X2, ey: Y2, ez: Z2 } = other; + const X1Z2 = modP(X1 * Z2); + const X2Z1 = modP(X2 * Z1); + const Y1Z2 = modP(Y1 * Z2); + const Y2Z1 = modP(Y2 * Z1); + return X1Z2 === X2Z1 && Y1Z2 === Y2Z1; + } + is0() { + return this.equals(Point.ZERO); + } + negate() { + // Flips point sign to a negative one (-x, y in affine coords) + return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et)); + } + // Fast algo for doubling Extended Point. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd + // Cost: 4M + 4S + 1*a + 6add + 1*2. + double() { + const { a } = CURVE; + const { ex: X1, ey: Y1, ez: Z1 } = this; + const A = modP(X1 * X1); // A = X12 + const B = modP(Y1 * Y1); // B = Y12 + const C = modP(_2n$2 * modP(Z1 * Z1)); // C = 2*Z12 + const D = modP(a * A); // D = a*A + const x1y1 = X1 + Y1; + const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B + const G = D + B; // G = D+B + const F = G - C; // F = G-C + const H = D - B; // H = D-B + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + // Fast algo for adding 2 Extended Points. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd + // Cost: 9M + 1*a + 1*d + 7add. + add(other) { + assertPoint(other); + const { a, d } = CURVE; + const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this; + const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other; + // Faster algo for adding 2 Extended Points when curve's a=-1. + // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4 + // Cost: 8M + 8add + 2*2. + // Note: It does not check whether the `other` point is valid. + if (a === BigInt(-1)) { + const A = modP((Y1 - X1) * (Y2 + X2)); + const B = modP((Y1 + X1) * (Y2 - X2)); + const F = modP(B - A); + if (F === _0n$1) + return this.double(); // Same point. Tests say it doesn't affect timing + const C = modP(Z1 * _2n$2 * T2); + const D = modP(T1 * _2n$2 * Z2); + const E = D + C; + const G = B + A; + const H = D - C; + const X3 = modP(E * F); + const Y3 = modP(G * H); + const T3 = modP(E * H); + const Z3 = modP(F * G); + return new Point(X3, Y3, Z3, T3); + } + const A = modP(X1 * X2); // A = X1*X2 + const B = modP(Y1 * Y2); // B = Y1*Y2 + const C = modP(T1 * d * T2); // C = T1*d*T2 + const D = modP(Z1 * Z2); // D = Z1*Z2 + const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B + const F = D - C; // F = D-C + const G = D + C; // G = D+C + const H = modP(B - a * A); // H = B-a*A + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + subtract(other) { + return this.add(other.negate()); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + // Constant-time multiplication. + multiply(scalar) { + const n = scalar; + aInRange('scalar', n, _1n$3, CURVE_ORDER); // 1 <= scalar < L + const { p, f } = this.wNAF(n); + return Point.normalizeZ([p, f])[0]; + } + // Non-constant-time multiplication. Uses double-and-add algorithm. + // It's faster, but should only be used when you don't care about + // an exposed private key e.g. sig verification. + // Does NOT allow scalars higher than CURVE.n. + multiplyUnsafe(scalar) { + const n = scalar; + aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L + if (n === _0n$1) + return I; + if (this.equals(I) || n === _1n$3) + return this; + if (this.equals(G)) + return this.wNAF(n).p; + return wnaf.unsafeLadder(this, n); + } + // Checks if point is of small order. + // If you add something to small order point, you will have "dirty" + // point with torsion component. + // Multiplies point by cofactor and checks if the result is 0. + isSmallOrder() { + return this.multiplyUnsafe(cofactor).is0(); + } + // Multiplies point by curve order and checks if the result is 0. + // Returns `false` is the point is dirty. + isTorsionFree() { + return wnaf.unsafeLadder(this, CURVE_ORDER).is0(); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + toAffine(iz) { + return toAffineMemo(this, iz); + } + clearCofactor() { + const { h: cofactor } = CURVE; + if (cofactor === _1n$3) + return this; + return this.multiplyUnsafe(cofactor); + } + // Converts hash string or Uint8Array to Point. + // Uses algo from RFC8032 5.1.3. + static fromHex(hex, zip215 = false) { + const { d, a } = CURVE; + const len = Fp.BYTES; + hex = ensureBytes('pointHex', hex, len); // copy hex to a new array + abool('zip215', zip215); + const normed = hex.slice(); // copy again, we'll manipulate it + const lastByte = hex[len - 1]; // select last byte + normed[len - 1] = lastByte & ~0x80; // clear last bit + const y = bytesToNumberLE(normed); + // RFC8032 prohibits >= p, but ZIP215 doesn't + // zip215=true: 0 <= y < MASK (2^256 for ed25519) + // zip215=false: 0 <= y < P (2^255-19 for ed25519) + const max = zip215 ? MASK : Fp.ORDER; + aInRange('pointHex.y', y, _0n$1, max); + // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case: + // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a) + const y2 = modP(y * y); // denominator is always non-0 mod p. + const u = modP(y2 - _1n$3); // u = y² - 1 + const v = modP(d * y2 - a); // v = d y² + 1. + let { isValid, value: x } = uvRatio(u, v); // √(u/v) + if (!isValid) + throw new Error('Point.fromHex: invalid y coordinate'); + const isXOdd = (x & _1n$3) === _1n$3; // There are 2 square roots. Use x_0 bit to select proper + const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit + if (!zip215 && x === _0n$1 && isLastByteOdd) + // if x=0 and x_0 = 1, fail + throw new Error('Point.fromHex: x=0 and x_0=1'); + if (isLastByteOdd !== isXOdd) + x = modP(-x); // if x_0 != x mod 2, set x = p-x + return Point.fromAffine({ x, y }); + } + static fromPrivateKey(privKey) { + return getExtendedPublicKey(privKey).point; + } + toRawBytes() { + const { x, y } = this.toAffine(); + const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y) + bytes[bytes.length - 1] |= x & _1n$3 ? 0x80 : 0; // when compressing, it's enough to store y + return bytes; // and use the last byte to encode sign of x + } + toHex() { + return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string. + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n$3, modP(CURVE.Gx * CURVE.Gy)); + Point.ZERO = new Point(_0n$1, _1n$3, _1n$3, _0n$1); // 0, 1, 1, 0 + const { BASE: G, ZERO: I } = Point; + const wnaf = wNAF(Point, nByteLength * 8); + function modN(a) { + return mod(a, CURVE_ORDER); + } + // Little-endian SHA512 with modulo n + function modN_LE(hash) { + return modN(bytesToNumberLE(hash)); + } + /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */ + function getExtendedPublicKey(key) { + const len = nByteLength; + key = ensureBytes('private key', key, len); + // Hash private key with curve's hash function to produce uniformingly random input + // Check byte lengths: ensure(64, h(ensure(32, key))) + const hashed = ensureBytes('hashed private key', cHash(key), 2 * len); + const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE + const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6) + const scalar = modN_LE(head); // The actual private scalar + const point = G.multiply(scalar); // Point on Edwards curve aka public key + const pointBytes = point.toRawBytes(); // Uint8Array representation + return { head, prefix, scalar, point, pointBytes }; + } + // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared + function getPublicKey(privKey) { + return getExtendedPublicKey(privKey).pointBytes; + } + // int('LE', SHA512(dom2(F, C) || msgs)) mod N + function hashDomainToScalar(context = new Uint8Array(), ...msgs) { + const msg = concatBytes(...msgs); + return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash))); + } + /** Signs message with privateKey. RFC8032 5.1.6 */ + function sign(msg, privKey, options = {}) { + msg = ensureBytes('message', msg); + if (prehash) + msg = prehash(msg); // for ed25519ph etc. + const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey); + const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M) + const R = G.multiply(r).toRawBytes(); // R = rG + const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M) + const s = modN(r + k * scalar); // S = (r + k * s) mod L + aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l + const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES)); + return ensureBytes('result', res, nByteLength * 2); // 64-byte signature + } + const verifyOpts = VERIFY_DEFAULT; + function verify(sig, msg, publicKey, options = verifyOpts) { + const { context, zip215 } = options; + const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7. + sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked. + msg = ensureBytes('message', msg); + if (zip215 !== undefined) + abool('zip215', zip215); + if (prehash) + msg = prehash(msg); // for ed25519ph, etc + const s = bytesToNumberLE(sig.slice(len, 2 * len)); + // zip215: true is good for consensus-critical apps and allows points < 2^256 + // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p + let A, R, SB; + try { + A = Point.fromHex(publicKey, zip215); + R = Point.fromHex(sig.slice(0, len), zip215); + SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside + } + catch (error) { + return false; + } + if (!zip215 && A.isSmallOrder()) + return false; + const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); + const RkA = R.add(A.multiplyUnsafe(k)); + // [8][S]B = [8]R + [8][k]A' + return RkA.subtract(SB).clearCofactor().equals(Point.ZERO); + } + G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms. + const utils = { + getExtendedPublicKey, + // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1. + randomPrivateKey: () => randomBytes(Fp.BYTES), + /** + * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT + * values. This slows down first getPublicKey() by milliseconds (see Speed section), + * but allows to speed-up subsequent getPublicKey() calls up to 20x. + * @param windowSize 2, 4, 8, 16 + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); + return point; + }, + }; + return { + CURVE, + getPublicKey, + sign, + verify, + ExtendedPoint: Point, + utils, + }; } -utils.cachedProperty = cachedProperty; -function parseBytes(bytes) { - return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') : - bytes; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const _0n = BigInt(0); +const _1n$2 = BigInt(1); +function validateOpts(curve) { + validateObject(curve, { + a: 'bigint', + }, { + montgomeryBits: 'isSafeInteger', + nByteLength: 'isSafeInteger', + adjustScalarBytes: 'function', + domain: 'function', + powPminus2: 'function', + Gu: 'bigint', + }); + // Set defaults + return Object.freeze({ ...curve }); +} +// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748) +// Uses only one coordinate instead of two +function montgomery(curveDef) { + const CURVE = validateOpts(curveDef); + const { P } = CURVE; + const modP = (n) => mod(n, P); + const montgomeryBits = CURVE.montgomeryBits; + const montgomeryBytes = Math.ceil(montgomeryBits / 8); + const fieldLen = CURVE.nByteLength; + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); + const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P)); + // cswap from RFC7748. But it is not from RFC7748! + /* + cswap(swap, x_2, x_3): + dummy = mask(swap) AND (x_2 XOR x_3) + x_2 = x_2 XOR dummy + x_3 = x_3 XOR dummy + Return (x_2, x_3) + Where mask(swap) is the all-1 or all-0 word of the same length as x_2 + and x_3, computed, e.g., as mask(swap) = 0 - swap. + */ + function cswap(swap, x_2, x_3) { + const dummy = modP(swap * (x_2 - x_3)); + x_2 = modP(x_2 - dummy); + x_3 = modP(x_3 + dummy); + return [x_2, x_3]; + } + // x25519 from 4 + // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 + const a24 = (CURVE.a - BigInt(2)) / BigInt(4); + /** + * + * @param pointU u coordinate (x) on Montgomery Curve 25519 + * @param scalar by which the point would be multiplied + * @returns new Point on Montgomery curve + */ + function montgomeryLadder(u, scalar) { + aInRange('u', u, _0n, P); + aInRange('scalar', scalar, _0n, P); + // Section 5: Implementations MUST accept non-canonical values and process them as + // if they had been reduced modulo the field prime. + const k = scalar; + const x_1 = u; + let x_2 = _1n$2; + let z_2 = _0n; + let x_3 = u; + let z_3 = _1n$2; + let swap = _0n; + let sw; + for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) { + const k_t = (k >> t) & _1n$2; + swap ^= k_t; + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + swap = k_t; + const A = x_2 + z_2; + const AA = modP(A * A); + const B = x_2 - z_2; + const BB = modP(B * B); + const E = AA - BB; + const C = x_3 + z_3; + const D = x_3 - z_3; + const DA = modP(D * A); + const CB = modP(C * B); + const dacb = DA + CB; + const da_cb = DA - CB; + x_3 = modP(dacb * dacb); + z_3 = modP(x_1 * modP(da_cb * da_cb)); + x_2 = modP(AA * BB); + z_2 = modP(E * (AA + modP(a24 * E))); + } + // (x_2, x_3) = cswap(swap, x_2, x_3) + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + // (z_2, z_3) = cswap(swap, z_2, z_3) + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + // z_2^(p - 2) + const z2 = powPminus2(z_2); + // Return x_2 * (z_2^(p - 2)) + return modP(x_2 * z2); + } + function encodeUCoordinate(u) { + return numberToBytesLE(modP(u), montgomeryBytes); + } + function decodeUCoordinate(uEnc) { + // Section 5: When receiving such an array, implementations of X25519 + // MUST mask the most significant bit in the final byte. + const u = ensureBytes('u coordinate', uEnc, montgomeryBytes); + if (fieldLen === 32) + u[31] &= 127; // 0b0111_1111 + return bytesToNumberLE(u); + } + function decodeScalar(n) { + const bytes = ensureBytes('scalar', n); + const len = bytes.length; + if (len !== montgomeryBytes && len !== fieldLen) + throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`); + return bytesToNumberLE(adjustScalarBytes(bytes)); + } + function scalarMult(scalar, u) { + const pointU = decodeUCoordinate(u); + const _scalar = decodeScalar(scalar); + const pu = montgomeryLadder(pointU, _scalar); + // The result was not contributory + // https://cr.yp.to/ecdh.html#validate + if (pu === _0n) + throw new Error('Invalid private or public key received'); + return encodeUCoordinate(pu); + } + // Computes public key from private. By doing scalar multiplication of base point. + const GuBytes = encodeUCoordinate(CURVE.Gu); + function scalarMultBase(scalar) { + return scalarMult(scalar, GuBytes); + } + return { + scalarMult, + scalarMultBase, + getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey), + getPublicKey: (privateKey) => scalarMultBase(privateKey), + utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) }, + GuBytes: GuBytes, + }; } -utils.parseBytes = parseBytes; -function intFromLE(bytes) { - return new bn(bytes, 'hex', 'le'); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +/** + * Edwards448 (not Ed448-Goldilocks) curve with following addons: + * - X448 ECDH + * - Decaf cofactor elimination + * - Elligator hash-to-group / point indistinguishability + * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2 + */ +const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); +const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); +const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); +// prettier-ignore +const _1n$1 = BigInt(1), _2n$1 = BigInt(2), _3n = BigInt(3); BigInt(4); const _11n = BigInt(11); +// prettier-ignore +const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223); +// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. +// Used for efficient square root calculation. +// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1] +function ed448_pow_Pminus3div4(x) { + const P = ed448P; + const b2 = (x * x * x) % P; + const b3 = (b2 * b2 * x) % P; + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n$1, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b222 = (pow2(b220, _2n$1, P) * b2) % P; + const b223 = (pow2(b222, _1n$1, P) * x) % P; + return (pow2(b223, _223n, P) * b222) % P; +} +function adjustScalarBytes(bytes) { + // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most + // significant bit of the last byte to 1. + bytes[0] &= 252; // 0b11111100 + // and the most significant bit of the last byte to 1. + bytes[55] |= 128; // 0b10000000 + // NOTE: is is NOOP for 56 bytes scalars (X25519/X448) + bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits) + return bytes; } -utils.intFromLE = intFromLE; +// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. +// Uses algo from RFC8032 5.1.3. +function uvRatio(u, v) { + const P = ed448P; + // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3 + // To compute the square root of (u/v), the first step is to compute the + // candidate root x = (u/v)^((p+1)/4). This can be done using the + // following trick, to use a single modular powering for both the + // inversion of v and the square root: + // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p) + const u2v = mod(u * u * v, P); // u²v + const u3v = mod(u2v * u, P); // u³v + const u5v3 = mod(u3v * u2v * v, P); // u⁵v³ + const root = ed448_pow_Pminus3div4(u5v3); + const x = mod(u3v * root, P); + // Verify that root is exists + const x2 = mod(x * x, P); // x² + // If vx² = u, the recovered x-coordinate is x. Otherwise, no + // square root exists, and the decoding fails. + return { isValid: mod(x2 * v, P) === u, value: x }; +} +const Fp$4 = Field(ed448P, 456, true); +const ED448_DEF = { + // Param: a + a: BigInt(1), + // -39081. Negative number is P - number + d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'), + // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n + Fp: Fp$4, + // Subgroup order: how many points curve has; + // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n + n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + nBitLength: 456, + // Cofactor + h: BigInt(4), + // Base point (x, y) aka generator point + Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'), + Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'), + // SHAKE256(dom4(phflag,context)||x, 114) + hash: shake256_114, + randomBytes, + adjustScalarBytes, + // dom4 + domain: (data, ctx, phflag) => { + if (ctx.length > 255) + throw new Error(`Context is too big: ${ctx.length}`); + return concatBytes$1(utf8ToBytes$1('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); + }, + uvRatio, +}; +const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF); +// NOTE: there is no ed448ctx, since ed448 supports ctx by default +/* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 }); +const x448 = /* @__PURE__ */ (() => montgomery({ + a: BigInt(156326), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + montgomeryBits: 448, + nByteLength: 56, + P: ed448P, + Gu: BigInt(5), + powPminus2: (x) => { + const P = ed448P; + const Pminus3div4 = ed448_pow_Pminus3div4(x); + const Pminus3 = pow2(Pminus3div4, BigInt(2), P); + return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 + }, + adjustScalarBytes, + randomBytes, +}))(); +// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version +// Hash To Curve Elligator2 Map +(Fp$4.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic +BigInt(156326); +// 1-d +BigInt('39082'); +// 1-2d +BigInt('78163'); +// √(-d) +BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214'); +// 1 / √(-d) +BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716'); +BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); +const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); +const _1n = BigInt(1); +const _2n = BigInt(2); +const divNearest = (a, b) => (a + b / _2n) / b; +/** + * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit. + * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00] + */ +function sqrtMod(y) { + const P = secp256k1P; + // prettier-ignore + const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22); + // prettier-ignore + const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88); + const b2 = (y * y * y) % P; // x^3, 11 + const b3 = (b2 * b2 * y) % P; // x^7 + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b223 = (pow2(b220, _3n, P) * b3) % P; + const t1 = (pow2(b223, _23n, P) * b22) % P; + const t2 = (pow2(t1, _6n, P) * b2) % P; + const root = pow2(t2, _2n, P); + if (!Fp$3.eql(Fp$3.sqr(root), y)) + throw new Error('Cannot find square root'); + return root; +} +const Fp$3 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod }); +/** + * secp256k1 short weierstrass curve and ECDSA signatures over it. + */ +const secp256k1 = createCurve({ + a: BigInt(0), // equation params: a, b + b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 + Fp: Fp$3, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n + n: secp256k1N, // Curve order, total count of valid points in the field + // Base point (x, y) aka generator point + Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'), + Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'), + h: BigInt(1), // Cofactor + lowS: true, // Allow only low-S signatures by default in sign() and verify() + /** + * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism. + * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%. + * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit. + * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066 + */ + endo: { + beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'), + splitScalar: (k) => { + const n = secp256k1N; + const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15'); + const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'); + const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'); + const b2 = a1; + const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16) + const c1 = divNearest(b2 * k, n); + const c2 = divNearest(-b1 * k, n); + let k1 = mod(k - c1 * a1 - c2 * a2, n); + let k2 = mod(-c1 * b1 - c2 * b2, n); + const k1neg = k1 > POW_2_128; + const k2neg = k2 > POW_2_128; + if (k1neg) + k1 = n - k1; + if (k2neg) + k2 = n - k2; + if (k1 > POW_2_128 || k2 > POW_2_128) { + throw new Error('splitScalar: Endomorphism failed, k=' + k); + } + return { k1neg, k1, k2neg, k2 }; + }, + }, +}, sha256); +// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code. +// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki +BigInt(0); +secp256k1.ProjectivePoint; + +// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4 +// eslint-disable-next-line new-cap +const Fp$2 = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377')); +const CURVE_A$2 = Fp$2.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9')); +const CURVE_B$2 = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'); +// prettier-ignore +const brainpoolP256r1 = createCurve({ + a: CURVE_A$2, // Equation params: a, b + b: CURVE_B$2, + Fp: Fp$2, + // Curve order (q), total count of valid points in the field + n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'), + // Base (generator) point (x, y) + Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'), + Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'), + h: BigInt(1), + lowS: false +}, sha256); + +// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6 +// eslint-disable-next-line new-cap +const Fp$1 = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53')); +const CURVE_A$1 = Fp$1.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826')); +const CURVE_B$1 = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'); +// prettier-ignore +const brainpoolP384r1 = createCurve({ + a: CURVE_A$1, // Equation params: a, b + b: CURVE_B$1, + Fp: Fp$1, + // Curve order (q), total count of valid points in the field + n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'), + // Base (generator) point (x, y) + Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'), + Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'), + h: BigInt(1), + lowS: false +}, sha384); + +// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7 +// eslint-disable-next-line new-cap +const Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3')); +const CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca')); +const CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'); +// prettier-ignore +const brainpoolP512r1 = createCurve({ + a: CURVE_A, // Equation params: a, b + b: CURVE_B, + Fp, + // Curve order (q), total count of valid points in the field + n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'), + // Base (generator) point (x, y) + Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'), + Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'), + h: BigInt(1), + lowS: false +}, sha512); + +/** + * This file is needed to dynamic import the noble-curves. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleCurves = new Map(Object.entries({ + nistP256: p256, + nistP384: p384, + nistP521: p521, + brainpoolP256r1, + brainpoolP384r1, + brainpoolP512r1, + secp256k1, + x448, + ed448 +})); + +var noble_curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleCurves: nobleCurves }); -var r$1; - -var brorand = function rand(len) { - if (!r$1) - r$1 = new Rand(null); - - return r$1.generate(len); -}; - -function Rand(rand) { - this.rand = rand; -} -var Rand_1 = Rand; +//Paul Tero, July 2001 +//http://www.tero.co.uk/des/ +// +//Optimised for performance with large blocks by Michael Hayworth, November 2001 +//http://www.netdealing.com +// +// Modified by Recurity Labs GmbH -Rand.prototype.generate = function generate(len) { - return this._rand(len); -}; +//THIS SOFTWARE IS PROVIDED "AS IS" AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. -// Emulate crypto API using randy -Rand.prototype._rand = function _rand(n) { - if (this.rand.getBytes) - return this.rand.getBytes(n); +//des +//this takes the key, the message, and whether to encrypt or decrypt - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; -}; +function des(keys, message, encrypt, mode, iv, padding) { + //declaring this locally speeds things up a bit + const spfunction1 = [ + 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, + 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, + 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, + 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, + 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, + 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 + ]; + const spfunction2 = [ + -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, + -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, + -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, + -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, + -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, + 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, + -0x7fef7fe0, 0x108000 + ]; + const spfunction3 = [ + 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, + 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, + 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, + 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, + 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, + 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 + ]; + const spfunction4 = [ + 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, + 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, + 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, + 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, + 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 + ]; + const spfunction5 = [ + 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, + 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, + 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, + 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, + 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, + 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, + 0x40080000, 0x2080100, 0x40000100 + ]; + const spfunction6 = [ + 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, + 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, + 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, + 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, + 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, + 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 + ]; + const spfunction7 = [ + 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, + 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, + 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, + 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, + 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, + 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 + ]; + const spfunction8 = [ + 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, + 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, + 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, + 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, + 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 + ]; -if (typeof self === 'object') { - if (self.crypto && self.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.crypto.getRandomValues(arr); - return arr; - }; - } else if (self.msCrypto && self.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.msCrypto.getRandomValues(arr); - return arr; - }; + //create the 16 or 48 subkeys we will need + let m = 0; + let i; + let j; + let temp; + let right1; + let right2; + let left; + let right; + let looping; + let endloop; + let loopinc; + let len = message.length; - // Safari's WebWorkers do not have `crypto` - } else if (typeof window === 'object') { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; + //set up the loops for single and triple des + const iterations = keys.length === 32 ? 3 : 9; //single or triple des + if (iterations === 3) { + looping = encrypt ? [0, 32, 2] : [30, -2, -2]; + } else { + looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; } -} else { - // Node.js or Web worker with no crypto support - try { - var crypto$2 = crypto$3; - if (typeof crypto$2.randomBytes !== 'function') - throw new Error('Not supported'); - Rand.prototype._rand = function _rand(n) { - return crypto$2.randomBytes(n); - }; - } catch (e) { + //pad the message depending on the padding parameter + //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt + if (encrypt) { + message = desAddPadding(message); + len = message.length; } -} -brorand.Rand = Rand_1; -var getNAF = utils_1$1.getNAF; -var getJSF = utils_1$1.getJSF; -var assert$2 = utils_1$1.assert; + //store the result here + let result = new Uint8Array(len); + let k = 0; -function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); + //loop through each 64 bit chunk of the message + while (m < len) { + left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); + //first each 64 but chunk of the message must be permuted according to IP + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); + left = ((left << 1) | (left >>> 31)); + right = ((right << 1) | (right >>> 31)); - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); + //do this either 1 or 3 times for each chunk of the message + for (j = 0; j < iterations; j += 3) { + endloop = looping[j + 1]; + loopinc = looping[j + 2]; + //now go through and perform the encryption or decryption + for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency + right1 = right ^ keys[i]; + right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; + //the result is attained by passing these bytes through the S selection functions + temp = left; + left = right; + right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> + 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & + 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); + } + temp = left; + left = right; + right = temp; //unreverse left and right + } //for either 1 or 3 iterations - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); + //move then each one bit to the right + left = ((left >>> 1) | (left << 31)); + right = ((right >>> 1) | (right << 31)); - // Generalized Greg Maxwell's trick - var adjustCount = this.n && this.p.div(this.n); - if (!adjustCount || adjustCount.cmpn(100) > 0) { - this.redN = null; - } else { - this._maxwellTrick = true; - this.redN = this.n.toRed(this.red); - } -} -var base = BaseCurve; + //now perform IP-1, which is IP in the opposite direction + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); -BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); -}; + result[k++] = (left >>> 24); + result[k++] = ((left >>> 16) & 0xff); + result[k++] = ((left >>> 8) & 0xff); + result[k++] = (left & 0xff); + result[k++] = (right >>> 24); + result[k++] = ((right >>> 16) & 0xff); + result[k++] = ((right >>> 8) & 0xff); + result[k++] = (right & 0xff); + } //for every 8 characters, or 64 bits in the message -BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); -}; + //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt + if (!encrypt) { + result = desRemovePadding(result); + } -BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - assert$2(p.precomputed); - var doubles = p._getDoubles(); + return result; +} //end of des - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); - } +//desCreateKeys +//this takes as input a 64 bit key (even though only 56 bits are used) +//as an array of 2 integers, and returns 16 48 bit keys - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); - } - a = a.add(b); - } - return a.toP(); -}; +function desCreateKeys(key) { + //declaring this locally speeds things up a bit + const pc2bytes0 = [ + 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, + 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 + ]; + const pc2bytes1 = [ + 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, + 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 + ]; + const pc2bytes2 = [ + 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, + 0x1000000, 0x1000008, 0x1000800, 0x1000808 + ]; + const pc2bytes3 = [ + 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, + 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 + ]; + const pc2bytes4 = [ + 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, + 0x41000, 0x1010, 0x41010 + ]; + const pc2bytes5 = [ + 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, + 0x2000000, 0x2000400, 0x2000020, 0x2000420 + ]; + const pc2bytes6 = [ + 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, + 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 + ]; + const pc2bytes7 = [ + 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, + 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 + ]; + const pc2bytes8 = [ + 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, + 0x2000002, 0x2040002, 0x2000002, 0x2040002 + ]; + const pc2bytes9 = [ + 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, + 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 + ]; + const pc2bytes10 = [ + 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, + 0x102000, 0x102020, 0x102000, 0x102020 + ]; + const pc2bytes11 = [ + 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, + 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 + ]; + const pc2bytes12 = [ + 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, + 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 + ]; + const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; -BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; + //how many iterations (1 for des, 3 for triple des) + const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys + //stores the return keys + const keys = new Array(32 * iterations); + //now define the left shifts which need to be done + const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + //other variables + let lefttemp; + let righttemp; + let m = 0; + let n = 0; + let temp; - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; + for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations + let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - // Get NAF form - var naf = getNAF(k, w); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 2) ^ right) & 0x33333333; + right ^= temp; + left ^= (temp << 2); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); + //the right side needs to be shifted and to get the last four bits of the left side + temp = (left << 8) | ((right >>> 20) & 0x000000f0); + //left needs to be put upside down + left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); + right = temp; - if (i < 0) - break; - var z = naf[i]; - assert$2(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } - } - return p.type === 'affine' ? acc.toP() : acc; -}; + //now go through and perform these shifts on the left and right keys + for (let i = 0; i < shifts.length; i++) { + //shift the keys either one or two bits to the left + if (shifts[i]) { + left = (left << 2) | (left >>> 26); + right = (right << 2) | (right >>> 26); + } else { + left = (left << 1) | (left >>> 27); + right = (right << 1) | (right >>> 27); + } + left &= -0xf; + right &= -0xf; -BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len, - jacobianResult) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; - - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; - } - - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; + //now apply PC-2, in such a way that E is easier when encrypting or decrypting + //this conversion will look like PC-2 except only the last 6 bits of each byte are used + //rather than 48 consecutive bits and the order of lines will be according to + //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 + lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( + left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & + 0xf]; + righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | + pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | + pc2bytes13[(right >>> 4) & 0xf]; + temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; + keys[n++] = lefttemp ^ temp; + keys[n++] = righttemp ^ (temp << 16); } + } //for each iterations + //return the keys we've created + return keys; +} //end of desCreateKeys - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; - - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } - - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; +function desAddPadding(message, padding) { + const padLength = 8 - (message.length % 8); - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } + let pad; + if ((padLength < 8)) { //pad the message out with null bytes + pad = 0; + } else if (padLength === 8) { + return message; + } else { + throw new Error('des: invalid padding'); } - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; + const paddedMessage = new Uint8Array(message.length + padLength); + for (let i = 0; i < message.length; i++) { + paddedMessage[i] = message[i]; + } + for (let j = 0; j < padLength; j++) { + paddedMessage[message.length + j] = pad; + } - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; + return paddedMessage; +} - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); +function desRemovePadding(message, padding) { + let padLength = null; + let pad; + { // null padding + pad = 0; + } - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); + if (!padLength) { + padLength = 1; + while (message[message.length - padLength] === pad) { + padLength++; } + padLength--; } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - - if (jacobianResult) - return acc; - else - return acc.toP(); -}; -function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; + return message.subarray(0, message.length - padLength); } -BaseCurve.BasePoint = BasePoint; - -BasePoint.prototype.eq = function eq(/*other*/) { - throw new Error('Not implemented'); -}; -BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); -}; - -BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - bytes = utils_1$1.toArray(bytes, enc); - - var len = this.p.byteLength(); - - // uncompressed, hybrid-odd, hybrid-even - if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) && - bytes.length - 1 === 2 * len) { - if (bytes[0] === 0x06) - assert$2(bytes[bytes.length - 1] % 2 === 0); - else if (bytes[0] === 0x07) - assert$2(bytes[bytes.length - 1] % 2 === 1); +// added by Recurity Labs - var res = this.point(bytes.slice(1, 1 + len), - bytes.slice(1 + len, 1 + 2 * len)); +function TripleDES(key) { + this.key = []; - return res; - } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) && - bytes.length - 1 === len) { - return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03); + for (let i = 0; i < 3; i++) { + this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); } - throw new Error('Unknown point format'); -}; - -BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) { - return this.encode(enc, true); -}; - -BasePoint.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - var x = this.getX().toArray('be', len); - - if (compact) - return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); - - return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; -}; - -BasePoint.prototype.encode = function encode(enc, compact) { - return utils_1$1.encode(this._encode(compact), enc); -}; - -BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; - var precomputed = { - doubles: null, - naf: null, - beta: null + this.encrypt = function(block) { + return des( + desCreateKeys(this.key[2]), + des( + desCreateKeys(this.key[1]), + des( + desCreateKeys(this.key[0]), + block, true, 0, null, null + ), + false, 0, null, null + ), true); }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; - - return this; -}; - -BasePoint.prototype._hasDoubles = function _hasDoubles(k) { - if (!this.precomputed) - return false; - - var doubles = this.precomputed.doubles; - if (!doubles) - return false; - - return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); -}; - -BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; +} - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; -}; +TripleDES.keySize = TripleDES.prototype.keySize = 24; +TripleDES.blockSize = TripleDES.prototype.blockSize = 8; -BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; -}; +// Copyright 2010 pjacobs@xeekr.com . All rights reserved. -BasePoint.prototype._getBeta = function _getBeta() { - return null; -}; +// Modified by Recurity Labs GmbH -BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; -}; +// fixed/modified by Herbert Hanewinkel, www.haneWIN.de +// check www.haneWIN.de for the latest version -var assert$3 = utils_1$1.assert; +// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. +// CAST-128 is a common OpenPGP cipher. -function ShortCurve(conf) { - base.call(this, 'short', conf); - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); +// CAST5 constructor - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; +function OpenPGPSymEncCAST5() { + this.BlockSize = 8; + this.KeySize = 16; - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); -} -inherits(ShortCurve, base); -var short_1 = ShortCurve; + this.setKey = function(key) { + this.masking = new Array(16); + this.rotate = new Array(16); -ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; + this.reset(); - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; + if (key.length === this.KeySize) { + this.keySchedule(key); } else { - lambda = lambdas[1]; - assert$3(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); + throw new Error('CAST-128: keys must be 16 bytes'); } - } - - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); - } else { - basis = this._getEndoBasis(lambda); - } - - return { - beta: beta, - lambda: lambda, - basis: basis + return true; }; -}; -ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); - - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; -}; - -ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2)); - - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); - - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; - - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); - - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; + this.reset = function() { + for (let i = 0; i < 16; i++) { + this.masking[i] = 0; + this.rotate[i] = 0; } - prevR = r; - - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; - } - a2 = r.neg(); - b2 = x; - - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; - } - - // Normalize signs - if (a1.negative) { - a1 = a1.neg(); - b1 = b1.neg(); - } - if (a2.negative) { - a2 = a2.neg(); - b2 = b2.neg(); - } - - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; -}; - -ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); - - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; -}; - -ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; + }; -ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; + this.getBlockSize = function() { + return this.BlockSize; + }; - var x = point.x; - var y = point.y; + this.encrypt = function(src) { + const dst = new Array(src.length); - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; -}; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; -ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs, jacobianResult) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; - if (split.k1.negative) { - split.k1.ineg(); - p = p.neg(true); - } - if (split.k2.negative) { - split.k2.ineg(); - beta = beta.neg(true); - } + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; - } - return res; -}; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; -function Point(curve, x, y, isRed) { - base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >>> 16) & 255; + dst[i + 6] = (l >>> 8) & 255; + dst[i + 7] = l & 255; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; - } -} -inherits(Point, base.BasePoint); - -ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); -}; - -ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); -}; -Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; + return dst; + }; - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; + this.decrypt = function(src) { + const dst = new Array(src.length); - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; -}; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; -Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; -}; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; -Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); - } + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >> 16) & 255; + dst[i + 6] = (l >> 8) & 255; + dst[i + 7] = l & 255; } - }; - return res; -}; -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + return dst; + }; + const scheduleA = new Array(4); -Point.prototype.isInfinity = function isInfinity() { - return this.inf; -}; + scheduleA[0] = new Array(4); + scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; + scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; -Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; + scheduleA[1] = new Array(4); + scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + O = P - if (p.inf) - return this; + scheduleA[2] = new Array(4); + scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; + scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); + scheduleA[3] = new Array(4); + scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); + const scheduleB = new Array(4); - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; + scheduleB[0] = new Array(4); + scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; + scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; + scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; + scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; -Point.prototype.dbl = function dbl() { - if (this.inf) - return this; + scheduleB[1] = new Array(4); + scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; + scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; + scheduleB[1][2] = [7, 6, 8, 9, 3]; + scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - var a = this.curve.a; + scheduleB[2] = new Array(4); + scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; + scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; + scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; + scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; + scheduleB[3] = new Array(4); + scheduleB[3][0] = [8, 9, 7, 6, 3]; + scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; + scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; + scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; -Point.prototype.getX = function getX() { - return this.x.fromRed(); -}; + // changed 'in' to 'inn' (in javascript 'in' is a reserved word) + this.keySchedule = function(inn) { + const t = new Array(8); + const k = new Array(32); -Point.prototype.getY = function getY() { - return this.y.fromRed(); -}; + let j; -Point.prototype.mul = function mul(k) { - k = new bn(k, 16); - if (this.isInfinity()) - return this; - else if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); -}; + for (let i = 0; i < 4; i++) { + j = i * 4; + t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + } -Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); -}; + const x = [6, 7, 4, 5]; + let ki = 0; + let w; -Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs, true); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2, true); -}; + for (let half = 0; half < 2; half++) { + for (let round = 0; round < 4; round++) { + for (j = 0; j < 4; j++) { + const a = scheduleA[round][j]; + w = t[a[1]]; -Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); -}; + w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; + w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; + w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; + w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; + w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; + t[a[0]] = w; + } -Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; + for (j = 0; j < 4; j++) { + const b = scheduleB[round][j]; + w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) + w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; + w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; + w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; + w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; + k[ki] = w; + ki++; + } } - }; - } - return res; -}; + } -Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); + for (let i = 0; i < 16; i++) { + this.masking[i] = k[i]; + this.rotate[i] = k[16 + i] & 0x1f; + } + }; - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; -}; + // These are the three 'f' functions. See RFC 2144, section 2.2. -function JPoint(curve, x, y, z) { - base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); + function f1(d, m, r) { + const t = m + d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - - this.zOne = this.z === this.curve.one; -} -inherits(JPoint, base.BasePoint); - -ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); -}; - -JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); - - return this.curve.point(ax, ay); -}; - -JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); -}; - -JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; - // P + O = P - if (p.isInfinity()) - return this; + function f2(d, m, r) { + const t = m ^ d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; + } - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); + function f3(d, m, r) { + const t = m - d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; } - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + const sBox = new Array(8); + sBox[0] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf + ]; + + sBox[1] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 + ]; - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); + sBox[2] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 + ]; - return this.curve.jpoint(nx, ny, nz); -}; + sBox[3] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 + ]; -JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); + sBox[4] = [ + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 + ]; - // P + O = P - if (p.isInfinity()) - return this; + sBox[5] = [ + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f + ]; - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } + sBox[6] = [ + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 + ]; - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + sBox[7] = [ + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e + ]; +} - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); +function CAST5(key) { + this.cast5 = new OpenPGPSymEncCAST5(); + this.cast5.setKey(key); - return this.curve.jpoint(nx, ny, nz); -}; + this.encrypt = function(block) { + return this.cast5.encrypt(block); + }; +} -JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); +CAST5.blockSize = CAST5.prototype.blockSize = 8; +CAST5.keySize = CAST5.prototype.keySize = 16; - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; - } +/* eslint-disable no-mixed-operators, no-fallthrough */ - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); +/* Modified by Recurity Labs GmbH + * + * Cipher.js + * A block-cipher algorithm implementation on JavaScript + * See Cipher.readme.txt for further information. + * + * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] + * This script file is distributed under the LGPL + * + * ACKNOWLEDGMENT + * + * The main subroutines are written by Michiel van Everdingen. + * + * Michiel van Everdingen + * http://home.versatel.nl/MAvanEverdingen/index.html + * + * All rights for these routines are reserved to Michiel van Everdingen. + * + */ - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//Math +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); +const MAXINT = 0xFFFFFFFF; - jx = nx; - jz = nz; - jyd = dny; - } +function rotw(w, n) { + return (w << n | w >>> (32 - n)) & MAXINT; +} - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); -}; +function getW(a, i) { + return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +} -JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; +function setW(a, i, w) { + a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +} - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); -}; +function getB(x, n) { + return (x >>> (n * 8)) & 0xFF; +} -JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); - - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); - - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); - - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } - - return this.curve.jpoint(nx, ny, nz); -}; +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// Twofish +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); -}; +function createTwofish() { + // + let keyBytes = null; + let dataBytes = null; + let dataOffset = -1; + // var dataLength = -1; + // var idx2 = -1; + // -JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; + let tfsKey = []; + let tfsM = [ + [], + [], + [], + [] + ]; - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); + function tfsInit(key) { + keyBytes = key; + let i; + let a; + let b; + let c; + let d; + const meKey = []; + const moKey = []; + const inKey = []; + let kLen; + const sKey = []; + let f01; + let f5b; + let fef; - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); + const q0 = [ + [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], + [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] + ]; + const q1 = [ + [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], + [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] + ]; + const q2 = [ + [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], + [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] + ]; + const q3 = [ + [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], + [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] + ]; + const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; + const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; + const q = [ + [], + [] + ]; + const m = [ + [], + [], + [], + [] + ]; - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); + function ffm5b(x) { + return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + } - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); + function ffmEf(x) { + return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + } - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); + function mdsRem(p, q) { + let i; + let t; + let u; + for (i = 0; i < 8; i++) { + t = q >>> 24; + q = ((q << 8) & MAXINT) | p >>> 24; + p = (p << 8) & MAXINT; + u = t << 1; + if (t & 128) { + u ^= 333; + } + q ^= t ^ (u << 16); + u ^= t >>> 1; + if (t & 1) { + u ^= 166; + } + q ^= u << 24 | u << 8; + } + return q; + } - return this.curve.jpoint(nx, ny, nz); -}; + function qp(n, x) { + const a = x >> 4; + const b = x & 15; + const c = q0[n][a ^ b]; + const d = q1[n][ror4[b] ^ ashx[a]]; + return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; + } -JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); - - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); - - return this.curve.jpoint(nx, ny, nz); -}; + function hFun(x, key) { + let a = getB(x, 0); + let b = getB(x, 1); + let c = getB(x, 2); + let d = getB(x, 3); + switch (kLen) { + case 4: + a = q[1][a] ^ getB(key[3], 0); + b = q[0][b] ^ getB(key[3], 1); + c = q[0][c] ^ getB(key[3], 2); + d = q[1][d] ^ getB(key[3], 3); + case 3: + a = q[1][a] ^ getB(key[2], 0); + b = q[1][b] ^ getB(key[2], 1); + c = q[0][c] ^ getB(key[2], 2); + d = q[0][d] ^ getB(key[2], 3); + case 2: + a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); + b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); + c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); + d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); + } + return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; + } -JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); + keyBytes = keyBytes.slice(0, 32); + i = keyBytes.length; + while (i !== 16 && i !== 24 && i !== 32) { + keyBytes[i++] = 0; + } - return this.curve._wnafMul(this, k); -}; + for (i = 0; i < keyBytes.length; i += 4) { + inKey[i >> 2] = getW(keyBytes, i); + } + for (i = 0; i < 256; i++) { + q[0][i] = qp(0, i); + q[1][i] = qp(1, i); + } + for (i = 0; i < 256; i++) { + f01 = q[1][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); + m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); + f01 = q[0][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); + m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); + } -JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); + kLen = inKey.length / 2; + for (i = 0; i < kLen; i++) { + a = inKey[i + i]; + meKey[i] = a; + b = inKey[i + i + 1]; + moKey[i] = b; + sKey[kLen - i - 1] = mdsRem(a, b); + } + for (i = 0; i < 40; i += 2) { + a = 0x1010101 * i; + b = a + 0x1010101; + a = hFun(a, meKey); + b = rotw(hFun(b, moKey), 8); + tfsKey[i] = (a + b) & MAXINT; + tfsKey[i + 1] = rotw(a + 2 * b, 9); + } + for (i = 0; i < 256; i++) { + a = b = c = d = i; + switch (kLen) { + case 4: + a = q[1][a] ^ getB(sKey[3], 0); + b = q[0][b] ^ getB(sKey[3], 1); + c = q[0][c] ^ getB(sKey[3], 2); + d = q[1][d] ^ getB(sKey[3], 3); + case 3: + a = q[1][a] ^ getB(sKey[2], 0); + b = q[1][b] ^ getB(sKey[2], 1); + c = q[0][c] ^ getB(sKey[2], 2); + d = q[0][d] ^ getB(sKey[2], 3); + case 2: + tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; + tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; + tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; + tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + } + } + } - if (this === p) - return true; + function tfsG0(x) { + return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; + } - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; + function tfsG1(x) { + return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; + } - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; -}; + function tfsFrnd(r, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); + blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); + blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + } -JPoint.prototype.eqXToP = function eqXToP(x) { - var zs = this.z.redSqr(); - var rx = x.toRed(this.curve.red).redMul(zs); - if (this.x.cmp(rx) === 0) - return true; + function tfsIrnd(i, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; + blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; + blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + } - var xc = x.clone(); - var t = this.curve.redN.redMul(zs); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; + function tfsClose() { + tfsKey = []; + tfsM = [ + [], + [], + [], + [] + ]; + } - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; + function tfsEncrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], + getW(dataBytes, dataOffset + 4) ^ tfsKey[1], + getW(dataBytes, dataOffset + 8) ^ tfsKey[2], + getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; + for (let j = 0; j < 8; j++) { + tfsFrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); + dataOffset += 16; + return dataBytes; } -}; -JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + function tfsDecrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], + getW(dataBytes, dataOffset + 4) ^ tfsKey[5], + getW(dataBytes, dataOffset + 8) ^ tfsKey[6], + getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; + for (let j = 7; j >= 0; j--) { + tfsIrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); + dataOffset += 16; + } -JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; + // added by Recurity Labs -function MontCurve(conf) { - base.call(this, 'mont', conf); + function tfsFinal() { + return dataBytes; + } - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - // Note: this implementation is according to the original paper - // by P. Montgomery, NOT the one by D. J. Bernstein. - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); + return { + name: 'twofish', + blocksize: 128 / 8, + open: tfsInit, + close: tfsClose, + encrypt: tfsEncrypt, + decrypt: tfsDecrypt, + // added by Recurity Labs + finalize: tfsFinal + }; } -inherits(MontCurve, base); -var mont = MontCurve; -MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); +// added by Recurity Labs - return y.redSqr().cmp(rhs) === 0; -}; +function TF(key) { + this.tf = createTwofish(); + this.tf.open(Array.from(key), 0); -function Point$1(curve, x, z) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } + this.encrypt = function(block) { + return this.tf.encrypt(Array.from(block), 0); + }; } -inherits(Point$1, base.BasePoint); - -MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - var bytes = utils_1$1.toArray(bytes, enc); - - // TODO Curve448 - // Montgomery curve points must be represented in the compressed format - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (bytes.length === 33 && bytes[0] === 0x40) - bytes = bytes.slice(1, 33).reverse(); // point must be little-endian - if (bytes.length !== 32) - throw new Error('Unknown point compression format'); - return this.point(bytes, 1); -}; - -MontCurve.prototype.point = function point(x, z) { - return new Point$1(this, x, z); -}; - -MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$1.fromJSON(this, obj); -}; - -Point$1.prototype.precompute = function precompute() { - // No-op -}; - -Point$1.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - - // Note: the output should always be little-endian - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (compact) { - return [ 0x40 ].concat(this.getX().toArray('le', len)); - } else { - return this.getX().toArray('be', len); - } -}; - -Point$1.fromJSON = function fromJSON(curve, obj) { - return new Point$1(curve, obj[0], obj[1] || curve.one); -}; - -Point$1.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; -Point$1.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; +TF.keySize = TF.prototype.keySize = 32; +TF.blockSize = TF.prototype.blockSize = 16; -Point$1.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A - - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); -}; +/* Modified by Recurity Labs GmbH + * + * Originally written by nklein software (nklein.com) + */ -Point$1.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); -}; +/* + * Javascript implementation based on Bruce Schneier's reference implementation. + * + * + * The constructor doesn't do much of anything. It's just here + * so we can start defining properties and methods and such. + */ +function Blowfish() {} -Point$1.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A - - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); -}; +/* + * Declare the block size so that protocols know what size + * Initialization Vector (IV) they will need. + */ +Blowfish.prototype.BLOCKSIZE = 8; -Point$1.prototype.mul = function mul(k) { - k = new bn(k, 16); +/* + * These are the default SBOXES. + */ +Blowfish.prototype.SBOXES = [ + [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + ], + [ + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + ], + [ + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + ], + [ + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ] +]; - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q +//* +//* This is the default PARRAY +//* +Blowfish.prototype.PARRAY = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b +]; - for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1)) - bits.push(t.andln(1)); +//* +//* This is the number of rounds the cipher will go +//* +Blowfish.prototype.NN = 16; - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); - } +//* +//* This function is needed to get rid of problems +//* with the high-bit getting set. If we don't do +//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not +//* equal to ( bb & 0x00FFFFFFFF ) even when they +//* agree bit-for-bit for the first 32 bits. +//* +Blowfish.prototype._clean = function(xx) { + if (xx < 0) { + const yy = xx & 0x7FFFFFFF; + xx = yy + 0x80000000; } - return b; -}; - -Point$1.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.jumlAdd = function jumlAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.eq = function eq(other) { - return this.getX().cmp(other.getX()) === 0; -}; - -Point$1.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; -}; - -Point$1.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); - - return this.x.fromRed(); + return xx; }; -var assert$4 = utils_1$1.assert; - -function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - - base.call(this, 'edwards', conf); - - this.a = new bn(conf.a, 16).umod(this.red.m); - this.a = this.a.toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); +//* +//* This is the mixing function that uses the sboxes +//* +Blowfish.prototype._F = function(xx) { + let yy; - assert$4(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; -} -inherits(EdwardsCurve, base); -var edwards = EdwardsCurve; + const dd = xx & 0x00FF; + xx >>>= 8; + const cc = xx & 0x00FF; + xx >>>= 8; + const bb = xx & 0x00FF; + xx >>>= 8; + const aa = xx & 0x00FF; -EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); -}; + yy = this.sboxes[0][aa] + this.sboxes[1][bb]; + yy ^= this.sboxes[2][cc]; + yy += this.sboxes[3][dd]; -EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); + return yy; }; -// Just for compatibility with Short curve -EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); -}; +//* +//* This method takes an array with two values, left and right +//* and does NN rounds of Blowfish on them. +//* +Blowfish.prototype._encryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; -EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); + let ii; - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); + for (ii = 0; ii < this.NN; ++ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; - var y2 = rhs.redMul(lhs.redInvm()); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); + dataL ^= this.parray[this.NN + 0]; + dataR ^= this.parray[this.NN + 1]; - return this.point(x, y); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; -EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) { - y = new bn(y, 16); - if (!y.red) - y = y.toRed(this.red); - - // x^2 = (y^2 - c^2) / (c^2 d y^2 - a) - var y2 = y.redSqr(); - var lhs = y2.redSub(this.c2); - var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a); - var x2 = lhs.redMul(rhs.redInvm()); - - if (x2.cmp(this.zero) === 0) { - if (odd) - throw new Error('invalid point'); - else - return this.point(this.zero, y); +//* +//* This method takes a vector of numbers and turns them +//* into long words so that they can be processed by the +//* real algorithm. +//* +//* Maybe I should make the real algorithm above take a vector +//* instead. That will involve more looping, but it won't require +//* the F() method to deconstruct the vector. +//* +Blowfish.prototype.encryptBlock = function(vector) { + let ii; + const vals = [0, 0]; + const off = this.BLOCKSIZE / 2; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); + vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); } - var x = x2.redSqrt(); - if (x.redSqr().redSub(x2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + this._encryptBlock(vals); - if (x.fromRed().isOdd() !== odd) - x = x.redNeg(); + const ret = []; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); + ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); + // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); + // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + } - return this.point(x, y); + return ret; }; -EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; - - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); - - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - - return lhs.cmp(rhs) === 0; -}; +//* +//* This method takes an array with two values, left and right +//* and undoes NN rounds of Blowfish on them. +//* +Blowfish.prototype._decryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; -function Point$2(curve, x, y, z, t) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; - - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } -} -inherits(Point$2, base.BasePoint); - -EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$2.fromJSON(this, obj); -}; + let ii; -EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point$2(this, x, y, z, t); -}; + for (ii = this.NN + 1; ii > 1; --ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; -Point$2.fromJSON = function fromJSON(curve, obj) { - return new Point$2(curve, obj[0], obj[1], obj[2]); -}; + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } -Point$2.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + dataL ^= this.parray[1]; + dataR ^= this.parray[0]; -Point$2.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - (this.y.cmp(this.z) === 0 || - (this.zOne && this.y.cmp(this.curve.c) === 0)); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; -Point$2.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; +//* +//* This method takes a key array and initializes the +//* sboxes and parray for this encryption. +//* +Blowfish.prototype.init = function(key) { + let ii; + let jj = 0; -Point$2.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S - - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); - - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); + this.parray = []; + for (ii = 0; ii < this.NN + 2; ++ii) { + let data = 0x00000000; + for (let kk = 0; kk < 4; ++kk) { + data = (data << 8) | (key[jj] & 0x00FF); + if (++jj >= key.length) { + jj = 0; + } } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.z).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); -}; - -Point$2.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M - - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); + this.parray[ii] = this.PARRAY[ii] ^ data; } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); -}; + this.sboxes = []; + for (ii = 0; ii < 4; ++ii) { + this.sboxes[ii] = []; + for (jj = 0; jj < 256; ++jj) { + this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + } + } -Point$2.prototype.mul = function mul(k) { - if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); -}; + const vals = [0x00000000, 0x00000000]; -Point$2.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false); -}; + for (ii = 0; ii < this.NN + 2; ii += 2) { + this._encryptBlock(vals); + this.parray[ii + 0] = vals[0]; + this.parray[ii + 1] = vals[1]; + } -Point$2.prototype.jmulAdd = function jmulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true); + for (ii = 0; ii < 4; ++ii) { + for (jj = 0; jj < 256; jj += 2) { + this._encryptBlock(vals); + this.sboxes[ii][jj + 0] = vals[0]; + this.sboxes[ii][jj + 1] = vals[1]; + } + } }; -Point$2.prototype.normalize = function normalize() { - if (this.zOne) - return this; - - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; -}; +// added by Recurity Labs +function BF(key) { + this.bf = new Blowfish(); + this.bf.init(key); -Point$2.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); -}; + this.encrypt = function(block) { + return this.bf.encryptBlock(block); + }; +} -Point$2.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); -}; +BF.keySize = BF.prototype.keySize = 16; +BF.blockSize = BF.prototype.blockSize = 8; -Point$2.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); -}; +/** + * This file is needed to dynamic import the legacy ciphers. + * Separate dynamic imports are not convenient as they result in multiple chunks. + */ -Point$2.prototype.eq = function eq(other) { - return this === other || - this.getX().cmp(other.getX()) === 0 && - this.getY().cmp(other.getY()) === 0; -}; -Point$2.prototype.eqXToP = function eqXToP(x) { - var rx = x.toRed(this.curve.red).redMul(this.z); - if (this.x.cmp(rx) === 0) - return true; +const legacyCiphers = new Map([ + [enums.symmetric.tripledes, TripleDES], + [enums.symmetric.cast5, CAST5], + [enums.symmetric.blowfish, BF], + [enums.symmetric.twofish, TF] +]); - var xc = x.clone(); - var t = this.curve.redN.redMul(this.z); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; +var legacy_ciphers = /*#__PURE__*/Object.freeze({ + __proto__: null, + legacyCiphers: legacyCiphers +}); - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; +// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms. +// Initial state +const SHA1_IV = /* @__PURE__ */ new Uint32Array([ + 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0, +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA1_W = /* @__PURE__ */ new Uint32Array(80); +class SHA1 extends HashMD { + constructor() { + super(64, 20, 8, false); + this.A = SHA1_IV[0] | 0; + this.B = SHA1_IV[1] | 0; + this.C = SHA1_IV[2] | 0; + this.D = SHA1_IV[3] | 0; + this.E = SHA1_IV[4] | 0; + } + get() { + const { A, B, C, D, E } = this; + return [A, B, C, D, E]; + } + set(A, B, C, D, E) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + SHA1_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 80; i++) + SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1); + // Compression function main loop, 80 rounds + let { A, B, C, D, E } = this; + for (let i = 0; i < 80; i++) { + let F, K; + if (i < 20) { + F = Chi(B, C, D); + K = 0x5a827999; + } + else if (i < 40) { + F = B ^ C ^ D; + K = 0x6ed9eba1; + } + else if (i < 60) { + F = Maj(B, C, D); + K = 0x8f1bbcdc; + } + else { + F = B ^ C ^ D; + K = 0xca62c1d6; + } + const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0; + E = D; + D = C; + C = rotl(B, 30); + B = A; + A = T; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + this.set(A, B, C, D, E); + } + roundClean() { + SHA1_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +/** + * SHA1 (RFC 3174) hash function. + * It was cryptographically broken: prefer newer algorithms. + * @param message - data that would be hashed + */ +const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1()); + +// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html +// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf +const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]); +const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i)); +const Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16); +let idxL = [Id]; +let idxR = [Pi]; +for (let i = 0; i < 4; i++) + for (let j of [idxL, idxR]) + j.push(j[i].map((k) => Rho[k])); +const shifts = /* @__PURE__ */ [ + [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], + [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7], + [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9], + [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6], + [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5], +].map((i) => new Uint8Array(i)); +const shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j])); +const shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j])); +const Kl = /* @__PURE__ */ new Uint32Array([ + 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e, +]); +const Kr = /* @__PURE__ */ new Uint32Array([ + 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000, +]); +// It's called f() in spec. +function f(group, x, y, z) { + if (group === 0) + return x ^ y ^ z; + else if (group === 1) + return (x & y) | (~x & z); + else if (group === 2) + return (x | ~y) ^ z; + else if (group === 3) + return (x & z) | (y & ~z); + else + return x ^ (y | ~z); +} +// Temporary buffer, not used to store anything between runs +const R_BUF = /* @__PURE__ */ new Uint32Array(16); +class RIPEMD160 extends HashMD { + constructor() { + super(64, 20, 8, true); + this.h0 = 0x67452301 | 0; + this.h1 = 0xefcdab89 | 0; + this.h2 = 0x98badcfe | 0; + this.h3 = 0x10325476 | 0; + this.h4 = 0xc3d2e1f0 | 0; + } + get() { + const { h0, h1, h2, h3, h4 } = this; + return [h0, h1, h2, h3, h4]; + } + set(h0, h1, h2, h3, h4) { + this.h0 = h0 | 0; + this.h1 = h1 | 0; + this.h2 = h2 | 0; + this.h3 = h3 | 0; + this.h4 = h4 | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + R_BUF[i] = view.getUint32(offset, true); + // prettier-ignore + let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el; + // Instead of iterating 0 to 80, we split it into 5 groups + // And use the groups in constants, functions, etc. Much simpler + for (let group = 0; group < 5; group++) { + const rGroup = 4 - group; + const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore + const rl = idxL[group], rr = idxR[group]; // prettier-ignore + const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore + for (let i = 0; i < 16; i++) { + const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0; + al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore + } + // 2 loops are 10% faster + for (let i = 0; i < 16; i++) { + const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0; + ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore + } + } + // Add the compressed chunk to the current hash value + this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0); + } + roundClean() { + R_BUF.fill(0); + } + destroy() { + this.destroyed = true; + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0); + } +} +/** + * RIPEMD-160 - a hash function from 1990s. + * @param message - msg that would be hashed + */ +const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160()); -// Compatibility with BaseCurve -Point$2.prototype.toP = Point$2.prototype.normalize; -Point$2.prototype.mixedAdd = Point$2.prototype.add; +/** + * This file is needed to dynamic import the noble-hashes. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ -var curve_1 = createCommonjsModule(function (module, exports) { -var curve = exports; +const nobleHashes = new Map(Object.entries({ + sha1, + sha224, + sha256, + sha384, + sha512, + sha3_256, + sha3_512, + ripemd160 +})); -curve.base = base; -curve.short = short_1; -curve.mont = mont; -curve.edwards = edwards; +var noble_hashes = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleHashes: nobleHashes }); -var rotl32$2 = utils.rotl32; -var sum32$3 = utils.sum32; -var sum32_5$2 = utils.sum32_5; -var ft_1$1 = common$1.ft_1; -var BlockHash$4 = common.BlockHash; - -var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 -]; +// Adapted from the reference implementation in RFC7693 +// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes -function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); +// Uint64 values are represented using two Uint32s, stored as little endian +// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays +// need to be manually handled - BlockHash$4.call(this); - this.h = [ - 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); +// 64-bit unsigned addition (little endian, in place) +// Sets a[i,i+1] += b[j,j+1] +// `a` and `b` must be Uint32Array(2) +function ADD64 (a, i, b, j) { + a[i] += b[j]; + a[i+1] += b[j+1] + (a[i] < b[j]); // add carry } -utils.inherits(SHA1, BlockHash$4); -var _1 = SHA1; +// Increment 64-bit little-endian unsigned value by `c` (in place) +// `a` must be Uint32Array(2) +function INC64 (a, c) { + a[0] += c; + a[1] += (a[0] < c); +} -SHA1.blockSize = 512; -SHA1.outSize = 160; -SHA1.hmacStrength = 80; -SHA1.padLength = 64; +// G Mixing function +// The ROTRs are inlined for speed +function G$1 (v, m, a, b, c, d, ix, iy) { + ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1] + ADD64(v, a, m, ix); // v[a, a+1] += x ... x0 -SHA1.prototype._update = function _update(msg, start) { - var W = this.W; + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits + let xor0 = v[d] ^ v[a]; + let xor1 = v[d + 1] ^ v[a + 1]; + v[d] = xor1; + v[d + 1] = xor0; - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; + ADD64(v, c, v, d); - for(; i < W.length; i++) - W[i] = rotl32$2(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor0 >>> 24) ^ (xor1 << 8); + v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8); - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; + ADD64(v, a, v, b); + ADD64(v, a, m, iy); - for (i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5$2(rotl32$2(a, 5), ft_1$1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32$2(b, 30); - b = a; - a = t; - } + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits + xor0 = v[d] ^ v[a]; + xor1 = v[d + 1] ^ v[a + 1]; + v[d] = (xor0 >>> 16) ^ (xor1 << 16); + v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16); - this.h[0] = sum32$3(this.h[0], a); - this.h[1] = sum32$3(this.h[1], b); - this.h[2] = sum32$3(this.h[2], c); - this.h[3] = sum32$3(this.h[3], d); - this.h[4] = sum32$3(this.h[4], e); -}; + ADD64(v, c, v, d); -SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor1 >>> 31) ^ (xor0 << 1); + v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1); +} -var sha1 = _1; -var sha224 = _224; -var sha256 = _256; -var sha384 = _384; -var sha512 = _512; - -var sha = { - sha1: sha1, - sha224: sha224, - sha256: sha256, - sha384: sha384, - sha512: sha512 -}; +// Initialization Vector +const BLAKE2B_IV32 = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 +]); -function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; - - this._init(utils.toArray(key, enc)); -} -var hmac = Hmac; - -Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - minimalisticAssert(key.length <= this.blockSize); - - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); - - for (i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); - - // 0x36 ^ 0x5c = 0x6a - for (i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); -}; +// These are offsets into a Uint64 buffer. +// Multiply them all by 2 to make them offsets into a Uint32 buffer +const SIGMA = new Uint8Array([ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 +].map(x => x * 2)); + +// Compression function. 'last' flag indicates last block. +// Note: we're representing 16 uint64s as 32 uint32s +function compress(S, last) { + const v = new Uint32Array(32); + const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32); + + // init work variables + for (let i = 0; i < 16; i++) { + v[i] = S.h[i]; + v[i + 16] = BLAKE2B_IV32[i]; + } + + // low 64 bits of offset + v[24] ^= S.t0[0]; + v[25] ^= S.t0[1]; + // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1 + + // if last block + const f0 = last ? 0xFFFFFFFF : 0; + v[28] ^= f0; + v[29] ^= f0; + + // twelve rounds of mixing + for (let i = 0; i < 12; i++) { + // ROUND(r) + const i16 = i << 4; + G$1(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1]); + G$1(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]); + G$1(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]); + G$1(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]); + G$1(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]); + G$1(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]); + G$1(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]); + G$1(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15]); + } + + for (let i = 0; i < 16; i++) { + S.h[i] ^= v[i] ^ v[i + 16]; + } +} + +// Creates a BLAKE2b hashing context +// Requires an output length between 1 and 64 bytes +// Takes an optional Uint8Array key +class Blake2b { + constructor(outlen, key, salt, personal) { + const params = new Uint8Array(64); + // 0: outlen, keylen, fanout, depth + // 4: leaf length, sequential mode + // 8: node offset + // 12: node offset + // 16: node depth, inner length, rfu + // 20: rfu + // 24: rfu + // 28: rfu + // 32: salt + // 36: salt + // 40: salt + // 44: salt + // 48: personal + // 52: personal + // 56: personal + // 60: personal + + // init internal state + this.S = { + b: new Uint8Array(BLOCKBYTES), + h: new Uint32Array(OUTBYTES_MAX / 4), + t0: new Uint32Array(2), // input counter `t`, lower 64-bits only + c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES` + outlen // output length in bytes + }; -Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); - return this; -}; + // init parameter block + params[0] = outlen; + if (key) params[1] = key.length; + params[2] = 1; // fanout + params[3] = 1; // depth + if (salt) params.set(salt, 32); + if (personal) params.set(personal, 48); + const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT); -Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); -}; + // initialize hash state + for (let i = 0; i < 16; i++) { + this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i]; + } -var hash_1 = createCommonjsModule(function (module, exports) { -var hash = exports; - -hash.utils = utils; -hash.common = common; -hash.sha = sha; -hash.ripemd = ripemd; -hash.hmac = hmac; - -// Proxy hash functions to the main object -hash.sha1 = hash.sha.sha1; -hash.sha256 = hash.sha.sha256; -hash.sha224 = hash.sha.sha224; -hash.sha384 = hash.sha.sha384; -hash.sha512 = hash.sha.sha512; -hash.ripemd160 = hash.ripemd.ripemd160; -}); + // key the hash, if applicable + if (key) { + const block = new Uint8Array(BLOCKBYTES); + block.set(key); + this.update(block); + } + } -var secp256k1 = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] + // Updates a BLAKE2b streaming hash + // Requires Uint8Array (byte array) + update(input) { + if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer') + // for (let i = 0; i < input.length; i++) { + // if (this.S.c === BLOCKBYTES) { // buffer full + // INC64(this.S.t0, this.S.c) // add counters + // compress(this.S, false) + // this.S.c = 0 // empty buffer + // } + // this.S.b[this.S.c++] = input[i] + // } + let i = 0; + while(i < input.length) { + if (this.S.c === BLOCKBYTES) { // buffer full + INC64(this.S.t0, this.S.c); // add counters + compress(this.S, false); + this.S.c = 0; // empty buffer + } + let left = BLOCKBYTES - this.S.c; + this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds + const fill = Math.min(left, input.length - i); + this.S.c += fill; + i += fill; + } + return this } -}; -var curves_1 = createCommonjsModule(function (module, exports) { + /** + * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one + * @param {Uint8Array} [prealloc] - optional preallocated buffer + * @returns {ArrayBuffer} message digest + */ + digest(prealloc) { + INC64(this.S.t0, this.S.c); // mark last block offset + + // final block, padded + this.S.b.fill(0, this.S.c); + this.S.c = BLOCKBYTES; + compress(this.S, true); + + const out = prealloc || new Uint8Array(this.S.outlen); + for (let i = 0; i < this.S.outlen; i++) { + // must be loaded individually since default Uint32 endianness is platform dependant + out[i] = this.S.h[i >> 2] >> (8 * (i & 3)); + } + this.S.h = null; // prevent calling `update` after `digest` + return out.buffer; + } +} -var curves = exports; +function createHash(outlen, key, salt, personal) { + if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`) + return new Blake2b(outlen, key, salt, personal) +} +const OUTBYTES_MAX = 64; +const BLOCKBYTES = 128; +const TYPE = 2; // Argon2id +const VERSION = 0x13; +const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1; +const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const SALTBYTES_MIN = 8; +const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const passwordBYTES_MIN = 8; +const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional) +const SECRETBYTES_MAX = 32; // key (optional) -var assert = utils_1$1.assert; +const ARGON2_BLOCK_SIZE = 1024; +const ARGON2_PREHASH_DIGEST_LENGTH = 64; -function PresetCurve(options) { - if (options.type === 'short') - this.curve = new curve_1.short(options); - else if (options.type === 'edwards') - this.curve = new curve_1.edwards(options); - else if (options.type === 'mont') - this.curve = new curve_1.mont(options); - else throw new Error('Unknown curve type.'); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; +const isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd; - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O'); +// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3]) +function LE32(buf, n, i) { + buf[i+0] = n; + buf[i+1] = n >> 8; + buf[i+2] = n >> 16; + buf[i+3] = n >> 24; + return buf; } -curves.PresetCurve = PresetCurve; -function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } - }); +/** + * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7]) + * @param {Uint8Array} buf + * @param {Number} n + * @param {Number} i + */ +function LE64(buf, n, i) { + if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported"); + // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations + // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps) + // so we manually extract each byte + let remainder = n; + for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER + buf[offset] = remainder; // implicit & 0xff + remainder = (remainder - buf[offset]) / 256; + } + return buf; } -defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash_1.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] -}); +/** + * Variable-Length Hash Function H' + * @param {Number} outlen - T + * @param {Uint8Array} X - value to hash + * @param {Uint8Array} res - output buffer, of length `outlength` or larger + */ +function H_(outlen, X, res) { + const V = new Uint8Array(64); // no need to keep around all V_i -defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash_1.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] -}); + const V1_in = new Uint8Array(4 + X.length); + LE32(V1_in, outlen, 0); + V1_in.set(X, 4); + if (outlen <= 64) { + // H'^T(A) = H^T(LE32(T)||A) + createHash(outlen).update(V1_in).digest(res); + return res + } -defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash_1.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] -}); + const r = Math.ceil(outlen / 32) - 2; -defineCurve('p384', { - type: 'short', - prime: null, - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 ffffffff', - a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 fffffffc', - b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' + - '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef', - n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' + - 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973', - hash: hash_1.sha384, - gRed: false, - g: [ - 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' + - '5502f25d bf55296c 3a545e38 72760ab7', - '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' + - '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f' - ] -}); + // Let V_i be a 64-byte block and W_i be its first 32 bytes. + // V_1 = H^(64)(LE32(T)||A) + // V_2 = H^(64)(V_1) + // ... + // V_r = H^(64)(V_{r-1}) + // V_{r+1} = H^(T-32*r)(V_{r}) + // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1} + for (let i = 0; i < r; i++) { + createHash(64).update(i === 0 ? V1_in : V).digest(V); + // store W_i in result buffer already + res.set(V.subarray(0, 32), i*32); + } + // V_{r+1} + const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest()); + res.set(V_r1, r*32); -defineCurve('p521', { - type: 'short', - prime: null, - p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff', - a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff fffffffc', - b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' + - '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' + - '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00', - n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' + - 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409', - hash: hash_1.sha512, - gRed: false, - g: [ - '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' + - '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' + - 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66', - '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' + - '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' + - '3fad0761 353c7086 a272c240 88be9476 9fd16650' - ] -}); + return res; +} -// https://tools.ietf.org/html/rfc7748#section-4.1 -defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '1', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '9' - ] -}); +// compute buf = xs ^ ys +function XOR(wasmContext, buf, xs, ys) { + wasmContext.fn.XOR( + buf.byteOffset, + xs.byteOffset, + ys.byteOffset, + ); + return buf +} -defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] -}); +/** + * @param {Uint8Array} X (read-only) + * @param {Uint8Array} Y (read-only) + * @param {Uint8Array} R - output buffer + * @returns + */ +function G(wasmContext, X, Y, R) { + wasmContext.fn.G( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} -// https://tools.ietf.org/html/rfc5639#section-3.4 -defineCurve('brainpoolP256r1', { - type: 'short', - prime: null, - p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377', - a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9', - b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6', - n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7', - hash: hash_1.sha256, // or 384, or 512 - gRed: false, - g: [ - '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', - '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997' - ] -}); +function G2(wasmContext, X, Y, R) { + wasmContext.fn.G2( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values. +function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) { + // For each segment, we do the following. First, we compute the value Z as: + // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) ) + wasmContext.refs.prngTmp.fill(0); + const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8); + LE64(Z, pass, 0); + LE64(Z, lane, 8); + LE64(Z, slice, 16); + LE64(Z, m_, 24); + LE64(Z, totalPasses, 32); + LE64(Z, TYPE, 40); + + // Then we compute q/(128*SL) 1024-byte values + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ), + // ..., + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )), + for(let i = 1; i <= segmentLength; i++) { + // tmp.set(Z); // no need to re-copy + LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed + const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR ); + + // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2 + // NB: the first generated pair must be used for the first block of the segment, and so on. + // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset. + for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) { + yield g2.subarray(k, k+8); + } + } + return []; +} + +function validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) { + const assertLength = (name, value, min, max) => { + if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); } + }; -// https://tools.ietf.org/html/rfc5639#section-3.6 -defineCurve('brainpoolP384r1', { - type: 'short', - prime: null, - p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' + - 'ACD3A729 901D1A71 87470013 3107EC53', - a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' + - '8AA5814A 503AD4EB 04A8C7DD 22CE2826', - b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' + - '7CB43902 95DBC994 3AB78696 FA504C11', - n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' + - 'CF3AB6AF 6B7FC310 3B883202 E9046565', - hash: hash_1.sha384, // or 512 - gRed: false, - g: [ - '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' + - 'E8E826E03436D646AAEF87B2E247D4AF1E', - '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' + - '280E4646217791811142820341263C5315' - ] -}); + if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version'); + assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX); + assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX); + assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX); + assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX); + // optional fields + ad && assertLength('associated data', ad, 0, ADBYTES_MAX); + secret && assertLength('secret', secret, 0, SECRETBYTES_MAX); -// https://tools.ietf.org/html/rfc5639#section-3.7 -defineCurve('brainpoolP512r1', { - type: 'short', - prime: null, - p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' + - '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3', - a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' + - '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA', - b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' + - '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723', - n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' + - '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069', - hash: hash_1.sha512, - gRed: false, - g: [ - '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' + - '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', - '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' + - '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892' - ] -}); + return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes }; +} -// https://en.bitcoin.it/wiki/Secp256k1 -var pre; -try { - pre = secp256k1; -} catch (e) { - pre = undefined; -} - -defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash_1.sha256, - - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' - } - ], +const KB = 1024; +const WASM_PAGE_SIZE = 64 * KB; - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] -}); -}); +function argon2id(params, { memory, instance: wasmInstance }) { + if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system -function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; + const ctx = validateParams({ type: TYPE, version: VERSION, ...params }); - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; + const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports; + const wasmRefs = {}; + const wasmFn = {}; + wasmFn.G = wasmG; + wasmFn.G2 = wasmG2; + wasmFn.XOR = wasmXOR; - this._reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; + // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p. + const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes)); + const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references + if (memory.buffer.byteLength < requiredMemory) { + const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE); + // If enough memory is available, the `memory.buffer` is internally detached and the reference updated. + // Otherwise, the operation fails, and the original memory can still be used. + memory.grow(missing); + } - var entropy = utils_1.toArray(options.entropy, options.entropyEnc || 'hex'); - var nonce = utils_1.toArray(options.nonce, options.nonceEnc || 'hex'); - var pers = utils_1.toArray(options.pers, options.persEnc || 'hex'); - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); -} -var hmacDrbg = HmacDRBG; + let offset = 0; + // Init wasm memory needed in other functions + wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length; + wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length; + wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length; + wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length; + // Init wasm memory needed locally + const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT; + const wasmContext = { fn: wasmFn, refs: wasmRefs }; + const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length; + const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE); + const allocatedMemory = new Uint8Array(memory.buffer, 0, offset); + + // 1. Establish H_0 + const H0 = getH0(ctx); + + // 2. Allocate the memory as m' 1024-byte blocks + // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns. + const q = m_ / ctx.lanes; + const B = new Array(ctx.lanes).fill(null).map(() => new Array(q)); + const initBlock = (i, j) => { + B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE); + return B[i][j]; + }; -HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); + for (let i = 0; i < ctx.lanes; i++) { + // const LEi = LE0; // since p = 1 for us + const tmp = new Uint8Array(H0.length + 8); + // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p + // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i)) + tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0)); + // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p + // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i)) + LE32(tmp, 1, H0.length); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1)); + } + + // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2 + // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes + // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc. + const SL = 4; // vertical slices + const segmentLength = q / SL; + for (let pass = 0; pass < ctx.passes; pass++) { + // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel + for (let sl = 0; sl < SL; sl++) { + const isDataIndependent = pass === 0 && sl <= 1; + for (let i = 0; i < ctx.lanes; i++) { // lane + // On the first slice of the first pass, blocks 0 and 1 are already filled + let segmentOffset = sl === 0 && pass === 0 ? 2 : 0; + // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory) + const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null; + for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) { + const j = sl * segmentLength + segmentOffset; + const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q] + + // we can assume the PRNG is never done + const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength); + const l = lz[0]; const z = lz[1]; + // for (let i = 0; i < p; i++ ) + // B[i][j] = G(B[i][j-1], B[l][z]) + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + if (pass === 0) initBlock(i, j); + G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]); + + // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one + if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]); + } + } + } + } + + // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column: + // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1] + const C = B[0][q-1]; + for(let i = 1; i < ctx.lanes; i++) { + XOR(wasmContext, C, C, B[i][q-1]); + } + + const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength)); + // clear memory since the module might be cached + allocatedMemory.fill(0); // clear sensitive contents + memory.grow(0); // allow deallocation + // 8. The output tag is computed as H'^T(C). + return tag; + +} + +function getH0(ctx) { + const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH); + const ZERO32 = new Uint8Array(4); + const params = new Uint8Array(24); + LE32(params, ctx.lanes, 0); + LE32(params, ctx.tagLength, 4); + LE32(params, ctx.memorySize, 8); + LE32(params, ctx.passes, 12); + LE32(params, ctx.version, 16); + LE32(params, ctx.type, 20); + + const toHash = [params]; + if (ctx.password) { + toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0)); + toHash.push(ctx.password); + } else { + toHash.push(ZERO32); // context.password.length + } - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; + if (ctx.salt) { + toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0)); + toHash.push(ctx.salt); + } else { + toHash.push(ZERO32); // context.salt.length } - this._update(seed); - this._reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 -}; + if (ctx.secret) { + toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0)); + toHash.push(ctx.secret); + // todo clear secret? + } else { + toHash.push(ZERO32); // context.secret.length + } -HmacDRBG.prototype._hmac = function hmac() { - return new hash_1.hmac(this.hash, this.K); -}; + if (ctx.ad) { + toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0)); + toHash.push(ctx.ad); + } else { + toHash.push(ZERO32); // context.ad.length + } + H.update(concatArrays(toHash)); -HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; + const outputBuffer = H.digest(); + return new Uint8Array(outputBuffer); +} - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); -}; +function concatArrays(arrays) { + if (arrays.length === 1) return arrays[0]; + + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!(arrays[i] instanceof Uint8Array)) { + throw new Error('concatArrays: Data must be in the form of a Uint8Array'); + } -HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; + totalLength += arrays[i].length; } - entropy = utils_1.toArray(entropy, entropyEnc); - add = utils_1.toArray(add, addEnc); + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach((element) => { + result.set(element, pos); + pos += element.length; + }); + + return result; +} - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); +let isSIMDSupported; +async function wasmLoader(memory, getSIMD, getNonSIMD) { + const importObject = { env: { memory } }; + if (isSIMDSupported === undefined) { + try { + const loaded = await getSIMD(importObject); + isSIMDSupported = true; + return loaded; + } catch(e) { + isSIMDSupported = false; + } + } - this._update(entropy.concat(add || [])); - this._reseed = 1; -}; + const loader = isSIMDSupported ? getSIMD : getNonSIMD; + return loader(importObject); +} -HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this._reseed > this.reseedInterval) - throw new Error('Reseed is required'); +async function setupWasm(getSIMD, getNonSIMD) { + const memory = new WebAssembly.Memory({ + // in pages of 64KiB each + // these values need to be compatible with those declared when building in `build-wasm` + initial: 1040, // 65MB + maximum: 65536, // 4GB + }); + const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD); - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; - } + /** + * Argon2id hash function + * @callback computeHash + * @param {Object} params + * @param {Uint8Array} params.password - password + * @param {Uint8Array} params.salt - salt + * @param {Integer} params.parallelism + * @param {Integer} params.passes + * @param {Integer} params.memorySize - in kibibytes + * @param {Integer} params.tagLength - output tag length + * @param {Uint8Array} [params.ad] - associated data (optional) + * @param {Uint8Array} [params.secret] - secret data (optional) + * @return {Uint8Array} argon2id hash + */ + const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory }); - // Optional additional data - if (add) { - add = utils_1.toArray(add, addEnc || 'hex'); - this._update(add); - } + return computeHash; +} - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); +function _loadWasmModule (sync, filepath, src, imports) { + function _instantiateOrCompile(source, imports, stream) { + var instantiateFunc = WebAssembly.instantiate; + var compileFunc = WebAssembly.compile; + + if (imports) { + return instantiateFunc(source, imports) + } else { + return compileFunc(source) + } } - var res = temp.slice(0, len); - this._update(add); - this._reseed++; - return utils_1.encode(res, enc); -}; + +var buf = null; + + +buf = Buffer.from(src, 'base64'); -var assert$5 = utils_1$1.assert; -function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); + { + return _instantiateOrCompile(buf, imports) + } } -var key = KeyPair; -KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; +function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)} - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); -}; +function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)} -KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; +const loadWasm = async () => setupWasm( + (instanceObject) => wasmSIMD(instanceObject), + (instanceObject) => wasmNonSIMD(instanceObject), +); - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); -}; +var index$1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + default: loadWasm +}); -// TODO: should not validate for X25519 -KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); +/* +node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; +Copyright (C) 2012 Eli Skeggs - return { result: true, reason: null }; -}; +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. -KeyPair.prototype.getPublic = function getPublic(enc, compact) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. - if (!enc) - return this.pub; +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html - return this.pub.encode(enc, compact); -}; +Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). -KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; -}; +Based on micro-bunzip by Rob Landley (rob@landley.net). -KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // For Curve25519/Curve448 we have a specific procedure. - // TODO Curve448 - if (this.ec.curve.type === 'mont') { - var one = this.ec.curve.one; - var mask = one.ushln(255 - 3).sub(one).ushln(3); - this.priv = this.priv.or(one.ushln(255 - 1)); - this.priv = this.priv.and(mask); - } else - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.umod(this.ec.curve.n); -}; +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ -KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - // Montgomery points only have an `x` coordinate. - // Weierstrass/Edwards points on the other hand have both `x` and - // `y` coordinates. - if (this.ec.curve.type === 'mont') { - assert$5(key.x, 'Need x coordinate'); - } else if (this.ec.curve.type === 'short' || - this.ec.curve.type === 'edwards') { - assert$5(key.x && key.y, 'Need both x and y coordinate'); - } - this.pub = this.ec.curve.point(key.x, key.y); - return; - } - this.pub = this.ec.curve.decodePoint(key, enc); -}; +var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; -// ECDH -KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); +// offset in bytes +var BitReader$1 = function(stream) { + this.stream = stream; + this.bitOffset = 0; + this.curByte = 0; + this.hasByte = false; }; -// ECDSA -KeyPair.prototype.sign = function sign(msg, enc, options) { - return this.ec.sign(msg, this, enc, options); +BitReader$1.prototype._ensureByte = function() { + if (!this.hasByte) { + this.curByte = this.stream.readByte(); + this.hasByte = true; + } }; -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); +// reads bits from the buffer +BitReader$1.prototype.read = function(bits) { + var result = 0; + while (bits > 0) { + this._ensureByte(); + var remaining = 8 - this.bitOffset; + // if we're in a byte + if (bits >= remaining) { + result <<= remaining; + result |= BITMASK[remaining] & this.curByte; + this.hasByte = false; + this.bitOffset = 0; + bits -= remaining; + } else { + result <<= bits; + var shift = remaining - bits; + result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; + this.bitOffset += bits; + bits = 0; + } + } + return result; }; -KeyPair.prototype.inspect = function inspect() { - return ''; +// seek to an arbitrary point in the buffer (expressed in bits) +BitReader$1.prototype.seek = function(pos) { + var n_bit = pos % 8; + var n_byte = (pos - n_bit) / 8; + this.bitOffset = n_bit; + this.stream.seek(n_byte); + this.hasByte = false; }; -var assert$6 = utils_1$1.assert; - -function Signature$1(options, enc) { - if (options instanceof Signature$1) - return options; - - if (this._importDER(options, enc)) - return; +// reads 6 bytes worth of data using the read method +BitReader$1.prototype.pi = function() { + var buf = new Uint8Array(6), i; + for (i = 0; i < buf.length; i++) { + buf[i] = this.read(8); + } + return bufToHex(buf); +}; - assert$6(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); - if (options.recoveryParam === undefined) - this.recoveryParam = null; - else - this.recoveryParam = options.recoveryParam; +function bufToHex(buf) { + return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); } -var signature$1 = Signature$1; -function Position() { - this.place = 0; -} +var bitreader = BitReader$1; -function getLength(buf, p) { - var initial = buf[p.place++]; - if (!(initial & 0x80)) { - return initial; - } - var octetLen = initial & 0xf; - var val = 0; - for (var i = 0, off = p.place; i < octetLen; i++, off++) { - val <<= 8; - val |= buf[off]; - } - p.place = off; - return val; -} +/* very simple input/output stream interface */ -function rmPadding(buf) { - var i = 0; - var len = buf.length - 1; - while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) { - i++; - } - if (i === 0) { - return buf; - } - return buf.slice(i); -} +var Stream$1 = function() { +}; -Signature$1.prototype._importDER = function _importDER(data, enc) { - data = utils_1$1.toArray(data, enc); - var p = new Position(); - if (data[p.place++] !== 0x30) { - return false; - } - var len = getLength(data, p); - if ((len + p.place) !== data.length) { - return false; - } - if (data[p.place++] !== 0x02) { - return false; - } - var rlen = getLength(data, p); - var r = data.slice(p.place, rlen + p.place); - p.place += rlen; - if (data[p.place++] !== 0x02) { - return false; - } - var slen = getLength(data, p); - if (data.length !== slen + p.place) { - return false; - } - var s = data.slice(p.place, slen + p.place); - if (r[0] === 0 && (r[1] & 0x80)) { - r = r.slice(1); - } - if (s[0] === 0 && (s[1] & 0x80)) { - s = s.slice(1); +// input streams ////////////// +/** Returns the next byte, or -1 for EOF. */ +Stream$1.prototype.readByte = function() { + throw new Error("abstract method readByte() not implemented"); +}; +/** Attempts to fill the buffer; returns number of bytes read, or + * -1 for EOF. */ +Stream$1.prototype.read = function(buffer, bufOffset, length) { + var bytesRead = 0; + while (bytesRead < length) { + var c = this.readByte(); + if (c < 0) { // EOF + return (bytesRead===0) ? -1 : bytesRead; + } + buffer[bufOffset++] = c; + bytesRead++; } - - this.r = new bn(r); - this.s = new bn(s); - this.recoveryParam = null; - - return true; + return bytesRead; +}; +Stream$1.prototype.seek = function(new_pos) { + throw new Error("abstract method seek() not implemented"); }; -function constructLength(arr, len) { - if (len < 0x80) { - arr.push(len); - return; +// output streams /////////// +Stream$1.prototype.writeByte = function(_byte) { + throw new Error("abstract method readByte() not implemented"); +}; +Stream$1.prototype.write = function(buffer, bufOffset, length) { + var i; + for (i=0; i>> 3); - arr.push(octets | 0x80); - while (--octets) { - arr.push((len >>> (octets << 3)) & 0xff); - } - arr.push(len); -} - -Signature$1.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); - - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); - - r = rmPadding(r); - s = rmPadding(s); - - while (!s[0] && !(s[1] & 0x80)) { - s = s.slice(1); - } - var arr = [ 0x02 ]; - constructLength(arr, r.length); - arr = arr.concat(r); - arr.push(0x02); - constructLength(arr, s.length); - var backHalf = arr.concat(s); - var res = [ 0x30 ]; - constructLength(res, backHalf.length); - res = res.concat(backHalf); - return utils_1$1.encode(res, enc); + return length; +}; +Stream$1.prototype.flush = function() { }; -var assert$7 = utils_1$1.assert; +var stream = Stream$1; +/* CRC32, used in Bzip2 implementation. + * This is a port of CRC32.java from the jbzip2 implementation at + * https://code.google.com/p/jbzip2 + * which is: + * Copyright (c) 2011 Matthew Francis + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * This JavaScript implementation is: + * Copyright (c) 2013 C. Scott Ananian + * with the same licensing terms as Matthew Francis' original implementation. + */ +var crc32 = (function() { + /** + * A static CRC lookup table + */ + var crc32Lookup = new Uint32Array([ + 0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005, + 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61, 0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, + 0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75, + 0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd, + 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039, 0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, + 0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d, + 0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95, + 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1, 0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, + 0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072, + 0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca, + 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde, 0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, + 0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba, + 0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692, + 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6, 0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, + 0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2, + 0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a, + 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637, 0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, + 0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53, + 0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b, + 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff, 0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, + 0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b, + 0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3, + 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7, 0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, + 0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3, + 0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c, + 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8, 0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, + 0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec, + 0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654, + 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0, 0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, + 0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4, + 0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c, + 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668, 0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4 + ]); -function EC(options) { - if (!(this instanceof EC)) - return new EC(options); + var CRC32 = function() { + /** + * The current CRC + */ + var crc = 0xffffffff; - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert$7(curves_1.hasOwnProperty(options), 'Unknown curve ' + options); + /** + * @return The current CRC + */ + this.getCRC = function() { + return (~crc) >>> 0; // return an unsigned value + }; - options = curves_1[options]; - } + /** + * Update the CRC with a single byte + * @param value The value to update the CRC with + */ + this.updateCRC = function(value) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + }; - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof curves_1.PresetCurve) - options = { curve: options }; + /** + * Update the CRC with a sequence of identical bytes + * @param value The value to update the CRC with + * @param count The number of bytes + */ + this.updateCRCRun = function(value, count) { + while (count-- > 0) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + } + }; + }; + return CRC32; +})(); - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.ushrn(1); - this.g = this.curve.g; +/* +seek-bzip - a pure-javascript module for seeking within bzip2 data - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); +Copyright (C) 2013 C. Scott Ananian +Copyright (C) 2012 Eli Skeggs +Copyright (C) 2011 Kevin Kwok - // Hash function for DRBG - this.hash = options.hash || options.curve.hash; -} -var ec = EC; +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. -EC.prototype.keyPair = function keyPair(options) { - return new key(this, options); -}; +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. -EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return key.fromPrivate(this, priv, enc); -}; +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html -EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return key.fromPublic(this, pub, enc); -}; +Adapted from node-bzip, copyright 2012 Eli Skeggs. +Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). -EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.n.toArray() - }); +Based on micro-bunzip by Rob Landley (rob@landley.net). - // Key generation for curve25519 is simpler - if (this.curve.type === 'mont') { - var priv = new bn(drbg.generate(32)); - return this.keyFromPrivate(priv); - } +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; +var BitReader = bitreader; +var Stream = stream; +var CRC32 = crc32; - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); -}; +var MAX_HUFCODE_BITS = 20; +var MAX_SYMBOLS = 258; +var SYMBOL_RUNA = 0; +var SYMBOL_RUNB = 1; +var MIN_GROUPS = 2; +var MAX_GROUPS = 6; +var GROUP_SIZE = 50; -EC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) { - bitSize = bitSize || msg.byteLength() * 8; - var delta = bitSize - this.n.bitLength(); - if (delta > 0) - msg = msg.ushrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; -}; +var WHOLEPI = "314159265359"; +var SQRTPI = "177245385090"; -EC.prototype.truncateMsg = function truncateMSG(msg) { - // Bit size is only determined correctly for Uint8Arrays and hex strings - var bitSize; - if (msg instanceof Uint8Array) { - bitSize = msg.byteLength * 8; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else if (typeof msg === 'string') { - bitSize = msg.length * 4; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else { - msg = this._truncateToN(new bn(msg, 16)); +var mtf = function(array, index) { + var src = array[index], i; + for (i = index; i > 0; i--) { + array[i] = array[i-1]; } - return msg; + array[0] = src; + return src; }; -EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this.truncateMsg(msg); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray('be', bytes); - - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray('be', bytes); - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - entropy: bkey, - nonce: nonce, - pers: options.pers, - persEnc: options.persEnc || 'utf8' - }); - - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); +var Err = { + OK: 0, + LAST_BLOCK: -1, + NOT_BZIP_DATA: -2, + UNEXPECTED_INPUT_EOF: -3, + UNEXPECTED_OUTPUT_EOF: -4, + DATA_ERROR: -5, + OUT_OF_MEMORY: -6, + OBSOLETE_INPUT: -7, + END_OF_BLOCK: -8 +}; +var ErrorMessages = {}; +ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; +ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; +ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; +ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; +ErrorMessages[Err.DATA_ERROR] = "Data error"; +ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; +ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - for (var iter = 0; true; iter++) { - var k = options.k ? - options.k(iter) : - new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; +var _throw = function(status, optDetail) { + var msg = ErrorMessages[status] || 'unknown error'; + if (optDetail) { msg += ': '+optDetail; } + var e = new TypeError(msg); + e.errorCode = status; + throw e; +}; - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; +var Bunzip = function(inputStream, outputStream) { + this.writePos = this.writeCurrent = this.writeCount = 0; - var kpX = kp.getX(); - var r = kpX.umod(this.n); - if (r.cmpn(0) === 0) - continue; + this._start_bunzip(inputStream, outputStream); +}; +Bunzip.prototype._init_block = function() { + var moreBlocks = this._get_next_block(); + if ( !moreBlocks ) { + this.writeCount = -1; + return false; /* no more blocks */ + } + this.blockCRC = new CRC32(); + return true; +}; +/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ +Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { + /* Ensure that file starts with "BZh['1'-'9']." */ + var buf = new Uint8Array(4); + if (inputStream.read(buf, 0, 4) !== 4 || + String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') + _throw(Err.NOT_BZIP_DATA, 'bad magic'); - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); - s = s.umod(this.n); - if (s.cmpn(0) === 0) - continue; + var level = buf[3] - 0x30; + if (level < 1 || level > 9) + _throw(Err.NOT_BZIP_DATA, 'level out of range'); - var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | - (kpX.cmp(r) !== 0 ? 2 : 0); + this.reader = new BitReader(inputStream); - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) { - s = this.n.sub(s); - recoveryParam ^= 1; + /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of + uncompressed data. Allocate intermediate buffer for block. */ + this.dbufSize = 100000 * level; + this.nextoutput = 0; + this.outputStream = outputStream; + this.streamCRC = 0; +}; +Bunzip.prototype._get_next_block = function() { + var i, j, k; + var reader = this.reader; + // this is get_next_block() function from micro-bunzip: + /* Read in header signature and CRC, then validate signature. + (last block signature means CRC is for whole file, return now) */ + var h = reader.pi(); + if (h === SQRTPI) { // last block + return false; /* no more blocks */ + } + if (h !== WHOLEPI) + _throw(Err.NOT_BZIP_DATA); + this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) + this.streamCRC = (this.targetBlockCRC ^ + ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; + /* We can add support for blockRandomised if anybody complains. There was + some code for this in busybox 1.0.0-pre3, but nobody ever noticed that + it didn't actually work. */ + if (reader.read(1)) + _throw(Err.OBSOLETE_INPUT); + var origPointer = reader.read(24); + if (origPointer > this.dbufSize) + _throw(Err.DATA_ERROR, 'initial position out of bounds'); + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer + symbols to deal with, and writes a sparse bitfield indicating which + values were present. We make a translation table to convert the symbols + back to the corresponding bytes. */ + var t = reader.read(16); + var symToByte = new Uint8Array(256), symTotal = 0; + for (i = 0; i < 16; i++) { + if (t & (1 << (0xF - i))) { + var o = i * 16; + k = reader.read(16); + for (j = 0; j < 16; j++) + if (k & (1 << (0xF - j))) + symToByte[symTotal++] = o + j; } - - return new signature$1({ r: r, s: s, recoveryParam: recoveryParam }); } -}; - -EC.prototype.verify = function verify(msg, signature, key, enc) { - key = this.keyFromPublic(key, enc); - signature = new signature$1(signature, 'hex'); - // Fallback to the old code - var ret = this._verify(this.truncateMsg(msg), signature, key) || - this._verify(this._truncateToN(new bn(msg, 16)), signature, key); - return ret; -}; -EC.prototype._verify = function _verify(msg, signature, key) { - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; + /* How many different huffman coding groups does this block use? */ + var groupCount = reader.read(3); + if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) + _throw(Err.DATA_ERROR); + /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding + group. Read in the group selector list, which is stored as MTF encoded + bit runs. (MTF=Move To Front, as each value is used it's moved to the + start of the list.) */ + var nSelectors = reader.read(15); + if (nSelectors === 0) + _throw(Err.DATA_ERROR); - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).umod(this.n); - var u2 = sinv.mul(r).umod(this.n); + var mtfSymbol = new Uint8Array(256); + for (i = 0; i < groupCount; i++) + mtfSymbol[i] = i; - if (!this.curve._maxwellTrick) { - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; + var selectors = new Uint8Array(nSelectors); // was 32768... - return p.getX().umod(this.n).cmp(r) === 0; + for (i = 0; i < nSelectors; i++) { + /* Get next value */ + for (j = 0; reader.read(1); j++) + if (j >= groupCount) _throw(Err.DATA_ERROR); + /* Decode MTF to get the next selector */ + selectors[i] = mtf(mtfSymbol, j); } - // NOTE: Greg Maxwell's trick, inspired by: - // https://git.io/vad3K - - var p = this.g.jmulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - // Compare `p.x` of Jacobian point with `r`, - // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the - // inverse of `p.z^2` - return p.eqXToP(r); -}; + /* Read the huffman coding tables for each group, which code for symTotal + literal symbols, plus two run symbols (RUNA, RUNB) */ + var symCount = symTotal + 2; + var groups = [], hufGroup; + for (j = 0; j < groupCount; j++) { + var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); + /* Read huffman code lengths for each symbol. They're stored in + a way similar to mtf; record a starting value for the first symbol, + and an offset from the previous value for everys symbol after that. */ + t = reader.read(5); // lengths + for (i = 0; i < symCount; i++) { + for (;;) { + if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); + /* If first bit is 0, stop. Else second bit indicates whether + to increment or decrement the value. */ + if(!reader.read(1)) + break; + if(!reader.read(1)) + t++; + else + t--; + } + length[i] = t; + } -EC.prototype.recoverPubKey = function(msg, signature, j, enc) { - assert$7((3 & j) === j, 'The recovery param is more than two bits'); - signature = new signature$1(signature, enc); - - var n = this.n; - var e = new bn(msg); - var r = signature.r; - var s = signature.s; - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = j & 1; - var isSecondKey = j >> 1; - if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) - throw new Error('Unable to find sencond key candinate'); - - // 1.1. Let x = r + jn. - if (isSecondKey) - r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); - else - r = this.curve.pointFromX(r, isYOdd); - - var rInv = signature.r.invm(n); - var s1 = n.sub(e).mul(rInv).umod(n); - var s2 = s.mul(rInv).umod(n); - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - return this.g.mulAdd(s1, r, s2); -}; + /* Find largest and smallest lengths in this group */ + var minLen, maxLen; + minLen = maxLen = length[0]; + for (i = 1; i < symCount; i++) { + if (length[i] > maxLen) + maxLen = length[i]; + else if (length[i] < minLen) + minLen = length[i]; + } -EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) { - signature = new signature$1(signature, enc); - if (signature.recoveryParam !== null) - return signature.recoveryParam; + /* Calculate permute[], base[], and limit[] tables from length[]. + * + * permute[] is the lookup table for converting huffman coded symbols + * into decoded symbols. base[] is the amount to subtract from the + * value of a huffman symbol of a given length when using permute[]. + * + * limit[] indicates the largest numerical value a symbol with a given + * number of bits can have. This is how the huffman codes can vary in + * length: each code with a value>limit[length] needs another bit. + */ + hufGroup = {}; + groups.push(hufGroup); + hufGroup.permute = new Uint16Array(MAX_SYMBOLS); + hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); + hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); + hufGroup.minLen = minLen; + hufGroup.maxLen = maxLen; + /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ + var pp = 0; + for (i = minLen; i <= maxLen; i++) { + temp[i] = hufGroup.limit[i] = 0; + for (t = 0; t < symCount; t++) + if (length[t] === i) + hufGroup.permute[pp++] = t; + } + /* Count symbols coded for at each bit length */ + for (i = 0; i < symCount; i++) + temp[length[i]]++; + /* Calculate limit[] (the largest symbol-coding value at each bit + * length, which is (previous limit<<1)+symbols at this level), and + * base[] (number of symbols to ignore at each bit length, which is + * limit minus the cumulative count of symbols coded for already). */ + pp = t = 0; + for (i = minLen; i < maxLen; i++) { + pp += temp[i]; + /* We read the largest possible symbol size and then unget bits + after determining how many we need, and those extra bits could + be set to anything. (They're noise from future symbols.) At + each level we're really only interested in the first few bits, + so here we set all the trailing to-be-ignored bits to 1 so they + don't affect the value>limit[length] comparison. */ + hufGroup.limit[i] = pp - 1; + pp <<= 1; + t += temp[i]; + hufGroup.base[i + 1] = pp - t; + } + hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ + hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; + hufGroup.base[minLen] = 0; + } + /* We've finished reading and digesting the block header. Now read this + block's huffman coded symbols from the file and undo the huffman coding + and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - for (var i = 0; i < 4; i++) { - var Qprime; - try { - Qprime = this.recoverPubKey(e, signature, i); - } catch (e) { + /* Initialize symbol occurrence counters and symbol Move To Front table */ + var byteCount = new Uint32Array(256); + for (i = 0; i < 256; i++) + mtfSymbol[i] = i; + /* Loop through compressed symbols. */ + var runPos = 0, dbufCount = 0, selector = 0, uc; + var dbuf = this.dbuf = new Uint32Array(this.dbufSize); + symCount = 0; + for (;;) { + /* Determine which huffman coding group to use. */ + if (!(symCount--)) { + symCount = GROUP_SIZE - 1; + if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } + hufGroup = groups[selectors[selector++]]; + } + /* Read next huffman-coded symbol. */ + i = hufGroup.minLen; + j = reader.read(i); + for (;;i++) { + if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } + if (j <= hufGroup.limit[i]) + break; + j = (j << 1) | reader.read(1); + } + /* Huffman decode value to get nextSym (with bounds checking) */ + j -= hufGroup.base[i]; + if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } + var nextSym = hufGroup.permute[j]; + /* We have now decoded the symbol, which indicates either a new literal + byte, or a repeated run of the most recent literal byte. First, + check if nextSym indicates a repeated run, and if so loop collecting + how many times to repeat the last literal. */ + if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { + /* If this is the start of a new run, zero out counter */ + if (!runPos){ + runPos = 1; + t = 0; + } + /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at + each bit position, add 1 or 2 instead. For example, + 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. + You can make any bit pattern that way using 1 less symbol than + the basic or 0/1 method (except all bits 0, which would use no + symbols, but a run of length 0 doesn't mean anything in this + context). Thus space is saved. */ + if (nextSym === SYMBOL_RUNA) + t += runPos; + else + t += 2 * runPos; + runPos <<= 1; continue; } - - if (Qprime.eq(Q)) - return i; + /* When we hit the first non-run symbol after a run, we now know + how many times to repeat the last literal, so append that many + copies to our buffer of decoded symbols (dbuf) now. (The last + literal used is the one at the head of the mtfSymbol array.) */ + if (runPos){ + runPos = 0; + if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } + uc = symToByte[mtfSymbol[0]]; + byteCount[uc] += t; + while (t--) + dbuf[dbufCount++] = uc; + } + /* Is this the terminating symbol? */ + if (nextSym > symTotal) + break; + /* At this point, nextSym indicates a new literal character. Subtract + one to get the position in the MTF array at which this literal is + currently to be found. (Note that the result can't be -1 or 0, + because 0 and 1 are RUNA and RUNB. But another instance of the + first symbol in the mtf array, position 0, would have been handled + as part of a run above. Therefore 1 unused mtf position minus + 2 non-literal nextSym values equals -1.) */ + if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } + i = nextSym - 1; + uc = mtf(mtfSymbol, i); + uc = symToByte[uc]; + /* We have our literal byte. Save it into dbuf. */ + byteCount[uc]++; + dbuf[dbufCount++] = uc; } - throw new Error('Unable to find valid recovery factor'); -}; - -var assert$8 = utils_1$1.assert; -var parseBytes = utils_1$1.parseBytes; -var cachedProperty = utils_1$1.cachedProperty; - -/** -* @param {EDDSA} eddsa - instance -* @param {Object} params - public/private key parameters -* -* @param {Array} [params.secret] - secret seed bytes -* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms) -* @param {Array} [params.pub] - public key point encoded as bytes -* -*/ -function KeyPair$1(eddsa, params) { - this.eddsa = eddsa; - if (params.hasOwnProperty('secret')) - this._secret = parseBytes(params.secret); - if (eddsa.isPoint(params.pub)) - this._pub = params.pub; - else { - this._pubBytes = parseBytes(params.pub); - if (this._pubBytes && this._pubBytes.length === 33 && - this._pubBytes[0] === 0x40) - this._pubBytes = this._pubBytes.slice(1, 33); - if (this._pubBytes && this._pubBytes.length !== 32) - throw new Error('Unknown point compression format'); - } -} - -KeyPair$1.fromPublic = function fromPublic(eddsa, pub) { - if (pub instanceof KeyPair$1) - return pub; - return new KeyPair$1(eddsa, { pub: pub }); -}; - -KeyPair$1.fromSecret = function fromSecret(eddsa, secret) { - if (secret instanceof KeyPair$1) - return secret; - return new KeyPair$1(eddsa, { secret: secret }); -}; - -KeyPair$1.prototype.secret = function secret() { - return this._secret; -}; - -cachedProperty(KeyPair$1, 'pubBytes', function pubBytes() { - return this.eddsa.encodePoint(this.pub()); -}); - -cachedProperty(KeyPair$1, 'pub', function pub() { - if (this._pubBytes) - return this.eddsa.decodePoint(this._pubBytes); - return this.eddsa.g.mul(this.priv()); -}); - -cachedProperty(KeyPair$1, 'privBytes', function privBytes() { - var eddsa = this.eddsa; - var hash = this.hash(); - var lastIx = eddsa.encodingLength - 1; - - // https://tools.ietf.org/html/rfc8032#section-5.1.5 - var a = hash.slice(0, eddsa.encodingLength); - a[0] &= 248; - a[lastIx] &= 127; - a[lastIx] |= 64; - - return a; -}); - -cachedProperty(KeyPair$1, 'priv', function priv() { - return this.eddsa.decodeInt(this.privBytes()); -}); - -cachedProperty(KeyPair$1, 'hash', function hash() { - return this.eddsa.hash().update(this.secret()).digest(); -}); - -cachedProperty(KeyPair$1, 'messagePrefix', function messagePrefix() { - return this.hash().slice(this.eddsa.encodingLength); -}); - -KeyPair$1.prototype.sign = function sign(message) { - assert$8(this._secret, 'KeyPair can only verify'); - return this.eddsa.sign(message, this); -}; - -KeyPair$1.prototype.verify = function verify(message, sig) { - return this.eddsa.verify(message, sig, this); -}; - -KeyPair$1.prototype.getSecret = function getSecret(enc) { - assert$8(this._secret, 'KeyPair is public only'); - return utils_1$1.encode(this.secret(), enc); -}; - -KeyPair$1.prototype.getPublic = function getPublic(enc, compact) { - return utils_1$1.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc); -}; - -var key$1 = KeyPair$1; - -var assert$9 = utils_1$1.assert; -var cachedProperty$1 = utils_1$1.cachedProperty; -var parseBytes$1 = utils_1$1.parseBytes; - -/** -* @param {EDDSA} eddsa - eddsa instance -* @param {Array|Object} sig - -* @param {Array|Point} [sig.R] - R point as Point or bytes -* @param {Array|bn} [sig.S] - S scalar as bn or bytes -* @param {Array} [sig.Rencoded] - R point encoded -* @param {Array} [sig.Sencoded] - S scalar encoded -*/ -function Signature$2(eddsa, sig) { - this.eddsa = eddsa; - - if (typeof sig !== 'object') - sig = parseBytes$1(sig); - - if (Array.isArray(sig)) { - sig = { - R: sig.slice(0, eddsa.encodingLength), - S: sig.slice(eddsa.encodingLength) - }; + /* At this point, we've read all the huffman-coded symbols (and repeated + runs) for this block from the input stream, and decoded them into the + intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. + Now undo the Burrows-Wheeler transform on dbuf. + See http://dogma.net/markn/articles/bwt/bwt.htm + */ + if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } + /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ + j = 0; + for (i = 0; i < 256; i++) { + k = j + byteCount[i]; + byteCount[i] = j; + j = k; } + /* Figure out what order dbuf would be in if we sorted it. */ + for (i = 0; i < dbufCount; i++) { + uc = dbuf[i] & 0xff; + dbuf[byteCount[uc]] |= (i << 8); + byteCount[uc]++; + } + /* Decode first byte by hand to initialize "previous" byte. Note that it + doesn't get output, and if the first three characters are identical + it doesn't qualify as a run (hence writeRunCountdown=5). */ + var pos = 0, current = 0, run = 0; + if (dbufCount) { + pos = dbuf[origPointer]; + current = (pos & 0xff); + pos >>= 8; + run = -1; + } + this.writePos = pos; + this.writeCurrent = current; + this.writeCount = dbufCount; + this.writeRun = run; - assert$9(sig.R && sig.S, 'Signature without R or S'); - - if (eddsa.isPoint(sig.R)) - this._R = sig.R; - if (sig.S instanceof bn) - this._S = sig.S; - - this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded; - this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded; -} - -cachedProperty$1(Signature$2, 'S', function S() { - return this.eddsa.decodeInt(this.Sencoded()); -}); - -cachedProperty$1(Signature$2, 'R', function R() { - return this.eddsa.decodePoint(this.Rencoded()); -}); - -cachedProperty$1(Signature$2, 'Rencoded', function Rencoded() { - return this.eddsa.encodePoint(this.R()); -}); - -cachedProperty$1(Signature$2, 'Sencoded', function Sencoded() { - return this.eddsa.encodeInt(this.S()); -}); - -Signature$2.prototype.toBytes = function toBytes() { - return this.Rencoded().concat(this.Sencoded()); -}; - -Signature$2.prototype.toHex = function toHex() { - return utils_1$1.encode(this.toBytes(), 'hex').toUpperCase(); -}; - -var signature$2 = Signature$2; - -var assert$a = utils_1$1.assert; -var parseBytes$2 = utils_1$1.parseBytes; - - - -function EDDSA(curve) { - assert$a(curve === 'ed25519', 'only tested with ed25519 so far'); - - if (!(this instanceof EDDSA)) - return new EDDSA(curve); - - var curve = curves_1[curve].curve; - this.curve = curve; - this.g = curve.g; - this.g.precompute(curve.n.bitLength() + 1); - - this.pointClass = curve.point().constructor; - this.encodingLength = Math.ceil(curve.n.bitLength() / 8); - this.hash = hash_1.sha512; -} - -var eddsa$1 = EDDSA; - -/** -* @param {Array|String} message - message bytes -* @param {Array|String|KeyPair} secret - secret bytes or a keypair -* @returns {Signature} - signature -*/ -EDDSA.prototype.sign = function sign(message, secret) { - message = parseBytes$2(message); - var key = this.keyFromSecret(secret); - var r = this.hashInt(key.messagePrefix(), message); - var R = this.g.mul(r); - var Rencoded = this.encodePoint(R); - var s_ = this.hashInt(Rencoded, key.pubBytes(), message) - .mul(key.priv()); - var S = r.add(s_).umod(this.curve.n); - return this.makeSignature({ R: R, S: S, Rencoded: Rencoded }); + return true; /* more blocks to come */ }; - -/** -* @param {Array} message - message bytes -* @param {Array|String|Signature} sig - sig bytes -* @param {Array|String|Point|KeyPair} pub - public key -* @returns {Boolean} - true if public key matches sig of message +/* Undo burrows-wheeler transform on intermediate buffer to produce output. + If start_bunzip was initialized with out_fd=-1, then up to len bytes of + data are written to outbuf. Return value is number of bytes written or + error (all errors are negative numbers). If out_fd!=-1, outbuf and len + are ignored, data is written to out_fd and return is RETVAL_OK or error. */ -EDDSA.prototype.verify = function verify(message, sig, pub) { - message = parseBytes$2(message); - sig = this.makeSignature(sig); - var key = this.keyFromPublic(pub); - var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message); - var SG = this.g.mul(sig.S()); - var RplusAh = sig.R().add(key.pub().mul(h)); - return RplusAh.eq(SG); -}; - -EDDSA.prototype.hashInt = function hashInt() { - var hash = this.hash(); - for (var i = 0; i < arguments.length; i++) - hash.update(arguments[i]); - return utils_1$1.intFromLE(hash.digest()).umod(this.curve.n); -}; +Bunzip.prototype._read_bunzip = function(outputBuffer, len) { + var copies, previous, outbyte; + /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully + decoded, which results in this returning RETVAL_LAST_BLOCK, also + equal to -1... Confusing, I'm returning 0 here to indicate no + bytes written into the buffer */ + if (this.writeCount < 0) { return 0; } + var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; + var dbufCount = this.writeCount; this.outputsize; + var run = this.writeRun; -EDDSA.prototype.keyPair = function keyPair(options) { - return new key$1(this, options); + while (dbufCount) { + dbufCount--; + previous = current; + pos = dbuf[pos]; + current = pos & 0xff; + pos >>= 8; + if (run++ === 3){ + copies = current; + outbyte = previous; + current = -1; + } else { + copies = 1; + outbyte = current; + } + this.blockCRC.updateCRCRun(outbyte, copies); + while (copies--) { + this.outputStream.writeByte(outbyte); + this.nextoutput++; + } + if (current != previous) + run = 0; + } + this.writeCount = dbufCount; + // check CRC + if (this.blockCRC.getCRC() !== this.targetBlockCRC) { + _throw(Err.DATA_ERROR, "Bad block CRC "+ + "(got "+this.blockCRC.getCRC().toString(16)+ + " expected "+this.targetBlockCRC.toString(16)+")"); + } + return this.nextoutput; }; -EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) { - return key$1.fromPublic(this, pub); +var coerceInputStream = function(input) { + if ('readByte' in input) { return input; } + var inputStream = new Stream(); + inputStream.pos = 0; + inputStream.readByte = function() { return input[this.pos++]; }; + inputStream.seek = function(pos) { this.pos = pos; }; + inputStream.eof = function() { return this.pos >= input.length; }; + return inputStream; }; - -EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) { - return key$1.fromSecret(this, secret); +var coerceOutputStream = function(output) { + var outputStream = new Stream(); + var resizeOk = true; + if (output) { + if (typeof(output)==='number') { + outputStream.buffer = new Uint8Array(output); + resizeOk = false; + } else if ('writeByte' in output) { + return output; + } else { + outputStream.buffer = output; + resizeOk = false; + } + } else { + outputStream.buffer = new Uint8Array(16384); + } + outputStream.pos = 0; + outputStream.writeByte = function(_byte) { + if (resizeOk && this.pos >= this.buffer.length) { + var newBuffer = new Uint8Array(this.buffer.length*2); + newBuffer.set(this.buffer); + this.buffer = newBuffer; + } + this.buffer[this.pos++] = _byte; + }; + outputStream.getBuffer = function() { + // trim buffer + if (this.pos !== this.buffer.length) { + if (!resizeOk) + throw new TypeError('outputsize does not match decoded input'); + var newBuffer = new Uint8Array(this.pos); + newBuffer.set(this.buffer.subarray(0, this.pos)); + this.buffer = newBuffer; + } + return this.buffer; + }; + outputStream._coerced = true; + return outputStream; }; -EDDSA.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.curve.n.toArray() - }); +/* Static helper functions */ +// 'input' can be a stream or a buffer +// 'output' can be a stream or a buffer or a number (buffer size) +const decode = function(input, output, multistream) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); - return this.keyFromSecret(drbg.generate(32)); + var bz = new Bunzip(inputStream, outputStream); + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + if (bz._init_block()) { + bz._read_bunzip(); + } else { + var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) + if (targetStreamCRC !== bz.streamCRC) { + _throw(Err.DATA_ERROR, "Bad stream CRC "+ + "(got "+bz.streamCRC.toString(16)+ + " expected "+targetStreamCRC.toString(16)+")"); + } + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + } else break; + } + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; +const decodeBlock = function(input, pos, output) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + var bz = new Bunzip(inputStream, outputStream); + bz.reader.seek(pos); + /* Fill the decode buffer for the block */ + var moreBlocks = bz._get_next_block(); + if (moreBlocks) { + /* Init the CRC for writing */ + bz.blockCRC = new CRC32(); -EDDSA.prototype.makeSignature = function makeSignature(sig) { - if (sig instanceof signature$2) - return sig; - return new signature$2(this, sig); -}; + /* Zero this so the current byte from before the seek is not written */ + bz.writeCopies = 0; -/** -* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2 -* -* EDDSA defines methods for encoding and decoding points and integers. These are -* helper convenience methods, that pass along to utility functions implied -* parameters. -* -*/ -EDDSA.prototype.encodePoint = function encodePoint(point) { - var enc = point.getY().toArray('le', this.encodingLength); - enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0; - return enc; + /* Decompress the block and write to stdout */ + bz._read_bunzip(); + // XXX keep writing? + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; +/* Reads bzip2 file from stream or buffer `input`, and invoke + * `callback(position, size)` once for each bzip2 block, + * where position gives the starting position (in *bits*) + * and size gives uncompressed size of the block (in *bytes*). */ +const table = function(input, callback, multistream) { + // make a stream from a buffer, if necessary + var inputStream = new Stream(); + inputStream.delegate = coerceInputStream(input); + inputStream.pos = 0; + inputStream.readByte = function() { + this.pos++; + return this.delegate.readByte(); + }; + if (inputStream.delegate.eof) { + inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); + } + var outputStream = new Stream(); + outputStream.pos = 0; + outputStream.writeByte = function() { this.pos++; }; -EDDSA.prototype.decodePoint = function decodePoint(bytes) { - bytes = utils_1$1.parseBytes(bytes); - - var lastIx = bytes.length - 1; - var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80); - var xIsOdd = (bytes[lastIx] & 0x80) !== 0; - - var y = utils_1$1.intFromLE(normed); - return this.curve.pointFromY(y, xIsOdd); -}; + var bz = new Bunzip(inputStream, outputStream); + var blockSize = bz.dbufSize; + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; -EDDSA.prototype.encodeInt = function encodeInt(num) { - return num.toArray('le', this.encodingLength); -}; + var position = inputStream.pos*8 + bz.reader.bitOffset; + if (bz.reader.hasByte) { position -= 8; } -EDDSA.prototype.decodeInt = function decodeInt(bytes) { - return utils_1$1.intFromLE(bytes); + if (bz._init_block()) { + var start = outputStream.pos; + bz._read_bunzip(); + callback(position, outputStream.pos - start); + } else { + bz.reader.read(32); // (but we ignore the crc) + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + console.assert(bz.dbufSize === blockSize, + "shouldn't change block size within multistream file"); + } else break; + } + } }; -EDDSA.prototype.isPoint = function isPoint(val) { - return val instanceof this.pointClass; +var lib = { + Bunzip, + Stream, + Err, + decode, + decodeBlock, + table }; -var elliptic_1 = createCommonjsModule(function (module, exports) { - -var elliptic = exports; - -elliptic.utils = utils_1$1; -elliptic.rand = brorand; -elliptic.curve = curve_1; -elliptic.curves = curves_1; - -// Protocols -elliptic.ec = ec; -elliptic.eddsa = eddsa$1; -}); - -var elliptic$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': elliptic_1, - __moduleExports: elliptic_1 -}); +var index = /*#__PURE__*/_mergeNamespaces({ + __proto__: null +}, [lib]); -export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$5 as decrypt, decryptKey, decryptSessionKeys, encrypt$5 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$6 as sign, unarmor, verify$6 as verify }; +export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PaddingPacket, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt, decryptKey, decryptSessionKeys, encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign, unarmor, verify }; diff --git a/app/node_modules/openpgp/dist/openpgp.js b/app/node_modules/openpgp/dist/openpgp.js index bde39ddc1..ff7db97e0 100644 --- a/app/node_modules/openpgp/dist/openpgp.js +++ b/app/node_modules/openpgp/dist/openpgp.js @@ -1,9 +1,24 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ var openpgp = (function (exports) { 'use strict'; const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; + function _mergeNamespaces(n, m) { + m.forEach(function (e) { + e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) { + if (k !== 'default' && !(k in n)) { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + }); + return Object.freeze(n); + } + const doneWritingPromise = Symbol('doneWritingPromise'); const doneWritingResolve = Symbol('doneWritingResolve'); const doneWritingReject = Symbol('doneWritingReject'); @@ -13,6 +28,9 @@ var openpgp = (function (exports) { class ArrayStream extends Array { constructor() { super(); + // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work + Object.setPrototypeOf(this, ArrayStream.prototype); + this[doneWritingPromise] = new Promise((resolve, reject) => { this[doneWritingResolve] = resolve; this[doneWritingReject] = reject; @@ -113,15 +131,14 @@ var openpgp = (function (exports) { */ Writer.prototype.releaseLock = function() {}; - const isNode = typeof globalThis.process === 'object' && + /* eslint-disable no-prototype-builtins */ + typeof globalThis.process === 'object' && typeof globalThis.process.versions === 'object'; - const NodeReadableStream = isNode && void('stream').Readable; - /** * Check whether data is a Stream, and if so of which type * @param {Any} input data to check - * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false} + * @returns {'web'|'node'|'array'|'web-like'|false} */ function isStream(input) { if (isArrayStream(input)) { @@ -130,11 +147,11 @@ var openpgp = (function (exports) { if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { return 'web'; } - if (ReadableStream && ReadableStream.prototype.isPrototypeOf(input)) { - return 'ponyfill'; - } - if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) { - return 'node'; + // try and detect a node native stream without having to import its class + if (input && + !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) && + typeof input._read === 'function' && typeof input._readableState === 'object') { + throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`'); } if (input && input.getReader) { return 'web-like'; @@ -178,99 +195,12 @@ var openpgp = (function (exports) { return result; } - const NodeBuffer = isNode && void('buffer').Buffer; - const NodeReadableStream$1 = isNode && void('stream').Readable; - + const doneReadingSet = new WeakSet(); /** - * Web / node stream conversion functions - * From https://github.com/gwicke/node-web-streams + * The external buffer is used to store values that have been peeked or unshifted from the original stream. + * Because of how streams are implemented, such values cannot be "put back" in the original stream, + * but they need to be returned first when reading from the input again. */ - - let nodeToWeb; - let webToNode; - - if (NodeReadableStream$1) { - - /** - * Convert a Node Readable Stream to a Web ReadableStream - * @param {Readable} nodeStream - * @returns {ReadableStream} - */ - nodeToWeb = function(nodeStream) { - let canceled = false; - return new ReadableStream({ - start(controller) { - nodeStream.pause(); - nodeStream.on('data', chunk => { - if (canceled) { - return; - } - if (NodeBuffer.isBuffer(chunk)) { - chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength); - } - controller.enqueue(chunk); - nodeStream.pause(); - }); - nodeStream.on('end', () => { - if (canceled) { - return; - } - controller.close(); - }); - nodeStream.on('error', e => controller.error(e)); - }, - pull() { - nodeStream.resume(); - }, - cancel(reason) { - canceled = true; - nodeStream.destroy(reason); - } - }); - }; - - - class NodeReadable extends NodeReadableStream$1 { - constructor(webStream, options) { - super(options); - this._reader = getReader(webStream); - } - - async _read(size) { - try { - while (true) { - const { done, value } = await this._reader.read(); - if (done) { - this.push(null); - break; - } - if (!this.push(value)) { - break; - } - } - } catch (e) { - this.destroy(e); - } - } - - async _destroy(error, callback) { - this._reader.cancel(error).then(callback, callback); - } - } - - /** - * Convert a Web ReadableStream to a Node Readable Stream - * @param {ReadableStream} webStream - * @param {Object} options - * @returns {Readable} - */ - webToNode = function(webStream, options) { - return new NodeReadable(webStream, options); - }; - - } - - const doneReadingSet = new WeakSet(); const externalBuffer = Symbol('externalBuffer'); /** @@ -289,13 +219,10 @@ var openpgp = (function (exports) { const reader = input.getReader(); this._read = reader.read.bind(reader); this._releaseLock = () => {}; - this._cancel = async () => {}; + this._cancel = () => {}; return; } let streamType = isStream(input); - if (streamType === 'node') { - input = nodeToWeb(input); - } if (streamType) { const reader = input.getReader(); this._read = reader.read.bind(reader); @@ -402,6 +329,7 @@ var openpgp = (function (exports) { Reader.prototype.readBytes = async function(length) { const buffer = []; let bufferLength = 0; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) { @@ -461,6 +389,7 @@ var openpgp = (function (exports) { */ Reader.prototype.readToEnd = async function(join=concat) { const result = []; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) break; @@ -469,32 +398,6 @@ var openpgp = (function (exports) { return join(result); }; - let { ReadableStream, WritableStream, TransformStream } = globalThis; - - let toPonyfillReadable, toNativeReadable; - - async function loadStreamsPonyfill() { - if (TransformStream) { - return; - } - - const [ponyfill, adapter] = await Promise.all([ - Promise.resolve().then(function () { return ponyfill_es6; }), - Promise.resolve().then(function () { return webStreamsAdapter; }) - ]); - - ({ ReadableStream, WritableStream, TransformStream } = ponyfill); - - const { createReadableStreamWrapper } = adapter; - - if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) { - toPonyfillReadable = createReadableStreamWrapper(ReadableStream); - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } - } - - const NodeBuffer$1 = isNode && void('buffer').Buffer; - /** * Convert data to Stream * @param {ReadableStream|Uint8array|String} input data to convert @@ -502,12 +405,6 @@ var openpgp = (function (exports) { */ function toStream(input) { let streamType = isStream(input); - if (streamType === 'node') { - return nodeToWeb(input); - } - if (streamType === 'web' && toPonyfillReadable) { - return toPonyfillReadable(input); - } if (streamType) { return input; } @@ -520,7 +417,7 @@ var openpgp = (function (exports) { } /** - * Convert data to ArrayStream + * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream. * @param {Object} input data to convert * @returns {ArrayStream} Converted data */ @@ -553,9 +450,6 @@ var openpgp = (function (exports) { if (typeof list[0] === 'string') { return list.join(''); } - if (NodeBuffer$1 && NodeBuffer$1.isBuffer(list[0])) { - return NodeBuffer$1.concat(list); - } return concatUint8Array(list); } @@ -596,24 +490,6 @@ var openpgp = (function (exports) { return result; } - /** - * Get a Reader - * @param {ReadableStream|Uint8array|String} input - * @returns {Reader} - */ - function getReader(input) { - return new Reader(input); - } - - /** - * Get a Writer - * @param {WritableStream} input - * @returns {Writer} - */ - function getWriter(input) { - return new Writer(input); - } - /** * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. * @param {ReadableStream|Uint8array|String} input @@ -650,6 +526,7 @@ var openpgp = (function (exports) { const reader = getReader(input); const writer = getWriter(target); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -901,6 +778,7 @@ var openpgp = (function (exports) { const reader = getReader(readable); const writer = getWriter(writable); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -984,9 +862,8 @@ var openpgp = (function (exports) { if (returnValue.length >= -end) { lastBytes = slice(returnValue, end); return slice(returnValue, begin, end); - } else { - lastBytes = returnValue; } + lastBytes = returnValue; }); } console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); @@ -995,9 +872,8 @@ var openpgp = (function (exports) { if (input[externalBuffer]) { input = concat(input[externalBuffer].concat([input])); } - if (isUint8Array(input) && !(NodeBuffer$1 && NodeBuffer$1.isBuffer(input))) { - if (end === Infinity) end = input.length; - return input.subarray(begin, end); + if (isUint8Array(input)) { + return input.subarray(begin, end === Infinity ? input.length : end); } return input.slice(begin, end); } @@ -1029,7 +905,10 @@ var openpgp = (function (exports) { async function cancel(input, reason) { if (isStream(input)) { if (input.cancel) { - return input.cancel(reason); + const cancelled = await input.cancel(reason); + // the stream is not always cancelled at this point, so we wait some more + await new Promise(setTimeout); + return cancelled; } if (input.destroy) { input.destroy(reason); @@ -1058,636 +937,152 @@ var openpgp = (function (exports) { return arrayStream; } - /* eslint-disable new-cap */ + /** + * Get a Reader + * @param {ReadableStream|Uint8array|String} input + * @returns {Reader} + */ + function getReader(input) { + return new Reader(input); + } /** - * @fileoverview - * BigInteger implementation of basic operations - * that wraps the native BigInt library. - * Operations are not constant time, - * but we try and limit timing leakage where we can - * @module biginteger/native - * @private + * Get a Writer + * @param {WritableStream} input + * @returns {Writer} */ + function getWriter(input) { + return new Writer(input); + } /** - * @private + * @module enums */ - class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on null or undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - if (n instanceof Uint8Array) { - const bytes = n; - const hex = new Array(bytes.length); - for (let i = 0; i < bytes.length; i++) { - const hexByte = bytes[i].toString(16); - hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte; - } - this.value = BigInt('0x0' + hex.join('')); - } else { - this.value = BigInt(n); - } - } + const byValue = Symbol('byValue'); - clone() { - return new BigInteger(this.value); - } + var enums = { - /** - * BigInteger increment in place + /** Maps curve names under various standards to one + * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} + * @enum {String} + * @readonly */ - iinc() { - this.value++; - return this; - } + curve: { + /** NIST P-256 Curve */ + 'nistP256': 'nistP256', + /** @deprecated use `nistP256` instead */ + 'p256': 'nistP256', - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } + /** NIST P-384 Curve */ + 'nistP384': 'nistP384', + /** @deprecated use `nistP384` instead */ + 'p384': 'nistP384', - /** - * BigInteger decrement in place - */ - idec() { - this.value--; - return this; - } + /** NIST P-521 Curve */ + 'nistP521': 'nistP521', + /** @deprecated use `nistP521` instead */ + 'p521': 'nistP521', - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + /** SECG SECP256k1 Curve */ + 'secp256k1': 'secp256k1', - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value += x.value; - return this; - } + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519Legacy', + /** @deprecated use `ed25519Legacy` instead */ + 'ed25519': 'ed25519Legacy', - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'curve25519Legacy': 'curve25519Legacy', + /** @deprecated use `curve25519Legacy` instead */ + 'curve25519': 'curve25519Legacy', - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value -= x.value; - return this; - } + /** BrainpoolP256r1 Curve */ + 'brainpoolP256r1': 'brainpoolP256r1', - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } + /** BrainpoolP384r1 Curve */ + 'brainpoolP384r1': 'brainpoolP384r1', - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value *= x.value; - return this; - } + /** BrainpoolP512r1 Curve */ + 'brainpoolP512r1': 'brainpoolP512r1' + }, - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. + /** A string to key specifier type + * @enum {Integer} + * @readonly */ - mul(x) { - return this.clone().imul(x); - } + s2k: { + simple: 0, + salted: 1, + iterated: 3, + argon2: 4, + gnu: 101 + }, - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} + * @enum {Integer} + * @readonly */ - imod(m) { - this.value %= m.value; - if (this.isNegative()) { - this.iadd(m); - } - return this; - } + publicKey: { + /** RSA (Encrypt or Sign) [HAC] */ + rsaEncryptSign: 1, + /** RSA (Encrypt only) [HAC] */ + rsaEncrypt: 2, + /** RSA (Sign only) [HAC] */ + rsaSign: 3, + /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ + elgamal: 16, + /** DSA (Sign only) [FIPS186] [HAC] */ + dsa: 17, + /** ECDH (Encrypt only) [RFC6637] */ + ecdh: 18, + /** ECDSA (Sign only) [RFC6637] */ + ecdsa: 19, + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) + * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ + eddsaLegacy: 22, + /** Reserved for AEDH */ + aedh: 23, + /** Reserved for AEDSA */ + aedsa: 24, + /** X25519 (Encrypt only) */ + x25519: 25, + /** X448 (Encrypt only) */ + x448: 26, + /** Ed25519 (Sign only) */ + ed25519: 27, + /** Ed448 (Sign only) */ + ed448: 28 + }, - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} + * @enum {Integer} + * @readonly */ - mod(m) { - return this.clone().imod(m); - } + symmetric: { + /** Not implemented! */ + idea: 1, + tripledes: 2, + cast5: 3, + blowfish: 4, + aes128: 7, + aes192: 8, + aes256: 9, + twofish: 10 + }, - /** - * Compute modular exponentiation using square and multiply - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} + * @enum {Integer} + * @readonly */ - modExp(e, n) { - if (n.isZero()) throw Error('Modulo cannot be zero'); - if (n.isOne()) return new BigInteger(0); - if (e.isNegative()) throw Error('Unsopported negative exponent'); - - let exp = e.value; - let x = this.value; - - x %= n.value; - let r = BigInt(1); - while (exp > BigInt(0)) { - const lsb = exp & BigInt(1); - exp >>= BigInt(1); // e / 2 - // Always compute multiplication step, to reduce timing leakage - const rx = (r * x) % n.value; - // Update r only if lsb is 1 (odd exponent) - r = lsb ? rx : r; - x = (x * x) % n.value; // Square - } - return new BigInteger(r); - } - - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - const { gcd, x } = this._egcd(n); - if (!gcd.isOne()) { - throw new Error('Inverse does not exist'); - } - return x.add(n).mod(n); - } - - /** - * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) - * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b) - * @param {BigInteger} b - Second operand - * @returns {{ gcd, x, y: BigInteger }} - */ - _egcd(b) { - let x = BigInt(0); - let y = BigInt(1); - let xPrev = BigInt(1); - let yPrev = BigInt(0); - - let a = this.value; - b = b.value; - - while (b !== BigInt(0)) { - const q = a / b; - let tmp = x; - x = xPrev - q * x; - xPrev = tmp; - - tmp = y; - y = yPrev - q * y; - yPrev = tmp; - - tmp = b; - b = a % b; - a = tmp; - } - - return { - x: new BigInteger(xPrev), - y: new BigInteger(yPrev), - gcd: new BigInteger(a) - }; - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} b - Operand - * @returns {BigInteger} gcd - */ - gcd(b) { - let a = this.value; - b = b.value; - while (b !== BigInt(0)) { - const tmp = b; - b = a % b; - a = tmp; - } - return new BigInteger(a); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value <<= x.value; - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value >>= x.value; - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value === x.value; - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value < x.value; - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value <= x.value; - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value > x.value; - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value >= x.value; - } - - isZero() { - return this.value === BigInt(0); - } - - isOne() { - return this.value === BigInt(1); - } - - isNegative() { - return this.value < BigInt(0); - } - - isEven() { - return !(this.value & BigInt(1)); - } - - abs() { - const res = this.clone(); - if (this.isNegative()) { - res.value = -res.value; - } - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - const number = Number(this.value); - if (number > Number.MAX_SAFE_INTEGER) { - // We throw and error to conform with the bn.js implementation - throw new Error('Number can only safely store up to 53 bits'); - } - return number; - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - const bit = (this.value >> BigInt(i)) & BigInt(1); - return (bit === BigInt(0)) ? 0 : 1; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - const zero = new BigInteger(0); - const one = new BigInteger(1); - const negOne = new BigInteger(-1); - - // -1n >> -1n is -1n - // 1n >> 1n is 0n - const target = this.isNegative() ? negOne : zero; - let bitlen = 1; - const tmp = this.clone(); - while (!tmp.irightShift(one).equal(target)) { - bitlen++; - } - return bitlen; - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - const zero = new BigInteger(0); - const negOne = new BigInteger(-1); - - const target = this.isNegative() ? negOne : zero; - const eight = new BigInteger(8); - let len = 1; - const tmp = this.clone(); - while (!tmp.irightShift(eight).equal(target)) { - len++; - } - return len; - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) - // this is faster than shift+mod iterations - let hex = this.value.toString(16); - if (hex.length % 2 === 1) { - hex = '0' + hex; - } - - const rawLength = hex.length / 2; - const bytes = new Uint8Array(length || rawLength); - // parse hex - const offset = length ? (length - rawLength) : 0; - let i = 0; - while (i < rawLength) { - bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); - i++; - } - - if (endian !== 'be') { - bytes.reverse(); - } - - return bytes; - } - } - - const detectBigInt = () => typeof BigInt !== 'undefined'; - - async function getBigInteger() { - if (detectBigInt()) { - return BigInteger; - } else { - const { default: BigInteger } = await Promise.resolve().then(function () { return bn_interface; }); - return BigInteger; - } - } - - /** - * @module enums - */ - - const byValue = Symbol('byValue'); - - var enums = { - - /** Maps curve names under various standards to one - * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} - * @enum {String} - * @readonly - */ - curve: { - /** NIST P-256 Curve */ - 'p256': 'p256', - 'P-256': 'p256', - 'secp256r1': 'p256', - 'prime256v1': 'p256', - '1.2.840.10045.3.1.7': 'p256', - '2a8648ce3d030107': 'p256', - '2A8648CE3D030107': 'p256', - - /** NIST P-384 Curve */ - 'p384': 'p384', - 'P-384': 'p384', - 'secp384r1': 'p384', - '1.3.132.0.34': 'p384', - '2b81040022': 'p384', - '2B81040022': 'p384', - - /** NIST P-521 Curve */ - 'p521': 'p521', - 'P-521': 'p521', - 'secp521r1': 'p521', - '1.3.132.0.35': 'p521', - '2b81040023': 'p521', - '2B81040023': 'p521', - - /** SECG SECP256k1 Curve */ - 'secp256k1': 'secp256k1', - '1.3.132.0.10': 'secp256k1', - '2b8104000a': 'secp256k1', - '2B8104000A': 'secp256k1', - - /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ - 'ed25519Legacy': 'ed25519', - 'ED25519': 'ed25519', - /** @deprecated use `ed25519Legacy` instead */ - 'ed25519': 'ed25519', - 'Ed25519': 'ed25519', - '1.3.6.1.4.1.11591.15.1': 'ed25519', - '2b06010401da470f01': 'ed25519', - '2B06010401DA470F01': 'ed25519', - - /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ - 'curve25519Legacy': 'curve25519', - 'X25519': 'curve25519', - 'cv25519': 'curve25519', - /** @deprecated use `curve25519Legacy` instead */ - 'curve25519': 'curve25519', - 'Curve25519': 'curve25519', - '1.3.6.1.4.1.3029.1.5.1': 'curve25519', - '2b060104019755010501': 'curve25519', - '2B060104019755010501': 'curve25519', - - /** BrainpoolP256r1 Curve */ - 'brainpoolP256r1': 'brainpoolP256r1', - '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1', - '2b2403030208010107': 'brainpoolP256r1', - '2B2403030208010107': 'brainpoolP256r1', - - /** BrainpoolP384r1 Curve */ - 'brainpoolP384r1': 'brainpoolP384r1', - '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1', - '2b240303020801010b': 'brainpoolP384r1', - '2B240303020801010B': 'brainpoolP384r1', - - /** BrainpoolP512r1 Curve */ - 'brainpoolP512r1': 'brainpoolP512r1', - '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1', - '2b240303020801010d': 'brainpoolP512r1', - '2B240303020801010D': 'brainpoolP512r1' - }, - - /** A string to key specifier type - * @enum {Integer} - * @readonly - */ - s2k: { - simple: 0, - salted: 1, - iterated: 3, - gnu: 101 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} - * @enum {Integer} - * @readonly - */ - publicKey: { - /** RSA (Encrypt or Sign) [HAC] */ - rsaEncryptSign: 1, - /** RSA (Encrypt only) [HAC] */ - rsaEncrypt: 2, - /** RSA (Sign only) [HAC] */ - rsaSign: 3, - /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ - elgamal: 16, - /** DSA (Sign only) [FIPS186] [HAC] */ - dsa: 17, - /** ECDH (Encrypt only) [RFC6637] */ - ecdh: 18, - /** ECDSA (Sign only) [RFC6637] */ - ecdsa: 19, - /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) - * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility - /** @deprecated use `eddsaLegacy` instead */ - ed25519Legacy: 22, - /** @deprecated use `eddsaLegacy` instead */ - eddsa: 22, - /** Reserved for AEDH */ - aedh: 23, - /** Reserved for AEDSA */ - aedsa: 24, - /** X25519 (Encrypt only) */ - x25519: 25, - /** X448 (Encrypt only) */ - x448: 26, - /** Ed25519 (Sign only) */ - ed25519: 27, - /** Ed448 (Sign only) */ - ed448: 28 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} - * @enum {Integer} - * @readonly - */ - symmetric: { - plaintext: 0, - /** Not implemented! */ - idea: 1, - tripledes: 2, - cast5: 3, - blowfish: 4, - aes128: 7, - aes192: 8, - aes256: 9, - twofish: 10 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} - * @enum {Integer} - * @readonly - */ - compression: { - uncompressed: 0, - /** RFC1951 */ - zip: 1, - /** RFC1950 */ - zlib: 2, - bzip2: 3 - }, + compression: { + uncompressed: 0, + /** RFC1951 */ + zip: 1, + /** RFC1950 */ + zlib: 2, + bzip2: 3 + }, /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} * @enum {Integer} @@ -1700,7 +1095,9 @@ var openpgp = (function (exports) { sha256: 8, sha384: 9, sha512: 10, - sha224: 11 + sha224: 11, + sha3_256: 12, + sha3_512: 14 }, /** A list of hash names as accepted by webCrypto functions. @@ -1721,6 +1118,7 @@ var openpgp = (function (exports) { aead: { eax: 1, ocb: 2, + gcm: 3, experimentalGCM: 100 // Private algorithm }, @@ -1746,7 +1144,8 @@ var openpgp = (function (exports) { userAttribute: 17, symEncryptedIntegrityProtectedData: 18, modificationDetectionCode: 19, - aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + padding: 21 }, /** Data types in the literal packet @@ -1902,7 +1301,7 @@ var openpgp = (function (exports) { placeholderBackwardsCompatibility: 10, preferredSymmetricAlgorithms: 11, revocationKey: 12, - issuer: 16, + issuerKeyID: 16, notationData: 20, preferredHashAlgorithms: 21, preferredCompressionAlgorithms: 22, @@ -1917,7 +1316,8 @@ var openpgp = (function (exports) { signatureTarget: 31, embeddedSignature: 32, issuerFingerprint: 33, - preferredAEADAlgorithms: 34 + preferredAEADAlgorithms: 34, + preferredCipherSuites: 39 }, /** Key flags @@ -1986,7 +1386,8 @@ var openpgp = (function (exports) { aead: 2, /** 0x04 - Version 5 Public-Key Packet format and corresponding new * fingerprint format */ - v5Keys: 4 + v5Keys: 4, + seipdv2: 8 }, /** @@ -2032,9 +1433,328 @@ var openpgp = (function (exports) { }; // GPG4Browsers - An OpenPGP implementation in javascript - - const debugMode = (() => { - try { + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + var config = { + /** + * @memberof module:config + * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} + */ + preferredHashAlgorithm: enums.hash.sha512, + /** + * @memberof module:config + * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} + */ + preferredSymmetricAlgorithm: enums.symmetric.aes256, + /** + * @memberof module:config + * @property {Integer} compression Default compression algorithm {@link module:enums.compression} + */ + preferredCompressionAlgorithm: enums.compression.uncompressed, + /** + * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. + * This option is applicable to: + * - key generation (encryption key preferences), + * - password-based message encryption, and + * - private key encryption. + * In the case of message encryption using public keys, the encryption key preferences are respected instead. + * Note: not all OpenPGP implementations are compatible with this option. + * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10} + * @memberof module:config + * @property {Boolean} aeadProtect + */ + aeadProtect: false, + /** + * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`) + * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`, + * this option must be set, otherwise key parsing and/or key decryption will fail. + * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys + * will be processed incorrectly. + */ + parseAEADEncryptedV4KeysAsLegacy: false, + /** + * Default Authenticated Encryption with Additional Data (AEAD) encryption mode + * Only has an effect when aeadProtect is set to true. + * @memberof module:config + * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} + */ + preferredAEADAlgorithm: enums.aead.gcm, + /** + * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode + * Only has an effect when aeadProtect is set to true. + * Must be an integer value from 0 to 56. + * @memberof module:config + * @property {Integer} aeadChunkSizeByte + */ + aeadChunkSizeByte: 12, + /** + * Use v6 keys. + * Note: not all OpenPGP implementations are compatible with this option. + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v6Keys + */ + v6Keys: false, + /** + * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet). + * These are non-standard entities, which in the crypto-refresh have been superseded + * by v6 keys and v6 signatures, respectively. + * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries, + * hence parsing them might be necessary in some cases. + */ + enableParsingV5Entities: false, + /** + * S2K (String to Key) type, used for key derivation in the context of secret key encryption + * and password-encrypted data. Weaker s2k options are not allowed. + * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it + * (pending standardisation). + * @memberof module:config + * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k} + */ + s2kType: enums.s2k.iterated, + /** + * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}: + * Iteration Count Byte for Iterated and Salted S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`. + * Note: this is the exponent value, not the final number of iterations (refer to specs for more details). + * @memberof module:config + * @property {Integer} s2kIterationCountByte + */ + s2kIterationCountByte: 224, + /** + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}: + * Argon2 parameters for S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`. + * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"), + * to ensure compatibility with memory-constrained environments. + * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. + * @memberof module:config + * @property {Object} params + * @property {Integer} params.passes - number of iterations t + * @property {Integer} params.parallelism - degree of parallelism p + * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes. + */ + s2kArgon2Params: { + passes: 3, + parallelism: 4, // lanes + memoryExponent: 16 // 64 MiB of RAM + }, + /** + * Allow decryption of messages without integrity protection. + * This is an **insecure** setting: + * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. + * - it enables downgrade attacks against integrity-protected messages. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedMessages + */ + allowUnauthenticatedMessages: false, + /** + * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to + * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible + * and deferring checking their integrity until the decrypted stream has been read in full. + * + * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity: + * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL + * (see https://efail.de/). + * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data. + * + * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedStream + */ + allowUnauthenticatedStream: false, + /** + * Minimum RSA key size allowed for key generation and message signing, verification and encryption. + * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. + * @memberof module:config + * @property {Number} minRSABits + */ + minRSABits: 2047, + /** + * Work-around for rare GPG decryption bug when encrypting with multiple passwords. + * **Slower and slightly less secure** + * @memberof module:config + * @property {Boolean} passwordCollisionCheck + */ + passwordCollisionCheck: false, + /** + * Allow decryption using RSA keys without `encrypt` flag. + * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug + * where key flags were ignored when selecting a key for encryption. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureDecryptionWithSigningKeys: false, + /** + * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. + * Instead, a verification key will also be consider valid as long as it is valid at the current time. + * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, + * and have self-signature's creation date that does not match the primary key creation date. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureVerificationWithReformattedKeys: false, + /** + * Allow using keys that do not have any key flags set. + * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages + * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29). + * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation. + * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm. + */ + allowMissingKeyFlags: false, + /** + * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). + * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: + * - new/incoming messages are automatically decrypted (without user interaction); + * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). + * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. + * @memberof module:config + * @property {Boolean} constantTimePKCS1Decryption + */ + constantTimePKCS1Decryption: false, + /** + * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. + * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. + * However, the more algorithms are added, the slower the decryption procedure becomes. + * @memberof module:config + * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} + */ + constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), + /** + * @memberof module:config + * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error + */ + ignoreUnsupportedPackets: true, + /** + * @memberof module:config + * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error + */ + ignoreMalformedPackets: false, + /** + * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only + * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable + * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). + * @memberof module:config + * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] + */ + additionalAllowedPackets: [], + /** + * @memberof module:config + * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages + */ + showVersion: false, + /** + * @memberof module:config + * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages + */ + showComment: false, + /** + * @memberof module:config + * @property {String} versionString A version string to be included in armored messages + */ + versionString: 'OpenPGP.js 6.0.0', + /** + * @memberof module:config + * @property {String} commentString A comment string to be included in armored messages + */ + commentString: 'https://openpgpjs.org', + + /** + * Max userID string length (used for parsing) + * @memberof module:config + * @property {Integer} maxUserIDLength + */ + maxUserIDLength: 1024 * 5, + /** + * Contains notatations that are considered "known". Known notations do not trigger + * validation error when the notation is marked as critical. + * @memberof module:config + * @property {Array} knownNotations + */ + knownNotations: [], + /** + * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design). + * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur + * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of + * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. + * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. + */ + nonDeterministicSignaturesViaNotation: true, + /** + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. + * When false, certain standard curves will not be supported (depending on the platform). + * @memberof module:config + * @property {Boolean} useEllipticFallback + */ + useEllipticFallback: true, + /** + * Reject insecure hash algorithms + * @memberof module:config + * @property {Set} rejectHashAlgorithms {@link module:enums.hash} + */ + rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), + /** + * Reject insecure message hash algorithms + * @memberof module:config + * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} + */ + rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), + /** + * Reject insecure public key algorithms for key generation and message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} + */ + rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), + /** + * Reject non-standard curves for key generation, message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectCurves {@link module:enums.curve} + */ + rejectCurves: new Set([enums.curve.secp256k1]) + }; + + /** + * @fileoverview This object contains global configuration values. + * @see module:config/config + * @module config + */ + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + const createRequire = () => () => {}; // Must be stripped in browser built + + const debugMode = (() => { + try { return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env } catch (e) {} return false; @@ -2045,6 +1765,8 @@ var openpgp = (function (exports) { return typeof data === 'string' || data instanceof String; }, + nodeRequire: createRequire(), + isArray: function(data) { return data instanceof Array; }, @@ -2053,6 +1775,35 @@ var openpgp = (function (exports) { isStream: isStream, + /** + * Load noble-curves lib on demand and return the requested curve function + * @param {enums.publicKey} publicKeyAlgo + * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA) + * @returns curve implementation + * @throws on unrecognized curve, or curve not implemented by noble-curve + */ + getNobleCurve: async (publicKeyAlgo, curveName) => { + if (!config.useEllipticFallback) { + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } + + const { nobleCurves } = await Promise.resolve().then(function () { return noble_curves; }); + switch (publicKeyAlgo) { + case enums.publicKey.ecdh: + case enums.publicKey.ecdsa: { + const curve = nobleCurves.get(curveName); + if (!curve) throw new Error('Unsupported curve'); + return curve; + } + case enums.publicKey.x448: + return nobleCurves.get('x448'); + case enums.publicKey.ed448: + return nobleCurves.get('ed448'); + default: + throw new Error('Unsupported curve'); + } + }, + readNumber: function (bytes) { let n = 0; for (let i = 0; i < bytes.length; i++) { @@ -2094,7 +1845,26 @@ var openpgp = (function (exports) { readMPI: function (bytes) { const bits = (bytes[0] << 8) | bytes[1]; const bytelen = (bits + 7) >>> 3; - return bytes.subarray(2, 2 + bytelen); + // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures, + // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed + // has not been authenticated (yet). + // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues. + // Also, AEAD is also not affected. + return util.readExactSubarray(bytes, 2, 2 + bytelen); + }, + + /** + * Read exactly `end - start` bytes from input. + * This is a stricter version of `.subarray`. + * @param {Uint8Array} input - Input data to parse + * @returns {Uint8Array} subarray of size always equal to `end - start` + * @throws if the input array is too short. + */ + readExactSubarray: function (input, start, end) { + if (input.length < (end - start)) { + throw new Error('Input array too short'); + } + return input.subarray(start, end); }, /** @@ -2104,6 +1874,9 @@ var openpgp = (function (exports) { * @returns {Uint8Array} Padded bytes. */ leftPad(bytes, length) { + if (bytes.length > length) { + throw new Error('Input array too long'); + } const padded = new Uint8Array(length); const offset = length - bytes.length; padded.set(bytes, offset); @@ -2159,18 +1932,10 @@ var openpgp = (function (exports) { * @returns {String} Hexadecimal representation of the array. */ uint8ArrayToHex: function (bytes) { - const r = []; - const e = bytes.length; - let c = 0; - let h; - while (c < e) { - h = bytes[c++].toString(16); - while (h.length < 2) { - h = '0' + h; - } - r.push('' + h); - } - return r.join(''); + const hexAlphabet = '0123456789abcdef'; + let s = ''; + bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; }); + return s; }, /** @@ -2381,32 +2146,30 @@ var openpgp = (function (exports) { }, /** - * Get native Web Cryptography api, only the current version of the spec. - * @returns {Object} The SubtleCrypto api or 'undefined'. + * Get native Web Cryptography API. + * @returns {Object} The SubtleCrypto API + * @throws if the API is not available */ getWebCrypto: function() { - return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + // Fallback for Node 16, which does not expose WebCrypto as a global + const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle; + if (!webCrypto) { + throw new Error('The WebCrypto API is not available'); + } + return webCrypto; }, - /** - * Get BigInteger class - * It wraps the native BigInt type if it's available - * Otherwise it relies on bn.js - * @returns {BigInteger} - * @async - */ - getBigInteger, - /** * Get native Node.js crypto api. * @returns {Object} The crypto module or 'undefined'. */ getNodeCrypto: function() { - return void('crypto'); + return this.nodeRequire('crypto'); }, getNodeZlib: function() { - return void('zlib'); + return this.nodeRequire('zlib'); }, /** @@ -2415,7 +2178,7 @@ var openpgp = (function (exports) { * @returns {Function} The Buffer constructor or 'undefined'. */ getNodeBuffer: function() { - return ({}).Buffer; + return (this.nodeRequire('buffer') || {}).Buffer; }, getHardwareConcurrency: function() { @@ -2423,15 +2186,24 @@ var openpgp = (function (exports) { return navigator.hardwareConcurrency || 1; } - const os = void('os'); // Assume we're on Node.js. + const os = this.nodeRequire('os'); // Assume we're on Node.js. return os.cpus().length; }, - isEmailAddress: function(data) { + /** + * Test email format to ensure basic compliance: + * - must include a single @ + * - no control or space unicode chars allowed + * - no backslash and square brackets (as the latter can mess with the userID parsing) + * - cannot end with a punctuation char + * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation, + * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)). + */ + isEmailAddress: function(data) { if (!util.isString(data)) { return false; } - const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/; + const re = /^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u; return re.test(data); }, @@ -2634,14 +2406,15 @@ var openpgp = (function (exports) { * provided with the application or distribution. */ - const Buffer = util.getNodeBuffer(); + + const Buffer$2 = util.getNodeBuffer(); let encodeChunk; let decodeChunk; - if (Buffer) { - encodeChunk = buf => Buffer.from(buf).toString('base64'); + if (Buffer$2) { + encodeChunk = buf => Buffer$2.from(buf).toString('base64'); decodeChunk = str => { - const b = Buffer.from(str, 'base64'); + const b = Buffer$2.from(str, 'base64'); return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); }; } else { @@ -2655,7 +2428,7 @@ var openpgp = (function (exports) { * @returns {String | ReadableStream} Radix-64 version of input string. * @static */ - function encode(data) { + function encode$1(data) { let buf = new Uint8Array(); return transform(data, value => { buf = util.concatUint8Array([buf, value]); @@ -2679,7 +2452,7 @@ var openpgp = (function (exports) { * @returns {Uint8Array | ReadableStream} Binary array version of input string. * @static */ - function decode(data) { + function decode$2(data) { let buf = ''; return transform(data, value => { buf += value; @@ -2715,7 +2488,7 @@ var openpgp = (function (exports) { * @returns {Uint8Array} An array of 8-bit integers. */ function b64ToUint8Array(base64) { - return decode(base64.replace(/-/g, '+').replace(/_/g, '/')); + return decode$2(base64.replace(/-/g, '+').replace(/_/g, '/')); } /** @@ -2725,254 +2498,30 @@ var openpgp = (function (exports) { * @returns {String} Base-64 encoded string. */ function uint8ArrayToB64(bytes, url) { - let encoded = encode(bytes).replace(/[\r\n]/g, ''); - if (url) { + let encoded = encode$1(bytes).replace(/[\r\n]/g, ''); + { encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); } return encoded; } // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - var config = { - /** - * @memberof module:config - * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} - */ - preferredHashAlgorithm: enums.hash.sha256, - /** - * @memberof module:config - * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} - */ - preferredSymmetricAlgorithm: enums.symmetric.aes256, - /** - * @memberof module:config - * @property {Integer} compression Default compression algorithm {@link module:enums.compression} - */ - preferredCompressionAlgorithm: enums.compression.uncompressed, - /** - * @memberof module:config - * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9 - */ - deflateLevel: 6, - - /** - * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07} - * @memberof module:config - * @property {Boolean} aeadProtect - */ - aeadProtect: false, - /** - * Default Authenticated Encryption with Additional Data (AEAD) encryption mode - * Only has an effect when aeadProtect is set to true. - * @memberof module:config - * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} - */ - preferredAEADAlgorithm: enums.aead.eax, - /** - * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode - * Only has an effect when aeadProtect is set to true. - * Must be an integer value from 0 to 56. - * @memberof module:config - * @property {Integer} aeadChunkSizeByte - */ - aeadChunkSizeByte: 12, - /** - * Use V5 keys. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @memberof module:config - * @property {Boolean} v5Keys - */ - v5Keys: false, - /** - * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: - * Iteration Count Byte for S2K (String to Key) - * @memberof module:config - * @property {Integer} s2kIterationCountByte - */ - s2kIterationCountByte: 224, - /** - * Allow decryption of messages without integrity protection. - * This is an **insecure** setting: - * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. - * - it enables downgrade attacks against integrity-protected messages. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedMessages - */ - allowUnauthenticatedMessages: false, - /** - * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to - * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible - * and deferring checking their integrity until the decrypted stream has been read in full. - * - * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedStream - */ - allowUnauthenticatedStream: false, - /** - * @memberof module:config - * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum - */ - checksumRequired: false, - /** - * Minimum RSA key size allowed for key generation and message signing, verification and encryption. - * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. - * @memberof module:config - * @property {Number} minRSABits - */ - minRSABits: 2047, - /** - * Work-around for rare GPG decryption bug when encrypting with multiple passwords. - * **Slower and slightly less secure** - * @memberof module:config - * @property {Boolean} passwordCollisionCheck - */ - passwordCollisionCheck: false, - /** - * @memberof module:config - * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored - */ - revocationsExpire: false, - /** - * Allow decryption using RSA keys without `encrypt` flag. - * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug - * where key flags were ignored when selecting a key for encryption. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureDecryptionWithSigningKeys: false, - /** - * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. - * Instead, a verification key will also be consider valid as long as it is valid at the current time. - * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, - * and have self-signature's creation date that does not match the primary key creation date. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureVerificationWithReformattedKeys: false, - - /** - * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). - * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: - * - new/incoming messages are automatically decrypted (without user interaction); - * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). - * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. - * @memberof module:config - * @property {Boolean} constantTimePKCS1Decryption - */ - constantTimePKCS1Decryption: false, - /** - * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. - * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. - * However, the more algorithms are added, the slower the decryption procedure becomes. - * @memberof module:config - * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} - */ - constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), - - /** - * @memberof module:config - * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available - */ - minBytesForWebCrypto: 1000, - /** - * @memberof module:config - * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error - */ - ignoreUnsupportedPackets: true, - /** - * @memberof module:config - * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error - */ - ignoreMalformedPackets: false, - /** - * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only - * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable - * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). - * @memberof module:config - * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] - */ - additionalAllowedPackets: [], - /** - * @memberof module:config - * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages - */ - showVersion: false, - /** - * @memberof module:config - * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages - */ - showComment: false, - /** - * @memberof module:config - * @property {String} versionString A version string to be included in armored messages - */ - versionString: 'OpenPGP.js 5.11.2', - /** - * @memberof module:config - * @property {String} commentString A comment string to be included in armored messages - */ - commentString: 'https://openpgpjs.org', - - /** - * Max userID string length (used for parsing) - * @memberof module:config - * @property {Integer} maxUserIDLength - */ - maxUserIDLength: 1024 * 5, - /** - * Contains notatations that are considered "known". Known notations do not trigger - * validation error when the notation is marked as critical. - * @memberof module:config - * @property {Array} knownNotations - */ - knownNotations: [], - /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. - * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. - * @memberof module:config - * @property {Boolean} useIndutnyElliptic - */ - useIndutnyElliptic: true, - /** - * Reject insecure hash algorithms - * @memberof module:config - * @property {Set} rejectHashAlgorithms {@link module:enums.hash} - */ - rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), - /** - * Reject insecure message hash algorithms - * @memberof module:config - * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} - */ - rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), - /** - * Reject insecure public key algorithms for key generation and message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} - */ - rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), - /** - * Reject non-standard curves for key generation, message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectCurves {@link module:enums.curve} - */ - rejectCurves: new Set([enums.curve.secp256k1]) - }; - - /** - * @fileoverview This object contains global configuration values. - * @see module:config/config - * @module config - */ - - // GPG4Browsers - An OpenPGP implementation in javascript /** * Finds out which Ascii Armoring type is used. Throws error if unknown type. @@ -3000,33 +2549,33 @@ var openpgp = (function (exports) { // parts, and this is the Xth part out of Y. if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { return enums.armor.multipartSection; - } else + } // BEGIN PGP MESSAGE, PART X // Used for multi-part messages, where this is the Xth part of an // unspecified number of parts. Requires the MESSAGE-ID Armor // Header to be used. if (/MESSAGE, PART \d+/.test(header[1])) { return enums.armor.multipartLast; - } else + } // BEGIN PGP SIGNED MESSAGE if (/SIGNED MESSAGE/.test(header[1])) { return enums.armor.signed; - } else + } // BEGIN PGP MESSAGE // Used for signed, encrypted, or compressed files. if (/MESSAGE/.test(header[1])) { return enums.armor.message; - } else + } // BEGIN PGP PUBLIC KEY BLOCK // Used for armoring public keys. if (/PUBLIC KEY BLOCK/.test(header[1])) { return enums.armor.publicKey; - } else + } // BEGIN PGP PRIVATE KEY BLOCK // Used for armoring private keys. if (/PRIVATE KEY BLOCK/.test(header[1])) { return enums.armor.privateKey; - } else + } // BEGIN PGP SIGNATURE // Used for detached signatures, OpenPGP/MIME signatures, and // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE @@ -3060,7 +2609,6 @@ var openpgp = (function (exports) { return result; } - /** * Calculates a checksum over the given data and returns it base64 encoded * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for @@ -3069,7 +2617,7 @@ var openpgp = (function (exports) { */ function getCheckSum(data) { const crc = createcrc24(data); - return encode(crc); + return encode$1(crc); } // https://create.stephan-brumme.com/crc32/#slicing-by-8-overview @@ -3102,7 +2650,7 @@ var openpgp = (function (exports) { } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness - const isLittleEndian = (function() { + const isLittleEndian$1 = (function() { const buffer = new ArrayBuffer(2); new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */); // Int16Array uses the platform's endianness. @@ -3118,7 +2666,7 @@ var openpgp = (function (exports) { function createcrc24(input) { let crc = 0xCE04B7; return transform(input, value => { - const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0; + const len32 = isLittleEndian$1 ? Math.floor(value.length / 4) : 0; const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32); for (let i = 0; i < len32; i++) { crc ^= arr32[i]; @@ -3142,7 +2690,7 @@ var openpgp = (function (exports) { * @private * @param {Array} headers - Armor headers */ - function verifyHeaders(headers) { + function verifyHeaders$1(headers) { for (let i = 0; i < headers.length; i++) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); @@ -3154,24 +2702,21 @@ var openpgp = (function (exports) { } /** - * Splits a message into two parts, the body and the checksum. This is an internal function - * @param {String} text - OpenPGP armored message part - * @returns {Object} An object with attribute "body" containing the body. - * and an attribute "checksum" containing the checksum. + * Remove the (optional) checksum from an armored message. + * @param {String} text - OpenPGP armored message + * @returns {String} The body of the armored message. * @private */ - function splitChecksum(text) { + function removeChecksum(text) { let body = text; - let checksum = ''; const lastEquals = text.lastIndexOf('='); if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum body = text.slice(0, lastEquals); - checksum = text.slice(lastEquals + 1).substr(0, 4); } - return { body: body, checksum: checksum }; + return body; } /** @@ -3183,7 +2728,7 @@ var openpgp = (function (exports) { * @async * @static */ - function unarmor(input, config$1 = config) { + function unarmor(input) { // eslint-disable-next-line no-async-promise-executor return new Promise(async (resolve, reject) => { try { @@ -3196,8 +2741,7 @@ var openpgp = (function (exports) { let headersDone; let text = []; let textDone; - let checksum; - let data = decode(transformPair(input, async (readable, writable) => { + const data = decode$2(transformPair(input, async (readable, writable) => { const reader = getReader(readable); try { while (true) { @@ -3218,21 +2762,21 @@ var openpgp = (function (exports) { if (!reEmptyLine.test(line)) { lastHeaders.push(line); } else { - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); headersDone = true; - if (textDone || type !== 2) { + if (textDone || type !== enums.armor.signed) { resolve({ text, data, headers, type }); break; } } - } else if (!textDone && type === 2) { + } else if (!textDone && type === enums.armor.signed) { if (!reSplit.test(line)) { // Reverse dash-escaping for msg text.push(line.replace(/^- /, '')); } else { text = text.join('\r\n'); textDone = true; - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); lastHeaders = []; headersDone = false; } @@ -3262,9 +2806,8 @@ var openpgp = (function (exports) { if (parts.length === 1) { throw new Error('Misformed armored text'); } - const split = splitChecksum(parts[0].slice(0, -1)); - checksum = split.checksum; - await writer.write(split.body); + const body = removeChecksum(parts[0].slice(0, -1)); + await writer.write(body); break; } } @@ -3274,24 +2817,6 @@ var openpgp = (function (exports) { await writer.abort(e); } })); - data = transformPair(data, async (readable, writable) => { - const checksumVerified = readToEnd(getCheckSum(passiveClone(readable))); - checksumVerified.catch(() => {}); - await pipe(readable, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - const checksumVerifiedString = (await checksumVerified).replace('\n', ''); - if (checksum !== checksumVerifiedString && (checksum || config$1.checksumRequired)) { - throw new Error('Ascii armor integrity check failed'); - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); } catch (e) { reject(e); } @@ -3311,10 +2836,13 @@ var openpgp = (function (exports) { * @param {Integer} [partIndex] * @param {Integer} [partTotal] * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {String | ReadableStream} Armored text. * @static */ - function armor(messageType, body, partIndex, partTotal, customComment, config$1 = config) { + function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config$1 = config) { let text; let hash; if (messageType === enums.armor.signed) { @@ -3322,59 +2850,62 @@ var openpgp = (function (exports) { hash = body.hash; body = body.data; } - const bodyClone = passiveClone(body); + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && passiveClone(body); + const result = []; switch (messageType) { case enums.armor.multipartSection: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); break; case enums.armor.multipartLast: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); break; case enums.armor.signed: result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); - result.push('Hash: ' + hash + '\n\n'); + result.push(hash ? `Hash: ${hash}\n\n` : '\n'); result.push(text.replace(/^-/mg, '- -')); result.push('\n-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; case enums.armor.message: result.push('-----BEGIN PGP MESSAGE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE-----\n'); break; case enums.armor.publicKey: result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); break; case enums.armor.privateKey: result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); break; case enums.armor.signature: result.push('-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; } @@ -3382,40690 +2913,25657 @@ var openpgp = (function (exports) { return util.concat(result); } - // GPG4Browsers - An OpenPGP implementation in javascript + async function getLegacyCipher(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + throw new Error('Not a legacy cipher'); + case enums.symmetric.cast5: + case enums.symmetric.blowfish: + case enums.symmetric.twofish: + case enums.symmetric.tripledes: { + const { legacyCiphers } = await Promise.resolve().then(function () { return legacy_ciphers; }); + const cipher = legacyCiphers.get(algo); + if (!cipher) { + throw new Error('Unsupported cipher algorithm'); + } + return cipher; + } + default: + throw new Error('Unsupported cipher algorithm'); + } + } /** - * Implementation of type key id - * - * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: - * A Key ID is an eight-octet scalar that identifies a key. - * Implementations SHOULD NOT assume that Key IDs are unique. The - * section "Enhanced Key Formats" below describes how Key IDs are - * formed. + * Get block size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ - class KeyID { - constructor() { - this.bytes = ''; - } - - /** - * Parsing method for a key id - * @param {Uint8Array} bytes - Input to read the key id from - */ - read(bytes) { - this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); - return this.bytes.length; - } - - /** - * Serializes the Key ID - * @returns {Uint8Array} Key ID as a Uint8Array. - */ - write() { - return util.stringToUint8Array(this.bytes); - } - - /** - * Returns the Key ID represented as a hexadecimal string - * @returns {String} Key ID as a hexadecimal string. - */ - toHex() { - return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); - } - - /** - * Checks equality of Key ID's - * @param {KeyID} keyID - * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard - */ - equals(keyID, matchWildcard = false) { - return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; - } - - /** - * Checks to see if the Key ID is unset - * @returns {Boolean} True if the Key ID is null. - */ - isNull() { - return this.bytes === ''; - } - - /** - * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) - * @returns {Boolean} True if this is a wildcard Key ID. - */ - isWildcard() { - return /^0+$/.test(this.toHex()); - } - - static mapToHex(keyID) { - return keyID.toHex(); - } - - static fromID(hex) { - const keyID = new KeyID(); - keyID.read(util.hexToUint8Array(hex)); - return keyID; + function getCipherBlockSize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 16; + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + case enums.symmetric.tripledes: + return 8; + default: + throw new Error('Unsupported cipher'); } + } - static wildcard() { - const keyID = new KeyID(); - keyID.read(new Uint8Array(8)); - return keyID; + /** + * Get key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ + function getCipherKeySize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + return 16; + case enums.symmetric.aes192: + case enums.symmetric.tripledes: + return 24; + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 32; + default: + throw new Error('Unsupported cipher'); } } /** - * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}. - * @author Artem S Vybornov - * @license MIT + * Get block and key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ - var AES_asm = function () { - - /** - * Galois Field stuff init flag - */ - var ginit_done = false; + function getCipherParams(algo) { + return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) }; + } - /** - * Galois Field exponentiation and logarithm tables for 3 (the generator) - */ - var gexp3, glog3; + var cipher = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCipherParams: getCipherParams, + getLegacyCipher: getLegacyCipher + }); - /** - * Init Galois Field tables - */ - function ginit() { - gexp3 = [], - glog3 = []; + /** + * A fast MD5 JavaScript implementation + * Copyright (c) 2012 Joseph Myers + * http://www.myersdaily.org/joseph/javascript/md5-text.html + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purposes and without + * fee is hereby granted provided that this copyright notice + * appears in all copies. + * + * Of course, this soft is provided "as is" without express or implied + * warranty of any kind. + */ - var a = 1, c, d; - for (c = 0; c < 255; c++) { - gexp3[c] = a; - // Multiply by three - d = a & 0x80, a <<= 1, a &= 255; - if (d === 0x80) a ^= 0x1b; - a ^= gexp3[c]; + // MD5 Digest + async function md5(entree) { + const digest = md51(util.uint8ArrayToString(entree)); + return util.hexToUint8Array(hex(digest)); + } - // Set the log table value - glog3[gexp3[c]] = c; - } - gexp3[255] = gexp3[0]; - glog3[0] = 0; + function md5cycle(x, k) { + let a = x[0]; + let b = x[1]; + let c = x[2]; + let d = x[3]; - ginit_done = true; - } + a = ff(a, b, c, d, k[0], 7, -680876936); + d = ff(d, a, b, c, k[1], 12, -389564586); + c = ff(c, d, a, b, k[2], 17, 606105819); + b = ff(b, c, d, a, k[3], 22, -1044525330); + a = ff(a, b, c, d, k[4], 7, -176418897); + d = ff(d, a, b, c, k[5], 12, 1200080426); + c = ff(c, d, a, b, k[6], 17, -1473231341); + b = ff(b, c, d, a, k[7], 22, -45705983); + a = ff(a, b, c, d, k[8], 7, 1770035416); + d = ff(d, a, b, c, k[9], 12, -1958414417); + c = ff(c, d, a, b, k[10], 17, -42063); + b = ff(b, c, d, a, k[11], 22, -1990404162); + a = ff(a, b, c, d, k[12], 7, 1804603682); + d = ff(d, a, b, c, k[13], 12, -40341101); + c = ff(c, d, a, b, k[14], 17, -1502002290); + b = ff(b, c, d, a, k[15], 22, 1236535329); - /** - * Galois Field multiplication - * @param {number} a - * @param {number} b - * @return {number} - */ - function gmul(a, b) { - var c = gexp3[(glog3[a] + glog3[b]) % 255]; - if (a === 0 || b === 0) c = 0; - return c; - } + a = gg(a, b, c, d, k[1], 5, -165796510); + d = gg(d, a, b, c, k[6], 9, -1069501632); + c = gg(c, d, a, b, k[11], 14, 643717713); + b = gg(b, c, d, a, k[0], 20, -373897302); + a = gg(a, b, c, d, k[5], 5, -701558691); + d = gg(d, a, b, c, k[10], 9, 38016083); + c = gg(c, d, a, b, k[15], 14, -660478335); + b = gg(b, c, d, a, k[4], 20, -405537848); + a = gg(a, b, c, d, k[9], 5, 568446438); + d = gg(d, a, b, c, k[14], 9, -1019803690); + c = gg(c, d, a, b, k[3], 14, -187363961); + b = gg(b, c, d, a, k[8], 20, 1163531501); + a = gg(a, b, c, d, k[13], 5, -1444681467); + d = gg(d, a, b, c, k[2], 9, -51403784); + c = gg(c, d, a, b, k[7], 14, 1735328473); + b = gg(b, c, d, a, k[12], 20, -1926607734); - /** - * Galois Field reciprocal - * @param {number} a - * @return {number} - */ - function ginv(a) { - var i = gexp3[255 - glog3[a]]; - if (a === 0) i = 0; - return i; - } + a = hh(a, b, c, d, k[5], 4, -378558); + d = hh(d, a, b, c, k[8], 11, -2022574463); + c = hh(c, d, a, b, k[11], 16, 1839030562); + b = hh(b, c, d, a, k[14], 23, -35309556); + a = hh(a, b, c, d, k[1], 4, -1530992060); + d = hh(d, a, b, c, k[4], 11, 1272893353); + c = hh(c, d, a, b, k[7], 16, -155497632); + b = hh(b, c, d, a, k[10], 23, -1094730640); + a = hh(a, b, c, d, k[13], 4, 681279174); + d = hh(d, a, b, c, k[0], 11, -358537222); + c = hh(c, d, a, b, k[3], 16, -722521979); + b = hh(b, c, d, a, k[6], 23, 76029189); + a = hh(a, b, c, d, k[9], 4, -640364487); + d = hh(d, a, b, c, k[12], 11, -421815835); + c = hh(c, d, a, b, k[15], 16, 530742520); + b = hh(b, c, d, a, k[2], 23, -995338651); - /** - * AES stuff init flag - */ - var aes_init_done = false; + a = ii(a, b, c, d, k[0], 6, -198630844); + d = ii(d, a, b, c, k[7], 10, 1126891415); + c = ii(c, d, a, b, k[14], 15, -1416354905); + b = ii(b, c, d, a, k[5], 21, -57434055); + a = ii(a, b, c, d, k[12], 6, 1700485571); + d = ii(d, a, b, c, k[3], 10, -1894986606); + c = ii(c, d, a, b, k[10], 15, -1051523); + b = ii(b, c, d, a, k[1], 21, -2054922799); + a = ii(a, b, c, d, k[8], 6, 1873313359); + d = ii(d, a, b, c, k[15], 10, -30611744); + c = ii(c, d, a, b, k[6], 15, -1560198380); + b = ii(b, c, d, a, k[13], 21, 1309151649); + a = ii(a, b, c, d, k[4], 6, -145523070); + d = ii(d, a, b, c, k[11], 10, -1120210379); + c = ii(c, d, a, b, k[2], 15, 718787259); + b = ii(b, c, d, a, k[9], 21, -343485551); - /** - * Encryption, Decryption, S-Box and KeyTransform tables - * - * @type {number[]} - */ - var aes_sbox; + x[0] = add32(a, x[0]); + x[1] = add32(b, x[1]); + x[2] = add32(c, x[2]); + x[3] = add32(d, x[3]); + } - /** - * @type {number[]} - */ - var aes_sinv; + function cmn(q, a, b, x, s, t) { + a = add32(add32(a, q), add32(x, t)); + return add32((a << s) | (a >>> (32 - s)), b); + } - /** - * @type {number[][]} - */ - var aes_enc; + function ff(a, b, c, d, x, s, t) { + return cmn((b & c) | ((~b) & d), a, b, x, s, t); + } - /** - * @type {number[][]} - */ - var aes_dec; + function gg(a, b, c, d, x, s, t) { + return cmn((b & d) | (c & (~d)), a, b, x, s, t); + } - /** - * Init AES tables - */ - function aes_init() { - if (!ginit_done) ginit(); + function hh(a, b, c, d, x, s, t) { + return cmn(b ^ c ^ d, a, b, x, s, t); + } - // Calculates AES S-Box value - function _s(a) { - var c, s, x; - s = x = ginv(a); - for (c = 0; c < 4; c++) { - s = ((s << 1) | (s >>> 7)) & 255; - x ^= s; - } - x ^= 99; - return x; - } - - // Tables - aes_sbox = [], - aes_sinv = [], - aes_enc = [[], [], [], []], - aes_dec = [[], [], [], []]; - - for (var i = 0; i < 256; i++) { - var s = _s(i); - - // S-Box and its inverse - aes_sbox[i] = s; - aes_sinv[s] = i; - - // Ecryption and Decryption tables - aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s); - aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i); - // Rotate tables - for (var t = 1; t < 4; t++) { - aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24); - aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24); - } - } + function ii(a, b, c, d, x, s, t) { + return cmn(c ^ (b | (~d)), a, b, x, s, t); + } - aes_init_done = true; + function md51(s) { + const n = s.length; + const state = [1732584193, -271733879, -1732584194, 271733878]; + let i; + for (i = 64; i <= s.length; i += 64) { + md5cycle(state, md5blk(s.substring(i - 64, i))); } - - /** - * Asm.js module constructor. - * - *

- * Heap buffer layout by offset: - * 

-     * 0x0000   encryption key schedule
-     * 0x0400   decryption key schedule
-     * 0x0800   sbox
-     * 0x0c00   inv sbox
-     * 0x1000   encryption tables
-     * 0x2000   decryption tables
-     * 0x3000   reserved (future GCM multiplication lookup table)
-     * 0x4000   data
-     *
- * Don't touch anything before 0x400. - *

- * - * @alias AES_asm - * @class - * @param foreign - ignored - * @param buffer - heap buffer to link with - */ - var wrapper = function (foreign, buffer) { - // Init AES stuff for the first time - if (!aes_init_done) aes_init(); - - // Fill up AES tables - var heap = new Uint32Array(buffer); - heap.set(aes_sbox, 0x0800 >> 2); - heap.set(aes_sinv, 0x0c00 >> 2); - for (var i = 0; i < 4; i++) { - heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2); - heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2); + s = s.substring(i - 64); + const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for (i = 0; i < s.length; i++) { + tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + } + tail[i >> 2] |= 0x80 << ((i % 4) << 3); + if (i > 55) { + md5cycle(state, tail); + for (i = 0; i < 16; i++) { + tail[i] = 0; } + } + tail[14] = n * 8; + md5cycle(state, tail); + return state; + } - /** - * Calculate AES key schedules. - * @instance - * @memberof AES_asm - * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly) - * @param {number} k0 - key vector components - * @param {number} k1 - key vector components - * @param {number} k2 - key vector components - * @param {number} k3 - key vector components - * @param {number} k4 - key vector components - * @param {number} k5 - key vector components - * @param {number} k6 - key vector components - * @param {number} k7 - key vector components - */ - function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) { - var ekeys = heap.subarray(0x000, 60), - dkeys = heap.subarray(0x100, 0x100 + 60); - - // Encryption key schedule - ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]); - for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) { - var k = ekeys[i - 1]; - if ((i % ks === 0) || (ks === 8 && i % ks === 4)) { - k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255]; - } - if (i % ks === 0) { - k = (k << 8) ^ (k >>> 24) ^ (rcon << 24); - rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0); - } - ekeys[i] = ekeys[i - ks] ^ k; - } - - // Decryption key schedule - for (var j = 0; j < i; j += 4) { - for (var jj = 0; jj < 4; jj++) { - var k = ekeys[i - (4 + j) + (4 - jj) % 4]; - if (j < 4 || j >= i - 4) { - dkeys[j + jj] = k; - } else { - dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]] - ^ aes_dec[1][aes_sbox[k >>> 16 & 255]] - ^ aes_dec[2][aes_sbox[k >>> 8 & 255]] - ^ aes_dec[3][aes_sbox[k & 255]]; - } - } - } - - // Set rounds number - asm.set_rounds(ks + 5); - } - - // create library object with necessary properties - var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array}; - - var asm = function (stdlib, foreign, buffer) { - "use asm"; - - var S0 = 0, S1 = 0, S2 = 0, S3 = 0, - I0 = 0, I1 = 0, I2 = 0, I3 = 0, - N0 = 0, N1 = 0, N2 = 0, N3 = 0, - M0 = 0, M1 = 0, M2 = 0, M3 = 0, - H0 = 0, H1 = 0, H2 = 0, H3 = 0, - R = 0; - - var HEAP = new stdlib.Uint32Array(buffer), - DATA = new stdlib.Uint8Array(buffer); - - /** - * AES core - * @param {number} k - precomputed key schedule offset - * @param {number} s - precomputed sbox table offset - * @param {number} t - precomputed round table offset - * @param {number} r - number of inner rounds to perform - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _core(k, s, t, r, x0, x1, x2, x3) { - k = k | 0; - s = s | 0; - t = t | 0; - r = r | 0; - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t1 = 0, t2 = 0, t3 = 0, - y0 = 0, y1 = 0, y2 = 0, y3 = 0, - i = 0; - - t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00; - - // round 0 - x0 = x0 ^ HEAP[(k | 0) >> 2], - x1 = x1 ^ HEAP[(k | 4) >> 2], - x2 = x2 ^ HEAP[(k | 8) >> 2], - x3 = x3 ^ HEAP[(k | 12) >> 2]; - - // round 1..r - for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) { - y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - x0 = y0, x1 = y1, x2 = y2, x3 = y3; - } - - // final round - S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - } - - /** - * ECB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - x0, - x1, - x2, - x3 - ); - } - - /** - * ECB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - } - - - /** - * CBC mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0 ^ x0, - I1 ^ x1, - I2 ^ x2, - I3 ^ x3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - } - - /** - * CBC mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - - S0 = S0 ^ I0, - S1 = S1 ^ I1, - S2 = S2 ^ I2, - S3 = S3 ^ I3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * CFB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0 = S0 ^ x0, - I1 = S1 = S1 ^ x1, - I2 = S2 = S2 ^ x2, - I3 = S3 = S3 ^ x3; - } - - - /** - * CFB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * OFB mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ofb(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - } - - /** - * CTR mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ctr(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - N0, - N1, - N2, - N3 - ); - - N3 = (~M3 & N3) | M3 & (N3 + 1); - N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0)); - N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0)); - N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0)); - - S0 = S0 ^ x0; - S1 = S1 ^ x1; - S2 = S2 ^ x2; - S3 = S3 ^ x3; - } - - /** - * GCM mode MAC calculation - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _gcm_mac(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var y0 = 0, y1 = 0, y2 = 0, y3 = 0, - z0 = 0, z1 = 0, z2 = 0, z3 = 0, - i = 0, c = 0; - - x0 = x0 ^ I0, - x1 = x1 ^ I1, - x2 = x2 ^ I2, - x3 = x3 ^ I3; - - y0 = H0 | 0, - y1 = H1 | 0, - y2 = H2 | 0, - y3 = H3 | 0; - - for (; (i | 0) < 128; i = (i + 1) | 0) { - if (y0 >>> 31) { - z0 = z0 ^ x0, - z1 = z1 ^ x1, - z2 = z2 ^ x2, - z3 = z3 ^ x3; - } - - y0 = (y0 << 1) | (y1 >>> 31), - y1 = (y1 << 1) | (y2 >>> 31), - y2 = (y2 << 1) | (y3 >>> 31), - y3 = (y3 << 1); - - c = x3 & 1; - - x3 = (x3 >>> 1) | (x2 << 31), - x2 = (x2 >>> 1) | (x1 << 31), - x1 = (x1 >>> 1) | (x0 << 31), - x0 = (x0 >>> 1); - - if (c) x0 = x0 ^ 0xe1000000; - } - - I0 = z0, - I1 = z1, - I2 = z2, - I3 = z3; - } - - /** - * Set the internal rounds number. - * @instance - * @memberof AES_asm - * @param {number} r - number if inner AES rounds - */ - function set_rounds(r) { - r = r | 0; - R = r; - } - - /** - * Populate the internal state of the module. - * @instance - * @memberof AES_asm - * @param {number} s0 - state vector - * @param {number} s1 - state vector - * @param {number} s2 - state vector - * @param {number} s3 - state vector - */ - function set_state(s0, s1, s2, s3) { - s0 = s0 | 0; - s1 = s1 | 0; - s2 = s2 | 0; - s3 = s3 | 0; - - S0 = s0, - S1 = s1, - S2 = s2, - S3 = s3; - } - - /** - * Populate the internal iv of the module. - * @instance - * @memberof AES_asm - * @param {number} i0 - iv vector - * @param {number} i1 - iv vector - * @param {number} i2 - iv vector - * @param {number} i3 - iv vector - */ - function set_iv(i0, i1, i2, i3) { - i0 = i0 | 0; - i1 = i1 | 0; - i2 = i2 | 0; - i3 = i3 | 0; - - I0 = i0, - I1 = i1, - I2 = i2, - I3 = i3; - } - - /** - * Set nonce for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} n0 - nonce vector - * @param {number} n1 - nonce vector - * @param {number} n2 - nonce vector - * @param {number} n3 - nonce vector - */ - function set_nonce(n0, n1, n2, n3) { - n0 = n0 | 0; - n1 = n1 | 0; - n2 = n2 | 0; - n3 = n3 | 0; - - N0 = n0, - N1 = n1, - N2 = n2, - N3 = n3; - } - - /** - * Set counter mask for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} m0 - counter mask vector - * @param {number} m1 - counter mask vector - * @param {number} m2 - counter mask vector - * @param {number} m3 - counter mask vector - */ - function set_mask(m0, m1, m2, m3) { - m0 = m0 | 0; - m1 = m1 | 0; - m2 = m2 | 0; - m3 = m3 | 0; - - M0 = m0, - M1 = m1, - M2 = m2, - M3 = m3; - } - - /** - * Set counter for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} c0 - counter vector - * @param {number} c1 - counter vector - * @param {number} c2 - counter vector - * @param {number} c3 - counter vector - */ - function set_counter(c0, c1, c2, c3) { - c0 = c0 | 0; - c1 = c1 | 0; - c2 = c2 | 0; - c3 = c3 | 0; - - N3 = (~M3 & N3) | M3 & c3, - N2 = (~M2 & N2) | M2 & c2, - N1 = (~M1 & N1) | M1 & c1, - N0 = (~M0 & N0) | M0 & c0; - } - - /** - * Store the internal state vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_state(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - return 16; - } - - /** - * Store the internal iv vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_iv(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = I0 >>> 24, - DATA[pos | 1] = I0 >>> 16 & 255, - DATA[pos | 2] = I0 >>> 8 & 255, - DATA[pos | 3] = I0 & 255, - DATA[pos | 4] = I1 >>> 24, - DATA[pos | 5] = I1 >>> 16 & 255, - DATA[pos | 6] = I1 >>> 8 & 255, - DATA[pos | 7] = I1 & 255, - DATA[pos | 8] = I2 >>> 24, - DATA[pos | 9] = I2 >>> 16 & 255, - DATA[pos | 10] = I2 >>> 8 & 255, - DATA[pos | 11] = I2 & 255, - DATA[pos | 12] = I3 >>> 24, - DATA[pos | 13] = I3 >>> 16 & 255, - DATA[pos | 14] = I3 >>> 8 & 255, - DATA[pos | 15] = I3 & 255; - - return 16; - } - - /** - * GCM initialization. - * @instance - * @memberof AES_asm - */ - function gcm_init() { - _ecb_enc(0, 0, 0, 0); - H0 = S0, - H1 = S1, - H2 = S2, - H3 = S3; - } - - /** - * Perform ciphering operation on the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function cipher(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; - - var ret = 0; + /* there needs to be support for Unicode here, + * unless we pretend that we can redefine the MD-5 + * algorithm for multi-byte characters (perhaps + * by adding every four 16-bit characters and + * shortening the sum to 32 bits). Otherwise + * I suggest performing MD-5 as if every character + * was two bytes--e.g., 0040 0025 = @%--but then + * how will an ordinary MD-5 sum be matched? + * There is no way to standardize text to something + * like UTF-8 before transformation; speed cost is + * utterly prohibitive. The JavaScript standard + * itself needs to look at this: it should start + * providing access to strings as preformed UTF-8 + * 8-bit unsigned value arrays. + */ + function md5blk(s) { /* I figured global was faster. */ + const md5blks = []; + let i; /* Andy King said do it this way. */ + for (i = 0; i < 64; i += 4) { + md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << + 24); + } + return md5blks; + } - if (pos & 15) return -1; + const hex_chr = '0123456789abcdef'.split(''); - while ((len | 0) >= 16) { - _cipher_modes[mode & 7]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); + function rhex(n) { + let s = ''; + let j = 0; + for (; j < 4; j++) { + s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; + } + return s; + } - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } + function hex(x) { + for (let i = 0; i < x.length; i++) { + x[i] = rhex(x[i]); + } + return x.join(''); + } - return ret | 0; - } + /* this function is much faster, + so if possible we use it. Some IEs + are the only ones I know of that + need the idiotic second function, + generated by an if clause. */ - /** - * Calculates MAC of the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function mac(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; + function add32(a, b) { + return (a + b) & 0xFFFFFFFF; + } - var ret = 0; + /** + * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. + * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} + * @see {@link https://github.com/indutny/hash.js|hash.js} + * @module crypto/hash + */ - if (pos & 15) return -1; - while ((len | 0) >= 16) { - _mac_modes[mode & 1]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); + const webCrypto$a = util.getWebCrypto(); + const nodeCrypto$9 = util.getNodeCrypto(); + const nodeCryptoHashes = nodeCrypto$9 && nodeCrypto$9.getHashes(); - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } + function nodeHash(type) { + if (!nodeCrypto$9 || !nodeCryptoHashes.includes(type)) { + return; + } + return async function (data) { + const shasum = nodeCrypto$9.createHash(type); + return transform(data, value => { + shasum.update(value); + }, () => new Uint8Array(shasum.digest())); + }; + } - return ret | 0; - } + function nobleHash(nobleHashName, webCryptoHashName) { + const getNobleHash = async () => { + const { nobleHashes } = await Promise.resolve().then(function () { return noble_hashes; }); + const hash = nobleHashes.get(nobleHashName); + if (!hash) throw new Error('Unsupported hash'); + return hash; + }; - /** - * AES cipher modes table (virual methods) - */ - var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr]; + return async function(data) { + if (isArrayStream(data)) { + data = await readToEnd(data); + } + if (util.isStream(data)) { + const hash = await getNobleHash(); - /** - * AES MAC modes table (virual methods) - */ - var _mac_modes = [_cbc_enc, _gcm_mac]; + const hashInstance = hash.create(); + return transform(data, value => { + hashInstance.update(value); + }, () => hashInstance.digest()); + } else if (webCrypto$a && webCryptoHashName) { + return new Uint8Array(await webCrypto$a.digest(webCryptoHashName, data)); + } else { + const hash = await getNobleHash(); - /** - * Asm.js module exports - */ - return { - set_rounds: set_rounds, - set_state: set_state, - set_iv: set_iv, - set_nonce: set_nonce, - set_mask: set_mask, - set_counter: set_counter, - get_state: get_state, - get_iv: get_iv, - gcm_init: gcm_init, - cipher: cipher, - mac: mac, - }; - }(stdlib, foreign, buffer); + return hash(data); + } + }; + } - asm.set_key = set_key; + var hash$1 = { - return asm; - }; + /** @see module:md5 */ + md5: nodeHash('md5') || md5, + sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'), + sha224: nodeHash('sha224') || nobleHash('sha224'), + sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'), + sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'), + sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'), + ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'), + sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'), + sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'), /** - * AES enciphering mode constants - * @enum {number} - * @const + * Create a hash on the specified data using the specified algorithm + * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @param {Uint8Array} data - Data to be hashed + * @returns {Promise} Hash value. */ - wrapper.ENC = { - ECB: 0, - CBC: 2, - CFB: 4, - OFB: 6, - CTR: 7, + digest: function(algo, data) { + switch (algo) { + case enums.hash.md5: + return this.md5(data); + case enums.hash.sha1: + return this.sha1(data); + case enums.hash.ripemd: + return this.ripemd(data); + case enums.hash.sha256: + return this.sha256(data); + case enums.hash.sha384: + return this.sha384(data); + case enums.hash.sha512: + return this.sha512(data); + case enums.hash.sha224: + return this.sha224(data); + case enums.hash.sha3_256: + return this.sha3_256(data); + case enums.hash.sha3_512: + return this.sha3_512(data); + default: + throw new Error('Unsupported hash function'); + } }, - /** - * AES deciphering mode constants - * @enum {number} - * @const - */ - wrapper.DEC = { - ECB: 1, - CBC: 3, - CFB: 5, - OFB: 6, - CTR: 7, - }, - - /** - * AES MAC mode constants - * @enum {number} - * @const - */ - wrapper.MAC = { - CBC: 0, - GCM: 1, - }; - /** - * Heap data offset - * @type {number} - * @const + * Returns the hash size in bytes of the specified hash algorithm type + * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @returns {Integer} Size in bytes of the resulting hash. */ - wrapper.HEAP_DATA = 0x4000; - - return wrapper; - }(); - - function is_bytes(a) { - return a instanceof Uint8Array; - } - function _heap_init(heap, heapSize) { - const size = heap ? heap.byteLength : heapSize || 65536; - if (size & 0xfff || size <= 0) - throw new Error('heap size must be a positive integer and a multiple of 4096'); - heap = heap || new Uint8Array(new ArrayBuffer(size)); - return heap; - } - function _heap_write(heap, hpos, data, dpos, dlen) { - const hlen = heap.length - hpos; - const wlen = hlen < dlen ? hlen : dlen; - heap.set(data.subarray(dpos, dpos + wlen), hpos); - return wlen; - } - function joinBytes(...arg) { - const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0); - const ret = new Uint8Array(totalLenght); - let cursor = 0; - for (let i = 0; i < arg.length; i++) { - ret.set(arg[i], cursor); - cursor += arg[i].length; - } - return ret; - } - - class IllegalStateError extends Error { - constructor(...args) { - super(...args); + getHashByteLength: function(algo) { + switch (algo) { + case enums.hash.md5: + return 16; + case enums.hash.sha1: + case enums.hash.ripemd: + return 20; + case enums.hash.sha256: + return 32; + case enums.hash.sha384: + return 48; + case enums.hash.sha512: + return 64; + case enums.hash.sha224: + return 28; + case enums.hash.sha3_256: + return 32; + case enums.hash.sha3_512: + return 64; + default: + throw new Error('Invalid hash algorithm.'); } + } + }; + + function isBytes$2(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); } - class IllegalArgumentError extends Error { - constructor(...args) { - super(...args); - } + function bytes$1(b, ...lengths) { + if (!isBytes$2(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); + } + function exists$1(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); } - class SecurityError extends Error { - constructor(...args) { - super(...args); + function output$1(out, instance) { + bytes$1(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); } } - const heap_pool = []; - const asm_pool = []; - class AES { - constructor(key, iv, padding = true, mode, heap, asm) { - this.pos = 0; - this.len = 0; - this.mode = mode; - // The AES object state - this.pos = 0; - this.len = 0; - this.key = key; - this.iv = iv; - this.padding = padding; - // The AES "worker" - this.acquire_asm(heap, asm); - } - acquire_asm(heap, asm) { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA); - this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer); - this.reset(this.key, this.iv); - } - return { heap: this.heap, asm: this.asm }; + /*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */ + // Cast array to different type + const u8$1 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength); + const u32$2 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); + // Cast array to view + const createView$1 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); + // big-endian hardware is rare. Just in case someone still decides to run ciphers: + // early-throw an error because we don't support BE yet. + const isLE$1 = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; + if (!isLE$1) + throw new Error('Non little-endian hardware is not supported'); + /** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ + function utf8ToBytes$2(str) { + if (typeof str !== 'string') + throw new Error(`string expected, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 + } + /** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ + function toBytes$1(data) { + if (typeof data === 'string') + data = utf8ToBytes$2(data); + else if (isBytes$2(data)) + data = copyBytes(data); + else + throw new Error(`Uint8Array expected, got ${typeof data}`); + return data; + } + /** + * Copies several Uint8Arrays into one. + */ + function concatBytes$2(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes$1(a); + sum += a.length; } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool.push(this.heap); - asm_pool.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - reset(key, iv) { - const { asm } = this.acquire_asm(); - // Key - const keylen = key.length; - if (keylen !== 16 && keylen !== 24 && keylen !== 32) - throw new IllegalArgumentError('illegal key size'); - const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength); - asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0); - // IV - if (iv !== undefined) { - if (iv.length !== 16) - throw new IllegalArgumentError('illegal iv size'); - let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); - asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12)); - } - else { - asm.set_iv(0, 0, 0, 0); - } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; } - AES_Encrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - let result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; + return res; + } + // Compares 2 u8a-s in kinda constant time + function equalBytes$1(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; + } + /** + * @__NO_SIDE_EFFECTS__ + */ + const wrapCipher = (params, c) => { + Object.assign(c, params); + return c; + }; + // Polyfill for Safari 14 + function setBigUint64$1(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = 0; + const l = 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); + } + // Is byte array aligned to 4 byte offset (u32)? + function isAligned32(bytes) { + return bytes.byteOffset % 4 === 0; + } + // copy bytes to new u8a (aligned). Because Buffer.slice is broken. + function copyBytes(bytes) { + return Uint8Array.from(bytes); + } + function clean(...arrays) { + for (let i = 0; i < arrays.length; i++) { + arrays[i].fill(0); + } + } + + // GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV. + // Implemented in terms of GHash with conversion function for keys + // GCM GHASH from NIST SP800-38d, SIV from RFC 8452. + // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf + // GHASH modulo: x^128 + x^7 + x^2 + x + 1 + // POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1 + const BLOCK_SIZE$1 = 16; + // TODO: rewrite + // temporary padding buffer + const ZEROS16 = /* @__PURE__ */ new Uint8Array(16); + const ZEROS32 = u32$2(ZEROS16); + const POLY$1 = 0xe1; // v = 2*v % POLY + // v = 2*v % POLY + // NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x + // We can multiply any number using montgomery ladder and this function (works as double, add is simple xor) + const mul2$1 = (s0, s1, s2, s3) => { + const hiBit = s3 & 1; + return { + s3: (s2 << 31) | (s3 >>> 1), + s2: (s1 << 31) | (s2 >>> 1), + s1: (s0 << 31) | (s1 >>> 1), + s0: (s0 >>> 1) ^ ((POLY$1 << 24) & -(hiBit & 1)), // reduce % poly + }; + }; + const swapLE = (n) => (((n >>> 0) & 0xff) << 24) | + (((n >>> 8) & 0xff) << 16) | + (((n >>> 16) & 0xff) << 8) | + ((n >>> 24) & 0xff) | + 0; + /** + * `mulX_POLYVAL(ByteReverse(H))` from spec + * @param k mutated in place + */ + function _toGHASHKey(k) { + k.reverse(); + const hiBit = k[15] & 1; + // k >>= 1 + let carry = 0; + for (let i = 0; i < k.length; i++) { + const t = k[i]; + k[i] = (t >>> 1) | carry; + carry = (t & 1) << 7; + } + k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000; + return k; + } + const estimateWindow = (bytes) => { + if (bytes > 64 * 1024) + return 8; + if (bytes > 1024) + return 4; + return 2; + }; + class GHASH { + // We select bits per window adaptively based on expectedLength + constructor(key, expectedLength) { + this.blockLen = BLOCK_SIZE$1; + this.outputLen = BLOCK_SIZE$1; + this.s0 = 0; + this.s1 = 0; + this.s2 = 0; + this.s3 = 0; + this.finished = false; + key = toBytes$1(key); + bytes$1(key, 16); + const kView = createView$1(key); + let k0 = kView.getUint32(0, false); + let k1 = kView.getUint32(4, false); + let k2 = kView.getUint32(8, false); + let k3 = kView.getUint32(12, false); + // generate table of doubled keys (half of montgomery ladder) + const doubles = []; + for (let i = 0; i < 128; i++) { + doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) }); + ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2$1(k0, k1, k2, k3)); + } + const W = estimateWindow(expectedLength || 1024); + if (![1, 2, 4, 8].includes(W)) + throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`); + this.W = W; + const bits = 128; // always 128 bits; + const windows = bits / W; + const windowSize = (this.windowSize = 2 ** W); + const items = []; + // Create precompute table for window of W bits + for (let w = 0; w < windows; w++) { + // truth table: 00, 01, 10, 11 + for (let byte = 0; byte < windowSize; byte++) { + // prettier-ignore + let s0 = 0, s1 = 0, s2 = 0, s3 = 0; + for (let j = 0; j < W; j++) { + const bit = (byte >>> (W - j - 1)) & 1; + if (!bit) + continue; + const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j]; + (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3); + } + items.push({ s0, s1, s2, s3 }); } } - this.pos = pos; - this.len = len; - return result; - } - AES_Encrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let plen = 16 - (len % 16); - let rlen = len; - if (this.hasOwnProperty('padding')) { - if (this.padding) { - for (let p = 0; p < plen; ++p) { - heap[pos + len + p] = plen; + this.t = items; + } + _updateBlock(s0, s1, s2, s3) { + (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3); + const { W, t, windowSize } = this; + // prettier-ignore + let o0 = 0, o1 = 0, o2 = 0, o3 = 0; + const mask = (1 << W) - 1; // 2**W will kill performance. + let w = 0; + for (const num of [s0, s1, s2, s3]) { + for (let bytePos = 0; bytePos < 4; bytePos++) { + const byte = (num >>> (8 * bytePos)) & 0xff; + for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) { + const bit = (byte >>> (W * bitPos)) & mask; + const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit]; + (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3); + w += 1; } - len += plen; - rlen = len; - } - else if (len % 16) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); } } - else { - len += plen; + this.s0 = o0; + this.s1 = o1; + this.s2 = o2; + this.s3 = o3; + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + const left = data.length % BLOCK_SIZE$1; + for (let i = 0; i < blocks; i++) { + this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]); + clean(ZEROS32); // clean tmp buffer } - const result = new Uint8Array(rlen); - if (len) - asm.cipher(amode, hpos + pos, len); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - AES_Decrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let plen = 0; - let wlen = 0; - if (this.padding) { - plen = len + dlen - rlen || 16; - rlen -= plen; + return this; + } + destroy() { + const { t } = this; + // clean precompute table + for (const elm of t) { + (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0); + } + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out; + } + digest() { + const res = new Uint8Array(BLOCK_SIZE$1); + this.digestInto(res); + this.destroy(); + return res; + } + } + class Polyval extends GHASH { + constructor(key, expectedLength) { + key = toBytes$1(key); + const ghKey = _toGHASHKey(copyBytes(key)); + super(ghKey, expectedLength); + clean(ghKey); + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const left = data.length % BLOCK_SIZE$1; + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + for (let i = 0; i < blocks; i++) { + this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0])); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0])); + clean(ZEROS32); } - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0)); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; + return this; + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + // tmp ugly hack + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out.reverse(); + } + } + function wrapConstructorWithKey(hashCons) { + const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes$1(msg)).digest(); + const tmp = hashCons(new Uint8Array(16), 0); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (key, expectedLength) => hashCons(key, expectedLength); + return hashC; + } + const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength)); + wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength)); + + // prettier-ignore + /* + AES (Advanced Encryption Standard) aka Rijndael block cipher. + + Data is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round: + 1. **S-box**, table substitution + 2. **Shift rows**, cyclic shift left of all rows of data array + 3. **Mix columns**, multiplying every column by fixed polynomial + 4. **Add round key**, round_key xor i-th column of array + + Resources: + - FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf + - Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf + */ + const BLOCK_SIZE = 16; + const BLOCK_SIZE32 = 4; + const EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE); + const POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8 + // TODO: remove multiplication, binary ops only + function mul2(n) { + return (n << 1) ^ (POLY & -(n >> 7)); + } + function mul(a, b) { + let res = 0; + for (; b > 0; b >>= 1) { + // Montgomery ladder + res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time). + a = mul2(a); // a = 2*a + } + return res; + } + // AES S-box is generated using finite field inversion, + // an affine transform, and xor of a constant 0x63. + const sbox = /* @__PURE__ */ (() => { + const t = new Uint8Array(256); + for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x)) + t[i] = x; + const box = new Uint8Array(256); + box[0] = 0x63; // first elm + for (let i = 0; i < 255; i++) { + let x = t[255 - i]; + x |= x << 8; + box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff; + } + clean(t); + return box; + })(); + // Inverted S-box + const invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j)); + // Rotate u32 by 8 + const rotr32_8 = (n) => (n << 24) | (n >>> 8); + const rotl32_8 = (n) => (n << 8) | (n >>> 24); + // The byte swap operation for uint32 (LE<->BE) + const byteSwap$1 = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); + // T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes: + // - LE instead of BE + // - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23; + // so index is u16, instead of u8. This speeds up things, unexpectedly + function genTtable(sbox, fn) { + if (sbox.length !== 256) + throw new Error('Wrong sbox length'); + const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j])); + const T1 = T0.map(rotl32_8); + const T2 = T1.map(rotl32_8); + const T3 = T2.map(rotl32_8); + const T01 = new Uint32Array(256 * 256); + const T23 = new Uint32Array(256 * 256); + const sbox2 = new Uint16Array(256 * 256); + for (let i = 0; i < 256; i++) { + for (let j = 0; j < 256; j++) { + const idx = i * 256 + j; + T01[idx] = T0[i] ^ T1[j]; + T23[idx] = T2[i] ^ T3[j]; + sbox2[idx] = (sbox[i] << 8) | sbox[j]; + } + } + return { sbox, sbox2, T0, T1, T2, T3, T01, T23 }; + } + const tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2)); + const tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14)); + const xPowers = /* @__PURE__ */ (() => { + const p = new Uint8Array(16); + for (let i = 0, x = 1; i < 16; i++, x = mul2(x)) + p[i] = x; + return p; + })(); + function expandKeyLE(key) { + bytes$1(key); + const len = key.length; + if (![16, 24, 32].includes(len)) + throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`); + const { sbox2 } = tableEncoding; + const toClean = []; + if (!isAligned32(key)) + toClean.push((key = copyBytes(key))); + const k32 = u32$2(key); + const Nk = k32.length; + const subByte = (n) => applySbox(sbox2, n, n, n, n); + const xk = new Uint32Array(len + 28); // expanded key + xk.set(k32); + // 4.3.1 Key expansion + for (let i = Nk; i < xk.length; i++) { + let t = xk[i - 1]; + if (i % Nk === 0) + t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1]; + else if (Nk > 6 && i % Nk === 4) + t = subByte(t); + xk[i] = xk[i - Nk] ^ t; + } + clean(...toClean); + return xk; + } + function expandKeyDecLE(key) { + const encKey = expandKeyLE(key); + const xk = encKey.slice(); + const Nk = encKey.length; + const { sbox2 } = tableEncoding; + const { T0, T1, T2, T3 } = tableDecoding; + // Inverse key by chunks of 4 (rounds) + for (let i = 0; i < Nk; i += 4) { + for (let j = 0; j < 4; j++) + xk[i + j] = encKey[Nk - i - 4 + j]; + } + clean(encKey); + // apply InvMixColumn except first & last round + for (let i = 4; i < Nk - 4; i++) { + const x = xk[i]; + const w = applySbox(sbox2, x, x, x, x); + xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24]; + } + return xk; + } + // Apply tables + function apply0123(T01, T23, s0, s1, s2, s3) { + return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^ + T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]); + } + function applySbox(sbox2, s0, s1, s2, s3) { + return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] | + (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16)); + } + function encrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableEncoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // last round (without mixcolumns, so using SBOX2 table) + const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; + } + // Can't be merged with encrypt: arg positions for apply0123 / applySbox are different + function decrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableDecoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // Last round + const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; + } + function getDst(len, dst) { + if (dst === undefined) + return new Uint8Array(len); + bytes$1(dst); + if (dst.length < len) + throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`); + if (!isAligned32(dst)) + throw new Error('unaligned dst'); + return dst; + } + // TODO: investigate merging with ctr32 + function ctrCounter(xk, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const ctr = nonce; + const c32 = u32$2(ctr); + // Fill block (empty, ctr=0) + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + // Full 128 bit counter with wrap around + let carry = 1; + for (let i = ctr.length - 1; i >= 0; i--) { + carry = (carry + (ctr[i] & 0xff)) | 0; + ctr[i] = carry & 0xff; + carry >>>= 8; + } + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than block) + // It's possible to handle > u32 fast, but is it worth it? + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; + } + // AES CTR with overflowing 32 bit counter + // It's possible to do 32le significantly simpler (and probably faster) by using u32. + // But, we need both, and perf bottleneck is in ghash anyway. + function ctr32(xk, isLE, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + dst = getDst(src.length, dst); + const ctr = nonce; // write new value to nonce, so it can be re-used + const c32 = u32$2(ctr); + const view = createView$1(ctr); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const ctrPos = isLE ? 0 : 12; + const srcLen = src.length; + // Fill block (empty, ctr=0) + let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + ctrNum = (ctrNum + 1) >>> 0; // u32 wrap + view.setUint32(ctrPos, ctrNum, isLE); + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than a block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; + } + /** + * CTR: counter mode. Creates stream cipher. + * Requires good IV. Parallelizable. OK, but no MAC. + */ + const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) { + bytes$1(key); + bytes$1(nonce, BLOCK_SIZE); + function processCtr(buf, dst) { + bytes$1(buf); + if (dst !== undefined) { + bytes$1(dst); + if (!isAligned32(dst)) + throw new Error('unaligned destination'); + } + const xk = expandKeyLE(key); + const n = copyBytes(nonce); // align + avoid changing + const toClean = [xk, n]; + if (!isAligned32(buf)) + toClean.push((buf = copyBytes(buf))); + const out = ctrCounter(xk, n, buf, dst); + clean(...toClean); + return out; + } + return { + encrypt: (plaintext, dst) => processCtr(plaintext, dst), + decrypt: (ciphertext, dst) => processCtr(ciphertext, dst), + }; + }); + function validateBlockDecrypt(data) { + bytes$1(data); + if (data.length % BLOCK_SIZE !== 0) { + throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`); + } + } + function validateBlockEncrypt(plaintext, pcks5, dst) { + bytes$1(plaintext); + let outLen = plaintext.length; + const remaining = outLen % BLOCK_SIZE; + if (!pcks5 && remaining !== 0) + throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding'); + if (!isAligned32(plaintext)) + plaintext = copyBytes(plaintext); + const b = u32$2(plaintext); + if (pcks5) { + let left = BLOCK_SIZE - remaining; + if (!left) + left = BLOCK_SIZE; // if no bytes left, create empty padding block + outLen = outLen + left; + } + const out = getDst(outLen, dst); + const o = u32$2(out); + return { b, o, out }; + } + function validatePCKS(data, pcks5) { + if (!pcks5) + return data; + const len = data.length; + if (!len) + throw new Error('aes/pcks5: empty ciphertext not allowed'); + const lastByte = data[len - 1]; + if (lastByte <= 0 || lastByte > 16) + throw new Error('aes/pcks5: wrong padding'); + const out = data.subarray(0, -lastByte); + for (let i = 0; i < lastByte; i++) + if (data[len - i - 1] !== lastByte) + throw new Error('aes/pcks5: wrong padding'); + return out; + } + function padPCKS(left) { + const tmp = new Uint8Array(16); + const tmp32 = u32$2(tmp); + tmp.set(left); + const paddingByte = BLOCK_SIZE - left.length; + for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++) + tmp[i] = paddingByte; + return tmp32; + } + /** + * CBC: Cipher-Block-Chaining. Key is previous round’s block. + * Fragile: needs proper padding. Unauthenticated: needs MAC. + */ + const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) { + bytes$1(key); + bytes$1(iv, 16); + const pcks5 = !opts.disablePadding; + return { + encrypt(plaintext, dst) { + const xk = expandKeyLE(key); + const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + let i = 0; + for (; i + 4 <= b.length;) { + (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); } - else { - pos = 0; - len = 0; + if (pcks5) { + const tmp32 = padPCKS(plaintext.subarray(i * 4)); + (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + clean(...toClean); + return _out; + }, + decrypt(ciphertext, dst) { + validateBlockDecrypt(ciphertext); + const xk = expandKeyDecLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + const out = getDst(ciphertext.length, dst); + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const b = u32$2(ciphertext); + const o = u32$2(out); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= b.length;) { + // prettier-ignore + const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3; + (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]); + const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt$6(xk, s0, s1, s2, s3); + (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3); } + clean(...toClean); + return validatePCKS(out, pcks5); + }, + }; + }); + /** + * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output. + * Unauthenticated: needs MAC. + */ + const cfb$1 = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) { + bytes$1(key); + bytes$1(iv, 16); + function processCfb(src, isEncrypt, dst) { + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const xk = expandKeyLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + if (!isAligned32(src)) + toClean.push((src = copyBytes(src))); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const next32 = isEncrypt ? dst32 : src32; + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= src32.length;) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt$6(xk, s0, s1, s2, s3); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]); + } + // leftovers (less than block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + const buf = u8$1(new Uint32Array([s0, s1, s2, s3])); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(buf); + } + clean(...toClean); + return dst; + } + return { + encrypt: (plaintext, dst) => processCfb(plaintext, true, dst), + decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst), + }; + }); + // TODO: merge with chacha, however gcm has bitLen while chacha has byteLen + function computeTag(fn, isLE, key, data, AAD) { + const aadLength = AAD == null ? 0 : AAD.length; + const h = fn.create(key, data.length + aadLength); + if (AAD) + h.update(AAD); + h.update(data); + const num = new Uint8Array(16); + const view = createView$1(num); + if (AAD) + setBigUint64$1(view, 0, BigInt(aadLength * 8), isLE); + setBigUint64$1(view, 8, BigInt(data.length * 8), isLE); + h.update(num); + const res = h.digest(); + clean(num); + return res; + } + /** + * GCM: Galois/Counter Mode. + * Modern, parallel version of CTR, with MAC. + * Be careful: MACs can be forged. + * Unsafe to use random nonces under the same key, due to collision chance. + * As for nonce size, prefer 12-byte, instead of 8-byte. + */ + const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) { + bytes$1(key); + bytes$1(nonce); + if (AAD !== undefined) + bytes$1(AAD); + // NIST 800-38d doesn't enforce minimum nonce length. + // We enforce 8 bytes for compat with openssl. + // 12 bytes are recommended. More than 12 bytes would be converted into 12. + if (nonce.length < 8) + throw new Error('aes/gcm: invalid nonce length'); + const tagLength = 16; + function _computeTag(authKey, tagMask, data) { + const tag = computeTag(ghash, false, authKey, data, AAD); + for (let i = 0; i < tagMask.length; i++) + tag[i] ^= tagMask[i]; + return tag; + } + function deriveKeys() { + const xk = expandKeyLE(key); + const authKey = EMPTY_BLOCK.slice(); + const counter = EMPTY_BLOCK.slice(); + ctr32(xk, false, counter, counter, authKey); + // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces + if (nonce.length === 12) { + counter.set(nonce); } - this.pos = pos; - this.len = len; - return result; - } - AES_Decrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let rlen = len; - if (len > 0) { - if (len % 16) { - if (this.hasOwnProperty('padding')) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - else { - len += 16 - (len % 16); + else { + const nonceLen = EMPTY_BLOCK.slice(); + const view = createView$1(nonceLen); + setBigUint64$1(view, 8, BigInt(nonce.length * 8), false); + // ghash(nonce || u64be(0) || u64be(nonceLen*8)) + const g = ghash.create(authKey).update(nonce).update(nonceLen); + g.digestInto(counter); // digestInto doesn't trigger '.destroy' + g.destroy(); + } + const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK); + return { xk, authKey, counter, tagMask }; + } + return { + encrypt(plaintext) { + bytes$1(plaintext); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const out = new Uint8Array(plaintext.length + tagLength); + const toClean = [xk, authKey, counter, tagMask]; + if (!isAligned32(plaintext)) + toClean.push((plaintext = copyBytes(plaintext))); + ctr32(xk, false, counter, plaintext, out); + const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength)); + toClean.push(tag); + out.set(tag, plaintext.length); + clean(...toClean); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + if (ciphertext.length < tagLength) + throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const toClean = [xk, authKey, tagMask, counter]; + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const data = ciphertext.subarray(0, -tagLength); + const passedTag = ciphertext.subarray(-tagLength); + const tag = _computeTag(authKey, tagMask, data); + toClean.push(tag); + if (!equalBytes$1(tag, passedTag)) + throw new Error('aes/gcm: invalid ghash tag'); + const out = ctr32(xk, false, counter, data); + clean(...toClean); + return out; + }, + }; + }); + function isBytes32(a) { + return (a != null && + typeof a === 'object' && + (a instanceof Uint32Array || a.constructor.name === 'Uint32Array')); + } + function encryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_encryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = encrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; + } + function decryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_decryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = decrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; + } + /** + * AES-W (base for AESKW/AESKWP). + * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf), + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/). + */ + const AESW = { + /* + High-level pseudocode: + ``` + A: u64 = IV + out = [] + for (let i=0, ctr = 0; i<6; i++) { + for (const chunk of chunks(plaintext, 8)) { + A ^= swapEndianess(ctr++) + [A, res] = chunks(encrypt(A || chunk), 8); + out ||= res + } + } + out = A || out + ``` + Decrypt is the same, but reversed. + */ + encrypt(kek, out) { + // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints. + // If you need it larger, open an issue. + if (out.length >= 2 ** 32) + throw new Error('plaintext should be less than 4gb'); + const xk = expandKeyLE(kek); + if (out.length === 16) + encryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = 1; j < 6; j++) { + for (let pos = 2; pos < o32.length; pos += 2, ctr++) { + const { s0, s1, s2, s3 } = encrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + // A = MSB(64, B) ^ t where t = (n*j)+i + (a0 = s0), (a1 = s1 ^ byteSwap$1(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3); } } - asm.cipher(amode, hpos + pos, len); - if (this.hasOwnProperty('padding') && this.padding) { - let pad = heap[pos + rlen - 1]; - if (pad < 1 || pad > 16 || pad > rlen) - throw new SecurityError('bad padding'); - let pcheck = 0; - for (let i = pad; i > 1; i--) - pcheck |= pad ^ heap[pos + rlen - i]; - if (pcheck) - throw new SecurityError('bad padding'); - rlen -= pad; - } + (o32[0] = a0), (o32[1] = a1); // out = A || out } - const result = new Uint8Array(rlen); - if (rlen > 0) { - result.set(heap.subarray(pos, pos + rlen)); + xk.fill(0); + }, + decrypt(kek, out) { + if (out.length - 8 >= 2 ** 32) + throw new Error('ciphertext should be less than 4gb'); + const xk = expandKeyDecLE(kek); + const chunks = out.length / 8 - 1; // first chunk is IV + if (chunks === 1) + decryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = chunks * 6; j < 6; j++) { + for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) { + a1 ^= byteSwap$1(ctr); + const { s0, s1, s2, s3 } = decrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); } - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - } + xk.fill(0); + }, + }; + const AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6 + /** + * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times. + * Reduces block size from 16 to 8 bytes. + * For padded version, use aeskwp. + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + */ + const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({ + encrypt(plaintext) { + bytes$1(plaintext); + if (!plaintext.length || plaintext.length % 8 !== 0) + throw new Error('invalid plaintext length'); + if (plaintext.length === 8) + throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead'); + const out = concatBytes$2(AESKW_IV, plaintext); + AESW.encrypt(kek, out); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + // ciphertext must be at least 24 bytes and a multiple of 8 bytes + // 24 because should have at least two block (1 iv + 2). + // Replace with 16 to enable '8-byte keys' + if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8) + throw new Error('invalid ciphertext length'); + const out = copyBytes(ciphertext); + AESW.decrypt(kek, out); + if (!equalBytes$1(out.subarray(0, 8), AESKW_IV)) + throw new Error('integrity check failed'); + out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway + return out.subarray(8); + }, + })); + // Private, unsafe low-level methods. Can change at any time. + const unsafe = { + expandKeyLE, + expandKeyDecLE, + encrypt: encrypt$6, + decrypt: decrypt$6, + encryptBlock, + decryptBlock, + ctrCounter, + ctr32, + }; - class AES_ECB { - static encrypt(data, key, padding = false) { - return new AES_ECB(key, padding).encrypt(data); - } - static decrypt(data, key, padding = false) { - return new AES_ECB(key, padding).decrypt(data); - } - constructor(key, padding = false, aes) { - this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); + // Modified by ProtonTech AG + + + const webCrypto$9 = util.getWebCrypto(); + const nodeCrypto$8 = util.getNodeCrypto(); + + const knownAlgos = nodeCrypto$8 ? nodeCrypto$8.getCiphers() : []; + const nodeAlgos = { + idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ + tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, + cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, + blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, + aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, + aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, + aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined + /* twofish is not implemented in OpenSSL */ + }; + + /** + * CFB encryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} plaintext + * @param {Uint8Array} iv + * @param {Object} config - full configuration, defaults to openpgp.config + * @returns MaybeStream + */ + async function encrypt$5(algo, key, plaintext, iv, config) { + const algoName = enums.read(enums.symmetric, algo); + if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. + return nodeEncrypt$1(algo, key, plaintext, iv); + } + if (util.isAES(algo)) { + return aesEncrypt(algo, key, plaintext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; + + const blockc = iv.slice(); + let pt = new Uint8Array(); + const process = chunk => { + if (chunk) { + pt = util.concatUint8Array([pt, chunk]); } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); + const ciphertext = new Uint8Array(pt.length); + let i; + let j = 0; + while (chunk ? pt.length >= block_size : pt.length) { + const encblock = cipherfn.encrypt(blockc); + for (i = 0; i < block_size; i++) { + blockc[i] = pt[i] ^ encblock[i]; + ciphertext[j++] = blockc[i]; + } + pt = pt.subarray(block_size); } + return ciphertext.subarray(0, j); + }; + return transform(plaintext, process, process); } /** - * Javascript AES implementation. - * This is used as fallback if the native Crypto APIs are not available. + * CFB decryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} ciphertext + * @param {Uint8Array} iv + * @returns MaybeStream */ - function aes(length) { - const C = function(key) { - const aesECB = new AES_ECB(key); + async function decrypt$5(algo, key, ciphertext, iv) { + const algoName = enums.read(enums.symmetric, algo); + if (nodeCrypto$8 && nodeAlgos[algoName]) { // Node crypto library. + return nodeDecrypt$1(algo, key, ciphertext, iv); + } + if (util.isAES(algo)) { + return aesDecrypt(algo, key, ciphertext, iv); + } - this.encrypt = function(block) { - return aesECB.encrypt(block); - }; + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; - this.decrypt = function(block) { - return aesECB.decrypt(block); - }; + let blockp = iv; + let ct = new Uint8Array(); + const process = chunk => { + if (chunk) { + ct = util.concatUint8Array([ct, chunk]); + } + const plaintext = new Uint8Array(ct.length); + let i; + let j = 0; + while (chunk ? ct.length >= block_size : ct.length) { + const decblock = cipherfn.encrypt(blockp); + blockp = ct.subarray(0, block_size); + for (i = 0; i < block_size; i++) { + plaintext[j++] = blockp[i] ^ decblock[i]; + } + ct = ct.subarray(block_size); + } + return plaintext.subarray(0, j); }; + return transform(ciphertext, process, process); + } - C.blockSize = C.prototype.blockSize = 16; - C.keySize = C.prototype.keySize = length / 8; + class WebCryptoEncryptor { + constructor(algo, key, iv) { + const { blockSize } = getCipherParams(algo); + this.key = key; + this.prevBlock = iv; + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + this.zeroBlock = new Uint8Array(this.blockSize); + } - return C; - } + static async isSupported(algo) { + const { keySize } = getCipherParams(algo); + return webCrypto$9.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt']) + .then(() => true, () => false); + } - //Paul Tero, July 2001 - //http://www.tero.co.uk/des/ - // - //Optimised for performance with large blocks by Michael Hayworth, November 2001 - //http://www.netdealing.com - // - // Modified by Recurity Labs GmbH + async _runCBC(plaintext, nonZeroIV) { + const mode = 'AES-CBC'; + this.keyRef = this.keyRef || await webCrypto$9.importKey('raw', this.key, mode, false, ['encrypt']); + const ciphertext = await webCrypto$9.encrypt( + { name: mode, iv: nonZeroIV || this.zeroBlock }, + this.keyRef, + plaintext + ); + return new Uint8Array(ciphertext).subarray(0, plaintext.length); + } + + async encryptChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const plaintext = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + const toEncrypt = util.concatUint8Array([ + this.prevBlock, + plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block "early", since we only need to xor the plaintext and pass it over as prevBlock + ]); - //THIS SOFTWARE IS PROVIDED "AS IS" AND - //ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - //IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - //ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - //FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - //DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - //OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - //HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - //LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - //OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - //SUCH DAMAGE. + const encryptedBlocks = await this._runCBC(toEncrypt); + xorMut$1(encryptedBlocks, plaintext); + this.prevBlock = encryptedBlocks.slice(-this.blockSize); - //des - //this takes the key, the message, and whether to encrypt or decrypt + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - function des(keys, message, encrypt, mode, iv, padding) { - //declaring this locally speeds things up a bit - const spfunction1 = [ - 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, - 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, - 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, - 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, - 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, - 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 - ]; - const spfunction2 = [ - -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, - 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - -0x7fef7fe0, 0x108000 - ]; - const spfunction3 = [ - 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, - 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, - 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, - 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, - 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, - 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 - ]; - const spfunction4 = [ - 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, - 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, - 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, - 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, - 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 - ]; - const spfunction5 = [ - 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, - 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, - 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, - 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, - 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, - 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, - 0x40080000, 0x2080100, 0x40000100 - ]; - const spfunction6 = [ - 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, - 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, - 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, - 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, - 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, - 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 - ]; - const spfunction7 = [ - 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, - 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, - 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, - 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, - 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, - 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 - ]; - const spfunction8 = [ - 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, - 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, - 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, - 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, - 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 - ]; + return encryptedBlocks; + } - //create the 16 or 48 subkeys we will need - let m = 0; - let i; - let j; - let temp; - let right1; - let right2; - let left; - let right; - let looping; - let cbcleft; - let cbcleft2; - let cbcright; - let cbcright2; - let endloop; - let loopinc; - let len = message.length; + this.i += added.length; + let encryptedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + const curBlock = this.nextBlock; + encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + this.prevBlock = encryptedBlock.slice(); + this.i = 0; - //set up the loops for single and triple des - const iterations = keys.length === 32 ? 3 : 9; //single or triple des - if (iterations === 3) { - looping = encrypt ? [0, 32, 2] : [30, -2, -2]; - } else { - looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + encryptedBlock = new Uint8Array(); + } + + return encryptedBlock; } - //pad the message depending on the padding parameter - //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt - if (encrypt) { - message = desAddPadding(message, padding); - len = message.length; + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + this.nextBlock = this.nextBlock.subarray(0, this.i); + const curBlock = this.nextBlock; + const encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + result = encryptedBlock.subarray(0, curBlock.length); + } + + this.clearSensitiveData(); + return result; } - //store the result here - let result = new Uint8Array(len); - let k = 0; + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.keyRef = null; + this.key = null; + } - if (mode === 1) { //CBC mode - cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - m = 0; + async encrypt(plaintext) { + // plaintext is internally padded to block length before encryption + const encryptedWithPadding = await this._runCBC( + util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]), + this.iv + ); + // drop encrypted padding + const ct = encryptedWithPadding.subarray(0, plaintext.length); + xorMut$1(ct, plaintext); + this.clearSensitiveData(); + return ct; } + } - //loop through each 64 bit chunk of the message - while (m < len) { - left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + class NobleStreamProcessor { + constructor(forEncryption, algo, key, iv) { + this.forEncryption = forEncryption; + const { blockSize } = getCipherParams(algo); + this.key = unsafe.expandKeyLE(key); - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - left ^= cbcleft; - right ^= cbcright; - } else { - cbcleft2 = cbcleft; - cbcright2 = cbcright; - cbcleft = left; - cbcright = right; - } + if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers + this.prevBlock = getUint32Array(iv); + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + } + + _runCFB(src) { + const src32 = getUint32Array(src); + const dst = new Uint8Array(src.length); + const dst32 = getUint32Array(dst); + for (let i = 0; i + 4 <= dst32.length; i += 4) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = unsafe.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4); } + return dst; + } - //first each 64 but chunk of the message must be permuted according to IP - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); + async processChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); - left = ((left << 1) | (left >>> 31)); - right = ((right << 1) | (right >>> 31)); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const toProcess = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); - //do this either 1 or 3 times for each chunk of the message - for (j = 0; j < iterations; j += 3) { - endloop = looping[j + 1]; - loopinc = looping[j + 2]; - //now go through and perform the encryption or decryption - for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency - right1 = right ^ keys[i]; - right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; - //the result is attained by passing these bytes through the S selection functions - temp = left; - left = right; - right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> - 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & - 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); - } - temp = left; - left = right; - right = temp; //unreverse left and right - } //for either 1 or 3 iterations + const processedBlocks = this._runCFB(toProcess); - //move then each one bit to the right - left = ((left >>> 1) | (left << 31)); - right = ((right >>> 1) | (right << 31)); + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - //now perform IP-1, which is IP in the opposite direction - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); + return processedBlocks; + } - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - cbcleft = left; - cbcright = right; - } else { - left ^= cbcleft2; - right ^= cbcright2; - } + this.i += added.length; + + let processedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + processedBlock = this._runCFB(this.nextBlock); + this.i = 0; + + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + processedBlock = new Uint8Array(); } - result[k++] = (left >>> 24); - result[k++] = ((left >>> 16) & 0xff); - result[k++] = ((left >>> 8) & 0xff); - result[k++] = (left & 0xff); - result[k++] = (right >>> 24); - result[k++] = ((right >>> 16) & 0xff); - result[k++] = ((right >>> 8) & 0xff); - result[k++] = (right & 0xff); - } //for every 8 characters, or 64 bits in the message + return processedBlock; + } - //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt - if (!encrypt) { - result = desRemovePadding(result, padding); + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + const processedBlock = this._runCFB(this.nextBlock); + + result = processedBlock.subarray(0, this.i); + } + + this.clearSensitiveData(); + return result; } - return result; - } //end of des + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.key.fill(0); + } + } - //desCreateKeys - //this takes as input a 64 bit key (even though only 56 bits are used) - //as an array of 2 integers, and returns 16 48 bit keys + async function aesEncrypt(algo, key, pt, iv) { + if (webCrypto$9 && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys + const cfb = new WebCryptoEncryptor(algo, key, iv); + return util.isStream(pt) ? transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt); + } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream + const cfb = new NobleStreamProcessor(true, algo, key, iv); + return transform(pt, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).encrypt(pt); + } - function desCreateKeys(key) { - //declaring this locally speeds things up a bit - const pc2bytes0 = [ - 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, - 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 - ]; - const pc2bytes1 = [ - 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, - 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 - ]; - const pc2bytes2 = [ - 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, - 0x1000000, 0x1000008, 0x1000800, 0x1000808 - ]; - const pc2bytes3 = [ - 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, - 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 - ]; - const pc2bytes4 = [ - 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, - 0x41000, 0x1010, 0x41010 - ]; - const pc2bytes5 = [ - 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, - 0x2000000, 0x2000400, 0x2000020, 0x2000420 - ]; - const pc2bytes6 = [ - 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, - 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 - ]; - const pc2bytes7 = [ - 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, - 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 - ]; - const pc2bytes8 = [ - 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, - 0x2000002, 0x2040002, 0x2000002, 0x2040002 - ]; - const pc2bytes9 = [ - 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, - 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 - ]; - const pc2bytes10 = [ - 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, - 0x102000, 0x102020, 0x102000, 0x102020 - ]; - const pc2bytes11 = [ - 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, - 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 - ]; - const pc2bytes12 = [ - 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, - 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 - ]; - const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; + async function aesDecrypt(algo, key, ct, iv) { + if (util.isStream(ct)) { + const cfb = new NobleStreamProcessor(false, algo, key, iv); + return transform(ct, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).decrypt(ct); + } - //how many iterations (1 for des, 3 for triple des) - const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys - //stores the return keys - const keys = new Array(32 * iterations); - //now define the left shifts which need to be done - const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - //other variables - let lefttemp; - let righttemp; - let m = 0; - let n = 0; - let temp; + function xorMut$1(a, b) { + const aLength = Math.min(a.length, b.length); + for (let i = 0; i < aLength; i++) { + a[i] = a[i] ^ b[i]; + } + } - for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations - let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 2) ^ right) & 0x33333333; - right ^= temp; - left ^= (temp << 2); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); + function nodeEncrypt$1(algo, key, pt, iv) { + const algoName = enums.read(enums.symmetric, algo); + const cipherObj = new nodeCrypto$8.createCipheriv(nodeAlgos[algoName], key, iv); + return transform(pt, value => new Uint8Array(cipherObj.update(value))); + } - //the right side needs to be shifted and to get the last four bits of the left side - temp = (left << 8) | ((right >>> 20) & 0x000000f0); - //left needs to be put upside down - left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); - right = temp; + function nodeDecrypt$1(algo, key, ct, iv) { + const algoName = enums.read(enums.symmetric, algo); + const decipherObj = new nodeCrypto$8.createDecipheriv(nodeAlgos[algoName], key, iv); + return transform(ct, value => new Uint8Array(decipherObj.update(value))); + } - //now go through and perform these shifts on the left and right keys - for (let i = 0; i < shifts.length; i++) { - //shift the keys either one or two bits to the left - if (shifts[i]) { - left = (left << 2) | (left >>> 26); - right = (right << 2) | (right >>> 26); - } else { - left = (left << 1) | (left >>> 27); - right = (right << 1) | (right >>> 27); - } - left &= -0xf; - right &= -0xf; + var cfb = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$5, + encrypt: encrypt$5 + }); - //now apply PC-2, in such a way that E is easier when encrypting or decrypting - //this conversion will look like PC-2 except only the last 6 bits of each byte are used - //rather than 48 consecutive bits and the order of lines will be according to - //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 - lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( - left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & - 0xf]; - righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | - pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | - pc2bytes13[(right >>> 4) & 0xf]; - temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; - keys[n++] = lefttemp ^ temp; - keys[n++] = righttemp ^ (temp << 16); - } - } //for each iterations - //return the keys we've created - return keys; - } //end of desCreateKeys + /** + * @fileoverview This module implements AES-CMAC on top of + * native AES-CBC using either the WebCrypto API or Node.js' crypto API. + * @module crypto/cmac + */ - function desAddPadding(message, padding) { - const padLength = 8 - (message.length % 8); + const webCrypto$8 = util.getWebCrypto(); + const nodeCrypto$7 = util.getNodeCrypto(); - let pad; - if (padding === 2 && (padLength < 8)) { //pad the message with spaces - pad = ' '.charCodeAt(0); - } else if (padding === 1) { //PKCS7 padding - pad = padLength; - } else if (!padding && (padLength < 8)) { //pad the message out with null bytes - pad = 0; - } else if (padLength === 8) { - return message; - } else { - throw new Error('des: invalid padding'); - } - const paddedMessage = new Uint8Array(message.length + padLength); - for (let i = 0; i < message.length; i++) { - paddedMessage[i] = message[i]; - } - for (let j = 0; j < padLength; j++) { - paddedMessage[message.length + j] = pad; - } + /** + * This implementation of CMAC is based on the description of OMAC in + * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that + * document: + * + * We have made a small modification to the OMAC algorithm as it was + * originally presented, changing one of its two constants. + * Specifically, the constant 4 at line 85 was the constant 1/2 (the + * multiplicative inverse of 2) in the original definition of OMAC [14]. + * The OMAC authors indicate that they will promulgate this modification + * [15], which slightly simplifies implementations. + */ - return paddedMessage; - } + const blockLength$3 = 16; - function desRemovePadding(message, padding) { - let padLength = null; - let pad; - if (padding === 2) { // space padded - pad = ' '.charCodeAt(0); - } else if (padding === 1) { // PKCS7 - padLength = message[message.length - 1]; - } else if (!padding) { // null padding - pad = 0; - } else { - throw new Error('des: invalid padding'); - } - if (!padLength) { - padLength = 1; - while (message[message.length - padLength] === pad) { - padLength++; - } - padLength--; + /** + * xor `padding` into the end of `data`. This function implements "the + * operation xor→ [which] xors the shorter string into the end of longer + * one". Since data is always as least as long as padding, we can + * simplify the implementation. + * @param {Uint8Array} data + * @param {Uint8Array} padding + */ + function rightXORMut(data, padding) { + const offset = data.length - blockLength$3; + for (let i = 0; i < blockLength$3; i++) { + data[i + offset] ^= padding[i]; } + return data; + } - return message.subarray(0, message.length - padLength); + function pad(data, padding, padding2) { + // if |M| in {n, 2n, 3n, ...} + if (data.length && data.length % blockLength$3 === 0) { + // then return M xor→ B, + return rightXORMut(data, padding); + } + // else return (M || 10^(n−1−(|M| mod n))) xor→ P + const padded = new Uint8Array(data.length + (blockLength$3 - (data.length % blockLength$3))); + padded.set(data); + padded[data.length] = 0b10000000; + return rightXORMut(padded, padding2); } - // added by Recurity Labs + const zeroBlock$1 = new Uint8Array(blockLength$3); - function TripleDES(key) { - this.key = []; + async function CMAC(key) { + const cbc = await CBC(key); - for (let i = 0; i < 3; i++) { - this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); - } + // L ← E_K(0^n); B ← 2L; P ← 4L + const padding = util.double(await cbc(zeroBlock$1)); + const padding2 = util.double(padding); - this.encrypt = function(block) { - return des( - desCreateKeys(this.key[2]), - des( - desCreateKeys(this.key[1]), - des( - desCreateKeys(this.key[0]), - block, true, 0, null, null - ), - false, 0, null, null - ), true, 0, null, null - ); + return async function(data) { + // return CBC_K(pad(M; B, P)) + return (await cbc(pad(data, padding, padding2))).subarray(-blockLength$3); }; } - TripleDES.keySize = TripleDES.prototype.keySize = 24; - TripleDES.blockSize = TripleDES.prototype.blockSize = 8; - - // This is "original" DES - - function DES(key) { - this.key = key; + async function CBC(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt) { + const en = new nodeCrypto$7.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock$1); + const ct = en.update(pt); + return new Uint8Array(ct); + }; + } - this.encrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, true, 0, null, padding); - }; + if (util.getWebCrypto()) { + try { + key = await webCrypto$8.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); + return async function(pt) { + const ct = await webCrypto$8.encrypt({ name: 'AES-CBC', iv: zeroBlock$1, length: blockLength$3 * 8 }, key, pt); + return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength$3); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - this.decrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, false, 0, null, padding); + return async function(pt) { + return cbc(key, zeroBlock$1, { disablePadding: true }).encrypt(pt); }; } - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - - // Copyright 2010 pjacobs@xeekr.com . All rights reserved. - - // Modified by Recurity Labs GmbH + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2018 ProtonTech AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // fixed/modified by Herbert Hanewinkel, www.haneWIN.de - // check www.haneWIN.de for the latest version - // cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. - // CAST-128 is a common OpenPGP cipher. + const webCrypto$7 = util.getWebCrypto(); + const nodeCrypto$6 = util.getNodeCrypto(); + const Buffer$1 = util.getNodeBuffer(); - // CAST5 constructor + const blockLength$2 = 16; + const ivLength$2 = blockLength$2; + const tagLength$2 = blockLength$2; - function OpenPGPSymEncCAST5() { - this.BlockSize = 8; - this.KeySize = 16; + const zero = new Uint8Array(blockLength$2); + const one$1 = new Uint8Array(blockLength$2); one$1[blockLength$2 - 1] = 1; + const two = new Uint8Array(blockLength$2); two[blockLength$2 - 1] = 2; - this.setKey = function(key) { - this.masking = new Array(16); - this.rotate = new Array(16); + async function OMAC(key) { + const cmac = await CMAC(key); + return function(t, message) { + return cmac(util.concatUint8Array([t, message])); + }; + } - this.reset(); + async function CTR(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt, iv) { + const en = new nodeCrypto$6.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); + const ct = Buffer$1.concat([en.update(pt), en.final()]); + return new Uint8Array(ct); + }; + } - if (key.length === this.KeySize) { - this.keySchedule(key); - } else { - throw new Error('CAST-128: keys must be 16 bytes'); + if (util.getWebCrypto()) { + try { + const keyRef = await webCrypto$7.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); + return async function(pt, iv) { + const ct = await webCrypto$7.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$2 * 8 }, keyRef, pt); + return new Uint8Array(ct); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); } - return true; + } + + return async function(pt, iv) { + return ctr(key, iv).encrypt(pt); }; + } - this.reset = function() { - for (let i = 0; i < 16; i++) { - this.masking[i] = 0; - this.rotate[i] = 0; + + /** + * Class to en/decrypt using EAX mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ + async function EAX(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('EAX mode supports only AES cipher'); + } + + const [ + omac, + ctr + ] = await Promise.all([ + OMAC(key), + CTR(key) + ]); + + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + const [ + omacNonce, + omacAdata + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata) + ]); + const ciphered = await ctr(plaintext, omacNonce); + const omacCiphered = await omac(two, ciphered); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + return util.concatUint8Array([ciphered, tag]); + }, + + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to verify + * @returns {Promise} The plaintext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$2) throw new Error('Invalid EAX ciphertext'); + const ciphered = ciphertext.subarray(0, -tagLength$2); + const ctTag = ciphertext.subarray(-tagLength$2); + const [ + omacNonce, + omacAdata, + omacCiphered + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata), + omac(two, ciphered) + ]); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); + const plaintext = await ctr(ciphered, omacNonce); + return plaintext; } }; + } - this.getBlockSize = function() { - return this.BlockSize; - }; - this.encrypt = function(src) { - const dst = new Array(src.length); + /** + * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. + * @param {Uint8Array} iv - The initialization vector (16 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ + EAX.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[8 + i] ^= chunkIndex[i]; + } + return nonce; + }; - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; + EAX.blockLength = blockLength$2; + EAX.ivLength = ivLength$2; + EAX.tagLength = tagLength$2; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2018 ProtonTech AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; + const blockLength$1 = 16; + const ivLength$1 = 15; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: + // While OCB [RFC7253] allows the authentication tag length to be of any + // number up to 128 bits long, this document requires a fixed + // authentication tag length of 128 bits (16 octets) for simplicity. + const tagLength$1 = 16; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >>> 16) & 255; - dst[i + 6] = (l >>> 8) & 255; - dst[i + 7] = l & 255; - } - return dst; - }; + function ntz(n) { + let ntz = 0; + for (let i = 1; (n & i) === 0; i <<= 1) { + ntz++; + } + return ntz; + } - this.decrypt = function(src) { - const dst = new Array(src.length); + function xorMut(S, T) { + for (let i = 0; i < S.length; i++) { + S[i] ^= T[i]; + } + return S; + } - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; + function xor(S, T) { + return xorMut(S.slice(), T); + } - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; + const zeroBlock = new Uint8Array(blockLength$1); + const one = new Uint8Array([1]); - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; + /** + * Class to en/decrypt using OCB mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ + async function OCB(cipher, key) { + const { keySize } = getCipherParams(cipher); + // sanity checks + if (!util.isAES(cipher) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; + let maxNtz = 0; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; + // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls, + // hence its execution cannot be broken up. + // As a result, WebCrypto cannot currently be used for `encipher`. + const aes = cbc(key, zeroBlock, { disablePadding: true }); + const encipher = block => aes.encrypt(block); + const decipher = block => aes.decrypt(block); + let mask; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >> 16) & 255; - dst[i + 6] = (l >> 8) & 255; - dst[i + 7] = l & 255; - } + constructKeyVariables(); - return dst; - }; - const scheduleA = new Array(4); + function constructKeyVariables() { + const mask_x = encipher(zeroBlock); + const mask_$ = util.double(mask_x); + mask = []; + mask[0] = util.double(mask_$); - scheduleA[0] = new Array(4); - scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; - scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - scheduleA[1] = new Array(4); - scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + mask.x = mask_x; + mask.$ = mask_$; + } - scheduleA[2] = new Array(4); - scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; - scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + function extendKeyVariables(text, adata) { + const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$1 | 0) - 1; + for (let i = maxNtz + 1; i <= newMaxNtz; i++) { + mask[i] = util.double(mask[i - 1]); + } + maxNtz = newMaxNtz; + } + function hash(adata) { + if (!adata.length) { + // Fast path + return zeroBlock; + } - scheduleA[3] = new Array(4); - scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + // + // Consider A as a sequence of 128-bit blocks + // + const m = adata.length / blockLength$1 | 0; - const scheduleB = new Array(4); + const offset = new Uint8Array(blockLength$1); + const sum = new Uint8Array(blockLength$1); + for (let i = 0; i < m; i++) { + xorMut(offset, mask[ntz(i + 1)]); + xorMut(sum, encipher(xor(offset, adata))); + adata = adata.subarray(blockLength$1); + } - scheduleB[0] = new Array(4); - scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; - scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; - scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; - scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; + // + // Process any final partial block; compute final hash value + // + if (adata.length) { + xorMut(offset, mask.x); - scheduleB[1] = new Array(4); - scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; - scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; - scheduleB[1][2] = [7, 6, 8, 9, 3]; - scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; + const cipherInput = new Uint8Array(blockLength$1); + cipherInput.set(adata, 0); + cipherInput[adata.length] = 0b10000000; + xorMut(cipherInput, offset); + xorMut(sum, encipher(cipherInput)); + } - scheduleB[2] = new Array(4); - scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; - scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; - scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; - scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; + return sum; + } + + /** + * Encrypt/decrypt data. + * @param {encipher|decipher} fn - Encryption/decryption block cipher function + * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. + */ + function crypt(fn, text, nonce, adata) { + // + // Consider P as a sequence of 128-bit blocks + // + const m = text.length / blockLength$1 | 0; + // + // Key-dependent variables + // + extendKeyVariables(text, adata); - scheduleB[3] = new Array(4); - scheduleB[3][0] = [8, 9, 7, 6, 3]; - scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; - scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; - scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; + // + // Nonce-dependent and per-encryption variables + // + // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N + // Note: We assume here that tagLength mod 16 == 0. + const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength$1 - nonce.length), one, nonce]); + // bottom = str2num(Nonce[123..128]) + const bottom = paddedNonce[blockLength$1 - 1] & 0b111111; + // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) + paddedNonce[blockLength$1 - 1] &= 0b11000000; + const kTop = encipher(paddedNonce); + // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) + const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); + // Offset_0 = Stretch[1+bottom..128+bottom] + const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); + // Checksum_0 = zeros(128) + const checksum = new Uint8Array(blockLength$1); - // changed 'in' to 'inn' (in javascript 'in' is a reserved word) - this.keySchedule = function(inn) { - const t = new Array(8); - const k = new Array(32); + const ct = new Uint8Array(text.length + tagLength$1); - let j; + // + // Process any whole blocks + // + let i; + let pos = 0; + for (i = 0; i < m; i++) { + // Offset_i = Offset_{i-1} xor L_{ntz(i)} + xorMut(offset, mask[ntz(i + 1)]); + // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) + // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) + ct.set(xorMut(fn(xor(offset, text)), offset), pos); + // Checksum_i = Checksum_{i-1} xor P_i + xorMut(checksum, fn === encipher ? text : ct.subarray(pos)); - for (let i = 0; i < 4; i++) { - j = i * 4; - t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + text = text.subarray(blockLength$1); + pos += blockLength$1; } - const x = [6, 7, 4, 5]; - let ki = 0; - let w; + // + // Process any final partial block and compute raw tag + // + if (text.length) { + // Offset_* = Offset_m xor L_* + xorMut(offset, mask.x); + // Pad = ENCIPHER(K, Offset_*) + const padding = encipher(offset); + // C_* = P_* xor Pad[1..bitlen(P_*)] + ct.set(xor(text, padding), pos); - for (let half = 0; half < 2; half++) { - for (let round = 0; round < 4; round++) { - for (j = 0; j < 4; j++) { - const a = scheduleA[round][j]; - w = t[a[1]]; + // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) + const xorInput = new Uint8Array(blockLength$1); + xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); + xorInput[text.length] = 0b10000000; + xorMut(checksum, xorInput); + pos += text.length; + } + // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) + const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata)); - w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; - w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; - w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; - w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; - w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; - t[a[0]] = w; - } + // + // Assemble ciphertext + // + // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] + ct.set(tag, pos); + return ct; + } - for (j = 0; j < 4; j++) { - const b = scheduleB[round][j]; - w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; - w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; - w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; - w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; - k[ki] = w; - ki++; - } - } - } + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + return crypt(encipher, plaintext, nonce, adata); + }, - for (let i = 0; i < 16; i++) { - this.masking[i] = k[i]; - this.rotate[i] = k[16 + i] & 0x1f; + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); + + const tag = ciphertext.subarray(-tagLength$1); + ciphertext = ciphertext.subarray(0, -tagLength$1); + + const crypted = crypt(decipher, ciphertext, nonce, adata); + // if (Tag[1..TAGLEN] == T) + if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { + return crypted.subarray(0, -tagLength$1); + } + throw new Error('Authentication tag mismatch'); } }; + } - // These are the three 'f' functions. See RFC 2144, section 2.2. - function f1(d, m, r) { - const t = m + d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; + /** + * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. + * @param {Uint8Array} iv - The initialization vector (15 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ + OCB.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[7 + i] ^= chunkIndex[i]; } + return nonce; + }; - function f2(d, m, r) { - const t = m ^ d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; - } + OCB.blockLength = blockLength$1; + OCB.ivLength = ivLength$1; + OCB.tagLength = tagLength$1; - function f3(d, m, r) { - const t = m - d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2016 Tankred Hase + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + const webCrypto$6 = util.getWebCrypto(); + const nodeCrypto$5 = util.getNodeCrypto(); + const Buffer = util.getNodeBuffer(); + + const blockLength = 16; + const ivLength = 12; // size of the IV in bytes + const tagLength = 16; // size of the tag in bytes + const ALGO = 'AES-GCM'; + + /** + * Class to en/decrypt using GCM mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ + async function GCM(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('GCM mode supports only AES cipher'); } - const sBox = new Array(8); - sBox[0] = [ - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf - ]; + if (util.getNodeCrypto()) { // Node crypto library + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + const en = new nodeCrypto$5.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + en.setAAD(adata); + const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext + return new Uint8Array(ct); + }, - sBox[1] = [ - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + const de = new nodeCrypto$5.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + de.setAAD(adata); + de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext + const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]); + return new Uint8Array(pt); + } + }; + } - sBox[2] = [ - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 - ]; + if (util.getWebCrypto()) { + try { + const _key = await webCrypto$6.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); + // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages + const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/) || + navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/); + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && !pt.length) { + return gcm(key, iv, adata).encrypt(pt); + } + const ct = await webCrypto$6.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt); + return new Uint8Array(ct); + }, - sBox[3] = [ - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) { + return gcm(key, iv, adata).decrypt(ct); + } + try { + const pt = await webCrypto$6.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct); + return new Uint8Array(pt); + } catch (e) { + if (e.name === 'OperationError') { + throw new Error('Authentication tag mismatch'); + } + } + } + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - sBox[4] = [ - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 - ]; + return { + encrypt: async function(pt, iv, adata) { + return gcm(key, iv, adata).encrypt(pt); + }, - sBox[5] = [ - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f - ]; + decrypt: async function(ct, iv, adata) { + return gcm(key, iv, adata).decrypt(ct); + } + }; + } - sBox[6] = [ - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 - ]; - - sBox[7] = [ - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e - ]; - } - - function CAST5(key) { - this.cast5 = new OpenPGPSymEncCAST5(); - this.cast5.setKey(key); - - this.encrypt = function(block) { - return this.cast5.encrypt(block); - }; - } - CAST5.blockSize = CAST5.prototype.blockSize = 8; - CAST5.keySize = CAST5.prototype.keySize = 16; - - /* eslint-disable no-mixed-operators, no-fallthrough */ + /** + * Get GCM nonce. Note: this operation is not defined by the standard. + * A future version of the standard may define GCM mode differently, + * hopefully under a different ID (we use Private/Experimental algorithm + * ID 100) so that we can maintain backwards compatibility. + * @param {Uint8Array} iv - The initialization vector (12 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ + GCM.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[4 + i] ^= chunkIndex[i]; + } + return nonce; + }; + GCM.blockLength = blockLength; + GCM.ivLength = ivLength; + GCM.tagLength = tagLength; - /* Modified by Recurity Labs GmbH - * - * Cipher.js - * A block-cipher algorithm implementation on JavaScript - * See Cipher.readme.txt for further information. - * - * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] - * This script file is distributed under the LGPL - * - * ACKNOWLEDGMENT - * - * The main subroutines are written by Michiel van Everdingen. - * - * Michiel van Everdingen - * http://home.versatel.nl/MAvanEverdingen/index.html - * - * All rights for these routines are reserved to Michiel van Everdingen. - * + /** + * @fileoverview Cipher modes + * @module crypto/mode */ - //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - //Math - //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - const MAXINT = 0xFFFFFFFF; + var mode = { + /** @see module:crypto/mode/cfb */ + cfb: cfb, + /** @see module:crypto/mode/gcm */ + gcm: GCM, + experimentalGCM: GCM, + /** @see module:crypto/mode/eax */ + eax: EAX, + /** @see module:crypto/mode/ocb */ + ocb: OCB + }; - function rotw(w, n) { - return (w << n | w >>> (32 - n)) & MAXINT; + // Operations are not constant time, but we try and limit timing leakage where we can + const _0n$8 = BigInt(0); + const _1n$d = BigInt(1); + function uint8ArrayToBigInt(bytes) { + const hexAlphabet = '0123456789ABCDEF'; + let s = ''; + bytes.forEach(v => { + s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; + }); + return BigInt('0x0' + s); + } + function mod$2(a, m) { + const reduced = a % m; + return reduced < _0n$8 ? reduced + m : reduced; + } + /** + * Compute modular exponentiation using square and multiply + * @param {BigInt} a - Base + * @param {BigInt} e - Exponent + * @param {BigInt} n - Modulo + * @returns {BigInt} b ** e mod n. + */ + function modExp(b, e, n) { + if (n === _0n$8) + throw Error('Modulo cannot be zero'); + if (n === _1n$d) + return BigInt(0); + if (e < _0n$8) + throw Error('Unsopported negative exponent'); + let exp = e; + let x = b; + x %= n; + let r = BigInt(1); + while (exp > _0n$8) { + const lsb = exp & _1n$d; + exp >>= _1n$d; // e / 2 + // Always compute multiplication step, to reduce timing leakage + const rx = (r * x) % n; + // Update r only if lsb is 1 (odd exponent) + r = lsb ? rx : r; + x = (x * x) % n; // Square + } + return r; } - - function getW(a, i) { - return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; + function abs(x) { + return x >= _0n$8 ? x : -x; } - - function setW(a, i, w) { - a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); + /** + * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) + * Given a and b, compute (x, y) such that ax + by = gdc(a, b). + * Negative numbers are also supported. + * @param {BigInt} a - First operand + * @param {BigInt} b - Second operand + * @returns {{ gcd, x, y: bigint }} + */ + function _egcd(aInput, bInput) { + let x = BigInt(0); + let y = BigInt(1); + let xPrev = BigInt(1); + let yPrev = BigInt(0); + // Deal with negative numbers: run algo over absolute values, + // and "move" the sign to the returned x and/or y. + // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers + let a = abs(aInput); + let b = abs(bInput); + const aNegated = aInput < _0n$8; + const bNegated = bInput < _0n$8; + while (b !== _0n$8) { + const q = a / b; + let tmp = x; + x = xPrev - q * x; + xPrev = tmp; + tmp = y; + y = yPrev - q * y; + yPrev = tmp; + tmp = b; + b = a % b; + a = tmp; + } + return { + x: aNegated ? -xPrev : xPrev, + y: bNegated ? -yPrev : yPrev, + gcd: a + }; + } + /** + * Compute the inverse of `a` modulo `n` + * Note: `a` and and `n` must be relatively prime + * @param {BigInt} a + * @param {BigInt} n - Modulo + * @returns {BigInt} x such that a*x = 1 mod n + * @throws {Error} if the inverse does not exist + */ + function modInv(a, n) { + const { gcd, x } = _egcd(a, n); + if (gcd !== _1n$d) { + throw new Error('Inverse does not exist'); + } + return mod$2(x + n, n); + } + /** + * Compute greatest common divisor between this and n + * @param {BigInt} aInput - Operand + * @param {BigInt} bInput - Operand + * @returns {BigInt} gcd + */ + function gcd(aInput, bInput) { + let a = aInput; + let b = bInput; + while (b !== _0n$8) { + const tmp = b; + b = a % b; + a = tmp; + } + return a; + } + /** + * Get this value as an exact Number (max 53 bits) + * Fails if this value is too large + * @returns {Number} + */ + function bigIntToNumber(x) { + const number = Number(x); + if (number > Number.MAX_SAFE_INTEGER) { + // We throw and error to conform with the bn.js implementation + throw new Error('Number can only safely store up to 53 bits'); + } + return number; + } + /** + * Get value of i-th bit + * @param {BigInt} x + * @param {Number} i - Bit index + * @returns {Number} Bit value. + */ + function getBit(x, i) { + const bit = (x >> BigInt(i)) & _1n$d; + return bit === _0n$8 ? 0 : 1; + } + /** + * Compute bit length + */ + function bitLength(x) { + // -1n >> -1n is -1n + // 1n >> 1n is 0n + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + let bitlen = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _1n$d) !== target) { + bitlen++; + } + return bitlen; + } + /** + * Compute byte length + */ + function byteLength(x) { + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + const _8n = BigInt(8); + let len = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _8n) !== target) { + len++; + } + return len; + } + /** + * Get Uint8Array representation of this number + * @param {String} endian - Endianess of output array (defaults to 'be') + * @param {Number} length - Of output array + * @returns {Uint8Array} + */ + function bigIntToUint8Array(x, endian = 'be', length) { + // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) + // this is faster than shift+mod iterations + let hex = x.toString(16); + if (hex.length % 2 === 1) { + hex = '0' + hex; + } + const rawLength = hex.length / 2; + const bytes = new Uint8Array(length || rawLength); + // parse hex + const offset = length ? length - rawLength : 0; + let i = 0; + while (i < rawLength) { + bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); + i++; + } + if (endian !== 'be') { + bytes.reverse(); + } + return bytes; } - function getB(x, n) { - return (x >>> (n * 8)) & 0xFF; + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + const nodeCrypto$4 = util.getNodeCrypto(); + + /** + * Retrieve secure random byte array of the specified length + * @param {Integer} length - Length in bytes to generate + * @returns {Uint8Array} Random byte array. + */ + function getRandomBytes(length) { + const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto$4?.webcrypto; + if (webcrypto?.getRandomValues) { + const buf = new Uint8Array(length); + return webcrypto.getRandomValues(buf); + } else { + throw new Error('No secure random number generator available.'); + } } - // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - // Twofish - // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + /** + * Create a secure random BigInt that is greater than or equal to min and less than max. + * @param {bigint} min - Lower bound, included + * @param {bigint} max - Upper bound, excluded + * @returns {bigint} Random BigInt. + * @async + */ + function getRandomBigInteger(min, max) { + if (max < min) { + throw new Error('Illegal parameter value: max <= min'); + } - function createTwofish() { - // - let keyBytes = null; - let dataBytes = null; - let dataOffset = -1; - // var dataLength = -1; - // var idx2 = -1; - // + const modulus = max - min; + const bytes = byteLength(modulus); - let tfsKey = []; - let tfsM = [ - [], - [], - [], - [] - ]; + // Using a while loop is necessary to avoid bias introduced by the mod operation. + // However, we request 64 extra random bits so that the bias is negligible. + // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8)); + return mod$2(r, modulus) + min; + } - function tfsInit(key) { - keyBytes = key; - let i; - let a; - let b; - let c; - let d; - const meKey = []; - const moKey = []; - const inKey = []; - let kLen; - const sKey = []; - let f01; - let f5b; - let fef; + var random = /*#__PURE__*/Object.freeze({ + __proto__: null, + getRandomBigInteger: getRandomBigInteger, + getRandomBytes: getRandomBytes + }); - const q0 = [ - [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], - [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] - ]; - const q1 = [ - [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], - [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] - ]; - const q2 = [ - [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], - [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] - ]; - const q3 = [ - [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], - [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] - ]; - const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; - const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; - const q = [ - [], - [] - ]; - const m = [ - [], - [], - [], - [] - ]; - - function ffm5b(x) { - return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2018 Proton Technologies AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + /** + * @fileoverview Algorithms for probabilistic random prime generation + * @module crypto/public_key/prime + */ + const _1n$c = BigInt(1); + /** + * Generate a probably prime random number + * @param bits - Bit length of the prime + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ + function randomProbablePrime(bits, e, k) { + const _30n = BigInt(30); + const min = _1n$c << BigInt(bits - 1); + /* + * We can avoid any multiples of 3 and 5 by looking at n mod 30 + * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 + * the next possible prime is mod 30: + * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 + */ + const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; + let n = getRandomBigInteger(min, min << _1n$c); + let i = bigIntToNumber(mod$2(n, _30n)); + do { + n += BigInt(adds[i]); + i = (i + adds[i]) % adds.length; + // If reached the maximum, go back to the minimum. + if (bitLength(n) > bits) { + n = mod$2(n, min << _1n$c); + n += min; + i = bigIntToNumber(mod$2(n, _30n)); + } + } while (!isProbablePrime(n, e, k)); + return n; + } + /** + * Probabilistic primality testing + * @param n - Number to test + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ + function isProbablePrime(n, e, k) { + if (e && gcd(n - _1n$c, e) !== _1n$c) { + return false; } - - function ffmEf(x) { - return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + if (!divisionTest(n)) { + return false; } - - function mdsRem(p, q) { - let i; - let t; - let u; - for (i = 0; i < 8; i++) { - t = q >>> 24; - q = ((q << 8) & MAXINT) | p >>> 24; - p = (p << 8) & MAXINT; - u = t << 1; - if (t & 128) { - u ^= 333; + if (!fermat(n)) { + return false; + } + if (!millerRabin(n, k)) { + return false; + } + // TODO implement the Lucas test + // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + return true; + } + /** + * Tests whether n is probably prime or not using Fermat's test with b = 2. + * Fails if b^(n-1) mod n != 1. + * @param n - Number to test + * @param b - Optional Fermat test base + */ + function fermat(n, b = BigInt(2)) { + return modExp(b, n - _1n$c, n) === _1n$c; + } + function divisionTest(n) { + const _0n = BigInt(0); + return smallPrimes.every(m => mod$2(n, m) !== _0n); + } + // https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c + const smallPrimes = [ + 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 + ].map(n => BigInt(n)); + // Miller-Rabin - Miller Rabin algorithm for primality test + // Copyright Fedor Indutny, 2014. + // + // This software is licensed under the MIT License. + // + // Permission is hereby granted, free of charge, to any person obtaining a + // copy of this software and associated documentation files (the + // "Software"), to deal in the Software without restriction, including + // without limitation the rights to use, copy, modify, merge, publish, + // distribute, sublicense, and/or sell copies of the Software, and to permit + // persons to whom the Software is furnished to do so, subject to the + // following conditions: + // + // The above copyright notice and this permission notice shall be included + // in all copies or substantial portions of the Software. + // + // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, + // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE + // USE OR OTHER DEALINGS IN THE SOFTWARE. + // Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin + // Sample syntax for Fixed-Base Miller-Rabin: + // millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) + /** + * Tests whether n is probably prime or not using the Miller-Rabin test. + * See HAC Remark 4.28. + * @param n - Number to test + * @param k - Optional number of iterations of Miller-Rabin test + * @param rand - Optional function to generate potential witnesses + * @returns {boolean} + * @async + */ + function millerRabin(n, k, rand) { + const len = bitLength(n); + if (!k) { + k = Math.max(1, (len / 48) | 0); + } + const n1 = n - _1n$c; // n - 1 + // Find d and s, (n - 1) = (2 ^ s) * d; + let s = 0; + while (!getBit(n1, s)) { + s++; + } + const d = n >> BigInt(s); + for (; k > 0; k--) { + const a = getRandomBigInteger(BigInt(2), n1); + let x = modExp(a, d, n); + if (x === _1n$c || x === n1) { + continue; } - q ^= t ^ (u << 16); - u ^= t >>> 1; - if (t & 1) { - u ^= 166; + let i; + for (i = 1; i < s; i++) { + x = mod$2(x * x, n); + if (x === _1n$c) { + return false; + } + if (x === n1) { + break; + } + } + if (i === s) { + return false; } - q ^= u << 24 | u << 8; - } - return q; - } - - function qp(n, x) { - const a = x >> 4; - const b = x & 15; - const c = q0[n][a ^ b]; - const d = q1[n][ror4[b] ^ ashx[a]]; - return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; } + return true; + } - function hFun(x, key) { - let a = getB(x, 0); - let b = getB(x, 1); - let c = getB(x, 2); - let d = getB(x, 3); - switch (kLen) { - case 4: - a = q[1][a] ^ getB(key[3], 0); - b = q[0][b] ^ getB(key[3], 1); - c = q[0][c] ^ getB(key[3], 2); - d = q[1][d] ^ getB(key[3], 3); - case 3: - a = q[1][a] ^ getB(key[2], 0); - b = q[1][b] ^ getB(key[2], 1); - c = q[0][c] ^ getB(key[2], 2); - d = q[0][d] ^ getB(key[2], 3); - case 2: - a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); - b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); - c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); - d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); - } - return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - keyBytes = keyBytes.slice(0, 32); - i = keyBytes.length; - while (i !== 16 && i !== 24 && i !== 32) { - keyBytes[i++] = 0; - } - for (i = 0; i < keyBytes.length; i += 4) { - inKey[i >> 2] = getW(keyBytes, i); - } - for (i = 0; i < 256; i++) { - q[0][i] = qp(0, i); - q[1][i] = qp(1, i); - } - for (i = 0; i < 256; i++) { - f01 = q[1][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); - m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); - f01 = q[0][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); - m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); - } + /** + * ASN1 object identifiers for hashes + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} + */ + const hash_headers = []; + hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, + 0x10]; + hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; + hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; + hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20]; + hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, + 0x04, 0x30]; + hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40]; + hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, + 0x00, 0x04, 0x1C]; - kLen = inKey.length / 2; - for (i = 0; i < kLen; i++) { - a = inKey[i + i]; - meKey[i] = a; - b = inKey[i + i + 1]; - moKey[i] = b; - sKey[kLen - i - 1] = mdsRem(a, b); - } - for (i = 0; i < 40; i += 2) { - a = 0x1010101 * i; - b = a + 0x1010101; - a = hFun(a, meKey); - b = rotw(hFun(b, moKey), 8); - tfsKey[i] = (a + b) & MAXINT; - tfsKey[i + 1] = rotw(a + 2 * b, 9); - } - for (i = 0; i < 256; i++) { - a = b = c = d = i; - switch (kLen) { - case 4: - a = q[1][a] ^ getB(sKey[3], 0); - b = q[0][b] ^ getB(sKey[3], 1); - c = q[0][c] ^ getB(sKey[3], 2); - d = q[1][d] ^ getB(sKey[3], 3); - case 3: - a = q[1][a] ^ getB(sKey[2], 0); - b = q[1][b] ^ getB(sKey[2], 1); - c = q[0][c] ^ getB(sKey[2], 2); - d = q[0][d] ^ getB(sKey[2], 3); - case 2: - tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; - tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; - tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; - tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + /** + * Create padding with secure random data + * @private + * @param {Integer} length - Length of the padding in bytes + * @returns {Uint8Array} Random padding. + */ + function getPKCS1Padding(length) { + const result = new Uint8Array(length); + let count = 0; + while (count < length) { + const randomBytes = getRandomBytes(length - count); + for (let i = 0; i < randomBytes.length; i++) { + if (randomBytes[i] !== 0) { + result[count++] = randomBytes[i]; } } } + return result; + } - function tfsG0(x) { - return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; - } - - function tfsG1(x) { - return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; - } - - function tfsFrnd(r, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); - blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); - blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + /** + * Create a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} + * @param {Uint8Array} message - Message to be encoded + * @param {Integer} keyLength - The length in octets of the key modulus + * @returns {Uint8Array} EME-PKCS1 padded message. + */ + function emeEncode(message, keyLength) { + const mLength = message.length; + // length checking + if (mLength > keyLength - 11) { + throw new Error('Message too long'); } + // Generate an octet string PS of length k - mLen - 3 consisting of + // pseudo-randomly generated nonzero octets + const PS = getPKCS1Padding(keyLength - mLength - 3); + // Concatenate PS, the message M, and other padding to form an + // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. + const encoded = new Uint8Array(keyLength); + // 0x00 byte + encoded[1] = 2; + encoded.set(PS, 2); + // 0x00 bytes + encoded.set(message, keyLength - mLength); + return encoded; + } - function tfsIrnd(i, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; - blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; - blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + /** + * Decode a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} + * @param {Uint8Array} encoded - Encoded message bytes + * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) + * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) + * @throws {Error} on decoding failure, unless `randomPayload` is provided + */ + function emeDecode(encoded, randomPayload) { + // encoded format: 0x00 0x02 0x00 + let offset = 2; + let separatorNotFound = 1; + for (let j = offset; j < encoded.length; j++) { + separatorNotFound &= encoded[j] !== 0; + offset += separatorNotFound; } - function tfsClose() { - tfsKey = []; - tfsM = [ - [], - [], - [], - [] - ]; - } + const psLen = offset - 2; + const payload = encoded.subarray(offset + 1); // discard the 0x00 separator + const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - function tfsEncrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], - getW(dataBytes, dataOffset + 4) ^ tfsKey[1], - getW(dataBytes, dataOffset + 8) ^ tfsKey[2], - getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; - for (let j = 0; j < 8; j++) { - tfsFrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); - dataOffset += 16; - return dataBytes; + if (randomPayload) { + return util.selectUint8Array(isValidPadding, payload, randomPayload); } - function tfsDecrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], - getW(dataBytes, dataOffset + 4) ^ tfsKey[5], - getW(dataBytes, dataOffset + 8) ^ tfsKey[6], - getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; - for (let j = 7; j >= 0; j--) { - tfsIrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); - dataOffset += 16; + if (isValidPadding) { + return payload; } - // added by Recurity Labs + throw new Error('Decryption error'); + } - function tfsFinal() { - return dataBytes; + /** + * Create a EMSA-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} + * @param {Integer} algo - Hash algorithm type used + * @param {Uint8Array} hashed - Message to be encoded + * @param {Integer} emLen - Intended length in octets of the encoded message + * @returns {Uint8Array} Encoded message. + */ + function emsaEncode(algo, hashed, emLen) { + let i; + if (hashed.length !== hash$1.getHashByteLength(algo)) { + throw new Error('Invalid hash length'); + } + // produce an ASN.1 DER value for the hash function used. + // Let T be the full hash prefix + const hashPrefix = new Uint8Array(hash_headers[algo].length); + for (i = 0; i < hash_headers[algo].length; i++) { + hashPrefix[i] = hash_headers[algo][i]; + } + // and let tLen be the length in octets prefix and hashed data + const tLen = hashPrefix.length + hashed.length; + if (emLen < tLen + 11) { + throw new Error('Intended encoded message length too short'); } + // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF + // The length of PS will be at least 8 octets + const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - return { - name: 'twofish', - blocksize: 128 / 8, - open: tfsInit, - close: tfsClose, - encrypt: tfsEncrypt, - decrypt: tfsDecrypt, - // added by Recurity Labs - finalize: tfsFinal - }; + // Concatenate PS, the hash prefix, hashed data, and other padding to form the + // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed + const EM = new Uint8Array(emLen); + EM[1] = 0x01; + EM.set(PS, 2); + EM.set(hashPrefix, emLen - tLen); + EM.set(hashed, emLen - hashed.length); + return EM; } - // added by Recurity Labs + var pkcs1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + emeDecode: emeDecode, + emeEncode: emeEncode, + emsaEncode: emsaEncode + }); - function TF(key) { - this.tf = createTwofish(); - this.tf.open(Array.from(key), 0); + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - this.encrypt = function(block) { - return this.tf.encrypt(Array.from(block), 0); - }; - } - TF.keySize = TF.prototype.keySize = 32; - TF.blockSize = TF.prototype.blockSize = 16; + const webCrypto$5 = util.getWebCrypto(); + const nodeCrypto$3 = util.getNodeCrypto(); + const _1n$b = BigInt(1); - /* Modified by Recurity Labs GmbH - * - * Originally written by nklein software (nklein.com) + /** Create signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} hashed - Hashed message + * @returns {Promise} RSA Signature. + * @async */ + async function sign$6(hashAlgo, data, n, e, d, p, q, u, hashed) { + if (hash$1.getHashByteLength(hashAlgo) >= n.length) { + // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error + // e.g. if a 512-bit RSA key is used with a SHA-512 digest. + // The size limit is actually slightly different but here we only care about throwing + // on common key sizes. + throw new Error('Digest size cannot exceed key modulus size'); + } - /* - * Javascript implementation based on Bruce Schneier's reference implementation. - * - * - * The constructor doesn't do much of anything. It's just here - * so we can start defining properties and methods and such. - */ - function Blowfish() {} + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webSign$1(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeSign$1(hashAlgo, data, n, e, d, p, q, u); + } + } + return bnSign(hashAlgo, n, d, hashed); + } - /* - * Declare the block size so that protocols know what size - * Initialization Vector (IV) they will need. + /** + * Verify signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} s - Signature + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} hashed - Hashed message + * @returns {Boolean} + * @async */ - Blowfish.prototype.BLOCKSIZE = 8; + async function verify$6(hashAlgo, data, s, n, e, hashed) { + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webVerify$1(enums.read(enums.webHash, hashAlgo), data, s, n, e); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeVerify$1(hashAlgo, data, s, n, e); + } + } + return bnVerify(hashAlgo, s, n, e, hashed); + } - /* - * These are the default SBOXES. + /** + * Encrypt message + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @returns {Promise} RSA Ciphertext. + * @async */ - Blowfish.prototype.SBOXES = [ - [ - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, - 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, - 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, - 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, - 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, - 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, - 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, - 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, - 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, - 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, - 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, - 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, - 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, - 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, - 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, - 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, - 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, - 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, - 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, - 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, - 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, - 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a - ], - [ - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 - ], - [ - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 - ], - [ - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 - ] - ]; - - //* - //* This is the default PARRAY - //* - Blowfish.prototype.PARRAY = [ - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b - ]; - - //* - //* This is the number of rounds the cipher will go - //* - Blowfish.prototype.NN = 16; - - //* - //* This function is needed to get rid of problems - //* with the high-bit getting set. If we don't do - //* this, then sometimes ( aa & 0x00FFFFFFFF ) is not - //* equal to ( bb & 0x00FFFFFFFF ) even when they - //* agree bit-for-bit for the first 32 bits. - //* - Blowfish.prototype._clean = function(xx) { - if (xx < 0) { - const yy = xx & 0x7FFFFFFF; - xx = yy + 0x80000000; + async function encrypt$4(data, n, e) { + if (util.getNodeCrypto()) { + return nodeEncrypt(data, n, e); } - return xx; - }; - - //* - //* This is the mixing function that uses the sboxes - //* - Blowfish.prototype._F = function(xx) { - let yy; + return bnEncrypt(data, n, e); + } - const dd = xx & 0x00FF; - xx >>>= 8; - const cc = xx & 0x00FF; - xx >>>= 8; - const bb = xx & 0x00FF; - xx >>>= 8; - const aa = xx & 0x00FF; + /** + * Decrypt RSA message + * @param {Uint8Array} m - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} RSA Plaintext. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ + async function decrypt$4(data, n, e, d, p, q, u, randomPayload) { + // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, + // and we want to avoid checking the error type to decide if the random payload + // should indeed be returned. + if (util.getNodeCrypto() && !randomPayload) { + try { + return await nodeDecrypt(data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } + return bnDecrypt(data, n, e, d, p, q, u, randomPayload); + } - yy = this.sboxes[0][aa] + this.sboxes[1][bb]; - yy ^= this.sboxes[2][cc]; - yy += this.sboxes[3][dd]; + /** + * Generate a new random private key B bits long with public exponent E. + * + * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using + * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. + * @see module:crypto/public_key/prime + * @param {Integer} bits - RSA bit length + * @param {Integer} e - RSA public exponent + * @returns {{n, e, d, + * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, + * RSA private prime p, RSA private prime q, u = p ** -1 mod q + * @async + */ + async function generate$4(bits, e) { + e = BigInt(e); - return yy; - }; + // Native RSA keygen using Web Crypto + if (util.getWebCrypto()) { + const keyGenOpt = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: bits, // the specified keysize in bits + publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent + hash: { + name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' + } + }; + const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - //* - //* This method takes an array with two values, left and right - //* and does NN rounds of Blowfish on them. - //* - Blowfish.prototype._encryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; + // export the generated keys as JsonWebKey (JWK) + // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 + const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); + // map JWK parameters to corresponding OpenPGP names + return jwkToPrivate(jwk, e); + } else if (util.getNodeCrypto()) { + const opts = { + modulusLength: bits, + publicExponent: bigIntToNumber(e), + publicKeyEncoding: { type: 'pkcs1', format: 'jwk' }, + privateKeyEncoding: { type: 'pkcs1', format: 'jwk' } + }; + const jwk = await new Promise((resolve, reject) => { + nodeCrypto$3.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => { + if (err) { + reject(err); + } else { + resolve(jwkPrivateKey); + } + }); + }); + return jwkToPrivate(jwk, e); + } - let ii; + // RSA keygen fallback using 40 iterations of the Miller-Rabin test + // See https://stackoverflow.com/a/6330138 for justification + // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST + let p; + let q; + let n; + do { + q = randomProbablePrime(bits - (bits >> 1), e, 40); + p = randomProbablePrime(bits >> 1, e, 40); + n = p * q; + } while (bitLength(n) !== bits); - for (ii = 0; ii < this.NN; ++ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; + const phi = (p - _1n$b) * (q - _1n$b); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + if (q < p) { + [p, q] = [q, p]; } - dataL ^= this.parray[this.NN + 0]; - dataR ^= this.parray[this.NN + 1]; + return { + n: bigIntToUint8Array(n), + e: bigIntToUint8Array(e), + d: bigIntToUint8Array(modInv(e, phi)), + p: bigIntToUint8Array(p), + q: bigIntToUint8Array(q), + // dp: d.mod(p.subn(1)), + // dq: d.mod(q.subn(1)), + u: bigIntToUint8Array(modInv(p, q)) + }; + } - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); - }; + /** + * Validate RSA parameters + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA inverse of p w.r.t. q + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$9(n, e, d, p, q, u) { + n = uint8ArrayToBigInt(n); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); - //* - //* This method takes a vector of numbers and turns them - //* into long words so that they can be processed by the - //* real algorithm. - //* - //* Maybe I should make the real algorithm above take a vector - //* instead. That will involve more looping, but it won't require - //* the F() method to deconstruct the vector. - //* - Blowfish.prototype.encryptBlock = function(vector) { - let ii; - const vals = [0, 0]; - const off = this.BLOCKSIZE / 2; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); - vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); + // expect pq = n + if ((p * q) !== n) { + return false; } - this._encryptBlock(vals); + const _2n = BigInt(2); + // expect p*u = 1 mod q + u = uint8ArrayToBigInt(u); + if (mod$2(p * u, q) !== BigInt(1)) { + return false; + } - const ret = []; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); - ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); - // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); - // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + /** + * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) + * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] + * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] + * + * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) + */ + const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3)); + const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q + const rde = r * d * e; + + const areInverses = mod$2(rde, p - _1n$b) === r && mod$2(rde, q - _1n$b) === r; + if (!areInverses) { + return false; } - return ret; - }; + return true; + } - //* - //* This method takes an array with two values, left and right - //* and undoes NN rounds of Blowfish on them. - //* - Blowfish.prototype._decryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; + async function bnSign(hashAlgo, n, d, hashed) { + n = uint8ArrayToBigInt(n); + const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n))); + d = uint8ArrayToBigInt(d); + return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n)); + } - let ii; + async function webSign$1(hashName, data, n, e, d, p, q, u) { + /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. + * We swap them in privateToJWK, so it usually works out, but nevertheless, + * not all OpenPGP keys are compatible with this requirement. + * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still + * does if the underlying Web Crypto does so (though the tested implementations + * don't do so). + */ + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const algo = { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }; + const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); + return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); + } - for (ii = this.NN + 1; ii > 1; --ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; + async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) { + const sign = nodeCrypto$3.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(data); + sign.end(); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + const jwk = await privateToJWK$1(n, e, d, p, q, u); + return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' })); + } + + async function bnVerify(hashAlgo, s, n, e, hashed) { + n = uint8ArrayToBigInt(n); + s = uint8ArrayToBigInt(s); + e = uint8ArrayToBigInt(e); + if (s >= n) { + throw new Error('Signature size cannot exceed modulus size'); } + const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n)); + const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n)); + return util.equalsUint8Array(EM1, EM2); + } - dataL ^= this.parray[1]; - dataR ^= this.parray[0]; + async function webVerify$1(hashName, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = await webCrypto$5.importKey('jwk', jwk, { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }, false, ['verify']); + return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); + } - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); - }; + async function nodeVerify$1(hashAlgo, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1' }; - //* - //* This method takes a key array and initializes the - //* sboxes and parray for this encryption. - //* - Blowfish.prototype.init = function(key) { - let ii; - let jj = 0; + const verify = nodeCrypto$3.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(data); + verify.end(); - this.parray = []; - for (ii = 0; ii < this.NN + 2; ++ii) { - let data = 0x00000000; - for (let kk = 0; kk < 4; ++kk) { - data = (data << 8) | (key[jj] & 0x00FF); - if (++jj >= key.length) { - jj = 0; - } - } - this.parray[ii] = this.PARRAY[ii] ^ data; + try { + return verify.verify(key, s); + } catch (err) { + return false; } + } - this.sboxes = []; - for (ii = 0; ii < 4; ++ii) { - this.sboxes[ii] = []; - for (jj = 0; jj < 256; ++jj) { - this.sboxes[ii][jj] = this.SBOXES[ii][jj]; - } + async function nodeEncrypt(data, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; + + return new Uint8Array(nodeCrypto$3.publicEncrypt(key, data)); + } + + async function bnEncrypt(data, n, e) { + n = uint8ArrayToBigInt(n); + data = uint8ArrayToBigInt(emeEncode(data, byteLength(n))); + e = uint8ArrayToBigInt(e); + if (data >= n) { + throw new Error('Message size cannot exceed modulus size'); } + return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n)); + } - const vals = [0x00000000, 0x00000000]; + async function nodeDecrypt(data, n, e, d, p, q, u) { + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; - for (ii = 0; ii < this.NN + 2; ii += 2) { - this._encryptBlock(vals); - this.parray[ii + 0] = vals[0]; - this.parray[ii + 1] = vals[1]; + try { + return new Uint8Array(nodeCrypto$3.privateDecrypt(key, data)); + } catch (err) { + throw new Error('Decryption error'); } + } - for (ii = 0; ii < 4; ++ii) { - for (jj = 0; jj < 256; jj += 2) { - this._encryptBlock(vals); - this.sboxes[ii][jj + 0] = vals[0]; - this.sboxes[ii][jj + 1] = vals[1]; - } + async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { + data = uint8ArrayToBigInt(data); + n = uint8ArrayToBigInt(n); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + u = uint8ArrayToBigInt(u); + if (data >= n) { + throw new Error('Data too large.'); } - }; + const dq = mod$2(d, q - _1n$b); // d mod (q-1) + const dp = mod$2(d, p - _1n$b); // d mod (p-1) - // added by Recurity Labs - function BF(key) { - this.bf = new Blowfish(); - this.bf.init(key); + const unblinder = getRandomBigInteger(BigInt(2), n); + const blinder = modExp(modInv(unblinder, n), e, n); + data = mod$2(data * blinder, n); - this.encrypt = function(block) { - return this.bf.encryptBlock(block); - }; - } + const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p + const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q + const h = mod$2(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q) - BF.keySize = BF.prototype.keySize = 16; - BF.blockSize = BF.prototype.blockSize = 8; + let result = h * p + mp; // result < n due to relations above - /** - * @fileoverview Symmetric cryptography functions - * @module crypto/cipher - * @private + result = mod$2(result * unblinder, n); + + return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload); + } + + /** Convert Openpgp private key params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + * @param {Uint8Array} d + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} u */ + async function privateToJWK$1(n, e, d, p, q, u) { + const pNum = uint8ArrayToBigInt(p); + const qNum = uint8ArrayToBigInt(q); + const dNum = uint8ArrayToBigInt(d); - /** - * AES-128 encryption and decryption (ID 7) - * @function - * @param {String} key - 128-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} + let dq = mod$2(dNum, qNum - _1n$b); // d mod (q-1) + let dp = mod$2(dNum, pNum - _1n$b); // d mod (p-1) + dp = bigIntToUint8Array(dp); + dq = bigIntToUint8Array(dq); + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + d: uint8ArrayToB64(d), + // switch p and q + p: uint8ArrayToB64(q), + q: uint8ArrayToB64(p), + // switch dp and dq + dp: uint8ArrayToB64(dq), + dq: uint8ArrayToB64(dp), + qi: uint8ArrayToB64(u), + ext: true + }; + } + + /** Convert Openpgp key public params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e */ - const aes128 = aes(128); - /** - * AES-128 Block Cipher (ID 8) - * @function - * @param {String} key - 192-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ - const aes192 = aes(192); - /** - * AES-128 Block Cipher (ID 9) - * @function - * @param {String} key - 256-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ - const aes256 = aes(256); - // Not in OpenPGP specifications - const des$1 = DES; - /** - * Triple DES Block Cipher (ID 2) - * @function - * @param {String} key - 192-bit key - * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67} - * @returns {Object} - */ - const tripledes = TripleDES; - /** - * CAST-128 Block Cipher (ID 3) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm} - * @returns {Object} - */ - const cast5 = CAST5; - /** - * Twofish Block Cipher (ID 10) - * @function - * @param {String} key - 256-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH} - * @returns {Object} - */ - const twofish = TF; - /** - * Blowfish Block Cipher (ID 4) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH} - * @returns {Object} - */ - const blowfish = BF; - /** - * Not implemented - * @function - * @throws {Error} - */ - const idea = function() { - throw new Error('IDEA symmetric-key algorithm not implemented'); - }; + function publicToJWK(n, e) { + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + ext: true + }; + } - var cipher = /*#__PURE__*/Object.freeze({ + /** Convert JWK private key to OpenPGP private key params */ + function jwkToPrivate(jwk, e) { + return { + n: b64ToUint8Array(jwk.n), + e: bigIntToUint8Array(e), + d: b64ToUint8Array(jwk.d), + // switch p and q + p: b64ToUint8Array(jwk.q), + q: b64ToUint8Array(jwk.p), + // Since p and q are switched in places, u is the inverse of jwk.q + u: b64ToUint8Array(jwk.qi) + }; + } + + var rsa = /*#__PURE__*/Object.freeze({ __proto__: null, - aes128: aes128, - aes192: aes192, - aes256: aes256, - des: des$1, - tripledes: tripledes, - cast5: cast5, - twofish: twofish, - blowfish: blowfish, - idea: idea + decrypt: decrypt$4, + encrypt: encrypt$4, + generate: generate$4, + sign: sign$6, + validateParams: validateParams$9, + verify: verify$6 }); - var sha1_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0, - w16 = 0, w17 = 0, w18 = 0, w19 = 0, - w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0, - w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0, - w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0, - w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0, - w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0, - w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - - // 0 - t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 1 - t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 2 - t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 3 - t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 4 - t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 5 - t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 6 - t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 7 - t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 8 - t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 9 - t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 10 - t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 11 - t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 12 - t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 13 - t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 14 - t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 15 - t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 16 - n = w13 ^ w8 ^ w2 ^ w0; - w16 = (n << 1) | (n >>> 31); - t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 17 - n = w14 ^ w9 ^ w3 ^ w1; - w17 = (n << 1) | (n >>> 31); - t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 18 - n = w15 ^ w10 ^ w4 ^ w2; - w18 = (n << 1) | (n >>> 31); - t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 19 - n = w16 ^ w11 ^ w5 ^ w3; - w19 = (n << 1) | (n >>> 31); - t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 20 - n = w17 ^ w12 ^ w6 ^ w4; - w20 = (n << 1) | (n >>> 31); - t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 21 - n = w18 ^ w13 ^ w7 ^ w5; - w21 = (n << 1) | (n >>> 31); - t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 22 - n = w19 ^ w14 ^ w8 ^ w6; - w22 = (n << 1) | (n >>> 31); - t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 23 - n = w20 ^ w15 ^ w9 ^ w7; - w23 = (n << 1) | (n >>> 31); - t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 24 - n = w21 ^ w16 ^ w10 ^ w8; - w24 = (n << 1) | (n >>> 31); - t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 25 - n = w22 ^ w17 ^ w11 ^ w9; - w25 = (n << 1) | (n >>> 31); - t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 26 - n = w23 ^ w18 ^ w12 ^ w10; - w26 = (n << 1) | (n >>> 31); - t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 27 - n = w24 ^ w19 ^ w13 ^ w11; - w27 = (n << 1) | (n >>> 31); - t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 28 - n = w25 ^ w20 ^ w14 ^ w12; - w28 = (n << 1) | (n >>> 31); - t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 29 - n = w26 ^ w21 ^ w15 ^ w13; - w29 = (n << 1) | (n >>> 31); - t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 30 - n = w27 ^ w22 ^ w16 ^ w14; - w30 = (n << 1) | (n >>> 31); - t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 31 - n = w28 ^ w23 ^ w17 ^ w15; - w31 = (n << 1) | (n >>> 31); - t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 32 - n = w29 ^ w24 ^ w18 ^ w16; - w32 = (n << 1) | (n >>> 31); - t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 33 - n = w30 ^ w25 ^ w19 ^ w17; - w33 = (n << 1) | (n >>> 31); - t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 34 - n = w31 ^ w26 ^ w20 ^ w18; - w34 = (n << 1) | (n >>> 31); - t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 35 - n = w32 ^ w27 ^ w21 ^ w19; - w35 = (n << 1) | (n >>> 31); - t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 36 - n = w33 ^ w28 ^ w22 ^ w20; - w36 = (n << 1) | (n >>> 31); - t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 37 - n = w34 ^ w29 ^ w23 ^ w21; - w37 = (n << 1) | (n >>> 31); - t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 38 - n = w35 ^ w30 ^ w24 ^ w22; - w38 = (n << 1) | (n >>> 31); - t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 39 - n = w36 ^ w31 ^ w25 ^ w23; - w39 = (n << 1) | (n >>> 31); - t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 40 - n = w37 ^ w32 ^ w26 ^ w24; - w40 = (n << 1) | (n >>> 31); - t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 41 - n = w38 ^ w33 ^ w27 ^ w25; - w41 = (n << 1) | (n >>> 31); - t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 42 - n = w39 ^ w34 ^ w28 ^ w26; - w42 = (n << 1) | (n >>> 31); - t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 43 - n = w40 ^ w35 ^ w29 ^ w27; - w43 = (n << 1) | (n >>> 31); - t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 44 - n = w41 ^ w36 ^ w30 ^ w28; - w44 = (n << 1) | (n >>> 31); - t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 45 - n = w42 ^ w37 ^ w31 ^ w29; - w45 = (n << 1) | (n >>> 31); - t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 46 - n = w43 ^ w38 ^ w32 ^ w30; - w46 = (n << 1) | (n >>> 31); - t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 47 - n = w44 ^ w39 ^ w33 ^ w31; - w47 = (n << 1) | (n >>> 31); - t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 48 - n = w45 ^ w40 ^ w34 ^ w32; - w48 = (n << 1) | (n >>> 31); - t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 49 - n = w46 ^ w41 ^ w35 ^ w33; - w49 = (n << 1) | (n >>> 31); - t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 50 - n = w47 ^ w42 ^ w36 ^ w34; - w50 = (n << 1) | (n >>> 31); - t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 51 - n = w48 ^ w43 ^ w37 ^ w35; - w51 = (n << 1) | (n >>> 31); - t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 52 - n = w49 ^ w44 ^ w38 ^ w36; - w52 = (n << 1) | (n >>> 31); - t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 53 - n = w50 ^ w45 ^ w39 ^ w37; - w53 = (n << 1) | (n >>> 31); - t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 54 - n = w51 ^ w46 ^ w40 ^ w38; - w54 = (n << 1) | (n >>> 31); - t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 55 - n = w52 ^ w47 ^ w41 ^ w39; - w55 = (n << 1) | (n >>> 31); - t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 56 - n = w53 ^ w48 ^ w42 ^ w40; - w56 = (n << 1) | (n >>> 31); - t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 57 - n = w54 ^ w49 ^ w43 ^ w41; - w57 = (n << 1) | (n >>> 31); - t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 58 - n = w55 ^ w50 ^ w44 ^ w42; - w58 = (n << 1) | (n >>> 31); - t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 59 - n = w56 ^ w51 ^ w45 ^ w43; - w59 = (n << 1) | (n >>> 31); - t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 60 - n = w57 ^ w52 ^ w46 ^ w44; - w60 = (n << 1) | (n >>> 31); - t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 61 - n = w58 ^ w53 ^ w47 ^ w45; - w61 = (n << 1) | (n >>> 31); - t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 62 - n = w59 ^ w54 ^ w48 ^ w46; - w62 = (n << 1) | (n >>> 31); - t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 63 - n = w60 ^ w55 ^ w49 ^ w47; - w63 = (n << 1) | (n >>> 31); - t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 64 - n = w61 ^ w56 ^ w50 ^ w48; - w64 = (n << 1) | (n >>> 31); - t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 65 - n = w62 ^ w57 ^ w51 ^ w49; - w65 = (n << 1) | (n >>> 31); - t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 66 - n = w63 ^ w58 ^ w52 ^ w50; - w66 = (n << 1) | (n >>> 31); - t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 67 - n = w64 ^ w59 ^ w53 ^ w51; - w67 = (n << 1) | (n >>> 31); - t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 68 - n = w65 ^ w60 ^ w54 ^ w52; - w68 = (n << 1) | (n >>> 31); - t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 69 - n = w66 ^ w61 ^ w55 ^ w53; - w69 = (n << 1) | (n >>> 31); - t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 70 - n = w67 ^ w62 ^ w56 ^ w54; - w70 = (n << 1) | (n >>> 31); - t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 71 - n = w68 ^ w63 ^ w57 ^ w55; - w71 = (n << 1) | (n >>> 31); - t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 72 - n = w69 ^ w64 ^ w58 ^ w56; - w72 = (n << 1) | (n >>> 31); - t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 73 - n = w70 ^ w65 ^ w59 ^ w57; - w73 = (n << 1) | (n >>> 31); - t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 74 - n = w71 ^ w66 ^ w60 ^ w58; - w74 = (n << 1) | (n >>> 31); - t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 75 - n = w72 ^ w67 ^ w61 ^ w59; - w75 = (n << 1) | (n >>> 31); - t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 76 - n = w73 ^ w68 ^ w62 ^ w60; - w76 = (n << 1) | (n >>> 31); - t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 77 - n = w74 ^ w69 ^ w63 ^ w61; - w77 = (n << 1) | (n >>> 31); - t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 78 - n = w75 ^ w70 ^ w64 ^ w62; - w78 = (n << 1) | (n >>> 31); - t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 79 - n = w76 ^ w71 ^ w65 ^ w63; - w79 = (n << 1) | (n >>> 31); - t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - } - - function reset () { - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if ( offset & 63 ) - return -1; - if ( ~output ) - if ( output & 31 ) - return -1; + const _1n$a = BigInt(1); - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; + /** + * ElGamal Encryption function + * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) + * @param {Uint8Array} data - To be padded and encrypted + * @param {Uint8Array} p + * @param {Uint8Array} g + * @param {Uint8Array} y + * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} + * @async + */ + async function encrypt$3(data, p, g, y) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } + const padded = emeEncode(data, byteLength(p)); + const m = uint8ArrayToBigInt(padded); - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0; + // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* + // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] + const k = getRandomBigInteger(_1n$a, p - _1n$a); + return { + c1: bigIntToUint8Array(modExp(g, k, p)), + c2: bigIntToUint8Array(mod$2(modExp(y, k, p) * m, p)) + }; + } - HEAP[offset|length] = 0x80; + /** + * ElGamal Encryption function + * @param {Uint8Array} c1 + * @param {Uint8Array} c2 + * @param {Uint8Array} p + * @param {Uint8Array} x + * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} Unpadded message. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ + async function decrypt$3(c1, c2, p, x, randomPayload) { + c1 = uint8ArrayToBigInt(c1); + c2 = uint8ArrayToBigInt(c2); + p = uint8ArrayToBigInt(p); + x = uint8ArrayToBigInt(x); - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - _core_heap(offset); + const padded = mod$2(modInv(modExp(c1, x, p), p) * c2, p); + return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload); + } - length = 0; + /** + * Validate ElGamal parameters + * @param {Uint8Array} p - ElGamal prime + * @param {Uint8Array} g - ElGamal group generator + * @param {Uint8Array} y - ElGamal public key + * @param {Uint8Array} x - ElGamal private exponent + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$8(p, g, y, x) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - HEAP[offset|0] = 0; - } + // Check that 1 < g < p + if (g <= _1n$a || g >= p) { + return false; + } - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; + // Expect p-1 to be large + const pSize = BigInt(bitLength(p)); + const _1023n = BigInt(1023); + if (pSize < _1023n) { + return false; + } - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; + /** + * g should have order p-1 + * Check that g ** (p-1) = 1 mod p + */ + if (modExp(g, p - _1n$a, p) !== _1n$a) { + return false; + } - TOTAL0 = 64; - TOTAL1 = 0; + /** + * Since p-1 is not prime, g might have a smaller order that divides p-1 + * We want to make sure that the order is large enough to hinder a small subgroup attack + * + * We just check g**i != 1 for all i up to a threshold + */ + let res = g; + let i = BigInt(1); + const _2n = BigInt(2); + const threshold = _2n << BigInt(17); // we want order > threshold + while (i < threshold) { + res = mod$2(res * g, p); + if (res === _1n$a) { + return false; } + i++; + } - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{r(p-1) + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const r = getRandomBigInteger(_2n << (pSize - _1n$a), _2n << pSize); // draw r of same size as p-1 + const rqx = (p - _1n$a) * r + x; + if (y !== modExp(g, rqx, p)) { + return false; + } - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); + return true; + } - if ( ~output ) - _state_to_heap(output); + var elgamal = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$3, + encrypt: encrypt$3, + validateParams: validateParams$8 + }); - return hashed|0; - } + // declare const globalThis: Record | undefined; + const crypto$3 = + typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; + const nacl = {}; - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; + // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. + // Public domain. + // + // Implementation derived from TweetNaCl version 20140427. + // See for details: http://tweetnacl.cr.yp.to/ - if ( offset & 63 ) - return -1; + var gf = function(init) { + var i, r = new Float64Array(16); + if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; + return r; + }; - if ( ~output ) - if ( output & 31 ) - return -1; + // Pluggable, initialized in high-level API below. + var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; + var _9 = new Uint8Array(32); _9[0] = 9; - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4; - count = (count-1)|0; + var gf0 = gf(), + gf1 = gf([1]), + _121665 = gf([0xdb41, 1]), + D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), + D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), + X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), + Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), + I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + function ts64(x, i, h, l) { + x[i] = (h >> 24) & 0xff; + x[i+1] = (h >> 16) & 0xff; + x[i+2] = (h >> 8) & 0xff; + x[i+3] = h & 0xff; + x[i+4] = (l >> 24) & 0xff; + x[i+5] = (l >> 16) & 0xff; + x[i+6] = (l >> 8) & 0xff; + x[i+7] = l & 0xff; + } - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + function vn(x, xi, y, yi, n) { + var i,d = 0; + for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; + return (1 & ((d - 1) >>> 8)) - 1; + } - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; + function crypto_verify_32(x, xi, y, yi) { + return vn(x,xi,y,yi,32); + } - count = (count-1)|0; - } + function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) r[i] = a[i]|0; + } - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; + function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; i++) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c-1 + 37 * (c-1); + } - if ( ~output ) - _state_to_heap(output); + function sel25519(p, q, b) { + var t, c = ~(b-1); + for (var i = 0; i < 16; i++) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; + } + } - return 0; + function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; i++) t[i] = n[i]; + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; j++) { + m[0] = t[0] - 0xffed; + for (i = 1; i < 15; i++) { + m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); + m[i-1] &= 0xffff; } + m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); + b = (m[15]>>16) & 1; + m[14] &= 0xffff; + sel25519(t, m, 1-b); + } + for (i = 0; i < 16; i++) { + o[2*i] = t[i] & 0xff; + o[2*i+1] = t[i]>>8; + } + } - return { - // SHA1 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA1 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA1 - pbkdf2_generate_block: pbkdf2_generate_block - } - }; + function neq25519(a, b) { + var c = new Uint8Array(32), d = new Uint8Array(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); + } - class Hash { - constructor() { - this.pos = 0; - this.len = 0; - } - reset() { - const { asm } = this.acquire_asm(); - this.result = null; - this.pos = 0; - this.len = 0; - asm.reset(); - return this; - } - process(data) { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - let hpos = this.pos; - let hlen = this.len; - let dpos = 0; - let dlen = data.length; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen); - hlen += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.process(hpos, hlen); - hpos += wlen; - hlen -= wlen; - if (!hlen) - hpos = 0; - } - this.pos = hpos; - this.len = hlen; - return this; - } - finish() { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - asm.finish(this.pos, this.len, 0); - this.result = new Uint8Array(this.HASH_SIZE); - this.result.set(heap.subarray(0, this.HASH_SIZE)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return this; - } + function par25519(a) { + var d = new Uint8Array(32); + pack25519(d, a); + return d[0] & 1; } - const _sha1_block_size = 64; - const _sha1_hash_size = 20; - const heap_pool$1 = []; - const asm_pool$1 = []; - class Sha1 extends Hash { - constructor() { - super(); - this.NAME = 'sha1'; - this.BLOCK_SIZE = _sha1_block_size; - this.HASH_SIZE = _sha1_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$1.pop() || _heap_init(); - this.asm = asm_pool$1.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$1.push(this.heap); - asm_pool$1.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha1().process(data).finish().result; - } - } - Sha1.NAME = 'sha1'; - Sha1.heap_pool = []; - Sha1.asm_pool = []; - Sha1.asm_function = sha1_asm; - - var sha256_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - f = H5; - g = H6; - h = H7; - - // 0 - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 1 - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 2 - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 3 - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 4 - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 5 - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 6 - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 7 - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 8 - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 9 - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 10 - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 11 - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 12 - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 13 - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 14 - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 15 - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 16 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 17 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 18 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 19 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 20 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 21 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 22 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 23 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 24 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 25 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 26 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 27 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 28 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 29 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 30 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 31 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 32 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 33 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 34 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 35 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 36 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 37 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 38 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 39 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 40 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 41 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 42 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 43 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 44 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 45 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 46 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 47 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 48 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 49 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 50 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 51 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 52 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 53 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 54 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 55 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 56 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 57 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 58 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 59 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 60 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 61 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 62 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 63 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - H5 = ( H5 + f )|0; - H6 = ( H6 + g )|0; - H7 = ( H7 + h )|0; - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } + function unpack25519(o, n) { + var i; + for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); + o[15] &= 0x7fff; + } - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - HEAP[output|20] = H5>>>24; - HEAP[output|21] = H5>>>16&255; - HEAP[output|22] = H5>>>8&255; - HEAP[output|23] = H5&255; - HEAP[output|24] = H6>>>24; - HEAP[output|25] = H6>>>16&255; - HEAP[output|26] = H6>>>8&255; - HEAP[output|27] = H6&255; - HEAP[output|28] = H7>>>24; - HEAP[output|29] = H7>>>16&255; - HEAP[output|30] = H7>>>8&255; - HEAP[output|31] = H7&255; - } - - function reset () { - H0 = 0x6a09e667; - H1 = 0xbb67ae85; - H2 = 0x3c6ef372; - H3 = 0xa54ff53a; - H4 = 0x510e527f; - H5 = 0x9b05688c; - H6 = 0x1f83d9ab; - H7 = 0x5be0cd19; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - h5 = h5|0; - h6 = h6|0; - h7 = h7|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } + function A(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; + } - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; + function Z(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; + } - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - H5 = I5; - H6 = I6; - H7 = I7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - H5 = O5; - H6 = O6; - H7 = O7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - O5 = H5; - O6 = H6; - O7 = H7; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - I5 = H5; - I6 = H6; - I7 = H7; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - h5 = h5 ^ H5; - h6 = h6 ^ H6; - h7 = h7 ^ H7; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA256 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA256 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA256 - pbkdf2_generate_block: pbkdf2_generate_block - } - }; - - const _sha256_block_size = 64; - const _sha256_hash_size = 32; - const heap_pool$2 = []; - const asm_pool$2 = []; - class Sha256 extends Hash { - constructor() { - super(); - this.NAME = 'sha256'; - this.BLOCK_SIZE = _sha256_block_size; - this.HASH_SIZE = _sha256_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$2.pop() || _heap_init(); - this.asm = asm_pool$2.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$2.push(this.heap); - asm_pool$2.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha256().process(data).finish().result; - } - } - Sha256.NAME = 'sha256'; - - var minimalisticAssert = assert; - - function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); - } - - assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); - }; - - var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - - function createCommonjsModule(fn, module) { - return module = { exports: {} }, fn(module, module.exports), module.exports; - } - - function commonjsRequire () { - throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs'); - } - - var inherits_browser = createCommonjsModule(function (module) { - if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; - } else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - }; - } - }); - - var inherits_1 = inherits_browser; - - function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; - } - var toArray_1 = toArray; - - function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; - } - var toHex_1 = toHex; - - function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; - } - var htonl_1 = htonl; - - function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); - } - return res; - } - var toHex32_1 = toHex32; - - function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; - } - var zero2_1 = zero2; - - function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; - } - var zero8_1 = zero8; - - function join32(msg, start, end, endian) { - var len = end - start; - minimalisticAssert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; - } - return res; - } - var join32_1 = join32; - - function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; - } - } - return res; - } - var split32_1 = split32; - - function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); - } - var rotr32_1 = rotr32; - - function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); - } - var rotl32_1 = rotl32; - - function sum32(a, b) { - return (a + b) >>> 0; - } - var sum32_1 = sum32; - - function sum32_3(a, b, c) { - return (a + b + c) >>> 0; - } - var sum32_3_1 = sum32_3; - - function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; - } - var sum32_4_1 = sum32_4; - - function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; - } - var sum32_5_1 = sum32_5; - - function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; - - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; - } - var sum64_1 = sum64; - - function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; - } - var sum64_hi_1 = sum64_hi; - - function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; - } - var sum64_lo_1 = sum64_lo; - - function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; - } - var sum64_4_hi_1 = sum64_4_hi; - - function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; - } - var sum64_4_lo_1 = sum64_4_lo; - - function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; - - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; - } - var sum64_5_hi_1 = sum64_5_hi; - - function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; - - return lo >>> 0; - } - var sum64_5_lo_1 = sum64_5_lo; - - function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; - } - var rotr64_hi_1 = rotr64_hi; - - function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; - } - var rotr64_lo_1 = rotr64_lo; - - function shr64_hi(ah, al, num) { - return ah >>> num; - } - var shr64_hi_1 = shr64_hi; - - function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; - } - var shr64_lo_1 = shr64_lo; - - var utils = { - inherits: inherits_1, - toArray: toArray_1, - toHex: toHex_1, - htonl: htonl_1, - toHex32: toHex32_1, - zero2: zero2_1, - zero8: zero8_1, - join32: join32_1, - split32: split32_1, - rotr32: rotr32_1, - rotl32: rotl32_1, - sum32: sum32_1, - sum32_3: sum32_3_1, - sum32_4: sum32_4_1, - sum32_5: sum32_5_1, - sum64: sum64_1, - sum64_hi: sum64_hi_1, - sum64_lo: sum64_lo_1, - sum64_4_hi: sum64_4_hi_1, - sum64_4_lo: sum64_4_lo_1, - sum64_5_hi: sum64_5_hi_1, - sum64_5_lo: sum64_5_lo_1, - rotr64_hi: rotr64_hi_1, - rotr64_lo: rotr64_lo_1, - shr64_hi: shr64_hi_1, - shr64_lo: shr64_lo_1 - }; - - function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; - - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; - } - var BlockHash_1 = BlockHash; - - BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; - - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; - - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; - - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); - } - - return this; - }; - - BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - minimalisticAssert(this.pending === null); - - return this._digest(enc); - }; - - BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; - } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (t = 8; t < this.padLength; t++) - res[i++] = 0; - } - - return res; - }; - - var common = { - BlockHash: BlockHash_1 - }; - - var rotr32$1 = utils.rotr32; - - function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); - } - var ft_1_1 = ft_1; - - function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); - } - var ch32_1 = ch32; - - function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); - } - var maj32_1 = maj32; - - function p32(x, y, z) { - return x ^ y ^ z; - } - var p32_1 = p32; - - function s0_256(x) { - return rotr32$1(x, 2) ^ rotr32$1(x, 13) ^ rotr32$1(x, 22); - } - var s0_256_1 = s0_256; - - function s1_256(x) { - return rotr32$1(x, 6) ^ rotr32$1(x, 11) ^ rotr32$1(x, 25); - } - var s1_256_1 = s1_256; - - function g0_256(x) { - return rotr32$1(x, 7) ^ rotr32$1(x, 18) ^ (x >>> 3); - } - var g0_256_1 = g0_256; - - function g1_256(x) { - return rotr32$1(x, 17) ^ rotr32$1(x, 19) ^ (x >>> 10); - } - var g1_256_1 = g1_256; - - var common$1 = { - ft_1: ft_1_1, - ch32: ch32_1, - maj32: maj32_1, - p32: p32_1, - s0_256: s0_256_1, - s1_256: s1_256_1, - g0_256: g0_256_1, - g1_256: g1_256_1 - }; - - var sum32$1 = utils.sum32; - var sum32_4$1 = utils.sum32_4; - var sum32_5$1 = utils.sum32_5; - var ch32$1 = common$1.ch32; - var maj32$1 = common$1.maj32; - var s0_256$1 = common$1.s0_256; - var s1_256$1 = common$1.s1_256; - var g0_256$1 = common$1.g0_256; - var g1_256$1 = common$1.g1_256; - - var BlockHash$1 = common.BlockHash; - - var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - ]; - - function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); - - BlockHash$1.call(this); - this.h = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 - ]; - this.k = sha256_K; - this.W = new Array(64); - } - utils.inherits(SHA256, BlockHash$1); - var _256 = SHA256; - - SHA256.blockSize = 512; - SHA256.outSize = 256; - SHA256.hmacStrength = 192; - SHA256.padLength = 64; - - SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4$1(g1_256$1(W[i - 2]), W[i - 7], g0_256$1(W[i - 15]), W[i - 16]); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; - - minimalisticAssert(this.k.length === W.length); - for (i = 0; i < W.length; i++) { - var T1 = sum32_5$1(h, s1_256$1(e), ch32$1(e, f, g), this.k[i], W[i]); - var T2 = sum32$1(s0_256$1(a), maj32$1(a, b, c)); - h = g; - g = f; - f = e; - e = sum32$1(d, T1); - d = c; - c = b; - b = a; - a = sum32$1(T1, T2); - } - - this.h[0] = sum32$1(this.h[0], a); - this.h[1] = sum32$1(this.h[1], b); - this.h[2] = sum32$1(this.h[2], c); - this.h[3] = sum32$1(this.h[3], d); - this.h[4] = sum32$1(this.h[4], e); - this.h[5] = sum32$1(this.h[5], f); - this.h[6] = sum32$1(this.h[6], g); - this.h[7] = sum32$1(this.h[7], h); - }; - - SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); - }; - - function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - - _256.call(this); - this.h = [ - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; - } - utils.inherits(SHA224, _256); - var _224 = SHA224; - - SHA224.blockSize = 512; - SHA224.outSize = 224; - SHA224.hmacStrength = 192; - SHA224.padLength = 64; - - SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); - }; - - var rotr64_hi$1 = utils.rotr64_hi; - var rotr64_lo$1 = utils.rotr64_lo; - var shr64_hi$1 = utils.shr64_hi; - var shr64_lo$1 = utils.shr64_lo; - var sum64$1 = utils.sum64; - var sum64_hi$1 = utils.sum64_hi; - var sum64_lo$1 = utils.sum64_lo; - var sum64_4_hi$1 = utils.sum64_4_hi; - var sum64_4_lo$1 = utils.sum64_4_lo; - var sum64_5_hi$1 = utils.sum64_5_hi; - var sum64_5_lo$1 = utils.sum64_5_lo; - - var BlockHash$2 = common.BlockHash; - - var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 - ]; - - function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - - BlockHash$2.call(this); - this.h = [ - 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); - } - utils.inherits(SHA512, BlockHash$2); - var _512 = SHA512; - - SHA512.blockSize = 1024; - SHA512.outSize = 512; - SHA512.hmacStrength = 192; - SHA512.padLength = 128; - - SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; - - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - - W[i] = sum64_4_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - } - }; - - SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; - - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; - - minimalisticAssert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; - - var T1_hi = sum64_5_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - - c0_hi = s0_512_hi(ah, al); - c0_lo = s0_512_lo(ah, al); - c1_hi = maj64_hi(ah, al, bh, bl, ch); - c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); - - var T2_hi = sum64_hi$1(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo$1(c0_hi, c0_lo, c1_hi, c1_lo); - - hh = gh; - hl = gl; - - gh = fh; - gl = fl; - - fh = eh; - fl = el; - - eh = sum64_hi$1(dh, dl, T1_hi, T1_lo); - el = sum64_lo$1(dl, dl, T1_hi, T1_lo); - - dh = ch; - dl = cl; - - ch = bh; - cl = bl; - - bh = ah; - bl = al; - - ah = sum64_hi$1(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo$1(T1_hi, T1_lo, T2_hi, T2_lo); - } - - sum64$1(this.h, 0, ah, al); - sum64$1(this.h, 2, bh, bl); - sum64$1(this.h, 4, ch, cl); - sum64$1(this.h, 6, dh, dl); - sum64$1(this.h, 8, eh, el); - sum64$1(this.h, 10, fh, fl); - sum64$1(this.h, 12, gh, gl); - sum64$1(this.h, 14, hh, hl); - }; - - SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); - }; - - function ch64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; - } - - function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; - } - - function maj64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; - } - - function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; - } - - function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 28); - var c1_hi = rotr64_hi$1(xl, xh, 2); // 34 - var c2_hi = rotr64_hi$1(xl, xh, 7); // 39 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; - } - - function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 28); - var c1_lo = rotr64_lo$1(xl, xh, 2); // 34 - var c2_lo = rotr64_lo$1(xl, xh, 7); // 39 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; - } - - function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 14); - var c1_hi = rotr64_hi$1(xh, xl, 18); - var c2_hi = rotr64_hi$1(xl, xh, 9); // 41 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; - } - - function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 14); - var c1_lo = rotr64_lo$1(xh, xl, 18); - var c2_lo = rotr64_lo$1(xl, xh, 9); // 41 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; - } - - function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 1); - var c1_hi = rotr64_hi$1(xh, xl, 8); - var c2_hi = shr64_hi$1(xh, xl, 7); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; - } - - function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 1); - var c1_lo = rotr64_lo$1(xh, xl, 8); - var c2_lo = shr64_lo$1(xh, xl, 7); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; - } - - function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 19); - var c1_hi = rotr64_hi$1(xl, xh, 29); // 61 - var c2_hi = shr64_hi$1(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; - } - - function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 19); - var c1_lo = rotr64_lo$1(xl, xh, 29); // 61 - var c2_lo = shr64_lo$1(xh, xl, 6); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; - } - - function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - _512.call(this); - this.h = [ - 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; - } - utils.inherits(SHA384, _512); - var _384 = SHA384; - - SHA384.blockSize = 1024; - SHA384.outSize = 384; - SHA384.hmacStrength = 192; - SHA384.padLength = 128; - - SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); - }; - - var rotl32$1 = utils.rotl32; - var sum32$2 = utils.sum32; - var sum32_3$1 = utils.sum32_3; - var sum32_4$2 = utils.sum32_4; - var BlockHash$3 = common.BlockHash; - - function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash$3.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; - } - utils.inherits(RIPEMD160, BlockHash$3); - var ripemd160 = RIPEMD160; - - RIPEMD160.blockSize = 512; - RIPEMD160.outSize = 160; - RIPEMD160.hmacStrength = 192; - RIPEMD160.padLength = 64; - - RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32$2( - rotl32$1( - sum32_4$2(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32$1(C, 10); - C = B; - B = T; - T = sum32$2( - rotl32$1( - sum32_4$2(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32$1(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3$1(this.h[1], C, Dh); - this.h[1] = sum32_3$1(this.h[2], D, Eh); - this.h[2] = sum32_3$1(this.h[3], E, Ah); - this.h[3] = sum32_3$1(this.h[4], A, Bh); - this.h[4] = sum32_3$1(this.h[0], B, Ch); - this.h[0] = T; - }; - - RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); - }; - - function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); - } - - function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; - } - - function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; - } - - var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 - ]; - - var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 - ]; - - var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 - ]; - - var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 - ]; - - var ripemd = { - ripemd160: ripemd160 - }; - - /** - * A fast MD5 JavaScript implementation - * Copyright (c) 2012 Joseph Myers - * http://www.myersdaily.org/joseph/javascript/md5-text.html - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purposes and without - * fee is hereby granted provided that this copyright notice - * appears in all copies. - * - * Of course, this soft is provided "as is" without express or implied - * warranty of any kind. - */ - - // MD5 Digest - async function md5(entree) { - const digest = md51(util.uint8ArrayToString(entree)); - return util.hexToUint8Array(hex(digest)); - } - - function md5cycle(x, k) { - let a = x[0]; - let b = x[1]; - let c = x[2]; - let d = x[3]; - - a = ff(a, b, c, d, k[0], 7, -680876936); - d = ff(d, a, b, c, k[1], 12, -389564586); - c = ff(c, d, a, b, k[2], 17, 606105819); - b = ff(b, c, d, a, k[3], 22, -1044525330); - a = ff(a, b, c, d, k[4], 7, -176418897); - d = ff(d, a, b, c, k[5], 12, 1200080426); - c = ff(c, d, a, b, k[6], 17, -1473231341); - b = ff(b, c, d, a, k[7], 22, -45705983); - a = ff(a, b, c, d, k[8], 7, 1770035416); - d = ff(d, a, b, c, k[9], 12, -1958414417); - c = ff(c, d, a, b, k[10], 17, -42063); - b = ff(b, c, d, a, k[11], 22, -1990404162); - a = ff(a, b, c, d, k[12], 7, 1804603682); - d = ff(d, a, b, c, k[13], 12, -40341101); - c = ff(c, d, a, b, k[14], 17, -1502002290); - b = ff(b, c, d, a, k[15], 22, 1236535329); - - a = gg(a, b, c, d, k[1], 5, -165796510); - d = gg(d, a, b, c, k[6], 9, -1069501632); - c = gg(c, d, a, b, k[11], 14, 643717713); - b = gg(b, c, d, a, k[0], 20, -373897302); - a = gg(a, b, c, d, k[5], 5, -701558691); - d = gg(d, a, b, c, k[10], 9, 38016083); - c = gg(c, d, a, b, k[15], 14, -660478335); - b = gg(b, c, d, a, k[4], 20, -405537848); - a = gg(a, b, c, d, k[9], 5, 568446438); - d = gg(d, a, b, c, k[14], 9, -1019803690); - c = gg(c, d, a, b, k[3], 14, -187363961); - b = gg(b, c, d, a, k[8], 20, 1163531501); - a = gg(a, b, c, d, k[13], 5, -1444681467); - d = gg(d, a, b, c, k[2], 9, -51403784); - c = gg(c, d, a, b, k[7], 14, 1735328473); - b = gg(b, c, d, a, k[12], 20, -1926607734); - - a = hh(a, b, c, d, k[5], 4, -378558); - d = hh(d, a, b, c, k[8], 11, -2022574463); - c = hh(c, d, a, b, k[11], 16, 1839030562); - b = hh(b, c, d, a, k[14], 23, -35309556); - a = hh(a, b, c, d, k[1], 4, -1530992060); - d = hh(d, a, b, c, k[4], 11, 1272893353); - c = hh(c, d, a, b, k[7], 16, -155497632); - b = hh(b, c, d, a, k[10], 23, -1094730640); - a = hh(a, b, c, d, k[13], 4, 681279174); - d = hh(d, a, b, c, k[0], 11, -358537222); - c = hh(c, d, a, b, k[3], 16, -722521979); - b = hh(b, c, d, a, k[6], 23, 76029189); - a = hh(a, b, c, d, k[9], 4, -640364487); - d = hh(d, a, b, c, k[12], 11, -421815835); - c = hh(c, d, a, b, k[15], 16, 530742520); - b = hh(b, c, d, a, k[2], 23, -995338651); - - a = ii(a, b, c, d, k[0], 6, -198630844); - d = ii(d, a, b, c, k[7], 10, 1126891415); - c = ii(c, d, a, b, k[14], 15, -1416354905); - b = ii(b, c, d, a, k[5], 21, -57434055); - a = ii(a, b, c, d, k[12], 6, 1700485571); - d = ii(d, a, b, c, k[3], 10, -1894986606); - c = ii(c, d, a, b, k[10], 15, -1051523); - b = ii(b, c, d, a, k[1], 21, -2054922799); - a = ii(a, b, c, d, k[8], 6, 1873313359); - d = ii(d, a, b, c, k[15], 10, -30611744); - c = ii(c, d, a, b, k[6], 15, -1560198380); - b = ii(b, c, d, a, k[13], 21, 1309151649); - a = ii(a, b, c, d, k[4], 6, -145523070); - d = ii(d, a, b, c, k[11], 10, -1120210379); - c = ii(c, d, a, b, k[2], 15, 718787259); - b = ii(b, c, d, a, k[9], 21, -343485551); - - x[0] = add32(a, x[0]); - x[1] = add32(b, x[1]); - x[2] = add32(c, x[2]); - x[3] = add32(d, x[3]); - } - - function cmn(q, a, b, x, s, t) { - a = add32(add32(a, q), add32(x, t)); - return add32((a << s) | (a >>> (32 - s)), b); - } - - function ff(a, b, c, d, x, s, t) { - return cmn((b & c) | ((~b) & d), a, b, x, s, t); - } - - function gg(a, b, c, d, x, s, t) { - return cmn((b & d) | (c & (~d)), a, b, x, s, t); - } - - function hh(a, b, c, d, x, s, t) { - return cmn(b ^ c ^ d, a, b, x, s, t); - } - - function ii(a, b, c, d, x, s, t) { - return cmn(c ^ (b | (~d)), a, b, x, s, t); - } - - function md51(s) { - const n = s.length; - const state = [1732584193, -271733879, -1732584194, 271733878]; - let i; - for (i = 64; i <= s.length; i += 64) { - md5cycle(state, md5blk(s.substring(i - 64, i))); - } - s = s.substring(i - 64); - const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (i = 0; i < s.length; i++) { - tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); - } - tail[i >> 2] |= 0x80 << ((i % 4) << 3); - if (i > 55) { - md5cycle(state, tail); - for (i = 0; i < 16; i++) { - tail[i] = 0; - } - } - tail[14] = n * 8; - md5cycle(state, tail); - return state; - } - - /* there needs to be support for Unicode here, - * unless we pretend that we can redefine the MD-5 - * algorithm for multi-byte characters (perhaps - * by adding every four 16-bit characters and - * shortening the sum to 32 bits). Otherwise - * I suggest performing MD-5 as if every character - * was two bytes--e.g., 0040 0025 = @%--but then - * how will an ordinary MD-5 sum be matched? - * There is no way to standardize text to something - * like UTF-8 before transformation; speed cost is - * utterly prohibitive. The JavaScript standard - * itself needs to look at this: it should start - * providing access to strings as preformed UTF-8 - * 8-bit unsigned value arrays. - */ - function md5blk(s) { /* I figured global was faster. */ - const md5blks = []; - let i; /* Andy King said do it this way. */ - for (i = 0; i < 64; i += 4) { - md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << - 24); - } - return md5blks; - } - - const hex_chr = '0123456789abcdef'.split(''); - - function rhex(n) { - let s = ''; - let j = 0; - for (; j < 4; j++) { - s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; - } - return s; - } - - function hex(x) { - for (let i = 0; i < x.length; i++) { - x[i] = rhex(x[i]); - } - return x.join(''); - } - - /* this function is much faster, - so if possible we use it. Some IEs - are the only ones I know of that - need the idiotic second function, - generated by an if clause. */ - - function add32(a, b) { - return (a + b) & 0xFFFFFFFF; - } - - /** - * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://github.com/indutny/hash.js|hash.js} - * @module crypto/hash - * @private - */ - - const webCrypto = util.getWebCrypto(); - const nodeCrypto = util.getNodeCrypto(); - const nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes(); - - function nodeHash(type) { - if (!nodeCrypto || !nodeCryptoHashes.includes(type)) { - return; - } - return async function (data) { - const shasum = nodeCrypto.createHash(type); - return transform(data, value => { - shasum.update(value); - }, () => new Uint8Array(shasum.digest())); - }; - } - - function hashjsHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } - const hashInstance = hash(); - return transform(data, value => { - hashInstance.update(value); - }, () => new Uint8Array(hashInstance.digest())); - }; - } - - function asmcryptoHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (util.isStream(data)) { - const hashInstance = new hash(); - return transform(data, value => { - hashInstance.process(value); - }, () => hashInstance.finish().result); - } else if (webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } else { - return hash.bytes(data); - } - }; - } - - const hashFunctions = { - md5: nodeHash('md5') || md5, - sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'), - sha224: nodeHash('sha224') || hashjsHash(_224), - sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'), - sha384: nodeHash('sha384') || hashjsHash(_384, 'SHA-384'), - sha512: nodeHash('sha512') || hashjsHash(_512, 'SHA-512'), // asmcrypto sha512 is huge. - ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160) - }; - - var hash = { - - /** @see module:md5 */ - md5: hashFunctions.md5, - /** @see asmCrypto */ - sha1: hashFunctions.sha1, - /** @see hash.js */ - sha224: hashFunctions.sha224, - /** @see asmCrypto */ - sha256: hashFunctions.sha256, - /** @see hash.js */ - sha384: hashFunctions.sha384, - /** @see asmCrypto */ - sha512: hashFunctions.sha512, - /** @see hash.js */ - ripemd: hashFunctions.ripemd, - - /** - * Create a hash on the specified data using the specified algorithm - * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @param {Uint8Array} data - Data to be hashed - * @returns {Promise} Hash value. - */ - digest: function(algo, data) { - switch (algo) { - case enums.hash.md5: - return this.md5(data); - case enums.hash.sha1: - return this.sha1(data); - case enums.hash.ripemd: - return this.ripemd(data); - case enums.hash.sha256: - return this.sha256(data); - case enums.hash.sha384: - return this.sha384(data); - case enums.hash.sha512: - return this.sha512(data); - case enums.hash.sha224: - return this.sha224(data); - default: - throw new Error('Invalid hash function.'); - } - }, - - /** - * Returns the hash size in bytes of the specified hash algorithm type - * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @returns {Integer} Size in bytes of the resulting hash. - */ - getHashByteLength: function(algo) { - switch (algo) { - case enums.hash.md5: - return 16; - case enums.hash.sha1: - case enums.hash.ripemd: - return 20; - case enums.hash.sha256: - return 32; - case enums.hash.sha384: - return 48; - case enums.hash.sha512: - return 64; - case enums.hash.sha224: - return 28; - default: - throw new Error('Invalid hash algorithm.'); - } - } - }; - - class AES_CFB { - static encrypt(data, key, iv) { - return new AES_CFB(key, iv).encrypt(data); - } - static decrypt(data, key, iv) { - return new AES_CFB(key, iv).decrypt(data); - } - constructor(key, iv, aes) { - this.aes = aes ? aes : new AES(key, iv, true, 'CFB'); - delete this.aes.padding; - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } - } - - /** - * Get implementation of the given cipher - * @param {enums.symmetric} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ - function getCipher(algo) { - const algoName = enums.read(enums.symmetric, algo); - return cipher[algoName]; - } - - // Modified by ProtonTech AG - - const webCrypto$1 = util.getWebCrypto(); - const nodeCrypto$1 = util.getNodeCrypto(); - - const knownAlgos = nodeCrypto$1 ? nodeCrypto$1.getCiphers() : []; - const nodeAlgos = { - idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ - tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, - cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, - blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, - aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, - aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, - aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined - /* twofish is not implemented in OpenSSL */ - }; - - /** - * CFB encryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} plaintext - * @param {Uint8Array} iv - * @param {Object} config - full configuration, defaults to openpgp.config - * @returns MaybeStream - */ - async function encrypt(algo, key, plaintext, iv, config) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeEncrypt(algo, key, plaintext, iv); - } - if (util.isAES(algo)) { - return aesEncrypt(algo, key, plaintext, iv, config); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - const blockc = iv.slice(); - let pt = new Uint8Array(); - const process = chunk => { - if (chunk) { - pt = util.concatUint8Array([pt, chunk]); - } - const ciphertext = new Uint8Array(pt.length); - let i; - let j = 0; - while (chunk ? pt.length >= block_size : pt.length) { - const encblock = cipherfn.encrypt(blockc); - for (i = 0; i < block_size; i++) { - blockc[i] = pt[i] ^ encblock[i]; - ciphertext[j++] = blockc[i]; - } - pt = pt.subarray(block_size); - } - return ciphertext.subarray(0, j); - }; - return transform(plaintext, process, process); - } - - /** - * CFB decryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} ciphertext - * @param {Uint8Array} iv - * @returns MaybeStream - */ - async function decrypt(algo, key, ciphertext, iv) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeDecrypt(algo, key, ciphertext, iv); - } - if (util.isAES(algo)) { - return aesDecrypt(algo, key, ciphertext, iv); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - let blockp = iv; - let ct = new Uint8Array(); - const process = chunk => { - if (chunk) { - ct = util.concatUint8Array([ct, chunk]); - } - const plaintext = new Uint8Array(ct.length); - let i; - let j = 0; - while (chunk ? ct.length >= block_size : ct.length) { - const decblock = cipherfn.encrypt(blockp); - blockp = ct.subarray(0, block_size); - for (i = 0; i < block_size; i++) { - plaintext[j++] = blockp[i] ^ decblock[i]; - } - ct = ct.subarray(block_size); - } - return plaintext.subarray(0, j); - }; - return transform(ciphertext, process, process); - } - - function aesEncrypt(algo, key, pt, iv, config) { - if ( - util.getWebCrypto() && - key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support - !util.isStream(pt) && - pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2 - ) { // Web Crypto - return webEncrypt(algo, key, pt, iv); - } - // asm.js fallback - const cfb = new AES_CFB(key, iv); - return transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish()); - } - - function aesDecrypt(algo, key, ct, iv) { - if (util.isStream(ct)) { - const cfb = new AES_CFB(key, iv); - return transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish()); - } - return AES_CFB.decrypt(ct, key, iv); - } - - function xorMut(a, b) { - for (let i = 0; i < a.length; i++) { - a[i] = a[i] ^ b[i]; - } - } - - async function webEncrypt(algo, key, pt, iv) { - const ALGO = 'AES-CBC'; - const _key = await webCrypto$1.importKey('raw', key, { name: ALGO }, false, ['encrypt']); - const { blockSize } = getCipher(algo); - const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]); - const ct = new Uint8Array(await webCrypto$1.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length); - xorMut(ct, pt); - return ct; - } - - function nodeEncrypt(algo, key, pt, iv) { - const algoName = enums.read(enums.symmetric, algo); - const cipherObj = new nodeCrypto$1.createCipheriv(nodeAlgos[algoName], key, iv); - return transform(pt, value => new Uint8Array(cipherObj.update(value))); - } - - function nodeDecrypt(algo, key, ct, iv) { - const algoName = enums.read(enums.symmetric, algo); - const decipherObj = new nodeCrypto$1.createDecipheriv(nodeAlgos[algoName], key, iv); - return transform(ct, value => new Uint8Array(decipherObj.update(value))); - } - - var cfb = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt, - decrypt: decrypt - }); - - class AES_CTR { - static encrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - static decrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - constructor(key, nonce, aes) { - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - delete this.aes.padding; - this.AES_CTR_set_options(nonce); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - AES_CTR_set_options(nonce, counter, size) { - let { asm } = this.aes.acquire_asm(); - if (size !== undefined) { - if (size < 8 || size > 48) - throw new IllegalArgumentError('illegal counter size'); - let mask = Math.pow(2, size) - 1; - asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0); - } - else { - size = 48; - asm.set_mask(0, 0, 0xffff, 0xffffffff); - } - if (nonce !== undefined) { - let len = nonce.length; - if (!len || len > 16) - throw new IllegalArgumentError('illegal nonce size'); - let view = new DataView(new ArrayBuffer(16)); - new Uint8Array(view.buffer).set(nonce); - asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12)); - } - else { - throw new Error('nonce is required'); - } - if (counter !== undefined) { - if (counter < 0 || counter >= Math.pow(2, size)) - throw new IllegalArgumentError('illegal counter value'); - asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0); - } - } - } - - class AES_CBC { - static encrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).encrypt(data); - } - static decrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).decrypt(data); - } - constructor(key, iv, padding = true, aes) { - this.aes = aes ? aes : new AES(key, iv, padding, 'CBC'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } - } - - /** - * @fileoverview This module implements AES-CMAC on top of - * native AES-CBC using either the WebCrypto API or Node.js' crypto API. - * @module crypto/cmac - * @private - */ - - const webCrypto$2 = util.getWebCrypto(); - const nodeCrypto$2 = util.getNodeCrypto(); - - - /** - * This implementation of CMAC is based on the description of OMAC in - * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that - * document: - * - * We have made a small modification to the OMAC algorithm as it was - * originally presented, changing one of its two constants. - * Specifically, the constant 4 at line 85 was the constant 1/2 (the - * multiplicative inverse of 2) in the original definition of OMAC [14]. - * The OMAC authors indicate that they will promulgate this modification - * [15], which slightly simplifies implementations. - */ - - const blockLength = 16; - - - /** - * xor `padding` into the end of `data`. This function implements "the - * operation xor→ [which] xors the shorter string into the end of longer - * one". Since data is always as least as long as padding, we can - * simplify the implementation. - * @param {Uint8Array} data - * @param {Uint8Array} padding - */ - function rightXORMut(data, padding) { - const offset = data.length - blockLength; - for (let i = 0; i < blockLength; i++) { - data[i + offset] ^= padding[i]; - } - return data; - } - - function pad(data, padding, padding2) { - // if |M| in {n, 2n, 3n, ...} - if (data.length && data.length % blockLength === 0) { - // then return M xor→ B, - return rightXORMut(data, padding); - } - // else return (M || 10^(n−1−(|M| mod n))) xor→ P - const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength))); - padded.set(data); - padded[data.length] = 0b10000000; - return rightXORMut(padded, padding2); - } - - const zeroBlock = new Uint8Array(blockLength); - - async function CMAC(key) { - const cbc = await CBC(key); - - // L ← E_K(0^n); B ← 2L; P ← 4L - const padding = util.double(await cbc(zeroBlock)); - const padding2 = util.double(padding); - - return async function(data) { - // return CBC_K(pad(M; B, P)) - return (await cbc(pad(data, padding, padding2))).subarray(-blockLength); - }; - } - - async function CBC(key) { - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - key = await webCrypto$2.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); - return async function(pt) { - const ct = await webCrypto$2.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt); - return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt) { - const en = new nodeCrypto$2.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock); - const ct = en.update(pt); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt) { - return AES_CBC.encrypt(pt, key, false, zeroBlock); - }; - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - const webCrypto$3 = util.getWebCrypto(); - const nodeCrypto$3 = util.getNodeCrypto(); - const Buffer$1 = util.getNodeBuffer(); - - - const blockLength$1 = 16; - const ivLength = blockLength$1; - const tagLength = blockLength$1; - - const zero = new Uint8Array(blockLength$1); - const one = new Uint8Array(blockLength$1); one[blockLength$1 - 1] = 1; - const two = new Uint8Array(blockLength$1); two[blockLength$1 - 1] = 2; - - async function OMAC(key) { - const cmac = await CMAC(key); - return function(t, message) { - return cmac(util.concatUint8Array([t, message])); - }; - } - - async function CTR(key) { - if ( - util.getWebCrypto() && - key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - ) { - key = await webCrypto$3.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); - return async function(pt, iv) { - const ct = await webCrypto$3.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$1 * 8 }, key, pt); - return new Uint8Array(ct); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt, iv) { - const en = new nodeCrypto$3.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); - const ct = Buffer$1.concat([en.update(pt), en.final()]); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt, iv) { - return AES_CTR.encrypt(pt, key, iv); - }; - } - - - /** - * Class to en/decrypt using EAX mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ - async function EAX(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('EAX mode supports only AES cipher'); - } - - const [ - omac, - ctr - ] = await Promise.all([ - OMAC(key), - CTR(key) - ]); - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - const [ - omacNonce, - omacAdata - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata) - ]); - const ciphered = await ctr(plaintext, omacNonce); - const omacCiphered = await omac(two, ciphered); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - return util.concatUint8Array([ciphered, tag]); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to verify - * @returns {Promise} The plaintext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext'); - const ciphered = ciphertext.subarray(0, -tagLength); - const ctTag = ciphertext.subarray(-tagLength); - const [ - omacNonce, - omacAdata, - omacCiphered - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata), - omac(two, ciphered) - ]); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); - const plaintext = await ctr(ciphered, omacNonce); - return plaintext; - } - }; - } - - - /** - * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. - * @param {Uint8Array} iv - The initialization vector (16 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ - EAX.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[8 + i] ^= chunkIndex[i]; - } - return nonce; - }; - - EAX.blockLength = blockLength$1; - EAX.ivLength = ivLength; - EAX.tagLength = tagLength; - - // OpenPGP.js - An OpenPGP implementation in javascript - - const blockLength$2 = 16; - const ivLength$1 = 15; - - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: - // While OCB [RFC7253] allows the authentication tag length to be of any - // number up to 128 bits long, this document requires a fixed - // authentication tag length of 128 bits (16 octets) for simplicity. - const tagLength$1 = 16; - - - function ntz(n) { - let ntz = 0; - for (let i = 1; (n & i) === 0; i <<= 1) { - ntz++; - } - return ntz; - } - - function xorMut$1(S, T) { - for (let i = 0; i < S.length; i++) { - S[i] ^= T[i]; - } - return S; - } - - function xor(S, T) { - return xorMut$1(S.slice(), T); - } - - const zeroBlock$1 = new Uint8Array(blockLength$2); - const one$1 = new Uint8Array([1]); - - /** - * Class to en/decrypt using OCB mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ - async function OCB(cipher$1, key) { - - let maxNtz = 0; - let encipher; - let decipher; - let mask; - - constructKeyVariables(cipher$1, key); - - function constructKeyVariables(cipher$1, key) { - const cipherName = enums.read(enums.symmetric, cipher$1); - const aes = new cipher[cipherName](key); - encipher = aes.encrypt.bind(aes); - decipher = aes.decrypt.bind(aes); - - const mask_x = encipher(zeroBlock$1); - const mask_$ = util.double(mask_x); - mask = []; - mask[0] = util.double(mask_$); - - - mask.x = mask_x; - mask.$ = mask_$; - } - - function extendKeyVariables(text, adata) { - const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$2 | 0) - 1; - for (let i = maxNtz + 1; i <= newMaxNtz; i++) { - mask[i] = util.double(mask[i - 1]); - } - maxNtz = newMaxNtz; - } - - function hash(adata) { - if (!adata.length) { - // Fast path - return zeroBlock$1; - } - - // - // Consider A as a sequence of 128-bit blocks - // - const m = adata.length / blockLength$2 | 0; - - const offset = new Uint8Array(blockLength$2); - const sum = new Uint8Array(blockLength$2); - for (let i = 0; i < m; i++) { - xorMut$1(offset, mask[ntz(i + 1)]); - xorMut$1(sum, encipher(xor(offset, adata))); - adata = adata.subarray(blockLength$2); - } - - // - // Process any final partial block; compute final hash value - // - if (adata.length) { - xorMut$1(offset, mask.x); - - const cipherInput = new Uint8Array(blockLength$2); - cipherInput.set(adata, 0); - cipherInput[adata.length] = 0b10000000; - xorMut$1(cipherInput, offset); - - xorMut$1(sum, encipher(cipherInput)); - } - - return sum; - } - - /** - * Encrypt/decrypt data. - * @param {encipher|decipher} fn - Encryption/decryption block cipher function - * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. - */ - function crypt(fn, text, nonce, adata) { - // - // Consider P as a sequence of 128-bit blocks - // - const m = text.length / blockLength$2 | 0; - - // - // Key-dependent variables - // - extendKeyVariables(text, adata); - - // - // Nonce-dependent and per-encryption variables - // - // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N - // Note: We assume here that tagLength mod 16 == 0. - const paddedNonce = util.concatUint8Array([zeroBlock$1.subarray(0, ivLength$1 - nonce.length), one$1, nonce]); - // bottom = str2num(Nonce[123..128]) - const bottom = paddedNonce[blockLength$2 - 1] & 0b111111; - // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) - paddedNonce[blockLength$2 - 1] &= 0b11000000; - const kTop = encipher(paddedNonce); - // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) - const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); - // Offset_0 = Stretch[1+bottom..128+bottom] - const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); - // Checksum_0 = zeros(128) - const checksum = new Uint8Array(blockLength$2); - - const ct = new Uint8Array(text.length + tagLength$1); - - // - // Process any whole blocks - // - let i; - let pos = 0; - for (i = 0; i < m; i++) { - // Offset_i = Offset_{i-1} xor L_{ntz(i)} - xorMut$1(offset, mask[ntz(i + 1)]); - // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) - // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) - ct.set(xorMut$1(fn(xor(offset, text)), offset), pos); - // Checksum_i = Checksum_{i-1} xor P_i - xorMut$1(checksum, fn === encipher ? text : ct.subarray(pos)); - - text = text.subarray(blockLength$2); - pos += blockLength$2; - } - - // - // Process any final partial block and compute raw tag - // - if (text.length) { - // Offset_* = Offset_m xor L_* - xorMut$1(offset, mask.x); - // Pad = ENCIPHER(K, Offset_*) - const padding = encipher(offset); - // C_* = P_* xor Pad[1..bitlen(P_*)] - ct.set(xor(text, padding), pos); - - // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) - const xorInput = new Uint8Array(blockLength$2); - xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); - xorInput[text.length] = 0b10000000; - xorMut$1(checksum, xorInput); - pos += text.length; - } - // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - const tag = xorMut$1(encipher(xorMut$1(xorMut$1(checksum, offset), mask.$)), hash(adata)); - - // - // Assemble ciphertext - // - // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] - ct.set(tag, pos); - return ct; - } - - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - return crypt(encipher, plaintext, nonce, adata); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); - - const tag = ciphertext.subarray(-tagLength$1); - ciphertext = ciphertext.subarray(0, -tagLength$1); - - const crypted = crypt(decipher, ciphertext, nonce, adata); - // if (Tag[1..TAGLEN] == T) - if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { - return crypted.subarray(0, -tagLength$1); - } - throw new Error('Authentication tag mismatch'); - } - }; - } - - - /** - * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. - * @param {Uint8Array} iv - The initialization vector (15 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ - OCB.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[7 + i] ^= chunkIndex[i]; - } - return nonce; - }; - - OCB.blockLength = blockLength$2; - OCB.ivLength = ivLength$1; - OCB.tagLength = tagLength$1; - - const _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5 - class AES_GCM { - constructor(key, nonce, adata, tagSize = 16, aes) { - this.tagSize = tagSize; - this.gamma0 = 0; - this.counter = 1; - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - let { asm, heap } = this.aes.acquire_asm(); - // Init GCM - asm.gcm_init(); - // Tag size - if (this.tagSize < 4 || this.tagSize > 16) - throw new IllegalArgumentError('illegal tagSize value'); - // Nonce - const noncelen = nonce.length || 0; - const noncebuf = new Uint8Array(16); - if (noncelen !== 12) { - this._gcm_mac_process(nonce); - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = 0; - heap[4] = 0; - heap[5] = 0; - heap[6] = 0; - heap[7] = 0; - heap[8] = 0; - heap[9] = 0; - heap[10] = 0; - heap[11] = noncelen >>> 29; - heap[12] = (noncelen >>> 21) & 255; - heap[13] = (noncelen >>> 13) & 255; - heap[14] = (noncelen >>> 5) & 255; - heap[15] = (noncelen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_iv(0, 0, 0, 0); - noncebuf.set(heap.subarray(0, 16)); - } - else { - noncebuf.set(nonce); - noncebuf[15] = 1; - } - const nonceview = new DataView(noncebuf.buffer); - this.gamma0 = nonceview.getUint32(12); - asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0); - asm.set_mask(0, 0, 0, 0xffffffff); - // Associated data - if (adata !== undefined) { - if (adata.length > _AES_GCM_data_maxLength) - throw new IllegalArgumentError('illegal adata length'); - if (adata.length) { - this.adata = adata; - this._gcm_mac_process(adata); - } - else { - this.adata = undefined; - } - } - else { - this.adata = undefined; - } - // Counter - if (this.counter < 1 || this.counter > 0xffffffff) - throw new RangeError('counter must be a positive 32-bit integer'); - asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0); - } - static encrypt(cleartext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext); - } - static decrypt(ciphertext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext); - } - encrypt(data) { - return this.AES_GCM_encrypt(data); - } - decrypt(data) { - return this.AES_GCM_decrypt(data); - } - AES_GCM_Encrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len); - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Encrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let adata = this.adata; - let pos = this.aes.pos; - let len = this.aes.len; - const result = new Uint8Array(len + tagSize); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16); - if (len) - result.set(heap.subarray(pos, pos + len)); - let i = len; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - result.set(heap.subarray(0, tagSize), len); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_Decrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0; - let tlen = len + dlen - rlen; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > tlen) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - pos = 0; - len = 0; - } - if (dlen > 0) { - len += _heap_write(heap, 0, data, dpos, dlen); - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Decrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let tagSize = this.tagSize; - let adata = this.adata; - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rlen = len - tagSize; - if (len < tagSize) - throw new IllegalStateError('authentication tag not found'); - const result = new Uint8Array(rlen); - const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len)); - let i = rlen; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len - tagSize; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - let acheck = 0; - for (let i = 0; i < tagSize; ++i) - acheck |= atag[i] ^ heap[i]; - if (acheck) - throw new SecurityError('data integrity check failed'); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_decrypt(data) { - const result1 = this.AES_GCM_Decrypt_process(data); - const result2 = this.AES_GCM_Decrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - AES_GCM_encrypt(data) { - const result1 = this.AES_GCM_Encrypt_process(data); - const result2 = this.AES_GCM_Encrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - _gcm_mac_process(data) { - let { asm, heap } = this.aes.acquire_asm(); - let dpos = 0; - let dlen = data.length || 0; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, 0, data, dpos, dlen); - dpos += wlen; - dlen -= wlen; - while (wlen & 15) - heap[wlen++] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen); - } - } - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - const webCrypto$4 = util.getWebCrypto(); - const nodeCrypto$4 = util.getNodeCrypto(); - const Buffer$2 = util.getNodeBuffer(); - - const blockLength$3 = 16; - const ivLength$2 = 12; // size of the IV in bytes - const tagLength$2 = 16; // size of the tag in bytes - const ALGO = 'AES-GCM'; - - /** - * Class to en/decrypt using GCM mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ - async function GCM(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('GCM mode supports only AES cipher'); - } - - if (util.getNodeCrypto()) { // Node crypto library - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - const en = new nodeCrypto$4.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - en.setAAD(adata); - const ct = Buffer$2.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - const de = new nodeCrypto$4.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - de.setAAD(adata); - de.setAuthTag(ct.slice(ct.length - tagLength$2, ct.length)); // read auth tag at end of ciphertext - const pt = Buffer$2.concat([de.update(ct.slice(0, ct.length - tagLength$2)), de.final()]); - return new Uint8Array(pt); - } - }; - } - - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - const _key = await webCrypto$4.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); - - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.encrypt(pt, key, iv, adata); - } - const ct = await webCrypto$4.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, pt); - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - if (ct.length === tagLength$2) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.decrypt(ct, key, iv, adata); - } - const pt = await webCrypto$4.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, ct); - return new Uint8Array(pt); - } - }; - } - - return { - encrypt: async function(pt, iv, adata) { - return AES_GCM.encrypt(pt, key, iv, adata); - }, - - decrypt: async function(ct, iv, adata) { - return AES_GCM.decrypt(ct, key, iv, adata); - } - }; - } - - - /** - * Get GCM nonce. Note: this operation is not defined by the standard. - * A future version of the standard may define GCM mode differently, - * hopefully under a different ID (we use Private/Experimental algorithm - * ID 100) so that we can maintain backwards compatibility. - * @param {Uint8Array} iv - The initialization vector (12 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ - GCM.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[4 + i] ^= chunkIndex[i]; - } - return nonce; - }; - - GCM.blockLength = blockLength$3; - GCM.ivLength = ivLength$2; - GCM.tagLength = tagLength$2; - - /** - * @fileoverview Cipher modes - * @module crypto/mode - * @private - */ - - var mode = { - /** @see module:crypto/mode/cfb */ - cfb: cfb, - /** @see module:crypto/mode/gcm */ - gcm: GCM, - experimentalGCM: GCM, - /** @see module:crypto/mode/eax */ - eax: EAX, - /** @see module:crypto/mode/ocb */ - ocb: OCB - }; - - var naclFastLight = createCommonjsModule(function (module) { - /*jshint bitwise: false*/ - - (function(nacl) { - - // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. - // Public domain. - // - // Implementation derived from TweetNaCl version 20140427. - // See for details: http://tweetnacl.cr.yp.to/ - - var gf = function(init) { - var i, r = new Float64Array(16); - if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; - return r; - }; - - // Pluggable, initialized in high-level API below. - var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - - var _9 = new Uint8Array(32); _9[0] = 9; - - var gf0 = gf(), - gf1 = gf([1]), - _121665 = gf([0xdb41, 1]), - D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), - D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), - X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), - Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), - I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - - function vn(x, xi, y, yi, n) { - var i,d = 0; - for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; - return (1 & ((d - 1) >>> 8)) - 1; - } - - function crypto_verify_32(x, xi, y, yi) { - return vn(x,xi,y,yi,32); - } - - function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) r[i] = a[i]|0; - } - - function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; i++) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c-1 + 37 * (c-1); - } - - function sel25519(p, q, b) { - var t, c = ~(b-1); - for (var i = 0; i < 16; i++) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } - } - - function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; i++) t[i] = n[i]; - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; j++) { - m[0] = t[0] - 0xffed; - for (i = 1; i < 15; i++) { - m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); - m[i-1] &= 0xffff; - } - m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); - b = (m[15]>>16) & 1; - m[14] &= 0xffff; - sel25519(t, m, 1-b); - } - for (i = 0; i < 16; i++) { - o[2*i] = t[i] & 0xff; - o[2*i+1] = t[i]>>8; - } - } - - function neq25519(a, b) { - var c = new Uint8Array(32), d = new Uint8Array(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); - } - - function par25519(a) { - var d = new Uint8Array(32); - pack25519(d, a); - return d[0] & 1; - } - - function unpack25519(o, n) { - var i; - for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); - o[15] &= 0x7fff; - } - - function A(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; - } - - function Z(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; - } - - function M(o, a, b) { - var v, c, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, - t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, - t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, - b0 = b[0], - b1 = b[1], - b2 = b[2], - b3 = b[3], - b4 = b[4], - b5 = b[5], - b6 = b[6], - b7 = b[7], - b8 = b[8], - b9 = b[9], - b10 = b[10], - b11 = b[11], - b12 = b[12], - b13 = b[13], - b14 = b[14], - b15 = b[15]; - - v = a[0]; - t0 += v * b0; - t1 += v * b1; - t2 += v * b2; - t3 += v * b3; - t4 += v * b4; - t5 += v * b5; - t6 += v * b6; - t7 += v * b7; - t8 += v * b8; - t9 += v * b9; - t10 += v * b10; - t11 += v * b11; - t12 += v * b12; - t13 += v * b13; - t14 += v * b14; - t15 += v * b15; - v = a[1]; - t1 += v * b0; - t2 += v * b1; - t3 += v * b2; - t4 += v * b3; - t5 += v * b4; - t6 += v * b5; - t7 += v * b6; - t8 += v * b7; - t9 += v * b8; - t10 += v * b9; - t11 += v * b10; - t12 += v * b11; - t13 += v * b12; - t14 += v * b13; - t15 += v * b14; - t16 += v * b15; - v = a[2]; - t2 += v * b0; - t3 += v * b1; - t4 += v * b2; - t5 += v * b3; - t6 += v * b4; - t7 += v * b5; - t8 += v * b6; - t9 += v * b7; - t10 += v * b8; - t11 += v * b9; - t12 += v * b10; - t13 += v * b11; - t14 += v * b12; - t15 += v * b13; - t16 += v * b14; - t17 += v * b15; - v = a[3]; - t3 += v * b0; - t4 += v * b1; - t5 += v * b2; - t6 += v * b3; - t7 += v * b4; - t8 += v * b5; - t9 += v * b6; - t10 += v * b7; - t11 += v * b8; - t12 += v * b9; - t13 += v * b10; - t14 += v * b11; - t15 += v * b12; - t16 += v * b13; - t17 += v * b14; - t18 += v * b15; - v = a[4]; - t4 += v * b0; - t5 += v * b1; - t6 += v * b2; - t7 += v * b3; - t8 += v * b4; - t9 += v * b5; - t10 += v * b6; - t11 += v * b7; - t12 += v * b8; - t13 += v * b9; - t14 += v * b10; - t15 += v * b11; - t16 += v * b12; - t17 += v * b13; - t18 += v * b14; - t19 += v * b15; - v = a[5]; - t5 += v * b0; - t6 += v * b1; - t7 += v * b2; - t8 += v * b3; - t9 += v * b4; - t10 += v * b5; - t11 += v * b6; - t12 += v * b7; - t13 += v * b8; - t14 += v * b9; - t15 += v * b10; - t16 += v * b11; - t17 += v * b12; - t18 += v * b13; - t19 += v * b14; - t20 += v * b15; - v = a[6]; - t6 += v * b0; - t7 += v * b1; - t8 += v * b2; - t9 += v * b3; - t10 += v * b4; - t11 += v * b5; - t12 += v * b6; - t13 += v * b7; - t14 += v * b8; - t15 += v * b9; - t16 += v * b10; - t17 += v * b11; - t18 += v * b12; - t19 += v * b13; - t20 += v * b14; - t21 += v * b15; - v = a[7]; - t7 += v * b0; - t8 += v * b1; - t9 += v * b2; - t10 += v * b3; - t11 += v * b4; - t12 += v * b5; - t13 += v * b6; - t14 += v * b7; - t15 += v * b8; - t16 += v * b9; - t17 += v * b10; - t18 += v * b11; - t19 += v * b12; - t20 += v * b13; - t21 += v * b14; - t22 += v * b15; - v = a[8]; - t8 += v * b0; - t9 += v * b1; - t10 += v * b2; - t11 += v * b3; - t12 += v * b4; - t13 += v * b5; - t14 += v * b6; - t15 += v * b7; - t16 += v * b8; - t17 += v * b9; - t18 += v * b10; - t19 += v * b11; - t20 += v * b12; - t21 += v * b13; - t22 += v * b14; - t23 += v * b15; - v = a[9]; - t9 += v * b0; - t10 += v * b1; - t11 += v * b2; - t12 += v * b3; - t13 += v * b4; - t14 += v * b5; - t15 += v * b6; - t16 += v * b7; - t17 += v * b8; - t18 += v * b9; - t19 += v * b10; - t20 += v * b11; - t21 += v * b12; - t22 += v * b13; - t23 += v * b14; - t24 += v * b15; - v = a[10]; - t10 += v * b0; - t11 += v * b1; - t12 += v * b2; - t13 += v * b3; - t14 += v * b4; - t15 += v * b5; - t16 += v * b6; - t17 += v * b7; - t18 += v * b8; - t19 += v * b9; - t20 += v * b10; - t21 += v * b11; - t22 += v * b12; - t23 += v * b13; - t24 += v * b14; - t25 += v * b15; - v = a[11]; - t11 += v * b0; - t12 += v * b1; - t13 += v * b2; - t14 += v * b3; - t15 += v * b4; - t16 += v * b5; - t17 += v * b6; - t18 += v * b7; - t19 += v * b8; - t20 += v * b9; - t21 += v * b10; - t22 += v * b11; - t23 += v * b12; - t24 += v * b13; - t25 += v * b14; - t26 += v * b15; - v = a[12]; - t12 += v * b0; - t13 += v * b1; - t14 += v * b2; - t15 += v * b3; - t16 += v * b4; - t17 += v * b5; - t18 += v * b6; - t19 += v * b7; - t20 += v * b8; - t21 += v * b9; - t22 += v * b10; - t23 += v * b11; - t24 += v * b12; - t25 += v * b13; - t26 += v * b14; - t27 += v * b15; - v = a[13]; - t13 += v * b0; - t14 += v * b1; - t15 += v * b2; - t16 += v * b3; - t17 += v * b4; - t18 += v * b5; - t19 += v * b6; - t20 += v * b7; - t21 += v * b8; - t22 += v * b9; - t23 += v * b10; - t24 += v * b11; - t25 += v * b12; - t26 += v * b13; - t27 += v * b14; - t28 += v * b15; - v = a[14]; - t14 += v * b0; - t15 += v * b1; - t16 += v * b2; - t17 += v * b3; - t18 += v * b4; - t19 += v * b5; - t20 += v * b6; - t21 += v * b7; - t22 += v * b8; - t23 += v * b9; - t24 += v * b10; - t25 += v * b11; - t26 += v * b12; - t27 += v * b13; - t28 += v * b14; - t29 += v * b15; - v = a[15]; - t15 += v * b0; - t16 += v * b1; - t17 += v * b2; - t18 += v * b3; - t19 += v * b4; - t20 += v * b5; - t21 += v * b6; - t22 += v * b7; - t23 += v * b8; - t24 += v * b9; - t25 += v * b10; - t26 += v * b11; - t27 += v * b12; - t28 += v * b13; - t29 += v * b14; - t30 += v * b15; - - t0 += 38 * t16; - t1 += 38 * t17; - t2 += 38 * t18; - t3 += 38 * t19; - t4 += 38 * t20; - t5 += 38 * t21; - t6 += 38 * t22; - t7 += 38 * t23; - t8 += 38 * t24; - t9 += 38 * t25; - t10 += 38 * t26; - t11 += 38 * t27; - t12 += 38 * t28; - t13 += 38 * t29; - t14 += 38 * t30; - // t15 left as is - - // first car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - // second car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - o[ 0] = t0; - o[ 1] = t1; - o[ 2] = t2; - o[ 3] = t3; - o[ 4] = t4; - o[ 5] = t5; - o[ 6] = t6; - o[ 7] = t7; - o[ 8] = t8; - o[ 9] = t9; - o[10] = t10; - o[11] = t11; - o[12] = t12; - o[13] = t13; - o[14] = t14; - o[15] = t15; - } - - function S(o, a) { - M(o, a, a); - } - - function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 253; a >= 0; a--) { - S(c, c); - if(a !== 2 && a !== 4) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; - } - - function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 250; a >= 0; a--) { - S(c, c); - if(a !== 1) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; - } - - function crypto_scalarmult(q, n, p) { - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; - } - - function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); - } - - function crypto_box_keypair(y, x) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); - } - - function add(p, q) { - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(), - g = gf(), h = gf(), t = gf(); - - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); - } - - function cswap(p, q, b) { - var i; - for (i = 0; i < 4; i++) { - sel25519(p[i], q[i], b); - } - } - - function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; - } - - function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = (s[(i/8)|0] >> (i&7)) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } - } - - function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); - } - - function crypto_sign_keypair(pk, sk, seeded) { - var d; - var p = [gf(), gf(), gf(), gf()]; - var i; - - if (!seeded) randombytes(sk, 32); - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - scalarbase(p, d); - pack(pk, p); - - for (i = 0; i < 32; i++) sk[i+32] = pk[i]; - return 0; - } - - var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - - function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = Math.floor((x[j] + 128) / 256); - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; j++) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; j++) x[j] -= carry * L[j]; - for (i = 0; i < 32; i++) { - x[i+1] += x[i] >> 8; - r[i] = x[i] & 255; - } - } - - function reduce(r) { - var x = new Float64Array(64), i; - for (i = 0; i < 64; i++) x[i] = r[i]; - for (i = 0; i < 64; i++) r[i] = 0; - modL(r, x); - } - - // Note: difference from C - smlen returned, not passed as argument. - function crypto_sign(sm, m, n, sk) { - var d, h, r; - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - var smlen = n + 64; - for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - - r = nacl.hash(sm.subarray(32, smlen)); - reduce(r); - scalarbase(p, r); - pack(sm, p); - - for (i = 32; i < 64; i++) sm[i] = sk[i]; - h = nacl.hash(sm.subarray(0, smlen)); - reduce(h); - - for (i = 0; i < 64; i++) x[i] = 0; - for (i = 0; i < 32; i++) x[i] = r[i]; - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - x[i+j] += h[i] * d[j]; - } - } - - modL(sm.subarray(32), x); - return smlen; - } - - function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), - den = gf(), den2 = gf(), den4 = gf(), - den6 = gf(); - - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) M(r[0], r[0], I); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) return -1; - - if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); - - M(r[3], r[0], r[1]); - return 0; - } - - function crypto_sign_open(m, sm, n, pk) { - var i; - var t = new Uint8Array(32), h; - var p = [gf(), gf(), gf(), gf()], - q = [gf(), gf(), gf(), gf()]; - - if (n < 64) return -1; - - if (unpackneg(q, pk)) return -1; - - for (i = 0; i < n; i++) m[i] = sm[i]; - for (i = 0; i < 32; i++) m[i+32] = pk[i]; - h = nacl.hash(m.subarray(0, n)); - reduce(h); - scalarmult(p, q, h); - - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; i++) m[i] = 0; - return -1; - } - - for (i = 0; i < n; i++) m[i] = sm[i + 64]; - return n; - } - - var crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_sign_BYTES = 64, - crypto_sign_PUBLICKEYBYTES = 32, - crypto_sign_SECRETKEYBYTES = 64, - crypto_sign_SEEDBYTES = 32; - - function checkArrayTypes() { - for (var i = 0; i < arguments.length; i++) { - if (!(arguments[i] instanceof Uint8Array)) - throw new TypeError('unexpected type, use Uint8Array'); - } - } - - function cleanup(arr) { - for (var i = 0; i < arr.length; i++) arr[i] = 0; - } - - nacl.scalarMult = function(n, p) { - checkArrayTypes(n, p); - if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); - if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); - var q = new Uint8Array(crypto_scalarmult_BYTES); - crypto_scalarmult(q, n, p); - return q; - }; - - nacl.box = {}; - - nacl.box.keyPair = function() { - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; - }; - - nacl.box.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; - }; - - nacl.sign = function(msg, secretKey) { - checkArrayTypes(msg, secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); - crypto_sign(signedMsg, msg, msg.length, secretKey); - return signedMsg; - }; - - nacl.sign.detached = function(msg, secretKey) { - var signedMsg = nacl.sign(msg, secretKey); - var sig = new Uint8Array(crypto_sign_BYTES); - for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; - return sig; - }; - - nacl.sign.detached.verify = function(msg, sig, publicKey) { - checkArrayTypes(msg, sig, publicKey); - if (sig.length !== crypto_sign_BYTES) - throw new Error('bad signature size'); - if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) - throw new Error('bad public key size'); - var sm = new Uint8Array(crypto_sign_BYTES + msg.length); - var m = new Uint8Array(crypto_sign_BYTES + msg.length); - var i; - for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; - for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; - return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); - }; - - nacl.sign.keyPair = function() { - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; - }; - - nacl.sign.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; - }; - - nacl.sign.keyPair.fromSeed = function(seed) { - checkArrayTypes(seed); - if (seed.length !== crypto_sign_SEEDBYTES) - throw new Error('bad seed size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - for (var i = 0; i < 32; i++) sk[i] = seed[i]; - crypto_sign_keypair(pk, sk, true); - return {publicKey: pk, secretKey: sk}; - }; - - nacl.setPRNG = function(fn) { - randombytes = fn; - }; - - (function() { - // Initialize PRNG if environment provides CSPRNG. - // If not, methods calling randombytes will throw. - var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; - if (crypto && crypto.getRandomValues) { - // Browsers. - var QUOTA = 65536; - nacl.setPRNG(function(x, n) { - var i, v = new Uint8Array(n); - for (i = 0; i < n; i += QUOTA) { - crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); - } - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } else if (typeof commonjsRequire !== 'undefined') { - // Node.js. - crypto = void('crypto'); - if (crypto && crypto.randomBytes) { - nacl.setPRNG(function(x, n) { - var i, v = crypto.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } - } - })(); - - })(module.exports ? module.exports : (self.nacl = self.nacl || {})); - }); - - // GPG4Browsers - An OpenPGP implementation in javascript - - const nodeCrypto$5 = util.getNodeCrypto(); - - /** - * Retrieve secure random byte array of the specified length - * @param {Integer} length - Length in bytes to generate - * @returns {Uint8Array} Random byte array. - */ - function getRandomBytes(length) { - const buf = new Uint8Array(length); - if (nodeCrypto$5) { - const bytes = nodeCrypto$5.randomBytes(buf.length); - buf.set(bytes); - } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) { - crypto.getRandomValues(buf); - } else { - throw new Error('No secure random number generator available.'); - } - return buf; - } - - /** - * Create a secure random BigInteger that is greater than or equal to min and less than max. - * @param {module:BigInteger} min - Lower bound, included - * @param {module:BigInteger} max - Upper bound, excluded - * @returns {Promise} Random BigInteger. - * @async - */ - async function getRandomBigInteger(min, max) { - const BigInteger = await util.getBigInteger(); - - if (max.lt(min)) { - throw new Error('Illegal parameter value: max <= min'); - } - - const modulus = max.sub(min); - const bytes = modulus.byteLength(); - - // Using a while loop is necessary to avoid bias introduced by the mod operation. - // However, we request 64 extra random bits so that the bias is negligible. - // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - const r = new BigInteger(await getRandomBytes(bytes + 8)); - return r.mod(modulus).add(min); - } - - var random = /*#__PURE__*/Object.freeze({ - __proto__: null, - getRandomBytes: getRandomBytes, - getRandomBigInteger: getRandomBigInteger - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - /** - * Generate a probably prime random number - * @param {Integer} bits - Bit length of the prime - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns BigInteger - * @async - */ - async function randomProbablePrime(bits, e, k) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - const min = one.leftShift(new BigInteger(bits - 1)); - const thirty = new BigInteger(30); - /* - * We can avoid any multiples of 3 and 5 by looking at n mod 30 - * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 - * the next possible prime is mod 30: - * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 - */ - const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; - - const n = await getRandomBigInteger(min, min.leftShift(one)); - let i = n.mod(thirty).toNumber(); - - do { - n.iadd(new BigInteger(adds[i])); - i = (i + adds[i]) % adds.length; - // If reached the maximum, go back to the minimum. - if (n.bitLength() > bits) { - n.imod(min.leftShift(one)).iadd(min); - i = n.mod(thirty).toNumber(); - } - } while (!await isProbablePrime(n, e, k)); - return n; - } - - /** - * Probabilistic primality testing - * @param {BigInteger} n - Number to test - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns {boolean} - * @async - */ - async function isProbablePrime(n, e, k) { - if (e && !n.dec().gcd(e).isOne()) { - return false; - } - if (!await divisionTest(n)) { - return false; - } - if (!await fermat(n)) { - return false; - } - if (!await millerRabin(n, k)) { - return false; - } - // TODO implement the Lucas test - // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - return true; - } - - /** - * Tests whether n is probably prime or not using Fermat's test with b = 2. - * Fails if b^(n-1) mod n != 1. - * @param {BigInteger} n - Number to test - * @param {BigInteger} b - Optional Fermat test base - * @returns {boolean} - */ - async function fermat(n, b) { - const BigInteger = await util.getBigInteger(); - b = b || new BigInteger(2); - return b.modExp(n.dec(), n).isOne(); - } - - async function divisionTest(n) { - const BigInteger = await util.getBigInteger(); - return smallPrimes.every(m => { - return n.mod(new BigInteger(m)) !== 0; - }); - } - - // https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c - const smallPrimes = [ - 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 - ]; - - - // Miller-Rabin - Miller Rabin algorithm for primality test - // Copyright Fedor Indutny, 2014. - // - // This software is licensed under the MIT License. - // - // Permission is hereby granted, free of charge, to any person obtaining a - // copy of this software and associated documentation files (the - // "Software"), to deal in the Software without restriction, including - // without limitation the rights to use, copy, modify, merge, publish, - // distribute, sublicense, and/or sell copies of the Software, and to permit - // persons to whom the Software is furnished to do so, subject to the - // following conditions: - // - // The above copyright notice and this permission notice shall be included - // in all copies or substantial portions of the Software. - // - // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - // USE OR OTHER DEALINGS IN THE SOFTWARE. - - // Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin - - // Sample syntax for Fixed-Base Miller-Rabin: - // millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) - - /** - * Tests whether n is probably prime or not using the Miller-Rabin test. - * See HAC Remark 4.28. - * @param {BigInteger} n - Number to test - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @param {Function} rand - Optional function to generate potential witnesses - * @returns {boolean} - * @async - */ - async function millerRabin(n, k, rand) { - const BigInteger = await util.getBigInteger(); - const len = n.bitLength(); - - if (!k) { - k = Math.max(1, (len / 48) | 0); - } - - const n1 = n.dec(); // n - 1 - - // Find d and s, (n - 1) = (2 ^ s) * d; - let s = 0; - while (!n1.getBit(s)) { s++; } - const d = n.rightShift(new BigInteger(s)); - - for (; k > 0; k--) { - const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1); - - let x = a.modExp(d, n); - if (x.isOne() || x.equal(n1)) { - continue; - } - - let i; - for (i = 1; i < s; i++) { - x = x.mul(x).mod(n); - - if (x.isOne()) { - return false; - } - if (x.equal(n1)) { - break; - } - } - - if (i === s) { - return false; - } - } - - return true; - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - /** - * ASN1 object identifiers for hashes - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} - */ - const hash_headers = []; - hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, - 0x10]; - hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; - hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; - hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, - 0x04, 0x20]; - hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, - 0x04, 0x30]; - hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, - 0x00, 0x04, 0x40]; - hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, - 0x00, 0x04, 0x1C]; - - /** - * Create padding with secure random data - * @private - * @param {Integer} length - Length of the padding in bytes - * @returns {Uint8Array} Random padding. - */ - function getPKCS1Padding(length) { - const result = new Uint8Array(length); - let count = 0; - while (count < length) { - const randomBytes = getRandomBytes(length - count); - for (let i = 0; i < randomBytes.length; i++) { - if (randomBytes[i] !== 0) { - result[count++] = randomBytes[i]; - } - } - } - return result; - } - - /** - * Create a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} - * @param {Uint8Array} message - Message to be encoded - * @param {Integer} keyLength - The length in octets of the key modulus - * @returns {Uint8Array} EME-PKCS1 padded message. - */ - function emeEncode(message, keyLength) { - const mLength = message.length; - // length checking - if (mLength > keyLength - 11) { - throw new Error('Message too long'); - } - // Generate an octet string PS of length k - mLen - 3 consisting of - // pseudo-randomly generated nonzero octets - const PS = getPKCS1Padding(keyLength - mLength - 3); - // Concatenate PS, the message M, and other padding to form an - // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. - const encoded = new Uint8Array(keyLength); - // 0x00 byte - encoded[1] = 2; - encoded.set(PS, 2); - // 0x00 bytes - encoded.set(message, keyLength - mLength); - return encoded; - } - - /** - * Decode a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} - * @param {Uint8Array} encoded - Encoded message bytes - * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) - * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) - * @throws {Error} on decoding failure, unless `randomPayload` is provided - */ - function emeDecode(encoded, randomPayload) { - // encoded format: 0x00 0x02 0x00 - let offset = 2; - let separatorNotFound = 1; - for (let j = offset; j < encoded.length; j++) { - separatorNotFound &= encoded[j] !== 0; - offset += separatorNotFound; - } - - const psLen = offset - 2; - const payload = encoded.subarray(offset + 1); // discard the 0x00 separator - const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - - if (randomPayload) { - return util.selectUint8Array(isValidPadding, payload, randomPayload); - } - - if (isValidPadding) { - return payload; - } - - throw new Error('Decryption error'); - } - - /** - * Create a EMSA-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} - * @param {Integer} algo - Hash algorithm type used - * @param {Uint8Array} hashed - Message to be encoded - * @param {Integer} emLen - Intended length in octets of the encoded message - * @returns {Uint8Array} Encoded message. - */ - async function emsaEncode(algo, hashed, emLen) { - let i; - if (hashed.length !== hash.getHashByteLength(algo)) { - throw new Error('Invalid hash length'); - } - // produce an ASN.1 DER value for the hash function used. - // Let T be the full hash prefix - const hashPrefix = new Uint8Array(hash_headers[algo].length); - for (i = 0; i < hash_headers[algo].length; i++) { - hashPrefix[i] = hash_headers[algo][i]; - } - // and let tLen be the length in octets prefix and hashed data - const tLen = hashPrefix.length + hashed.length; - if (emLen < tLen + 11) { - throw new Error('Intended encoded message length too short'); - } - // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF - // The length of PS will be at least 8 octets - const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - - // Concatenate PS, the hash prefix, hashed data, and other padding to form the - // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed - const EM = new Uint8Array(emLen); - EM[1] = 0x01; - EM.set(PS, 2); - EM.set(hashPrefix, emLen - tLen); - EM.set(hashed, emLen - hashed.length); - return EM; - } - - var pkcs1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - emeEncode: emeEncode, - emeDecode: emeDecode, - emsaEncode: emsaEncode - }); - - // GPG4Browsers - An OpenPGP implementation in javascript - - const webCrypto$5 = util.getWebCrypto(); - const nodeCrypto$6 = util.getNodeCrypto(); - const asn1 = nodeCrypto$6 ? void('asn1.js') : undefined; - - /* eslint-disable no-invalid-this */ - const RSAPrivateKey = nodeCrypto$6 ? asn1.define('RSAPrivateKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('version').int(), // 0 - this.key('modulus').int(), // n - this.key('publicExponent').int(), // e - this.key('privateExponent').int(), // d - this.key('prime1').int(), // p - this.key('prime2').int(), // q - this.key('exponent1').int(), // dp - this.key('exponent2').int(), // dq - this.key('coefficient').int() // u - ); - }) : undefined; - - const RSAPublicKey = nodeCrypto$6 ? asn1.define('RSAPubliceKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('modulus').int(), // n - this.key('publicExponent').int() // e - ); - }) : undefined; - /* eslint-enable no-invalid-this */ - - /** Create signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} hashed - Hashed message - * @returns {Promise} RSA Signature. - * @async - */ - async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeSign(hashAlgo, data, n, e, d, p, q, u); - } - } - return bnSign(hashAlgo, n, d, hashed); - } - - /** - * Verify signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} s - Signature - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} hashed - Hashed message - * @returns {Boolean} - * @async - */ - async function verify(hashAlgo, data, s, n, e, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeVerify(hashAlgo, data, s, n, e); - } - } - return bnVerify(hashAlgo, s, n, e, hashed); - } - - /** - * Encrypt message - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @returns {Promise} RSA Ciphertext. - * @async - */ - async function encrypt$1(data, n, e) { - if (util.getNodeCrypto()) { - return nodeEncrypt$1(data, n, e); - } - return bnEncrypt(data, n, e); - } - - /** - * Decrypt RSA message - * @param {Uint8Array} m - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} RSA Plaintext. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ - async function decrypt$1(data, n, e, d, p, q, u, randomPayload) { - // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, - // and we want to avoid checking the error type to decide if the random payload - // should indeed be returned. - if (util.getNodeCrypto() && !randomPayload) { - try { - return await nodeDecrypt$1(data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } - return bnDecrypt(data, n, e, d, p, q, u, randomPayload); - } - - /** - * Generate a new random private key B bits long with public exponent E. - * - * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using - * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. - * @see module:crypto/public_key/prime - * @param {Integer} bits - RSA bit length - * @param {Integer} e - RSA public exponent - * @returns {{n, e, d, - * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, - * RSA private prime p, RSA private prime q, u = p ** -1 mod q - * @async - */ - async function generate(bits, e) { - const BigInteger = await util.getBigInteger(); - - e = new BigInteger(e); - - // Native RSA keygen using Web Crypto - if (util.getWebCrypto()) { - const keyGenOpt = { - name: 'RSASSA-PKCS1-v1_5', - modulusLength: bits, // the specified keysize in bits - publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent - hash: { - name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' - } - }; - const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - - // export the generated keys as JsonWebKey (JWK) - // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 - const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); - // map JWK parameters to corresponding OpenPGP names - return { - n: b64ToUint8Array(jwk.n), - e: e.toUint8Array(), - d: b64ToUint8Array(jwk.d), - // switch p and q - p: b64ToUint8Array(jwk.q), - q: b64ToUint8Array(jwk.p), - // Since p and q are switched in places, u is the inverse of jwk.q - u: b64ToUint8Array(jwk.qi) - }; - } else if (util.getNodeCrypto() && nodeCrypto$6.generateKeyPair && RSAPrivateKey) { - const opts = { - modulusLength: bits, - publicExponent: e.toNumber(), - publicKeyEncoding: { type: 'pkcs1', format: 'der' }, - privateKeyEncoding: { type: 'pkcs1', format: 'der' } - }; - const prv = await new Promise((resolve, reject) => { - nodeCrypto$6.generateKeyPair('rsa', opts, (err, _, der) => { - if (err) { - reject(err); - } else { - resolve(RSAPrivateKey.decode(der, 'der')); - } - }); - }); - /** - * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`. - * @link https://tools.ietf.org/html/rfc3447#section-3.2 - * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1 - */ - return { - n: prv.modulus.toArrayLike(Uint8Array), - e: prv.publicExponent.toArrayLike(Uint8Array), - d: prv.privateExponent.toArrayLike(Uint8Array), - // switch p and q - p: prv.prime2.toArrayLike(Uint8Array), - q: prv.prime1.toArrayLike(Uint8Array), - // Since p and q are switched in places, we can keep u as defined by DER - u: prv.coefficient.toArrayLike(Uint8Array) - }; - } - - // RSA keygen fallback using 40 iterations of the Miller-Rabin test - // See https://stackoverflow.com/a/6330138 for justification - // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST - let p; - let q; - let n; - do { - q = await randomProbablePrime(bits - (bits >> 1), e, 40); - p = await randomProbablePrime(bits >> 1, e, 40); - n = p.mul(q); - } while (n.bitLength() !== bits); - - const phi = p.dec().imul(q.dec()); - - if (q.lt(p)) { - [p, q] = [q, p]; - } - - return { - n: n.toUint8Array(), - e: e.toUint8Array(), - d: e.modInv(phi).toUint8Array(), - p: p.toUint8Array(), - q: q.toUint8Array(), - // dp: d.mod(p.subn(1)), - // dq: d.mod(q.subn(1)), - u: p.modInv(q).toUint8Array() - }; - } - - /** - * Validate RSA parameters - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA inverse of p w.r.t. q - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - p = new BigInteger(p); - q = new BigInteger(q); - - // expect pq = n - if (!p.mul(q).equal(n)) { - return false; - } - - const two = new BigInteger(2); - // expect p*u = 1 mod q - u = new BigInteger(u); - if (!p.mul(u).mod(q).isOne()) { - return false; - } - - e = new BigInteger(e); - d = new BigInteger(d); - /** - * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) - * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] - * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] - * - * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) - */ - const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3)); - const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q - const rde = r.mul(d).mul(e); - - const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r); - if (!areInverses) { - return false; - } - - return true; - } - - async function bnSign(hashAlgo, n, d, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength())); - d = new BigInteger(d); - if (m.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return m.modExp(d, n).toUint8Array('be', n.byteLength()); - } - - async function webSign(hashName, data, n, e, d, p, q, u) { - /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. - * We swap them in privateToJWK, so it usually works out, but nevertheless, - * not all OpenPGP keys are compatible with this requirement. - * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still - * does if the underlying Web Crypto does so (though the tested implementations - * don't do so). - */ - const jwk = await privateToJWK(n, e, d, p, q, u); - const algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }; - const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); - return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); - } - - async function nodeSign(hashAlgo, data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const sign = nodeCrypto$6.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(data); - sign.end(); - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPrivateKey.encode(keyObject, 'der'); - return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' })); - } - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - return new Uint8Array(sign.sign(pem)); - } - - async function bnVerify(hashAlgo, s, n, e, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - s = new BigInteger(s); - e = new BigInteger(e); - if (s.gte(n)) { - throw new Error('Signature size cannot exceed modulus size'); - } - const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength()); - const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength()); - return util.equalsUint8Array(EM1, EM2); - } - - async function webVerify(hashName, data, s, n, e) { - const jwk = publicToJWK(n, e); - const key = await webCrypto$5.importKey('jwk', jwk, { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }, false, ['verify']); - return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); - } - - async function nodeVerify(hashAlgo, data, s, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$6.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(data); - verify.end(); - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1' }; - } else { - key = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - } - try { - return await verify.verify(key, s); - } catch (err) { - return false; - } - } - - async function nodeEncrypt$1(data, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - return new Uint8Array(nodeCrypto$6.publicEncrypt(key, data)); - } - - async function bnEncrypt(data, n, e) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - data = new BigInteger(emeEncode(data, n.byteLength())); - e = new BigInteger(e); - if (data.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return data.modExp(e, n).toUint8Array('be', n.byteLength()); - } - - async function nodeDecrypt$1(data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPrivateKey.encode(keyObject, 'der'); - key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - try { - return new Uint8Array(nodeCrypto$6.privateDecrypt(key, data)); - } catch (err) { - throw new Error('Decryption error'); - } - } - - async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { - const BigInteger = await util.getBigInteger(); - data = new BigInteger(data); - n = new BigInteger(n); - e = new BigInteger(e); - d = new BigInteger(d); - p = new BigInteger(p); - q = new BigInteger(q); - u = new BigInteger(u); - if (data.gte(n)) { - throw new Error('Data too large.'); - } - const dq = d.mod(q.dec()); // d mod (q-1) - const dp = d.mod(p.dec()); // d mod (p-1) - - const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n); - const blinder = unblinder.modInv(n).modExp(e, n); - data = data.mul(blinder).mod(n); - - - const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p - const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q - const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q) - - let result = h.mul(p).add(mp); // result < n due to relations above - - result = result.mul(unblinder).mod(n); - - - return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload); - } - - /** Convert Openpgp private key params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - * @param {Uint8Array} d - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} u - */ - async function privateToJWK(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - const pNum = new BigInteger(p); - const qNum = new BigInteger(q); - const dNum = new BigInteger(d); - - let dq = dNum.mod(qNum.dec()); // d mod (q-1) - let dp = dNum.mod(pNum.dec()); // d mod (p-1) - dp = dp.toUint8Array(); - dq = dq.toUint8Array(); - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - d: uint8ArrayToB64(d, true), - // switch p and q - p: uint8ArrayToB64(q, true), - q: uint8ArrayToB64(p, true), - // switch dp and dq - dp: uint8ArrayToB64(dq, true), - dq: uint8ArrayToB64(dp, true), - qi: uint8ArrayToB64(u, true), - ext: true - }; - } - - /** Convert Openpgp key public params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - */ - function publicToJWK(n, e) { - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - ext: true - }; - } - - var rsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign, - verify: verify, - encrypt: encrypt$1, - decrypt: decrypt$1, - generate: generate, - validateParams: validateParams - }); - - // GPG4Browsers - An OpenPGP implementation in javascript - - /** - * ElGamal Encryption function - * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) - * @param {Uint8Array} data - To be padded and encrypted - * @param {Uint8Array} p - * @param {Uint8Array} g - * @param {Uint8Array} y - * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} - * @async - */ - async function encrypt$2(data, p, g, y) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const padded = emeEncode(data, p.byteLength()); - const m = new BigInteger(padded); - - // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* - // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] - const k = await getRandomBigInteger(new BigInteger(1), p.dec()); - return { - c1: g.modExp(k, p).toUint8Array(), - c2: y.modExp(k, p).imul(m).imod(p).toUint8Array() - }; - } - - /** - * ElGamal Encryption function - * @param {Uint8Array} c1 - * @param {Uint8Array} c2 - * @param {Uint8Array} p - * @param {Uint8Array} x - * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} Unpadded message. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ - async function decrypt$2(c1, c2, p, x, randomPayload) { - const BigInteger = await util.getBigInteger(); - c1 = new BigInteger(c1); - c2 = new BigInteger(c2); - p = new BigInteger(p); - x = new BigInteger(x); - - const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p); - return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload); - } - - /** - * Validate ElGamal parameters - * @param {Uint8Array} p - ElGamal prime - * @param {Uint8Array} g - ElGamal group generator - * @param {Uint8Array} y - ElGamal public key - * @param {Uint8Array} x - ElGamal private exponent - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$1(p, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - // Expect p-1 to be large - const pSize = new BigInteger(p.bitLength()); - const n1023 = new BigInteger(1023); - if (pSize.lt(n1023)) { - return false; - } - - /** - * g should have order p-1 - * Check that g ** (p-1) = 1 mod p - */ - if (!g.modExp(p.dec(), p).isOne()) { - return false; - } - - /** - * Since p-1 is not prime, g might have a smaller order that divides p-1 - * We want to make sure that the order is large enough to hinder a small subgroup attack - * - * We just check g**i != 1 for all i up to a threshold - */ - let res = g; - const i = new BigInteger(1); - const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold - while (i.lt(threshold)) { - res = res.mul(g).imod(p); - if (res.isOne()) { - return false; - } - i.iinc(); - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{r(p-1) + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1 - const rqx = p.dec().imul(r).iadd(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; - } - - var elgamal = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt$2, - decrypt: decrypt$2, - validateParams: validateParams$1 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - class OID { - constructor(oid) { - if (oid instanceof OID) { - this.oid = oid.oid; - } else if (util.isArray(oid) || - util.isUint8Array(oid)) { - oid = new Uint8Array(oid); - if (oid[0] === 0x06) { // DER encoded oid byte array - if (oid[1] !== oid.length - 2) { - throw new Error('Length mismatch in DER encoded oid'); - } - oid = oid.subarray(2); - } - this.oid = oid; - } else { - this.oid = ''; - } - } - - /** - * Method to read an OID object - * @param {Uint8Array} input - Where to read the OID from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length >= 1) { - const length = input[0]; - if (input.length >= 1 + length) { - this.oid = input.subarray(1, 1 + length); - return 1 + this.oid.length; - } - } - throw new Error('Invalid oid'); - } - - /** - * Serialize an OID object - * @returns {Uint8Array} Array with the serialized value the OID. - */ - write() { - return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); - } - - /** - * Serialize an OID object as a hex string - * @returns {string} String with the hex value of the OID. - */ - toHex() { - return util.uint8ArrayToHex(this.oid); - } - - /** - * If a known curve object identifier, return the canonical name of the curve - * @returns {string} String with the canonical name of the curve. - */ - getName() { - const hex = this.toHex(); - if (enums.curve[hex]) { - return enums.write(enums.curve, hex); - } else { - throw new Error('Unknown curve object identifier.'); - } - } - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - function keyFromPrivate(indutnyCurve, priv) { - const keyPair = indutnyCurve.keyPair({ priv: priv }); - return keyPair; - } - - function keyFromPublic(indutnyCurve, pub) { - const keyPair = indutnyCurve.keyPair({ pub: pub }); - if (keyPair.validate().result !== true) { - throw new Error('Invalid elliptic public key'); - } - return keyPair; - } - - async function getIndutnyCurve(name) { - if (!config.useIndutnyElliptic) { - throw new Error('This curve is only supported in the full build of OpenPGP.js'); - } - const { default: elliptic } = await Promise.resolve().then(function () { return elliptic$1; }); - return new elliptic.ec(name); - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - function readSimpleLength(bytes) { - let len = 0; - let offset; - const type = bytes[0]; - - - if (type < 192) { - [len] = bytes; - offset = 1; - } else if (type < 255) { - len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; - offset = 2; - } else if (type === 255) { - len = util.readNumber(bytes.subarray(1, 1 + 4)); - offset = 5; - } - - return { - len: len, - offset: offset - }; - } - - /** - * Encodes a given integer of length to the openpgp length specifier to a - * string - * - * @param {Integer} length - The length to encode - * @returns {Uint8Array} String with openpgp length representation. - */ - function writeSimpleLength(length) { - if (length < 192) { - return new Uint8Array([length]); - } else if (length > 191 && length < 8384) { - /* - * let a = (total data packet length) - 192 let bc = two octet - * representation of a let d = b + 192 - */ - return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); - } - return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); - } - - function writePartialLength(power) { - if (power < 0 || power > 30) { - throw new Error('Partial Length power must be between 1 and 30'); - } - return new Uint8Array([224 + power]); - } - - function writeTag(tag_type) { - /* we're only generating v4 packet headers here */ - return new Uint8Array([0xC0 | tag_type]); - } - - /** - * Writes a packet header version 4 with the given tag_type and length to a - * string - * - * @param {Integer} tag_type - Tag type - * @param {Integer} length - Length of the payload - * @returns {String} String of the header. - */ - function writeHeader(tag_type, length) { - /* we're only generating v4 packet headers here */ - return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); - } - - /** - * Whether the packet type supports partial lengths per RFC4880 - * @param {Integer} tag - Tag type - * @returns {Boolean} String of the header. - */ - function supportsStreaming(tag) { - return [ - enums.packet.literalData, - enums.packet.compressedData, - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ].includes(tag); - } - - /** - * Generic static Packet Parser function - * - * @param {Uint8Array | ReadableStream} input - Input stream as string - * @param {Function} callback - Function to call with the parsed packet - * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. - */ - async function readPackets(input, callback) { - const reader = getReader(input); - let writer; - let callbackReturned; - try { - const peekedBytes = await reader.peekBytes(2); - // some sanity checks - if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { - throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); - } - const headerByte = await reader.readByte(); - let tag = -1; - let format = -1; - let packetLength; - - format = 0; // 0 = old format; 1 = new format - if ((headerByte & 0x40) !== 0) { - format = 1; - } - - let packetLengthType; - if (format) { - // new format header - tag = headerByte & 0x3F; // bit 5-0 - } else { - // old format header - tag = (headerByte & 0x3F) >> 2; // bit 5-2 - packetLengthType = headerByte & 0x03; // bit 1-0 - } - - const packetSupportsStreaming = supportsStreaming(tag); - let packet = null; - if (packetSupportsStreaming) { - if (util.isStream(input) === 'array') { - const arrayStream = new ArrayStream(); - writer = getWriter(arrayStream); - packet = arrayStream; - } else { - const transform = new TransformStream(); - writer = getWriter(transform.writable); - packet = transform.readable; - } - // eslint-disable-next-line callback-return - callbackReturned = callback({ tag, packet }); - } else { - packet = []; - } - - let wasPartialLength; - do { - if (!format) { - // 4.2.1. Old Format Packet Lengths - switch (packetLengthType) { - case 0: - // The packet has a one-octet length. The header is 2 octets - // long. - packetLength = await reader.readByte(); - break; - case 1: - // The packet has a two-octet length. The header is 3 octets - // long. - packetLength = (await reader.readByte() << 8) | await reader.readByte(); - break; - case 2: - // The packet has a four-octet length. The header is 5 - // octets long. - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - break; - default: - // 3 - The packet is of indeterminate length. The header is 1 - // octet long, and the implementation must determine how long - // the packet is. If the packet is in a file, this means that - // the packet extends until the end of the file. In general, - // an implementation SHOULD NOT use indeterminate-length - // packets except where the end of the data will be clear - // from the context, and even then it is better to use a - // definite length, or a new format header. The new format - // headers described below have a mechanism for precisely - // encoding data of indeterminate length. - packetLength = Infinity; - break; - } - } else { // 4.2.2. New Format Packet Lengths - // 4.2.2.1. One-Octet Lengths - const lengthByte = await reader.readByte(); - wasPartialLength = false; - if (lengthByte < 192) { - packetLength = lengthByte; - // 4.2.2.2. Two-Octet Lengths - } else if (lengthByte >= 192 && lengthByte < 224) { - packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; - // 4.2.2.4. Partial Body Lengths - } else if (lengthByte > 223 && lengthByte < 255) { - packetLength = 1 << (lengthByte & 0x1F); - wasPartialLength = true; - if (!packetSupportsStreaming) { - throw new TypeError('This packet type does not support partial lengths.'); - } - // 4.2.2.3. Five-Octet Lengths - } else { - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - } - } - if (packetLength > 0) { - let bytesRead = 0; - while (true) { - if (writer) await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (packetLength === Infinity) break; - throw new Error('Unexpected end of packet'); - } - const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); - if (writer) await writer.write(chunk); - else packet.push(chunk); - bytesRead += value.length; - if (bytesRead >= packetLength) { - reader.unshift(value.subarray(packetLength - bytesRead + value.length)); - break; - } - } - } - } while (wasPartialLength); - - // If this was not a packet that "supports streaming", we peek to check - // whether it is the last packet in the message. We peek 2 bytes instead - // of 1 because the beginning of this function also peeks 2 bytes, and we - // want to cut a `subarray` of the correct length into `web-stream-tools`' - // `externalBuffer` as a tiny optimization here. - // - // If it *was* a streaming packet (i.e. the data packets), we peek at the - // entire remainder of the stream, in order to forward errors in the - // remainder of the stream to the packet data. (Note that this means we - // read/peek at all signature packets before closing the literal data - // packet, for example.) This forwards MDC errors to the literal data - // stream, for example, so that they don't get lost / forgotten on - // decryptedMessage.packets.stream, which we never look at. - // - // An example of what we do when stream-parsing a message containing - // [ one-pass signature packet, literal data packet, signature packet ]: - // 1. Read the one-pass signature packet - // 2. Peek 2 bytes of the literal data packet - // 3. Parse the one-pass signature packet - // - // 4. Read the literal data packet, simultaneously stream-parsing it - // 5. Peek until the end of the message - // 6. Finish parsing the literal data packet - // - // 7. Read the signature packet again (we already peeked at it in step 5) - // 8. Peek at the end of the stream again (`peekBytes` returns undefined) - // 9. Parse the signature packet - // - // Note that this means that if there's an error in the very end of the - // stream, such as an MDC error, we throw in step 5 instead of in step 8 - // (or never), which is the point of this exercise. - const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); - if (writer) { - await writer.ready; - await writer.close(); - } else { - packet = util.concatUint8Array(packet); - // eslint-disable-next-line callback-return - await callback({ tag, packet }); - } - return !nextPacket || !nextPacket.length; - } catch (e) { - if (writer) { - await writer.abort(e); - return true; - } else { - throw e; - } - } finally { - if (writer) { - await callbackReturned; - } - reader.releaseLock(); - } - } - - class UnsupportedError extends Error { - constructor(...params) { - super(...params); - - if (Error.captureStackTrace) { - Error.captureStackTrace(this, UnsupportedError); - } - - this.name = 'UnsupportedError'; - } - } - - class UnparseablePacket { - constructor(tag, rawContent) { - this.tag = tag; - this.rawContent = rawContent; - } - - write() { - return this.rawContent; - } - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - const webCrypto$6 = util.getWebCrypto(); - const nodeCrypto$7 = util.getNodeCrypto(); - - const webCurves = { - 'p256': 'P-256', - 'p384': 'P-384', - 'p521': 'P-521' - }; - const knownCurves = nodeCrypto$7 ? nodeCrypto$7.getCurves() : []; - const nodeCurves = nodeCrypto$7 ? { - secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, - p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, - p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, - p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, - ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined, - curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined, - brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, - brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, - brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined - } : {}; - - const curves = { - p256: { - oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.p256, - web: webCurves.p256, - payloadSize: 32, - sharedSize: 256 - }, - p384: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.p384, - web: webCurves.p384, - payloadSize: 48, - sharedSize: 384 - }, - p521: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.p521, - web: webCurves.p521, - payloadSize: 66, - sharedSize: 528 - }, - secp256k1: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.secp256k1, - payloadSize: 32 - }, - ed25519: { - oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], - keyType: enums.publicKey.eddsaLegacy, - hash: enums.hash.sha512, - node: false, // nodeCurves.ed25519 TODO - payloadSize: 32 - }, - curve25519: { - oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], - keyType: enums.publicKey.ecdh, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: false, // nodeCurves.curve25519 TODO - payloadSize: 32 - }, - brainpoolP256r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.brainpoolP256r1, - payloadSize: 32 - }, - brainpoolP384r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.brainpoolP384r1, - payloadSize: 48 - }, - brainpoolP512r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.brainpoolP512r1, - payloadSize: 64 - } - }; - - class CurveWithOID { - constructor(oidOrName, params) { - try { - if (util.isArray(oidOrName) || - util.isUint8Array(oidOrName)) { - // by oid byte array - oidOrName = new OID(oidOrName); - } - if (oidOrName instanceof OID) { - // by curve OID - oidOrName = oidOrName.getName(); - } - // by curve name or oid string - this.name = enums.write(enums.curve, oidOrName); - } catch (err) { - throw new UnsupportedError('Unknown curve'); - } - params = params || curves[this.name]; - - this.keyType = params.keyType; - - this.oid = params.oid; - this.hash = params.hash; - this.cipher = params.cipher; - this.node = params.node && curves[this.name]; - this.web = params.web && curves[this.name]; - this.payloadSize = params.payloadSize; - if (this.web && util.getWebCrypto()) { - this.type = 'web'; - } else if (this.node && util.getNodeCrypto()) { - this.type = 'node'; - } else if (this.name === 'curve25519') { - this.type = 'curve25519'; - } else if (this.name === 'ed25519') { - this.type = 'ed25519'; - } - } - - async genKeyPair() { - let keyPair; - switch (this.type) { - case 'web': - try { - return await webGenKeyPair(this.name); - } catch (err) { - util.printDebugError('Browser did not support generating ec key ' + err.message); - break; - } - case 'node': - return nodeGenKeyPair(this.name); - case 'curve25519': { - const privateKey = getRandomBytes(32); - privateKey[0] = (privateKey[0] & 127) | 64; - privateKey[31] &= 248; - const secretKey = privateKey.slice().reverse(); - keyPair = naclFastLight.box.keyPair.fromSecretKey(secretKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - case 'ed25519': { - const privateKey = getRandomBytes(32); - const keyPair = naclFastLight.sign.keyPair.fromSeed(privateKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - } - const indutnyCurve = await getIndutnyCurve(this.name); - keyPair = await indutnyCurve.genKeyPair({ - entropy: util.uint8ArrayToString(getRandomBytes(32)) - }); - return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) }; - } - } - - async function generate$1(curve) { - const BigInteger = await util.getBigInteger(); - - curve = new CurveWithOID(curve); - const keyPair = await curve.genKeyPair(); - const Q = new BigInteger(keyPair.publicKey).toUint8Array(); - const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize); - return { - oid: curve.oid, - Q, - secret, - hash: curve.hash, - cipher: curve.cipher - }; - } - - /** - * Get preferred hash algo to use with the given curve - * @param {module:type/oid} oid - curve oid - * @returns {enums.hash} hash algorithm - */ - function getPreferredHashAlgo(oid) { - return curves[enums.write(enums.curve, oid.toHex())].hash; - } - - /** - * Validate ECDH and ECDSA parameters - * Not suitable for EdDSA (different secret key format) - * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves - * @param {module:type/oid} oid - EC object identifier - * @param {Uint8Array} Q - EC public point - * @param {Uint8Array} d - EC secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateStandardParams(algo, oid, Q, d) { - const supportedCurves = { - p256: true, - p384: true, - p521: true, - secp256k1: true, - curve25519: algo === enums.publicKey.ecdh, - brainpoolP256r1: true, - brainpoolP384r1: true, - brainpoolP512r1: true - }; - - // Check whether the given curve is supported - const curveName = oid.getName(); - if (!supportedCurves[curveName]) { - return false; - } - - if (curveName === 'curve25519') { - d = d.slice().reverse(); - // Re-derive public point Q' - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(d); - - Q = new Uint8Array(Q); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - if (!util.equalsUint8Array(dG, Q)) { - return false; - } - - return true; - } - - const curve = await getIndutnyCurve(curveName); - try { - // Parse Q and check that it is on the curve but not at infinity - Q = keyFromPublic(curve, Q).getPublic(); - } catch (validationErrors) { - return false; - } - - /** - * Re-derive public point Q' = dG from private key - * Expect Q == Q' - */ - const dG = keyFromPrivate(curve, d).getPublic(); - if (!dG.eq(Q)) { - return false; - } - - return true; - } - - ////////////////////////// - // // - // Helper functions // - // // - ////////////////////////// - - - async function webGenKeyPair(name) { - // Note: keys generated with ECDSA and ECDH are structurally equivalent - const webCryptoKey = await webCrypto$6.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - - const privateKey = await webCrypto$6.exportKey('jwk', webCryptoKey.privateKey); - const publicKey = await webCrypto$6.exportKey('jwk', webCryptoKey.publicKey); - - return { - publicKey: jwkToRawPublic(publicKey), - privateKey: b64ToUint8Array(privateKey.d) - }; - } - - async function nodeGenKeyPair(name) { - // Note: ECDSA and ECDH key generation is structurally equivalent - const ecdh = nodeCrypto$7.createECDH(nodeCurves[name]); - await ecdh.generateKeys(); - return { - publicKey: new Uint8Array(ecdh.getPublicKey()), - privateKey: new Uint8Array(ecdh.getPrivateKey()) - }; - } - - ////////////////////////// - // // - // Helper functions // - // // - ////////////////////////// - - /** - * @param {JsonWebKey} jwk - key for conversion - * - * @returns {Uint8Array} Raw public key. - */ - function jwkToRawPublic(jwk) { - const bufX = b64ToUint8Array(jwk.x); - const bufY = b64ToUint8Array(jwk.y); - const publicKey = new Uint8Array(bufX.length + bufY.length + 1); - publicKey[0] = 0x04; - publicKey.set(bufX, 1); - publicKey.set(bufY, bufX.length + 1); - return publicKey; - } - - /** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * - * @returns {JsonWebKey} Public key in jwk format. - */ - function rawPublicToJWK(payloadSize, name, publicKey) { - const len = payloadSize; - const bufX = publicKey.slice(1, len + 1); - const bufY = publicKey.slice(len + 1, len * 2 + 1); - // https://www.rfc-editor.org/rfc/rfc7518.txt - const jwk = { - kty: 'EC', - crv: name, - x: uint8ArrayToB64(bufX, true), - y: uint8ArrayToB64(bufY, true), - ext: true - }; - return jwk; - } - - /** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * @param {Uint8Array} privateKey - private key - * - * @returns {JsonWebKey} Private key in jwk format. - */ - function privateToJWK$1(payloadSize, name, publicKey, privateKey) { - const jwk = rawPublicToJWK(payloadSize, name, publicKey); - jwk.d = uint8ArrayToB64(privateKey, true); - return jwk; - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - const webCrypto$7 = util.getWebCrypto(); - const nodeCrypto$8 = util.getNodeCrypto(); - - /** - * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ - async function sign$1(oid, hashAlgo, message, publicKey, privateKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - const keyPair = { publicKey, privateKey }; - switch (curve.type) { - case 'web': { - // If browser doesn't support a curve, we'll catch it - try { - // Need to await to make sure browser succeeds - return await webSign$1(curve, hashAlgo, message, keyPair); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunaley Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support signing: ' + err.message); - } - break; - } - case 'node': { - const signature = await nodeSign$1(curve, hashAlgo, message, keyPair); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - } - } - return ellipticSign(curve, hashed, privateKey); - } - - /** - * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify - * @param {Uint8Array} message - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ - async function verify$1(oid, hashAlgo, signature, message, publicKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - switch (curve.type) { - case 'web': - try { - // Need to await to make sure browser succeeds - return await webVerify$1(curve, hashAlgo, signature, message, publicKey); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunately Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support verifying: ' + err.message); - } - break; - case 'node': - return nodeVerify$1(curve, hashAlgo, signature, message, publicKey); - } - } - const digest = (typeof hashAlgo === 'undefined') ? message : hashed; - return ellipticVerify(curve, signature, digest, publicKey); - } - - /** - * Validate ECDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDSA public point - * @param {Uint8Array} d - ECDSA secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$2(oid, Q, d) { - const curve = new CurveWithOID(oid); - // Reject curves x25519 and ed25519 - if (curve.keyType !== enums.publicKey.ecdsa) { - return false; - } - - // To speed up the validation, we try to use node- or webcrypto when available - // and sign + verify a random message - switch (curve.type) { - case 'web': - case 'node': { - const message = getRandomBytes(8); - const hashAlgo = enums.hash.sha256; - const hashed = await hash.digest(hashAlgo, message); - try { - const signature = await sign$1(oid, hashAlgo, message, Q, d, hashed); - return await verify$1(oid, hashAlgo, signature, message, Q, hashed); - } catch (err) { - return false; - } - } - default: - return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); - } - } - - - ////////////////////////// - // // - // Helper functions // - // // - ////////////////////////// - - async function ellipticSign(curve, hashed, privateKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPrivate(indutnyCurve, privateKey); - const signature = key.sign(hashed); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - - async function ellipticVerify(curve, signature, digest, publicKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPublic(indutnyCurve, publicKey); - return key.verify(digest, signature); - } - - async function webSign$1(curve, hashAlgo, message, keyPair) { - const len = curve.payloadSize; - const jwk = privateToJWK$1(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['sign'] - ); - - const signature = new Uint8Array(await webCrypto$7.sign( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - message - )); - - return { - r: signature.slice(0, len), - s: signature.slice(len, len << 1) - }; - } - - async function webVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['verify'] - ); - - const signature = util.concatUint8Array([r, s]).buffer; - - return webCrypto$7.verify( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - signature, - message - ); - } - - async function nodeSign$1(curve, hashAlgo, message, keyPair) { - const sign = nodeCrypto$8.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(message); - sign.end(); - const key = ECPrivateKey.encode({ - version: 1, - parameters: curve.oid, - privateKey: Array.from(keyPair.privateKey), - publicKey: { unused: 0, data: Array.from(keyPair.publicKey) } - }, 'pem', { - label: 'EC PRIVATE KEY' - }); - - return ECDSASignature.decode(sign.sign(key), 'der'); - } - - async function nodeVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$8.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(message); - verify.end(); - const key = SubjectPublicKeyInfo.encode({ - algorithm: { - algorithm: [1, 2, 840, 10045, 2, 1], - parameters: curve.oid - }, - subjectPublicKey: { unused: 0, data: Array.from(publicKey) } - }, 'pem', { - label: 'PUBLIC KEY' - }); - const signature = ECDSASignature.encode({ - r: new BN(r), s: new BN(s) - }, 'der'); - - try { - return verify.verify(key, signature); - } catch (err) { - return false; - } - } - - // Originally written by Owen Smith https://github.com/omsmith - // Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/ - - /* eslint-disable no-invalid-this */ - - const asn1$1 = nodeCrypto$8 ? void('asn1.js') : undefined; - - const ECDSASignature = nodeCrypto$8 ? - asn1$1.define('ECDSASignature', function() { - this.seq().obj( - this.key('r').int(), - this.key('s').int() - ); - }) : undefined; - - const ECPrivateKey = nodeCrypto$8 ? - asn1$1.define('ECPrivateKey', function() { - this.seq().obj( - this.key('version').int(), - this.key('privateKey').octstr(), - this.key('parameters').explicit(0).optional().any(), - this.key('publicKey').explicit(1).optional().bitstr() - ); - }) : undefined; - - const AlgorithmIdentifier = nodeCrypto$8 ? - asn1$1.define('AlgorithmIdentifier', function() { - this.seq().obj( - this.key('algorithm').objid(), - this.key('parameters').optional().any() - ); - }) : undefined; - - const SubjectPublicKeyInfo = nodeCrypto$8 ? - asn1$1.define('SubjectPublicKeyInfo', function() { - this.seq().obj( - this.key('algorithm').use(AlgorithmIdentifier), - this.key('subjectPublicKey').bitstr() - ); - }) : undefined; - - var ecdsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$1, - verify: verify$1, - validateParams: validateParams$2 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - - /** - * Sign a message using the provided legacy EdDSA key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ - async function sign$2(oid, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; - } - - /** - * Verifies if a legacy EdDSA signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ - async function verify$2(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const signature = util.concatUint8Array([r, s]); - return naclFastLight.sign.detached.verify(hashed, signature, publicKey.subarray(1)); - } - /** - * Validate legacy EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point - * @param {Uint8Array} k - EdDSA secret seed - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$3(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } - - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); - - } - - var eddsa_legacy = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$2, - verify: verify$2, - validateParams: validateParams$3 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - - /** - * Generate (non-legacy) EdDSA key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} - */ - async function generate$2(algo) { - switch (algo) { - case enums.publicKey.ed25519: { - const seed = getRandomBytes(32); - const { publicKey: A } = naclFastLight.sign.keyPair.fromSeed(seed); - return { A, seed }; - } - default: - throw new Error('Unsupported EdDSA algorithm'); - } - } - - /** - * Sign a message using the provided key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * RS: Uint8Array - * }>} Signature of the message - * @async - */ - async function sign$3(algo, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - const secretKey = util.concatUint8Array([privateKey, publicKey]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - return { RS: signature }; - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - - } - - /** - * Verifies if a signature is valid for a message - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{ RS: Uint8Array }} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ - async function verify$3(algo, hashAlgo, { RS }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - return naclFastLight.sign.detached.verify(hashed, RS, publicKey); - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - } - /** - * Validate (non-legacy) EdDSA parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - EdDSA public point - * @param {Uint8Array} seed - EdDSA secret seed - * @param {Uint8Array} oid - (legacy only) EdDSA OID - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$4(algo, A, seed) { - switch (algo) { - case enums.publicKey.ed25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(seed); - return util.equalsUint8Array(A, publicKey); - } - - case enums.publicKey.ed448: // unsupported - default: - return false; - } - } - - function getPreferredHashAlgo$1(algo) { - switch (algo) { - case enums.publicKey.ed25519: - return enums.hash.sha256; - default: - throw new Error('Unknown EdDSA algo'); - } - } - - var eddsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$2, - sign: sign$3, - verify: verify$3, - validateParams: validateParams$4, - getPreferredHashAlgo: getPreferredHashAlgo$1 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - /** - * AES key wrap - * @function - * @param {Uint8Array} key - * @param {Uint8Array} data - * @returns {Uint8Array} - */ - function wrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const P = unpack(data); - let A = IV; - const R = P; - const n = P.length / 2; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 0; j <= 5; ++j) { - for (let i = 0; i < n; ++i) { - t[1] = n * j + (1 + i); - // B = A - B[0] = A[0]; - B[1] = A[1]; - // B = A || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES(K, B) - B = unpack(aes.encrypt(pack(B))); - // A = MSB(64, B) ^ t - A = B.subarray(0, 2); - A[0] ^= t[0]; - A[1] ^= t[1]; - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - return pack(A, R); - } - - /** - * AES key unwrap - * @function - * @param {String} key - * @param {String} data - * @returns {Uint8Array} - * @throws {Error} - */ - function unwrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const C = unpack(data); - let A = C.subarray(0, 2); - const R = C.subarray(2); - const n = C.length / 2 - 1; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 5; j >= 0; --j) { - for (let i = n - 1; i >= 0; --i) { - t[1] = n * j + (i + 1); - // B = A ^ t - B[0] = A[0] ^ t[0]; - B[1] = A[1] ^ t[1]; - // B = (A ^ t) || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES-1(B) - B = unpack(aes.decrypt(pack(B))); - // A = MSB(64, B) - A = B.subarray(0, 2); - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - if (A[0] === IV[0] && A[1] === IV[1]) { - return pack(R); - } - throw new Error('Key Data Integrity failed'); - } - - function createArrayBuffer(data) { - if (util.isString(data)) { - const { length } = data; - const buffer = new ArrayBuffer(length); - const view = new Uint8Array(buffer); - for (let j = 0; j < length; ++j) { - view[j] = data.charCodeAt(j); - } - return buffer; - } - return new Uint8Array(data).buffer; - } - - function unpack(data) { - const { length } = data; - const buffer = createArrayBuffer(data); - const view = new DataView(buffer); - const arr = new Uint32Array(length / 4); - for (let i = 0; i < length / 4; ++i) { - arr[i] = view.getUint32(4 * i); - } - return arr; - } - - function pack() { - let length = 0; - for (let k = 0; k < arguments.length; ++k) { - length += 4 * arguments[k].length; - } - const buffer = new ArrayBuffer(length); - const view = new DataView(buffer); - let offset = 0; - for (let i = 0; i < arguments.length; ++i) { - for (let j = 0; j < arguments[i].length; ++j) { - view.setUint32(offset + 4 * j, arguments[i][j]); - } - offset += 4 * arguments[i].length; - } - return new Uint8Array(buffer); - } - - var aesKW = /*#__PURE__*/Object.freeze({ - __proto__: null, - wrap: wrap, - unwrap: unwrap - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - /** - * @fileoverview Functions to add and remove PKCS5 padding - * @see PublicKeyEncryptedSessionKeyPacket - * @module crypto/pkcs5 - * @private - */ - - /** - * Add pkcs5 padding to a message - * @param {Uint8Array} message - message to pad - * @returns {Uint8Array} Padded message. - */ - function encode$1(message) { - const c = 8 - (message.length % 8); - const padded = new Uint8Array(message.length + c).fill(c); - padded.set(message); - return padded; - } - - /** - * Remove pkcs5 padding from a message - * @param {Uint8Array} message - message to remove padding from - * @returns {Uint8Array} Message without padding. - */ - function decode$1(message) { - const len = message.length; - if (len > 0) { - const c = message[len - 1]; - if (c >= 1) { - const provided = message.subarray(len - c); - const computed = new Uint8Array(c).fill(c); - if (util.equalsUint8Array(provided, computed)) { - return message.subarray(0, len - c); - } - } - } - throw new Error('Invalid padding'); - } - - var pkcs5 = /*#__PURE__*/Object.freeze({ - __proto__: null, - encode: encode$1, - decode: decode$1 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - const webCrypto$8 = util.getWebCrypto(); - const nodeCrypto$9 = util.getNodeCrypto(); - - /** - * Validate ECDH parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDH public point - * @param {Uint8Array} d - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$5(oid, Q, d) { - return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); - } - - // Build Param for ECDH algorithm (RFC 6637) - function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { - return util.concatUint8Array([ - oid.write(), - new Uint8Array([public_algo]), - kdfParams.write(), - util.stringToUint8Array('Anonymous Sender '), - fingerprint.subarray(0, 20) - ]); - } - - // Key Derivation Function (RFC 6637) - async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { - // Note: X is little endian for Curve25519, big-endian for all others. - // This is not ideal, but the RFC's are unclear - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - let i; - if (stripLeading) { - // Work around old go crypto bug - for (i = 0; i < X.length && X[i] === 0; i++); - X = X.subarray(i); - } - if (stripTrailing) { - // Work around old OpenPGP.js bug - for (i = X.length - 1; i >= 0 && X[i] === 0; i--); - X = X.subarray(0, i + 1); - } - const digest = await hash.digest(hashAlgo, util.concatUint8Array([ - new Uint8Array([0, 0, 0, 1]), - X, - param - ])); - return digest.subarray(0, length); - } - - /** - * Generate ECDHE ephemeral key and secret from public key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function genPublicEphemeralKey(curve, Q) { - switch (curve.type) { - case 'curve25519': { - const d = getRandomBytes(32); - const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d); - let { publicKey } = naclFastLight.box.keyPair.fromSecretKey(secretKey); - publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]); - return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPublicEphemeralKey(curve, Q); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePublicEphemeralKey(curve, Q); - } - return ellipticPublicEphemeralKey(curve, Q); - } - - /** - * Encrypt and wrap a session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} data - Unpadded session key data - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} - * @async - */ - async function encrypt$3(oid, kdfParams, data, Q, fingerprint) { - const m = encode$1(data); - - const curve = new CurveWithOID(oid); - const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); - const wrappedKey = wrap(Z, m); - return { publicKey, wrappedKey }; - } - - /** - * Generate ECDHE secret from private key and public part of ephemeral key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function genPrivateEphemeralKey(curve, V, Q, d) { - if (d.length !== curve.payloadSize) { - const privateKey = new Uint8Array(curve.payloadSize); - privateKey.set(d, curve.payloadSize - d.length); - d = privateKey; - } - switch (curve.type) { - case 'curve25519': { - const secretKey = d.slice().reverse(); - const sharedKey = naclFastLight.scalarMult(secretKey, V.subarray(1)); - return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPrivateEphemeralKey(curve, V, Q, d); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePrivateEphemeralKey(curve, V, d); - } - return ellipticPrivateEphemeralKey(curve, V, d); - } - - /** - * Decrypt and unwrap the value derived from session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} C - Encrypted and wrapped value derived from session key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Value derived from session key. - * @async - */ - async function decrypt$3(oid, kdfParams, V, C, Q, d, fingerprint) { - const curve = new CurveWithOID(oid); - const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - let err; - for (let i = 0; i < 3; i++) { - try { - // Work around old go crypto bug and old OpenPGP.js bug, respectively. - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); - return decode$1(unwrap(Z, C)); - } catch (e) { - err = e; - } - } - throw err; - } - - /** - * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function webPrivateEphemeralKey(curve, V, Q, d) { - const recipient = privateToJWK$1(curve.payloadSize, curve.web.web, Q, d); - let privateKey = webCrypto$8.importKey( - 'jwk', - recipient, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V); - let sender = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - [] - ); - [privateKey, sender] = await Promise.all([privateKey, sender]); - let S = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: sender - }, - privateKey, - curve.web.sharedSize - ); - let secret = webCrypto$8.exportKey( - 'jwk', - privateKey - ); - [S, secret] = await Promise.all([S, secret]); - const sharedKey = new Uint8Array(S); - const secretKey = b64ToUint8Array(secret.d); - return { secretKey, sharedKey }; - } - - /** - * Generate ECDHE ephemeral key and secret from public key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function webPublicEphemeralKey(curve, Q) { - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q); - let keyPair = webCrypto$8.generateKey( - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - let recipient = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - false, - [] - ); - [keyPair, recipient] = await Promise.all([keyPair, recipient]); - let s = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: recipient - }, - keyPair.privateKey, - curve.web.sharedSize - ); - let p = webCrypto$8.exportKey( - 'jwk', - keyPair.publicKey - ); - [s, p] = await Promise.all([s, p]); - const sharedKey = new Uint8Array(s); - const publicKey = new Uint8Array(jwkToRawPublic(p)); - return { publicKey, sharedKey }; - } - - /** - * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function ellipticPrivateEphemeralKey(curve, V, d) { - const indutnyCurve = await getIndutnyCurve(curve.name); - V = keyFromPublic(indutnyCurve, V); - d = keyFromPrivate(indutnyCurve, d); - const secretKey = new Uint8Array(d.getPrivate()); - const S = d.derive(V.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { secretKey, sharedKey }; - } - - /** - * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function ellipticPublicEphemeralKey(curve, Q) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const v = await curve.genKeyPair(); - Q = keyFromPublic(indutnyCurve, Q); - const V = keyFromPrivate(indutnyCurve, v.privateKey); - const publicKey = v.publicKey; - const S = V.derive(Q.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { publicKey, sharedKey }; - } - - /** - * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function nodePrivateEphemeralKey(curve, V, d) { - const recipient = nodeCrypto$9.createECDH(curve.node.node); - recipient.setPrivateKey(d); - const sharedKey = new Uint8Array(recipient.computeSecret(V)); - const secretKey = new Uint8Array(recipient.getPrivateKey()); - return { secretKey, sharedKey }; - } - - /** - * Generate ECDHE ephemeral key and secret from public key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ - async function nodePublicEphemeralKey(curve, Q) { - const sender = nodeCrypto$9.createECDH(curve.node.node); - sender.generateKeys(); - const sharedKey = new Uint8Array(sender.computeSecret(Q)); - const publicKey = new Uint8Array(sender.getPublicKey()); - return { publicKey, sharedKey }; - } - - var ecdh = /*#__PURE__*/Object.freeze({ - __proto__: null, - validateParams: validateParams$5, - encrypt: encrypt$3, - decrypt: decrypt$3 - }); - - /** - * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. - * @module crypto/hkdf - * @private - */ - - const webCrypto$9 = util.getWebCrypto(); - const nodeCrypto$a = util.getNodeCrypto(); - const nodeSubtleCrypto = nodeCrypto$a && nodeCrypto$a.webcrypto && nodeCrypto$a.webcrypto.subtle; - - async function HKDF(hashAlgo, inputKey, salt, info, outLen) { - const hash = enums.read(enums.webHash, hashAlgo); - if (!hash) throw new Error('Hash algo not supported with HKDF'); - - if (webCrypto$9 || nodeSubtleCrypto) { - const crypto = webCrypto$9 || nodeSubtleCrypto; - const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); - const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); - return new Uint8Array(bits); - } - - if (nodeCrypto$a) { - const hashAlgoName = enums.read(enums.hash, hashAlgo); - // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869 - - const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto$a.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest(); - // Step 1: Extract - // PRK = HMAC-Hash(salt, IKM) - const pseudoRandomKey = computeHMAC(salt, inputKey); - - const hashLen = pseudoRandomKey.length; - - // Step 2: Expand - // HKDF-Expand(PRK, info, L) -> OKM - const n = Math.ceil(outLen / hashLen); - const outputKeyingMaterial = new Uint8Array(n * hashLen); - - // HMAC input buffer updated at each iteration - const roundInput = new Uint8Array(hashLen + info.length + 1); - // T_i and last byte are updated at each iteration, but `info` remains constant - roundInput.set(info, hashLen); - - for (let i = 0; i < n; i++) { - // T(0) = empty string (zero length) - // T(i) = HMAC-Hash(PRK, T(i-1) | info | i) - roundInput[roundInput.length - 1] = i + 1; - // t = T(i+1) - const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen)); - roundInput.set(t, 0); - - outputKeyingMaterial.set(t, i * hashLen); - } - - return outputKeyingMaterial.subarray(0, outLen); - } - - throw new Error('No HKDF implementation available'); - } - - /** - * @fileoverview Key encryption and decryption for RFC 6637 ECDH - * @module crypto/public_key/elliptic/ecdh - * @private - */ - - const HKDF_INFO = { - x25519: util.encodeUTF8('OpenPGP X25519') - }; - - /** - * Generate ECDH key for Montgomery curves - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} - */ - async function generate$3(algo) { - switch (algo) { - case enums.publicKey.x25519: { - // k stays in little-endian, unlike legacy ECDH over curve25519 - const k = getRandomBytes(32); - const { publicKey: A } = naclFastLight.box.keyPair.fromSecretKey(k); - return { A, k }; - } - default: - throw new Error('Unsupported ECDH algorithm'); - } - } - - /** - * Validate ECDH parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - ECDH public point - * @param {Uint8Array} k - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$6(algo, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(k); - return util.equalsUint8Array(A, publicKey); - } - - default: - return false; - } - } - - /** - * Wrap and encrypt a session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} data - session key data to be encrypted - * @param {Uint8Array} recipientA - Recipient public key (K_B) - * @returns {Promise<{ - * ephemeralPublicKey: Uint8Array, - * wrappedKey: Uint8Array - * }>} ephemeral public key (K_A) and encrypted key - * @async - */ - async function encrypt$4(algo, data, recipientA) { - switch (algo) { - case enums.publicKey.x25519: { - const ephemeralSecretKey = getRandomBytes(32); - const sharedSecret = naclFastLight.scalarMult(ephemeralSecretKey, recipientA); - const { publicKey: ephemeralPublicKey } = naclFastLight.box.keyPair.fromSecretKey(ephemeralSecretKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - recipientA, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - const wrappedKey = wrap(encryptionKey, data); - return { ephemeralPublicKey, wrappedKey }; - } - - default: - throw new Error('Unsupported ECDH algorithm'); - } - } - - /** - * Decrypt and unwrap the session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} ephemeralPublicKey - (K_A) - * @param {Uint8Array} wrappedKey, - * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF - * @param {Uint8Array} k - Recipient secret key (b) - * @returns {Promise} decrypted session key data - * @async - */ - async function decrypt$4(algo, ephemeralPublicKey, wrappedKey, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - const sharedSecret = naclFastLight.scalarMult(k, ephemeralPublicKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - A, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - return unwrap(encryptionKey, wrappedKey); - } - default: - throw new Error('Unsupported ECDH algorithm'); - } - } - - var ecdh_x = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$3, - validateParams: validateParams$6, - encrypt: encrypt$4, - decrypt: decrypt$4 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - var elliptic = /*#__PURE__*/Object.freeze({ - __proto__: null, - CurveWithOID: CurveWithOID, - ecdh: ecdh, - ecdhX: ecdh_x, - ecdsa: ecdsa, - eddsaLegacy: eddsa_legacy, - eddsa: eddsa, - generate: generate$1, - getPreferredHashAlgo: getPreferredHashAlgo - }); - - // GPG4Browsers - An OpenPGP implementation in javascript - - /* - TODO regarding the hash function, read: - https://tools.ietf.org/html/rfc4880#section-13.6 - https://tools.ietf.org/html/rfc4880#section-14 - */ - - /** - * DSA Sign function - * @param {Integer} hashAlgo - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} x - * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} - * @async - */ - async function sign$4(hashAlgo, hashed, g, p, q, x) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - x = new BigInteger(x); - - let k; - let r; - let s; - let t; - g = g.mod(p); - x = x.mod(q); - // If the output size of the chosen hash is larger than the number of - // bits of q, the hash result is truncated to fit by taking the number - // of leftmost bits equal to the number of bits of q. This (possibly - // truncated) hash function result is treated as a number and used - // directly in the DSA signature algorithm. - const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q); - // FIPS-186-4, section 4.6: - // The values of r and s shall be checked to determine if r = 0 or s = 0. - // If either r = 0 or s = 0, a new value of k shall be generated, and the - // signature shall be recalculated. It is extremely unlikely that r = 0 - // or s = 0 if signatures are generated properly. - while (true) { - // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - k = await getRandomBigInteger(one, q); // returns in [1, q-1] - r = g.modExp(k, p).imod(q); // (g**k mod p) mod q - if (r.isZero()) { - continue; - } - const xr = x.mul(r).imod(q); - t = h.add(xr).imod(q); // H(m) + x*r mod q - s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q - if (s.isZero()) { - continue; - } - break; - } - return { - r: r.toUint8Array('be', q.byteLength()), - s: s.toUint8Array('be', q.byteLength()) - }; - } - - /** - * DSA Verify function - * @param {Integer} hashAlgo - * @param {Uint8Array} r - * @param {Uint8Array} s - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} y - * @returns {boolean} - * @async - */ - async function verify$4(hashAlgo, r, s, hashed, g, p, q, y) { - const BigInteger = await util.getBigInteger(); - const zero = new BigInteger(0); - r = new BigInteger(r); - s = new BigInteger(s); - - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - - if (r.lte(zero) || r.gte(q) || - s.lte(zero) || s.gte(q)) { - util.printDebug('invalid DSA Signature'); - return false; - } - const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q); - const w = s.modInv(q); // s**-1 mod q - if (w.isZero()) { - util.printDebug('invalid DSA Signature'); - return false; - } - - g = g.mod(p); - y = y.mod(p); - const u1 = h.mul(w).imod(q); // H(m) * w mod q - const u2 = r.mul(w).imod(q); // r * w mod q - const t1 = g.modExp(u1, p); // g**u1 mod p - const t2 = y.modExp(u2, p); // y**u2 mod p - const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q - return v.equal(r); - } - - /** - * Validate DSA parameters - * @param {Uint8Array} p - DSA prime - * @param {Uint8Array} q - DSA group order - * @param {Uint8Array} g - DSA sub-group generator - * @param {Uint8Array} y - DSA public key - * @param {Uint8Array} x - DSA private key - * @returns {Promise} Whether params are valid. - * @async - */ - async function validateParams$7(p, q, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - /** - * Check that subgroup order q divides p-1 - */ - if (!p.dec().mod(q).isZero()) { - return false; - } - - /** - * g has order q - * Check that g ** q = 1 mod p - */ - if (!g.modExp(q, p).isOne()) { - return false; - } - - /** - * Check q is large and probably prime (we mainly want to avoid small factors) - */ - const qSize = new BigInteger(q.bitLength()); - const n150 = new BigInteger(150); - if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) { - return false; - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{rq + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q - const rqx = q.mul(r).add(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; - } - - var dsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$4, - verify: verify$4, - validateParams: validateParams$7 - }); - - /** - * @fileoverview Asymmetric cryptography functions - * @module crypto/public_key - * @private - */ - - var publicKey = { - /** @see module:crypto/public_key/rsa */ - rsa: rsa, - /** @see module:crypto/public_key/elgamal */ - elgamal: elgamal, - /** @see module:crypto/public_key/elliptic */ - elliptic: elliptic, - /** @see module:crypto/public_key/dsa */ - dsa: dsa, - /** @see tweetnacl */ - nacl: naclFastLight - }; - - /** - * @fileoverview Provides functions for asymmetric signing and signature verification - * @module crypto/signature - * @private - */ - - /** - * Parse signature in binary form to get the parameters. - * The returned values are only padded for EdDSA, since in the other cases their expected length - * depends on the key params, hence we delegate the padding to the signature verification function. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Uint8Array} signature - Data for which the signature was created - * @returns {Promise} True if signature is valid. - * @async - */ - function parseSignatureParams(algo, signature) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA signatures: - // - MPI of RSA signature value m**d mod n. - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const s = util.readMPI(signature.subarray(read)); - // The signature needs to be the same length as the public key modulo n. - // We pad s on signature verification, where we have access to n. - return { s }; - } - // Algorithm-Specific Fields for DSA or ECDSA signatures: - // - MPI of DSA or ECDSA value r. - // - MPI of DSA or ECDSA value s. - case enums.publicKey.dsa: - case enums.publicKey.ecdsa: - { - const r = util.readMPI(signature.subarray(read)); read += r.length + 2; - const s = util.readMPI(signature.subarray(read)); - return { r, s }; - } - // Algorithm-Specific Fields for legacy EdDSA signatures: - // - MPI of an EC point r. - // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsaLegacy: { - // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: - // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 - let r = util.readMPI(signature.subarray(read)); read += r.length + 2; - r = util.leftPad(r, 32); - let s = util.readMPI(signature.subarray(read)); - s = util.leftPad(s, 32); - return { r, s }; - } - // Algorithm-Specific Fields for Ed25519 signatures: - // - 64 octets of the native signature - case enums.publicKey.ed25519: { - const RS = signature.subarray(read, read + 64); read += RS.length; - return { RS }; - } - default: - throw new UnsupportedError('Unknown signature algorithm.'); - } - } - - /** - * Verifies the signature provided for data using specified algorithms and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} signature - Named algorithm-specific signature parameters - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Data for which the signature was created - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} True if signature is valid. - * @async - */ - async function verify$5(algo, hashAlgo, signature, publicParams, data, hashed) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto - return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); - } - case enums.publicKey.dsa: { - const { g, p, q, y } = publicParams; - const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers - return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicParams; - const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; - // padding needed for webcrypto - const r = util.leftPad(signature.r, curveSize); - const s = util.leftPad(signature.s, curveSize); - return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicParams; - // signature already padded on parsing - return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } - } - - /** - * Creates a signature on data using specified algorithms and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters - * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters - * @param {Uint8Array} data - Data to be signed - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} Signature Object containing named signature parameters. - * @async - */ - async function sign$5(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { - if (!publicKeyParams || !privateKeyParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); - return { s }; - } - case enums.publicKey.dsa: { - const { g, p, q } = publicKeyParams; - const { x } = privateKeyParams; - return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); - } - case enums.publicKey.elgamal: { - throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicKeyParams; - const { d } = privateKeyParams; - return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } - } - - var signature = /*#__PURE__*/Object.freeze({ - __proto__: null, - parseSignatureParams: parseSignatureParams, - verify: verify$5, - sign: sign$5 - }); - - // OpenPGP.js - An OpenPGP implementation in javascript - - class ECDHSymmetricKey { - constructor(data) { - if (data) { - this.data = data; - } - } - - /** - * Read an ECDHSymmetricKey from an Uint8Array: - * - 1 octect for the length `l` - * - `l` octects of encoded session key data - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - if (bytes.length >= 1) { - const length = bytes[0]; - if (bytes.length >= 1 + length) { - this.data = bytes.subarray(1, 1 + length); - return 1 + this.data.length; - } - } - throw new Error('Invalid symmetric key'); - } - - /** - * Write an ECDHSymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); - } - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - /** - * Implementation of type KDF parameters - * - * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: - * A key derivation function (KDF) is necessary to implement the EC - * encryption. The Concatenation Key Derivation Function (Approved - * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is - * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. - * @module type/kdf_params - * @private - */ - - class KDFParams { - /** - * @param {enums.hash} hash - Hash algorithm - * @param {enums.symmetric} cipher - Symmetric algorithm - */ - constructor(data) { - if (data) { - const { hash, cipher } = data; - this.hash = hash; - this.cipher = cipher; - } else { - this.hash = null; - this.cipher = null; - } - } - - /** - * Read KDFParams from an Uint8Array - * @param {Uint8Array} input - Where to read the KDFParams from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { - throw new UnsupportedError('Cannot read KDFParams'); - } - this.hash = input[2]; - this.cipher = input[3]; - return 4; - } - - /** - * Write KDFParams to an Uint8Array - * @returns {Uint8Array} Array with the KDFParams value - */ - write() { - return new Uint8Array([3, 1, this.hash, this.cipher]); - } - } - - /** - * Encoded symmetric key for x25519 and x448 - * The payload format varies for v3 and v6 PKESK: - * the former includes an algorithm byte preceeding the encrypted session key. - * - * @module type/x25519x448_symkey - */ - - class ECDHXSymmetricKey { - static fromObject({ wrappedKey, algorithm }) { - const instance = new ECDHXSymmetricKey(); - instance.wrappedKey = wrappedKey; - instance.algorithm = algorithm; - return instance; - } - - /** - * - 1 octect for the length `l` - * - `l` octects of encoded session key data (with optional leading algorithm byte) - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - let read = 0; - let followLength = bytes[read++]; - this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even - followLength -= followLength % 2; - this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength; - } - - /** - * Write an MontgomerySymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([ - this.algorithm ? - new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : - new Uint8Array([this.wrappedKey.length]), - this.wrappedKey - ]); - } - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - /** - * Encrypts data using specified algorithm and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. - * @param {module:enums.publicKey} keyAlgo - Public key algorithm - * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Session key data to be encrypted - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Encrypted session key parameters. - * @async - */ - async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const { n, e } = publicParams; - const c = await publicKey.rsa.encrypt(data, n, e); - return { c }; - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - return publicKey.elgamal.encrypt(data, p, g, y); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicParams; - const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( - oid, kdfParams, data, Q, fingerprint); - return { V, C: new ECDHSymmetricKey(C) }; - } - case enums.publicKey.x25519: { - if (!util.isAES(symmetricAlgo)) { - // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 - throw new Error('X25519 keys can only encrypt AES session keys'); - } - const { A } = publicParams; - const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( - keyAlgo, data, A); - const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); - return { ephemeralPublicKey, C }; - } - default: - return []; - } - } - - /** - * Decrypts data using specified algorithm and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Object} publicKeyParams - Algorithm-specific public key parameters - * @param {Object} privateKeyParams - Algorithm-specific private key parameters - * @param {Object} sessionKeyParams - Encrypted session key parameters - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing - * (needed for constant-time processing in RSA and ElGamal) - * @returns {Promise} Decrypted data. - * @throws {Error} on sensitive decryption error, unless `randomPayload` is given - * @async - */ - async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: { - const { c } = sessionKeyParams; - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); - } - case enums.publicKey.elgamal: { - const { c1, c2 } = sessionKeyParams; - const p = publicKeyParams.p; - const x = privateKeyParams.x; - return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicKeyParams; - const { d } = privateKeyParams; - const { V, C } = sessionKeyParams; - return publicKey.elliptic.ecdh.decrypt( - oid, kdfParams, V, C.data, Q, d, fingerprint); - } - case enums.publicKey.x25519: { - const { A } = publicKeyParams; - const { k } = privateKeyParams; - const { ephemeralPublicKey, C } = sessionKeyParams; - if (!util.isAES(C.algorithm)) { - throw new Error('AES session key expected'); - } - return publicKey.elliptic.ecdhX.decrypt( - algo, ephemeralPublicKey, C.wrappedKey, A, k); - } - default: - throw new Error('Unknown public key encryption algorithm.'); - } - } - - /** - * Parse public key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. - */ - function parsePublicKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; - const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; - return { read, publicParams: { n, e } }; - } - case enums.publicKey.dsa: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, q, g, y } }; - } - case enums.publicKey.elgamal: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, g, y } }; - } - case enums.publicKey.ecdsa: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.eddsaLegacy: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - Q = util.leftPad(Q, 33); - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.ecdh: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); - return { read: read, publicParams: { oid, Q, kdfParams } }; - } - case enums.publicKey.ed25519: - case enums.publicKey.x25519: { - const A = bytes.subarray(read, read + 32); read += A.length; - return { read, publicParams: { A } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } - } - - /** - * Parse private key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @param {Object} publicParams - (ECC only) public params, needed to format some private params - * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. - */ - function parsePrivateKeyParams(algo, bytes, publicParams) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; - return { read, privateParams: { d, p, q, u } }; - } - case enums.publicKey.dsa: - case enums.publicKey.elgamal: { - const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; - return { read, privateParams: { x } }; - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const curve = new CurveWithOID(publicParams.oid); - let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - d = util.leftPad(d, curve.payloadSize); - return { read, privateParams: { d } }; - } - case enums.publicKey.eddsaLegacy: { - const curve = new CurveWithOID(publicParams.oid); - let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; - seed = util.leftPad(seed, curve.payloadSize); - return { read, privateParams: { seed } }; - } - case enums.publicKey.ed25519: { - const seed = bytes.subarray(read, read + 32); read += seed.length; - return { read, privateParams: { seed } }; - } - case enums.publicKey.x25519: { - const k = bytes.subarray(read, read + 32); read += k.length; - return { read, privateParams: { k } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } - } - - /** Returns the types comprising the encrypted session key of an algorithm - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {Object} The session key parameters referenced by name. - */ - function parseEncSessionKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA encrypted session keys: - // - MPI of RSA encrypted value m**e mod n. - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const c = util.readMPI(bytes.subarray(read)); - return { c }; - } - - // Algorithm-Specific Fields for Elgamal encrypted session keys: - // - MPI of Elgamal value g**k mod p - // - MPI of Elgamal value m * y**k mod p - case enums.publicKey.elgamal: { - const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; - const c2 = util.readMPI(bytes.subarray(read)); - return { c1, c2 }; - } - // Algorithm-Specific Fields for ECDH encrypted session keys: - // - MPI containing the ephemeral key used to establish the shared secret - // - ECDH Symmetric Key - case enums.publicKey.ecdh: { - const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; - const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); - return { V, C }; - } - // Algorithm-Specific Fields for X25519 encrypted session keys: - // - 32 octets representing an ephemeral X25519 public key. - // - A one-octet size of the following fields. - // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - // - The encrypted session key. - case enums.publicKey.x25519: { - const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length; - const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); - return { ephemeralPublicKey, C }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } - } - - /** - * Convert params to MPI and serializes them in the proper order - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} params - The key parameters indexed by name - * @returns {Uint8Array} The array containing the MPIs. - */ - function serializeParams(algo, params) { - // Some algorithms do not rely on MPIs to store the binary params - const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]); - const orderedParams = Object.keys(params).map(name => { - const param = params[name]; - if (!util.isUint8Array(param)) return param.write(); - return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); - }); - return util.concatUint8Array(orderedParams); - } - - /** - * Generate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Integer} bits - Bit length for RSA keys - * @param {module:type/oid} oid - Object identifier for ECC keys - * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. - * @async - */ - function generateParams(algo, bits, oid) { - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ - privateParams: { d, p, q, u }, - publicParams: { n, e } - })); - } - case enums.publicKey.ecdsa: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { d: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { seed: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.ecdh: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ - privateParams: { d: secret }, - publicParams: { - oid: new OID(oid), - Q, - kdfParams: new KDFParams({ hash, cipher }) - } - })); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ - privateParams: { seed }, - publicParams: { A } - })); - case enums.publicKey.x25519: - return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ - privateParams: { k }, - publicParams: { A } - })); - case enums.publicKey.dsa: - case enums.publicKey.elgamal: - throw new Error('Unsupported algorithm for key generation.'); - default: - throw new Error('Unknown public key algorithm.'); - } - } - - /** - * Validate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Object} privateParams - Algorithm-specific private key parameters - * @returns {Promise} Whether the parameters are valid. - * @async - */ - async function validateParams$8(algo, publicParams, privateParams) { - if (!publicParams || !privateParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const { d, p, q, u } = privateParams; - return publicKey.rsa.validateParams(n, e, d, p, q, u); - } - case enums.publicKey.dsa: { - const { p, q, g, y } = publicParams; - const { x } = privateParams; - return publicKey.dsa.validateParams(p, q, g, y, x); - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - const { x } = privateParams; - return publicKey.elgamal.validateParams(p, g, y, x); - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; - const { oid, Q } = publicParams; - const { d } = privateParams; - return algoModule.validateParams(oid, Q, d); - } - case enums.publicKey.eddsaLegacy: { - const { Q, oid } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(algo, A, seed); - } - case enums.publicKey.x25519: { - const { A } = publicParams; - const { k } = privateParams; - return publicKey.elliptic.ecdhX.validateParams(algo, A, k); - } - default: - throw new Error('Unknown public key algorithm.'); - } - } - - /** - * Generates a random byte prefix for the specified algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. - * @async - */ - async function getPrefixRandom(algo) { - const { blockSize } = getCipher(algo); - const prefixrandom = await getRandomBytes(blockSize); - const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); - return util.concat([prefixrandom, repeat]); - } - - /** - * Generating a session key for the specified symmetric algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Uint8Array} Random bytes as a string to be used as a key. - */ - function generateSessionKey(algo) { - const { keySize } = getCipher(algo); - return getRandomBytes(keySize); - } - - /** - * Get implementation of the given AEAD mode - * @param {enums.aead} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ - function getAEADMode(algo) { - const algoName = enums.read(enums.aead, algo); - return mode[algoName]; - } - - /** - * Check whether the given curve OID is supported - * @param {module:type/oid} oid - EC object identifier - * @throws {UnsupportedError} if curve is not supported - */ - function checkSupportedCurve(oid) { - try { - oid.getName(); - } catch (e) { - throw new UnsupportedError('Unknown curve OID'); - } - } - - /** - * Get preferred hash algo for a given elliptic algo - * @param {module:enums.publicKey} algo - alrogithm identifier - * @param {module:type/oid} [oid] - curve OID if needed by algo - */ - function getPreferredCurveHashAlgo(algo, oid) { - switch (algo) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.getPreferredHashAlgo(oid); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); - default: - throw new Error('Unknown elliptic signing algo'); - } - } - - var crypto$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - publicKeyEncrypt: publicKeyEncrypt, - publicKeyDecrypt: publicKeyDecrypt, - parsePublicKeyParams: parsePublicKeyParams, - parsePrivateKeyParams: parsePrivateKeyParams, - parseEncSessionKeyParams: parseEncSessionKeyParams, - serializeParams: serializeParams, - generateParams: generateParams, - validateParams: validateParams$8, - getPrefixRandom: getPrefixRandom, - generateSessionKey: generateSessionKey, - getAEADMode: getAEADMode, - getCipher: getCipher, - getPreferredCurveHashAlgo: getPreferredCurveHashAlgo - }); - - /** - * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js - * @see module:crypto/crypto - * @see module:crypto/signature - * @see module:crypto/public_key - * @see module:crypto/cipher - * @see module:crypto/random - * @see module:crypto/hash - * @module crypto - * @private - */ - - // TODO move cfb and gcm to cipher - const mod = { - /** @see module:crypto/cipher */ - cipher: cipher, - /** @see module:crypto/hash */ - hash: hash, - /** @see module:crypto/mode */ - mode: mode, - /** @see module:crypto/public_key */ - publicKey: publicKey, - /** @see module:crypto/signature */ - signature: signature, - /** @see module:crypto/random */ - random: random, - /** @see module:crypto/pkcs1 */ - pkcs1: pkcs1, - /** @see module:crypto/pkcs5 */ - pkcs5: pkcs5, - /** @see module:crypto/aes_kw */ - aesKW: aesKW - }; - - Object.assign(mod, crypto$1); - - var TYPED_OK = typeof Uint8Array !== "undefined" && - typeof Uint16Array !== "undefined" && - typeof Int32Array !== "undefined"; - - - // reduce buffer size, avoiding mem copy - function shrinkBuf(buf, size) { - if (buf.length === size) { - return buf; - } - if (buf.subarray) { - return buf.subarray(0, size); - } - buf.length = size; - return buf; - } - - - const fnTyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - if (src.subarray && dest.subarray) { - dest.set(src.subarray(src_offs, src_offs + len), dest_offs); - return; - } - // Fallback to ordinary array - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - let i, l, len, pos, chunk; - - // calculate data length - len = 0; - for (i = 0, l = chunks.length; i < l; i++) { - len += chunks[i].length; - } - - // join chunks - const result = new Uint8Array(len); - pos = 0; - for (i = 0, l = chunks.length; i < l; i++) { - chunk = chunks[i]; - result.set(chunk, pos); - pos += chunk.length; - } - - return result; - } - }; - - const fnUntyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - return [].concat.apply([], chunks); - } - }; - - - // Enable/Disable typed arrays use, for testing - // - - let Buf8 = TYPED_OK ? Uint8Array : Array; - let Buf16 = TYPED_OK ? Uint16Array : Array; - let Buf32 = TYPED_OK ? Int32Array : Array; - let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks; - let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet; - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - /* Allowed flush values; see deflate() and inflate() below for details */ - const Z_NO_FLUSH = 0; - const Z_PARTIAL_FLUSH = 1; - const Z_SYNC_FLUSH = 2; - const Z_FULL_FLUSH = 3; - const Z_FINISH = 4; - const Z_BLOCK = 5; - const Z_TREES = 6; - - /* Return codes for the compression/decompression functions. Negative values - * are errors, positive values are used for special but normal events. - */ - const Z_OK = 0; - const Z_STREAM_END = 1; - const Z_NEED_DICT = 2; - const Z_STREAM_ERROR = -2; - const Z_DATA_ERROR = -3; - //export const Z_MEM_ERROR = -4; - const Z_BUF_ERROR = -5; - const Z_DEFAULT_COMPRESSION = -1; - - - const Z_FILTERED = 1; - const Z_HUFFMAN_ONLY = 2; - const Z_RLE = 3; - const Z_FIXED = 4; - const Z_DEFAULT_STRATEGY = 0; - - /* Possible values of the data_type field (though see inflate()) */ - const Z_BINARY = 0; - const Z_TEXT = 1; - //export const Z_ASCII = 1; // = Z_TEXT (deprecated) - const Z_UNKNOWN = 2; - - /* The deflate compression method */ - const Z_DEFLATED = 8; - //export const Z_NULL = null // Use -1 or null inline, depending on var type - - /*============================================================================*/ - - - function zero$1(buf) { - let len = buf.length; while (--len >= 0) { - buf[len] = 0; - } - } - - // From zutil.h - - const STORED_BLOCK = 0; - const STATIC_TREES = 1; - const DYN_TREES = 2; - /* The three kinds of block type */ - - const MIN_MATCH = 3; - const MAX_MATCH = 258; - /* The minimum and maximum match lengths */ - - // From deflate.h - /* =========================================================================== - * Internal compression state. - */ - - const LENGTH_CODES = 29; - /* number of length codes, not counting the special END_BLOCK code */ - - const LITERALS = 256; - /* number of literal bytes 0..255 */ - - const L_CODES = LITERALS + 1 + LENGTH_CODES; - /* number of Literal or Length codes, including the END_BLOCK code */ - - const D_CODES = 30; - /* number of distance codes */ - - const BL_CODES = 19; - /* number of codes used to transfer the bit lengths */ - - const HEAP_SIZE = 2 * L_CODES + 1; - /* maximum heap size */ - - const MAX_BITS = 15; - /* All codes must not exceed MAX_BITS bits */ - - const Buf_size = 16; - /* size of bit buffer in bi_buf */ - - - /* =========================================================================== - * Constants - */ - - const MAX_BL_BITS = 7; - /* Bit length codes must not exceed MAX_BL_BITS bits */ - - const END_BLOCK = 256; - /* end of block literal code */ - - const REP_3_6 = 16; - /* repeat previous bit length 3-6 times (2 bits of repeat count) */ - - const REPZ_3_10 = 17; - /* repeat a zero length 3-10 times (3 bits of repeat count) */ - - const REPZ_11_138 = 18; - /* repeat a zero length 11-138 times (7 bits of repeat count) */ - - /* eslint-disable comma-spacing,array-bracket-spacing */ - const extra_lbits = /* extra bits for each length code */ - [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]; - - const extra_dbits = /* extra bits for each distance code */ - [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]; - - const extra_blbits = /* extra bits for each bit length code */ - [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]; - - const bl_order = - [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]; - /* eslint-enable comma-spacing,array-bracket-spacing */ - - /* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - - /* =========================================================================== - * Local data. These are initialized only once. - */ - - // We pre-fill arrays with 0 to avoid uninitialized gaps - - const DIST_CODE_LEN = 512; /* see definition of array dist_code below */ - - // !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1 - const static_ltree = new Array((L_CODES + 2) * 2); - zero$1(static_ltree); - /* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - - const static_dtree = new Array(D_CODES * 2); - zero$1(static_dtree); - /* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - - const _dist_code = new Array(DIST_CODE_LEN); - zero$1(_dist_code); - /* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - - const _length_code = new Array(MAX_MATCH - MIN_MATCH + 1); - zero$1(_length_code); - /* length code for each normalized match length (0 == MIN_MATCH) */ - - const base_length = new Array(LENGTH_CODES); - zero$1(base_length); - /* First normalized length for each code (0 = MIN_MATCH) */ - - const base_dist = new Array(D_CODES); - zero$1(base_dist); - /* First normalized distance for each code (0 = distance of 1) */ - - - function StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) { - - this.static_tree = static_tree; /* static tree or NULL */ - this.extra_bits = extra_bits; /* extra bits for each code or NULL */ - this.extra_base = extra_base; /* base index for extra_bits */ - this.elems = elems; /* max number of elements in the tree */ - this.max_length = max_length; /* max bit length for the codes */ - - // show if `static_tree` has data or dummy - needed for monomorphic objects - this.has_stree = static_tree && static_tree.length; - } - - - let static_l_desc; - let static_d_desc; - let static_bl_desc; - - - function TreeDesc(dyn_tree, stat_desc) { - this.dyn_tree = dyn_tree; /* the dynamic tree */ - this.max_code = 0; /* largest code with non zero frequency */ - this.stat_desc = stat_desc; /* the corresponding static tree */ - } - - - - function d_code(dist) { - return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)]; - } - - - /* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ - function put_short(s, w) { - // put_byte(s, (uch)((w) & 0xff)); - // put_byte(s, (uch)((ush)(w) >> 8)); - s.pending_buf[s.pending++] = w & 0xff; - s.pending_buf[s.pending++] = w >>> 8 & 0xff; - } - - - /* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ - function send_bits(s, value, length) { - if (s.bi_valid > Buf_size - length) { - s.bi_buf |= value << s.bi_valid & 0xffff; - put_short(s, s.bi_buf); - s.bi_buf = value >> Buf_size - s.bi_valid; - s.bi_valid += length - Buf_size; - } else { - s.bi_buf |= value << s.bi_valid & 0xffff; - s.bi_valid += length; - } - } - - - function send_code(s, c, tree) { - send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/); - } - - - /* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ - function bi_reverse(code, len) { - let res = 0; - do { - res |= code & 1; - code >>>= 1; - res <<= 1; - } while (--len > 0); - return res >>> 1; - } - - - /* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ - function bi_flush(s) { - if (s.bi_valid === 16) { - put_short(s, s.bi_buf); - s.bi_buf = 0; - s.bi_valid = 0; - - } else if (s.bi_valid >= 8) { - s.pending_buf[s.pending++] = s.bi_buf & 0xff; - s.bi_buf >>= 8; - s.bi_valid -= 8; - } - } - - - /* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ - function gen_bitlen(s, desc) - // deflate_state *s; - // tree_desc *desc; /* the tree descriptor */ - { - const tree = desc.dyn_tree; - const max_code = desc.max_code; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const extra = desc.stat_desc.extra_bits; - const base = desc.stat_desc.extra_base; - const max_length = desc.stat_desc.max_length; - let h; /* heap index */ - let n, m; /* iterate over the tree elements */ - let bits; /* bit length */ - let xbits; /* extra bits */ - let f; /* frequency */ - let overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) { - s.bl_count[bits] = 0; - } - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */ - - for (h = s.heap_max + 1; h < HEAP_SIZE; h++) { - n = s.heap[h]; - bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1; - if (bits > max_length) { - bits = max_length; - overflow++; - } - tree[n * 2 + 1]/*.Len*/ = bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) { - continue; - } /* not a leaf node */ - - s.bl_count[bits]++; - xbits = 0; - if (n >= base) { - xbits = extra[n - base]; - } - f = tree[n * 2]/*.Freq*/; - s.opt_len += f * (bits + xbits); - if (has_stree) { - s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits); - } - } - if (overflow === 0) { - return; - } - - // Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length - 1; - while (s.bl_count[bits] === 0) { - bits--; - } - s.bl_count[bits]--; /* move one leaf down the tree */ - s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */ - s.bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits !== 0; bits--) { - n = s.bl_count[bits]; - while (n !== 0) { - m = s.heap[--h]; - if (m > max_code) { - continue; - } - if (tree[m * 2 + 1]/*.Len*/ !== bits) { - // Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/; - tree[m * 2 + 1]/*.Len*/ = bits; - } - n--; - } - } - } - - - /* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ - function gen_codes(tree, max_code, bl_count) - // ct_data *tree; /* the tree to decorate */ - // int max_code; /* largest code with non zero frequency */ - // ushf *bl_count; /* number of codes at each bit length */ - { - const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */ - let code = 0; /* running code value */ - let bits; /* bit index */ - let n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = code + bl_count[bits - 1] << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES - 1; code++) { - base_length[code] = length; - for (n = 0; n < 1 << extra_lbits[code]; n++) { - _length_code[length++] = code; - } - } - //Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - _length_code[length - 1] = code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < 1 << extra_dbits[code]; n++) { - _dist_code[dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for (; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < 1 << extra_dbits[code] - 7; n++) { - _dist_code[256 + dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) { - bl_count[bits] = 0; - } - - n = 0; - while (n <= 143) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - while (n <= 255) { - static_ltree[n * 2 + 1]/*.Len*/ = 9; - n++; - bl_count[9]++; - } - while (n <= 279) { - static_ltree[n * 2 + 1]/*.Len*/ = 7; - n++; - bl_count[7]++; - } - while (n <= 287) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes(static_ltree, L_CODES + 1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n * 2 + 1]/*.Len*/ = 5; - static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5); - } - - // Now data ready and we can init static trees - static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS); - static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS); - static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS); - - //static_init_done = true; - } - - - /* =========================================================================== - * Initialize a new block. - */ - function init_block(s) { - let n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) { - s.dyn_ltree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < D_CODES; n++) { - s.dyn_dtree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < BL_CODES; n++) { - s.bl_tree[n * 2]/*.Freq*/ = 0; - } - - s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1; - s.opt_len = s.static_len = 0; - s.last_lit = s.matches = 0; - } - - - /* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ - function bi_windup(s) { - if (s.bi_valid > 8) { - put_short(s, s.bi_buf); - } else if (s.bi_valid > 0) { - //put_byte(s, (Byte)s->bi_buf); - s.pending_buf[s.pending++] = s.bi_buf; - } - s.bi_buf = 0; - s.bi_valid = 0; - } - - /* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ - function copy_block(s, buf, len, header) - //DeflateState *s; - //charf *buf; /* the input data */ - //unsigned len; /* its length */ - //int header; /* true if block header must be written */ - { - bi_windup(s); /* align on byte boundary */ - - if (header) { - put_short(s, len); - put_short(s, ~len); - } - // while (len--) { - // put_byte(s, *buf++); - // } - arraySet(s.pending_buf, s.window, buf, len, s.pending); - s.pending += len; - } - - /* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ - function smaller(tree, n, m, depth) { - const _n2 = n * 2; - const _m2 = m * 2; - return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ || - tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m]; - } - - /* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ - function pqdownheap(s, tree, k) - // deflate_state *s; - // ct_data *tree; /* the tree to restore */ - // int k; /* node to move down */ - { - const v = s.heap[k]; - let j = k << 1; /* left son of k */ - while (j <= s.heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s.heap_len && - smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s.heap[j], s.depth)) { - break; - } - - /* Exchange v with the smallest son */ - s.heap[k] = s.heap[j]; - k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s.heap[k] = v; - } - - - // inlined manually - // var SMALLEST = 1; - - /* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ - function compress_block(s, ltree, dtree) - // deflate_state *s; - // const ct_data *ltree; /* literal tree */ - // const ct_data *dtree; /* distance tree */ - { - let dist; /* distance of matched string */ - let lc; /* match length or unmatched char (if dist == 0) */ - let lx = 0; /* running index in l_buf */ - let code; /* the code to send */ - let extra; /* number of extra bits to send */ - - if (s.last_lit !== 0) { - do { - dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1]; - lc = s.pending_buf[s.l_buf + lx]; - lx++; - - if (dist === 0) { - send_code(s, lc, ltree); /* send a literal byte */ - //Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code + LITERALS + 1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra !== 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - //Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra !== 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - // "pendingBuf overflow"); - - } while (lx < s.last_lit); - } - - send_code(s, END_BLOCK, ltree); - } - - - /* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ - function build_tree(s, desc) - // deflate_state *s; - // tree_desc *desc; /* the tree descriptor */ - { - const tree = desc.dyn_tree; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const elems = desc.stat_desc.elems; - let n, m; /* iterate over heap elements */ - let max_code = -1; /* largest code with non zero frequency */ - let node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s.heap_len = 0; - s.heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n * 2]/*.Freq*/ !== 0) { - s.heap[++s.heap_len] = max_code = n; - s.depth[n] = 0; - - } else { - tree[n * 2 + 1]/*.Len*/ = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s.heap_len < 2) { - node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0; - tree[node * 2]/*.Freq*/ = 1; - s.depth[node] = 0; - s.opt_len--; - - if (has_stree) { - s.static_len -= stree[node * 2 + 1]/*.Len*/; - } - /* node is 0 or 1 so it does not have extra bits */ - } - desc.max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) { - pqdownheap(s, tree, n); - } - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - //pqremove(s, tree, n); /* n = node of least frequency */ - /*** pqremove ***/ - n = s.heap[1/*SMALLEST*/]; - s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--]; - pqdownheap(s, tree, 1/*SMALLEST*/); - /***/ - - m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */ - - s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */ - s.heap[--s.heap_max] = m; - - /* Create a new node father of n and m */ - tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/; - s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1; - tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node; - - /* and insert the new node in the heap */ - s.heap[1/*SMALLEST*/] = node++; - pqdownheap(s, tree, 1/*SMALLEST*/); - - } while (s.heap_len >= 2); - - s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes(tree, max_code, s.bl_count); - } - - - /* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ - function scan_tree(s, tree, max_code) - // deflate_state *s; - // ct_data *tree; /* the tree to be scanned */ - // int max_code; /* and its largest code of non zero frequency */ - { - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - s.bl_tree[curlen * 2]/*.Freq*/ += count; - - } else if (curlen !== 0) { - - if (curlen !== prevlen) { - s.bl_tree[curlen * 2]/*.Freq*/++; - } - s.bl_tree[REP_3_6 * 2]/*.Freq*/++; - - } else if (count <= 10) { - s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++; - - } else { - s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++; - } - - count = 0; - prevlen = curlen; - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } - } - - - /* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ - function send_tree(s, tree, max_code) - // deflate_state *s; - // ct_data *tree; /* the tree to be scanned */ - // int max_code; /* and its largest code of non zero frequency */ - { - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - do { - send_code(s, curlen, s.bl_tree); - } while (--count !== 0); - - } else if (curlen !== 0) { - if (curlen !== prevlen) { - send_code(s, curlen, s.bl_tree); - count--; - } - //Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s.bl_tree); - send_bits(s, count - 3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s.bl_tree); - send_bits(s, count - 3, 3); - - } else { - send_code(s, REPZ_11_138, s.bl_tree); - send_bits(s, count - 11, 7); - } - - count = 0; - prevlen = curlen; - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } - } - - - /* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ - function build_bl_tree(s) { - let max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, s.dyn_ltree, s.l_desc.max_code); - scan_tree(s, s.dyn_dtree, s.d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, s.bl_desc); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) { - if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) { - break; - } - } - /* Update opt_len to include the bit length tree and counts */ - s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4; - //Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - // s->opt_len, s->static_len)); - - return max_blindex; - } - - - /* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ - function send_all_trees(s, lcodes, dcodes, blcodes) - // deflate_state *s; - // int lcodes, dcodes, blcodes; /* number of codes for each tree */ - { - let rank; /* index in bl_order */ - - //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - // "too many codes"); - //Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes - 1, 5); - send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - //Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3); - } - //Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */ - //Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */ - //Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); - } - - - /* =========================================================================== - * Check if the data type is TEXT or BINARY, using the following algorithm: - * - TEXT if the two conditions below are satisfied: - * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). - * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). - * - BINARY otherwise. - * - The following partially-portable control characters form a - * "gray list" that is ignored in this detection algorithm: - * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). - * IN assertion: the fields Freq of dyn_ltree are set. - */ - function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes - * set bits 0..6, 14..25, and 28..31 - * 0xf3ffc07f = binary 11110011111111111100000001111111 - */ - let black_mask = 0xf3ffc07f; - let n; - - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_BINARY; - } - } - - /* Check for textual ("white-listed") bytes. */ - if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || - s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - for (n = 32; n < LITERALS; n++) { - if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - } - - /* There are no "black-listed" or "white-listed" bytes: - * this stream either is empty or has tolerated ("gray-listed") bytes only. - */ - return Z_BINARY; - } - - - let static_init_done = false; - - /* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ - function _tr_init(s) { - - if (!static_init_done) { - tr_static_init(); - static_init_done = true; - } - - s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc); - s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc); - s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc); - - s.bi_buf = 0; - s.bi_valid = 0; - - /* Initialize the first block of the first file: */ - init_block(s); - } - - - /* =========================================================================== - * Send a stored block - */ - function _tr_stored_block(s, buf, stored_len, last) - //DeflateState *s; - //charf *buf; /* input block */ - //ulg stored_len; /* length of input block */ - //int last; /* one if this is the last block for a file */ - { - send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */ - copy_block(s, buf, stored_len, true); /* with header */ - } - - - /* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - */ - function _tr_align(s) { - send_bits(s, STATIC_TREES << 1, 3); - send_code(s, END_BLOCK, static_ltree); - bi_flush(s); - } - - - /* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. - */ - function _tr_flush_block(s, buf, stored_len, last) - //DeflateState *s; - //charf *buf; /* input block, or NULL if too old */ - //ulg stored_len; /* length of input block */ - //int last; /* one if this is the last block for a file */ - { - let opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - let max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s.level > 0) { - - /* Check if the file is binary or text */ - if (s.strm.data_type === Z_UNKNOWN) { - s.strm.data_type = detect_data_type(s); - } - - /* Construct the literal and distance trees */ - build_tree(s, s.l_desc); - // Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - - build_tree(s, s.d_desc); - // Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute the block lengths in bytes. */ - opt_lenb = s.opt_len + 3 + 7 >>> 3; - static_lenb = s.static_len + 3 + 7 >>> 3; - - // Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - // s->last_lit)); - - if (static_lenb <= opt_lenb) { - opt_lenb = static_lenb; - } - - } else { - // Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - - if (stored_len + 4 <= opt_lenb && buf !== -1) { - /* 4: two words for the lengths */ - - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, last); - - } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) { - - send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3); - compress_block(s, static_ltree, static_dtree); - - } else { - send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3); - send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1); - compress_block(s, s.dyn_ltree, s.dyn_dtree); - } - // Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); - - if (last) { - bi_windup(s); - } - // Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - // s->compressed_len-7*last)); - } - - /* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ - function _tr_tally(s, dist, lc) - // deflate_state *s; - // unsigned dist; /* distance of matched string */ - // unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ - { - //var out_length, in_length, dcode; - - s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff; - s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff; - - s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff; - s.last_lit++; - - if (dist === 0) { - /* lc is the unmatched char */ - s.dyn_ltree[lc * 2]/*.Freq*/++; - } else { - s.matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - //Assert((ush)dist < (ush)MAX_DIST(s) && - // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - // (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++; - s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - - //#ifdef TRUNCATE_BLOCK - // /* Try to guess if it is profitable to stop the current block here */ - // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) { - // /* Compute an upper bound for the compressed length */ - // out_length = s.last_lit*8; - // in_length = s.strstart - s.block_start; - // - // for (dcode = 0; dcode < D_CODES; dcode++) { - // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]); - // } - // out_length >>>= 3; - // //Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - // // s->last_lit, in_length, out_length, - // // 100L - out_length*100L/in_length)); - // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) { - // return true; - // } - // } - //#endif - - return s.last_lit === s.lit_bufsize - 1; - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ - } - - // Note: adler32 takes 12% for level 0 and 2% for level 6. - // It isn't worth it to make additional optimizations as in original. - // Small size is preferable. - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - function adler32(adler, buf, len, pos) { - let s1 = adler & 0xffff |0, - s2 = adler >>> 16 & 0xffff |0, - n = 0; - - while (len !== 0) { - // Set limit ~ twice less than 5552, to keep - // s2 in 31-bits, because we force signed ints. - // in other case %= will fail. - n = len > 2000 ? 2000 : len; - len -= n; - - do { - s1 = s1 + buf[pos++] |0; - s2 = s2 + s1 |0; - } while (--n); - - s1 %= 65521; - s2 %= 65521; - } - - return s1 | s2 << 16 |0; - } - - // Note: we can't get significant speed boost here. - // So write code to minimize size - no pregenerated tables - // and array tools dependencies. - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - // Use ordinary array, since untyped makes no boost here - function makeTable() { - let c; - const table = []; - - for (let n = 0; n < 256; n++) { - c = n; - for (let k = 0; k < 8; k++) { - c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1; - } - table[n] = c; - } - - return table; - } - - // Create table on load. Just 255 signed longs. Not a problem. - const crcTable = makeTable(); - - - function crc32(crc, buf, len, pos) { - const t = crcTable, - end = pos + len; - - crc ^= -1; - - for (let i = pos; i < end; i++) { - crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF]; - } - - return crc ^ -1; // >>> 0; - } - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - var msg = { - 2: "need dictionary", /* Z_NEED_DICT 2 */ - 1: "stream end", /* Z_STREAM_END 1 */ - 0: "", /* Z_OK 0 */ - "-1": "file error", /* Z_ERRNO (-1) */ - "-2": "stream error", /* Z_STREAM_ERROR (-2) */ - "-3": "data error", /* Z_DATA_ERROR (-3) */ - "-4": "insufficient memory", /* Z_MEM_ERROR (-4) */ - "-5": "buffer error", /* Z_BUF_ERROR (-5) */ - "-6": "incompatible version" /* Z_VERSION_ERROR (-6) */ - }; - - /*============================================================================*/ - - - const MAX_MEM_LEVEL = 9; - - - const LENGTH_CODES$1 = 29; - /* number of length codes, not counting the special END_BLOCK code */ - const LITERALS$1 = 256; - /* number of literal bytes 0..255 */ - const L_CODES$1 = LITERALS$1 + 1 + LENGTH_CODES$1; - /* number of Literal or Length codes, including the END_BLOCK code */ - const D_CODES$1 = 30; - /* number of distance codes */ - const BL_CODES$1 = 19; - /* number of codes used to transfer the bit lengths */ - const HEAP_SIZE$1 = 2 * L_CODES$1 + 1; - /* maximum heap size */ - const MAX_BITS$1 = 15; - /* All codes must not exceed MAX_BITS bits */ - - const MIN_MATCH$1 = 3; - const MAX_MATCH$1 = 258; - const MIN_LOOKAHEAD = (MAX_MATCH$1 + MIN_MATCH$1 + 1); - - const PRESET_DICT = 0x20; - - const INIT_STATE = 42; - const EXTRA_STATE = 69; - const NAME_STATE = 73; - const COMMENT_STATE = 91; - const HCRC_STATE = 103; - const BUSY_STATE = 113; - const FINISH_STATE = 666; - - const BS_NEED_MORE = 1; /* block not completed, need more input or more output */ - const BS_BLOCK_DONE = 2; /* block flush performed */ - const BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */ - const BS_FINISH_DONE = 4; /* finish done, accept no more input or output */ - - const OS_CODE = 0x03; // Unix :) . Don't detect, use this default. - - function err(strm, errorCode) { - strm.msg = msg[errorCode]; - return errorCode; - } - - function rank(f) { - return ((f) << 1) - ((f) > 4 ? 9 : 0); - } - - function zero$2(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } } - - - /* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->output buffer and copying into it. - * (See also read_buf()). - */ - function flush_pending(strm) { - const s = strm.state; - - //_tr_flush_bits(s); - let len = s.pending; - if (len > strm.avail_out) { - len = strm.avail_out; - } - if (len === 0) { return; } - - arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out); - strm.next_out += len; - s.pending_out += len; - strm.total_out += len; - strm.avail_out -= len; - s.pending -= len; - if (s.pending === 0) { - s.pending_out = 0; - } - } - - - function flush_block_only(s, last) { - _tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last); - s.block_start = s.strstart; - flush_pending(s.strm); - } - - - function put_byte(s, b) { - s.pending_buf[s.pending++] = b; - } - - - /* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ - function putShortMSB(s, b) { - // put_byte(s, (Byte)(b >> 8)); - // put_byte(s, (Byte)(b & 0xff)); - s.pending_buf[s.pending++] = (b >>> 8) & 0xff; - s.pending_buf[s.pending++] = b & 0xff; - } - - - /* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->input buffer and copying from it. - * (See also flush_pending()). - */ - function read_buf(strm, buf, start, size) { - let len = strm.avail_in; - - if (len > size) { len = size; } - if (len === 0) { return 0; } - - strm.avail_in -= len; - - // zmemcpy(buf, strm->next_in, len); - arraySet(buf, strm.input, strm.next_in, len, start); - if (strm.state.wrap === 1) { - strm.adler = adler32(strm.adler, buf, len, start); - } - - else if (strm.state.wrap === 2) { - strm.adler = crc32(strm.adler, buf, len, start); - } - - strm.next_in += len; - strm.total_in += len; - - return len; - } - - - /* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ - function longest_match(s, cur_match) { - let chain_length = s.max_chain_length; /* max hash chain length */ - let scan = s.strstart; /* current string */ - let match; /* matched string */ - let len; /* length of current match */ - let best_len = s.prev_length; /* best match length so far */ - let nice_match = s.nice_match; /* stop if match long enough */ - const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ? - s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/; - - const _win = s.window; // shortcut - - const wmask = s.w_mask; - const prev = s.prev; - - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - - const strend = s.strstart + MAX_MATCH$1; - let scan_end1 = _win[scan + best_len - 1]; - let scan_end = _win[scan + best_len]; - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s.prev_length >= s.good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if (nice_match > s.lookahead) { nice_match = s.lookahead; } - - // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - // Assert(cur_match < s->strstart, "no future"); - match = cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2. Note that the checks below - * for insufficient lookahead only occur occasionally for performance - * reasons. Therefore uninitialized memory will be accessed, and - * conditional jumps will be made that depend on those values. - * However the length of the match is limited to the lookahead, so - * the output of deflate is not affected by the uninitialized values. - */ - - if (_win[match + best_len] !== scan_end || - _win[match + best_len - 1] !== scan_end1 || - _win[match] !== _win[scan] || - _win[++match] !== _win[scan + 1]) { - continue; - } - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2; - match++; - // Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - /*jshint noempty:false*/ - } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - scan < strend); - - // Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH$1 - (strend - scan); - scan = strend - MAX_MATCH$1; - - if (len > best_len) { - s.match_start = cur_match; - best_len = len; - if (len >= nice_match) { - break; - } - scan_end1 = _win[scan + best_len - 1]; - scan_end = _win[scan + best_len]; - } - } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0); - - if (best_len <= s.lookahead) { - return best_len; - } - return s.lookahead; - } - - - /* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ - function fill_window(s) { - const _w_size = s.w_size; - let p, n, m, more, str; - - //Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); - - do { - more = s.window_size - s.lookahead - s.strstart; - - // JS ints have 32 bit, block below not needed - /* Deal with !@#$% 64K limit: */ - //if (sizeof(int) <= 2) { - // if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - // more = wsize; - // - // } else if (more == (unsigned)(-1)) { - // /* Very unlikely, but possible on 16 bit machine if - // * strstart == 0 && lookahead == 1 (input done a byte at time) - // */ - // more--; - // } - //} - - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) { - - arraySet(s.window, s.window, _w_size, _w_size, 0); - s.match_start -= _w_size; - s.strstart -= _w_size; - /* we now have strstart >= MAX_DIST */ - s.block_start -= _w_size; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - - n = s.hash_size; - p = n; - do { - m = s.head[--p]; - s.head[p] = (m >= _w_size ? m - _w_size : 0); - } while (--n); - - n = _w_size; - p = n; - do { - m = s.prev[--p]; - s.prev[p] = (m >= _w_size ? m - _w_size : 0); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += _w_size; - } - if (s.strm.avail_in === 0) { - break; - } - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - //Assert(more >= 2, "more < 2"); - n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more); - s.lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s.lookahead + s.insert >= MIN_MATCH$1) { - str = s.strstart - s.insert; - s.ins_h = s.window[str]; - - /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask; - //#if MIN_MATCH != 3 - // Call update_hash() MIN_MATCH-3 more times - //#endif - while (s.insert) { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = str; - str++; - s.insert--; - if (s.lookahead + s.insert < MIN_MATCH$1) { - break; - } - } - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0); - - /* If the WIN_INIT bytes after the end of the current data have never been - * written, then zero those bytes in order to avoid memory check reports of - * the use of uninitialized (or uninitialised as Julian writes) bytes by - * the longest match routines. Update the high water mark for the next - * time through here. WIN_INIT is set to MAX_MATCH since the longest match - * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. - */ - // if (s.high_water < s.window_size) { - // var curr = s.strstart + s.lookahead; - // var init = 0; - // - // if (s.high_water < curr) { - // /* Previous high water mark below current data -- zero WIN_INIT - // * bytes or up to end of window, whichever is less. - // */ - // init = s.window_size - curr; - // if (init > WIN_INIT) - // init = WIN_INIT; - // zmemzero(s->window + curr, (unsigned)init); - // s->high_water = curr + init; - // } - // else if (s->high_water < (ulg)curr + WIN_INIT) { - // /* High water mark at or above current data, but below current data - // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up - // * to end of window, whichever is less. - // */ - // init = (ulg)curr + WIN_INIT - s->high_water; - // if (init > s->window_size - s->high_water) - // init = s->window_size - s->high_water; - // zmemzero(s->window + s->high_water, (unsigned)init); - // s->high_water += init; - // } - // } - // - // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, - // "not enough room for search"); - } - - /* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ - function deflate_stored(s, flush) { - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - let max_block_size = 0xffff; - - if (max_block_size > s.pending_buf_size - 5) { - max_block_size = s.pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (; ;) { - /* Fill the window as much as possible: */ - if (s.lookahead <= 1) { - - //Assert(s->strstart < s->w_size+MAX_DIST(s) || - // s->block_start >= (long)s->w_size, "slide too late"); - // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) || - // s.block_start >= s.w_size)) { - // throw new Error("slide too late"); - // } - - fill_window(s); - if (s.lookahead === 0 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - - if (s.lookahead === 0) { - break; - } - /* flush the current block */ - } - //Assert(s->block_start >= 0L, "block gone"); - // if (s.block_start < 0) throw new Error("block gone"); - - s.strstart += s.lookahead; - s.lookahead = 0; - - /* Emit a stored block if pending_buf will be full: */ - const max_start = s.block_start + max_block_size; - - if (s.strstart === 0 || s.strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s.lookahead = s.strstart - max_start; - s.strstart = max_start; - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - - - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - - s.insert = 0; - - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - - if (s.strstart > s.block_start) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_NEED_MORE; - } - - /* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ - function deflate_fast(s, flush) { - let hash_head; /* head of the hash chain */ - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { - break; /* flush the current block */ - } - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - } - if (s.match_length >= MIN_MATCH$1) { - // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only - - /*** _tr_tally_dist(s, s.strstart - s.match_start, - s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH$1) { - s.match_length--; /* string at strstart already in table */ - do { - s.strstart++; - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s.match_length !== 0); - s.strstart++; - } else { - s.strstart += s.match_length; - s.match_length = 0; - s.ins_h = s.window[s.strstart]; - /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask; - - //#if MIN_MATCH != 3 - // Call UPDATE_HASH() MIN_MATCH-3 more times - //#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s.window[s.strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = ((s.strstart < (MIN_MATCH$1 - 1)) ? s.strstart : MIN_MATCH$1 - 1); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; - } - - /* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ - function deflate_slow(s, flush) { - let hash_head; /* head of hash chain */ - let bflush; /* set if current block must be flushed */ - - let max_insert; - - /* Process the input block. */ - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - */ - s.prev_length = s.match_length; - s.prev_match = s.match_start; - s.match_length = MIN_MATCH$1 - 1; - - if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match && - s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - - if (s.match_length <= 5 && - (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH$1 && s.strstart - s.match_start > 4096/*TOO_FAR*/))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s.match_length = MIN_MATCH$1 - 1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s.prev_length >= MIN_MATCH$1 && s.match_length <= s.prev_length) { - max_insert = s.strstart + s.lookahead - MIN_MATCH$1; - /* Do not insert strings in hash table beyond this. */ - - //check_match(s, s.strstart-1, s.prev_match, s.prev_length); - - /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match, - s.prev_length - MIN_MATCH, bflush);***/ - bflush = _tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH$1); - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s.lookahead -= s.prev_length - 1; - s.prev_length -= 2; - do { - if (++s.strstart <= max_insert) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - } while (--s.prev_length !== 0); - s.match_available = 0; - s.match_length = MIN_MATCH$1 - 1; - s.strstart++; - - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - } else if (s.match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - if (bflush) { - /*** FLUSH_BLOCK_ONLY(s, 0) ***/ - flush_block_only(s, false); - /***/ - } - s.strstart++; - s.lookahead--; - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s.match_available = 1; - s.strstart++; - s.lookahead--; - } - } - //Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s.match_available) { - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - s.match_available = 0; - } - s.insert = s.strstart < MIN_MATCH$1 - 1 ? s.strstart : MIN_MATCH$1 - 1; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_BLOCK_DONE; - } - - - /* =========================================================================== - * For Z_RLE, simply look for runs of bytes, generate matches only of distance - * one. Do not maintain a hash table. (It will be regenerated if this run of - * deflate switches away from Z_RLE.) - */ - function deflate_rle(s, flush) { - let bflush; /* set if current block must be flushed */ - let prev; /* byte at distance one to match */ - let scan, strend; /* scan goes up to strend for length of run */ - - const _win = s.window; - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the longest run, plus one for the unrolled loop. - */ - if (s.lookahead <= MAX_MATCH$1) { - fill_window(s); - if (s.lookahead <= MAX_MATCH$1 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* See how many times the previous byte repeats */ - s.match_length = 0; - if (s.lookahead >= MIN_MATCH$1 && s.strstart > 0) { - scan = s.strstart - 1; - prev = _win[scan]; - if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) { - strend = s.strstart + MAX_MATCH$1; - do { - /*jshint noempty:false*/ - } while (prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - scan < strend); - s.match_length = MAX_MATCH$1 - (strend - scan); - if (s.match_length > s.lookahead) { - s.match_length = s.lookahead; - } - } - //Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); - } - - /* Emit match if have run of MIN_MATCH or longer, else emit literal */ - if (s.match_length >= MIN_MATCH$1) { - //check_match(s, s.strstart, s.strstart - 1, s.match_length); - - /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, 1, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - s.strstart += s.match_length; - s.match_length = 0; - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; - } - - /* =========================================================================== - * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. - * (It will be regenerated if this run of deflate switches away from Huffman.) - */ - function deflate_huff(s, flush) { - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we have a literal to write. */ - if (s.lookahead === 0) { - fill_window(s); - if (s.lookahead === 0) { - if (flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - break; /* flush the current block */ - } - } - - /* Output a literal byte */ - s.match_length = 0; - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - s.lookahead--; - s.strstart++; - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; - } - - /* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ - class Config { - constructor(good_length, max_lazy, nice_length, max_chain, func) { - this.good_length = good_length; - this.max_lazy = max_lazy; - this.nice_length = nice_length; - this.max_chain = max_chain; - this.func = func; - } - } - const configuration_table = [ - /* good lazy nice chain */ - new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */ - new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */ - new Config(4, 5, 16, 8, deflate_fast), /* 2 */ - new Config(4, 6, 32, 32, deflate_fast), /* 3 */ - - new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */ - new Config(8, 16, 32, 32, deflate_slow), /* 5 */ - new Config(8, 16, 128, 128, deflate_slow), /* 6 */ - new Config(8, 32, 128, 256, deflate_slow), /* 7 */ - new Config(32, 128, 258, 1024, deflate_slow), /* 8 */ - new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */ - ]; - - - /* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ - function lm_init(s) { - s.window_size = 2 * s.w_size; - - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - - /* Set the default configuration parameters: - */ - s.max_lazy_match = configuration_table[s.level].max_lazy; - s.good_match = configuration_table[s.level].good_length; - s.nice_match = configuration_table[s.level].nice_length; - s.max_chain_length = configuration_table[s.level].max_chain; - - s.strstart = 0; - s.block_start = 0; - s.lookahead = 0; - s.insert = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - s.ins_h = 0; - } - - class DeflateState { - constructor() { - this.strm = null; /* pointer back to this zlib stream */ - this.status = 0; /* as the name implies */ - this.pending_buf = null; /* output still pending */ - this.pending_buf_size = 0; /* size of pending_buf */ - this.pending_out = 0; /* next pending byte to output to the stream */ - this.pending = 0; /* nb of bytes in the pending buffer */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.gzhead = null; /* gzip header information to write */ - this.gzindex = 0; /* where in extra, name, or comment */ - this.method = Z_DEFLATED; /* can only be DEFLATED */ - this.last_flush = -1; /* value of flush param for previous deflate call */ - - this.w_size = 0; /* LZ77 window size (32K by default) */ - this.w_bits = 0; /* log2(w_size) (8..16) */ - this.w_mask = 0; /* w_size - 1 */ - - this.window = null; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. - */ - - this.window_size = 0; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - this.prev = null; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - this.head = null; /* Heads of the hash chains or NIL. */ - - this.ins_h = 0; /* hash index of string to be inserted */ - this.hash_size = 0; /* number of elements in hash table */ - this.hash_bits = 0; /* log2(hash_size) */ - this.hash_mask = 0; /* hash_size-1 */ - - this.hash_shift = 0; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - this.block_start = 0; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - this.match_length = 0; /* length of best match */ - this.prev_match = 0; /* previous match */ - this.match_available = 0; /* set if previous match exists */ - this.strstart = 0; /* start of string to insert */ - this.match_start = 0; /* start of matching string */ - this.lookahead = 0; /* number of valid bytes ahead in window */ - - this.prev_length = 0; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - this.max_chain_length = 0; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - this.max_lazy_match = 0; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ - // That's alias to max_lazy_match, don't use directly - //this.max_insert_length = 0; - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - this.level = 0; /* compression level (1..9) */ - this.strategy = 0; /* favor or force Huffman coding*/ - - this.good_match = 0; - /* Use a faster search when the previous match is longer than this */ - - this.nice_match = 0; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - - /* Didn't use ct_data typedef below to suppress compiler warning */ - - // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - // Use flat array of DOUBLE size, with interleaved fata, - // because JS does not support effective - this.dyn_ltree = new Buf16(HEAP_SIZE$1 * 2); - this.dyn_dtree = new Buf16((2 * D_CODES$1 + 1) * 2); - this.bl_tree = new Buf16((2 * BL_CODES$1 + 1) * 2); - zero$2(this.dyn_ltree); - zero$2(this.dyn_dtree); - zero$2(this.bl_tree); - - this.l_desc = null; /* desc. for literal tree */ - this.d_desc = null; /* desc. for distance tree */ - this.bl_desc = null; /* desc. for bit length tree */ - - //ush bl_count[MAX_BITS+1]; - this.bl_count = new Buf16(MAX_BITS$1 + 1); - /* number of codes at each bit length for an optimal tree */ - - //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - this.heap = new Buf16(2 * L_CODES$1 + 1); /* heap used to build the Huffman trees */ - zero$2(this.heap); - - this.heap_len = 0; /* number of elements in the heap */ - this.heap_max = 0; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - this.depth = new Buf16(2 * L_CODES$1 + 1); //uch depth[2*L_CODES+1]; - zero$2(this.depth); - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - this.l_buf = 0; /* buffer index for literals or lengths */ - - this.lit_bufsize = 0; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - this.last_lit = 0; /* running index in l_buf */ - - this.d_buf = 0; - /* Buffer index for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - this.opt_len = 0; /* bit length of current block with optimal trees */ - this.static_len = 0; /* bit length of current block with static trees */ - this.matches = 0; /* number of string matches in current block */ - this.insert = 0; /* bytes at end of window left to insert */ - - - this.bi_buf = 0; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - this.bi_valid = 0; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - - // Used for window memory init. We safely ignore it for JS. That makes - // sense only for pointers and memory check tools. - //this.high_water = 0; - /* High water mark offset in window for initialized bytes -- bytes above - * this are set to zero in order to avoid memory check warnings when - * longest match routines access bytes past the input. This is then - * updated to the new high water mark. - */ - } - } - - function deflateResetKeep(strm) { - let s; - - if (!strm || !strm.state) { - return err(strm, Z_STREAM_ERROR); - } - - strm.total_in = strm.total_out = 0; - strm.data_type = Z_UNKNOWN; - - s = strm.state; - s.pending = 0; - s.pending_out = 0; - - if (s.wrap < 0) { - s.wrap = -s.wrap; - /* was made negative by deflate(..., Z_FINISH); */ - } - s.status = (s.wrap ? INIT_STATE : BUSY_STATE); - strm.adler = (s.wrap === 2) ? - 0 // crc32(0, Z_NULL, 0) - : - 1; // adler32(0, Z_NULL, 0) - s.last_flush = Z_NO_FLUSH; - _tr_init(s); - return Z_OK; - } - - - function deflateReset(strm) { - const ret = deflateResetKeep(strm); - if (ret === Z_OK) { - lm_init(strm.state); - } - return ret; - } - - - function deflateSetHeader(strm, head) { - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; } - strm.state.gzhead = head; - return Z_OK; - } - - - function deflateInit2(strm, level, method, windowBits, memLevel, strategy) { - if (!strm) { // === Z_NULL - return Z_STREAM_ERROR; - } - let wrap = 1; - - if (level === Z_DEFAULT_COMPRESSION) { - level = 6; - } - - if (windowBits < 0) { /* suppress zlib wrapper */ - wrap = 0; - windowBits = -windowBits; - } - - else if (windowBits > 15) { - wrap = 2; /* write gzip wrapper instead */ - windowBits -= 16; - } - - - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_FIXED) { - return err(strm, Z_STREAM_ERROR); - } - - - if (windowBits === 8) { - windowBits = 9; - } - /* until 256-byte window bug fixed */ - - const s = new DeflateState(); - - strm.state = s; - s.strm = strm; - - s.wrap = wrap; - s.gzhead = null; - s.w_bits = windowBits; - s.w_size = 1 << s.w_bits; - s.w_mask = s.w_size - 1; - - s.hash_bits = memLevel + 7; - s.hash_size = 1 << s.hash_bits; - s.hash_mask = s.hash_size - 1; - s.hash_shift = ~~((s.hash_bits + MIN_MATCH$1 - 1) / MIN_MATCH$1); - s.window = new Buf8(s.w_size * 2); - s.head = new Buf16(s.hash_size); - s.prev = new Buf16(s.w_size); - - // Don't need mem init magic for JS. - //s.high_water = 0; /* nothing written to s->window yet */ - - s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s.pending_buf_size = s.lit_bufsize * 4; - - //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - //s->pending_buf = (uchf *) overlay; - s.pending_buf = new Buf8(s.pending_buf_size); - - // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`) - //s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s.d_buf = 1 * s.lit_bufsize; - - //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - s.l_buf = (1 + 2) * s.lit_bufsize; - - s.level = level; - s.strategy = strategy; - s.method = method; - - return deflateReset(strm); - } - - - function deflate(strm, flush) { - let old_flush, s; - let beg, val; // for gzip header write only - - if (!strm || !strm.state || - flush > Z_BLOCK || flush < 0) { - return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR; - } - - s = strm.state; - - if (!strm.output || - (!strm.input && strm.avail_in !== 0) || - (s.status === FINISH_STATE && flush !== Z_FINISH)) { - return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR); - } - - s.strm = strm; /* just in case */ - old_flush = s.last_flush; - s.last_flush = flush; - - /* Write the header */ - if (s.status === INIT_STATE) { - - if (s.wrap === 2) { // GZIP header - strm.adler = 0; //crc32(0L, Z_NULL, 0); - put_byte(s, 31); - put_byte(s, 139); - put_byte(s, 8); - if (!s.gzhead) { // s->gzhead == Z_NULL - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, OS_CODE); - s.status = BUSY_STATE; - } - else { - put_byte(s, (s.gzhead.text ? 1 : 0) + - (s.gzhead.hcrc ? 2 : 0) + - (!s.gzhead.extra ? 0 : 4) + - (!s.gzhead.name ? 0 : 8) + - (!s.gzhead.comment ? 0 : 16) - ); - put_byte(s, s.gzhead.time & 0xff); - put_byte(s, (s.gzhead.time >> 8) & 0xff); - put_byte(s, (s.gzhead.time >> 16) & 0xff); - put_byte(s, (s.gzhead.time >> 24) & 0xff); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, s.gzhead.os & 0xff); - if (s.gzhead.extra && s.gzhead.extra.length) { - put_byte(s, s.gzhead.extra.length & 0xff); - put_byte(s, (s.gzhead.extra.length >> 8) & 0xff); - } - if (s.gzhead.hcrc) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0); - } - s.gzindex = 0; - s.status = EXTRA_STATE; - } - } - else // DEFLATE header - { - let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8; - let level_flags = -1; - - if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) { - level_flags = 0; - } else if (s.level < 6) { - level_flags = 1; - } else if (s.level === 6) { - level_flags = 2; - } else { - level_flags = 3; - } - header |= (level_flags << 6); - if (s.strstart !== 0) { header |= PRESET_DICT; } - header += 31 - (header % 31); - - s.status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s.strstart !== 0) { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - strm.adler = 1; // adler32(0L, Z_NULL, 0); - } - } - - //#ifdef GZIP - if (s.status === EXTRA_STATE) { - if (s.gzhead.extra/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - - while (s.gzindex < (s.gzhead.extra.length & 0xffff)) { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - break; - } - } - put_byte(s, s.gzhead.extra[s.gzindex] & 0xff); - s.gzindex++; - } - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (s.gzindex === s.gzhead.extra.length) { - s.gzindex = 0; - s.status = NAME_STATE; - } - } - else { - s.status = NAME_STATE; - } - } - if (s.status === NAME_STATE) { - if (s.gzhead.name/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.name.length) { - val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.gzindex = 0; - s.status = COMMENT_STATE; - } - } - else { - s.status = COMMENT_STATE; - } - } - if (s.status === COMMENT_STATE) { - if (s.gzhead.comment/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.comment.length) { - val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.status = HCRC_STATE; - } - } - else { - s.status = HCRC_STATE; - } - } - if (s.status === HCRC_STATE) { - if (s.gzhead.hcrc) { - if (s.pending + 2 > s.pending_buf_size) { - flush_pending(strm); - } - if (s.pending + 2 <= s.pending_buf_size) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - strm.adler = 0; //crc32(0L, Z_NULL, 0); - s.status = BUSY_STATE; - } - } - else { - s.status = BUSY_STATE; - } - } - //#endif - - /* Flush as much pending output as possible */ - if (s.pending !== 0) { - flush_pending(strm); - if (strm.avail_out === 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s.last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUF_ERROR. - */ - } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) && - flush !== Z_FINISH) { - return err(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s.status === FINISH_STATE && strm.avail_in !== 0) { - return err(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm.avail_in !== 0 || s.lookahead !== 0 || - (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) { - var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) : - (s.strategy === Z_RLE ? deflate_rle(s, flush) : - configuration_table[s.level].func(s, flush)); - - if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) { - s.status = FINISH_STATE; - } - if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) { - if (strm.avail_out === 0) { - s.last_flush = -1; - /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate === BS_BLOCK_DONE) { - if (flush === Z_PARTIAL_FLUSH) { - _tr_align(s); - } - else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ - - _tr_stored_block(s, 0, 0, false); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush === Z_FULL_FLUSH) { - /*** CLEAR_HASH(s); ***/ /* forget history */ - zero$2(s.head); // Fill with NIL (= 0); - - if (s.lookahead === 0) { - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - } - } - flush_pending(strm); - if (strm.avail_out === 0) { - s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - //Assert(strm->avail_out > 0, "bug2"); - //if (strm.avail_out <= 0) { throw new Error("bug2");} - - if (flush !== Z_FINISH) { return Z_OK; } - if (s.wrap <= 0) { return Z_STREAM_END; } - - /* Write the trailer */ - if (s.wrap === 2) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - put_byte(s, (strm.adler >> 16) & 0xff); - put_byte(s, (strm.adler >> 24) & 0xff); - put_byte(s, strm.total_in & 0xff); - put_byte(s, (strm.total_in >> 8) & 0xff); - put_byte(s, (strm.total_in >> 16) & 0xff); - put_byte(s, (strm.total_in >> 24) & 0xff); - } - else { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - if (s.wrap > 0) { s.wrap = -s.wrap; } - /* write the trailer only once! */ - return s.pending !== 0 ? Z_OK : Z_STREAM_END; - } - - function deflateEnd(strm) { - let status; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - status = strm.state.status; - if (status !== INIT_STATE && - status !== EXTRA_STATE && - status !== NAME_STATE && - status !== COMMENT_STATE && - status !== HCRC_STATE && - status !== BUSY_STATE && - status !== FINISH_STATE - ) { - return err(strm, Z_STREAM_ERROR); - } - - strm.state = null; - - return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK; - } - - - /* ========================================================================= - * Initializes the compression dictionary from the given byte - * sequence without producing any compressed output. - */ - function deflateSetDictionary(strm, dictionary) { - let dictLength = dictionary.length; - - let s; - let str, n; - let wrap; - let avail; - let next; - let input; - let tmpDict; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - s = strm.state; - wrap = s.wrap; - - if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) { - return Z_STREAM_ERROR; - } - - /* when using zlib wrappers, compute Adler-32 for provided dictionary */ - if (wrap === 1) { - /* adler32(strm->adler, dictionary, dictLength); */ - strm.adler = adler32(strm.adler, dictionary, dictLength, 0); - } - - s.wrap = 0; /* avoid computing Adler-32 in read_buf */ - - /* if dictionary would fill window, just replace the history */ - if (dictLength >= s.w_size) { - if (wrap === 0) { /* already empty otherwise */ - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - /* use the tail */ - // dictionary = dictionary.slice(dictLength - s.w_size); - tmpDict = new Buf8(s.w_size); - arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0); - dictionary = tmpDict; - dictLength = s.w_size; - } - /* insert dictionary into window and hash */ - avail = strm.avail_in; - next = strm.next_in; - input = strm.input; - strm.avail_in = dictLength; - strm.next_in = 0; - strm.input = dictionary; - fill_window(s); - while (s.lookahead >= MIN_MATCH$1) { - str = s.strstart; - n = s.lookahead - (MIN_MATCH$1 - 1); - do { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - - s.head[s.ins_h] = str; - str++; - } while (--n); - s.strstart = str; - s.lookahead = MIN_MATCH$1 - 1; - fill_window(s); - } - s.strstart += s.lookahead; - s.block_start = s.strstart; - s.insert = s.lookahead; - s.lookahead = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - strm.next_in = next; - strm.input = input; - strm.avail_in = avail; - s.wrap = wrap; - return Z_OK; - } - - /* Not implemented - exports.deflateBound = deflateBound; - exports.deflateCopy = deflateCopy; - exports.deflateParams = deflateParams; - exports.deflatePending = deflatePending; - exports.deflatePrime = deflatePrime; - exports.deflateTune = deflateTune; - */ - - // String encode/decode helpers - - try { - String.fromCharCode.apply(null, [ 0 ]); - } catch (__) { - } - try { - String.fromCharCode.apply(null, new Uint8Array(1)); - } catch (__) { - } - - - // Table with utf8 lengths (calculated by first byte of sequence) - // Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS, - // because max possible codepoint is 0x10ffff - const _utf8len = new Buf8(256); - for (let q = 0; q < 256; q++) { - _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1; - } - _utf8len[254] = _utf8len[254] = 1; // Invalid sequence start - - - // convert string to array (typed, when possible) - function string2buf (str) { - let c, c2, m_pos, i, buf_len = 0; - const str_len = str.length; - - // count binary size - for (m_pos = 0; m_pos < str_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4; - } - - // allocate buffer - const buf = new Buf8(buf_len); - - // convert - for (i = 0, m_pos = 0; i < buf_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - if (c < 0x80) { - /* one byte */ - buf[i++] = c; - } else if (c < 0x800) { - /* two bytes */ - buf[i++] = 0xC0 | c >>> 6; - buf[i++] = 0x80 | c & 0x3f; - } else if (c < 0x10000) { - /* three bytes */ - buf[i++] = 0xE0 | c >>> 12; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } else { - /* four bytes */ - buf[i++] = 0xf0 | c >>> 18; - buf[i++] = 0x80 | c >>> 12 & 0x3f; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } - } - - return buf; - } - - - // Convert binary string (typed, when possible) - function binstring2buf (str) { - const buf = new Buf8(str.length); - for (let i = 0, len = buf.length; i < len; i++) { - buf[i] = str.charCodeAt(i); - } - return buf; - } - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - class ZStream { - constructor() { - /* next input byte */ - this.input = null; // JS specific, because we have no pointers - this.next_in = 0; - /* number of bytes available at input */ - this.avail_in = 0; - /* total number of input bytes read so far */ - this.total_in = 0; - /* next output byte should be put there */ - this.output = null; // JS specific, because we have no pointers - this.next_out = 0; - /* remaining free space at output */ - this.avail_out = 0; - /* total number of bytes output so far */ - this.total_out = 0; - /* last error message, NULL if no error */ - this.msg = ''/*Z_NULL*/; - /* not visible by applications */ - this.state = null; - /* best guess about the data type: binary or text */ - this.data_type = 2/*Z_UNKNOWN*/; - /* adler32 value of the uncompressed data */ - this.adler = 0; - } - } - - /* ===========================================================================*/ - - - /** - * class Deflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[deflate]], - * [[deflateRaw]] and [[gzip]]. - **/ - - /* internal - * Deflate.chunks -> Array - * - * Chunks of output data, if [[Deflate#onData]] not overridden. - **/ - - /** - * Deflate.result -> Uint8Array|Array - * - * Compressed result, generated by default [[Deflate#onData]] - * and [[Deflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Deflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - - /** - * Deflate.err -> Number - * - * Error code after deflate finished. 0 (Z_OK) on success. - * You will not need it in real life, because deflate errors - * are possible only on wrong options or bad `onData` / `onEnd` - * custom handlers. - **/ - - /** - * Deflate.msg -> String - * - * Error message, if [[Deflate.err]] != 0 - **/ - - - /** - * new Deflate(options) - * - options (Object): zlib deflate options. - * - * Creates new deflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `level` - * - `windowBits` - * - `memLevel` - * - `strategy` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw deflate - * - `gzip` (Boolean) - create gzip wrapper - * - `to` (String) - if equal to 'string', then result will be "binary string" - * (each char code [0..255]) - * - `header` (Object) - custom header for gzip - * - `text` (Boolean) - true if compressed data believed to be text - * - `time` (Number) - modification time, unix timestamp - * - `os` (Number) - operation system code - * - `extra` (Array) - array of bytes with extra data (max 65536) - * - `name` (String) - file name (binary string) - * - `comment` (String) - comment (binary string) - * - `hcrc` (Boolean) - true if header crc should be added - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var deflate = new pako.Deflate({ level: 3}); - * - * deflate.push(chunk1, false); - * deflate.push(chunk2, true); // true -> last chunk - * - * if (deflate.err) { throw new Error(deflate.err); } - * - * console.log(deflate.result); - * ``` - **/ - - class Deflate { - constructor(options) { - this.options = { - level: Z_DEFAULT_COMPRESSION, - method: Z_DEFLATED, - chunkSize: 16384, - windowBits: 15, - memLevel: 8, - strategy: Z_DEFAULT_STRATEGY, - ...(options || {}) - }; - - const opt = this.options; - - if (opt.raw && (opt.windowBits > 0)) { - opt.windowBits = -opt.windowBits; - } - - else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) { - opt.windowBits += 16; - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - var status = deflateInit2( - this.strm, - opt.level, - opt.method, - opt.windowBits, - opt.memLevel, - opt.strategy - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - if (opt.header) { - deflateSetHeader(this.strm, opt.header); - } - - if (opt.dictionary) { - let dict; - // Convert data if needed - if (typeof opt.dictionary === 'string') { - // If we need to compress text, change encoding to utf8. - dict = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - dict = new Uint8Array(opt.dictionary); - } else { - dict = opt.dictionary; - } - - status = deflateSetDictionary(this.strm, dict); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this._dict_set = true; - } - } - - /** - * Deflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be - * converted to utf8 byte sequence. - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with - * new compressed chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the compression context. - * - * On fail call [[Deflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * array format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize } } = this; - var status, _mode; - - if (this.ended) { return false; } - - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // If we need to compress text, change encoding to utf8. - strm.input = string2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = deflate(strm, _mode); /* no bad return value */ - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = deflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - /** - * Deflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - /** - * Deflate#onEnd(status) -> Void - * - status (Number): deflate status. 0 (Z_OK) on success, - * other if not. - * - * Called once after you tell deflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; - } - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - // See state defs from inflate.js - const BAD = 30; /* got a data error -- remain here until reset */ - const TYPE = 12; /* i: waiting for type bits, including last-flag bit */ - - /* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is - available, an end-of-block is encountered, or a data error is encountered. - When large enough input and output buffers are supplied to inflate(), for - example, a 16K input buffer and a 64K output buffer, more than 95% of the - inflate execution time is spent in this routine. - - Entry assumptions: - - state.mode === LEN - strm.avail_in >= 6 - strm.avail_out >= 258 - start >= strm.avail_out - state.bits < 8 - - On return, state.mode is one of: - - LEN -- ran out of enough output space or enough available input - TYPE -- reached end of block code, inflate() to interpret next block - BAD -- error in block data - - Notes: - - - The maximum input bits used by a length/distance pair is 15 bits for the - length code, 5 bits for the length extra, 15 bits for the distance code, - and 13 bits for the distance extra. This totals 48 bits, or six bytes. - Therefore if strm.avail_in >= 6, then there is enough input to avoid - checking for available input while decoding. - - - The maximum bytes that a single length/distance pair can output is 258 - bytes, which is the maximum length that can be coded. inflate_fast() - requires strm.avail_out >= 258 for each loop to avoid checking for - output space. - */ - function inflate_fast(strm, start) { - let _in; /* local strm.input */ - let _out; /* local strm.output */ - // Use `s_window` instead `window`, avoid conflict with instrumentation tools - let hold; /* local strm.hold */ - let bits; /* local strm.bits */ - let here; /* retrieved table entry */ - let op; /* code bits, operation, extra bits, or */ - /* window position, window bytes to copy */ - let len; /* match length, unused bytes */ - let dist; /* match distance */ - let from; /* where to copy match from */ - let from_source; - - - - /* copy state to local variables */ - const state = strm.state; - //here = state.here; - _in = strm.next_in; - const input = strm.input; - const last = _in + (strm.avail_in - 5); - _out = strm.next_out; - const output = strm.output; - const beg = _out - (start - strm.avail_out); - const end = _out + (strm.avail_out - 257); - //#ifdef INFLATE_STRICT - const dmax = state.dmax; - //#endif - const wsize = state.wsize; - const whave = state.whave; - const wnext = state.wnext; - const s_window = state.window; - hold = state.hold; - bits = state.bits; - const lcode = state.lencode; - const dcode = state.distcode; - const lmask = (1 << state.lenbits) - 1; - const dmask = (1 << state.distbits) - 1; - - - /* decode literals and length/distances until end-of-block or not enough - input data or output space */ - - top: - do { - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - - here = lcode[hold & lmask]; - - dolen: - for (;;) { // Goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - if (op === 0) { /* literal */ - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - output[_out++] = here & 0xffff/*here.val*/; - } else if (op & 16) { /* length base */ - len = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - len += hold & (1 << op) - 1; - hold >>>= op; - bits -= op; - } - //Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - here = dcode[hold & dmask]; - - dodist: - for (;;) { // goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - - if (op & 16) { /* distance base */ - dist = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - } - dist += hold & (1 << op) - 1; - //#ifdef INFLATE_STRICT - if (dist > dmax) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - //#endif - hold >>>= op; - bits -= op; - //Tracevv((stderr, "inflate: distance %u\n", dist)); - op = _out - beg; /* max distance in output */ - if (dist > op) { /* see if copy from window */ - op = dist - op; /* distance back in window */ - if (op > whave) { - if (state.sane) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // if (len <= op - whave) { - // do { - // output[_out++] = 0; - // } while (--len); - // continue top; - // } - // len -= op - whave; - // do { - // output[_out++] = 0; - // } while (--op > whave); - // if (op === 0) { - // from = _out - dist; - // do { - // output[_out++] = output[from++]; - // } while (--len); - // continue top; - // } - //#endif - } - from = 0; // window index - from_source = s_window; - if (wnext === 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; - if (op < len) { /* some from end of window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = 0; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - } else { /* contiguous in window */ - from += wnext - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - while (len > 2) { - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - len -= 3; - } - if (len) { - output[_out++] = from_source[from++]; - if (len > 1) { - output[_out++] = from_source[from++]; - } - } - } else { - from = _out - dist; /* copy direct from output */ - do { /* minimum length is three */ - output[_out++] = output[from++]; - output[_out++] = output[from++]; - output[_out++] = output[from++]; - len -= 3; - } while (len > 2); - if (len) { - output[_out++] = output[from++]; - if (len > 1) { - output[_out++] = output[from++]; - } - } - } - } else if ((op & 64) === 0) { /* 2nd level distance code */ - here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dodist; - } else { - strm.msg = "invalid distance code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } else if ((op & 64) === 0) { /* 2nd level length code */ - here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dolen; - } else if (op & 32) { /* end-of-block */ - //Tracevv((stderr, "inflate: end of block\n")); - state.mode = TYPE; - break top; - } else { - strm.msg = "invalid literal/length code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } while (_in < last && _out < end); - - /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ - len = bits >> 3; - _in -= len; - bits -= len << 3; - hold &= (1 << bits) - 1; - - /* update state and return */ - strm.next_in = _in; - strm.next_out = _out; - strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last); - strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end); - state.hold = hold; - state.bits = bits; - return; - } - - const MAXBITS = 15; - const ENOUGH_LENS = 852; - const ENOUGH_DISTS = 592; - //var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS); - - const CODES = 0; - const LENS = 1; - const DISTS = 2; - - const lbase = [ /* Length codes 257..285 base */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 - ]; - - const lext = [ /* Length codes 257..285 extra */ - 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78 - ]; - - const dbase = [ /* Distance codes 0..29 base */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577, 0, 0 - ]; - - const dext = [ /* Distance codes 0..29 extra */ - 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, - 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, - 28, 28, 29, 29, 64, 64 - ]; - - function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) { - const bits = opts.bits; - //here = opts.here; /* table entry for duplication */ - - let len = 0; /* a code's length in bits */ - let sym = 0; /* index of code symbols */ - let min = 0, max = 0; /* minimum and maximum code lengths */ - let root = 0; /* number of index bits for root table */ - let curr = 0; /* number of index bits for current table */ - let drop = 0; /* code bits to drop for sub-table */ - let left = 0; /* number of prefix codes available */ - let used = 0; /* code entries in table used */ - let huff = 0; /* Huffman code */ - let incr; /* for incrementing code, index */ - let fill; /* index for replicating entries */ - let low; /* low bits for current root entry */ - let next; /* next available space in table */ - let base = null; /* base value table to use */ - let base_index = 0; - // var shoextra; /* extra bits table to use */ - let end; /* use base and extra for symbol > end */ - const count = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */ - const offs = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */ - let extra = null; - let extra_index = 0; - - let here_bits, here_op, here_val; - - /* - Process a set of code lengths to create a canonical Huffman code. The - code lengths are lens[0..codes-1]. Each length corresponds to the - symbols 0..codes-1. The Huffman code is generated by first sorting the - symbols by length from short to long, and retaining the symbol order - for codes with equal lengths. Then the code starts with all zero bits - for the first code of the shortest length, and the codes are integer - increments for the same length, and zeros are appended as the length - increases. For the deflate format, these bits are stored backwards - from their more natural integer increment ordering, and so when the - decoding tables are built in the large loop below, the integer codes - are incremented backwards. - - This routine assumes, but does not check, that all of the entries in - lens[] are in the range 0..MAXBITS. The caller must assure this. - 1..MAXBITS is interpreted as that code length. zero means that that - symbol does not occur in this code. - - The codes are sorted by computing a count of codes for each length, - creating from that a table of starting indices for each length in the - sorted table, and then entering the symbols in order in the sorted - table. The sorted table is work[], with that space being provided by - the caller. - - The length counts are used for other purposes as well, i.e. finding - the minimum and maximum length codes, determining if there are any - codes at all, checking for a valid set of lengths, and looking ahead - at length counts to determine sub-table sizes when building the - decoding tables. - */ - - /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ - for (len = 0; len <= MAXBITS; len++) { - count[len] = 0; - } - for (sym = 0; sym < codes; sym++) { - count[lens[lens_index + sym]]++; - } - - /* bound code lengths, force root to be within code lengths */ - root = bits; - for (max = MAXBITS; max >= 1; max--) { - if (count[max] !== 0) { - break; - } - } - if (root > max) { - root = max; - } - if (max === 0) { /* no symbols to code at all */ - //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */ - //table.bits[opts.table_index] = 1; //here.bits = (var char)1; - //table.val[opts.table_index++] = 0; //here.val = (var short)0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - - //table.op[opts.table_index] = 64; - //table.bits[opts.table_index] = 1; - //table.val[opts.table_index++] = 0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - opts.bits = 1; - return 0; /* no symbols, but wait for decoding to report error */ - } - for (min = 1; min < max; min++) { - if (count[min] !== 0) { - break; - } - } - if (root < min) { - root = min; - } - - /* check for an over-subscribed or incomplete set of lengths */ - left = 1; - for (len = 1; len <= MAXBITS; len++) { - left <<= 1; - left -= count[len]; - if (left < 0) { - return -1; - } /* over-subscribed */ - } - if (left > 0 && (type === CODES || max !== 1)) { - return -1; /* incomplete set */ - } - - /* generate offsets into symbol table for each length for sorting */ - offs[1] = 0; - for (len = 1; len < MAXBITS; len++) { - offs[len + 1] = offs[len] + count[len]; - } - - /* sort symbols by length, by symbol order within each length */ - for (sym = 0; sym < codes; sym++) { - if (lens[lens_index + sym] !== 0) { - work[offs[lens[lens_index + sym]]++] = sym; - } - } - - /* - Create and fill in decoding tables. In this loop, the table being - filled is at next and has curr index bits. The code being used is huff - with length len. That code is converted to an index by dropping drop - bits off of the bottom. For codes where len is less than drop + curr, - those top drop + curr - len bits are incremented through all values to - fill the table with replicated entries. - - root is the number of index bits for the root table. When len exceeds - root, sub-tables are created pointed to by the root entry with an index - of the low root bits of huff. This is saved in low to check for when a - new sub-table should be started. drop is zero when the root table is - being filled, and drop is root when sub-tables are being filled. - - When a new sub-table is needed, it is necessary to look ahead in the - code lengths to determine what size sub-table is needed. The length - counts are used for this, and so count[] is decremented as codes are - entered in the tables. - - used keeps track of how many table entries have been allocated from the - provided *table space. It is checked for LENS and DIST tables against - the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in - the initial root table size constants. See the comments in inftrees.h - for more information. - - sym increments through all symbols, and the loop terminates when - all codes of length max, i.e. all codes, have been processed. This - routine permits incomplete codes, so another loop after this one fills - in the rest of the decoding tables with invalid code markers. - */ - - /* set up for code type */ - // poor man optimization - use if-else instead of switch, - // to avoid deopts in old v8 - if (type === CODES) { - base = extra = work; /* dummy value--not used */ - end = 19; - - } else if (type === LENS) { - base = lbase; - base_index -= 257; - extra = lext; - extra_index -= 257; - end = 256; - - } else { /* DISTS */ - base = dbase; - extra = dext; - end = -1; - } - - /* initialize opts for loop */ - huff = 0; /* starting code */ - sym = 0; /* starting code symbol */ - len = min; /* starting code length */ - next = table_index; /* current table to fill in */ - curr = root; /* current table index bits */ - drop = 0; /* current bits to drop from code for index */ - low = -1; /* trigger new sub-table when len > root */ - used = 1 << root; /* use root table entries */ - const mask = used - 1; /* mask for comparing low */ - - /* check available table space */ - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* process all codes and make table entries */ - for (;;) { - /* create table entry */ - here_bits = len - drop; - if (work[sym] < end) { - here_op = 0; - here_val = work[sym]; - } else if (work[sym] > end) { - here_op = extra[extra_index + work[sym]]; - here_val = base[base_index + work[sym]]; - } else { - here_op = 32 + 64; /* end of block */ - here_val = 0; - } - - /* replicate for those indices with low len bits equal to huff */ - incr = 1 << len - drop; - fill = 1 << curr; - min = fill; /* save offset to next table */ - do { - fill -= incr; - table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0; - } while (fill !== 0); - - /* backwards increment the len-bit code huff */ - incr = 1 << len - 1; - while (huff & incr) { - incr >>= 1; - } - if (incr !== 0) { - huff &= incr - 1; - huff += incr; - } else { - huff = 0; - } - - /* go to next symbol, update count, len */ - sym++; - if (--count[len] === 0) { - if (len === max) { - break; - } - len = lens[lens_index + work[sym]]; - } - - /* create new sub-table if needed */ - if (len > root && (huff & mask) !== low) { - /* if first time, transition to sub-tables */ - if (drop === 0) { - drop = root; - } - - /* increment past last table */ - next += min; /* here min is 1 << curr */ - - /* determine length of next table */ - curr = len - drop; - left = 1 << curr; - while (curr + drop < max) { - left -= count[curr + drop]; - if (left <= 0) { - break; - } - curr++; - left <<= 1; - } - - /* check for enough space */ - used += 1 << curr; - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* point entry in root table to sub-table */ - low = huff & mask; - /*table.op[low] = curr; - table.bits[low] = root; - table.val[low] = next - opts.table_index;*/ - table[low] = root << 24 | curr << 16 | next - table_index |0; - } - } - - /* fill in remaining table entry if code is incomplete (guaranteed to have - at most one remaining entry, since if the code is incomplete, the - maximum code length that was allowed to get this far is one bit) */ - if (huff !== 0) { - //table.op[next + huff] = 64; /* invalid code marker */ - //table.bits[next + huff] = len - drop; - //table.val[next + huff] = 0; - table[next + huff] = len - drop << 24 | 64 << 16 |0; - } - - /* set return parameters */ - //opts.table_index += used; - opts.bits = root; - return 0; - } - - const CODES$1 = 0; - const LENS$1 = 1; - const DISTS$1 = 2; - - /* STATES ====================================================================*/ - /* ===========================================================================*/ - - - const HEAD = 1; /* i: waiting for magic header */ - const FLAGS = 2; /* i: waiting for method and flags (gzip) */ - const TIME = 3; /* i: waiting for modification time (gzip) */ - const OS = 4; /* i: waiting for extra flags and operating system (gzip) */ - const EXLEN = 5; /* i: waiting for extra length (gzip) */ - const EXTRA = 6; /* i: waiting for extra bytes (gzip) */ - const NAME = 7; /* i: waiting for end of file name (gzip) */ - const COMMENT = 8; /* i: waiting for end of comment (gzip) */ - const HCRC = 9; /* i: waiting for header crc (gzip) */ - const DICTID = 10; /* i: waiting for dictionary check value */ - const DICT = 11; /* waiting for inflateSetDictionary() call */ - const TYPE$1 = 12; /* i: waiting for type bits, including last-flag bit */ - const TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */ - const STORED = 14; /* i: waiting for stored size (length and complement) */ - const COPY_ = 15; /* i/o: same as COPY below, but only first time in */ - const COPY = 16; /* i/o: waiting for input or output to copy stored block */ - const TABLE = 17; /* i: waiting for dynamic block table lengths */ - const LENLENS = 18; /* i: waiting for code length code lengths */ - const CODELENS = 19; /* i: waiting for length/lit and distance code lengths */ - const LEN_ = 20; /* i: same as LEN below, but only first time in */ - const LEN = 21; /* i: waiting for length/lit/eob code */ - const LENEXT = 22; /* i: waiting for length extra bits */ - const DIST = 23; /* i: waiting for distance code */ - const DISTEXT = 24; /* i: waiting for distance extra bits */ - const MATCH = 25; /* o: waiting for output space to copy string */ - const LIT = 26; /* o: waiting for output space to write literal */ - const CHECK = 27; /* i: waiting for 32-bit check value */ - const LENGTH = 28; /* i: waiting for 32-bit length (gzip) */ - const DONE = 29; /* finished check, done -- remain here until reset */ - const BAD$1 = 30; /* got a data error -- remain here until reset */ - //const MEM = 31; /* got an inflate() memory error -- remain here until reset */ - const SYNC = 32; /* looking for synchronization bytes to restart inflate() */ - - /* ===========================================================================*/ - - - - const ENOUGH_LENS$1 = 852; - const ENOUGH_DISTS$1 = 592; - - - function zswap32(q) { - return (((q >>> 24) & 0xff) + - ((q >>> 8) & 0xff00) + - ((q & 0xff00) << 8) + - ((q & 0xff) << 24)); - } - - - class InflateState { - constructor() { - this.mode = 0; /* current inflate mode */ - this.last = false; /* true if processing last block */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.havedict = false; /* true if dictionary provided */ - this.flags = 0; /* gzip header method and flags (0 if zlib) */ - this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */ - this.check = 0; /* protected copy of check value */ - this.total = 0; /* protected copy of output count */ - // TODO: may be {} - this.head = null; /* where to save gzip header information */ - - /* sliding window */ - this.wbits = 0; /* log base 2 of requested window size */ - this.wsize = 0; /* window size or zero if not using window */ - this.whave = 0; /* valid bytes in the window */ - this.wnext = 0; /* window write index */ - this.window = null; /* allocated sliding window, if needed */ - - /* bit accumulator */ - this.hold = 0; /* input bit accumulator */ - this.bits = 0; /* number of bits in "in" */ - - /* for string and stored block copying */ - this.length = 0; /* literal or length of data to copy */ - this.offset = 0; /* distance back to copy string from */ - - /* for table and code decoding */ - this.extra = 0; /* extra bits needed */ - - /* fixed and dynamic code tables */ - this.lencode = null; /* starting table for length/literal codes */ - this.distcode = null; /* starting table for distance codes */ - this.lenbits = 0; /* index bits for lencode */ - this.distbits = 0; /* index bits for distcode */ - - /* dynamic table building */ - this.ncode = 0; /* number of code length code lengths */ - this.nlen = 0; /* number of length code lengths */ - this.ndist = 0; /* number of distance code lengths */ - this.have = 0; /* number of code lengths in lens[] */ - this.next = null; /* next available space in codes[] */ - - this.lens = new Buf16(320); /* temporary storage for code lengths */ - this.work = new Buf16(288); /* work area for code table building */ - - /* - because we don't have pointers in js, we use lencode and distcode directly - as buffers so we don't need codes - */ - //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */ - this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */ - this.distdyn = null; /* dynamic table for distance codes (JS specific) */ - this.sane = 0; /* if false, allow invalid distance too far */ - this.back = 0; /* bits back of last unprocessed length/lit */ - this.was = 0; /* initial length of match */ - } - } - - function inflateResetKeep(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - strm.total_in = strm.total_out = state.total = 0; - strm.msg = ''; /*Z_NULL*/ - if (state.wrap) { /* to support ill-conceived Java test suite */ - strm.adler = state.wrap & 1; - } - state.mode = HEAD; - state.last = 0; - state.havedict = 0; - state.dmax = 32768; - state.head = null/*Z_NULL*/; - state.hold = 0; - state.bits = 0; - //state.lencode = state.distcode = state.next = state.codes; - state.lencode = state.lendyn = new Buf32(ENOUGH_LENS$1); - state.distcode = state.distdyn = new Buf32(ENOUGH_DISTS$1); - - state.sane = 1; - state.back = -1; - //Tracev((stderr, "inflate: reset\n")); - return Z_OK; - } - - function inflateReset(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - state.wsize = 0; - state.whave = 0; - state.wnext = 0; - return inflateResetKeep(strm); - - } - - function inflateReset2(strm, windowBits) { - let wrap; - let state; - - /* get the state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - - /* extract wrap request from windowBits parameter */ - if (windowBits < 0) { - wrap = 0; - windowBits = -windowBits; - } - else { - wrap = (windowBits >> 4) + 1; - if (windowBits < 48) { - windowBits &= 15; - } - } - - /* set number of window bits, free window if different */ - if (windowBits && (windowBits < 8 || windowBits > 15)) { - return Z_STREAM_ERROR; - } - if (state.window !== null && state.wbits !== windowBits) { - state.window = null; - } - - /* update state and reset the rest of it */ - state.wrap = wrap; - state.wbits = windowBits; - return inflateReset(strm); - } - - function inflateInit2(strm, windowBits) { - let ret; - let state; - - if (!strm) { return Z_STREAM_ERROR; } - //strm.msg = Z_NULL; /* in case we return an error */ - - state = new InflateState(); - - //if (state === Z_NULL) return Z_MEM_ERROR; - //Tracev((stderr, "inflate: allocated\n")); - strm.state = state; - state.window = null/*Z_NULL*/; - ret = inflateReset2(strm, windowBits); - if (ret !== Z_OK) { - strm.state = null/*Z_NULL*/; - } - return ret; - } - - - /* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ - let virgin = true; - - let lenfix, distfix; // We have no pointers in JS, so keep tables separate - - function fixedtables(state) { - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - let sym; - - lenfix = new Buf32(512); - distfix = new Buf32(32); - - /* literal/length table */ - sym = 0; - while (sym < 144) { state.lens[sym++] = 8; } - while (sym < 256) { state.lens[sym++] = 9; } - while (sym < 280) { state.lens[sym++] = 7; } - while (sym < 288) { state.lens[sym++] = 8; } - - inflate_table(LENS$1, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 }); - - /* distance table */ - sym = 0; - while (sym < 32) { state.lens[sym++] = 5; } - - inflate_table(DISTS$1, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 }); - - /* do this just once */ - virgin = false; - } - - state.lencode = lenfix; - state.lenbits = 9; - state.distcode = distfix; - state.distbits = 5; - } - - - /* - Update the window with the last wsize (normally 32K) bytes written before - returning. If window does not exist yet, create it. This is only called - when a window is already in use, or when output has been written during this - inflate call, but the end of the deflate stream has not been reached yet. - It is also called to create a window for dictionary data when a dictionary - is loaded. - - Providing output buffers larger than 32K to inflate() should provide a speed - advantage, since only the last 32K of output is copied to the sliding window - upon return from inflate(), and since all distances after the first 32K of - output will fall in the output data, making match copies simpler and faster. - The advantage may be dependent on the size of the processor's data caches. - */ - function updatewindow(strm, src, end, copy) { - let dist; - const state = strm.state; - - /* if it hasn't been done already, allocate space for the window */ - if (state.window === null) { - state.wsize = 1 << state.wbits; - state.wnext = 0; - state.whave = 0; - - state.window = new Buf8(state.wsize); - } - - /* copy state->wsize or less output bytes into the circular window */ - if (copy >= state.wsize) { - arraySet(state.window, src, end - state.wsize, state.wsize, 0); - state.wnext = 0; - state.whave = state.wsize; - } - else { - dist = state.wsize - state.wnext; - if (dist > copy) { - dist = copy; - } - //zmemcpy(state->window + state->wnext, end - copy, dist); - arraySet(state.window, src, end - copy, dist, state.wnext); - copy -= dist; - if (copy) { - //zmemcpy(state->window, end - copy, copy); - arraySet(state.window, src, end - copy, copy, 0); - state.wnext = copy; - state.whave = state.wsize; - } - else { - state.wnext += dist; - if (state.wnext === state.wsize) { state.wnext = 0; } - if (state.whave < state.wsize) { state.whave += dist; } - } - } - return 0; - } - - function inflate(strm, flush) { - let state; - let input, output; // input/output buffers - let next; /* next input INDEX */ - let put; /* next output INDEX */ - let have, left; /* available input and output */ - let hold; /* bit buffer */ - let bits; /* bits in bit buffer */ - let _in, _out; /* save starting available input and output */ - let copy; /* number of stored or match bytes to copy */ - let from; /* where to copy match bytes from */ - let from_source; - let here = 0; /* current decoding table entry */ - let here_bits, here_op, here_val; // paked "here" denormalized (JS specific) - //var last; /* parent table entry */ - let last_bits, last_op, last_val; // paked "last" denormalized (JS specific) - let len; /* length to copy for repeats, bits to drop */ - let ret; /* return code */ - let hbuf = new Buf8(4); /* buffer for gzip header crc calculation */ - let opts; - - let n; // temporary var for NEED_BITS - - const order = /* permutation of code lengths */ - [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ]; - - - if (!strm || !strm.state || !strm.output || - (!strm.input && strm.avail_in !== 0)) { - return Z_STREAM_ERROR; - } - - state = strm.state; - if (state.mode === TYPE$1) { state.mode = TYPEDO; } /* skip check */ - - - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - _in = have; - _out = left; - ret = Z_OK; - - inf_leave: // goto emulation - for (;;) { - switch (state.mode) { - case HEAD: - if (state.wrap === 0) { - state.mode = TYPEDO; - break; - } - //=== NEEDBITS(16); - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */ - state.check = 0/*crc32(0L, Z_NULL, 0)*/; - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = FLAGS; - break; - } - state.flags = 0; /* expect zlib header */ - if (state.head) { - state.head.done = false; - } - if (!(state.wrap & 1) || /* check if zlib header allowed */ - (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) { - strm.msg = 'incorrect header check'; - state.mode = BAD$1; - break; - } - if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - len = (hold & 0x0f)/*BITS(4)*/ + 8; - if (state.wbits === 0) { - state.wbits = len; - } - else if (len > state.wbits) { - strm.msg = 'invalid window size'; - state.mode = BAD$1; - break; - } - state.dmax = 1 << len; - //Tracev((stderr, "inflate: zlib header ok\n")); - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = hold & 0x200 ? DICTID : TYPE$1; - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - break; - case FLAGS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.flags = hold; - if ((state.flags & 0xff) !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - if (state.flags & 0xe000) { - strm.msg = 'unknown header flags set'; - state.mode = BAD$1; - break; - } - if (state.head) { - state.head.text = ((hold >> 8) & 1); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = TIME; - /* falls through */ - case TIME: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.time = hold; - } - if (state.flags & 0x0200) { - //=== CRC4(state.check, hold) - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - hbuf[2] = (hold >>> 16) & 0xff; - hbuf[3] = (hold >>> 24) & 0xff; - state.check = crc32(state.check, hbuf, 4, 0); - //=== - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = OS; - /* falls through */ - case OS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.xflags = (hold & 0xff); - state.head.os = (hold >> 8); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = EXLEN; - /* falls through */ - case EXLEN: - if (state.flags & 0x0400) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length = hold; - if (state.head) { - state.head.extra_len = hold; - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - else if (state.head) { - state.head.extra = null/*Z_NULL*/; - } - state.mode = EXTRA; - /* falls through */ - case EXTRA: - if (state.flags & 0x0400) { - copy = state.length; - if (copy > have) { copy = have; } - if (copy) { - if (state.head) { - len = state.head.extra_len - state.length; - if (!state.head.extra) { - // Use untyped array for more convenient processing later - state.head.extra = new Array(state.head.extra_len); - } - arraySet( - state.head.extra, - input, - next, - // extra field is limited to 65536 bytes - // - no need for additional size check - copy, - /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/ - len - ); - //zmemcpy(state.head.extra + len, next, - // len + copy > state.head.extra_max ? - // state.head.extra_max - len : copy); - } - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - state.length -= copy; - } - if (state.length) { break inf_leave; } - } - state.length = 0; - state.mode = NAME; - /* falls through */ - case NAME: - if (state.flags & 0x0800) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - // TODO: 2 or 1 bytes? - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.name_max*/)) { - state.head.name += String.fromCharCode(len); - } - } while (len && copy < have); - - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.name = null; - } - state.length = 0; - state.mode = COMMENT; - /* falls through */ - case COMMENT: - if (state.flags & 0x1000) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.comm_max*/)) { - state.head.comment += String.fromCharCode(len); - } - } while (len && copy < have); - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.comment = null; - } - state.mode = HCRC; - /* falls through */ - case HCRC: - if (state.flags & 0x0200) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.check & 0xffff)) { - strm.msg = 'header crc mismatch'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - if (state.head) { - state.head.hcrc = ((state.flags >> 9) & 1); - state.head.done = true; - } - strm.adler = state.check = 0; - state.mode = TYPE$1; - break; - case DICTID: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - strm.adler = state.check = zswap32(hold); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = DICT; - /* falls through */ - case DICT: - if (state.havedict === 0) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - return Z_NEED_DICT; - } - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = TYPE$1; - /* falls through */ - case TYPE$1: - if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; } - /* falls through */ - case TYPEDO: - if (state.last) { - //--- BYTEBITS() ---// - hold >>>= bits & 7; - bits -= bits & 7; - //---// - state.mode = CHECK; - break; - } - //=== NEEDBITS(3); */ - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.last = (hold & 0x01)/*BITS(1)*/; - //--- DROPBITS(1) ---// - hold >>>= 1; - bits -= 1; - //---// - - switch ((hold & 0x03)/*BITS(2)*/) { - case 0: /* stored block */ - //Tracev((stderr, "inflate: stored block%s\n", - // state.last ? " (last)" : "")); - state.mode = STORED; - break; - case 1: /* fixed block */ - fixedtables(state); - //Tracev((stderr, "inflate: fixed codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = LEN_; /* decode codes */ - if (flush === Z_TREES) { - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break inf_leave; - } - break; - case 2: /* dynamic block */ - //Tracev((stderr, "inflate: dynamic codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = TABLE; - break; - case 3: - strm.msg = 'invalid block type'; - state.mode = BAD$1; - } - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break; - case STORED: - //--- BYTEBITS() ---// /* go to byte boundary */ - hold >>>= bits & 7; - bits -= bits & 7; - //---// - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) { - strm.msg = 'invalid stored block lengths'; - state.mode = BAD$1; - break; - } - state.length = hold & 0xffff; - //Tracev((stderr, "inflate: stored length %u\n", - // state.length)); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = COPY_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case COPY_: - state.mode = COPY; - /* falls through */ - case COPY: - copy = state.length; - if (copy) { - if (copy > have) { copy = have; } - if (copy > left) { copy = left; } - if (copy === 0) { break inf_leave; } - //--- zmemcpy(put, next, copy); --- - arraySet(output, input, next, copy, put); - //---// - have -= copy; - next += copy; - left -= copy; - put += copy; - state.length -= copy; - break; - } - //Tracev((stderr, "inflate: stored end\n")); - state.mode = TYPE$1; - break; - case TABLE: - //=== NEEDBITS(14); */ - while (bits < 14) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4; - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - //#ifndef PKZIP_BUG_WORKAROUND - if (state.nlen > 286 || state.ndist > 30) { - strm.msg = 'too many length or distance symbols'; - state.mode = BAD$1; - break; - } - //#endif - //Tracev((stderr, "inflate: table sizes ok\n")); - state.have = 0; - state.mode = LENLENS; - /* falls through */ - case LENLENS: - while (state.have < state.ncode) { - //=== NEEDBITS(3); - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.lens[order[state.have++]] = (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - while (state.have < 19) { - state.lens[order[state.have++]] = 0; - } - // We have separate tables & no pointers. 2 commented lines below not needed. - //state.next = state.codes; - //state.lencode = state.next; - // Switch to use dynamic table - state.lencode = state.lendyn; - state.lenbits = 7; - - opts = { bits: state.lenbits }; - ret = inflate_table(CODES$1, state.lens, 0, 19, state.lencode, 0, state.work, opts); - state.lenbits = opts.bits; - - if (ret) { - strm.msg = 'invalid code lengths set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, "inflate: code lengths ok\n")); - state.have = 0; - state.mode = CODELENS; - /* falls through */ - case CODELENS: - while (state.have < state.nlen + state.ndist) { - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_val < 16) { - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.lens[state.have++] = here_val; - } - else { - if (here_val === 16) { - //=== NEEDBITS(here.bits + 2); - n = here_bits + 2; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - if (state.have === 0) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - len = state.lens[state.have - 1]; - copy = 3 + (hold & 0x03);//BITS(2); - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - } - else if (here_val === 17) { - //=== NEEDBITS(here.bits + 3); - n = here_bits + 3; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 3 + (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - else { - //=== NEEDBITS(here.bits + 7); - n = here_bits + 7; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 11 + (hold & 0x7f);//BITS(7); - //--- DROPBITS(7) ---// - hold >>>= 7; - bits -= 7; - //---// - } - if (state.have + copy > state.nlen + state.ndist) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - while (copy--) { - state.lens[state.have++] = len; - } - } - } - - /* handle error breaks in while */ - if (state.mode === BAD$1) { break; } - - /* check for end-of-block code (better have one) */ - if (state.lens[256] === 0) { - strm.msg = 'invalid code -- missing end-of-block'; - state.mode = BAD$1; - break; - } - - /* build code tables -- note: do not change the lenbits or distbits - values here (9 and 6) without reading the comments in inftrees.h - concerning the ENOUGH constants, which depend on those values */ - state.lenbits = 9; - - opts = { bits: state.lenbits }; - ret = inflate_table(LENS$1, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.lenbits = opts.bits; - // state.lencode = state.next; - - if (ret) { - strm.msg = 'invalid literal/lengths set'; - state.mode = BAD$1; - break; - } - - state.distbits = 6; - //state.distcode.copy(state.codes); - // Switch to use dynamic table - state.distcode = state.distdyn; - opts = { bits: state.distbits }; - ret = inflate_table(DISTS$1, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.distbits = opts.bits; - // state.distcode = state.next; - - if (ret) { - strm.msg = 'invalid distances set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, 'inflate: codes ok\n')); - state.mode = LEN_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case LEN_: - state.mode = LEN; - /* falls through */ - case LEN: - if (have >= 6 && left >= 258) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - inflate_fast(strm, _out); - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - if (state.mode === TYPE$1) { - state.back = -1; - } - break; - } - state.back = 0; - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if (here_bits <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_op && (here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.lencode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - state.length = here_val; - if (here_op === 0) { - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - state.mode = LIT; - break; - } - if (here_op & 32) { - //Tracevv((stderr, "inflate: end of block\n")); - state.back = -1; - state.mode = TYPE$1; - break; - } - if (here_op & 64) { - strm.msg = 'invalid literal/length code'; - state.mode = BAD$1; - break; - } - state.extra = here_op & 15; - state.mode = LENEXT; - /* falls through */ - case LENEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //Tracevv((stderr, "inflate: length %u\n", state.length)); - state.was = state.length; - state.mode = DIST; - /* falls through */ - case DIST: - for (;;) { - here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if ((here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.distcode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - if (here_op & 64) { - strm.msg = 'invalid distance code'; - state.mode = BAD$1; - break; - } - state.offset = here_val; - state.extra = (here_op) & 15; - state.mode = DISTEXT; - /* falls through */ - case DISTEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //#ifdef INFLATE_STRICT - if (state.offset > state.dmax) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } - //#endif - //Tracevv((stderr, "inflate: distance %u\n", state.offset)); - state.mode = MATCH; - /* falls through */ - case MATCH: - if (left === 0) { break inf_leave; } - copy = _out - left; - if (state.offset > copy) { /* copy from window */ - copy = state.offset - copy; - if (copy > state.whave) { - if (state.sane) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // Trace((stderr, "inflate.c too far\n")); - // copy -= state.whave; - // if (copy > state.length) { copy = state.length; } - // if (copy > left) { copy = left; } - // left -= copy; - // state.length -= copy; - // do { - // output[put++] = 0; - // } while (--copy); - // if (state.length === 0) { state.mode = LEN; } - // break; - //#endif - } - if (copy > state.wnext) { - copy -= state.wnext; - from = state.wsize - copy; - } - else { - from = state.wnext - copy; - } - if (copy > state.length) { copy = state.length; } - from_source = state.window; - } - else { /* copy from output */ - from_source = output; - from = put - state.offset; - copy = state.length; - } - if (copy > left) { copy = left; } - left -= copy; - state.length -= copy; - do { - output[put++] = from_source[from++]; - } while (--copy); - if (state.length === 0) { state.mode = LEN; } - break; - case LIT: - if (left === 0) { break inf_leave; } - output[put++] = state.length; - left--; - state.mode = LEN; - break; - case CHECK: - if (state.wrap) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - // Use '|' instead of '+' to make sure that result is signed - hold |= input[next++] << bits; - bits += 8; - } - //===// - _out -= left; - strm.total_out += _out; - state.total += _out; - if (_out) { - strm.adler = state.check = - /*UPDATE(state.check, put - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out)); - - } - _out = left; - // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too - if ((state.flags ? hold : zswap32(hold)) !== state.check) { - strm.msg = 'incorrect data check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: check matches trailer\n")); - } - state.mode = LENGTH; - /* falls through */ - case LENGTH: - if (state.wrap && state.flags) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.total & 0xffffffff)) { - strm.msg = 'incorrect length check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: length matches trailer\n")); - } - state.mode = DONE; - /* falls through */ - case DONE: - ret = Z_STREAM_END; - break inf_leave; - case BAD$1: - ret = Z_DATA_ERROR; - break inf_leave; - // case MEM: - // return Z_MEM_ERROR; - case SYNC: - /* falls through */ - default: - return Z_STREAM_ERROR; - } - } - - // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave" - - /* - Return from inflate(), updating the total counts and the check value. - If there was no progress during the inflate() call, return a buffer - error. Call updatewindow() to create and/or update the window state. - Note: a memory error from inflate() is non-recoverable. - */ - - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - - if (state.wsize || (_out !== strm.avail_out && state.mode < BAD$1 && - (state.mode < CHECK || flush !== Z_FINISH))) { - if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) ; - } - _in -= strm.avail_in; - _out -= strm.avail_out; - strm.total_in += _in; - strm.total_out += _out; - state.total += _out; - if (state.wrap && _out) { - strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out)); - } - strm.data_type = state.bits + (state.last ? 64 : 0) + - (state.mode === TYPE$1 ? 128 : 0) + - (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0); - if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) { - ret = Z_BUF_ERROR; - } - return ret; - } - - function inflateEnd(strm) { - - if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) { - return Z_STREAM_ERROR; - } - - const state = strm.state; - if (state.window) { - state.window = null; - } - strm.state = null; - return Z_OK; - } - - function inflateGetHeader(strm, head) { - let state; - - /* check state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; } - - /* save header structure */ - state.head = head; - head.done = false; - return Z_OK; - } - - function inflateSetDictionary(strm, dictionary) { - const dictLength = dictionary.length; - - let state; - let dictid; - - /* check state */ - if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; } - state = strm.state; - - if (state.wrap !== 0 && state.mode !== DICT) { - return Z_STREAM_ERROR; - } - - /* check for correct dictionary identifier */ - if (state.mode === DICT) { - dictid = 1; /* adler32(0, null, 0)*/ - /* dictid = adler32(dictid, dictionary, dictLength); */ - dictid = adler32(dictid, dictionary, dictLength, 0); - if (dictid !== state.check) { - return Z_DATA_ERROR; - } - } - /* copy dictionary to window using updatewindow(), which will amend the - existing dictionary if appropriate */ - updatewindow(strm, dictionary, dictLength, dictLength); - // if (ret) { - // state.mode = MEM; - // return Z_MEM_ERROR; - // } - state.havedict = 1; - // Tracev((stderr, "inflate: dictionary set\n")); - return Z_OK; - } - - /* Not implemented - exports.inflateCopy = inflateCopy; - exports.inflateGetDictionary = inflateGetDictionary; - exports.inflateMark = inflateMark; - exports.inflatePrime = inflatePrime; - exports.inflateSync = inflateSync; - exports.inflateSyncPoint = inflateSyncPoint; - exports.inflateUndermine = inflateUndermine; - */ - - // (C) 1995-2013 Jean-loup Gailly and Mark Adler - // (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin - // - // This software is provided 'as-is', without any express or implied - // warranty. In no event will the authors be held liable for any damages - // arising from the use of this software. - // - // Permission is granted to anyone to use this software for any purpose, - // including commercial applications, and to alter it and redistribute it - // freely, subject to the following restrictions: - // - // 1. The origin of this software must not be misrepresented; you must not - // claim that you wrote the original software. If you use this software - // in a product, an acknowledgment in the product documentation would be - // appreciated but is not required. - // 2. Altered source versions must be plainly marked as such, and must not be - // misrepresented as being the original software. - // 3. This notice may not be removed or altered from any source distribution. - - class GZheader { - constructor() { - /* true if compressed data believed to be text */ - this.text = 0; - /* modification time */ - this.time = 0; - /* extra flags (not used when writing a gzip file) */ - this.xflags = 0; - /* operating system */ - this.os = 0; - /* pointer to extra field or Z_NULL if none */ - this.extra = null; - /* extra field length (valid if extra != Z_NULL) */ - this.extra_len = 0; // Actually, we don't need it in JS, - // but leave for few code modifications - - // - // Setup limits is not necessary because in js we should not preallocate memory - // for inflate use constant limit in 65536 bytes - // - - /* space at extra (only when reading header) */ - // this.extra_max = 0; - /* pointer to zero-terminated file name or Z_NULL */ - this.name = ''; - /* space at name (only when reading header) */ - // this.name_max = 0; - /* pointer to zero-terminated comment or Z_NULL */ - this.comment = ''; - /* space at comment (only when reading header) */ - // this.comm_max = 0; - /* true if there was or will be a header crc */ - this.hcrc = 0; - /* true when done reading gzip header (not used when writing a gzip file) */ - this.done = false; - } - } - - /** - * class Inflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[inflate]] - * and [[inflateRaw]]. - **/ - - /* internal - * inflate.chunks -> Array - * - * Chunks of output data, if [[Inflate#onData]] not overridden. - **/ - - /** - * Inflate.result -> Uint8Array|Array|String - * - * Uncompressed result, generated by default [[Inflate#onData]] - * and [[Inflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Inflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - - /** - * Inflate.err -> Number - * - * Error code after inflate finished. 0 (Z_OK) on success. - * Should be checked if broken data possible. - **/ - - /** - * Inflate.msg -> String - * - * Error message, if [[Inflate.err]] != 0 - **/ - - - /** - * new Inflate(options) - * - options (Object): zlib inflate options. - * - * Creates new inflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `windowBits` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw inflate - * - `to` (String) - if equal to 'string', then result will be converted - * from utf8 to utf16 (javascript) string. When string output requested, - * chunk length can differ from `chunkSize`, depending on content. - * - * By default, when no options set, autodetect deflate/gzip data format via - * wrapper header. - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var inflate = new pako.Inflate({ level: 3}); - * - * inflate.push(chunk1, false); - * inflate.push(chunk2, true); // true -> last chunk - * - * if (inflate.err) { throw new Error(inflate.err); } - * - * console.log(inflate.result); - * ``` - **/ - class Inflate { - constructor(options) { - this.options = { - chunkSize: 16384, - windowBits: 0, - ...(options || {}) - }; - - const opt = this.options; - - // Force window size for `raw` data, if not set directly, - // because we have no header for autodetect. - if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) { - opt.windowBits = -opt.windowBits; - if (opt.windowBits === 0) { opt.windowBits = -15; } - } - - // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate - if ((opt.windowBits >= 0) && (opt.windowBits < 16) && - !(options && options.windowBits)) { - opt.windowBits += 32; - } - - // Gzip header has no info about windows size, we can do autodetect only - // for deflate. So, if window size not set, force it to max when gzip possible - if ((opt.windowBits > 15) && (opt.windowBits < 48)) { - // bit 3 (16) -> gzipped data - // bit 4 (32) -> autodetect gzip/deflate - if ((opt.windowBits & 15) === 0) { - opt.windowBits |= 15; - } - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - let status = inflateInit2( - this.strm, - opt.windowBits - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this.header = new GZheader(); - - inflateGetHeader(this.strm, this.header); - - // Setup dictionary - if (opt.dictionary) { - // Convert data if needed - if (typeof opt.dictionary === 'string') { - opt.dictionary = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - opt.dictionary = new Uint8Array(opt.dictionary); - } - if (opt.raw) { //In raw mode we need to set the dictionary early - status = inflateSetDictionary(this.strm, opt.dictionary); - if (status !== Z_OK) { - throw new Error(msg[status]); - } - } - } - } - /** - * Inflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with - * new output chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the decompression context. - * - * On fail call [[Inflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize, dictionary } } = this; - let status, _mode; - - // Flag to properly process Z_BUF_ERROR on testing inflate call - // when we check that all output data was flushed. - let allowBufError = false; - - if (this.ended) { return false; } - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // Only binary strings can be decompressed on practice - strm.input = binstring2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - - status = inflate(strm, Z_NO_FLUSH); /* no bad return value */ - - if (status === Z_NEED_DICT && dictionary) { - status = inflateSetDictionary(this.strm, dictionary); - } - - if (status === Z_BUF_ERROR && allowBufError === true) { - status = Z_OK; - allowBufError = false; - } - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - - if (strm.next_out) { - if (strm.avail_out === 0 || status === Z_STREAM_END || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } - - // When no more input data, we should check that internal inflate buffers - // are flushed. The only way to do it when avail_out = 0 - run one more - // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR. - // Here we set flag to process this error properly. - // - // NOTE. Deflate does not return error in this case and does not needs such - // logic. - if (strm.avail_in === 0 && strm.avail_out === 0) { - allowBufError = true; - } - - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - if (status === Z_STREAM_END) { - _mode = Z_FINISH; - } - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = inflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - - /** - * Inflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - - - /** - * Inflate#onEnd(status) -> Void - * - status (Number): inflate status. 0 (Z_OK) on success, - * other if not. - * - * Called either after you tell inflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; - } - - /* - node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - - Copyright (C) 2012 Eli Skeggs - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see - http://www.gnu.org/licenses/lgpl-2.1.html - - Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). - - Based on micro-bunzip by Rob Landley (rob@landley.net). - - Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), - which also acknowledges contributions by Mike Burrows, David Wheeler, - Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, - Robert Sedgewick, and Jon L. Bentley. - */ - - var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; - - // offset in bytes - var BitReader = function(stream) { - this.stream = stream; - this.bitOffset = 0; - this.curByte = 0; - this.hasByte = false; - }; - - BitReader.prototype._ensureByte = function() { - if (!this.hasByte) { - this.curByte = this.stream.readByte(); - this.hasByte = true; - } - }; - - // reads bits from the buffer - BitReader.prototype.read = function(bits) { - var result = 0; - while (bits > 0) { - this._ensureByte(); - var remaining = 8 - this.bitOffset; - // if we're in a byte - if (bits >= remaining) { - result <<= remaining; - result |= BITMASK[remaining] & this.curByte; - this.hasByte = false; - this.bitOffset = 0; - bits -= remaining; - } else { - result <<= bits; - var shift = remaining - bits; - result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; - this.bitOffset += bits; - bits = 0; - } - } - return result; - }; - - // seek to an arbitrary point in the buffer (expressed in bits) - BitReader.prototype.seek = function(pos) { - var n_bit = pos % 8; - var n_byte = (pos - n_bit) / 8; - this.bitOffset = n_bit; - this.stream.seek(n_byte); - this.hasByte = false; - }; - - // reads 6 bytes worth of data using the read method - BitReader.prototype.pi = function() { - var buf = new Uint8Array(6), i; - for (i = 0; i < buf.length; i++) { - buf[i] = this.read(8); - } - return bufToHex(buf); - }; - - function bufToHex(buf) { - return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); - } - - var bitreader = BitReader; - - /* very simple input/output stream interface */ - var Stream = function() { - }; - - // input streams ////////////// - /** Returns the next byte, or -1 for EOF. */ - Stream.prototype.readByte = function() { - throw new Error("abstract method readByte() not implemented"); - }; - /** Attempts to fill the buffer; returns number of bytes read, or - * -1 for EOF. */ - Stream.prototype.read = function(buffer, bufOffset, length) { - var bytesRead = 0; - while (bytesRead < length) { - var c = this.readByte(); - if (c < 0) { // EOF - return (bytesRead===0) ? -1 : bytesRead; - } - buffer[bufOffset++] = c; - bytesRead++; - } - return bytesRead; - }; - Stream.prototype.seek = function(new_pos) { - throw new Error("abstract method seek() not implemented"); - }; - - // output streams /////////// - Stream.prototype.writeByte = function(_byte) { - throw new Error("abstract method readByte() not implemented"); - }; - Stream.prototype.write = function(buffer, bufOffset, length) { - var i; - for (i=0; i>> 0; // return an unsigned value - }; - - /** - * Update the CRC with a single byte - * @param value The value to update the CRC with - */ - this.updateCRC = function(value) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - }; - - /** - * Update the CRC with a sequence of identical bytes - * @param value The value to update the CRC with - * @param count The number of bytes - */ - this.updateCRCRun = function(value, count) { - while (count-- > 0) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - } - }; - }; - return CRC32; - })(); - - /* - seek-bzip - a pure-javascript module for seeking within bzip2 data - - Copyright (C) 2013 C. Scott Ananian - Copyright (C) 2012 Eli Skeggs - Copyright (C) 2011 Kevin Kwok - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see - http://www.gnu.org/licenses/lgpl-2.1.html - - Adapted from node-bzip, copyright 2012 Eli Skeggs. - Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - - Based on micro-bunzip by Rob Landley (rob@landley.net). - - Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), - which also acknowledges contributions by Mike Burrows, David Wheeler, - Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, - Robert Sedgewick, and Jon L. Bentley. - */ - - - - - - var MAX_HUFCODE_BITS = 20; - var MAX_SYMBOLS = 258; - var SYMBOL_RUNA = 0; - var SYMBOL_RUNB = 1; - var MIN_GROUPS = 2; - var MAX_GROUPS = 6; - var GROUP_SIZE = 50; - - var WHOLEPI = "314159265359"; - var SQRTPI = "177245385090"; - - var mtf = function(array, index) { - var src = array[index], i; - for (i = index; i > 0; i--) { - array[i] = array[i-1]; - } - array[0] = src; - return src; - }; - - var Err = { - OK: 0, - LAST_BLOCK: -1, - NOT_BZIP_DATA: -2, - UNEXPECTED_INPUT_EOF: -3, - UNEXPECTED_OUTPUT_EOF: -4, - DATA_ERROR: -5, - OUT_OF_MEMORY: -6, - OBSOLETE_INPUT: -7, - END_OF_BLOCK: -8 - }; - var ErrorMessages = {}; - ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; - ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; - ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; - ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; - ErrorMessages[Err.DATA_ERROR] = "Data error"; - ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; - ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - - var _throw = function(status, optDetail) { - var msg = ErrorMessages[status] || 'unknown error'; - if (optDetail) { msg += ': '+optDetail; } - var e = new TypeError(msg); - e.errorCode = status; - throw e; - }; - - var Bunzip = function(inputStream, outputStream) { - this.writePos = this.writeCurrent = this.writeCount = 0; - - this._start_bunzip(inputStream, outputStream); - }; - Bunzip.prototype._init_block = function() { - var moreBlocks = this._get_next_block(); - if ( !moreBlocks ) { - this.writeCount = -1; - return false; /* no more blocks */ - } - this.blockCRC = new crc32$1(); - return true; - }; - /* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ - Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { - /* Ensure that file starts with "BZh['1'-'9']." */ - var buf = new Uint8Array(4); - if (inputStream.read(buf, 0, 4) !== 4 || - String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') - _throw(Err.NOT_BZIP_DATA, 'bad magic'); - - var level = buf[3] - 0x30; - if (level < 1 || level > 9) - _throw(Err.NOT_BZIP_DATA, 'level out of range'); - - this.reader = new bitreader(inputStream); - - /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of - uncompressed data. Allocate intermediate buffer for block. */ - this.dbufSize = 100000 * level; - this.nextoutput = 0; - this.outputStream = outputStream; - this.streamCRC = 0; - }; - Bunzip.prototype._get_next_block = function() { - var i, j, k; - var reader = this.reader; - // this is get_next_block() function from micro-bunzip: - /* Read in header signature and CRC, then validate signature. - (last block signature means CRC is for whole file, return now) */ - var h = reader.pi(); - if (h === SQRTPI) { // last block - return false; /* no more blocks */ - } - if (h !== WHOLEPI) - _throw(Err.NOT_BZIP_DATA); - this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) - this.streamCRC = (this.targetBlockCRC ^ - ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; - /* We can add support for blockRandomised if anybody complains. There was - some code for this in busybox 1.0.0-pre3, but nobody ever noticed that - it didn't actually work. */ - if (reader.read(1)) - _throw(Err.OBSOLETE_INPUT); - var origPointer = reader.read(24); - if (origPointer > this.dbufSize) - _throw(Err.DATA_ERROR, 'initial position out of bounds'); - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer - symbols to deal with, and writes a sparse bitfield indicating which - values were present. We make a translation table to convert the symbols - back to the corresponding bytes. */ - var t = reader.read(16); - var symToByte = new Uint8Array(256), symTotal = 0; - for (i = 0; i < 16; i++) { - if (t & (1 << (0xF - i))) { - var o = i * 16; - k = reader.read(16); - for (j = 0; j < 16; j++) - if (k & (1 << (0xF - j))) - symToByte[symTotal++] = o + j; - } - } - - /* How many different huffman coding groups does this block use? */ - var groupCount = reader.read(3); - if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) - _throw(Err.DATA_ERROR); - /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding - group. Read in the group selector list, which is stored as MTF encoded - bit runs. (MTF=Move To Front, as each value is used it's moved to the - start of the list.) */ - var nSelectors = reader.read(15); - if (nSelectors === 0) - _throw(Err.DATA_ERROR); - - var mtfSymbol = new Uint8Array(256); - for (i = 0; i < groupCount; i++) - mtfSymbol[i] = i; - - var selectors = new Uint8Array(nSelectors); // was 32768... - - for (i = 0; i < nSelectors; i++) { - /* Get next value */ - for (j = 0; reader.read(1); j++) - if (j >= groupCount) _throw(Err.DATA_ERROR); - /* Decode MTF to get the next selector */ - selectors[i] = mtf(mtfSymbol, j); - } - - /* Read the huffman coding tables for each group, which code for symTotal - literal symbols, plus two run symbols (RUNA, RUNB) */ - var symCount = symTotal + 2; - var groups = [], hufGroup; - for (j = 0; j < groupCount; j++) { - var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); - /* Read huffman code lengths for each symbol. They're stored in - a way similar to mtf; record a starting value for the first symbol, - and an offset from the previous value for everys symbol after that. */ - t = reader.read(5); // lengths - for (i = 0; i < symCount; i++) { - for (;;) { - if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); - /* If first bit is 0, stop. Else second bit indicates whether - to increment or decrement the value. */ - if(!reader.read(1)) - break; - if(!reader.read(1)) - t++; - else - t--; - } - length[i] = t; - } - - /* Find largest and smallest lengths in this group */ - var minLen, maxLen; - minLen = maxLen = length[0]; - for (i = 1; i < symCount; i++) { - if (length[i] > maxLen) - maxLen = length[i]; - else if (length[i] < minLen) - minLen = length[i]; - } - - /* Calculate permute[], base[], and limit[] tables from length[]. - * - * permute[] is the lookup table for converting huffman coded symbols - * into decoded symbols. base[] is the amount to subtract from the - * value of a huffman symbol of a given length when using permute[]. - * - * limit[] indicates the largest numerical value a symbol with a given - * number of bits can have. This is how the huffman codes can vary in - * length: each code with a value>limit[length] needs another bit. - */ - hufGroup = {}; - groups.push(hufGroup); - hufGroup.permute = new Uint16Array(MAX_SYMBOLS); - hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); - hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); - hufGroup.minLen = minLen; - hufGroup.maxLen = maxLen; - /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ - var pp = 0; - for (i = minLen; i <= maxLen; i++) { - temp[i] = hufGroup.limit[i] = 0; - for (t = 0; t < symCount; t++) - if (length[t] === i) - hufGroup.permute[pp++] = t; - } - /* Count symbols coded for at each bit length */ - for (i = 0; i < symCount; i++) - temp[length[i]]++; - /* Calculate limit[] (the largest symbol-coding value at each bit - * length, which is (previous limit<<1)+symbols at this level), and - * base[] (number of symbols to ignore at each bit length, which is - * limit minus the cumulative count of symbols coded for already). */ - pp = t = 0; - for (i = minLen; i < maxLen; i++) { - pp += temp[i]; - /* We read the largest possible symbol size and then unget bits - after determining how many we need, and those extra bits could - be set to anything. (They're noise from future symbols.) At - each level we're really only interested in the first few bits, - so here we set all the trailing to-be-ignored bits to 1 so they - don't affect the value>limit[length] comparison. */ - hufGroup.limit[i] = pp - 1; - pp <<= 1; - t += temp[i]; - hufGroup.base[i + 1] = pp - t; - } - hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ - hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; - hufGroup.base[minLen] = 0; - } - /* We've finished reading and digesting the block header. Now read this - block's huffman coded symbols from the file and undo the huffman coding - and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - - /* Initialize symbol occurrence counters and symbol Move To Front table */ - var byteCount = new Uint32Array(256); - for (i = 0; i < 256; i++) - mtfSymbol[i] = i; - /* Loop through compressed symbols. */ - var runPos = 0, dbufCount = 0, selector = 0, uc; - var dbuf = this.dbuf = new Uint32Array(this.dbufSize); - symCount = 0; - for (;;) { - /* Determine which huffman coding group to use. */ - if (!(symCount--)) { - symCount = GROUP_SIZE - 1; - if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } - hufGroup = groups[selectors[selector++]]; - } - /* Read next huffman-coded symbol. */ - i = hufGroup.minLen; - j = reader.read(i); - for (;;i++) { - if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } - if (j <= hufGroup.limit[i]) - break; - j = (j << 1) | reader.read(1); - } - /* Huffman decode value to get nextSym (with bounds checking) */ - j -= hufGroup.base[i]; - if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } - var nextSym = hufGroup.permute[j]; - /* We have now decoded the symbol, which indicates either a new literal - byte, or a repeated run of the most recent literal byte. First, - check if nextSym indicates a repeated run, and if so loop collecting - how many times to repeat the last literal. */ - if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { - /* If this is the start of a new run, zero out counter */ - if (!runPos){ - runPos = 1; - t = 0; - } - /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at - each bit position, add 1 or 2 instead. For example, - 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. - You can make any bit pattern that way using 1 less symbol than - the basic or 0/1 method (except all bits 0, which would use no - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - if (nextSym === SYMBOL_RUNA) - t += runPos; - else - t += 2 * runPos; - runPos <<= 1; - continue; - } - /* When we hit the first non-run symbol after a run, we now know - how many times to repeat the last literal, so append that many - copies to our buffer of decoded symbols (dbuf) now. (The last - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos){ - runPos = 0; - if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } - uc = symToByte[mtfSymbol[0]]; - byteCount[uc] += t; - while (t--) - dbuf[dbufCount++] = uc; - } - /* Is this the terminating symbol? */ - if (nextSym > symTotal) - break; - /* At this point, nextSym indicates a new literal character. Subtract - one to get the position in the MTF array at which this literal is - currently to be found. (Note that the result can't be -1 or 0, - because 0 and 1 are RUNA and RUNB. But another instance of the - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ - if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } - i = nextSym - 1; - uc = mtf(mtfSymbol, i); - uc = symToByte[uc]; - /* We have our literal byte. Save it into dbuf. */ - byteCount[uc]++; - dbuf[dbufCount++] = uc; - } - /* At this point, we've read all the huffman-coded symbols (and repeated - runs) for this block from the input stream, and decoded them into the - intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. - Now undo the Burrows-Wheeler transform on dbuf. - See http://dogma.net/markn/articles/bwt/bwt.htm - */ - if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } - /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ - j = 0; - for (i = 0; i < 256; i++) { - k = j + byteCount[i]; - byteCount[i] = j; - j = k; - } - /* Figure out what order dbuf would be in if we sorted it. */ - for (i = 0; i < dbufCount; i++) { - uc = dbuf[i] & 0xff; - dbuf[byteCount[uc]] |= (i << 8); - byteCount[uc]++; - } - /* Decode first byte by hand to initialize "previous" byte. Note that it - doesn't get output, and if the first three characters are identical - it doesn't qualify as a run (hence writeRunCountdown=5). */ - var pos = 0, current = 0, run = 0; - if (dbufCount) { - pos = dbuf[origPointer]; - current = (pos & 0xff); - pos >>= 8; - run = -1; - } - this.writePos = pos; - this.writeCurrent = current; - this.writeCount = dbufCount; - this.writeRun = run; - - return true; /* more blocks to come */ - }; - /* Undo burrows-wheeler transform on intermediate buffer to produce output. - If start_bunzip was initialized with out_fd=-1, then up to len bytes of - data are written to outbuf. Return value is number of bytes written or - error (all errors are negative numbers). If out_fd!=-1, outbuf and len - are ignored, data is written to out_fd and return is RETVAL_OK or error. - */ - Bunzip.prototype._read_bunzip = function(outputBuffer, len) { - var copies, previous, outbyte; - /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully - decoded, which results in this returning RETVAL_LAST_BLOCK, also - equal to -1... Confusing, I'm returning 0 here to indicate no - bytes written into the buffer */ - if (this.writeCount < 0) { return 0; } - var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; - var dbufCount = this.writeCount; this.outputsize; - var run = this.writeRun; - - while (dbufCount) { - dbufCount--; - previous = current; - pos = dbuf[pos]; - current = pos & 0xff; - pos >>= 8; - if (run++ === 3){ - copies = current; - outbyte = previous; - current = -1; - } else { - copies = 1; - outbyte = current; - } - this.blockCRC.updateCRCRun(outbyte, copies); - while (copies--) { - this.outputStream.writeByte(outbyte); - this.nextoutput++; - } - if (current != previous) - run = 0; - } - this.writeCount = dbufCount; - // check CRC - if (this.blockCRC.getCRC() !== this.targetBlockCRC) { - _throw(Err.DATA_ERROR, "Bad block CRC "+ - "(got "+this.blockCRC.getCRC().toString(16)+ - " expected "+this.targetBlockCRC.toString(16)+")"); - } - return this.nextoutput; - }; - - var coerceInputStream = function(input) { - if ('readByte' in input) { return input; } - var inputStream = new stream(); - inputStream.pos = 0; - inputStream.readByte = function() { return input[this.pos++]; }; - inputStream.seek = function(pos) { this.pos = pos; }; - inputStream.eof = function() { return this.pos >= input.length; }; - return inputStream; - }; - var coerceOutputStream = function(output) { - var outputStream = new stream(); - var resizeOk = true; - if (output) { - if (typeof(output)==='number') { - outputStream.buffer = new Uint8Array(output); - resizeOk = false; - } else if ('writeByte' in output) { - return output; - } else { - outputStream.buffer = output; - resizeOk = false; - } - } else { - outputStream.buffer = new Uint8Array(16384); - } - outputStream.pos = 0; - outputStream.writeByte = function(_byte) { - if (resizeOk && this.pos >= this.buffer.length) { - var newBuffer = new Uint8Array(this.buffer.length*2); - newBuffer.set(this.buffer); - this.buffer = newBuffer; - } - this.buffer[this.pos++] = _byte; - }; - outputStream.getBuffer = function() { - // trim buffer - if (this.pos !== this.buffer.length) { - if (!resizeOk) - throw new TypeError('outputsize does not match decoded input'); - var newBuffer = new Uint8Array(this.pos); - newBuffer.set(this.buffer.subarray(0, this.pos)); - this.buffer = newBuffer; - } - return this.buffer; - }; - outputStream._coerced = true; - return outputStream; - }; - - /* Static helper functions */ - // 'input' can be a stream or a buffer - // 'output' can be a stream or a buffer or a number (buffer size) - const decode$2 = function(input, output, multistream) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - - var bz = new Bunzip(inputStream, outputStream); - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - if (bz._init_block()) { - bz._read_bunzip(); - } else { - var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) - if (targetStreamCRC !== bz.streamCRC) { - _throw(Err.DATA_ERROR, "Bad stream CRC "+ - "(got "+bz.streamCRC.toString(16)+ - " expected "+targetStreamCRC.toString(16)+")"); - } - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - } else break; - } - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); - }; - const decodeBlock = function(input, pos, output) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - var bz = new Bunzip(inputStream, outputStream); - bz.reader.seek(pos); - /* Fill the decode buffer for the block */ - var moreBlocks = bz._get_next_block(); - if (moreBlocks) { - /* Init the CRC for writing */ - bz.blockCRC = new crc32$1(); - - /* Zero this so the current byte from before the seek is not written */ - bz.writeCopies = 0; - - /* Decompress the block and write to stdout */ - bz._read_bunzip(); - // XXX keep writing? - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); - }; - /* Reads bzip2 file from stream or buffer `input`, and invoke - * `callback(position, size)` once for each bzip2 block, - * where position gives the starting position (in *bits*) - * and size gives uncompressed size of the block (in *bytes*). */ - const table = function(input, callback, multistream) { - // make a stream from a buffer, if necessary - var inputStream = new stream(); - inputStream.delegate = coerceInputStream(input); - inputStream.pos = 0; - inputStream.readByte = function() { - this.pos++; - return this.delegate.readByte(); - }; - if (inputStream.delegate.eof) { - inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); - } - var outputStream = new stream(); - outputStream.pos = 0; - outputStream.writeByte = function() { this.pos++; }; - - var bz = new Bunzip(inputStream, outputStream); - var blockSize = bz.dbufSize; - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - - var position = inputStream.pos*8 + bz.reader.bitOffset; - if (bz.reader.hasByte) { position -= 8; } - - if (bz._init_block()) { - var start = outputStream.pos; - bz._read_bunzip(); - callback(position, outputStream.pos - start); - } else { - bz.reader.read(32); // (but we ignore the crc) - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - console.assert(bz.dbufSize === blockSize, - "shouldn't change block size within multistream file"); - } else break; - } - } - }; - - var lib = { - Bunzip, - Stream: stream, - Err, - decode: decode$2, - decodeBlock, - table - }; - var lib_4 = lib.decode; - - // GPG4Browsers - An OpenPGP implementation in javascript - - /** - * Implementation of the Literal Data Packet (Tag 11) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: - * A Literal Data packet contains the body of a message; data that is not to be - * further interpreted. - */ - class LiteralDataPacket { - static get tag() { - return enums.packet.literalData; - } - - /** - * @param {Date} date - The creation date of the literal package - */ - constructor(date = new Date()) { - this.format = enums.literal.utf8; // default format for literal data packets - this.date = util.normalizeDate(date); - this.text = null; // textual data representation - this.data = null; // literal data representation - this.filename = ''; - } - - /** - * Set the packet data to a javascript native string, end of line - * will be normalized to \r\n and by default text is converted to UTF8 - * @param {String | ReadableStream} text - Any native javascript string - * @param {enums.literal} [format] - The format of the string of bytes - */ - setText(text, format = enums.literal.utf8) { - this.format = format; - this.text = text; - this.data = null; - } - - /** - * Returns literal data packets as native JavaScript string - * with normalized end of line to \n - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {String | ReadableStream} Literal data as text. - */ - getText(clone = false) { - if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read - this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); - } - return this.text; - } - - /** - * Set the packet data to value represented by the provided string of bytes. - * @param {Uint8Array | ReadableStream} bytes - The string of bytes - * @param {enums.literal} format - The format of the string of bytes - */ - setBytes(bytes, format) { - this.format = format; - this.data = bytes; - this.text = null; - } - - - /** - * Get the byte sequence representing the literal packet data - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {Uint8Array | ReadableStream} A sequence of bytes. - */ - getBytes(clone = false) { - if (this.data === null) { - // encode UTF8 and normalize EOL to \r\n - this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); - } - if (clone) { - return passiveClone(this.data); - } - return this.data; - } - - - /** - * Sets the filename of the literal packet data - * @param {String} filename - Any native javascript string - */ - setFilename(filename) { - this.filename = filename; - } - - - /** - * Get the filename of the literal packet data - * @returns {String} Filename. - */ - getFilename() { - return this.filename; - } - - /** - * Parsing function for a literal data packet (tag 11). - * - * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet - * @returns {Promise} Object representation. - * @async - */ - async read(bytes) { - await parse(bytes, async reader => { - // - A one-octet field that describes how the data is formatted. - const format = await reader.readByte(); // enums.literal - - const filename_len = await reader.readByte(); - this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - - this.date = util.readDate(await reader.readBytes(4)); - - let data = reader.remainder(); - if (isArrayStream(data)) data = await readToEnd(data); - this.setBytes(data, format); - }); - } - - /** - * Creates a Uint8Array representation of the packet, excluding the data - * - * @returns {Uint8Array} Uint8Array representation of the packet. - */ - writeHeader() { - const filename = util.encodeUTF8(this.filename); - const filename_length = new Uint8Array([filename.length]); - - const format = new Uint8Array([this.format]); - const date = util.writeDate(this.date); - - return util.concatUint8Array([format, filename_length, filename, date]); - } - - /** - * Creates a Uint8Array representation of the packet - * - * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. - */ - write() { - const header = this.writeHeader(); - const data = this.getBytes(); - - return util.concat([header, data]); - } - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - // Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. - const verified = Symbol('verified'); - - // GPG puts the Issuer and Signature subpackets in the unhashed area. - // Tampering with those invalidates the signature, so we still trust them and parse them. - // All other unhashed subpackets are ignored. - const allowedUnhashedSubpackets = new Set([ - enums.signatureSubpacket.issuer, - enums.signatureSubpacket.issuerFingerprint, - enums.signatureSubpacket.embeddedSignature - ]); - - /** - * Implementation of the Signature Packet (Tag 2) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: - * A Signature packet describes a binding between some public key and - * some data. The most common signatures are a signature of a file or a - * block of text, and a signature that is a certification of a User ID. - */ - class SignaturePacket { - static get tag() { - return enums.packet.signature; - } - - constructor() { - this.version = null; - /** @type {enums.signature} */ - this.signatureType = null; - /** @type {enums.hash} */ - this.hashAlgorithm = null; - /** @type {enums.publicKey} */ - this.publicKeyAlgorithm = null; - - this.signatureData = null; - this.unhashedSubpackets = []; - this.signedHashValue = null; - - this.created = null; - this.signatureExpirationTime = null; - this.signatureNeverExpires = true; - this.exportable = null; - this.trustLevel = null; - this.trustAmount = null; - this.regularExpression = null; - this.revocable = null; - this.keyExpirationTime = null; - this.keyNeverExpires = null; - this.preferredSymmetricAlgorithms = null; - this.revocationKeyClass = null; - this.revocationKeyAlgorithm = null; - this.revocationKeyFingerprint = null; - this.issuerKeyID = new KeyID(); - this.rawNotations = []; - this.notations = {}; - this.preferredHashAlgorithms = null; - this.preferredCompressionAlgorithms = null; - this.keyServerPreferences = null; - this.preferredKeyServer = null; - this.isPrimaryUserID = null; - this.policyURI = null; - this.keyFlags = null; - this.signersUserID = null; - this.reasonForRevocationFlag = null; - this.reasonForRevocationString = null; - this.features = null; - this.signatureTargetPublicKeyAlgorithm = null; - this.signatureTargetHashAlgorithm = null; - this.signatureTargetHash = null; - this.embeddedSignature = null; - this.issuerKeyVersion = null; - this.issuerFingerprint = null; - this.preferredAEADAlgorithms = null; - - this.revoked = null; - this[verified] = null; - } - - /** - * parsing function for a signature packet (tag 2). - * @param {String} bytes - Payload of a tag 2 packet - * @returns {SignaturePacket} Object representation. - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); - } - - this.signatureType = bytes[i++]; - this.publicKeyAlgorithm = bytes[i++]; - this.hashAlgorithm = bytes[i++]; - - // hashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), true); - if (!this.created) { - throw new Error('Missing signature creation time subpacket.'); - } - - // A V4 signature hashes the packet body - // starting from its first field, the version number, through the end - // of the hashed subpacket data. Thus, the fields hashed are the - // signature version, the signature type, the public-key algorithm, the - // hash algorithm, the hashed subpacket length, and the hashed - // subpacket body. - this.signatureData = bytes.subarray(0, i); - - // unhashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - - // Two-octet field holding left 16 bits of signed hash value. - this.signedHashValue = bytes.subarray(i, i + 2); - i += 2; - - this.params = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length)); - } - - /** - * @returns {Uint8Array | ReadableStream} - */ - writeParams() { - if (this.params instanceof Promise) { - return fromAsync( - async () => mod.serializeParams(this.publicKeyAlgorithm, await this.params) - ); - } - return mod.serializeParams(this.publicKeyAlgorithm, this.params); - } - - write() { - const arr = []; - arr.push(this.signatureData); - arr.push(this.writeUnhashedSubPackets()); - arr.push(this.signedHashValue); - arr.push(this.writeParams()); - return util.concat(arr); - } - - /** - * Signs provided data. This needs to be done prior to serialization. - * @param {SecretKeyPacket} key - Private key used to sign the message. - * @param {Object} data - Contains packets to be signed. - * @param {Date} [date] - The signature creation time. - * @param {Boolean} [detached] - Whether to create a detached signature - * @throws {Error} if signing failed - * @async - */ - async sign(key, data, date = new Date(), detached = false) { - if (key.version === 5) { - this.version = 5; - } else { - this.version = 4; - } - const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; - - this.created = util.normalizeDate(date); - this.issuerKeyVersion = key.version; - this.issuerFingerprint = key.getFingerprintBytes(); - this.issuerKeyID = key.getKeyID(); - - // Add hashed subpackets - arr.push(this.writeHashedSubPackets()); - - // Remove unhashed subpackets, in case some allowed unhashed - // subpackets existed, in order not to duplicate them (in both - // the hashed and unhashed subpackets) when re-signing. - this.unhashedSubpackets = []; - - this.signatureData = util.concat(arr); - - const toHash = this.toHash(this.signatureType, data, detached); - const hash = await this.hash(this.signatureType, data, toHash, detached); - - this.signedHashValue = slice(clone(hash), 0, 2); - const signed = async () => mod.signature.sign( - this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) - ); - if (util.isStream(hash)) { - this.params = signed(); - } else { - this.params = await signed(); - - // Store the fact that this signature is valid, e.g. for when we call `await - // getLatestValidSignature(this.revocationSignatures, key, data)` later. - // Note that this only holds up if the key and data passed to verify are the - // same as the ones passed to sign. - this[verified] = true; - } - } - - /** - * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeHashedSubPackets() { - const sub = enums.signatureSubpacket; - const arr = []; - let bytes; - if (this.created === null) { - throw new Error('Missing signature creation time'); - } - arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); - if (this.signatureExpirationTime !== null) { - arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); - } - if (this.exportable !== null) { - arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); - } - if (this.trustLevel !== null) { - bytes = new Uint8Array([this.trustLevel, this.trustAmount]); - arr.push(writeSubPacket(sub.trustSignature, true, bytes)); - } - if (this.regularExpression !== null) { - arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); - } - if (this.revocable !== null) { - arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); - } - if (this.keyExpirationTime !== null) { - arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); - } - if (this.preferredSymmetricAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); - arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); - } - if (this.revocationKeyClass !== null) { - bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); - bytes = util.concat([bytes, this.revocationKeyFingerprint]); - arr.push(writeSubPacket(sub.revocationKey, false, bytes)); - } - if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { - // If the version of [the] key is greater than 4, this subpacket - // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write())); - } - this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { - bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; - const encodedName = util.encodeUTF8(name); - // 2 octets of name length - bytes.push(util.writeNumber(encodedName.length, 2)); - // 2 octets of value length - bytes.push(util.writeNumber(value.length, 2)); - bytes.push(encodedName); - bytes.push(value); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.notationData, critical, bytes)); - }); - if (this.preferredHashAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); - arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); - } - if (this.preferredCompressionAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); - arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); - } - if (this.keyServerPreferences !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); - arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); - } - if (this.preferredKeyServer !== null) { - arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); - } - if (this.isPrimaryUserID !== null) { - arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); - } - if (this.policyURI !== null) { - arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); - } - if (this.keyFlags !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); - arr.push(writeSubPacket(sub.keyFlags, true, bytes)); - } - if (this.signersUserID !== null) { - arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); - } - if (this.reasonForRevocationFlag !== null) { - bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); - arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); - } - if (this.features !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); - arr.push(writeSubPacket(sub.features, false, bytes)); - } - if (this.signatureTargetPublicKeyAlgorithm !== null) { - bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; - bytes.push(util.stringToUint8Array(this.signatureTargetHash)); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); - } - if (this.embeddedSignature !== null) { - arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); - } - if (this.issuerFingerprint !== null) { - bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes)); - } - if (this.preferredAEADAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); - arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); - } - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - /** - * Creates an Uint8Array containing the unhashed subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeUnhashedSubPackets() { - const arr = []; - this.unhashedSubpackets.forEach(data => { - arr.push(writeSimpleLength(data.length)); - arr.push(data); - }); - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - // V4 signature sub packets - readSubPacket(bytes, hashed = true) { - let mypos = 0; - - // The leftmost bit denotes a "critical" packet - const critical = !!(bytes[mypos] & 0x80); - const type = bytes[mypos] & 0x7F; - - if (!hashed) { - this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); - if (!allowedUnhashedSubpackets.has(type)) { - return; - } - } - - mypos++; - - // subpacket type - switch (type) { - case enums.signatureSubpacket.signatureCreationTime: - // Signature Creation Time - this.created = util.readDate(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.signatureExpirationTime: { - // Signature Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.signatureNeverExpires = seconds === 0; - this.signatureExpirationTime = seconds; - - break; - } - case enums.signatureSubpacket.exportableCertification: - // Exportable Certification - this.exportable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.trustSignature: - // Trust Signature - this.trustLevel = bytes[mypos++]; - this.trustAmount = bytes[mypos++]; - break; - case enums.signatureSubpacket.regularExpression: - // Regular Expression - this.regularExpression = bytes[mypos]; - break; - case enums.signatureSubpacket.revocable: - // Revocable - this.revocable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.keyExpirationTime: { - // Key Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.keyExpirationTime = seconds; - this.keyNeverExpires = seconds === 0; - - break; - } - case enums.signatureSubpacket.preferredSymmetricAlgorithms: - // Preferred Symmetric Algorithms - this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.revocationKey: - // Revocation Key - // (1 octet of class, 1 octet of public-key algorithm ID, 20 - // octets of - // fingerprint) - this.revocationKeyClass = bytes[mypos++]; - this.revocationKeyAlgorithm = bytes[mypos++]; - this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); - break; - - case enums.signatureSubpacket.issuer: - // Issuer - this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); - break; - - case enums.signatureSubpacket.notationData: { - // Notation Data - const humanReadable = !!(bytes[mypos] & 0x80); - - // We extract key/value tuple from the byte stream. - mypos += 4; - const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - - const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); - const value = bytes.subarray(mypos + m, mypos + m + n); - - this.rawNotations.push({ name, humanReadable, value, critical }); - - if (humanReadable) { - this.notations[name] = util.decodeUTF8(value); - } - break; - } - case enums.signatureSubpacket.preferredHashAlgorithms: - // Preferred Hash Algorithms - this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredCompressionAlgorithms: - // Preferred Compression Algorithms - this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.keyServerPreferences: - // Key Server Preferences - this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredKeyServer: - // Preferred Key Server - this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.primaryUserID: - // Primary User ID - this.isPrimaryUserID = bytes[mypos++] !== 0; - break; - case enums.signatureSubpacket.policyURI: - // Policy URI - this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.keyFlags: - // Key Flags - this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signersUserID: - // Signer's User ID - this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.reasonForRevocation: - // Reason for Revocation - this.reasonForRevocationFlag = bytes[mypos++]; - this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.features: - // Features - this.features = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signatureTarget: { - // Signature Target - // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) - this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; - this.signatureTargetHashAlgorithm = bytes[mypos++]; - - const len = mod.getHashByteLength(this.signatureTargetHashAlgorithm); - - this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); - break; - } - case enums.signatureSubpacket.embeddedSignature: - // Embedded Signature - this.embeddedSignature = new SignaturePacket(); - this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.issuerFingerprint: - // Issuer Fingerprint - this.issuerKeyVersion = bytes[mypos++]; - this.issuerFingerprint = bytes.subarray(mypos, bytes.length); - if (this.issuerKeyVersion === 5) { - this.issuerKeyID.read(this.issuerFingerprint); - } else { - this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); - } - break; - case enums.signatureSubpacket.preferredAEADAlgorithms: - // Preferred AEAD Algorithms - this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - default: { - const err = new Error(`Unknown signature subpacket type ${type}`); - if (critical) { - throw err; - } else { - util.printDebug(err); - } - } - } - } - - readSubPackets(bytes, trusted = true, config) { - // Two-octet scalar octet count for following subpacket data. - const subpacketLength = util.readNumber(bytes.subarray(0, 2)); - - let i = 2; - - // subpacket data set (zero or more subpackets) - while (i < 2 + subpacketLength) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); - - i += len.len; - } - - return i; - } - - // Produces data to produce signature on - toSign(type, data) { - const t = enums.signature; - - switch (type) { - case t.binary: - if (data.text !== null) { - return util.encodeUTF8(data.getText(true)); - } - return data.getBytes(true); - - case t.text: { - const bytes = data.getBytes(true); - // normalize EOL to \r\n - return util.canonicalizeEOL(bytes); - } - case t.standalone: - return new Uint8Array(0); - - case t.certGeneric: - case t.certPersona: - case t.certCasual: - case t.certPositive: - case t.certRevocation: { - let packet; - let tag; - - if (data.userID) { - tag = 0xB4; - packet = data.userID; - } else if (data.userAttribute) { - tag = 0xD1; - packet = data.userAttribute; - } else { - throw new Error('Either a userID or userAttribute packet needs to be ' + - 'supplied for certification.'); - } - - const bytes = packet.write(); - - return util.concat([this.toSign(t.key, data), - new Uint8Array([tag]), - util.writeNumber(bytes.length, 4), - bytes]); - } - case t.subkeyBinding: - case t.subkeyRevocation: - case t.keyBinding: - return util.concat([this.toSign(t.key, data), this.toSign(t.key, { - key: data.bind - })]); - - case t.key: - if (data.key === undefined) { - throw new Error('Key packet is required for this signature.'); - } - return data.key.writeForHash(this.version); - - case t.keyRevocation: - return this.toSign(t.key, data); - case t.timestamp: - return new Uint8Array(0); - case t.thirdParty: - throw new Error('Not implemented'); - default: - throw new Error('Unknown signature type.'); - } - } - - calculateTrailer(data, detached) { - let length = 0; - return transform(clone(this.signatureData), value => { - length += value.length; - }, () => { - const arr = []; - if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { - if (detached) { - arr.push(new Uint8Array(6)); - } else { - arr.push(data.writeHeader()); - } - } - arr.push(new Uint8Array([this.version, 0xFF])); - if (this.version === 5) { - arr.push(new Uint8Array(4)); - } - arr.push(util.writeNumber(length, 4)); - // For v5, this should really be writeNumber(length, 8) rather than the - // hardcoded 4 zero bytes above - return util.concat(arr); - }); - } - - toHash(signatureType, data, detached = false) { - const bytes = this.toSign(signatureType, data); - - return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]); - } - - async hash(signatureType, data, toHash, detached = false) { - if (!toHash) toHash = this.toHash(signatureType, data, detached); - return mod.hash.digest(this.hashAlgorithm, toHash); - } - - /** - * verifies the signature packet. Note: not all signature types are implemented - * @param {PublicSubkeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature - * @param {module:enums.signature} signatureType - Expected signature type - * @param {Uint8Array|Object} data - Data which on the signature applies - * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration - * @param {Boolean} [detached] - Whether to verify a detached signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if signature validation failed - * @async - */ - async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { - if (!this.issuerKeyID.equals(key.getKeyID())) { - throw new Error('Signature was not issued by the given public key'); - } - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); - } - - const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; - // Cryptographic validity is cached after one successful verification. - // However, for message signatures, we always re-verify, since the passed `data` can change - const skipVerify = this[verified] && !isMessageSignature; - if (!skipVerify) { - let toHash; - let hash; - if (this.hashed) { - hash = await this.hashed; - } else { - toHash = this.toHash(signatureType, data, detached); - hash = await this.hash(signatureType, data, toHash); - } - hash = await readToEnd(hash); - if (this.signedHashValue[0] !== hash[0] || - this.signedHashValue[1] !== hash[1]) { - throw new Error('Signed digest did not match'); - } - - this.params = await this.params; - - this[verified] = await mod.signature.verify( - this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, - toHash, hash - ); - - if (!this[verified]) { - throw new Error('Signature verification failed'); - } - } - - const normDate = util.normalizeDate(date); - if (normDate && this.created > normDate) { - throw new Error('Signature creation time is in the future'); - } - if (normDate && normDate >= this.getExpirationTime()) { - throw new Error('Signature is expired'); - } - if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { - throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && - [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { - throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - this.rawNotations.forEach(({ name, critical }) => { - if (critical && (config$1.knownNotations.indexOf(name) < 0)) { - throw new Error(`Unknown critical notation: ${name}`); - } - }); - if (this.revocationKeyClass !== null) { - throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); - } - } - - /** - * Verifies signature expiration date - * @param {Date} [date] - Use the given date for verification instead of the current time - * @returns {Boolean} True if expired. - */ - isExpired(date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - return !(this.created <= normDate && normDate < this.getExpirationTime()); - } - return false; - } - - /** - * Returns the expiration time of the signature or Infinity if signature does not expire - * @returns {Date | Infinity} Expiration time. - */ - getExpirationTime() { - return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); - } - } - - /** - * Creates a Uint8Array representation of a sub signature packet - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} - * @param {Integer} type - Subpacket signature type. - * @param {Boolean} critical - Whether the subpacket should be critical. - * @param {String} data - Data to be included - * @returns {Uint8Array} The signature subpacket. - * @private - */ - function writeSubPacket(type, critical, data) { - const arr = []; - arr.push(writeSimpleLength(data.length + 1)); - arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); - arr.push(data); - return util.concat(arr); - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - const VERSION = 3; - - /** - * Implementation of the One-Pass Signature Packets (Tag 4) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: - * The One-Pass Signature packet precedes the signed data and contains - * enough information to allow the receiver to begin calculating any - * hashes needed to verify the signature. It allows the Signature - * packet to be placed at the end of the message, so that the signer - * can compute the entire signed message in one pass. - */ - class OnePassSignaturePacket { - static get tag() { - return enums.packet.onePassSignature; - } - - constructor() { - /** A one-octet version number. The current version is 3. */ - this.version = null; - /** - * A one-octet signature type. - * Signature types are described in - * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. - * @type {enums.signature} - - */ - this.signatureType = null; - /** - * A one-octet number describing the hash algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} - * @type {enums.hash} - */ - this.hashAlgorithm = null; - /** - * A one-octet number describing the public-key algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} - * @type {enums.publicKey} - */ - this.publicKeyAlgorithm = null; - /** An eight-octet number holding the Key ID of the signing key. */ - this.issuerKeyID = null; - /** - * A one-octet number holding a flag showing whether the signature is nested. - * A zero value indicates that the next packet is another One-Pass Signature packet - * that describes another signature to be applied to the same message data. - */ - this.flags = null; - } - - /** - * parsing function for a one-pass signature packet (tag 4). - * @param {Uint8Array} bytes - Payload of a tag 4 packet - * @returns {OnePassSignaturePacket} Object representation. - */ - read(bytes) { - let mypos = 0; - // A one-octet version number. The current version is 3. - this.version = bytes[mypos++]; - if (this.version !== VERSION) { - throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); - } - - // A one-octet signature type. Signature types are described in - // Section 5.2.1. - this.signatureType = bytes[mypos++]; - - // A one-octet number describing the hash algorithm used. - this.hashAlgorithm = bytes[mypos++]; - - // A one-octet number describing the public-key algorithm used. - this.publicKeyAlgorithm = bytes[mypos++]; - - // An eight-octet number holding the Key ID of the signing key. - this.issuerKeyID = new KeyID(); - this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); - mypos += 8; - - // A one-octet number holding a flag showing whether the signature - // is nested. A zero value indicates that the next packet is - // another One-Pass Signature packet that describes another - // signature to be applied to the same message data. - this.flags = bytes[mypos++]; - return this; - } - - /** - * creates a string representation of a one-pass signature packet - * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. - */ - write() { - const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]); - - const end = new Uint8Array([this.flags]); - - return util.concatUint8Array([start, this.issuerKeyID.write(), end]); - } - - calculateTrailer(...args) { - return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); - } - - async verify() { - const correspondingSig = await this.correspondingSig; - if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { - throw new Error('Corresponding signature packet missing'); - } - if ( - correspondingSig.signatureType !== this.signatureType || - correspondingSig.hashAlgorithm !== this.hashAlgorithm || - correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || - !correspondingSig.issuerKeyID.equals(this.issuerKeyID) - ) { - throw new Error('Corresponding signature packet does not match one-pass signature packet'); - } - correspondingSig.hashed = this.hashed; - return correspondingSig.verify.apply(correspondingSig, arguments); - } - } - - OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; - OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; - OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; - - /** - * Instantiate a new packet given its tag - * @function newPacketFromTag - * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @returns {Object} New packet object with type based on tag - * @throws {Error|UnsupportedError} for disallowed or unknown packets - */ - function newPacketFromTag(tag, allowedPackets) { - if (!allowedPackets[tag]) { - // distinguish between disallowed packets and unknown ones - let packetType; - try { - packetType = enums.read(enums.packet, tag); - } catch (e) { - throw new UnsupportedError(`Unknown packet type with tag: ${tag}`); - } - throw new Error(`Packet not allowed in this context: ${packetType}`); - } - return new allowedPackets[tag](); - } - - /** - * This class represents a list of openpgp packets. - * Take care when iterating over it - the packets themselves - * are stored as numerical indices. - * @extends Array - */ - class PacketList extends Array { - /** - * Parses the given binary data and returns a list of packets. - * Equivalent to calling `read` on an empty PacketList instance. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @returns {PacketList} parsed list of packets - * @throws on parsing errors - * @async - */ - static async fromBinary(bytes, allowedPackets, config$1 = config) { - const packets = new PacketList(); - await packets.read(bytes, allowedPackets, config$1); - return packets; - } - - /** - * Reads a stream of binary data and interprets it as a list of packets. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @throws on parsing errors - * @async - */ - async read(bytes, allowedPackets, config$1 = config) { - if (config$1.additionalAllowedPackets.length) { - allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; - } - this.stream = transformPair(bytes, async (readable, writable) => { - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const done = await readPackets(readable, async parsed => { - try { - if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) { - // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: - // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 - // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 - return; - } - const packet = newPacketFromTag(parsed.tag, allowedPackets); - packet.packets = new PacketList(); - packet.fromStream = util.isStream(parsed.packet); - await packet.read(parsed.packet, config$1); - await writer.write(packet); - } catch (e) { - const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; - const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); - if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { - // The packets that support streaming are the ones that contain message data. - // Those are also the ones we want to be more strict about and throw on parse errors - // (since we likely cannot process the message without these packets anyway). - await writer.abort(e); - } else { - const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); - await writer.write(unparsedPacket); - } - util.printDebugError(e); - } - }); - if (done) { - await writer.ready; - await writer.close(); - return; - } - } - } catch (e) { - await writer.abort(e); - } - }); - - // Wait until first few packets have been read - const reader = getReader(this.stream); - while (true) { - const { done, value } = await reader.read(); - if (!done) { - this.push(value); - } else { - this.stream = null; - } - if (done || supportsStreaming(value.constructor.tag)) { - break; - } - } - reader.releaseLock(); - } - - /** - * Creates a binary representation of openpgp objects contained within the - * class instance. - * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. - */ - write() { - const arr = []; - - for (let i = 0; i < this.length; i++) { - const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; - const packetbytes = this[i].write(); - if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { - let buffer = []; - let bufferLength = 0; - const minLength = 512; - arr.push(writeTag(tag)); - arr.push(transform(packetbytes, value => { - buffer.push(value); - bufferLength += value.length; - if (bufferLength >= minLength) { - const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); - const chunkSize = 2 ** powerOf2; - const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); - buffer = [bufferConcat.subarray(1 + chunkSize)]; - bufferLength = buffer[0].length; - return bufferConcat.subarray(0, 1 + chunkSize); - } - }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); - } else { - if (util.isStream(packetbytes)) { - let length = 0; - arr.push(transform(clone(packetbytes), value => { - length += value.length; - }, () => writeHeader(tag, length))); - } else { - arr.push(writeHeader(tag, packetbytes.length)); - } - arr.push(packetbytes); - } - } - - return util.concat(arr); - } - - /** - * Creates a new PacketList with all packets matching the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {PacketList} - */ - filterByTag(...tags) { - const filtered = new PacketList(); - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(this[i].constructor.tag))) { - filtered.push(this[i]); - } - } - - return filtered; - } - - /** - * Traverses packet list and returns first packet with matching tag - * @param {module:enums.packet} tag - The packet tag - * @returns {Packet|undefined} - */ - findPacket(tag) { - return this.find(packet => packet.constructor.tag === tag); - } - - /** - * Find indices of packets with the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {Integer[]} packet indices - */ - indexOfTag(...tags) { - const tagIndex = []; - const that = this; - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(that[i].constructor.tag))) { - tagIndex.push(i); - } - } - return tagIndex; - } - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - // A Compressed Data packet can contain the following packet types - const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - OnePassSignaturePacket, - SignaturePacket - ]); - - /** - * Implementation of the Compressed Data Packet (Tag 8) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: - * The Compressed Data packet contains compressed data. Typically, - * this packet is found as the contents of an encrypted packet, or following - * a Signature or One-Pass Signature packet, and contains a literal data packet. - */ - class CompressedDataPacket { - static get tag() { - return enums.packet.compressedData; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * List of packets - * @type {PacketList} - */ - this.packets = null; - /** - * Compression algorithm - * @type {enums.compression} - */ - this.algorithm = config$1.preferredCompressionAlgorithm; - - /** - * Compressed packet data - * @type {Uint8Array | ReadableStream} - */ - this.compressed = null; - - /** - * zip/zlib compression level, between 1 and 9 - */ - this.deflateLevel = config$1.deflateLevel; - } - - /** - * Parsing function for the packet. - * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async read(bytes, config$1 = config) { - await parse(bytes, async reader => { - - // One octet that gives the algorithm used to compress the packet. - this.algorithm = await reader.readByte(); - - // Compressed data, which makes up the remainder of the packet. - this.compressed = reader.remainder(); - - await this.decompress(config$1); - }); - } - - - /** - * Return the compressed packet. - * @returns {Uint8Array | ReadableStream} Binary compressed packet. - */ - write() { - if (this.compressed === null) { - this.compress(); - } - - return util.concat([new Uint8Array([this.algorithm]), this.compressed]); - } - - - /** - * Decompression method for decompressing the compressed data - * read by read_packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async decompress(config$1 = config) { - const compressionName = enums.read(enums.compression, this.algorithm); - const decompressionFn = decompress_fns[compressionName]; - if (!decompressionFn) { - throw new Error(`${compressionName} decompression not supported`); - } - - this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config$1); - } - - /** - * Compress the packet data (member decompressedData) - */ - compress() { - const compressionName = enums.read(enums.compression, this.algorithm); - const compressionFn = compress_fns[compressionName]; - if (!compressionFn) { - throw new Error(`${compressionName} compression not supported`); - } - - this.compressed = compressionFn(this.packets.write(), this.deflateLevel); - } - } - - ////////////////////////// - // // - // Helper functions // - // // - ////////////////////////// - - - const nodeZlib = util.getNodeZlib(); - - function uncompressed(data) { - return data; - } - - function node_zlib(func, create, options = {}) { - return function (data) { - if (!util.isStream(data) || isArrayStream(data)) { - return fromAsync(() => readToEnd(data).then(data => { - return new Promise((resolve, reject) => { - func(data, options, (err, result) => { - if (err) return reject(err); - resolve(result); - }); - }); - })); - } - return nodeToWeb(webToNode(data).pipe(create(options))); - }; - } - - function pako_zlib(constructor, options = {}) { - return function(data) { - const obj = new constructor(options); - return transform(data, value => { - if (value.length) { - obj.push(value, Z_SYNC_FLUSH); - return obj.result; - } - }, () => { - if (constructor === Deflate) { - obj.push([], Z_FINISH); - return obj.result; - } - }); - }; - } - - function bzip2(func) { - return function(data) { - return fromAsync(async () => func(await readToEnd(data))); - }; - } - - const compress_fns = nodeZlib ? { - zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed) - } : { - zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed) - }; - - const decompress_fns = nodeZlib ? { - uncompressed: uncompressed, - zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw), - zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) - } : { - uncompressed: uncompressed, - zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }), - zlib: /*#__PURE__*/ pako_zlib(Inflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) - }; - - // GPG4Browsers - An OpenPGP implementation in javascript - - // A SEIP packet can contain the following packet types - const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket - ]); - - const VERSION$1 = 1; // A one-octet version number of the data packet. - - /** - * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: - * The Symmetrically Encrypted Integrity Protected Data packet is - * a variant of the Symmetrically Encrypted Data packet. It is a new feature - * created for OpenPGP that addresses the problem of detecting a modification to - * encrypted data. It is used in combination with a Modification Detection Code - * packet. - */ - class SymEncryptedIntegrityProtectedDataPacket { - static get tag() { - return enums.packet.symEncryptedIntegrityProtectedData; - } - - constructor() { - this.version = VERSION$1; - this.encrypted = null; - this.packets = null; - } - - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - // - A one-octet version number. The only currently defined value is 1. - if (version !== VERSION$1) { - throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`); - } - - // - Encrypted data, the output of the selected symmetric-key cipher - // operating in Cipher Feedback mode with shift amount equal to the - // block size of the cipher (CFB-n where n is the block size). - this.encrypted = reader.remainder(); - }); - } - - write() { - return util.concat([new Uint8Array([VERSION$1]), this.encrypted]); - } - - /** - * Encrypt the payload in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on encryption failure - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - - let bytes = this.packets.write(); - if (isArrayStream(bytes)) bytes = await readToEnd(bytes); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet - - const tohash = util.concat([prefix, bytes, mdc]); - const hash = await mod.hash.sha1(passiveClone(tohash)); - const plaintext = util.concat([tohash, hash]); - - this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); - return true; - } - - /** - * Decrypts the encrypted data contained in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on decryption failure - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - let encrypted = clone(this.encrypted); - if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); - - // there must be a modification detection code packet as the - // last packet and everything gets hashed except the hash itself - const realHash = slice(passiveClone(decrypted), -20); - const tohash = slice(decrypted, 0, -20); - const verifyHash = Promise.all([ - readToEnd(await mod.hash.sha1(passiveClone(tohash))), - readToEnd(realHash) - ]).then(([hash, mdc]) => { - if (!util.equalsUint8Array(hash, mdc)) { - throw new Error('Modification detected.'); - } - return new Uint8Array(); - }); - const bytes = slice(tohash, blockSize + 2); // Remove random prefix - let packetbytes = slice(bytes, 0, -2); // Remove MDC packet - packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); - if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { - packetbytes = await readToEnd(packetbytes); - } - this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$1, config$1); - return true; - } - } - - // OpenPGP.js - An OpenPGP implementation in javascript - - // An AEAD-encrypted Data packet can contain the following packet types - const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket - ]); - - const VERSION$2 = 1; // A one-octet version number of the data packet. - - /** - * Implementation of the Symmetrically Encrypted Authenticated Encryption with - * Additional Data (AEAD) Protected Data Packet - * - * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: - * AEAD Protected Data Packet - */ - class AEADEncryptedDataPacket { - static get tag() { - return enums.packet.aeadEncryptedData; - } - - constructor() { - this.version = VERSION$2; - /** @type {enums.symmetric} */ - this.cipherAlgorithm = null; - /** @type {enums.aead} */ - this.aeadAlgorithm = enums.aead.eax; - this.chunkSizeByte = null; - this.iv = null; - this.encrypted = null; - this.packets = null; - } - - /** - * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @param {Uint8Array | ReadableStream} bytes - * @throws {Error} on parsing failure - */ - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - if (version !== VERSION$2) { // The only currently defined value is 1. - throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); - } - this.cipherAlgorithm = await reader.readByte(); - this.aeadAlgorithm = await reader.readByte(); - this.chunkSizeByte = await reader.readByte(); - - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = await reader.readBytes(mode.ivLength); - this.encrypted = reader.remainder(); - }); - } - - /** - * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @returns {Uint8Array | ReadableStream} The encrypted payload. - */ - write() { - return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); - } - - /** - * Decrypt the encrypted payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.packets = await PacketList.fromBinary( - await this.crypt('decrypt', key, clone(this.encrypted)), - allowedPackets$2, - config$1 - ); - } - - /** - * Encrypt the packet payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.cipherAlgorithm = sessionKeyAlgorithm; - - const { ivLength } = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(ivLength); // generate new random IV - this.chunkSizeByte = config$1.aeadChunkSizeByte; - const data = this.packets.write(); - this.encrypted = await this.crypt('encrypt', key, data); - } - - /** - * En/decrypt the payload. - * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt - * @param {Uint8Array} key - The session key used to en/decrypt the payload - * @param {Uint8Array | ReadableStream} data - The data to en/decrypt - * @returns {Promise>} - * @async - */ - async crypt(fn, key, data) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const modeInstance = await mode(this.cipherAlgorithm, key); - const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; - const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; - const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) - const adataBuffer = new ArrayBuffer(21); - const adataArray = new Uint8Array(adataBuffer, 0, 13); - const adataTagArray = new Uint8Array(adataBuffer); - const adataView = new DataView(adataBuffer); - const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); - adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0); - let chunkIndex = 0; - let latestPromise = Promise.resolve(); - let cryptedBytes = 0; - let queuedBytes = 0; - const iv = this.iv; - return transformPair(data, async (readable, writable) => { - if (util.isStream(readable) !== 'array') { - const buffer = new TransformStream({}, { - highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6), - size: array => array.length - }); - pipe(buffer.readable, writable); - writable = buffer.writable; - } - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); - const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); - chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); - let cryptedPromise; - let done; - if (!chunkIndex || chunk.length) { - reader.unshift(finalChunk); - cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray); - queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; - } else { - // After the last chunk, we either encrypt a final, empty - // data chunk to get the final authentication tag or - // validate that final authentication tag. - adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...) - cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray); - queuedBytes += tagLengthIfEncrypting; - done = true; - } - cryptedBytes += chunk.length - tagLengthIfDecrypting; - // eslint-disable-next-line no-loop-func - latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { - await writer.ready; - await writer.write(crypted); - queuedBytes -= crypted.length; - }).catch(err => writer.abort(err)); - if (done || queuedBytes > writer.desiredSize) { - await latestPromise; // Respect backpressure - } - if (!done) { - adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) - } else { - await writer.close(); - break; - } - } - } catch (e) { - await writer.abort(e); - } - }); - } - } - - // GPG4Browsers - An OpenPGP implementation in javascript + function M(o, a, b) { + var v, c, + t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, + t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, + t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, + t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, + b0 = b[0], + b1 = b[1], + b2 = b[2], + b3 = b[3], + b4 = b[4], + b5 = b[5], + b6 = b[6], + b7 = b[7], + b8 = b[8], + b9 = b[9], + b10 = b[10], + b11 = b[11], + b12 = b[12], + b13 = b[13], + b14 = b[14], + b15 = b[15]; - const VERSION$3 = 3; + v = a[0]; + t0 += v * b0; + t1 += v * b1; + t2 += v * b2; + t3 += v * b3; + t4 += v * b4; + t5 += v * b5; + t6 += v * b6; + t7 += v * b7; + t8 += v * b8; + t9 += v * b9; + t10 += v * b10; + t11 += v * b11; + t12 += v * b12; + t13 += v * b13; + t14 += v * b14; + t15 += v * b15; + v = a[1]; + t1 += v * b0; + t2 += v * b1; + t3 += v * b2; + t4 += v * b3; + t5 += v * b4; + t6 += v * b5; + t7 += v * b6; + t8 += v * b7; + t9 += v * b8; + t10 += v * b9; + t11 += v * b10; + t12 += v * b11; + t13 += v * b12; + t14 += v * b13; + t15 += v * b14; + t16 += v * b15; + v = a[2]; + t2 += v * b0; + t3 += v * b1; + t4 += v * b2; + t5 += v * b3; + t6 += v * b4; + t7 += v * b5; + t8 += v * b6; + t9 += v * b7; + t10 += v * b8; + t11 += v * b9; + t12 += v * b10; + t13 += v * b11; + t14 += v * b12; + t15 += v * b13; + t16 += v * b14; + t17 += v * b15; + v = a[3]; + t3 += v * b0; + t4 += v * b1; + t5 += v * b2; + t6 += v * b3; + t7 += v * b4; + t8 += v * b5; + t9 += v * b6; + t10 += v * b7; + t11 += v * b8; + t12 += v * b9; + t13 += v * b10; + t14 += v * b11; + t15 += v * b12; + t16 += v * b13; + t17 += v * b14; + t18 += v * b15; + v = a[4]; + t4 += v * b0; + t5 += v * b1; + t6 += v * b2; + t7 += v * b3; + t8 += v * b4; + t9 += v * b5; + t10 += v * b6; + t11 += v * b7; + t12 += v * b8; + t13 += v * b9; + t14 += v * b10; + t15 += v * b11; + t16 += v * b12; + t17 += v * b13; + t18 += v * b14; + t19 += v * b15; + v = a[5]; + t5 += v * b0; + t6 += v * b1; + t7 += v * b2; + t8 += v * b3; + t9 += v * b4; + t10 += v * b5; + t11 += v * b6; + t12 += v * b7; + t13 += v * b8; + t14 += v * b9; + t15 += v * b10; + t16 += v * b11; + t17 += v * b12; + t18 += v * b13; + t19 += v * b14; + t20 += v * b15; + v = a[6]; + t6 += v * b0; + t7 += v * b1; + t8 += v * b2; + t9 += v * b3; + t10 += v * b4; + t11 += v * b5; + t12 += v * b6; + t13 += v * b7; + t14 += v * b8; + t15 += v * b9; + t16 += v * b10; + t17 += v * b11; + t18 += v * b12; + t19 += v * b13; + t20 += v * b14; + t21 += v * b15; + v = a[7]; + t7 += v * b0; + t8 += v * b1; + t9 += v * b2; + t10 += v * b3; + t11 += v * b4; + t12 += v * b5; + t13 += v * b6; + t14 += v * b7; + t15 += v * b8; + t16 += v * b9; + t17 += v * b10; + t18 += v * b11; + t19 += v * b12; + t20 += v * b13; + t21 += v * b14; + t22 += v * b15; + v = a[8]; + t8 += v * b0; + t9 += v * b1; + t10 += v * b2; + t11 += v * b3; + t12 += v * b4; + t13 += v * b5; + t14 += v * b6; + t15 += v * b7; + t16 += v * b8; + t17 += v * b9; + t18 += v * b10; + t19 += v * b11; + t20 += v * b12; + t21 += v * b13; + t22 += v * b14; + t23 += v * b15; + v = a[9]; + t9 += v * b0; + t10 += v * b1; + t11 += v * b2; + t12 += v * b3; + t13 += v * b4; + t14 += v * b5; + t15 += v * b6; + t16 += v * b7; + t17 += v * b8; + t18 += v * b9; + t19 += v * b10; + t20 += v * b11; + t21 += v * b12; + t22 += v * b13; + t23 += v * b14; + t24 += v * b15; + v = a[10]; + t10 += v * b0; + t11 += v * b1; + t12 += v * b2; + t13 += v * b3; + t14 += v * b4; + t15 += v * b5; + t16 += v * b6; + t17 += v * b7; + t18 += v * b8; + t19 += v * b9; + t20 += v * b10; + t21 += v * b11; + t22 += v * b12; + t23 += v * b13; + t24 += v * b14; + t25 += v * b15; + v = a[11]; + t11 += v * b0; + t12 += v * b1; + t13 += v * b2; + t14 += v * b3; + t15 += v * b4; + t16 += v * b5; + t17 += v * b6; + t18 += v * b7; + t19 += v * b8; + t20 += v * b9; + t21 += v * b10; + t22 += v * b11; + t23 += v * b12; + t24 += v * b13; + t25 += v * b14; + t26 += v * b15; + v = a[12]; + t12 += v * b0; + t13 += v * b1; + t14 += v * b2; + t15 += v * b3; + t16 += v * b4; + t17 += v * b5; + t18 += v * b6; + t19 += v * b7; + t20 += v * b8; + t21 += v * b9; + t22 += v * b10; + t23 += v * b11; + t24 += v * b12; + t25 += v * b13; + t26 += v * b14; + t27 += v * b15; + v = a[13]; + t13 += v * b0; + t14 += v * b1; + t15 += v * b2; + t16 += v * b3; + t17 += v * b4; + t18 += v * b5; + t19 += v * b6; + t20 += v * b7; + t21 += v * b8; + t22 += v * b9; + t23 += v * b10; + t24 += v * b11; + t25 += v * b12; + t26 += v * b13; + t27 += v * b14; + t28 += v * b15; + v = a[14]; + t14 += v * b0; + t15 += v * b1; + t16 += v * b2; + t17 += v * b3; + t18 += v * b4; + t19 += v * b5; + t20 += v * b6; + t21 += v * b7; + t22 += v * b8; + t23 += v * b9; + t24 += v * b10; + t25 += v * b11; + t26 += v * b12; + t27 += v * b13; + t28 += v * b14; + t29 += v * b15; + v = a[15]; + t15 += v * b0; + t16 += v * b1; + t17 += v * b2; + t18 += v * b3; + t19 += v * b4; + t20 += v * b5; + t21 += v * b6; + t22 += v * b7; + t23 += v * b8; + t24 += v * b9; + t25 += v * b10; + t26 += v * b11; + t27 += v * b12; + t28 += v * b13; + t29 += v * b14; + t30 += v * b15; - /** - * Public-Key Encrypted Session Key Packets (Tag 1) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: - * A Public-Key Encrypted Session Key packet holds the session key - * used to encrypt a message. Zero or more Public-Key Encrypted Session Key - * packets and/or Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data Packet, which holds an encrypted message. The - * message is encrypted with the session key, and the session key is itself - * encrypted and stored in the Encrypted Session Key packet(s). The - * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted - * Session Key packet for each OpenPGP key to which the message is encrypted. - * The recipient of the message finds a session key that is encrypted to their - * public key, decrypts the session key, and then uses the session key to - * decrypt the message. - */ - class PublicKeyEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.publicKeyEncryptedSessionKey; - } + t0 += 38 * t16; + t1 += 38 * t17; + t2 += 38 * t18; + t3 += 38 * t19; + t4 += 38 * t20; + t5 += 38 * t21; + t6 += 38 * t22; + t7 += 38 * t23; + t8 += 38 * t24; + t9 += 38 * t25; + t10 += 38 * t26; + t11 += 38 * t27; + t12 += 38 * t28; + t13 += 38 * t29; + t14 += 38 * t30; + // t15 left as is - constructor() { - this.version = 3; + // first car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - this.publicKeyID = new KeyID(); - this.publicKeyAlgorithm = null; + // second car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - this.sessionKey = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = null; + o[ 0] = t0; + o[ 1] = t1; + o[ 2] = t2; + o[ 3] = t3; + o[ 4] = t4; + o[ 5] = t5; + o[ 6] = t6; + o[ 7] = t7; + o[ 8] = t8; + o[ 9] = t9; + o[10] = t10; + o[11] = t11; + o[12] = t12; + o[13] = t13; + o[14] = t14; + o[15] = t15; + } - /** @type {Object} */ - this.encrypted = {}; - } + function S(o, a) { + M(o, a, a); + } - /** - * Parsing function for a publickey encrypted session key packet (tag 1). - * - * @param {Uint8Array} bytes - Payload of a tag 1 packet - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - if (this.version !== VERSION$3) { - throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); - } - i += this.publicKeyID.read(bytes.subarray(i)); - this.publicKeyAlgorithm = bytes[i++]; - this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version); - if (this.publicKeyAlgorithm === enums.publicKey.x25519) { - this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); - } + function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 253; a >= 0; a--) { + S(c, c); + if(a !== 2 && a !== 4) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; + } - /** - * Create a binary representation of a tag 1 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const arr = [ - new Uint8Array([this.version]), - this.publicKeyID.write(), - new Uint8Array([this.publicKeyAlgorithm]), - mod.serializeParams(this.publicKeyAlgorithm, this.encrypted) - ]; - - return util.concatUint8Array(arr); + function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 250; a >= 0; a--) { + S(c, c); + if(a !== 1) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; + } - /** - * Encrypt session key packet - * @param {PublicKeyPacket} key - Public key - * @throws {Error} if encryption failed - * @async - */ - async encrypt(key) { - const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); - const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey); - this.encrypted = await mod.publicKeyEncrypt( - algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes()); + function crypto_scalarmult(q, n, p) { + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; } - - /** - * Decrypts the session key (only for public key encrypted session key packets (tag 1) - * @param {SecretKeyPacket} key - decrypted private key - * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. - * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } - * @throws {Error} if decryption failed, unless `randomSessionKey` is given - * @async - */ - async decrypt(key, randomSessionKey) { - // check that session key algo matches the secret key algo - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Decryption error'); - } - - const randomPayload = randomSessionKey ? - encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : - null; - const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload); - - const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); - - // v3 Montgomery curves have cleartext cipher algo - if (this.publicKeyAlgorithm !== enums.publicKey.x25519) { - this.sessionKeyAlgorithm = sessionKeyAlgorithm; - } - this.sessionKey = sessionKey; + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); + } + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; } + function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); + } - function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // add checksum - return util.concatUint8Array([ - new Uint8Array([cipherAlgo]), - sessionKeyData, - util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) - ]); - } - case enums.publicKey.x25519: - return sessionKeyData; - default: - throw new Error('Unsupported public key algorithm'); - } + function crypto_box_keypair(y, x) { + randombytes(x, 32); + return crypto_scalarmult_base(y, x); } + var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 + ]; - function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // verify checksum in constant time - const result = decryptedData.subarray(0, decryptedData.length - 2); - const checksum = decryptedData.subarray(decryptedData.length - 2); - const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); - const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; - const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; - if (randomSessionKey) { - // We must not leak info about the validity of the decrypted checksum or cipher algo. - // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. - const isValidPayload = isValidChecksum & - decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & - decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; - return { - sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), - sessionKeyAlgorithm: util.selectUint8( - isValidPayload, - decryptedSessionKey.sessionKeyAlgorithm, - randomSessionKey.sessionKeyAlgorithm - ) - }; - } else { - const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm); - if (isValidPayload) { - return decryptedSessionKey; - } else { - throw new Error('Decryption error'); - } - } + function crypto_hashblocks_hl(hh, hl, m, n) { + var wh = new Int32Array(16), wl = new Int32Array(16), + bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, + bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, + th, tl, i, j, h, l, a, b, c, d; + + var ah0 = hh[0], + ah1 = hh[1], + ah2 = hh[2], + ah3 = hh[3], + ah4 = hh[4], + ah5 = hh[5], + ah6 = hh[6], + ah7 = hh[7], + + al0 = hl[0], + al1 = hl[1], + al2 = hl[2], + al3 = hl[3], + al4 = hl[4], + al5 = hl[5], + al6 = hl[6], + al7 = hl[7]; + + var pos = 0; + while (n >= 128) { + for (i = 0; i < 16; i++) { + j = 8 * i + pos; + wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; + wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; } - case enums.publicKey.x25519: - return { - sessionKey: decryptedData - }; - default: - throw new Error('Unsupported public key algorithm'); - } - } + for (i = 0; i < 80; i++) { + bh0 = ah0; + bh1 = ah1; + bh2 = ah2; + bh3 = ah3; + bh4 = ah4; + bh5 = ah5; + bh6 = ah6; + bh7 = ah7; - // GPG4Browsers - An OpenPGP implementation in javascript + bl0 = al0; + bl1 = al1; + bl2 = al2; + bl3 = al3; + bl4 = al4; + bl5 = al5; + bl6 = al6; + bl7 = al7; - class S2K { - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * Hash function identifier, or 0 for gnu-dummy keys - * @type {module:enums.hash | 0} - */ - this.algorithm = enums.hash.sha256; - /** - * enums.s2k identifier or 'gnu-dummy' - * @type {String} - */ - this.type = 'iterated'; - /** @type {Integer} */ - this.c = config$1.s2kIterationCountByte; - /** Eight bytes of salt in a binary string. - * @type {Uint8Array} - */ - this.salt = null; - } + // add + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma1 + h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); + l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Ch + h = (ah4 & ah5) ^ (~ah4 & ah6); + l = (al4 & al5) ^ (~al4 & al6); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // K + h = K[i*2]; + l = K[i*2+1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // w + h = wh[i%16]; + l = wl[i%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + th = c & 0xffff | d << 16; + tl = a & 0xffff | b << 16; + + // add + h = th; + l = tl; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma0 + h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); + l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); - getCount() { - // Exponent bias, defined in RFC4880 - const expbias = 6; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); - } + // Maj + h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); + l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); - /** - * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). - * @param {Uint8Array} bytes - Payload of string-to-key specifier - * @returns {Integer} Actual length of the object. - */ - read(bytes) { - let i = 0; - try { - this.type = enums.read(enums.s2k, bytes[i++]); - } catch (err) { - throw new UnsupportedError('Unknown S2K type.'); - } - this.algorithm = bytes[i++]; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - switch (this.type) { - case 'simple': - break; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - case 'salted': - this.salt = bytes.subarray(i, i + 8); - i += 8; - break; + bh7 = (c & 0xffff) | (d << 16); + bl7 = (a & 0xffff) | (b << 16); - case 'iterated': - this.salt = bytes.subarray(i, i + 8); - i += 8; + // add + h = bh3; + l = bl3; - // Octet 10: count, a one-octet, coded value - this.c = bytes[i++]; - break; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - case 'gnu': - if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { - i += 3; // GNU - const gnuExtType = 1000 + bytes[i++]; - if (gnuExtType === 1001) { - this.type = 'gnu-dummy'; - // GnuPG extension mode 1001 -- don't write secret key at all - } else { - throw new UnsupportedError('Unknown s2k gnu protection mode.'); - } - } else { - throw new UnsupportedError('Unknown s2k type.'); - } - break; + h = th; + l = tl; - default: - throw new UnsupportedError('Unknown s2k type.'); // unreachable - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - return i; - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - /** - * Serializes s2k information - * @returns {Uint8Array} Binary representation of s2k. - */ - write() { - if (this.type === 'gnu-dummy') { - return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); - } - const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; + bh3 = (c & 0xffff) | (d << 16); + bl3 = (a & 0xffff) | (b << 16); - switch (this.type) { - case 'simple': - break; - case 'salted': - arr.push(this.salt); - break; - case 'iterated': - arr.push(this.salt); - arr.push(new Uint8Array([this.c])); - break; - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } + ah1 = bh0; + ah2 = bh1; + ah3 = bh2; + ah4 = bh3; + ah5 = bh4; + ah6 = bh5; + ah7 = bh6; + ah0 = bh7; - return util.concatUint8Array(arr); - } + al1 = bl0; + al2 = bl1; + al3 = bl2; + al4 = bl3; + al5 = bl4; + al6 = bl5; + al7 = bl6; + al0 = bl7; - /** - * Produces a key using the specified passphrase and the defined - * hashAlgorithm - * @param {String} passphrase - Passphrase containing user input - * @returns {Promise} Produced key with a length corresponding to. - * hashAlgorithm hash length - * @async - */ - async produceKey(passphrase, numBytes) { - passphrase = util.encodeUTF8(passphrase); + if (i%16 === 15) { + for (j = 0; j < 16; j++) { + // add + h = wh[j]; + l = wl[j]; - const arr = []; - let rlength = 0; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - let prefixlen = 0; - while (rlength < numBytes) { - let toHash; - switch (this.type) { - case 'simple': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); - break; - case 'salted': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); - break; - case 'iterated': { - const data = util.concatUint8Array([this.salt, passphrase]); - let datalen = data.length; - const count = Math.max(this.getCount(), datalen); - toHash = new Uint8Array(prefixlen + count); - toHash.set(data, prefixlen); - for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { - toHash.copyWithin(pos, prefixlen, pos); - } - break; + h = wh[(j+9)%16]; + l = wl[(j+9)%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma0 + th = wh[(j+1)%16]; + tl = wl[(j+1)%16]; + h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); + l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma1 + th = wh[(j+14)%16]; + tl = wl[(j+14)%16]; + h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); + l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + wh[j] = (c & 0xffff) | (d << 16); + wl[j] = (a & 0xffff) | (b << 16); } - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); } - const result = await mod.hash.digest(this.algorithm, toHash); - arr.push(result); - rlength += result.length; - prefixlen++; } - return util.concatUint8Array(arr).subarray(0, numBytes); - } - } + // add + h = ah0; + l = al0; - // GPG4Browsers - An OpenPGP implementation in javascript + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - /** - * Symmetric-Key Encrypted Session Key Packets (Tag 3) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: - * The Symmetric-Key Encrypted Session Key packet holds the - * symmetric-key encryption of a session key used to encrypt a message. - * Zero or more Public-Key Encrypted Session Key packets and/or - * Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data packet that holds an encrypted message. - * The message is encrypted with a session key, and the session key is - * itself encrypted and stored in the Encrypted Session Key packet or - * the Symmetric-Key Encrypted Session Key packet. - */ - class SymEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.symEncryptedSessionKey; - } + h = hh[0]; + l = hl[0]; - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - this.version = config$1.aeadProtect ? 5 : 4; - this.sessionKey = null; - /** - * Algorithm to encrypt the session key with - * @type {enums.symmetric} - */ - this.sessionKeyEncryptionAlgorithm = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = enums.symmetric.aes256; - /** - * AEAD mode to encrypt the session key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); - this.encrypted = null; - this.s2k = null; - this.iv = null; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Parsing function for a symmetric encrypted session key packet (tag 3). - * - * @param {Uint8Array} bytes - Payload of a tag 3 packet - */ - read(bytes) { - let offset = 0; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - // A one-octet version number. The only currently defined version is 4. - this.version = bytes[offset++]; - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); - } + hh[0] = ah0 = (c & 0xffff) | (d << 16); + hl[0] = al0 = (a & 0xffff) | (b << 16); - // A one-octet number describing the symmetric algorithm used. - const algo = bytes[offset++]; + h = ah1; + l = al1; - if (this.version === 5) { - // A one-octet AEAD algorithm. - this.aeadAlgorithm = bytes[offset++]; - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - // A string-to-key (S2K) specifier, length as defined above. - this.s2k = new S2K(); - offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + h = hh[1]; + l = hl[1]; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - // A starting initialization vector of size specified by the AEAD - // algorithm. - this.iv = bytes.subarray(offset, offset += mode.ivLength); - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - // The encrypted session key itself, which is decrypted with the - // string-to-key object. This is optional in version 4. - if (this.version === 5 || offset < bytes.length) { - this.encrypted = bytes.subarray(offset, bytes.length); - this.sessionKeyEncryptionAlgorithm = algo; - } else { - this.sessionKeyAlgorithm = algo; - } - } + hh[1] = ah1 = (c & 0xffff) | (d << 16); + hl[1] = al1 = (a & 0xffff) | (b << 16); - /** - * Create a binary representation of a tag 3 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const algo = this.encrypted === null ? - this.sessionKeyAlgorithm : - this.sessionKeyEncryptionAlgorithm; + h = ah2; + l = al2; - let bytes; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (this.version === 5) { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]); - } else { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]); + h = hh[2]; + l = hl[2]; - if (this.encrypted !== null) { - bytes = util.concatUint8Array([bytes, this.encrypted]); - } - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - return bytes; - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - /** - * Decrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(passphrase) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; + hh[2] = ah2 = (c & 0xffff) | (d << 16); + hl[2] = al2 = (a & 0xffff) | (b << 16); - const { blockSize, keySize } = mod.getCipher(algo); - const key = await this.s2k.produceKey(passphrase, keySize); + h = ah3; + l = al3; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, key); - this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); - } else if (this.encrypted !== null) { - const decrypted = await mod.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); - this.sessionKey = decrypted.subarray(1, decrypted.length); - } else { - this.sessionKey = key; - } - } + h = hh[3]; + l = hl[3]; - /** - * Encrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - this.sessionKeyEncryptionAlgorithm = algo; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); + hh[3] = ah3 = (c & 0xffff) | (d << 16); + hl[3] = al3 = (a & 0xffff) | (b << 16); - const { blockSize, keySize } = mod.getCipher(algo); - const encryptionKey = await this.s2k.produceKey(passphrase, keySize); + h = ah4; + l = al4; - if (this.sessionKey === null) { - this.sessionKey = mod.generateSessionKey(this.sessionKeyAlgorithm); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(mode.ivLength); // generate new random IV - const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, encryptionKey); - this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData); - } else { - const toEncrypt = util.concatUint8Array([ - new Uint8Array([this.sessionKeyAlgorithm]), - this.sessionKey - ]); - this.encrypted = await mod.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config$1); - } + h = hh[4]; + l = hl[4]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[4] = ah4 = (c & 0xffff) | (d << 16); + hl[4] = al4 = (a & 0xffff) | (b << 16); + + h = ah5; + l = al5; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[5]; + l = hl[5]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[5] = ah5 = (c & 0xffff) | (d << 16); + hl[5] = al5 = (a & 0xffff) | (b << 16); + + h = ah6; + l = al6; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[6]; + l = hl[6]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[6] = ah6 = (c & 0xffff) | (d << 16); + hl[6] = al6 = (a & 0xffff) | (b << 16); + + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[7]; + l = hl[7]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[7] = ah7 = (c & 0xffff) | (d << 16); + hl[7] = al7 = (a & 0xffff) | (b << 16); + + pos += 128; + n -= 128; } + + return n; } - // GPG4Browsers - An OpenPGP implementation in javascript + function crypto_hash(out, m, n) { + var hh = new Int32Array(8), + hl = new Int32Array(8), + x = new Uint8Array(256), + i, b = n; - /** - * Implementation of the Key Material Packet (Tag 5,6,7,14) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: - * A key material packet contains all the information about a public or - * private key. There are four variants of this packet type, and two - * major versions. - * - * A Public-Key packet starts a series of packets that forms an OpenPGP - * key (sometimes called an OpenPGP certificate). - */ - class PublicKeyPacket { - static get tag() { - return enums.packet.publicKey; - } + hh[0] = 0x6a09e667; + hh[1] = 0xbb67ae85; + hh[2] = 0x3c6ef372; + hh[3] = 0xa54ff53a; + hh[4] = 0x510e527f; + hh[5] = 0x9b05688c; + hh[6] = 0x1f83d9ab; + hh[7] = 0x5be0cd19; - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - /** - * Packet version - * @type {Integer} - */ - this.version = config$1.v5Keys ? 5 : 4; - /** - * Key creation date. - * @type {Date} - */ - this.created = util.normalizeDate(date); - /** - * Public key algorithm. - * @type {enums.publicKey} - */ - this.algorithm = null; - /** - * Algorithm specific public params - * @type {Object} - */ - this.publicParams = null; - /** - * Time until expiration in days (V3 only) - * @type {Integer} - */ - this.expirationTimeV3 = 0; - /** - * Fingerprint bytes - * @type {Uint8Array} - */ - this.fingerprint = null; - /** - * KeyID - * @type {module:type/keyid~KeyID} - */ - this.keyID = null; - } + hl[0] = 0xf3bcc908; + hl[1] = 0x84caa73b; + hl[2] = 0xfe94f82b; + hl[3] = 0x5f1d36f1; + hl[4] = 0xade682d1; + hl[5] = 0x2b3e6c1f; + hl[6] = 0xfb41bd6b; + hl[7] = 0x137e2179; + + crypto_hashblocks_hl(hh, hl, m, n); + n %= 128; + + for (i = 0; i < n; i++) x[i] = m[b-n+i]; + x[n] = 128; + + n = 256-128*(n<112?1:0); + x[n-9] = 0; + ts64(x, n-8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(hh, hl, x, n); + + for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); + + return 0; + } + + function add$1(p, q) { + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(), + g = gf(), h = gf(), t = gf(); + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); - /** - * Create a PublicKeyPacket from a SecretKeyPacket - * @param {SecretKeyPacket} secretKeyPacket - key packet to convert - * @returns {PublicKeyPacket} public key packet - * @static - */ - static fromSecretKeyPacket(secretKeyPacket) { - const keyPacket = new PublicKeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); + } + + function cswap(p, q, b) { + var i; + for (i = 0; i < 4; i++) { + sel25519(p[i], q[i], b); } + } - /** - * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} - * @param {Uint8Array} bytes - Input array to read the packet from - * @returns {Object} This object with attributes set by the parser - * @async - */ - async read(bytes) { - let pos = 0; - // A one-octet version number (3, 4 or 5). - this.version = bytes[pos++]; + function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; + } - if (this.version === 4 || this.version === 5) { - // - A four-octet number denoting the time that the key was created. - this.created = util.readDate(bytes.subarray(pos, pos + 4)); - pos += 4; + function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = (s[(i/8)|0] >> (i&7)) & 1; + cswap(p, q, b); + add$1(q, p); + add$1(p, p); + cswap(p, q, b); + } + } - // - A one-octet number denoting the public-key algorithm of this key. - this.algorithm = bytes[pos++]; + function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); + } - if (this.version === 5) { - // - A four-octet scalar octet count for the following key material. - pos += 4; - } + function crypto_sign_keypair(pk, sk, seeded) { + var d = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()]; + var i; - // - A series of values comprising the key material. - const { read, publicParams } = mod.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); - this.publicParams = publicParams; - pos += read; + if (!seeded) randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; - // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor - await this.computeFingerprintAndKeyID(); - return pos; - } - throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); - } + scalarbase(p, d); + pack(pk, p); - /** - * Creates an OpenPGP public key packet for the given key. - * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. - */ - write() { - const arr = []; - // Version - arr.push(new Uint8Array([this.version])); - arr.push(util.writeDate(this.created)); - // A one-octet number denoting the public-key algorithm of this key - arr.push(new Uint8Array([this.algorithm])); + for (i = 0; i < 32; i++) sk[i+32] = pk[i]; + return 0; + } - const params = mod.serializeParams(this.algorithm, this.publicParams); - if (this.version === 5) { - // A four-octet scalar octet count for the following key material - arr.push(util.writeNumber(params.length, 4)); + var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); + + function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = Math.floor((x[j] + 128) / 256); + x[j] -= carry * 256; } - // Algorithm-specific params - arr.push(params); - return util.concatUint8Array(arr); + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; j++) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; j++) x[j] -= carry * L[j]; + for (i = 0; i < 32; i++) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; } + } - /** - * Write packet in order to be hashed; either for a signature or a fingerprint - * @param {Integer} version - target version of signature or key - */ - writeForHash(version) { - const bytes = this.writePublicKey(); + function reduce(r) { + var x = new Float64Array(64), i; + for (i = 0; i < 64; i++) x[i] = r[i]; + for (i = 0; i < 64; i++) r[i] = 0; + modL(r, x); + } - if (version === 5) { - return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]); - } - return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]); - } + // Note: difference from C - smlen returned, not passed as argument. + function crypto_sign(sm, m, n, sk) { + var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; - /** - * Check whether secret-key data is available in decrypted form. Returns null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return null; - } + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; - /** - * Returns the creation time of the key - * @returns {Date} - */ - getCreationTime() { - return this.created; - } + var smlen = n + 64; + for (i = 0; i < n; i++) sm[64 + i] = m[i]; + for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - /** - * Return the key ID of the key - * @returns {module:type/keyid~KeyID} The 8-byte key ID - */ - getKeyID() { - return this.keyID; - } + crypto_hash(r, sm.subarray(32), n+32); + reduce(r); + scalarbase(p, r); + pack(sm, p); - /** - * Computes and set the key ID and fingerprint of the key - * @async - */ - async computeFingerprintAndKeyID() { - await this.computeFingerprint(); - this.keyID = new KeyID(); + for (i = 32; i < 64; i++) sm[i] = sk[i]; + crypto_hash(h, sm, n + 64); + reduce(h); - if (this.version === 5) { - this.keyID.read(this.fingerprint.subarray(0, 8)); - } else if (this.version === 4) { - this.keyID.read(this.fingerprint.subarray(12, 20)); - } else { - throw new Error('Unsupported key version'); + for (i = 0; i < 64; i++) x[i] = 0; + for (i = 0; i < 32; i++) x[i] = r[i]; + for (i = 0; i < 32; i++) { + for (j = 0; j < 32; j++) { + x[i+j] += h[i] * d[j]; } } - /** - * Computes and set the fingerprint of the key - */ - async computeFingerprint() { - const toHash = this.writeForHash(this.version); + modL(sm.subarray(32), x); + return smlen; + } - if (this.version === 5) { - this.fingerprint = await mod.hash.sha256(toHash); - } else if (this.version === 4) { - this.fingerprint = await mod.hash.sha1(toHash); - } else { - throw new Error('Unsupported key version'); - } - } + function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), + den = gf(), den2 = gf(), den4 = gf(), + den6 = gf(); - /** - * Returns the fingerprint of the key, as an array of bytes - * @returns {Uint8Array} A Uint8Array containing the fingerprint - */ - getFingerprintBytes() { - return this.fingerprint; - } + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); - /** - * Calculates and returns the fingerprint of the key, as a string - * @returns {String} A string containing the fingerprint in lowercase hex - */ - getFingerprint() { - return util.uint8ArrayToHex(this.getFingerprintBytes()); - } + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); + + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); + + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) M(r[0], r[0], I); - /** - * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint - * @returns {Boolean} Whether the two keys have the same version and public key data. - */ - hasSameFingerprintAs(other) { - return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); - } + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) return -1; - /** - * Returns algorithm information - * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. - */ - getAlgorithmInfo() { - const result = {}; - result.algorithm = enums.read(enums.publicKey, this.algorithm); - // RSA, DSA or ElGamal public modulo - const modulo = this.publicParams.n || this.publicParams.p; - if (modulo) { - result.bits = util.uint8ArrayBitLength(modulo); - } else if (this.publicParams.oid) { - result.curve = this.publicParams.oid.getName(); - } - return result; - } + if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); + + M(r[3], r[0], r[1]); + return 0; } - /** - * Alias of read() - * @see PublicKeyPacket#read - */ - PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; + function crypto_sign_open(m, sm, n, pk) { + var i; + var t = new Uint8Array(32), h = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()], + q = [gf(), gf(), gf(), gf()]; - /** - * Alias of write() - * @see PublicKeyPacket#write - */ - PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + if (n < 64) return -1; - // GPG4Browsers - An OpenPGP implementation in javascript + if (unpackneg(q, pk)) return -1; - // A SE packet can contain the following packet types - const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket - ]); + for (i = 0; i < n; i++) m[i] = sm[i]; + for (i = 0; i < 32; i++) m[i+32] = pk[i]; + crypto_hash(h, m, n); + reduce(h); + scalarmult(p, q, h); - /** - * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: - * The Symmetrically Encrypted Data packet contains data encrypted with a - * symmetric-key algorithm. When it has been decrypted, it contains other - * packets (usually a literal data packet or compressed data packet, but in - * theory other Symmetrically Encrypted Data packets or sequences of packets - * that form whole OpenPGP messages). - */ - class SymmetricallyEncryptedDataPacket { - static get tag() { - return enums.packet.symmetricallyEncryptedData; - } + scalarbase(q, sm.subarray(32)); + add$1(p, q); + pack(t, p); - constructor() { - /** - * Encrypted secret-key data - */ - this.encrypted = null; - /** - * Decrypted packets contained within. - * @type {PacketList} - */ - this.packets = null; + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; i++) m[i] = 0; + return -1; } - read(bytes) { - this.encrypted = bytes; - } + for (i = 0; i < n; i++) m[i] = sm[i + 64]; + return n; + } - write() { - return this.encrypted; + var crypto_scalarmult_BYTES = 32, + crypto_scalarmult_SCALARBYTES = 32, + crypto_box_PUBLICKEYBYTES = 32, + crypto_box_SECRETKEYBYTES = 32, + crypto_sign_BYTES = 64, + crypto_sign_PUBLICKEYBYTES = 32, + crypto_sign_SECRETKEYBYTES = 64, + crypto_sign_SEEDBYTES = 32; + + function checkArrayTypes() { + for (var i = 0; i < arguments.length; i++) { + if (!(arguments[i] instanceof Uint8Array)) + throw new TypeError('unexpected type, use Uint8Array'); } + } - /** - * Decrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config + function cleanup(arr) { + for (var i = 0; i < arr.length; i++) arr[i] = 0; + } - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error - if (!config$1.allowUnauthenticatedMessages) { - throw new Error('Message is not authenticated.'); - } + nacl.scalarMult = function(n, p) { + checkArrayTypes(n, p); + if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); + if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); + var q = new Uint8Array(crypto_scalarmult_BYTES); + crypto_scalarmult(q, n, p); + return q; + }; - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - const encrypted = await readToEnd(clone(this.encrypted)); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, - encrypted.subarray(blockSize + 2), - encrypted.subarray(2, blockSize + 2) - ); + nacl.box = {}; - this.packets = await PacketList.fromBinary(decrypted, allowedPackets$3, config$1); - } + nacl.box.keyPair = function() { + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); + crypto_box_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; + }; - /** - * Encrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const data = this.packets.write(); - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); + nacl.box.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_box_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + crypto_scalarmult_base(pk, secretKey); + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; + }; - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const FRE = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); - const ciphertext = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); - this.encrypted = util.concat([FRE, ciphertext]); - } - } + nacl.sign = function(msg, secretKey) { + checkArrayTypes(msg, secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); + crypto_sign(signedMsg, msg, msg.length, secretKey); + return signedMsg; + }; - // GPG4Browsers - An OpenPGP implementation in javascript + nacl.sign.detached = function(msg, secretKey) { + var signedMsg = nacl.sign(msg, secretKey); + var sig = new Uint8Array(crypto_sign_BYTES); + for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; + return sig; + }; - /** - * Implementation of the strange "Marker packet" (Tag 10) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: - * An experimental version of PGP used this packet as the Literal - * packet, but no released version of PGP generated Literal packets with this - * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as - * the Marker packet. - * - * The body of this packet consists of: - * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). - * - * Such a packet MUST be ignored when received. It may be placed at the - * beginning of a message that uses features not available in PGP - * version 2.6 in order to cause that version to report that newer - * software is necessary to process the message. - */ - class MarkerPacket { - static get tag() { - return enums.packet.marker; + nacl.sign.detached.verify = function(msg, sig, publicKey) { + checkArrayTypes(msg, sig, publicKey); + if (sig.length !== crypto_sign_BYTES) + throw new Error('bad signature size'); + if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) + throw new Error('bad public key size'); + var sm = new Uint8Array(crypto_sign_BYTES + msg.length); + var m = new Uint8Array(crypto_sign_BYTES + msg.length); + var i; + for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; + for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; + return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); + }; + + nacl.sign.keyPair = function() { + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + crypto_sign_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; + }; + + nacl.sign.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; + }; + + nacl.sign.keyPair.fromSeed = function(seed) { + checkArrayTypes(seed); + if (seed.length !== crypto_sign_SEEDBYTES) + throw new Error('bad seed size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + for (var i = 0; i < 32; i++) sk[i] = seed[i]; + crypto_sign_keypair(pk, sk, true); + return {publicKey: pk, secretKey: sk}; + }; + + nacl.setPRNG = function(fn) { + randombytes = fn; + }; + + (function() { + // Initialize PRNG if environment provides CSPRNG. + // If not, methods calling randombytes will throw. + if (crypto$3 && crypto$3.getRandomValues) { + // Browsers and Node v16+ + var QUOTA = 65536; + nacl.setPRNG(function(x, n) { + var i, v = new Uint8Array(n); + for (i = 0; i < n; i += QUOTA) { + crypto$3.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); + } + for (i = 0; i < n; i++) x[i] = v[i]; + cleanup(v); + }); } + })(); - /** - * Parsing function for a marker data packet (tag 10). - * @param {Uint8Array} bytes - Payload of a tag 10 packet - * @returns {Boolean} whether the packet payload contains "PGP" - */ - read(bytes) { - if (bytes[0] === 0x50 && // P - bytes[1] === 0x47 && // G - bytes[2] === 0x50) { // P - return true; - } - return false; - } + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - write() { - return new Uint8Array([0x50, 0x47, 0x50]); - } - } - // GPG4Browsers - An OpenPGP implementation in javascript + const knownOIDs = { + '2a8648ce3d030107': enums.curve.nistP256, + '2b81040022': enums.curve.nistP384, + '2b81040023': enums.curve.nistP521, + '2b8104000a': enums.curve.secp256k1, + '2b06010401da470f01': enums.curve.ed25519Legacy, + '2b060104019755010501': enums.curve.curve25519Legacy, + '2b2403030208010107': enums.curve.brainpoolP256r1, + '2b240303020801010b': enums.curve.brainpoolP384r1, + '2b240303020801010d': enums.curve.brainpoolP512r1 + }; - /** - * A Public-Subkey packet (tag 14) has exactly the same format as a - * Public-Key packet, but denotes a subkey. One or more subkeys may be - * associated with a top-level key. By convention, the top-level key - * provides signature services, and the subkeys provide encryption - * services. - * @extends PublicKeyPacket - */ - class PublicSubkeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.publicSubkey; + class OID { + constructor(oid) { + if (oid instanceof OID) { + this.oid = oid.oid; + } else if (util.isArray(oid) || + util.isUint8Array(oid)) { + oid = new Uint8Array(oid); + if (oid[0] === 0x06) { // DER encoded oid byte array + if (oid[1] !== oid.length - 2) { + throw new Error('Length mismatch in DER encoded oid'); + } + oid = oid.subarray(2); + } + this.oid = oid; + } else { + this.oid = ''; + } } /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config + * Method to read an OID object + * @param {Uint8Array} input - Where to read the OID from + * @returns {Number} Number of read bytes. */ - // eslint-disable-next-line no-useless-constructor - constructor(date, config) { - super(date, config); + read(input) { + if (input.length >= 1) { + const length = input[0]; + if (input.length >= 1 + length) { + this.oid = input.subarray(1, 1 + length); + return 1 + this.oid.length; + } + } + throw new Error('Invalid oid'); } /** - * Create a PublicSubkeyPacket from a SecretSubkeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert - * @returns {SecretSubkeyPacket} public key packet - * @static + * Serialize an OID object + * @returns {Uint8Array} Array with the serialized value the OID. */ - static fromSecretSubkeyPacket(secretSubkeyPacket) { - const keyPacket = new PublicSubkeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } - } - - // GPG4Browsers - An OpenPGP implementation in javascript - - /** - * Implementation of the User Attribute Packet (Tag 17) - * - * The User Attribute packet is a variation of the User ID packet. It - * is capable of storing more types of data than the User ID packet, - * which is limited to text. Like the User ID packet, a User Attribute - * packet may be certified by the key owner ("self-signed") or any other - * key owner who cares to certify it. Except as noted, a User Attribute - * packet may be used anywhere that a User ID packet may be used. - * - * While User Attribute packets are not a required part of the OpenPGP - * standard, implementations SHOULD provide at least enough - * compatibility to properly handle a certification signature on the - * User Attribute packet. A simple way to do this is by treating the - * User Attribute packet as a User ID packet with opaque contents, but - * an implementation may use any method desired. - */ - class UserAttributePacket { - static get tag() { - return enums.packet.userAttribute; - } - - constructor() { - this.attributes = []; + write() { + return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); } /** - * parsing function for a user attribute packet (tag 17). - * @param {Uint8Array} input - Payload of a tag 17 packet + * Serialize an OID object as a hex string + * @returns {string} String with the hex value of the OID. */ - read(bytes) { - let i = 0; - while (i < bytes.length) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); - i += len.len; - } + toHex() { + return util.uint8ArrayToHex(this.oid); } /** - * Creates a binary representation of the user attribute packet - * @returns {Uint8Array} String representation. + * If a known curve object identifier, return the canonical name of the curve + * @returns {enums.curve} String with the canonical name of the curve + * @throws if unknown */ - write() { - const arr = []; - for (let i = 0; i < this.attributes.length; i++) { - arr.push(writeSimpleLength(this.attributes[i].length)); - arr.push(util.stringToUint8Array(this.attributes[i])); + getName() { + const name = knownOIDs[this.toHex()]; + if (!name) { + throw new Error('Unknown curve object identifier.'); } - return util.concatUint8Array(arr); - } - /** - * Compare for equality - * @param {UserAttributePacket} usrAttr - * @returns {Boolean} True if equal. - */ - equals(usrAttr) { - if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { - return false; - } - return this.attributes.every(function(attr, index) { - return attr === usrAttr.attributes[index]; - }); + return name; } } // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /** - * A Secret-Key packet contains all the information that is found in a - * Public-Key packet, including the public-key material, but also - * includes the secret-key material after all the public-key fields. - * @extends PublicKeyPacket - */ - class SecretKeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.secretKey; - } - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - /** - * Secret-key data - */ - this.keyMaterial = null; - /** - * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. - */ - this.isEncrypted = null; - /** - * S2K usage - * @type {enums.symmetric} - */ - this.s2kUsage = 0; - /** - * S2K object - * @type {type/s2k} - */ - this.s2k = null; - /** - * Symmetric algorithm to encrypt the key with - * @type {enums.symmetric} - */ - this.symmetric = null; - /** - * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aead = null; - /** - * Decrypted private parameters, referenced by name - * @type {Object} - */ - this.privateParams = null; - } + function readSimpleLength(bytes) { + let len = 0; + let offset; + const type = bytes[0]; - // 5.5.3. Secret-Key Packet Formats - /** - * Internal parser for private keys as specified in - * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} - * @param {Uint8Array} bytes - Input string to read the packet from - * @async - */ - async read(bytes) { - // - A Public-Key or Public-Subkey packet, as described above. - let i = await this.readPublicKey(bytes); - const startOfSecretKeyData = i; + if (type < 192) { + [len] = bytes; + offset = 1; + } else if (type < 255) { + len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; + offset = 2; + } else if (type === 255) { + len = util.readNumber(bytes.subarray(1, 1 + 4)); + offset = 5; + } - // - One octet indicating string-to-key usage conventions. Zero - // indicates that the secret-key data is not encrypted. 255 or 254 - // indicates that a string-to-key specifier is being given. Any - // other value is a symmetric-key encryption algorithm identifier. - this.s2kUsage = bytes[i++]; + return { + len: len, + offset: offset + }; + } - // - Only for a version 5 packet, a one-octet scalar octet count of - // the next 4 optional fields. - if (this.version === 5) { - i++; - } + /** + * Encodes a given integer of length to the openpgp length specifier to a + * string + * + * @param {Integer} length - The length to encode + * @returns {Uint8Array} String with openpgp length representation. + */ + function writeSimpleLength(length) { + if (length < 192) { + return new Uint8Array([length]); + } else if (length > 191 && length < 8384) { + /* + * let a = (total data packet length) - 192 let bc = two octet + * representation of a let d = b + 192 + */ + return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); + } + return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); + } - try { - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one-octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - this.symmetric = bytes[i++]; + function writePartialLength(power) { + if (power < 0 || power > 30) { + throw new Error('Partial Length power must be between 1 and 30'); + } + return new Uint8Array([224 + power]); + } - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - this.aead = bytes[i++]; - } + function writeTag(tag_type) { + /* we're only generating v4 packet headers here */ + return new Uint8Array([0xC0 | tag_type]); + } - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - this.s2k = new S2K(); - i += this.s2k.read(bytes.subarray(i, bytes.length)); + /** + * Writes a packet header version 4 with the given tag_type and length to a + * string + * + * @param {Integer} tag_type - Tag type + * @param {Integer} length - Length of the payload + * @returns {String} String of the header. + */ + function writeHeader(tag_type, length) { + /* we're only generating v4 packet headers here */ + return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); + } - if (this.s2k.type === 'gnu-dummy') { - return; - } - } else if (this.s2kUsage) { - this.symmetric = this.s2kUsage; - } + /** + * Whether the packet type supports partial lengths per RFC4880 + * @param {Integer} tag - Tag type + * @returns {Boolean} String of the header. + */ + function supportsStreaming(tag) { + return [ + enums.packet.literalData, + enums.packet.compressedData, + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ].includes(tag); + } - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage) { - this.iv = bytes.subarray( - i, - i + mod.getCipher(this.symmetric).blockSize - ); + /** + * Generic static Packet Parser function + * + * @param {Uint8Array | ReadableStream} input - Input stream as string + * @param {Function} callback - Function to call with the parsed packet + * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. + */ + async function readPackets(input, callback) { + const reader = getReader(input); + let writer; + let callbackReturned; + try { + const peekedBytes = await reader.peekBytes(2); + // some sanity checks + if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { + throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); + } + const headerByte = await reader.readByte(); + let tag = -1; + let format = -1; + let packetLength; - i += this.iv.length; - } - } catch (e) { - // if the s2k is unsupported, we still want to support encrypting and verifying with the given key - if (!this.s2kUsage) throw e; // always throw for decrypted keys - this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); - this.isEncrypted = true; + format = 0; // 0 = old format; 1 = new format + if ((headerByte & 0x40) !== 0) { + format = 1; } - // - Only for a version 5 packet, a four-octet scalar octet count for - // the following key material. - if (this.version === 5) { - i += 4; + let packetLengthType; + if (format) { + // new format header + tag = headerByte & 0x3F; // bit 5-0 + } else { + // old format header + tag = (headerByte & 0x3F) >> 2; // bit 5-2 + packetLengthType = headerByte & 0x03; // bit 1-0 } - // - Plain or encrypted multiprecision integers comprising the secret - // key data. These algorithm-specific fields are as described - // below. - this.keyMaterial = bytes.subarray(i); - this.isEncrypted = !!this.s2kUsage; + const packetSupportsStreaming = supportsStreaming(tag); + let packet = null; + if (packetSupportsStreaming) { + if (util.isStream(input) === 'array') { + const arrayStream = new ArrayStream(); + writer = getWriter(arrayStream); + packet = arrayStream; + } else { + const transform = new TransformStream(); + writer = getWriter(transform.writable); + packet = transform.readable; + } + // eslint-disable-next-line callback-return + callbackReturned = callback({ tag, packet }); + } else { + packet = []; + } - if (!this.isEncrypted) { - const cleartext = this.keyMaterial.subarray(0, -2); - if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { - throw new Error('Key checksum mismatch'); + let wasPartialLength; + do { + if (!format) { + // 4.2.1. Old Format Packet Lengths + switch (packetLengthType) { + case 0: + // The packet has a one-octet length. The header is 2 octets + // long. + packetLength = await reader.readByte(); + break; + case 1: + // The packet has a two-octet length. The header is 3 octets + // long. + packetLength = (await reader.readByte() << 8) | await reader.readByte(); + break; + case 2: + // The packet has a four-octet length. The header is 5 + // octets long. + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + break; + default: + // 3 - The packet is of indeterminate length. The header is 1 + // octet long, and the implementation must determine how long + // the packet is. If the packet is in a file, this means that + // the packet extends until the end of the file. In general, + // an implementation SHOULD NOT use indeterminate-length + // packets except where the end of the data will be clear + // from the context, and even then it is better to use a + // definite length, or a new format header. The new format + // headers described below have a mechanism for precisely + // encoding data of indeterminate length. + packetLength = Infinity; + break; + } + } else { // 4.2.2. New Format Packet Lengths + // 4.2.2.1. One-Octet Lengths + const lengthByte = await reader.readByte(); + wasPartialLength = false; + if (lengthByte < 192) { + packetLength = lengthByte; + // 4.2.2.2. Two-Octet Lengths + } else if (lengthByte >= 192 && lengthByte < 224) { + packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; + // 4.2.2.4. Partial Body Lengths + } else if (lengthByte > 223 && lengthByte < 255) { + packetLength = 1 << (lengthByte & 0x1F); + wasPartialLength = true; + if (!packetSupportsStreaming) { + throw new TypeError('This packet type does not support partial lengths.'); + } + // 4.2.2.3. Five-Octet Lengths + } else { + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + } } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - if (err instanceof UnsupportedError) throw err; - // avoid throwing potentially sensitive errors - throw new Error('Error reading MPIs'); + if (packetLength > 0) { + let bytesRead = 0; + while (true) { + if (writer) await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (packetLength === Infinity) break; + throw new Error('Unexpected end of packet'); + } + const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); + if (writer) await writer.write(chunk); + else packet.push(chunk); + bytesRead += value.length; + if (bytesRead >= packetLength) { + reader.unshift(value.subarray(packetLength - bytesRead + value.length)); + break; + } + } } + } while (wasPartialLength); + + // If this was not a packet that "supports streaming", we peek to check + // whether it is the last packet in the message. We peek 2 bytes instead + // of 1 because the beginning of this function also peeks 2 bytes, and we + // want to cut a `subarray` of the correct length into `web-stream-tools`' + // `externalBuffer` as a tiny optimization here. + // + // If it *was* a streaming packet (i.e. the data packets), we peek at the + // entire remainder of the stream, in order to forward errors in the + // remainder of the stream to the packet data. (Note that this means we + // read/peek at all signature packets before closing the literal data + // packet, for example.) This forwards MDC errors to the literal data + // stream, for example, so that they don't get lost / forgotten on + // decryptedMessage.packets.stream, which we never look at. + // + // An example of what we do when stream-parsing a message containing + // [ one-pass signature packet, literal data packet, signature packet ]: + // 1. Read the one-pass signature packet + // 2. Peek 2 bytes of the literal data packet + // 3. Parse the one-pass signature packet + // + // 4. Read the literal data packet, simultaneously stream-parsing it + // 5. Peek until the end of the message + // 6. Finish parsing the literal data packet + // + // 7. Read the signature packet again (we already peeked at it in step 5) + // 8. Peek at the end of the stream again (`peekBytes` returns undefined) + // 9. Parse the signature packet + // + // Note that this means that if there's an error in the very end of the + // stream, such as an MDC error, we throw in step 5 instead of in step 8 + // (or never), which is the point of this exercise. + const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); + if (writer) { + await writer.ready; + await writer.close(); + } else { + packet = util.concatUint8Array(packet); + // eslint-disable-next-line callback-return + await callback({ tag, packet }); } - } - - /** - * Creates an OpenPGP key packet for the given key. - * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. - */ - write() { - const serializedPublicKey = this.writePublicKey(); - if (this.unparseableKeyMaterial) { - return util.concatUint8Array([ - serializedPublicKey, - this.unparseableKeyMaterial - ]); + return !nextPacket || !nextPacket.length; + } catch (e) { + if (writer) { + await writer.abort(e); + return true; + } else { + throw e; } - - const arr = [serializedPublicKey]; - arr.push(new Uint8Array([this.s2kUsage])); - - const optionalFieldsArr = []; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one- octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - optionalFieldsArr.push(this.symmetric); - - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - optionalFieldsArr.push(this.aead); - } - - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - optionalFieldsArr.push(...this.s2k.write()); + } finally { + if (writer) { + await callbackReturned; } + reader.releaseLock(); + } + } - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { - optionalFieldsArr.push(...this.iv); - } + class UnsupportedError extends Error { + constructor(...params) { + super(...params); - if (this.version === 5) { - arr.push(new Uint8Array([optionalFieldsArr.length])); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - arr.push(new Uint8Array(optionalFieldsArr)); - if (!this.isDummy()) { - if (!this.s2kUsage) { - this.keyMaterial = mod.serializeParams(this.algorithm, this.privateParams); - } + this.name = 'UnsupportedError'; + } + } - if (this.version === 5) { - arr.push(util.writeNumber(this.keyMaterial.length, 4)); - } - arr.push(this.keyMaterial); + // unknown packet types are handled differently depending on the packet criticality + class UnknownPacketError extends UnsupportedError { + constructor(...params) { + super(...params); - if (!this.s2kUsage) { - arr.push(util.writeChecksum(this.keyMaterial)); - } + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - return util.concatUint8Array(arr); - } - - /** - * Check whether secret-key data is available in decrypted form. - * Returns false for gnu-dummy keys and null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return this.isEncrypted === false; + this.name = 'UnknownPacketError'; } + } - /** - * Check whether the key includes secret key material. - * Some secret keys do not include it, and can thus only be used - * for public-key operations (encryption and verification). - * Such keys are: - * - GNU-dummy keys, where the secret material has been stripped away - * - encrypted keys with unsupported S2K or cipher - */ - isMissingSecretKeyMaterial() { - return this.unparseableKeyMaterial !== undefined || this.isDummy(); + class UnparseablePacket { + constructor(tag, rawContent) { + this.tag = tag; + this.rawContent = rawContent; } - /** - * Check whether this is a gnu-dummy key - * @returns {Boolean} - */ - isDummy() { - return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + write() { + return this.rawContent; } + } - /** - * Remove private key material, converting the key to a dummy one. - * The resulting key cannot be used for signing/decrypting but can still verify signatures. - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - makeDummy(config$1 = config) { - if (this.isDummy()) { - return; - } - if (this.isDecrypted()) { - this.clearPrivateParams(); - } - delete this.unparseableKeyMaterial; - this.isEncrypted = null; - this.keyMaterial = null; - this.s2k = new S2K(config$1); - this.s2k.algorithm = 0; - this.s2k.c = 0; - this.s2k.type = 'gnu-dummy'; - this.s2kUsage = 254; - this.symmetric = enums.symmetric.aes256; - } + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2018 Proton Technologies AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /** - * Encrypt the payload. By default, we use aes256 and iterated, salted string - * to key specifier. If the key is in a decrypted state (isEncrypted === false) - * and the passphrase is empty or undefined, the key will be set as not encrypted. - * This can be used to remove passphrase protection after calling decrypt(). - * @param {String} passphrase - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - if (this.isDummy()) { - return; - } - if (!this.isDecrypted()) { - throw new Error('Key packet is already encrypted'); - } - if (!passphrase) { - throw new Error('A non-empty passphrase is required for key encryption.'); - } + /** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} + */ + async function generate$3(algo) { + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']); - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - const cleartext = mod.serializeParams(this.algorithm, this.privateParams); - this.symmetric = enums.symmetric.aes256; - const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); + const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey); - const { blockSize } = mod.getCipher(this.symmetric); - this.iv = mod.random.getRandomBytes(blockSize); + return { + A: new Uint8Array(b64ToUint8Array(publicKey.x)), + seed: b64ToUint8Array(privateKey.d, true) + }; + } catch (err) { + if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux + throw err; + } + const seed = getRandomBytes(getPayloadSize$1(algo)); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } - if (config$1.aeadProtect) { - this.s2kUsage = 253; - this.aead = enums.aead.eax; - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } else { - this.s2kUsage = 254; - this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ - cleartext, - await mod.hash.sha1(cleartext, config$1) - ]), this.iv, config$1); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const seed = ed448.utils.randomPrivateKey(); + const A = ed448.getPublicKey(seed); + return { A, seed }; } + default: + throw new Error('Unsupported EdDSA algorithm'); } + } - /** - * Decrypts the private key params which are needed to use the key. - * Successful decryption does not imply key integrity, call validate() to confirm that. - * {@link SecretKeyPacket.isDecrypted} should be false, as - * otherwise calls to this function will throw an error. - * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if the key is already decrypted, or if decryption was not successful - * @async - */ - async decrypt(passphrase) { - if (this.isDummy()) { - return false; - } + /** + * Sign a message using the provided key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * RS: Uint8Array + * }>} Signature of the message + * @async + */ + async function sign$5(algo, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = privateKeyToJWK(algo, publicKey, privateKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']); - if (this.unparseableKeyMaterial) { - throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); - } + const signature = new Uint8Array( + await webCrypto.sign('Ed25519', key, hashed) + ); - if (this.isDecrypted()) { - throw new Error('Key packet is already decrypted.'); - } + return { RS: signature }; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } - let key; - if (this.s2kUsage === 254 || this.s2kUsage === 253) { - key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - } else if (this.s2kUsage === 255) { - throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); - } else { - throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const signature = ed448.sign(hashed, privateKey); + return { RS: signature }; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } - let cleartext; - if (this.s2kUsage === 253) { - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); + } + + /** + * Verifies if a signature is valid for a message + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{ RS: Uint8Array }} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ + async function verify$5(algo, hashAlgo, { RS }, m, publicKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: try { - cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array()); + const webCrypto = util.getWebCrypto(); + const jwk = publicKeyToJWK(algo, publicKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']); + const verified = await webCrypto.verify('Ed25519', key, RS, hashed); + return verified; } catch (err) { - if (err.message === 'Authentication tag mismatch') { - throw new Error('Incorrect key passphrase: ' + err.message); + if (err.name !== 'NotSupportedError') { + throw err; } - throw err; - } - } else { - const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); - - cleartext = cleartextWithHash.subarray(0, -20); - const hash = await mod.hash.sha1(cleartext); - - if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { - throw new Error('Incorrect key passphrase'); + return nacl.sign.detached.verify(hashed, RS, publicKey); } - } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - throw new Error('Error reading MPIs'); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + return ed448.verify(RS, hashed, publicKey); } - this.isEncrypted = false; - this.keyMaterial = null; - this.s2kUsage = 0; + default: + throw new Error('Unsupported EdDSA algorithm'); } - - /** - * Checks that the key parameters are consistent - * @throws {Error} if validation was not successful - * @async - */ - async validate() { - if (this.isDummy()) { - return; + } + /** + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point + * @param {Uint8Array} seed - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$7(algo, A, seed) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(seed); + return util.equalsUint8Array(A, publicKey); } - if (!this.isDecrypted()) { - throw new Error('Key is not decrypted'); - } + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); - let validParams; - try { - // this can throw if some parameters are undefined - validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); - } catch (_) { - validParams = false; - } - if (!validParams) { - throw new Error('Key is invalid'); + const publicKey = ed448.getPublicKey(seed); + return util.equalsUint8Array(A, publicKey); } + default: + return false; } + } - async generate(bits, curve) { - const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); - this.privateParams = privateParams; - this.publicParams = publicParams; - this.isEncrypted = false; - } + function getPayloadSize$1(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return 32; - /** - * Clear private key parameters - */ - clearPrivateParams() { - if (this.isMissingSecretKeyMaterial()) { - return; - } + case enums.publicKey.ed448: + return 57; - Object.keys(this.privateParams).forEach(name => { - const param = this.privateParams[name]; - param.fill(0); - delete this.privateParams[name]; - }); - this.privateParams = null; - this.isEncrypted = true; + default: + throw new Error('Unsupported EdDSA algorithm'); } } - async function produceEncryptionKey(s2k, passphrase, algorithm) { - const { keySize } = mod.getCipher(algorithm); - return s2k.produceKey(passphrase, keySize); + function getPreferredHashAlgo$2(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return enums.hash.sha256; + case enums.publicKey.ed448: + return enums.hash.sha512; + default: + throw new Error('Unknown EdDSA algo'); + } } - var emailAddresses = createCommonjsModule(function (module) { - // email-addresses.js - RFC 5322 email address parser - // v 3.1.0 - // - // http://tools.ietf.org/html/rfc5322 - // - // This library does not validate email addresses. - // emailAddresses attempts to parse addresses using the (fairly liberal) - // grammar specified in RFC 5322. - // - // email-addresses returns { - // ast: , - // addresses: [{ - // node: , - // name: , - // address: , - // local: , - // domain: - // }, ...] - // } - // - // emailAddresses.parseOneAddress and emailAddresses.parseAddressList - // work as you might expect. Try it out. - // - // Many thanks to Dominic Sayers and his documentation on the is_email function, - // http://code.google.com/p/isemail/ , which helped greatly in writing this parser. - - (function (global) { - - function parse5322(opts) { - - // tokenizing functions - - function inStr() { return pos < len; } - function curTok() { return parseString[pos]; } - function getPos() { return pos; } - function setPos(i) { pos = i; } - function nextTok() { pos += 1; } - function initialize() { - pos = 0; - len = parseString.length; - } - - // parser helper functions - - function o(name, value) { - return { - name: name, - tokens: value || "", - semantic: value || "", - children: [] - }; - } - - function wrap(name, ast) { - var n; - if (ast === null) { return null; } - n = o(name); - n.tokens = ast.tokens; - n.semantic = ast.semantic; - n.children.push(ast); - return n; - } - - function add(parent, child) { - if (child !== null) { - parent.tokens += child.tokens; - parent.semantic += child.semantic; - } - parent.children.push(child); - return parent; + const publicKeyToJWK = (algo, publicKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = { + kty: 'OKP', + crv: 'Ed25519', + x: uint8ArrayToB64(publicKey), + ext: true + }; + return jwk; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } + }; - function compareToken(fxnCompare) { - var tok; - if (!inStr()) { return null; } - tok = curTok(); - if (fxnCompare(tok)) { - nextTok(); - return o('token', tok); - } - return null; + const privateKeyToJWK = (algo, publicKey, privateKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = publicKeyToJWK(algo, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } + }; - function literal(lit) { - return function literalFunc() { - return wrap('literal', compareToken(function (tok) { - return tok === lit; - })); - }; - } + var eddsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + generate: generate$3, + getPayloadSize: getPayloadSize$1, + getPreferredHashAlgo: getPreferredHashAlgo$2, + sign: sign$5, + validateParams: validateParams$7, + verify: verify$5 + }); - function and() { - var args = arguments; - return function andFunc() { - var i, s, result, start; - start = getPos(); - s = o('and'); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result === null) { - setPos(start); - return null; - } - add(s, result); - } - return s; - }; - } + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function or() { - var args = arguments; - return function orFunc() { - var i, result, start; - start = getPos(); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result !== null) { - return result; - } - setPos(start); - } - return null; - }; - } - function opt(prod) { - return function optFunc() { - var result, start; - start = getPos(); - result = prod(); - if (result !== null) { - return result; - } - else { - setPos(start); - return o('opt'); - } - }; - } + const webCrypto$4 = util.getWebCrypto(); + /** + * AES key wrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} dataToWrap + * @returns {Uint8Array} wrapped key + */ + async function wrap(algo, key, dataToWrap) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - function invis(prod) { - return function invisFunc() { - var result = prod(); - if (result !== null) { - result.semantic = ""; - } - return result; - }; + try { + const wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']); + // Import data as HMAC key, as it has no key length requirements + const keyToWrap = await webCrypto$4.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + const wrapped = await webCrypto$4.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' }); + return new Uint8Array(wrapped); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + } - function colwsp(prod) { - return function collapseSemanticWhitespace() { - var result = prod(); - if (result !== null && result.semantic.length > 0) { - result.semantic = " "; - } - return result; - }; - } + return aeskw(key).encrypt(dataToWrap); + } - function star(prod, minimum) { - return function starFunc() { - var s, result, count, start, min; - start = getPos(); - s = o('star'); - count = 0; - min = minimum === undefined ? 0 : minimum; - while ((result = prod()) !== null) { - count = count + 1; - add(s, result); - } - if (count >= min) { - return s; - } - else { - setPos(start); - return null; - } - }; - } + /** + * AES key unwrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} wrappedData + * @returns {Uint8Array} unwrapped data + */ + async function unwrap(algo, key, wrappedData) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - // One expects names to get normalized like this: - // " First Last " -> "First Last" - // "First Last" -> "First Last" - // "First Last" -> "First Last" - function collapseWhitespace(s) { - return s.replace(/([ \t]|\r\n)+/g, ' ').replace(/^\s*/, '').replace(/\s*$/, ''); + let wrappingKey; + try { + wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + return aeskw(key).decrypt(wrappedData); + } - // UTF-8 pseudo-production (RFC 6532) - // RFC 6532 extends RFC 5322 productions to include UTF-8 - // using the following productions: - // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4 - // UTF8-2 = - // UTF8-3 = - // UTF8-4 = - // - // For reference, the extended RFC 5322 productions are: - // VCHAR =/ UTF8-non-ascii - // ctext =/ UTF8-non-ascii - // atext =/ UTF8-non-ascii - // qtext =/ UTF8-non-ascii - // dtext =/ UTF8-non-ascii - function isUTF8NonAscii(tok) { - // In JavaScript, we just deal directly with Unicode code points, - // so we aren't checking individual bytes for UTF-8 encoding. - // Just check that the character is non-ascii. - return tok.charCodeAt(0) >= 128; - } - - - // common productions (RFC 5234) - // http://tools.ietf.org/html/rfc5234 - // B.1. Core Rules - - // CR = %x0D - // ; carriage return - function cr() { return wrap('cr', literal('\r')()); } - - // CRLF = CR LF - // ; Internet standard newline - function crlf() { return wrap('crlf', and(cr, lf)()); } - - // DQUOTE = %x22 - // ; " (Double Quote) - function dquote() { return wrap('dquote', literal('"')()); } - - // HTAB = %x09 - // ; horizontal tab - function htab() { return wrap('htab', literal('\t')()); } - - // LF = %x0A - // ; linefeed - function lf() { return wrap('lf', literal('\n')()); } - - // SP = %x20 - function sp() { return wrap('sp', literal(' ')()); } - - // VCHAR = %x21-7E - // ; visible (printing) characters - function vchar() { - return wrap('vchar', compareToken(function vcharFunc(tok) { - var code = tok.charCodeAt(0); - var accept = (0x21 <= code && code <= 0x7E); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); + try { + const unwrapped = await webCrypto$4.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + return new Uint8Array(await webCrypto$4.exportKey('raw', unwrapped)); + } catch (err) { + if (err.name === 'OperationError') { + throw new Error('Key Data Integrity failed'); } + throw err; + } + } - // WSP = SP / HTAB - // ; white space - function wsp() { return wrap('wsp', or(sp, htab)()); } - - - // email productions (RFC 5322) - // http://tools.ietf.org/html/rfc5322 - // 3.2.1. Quoted characters - - // quoted-pair = ("\" (VCHAR / WSP)) / obs-qp - function quotedPair() { - var qp = wrap('quoted-pair', - or( - and(literal('\\'), or(vchar, wsp)), - obsQP - )()); - if (qp === null) { return null; } - // a quoted pair will be two characters, and the "\" character - // should be semantically "invisible" (RFC 5322 3.2.1) - qp.semantic = qp.semantic[1]; - return qp; - } - - // 3.2.2. Folding White Space and Comments - - // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS - function fws() { - return wrap('fws', or( - obsFws, - and( - opt(and( - star(wsp), - invis(crlf) - )), - star(wsp, 1) - ) - )()); - } - - // ctext = %d33-39 / ; Printable US-ASCII - // %d42-91 / ; characters not including - // %d93-126 / ; "(", ")", or "\" - // obs-ctext - function ctext() { - return wrap('ctext', or( - function ctextFunc1() { - return compareToken(function ctextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 39) || - (42 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsCtext - )()); - } - - // ccontent = ctext / quoted-pair / comment - function ccontent() { - return wrap('ccontent', or(ctext, quotedPair, comment)()); - } - - // comment = "(" *([FWS] ccontent) [FWS] ")" - function comment() { - return wrap('comment', and( - literal('('), - star(and(opt(fws), ccontent)), - opt(fws), - literal(')') - )()); - } - - // CFWS = (1*([FWS] comment) [FWS]) / FWS - function cfws() { - return wrap('cfws', or( - and( - star( - and(opt(fws), comment), - 1 - ), - opt(fws) - ), - fws - )()); - } - - // 3.2.3. Atom - - //atext = ALPHA / DIGIT / ; Printable US-ASCII - // "!" / "#" / ; characters not including - // "$" / "%" / ; specials. Used for atoms. - // "&" / "'" / - // "*" / "+" / - // "-" / "/" / - // "=" / "?" / - // "^" / "_" / - // "`" / "{" / - // "|" / "}" / - // "~" - function atext() { - return wrap('atext', compareToken(function atextFunc(tok) { - var accept = - ('a' <= tok && tok <= 'z') || - ('A' <= tok && tok <= 'Z') || - ('0' <= tok && tok <= '9') || - (['!', '#', '$', '%', '&', '\'', '*', '+', '-', '/', - '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } + var aesKW = /*#__PURE__*/Object.freeze({ + __proto__: null, + unwrap: unwrap, + wrap: wrap + }); - // atom = [CFWS] 1*atext [CFWS] - function atom() { - return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))()); - } + /** + * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. + * @module crypto/hkdf + */ - // dot-atom-text = 1*atext *("." 1*atext) - function dotAtomText() { - var s, maybeText; - s = wrap('dot-atom-text', star(atext, 1)()); - if (s === null) { return s; } - maybeText = star(and(literal('.'), star(atext, 1)))(); - if (maybeText !== null) { - add(s, maybeText); - } - return s; - } - - // dot-atom = [CFWS] dot-atom-text [CFWS] - function dotAtom() { - return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))()); - } - - // 3.2.4. Quoted Strings - - // qtext = %d33 / ; Printable US-ASCII - // %d35-91 / ; characters not including - // %d93-126 / ; "\" or the quote character - // obs-qtext - function qtext() { - return wrap('qtext', or( - function qtextFunc1() { - return compareToken(function qtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 === code) || - (35 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsQtext - )()); - } - // qcontent = qtext / quoted-pair - function qcontent() { - return wrap('qcontent', or(qtext, quotedPair)()); - } + const webCrypto$3 = util.getWebCrypto(); - // quoted-string = [CFWS] - // DQUOTE *([FWS] qcontent) [FWS] DQUOTE - // [CFWS] - function quotedString() { - return wrap('quoted-string', and( - invis(opt(cfws)), - invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote), - invis(opt(cfws)) - )()); - } + async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) { + const hash = enums.read(enums.webHash, hashAlgo); + if (!hash) throw new Error('Hash algo not supported with HKDF'); - // 3.2.5 Miscellaneous Tokens + const importedKey = await webCrypto$3.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); + const bits = await webCrypto$3.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); + return new Uint8Array(bits); + } - // word = atom / quoted-string - function word() { - return wrap('word', or(atom, quotedString)()); - } + /** + * @fileoverview Key encryption and decryption for RFC 6637 ECDH + * @module crypto/public_key/elliptic/ecdh + */ - // phrase = 1*word / obs-phrase - function phrase() { - return wrap('phrase', or(obsPhrase, star(word, 1))()); - } - // 3.4. Address Specification - // address = mailbox / group - function address() { - return wrap('address', or(mailbox, group)()); - } + const HKDF_INFO = { + x25519: util.encodeUTF8('OpenPGP X25519'), + x448: util.encodeUTF8('OpenPGP X448') + }; - // mailbox = name-addr / addr-spec - function mailbox() { - return wrap('mailbox', or(nameAddr, addrSpec)()); + /** + * Generate ECDH key for Montgomery curves + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} + */ + async function generate$2(algo) { + switch (algo) { + case enums.publicKey.x25519: { + // k stays in little-endian, unlike legacy ECDH over curve25519 + const k = getRandomBytes(32); + const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k); + return { A, k }; } - // name-addr = [display-name] angle-addr - function nameAddr() { - return wrap('name-addr', and(opt(displayName), angleAddr)()); + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const k = x448.utils.randomPrivateKey(); + const A = x448.getPublicKey(k); + return { A, k }; } + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - // angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / - // obs-angle-addr - function angleAddr() { - return wrap('angle-addr', or( - and( - invis(opt(cfws)), - literal('<'), - addrSpec, - literal('>'), - invis(opt(cfws)) - ), - obsAngleAddr - )()); + /** + * Validate ECDH parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - ECDH public point + * @param {Uint8Array} k - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$6(algo, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.box.keyPair.fromSecretKey(k); + return util.equalsUint8Array(A, publicKey); } - - // group = display-name ":" [group-list] ";" [CFWS] - function group() { - return wrap('group', and( - displayName, - literal(':'), - opt(groupList), - literal(';'), - invis(opt(cfws)) - )()); + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + /** + * Derive public point A' from private key + * and expect A == A' + */ + const publicKey = x448.getPublicKey(k); + return util.equalsUint8Array(A, publicKey); } - // display-name = phrase - function displayName() { - return wrap('display-name', function phraseFixedSemantic() { - var result = phrase(); - if (result !== null) { - result.semantic = collapseWhitespace(result.semantic); - } - return result; - }()); - } - - // mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list - function mailboxList() { - return wrap('mailbox-list', or( - and( - mailbox, - star(and(literal(','), mailbox)) - ), - obsMboxList - )()); - } - - // address-list = (address *("," address)) / obs-addr-list - function addressList() { - return wrap('address-list', or( - and( - address, - star(and(literal(','), address)) - ), - obsAddrList - )()); - } - - // group-list = mailbox-list / CFWS / obs-group-list - function groupList() { - return wrap('group-list', or( - mailboxList, - invis(cfws), - obsGroupList - )()); - } - - // 3.4.1 Addr-Spec Specification - - // local-part = dot-atom / quoted-string / obs-local-part - function localPart() { - // note: quoted-string, dotAtom are proper subsets of obs-local-part - // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree - return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)()); - } - - // dtext = %d33-90 / ; Printable US-ASCII - // %d94-126 / ; characters not including - // obs-dtext ; "[", "]", or "\" - function dtext() { - return wrap('dtext', or( - function dtextFunc1() { - return compareToken(function dtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 90) || - (94 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsDtext - )() - ); - } + default: + return false; + } + } - // domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS] - function domainLiteral() { - return wrap('domain-literal', and( - invis(opt(cfws)), - literal('['), - star(and(opt(fws), dtext)), - opt(fws), - literal(']'), - invis(opt(cfws)) - )()); - } - - // domain = dot-atom / domain-literal / obs-domain - function domain() { - return wrap('domain', function domainCheckTLD() { - var result = or(obsDomain, dotAtom, domainLiteral)(); - if (opts.rejectTLD) { - if (result && result.semantic && result.semantic.indexOf('.') < 0) { - return null; - } - } - // strip all whitespace from domains - if (result) { - result.semantic = result.semantic.replace(/\s+/g, ''); - } - return result; - }()); - } - - // addr-spec = local-part "@" domain - function addrSpec() { - return wrap('addr-spec', and( - localPart, literal('@'), domain - )()); - } - - // 3.6.2 Originator Fields - // Below we only parse the field body, not the name of the field - // like "From:", "Sender:", or "Reply-To:". Other libraries that - // parse email headers can parse those and defer to these productions - // for the "RFC 5322" part. - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // from = "From:" (mailbox-list / address-list) CRLF - function fromSpec() { - return wrap('from', or( - mailboxList, - addressList - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // sender = "Sender:" (mailbox / address) CRLF - function senderSpec() { - return wrap('sender', or( - mailbox, - address - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // reply-to = "Reply-To:" address-list CRLF - function replyToSpec() { - return wrap('reply-to', addressList()); - } - - // 4.1. Miscellaneous Obsolete Tokens - - // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control - // %d11 / ; characters that do not - // %d12 / ; include the carriage - // %d14-31 / ; return, line feed, and - // %d127 ; white space characters - function obsNoWsCtl() { - return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) { - var code = tok.charCodeAt(0); - return ((1 <= code && code <= 8) || - (11 === code || 12 === code) || - (14 <= code && code <= 31) || - (127 === code)); - })); + /** + * Wrap and encrypt a session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} data - session key data to be encrypted + * @param {Uint8Array} recipientA - Recipient public key (K_B) + * @returns {Promise<{ + * ephemeralPublicKey: Uint8Array, + * wrappedKey: Uint8Array + * }>} ephemeral public key (K_A) and encrypted key + * @async + */ + async function encrypt$2(algo, data, recipientA) { + const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + recipientA, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; } - - // obs-ctext = obs-NO-WS-CTL - function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); } - - // obs-qtext = obs-NO-WS-CTL - function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); } - - // obs-qp = "\" (%d0 / obs-NO-WS-CTL / LF / CR) - function obsQP() { - return opts.strict ? null : wrap('obs-qp', and( - literal('\\'), - or(literal('\0'), obsNoWsCtl, lf, cr) - )()); - } - - // obs-phrase = word *(word / "." / CFWS) - function obsPhrase() { - if (opts.strict ) return null; - return opts.atInDisplayName ? wrap('obs-phrase', and( - word, - star(or(word, literal('.'), literal('@'), colwsp(cfws))) - )()) : - wrap('obs-phrase', and( - word, - star(or(word, literal('.'), colwsp(cfws))) - )()); - } - - // 4.2. Obsolete Folding White Space - - // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908 - // obs-FWS = 1*([CRLF] WSP) - function obsFws() { - return opts.strict ? null : wrap('obs-FWS', star( - and(invis(opt(crlf)), wsp), - 1 - )()); - } - - // 4.4. Obsolete Addressing - - // obs-angle-addr = [CFWS] "<" obs-route addr-spec ">" [CFWS] - function obsAngleAddr() { - return opts.strict ? null : wrap('obs-angle-addr', and( - invis(opt(cfws)), - literal('<'), - obsRoute, - addrSpec, - literal('>'), - invis(opt(cfws)) - )()); - } - - // obs-route = obs-domain-list ":" - function obsRoute() { - return opts.strict ? null : wrap('obs-route', and( - obsDomainList, - literal(':') - )()); - } - - // obs-domain-list = *(CFWS / ",") "@" domain - // *("," [CFWS] ["@" domain]) - function obsDomainList() { - return opts.strict ? null : wrap('obs-domain-list', and( - star(or(invis(cfws), literal(','))), - literal('@'), - domain, - star(and( - literal(','), - invis(opt(cfws)), - opt(and(literal('@'), domain)) - )) - )()); - } - - // obs-mbox-list = *([CFWS] ",") mailbox *("," [mailbox / CFWS]) - function obsMboxList() { - return opts.strict ? null : wrap('obs-mbox-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - mailbox, - star(and( - literal(','), - opt(and( - mailbox, - invis(cfws) - )) - )) - )()); - } - - // obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) - function obsAddrList() { - return opts.strict ? null : wrap('obs-addr-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - address, - star(and( - literal(','), - opt(and( - address, - invis(cfws) - )) - )) - )()); - } - - // obs-group-list = 1*([CFWS] ",") [CFWS] - function obsGroupList() { - return opts.strict ? null : wrap('obs-group-list', and( - star(and( - invis(opt(cfws)), - literal(',') - ), 1), - invis(opt(cfws)) - )()); - } - - // obs-local-part = word *("." word) - function obsLocalPart() { - return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))()); - } - - // obs-domain = atom *("." atom) - function obsDomain() { - return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))()); - } - - // obs-dtext = obs-NO-WS-CTL / quoted-pair - function obsDtext() { - return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)()); - } - - ///////////////////////////////////////////////////// - - // ast analysis - - function findNode(name, root) { - var i, stack, node; - if (root === null || root === undefined) { return null; } - stack = [root]; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - return node; - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return null; - } - - function findAllNodes(name, root) { - var i, stack, node, result; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - result.push(node); - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return result; + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; } - function findAllNodesNoChildren(names, root) { - var i, stack, node, result, namesLookup; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - namesLookup = {}; - for (i = 0; i < names.length; i += 1) { - namesLookup[names[i]] = true; - } + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - while (stack.length > 0) { - node = stack.pop(); - if (node.name in namesLookup) { - result.push(node); - // don't look at children (hence findAllNodesNoChildren) - } else { - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - } - return result; + /** + * Decrypt and unwrap the session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} ephemeralPublicKey - (K_A) + * @param {Uint8Array} wrappedKey, + * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF + * @param {Uint8Array} k - Recipient secret key (b) + * @returns {Promise} decrypted session key data + * @async + */ + async function decrypt$2(algo, ephemeralPublicKey, wrappedKey, A, k) { + const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + A, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); } - - function giveResult(ast) { - var addresses, groupsAndMailboxes, i, groupOrMailbox, result; - if (ast === null) { - return null; - } - addresses = []; - - // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'. - groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast); - for (i = 0; i < groupsAndMailboxes.length; i += 1) { - groupOrMailbox = groupsAndMailboxes[i]; - if (groupOrMailbox.name === 'group') { - addresses.push(giveResultGroup(groupOrMailbox)); - } else if (groupOrMailbox.name === 'mailbox') { - addresses.push(giveResultMailbox(groupOrMailbox)); - } - } - - result = { - ast: ast, - addresses: addresses, - }; - if (opts.simple) { - result = simplifyResult(result); - } - if (opts.oneResult) { - return oneResult(result); - } - if (opts.simple) { - return result && result.addresses; - } else { - return result; - } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); } + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - function giveResultGroup(group) { - var i; - var groupName = findNode('display-name', group); - var groupResultMailboxes = []; - var mailboxes = findAllNodesNoChildren(['mailbox'], group); - for (i = 0; i < mailboxes.length; i += 1) { - groupResultMailboxes.push(giveResultMailbox(mailboxes[i])); - } - return { - node: group, - parts: { - name: groupName, - }, - type: group.name, // 'group' - name: grabSemantic(groupName), - addresses: groupResultMailboxes, - }; - } + function getPayloadSize(algo) { + switch (algo) { + case enums.publicKey.x25519: + return 32; - function giveResultMailbox(mailbox) { - var name = findNode('display-name', mailbox); - var aspec = findNode('addr-spec', mailbox); - var cfws = findAllNodes('cfws', mailbox); - var comments = findAllNodesNoChildren(['comment'], mailbox); + case enums.publicKey.x448: + return 56; + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - var local = findNode('local-part', aspec); - var domain = findNode('domain', aspec); - return { - node: mailbox, - parts: { - name: name, - address: aspec, - local: local, - domain: domain, - comments: cfws - }, - type: mailbox.name, // 'mailbox' - name: grabSemantic(name), - address: grabSemantic(aspec), - local: grabSemantic(local), - domain: grabSemantic(domain), - comments: concatComments(comments), - groupName: grabSemantic(mailbox.groupName), - }; + /** + * Generate shared secret and ephemeral public key for encryption + * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret + * @async + */ + async function generateEphemeralEncryptionMaterial(algo, recipientA) { + switch (algo) { + case enums.publicKey.x25519: { + const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo)); + const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const ephemeralSecretKey = x448.utils.randomPrivateKey(); + const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; } + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - function grabSemantic(n) { - return n !== null && n !== undefined ? n.semantic : null; + async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; } - - function simplifyResult(result) { - var i; - if (result && result.addresses) { - for (i = 0; i < result.addresses.length; i += 1) { - delete result.addresses[i].node; - } - } - return result; + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; } + default: + throw new Error('Unsupported ECDH algorithm'); + } + } - function concatComments(comments) { - var result = ''; - if (comments) { - for (var i = 0; i < comments.length; i += 1) { - result += grabSemantic(comments[i]); - } - } - return result; - } + /** + * x25519 and x448 produce an all-zero value when given as input a point with small order. + * This does not lead to a security issue in the context of ECDH, but it is still unexpected, + * hence we throw. + * @param {Uint8Array} sharedSecret + */ + function assertNonZeroArray(sharedSecret) { + let acc = 0; + for (let i = 0; i < sharedSecret.length; i++) { + acc |= sharedSecret[i]; + } + if (acc === 0) { + throw new Error('Unexpected low order point'); + } + } - function oneResult(result) { - if (!result) { return null; } - if (!opts.partial && result.addresses.length > 1) { return null; } - return result.addresses && result.addresses[0]; - } + var ecdh_x = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$2, + encrypt: encrypt$2, + generate: generate$2, + generateEphemeralEncryptionMaterial: generateEphemeralEncryptionMaterial, + getPayloadSize: getPayloadSize, + recomputeSharedSecret: recomputeSharedSecret, + validateParams: validateParams$6 + }); - ///////////////////////////////////////////////////// + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - var parseString, pos, len, parsed, startProduction; - opts = handleOpts(opts, {}); - if (opts === null) { return null; } + const webCrypto$2 = util.getWebCrypto(); + const nodeCrypto$2 = util.getNodeCrypto(); - parseString = opts.input; + const webCurves = { + [enums.curve.nistP256]: 'P-256', + [enums.curve.nistP384]: 'P-384', + [enums.curve.nistP521]: 'P-521' + }; + const knownCurves = nodeCrypto$2 ? nodeCrypto$2.getCurves() : []; + const nodeCurves = nodeCrypto$2 ? { + [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, + [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, + [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, + [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, + [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined, + [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined, + [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, + [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, + [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined + } : {}; - startProduction = { - 'address': address, - 'address-list': addressList, - 'angle-addr': angleAddr, - 'from': fromSpec, - 'group': group, - 'mailbox': mailbox, - 'mailbox-list': mailboxList, - 'reply-to': replyToSpec, - 'sender': senderSpec, - }[opts.startAt] || addressList; + const curves = { + [enums.curve.nistP256]: { + oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.nistP256], + web: webCurves[enums.curve.nistP256], + payloadSize: 32, + sharedSize: 256, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP384]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.nistP384], + web: webCurves[enums.curve.nistP384], + payloadSize: 48, + sharedSize: 384, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP521]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.nistP521], + web: webCurves[enums.curve.nistP521], + payloadSize: 66, + sharedSize: 528, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.secp256k1]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.secp256k1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.ed25519Legacy]: { + oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], + keyType: enums.publicKey.eddsaLegacy, + hash: enums.hash.sha512, + node: false, // nodeCurves.ed25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.curve25519Legacy]: { + oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], + keyType: enums.publicKey.ecdh, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: false, // nodeCurves.curve25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.brainpoolP256r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.brainpoolP256r1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP384r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.brainpoolP384r1], + payloadSize: 48, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP512r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.brainpoolP512r1], + payloadSize: 64, + wireFormatLeadingByte: 0x04 + } + }; - if (!opts.strict) { - initialize(); - opts.strict = true; - parsed = startProduction(parseString); - if (opts.partial || !inStr()) { - return giveResult(parsed); - } - opts.strict = false; + class CurveWithOID { + constructor(oidOrName) { + try { + this.name = oidOrName instanceof OID ? + oidOrName.getName() : + enums.write(enums.curve,oidOrName); + } catch (err) { + throw new UnsupportedError('Unknown curve'); } + const params = curves[this.name]; - initialize(); - parsed = startProduction(parseString); - if (!opts.partial && inStr()) { return null; } - return giveResult(parsed); - } - - function parseOneAddressSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'address-list', - })); - } + this.keyType = params.keyType; - function parseAddressListSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'address-list', - })); - } + this.oid = params.oid; + this.hash = params.hash; + this.cipher = params.cipher; + this.node = params.node; + this.web = params.web; + this.payloadSize = params.payloadSize; + this.sharedSize = params.sharedSize; + this.wireFormatLeadingByte = params.wireFormatLeadingByte; + if (this.web && util.getWebCrypto()) { + this.type = 'web'; + } else if (this.node && util.getNodeCrypto()) { + this.type = 'node'; + } else if (this.name === enums.curve.curve25519Legacy) { + this.type = 'curve25519Legacy'; + } else if (this.name === enums.curve.ed25519Legacy) { + this.type = 'ed25519Legacy'; + } + } - function parseFromSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'from', - })); + async genKeyPair() { + switch (this.type) { + case 'web': + try { + return await webGenKeyPair(this.name, this.wireFormatLeadingByte); + } catch (err) { + util.printDebugError('Browser did not support generating ec key ' + err.message); + return jsGenKeyPair(this.name); + } + case 'node': + return nodeGenKeyPair(this.name); + case 'curve25519Legacy': { + // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3 + const { k, A } = await generate$2(enums.publicKey.x25519); + const privateKey = k.slice().reverse(); + privateKey[0] = (privateKey[0] & 127) | 64; + privateKey[31] &= 248; + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + case 'ed25519Legacy': { + const { seed: privateKey, A } = await generate$3(enums.publicKey.ed25519); + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + default: + return jsGenKeyPair(this.name); + } + } } - function parseSenderSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'sender', - })); + async function generate$1(curveName) { + const curve = new CurveWithOID(curveName); + const { oid, hash, cipher } = curve; + const keyPair = await curve.genKeyPair(); + return { + oid, + Q: keyPair.publicKey, + secret: util.leftPad(keyPair.privateKey, curve.payloadSize), + hash, + cipher + }; } - function parseReplyToSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'reply-to', - })); + /** + * Get preferred hash algo to use with the given curve + * @param {module:type/oid} oid - curve oid + * @returns {enums.hash} hash algorithm + */ + function getPreferredHashAlgo$1(oid) { + return curves[oid.getName()].hash; } - function handleOpts(opts, defs) { - function isString(str) { - return Object.prototype.toString.call(str) === '[object String]'; - } - - function isObject(o) { - return o === Object(o); - } + /** + * Validate ECDH and ECDSA parameters + * Not suitable for EdDSA (different secret key format) + * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves + * @param {module:type/oid} oid - EC object identifier + * @param {Uint8Array} Q - EC public point + * @param {Uint8Array} d - EC secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateStandardParams(algo, oid, Q, d) { + const supportedCurves = { + [enums.curve.nistP256]: true, + [enums.curve.nistP384]: true, + [enums.curve.nistP521]: true, + [enums.curve.secp256k1]: true, + [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh, + [enums.curve.brainpoolP256r1]: true, + [enums.curve.brainpoolP384r1]: true, + [enums.curve.brainpoolP512r1]: true + }; - function isNullUndef(o) { - return o === null || o === undefined; - } + // Check whether the given curve is supported + const curveName = oid.getName(); + if (!supportedCurves[curveName]) { + return false; + } - var defaults, o; + if (curveName === enums.curve.curve25519Legacy) { + d = d.slice().reverse(); + // Re-derive public point Q' + const { publicKey } = nacl.box.keyPair.fromSecretKey(d); - if (isString(opts)) { - opts = { input: opts }; - } else if (!isObject(opts)) { - return null; + Q = new Uint8Array(Q); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + if (!util.equalsUint8Array(dG, Q)) { + return false; } - if (!isString(opts.input)) { return null; } - if (!defs) { return null; } - - defaults = { - oneResult: false, - partial: false, - rejectTLD: false, - rfc6532: false, - simple: false, - startAt: 'address-list', - strict: false, - atInDisplayName: false - }; - - for (o in defaults) { - if (isNullUndef(opts[o])) { - opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o]; - } - } - return opts; - } + return true; + } - parse5322.parseOneAddress = parseOneAddressSimple; - parse5322.parseAddressList = parseAddressListSimple; - parse5322.parseFrom = parseFromSimple; - parse5322.parseSender = parseSenderSimple; - parse5322.parseReplyTo = parseReplyToSimple; + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + /* + * Re-derive public point Q' = dG from private key + * Expect Q == Q' + */ + const dG = nobleCurve.getPublicKey(d, false); + if (!util.equalsUint8Array(dG, Q)) { + return false; + } - { - module.exports = parse5322; + return true; } - }()); - }); - - // GPG4Browsers - An OpenPGP implementation in javascript - /** - * Implementation of the User ID Packet (Tag 13) - * - * A User ID packet consists of UTF-8 text that is intended to represent - * the name and email address of the key holder. By convention, it - * includes an RFC 2822 [RFC2822] mail name-addr, but there are no - * restrictions on its content. The packet length in the header - * specifies the length of the User ID. + * Check whether the public point has a valid encoding. + * NB: this function does not check e.g. whether the point belongs to the curve. */ - class UserIDPacket { - static get tag() { - return enums.packet.userID; - } + function checkPublicPointEnconding(curve, V) { + const { payloadSize, wireFormatLeadingByte, name: curveName } = curve; - constructor() { - /** A string containing the user id. Usually in the form - * John Doe - * @type {String} - */ - this.userID = ''; + const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2; - this.name = ''; - this.email = ''; - this.comment = ''; + if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) { + throw new Error('Invalid point encoding'); } + } - /** - * Create UserIDPacket instance from object - * @param {Object} userID - Object specifying userID name, email and comment - * @returns {UserIDPacket} - * @static - */ - static fromObject(userID) { - if (util.isString(userID) || - (userID.name && !util.isString(userID.name)) || - (userID.email && !util.isEmailAddress(userID.email)) || - (userID.comment && !util.isString(userID.comment))) { - throw new Error('Invalid user ID format'); - } - const packet = new UserIDPacket(); - Object.assign(packet, userID); - const components = []; - if (packet.name) components.push(packet.name); - if (packet.comment) components.push(`(${packet.comment})`); - if (packet.email) components.push(`<${packet.email}>`); - packet.userID = components.join(' '); - return packet; - } + ////////////////////////// + // // + // Helper functions // + // // + ////////////////////////// + async function jsGenKeyPair(name) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + const privateKey = nobleCurve.utils.randomPrivateKey(); + const publicKey = nobleCurve.getPublicKey(privateKey, false); + return { publicKey, privateKey }; + } - /** - * Parsing function for a user id packet (tag 13). - * @param {Uint8Array} input - Payload of a tag 13 packet - */ - read(bytes, config$1 = config) { - const userID = util.decodeUTF8(bytes); - if (userID.length > config$1.maxUserIDLength) { - throw new Error('User ID string is too long'); - } - try { - const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true }); - this.comment = comments.replace(/^\(|\)$/g, ''); - this.name = name; - this.email = email; - } catch (e) {} - this.userID = userID; - } + async function webGenKeyPair(name, wireFormatLeadingByte) { + // Note: keys generated with ECDSA and ECDH are structurally equivalent + const webCryptoKey = await webCrypto$2.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - /** - * Creates a binary representation of the user id packet - * @returns {Uint8Array} Binary representation. - */ - write() { - return util.encodeUTF8(this.userID); - } + const privateKey = await webCrypto$2.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto$2.exportKey('jwk', webCryptoKey.publicKey); - equals(otherUserID) { - return otherUserID && otherUserID.userID === this.userID; - } + return { + publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte), + privateKey: b64ToUint8Array(privateKey.d) + }; } - // GPG4Browsers - An OpenPGP implementation in javascript + async function nodeGenKeyPair(name) { + // Note: ECDSA and ECDH key generation is structurally equivalent + const ecdh = nodeCrypto$2.createECDH(nodeCurves[name]); + await ecdh.generateKeys(); + return { + publicKey: new Uint8Array(ecdh.getPublicKey()), + privateKey: new Uint8Array(ecdh.getPrivateKey()) + }; + } + + ////////////////////////// + // // + // Helper functions // + // // + ////////////////////////// /** - * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret - * Key packet and has exactly the same format. - * @extends SecretKeyPacket + * @param {JsonWebKey} jwk - key for conversion + * + * @returns {Uint8Array} Raw public key. */ - class SecretSubkeyPacket extends SecretKeyPacket { - static get tag() { - return enums.packet.secretSubkey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - } + function jwkToRawPublic(jwk, wireFormatLeadingByte) { + const bufX = b64ToUint8Array(jwk.x); + const bufY = b64ToUint8Array(jwk.y); + const publicKey = new Uint8Array(bufX.length + bufY.length + 1); + publicKey[0] = wireFormatLeadingByte; + publicKey.set(bufX, 1); + publicKey.set(bufY, bufX.length + 1); + return publicKey; } /** - * Implementation of the Trust Packet (Tag 12) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: - * The Trust packet is used only within keyrings and is not normally - * exported. Trust packets contain data that record the user's - * specifications of which key holders are trustworthy introducers, - * along with other information that implementing software uses for - * trust information. The format of Trust packets is defined by a given - * implementation. + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key * - * Trust packets SHOULD NOT be emitted to output streams that are - * transferred to other users, and they SHOULD be ignored on any input - * other than local keyring files. + * @returns {JsonWebKey} Public key in jwk format. */ - class TrustPacket { - static get tag() { - return enums.packet.trust; - } - - /** - * Parsing function for a trust packet (tag 12). - * Currently not implemented as we ignore trust packets - */ - read() { - throw new UnsupportedError('Trust packets are not supported'); - } + function rawPublicToJWK(payloadSize, name, publicKey) { + const len = payloadSize; + const bufX = publicKey.slice(1, len + 1); + const bufY = publicKey.slice(len + 1, len * 2 + 1); + // https://www.rfc-editor.org/rfc/rfc7518.txt + const jwk = { + kty: 'EC', + crv: name, + x: uint8ArrayToB64(bufX), + y: uint8ArrayToB64(bufY), + ext: true + }; + return jwk; + } - write() { - throw new UnsupportedError('Trust packets are not supported'); - } + /** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * @param {Uint8Array} privateKey - private key + * + * @returns {JsonWebKey} Private key in jwk format. + */ + function privateToJWK(payloadSize, name, publicKey, privateKey) { + const jwk = rawPublicToJWK(payloadSize, name, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } - // GPG4Browsers - An OpenPGP implementation in javascript + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // A Signature can contain the following packets - const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + + const webCrypto$1 = util.getWebCrypto(); + const nodeCrypto$1 = util.getNodeCrypto(); /** - * Class that represents an OpenPGP signature. + * Sign a message using the provided key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async */ - class Signature { - /** - * @param {PacketList} packetlist - The signature packets - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); - } - - /** - * Returns binary encoded signature - * @returns {ReadableStream} Binary signature. - */ - write() { - return this.packets.write(); - } - - /** - * Returns ASCII armored text of signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config$1); + async function sign$4(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (message && !util.isStream(message)) { + const keyPair = { publicKey, privateKey }; + switch (curve.type) { + case 'web': + // If browser doesn't support a curve, we'll catch it + try { + // Need to await to make sure browser succeeds + return await webSign(curve, hashAlgo, message, keyPair); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunaley Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support signing: ' + err.message); + } + break; + case 'node': + return nodeSign(curve, hashAlgo, message, privateKey); + } } - /** - * Returns an array of KeyIDs of all of the issuers who created this signature - * @returns {Array} The Key IDs of the signing keys - */ - getSigningKeyIDs() { - return this.packets.map(packet => packet.issuerKeyID); - } + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + const signature = nobleCurve.sign(hashed, privateKey, { lowS: false }); + return { + r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize), + s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize) + }; } /** - * reads an (optionally armored) OpenPGP signature and returns a signature object - * @param {Object} options - * @param {String} [options.armoredSignature] - Armored signature to be parsed - * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New signature object. + * Verifies if a signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify + * @param {Uint8Array} message - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} * @async - * @static */ - async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredSignature || binarySignature; - if (!input) { - throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); - } - if (armoredSignature && !util.isString(armoredSignature)) { - throw new Error('readSignature: options.armoredSignature must be a string'); - } - if (binarySignature && !util.isUint8Array(binarySignature)) { - throw new Error('readSignature: options.binarySignature must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + async function verify$4(oid, hashAlgo, signature, message, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + // See https://github.com/openpgpjs/openpgpjs/pull/948. + // NB: the impact was more likely limited to Brainpool curves, since thanks + // to WebCrypto availability, NIST curve should not have been affected. + // Similarly, secp256k1 should have been used rarely enough. + // However, we implement the fix for all curves, since it's only needed in case of + // verification failure, which is unexpected, hence a minor slowdown is acceptable. + const tryFallbackVerificationForOldBug = async () => ( + hashed[0] === 0 ? + jsVerify(curve, signature, hashed.subarray(1), publicKey) : + false + ); - if (armoredSignature) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.signature) { - throw new Error('Armored text not of type signature'); + if (message && !util.isStream(message)) { + switch (curve.type) { + case 'web': + try { + // Need to await to make sure browser succeeds + const verified = await webVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunately Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support verifying: ' + err.message); + } + break; + case 'node': { + const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } } - input = data; } - const packetlist = await PacketList.fromBinary(input, allowedPackets$4, config$1); - return new Signature(packetlist); - } - - /** - * @fileoverview Provides helpers methods for key module - * @module key/helper - * @private - */ - - async function generateSecretSubkey(options, config) { - const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); - secretSubkeyPacket.packets = null; - secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretSubkeyPacket.generate(options.rsaBits, options.curve); - await secretSubkeyPacket.computeFingerprintAndKeyID(); - return secretSubkeyPacket; - } - async function generateSecretKey(options, config) { - const secretKeyPacket = new SecretKeyPacket(options.date, config); - secretKeyPacket.packets = null; - secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); - await secretKeyPacket.computeFingerprintAndKeyID(); - return secretKeyPacket; + const verified = await jsVerify(curve, signature, hashed, publicKey); + return verified || tryFallbackVerificationForOldBug(); } /** - * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. - * @param {Array} signatures - List of signatures - * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - full configuration - * @returns {Promise} The latest valid signature. + * Validate ECDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDSA public point + * @param {Uint8Array} d - ECDSA secret scalar + * @returns {Promise} Whether params are valid. * @async */ - async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { - let latestValid; - let exception; - for (let i = signatures.length - 1; i >= 0; i--) { - try { - if ( - (!latestValid || signatures[i].created >= latestValid.created) - ) { - await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); - latestValid = signatures[i]; + async function validateParams$5(oid, Q, d) { + const curve = new CurveWithOID(oid); + // Reject curves x25519 and ed25519 + if (curve.keyType !== enums.publicKey.ecdsa) { + return false; + } + + // To speed up the validation, we try to use node- or webcrypto when available + // and sign + verify a random message + switch (curve.type) { + case 'web': + case 'node': { + const message = getRandomBytes(8); + const hashAlgo = enums.hash.sha256; + const hashed = await hash$1.digest(hashAlgo, message); + try { + const signature = await sign$4(oid, hashAlgo, message, Q, d, hashed); + // eslint-disable-next-line @typescript-eslint/return-await + return await verify$4(oid, hashAlgo, signature, message, Q, hashed); + } catch (err) { + return false; } - } catch (e) { - exception = e; } + default: + return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); } - if (!latestValid) { - throw util.wrapError( - `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` - .replace('certGeneric ', 'self-') - .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), - exception); - } - return latestValid; } - function isDataExpired(keyPacket, signature, date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - const expirationTime = getKeyExpirationTime(keyPacket, signature); - return !(keyPacket.created <= normDate && normDate < expirationTime); - } - return false; - } + + ////////////////////////// + // // + // Helper functions // + // // + ////////////////////////// /** - * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} - * @param {SecretSubkeyPacket} subkey - Subkey key packet - * @param {SecretKeyPacket} primaryKey - Primary key packet - * @param {Object} options - * @param {Object} config - Full configuration + * Fallback javascript implementation of ECDSA verification. + * To be used if no native implementation is available for the given curve/operation. */ - async function createBindingSignature(subkey, primaryKey, options, config) { - const dataToSign = {}; - dataToSign.key = primaryKey; - dataToSign.bind = subkey; - const signatureProperties = { signatureType: enums.signature.subkeyBinding }; - if (options.sign) { - signatureProperties.keyFlags = [enums.keyFlags.signData]; - signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, { - signatureType: enums.signature.keyBinding - }, options.date, undefined, undefined, undefined, config); - } else { - signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; - } - const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); - return subkeySignaturePacket; + async function jsVerify(curve, signature, hashed, publicKey) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false }); } - /** - * Returns the preferred signature hash algorithm of a key - * @param {Key} [key] - The key to get preferences from - * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} config - full configuration - * @returns {Promise} - * @async - */ - async function getPreferredHashAlgo$2(key, keyPacket, date = new Date(), userID = {}, config) { - let hashAlgo = config.preferredHashAlgorithm; - let prefAlgo = hashAlgo; - if (key) { - const primaryUser = await key.getPrimaryUser(date, userID, config); - if (primaryUser.selfCertification.preferredHashAlgorithms) { - [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms; - hashAlgo = mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; - } - } - switch (keyPacket.algorithm) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ed25519: - prefAlgo = mod.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid); + async function webSign(curve, hashAlgo, message, keyPair) { + const len = curve.payloadSize; + const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['sign'] + ); + + const signature = new Uint8Array(await webCrypto$1.sign( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + message + )); + + return { + r: signature.slice(0, len), + s: signature.slice(len, len << 1) + }; + } + + async function webVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['verify'] + ); + + const signature = util.concatUint8Array([r, s]).buffer; + + return webCrypto$1.verify( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + signature, + message + ); + } + + async function nodeSign(curve, hashAlgo, message, privateKey) { + // JWT encoding cannot be used for now, as Brainpool curves are not supported + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + privateKey: nodeBuffer.from(privateKey) + }); + + const sign = nodeCrypto$1.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(message); + sign.end(); + + const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' })); + const len = curve.payloadSize; + + return { + r: signature.subarray(0, len), + s: signature.subarray(len, len << 1) + }; + } + + async function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { publicKey: derPublicKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + publicKey: nodeBuffer.from(publicKey) + }); + + const verify = nodeCrypto$1.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(message); + verify.end(); + + const signature = util.concatUint8Array([r, s]); + + try { + return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature); + } catch (err) { + return false; } - return mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; } - /** - * Returns the preferred symmetric/aead/compression algorithm for a set of keys - * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return - * @param {Array} [keys] - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Preferred algorithm - * @async - */ - async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config$1 = config) { - const defaultAlgo = { // these are all must-implement in rfc4880bis - 'symmetric': enums.symmetric.aes128, - 'aead': enums.aead.eax, - 'compression': enums.compression.uncompressed - }[type]; - const preferredSenderAlgo = { - 'symmetric': config$1.preferredSymmetricAlgorithm, - 'aead': config$1.preferredAEADAlgorithm, - 'compression': config$1.preferredCompressionAlgorithm - }[type]; - const prefPropertyName = { - 'symmetric': 'preferredSymmetricAlgorithms', - 'aead': 'preferredAEADAlgorithms', - 'compression': 'preferredCompressionAlgorithms' - }[type]; + var ecdsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$4, + validateParams: validateParams$5, + verify: verify$4 + }); + + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2018 Proton Technologies AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // if preferredSenderAlgo appears in the prefs of all recipients, we pick it - // otherwise we use the default algo - // if no keys are available, preferredSenderAlgo is returned - const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - const recipientPrefs = primaryUser.selfCertification[prefPropertyName]; - return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; - })); - return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; - } /** - * Create signature packet - * @param {Object} dataToSign - Contains packets to be signed - * @param {PrivateKey} privateKey - key to get preferences from - * @param {SecretKeyPacket| - * SecretSubkeyPacket} signingKeyPacket secret key packet for signing - * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing - * @param {Date} [date] - Override the creationtime of the signature - * @param {Object} [userID] - User ID - * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [detached] - Whether to create a detached signature packet - * @param {Object} config - full configuration - * @returns {Promise} Signature packet. + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async */ - async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) { - if (signingKeyPacket.isDummy()) { - throw new Error('Cannot sign with a gnu-dummy key.'); - } - if (!signingKeyPacket.isDecrypted()) { - throw new Error('Signing key is not decrypted.'); + async function sign$3(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); } - const signaturePacket = new SignaturePacket(); - Object.assign(signaturePacket, signatureProperties); - signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; - signaturePacket.hashAlgorithm = await getPreferredHashAlgo$2(privateKey, signingKeyPacket, date, userID, config); - signaturePacket.rawNotations = notations; - await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached); - return signaturePacket; + const { RS: signature } = await sign$5(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; } /** - * Merges signatures from source[attr] to dest[attr] - * @param {Object} source - * @param {Object} dest - * @param {String} attr - * @param {Date} [date] - date to use for signature expiration check, instead of the current time - * @param {Function} [checkFn] - signature only merged if true + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async */ - async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { - source = source[attr]; - if (source) { - if (!dest[attr].length) { - dest[attr] = source; - } else { - await Promise.all(source.map(async function(sourceSig) { - if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && - !dest[attr].some(function(destSig) { - return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); - })) { - dest[attr].push(sourceSig); - } - })); - } + async function verify$3(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); } + const RS = util.concatUint8Array([r, s]); + return verify$5(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed); } - /** - * Checks if a given certificate or binding signature is revoked - * @param {SecretKeyPacket| - * PublicKeyPacket} primaryKey The primary key packet - * @param {Object} dataToVerify - The data to check - * @param {Array} revocations - The revocation signatures to check - * @param {SignaturePacket} signature - The certificate or signature to check - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the signature revokes the data. + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. * @async */ - async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { - key = key || primaryKey; - const revocationKeyIDs = []; - await Promise.all(revocations.map(async function(revocationSignature) { - try { - if ( - // Note: a third-party revocation signature could legitimately revoke a - // self-signature if the signature has an authorized revocation key. - // However, we don't support passing authorized revocation keys, nor - // verifying such revocation signatures. Instead, we indicate an error - // when parsing a key with an authorized revocation key, and ignore - // third-party revocation signatures here. (It could also be revoking a - // third-party key certification, which should only affect - // `verifyAllCertifications`.) - !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) - ) { - await revocationSignature.verify( - key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config - ); - - // TODO get an identifier of the revoked object instead - revocationKeyIDs.push(revocationSignature.issuerKeyID); - } - } catch (e) {} - })); - // TODO further verify that this is the signature that should be revoked - if (signature) { - signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : - signature.revoked || false; - return signature.revoked; + async function validateParams$4(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== enums.curve.ed25519Legacy) { + return false; } - return revocationKeyIDs.length > 0; + + /** + * Derive public point Q' = dG from private key + * and expect Q == Q' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); + } + var eddsa_legacy = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$3, + validateParams: validateParams$4, + verify: verify$3 + }); + + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * Returns key expiration time based on the given certification signature. - * The expiration time of the signature is ignored. - * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check - * @param {SignaturePacket} signature - signature to process - * @returns {Date|Infinity} expiration time or infinity if the key does not expire + * @fileoverview Functions to add and remove PKCS5 padding + * @see PublicKeyEncryptedSessionKeyPacket + * @module crypto/pkcs5 + * @private */ - function getKeyExpirationTime(keyPacket, signature) { - let expirationTime; - // check V4 expiration time - if (signature.keyNeverExpires === false) { - expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; - } - return expirationTime ? new Date(expirationTime) : Infinity; + + /** + * Add pkcs5 padding to a message + * @param {Uint8Array} message - message to pad + * @returns {Uint8Array} Padded message. + */ + function encode(message) { + const c = 8 - (message.length % 8); + const padded = new Uint8Array(message.length + c).fill(c); + padded.set(message); + return padded; } /** - * Returns whether aead is supported by all keys in the set - * @param {Array} keys - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} config - full configuration - * @returns {Promise} - * @async + * Remove pkcs5 padding from a message + * @param {Uint8Array} message - message to remove padding from + * @returns {Uint8Array} Message without padding. */ - async function isAEADSupported(keys, date = new Date(), userIDs = [], config$1 = config) { - let supported = true; - // TODO replace when Promise.some or Promise.any are implemented - await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - if (!primaryUser.selfCertification.features || - !(primaryUser.selfCertification.features[0] & enums.features.aead)) { - supported = false; + function decode$1(message) { + const len = message.length; + if (len > 0) { + const c = message[len - 1]; + if (c >= 1) { + const provided = message.subarray(len - c); + const computed = new Uint8Array(c).fill(c); + if (util.equalsUint8Array(provided, computed)) { + return message.subarray(0, len - c); + } } - })); - return supported; + } + throw new Error('Invalid padding'); } - function sanitizeKeyOptions(options, subkeyDefaults = {}) { - options.type = options.type || subkeyDefaults.type; - options.curve = options.curve || subkeyDefaults.curve; - options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; - options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; - - options.sign = options.sign || false; + var pkcs5 = /*#__PURE__*/Object.freeze({ + __proto__: null, + decode: decode$1, + encode: encode + }); - switch (options.type) { - case 'ecc': - try { - options.curve = enums.write(enums.curve, options.curve); - } catch (e) { - throw new Error('Unknown curve'); - } - if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) { - options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; - } - if (options.sign) { - options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; - } else { - options.algorithm = enums.publicKey.ecdh; - } - break; - case 'rsa': - options.algorithm = enums.publicKey.rsaEncryptSign; - break; - default: - throw new Error(`Unsupported key type ${options.type}`); - } - return options; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + const webCrypto = util.getWebCrypto(); + const nodeCrypto = util.getNodeCrypto(); + + /** + * Validate ECDH parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDH public point + * @param {Uint8Array} d - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$3(oid, Q, d) { + return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); } - function isValidSigningKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.rsaEncrypt && - keyAlgo !== enums.publicKey.elgamal && - keyAlgo !== enums.publicKey.ecdh && - keyAlgo !== enums.publicKey.x25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.signData) !== 0); - } - - function isValidEncryptionKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.dsa && - keyAlgo !== enums.publicKey.rsaSign && - keyAlgo !== enums.publicKey.ecdsa && - keyAlgo !== enums.publicKey.eddsaLegacy && - keyAlgo !== enums.publicKey.ed25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0); + // Build Param for ECDH algorithm (RFC 6637) + function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { + return util.concatUint8Array([ + oid.write(), + new Uint8Array([public_algo]), + kdfParams.write(), + util.stringToUint8Array('Anonymous Sender '), + fingerprint + ]); } - function isValidDecryptionKeyPacket(signature, config) { - if (config.allowInsecureDecryptionWithSigningKeys) { - // This is only relevant for RSA keys, all other signing algorithms cannot decrypt - return true; + // Key Derivation Function (RFC 6637) + async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { + // Note: X is little endian for Curve25519, big-endian for all others. + // This is not ideal, but the RFC's are unclear + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B + let i; + if (stripLeading) { + // Work around old go crypto bug + for (i = 0; i < X.length && X[i] === 0; i++); + X = X.subarray(i); } - - return !signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + if (stripTrailing) { + // Work around old OpenPGP.js bug + for (i = X.length - 1; i >= 0 && X[i] === 0; i--); + X = X.subarray(0, i + 1); + } + const digest = await hash$1.digest(hashAlgo, util.concatUint8Array([ + new Uint8Array([0, 0, 0, 1]), + X, + param + ])); + return digest.subarray(0, length); } /** - * Check key against blacklisted algorithms and minimum strength requirements. - * @param {SecretKeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket - * @param {Config} config - * @throws {Error} if the key packet does not meet the requirements + * Generate ECDHE ephemeral key and secret from public key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async */ - function checkKeyRequirements(keyPacket, config) { - const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); - const algoInfo = keyPacket.getAlgorithmInfo(); - if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { - throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); - } - switch (keyAlgo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: - case enums.publicKey.rsaEncrypt: - if (algoInfo.bits < config.minRSABits) { - throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); - } - break; - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ecdh: - if (config.rejectCurves.has(algoInfo.curve)) { - throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); + async function genPublicEphemeralKey(curve, Q) { + switch (curve.type) { + case 'curve25519Legacy': { + const { sharedSecret: sharedKey, ephemeralPublicKey } = await generateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1)); + const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]); + return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPublicEphemeralKey(curve, Q); + } catch (err) { + util.printDebugError(err); + return jsPublicEphemeralKey(curve, Q); + } } break; + case 'node': + return nodePublicEphemeralKey(curve, Q); + default: + return jsPublicEphemeralKey(curve, Q); + } } /** - * @module key/User - * @private - */ - - /** - * Class that represents an user ID or attribute packet and the relevant signatures. - * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info - * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + * Encrypt and wrap a session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} data - Unpadded session key data + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} + * @async */ - class User { - constructor(userPacket, mainKey) { - this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; - this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; - this.selfCertifications = []; - this.otherCertifications = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } - - /** - * Transforms structured user data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.userID || this.userAttribute); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.selfCertifications); - packetlist.push(...this.otherCertifications); - return packetlist; - } + async function encrypt$1(oid, kdfParams, data, Q, fingerprint) { + const m = encode(data); - /** - * Shallow clone - * @returns {User} - */ - clone() { - const user = new User(this.userID || this.userAttribute, this.mainKey); - user.selfCertifications = [...this.selfCertifications]; - user.otherCertifications = [...this.otherCertifications]; - user.revocationSignatures = [...this.revocationSignatures]; - return user; - } - - /** - * Generate third-party certifications over this user and its primary key - * @param {Array} signingKeys - Decrypted private keys for signing - * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} New user with new certifications. - * @async - */ - async certify(signingKeys, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { - if (!privateKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - if (privateKey.hasSameFingerprintAs(primaryKey)) { - throw new Error("The user's own key can only be used for self-certifications"); - } - const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); - return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, { - // Most OpenPGP implementations use generic certification (0x10) - signatureType: enums.signature.certGeneric, - keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] - }, date, undefined, undefined, undefined, config); - })); - await user.update(this, date, config); - return user; - } - - /** - * Checks if a given certificate of the user is revoked - * @param {SignaturePacket} certificate - The certificate to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked(primaryKey, enums.signature.certRevocation, { - key: primaryKey, - userID: this.userID, - userAttribute: this.userAttribute - }, this.revocationSignatures, certificate, keyPacket, date, config$1); - } - - /** - * Verifies the user certificate. - * @param {SignaturePacket} certificate - A certificate of this user - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate - * @throws if the user certificate is invalid. - * @async - */ - async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const { issuerKeyID } = certificate; - const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); - if (issuerKeys.length === 0) { - return null; - } - await Promise.all(issuerKeys.map(async key => { - const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); - if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { - throw new Error('User certificate is revoked'); - } - try { - await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('User certificate is invalid', e); - } - })); - return true; - } + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); + const wrappedKey = await wrap(kdfParams.cipher, Z, m); + return { publicKey, wrappedKey }; + } - /** - * Verifies all user certificates - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllCertifications(verificationKeys, date = new Date(), config) { - const that = this; - const certifications = this.selfCertifications.concat(this.otherCertifications); - return Promise.all(certifications.map(async certification => ({ - keyID: certification.issuerKeyID, - valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) - }))); + /** + * Generate ECDHE secret from private key and public part of ephemeral key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ + async function genPrivateEphemeralKey(curve, V, Q, d) { + if (d.length !== curve.payloadSize) { + const privateKey = new Uint8Array(curve.payloadSize); + privateKey.set(d, curve.payloadSize - d.length); + d = privateKey; } - - /** - * Verify User. Checks for existence of self signatures, revocation signatures - * and validity of self signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} Status of user. - * @throws {Error} if there are no valid self signatures. - * @async - */ - async verify(date = new Date(), config) { - if (!this.selfCertifications.length) { - throw new Error('No self-certifications found'); + switch (curve.type) { + case 'curve25519Legacy': { + const secretKey = d.slice().reverse(); + const sharedKey = await recomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey); + return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below } - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // TODO replace when Promise.some or Promise.any are implemented - let exception; - for (let i = this.selfCertifications.length - 1; i >= 0; i--) { - try { - const selfCertification = this.selfCertifications[i]; - if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { - throw new Error('Self-certification is revoked'); - } + case 'web': + if (curve.web && util.getWebCrypto()) { try { - await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('Self-certification is invalid', e); + return await webPrivateEphemeralKey(curve, V, Q, d); + } catch (err) { + util.printDebugError(err); + return jsPrivateEphemeralKey(curve, V, d); } - return true; - } catch (e) { - exception = e; } - } - throw exception; + break; + case 'node': + return nodePrivateEphemeralKey(curve, V, d); + default: + return jsPrivateEphemeralKey(curve, V, d); } + } - /** - * Update user with new components from specified user - * @param {User} sourceUser - Source user to merge - * @param {Date} date - Date to verify the validity of signatures - * @param {Object} config - Full configuration - * @returns {Promise} - * @async - */ - async update(sourceUser, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // self signatures - await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { - try { - await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); - return true; - } catch (e) { - return false; - } - }); - // other signatures - await mergeSignatures(sourceUser, this, 'otherCertifications', date); - // revocation signatures - await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); - }); + /** + * Decrypt and unwrap the value derived from session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} C - Encrypted and wrapped value derived from session key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise} Value derived from session key. + * @async + */ + async function decrypt$1(oid, kdfParams, V, C, Q, d, fingerprint) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + checkPublicPointEnconding(curve, V); + const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + let err; + for (let i = 0; i < 3; i++) { + try { + // Work around old go crypto bug and old OpenPGP.js bug, respectively. + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); + return decode$1(await unwrap(kdfParams.cipher, Z, C)); + } catch (e) { + err = e; + } } + throw err; + } - /** - * Revokes the user - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New user with revocation signature. - * @async - */ - async revoke( - primaryKey, + async function jsPrivateEphemeralKey(curve, V, d) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V); + const sharedKey = sharedSecretWithParity.subarray(1); + return { secretKey: d, sharedKey }; + } + + async function jsPublicEphemeralKey(curve, Q) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + const { publicKey: V, privateKey: v } = await curve.genKeyPair(); + + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q); + const sharedKey = sharedSecretWithParity.subarray(1); + return { publicKey: V, sharedKey }; + } + + /** + * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ + async function webPrivateEphemeralKey(curve, V, Q, d) { + const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d); + let privateKey = webCrypto.importKey( + 'jwk', + recipient, { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.certRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await user.update(this); - return user; - } + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V); + let sender = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + [] + ); + [privateKey, sender] = await Promise.all([privateKey, sender]); + let S = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: sender + }, + privateKey, + curve.sharedSize + ); + let secret = webCrypto.exportKey( + 'jwk', + privateKey + ); + [S, secret] = await Promise.all([S, secret]); + const sharedKey = new Uint8Array(S); + const secretKey = b64ToUint8Array(secret.d); + return { secretKey, sharedKey }; + } + + /** + * Generate ECDHE ephemeral key and secret from public key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ + async function webPublicEphemeralKey(curve, Q) { + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q); + let keyPair = webCrypto.generateKey( + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + let recipient = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + false, + [] + ); + [keyPair, recipient] = await Promise.all([keyPair, recipient]); + let s = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: recipient + }, + keyPair.privateKey, + curve.sharedSize + ); + let p = webCrypto.exportKey( + 'jwk', + keyPair.publicKey + ); + [s, p] = await Promise.all([s, p]); + const sharedKey = new Uint8Array(s); + const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte)); + return { publicKey, sharedKey }; + } + + /** + * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ + async function nodePrivateEphemeralKey(curve, V, d) { + const recipient = nodeCrypto.createECDH(curve.node); + recipient.setPrivateKey(d); + const sharedKey = new Uint8Array(recipient.computeSecret(V)); + const secretKey = new Uint8Array(recipient.getPrivateKey()); + return { secretKey, sharedKey }; + } + + /** + * Generate ECDHE ephemeral key and secret from public key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ + async function nodePublicEphemeralKey(curve, Q) { + const sender = nodeCrypto.createECDH(curve.node); + sender.generateKeys(); + const sharedKey = new Uint8Array(sender.computeSecret(Q)); + const publicKey = new Uint8Array(sender.getPublicKey()); + return { publicKey, sharedKey }; } + var ecdh = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$1, + encrypt: encrypt$1, + validateParams: validateParams$3 + }); + + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + var elliptic = /*#__PURE__*/Object.freeze({ + __proto__: null, + CurveWithOID: CurveWithOID, + ecdh: ecdh, + ecdhX: ecdh_x, + ecdsa: ecdsa, + eddsa: eddsa, + eddsaLegacy: eddsa_legacy, + generate: generate$1, + getPreferredHashAlgo: getPreferredHashAlgo$1 + }); + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /* + TODO regarding the hash function, read: + https://tools.ietf.org/html/rfc4880#section-13.6 + https://tools.ietf.org/html/rfc4880#section-14 + */ + + const _0n$7 = BigInt(0); + const _1n$9 = BigInt(1); + /** - * @module key/Subkey - * @private + * DSA Sign function + * @param {Integer} hashAlgo + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} x + * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} + * @async */ + async function sign$2(hashAlgo, hashed, g, p, q, x) { + const _0n = BigInt(0); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + x = uint8ArrayToBigInt(x); + + let k; + let r; + let s; + let t; + g = mod$2(g, p); + x = mod$2(x, q); + // If the output size of the chosen hash is larger than the number of + // bits of q, the hash result is truncated to fit by taking the number + // of leftmost bits equal to the number of bits of q. This (possibly + // truncated) hash function result is treated as a number and used + // directly in the DSA signature algorithm. + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + // FIPS-186-4, section 4.6: + // The values of r and s shall be checked to determine if r = 0 or s = 0. + // If either r = 0 or s = 0, a new value of k shall be generated, and the + // signature shall be recalculated. It is extremely unlikely that r = 0 + // or s = 0 if signatures are generated properly. + while (true) { + // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + k = getRandomBigInteger(_1n$9, q); // returns in [1, q-1] + r = mod$2(modExp(g, k, p), q); // (g**k mod p) mod q + if (r === _0n) { + continue; + } + const xr = mod$2(x * r, q); + t = mod$2(h + xr, q); // H(m) + x*r mod q + s = mod$2(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q + if (s === _0n) { + continue; + } + break; + } + return { + r: bigIntToUint8Array(r, 'be', byteLength(p)), + s: bigIntToUint8Array(s, 'be', byteLength(p)) + }; + } /** - * Class that represents a subkey packet and the relevant signatures. - * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID - * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint - * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs - * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo - * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime - * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + * DSA Verify function + * @param {Integer} hashAlgo + * @param {Uint8Array} r + * @param {Uint8Array} s + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} y + * @returns {boolean} + * @async */ - class Subkey { - /** - * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey - * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey - */ - constructor(subkeyPacket, mainKey) { - this.keyPacket = subkeyPacket; - this.bindingSignatures = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } + async function verify$2(hashAlgo, r, s, hashed, g, p, q, y) { + r = uint8ArrayToBigInt(r); + s = uint8ArrayToBigInt(s); - /** - * Transforms structured subkey data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.bindingSignatures); - return packetlist; - } + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - /** - * Shallow clone - * @return {Subkey} - */ - clone() { - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.bindingSignatures = [...this.bindingSignatures]; - subkey.revocationSignatures = [...this.revocationSignatures]; - return subkey; + if (r <= _0n$7 || r >= q || + s <= _0n$7 || s >= q) { + util.printDebug('invalid DSA Signature'); + return false; } - - /** - * Checks if a binding signature of a subkey is revoked - * @param {SignaturePacket} signature - The binding signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the binding signature is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked( - primaryKey, enums.signature.subkeyRevocation, { - key: primaryKey, - bind: this.keyPacket - }, this.revocationSignatures, signature, key, date, config$1 - ); + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + const w = modInv(s, q); // s**-1 mod q + if (w === _0n$7) { + util.printDebug('invalid DSA Signature'); + return false; } - /** - * Verify subkey. Checks for revocation signatures, expiration time - * and valid binding signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} if the subkey is invalid. - * @async - */ - async verify(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - // check subkey binding signatures - const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - // check binding signature is not revoked - if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { - throw new Error('Subkey is revoked'); - } - // check for expiration time - if (isDataExpired(this.keyPacket, bindingSignature, date)) { - throw new Error('Subkey is expired'); - } - return bindingSignature; + g = mod$2(g, p); + y = mod$2(y, p); + const u1 = mod$2(h * w, q); // H(m) * w mod q + const u2 = mod$2(r * w, q); // r * w mod q + const t1 = modExp(g, u1, p); // g**u1 mod p + const t2 = modExp(y, u2, p); // y**u2 mod p + const v = mod$2(mod$2(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q + return v === r; + } + + /** + * Validate DSA parameters + * @param {Uint8Array} p - DSA prime + * @param {Uint8Array} q - DSA group order + * @param {Uint8Array} g - DSA sub-group generator + * @param {Uint8Array} y - DSA public key + * @param {Uint8Array} x - DSA private key + * @returns {Promise} Whether params are valid. + * @async + */ + async function validateParams$2(p, q, g, y, x) { + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + // Check that 1 < g < p + if (g <= _1n$9 || g >= p) { + return false; } /** - * Returns the expiration time of the subkey or Infinity if key does not expire. - * Returns null if the subkey is invalid. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async + * Check that subgroup order q divides p-1 */ - async getExpirationTime(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - let bindingSignature; - try { - bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - } catch (e) { - return null; - } - const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); - const sigExpiry = bindingSignature.getExpirationTime(); - return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; + if (mod$2(p - _1n$9, q) !== _0n$7) { + return false; } /** - * Update subkey with new components from specified subkey - * @param {Subkey} subkey - Source subkey to merge - * @param {Date} [date] - Date to verify validity of signatures - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if update failed - * @async - */ - async update(subkey, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - if (!this.hasSameFingerprintAs(subkey)) { - throw new Error('Subkey update method: fingerprints of subkeys not equal'); - } - // key packet - if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && - subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { - this.keyPacket = subkey.keyPacket; - } - // update missing binding signatures - const that = this; - const dataToVerify = { key: primaryKey, bind: that.keyPacket }; - await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { - for (let i = 0; i < that.bindingSignatures.length; i++) { - if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { - if (srcBindSig.created > that.bindingSignatures[i].created) { - that.bindingSignatures[i] = srcBindSig; - } - return false; - } - } - try { - await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); - return true; - } catch (e) { - return false; - } - }); - // revocation signatures - await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); - }); + * g has order q + * Check that g ** q = 1 mod p + */ + if (modExp(g, q, p) !== _1n$9) { + return false; } /** - * Revokes the subkey - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New subkey with revocation signature. - * @async + * Check q is large and probably prime (we mainly want to avoid small factors) */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { key: primaryKey, bind: this.keyPacket }; - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.subkeyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await subkey.update(this); - return subkey; + const qSize = BigInt(bitLength(q)); + const _150n = BigInt(150); + if (qSize < _150n || !isProbablePrime(q, null, 32)) { + return false; } - hasSameFingerprintAs(other) { - return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{rq + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const _2n = BigInt(2); + const r = getRandomBigInteger(_2n << (qSize - _1n$9), _2n << qSize); // draw r of same size as q + const rqx = q * r + x; + if (y !== modExp(g, rqx, p)) { + return false; } + + return true; } - ['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { - Subkey.prototype[name] = - function() { - return this.keyPacket[name](); - }; + var dsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$2, + validateParams: validateParams$2, + verify: verify$2 }); - // GPG4Browsers - An OpenPGP implementation in javascript - - // A key revocation certificate can contain the following packets - const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); - const keyPacketTags = new Set([ - enums.packet.publicKey, enums.packet.privateKey, - enums.packet.publicSubkey, enums.packet.privateSubkey - ]); - /** - * Abstract class that represents an OpenPGP key. Must contain a primary key. - * Can contain additional subkeys, signatures, user ids, user attributes. - * @borrows PublicKeyPacket#getKeyID as Key#getKeyID - * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint - * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs - * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo - * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + * @fileoverview Asymmetric cryptography functions + * @module crypto/public_key */ - class Key { - /** - * Transforms packetlist to structured key data - * @param {PacketList} packetlist - The packets that form a key - * @param {Set} disallowedPackets - disallowed packet tags - */ - packetListToStructure(packetlist, disallowedPackets = new Set()) { - let user; - let primaryKeyID; - let subkey; - let ignoreUntil; - for (const packet of packetlist) { - if (packet instanceof UnparseablePacket) { - const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); - if (isUnparseableKeyPacket && !ignoreUntil) { - // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must - // discard all non-key packets that follow, until another (sub)key packet is found. - if (mainKeyPacketTags.has(packet.tag)) { - ignoreUntil = mainKeyPacketTags; - } else { - ignoreUntil = keyPacketTags; - } - } - continue; - } + var publicKey = { + /** @see module:crypto/public_key/rsa */ + rsa: rsa, + /** @see module:crypto/public_key/elgamal */ + elgamal: elgamal, + /** @see module:crypto/public_key/elliptic */ + elliptic: elliptic, + /** @see module:crypto/public_key/dsa */ + dsa: dsa + }; - const tag = packet.constructor.tag; - if (ignoreUntil) { - if (!ignoreUntil.has(tag)) continue; - ignoreUntil = null; - } - if (disallowedPackets.has(tag)) { - throw new Error(`Unexpected packet type: ${tag}`); - } - switch (tag) { - case enums.packet.publicKey: - case enums.packet.secretKey: - if (this.keyPacket) { - throw new Error('Key block contains multiple keys'); - } - this.keyPacket = packet; - primaryKeyID = this.getKeyID(); - if (!primaryKeyID) { - throw new Error('Missing Key ID'); - } - break; - case enums.packet.userID: - case enums.packet.userAttribute: - user = new User(packet, this); - this.users.push(user); - break; - case enums.packet.publicSubkey: - case enums.packet.secretSubkey: - user = null; - subkey = new Subkey(packet, this); - this.subkeys.push(subkey); - break; - case enums.packet.signature: - switch (packet.signatureType) { - case enums.signature.certGeneric: - case enums.signature.certPersona: - case enums.signature.certCasual: - case enums.signature.certPositive: - if (!user) { - util.printDebug('Dropping certification signatures without preceding user packet'); - continue; - } - if (packet.issuerKeyID.equals(primaryKeyID)) { - user.selfCertifications.push(packet); - } else { - user.otherCertifications.push(packet); - } - break; - case enums.signature.certRevocation: - if (user) { - user.revocationSignatures.push(packet); - } else { - this.directSignatures.push(packet); - } - break; - case enums.signature.key: - this.directSignatures.push(packet); - break; - case enums.signature.subkeyBinding: - if (!subkey) { - util.printDebug('Dropping subkey binding signature without preceding subkey packet'); - continue; - } - subkey.bindingSignatures.push(packet); - break; - case enums.signature.keyRevocation: - this.revocationSignatures.push(packet); - break; - case enums.signature.subkeyRevocation: - if (!subkey) { - util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); - continue; - } - subkey.revocationSignatures.push(packet); - break; - } - break; - } - } - } + /** + * @fileoverview Provides functions for asymmetric signing and signature verification + * @module crypto/signature + */ - /** - * Transforms structured key data to packetlist - * @returns {PacketList} The packets that form a key. - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.directSignatures); - this.users.map(user => packetlist.push(...user.toPacketList())); - this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); - return packetlist; - } - /** - * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. - * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. - * @returns {Promise} Clone of the key. - */ - clone(clonePrivateParams = false) { - const key = new this.constructor(this.toPacketList()); - if (clonePrivateParams) { - key.getKeys().forEach(k => { - // shallow clone the key packets - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - if (!k.keyPacket.isDecrypted()) return; - // deep clone the private params, which are cleared during encryption - const privateParams = {}; - Object.keys(k.keyPacket.privateParams).forEach(name => { - privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); - }); - k.keyPacket.privateParams = privateParams; - }); + /** + * Parse signature in binary form to get the parameters. + * The returned values are only padded for EdDSA, since in the other cases their expected length + * depends on the key params, hence we delegate the padding to the signature verification function. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Uint8Array} signature - Data for which the signature was created + * @returns {Promise} True if signature is valid. + * @async + */ + function parseSignatureParams(algo, signature) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA signatures: + // - MPI of RSA signature value m**d mod n. + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + // The signature needs to be the same length as the public key modulo n. + // We pad s on signature verification, where we have access to n. + return { read, signatureParams: { s } }; + } + // Algorithm-Specific Fields for DSA or ECDSA signatures: + // - MPI of DSA or ECDSA value r. + // - MPI of DSA or ECDSA value s. + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + { + // If the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for legacy EdDSA signatures: + // - MPI of an EC point r. + // - EdDSA value s, in MPI, in the little endian representation + case enums.publicKey.eddsaLegacy: { + // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature + // verification: if the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + // Algorithm-Specific Fields for Ed448 signatures: + // - 114 octets of the native signature + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo); + const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length; + return { read, signatureParams: { RS } }; } - return key; - } - /** - * Returns an array containing all public or private subkeys matching keyID; - * If no keyID is given, returns all subkeys. - * @param {type/keyID} [keyID] - key ID to look for - * @returns {Array} array of subkeys - */ - getSubkeys(keyID = null) { - const subkeys = this.subkeys.filter(subkey => ( - !keyID || subkey.getKeyID().equals(keyID, true) - )); - return subkeys; + default: + throw new UnsupportedError('Unknown signature algorithm.'); } + } - /** - * Returns an array containing all public or private keys matching keyID. - * If no keyID is given, returns all keys, starting with the primary key. - * @param {type/keyid~KeyID} [keyID] - key ID to look for - * @returns {Array} array of keys - */ - getKeys(keyID = null) { - const keys = []; - if (!keyID || this.getKeyID().equals(keyID, true)) { - keys.push(this); + /** + * Verifies the signature provided for data using specified algorithms and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} signature - Named algorithm-specific signature parameters + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Data for which the signature was created + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} True if signature is valid. + * @async + */ + async function verify$1(algo, hashAlgo, signature, publicParams, data, hashed) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto + return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); } - return keys.concat(this.getSubkeys(keyID)); + case enums.publicKey.dsa: { + const { g, p, q, y } = publicParams; + const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers + return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); + } + case enums.publicKey.ecdsa: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // padding needed for webcrypto + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values: + // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); } + } - /** - * Returns key IDs of all keys - * @returns {Array} - */ - getKeyIDs() { - return this.getKeys().map(key => key.getKeyID()); + /** + * Creates a signature on data using specified algorithms and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters + * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters + * @param {Uint8Array} data - Data to be signed + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} Signature Object containing named signature parameters. + * @async + */ + async function sign$1(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { + if (!publicKeyParams || !privateKeyParams) { + throw new Error('Missing key parameters'); } - - /** - * Returns userIDs - * @returns {Array} Array of userIDs. - */ - getUserIDs() { - return this.users.map(user => { - return user.userID ? user.userID.userID : null; - }).filter(userID => userID !== null); + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); + return { s }; + } + case enums.publicKey.dsa: { + const { g, p, q } = publicKeyParams; + const { x } = privateKeyParams; + return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); + } + case enums.publicKey.elgamal: + throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); + case enums.publicKey.ecdsa: { + const { oid, Q } = publicKeyParams; + const { d } = privateKeyParams; + return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); } + } - /** - * Returns binary encoded key - * @returns {Uint8Array} Binary key. - */ - write() { - return this.toPacketList().write(); - } + var signature = /*#__PURE__*/Object.freeze({ + __proto__: null, + parseSignatureParams: parseSignatureParams, + sign: sign$1, + verify: verify$1 + }); - /** - * Returns last created key or key by given keyID that is available for signing and verification - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} signing key - * @throws if no valid signing key was found - * @async - */ - async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature( - subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 - ); - if (!isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) { - continue; - } - if (!bindingSignature.embeddedSignature) { - throw new Error('Missing embedded signature'); - } - // verify embedded signature - await getLatestValidSignature( - [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 - ); - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } catch (e) { - exception = e; - } - } - } + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - try { - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config$1)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; + + class ECDHSymmetricKey { + constructor(data) { + if (data) { + this.data = data; } - throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); } /** - * Returns last created key or key by given keyID that is available for encryption or decryption - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} encryption key - * @throws if no valid encryption key was found - * @async + * Read an ECDHSymmetricKey from an Uint8Array: + * - 1 octect for the length `l` + * - `l` octects of encoded session key data + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. */ - async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - // V4: by convention subkeys are preferred for encryption service - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) { - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } - } catch (e) { - exception = e; - } - } - } - - try { - // if no valid subkey for encryption, evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) { - checkKeyRequirements(primaryKey, config$1); - return this; + read(bytes) { + if (bytes.length >= 1) { + const length = bytes[0]; + if (bytes.length >= 1 + length) { + this.data = bytes.subarray(1, 1 + length); + return 1 + this.data.length; } - } catch (e) { - exception = e; } - throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + throw new Error('Invalid symmetric key'); } /** - * Checks if a signature on a key is revoked - * @param {SignaturePacket} signature - The signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the certificate is revoked. - * @async + * Write an ECDHSymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - return isDataRevoked( - this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 - ); + write() { + return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); } + } - /** - * Verify primary key. Checks for revocation signatures, expiration time - * and valid self signature. Throws if the primary key is invalid. - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} If key verification failed - * @async - */ - async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - // check for key revocation signatures - if (await this.isRevoked(null, null, date, config$1)) { - throw new Error('Primary key is revoked'); - } - // check for valid, unrevoked, unexpired self signature - const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); - // check for expiration time in binding signatures - if (isDataExpired(primaryKey, selfCertification, date)) { - throw new Error('Primary key is expired'); - } - // check for expiration time in direct signatures - const directSignature = await getLatestValidSignature( - this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 - ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (directSignature && isDataExpired(primaryKey, directSignature, date)) { - throw new Error('Primary key is expired'); - } - } + /** + * Implementation of type KDF parameters + * + * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: + * A key derivation function (KDF) is necessary to implement the EC + * encryption. The Concatenation Key Derivation Function (Approved + * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is + * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. + * @module type/kdf_params + * @private + */ + + class KDFParams { /** - * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. - * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. - * @param {Object} [userID] - User ID to consider instead of the primary user - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async + * @param {enums.hash} hash - Hash algorithm + * @param {enums.symmetric} cipher - Symmetric algorithm */ - async getExpirationTime(userID, config$1 = config) { - let primaryKeyExpiry; - try { - const { selfCertification } = await this.getPrimaryUser(null, userID, config$1); - const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); - const selfSigExpiry = selfCertification.getExpirationTime(); - const directSignature = await getLatestValidSignature( - this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 - ).catch(() => {}); - if (directSignature) { - const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); - // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, - // causing a discountinous validy period for the key - primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); - } else { - primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; - } - } catch (e) { - primaryKeyExpiry = null; + constructor(data) { + if (data) { + const { hash, cipher } = data; + this.hash = hash; + this.cipher = cipher; + } else { + this.hash = null; + this.cipher = null; } - - return util.normalizeDate(primaryKeyExpiry); } - /** - * Returns primary user and most significant (latest valid) self signature - * - if multiple primary users exist, returns the one with the latest self signature - * - otherwise, returns the user with the latest self signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * user: User, - * selfCertification: SignaturePacket - * }>} The primary user and the self signature - * @async + * Read KDFParams from an Uint8Array + * @param {Uint8Array} input - Where to read the KDFParams from + * @returns {Number} Number of read bytes. */ - async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const users = []; - let exception; - for (let i = 0; i < this.users.length; i++) { - try { - const user = this.users[i]; - if (!user.userID) { - continue; - } - if ( - (userID.name !== undefined && user.userID.name !== userID.name) || - (userID.email !== undefined && user.userID.email !== userID.email) || - (userID.comment !== undefined && user.userID.comment !== userID.comment) - ) { - throw new Error('Could not find user that matches that user ID'); - } - const dataToVerify = { userID: user.userID, key: primaryKey }; - const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); - users.push({ index: i, user, selfCertification }); - } catch (e) { - exception = e; - } - } - if (!users.length) { - throw exception || new Error('Could not find primary user'); - } - await Promise.all(users.map(async function (a) { - return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); - })); - // sort by primary user flag and signature creation time - const primaryUser = users.sort(function(a, b) { - const A = a.selfCertification; - const B = b.selfCertification; - return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; - }).pop(); - const { user, selfCertification: cert } = primaryUser; - if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { - throw new Error('Primary user is revoked'); + read(input) { + if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { + throw new UnsupportedError('Cannot read KDFParams'); } - return primaryUser; + this.hash = input[2]; + this.cipher = input[3]; + return 4; } /** - * Update key with new components from specified key with same key ID: - * users, subkeys, certificates are merged into the destination key, - * duplicates and expired signatures are ignored. - * - * If the source key is a private key and the destination key is public, - * a private key is returned. - * @param {Key} sourceKey - Source key to merge - * @param {Date} [date] - Date to verify validity of signatures and keys - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} updated key - * @async + * Write KDFParams to an Uint8Array + * @returns {Uint8Array} Array with the KDFParams value */ - async update(sourceKey, date = new Date(), config$1 = config) { - if (!this.hasSameFingerprintAs(sourceKey)) { - throw new Error('Primary key fingerprints must be equal to update the key'); - } - if (!this.isPrivate() && sourceKey.isPrivate()) { - // check for equal subkey packets - const equal = (this.subkeys.length === sourceKey.subkeys.length) && - (this.subkeys.every(destSubkey => { - return sourceKey.subkeys.some(srcSubkey => { - return destSubkey.hasSameFingerprintAs(srcSubkey); - }); - })); - if (!equal) { - throw new Error('Cannot update public key with private key if subkeys mismatch'); - } + write() { + return new Uint8Array([3, 1, this.hash, this.cipher]); + } + } - return sourceKey.update(this, config$1); - } - // from here on, either: - // - destination key is private, source key is public - // - the keys are of the same type - // hence we don't need to convert the destination key type - const updatedKey = this.clone(); - // revocation signatures - await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { - return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); - }); - // direct signatures - await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); - // update users - await Promise.all(sourceKey.users.map(async srcUser => { - // multiple users with the same ID/attribute are not explicitly disallowed by the spec - // hence we support them, just in case - const usersToUpdate = updatedKey.users.filter(dstUser => ( - (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || - (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) - )); - if (usersToUpdate.length > 0) { - await Promise.all( - usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) - ); - } else { - const newUser = srcUser.clone(); - newUser.mainKey = updatedKey; - updatedKey.users.push(newUser); - } - })); - // update subkeys - await Promise.all(sourceKey.subkeys.map(async srcSubkey => { - // multiple subkeys with same fingerprint might be preset - const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( - dstSubkey.hasSameFingerprintAs(srcSubkey) - )); - if (subkeysToUpdate.length > 0) { - await Promise.all( - subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) - ); - } else { - const newSubkey = srcSubkey.clone(); - newSubkey.mainKey = updatedKey; - updatedKey.subkeys.push(newSubkey); - } - })); + /** + * Encoded symmetric key for x25519 and x448 + * The payload format varies for v3 and v6 PKESK: + * the former includes an algorithm byte preceeding the encrypted session key. + * + * @module type/x25519x448_symkey + */ - return updatedKey; + + class ECDHXSymmetricKey { + static fromObject({ wrappedKey, algorithm }) { + const instance = new ECDHXSymmetricKey(); + instance.wrappedKey = wrappedKey; + instance.algorithm = algorithm; + return instance; } /** - * Get revocation certificate from a revoked key. - * (To get a revocation certificate for an unrevoked key, call revoke() first.) - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Armored revocation certificate. - * @async + * - 1 octect for the length `l` + * - `l` octects of encoded session key data (with optional leading algorithm byte) + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. */ - async getRevocationCertificate(date = new Date(), config$1 = config) { - const dataToVerify = { key: this.keyPacket }; - const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); - const packetlist = new PacketList(); - packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); + read(bytes) { + let read = 0; + let followLength = bytes[read++]; + this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even + followLength -= followLength % 2; + this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength; } /** - * Applies a revocation certificate to a key - * This adds the first signature packet in the armored text to the key, - * if it is a valid revocation signature. - * @param {String} revocationCertificate - armored revocation certificate - * @param {Date} [date] - Date to verify the certificate - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Revoked key. - * @async + * Write an MontgomerySymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data */ - async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { - const input = await unarmor(revocationCertificate, config$1); - const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); - const revocationSignature = packetlist.findPacket(enums.packet.signature); - if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { - throw new Error('Could not find revocation signature packet'); + write() { + return util.concatUint8Array([ + this.algorithm ? + new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : + new Uint8Array([this.wrappedKey.length]), + this.wrappedKey + ]); + } + } + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Encrypts data using specified algorithm and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. + * @param {module:enums.publicKey} keyAlgo - Public key algorithm + * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only) + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Session key data to be encrypted + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @returns {Promise} Encrypted session key parameters. + * @async + */ + async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const { n, e } = publicParams; + const c = await publicKey.rsa.encrypt(data, n, e); + return { c }; } - if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { - throw new Error('Revocation signature does not match key'); + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + return publicKey.elgamal.encrypt(data, p, g, y); } - try { - await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); - } catch (e) { - throw util.wrapError('Could not verify revocation signature', e); + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicParams; + const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( + oid, kdfParams, data, Q, fingerprint); + return { V, C: new ECDHSymmetricKey(C) }; } - const key = this.clone(); - key.revocationSignatures.push(revocationSignature); - return key; + case enums.publicKey.x25519: + case enums.publicKey.x448: { + if (symmetricAlgo && !util.isAES(symmetricAlgo)) { + // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 + throw new Error('X25519 and X448 keys can only encrypt AES session keys'); + } + const { A } = publicParams; + const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( + keyAlgo, data, A); + const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); + return { ephemeralPublicKey, C }; + } + default: + return []; } + } - /** - * Signs primary user of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signPrimaryUser(privateKeys, date, userID, config$1 = config) { - const { index, user } = await this.getPrimaryUser(date, userID, config$1); - const userSign = await user.certify(privateKeys, date, config$1); - const key = this.clone(); - key.users[index] = userSign; - return key; + /** + * Decrypts data using specified algorithm and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Object} publicKeyParams - Algorithm-specific public key parameters + * @param {Object} privateKeyParams - Algorithm-specific private key parameters + * @param {Object} sessionKeyParams - Encrypted session key parameters + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing + * (needed for constant-time processing in RSA and ElGamal) + * @returns {Promise} Decrypted data. + * @throws {Error} on sensitive decryption error, unless `randomPayload` is given + * @async + */ + async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: { + const { c } = sessionKeyParams; + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); + } + case enums.publicKey.elgamal: { + const { c1, c2 } = sessionKeyParams; + const p = publicKeyParams.p; + const x = privateKeyParams.x; + return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicKeyParams; + const { d } = privateKeyParams; + const { V, C } = sessionKeyParams; + return publicKey.elliptic.ecdh.decrypt( + oid, kdfParams, V, C.data, Q, d, fingerprint); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicKeyParams; + const { k } = privateKeyParams; + const { ephemeralPublicKey, C } = sessionKeyParams; + if (C.algorithm !== null && !util.isAES(C.algorithm)) { + throw new Error('AES session key expected'); + } + return publicKey.elliptic.ecdhX.decrypt( + algo, ephemeralPublicKey, C.wrappedKey, A, k); + } + default: + throw new Error('Unknown public key encryption algorithm.'); + } + } + + /** + * Parse public key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. + */ + function parsePublicKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; + const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; + return { read, publicParams: { n, e } }; + } + case enums.publicKey.dsa: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, q, g, y } }; + } + case enums.publicKey.elgamal: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, g, y } }; + } + case enums.publicKey.ecdsa: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.eddsaLegacy: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + if (oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + Q = util.leftPad(Q, 33); + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.ecdh: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); + return { read: read, publicParams: { oid, Q, kdfParams } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length; + return { read, publicParams: { A } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); + } + } + + /** + * Parse private key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @param {Object} publicParams - (ECC only) public params, needed to format some private params + * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. + */ + function parsePrivateKeyParams(algo, bytes, publicParams) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; + return { read, privateParams: { d, p, q, u } }; + } + case enums.publicKey.dsa: + case enums.publicKey.elgamal: { + const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; + return { read, privateParams: { x } }; + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + d = util.leftPad(d, payloadSize); + return { read, privateParams: { d } }; + } + case enums.publicKey.eddsaLegacy: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; + seed = util.leftPad(seed, payloadSize); + return { read, privateParams: { seed } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const payloadSize = getCurvePayloadSize(algo); + const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length; + return { read, privateParams: { seed } }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const payloadSize = getCurvePayloadSize(algo); + const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length; + return { read, privateParams: { k } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } + } - /** - * Signs all users of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for signing, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signAllUsers(privateKeys, date = new Date(), config$1 = config) { - const key = this.clone(); - key.users = await Promise.all(this.users.map(function(user) { - return user.certify(privateKeys, date, config$1); - })); - return key; - } + /** Returns the types comprising the encrypted session key of an algorithm + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {Object} The session key parameters referenced by name. + */ + function parseEncSessionKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA encrypted session keys: + // - MPI of RSA encrypted value m**e mod n. + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const c = util.readMPI(bytes.subarray(read)); + return { c }; + } - /** - * Verifies primary user of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { - const primaryKey = this.keyPacket; - const { user } = await this.getPrimaryUser(date, userID, config$1); - const results = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - return results; + // Algorithm-Specific Fields for Elgamal encrypted session keys: + // - MPI of Elgamal value g**k mod p + // - MPI of Elgamal value m * y**k mod p + case enums.publicKey.elgamal: { + const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; + const c2 = util.readMPI(bytes.subarray(read)); + return { c1, c2 }; + } + // Algorithm-Specific Fields for ECDH encrypted session keys: + // - MPI containing the ephemeral key used to establish the shared secret + // - ECDH Symmetric Key + case enums.publicKey.ecdh: { + const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; + const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); + return { V, C }; + } + // Algorithm-Specific Fields for X25519 or X448 encrypted session keys: + // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448). + // - A one-octet size of the following fields. + // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). + // - The encrypted session key. + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const pointSize = getCurvePayloadSize(algo); + const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length; + const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); + return { ephemeralPublicKey, C }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } + } - /** - * Verifies all users of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of userID, signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { - const primaryKey = this.keyPacket; - const results = []; - await Promise.all(this.users.map(async user => { - const signatures = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + /** + * Convert params to MPI and serializes them in the proper order + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} params - The key parameters indexed by name + * @returns {Uint8Array} The array containing the MPIs. + */ + function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([ + enums.publicKey.ed25519, + enums.publicKey.x25519, + enums.publicKey.ed448, + enums.publicKey.x448 + ]); + const orderedParams = Object.keys(params).map(name => { + const param = params[name]; + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); + }); + return util.concatUint8Array(orderedParams); + } - results.push(...signatures.map( - signature => ({ - userID: user.userID ? user.userID.userID : null, - userAttribute: user.userAttribute, - keyID: signature.keyID, - valid: signature.valid - })) - ); - })); - return results; + /** + * Generate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Integer} bits - Bit length for RSA keys + * @param {module:type/oid} oid - Object identifier for ECC keys + * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. + * @async + */ + function generateParams(algo, bits, oid) { + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ + privateParams: { d, p, q, u }, + publicParams: { n, e } + })); + case enums.publicKey.ecdsa: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { d: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { seed: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.ecdh: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ + privateParams: { d: secret }, + publicParams: { + oid: new OID(oid), + Q, + kdfParams: new KDFParams({ hash, cipher }) + } + })); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ + privateParams: { k }, + publicParams: { A } + })); + case enums.publicKey.dsa: + case enums.publicKey.elgamal: + throw new Error('Unsupported algorithm for key generation.'); + default: + throw new Error('Unknown public key algorithm.'); } } - ['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { - Key.prototype[name] = - Subkey.prototype[name]; - }); - - // This library is free software; you can redistribute it and/or - /** - * Class that represents an OpenPGP Public Key + * Validate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Object} privateParams - Algorithm-specific private key parameters + * @returns {Promise} Whether the parameters are valid. + * @async */ - class PublicKey extends Key { - /** - * @param {PacketList} packetlist - The packets that form this key - */ - constructor(packetlist) { - super(); - this.keyPacket = null; - this.revocationSignatures = []; - this.directSignatures = []; - this.users = []; - this.subkeys = []; - if (packetlist) { - this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing public-key packet'); - } + async function validateParams$1(algo, publicParams, privateParams) { + if (!publicParams || !privateParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const { d, p, q, u } = privateParams; + return publicKey.rsa.validateParams(n, e, d, p, q, u); + } + case enums.publicKey.dsa: { + const { p, q, g, y } = publicParams; + const { x } = privateParams; + return publicKey.dsa.validateParams(p, q, g, y, x); + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + const { x } = privateParams; + return publicKey.elgamal.validateParams(p, g, y, x); + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; + const { oid, Q } = publicParams; + const { d } = privateParams; + return algoModule.validateParams(oid, Q, d); + } + case enums.publicKey.eddsaLegacy: { + const { Q, oid } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicParams; + const { k } = privateParams; + return publicKey.elliptic.ecdhX.validateParams(algo, A, k); } - } - - /** - * Returns true if this is a private key - * @returns {false} - */ - isPrivate() { - return false; - } - - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - return this; - } - - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + default: + throw new Error('Unknown public key algorithm.'); } } /** - * Class that represents an OpenPGP Private key + * Generates a random byte prefix for the specified algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. + * @async */ - class PrivateKey extends PublicKey { - /** - * @param {PacketList} packetlist - The packets that form this key + async function getPrefixRandom(algo) { + const { blockSize } = getCipherParams(algo); + const prefixrandom = await getRandomBytes(blockSize); + const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); + return util.concat([prefixrandom, repeat]); + } + + /** + * Generating a session key for the specified symmetric algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Uint8Array} Random bytes as a string to be used as a key. */ - constructor(packetlist) { - super(); - this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing private-key packet'); - } - } + function generateSessionKey$1(algo) { + const { keySize } = getCipherParams(algo); + return getRandomBytes(keySize); + } - /** - * Returns true if this is a private key - * @returns {Boolean} - */ - isPrivate() { - return true; - } + /** + * Get implementation of the given AEAD mode + * @param {enums.aead} algo + * @returns {Object} + * @throws {Error} on invalid algo + */ + function getAEADMode(algo) { + const algoName = enums.read(enums.aead, algo); + return mode[algoName]; + } - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - const packetlist = new PacketList(); - const keyPackets = this.toPacketList(); - for (const keyPacket of keyPackets) { - switch (keyPacket.constructor.tag) { - case enums.packet.secretKey: { - const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); - packetlist.push(pubKeyPacket); - break; - } - case enums.packet.secretSubkey: { - const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); - packetlist.push(pubSubkeyPacket); - break; - } - default: - packetlist.push(keyPacket); - } - } - return new PublicKey(packetlist); + /** + * Check whether the given curve OID is supported + * @param {module:type/oid} oid - EC object identifier + * @throws {UnsupportedError} if curve is not supported + */ + function checkSupportedCurve(oid) { + try { + oid.getName(); + } catch (e) { + throw new UnsupportedError('Unknown curve OID'); } + } - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + /** + * Get encoded secret size for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ + function getCurvePayloadSize(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: + case enums.publicKey.eddsaLegacy: + return new publicKey.elliptic.CurveWithOID(oid).payloadSize; + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPayloadSize(algo); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.getPayloadSize(algo); + default: + throw new Error('Unknown elliptic algo'); } + } - /** - * Returns all keys that are available for decryption, matching the keyID when given - * This is useful to retrieve keys for session key decryption - * @param {module:type/keyid~KeyID} keyID, optional - * @param {Date} date, optional - * @param {String} userID, optional - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} Array of decryption keys. - * @async - */ - async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const keys = []; - for (let i = 0; i < this.subkeys.length; i++) { - if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { - try { - const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; - const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidDecryptionKeyPacket(bindingSignature, config$1)) { - keys.push(this.subkeys[i]); - } - } catch (e) {} - } - } - - // evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && - isValidDecryptionKeyPacket(primaryUser.selfCertification, config$1)) { - keys.push(this); - } - - return keys; + /** + * Get preferred signing hash algo for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ + function getPreferredCurveHashAlgo(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.getPreferredHashAlgo(oid); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); + default: + throw new Error('Unknown elliptic signing algo'); } + } - /** - * Returns true if the primary key or any subkey is decrypted. - * A dummy key is considered encrypted. - */ - isDecrypted() { - return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); - } + var crypto$2 = /*#__PURE__*/Object.freeze({ + __proto__: null, + generateParams: generateParams, + generateSessionKey: generateSessionKey$1, + getAEADMode: getAEADMode, + getCipherParams: getCipherParams, + getCurvePayloadSize: getCurvePayloadSize, + getPreferredCurveHashAlgo: getPreferredCurveHashAlgo, + getPrefixRandom: getPrefixRandom, + parseEncSessionKeyParams: parseEncSessionKeyParams, + parsePrivateKeyParams: parsePrivateKeyParams, + parsePublicKeyParams: parsePublicKeyParams, + publicKeyDecrypt: publicKeyDecrypt, + publicKeyEncrypt: publicKeyEncrypt, + serializeParams: serializeParams, + validateParams: validateParams$1 + }); - /** - * Check whether the private and public primary key parameters correspond - * Together with verification of binding signatures, this guarantees key integrity - * In case of gnu-dummy primary key, it is enough to validate any signing subkeys - * otherwise all encryption subkeys are validated - * If only gnu-dummy keys are found, we cannot properly validate so we throw an error - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if validation was not successful and the key cannot be trusted - * @async - */ - async validate(config$1 = config) { - if (!this.isPrivate()) { - throw new Error('Cannot validate a public key'); - } + /** + * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js + * @see module:crypto/crypto + * @see module:crypto/signature + * @see module:crypto/public_key + * @see module:crypto/cipher + * @see module:crypto/random + * @see module:crypto/hash + * @module crypto + */ - let signingKeyPacket; - if (!this.keyPacket.isDummy()) { - signingKeyPacket = this.keyPacket; - } else { - /** - * It is enough to validate any signing keys - * since its binding signatures are also checked - */ - const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); - // This could again be a dummy key - if (signingKey && !signingKey.keyPacket.isDummy()) { - signingKeyPacket = signingKey.keyPacket; - } - } - if (signingKeyPacket) { - return signingKeyPacket.validate(); - } else { - const keys = this.getKeys(); - const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); - if (allDummies) { - throw new Error('Cannot validate an all-gnu-dummy key'); - } + // TODO move cfb and gcm to cipher + const mod$1 = { + /** @see module:crypto/cipher */ + cipher: cipher, + /** @see module:crypto/hash */ + hash: hash$1, + /** @see module:crypto/mode */ + mode: mode, + /** @see module:crypto/public_key */ + publicKey: publicKey, + /** @see module:crypto/signature */ + signature: signature, + /** @see module:crypto/random */ + random: random, + /** @see module:crypto/pkcs1 */ + pkcs1: pkcs1, + /** @see module:crypto/pkcs5 */ + pkcs5: pkcs5, + /** @see module:crypto/aes_kw */ + aesKW: aesKW + }; - return Promise.all(keys.map(async key => key.keyPacket.validate())); + Object.assign(mod$1, crypto$2); + + const ARGON2_TYPE = 0x02; // id + const ARGON2_VERSION = 0x13; + const ARGON2_SALT_SIZE = 16; + + class Argon2OutOfMemoryError extends Error { + constructor(...params) { + super(...params); + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, Argon2OutOfMemoryError); } - } - /** - * Clear private key parameters - */ - clearPrivateParams() { - this.getKeys().forEach(({ keyPacket }) => { - if (keyPacket.isDecrypted()) { - keyPacket.clearPrivateParams(); - } - }); + this.name = 'Argon2OutOfMemoryError'; } + } + + // cache argon wasm module + let loadArgonWasmModule; + let argon2Promise; + // reload wasm module above this treshold, to deallocated used memory + const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19; + class Argon2S2K { /** - * Revokes the key - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New key with revocation signature. - * @async - */ - async revoke( - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - if (!this.isPrivate()) { - throw new Error('Need private key for revoking'); - } - const dataToSign = { key: this.keyPacket }; - const key = this.clone(); - key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.keyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, undefined, config$1)); - return key; + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params; + + this.type = 'argon2'; + /** + * 16 bytes of salt + * @type {Uint8Array} + */ + this.salt = null; + /** + * number of passes + * @type {Integer} + */ + this.t = passes; + /** + * degree of parallelism (lanes) + * @type {Integer} + */ + this.p = parallelism; + /** + * exponent indicating memory size + * @type {Integer} + */ + this.encodedM = memoryExponent; } + generateSalt() { + this.salt = mod$1.random.getRandomBytes(ARGON2_SALT_SIZE); + } /** - * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. - * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. - * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA - * @param {String} options.curve (optional) Elliptic curve for ECC keys - * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date (optional) Override the creation date of the key and the key signatures - * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false - * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} - * @async - */ - async addSubkey(options = {}) { - const config$1 = { ...config, ...options.config }; - if (options.passphrase) { - throw new Error('Subkey could not be encrypted here, please encrypt whole key'); - } - if (options.rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); - } - const secretKeyPacket = this.keyPacket; - if (secretKeyPacket.isDummy()) { - throw new Error('Cannot add subkey to gnu-dummy primary key'); - } - if (!secretKeyPacket.isDecrypted()) { - throw new Error('Key is not decrypted'); - } - const defaultOptions = secretKeyPacket.getAlgorithmInfo(); - defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA - defaultOptions.rsaBits = defaultOptions.bits || 4096; - defaultOptions.curve = defaultOptions.curve || 'curve25519'; - options = sanitizeKeyOptions(options, defaultOptions); - const keyPacket = await generateSecretSubkey(options); - checkKeyRequirements(keyPacket, config$1); - const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); - const packetList = this.toPacketList(); - packetList.push(keyPacket, bindingSignature); - return new PrivateKey(packetList); - } - } + * Parsing function for argon2 string-to-key specifier. + * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; - // OpenPGP.js - An OpenPGP implementation in javascript + this.salt = bytes.subarray(i, i + 16); + i += 16; - // A Key can contain the following packets - const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ - PublicKeyPacket, - PublicSubkeyPacket, - SecretKeyPacket, - SecretSubkeyPacket, - UserIDPacket, - UserAttributePacket, - SignaturePacket - ]); + this.t = bytes[i++]; + this.p = bytes[i++]; + this.encodedM = bytes[i++]; // memory size exponent, one-octect - /** - * Creates a PublicKey or PrivateKey depending on the packetlist in input - * @param {PacketList} - packets to parse - * @return {Key} parsed key - * @throws if no key packet was found - */ - function createKey(packetlist) { - for (const packet of packetlist) { - switch (packet.constructor.tag) { - case enums.packet.secretKey: - return new PrivateKey(packetlist); - case enums.packet.publicKey: - return new PublicKey(packetlist); - } + return i; } - throw new Error('No key packet found'); - } + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + const arr = [ + new Uint8Array([enums.write(enums.s2k, this.type)]), + this.salt, + new Uint8Array([this.t, this.p, this.encodedM]) + ]; - /** - * Generates a new OpenPGP key. Supports RSA and ECC keys. - * By default, primary and subkeys will be of same type. - * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA - * @param {String} options.curve Elliptic curve for ECC keys - * @param {Integer} options.rsaBits Number of bits for RSA keys - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Creation date of the key and the key signatures - * @param {Object} config - Full configuration - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ - async function generate$4(options, config) { - options.sign = true; // primary key is always a signing key - options = sanitizeKeyOptions(options); - options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); - let promises = [generateSecretKey(options, config)]; - promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); - const packets = await Promise.all(promises); + return util.concatUint8Array(arr); + } - const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; - } + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to `keySize` + * @throws {Argon2OutOfMemoryError|Errors} + * @async + */ + async produceKey(passphrase, keySize) { + const decodedM = 2 << (this.encodedM - 1); - /** - * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. - * @param {PrivateKey} options.privateKey The private key to reformat - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Override the creation date of the key signatures - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * @param {Object} config - Full configuration - * - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ - async function reformat(options, config) { - options = sanitize(options); - const { privateKey } = options; + try { + // on first load, the argon2 lib is imported and the WASM module is initialized. + // the two steps need to be atomic to avoid race conditions causing multiple wasm modules + // being loaded when `argon2Promise` is not initialized. + loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index$1; })).default; + argon2Promise = argon2Promise || loadArgonWasmModule(); + + // important to keep local ref to argon2 in case the module is reloaded by another instance + const argon2 = await argon2Promise; + + const passwordBytes = util.encodeUTF8(passphrase); + const hash = argon2({ + version: ARGON2_VERSION, + type: ARGON2_TYPE, + password: passwordBytes, + salt: this.salt, + tagLength: keySize, + memorySize: decodedM, + parallelism: this.p, + passes: this.t + }); - if (!privateKey.isPrivate()) { - throw new Error('Cannot reformat a public key'); + // a lot of memory was used, reload to deallocate + if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) { + // it will be awaited if needed at the next `produceKey` invocation + argon2Promise = loadArgonWasmModule(); + argon2Promise.catch(() => {}); + } + return hash; + } catch (e) { + if (e.message && ( + e.message.includes('Unable to grow instance memory') || // Chrome + e.message.includes('failed to grow memory') || // Firefox + e.message.includes('WebAssembly.Memory.grow') || // Safari + e.message.includes('Out of memory') // Safari iOS + )) { + throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2'); + } else { + throw e; + } + } } + } - if (privateKey.keyPacket.isDummy()) { - throw new Error('Cannot reformat a gnu-dummy primary key'); + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + class GenericS2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(s2kType, config$1 = config) { + /** + * Hash function identifier, or 0 for gnu-dummy keys + * @type {module:enums.hash | 0} + */ + this.algorithm = enums.hash.sha256; + /** + * enums.s2k identifier or 'gnu-dummy' + * @type {String} + */ + this.type = enums.read(enums.s2k, s2kType); + /** @type {Integer} */ + this.c = config$1.s2kIterationCountByte; + /** Eight bytes of salt in a binary string. + * @type {Uint8Array} + */ + this.salt = null; } - const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); - if (!isDecrypted) { - throw new Error('Key is not decrypted'); + generateSalt() { + switch (this.type) { + case 'salted': + case 'iterated': + this.salt = mod$1.random.getRandomBytes(8); + } } - const secretKeyPacket = privateKey.keyPacket; + getCount() { + // Exponent bias, defined in RFC4880 + const expbias = 6; - if (!options.subkeys) { - options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { - const secretSubkeyPacket = subkey.keyPacket; - const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; - const bindingSignature = await ( - getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) - ).catch(() => ({})); - return { - sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) - }; - })); + return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); } - const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); - if (options.subkeys.length !== secretSubkeyPackets.length) { - throw new Error('Number of subkey options does not match number of subkeys'); - } + /** + * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). + * @param {Uint8Array} bytes - Payload of string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; + this.algorithm = bytes[i++]; - options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); + switch (this.type) { + case 'simple': + break; - const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; + case 'salted': + this.salt = bytes.subarray(i, i + 8); + i += 8; + break; - function sanitize(options, subkeyDefaults = {}) { - options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; + case 'iterated': + this.salt = bytes.subarray(i, i + 8); + i += 8; - return options; - } - } + // Octet 10: count, a one-octet, coded value + this.c = bytes[i++]; + break; - /** - * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection - * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. - * @param {SecretKeyPacket} secretKeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPackets - * @param {Object} options - * @param {Object} config - Full configuration - * @returns {PrivateKey} - */ - async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { - // set passphrase protection - if (options.passphrase) { - await secretKeyPacket.encrypt(options.passphrase, config); - } + case 'gnu': + if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { + i += 3; // GNU + const gnuExtType = 1000 + bytes[i++]; + if (gnuExtType === 1001) { + this.type = 'gnu-dummy'; + // GnuPG extension mode 1001 -- don't write secret key at all + } else { + throw new UnsupportedError('Unknown s2k gnu protection mode.'); + } + } else { + throw new UnsupportedError('Unknown s2k type.'); + } + break; - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - await secretSubkeyPacket.encrypt(subkeyPassphrase, config); + default: + throw new UnsupportedError('Unknown s2k type.'); // unreachable } - })); - const packetlist = new PacketList(); - packetlist.push(secretKeyPacket); + return i; + } - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + if (this.type === 'gnu-dummy') { + return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); } + const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; - - const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; - signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; - signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ - // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) - enums.symmetric.aes256, - enums.symmetric.aes128, - enums.symmetric.aes192 - ], config.preferredSymmetricAlgorithm); - if (config.aeadProtect) { - signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([ - enums.aead.eax, - enums.aead.ocb - ], config.preferredAEADAlgorithm); - } - signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ - // prefer fast asm.js implementations (SHA-256) - enums.hash.sha256, - enums.hash.sha512 - ], config.preferredHashAlgorithm); - signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ - enums.compression.zlib, - enums.compression.zip, - enums.compression.uncompressed - ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } - // integrity protection always enabled - signatureProperties.features = [0]; - signatureProperties.features[0] |= enums.features.modificationDetection; - if (config.aeadProtect) { - signatureProperties.features[0] |= enums.features.aead; - } - if (config.v5Keys) { - signatureProperties.features[0] |= enums.features.v5Keys; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; + switch (this.type) { + case 'simple': + break; + case 'salted': + arr.push(this.salt); + break; + case 'iterated': + arr.push(this.salt); + arr.push(new Uint8Array([this.c])); + break; + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); } - const signaturePacket = await createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + return util.concatUint8Array(arr); + } - return { userIDPacket, signaturePacket }; - })).then(list => { - list.forEach(({ userIDPacket, signaturePacket }) => { - packetlist.push(userIDPacket); - packetlist.push(signaturePacket); - }); - }); + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to. + * hashAlgorithm hash length + * @async + */ + async produceKey(passphrase, numBytes) { + passphrase = util.encodeUTF8(passphrase); - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyOptions = options.subkeys[index]; - const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); - return { secretSubkeyPacket, subkeySignaturePacket }; - })).then(packets => { - packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { - packetlist.push(secretSubkeyPacket); - packetlist.push(subkeySignaturePacket); - }); - }); + const arr = []; + let rlength = 0; - // Add revocation signature packet for creating a revocation certificate. - // This packet should be removed before returning the key. - const dataToSign = { key: secretKeyPacket }; - packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.reasonForRevocation.noReason, - reasonForRevocationString: '' - }, options.date, undefined, undefined, undefined, config)); + let prefixlen = 0; + while (rlength < numBytes) { + let toHash; + switch (this.type) { + case 'simple': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); + break; + case 'salted': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); + break; + case 'iterated': { + const data = util.concatUint8Array([this.salt, passphrase]); + let datalen = data.length; + const count = Math.max(this.getCount(), datalen); + toHash = new Uint8Array(prefixlen + count); + toHash.set(data, prefixlen); + for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { + toHash.copyWithin(pos, prefixlen, pos); + } + break; + } + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + const result = await mod$1.hash.digest(this.algorithm, toHash); + arr.push(result); + rlength += result.length; + prefixlen++; + } - if (options.passphrase) { - secretKeyPacket.clearPrivateParams(); + return util.concatUint8Array(arr).subarray(0, numBytes); } + } - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - secretSubkeyPacket.clearPrivateParams(); + const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]); + + /** + * Instantiate a new S2K instance of the given type + * @param {module:enums.s2k} type + * @oaram {Object} [config] + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ + function newS2KFromType(type, config$1 = config) { + switch (type) { + case enums.s2k.argon2: + return new Argon2S2K(config$1); + case enums.s2k.iterated: + case enums.s2k.gnu: + case enums.s2k.salted: + case enums.s2k.simple: + return new GenericS2K(type, config$1); + default: + throw new UnsupportedError('Unsupported S2K type'); + } + } + + /** + * Instantiate a new S2K instance based on the config settings + * @oaram {Object} config + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ + function newS2KFromConfig(config) { + const { s2kType } = config; + + if (!allowedS2KTypesForEncryption.has(s2kType)) { + throw new Error('The provided `config.s2kType` value is not allowed'); + } + + return newS2KFromType(s2kType, config); + } + + // DEFLATE is a complex format; to read this code, you should probably check the RFC first: + // https://tools.ietf.org/html/rfc1951 + // You may also wish to take a look at the guide I made about this program: + // https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad + // Some of the following code is similar to that of UZIP.js: + // https://github.com/photopea/UZIP.js + // However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size. + // Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint + // is better for memory in most engines (I *think*). + + // aliases for shorter compressed code (most minifers don't do this) + var u8 = Uint8Array, u16 = Uint16Array, u32$1 = Uint32Array; + // fixed length extra bits + var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]); + // fixed distance extra bits + // see fleb note + var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]); + // code length index map + var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]); + // get base, reverse index map from extra bits + var freb = function (eb, start) { + var b = new u16(31); + for (var i = 0; i < 31; ++i) { + b[i] = start += 1 << eb[i - 1]; + } + // numbers here are at max 18 bits + var r = new u32$1(b[30]); + for (var i = 1; i < 30; ++i) { + for (var j = b[i]; j < b[i + 1]; ++j) { + r[j] = ((j - b[i]) << 5) | i; + } + } + return [b, r]; + }; + var _a = freb(fleb, 2), fl = _a[0], revfl = _a[1]; + // we can ignore the fact that the other numbers are wrong; they never happen anyway + fl[28] = 258, revfl[258] = 28; + var _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1]; + // map of value to reverse (assuming 16 bits) + var rev = new u16(32768); + for (var i = 0; i < 32768; ++i) { + // reverse table algorithm from SO + var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1); + x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2); + x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4); + rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1; + } + // create huffman tree from u8 "map": index -> code length for code index + // mb (max bits) must be at most 15 + // TODO: optimize/split up? + var hMap = (function (cd, mb, r) { + var s = cd.length; + // index + var i = 0; + // u16 "map": index -> # of codes with bit length = index + var l = new u16(mb); + // length of cd must be 288 (total # of codes) + for (; i < s; ++i) { + if (cd[i]) + ++l[cd[i] - 1]; + } + // u16 "map": index -> minimum code for bit length = index + var le = new u16(mb); + for (i = 0; i < mb; ++i) { + le[i] = (le[i - 1] + l[i - 1]) << 1; + } + var co; + if (r) { + // u16 "map": index -> number of actual bits, symbol for code + co = new u16(1 << mb); + // bits to remove for reverser + var rvb = 15 - mb; + for (i = 0; i < s; ++i) { + // ignore 0 lengths + if (cd[i]) { + // num encoding both symbol and bits read + var sv = (i << 4) | cd[i]; + // free bits + var r_1 = mb - cd[i]; + // start value + var v = le[cd[i] - 1]++ << r_1; + // m is end value + for (var m = v | ((1 << r_1) - 1); v <= m; ++v) { + // every 16 bit value starting with the code yields the same result + co[rev[v] >>> rvb] = sv; + } + } + } + } + else { + co = new u16(s); + for (i = 0; i < s; ++i) { + if (cd[i]) { + co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]); + } + } + } + return co; + }); + // fixed length tree + var flt = new u8(288); + for (var i = 0; i < 144; ++i) + flt[i] = 8; + for (var i = 144; i < 256; ++i) + flt[i] = 9; + for (var i = 256; i < 280; ++i) + flt[i] = 7; + for (var i = 280; i < 288; ++i) + flt[i] = 8; + // fixed distance tree + var fdt = new u8(32); + for (var i = 0; i < 32; ++i) + fdt[i] = 5; + // fixed length map + var flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1); + // fixed distance map + var fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1); + // find max of array + var max = function (a) { + var m = a[0]; + for (var i = 1; i < a.length; ++i) { + if (a[i] > m) + m = a[i]; + } + return m; + }; + // read d, starting at bit p and mask with m + var bits = function (d, p, m) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m; + }; + // read d, starting at bit p continuing for at least 16 bits + var bits16 = function (d, p) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7)); + }; + // get end of byte + var shft = function (p) { return ((p + 7) / 8) | 0; }; + // typed array slice - allows garbage collector to free original reference, + // while being more compatible than .slice + var slc = function (v, s, e) { + if (s == null || s < 0) + s = 0; + if (e == null || e > v.length) + e = v.length; + // can't use .constructor in case user-supplied + var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32$1 : u8)(e - s); + n.set(v.subarray(s, e)); + return n; + }; + // error codes + var ec = [ + 'unexpected EOF', + 'invalid block type', + 'invalid length/literal', + 'invalid distance', + 'stream finished', + 'no stream handler', + , + 'no callback', + 'invalid UTF-8 data', + 'extra field too long', + 'date not in range 1980-2099', + 'filename too long', + 'stream finishing', + 'invalid zip data' + // determined by unknown compression method + ]; + var err = function (ind, msg, nt) { + var e = new Error(msg || ec[ind]); + e.code = ind; + if (Error.captureStackTrace) + Error.captureStackTrace(e, err); + if (!nt) + throw e; + return e; + }; + // expands raw DEFLATE data + var inflt = function (dat, buf, st) { + // source length + var sl = dat.length; + if (!sl || (st && st.f && !st.l)) + return buf || new u8(0); + // have to estimate size + var noBuf = !buf || st; + // no state + var noSt = !st || st.i; + if (!st) + st = {}; + // Assumes roughly 33% compression ratio average + if (!buf) + buf = new u8(sl * 3); + // ensure buffer can fit at least l elements + var cbuf = function (l) { + var bl = buf.length; + // need to increase size to fit + if (l > bl) { + // Double or set to necessary, whichever is greater + var nbuf = new u8(Math.max(bl * 2, l)); + nbuf.set(buf); + buf = nbuf; + } + }; + // last chunk bitpos bytes + var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n; + // total bits + var tbts = sl * 8; + do { + if (!lm) { + // BFINAL - this is only 1 when last chunk is next + final = bits(dat, pos, 1); + // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman + var type = bits(dat, pos + 1, 3); + pos += 3; + if (!type) { + // go to end of byte boundary + var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l; + if (t > sl) { + if (noSt) + err(0); + break; + } + // ensure size + if (noBuf) + cbuf(bt + l); + // Copy over uncompressed data + buf.set(dat.subarray(s, t), bt); + // Get new bitpos, update byte count + st.b = bt += l, st.p = pos = t * 8, st.f = final; + continue; + } + else if (type == 1) + lm = flrm, dm = fdrm, lbt = 9, dbt = 5; + else if (type == 2) { + // literal lengths + var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4; + var tl = hLit + bits(dat, pos + 5, 31) + 1; + pos += 14; + // length+distance tree + var ldt = new u8(tl); + // code length tree + var clt = new u8(19); + for (var i = 0; i < hcLen; ++i) { + // use index map to get real code + clt[clim[i]] = bits(dat, pos + i * 3, 7); + } + pos += hcLen * 3; + // code lengths bits + var clb = max(clt), clbmsk = (1 << clb) - 1; + // code lengths map + var clm = hMap(clt, clb, 1); + for (var i = 0; i < tl;) { + var r = clm[bits(dat, pos, clbmsk)]; + // bits read + pos += r & 15; + // symbol + var s = r >>> 4; + // code length to copy + if (s < 16) { + ldt[i++] = s; + } + else { + // copy count + var c = 0, n = 0; + if (s == 16) + n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1]; + else if (s == 17) + n = 3 + bits(dat, pos, 7), pos += 3; + else if (s == 18) + n = 11 + bits(dat, pos, 127), pos += 7; + while (n--) + ldt[i++] = c; + } + } + // length tree distance tree + var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit); + // max length bits + lbt = max(lt); + // max dist bits + dbt = max(dt); + lm = hMap(lt, lbt, 1); + dm = hMap(dt, dbt, 1); + } + else + err(1); + if (pos > tbts) { + if (noSt) + err(0); + break; + } + } + // Make sure the buffer can hold this + the largest possible addition + // Maximum chunk size (practically, theoretically infinite) is 2^17; + if (noBuf) + cbuf(bt + 131072); + var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1; + var lpos = pos; + for (;; lpos = pos) { + // bits read, code + var c = lm[bits16(dat, pos) & lms], sym = c >>> 4; + pos += c & 15; + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (!c) + err(2); + if (sym < 256) + buf[bt++] = sym; + else if (sym == 256) { + lpos = pos, lm = null; + break; + } + else { + var add = sym - 254; + // no extra bits needed if less + if (sym > 264) { + // index + var i = sym - 257, b = fleb[i]; + add = bits(dat, pos, (1 << b) - 1) + fl[i]; + pos += b; + } + // dist + var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4; + if (!d) + err(3); + pos += d & 15; + var dt = fd[dsym]; + if (dsym > 3) { + var b = fdeb[dsym]; + dt += bits16(dat, pos) & ((1 << b) - 1), pos += b; + } + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (noBuf) + cbuf(bt + 131072); + var end = bt + add; + for (; bt < end; bt += 4) { + buf[bt] = buf[bt - dt]; + buf[bt + 1] = buf[bt + 1 - dt]; + buf[bt + 2] = buf[bt + 2 - dt]; + buf[bt + 3] = buf[bt + 3 - dt]; + } + bt = end; + } + } + st.l = lm, st.p = lpos, st.b = bt, st.f = final; + if (lm) + final = 1, st.m = lbt, st.d = dm, st.n = dbt; + } while (!final); + return bt == buf.length ? buf : slc(buf, 0, bt); + }; + // starting at p, write the minimum number of bits that can hold v to d + var wbits = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + }; + // starting at p, write the minimum number of bits (>8) that can hold v to d + var wbits16 = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + d[o + 2] |= v >>> 16; + }; + // creates code lengths from a frequency table + var hTree = function (d, mb) { + // Need extra info to make a tree + var t = []; + for (var i = 0; i < d.length; ++i) { + if (d[i]) + t.push({ s: i, f: d[i] }); + } + var s = t.length; + var t2 = t.slice(); + if (!s) + return [et, 0]; + if (s == 1) { + var v = new u8(t[0].s + 1); + v[t[0].s] = 1; + return [v, 1]; + } + t.sort(function (a, b) { return a.f - b.f; }); + // after i2 reaches last ind, will be stopped + // freq must be greater than largest possible number of symbols + t.push({ s: -1, f: 25001 }); + var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2; + t[0] = { s: -1, f: l.f + r.f, l: l, r: r }; + // efficient algorithm from UZIP.js + // i0 is lookbehind, i2 is lookahead - after processing two low-freq + // symbols that combined have high freq, will start processing i2 (high-freq, + // non-composite) symbols instead + // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/ + while (i1 != s - 1) { + l = t[t[i0].f < t[i2].f ? i0++ : i2++]; + r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++]; + t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r }; + } + var maxSym = t2[0].s; + for (var i = 1; i < s; ++i) { + if (t2[i].s > maxSym) + maxSym = t2[i].s; + } + // code lengths + var tr = new u16(maxSym + 1); + // max bits in tree + var mbt = ln(t[i1 - 1], tr, 0); + if (mbt > mb) { + // more algorithms from UZIP.js + // TODO: find out how this code works (debt) + // ind debt + var i = 0, dt = 0; + // left cost + var lft = mbt - mb, cst = 1 << lft; + t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; }); + for (; i < s; ++i) { + var i2_1 = t2[i].s; + if (tr[i2_1] > mb) { + dt += cst - (1 << (mbt - tr[i2_1])); + tr[i2_1] = mb; + } + else + break; + } + dt >>>= lft; + while (dt > 0) { + var i2_2 = t2[i].s; + if (tr[i2_2] < mb) + dt -= 1 << (mb - tr[i2_2]++ - 1); + else + ++i; + } + for (; i >= 0 && dt; --i) { + var i2_3 = t2[i].s; + if (tr[i2_3] == mb) { + --tr[i2_3]; + ++dt; + } + } + mbt = mb; + } + return [new u8(tr), mbt]; + }; + // get the max length and assign length codes + var ln = function (n, l, d) { + return n.s == -1 + ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1)) + : (l[n.s] = d); + }; + // length codes generation + var lc = function (c) { + var s = c.length; + // Note that the semicolon was intentional + while (s && !c[--s]) + ; + var cl = new u16(++s); + // ind num streak + var cli = 0, cln = c[0], cls = 1; + var w = function (v) { cl[cli++] = v; }; + for (var i = 1; i <= s; ++i) { + if (c[i] == cln && i != s) + ++cls; + else { + if (!cln && cls > 2) { + for (; cls > 138; cls -= 138) + w(32754); + if (cls > 2) { + w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305); + cls = 0; + } + } + else if (cls > 3) { + w(cln), --cls; + for (; cls > 6; cls -= 6) + w(8304); + if (cls > 2) + w(((cls - 3) << 5) | 8208), cls = 0; + } + while (cls--) + w(cln); + cls = 1; + cln = c[i]; + } + } + return [cl.subarray(0, cli), s]; + }; + // calculate the length of output from tree, code lengths + var clen = function (cf, cl) { + var l = 0; + for (var i = 0; i < cl.length; ++i) + l += cf[i] * cl[i]; + return l; + }; + // writes a fixed block + // returns the new bit pos + var wfblk = function (out, pos, dat) { + // no need to write 00 as type: TypedArray defaults to 0 + var s = dat.length; + var o = shft(pos + 2); + out[o] = s & 255; + out[o + 1] = s >>> 8; + out[o + 2] = out[o] ^ 255; + out[o + 3] = out[o + 1] ^ 255; + for (var i = 0; i < s; ++i) + out[o + i + 4] = dat[i]; + return (o + 4 + s) * 8; + }; + // writes a block + var wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) { + wbits(out, p++, final); + ++lf[256]; + var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1]; + var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1]; + var _c = lc(dlt), lclt = _c[0], nlc = _c[1]; + var _d = lc(ddt), lcdt = _d[0], ndc = _d[1]; + var lcfreq = new u16(19); + for (var i = 0; i < lclt.length; ++i) + lcfreq[lclt[i] & 31]++; + for (var i = 0; i < lcdt.length; ++i) + lcfreq[lcdt[i] & 31]++; + var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1]; + var nlcc = 19; + for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc) + ; + var flen = (bl + 5) << 3; + var ftlen = clen(lf, flt) + clen(df, fdt) + eb; + var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]); + if (flen <= ftlen && flen <= dtlen) + return wfblk(out, p, dat.subarray(bs, bs + bl)); + var lm, ll, dm, dl; + wbits(out, p, 1 + (dtlen < ftlen)), p += 2; + if (dtlen < ftlen) { + lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt; + var llm = hMap(lct, mlcb, 0); + wbits(out, p, nlc - 257); + wbits(out, p + 5, ndc - 1); + wbits(out, p + 10, nlcc - 4); + p += 14; + for (var i = 0; i < nlcc; ++i) + wbits(out, p + 3 * i, lct[clim[i]]); + p += 3 * nlcc; + var lcts = [lclt, lcdt]; + for (var it = 0; it < 2; ++it) { + var clct = lcts[it]; + for (var i = 0; i < clct.length; ++i) { + var len = clct[i] & 31; + wbits(out, p, llm[len]), p += lct[len]; + if (len > 15) + wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12; + } + } + } + else { + lm = flm, ll = flt, dm = fdm, dl = fdt; + } + for (var i = 0; i < li; ++i) { + if (syms[i] > 255) { + var len = (syms[i] >>> 18) & 31; + wbits16(out, p, lm[len + 257]), p += ll[len + 257]; + if (len > 7) + wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len]; + var dst = syms[i] & 31; + wbits16(out, p, dm[dst]), p += dl[dst]; + if (dst > 3) + wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst]; + } + else { + wbits16(out, p, lm[syms[i]]), p += ll[syms[i]]; + } + } + wbits16(out, p, lm[256]); + return p + ll[256]; + }; + // deflate options (nice << 13) | chain + var deo = /*#__PURE__*/ new u32$1([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]); + // empty + var et = /*#__PURE__*/ new u8(0); + // compresses data into a raw DEFLATE buffer + var dflt = function (dat, lvl, plvl, pre, post, lst) { + var s = dat.length; + var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post); + // writing to this writes to the output buffer + var w = o.subarray(pre, o.length - post); + var pos = 0; + if (!lvl || s < 8) { + for (var i = 0; i <= s; i += 65535) { + // end + var e = i + 65535; + if (e >= s) { + // write final block + w[pos >> 3] = lst; + } + pos = wfblk(w, pos + 1, dat.subarray(i, e)); + } } - })); - - return new PrivateKey(packetlist); - } - + else { + var opt = deo[lvl - 1]; + var n = opt >>> 13, c = opt & 8191; + var msk_1 = (1 << plvl) - 1; + // prev 2-byte val map curr 2-byte val map + var prev = new u16(32768), head = new u16(msk_1 + 1); + var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1; + var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; }; + // 24576 is an arbitrary number of maximum symbols per block + // 424 buffer for last block + var syms = new u32$1(25000); + // length/literal freq distance freq + var lf = new u16(288), df = new u16(32); + // l/lcnt exbits index l/lind waitdx bitpos + var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0; + for (; i < s; ++i) { + // hash value + // deopt when i > s - 3 - at end, deopt acceptable + var hv = hsh(i); + // index mod 32768 previous index mod + var imod = i & 32767, pimod = head[hv]; + prev[imod] = pimod; + head[hv] = imod; + // We always should modify head and prev, but only add symbols if + // this data is not yet processed ("wait" for wait index) + if (wi <= i) { + // bytes remaining + var rem = s - i; + if ((lc_1 > 7000 || li > 24576) && rem > 423) { + pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos); + li = lc_1 = eb = 0, bs = i; + for (var j = 0; j < 286; ++j) + lf[j] = 0; + for (var j = 0; j < 30; ++j) + df[j] = 0; + } + // len dist chain + var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767; + if (rem > 2 && hv == hsh(i - dif)) { + var maxn = Math.min(n, rem) - 1; + var maxd = Math.min(32767, i); + // max possible length + // not capped at dif because decompressors implement "rolling" index population + var ml = Math.min(258, rem); + while (dif <= maxd && --ch_1 && imod != pimod) { + if (dat[i + l] == dat[i + l - dif]) { + var nl = 0; + for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl) + ; + if (nl > l) { + l = nl, d = dif; + // break out early when we reach "nice" (we are satisfied enough) + if (nl > maxn) + break; + // now, find the rarest 2-byte sequence within this + // length of literals and search for that instead. + // Much faster than just using the start + var mmd = Math.min(dif, nl - 2); + var md = 0; + for (var j = 0; j < mmd; ++j) { + var ti = (i - dif + j + 32768) & 32767; + var pti = prev[ti]; + var cd = (ti - pti + 32768) & 32767; + if (cd > md) + md = cd, pimod = ti; + } + } + } + // check the previous match + imod = pimod, pimod = prev[imod]; + dif += (imod - pimod + 32768) & 32767; + } + } + // d will be nonzero only when a match was found + if (d) { + // store both dist and len data in one Uint32 + // Make sure this is recognized as a len/dist with 28th bit (2^28) + syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d]; + var lin = revfl[l] & 31, din = revfd[d] & 31; + eb += fleb[lin] + fdeb[din]; + ++lf[257 + lin]; + ++df[din]; + wi = i + l; + ++lc_1; + } + else { + syms[li++] = dat[i]; + ++lf[dat[i]]; + } + } + } + pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos); + // this is the easiest way to avoid needing to maintain state + if (!lst && pos & 7) + pos = wfblk(w, pos + 1, et); + } + return slc(o, 0, pre + shft(pos) + post); + }; + // Alder32 + var adler = function () { + var a = 1, b = 0; + return { + p: function (d) { + // closures have awful performance + var n = a, m = b; + var l = d.length | 0; + for (var i = 0; i != l;) { + var e = Math.min(i + 2655, l); + for (; i < e; ++i) + m += n += d[i]; + n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16); + } + a = n, b = m; + }, + d: function () { + a %= 65521, b %= 65521; + return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8); + } + }; + }; + // deflate with opts + var dopt = function (dat, opt, pre, post, st) { + return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st); + }; + // write bytes + var wbytes = function (d, b, v) { + for (; v; ++b) + d[b] = v, v >>>= 8; + }; + // zlib header + var zlh = function (c, o) { + var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2; + c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1); + }; + // zlib footer: -4 to -0 is Adler32 /** - * Reads an (optionally armored) OpenPGP key and returns a key object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static + * Streaming DEFLATE compression */ - async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { - throw new Error('Armored text not of type key'); + var Deflate = /*#__PURE__*/ (function () { + function Deflate(opts, cb) { + if (!cb && typeof opts == 'function') + cb = opts, opts = {}; + this.ondata = cb; + this.o = opts || {}; } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return createKey(packetlist); - } - + Deflate.prototype.p = function (c, f) { + this.ondata(dopt(c, this.o, 0, 0, !f), f); + }; + /** + * Pushes a chunk to be deflated + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Deflate.prototype.push = function (chunk, final) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + this.d = final; + this.p(chunk, final || false); + }; + return Deflate; + }()); /** - * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static + * Streaming DEFLATE decompression */ - async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readPrivateKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.privateKey)) { - throw new Error('Armored text not of type private key'); - } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return new PrivateKey(packetlist); - } - + var Inflate = /*#__PURE__*/ (function () { + /** + * Creates an inflation stream + * @param cb The callback to call whenever data is inflated + */ + function Inflate(cb) { + this.s = {}; + this.p = new u8(0); + this.ondata = cb; + } + Inflate.prototype.e = function (c) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + var l = this.p.length; + var n = new u8(l + c.length); + n.set(this.p), n.set(c, l), this.p = n; + }; + Inflate.prototype.c = function (final) { + this.d = this.s.i = final || false; + var bts = this.s.b; + var dt = inflt(this.p, this.o, this.s); + this.ondata(slc(dt, bts, this.s.b), this.d); + this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length; + this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7; + }; + /** + * Pushes a chunk to be inflated + * @param chunk The chunk to push + * @param final Whether this is the final chunk + */ + Inflate.prototype.push = function (chunk, final) { + this.e(chunk), this.c(final); + }; + return Inflate; + }()); /** - * Reads an (optionally armored) OpenPGP key block and returns a list of key objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static + * Streaming Zlib compression */ - async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { - throw new Error('Armored text not of type key'); + var Zlib = /*#__PURE__*/ (function () { + function Zlib(opts, cb) { + this.c = adler(); + this.v = 1; + Deflate.call(this, opts, cb); } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = createKey(oneKeyList); - keys.push(newKey); - } - return keys; - } - + /** + * Pushes a chunk to be zlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Zlib.prototype.push = function (chunk, final) { + Deflate.prototype.push.call(this, chunk, final); + }; + Zlib.prototype.p = function (c, f) { + this.c.p(c); + var raw = dopt(c, this.o, this.v && 2, f && 4, !f); + if (this.v) + zlh(raw, this.o), this.v = 0; + if (f) + wbytes(raw, raw.length - 4, this.c.d()); + this.ondata(raw, f); + }; + return Zlib; + }()); /** - * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static + * Streaming Zlib decompression */ - async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readPrivateKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); - } - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.privateKey) { - throw new Error('Armored text not of type private key'); + var Unzlib = /*#__PURE__*/ (function () { + /** + * Creates a Zlib decompression stream + * @param cb The callback to call whenever data is inflated + */ + function Unzlib(cb) { + this.v = 1; + Inflate.call(this, cb); } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No secret key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = new PrivateKey(oneKeyList); - keys.push(newKey); - } - return keys; + /** + * Pushes a chunk to be unzlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Unzlib.prototype.push = function (chunk, final) { + Inflate.prototype.e.call(this, chunk); + if (this.v) { + if (this.p.length < 2 && !final) + return; + this.p = this.p.subarray(2), this.v = 0; + } + if (final) { + if (this.p.length < 4) + err(6, 'invalid zlib data'); + this.p = this.p.subarray(0, -4); + } + // necessary to prevent TS from using the closure value + // This allows for workerization to function correctly + Inflate.prototype.c.call(this, final); + }; + return Unzlib; + }()); + // text decoder + var td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder(); + // text decoder stream + var tds = 0; + try { + td.decode(et, { stream: true }); + tds = 1; } + catch (e) { } // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // A Message can contain the following packets - const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - AEADEncryptedDataPacket, - SymEncryptedIntegrityProtectedDataPacket, - SymmetricallyEncryptedDataPacket, - PublicKeyEncryptedSessionKeyPacket, - SymEncryptedSessionKeyPacket, - OnePassSignaturePacket, - SignaturePacket - ]); - // A SKESK packet can contain the following packets - const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); - // A detached signature can contain the following packets - const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); /** - * Class that represents an OpenPGP message. - * Can be an encrypted message, signed message, compressed message or literal message - * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + * Implementation of the Literal Data Packet (Tag 11) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: + * A Literal Data packet contains the body of a message; data that is not to be + * further interpreted. */ - class Message { - /** - * @param {PacketList} packetlist - The packets that form this message - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); + class LiteralDataPacket { + static get tag() { + return enums.packet.literalData; } /** - * Returns the key IDs of the keys to which the session key is encrypted - * @returns {Array} Array of keyID objects. + * @param {Date} date - The creation date of the literal package */ - getEncryptionKeyIDs() { - const keyIDs = []; - const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - pkESKeyPacketlist.forEach(function(packet) { - keyIDs.push(packet.publicKeyID); - }); - return keyIDs; + constructor(date = new Date()) { + this.format = enums.literal.utf8; // default format for literal data packets + this.date = util.normalizeDate(date); + this.text = null; // textual data representation + this.data = null; // literal data representation + this.filename = ''; + } + + /** + * Set the packet data to a javascript native string, end of line + * will be normalized to \r\n and by default text is converted to UTF8 + * @param {String | ReadableStream} text - Any native javascript string + * @param {enums.literal} [format] - The format of the string of bytes + */ + setText(text, format = enums.literal.utf8) { + this.format = format; + this.text = text; + this.data = null; } /** - * Returns the key IDs of the keys that signed the message - * @returns {Array} Array of keyID objects. + * Returns literal data packets as native JavaScript string + * with normalized end of line to \n + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {String | ReadableStream} Literal data as text. */ - getSigningKeyIDs() { - const msg = this.unwrapCompressed(); - // search for one pass signatures - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); - if (onePassSigList.length > 0) { - return onePassSigList.map(packet => packet.issuerKeyID); + getText(clone = false) { + if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read + this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); } - // if nothing found look for signature packets - const signatureList = msg.packets.filterByTag(enums.packet.signature); - return signatureList.map(packet => packet.issuerKeyID); + return this.text; } /** - * Decrypt the message. Either a private key, a session key, or a password must be specified. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Date} [date] - Use the given date for key verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with decrypted content. - * @async + * Set the packet data to value represented by the provided string of bytes. + * @param {Uint8Array | ReadableStream} bytes - The string of bytes + * @param {enums.literal} format - The format of the string of bytes */ - async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { - const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config$1); + setBytes(bytes, format) { + this.format = format; + this.data = bytes; + this.text = null; + } - const symEncryptedPacketlist = this.packets.filterByTag( - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ); - if (symEncryptedPacketlist.length === 0) { - throw new Error('No encrypted data found'); + /** + * Get the byte sequence representing the literal packet data + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {Uint8Array | ReadableStream} A sequence of bytes. + */ + getBytes(clone = false) { + if (this.data === null) { + // encode UTF8 and normalize EOL to \r\n + this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); } + if (clone) { + return passiveClone(this.data); + } + return this.data; + } - const symEncryptedPacket = symEncryptedPacketlist[0]; - let exception = null; - const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { - if (!util.isUint8Array(data) || !util.isString(algorithmName)) { - throw new Error('Invalid session key for decryption.'); - } - - try { - const algo = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.decrypt(algo, data, config$1); - } catch (e) { - util.printDebugError(e); - exception = e; - } - })); - // We don't await stream.cancel here because it only returns when the other copy is canceled too. - cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. - symEncryptedPacket.encrypted = null; - await decryptedPromise; - if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { - throw exception || new Error('Decryption failed.'); - } + /** + * Sets the filename of the literal packet data + * @param {String} filename - Any native javascript string + */ + setFilename(filename) { + this.filename = filename; + } - const resultMsg = new Message(symEncryptedPacket.packets); - symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - return resultMsg; + /** + * Get the filename of the literal packet data + * @returns {String} Filename. + */ + getFilename() { + return this.filename; } /** - * Decrypt encrypted session keys either with private keys or passwords. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Date} [date] - Use the given date for key verification, instead of current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * Parsing function for a literal data packet (tag 11). + * + * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet + * @returns {Promise} Object representation. * @async */ - async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config$1 = config) { - let decryptedSessionKeyPackets = []; + async read(bytes) { + await parse(bytes, async reader => { + // - A one-octet field that describes how the data is formatted. + const format = await reader.readByte(); // enums.literal - let exception; - if (passwords) { - const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); - if (skeskPackets.length === 0) { - throw new Error('No symmetrically encrypted session key packet found.'); - } - await Promise.all(passwords.map(async function(password, i) { - let packets; - if (i) { - packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); - } else { - packets = skeskPackets; - } - await Promise.all(packets.map(async function(skeskPacket) { - try { - await skeskPacket.decrypt(password); - decryptedSessionKeyPackets.push(skeskPacket); - } catch (err) { - util.printDebugError(err); - } - })); - })); - } else if (decryptionKeys) { - const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - if (pkeskPackets.length === 0) { - throw new Error('No public key encrypted session key packet found.'); - } - await Promise.all(pkeskPackets.map(async function(pkeskPacket) { - await Promise.all(decryptionKeys.map(async function(decryptionKey) { - let algos = [ - enums.symmetric.aes256, // Old OpenPGP.js default fallback - enums.symmetric.aes128, // RFC4880bis fallback - enums.symmetric.tripledes, // RFC4880 fallback - enums.symmetric.cast5 // Golang OpenPGP fallback - ]; - try { - const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config$1); // TODO: Pass userID from somewhere. - if (primaryUser.selfCertification.preferredSymmetricAlgorithms) { - algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms); - } - } catch (e) {} + const filename_len = await reader.readByte(); + this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - // do not check key expiration to allow decryption of old messages - const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); - await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { - if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) { - return; - } - if (!decryptionKeyPacket.isDecrypted()) { - throw new Error('Decryption key is not decrypted.'); - } + this.date = util.readDate(await reader.readBytes(4)); - // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. - const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal - ); + let data = reader.remainder(); + if (isArrayStream(data)) data = await readToEnd(data); + this.setBytes(data, format); + }); + } - if (doConstantTimeDecryption) { - // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, - // either with the successfully decrypted session key, or with a randomly generated one. - // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on - // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: - // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the - // randomly generated keys of the remaining key types. - // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly - // generated session keys. - // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. + /** + * Creates a Uint8Array representation of the packet, excluding the data + * + * @returns {Uint8Array} Uint8Array representation of the packet. + */ + writeHeader() { + const filename = util.encodeUTF8(this.filename); + const filename_length = new Uint8Array([filename.length]); - const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times - await Promise.all(Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => { - const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); - pkeskPacketCopy.read(serialisedPKESK); - const randomSessionKey = { - sessionKeyAlgorithm, - sessionKey: mod.generateSessionKey(sessionKeyAlgorithm) - }; - try { - await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); - decryptedSessionKeyPackets.push(pkeskPacketCopy); - } catch (err) { - // `decrypt` can still throw some non-security-sensitive errors - util.printDebugError(err); - exception = err; - } - })); + const format = new Uint8Array([this.format]); + const date = util.writeDate(this.date); - } else { - try { - await pkeskPacket.decrypt(decryptionKeyPacket); - if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) { - throw new Error('A non-preferred symmetric algorithm was used.'); - } - decryptedSessionKeyPackets.push(pkeskPacket); - } catch (err) { - util.printDebugError(err); - exception = err; - } - } - })); - })); - cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. - pkeskPacket.encrypted = null; - })); - } else { - throw new Error('No key or password specified.'); - } + return util.concatUint8Array([format, filename_length, filename, date]); + } - if (decryptedSessionKeyPackets.length > 0) { - // Return only unique session keys - if (decryptedSessionKeyPackets.length > 1) { - const seen = new Set(); - decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { - const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); - if (seen.has(k)) { - return false; - } - seen.add(k); - return true; - }); - } + /** + * Creates a Uint8Array representation of the packet + * + * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. + */ + write() { + const header = this.writeHeader(); + const data = this.getBytes(); - return decryptedSessionKeyPackets.map(packet => ({ - data: packet.sessionKey, - algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm) - })); - } - throw exception || new Error('Session key decryption failed.'); + return util.concat([header, data]); + } + } + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of type key id + * + * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: + * A Key ID is an eight-octet scalar that identifies a key. + * Implementations SHOULD NOT assume that Key IDs are unique. The + * section "Enhanced Key Formats" below describes how Key IDs are + * formed. + */ + class KeyID { + constructor() { + this.bytes = ''; } /** - * Get literal data that is the body of the message - * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + * Parsing method for a key id + * @param {Uint8Array} bytes - Input to read the key id from */ - getLiteralData() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getBytes()) || null; + read(bytes) { + this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); + return this.bytes.length; } /** - * Get filename from literal data packet - * @returns {(String|null)} Filename of literal data packet as string. + * Serializes the Key ID + * @returns {Uint8Array} Key ID as a Uint8Array. */ - getFilename() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getFilename()) || null; + write() { + return util.stringToUint8Array(this.bytes); } /** - * Get literal data as text - * @returns {(String|null)} Literal body of the message interpreted as text. + * Returns the Key ID represented as a hexadecimal string + * @returns {String} Key ID as a hexadecimal string. */ - getText() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - if (literal) { - return literal.getText(); - } - return null; + toHex() { + return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); } /** - * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. - * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for - * @param {Date} [date] - Date to select algorithm preferences at - * @param {Array} [userIDs] - User IDs to select algorithm preferences for - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. - * @async + * Checks equality of Key ID's + * @param {KeyID} keyID + * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard */ - static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { - const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config$1); - const algorithmName = enums.read(enums.symmetric, algo); - const aeadAlgorithmName = config$1.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config$1) ? - enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config$1)) : - undefined; - - await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() - .catch(() => null) // ignore key strength requirements - .then(maybeKey => { - if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { - throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); - } - }) - )); + equals(keyID, matchWildcard = false) { + return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; + } - const sessionKeyData = mod.generateSessionKey(algo); - return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName }; + /** + * Checks to see if the Key ID is unset + * @returns {Boolean} True if the Key ID is null. + */ + isNull() { + return this.bytes === ''; } /** - * Encrypt the message either with public keys, passwords, or both at once. - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - Password(s) for message encryption - * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] - * @param {Date} [date] - Override the creation date of the literal package - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async + * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) + * @returns {Boolean} True if this is a wildcard Key ID. */ - async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - if (sessionKey) { - if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { - throw new Error('Invalid session key for encryption.'); - } - } else if (encryptionKeys && encryptionKeys.length) { - sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); - } else if (passwords && passwords.length) { - sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); - } else { - throw new Error('No keys, passwords, or session key provided.'); - } + isWildcard() { + return /^0+$/.test(this.toHex()); + } - const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; + static mapToHex(keyID) { + return keyID.toHex(); + } - const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); + static fromID(hex) { + const keyID = new KeyID(); + keyID.read(util.hexToUint8Array(hex)); + return keyID; + } - let symEncryptedPacket; - if (aeadAlgorithmName) { - symEncryptedPacket = new AEADEncryptedDataPacket(); - symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName); - } else { - symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket(); - } - symEncryptedPacket.packets = this.packets; + static wildcard() { + const keyID = new KeyID(); + keyID.read(new Uint8Array(8)); + return keyID; + } + } - const algorithm = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - msg.packets.push(symEncryptedPacket); - symEncryptedPacket.packets = new PacketList(); // remove packets after encryption - return msg; - } - /** - * Encrypt a session key either with public keys, passwords, or both at once. - * @param {Uint8Array} sessionKey - session key for encryption - * @param {String} algorithmName - session key algorithm - * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - For message encryption - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [date] - Override the date - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async - */ - static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - const packetlist = new PacketList(); - const algorithm = enums.write(enums.symmetric, algorithmName); - const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); + // Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. + const verified = Symbol('verified'); - if (encryptionKeys) { - const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { - const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket(); - pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID(); - pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm; - pkESKeyPacket.sessionKey = sessionKey; - pkESKeyPacket.sessionKeyAlgorithm = algorithm; - await pkESKeyPacket.encrypt(encryptionKey.keyPacket); - delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption - return pkESKeyPacket; - })); - packetlist.push(...results); - } - if (passwords) { - const testDecrypt = async function(keyPacket, password) { - try { - await keyPacket.decrypt(password); - return 1; - } catch (e) { - return 0; - } - }; + // A salt notation is used to randomize signatures. + // This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks + // leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170). + // For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g. + // some chosen-prefix attacks. + // v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt. + const SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org'; - const sum = (accumulator, currentValue) => accumulator + currentValue; + // GPG puts the Issuer and Signature subpackets in the unhashed area. + // Tampering with those invalidates the signature, so we still trust them and parse them. + // All other unhashed subpackets are ignored. + const allowedUnhashedSubpackets = new Set([ + enums.signatureSubpacket.issuerKeyID, + enums.signatureSubpacket.issuerFingerprint, + enums.signatureSubpacket.embeddedSignature + ]); - const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { - const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); - symEncryptedSessionKeyPacket.sessionKey = sessionKey; - symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; - if (aeadAlgorithm) { - symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; - } - await symEncryptedSessionKeyPacket.encrypt(password, config$1); + /** + * Implementation of the Signature Packet (Tag 2) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: + * A Signature packet describes a binding between some public key and + * some data. The most common signatures are a signature of a file or a + * block of text, and a signature that is a certification of a User ID. + */ + class SignaturePacket { + static get tag() { + return enums.packet.signature; + } - if (config$1.passwordCollisionCheck) { - const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); - if (results.reduce(sum) !== 1) { - return encryptPassword(sessionKey, algorithm, password); - } - } + constructor() { + this.version = null; + /** @type {enums.signature} */ + this.signatureType = null; + /** @type {enums.hash} */ + this.hashAlgorithm = null; + /** @type {enums.publicKey} */ + this.publicKeyAlgorithm = null; - delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption - return symEncryptedSessionKeyPacket; - }; + this.signatureData = null; + this.unhashedSubpackets = []; + this.unknownSubpackets = []; + this.signedHashValue = null; + this.salt = null; - const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd))); - packetlist.push(...results); - } + this.created = null; + this.signatureExpirationTime = null; + this.signatureNeverExpires = true; + this.exportable = null; + this.trustLevel = null; + this.trustAmount = null; + this.regularExpression = null; + this.revocable = null; + this.keyExpirationTime = null; + this.keyNeverExpires = null; + this.preferredSymmetricAlgorithms = null; + this.revocationKeyClass = null; + this.revocationKeyAlgorithm = null; + this.revocationKeyFingerprint = null; + this.issuerKeyID = new KeyID(); + this.rawNotations = []; + this.notations = {}; + this.preferredHashAlgorithms = null; + this.preferredCompressionAlgorithms = null; + this.keyServerPreferences = null; + this.preferredKeyServer = null; + this.isPrimaryUserID = null; + this.policyURI = null; + this.keyFlags = null; + this.signersUserID = null; + this.reasonForRevocationFlag = null; + this.reasonForRevocationString = null; + this.features = null; + this.signatureTargetPublicKeyAlgorithm = null; + this.signatureTargetHashAlgorithm = null; + this.signatureTargetHash = null; + this.embeddedSignature = null; + this.issuerKeyVersion = null; + this.issuerFingerprint = null; + this.preferredAEADAlgorithms = null; + this.preferredCipherSuites = null; - return new Message(packetlist); + this.revoked = null; + this[verified] = null; } /** - * Sign the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to add to the message - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with signed content. - * @async + * parsing function for a signature packet (tag 2). + * @param {String} bytes - Payload of a tag 2 packet + * @returns {SignaturePacket} Object representation. */ - async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const packetlist = new PacketList(); + read(bytes, config$1 = config) { + let i = 0; + this.version = bytes[i++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); } - let i; - let existingSigPacketlist; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; + this.signatureType = bytes[i++]; + this.publicKeyAlgorithm = bytes[i++]; + this.hashAlgorithm = bytes[i++]; - if (signature) { - existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - for (i = existingSigPacketlist.length - 1; i >= 0; i--) { - const signaturePacket = existingSigPacketlist[i]; - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signaturePacket.signatureType; - onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; - onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; - onePassSig.issuerKeyID = signaturePacket.issuerKeyID; - if (!signingKeys.length && i === 0) { - onePassSig.flags = 1; - } - packetlist.push(onePassSig); - } + // hashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), true); + if (!this.created) { + throw new Error('Missing signature creation time subpacket.'); } - await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; - const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config$1); - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signatureType; - onePassSig.hashAlgorithm = await getPreferredHashAlgo$2(primaryKey, signingKey.keyPacket, date, userIDs, config$1); - onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm; - onePassSig.issuerKeyID = signingKey.getKeyID(); - if (i === signingKeys.length - 1) { - onePassSig.flags = 1; - } - return onePassSig; - })).then(onePassSignatureList => { - onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig)); - }); + // A V4 signature hashes the packet body + // starting from its first field, the version number, through the end + // of the hashed subpacket data. Thus, the fields hashed are the + // signature version, the signature type, the public-key algorithm, the + // hash algorithm, the hashed subpacket length, and the hashed + // subpacket body. + this.signatureData = bytes.subarray(0, i); - packetlist.push(literalDataPacket); - packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config$1))); + // unhashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - return new Message(packetlist); + // Two-octet field holding left 16 bits of signed hash value. + this.signedHashValue = bytes.subarray(i, i + 2); + i += 2; + + // Only for v6 signatures, a variable-length field containing: + if (this.version === 6) { + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[i++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(i, i + saltLength); + i += saltLength; + } + + const signatureMaterial = bytes.subarray(i, bytes.length); + const { read, signatureParams } = mod$1.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial); + if (read < signatureMaterial.length) { + throw new Error('Error reading MPIs'); + } + this.params = signatureParams; } /** - * Compresses the message (the literal and -if signed- signature data packets of the message) - * @param {module:enums.compression} algo - compression algorithm - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Message} New message with compressed content. + * @returns {Uint8Array | ReadableStream} */ - compress(algo, config$1 = config) { - if (algo === enums.compression.uncompressed) { - return this; + writeParams() { + if (this.params instanceof Promise) { + return fromAsync( + async () => mod$1.serializeParams(this.publicKeyAlgorithm, await this.params) + ); } + return mod$1.serializeParams(this.publicKeyAlgorithm, this.params); + } - const compressed = new CompressedDataPacket(config$1); - compressed.algorithm = algo; - compressed.packets = this.packets; - - const packetList = new PacketList(); - packetList.push(compressed); - - return new Message(packetList); + write() { + const arr = []; + arr.push(this.signatureData); + arr.push(this.writeUnhashedSubPackets()); + arr.push(this.signedHashValue); + if (this.version === 6) { + arr.push(new Uint8Array([this.salt.length])); + arr.push(this.salt); + } + arr.push(this.writeParams()); + return util.concat(arr); } /** - * Create a detached signature for the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New detached signature of message content. + * Signs provided data. This needs to be done prior to serialization. + * @param {SecretKeyPacket} key - Private key used to sign the message. + * @param {Object} data - Contains packets to be signed. + * @param {Date} [date] - The signature creation time. + * @param {Boolean} [detached] - Whether to create a detached signature + * @throws {Error} if signing failed * @async */ - async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); + async sign(key, data, date = new Date(), detached = false, config) { + this.version = key.version; + + this.created = util.normalizeDate(date); + this.issuerKeyVersion = key.version; + this.issuerFingerprint = key.getFingerprintBytes(); + this.issuerKeyID = key.getKeyID(); + + const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; + + // add randomness to the signature + if (this.version === 6) { + const saltLength = saltLengthForHash(this.hashAlgorithm); + if (this.salt === null) { + this.salt = mod$1.random.getRandomBytes(saltLength); + } else if (saltLength !== this.salt.length) { + throw new Error('Provided salt does not have the required length'); + } + } else if (config.nonDeterministicSignaturesViaNotation) { + const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME)); + // since re-signing the same object is not supported, it's not expected to have multiple salt notations, + // but we guard against it as a sanity check + if (saltNotations.length === 0) { + const saltValue = mod$1.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm)); + this.rawNotations.push({ + name: SALT_NOTATION_NAME, + value: saltValue, + humanReadable: false, + critical: false + }); + } else { + throw new Error('Unexpected existing salt notation'); + } + } + + // Add hashed subpackets + arr.push(this.writeHashedSubPackets()); + + // Remove unhashed subpackets, in case some allowed unhashed + // subpackets existed, in order not to duplicate them (in both + // the hashed and unhashed subpackets) when re-signing. + this.unhashedSubpackets = []; + + this.signatureData = util.concat(arr); + + const toHash = this.toHash(this.signatureType, data, detached); + const hash = await this.hash(this.signatureType, data, toHash, detached); + + this.signedHashValue = slice(clone(hash), 0, 2); + const signed = async () => mod$1.signature.sign( + this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) + ); + if (util.isStream(hash)) { + this.params = signed(); + } else { + this.params = await signed(); + + // Store the fact that this signature is valid, e.g. for when we call `await + // getLatestValidSignature(this.revocationSignatures, key, data)` later. + // Note that this only holds up if the key and data passed to verify are the + // same as the ones passed to sign. + this[verified] = true; } - return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); } /** - * Verify message signatures - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signatures. - * @async + * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets + * @returns {Uint8Array} Subpacket data. */ - async verify(verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); + writeHashedSubPackets() { + const sub = enums.signatureSubpacket; + const arr = []; + let bytes; + if (this.created === null) { + throw new Error('Missing signature creation time'); + } + arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); + if (this.signatureExpirationTime !== null) { + arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); + } + if (this.exportable !== null) { + arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); + } + if (this.trustLevel !== null) { + bytes = new Uint8Array([this.trustLevel, this.trustAmount]); + arr.push(writeSubPacket(sub.trustSignature, true, bytes)); + } + if (this.regularExpression !== null) { + arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); + } + if (this.revocable !== null) { + arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); + } + if (this.keyExpirationTime !== null) { + arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); + } + if (this.preferredSymmetricAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); + arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); + } + if (this.revocationKeyClass !== null) { + bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); + bytes = util.concat([bytes, this.revocationKeyFingerprint]); + arr.push(writeSubPacket(sub.revocationKey, false, bytes)); + } + if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) { + // If the version of [the] key is greater than 4, this subpacket + // MUST NOT be included in the signature. + arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write())); + } + this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { + bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; + const encodedName = util.encodeUTF8(name); + // 2 octets of name length + bytes.push(util.writeNumber(encodedName.length, 2)); + // 2 octets of value length + bytes.push(util.writeNumber(value.length, 2)); + bytes.push(encodedName); + bytes.push(value); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.notationData, critical, bytes)); + }); + if (this.preferredHashAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); + arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); + } + if (this.preferredCompressionAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); + arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); + } + if (this.keyServerPreferences !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); + arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); + } + if (this.preferredKeyServer !== null) { + arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); + } + if (this.isPrimaryUserID !== null) { + arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); + } + if (this.policyURI !== null) { + arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); + } + if (this.keyFlags !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); + arr.push(writeSubPacket(sub.keyFlags, true, bytes)); + } + if (this.signersUserID !== null) { + arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); + } + if (this.reasonForRevocationFlag !== null) { + bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); + arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); } - if (isArrayStream(msg.packets.stream)) { - msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + if (this.features !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); + arr.push(writeSubPacket(sub.features, false, bytes)); } - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); - const signatureList = msg.packets.filterByTag(enums.packet.signature); - if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { - await Promise.all(onePassSigList.map(async onePassSig => { - onePassSig.correspondingSig = new Promise((resolve, reject) => { - onePassSig.correspondingSigResolve = resolve; - onePassSig.correspondingSigReject = reject; - }); - onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); - onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); - onePassSig.hashed.catch(() => {}); - })); - msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { - const reader = getReader(readable); - const writer = getWriter(writable); - try { - for (let i = 0; i < onePassSigList.length; i++) { - const { value: signature } = await reader.read(); - onePassSigList[i].correspondingSigResolve(signature); - } - await reader.readToEnd(); - await writer.ready; - await writer.close(); - } catch (e) { - onePassSigList.forEach(onePassSig => { - onePassSig.correspondingSigReject(e); - }); - await writer.abort(e); - } - }); - return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + if (this.signatureTargetPublicKeyAlgorithm !== null) { + bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; + bytes.push(util.stringToUint8Array(this.signatureTargetHash)); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); } - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); - } - - /** - * Verify detached message signature - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Signature} signature - * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); + if (this.embeddedSignature !== null) { + arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); } - const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); - } - - /** - * Unwrap compressed message - * @returns {Message} Message Content of compressed message. - */ - unwrapCompressed() { - const compressed = this.packets.filterByTag(enums.packet.compressedData); - if (compressed.length) { - return new Message(compressed[0].packets); + if (this.issuerFingerprint !== null) { + bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes)); + } + if (this.preferredAEADAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); + arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); + } + if (this.preferredCipherSuites !== null) { + bytes = new Uint8Array([].concat(...this.preferredCipherSuites)); + arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes)); } - return this; - } - /** - * Append signature to unencrypted message object - * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async appendSignature(detachedSignature, config$1 = config) { - await this.packets.read( - util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, - allowedDetachedSignaturePackets, - config$1 - ); - } + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); - /** - * Returns binary encoded message - * @returns {ReadableStream} Binary message. - */ - write() { - return this.packets.write(); + return util.concat([length, result]); } /** - * Returns ASCII armored text of message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. + * Creates an Uint8Array containing the unhashed subpackets + * @returns {Uint8Array} Subpacket data. */ - armor(config$1 = config) { - return armor(enums.armor.message, this.write(), null, null, null, config$1); + writeUnhashedSubPackets() { + const arr = this.unhashedSubpackets.map(({ type, critical, body }) => { + return writeSubPacket(type, critical, body); + }); + + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); + + return util.concat([length, result]); } - } - /** - * Create signature packets for the message - * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign - * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to append - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creationtime of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Boolean} [detached] - Whether to create detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} List of signature packets. - * @async - * @private - */ - async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config$1 = config) { - const packetlist = new PacketList(); + // Signature subpackets + readSubPacket(bytes, hashed = true) { + let mypos = 0; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; + // The leftmost bit denotes a "critical" packet + const critical = !!(bytes[mypos] & 0x80); + const type = bytes[mypos] & 0x7F; - await Promise.all(signingKeys.map(async (primaryKey, i) => { - const userID = userIDs[i]; - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); + mypos++; + + if (!hashed) { + this.unhashedSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + if (!allowedUnhashedSubpackets.has(type)) { + return; + } } - const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config$1); - return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config$1); - })).then(signatureList => { - packetlist.push(...signatureList); - }); - if (signature) { - const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - packetlist.push(...existingSigPacketlist); - } - return packetlist; - } + // subpacket type + switch (type) { + case enums.signatureSubpacket.signatureCreationTime: + // Signature Creation Time + this.created = util.readDate(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.signatureExpirationTime: { + // Signature Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - /** - * Create object containing signer's keyID and validity of signature - * @param {SignaturePacket} signature - Signature packet - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Check signature validity with respect to the given date - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * keyID: module:type/keyid~KeyID, - * signature: Promise, - * verified: Promise - * }>} signer's keyID and validity of signature - * @async - * @private - */ - async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - let primaryKey; - let unverifiedSigningKey; + this.signatureNeverExpires = seconds === 0; + this.signatureExpirationTime = seconds; - for (const key of verificationKeys) { - const issuerKeys = key.getKeys(signature.issuerKeyID); - if (issuerKeys.length > 0) { - primaryKey = key; - unverifiedSigningKey = issuerKeys[0]; - break; - } - } + break; + } + case enums.signatureSubpacket.exportableCertification: + // Exportable Certification + this.exportable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.trustSignature: + // Trust Signature + this.trustLevel = bytes[mypos++]; + this.trustAmount = bytes[mypos++]; + break; + case enums.signatureSubpacket.regularExpression: + // Regular Expression + this.regularExpression = bytes[mypos]; + break; + case enums.signatureSubpacket.revocable: + // Revocable + this.revocable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.keyExpirationTime: { + // Key Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); + + this.keyExpirationTime = seconds; + this.keyNeverExpires = seconds === 0; + + break; + } + case enums.signatureSubpacket.preferredSymmetricAlgorithms: + // Preferred Symmetric Algorithms + this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.revocationKey: + // Revocation Key + // (1 octet of class, 1 octet of public-key algorithm ID, 20 + // octets of + // fingerprint) + this.revocationKeyClass = bytes[mypos++]; + this.revocationKeyAlgorithm = bytes[mypos++]; + this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); + break; + + case enums.signatureSubpacket.issuerKeyID: + // Issuer + if (this.version === 4) { + this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + } else if (hashed) { + // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature, + // since the Issuer Fingerprint subpacket is to be used instead. + // The `issuerKeyID` value will be set when reading the issuerFingerprint packet. + // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it, + // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed) + // issuerFingerprint. + // If the packet is hashed, then we reject the signature, to avoid verifying data different from + // what was parsed. + throw new Error('Unexpected Issuer Key ID subpacket'); + } + break; + + case enums.signatureSubpacket.notationData: { + // Notation Data + const humanReadable = !!(bytes[mypos] & 0x80); + + // We extract key/value tuple from the byte stream. + mypos += 4; + const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; - const isOnePassSignature = signature instanceof OnePassSignaturePacket; - const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; + const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); + const value = bytes.subarray(mypos + m, mypos + m + n); - const verifiedSig = { - keyID: signature.issuerKeyID, - verified: (async () => { - if (!unverifiedSigningKey) { - throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + this.rawNotations.push({ name, humanReadable, value, critical }); + + if (humanReadable) { + this.notations[name] = util.decodeUTF8(value); + } + break; } + case enums.signatureSubpacket.preferredHashAlgorithms: + // Preferred Hash Algorithms + this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCompressionAlgorithms: + // Preferred Compression Algorithms + this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.keyServerPreferences: + // Key Server Preferences + this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredKeyServer: + // Preferred Key Server + this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.primaryUserID: + // Primary User ID + this.isPrimaryUserID = bytes[mypos++] !== 0; + break; + case enums.signatureSubpacket.policyURI: + // Policy URI + this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.keyFlags: + // Key Flags + this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signersUserID: + // Signer's User ID + this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.reasonForRevocation: + // Reason for Revocation + this.reasonForRevocationFlag = bytes[mypos++]; + this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.features: + // Features + this.features = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signatureTarget: { + // Signature Target + // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) + this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; + this.signatureTargetHashAlgorithm = bytes[mypos++]; - await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); - const signaturePacket = await signaturePacketPromise; - if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { - throw new Error('Key is newer than the signature'); + const len = mod$1.getHashByteLength(this.signatureTargetHashAlgorithm); + + this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); + break; } - // We pass the signature creation time to check whether the key was expired at the time of signing. - // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before - try { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); - } catch (e) { - // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, - // making the key invalid at the time of signing. - // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. - // Note: we do not support the edge case of a key that was reformatted and it has expired. - if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + case enums.signatureSubpacket.embeddedSignature: + // Embedded Signature + this.embeddedSignature = new SignaturePacket(); + this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.issuerFingerprint: + // Issuer Fingerprint + this.issuerKeyVersion = bytes[mypos++]; + this.issuerFingerprint = bytes.subarray(mypos, bytes.length); + if (this.issuerKeyVersion >= 5) { + this.issuerKeyID.read(this.issuerFingerprint); } else { - throw e; + this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); } - } - return true; - })(), - signature: (async () => { - const signaturePacket = await signaturePacketPromise; - const packetlist = new PacketList(); - signaturePacket && packetlist.push(signaturePacket); - return new Signature(packetlist); - })() - }; + break; + case enums.signatureSubpacket.preferredAEADAlgorithms: + // Preferred AEAD Algorithms + this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCipherSuites: + // Preferred AEAD Cipher Suites + this.preferredCipherSuites = []; + for (let i = mypos; i < bytes.length; i += 2) { + this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); + } + break; + default: + this.unknownSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + break; + } + } - // Mark potential promise rejections as "handled". This is needed because in - // some cases, we reject them before the user has a reasonable chance to - // handle them (e.g. `await readToEnd(result.data); await result.verified` and - // the data stream errors). - verifiedSig.signature.catch(() => {}); - verifiedSig.verified.catch(() => {}); + readSubPackets(bytes, trusted = true, config) { + const subpacketLengthBytes = this.version === 6 ? 4 : 2; - return verifiedSig; - } + // Two-octet scalar octet count for following subpacket data. + const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes)); - /** - * Create list of objects containing signer's keyID and validity of signature - * @param {Array} signatureList - Array of signature packets - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} date - Verify the signature against the given date, - * i.e. check signature creation time < date < expiration time - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) - * @async - * @private - */ - async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - return Promise.all(signatureList.filter(function(signature) { - return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); - }).map(async function(signature) { - return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); - })); - } + let i = subpacketLengthBytes; - /** - * Reads an (optionally armored) OpenPGP message and returns a Message object - * @param {Object} options - * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed - * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New message object. - * @async - * @static - */ - async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredMessage || binaryMessage; - if (!input) { - throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); - } - if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { - throw new Error('readMessage: options.armoredMessage must be a string or stream'); - } - if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { - throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // subpacket data set (zero or more subpackets) + while (i < 2 + subpacketLength) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - if (armoredMessage) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.message) { - throw new Error('Armored text not of type message'); + this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); + + i += len.len; } - input = data; - } - const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); - const message = new Message(packetlist); - message.fromStream = streamType; - return message; - } - /** - * Creates new message object from text or binary data. - * @param {Object} options - * @param {String | ReadableStream} [options.text] - The text message contents - * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents - * @param {String} [options.filename=""] - Name of the file (if any) - * @param {Date} [options.date=current date] - Date of the message, or modification date of the file - * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type - * @returns {Promise} New message object. - * @async - * @static - */ - async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { - let input = text !== undefined ? text : binary; - if (input === undefined) { - throw new Error('createMessage: must pass options object containing `text` or `binary`'); - } - if (text && !util.isString(text) && !util.isStream(text)) { - throw new Error('createMessage: options.text must be a string or stream'); - } - if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { - throw new Error('createMessage: options.binary must be a Uint8Array or stream'); + return i; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - const literalDataPacket = new LiteralDataPacket(date); - if (text !== undefined) { - literalDataPacket.setText(input, enums.write(enums.literal, format)); - } else { - literalDataPacket.setBytes(input, enums.write(enums.literal, format)); - } - if (filename !== undefined) { - literalDataPacket.setFilename(filename); - } - const literalDataPacketlist = new PacketList(); - literalDataPacketlist.push(literalDataPacket); - const message = new Message(literalDataPacketlist); - message.fromStream = streamType; - return message; - } + // Produces data to produce signature on + toSign(type, data) { + const t = enums.signature; + + switch (type) { + case t.binary: + if (data.text !== null) { + return util.encodeUTF8(data.getText(true)); + } + return data.getBytes(true); + + case t.text: { + const bytes = data.getBytes(true); + // normalize EOL to \r\n + return util.canonicalizeEOL(bytes); + } + case t.standalone: + return new Uint8Array(0); + + case t.certGeneric: + case t.certPersona: + case t.certCasual: + case t.certPositive: + case t.certRevocation: { + let packet; + let tag; - // GPG4Browsers - An OpenPGP implementation in javascript + if (data.userID) { + tag = 0xB4; + packet = data.userID; + } else if (data.userAttribute) { + tag = 0xD1; + packet = data.userAttribute; + } else { + throw new Error('Either a userID or userAttribute packet needs to be ' + + 'supplied for certification.'); + } - // A Cleartext message can contain the following packets - const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + const bytes = packet.write(); - /** - * Class that represents an OpenPGP cleartext signed message. - * See {@link https://tools.ietf.org/html/rfc4880#section-7} - */ - class CleartextMessage { - /** - * @param {String} text - The cleartext of the signed message - * @param {Signature} signature - The detached signature or an empty signature for unsigned messages - */ - constructor(text, signature) { - // remove trailing whitespace and normalize EOL to canonical form - this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); - if (signature && !(signature instanceof Signature)) { - throw new Error('Invalid signature input'); + return util.concat([this.toSign(t.key, data), + new Uint8Array([tag]), + util.writeNumber(bytes.length, 4), + bytes]); + } + case t.subkeyBinding: + case t.subkeyRevocation: + case t.keyBinding: + return util.concat([this.toSign(t.key, data), this.toSign(t.key, { + key: data.bind + })]); + + case t.key: + if (data.key === undefined) { + throw new Error('Key packet is required for this signature.'); + } + return data.key.writeForHash(this.version); + + case t.keyRevocation: + return this.toSign(t.key, data); + case t.timestamp: + return new Uint8Array(0); + case t.thirdParty: + throw new Error('Not implemented'); + default: + throw new Error('Unknown signature type.'); } - this.signature = signature || new Signature(new PacketList()); } - /** - * Returns the key IDs of the keys that signed the cleartext message - * @returns {Array} Array of keyID objects. - */ - getSigningKeyIDs() { - const keyIDs = []; - const signatureList = this.signature.packets; - signatureList.forEach(function(packet) { - keyIDs.push(packet.issuerKeyID); + calculateTrailer(data, detached) { + let length = 0; + return transform(clone(this.signatureData), value => { + length += value.length; + }, () => { + const arr = []; + if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { + if (detached) { + arr.push(new Uint8Array(6)); + } else { + arr.push(data.writeHeader()); + } + } + arr.push(new Uint8Array([this.version, 0xFF])); + if (this.version === 5) { + arr.push(new Uint8Array(4)); + } + arr.push(util.writeNumber(length, 4)); + // For v5, this should really be writeNumber(length, 8) rather than the + // hardcoded 4 zero bytes above + return util.concat(arr); }); - return keyIDs; } - /** - * Sign the cleartext message - * @param {Array} privateKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] - * @param {Date} [date] - The creation time of the signature that should be created - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New cleartext message with signed content. - * @async - */ - async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = new LiteralDataPacket(); - literalDataPacket.setText(this.text); - const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - return new CleartextMessage(this.text, newSignature); - } + toHash(signatureType, data, detached = false) { + const bytes = this.toSign(signatureType, data); - /** - * Verify signatures of cleartext signed message - * @param {Array} keys - Array of keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verify(keys, date = new Date(), config$1 = config) { - const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - const literalDataPacket = new LiteralDataPacket(); - // we assume that cleartext signature is generated based on UTF8 cleartext - literalDataPacket.setText(this.text); - return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]); } - /** - * Get cleartext - * @returns {String} Cleartext of message. - */ - getText() { - // normalize end of line to \n - return this.text.replace(/\r\n/g, '\n'); + async hash(signatureType, data, toHash, detached = false) { + if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) { + // avoid hashing unexpected salt size + throw new Error('Signature salt does not have the expected length'); + } + + if (!toHash) toHash = this.toHash(signatureType, data, detached); + return mod$1.hash.digest(this.hashAlgorithm, toHash); } /** - * Returns ASCII armored text of cleartext signed message + * verifies the signature packet. Note: not all signature types are implemented + * @param {PublicSubkeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature + * @param {module:enums.signature} signatureType - Expected signature type + * @param {Uint8Array|Object} data - Data which on the signature applies + * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration + * @param {Boolean} [detached] - Whether to verify a detached signature * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {String | ReadableStream} ASCII armor. + * @throws {Error} if signature validation failed + * @async */ - armor(config$1 = config) { - let hashes = this.signature.packets.map(function(packet) { - return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase(); - }); - hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; }); - const body = { - hash: hashes.join(), - text: this.text, - data: this.signature.packets.write() - }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config$1); - } - } + async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { + if (!this.issuerKeyID.equals(key.getKeyID())) { + throw new Error('Signature was not issued by the given public key'); + } + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); + } - /** - * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object - * @param {Object} options - * @param {String} options.cleartextMessage - Text to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New cleartext message object. - * @async - * @static - */ - async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!cleartextMessage) { - throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); - } - if (!util.isString(cleartextMessage)) { - throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; + // Cryptographic validity is cached after one successful verification. + // However, for message signatures, we always re-verify, since the passed `data` can change + const skipVerify = this[verified] && !isMessageSignature; + if (!skipVerify) { + let toHash; + let hash; + if (this.hashed) { + hash = await this.hashed; + } else { + toHash = this.toHash(signatureType, data, detached); + hash = await this.hash(signatureType, data, toHash); + } + hash = await readToEnd(hash); + if (this.signedHashValue[0] !== hash[0] || + this.signedHashValue[1] !== hash[1]) { + throw new Error('Signed digest did not match'); + } - const input = await unarmor(cleartextMessage); - if (input.type !== enums.armor.signed) { - throw new Error('No cleartext signed message.'); - } - const packetlist = await PacketList.fromBinary(input.data, allowedPackets$5, config$1); - verifyHeaders$1(input.headers, packetlist); - const signature = new Signature(packetlist); - return new CleartextMessage(input.text, signature); - } + this.params = await this.params; - /** - * Compare hash algorithm specified in the armor header with signatures - * @param {Array} headers - Armor headers - * @param {PacketList} packetlist - The packetlist with signature packets - * @private - */ - function verifyHeaders$1(headers, packetlist) { - const checkHashAlgos = function(hashAlgos) { - const check = packet => algo => packet.hashAlgorithm === algo; + this[verified] = await mod$1.signature.verify( + this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, + toHash, hash + ); - for (let i = 0; i < packetlist.length; i++) { - if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { - return false; + if (!this[verified]) { + throw new Error('Signature verification failed'); } } - return true; - }; - let oneHeader = null; - let hashAlgos = []; - headers.forEach(function(header) { - oneHeader = header.match(/^Hash: (.+)$/); // get header value - if (oneHeader) { - oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace - oneHeader = oneHeader.split(','); - oneHeader = oneHeader.map(function(hash) { - hash = hash.toLowerCase(); - try { - return enums.write(enums.hash, hash); - } catch (e) { - throw new Error('Unknown hash algorithm in armor header: ' + hash); - } - }); - hashAlgos = hashAlgos.concat(oneHeader); - } else { - throw new Error('Only "Hash" header allowed in cleartext signed message'); + const normDate = util.normalizeDate(date); + if (normDate && this.created > normDate) { + throw new Error('Signature creation time is in the future'); + } + if (normDate && normDate >= this.getExpirationTime()) { + throw new Error('Signature is expired'); + } + if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { + throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && + [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { + throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + this.unknownSubpackets.forEach(({ type, critical }) => { + if (critical) { + throw new Error(`Unknown critical signature subpacket type ${type}`); + } + }); + this.rawNotations.forEach(({ name, critical }) => { + if (critical && (config$1.knownNotations.indexOf(name) < 0)) { + throw new Error(`Unknown critical notation: ${name}`); + } + }); + if (this.revocationKeyClass !== null) { + throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); + } + } + + /** + * Verifies signature expiration date + * @param {Date} [date] - Use the given date for verification instead of the current time + * @returns {Boolean} True if expired. + */ + isExpired(date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + return !(this.created <= normDate && normDate < this.getExpirationTime()); } - }); + return false; + } - if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { - throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); - } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { - throw new Error('Hash algorithm mismatch in armor header and signature'); + /** + * Returns the expiration time of the signature or Infinity if signature does not expire + * @returns {Date | Infinity} Expiration time. + */ + getExpirationTime() { + return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); } } /** - * Creates a new CleartextMessage object from text - * @param {Object} options - * @param {String} options.text - * @static - * @async + * Creates a Uint8Array representation of a sub signature packet + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} + * @param {Integer} type - Subpacket signature type. + * @param {Boolean} critical - Whether the subpacket should be critical. + * @param {String} data - Data to be included + * @returns {Uint8Array} The signature subpacket. + * @private */ - async function createCleartextMessage({ text, ...rest }) { - if (!text) { - throw new Error('createCleartextMessage: must pass options object containing `text`'); - } - if (!util.isString(text)) { - throw new Error('createCleartextMessage: options.text must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - return new CleartextMessage(text); + function writeSubPacket(type, critical, data) { + const arr = []; + arr.push(writeSimpleLength(data.length + 1)); + arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); + arr.push(data); + return util.concat(arr); } - // OpenPGP.js - An OpenPGP implementation in javascript - + /** + * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. + * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5} + * @param {enums.hash} hashAlgorithm - Hash algorithm. + * @returns {Integer} Salt length. + * @private + */ + function saltLengthForHash(hashAlgorithm) { + switch (hashAlgorithm) { + case enums.hash.sha256: return 16; + case enums.hash.sha384: return 24; + case enums.hash.sha512: return 32; + case enums.hash.sha224: return 16; + case enums.hash.sha3_256: return 16; + case enums.hash.sha3_512: return 32; + default: throw new Error('Unsupported hash function'); + } + } - ////////////////////// - // // - // Key handling // - // // - ////////////////////// + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** - * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. - * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. - * @param {Object} options - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys - * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: - * curve25519 (default), p256, p384, p521, secp256k1, - * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 - * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` - * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static + * Implementation of the One-Pass Signature Packets (Tag 4) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: + * The One-Pass Signature packet precedes the signed data and contains + * enough information to allow the receiver to begin calculating any + * hashes needed to verify the signature. It allows the Signature + * packet to be placed at the end of the message, so that the signer + * can compute the entire signed message in one pass. */ - async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key generation'); - } - if (type === 'rsa' && rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + class OnePassSignaturePacket { + static get tag() { + return enums.packet.onePassSignature; } - const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; - - try { - const { key, revocationCertificate } = await generate$4(options, config$1); - key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); + static fromSignaturePacket(signaturePacket, isLast) { + const onePassSig = new OnePassSignaturePacket(); + onePassSig.version = signaturePacket.version === 6 ? 6 : 3; + onePassSig.signatureType = signaturePacket.signatureType; + onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; + onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; + onePassSig.issuerKeyID = signaturePacket.issuerKeyID; + onePassSig.salt = signaturePacket.salt; // v6 only + onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only - return { - privateKey: formatObject(key, format, config$1), - publicKey: formatObject(key.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error generating keypair', err); + onePassSig.flags = isLast ? 1 : 0; + return onePassSig; } - } - /** - * Reformats signature packets for a key and rewraps key object. - * @param {Object} options - * @param {PrivateKey} options.privateKey - Private key to reformat - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended - * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static - */ - async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + constructor() { + /** A one-octet version number. The current versions are 3 and 6. */ + this.version = null; + /** + * A one-octet signature type. + * Signature types are described in + * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. + * @type {enums.signature} - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key reformat'); + */ + this.signatureType = null; + /** + * A one-octet number describing the hash algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} + * @type {enums.hash} + */ + this.hashAlgorithm = null; + /** + * A one-octet number describing the public-key algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} + * @type {enums.publicKey} + */ + this.publicKeyAlgorithm = null; + /** Only for v6, a variable-length field containing the salt. */ + this.salt = null; + /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */ + this.issuerKeyID = null; + /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */ + this.issuerFingerprint = null; + /** + * A one-octet number holding a flag showing whether the signature is nested. + * A zero value indicates that the next packet is another One-Pass Signature packet + * that describes another signature to be applied to the same message data. + */ + this.flags = null; } - const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - try { - const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); + /** + * parsing function for a one-pass signature packet (tag 4). + * @param {Uint8Array} bytes - Payload of a tag 4 packet + * @returns {OnePassSignaturePacket} Object representation. + */ + read(bytes) { + let mypos = 0; + // A one-octet version number. The current versions are 3 or 6. + this.version = bytes[mypos++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); + } - return { - privateKey: formatObject(reformattedKey, format, config$1), - publicKey: formatObject(reformattedKey.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error reformatting keypair', err); - } - } + // A one-octet signature type. Signature types are described in + // Section 5.2.1. + this.signatureType = bytes[mypos++]; - /** - * Revokes a key. Requires either a private key or a revocation certificate. - * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. - * @param {Object} options - * @param {Key} options.key - Public or private key to revoke - * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with - * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation - * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation - * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The revoked key in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or - * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise - * @async - * @static - */ - async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // A one-octet number describing the hash algorithm used. + this.hashAlgorithm = bytes[mypos++]; - try { - const revokedKey = revocationCertificate ? - await key.applyRevocationCertificate(revocationCertificate, date, config$1) : - await key.revoke(reasonForRevocation, date, config$1); + // A one-octet number describing the public-key algorithm used. + this.publicKeyAlgorithm = bytes[mypos++]; - return revokedKey.isPrivate() ? { - privateKey: formatObject(revokedKey, format, config$1), - publicKey: formatObject(revokedKey.toPublic(), format, config$1) - } : { - privateKey: null, - publicKey: formatObject(revokedKey, format, config$1) - }; - } catch (err) { - throw util.wrapError('Error revoking key', err); - } - } + if (this.version === 6) { + // Only for v6 signatures, a variable-length field containing: - /** - * Unlock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to decrypt - * @param {String|Array} options.passphrase - The user's passphrase(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The unlocked key object. - * @async - */ - async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[mypos++]; - if (!privateKey.isPrivate()) { - throw new Error('Cannot decrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); - const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(mypos, mypos + saltLength); + mypos += saltLength; - try { - await Promise.all(clonedPrivateKey.getKeys().map(key => ( - // try to decrypt each key with any of the given passphrases - util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) - ))); + // Only for v6 packets, 32 octets of the fingerprint of the signing key. + this.issuerFingerprint = bytes.subarray(mypos, mypos + 32); + mypos += 32; + this.issuerKeyID = new KeyID(); + // For v6 the Key ID is the high-order 64 bits of the fingerprint. + this.issuerKeyID.read(this.issuerFingerprint); + } else { + // Only for v3 packets, an eight-octet number holding the Key ID of the signing key. + this.issuerKeyID = new KeyID(); + this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); + mypos += 8; + } - await clonedPrivateKey.validate(config$1); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error decrypting private key', err); + // A one-octet number holding a flag showing whether the signature + // is nested. A zero value indicates that the next packet is + // another One-Pass Signature packet that describes another + // signature to be applied to the same message data. + this.flags = bytes[mypos++]; + return this; } - } - - /** - * Lock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to encrypt - * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The locked key object. - * @async - */ - async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (!privateKey.isPrivate()) { - throw new Error('Cannot encrypt a public key'); + /** + * creates a string representation of a one-pass signature packet + * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. + */ + write() { + const arr = [new Uint8Array([ + this.version, + this.signatureType, + this.hashAlgorithm, + this.publicKeyAlgorithm + ])]; + if (this.version === 6) { + arr.push( + new Uint8Array([this.salt.length]), + this.salt, + this.issuerFingerprint + ); + } else { + arr.push(this.issuerKeyID.write()); + } + arr.push(new Uint8Array([this.flags])); + return util.concatUint8Array(arr); } - const clonedPrivateKey = privateKey.clone(true); - const keys = clonedPrivateKey.getKeys(); - const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); - if (passphrases.length !== keys.length) { - throw new Error('Invalid number of passphrases given for key encryption'); + calculateTrailer(...args) { + return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); } - try { - await Promise.all(keys.map(async (key, i) => { - const { keyPacket } = key; - await keyPacket.encrypt(passphrases[i], config$1); - keyPacket.clearPrivateParams(); - })); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error encrypting private key', err); + async verify() { + const correspondingSig = await this.correspondingSig; + if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { + throw new Error('Corresponding signature packet missing'); + } + if ( + correspondingSig.signatureType !== this.signatureType || + correspondingSig.hashAlgorithm !== this.hashAlgorithm || + correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || + !correspondingSig.issuerKeyID.equals(this.issuerKeyID) || + (this.version === 3 && correspondingSig.version === 6) || + (this.version === 6 && correspondingSig.version !== 6) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt)) + ) { + throw new Error('Corresponding signature packet does not match one-pass signature packet'); + } + correspondingSig.hashed = this.hashed; + return correspondingSig.verify.apply(correspondingSig, arguments); } } - - /////////////////////////////////////////// - // // - // Message encryption and decryption // - // // - /////////////////////////////////////////// - + OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; + OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; + OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; /** - * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` - * must be specified. If signing keys are specified, those will be used to sign the message. - * @param {Object} options - * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message - * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed - * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message - * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Signature} [options.signature] - A detached signature to add to the encrypted message - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` - * @param {Date} [options.date=current date] - Override the creation date of the message signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static + * Instantiate a new packet given its tag + * @function newPacketFromTag + * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @returns {Object} New packet object with type based on tag + * @throws {Error|UnsupportedError} for disallowed or unknown packets */ - async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); signingKeys = toArray$1(signingKeys); passwords = toArray$1(passwords); - signingKeyIDs = toArray$1(signingKeyIDs); encryptionKeyIDs = toArray$1(encryptionKeyIDs); signingUserIDs = toArray$1(signingUserIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); signatureNotations = toArray$1(signatureNotations); - if (rest.detached) { - throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); - } - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (!signingKeys) { - signingKeys = []; - } - const streaming = message.fromStream; - try { - if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified - message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); + function newPacketFromTag(tag, allowedPackets) { + if (!allowedPackets[tag]) { + // distinguish between disallowed packets and unknown ones + let packetType; + try { + packetType = enums.read(enums.packet, tag); + } catch (e) { + throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`); } - message = message.compress( - await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config$1), - config$1 - ); - message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - if (format === 'object') return message; - // serialize data - const armor = format === 'armored'; - const data = armor ? message.armor(config$1) : message.write(); - return convertStream(data, streaming, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error encrypting message', err); + throw new Error(`Packet not allowed in this context: ${packetType}`); } + return new allowedPackets[tag](); } /** - * Decrypts a message with the user's private key, a session key or a password. - * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). - * @param {Object} options - * @param {Message} options.message - The message object with the encrypted data - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key - * @param {String|String[]} [options.passwords] - Passwords to decrypt the message - * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } - * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing decrypted and verified message in the form: - * - * { - * data: MaybeStream, (if format was 'utf8', the default) - * data: MaybeStream, (if format was 'binary') - * filename: String, - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static + * This class represents a list of openpgp packets. + * Take care when iterating over it - the packets themselves + * are stored as numerical indices. + * @extends Array */ - async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); verificationKeys = toArray$1(verificationKeys); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); sessionKeys = toArray$1(sessionKeys); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + class PacketList extends Array { + /** + * Parses the given binary data and returns a list of packets. + * Equivalent to calling `read` on an empty PacketList instance. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @returns {PacketList} parsed list of packets + * @throws on parsing errors + * @async + */ + static async fromBinary(bytes, allowedPackets, config$1 = config) { + const packets = new PacketList(); + await packets.read(bytes, allowedPackets, config$1); + return packets; + } - try { - const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); - if (!verificationKeys) { - verificationKeys = []; + /** + * Reads a stream of binary data and interprets it as a list of packets. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @throws on parsing errors + * @async + */ + async read(bytes, allowedPackets, config$1 = config) { + if (config$1.additionalAllowedPackets.length) { + allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; } + this.stream = transformPair(bytes, async (readable, writable) => { + const writer = getWriter(writable); + try { + while (true) { + await writer.ready; + const done = await readPackets(readable, async parsed => { + try { + if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) { + // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: + // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 + // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 + // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 + return; + } + const packet = newPacketFromTag(parsed.tag, allowedPackets); + packet.packets = new PacketList(); + packet.fromStream = util.isStream(parsed.packet); + await packet.read(parsed.packet, config$1); + await writer.write(packet); + } catch (e) { + // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence, + // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored. + // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical. + if (e instanceof UnknownPacketError) { + if (parsed.tag <= 39) { + await writer.abort(e); + } else { + return; + } + } - const result = {}; - result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); - result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); - result.filename = decrypted.getFilename(); - linkStreams(result, message); - if (expectSigned) { - if (verificationKeys.length === 0) { - throw new Error('Verification keys are required to verify message signatures'); + const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; + const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); + if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { + // The packets that support streaming are the ones that contain message data. + // Those are also the ones we want to be more strict about and throw on parse errors + // (since we likely cannot process the message without these packets anyway). + await writer.abort(e); + } else { + const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); + await writer.write(unparsedPacket); + } + util.printDebugError(e); + } + }); + if (done) { + await writer.ready; + await writer.close(); + return; + } + } + } catch (e) { + await writer.abort(e); + } + }); + + // Wait until first few packets have been read + const reader = getReader(this.stream); + while (true) { + const { done, value } = await reader.read(); + if (!done) { + this.push(value); + } else { + this.stream = null; } - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); + if (done || supportsStreaming(value.constructor.tag)) { + break; } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error decrypting message', err); + reader.releaseLock(); } - } + /** + * Creates a binary representation of openpgp objects contained within the + * class instance. + * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. + */ + write() { + const arr = []; - ////////////////////////////////////////// - // // - // Message signing and verification // - // // - ////////////////////////////////////////// + for (let i = 0; i < this.length; i++) { + const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; + const packetbytes = this[i].write(); + if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { + let buffer = []; + let bufferLength = 0; + const minLength = 512; + arr.push(writeTag(tag)); + arr.push(transform(packetbytes, value => { + buffer.push(value); + bufferLength += value.length; + if (bufferLength >= minLength) { + const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); + const chunkSize = 2 ** powerOf2; + const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); + buffer = [bufferConcat.subarray(1 + chunkSize)]; + bufferLength = buffer[0].length; + return bufferConcat.subarray(0, 1 + chunkSize); + } + }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); + } else { + if (util.isStream(packetbytes)) { + let length = 0; + arr.push(transform(clone(packetbytes), value => { + length += value.length; + }, () => writeHeader(tag, length))); + } else { + arr.push(writeHeader(tag, packetbytes.length)); + } + arr.push(packetbytes); + } + } + return util.concat(arr); + } - /** - * Signs a message. - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed - * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [options.date=current date] - Override the creation date of the signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ - async function sign$6({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); checkOutputMessageFormat(format); - signingKeys = toArray$1(signingKeys); signingKeyIDs = toArray$1(signingKeyIDs); signingUserIDs = toArray$1(signingUserIDs); signatureNotations = toArray$1(signatureNotations); + /** + * Creates a new PacketList with all packets matching the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {PacketList} + */ + filterByTag(...tags) { + const filtered = new PacketList(); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const handle = tag => packetType => tag === packetType; - if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); - if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(this[i].constructor.tag))) { + filtered.push(this[i]); + } + } - if (!signingKeys || signingKeys.length === 0) { - throw new Error('No signing keys provided'); + return filtered; } - try { - let signature; - if (detached) { - signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } else { - signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - if (format === 'object') return signature; + /** + * Traverses packet list and returns first packet with matching tag + * @param {module:enums.packet} tag - The packet tag + * @returns {Packet|undefined} + */ + findPacket(tag) { + return this.find(packet => packet.constructor.tag === tag); + } - const armor = format === 'armored'; - signature = armor ? signature.armor(config$1) : signature.write(); - if (detached) { - signature = transformPair(message.packets.write(), async (readable, writable) => { - await Promise.all([ - pipe(signature, writable), - readToEnd(readable).catch(() => {}) - ]); - }); + /** + * Find indices of packets with the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {Integer[]} packet indices + */ + indexOfTag(...tags) { + const tagIndex = []; + const that = this; + + const handle = tag => packetType => tag === packetType; + + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(that[i].constructor.tag))) { + tagIndex.push(i); + } } - return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error signing message', err); + return tagIndex; } } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + // A Compressed Data packet can contain the following packet types + const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + OnePassSignaturePacket, + SignaturePacket + ]); + /** - * Verifies signatures of cleartext signed message - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures - * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing verified message in the form: - * - * { - * data: MaybeStream, (if `message` was a CleartextMessage) - * data: MaybeStream, (if `message` was a Message) - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } + * Implementation of the Compressed Data Packet (Tag 8) * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static + * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: + * The Compressed Data packet contains compressed data. Typically, + * this packet is found as the contents of an encrypted packet, or following + * a Signature or One-Pass Signature packet, and contains a literal data packet. */ - async function verify$6({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); verificationKeys = toArray$1(verificationKeys); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + class CompressedDataPacket { + static get tag() { + return enums.packet.compressedData; + } - if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); - if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + /** + * List of packets + * @type {PacketList} + */ + this.packets = null; + /** + * Compression algorithm + * @type {enums.compression} + */ + this.algorithm = config$1.preferredCompressionAlgorithm; - try { - const result = {}; - if (signature) { - result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); - } else { - result.signatures = await message.verify(verificationKeys, date, config$1); - } - result.data = format === 'binary' ? message.getLiteralData() : message.getText(); - if (message.fromStream && !signature) linkStreams(result, message); - if (expectSigned) { - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); - } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); + /** + * Compressed packet data + * @type {Uint8Array | ReadableStream} + */ + this.compressed = null; + } + + /** + * Parsing function for the packet. + * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async read(bytes, config$1 = config) { + await parse(bytes, async reader => { + + // One octet that gives the algorithm used to compress the packet. + this.algorithm = await reader.readByte(); + + // Compressed data, which makes up the remainder of the packet. + this.compressed = reader.remainder(); + + await this.decompress(config$1); + }); + } + + + /** + * Return the compressed packet. + * @returns {Uint8Array | ReadableStream} Binary compressed packet. + */ + write() { + if (this.compressed === null) { + this.compress(); } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error verifying signed message', err); + + return util.concat([new Uint8Array([this.algorithm]), this.compressed]); } - } - /////////////////////////////////////////////// - // // - // Session key encryption and decryption // - // // - /////////////////////////////////////////////// + /** + * Decompression method for decompressing the compressed data + * read by read_packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async decompress(config$1 = config) { + const compressionName = enums.read(enums.compression, this.algorithm); + const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async + if (!decompressionFn) { + throw new Error(`${compressionName} decompression not supported`); + } - /** - * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. - * @param {Object} options - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} - * @param {Date} [options.date=current date] - Date to select algorithm preferences at - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. - * @async - * @static - */ - async function generateSessionKey$1({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - encryptionKeys = toArray$1(encryptionKeys); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets$5, config$1); + } - try { - const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error generating session key', err); + /** + * Compress the packet data (member decompressedData) + */ + compress() { + const compressionName = enums.read(enums.compression, this.algorithm); + const compressionFn = compress_fns[compressionName]; + if (!compressionFn) { + throw new Error(`${compressionName} compression not supported`); + } + + this.compressed = compressionFn(this.packets.write()); } } + ////////////////////////// + // // + // Helper functions // + // // + ////////////////////////// + /** - * Encrypt a symmetric session key with public keys, passwords, or both at once. - * At least one of `encryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) - * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' - * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key - * @param {String|String[]} [options.passwords] - Passwords for the message - * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [options.date=current date] - Override the date - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static + * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise. + * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator + * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor + * @returns {ReadableStream} compressed or decompressed data */ - async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); passwords = toArray$1(passwords); encryptionKeyIDs = toArray$1(encryptionKeyIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + function zlib(compressionStreamInstantiator, ZlibStreamedConstructor) { + return data => { + if (!util.isStream(data) || isArrayStream(data)) { + return fromAsync(() => readToEnd(data).then(inputData => { + return new Promise((resolve, reject) => { + const zlibStream = new ZlibStreamedConstructor(); + zlibStream.ondata = processedData => { + resolve(processedData); + }; + try { + zlibStream.push(inputData, true); // only one chunk to push + } catch (err) { + reject(err); + } + }); + })); + } - if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { - throw new Error('No encryption keys or passwords provided.'); - } + // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API) + if (compressionStreamInstantiator) { + try { + const compressorOrDecompressor = compressionStreamInstantiator(); + return data.pipeThrough(compressorOrDecompressor); + } catch (err) { + // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate. + if (err.name !== 'TypeError') { + throw err; + } + } + } - try { - const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - return formatObject(message, format, config$1); - } catch (err) { - throw util.wrapError('Error encrypting session key', err); - } + // JS fallback + const inputReader = data.getReader(); + const zlibStream = new ZlibStreamedConstructor(); + + return new ReadableStream({ + async start(controller) { + zlibStream.ondata = async (value, isLast) => { + controller.enqueue(value); + if (isLast) { + controller.close(); + } + }; + + while (true) { + const { done, value } = await inputReader.read(); + if (done) { + zlibStream.push(new Uint8Array(), true); + return; + } else if (value.length) { + zlibStream.push(value); + } + } + } + }); + }; + } + + function bzip2Decompress() { + return async function(data) { + const { decode: bunzipDecode } = await Promise.resolve().then(function () { return index; }); + return fromAsync(async () => bunzipDecode(await readToEnd(data))); + }; } /** - * Decrypt symmetric session keys using private keys or passwords (not both). - * One of `decryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Message} options.message - A message object containing the encrypted session key packets - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data - * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key - * @param {Date} [options.date] - Date to use for key verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: - * { data:Uint8Array, algorithm:String } - * @throws if no session key could be found or decrypted - * @async - * @static + * Get Compression Stream API instatiators if the constructors are implemented. + * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported + * (supported formats cannot be determined in advance). + * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat + * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }} */ - async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const getCompressionStreamInstantiators = compressionFormat => ({ + compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)), + decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat)) + }); - try { - const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error decrypting session keys', err); - } - } + const compress_fns = { + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib) + }; + const decompress_fns = { + uncompressed: data => data, + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib), + bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import + }; - ////////////////////////// - // // - // Helper functions // - // // - ////////////////////////// + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + // A SEIP packet can contain the following packet types + const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket + ]); + /** - * Input validation - * @private + * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: + * The Symmetrically Encrypted Integrity Protected Data packet is + * a variant of the Symmetrically Encrypted Data packet. It is a new feature + * created for OpenPGP that addresses the problem of detecting a modification to + * encrypted data. It is used in combination with a Modification Detection Code + * packet. */ - function checkString(data, name) { - if (!util.isString(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type String'); + class SymEncryptedIntegrityProtectedDataPacket { + static get tag() { + return enums.packet.symEncryptedIntegrityProtectedData; } - } - function checkBinary(data, name) { - if (!util.isUint8Array(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array'); + + static fromObject({ version, aeadAlgorithm }) { + if (version !== 1 && version !== 2) { + throw new Error('Unsupported SEIPD version'); + } + + const seip = new SymEncryptedIntegrityProtectedDataPacket(); + seip.version = version; + if (version === 2) { + seip.aeadAlgorithm = aeadAlgorithm; + } + + return seip; } - } - function checkMessage(message) { - if (!(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message'); + + constructor() { + this.version = null; + + // The following 4 fields are for V2 only. + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = null; + this.chunkSizeByte = null; + this.salt = null; + + this.encrypted = null; + this.packets = null; } - } - function checkCleartextOrMessage(message) { - if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); + + async read(bytes) { + await parse(bytes, async reader => { + this.version = await reader.readByte(); + // - A one-octet version number with value 1 or 2. + if (this.version !== 1 && this.version !== 2) { + throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`); + } + + if (this.version === 2) { + // - A one-octet cipher algorithm. + this.cipherAlgorithm = await reader.readByte(); + // - A one-octet AEAD algorithm. + this.aeadAlgorithm = await reader.readByte(); + // - A one-octet chunk size. + this.chunkSizeByte = await reader.readByte(); + // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique. + this.salt = await reader.readBytes(32); + } + + // For V1: + // - Encrypted data, the output of the selected symmetric-key cipher + // operating in Cipher Feedback mode with shift amount equal to the + // block size of the cipher (CFB-n where n is the block size). + // For V2: + // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode. + // - A final, summary authentication tag for the AEAD mode. + this.encrypted = reader.remainder(); + }); } - } - function checkOutputMessageFormat(format) { - if (format !== 'armored' && format !== 'binary' && format !== 'object') { - throw new Error(`Unsupported format ${format}`); + + write() { + if (this.version === 2) { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]); + } + return util.concat([new Uint8Array([this.version]), this.encrypted]); + } + + /** + * Encrypt the payload in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on encryption failure + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + const { blockSize, keySize } = mod$1.getCipherParams(sessionKeyAlgorithm); + if (key.length !== keySize) { + throw new Error('Unexpected session key size'); + } + + let bytes = this.packets.write(); + if (isArrayStream(bytes)) bytes = await readToEnd(bytes); + + if (this.version === 2) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + this.salt = mod$1.random.getRandomBytes(32); + this.chunkSizeByte = config$1.aeadChunkSizeByte; + this.encrypted = await runAEAD(this, 'encrypt', key, bytes); + } else { + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet + + const tohash = util.concat([prefix, bytes, mdc]); + const hash = await mod$1.hash.sha1(passiveClone(tohash)); + const plaintext = util.concat([tohash, hash]); + + this.encrypted = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); + } + return true; } - } - const defaultConfigPropsCount = Object.keys(config).length; - function checkConfig(config$1) { - const inputConfigProps = Object.keys(config$1); - if (inputConfigProps.length !== defaultConfigPropsCount) { - for (const inputProp of inputConfigProps) { - if (config[inputProp] === undefined) { - throw new Error(`Unknown config property: ${inputProp}`); + + /** + * Decrypts the encrypted data contained in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on decryption failure + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + if (key.length !== mod$1.getCipherParams(sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + + let encrypted = clone(this.encrypted); + if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); + + let packetbytes; + if (this.version === 2) { + if (this.cipherAlgorithm !== sessionKeyAlgorithm) { + // sanity check + throw new Error('Unexpected session key algorithm'); + } + packetbytes = await runAEAD(this, 'decrypt', key, encrypted); + } else { + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); + + // there must be a modification detection code packet as the + // last packet and everything gets hashed except the hash itself + const realHash = slice(passiveClone(decrypted), -20); + const tohash = slice(decrypted, 0, -20); + const verifyHash = Promise.all([ + readToEnd(await mod$1.hash.sha1(passiveClone(tohash))), + readToEnd(realHash) + ]).then(([hash, mdc]) => { + if (!util.equalsUint8Array(hash, mdc)) { + throw new Error('Modification detected.'); + } + return new Uint8Array(); + }); + const bytes = slice(tohash, blockSize + 2); // Remove random prefix + packetbytes = slice(bytes, 0, -2); // Remove MDC packet + packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); + if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { + packetbytes = await readToEnd(packetbytes); } } - } - } - /** - * Normalize parameter to an array if it is not undefined. - * @param {Object} param - the parameter to be normalized - * @returns {Array|undefined} The resulting array or undefined. - * @private - */ - function toArray$1(param) { - if (param && !util.isArray(param)) { - param = [param]; + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$4, config$1); + return true; } - return param; } /** - * Convert data to or from Stream - * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams - * @returns {Promise} The data in the respective format. + * En/decrypt the payload. + * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt + * @param {Uint8Array} key - The session key used to en/decrypt the payload + * @param {Uint8Array | ReadableStream} data - The data to en/decrypt + * @returns {Promise>} * @async - * @private - */ - async function convertStream(data, streaming, encoding = 'utf8') { - const streamType = util.isStream(data); - if (streamType === 'array') { - return readToEnd(data); - } - if (streaming === 'node') { - data = webToNode(data); - if (encoding !== 'binary') data.setEncoding(encoding); - return data; - } - if (streaming === 'web' && streamType === 'ponyfill') { - return toNativeReadable(data); - } - return data; - } - - /** - * Link result.data to the message stream for cancellation. - * Also, forward errors in the message to result.data. - * @param {Object} result - the data to convert - * @param {Message} message - message object - * @returns {Object} - * @private */ - function linkStreams(result, message) { - result.data = transformPair(message.packets.stream, async (readable, writable) => { - await pipe(result.data, writable, { - preventClose: true - }); + async function runAEAD(packet, fn, key, data) { + const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2; + const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import) + if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type'); + + const mode = mod$1.getAEADMode(packet.aeadAlgorithm); + const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; + const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; + const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) + const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0; + const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP); + const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP); + const adataTagArray = new Uint8Array(adataBuffer); + const adataView = new DataView(adataBuffer); + const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); + adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0); + let chunkIndex = 0; + let latestPromise = Promise.resolve(); + let cryptedBytes = 0; + let queuedBytes = 0; + let iv; + let ivView; + if (isSEIPDv2) { + const { keySize } = mod$1.getCipherParams(packet.cipherAlgorithm); + const { ivLength } = mode; + const info = new Uint8Array(adataBuffer, 0, 5); + const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength); + key = derived.subarray(0, keySize); + iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy. + iv.fill(0, iv.length - 8); + ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); + } else { // AEADEncryptedDataPacket + iv = packet.iv; + // ivView is unused in this case + } + const modeInstance = await mode(packet.cipherAlgorithm, key); + return transformPair(data, async (readable, writable) => { + if (util.isStream(readable) !== 'array') { + const buffer = new TransformStream({}, { + highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6), + size: array => array.length + }); + pipe(buffer.readable, writable); + writable = buffer.writable; + } + const reader = getReader(readable); const writer = getWriter(writable); try { - // Forward errors in the message stream to result.data. - await readToEnd(readable, _ => _); - await writer.close(); + while (true) { + let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); + const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); + chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); + let cryptedPromise; + let done; + let nonce; + if (isSEIPDv2) { // SEIPD V2 + nonce = iv; + } else { // AEADEncryptedDataPacket + nonce = iv.slice(); + for (let i = 0; i < 8; i++) { + nonce[iv.length - 8 + i] ^= chunkIndexArray[i]; + } + } + if (!chunkIndex || chunk.length) { + reader.unshift(finalChunk); + cryptedPromise = modeInstance[fn](chunk, nonce, adataArray); + cryptedPromise.catch(() => {}); + queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; + } else { + // After the last chunk, we either encrypt a final, empty + // data chunk to get the final authentication tag or + // validate that final authentication tag. + adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...) + cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray); + cryptedPromise.catch(() => {}); + queuedBytes += tagLengthIfEncrypting; + done = true; + } + cryptedBytes += chunk.length - tagLengthIfDecrypting; + // eslint-disable-next-line @typescript-eslint/no-loop-func + latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { + await writer.ready; + await writer.write(crypted); + queuedBytes -= crypted.length; + }).catch(err => writer.abort(err)); + if (done || queuedBytes > writer.desiredSize) { + await latestPromise; // Respect backpressure + } + if (!done) { + if (isSEIPDv2) { // SEIPD V2 + ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...) + } else { // AEADEncryptedDataPacket + adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) + } + } else { + await writer.close(); + break; + } + } } catch (e) { + await writer.ready.catch(() => {}); await writer.abort(e); } }); } - /** - * Convert the object to the given format - * @param {Key|Message} object - * @param {'armored'|'binary'|'object'} format - * @param {Object} config - Full configuration - * @returns {String|Uint8Array|Object} - */ - function formatObject(object, format, config) { - switch (format) { - case 'object': - return object; - case 'armored': - return object.armor(config); - case 'binary': - return object.write(); - default: - throw new Error(`Unsupported format ${format}`); - } - } - - /** - * web-streams-polyfill v3.0.3 - */ - /// - const SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? - Symbol : - description => `Symbol(${description})`; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2016 Tankred Hase + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /// - function noop() { - return undefined; - } - function getGlobals() { - if (typeof self !== 'undefined') { - return self; - } - else if (typeof window !== 'undefined') { - return window; - } - else if (typeof global !== 'undefined') { - return global; - } - return undefined; - } - const globals = getGlobals(); - function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; - } - const rethrowAssertionErrorRejection = noop; + // An AEAD-encrypted Data packet can contain the following packet types + const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket + ]); - const originalPromise = Promise; - const originalPromiseThen = Promise.prototype.then; - const originalPromiseResolve = Promise.resolve.bind(originalPromise); - const originalPromiseReject = Promise.reject.bind(originalPromise); - function newPromise(executor) { - return new originalPromise(executor); - } - function promiseResolvedWith(value) { - return originalPromiseResolve(value); - } - function promiseRejectedWith(reason) { - return originalPromiseReject(reason); - } - function PerformPromiseThen(promise, onFulfilled, onRejected) { - // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an - // approximation. - return originalPromiseThen.call(promise, onFulfilled, onRejected); - } - function uponPromise(promise, onFulfilled, onRejected) { - PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection); - } - function uponFulfillment(promise, onFulfilled) { - uponPromise(promise, onFulfilled); - } - function uponRejection(promise, onRejected) { - uponPromise(promise, undefined, onRejected); - } - function transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) { - return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler); - } - function setPromiseIsHandledToTrue(promise) { - PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection); - } - const queueMicrotask = (() => { - const globalQueueMicrotask = globals && globals.queueMicrotask; - if (typeof globalQueueMicrotask === 'function') { - return globalQueueMicrotask; - } - const resolvedPromise = promiseResolvedWith(undefined); - return (fn) => PerformPromiseThen(resolvedPromise, fn); - })(); - function reflectCall(F, V, args) { - if (typeof F !== 'function') { - throw new TypeError('Argument is not a function'); - } - return Function.prototype.apply.call(F, V, args); - } - function promiseCall(F, V, args) { - try { - return promiseResolvedWith(reflectCall(F, V, args)); - } - catch (value) { - return promiseRejectedWith(value); - } - } + const VERSION$1 = 1; // A one-octet version number of the data packet. - // Original from Chromium - // https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js - const QUEUE_MAX_ARRAY_SIZE = 16384; /** - * Simple queue structure. + * Implementation of the Symmetrically Encrypted Authenticated Encryption with + * Additional Data (AEAD) Protected Data Packet * - * Avoids scalability issues with using a packed array directly by using - * multiple arrays in a linked list and keeping the array size bounded. + * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: + * AEAD Protected Data Packet */ - class SimpleQueue { - constructor() { - this._cursor = 0; - this._size = 0; - // _front and _back are always defined. - this._front = { - _elements: [], - _next: undefined - }; - this._back = this._front; - // The cursor is used to avoid calling Array.shift(). - // It contains the index of the front element of the array inside the - // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE). - this._cursor = 0; - // When there is only one node, size === elements.length - cursor. - this._size = 0; - } - get length() { - return this._size; - } - // For exception safety, this method is structured in order: - // 1. Read state - // 2. Calculate required state mutations - // 3. Perform state mutations - push(element) { - const oldBack = this._back; - let newBack = oldBack; - if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) { - newBack = { - _elements: [], - _next: undefined - }; - } - // push() is the mutation most likely to throw an exception, so it - // goes first. - oldBack._elements.push(element); - if (newBack !== oldBack) { - this._back = newBack; - oldBack._next = newBack; - } - ++this._size; - } - // Like push(), shift() follows the read -> calculate -> mutate pattern for - // exception safety. - shift() { // must not be called on an empty queue - const oldFront = this._front; - let newFront = oldFront; - const oldCursor = this._cursor; - let newCursor = oldCursor + 1; - const elements = oldFront._elements; - const element = elements[oldCursor]; - if (newCursor === QUEUE_MAX_ARRAY_SIZE) { - newFront = oldFront._next; - newCursor = 0; - } - // No mutations before this point. - --this._size; - this._cursor = newCursor; - if (oldFront !== newFront) { - this._front = newFront; - } - // Permit shifted element to be garbage collected. - elements[oldCursor] = undefined; - return element; - } - // The tricky thing about forEach() is that it can be called - // re-entrantly. The queue may be mutated inside the callback. It is easy to - // see that push() within the callback has no negative effects since the end - // of the queue is checked for on every iteration. If shift() is called - // repeatedly within the callback then the next iteration may return an - // element that has been removed. In this case the callback will be called - // with undefined values until we either "catch up" with elements that still - // exist or reach the back of the queue. - forEach(callback) { - let i = this._cursor; - let node = this._front; - let elements = node._elements; - while (i !== elements.length || node._next !== undefined) { - if (i === elements.length) { - node = node._next; - elements = node._elements; - i = 0; - if (elements.length === 0) { - break; - } - } - callback(elements[i]); - ++i; - } - } - // Return the element that would be returned if shift() was called now, - // without modifying the queue. - peek() { // must not be called on an empty queue - const front = this._front; - const cursor = this._cursor; - return front._elements[cursor]; - } - } + class AEADEncryptedDataPacket { + static get tag() { + return enums.packet.aeadEncryptedData; + } - function ReadableStreamReaderGenericInitialize(reader, stream) { - reader._ownerReadableStream = stream; - stream._reader = reader; - if (stream._state === 'readable') { - defaultReaderClosedPromiseInitialize(reader); - } - else if (stream._state === 'closed') { - defaultReaderClosedPromiseInitializeAsResolved(reader); - } - else { - defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError); - } - } - // A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state - // check. - function ReadableStreamReaderGenericCancel(reader, reason) { - const stream = reader._ownerReadableStream; - return ReadableStreamCancel(stream, reason); - } - function ReadableStreamReaderGenericRelease(reader) { - if (reader._ownerReadableStream._state === 'readable') { - defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - else { - defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - reader._ownerReadableStream._reader = undefined; - reader._ownerReadableStream = undefined; - } - // Helper functions for the readers. - function readerLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released reader'); - } - // Helper functions for the ReadableStreamDefaultReader. - function defaultReaderClosedPromiseInitialize(reader) { - reader._closedPromise = newPromise((resolve, reject) => { - reader._closedPromise_resolve = resolve; - reader._closedPromise_reject = reject; - }); - } - function defaultReaderClosedPromiseInitializeAsRejected(reader, reason) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseReject(reader, reason); - } - function defaultReaderClosedPromiseInitializeAsResolved(reader) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseResolve(reader); - } - function defaultReaderClosedPromiseReject(reader, reason) { - if (reader._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(reader._closedPromise); - reader._closedPromise_reject(reason); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; - } - function defaultReaderClosedPromiseResetToRejected(reader, reason) { - defaultReaderClosedPromiseInitializeAsRejected(reader, reason); - } - function defaultReaderClosedPromiseResolve(reader) { - if (reader._closedPromise_resolve === undefined) { - return; - } - reader._closedPromise_resolve(undefined); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; - } + constructor() { + this.version = VERSION$1; + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = enums.aead.eax; + this.chunkSizeByte = null; + this.iv = null; + this.encrypted = null; + this.packets = null; + } - const AbortSteps = SymbolPolyfill('[[AbortSteps]]'); - const ErrorSteps = SymbolPolyfill('[[ErrorSteps]]'); - const CancelSteps = SymbolPolyfill('[[CancelSteps]]'); - const PullSteps = SymbolPolyfill('[[PullSteps]]'); + /** + * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @param {Uint8Array | ReadableStream} bytes + * @throws {Error} on parsing failure + */ + async read(bytes) { + await parse(bytes, async reader => { + const version = await reader.readByte(); + if (version !== VERSION$1) { // The only currently defined value is 1. + throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); + } + this.cipherAlgorithm = await reader.readByte(); + this.aeadAlgorithm = await reader.readByte(); + this.chunkSizeByte = await reader.readByte(); - /// - // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill - const NumberIsFinite = Number.isFinite || function (x) { - return typeof x === 'number' && isFinite(x); - }; + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = await reader.readBytes(mode.ivLength); + this.encrypted = reader.remainder(); + }); + } - /// - // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill - const MathTrunc = Math.trunc || function (v) { - return v < 0 ? Math.ceil(v) : Math.floor(v); - }; + /** + * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @returns {Uint8Array | ReadableStream} The encrypted payload. + */ + write() { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); + } - // https://heycam.github.io/webidl/#idl-dictionaries - function isDictionary(x) { - return typeof x === 'object' || typeof x === 'function'; - } - function assertDictionary(obj, context) { - if (obj !== undefined && !isDictionary(obj)) { - throw new TypeError(`${context} is not an object.`); - } - } - // https://heycam.github.io/webidl/#idl-callback-functions - function assertFunction(x, context) { - if (typeof x !== 'function') { - throw new TypeError(`${context} is not a function.`); - } - } - // https://heycam.github.io/webidl/#idl-object - function isObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; - } - function assertObject(x, context) { - if (!isObject(x)) { - throw new TypeError(`${context} is not an object.`); - } - } - function assertRequiredArgument(x, position, context) { - if (x === undefined) { - throw new TypeError(`Parameter ${position} is required in '${context}'.`); - } - } - function assertRequiredField(x, field, context) { - if (x === undefined) { - throw new TypeError(`${field} is required in '${context}'.`); - } - } - // https://heycam.github.io/webidl/#idl-unrestricted-double - function convertUnrestrictedDouble(value) { - return Number(value); - } - function censorNegativeZero(x) { - return x === 0 ? 0 : x; - } - function integerPart(x) { - return censorNegativeZero(MathTrunc(x)); - } - // https://heycam.github.io/webidl/#idl-unsigned-long-long - function convertUnsignedLongLongWithEnforceRange(value, context) { - const lowerBound = 0; - const upperBound = Number.MAX_SAFE_INTEGER; - let x = Number(value); - x = censorNegativeZero(x); - if (!NumberIsFinite(x)) { - throw new TypeError(`${context} is not a finite number`); - } - x = integerPart(x); - if (x < lowerBound || x > upperBound) { - throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`); - } - if (!NumberIsFinite(x) || x === 0) { - return 0; - } - // TODO Use BigInt if supported? - // let xBigInt = BigInt(integerPart(x)); - // xBigInt = BigInt.asUintN(64, xBigInt); - // return Number(xBigInt); - return x; - } + /** + * Decrypt the encrypted payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.packets = await PacketList.fromBinary( + await runAEAD(this, 'decrypt', key, clone(this.encrypted)), + allowedPackets$3, + config$1 + ); + } + + /** + * Encrypt the packet payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.cipherAlgorithm = sessionKeyAlgorithm; - function assertReadableStream(x, context) { - if (!IsReadableStream(x)) { - throw new TypeError(`${context} is not a ReadableStream.`); - } + const { ivLength } = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(ivLength); // generate new random IV + this.chunkSizeByte = config$1.aeadChunkSizeByte; + const data = this.packets.write(); + this.encrypted = await runAEAD(this, 'encrypt', key, data); + } } - // Abstract operations for the ReadableStream. - function AcquireReadableStreamDefaultReader(stream) { - return new ReadableStreamDefaultReader(stream); - } - // ReadableStream API exposed for controllers. - function ReadableStreamAddReadRequest(stream, readRequest) { - stream._reader._readRequests.push(readRequest); - } - function ReadableStreamFulfillReadRequest(stream, chunk, done) { - const reader = stream._reader; - const readRequest = reader._readRequests.shift(); - if (done) { - readRequest._closeSteps(); - } - else { - readRequest._chunkSteps(chunk); - } - } - function ReadableStreamGetNumReadRequests(stream) { - return stream._reader._readRequests.length; - } - function ReadableStreamHasDefaultReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamDefaultReader(reader)) { - return false; - } - return true; - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * A default reader vended by a {@link ReadableStream}. + * Public-Key Encrypted Session Key Packets (Tag 1) * - * @public - */ - class ReadableStreamDefaultReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readRequests = new SimpleQueue(); - } + * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: + * A Public-Key Encrypted Session Key packet holds the session key + * used to encrypt a message. Zero or more Public-Key Encrypted Session Key + * packets and/or Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data Packet, which holds an encrypted message. The + * message is encrypted with the session key, and the session key is itself + * encrypted and stored in the Encrypted Session Key packet(s). The + * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted + * Session Key packet for each OpenPGP key to which the message is encrypted. + * The recipient of the message finds a session key that is encrypted to their + * public key, decrypts the session key, and then uses the session key to + * decrypt the message. + */ + class PublicKeyEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.publicKeyEncryptedSessionKey; + } + + constructor() { + this.version = null; + + // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()` + this.publicKeyID = new KeyID(); + + // For version 6: + this.publicKeyVersion = null; + this.publicKeyFingerprint = null; + + // For all versions: + this.publicKeyAlgorithm = null; + + this.sessionKey = null; /** - * Returns a promise that will be fulfilled when the stream becomes closed, - * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - get closed() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('closed')); - } - return this._closedPromise; + this.sessionKeyAlgorithm = null; + + /** @type {Object} */ + this.encrypted = {}; + } + + static fromObject({ + version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm + }) { + const pkesk = new PublicKeyEncryptedSessionKeyPacket(); + + if (version !== 3 && version !== 6) { + throw new Error('Unsupported PKESK version'); } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); + + pkesk.version = version; + + if (version === 6) { + pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version; + pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes(); } - /** - * Returns a promise that allows access to the next chunk from the stream's internal queue, if available. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('read')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: () => resolvePromise({ value: undefined, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamDefaultReaderRead(this, readRequest); - return promise; + + pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID(); + pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm; + pkesk.sessionKey = sessionKey; + pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm; + + return pkesk; + } + + /** + * Parsing function for a publickey encrypted session key packet (tag 1). + * + * @param {Uint8Array} bytes - Payload of a tag 1 packet + */ + read(bytes) { + let offset = 0; + this.version = bytes[offset++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamDefaultReader(this)) { - throw defaultReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); + if (this.version === 6) { + // A one-octet size of the following two fields: + // - A one octet key version number. + // - The fingerprint of the public key or subkey to which the session key is encrypted. + // The size may also be zero. + const versionAndFingerprintLength = bytes[offset++]; + if (versionAndFingerprintLength) { + this.publicKeyVersion = bytes[offset++]; + const fingerprintLength = versionAndFingerprintLength - 1; + this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength; + if (this.publicKeyVersion >= 5) { + // For v5/6 the Key ID is the high-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint); + } else { + // For v4 The Key ID is the low-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8)); } - ReadableStreamReaderGenericRelease(this); - } - } - Object.defineProperties(ReadableStreamDefaultReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultReader', - configurable: true - }); - } - // Abstract operations for the readers. - function IsReadableStreamDefaultReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) { - return false; - } - return true; - } - function ReadableStreamDefaultReaderRead(reader, readRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'closed') { - readRequest._closeSteps(); - } - else if (stream._state === 'errored') { - readRequest._errorSteps(stream._storedError); + } else { + // The size may also be zero, and the key version and + // fingerprint omitted for an "anonymous recipient" + this.publicKeyID = KeyID.wildcard(); + } + } else { + offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8)); } - else { - stream._readableStreamController[PullSteps](readRequest); + this.publicKeyAlgorithm = bytes[offset++]; + this.encrypted = mod$1.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset)); + if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) { + if (this.version === 3) { + this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + } else if (this.encrypted.C.algorithm !== null) { + throw new Error('Unexpected cleartext symmetric algorithm'); + } } - } - // Helper functions for the ReadableStreamDefaultReader. - function defaultReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`); - } + } - /// - let AsyncIteratorPrototype; - if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - // We're running inside a ES2018+ environment, but we're compiling to an older syntax. - // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it. - AsyncIteratorPrototype = { - // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( ) - // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator - [SymbolPolyfill.asyncIterator]() { - return this; - } - }; - Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false }); - } - - /// - class ReadableStreamAsyncIteratorImpl { - constructor(reader, preventCancel) { - this._ongoingPromise = undefined; - this._isFinished = false; - this._reader = reader; - this._preventCancel = preventCancel; - } - next() { - const nextSteps = () => this._nextSteps(); - this._ongoingPromise = this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) : - nextSteps(); - return this._ongoingPromise; - } - return(value) { - const returnSteps = () => this._returnSteps(value); - return this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) : - returnSteps(); - } - _nextSteps() { - if (this._isFinished) { - return Promise.resolve({ value: undefined, done: true }); - } - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('iterate')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => { - this._ongoingPromise = undefined; - // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test. - // FIXME Is this a bug in the specification, or in the test? - queueMicrotask(() => resolvePromise({ value: chunk, done: false })); - }, - _closeSteps: () => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - resolvePromise({ value: undefined, done: true }); - }, - _errorSteps: reason => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - rejectPromise(reason); - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promise; - } - _returnSteps(value) { - if (this._isFinished) { - return Promise.resolve({ value, done: true }); - } - this._isFinished = true; - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('finish iterating')); - } - if (!this._preventCancel) { - const result = ReadableStreamReaderGenericCancel(reader, value); - ReadableStreamReaderGenericRelease(reader); - return transformPromiseWith(result, () => ({ value, done: true })); - } - ReadableStreamReaderGenericRelease(reader); - return promiseResolvedWith({ value, done: true }); - } - } - const ReadableStreamAsyncIteratorPrototype = { - next() { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next')); - } - return this._asyncIteratorImpl.next(); - }, - return(value) { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return')); - } - return this._asyncIteratorImpl.return(value); + /** + * Create a binary representation of a tag 1 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const arr = [ + new Uint8Array([this.version]) + ]; + + if (this.version === 6) { + if (this.publicKeyFingerprint !== null) { + arr.push(new Uint8Array([ + this.publicKeyFingerprint.length + 1, + this.publicKeyVersion] + )); + arr.push(this.publicKeyFingerprint); + } else { + arr.push(new Uint8Array([0])); + } + } else { + arr.push(this.publicKeyID.write()); } - }; - if (AsyncIteratorPrototype !== undefined) { - Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype); - } - // Abstract operations for the ReadableStream. - function AcquireReadableStreamAsyncIterator(stream, preventCancel) { - const reader = AcquireReadableStreamDefaultReader(stream); - const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel); - const iterator = Object.create(ReadableStreamAsyncIteratorPrototype); - iterator._asyncIteratorImpl = impl; - return iterator; - } - function IsReadableStreamAsyncIterator(x) { - if (!typeIsObject(x)) { - return false; + + arr.push( + new Uint8Array([this.publicKeyAlgorithm]), + mod$1.serializeParams(this.publicKeyAlgorithm, this.encrypted) + ); + + return util.concatUint8Array(arr); + } + + /** + * Encrypt session key packet + * @param {PublicKeyPacket} key - Public key + * @throws {Error} if encryption failed + * @async + */ + async encrypt(key) { + const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); + // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a + // v6 PKESK packet, as it is included in the v2 SEIPD packet. + const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey); + this.encrypted = await mod$1.publicKeyEncrypt( + algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint); + } + + /** + * Decrypts the session key (only for public key encrypted session key packets (tag 1) + * @param {SecretKeyPacket} key - decrypted private key + * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. + * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } + * @throws {Error} if decryption failed, unless `randomSessionKey` is given + * @async + */ + async decrypt(key, randomSessionKey) { + // check that session key algo matches the secret key algo + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Decryption error'); } - if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) { - return false; + + const randomPayload = randomSessionKey ? + encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : + null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const decryptedData = await mod$1.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload); + + const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); + + if (this.version === 3) { + // v3 Montgomery curves have cleartext cipher algo + const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448; + this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm; + + if (sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } } - return true; - } - // Helper functions for the ReadableStream. - function streamAsyncIteratorBrandCheckException(name) { - return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`); + this.sessionKey = sessionKey; + } } - /// - // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill - const NumberIsNaN = Number.isNaN || function (x) { - // eslint-disable-next-line no-self-compare - return x !== x; - }; - function IsFiniteNonNegativeNumber(v) { - if (!IsNonNegativeNumber(v)) { - return false; - } - if (v === Infinity) { - return false; - } - return true; + function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + // add checksum + return util.concatUint8Array([ + new Uint8Array(version === 6 ? [] : [cipherAlgo]), + sessionKeyData, + util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) + ]); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return sessionKeyData; + default: + throw new Error('Unsupported public key algorithm'); + } } - function IsNonNegativeNumber(v) { - if (typeof v !== 'number') { - return false; - } - if (NumberIsNaN(v)) { - return false; - } - if (v < 0) { - return false; + + + function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: { + // verify checksum in constant time + const result = decryptedData.subarray(0, decryptedData.length - 2); + const checksum = decryptedData.subarray(decryptedData.length - 2); + const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); + const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; + const decryptedSessionKey = version === 6 ? + { sessionKeyAlgorithm: null, sessionKey: result } : + { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; + if (randomSessionKey) { + // We must not leak info about the validity of the decrypted checksum or cipher algo. + // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. + const isValidPayload = isValidChecksum & + decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & + decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; + return { + sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), + sessionKeyAlgorithm: version === 6 ? null : util.selectUint8( + isValidPayload, + decryptedSessionKey.sessionKeyAlgorithm, + randomSessionKey.sessionKeyAlgorithm + ) + }; + } else { + const isValidPayload = isValidChecksum && ( + version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm)); + if (isValidPayload) { + return decryptedSessionKey; + } else { + throw new Error('Decryption error'); + } + } } - return true; + case enums.publicKey.x25519: + case enums.publicKey.x448: + return { + sessionKeyAlgorithm: null, + sessionKey: decryptedData + }; + default: + throw new Error('Unsupported public key algorithm'); + } } - function DequeueValue(container) { - const pair = container._queue.shift(); - container._queueTotalSize -= pair.size; - if (container._queueTotalSize < 0) { - container._queueTotalSize = 0; - } - return pair.value; - } - function EnqueueValueWithSize(container, value, size) { - size = Number(size); - if (!IsFiniteNonNegativeNumber(size)) { - throw new RangeError('Size must be a finite, non-NaN, non-negative number.'); - } - container._queue.push({ value, size }); - container._queueTotalSize += size; - } - function PeekQueueValue(container) { - const pair = container._queue.peek(); - return pair.value; - } - function ResetQueue(container) { - container._queue = new SimpleQueue(); - container._queueTotalSize = 0; - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function CreateArrayFromList(elements) { - // We use arrays to represent lists, so this is basically a no-op. - // Do a slice though just in case we happen to depend on the unique-ness. - return elements.slice(); - } - function CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) { - new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset); - } - // Not implemented correctly - function TransferArrayBuffer(O) { - return O; - } - // Not implemented correctly - function IsDetachedBuffer(O) { - return false; - } /** - * A pull-into request in a {@link ReadableByteStreamController}. - * - * @public - */ - class ReadableStreamBYOBRequest { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the view for writing in to, or `null` if the BYOB request has already been responded to. - */ - get view() { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('view'); - } - return this._view; - } - respond(bytesWritten) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respond'); - } - assertRequiredArgument(bytesWritten, 1, 'respond'); - bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter'); - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - if (IsDetachedBuffer(this._view.buffer)) ; - ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten); - } - respondWithNewView(view) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respondWithNewView'); - } - assertRequiredArgument(view, 1, 'respondWithNewView'); - if (!ArrayBuffer.isView(view)) { - throw new TypeError('You can only respond with array buffer views'); - } - if (view.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (view.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view); - } - } - Object.defineProperties(ReadableStreamBYOBRequest.prototype, { - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, - view: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBRequest', - configurable: true - }); - } - /** - * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue. + * Symmetric-Key Encrypted Session Key Packets (Tag 3) * - * @public + * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: + * The Symmetric-Key Encrypted Session Key packet holds the + * symmetric-key encryption of a session key used to encrypt a message. + * Zero or more Public-Key Encrypted Session Key packets and/or + * Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data packet that holds an encrypted message. + * The message is encrypted with a session key, and the session key is + * itself encrypted and stored in the Encrypted Session Key packet or + * the Symmetric-Key Encrypted Session Key packet. */ - class ReadableByteStreamController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the current BYOB pull request, or `null` if there isn't one. - */ - get byobRequest() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('byobRequest'); - } - if (this._byobRequest === null && this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled); - const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype); - SetUpReadableStreamBYOBRequest(byobRequest, this, view); - this._byobRequest = byobRequest; - } - return this._byobRequest; - } + class SymEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.symEncryptedSessionKey; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + this.version = config$1.aeadProtect ? 6 : 4; + this.sessionKey = null; /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure. + * Algorithm to encrypt the session key with + * @type {enums.symmetric} */ - get desiredSize() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('desiredSize'); - } - return ReadableByteStreamControllerGetDesiredSize(this); - } + this.sessionKeyEncryptionAlgorithm = null; /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - close() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('close'); - } - if (this._closeRequested) { - throw new TypeError('The stream has already been closed; do not close it again!'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`); - } - ReadableByteStreamControllerClose(this); - } - enqueue(chunk) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('enqueue'); - } - assertRequiredArgument(chunk, 1, 'enqueue'); - if (!ArrayBuffer.isView(chunk)) { - throw new TypeError('chunk must be an array buffer view'); - } - if (chunk.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (chunk.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._closeRequested) { - throw new TypeError('stream is closed or draining'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`); - } - ReadableByteStreamControllerEnqueue(this, chunk); - } + this.sessionKeyAlgorithm = null; /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. + * AEAD mode to encrypt the session key with (if AEAD protection is enabled) + * @type {enums.aead} */ - error(e = undefined) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('error'); - } - ReadableByteStreamControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - if (this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - firstDescriptor.bytesFilled = 0; - } - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableByteStreamControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableByteStream; - if (this._queueTotalSize > 0) { - const entry = this._queue.shift(); - this._queueTotalSize -= entry.byteLength; - ReadableByteStreamControllerHandleQueueDrain(this); - const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength); - readRequest._chunkSteps(view); - return; - } - const autoAllocateChunkSize = this._autoAllocateChunkSize; - if (autoAllocateChunkSize !== undefined) { - let buffer; - try { - buffer = new ArrayBuffer(autoAllocateChunkSize); - } - catch (bufferE) { - readRequest._errorSteps(bufferE); - return; - } - const pullIntoDescriptor = { - buffer, - byteOffset: 0, - byteLength: autoAllocateChunkSize, - bytesFilled: 0, - elementSize: 1, - viewConstructor: Uint8Array, - readerType: 'default' - }; - this._pendingPullIntos.push(pullIntoDescriptor); - } - ReadableStreamAddReadRequest(stream, readRequest); - ReadableByteStreamControllerCallPullIfNeeded(this); - } - } - Object.defineProperties(ReadableByteStreamController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableByteStreamController', - configurable: true - }); - } - // Abstract operations for the ReadableByteStreamController. - function IsReadableByteStreamController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) { - return false; - } - return true; - } - function IsReadableStreamBYOBRequest(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) { - return false; - } - return true; - } - function ReadableByteStreamControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableByteStreamControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - // TODO: Test controller argument - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableByteStreamControllerError(controller, e); - }); - } - function ReadableByteStreamControllerClearPendingPullIntos(controller) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - controller._pendingPullIntos = new SimpleQueue(); - } - function ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) { - let done = false; - if (stream._state === 'closed') { - done = true; - } - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - if (pullIntoDescriptor.readerType === 'default') { - ReadableStreamFulfillReadRequest(stream, filledView, done); - } - else { - ReadableStreamFulfillReadIntoRequest(stream, filledView, done); - } - } - function ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) { - const bytesFilled = pullIntoDescriptor.bytesFilled; - const elementSize = pullIntoDescriptor.elementSize; - return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize); - } - function ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) { - controller._queue.push({ buffer, byteOffset, byteLength }); - controller._queueTotalSize += byteLength; - } - function ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) { - const elementSize = pullIntoDescriptor.elementSize; - const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize; - const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled); - const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy; - const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize; - let totalBytesToCopyRemaining = maxBytesToCopy; - let ready = false; - if (maxAlignedBytes > currentAlignedBytes) { - totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled; - ready = true; - } - const queue = controller._queue; - while (totalBytesToCopyRemaining > 0) { - const headOfQueue = queue.peek(); - const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength); - const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy); - if (headOfQueue.byteLength === bytesToCopy) { - queue.shift(); - } - else { - headOfQueue.byteOffset += bytesToCopy; - headOfQueue.byteLength -= bytesToCopy; - } - controller._queueTotalSize -= bytesToCopy; - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor); - totalBytesToCopyRemaining -= bytesToCopy; - } - return ready; - } - function ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - pullIntoDescriptor.bytesFilled += size; - } - function ReadableByteStreamControllerHandleQueueDrain(controller) { - if (controller._queueTotalSize === 0 && controller._closeRequested) { - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(controller._controlledReadableByteStream); - } - else { - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - } - function ReadableByteStreamControllerInvalidateBYOBRequest(controller) { - if (controller._byobRequest === null) { - return; - } - controller._byobRequest._associatedReadableByteStreamController = undefined; - controller._byobRequest._view = null; - controller._byobRequest = null; - } - function ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) { - while (controller._pendingPullIntos.length > 0) { - if (controller._queueTotalSize === 0) { - return; - } - const pullIntoDescriptor = controller._pendingPullIntos.peek(); - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - } - } - } - function ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) { - const stream = controller._controlledReadableByteStream; - let elementSize = 1; - if (view.constructor !== DataView) { - elementSize = view.constructor.BYTES_PER_ELEMENT; - } - const ctor = view.constructor; - const buffer = TransferArrayBuffer(view.buffer); - const pullIntoDescriptor = { - buffer, - byteOffset: view.byteOffset, - byteLength: view.byteLength, - bytesFilled: 0, - elementSize, - viewConstructor: ctor, - readerType: 'byob' - }; - if (controller._pendingPullIntos.length > 0) { - controller._pendingPullIntos.push(pullIntoDescriptor); - // No ReadableByteStreamControllerCallPullIfNeeded() call since: - // - No change happens on desiredSize - // - The source has already been notified of that there's at least 1 pending read(view) - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - return; - } - if (stream._state === 'closed') { - const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0); - readIntoRequest._closeSteps(emptyView); - return; - } - if (controller._queueTotalSize > 0) { - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - ReadableByteStreamControllerHandleQueueDrain(controller); - readIntoRequest._chunkSteps(filledView); - return; - } - if (controller._closeRequested) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - readIntoRequest._errorSteps(e); - return; - } - } - controller._pendingPullIntos.push(pullIntoDescriptor); - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - function ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) { - firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer); - const stream = controller._controlledReadableByteStream; - if (ReadableStreamHasBYOBReader(stream)) { - while (ReadableStreamGetNumReadIntoRequests(stream) > 0) { - const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor); - } - } - } - function ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) { - if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) { - throw new RangeError('bytesWritten out of range'); - } - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor); - if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) { - // TODO: Figure out whether we should detach the buffer or not here. - return; - } - ReadableByteStreamControllerShiftPendingPullInto(controller); - const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize; - if (remainderSize > 0) { - const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end); - ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength); - } - pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer); - pullIntoDescriptor.bytesFilled -= remainderSize; - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); - } - function ReadableByteStreamControllerRespondInternal(controller, bytesWritten) { - const firstDescriptor = controller._pendingPullIntos.peek(); - const state = controller._controlledReadableByteStream._state; - if (state === 'closed') { - if (bytesWritten !== 0) { - throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream'); - } - ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor); - } - else { - ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - function ReadableByteStreamControllerShiftPendingPullInto(controller) { - const descriptor = controller._pendingPullIntos.shift(); - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - return descriptor; - } - function ReadableByteStreamControllerShouldCallPull(controller) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return false; - } - if (controller._closeRequested) { - return false; - } - if (!controller._started) { - return false; - } - if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; + this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); + this.encrypted = null; + this.s2k = null; + this.iv = null; + } + + /** + * Parsing function for a symmetric encrypted session key packet (tag 3). + * + * @param {Uint8Array} bytes - Payload of a tag 3 packet + */ + read(bytes) { + let offset = 0; + + // A one-octet version number with value 4, 5 or 6. + this.version = bytes[offset++]; + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); } - return false; - } - function ReadableByteStreamControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - } - // A client of ReadableByteStreamController may use these functions directly to bypass state check. - function ReadableByteStreamControllerClose(controller) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + + if (this.version === 6) { + // A one-octet scalar octet count of the following 5 fields. + offset++; } - if (controller._queueTotalSize > 0) { - controller._closeRequested = true; - return; + + // A one-octet number describing the symmetric algorithm used. + const algo = bytes[offset++]; + + if (this.version >= 5) { + // A one-octet AEAD algorithm. + this.aeadAlgorithm = bytes[offset++]; + + if (this.version === 6) { + // A one-octet scalar octet count of the following field. + offset++; + } } - if (controller._pendingPullIntos.length > 0) { - const firstPendingPullInto = controller._pendingPullIntos.peek(); - if (firstPendingPullInto.bytesFilled > 0) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - throw e; - } + + // A string-to-key (S2K) specifier, length as defined above. + const s2kType = bytes[offset++]; + this.s2k = newS2KFromType(s2kType); + offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + + // A starting initialization vector of size specified by the AEAD + // algorithm. + this.iv = bytes.subarray(offset, offset += mode.ivLength); } - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(stream); - } - function ReadableByteStreamControllerEnqueue(controller, chunk) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + + // The encrypted session key itself, which is decrypted with the + // string-to-key object. This is optional in version 4. + if (this.version >= 5 || offset < bytes.length) { + this.encrypted = bytes.subarray(offset, bytes.length); + this.sessionKeyEncryptionAlgorithm = algo; + } else { + this.sessionKeyAlgorithm = algo; } - const buffer = chunk.buffer; - const byteOffset = chunk.byteOffset; - const byteLength = chunk.byteLength; - const transferredBuffer = TransferArrayBuffer(buffer); - if (ReadableStreamHasDefaultReader(stream)) { - if (ReadableStreamGetNumReadRequests(stream) === 0) { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - else { - const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength); - ReadableStreamFulfillReadRequest(stream, transferredView, false); - } + } + + /** + * Create a binary representation of a tag 3 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const algo = this.encrypted === null ? + this.sessionKeyAlgorithm : + this.sessionKeyEncryptionAlgorithm; + + let bytes; + + const s2k = this.s2k.write(); + if (this.version === 6) { + const s2kLen = s2k.length; + const fieldsLen = 3 + s2kLen + this.iv.length; + bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]); + } else if (this.version === 5) { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]); + } else { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]); + + if (this.encrypted !== null) { + bytes = util.concatUint8Array([bytes, this.encrypted]); + } } - else if (ReadableStreamHasBYOBReader(stream)) { - // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully. - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); + + return bytes; + } + + /** + * Decrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(passphrase) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); + } else if (this.encrypted !== null) { + const decrypted = await mod$1.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + + this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); + this.sessionKey = decrypted.subarray(1, decrypted.length); + if (this.sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + } else { + // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo + this.sessionKey = key; } - else { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); + } + + /** + * Encrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + this.sessionKeyEncryptionAlgorithm = algo; + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.sessionKey === null) { + this.sessionKey = mod$1.generateSessionKey(this.sessionKeyAlgorithm); } - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - function ReadableByteStreamControllerError(controller, e) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return; + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(mode.ivLength); // generate new random IV + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata); + } else { + const toEncrypt = util.concatUint8Array([ + new Uint8Array([this.sessionKeyAlgorithm]), + this.sessionKey + ]); + this.encrypted = await mod$1.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config$1); } - ReadableByteStreamControllerClearPendingPullIntos(controller); - ResetQueue(controller); - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); - } - function ReadableByteStreamControllerGetDesiredSize(controller) { - const state = controller._controlledReadableByteStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; - } - function ReadableByteStreamControllerRespond(controller, bytesWritten) { - bytesWritten = Number(bytesWritten); - if (!IsFiniteNonNegativeNumber(bytesWritten)) { - throw new RangeError('bytesWritten must be a finite'); - } - ReadableByteStreamControllerRespondInternal(controller, bytesWritten); - } - function ReadableByteStreamControllerRespondWithNewView(controller, view) { - const firstDescriptor = controller._pendingPullIntos.peek(); - if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) { - throw new RangeError('The region specified by view does not match byobRequest'); - } - if (firstDescriptor.byteLength !== view.byteLength) { - throw new RangeError('The buffer of view has different capacity than byobRequest'); - } - firstDescriptor.buffer = view.buffer; - ReadableByteStreamControllerRespondInternal(controller, view.byteLength); - } - function SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) { - controller._controlledReadableByteStream = stream; - controller._pullAgain = false; - controller._pulling = false; - controller._byobRequest = null; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._closeRequested = false; - controller._started = false; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - controller._autoAllocateChunkSize = autoAllocateChunkSize; - controller._pendingPullIntos = new SimpleQueue(); - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableByteStreamControllerCallPullIfNeeded(controller); - }, r => { - ReadableByteStreamControllerError(controller, r); - }); + } } - function SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) { - const controller = Object.create(ReadableByteStreamController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingByteSource.start !== undefined) { - startAlgorithm = () => underlyingByteSource.start(controller); - } - if (underlyingByteSource.pull !== undefined) { - pullAlgorithm = () => underlyingByteSource.pull(controller); - } - if (underlyingByteSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingByteSource.cancel(reason); + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of the Key Material Packet (Tag 5,6,7,14) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: + * A key material packet contains all the information about a public or + * private key. There are four variants of this packet type, and two + * major versions. + * + * A Public-Key packet starts a series of packets that forms an OpenPGP + * key (sometimes called an OpenPGP certificate). + */ + class PublicKeyPacket { + static get tag() { + return enums.packet.publicKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + /** + * Packet version + * @type {Integer} + */ + this.version = config$1.v6Keys ? 6 : 4; + /** + * Key creation date. + * @type {Date} + */ + this.created = util.normalizeDate(date); + /** + * Public key algorithm. + * @type {enums.publicKey} + */ + this.algorithm = null; + /** + * Algorithm specific public params + * @type {Object} + */ + this.publicParams = null; + /** + * Time until expiration in days (V3 only) + * @type {Integer} + */ + this.expirationTimeV3 = 0; + /** + * Fingerprint bytes + * @type {Uint8Array} + */ + this.fingerprint = null; + /** + * KeyID + * @type {module:type/keyid~KeyID} + */ + this.keyID = null; + } + + /** + * Create a PublicKeyPacket from a SecretKeyPacket + * @param {SecretKeyPacket} secretKeyPacket - key packet to convert + * @returns {PublicKeyPacket} public key packet + * @static + */ + static fromSecretKeyPacket(secretKeyPacket) { + const keyPacket = new PublicKeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } + + /** + * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} + * @param {Uint8Array} bytes - Input array to read the packet from + * @returns {Object} This object with attributes set by the parser + * @async + */ + async read(bytes, config$1 = config) { + let pos = 0; + // A one-octet version number (4, 5 or 6). + this.version = bytes[pos++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); } - const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize; - if (autoAllocateChunkSize === 0) { - throw new TypeError('autoAllocateChunkSize must be greater than 0'); + + if (this.version === 4 || this.version === 5 || this.version === 6) { + // - A four-octet number denoting the time that the key was created. + this.created = util.readDate(bytes.subarray(pos, pos + 4)); + pos += 4; + + // - A one-octet number denoting the public-key algorithm of this key. + this.algorithm = bytes[pos++]; + + if (this.version >= 5) { + // - A four-octet scalar octet count for the following key material. + pos += 4; + } + + // - A series of values comprising the key material. + const { read, publicParams } = mod$1.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } + this.publicParams = publicParams; + pos += read; + + // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor + await this.computeFingerprintAndKeyID(); + return pos; } - SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize); - } - function SetUpReadableStreamBYOBRequest(request, controller, view) { - request._associatedReadableByteStreamController = controller; - request._view = view; - } - // Helper functions for the ReadableStreamBYOBRequest. - function byobRequestBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`); - } - // Helper functions for the ReadableByteStreamController. - function byteStreamControllerBrandCheckException(name) { - return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`); - } + throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); + } - // Abstract operations for the ReadableStream. - function AcquireReadableStreamBYOBReader(stream) { - return new ReadableStreamBYOBReader(stream); - } - // ReadableStream API exposed for controllers. - function ReadableStreamAddReadIntoRequest(stream, readIntoRequest) { - stream._reader._readIntoRequests.push(readIntoRequest); - } - function ReadableStreamFulfillReadIntoRequest(stream, chunk, done) { - const reader = stream._reader; - const readIntoRequest = reader._readIntoRequests.shift(); - if (done) { - readIntoRequest._closeSteps(chunk); + /** + * Creates an OpenPGP public key packet for the given key. + * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. + */ + write() { + const arr = []; + // Version + arr.push(new Uint8Array([this.version])); + arr.push(util.writeDate(this.created)); + // A one-octet number denoting the public-key algorithm of this key + arr.push(new Uint8Array([this.algorithm])); + + const params = mod$1.serializeParams(this.algorithm, this.publicParams); + if (this.version >= 5) { + // A four-octet scalar octet count for the following key material + arr.push(util.writeNumber(params.length, 4)); } - else { - readIntoRequest._chunkSteps(chunk); + // Algorithm-specific params + arr.push(params); + return util.concatUint8Array(arr); + } + + /** + * Write packet in order to be hashed; either for a signature or a fingerprint + * @param {Integer} version - target version of signature or key + */ + writeForHash(version) { + const bytes = this.writePublicKey(); + + const versionOctet = 0x95 + version; + const lengthOctets = version >= 5 ? 4 : 2; + return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]); + } + + /** + * Check whether secret-key data is available in decrypted form. Returns null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return null; + } + + /** + * Returns the creation time of the key + * @returns {Date} + */ + getCreationTime() { + return this.created; + } + + /** + * Return the key ID of the key + * @returns {module:type/keyid~KeyID} The 8-byte key ID + */ + getKeyID() { + return this.keyID; + } + + /** + * Computes and set the key ID and fingerprint of the key + * @async + */ + async computeFingerprintAndKeyID() { + await this.computeFingerprint(); + this.keyID = new KeyID(); + + if (this.version >= 5) { + this.keyID.read(this.fingerprint.subarray(0, 8)); + } else if (this.version === 4) { + this.keyID.read(this.fingerprint.subarray(12, 20)); + } else { + throw new Error('Unsupported key version'); } - } - function ReadableStreamGetNumReadIntoRequests(stream) { - return stream._reader._readIntoRequests.length; - } - function ReadableStreamHasBYOBReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; + } + + /** + * Computes and set the fingerprint of the key + */ + async computeFingerprint() { + const toHash = this.writeForHash(this.version); + + if (this.version >= 5) { + this.fingerprint = await mod$1.hash.sha256(toHash); + } else if (this.version === 4) { + this.fingerprint = await mod$1.hash.sha1(toHash); + } else { + throw new Error('Unsupported key version'); } - if (!IsReadableStreamBYOBReader(reader)) { - return false; + } + + /** + * Returns the fingerprint of the key, as an array of bytes + * @returns {Uint8Array} A Uint8Array containing the fingerprint + */ + getFingerprintBytes() { + return this.fingerprint; + } + + /** + * Calculates and returns the fingerprint of the key, as a string + * @returns {String} A string containing the fingerprint in lowercase hex + */ + getFingerprint() { + return util.uint8ArrayToHex(this.getFingerprintBytes()); + } + + /** + * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint + * @returns {Boolean} Whether the two keys have the same version and public key data. + */ + hasSameFingerprintAs(other) { + return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); + } + + /** + * Returns algorithm information + * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. + */ + getAlgorithmInfo() { + const result = {}; + result.algorithm = enums.read(enums.publicKey, this.algorithm); + // RSA, DSA or ElGamal public modulo + const modulo = this.publicParams.n || this.publicParams.p; + if (modulo) { + result.bits = util.uint8ArrayBitLength(modulo); + } else if (this.publicParams.oid) { + result.curve = this.publicParams.oid.getName(); } - return true; + return result; + } } + + /** + * Alias of read() + * @see PublicKeyPacket#read + */ + PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; + + /** + * Alias of write() + * @see PublicKeyPacket#write + */ + PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + // A SE packet can contain the following packet types + const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket + ]); + /** - * A BYOB reader vended by a {@link ReadableStream}. + * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) * - * @public - */ - class ReadableStreamBYOBReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - if (!IsReadableByteStreamController(stream._readableStreamController)) { - throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' + - 'source'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readIntoRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } + * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: + * The Symmetrically Encrypted Data packet contains data encrypted with a + * symmetric-key algorithm. When it has been decrypted, it contains other + * packets (usually a literal data packet or compressed data packet, but in + * theory other Symmetrically Encrypted Data packets or sequences of packets + * that form whole OpenPGP messages). + */ + class SymmetricallyEncryptedDataPacket { + static get tag() { + return enums.packet.symmetricallyEncryptedData; + } + + constructor() { /** - * Attempts to reads bytes into view, and returns a promise resolved with the result. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. + * Encrypted secret-key data */ - read(view) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('read')); - } - if (!ArrayBuffer.isView(view)) { - return promiseRejectedWith(new TypeError('view must be an array buffer view')); - } - if (view.byteLength === 0) { - return promiseRejectedWith(new TypeError('view must have non-zero byteLength')); - } - if (view.buffer.byteLength === 0) { - return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`)); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readIntoRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: chunk => resolvePromise({ value: chunk, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamBYOBReaderRead(this, view, readIntoRequest); - return promise; - } + this.encrypted = null; /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. + * Decrypted packets contained within. + * @type {PacketList} */ - releaseLock() { - if (!IsReadableStreamBYOBReader(this)) { - throw byobReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readIntoRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } - } - Object.defineProperties(ReadableStreamBYOBReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBReader', - configurable: true - }); - } - // Abstract operations for the readers. - function IsReadableStreamBYOBReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) { - return false; + this.packets = null; + } + + read(bytes) { + this.encrypted = bytes; + } + + write() { + return this.encrypted; + } + + /** + * Decrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error + if (!config$1.allowUnauthenticatedMessages) { + throw new Error('Message is not authenticated.'); } - return true; + + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const encrypted = await readToEnd(clone(this.encrypted)); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, + encrypted.subarray(blockSize + 2), + encrypted.subarray(2, blockSize + 2) + ); + + this.packets = await PacketList.fromBinary(decrypted, allowedPackets$2, config$1); + } + + /** + * Encrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + const data = this.packets.write(); + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const FRE = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); + const ciphertext = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); + this.encrypted = util.concat([FRE, ciphertext]); + } } - function ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'errored') { - readIntoRequest._errorSteps(stream._storedError); - } - else { - ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest); + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of the strange "Marker packet" (Tag 10) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: + * An experimental version of PGP used this packet as the Literal + * packet, but no released version of PGP generated Literal packets with this + * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as + * the Marker packet. + * + * The body of this packet consists of: + * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). + * + * Such a packet MUST be ignored when received. It may be placed at the + * beginning of a message that uses features not available in PGP + * version 2.6 in order to cause that version to report that newer + * software is necessary to process the message. + */ + class MarkerPacket { + static get tag() { + return enums.packet.marker; + } + + /** + * Parsing function for a marker data packet (tag 10). + * @param {Uint8Array} bytes - Payload of a tag 10 packet + * @returns {Boolean} whether the packet payload contains "PGP" + */ + read(bytes) { + if (bytes[0] === 0x50 && // P + bytes[1] === 0x47 && // G + bytes[2] === 0x50) { // P + return true; } + return false; + } + + write() { + return new Uint8Array([0x50, 0x47, 0x50]); + } } - // Helper functions for the ReadableStreamBYOBReader. - function byobReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`); + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * A Public-Subkey packet (tag 14) has exactly the same format as a + * Public-Key packet, but denotes a subkey. One or more subkeys may be + * associated with a top-level key. By convention, the top-level key + * provides signature services, and the subkeys provide encryption + * services. + * @extends PublicKeyPacket + */ + class PublicSubkeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.publicSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + // eslint-disable-next-line @typescript-eslint/no-useless-constructor + constructor(date, config) { + super(date, config); + } + + /** + * Create a PublicSubkeyPacket from a SecretSubkeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert + * @returns {SecretSubkeyPacket} public key packet + * @static + */ + static fromSecretSubkeyPacket(secretSubkeyPacket) { + const keyPacket = new PublicSubkeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } } - function ExtractHighWaterMark(strategy, defaultHWM) { - const { highWaterMark } = strategy; - if (highWaterMark === undefined) { - return defaultHWM; - } - if (NumberIsNaN(highWaterMark) || highWaterMark < 0) { - throw new RangeError('Invalid highWaterMark'); + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of the User Attribute Packet (Tag 17) + * + * The User Attribute packet is a variation of the User ID packet. It + * is capable of storing more types of data than the User ID packet, + * which is limited to text. Like the User ID packet, a User Attribute + * packet may be certified by the key owner ("self-signed") or any other + * key owner who cares to certify it. Except as noted, a User Attribute + * packet may be used anywhere that a User ID packet may be used. + * + * While User Attribute packets are not a required part of the OpenPGP + * standard, implementations SHOULD provide at least enough + * compatibility to properly handle a certification signature on the + * User Attribute packet. A simple way to do this is by treating the + * User Attribute packet as a User ID packet with opaque contents, but + * an implementation may use any method desired. + */ + class UserAttributePacket { + static get tag() { + return enums.packet.userAttribute; + } + + constructor() { + this.attributes = []; + } + + /** + * parsing function for a user attribute packet (tag 17). + * @param {Uint8Array} input - Payload of a tag 17 packet + */ + read(bytes) { + let i = 0; + while (i < bytes.length) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; + + this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); + i += len.len; } - return highWaterMark; - } - function ExtractSizeAlgorithm(strategy) { - const { size } = strategy; - if (!size) { - return () => 1; + } + + /** + * Creates a binary representation of the user attribute packet + * @returns {Uint8Array} String representation. + */ + write() { + const arr = []; + for (let i = 0; i < this.attributes.length; i++) { + arr.push(writeSimpleLength(this.attributes[i].length)); + arr.push(util.stringToUint8Array(this.attributes[i])); } - return size; - } + return util.concatUint8Array(arr); + } - function convertQueuingStrategy(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - const size = init === null || init === void 0 ? void 0 : init.size; - return { - highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark), - size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`) - }; - } - function convertQueuingStrategySize(fn, context) { - assertFunction(fn, context); - return chunk => convertUnrestrictedDouble(fn(chunk)); + /** + * Compare for equality + * @param {UserAttributePacket} usrAttr + * @returns {Boolean} True if equal. + */ + equals(usrAttr) { + if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { + return false; + } + return this.attributes.every(function(attr, index) { + return attr === usrAttr.attributes[index]; + }); + } } - function convertUnderlyingSink(original, context) { - assertDictionary(original, context); - const abort = original === null || original === void 0 ? void 0 : original.abort; - const close = original === null || original === void 0 ? void 0 : original.close; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - const write = original === null || original === void 0 ? void 0 : original.write; - return { - abort: abort === undefined ? - undefined : - convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`), - close: close === undefined ? - undefined : - convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`), - start: start === undefined ? - undefined : - convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`), - write: write === undefined ? - undefined : - convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`), - type - }; - } - function convertUnderlyingSinkAbortCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); - } - function convertUnderlyingSinkCloseCallback(fn, original, context) { - assertFunction(fn, context); - return () => promiseCall(fn, original, []); - } - function convertUnderlyingSinkStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); - } - function convertUnderlyingSinkWriteCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function assertWritableStream(x, context) { - if (!IsWritableStream(x)) { - throw new TypeError(`${context} is not a WritableStream.`); - } - } /** - * A writable stream represents a destination for data, into which you can write. - * - * @public + * A Secret-Key packet contains all the information that is found in a + * Public-Key packet, including the public-key material, but also + * includes the secret-key material after all the public-key fields. + * @extends PublicKeyPacket */ - class WritableStream$1 { - constructor(rawUnderlyingSink = {}, rawStrategy = {}) { - if (rawUnderlyingSink === undefined) { - rawUnderlyingSink = null; - } - else { - assertObject(rawUnderlyingSink, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter'); - InitializeWritableStream(this); - const type = underlyingSink.type; - if (type !== undefined) { - throw new RangeError('Invalid type is specified'); - } - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm); - } + class SecretKeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.secretKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); /** - * Returns whether or not the writable stream is locked to a writer. + * Secret-key data */ - get locked() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('locked'); - } - return IsWritableStreamLocked(this); - } + this.keyMaterial = null; /** - * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be - * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort - * mechanism of the underlying sink. - * - * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled - * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel - * the stream) if the stream is currently locked. + * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. */ - abort(reason = undefined) { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('abort')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer')); - } - return WritableStreamAbort(this, reason); - } + this.isEncrypted = null; /** - * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its - * close behavior. During this time any further attempts to write will fail (without erroring the stream). - * - * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream - * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with - * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked. + * S2K usage + * @type {enums.symmetric} */ - close() { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('close')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer')); - } - if (WritableStreamCloseQueuedOrInFlight(this)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamClose(this); - } + this.s2kUsage = 0; /** - * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream - * is locked, no other writer can be acquired until this one is released. - * - * This functionality is especially useful for creating abstractions that desire the ability to write to a stream - * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at - * the same time, which would cause the resulting written data to be unpredictable and probably useless. + * S2K object + * @type {type/s2k} */ - getWriter() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('getWriter'); - } - return AcquireWritableStreamDefaultWriter(this); - } - } - Object.defineProperties(WritableStream$1.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, - locked: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStream', - configurable: true - }); - } - // Abstract operations for the WritableStream. - function AcquireWritableStreamDefaultWriter(stream) { - return new WritableStreamDefaultWriter(stream); - } - // Throws if and only if startAlgorithm throws. - function CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(WritableStream$1.prototype); - InitializeWritableStream(stream); - const controller = Object.create(WritableStreamDefaultController.prototype); - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - return stream; - } - function InitializeWritableStream(stream) { - stream._state = 'writable'; - // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is - // 'erroring' or 'errored'. May be set to an undefined value. - stream._storedError = undefined; - stream._writer = undefined; - // Initialize to undefined first because the constructor of the controller checks this - // variable to validate the caller. - stream._writableStreamController = undefined; - // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data - // producer without waiting for the queued writes to finish. - stream._writeRequests = new SimpleQueue(); - // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents - // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here. - stream._inFlightWriteRequest = undefined; - // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer - // has been detached. - stream._closeRequest = undefined; - // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it - // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here. - stream._inFlightCloseRequest = undefined; - // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached. - stream._pendingAbortRequest = undefined; - // The backpressure signal set by the controller. - stream._backpressure = false; - } - function IsWritableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) { - return false; - } - return true; - } - function IsWritableStreamLocked(stream) { - if (stream._writer === undefined) { - return false; - } - return true; - } - function WritableStreamAbort(stream, reason) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseResolvedWith(undefined); - } - if (stream._pendingAbortRequest !== undefined) { - return stream._pendingAbortRequest._promise; - } - let wasAlreadyErroring = false; - if (state === 'erroring') { - wasAlreadyErroring = true; - // reason will not be used, so don't keep a reference to it. - reason = undefined; - } - const promise = newPromise((resolve, reject) => { - stream._pendingAbortRequest = { - _promise: undefined, - _resolve: resolve, - _reject: reject, - _reason: reason, - _wasAlreadyErroring: wasAlreadyErroring - }; - }); - stream._pendingAbortRequest._promise = promise; - if (!wasAlreadyErroring) { - WritableStreamStartErroring(stream, reason); - } - return promise; - } - function WritableStreamClose(stream) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`)); - } - const promise = newPromise((resolve, reject) => { - const closeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._closeRequest = closeRequest; - }); - const writer = stream._writer; - if (writer !== undefined && stream._backpressure && state === 'writable') { - defaultWriterReadyPromiseResolve(writer); - } - WritableStreamDefaultControllerClose(stream._writableStreamController); - return promise; - } - // WritableStream API exposed for controllers. - function WritableStreamAddWriteRequest(stream) { - const promise = newPromise((resolve, reject) => { - const writeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._writeRequests.push(writeRequest); - }); - return promise; - } - function WritableStreamDealWithRejection(stream, error) { - const state = stream._state; - if (state === 'writable') { - WritableStreamStartErroring(stream, error); - return; - } - WritableStreamFinishErroring(stream); - } - function WritableStreamStartErroring(stream, reason) { - const controller = stream._writableStreamController; - stream._state = 'erroring'; - stream._storedError = reason; - const writer = stream._writer; - if (writer !== undefined) { - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason); - } - if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) { - WritableStreamFinishErroring(stream); - } - } - function WritableStreamFinishErroring(stream) { - stream._state = 'errored'; - stream._writableStreamController[ErrorSteps](); - const storedError = stream._storedError; - stream._writeRequests.forEach(writeRequest => { - writeRequest._reject(storedError); - }); - stream._writeRequests = new SimpleQueue(); - if (stream._pendingAbortRequest === undefined) { - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const abortRequest = stream._pendingAbortRequest; - stream._pendingAbortRequest = undefined; - if (abortRequest._wasAlreadyErroring) { - abortRequest._reject(storedError); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const promise = stream._writableStreamController[AbortSteps](abortRequest._reason); - uponPromise(promise, () => { - abortRequest._resolve(); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }, (reason) => { - abortRequest._reject(reason); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }); - } - function WritableStreamFinishInFlightWrite(stream) { - stream._inFlightWriteRequest._resolve(undefined); - stream._inFlightWriteRequest = undefined; - } - function WritableStreamFinishInFlightWriteWithError(stream, error) { - stream._inFlightWriteRequest._reject(error); - stream._inFlightWriteRequest = undefined; - WritableStreamDealWithRejection(stream, error); - } - function WritableStreamFinishInFlightClose(stream) { - stream._inFlightCloseRequest._resolve(undefined); - stream._inFlightCloseRequest = undefined; - const state = stream._state; - if (state === 'erroring') { - // The error was too late to do anything, so it is ignored. - stream._storedError = undefined; - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._resolve(); - stream._pendingAbortRequest = undefined; - } - } - stream._state = 'closed'; - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseResolve(writer); - } - } - function WritableStreamFinishInFlightCloseWithError(stream, error) { - stream._inFlightCloseRequest._reject(error); - stream._inFlightCloseRequest = undefined; - // Never execute sink abort() after sink close(). - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._reject(error); - stream._pendingAbortRequest = undefined; - } - WritableStreamDealWithRejection(stream, error); - } - // TODO(ricea): Fix alphabetical order. - function WritableStreamCloseQueuedOrInFlight(stream) { - if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; - } - function WritableStreamHasOperationMarkedInFlight(stream) { - if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; - } - function WritableStreamMarkCloseRequestInFlight(stream) { - stream._inFlightCloseRequest = stream._closeRequest; - stream._closeRequest = undefined; - } - function WritableStreamMarkFirstWriteRequestInFlight(stream) { - stream._inFlightWriteRequest = stream._writeRequests.shift(); - } - function WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) { - if (stream._closeRequest !== undefined) { - stream._closeRequest._reject(stream._storedError); - stream._closeRequest = undefined; - } - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseReject(writer, stream._storedError); - } - } - function WritableStreamUpdateBackpressure(stream, backpressure) { - const writer = stream._writer; - if (writer !== undefined && backpressure !== stream._backpressure) { - if (backpressure) { - defaultWriterReadyPromiseReset(writer); - } - else { - defaultWriterReadyPromiseResolve(writer); - } - } - stream._backpressure = backpressure; - } - /** - * A default writer vended by a {@link WritableStream}. - * - * @public - */ - class WritableStreamDefaultWriter { - constructor(stream) { - assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter'); - assertWritableStream(stream, 'First parameter'); - if (IsWritableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive writing by another writer'); - } - this._ownerWritableStream = stream; - stream._writer = this; - const state = stream._state; - if (state === 'writable') { - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) { - defaultWriterReadyPromiseInitialize(this); - } - else { - defaultWriterReadyPromiseInitializeAsResolved(this); - } - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'erroring') { - defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError); - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'closed') { - defaultWriterReadyPromiseInitializeAsResolved(this); - defaultWriterClosedPromiseInitializeAsResolved(this); - } - else { - const storedError = stream._storedError; - defaultWriterReadyPromiseInitializeAsRejected(this, storedError); - defaultWriterClosedPromiseInitializeAsRejected(this, storedError); - } - } + this.s2k = null; /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the writer’s lock is released before the stream finishes closing. + * Symmetric algorithm to encrypt the key with + * @type {enums.symmetric} */ - get closed() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('closed')); - } - return this._closedPromise; - } + this.symmetric = null; /** - * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full. - * A producer can use this information to determine the right amount of data to write. - * - * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort - * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when - * the writer’s lock is released. + * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) + * @type {enums.aead} */ - get desiredSize() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('desiredSize'); - } - if (this._ownerWritableStream === undefined) { - throw defaultWriterLockException('desiredSize'); - } - return WritableStreamDefaultWriterGetDesiredSize(this); - } + this.aead = null; /** - * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions - * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips - * back to zero or below, the getter will return a new promise that stays pending until the next transition. - * - * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become - * rejected. + * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis + * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older). + * This value is only relevant to know how to decrypt the key: + * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism. + * @type {Boolean} + * @private */ - get ready() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('ready')); - } - return this._readyPromise; - } + this.isLegacyAEAD = null; /** - * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}. + * Decrypted private parameters, referenced by name + * @type {Object} */ - abort(reason = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('abort')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('abort')); - } - return WritableStreamDefaultWriterAbort(this, reason); - } + this.privateParams = null; /** - * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}. + * `true` for keys whose integrity is already confirmed, based on + * the AEAD encryption mechanism + * @type {Boolean} + * @private */ - close() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('close')); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return promiseRejectedWith(defaultWriterLockException('close')); - } - if (WritableStreamCloseQueuedOrInFlight(stream)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamDefaultWriterClose(this); + this.usedModernAEAD = null; + } + + // 5.5.3. Secret-Key Packet Formats + + /** + * Internal parser for private keys as specified in + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} + * @param {Uint8Array} bytes - Input string to read the packet from + * @async + */ + async read(bytes, config$1 = config) { + // - A Public-Key or Public-Subkey packet, as described above. + let i = await this.readPublicKey(bytes, config$1); + const startOfSecretKeyData = i; + + // - One octet indicating string-to-key usage conventions. Zero + // indicates that the secret-key data is not encrypted. 255 or 254 + // indicates that a string-to-key specifier is being given. Any + // other value is a symmetric-key encryption algorithm identifier. + this.s2kUsage = bytes[i++]; + + // - Only for a version 5 packet, a one-octet scalar octet count of + // the next 4 optional fields. + if (this.version === 5) { + i++; } - /** - * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active. - * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from - * now on; otherwise, the writer will appear closed. - * - * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the - * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled). - * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents - * other producers from writing in an interleaved manner. - */ - releaseLock() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('releaseLock'); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return; - } - WritableStreamDefaultWriterRelease(this); + + // - Only for a version 6 packet where the secret key material is + // encrypted (that is, where the previous octet is not zero), a one- + // octet scalar octet count of the cumulative length of all the + // following optional string-to-key parameter fields. + if (this.version === 6 && this.s2kUsage) { + i++; } - write(chunk = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('write')); + + try { + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one-octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + this.symmetric = bytes[i++]; + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + this.aead = bytes[i++]; } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('write to')); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + i++; } - return WritableStreamDefaultWriterWrite(this, chunk); - } - } - Object.defineProperties(WritableStreamDefaultWriter.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, - closed: { enumerable: true }, - desiredSize: { enumerable: true }, - ready: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultWriter', - configurable: true - }); - } - // Abstract operations for the WritableStreamDefaultWriter. - function IsWritableStreamDefaultWriter(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) { - return false; - } - return true; - } - // A client of WritableStreamDefaultWriter may use these functions directly to bypass state check. - function WritableStreamDefaultWriterAbort(writer, reason) { - const stream = writer._ownerWritableStream; - return WritableStreamAbort(stream, reason); - } - function WritableStreamDefaultWriterClose(writer) { - const stream = writer._ownerWritableStream; - return WritableStreamClose(stream); - } - function WritableStreamDefaultWriterCloseWithErrorPropagation(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseResolvedWith(undefined); - } - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - return WritableStreamDefaultWriterClose(writer); - } - function WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) { - if (writer._closedPromiseState === 'pending') { - defaultWriterClosedPromiseReject(writer, error); - } - else { - defaultWriterClosedPromiseResetToRejected(writer, error); - } - } - function WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) { - if (writer._readyPromiseState === 'pending') { - defaultWriterReadyPromiseReject(writer, error); - } - else { - defaultWriterReadyPromiseResetToRejected(writer, error); - } - } - function WritableStreamDefaultWriterGetDesiredSize(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (state === 'errored' || state === 'erroring') { - return null; - } - if (state === 'closed') { - return 0; - } - return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController); - } - function WritableStreamDefaultWriterRelease(writer) { - const stream = writer._ownerWritableStream; - const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`); - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError); - // The state transitions to "errored" before the sink abort() method runs, but the writer.closed promise is not - // rejected until afterwards. This means that simply testing state will not work. - WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError); - stream._writer = undefined; - writer._ownerWritableStream = undefined; - } - function WritableStreamDefaultWriterWrite(writer, chunk) { - const stream = writer._ownerWritableStream; - const controller = stream._writableStreamController; - const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk); - if (stream !== writer._ownerWritableStream) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - const state = stream._state; - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to')); - } - if (state === 'erroring') { - return promiseRejectedWith(stream._storedError); - } - const promise = WritableStreamAddWriteRequest(stream); - WritableStreamDefaultControllerWrite(controller, chunk, chunkSize); - return promise; - } - const closeSentinel = {}; - /** - * Allows control of a {@link WritableStream | writable stream}'s state and internal queue. - * - * @public - */ - class WritableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`. - * - * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying - * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the - * normal lifecycle of interactions with the underlying sink. - */ - error(e = undefined) { - if (!IsWritableStreamDefaultController(this)) { - throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController'); + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + const s2kType = bytes[i++]; + this.s2k = newS2KFromType(s2kType); + i += this.s2k.read(bytes.subarray(i, bytes.length)); + + if (this.s2k.type === 'gnu-dummy') { + return; } - const state = this._controlledWritableStream._state; - if (state !== 'writable') { - // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so - // just treat it as a no-op. - return; + } else if (this.s2kUsage) { + this.symmetric = this.s2kUsage; + } + + + if (this.s2kUsage) { + // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5). + // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format). + // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always + // fail if the key was parsed according to the wrong format, since the keys are processed differently. + // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag. + this.isLegacyAEAD = this.s2kUsage === 253 && ( + this.version === 5 || (this.version === 4 && config$1.parseAEADEncryptedV4KeysAsLegacy)); + // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV) + // of the same length as the cipher's block size. + // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the + // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm. + // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero + if (this.s2kUsage !== 253 || this.isLegacyAEAD) { + this.iv = bytes.subarray( + i, + i + mod$1.getCipherParams(this.symmetric).blockSize + ); + this.usedModernAEAD = false; + } else { + // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted), + // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which + // is used as the nonce for the AEAD algorithm. + this.iv = bytes.subarray( + i, + i + mod$1.getAEADMode(this.aead).ivLength + ); + // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation. + this.usedModernAEAD = true; } - WritableStreamDefaultControllerError(this, e); - } - /** @internal */ - [AbortSteps](reason) { - const result = this._abortAlgorithm(reason); - WritableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [ErrorSteps]() { - ResetQueue(this); - } - } - Object.defineProperties(WritableStreamDefaultController.prototype, { - error: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultController', - configurable: true - }); - } - // Abstract operations implementing interface required by the WritableStream. - function IsWritableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) { - return false; - } - return true; - } - function SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledWritableStream = stream; - stream._writableStreamController = controller; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._writeAlgorithm = writeAlgorithm; - controller._closeAlgorithm = closeAlgorithm; - controller._abortAlgorithm = abortAlgorithm; - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - const startResult = startAlgorithm(); - const startPromise = promiseResolvedWith(startResult); - uponPromise(startPromise, () => { - controller._started = true; - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, r => { - controller._started = true; - WritableStreamDealWithRejection(stream, r); - }); - } - function SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) { - const controller = Object.create(WritableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let writeAlgorithm = () => promiseResolvedWith(undefined); - let closeAlgorithm = () => promiseResolvedWith(undefined); - let abortAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSink.start !== undefined) { - startAlgorithm = () => underlyingSink.start(controller); - } - if (underlyingSink.write !== undefined) { - writeAlgorithm = chunk => underlyingSink.write(chunk, controller); - } - if (underlyingSink.close !== undefined) { - closeAlgorithm = () => underlyingSink.close(); - } - if (underlyingSink.abort !== undefined) { - abortAlgorithm = reason => underlyingSink.abort(reason); - } - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - } - // ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls. - function WritableStreamDefaultControllerClearAlgorithms(controller) { - controller._writeAlgorithm = undefined; - controller._closeAlgorithm = undefined; - controller._abortAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; - } - function WritableStreamDefaultControllerClose(controller) { - EnqueueValueWithSize(controller, closeSentinel, 0); - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - } - function WritableStreamDefaultControllerGetChunkSize(controller, chunk) { - try { - return controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE); - return 1; - } - } - function WritableStreamDefaultControllerGetDesiredSize(controller) { - return controller._strategyHWM - controller._queueTotalSize; - } - function WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) { - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE); - return; - } - const stream = controller._controlledWritableStream; - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - } - // Abstract operations for the WritableStreamDefaultController. - function WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) { - const stream = controller._controlledWritableStream; - if (!controller._started) { - return; - } - if (stream._inFlightWriteRequest !== undefined) { - return; - } - const state = stream._state; - if (state === 'erroring') { - WritableStreamFinishErroring(stream); - return; - } - if (controller._queue.length === 0) { - return; - } - const value = PeekQueueValue(controller); - if (value === closeSentinel) { - WritableStreamDefaultControllerProcessClose(controller); - } - else { - WritableStreamDefaultControllerProcessWrite(controller, value); + + i += this.iv.length; + } + } catch (e) { + // if the s2k is unsupported, we still want to support encrypting and verifying with the given key + if (!this.s2kUsage) throw e; // always throw for decrypted keys + this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); + this.isEncrypted = true; } - } - function WritableStreamDefaultControllerErrorIfNeeded(controller, error) { - if (controller._controlledWritableStream._state === 'writable') { - WritableStreamDefaultControllerError(controller, error); + + // - Only for a version 5 packet, a four-octet scalar octet count for + // the following key material. + if (this.version === 5) { + i += 4; } - } - function WritableStreamDefaultControllerProcessClose(controller) { - const stream = controller._controlledWritableStream; - WritableStreamMarkCloseRequestInFlight(stream); - DequeueValue(controller); - const sinkClosePromise = controller._closeAlgorithm(); - WritableStreamDefaultControllerClearAlgorithms(controller); - uponPromise(sinkClosePromise, () => { - WritableStreamFinishInFlightClose(stream); - }, reason => { - WritableStreamFinishInFlightCloseWithError(stream, reason); - }); - } - function WritableStreamDefaultControllerProcessWrite(controller, chunk) { - const stream = controller._controlledWritableStream; - WritableStreamMarkFirstWriteRequestInFlight(stream); - const sinkWritePromise = controller._writeAlgorithm(chunk); - uponPromise(sinkWritePromise, () => { - WritableStreamFinishInFlightWrite(stream); - const state = stream._state; - DequeueValue(controller); - if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); + + // - Plain or encrypted multiprecision integers comprising the secret + // key data. These algorithm-specific fields are as described + // below. + this.keyMaterial = bytes.subarray(i); + this.isEncrypted = !!this.s2kUsage; + + if (!this.isEncrypted) { + let cleartext; + if (this.version === 6) { + cleartext = this.keyMaterial; + } else { + cleartext = this.keyMaterial.subarray(0, -2); + if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { + throw new Error('Key checksum mismatch'); } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, reason => { - if (stream._state === 'writable') { - WritableStreamDefaultControllerClearAlgorithms(controller); + } + try { + const { read, privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + if (read < cleartext.length) { + throw new Error('Error reading MPIs'); } - WritableStreamFinishInFlightWriteWithError(stream, reason); - }); - } - function WritableStreamDefaultControllerGetBackpressure(controller) { - const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller); - return desiredSize <= 0; - } - // A client of WritableStreamDefaultController may use these functions directly to bypass state check. - function WritableStreamDefaultControllerError(controller, error) { - const stream = controller._controlledWritableStream; - WritableStreamDefaultControllerClearAlgorithms(controller); - WritableStreamStartErroring(stream, error); - } - // Helper functions for the WritableStream. - function streamBrandCheckException$2(name) { - return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`); - } - // Helper functions for the WritableStreamDefaultWriter. - function defaultWriterBrandCheckException(name) { - return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`); - } - function defaultWriterLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released writer'); - } - function defaultWriterClosedPromiseInitialize(writer) { - writer._closedPromise = newPromise((resolve, reject) => { - writer._closedPromise_resolve = resolve; - writer._closedPromise_reject = reject; - writer._closedPromiseState = 'pending'; - }); - } - function defaultWriterClosedPromiseInitializeAsRejected(writer, reason) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseReject(writer, reason); - } - function defaultWriterClosedPromiseInitializeAsResolved(writer) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseResolve(writer); - } - function defaultWriterClosedPromiseReject(writer, reason) { - if (writer._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._closedPromise); - writer._closedPromise_reject(reason); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'rejected'; - } - function defaultWriterClosedPromiseResetToRejected(writer, reason) { - defaultWriterClosedPromiseInitializeAsRejected(writer, reason); - } - function defaultWriterClosedPromiseResolve(writer) { - if (writer._closedPromise_resolve === undefined) { - return; + this.privateParams = privateParams; + } catch (err) { + if (err instanceof UnsupportedError) throw err; + // avoid throwing potentially sensitive errors + throw new Error('Error reading MPIs'); + } } - writer._closedPromise_resolve(undefined); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'resolved'; - } - function defaultWriterReadyPromiseInitialize(writer) { - writer._readyPromise = newPromise((resolve, reject) => { - writer._readyPromise_resolve = resolve; - writer._readyPromise_reject = reject; - }); - writer._readyPromiseState = 'pending'; - } - function defaultWriterReadyPromiseInitializeAsRejected(writer, reason) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseReject(writer, reason); - } - function defaultWriterReadyPromiseInitializeAsResolved(writer) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseResolve(writer); - } - function defaultWriterReadyPromiseReject(writer, reason) { - if (writer._readyPromise_reject === undefined) { - return; + } + + /** + * Creates an OpenPGP key packet for the given key. + * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. + */ + write() { + const serializedPublicKey = this.writePublicKey(); + if (this.unparseableKeyMaterial) { + return util.concatUint8Array([ + serializedPublicKey, + this.unparseableKeyMaterial + ]); } - setPromiseIsHandledToTrue(writer._readyPromise); - writer._readyPromise_reject(reason); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'rejected'; - } - function defaultWriterReadyPromiseReset(writer) { - defaultWriterReadyPromiseInitialize(writer); - } - function defaultWriterReadyPromiseResetToRejected(writer, reason) { - defaultWriterReadyPromiseInitializeAsRejected(writer, reason); - } - function defaultWriterReadyPromiseResolve(writer) { - if (writer._readyPromise_resolve === undefined) { - return; + + const arr = [serializedPublicKey]; + arr.push(new Uint8Array([this.s2kUsage])); + + const optionalFieldsArr = []; + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one- octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + optionalFieldsArr.push(this.symmetric); + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + optionalFieldsArr.push(this.aead); + } + + const s2k = this.s2k.write(); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + optionalFieldsArr.push(s2k.length); + } + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + optionalFieldsArr.push(...s2k); } - writer._readyPromise_resolve(undefined); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'fulfilled'; - } - function isAbortSignal(value) { - if (typeof value !== 'object' || value === null) { - return false; + // - [Optional] If secret data is encrypted (string-to-key usage octet + // not zero), an Initial Vector (IV) of the same length as the + // cipher's block size. + if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { + optionalFieldsArr.push(...this.iv); } - try { - return typeof value.aborted === 'boolean'; + + if (this.version === 5 || (this.version === 6 && this.s2kUsage)) { + arr.push(new Uint8Array([optionalFieldsArr.length])); } - catch (_a) { - // AbortSignal.prototype.aborted throws if its brand check fails - return false; + arr.push(new Uint8Array(optionalFieldsArr)); + + if (!this.isDummy()) { + if (!this.s2kUsage) { + this.keyMaterial = mod$1.serializeParams(this.algorithm, this.privateParams); + } + + if (this.version === 5) { + arr.push(util.writeNumber(this.keyMaterial.length, 4)); + } + arr.push(this.keyMaterial); + + if (!this.s2kUsage && this.version !== 6) { + arr.push(util.writeChecksum(this.keyMaterial)); + } } - } - /// - const NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined; + return util.concatUint8Array(arr); + } - /// - function isDOMExceptionConstructor(ctor) { - if (!(typeof ctor === 'function' || typeof ctor === 'object')) { - return false; - } - try { - new ctor(); - return true; + /** + * Check whether secret-key data is available in decrypted form. + * Returns false for gnu-dummy keys and null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return this.isEncrypted === false; + } + + /** + * Check whether the key includes secret key material. + * Some secret keys do not include it, and can thus only be used + * for public-key operations (encryption and verification). + * Such keys are: + * - GNU-dummy keys, where the secret material has been stripped away + * - encrypted keys with unsupported S2K or cipher + */ + isMissingSecretKeyMaterial() { + return this.unparseableKeyMaterial !== undefined || this.isDummy(); + } + + /** + * Check whether this is a gnu-dummy key + * @returns {Boolean} + */ + isDummy() { + return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + } + + /** + * Remove private key material, converting the key to a dummy one. + * The resulting key cannot be used for signing/decrypting but can still verify signatures. + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + makeDummy(config$1 = config) { + if (this.isDummy()) { + return; } - catch (_a) { - return false; + if (this.isDecrypted()) { + this.clearPrivateParams(); } - } - function createDOMExceptionPolyfill() { - // eslint-disable-next-line no-shadow - const ctor = function DOMException(message, name) { - this.message = message || ''; - this.name = name || 'Error'; - if (Error.captureStackTrace) { - Error.captureStackTrace(this, this.constructor); - } - }; - ctor.prototype = Object.create(Error.prototype); - Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true }); - return ctor; - } - // eslint-disable-next-line no-redeclare - const DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill(); - - function ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) { - const reader = AcquireReadableStreamDefaultReader(source); - const writer = AcquireWritableStreamDefaultWriter(dest); - source._disturbed = true; - let shuttingDown = false; - // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown. - let currentWrite = promiseResolvedWith(undefined); - return newPromise((resolve, reject) => { - let abortAlgorithm; - if (signal !== undefined) { - abortAlgorithm = () => { - const error = new DOMException$1('Aborted', 'AbortError'); - const actions = []; - if (!preventAbort) { - actions.push(() => { - if (dest._state === 'writable') { - return WritableStreamAbort(dest, error); - } - return promiseResolvedWith(undefined); - }); - } - if (!preventCancel) { - actions.push(() => { - if (source._state === 'readable') { - return ReadableStreamCancel(source, error); - } - return promiseResolvedWith(undefined); - }); - } - shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error); - }; - if (signal.aborted) { - abortAlgorithm(); - return; - } - signal.addEventListener('abort', abortAlgorithm); - } - // Using reader and writer, read all chunks from this and write them to dest - // - Backpressure must be enforced - // - Shutdown must stop all activity - function pipeLoop() { - return newPromise((resolveLoop, rejectLoop) => { - function next(done) { - if (done) { - resolveLoop(); - } - else { - // Use `PerformPromiseThen` instead of `uponPromise` to avoid - // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers - PerformPromiseThen(pipeStep(), next, rejectLoop); - } - } - next(false); - }); - } - function pipeStep() { - if (shuttingDown) { - return promiseResolvedWith(true); - } - return PerformPromiseThen(writer._readyPromise, () => { - return newPromise((resolveRead, rejectRead) => { - ReadableStreamDefaultReaderRead(reader, { - _chunkSteps: chunk => { - currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop); - resolveRead(false); - }, - _closeSteps: () => resolveRead(true), - _errorSteps: rejectRead - }); - }); - }); - } - // Errors must be propagated forward - isOrBecomesErrored(source, reader._closedPromise, storedError => { - if (!preventAbort) { - shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Errors must be propagated backward - isOrBecomesErrored(dest, writer._closedPromise, storedError => { - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Closing must be propagated forward - isOrBecomesClosed(source, reader._closedPromise, () => { - if (!preventClose) { - shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer)); - } - else { - shutdown(); - } - }); - // Closing must be propagated backward - if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') { - const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it'); - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed); - } - else { - shutdown(true, destClosed); - } - } - setPromiseIsHandledToTrue(pipeLoop()); - function waitForWritesToFinish() { - // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait - // for that too. - const oldCurrentWrite = currentWrite; - return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined); - } - function isOrBecomesErrored(stream, promise, action) { - if (stream._state === 'errored') { - action(stream._storedError); - } - else { - uponRejection(promise, action); - } - } - function isOrBecomesClosed(stream, promise, action) { - if (stream._state === 'closed') { - action(); - } - else { - uponFulfillment(promise, action); - } - } - function shutdownWithAction(action, originalIsError, originalError) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), doTheRest); - } - else { - doTheRest(); - } - function doTheRest() { - uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError)); - } - } - function shutdown(isError, error) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error)); - } - else { - finalize(isError, error); - } - } - function finalize(isError, error) { - WritableStreamDefaultWriterRelease(writer); - ReadableStreamReaderGenericRelease(reader); - if (signal !== undefined) { - signal.removeEventListener('abort', abortAlgorithm); - } - if (isError) { - reject(error); - } - else { - resolve(undefined); - } - } - }); - } + delete this.unparseableKeyMaterial; + this.isEncrypted = null; + this.keyMaterial = null; + this.s2k = newS2KFromType(enums.s2k.gnu, config$1); + this.s2k.algorithm = 0; + this.s2k.c = 0; + this.s2k.type = 'gnu-dummy'; + this.s2kUsage = 254; + this.symmetric = enums.symmetric.aes256; + this.isLegacyAEAD = null; + this.usedModernAEAD = null; + } - /** - * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue. - * - * @public - */ - class ReadableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('desiredSize'); - } - return ReadableStreamDefaultControllerGetDesiredSize(this); + /** + * Encrypt the payload. By default, we use aes256 and iterated, salted string + * to key specifier. If the key is in a decrypted state (isEncrypted === false) + * and the passphrase is empty or undefined, the key will be set as not encrypted. + * This can be used to remove passphrase protection after calling decrypt(). + * @param {String} passphrase + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + if (this.isDummy()) { + return; } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('close'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits close'); - } - ReadableStreamDefaultControllerClose(this); + + if (!this.isDecrypted()) { + throw new Error('Key packet is already encrypted'); } - enqueue(chunk = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('enqueue'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits enqueue'); - } - return ReadableStreamDefaultControllerEnqueue(this, chunk); + + if (!passphrase) { + throw new Error('A non-empty passphrase is required for key encryption.'); } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('error'); - } - ReadableStreamDefaultControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableStream; - if (this._queue.length > 0) { - const chunk = DequeueValue(this); - if (this._closeRequested && this._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(this); - ReadableStreamClose(stream); - } - else { - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - readRequest._chunkSteps(chunk); - } - else { - ReadableStreamAddReadRequest(stream, readRequest); - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + const cleartext = mod$1.serializeParams(this.algorithm, this.privateParams); + this.symmetric = enums.symmetric.aes256; + + const { blockSize } = mod$1.getCipherParams(this.symmetric); + + if (config$1.aeadProtect) { + this.s2kUsage = 253; + this.aead = config$1.preferredAEADAlgorithm; + const mode = mod$1.getAEADMode(this.aead); + this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead. + this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material + + const serializedPacketTag = writeTag(this.constructor.tag); + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + + const modeInstance = await mode(this.symmetric, key); + this.iv = this.isLegacyAEAD ? mod$1.random.getRandomBytes(blockSize) : mod$1.random.getRandomBytes(mode.ivLength); + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + + this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData); + } else { + this.s2kUsage = 254; + this.usedModernAEAD = false; + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric); + this.iv = mod$1.random.getRandomBytes(blockSize); + this.keyMaterial = await mod$1.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ + cleartext, + await mod$1.hash.sha1(cleartext, config$1) + ]), this.iv, config$1); } - } - Object.defineProperties(ReadableStreamDefaultController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - desiredSize: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultController', - configurable: true - }); - } - // Abstract operations for the ReadableStreamDefaultController. - function IsReadableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; + } + + /** + * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. + * {@link SecretKeyPacket.isDecrypted} should be false, as + * otherwise calls to this function will throw an error. + * @param {String} passphrase - The passphrase for this private key as string + * @throws {Error} if the key is already decrypted, or if decryption was not successful + * @async + */ + async decrypt(passphrase) { + if (this.isDummy()) { + return false; } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) { - return false; + + if (this.unparseableKeyMaterial) { + throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); } - return true; - } - function ReadableStreamDefaultControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller); - if (!shouldPull) { - return; + + if (this.isDecrypted()) { + throw new Error('Key packet is already decrypted.'); } - if (controller._pulling) { - controller._pullAgain = true; - return; + + let key; + const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only + if (this.s2kUsage === 254 || this.s2kUsage === 253) { + key = await produceEncryptionKey( + this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + } else if (this.s2kUsage === 255) { + throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); + } else { + throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); } - controller._pulling = true; - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); + + let cleartext; + if (this.s2kUsage === 253) { + const mode = mod$1.getAEADMode(this.aead); + const modeInstance = await mode(this.symmetric, key); + try { + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData); + } catch (err) { + if (err.message === 'Authentication tag mismatch') { + throw new Error('Incorrect key passphrase: ' + err.message); } - }, e => { - ReadableStreamDefaultControllerError(controller, e); - }); - } - function ReadableStreamDefaultControllerShouldCallPull(controller) { - const stream = controller._controlledReadableStream; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return false; - } - if (!controller._started) { - return false; + throw err; + } + } else { + const cleartextWithHash = await mod$1.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); + + cleartext = cleartextWithHash.subarray(0, -20); + const hash = await mod$1.hash.sha1(cleartext); + + if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { + throw new Error('Incorrect key passphrase'); + } } - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; + + try { + const { privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + this.privateParams = privateParams; + } catch (err) { + throw new Error('Error reading MPIs'); } - const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; + this.isEncrypted = false; + this.keyMaterial = null; + this.s2kUsage = 0; + this.aead = null; + this.symmetric = null; + this.isLegacyAEAD = null; + } + + /** + * Checks that the key parameters are consistent + * @throws {Error} if validation was not successful + * @async + */ + async validate() { + if (this.isDummy()) { + return; } - return false; - } - function ReadableStreamDefaultControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; - } - // A client of ReadableStreamDefaultController may use these functions directly to bypass state check. - function ReadableStreamDefaultControllerClose(controller) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; + + if (!this.isDecrypted()) { + throw new Error('Key is not decrypted'); } - const stream = controller._controlledReadableStream; - controller._closeRequested = true; - if (controller._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamClose(stream); + + if (this.usedModernAEAD) { + // key integrity confirmed by successful AEAD decryption + return; } - } - function ReadableStreamDefaultControllerEnqueue(controller, chunk) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; + + let validParams; + try { + // this can throw if some parameters are undefined + validParams = await mod$1.validateParams(this.algorithm, this.publicParams, this.privateParams); + } catch (_) { + validParams = false; } - const stream = controller._controlledReadableStream; - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - ReadableStreamFulfillReadRequest(stream, chunk, false); + if (!validParams) { + throw new Error('Key is invalid'); } - else { - let chunkSize; - try { - chunkSize = controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - ReadableStreamDefaultControllerError(controller, chunkSizeE); - throw chunkSizeE; - } - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - ReadableStreamDefaultControllerError(controller, enqueueE); - throw enqueueE; - } + } + + async generate(bits, curve) { + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if (this.version === 6 && ( + (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) || + this.algorithm === enums.publicKey.eddsaLegacy + )) { + throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`); + } + const { privateParams, publicParams } = await mod$1.generateParams(this.algorithm, bits, curve); + this.privateParams = privateParams; + this.publicParams = publicParams; + this.isEncrypted = false; + } + + /** + * Clear private key parameters + */ + clearPrivateParams() { + if (this.isMissingSecretKeyMaterial()) { + return; } - ReadableStreamDefaultControllerCallPullIfNeeded(controller); + + Object.keys(this.privateParams).forEach(name => { + const param = this.privateParams[name]; + param.fill(0); + delete this.privateParams[name]; + }); + this.privateParams = null; + this.isEncrypted = true; + } } - function ReadableStreamDefaultControllerError(controller, e) { - const stream = controller._controlledReadableStream; - if (stream._state !== 'readable') { - return; - } - ResetQueue(controller); - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); + + /** + * Derive encryption key + * @param {Number} keyVersion - key derivation differs for v5 keys + * @param {module:type/s2k} s2k + * @param {String} passphrase + * @param {module:enums.symmetric} cipherAlgo + * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5) + * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5) + * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only) + * @returns encryption key + */ + async function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) { + if (s2k.type === 'argon2' && !aeadMode) { + throw new Error('Using Argon2 S2K without AEAD is not allowed'); + } + if (s2k.type === 'simple' && keyVersion === 6) { + throw new Error('Using Simple S2K with version 6 keys is not allowed'); + } + const { keySize } = mod$1.getCipherParams(cipherAlgo); + const derivedKey = await s2k.produceKey(passphrase, keySize); + if (!aeadMode || keyVersion === 5 || isLegacyAEAD) { + return derivedKey; + } + const info = util.concatUint8Array([ + serializedPacketTag, + new Uint8Array([keyVersion, cipherAlgo, aeadMode]) + ]); + return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize); } - function ReadableStreamDefaultControllerGetDesiredSize(controller) { - const state = controller._controlledReadableStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of the User ID Packet (Tag 13) + * + * A User ID packet consists of UTF-8 text that is intended to represent + * the name and email address of the key holder. By convention, it + * includes an RFC 2822 [RFC2822] mail name-addr, but there are no + * restrictions on its content. The packet length in the header + * specifies the length of the User ID. + */ + class UserIDPacket { + static get tag() { + return enums.packet.userID; + } + + constructor() { + /** A string containing the user id. Usually in the form + * John Doe + * @type {String} + */ + this.userID = ''; + + this.name = ''; + this.email = ''; + this.comment = ''; + } + + /** + * Create UserIDPacket instance from object + * @param {Object} userID - Object specifying userID name, email and comment + * @returns {UserIDPacket} + * @static + */ + static fromObject(userID) { + if (util.isString(userID) || + (userID.name && !util.isString(userID.name)) || + (userID.email && !util.isEmailAddress(userID.email)) || + (userID.comment && !util.isString(userID.comment))) { + throw new Error('Invalid user ID format'); } - return controller._strategyHWM - controller._queueTotalSize; - } - // This is used in the implementation of TransformStream. - function ReadableStreamDefaultControllerHasBackpressure(controller) { - if (ReadableStreamDefaultControllerShouldCallPull(controller)) { - return false; + const packet = new UserIDPacket(); + Object.assign(packet, userID); + const components = []; + if (packet.name) components.push(packet.name); + if (packet.comment) components.push(`(${packet.comment})`); + if (packet.email) components.push(`<${packet.email}>`); + packet.userID = components.join(' '); + return packet; + } + + /** + * Parsing function for a user id packet (tag 13). + * @param {Uint8Array} input - Payload of a tag 13 packet + */ + read(bytes, config$1 = config) { + const userID = util.decodeUTF8(bytes); + if (userID.length > config$1.maxUserIDLength) { + throw new Error('User ID string is too long'); } - return true; - } - function ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) { - const state = controller._controlledReadableStream._state; - if (!controller._closeRequested && state === 'readable') { - return true; + + /** + * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1, + * as well comments placed between the name (if present) and the bracketed email address: + * - name (comment) + * - email + * In the first case, the `email` is the only required part, and it must contain the `@` symbol. + * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`, + * since they interfere with `comment` parsing. + */ + const re = /^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/; + const matches = re.exec(userID); + if (matches !== null) { + const { name, comment, email } = matches.groups; + this.comment = comment?.replace(/^\(|\)|\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace + this.name = name?.trim() || ''; + this.email = email.substring(1, email.length - 1); // remove brackets + } else if (/^[^\s@]+@[^\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace + this.email = userID; } - return false; - } - function SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledReadableStream = stream; - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._closeRequested = false; - controller._pullAgain = false; - controller._pulling = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - }, r => { - ReadableStreamDefaultControllerError(controller, r); - }); - } - function SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) { - const controller = Object.create(ReadableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSource.start !== undefined) { - startAlgorithm = () => underlyingSource.start(controller); - } - if (underlyingSource.pull !== undefined) { - pullAlgorithm = () => underlyingSource.pull(controller); - } - if (underlyingSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingSource.cancel(reason); - } - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - } - // Helper functions for the ReadableStreamDefaultController. - function defaultControllerBrandCheckException$1(name) { - return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`); - } - - function ReadableStreamTee(stream, cloneForBranch2) { - const reader = AcquireReadableStreamDefaultReader(stream); - let reading = false; - let canceled1 = false; - let canceled2 = false; - let reason1; - let reason2; - let branch1; - let branch2; - let resolveCancelPromise; - const cancelPromise = newPromise(resolve => { - resolveCancelPromise = resolve; - }); - function pullAlgorithm() { - if (reading) { - return promiseResolvedWith(undefined); - } - reading = true; - const readRequest = { - _chunkSteps: value => { - // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using - // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let - // successful synchronously-available reads get ahead of asynchronously-available errors. - queueMicrotask(() => { - reading = false; - const value1 = value; - const value2 = value; - // There is no way to access the cloning code right now in the reference implementation. - // If we add one then we'll need an implementation for serializable objects. - // if (!canceled2 && cloneForBranch2) { - // value2 = StructuredDeserialize(StructuredSerialize(value2)); - // } - if (!canceled1) { - ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1); - } - if (!canceled2) { - ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2); - } - }); - }, - _closeSteps: () => { - reading = false; - if (!canceled1) { - ReadableStreamDefaultControllerClose(branch1._readableStreamController); - } - if (!canceled2) { - ReadableStreamDefaultControllerClose(branch2._readableStreamController); - } - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }, - _errorSteps: () => { - reading = false; - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promiseResolvedWith(undefined); - } - function cancel1Algorithm(reason) { - canceled1 = true; - reason1 = reason; - if (canceled2) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function cancel2Algorithm(reason) { - canceled2 = true; - reason2 = reason; - if (canceled1) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function startAlgorithm() { - // do nothing - } - branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm); - branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm); - uponRejection(reader._closedPromise, (r) => { - ReadableStreamDefaultControllerError(branch1._readableStreamController, r); - ReadableStreamDefaultControllerError(branch2._readableStreamController, r); - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }); - return [branch1, branch2]; - } - function convertUnderlyingDefaultOrByteSource(source, context) { - assertDictionary(source, context); - const original = source; - const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize; - const cancel = original === null || original === void 0 ? void 0 : original.cancel; - const pull = original === null || original === void 0 ? void 0 : original.pull; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - return { - autoAllocateChunkSize: autoAllocateChunkSize === undefined ? - undefined : - convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`), - cancel: cancel === undefined ? - undefined : - convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`), - pull: pull === undefined ? - undefined : - convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`), - start: start === undefined ? - undefined : - convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`), - type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`) - }; - } - function convertUnderlyingSourceCancelCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); + this.userID = userID; + } + + /** + * Creates a binary representation of the user id packet + * @returns {Uint8Array} Binary representation. + */ + write() { + return util.encodeUTF8(this.userID); + } + + equals(otherUserID) { + return otherUserID && otherUserID.userID === this.userID; + } } - function convertUnderlyingSourcePullCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); + + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret + * Key packet and has exactly the same format. + * @extends SecretKeyPacket + */ + class SecretSubkeyPacket extends SecretKeyPacket { + static get tag() { + return enums.packet.secretSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); + } } - function convertUnderlyingSourceStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); + + /** + * Implementation of the Trust Packet (Tag 12) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: + * The Trust packet is used only within keyrings and is not normally + * exported. Trust packets contain data that record the user's + * specifications of which key holders are trustworthy introducers, + * along with other information that implementing software uses for + * trust information. The format of Trust packets is defined by a given + * implementation. + * + * Trust packets SHOULD NOT be emitted to output streams that are + * transferred to other users, and they SHOULD be ignored on any input + * other than local keyring files. + */ + class TrustPacket { + static get tag() { + return enums.packet.trust; + } + + /** + * Parsing function for a trust packet (tag 12). + * Currently not implemented as we ignore trust packets + */ + read() { + throw new UnsupportedError('Trust packets are not supported'); + } + + write() { + throw new UnsupportedError('Trust packets are not supported'); + } } - function convertReadableStreamType(type, context) { - type = `${type}`; - if (type !== 'bytes') { - throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`); - } - return type; + + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2022 Proton AG + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + /** + * Implementation of the Padding Packet + * + * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}: + * Padding Packet + */ + class PaddingPacket { + static get tag() { + return enums.packet.padding; + } + + constructor() { + this.padding = null; + } + + /** + * Read a padding packet + * @param {Uint8Array | ReadableStream} bytes + */ + read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars + // Padding packets are ignored, so this function is never called. + } + + /** + * Write the padding packet + * @returns {Uint8Array} The padding packet. + */ + write() { + return this.padding; + } + + /** + * Create random padding. + * @param {Number} length - The length of padding to be generated. + * @throws {Error} if padding generation was not successful + * @async + */ + async createPadding(length) { + this.padding = await mod$1.random.getRandomBytes(length); + } } - function convertReaderOptions(options, context) { - assertDictionary(options, context); - const mode = options === null || options === void 0 ? void 0 : options.mode; - return { - mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`) - }; - } - function convertReadableStreamReaderMode(mode, context) { - mode = `${mode}`; - if (mode !== 'byob') { - throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`); - } - return mode; - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function convertIteratorOptions(options, context) { - assertDictionary(options, context); - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - return { preventCancel: Boolean(preventCancel) }; - } - function convertPipeOptions(options, context) { - assertDictionary(options, context); - const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort; - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - const preventClose = options === null || options === void 0 ? void 0 : options.preventClose; - const signal = options === null || options === void 0 ? void 0 : options.signal; - if (signal !== undefined) { - assertAbortSignal(signal, `${context} has member 'signal' that`); - } - return { - preventAbort: Boolean(preventAbort), - preventCancel: Boolean(preventCancel), - preventClose: Boolean(preventClose), - signal - }; - } - function assertAbortSignal(signal, context) { - if (!isAbortSignal(signal)) { - throw new TypeError(`${context} is not an AbortSignal.`); - } - } + // A Signature can contain the following packets + const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + + /** + * Class that represents an OpenPGP signature. + */ + class Signature { + /** + * @param {PacketList} packetlist - The signature packets + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } + + /** + * Returns binary encoded signature + * @returns {ReadableStream} Binary signature. + */ + write() { + return this.packets.write(); + } + + /** + * Returns ASCII armored text of signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config$1); + } - function convertReadableWritablePair(pair, context) { - assertDictionary(pair, context); - const readable = pair === null || pair === void 0 ? void 0 : pair.readable; - assertRequiredField(readable, 'readable', 'ReadableWritablePair'); - assertReadableStream(readable, `${context} has member 'readable' that`); - const writable = pair === null || pair === void 0 ? void 0 : pair.writable; - assertRequiredField(writable, 'writable', 'ReadableWritablePair'); - assertWritableStream(writable, `${context} has member 'writable' that`); - return { readable, writable }; + /** + * Returns an array of KeyIDs of all of the issuers who created this signature + * @returns {Array} The Key IDs of the signing keys + */ + getSigningKeyIDs() { + return this.packets.map(packet => packet.issuerKeyID); + } } /** - * A readable stream represents a source of data, from which you can read. - * - * @public + * reads an (optionally armored) OpenPGP signature and returns a signature object + * @param {Object} options + * @param {String} [options.armoredSignature] - Armored signature to be parsed + * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New signature object. + * @async + * @static */ - class ReadableStream$1 { - constructor(rawUnderlyingSource = {}, rawStrategy = {}) { - if (rawUnderlyingSource === undefined) { - rawUnderlyingSource = null; - } - else { - assertObject(rawUnderlyingSource, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter'); - InitializeReadableStream(this); - if (underlyingSource.type === 'bytes') { - if (strategy.size !== undefined) { - throw new RangeError('The strategy for a byte stream cannot have a size function'); - } - const highWaterMark = ExtractHighWaterMark(strategy, 0); - SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark); - } - else { - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm); - } - } - /** - * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}. - */ - get locked() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('locked'); - } - return IsReadableStreamLocked(this); - } - /** - * Cancels the stream, signaling a loss of interest in the stream by a consumer. - * - * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()} - * method, which might or might not use it. - */ - cancel(reason = undefined) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('cancel')); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader')); - } - return ReadableStreamCancel(this, reason); - } - getReader(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('getReader'); - } - const options = convertReaderOptions(rawOptions, 'First parameter'); - if (options.mode === undefined) { - return AcquireReadableStreamDefaultReader(this); - } - return AcquireReadableStreamBYOBReader(this); - } - pipeThrough(rawTransform, rawOptions = {}) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('pipeThrough'); - } - assertRequiredArgument(rawTransform, 1, 'pipeThrough'); - const transform = convertReadableWritablePair(rawTransform, 'First parameter'); - const options = convertPipeOptions(rawOptions, 'Second parameter'); - if (IsReadableStreamLocked(this)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream'); - } - if (IsWritableStreamLocked(transform.writable)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream'); - } - const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - setPromiseIsHandledToTrue(promise); - return transform.readable; - } - pipeTo(destination, rawOptions = {}) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('pipeTo')); - } - if (destination === undefined) { - return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`); - } - if (!IsWritableStream(destination)) { - return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`)); - } - let options; - try { - options = convertPipeOptions(rawOptions, 'Second parameter'); - } - catch (e) { - return promiseRejectedWith(e); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream')); - } - if (IsWritableStreamLocked(destination)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream')); - } - return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - } - /** - * Tees this readable stream, returning a two-element array containing the two resulting branches as - * new {@link ReadableStream} instances. - * - * Teeing a stream will lock it, preventing any other consumer from acquiring a reader. - * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be - * propagated to the stream's underlying source. - * - * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable, - * this could allow interference between the two branches. - */ - tee() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('tee'); - } - const branches = ReadableStreamTee(this); - return CreateArrayFromList(branches); - } - values(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('values'); - } - const options = convertIteratorOptions(rawOptions, 'First parameter'); - return AcquireReadableStreamAsyncIterator(this, options.preventCancel); - } - } - Object.defineProperties(ReadableStream$1.prototype, { - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, - values: { enumerable: true }, - locked: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStream', - configurable: true - }); - } - if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.asyncIterator, { - value: ReadableStream$1.prototype.values, - writable: true, - configurable: true - }); - } - // Abstract operations for the ReadableStream. - // Throws if and only if startAlgorithm throws. - function CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(ReadableStream$1.prototype); - InitializeReadableStream(stream); - const controller = Object.create(ReadableStreamDefaultController.prototype); - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - return stream; - } - function InitializeReadableStream(stream) { - stream._state = 'readable'; - stream._reader = undefined; - stream._storedError = undefined; - stream._disturbed = false; - } - function IsReadableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) { - return false; - } - return true; - } - function IsReadableStreamLocked(stream) { - if (stream._reader === undefined) { - return false; - } - return true; - } - // ReadableStream API exposed for controllers. - function ReadableStreamCancel(stream, reason) { - stream._disturbed = true; - if (stream._state === 'closed') { - return promiseResolvedWith(undefined); - } - if (stream._state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - ReadableStreamClose(stream); - const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason); - return transformPromiseWith(sourceCancelPromise, noop); - } - function ReadableStreamClose(stream) { - stream._state = 'closed'; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseResolve(reader); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._closeSteps(); - }); - reader._readRequests = new SimpleQueue(); - } - } - function ReadableStreamError(stream, e) { - stream._state = 'errored'; - stream._storedError = e; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseReject(reader, e); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._errorSteps(e); - }); - reader._readRequests = new SimpleQueue(); - } - else { - reader._readIntoRequests.forEach(readIntoRequest => { - readIntoRequest._errorSteps(e); - }); - reader._readIntoRequests = new SimpleQueue(); + async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredSignature || binarySignature; + if (!input) { + throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); + } + if (armoredSignature && !util.isString(armoredSignature)) { + throw new Error('readSignature: options.armoredSignature must be a string'); + } + if (binarySignature && !util.isUint8Array(binarySignature)) { + throw new Error('readSignature: options.binarySignature must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (armoredSignature) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.signature) { + throw new Error('Armored text not of type signature'); } + input = data; + } + const packetlist = await PacketList.fromBinary(input, allowedPackets$1, config$1); + return new Signature(packetlist); } - // Helper functions for the ReadableStream. - function streamBrandCheckException$1(name) { - return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`); + + /** + * @fileoverview Provides helpers methods for key module + * @module key/helper + */ + + + async function generateSecretSubkey(options, config) { + const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); + secretSubkeyPacket.packets = null; + secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretSubkeyPacket.generate(options.rsaBits, options.curve); + await secretSubkeyPacket.computeFingerprintAndKeyID(); + return secretSubkeyPacket; } - function convertQueuingStrategyInit(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit'); - return { - highWaterMark: convertUnrestrictedDouble(highWaterMark) - }; + async function generateSecretKey(options, config) { + const secretKeyPacket = new SecretKeyPacket(options.date, config); + secretKeyPacket.packets = null; + secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); + await secretKeyPacket.computeFingerprintAndKeyID(); + return secretKeyPacket; } - const byteLengthSizeFunction = function size(chunk) { - return chunk.byteLength; - }; /** - * A queuing strategy that counts the number of bytes in each chunk. - * - * @public + * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. + * @param {Array} signatures - List of signatures + * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature + * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures, + * `enums.signatures.certGeneric` should be given regardless of the actual trust level) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - full configuration + * @returns {Promise} The latest valid signature. + * @async */ - class ByteLengthQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('highWaterMark'); - } - return this._byteLengthQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by returning the value of its `byteLength` property. - */ - get size() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('size'); - } - return byteLengthSizeFunction; + async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { + let latestValid; + let exception; + for (let i = signatures.length - 1; i >= 0; i--) { + try { + if ( + (!latestValid || signatures[i].created >= latestValid.created) + ) { + await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); + latestValid = signatures[i]; + } + } catch (e) { + exception = e; } + } + if (!latestValid) { + throw util.wrapError( + `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` + .replace('certGeneric ', 'self-') + .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), + exception); + } + return latestValid; } - Object.defineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'ByteLengthQueuingStrategy', - configurable: true - }); - } - // Helper functions for the ByteLengthQueuingStrategy. - function byteLengthBrandCheckException(name) { - return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`); + + function isDataExpired(keyPacket, signature, date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + const expirationTime = getKeyExpirationTime(keyPacket, signature); + return !(keyPacket.created <= normDate && normDate < expirationTime); + } + return false; } - function IsByteLengthQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) { - return false; - } - return true; + + /** + * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} + * @param {SecretSubkeyPacket} subkey - Subkey key packet + * @param {SecretKeyPacket} primaryKey - Primary key packet + * @param {Object} options + * @param {Object} config - Full configuration + */ + async function createBindingSignature(subkey, primaryKey, options, config) { + const dataToSign = {}; + dataToSign.key = primaryKey; + dataToSign.bind = subkey; + const signatureProperties = { signatureType: enums.signature.subkeyBinding }; + if (options.sign) { + signatureProperties.keyFlags = [enums.keyFlags.signData]; + signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, { + signatureType: enums.signature.keyBinding + }, options.date, undefined, undefined, undefined, config); + } else { + signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; + } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; + } + const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); + return subkeySignaturePacket; } - const countSizeFunction = function size() { - return 1; - }; /** - * A queuing strategy that counts the number of chunks. - * - * @public + * Returns the preferred signature hash algorithm for a set of keys. + * @param {Array} [targetKeys] - The keys to get preferences from + * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from + * @param {Object} config - full configuration + * @returns {Promise} + * @async */ - class CountQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'CountQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._countQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('highWaterMark'); - } - return this._countQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by always returning 1. - * This ensures that the total queue size is a count of the number of chunks in the queue. - */ - get size() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('size'); - } - return countSizeFunction; + async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { + /** + * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the + * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). + * if no keys are available, `preferredSenderAlgo` is returned. + * For ECC signing key, the curve preferred hash is taken into account as well (see logic below). + */ + const defaultAlgo = enums.hash.sha256; // MUST implement + const preferredSenderAlgo = config.preferredHashAlgorithm; + + const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => { + const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config); + const targetPrefs = selfCertification.preferredHashAlgorithms; + return targetPrefs; + })); + const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys + for (const supportedAlgos of supportedAlgosPerTarget) { + for (const hashAlgo of supportedAlgos) { + try { + // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on + const supportedAlgo = enums.write(enums.hash, hashAlgo); + supportedAlgosMap.set( + supportedAlgo, + supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1 + ); + } catch {} } - } - Object.defineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'CountQueuingStrategy', - configurable: true - }); - } - // Helper functions for the CountQueuingStrategy. - function countBrandCheckException(name) { - return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`); - } - function IsCountQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; + } + const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo; + const getStrongestSupportedHashAlgo = () => { + if (supportedAlgosMap.size === 0) { + return defaultAlgo; } - if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) { - return false; + const sortedHashAlgos = Array.from(supportedAlgosMap.keys()) + .filter(hashAlgo => isSupportedHashAlgo(hashAlgo)) + .sort((algoA, algoB) => mod$1.hash.getHashByteLength(algoA) - mod$1.hash.getHashByteLength(algoB)); + const strongestHashAlgo = sortedHashAlgos[0]; + // defaultAlgo is always implicilty supported, and might be stronger than the rest + return mod$1.hash.getHashByteLength(strongestHashAlgo) >= mod$1.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo; + }; + + const eccAlgos = new Set([ + enums.publicKey.ecdsa, + enums.publicKey.eddsaLegacy, + enums.publicKey.ed25519, + enums.publicKey.ed448 + ]); + + if (eccAlgos.has(signingKeyPacket.algorithm)) { + // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: + // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 + // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough; + // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve + // preferred algo, even if not supported by all targets. + const preferredCurveAlgo = mod$1.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid); + + const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo); + const preferredSenderAlgoStrongerThanCurveAlgo = mod$1.hash.getHashByteLength(preferredSenderAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo); + + if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) { + return preferredSenderAlgo; + } else { + const strongestSupportedAlgo = getStrongestSupportedHashAlgo(); + return mod$1.hash.getHashByteLength(strongestSupportedAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo) ? + strongestSupportedAlgo : + preferredCurveAlgo; } - return true; - } + } - function convertTransformer(original, context) { - assertDictionary(original, context); - const flush = original === null || original === void 0 ? void 0 : original.flush; - const readableType = original === null || original === void 0 ? void 0 : original.readableType; - const start = original === null || original === void 0 ? void 0 : original.start; - const transform = original === null || original === void 0 ? void 0 : original.transform; - const writableType = original === null || original === void 0 ? void 0 : original.writableType; - return { - flush: flush === undefined ? - undefined : - convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`), - readableType, - start: start === undefined ? - undefined : - convertTransformerStartCallback(start, original, `${context} has member 'start' that`), - transform: transform === undefined ? - undefined : - convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`), - writableType - }; - } - function convertTransformerFlushCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); - } - function convertTransformerStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); - } - function convertTransformerTransformCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); + // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this, + // since it was manually set by the sender. + return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo(); } - // Class TransformStream /** - * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream}, - * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side. - * In a manner specific to the transform stream in question, writes to the writable side result in new data being - * made available for reading from the readable side. - * - * @public + * Returns the preferred compression algorithm for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Preferred compression algorithm + * @async */ - class TransformStream$1 { - constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) { - if (rawTransformer === undefined) { - rawTransformer = null; - } - const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter'); - const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter'); - const transformer = convertTransformer(rawTransformer, 'First parameter'); - if (transformer.readableType !== undefined) { - throw new RangeError('Invalid readableType specified'); - } - if (transformer.writableType !== undefined) { - throw new RangeError('Invalid writableType specified'); - } - const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0); - const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy); - const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1); - const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy); - let startPromise_resolve; - const startPromise = newPromise(resolve => { - startPromise_resolve = resolve; - }); - InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - SetUpTransformStreamDefaultControllerFromTransformer(this, transformer); - if (transformer.start !== undefined) { - startPromise_resolve(transformer.start(this._transformStreamController)); - } - else { - startPromise_resolve(undefined); - } - } - /** - * The readable side of the transform stream. - */ - get readable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('readable'); - } - return this._readable; - } - /** - * The writable side of the transform stream. - */ - get writable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('writable'); - } - return this._writable; - } - } - Object.defineProperties(TransformStream$1.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStream', - configurable: true - }); - } - function InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) { - function startAlgorithm() { - return startPromise; - } - function writeAlgorithm(chunk) { - return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk); - } - function abortAlgorithm(reason) { - return TransformStreamDefaultSinkAbortAlgorithm(stream, reason); - } - function closeAlgorithm() { - return TransformStreamDefaultSinkCloseAlgorithm(stream); - } - stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm); - function pullAlgorithm() { - return TransformStreamDefaultSourcePullAlgorithm(stream); - } - function cancelAlgorithm(reason) { - TransformStreamErrorWritableAndUnblockWrite(stream, reason); - return promiseResolvedWith(undefined); - } - stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure. - stream._backpressure = undefined; - stream._backpressureChangePromise = undefined; - stream._backpressureChangePromise_resolve = undefined; - TransformStreamSetBackpressure(stream, true); - stream._transformStreamController = undefined; - } - function IsTransformStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) { - return false; - } - return true; - } - // This is a no-op if both sides are already errored. - function TransformStreamError(stream, e) { - ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e); - TransformStreamErrorWritableAndUnblockWrite(stream, e); - } - function TransformStreamErrorWritableAndUnblockWrite(stream, e) { - TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController); - WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e); - if (stream._backpressure) { - // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure() - // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time - // _backpressure is set. - TransformStreamSetBackpressure(stream, false); - } - } - function TransformStreamSetBackpressure(stream, backpressure) { - // Passes also when called during construction. - if (stream._backpressureChangePromise !== undefined) { - stream._backpressureChangePromise_resolve(); - } - stream._backpressureChangePromise = newPromise(resolve => { - stream._backpressureChangePromise_resolve = resolve; - }); - stream._backpressure = backpressure; + async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const defaultAlgo = enums.compression.uncompressed; + const preferredSenderAlgo = config$1.preferredCompressionAlgorithm; + + // if preferredSenderAlgo appears in the prefs of all recipients, we pick it + // otherwise we use the default algo + // if no keys are available, preferredSenderAlgo is returned + const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { + const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config$1); + const recipientPrefs = selfCertification.preferredCompressionAlgorithms; + return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; + })); + return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; } - // Class TransformStreamDefaultController + /** - * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}. - * - * @public + * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred + * @async */ - class TransformStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full. - */ - get desiredSize() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('desiredSize'); - } - const readableController = this._controlledTransformStream._readable._readableStreamController; - return ReadableStreamDefaultControllerGetDesiredSize(readableController); - } - enqueue(chunk = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('enqueue'); - } - TransformStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors both the readable side and the writable side of the controlled transform stream, making all future - * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded. - */ - error(reason = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('error'); - } - TransformStreamDefaultControllerError(this, reason); - } - /** - * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the - * transformer only needs to consume a portion of the chunks written to the writable side. - */ - terminate() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('terminate'); - } - TransformStreamDefaultControllerTerminate(this); - } - } - Object.defineProperties(TransformStreamDefaultController.prototype, { - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, - desiredSize: { enumerable: true } - }); - if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStreamDefaultController', - configurable: true - }); - } - // Transform Stream Default Controller Abstract Operations - function IsTransformStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) { - return false; + async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1))); + const withAEAD = keys.length ? + selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) : + config$1.aeadProtect; + + if (withAEAD) { + const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb }; + const desiredCipherSuites = [ + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: config$1.preferredAEADAlgorithm }, + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb }, + { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config$1.preferredAEADAlgorithm } + ]; + for (const desiredCipherSuite of desiredCipherSuites) { + if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some( + cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo + ))) { + return desiredCipherSuite; + } } - return true; + return defaultCipherSuite; + } + const defaultSymAlgo = enums.symmetric.aes128; + const desiredSymAlgo = config$1.preferredSymmetricAlgorithm; + return { + symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ? + desiredSymAlgo : + defaultSymAlgo, + aeadAlgo: undefined + }; } - function SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) { - controller._controlledTransformStream = stream; - stream._transformStreamController = controller; - controller._transformAlgorithm = transformAlgorithm; - controller._flushAlgorithm = flushAlgorithm; + + /** + * Create signature packet + * @param {Object} dataToSign - Contains packets to be signed + * @param {Array} recipientKeys - keys to get preferences from + * @param {SecretKeyPacket| + * SecretSubkeyPacket} signingKeyPacket secret key packet for signing + * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing + * @param {Date} [date] - Override the creationtime of the signature + * @param {Object} [userID] - User ID + * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [detached] - Whether to create a detached signature packet + * @param {Object} config - full configuration + * @returns {Promise} Signature packet. + */ + async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) { + if (signingKeyPacket.isDummy()) { + throw new Error('Cannot sign with a gnu-dummy key.'); + } + if (!signingKeyPacket.isDecrypted()) { + throw new Error('Signing key is not decrypted.'); + } + const signaturePacket = new SignaturePacket(); + Object.assign(signaturePacket, signatureProperties); + signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; + signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config); + signaturePacket.rawNotations = [...notations]; + await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config); + return signaturePacket; } - function SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) { - const controller = Object.create(TransformStreamDefaultController.prototype); - let transformAlgorithm = (chunk) => { - try { - TransformStreamDefaultControllerEnqueue(controller, chunk); - return promiseResolvedWith(undefined); - } - catch (transformResultE) { - return promiseRejectedWith(transformResultE); + + /** + * Merges signatures from source[attr] to dest[attr] + * @param {Object} source + * @param {Object} dest + * @param {String} attr + * @param {Date} [date] - date to use for signature expiration check, instead of the current time + * @param {Function} [checkFn] - signature only merged if true + */ + async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { + source = source[attr]; + if (source) { + if (!dest[attr].length) { + dest[attr] = source; + } else { + await Promise.all(source.map(async function(sourceSig) { + if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && + !dest[attr].some(function(destSig) { + return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); + })) { + dest[attr].push(sourceSig); } - }; - let flushAlgorithm = () => promiseResolvedWith(undefined); - if (transformer.transform !== undefined) { - transformAlgorithm = chunk => transformer.transform(chunk, controller); - } - if (transformer.flush !== undefined) { - flushAlgorithm = () => transformer.flush(controller); + })); } - SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm); - } - function TransformStreamDefaultControllerClearAlgorithms(controller) { - controller._transformAlgorithm = undefined; - controller._flushAlgorithm = undefined; + } } - function TransformStreamDefaultControllerEnqueue(controller, chunk) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) { - throw new TypeError('Readable side is not in a state that permits enqueue'); - } - // We throttle transform invocations based on the backpressure of the ReadableStream, but we still - // accept TransformStreamDefaultControllerEnqueue() calls. + + /** + * Checks if a given certificate or binding signature is revoked + * @param {SecretKeyPacket| + * PublicKeyPacket} primaryKey The primary key packet + * @param {Object} dataToVerify - The data to check + * @param {Array} revocations - The revocation signatures to check + * @param {SignaturePacket} signature - The certificate or signature to check + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the signature revokes the data. + * @async + */ + async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { + key = key || primaryKey; + const revocationKeyIDs = []; + await Promise.all(revocations.map(async function(revocationSignature) { try { - ReadableStreamDefaultControllerEnqueue(readableController, chunk); - } - catch (e) { - // This happens when readableStrategy.size() throws. - TransformStreamErrorWritableAndUnblockWrite(stream, e); - throw stream._readable._storedError; - } - const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController); - if (backpressure !== stream._backpressure) { - TransformStreamSetBackpressure(stream, true); - } - } - function TransformStreamDefaultControllerError(controller, e) { - TransformStreamError(controller._controlledTransformStream, e); - } - function TransformStreamDefaultControllerPerformTransform(controller, chunk) { - const transformPromise = controller._transformAlgorithm(chunk); - return transformPromiseWith(transformPromise, undefined, r => { - TransformStreamError(controller._controlledTransformStream, r); - throw r; - }); - } - function TransformStreamDefaultControllerTerminate(controller) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - ReadableStreamDefaultControllerClose(readableController); - const error = new TypeError('TransformStream terminated'); - TransformStreamErrorWritableAndUnblockWrite(stream, error); - } - // TransformStreamDefaultSink Algorithms - function TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) { - const controller = stream._transformStreamController; - if (stream._backpressure) { - const backpressureChangePromise = stream._backpressureChangePromise; - return transformPromiseWith(backpressureChangePromise, () => { - const writable = stream._writable; - const state = writable._state; - if (state === 'erroring') { - throw writable._storedError; - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - }); - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - } - function TransformStreamDefaultSinkAbortAlgorithm(stream, reason) { - // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already - // errored. - TransformStreamError(stream, reason); - return promiseResolvedWith(undefined); - } - function TransformStreamDefaultSinkCloseAlgorithm(stream) { - // stream._readable cannot change after construction, so caching it across a call to user code is safe. - const readable = stream._readable; - const controller = stream._transformStreamController; - const flushPromise = controller._flushAlgorithm(); - TransformStreamDefaultControllerClearAlgorithms(controller); - // Return a promise that is fulfilled with undefined on success. - return transformPromiseWith(flushPromise, () => { - if (readable._state === 'errored') { - throw readable._storedError; - } - ReadableStreamDefaultControllerClose(readable._readableStreamController); - }, r => { - TransformStreamError(stream, r); - throw readable._storedError; - }); - } - // TransformStreamDefaultSource Algorithms - function TransformStreamDefaultSourcePullAlgorithm(stream) { - // Invariant. Enforced by the promises returned by start() and pull(). - TransformStreamSetBackpressure(stream, false); - // Prevent the next pull() call until there is backpressure. - return stream._backpressureChangePromise; - } - // Helper functions for the TransformStreamDefaultController. - function defaultControllerBrandCheckException(name) { - return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`); + if ( + // Note: a third-party revocation signature could legitimately revoke a + // self-signature if the signature has an authorized revocation key. + // However, we don't support passing authorized revocation keys, nor + // verifying such revocation signatures. Instead, we indicate an error + // when parsing a key with an authorized revocation key, and ignore + // third-party revocation signatures here. (It could also be revoking a + // third-party key certification, which should only affect + // `verifyAllCertifications`.) + !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) + ) { + const isHardRevocation = ![ + enums.reasonForRevocation.keyRetired, + enums.reasonForRevocation.keySuperseded, + enums.reasonForRevocation.userIDInvalid + ].includes(revocationSignature.reasonForRevocationFlag); + + await revocationSignature.verify( + key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config + ); + + // TODO get an identifier of the revoked object instead + revocationKeyIDs.push(revocationSignature.issuerKeyID); + } + } catch (e) {} + })); + // TODO further verify that this is the signature that should be revoked + if (signature) { + signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : + signature.revoked || false; + return signature.revoked; + } + return revocationKeyIDs.length > 0; } - // Helper functions for the TransformStream. - function streamBrandCheckException(name) { - return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`); + + /** + * Returns key expiration time based on the given certification signature. + * The expiration time of the signature is ignored. + * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check + * @param {SignaturePacket} signature - signature to process + * @returns {Date|Infinity} expiration time or infinity if the key does not expire + */ + function getKeyExpirationTime(keyPacket, signature) { + let expirationTime; + // check V4 expiration time + if (signature.keyNeverExpires === false) { + expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; + } + return expirationTime ? new Date(expirationTime) : Infinity; } - var ponyfill_es6 = /*#__PURE__*/Object.freeze({ - __proto__: null, - ByteLengthQueuingStrategy: ByteLengthQueuingStrategy, - CountQueuingStrategy: CountQueuingStrategy, - ReadableByteStreamController: ReadableByteStreamController, - ReadableStream: ReadableStream$1, - ReadableStreamBYOBReader: ReadableStreamBYOBReader, - ReadableStreamBYOBRequest: ReadableStreamBYOBRequest, - ReadableStreamDefaultController: ReadableStreamDefaultController, - ReadableStreamDefaultReader: ReadableStreamDefaultReader, - TransformStream: TransformStream$1, - TransformStreamDefaultController: TransformStreamDefaultController, - WritableStream: WritableStream$1, - WritableStreamDefaultController: WritableStreamDefaultController, - WritableStreamDefaultWriter: WritableStreamDefaultWriter - }); + function sanitizeKeyOptions(options, subkeyDefaults = {}) { + options.type = options.type || subkeyDefaults.type; + options.curve = options.curve || subkeyDefaults.curve; + options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; + options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; - /*! ***************************************************************************** - Copyright (c) Microsoft Corporation. - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. - ***************************************************************************** */ - /* global Reflect, Promise */ - - var extendStatics = function(d, b) { - extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return extendStatics(d, b); - }; + options.sign = options.sign || false; - function __extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); + switch (options.type) { + case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve` + try { + options.curve = enums.write(enums.curve, options.curve); + } catch (e) { + throw new Error('Unknown curve'); + } + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy || + options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now + options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; + } + if (options.sign) { + options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; + } else { + options.algorithm = enums.publicKey.ecdh; + } + break; + case 'curve25519': + options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519; + break; + case 'curve448': + options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448; + break; + case 'rsa': + options.algorithm = enums.publicKey.rsaEncryptSign; + break; + default: + throw new Error(`Unsupported key type ${options.type}`); + } + return options; } - function assert$1(test) { - if (!test) { - throw new TypeError('Assertion failed'); - } + function validateSigningKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + default: + return false; + } } - function noop$1() { - return; - } - function typeIsObject$1(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; + function validateEncryptionKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + default: + return false; + } } - function isStreamConstructor(ctor) { - if (typeof ctor !== 'function') { - return false; - } - var startCalled = false; - try { - new ctor({ - start: function () { - startCalled = true; - } - }); - } - catch (e) { - // ignore - } - return startCalled; - } - function isReadableStream(readable) { - if (!typeIsObject$1(readable)) { - return false; - } - if (typeof readable.getReader !== 'function') { - return false; - } - return true; - } - function isReadableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isReadableStream(new ctor())) { - return false; - } - return true; - } - function isWritableStream(writable) { - if (!typeIsObject$1(writable)) { - return false; - } - if (typeof writable.getWriter !== 'function') { - return false; - } - return true; - } - function isWritableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isWritableStream(new ctor())) { - return false; - } - return true; - } - function isTransformStream(transform) { - if (!typeIsObject$1(transform)) { - return false; - } - if (!isReadableStream(transform.readable)) { - return false; - } - if (!isWritableStream(transform.writable)) { - return false; - } - return true; - } - function isTransformStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isTransformStream(new ctor())) { - return false; - } - return true; - } - function supportsByobReader(readable) { - try { - var reader = readable.getReader({ mode: 'byob' }); - reader.releaseLock(); + function validateDecryptionKeyPacket(keyPacket, signature, config) { + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) { + // This is only relevant for RSA keys, all other signing algorithms cannot decrypt return true; + } + + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; } - catch (_a) { - return false; - } + default: + return false; + } } - function supportsByteSource(ctor) { - try { - new ctor({ type: 'bytes' }); - return true; - } - catch (_a) { - return false; - } + + /** + * Check key against blacklisted algorithms and minimum strength requirements. + * @param {SecretKeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket + * @param {Config} config + * @throws {Error} if the key packet does not meet the requirements + */ + function checkKeyRequirements(keyPacket, config) { + const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); + const algoInfo = keyPacket.getAlgorithmInfo(); + if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { + throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); + } + switch (keyAlgo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.rsaEncrypt: + if (algoInfo.bits < config.minRSABits) { + throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); + } + break; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ecdh: + if (config.rejectCurves.has(algoInfo.curve)) { + throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); + } + break; + } } - function createReadableStreamWrapper(ctor) { - assert$1(isReadableStreamConstructor(ctor)); - var byteSourceSupported = supportsByteSource(ctor); - return function (readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - type = parseReadableType(type); - if (type === 'bytes' && !byteSourceSupported) { - type = undefined; - } - if (readable.constructor === ctor) { - if (type !== 'bytes' || supportsByobReader(readable)) { - return readable; - } - } - if (type === 'bytes') { - var source = createWrappingReadableSource(readable, { type: type }); - return new ctor(source); - } - else { - var source = createWrappingReadableSource(readable); - return new ctor(source); - } + /** + * @module key/User + */ + + + /** + * Class that represents an user ID or attribute packet and the relevant signatures. + * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info + * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + */ + class User { + constructor(userPacket, mainKey) { + this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; + this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; + this.selfCertifications = []; + this.otherCertifications = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } + + /** + * Transforms structured user data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.userID || this.userAttribute); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.selfCertifications); + packetlist.push(...this.otherCertifications); + return packetlist; + } + + /** + * Shallow clone + * @returns {User} + */ + clone() { + const user = new User(this.userID || this.userAttribute, this.mainKey); + user.selfCertifications = [...this.selfCertifications]; + user.otherCertifications = [...this.otherCertifications]; + user.revocationSignatures = [...this.revocationSignatures]; + return user; + } + + /** + * Generate third-party certifications over this user and its primary key + * @param {Array} signingKeys - Decrypted private keys for signing + * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} New user with new certifications. + * @async + */ + async certify(signingKeys, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { + if (!privateKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + if (privateKey.hasSameFingerprintAs(primaryKey)) { + throw new Error("The user's own key can only be used for self-certifications"); + } + const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); + return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, { + // Most OpenPGP implementations use generic certification (0x10) + signatureType: enums.signature.certGeneric, + keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] + }, date, undefined, undefined, undefined, config); + })); + await user.update(this, date, config); + return user; + } + + /** + * Checks if a given certificate of the user is revoked + * @param {SignaturePacket} certificate - The certificate to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked(primaryKey, enums.signature.certRevocation, { + key: primaryKey, + userID: this.userID, + userAttribute: this.userAttribute + }, this.revocationSignatures, certificate, keyPacket, date, config$1); + } + + /** + * Verifies the user certificate. + * @param {SignaturePacket} certificate - A certificate of this user + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate + * @throws if the user certificate is invalid. + * @async + */ + async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey }; - } - function createWrappingReadableSource(readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - assert$1(isReadableStream(readable)); - assert$1(readable.locked === false); - type = parseReadableType(type); - var source; - if (type === 'bytes') { - source = new WrappingReadableByteStreamSource(readable); - } - else { - source = new WrappingReadableStreamDefaultSource(readable); - } - return source; - } - function parseReadableType(type) { - var typeString = String(type); - if (typeString === 'bytes') { - return typeString; - } - else if (type === undefined) { - return type; - } - else { - throw new RangeError('Invalid type is specified'); + const { issuerKeyID } = certificate; + const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); + if (issuerKeys.length === 0) { + return null; } - } - var AbstractWrappingReadableStreamSource = /** @class */ (function () { - function AbstractWrappingReadableStreamSource(underlyingStream) { - this._underlyingReader = undefined; - this._readerMode = undefined; - this._readableStreamController = undefined; - this._pendingRead = undefined; - this._underlyingStream = underlyingStream; - // always keep a reader attached to detect close/error - this._attachDefaultReader(); + await Promise.all(issuerKeys.map(async key => { + const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); + if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { + throw new Error('User certificate is revoked'); + } + try { + await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('User certificate is invalid', e); + } + })); + return true; + } + + /** + * Verifies all user certificates + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllCertifications(verificationKeys, date = new Date(), config) { + const that = this; + const certifications = this.selfCertifications.concat(this.otherCertifications); + return Promise.all(certifications.map(async certification => ({ + keyID: certification.issuerKeyID, + valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) + }))); + } + + /** + * Verify User. Checks for existence of self signatures, revocation signatures + * and validity of self signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} Status of user. + * @throws {Error} if there are no valid self signatures. + * @async + */ + async verify(date = new Date(), config) { + if (!this.selfCertifications.length) { + throw new Error('No self-certifications found'); } - AbstractWrappingReadableStreamSource.prototype.start = function (controller) { - this._readableStreamController = controller; - }; - AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) { - assert$1(this._underlyingReader !== undefined); - return this._underlyingReader.cancel(reason); - }; - AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () { - if (this._readerMode === "default" /* DEFAULT */) { - return; - } - this._detachReader(); - var reader = this._underlyingStream.getReader(); - this._readerMode = "default" /* DEFAULT */; - this._attachReader(reader); - }; - AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) { - var _this = this; - assert$1(this._underlyingReader === undefined); - this._underlyingReader = reader; - var closed = this._underlyingReader.closed; - if (!closed) { - return; - } - closed - .then(function () { return _this._finishPendingRead(); }) - .then(function () { - if (reader === _this._underlyingReader) { - _this._readableStreamController.close(); - } - }, function (reason) { - if (reader === _this._underlyingReader) { - _this._readableStreamController.error(reason); - } - }) - .catch(noop$1); + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey }; - AbstractWrappingReadableStreamSource.prototype._detachReader = function () { - if (this._underlyingReader === undefined) { - return; + // TODO replace when Promise.some or Promise.any are implemented + let exception; + for (let i = this.selfCertifications.length - 1; i >= 0; i--) { + try { + const selfCertification = this.selfCertifications[i]; + if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { + throw new Error('Self-certification is revoked'); } - this._underlyingReader.releaseLock(); - this._underlyingReader = undefined; - this._readerMode = undefined; - }; - AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () { - var _this = this; - this._attachDefaultReader(); - // TODO Backpressure? - var read = this._underlyingReader.read() - .then(function (result) { - var controller = _this._readableStreamController; - if (result.done) { - _this._tryClose(); - } - else { - controller.enqueue(result.value); - } - }); - this._setPendingRead(read); - return read; - }; - AbstractWrappingReadableStreamSource.prototype._tryClose = function () { try { - this._readableStreamController.close(); - } - catch (_a) { - // already errored or closed - } - }; - AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) { - var _this = this; - var pendingRead; - var finishRead = function () { - if (_this._pendingRead === pendingRead) { - _this._pendingRead = undefined; - } - }; - this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead); - }; - AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () { - var _this = this; - if (!this._pendingRead) { - return undefined; + await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('Self-certification is invalid', e); } - var afterRead = function () { return _this._finishPendingRead(); }; - return this._pendingRead.then(afterRead, afterRead); - }; - return AbstractWrappingReadableStreamSource; - }()); - var WrappingReadableStreamDefaultSource = /** @class */ (function (_super) { - __extends(WrappingReadableStreamDefaultSource, _super); - function WrappingReadableStreamDefaultSource() { - return _super !== null && _super.apply(this, arguments) || this; + return true; + } catch (e) { + exception = e; + } } - WrappingReadableStreamDefaultSource.prototype.pull = function () { - return this._pullWithDefaultReader(); + throw exception; + } + + /** + * Update user with new components from specified user + * @param {User} sourceUser - Source user to merge + * @param {Date} date - Date to verify the validity of signatures + * @param {Object} config - Full configuration + * @returns {Promise} + * @async + */ + async update(sourceUser, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey }; - return WrappingReadableStreamDefaultSource; - }(AbstractWrappingReadableStreamSource)); - function toUint8Array(view) { - return new Uint8Array(view.buffer, view.byteOffset, view.byteLength); - } - function copyArrayBufferView(from, to) { - var fromArray = toUint8Array(from); - var toArray = toUint8Array(to); - toArray.set(fromArray, 0); - } - var WrappingReadableByteStreamSource = /** @class */ (function (_super) { - __extends(WrappingReadableByteStreamSource, _super); - function WrappingReadableByteStreamSource(underlyingStream) { - var _this = this; - var supportsByob = supportsByobReader(underlyingStream); - _this = _super.call(this, underlyingStream) || this; - _this._supportsByob = supportsByob; - return _this; - } - Object.defineProperty(WrappingReadableByteStreamSource.prototype, "type", { - get: function () { - return 'bytes'; - }, - enumerable: false, - configurable: true + // self signatures + await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { + try { + await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); + return true; + } catch (e) { + return false; + } }); - WrappingReadableByteStreamSource.prototype._attachByobReader = function () { - if (this._readerMode === "byob" /* BYOB */) { - return; - } - assert$1(this._supportsByob); - this._detachReader(); - var reader = this._underlyingStream.getReader({ mode: 'byob' }); - this._readerMode = "byob" /* BYOB */; - this._attachReader(reader); - }; - WrappingReadableByteStreamSource.prototype.pull = function () { - if (this._supportsByob) { - var byobRequest = this._readableStreamController.byobRequest; - if (byobRequest) { - return this._pullWithByobRequest(byobRequest); - } - } - return this._pullWithDefaultReader(); - }; - WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) { - var _this = this; - this._attachByobReader(); - // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly - // create a separate buffer to read into, then copy that to byobRequest.view - var buffer = new Uint8Array(byobRequest.view.byteLength); - // TODO Backpressure? - var read = this._underlyingReader.read(buffer) - .then(function (result) { - _this._readableStreamController; - if (result.done) { - _this._tryClose(); - byobRequest.respond(0); - } - else { - copyArrayBufferView(result.value, byobRequest.view); - byobRequest.respond(result.value.byteLength); - } - }); - this._setPendingRead(read); - return read; - }; - return WrappingReadableByteStreamSource; - }(AbstractWrappingReadableStreamSource)); - - function createWritableStreamWrapper(ctor) { - assert$1(isWritableStreamConstructor(ctor)); - return function (writable) { - if (writable.constructor === ctor) { - return writable; - } - var sink = createWrappingWritableSink(writable); - return new ctor(sink); - }; - } - function createWrappingWritableSink(writable) { - assert$1(isWritableStream(writable)); - assert$1(writable.locked === false); - var writer = writable.getWriter(); - return new WrappingWritableStreamSink(writer); - } - var WrappingWritableStreamSink = /** @class */ (function () { - function WrappingWritableStreamSink(underlyingWriter) { - var _this = this; - this._writableStreamController = undefined; - this._pendingWrite = undefined; - this._state = "writable" /* WRITABLE */; - this._storedError = undefined; - this._underlyingWriter = underlyingWriter; - this._errorPromise = new Promise(function (resolve, reject) { - _this._errorPromiseReject = reject; - }); - this._errorPromise.catch(noop$1); - } - WrappingWritableStreamSink.prototype.start = function (controller) { - var _this = this; - this._writableStreamController = controller; - this._underlyingWriter.closed - .then(function () { - _this._state = "closed" /* CLOSED */; - }) - .catch(function (reason) { return _this._finishErroring(reason); }); - }; - WrappingWritableStreamSink.prototype.write = function (chunk) { - var _this = this; - var writer = this._underlyingWriter; - // Detect past errors - if (writer.desiredSize === null) { - return writer.ready; - } - var writeRequest = writer.write(chunk); - // Detect future errors - writeRequest.catch(function (reason) { return _this._finishErroring(reason); }); - writer.ready.catch(function (reason) { return _this._startErroring(reason); }); - // Reject write when errored - var write = Promise.race([writeRequest, this._errorPromise]); - this._setPendingWrite(write); - return write; - }; - WrappingWritableStreamSink.prototype.close = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return this._underlyingWriter.close(); - } - return this._finishPendingWrite().then(function () { return _this.close(); }); - }; - WrappingWritableStreamSink.prototype.abort = function (reason) { - if (this._state === "errored" /* ERRORED */) { - return undefined; - } - var writer = this._underlyingWriter; - return writer.abort(reason); - }; - WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) { - var _this = this; - var pendingWrite; - var finishWrite = function () { - if (_this._pendingWrite === pendingWrite) { - _this._pendingWrite = undefined; - } - }; - this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite); - }; - WrappingWritableStreamSink.prototype._finishPendingWrite = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return Promise.resolve(); - } - var afterWrite = function () { return _this._finishPendingWrite(); }; - return this._pendingWrite.then(afterWrite, afterWrite); - }; - WrappingWritableStreamSink.prototype._startErroring = function (reason) { - var _this = this; - if (this._state === "writable" /* WRITABLE */) { - this._state = "erroring" /* ERRORING */; - this._storedError = reason; - var afterWrite = function () { return _this._finishErroring(reason); }; - if (this._pendingWrite === undefined) { - afterWrite(); - } - else { - this._finishPendingWrite().then(afterWrite, afterWrite); - } - this._writableStreamController.error(reason); - } - }; - WrappingWritableStreamSink.prototype._finishErroring = function (reason) { - if (this._state === "writable" /* WRITABLE */) { - this._startErroring(reason); - } - if (this._state === "erroring" /* ERRORING */) { - this._state = "errored" /* ERRORED */; - this._errorPromiseReject(this._storedError); - } - }; - return WrappingWritableStreamSink; - }()); + // other signatures + await mergeSignatures(sourceUser, this, 'otherCertifications', date); + // revocation signatures + await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); + }); + } - function createTransformStreamWrapper(ctor) { - assert$1(isTransformStreamConstructor(ctor)); - return function (transform) { - if (transform.constructor === ctor) { - return transform; - } - var transformer = createWrappingTransformer(transform); - return new ctor(transformer); + /** + * Revokes the user + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New user with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.certRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await user.update(this); + return user; + } } - function createWrappingTransformer(transform) { - assert$1(isTransformStream(transform)); - var readable = transform.readable, writable = transform.writable; - assert$1(readable.locked === false); - assert$1(writable.locked === false); - var reader = readable.getReader(); - var writer; - try { - writer = writable.getWriter(); - } - catch (e) { - reader.releaseLock(); // do not leak reader - throw e; - } - return new WrappingTransformStreamTransformer(reader, writer); - } - var WrappingTransformStreamTransformer = /** @class */ (function () { - function WrappingTransformStreamTransformer(reader, writer) { - var _this = this; - this._transformStreamController = undefined; - this._onRead = function (result) { - if (result.done) { - return; - } - _this._transformStreamController.enqueue(result.value); - return _this._reader.read().then(_this._onRead); - }; - this._onError = function (reason) { - _this._flushReject(reason); - _this._transformStreamController.error(reason); - _this._reader.cancel(reason).catch(noop$1); - _this._writer.abort(reason).catch(noop$1); - }; - this._onTerminate = function () { - _this._flushResolve(); - _this._transformStreamController.terminate(); - var error = new TypeError('TransformStream terminated'); - _this._writer.abort(error).catch(noop$1); - }; - this._reader = reader; - this._writer = writer; - this._flushPromise = new Promise(function (resolve, reject) { - _this._flushResolve = resolve; - _this._flushReject = reject; - }); - } - WrappingTransformStreamTransformer.prototype.start = function (controller) { - this._transformStreamController = controller; - this._reader.read() - .then(this._onRead) - .then(this._onTerminate, this._onError); - var readerClosed = this._reader.closed; - if (readerClosed) { - readerClosed - .then(this._onTerminate, this._onError); - } - }; - WrappingTransformStreamTransformer.prototype.transform = function (chunk) { - return this._writer.write(chunk); - }; - WrappingTransformStreamTransformer.prototype.flush = function () { - var _this = this; - return this._writer.close() - .then(function () { return _this._flushPromise; }); - }; - return WrappingTransformStreamTransformer; - }()); - var webStreamsAdapter = /*#__PURE__*/Object.freeze({ - __proto__: null, - createReadableStreamWrapper: createReadableStreamWrapper, - createTransformStreamWrapper: createTransformStreamWrapper, - createWrappingReadableSource: createWrappingReadableSource, - createWrappingTransformer: createWrappingTransformer, - createWrappingWritableSink: createWrappingWritableSink, - createWritableStreamWrapper: createWritableStreamWrapper - }); + /** + * @module key/Subkey + */ - var bn = createCommonjsModule(function (module) { - (function (module, exports) { - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); + /** + * Class that represents a subkey packet and the relevant signatures. + * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID + * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint + * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs + * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo + * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime + * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + */ + class Subkey { + /** + * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey + * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey + */ + constructor(subkeyPacket, mainKey) { + this.keyPacket = subkeyPacket; + this.bindingSignatures = []; + this.revocationSignatures = []; + this.mainKey = mainKey; } - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; + /** + * Transforms structured subkey data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.bindingSignatures); + return packetlist; } - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; - } - - this.negative = 0; - this.words = null; - this.length = 0; - - // Reduction context - this.red = null; - - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; - } - - this._init(number || 0, base || 10, endian || 'be'); - } - } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; + /** + * Shallow clone + * @return {Subkey} + */ + clone() { + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.bindingSignatures = [...this.bindingSignatures]; + subkey.revocationSignatures = [...this.revocationSignatures]; + return subkey; } - BN.BN = BN; - BN.wordSize = 26; - - var Buffer; - try { - Buffer = void('buffer').Buffer; - } catch (e) { + /** + * Checks if a binding signature of a subkey is revoked + * @param {SignaturePacket} signature - The binding signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the binding signature is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked( + primaryKey, enums.signature.subkeyRevocation, { + key: primaryKey, + bind: this.keyPacket + }, this.revocationSignatures, signature, key, date, config$1 + ); } - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; - - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; - - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); - } - - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } - - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - } - - if (base === 16) { - this._parseHex(number, start); - } else { - this._parseBase(number, base, start); - } - - if (number[0] === '-') { - this.negative = 1; - } - - this.strip(); - - if (endian !== 'le') return; - - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } - - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } + /** + * Verify subkey. Checks for revocation signatures, expiration time + * and valid binding signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} if the subkey is invalid. + * @async + */ + async verify(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + // check subkey binding signatures + const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + // check binding signature is not revoked + if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { + throw new Error('Subkey is revoked'); } - return this.strip(); - }; - - function parseHex (str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r <<= 4; - - // 'a' - 'f' - if (c >= 49 && c <= 54) { - r |= c - 49 + 0xa; - - // 'A' - 'F' - } else if (c >= 17 && c <= 22) { - r |= c - 17 + 0xa; - - // '0' - '9' - } else { - r |= c & 0xf; - } + // check for expiration time + if (isDataExpired(this.keyPacket, bindingSignature, date)) { + throw new Error('Subkey is expired'); } - return r; + return bindingSignature; } - BN.prototype._parseHex = function _parseHex (number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (i = number.length - 6, j = 0; i >= start; i -= 6) { - w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } - } - if (i + 6 !== start) { - w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - } - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; - - // '0' - '9' - } else { - r += c; - } + /** + * Returns the expiration time of the subkey or Infinity if key does not expire. + * Returns null if the subkey is invalid. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + let bindingSignature; + try { + bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + } catch (e) { + return null; } - return r; + const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); + const sigExpiry = bindingSignature.getExpirationTime(); + return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; } - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; + /** + * Update subkey with new components from specified subkey + * @param {Subkey} subkey - Source subkey to merge + * @param {Date} [date] - Date to verify validity of signatures + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if update failed + * @async + */ + async update(subkey, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + if (!this.hasSameFingerprintAs(subkey)) { + throw new Error('Subkey update method: fingerprints of subkeys not equal'); } - limbLen--; - limbPow = (limbPow / base) | 0; - - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; - - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } + // key packet + if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && + subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { + this.keyPacket = subkey.keyPacket; } - - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); - - for (i = 0; i < mod; i++) { - pow *= base; + // update missing binding signatures + const that = this; + const dataToVerify = { key: primaryKey, bind: that.keyPacket }; + await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { + for (let i = 0; i < that.bindingSignatures.length; i++) { + if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { + if (srcBindSig.created > that.bindingSignatures[i].created) { + that.bindingSignatures[i] = srcBindSig; + } + return false; + } } - - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); + try { + await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); + return true; + } catch (e) { + return false; } - } - }; - - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; - } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; - } - return this; - }; - - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; - } - return this._normSign(); - }; - - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; - } - return this; - }; + }); + // revocation signatures + await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); + }); + } - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; + /** + * Revokes the subkey + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New subkey with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { key: primaryKey, bind: this.keyPacket }; + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.subkeyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await subkey.update(this); + return subkey; + } - /* + hasSameFingerprintAs(other) { + return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + } + } - var zeros = []; - var groupSizes = []; - var groupBases = []; + ['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { + Subkey.prototype[name] = + function() { + return this.keyPacket[name](); + }; + }); - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; - } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; + // A key revocation certificate can contain the following packets + const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); + const keyPacketTags = new Set([ + enums.packet.publicKey, enums.packet.privateKey, + enums.packet.publicSubkey, enums.packet.privateSubkey + ]); - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; + /** + * Abstract class that represents an OpenPGP key. Must contain a primary key. + * Can contain additional subkeys, signatures, user ids, user attributes. + * @borrows PublicKeyPacket#getKeyID as Key#getKeyID + * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint + * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs + * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo + * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + */ + class Key { + /** + * Transforms packetlist to structured key data + * @param {PacketList} packetlist - The packets that form a key + * @param {Set} disallowedPackets - disallowed packet tags + */ + packetListToStructure(packetlist, disallowedPackets = new Set()) { + let user; + let primaryKeyID; + let subkey; + let ignoreUntil; - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; + for (const packet of packetlist) { - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; + if (packet instanceof UnparseablePacket) { + const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); + if (isUnparseableKeyPacket && !ignoreUntil) { + // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must + // discard all non-key packets that follow, until another (sub)key packet is found. + if (mainKeyPacketTags.has(packet.tag)) { + ignoreUntil = mainKeyPacketTags; + } else { + ignoreUntil = keyPacketTags; + } } + continue; } - if (this.isZero()) { - out = '0' + out; + + const tag = packet.constructor.tag; + if (ignoreUntil) { + if (!ignoreUntil.has(tag)) continue; + ignoreUntil = null; } - while (out.length % padding !== 0) { - out = '0' + out; + if (disallowedPackets.has(tag)) { + throw new Error(`Unexpected packet type: ${tag}`); } - if (this.negative !== 0) { - out = '-' + out; + switch (tag) { + case enums.packet.publicKey: + case enums.packet.secretKey: + if (this.keyPacket) { + throw new Error('Key block contains multiple keys'); + } + this.keyPacket = packet; + primaryKeyID = this.getKeyID(); + if (!primaryKeyID) { + throw new Error('Missing Key ID'); + } + break; + case enums.packet.userID: + case enums.packet.userAttribute: + user = new User(packet, this); + this.users.push(user); + break; + case enums.packet.publicSubkey: + case enums.packet.secretSubkey: + user = null; + subkey = new Subkey(packet, this); + this.subkeys.push(subkey); + break; + case enums.packet.signature: + switch (packet.signatureType) { + case enums.signature.certGeneric: + case enums.signature.certPersona: + case enums.signature.certCasual: + case enums.signature.certPositive: + if (!user) { + util.printDebug('Dropping certification signatures without preceding user packet'); + continue; + } + if (packet.issuerKeyID.equals(primaryKeyID)) { + user.selfCertifications.push(packet); + } else { + user.otherCertifications.push(packet); + } + break; + case enums.signature.certRevocation: + if (user) { + user.revocationSignatures.push(packet); + } else { + this.directSignatures.push(packet); + } + break; + case enums.signature.key: + this.directSignatures.push(packet); + break; + case enums.signature.subkeyBinding: + if (!subkey) { + util.printDebug('Dropping subkey binding signature without preceding subkey packet'); + continue; + } + subkey.bindingSignatures.push(packet); + break; + case enums.signature.keyRevocation: + this.revocationSignatures.push(packet); + break; + case enums.signature.subkeyRevocation: + if (!subkey) { + util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); + continue; + } + subkey.revocationSignatures.push(packet); + break; + } + break; } - return out; } + } - assert(false, 'Base should be between 2 and 36'); - }; - - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; - - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; - - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; - - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; - - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); + /** + * Transforms structured key data to packetlist + * @returns {PacketList} The packets that form a key. + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.directSignatures); + this.users.map(user => packetlist.push(...user.toPacketList())); + this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); + return packetlist; + } - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); + /** + * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. + * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. + * @returns {Promise} Clone of the key. + */ + clone(clonePrivateParams = false) { + const key = new this.constructor(this.toPacketList()); + if (clonePrivateParams) { + key.getKeys().forEach(k => { + // shallow clone the key packets + k.keyPacket = Object.create( + Object.getPrototypeOf(k.keyPacket), + Object.getOwnPropertyDescriptors(k.keyPacket) + ); + if (!k.keyPacket.isDecrypted()) return; + // deep clone the private params, which are cleared during encryption + const privateParams = {}; + Object.keys(k.keyPacket.privateParams).forEach(name => { + privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); + }); + k.keyPacket.privateParams = privateParams; + }); + } + return key; + } - res[i] = b; - } + /** + * Returns an array containing all public or private subkeys matching keyID; + * If no keyID is given, returns all subkeys. + * @param {type/keyID} [keyID] - key ID to look for + * @returns {Array} array of subkeys + */ + getSubkeys(keyID = null) { + const subkeys = this.subkeys.filter(subkey => ( + !keyID || subkey.getKeyID().equals(keyID, true) + )); + return subkeys; + } - for (; i < reqLength; i++) { - res[i] = 0; - } + /** + * Returns an array containing all public or private keys matching keyID. + * If no keyID is given, returns all keys, starting with the primary key. + * @param {type/keyid~KeyID} [keyID] - key ID to look for + * @returns {Array} array of keys + */ + getKeys(keyID = null) { + const keys = []; + if (!keyID || this.getKeyID().equals(keyID, true)) { + keys.push(this); } + return keys.concat(this.getSubkeys(keyID)); + } - return res; - }; - - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; - } - if (t >= 0x8) { - r += 4; - t >>>= 4; - } - if (t >= 0x02) { - r += 2; - t >>>= 2; - } - return r + t; - }; + /** + * Returns key IDs of all keys + * @returns {Array} + */ + getKeyIDs() { + return this.getKeys().map(key => key.getKeyID()); } - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; + /** + * Returns userIDs + * @returns {Array} Array of userIDs. + */ + getUserIDs() { + return this.users.map(user => { + return user.userID ? user.userID.userID : null; + }).filter(userID => userID !== null); + } - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; + /** + * Returns binary encoded key + * @returns {Uint8Array} Binary key. + */ + write() { + return this.toPacketList().write(); + } + + /** + * Returns last created key or key by given keyID that is available for signing and verification + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} signing key + * @throws if no valid signing key was found + * @async + */ + async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - if ((t & 0x1) === 0) { - r++; + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature( + subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 + ); + if (!validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + continue; + } + if (!bindingSignature.embeddedSignature) { + throw new Error('Missing embedded signature'); + } + // verify embedded signature + await getLatestValidSignature( + [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 + ); + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } catch (e) { + exception = e; + } + } } - return r; - }; - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; - - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; + try { + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateSigningKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } - - return w; + throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); } - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; - - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; - } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); + /** + * Returns last created key or key by given keyID that is available for encryption or decryption + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} encryption key + * @throws if no valid encryption key was found + * @async + */ + async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - return this.clone(); - }; - - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); + // V4: by convention subkeys are preferred for encryption service + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } + } catch (e) { + exception = e; + } + } } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; - - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; + try { + // if no valid subkey for encryption, evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateEncryptionKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } + throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + } - return this; - }; + /** + * Checks if a signature on a key is revoked + * @param {SignaturePacket} signature - The signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + return isDataRevoked( + this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 + ); + } - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; + /** + * Verify primary key. Checks for revocation signatures, expiration time + * and valid self signature. Throws if the primary key is invalid. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} If key verification failed + * @async + */ + async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + // check for key revocation signatures + if (await this.isRevoked(null, null, date, config$1)) { + throw new Error('Primary key is revoked'); } - - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; + // check for valid, unrevoked, unexpired self signature + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + // check for expiration time in binding signatures + if (isDataExpired(primaryKey, selfCertification, date)) { + throw new Error('Primary key is expired'); } + if (primaryKey.version !== 6) { + // check for expiration time in direct signatures (for V6 keys, the above already did so) + const directSignature = await getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; - - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; + if (directSignature && isDataExpired(primaryKey, directSignature, date)) { + throw new Error('Primary key is expired'); + } } + } - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; + /** + * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. + * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. + * @param {Object} [userID] - User ID to consider instead of the primary user + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(userID, config$1 = config) { + let primaryKeyExpiry; + try { + const selfCertification = await this.getPrimarySelfSignature(null, userID, config$1); + const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); + const selfSigExpiry = selfCertification.getExpirationTime(); + const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature. + await getLatestValidSignature( + this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 + ).catch(() => {}); + if (directSignature) { + const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); + // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, + // causing a discountinous validy period for the key + primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); + } else { + primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; + } + } catch (e) { + primaryKeyExpiry = null; } - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; - - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; - - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; + return util.normalizeDate(primaryKeyExpiry); + } - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; + /** + * For V4 keys, returns the self-signature of the primary user. + * For V5 keys, returns the latest valid direct-key self-signature. + * This self-signature is to be used to check the key expiration, + * algorithm preferences, and so on. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} The primary self-signature + * @async + */ + async getPrimarySelfSignature(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + if (primaryKey.version === 6) { + return getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ); } + const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + return selfCertification; + } - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + /** + * Returns primary user and most significant (latest valid) self signature + * - if multiple primary users exist, returns the one with the latest self signature + * - otherwise, returns the user with the latest self signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * user: User, + * selfCertification: SignaturePacket + * }>} The primary user and the self signature + * @async + */ + async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const users = []; + let exception; + for (let i = 0; i < this.users.length; i++) { + try { + const user = this.users[i]; + if (!user.userID) { + continue; + } + if ( + (userID.name !== undefined && user.userID.name !== userID.name) || + (userID.email !== undefined && user.userID.email !== userID.email) || + (userID.comment !== undefined && user.userID.comment !== userID.comment) + ) { + throw new Error('Could not find user that matches that user ID'); + } + const dataToVerify = { userID: user.userID, key: primaryKey }; + const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); + users.push({ index: i, user, selfCertification }); + } catch (e) { + exception = e; } } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; + if (!users.length) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('Could not find primary user'); } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); + await Promise.all(users.map(async function (a) { + return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); + })); + // sort by primary user flag and signature creation time + const primaryUser = users.sort(function(a, b) { + const A = a.selfCertification; + const B = b.selfCertification; + return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; + }).pop(); + const { user, selfCertification: cert } = primaryUser; + if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { + throw new Error('Primary user is revoked'); } + return primaryUser; + } - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); + /** + * Update key with new components from specified key with same key ID: + * users, subkeys, certificates are merged into the destination key, + * duplicates and expired signatures are ignored. + * + * If the source key is a private key and the destination key is public, + * a private key is returned. + * @param {Key} sourceKey - Source key to merge + * @param {Date} [date] - Date to verify validity of signatures and keys + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} updated key + * @async + */ + async update(sourceKey, date = new Date(), config$1 = config) { + if (!this.hasSameFingerprintAs(sourceKey)) { + throw new Error('Primary key fingerprints must be equal to update the key'); } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + if (!this.isPrivate() && sourceKey.isPrivate()) { + // check for equal subkey packets + const equal = (this.subkeys.length === sourceKey.subkeys.length) && + (this.subkeys.every(destSubkey => { + return sourceKey.subkeys.some(srcSubkey => { + return destSubkey.hasSameFingerprintAs(srcSubkey); + }); + })); + if (!equal) { + throw new Error('Cannot update public key with private key if subkeys mismatch'); } - } - return this; - }; - - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; + return sourceKey.update(this, config$1); } + // from here on, either: + // - destination key is private, source key is public + // - the keys are of the same type + // hence we don't need to convert the destination key type + const updatedKey = this.clone(); + // revocation signatures + await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { + return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); + }); + // direct signatures + await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); + // update users + await Promise.all(sourceKey.users.map(async srcUser => { + // multiple users with the same ID/attribute are not explicitly disallowed by the spec + // hence we support them, just in case + const usersToUpdate = updatedKey.users.filter(dstUser => ( + (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || + (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) + )); + if (usersToUpdate.length > 0) { + await Promise.all( + usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) + ); + } else { + const newUser = srcUser.clone(); + newUser.mainKey = updatedKey; + updatedKey.users.push(newUser); + } + })); + // update subkeys + await Promise.all(sourceKey.subkeys.map(async srcSubkey => { + // multiple subkeys with same fingerprint might be preset + const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( + dstSubkey.hasSameFingerprintAs(srcSubkey) + )); + if (subkeysToUpdate.length > 0) { + await Promise.all( + subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) + ); + } else { + const newSubkey = srcSubkey.clone(); + newSubkey.mainKey = updatedKey; + updatedKey.subkeys.push(newSubkey); + } + })); - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; + return updatedKey; + } - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } + /** + * Get revocation certificate from a revoked key. + * (To get a revocation certificate for an unrevoked key, call revoke() first.) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Armored revocation certificate. + * @async + */ + async getRevocationCertificate(date = new Date(), config$1 = config) { + const dataToVerify = { key: this.keyPacket }; + const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); + const packetlist = new PacketList(); + packetlist.push(revocationSignature); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config$1); + } - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; + /** + * Applies a revocation certificate to a key + * This adds the first signature packet in the armored text to the key, + * if it is a valid revocation signature. + * @param {String} revocationCertificate - armored revocation certificate + * @param {Date} [date] - Date to verify the certificate + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Revoked key. + * @async + */ + async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { + const input = await unarmor(revocationCertificate); + const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); + const revocationSignature = packetlist.findPacket(enums.packet.signature); + if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { + throw new Error('Could not find revocation signature packet'); } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { + throw new Error('Revocation signature does not match key'); } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + try { + await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); + } catch (e) { + throw util.wrapError('Could not verify revocation signature', e); } + const key = this.clone(); + key.revocationSignatures.push(revocationSignature); + return key; + } - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } + /** + * Signs primary user of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signPrimaryUser(privateKeys, date, userID, config$1 = config) { + const { index, user } = await this.getPrimaryUser(date, userID, config$1); + const userSign = await user.certify(privateKeys, date, config$1); + const key = this.clone(); + key.users[index] = userSign; + return key; + } + + /** + * Signs all users of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for signing, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signAllUsers(privateKeys, date = new Date(), config$1 = config) { + const key = this.clone(); + key.users = await Promise.all(this.users.map(function(user) { + return user.certify(privateKeys, date, config$1); + })); + return key; + } + + /** + * Verifies primary user of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { + const primaryKey = this.keyPacket; + const { user } = await this.getPrimaryUser(date, userID, config$1); + const results = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + return results; + } - this.length = Math.max(this.length, i); + /** + * Verifies all users of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of userID, signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { + const primaryKey = this.keyPacket; + const results = []; + await Promise.all(this.users.map(async user => { + const signatures = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - if (a !== this) { - this.negative = 1; - } + results.push(...signatures.map( + signature => ({ + userID: user.userID ? user.userID.userID : null, + userAttribute: user.userAttribute, + keyID: signature.keyID, + valid: signature.valid + })) + ); + })); + return results; + } + } - return this.strip(); - }; + ['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { + Key.prototype[name] = + Subkey.prototype[name]; + }); - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; + /** + * Class that represents an OpenPGP Public Key + */ + class PublicKey extends Key { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.keyPacket = null; + this.revocationSignatures = []; + this.directSignatures = []; + this.users = []; + this.subkeys = []; + if (packetlist) { + this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing public-key packet'); } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; } - - return out.strip(); } - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); + /** + * Returns true if this is a private key + * @returns {false} + */ + isPrivate() { + return false; } - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + return this; } - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } + } - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; + /** + * Class that represents an OpenPGP Private key + */ + class PrivateKey extends PublicKey { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing private-key packet'); } + } - return rb; - }; + /** + * Returns true if this is a private key + * @returns {Boolean} + */ + isPrivate() { + return true; + } - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + const packetlist = new PacketList(); + const keyPackets = this.toPacketList(); + for (const keyPacket of keyPackets) { + switch (keyPacket.constructor.tag) { + case enums.packet.secretKey: { + const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); + packetlist.push(pubKeyPacket); + break; + } + case enums.packet.secretSubkey: { + const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); + packetlist.push(pubSubkeyPacket); + break; + } + default: + packetlist.push(keyPacket); + } } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; + return new PublicKey(packetlist); + } - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; + /** + * Returns all keys that are available for decryption, matching the keyID when given + * This is useful to retrieve keys for session key decryption + * @param {module:type/keyid~KeyID} keyID, optional + * @param {Date} date, optional + * @param {String} userID, optional + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} Array of decryption keys. + * @throws {Error} if no decryption key is found + * @async + */ + async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const keys = []; + let exception = null; + for (let i = 0; i < this.subkeys.length; i++) { + if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { + if (this.subkeys[i].keyPacket.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + continue; + } - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; + try { + const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; + const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config$1)) { + keys.push(this.subkeys[i]); } + } catch (e) { + exception = e; } } } - }; - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; + // evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && validateDecryptionKeyPacket(primaryKey, selfCertification, config$1)) { + if (primaryKey.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + } else { + keys.push(this); + } } - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; + if (keys.length === 0) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('No decryption key packets found'); + } - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; + return keys; + } - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; + /** + * Returns true if the primary key or any subkey is decrypted. + * A dummy key is considered encrypted. + */ + isDecrypted() { + return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); + } - t = iws[i]; + /** + * Check whether the private and public primary key parameters correspond + * Together with verification of binding signatures, this guarantees key integrity + * In case of gnu-dummy primary key, it is enough to validate any signing subkeys + * otherwise all encryption subkeys are validated + * If only gnu-dummy keys are found, we cannot properly validate so we throw an error + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if validation was not successful and the key cannot be trusted + * @async + */ + async validate(config$1 = config) { + if (!this.isPrivate()) { + throw new Error('Cannot validate a public key'); + } - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; + let signingKeyPacket; + if (!this.keyPacket.isDummy()) { + signingKeyPacket = this.keyPacket; + } else { + /** + * It is enough to validate any signing keys + * since its binding signatures are also checked + */ + const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); + // This could again be a dummy key + if (signingKey && !signingKey.keyPacket.isDummy()) { + signingKeyPacket = signingKey.keyPacket; + } } - }; - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; + if (signingKeyPacket) { + return signingKeyPacket.validate(); + } else { + const keys = this.getKeys(); + const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); + if (allDummies) { + throw new Error('Cannot validate an all-gnu-dummy key'); + } - ws[i] = w & 0x3ffffff; + return Promise.all(keys.map(async key => key.keyPacket.validate())); + } + } - if (w < 0x4000000) { - carry = 0; - } else { - carry = w / 0x4000000 | 0; + /** + * Clear private key parameters + */ + clearPrivateParams() { + this.getKeys().forEach(({ keyPacket }) => { + if (keyPacket.isDecrypted()) { + keyPacket.clearPrivateParams(); } - } + }); + } - return ws; - }; + /** + * Revokes the key + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New key with revocation signature. + * @async + */ + async revoke( + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + if (!this.isPrivate()) { + throw new Error('Need private key for revoking'); + } + const dataToSign = { key: this.keyPacket }; + const key = this.clone(); + key.revocationSignatures.push(await createSignaturePacket(dataToSign, [], this.keyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, undefined, config$1)); + return key; + } - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; + /** + * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. + * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519. + * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. + * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format). + * Note: Curve448 and Curve25519 are not widely supported yet. + * @param {String} options.curve (optional) Elliptic curve for ECC keys + * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date (optional) Override the creation date of the key and the key signatures + * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false + * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} + * @async + */ + async addSubkey(options = {}) { + const config$1 = { ...config, ...options.config }; + if (options.passphrase) { + throw new Error('Subkey could not be encrypted here, please encrypt whole key'); } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; + if (options.rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; + const secretKeyPacket = this.keyPacket; + if (secretKeyPacket.isDummy()) { + throw new Error('Cannot add subkey to gnu-dummy primary key'); } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; + if (!secretKeyPacket.isDecrypted()) { + throw new Error('Key is not decrypted'); } + const defaultOptions = secretKeyPacket.getAlgorithmInfo(); + defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm); + defaultOptions.rsaBits = defaultOptions.bits || 4096; + defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy'; + options = sanitizeKeyOptions(options, defaultOptions); + // Every subkey for a v4 primary key MUST be a v4 subkey. + // Every subkey for a v6 primary key MUST be a v6 subkey. + // For v5 keys, since we dropped generation support, a v4 subkey is added. + // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user. + const keyPacket = await generateSecretSubkey(options, { ...config$1, v6Keys: this.keyPacket.version === 6 }); + checkKeyRequirements(keyPacket, config$1); + const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); + const packetList = this.toPacketList(); + packetList.push(keyPacket, bindingSignature); + return new PrivateKey(packetList); + } + } - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; + function getDefaultSubkeyType(algoName) { + const algo = enums.write(enums.publicKey, algoName); + // NB: no encryption-only algos, since they cannot be in primary keys + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + return 'rsa'; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return 'ecc'; + case enums.publicKey.ed25519: + return 'curve25519'; + case enums.publicKey.ed448: + return 'curve448'; + default: + throw new Error('Unsupported algorithm'); + } + } - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2015-2016 Decentral + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } + // A Key can contain the following packets + const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ + PublicKeyPacket, + PublicSubkeyPacket, + SecretKeyPacket, + SecretSubkeyPacket, + UserIDPacket, + UserAttributePacket, + SignaturePacket + ]); - if (carry !== 0) { - this.words[i] = carry; - this.length++; + /** + * Creates a PublicKey or PrivateKey depending on the packetlist in input + * @param {PacketList} - packets to parse + * @return {Key} parsed key + * @throws if no key packet was found + */ + function createKey(packetlist) { + for (const packet of packetlist) { + switch (packet.constructor.tag) { + case enums.packet.secretKey: + return new PrivateKey(packetlist); + case enums.packet.publicKey: + return new PublicKey(packetlist); } + } + throw new Error('No key packet found'); + } - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; + /** + * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format). + * @param {String} options.curve Elliptic curve for ECC keys + * @param {Integer} options.rsaBits Number of bits for RSA keys + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Creation date of the key and the key signatures + * @param {Object} config - Full configuration + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ + async function generate(options, config) { + options.sign = true; // primary key is always a signing key + options = sanitizeKeyOptions(options); + options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); + let promises = [generateSecretKey(options, config)]; + promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); + const packets = await Promise.all(promises); - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; + const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; + } - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); + /** + * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. + * @param {PrivateKey} options.privateKey The private key to reformat + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Override the creation date of the key signatures + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * @param {Object} config - Full configuration + * + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ + async function reformat(options, config) { + options = sanitize(options); + const { privateKey } = options; - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; - } + if (!privateKey.isPrivate()) { + throw new Error('Cannot reformat a public key'); + } - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; + if (privateKey.keyPacket.isDummy()) { + throw new Error('Cannot reformat a gnu-dummy primary key'); + } - res = res.mul(q); - } - } + const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); + if (!isDecrypted) { + throw new Error('Key is not decrypted'); + } - return res; - }; + const secretKeyPacket = privateKey.keyPacket; - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); - } + if (!options.subkeys) { + options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { + const secretSubkeyPacket = subkey.keyPacket; + const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; + const bindingSignature = await ( + getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) + ).catch(() => ({})); + return { + sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) + }; + })); + } - if (carry) { - this.words[i] = carry; - this.length++; - } - } + const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); + if (options.subkeys.length !== secretSubkeyPackets.length) { + throw new Error('Number of subkey options does not match number of subkeys'); + } - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } + options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); - for (i = 0; i < s; i++) { - this.words[i] = 0; - } + const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; - this.length += s; - } + function sanitize(options, subkeyDefaults = {}) { + options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; - return this.strip(); - }; + return options; + } + } - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; + /** + * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection + * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. + * @param {SecretKeyPacket} secretKeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPackets + * @param {Object} options + * @param {Object} config - Full configuration + * @returns {PrivateKey} + */ + async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { + // set passphrase protection + if (options.passphrase) { + await secretKeyPacket.encrypt(options.passphrase, config); + } - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + await secretSubkeyPacket.encrypt(subkeyPassphrase, config); } + })); - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; - } + const packetlist = new PacketList(); + packetlist.push(secretKeyPacket); - if (s === 0) ; else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; - } + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; + function getKeySignatureProperties() { + const signatureProperties = {}; + signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; + const symmetricAlgorithms = createPreferredAlgos([ + // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support) + enums.symmetric.aes256, + enums.symmetric.aes128 + ], config.preferredSymmetricAlgorithm); + signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms; + if (config.aeadProtect) { + const aeadAlgorithms = createPreferredAlgos([ + enums.aead.gcm, + enums.aead.eax, + enums.aead.ocb + ], config.preferredAEADAlgorithm); + signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => { + return symmetricAlgorithms.map(symmetricAlgorithm => { + return [symmetricAlgorithm, aeadAlgorithm]; + }); + }); } - - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; + signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ + // prefer fast asm.js implementations (SHA-256) + enums.hash.sha256, + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 + ], config.preferredHashAlgorithm); + signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ + enums.compression.uncompressed, + enums.compression.zlib, + enums.compression.zip + ], config.preferredCompressionAlgorithm); + // integrity protection always enabled + signatureProperties.features = [0]; + signatureProperties.features[0] |= enums.features.modificationDetection; + if (config.aeadProtect) { + signatureProperties.features[0] |= enums.features.seipdv2; } - - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; } + return signatureProperties; + } - return this.strip(); - }; + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certPositive; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; + } - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; + return { userIDPacket, signaturePacket }; + })).then(list => { + list.forEach(({ userIDPacket, signaturePacket }) => { + packetlist.push(userIDPacket); + packetlist.push(signaturePacket); + }); + }); - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyOptions = options.subkeys[index]; + const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); + return { secretSubkeyPacket, subkeySignaturePacket }; + })).then(packets => { + packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { + packetlist.push(secretSubkeyPacket); + packetlist.push(subkeySignaturePacket); + }); + }); - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; + // Add revocation signature packet for creating a revocation certificate. + // This packet should be removed before returning the key. + const dataToSign = { key: secretKeyPacket }; + packetlist.push(await createSignaturePacket(dataToSign, [], secretKeyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.reasonForRevocation.noReason, + reasonForRevocationString: '' + }, options.date, undefined, undefined, undefined, config)); - // Check bit and return - var w = this.words[s]; + if (options.passphrase) { + secretKeyPacket.clearPrivateParams(); + } - return !!(w & q); - }; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + secretSubkeyPacket.clearPrivateParams(); + } + })); - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; + return new PrivateKey(packetlist); + } - assert(this.negative === 0, 'imaskn works only with positive numbers'); + /** + * Reads an (optionally armored) OpenPGP key and returns a key object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ + async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (this.length <= s) { - return this; + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { + throw new Error('Armored text not of type key'); } + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]); + return createKey(firstKeyPacketList); + } - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); + /** + * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ + async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readPrivateKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.privateKey)) { + throw new Error('Armored text not of type private key'); } - - return this.strip(); - }; - - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; - - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } - - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; } + const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + return new PrivateKey(firstPrivateKeyList); + } + throw new Error('No secret key packet found'); + } - // Add without checks - return this._iaddn(num); - }; - - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; + /** + * Reads an (optionally armored) OpenPGP key block and returns a list of key objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ + async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { + throw new Error('Armored text not of type key'); } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + for (let i = 0; i < keyIndex.length; i++) { + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = createKey(oneKeyList); + keys.push(newKey); + } + return keys; + } - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; + /** + * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ + async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readPrivateKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); + } + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.privateKey) { + throw new Error('Armored text not of type private key'); } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; } + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = new PrivateKey(oneKeyList); + keys.push(newKey); + } + if (keys.length === 0) { + throw new Error('No secret key packet found'); + } + return keys; + } - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return this; - }; - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; + // A Message can contain the following packets + const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + AEADEncryptedDataPacket, + SymEncryptedIntegrityProtectedDataPacket, + SymmetricallyEncryptedDataPacket, + PublicKeyEncryptedSessionKeyPacket, + SymEncryptedSessionKeyPacket, + OnePassSignaturePacket, + SignaturePacket + ]); + // A SKESK packet can contain the following packets + const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); + // A detached signature can contain the following packets + const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; + /** + * Class that represents an OpenPGP message. + * Can be an encrypted message, signed message, compressed message or literal message + * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + */ + class Message { + /** + * @param {PacketList} packetlist - The packets that form this message + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } - this._expand(len); + /** + * Returns the key IDs of the keys to which the session key is encrypted + * @returns {Array} Array of keyID objects. + */ + getEncryptionKeyIDs() { + const keyIDs = []; + const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + pkESKeyPacketlist.forEach(function(packet) { + keyIDs.push(packet.publicKeyID); + }); + return keyIDs; + } - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; + /** + * Returns the key IDs of the keys that signed the message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const msg = this.unwrapCompressed(); + // search for one pass signatures + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); + if (onePassSigList.length > 0) { + return onePassSigList.map(packet => packet.issuerKeyID); } + // if nothing found look for signature packets + const signatureList = msg.packets.filterByTag(enums.packet.signature); + return signatureList.map(packet => packet.issuerKeyID); + } - if (carry === 0) return this.strip(); + /** + * Decrypt the message. Either a private key, a session key, or a password must be specified. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Date} [date] - Use the given date for key verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with decrypted content. + * @async + */ + async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { + const symEncryptedPacketlist = this.packets.filterByTag( + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ); - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; + if (symEncryptedPacketlist.length === 0) { + throw new Error('No encrypted data found'); } - this.negative = 1; - - return this.strip(); - }; - - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; - var a = this.clone(); - var b = num; - - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; - } + const symEncryptedPacket = symEncryptedPacketlist[0]; + const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm; - // Initialize quotient - var m = a.length - b.length; - var q; + const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config$1); - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; + let exception = null; + const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { + if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) { + throw new Error('Invalid session key for decryption.'); } - } - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; + try { + const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.decrypt(algo, data, config$1); + } catch (e) { + util.printDebugError(e); + exception = e; } + })); + // We don't await stream.cancel here because it only returns when the other copy is canceled too. + cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. + symEncryptedPacket.encrypted = null; + await decryptedPromise; + + if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { + throw exception || new Error('Decryption failed.'); } - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); + const resultMsg = new Message(symEncryptedPacket.packets); + symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); + return resultMsg; + } - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } + /** + * Decrypt encrypted session keys either with private keys or passwords. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable) + * @param {Date} [date] - Use the given date for key verification, instead of current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * @async + */ + async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config$1 = config) { + let decryptedSessionKeyPackets = []; + + let exception; + if (passwords) { + const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); + if (skeskPackets.length === 0) { + throw new Error('No symmetrically encrypted session key packet found.'); } - if (q) { - q.words[j] = qj; + await Promise.all(passwords.map(async function(password, i) { + let packets; + if (i) { + packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); + } else { + packets = skeskPackets; + } + await Promise.all(packets.map(async function(skeskPacket) { + try { + await skeskPacket.decrypt(password); + decryptedSessionKeyPackets.push(skeskPacket); + } catch (err) { + util.printDebugError(err); + if (err instanceof Argon2OutOfMemoryError) { + exception = err; + } + } + })); + })); + } else if (decryptionKeys) { + const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + if (pkeskPackets.length === 0) { + throw new Error('No public key encrypted session key packet found.'); } - } - if (q) { - q.strip(); - } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); - } - - return { - div: q || null, - mod: a - }; - }; + await Promise.all(pkeskPackets.map(async function(pkeskPacket) { + await Promise.all(decryptionKeys.map(async function(decryptionKey) { + let decryptionKeyPackets; + try { + // do not check key expiration to allow decryption of old messages + decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); + } catch (err) { + exception = err; + return; + } - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); + let algos = [ + enums.symmetric.aes256, // Old OpenPGP.js default fallback + enums.symmetric.aes128, // RFC4880bis fallback + enums.symmetric.tripledes, // RFC4880 fallback + enums.symmetric.cast5 // Golang OpenPGP fallback + ]; + try { + const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config$1); // TODO: Pass userID from somewhere. + if (selfCertification.preferredSymmetricAlgorithms) { + algos = algos.concat(selfCertification.preferredSymmetricAlgorithms); + } + } catch (e) {} - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; - } + await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { + if (!decryptionKeyPacket.isDecrypted()) { + throw new Error('Decryption key is not decrypted.'); + } - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); + // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. + const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal + ); - if (mode !== 'mod') { - div = res.div.neg(); - } + if (doConstantTimeDecryption) { + // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, + // either with the successfully decrypted session key, or with a randomly generated one. + // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on + // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: + // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the + // randomly generated keys of the remaining key types. + // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly + // generated session keys. + // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } + const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times + await Promise.all(( + expectedSymmetricAlgorithm ? + [expectedSymmetricAlgorithm] : + Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms) + ).map(async sessionKeyAlgorithm => { + const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); + pkeskPacketCopy.read(serialisedPKESK); + const randomSessionKey = { + sessionKeyAlgorithm, + sessionKey: mod$1.generateSessionKey(sessionKeyAlgorithm) + }; + try { + await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); + decryptedSessionKeyPackets.push(pkeskPacketCopy); + } catch (err) { + // `decrypt` can still throw some non-security-sensitive errors + util.printDebugError(err); + exception = err; + } + })); - return { - div: div, - mod: mod - }; + } else { + try { + await pkeskPacket.decrypt(decryptionKeyPacket); + const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm; + if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) { + throw new Error('A non-preferred symmetric algorithm was used.'); + } + decryptedSessionKeyPackets.push(pkeskPacket); + } catch (err) { + util.printDebugError(err); + exception = err; + } + } + })); + })); + cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. + pkeskPacket.encrypted = null; + })); + } else { + throw new Error('No key or password specified.'); } - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); - - if (mode !== 'mod') { - div = res.div.neg(); + if (decryptedSessionKeyPackets.length > 0) { + // Return only unique session keys + if (decryptedSessionKeyPackets.length > 1) { + const seen = new Set(); + decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { + const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); + if (seen.has(k)) { + return false; + } + seen.add(k); + return true; + }); } - return { - div: div, - mod: res.mod - }; + return decryptedSessionKeyPackets.map(packet => ({ + data: packet.sessionKey, + algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm) + })); } + throw exception || new Error('Session key decryption failed.'); + } - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); + /** + * Get literal data that is the body of the message + * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + */ + getLiteralData() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getBytes()) || null; + } - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } + /** + * Get filename from literal data packet + * @returns {(String|null)} Filename of literal data packet as string. + */ + getFilename() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getFilename()) || null; + } - return { - div: res.div, - mod: mod - }; + /** + * Get literal data as text + * @returns {(String|null)} Literal body of the message interpreted as text. + */ + getText() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + if (literal) { + return literal.getText(); } + return null; + } - // Both numbers are positive at this point + /** + * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. + * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for + * @param {Date} [date] - Date to select algorithm preferences at + * @param {Array} [userIDs] - User IDs to select algorithm preferences for + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. + * @async + */ + static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { + const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config$1); + const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo); + const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined; - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } + await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() + .catch(() => null) // ignore key strength requirements + .then(maybeKey => { + if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) && + !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted + throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); + } + }) + )); - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; - } + const sessionKeyData = mod$1.generateSessionKey(symmetricAlgo); + return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName }; + } - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; + /** + * Encrypt the message either with public keys, passwords, or both at once. + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - Password(s) for message encryption + * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] + * @param {Date} [date] - Override the creation date of the literal package + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + if (sessionKey) { + if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { + throw new Error('Invalid session key for encryption.'); } - - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; + } else if (encryptionKeys && encryptionKeys.length) { + sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); + } else if (passwords && passwords.length) { + sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); + } else { + throw new Error('No keys, passwords, or session key provided.'); } - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; + const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); + const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; + const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({ + version: aeadAlgorithmName ? 2 : 1, + aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null + }); + symEncryptedPacket.packets = this.packets; - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; + const algorithm = enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; + msg.packets.push(symEncryptedPacket); + symEncryptedPacket.packets = new PacketList(); // remove packets after encryption + return msg; + } - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; - } + /** + * Encrypt a session key either with public keys, passwords, or both at once. + * @param {Uint8Array} sessionKey - session key for encryption + * @param {String} algorithmName - session key algorithm + * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - For message encryption + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [date] - Override the date + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + const packetlist = new PacketList(); + const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName); + const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); - return acc; - }; + if (encryptionKeys) { + const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { + const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); + const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({ + version: aeadAlgorithm ? 6 : 3, + encryptionKeyPacket: encryptionKey.keyPacket, + anonymousRecipient: wildcard, + sessionKey, + sessionKeyAlgorithm: symmetricAlgorithm + }); - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; + await pkESKeyPacket.encrypt(encryptionKey.keyPacket); + delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption + return pkESKeyPacket; + })); + packetlist.push(...results); } + if (passwords) { + const testDecrypt = async function(keyPacket, password) { + try { + await keyPacket.decrypt(password); + return 1; + } catch (e) { + return 0; + } + }; - return this.strip(); - }; + const sum = (accumulator, currentValue) => accumulator + currentValue; - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; + const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { + const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); + symEncryptedSessionKeyPacket.sessionKey = sessionKey; + symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; + if (aeadAlgorithm) { + symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; + } + await symEncryptedSessionKeyPacket.encrypt(password, config$1); - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); + if (config$1.passwordCollisionCheck) { + const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); + if (results.reduce(sum) !== 1) { + return encryptPassword(sessionKey, algorithm, password); + } + } - var x = this; - var y = p.clone(); + delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption + return symEncryptedSessionKeyPacket; + }; - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); + const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd))); + packetlist.push(...results); } - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); - - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); + return new Message(packetlist); + } - var g = 0; + /** + * Sign the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to add to the message + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with signed content. + * @async + */ + async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const packetlist = new PacketList(); - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); } - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } + const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config$1); // this returns the existing signature packets as well + const onePassSignaturePackets = signaturePackets.map( + (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0)) + .reverse(); // innermost OPS refers to the first signature packet - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); - } + packetlist.push(...onePassSignaturePackets); + packetlist.push(literalDataPacket); + packetlist.push(...signaturePackets); - C.iushrn(1); - D.iushrn(1); - } - } + return new Message(packetlist); + } - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } + /** + * Compresses the message (the literal and -if signed- signature data packets of the message) + * @param {module:enums.compression} algo - compression algorithm + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Message} New message with compressed content. + */ + compress(algo, config$1 = config) { + if (algo === enums.compression.uncompressed) { + return this; } - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; + const compressed = new CompressedDataPacket(config$1); + compressed.algorithm = algo; + compressed.packets = this.packets; - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); + const packetList = new PacketList(); + packetList.push(compressed); - var a = this; - var b = p.clone(); + return new Message(packetList); + } - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); + /** + * Create a detached signature for the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New detached signature of message content. + * @async + */ + async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); } + return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config$1)); + } - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } - - x1.iushrn(1); - } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); + /** + * Verify message signatures + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signatures. + * @async + */ + async verify(verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + if (isArrayStream(msg.packets.stream)) { + msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + } + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); + const signatureList = msg.packets.filterByTag(enums.packet.signature); + if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { + await Promise.all(onePassSigList.map(async onePassSig => { + onePassSig.correspondingSig = new Promise((resolve, reject) => { + onePassSig.correspondingSigResolve = resolve; + onePassSig.correspondingSigReject = reject; + }); + onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); + onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); + onePassSig.hashed.catch(() => {}); + })); + msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { + const reader = getReader(readable); + const writer = getWriter(writable); + try { + for (let i = 0; i < onePassSigList.length; i++) { + const { value: signature } = await reader.read(); + onePassSigList[i].correspondingSigResolve(signature); } - - x2.iushrn(1); + await reader.readToEnd(); + await writer.ready; + await writer.close(); + } catch (e) { + onePassSigList.forEach(onePassSig => { + onePassSig.correspondingSigReject(e); + }); + await writer.abort(e); } - } - - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); - } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; - } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); + }); + return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); } + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); + } - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } - - a.isub(b); - } while (true); - - return b.iushln(shift); - }; - - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; - - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; - - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; - - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; - - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; + /** + * Verify detached message signature + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Signature} signature + * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); } + const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); + } - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; + /** + * Unwrap compressed message + * @returns {Message} Message Content of compressed message. + */ + unwrapCompressed() { + const compressed = this.packets.filterByTag(enums.packet.compressedData); + if (compressed.length) { + return new Message(compressed[0].packets); } return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; + } - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; + /** + * Append signature to unencrypted message object + * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async appendSignature(detachedSignature, config$1 = config) { + await this.packets.read( + util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, + allowedDetachedSignaturePackets, + config$1 + ); + } - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; + /** + * Returns binary encoded message + * @returns {ReadableStream} Binary message. + */ + write() { + return this.packets.write(); + } - this.strip(); + /** + * Returns ASCII armored text of message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config$1); + } + } - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } + /** + * Create signature packets for the message + * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign + * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing + * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to append + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creationtime of the signature + * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures + * @param {Boolean} [detached] - Whether to create detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} List of signature packets. + * @async + * @private + */ + async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config$1 = config) { + const packetlist = new PacketList(); - assert(num <= 0x3ffffff, 'Number is too big'); + // If data packet was created from Uint8Array, use binary, otherwise use text + const signatureType = literalDataPacket.text === null ? + enums.signature.binary : enums.signature.text; - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; + await Promise.all(signingKeys.map(async (primaryKey, i) => { + const signingUserID = signingUserIDs[i]; + if (!primaryKey.isPrivate()) { + throw new Error('Need private key for signing'); } - if (this.negative !== 0) return -res | 0; - return res; - }; + const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config$1); + return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config$1); + })).then(signatureList => { + packetlist.push(...signatureList); + }); - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; + if (signature) { + const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); + packetlist.push(...existingSigPacketlist); + } + return packetlist; + } - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; + /** + * Create object containing signer's keyID and validity of signature + * @param {SignaturePacket} signature - Signature packet + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Check signature validity with respect to the given date + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * keyID: module:type/keyid~KeyID, + * signature: Promise, + * verified: Promise + * }>} signer's keyID and validity of signature + * @async + * @private + */ + async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + let primaryKey; + let unverifiedSigningKey; - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } + for (const key of verificationKeys) { + const issuerKeys = key.getKeys(signature.issuerKeyID); + if (issuerKeys.length > 0) { + primaryKey = key; + unverifiedSigningKey = issuerKeys[0]; break; } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; - - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; - - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; - - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; - - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; - - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; - - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; - - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; - - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; - - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; - - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; - return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; - - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; - - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; - - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; - - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; - - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; - - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; - - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; - - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; - - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; + } - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; + const isOnePassSignature = signature instanceof OnePassSignaturePacket; + const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; + const verifiedSig = { + keyID: signature.issuerKeyID, + verified: (async () => { + if (!unverifiedSigningKey) { + throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + } - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); + await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); + const signaturePacket = await signaturePacketPromise; + if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { + throw new Error('Key is newer than the signature'); + } + // We pass the signature creation time to check whether the key was expired at the time of signing. + // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before + try { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); + } catch (e) { + // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, + // making the key invalid at the time of signing. + // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. + // Note: we do not support the edge case of a key that was reformatted and it has expired. + if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + } else { + throw e; + } + } + return true; + })(), + signature: (async () => { + const signaturePacket = await signaturePacketPromise; + const packetlist = new PacketList(); + signaturePacket && packetlist.push(signaturePacket); + return new Signature(packetlist); + })() }; - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; + // Mark potential promise rejections as "handled". This is needed because in + // some cases, we reject them before the user has a reasonable chance to + // handle them (e.g. `await readToEnd(result.data); await result.verified` and + // the data stream errors). + verifiedSig.signature.catch(() => {}); + verifiedSig.verified.catch(() => {}); - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; + return verifiedSig; + } - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); + /** + * Create list of objects containing signer's keyID and validity of signature + * @param {Array} signatureList - Array of signature packets + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} date - Verify the signature against the given date, + * i.e. check signature creation time < date < expiration time + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) + * @async + * @private + */ + async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + return Promise.all(signatureList.filter(function(signature) { + return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); + }).map(async function(signature) { + return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); + })); + } - this.tmp = this._tmp(); + /** + * Reads an (optionally armored) OpenPGP message and returns a Message object + * @param {Object} options + * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed + * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New message object. + * @async + * @static + */ + async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredMessage || binaryMessage; + if (!input) { + throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); + if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { + throw new Error('readMessage: options.armoredMessage must be a string or stream'); } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; + if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { + throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } + const streamType = util.isStream(input); + if (armoredMessage) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.message) { + throw new Error('Armored text not of type message'); } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); + input = data; } - inherits(P224, MPrime); + const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); + const message = new Message(packetlist); + message.fromStream = streamType; + return message; + } - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); + /** + * Creates new message object from text or binary data. + * @param {Object} options + * @param {String | ReadableStream} [options.text] - The text message contents + * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents + * @param {String} [options.filename=""] - Name of the file (if any) + * @param {Date} [options.date=current date] - Date of the message, or modification date of the file + * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type + * @returns {Promise} New message object. + * @async + * @static + */ + async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { + const input = text !== undefined ? text : binary; + if (input === undefined) { + throw new Error('createMessage: must pass options object containing `text` or `binary`'); } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); + if (text && !util.isString(text) && !util.isStream(text)) { + throw new Error('createMessage: options.text must be a string or stream'); + } + if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { + throw new Error('createMessage: options.binary must be a Uint8Array or stream'); } - inherits(P25519, MPrime); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; + const streamType = util.isStream(input); + const literalDataPacket = new LiteralDataPacket(date); + if (text !== undefined) { + literalDataPacket.setText(input, enums.write(enums.literal, format)); + } else { + literalDataPacket.setBytes(input, enums.write(enums.literal, format)); + } + if (filename !== undefined) { + literalDataPacket.setFilename(filename); + } + const literalDataPacketlist = new PacketList(); + literalDataPacketlist.push(literalDataPacket); + const message = new Message(literalDataPacketlist); + message.fromStream = streamType; + return message; + } - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; + // GPG4Browsers - An OpenPGP implementation in javascript + // Copyright (C) 2011 Recurity Labs GmbH + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - return prime; - }; + // A Cleartext message can contain the following packets + const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; + /** + * Class that represents an OpenPGP cleartext signed message. + * See {@link https://tools.ietf.org/html/rfc4880#section-7} + */ + class CleartextMessage { + /** + * @param {String} text - The cleartext of the signed message + * @param {Signature} signature - The detached signature or an empty signature for unsigned messages + */ + constructor(text, signature) { + // remove trailing whitespace and normalize EOL to canonical form + this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); + if (signature && !(signature instanceof Signature)) { + throw new Error('Invalid signature input'); } + this.signature = signature || new Signature(new PacketList()); } - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; + /** + * Returns the key IDs of the keys that signed the cleartext message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const keyIDs = []; + const signatureList = this.signature.packets; + signatureList.forEach(function(packet) { + keyIDs.push(packet.issuerKeyID); + }); + return keyIDs; + } - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; + /** + * Sign the cleartext message + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] + * @param {Date} [date] - The creation time of the signature that should be created + * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New cleartext message with signed content. + * @async + */ + async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const literalDataPacket = new LiteralDataPacket(); + literalDataPacket.setText(this.text); + const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config$1)); + return new CleartextMessage(this.text, newSignature); + } - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; + /** + * Verify signatures of cleartext signed message + * @param {Array} keys - Array of keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verify(keys, date = new Date(), config$1 = config) { + const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + const literalDataPacket = new LiteralDataPacket(); + // we assume that cleartext signature is generated based on UTF8 cleartext + literalDataPacket.setText(this.text); + return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + } - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } + /** + * Get cleartext + * @returns {String} Cleartext of message. + */ + getText() { + // normalize end of line to \n + return this.text.replace(/\r\n/g, '\n'); + } - return this.m.sub(a)._forceRed(this); - }; + /** + * Returns ASCII armored text of cleartext signed message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {String | ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? + Array.from(new Set(this.signature.packets.map( + packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() + ))).join() : + null; - Red.prototype.add = function add (a, b) { - this._verify2(a, b); + const body = { + hash, + text: this.text, + data: this.signature.packets.write() + }; - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config$1); + } + } - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); + /** + * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object + * @param {Object} options + * @param {String} options.cleartextMessage - Text to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New cleartext message object. + * @async + * @static + */ + async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!cleartextMessage) { + throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); + } + if (!util.isString(cleartextMessage)) { + throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; + const input = await unarmor(cleartextMessage); + if (input.type !== enums.armor.signed) { + throw new Error('No cleartext signed message.'); + } + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config$1); + verifyHeaders(input.headers, packetlist); + const signature = new Signature(packetlist); + return new CleartextMessage(input.text, signature); + } - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); + /** + * Compare hash algorithm specified in the armor header with signatures + * @param {Array} headers - Armor headers + * @param {PacketList} packetlist - The packetlist with signature packets + * @private + */ + function verifyHeaders(headers, packetlist) { + const checkHashAlgos = function(hashAlgos) { + const check = packet => algo => packet.hashAlgorithm === algo; - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + for (let i = 0; i < packetlist.length; i++) { + if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { + return false; + } } - return res._forceRed(this); + return true; }; - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + const hashAlgos = []; + headers.forEach(header => { + const hashHeader = header.match(/^Hash: (.+)$/); // get header value + if (hashHeader) { + const parsedHashIDs = hashHeader[1] + .replace(/\s/g, '') // remove whitespace + .split(',') + .map(hashName => { + try { + return enums.write(enums.hash, hashName.toLowerCase()); + } catch (e) { + throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase()); + } + }); + hashAlgos.push(...parsedHashIDs); + } else { + throw new Error('Only "Hash" header allowed in cleartext signed message'); } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; + }); - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; + if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { + throw new Error('Hash algorithm mismatch in armor header and signature'); + } + } - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; + /** + * Creates a new CleartextMessage object from text + * @param {Object} options + * @param {String} options.text + * @static + * @async + */ + async function createCleartextMessage({ text, ...rest }) { + if (!text) { + throw new Error('createCleartextMessage: must pass options object containing `text`'); + } + if (!util.isString(text)) { + throw new Error('createCleartextMessage: options.text must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); + return new CleartextMessage(text); + } - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); + // OpenPGP.js - An OpenPGP implementation in javascript + // Copyright (C) 2016 Tankred Hase + // + // This library is free software; you can redistribute it and/or + // modify it under the terms of the GNU Lesser General Public + // License as published by the Free Software Foundation; either + // version 3.0 of the License, or (at your option) any later version. + // + // This library is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + // Lesser General Public License for more details. + // + // You should have received a copy of the GNU Lesser General Public + // License along with this library; if not, write to the Free Software + // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } + ////////////////////// + // // + // Key handling // + // // + ////////////////////// - return r; - }; - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; + /** + * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. + * @param {Object} options + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys). + * Note: Curve448 and Curve25519 (new format) are not widely supported yet. + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys + * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys: + * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1, + * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 + * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` + * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ + async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + if (!type && !curve) { + type = config$1.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them) + curve = 'curve25519Legacy'; // unused with type != 'ecc' + } else { + type = type || 'ecc'; + curve = curve || 'curve25519Legacy'; + } + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); + if (userIDs.length === 0 && !config$1.v6Keys) { + throw new Error('UserIDs are required for V4 keys'); + } + if (type === 'rsa' && rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + } - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } + const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } + try { + const { key, revocationCertificate } = await generate(options, config$1); + key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } + return { + privateKey: formatObject(key, format, config$1), + publicKey: formatObject(key.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error generating keypair', err); + } + } - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } + /** + * Reformats signature packets for a key and rewraps key object. + * @param {Object} options + * @param {PrivateKey} options.privateKey - Private key to reformat + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended + * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ + async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; + if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) { + throw new Error('UserIDs are required for V4 keys'); + } + const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } + try { + const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); - return res; - }; + return { + privateKey: formatObject(reformattedKey, format, config$1), + publicKey: formatObject(reformattedKey.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error reformatting keypair', err); + } + } - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); + /** + * Revokes a key. Requires either a private key or a revocation certificate. + * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. + * @param {Object} options + * @param {Key} options.key - Public or private key to revoke + * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with + * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation + * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation + * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The revoked key in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or + * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise + * @async + * @static + */ + async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - return r === num ? r.clone() : r; - }; + try { + const revokedKey = revocationCertificate ? + await key.applyRevocationCertificate(revocationCertificate, date, config$1) : + await key.revoke(reasonForRevocation, date, config$1); - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; + return revokedKey.isPrivate() ? { + privateKey: formatObject(revokedKey, format, config$1), + publicKey: formatObject(revokedKey.toPublic(), format, config$1) + } : { + privateKey: null, + publicKey: formatObject(revokedKey, format, config$1) + }; + } catch (err) { + throw util.wrapError('Error revoking key', err); + } + } - // - // Montgomery method engine - // + /** + * Unlock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to decrypt + * @param {String|Array} options.passphrase - The user's passphrase(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The unlocked key object. + * @async + */ + async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - BN.mont = function mont (num) { - return new Mont(num); - }; + if (!privateKey.isPrivate()) { + throw new Error('Cannot decrypt a public key'); + } + const clonedPrivateKey = privateKey.clone(true); + const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; - function Mont (m) { - Red.call(this, m); + try { + await Promise.all(clonedPrivateKey.getKeys().map(key => ( + // try to decrypt each key with any of the given passphrases + util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) + ))); - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } + await clonedPrivateKey.validate(config$1); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error decrypting private key', err); + } + } - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); + /** + * Lock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to encrypt + * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The locked key object. + * @async + */ + async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); + if (!privateKey.isPrivate()) { + throw new Error('Cannot encrypt a public key'); } - inherits(Mont, Red); + const clonedPrivateKey = privateKey.clone(true); - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; + const keys = clonedPrivateKey.getKeys(); + const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); + if (passphrases.length !== keys.length) { + throw new Error('Invalid number of passphrases given for key encryption'); + } - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; + try { + await Promise.all(keys.map(async (key, i) => { + const { keyPacket } = key; + await keyPacket.encrypt(passphrases[i], config$1); + keyPacket.clearPrivateParams(); + })); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error encrypting private key', err); + } + } - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; + /////////////////////////////////////////// + // // + // Message encryption and decryption // + // // + /////////////////////////////////////////// - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - return res._forceRed(this); - }; + /** + * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` + * must be specified. If signing keys are specified, those will be used to sign the message. + * @param {Object} options + * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message + * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed + * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message + * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Signature} [options.signature] - A detached signature to add to the encrypted message + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` + * @param {Date} [options.date=current date] - Override the creation date of the message signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ + async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); + signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations); + if (rest.detached) { + throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); + } + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); + if (!signingKeys) { + signingKeys = []; + } - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); + try { + if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified + message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config$1); } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; - })(module, commonjsGlobal); - }); - - var bn$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': bn, - __moduleExports: bn - }); + message = message.compress( + await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config$1), + config$1 + ); + message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + if (format === 'object') return message; + // serialize data + const armor = format === 'armored'; + const data = armor ? message.armor(config$1) : message.write(); + return await convertStream(data); + } catch (err) { + throw util.wrapError('Error encrypting message', err); + } + } /** - * @fileoverview - * BigInteger implementation of basic operations - * Wrapper of bn.js library (wwww.github.com/indutny/bn.js) - * @module biginteger/bn - * @private + * Decrypts a message with the user's private key, a session key or a password. + * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). + * @param {Object} options + * @param {Message} options.message - The message object with the encrypted data + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key + * @param {String|String[]} [options.passwords] - Passwords to decrypt the message + * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } + * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing decrypted and verified message in the form: + * + * { + * data: MaybeStream, (if format was 'utf8', the default) + * data: MaybeStream, (if format was 'binary') + * filename: String, + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static */ + async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * @private - */ - class BigInteger$1 { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); + try { + const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); + if (!verificationKeys) { + verificationKeys = []; } - this.value = new bn(n); + const result = {}; + result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); + result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); + result.filename = decrypted.getFilename(); + linkStreams(result, message); + if (expectSigned) { + if (verificationKeys.length === 0) { + throw new Error('Verification keys are required to verify message signatures'); + } + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error decrypting message', err); } + } - clone() { - const clone = new BigInteger$1(null); - this.value.copy(clone.value); - return clone; - } - /** - * BigInteger increment in place - */ - iinc() { - this.value.iadd(new bn(1)); - return this; - } + ////////////////////////////////////////// + // // + // Message signing and verification // + // // + ////////////////////////////////////////// - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - /** - * BigInteger decrement in place - */ - idec() { - this.value.isub(new bn(1)); - return this; - } + /** + * Signs a message. + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed + * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext + * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [options.date=current date] - Override the creation date of the signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ + async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); checkOutputMessageFormat(format); + signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations); - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); + if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value.iadd(x.value); - return this; + if (!signingKeys || signingKeys.length === 0) { + throw new Error('No signing keys provided'); } - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + try { + let signature; + if (detached) { + signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } else { + signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } + if (format === 'object') return signature; - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value.isub(x.value); - return this; + const armor = format === 'armored'; + signature = armor ? signature.armor(config$1) : signature.write(); + if (detached) { + signature = transformPair(message.packets.write(), async (readable, writable) => { + await Promise.all([ + pipe(signature, writable), + readToEnd(readable).catch(() => {}) + ]); + }); + } + return await convertStream(signature); + } catch (err) { + throw util.wrapError('Error signing message', err); } + } - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } + /** + * Verifies signatures of cleartext signed message + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures + * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing verified message in the form: + * + * { + * data: MaybeStream, (if `message` was a CleartextMessage) + * data: MaybeStream, (if `message` was a Message) + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static + */ + async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value.imul(x.value); - return this; - } + if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); + if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); + try { + const result = {}; + if (signature) { + result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); + } else { + result.signatures = await message.verify(verificationKeys, date, config$1); + } + result.data = format === 'binary' ? message.getLiteralData() : message.getText(); + if (message.fromStream && !signature) linkStreams(result, message); + if (expectSigned) { + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error verifying signed message', err); } + } - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value = this.value.umod(m.value); - return this; - } - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } + /////////////////////////////////////////////// + // // + // Session key encryption and decryption // + // // + /////////////////////////////////////////////// - /** - * Compute modular exponentiation - * Much faster than this.exp(e).mod(n) - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - // We use either Montgomery or normal reduction context - // Montgomery requires coprime n and R (montogmery multiplier) - // bn.js picks R as power of 2, so n must be odd - const nred = n.isEven() ? bn.red(n.value) : bn.mont(n.value); - const x = this.clone(); - x.value = x.value.toRed(nred).redPow(e.value).fromRed(); - return x; - } + /** + * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. + * @param {Object} options + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} + * @param {Date} [options.date=current date] - Date to select algorithm preferences at + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. + * @async + * @static + */ + async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - // invm returns a wrong result if the inverse does not exist - if (!this.gcd(n).isOne()) { - throw new Error('Inverse does not exist'); - } - return new BigInteger$1(this.value.invm(n.value)); + try { + const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error generating session key', err); } + } - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} n - Operand - * @returns {BigInteger} gcd - */ - gcd(n) { - return new BigInteger$1(this.value.gcd(n.value)); - } + /** + * Encrypt a symmetric session key with public keys, passwords, or both at once. + * At least one of `encryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) + * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' + * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key + * @param {String|String[]} [options.passwords] - Passwords for the message + * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [options.date=current date] - Override the date + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ + async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value.ishln(x.value.toNumber()); - return this; + if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { + throw new Error('No encryption keys or passwords provided.'); } - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); + try { + const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + return formatObject(message, format, config$1); + } catch (err) { + throw util.wrapError('Error encrypting session key', err); } + } - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value.ishrn(x.value.toNumber()); - return this; - } + /** + * Decrypt symmetric session keys using private keys or passwords (not both). + * One of `decryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Message} options.message - A message object containing the encrypted session key packets + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data + * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key + * @param {Date} [options.date] - Date to use for key verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: + * { data:Uint8Array, algorithm:String } + * @throws if no session key could be found or decrypted + * @async + * @static + */ + async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); + try { + const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error decrypting session keys', err); } + } - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value.eq(x.value); - } - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value.lt(x.value); - } + ////////////////////////// + // // + // Helper functions // + // // + ////////////////////////// - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value.lte(x.value); - } - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value.gt(x.value); + /** + * Input validation + * @private + */ + function checkString(data, name) { + if (!util.isString(data)) { + throw new Error('Parameter [' + (name) + '] must be of type String'); } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value.gte(x.value); + } + function checkBinary(data, name) { + if (!util.isUint8Array(data)) { + throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array'); } - - isZero() { - return this.value.isZero(); + } + function checkMessage(message) { + if (!(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message'); } - - isOne() { - return this.value.eq(new bn(1)); + } + function checkCleartextOrMessage(message) { + if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); } - - isNegative() { - return this.value.isNeg(); + } + function checkOutputMessageFormat(format) { + if (format !== 'armored' && format !== 'binary' && format !== 'object') { + throw new Error(`Unsupported format ${format}`); } - - isEven() { - return this.value.isEven(); + } + const defaultConfigPropsCount = Object.keys(config).length; + function checkConfig(config$1) { + const inputConfigProps = Object.keys(config$1); + if (inputConfigProps.length !== defaultConfigPropsCount) { + for (const inputProp of inputConfigProps) { + if (config[inputProp] === undefined) { + throw new Error(`Unknown config property: ${inputProp}`); + } + } } + } - abs() { - const res = this.clone(); - res.value = res.value.abs(); - return res; + /** + * Normalize parameter to an array if it is not undefined. + * @param {Object} param - the parameter to be normalized + * @returns {Array|undefined} The resulting array or undefined. + * @private + */ + function toArray(param) { + if (param && !util.isArray(param)) { + param = [param]; } + return param; + } - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); + /** + * Convert data to or from Stream + * @param {Object} data - the data to convert + * @returns {Promise} The data in the respective format. + * @async + * @private + */ + async function convertStream(data) { + const streamType = util.isStream(data); + if (streamType === 'array') { + return readToEnd(data); } + return data; + } - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - return this.value.toNumber(); - } + /** + * Link result.data to the message stream for cancellation. + * Also, forward errors in the message to result.data. + * @param {Object} result - the data to convert + * @param {Message} message - message object + * @returns {Object} + * @private + */ + function linkStreams(result, message) { + result.data = transformPair(message.packets.stream, async (readable, writable) => { + await pipe(result.data, writable, { + preventClose: true + }); + const writer = getWriter(writable); + try { + // Forward errors in the message stream to result.data. + await readToEnd(readable, _ => _); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + }); + } - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - return this.value.testn(i) ? 1 : 0; + /** + * Convert the object to the given format + * @param {Key|Message} object + * @param {'armored'|'binary'|'object'} format + * @param {Object} config - Full configuration + * @returns {String|Uint8Array|Object} + */ + function formatObject(object, format, config) { + switch (format) { + case 'object': + return object; + case 'armored': + return object.armor(config); + case 'binary': + return object.write(); + default: + throw new Error(`Unsupported format ${format}`); } + } - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - return this.value.bitLength(); - } + function number(n) { + if (!Number.isSafeInteger(n) || n < 0) + throw new Error(`positive integer expected, not ${n}`); + } + // copied from utils + function isBytes$1(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); + } + function bytes(b, ...lengths) { + if (!isBytes$1(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); + } + function hash(h) { + if (typeof h !== 'function' || typeof h.create !== 'function') + throw new Error('Hash should be wrapped by utils.wrapConstructor'); + number(h.outputLen); + number(h.blockLen); + } + function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); + } + function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } + } + + const crypto$1 = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; + + /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. + // node.js versions earlier than v19 don't declare it in global scope. + // For node.js, package.json#exports field mapping rewrites import + // from `crypto` to `cryptoNode`, which imports native module. + // Makes the utils un-importable in browsers without a bundler. + // Once node.js 18 is deprecated (2025-04-30), we can just drop the import. + const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); + // Cast array to view + const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); + // The rotate right (circular right shift) operation for uint32 + const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift); + // The rotate left (circular left shift) operation for uint32 + const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0); + const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; + // The byte swap operation for uint32 + const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); + // In place byte swap for Uint32Array + function byteSwap32(arr) { + for (let i = 0; i < arr.length; i++) { + arr[i] = byteSwap(arr[i]); + } + } + /** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ + function utf8ToBytes$1(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 + } + /** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ + function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes$1(data); + bytes(data); + return data; + } + /** + * Copies several Uint8Arrays into one. + */ + function concatBytes$1(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; + } + // For runtime check if class implements interface + class Hash { + // Safe version that clones internal state + clone() { + return this._cloneInto(); + } + } + function wrapConstructor(hashCons) { + const hashC = (msg) => hashCons().update(toBytes(msg)).digest(); + const tmp = hashCons(); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = () => hashCons(); + return hashC; + } + function wrapXOFConstructorWithOpts(hashCons) { + const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest(); + const tmp = hashCons({}); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (opts) => hashCons(opts); + return hashC; + } + /** + * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS. + */ + function randomBytes(bytesLength = 32) { + if (crypto$1 && typeof crypto$1.getRandomValues === 'function') { + return crypto$1.getRandomValues(new Uint8Array(bytesLength)); + } + // Legacy Node.js compatibility + if (crypto$1 && typeof crypto$1.randomBytes === 'function') { + return crypto$1.randomBytes(bytesLength); + } + throw new Error('crypto.getRandomValues must be defined'); + } - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - return this.value.byteLength(); - } + /** + * Polyfill for Safari 14 + */ + function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = isLE ? 4 : 0; + const l = isLE ? 0 : 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); + } + /** + * Choice: a ? b : c + */ + const Chi = (a, b, c) => (a & b) ^ (~a & c); + /** + * Majority function, true if any two inputs is true + */ + const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c); + /** + * Merkle-Damgard hash construction base class. + * Could be used to create MD5, RIPEMD, SHA1, SHA2. + */ + class HashMD extends Hash { + constructor(blockLen, outputLen, padOffset, isLE) { + super(); + this.blockLen = blockLen; + this.outputLen = outputLen; + this.padOffset = padOffset; + this.isLE = isLE; + this.finished = false; + this.length = 0; + this.pos = 0; + this.destroyed = false; + this.buffer = new Uint8Array(blockLen); + this.view = createView(this.buffer); + } + update(data) { + exists(this); + const { view, buffer, blockLen } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + // Fast path: we have at least one block in input, cast it to view and process + if (take === blockLen) { + const dataView = createView(data); + for (; blockLen <= len - pos; pos += blockLen) + this.process(dataView, pos); + continue; + } + buffer.set(data.subarray(pos, pos + take), this.pos); + this.pos += take; + pos += take; + if (this.pos === blockLen) { + this.process(view, 0); + this.pos = 0; + } + } + this.length += data.length; + this.roundClean(); + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // Padding + // We can avoid allocation of buffer for padding completely if it + // was previously not allocated here. But it won't change performance. + const { buffer, view, blockLen, isLE } = this; + let { pos } = this; + // append the bit '1' to the message + buffer[pos++] = 0b10000000; + this.buffer.subarray(pos).fill(0); + // we have less than padOffset left in buffer, so we cannot put length in + // current block, need process it and pad again + if (this.padOffset > blockLen - pos) { + this.process(view, 0); + pos = 0; + } + // Pad until full block byte with zeros + for (let i = pos; i < blockLen; i++) + buffer[i] = 0; + // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that + // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen. + // So we just write lowest 64 bits of that value. + setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE); + this.process(view, 0); + const oview = createView(out); + const len = this.outputLen; + // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT + if (len % 4) + throw new Error('_sha2: outputLen should be aligned to 32bit'); + const outLen = len / 4; + const state = this.get(); + if (outLen > state.length) + throw new Error('_sha2: outputLen bigger than state'); + for (let i = 0; i < outLen; i++) + oview.setUint32(4 * i, state[i], isLE); + } + digest() { + const { buffer, outputLen } = this; + this.digestInto(buffer); + const res = buffer.slice(0, outputLen); + this.destroy(); + return res; + } + _cloneInto(to) { + to || (to = new this.constructor()); + to.set(...this.get()); + const { blockLen, buffer, length, finished, destroyed, pos } = this; + to.length = length; + to.pos = pos; + to.finished = finished; + to.destroyed = destroyed; + if (length % blockLen) + to.buffer.set(buffer); + return to; + } + } + + // SHA2-256 need to try 2^128 hashes to execute birthday attack. + // BTC network is doing 2^67 hashes/sec as per early 2023. + // Round constants: + // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) + // prettier-ignore + const SHA256_K = /* @__PURE__ */ new Uint32Array([ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 + ]); + // Initial state: + // first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19 + // prettier-ignore + const SHA256_IV = /* @__PURE__ */ new Uint32Array([ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 + ]); + // Temporary buffer, not used to store anything between runs + // Named this way because it matches specification. + const SHA256_W = /* @__PURE__ */ new Uint32Array(64); + class SHA256 extends HashMD { + constructor() { + super(64, 32, 8, false); + // We cannot use array here since array allows indexing by variable + // which means optimizer/compiler cannot use registers. + this.A = SHA256_IV[0] | 0; + this.B = SHA256_IV[1] | 0; + this.C = SHA256_IV[2] | 0; + this.D = SHA256_IV[3] | 0; + this.E = SHA256_IV[4] | 0; + this.F = SHA256_IV[5] | 0; + this.G = SHA256_IV[6] | 0; + this.H = SHA256_IV[7] | 0; + } + get() { + const { A, B, C, D, E, F, G, H } = this; + return [A, B, C, D, E, F, G, H]; + } + // prettier-ignore + set(A, B, C, D, E, F, G, H) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + this.F = F | 0; + this.G = G | 0; + this.H = H | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) + SHA256_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 64; i++) { + const W15 = SHA256_W[i - 15]; + const W2 = SHA256_W[i - 2]; + const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3); + const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10); + SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0; + } + // Compression function main loop, 64 rounds + let { A, B, C, D, E, F, G, H } = this; + for (let i = 0; i < 64; i++) { + const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25); + const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22); + const T2 = (sigma0 + Maj(A, B, C)) | 0; + H = G; + G = F; + F = E; + E = (D + T1) | 0; + D = C; + C = B; + B = A; + A = (T1 + T2) | 0; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + F = (F + this.F) | 0; + G = (G + this.G) | 0; + H = (H + this.H) | 0; + this.set(A, B, C, D, E, F, G, H); + } + roundClean() { + SHA256_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0, 0, 0, 0); + this.buffer.fill(0); + } + } + // Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf + class SHA224 extends SHA256 { + constructor() { + super(); + this.A = 0xc1059ed8 | 0; + this.B = 0x367cd507 | 0; + this.C = 0x3070dd17 | 0; + this.D = 0xf70e5939 | 0; + this.E = 0xffc00b31 | 0; + this.F = 0x68581511 | 0; + this.G = 0x64f98fa7 | 0; + this.H = 0xbefa4fa4 | 0; + this.outputLen = 28; + } + } + /** + * SHA2-256 hash function + * @param message - data that would be hashed + */ + const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256()); + /** + * SHA2-224 hash function + */ + const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224()); - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - return this.value.toArrayLike(Uint8Array, endian, length); - } + // HMAC (RFC 2104) + class HMAC extends Hash { + constructor(hash$1, _key) { + super(); + this.finished = false; + this.destroyed = false; + hash(hash$1); + const key = toBytes(_key); + this.iHash = hash$1.create(); + if (typeof this.iHash.update !== 'function') + throw new Error('Expected instance of class which extends utils.Hash'); + this.blockLen = this.iHash.blockLen; + this.outputLen = this.iHash.outputLen; + const blockLen = this.blockLen; + const pad = new Uint8Array(blockLen); + // blockLen can be bigger than outputLen + pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key); + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36; + this.iHash.update(pad); + // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone + this.oHash = hash$1.create(); + // Undo internal XOR && apply outer XOR + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36 ^ 0x5c; + this.oHash.update(pad); + pad.fill(0); + } + update(buf) { + exists(this); + this.iHash.update(buf); + return this; + } + digestInto(out) { + exists(this); + bytes(out, this.outputLen); + this.finished = true; + this.iHash.digestInto(out); + this.oHash.update(out); + this.oHash.digestInto(out); + this.destroy(); + } + digest() { + const out = new Uint8Array(this.oHash.outputLen); + this.digestInto(out); + return out; + } + _cloneInto(to) { + // Create new instance without calling constructor since key already in state and we don't know it. + to || (to = Object.create(Object.getPrototypeOf(this), {})); + const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this; + to = to; + to.finished = finished; + to.destroyed = destroyed; + to.blockLen = blockLen; + to.outputLen = outputLen; + to.oHash = oHash._cloneInto(to.oHash); + to.iHash = iHash._cloneInto(to.iHash); + return to; + } + destroy() { + this.destroyed = true; + this.oHash.destroy(); + this.iHash.destroy(); + } + } + /** + * HMAC: RFC2104 message authentication code. + * @param hash - function that would be used e.g. sha256 + * @param key - message key + * @param message - message data + * @example + * import { hmac } from '@noble/hashes/hmac'; + * import { sha256 } from '@noble/hashes/sha2'; + * const mac1 = hmac(sha256, 'key', 'message'); + */ + const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); + hmac.create = (hash, key) => new HMAC(hash, key); + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // 100 lines of code in the file are duplicated from noble-hashes (utils). + // This is OK: `abstract` directory does not use noble-hashes. + // User may opt-in into using different hashing library. This way, noble-hashes + // won't be included into their bundle. + const _0n$6 = /* @__PURE__ */ BigInt(0); + const _1n$8 = /* @__PURE__ */ BigInt(1); + const _2n$5 = /* @__PURE__ */ BigInt(2); + function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); + } + function abytes(item) { + if (!isBytes(item)) + throw new Error('Uint8Array expected'); + } + function abool(title, value) { + if (typeof value !== 'boolean') + throw new Error(`${title} must be valid boolean, got "${value}".`); + } + // Array where index 0xf0 (240) is mapped to string 'f0' + const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); + /** + * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123' + */ + function bytesToHex(bytes) { + abytes(bytes); + // pre-caching improves the speed 6x + let hex = ''; + for (let i = 0; i < bytes.length; i++) { + hex += hexes[bytes[i]]; + } + return hex; + } + function numberToHexUnpadded(num) { + const hex = num.toString(16); + return hex.length & 1 ? `0${hex}` : hex; + } + function hexToNumber(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + // Big Endian + return BigInt(hex === '' ? '0' : `0x${hex}`); + } + // We use optimized technique to convert hex string to byte array + const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; + function asciiToBase16(char) { + if (char >= asciis._0 && char <= asciis._9) + return char - asciis._0; + if (char >= asciis._A && char <= asciis._F) + return char - (asciis._A - 10); + if (char >= asciis._a && char <= asciis._f) + return char - (asciis._a - 10); + return; + } + /** + * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23]) + */ + function hexToBytes(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + const hl = hex.length; + const al = hl / 2; + if (hl % 2) + throw new Error('padded hex string expected, got unpadded hex of length ' + hl); + const array = new Uint8Array(al); + for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) { + const n1 = asciiToBase16(hex.charCodeAt(hi)); + const n2 = asciiToBase16(hex.charCodeAt(hi + 1)); + if (n1 === undefined || n2 === undefined) { + const char = hex[hi] + hex[hi + 1]; + throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi); + } + array[ai] = n1 * 16 + n2; + } + return array; + } + // BE: Big Endian, LE: Little Endian + function bytesToNumberBE(bytes) { + return hexToNumber(bytesToHex(bytes)); + } + function bytesToNumberLE(bytes) { + abytes(bytes); + return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse())); + } + function numberToBytesBE(n, len) { + return hexToBytes(n.toString(16).padStart(len * 2, '0')); + } + function numberToBytesLE(n, len) { + return numberToBytesBE(n, len).reverse(); + } + // Unpadded, rarely used + function numberToVarBytesBE(n) { + return hexToBytes(numberToHexUnpadded(n)); + } + /** + * Takes hex string or Uint8Array, converts to Uint8Array. + * Validates output length. + * Will throw error for other types. + * @param title descriptive title for an error e.g. 'private key' + * @param hex hex string or Uint8Array + * @param expectedLength optional, will compare to result array's length + * @returns + */ + function ensureBytes(title, hex, expectedLength) { + let res; + if (typeof hex === 'string') { + try { + res = hexToBytes(hex); + } + catch (e) { + throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`); + } + } + else if (isBytes(hex)) { + // Uint8Array.from() instead of hash.slice() because node.js Buffer + // is instance of Uint8Array, and its slice() creates **mutable** copy + res = Uint8Array.from(hex); + } + else { + throw new Error(`${title} must be hex string or Uint8Array`); + } + const len = res.length; + if (typeof expectedLength === 'number' && len !== expectedLength) + throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`); + return res; + } + /** + * Copies several Uint8Arrays into one. + */ + function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + abytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; + } + // Compares 2 u8a-s in kinda constant time + function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; + } + /** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ + function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 + } + // Is positive bigint + const isPosBig = (n) => typeof n === 'bigint' && _0n$6 <= n; + function inRange(n, min, max) { + return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max; + } + /** + * Asserts min <= n < max. NOTE: It's < max and not <= max. + * @example + * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n) + */ + function aInRange(title, n, min, max) { + // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)? + // consider P=256n, min=0n, max=P + // - a for min=0 would require -1: `inRange('x', x, -1n, P)` + // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)` + // - our way is the cleanest: `inRange('x', x, 0n, P) + if (!inRange(n, min, max)) + throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`); + } + // Bit operations + /** + * Calculates amount of bits in a bigint. + * Same as `n.toString(2).length` + */ + function bitLen(n) { + let len; + for (len = 0; n > _0n$6; n >>= _1n$8, len += 1) + ; + return len; + } + /** + * Gets single bit at position. + * NOTE: first bit position is 0 (same as arrays) + * Same as `!!+Array.from(n.toString(2)).reverse()[pos]` + */ + function bitGet(n, pos) { + return (n >> BigInt(pos)) & _1n$8; + } + /** + * Sets single bit at position. + */ + function bitSet(n, pos, value) { + return n | ((value ? _1n$8 : _0n$6) << BigInt(pos)); + } + /** + * Calculate mask for N bits. Not using ** operator with bigints because of old engines. + * Same as BigInt(`0b${Array(i).fill('1').join('')}`) + */ + const bitMask = (n) => (_2n$5 << BigInt(n - 1)) - _1n$8; + // DRBG + const u8n = (data) => new Uint8Array(data); // creates Uint8Array + const u8fr = (arr) => Uint8Array.from(arr); // another shortcut + /** + * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + * @returns function that will call DRBG until 2nd arg returns something meaningful + * @example + * const drbg = createHmacDRBG(32, 32, hmac); + * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined + */ + function createHmacDrbg(hashLen, qByteLen, hmacFn) { + if (typeof hashLen !== 'number' || hashLen < 2) + throw new Error('hashLen must be a number'); + if (typeof qByteLen !== 'number' || qByteLen < 2) + throw new Error('qByteLen must be a number'); + if (typeof hmacFn !== 'function') + throw new Error('hmacFn must be a function'); + // Step B, Step C: set hashLen to 8*ceil(hlen/8) + let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same + let i = 0; // Iterations counter, will throw when over 1000 + const reset = () => { + v.fill(1); + k.fill(0); + i = 0; + }; + const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values) + const reseed = (seed = u8n()) => { + // HMAC-DRBG reseed() function. Steps D-G + k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed) + v = h(); // v = hmac(k || v) + if (seed.length === 0) + return; + k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed) + v = h(); // v = hmac(k || v) + }; + const gen = () => { + // HMAC-DRBG generate() function + if (i++ >= 1000) + throw new Error('drbg: tried 1000 values'); + let len = 0; + const out = []; + while (len < qByteLen) { + v = h(); + const sl = v.slice(); + out.push(sl); + len += v.length; + } + return concatBytes(...out); + }; + const genUntil = (seed, pred) => { + reset(); + reseed(seed); // Steps D-G + let res = undefined; // Step H: grind until k is in [1..n-1] + while (!(res = pred(gen()))) + reseed(); + reset(); + return res; + }; + return genUntil; + } + // Validating curves and fields + const validatorFns = { + bigint: (val) => typeof val === 'bigint', + function: (val) => typeof val === 'function', + boolean: (val) => typeof val === 'boolean', + string: (val) => typeof val === 'string', + stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val), + isSafeInteger: (val) => Number.isSafeInteger(val), + array: (val) => Array.isArray(val), + field: (val, object) => object.Fp.isValid(val), + hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen), + }; + // type Record = { [P in K]: T; } + function validateObject(object, validators, optValidators = {}) { + const checkField = (fieldName, type, isOptional) => { + const checkVal = validatorFns[type]; + if (typeof checkVal !== 'function') + throw new Error(`Invalid validator "${type}", expected function`); + const val = object[fieldName]; + if (isOptional && val === undefined) + return; + if (!checkVal(val, object)) { + throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`); + } + }; + for (const [fieldName, type] of Object.entries(validators)) + checkField(fieldName, type, false); + for (const [fieldName, type] of Object.entries(optValidators)) + checkField(fieldName, type, true); + return object; + } + // validate type tests + // const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; + // const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok! + // // Should fail type-check + // const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' }); + // const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' }); + // const z3 = validateObject(o, { test: 'boolean', z: 'bug' }); + // const z4 = validateObject(o, { a: 'boolean', z: 'bug' }); + /** + * throws not implemented error + */ + const notImplemented = () => { + throw new Error('not implemented'); + }; + /** + * Memoizes (caches) computation result. + * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed. + */ + function memoized(fn) { + const map = new WeakMap(); + return (arg, ...args) => { + const val = map.get(arg); + if (val !== undefined) + return val; + const computed = fn(arg, ...args); + map.set(arg, computed); + return computed; + }; } - var bn_interface = /*#__PURE__*/Object.freeze({ + var ut = /*#__PURE__*/Object.freeze({ __proto__: null, - 'default': BigInteger$1 + aInRange: aInRange, + abool: abool, + abytes: abytes, + bitGet: bitGet, + bitLen: bitLen, + bitMask: bitMask, + bitSet: bitSet, + bytesToHex: bytesToHex, + bytesToNumberBE: bytesToNumberBE, + bytesToNumberLE: bytesToNumberLE, + concatBytes: concatBytes, + createHmacDrbg: createHmacDrbg, + ensureBytes: ensureBytes, + equalBytes: equalBytes, + hexToBytes: hexToBytes, + hexToNumber: hexToNumber, + inRange: inRange, + isBytes: isBytes, + memoized: memoized, + notImplemented: notImplemented, + numberToBytesBE: numberToBytesBE, + numberToBytesLE: numberToBytesLE, + numberToHexUnpadded: numberToHexUnpadded, + numberToVarBytesBE: numberToVarBytesBE, + utf8ToBytes: utf8ToBytes, + validateObject: validateObject }); - var utils_1 = createCommonjsModule(function (module, exports) { - - var utils = exports; - - function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // Utilities for modular arithmetics and finite fields + // prettier-ignore + const _0n$5 = BigInt(0), _1n$7 = BigInt(1), _2n$4 = BigInt(2), _3n$2 = BigInt(3); + // prettier-ignore + const _4n = BigInt(4), _5n = BigInt(5), _8n$1 = BigInt(8); + // prettier-ignore + BigInt(9); BigInt(16); + // Calculates a modulo b + function mod(a, b) { + const result = a % b; + return result >= _0n$5 ? result : b + result; + } + /** + * Efficiently raise num to power and do modular division. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + * @example + * pow(2n, 6n, 11n) // 64n % 11n == 9n + */ + // TODO: use field version && remove + function pow(num, power, modulo) { + if (modulo <= _0n$5 || power < _0n$5) + throw new Error('Expected power/modulo > 0'); + if (modulo === _1n$7) + return _0n$5; + let res = _1n$7; + while (power > _0n$5) { + if (power & _1n$7) + res = (res * num) % modulo; + num = (num * num) % modulo; + power >>= _1n$7; + } return res; - } - if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } else { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); + } + // Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) + function pow2(x, power, modulo) { + let res = x; + while (power-- > _0n$5) { + res *= res; + res %= modulo; } - } - return res; + return res; } - utils.toArray = toArray; - - function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; + // Inverses number over modulo + function invert(number, modulo) { + if (number === _0n$5 || modulo <= _0n$5) { + throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); + } + // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/ + // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower. + let a = mod(number, modulo); + let b = modulo; + // prettier-ignore + let x = _0n$5, u = _1n$7; + while (a !== _0n$5) { + // JIT applies optimization if those two lines follow each other + const q = b / a; + const r = b % a; + const m = x - u * q; + // prettier-ignore + b = a, a = r, x = u, u = m; + } + const gcd = b; + if (gcd !== _1n$7) + throw new Error('invert: does not exist'); + return mod(x, modulo); + } + /** + * Tonelli-Shanks square root search algorithm. + * 1. https://eprint.iacr.org/2012/685.pdf (page 12) + * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks + * Will start an infinite loop if field order P is not prime. + * @param P field order + * @returns function that takes field Fp (created from P) and number n + */ + function tonelliShanks(P) { + // Legendre constant: used to calculate Legendre symbol (a | p), + // which denotes the value of a^((p-1)/2) (mod p). + // (a | p) ≡ 1 if a is a square (mod p) + // (a | p) ≡ -1 if a is not a square (mod p) + // (a | p) ≡ 0 if a ≡ 0 (mod p) + const legendreC = (P - _1n$7) / _2n$4; + let Q, S, Z; + // Step 1: By factoring out powers of 2 from p - 1, + // find q and s such that p - 1 = q*(2^s) with q odd + for (Q = P - _1n$7, S = 0; Q % _2n$4 === _0n$5; Q /= _2n$4, S++) + ; + // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq + for (Z = _2n$4; Z < P && pow(Z, legendreC, P) !== P - _1n$7; Z++) + ; + // Fast-path + if (S === 1) { + const p1div4 = (P + _1n$7) / _4n; + return function tonelliFast(Fp, n) { + const root = Fp.pow(n, p1div4); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Slow-path + const Q1div2 = (Q + _1n$7) / _2n$4; + return function tonelliSlow(Fp, n) { + // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1 + if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) + throw new Error('Cannot find square root'); + let r = S; + // TODO: will fail at Fp2/etc + let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b + let x = Fp.pow(n, Q1div2); // first guess at the square root + let b = Fp.pow(n, Q); // first guess at the fudge factor + while (!Fp.eql(b, Fp.ONE)) { + if (Fp.eql(b, Fp.ZERO)) + return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0) + // Find m such b^(2^m)==1 + let m = 1; + for (let t2 = Fp.sqr(b); m < r; m++) { + if (Fp.eql(t2, Fp.ONE)) + break; + t2 = Fp.sqr(t2); // t2 *= t2 + } + // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow + const ge = Fp.pow(g, _1n$7 << BigInt(r - m - 1)); // ge = 2^(r-m-1) + g = Fp.sqr(ge); // g = ge * ge + x = Fp.mul(x, ge); // x *= ge + b = Fp.mul(b, g); // b *= g + r = m; + } + return x; + }; + } + function FpSqrt(P) { + // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. + // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve). + // P ≡ 3 (mod 4) + // √n = n^((P+1)/4) + if (P % _4n === _3n$2) { + // Not all roots possible! + // const ORDER = + // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn; + // const NUM = 72057594037927816n; + const p1div4 = (P + _1n$7) / _4n; + return function sqrt3mod4(Fp, n) { + const root = Fp.pow(n, p1div4); + // Throw if root**2 != n + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10) + if (P % _8n$1 === _5n) { + const c1 = (P - _5n) / _8n$1; + return function sqrt5mod8(Fp, n) { + const n2 = Fp.mul(n, _2n$4); + const v = Fp.pow(n2, c1); + const nv = Fp.mul(n, v); + const i = Fp.mul(Fp.mul(nv, _2n$4), v); + const root = Fp.mul(nv, Fp.sub(i, Fp.ONE)); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Other cases: Tonelli-Shanks algorithm + return tonelliShanks(P); + } + // prettier-ignore + const FIELD_FIELDS = [ + 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr', + 'eql', 'add', 'sub', 'mul', 'pow', 'div', + 'addN', 'subN', 'mulN', 'sqrN' + ]; + function validateField(field) { + const initial = { + ORDER: 'bigint', + MASK: 'bigint', + BYTES: 'isSafeInteger', + BITS: 'isSafeInteger', + }; + const opts = FIELD_FIELDS.reduce((map, val) => { + map[val] = 'function'; + return map; + }, initial); + return validateObject(field, opts); + } + // Generic field functions + /** + * Same as `pow` but for Fp: non-constant-time. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + */ + function FpPow(f, num, power) { + // Should have same speed as pow for bigints + // TODO: benchmark! + if (power < _0n$5) + throw new Error('Expected power > 0'); + if (power === _0n$5) + return f.ONE; + if (power === _1n$7) + return num; + let p = f.ONE; + let d = num; + while (power > _0n$5) { + if (power & _1n$7) + p = f.mul(p, d); + d = f.sqr(d); + power >>= _1n$7; + } + return p; + } + /** + * Efficiently invert an array of Field elements. + * `inv(0)` will return `undefined` here: make sure to throw an error. + */ + function FpInvertBatch(f, nums) { + const tmp = new Array(nums.length); + // Walk from first to last, multiply them by each other MOD p + const lastMultiplied = nums.reduce((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = acc; + return f.mul(acc, num); + }, f.ONE); + // Invert last element + const inverted = f.inv(lastMultiplied); + // Walk from last to first, multiply them by inverted each other MOD p + nums.reduceRight((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = f.mul(acc, tmp[i]); + return f.mul(acc, num); + }, inverted); + return tmp; + } + // CURVE.n lengths + function nLength(n, nBitLength) { + // Bit size, byte size of CURVE.n + const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; + const nByteLength = Math.ceil(_nBitLength / 8); + return { nBitLength: _nBitLength, nByteLength }; + } + /** + * Initializes a finite field over prime. **Non-primes are not supported.** + * Do not init in loop: slow. Very fragile: always run a benchmark on a change. + * Major performance optimizations: + * * a) denormalized operations like mulN instead of mul + * * b) same object shape: never add or remove keys + * * c) Object.freeze + * NOTE: operations don't check 'isValid' for all elements for performance reasons, + * it is caller responsibility to check this. + * This is low-level code, please make sure you know what you doing. + * @param ORDER prime positive bigint + * @param bitLen how many bits the field consumes + * @param isLE (def: false) if encoding / decoding should be in little-endian + * @param redef optional faster redefinitions of sqrt and other methods + */ + function Field(ORDER, bitLen, isLE = false, redef = {}) { + if (ORDER <= _0n$5) + throw new Error(`Expected Field ORDER > 0, got ${ORDER}`); + const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen); + if (BYTES > 2048) + throw new Error('Field lengths over 2048 bytes are not supported'); + const sqrtP = FpSqrt(ORDER); + const f = Object.freeze({ + ORDER, + BITS, + BYTES, + MASK: bitMask(BITS), + ZERO: _0n$5, + ONE: _1n$7, + create: (num) => mod(num, ORDER), + isValid: (num) => { + if (typeof num !== 'bigint') + throw new Error(`Invalid field element: expected bigint, got ${typeof num}`); + return _0n$5 <= num && num < ORDER; // 0 is valid element, but it's not invertible + }, + is0: (num) => num === _0n$5, + isOdd: (num) => (num & _1n$7) === _1n$7, + neg: (num) => mod(-num, ORDER), + eql: (lhs, rhs) => lhs === rhs, + sqr: (num) => mod(num * num, ORDER), + add: (lhs, rhs) => mod(lhs + rhs, ORDER), + sub: (lhs, rhs) => mod(lhs - rhs, ORDER), + mul: (lhs, rhs) => mod(lhs * rhs, ORDER), + pow: (num, power) => FpPow(f, num, power), + div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), + // Same as above, but doesn't normalize + sqrN: (num) => num * num, + addN: (lhs, rhs) => lhs + rhs, + subN: (lhs, rhs) => lhs - rhs, + mulN: (lhs, rhs) => lhs * rhs, + inv: (num) => invert(num, ORDER), + sqrt: redef.sqrt || ((n) => sqrtP(f, n)), + invertBatch: (lst) => FpInvertBatch(f, lst), + // TODO: do we really need constant cmov? + // We don't have const-time bigints anyway, so probably will be not very useful + cmov: (a, b, c) => (c ? b : a), + toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)), + fromBytes: (bytes) => { + if (bytes.length !== BYTES) + throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`); + return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes); + }, + }); + return Object.freeze(f); + } + /** + * Returns total number of bytes consumed by the field element. + * For example, 32 bytes for usual 256-bit weierstrass curve. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of field + */ + function getFieldBytesLength(fieldOrder) { + if (typeof fieldOrder !== 'bigint') + throw new Error('field order must be bigint'); + const bitLength = fieldOrder.toString(2).length; + return Math.ceil(bitLength / 8); + } + /** + * Returns minimal amount of bytes that can be safely reduced + * by field order. + * Should be 2^-128 for 128-bit curve such as P256. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of target hash + */ + function getMinHashLength(fieldOrder) { + const length = getFieldBytesLength(fieldOrder); + return length + Math.ceil(length / 2); + } + /** + * "Constant-time" private key generation utility. + * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF + * and convert them into private scalar, with the modulo bias being negligible. + * Needs at least 48 bytes of input for 32-byte private key. + * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/ + * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final + * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5 + * @param hash hash output from SHA3 or a similar function + * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n) + * @param isLE interpret hash bytes as LE num + * @returns valid private scalar + */ + function mapHashToField(key, fieldOrder, isLE = false) { + const len = key.length; + const fieldLen = getFieldBytesLength(fieldOrder); + const minLen = getMinHashLength(fieldOrder); + // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings. + if (len < 16 || len < minLen || len > 1024) + throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`); + const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key); + // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0 + const reduced = mod(num, fieldOrder - _1n$7) + _1n$7; + return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen); + } + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // Abelian group utilities + const _0n$4 = BigInt(0); + const _1n$6 = BigInt(1); + // Since points in different groups cannot be equal (different object constructor), + // we can have single place to store precomputes + const pointPrecomputes = new WeakMap(); + const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside) + // Elliptic curve multiplication of Point by scalar. Fragile. + // Scalars should always be less than curve order: this should be checked inside of a curve itself. + // Creates precomputation tables for fast multiplication: + // - private scalar is split by fixed size windows of W bits + // - every window point is collected from window's table & added to accumulator + // - since windows are different, same point inside tables won't be accessed more than once per calc + // - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar) + // - +1 window is neccessary for wNAF + // - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication + // TODO: Research returning 2d JS array of windows, instead of a single window. This would allow + // windows to be in different memory locations + function wNAF(c, bits) { + const constTimeNegate = (condition, item) => { + const neg = item.negate(); + return condition ? neg : item; + }; + const validateW = (W) => { + if (!Number.isSafeInteger(W) || W <= 0 || W > bits) + throw new Error(`Wrong window size=${W}, should be [1..${bits}]`); + }; + const opts = (W) => { + validateW(W); + const windows = Math.ceil(bits / W) + 1; // +1, because + const windowSize = 2 ** (W - 1); // -1 because we skip zero + return { windows, windowSize }; + }; + return { + constTimeNegate, + // non-const time multiplication ladder + unsafeLadder(elm, n) { + let p = c.ZERO; + let d = elm; + while (n > _0n$4) { + if (n & _1n$6) + p = p.add(d); + d = d.double(); + n >>= _1n$6; + } + return p; + }, + /** + * Creates a wNAF precomputation window. Used for caching. + * Default window size is set by `utils.precompute()` and is equal to 8. + * Number of precomputed points depends on the curve size: + * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: + * - 𝑊 is the window size + * - 𝑛 is the bitlength of the curve order. + * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. + * @returns precomputed point tables flattened to a single array + */ + precomputeWindow(elm, W) { + const { windows, windowSize } = opts(W); + const points = []; + let p = elm; + let base = p; + for (let window = 0; window < windows; window++) { + base = p; + points.push(base); + // =1, because we skip zero + for (let i = 1; i < windowSize; i++) { + base = base.add(p); + points.push(base); + } + p = base.double(); + } + return points; + }, + /** + * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. + * @param W window size + * @param precomputes precomputed tables + * @param n scalar (we don't check here, but should be less than curve order) + * @returns real and fake (for const-time) points + */ + wNAF(W, precomputes, n) { + // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise + // But need to carefully remove other checks before wNAF. ORDER == bits here + const { windows, windowSize } = opts(W); + let p = c.ZERO; + let f = c.BASE; + const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc. + const maxNumber = 2 ** W; + const shiftBy = BigInt(W); + for (let window = 0; window < windows; window++) { + const offset = window * windowSize; + // Extract W bits. + let wbits = Number(n & mask); + // Shift number by W bits. + n >>= shiftBy; + // If the bits are bigger than max size, we'll split those. + // +224 => 256 - 32 + if (wbits > windowSize) { + wbits -= maxNumber; + n += _1n$6; + } + // This code was first written with assumption that 'f' and 'p' will never be infinity point: + // since each addition is multiplied by 2 ** W, it cannot cancel each other. However, + // there is negate now: it is possible that negated element from low value + // would be the same as high element, which will create carry into next window. + // It's not obvious how this can fail, but still worth investigating later. + // Check if we're onto Zero point. + // Add random point inside current window to f. + const offset1 = offset; + const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero + const cond1 = window % 2 !== 0; + const cond2 = wbits < 0; + if (wbits === 0) { + // The most important part for const-time getPublicKey + f = f.add(constTimeNegate(cond1, precomputes[offset1])); + } + else { + p = p.add(constTimeNegate(cond2, precomputes[offset2])); + } + } + // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ() + // Even if the variable is still unused, there are some checks which will + // throw an exception, so compiler needs to prove they won't happen, which is hard. + // At this point there is a way to F be infinity-point even if p is not, + // which makes it less const-time: around 1 bigint multiply. + return { p, f }; + }, + wNAFCached(P, n, transform) { + const W = pointWindowSizes.get(P) || 1; + // Calculate precomputes on a first run, reuse them after + let comp = pointPrecomputes.get(P); + if (!comp) { + comp = this.precomputeWindow(P, W); + if (W !== 1) + pointPrecomputes.set(P, transform(comp)); + } + return this.wNAF(W, comp, n); + }, + // We calculate precomputes for elliptic curve point multiplication + // using windowed method. This specifies window size and + // stores precomputed values. Usually only base point would be precomputed. + setWindowSize(P, W) { + validateW(W); + pointWindowSizes.set(P, W); + pointPrecomputes.delete(P); + }, + }; + } + /** + * Pippenger algorithm for multi-scalar multiplication (MSM). + * MSM is basically (Pa + Qb + Rc + ...). + * 30x faster vs naive addition on L=4096, 10x faster with precomputes. + * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL. + * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0. + * @param c Curve Point constructor + * @param field field over CURVE.N - important that it's not over CURVE.P + * @param points array of L curve points + * @param scalars array of L scalars (aka private keys / bigints) + */ + function pippenger(c, field, points, scalars) { + // If we split scalars by some window (let's say 8 bits), every chunk will only + // take 256 buckets even if there are 4096 scalars, also re-uses double. + // TODO: + // - https://eprint.iacr.org/2024/750.pdf + // - https://tches.iacr.org/index.php/TCHES/article/view/10287 + // 0 is accepted in scalars + if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length) + throw new Error('arrays of points and scalars must have equal length'); + scalars.forEach((s, i) => { + if (!field.isValid(s)) + throw new Error(`wrong scalar at index ${i}`); + }); + points.forEach((p, i) => { + if (!(p instanceof c)) + throw new Error(`wrong point at index ${i}`); + }); + const wbits = bitLen(BigInt(points.length)); + const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits + const MASK = (1 << windowSize) - 1; + const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array + const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize; + let sum = c.ZERO; + for (let i = lastBits; i >= 0; i -= windowSize) { + buckets.fill(c.ZERO); + for (let j = 0; j < scalars.length; j++) { + const scalar = scalars[j]; + const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK)); + buckets[wbits] = buckets[wbits].add(points[j]); + } + let resI = c.ZERO; // not using this will do small speed-up, but will lose ct + // Skip first bucket, because it is zero + for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) { + sumI = sumI.add(buckets[j]); + resI = resI.add(sumI); + } + sum = sum.add(resI); + if (i !== 0) + for (let j = 0; j < windowSize; j++) + sum = sum.double(); + } + return sum; + } + function validateBasic(curve) { + validateField(curve.Fp); + validateObject(curve, { + n: 'bigint', + h: 'bigint', + Gx: 'field', + Gy: 'field', + }, { + nBitLength: 'isSafeInteger', + nByteLength: 'isSafeInteger', + }); + // Set defaults + return Object.freeze({ + ...nLength(curve.n, curve.nBitLength), + ...curve, + ...{ p: curve.Fp.ORDER }, + }); } - utils.zero2 = zero2; - function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // Short Weierstrass curve. The formula is: y² = x³ + ax + b + function validateSigVerOpts(opts) { + if (opts.lowS !== undefined) + abool('lowS', opts.lowS); + if (opts.prehash !== undefined) + abool('prehash', opts.prehash); + } + function validatePointOpts(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + a: 'field', + b: 'field', + }, { + allowedPrivateKeyLengths: 'array', + wrapPrivateKey: 'boolean', + isTorsionFree: 'function', + clearCofactor: 'function', + allowInfinityPoint: 'boolean', + fromBytes: 'function', + toBytes: 'function', + }); + const { endo, Fp, a } = opts; + if (endo) { + if (!Fp.eql(a, Fp.ZERO)) { + throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0'); + } + if (typeof endo !== 'object' || + typeof endo.beta !== 'bigint' || + typeof endo.splitScalar !== 'function') { + throw new Error('Expected endomorphism with beta: bigint and splitScalar: function'); + } + } + return Object.freeze({ ...opts }); + } + const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut; + /** + * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format: + * + * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S] + * + * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html + */ + const DER = { + // asn.1 DER encoding utils + Err: class DERErr extends Error { + constructor(m = '') { + super(m); + } + }, + // Basic building block is TLV (Tag-Length-Value) + _tlv: { + encode: (tag, data) => { + const { Err: E } = DER; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length & 1) + throw new E('tlv.encode: unpadded data'); + const dataLen = data.length / 2; + const len = numberToHexUnpadded(dataLen); + if ((len.length / 2) & 128) + throw new E('tlv.encode: long form length too big'); + // length of length with long form flag + const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : ''; + return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`; + }, + // v - value, l - left bytes (unparsed) + decode(tag, data) { + const { Err: E } = DER; + let pos = 0; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length < 2 || data[pos++] !== tag) + throw new E('tlv.decode: wrong tlv'); + const first = data[pos++]; + const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form + let length = 0; + if (!isLong) + length = first; + else { + // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)] + const lenLen = first & 127; + if (!lenLen) + throw new E('tlv.decode(long): indefinite length not supported'); + if (lenLen > 4) + throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js + const lengthBytes = data.subarray(pos, pos + lenLen); + if (lengthBytes.length !== lenLen) + throw new E('tlv.decode: length bytes not complete'); + if (lengthBytes[0] === 0) + throw new E('tlv.decode(long): zero leftmost byte'); + for (const b of lengthBytes) + length = (length << 8) | b; + pos += lenLen; + if (length < 128) + throw new E('tlv.decode(long): not minimal encoding'); + } + const v = data.subarray(pos, pos + length); + if (v.length !== length) + throw new E('tlv.decode: wrong value length'); + return { v, l: data.subarray(pos + length) }; + }, + }, + // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, + // since we always use positive integers here. It must always be empty: + // - add zero byte if exists + // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) + _int: { + encode(num) { + const { Err: E } = DER; + if (num < _0n$3) + throw new E('integer: negative integers are not allowed'); + let hex = numberToHexUnpadded(num); + // Pad with zero byte if negative flag is present + if (Number.parseInt(hex[0], 16) & 0b1000) + hex = '00' + hex; + if (hex.length & 1) + throw new E('unexpected assertion'); + return hex; + }, + decode(data) { + const { Err: E } = DER; + if (data[0] & 128) + throw new E('Invalid signature integer: negative'); + if (data[0] === 0x00 && !(data[1] & 128)) + throw new E('Invalid signature integer: unnecessary leading zero'); + return b2n(data); + }, + }, + toSig(hex) { + // parse DER signature + const { Err: E, _int: int, _tlv: tlv } = DER; + const data = typeof hex === 'string' ? h2b(hex) : hex; + abytes(data); + const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data); + if (seqLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes); + const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes); + if (sLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + return { r: int.decode(rBytes), s: int.decode(sBytes) }; + }, + hexFromSig(sig) { + const { _tlv: tlv, _int: int } = DER; + const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`; + return tlv.encode(0x30, seq); + }, + }; + // Be friendly to bad ECMAScript parsers by not using bigint literals + // prettier-ignore + const _0n$3 = BigInt(0), _1n$5 = BigInt(1); BigInt(2); const _3n$1 = BigInt(3); BigInt(4); + function weierstrassPoints(opts) { + const CURVE = validatePointOpts(opts); + const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ + const Fn = Field(CURVE.n, CURVE.nBitLength); + const toBytes = CURVE.toBytes || + ((_c, point, _isCompressed) => { + const a = point.toAffine(); + return concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y)); + }); + const fromBytes = CURVE.fromBytes || + ((bytes) => { + // const head = bytes[0]; + const tail = bytes.subarray(1); + // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported'); + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + }); + /** + * y² = x³ + ax + b: Short weierstrass curve formula + * @returns y² + */ + function weierstrassEquation(x) { + const { a, b } = CURVE; + const x2 = Fp.sqr(x); // x * x + const x3 = Fp.mul(x2, x); // x2 * x + return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b + } + // Validate whether the passed curve params are valid. + // We check if curve equation works for generator point. + // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381. + // ProjectivePoint class has not been initialized yet. + if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx))) + throw new Error('bad generator point: equation left != right'); + // Valid group elements reside in range 1..n-1 + function isWithinCurveOrder(num) { + return inRange(num, _1n$5, CURVE.n); + } + // Validates if priv key is valid and converts it to bigint. + // Supports options allowedPrivateKeyLengths and wrapPrivateKey. + function normPrivateKeyToScalar(key) { + const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE; + if (lengths && typeof key !== 'bigint') { + if (isBytes(key)) + key = bytesToHex(key); + // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes + if (typeof key !== 'string' || !lengths.includes(key.length)) + throw new Error('Invalid key'); + key = key.padStart(nByteLength * 2, '0'); + } + let num; + try { + num = + typeof key === 'bigint' + ? key + : bytesToNumberBE(ensureBytes('private key', key, nByteLength)); + } + catch (error) { + throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`); + } + if (wrapPrivateKey) + num = mod(num, N); // disabled by default, enabled for BLS + aInRange('private key', num, _1n$5, N); // num in range [1..N-1] + return num; + } + function assertPrjPoint(other) { + if (!(other instanceof Point)) + throw new Error('ProjectivePoint expected'); + } + // Memoized toAffine / validity check. They are heavy. Points are immutable. + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + const toAffineMemo = memoized((p, iz) => { + const { px: x, py: y, pz: z } = p; + // Fast-path for normalized points + if (Fp.eql(z, Fp.ONE)) + return { x, y }; + const is0 = p.is0(); + // If invZ was 0, we return zero point. However we still want to execute + // all operations, so we replace invZ with a random number, 1. + if (iz == null) + iz = is0 ? Fp.ONE : Fp.inv(z); + const ax = Fp.mul(x, iz); + const ay = Fp.mul(y, iz); + const zz = Fp.mul(z, iz); + if (is0) + return { x: Fp.ZERO, y: Fp.ZERO }; + if (!Fp.eql(zz, Fp.ONE)) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + // NOTE: on exception this will crash 'cached' and no value will be set. + // Otherwise true will be return + const assertValidMemo = memoized((p) => { + if (p.is0()) { + // (0, 1, 0) aka ZERO is invalid in most contexts. + // In BLS, ZERO can be serialized, so we allow it. + // (0, 0, 0) is wrong representation of ZERO and is always invalid. + if (CURVE.allowInfinityPoint && !Fp.is0(p.py)) + return; + throw new Error('bad point: ZERO'); + } + // Some 3rd-party test vectors require different wording between here & `fromCompressedHex` + const { x, y } = p.toAffine(); + // Check if x, y are valid field elements + if (!Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('bad point: x or y not FE'); + const left = Fp.sqr(y); // y² + const right = weierstrassEquation(x); // x³ + ax + b + if (!Fp.eql(left, right)) + throw new Error('bad point: equation left != right'); + if (!p.isTorsionFree()) + throw new Error('bad point: not in prime-order subgroup'); + return true; + }); + /** + * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z) + * Default Point works in 2d / affine coordinates: (x, y) + * We're doing calculations in projective, because its operations don't require costly inversion. + */ + class Point { + constructor(px, py, pz) { + this.px = px; + this.py = py; + this.pz = pz; + if (px == null || !Fp.isValid(px)) + throw new Error('x required'); + if (py == null || !Fp.isValid(py)) + throw new Error('y required'); + if (pz == null || !Fp.isValid(pz)) + throw new Error('z required'); + Object.freeze(this); + } + // Does not validate if the point is on-curve. + // Use fromHex instead, or call assertValidity() later. + static fromAffine(p) { + const { x, y } = p || {}; + if (!p || !Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('invalid affine point'); + if (p instanceof Point) + throw new Error('projective point not allowed'); + const is0 = (i) => Fp.eql(i, Fp.ZERO); + // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0) + if (is0(x) && is0(y)) + return Point.ZERO; + return new Point(x, y, Fp.ONE); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + /** + * Takes a bunch of Projective Points but executes only one + * inversion on all of them. Inversion is very slow operation, + * so this improves performance massively. + * Optimization: converts a list of projective points to a list of identical points with Z=1. + */ + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.pz)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + /** + * Converts hash string or Uint8Array to Point. + * @param hex short/long ECDSA hex + */ + static fromHex(hex) { + const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex))); + P.assertValidity(); + return P; + } + // Multiplies generator point by privateKey. + static fromPrivateKey(privateKey) { + return Point.BASE.multiply(normPrivateKeyToScalar(privateKey)); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // A point on curve is valid if it conforms to equation. + assertValidity() { + assertValidMemo(this); + } + hasEvenY() { + const { y } = this.toAffine(); + if (Fp.isOdd) + return !Fp.isOdd(y); + throw new Error("Field doesn't support isOdd"); + } + /** + * Compare one point to another. + */ + equals(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1)); + const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1)); + return U1 && U2; + } + /** + * Flips point to one corresponding to (x, -y) in Affine coordinates. + */ + negate() { + return new Point(this.px, Fp.neg(this.py), this.pz); + } + // Renes-Costello-Batina exception-free doubling formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 3 + // Cost: 8M + 3S + 3*a + 2*b3 + 15add. + double() { + const { a, b } = CURVE; + const b3 = Fp.mul(b, _3n$1); + const { px: X1, py: Y1, pz: Z1 } = this; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + let t0 = Fp.mul(X1, X1); // step 1 + let t1 = Fp.mul(Y1, Y1); + let t2 = Fp.mul(Z1, Z1); + let t3 = Fp.mul(X1, Y1); + t3 = Fp.add(t3, t3); // step 5 + Z3 = Fp.mul(X1, Z1); + Z3 = Fp.add(Z3, Z3); + X3 = Fp.mul(a, Z3); + Y3 = Fp.mul(b3, t2); + Y3 = Fp.add(X3, Y3); // step 10 + X3 = Fp.sub(t1, Y3); + Y3 = Fp.add(t1, Y3); + Y3 = Fp.mul(X3, Y3); + X3 = Fp.mul(t3, X3); + Z3 = Fp.mul(b3, Z3); // step 15 + t2 = Fp.mul(a, t2); + t3 = Fp.sub(t0, t2); + t3 = Fp.mul(a, t3); + t3 = Fp.add(t3, Z3); + Z3 = Fp.add(t0, t0); // step 20 + t0 = Fp.add(Z3, t0); + t0 = Fp.add(t0, t2); + t0 = Fp.mul(t0, t3); + Y3 = Fp.add(Y3, t0); + t2 = Fp.mul(Y1, Z1); // step 25 + t2 = Fp.add(t2, t2); + t0 = Fp.mul(t2, t3); + X3 = Fp.sub(X3, t0); + Z3 = Fp.mul(t2, t1); + Z3 = Fp.add(Z3, Z3); // step 30 + Z3 = Fp.add(Z3, Z3); + return new Point(X3, Y3, Z3); + } + // Renes-Costello-Batina exception-free addition formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 1 + // Cost: 12M + 0S + 3*a + 3*b3 + 23add. + add(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + const a = CURVE.a; + const b3 = Fp.mul(CURVE.b, _3n$1); + let t0 = Fp.mul(X1, X2); // step 1 + let t1 = Fp.mul(Y1, Y2); + let t2 = Fp.mul(Z1, Z2); + let t3 = Fp.add(X1, Y1); + let t4 = Fp.add(X2, Y2); // step 5 + t3 = Fp.mul(t3, t4); + t4 = Fp.add(t0, t1); + t3 = Fp.sub(t3, t4); + t4 = Fp.add(X1, Z1); + let t5 = Fp.add(X2, Z2); // step 10 + t4 = Fp.mul(t4, t5); + t5 = Fp.add(t0, t2); + t4 = Fp.sub(t4, t5); + t5 = Fp.add(Y1, Z1); + X3 = Fp.add(Y2, Z2); // step 15 + t5 = Fp.mul(t5, X3); + X3 = Fp.add(t1, t2); + t5 = Fp.sub(t5, X3); + Z3 = Fp.mul(a, t4); + X3 = Fp.mul(b3, t2); // step 20 + Z3 = Fp.add(X3, Z3); + X3 = Fp.sub(t1, Z3); + Z3 = Fp.add(t1, Z3); + Y3 = Fp.mul(X3, Z3); + t1 = Fp.add(t0, t0); // step 25 + t1 = Fp.add(t1, t0); + t2 = Fp.mul(a, t2); + t4 = Fp.mul(b3, t4); + t1 = Fp.add(t1, t2); + t2 = Fp.sub(t0, t2); // step 30 + t2 = Fp.mul(a, t2); + t4 = Fp.add(t4, t2); + t0 = Fp.mul(t1, t4); + Y3 = Fp.add(Y3, t0); + t0 = Fp.mul(t5, t4); // step 35 + X3 = Fp.mul(t3, X3); + X3 = Fp.sub(X3, t0); + t0 = Fp.mul(t3, t1); + Z3 = Fp.mul(t5, Z3); + Z3 = Fp.add(Z3, t0); // step 40 + return new Point(X3, Y3, Z3); + } + subtract(other) { + return this.add(other.negate()); + } + is0() { + return this.equals(Point.ZERO); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + /** + * Non-constant-time multiplication. Uses double-and-add algorithm. + * It's faster, but should only be used when you don't care about + * an exposed private key e.g. sig verification, which works over *public* keys. + */ + multiplyUnsafe(sc) { + aInRange('scalar', sc, _0n$3, CURVE.n); + const I = Point.ZERO; + if (sc === _0n$3) + return I; + if (sc === _1n$5) + return this; + const { endo } = CURVE; + if (!endo) + return wnaf.unsafeLadder(this, sc); + // Apply endomorphism + let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc); + let k1p = I; + let k2p = I; + let d = this; + while (k1 > _0n$3 || k2 > _0n$3) { + if (k1 & _1n$5) + k1p = k1p.add(d); + if (k2 & _1n$5) + k2p = k2p.add(d); + d = d.double(); + k1 >>= _1n$5; + k2 >>= _1n$5; + } + if (k1neg) + k1p = k1p.negate(); + if (k2neg) + k2p = k2p.negate(); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + return k1p.add(k2p); + } + /** + * Constant time multiplication. + * Uses wNAF method. Windowed method may be 10% faster, + * but takes 2x longer to generate and consumes 2x memory. + * Uses precomputes when available. + * Uses endomorphism for Koblitz curves. + * @param scalar by which the point would be multiplied + * @returns New point + */ + multiply(scalar) { + const { endo, n: N } = CURVE; + aInRange('scalar', scalar, _1n$5, N); + let point, fake; // Fake point is used to const-time mult + if (endo) { + const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar); + let { p: k1p, f: f1p } = this.wNAF(k1); + let { p: k2p, f: f2p } = this.wNAF(k2); + k1p = wnaf.constTimeNegate(k1neg, k1p); + k2p = wnaf.constTimeNegate(k2neg, k2p); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + point = k1p.add(k2p); + fake = f1p.add(f2p); + } + else { + const { p, f } = this.wNAF(scalar); + point = p; + fake = f; + } + // Normalize `z` for both points, but return only real one + return Point.normalizeZ([point, fake])[0]; + } + /** + * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly. + * Not using Strauss-Shamir trick: precomputation tables are faster. + * The trick could be useful if both P and Q are not G (not in our case). + * @returns non-zero affine point + */ + multiplyAndAddUnsafe(Q, a, b) { + const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes + const mul = (P, a // Select faster multiply() method + ) => (a === _0n$3 || a === _1n$5 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a)); + const sum = mul(this, a).add(mul(Q, b)); + return sum.is0() ? undefined : sum; + } + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + toAffine(iz) { + return toAffineMemo(this, iz); + } + isTorsionFree() { + const { h: cofactor, isTorsionFree } = CURVE; + if (cofactor === _1n$5) + return true; // No subgroups, always torsion-free + if (isTorsionFree) + return isTorsionFree(Point, this); + throw new Error('isTorsionFree() has not been declared for the elliptic curve'); + } + clearCofactor() { + const { h: cofactor, clearCofactor } = CURVE; + if (cofactor === _1n$5) + return this; // Fast-path + if (clearCofactor) + return clearCofactor(Point, this); + return this.multiplyUnsafe(CURVE.h); + } + toRawBytes(isCompressed = true) { + abool('isCompressed', isCompressed); + this.assertValidity(); + return toBytes(Point, this, isCompressed); + } + toHex(isCompressed = true) { + abool('isCompressed', isCompressed); + return bytesToHex(this.toRawBytes(isCompressed)); + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); + Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); + const _bits = CURVE.nBitLength; + const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); + // Validate if generator point is on curve + return { + CURVE, + ProjectivePoint: Point, + normPrivateKeyToScalar, + weierstrassEquation, + isWithinCurveOrder, + }; } - utils.toHex = toHex; - - utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; - }; - }); - - var utils_1$1 = createCommonjsModule(function (module, exports) { - - var utils = exports; - - - - - utils.assert = minimalisticAssert; - utils.toArray = utils_1.toArray; - utils.zero2 = utils_1.zero2; - utils.toHex = utils_1.toHex; - utils.encode = utils_1.encode; - - // Represent num in a w-NAF form - function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; + function validateOpts$2(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + hash: 'hash', + hmac: 'function', + randomBytes: 'function', + }, { + bits2int: 'function', + bits2int_modN: 'function', + lowS: 'boolean', + }); + return Object.freeze({ lowS: true, ...opts }); + } + /** + * Creates short weierstrass curve and ECDSA signature methods for it. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, b, p, n, Gx, Gy + * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n }) + */ + function weierstrass(curveDef) { + const CURVE = validateOpts$2(curveDef); + const { Fp, n: CURVE_ORDER } = CURVE; + const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32 + const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32 + function modN(a) { + return mod(a, CURVE_ORDER); + } + function invN(a) { + return invert(a, CURVE_ORDER); + } + const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({ + ...CURVE, + toBytes(_c, point, isCompressed) { + const a = point.toAffine(); + const x = Fp.toBytes(a.x); + const cat = concatBytes; + abool('isCompressed', isCompressed); + if (isCompressed) { + return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x); + } + else { + return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y)); + } + }, + fromBytes(bytes) { + const len = bytes.length; + const head = bytes[0]; + const tail = bytes.subarray(1); + // this.assertValidity() is done inside of fromHex + if (len === compressedLen && (head === 0x02 || head === 0x03)) { + const x = bytesToNumberBE(tail); + if (!inRange(x, _1n$5, Fp.ORDER)) + throw new Error('Point is not on curve'); + const y2 = weierstrassEquation(x); // y² = x³ + ax + b + let y; + try { + y = Fp.sqrt(y2); // y = y² ^ (p+1)/4 + } + catch (sqrtError) { + const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : ''; + throw new Error('Point is not on curve' + suffix); + } + const isYOdd = (y & _1n$5) === _1n$5; + // ECDSA + const isHeadOdd = (head & 1) === 1; + if (isHeadOdd !== isYOdd) + y = Fp.neg(y); + return { x, y }; + } + else if (len === uncompressedLen && head === 0x04) { + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + } + else { + throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`); + } + }, + }); + const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength)); + function isBiggerThanHalfOrder(number) { + const HALF = CURVE_ORDER >> _1n$5; + return number > HALF; } - naf.push(z); - - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.iushrn(shift); - } - - return naf; - } - utils.getNAF = getNAF; - - // Represent k1, k2 in a Joint Sparse Form - function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; + function normalizeS(s) { + return isBiggerThanHalfOrder(s) ? modN(-s) : s; } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; + // slice bytes num + const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to)); + /** + * ECDSA signature with its (r, s) properties. Supports DER & compact representations. + */ + class Signature { + constructor(r, s, recovery) { + this.r = r; + this.s = s; + this.recovery = recovery; + this.assertValidity(); + } + // pair (bytes of r, bytes of s) + static fromCompact(hex) { + const l = CURVE.nByteLength; + hex = ensureBytes('compactSignature', hex, l * 2); + return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l)); + } + // DER encoded ECDSA signature + // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script + static fromDER(hex) { + const { r, s } = DER.toSig(ensureBytes('DER', hex)); + return new Signature(r, s); + } + assertValidity() { + aInRange('r', this.r, _1n$5, CURVE_ORDER); // r in [1..N] + aInRange('s', this.s, _1n$5, CURVE_ORDER); // s in [1..N] + } + addRecoveryBit(recovery) { + return new Signature(this.r, this.s, recovery); + } + recoverPublicKey(msgHash) { + const { r, s, recovery: rec } = this; + const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash + if (rec == null || ![0, 1, 2, 3].includes(rec)) + throw new Error('recovery id invalid'); + const radj = rec === 2 || rec === 3 ? r + CURVE.n : r; + if (radj >= Fp.ORDER) + throw new Error('recovery id 2 or 3 invalid'); + const prefix = (rec & 1) === 0 ? '02' : '03'; + const R = Point.fromHex(prefix + numToNByteStr(radj)); + const ir = invN(radj); // r^-1 + const u1 = modN(-h * ir); // -hr^-1 + const u2 = modN(s * ir); // sr^-1 + const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1) + if (!Q) + throw new Error('point at infinify'); // unsafe is fine: no priv data leaked + Q.assertValidity(); + return Q; + } + // Signatures should be low-s, to prevent malleability. + hasHighS() { + return isBiggerThanHalfOrder(this.s); + } + normalizeS() { + return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this; + } + // DER-encoded + toDERRawBytes() { + return hexToBytes(this.toDERHex()); + } + toDERHex() { + return DER.hexFromSig({ r: this.r, s: this.s }); + } + // padded bytes of r, then padded bytes of s + toCompactRawBytes() { + return hexToBytes(this.toCompactHex()); + } + toCompactHex() { + return numToNByteStr(this.r) + numToNByteStr(this.s); + } + } + const utils = { + isValidPrivateKey(privateKey) { + try { + normPrivateKeyToScalar(privateKey); + return true; + } + catch (error) { + return false; + } + }, + normPrivateKeyToScalar: normPrivateKeyToScalar, + /** + * Produces cryptographically secure private key from random of size + * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible. + */ + randomPrivateKey: () => { + const length = getMinHashLength(CURVE.n); + return mapHashToField(CURVE.randomBytes(length), CURVE.n); + }, + /** + * Creates precompute table for an arbitrary EC point. Makes point "cached". + * Allows to massively speed-up `point.multiply(scalar)`. + * @returns cached point + * @example + * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey)); + * fast.multiply(privKey); // much faster ECDH now + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here + return point; + }, + }; + /** + * Computes public key for a private key. Checks for validity of the private key. + * @param privateKey private key + * @param isCompressed whether to return compact (default), or full key + * @returns Public key, full when isCompressed=false; short when isCompressed=true + */ + function getPublicKey(privateKey, isCompressed = true) { + return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed); } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.iushrn(1); - k2.iushrn(1); - } - - return jsf; + /** + * Quick and dirty check for item being public key. Does not validate hex, or being on-curve. + */ + function isProbPub(item) { + const arr = isBytes(item); + const str = typeof item === 'string'; + const len = (arr || str) && item.length; + if (arr) + return len === compressedLen || len === uncompressedLen; + if (str) + return len === 2 * compressedLen || len === 2 * uncompressedLen; + if (item instanceof Point) + return true; + return false; + } + /** + * ECDH (Elliptic Curve Diffie Hellman). + * Computes shared public key from private key and public key. + * Checks: 1) private key validity 2) shared key is on-curve. + * Does NOT hash the result. + * @param privateA private key + * @param publicB different public key + * @param isCompressed whether to return compact (default), or full key + * @returns shared public key + */ + function getSharedSecret(privateA, publicB, isCompressed = true) { + if (isProbPub(privateA)) + throw new Error('first arg must be private key'); + if (!isProbPub(publicB)) + throw new Error('second arg must be public key'); + const b = Point.fromHex(publicB); // check for being on-curve + return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed); + } + // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets. + // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int. + // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same. + // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors + const bits2int = CURVE.bits2int || + function (bytes) { + // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m) + // for some cases, since bytes.length * 8 is not actual bitLength. + const num = bytesToNumberBE(bytes); // check for == u8 done here + const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits + return delta > 0 ? num >> BigInt(delta) : num; + }; + const bits2int_modN = CURVE.bits2int_modN || + function (bytes) { + return modN(bits2int(bytes)); // can't use bytesToNumberBE here + }; + // NOTE: pads output with zero as per spec + const ORDER_MASK = bitMask(CURVE.nBitLength); + /** + * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`. + */ + function int2octets(num) { + aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n$3, ORDER_MASK); + // works with order, can have different size than numToField! + return numberToBytesBE(num, CURVE.nByteLength); + } + // Steps A, D of RFC6979 3.2 + // Creates RFC6979 seed; converts msg/privKey to numbers. + // Used only in sign, not in verify. + // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521. + // Also it can be bigger for P224 + SHA256 + function prepSig(msgHash, privateKey, opts = defaultSigOpts) { + if (['recovered', 'canonical'].some((k) => k in opts)) + throw new Error('sign() legacy options not supported'); + const { hash, randomBytes } = CURVE; + let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default + if (lowS == null) + lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash + msgHash = ensureBytes('msgHash', msgHash); + validateSigVerOpts(opts); + if (prehash) + msgHash = ensureBytes('prehashed msgHash', hash(msgHash)); + // We can't later call bits2octets, since nested bits2int is broken for curves + // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call. + // const bits2octets = (bits) => int2octets(bits2int_modN(bits)) + const h1int = bits2int_modN(msgHash); + const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint + const seedArgs = [int2octets(d), int2octets(h1int)]; + // extraEntropy. RFC6979 3.6: additional k' (optional). + if (ent != null && ent !== false) { + // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') + const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is + seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes + } + const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2 + const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash! + // Converts signature params into point w r/s, checks result for validity. + function k2sig(kBytes) { + // RFC 6979 Section 3.2, step 3: k = bits2int(T) + const k = bits2int(kBytes); // Cannot use fields methods, since it is group element + if (!isWithinCurveOrder(k)) + return; // Important: all mod() calls here must be done over N + const ik = invN(k); // k^-1 mod n + const q = Point.BASE.multiply(k).toAffine(); // q = Gk + const r = modN(q.x); // r = q.x mod n + if (r === _0n$3) + return; + // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to + // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it: + // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT + const s = modN(ik * modN(m + r * d)); // Not using blinding here + if (s === _0n$3) + return; + let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$5); // recovery bit (2 or 3, when q.x > n) + let normS = s; + if (lowS && isBiggerThanHalfOrder(s)) { + normS = normalizeS(s); // if lowS was passed, ensure s is always + recovery ^= 1; // // in the bottom half of N + } + return new Signature(r, normS, recovery); // use normS, not s + } + return { seed, k2sig }; + } + const defaultSigOpts = { lowS: CURVE.lowS, prehash: false }; + const defaultVerOpts = { lowS: CURVE.lowS, prehash: false }; + /** + * Signs message hash with a private key. + * ``` + * sign(m, d, k) where + * (x, y) = G × k + * r = x mod n + * s = (m + dr)/k mod n + * ``` + * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`. + * @param privKey private key + * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg. + * @returns signature with recovery param + */ + function sign(msgHash, privKey, opts = defaultSigOpts) { + const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2. + const C = CURVE; + const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac); + return drbg(seed, k2sig); // Steps B, C, D, E, F, G + } + // Enable precomputes. Slows down first publicKey computation by 20ms. + Point.BASE._setWindowSize(8); + // utils.precompute(8, ProjectivePoint.BASE) + /** + * Verifies a signature against message hash and public key. + * Rejects lowS signatures by default: to override, + * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf: + * + * ``` + * verify(r, s, h, P) where + * U1 = hs^-1 mod n + * U2 = rs^-1 mod n + * R = U1⋅G - U2⋅P + * mod(R.x, n) == r + * ``` + */ + function verify(signature, msgHash, publicKey, opts = defaultVerOpts) { + const sg = signature; + msgHash = ensureBytes('msgHash', msgHash); + publicKey = ensureBytes('publicKey', publicKey); + if ('strict' in opts) + throw new Error('options.strict was renamed to lowS'); + validateSigVerOpts(opts); + const { lowS, prehash } = opts; + let _sig = undefined; + let P; + try { + if (typeof sg === 'string' || isBytes(sg)) { + // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). + // Since DER can also be 2*nByteLength bytes, we check for it first. + try { + _sig = Signature.fromDER(sg); + } + catch (derError) { + if (!(derError instanceof DER.Err)) + throw derError; + _sig = Signature.fromCompact(sg); + } + } + else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') { + const { r, s } = sg; + _sig = new Signature(r, s); + } + else { + throw new Error('PARSE'); + } + P = Point.fromHex(publicKey); + } + catch (error) { + if (error.message === 'PARSE') + throw new Error(`signature must be Signature instance, Uint8Array or hex string`); + return false; + } + if (lowS && _sig.hasHighS()) + return false; + if (prehash) + msgHash = CURVE.hash(msgHash); + const { r, s } = _sig; + const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element + const is = invN(s); // s^-1 + const u1 = modN(h * is); // u1 = hs^-1 mod n + const u2 = modN(r * is); // u2 = rs^-1 mod n + const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P + if (!R) + return false; + const v = modN(R.x); + return v === r; + } + return { + CURVE, + getPublicKey, + getSharedSecret, + sign, + verify, + ProjectivePoint: Point, + Signature, + utils, + }; } - utils.getJSF = getJSF; - function cachedProperty(obj, name, computer) { - var key = '_' + name; - obj.prototype[name] = function cachedProperty() { - return this[key] !== undefined ? this[key] : - this[key] = computer.call(this); - }; + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // connects noble-curves to noble-hashes + function getHash(hash) { + return { + hash, + hmac: (key, ...msgs) => hmac(hash, key, concatBytes$1(...msgs)), + randomBytes, + }; + } + function createCurve(curveDef, defHash) { + const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); + return Object.freeze({ ...create(defHash), create }); + } + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // NIST secp256r1 aka p256 + // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 + const Fp$7 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')); + const CURVE_A$4 = Fp$7.create(BigInt('-3')); + const CURVE_B$4 = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'); + // prettier-ignore + const p256 = createCurve({ + a: CURVE_A$4, // Equation params: a, b + b: CURVE_B$4, + Fp: Fp$7, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n + // Curve order, total count of valid points in the field + n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'), + // Base (generator) point (x, y) + Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'), + Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'), + h: BigInt(1), + lowS: false, + }, sha256); + + const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1); + const _32n = /* @__PURE__ */ BigInt(32); + // We are not using BigUint64Array, because they are extremely slow as per 2022 + function fromBig(n, le = false) { + if (le) + return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) }; + return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 }; + } + function split(lst, le = false) { + let Ah = new Uint32Array(lst.length); + let Al = new Uint32Array(lst.length); + for (let i = 0; i < lst.length; i++) { + const { h, l } = fromBig(lst[i], le); + [Ah[i], Al[i]] = [h, l]; + } + return [Ah, Al]; + } + const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0); + // for Shift in [0, 32) + const shrSH = (h, _l, s) => h >>> s; + const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); + // Right rotate for Shift in [1, 32) + const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s)); + const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); + // Right rotate for Shift in (32, 64), NOTE: 32 is special case. + const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32)); + const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s)); + // Right rotate for shift===32 (just swaps l&h) + const rotr32H = (_h, l) => l; + const rotr32L = (h, _l) => h; + // Left rotate for Shift in [1, 32) + const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s)); + const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s)); + // Left rotate for Shift in (32, 64), NOTE: 32 is special case. + const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s)); + const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s)); + // JS uses 32-bit signed integers for bitwise operations which means we cannot + // simple take carry out of low bit sum by shift, we need to use division. + function add(Ah, Al, Bh, Bl) { + const l = (Al >>> 0) + (Bl >>> 0); + return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 }; + } + // Addition with more than 2 elements + const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0); + const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0; + const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0); + const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0; + const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0); + const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0; + // prettier-ignore + const u64 = { + fromBig, split, toBig, + shrSH, shrSL, + rotrSH, rotrSL, rotrBH, rotrBL, + rotr32H, rotr32L, + rotlSH, rotlSL, rotlBH, rotlBL, + add, add3L, add3H, add4L, add4H, add5H, add5L, + }; + + // Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409): + // prettier-ignore + const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([ + '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc', + '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118', + '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2', + '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694', + '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65', + '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5', + '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4', + '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70', + '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df', + '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b', + '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30', + '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8', + '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8', + '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3', + '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec', + '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b', + '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178', + '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b', + '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c', + '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817' + ].map(n => BigInt(n))))(); + // Temporary buffer, not used to store anything between runs + const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80); + const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80); + class SHA512 extends HashMD { + constructor() { + super(128, 64, 16, false); + // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers. + // Also looks cleaner and easier to verify with spec. + // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19): + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0x6a09e667 | 0; + this.Al = 0xf3bcc908 | 0; + this.Bh = 0xbb67ae85 | 0; + this.Bl = 0x84caa73b | 0; + this.Ch = 0x3c6ef372 | 0; + this.Cl = 0xfe94f82b | 0; + this.Dh = 0xa54ff53a | 0; + this.Dl = 0x5f1d36f1 | 0; + this.Eh = 0x510e527f | 0; + this.El = 0xade682d1 | 0; + this.Fh = 0x9b05688c | 0; + this.Fl = 0x2b3e6c1f | 0; + this.Gh = 0x1f83d9ab | 0; + this.Gl = 0xfb41bd6b | 0; + this.Hh = 0x5be0cd19 | 0; + this.Hl = 0x137e2179 | 0; + } + // prettier-ignore + get() { + const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl]; + } + // prettier-ignore + set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) { + this.Ah = Ah | 0; + this.Al = Al | 0; + this.Bh = Bh | 0; + this.Bl = Bl | 0; + this.Ch = Ch | 0; + this.Cl = Cl | 0; + this.Dh = Dh | 0; + this.Dl = Dl | 0; + this.Eh = Eh | 0; + this.El = El | 0; + this.Fh = Fh | 0; + this.Fl = Fl | 0; + this.Gh = Gh | 0; + this.Gl = Gl | 0; + this.Hh = Hh | 0; + this.Hl = Hl | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) { + SHA512_W_H[i] = view.getUint32(offset); + SHA512_W_L[i] = view.getUint32((offset += 4)); + } + for (let i = 16; i < 80; i++) { + // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7) + const W15h = SHA512_W_H[i - 15] | 0; + const W15l = SHA512_W_L[i - 15] | 0; + const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7); + const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7); + // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6) + const W2h = SHA512_W_H[i - 2] | 0; + const W2l = SHA512_W_L[i - 2] | 0; + const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6); + const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6); + // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16]; + const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]); + const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]); + SHA512_W_H[i] = SUMh | 0; + SHA512_W_L[i] = SUMl | 0; + } + let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + // Compression function main loop, 80 rounds + for (let i = 0; i < 80; i++) { + // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41) + const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41); + const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41); + //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const CHIh = (Eh & Fh) ^ (~Eh & Gh); + const CHIl = (El & Fl) ^ (~El & Gl); + // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i] + // prettier-ignore + const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]); + const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]); + const T1l = T1ll | 0; + // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39) + const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39); + const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39); + const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch); + const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl); + Hh = Gh | 0; + Hl = Gl | 0; + Gh = Fh | 0; + Gl = Fl | 0; + Fh = Eh | 0; + Fl = El | 0; + ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0)); + Dh = Ch | 0; + Dl = Cl | 0; + Ch = Bh | 0; + Cl = Bl | 0; + Bh = Ah | 0; + Bl = Al | 0; + const All = u64.add3L(T1l, sigma0l, MAJl); + Ah = u64.add3H(All, T1h, sigma0h, MAJh); + Al = All | 0; + } + // Add the compressed chunk to the current hash value + ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0)); + ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0)); + ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0)); + ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0)); + ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0)); + ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0)); + ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0)); + ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0)); + this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl); + } + roundClean() { + SHA512_W_H.fill(0); + SHA512_W_L.fill(0); + } + destroy() { + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + } + } + class SHA384 extends SHA512 { + constructor() { + super(); + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0xcbbb9d5d | 0; + this.Al = 0xc1059ed8 | 0; + this.Bh = 0x629a292a | 0; + this.Bl = 0x367cd507 | 0; + this.Ch = 0x9159015a | 0; + this.Cl = 0x3070dd17 | 0; + this.Dh = 0x152fecd8 | 0; + this.Dl = 0xf70e5939 | 0; + this.Eh = 0x67332667 | 0; + this.El = 0xffc00b31 | 0; + this.Fh = 0x8eb44a87 | 0; + this.Fl = 0x68581511 | 0; + this.Gh = 0xdb0c2e0d | 0; + this.Gl = 0x64f98fa7 | 0; + this.Hh = 0x47b5481d | 0; + this.Hl = 0xbefa4fa4 | 0; + this.outputLen = 48; + } + } + const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512()); + const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384()); + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // NIST secp384r1 aka p384 + // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 + // Field over which we'll do calculations. + // prettier-ignore + const P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'); + const Fp$6 = Field(P$1); + const CURVE_A$3 = Fp$6.create(BigInt('-3')); + // prettier-ignore + const CURVE_B$3 = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'); + // prettier-ignore + const p384 = createCurve({ + a: CURVE_A$3, // Equation params: a, b + b: CURVE_B$3, + Fp: Fp$6, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n + // Curve order, total count of valid points in the field. + n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'), + // Base (generator) point (x, y) + Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'), + Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'), + h: BigInt(1), + lowS: false, + }, sha384); + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // NIST secp521r1 aka p521 + // Note that it's 521, which differs from 512 of its hash function. + // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521 + // Field over which we'll do calculations. + // prettier-ignore + const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + const Fp$5 = Field(P); + const CURVE = { + a: Fp$5.create(BigInt('-3')), + b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'), + Fp: Fp$5, + n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'), + Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'), + Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'), + h: BigInt(1), + }; + // prettier-ignore + const p521 = createCurve({ + a: CURVE.a, // Equation params: a, b + b: CURVE.b, + Fp: Fp$5, // Field: 2n**521n - 1n + // Curve order, total count of valid points in the field + n: CURVE.n, + Gx: CURVE.Gx, // Base point (x, y) aka generator point + Gy: CURVE.Gy, + h: CURVE.h, + lowS: false, + allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b + }, sha512); + + // SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size. + // It's called a sponge function. + // Various per round constants calculations + const SHA3_PI = []; + const SHA3_ROTL = []; + const _SHA3_IOTA = []; + const _0n$2 = /* @__PURE__ */ BigInt(0); + const _1n$4 = /* @__PURE__ */ BigInt(1); + const _2n$3 = /* @__PURE__ */ BigInt(2); + const _7n = /* @__PURE__ */ BigInt(7); + const _256n = /* @__PURE__ */ BigInt(256); + const _0x71n = /* @__PURE__ */ BigInt(0x71); + for (let round = 0, R = _1n$4, x = 1, y = 0; round < 24; round++) { + // Pi + [x, y] = [y, (2 * x + 3 * y) % 5]; + SHA3_PI.push(2 * (5 * y + x)); + // Rotational + SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64); + // Iota + let t = _0n$2; + for (let j = 0; j < 7; j++) { + R = ((R << _1n$4) ^ ((R >> _7n) * _0x71n)) % _256n; + if (R & _2n$3) + t ^= _1n$4 << ((_1n$4 << /* @__PURE__ */ BigInt(j)) - _1n$4); + } + _SHA3_IOTA.push(t); + } + const [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true); + // Left rotation (without 0, 32, 64) + const rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s)); + const rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s)); + // Same as keccakf1600, but allows to skip some rounds + function keccakP(s, rounds = 24) { + const B = new Uint32Array(5 * 2); + // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js) + for (let round = 24 - rounds; round < 24; round++) { + // Theta θ + for (let x = 0; x < 10; x++) + B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40]; + for (let x = 0; x < 10; x += 2) { + const idx1 = (x + 8) % 10; + const idx0 = (x + 2) % 10; + const B0 = B[idx0]; + const B1 = B[idx0 + 1]; + const Th = rotlH(B0, B1, 1) ^ B[idx1]; + const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1]; + for (let y = 0; y < 50; y += 10) { + s[x + y] ^= Th; + s[x + y + 1] ^= Tl; + } + } + // Rho (ρ) and Pi (π) + let curH = s[2]; + let curL = s[3]; + for (let t = 0; t < 24; t++) { + const shift = SHA3_ROTL[t]; + const Th = rotlH(curH, curL, shift); + const Tl = rotlL(curH, curL, shift); + const PI = SHA3_PI[t]; + curH = s[PI]; + curL = s[PI + 1]; + s[PI] = Th; + s[PI + 1] = Tl; + } + // Chi (χ) + for (let y = 0; y < 50; y += 10) { + for (let x = 0; x < 10; x++) + B[x] = s[y + x]; + for (let x = 0; x < 10; x++) + s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10]; + } + // Iota (ι) + s[0] ^= SHA3_IOTA_H[round]; + s[1] ^= SHA3_IOTA_L[round]; + } + B.fill(0); + } + class Keccak extends Hash { + // NOTE: we accept arguments in bytes instead of bits here. + constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) { + super(); + this.blockLen = blockLen; + this.suffix = suffix; + this.outputLen = outputLen; + this.enableXOF = enableXOF; + this.rounds = rounds; + this.pos = 0; + this.posOut = 0; + this.finished = false; + this.destroyed = false; + // Can be passed from user as dkLen + number(outputLen); + // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes + if (0 >= this.blockLen || this.blockLen >= 200) + throw new Error('Sha3 supports only keccak-f1600 function'); + this.state = new Uint8Array(200); + this.state32 = u32(this.state); + } + keccak() { + if (!isLE) + byteSwap32(this.state32); + keccakP(this.state32, this.rounds); + if (!isLE) + byteSwap32(this.state32); + this.posOut = 0; + this.pos = 0; + } + update(data) { + exists(this); + const { blockLen, state } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + for (let i = 0; i < take; i++) + state[this.pos++] ^= data[pos++]; + if (this.pos === blockLen) + this.keccak(); + } + return this; + } + finish() { + if (this.finished) + return; + this.finished = true; + const { state, suffix, pos, blockLen } = this; + // Do the padding + state[pos] ^= suffix; + if ((suffix & 0x80) !== 0 && pos === blockLen - 1) + this.keccak(); + state[blockLen - 1] ^= 0x80; + this.keccak(); + } + writeInto(out) { + exists(this, false); + bytes(out); + this.finish(); + const bufferOut = this.state; + const { blockLen } = this; + for (let pos = 0, len = out.length; pos < len;) { + if (this.posOut >= blockLen) + this.keccak(); + const take = Math.min(blockLen - this.posOut, len - pos); + out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos); + this.posOut += take; + pos += take; + } + return out; + } + xofInto(out) { + // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF + if (!this.enableXOF) + throw new Error('XOF is not possible for this instance'); + return this.writeInto(out); + } + xof(bytes) { + number(bytes); + return this.xofInto(new Uint8Array(bytes)); + } + digestInto(out) { + output(out, this); + if (this.finished) + throw new Error('digest() was already called'); + this.writeInto(out); + this.destroy(); + return out; + } + digest() { + return this.digestInto(new Uint8Array(this.outputLen)); + } + destroy() { + this.destroyed = true; + this.state.fill(0); + } + _cloneInto(to) { + const { blockLen, suffix, outputLen, rounds, enableXOF } = this; + to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds)); + to.state32.set(this.state32); + to.pos = this.pos; + to.posOut = this.posOut; + to.finished = this.finished; + to.rounds = rounds; + // Suffix can change in cSHAKE + to.suffix = suffix; + to.outputLen = outputLen; + to.enableXOF = enableXOF; + to.destroyed = this.destroyed; + return to; + } + } + const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen)); + /** + * SHA3-256 hash function + * @param message - that would be hashed + */ + const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8); + const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8); + const genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true)); + const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8); + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + // Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² + // Be friendly to bad ECMAScript parsers by not using bigint literals + // prettier-ignore + const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n = BigInt(8); + // verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex: + const VERIFY_DEFAULT = { zip215: true }; + function validateOpts$1(curve) { + const opts = validateBasic(curve); + validateObject(curve, { + hash: 'function', + a: 'bigint', + d: 'bigint', + randomBytes: 'function', + }, { + adjustScalarBytes: 'function', + domain: 'function', + uvRatio: 'function', + mapToCurve: 'function', + }); + // Set defaults + return Object.freeze({ ...opts }); + } + /** + * Creates Twisted Edwards curve with EdDSA signatures. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h + * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h }) + */ + function twistedEdwards(curveDef) { + const CURVE = validateOpts$1(curveDef); + const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE; + const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3); + const modP = Fp.create; // Function overrides + const Fn = Field(CURVE.n, CURVE.nBitLength); + // sqrt(u/v) + const uvRatio = CURVE.uvRatio || + ((u, v) => { + try { + return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) }; + } + catch (e) { + return { isValid: false, value: _0n$1 }; + } + }); + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP + const domain = CURVE.domain || + ((data, ctx, phflag) => { + abool('phflag', phflag); + if (ctx.length || phflag) + throw new Error('Contexts/pre-hash are not supported'); + return data; + }); // NOOP + // 0 <= n < MASK + // Coordinates larger than Fp.ORDER are allowed for zip215 + function aCoordinate(title, n) { + aInRange('coordinate ' + title, n, _0n$1, MASK); + } + function assertPoint(other) { + if (!(other instanceof Point)) + throw new Error('ExtendedPoint expected'); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + const toAffineMemo = memoized((p, iz) => { + const { ex: x, ey: y, ez: z } = p; + const is0 = p.is0(); + if (iz == null) + iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily + const ax = modP(x * iz); + const ay = modP(y * iz); + const zz = modP(z * iz); + if (is0) + return { x: _0n$1, y: _1n$3 }; + if (zz !== _1n$3) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + const assertValidMemo = memoized((p) => { + const { a, d } = CURVE; + if (p.is0()) + throw new Error('bad point: ZERO'); // TODO: optimize, with vars below? + // Equation in affine coordinates: ax² + y² = 1 + dx²y² + // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y² + const { ex: X, ey: Y, ez: Z, et: T } = p; + const X2 = modP(X * X); // X² + const Y2 = modP(Y * Y); // Y² + const Z2 = modP(Z * Z); // Z² + const Z4 = modP(Z2 * Z2); // Z⁴ + const aX2 = modP(X2 * a); // aX² + const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z² + const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y² + if (left !== right) + throw new Error('bad point: equation left != right (1)'); + // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T + const XY = modP(X * Y); + const ZT = modP(Z * T); + if (XY !== ZT) + throw new Error('bad point: equation left != right (2)'); + return true; + }); + // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy). + // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates + class Point { + constructor(ex, ey, ez, et) { + this.ex = ex; + this.ey = ey; + this.ez = ez; + this.et = et; + aCoordinate('x', ex); + aCoordinate('y', ey); + aCoordinate('z', ez); + aCoordinate('t', et); + Object.freeze(this); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + static fromAffine(p) { + if (p instanceof Point) + throw new Error('extended point not allowed'); + const { x, y } = p || {}; + aCoordinate('x', x); + aCoordinate('y', y); + return new Point(x, y, _1n$3, modP(x * y)); + } + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.ez)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // Not required for fromHex(), which always creates valid points. + // Could be useful for fromAffine(). + assertValidity() { + assertValidMemo(this); + } + // Compare one point to another. + equals(other) { + assertPoint(other); + const { ex: X1, ey: Y1, ez: Z1 } = this; + const { ex: X2, ey: Y2, ez: Z2 } = other; + const X1Z2 = modP(X1 * Z2); + const X2Z1 = modP(X2 * Z1); + const Y1Z2 = modP(Y1 * Z2); + const Y2Z1 = modP(Y2 * Z1); + return X1Z2 === X2Z1 && Y1Z2 === Y2Z1; + } + is0() { + return this.equals(Point.ZERO); + } + negate() { + // Flips point sign to a negative one (-x, y in affine coords) + return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et)); + } + // Fast algo for doubling Extended Point. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd + // Cost: 4M + 4S + 1*a + 6add + 1*2. + double() { + const { a } = CURVE; + const { ex: X1, ey: Y1, ez: Z1 } = this; + const A = modP(X1 * X1); // A = X12 + const B = modP(Y1 * Y1); // B = Y12 + const C = modP(_2n$2 * modP(Z1 * Z1)); // C = 2*Z12 + const D = modP(a * A); // D = a*A + const x1y1 = X1 + Y1; + const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B + const G = D + B; // G = D+B + const F = G - C; // F = G-C + const H = D - B; // H = D-B + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + // Fast algo for adding 2 Extended Points. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd + // Cost: 9M + 1*a + 1*d + 7add. + add(other) { + assertPoint(other); + const { a, d } = CURVE; + const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this; + const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other; + // Faster algo for adding 2 Extended Points when curve's a=-1. + // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4 + // Cost: 8M + 8add + 2*2. + // Note: It does not check whether the `other` point is valid. + if (a === BigInt(-1)) { + const A = modP((Y1 - X1) * (Y2 + X2)); + const B = modP((Y1 + X1) * (Y2 - X2)); + const F = modP(B - A); + if (F === _0n$1) + return this.double(); // Same point. Tests say it doesn't affect timing + const C = modP(Z1 * _2n$2 * T2); + const D = modP(T1 * _2n$2 * Z2); + const E = D + C; + const G = B + A; + const H = D - C; + const X3 = modP(E * F); + const Y3 = modP(G * H); + const T3 = modP(E * H); + const Z3 = modP(F * G); + return new Point(X3, Y3, Z3, T3); + } + const A = modP(X1 * X2); // A = X1*X2 + const B = modP(Y1 * Y2); // B = Y1*Y2 + const C = modP(T1 * d * T2); // C = T1*d*T2 + const D = modP(Z1 * Z2); // D = Z1*Z2 + const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B + const F = D - C; // F = D-C + const G = D + C; // G = D+C + const H = modP(B - a * A); // H = B-a*A + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + subtract(other) { + return this.add(other.negate()); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + // Constant-time multiplication. + multiply(scalar) { + const n = scalar; + aInRange('scalar', n, _1n$3, CURVE_ORDER); // 1 <= scalar < L + const { p, f } = this.wNAF(n); + return Point.normalizeZ([p, f])[0]; + } + // Non-constant-time multiplication. Uses double-and-add algorithm. + // It's faster, but should only be used when you don't care about + // an exposed private key e.g. sig verification. + // Does NOT allow scalars higher than CURVE.n. + multiplyUnsafe(scalar) { + const n = scalar; + aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L + if (n === _0n$1) + return I; + if (this.equals(I) || n === _1n$3) + return this; + if (this.equals(G)) + return this.wNAF(n).p; + return wnaf.unsafeLadder(this, n); + } + // Checks if point is of small order. + // If you add something to small order point, you will have "dirty" + // point with torsion component. + // Multiplies point by cofactor and checks if the result is 0. + isSmallOrder() { + return this.multiplyUnsafe(cofactor).is0(); + } + // Multiplies point by curve order and checks if the result is 0. + // Returns `false` is the point is dirty. + isTorsionFree() { + return wnaf.unsafeLadder(this, CURVE_ORDER).is0(); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + toAffine(iz) { + return toAffineMemo(this, iz); + } + clearCofactor() { + const { h: cofactor } = CURVE; + if (cofactor === _1n$3) + return this; + return this.multiplyUnsafe(cofactor); + } + // Converts hash string or Uint8Array to Point. + // Uses algo from RFC8032 5.1.3. + static fromHex(hex, zip215 = false) { + const { d, a } = CURVE; + const len = Fp.BYTES; + hex = ensureBytes('pointHex', hex, len); // copy hex to a new array + abool('zip215', zip215); + const normed = hex.slice(); // copy again, we'll manipulate it + const lastByte = hex[len - 1]; // select last byte + normed[len - 1] = lastByte & ~0x80; // clear last bit + const y = bytesToNumberLE(normed); + // RFC8032 prohibits >= p, but ZIP215 doesn't + // zip215=true: 0 <= y < MASK (2^256 for ed25519) + // zip215=false: 0 <= y < P (2^255-19 for ed25519) + const max = zip215 ? MASK : Fp.ORDER; + aInRange('pointHex.y', y, _0n$1, max); + // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case: + // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a) + const y2 = modP(y * y); // denominator is always non-0 mod p. + const u = modP(y2 - _1n$3); // u = y² - 1 + const v = modP(d * y2 - a); // v = d y² + 1. + let { isValid, value: x } = uvRatio(u, v); // √(u/v) + if (!isValid) + throw new Error('Point.fromHex: invalid y coordinate'); + const isXOdd = (x & _1n$3) === _1n$3; // There are 2 square roots. Use x_0 bit to select proper + const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit + if (!zip215 && x === _0n$1 && isLastByteOdd) + // if x=0 and x_0 = 1, fail + throw new Error('Point.fromHex: x=0 and x_0=1'); + if (isLastByteOdd !== isXOdd) + x = modP(-x); // if x_0 != x mod 2, set x = p-x + return Point.fromAffine({ x, y }); + } + static fromPrivateKey(privKey) { + return getExtendedPublicKey(privKey).point; + } + toRawBytes() { + const { x, y } = this.toAffine(); + const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y) + bytes[bytes.length - 1] |= x & _1n$3 ? 0x80 : 0; // when compressing, it's enough to store y + return bytes; // and use the last byte to encode sign of x + } + toHex() { + return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string. + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n$3, modP(CURVE.Gx * CURVE.Gy)); + Point.ZERO = new Point(_0n$1, _1n$3, _1n$3, _0n$1); // 0, 1, 1, 0 + const { BASE: G, ZERO: I } = Point; + const wnaf = wNAF(Point, nByteLength * 8); + function modN(a) { + return mod(a, CURVE_ORDER); + } + // Little-endian SHA512 with modulo n + function modN_LE(hash) { + return modN(bytesToNumberLE(hash)); + } + /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */ + function getExtendedPublicKey(key) { + const len = nByteLength; + key = ensureBytes('private key', key, len); + // Hash private key with curve's hash function to produce uniformingly random input + // Check byte lengths: ensure(64, h(ensure(32, key))) + const hashed = ensureBytes('hashed private key', cHash(key), 2 * len); + const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE + const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6) + const scalar = modN_LE(head); // The actual private scalar + const point = G.multiply(scalar); // Point on Edwards curve aka public key + const pointBytes = point.toRawBytes(); // Uint8Array representation + return { head, prefix, scalar, point, pointBytes }; + } + // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared + function getPublicKey(privKey) { + return getExtendedPublicKey(privKey).pointBytes; + } + // int('LE', SHA512(dom2(F, C) || msgs)) mod N + function hashDomainToScalar(context = new Uint8Array(), ...msgs) { + const msg = concatBytes(...msgs); + return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash))); + } + /** Signs message with privateKey. RFC8032 5.1.6 */ + function sign(msg, privKey, options = {}) { + msg = ensureBytes('message', msg); + if (prehash) + msg = prehash(msg); // for ed25519ph etc. + const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey); + const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M) + const R = G.multiply(r).toRawBytes(); // R = rG + const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M) + const s = modN(r + k * scalar); // S = (r + k * s) mod L + aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l + const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES)); + return ensureBytes('result', res, nByteLength * 2); // 64-byte signature + } + const verifyOpts = VERIFY_DEFAULT; + function verify(sig, msg, publicKey, options = verifyOpts) { + const { context, zip215 } = options; + const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7. + sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked. + msg = ensureBytes('message', msg); + if (zip215 !== undefined) + abool('zip215', zip215); + if (prehash) + msg = prehash(msg); // for ed25519ph, etc + const s = bytesToNumberLE(sig.slice(len, 2 * len)); + // zip215: true is good for consensus-critical apps and allows points < 2^256 + // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p + let A, R, SB; + try { + A = Point.fromHex(publicKey, zip215); + R = Point.fromHex(sig.slice(0, len), zip215); + SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside + } + catch (error) { + return false; + } + if (!zip215 && A.isSmallOrder()) + return false; + const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); + const RkA = R.add(A.multiplyUnsafe(k)); + // [8][S]B = [8]R + [8][k]A' + return RkA.subtract(SB).clearCofactor().equals(Point.ZERO); + } + G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms. + const utils = { + getExtendedPublicKey, + // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1. + randomPrivateKey: () => randomBytes(Fp.BYTES), + /** + * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT + * values. This slows down first getPublicKey() by milliseconds (see Speed section), + * but allows to speed-up subsequent getPublicKey() calls up to 20x. + * @param windowSize 2, 4, 8, 16 + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); + return point; + }, + }; + return { + CURVE, + getPublicKey, + sign, + verify, + ExtendedPoint: Point, + utils, + }; } - utils.cachedProperty = cachedProperty; - function parseBytes(bytes) { - return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') : - bytes; + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + const _0n = BigInt(0); + const _1n$2 = BigInt(1); + function validateOpts(curve) { + validateObject(curve, { + a: 'bigint', + }, { + montgomeryBits: 'isSafeInteger', + nByteLength: 'isSafeInteger', + adjustScalarBytes: 'function', + domain: 'function', + powPminus2: 'function', + Gu: 'bigint', + }); + // Set defaults + return Object.freeze({ ...curve }); + } + // NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748) + // Uses only one coordinate instead of two + function montgomery(curveDef) { + const CURVE = validateOpts(curveDef); + const { P } = CURVE; + const modP = (n) => mod(n, P); + const montgomeryBits = CURVE.montgomeryBits; + const montgomeryBytes = Math.ceil(montgomeryBits / 8); + const fieldLen = CURVE.nByteLength; + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); + const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P)); + // cswap from RFC7748. But it is not from RFC7748! + /* + cswap(swap, x_2, x_3): + dummy = mask(swap) AND (x_2 XOR x_3) + x_2 = x_2 XOR dummy + x_3 = x_3 XOR dummy + Return (x_2, x_3) + Where mask(swap) is the all-1 or all-0 word of the same length as x_2 + and x_3, computed, e.g., as mask(swap) = 0 - swap. + */ + function cswap(swap, x_2, x_3) { + const dummy = modP(swap * (x_2 - x_3)); + x_2 = modP(x_2 - dummy); + x_3 = modP(x_3 + dummy); + return [x_2, x_3]; + } + // x25519 from 4 + // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 + const a24 = (CURVE.a - BigInt(2)) / BigInt(4); + /** + * + * @param pointU u coordinate (x) on Montgomery Curve 25519 + * @param scalar by which the point would be multiplied + * @returns new Point on Montgomery curve + */ + function montgomeryLadder(u, scalar) { + aInRange('u', u, _0n, P); + aInRange('scalar', scalar, _0n, P); + // Section 5: Implementations MUST accept non-canonical values and process them as + // if they had been reduced modulo the field prime. + const k = scalar; + const x_1 = u; + let x_2 = _1n$2; + let z_2 = _0n; + let x_3 = u; + let z_3 = _1n$2; + let swap = _0n; + let sw; + for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) { + const k_t = (k >> t) & _1n$2; + swap ^= k_t; + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + swap = k_t; + const A = x_2 + z_2; + const AA = modP(A * A); + const B = x_2 - z_2; + const BB = modP(B * B); + const E = AA - BB; + const C = x_3 + z_3; + const D = x_3 - z_3; + const DA = modP(D * A); + const CB = modP(C * B); + const dacb = DA + CB; + const da_cb = DA - CB; + x_3 = modP(dacb * dacb); + z_3 = modP(x_1 * modP(da_cb * da_cb)); + x_2 = modP(AA * BB); + z_2 = modP(E * (AA + modP(a24 * E))); + } + // (x_2, x_3) = cswap(swap, x_2, x_3) + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + // (z_2, z_3) = cswap(swap, z_2, z_3) + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + // z_2^(p - 2) + const z2 = powPminus2(z_2); + // Return x_2 * (z_2^(p - 2)) + return modP(x_2 * z2); + } + function encodeUCoordinate(u) { + return numberToBytesLE(modP(u), montgomeryBytes); + } + function decodeUCoordinate(uEnc) { + // Section 5: When receiving such an array, implementations of X25519 + // MUST mask the most significant bit in the final byte. + const u = ensureBytes('u coordinate', uEnc, montgomeryBytes); + if (fieldLen === 32) + u[31] &= 127; // 0b0111_1111 + return bytesToNumberLE(u); + } + function decodeScalar(n) { + const bytes = ensureBytes('scalar', n); + const len = bytes.length; + if (len !== montgomeryBytes && len !== fieldLen) + throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`); + return bytesToNumberLE(adjustScalarBytes(bytes)); + } + function scalarMult(scalar, u) { + const pointU = decodeUCoordinate(u); + const _scalar = decodeScalar(scalar); + const pu = montgomeryLadder(pointU, _scalar); + // The result was not contributory + // https://cr.yp.to/ecdh.html#validate + if (pu === _0n) + throw new Error('Invalid private or public key received'); + return encodeUCoordinate(pu); + } + // Computes public key from private. By doing scalar multiplication of base point. + const GuBytes = encodeUCoordinate(CURVE.Gu); + function scalarMultBase(scalar) { + return scalarMult(scalar, GuBytes); + } + return { + scalarMult, + scalarMultBase, + getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey), + getPublicKey: (privateKey) => scalarMultBase(privateKey), + utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) }, + GuBytes: GuBytes, + }; } - utils.parseBytes = parseBytes; - function intFromLE(bytes) { - return new bn(bytes, 'hex', 'le'); + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + /** + * Edwards448 (not Ed448-Goldilocks) curve with following addons: + * - X448 ECDH + * - Decaf cofactor elimination + * - Elligator hash-to-group / point indistinguishability + * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2 + */ + const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); + const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); + const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); + // prettier-ignore + const _1n$1 = BigInt(1), _2n$1 = BigInt(2), _3n = BigInt(3); BigInt(4); const _11n = BigInt(11); + // prettier-ignore + const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223); + // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. + // Used for efficient square root calculation. + // ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1] + function ed448_pow_Pminus3div4(x) { + const P = ed448P; + const b2 = (x * x * x) % P; + const b3 = (b2 * b2 * x) % P; + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n$1, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b222 = (pow2(b220, _2n$1, P) * b2) % P; + const b223 = (pow2(b222, _1n$1, P) * x) % P; + return (pow2(b223, _223n, P) * b222) % P; + } + function adjustScalarBytes(bytes) { + // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most + // significant bit of the last byte to 1. + bytes[0] &= 252; // 0b11111100 + // and the most significant bit of the last byte to 1. + bytes[55] |= 128; // 0b10000000 + // NOTE: is is NOOP for 56 bytes scalars (X25519/X448) + bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits) + return bytes; } - utils.intFromLE = intFromLE; + // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. + // Uses algo from RFC8032 5.1.3. + function uvRatio(u, v) { + const P = ed448P; + // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3 + // To compute the square root of (u/v), the first step is to compute the + // candidate root x = (u/v)^((p+1)/4). This can be done using the + // following trick, to use a single modular powering for both the + // inversion of v and the square root: + // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p) + const u2v = mod(u * u * v, P); // u²v + const u3v = mod(u2v * u, P); // u³v + const u5v3 = mod(u3v * u2v * v, P); // u⁵v³ + const root = ed448_pow_Pminus3div4(u5v3); + const x = mod(u3v * root, P); + // Verify that root is exists + const x2 = mod(x * x, P); // x² + // If vx² = u, the recovered x-coordinate is x. Otherwise, no + // square root exists, and the decoding fails. + return { isValid: mod(x2 * v, P) === u, value: x }; + } + const Fp$4 = Field(ed448P, 456, true); + const ED448_DEF = { + // Param: a + a: BigInt(1), + // -39081. Negative number is P - number + d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'), + // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n + Fp: Fp$4, + // Subgroup order: how many points curve has; + // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n + n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + nBitLength: 456, + // Cofactor + h: BigInt(4), + // Base point (x, y) aka generator point + Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'), + Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'), + // SHAKE256(dom4(phflag,context)||x, 114) + hash: shake256_114, + randomBytes, + adjustScalarBytes, + // dom4 + domain: (data, ctx, phflag) => { + if (ctx.length > 255) + throw new Error(`Context is too big: ${ctx.length}`); + return concatBytes$1(utf8ToBytes$1('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); + }, + uvRatio, + }; + const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF); + // NOTE: there is no ed448ctx, since ed448 supports ctx by default + /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 }); + const x448 = /* @__PURE__ */ (() => montgomery({ + a: BigInt(156326), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + montgomeryBits: 448, + nByteLength: 56, + P: ed448P, + Gu: BigInt(5), + powPminus2: (x) => { + const P = ed448P; + const Pminus3div4 = ed448_pow_Pminus3div4(x); + const Pminus3 = pow2(Pminus3div4, BigInt(2), P); + return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 + }, + adjustScalarBytes, + randomBytes, + }))(); + // TODO: add edwardsToMontgomeryPriv, similar to ed25519 version + // Hash To Curve Elligator2 Map + (Fp$4.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic + BigInt(156326); + // 1-d + BigInt('39082'); + // 1-2d + BigInt('78163'); + // √(-d) + BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214'); + // 1 / √(-d) + BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716'); + BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + + /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ + const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); + const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); + const _1n = BigInt(1); + const _2n = BigInt(2); + const divNearest = (a, b) => (a + b / _2n) / b; + /** + * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit. + * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00] + */ + function sqrtMod(y) { + const P = secp256k1P; + // prettier-ignore + const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22); + // prettier-ignore + const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88); + const b2 = (y * y * y) % P; // x^3, 11 + const b3 = (b2 * b2 * y) % P; // x^7 + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b223 = (pow2(b220, _3n, P) * b3) % P; + const t1 = (pow2(b223, _23n, P) * b22) % P; + const t2 = (pow2(t1, _6n, P) * b2) % P; + const root = pow2(t2, _2n, P); + if (!Fp$3.eql(Fp$3.sqr(root), y)) + throw new Error('Cannot find square root'); + return root; + } + const Fp$3 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod }); + /** + * secp256k1 short weierstrass curve and ECDSA signatures over it. + */ + const secp256k1 = createCurve({ + a: BigInt(0), // equation params: a, b + b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 + Fp: Fp$3, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n + n: secp256k1N, // Curve order, total count of valid points in the field + // Base point (x, y) aka generator point + Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'), + Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'), + h: BigInt(1), // Cofactor + lowS: true, // Allow only low-S signatures by default in sign() and verify() + /** + * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism. + * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%. + * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit. + * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066 + */ + endo: { + beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'), + splitScalar: (k) => { + const n = secp256k1N; + const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15'); + const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'); + const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'); + const b2 = a1; + const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16) + const c1 = divNearest(b2 * k, n); + const c2 = divNearest(-b1 * k, n); + let k1 = mod(k - c1 * a1 - c2 * a2, n); + let k2 = mod(-c1 * b1 - c2 * b2, n); + const k1neg = k1 > POW_2_128; + const k2neg = k2 > POW_2_128; + if (k1neg) + k1 = n - k1; + if (k2neg) + k2 = n - k2; + if (k1 > POW_2_128 || k2 > POW_2_128) { + throw new Error('splitScalar: Endomorphism failed, k=' + k); + } + return { k1neg, k1, k2neg, k2 }; + }, + }, + }, sha256); + // Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code. + // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki + BigInt(0); + secp256k1.ProjectivePoint; + + // brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4 + // eslint-disable-next-line new-cap + const Fp$2 = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377')); + const CURVE_A$2 = Fp$2.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9')); + const CURVE_B$2 = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'); + // prettier-ignore + const brainpoolP256r1 = createCurve({ + a: CURVE_A$2, // Equation params: a, b + b: CURVE_B$2, + Fp: Fp$2, + // Curve order (q), total count of valid points in the field + n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'), + // Base (generator) point (x, y) + Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'), + Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'), + h: BigInt(1), + lowS: false + }, sha256); + + // brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6 + // eslint-disable-next-line new-cap + const Fp$1 = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53')); + const CURVE_A$1 = Fp$1.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826')); + const CURVE_B$1 = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'); + // prettier-ignore + const brainpoolP384r1 = createCurve({ + a: CURVE_A$1, // Equation params: a, b + b: CURVE_B$1, + Fp: Fp$1, + // Curve order (q), total count of valid points in the field + n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'), + // Base (generator) point (x, y) + Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'), + Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'), + h: BigInt(1), + lowS: false + }, sha384); + + // brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7 + // eslint-disable-next-line new-cap + const Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3')); + const CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca')); + const CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'); + // prettier-ignore + const brainpoolP512r1 = createCurve({ + a: CURVE_A, // Equation params: a, b + b: CURVE_B, + Fp, + // Curve order (q), total count of valid points in the field + n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'), + // Base (generator) point (x, y) + Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'), + Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'), + h: BigInt(1), + lowS: false + }, sha512); + + /** + * This file is needed to dynamic import the noble-curves. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + + const nobleCurves = new Map(Object.entries({ + nistP256: p256, + nistP384: p384, + nistP521: p521, + brainpoolP256r1, + brainpoolP384r1, + brainpoolP512r1, + secp256k1, + x448, + ed448 + })); + + var noble_curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleCurves: nobleCurves }); - var r$1; - - var brorand = function rand(len) { - if (!r$1) - r$1 = new Rand(null); - - return r$1.generate(len); - }; - - function Rand(rand) { - this.rand = rand; - } - var Rand_1 = Rand; + //Paul Tero, July 2001 + //http://www.tero.co.uk/des/ + // + //Optimised for performance with large blocks by Michael Hayworth, November 2001 + //http://www.netdealing.com + // + // Modified by Recurity Labs GmbH - Rand.prototype.generate = function generate(len) { - return this._rand(len); - }; + //THIS SOFTWARE IS PROVIDED "AS IS" AND + //ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + //IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + //ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + //FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + //DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + //OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + //HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + //LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + //OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + //SUCH DAMAGE. - // Emulate crypto API using randy - Rand.prototype._rand = function _rand(n) { - if (this.rand.getBytes) - return this.rand.getBytes(n); + //des + //this takes the key, the message, and whether to encrypt or decrypt - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; - }; + function des(keys, message, encrypt, mode, iv, padding) { + //declaring this locally speeds things up a bit + const spfunction1 = [ + 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, + 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, + 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, + 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, + 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, + 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 + ]; + const spfunction2 = [ + -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, + -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, + -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, + -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, + -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, + 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, + -0x7fef7fe0, 0x108000 + ]; + const spfunction3 = [ + 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, + 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, + 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, + 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, + 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, + 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 + ]; + const spfunction4 = [ + 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, + 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, + 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, + 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, + 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 + ]; + const spfunction5 = [ + 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, + 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, + 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, + 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, + 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, + 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, + 0x40080000, 0x2080100, 0x40000100 + ]; + const spfunction6 = [ + 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, + 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, + 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, + 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, + 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, + 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 + ]; + const spfunction7 = [ + 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, + 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, + 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, + 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, + 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, + 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 + ]; + const spfunction8 = [ + 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, + 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, + 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, + 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, + 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 + ]; - if (typeof self === 'object') { - if (self.crypto && self.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.crypto.getRandomValues(arr); - return arr; - }; - } else if (self.msCrypto && self.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.msCrypto.getRandomValues(arr); - return arr; - }; + //create the 16 or 48 subkeys we will need + let m = 0; + let i; + let j; + let temp; + let right1; + let right2; + let left; + let right; + let looping; + let endloop; + let loopinc; + let len = message.length; - // Safari's WebWorkers do not have `crypto` - } else if (typeof window === 'object') { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; + //set up the loops for single and triple des + const iterations = keys.length === 32 ? 3 : 9; //single or triple des + if (iterations === 3) { + looping = encrypt ? [0, 32, 2] : [30, -2, -2]; + } else { + looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; } - } else { - // Node.js or Web worker with no crypto support - try { - var crypto$2 = void('crypto'); - if (typeof crypto$2.randomBytes !== 'function') - throw new Error('Not supported'); - Rand.prototype._rand = function _rand(n) { - return crypto$2.randomBytes(n); - }; - } catch (e) { + //pad the message depending on the padding parameter + //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt + if (encrypt) { + message = desAddPadding(message); + len = message.length; } - } - brorand.Rand = Rand_1; - var getNAF = utils_1$1.getNAF; - var getJSF = utils_1$1.getJSF; - var assert$2 = utils_1$1.assert; + //store the result here + let result = new Uint8Array(len); + let k = 0; - function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); + //loop through each 64 bit chunk of the message + while (m < len) { + left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); + //first each 64 but chunk of the message must be permuted according to IP + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); + left = ((left << 1) | (left >>> 31)); + right = ((right << 1) | (right >>> 31)); - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); + //do this either 1 or 3 times for each chunk of the message + for (j = 0; j < iterations; j += 3) { + endloop = looping[j + 1]; + loopinc = looping[j + 2]; + //now go through and perform the encryption or decryption + for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency + right1 = right ^ keys[i]; + right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; + //the result is attained by passing these bytes through the S selection functions + temp = left; + left = right; + right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> + 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & + 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); + } + temp = left; + left = right; + right = temp; //unreverse left and right + } //for either 1 or 3 iterations - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); + //move then each one bit to the right + left = ((left >>> 1) | (left << 31)); + right = ((right >>> 1) | (right << 31)); - // Generalized Greg Maxwell's trick - var adjustCount = this.n && this.p.div(this.n); - if (!adjustCount || adjustCount.cmpn(100) > 0) { - this.redN = null; - } else { - this._maxwellTrick = true; - this.redN = this.n.toRed(this.red); - } - } - var base = BaseCurve; + //now perform IP-1, which is IP in the opposite direction + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); - BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); - }; + result[k++] = (left >>> 24); + result[k++] = ((left >>> 16) & 0xff); + result[k++] = ((left >>> 8) & 0xff); + result[k++] = (left & 0xff); + result[k++] = (right >>> 24); + result[k++] = ((right >>> 16) & 0xff); + result[k++] = ((right >>> 8) & 0xff); + result[k++] = (right & 0xff); + } //for every 8 characters, or 64 bits in the message - BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); - }; + //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt + if (!encrypt) { + result = desRemovePadding(result); + } - BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - assert$2(p.precomputed); - var doubles = p._getDoubles(); + return result; + } //end of des - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); - } + //desCreateKeys + //this takes as input a 64 bit key (even though only 56 bits are used) + //as an array of 2 integers, and returns 16 48 bit keys - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); - } - a = a.add(b); - } - return a.toP(); - }; + function desCreateKeys(key) { + //declaring this locally speeds things up a bit + const pc2bytes0 = [ + 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, + 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 + ]; + const pc2bytes1 = [ + 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, + 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 + ]; + const pc2bytes2 = [ + 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, + 0x1000000, 0x1000008, 0x1000800, 0x1000808 + ]; + const pc2bytes3 = [ + 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, + 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 + ]; + const pc2bytes4 = [ + 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, + 0x41000, 0x1010, 0x41010 + ]; + const pc2bytes5 = [ + 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, + 0x2000000, 0x2000400, 0x2000020, 0x2000420 + ]; + const pc2bytes6 = [ + 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, + 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 + ]; + const pc2bytes7 = [ + 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, + 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 + ]; + const pc2bytes8 = [ + 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, + 0x2000002, 0x2040002, 0x2000002, 0x2040002 + ]; + const pc2bytes9 = [ + 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, + 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 + ]; + const pc2bytes10 = [ + 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, + 0x102000, 0x102020, 0x102000, 0x102020 + ]; + const pc2bytes11 = [ + 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, + 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 + ]; + const pc2bytes12 = [ + 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, + 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 + ]; + const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; - BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; + //how many iterations (1 for des, 3 for triple des) + const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys + //stores the return keys + const keys = new Array(32 * iterations); + //now define the left shifts which need to be done + const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + //other variables + let lefttemp; + let righttemp; + let m = 0; + let n = 0; + let temp; - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; + for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations + let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - // Get NAF form - var naf = getNAF(k, w); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 2) ^ right) & 0x33333333; + right ^= temp; + left ^= (temp << 2); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); + //the right side needs to be shifted and to get the last four bits of the left side + temp = (left << 8) | ((right >>> 20) & 0x000000f0); + //left needs to be put upside down + left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); + right = temp; - if (i < 0) - break; - var z = naf[i]; - assert$2(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } - } - return p.type === 'affine' ? acc.toP() : acc; - }; + //now go through and perform these shifts on the left and right keys + for (let i = 0; i < shifts.length; i++) { + //shift the keys either one or two bits to the left + if (shifts[i]) { + left = (left << 2) | (left >>> 26); + right = (right << 2) | (right >>> 26); + } else { + left = (left << 1) | (left >>> 27); + right = (right << 1) | (right >>> 27); + } + left &= -0xf; + right &= -0xf; - BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len, - jacobianResult) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; - - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; - } - - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; + //now apply PC-2, in such a way that E is easier when encrypting or decrypting + //this conversion will look like PC-2 except only the last 6 bits of each byte are used + //rather than 48 consecutive bits and the order of lines will be according to + //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 + lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( + left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & + 0xf]; + righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | + pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | + pc2bytes13[(right >>> 4) & 0xf]; + temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; + keys[n++] = lefttemp ^ temp; + keys[n++] = righttemp ^ (temp << 16); } + } //for each iterations + //return the keys we've created + return keys; + } //end of desCreateKeys - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; - - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } - - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; + function desAddPadding(message, padding) { + const padLength = 8 - (message.length % 8); - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } + let pad; + if ((padLength < 8)) { //pad the message out with null bytes + pad = 0; + } else if (padLength === 8) { + return message; + } else { + throw new Error('des: invalid padding'); } - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; + const paddedMessage = new Uint8Array(message.length + padLength); + for (let i = 0; i < message.length; i++) { + paddedMessage[i] = message[i]; + } + for (let j = 0; j < padLength; j++) { + paddedMessage[message.length + j] = pad; + } - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; + return paddedMessage; + } - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); + function desRemovePadding(message, padding) { + let padLength = null; + let pad; + { // null padding + pad = 0; + } - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); + if (!padLength) { + padLength = 1; + while (message[message.length - padLength] === pad) { + padLength++; } + padLength--; } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - - if (jacobianResult) - return acc; - else - return acc.toP(); - }; - function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; + return message.subarray(0, message.length - padLength); } - BaseCurve.BasePoint = BasePoint; - - BasePoint.prototype.eq = function eq(/*other*/) { - throw new Error('Not implemented'); - }; - - BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); - }; - BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - bytes = utils_1$1.toArray(bytes, enc); - - var len = this.p.byteLength(); - - // uncompressed, hybrid-odd, hybrid-even - if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) && - bytes.length - 1 === 2 * len) { - if (bytes[0] === 0x06) - assert$2(bytes[bytes.length - 1] % 2 === 0); - else if (bytes[0] === 0x07) - assert$2(bytes[bytes.length - 1] % 2 === 1); + // added by Recurity Labs - var res = this.point(bytes.slice(1, 1 + len), - bytes.slice(1 + len, 1 + 2 * len)); + function TripleDES(key) { + this.key = []; - return res; - } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) && - bytes.length - 1 === len) { - return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03); + for (let i = 0; i < 3; i++) { + this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); } - throw new Error('Unknown point format'); - }; - - BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) { - return this.encode(enc, true); - }; - - BasePoint.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - var x = this.getX().toArray('be', len); - - if (compact) - return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); - - return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; - }; - - BasePoint.prototype.encode = function encode(enc, compact) { - return utils_1$1.encode(this._encode(compact), enc); - }; - - BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; - var precomputed = { - doubles: null, - naf: null, - beta: null + this.encrypt = function(block) { + return des( + desCreateKeys(this.key[2]), + des( + desCreateKeys(this.key[1]), + des( + desCreateKeys(this.key[0]), + block, true, 0, null, null + ), + false, 0, null, null + ), true); }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; - - return this; - }; - - BasePoint.prototype._hasDoubles = function _hasDoubles(k) { - if (!this.precomputed) - return false; - - var doubles = this.precomputed.doubles; - if (!doubles) - return false; - - return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); - }; - - BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; + } - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; - }; + TripleDES.keySize = TripleDES.prototype.keySize = 24; + TripleDES.blockSize = TripleDES.prototype.blockSize = 8; - BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; - }; + // Copyright 2010 pjacobs@xeekr.com . All rights reserved. - BasePoint.prototype._getBeta = function _getBeta() { - return null; - }; + // Modified by Recurity Labs GmbH - BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; - }; + // fixed/modified by Herbert Hanewinkel, www.haneWIN.de + // check www.haneWIN.de for the latest version - var assert$3 = utils_1$1.assert; + // cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. + // CAST-128 is a common OpenPGP cipher. - function ShortCurve(conf) { - base.call(this, 'short', conf); - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); + // CAST5 constructor - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; + function OpenPGPSymEncCAST5() { + this.BlockSize = 8; + this.KeySize = 16; - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); - } - inherits_browser(ShortCurve, base); - var short_1 = ShortCurve; + this.setKey = function(key) { + this.masking = new Array(16); + this.rotate = new Array(16); - ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; + this.reset(); - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; + if (key.length === this.KeySize) { + this.keySchedule(key); } else { - lambda = lambdas[1]; - assert$3(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); + throw new Error('CAST-128: keys must be 16 bytes'); } - } - - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); - } else { - basis = this._getEndoBasis(lambda); - } - - return { - beta: beta, - lambda: lambda, - basis: basis + return true; }; - }; - - ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; - }; - - ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2)); - - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); - - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; - - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); - - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; + this.reset = function() { + for (let i = 0; i < 16; i++) { + this.masking[i] = 0; + this.rotate[i] = 0; } - prevR = r; - - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; - } - a2 = r.neg(); - b2 = x; - - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; - } - - // Normalize signs - if (a1.negative) { - a1 = a1.neg(); - b1 = b1.neg(); - } - if (a2.negative) { - a2 = a2.neg(); - b2 = b2.neg(); - } - - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; - }; - - ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); - - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; - }; - - ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); - }; + }; - ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; + this.getBlockSize = function() { + return this.BlockSize; + }; - var x = point.x; - var y = point.y; + this.encrypt = function(src) { + const dst = new Array(src.length); - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; - }; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; - ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs, jacobianResult) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; - if (split.k1.negative) { - split.k1.ineg(); - p = p.neg(true); - } - if (split.k2.negative) { - split.k2.ineg(); - beta = beta.neg(true); - } + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; - } - return res; - }; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; - function Point(curve, x, y, isRed) { - base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >>> 16) & 255; + dst[i + 6] = (l >>> 8) & 255; + dst[i + 7] = l & 255; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; - } - } - inherits_browser(Point, base.BasePoint); - - ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); - }; - ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); - }; - - Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; + return dst; + }; - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; + this.decrypt = function(src) { + const dst = new Array(src.length); - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; - }; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; - Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; - }; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; - Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); - } + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >> 16) & 255; + dst[i + 6] = (l >> 8) & 255; + dst[i + 7] = l & 255; } - }; - return res; - }; - Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; - }; + return dst; + }; + const scheduleA = new Array(4); - Point.prototype.isInfinity = function isInfinity() { - return this.inf; - }; + scheduleA[0] = new Array(4); + scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; + scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; + scheduleA[1] = new Array(4); + scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + O = P - if (p.inf) - return this; + scheduleA[2] = new Array(4); + scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; + scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); + scheduleA[3] = new Array(4); + scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); + const scheduleB = new Array(4); - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); - }; + scheduleB[0] = new Array(4); + scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; + scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; + scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; + scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; - Point.prototype.dbl = function dbl() { - if (this.inf) - return this; + scheduleB[1] = new Array(4); + scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; + scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; + scheduleB[1][2] = [7, 6, 8, 9, 3]; + scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - var a = this.curve.a; + scheduleB[2] = new Array(4); + scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; + scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; + scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; + scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); - }; + scheduleB[3] = new Array(4); + scheduleB[3][0] = [8, 9, 7, 6, 3]; + scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; + scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; + scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; - Point.prototype.getX = function getX() { - return this.x.fromRed(); - }; + // changed 'in' to 'inn' (in javascript 'in' is a reserved word) + this.keySchedule = function(inn) { + const t = new Array(8); + const k = new Array(32); - Point.prototype.getY = function getY() { - return this.y.fromRed(); - }; + let j; - Point.prototype.mul = function mul(k) { - k = new bn(k, 16); - if (this.isInfinity()) - return this; - else if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); - }; + for (let i = 0; i < 4; i++) { + j = i * 4; + t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + } - Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); - }; + const x = [6, 7, 4, 5]; + let ki = 0; + let w; - Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs, true); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2, true); - }; + for (let half = 0; half < 2; half++) { + for (let round = 0; round < 4; round++) { + for (j = 0; j < 4; j++) { + const a = scheduleA[round][j]; + w = t[a[1]]; - Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); - }; + w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; + w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; + w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; + w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; + w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; + t[a[0]] = w; + } - Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; + for (j = 0; j < 4; j++) { + const b = scheduleB[round][j]; + w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) + w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; + w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; + w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; + w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; + k[ki] = w; + ki++; + } } - }; - } - return res; - }; + } - Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); + for (let i = 0; i < 16; i++) { + this.masking[i] = k[i]; + this.rotate[i] = k[16 + i] & 0x1f; + } + }; - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; - }; + // These are the three 'f' functions. See RFC 2144, section 2.2. - function JPoint(curve, x, y, z) { - base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); + function f1(d, m, r) { + const t = m + d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - - this.zOne = this.z === this.curve.one; - } - inherits_browser(JPoint, base.BasePoint); - - ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); - }; - - JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); - - return this.curve.point(ax, ay); - }; - - JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); - }; - - JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; - // P + O = P - if (p.isInfinity()) - return this; + function f2(d, m, r) { + const t = m ^ d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; + } - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); + function f3(d, m, r) { + const t = m - d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; } - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + const sBox = new Array(8); + sBox[0] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf + ]; + + sBox[1] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 + ]; - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); + sBox[2] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 + ]; - return this.curve.jpoint(nx, ny, nz); - }; + sBox[3] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 + ]; - JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); + sBox[4] = [ + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 + ]; - // P + O = P - if (p.isInfinity()) - return this; + sBox[5] = [ + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f + ]; - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } + sBox[6] = [ + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 + ]; - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + sBox[7] = [ + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e + ]; + } - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); + function CAST5(key) { + this.cast5 = new OpenPGPSymEncCAST5(); + this.cast5.setKey(key); - return this.curve.jpoint(nx, ny, nz); - }; + this.encrypt = function(block) { + return this.cast5.encrypt(block); + }; + } - JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); + CAST5.blockSize = CAST5.prototype.blockSize = 8; + CAST5.keySize = CAST5.prototype.keySize = 16; - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; - } + /* eslint-disable no-mixed-operators, no-fallthrough */ - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); + /* Modified by Recurity Labs GmbH + * + * Cipher.js + * A block-cipher algorithm implementation on JavaScript + * See Cipher.readme.txt for further information. + * + * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] + * This script file is distributed under the LGPL + * + * ACKNOWLEDGMENT + * + * The main subroutines are written by Michiel van Everdingen. + * + * Michiel van Everdingen + * http://home.versatel.nl/MAvanEverdingen/index.html + * + * All rights for these routines are reserved to Michiel van Everdingen. + * + */ - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); + //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + //Math + //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); + const MAXINT = 0xFFFFFFFF; - jx = nx; - jz = nz; - jyd = dny; - } + function rotw(w, n) { + return (w << n | w >>> (32 - n)) & MAXINT; + } - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); - }; + function getW(a, i) { + return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; + } - JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; + function setW(a, i, w) { + a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); + } - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); - }; + function getB(x, n) { + return (x >>> (n * 8)) & 0xFF; + } - JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); - - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); - - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); - - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } - - return this.curve.jpoint(nx, ny, nz); - }; + // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + // Twofish + // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); - }; + function createTwofish() { + // + let keyBytes = null; + let dataBytes = null; + let dataOffset = -1; + // var dataLength = -1; + // var idx2 = -1; + // - JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; + let tfsKey = []; + let tfsM = [ + [], + [], + [], + [] + ]; - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); + function tfsInit(key) { + keyBytes = key; + let i; + let a; + let b; + let c; + let d; + const meKey = []; + const moKey = []; + const inKey = []; + let kLen; + const sKey = []; + let f01; + let f5b; + let fef; - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); + const q0 = [ + [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], + [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] + ]; + const q1 = [ + [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], + [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] + ]; + const q2 = [ + [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], + [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] + ]; + const q3 = [ + [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], + [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] + ]; + const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; + const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; + const q = [ + [], + [] + ]; + const m = [ + [], + [], + [], + [] + ]; - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); + function ffm5b(x) { + return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + } - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); + function ffmEf(x) { + return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + } - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); + function mdsRem(p, q) { + let i; + let t; + let u; + for (i = 0; i < 8; i++) { + t = q >>> 24; + q = ((q << 8) & MAXINT) | p >>> 24; + p = (p << 8) & MAXINT; + u = t << 1; + if (t & 128) { + u ^= 333; + } + q ^= t ^ (u << 16); + u ^= t >>> 1; + if (t & 1) { + u ^= 166; + } + q ^= u << 24 | u << 8; + } + return q; + } - return this.curve.jpoint(nx, ny, nz); - }; + function qp(n, x) { + const a = x >> 4; + const b = x & 15; + const c = q0[n][a ^ b]; + const d = q1[n][ror4[b] ^ ashx[a]]; + return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; + } - JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); - - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); - - return this.curve.jpoint(nx, ny, nz); - }; + function hFun(x, key) { + let a = getB(x, 0); + let b = getB(x, 1); + let c = getB(x, 2); + let d = getB(x, 3); + switch (kLen) { + case 4: + a = q[1][a] ^ getB(key[3], 0); + b = q[0][b] ^ getB(key[3], 1); + c = q[0][c] ^ getB(key[3], 2); + d = q[1][d] ^ getB(key[3], 3); + case 3: + a = q[1][a] ^ getB(key[2], 0); + b = q[1][b] ^ getB(key[2], 1); + c = q[0][c] ^ getB(key[2], 2); + d = q[0][d] ^ getB(key[2], 3); + case 2: + a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); + b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); + c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); + d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); + } + return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; + } - JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); + keyBytes = keyBytes.slice(0, 32); + i = keyBytes.length; + while (i !== 16 && i !== 24 && i !== 32) { + keyBytes[i++] = 0; + } - return this.curve._wnafMul(this, k); - }; + for (i = 0; i < keyBytes.length; i += 4) { + inKey[i >> 2] = getW(keyBytes, i); + } + for (i = 0; i < 256; i++) { + q[0][i] = qp(0, i); + q[1][i] = qp(1, i); + } + for (i = 0; i < 256; i++) { + f01 = q[1][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); + m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); + f01 = q[0][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); + m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); + } - JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); + kLen = inKey.length / 2; + for (i = 0; i < kLen; i++) { + a = inKey[i + i]; + meKey[i] = a; + b = inKey[i + i + 1]; + moKey[i] = b; + sKey[kLen - i - 1] = mdsRem(a, b); + } + for (i = 0; i < 40; i += 2) { + a = 0x1010101 * i; + b = a + 0x1010101; + a = hFun(a, meKey); + b = rotw(hFun(b, moKey), 8); + tfsKey[i] = (a + b) & MAXINT; + tfsKey[i + 1] = rotw(a + 2 * b, 9); + } + for (i = 0; i < 256; i++) { + a = b = c = d = i; + switch (kLen) { + case 4: + a = q[1][a] ^ getB(sKey[3], 0); + b = q[0][b] ^ getB(sKey[3], 1); + c = q[0][c] ^ getB(sKey[3], 2); + d = q[1][d] ^ getB(sKey[3], 3); + case 3: + a = q[1][a] ^ getB(sKey[2], 0); + b = q[1][b] ^ getB(sKey[2], 1); + c = q[0][c] ^ getB(sKey[2], 2); + d = q[0][d] ^ getB(sKey[2], 3); + case 2: + tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; + tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; + tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; + tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + } + } + } - if (this === p) - return true; + function tfsG0(x) { + return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; + } - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; + function tfsG1(x) { + return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; + } - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; - }; + function tfsFrnd(r, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); + blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); + blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + } - JPoint.prototype.eqXToP = function eqXToP(x) { - var zs = this.z.redSqr(); - var rx = x.toRed(this.curve.red).redMul(zs); - if (this.x.cmp(rx) === 0) - return true; + function tfsIrnd(i, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; + blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; + blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + } - var xc = x.clone(); - var t = this.curve.redN.redMul(zs); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; + function tfsClose() { + tfsKey = []; + tfsM = [ + [], + [], + [], + [] + ]; + } - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; + function tfsEncrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], + getW(dataBytes, dataOffset + 4) ^ tfsKey[1], + getW(dataBytes, dataOffset + 8) ^ tfsKey[2], + getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; + for (let j = 0; j < 8; j++) { + tfsFrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); + dataOffset += 16; + return dataBytes; } - }; - JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; - }; + function tfsDecrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], + getW(dataBytes, dataOffset + 4) ^ tfsKey[5], + getW(dataBytes, dataOffset + 8) ^ tfsKey[6], + getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; + for (let j = 7; j >= 0; j--) { + tfsIrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); + dataOffset += 16; + } - JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; - }; + // added by Recurity Labs - function MontCurve(conf) { - base.call(this, 'mont', conf); + function tfsFinal() { + return dataBytes; + } - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - // Note: this implementation is according to the original paper - // by P. Montgomery, NOT the one by D. J. Bernstein. - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); + return { + name: 'twofish', + blocksize: 128 / 8, + open: tfsInit, + close: tfsClose, + encrypt: tfsEncrypt, + decrypt: tfsDecrypt, + // added by Recurity Labs + finalize: tfsFinal + }; } - inherits_browser(MontCurve, base); - var mont = MontCurve; - MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); + // added by Recurity Labs - return y.redSqr().cmp(rhs) === 0; - }; + function TF(key) { + this.tf = createTwofish(); + this.tf.open(Array.from(key), 0); - function Point$1(curve, x, z) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } + this.encrypt = function(block) { + return this.tf.encrypt(Array.from(block), 0); + }; } - inherits_browser(Point$1, base.BasePoint); - - MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - var bytes = utils_1$1.toArray(bytes, enc); - - // TODO Curve448 - // Montgomery curve points must be represented in the compressed format - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (bytes.length === 33 && bytes[0] === 0x40) - bytes = bytes.slice(1, 33).reverse(); // point must be little-endian - if (bytes.length !== 32) - throw new Error('Unknown point compression format'); - return this.point(bytes, 1); - }; - - MontCurve.prototype.point = function point(x, z) { - return new Point$1(this, x, z); - }; - - MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$1.fromJSON(this, obj); - }; - - Point$1.prototype.precompute = function precompute() { - // No-op - }; - - Point$1.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - - // Note: the output should always be little-endian - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (compact) { - return [ 0x40 ].concat(this.getX().toArray('le', len)); - } else { - return this.getX().toArray('be', len); - } - }; - - Point$1.fromJSON = function fromJSON(curve, obj) { - return new Point$1(curve, obj[0], obj[1] || curve.one); - }; - - Point$1.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; - }; - Point$1.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; - }; + TF.keySize = TF.prototype.keySize = 32; + TF.blockSize = TF.prototype.blockSize = 16; - Point$1.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A - - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); - }; + /* Modified by Recurity Labs GmbH + * + * Originally written by nklein software (nklein.com) + */ - Point$1.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); - }; + /* + * Javascript implementation based on Bruce Schneier's reference implementation. + * + * + * The constructor doesn't do much of anything. It's just here + * so we can start defining properties and methods and such. + */ + function Blowfish() {} - Point$1.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A - - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); - }; + /* + * Declare the block size so that protocols know what size + * Initialization Vector (IV) they will need. + */ + Blowfish.prototype.BLOCKSIZE = 8; - Point$1.prototype.mul = function mul(k) { - k = new bn(k, 16); + /* + * These are the default SBOXES. + */ + Blowfish.prototype.SBOXES = [ + [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + ], + [ + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + ], + [ + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + ], + [ + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ] + ]; - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q + //* + //* This is the default PARRAY + //* + Blowfish.prototype.PARRAY = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b + ]; - for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1)) - bits.push(t.andln(1)); + //* + //* This is the number of rounds the cipher will go + //* + Blowfish.prototype.NN = 16; - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); - } + //* + //* This function is needed to get rid of problems + //* with the high-bit getting set. If we don't do + //* this, then sometimes ( aa & 0x00FFFFFFFF ) is not + //* equal to ( bb & 0x00FFFFFFFF ) even when they + //* agree bit-for-bit for the first 32 bits. + //* + Blowfish.prototype._clean = function(xx) { + if (xx < 0) { + const yy = xx & 0x7FFFFFFF; + xx = yy + 0x80000000; } - return b; - }; - - Point$1.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); - }; - - Point$1.prototype.jumlAdd = function jumlAdd() { - throw new Error('Not supported on Montgomery curve'); - }; - - Point$1.prototype.eq = function eq(other) { - return this.getX().cmp(other.getX()) === 0; - }; - - Point$1.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; - }; - - Point$1.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); - - return this.x.fromRed(); + return xx; }; - var assert$4 = utils_1$1.assert; - - function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - - base.call(this, 'edwards', conf); - - this.a = new bn(conf.a, 16).umod(this.red.m); - this.a = this.a.toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); + //* + //* This is the mixing function that uses the sboxes + //* + Blowfish.prototype._F = function(xx) { + let yy; - assert$4(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; - } - inherits_browser(EdwardsCurve, base); - var edwards = EdwardsCurve; + const dd = xx & 0x00FF; + xx >>>= 8; + const cc = xx & 0x00FF; + xx >>>= 8; + const bb = xx & 0x00FF; + xx >>>= 8; + const aa = xx & 0x00FF; - EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); - }; + yy = this.sboxes[0][aa] + this.sboxes[1][bb]; + yy ^= this.sboxes[2][cc]; + yy += this.sboxes[3][dd]; - EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); + return yy; }; - // Just for compatibility with Short curve - EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); - }; + //* + //* This method takes an array with two values, left and right + //* and does NN rounds of Blowfish on them. + //* + Blowfish.prototype._encryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; - EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); + let ii; - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); + for (ii = 0; ii < this.NN; ++ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; - var y2 = rhs.redMul(lhs.redInvm()); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); + dataL ^= this.parray[this.NN + 0]; + dataR ^= this.parray[this.NN + 1]; - return this.point(x, y); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; - EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) { - y = new bn(y, 16); - if (!y.red) - y = y.toRed(this.red); - - // x^2 = (y^2 - c^2) / (c^2 d y^2 - a) - var y2 = y.redSqr(); - var lhs = y2.redSub(this.c2); - var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a); - var x2 = lhs.redMul(rhs.redInvm()); - - if (x2.cmp(this.zero) === 0) { - if (odd) - throw new Error('invalid point'); - else - return this.point(this.zero, y); + //* + //* This method takes a vector of numbers and turns them + //* into long words so that they can be processed by the + //* real algorithm. + //* + //* Maybe I should make the real algorithm above take a vector + //* instead. That will involve more looping, but it won't require + //* the F() method to deconstruct the vector. + //* + Blowfish.prototype.encryptBlock = function(vector) { + let ii; + const vals = [0, 0]; + const off = this.BLOCKSIZE / 2; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); + vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); } - var x = x2.redSqrt(); - if (x.redSqr().redSub(x2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + this._encryptBlock(vals); - if (x.fromRed().isOdd() !== odd) - x = x.redNeg(); + const ret = []; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); + ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); + // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); + // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + } - return this.point(x, y); + return ret; }; - EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; - - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); - - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - - return lhs.cmp(rhs) === 0; - }; + //* + //* This method takes an array with two values, left and right + //* and undoes NN rounds of Blowfish on them. + //* + Blowfish.prototype._decryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; - function Point$2(curve, x, y, z, t) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; - - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } - } - inherits_browser(Point$2, base.BasePoint); - - EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$2.fromJSON(this, obj); - }; + let ii; - EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point$2(this, x, y, z, t); - }; + for (ii = this.NN + 1; ii > 1; --ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; - Point$2.fromJSON = function fromJSON(curve, obj) { - return new Point$2(curve, obj[0], obj[1], obj[2]); - }; + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } - Point$2.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; - }; + dataL ^= this.parray[1]; + dataR ^= this.parray[0]; - Point$2.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - (this.y.cmp(this.z) === 0 || - (this.zOne && this.y.cmp(this.curve.c) === 0)); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; - Point$2.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); - }; + //* + //* This method takes a key array and initializes the + //* sboxes and parray for this encryption. + //* + Blowfish.prototype.init = function(key) { + let ii; + let jj = 0; - Point$2.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S - - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); - - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); + this.parray = []; + for (ii = 0; ii < this.NN + 2; ++ii) { + let data = 0x00000000; + for (let kk = 0; kk < 4; ++kk) { + data = (data << 8) | (key[jj] & 0x00FF); + if (++jj >= key.length) { + jj = 0; + } } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.z).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); - }; - - Point$2.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); - }; - - Point$2.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M - - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); - }; - - Point$2.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); + this.parray[ii] = this.PARRAY[ii] ^ data; } - return this.curve.point(nx, ny, nz); - }; - - Point$2.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); - }; + this.sboxes = []; + for (ii = 0; ii < 4; ++ii) { + this.sboxes[ii] = []; + for (jj = 0; jj < 256; ++jj) { + this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + } + } - Point$2.prototype.mul = function mul(k) { - if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); - }; + const vals = [0x00000000, 0x00000000]; - Point$2.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false); - }; + for (ii = 0; ii < this.NN + 2; ii += 2) { + this._encryptBlock(vals); + this.parray[ii + 0] = vals[0]; + this.parray[ii + 1] = vals[1]; + } - Point$2.prototype.jmulAdd = function jmulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true); + for (ii = 0; ii < 4; ++ii) { + for (jj = 0; jj < 256; jj += 2) { + this._encryptBlock(vals); + this.sboxes[ii][jj + 0] = vals[0]; + this.sboxes[ii][jj + 1] = vals[1]; + } + } }; - Point$2.prototype.normalize = function normalize() { - if (this.zOne) - return this; - - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; - }; + // added by Recurity Labs + function BF(key) { + this.bf = new Blowfish(); + this.bf.init(key); - Point$2.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); - }; + this.encrypt = function(block) { + return this.bf.encryptBlock(block); + }; + } - Point$2.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); - }; + BF.keySize = BF.prototype.keySize = 16; + BF.blockSize = BF.prototype.blockSize = 8; - Point$2.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); - }; + /** + * This file is needed to dynamic import the legacy ciphers. + * Separate dynamic imports are not convenient as they result in multiple chunks. + */ - Point$2.prototype.eq = function eq(other) { - return this === other || - this.getX().cmp(other.getX()) === 0 && - this.getY().cmp(other.getY()) === 0; - }; - Point$2.prototype.eqXToP = function eqXToP(x) { - var rx = x.toRed(this.curve.red).redMul(this.z); - if (this.x.cmp(rx) === 0) - return true; + const legacyCiphers = new Map([ + [enums.symmetric.tripledes, TripleDES], + [enums.symmetric.cast5, CAST5], + [enums.symmetric.blowfish, BF], + [enums.symmetric.twofish, TF] + ]); - var xc = x.clone(); - var t = this.curve.redN.redMul(this.z); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; + var legacy_ciphers = /*#__PURE__*/Object.freeze({ + __proto__: null, + legacyCiphers: legacyCiphers + }); - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } - }; + // SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms. + // Initial state + const SHA1_IV = /* @__PURE__ */ new Uint32Array([ + 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0, + ]); + // Temporary buffer, not used to store anything between runs + // Named this way because it matches specification. + const SHA1_W = /* @__PURE__ */ new Uint32Array(80); + class SHA1 extends HashMD { + constructor() { + super(64, 20, 8, false); + this.A = SHA1_IV[0] | 0; + this.B = SHA1_IV[1] | 0; + this.C = SHA1_IV[2] | 0; + this.D = SHA1_IV[3] | 0; + this.E = SHA1_IV[4] | 0; + } + get() { + const { A, B, C, D, E } = this; + return [A, B, C, D, E]; + } + set(A, B, C, D, E) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + SHA1_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 80; i++) + SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1); + // Compression function main loop, 80 rounds + let { A, B, C, D, E } = this; + for (let i = 0; i < 80; i++) { + let F, K; + if (i < 20) { + F = Chi(B, C, D); + K = 0x5a827999; + } + else if (i < 40) { + F = B ^ C ^ D; + K = 0x6ed9eba1; + } + else if (i < 60) { + F = Maj(B, C, D); + K = 0x8f1bbcdc; + } + else { + F = B ^ C ^ D; + K = 0xca62c1d6; + } + const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0; + E = D; + D = C; + C = rotl(B, 30); + B = A; + A = T; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + this.set(A, B, C, D, E); + } + roundClean() { + SHA1_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0); + this.buffer.fill(0); + } + } + /** + * SHA1 (RFC 3174) hash function. + * It was cryptographically broken: prefer newer algorithms. + * @param message - data that would be hashed + */ + const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1()); + + // https://homes.esat.kuleuven.be/~bosselae/ripemd160.html + // https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf + const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]); + const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i)); + const Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16); + let idxL = [Id]; + let idxR = [Pi]; + for (let i = 0; i < 4; i++) + for (let j of [idxL, idxR]) + j.push(j[i].map((k) => Rho[k])); + const shifts = /* @__PURE__ */ [ + [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], + [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7], + [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9], + [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6], + [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5], + ].map((i) => new Uint8Array(i)); + const shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j])); + const shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j])); + const Kl = /* @__PURE__ */ new Uint32Array([ + 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e, + ]); + const Kr = /* @__PURE__ */ new Uint32Array([ + 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000, + ]); + // It's called f() in spec. + function f(group, x, y, z) { + if (group === 0) + return x ^ y ^ z; + else if (group === 1) + return (x & y) | (~x & z); + else if (group === 2) + return (x | ~y) ^ z; + else if (group === 3) + return (x & z) | (y & ~z); + else + return x ^ (y | ~z); + } + // Temporary buffer, not used to store anything between runs + const R_BUF = /* @__PURE__ */ new Uint32Array(16); + class RIPEMD160 extends HashMD { + constructor() { + super(64, 20, 8, true); + this.h0 = 0x67452301 | 0; + this.h1 = 0xefcdab89 | 0; + this.h2 = 0x98badcfe | 0; + this.h3 = 0x10325476 | 0; + this.h4 = 0xc3d2e1f0 | 0; + } + get() { + const { h0, h1, h2, h3, h4 } = this; + return [h0, h1, h2, h3, h4]; + } + set(h0, h1, h2, h3, h4) { + this.h0 = h0 | 0; + this.h1 = h1 | 0; + this.h2 = h2 | 0; + this.h3 = h3 | 0; + this.h4 = h4 | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + R_BUF[i] = view.getUint32(offset, true); + // prettier-ignore + let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el; + // Instead of iterating 0 to 80, we split it into 5 groups + // And use the groups in constants, functions, etc. Much simpler + for (let group = 0; group < 5; group++) { + const rGroup = 4 - group; + const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore + const rl = idxL[group], rr = idxR[group]; // prettier-ignore + const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore + for (let i = 0; i < 16; i++) { + const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0; + al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore + } + // 2 loops are 10% faster + for (let i = 0; i < 16; i++) { + const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0; + ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore + } + } + // Add the compressed chunk to the current hash value + this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0); + } + roundClean() { + R_BUF.fill(0); + } + destroy() { + this.destroyed = true; + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0); + } + } + /** + * RIPEMD-160 - a hash function from 1990s. + * @param message - msg that would be hashed + */ + const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160()); - // Compatibility with BaseCurve - Point$2.prototype.toP = Point$2.prototype.normalize; - Point$2.prototype.mixedAdd = Point$2.prototype.add; + /** + * This file is needed to dynamic import the noble-hashes. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ - var curve_1 = createCommonjsModule(function (module, exports) { - var curve = exports; + const nobleHashes = new Map(Object.entries({ + sha1, + sha224, + sha256, + sha384, + sha512, + sha3_256, + sha3_512, + ripemd160 + })); - curve.base = base; - curve.short = short_1; - curve.mont = mont; - curve.edwards = edwards; + var noble_hashes = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleHashes: nobleHashes }); - var rotl32$2 = utils.rotl32; - var sum32$3 = utils.sum32; - var sum32_5$2 = utils.sum32_5; - var ft_1$1 = common$1.ft_1; - var BlockHash$4 = common.BlockHash; - - var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 - ]; + // Adapted from the reference implementation in RFC7693 + // Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes - function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); + // Uint64 values are represented using two Uint32s, stored as little endian + // NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays + // need to be manually handled - BlockHash$4.call(this); - this.h = [ - 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); + // 64-bit unsigned addition (little endian, in place) + // Sets a[i,i+1] += b[j,j+1] + // `a` and `b` must be Uint32Array(2) + function ADD64 (a, i, b, j) { + a[i] += b[j]; + a[i+1] += b[j+1] + (a[i] < b[j]); // add carry } - utils.inherits(SHA1, BlockHash$4); - var _1 = SHA1; + // Increment 64-bit little-endian unsigned value by `c` (in place) + // `a` must be Uint32Array(2) + function INC64 (a, c) { + a[0] += c; + a[1] += (a[0] < c); + } - SHA1.blockSize = 512; - SHA1.outSize = 160; - SHA1.hmacStrength = 80; - SHA1.padLength = 64; + // G Mixing function + // The ROTRs are inlined for speed + function G$1 (v, m, a, b, c, d, ix, iy) { + ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1] + ADD64(v, a, m, ix); // v[a, a+1] += x ... x0 - SHA1.prototype._update = function _update(msg, start) { - var W = this.W; + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits + let xor0 = v[d] ^ v[a]; + let xor1 = v[d + 1] ^ v[a + 1]; + v[d] = xor1; + v[d + 1] = xor0; - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; + ADD64(v, c, v, d); - for(; i < W.length; i++) - W[i] = rotl32$2(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor0 >>> 24) ^ (xor1 << 8); + v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8); - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; + ADD64(v, a, v, b); + ADD64(v, a, m, iy); - for (i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5$2(rotl32$2(a, 5), ft_1$1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32$2(b, 30); - b = a; - a = t; - } + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits + xor0 = v[d] ^ v[a]; + xor1 = v[d + 1] ^ v[a + 1]; + v[d] = (xor0 >>> 16) ^ (xor1 << 16); + v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16); - this.h[0] = sum32$3(this.h[0], a); - this.h[1] = sum32$3(this.h[1], b); - this.h[2] = sum32$3(this.h[2], c); - this.h[3] = sum32$3(this.h[3], d); - this.h[4] = sum32$3(this.h[4], e); - }; + ADD64(v, c, v, d); - SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); - }; + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor1 >>> 31) ^ (xor0 << 1); + v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1); + } - var sha1 = _1; - var sha224 = _224; - var sha256 = _256; - var sha384 = _384; - var sha512 = _512; - - var sha = { - sha1: sha1, - sha224: sha224, - sha256: sha256, - sha384: sha384, - sha512: sha512 - }; + // Initialization Vector + const BLAKE2B_IV32 = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 + ]); - function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; - - this._init(utils.toArray(key, enc)); - } - var hmac = Hmac; - - Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - minimalisticAssert(key.length <= this.blockSize); - - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); - - for (i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); - - // 0x36 ^ 0x5c = 0x6a - for (i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); - }; + // These are offsets into a Uint64 buffer. + // Multiply them all by 2 to make them offsets into a Uint32 buffer + const SIGMA = new Uint8Array([ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 + ].map(x => x * 2)); + + // Compression function. 'last' flag indicates last block. + // Note: we're representing 16 uint64s as 32 uint32s + function compress(S, last) { + const v = new Uint32Array(32); + const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32); + + // init work variables + for (let i = 0; i < 16; i++) { + v[i] = S.h[i]; + v[i + 16] = BLAKE2B_IV32[i]; + } + + // low 64 bits of offset + v[24] ^= S.t0[0]; + v[25] ^= S.t0[1]; + // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1 + + // if last block + const f0 = last ? 0xFFFFFFFF : 0; + v[28] ^= f0; + v[29] ^= f0; + + // twelve rounds of mixing + for (let i = 0; i < 12; i++) { + // ROUND(r) + const i16 = i << 4; + G$1(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1]); + G$1(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]); + G$1(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]); + G$1(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]); + G$1(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]); + G$1(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]); + G$1(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]); + G$1(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15]); + } + + for (let i = 0; i < 16; i++) { + S.h[i] ^= v[i] ^ v[i + 16]; + } + } + + // Creates a BLAKE2b hashing context + // Requires an output length between 1 and 64 bytes + // Takes an optional Uint8Array key + class Blake2b { + constructor(outlen, key, salt, personal) { + const params = new Uint8Array(64); + // 0: outlen, keylen, fanout, depth + // 4: leaf length, sequential mode + // 8: node offset + // 12: node offset + // 16: node depth, inner length, rfu + // 20: rfu + // 24: rfu + // 28: rfu + // 32: salt + // 36: salt + // 40: salt + // 44: salt + // 48: personal + // 52: personal + // 56: personal + // 60: personal + + // init internal state + this.S = { + b: new Uint8Array(BLOCKBYTES), + h: new Uint32Array(OUTBYTES_MAX / 4), + t0: new Uint32Array(2), // input counter `t`, lower 64-bits only + c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES` + outlen // output length in bytes + }; - Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); - return this; - }; + // init parameter block + params[0] = outlen; + if (key) params[1] = key.length; + params[2] = 1; // fanout + params[3] = 1; // depth + if (salt) params.set(salt, 32); + if (personal) params.set(personal, 48); + const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT); - Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); - }; + // initialize hash state + for (let i = 0; i < 16; i++) { + this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i]; + } - var hash_1 = createCommonjsModule(function (module, exports) { - var hash = exports; - - hash.utils = utils; - hash.common = common; - hash.sha = sha; - hash.ripemd = ripemd; - hash.hmac = hmac; - - // Proxy hash functions to the main object - hash.sha1 = hash.sha.sha1; - hash.sha256 = hash.sha.sha256; - hash.sha224 = hash.sha.sha224; - hash.sha384 = hash.sha.sha384; - hash.sha512 = hash.sha.sha512; - hash.ripemd160 = hash.ripemd.ripemd160; - }); + // key the hash, if applicable + if (key) { + const block = new Uint8Array(BLOCKBYTES); + block.set(key); + this.update(block); + } + } - var secp256k1 = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] + // Updates a BLAKE2b streaming hash + // Requires Uint8Array (byte array) + update(input) { + if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer') + // for (let i = 0; i < input.length; i++) { + // if (this.S.c === BLOCKBYTES) { // buffer full + // INC64(this.S.t0, this.S.c) // add counters + // compress(this.S, false) + // this.S.c = 0 // empty buffer + // } + // this.S.b[this.S.c++] = input[i] + // } + let i = 0; + while(i < input.length) { + if (this.S.c === BLOCKBYTES) { // buffer full + INC64(this.S.t0, this.S.c); // add counters + compress(this.S, false); + this.S.c = 0; // empty buffer + } + let left = BLOCKBYTES - this.S.c; + this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds + const fill = Math.min(left, input.length - i); + this.S.c += fill; + i += fill; + } + return this } - }; - var curves_1 = createCommonjsModule(function (module, exports) { + /** + * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one + * @param {Uint8Array} [prealloc] - optional preallocated buffer + * @returns {ArrayBuffer} message digest + */ + digest(prealloc) { + INC64(this.S.t0, this.S.c); // mark last block offset + + // final block, padded + this.S.b.fill(0, this.S.c); + this.S.c = BLOCKBYTES; + compress(this.S, true); + + const out = prealloc || new Uint8Array(this.S.outlen); + for (let i = 0; i < this.S.outlen; i++) { + // must be loaded individually since default Uint32 endianness is platform dependant + out[i] = this.S.h[i >> 2] >> (8 * (i & 3)); + } + this.S.h = null; // prevent calling `update` after `digest` + return out.buffer; + } + } - var curves = exports; + function createHash(outlen, key, salt, personal) { + if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`) + return new Blake2b(outlen, key, salt, personal) + } + const OUTBYTES_MAX = 64; + const BLOCKBYTES = 128; + const TYPE = 2; // Argon2id + const VERSION = 0x13; + const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; + const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1; + const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; + const SALTBYTES_MIN = 8; + const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; + const passwordBYTES_MIN = 8; + const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; + const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional) + const SECRETBYTES_MAX = 32; // key (optional) - var assert = utils_1$1.assert; + const ARGON2_BLOCK_SIZE = 1024; + const ARGON2_PREHASH_DIGEST_LENGTH = 64; - function PresetCurve(options) { - if (options.type === 'short') - this.curve = new curve_1.short(options); - else if (options.type === 'edwards') - this.curve = new curve_1.edwards(options); - else if (options.type === 'mont') - this.curve = new curve_1.mont(options); - else throw new Error('Unknown curve type.'); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; + const isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd; - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O'); + // store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3]) + function LE32(buf, n, i) { + buf[i+0] = n; + buf[i+1] = n >> 8; + buf[i+2] = n >> 16; + buf[i+3] = n >> 24; + return buf; } - curves.PresetCurve = PresetCurve; - function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } - }); + /** + * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7]) + * @param {Uint8Array} buf + * @param {Number} n + * @param {Number} i + */ + function LE64(buf, n, i) { + if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported"); + // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations + // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps) + // so we manually extract each byte + let remainder = n; + for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER + buf[offset] = remainder; // implicit & 0xff + remainder = (remainder - buf[offset]) / 256; + } + return buf; } - defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash_1.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] - }); + /** + * Variable-Length Hash Function H' + * @param {Number} outlen - T + * @param {Uint8Array} X - value to hash + * @param {Uint8Array} res - output buffer, of length `outlength` or larger + */ + function H_(outlen, X, res) { + const V = new Uint8Array(64); // no need to keep around all V_i - defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash_1.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] - }); + const V1_in = new Uint8Array(4 + X.length); + LE32(V1_in, outlen, 0); + V1_in.set(X, 4); + if (outlen <= 64) { + // H'^T(A) = H^T(LE32(T)||A) + createHash(outlen).update(V1_in).digest(res); + return res + } - defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash_1.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] - }); + const r = Math.ceil(outlen / 32) - 2; - defineCurve('p384', { - type: 'short', - prime: null, - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 ffffffff', - a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 fffffffc', - b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' + - '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef', - n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' + - 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973', - hash: hash_1.sha384, - gRed: false, - g: [ - 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' + - '5502f25d bf55296c 3a545e38 72760ab7', - '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' + - '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f' - ] - }); + // Let V_i be a 64-byte block and W_i be its first 32 bytes. + // V_1 = H^(64)(LE32(T)||A) + // V_2 = H^(64)(V_1) + // ... + // V_r = H^(64)(V_{r-1}) + // V_{r+1} = H^(T-32*r)(V_{r}) + // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1} + for (let i = 0; i < r; i++) { + createHash(64).update(i === 0 ? V1_in : V).digest(V); + // store W_i in result buffer already + res.set(V.subarray(0, 32), i*32); + } + // V_{r+1} + const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest()); + res.set(V_r1, r*32); - defineCurve('p521', { - type: 'short', - prime: null, - p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff', - a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff fffffffc', - b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' + - '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' + - '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00', - n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' + - 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409', - hash: hash_1.sha512, - gRed: false, - g: [ - '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' + - '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' + - 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66', - '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' + - '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' + - '3fad0761 353c7086 a272c240 88be9476 9fd16650' - ] - }); + return res; + } - // https://tools.ietf.org/html/rfc7748#section-4.1 - defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '1', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '9' - ] - }); + // compute buf = xs ^ ys + function XOR(wasmContext, buf, xs, ys) { + wasmContext.fn.XOR( + buf.byteOffset, + xs.byteOffset, + ys.byteOffset, + ); + return buf + } - defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] - }); + /** + * @param {Uint8Array} X (read-only) + * @param {Uint8Array} Y (read-only) + * @param {Uint8Array} R - output buffer + * @returns + */ + function G(wasmContext, X, Y, R) { + wasmContext.fn.G( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; + } - // https://tools.ietf.org/html/rfc5639#section-3.4 - defineCurve('brainpoolP256r1', { - type: 'short', - prime: null, - p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377', - a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9', - b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6', - n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7', - hash: hash_1.sha256, // or 384, or 512 - gRed: false, - g: [ - '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', - '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997' - ] - }); + function G2(wasmContext, X, Y, R) { + wasmContext.fn.G2( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; + } + + // Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values. + function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) { + // For each segment, we do the following. First, we compute the value Z as: + // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) ) + wasmContext.refs.prngTmp.fill(0); + const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8); + LE64(Z, pass, 0); + LE64(Z, lane, 8); + LE64(Z, slice, 16); + LE64(Z, m_, 24); + LE64(Z, totalPasses, 32); + LE64(Z, TYPE, 40); + + // Then we compute q/(128*SL) 1024-byte values + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ), + // ..., + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )), + for(let i = 1; i <= segmentLength; i++) { + // tmp.set(Z); // no need to re-copy + LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed + const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR ); + + // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2 + // NB: the first generated pair must be used for the first block of the segment, and so on. + // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset. + for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) { + yield g2.subarray(k, k+8); + } + } + return []; + } + + function validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) { + const assertLength = (name, value, min, max) => { + if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); } + }; - // https://tools.ietf.org/html/rfc5639#section-3.6 - defineCurve('brainpoolP384r1', { - type: 'short', - prime: null, - p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' + - 'ACD3A729 901D1A71 87470013 3107EC53', - a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' + - '8AA5814A 503AD4EB 04A8C7DD 22CE2826', - b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' + - '7CB43902 95DBC994 3AB78696 FA504C11', - n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' + - 'CF3AB6AF 6B7FC310 3B883202 E9046565', - hash: hash_1.sha384, // or 512 - gRed: false, - g: [ - '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' + - 'E8E826E03436D646AAEF87B2E247D4AF1E', - '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' + - '280E4646217791811142820341263C5315' - ] - }); + if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version'); + assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX); + assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX); + assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX); + assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX); + // optional fields + ad && assertLength('associated data', ad, 0, ADBYTES_MAX); + secret && assertLength('secret', secret, 0, SECRETBYTES_MAX); - // https://tools.ietf.org/html/rfc5639#section-3.7 - defineCurve('brainpoolP512r1', { - type: 'short', - prime: null, - p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' + - '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3', - a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' + - '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA', - b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' + - '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723', - n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' + - '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069', - hash: hash_1.sha512, - gRed: false, - g: [ - '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' + - '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', - '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' + - '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892' - ] - }); + return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes }; + } - // https://en.bitcoin.it/wiki/Secp256k1 - var pre; - try { - pre = secp256k1; - } catch (e) { - pre = undefined; - } - - defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash_1.sha256, - - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' - } - ], + const KB = 1024; + const WASM_PAGE_SIZE = 64 * KB; - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] - }); - }); + function argon2id(params, { memory, instance: wasmInstance }) { + if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system - function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; + const ctx = validateParams({ type: TYPE, version: VERSION, ...params }); - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; + const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports; + const wasmRefs = {}; + const wasmFn = {}; + wasmFn.G = wasmG; + wasmFn.G2 = wasmG2; + wasmFn.XOR = wasmXOR; - this._reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; + // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p. + const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes)); + const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references + if (memory.buffer.byteLength < requiredMemory) { + const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE); + // If enough memory is available, the `memory.buffer` is internally detached and the reference updated. + // Otherwise, the operation fails, and the original memory can still be used. + memory.grow(missing); + } - var entropy = utils_1.toArray(options.entropy, options.entropyEnc || 'hex'); - var nonce = utils_1.toArray(options.nonce, options.nonceEnc || 'hex'); - var pers = utils_1.toArray(options.pers, options.persEnc || 'hex'); - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); - } - var hmacDrbg = HmacDRBG; + let offset = 0; + // Init wasm memory needed in other functions + wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length; + wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length; + wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length; + wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length; + // Init wasm memory needed locally + const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT; + const wasmContext = { fn: wasmFn, refs: wasmRefs }; + const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length; + const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE); + const allocatedMemory = new Uint8Array(memory.buffer, 0, offset); + + // 1. Establish H_0 + const H0 = getH0(ctx); + + // 2. Allocate the memory as m' 1024-byte blocks + // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns. + const q = m_ / ctx.lanes; + const B = new Array(ctx.lanes).fill(null).map(() => new Array(q)); + const initBlock = (i, j) => { + B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE); + return B[i][j]; + }; - HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); + for (let i = 0; i < ctx.lanes; i++) { + // const LEi = LE0; // since p = 1 for us + const tmp = new Uint8Array(H0.length + 8); + // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p + // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i)) + tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0)); + // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p + // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i)) + LE32(tmp, 1, H0.length); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1)); + } + + // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2 + // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes + // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc. + const SL = 4; // vertical slices + const segmentLength = q / SL; + for (let pass = 0; pass < ctx.passes; pass++) { + // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel + for (let sl = 0; sl < SL; sl++) { + const isDataIndependent = pass === 0 && sl <= 1; + for (let i = 0; i < ctx.lanes; i++) { // lane + // On the first slice of the first pass, blocks 0 and 1 are already filled + let segmentOffset = sl === 0 && pass === 0 ? 2 : 0; + // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory) + const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null; + for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) { + const j = sl * segmentLength + segmentOffset; + const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q] + + // we can assume the PRNG is never done + const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength); + const l = lz[0]; const z = lz[1]; + // for (let i = 0; i < p; i++ ) + // B[i][j] = G(B[i][j-1], B[l][z]) + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + if (pass === 0) initBlock(i, j); + G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]); + + // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one + if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]); + } + } + } + } + + // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column: + // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1] + const C = B[0][q-1]; + for(let i = 1; i < ctx.lanes; i++) { + XOR(wasmContext, C, C, B[i][q-1]); + } + + const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength)); + // clear memory since the module might be cached + allocatedMemory.fill(0); // clear sensitive contents + memory.grow(0); // allow deallocation + // 8. The output tag is computed as H'^T(C). + return tag; + + } + + function getH0(ctx) { + const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH); + const ZERO32 = new Uint8Array(4); + const params = new Uint8Array(24); + LE32(params, ctx.lanes, 0); + LE32(params, ctx.tagLength, 4); + LE32(params, ctx.memorySize, 8); + LE32(params, ctx.passes, 12); + LE32(params, ctx.version, 16); + LE32(params, ctx.type, 20); + + const toHash = [params]; + if (ctx.password) { + toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0)); + toHash.push(ctx.password); + } else { + toHash.push(ZERO32); // context.password.length + } - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; + if (ctx.salt) { + toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0)); + toHash.push(ctx.salt); + } else { + toHash.push(ZERO32); // context.salt.length } - this._update(seed); - this._reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 - }; + if (ctx.secret) { + toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0)); + toHash.push(ctx.secret); + // todo clear secret? + } else { + toHash.push(ZERO32); // context.secret.length + } - HmacDRBG.prototype._hmac = function hmac() { - return new hash_1.hmac(this.hash, this.K); - }; + if (ctx.ad) { + toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0)); + toHash.push(ctx.ad); + } else { + toHash.push(ZERO32); // context.ad.length + } + H.update(concatArrays(toHash)); - HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; + const outputBuffer = H.digest(); + return new Uint8Array(outputBuffer); + } - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); - }; + function concatArrays(arrays) { + if (arrays.length === 1) return arrays[0]; + + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!(arrays[i] instanceof Uint8Array)) { + throw new Error('concatArrays: Data must be in the form of a Uint8Array'); + } - HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; + totalLength += arrays[i].length; } - entropy = utils_1.toArray(entropy, entropyEnc); - add = utils_1.toArray(add, addEnc); + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach((element) => { + result.set(element, pos); + pos += element.length; + }); + + return result; + } + + let isSIMDSupported; + async function wasmLoader(memory, getSIMD, getNonSIMD) { + const importObject = { env: { memory } }; + if (isSIMDSupported === undefined) { + try { + const loaded = await getSIMD(importObject); + isSIMDSupported = true; + return loaded; + } catch(e) { + isSIMDSupported = false; + } + } - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); + const loader = isSIMDSupported ? getSIMD : getNonSIMD; + return loader(importObject); + } - this._update(entropy.concat(add || [])); - this._reseed = 1; - }; + async function setupWasm(getSIMD, getNonSIMD) { + const memory = new WebAssembly.Memory({ + // in pages of 64KiB each + // these values need to be compatible with those declared when building in `build-wasm` + initial: 1040, // 65MB + maximum: 65536, // 4GB + }); + const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD); - HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this._reseed > this.reseedInterval) - throw new Error('Reseed is required'); + /** + * Argon2id hash function + * @callback computeHash + * @param {Object} params + * @param {Uint8Array} params.password - password + * @param {Uint8Array} params.salt - salt + * @param {Integer} params.parallelism + * @param {Integer} params.passes + * @param {Integer} params.memorySize - in kibibytes + * @param {Integer} params.tagLength - output tag length + * @param {Uint8Array} [params.ad] - associated data (optional) + * @param {Uint8Array} [params.secret] - secret data (optional) + * @return {Uint8Array} argon2id hash + */ + const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory }); - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; - } + return computeHash; + } - // Optional additional data - if (add) { - add = utils_1.toArray(add, addEnc || 'hex'); - this._update(add); - } + function _loadWasmModule (sync, filepath, src, imports) { + function _instantiateOrCompile(source, imports, stream) { + var instantiateFunc = WebAssembly.instantiate; + var compileFunc = WebAssembly.compile; - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); + if (imports) { + return instantiateFunc(source, imports) + } else { + return compileFunc(source) + } } - var res = temp.slice(0, len); - this._update(add); - this._reseed++; - return utils_1.encode(res, enc); - }; + + var buf = null; - var assert$5 = utils_1$1.assert; - function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; + var raw = globalThis.atob(src); + var rawLength = raw.length; + buf = new Uint8Array(new ArrayBuffer(rawLength)); + for(var i = 0; i < rawLength; i++) { + buf[i] = raw.charCodeAt(i); + } + - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); + + { + return _instantiateOrCompile(buf, imports) + } } - var key = KeyPair; - KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; + function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)} - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); - }; + function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)} - KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; + const loadWasm = async () => setupWasm( + (instanceObject) => wasmSIMD(instanceObject), + (instanceObject) => wasmNonSIMD(instanceObject), + ); - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); - }; + var index$1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + default: loadWasm + }); - // TODO: should not validate for X25519 - KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); + /* + node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; + Copyright (C) 2012 Eli Skeggs - return { result: true, reason: null }; - }; + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - KeyPair.prototype.getPublic = function getPublic(enc, compact) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - if (!enc) - return this.pub; + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see + http://www.gnu.org/licenses/lgpl-2.1.html - return this.pub.encode(enc, compact); - }; + Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). - KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; - }; + Based on micro-bunzip by Rob Landley (rob@landley.net). - KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // For Curve25519/Curve448 we have a specific procedure. - // TODO Curve448 - if (this.ec.curve.type === 'mont') { - var one = this.ec.curve.one; - var mask = one.ushln(255 - 3).sub(one).ushln(3); - this.priv = this.priv.or(one.ushln(255 - 1)); - this.priv = this.priv.and(mask); - } else - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.umod(this.ec.curve.n); - }; + Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), + which also acknowledges contributions by Mike Burrows, David Wheeler, + Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, + Robert Sedgewick, and Jon L. Bentley. + */ - KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - // Montgomery points only have an `x` coordinate. - // Weierstrass/Edwards points on the other hand have both `x` and - // `y` coordinates. - if (this.ec.curve.type === 'mont') { - assert$5(key.x, 'Need x coordinate'); - } else if (this.ec.curve.type === 'short' || - this.ec.curve.type === 'edwards') { - assert$5(key.x && key.y, 'Need both x and y coordinate'); - } - this.pub = this.ec.curve.point(key.x, key.y); - return; - } - this.pub = this.ec.curve.decodePoint(key, enc); - }; + var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; - // ECDH - KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); + // offset in bytes + var BitReader$1 = function(stream) { + this.stream = stream; + this.bitOffset = 0; + this.curByte = 0; + this.hasByte = false; }; - // ECDSA - KeyPair.prototype.sign = function sign(msg, enc, options) { - return this.ec.sign(msg, this, enc, options); + BitReader$1.prototype._ensureByte = function() { + if (!this.hasByte) { + this.curByte = this.stream.readByte(); + this.hasByte = true; + } }; - KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); + // reads bits from the buffer + BitReader$1.prototype.read = function(bits) { + var result = 0; + while (bits > 0) { + this._ensureByte(); + var remaining = 8 - this.bitOffset; + // if we're in a byte + if (bits >= remaining) { + result <<= remaining; + result |= BITMASK[remaining] & this.curByte; + this.hasByte = false; + this.bitOffset = 0; + bits -= remaining; + } else { + result <<= bits; + var shift = remaining - bits; + result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; + this.bitOffset += bits; + bits = 0; + } + } + return result; }; - KeyPair.prototype.inspect = function inspect() { - return ''; + // seek to an arbitrary point in the buffer (expressed in bits) + BitReader$1.prototype.seek = function(pos) { + var n_bit = pos % 8; + var n_byte = (pos - n_bit) / 8; + this.bitOffset = n_bit; + this.stream.seek(n_byte); + this.hasByte = false; }; - var assert$6 = utils_1$1.assert; - - function Signature$1(options, enc) { - if (options instanceof Signature$1) - return options; - - if (this._importDER(options, enc)) - return; + // reads 6 bytes worth of data using the read method + BitReader$1.prototype.pi = function() { + var buf = new Uint8Array(6), i; + for (i = 0; i < buf.length; i++) { + buf[i] = this.read(8); + } + return bufToHex(buf); + }; - assert$6(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); - if (options.recoveryParam === undefined) - this.recoveryParam = null; - else - this.recoveryParam = options.recoveryParam; + function bufToHex(buf) { + return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); } - var signature$1 = Signature$1; - function Position() { - this.place = 0; - } + var bitreader = BitReader$1; - function getLength(buf, p) { - var initial = buf[p.place++]; - if (!(initial & 0x80)) { - return initial; - } - var octetLen = initial & 0xf; - var val = 0; - for (var i = 0, off = p.place; i < octetLen; i++, off++) { - val <<= 8; - val |= buf[off]; - } - p.place = off; - return val; - } + /* very simple input/output stream interface */ - function rmPadding(buf) { - var i = 0; - var len = buf.length - 1; - while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) { - i++; - } - if (i === 0) { - return buf; - } - return buf.slice(i); - } + var Stream$1 = function() { + }; - Signature$1.prototype._importDER = function _importDER(data, enc) { - data = utils_1$1.toArray(data, enc); - var p = new Position(); - if (data[p.place++] !== 0x30) { - return false; - } - var len = getLength(data, p); - if ((len + p.place) !== data.length) { - return false; - } - if (data[p.place++] !== 0x02) { - return false; - } - var rlen = getLength(data, p); - var r = data.slice(p.place, rlen + p.place); - p.place += rlen; - if (data[p.place++] !== 0x02) { - return false; - } - var slen = getLength(data, p); - if (data.length !== slen + p.place) { - return false; - } - var s = data.slice(p.place, slen + p.place); - if (r[0] === 0 && (r[1] & 0x80)) { - r = r.slice(1); - } - if (s[0] === 0 && (s[1] & 0x80)) { - s = s.slice(1); + // input streams ////////////// + /** Returns the next byte, or -1 for EOF. */ + Stream$1.prototype.readByte = function() { + throw new Error("abstract method readByte() not implemented"); + }; + /** Attempts to fill the buffer; returns number of bytes read, or + * -1 for EOF. */ + Stream$1.prototype.read = function(buffer, bufOffset, length) { + var bytesRead = 0; + while (bytesRead < length) { + var c = this.readByte(); + if (c < 0) { // EOF + return (bytesRead===0) ? -1 : bytesRead; + } + buffer[bufOffset++] = c; + bytesRead++; } - - this.r = new bn(r); - this.s = new bn(s); - this.recoveryParam = null; - - return true; + return bytesRead; + }; + Stream$1.prototype.seek = function(new_pos) { + throw new Error("abstract method seek() not implemented"); }; - function constructLength(arr, len) { - if (len < 0x80) { - arr.push(len); - return; + // output streams /////////// + Stream$1.prototype.writeByte = function(_byte) { + throw new Error("abstract method readByte() not implemented"); + }; + Stream$1.prototype.write = function(buffer, bufOffset, length) { + var i; + for (i=0; i>> 3); - arr.push(octets | 0x80); - while (--octets) { - arr.push((len >>> (octets << 3)) & 0xff); - } - arr.push(len); - } - - Signature$1.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); - - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); - - r = rmPadding(r); - s = rmPadding(s); - - while (!s[0] && !(s[1] & 0x80)) { - s = s.slice(1); - } - var arr = [ 0x02 ]; - constructLength(arr, r.length); - arr = arr.concat(r); - arr.push(0x02); - constructLength(arr, s.length); - var backHalf = arr.concat(s); - var res = [ 0x30 ]; - constructLength(res, backHalf.length); - res = res.concat(backHalf); - return utils_1$1.encode(res, enc); + return length; + }; + Stream$1.prototype.flush = function() { }; - var assert$7 = utils_1$1.assert; + var stream = Stream$1; + /* CRC32, used in Bzip2 implementation. + * This is a port of CRC32.java from the jbzip2 implementation at + * https://code.google.com/p/jbzip2 + * which is: + * Copyright (c) 2011 Matthew Francis + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * This JavaScript implementation is: + * Copyright (c) 2013 C. Scott Ananian + * with the same licensing terms as Matthew Francis' original implementation. + */ + var crc32 = (function() { + /** + * A static CRC lookup table + */ + var crc32Lookup = new Uint32Array([ + 0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005, + 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61, 0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, + 0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75, + 0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd, + 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039, 0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, + 0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d, + 0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95, + 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1, 0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, + 0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072, + 0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca, + 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde, 0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, + 0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba, + 0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692, + 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6, 0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, + 0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2, + 0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a, + 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637, 0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, + 0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53, + 0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b, + 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff, 0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, + 0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b, + 0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3, + 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7, 0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, + 0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3, + 0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c, + 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8, 0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, + 0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec, + 0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654, + 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0, 0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, + 0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4, + 0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c, + 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668, 0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4 + ]); - function EC(options) { - if (!(this instanceof EC)) - return new EC(options); + var CRC32 = function() { + /** + * The current CRC + */ + var crc = 0xffffffff; - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert$7(curves_1.hasOwnProperty(options), 'Unknown curve ' + options); + /** + * @return The current CRC + */ + this.getCRC = function() { + return (~crc) >>> 0; // return an unsigned value + }; - options = curves_1[options]; - } + /** + * Update the CRC with a single byte + * @param value The value to update the CRC with + */ + this.updateCRC = function(value) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + }; - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof curves_1.PresetCurve) - options = { curve: options }; + /** + * Update the CRC with a sequence of identical bytes + * @param value The value to update the CRC with + * @param count The number of bytes + */ + this.updateCRCRun = function(value, count) { + while (count-- > 0) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + } + }; + }; + return CRC32; + })(); - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.ushrn(1); - this.g = this.curve.g; + /* + seek-bzip - a pure-javascript module for seeking within bzip2 data - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); + Copyright (C) 2013 C. Scott Ananian + Copyright (C) 2012 Eli Skeggs + Copyright (C) 2011 Kevin Kwok - // Hash function for DRBG - this.hash = options.hash || options.curve.hash; - } - var ec = EC; + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. - EC.prototype.keyPair = function keyPair(options) { - return new key(this, options); - }; + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. - EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return key.fromPrivate(this, priv, enc); - }; + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see + http://www.gnu.org/licenses/lgpl-2.1.html - EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return key.fromPublic(this, pub, enc); - }; + Adapted from node-bzip, copyright 2012 Eli Skeggs. + Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.n.toArray() - }); + Based on micro-bunzip by Rob Landley (rob@landley.net). - // Key generation for curve25519 is simpler - if (this.curve.type === 'mont') { - var priv = new bn(drbg.generate(32)); - return this.keyFromPrivate(priv); - } + Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), + which also acknowledges contributions by Mike Burrows, David Wheeler, + Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, + Robert Sedgewick, and Jon L. Bentley. + */ - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; + var BitReader = bitreader; + var Stream = stream; + var CRC32 = crc32; - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); - }; + var MAX_HUFCODE_BITS = 20; + var MAX_SYMBOLS = 258; + var SYMBOL_RUNA = 0; + var SYMBOL_RUNB = 1; + var MIN_GROUPS = 2; + var MAX_GROUPS = 6; + var GROUP_SIZE = 50; - EC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) { - bitSize = bitSize || msg.byteLength() * 8; - var delta = bitSize - this.n.bitLength(); - if (delta > 0) - msg = msg.ushrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; - }; + var WHOLEPI = "314159265359"; + var SQRTPI = "177245385090"; - EC.prototype.truncateMsg = function truncateMSG(msg) { - // Bit size is only determined correctly for Uint8Arrays and hex strings - var bitSize; - if (msg instanceof Uint8Array) { - bitSize = msg.byteLength * 8; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else if (typeof msg === 'string') { - bitSize = msg.length * 4; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else { - msg = this._truncateToN(new bn(msg, 16)); + var mtf = function(array, index) { + var src = array[index], i; + for (i = index; i > 0; i--) { + array[i] = array[i-1]; } - return msg; + array[0] = src; + return src; }; - EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this.truncateMsg(msg); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray('be', bytes); - - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray('be', bytes); - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - entropy: bkey, - nonce: nonce, - pers: options.pers, - persEnc: options.persEnc || 'utf8' - }); - - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); + var Err = { + OK: 0, + LAST_BLOCK: -1, + NOT_BZIP_DATA: -2, + UNEXPECTED_INPUT_EOF: -3, + UNEXPECTED_OUTPUT_EOF: -4, + DATA_ERROR: -5, + OUT_OF_MEMORY: -6, + OBSOLETE_INPUT: -7, + END_OF_BLOCK: -8 + }; + var ErrorMessages = {}; + ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; + ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; + ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; + ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; + ErrorMessages[Err.DATA_ERROR] = "Data error"; + ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; + ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - for (var iter = 0; true; iter++) { - var k = options.k ? - options.k(iter) : - new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; + var _throw = function(status, optDetail) { + var msg = ErrorMessages[status] || 'unknown error'; + if (optDetail) { msg += ': '+optDetail; } + var e = new TypeError(msg); + e.errorCode = status; + throw e; + }; - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; + var Bunzip = function(inputStream, outputStream) { + this.writePos = this.writeCurrent = this.writeCount = 0; - var kpX = kp.getX(); - var r = kpX.umod(this.n); - if (r.cmpn(0) === 0) - continue; + this._start_bunzip(inputStream, outputStream); + }; + Bunzip.prototype._init_block = function() { + var moreBlocks = this._get_next_block(); + if ( !moreBlocks ) { + this.writeCount = -1; + return false; /* no more blocks */ + } + this.blockCRC = new CRC32(); + return true; + }; + /* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ + Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { + /* Ensure that file starts with "BZh['1'-'9']." */ + var buf = new Uint8Array(4); + if (inputStream.read(buf, 0, 4) !== 4 || + String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') + _throw(Err.NOT_BZIP_DATA, 'bad magic'); - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); - s = s.umod(this.n); - if (s.cmpn(0) === 0) - continue; + var level = buf[3] - 0x30; + if (level < 1 || level > 9) + _throw(Err.NOT_BZIP_DATA, 'level out of range'); - var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | - (kpX.cmp(r) !== 0 ? 2 : 0); + this.reader = new BitReader(inputStream); - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) { - s = this.n.sub(s); - recoveryParam ^= 1; + /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of + uncompressed data. Allocate intermediate buffer for block. */ + this.dbufSize = 100000 * level; + this.nextoutput = 0; + this.outputStream = outputStream; + this.streamCRC = 0; + }; + Bunzip.prototype._get_next_block = function() { + var i, j, k; + var reader = this.reader; + // this is get_next_block() function from micro-bunzip: + /* Read in header signature and CRC, then validate signature. + (last block signature means CRC is for whole file, return now) */ + var h = reader.pi(); + if (h === SQRTPI) { // last block + return false; /* no more blocks */ + } + if (h !== WHOLEPI) + _throw(Err.NOT_BZIP_DATA); + this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) + this.streamCRC = (this.targetBlockCRC ^ + ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; + /* We can add support for blockRandomised if anybody complains. There was + some code for this in busybox 1.0.0-pre3, but nobody ever noticed that + it didn't actually work. */ + if (reader.read(1)) + _throw(Err.OBSOLETE_INPUT); + var origPointer = reader.read(24); + if (origPointer > this.dbufSize) + _throw(Err.DATA_ERROR, 'initial position out of bounds'); + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer + symbols to deal with, and writes a sparse bitfield indicating which + values were present. We make a translation table to convert the symbols + back to the corresponding bytes. */ + var t = reader.read(16); + var symToByte = new Uint8Array(256), symTotal = 0; + for (i = 0; i < 16; i++) { + if (t & (1 << (0xF - i))) { + var o = i * 16; + k = reader.read(16); + for (j = 0; j < 16; j++) + if (k & (1 << (0xF - j))) + symToByte[symTotal++] = o + j; } - - return new signature$1({ r: r, s: s, recoveryParam: recoveryParam }); } - }; - - EC.prototype.verify = function verify(msg, signature, key, enc) { - key = this.keyFromPublic(key, enc); - signature = new signature$1(signature, 'hex'); - // Fallback to the old code - var ret = this._verify(this.truncateMsg(msg), signature, key) || - this._verify(this._truncateToN(new bn(msg, 16)), signature, key); - return ret; - }; - EC.prototype._verify = function _verify(msg, signature, key) { - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; + /* How many different huffman coding groups does this block use? */ + var groupCount = reader.read(3); + if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) + _throw(Err.DATA_ERROR); + /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding + group. Read in the group selector list, which is stored as MTF encoded + bit runs. (MTF=Move To Front, as each value is used it's moved to the + start of the list.) */ + var nSelectors = reader.read(15); + if (nSelectors === 0) + _throw(Err.DATA_ERROR); - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).umod(this.n); - var u2 = sinv.mul(r).umod(this.n); + var mtfSymbol = new Uint8Array(256); + for (i = 0; i < groupCount; i++) + mtfSymbol[i] = i; - if (!this.curve._maxwellTrick) { - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; + var selectors = new Uint8Array(nSelectors); // was 32768... - return p.getX().umod(this.n).cmp(r) === 0; + for (i = 0; i < nSelectors; i++) { + /* Get next value */ + for (j = 0; reader.read(1); j++) + if (j >= groupCount) _throw(Err.DATA_ERROR); + /* Decode MTF to get the next selector */ + selectors[i] = mtf(mtfSymbol, j); } - // NOTE: Greg Maxwell's trick, inspired by: - // https://git.io/vad3K - - var p = this.g.jmulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - // Compare `p.x` of Jacobian point with `r`, - // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the - // inverse of `p.z^2` - return p.eqXToP(r); - }; + /* Read the huffman coding tables for each group, which code for symTotal + literal symbols, plus two run symbols (RUNA, RUNB) */ + var symCount = symTotal + 2; + var groups = [], hufGroup; + for (j = 0; j < groupCount; j++) { + var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); + /* Read huffman code lengths for each symbol. They're stored in + a way similar to mtf; record a starting value for the first symbol, + and an offset from the previous value for everys symbol after that. */ + t = reader.read(5); // lengths + for (i = 0; i < symCount; i++) { + for (;;) { + if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); + /* If first bit is 0, stop. Else second bit indicates whether + to increment or decrement the value. */ + if(!reader.read(1)) + break; + if(!reader.read(1)) + t++; + else + t--; + } + length[i] = t; + } - EC.prototype.recoverPubKey = function(msg, signature, j, enc) { - assert$7((3 & j) === j, 'The recovery param is more than two bits'); - signature = new signature$1(signature, enc); - - var n = this.n; - var e = new bn(msg); - var r = signature.r; - var s = signature.s; - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = j & 1; - var isSecondKey = j >> 1; - if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) - throw new Error('Unable to find sencond key candinate'); - - // 1.1. Let x = r + jn. - if (isSecondKey) - r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); - else - r = this.curve.pointFromX(r, isYOdd); - - var rInv = signature.r.invm(n); - var s1 = n.sub(e).mul(rInv).umod(n); - var s2 = s.mul(rInv).umod(n); - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - return this.g.mulAdd(s1, r, s2); - }; + /* Find largest and smallest lengths in this group */ + var minLen, maxLen; + minLen = maxLen = length[0]; + for (i = 1; i < symCount; i++) { + if (length[i] > maxLen) + maxLen = length[i]; + else if (length[i] < minLen) + minLen = length[i]; + } - EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) { - signature = new signature$1(signature, enc); - if (signature.recoveryParam !== null) - return signature.recoveryParam; + /* Calculate permute[], base[], and limit[] tables from length[]. + * + * permute[] is the lookup table for converting huffman coded symbols + * into decoded symbols. base[] is the amount to subtract from the + * value of a huffman symbol of a given length when using permute[]. + * + * limit[] indicates the largest numerical value a symbol with a given + * number of bits can have. This is how the huffman codes can vary in + * length: each code with a value>limit[length] needs another bit. + */ + hufGroup = {}; + groups.push(hufGroup); + hufGroup.permute = new Uint16Array(MAX_SYMBOLS); + hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); + hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); + hufGroup.minLen = minLen; + hufGroup.maxLen = maxLen; + /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ + var pp = 0; + for (i = minLen; i <= maxLen; i++) { + temp[i] = hufGroup.limit[i] = 0; + for (t = 0; t < symCount; t++) + if (length[t] === i) + hufGroup.permute[pp++] = t; + } + /* Count symbols coded for at each bit length */ + for (i = 0; i < symCount; i++) + temp[length[i]]++; + /* Calculate limit[] (the largest symbol-coding value at each bit + * length, which is (previous limit<<1)+symbols at this level), and + * base[] (number of symbols to ignore at each bit length, which is + * limit minus the cumulative count of symbols coded for already). */ + pp = t = 0; + for (i = minLen; i < maxLen; i++) { + pp += temp[i]; + /* We read the largest possible symbol size and then unget bits + after determining how many we need, and those extra bits could + be set to anything. (They're noise from future symbols.) At + each level we're really only interested in the first few bits, + so here we set all the trailing to-be-ignored bits to 1 so they + don't affect the value>limit[length] comparison. */ + hufGroup.limit[i] = pp - 1; + pp <<= 1; + t += temp[i]; + hufGroup.base[i + 1] = pp - t; + } + hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ + hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; + hufGroup.base[minLen] = 0; + } + /* We've finished reading and digesting the block header. Now read this + block's huffman coded symbols from the file and undo the huffman coding + and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - for (var i = 0; i < 4; i++) { - var Qprime; - try { - Qprime = this.recoverPubKey(e, signature, i); - } catch (e) { + /* Initialize symbol occurrence counters and symbol Move To Front table */ + var byteCount = new Uint32Array(256); + for (i = 0; i < 256; i++) + mtfSymbol[i] = i; + /* Loop through compressed symbols. */ + var runPos = 0, dbufCount = 0, selector = 0, uc; + var dbuf = this.dbuf = new Uint32Array(this.dbufSize); + symCount = 0; + for (;;) { + /* Determine which huffman coding group to use. */ + if (!(symCount--)) { + symCount = GROUP_SIZE - 1; + if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } + hufGroup = groups[selectors[selector++]]; + } + /* Read next huffman-coded symbol. */ + i = hufGroup.minLen; + j = reader.read(i); + for (;;i++) { + if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } + if (j <= hufGroup.limit[i]) + break; + j = (j << 1) | reader.read(1); + } + /* Huffman decode value to get nextSym (with bounds checking) */ + j -= hufGroup.base[i]; + if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } + var nextSym = hufGroup.permute[j]; + /* We have now decoded the symbol, which indicates either a new literal + byte, or a repeated run of the most recent literal byte. First, + check if nextSym indicates a repeated run, and if so loop collecting + how many times to repeat the last literal. */ + if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { + /* If this is the start of a new run, zero out counter */ + if (!runPos){ + runPos = 1; + t = 0; + } + /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at + each bit position, add 1 or 2 instead. For example, + 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. + You can make any bit pattern that way using 1 less symbol than + the basic or 0/1 method (except all bits 0, which would use no + symbols, but a run of length 0 doesn't mean anything in this + context). Thus space is saved. */ + if (nextSym === SYMBOL_RUNA) + t += runPos; + else + t += 2 * runPos; + runPos <<= 1; continue; } - - if (Qprime.eq(Q)) - return i; + /* When we hit the first non-run symbol after a run, we now know + how many times to repeat the last literal, so append that many + copies to our buffer of decoded symbols (dbuf) now. (The last + literal used is the one at the head of the mtfSymbol array.) */ + if (runPos){ + runPos = 0; + if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } + uc = symToByte[mtfSymbol[0]]; + byteCount[uc] += t; + while (t--) + dbuf[dbufCount++] = uc; + } + /* Is this the terminating symbol? */ + if (nextSym > symTotal) + break; + /* At this point, nextSym indicates a new literal character. Subtract + one to get the position in the MTF array at which this literal is + currently to be found. (Note that the result can't be -1 or 0, + because 0 and 1 are RUNA and RUNB. But another instance of the + first symbol in the mtf array, position 0, would have been handled + as part of a run above. Therefore 1 unused mtf position minus + 2 non-literal nextSym values equals -1.) */ + if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } + i = nextSym - 1; + uc = mtf(mtfSymbol, i); + uc = symToByte[uc]; + /* We have our literal byte. Save it into dbuf. */ + byteCount[uc]++; + dbuf[dbufCount++] = uc; } - throw new Error('Unable to find valid recovery factor'); - }; - - var assert$8 = utils_1$1.assert; - var parseBytes = utils_1$1.parseBytes; - var cachedProperty = utils_1$1.cachedProperty; - - /** - * @param {EDDSA} eddsa - instance - * @param {Object} params - public/private key parameters - * - * @param {Array} [params.secret] - secret seed bytes - * @param {Point} [params.pub] - public key point (aka `A` in eddsa terms) - * @param {Array} [params.pub] - public key point encoded as bytes - * - */ - function KeyPair$1(eddsa, params) { - this.eddsa = eddsa; - if (params.hasOwnProperty('secret')) - this._secret = parseBytes(params.secret); - if (eddsa.isPoint(params.pub)) - this._pub = params.pub; - else { - this._pubBytes = parseBytes(params.pub); - if (this._pubBytes && this._pubBytes.length === 33 && - this._pubBytes[0] === 0x40) - this._pubBytes = this._pubBytes.slice(1, 33); - if (this._pubBytes && this._pubBytes.length !== 32) - throw new Error('Unknown point compression format'); - } - } - - KeyPair$1.fromPublic = function fromPublic(eddsa, pub) { - if (pub instanceof KeyPair$1) - return pub; - return new KeyPair$1(eddsa, { pub: pub }); - }; - - KeyPair$1.fromSecret = function fromSecret(eddsa, secret) { - if (secret instanceof KeyPair$1) - return secret; - return new KeyPair$1(eddsa, { secret: secret }); - }; - - KeyPair$1.prototype.secret = function secret() { - return this._secret; - }; - - cachedProperty(KeyPair$1, 'pubBytes', function pubBytes() { - return this.eddsa.encodePoint(this.pub()); - }); - - cachedProperty(KeyPair$1, 'pub', function pub() { - if (this._pubBytes) - return this.eddsa.decodePoint(this._pubBytes); - return this.eddsa.g.mul(this.priv()); - }); - - cachedProperty(KeyPair$1, 'privBytes', function privBytes() { - var eddsa = this.eddsa; - var hash = this.hash(); - var lastIx = eddsa.encodingLength - 1; - - // https://tools.ietf.org/html/rfc8032#section-5.1.5 - var a = hash.slice(0, eddsa.encodingLength); - a[0] &= 248; - a[lastIx] &= 127; - a[lastIx] |= 64; - - return a; - }); - - cachedProperty(KeyPair$1, 'priv', function priv() { - return this.eddsa.decodeInt(this.privBytes()); - }); - - cachedProperty(KeyPair$1, 'hash', function hash() { - return this.eddsa.hash().update(this.secret()).digest(); - }); - - cachedProperty(KeyPair$1, 'messagePrefix', function messagePrefix() { - return this.hash().slice(this.eddsa.encodingLength); - }); - - KeyPair$1.prototype.sign = function sign(message) { - assert$8(this._secret, 'KeyPair can only verify'); - return this.eddsa.sign(message, this); - }; - - KeyPair$1.prototype.verify = function verify(message, sig) { - return this.eddsa.verify(message, sig, this); - }; - - KeyPair$1.prototype.getSecret = function getSecret(enc) { - assert$8(this._secret, 'KeyPair is public only'); - return utils_1$1.encode(this.secret(), enc); - }; - - KeyPair$1.prototype.getPublic = function getPublic(enc, compact) { - return utils_1$1.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc); - }; - - var key$1 = KeyPair$1; - - var assert$9 = utils_1$1.assert; - var cachedProperty$1 = utils_1$1.cachedProperty; - var parseBytes$1 = utils_1$1.parseBytes; - - /** - * @param {EDDSA} eddsa - eddsa instance - * @param {Array|Object} sig - - * @param {Array|Point} [sig.R] - R point as Point or bytes - * @param {Array|bn} [sig.S] - S scalar as bn or bytes - * @param {Array} [sig.Rencoded] - R point encoded - * @param {Array} [sig.Sencoded] - S scalar encoded - */ - function Signature$2(eddsa, sig) { - this.eddsa = eddsa; - - if (typeof sig !== 'object') - sig = parseBytes$1(sig); - - if (Array.isArray(sig)) { - sig = { - R: sig.slice(0, eddsa.encodingLength), - S: sig.slice(eddsa.encodingLength) - }; + /* At this point, we've read all the huffman-coded symbols (and repeated + runs) for this block from the input stream, and decoded them into the + intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. + Now undo the Burrows-Wheeler transform on dbuf. + See http://dogma.net/markn/articles/bwt/bwt.htm + */ + if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } + /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ + j = 0; + for (i = 0; i < 256; i++) { + k = j + byteCount[i]; + byteCount[i] = j; + j = k; } + /* Figure out what order dbuf would be in if we sorted it. */ + for (i = 0; i < dbufCount; i++) { + uc = dbuf[i] & 0xff; + dbuf[byteCount[uc]] |= (i << 8); + byteCount[uc]++; + } + /* Decode first byte by hand to initialize "previous" byte. Note that it + doesn't get output, and if the first three characters are identical + it doesn't qualify as a run (hence writeRunCountdown=5). */ + var pos = 0, current = 0, run = 0; + if (dbufCount) { + pos = dbuf[origPointer]; + current = (pos & 0xff); + pos >>= 8; + run = -1; + } + this.writePos = pos; + this.writeCurrent = current; + this.writeCount = dbufCount; + this.writeRun = run; - assert$9(sig.R && sig.S, 'Signature without R or S'); - - if (eddsa.isPoint(sig.R)) - this._R = sig.R; - if (sig.S instanceof bn) - this._S = sig.S; - - this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded; - this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded; - } - - cachedProperty$1(Signature$2, 'S', function S() { - return this.eddsa.decodeInt(this.Sencoded()); - }); - - cachedProperty$1(Signature$2, 'R', function R() { - return this.eddsa.decodePoint(this.Rencoded()); - }); - - cachedProperty$1(Signature$2, 'Rencoded', function Rencoded() { - return this.eddsa.encodePoint(this.R()); - }); - - cachedProperty$1(Signature$2, 'Sencoded', function Sencoded() { - return this.eddsa.encodeInt(this.S()); - }); - - Signature$2.prototype.toBytes = function toBytes() { - return this.Rencoded().concat(this.Sencoded()); - }; - - Signature$2.prototype.toHex = function toHex() { - return utils_1$1.encode(this.toBytes(), 'hex').toUpperCase(); - }; - - var signature$2 = Signature$2; - - var assert$a = utils_1$1.assert; - var parseBytes$2 = utils_1$1.parseBytes; - - - - function EDDSA(curve) { - assert$a(curve === 'ed25519', 'only tested with ed25519 so far'); - - if (!(this instanceof EDDSA)) - return new EDDSA(curve); - - var curve = curves_1[curve].curve; - this.curve = curve; - this.g = curve.g; - this.g.precompute(curve.n.bitLength() + 1); - - this.pointClass = curve.point().constructor; - this.encodingLength = Math.ceil(curve.n.bitLength() / 8); - this.hash = hash_1.sha512; - } - - var eddsa$1 = EDDSA; - - /** - * @param {Array|String} message - message bytes - * @param {Array|String|KeyPair} secret - secret bytes or a keypair - * @returns {Signature} - signature - */ - EDDSA.prototype.sign = function sign(message, secret) { - message = parseBytes$2(message); - var key = this.keyFromSecret(secret); - var r = this.hashInt(key.messagePrefix(), message); - var R = this.g.mul(r); - var Rencoded = this.encodePoint(R); - var s_ = this.hashInt(Rencoded, key.pubBytes(), message) - .mul(key.priv()); - var S = r.add(s_).umod(this.curve.n); - return this.makeSignature({ R: R, S: S, Rencoded: Rencoded }); + return true; /* more blocks to come */ }; - - /** - * @param {Array} message - message bytes - * @param {Array|String|Signature} sig - sig bytes - * @param {Array|String|Point|KeyPair} pub - public key - * @returns {Boolean} - true if public key matches sig of message + /* Undo burrows-wheeler transform on intermediate buffer to produce output. + If start_bunzip was initialized with out_fd=-1, then up to len bytes of + data are written to outbuf. Return value is number of bytes written or + error (all errors are negative numbers). If out_fd!=-1, outbuf and len + are ignored, data is written to out_fd and return is RETVAL_OK or error. */ - EDDSA.prototype.verify = function verify(message, sig, pub) { - message = parseBytes$2(message); - sig = this.makeSignature(sig); - var key = this.keyFromPublic(pub); - var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message); - var SG = this.g.mul(sig.S()); - var RplusAh = sig.R().add(key.pub().mul(h)); - return RplusAh.eq(SG); - }; - - EDDSA.prototype.hashInt = function hashInt() { - var hash = this.hash(); - for (var i = 0; i < arguments.length; i++) - hash.update(arguments[i]); - return utils_1$1.intFromLE(hash.digest()).umod(this.curve.n); - }; + Bunzip.prototype._read_bunzip = function(outputBuffer, len) { + var copies, previous, outbyte; + /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully + decoded, which results in this returning RETVAL_LAST_BLOCK, also + equal to -1... Confusing, I'm returning 0 here to indicate no + bytes written into the buffer */ + if (this.writeCount < 0) { return 0; } + var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; + var dbufCount = this.writeCount; this.outputsize; + var run = this.writeRun; - EDDSA.prototype.keyPair = function keyPair(options) { - return new key$1(this, options); + while (dbufCount) { + dbufCount--; + previous = current; + pos = dbuf[pos]; + current = pos & 0xff; + pos >>= 8; + if (run++ === 3){ + copies = current; + outbyte = previous; + current = -1; + } else { + copies = 1; + outbyte = current; + } + this.blockCRC.updateCRCRun(outbyte, copies); + while (copies--) { + this.outputStream.writeByte(outbyte); + this.nextoutput++; + } + if (current != previous) + run = 0; + } + this.writeCount = dbufCount; + // check CRC + if (this.blockCRC.getCRC() !== this.targetBlockCRC) { + _throw(Err.DATA_ERROR, "Bad block CRC "+ + "(got "+this.blockCRC.getCRC().toString(16)+ + " expected "+this.targetBlockCRC.toString(16)+")"); + } + return this.nextoutput; }; - EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) { - return key$1.fromPublic(this, pub); + var coerceInputStream = function(input) { + if ('readByte' in input) { return input; } + var inputStream = new Stream(); + inputStream.pos = 0; + inputStream.readByte = function() { return input[this.pos++]; }; + inputStream.seek = function(pos) { this.pos = pos; }; + inputStream.eof = function() { return this.pos >= input.length; }; + return inputStream; }; - - EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) { - return key$1.fromSecret(this, secret); + var coerceOutputStream = function(output) { + var outputStream = new Stream(); + var resizeOk = true; + if (output) { + if (typeof(output)==='number') { + outputStream.buffer = new Uint8Array(output); + resizeOk = false; + } else if ('writeByte' in output) { + return output; + } else { + outputStream.buffer = output; + resizeOk = false; + } + } else { + outputStream.buffer = new Uint8Array(16384); + } + outputStream.pos = 0; + outputStream.writeByte = function(_byte) { + if (resizeOk && this.pos >= this.buffer.length) { + var newBuffer = new Uint8Array(this.buffer.length*2); + newBuffer.set(this.buffer); + this.buffer = newBuffer; + } + this.buffer[this.pos++] = _byte; + }; + outputStream.getBuffer = function() { + // trim buffer + if (this.pos !== this.buffer.length) { + if (!resizeOk) + throw new TypeError('outputsize does not match decoded input'); + var newBuffer = new Uint8Array(this.pos); + newBuffer.set(this.buffer.subarray(0, this.pos)); + this.buffer = newBuffer; + } + return this.buffer; + }; + outputStream._coerced = true; + return outputStream; }; - EDDSA.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.curve.n.toArray() - }); + /* Static helper functions */ + // 'input' can be a stream or a buffer + // 'output' can be a stream or a buffer or a number (buffer size) + const decode = function(input, output, multistream) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); - return this.keyFromSecret(drbg.generate(32)); + var bz = new Bunzip(inputStream, outputStream); + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + if (bz._init_block()) { + bz._read_bunzip(); + } else { + var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) + if (targetStreamCRC !== bz.streamCRC) { + _throw(Err.DATA_ERROR, "Bad stream CRC "+ + "(got "+bz.streamCRC.toString(16)+ + " expected "+targetStreamCRC.toString(16)+")"); + } + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + } else break; + } + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; + const decodeBlock = function(input, pos, output) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + var bz = new Bunzip(inputStream, outputStream); + bz.reader.seek(pos); + /* Fill the decode buffer for the block */ + var moreBlocks = bz._get_next_block(); + if (moreBlocks) { + /* Init the CRC for writing */ + bz.blockCRC = new CRC32(); - EDDSA.prototype.makeSignature = function makeSignature(sig) { - if (sig instanceof signature$2) - return sig; - return new signature$2(this, sig); - }; + /* Zero this so the current byte from before the seek is not written */ + bz.writeCopies = 0; - /** - * * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2 - * - * EDDSA defines methods for encoding and decoding points and integers. These are - * helper convenience methods, that pass along to utility functions implied - * parameters. - * - */ - EDDSA.prototype.encodePoint = function encodePoint(point) { - var enc = point.getY().toArray('le', this.encodingLength); - enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0; - return enc; + /* Decompress the block and write to stdout */ + bz._read_bunzip(); + // XXX keep writing? + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; + /* Reads bzip2 file from stream or buffer `input`, and invoke + * `callback(position, size)` once for each bzip2 block, + * where position gives the starting position (in *bits*) + * and size gives uncompressed size of the block (in *bytes*). */ + const table = function(input, callback, multistream) { + // make a stream from a buffer, if necessary + var inputStream = new Stream(); + inputStream.delegate = coerceInputStream(input); + inputStream.pos = 0; + inputStream.readByte = function() { + this.pos++; + return this.delegate.readByte(); + }; + if (inputStream.delegate.eof) { + inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); + } + var outputStream = new Stream(); + outputStream.pos = 0; + outputStream.writeByte = function() { this.pos++; }; - EDDSA.prototype.decodePoint = function decodePoint(bytes) { - bytes = utils_1$1.parseBytes(bytes); - - var lastIx = bytes.length - 1; - var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80); - var xIsOdd = (bytes[lastIx] & 0x80) !== 0; - - var y = utils_1$1.intFromLE(normed); - return this.curve.pointFromY(y, xIsOdd); - }; + var bz = new Bunzip(inputStream, outputStream); + var blockSize = bz.dbufSize; + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; - EDDSA.prototype.encodeInt = function encodeInt(num) { - return num.toArray('le', this.encodingLength); - }; + var position = inputStream.pos*8 + bz.reader.bitOffset; + if (bz.reader.hasByte) { position -= 8; } - EDDSA.prototype.decodeInt = function decodeInt(bytes) { - return utils_1$1.intFromLE(bytes); + if (bz._init_block()) { + var start = outputStream.pos; + bz._read_bunzip(); + callback(position, outputStream.pos - start); + } else { + bz.reader.read(32); // (but we ignore the crc) + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + console.assert(bz.dbufSize === blockSize, + "shouldn't change block size within multistream file"); + } else break; + } + } }; - EDDSA.prototype.isPoint = function isPoint(val) { - return val instanceof this.pointClass; + var lib = { + Bunzip, + Stream, + Err, + decode, + decodeBlock, + table }; - var elliptic_1 = createCommonjsModule(function (module, exports) { - - var elliptic = exports; - - elliptic.utils = utils_1$1; - elliptic.rand = brorand; - elliptic.curve = curve_1; - elliptic.curves = curves_1; - - // Protocols - elliptic.ec = ec; - elliptic.eddsa = eddsa$1; - }); - - var elliptic$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': elliptic_1, - __moduleExports: elliptic_1 - }); + var index = /*#__PURE__*/_mergeNamespaces({ + __proto__: null + }, [lib]); exports.AEADEncryptedDataPacket = AEADEncryptedDataPacket; exports.CleartextMessage = CleartextMessage; @@ -44075,6 +28573,7 @@ var openpgp = (function (exports) { exports.Message = Message; exports.OnePassSignaturePacket = OnePassSignaturePacket; exports.PacketList = PacketList; + exports.PaddingPacket = PaddingPacket; exports.PrivateKey = PrivateKey; exports.PublicKey = PublicKey; exports.PublicKeyEncryptedSessionKeyPacket = PublicKeyEncryptedSessionKeyPacket; @@ -44096,15 +28595,15 @@ var openpgp = (function (exports) { exports.config = config; exports.createCleartextMessage = createCleartextMessage; exports.createMessage = createMessage; - exports.decrypt = decrypt$5; + exports.decrypt = decrypt; exports.decryptKey = decryptKey; exports.decryptSessionKeys = decryptSessionKeys; - exports.encrypt = encrypt$5; + exports.encrypt = encrypt; exports.encryptKey = encryptKey; exports.encryptSessionKey = encryptSessionKey; exports.enums = enums; exports.generateKey = generateKey; - exports.generateSessionKey = generateSessionKey$1; + exports.generateSessionKey = generateSessionKey; exports.readCleartextMessage = readCleartextMessage; exports.readKey = readKey; exports.readKeys = readKeys; @@ -44114,12 +28613,10 @@ var openpgp = (function (exports) { exports.readSignature = readSignature; exports.reformatKey = reformatKey; exports.revokeKey = revokeKey; - exports.sign = sign$6; + exports.sign = sign; exports.unarmor = unarmor; - exports.verify = verify$6; - - Object.defineProperty(exports, '__esModule', { value: true }); + exports.verify = verify; return exports; -}({})); +})({}); diff --git a/app/node_modules/openpgp/dist/openpgp.min.js b/app/node_modules/openpgp/dist/openpgp.min.js index a4ec44ed6..ba10ccc82 100644 --- a/app/node_modules/openpgp/dist/openpgp.min.js +++ b/app/node_modules/openpgp/dist/openpgp.min.js @@ -1,17 +1,16 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -var openpgp=function(e){"use strict";const t="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},r=Symbol("doneWritingPromise"),i=Symbol("doneWritingResolve"),n=Symbol("doneWritingReject"),a=Symbol("readingIndex");class s extends Array{constructor(){super(),this[r]=new Promise(((e,t)=>{this[i]=e,this[n]=t})),this[r].catch((()=>{}))}}function o(e){return e&&e.getReader&&Array.isArray(e)}function c(e){if(!o(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}s.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[r],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},s.prototype.readToEnd=async function(e){await this[r];const t=e(this.slice(this[a]));return this.length=0,t},s.prototype.clone=function(){const e=new s;return e[r]=this[r].then((()=>{e.push(...this)})),e},c.prototype.write=async function(e){this.stream.push(e)},c.prototype.close=async function(){this.stream[i]()},c.prototype.abort=async function(e){return this.stream[n](e),e},c.prototype.releaseLock=function(){};const u="object"==typeof t.process&&"object"==typeof t.process.versions,h=u&&void 0;function d(e){return o(e)?"array":t.ReadableStream&&t.ReadableStream.prototype.isPrototypeOf(e)?"web":A&&A.prototype.isPrototypeOf(e)?"ponyfill":h&&h.prototype.isPrototypeOf(e)?"node":!(!e||!e.getReader)&&"web-like"}function f(e){return Uint8Array.prototype.isPrototypeOf(e)}function l(e){if(1===e.length)return e[0];let t=0;for(let r=0;r{t||(p.isBuffer(i)&&(i=new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r.enqueue(i),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends y{constructor(e,t){super(t),this._reader=D(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t))break}}catch(e){this.destroy(e)}}async _destroy(e,t){this._reader.cancel(e).then(t,t)}}g=function(t,r){return new e(t,r)}}const m=new WeakSet,w=Symbol("externalBuffer");function v(e){if(this.stream=e,e[w]&&(this[w]=e[w].slice()),o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=async()=>{})}let t=d(e);if("node"===t&&(e=b(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||m.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{m.add(e)}catch(e){}}}v.prototype.read=async function(){if(this[w]&&this[w].length){return{done:!1,value:this[w].shift()}}return this._read()},v.prototype.releaseLock=function(){this[w]&&(this.stream[w]=this[w]),this._releaseLock()},v.prototype.cancel=function(e){return this._cancel(e)},v.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?C(t):void 0;const n=i.indexOf("\n")+1;n&&(e=C(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},v.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(N(t,1)),r},v.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?C(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=C(t);return this.unshift(N(r,e)),N(r,0,e)}}},v.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},v.prototype.unshift=function(...e){this[w]||(this[w]=[]),1===e.length&&f(e[0])&&this[w].length&&e[0].length&&this[w][0].byteOffset>=e[0].length?this[w][0]=new Uint8Array(this[w][0].buffer,this[w][0].byteOffset-e[0].length,this[w][0].byteLength+e[0].length):this[w].unshift(...e.filter((e=>e&&e.length)))},v.prototype.readToEnd=async function(e=C){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};let _,k,{ReadableStream:A,WritableStream:S,TransformStream:E}=t;async function P(){if(E)return;const[e,r]=await Promise.all([Promise.resolve().then((function(){return yp})),Promise.resolve().then((function(){return Tp}))]);({ReadableStream:A,WritableStream:S,TransformStream:E}=e);const{createReadableStreamWrapper:i}=r;t.ReadableStream&&A!==t.ReadableStream&&(_=i(A),k=i(t.ReadableStream))}const x=u&&void 0;function M(e){let t=d(e);return"node"===t?b(e):"web"===t&&_?_(e):t?e:new A({start(t){t.enqueue(e),t.close()}})}function K(e){if(d(e))return e;const t=new s;return(async()=>{const r=U(t);await r.write(e),await r.close()})(),t}function C(e){return e.some((e=>d(e)&&!o(e)))?function(e){e=e.map(M);const t=B((async function(e){await Promise.all(i.map((t=>H(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>z(i,((i,a)=>(r=r.then((()=>R(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>o(e)))?function(e){const t=new s;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>R(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):x&&x.isBuffer(e[0])?x.concat(e):l(e)}function D(e){return new v(e)}function U(e){return new c(e)}async function R(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(d(e)&&!o(e)){e=M(e);try{if(e[w]){const r=U(t);for(let t=0;t{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function T(e,t=(()=>{}),r=(()=>{})){if(o(e)){const i=new s;return(async()=>{const n=U(i);try{const i=await j(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?C([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(d(e))return I(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?C([i,n]):void 0!==i?i:n}function z(e,t){if(d(e)&&!o(e)){let r;const i=new E({start(e){r=e}}),n=R(e,i.writable),a=B((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=K(e);const r=new s;return t(e,r),r}function q(e,t){let r;const i=z(e,((e,n)=>{const a=D(e);a.remainder=()=>(a.releaseLock(),R(e,n),i),r=t(a)}));return r}function F(e){if(o(e))return e.clone();if(d(e)){const t=function(e){if(o(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(d(e)){const t=M(e).tee();return t[0][w]=t[1][w]=e[w],t}return[N(e),N(e)]}(e);return L(e,t[0]),t[1]}return N(e)}function O(e){return o(e)?F(e):d(e)?new A({start(t){const r=z(e,(async(e,r)=>{const i=D(e),n=U(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));L(e,r)}}):N(e)}function L(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function N(e,t=0,r=1/0){if(o(e))throw Error("Not implemented");if(d(e)){if(t>=0&&r>=0){let i=0;return I(e,{transform(e,n){i=t&&n.enqueue(N(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return T(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>N(C(i),t,r)))}if(0===t&&r<0){let i;return T(e,(e=>{const n=i?C([i,e]):e;if(n.length>=-r)return i=N(n,r),N(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),W((async()=>N(await j(e),t,r)))}return e[w]&&(e=C(e[w].concat([e]))),!f(e)||x&&x.isBuffer(e)?e.slice(t,r):(r===1/0&&(r=e.length),e.subarray(t,r))}async function j(e,t=C){return o(e)?e.readToEnd(t):d(e)?D(e).readToEnd(t):e}async function H(e,t){if(d(e)){if(e.cancel)return e.cancel(t);if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function W(e){const t=new s;return(async()=>{const r=U(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}class G{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");if(e instanceof Uint8Array){const t=e,r=Array(t.length);for(let e=0;eBigInt(0);){const e=r&BigInt(1);r>>=BigInt(1);const a=n*i%t.value;n=e?a:n,i=i*i%t.value}return new G(n)}modInv(e){const{gcd:t,x:r}=this._egcd(e);if(!t.isOne())throw Error("Inverse does not exist");return r.add(e).mod(e)}_egcd(e){let t=BigInt(0),r=BigInt(1),i=BigInt(1),n=BigInt(0),a=this.value;for(e=e.value;e!==BigInt(0);){const s=a/e;let o=t;t=i-s*t,i=o,o=r,r=n-s*r,n=o,o=e,e=a%e,a=o}return{x:new G(i),y:new G(n),gcd:new G(a)}}gcd(e){let t=this.value;for(e=e.value;e!==BigInt(0);){const r=e;e=t%e,t=r}return new G(t)}ileftShift(e){return this.value<<=e.value,this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value>>=e.value,this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value===e.value}lt(e){return this.valuee.value}gte(e){return this.value>=e.value}isZero(){return this.value===BigInt(0)}isOne(){return this.value===BigInt(1)}isNegative(){return this.valueNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return e}getBit(e){return(this.value>>BigInt(e)&BigInt(1))===BigInt(0)?0:1}bitLength(){const e=new G(0),t=new G(1),r=new G(-1),i=this.isNegative()?r:e;let n=1;const a=this.clone();for(;!a.irightShift(t).equal(i);)n++;return n}byteLength(){const e=new G(0),t=new G(-1),r=this.isNegative()?t:e,i=new G(8);let n=1;const a=this.clone();for(;!a.irightShift(i).equal(r);)n++;return n}toUint8Array(e="be",t){let r=this.value.toString(16);r.length%2==1&&(r="0"+r);const i=r.length/2,n=new Uint8Array(t||i),a=t?t-i:0;let s=0;for(;s"undefined"!=typeof BigInt;const $=Symbol("byValue");var Z={curve:{p256:"p256","P-256":"p256",secp256r1:"p256",prime256v1:"p256","1.2.840.10045.3.1.7":"p256","2a8648ce3d030107":"p256","2A8648CE3D030107":"p256",p384:"p384","P-384":"p384",secp384r1:"p384","1.3.132.0.34":"p384","2b81040022":"p384","2B81040022":"p384",p521:"p521","P-521":"p521",secp521r1:"p521","1.3.132.0.35":"p521","2b81040023":"p521","2B81040023":"p521",secp256k1:"secp256k1","1.3.132.0.10":"secp256k1","2b8104000a":"secp256k1","2B8104000A":"secp256k1",ed25519Legacy:"ed25519",ED25519:"ed25519",ed25519:"ed25519",Ed25519:"ed25519","1.3.6.1.4.1.11591.15.1":"ed25519","2b06010401da470f01":"ed25519","2B06010401DA470F01":"ed25519",curve25519Legacy:"curve25519",X25519:"curve25519",cv25519:"curve25519",curve25519:"curve25519",Curve25519:"curve25519","1.3.6.1.4.1.3029.1.5.1":"curve25519","2b060104019755010501":"curve25519","2B060104019755010501":"curve25519",brainpoolP256r1:"brainpoolP256r1","1.3.36.3.3.2.8.1.1.7":"brainpoolP256r1","2b2403030208010107":"brainpoolP256r1","2B2403030208010107":"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1","1.3.36.3.3.2.8.1.1.11":"brainpoolP384r1","2b240303020801010b":"brainpoolP384r1","2B240303020801010B":"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1","1.3.36.3.3.2.8.1.1.13":"brainpoolP512r1","2b240303020801010d":"brainpoolP512r1","2B240303020801010D":"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,ed25519Legacy:22,eddsa:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{plaintext:0,idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuer:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[$]||(e[$]=[],Object.entries(e).forEach((([t,r])=>{e[$][r]=t}))),void 0!==e[$][t])return e[$][t];throw Error("Invalid enum value.")}};const X=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),Y={isString:function(e){return"string"==typeof e||e instanceof String},isArray:function(e){return e instanceof Array},isUint8Array:f,isStream:d,readNumber:function(e){let t=0;for(let r=0;r>8*(t-i-1)&255;return r},readDate:function(e){const t=Y.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return Y.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return e.subarray(2,2+t)},leftPad(e,t){const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=Y.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return Y.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t=[],r=e.length;let i,n=0;for(;n{if(!Y.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return T(e,r,(()=>r(new Uint8Array,!0)))},concat:C,concatUint8Array:l,equalsUint8Array:function(e,t){if(!Y.isUint8Array(e)||!Y.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){return void 0!==t&&t.crypto&&t.crypto.subtle},getBigInteger:async function(){if(V())return G;{const{default:e}=await Promise.resolve().then((function(){return Lp}));return e}},getNodeCrypto:function(){},getNodeZlib:function(){},getNodeBuffer:function(){return{}.Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return(void 0).cpus().length},isEmailAddress:function(e){if(!Y.isString(e))return!1;return/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/.test(e)},canonicalizeEOL:function(e){let t=!1;return T(e,(e=>{let r;t&&(e=Y.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return T(e,(e=>{let r;13===(e=t&&10!==e[0]?Y.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i{t=Y.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=J(t.subarray(0,n));for(let e=0;et.length?J(t)+"\n":""))}function re(e){let t="";return T(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=ee(t.substr(0,n));return t=t.substr(n),a}),(()=>ee(t)))}function ie(e){return re(e.replace(/-/g,"+").replace(/_/g,"/"))}function ne(e,t){let r=te(e).replace(/[\r\n]/g,"");return t&&(r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,"")),r}Q?(J=e=>Q.from(e).toString("base64"),ee=e=>{const t=Q.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(J=e=>btoa(Y.uint8ArrayToString(e)),ee=e=>Y.stringToUint8Array(atob(e)));var ae={preferredHashAlgorithm:Z.hash.sha256,preferredSymmetricAlgorithm:Z.symmetric.aes256,preferredCompressionAlgorithm:Z.compression.uncompressed,deflateLevel:6,aeadProtect:!1,preferredAEADAlgorithm:Z.aead.eax,aeadChunkSizeByte:12,v5Keys:!1,s2kIterationCountByte:224,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,checksumRequired:!1,minRSABits:2047,passwordCollisionCheck:!1,revocationsExpire:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([Z.symmetric.aes128,Z.symmetric.aes192,Z.symmetric.aes256]),minBytesForWebCrypto:1e3,ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 5.11.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],useIndutnyElliptic:!0,rejectHashAlgorithms:new Set([Z.hash.md5,Z.hash.ripemd]),rejectMessageHashAlgorithms:new Set([Z.hash.md5,Z.hash.ripemd,Z.hash.sha1]),rejectPublicKeyAlgorithms:new Set([Z.publicKey.elgamal,Z.publicKey.dsa]),rejectCurves:new Set([Z.curve.secp256k1])};function se(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?Z.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?Z.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?Z.armor.signed:/MESSAGE/.test(t[1])?Z.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?Z.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?Z.armor.privateKey:/SIGNATURE/.test(t[1])?Z.armor.signature:void 0}function oe(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function ce(e){return te(function(e){let t=13501623;return T(e,(e=>{const r=he?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^ue[1][t>>16&255]^ue[2][t>>8&255]^ue[3][t>>0&255];for(let i=4*r;i>8^ue[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e))}const ue=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(0!=(8388608&t)?8801531:0);ue[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)ue[1][e]=ue[0][e]>>8^ue[0][255&ue[0][e]];for(let e=0;e<=255;e++)ue[2][e]=ue[1][e]>>8^ue[0][255&ue[1][e]];for(let e=0;e<=255;e++)ue[3][e]=ue[2][e]>>8^ue[0][255&ue[2][e]];const he=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function de(e){for(let t=0;t=0&&i!==e.length-1&&(t=e.slice(0,i),r=e.slice(i+1).substr(0,4)),{body:t,checksum:r}}function le(e,t=ae){return new Promise((async(r,i)=>{try{const n=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const o=[];let c,u,h,d=o,f=[],l=re(z(e,(async(e,t)=>{const p=D(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=Y.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(c)u||2!==s||(n.test(e)?(f=f.join("\r\n"),u=!0,de(d),d=[],c=!1):f.push(e.replace(/^- /,"")));else if(n.test(e)&&i(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(de(d),c=!0,u||2!==s){r({text:f,data:l,headers:o,type:s});break}}else d.push(e);else n.test(e)&&(s=se(e))}}catch(e){return void i(e)}const y=U(t);try{for(;;){await y.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=Y.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=fe(t[0].slice(0,-1));h=i.checksum,await y.write(i.body);break}await y.write(r)}await y.ready,await y.close()}catch(e){await y.abort(e)}})));l=z(l,(async(e,r)=>{const i=j(ce(O(e)));i.catch((()=>{})),await R(e,r,{preventClose:!0});const n=U(r);try{const e=(await i).replace("\n","");if(h!==e&&(h||t.checksumRequired))throw Error("Ascii armor integrity check failed");await n.ready,await n.close()}catch(e){await n.abort(e)}}))}catch(e){i(e)}})).then((async e=>(o(e.data)&&(e.data=await j(e.data)),e)))}function pe(e,t,r,i,n,a=ae){let s,o;e===Z.armor.signed&&(s=t.text,o=t.hash,t=t.data);const c=O(t),u=[];switch(e){case Z.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case Z.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case Z.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push("Hash: "+o+"\n\n"),u.push(s.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP SIGNATURE-----\n");break;case Z.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP MESSAGE-----\n");break;case Z.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case Z.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case Z.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(oe(n,a)),u.push(te(t)),u.push("=",ce(c)),u.push("-----END PGP SIGNATURE-----\n")}return Y.concat(u)}class ye{constructor(){this.bytes=""}read(e){return this.bytes=Y.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return Y.stringToUint8Array(this.bytes)}toHex(){return Y.uint8ArrayToHex(Y.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ye;return t.read(Y.hexToUint8Array(e)),t}static wildcard(){const e=new ye;return e.read(new Uint8Array(8)),e}}var be=function(){var e,t,r=!1;function i(r,i){var n=e[(t[r]+t[i])%255];return 0!==r&&0!==i||(n=0),n}var n,a,s,o,c=!1;function u(){function u(r){var i,n,a;for(n=a=function(r){var i=e[255-t[r]];return 0===r&&(i=0),i}(r),i=0;i<4;i++)a^=n=255&(n<<1|n>>>7);return a^=99}r||function(){e=[],t=[];var i,n,a=1;for(i=0;i<255;i++)e[i]=a,n=128&a,a<<=1,a&=255,128===n&&(a^=27),a^=e[i],t[e[i]]=i;e[255]=e[0],t[0]=0,r=!0}(),n=[],a=[],s=[[],[],[],[]],o=[[],[],[],[]];for(var h=0;h<256;h++){var d=u(h);n[h]=d,a[d]=h,s[0][h]=i(2,d)<<24|d<<16|d<<8|i(3,d),o[0][d]=i(14,h)<<24|i(9,h)<<16|i(13,h)<<8|i(11,h);for(var f=1;f<4;f++)s[f][h]=s[f-1][h]>>>8|s[f-1][h]<<24,o[f][d]=o[f-1][d]>>>8|o[f-1][d]<<24}c=!0}var h=function(e,t){c||u();var r=new Uint32Array(t);r.set(n,512),r.set(a,768);for(var i=0;i<4;i++)r.set(s[i],4096+1024*i>>2),r.set(o[i],8192+1024*i>>2);var h=function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0;var S=new e.Uint32Array(r),E=new e.Uint8Array(r);function P(e,t,r,o,c,u,h,d){e=e|0;t=t|0;r=r|0;o=o|0;c=c|0;u=u|0;h=h|0;d=d|0;var f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;f=r|0x400,l=r|0x800,p=r|0xc00;c=c^S[(e|0)>>2],u=u^S[(e|4)>>2],h=h^S[(e|8)>>2],d=d^S[(e|12)>>2];for(w=16;(w|0)<=o<<4;w=w+16|0){y=S[(r|c>>22&1020)>>2]^S[(f|u>>14&1020)>>2]^S[(l|h>>6&1020)>>2]^S[(p|d<<2&1020)>>2]^S[(e|w|0)>>2],b=S[(r|u>>22&1020)>>2]^S[(f|h>>14&1020)>>2]^S[(l|d>>6&1020)>>2]^S[(p|c<<2&1020)>>2]^S[(e|w|4)>>2],g=S[(r|h>>22&1020)>>2]^S[(f|d>>14&1020)>>2]^S[(l|c>>6&1020)>>2]^S[(p|u<<2&1020)>>2]^S[(e|w|8)>>2],m=S[(r|d>>22&1020)>>2]^S[(f|c>>14&1020)>>2]^S[(l|u>>6&1020)>>2]^S[(p|h<<2&1020)>>2]^S[(e|w|12)>>2];c=y,u=b,h=g,d=m}i=S[(t|c>>22&1020)>>2]<<24^S[(t|u>>14&1020)>>2]<<16^S[(t|h>>6&1020)>>2]<<8^S[(t|d<<2&1020)>>2]^S[(e|w|0)>>2],n=S[(t|u>>22&1020)>>2]<<24^S[(t|h>>14&1020)>>2]<<16^S[(t|d>>6&1020)>>2]<<8^S[(t|c<<2&1020)>>2]^S[(e|w|4)>>2],a=S[(t|h>>22&1020)>>2]<<24^S[(t|d>>14&1020)>>2]<<16^S[(t|c>>6&1020)>>2]<<8^S[(t|u<<2&1020)>>2]^S[(e|w|8)>>2],s=S[(t|d>>22&1020)>>2]<<24^S[(t|c>>14&1020)>>2]<<16^S[(t|u>>6&1020)>>2]<<8^S[(t|h<<2&1020)>>2]^S[(e|w|12)>>2]}function x(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;P(0x0000,0x0800,0x1000,A,e,t,r,i)}function M(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var a=0;P(0x0400,0x0c00,0x2000,A,e,i,r,t);a=n,n=s,s=a}function K(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o^e,c^t,u^r,h^d);o=i,c=n,u=a,h=s}function C(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;var f=0;P(0x0400,0x0c00,0x2000,A,e,d,r,t);f=n,n=s,s=f;i=i^o,n=n^c,a=a^u,s=s^h;o=e,c=t,u=r,h=d}function D(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i=i^e,c=n=n^t,u=a=a^r,h=s=s^d}function U(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);i=i^e,n=n^t,a=a^r,s=s^d;o=e,c=t,u=r,h=d}function R(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i,c=n,u=a,h=s;i=i^e,n=n^t,a=a^r,s=s^d}function I(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;P(0x0000,0x0800,0x1000,A,d,f,l,p);p=~m&p|m&p+1;l=~g&l|g&l+((p|0)==0);f=~b&f|b&f+((l|0)==0);d=~y&d|y&d+((f|0)==0);i=i^e;n=n^t;a=a^r;s=s^o}function B(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var n=0,a=0,s=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0;e=e^o,t=t^c,r=r^u,i=i^h;n=w|0,a=v|0,s=_|0,d=k|0;for(;(b|0)<128;b=b+1|0){if(n>>>31){f=f^e,l=l^t,p=p^r,y=y^i}n=n<<1|a>>>31,a=a<<1|s>>>31,s=s<<1|d>>>31,d=d<<1;g=i&1;i=i>>>1|r<<31,r=r>>>1|t<<31,t=t>>>1|e<<31,e=e>>>1;if(g)e=e^0xe1000000}o=f,c=l,u=p,h=y}function T(e){e=e|0;A=e}function z(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;i=e,n=t,a=r,s=o}function q(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;o=e,c=t,u=r,h=i}function F(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;d=e,f=t,l=r,p=i}function O(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;y=e,b=t,g=r,m=i}function L(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;p=~m&p|m&i,l=~g&l|g&r,f=~b&f|b&t,d=~y&d|y&e}function N(e){e=e|0;if(e&15)return-1;E[e|0]=i>>>24,E[e|1]=i>>>16&255,E[e|2]=i>>>8&255,E[e|3]=i&255,E[e|4]=n>>>24,E[e|5]=n>>>16&255,E[e|6]=n>>>8&255,E[e|7]=n&255,E[e|8]=a>>>24,E[e|9]=a>>>16&255,E[e|10]=a>>>8&255,E[e|11]=a&255,E[e|12]=s>>>24,E[e|13]=s>>>16&255,E[e|14]=s>>>8&255,E[e|15]=s&255;return 16}function j(e){e=e|0;if(e&15)return-1;E[e|0]=o>>>24,E[e|1]=o>>>16&255,E[e|2]=o>>>8&255,E[e|3]=o&255,E[e|4]=c>>>24,E[e|5]=c>>>16&255,E[e|6]=c>>>8&255,E[e|7]=c&255,E[e|8]=u>>>24,E[e|9]=u>>>16&255,E[e|10]=u>>>8&255,E[e|11]=u&255,E[e|12]=h>>>24,E[e|13]=h>>>16&255,E[e|14]=h>>>8&255,E[e|15]=h&255;return 16}function H(){x(0,0,0,0);w=i,v=n,_=a,k=s}function W(e,t,r){e=e|0;t=t|0;r=r|0;var o=0;if(t&15)return-1;while((r|0)>=16){V[e&7](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);E[t|0]=i>>>24,E[t|1]=i>>>16&255,E[t|2]=i>>>8&255,E[t|3]=i&255,E[t|4]=n>>>24,E[t|5]=n>>>16&255,E[t|6]=n>>>8&255,E[t|7]=n&255,E[t|8]=a>>>24,E[t|9]=a>>>16&255,E[t|10]=a>>>8&255,E[t|11]=a&255,E[t|12]=s>>>24,E[t|13]=s>>>16&255,E[t|14]=s>>>8&255,E[t|15]=s&255;o=o+16|0,t=t+16|0,r=r-16|0}return o|0}function G(e,t,r){e=e|0;t=t|0;r=r|0;var i=0;if(t&15)return-1;while((r|0)>=16){$[e&1](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);i=i+16|0,t=t+16|0,r=r-16|0}return i|0}var V=[x,M,K,C,D,U,R,I];var $=[K,B];return{set_rounds:T,set_state:z,set_iv:q,set_nonce:F,set_mask:O,set_counter:L,get_state:N,get_iv:j,gcm_init:H,cipher:W,mac:G}}({Uint8Array,Uint32Array},e,t);return h.set_key=function(e,t,i,a,s,c,u,d,f){var l=r.subarray(0,60),p=r.subarray(256,316);l.set([t,i,a,s,c,u,d,f]);for(var y=e,b=1;y<4*e+28;y++){var g=l[y-1];(y%e==0||8===e&&y%e==4)&&(g=n[g>>>24]<<24^n[g>>>16&255]<<16^n[g>>>8&255]<<8^n[255&g]),y%e==0&&(g=g<<8^g>>>24^b<<24,b=b<<1^(128&b?27:0)),l[y]=l[y-e]^g}for(var m=0;m=y-4?g:o[0][n[g>>>24]]^o[1][n[g>>>16&255]]^o[2][n[g>>>8&255]]^o[3][n[255&g]]}h.set_rounds(e+5)},h};return h.ENC={ECB:0,CBC:2,CFB:4,OFB:6,CTR:7},h.DEC={ECB:1,CBC:3,CFB:5,OFB:6,CTR:7},h.MAC={CBC:0,GCM:1},h.HEAP_DATA=16384,h}();function ge(e){return e instanceof Uint8Array}function me(e,t){const r=e?e.byteLength:t||65536;if(4095&r||r<=0)throw Error("heap size must be a positive integer and a multiple of 4096");return e=e||new Uint8Array(new ArrayBuffer(r))}function we(e,t,r,i,n){const a=e.length-t,s=ae+t.length),0),r=new Uint8Array(t);let i=0;for(let t=0;t>2,n.getUint32(0),n.getUint32(4),n.getUint32(8),n.getUint32(12),i>16?n.getUint32(16):0,i>16?n.getUint32(20):0,i>24?n.getUint32(24):0,i>24?n.getUint32(28):0),void 0!==t){if(16!==t.length)throw new ke("illegal iv size");let e=new DataView(t.buffer,t.byteOffset,t.byteLength);r.set_iv(e.getUint32(0),e.getUint32(4),e.getUint32(8),e.getUint32(12))}else r.set_iv(0,0,0,0)}AES_Encrypt_process(e){if(!ge(e))throw new TypeError("data isn't of expected type");let{heap:t,asm:r}=this.acquire_asm(),i=be.ENC[this.mode],n=be.HEAP_DATA,a=this.pos,s=this.len,o=0,c=e.length||0,u=0,h=0,d=new Uint8Array(s+c&-16);for(;c>0;)h=we(t,a+s,e,o,c),s+=h,o+=h,c-=h,h=r.cipher(i,n+a,s),h&&d.set(t.subarray(a,a+h),u),u+=h,h0;)f=we(t,a+s,e,o,c),s+=f,o+=f,c-=f,f=r.cipher(i,n+a,s-(c?0:d)),f&&l.set(t.subarray(a,a+f),u),u+=f,f0){if(a%16){if(this.hasOwnProperty("padding"))throw new ke("data length must be a multiple of the block size");a+=16-a%16}if(t.cipher(r,i+n,a),this.hasOwnProperty("padding")&&this.padding){let t=e[n+s-1];if(t<1||t>16||t>s)throw new Ae("bad padding");let r=0;for(let i=t;i>1;i--)r|=t^e[n+s-i];if(r)throw new Ae("bad padding");s-=t}}const o=new Uint8Array(s);return s>0&&o.set(e.subarray(n,n+s)),this.pos=0,this.len=0,this.release_asm(),o}}class xe{static encrypt(e,t,r=!1){return new xe(t,r).encrypt(e)}static decrypt(e,t,r=!1){return new xe(t,r).decrypt(e)}constructor(e,t=!1,r){this.aes=r||new Pe(e,void 0,t,"ECB")}encrypt(e){return ve(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return ve(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}function Me(e){const t=function(e){const t=new xe(e);this.encrypt=function(e){return t.encrypt(e)},this.decrypt=function(e){return t.decrypt(e)}};return t.blockSize=t.prototype.blockSize=16,t.keySize=t.prototype.keySize=e/8,t}function Ke(e,t,r,i,n,a){const s=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],u=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],h=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],d=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],f=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],l=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,y,b,g,m,w,v,_,k,A,S,E,P,x,M=0,K=t.length;const C=32===e.length?3:9;_=3===C?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e,t){const r=8-e.length%8;let i;if(2===t&&r<8)i=32;else if(1===t)i=r;else{if(t||!(r<8)){if(8===r)return e;throw Error("des: invalid padding")}i=0}const n=new Uint8Array(e.length+r);for(let t=0;t>>4^v),v^=b,w^=b<<4,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,w=w<<1|w>>>31,v=v<<1|v>>>31,y=0;y>>4|v<<28)^e[p+1],b=w,w=v,v=b^(o[g>>>24&63]|u[g>>>16&63]|d[g>>>8&63]|l[63&g]|s[m>>>24&63]|c[m>>>16&63]|h[m>>>8&63]|f[63&m]);b=w,w=v,v=b}w=w>>>1|w<<31,v=v>>>1|v<<31,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=252645135&(w>>>4^v),v^=b,w^=b<<4,1===i&&(r?(k=w,S=v):(w^=A,v^=E)),D[U++]=w>>>24,D[U++]=w>>>16&255,D[U++]=w>>>8&255,D[U++]=255&w,D[U++]=v>>>24,D[U++]=v>>>16&255,D[U++]=v>>>8&255,D[U++]=255&v}return r||(D=function(e,t){let r,i=null;if(2===t)r=32;else if(1===t)i=e[e.length-1];else{if(t)throw Error("des: invalid padding");r=0}if(!i){for(i=1;e[e.length-i]===r;)i++;i--}return e.subarray(0,e.length-i)}(D,a)),D}function Ce(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],i=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],n=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],a=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],s=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],u=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],h=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],d=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],f=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],l=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],y=e.length>8?3:1,b=Array(32*y),g=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let m,w,v,_=0,k=0;for(let A=0;A>>4^A),A^=v,y^=v<<4,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=858993459&(y>>>2^A),A^=v,y^=v<<2,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=16711935&(A>>>8^y),y^=v,A^=v<<8,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=y<<8|A>>>20&240,y=A<<24|A<<8&16711680|A>>>8&65280|A>>>24&240,A=v;for(let e=0;e<16;e++)g[e]?(y=y<<2|y>>>26,A=A<<2|A>>>26):(y=y<<1|y>>>27,A=A<<1|A>>>27),y&=-15,A&=-15,m=t[y>>>28]|r[y>>>24&15]|i[y>>>20&15]|n[y>>>16&15]|a[y>>>12&15]|s[y>>>8&15]|o[y>>>4&15],w=c[A>>>28]|u[A>>>24&15]|h[A>>>20&15]|d[A>>>16&15]|f[A>>>12&15]|l[A>>>8&15]|p[A>>>4&15],v=65535&(w>>>16^m),b[k++]=m^v,b[k++]=w^v<<16}return b}function De(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Ke(Ce(this.key[2]),Ke(Ce(this.key[1]),Ke(Ce(this.key[0]),e,!0,0,null,null),!1,0,null,null),!0,0,null,null)}}function Ue(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>>16&255,t[a+6]=o>>>8&255,t[a+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>16&255,t[a+6]=o>>8&255,t[a+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const i=t+e,n=i<>>32-r;return(a[0][n>>>24]^a[1][n>>>16&255])-a[2][n>>>8&255]+a[3][255&n]}function i(e,t,r){const i=t^e,n=i<>>32-r;return a[0][n>>>24]-a[1][n>>>16&255]+a[2][n>>>8&255]^a[3][255&n]}function n(e,t,r){const i=t-e,n=i<>>32-r;return(a[0][n>>>24]+a[1][n>>>16&255]^a[2][n>>>8&255])-a[3][255&n]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const i=[,,,,,,,,],n=Array(32);let s;for(let e=0;e<4;e++)s=4*e,i[e]=r[s]<<24|r[s+1]<<16|r[s+2]<<8|r[s+3];const o=[6,7,4,5];let c,u=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(s=0;s<4;s++){const t=e[r][s];c=i[t[1]],c^=a[4][i[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=a[5][i[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=a[6][i[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=a[7][i[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=a[o[s]][i[t[6]>>>2]>>>24-8*(3&t[6])&255],i[t[0]]=c}for(s=0;s<4;s++){const e=t[r][s];c=a[4][i[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=a[5][i[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=a[6][i[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=a[7][i[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=a[4+s][i[e[4]>>>2]>>>24-8*(3&e[4])&255],n[u]=c,u++}}for(let e=0;e<16;e++)this.masking[e]=n[e],this.rotate[e]=31&n[16+e]};const a=[,,,,,,,,];a[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],a[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],a[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],a[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],a[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],a[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],a[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],a[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Re(e){this.cast5=new Ue,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}De.keySize=De.prototype.keySize=24,De.blockSize=De.prototype.blockSize=8,Re.blockSize=Re.prototype.blockSize=8,Re.keySize=Re.prototype.keySize=16;const Ie=4294967295;function Be(e,t){return(e<>>32-t)&Ie}function Te(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function ze(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function qe(e,t){return e>>>8*t&255}function Fe(e){this.tf=function(){let e=null,t=null,r=-1,i=[],n=[[],[],[],[]];function a(e){return n[0][qe(e,0)]^n[1][qe(e,1)]^n[2][qe(e,2)]^n[3][qe(e,3)]}function s(e){return n[0][qe(e,3)]^n[1][qe(e,0)]^n[2][qe(e,1)]^n[3][qe(e,2)]}function o(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Be(t[2]^r+n+i[4*e+8]&Ie,31),t[3]=Be(t[3],1)^r+2*n+i[4*e+9]&Ie,r=a(t[2]),n=s(t[3]),t[0]=Be(t[0]^r+n+i[4*e+10]&Ie,31),t[1]=Be(t[1],1)^r+2*n+i[4*e+11]&Ie}function c(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Be(t[2],1)^r+n+i[4*e+10]&Ie,t[3]=Be(t[3]^r+2*n+i[4*e+11]&Ie,31),r=a(t[2]),n=s(t[3]),t[0]=Be(t[0],1)^r+n+i[4*e+8]&Ie,t[1]=Be(t[1]^r+2*n+i[4*e+9]&Ie,31)}return{name:"twofish",blocksize:16,open:function(t){let r,a,s,o,c;e=t;const u=[],h=[],d=[];let f;const l=[];let p,y,b;const g=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],m=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],w=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],v=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],_=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],k=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],A=[[],[]],S=[[],[],[],[]];function E(e){return e^e>>2^[0,90,180,238][3&e]}function P(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function x(e,t){let r,i,n;for(r=0;r<8;r++)i=t>>>24,t=t<<8&Ie|e>>>24,e=e<<8&Ie,n=i<<1,128&i&&(n^=333),t^=i^n<<16,n^=i>>>1,1&i&&(n^=166),t^=n<<24|n<<8;return t}function M(e,t){const r=t>>4,i=15&t,n=g[e][r^i],a=m[e][_[i]^k[r]];return v[e][_[a]^k[n]]<<4|w[e][n^a]}function K(e,t){let r=qe(e,0),i=qe(e,1),n=qe(e,2),a=qe(e,3);switch(f){case 4:r=A[1][r]^qe(t[3],0),i=A[0][i]^qe(t[3],1),n=A[0][n]^qe(t[3],2),a=A[1][a]^qe(t[3],3);case 3:r=A[1][r]^qe(t[2],0),i=A[1][i]^qe(t[2],1),n=A[0][n]^qe(t[2],2),a=A[0][a]^qe(t[2],3);case 2:r=A[0][A[0][r]^qe(t[1],0)]^qe(t[0],0),i=A[0][A[1][i]^qe(t[1],1)]^qe(t[0],1),n=A[1][A[0][n]^qe(t[1],2)]^qe(t[0],2),a=A[1][A[1][a]^qe(t[1],3)]^qe(t[0],3)}return S[0][r]^S[1][i]^S[2][n]^S[3][a]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Te(e,r);for(r=0;r<256;r++)A[0][r]=M(0,r),A[1][r]=M(1,r);for(r=0;r<256;r++)p=A[1][r],y=E(p),b=P(p),S[0][r]=p+(y<<8)+(b<<16)+(b<<24),S[2][r]=y+(b<<8)+(p<<16)+(b<<24),p=A[0][r],y=E(p),b=P(p),S[1][r]=b+(b<<8)+(y<<16)+(p<<24),S[3][r]=y+(p<<8)+(b<<16)+(y<<24);for(f=d.length/2,r=0;r=0;e--)c(e,a);ze(t,r,a[2]^i[0]),ze(t,r+4,a[3]^i[1]),ze(t,r+8,a[0]^i[2]),ze(t,r+12,a[1]^i[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Oe(){}function Le(e){this.bf=new Oe,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}Fe.keySize=Fe.prototype.keySize=32,Fe.blockSize=Fe.prototype.blockSize=16,Oe.prototype.BLOCKSIZE=8,Oe.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Oe.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Oe.prototype.NN=16,Oe.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Oe.prototype._F=function(e){let t;const r=255&e,i=255&(e>>>=8),n=255&(e>>>=8),a=255&(e>>>=8);return t=this.sboxes[0][a]+this.sboxes[1][n],t^=this.sboxes[2][i],t+=this.sboxes[3][r],t},Oe.prototype._encryptBlock=function(e){let t,r=e[0],i=e[1];for(t=0;t>>24-8*t&255,n[t+i]=r[1]>>>24-8*t&255;return n},Oe.prototype._decryptBlock=function(e){let t,r=e[0],i=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],i=this._F(r)^i;const e=r;r=i,i=e}r^=this.parray[1],i^=this.parray[0],e[0]=this._clean(i),e[1]=this._clean(r)},Oe.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^i}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const i=[0,0];for(t=0;t>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=t+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=r+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=c+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=u+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=h+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=d+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=f+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=l+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=p+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=y+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=b+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=g+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=m+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=w+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=v+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=m^l^r^e;M=P<<1|P>>>31;x=M+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=w^p^c^t;K=P<<1|P>>>31;x=K+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=v^y^u^r;C=P<<1|P>>>31;x=C+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=M^b^h^c;D=P<<1|P>>>31;x=D+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=K^g^d^u;U=P<<1|P>>>31;x=U+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=C^m^f^h;R=P<<1|P>>>31;x=R+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=D^w^l^d;I=P<<1|P>>>31;x=I+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=U^v^p^f;B=P<<1|P>>>31;x=B+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=R^M^y^l;T=P<<1|P>>>31;x=T+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=I^K^b^p;z=P<<1|P>>>31;x=z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=B^C^g^y;q=P<<1|P>>>31;x=q+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=T^D^m^b;F=P<<1|P>>>31;x=F+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=z^U^w^g;O=P<<1|P>>>31;x=O+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=q^R^v^m;L=P<<1|P>>>31;x=L+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=F^I^M^w;N=P<<1|P>>>31;x=N+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=O^B^K^v;j=P<<1|P>>>31;x=j+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=L^T^C^M;H=P<<1|P>>>31;x=H+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=N^z^D^K;W=P<<1|P>>>31;x=W+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=j^q^U^C;G=P<<1|P>>>31;x=G+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=H^F^R^D;V=P<<1|P>>>31;x=V+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=W^O^I^U;$=P<<1|P>>>31;x=$+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=G^L^B^R;Z=P<<1|P>>>31;x=Z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=V^N^T^I;X=P<<1|P>>>31;x=X+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=$^j^z^B;Y=P<<1|P>>>31;x=Y+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Z^H^q^T;Q=P<<1|P>>>31;x=Q+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=X^W^F^z;J=P<<1|P>>>31;x=J+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Y^G^O^q;ee=P<<1|P>>>31;x=ee+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Q^V^L^F;te=P<<1|P>>>31;x=te+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=J^$^N^O;re=P<<1|P>>>31;x=re+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ee^Z^j^L;ie=P<<1|P>>>31;x=ie+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=te^X^H^N;ne=P<<1|P>>>31;x=ne+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=re^Y^W^j;ae=P<<1|P>>>31;x=ae+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ie^Q^G^H;se=P<<1|P>>>31;x=se+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ne^J^V^W;oe=P<<1|P>>>31;x=oe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ae^ee^$^G;ce=P<<1|P>>>31;x=ce+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=se^te^Z^V;ue=P<<1|P>>>31;x=ue+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=oe^re^X^$;he=P<<1|P>>>31;x=he+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ce^ie^Y^Z;de=P<<1|P>>>31;x=de+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ue^ne^Q^X;fe=P<<1|P>>>31;x=fe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=he^ae^J^Y;le=P<<1|P>>>31;x=le+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=de^se^ee^Q;pe=P<<1|P>>>31;x=pe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=fe^oe^te^J;ye=P<<1|P>>>31;x=ye+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=le^ce^re^ee;be=P<<1|P>>>31;x=be+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=pe^ue^ie^te;ge=P<<1|P>>>31;x=ge+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ye^he^ne^re;me=P<<1|P>>>31;x=me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=be^de^ae^ie;we=P<<1|P>>>31;x=we+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ge^fe^se^ne;ve=P<<1|P>>>31;x=ve+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=me^le^oe^ae;_e=P<<1|P>>>31;x=_e+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=we^pe^ce^se;ke=P<<1|P>>>31;x=ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ve^ye^ue^oe;Ae=P<<1|P>>>31;x=Ae+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=_e^be^he^ce;Se=P<<1|P>>>31;x=Se+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ke^ge^de^ue;Ee=P<<1|P>>>31;x=Ee+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ae^me^fe^he;Pe=P<<1|P>>>31;x=Pe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Se^we^le^de;xe=P<<1|P>>>31;x=xe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ee^ve^pe^fe;Me=P<<1|P>>>31;x=Me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Pe^_e^ye^le;Ke=P<<1|P>>>31;x=Ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=xe^ke^be^pe;Ce=P<<1|P>>>31;x=Ce+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Me^Ae^ge^ye;De=P<<1|P>>>31;x=De+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ke^Se^me^be;Ue=P<<1|P>>>31;x=Ue+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ce^Ee^we^ge;Re=P<<1|P>>>31;x=Re+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=De^Pe^ve^me;Ie=P<<1|P>>>31;x=Ie+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ue^xe^_e^we;Be=P<<1|P>>>31;x=Be+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Re^Me^ke^ve;Te=P<<1|P>>>31;x=Te+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ie^Ke^Ae^_e;ze=P<<1|P>>>31;x=ze+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;i=i+_|0;n=n+k|0;a=a+A|0;s=s+S|0;o=o+E|0}function k(e){e=e|0;_(v[e|0]<<24|v[e|1]<<16|v[e|2]<<8|v[e|3],v[e|4]<<24|v[e|5]<<16|v[e|6]<<8|v[e|7],v[e|8]<<24|v[e|9]<<16|v[e|10]<<8|v[e|11],v[e|12]<<24|v[e|13]<<16|v[e|14]<<8|v[e|15],v[e|16]<<24|v[e|17]<<16|v[e|18]<<8|v[e|19],v[e|20]<<24|v[e|21]<<16|v[e|22]<<8|v[e|23],v[e|24]<<24|v[e|25]<<16|v[e|26]<<8|v[e|27],v[e|28]<<24|v[e|29]<<16|v[e|30]<<8|v[e|31],v[e|32]<<24|v[e|33]<<16|v[e|34]<<8|v[e|35],v[e|36]<<24|v[e|37]<<16|v[e|38]<<8|v[e|39],v[e|40]<<24|v[e|41]<<16|v[e|42]<<8|v[e|43],v[e|44]<<24|v[e|45]<<16|v[e|46]<<8|v[e|47],v[e|48]<<24|v[e|49]<<16|v[e|50]<<8|v[e|51],v[e|52]<<24|v[e|53]<<16|v[e|54]<<8|v[e|55],v[e|56]<<24|v[e|57]<<16|v[e|58]<<8|v[e|59],v[e|60]<<24|v[e|61]<<16|v[e|62]<<8|v[e|63])}function A(e){e=e|0;v[e|0]=i>>>24;v[e|1]=i>>>16&255;v[e|2]=i>>>8&255;v[e|3]=i&255;v[e|4]=n>>>24;v[e|5]=n>>>16&255;v[e|6]=n>>>8&255;v[e|7]=n&255;v[e|8]=a>>>24;v[e|9]=a>>>16&255;v[e|10]=a>>>8&255;v[e|11]=a&255;v[e|12]=s>>>24;v[e|13]=s>>>16&255;v[e|14]=s>>>8&255;v[e|15]=s&255;v[e|16]=o>>>24;v[e|17]=o>>>16&255;v[e|18]=o>>>8&255;v[e|19]=o&255}function S(){i=0x67452301;n=0xefcdab89;a=0x98badcfe;s=0x10325476;o=0xc3d2e1f0;c=u=0}function E(e,t,r,h,d,f,l){e=e|0;t=t|0;r=r|0;h=h|0;d=d|0;f=f|0;l=l|0;i=e;n=t;a=r;s=h;o=d;c=f;u=l}function P(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){k(e);e=e+64|0;t=t-64|0;r=r+64|0}c=c+r|0;if(c>>>0>>0)u=u+1|0;return r|0}function x(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=P(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;c=c+t|0;if(c>>>0>>0)u=u+1|0;v[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)v[e|n]=0x00;k(e);t=0;v[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)v[e|n]=0;v[e|56]=u>>>21&255;v[e|57]=u>>>13&255;v[e|58]=u>>>5&255;v[e|59]=u<<3&255|c>>>29;v[e|60]=c>>>21&255;v[e|61]=c>>>13&255;v[e|62]=c>>>5&255;v[e|63]=c<<3&255;k(e);if(~r)A(r);return i|0}function M(){i=h;n=d;a=f;s=l;o=p;c=64;u=0}function K(){i=y;n=b;a=g;s=m;o=w;c=64;u=0}function C(e,t,r,v,k,A,E,P,x,M,K,C,D,U,R,I){e=e|0;t=t|0;r=r|0;v=v|0;k=k|0;A=A|0;E=E|0;P=P|0;x=x|0;M=M|0;K=K|0;C=C|0;D=D|0;U=U|0;R=R|0;I=I|0;S();_(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,v^0x5c5c5c5c,k^0x5c5c5c5c,A^0x5c5c5c5c,E^0x5c5c5c5c,P^0x5c5c5c5c,x^0x5c5c5c5c,M^0x5c5c5c5c,K^0x5c5c5c5c,C^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,R^0x5c5c5c5c,I^0x5c5c5c5c);y=i;b=n;g=a;m=s;w=o;S();_(e^0x36363636,t^0x36363636,r^0x36363636,v^0x36363636,k^0x36363636,A^0x36363636,E^0x36363636,P^0x36363636,x^0x36363636,M^0x36363636,K^0x36363636,C^0x36363636,D^0x36363636,U^0x36363636,R^0x36363636,I^0x36363636);h=i;d=n;f=a;l=s;p=o;c=64;u=0}function D(e,t,r){e=e|0;t=t|0;r=r|0;var c=0,u=0,h=0,d=0,f=0,l=0;if(e&63)return-1;if(~r)if(r&31)return-1;l=x(e,t,-1)|0;c=i,u=n,h=a,d=s,f=o;K();_(c,u,h,d,f,0x80000000,0,0,0,0,0,0,0,0,0,672);if(~r)A(r);return l|0}function U(e,t,r,c,u){e=e|0;t=t|0;r=r|0;c=c|0;u=u|0;var h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;if(e&63)return-1;if(~u)if(u&31)return-1;v[e+t|0]=r>>>24;v[e+t+1|0]=r>>>16&255;v[e+t+2|0]=r>>>8&255;v[e+t+3|0]=r&255;D(e,t+4|0,-1)|0;h=y=i,d=b=n,f=g=a,l=m=s,p=w=o;c=c-1|0;while((c|0)>0){M();_(y,b,g,m,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,g=a,m=s,w=o;K();_(y,b,g,m,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,g=a,m=s,w=o;h=h^i;d=d^n;f=f^a;l=l^s;p=p^o;c=c-1|0}i=h;n=d;a=f;s=l;o=p;if(~u)A(u);return 0}return{reset:S,init:E,process:P,finish:x,hmac_reset:M,hmac_init:C,hmac_finish:D,pbkdf2_generate_block:U}};class $e{constructor(){this.pos=0,this.len=0}reset(){const{asm:e}=this.acquire_asm();return this.result=null,this.pos=0,this.len=0,e.reset(),this}process(e){if(null!==this.result)throw new _e("state must be reset before processing new data");const{asm:t,heap:r}=this.acquire_asm();let i=this.pos,n=this.len,a=0,s=e.length,o=0;for(;s>0;)o=we(r,i+n,e,a,s),n+=o,a+=o,s-=o,o=t.process(i,n),i+=o,n-=o,n||(i=0);return this.pos=i,this.len=n,this}finish(){if(null!==this.result)throw new _e("state must be reset before processing new data");const{asm:e,heap:t}=this.acquire_asm();return e.finish(this.pos,this.len,0),this.result=new Uint8Array(this.HASH_SIZE),this.result.set(t.subarray(0,this.HASH_SIZE)),this.pos=0,this.len=0,this.release_asm(),this}}const Ze=[],Xe=[];class Ye extends $e{constructor(){super(),this.NAME="sha1",this.BLOCK_SIZE=64,this.HASH_SIZE=20,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=Ze.pop()||me(),this.asm=Xe.pop()||Ve({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(Ze.push(this.heap),Xe.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new Ye).process(e).finish().result}}Ye.NAME="sha1",Ye.heap_pool=[],Ye.asm_pool=[],Ye.asm_function=Ve;const Qe=[],Je=[];class et extends $e{constructor(){super(),this.NAME="sha256",this.BLOCK_SIZE=64,this.HASH_SIZE=32,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=Qe.pop()||me(),this.asm=Je.pop()||function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=new e.Uint8Array(r);function C(e,t,r,d,f,l,p,y,b,g,m,w,v,_,k,A){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;l=l|0;p=p|0;y=y|0;b=b|0;g=g|0;m=m|0;w=w|0;v=v|0;_=_|0;k=k|0;A=A|0;var S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0;S=i;E=n;P=a;x=s;M=o;K=c;C=u;D=h;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x428a2f98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x71374491|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb5c0fbcf|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xe9b5dba5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x3956c25b|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x59f111f1|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x923f82a4|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xab1c5ed5|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xd807aa98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x12835b01|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x243185be|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x550c7dc3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x72be5d74|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x80deb1fe|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x9bdc06a7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc19bf174|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xe49b69c1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xefbe4786|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x0fc19dc6|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x240ca1cc|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x2de92c6f|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4a7484aa|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5cb0a9dc|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x76f988da|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x983e5152|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa831c66d|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb00327c8|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xbf597fc7|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xc6e00bf3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd5a79147|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x06ca6351|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x14292967|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x27b70a85|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x2e1b2138|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x4d2c6dfc|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x53380d13|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x650a7354|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x766a0abb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x81c2c92e|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x92722c85|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xa2bfe8a1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa81a664b|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xc24b8b70|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xc76c51a3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xd192e819|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd6990624|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xf40e3585|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x106aa070|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+g|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x19a4c116|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+m|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x1e376c08|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x2748774c|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x34b0bcb5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x391c0cb3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4ed8aa4a|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5b9cca4f|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x682e6ff3|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x748f82ee|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;g=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+g+r|0;C=g+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x78a5636f|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;m=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+m+d|0;K=m+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x84c87814|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x8cc70208|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x90befffa|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xa4506ceb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xbef9a3f7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc67178f2|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;i=i+S|0;n=n+E|0;a=a+P|0;s=s+x|0;o=o+M|0;c=c+K|0;u=u+C|0;h=h+D|0}function D(e){e=e|0;C(K[e|0]<<24|K[e|1]<<16|K[e|2]<<8|K[e|3],K[e|4]<<24|K[e|5]<<16|K[e|6]<<8|K[e|7],K[e|8]<<24|K[e|9]<<16|K[e|10]<<8|K[e|11],K[e|12]<<24|K[e|13]<<16|K[e|14]<<8|K[e|15],K[e|16]<<24|K[e|17]<<16|K[e|18]<<8|K[e|19],K[e|20]<<24|K[e|21]<<16|K[e|22]<<8|K[e|23],K[e|24]<<24|K[e|25]<<16|K[e|26]<<8|K[e|27],K[e|28]<<24|K[e|29]<<16|K[e|30]<<8|K[e|31],K[e|32]<<24|K[e|33]<<16|K[e|34]<<8|K[e|35],K[e|36]<<24|K[e|37]<<16|K[e|38]<<8|K[e|39],K[e|40]<<24|K[e|41]<<16|K[e|42]<<8|K[e|43],K[e|44]<<24|K[e|45]<<16|K[e|46]<<8|K[e|47],K[e|48]<<24|K[e|49]<<16|K[e|50]<<8|K[e|51],K[e|52]<<24|K[e|53]<<16|K[e|54]<<8|K[e|55],K[e|56]<<24|K[e|57]<<16|K[e|58]<<8|K[e|59],K[e|60]<<24|K[e|61]<<16|K[e|62]<<8|K[e|63])}function U(e){e=e|0;K[e|0]=i>>>24;K[e|1]=i>>>16&255;K[e|2]=i>>>8&255;K[e|3]=i&255;K[e|4]=n>>>24;K[e|5]=n>>>16&255;K[e|6]=n>>>8&255;K[e|7]=n&255;K[e|8]=a>>>24;K[e|9]=a>>>16&255;K[e|10]=a>>>8&255;K[e|11]=a&255;K[e|12]=s>>>24;K[e|13]=s>>>16&255;K[e|14]=s>>>8&255;K[e|15]=s&255;K[e|16]=o>>>24;K[e|17]=o>>>16&255;K[e|18]=o>>>8&255;K[e|19]=o&255;K[e|20]=c>>>24;K[e|21]=c>>>16&255;K[e|22]=c>>>8&255;K[e|23]=c&255;K[e|24]=u>>>24;K[e|25]=u>>>16&255;K[e|26]=u>>>8&255;K[e|27]=u&255;K[e|28]=h>>>24;K[e|29]=h>>>16&255;K[e|30]=h>>>8&255;K[e|31]=h&255}function R(){i=0x6a09e667;n=0xbb67ae85;a=0x3c6ef372;s=0xa54ff53a;o=0x510e527f;c=0x9b05688c;u=0x1f83d9ab;h=0x5be0cd19;d=f=0}function I(e,t,r,l,p,y,b,g,m,w){e=e|0;t=t|0;r=r|0;l=l|0;p=p|0;y=y|0;b=b|0;g=g|0;m=m|0;w=w|0;i=e;n=t;a=r;s=l;o=p;c=y;u=b;h=g;d=m;f=w}function B(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){D(e);e=e+64|0;t=t-64|0;r=r+64|0}d=d+r|0;if(d>>>0>>0)f=f+1|0;return r|0}function T(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=B(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;d=d+t|0;if(d>>>0>>0)f=f+1|0;K[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)K[e|n]=0x00;D(e);t=0;K[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)K[e|n]=0;K[e|56]=f>>>21&255;K[e|57]=f>>>13&255;K[e|58]=f>>>5&255;K[e|59]=f<<3&255|d>>>29;K[e|60]=d>>>21&255;K[e|61]=d>>>13&255;K[e|62]=d>>>5&255;K[e|63]=d<<3&255;D(e);if(~r)U(r);return i|0}function z(){i=l;n=p;a=y;s=b;o=g;c=m;u=w;h=v;d=64;f=0}function q(){i=_;n=k;a=A;s=S;o=E;c=P;u=x;h=M;d=64;f=0}function F(e,t,r,K,D,U,I,B,T,z,q,F,O,L,N,j){e=e|0;t=t|0;r=r|0;K=K|0;D=D|0;U=U|0;I=I|0;B=B|0;T=T|0;z=z|0;q=q|0;F=F|0;O=O|0;L=L|0;N=N|0;j=j|0;R();C(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,K^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,I^0x5c5c5c5c,B^0x5c5c5c5c,T^0x5c5c5c5c,z^0x5c5c5c5c,q^0x5c5c5c5c,F^0x5c5c5c5c,O^0x5c5c5c5c,L^0x5c5c5c5c,N^0x5c5c5c5c,j^0x5c5c5c5c);_=i;k=n;A=a;S=s;E=o;P=c;x=u;M=h;R();C(e^0x36363636,t^0x36363636,r^0x36363636,K^0x36363636,D^0x36363636,U^0x36363636,I^0x36363636,B^0x36363636,T^0x36363636,z^0x36363636,q^0x36363636,F^0x36363636,O^0x36363636,L^0x36363636,N^0x36363636,j^0x36363636);l=i;p=n;y=a;b=s;g=o;m=c;w=u;v=h;d=64;f=0}function O(e,t,r){e=e|0;t=t|0;r=r|0;var d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0;if(e&63)return-1;if(~r)if(r&31)return-1;w=T(e,t,-1)|0;d=i,f=n,l=a,p=s,y=o,b=c,g=u,m=h;q();C(d,f,l,p,y,b,g,m,0x80000000,0,0,0,0,0,0,768);if(~r)U(r);return w|0}function L(e,t,r,d,f){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;var l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0;if(e&63)return-1;if(~f)if(f&31)return-1;K[e+t|0]=r>>>24;K[e+t+1|0]=r>>>16&255;K[e+t+2|0]=r>>>8&255;K[e+t+3|0]=r&255;O(e,t+4|0,-1)|0;l=_=i,p=k=n,y=A=a,b=S=s,g=E=o,m=P=c,w=x=u,v=M=h;d=d-1|0;while((d|0)>0){z();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;q();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;l=l^i;p=p^n;y=y^a;b=b^s;g=g^o;m=m^c;w=w^u;v=v^h;d=d-1|0}i=l;n=p;a=y;s=b;o=g;c=m;u=w;h=v;if(~f)U(f);return 0}return{reset:R,init:I,process:B,finish:T,hmac_reset:z,hmac_init:F,hmac_finish:O,pbkdf2_generate_block:L}}({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(Qe.push(this.heap),Je.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new et).process(e).finish().result}}et.NAME="sha256";var tt=rt;function rt(e,t){if(!e)throw Error(t||"Assertion failed")}rt.equal=function(e,t,r){if(e!=t)throw Error(r||"Assertion failed: "+e+" != "+t)};var it=void 0!==t?t:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function nt(e,t){return e(t={exports:{}},t.exports),t.exports}function at(){throw Error("Dynamic requires are not currently supported by @rollup/plugin-commonjs")}var st=nt((function(e){e.exports="function"==typeof Object.create?function(e,t){e.super_=t,e.prototype=Object.create(t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}})}:function(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}}));var ot=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var r=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),i=0;i>8,s=255&n;a?r.push(a,s):r.push(s)}else for(i=0;i>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}var ht=function(e,t){for(var r="",i=0;i>>0}return a};var pt=function(e,t){for(var r=Array(4*e.length),i=0,n=0;i>>24,r[n+1]=a>>>16&255,r[n+2]=a>>>8&255,r[n+3]=255&a):(r[n+3]=a>>>24,r[n+2]=a>>>16&255,r[n+1]=a>>>8&255,r[n]=255&a)}return r};var yt={inherits:st,toArray:ot,toHex:ct,htonl:ut,toHex32:ht,zero2:dt,zero8:ft,join32:lt,split32:pt,rotr32:function(e,t){return e>>>t|e<<32-t},rotl32:function(e,t){return e<>>32-t},sum32:function(e,t){return e+t>>>0},sum32_3:function(e,t,r){return e+t+r>>>0},sum32_4:function(e,t,r,i){return e+t+r+i>>>0},sum32_5:function(e,t,r,i,n){return e+t+r+i+n>>>0},sum64:function(e,t,r,i){var n=e[t],a=i+e[t+1]>>>0,s=(a>>0,e[t+1]=a},sum64_hi:function(e,t,r,i){return(t+i>>>0>>0},sum64_lo:function(e,t,r,i){return t+i>>>0},sum64_4_hi:function(e,t,r,i,n,a,s,o){var c=0,u=t;return c+=(u=u+i>>>0)>>0)>>0)>>0},sum64_4_lo:function(e,t,r,i,n,a,s,o){return t+i+a+o>>>0},sum64_5_hi:function(e,t,r,i,n,a,s,o,c,u){var h=0,d=t;return h+=(d=d+i>>>0)>>0)>>0)>>0)>>0},sum64_5_lo:function(e,t,r,i,n,a,s,o,c,u){return t+i+a+o+u>>>0},rotr64_hi:function(e,t,r){return(t<<32-r|e>>>r)>>>0},rotr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0},shr64_hi:function(e,t,r){return e>>>r},shr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0}};function bt(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}var gt=bt;bt.prototype.update=function(e,t){if(e=yt.toArray(e,t),this.pending?this.pending=this.pending.concat(e):this.pending=e,this.pendingTotal+=e.length,this.pending.length>=this._delta8){var r=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-r,e.length),0===this.pending.length&&(this.pending=null),e=yt.join32(e,0,e.length-r,this.endian);for(var i=0;i>>24&255,i[n++]=e>>>16&255,i[n++]=e>>>8&255,i[n++]=255&e}else for(i[n++]=255&e,i[n++]=e>>>8&255,i[n++]=e>>>16&255,i[n++]=e>>>24&255,i[n++]=0,i[n++]=0,i[n++]=0,i[n++]=0,a=8;a>>3},g1_256:function(e){return wt(e,17)^wt(e,19)^e>>>10}},Et=yt.sum32,Pt=yt.sum32_4,xt=yt.sum32_5,Mt=St.ch32,Kt=St.maj32,Ct=St.s0_256,Dt=St.s1_256,Ut=St.g0_256,Rt=St.g1_256,It=mt.BlockHash,Bt=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function Tt(){if(!(this instanceof Tt))return new Tt;It.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=Bt,this.W=Array(64)}yt.inherits(Tt,It);var zt=Tt;function qt(){if(!(this instanceof qt))return new qt;zt.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}Tt.blockSize=512,Tt.outSize=256,Tt.hmacStrength=192,Tt.padLength=64,Tt.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;i>>32-n,r)}function Ur(e,t,r,i,n,a,s){return Dr(t&r|~t&i,e,t,n,a,s)}function Rr(e,t,r,i,n,a,s){return Dr(t&i|r&~i,e,t,n,a,s)}function Ir(e,t,r,i,n,a,s){return Dr(t^r^i,e,t,n,a,s)}function Br(e,t,r,i,n,a,s){return Dr(r^(t|~i),e,t,n,a,s)}function Tr(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const zr="0123456789abcdef".split("");function qr(e){let t="",r=0;for(;r<4;r++)t+=zr[e>>8*r+4&15]+zr[e>>8*r&15];return t}function Fr(e,t){return e+t&4294967295}const Or=Y.getWebCrypto(),Lr=Y.getNodeCrypto(),Nr=Lr&&Lr.getHashes();function jr(e){if(Lr&&Nr.includes(e))return async function(t){const r=Lr.createHash(e);return T(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Hr(e,t){return async function(r,i=ae){if(o(r)&&(r=await j(r)),!Y.isStream(r)&&Or&&t&&r.length>=i.minBytesForWebCrypto)return new Uint8Array(await Or.digest(t,r));const n=e();return T(r,(e=>{n.update(e)}),(()=>new Uint8Array(n.digest())))}}function Wr(e,t){return async function(r,i=ae){if(o(r)&&(r=await j(r)),Y.isStream(r)){const t=new e;return T(r,(e=>{t.process(e)}),(()=>t.finish().result))}return Or&&t&&r.length>=i.minBytesForWebCrypto?new Uint8Array(await Or.digest(t,r)):e.bytes(r)}}const Gr={md5:jr("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let i;for(i=64;i<=e.length;i+=64)Cr(r,Tr(e.substring(i-64,i)));e=e.substring(i-64);const n=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(i=0;i>2]|=e.charCodeAt(i)<<(i%4<<3);if(n[i>>2]|=128<<(i%4<<3),i>55)for(Cr(r,n),i=0;i<16;i++)n[i]=0;return n[14]=8*t,Cr(r,n),r}(Y.uint8ArrayToString(e));return Y.hexToUint8Array(function(e){for(let t=0;tnew Uint8Array(a.update(e))))}(e,t,r,i);if(Y.isAES(e))return function(e,t,r,i,n){if(Y.getWebCrypto()&&24!==t.length&&!Y.isStream(r)&&r.length>=3e3*n.minBytesForWebCrypto)return async function(e,t,r,i){const n="AES-CBC",a=await Xr.importKey("raw",t,{name:n},!1,["encrypt"]),{blockSize:s}=Zr(e),o=Y.concatUint8Array([new Uint8Array(s),r]),c=new Uint8Array(await Xr.encrypt({name:n,iv:i},a,o)).subarray(0,r.length);return function(e,t){for(let r=0;ra.aes.AES_Encrypt_process(e)),(()=>a.aes.AES_Encrypt_finish()))}(e,t,r,i,n);const s=new(Zr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=Y.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;rnew Uint8Array(a.update(e))))}(e,t,r,i);if(Y.isAES(e))return function(e,t,r,i){if(Y.isStream(r)){const e=new $r(t,i);return T(r,(t=>e.aes.AES_Decrypt_process(t)),(()=>e.aes.AES_Decrypt_finish()))}return $r.decrypt(r,t,i)}(0,t,r,i);const a=new(Zr(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=Y.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r48)throw new ke("illegal counter size");let e=Math.pow(2,r)-1;i.set_mask(0,0,e/4294967296|0,0|e)}else r=48,i.set_mask(0,0,65535,4294967295);if(void 0===e)throw Error("nonce is required");{let t=e.length;if(!t||t>16)throw new ke("illegal nonce size");let r=new DataView(new ArrayBuffer(16));new Uint8Array(r.buffer).set(e),i.set_nonce(r.getUint32(0),r.getUint32(4),r.getUint32(8),r.getUint32(12))}if(void 0!==t){if(t<0||t>=Math.pow(2,r))throw new ke("illegal counter value");i.set_counter(0,0,t/4294967296|0,0|t)}}}class ri{static encrypt(e,t,r=!0,i){return new ri(t,i,r).encrypt(e)}static decrypt(e,t,r=!0,i){return new ri(t,i,r).decrypt(e)}constructor(e,t,r=!0,i){this.aes=i||new Pe(e,t,r,"CBC")}encrypt(e){return ve(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return ve(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}const ii=Y.getWebCrypto(),ni=Y.getNodeCrypto(),ai=16;function si(e,t){const r=e.length-ai;for(let i=0;i>3),17+(u>>3)),8-(7&u)).subarray(1),l=new Uint8Array(_i),p=new Uint8Array(t.length+Ai);let y,b=0;for(y=0;y16)throw new ke("illegal tagSize value");const o=t.length||0,c=new Uint8Array(16);12!==o?(this._gcm_mac_process(t),s[0]=0,s[1]=0,s[2]=0,s[3]=0,s[4]=0,s[5]=0,s[6]=0,s[7]=0,s[8]=0,s[9]=0,s[10]=0,s[11]=o>>>29,s[12]=o>>>21&255,s[13]=o>>>13&255,s[14]=o>>>5&255,s[15]=o<<3&255,a.mac(be.MAC.GCM,be.HEAP_DATA,16),a.get_iv(be.HEAP_DATA),a.set_iv(0,0,0,0),c.set(s.subarray(0,16))):(c.set(t),c[15]=1);const u=new DataView(c.buffer);if(this.gamma0=u.getUint32(12),a.set_nonce(u.getUint32(0),u.getUint32(4),u.getUint32(8),0),a.set_mask(0,0,0,4294967295),void 0!==r){if(r.length>Ci)throw new ke("illegal adata length");r.length?(this.adata=r,this._gcm_mac_process(r)):this.adata=void 0}else this.adata=void 0;if(this.counter<1||this.counter>4294967295)throw new RangeError("counter must be a positive 32-bit integer");a.set_counter(0,0,0,this.gamma0+this.counter|0)}static encrypt(e,t,r,i,n){return new Di(t,r,i,n).encrypt(e)}static decrypt(e,t,r,i,n){return new Di(t,r,i,n).decrypt(e)}encrypt(e){return this.AES_GCM_encrypt(e)}decrypt(e){return this.AES_GCM_decrypt(e)}AES_GCM_Encrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.aes.pos,o=this.aes.len,c=0,u=o+r&-16,h=0;if((a-1<<4)+o+r>Ci)throw new RangeError("counter overflow");const d=new Uint8Array(u);for(;r>0;)h=we(n,s+o,e,t,r),o+=h,t+=h,r-=h,h=i.cipher(be.ENC.CTR,be.HEAP_DATA+s,o),h=i.mac(be.MAC.GCM,be.HEAP_DATA+s,h),h&&d.set(n.subarray(s,s+h),c),a+=h>>>4,c+=h,h>>29,t[4]=u>>>21,t[5]=u>>>13&255,t[6]=u>>>5&255,t[7]=u<<3&255,t[8]=t[9]=t[10]=0,t[11]=h>>>29,t[12]=h>>>21&255,t[13]=h>>>13&255,t[14]=h>>>5&255,t[15]=h<<3&255,e.mac(be.MAC.GCM,be.HEAP_DATA,16),e.get_iv(be.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(be.ENC.CTR,be.HEAP_DATA,16),o.set(t.subarray(0,i),s),this.counter=1,this.aes.pos=0,this.aes.len=0,o}AES_GCM_Decrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.tagSize,o=this.aes.pos,c=this.aes.len,u=0,h=c+r>s?c+r-s&-16:0,d=c+r-h,f=0;if((a-1<<4)+c+r>Ci)throw new RangeError("counter overflow");const l=new Uint8Array(h);for(;r>d;)f=we(n,o+c,e,t,r-d),c+=f,t+=f,r-=f,f=i.mac(be.MAC.GCM,be.HEAP_DATA+o,f),f=i.cipher(be.DEC.CTR,be.HEAP_DATA+o,f),f&&l.set(n.subarray(o,o+f),u),a+=f>>>4,u+=f,o=0,c=0;return r>0&&(c+=we(n,0,e,t,r)),this.counter=a,this.aes.pos=o,this.aes.len=c,l}AES_GCM_Decrypt_finish(){let{asm:e,heap:t}=this.aes.acquire_asm(),r=this.tagSize,i=this.adata,n=this.counter,a=this.aes.pos,s=this.aes.len,o=s-r;if(s>>29,t[4]=d>>>21,t[5]=d>>>13&255,t[6]=d>>>5&255,t[7]=d<<3&255,t[8]=t[9]=t[10]=0,t[11]=f>>>29,t[12]=f>>>21&255,t[13]=f>>>13&255,t[14]=f>>>5&255,t[15]=f<<3&255,e.mac(be.MAC.GCM,be.HEAP_DATA,16),e.get_iv(be.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(be.ENC.CTR,be.HEAP_DATA,16);let l=0;for(let e=0;e0;){for(a=we(r,0,e,i,n),i+=a,n-=a;15&a;)r[a++]=0;t.mac(be.MAC.GCM,be.HEAP_DATA,a)}}}const Ui=Y.getWebCrypto(),Ri=Y.getNodeCrypto(),Ii=Y.getNodeBuffer(),Bi=16,Ti="AES-GCM";async function zi(e,t){if(e!==Z.symmetric.aes128&&e!==Z.symmetric.aes192&&e!==Z.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(Y.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new Ri.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=Ii.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new Ri.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-Bi,e.length));const a=Ii.concat([n.update(e.slice(0,e.length-Bi)),n.final()]);return new Uint8Array(a)}};if(Y.getWebCrypto()&&24!==t.length){const e=await Ui.importKey("raw",t,{name:Ti},!1,["encrypt","decrypt"]);return{encrypt:async function(r,i,n=new Uint8Array){if(!r.length)return Di.encrypt(r,t,i,n);const a=await Ui.encrypt({name:Ti,iv:i,additionalData:n,tagLength:8*Bi},e,r);return new Uint8Array(a)},decrypt:async function(r,i,n=new Uint8Array){if(r.length===Bi)return Di.decrypt(r,t,i,n);const a=await Ui.decrypt({name:Ti,iv:i,additionalData:n,tagLength:8*Bi},e,r);return new Uint8Array(a)}}}return{encrypt:async function(e,r,i){return Di.encrypt(e,t,r,i)},decrypt:async function(e,r,i){return Di.decrypt(e,t,r,i)}}}zi.getNonce=function(e,t){const r=e.slice();for(let e=0;e>>8)-1}(e,t,r,i,32)}function l(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function p(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function y(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function b(e,r){var i,n,a,s=t(),o=t();for(i=0;i<16;i++)o[i]=r[i];for(p(o),p(o),p(o),n=0;n<2;n++){for(s[0]=o[0]-65517,i=1;i<15;i++)s[i]=o[i]-65535-(s[i-1]>>16&1),s[i-1]&=65535;s[15]=o[15]-32767-(s[14]>>16&1),a=s[15]>>16&1,s[14]&=65535,y(o,s,1-a)}for(i=0;i<16;i++)e[2*i]=255&o[i],e[2*i+1]=o[i]>>8}function g(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return b(r,e),b(i,t),f(r,0,i,0)}function m(e){var t=new Uint8Array(32);return b(t,e),1&t[0]}function w(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function v(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function _(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function k(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,g=0,m=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0,U=0,R=0,I=0,B=0,T=r[0],z=r[1],q=r[2],F=r[3],O=r[4],L=r[5],N=r[6],j=r[7],H=r[8],W=r[9],G=r[10],V=r[11],$=r[12],Z=r[13],X=r[14],Y=r[15];a+=(i=t[0])*T,s+=i*z,o+=i*q,c+=i*F,u+=i*O,h+=i*L,d+=i*N,f+=i*j,l+=i*H,p+=i*W,y+=i*G,b+=i*V,g+=i*$,m+=i*Z,w+=i*X,v+=i*Y,s+=(i=t[1])*T,o+=i*z,c+=i*q,u+=i*F,h+=i*O,d+=i*L,f+=i*N,l+=i*j,p+=i*H,y+=i*W,b+=i*G,g+=i*V,m+=i*$,w+=i*Z,v+=i*X,_+=i*Y,o+=(i=t[2])*T,c+=i*z,u+=i*q,h+=i*F,d+=i*O,f+=i*L,l+=i*N,p+=i*j,y+=i*H,b+=i*W,g+=i*G,m+=i*V,w+=i*$,v+=i*Z,_+=i*X,k+=i*Y,c+=(i=t[3])*T,u+=i*z,h+=i*q,d+=i*F,f+=i*O,l+=i*L,p+=i*N,y+=i*j,b+=i*H,g+=i*W,m+=i*G,w+=i*V,v+=i*$,_+=i*Z,k+=i*X,A+=i*Y,u+=(i=t[4])*T,h+=i*z,d+=i*q,f+=i*F,l+=i*O,p+=i*L,y+=i*N,b+=i*j,g+=i*H,m+=i*W,w+=i*G,v+=i*V,_+=i*$,k+=i*Z,A+=i*X,S+=i*Y,h+=(i=t[5])*T,d+=i*z,f+=i*q,l+=i*F,p+=i*O,y+=i*L,b+=i*N,g+=i*j,m+=i*H,w+=i*W,v+=i*G,_+=i*V,k+=i*$,A+=i*Z,S+=i*X,E+=i*Y,d+=(i=t[6])*T,f+=i*z,l+=i*q,p+=i*F,y+=i*O,b+=i*L,g+=i*N,m+=i*j,w+=i*H,v+=i*W,_+=i*G,k+=i*V,A+=i*$,S+=i*Z,E+=i*X,P+=i*Y,f+=(i=t[7])*T,l+=i*z,p+=i*q,y+=i*F,b+=i*O,g+=i*L,m+=i*N,w+=i*j,v+=i*H,_+=i*W,k+=i*G,A+=i*V,S+=i*$,E+=i*Z,P+=i*X,x+=i*Y,l+=(i=t[8])*T,p+=i*z,y+=i*q,b+=i*F,g+=i*O,m+=i*L,w+=i*N,v+=i*j,_+=i*H,k+=i*W,A+=i*G,S+=i*V,E+=i*$,P+=i*Z,x+=i*X,M+=i*Y,p+=(i=t[9])*T,y+=i*z,b+=i*q,g+=i*F,m+=i*O,w+=i*L,v+=i*N,_+=i*j,k+=i*H,A+=i*W,S+=i*G,E+=i*V,P+=i*$,x+=i*Z,M+=i*X,K+=i*Y,y+=(i=t[10])*T,b+=i*z,g+=i*q,m+=i*F,w+=i*O,v+=i*L,_+=i*N,k+=i*j,A+=i*H,S+=i*W,E+=i*G,P+=i*V,x+=i*$,M+=i*Z,K+=i*X,C+=i*Y,b+=(i=t[11])*T,g+=i*z,m+=i*q,w+=i*F,v+=i*O,_+=i*L,k+=i*N,A+=i*j,S+=i*H,E+=i*W,P+=i*G,x+=i*V,M+=i*$,K+=i*Z,C+=i*X,D+=i*Y,g+=(i=t[12])*T,m+=i*z,w+=i*q,v+=i*F,_+=i*O,k+=i*L,A+=i*N,S+=i*j,E+=i*H,P+=i*W,x+=i*G,M+=i*V,K+=i*$,C+=i*Z,D+=i*X,U+=i*Y,m+=(i=t[13])*T,w+=i*z,v+=i*q,_+=i*F,k+=i*O,A+=i*L,S+=i*N,E+=i*j,P+=i*H,x+=i*W,M+=i*G,K+=i*V,C+=i*$,D+=i*Z,U+=i*X,R+=i*Y,w+=(i=t[14])*T,v+=i*z,_+=i*q,k+=i*F,A+=i*O,S+=i*L,E+=i*N,P+=i*j,x+=i*H,M+=i*W,K+=i*G,C+=i*V,D+=i*$,U+=i*Z,R+=i*X,I+=i*Y,v+=(i=t[15])*T,s+=38*(k+=i*q),o+=38*(A+=i*F),c+=38*(S+=i*O),u+=38*(E+=i*L),h+=38*(P+=i*N),d+=38*(x+=i*j),f+=38*(M+=i*H),l+=38*(K+=i*W),p+=38*(C+=i*G),y+=38*(D+=i*V),b+=38*(U+=i*$),g+=38*(R+=i*Z),m+=38*(I+=i*X),w+=38*(B+=i*Y),a=(i=(a+=38*(_+=i*z))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=d,e[7]=f,e[8]=l,e[9]=p,e[10]=y,e[11]=b,e[12]=g,e[13]=m,e[14]=w,e[15]=v}function A(e,t){k(e,t,t)}function S(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=253;i>=0;i--)A(n,n),2!==i&&4!==i&&k(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}function E(e,r,i){var n,a,o=new Uint8Array(32),c=new Float64Array(80),u=t(),h=t(),d=t(),f=t(),l=t(),p=t();for(a=0;a<31;a++)o[a]=r[a];for(o[31]=127&r[31]|64,o[0]&=248,w(c,i),a=0;a<16;a++)h[a]=c[a],f[a]=u[a]=d[a]=0;for(u[0]=f[0]=1,a=254;a>=0;--a)y(u,h,n=o[a>>>3]>>>(7&a)&1),y(d,f,n),v(l,u,d),_(u,u,d),v(d,h,f),_(h,h,f),A(f,l),A(p,u),k(u,d,u),k(d,h,l),v(l,u,d),_(u,u,d),A(h,u),_(d,f,p),k(u,d,s),v(u,u,f),k(d,d,u),k(u,f,p),k(f,h,c),A(h,l),y(u,h,n),y(d,f,n);for(a=0;a<16;a++)c[a+16]=u[a],c[a+32]=d[a],c[a+48]=h[a],c[a+64]=f[a];var g=c.subarray(32),m=c.subarray(16);return S(g,g),k(m,m,g),b(e,m),0}function P(e,t){return E(e,t,i)}function x(e,r){var i=t(),n=t(),a=t(),s=t(),o=t(),u=t(),h=t(),d=t(),f=t();_(i,e[1],e[0]),_(f,r[1],r[0]),k(i,i,f),v(n,e[0],e[1]),v(f,r[0],r[1]),k(n,n,f),k(a,e[3],r[3]),k(a,a,c),k(s,e[2],r[2]),v(s,s,s),_(o,n,i),_(u,s,a),v(h,s,a),v(d,n,i),k(e[0],o,u),k(e[1],d,h),k(e[2],h,u),k(e[3],o,d)}function M(e,t,r){var i;for(i=0;i<4;i++)y(e[i],t[i],r)}function K(e,r){var i=t(),n=t(),a=t();S(a,r[2]),k(i,r[0],a),k(n,r[1],a),b(e,n),e[31]^=m(i)<<7}function C(e,t,r){var i,s;for(l(e[0],n),l(e[1],a),l(e[2],a),l(e[3],n),s=255;s>=0;--s)M(e,t,i=r[s/8|0]>>(7&s)&1),x(t,e),x(e,e),M(e,t,i)}function D(e,r){var i=[t(),t(),t(),t()];l(i[0],u),l(i[1],h),l(i[2],a),k(i[3],u,h),C(e,i,r)}function U(i,n,a){var s,o,c=[t(),t(),t(),t()];for(a||r(n,32),(s=e.hash(n.subarray(0,32)))[0]&=248,s[31]&=127,s[31]|=64,D(c,s),K(i,c),o=0;o<32;o++)n[o+32]=i[o];return 0}var R=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function I(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n>4)*R[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*R[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function B(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;I(e,r)}function T(e,r){var i=t(),s=t(),c=t(),u=t(),h=t(),f=t(),p=t();return l(e[2],a),w(e[1],r),A(c,e[1]),k(u,c,o),_(c,c,e[2]),v(u,e[2],u),A(h,u),A(f,h),k(p,f,h),k(i,p,c),k(i,i,u),function(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=250;i>=0;i--)A(n,n),1!==i&&k(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}(i,i),k(i,i,c),k(i,i,u),k(i,i,u),k(e[0],i,u),A(s,e[0]),k(s,s,u),g(s,c)&&k(e[0],e[0],d),A(s,e[0]),k(s,s,u),g(s,c)?-1:(m(e[0])===r[31]>>7&&_(e[0],n,e[0]),k(e[3],e[0],e[1]),0)}var z=64;function q(){for(var e=0;e=0},e.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return U(e,t),{publicKey:e,secretKey:t}},e.sign.keyPair.fromSecretKey=function(e){if(q(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;re&&(c.imod(a.leftShift(n)).iadd(a),u=c.mod(s).toNumber())}while(!await Wi(c,t,r));return c}async function Wi(e,t,r){return!(t&&!e.dec().gcd(t).isOne())&&(!!await async function(e){const t=await Y.getBigInteger();return Gi.every((r=>0!==e.mod(new t(r))))}(e)&&(!!await async function(e,t){const r=await Y.getBigInteger();return t=t||new r(2),t.modExp(e.dec(),e).isOne()}(e)&&!!await async function(e,t,r){const i=await Y.getBigInteger(),n=e.bitLength();t||(t=Math.max(1,n/48|0));const a=e.dec();let s=0;for(;!a.getBit(s);)s++;const o=e.rightShift(new i(s));for(;t>0;t--){let t,n=(r?r():await Ni(new i(2),a)).modExp(o,e);if(!n.isOne()&&!n.equal(a)){for(t=1;tt-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!i;if(t)return Y.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}async function Xi(e,t,r){let i;if(t.length!==Vr.getHashByteLength(e))throw Error("Invalid hash length");const n=new Uint8Array(Vi[e].length);for(i=0;i{Ji.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(tn.decode(n,"der"))}))}));return{n:i.modulus.toArrayLike(Uint8Array),e:i.publicExponent.toArrayLike(Uint8Array),d:i.privateExponent.toArrayLike(Uint8Array),p:i.prime2.toArrayLike(Uint8Array),q:i.prime1.toArrayLike(Uint8Array),u:i.coefficient.toArrayLike(Uint8Array)}}let r,i,n;do{i=await Hi(e-(e>>1),t,40),r=await Hi(e>>1,t,40),n=r.mul(i)}while(n.bitLength()!==e);const a=r.dec().imul(i.dec());return i.lt(r)&&([r,i]=[i,r]),{n:n.toUint8Array(),e:t.toUint8Array(),d:t.modInv(a).toUint8Array(),p:r.toUint8Array(),q:i.toUint8Array(),u:r.modInv(i).toUint8Array()}},validateParams:async function(e,t,r,i,n,a){const s=await Y.getBigInteger();if(e=new s(e),i=new s(i),n=new s(n),!i.mul(n).equal(e))return!1;const o=new s(2);if(a=new s(a),!i.mul(a).mod(n).isOne())return!1;t=new s(t),r=new s(r);const c=new s(Math.floor(e.bitLength()/3)),u=await Ni(o,o.leftShift(c)),h=u.mul(r).mul(t);return!(!h.mod(i.dec()).equal(u)||!h.mod(n.dec()).equal(u))}});var an=/*#__PURE__*/Object.freeze({__proto__:null,encrypt:async function(e,t,r,i){const n=await Y.getBigInteger();t=new n(t),r=new n(r),i=new n(i);const a=new n($i(e,t.byteLength())),s=await Ni(new n(1),t.dec());return{c1:r.modExp(s,t).toUint8Array(),c2:i.modExp(s,t).imul(a).imod(t).toUint8Array()}},decrypt:async function(e,t,r,i,n){const a=await Y.getBigInteger();return e=new a(e),t=new a(t),r=new a(r),i=new a(i),Zi(e.modExp(i,r).modInv(r).imul(t).imod(r).toUint8Array("be",r.byteLength()),n)},validateParams:async function(e,t,r,i){const n=await Y.getBigInteger();e=new n(e),t=new n(t),r=new n(r);const a=new n(1);if(t.lte(a)||t.gte(e))return!1;const s=new n(e.bitLength()),o=new n(1023);if(s.lt(o))return!1;if(!t.modExp(e.dec(),e).isOne())return!1;let c=t;const u=new n(1),h=new n(2).leftShift(new n(17));for(;u.lt(h);){if(c=c.mul(t).imod(e),c.isOne())return!1;u.iinc()}i=new n(i);const d=new n(2),f=await Ni(d.leftShift(s.dec()),d.leftShift(s)),l=e.dec().imul(f).iadd(i);return!!r.equal(t.modExp(l,e))}});class sn{constructor(e){if(e instanceof sn)this.oid=e.oid;else if(Y.isArray(e)||Y.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return Y.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return Y.uint8ArrayToHex(this.oid)}getName(){const e=this.toHex();if(Z.curve[e])return Z.write(Z.curve,e);throw Error("Unknown curve object identifier.")}}function on(e,t){return e.keyPair({priv:t})}function cn(e,t){const r=e.keyPair({pub:t});if(!0!==r.validate().result)throw Error("Invalid elliptic public key");return r}async function un(e){if(!ae.useIndutnyElliptic)throw Error("This curve is only supported in the full build of OpenPGP.js");const{default:t}=await Promise.resolve().then((function(){return ib}));return new t.ec(e)}function hn(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=Y.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function dn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):Y.concatUint8Array([new Uint8Array([255]),Y.writeNumber(e,4)])}function fn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function ln(e){return new Uint8Array([192|e])}function pn(e,t){return Y.concatUint8Array([ln(e),dn(t)])}function yn(e){return[Z.packet.literalData,Z.packet.compressedData,Z.packet.symmetricallyEncryptedData,Z.packet.symEncryptedIntegrityProtectedData,Z.packet.aeadEncryptedData].includes(e)}async function bn(e,t){const r=D(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||0==(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const o=await r.readByte();let c,u,h=-1,d=-1;d=0,0!=(64&o)&&(d=1),d?h=63&o:(h=(63&o)>>2,u=3&o);const f=yn(h);let l,p=null;if(f){if("array"===Y.isStream(e)){const e=new s;i=U(e),p=e}else{const e=new E;i=U(e.writable),p=e.readable}n=t({tag:h,packet:p})}else p=[];do{if(d){const e=await r.readByte();if(l=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),l=!0,!f)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(u){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const a=c===1/0?n:n.subarray(0,c-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=c){r.unshift(n.subarray(c-e+n.length));break}}}}while(l);const y=await r.peekBytes(f?1/0:2);return i?(await i.ready,await i.close()):(p=Y.concatUint8Array(p),await t({tag:h,packet:p})),!y||!y.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class gn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,gn),this.name="UnsupportedError"}}class mn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}const wn=Y.getWebCrypto(),vn=Y.getNodeCrypto(),_n={p256:"P-256",p384:"P-384",p521:"P-521"},kn=vn?vn.getCurves():[],An=vn?{secp256k1:kn.includes("secp256k1")?"secp256k1":void 0,p256:kn.includes("prime256v1")?"prime256v1":void 0,p384:kn.includes("secp384r1")?"secp384r1":void 0,p521:kn.includes("secp521r1")?"secp521r1":void 0,ed25519:kn.includes("ED25519")?"ED25519":void 0,curve25519:kn.includes("X25519")?"X25519":void 0,brainpoolP256r1:kn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,brainpoolP384r1:kn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,brainpoolP512r1:kn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Sn={p256:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha256,cipher:Z.symmetric.aes128,node:An.p256,web:_n.p256,payloadSize:32,sharedSize:256},p384:{oid:[6,5,43,129,4,0,34],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha384,cipher:Z.symmetric.aes192,node:An.p384,web:_n.p384,payloadSize:48,sharedSize:384},p521:{oid:[6,5,43,129,4,0,35],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha512,cipher:Z.symmetric.aes256,node:An.p521,web:_n.p521,payloadSize:66,sharedSize:528},secp256k1:{oid:[6,5,43,129,4,0,10],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha256,cipher:Z.symmetric.aes128,node:An.secp256k1,payloadSize:32},ed25519:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:Z.publicKey.eddsaLegacy,hash:Z.hash.sha512,node:!1,payloadSize:32},curve25519:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:Z.publicKey.ecdh,hash:Z.hash.sha256,cipher:Z.symmetric.aes128,node:!1,payloadSize:32},brainpoolP256r1:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha256,cipher:Z.symmetric.aes128,node:An.brainpoolP256r1,payloadSize:32},brainpoolP384r1:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha384,cipher:Z.symmetric.aes192,node:An.brainpoolP384r1,payloadSize:48},brainpoolP512r1:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:Z.publicKey.ecdsa,hash:Z.hash.sha512,cipher:Z.symmetric.aes256,node:An.brainpoolP512r1,payloadSize:64}};class En{constructor(e,t){try{(Y.isArray(e)||Y.isUint8Array(e))&&(e=new sn(e)),e instanceof sn&&(e=e.getName()),this.name=Z.write(Z.curve,e)}catch(e){throw new gn("Unknown curve")}t=t||Sn[this.name],this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node&&Sn[this.name],this.web=t.web&&Sn[this.name],this.payloadSize=t.payloadSize,this.web&&Y.getWebCrypto()?this.type="web":this.node&&Y.getNodeCrypto()?this.type="node":"curve25519"===this.name?this.type="curve25519":"ed25519"===this.name&&(this.type="ed25519")}async genKeyPair(){let e;switch(this.type){case"web":try{return await async function(e){const t=await wn.generateKey({name:"ECDSA",namedCurve:_n[e]},!0,["sign","verify"]),r=await wn.exportKey("jwk",t.privateKey),i=await wn.exportKey("jwk",t.publicKey);return{publicKey:xn(i),privateKey:ie(r.d)}}(this.name)}catch(e){Y.printDebugError("Browser did not support generating ec key "+e.message);break}case"node":return async function(e){const t=vn.createECDH(An[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519":{const t=Li(32);t[0]=127&t[0]|64,t[31]&=248;const r=t.slice().reverse();e=Fi.box.keyPair.fromSecretKey(r);return{publicKey:Y.concatUint8Array([new Uint8Array([64]),e.publicKey]),privateKey:t}}case"ed25519":{const e=Li(32),t=Fi.sign.keyPair.fromSeed(e);return{publicKey:Y.concatUint8Array([new Uint8Array([64]),t.publicKey]),privateKey:e}}}const t=await un(this.name);return e=await t.genKeyPair({entropy:Y.uint8ArrayToString(Li(32))}),{publicKey:new Uint8Array(e.getPublic("array",!1)),privateKey:e.getPrivate().toArrayLike(Uint8Array)}}}async function Pn(e,t,r,i){const n={p256:!0,p384:!0,p521:!0,secp256k1:!0,curve25519:e===Z.publicKey.ecdh,brainpoolP256r1:!0,brainpoolP384r1:!0,brainpoolP512r1:!0},a=t.getName();if(!n[a])return!1;if("curve25519"===a){i=i.slice().reverse();const{publicKey:e}=Fi.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!Y.equalsUint8Array(t,r)}const s=await un(a);try{r=cn(s,r).getPublic()}catch(e){return!1}return!!on(s,i).getPublic().eq(r)}function xn(e){const t=ie(e.x),r=ie(e.y),i=new Uint8Array(t.length+r.length+1);return i[0]=4,i.set(t,1),i.set(r,t.length+1),i}function Mn(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:ne(n,!0),y:ne(a,!0),ext:!0}}function Kn(e,t,r,i){const n=Mn(e,t,r);return n.d=ne(i,!0),n}const Cn=Y.getWebCrypto(),Dn=Y.getNodeCrypto();async function Un(e,t,r,i,n,a){const s=new En(e);if(r&&!Y.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Kn(e.payloadSize,_n[e.name],i.publicKey,i.privateKey),s=await Cn.importKey("jwk",a,{name:"ECDSA",namedCurve:_n[e.name],hash:{name:Z.read(Z.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Cn.sign({name:"ECDSA",namedCurve:_n[e.name],hash:{name:Z.read(Z.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;Y.printDebugError("Browser did not support signing: "+e.message)}break;case"node":{const i=await async function(e,t,r,i){const n=Dn.createSign(Z.read(Z.hash,t));n.write(r),n.end();const a=Tn.encode({version:1,parameters:e.oid,privateKey:Array.from(i.privateKey),publicKey:{unused:0,data:Array.from(i.publicKey)}},"pem",{label:"EC PRIVATE KEY"});return Bn.decode(n.sign(a),"der")}(s,t,r,e);return{r:i.r.toArrayLike(Uint8Array),s:i.s.toArrayLike(Uint8Array)}}}}return async function(e,t,r){const i=await un(e.name),n=on(i,r),a=n.sign(t);return{r:a.r.toArrayLike(Uint8Array),s:a.s.toArrayLike(Uint8Array)}}(s,a,n)}async function Rn(e,t,r,i,n,a){const s=new En(e);if(i&&!Y.isStream(i))switch(s.type){case"web":try{return await async function(e,t,{r,s:i},n,a){const s=Mn(e.payloadSize,_n[e.name],a),o=await Cn.importKey("jwk",s,{name:"ECDSA",namedCurve:_n[e.name],hash:{name:Z.read(Z.webHash,e.hash)}},!1,["verify"]),c=Y.concatUint8Array([r,i]).buffer;return Cn.verify({name:"ECDSA",namedCurve:_n[e.name],hash:{name:Z.read(Z.webHash,t)}},o,c,n)}(s,t,r,i,n)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;Y.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":return async function(e,t,{r,s:i},n,a){const{default:s}=await Promise.resolve().then((function(){return qp})),o=Dn.createVerify(Z.read(Z.hash,t));o.write(n),o.end();const c=qn.encode({algorithm:{algorithm:[1,2,840,10045,2,1],parameters:e.oid},subjectPublicKey:{unused:0,data:Array.from(a)}},"pem",{label:"PUBLIC KEY"}),u=Bn.encode({r:new s(r),s:new s(i)},"der");try{return o.verify(c,u)}catch(e){return!1}}(s,t,r,i,n)}return async function(e,t,r,i){const n=await un(e.name),a=cn(n,i);return a.verify(r,t)}(s,r,void 0===t?i:a,n)}const In=void 0,Bn=Dn?In.define("ECDSASignature",(function(){this.seq().obj(this.key("r").int(),this.key("s").int())})):void 0,Tn=Dn?In.define("ECPrivateKey",(function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").explicit(0).optional().any(),this.key("publicKey").explicit(1).optional().bitstr())})):void 0,zn=Dn?In.define("AlgorithmIdentifier",(function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional().any())})):void 0,qn=Dn?In.define("SubjectPublicKeyInfo",(function(){this.seq().obj(this.key("algorithm").use(zn),this.key("subjectPublicKey").bitstr())})):void 0;var Fn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Un,verify:Rn,validateParams:async function(e,t,r){const i=new En(e);if(i.keyType!==Z.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=Li(8),n=Z.hash.sha256,a=await Vr.digest(n,i);try{const s=await Un(e,n,i,t,r,a);return await Rn(e,n,s,i,t,a)}catch(e){return!1}}default:return Pn(Z.publicKey.ecdsa,e,t,r)}}});Fi.hash=e=>new Uint8Array(er().update(e).digest());var On=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){if(Vr.getHashByteLength(t)new Uint8Array(er().update(e).digest());var Nn=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===Z.publicKey.ed25519){const e=Li(32),{publicKey:t}=Fi.sign.keyPair.fromSeed(e);return{A:t,seed:e}}throw Error("Unsupported EdDSA algorithm")},sign:async function(e,t,r,i,n,a){if(Vr.getHashByteLength(t)=0;--e)for(let t=o-1;t>=0;--t)c[1]=o*e+(t+1),u[0]=a[0]^c[0],u[1]=a[1]^c[1],u[2]=s[2*t],u[3]=s[2*t+1],u=Wn(r.decrypt(Gn(u))),a=u.subarray(0,2),s[2*t]=u[2],s[2*t+1]=u[3];if(a[0]===i[0]&&a[1]===i[1])return Gn(s);throw Error("Key Data Integrity failed")}function Wn(e){const{length:t}=e,r=function(e){if(Y.isString(e)){const{length:t}=e,r=new ArrayBuffer(t),i=new Uint8Array(r);for(let r=0;r0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(Y.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Xn=/*#__PURE__*/Object.freeze({__proto__:null,encode:$n,decode:Zn});const Yn=Y.getWebCrypto(),Qn=Y.getNodeCrypto();function Jn(e,t,r,i){return Y.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),Y.stringToUint8Array("Anonymous Sender "),i.subarray(0,20)])}async function ea(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Vr.digest(e,Y.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function ta(e,t){switch(e.type){case"curve25519":{const r=Li(32),{secretKey:i,sharedKey:n}=await ra(e,t,null,r);let{publicKey:a}=Fi.box.keyPair.fromSecretKey(i);return a=Y.concatUint8Array([new Uint8Array([64]),a]),{publicKey:a,sharedKey:n}}case"web":if(e.web&&Y.getWebCrypto())try{return await async function(e,t){const r=Mn(e.payloadSize,e.web.web,t);let i=Yn.generateKey({name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]),n=Yn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=Yn.deriveBits({name:"ECDH",namedCurve:e.web.web,public:n},i.privateKey,e.web.sharedSize),s=Yn.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(xn(s));return{publicKey:c,sharedKey:o}}(e,t)}catch(e){Y.printDebugError(e)}break;case"node":return async function(e,t){const r=Qn.createECDH(e.node.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t)),n=new Uint8Array(r.getPublicKey());return{publicKey:n,sharedKey:i}}(e,t)}return async function(e,t){const r=await un(e.name),i=await e.genKeyPair();t=cn(r,t);const n=on(r,i.privateKey),a=i.publicKey,s=n.derive(t.getPublic()),o=r.curve.p.byteLength(),c=s.toArrayLike(Uint8Array,"be",o);return{publicKey:a,sharedKey:c}}(e,t)}async function ra(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519":{const e=i.slice().reverse();return{secretKey:e,sharedKey:Fi.scalarMult(e,t.subarray(1))}}case"web":if(e.web&&Y.getWebCrypto())try{return await async function(e,t,r,i){const n=Kn(e.payloadSize,e.web.web,r,i);let a=Yn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]);const s=Mn(e.payloadSize,e.web.web,t);let o=Yn.importKey("jwk",s,{name:"ECDH",namedCurve:e.web.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=Yn.deriveBits({name:"ECDH",namedCurve:e.web.web,public:o},a,e.web.sharedSize),u=Yn.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:ie(u.d),sharedKey:h}}(e,t,r,i)}catch(e){Y.printDebugError(e)}break;case"node":return async function(e,t,r){const i=Qn.createECDH(e.node.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i)}return async function(e,t,r){const i=await un(e.name);t=cn(i,t),r=on(i,r);const n=new Uint8Array(r.getPrivate()),a=r.derive(t.getPublic()),s=i.curve.p.byteLength(),o=a.toArrayLike(Uint8Array,"be",s);return{secretKey:n,sharedKey:o}}(e,t,i)}var ia=/*#__PURE__*/Object.freeze({__proto__:null,validateParams:async function(e,t,r){return Pn(Z.publicKey.ecdh,e,t,r)},encrypt:async function(e,t,r,i,n){const a=$n(r),s=new En(e),{publicKey:o,sharedKey:c}=await ta(s,i),u=Jn(Z.publicKey.ecdh,e,t,n),{keySize:h}=Zr(t.cipher);return{publicKey:o,wrappedKey:jn(await ea(t.hash,c,h,u),a)}},decrypt:async function(e,t,r,i,n,a,s){const o=new En(e),{sharedKey:c}=await ra(o,r,n,a),u=Jn(Z.publicKey.ecdh,e,t,s),{keySize:h}=Zr(t.cipher);let d;for(let e=0;e<3;e++)try{return Zn(Hn(await ea(t.hash,c,h,u,1===e,2===e),i))}catch(e){d=e}throw d}});const na=Y.getWebCrypto(),aa=Y.getNodeCrypto(),sa=aa&&aa.webcrypto&&aa.webcrypto.subtle;async function oa(e,t,r,i,n){const a=Z.read(Z.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");if(na||sa){const e=na||sa,s=await e.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await e.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}if(aa){const a=Z.read(Z.hash,e),s=(e,t)=>aa.createHmac(a,e).update(t).digest(),o=s(r,t),c=o.length,u=Math.ceil(n/c),h=new Uint8Array(u*c),d=new Uint8Array(c+i.length+1);d.set(i,c);for(let e=0;e0?d:d.subarray(c));d.set(t,0),h.set(t,e*c)}return h.subarray(0,n)}throw Error("No HKDF implementation available")}const ca={x25519:Y.encodeUTF8("OpenPGP X25519")};var ua=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===Z.publicKey.x25519){const e=Li(32),{publicKey:t}=Fi.box.keyPair.fromSecretKey(e);return{A:t,k:e}}throw Error("Unsupported ECDH algorithm")},validateParams:async function(e,t,r){if(e===Z.publicKey.x25519){const{publicKey:e}=Fi.box.keyPair.fromSecretKey(r);return Y.equalsUint8Array(t,e)}return!1},encrypt:async function(e,t,r){if(e===Z.publicKey.x25519){const e=Li(32),i=Fi.scalarMult(e,r),{publicKey:n}=Fi.box.keyPair.fromSecretKey(e),a=Y.concatUint8Array([n,r,i]),{keySize:s}=Zr(Z.symmetric.aes128);return{ephemeralPublicKey:n,wrappedKey:jn(await oa(Z.hash.sha256,a,new Uint8Array,ca.x25519,s),t)}}throw Error("Unsupported ECDH algorithm")},decrypt:async function(e,t,r,i,n){if(e===Z.publicKey.x25519){const e=Fi.scalarMult(n,t),a=Y.concatUint8Array([t,i,e]),{keySize:s}=Zr(Z.symmetric.aes128);return Hn(await oa(Z.hash.sha256,a,new Uint8Array,ca.x25519,s),r)}throw Error("Unsupported ECDH algorithm")}}),ha=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:En,ecdh:ia,ecdhX:ua,ecdsa:Fn,eddsaLegacy:On,eddsa:Nn,generate:async function(e){const t=await Y.getBigInteger();e=new En(e);const r=await e.genKeyPair(),i=new t(r.publicKey).toUint8Array(),n=new t(r.privateKey).toUint8Array("be",e.payloadSize);return{oid:e.oid,Q:i,secret:n,hash:e.hash,cipher:e.cipher}},getPreferredHashAlgo:function(e){return Sn[Z.write(Z.curve,e.toHex())].hash}});var da=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){const s=await Y.getBigInteger(),o=new s(1);let c,u,h,d;i=new s(i),n=new s(n),r=new s(r),a=new s(a),r=r.mod(i),a=a.mod(n);const f=new s(t.subarray(0,n.byteLength())).mod(n);for(;;){if(c=await Ni(o,n),u=r.modExp(c,i).imod(n),u.isZero())continue;const e=a.mul(u).imod(n);if(d=f.add(e).imod(n),h=c.modInv(n).imul(d).imod(n),!h.isZero())break}return{r:u.toUint8Array("be",n.byteLength()),s:h.toUint8Array("be",n.byteLength())}},verify:async function(e,t,r,i,n,a,s,o){const c=await Y.getBigInteger(),u=new c(0);if(t=new c(t),r=new c(r),a=new c(a),s=new c(s),n=new c(n),o=new c(o),t.lte(u)||t.gte(s)||r.lte(u)||r.gte(s))return Y.printDebug("invalid DSA Signature"),!1;const h=new c(i.subarray(0,s.byteLength())).imod(s),d=r.modInv(s);if(d.isZero())return Y.printDebug("invalid DSA Signature"),!1;n=n.mod(a),o=o.mod(a);const f=h.mul(d).imod(s),l=t.mul(d).imod(s),p=n.modExp(f,a),y=o.modExp(l,a);return p.mul(y).imod(a).imod(s).equal(t)},validateParams:async function(e,t,r,i,n){const a=await Y.getBigInteger();e=new a(e),t=new a(t),r=new a(r),i=new a(i);const s=new a(1);if(r.lte(s)||r.gte(e))return!1;if(!e.dec().mod(t).isZero())return!1;if(!r.modExp(t,e).isOne())return!1;const o=new a(t.bitLength()),c=new a(150);if(o.lt(c)||!await Wi(t,null,32))return!1;n=new a(n);const u=new a(2),h=await Ni(u.leftShift(o.dec()),u.leftShift(o)),d=t.mul(h).add(n);return!!i.equal(r.modExp(d,e))}}),fa={rsa:nn,elgamal:an,elliptic:ha,dsa:da,nacl:Fi};var la=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaSign:return{s:Y.readMPI(t.subarray(r))};case Z.publicKey.dsa:case Z.publicKey.ecdsa:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;return{r:e,s:Y.readMPI(t.subarray(r))}}case Z.publicKey.eddsaLegacy:{let e=Y.readMPI(t.subarray(r));r+=e.length+2,e=Y.leftPad(e,32);let i=Y.readMPI(t.subarray(r));return i=Y.leftPad(i,32),{r:e,s:i}}case Z.publicKey.ed25519:{const e=t.subarray(r,r+64);return r+=e.length,{RS:e}}default:throw new gn("Unknown signature algorithm.")}},verify:async function(e,t,r,i,n,a){switch(e){case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaSign:{const{n:e,e:s}=i,o=Y.leftPad(r.s,e.length);return fa.rsa.verify(t,n,o,e,s,a)}case Z.publicKey.dsa:{const{g:e,p:n,q:s,y:o}=i,{r:c,s:u}=r;return fa.dsa.verify(t,c,u,a,e,n,s,o)}case Z.publicKey.ecdsa:{const{oid:e,Q:s}=i,o=new fa.elliptic.CurveWithOID(e).payloadSize,c=Y.leftPad(r.r,o),u=Y.leftPad(r.s,o);return fa.elliptic.ecdsa.verify(e,t,{r:c,s:u},n,s,a)}case Z.publicKey.eddsaLegacy:{const{oid:e,Q:s}=i;return fa.elliptic.eddsaLegacy.verify(e,t,r,n,s,a)}case Z.publicKey.ed25519:{const{A:s}=i;return fa.elliptic.eddsa.verify(e,t,r,n,s,a)}default:throw Error("Unknown signature algorithm.")}},sign:async function(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await fa.rsa.sign(t,n,e,s,o,c,u,h,a)}}case Z.publicKey.dsa:{const{g:e,p:n,q:s}=r,{x:o}=i;return fa.dsa.sign(t,a,e,n,s,o)}case Z.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case Z.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return fa.elliptic.ecdsa.sign(e,t,n,s,o,a)}case Z.publicKey.eddsaLegacy:{const{oid:e,Q:s}=r,{seed:o}=i;return fa.elliptic.eddsaLegacy.sign(e,t,n,s,o,a)}case Z.publicKey.ed25519:{const{A:s}=r,{seed:o}=i;return fa.elliptic.eddsa.sign(e,t,n,s,o,a)}default:throw Error("Unknown signature algorithm.")}}});class pa{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return Y.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class ya{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new gn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class ba{static fromObject({wrappedKey:e,algorithm:t}){const r=new ba;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=e.subarray(t,t+r),t+=r}write(){return Y.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function ga(e){try{e.getName()}catch(e){throw new gn("Unknown curve OID")}}var ma=/*#__PURE__*/Object.freeze({__proto__:null,publicKeyEncrypt:async function(e,t,r,i,n){switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await fa.rsa.encrypt(i,e,t)}}case Z.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return fa.elgamal.encrypt(i,e,t,n)}case Z.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:a}=r,{publicKey:s,wrappedKey:o}=await fa.elliptic.ecdh.encrypt(e,a,i,t,n);return{V:s,C:new pa(o)}}case Z.publicKey.x25519:{if(!Y.isAES(t))throw Error("X25519 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:a,wrappedKey:s}=await fa.elliptic.ecdhX.encrypt(e,i,n);return{ephemeralPublicKey:a,C:ba.fromObject({algorithm:t,wrappedKey:s})}}default:return[]}},publicKeyDecrypt:async function(e,t,r,i,n,a){switch(e){case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return fa.rsa.decrypt(e,n,s,o,c,u,h,a)}case Z.publicKey.elgamal:{const{c1:e,c2:n}=i,s=t.p,o=r.x;return fa.elgamal.decrypt(e,n,s,o,a)}case Z.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return fa.elliptic.ecdh.decrypt(e,s,c,u.data,a,o,n)}case Z.publicKey.x25519:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(!Y.isAES(o.algorithm))throw Error("AES session key expected");return fa.elliptic.ecdhX.decrypt(e,s,o.wrappedKey,n,a)}default:throw Error("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaSign:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;const i=Y.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case Z.publicKey.dsa:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;const i=Y.readMPI(t.subarray(r));r+=i.length+2;const n=Y.readMPI(t.subarray(r));r+=n.length+2;const a=Y.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case Z.publicKey.elgamal:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;const i=Y.readMPI(t.subarray(r));r+=i.length+2;const n=Y.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case Z.publicKey.ecdsa:{const e=new sn;r+=e.read(t),ga(e);const i=Y.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case Z.publicKey.eddsaLegacy:{const e=new sn;r+=e.read(t),ga(e);let i=Y.readMPI(t.subarray(r));return r+=i.length+2,i=Y.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case Z.publicKey.ecdh:{const e=new sn;r+=e.read(t),ga(e);const i=Y.readMPI(t.subarray(r));r+=i.length+2;const n=new ya;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case Z.publicKey.ed25519:case Z.publicKey.x25519:{const e=t.subarray(r,r+32);return r+=e.length,{read:r,publicParams:{A:e}}}default:throw new gn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let i=0;switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaSign:{const e=Y.readMPI(t.subarray(i));i+=e.length+2;const r=Y.readMPI(t.subarray(i));i+=r.length+2;const n=Y.readMPI(t.subarray(i));i+=n.length+2;const a=Y.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case Z.publicKey.dsa:case Z.publicKey.elgamal:{const e=Y.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case Z.publicKey.ecdsa:case Z.publicKey.ecdh:{const e=new En(r.oid);let n=Y.readMPI(t.subarray(i));return i+=n.length+2,n=Y.leftPad(n,e.payloadSize),{read:i,privateParams:{d:n}}}case Z.publicKey.eddsaLegacy:{const e=new En(r.oid);let n=Y.readMPI(t.subarray(i));return i+=n.length+2,n=Y.leftPad(n,e.payloadSize),{read:i,privateParams:{seed:n}}}case Z.publicKey.ed25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{seed:e}}}case Z.publicKey.x25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{k:e}}}default:throw new gn("Unknown public key encryption algorithm.")}},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:return{c:Y.readMPI(t.subarray(r))};case Z.publicKey.elgamal:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:Y.readMPI(t.subarray(r))}}case Z.publicKey.ecdh:{const e=Y.readMPI(t.subarray(r));r+=e.length+2;const i=new pa;return i.read(t.subarray(r)),{V:e,C:i}}case Z.publicKey.x25519:{const e=t.subarray(r,r+32);r+=e.length;const i=new ba;return i.read(t.subarray(r)),{ephemeralPublicKey:e,C:i}}default:throw new gn("Unknown public key encryption algorithm.")}},serializeParams:function(e,t){const r=new Set([Z.publicKey.ed25519,Z.publicKey.x25519]),i=Object.keys(t).map((i=>{const n=t[i];return Y.isUint8Array(n)?r.has(e)?n:Y.uint8ArrayToMPI(n):n.write()}));return Y.concatUint8Array(i)},generateParams:function(e,t,r){switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaSign:return fa.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case Z.publicKey.ecdsa:return fa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new sn(e),Q:t}})));case Z.publicKey.eddsaLegacy:return fa.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new sn(e),Q:t}})));case Z.publicKey.ecdh:return fa.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new sn(e),Q:t,kdfParams:new ya({hash:i,cipher:n})}})));case Z.publicKey.ed25519:return fa.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case Z.publicKey.x25519:return fa.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case Z.publicKey.dsa:case Z.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return fa.rsa.validateParams(e,i,n,a,s,o)}case Z.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return fa.dsa.validateParams(e,i,n,a,s)}case Z.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return fa.elgamal.validateParams(e,i,n,a)}case Z.publicKey.ecdsa:case Z.publicKey.ecdh:{const i=fa.elliptic[Z.read(Z.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case Z.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return fa.elliptic.eddsaLegacy.validateParams(i,e,n)}case Z.publicKey.ed25519:{const{A:i}=t,{seed:n}=r;return fa.elliptic.eddsa.validateParams(e,i,n)}case Z.publicKey.x25519:{const{A:i}=t,{k:n}=r;return fa.elliptic.ecdhX.validateParams(e,i,n)}default:throw Error("Unknown public key algorithm.")}},getPrefixRandom:async function(e){const{blockSize:t}=Zr(e),r=await Li(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return Y.concat([r,i])},generateSessionKey:function(e){const{keySize:t}=Zr(e);return Li(t)},getAEADMode:function(e){const t=Z.read(Z.aead,e);return qi[t]},getCipher:Zr,getPreferredCurveHashAlgo:function(e,t){switch(e){case Z.publicKey.ecdsa:case Z.publicKey.eddsaLegacy:return fa.elliptic.getPreferredHashAlgo(t);case Z.publicKey.ed25519:return fa.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}}});const wa={cipher:Ge,hash:Vr,mode:qi,publicKey:fa,signature:la,random:ji,pkcs1:Yi,pkcs5:Xn,aesKW:Vn};Object.assign(wa,ma);var va="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function _a(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)}const ka={arraySet:function(e,t,r,i,n){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+i),n);else for(let a=0;a=0;)e[t]=0}const Qa=0,Ja=1,es=2,ts=29,rs=256,is=rs+1+ts,ns=30,as=19,ss=2*is+1,os=15,cs=16,us=7,hs=256,ds=16,fs=17,ls=18,ps=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],ys=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],bs=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],gs=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],ms=Array(2*(is+2));Ya(ms);const ws=Array(2*ns);Ya(ws);const vs=Array(512);Ya(vs);const _s=Array(256);Ya(_s);const ks=Array(ts);Ya(ks);const As=Array(ns);function Ss(e,t,r,i,n){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=i,this.max_length=n,this.has_stree=e&&e.length}let Es,Ps,xs;function Ms(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function Ks(e){return e<256?vs[e]:vs[256+(e>>>7)]}function Cs(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function Ds(e,t,r){e.bi_valid>cs-r?(e.bi_buf|=t<>cs-e.bi_valid,e.bi_valid+=r-cs):(e.bi_buf|=t<>>=1,r<<=1}while(--t>0);return r>>>1}function Is(e,t,r){const i=Array(os+1);let n,a,s=0;for(n=1;n<=os;n++)i[n]=s=s+r[n-1]<<1;for(a=0;a<=t;a++){const t=e[2*a+1];0!==t&&(e[2*a]=Rs(i[t]++,t))}}function Bs(e){let t;for(t=0;t8?Cs(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function zs(e,t,r,i){const n=2*t,a=2*r;return e[n]>1;s>=1;s--)qs(e,r,s);c=a;do{s=e.heap[1],e.heap[1]=e.heap[e.heap_len--],qs(e,r,1),o=e.heap[1],e.heap[--e.heap_max]=s,e.heap[--e.heap_max]=o,r[2*c]=r[2*s]+r[2*o],e.depth[c]=(e.depth[s]>=e.depth[o]?e.depth[s]:e.depth[o])+1,r[2*s+1]=r[2*o+1]=c,e.heap[1]=c++,qs(e,r,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){const r=t.dyn_tree,i=t.max_code,n=t.stat_desc.static_tree,a=t.stat_desc.has_stree,s=t.stat_desc.extra_bits,o=t.stat_desc.extra_base,c=t.stat_desc.max_length;let u,h,d,f,l,p,y=0;for(f=0;f<=os;f++)e.bl_count[f]=0;for(r[2*e.heap[e.heap_max]+1]=0,u=e.heap_max+1;uc&&(f=c,y++),r[2*h+1]=f,h>i||(e.bl_count[f]++,l=0,h>=o&&(l=s[h-o]),p=r[2*h],e.opt_len+=p*(f+l),a&&(e.static_len+=p*(n[2*h+1]+l)));if(0!==y){do{for(f=c-1;0===e.bl_count[f];)f--;e.bl_count[f]--,e.bl_count[f+1]+=2,e.bl_count[c]--,y-=2}while(y>0);for(f=c;0!==f;f--)for(h=e.bl_count[f];0!==h;)d=e.heap[--u],d>i||(r[2*d+1]!==f&&(e.opt_len+=(f-r[2*d+1])*r[2*d],r[2*d+1]=f),h--)}}(e,t),Is(r,u,e.bl_count)}function Ls(e,t,r){let i,n,a=-1,s=t[1],o=0,c=7,u=4;for(0===s&&(c=138,u=3),t[2*(r+1)+1]=65535,i=0;i<=r;i++)n=s,s=t[2*(i+1)+1],++o>=7;i=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}function Vs(e,t,r,i){let n,a,s=0;e.level>0?(e.strm.data_type===Za&&(e.strm.data_type=function(e){let t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return Va;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return $a;for(t=32;t=3&&0===e.bl_tree[2*gs[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),n=e.opt_len+3+7>>>3,a=e.static_len+3+7>>>3,a<=n&&(n=a)):n=a=r+5,r+4<=n&&-1!==t?Ws(e,t,r,i):e.strategy===Ga||a===n?(Ds(e,(Ja<<1)+(i?1:0),3),Fs(e,ms,ws)):(Ds(e,(es<<1)+(i?1:0),3),function(e,t,r,i){let n;for(Ds(e,t-257,5),Ds(e,r-1,5),Ds(e,i-4,4),n=0;n>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(_s[r]+rs+1)]++,e.dyn_dtree[2*Ks(t)]++),e.last_lit===e.lit_bufsize-1}function Zs(e,t,r,i){let n=65535&e|0,a=e>>>16&65535|0,s=0;for(;0!==r;){s=r>2e3?2e3:r,r-=s;do{n=n+t[i++]|0,a=a+n|0}while(--s);n%=65521,a%=65521}return n|a<<16|0}const Xs=function(){let e;const t=[];for(let r=0;r<256;r++){e=r;for(let t=0;t<8;t++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();function Ys(e,t,r,i){const n=Xs,a=i+r;e^=-1;for(let r=i;r>>8^n[255&(e^t[r])];return-1^e}var Qs={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"};const Js=9,eo=3,to=258,ro=to+eo+1,io=32,no=42,ao=69,so=73,oo=91,co=103,uo=113,ho=666,fo=1,lo=2,po=3,yo=4,bo=3;function go(e,t){return e.msg=Qs[t],t}function mo(e){return(e<<1)-(e>4?9:0)}function wo(e){let t=e.length;for(;--t>=0;)e[t]=0}function vo(e){const t=e.state;let r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(Ma(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function _o(e,t){Vs(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,vo(e.strm)}function ko(e,t){e.pending_buf[e.pending++]=t}function Ao(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function So(e,t,r,i){let n=e.avail_in;return n>i&&(n=i),0===n?0:(e.avail_in-=n,Ma(t,e.input,e.next_in,n,r),1===e.state.wrap?e.adler=Zs(e.adler,t,n,r):2===e.state.wrap&&(e.adler=Ys(e.adler,t,n,r)),e.next_in+=n,e.total_in+=n,n)}function Eo(e,t){let r,i,n=e.max_chain_length,a=e.strstart,s=e.prev_length,o=e.nice_match;const c=e.strstart>e.w_size-ro?e.strstart-(e.w_size-ro):0,u=e.window,h=e.w_mask,d=e.prev,f=e.strstart+to;let l=u[a+s-1],p=u[a+s];e.prev_length>=e.good_match&&(n>>=2),o>e.lookahead&&(o=e.lookahead);do{if(r=t,u[r+s]===p&&u[r+s-1]===l&&u[r]===u[a]&&u[++r]===u[a+1]){a+=2,r++;do{}while(u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&as){if(e.match_start=t,s=i,i>=o)break;l=u[a+s-1],p=u[a+s]}}}while((t=d[t&h])>c&&0!=--n);return s<=e.lookahead?s:e.lookahead}function Po(e){const t=e.w_size;let r,i,n,a,s;do{if(a=e.window_size-e.lookahead-e.strstart,e.strstart>=t+(t-ro)){Ma(e.window,e.window,t,t,0),e.match_start-=t,e.strstart-=t,e.block_start-=t,i=e.hash_size,r=i;do{n=e.head[--r],e.head[r]=n>=t?n-t:0}while(--i);i=t,r=i;do{n=e.prev[--r],e.prev[r]=n>=t?n-t:0}while(--i);a+=t}if(0===e.strm.avail_in)break;if(i=So(e.strm,e.window,e.strstart+e.lookahead,a),e.lookahead+=i,e.lookahead+e.insert>=eo)for(s=e.strstart-e.insert,e.ins_h=e.window[s],e.ins_h=(e.ins_h<=eo&&(e.ins_h=(e.ins_h<=eo)if(i=$s(e,e.strstart-e.match_start,e.match_length-eo),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=eo){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<=eo&&(e.ins_h=(e.ins_h<4096)&&(e.match_length=eo-1)),e.prev_length>=eo&&e.match_length<=e.prev_length){n=e.strstart+e.lookahead-eo,i=$s(e,e.strstart-1-e.prev_match,e.prev_length-eo),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=n&&(e.ins_h=(e.ins_h<e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(Po(e),0===e.lookahead&&t===Ka)return fo;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;const i=e.block_start+r;if((0===e.strstart||e.strstart>=i)&&(e.lookahead=e.strstart-i,e.strstart=i,_o(e,!1),0===e.strm.avail_out))return fo;if(e.strstart-e.block_start>=e.w_size-ro&&(_o(e,!1),0===e.strm.avail_out))return fo}return e.insert=0,t===Ra?(_o(e,!0),0===e.strm.avail_out?po:yo):(e.strstart>e.block_start&&(_o(e,!1),e.strm.avail_out),fo)})),new Ko(4,4,8,4,xo),new Ko(4,5,16,8,xo),new Ko(4,6,32,32,xo),new Ko(4,4,16,16,Mo),new Ko(8,16,32,32,Mo),new Ko(8,16,128,128,Mo),new Ko(8,32,128,256,Mo),new Ko(32,128,258,1024,Mo),new Ko(32,258,258,4096,Mo)];class Do{constructor(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=Xa,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new Ea(1146),this.dyn_dtree=new Ea(122),this.bl_tree=new Ea(78),wo(this.dyn_ltree),wo(this.dyn_dtree),wo(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new Ea(16),this.heap=new Ea(573),wo(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new Ea(573),wo(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}}function Uo(e){const t=function(e){let t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=Za,t=e.state,t.pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?no:uo,e.adler=2===t.wrap?0:1,t.last_flush=Ka,Hs(t),Ta):go(e,Fa)}(e);return t===Ta&&function(e){e.window_size=2*e.w_size,wo(e.head),e.max_lazy_match=Co[e.level].max_lazy,e.good_match=Co[e.level].good_length,e.nice_match=Co[e.level].nice_length,e.max_chain_length=Co[e.level].max_chain,e.strstart=0,e.block_start=0,e.lookahead=0,e.insert=0,e.match_length=e.prev_length=eo-1,e.match_available=0,e.ins_h=0}(e.state),t}function Ro(e,t){let r,i,n,a;if(!e||!e.state||t>Ia||t<0)return e?go(e,Fa):Fa;if(i=e.state,!e.output||!e.input&&0!==e.avail_in||i.status===ho&&t!==Ra)return go(e,0===e.avail_out?La:Fa);if(i.strm=e,r=i.last_flush,i.last_flush=t,i.status===no)if(2===i.wrap)e.adler=0,ko(i,31),ko(i,139),ko(i,8),i.gzhead?(ko(i,(i.gzhead.text?1:0)+(i.gzhead.hcrc?2:0)+(i.gzhead.extra?4:0)+(i.gzhead.name?8:0)+(i.gzhead.comment?16:0)),ko(i,255&i.gzhead.time),ko(i,i.gzhead.time>>8&255),ko(i,i.gzhead.time>>16&255),ko(i,i.gzhead.time>>24&255),ko(i,9===i.level?2:i.strategy>=Ha||i.level<2?4:0),ko(i,255&i.gzhead.os),i.gzhead.extra&&i.gzhead.extra.length&&(ko(i,255&i.gzhead.extra.length),ko(i,i.gzhead.extra.length>>8&255)),i.gzhead.hcrc&&(e.adler=Ys(e.adler,i.pending_buf,i.pending,0)),i.gzindex=0,i.status=ao):(ko(i,0),ko(i,0),ko(i,0),ko(i,0),ko(i,0),ko(i,9===i.level?2:i.strategy>=Ha||i.level<2?4:0),ko(i,bo),i.status=uo);else{let t=Xa+(i.w_bits-8<<4)<<8,r=-1;r=i.strategy>=Ha||i.level<2?0:i.level<6?1:6===i.level?2:3,t|=r<<6,0!==i.strstart&&(t|=io),t+=31-t%31,i.status=uo,Ao(i,t),0!==i.strstart&&(Ao(i,e.adler>>>16),Ao(i,65535&e.adler)),e.adler=1}if(i.status===ao)if(i.gzhead.extra){for(n=i.pending;i.gzindex<(65535&i.gzhead.extra.length)&&(i.pending!==i.pending_buf_size||(i.gzhead.hcrc&&i.pending>n&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),vo(e),n=i.pending,i.pending!==i.pending_buf_size));)ko(i,255&i.gzhead.extra[i.gzindex]),i.gzindex++;i.gzhead.hcrc&&i.pending>n&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),i.gzindex===i.gzhead.extra.length&&(i.gzindex=0,i.status=so)}else i.status=so;if(i.status===so)if(i.gzhead.name){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),vo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.gzindex=0,i.status=oo)}else i.status=oo;if(i.status===oo)if(i.gzhead.comment){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),vo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=Ys(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.status=co)}else i.status=co;if(i.status===co&&(i.gzhead.hcrc?(i.pending+2>i.pending_buf_size&&vo(e),i.pending+2<=i.pending_buf_size&&(ko(i,255&e.adler),ko(i,e.adler>>8&255),e.adler=0,i.status=uo)):i.status=uo),0!==i.pending){if(vo(e),0===e.avail_out)return i.last_flush=-1,Ta}else if(0===e.avail_in&&mo(t)<=mo(r)&&t!==Ra)return go(e,La);if(i.status===ho&&0!==e.avail_in)return go(e,La);if(0!==e.avail_in||0!==i.lookahead||t!==Ka&&i.status!==ho){var s=i.strategy===Ha?function(e,t){let r;for(;;){if(0===e.lookahead&&(Po(e),0===e.lookahead)){if(t===Ka)return fo;break}if(e.match_length=0,r=$s(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(_o(e,!1),0===e.strm.avail_out))return fo}return e.insert=0,t===Ra?(_o(e,!0),0===e.strm.avail_out?po:yo):e.last_lit&&(_o(e,!1),0===e.strm.avail_out)?fo:lo}(i,t):i.strategy===Wa?function(e,t){let r,i,n,a;const s=e.window;for(;;){if(e.lookahead<=to){if(Po(e),e.lookahead<=to&&t===Ka)return fo;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=eo&&e.strstart>0&&(n=e.strstart-1,i=s[n],i===s[++n]&&i===s[++n]&&i===s[++n])){a=e.strstart+to;do{}while(i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&ne.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=eo?(r=$s(e,1,e.match_length-eo),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=$s(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(_o(e,!1),0===e.strm.avail_out))return fo}return e.insert=0,t===Ra?(_o(e,!0),0===e.strm.avail_out?po:yo):e.last_lit&&(_o(e,!1),0===e.strm.avail_out)?fo:lo}(i,t):Co[i.level].func(i,t);if(s!==po&&s!==yo||(i.status=ho),s===fo||s===po)return 0===e.avail_out&&(i.last_flush=-1),Ta;if(s===lo&&(t===Ca?Gs(i):t!==Ia&&(Ws(i,0,0,!1),t===Ua&&(wo(i.head),0===i.lookahead&&(i.strstart=0,i.block_start=0,i.insert=0))),vo(e),0===e.avail_out))return i.last_flush=-1,Ta}return t!==Ra?Ta:i.wrap<=0?za:(2===i.wrap?(ko(i,255&e.adler),ko(i,e.adler>>8&255),ko(i,e.adler>>16&255),ko(i,e.adler>>24&255),ko(i,255&e.total_in),ko(i,e.total_in>>8&255),ko(i,e.total_in>>16&255),ko(i,e.total_in>>24&255)):(Ao(i,e.adler>>>16),Ao(i,65535&e.adler)),vo(e),i.wrap>0&&(i.wrap=-i.wrap),0!==i.pending?Ta:za)}try{String.fromCharCode.call(null,0)}catch(e){}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){}const Io=new Sa(256);for(let e=0;e<256;e++)Io[e]=e>=252?6:e>=248?5:e>=240?4:e>=224?3:e>=192?2:1;function Bo(e){let t,r,i,n,a=0;const s=e.length;for(i=0;i>>6,o[n++]=128|63&t):t<65536?(o[n++]=224|t>>>12,o[n++]=128|t>>>6&63,o[n++]=128|63&t):(o[n++]=240|t>>>18,o[n++]=128|t>>>12&63,o[n++]=128|t>>>6&63,o[n++]=128|63&t);return o}Io[254]=Io[254]=1;class To{constructor(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}}class zo{constructor(e){this.options={level:Na,method:Xa,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,...e||{}};const t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new To,this.strm.avail_out=0;var r,i,n=function(e,t,r,i,n,a){if(!e)return Fa;let s=1;if(t===Na&&(t=6),i<0?(s=0,i=-i):i>15&&(s=2,i-=16),n<1||n>Js||r!==Xa||i<8||i>15||t<0||t>9||a<0||a>Ga)return go(e,Fa);8===i&&(i=9);const o=new Do;return e.state=o,o.strm=e,o.wrap=s,o.gzhead=null,o.w_bits=i,o.w_size=1<=r.w_size&&(0===a&&(wo(r.head),r.strstart=0,r.block_start=0,r.insert=0),u=new Sa(r.w_size),Ma(u,t,h-r.w_size,r.w_size,0),t=u,h=r.w_size),s=e.avail_in,o=e.next_in,c=e.input,e.avail_in=h,e.next_in=0,e.input=t,Po(r);r.lookahead>=eo;){i=r.strstart,n=r.lookahead-(eo-1);do{r.ins_h=(r.ins_h<0||0===r.avail_out)&&n!==za);return a===Ra?(n=function(e){let t;return e&&e.state?(t=e.state.status,t!==no&&t!==ao&&t!==so&&t!==oo&&t!==co&&t!==uo&&t!==ho?go(e,Fa):(e.state=null,t===uo?go(e,Oa):Ta)):Fa}(this.strm),this.onEnd(n),this.ended=!0,n===Ta):a!==Da||(this.onEnd(Ta),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ta&&(this.result=xa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}const qo=30,Fo=12;function Oo(e,t){let r,i,n,a,s,o,c,u,h,d;const f=e.state;r=e.next_in;const l=e.input,p=r+(e.avail_in-5);i=e.next_out;const y=e.output,b=i-(t-e.avail_out),g=i+(e.avail_out-257),m=f.dmax,w=f.wsize,v=f.whave,_=f.wnext,k=f.window;n=f.hold,a=f.bits;const A=f.lencode,S=f.distcode,E=(1<>>24,n>>>=o,a-=o,o=s>>>16&255,0===o)y[i++]=65535&s;else{if(!(16&o)){if(0==(64&o)){s=A[(65535&s)+(n&(1<>>=o,a-=o),a<15&&(n+=l[r++]<>>24,n>>>=o,a-=o,o=s>>>16&255,!(16&o)){if(0==(64&o)){s=S[(65535&s)+(n&(1<m){e.msg="invalid distance too far back",f.mode=qo;break e}if(n>>>=o,a-=o,o=i-b,u>o){if(o=u-o,o>v&&f.sane){e.msg="invalid distance too far back",f.mode=qo;break e}if(h=0,d=k,0===_){if(h+=w-o,o2;)y[i++]=d[h++],y[i++]=d[h++],y[i++]=d[h++],c-=3;c&&(y[i++]=d[h++],c>1&&(y[i++]=d[h++]))}else{h=i-u;do{y[i++]=y[h++],y[i++]=y[h++],y[i++]=y[h++],c-=3}while(c>2);c&&(y[i++]=y[h++],c>1&&(y[i++]=y[h++]))}break}}break}}while(r>3,r-=c,a-=c<<3,n&=(1<=1&&0===P[g];g--);if(m>g&&(m=g),0===g)return n[a++]=20971520,n[a++]=20971520,o.bits=1,0;for(b=1;b0&&(e===Ho||1!==g))return-1;for(x[1]=0,p=1;pNo||e===Go&&k>jo)return 1;for(;;){M=p-v,s[y]l?(K=D[U+s[y]],C=S[E+s[y]]):(K=96,C=0),u=1<>v)+h]=M<<24|K<<16|C|0}while(0!==h);for(u=1<>=1;if(0!==u?(A&=u-1,A+=u):A=0,y++,0==--P[p]){if(p===g)break;p=t[r+s[y]]}if(p>m&&(A&R)!==d){for(0===v&&(v=m),f+=b,w=p-v,_=1<No||e===Go&&k>jo)return 1;d=A&R,n[d]=m<<24|w<<16|f-a|0}}return 0!==A&&(n[f+A]=p-v<<24|64<<16|0),o.bits=m,0}const Qo=0,Jo=1,ec=2,tc=1,rc=2,ic=3,nc=4,ac=5,sc=6,oc=7,cc=8,uc=9,hc=10,dc=11,fc=12,lc=13,pc=14,yc=15,bc=16,gc=17,mc=18,wc=19,vc=20,_c=21,kc=22,Ac=23,Sc=24,Ec=25,Pc=26,xc=27,Mc=28,Kc=29,Cc=30,Dc=852,Uc=592;function Rc(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}class Ic{constructor(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Ea(320),this.work=new Ea(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}}function Bc(e){let t;return e&&e.state?(t=e.state,t.wsize=0,t.whave=0,t.wnext=0,function(e){let t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=tc,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new Pa(Dc),t.distcode=t.distdyn=new Pa(Uc),t.sane=1,t.back=-1,Ta):Fa}(e)):Fa}function Tc(e,t){let r,i;return e?(i=new Ic,e.state=i,i.window=null,r=function(e,t){let r,i;return e&&e.state?(i=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?Fa:(null!==i.window&&i.wbits!==t&&(i.window=null),i.wrap=r,i.wbits=t,Bc(e))):Fa}(e,t),r!==Ta&&(e.state=null),r):Fa}let zc,qc,Fc=!0;function Oc(e){if(Fc){let t;for(zc=new Pa(512),qc=new Pa(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(Yo(Jo,e.lens,0,288,zc,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;Yo(ec,e.lens,0,32,qc,0,e.work,{bits:5}),Fc=!1}e.lencode=zc,e.lenbits=9,e.distcode=qc,e.distbits=5}function Lc(e,t,r,i){let n;const a=e.state;return null===a.window&&(a.wsize=1<=a.wsize?(Ma(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):(n=a.wsize-a.wnext,n>i&&(n=i),Ma(a.window,t,r-i,n,a.wnext),(i-=n)?(Ma(a.window,t,r-i,i,0),a.wnext=i,a.whave=a.wsize):(a.wnext+=n,a.wnext===a.wsize&&(a.wnext=0),a.whave>>8&255,r.check=Ys(r.check,x,2,0),u=0,h=0,r.mode=rc;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&u)<<8)+(u>>8))%31){e.msg="incorrect header check",r.mode=Cc;break}if((15&u)!==Xa){e.msg="unknown compression method",r.mode=Cc;break}if(u>>>=4,h-=4,k=8+(15&u),0===r.wbits)r.wbits=k;else if(k>r.wbits){e.msg="invalid window size",r.mode=Cc;break}r.dmax=1<>8&1),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=Ys(r.check,x,2,0)),u=0,h=0,r.mode=ic;case ic:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>8&255,x[2]=u>>>16&255,x[3]=u>>>24&255,r.check=Ys(r.check,x,4,0)),u=0,h=0,r.mode=nc;case nc:for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>8),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=Ys(r.check,x,2,0)),u=0,h=0,r.mode=ac;case ac:if(1024&r.flags){for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>>8&255,r.check=Ys(r.check,x,2,0)),u=0,h=0}else r.head&&(r.head.extra=null);r.mode=sc;case sc:if(1024&r.flags&&(l=r.length,l>o&&(l=o),l&&(r.head&&(k=r.head.extra_len-r.length,r.head.extra||(r.head.extra=Array(r.head.extra_len)),Ma(r.head.extra,i,a,l,k)),512&r.flags&&(r.check=Ys(r.check,i,l,a)),o-=l,a+=l,r.length-=l),r.length))break e;r.length=0,r.mode=oc;case oc:if(2048&r.flags){if(0===o)break e;l=0;do{k=i[a+l++],r.head&&k&&r.length<65536&&(r.head.name+=String.fromCharCode(k))}while(k&&l>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=fc;break;case hc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>=7&h,h-=7&h,r.mode=xc;break}for(;h<3;){if(0===o)break e;o--,u+=i[a++]<>>=1,h-=1,3&u){case 0:r.mode=pc;break;case 1:if(Oc(r),r.mode=vc,t===Ba){u>>>=2,h-=2;break e}break;case 2:r.mode=gc;break;case 3:e.msg="invalid block type",r.mode=Cc}u>>>=2,h-=2;break;case pc:for(u>>>=7&h,h-=7&h;h<32;){if(0===o)break e;o--,u+=i[a++]<>>16^65535)){e.msg="invalid stored block lengths",r.mode=Cc;break}if(r.length=65535&u,u=0,h=0,r.mode=yc,t===Ba)break e;case yc:r.mode=bc;case bc:if(l=r.length,l){if(l>o&&(l=o),l>c&&(l=c),0===l)break e;Ma(n,i,a,l,s),o-=l,a+=l,c-=l,s+=l,r.length-=l;break}r.mode=fc;break;case gc:for(;h<14;){if(0===o)break e;o--,u+=i[a++]<>>=5,h-=5,r.ndist=1+(31&u),u>>>=5,h-=5,r.ncode=4+(15&u),u>>>=4,h-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=Cc;break}r.have=0,r.mode=mc;case mc:for(;r.have>>=3,h-=3}for(;r.have<19;)r.lens[M[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,S={bits:r.lenbits},A=Yo(Qo,r.lens,0,19,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid code lengths set",r.mode=Cc;break}r.have=0,r.mode=wc;case wc:for(;r.have>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=b,h-=b,r.lens[r.have++]=m;else{if(16===m){for(E=b+2;h>>=b,h-=b,0===r.have){e.msg="invalid bit length repeat",r.mode=Cc;break}k=r.lens[r.have-1],l=3+(3&u),u>>>=2,h-=2}else if(17===m){for(E=b+3;h>>=b,h-=b,k=0,l=3+(7&u),u>>>=3,h-=3}else{for(E=b+7;h>>=b,h-=b,k=0,l=11+(127&u),u>>>=7,h-=7}if(r.have+l>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=Cc;break}for(;l--;)r.lens[r.have++]=k}}if(r.mode===Cc)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=Cc;break}if(r.lenbits=9,S={bits:r.lenbits},A=Yo(Jo,r.lens,0,r.nlen,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid literal/lengths set",r.mode=Cc;break}if(r.distbits=6,r.distcode=r.distdyn,S={bits:r.distbits},A=Yo(ec,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,S),r.distbits=S.bits,A){e.msg="invalid distances set",r.mode=Cc;break}if(r.mode=vc,t===Ba)break e;case vc:r.mode=_c;case _c:if(o>=6&&c>=258){e.next_out=s,e.avail_out=c,e.next_in=a,e.avail_in=o,r.hold=u,r.bits=h,Oo(e,f),s=e.next_out,n=e.output,c=e.avail_out,a=e.next_in,i=e.input,o=e.avail_in,u=r.hold,h=r.bits,r.mode===fc&&(r.back=-1);break}for(r.back=0;P=r.lencode[u&(1<>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,g=P>>>16&255,m=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,r.length=m,0===g){r.mode=Pc;break}if(32&g){r.back=-1,r.mode=fc;break}if(64&g){e.msg="invalid literal/length code",r.mode=Cc;break}r.extra=15&g,r.mode=kc;case kc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=Ac;case Ac:for(;P=r.distcode[u&(1<>>24,g=P>>>16&255,m=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,g=P>>>16&255,m=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,64&g){e.msg="invalid distance code",r.mode=Cc;break}r.offset=m,r.extra=15&g,r.mode=Sc;case Sc:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=Cc;break}r.mode=Ec;case Ec:if(0===c)break e;if(l=f-c,r.offset>l){if(l=r.offset-l,l>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=Cc;break}l>r.wnext?(l-=r.wnext,p=r.wsize-l):p=r.wnext-l,l>r.length&&(l=r.length),y=r.window}else y=n,p=s-r.offset,l=r.length;l>c&&(l=c),c-=l,r.length-=l;do{n[s++]=y[p++]}while(--l);0===r.length&&(r.mode=_c);break;case Pc:if(0===c)break e;n[s++]=r.length,c--,r.mode=_c;break;case xc:if(r.wrap){for(;h<32;){if(0===o)break e;o--,u|=i[a++]<=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new To,this.strm.avail_out=0;let r=Tc(this.strm,t.windowBits);if(r!==Ta)throw Error(Qs[r]);if(this.header=new Hc,function(e,t){let r;e&&e.state&&(r=e.state,0==(2&r.wrap)||(r.head=t,t.done=!1))}(this.strm,this.header),t.dictionary&&("string"==typeof t.dictionary?t.dictionary=Bo(t.dictionary):t.dictionary instanceof ArrayBuffer&&(t.dictionary=new Uint8Array(t.dictionary)),t.raw&&(r=jc(this.strm,t.dictionary),r!==Ta)))throw Error(Qs[r])}push(e,t){const{strm:r,options:{chunkSize:i,dictionary:n}}=this;let a,s,o=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?Ra:Ka,"string"==typeof e?r.input=function(e){const t=new Sa(e.length);for(let r=0,i=t.length;r0||0===r.avail_out)&&a!==za);return a===za&&(s=Ra),s===Ra?(a=function(e){if(!e||!e.state)return Fa;const t=e.state;return t.window&&(t.window=null),e.state=null,Ta}(this.strm),this.onEnd(a),this.ended=!0,a===Ta):s!==Da||(this.onEnd(Ta),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ta&&(this.result=xa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}var Gc=[0,1,3,7,15,31,63,127,255],Vc=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};Vc.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},Vc.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Gc[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var i=r-e;t|=(this.curByte&Gc[e]<>i,this.bitOffset+=e,e=0}}return t},Vc.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},Vc.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var $c=Vc,Zc=function(){};Zc.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},Zc.prototype.read=function(e,t,r){for(var i=0;i>>0},this.updateCRC=function(t){e=e<<8^Xc[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^Xc[255&(e>>>24^t)]}}),Jc=function(e,t){var r,i=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=i,i},eu={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},tu={};tu[eu.LAST_BLOCK]="Bad file checksum",tu[eu.NOT_BZIP_DATA]="Not bzip data",tu[eu.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",tu[eu.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",tu[eu.DATA_ERROR]="Data error",tu[eu.OUT_OF_MEMORY]="Out of memory",tu[eu.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var ru=function(e,t){var r=tu[e]||"unknown error";t&&(r+=": "+t);var i=new TypeError(r);throw i.errorCode=e,i},iu=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};iu.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Qc,!0):(this.writeCount=-1,!1)},iu.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||ru(eu.NOT_BZIP_DATA,"bad magic");var i=r[3]-48;(i<1||i>9)&&ru(eu.NOT_BZIP_DATA,"level out of range"),this.reader=new $c(e),this.dbufSize=1e5*i,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},iu.prototype._get_next_block=function(){var e,t,r,i=this.reader,n=i.pi();if("177245385090"===n)return!1;"314159265359"!==n&&ru(eu.NOT_BZIP_DATA),this.targetBlockCRC=i.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,i.read(1)&&ru(eu.OBSOLETE_INPUT);var a=i.read(24);a>this.dbufSize&&ru(eu.DATA_ERROR,"initial position out of bounds");var s=i.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(s&1<<15-e){var u=16*e;for(r=i.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=u+t)}var h=i.read(3);(h<2||h>6)&&ru(eu.DATA_ERROR);var d=i.read(15);0===d&&ru(eu.DATA_ERROR);var f=new Uint8Array(256);for(e=0;e=h&&ru(eu.DATA_ERROR);l[e]=Jc(f,t)}var p,y=c+2,b=[];for(t=0;t20)&&ru(eu.DATA_ERROR),i.read(1);)i.read(1)?s--:s++;w[e]=s}for(g=m=w[0],e=1;em?m=w[e]:w[e]=d&&ru(eu.DATA_ERROR),p=b[l[P++]]),e=p.minLen,t=i.read(e);e>p.maxLen&&ru(eu.DATA_ERROR),!(t<=p.limit[e]);e++)t=t<<1|i.read(1);((t-=p.base[e])<0||t>=258)&&ru(eu.DATA_ERROR);var M=p.permute[t];if(0!==M&&1!==M){if(S)for(S=0,E+s>this.dbufSize&&ru(eu.DATA_ERROR),k[A=o[f[0]]]+=s;s--;)x[E++]=A;if(M>c)break;E>=this.dbufSize&&ru(eu.DATA_ERROR),k[A=o[A=Jc(f,e=M-1)]]++,x[E++]=A}else S||(S=1,s=0),s+=0===M?S:2*S,S<<=1}for((a<0||a>=E)&&ru(eu.DATA_ERROR),t=0,e=0;e<256;e++)r=t+k[e],k[e]=t,t=r;for(e=0;e>=8,D=-1),this.writePos=K,this.writeCurrent=C,this.writeCount=E,this.writeRun=D,!0},iu.prototype._read_bunzip=function(e,t){var r,i,n;if(this.writeCount<0)return 0;var a=this.dbuf,s=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var u=this.writeRun;c;){for(c--,i=o,o=255&(s=a[s]),s>>=8,3==u++?(r=o,n=i,o=-1):(r=1,n=o),this.blockCRC.updateCRCRun(n,r);r--;)this.outputStream.writeByte(n),this.nextoutput++;o!=i&&(u=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&ru(eu.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var nu=function(e){if("readByte"in e)return e;var t=new Yc;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},au=function(e){var t=new Yc,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var su=function(e,t,r){for(var i=nu(e),n=au(t),a=new iu(i,n);!("eof"in i)||!i.eof();)if(a._init_block())a._read_bunzip();else{var s=a.reader.read(32)>>>0;if(s!==a.streamCRC&&ru(eu.DATA_ERROR,"Bad stream CRC (got "+a.streamCRC.toString(16)+" expected "+s.toString(16)+")"),!r||!("eof"in i)||i.eof())break;a._start_bunzip(i,n)}if("getBuffer"in n)return n.getBuffer()};class ou{static get tag(){return Z.packet.literalData}constructor(e=new Date){this.format=Z.literal.utf8,this.date=Y.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=Z.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||Y.isStream(this.text))&&(this.text=Y.decodeUTF8(Y.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=Y.canonicalizeEOL(Y.encodeUTF8(this.text))),e?O(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await q(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=Y.decodeUTF8(await e.readBytes(r)),this.date=Y.readDate(await e.readBytes(4));let i=e.remainder();o(i)&&(i=await j(i)),this.setBytes(i,t)}))}writeHeader(){const e=Y.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=Y.writeDate(this.date);return Y.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return Y.concat([e,t])}}const cu=Symbol("verified"),uu=new Set([Z.signatureSubpacket.issuer,Z.signatureSubpacket.issuerFingerprint,Z.signatureSubpacket.embeddedSignature]);class hu{static get tag(){return Z.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.signedHashValue=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ye,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.revoked=null,this[cu]=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version)throw new gn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[t++],this.publicKeyAlgorithm=e[t++],this.hashAlgorithm=e[t++],t+=this.readSubPackets(e.subarray(t,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");this.signatureData=e.subarray(0,t),t+=this.readSubPackets(e.subarray(t,e.length),!1),this.signedHashValue=e.subarray(t,t+2),t+=2,this.params=wa.signature.parseSignatureParams(this.publicKeyAlgorithm,e.subarray(t,e.length))}writeParams(){return this.params instanceof Promise?W((async()=>wa.serializeParams(this.publicKeyAlgorithm,await this.params))):wa.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),e.push(this.writeParams()),Y.concat(e)}async sign(e,t,r=new Date,i=!1){5===e.version?this.version=5:this.version=4;const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];this.created=Y.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID(),n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=Y.concat(n);const a=this.toHash(this.signatureType,t,i),s=await this.hash(this.signatureType,t,a,i);this.signedHashValue=N(F(s),0,2);const o=async()=>wa.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await j(s));Y.isStream(s)?this.params=o():(this.params=await o(),this[cu]=!0)}writeHashedSubPackets(){const e=Z.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(du(e.signatureCreationTime,!0,Y.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(du(e.signatureExpirationTime,!0,Y.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(du(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(du(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(du(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(du(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(du(e.keyExpirationTime,!0,Y.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(du(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=Y.concat([r,this.revocationKeyFingerprint]),t.push(du(e.revocationKey,!1,r))),this.issuerKeyID.isNull()||5===this.issuerKeyVersion||t.push(du(e.issuer,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=Y.encodeUTF8(i);r.push(Y.writeNumber(o.length,2)),r.push(Y.writeNumber(n.length,2)),r.push(o),r.push(n),r=Y.concat(r),t.push(du(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(du(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(du(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.keyServerPreferences)),t.push(du(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(du(e.preferredKeyServer,!1,Y.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(du(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(du(e.policyURI,!1,Y.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.keyFlags)),t.push(du(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(du(e.signersUserID,!1,Y.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=Y.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(du(e.reasonForRevocation,!0,r))),null!==this.features&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.features)),t.push(du(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(Y.stringToUint8Array(this.signatureTargetHash)),r=Y.concat(r),t.push(du(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(du(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=Y.concat(r),t.push(du(e.issuerFingerprint,5===this.version,r))),null!==this.preferredAEADAlgorithms&&(r=Y.stringToUint8Array(Y.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(du(e.preferredAEADAlgorithms,!1,r)));const i=Y.concat(t),n=Y.writeNumber(i.length,2);return Y.concat([n,i])}writeUnhashedSubPackets(){const e=[];this.unhashedSubpackets.forEach((t=>{e.push(dn(t.length)),e.push(t)}));const t=Y.concat(e),r=Y.writeNumber(t.length,2);return Y.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(t||(this.unhashedSubpackets.push(e.subarray(r,e.length)),uu.has(n)))switch(r++,n){case Z.signatureSubpacket.signatureCreationTime:this.created=Y.readDate(e.subarray(r,e.length));break;case Z.signatureSubpacket.signatureExpirationTime:{const t=Y.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case Z.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case Z.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case Z.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case Z.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case Z.signatureSubpacket.keyExpirationTime:{const t=Y.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case Z.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case Z.signatureSubpacket.issuer:this.issuerKeyID.read(e.subarray(r,e.length));break;case Z.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=Y.readNumber(e.subarray(r,r+2));r+=2;const a=Y.readNumber(e.subarray(r,r+2));r+=2;const s=Y.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=Y.decodeUTF8(o));break}case Z.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=Y.decodeUTF8(e.subarray(r,e.length));break;case Z.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case Z.signatureSubpacket.policyURI:this.policyURI=Y.decodeUTF8(e.subarray(r,e.length));break;case Z.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.signersUserID:this.signersUserID=Y.decodeUTF8(e.subarray(r,e.length));break;case Z.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=Y.decodeUTF8(e.subarray(r,e.length));break;case Z.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case Z.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=wa.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=Y.uint8ArrayToString(e.subarray(r,r+t));break}case Z.signatureSubpacket.embeddedSignature:this.embeddedSignature=new hu,this.embeddedSignature.read(e.subarray(r,e.length));break;case Z.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),5===this.issuerKeyVersion?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case Z.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;default:{const e=Error("Unknown signature subpacket type "+n);if(i)throw e;Y.printDebug(e)}}}readSubPackets(e,t=!0,r){const i=Y.readNumber(e.subarray(0,2));let n=2;for(;n<2+i;){const i=hn(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=Z.signature;switch(e){case r.binary:return null!==t.text?Y.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return Y.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return Y.concat([this.toSign(r.key,t),new Uint8Array([i]),Y.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return Y.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return T(F(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==Z.signature.binary&&this.signatureType!==Z.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(Y.writeNumber(r,4)),Y.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return Y.concat([i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){return r||(r=this.toHash(e,t,i)),wa.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=ae){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===Z.signature.binary||t===Z.signature.text;if(!(this[cu]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await j(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[cu]=await wa.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,i,a),!this[cu])throw Error("Signature verification failed")}const o=Y.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+Z.read(Z.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[Z.signature.binary,Z.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+Z.read(Z.hash,this.hashAlgorithm).toUpperCase());if(this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=Y.normalizeDate(e);return null!==t&&!(this.created<=t&&thu.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==Z.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function lu(e,t){if(!t[e]){let t;try{t=Z.read(Z.packet,e)}catch(t){throw new gn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}fu.prototype.hash=hu.prototype.hash,fu.prototype.toHash=hu.prototype.toHash,fu.prototype.toSign=hu.prototype.toSign;class pu extends Array{static async fromBinary(e,t,r=ae){const i=new pu;return await i.read(e,t,r),i}async read(e,t,r=ae){r.additionalAllowedPackets.length&&(t={...t,...Y.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=z(e,(async(e,i)=>{const n=U(i);try{for(;;){await n.ready;if(await bn(e,(async e=>{try{if(e.tag===Z.packet.marker||e.tag===Z.packet.trust)return;const i=lu(e.tag,t);i.packets=new pu,i.fromStream=Y.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){const i=!r.ignoreUnsupportedPackets&&t instanceof gn,a=!(r.ignoreMalformedPackets||t instanceof gn);if(i||a||yn(e.tag))await n.abort(t);else{const t=new mn(e.tag,e.packet);await n.write(t)}Y.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=D(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||yn(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=Y.concat([fn(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>Y.concat([dn(n)].concat(t)))))}else{if(Y.isStream(i)){let t=0;e.push(T(F(i),(e=>{t+=e.length}),(()=>pn(r,t))))}else e.push(pn(r,i.length));e.push(i)}}return Y.concat(e)}filterByTag(...e){const t=new pu,r=e=>t=>e===t;for(let i=0;it.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),Y.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=ae){const t=Z.read(Z.compression,this.algorithm),r=Au[t];if(!r)throw Error(t+" decompression not supported");this.packets=await pu.fromBinary(r(this.compressed),yu,e)}compress(){const e=Z.read(Z.compression,this.algorithm),t=ku[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write(),this.deflateLevel)}}const gu=Y.getNodeZlib();function mu(e){return e}function wu(e,t,r={}){return function(i){return!Y.isStream(i)||o(i)?W((()=>j(i).then((t=>new Promise(((i,n)=>{e(t,r,((e,t)=>{if(e)return n(e);i(t)}))})))))):b(g(i).pipe(t(r)))}}function vu(e,t={}){return function(r){const i=new e(t);return T(r,(e=>{if(e.length)return i.push(e,Da),i.result}),(()=>{if(e===zo)return i.push([],Ra),i.result}))}}function _u(e){return function(t){return W((async()=>e(await j(t))))}}const ku=gu?{zip:/*#__PURE__*/(e,t)=>wu(gu.deflateRaw,gu.createDeflateRaw,{level:t})(e),zlib:/*#__PURE__*/(e,t)=>wu(gu.deflate,gu.createDeflate,{level:t})(e)}:{zip:/*#__PURE__*/(e,t)=>vu(zo,{raw:!0,level:t})(e),zlib:/*#__PURE__*/(e,t)=>vu(zo,{level:t})(e)},Au=gu?{uncompressed:mu,zip:/*#__PURE__*/wu(gu.inflateRaw,gu.createInflateRaw),zlib:/*#__PURE__*/wu(gu.inflate,gu.createInflate),bzip2:/*#__PURE__*/_u(su)}:{uncompressed:mu,zip:/*#__PURE__*/vu(Wc,{raw:!0}),zlib:/*#__PURE__*/vu(Wc),bzip2:/*#__PURE__*/_u(su)},Su=/*#__PURE__*/Y.constructAllowedPackets([ou,bu,fu,hu]);class Eu{static get tag(){return Z.packet.symEncryptedIntegrityProtectedData}constructor(){this.version=1,this.encrypted=null,this.packets=null}async read(e){await q(e,(async e=>{const t=await e.readByte();if(1!==t)throw new gn(`Version ${t} of the SEIP packet is unsupported.`);this.encrypted=e.remainder()}))}write(){return Y.concat([new Uint8Array([1]),this.encrypted])}async encrypt(e,t,r=ae){const{blockSize:i}=wa.getCipher(e);let n=this.packets.write();o(n)&&(n=await j(n));const a=await wa.getPrefixRandom(e),s=new Uint8Array([211,20]),c=Y.concat([a,n,s]),u=await wa.hash.sha1(O(c)),h=Y.concat([c,u]);return this.encrypted=await wa.mode.cfb.encrypt(e,t,h,new Uint8Array(i),r),!0}async decrypt(e,t,r=ae){const{blockSize:i}=wa.getCipher(e);let n=F(this.encrypted);o(n)&&(n=await j(n));const a=await wa.mode.cfb.decrypt(e,t,n,new Uint8Array(i)),s=N(O(a),-20),c=N(a,0,-20),u=Promise.all([j(await wa.hash.sha1(O(c))),j(s)]).then((([e,t])=>{if(!Y.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),h=N(c,i+2);let d=N(h,0,-2);return d=C([d,W((()=>u))]),Y.isStream(n)&&r.allowUnauthenticatedStream||(d=await j(d)),this.packets=await pu.fromBinary(d,Su,r),!0}}const Pu=/*#__PURE__*/Y.constructAllowedPackets([ou,bu,fu,hu]);class xu{static get tag(){return Z.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=Z.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await q(e,(async e=>{const t=await e.readByte();if(1!==t)throw new gn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=wa.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return Y.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=ae){this.packets=await pu.fromBinary(await this.crypt("decrypt",t,F(this.encrypted)),Pu,r)}async encrypt(e,t,r=ae){this.cipherAlgorithm=e;const{ivLength:i}=wa.getAEADMode(this.aeadAlgorithm);this.iv=wa.random.getRandomBytes(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await this.crypt("encrypt",t,n)}async crypt(e,t,r){const i=wa.getAEADMode(this.aeadAlgorithm),n=await i(this.cipherAlgorithm,t),a="decrypt"===e?i.tagLength:0,s="encrypt"===e?i.tagLength:0,o=2**(this.chunkSizeByte+6)+a,c=new ArrayBuffer(21),u=new Uint8Array(c,0,13),h=new Uint8Array(c),d=new DataView(c),f=new Uint8Array(c,5,8);u.set([192|xu.tag,this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte],0);let l=0,p=Promise.resolve(),y=0,b=0;const g=this.iv;return z(r,(async(t,r)=>{if("array"!==Y.isStream(t)){const e=new E({},{highWaterMark:Y.getHardwareConcurrency()*2**(this.chunkSizeByte+6),size:e=>e.length});R(e.readable,r),r=e.writable}const c=D(t),m=U(r);try{for(;;){let t=await c.readBytes(o+a)||new Uint8Array;const r=t.subarray(t.length-a);let w,v;if(t=t.subarray(0,t.length-a),!l||t.length?(c.unshift(r),w=n[e](t,i.getNonce(g,f),u),b+=t.length-a+s):(d.setInt32(17,y),w=n[e](r,i.getNonce(g,f),h),b+=s,v=!0),y+=t.length-a,p=p.then((()=>w)).then((async e=>{await m.ready,await m.write(e),b-=e.length})).catch((e=>m.abort(e))),(v||b>m.desiredSize)&&await p,v){await m.close();break}d.setInt32(9,++l)}}catch(e){await m.abort(e)}}))}}class Mu{static get tag(){return Z.packet.publicKeyEncryptedSessionKey}constructor(){this.version=3,this.publicKeyID=new ye,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}read(e){let t=0;if(this.version=e[t++],3!==this.version)throw new gn(`Version ${this.version} of the PKESK packet is unsupported.`);t+=this.publicKeyID.read(e.subarray(t)),this.publicKeyAlgorithm=e[t++],this.encrypted=wa.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t),this.version),this.publicKeyAlgorithm===Z.publicKey.x25519&&(this.sessionKeyAlgorithm=Z.write(Z.symmetric,this.encrypted.C.algorithm))}write(){const e=[new Uint8Array([this.version]),this.publicKeyID.write(),new Uint8Array([this.publicKeyAlgorithm]),wa.serializeParams(this.publicKeyAlgorithm,this.encrypted)];return Y.concatUint8Array(e)}async encrypt(e){const t=Z.write(Z.publicKey,this.publicKeyAlgorithm),r=Ku(this.version,t,this.sessionKeyAlgorithm,this.sessionKey);this.encrypted=await wa.publicKeyEncrypt(t,this.sessionKeyAlgorithm,e.publicParams,r,e.getFingerprintBytes())}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ku(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=await wa.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,e.getFingerprintBytes(),r),{sessionKey:n,sessionKeyAlgorithm:a}=function(e,t,r,i){switch(t){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.elgamal:case Z.publicKey.ecdh:{const e=r.subarray(0,r.length-2),t=r.subarray(r.length-2),n=Y.writeChecksum(e.subarray(e.length%8)),a=n[0]===t[0]&n[1]===t[1],s={sessionKeyAlgorithm:e[0],sessionKey:e.subarray(1)};if(i){const e=a&s.sessionKeyAlgorithm===i.sessionKeyAlgorithm&s.sessionKey.length===i.sessionKey.length;return{sessionKey:Y.selectUint8Array(e,s.sessionKey,i.sessionKey),sessionKeyAlgorithm:Y.selectUint8(e,s.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(a&&Z.read(Z.symmetric,s.sessionKeyAlgorithm))return s;throw Error("Decryption error")}case Z.publicKey.x25519:return{sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);this.publicKeyAlgorithm!==Z.publicKey.x25519&&(this.sessionKeyAlgorithm=a),this.sessionKey=n}}function Ku(e,t,r,i){switch(t){case Z.publicKey.rsaEncrypt:case Z.publicKey.rsaEncryptSign:case Z.publicKey.elgamal:case Z.publicKey.ecdh:return Y.concatUint8Array([new Uint8Array([r]),i,Y.writeChecksum(i.subarray(i.length%8))]);case Z.publicKey.x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Cu{constructor(e=ae){this.algorithm=Z.hash.sha256,this.type="iterated",this.c=e.s2kIterationCountByte,this.salt=null}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;try{this.type=Z.read(Z.s2k,e[t++])}catch(e){throw new gn("Unknown S2K type.")}switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==Y.uint8ArrayToString(e.subarray(t,t+3)))throw new gn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new gn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new gn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...Y.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([Z.write(Z.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return Y.concatUint8Array(e)}async produceKey(e,t){e=Y.encodeUTF8(e);const r=[];let i=0,n=0;for(;i{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function qu(e,t,r){const{keySize:i}=wa.getCipher(r);return e.produceKey(t,i)}var Fu=nt((function(e){!function(t){function r(e){function t(){return Ae0&&(t.semantic=" "),t}}function b(e,t){return function(){var i,a,o,u,h;for(u=r(),i=s("star"),o=0,h=void 0===t?0:t;null!==(a=e());)o+=1,c(i,a);return o>=h?i:(n(u),null)}}function g(e){return e.charCodeAt(0)>=128}function m(){return o("cr",h("\r")())}function w(){return o("crlf",d(m,k)())}function v(){return o("dquote",h('"')())}function _(){return o("htab",h("\t")())}function k(){return o("lf",h("\n")())}function A(){return o("sp",h(" ")())}function S(){return o("vchar",u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i})))}function E(){return o("wsp",f(A,_)())}function P(){var e=o("quoted-pair",f(d(h("\\"),f(S,E)),ie)());return null===e?null:(e.semantic=e.semantic[1],e)}function x(){return o("fws",f(ae,d(l(d(b(E),p(w))),b(E,1)))())}function M(){return o("ctext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=39||42<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),te)())}function K(){return o("ccontent",f(M,P,C)())}function C(){return o("comment",d(h("("),b(d(l(x),K)),l(x),h(")"))())}function D(){return o("cfws",f(d(b(d(l(x),C),1),l(x)),x)())}function U(){return o("atext",u((function(t){var r="a"<=t&&t<="z"||"A"<=t&&t<="Z"||"0"<=t&&t<="9"||["!","#","$","%","&","'","*","+","-","/","=","?","^","_","`","{","|","}","~"].indexOf(t)>=0;return e.rfc6532&&(r=r||g(t)),r})))}function R(){return o("atom",d(y(l(D)),b(U,1),y(l(D)))())}function I(){var e,t;return null===(e=o("dot-atom-text",b(U,1)()))||null!==(t=b(d(h("."),b(U,1)))())&&c(e,t),e}function B(){return o("dot-atom",d(p(l(D)),I,p(l(D)))())}function T(){return o("qtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33===r||35<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),re)())}function z(){return o("qcontent",f(T,P)())}function q(){return o("quoted-string",d(p(l(D)),p(v),b(d(l(y(x)),z)),l(p(x)),p(v),p(l(D)))())}function F(){return o("word",f(R,q)())}function O(){return o("address",f(L,H)())}function L(){return o("mailbox",f(N,J)())}function N(){return o("name-addr",d(l(W),j)())}function j(){return o("angle-addr",f(d(p(l(D)),h("<"),J,h(">"),p(l(D))),se)())}function H(){return o("group",d(W,h(":"),l($),h(";"),p(l(D)))())}function W(){return o("display-name",(null!==(e=o("phrase",f(ne,b(F,1))()))&&(e.semantic=function(e){return e.replace(/([ \t]|\r\n)+/g," ").replace(/^\s*/,"").replace(/\s*$/,"")}(e.semantic)),e));var e}function G(){return o("mailbox-list",f(d(L,b(d(h(","),L))),ue)())}function V(){return o("address-list",f(d(O,b(d(h(","),O))),he)())}function $(){return o("group-list",f(G,p(D),de)())}function Z(){return o("local-part",f(fe,B,q)())}function X(){return o("dtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=90||94<=r&&r<=126;return e.rfc6532&&(i=i||g(t)),i}))}),pe)())}function Y(){return o("domain-literal",d(p(l(D)),h("["),b(d(l(x),X)),l(x),h("]"),p(l(D)))())}function Q(){return o("domain",(t=f(le,B,Y)(),e.rejectTLD&&t&&t.semantic&&t.semantic.indexOf(".")<0?null:(t&&(t.semantic=t.semantic.replace(/\s+/g,"")),t)));var t}function J(){return o("addr-spec",d(Z,h("@"),Q)())}function ee(){return e.strict?null:o("obs-NO-WS-CTL",u((function(e){var t=e.charCodeAt(0);return 1<=t&&t<=8||11===t||12===t||14<=t&&t<=31||127===t})))}function te(){return e.strict?null:o("obs-ctext",ee())}function re(){return e.strict?null:o("obs-qtext",ee())}function ie(){return e.strict?null:o("obs-qp",d(h("\\"),f(h("\0"),ee,k,m))())}function ne(){return e.strict?null:e.atInDisplayName?o("obs-phrase",d(F,b(f(F,h("."),h("@"),y(D))))()):o("obs-phrase",d(F,b(f(F,h("."),y(D))))())}function ae(){return e.strict?null:o("obs-FWS",b(d(p(l(w)),E),1)())}function se(){return e.strict?null:o("obs-angle-addr",d(p(l(D)),h("<"),oe,J,h(">"),p(l(D)))())}function oe(){return e.strict?null:o("obs-route",d(ce,h(":"))())}function ce(){return e.strict?null:o("obs-domain-list",d(b(f(p(D),h(","))),h("@"),Q,b(d(h(","),p(l(D)),l(d(h("@"),Q)))))())}function ue(){return e.strict?null:o("obs-mbox-list",d(b(d(p(l(D)),h(","))),L,b(d(h(","),l(d(L,p(D))))))())}function he(){return e.strict?null:o("obs-addr-list",d(b(d(p(l(D)),h(","))),O,b(d(h(","),l(d(O,p(D))))))())}function de(){return e.strict?null:o("obs-group-list",d(b(d(p(l(D)),h(",")),1),p(l(D)))())}function fe(){return e.strict?null:o("obs-local-part",d(F,b(d(h("."),F)))())}function le(){return e.strict?null:o("obs-domain",d(R,b(d(h("."),R)))())}function pe(){return e.strict?null:o("obs-dtext",f(ee,P)())}function ye(e,t){var r,i,n;if(null==t)return null;for(i=[t];i.length>0;){if((n=i.pop()).name===e)return n;for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r])}return null}function be(e,t){var r,i,n,a,s;if(null==t)return null;for(i=[t],a=[],s={},r=0;r0;)if((n=i.pop()).name in s)a.push(n);else for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}function ge(t){var r,i,n,a,s;if(null===t)return null;for(r=[],i=be(["group","mailbox"],t),n=0;n1)return null;return t.addresses&&t.addresses[0]}(s):e.simple?s&&s.addresses:s}function me(e){var t,r=ye("display-name",e),i=[],n=be(["mailbox"],e);for(t=0;t0;)for((n=i.pop()).name===e&&a.push(n),r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}("cfws",e),n=be(["comment"],e),a=ye("local-part",r),s=ye("domain",r);return{node:e,parts:{name:t,address:r,local:a,domain:s,comments:i},type:e.name,name:ve(t),address:ve(r),local:ve(a),domain:ve(s),comments:_e(n),groupName:ve(e.groupName)}}function ve(e){return null!=e?e.semantic:null}function _e(e){var t="";if(e)for(var r=0;r`),t.userID=r.join(" "),t}read(e,t=ae){const r=Y.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");try{const{name:e,address:t,comments:i}=Fu.parseOneAddress({input:r,atInDisplayName:!0});this.comment=i.replace(/^\(|\)$/g,""),this.name=e,this.email=t}catch(e){}this.userID=r}write(){return Y.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Lu extends zu{static get tag(){return Z.packet.secretSubkey}constructor(e=new Date,t=ae){super(e,t)}}const Nu=/*#__PURE__*/Y.constructAllowedPackets([hu]);class ju{constructor(e){this.packets=e||new pu}write(){return this.packets.write()}armor(e=ae){return pe(Z.armor.signature,this.write(),void 0,void 0,void 0,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Hu(e,t){const r=new Lu(e.date,t);return r.packets=null,r.algorithm=Z.write(Z.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function Wu(e,t){const r=new zu(e.date,t);return r.packets=null,r.algorithm=Z.write(Z.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Gu(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw Y.wrapError(`Could not find valid ${Z.read(Z.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Vu(e,t,r=new Date){const i=Y.normalizeDate(r);if(null!==i){const r=eh(e,t);return!(e.created<=i&&i0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await Yu(n,null,t,a,r.date,void 0,void 0,void 0,i)}async function Zu(e,t,r=new Date,i={},n){let a=n.preferredHashAlgorithm,s=a;if(e){const t=await e.getPrimaryUser(r,i,n);t.selfCertification.preferredHashAlgorithms&&([s]=t.selfCertification.preferredHashAlgorithms,a=wa.hash.getHashByteLength(a)<=wa.hash.getHashByteLength(s)?s:a)}switch(t.algorithm){case Z.publicKey.ecdsa:case Z.publicKey.eddsaLegacy:case Z.publicKey.ed25519:s=wa.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid)}return wa.hash.getHashByteLength(a)<=wa.hash.getHashByteLength(s)?s:a}async function Xu(e,t=[],r=new Date,i=[],n=ae){const a={symmetric:Z.symmetric.aes128,aead:Z.aead.eax,compression:Z.compression.uncompressed}[e],s={symmetric:n.preferredSymmetricAlgorithm,aead:n.preferredAEADAlgorithm,compression:n.preferredCompressionAlgorithm}[e],o={symmetric:"preferredSymmetricAlgorithms",aead:"preferredAEADAlgorithms",compression:"preferredCompressionAlgorithms"}[e],c=await Promise.all(t.map((async function(e,t){const a=(await e.getPrimaryUser(r,i[t],n)).selfCertification[o];return!!a&&a.indexOf(s)>=0})));return c.every(Boolean)?s:a}async function Yu(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new hu;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Zu(t,r,n,a,c),u.rawNotations=s,await u.sign(r,e,n,o),u}async function Qu(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return Y.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Ju(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{n&&!e.issuerKeyID.equals(n.issuerKeyID)||(await e.verify(a,t,r,o.revocationsExpire?s:null,!1,o),c.push(e.issuerKeyID))}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function eh(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function th(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=Y.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=Z.write(Z.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==Z.curve.ed25519Legacy&&e.curve!==Z.curve.curve25519Legacy||(e.curve=e.sign?Z.curve.ed25519Legacy:Z.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===Z.curve.ed25519Legacy?Z.publicKey.eddsaLegacy:Z.publicKey.ecdsa:e.algorithm=Z.publicKey.ecdh;break;case"rsa":e.algorithm=Z.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function rh(e,t){const r=e.algorithm;return r!==Z.publicKey.rsaEncrypt&&r!==Z.publicKey.elgamal&&r!==Z.publicKey.ecdh&&r!==Z.publicKey.x25519&&(!t.keyFlags||0!=(t.keyFlags[0]&Z.keyFlags.signData))}function ih(e,t){const r=e.algorithm;return r!==Z.publicKey.dsa&&r!==Z.publicKey.rsaSign&&r!==Z.publicKey.ecdsa&&r!==Z.publicKey.eddsaLegacy&&r!==Z.publicKey.ed25519&&(!t.keyFlags||0!=(t.keyFlags[0]&Z.keyFlags.encryptCommunication)||0!=(t.keyFlags[0]&Z.keyFlags.encryptStorage))}function nh(e,t){return!!t.allowInsecureDecryptionWithSigningKeys||(!e.keyFlags||0!=(e.keyFlags[0]&Z.keyFlags.encryptCommunication)||0!=(e.keyFlags[0]&Z.keyFlags.encryptStorage))}function ah(e,t){const r=Z.write(Z.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case Z.publicKey.rsaEncryptSign:case Z.publicKey.rsaSign:case Z.publicKey.rsaEncrypt:if(i.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,Z.signature.certGeneric,s,r,void 0,i)}catch(e){throw Y.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,Z.signature.certGeneric,n,e,void 0,t)}catch(e){throw Y.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await Qu(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,Z.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await Qu(e,this,"otherCertifications",t),await Qu(e,this,"revocationSignatures",t,(function(e){return Ju(i,Z.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Z.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=ae){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new sh(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await Yu(a,null,e,{signatureType:Z.signature.certRevocation,reasonForRevocationFlag:Z.write(Z.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class oh{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new pu;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new oh(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=ae){const n=this.mainKey.keyPacket;return Ju(n,Z.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=ae){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await Gu(this.bindingSignatures,r,Z.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Vu(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=ae){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await Gu(this.bindingSignatures,r,Z.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=eh(this.keyPacket,n),s=n.getExpirationTime();return an.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,Z.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await Qu(e,this,"revocationSignatures",t,(function(e){return Ju(i,Z.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Z.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=ae){const a={key:e,bind:this.keyPacket},s=new oh(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Yu(a,null,e,{signatureType:Z.signature.subkeyRevocation,reasonForRevocationFlag:Z.write(Z.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{oh.prototype[e]=function(){return this.keyPacket[e]()}}));const ch=/*#__PURE__*/Y.constructAllowedPackets([hu]),uh=new Set([Z.packet.publicKey,Z.packet.privateKey]),hh=new Set([Z.packet.publicKey,Z.packet.privateKey,Z.packet.publicSubkey,Z.packet.privateSubkey]);class dh{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof mn){hh.has(s.tag)&&!a&&(a=uh.has(s.tag)?uh:hh);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case Z.packet.publicKey:case Z.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case Z.packet.userID:case Z.packet.userAttribute:r=new sh(s,this),this.users.push(r);break;case Z.packet.publicSubkey:case Z.packet.secretSubkey:r=null,n=new oh(s,this),this.subkeys.push(n);break;case Z.packet.signature:switch(s.signatureType){case Z.signature.certGeneric:case Z.signature.certPersona:case Z.signature.certCasual:case Z.signature.certPositive:if(!r){Y.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case Z.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case Z.signature.key:this.directSignatures.push(s);break;case Z.signature.subkeyBinding:if(!n){Y.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case Z.signature.keyRevocation:this.revocationSignatures.push(s);break;case Z.signature.subkeyRevocation:if(!n){Y.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new pu;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=ae){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Gu(r.bindingSignatures,n,Z.signature.subkeyBinding,e,t,i);if(!rh(r.keyPacket,a))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await Gu([a.embeddedSignature],r.keyPacket,Z.signature.keyBinding,e,t,i),ah(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&rh(n,a.selfCertification))return ah(n,i),this}catch(e){s=e}throw Y.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=ae){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Gu(r.bindingSignatures,n,Z.signature.subkeyBinding,e,t,i);if(ih(r.keyPacket,a))return ah(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&ih(n,a.selfCertification))return ah(n,i),this}catch(e){s=e}throw Y.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=ae){return Ju(this.keyPacket,Z.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=ae){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");const{selfCertification:n}=await this.getPrimaryUser(e,t,r);if(Vu(i,n,e))throw Error("Primary key is expired");const a=await Gu(this.directSignatures,i,Z.signature.key,{key:i},e,r).catch((()=>{}));if(a&&Vu(i,a,e))throw Error("Primary key is expired")}async getExpirationTime(e,t=ae){let r;try{const{selfCertification:i}=await this.getPrimaryUser(null,e,t),n=eh(this.keyPacket,i),a=i.getExpirationTime(),s=await Gu(this.directSignatures,this.keyPacket,Z.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=eh(this.keyPacket,s);r=Math.min(n,a,e)}else r=ne.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Qu(e,i,"revocationSignatures",t,(n=>Ju(i.keyPacket,Z.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await Qu(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=ae){const r={key:this.keyPacket},i=await Gu(this.revocationSignatures,this.keyPacket,Z.signature.keyRevocation,r,e,t),n=new pu;return n.push(i),pe(Z.armor.publicKey,n.write(),null,null,"This is a revocation certificate")}async applyRevocationCertificate(e,t=new Date,r=ae){const i=await le(e,r),n=(await pu.fromBinary(i.data,ch,r)).findPacket(Z.packet.signature);if(!n||n.signatureType!==Z.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,Z.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw Y.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=ae){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=ae){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=ae){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=ae){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{dh.prototype[e]=oh.prototype[e]}));class fh extends dh{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([Z.packet.secretKey,Z.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=ae){return pe(Z.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,e)}}class lh extends fh{constructor(e){if(super(),this.packetListToStructure(e,new Set([Z.packet.publicKey,Z.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new pu,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case Z.packet.secretKey:{const t=Uu.fromSecretKeyPacket(r);e.push(t);break}case Z.packet.secretSubkey:{const t=Bu.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new fh(e)}armor(e=ae){return pe(Z.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,e)}async getDecryptionKeys(e,t=new Date,r={},i=ae){const n=this.keyPacket,a=[];for(let r=0;re.isDecrypted()))}async validate(e=ae){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys(),t=e.map((e=>e.keyPacket.isDummy())).every(Boolean);if(t)throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=Z.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=ae){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await Yu(n,null,this.keyPacket,{signatureType:Z.signature.keyRevocation,reasonForRevocationFlag:Z.write(Z.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...ae,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}const s=Ou.fromObject(t),o={};o.userID=s,o.key=e;const c={};c.signatureType=Z.signature.certGeneric,c.keyFlags=[Z.keyFlags.certifyKeys|Z.keyFlags.signData],c.preferredSymmetricAlgorithms=a([Z.symmetric.aes256,Z.symmetric.aes128,Z.symmetric.aes192],i.preferredSymmetricAlgorithm),i.aeadProtect&&(c.preferredAEADAlgorithms=a([Z.aead.eax,Z.aead.ocb],i.preferredAEADAlgorithm)),c.preferredHashAlgorithms=a([Z.hash.sha256,Z.hash.sha512],i.preferredHashAlgorithm),c.preferredCompressionAlgorithms=a([Z.compression.zlib,Z.compression.zip,Z.compression.uncompressed],i.preferredCompressionAlgorithm),0===n&&(c.isPrimaryUserID=!0),c.features=[0],c.features[0]|=Z.features.modificationDetection,i.aeadProtect&&(c.features[0]|=Z.features.aead),i.v5Keys&&(c.features[0]|=Z.features.v5Keys),r.keyExpirationTime>0&&(c.keyExpirationTime=r.keyExpirationTime,c.keyNeverExpires=!1);return{userIDPacket:s,signaturePacket:await Yu(o,null,e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await $u(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const a={key:e};return n.push(await Yu(a,null,e,{signatureType:Z.signature.keyRevocation,reasonForRevocationFlag:Z.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new lh(n)}const gh=/*#__PURE__*/Y.constructAllowedPackets([ou,bu,xu,Eu,Iu,Mu,Du,fu,hu]),mh=/*#__PURE__*/Y.constructAllowedPackets([Du]),wh=/*#__PURE__*/Y.constructAllowedPackets([hu]);class vh{constructor(e){this.packets=e||new pu}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(Z.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(Z.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(Z.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=ae){const a=r||await this.decryptSessionKeys(e,t,i,n),s=this.packets.filterByTag(Z.packet.symmetricallyEncryptedData,Z.packet.symEncryptedIntegrityProtectedData,Z.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const o=s[0];let c=null;const u=Promise.all(a.map((async({algorithm:e,data:t})=>{if(!Y.isUint8Array(t)||!Y.isString(e))throw Error("Invalid session key for decryption.");try{const r=Z.write(Z.symmetric,e);await o.decrypt(r,t,n)}catch(e){Y.printDebugError(e),c=e}})));if(H(o.encrypted),o.encrypted=null,await u,!o.packets||!o.packets.length)throw c||Error("Decryption failed.");const h=new vh(o.packets);return o.packets=new pu,h}async decryptSessionKeys(e,t,r=new Date,i=ae){let n,a=[];if(t){const e=this.packets.filterByTag(Z.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await pu.fromBinary(e.write(),mh,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){Y.printDebugError(e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(Z.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let s=[Z.symmetric.aes256,Z.symmetric.aes128,Z.symmetric.tripledes,Z.symmetric.cast5];try{const t=await e.getPrimaryUser(r,void 0,i);t.selfCertification.preferredSymmetricAlgorithms&&(s=s.concat(t.selfCertification.preferredSymmetricAlgorithms))}catch(e){}const o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket));await Promise.all(o.map((async function(e){if(!e||e.isDummy())return;if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===Z.publicKey.rsaEncrypt||t.publicKeyAlgorithm===Z.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===Z.publicKey.rsaSign||t.publicKeyAlgorithm===Z.publicKey.elgamal)){const r=t.write();await Promise.all(Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map((async t=>{const i=new Mu;i.read(r);const s={sessionKeyAlgorithm:t,sessionKey:wa.generateSessionKey(t)};try{await i.decrypt(e,s),a.push(i)}catch(e){Y.printDebugError(e),n=e}})))}else try{if(await t.decrypt(e),!s.includes(Z.write(Z.symmetric,t.sessionKeyAlgorithm)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){Y.printDebugError(e),n=e}})))}))),H(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+Y.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:Z.read(Z.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(Z.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(Z.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(Z.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=ae){const n=await Xu("symmetric",e,t,r,i),a=Z.read(Z.symmetric,n),s=i.aeadProtect&&await async function(e,t=new Date,r=[],i=ae){let n=!0;return await Promise.all(e.map((async function(e,a){const s=await e.getPrimaryUser(t,r[a],i);s.selfCertification.features&&s.selfCertification.features[0]&Z.features.aead||(n=!1)}))),n}(e,t,r,i)?Z.read(Z.aead,await Xu("aead",e,t,r,i)):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&e.keyPacket.algorithm===Z.publicKey.x25519&&!Y.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:wa.generateSessionKey(n),algorithm:a,aeadAlgorithm:s}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=ae){if(r){if(!Y.isUint8Array(r.data)||!Y.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await vh.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await vh.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,d=await vh.encryptSessionKey(c,u,h,e,t,i,n,a,s,o);let f;h?(f=new xu,f.aeadAlgorithm=Z.write(Z.aead,h)):f=new Eu,f.packets=this.packets;const l=Z.write(Z.symmetric,u);return await f.encrypt(l,c,o),d.packets.push(f),f.packets=new pu,d}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=ae){const h=new pu,d=Z.write(Z.symmetric,t),f=r&&Z.write(Z.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=new Mu;return n.publicKeyID=a?ye.wildcard():i.getKeyID(),n.publicKeyAlgorithm=i.keyPacket.algorithm,n.sessionKey=e,n.sessionKeyAlgorithm=d,await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new Du(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,d,f,t))));h.push(...a)}return new vh(h)}async sign(e=[],t=null,r=[],i=new Date,n=[],a=[],s=ae){const o=new pu,c=this.packets.findPacket(Z.packet.literalData);if(!c)throw Error("No literal data packet to sign.");let u,h;const d=null===c.text?Z.signature.binary:Z.signature.text;if(t)for(h=t.packets.filterByTag(Z.packet.signature),u=h.length-1;u>=0;u--){const t=h[u],r=new fu;r.signatureType=t.signatureType,r.hashAlgorithm=t.hashAlgorithm,r.publicKeyAlgorithm=t.publicKeyAlgorithm,r.issuerKeyID=t.issuerKeyID,e.length||0!==u||(r.flags=1),o.push(r)}return await Promise.all(Array.from(e).reverse().map((async function(t,a){if(!t.isPrivate())throw Error("Need private key for signing");const o=r[e.length-1-a],c=await t.getSigningKey(o,i,n,s),u=new fu;return u.signatureType=d,u.hashAlgorithm=await Zu(t,c.keyPacket,i,n,s),u.publicKeyAlgorithm=c.keyPacket.algorithm,u.issuerKeyID=c.getKeyID(),a===e.length-1&&(u.flags=1),u}))).then((e=>{e.forEach((e=>o.push(e)))})),o.push(c),o.push(...await _h(c,e,t,r,i,n,a,!1,s)),new vh(o)}compress(e,t=ae){if(e===Z.compression.uncompressed)return this;const r=new bu(t);r.algorithm=e,r.packets=this.packets;const i=new pu;return i.push(r),new vh(i)}async signDetached(e=[],t=null,r=[],i=new Date,n=[],a=[],s=ae){const o=this.packets.findPacket(Z.packet.literalData);if(!o)throw Error("No literal data packet to sign.");return new ju(await _h(o,e,t,r,i,n,a,!0,s))}async verify(e,t=new Date,r=ae){const i=this.unwrapCompressed(),n=i.packets.filterByTag(Z.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");o(i.packets.stream)&&i.packets.push(...await j(i.packets.stream,(e=>e||[])));const a=i.packets.filterByTag(Z.packet.onePassSignature).reverse(),s=i.packets.filterByTag(Z.packet.signature);return a.length&&!s.length&&Y.isStream(i.packets.stream)&&!o(i.packets.stream)?(await Promise.all(a.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=W((async()=>(await e.correspondingSig).signatureData)),e.hashed=j(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=z(i.packets.stream,(async(e,t)=>{const r=D(e),i=U(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await i.abort(e)}})),kh(a,n,e,t,!1,r)):kh(s,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=ae){const n=this.unwrapCompressed().packets.filterByTag(Z.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return kh(e.packets.filterByTag(Z.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(Z.packet.compressedData);return e.length?new vh(e[0].packets):this}async appendSignature(e,t=ae){await this.packets.read(Y.isUint8Array(e)?e:(await le(e)).data,wh,t)}write(){return this.packets.write()}armor(e=ae){return pe(Z.armor.message,this.write(),null,null,null,e)}}async function _h(e,t,r=null,i=[],n=new Date,a=[],s=[],o=!1,c=ae){const u=new pu,h=null===e.text?Z.signature.binary:Z.signature.text;if(await Promise.all(t.map((async(t,r)=>{const u=a[r];if(!t.isPrivate())throw Error("Need private key for signing");const d=await t.getSigningKey(i[r],n,u,c);return Yu(e,t,d.keyPacket,{signatureType:h},n,u,s,o,c)}))).then((e=>{u.push(...e)})),r){const e=r.packets.filterByTag(Z.packet.signature);u.push(...e)}return u}async function kh(e,t,r,i=new Date,n=!1,a=ae){return Promise.all(e.filter((function(e){return["text","binary"].includes(Z.read(Z.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=ae){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof fu?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new pu;return e&&t.push(e),new ju(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}const Ah=/*#__PURE__*/Y.constructAllowedPackets([hu]);class Sh{constructor(e,t){if(this.text=Y.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof ju))throw Error("Invalid signature input");this.signature=t||new ju(new pu)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=null,r=[],i=new Date,n=[],a=[],s=ae){const o=new ou;o.setText(this.text);const c=new ju(await _h(o,e,t,r,i,n,a,!0,s));return new Sh(this.text,c)}verify(e,t=new Date,r=ae){const i=this.signature.packets.filterByTag(Z.packet.signature),n=new ou;return n.setText(this.text),kh(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=ae){let t=this.signature.packets.map((function(e){return Z.read(Z.hash,e.hashAlgorithm).toUpperCase()}));t=t.filter((function(e,t,r){return r.indexOf(e)===t}));const r={hash:t.join(),text:this.text,data:this.signature.packets.write()};return pe(Z.armor.signed,r,void 0,void 0,void 0,e)}}function Eh(e){if(!(e instanceof vh))throw Error("Parameter [message] needs to be of type Message")}function Ph(e){if(!(e instanceof Sh||e instanceof vh))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function xh(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Mh=Object.keys(ae).length;function Kh(e){const t=Object.keys(e);if(t.length!==Mh)for(const e of t)if(void 0===ae[e])throw Error("Unknown config property: "+e)}function Ch(e){return e&&!Y.isArray(e)&&(e=[e]),e}async function Dh(e,t,r="utf8"){const i=Y.isStream(e);return"array"===i?j(e):"node"===t?(e=g(e),"binary"!==r&&e.setEncoding(r),e):"web"===t&&"ponyfill"===i?k(e):e}function Uh(e,t){e.data=z(t.packets.stream,(async(t,r)=>{await R(e.data,r,{preventClose:!0});const i=U(r);try{await j(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function Rh(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const Ih="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol:e=>`Symbol(${e})`;function Bh(){}const Th="undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0;function zh(e){return"object"==typeof e&&null!==e||"function"==typeof e}const qh=Bh,Fh=Promise,Oh=Promise.prototype.then,Lh=Promise.resolve.bind(Fh),Nh=Promise.reject.bind(Fh);function jh(e){return new Fh(e)}function Hh(e){return Lh(e)}function Wh(e){return Nh(e)}function Gh(e,t,r){return Oh.call(e,t,r)}function Vh(e,t,r){Gh(Gh(e,t,r),void 0,qh)}function $h(e,t){Vh(e,t)}function Zh(e,t){Vh(e,void 0,t)}function Xh(e,t,r){return Gh(e,t,r)}function Yh(e){Gh(e,void 0,qh)}const Qh=(()=>{const e=Th&&Th.queueMicrotask;if("function"==typeof e)return e;const t=Hh(void 0);return e=>Gh(t,e)})();function Jh(e,t,r){if("function"!=typeof e)throw new TypeError("Argument is not a function");return Function.prototype.apply.call(e,t,r)}function ed(e,t,r){try{return Hh(Jh(e,t,r))}catch(e){return Wh(e)}}class td{constructor(){this._cursor=0,this._size=0,this._front={_elements:[],_next:void 0},this._back=this._front,this._cursor=0,this._size=0}get length(){return this._size}push(e){const t=this._back;let r=t;16383===t._elements.length&&(r={_elements:[],_next:void 0}),t._elements.push(e),r!==t&&(this._back=r,t._next=r),++this._size}shift(){const e=this._front;let t=e;const r=this._cursor;let i=r+1;const n=e._elements,a=n[r];return 16384===i&&(t=e._next,i=0),--this._size,this._cursor=i,e!==t&&(this._front=t),n[r]=void 0,a}forEach(e){let t=this._cursor,r=this._front,i=r._elements;for(;!(t===i.length&&void 0===r._next||t===i.length&&(r=r._next,i=r._elements,t=0,0===i.length));)e(i[t]),++t}peek(){const e=this._front,t=this._cursor;return e._elements[t]}}function rd(e,t){e._ownerReadableStream=t,t._reader=e,"readable"===t._state?sd(e):"closed"===t._state?function(e){sd(e),ud(e)}(e):od(e,t._storedError)}function id(e,t){return Ll(e._ownerReadableStream,t)}function nd(e){"readable"===e._ownerReadableStream._state?cd(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")):function(e,t){od(e,t)}(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")),e._ownerReadableStream._reader=void 0,e._ownerReadableStream=void 0}function ad(e){return new TypeError("Cannot "+e+" a stream using a released reader")}function sd(e){e._closedPromise=jh(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r}))}function od(e,t){sd(e),cd(e,t)}function cd(e,t){void 0!==e._closedPromise_reject&&(Yh(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}function ud(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}const hd=Ih("[[AbortSteps]]"),dd=Ih("[[ErrorSteps]]"),fd=Ih("[[CancelSteps]]"),ld=Ih("[[PullSteps]]"),pd=Number.isFinite||function(e){return"number"==typeof e&&isFinite(e)},yd=Math.trunc||function(e){return e<0?Math.ceil(e):Math.floor(e)};function bd(e,t){if(void 0!==e&&("object"!=typeof(r=e)&&"function"!=typeof r))throw new TypeError(t+" is not an object.");var r}function gd(e,t){if("function"!=typeof e)throw new TypeError(t+" is not a function.")}function md(e,t){if(!function(e){return"object"==typeof e&&null!==e||"function"==typeof e}(e))throw new TypeError(t+" is not an object.")}function wd(e,t,r){if(void 0===e)throw new TypeError(`Parameter ${t} is required in '${r}'.`)}function vd(e,t,r){if(void 0===e)throw new TypeError(`${t} is required in '${r}'.`)}function _d(e){return Number(e)}function kd(e){return 0===e?0:e}function Ad(e,t){const r=Number.MAX_SAFE_INTEGER;let i=Number(e);if(i=kd(i),!pd(i))throw new TypeError(t+" is not a finite number");if(i=function(e){return kd(yd(e))}(i),i<0||i>r)throw new TypeError(`${t} is outside the accepted range of 0 to ${r}, inclusive`);return pd(i)&&0!==i?i:0}function Sd(e,t){if(!Fl(e))throw new TypeError(t+" is not a ReadableStream.")}function Ed(e){return new Cd(e)}function Pd(e,t){e._reader._readRequests.push(t)}function xd(e,t,r){const i=e._reader._readRequests.shift();r?i._closeSteps():i._chunkSteps(t)}function Md(e){return e._reader._readRequests.length}function Kd(e){const t=e._reader;return void 0!==t&&!!Dd(t)}class Cd{constructor(e){if(wd(e,1,"ReadableStreamDefaultReader"),Sd(e,"First parameter"),Ol(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");rd(this,e),this._readRequests=new td}get closed(){return Dd(this)?this._closedPromise:Wh(Rd("closed"))}cancel(e=undefined){return Dd(this)?void 0===this._ownerReadableStream?Wh(ad("cancel")):id(this,e):Wh(Rd("cancel"))}read(){if(!Dd(this))return Wh(Rd("read"));if(void 0===this._ownerReadableStream)return Wh(ad("read from"));let e,t;const r=jh(((r,i)=>{e=r,t=i}));return Ud(this,{_chunkSteps:t=>e({value:t,done:!1}),_closeSteps:()=>e({value:void 0,done:!0}),_errorSteps:e=>t(e)}),r}releaseLock(){if(!Dd(this))throw Rd("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");nd(this)}}}function Dd(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readRequests")}function Ud(e,t){const r=e._ownerReadableStream;r._disturbed=!0,"closed"===r._state?t._closeSteps():"errored"===r._state?t._errorSteps(r._storedError):r._readableStreamController[ld](t)}function Rd(e){return new TypeError(`ReadableStreamDefaultReader.prototype.${e} can only be used on a ReadableStreamDefaultReader`)}let Id;Object.defineProperties(Cd.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Cd.prototype,Ih.toStringTag,{value:"ReadableStreamDefaultReader",configurable:!0}),"symbol"==typeof Ih.asyncIterator&&(Id={[Ih.asyncIterator](){return this}},Object.defineProperty(Id,Ih.asyncIterator,{enumerable:!1}));class Bd{constructor(e,t){this._ongoingPromise=void 0,this._isFinished=!1,this._reader=e,this._preventCancel=t}next(){const e=()=>this._nextSteps();return this._ongoingPromise=this._ongoingPromise?Xh(this._ongoingPromise,e,e):e(),this._ongoingPromise}return(e){const t=()=>this._returnSteps(e);return this._ongoingPromise?Xh(this._ongoingPromise,t,t):t()}_nextSteps(){if(this._isFinished)return Promise.resolve({value:void 0,done:!0});const e=this._reader;if(void 0===e._ownerReadableStream)return Wh(ad("iterate"));let t,r;const i=jh(((e,i)=>{t=e,r=i}));return Ud(e,{_chunkSteps:e=>{this._ongoingPromise=void 0,Qh((()=>t({value:e,done:!1})))},_closeSteps:()=>{this._ongoingPromise=void 0,this._isFinished=!0,nd(e),t({value:void 0,done:!0})},_errorSteps:t=>{this._ongoingPromise=void 0,this._isFinished=!0,nd(e),r(t)}}),i}_returnSteps(e){if(this._isFinished)return Promise.resolve({value:e,done:!0});this._isFinished=!0;const t=this._reader;if(void 0===t._ownerReadableStream)return Wh(ad("finish iterating"));if(!this._preventCancel){const r=id(t,e);return nd(t),Xh(r,(()=>({value:e,done:!0})))}return nd(t),Hh({value:e,done:!0})}}const Td={next(){return zd(this)?this._asyncIteratorImpl.next():Wh(qd("next"))},return(e){return zd(this)?this._asyncIteratorImpl.return(e):Wh(qd("return"))}};function zd(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_asyncIteratorImpl")}function qd(e){return new TypeError(`ReadableStreamAsyncIterator.${e} can only be used on a ReadableSteamAsyncIterator`)}void 0!==Id&&Object.setPrototypeOf(Td,Id);const Fd=Number.isNaN||function(e){return e!=e};function Od(e){return!!function(e){if("number"!=typeof e)return!1;if(Fd(e))return!1;if(e<0)return!1;return!0}(e)&&e!==1/0}function Ld(e){const t=e._queue.shift();return e._queueTotalSize-=t.size,e._queueTotalSize<0&&(e._queueTotalSize=0),t.value}function Nd(e,t,r){if(!Od(r=Number(r)))throw new RangeError("Size must be a finite, non-NaN, non-negative number.");e._queue.push({value:t,size:r}),e._queueTotalSize+=r}function jd(e){e._queue=new td,e._queueTotalSize=0}function Hd(e){return e.slice()}class Wd{constructor(){throw new TypeError("Illegal constructor")}get view(){if(!$d(this))throw df("view");return this._view}respond(e){if(!$d(this))throw df("respond");if(wd(e,1,"respond"),e=Ad(e,"First parameter"),void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");this._view.buffer,function(e,t){if(t=Number(t),!Od(t))throw new RangeError("bytesWritten must be a finite");af(e,t)}(this._associatedReadableByteStreamController,e)}respondWithNewView(e){if(!$d(this))throw df("respondWithNewView");if(wd(e,1,"respondWithNewView"),!ArrayBuffer.isView(e))throw new TypeError("You can only respond with array buffer views");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");!function(e,t){const r=e._pendingPullIntos.peek();if(r.byteOffset+r.bytesFilled!==t.byteOffset)throw new RangeError("The region specified by view does not match byobRequest");if(r.byteLength!==t.byteLength)throw new RangeError("The buffer of view has different capacity than byobRequest");r.buffer=t.buffer,af(e,t.byteLength)}(this._associatedReadableByteStreamController,e)}}Object.defineProperties(Wd.prototype,{respond:{enumerable:!0},respondWithNewView:{enumerable:!0},view:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Wd.prototype,Ih.toStringTag,{value:"ReadableStreamBYOBRequest",configurable:!0});class Gd{constructor(){throw new TypeError("Illegal constructor")}get byobRequest(){if(!Vd(this))throw ff("byobRequest");if(null===this._byobRequest&&this._pendingPullIntos.length>0){const e=this._pendingPullIntos.peek(),t=new Uint8Array(e.buffer,e.byteOffset+e.bytesFilled,e.byteLength-e.bytesFilled),r=Object.create(Wd.prototype);!function(e,t,r){e._associatedReadableByteStreamController=t,e._view=r}(r,this,t),this._byobRequest=r}return this._byobRequest}get desiredSize(){if(!Vd(this))throw ff("desiredSize");return uf(this)}close(){if(!Vd(this))throw ff("close");if(this._closeRequested)throw new TypeError("The stream has already been closed; do not close it again!");const e=this._controlledReadableByteStream._state;if("readable"!==e)throw new TypeError(`The stream (in ${e} state) is not in the readable state and cannot be closed`);!function(e){const t=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==t._state)return;if(e._queueTotalSize>0)return void(e._closeRequested=!0);if(e._pendingPullIntos.length>0){if(e._pendingPullIntos.peek().bytesFilled>0){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");throw cf(e,t),t}}of(e),Nl(t)}(this)}enqueue(e){if(!Vd(this))throw ff("enqueue");if(wd(e,1,"enqueue"),!ArrayBuffer.isView(e))throw new TypeError("chunk must be an array buffer view");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(this._closeRequested)throw new TypeError("stream is closed or draining");const t=this._controlledReadableByteStream._state;if("readable"!==t)throw new TypeError(`The stream (in ${t} state) is not in the readable state and cannot be enqueued to`);!function(e,t){const r=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==r._state)return;const i=t.buffer,n=t.byteOffset,a=t.byteLength,s=i;if(Kd(r))if(0===Md(r))Qd(e,s,n,a);else{xd(r,new Uint8Array(s,n,a),!1)}else yf(r)?(Qd(e,s,n,a),nf(e)):Qd(e,s,n,a);Zd(e)}(this,e)}error(e=undefined){if(!Vd(this))throw ff("error");cf(this,e)}[fd](e){if(this._pendingPullIntos.length>0){this._pendingPullIntos.peek().bytesFilled=0}jd(this);const t=this._cancelAlgorithm(e);return of(this),t}[ld](e){const t=this._controlledReadableByteStream;if(this._queueTotalSize>0){const t=this._queue.shift();this._queueTotalSize-=t.byteLength,tf(this);const r=new Uint8Array(t.buffer,t.byteOffset,t.byteLength);return void e._chunkSteps(r)}const r=this._autoAllocateChunkSize;if(void 0!==r){let t;try{t=new ArrayBuffer(r)}catch(t){return void e._errorSteps(t)}const i={buffer:t,byteOffset:0,byteLength:r,bytesFilled:0,elementSize:1,viewConstructor:Uint8Array,readerType:"default"};this._pendingPullIntos.push(i)}Pd(t,e),Zd(this)}}function Vd(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableByteStream")}function $d(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_associatedReadableByteStreamController")}function Zd(e){const t=function(e){const t=e._controlledReadableByteStream;if("readable"!==t._state)return!1;if(e._closeRequested)return!1;if(!e._started)return!1;if(Kd(t)&&Md(t)>0)return!0;if(yf(t)&&pf(t)>0)return!0;const r=uf(e);if(r>0)return!0;return!1}(e);if(!t)return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;Vh(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Zd(e))}),(t=>{cf(e,t)}))}function Xd(e,t){let r=!1;"closed"===e._state&&(r=!0);const i=Yd(t);"default"===t.readerType?xd(e,i,r):function(e,t,r){const i=e._reader,n=i._readIntoRequests.shift();r?n._closeSteps(t):n._chunkSteps(t)}(e,i,r)}function Yd(e){const t=e.bytesFilled,r=e.elementSize;return new e.viewConstructor(e.buffer,e.byteOffset,t/r)}function Qd(e,t,r,i){e._queue.push({buffer:t,byteOffset:r,byteLength:i}),e._queueTotalSize+=i}function Jd(e,t){const r=t.elementSize,i=t.bytesFilled-t.bytesFilled%r,n=Math.min(e._queueTotalSize,t.byteLength-t.bytesFilled),a=t.bytesFilled+n,s=a-a%r;let o=n,c=!1;s>i&&(o=s-t.bytesFilled,c=!0);const u=e._queue;for(;o>0;){const r=u.peek(),i=Math.min(o,r.byteLength),n=t.byteOffset+t.bytesFilled;h=t.buffer,d=n,f=r.buffer,l=r.byteOffset,p=i,new Uint8Array(h).set(new Uint8Array(f,l,p),d),r.byteLength===i?u.shift():(r.byteOffset+=i,r.byteLength-=i),e._queueTotalSize-=i,ef(e,i,t),o-=i}var h,d,f,l,p;return c}function ef(e,t,r){rf(e),r.bytesFilled+=t}function tf(e){0===e._queueTotalSize&&e._closeRequested?(of(e),Nl(e._controlledReadableByteStream)):Zd(e)}function rf(e){null!==e._byobRequest&&(e._byobRequest._associatedReadableByteStreamController=void 0,e._byobRequest._view=null,e._byobRequest=null)}function nf(e){for(;e._pendingPullIntos.length>0;){if(0===e._queueTotalSize)return;const t=e._pendingPullIntos.peek();Jd(e,t)&&(sf(e),Xd(e._controlledReadableByteStream,t))}}function af(e,t){const r=e._pendingPullIntos.peek();if("closed"===e._controlledReadableByteStream._state){if(0!==t)throw new TypeError("bytesWritten must be 0 when calling respond() on a closed stream");!function(e,t){t.buffer=t.buffer;const r=e._controlledReadableByteStream;if(yf(r))for(;pf(r)>0;)Xd(r,sf(e))}(e,r)}else!function(e,t,r){if(r.bytesFilled+t>r.byteLength)throw new RangeError("bytesWritten out of range");if(ef(e,t,r),r.bytesFilled0){const t=r.byteOffset+r.bytesFilled,n=r.buffer.slice(t-i,t);Qd(e,n,0,n.byteLength)}r.buffer=r.buffer,r.bytesFilled-=i,Xd(e._controlledReadableByteStream,r),nf(e)}(e,t,r);Zd(e)}function sf(e){const t=e._pendingPullIntos.shift();return rf(e),t}function of(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0}function cf(e,t){const r=e._controlledReadableByteStream;"readable"===r._state&&(!function(e){rf(e),e._pendingPullIntos=new td}(e),jd(e),of(e),jl(r,t))}function uf(e){const t=e._controlledReadableByteStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function hf(e,t,r){const i=Object.create(Gd.prototype);let n=()=>{},a=()=>Hh(void 0),s=()=>Hh(void 0);void 0!==t.start&&(n=()=>t.start(i)),void 0!==t.pull&&(a=()=>t.pull(i)),void 0!==t.cancel&&(s=e=>t.cancel(e));const o=t.autoAllocateChunkSize;if(0===o)throw new TypeError("autoAllocateChunkSize must be greater than 0");!function(e,t,r,i,n,a,s){t._controlledReadableByteStream=e,t._pullAgain=!1,t._pulling=!1,t._byobRequest=null,t._queue=t._queueTotalSize=void 0,jd(t),t._closeRequested=!1,t._started=!1,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,t._autoAllocateChunkSize=s,t._pendingPullIntos=new td,e._readableStreamController=t,Vh(Hh(r()),(()=>{t._started=!0,Zd(t)}),(e=>{cf(t,e)}))}(e,i,n,a,s,r,o)}function df(e){return new TypeError(`ReadableStreamBYOBRequest.prototype.${e} can only be used on a ReadableStreamBYOBRequest`)}function ff(e){return new TypeError(`ReadableByteStreamController.prototype.${e} can only be used on a ReadableByteStreamController`)}function lf(e,t){e._reader._readIntoRequests.push(t)}function pf(e){return e._reader._readIntoRequests.length}function yf(e){const t=e._reader;return void 0!==t&&!!gf(t)}Object.defineProperties(Gd.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},byobRequest:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Gd.prototype,Ih.toStringTag,{value:"ReadableByteStreamController",configurable:!0});class bf{constructor(e){if(wd(e,1,"ReadableStreamBYOBReader"),Sd(e,"First parameter"),Ol(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");if(!Vd(e._readableStreamController))throw new TypeError("Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte source");rd(this,e),this._readIntoRequests=new td}get closed(){return gf(this)?this._closedPromise:Wh(mf("closed"))}cancel(e=undefined){return gf(this)?void 0===this._ownerReadableStream?Wh(ad("cancel")):id(this,e):Wh(mf("cancel"))}read(e){if(!gf(this))return Wh(mf("read"));if(!ArrayBuffer.isView(e))return Wh(new TypeError("view must be an array buffer view"));if(0===e.byteLength)return Wh(new TypeError("view must have non-zero byteLength"));if(0===e.buffer.byteLength)return Wh(new TypeError("view's buffer must have non-zero byteLength"));if(void 0===this._ownerReadableStream)return Wh(ad("read from"));let t,r;const i=jh(((e,i)=>{t=e,r=i}));return function(e,t,r){const i=e._ownerReadableStream;i._disturbed=!0,"errored"===i._state?r._errorSteps(i._storedError):function(e,t,r){const i=e._controlledReadableByteStream;let n=1;t.constructor!==DataView&&(n=t.constructor.BYTES_PER_ELEMENT);const a=t.constructor,s={buffer:t.buffer,byteOffset:t.byteOffset,byteLength:t.byteLength,bytesFilled:0,elementSize:n,viewConstructor:a,readerType:"byob"};if(e._pendingPullIntos.length>0)return e._pendingPullIntos.push(s),void lf(i,r);if("closed"!==i._state){if(e._queueTotalSize>0){if(Jd(e,s)){const t=Yd(s);return tf(e),void r._chunkSteps(t)}if(e._closeRequested){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");return cf(e,t),void r._errorSteps(t)}}e._pendingPullIntos.push(s),lf(i,r),Zd(e)}else{const e=new a(s.buffer,s.byteOffset,0);r._closeSteps(e)}}(i._readableStreamController,t,r)}(this,e,{_chunkSteps:e=>t({value:e,done:!1}),_closeSteps:e=>t({value:e,done:!0}),_errorSteps:e=>r(e)}),i}releaseLock(){if(!gf(this))throw mf("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readIntoRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");nd(this)}}}function gf(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readIntoRequests")}function mf(e){return new TypeError(`ReadableStreamBYOBReader.prototype.${e} can only be used on a ReadableStreamBYOBReader`)}function wf(e,t){const{highWaterMark:r}=e;if(void 0===r)return t;if(Fd(r)||r<0)throw new RangeError("Invalid highWaterMark");return r}function vf(e){const{size:t}=e;return t||(()=>1)}function _f(e,t){bd(e,t);const r=null==e?void 0:e.highWaterMark,i=null==e?void 0:e.size;return{highWaterMark:void 0===r?void 0:_d(r),size:void 0===i?void 0:kf(i,t+" has member 'size' that")}}function kf(e,t){return gd(e,t),t=>_d(e(t))}function Af(e,t,r){return gd(e,r),r=>ed(e,t,[r])}function Sf(e,t,r){return gd(e,r),()=>ed(e,t,[])}function Ef(e,t,r){return gd(e,r),r=>Jh(e,t,[r])}function Pf(e,t,r){return gd(e,r),(r,i)=>ed(e,t,[r,i])}function xf(e,t){if(!Df(e))throw new TypeError(t+" is not a WritableStream.")}Object.defineProperties(bf.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(bf.prototype,Ih.toStringTag,{value:"ReadableStreamBYOBReader",configurable:!0});class Mf{constructor(e={},t={}){void 0===e?e=null:md(e,"First parameter");const r=_f(t,"Second parameter"),i=function(e,t){bd(e,t);const r=null==e?void 0:e.abort,i=null==e?void 0:e.close,n=null==e?void 0:e.start,a=null==e?void 0:e.type,s=null==e?void 0:e.write;return{abort:void 0===r?void 0:Af(r,e,t+" has member 'abort' that"),close:void 0===i?void 0:Sf(i,e,t+" has member 'close' that"),start:void 0===n?void 0:Ef(n,e,t+" has member 'start' that"),write:void 0===s?void 0:Pf(s,e,t+" has member 'write' that"),type:a}}(e,"First parameter");Cf(this);if(void 0!==i.type)throw new RangeError("Invalid type is specified");const n=vf(r);!function(e,t,r,i){const n=Object.create(Zf.prototype);let a=()=>{},s=()=>Hh(void 0),o=()=>Hh(void 0),c=()=>Hh(void 0);void 0!==t.start&&(a=()=>t.start(n));void 0!==t.write&&(s=e=>t.write(e,n));void 0!==t.close&&(o=()=>t.close());void 0!==t.abort&&(c=e=>t.abort(e));Xf(e,n,a,s,o,c,r,i)}(this,i,wf(r,1),n)}get locked(){if(!Df(this))throw il("locked");return Uf(this)}abort(e=undefined){return Df(this)?Uf(this)?Wh(new TypeError("Cannot abort a stream that already has a writer")):Rf(this,e):Wh(il("abort"))}close(){return Df(this)?Uf(this)?Wh(new TypeError("Cannot close a stream that already has a writer")):qf(this)?Wh(new TypeError("Cannot close an already-closing stream")):If(this):Wh(il("close"))}getWriter(){if(!Df(this))throw il("getWriter");return Kf(this)}}function Kf(e){return new Lf(e)}function Cf(e){e._state="writable",e._storedError=void 0,e._writer=void 0,e._writableStreamController=void 0,e._writeRequests=new td,e._inFlightWriteRequest=void 0,e._closeRequest=void 0,e._inFlightCloseRequest=void 0,e._pendingAbortRequest=void 0,e._backpressure=!1}function Df(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_writableStreamController")}function Uf(e){return void 0!==e._writer}function Rf(e,t){const r=e._state;if("closed"===r||"errored"===r)return Hh(void 0);if(void 0!==e._pendingAbortRequest)return e._pendingAbortRequest._promise;let i=!1;"erroring"===r&&(i=!0,t=void 0);const n=jh(((r,n)=>{e._pendingAbortRequest={_promise:void 0,_resolve:r,_reject:n,_reason:t,_wasAlreadyErroring:i}}));return e._pendingAbortRequest._promise=n,i||Tf(e,t),n}function If(e){const t=e._state;if("closed"===t||"errored"===t)return Wh(new TypeError(`The stream (in ${t} state) is not in the writable state and cannot be closed`));const r=jh(((t,r)=>{const i={_resolve:t,_reject:r};e._closeRequest=i})),i=e._writer;var n;return void 0!==i&&e._backpressure&&"writable"===t&&pl(i),Nd(n=e._writableStreamController,$f,0),Jf(n),r}function Bf(e,t){"writable"!==e._state?zf(e):Tf(e,t)}function Tf(e,t){const r=e._writableStreamController;e._state="erroring",e._storedError=t;const i=e._writer;void 0!==i&&Wf(i,t),!function(e){if(void 0===e._inFlightWriteRequest&&void 0===e._inFlightCloseRequest)return!1;return!0}(e)&&r._started&&zf(e)}function zf(e){e._state="errored",e._writableStreamController[dd]();const t=e._storedError;if(e._writeRequests.forEach((e=>{e._reject(t)})),e._writeRequests=new td,void 0===e._pendingAbortRequest)return void Ff(e);const r=e._pendingAbortRequest;if(e._pendingAbortRequest=void 0,r._wasAlreadyErroring)return r._reject(t),void Ff(e);Vh(e._writableStreamController[hd](r._reason),(()=>{r._resolve(),Ff(e)}),(t=>{r._reject(t),Ff(e)}))}function qf(e){return void 0!==e._closeRequest||void 0!==e._inFlightCloseRequest}function Ff(e){void 0!==e._closeRequest&&(e._closeRequest._reject(e._storedError),e._closeRequest=void 0);const t=e._writer;void 0!==t&&cl(t,e._storedError)}function Of(e,t){const r=e._writer;void 0!==r&&t!==e._backpressure&&(t?function(e){hl(e)}(r):pl(r)),e._backpressure=t}Object.defineProperties(Mf.prototype,{abort:{enumerable:!0},close:{enumerable:!0},getWriter:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Mf.prototype,Ih.toStringTag,{value:"WritableStream",configurable:!0});class Lf{constructor(e){if(wd(e,1,"WritableStreamDefaultWriter"),xf(e,"First parameter"),Uf(e))throw new TypeError("This stream has already been locked for exclusive writing by another writer");this._ownerWritableStream=e,e._writer=this;const t=e._state;if("writable"===t)!qf(e)&&e._backpressure?hl(this):fl(this),sl(this);else if("erroring"===t)dl(this,e._storedError),sl(this);else if("closed"===t)fl(this),sl(r=this),ul(r);else{const t=e._storedError;dl(this,t),ol(this,t)}var r}get closed(){return Nf(this)?this._closedPromise:Wh(nl("closed"))}get desiredSize(){if(!Nf(this))throw nl("desiredSize");if(void 0===this._ownerWritableStream)throw al("desiredSize");return function(e){const t=e._ownerWritableStream,r=t._state;if("errored"===r||"erroring"===r)return null;if("closed"===r)return 0;return Qf(t._writableStreamController)}(this)}get ready(){return Nf(this)?this._readyPromise:Wh(nl("ready"))}abort(e=undefined){return Nf(this)?void 0===this._ownerWritableStream?Wh(al("abort")):function(e,t){const r=e._ownerWritableStream;return Rf(r,t)}(this,e):Wh(nl("abort"))}close(){if(!Nf(this))return Wh(nl("close"));const e=this._ownerWritableStream;return void 0===e?Wh(al("close")):qf(e)?Wh(new TypeError("Cannot close an already-closing stream")):jf(this)}releaseLock(){if(!Nf(this))throw nl("releaseLock");void 0!==this._ownerWritableStream&&Gf(this)}write(e=undefined){return Nf(this)?void 0===this._ownerWritableStream?Wh(al("write to")):Vf(this,e):Wh(nl("write"))}}function Nf(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_ownerWritableStream")}function jf(e){return If(e._ownerWritableStream)}function Hf(e,t){"pending"===e._closedPromiseState?cl(e,t):function(e,t){ol(e,t)}(e,t)}function Wf(e,t){"pending"===e._readyPromiseState?ll(e,t):function(e,t){dl(e,t)}(e,t)}function Gf(e){const t=e._ownerWritableStream,r=new TypeError("Writer was released and can no longer be used to monitor the stream's closedness");Wf(e,r),Hf(e,r),t._writer=void 0,e._ownerWritableStream=void 0}function Vf(e,t){const r=e._ownerWritableStream,i=r._writableStreamController,n=function(e,t){try{return e._strategySizeAlgorithm(t)}catch(t){return el(e,t),1}}(i,t);if(r!==e._ownerWritableStream)return Wh(al("write to"));const a=r._state;if("errored"===a)return Wh(r._storedError);if(qf(r)||"closed"===a)return Wh(new TypeError("The stream is closing or closed and cannot be written to"));if("erroring"===a)return Wh(r._storedError);const s=function(e){return jh(((t,r)=>{const i={_resolve:t,_reject:r};e._writeRequests.push(i)}))}(r);return function(e,t,r){try{Nd(e,t,r)}catch(t){return void el(e,t)}const i=e._controlledWritableStream;if(!qf(i)&&"writable"===i._state){Of(i,tl(e))}Jf(e)}(i,t,n),s}Object.defineProperties(Lf.prototype,{abort:{enumerable:!0},close:{enumerable:!0},releaseLock:{enumerable:!0},write:{enumerable:!0},closed:{enumerable:!0},desiredSize:{enumerable:!0},ready:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Lf.prototype,Ih.toStringTag,{value:"WritableStreamDefaultWriter",configurable:!0});const $f={};class Zf{constructor(){throw new TypeError("Illegal constructor")}error(e=undefined){if(!function(e){if(!zh(e))return!1;if(!Object.prototype.hasOwnProperty.call(e,"_controlledWritableStream"))return!1;return!0}(this))throw new TypeError("WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController");"writable"===this._controlledWritableStream._state&&rl(this,e)}[hd](e){const t=this._abortAlgorithm(e);return Yf(this),t}[dd](){jd(this)}}function Xf(e,t,r,i,n,a,s,o){t._controlledWritableStream=e,e._writableStreamController=t,t._queue=void 0,t._queueTotalSize=void 0,jd(t),t._started=!1,t._strategySizeAlgorithm=o,t._strategyHWM=s,t._writeAlgorithm=i,t._closeAlgorithm=n,t._abortAlgorithm=a;const c=tl(t);Of(e,c);Vh(Hh(r()),(()=>{t._started=!0,Jf(t)}),(r=>{t._started=!0,Bf(e,r)}))}function Yf(e){e._writeAlgorithm=void 0,e._closeAlgorithm=void 0,e._abortAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function Qf(e){return e._strategyHWM-e._queueTotalSize}function Jf(e){const t=e._controlledWritableStream;if(!e._started)return;if(void 0!==t._inFlightWriteRequest)return;if("erroring"===t._state)return void zf(t);if(0===e._queue.length)return;const r=e._queue.peek().value;r===$f?function(e){const t=e._controlledWritableStream;(function(e){e._inFlightCloseRequest=e._closeRequest,e._closeRequest=void 0})(t),Ld(e);const r=e._closeAlgorithm();Yf(e),Vh(r,(()=>{!function(e){e._inFlightCloseRequest._resolve(void 0),e._inFlightCloseRequest=void 0,"erroring"===e._state&&(e._storedError=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._resolve(),e._pendingAbortRequest=void 0)),e._state="closed";const t=e._writer;void 0!==t&&ul(t)}(t)}),(e=>{!function(e,t){e._inFlightCloseRequest._reject(t),e._inFlightCloseRequest=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._reject(t),e._pendingAbortRequest=void 0),Bf(e,t)}(t,e)}))}(e):function(e,t){const r=e._controlledWritableStream;!function(e){e._inFlightWriteRequest=e._writeRequests.shift()}(r);const i=e._writeAlgorithm(t);Vh(i,(()=>{!function(e){e._inFlightWriteRequest._resolve(void 0),e._inFlightWriteRequest=void 0}(r);const t=r._state;if(Ld(e),!qf(r)&&"writable"===t){const t=tl(e);Of(r,t)}Jf(e)}),(t=>{"writable"===r._state&&Yf(e),function(e,t){e._inFlightWriteRequest._reject(t),e._inFlightWriteRequest=void 0,Bf(e,t)}(r,t)}))}(e,r)}function el(e,t){"writable"===e._controlledWritableStream._state&&rl(e,t)}function tl(e){return Qf(e)<=0}function rl(e,t){const r=e._controlledWritableStream;Yf(e),Tf(r,t)}function il(e){return new TypeError(`WritableStream.prototype.${e} can only be used on a WritableStream`)}function nl(e){return new TypeError(`WritableStreamDefaultWriter.prototype.${e} can only be used on a WritableStreamDefaultWriter`)}function al(e){return new TypeError("Cannot "+e+" a stream using a released writer")}function sl(e){e._closedPromise=jh(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r,e._closedPromiseState="pending"}))}function ol(e,t){sl(e),cl(e,t)}function cl(e,t){void 0!==e._closedPromise_reject&&(Yh(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="rejected")}function ul(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="resolved")}function hl(e){e._readyPromise=jh(((t,r)=>{e._readyPromise_resolve=t,e._readyPromise_reject=r})),e._readyPromiseState="pending"}function dl(e,t){hl(e),ll(e,t)}function fl(e){hl(e),pl(e)}function ll(e,t){void 0!==e._readyPromise_reject&&(Yh(e._readyPromise),e._readyPromise_reject(t),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="rejected")}function pl(e){void 0!==e._readyPromise_resolve&&(e._readyPromise_resolve(void 0),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="fulfilled")}Object.defineProperties(Zf.prototype,{error:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Zf.prototype,Ih.toStringTag,{value:"WritableStreamDefaultController",configurable:!0});const yl="undefined"!=typeof DOMException?DOMException:void 0;const bl=function(e){if("function"!=typeof e&&"object"!=typeof e)return!1;try{return new e,!0}catch(e){return!1}}(yl)?yl:function(){const e=function(e,t){this.message=e||"",this.name=t||"Error",Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)};return Object.defineProperty(e.prototype=Object.create(Error.prototype),"constructor",{value:e,writable:!0,configurable:!0}),e}();function gl(e,t,r,i,n,a){const s=Ed(e),o=Kf(t);e._disturbed=!0;let c=!1,u=Hh(void 0);return jh(((h,d)=>{let f;if(void 0!==a){if(f=()=>{const r=new bl("Aborted","AbortError"),a=[];i||a.push((()=>"writable"===t._state?Rf(t,r):Hh(void 0))),n||a.push((()=>"readable"===e._state?Ll(e,r):Hh(void 0))),y((()=>Promise.all(a.map((e=>e())))),!0,r)},a.aborted)return void f();a.addEventListener("abort",f)}if(p(e,s._closedPromise,(e=>{i?b(!0,e):y((()=>Rf(t,e)),!0,e)})),p(t,o._closedPromise,(t=>{n?b(!0,t):y((()=>Ll(e,t)),!0,t)})),function(e,t,r){"closed"===e._state?r():$h(t,r)}(e,s._closedPromise,(()=>{r?b():y((()=>function(e){const t=e._ownerWritableStream,r=t._state;return qf(t)||"closed"===r?Hh(void 0):"errored"===r?Wh(t._storedError):jf(e)}(o)))})),qf(t)||"closed"===t._state){const t=new TypeError("the destination writable stream closed before all data could be piped to it");n?b(!0,t):y((()=>Ll(e,t)),!0,t)}function l(){const e=u;return Gh(u,(()=>e!==u?l():void 0))}function p(e,t,r){"errored"===e._state?r(e._storedError):Zh(t,r)}function y(e,r,i){function n(){Vh(e(),(()=>g(r,i)),(e=>g(!0,e)))}c||(c=!0,"writable"!==t._state||qf(t)?n():$h(l(),n))}function b(e,r){c||(c=!0,"writable"!==t._state||qf(t)?g(e,r):$h(l(),(()=>g(e,r))))}function g(e,t){Gf(o),nd(s),void 0!==a&&a.removeEventListener("abort",f),e?d(t):h(void 0)}Yh(jh(((e,t)=>{!function r(i){i?e():Gh(c?Hh(!0):Gh(o._readyPromise,(()=>jh(((e,t)=>{Ud(s,{_chunkSteps:t=>{u=Gh(Vf(o,t),void 0,Bh),e(!1)},_closeSteps:()=>e(!0),_errorSteps:t})})))),r,t)}(!1)})))}))}class ml{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!wl(this))throw Kl("desiredSize");return Pl(this)}close(){if(!wl(this))throw Kl("close");if(!xl(this))throw new TypeError("The stream is not in a state that permits close");Al(this)}enqueue(e=undefined){if(!wl(this))throw Kl("enqueue");if(!xl(this))throw new TypeError("The stream is not in a state that permits enqueue");return Sl(this,e)}error(e=undefined){if(!wl(this))throw Kl("error");El(this,e)}[fd](e){jd(this);const t=this._cancelAlgorithm(e);return kl(this),t}[ld](e){const t=this._controlledReadableStream;if(this._queue.length>0){const r=Ld(this);this._closeRequested&&0===this._queue.length?(kl(this),Nl(t)):vl(this),e._chunkSteps(r)}else Pd(t,e),vl(this)}}function wl(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableStream")}function vl(e){if(!_l(e))return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;Vh(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,vl(e))}),(t=>{El(e,t)}))}function _l(e){const t=e._controlledReadableStream;if(!xl(e))return!1;if(!e._started)return!1;if(Ol(t)&&Md(t)>0)return!0;return Pl(e)>0}function kl(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function Al(e){if(!xl(e))return;const t=e._controlledReadableStream;e._closeRequested=!0,0===e._queue.length&&(kl(e),Nl(t))}function Sl(e,t){if(!xl(e))return;const r=e._controlledReadableStream;if(Ol(r)&&Md(r)>0)xd(r,t,!1);else{let r;try{r=e._strategySizeAlgorithm(t)}catch(t){throw El(e,t),t}try{Nd(e,t,r)}catch(t){throw El(e,t),t}}vl(e)}function El(e,t){const r=e._controlledReadableStream;"readable"===r._state&&(jd(e),kl(e),jl(r,t))}function Pl(e){const t=e._controlledReadableStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function xl(e){const t=e._controlledReadableStream._state;return!e._closeRequested&&"readable"===t}function Ml(e,t,r,i,n,a,s){t._controlledReadableStream=e,t._queue=void 0,t._queueTotalSize=void 0,jd(t),t._started=!1,t._closeRequested=!1,t._pullAgain=!1,t._pulling=!1,t._strategySizeAlgorithm=s,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,e._readableStreamController=t;Vh(Hh(r()),(()=>{t._started=!0,vl(t)}),(e=>{El(t,e)}))}function Kl(e){return new TypeError(`ReadableStreamDefaultController.prototype.${e} can only be used on a ReadableStreamDefaultController`)}function Cl(e,t,r){return gd(e,r),r=>ed(e,t,[r])}function Dl(e,t,r){return gd(e,r),r=>ed(e,t,[r])}function Ul(e,t,r){return gd(e,r),r=>Jh(e,t,[r])}function Rl(e,t){if("bytes"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamType`);return e}function Il(e,t){if("byob"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamReaderMode`);return e}function Bl(e,t){bd(e,t);const r=null==e?void 0:e.preventAbort,i=null==e?void 0:e.preventCancel,n=null==e?void 0:e.preventClose,a=null==e?void 0:e.signal;return void 0!==a&&function(e,t){if(!function(e){if("object"!=typeof e||null===e)return!1;try{return"boolean"==typeof e.aborted}catch(e){return!1}}(e))throw new TypeError(t+" is not an AbortSignal.")}(a,t+" has member 'signal' that"),{preventAbort:!!r,preventCancel:!!i,preventClose:!!n,signal:a}}Object.defineProperties(ml.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(ml.prototype,Ih.toStringTag,{value:"ReadableStreamDefaultController",configurable:!0});class Tl{constructor(e={},t={}){void 0===e?e=null:md(e,"First parameter");const r=_f(t,"Second parameter"),i=function(e,t){bd(e,t);const r=e,i=null==r?void 0:r.autoAllocateChunkSize,n=null==r?void 0:r.cancel,a=null==r?void 0:r.pull,s=null==r?void 0:r.start,o=null==r?void 0:r.type;return{autoAllocateChunkSize:void 0===i?void 0:Ad(i,t+" has member 'autoAllocateChunkSize' that"),cancel:void 0===n?void 0:Cl(n,r,t+" has member 'cancel' that"),pull:void 0===a?void 0:Dl(a,r,t+" has member 'pull' that"),start:void 0===s?void 0:Ul(s,r,t+" has member 'start' that"),type:void 0===o?void 0:Rl(o,t+" has member 'type' that")}}(e,"First parameter");if(ql(this),"bytes"===i.type){if(void 0!==r.size)throw new RangeError("The strategy for a byte stream cannot have a size function");hf(this,i,wf(r,0))}else{const e=vf(r);!function(e,t,r,i){const n=Object.create(ml.prototype);let a=()=>{},s=()=>Hh(void 0),o=()=>Hh(void 0);void 0!==t.start&&(a=()=>t.start(n)),void 0!==t.pull&&(s=()=>t.pull(n)),void 0!==t.cancel&&(o=e=>t.cancel(e)),Ml(e,n,a,s,o,r,i)}(this,i,wf(r,1),e)}}get locked(){if(!Fl(this))throw Hl("locked");return Ol(this)}cancel(e=undefined){return Fl(this)?Ol(this)?Wh(new TypeError("Cannot cancel a stream that already has a reader")):Ll(this,e):Wh(Hl("cancel"))}getReader(e=undefined){if(!Fl(this))throw Hl("getReader");const t=function(e,t){bd(e,t);const r=null==e?void 0:e.mode;return{mode:void 0===r?void 0:Il(r,t+" has member 'mode' that")}}(e,"First parameter");return void 0===t.mode?Ed(this):function(e){return new bf(e)}(this)}pipeThrough(e,t={}){if(!Fl(this))throw Hl("pipeThrough");wd(e,1,"pipeThrough");const r=function(e,t){bd(e,t);const r=null==e?void 0:e.readable;vd(r,"readable","ReadableWritablePair"),Sd(r,t+" has member 'readable' that");const i=null==e?void 0:e.writable;return vd(i,"writable","ReadableWritablePair"),xf(i,t+" has member 'writable' that"),{readable:r,writable:i}}(e,"First parameter"),i=Bl(t,"Second parameter");if(Ol(this))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream");if(Uf(r.writable))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream");return Yh(gl(this,r.writable,i.preventClose,i.preventAbort,i.preventCancel,i.signal)),r.readable}pipeTo(e,t={}){if(!Fl(this))return Wh(Hl("pipeTo"));if(void 0===e)return Wh("Parameter 1 is required in 'pipeTo'.");if(!Df(e))return Wh(new TypeError("ReadableStream.prototype.pipeTo's first argument must be a WritableStream"));let r;try{r=Bl(t,"Second parameter")}catch(e){return Wh(e)}return Ol(this)?Wh(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream")):Uf(e)?Wh(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream")):gl(this,e,r.preventClose,r.preventAbort,r.preventCancel,r.signal)}tee(){if(!Fl(this))throw Hl("tee");const e=function(e,t){const r=Ed(e);let i,n,a,s,o,c=!1,u=!1,h=!1;const d=jh((e=>{o=e}));function f(){return c||(c=!0,Ud(r,{_chunkSteps:e=>{Qh((()=>{c=!1;const t=e,r=e;u||Sl(a._readableStreamController,t),h||Sl(s._readableStreamController,r)}))},_closeSteps:()=>{c=!1,u||Al(a._readableStreamController),h||Al(s._readableStreamController),u&&h||o(void 0)},_errorSteps:()=>{c=!1}})),Hh(void 0)}function l(){}return a=zl(l,f,(function(t){if(u=!0,i=t,h){const t=Hd([i,n]),r=Ll(e,t);o(r)}return d})),s=zl(l,f,(function(t){if(h=!0,n=t,u){const t=Hd([i,n]),r=Ll(e,t);o(r)}return d})),Zh(r._closedPromise,(e=>{El(a._readableStreamController,e),El(s._readableStreamController,e),u&&h||o(void 0)})),[a,s]}(this);return Hd(e)}values(e=undefined){if(!Fl(this))throw Hl("values");return function(e,t){const r=Ed(e),i=new Bd(r,t),n=Object.create(Td);return n._asyncIteratorImpl=i,n}(this,function(e,t){return bd(e,t),{preventCancel:!!(null==e?void 0:e.preventCancel)}}(e,"First parameter").preventCancel)}}function zl(e,t,r,i=1,n=(()=>1)){const a=Object.create(Tl.prototype);ql(a);return Ml(a,Object.create(ml.prototype),e,t,r,i,n),a}function ql(e){e._state="readable",e._reader=void 0,e._storedError=void 0,e._disturbed=!1}function Fl(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readableStreamController")}function Ol(e){return void 0!==e._reader}function Ll(e,t){if(e._disturbed=!0,"closed"===e._state)return Hh(void 0);if("errored"===e._state)return Wh(e._storedError);Nl(e);return Xh(e._readableStreamController[fd](t),Bh)}function Nl(e){e._state="closed";const t=e._reader;void 0!==t&&(ud(t),Dd(t)&&(t._readRequests.forEach((e=>{e._closeSteps()})),t._readRequests=new td))}function jl(e,t){e._state="errored",e._storedError=t;const r=e._reader;void 0!==r&&(cd(r,t),Dd(r)?(r._readRequests.forEach((e=>{e._errorSteps(t)})),r._readRequests=new td):(r._readIntoRequests.forEach((e=>{e._errorSteps(t)})),r._readIntoRequests=new td))}function Hl(e){return new TypeError(`ReadableStream.prototype.${e} can only be used on a ReadableStream`)}function Wl(e,t){bd(e,t);const r=null==e?void 0:e.highWaterMark;return vd(r,"highWaterMark","QueuingStrategyInit"),{highWaterMark:_d(r)}}Object.defineProperties(Tl.prototype,{cancel:{enumerable:!0},getReader:{enumerable:!0},pipeThrough:{enumerable:!0},pipeTo:{enumerable:!0},tee:{enumerable:!0},values:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Tl.prototype,Ih.toStringTag,{value:"ReadableStream",configurable:!0}),"symbol"==typeof Ih.asyncIterator&&Object.defineProperty(Tl.prototype,Ih.asyncIterator,{value:Tl.prototype.values,writable:!0,configurable:!0});const Gl=function(e){return e.byteLength};class Vl{constructor(e){wd(e,1,"ByteLengthQueuingStrategy"),e=Wl(e,"First parameter"),this._byteLengthQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!Zl(this))throw $l("highWaterMark");return this._byteLengthQueuingStrategyHighWaterMark}get size(){if(!Zl(this))throw $l("size");return Gl}}function $l(e){return new TypeError(`ByteLengthQueuingStrategy.prototype.${e} can only be used on a ByteLengthQueuingStrategy`)}function Zl(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_byteLengthQueuingStrategyHighWaterMark")}Object.defineProperties(Vl.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Vl.prototype,Ih.toStringTag,{value:"ByteLengthQueuingStrategy",configurable:!0});const Xl=function(){return 1};class Yl{constructor(e){wd(e,1,"CountQueuingStrategy"),e=Wl(e,"First parameter"),this._countQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!Jl(this))throw Ql("highWaterMark");return this._countQueuingStrategyHighWaterMark}get size(){if(!Jl(this))throw Ql("size");return Xl}}function Ql(e){return new TypeError(`CountQueuingStrategy.prototype.${e} can only be used on a CountQueuingStrategy`)}function Jl(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_countQueuingStrategyHighWaterMark")}function ep(e,t,r){return gd(e,r),r=>ed(e,t,[r])}function tp(e,t,r){return gd(e,r),r=>Jh(e,t,[r])}function rp(e,t,r){return gd(e,r),(r,i)=>ed(e,t,[r,i])}Object.defineProperties(Yl.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(Yl.prototype,Ih.toStringTag,{value:"CountQueuingStrategy",configurable:!0});class ip{constructor(e={},t={},r={}){void 0===e&&(e=null);const i=_f(t,"Second parameter"),n=_f(r,"Third parameter"),a=function(e,t){bd(e,t);const r=null==e?void 0:e.flush,i=null==e?void 0:e.readableType,n=null==e?void 0:e.start,a=null==e?void 0:e.transform,s=null==e?void 0:e.writableType;return{flush:void 0===r?void 0:ep(r,e,t+" has member 'flush' that"),readableType:i,start:void 0===n?void 0:tp(n,e,t+" has member 'start' that"),transform:void 0===a?void 0:rp(a,e,t+" has member 'transform' that"),writableType:s}}(e,"First parameter");if(void 0!==a.readableType)throw new RangeError("Invalid readableType specified");if(void 0!==a.writableType)throw new RangeError("Invalid writableType specified");const s=wf(n,0),o=vf(n),c=wf(i,1),u=vf(i);let h;!function(e,t,r,i,n,a){function s(){return t}function o(t){return function(e,t){const r=e._transformStreamController;if(e._backpressure){return Xh(e._backpressureChangePromise,(()=>{const i=e._writable;if("erroring"===i._state)throw i._storedError;return fp(r,t)}))}return fp(r,t)}(e,t)}function c(t){return function(e,t){return ap(e,t),Hh(void 0)}(e,t)}function u(){return function(e){const t=e._readable,r=e._transformStreamController,i=r._flushAlgorithm();return hp(r),Xh(i,(()=>{if("errored"===t._state)throw t._storedError;Al(t._readableStreamController)}),(r=>{throw ap(e,r),t._storedError}))}(e)}function h(){return function(e){return op(e,!1),e._backpressureChangePromise}(e)}function d(t){return sp(e,t),Hh(void 0)}e._writable=function(e,t,r,i,n=1,a=(()=>1)){const s=Object.create(Mf.prototype);return Cf(s),Xf(s,Object.create(Zf.prototype),e,t,r,i,n,a),s}(s,o,u,c,r,i),e._readable=zl(s,h,d,n,a),e._backpressure=void 0,e._backpressureChangePromise=void 0,e._backpressureChangePromise_resolve=void 0,op(e,!0),e._transformStreamController=void 0}(this,jh((e=>{h=e})),c,u,s,o),function(e,t){const r=Object.create(cp.prototype);let i=e=>{try{return dp(r,e),Hh(void 0)}catch(e){return Wh(e)}},n=()=>Hh(void 0);void 0!==t.transform&&(i=e=>t.transform(e,r));void 0!==t.flush&&(n=()=>t.flush(r));!function(e,t,r,i){t._controlledTransformStream=e,e._transformStreamController=t,t._transformAlgorithm=r,t._flushAlgorithm=i}(e,r,i,n)}(this,a),void 0!==a.start?h(a.start(this._transformStreamController)):h(void 0)}get readable(){if(!np(this))throw pp("readable");return this._readable}get writable(){if(!np(this))throw pp("writable");return this._writable}}function np(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_transformStreamController")}function ap(e,t){El(e._readable._readableStreamController,t),sp(e,t)}function sp(e,t){hp(e._transformStreamController),el(e._writable._writableStreamController,t),e._backpressure&&op(e,!1)}function op(e,t){void 0!==e._backpressureChangePromise&&e._backpressureChangePromise_resolve(),e._backpressureChangePromise=jh((t=>{e._backpressureChangePromise_resolve=t})),e._backpressure=t}Object.defineProperties(ip.prototype,{readable:{enumerable:!0},writable:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(ip.prototype,Ih.toStringTag,{value:"TransformStream",configurable:!0});class cp{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!up(this))throw lp("desiredSize");return Pl(this._controlledTransformStream._readable._readableStreamController)}enqueue(e=undefined){if(!up(this))throw lp("enqueue");dp(this,e)}error(e=undefined){if(!up(this))throw lp("error");var t;t=e,ap(this._controlledTransformStream,t)}terminate(){if(!up(this))throw lp("terminate");!function(e){const t=e._controlledTransformStream,r=t._readable._readableStreamController;Al(r);sp(t,new TypeError("TransformStream terminated"))}(this)}}function up(e){return!!zh(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledTransformStream")}function hp(e){e._transformAlgorithm=void 0,e._flushAlgorithm=void 0}function dp(e,t){const r=e._controlledTransformStream,i=r._readable._readableStreamController;if(!xl(i))throw new TypeError("Readable side is not in a state that permits enqueue");try{Sl(i,t)}catch(e){throw sp(r,e),r._readable._storedError}const n=function(e){return!_l(e)}(i);n!==r._backpressure&&op(r,!0)}function fp(e,t){return Xh(e._transformAlgorithm(t),void 0,(t=>{throw ap(e._controlledTransformStream,t),t}))}function lp(e){return new TypeError(`TransformStreamDefaultController.prototype.${e} can only be used on a TransformStreamDefaultController`)}function pp(e){return new TypeError(`TransformStream.prototype.${e} can only be used on a TransformStream`)}Object.defineProperties(cp.prototype,{enqueue:{enumerable:!0},error:{enumerable:!0},terminate:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof Ih.toStringTag&&Object.defineProperty(cp.prototype,Ih.toStringTag,{value:"TransformStreamDefaultController",configurable:!0});var yp=/*#__PURE__*/Object.freeze({__proto__:null,ByteLengthQueuingStrategy:Vl,CountQueuingStrategy:Yl,ReadableByteStreamController:Gd,ReadableStream:Tl,ReadableStreamBYOBReader:bf,ReadableStreamBYOBRequest:Wd,ReadableStreamDefaultController:ml,ReadableStreamDefaultReader:Cd,TransformStream:ip,TransformStreamDefaultController:cp,WritableStream:Mf,WritableStreamDefaultController:Zf,WritableStreamDefaultWriter:Lf}),bp=function(e,t){return bp=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},bp(e,t)}; -/*! ***************************************************************************** - Copyright (c) Microsoft Corporation. - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. - ***************************************************************************** */function gp(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+t+" is not a constructor or null");function r(){this.constructor=e}bp(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}function mp(e){if(!e)throw new TypeError("Assertion failed")}function wp(){}function vp(e){return"object"==typeof e&&null!==e||"function"==typeof e}function _p(e){if("function"!=typeof e)return!1;var t=!1;try{new e({start:function(){t=!0}})}catch(e){}return t}function kp(e){return!!vp(e)&&"function"==typeof e.getReader}function Ap(e){return!!vp(e)&&"function"==typeof e.getWriter}function Sp(e){return!!vp(e)&&(!!kp(e.readable)&&!!Ap(e.writable))}function Ep(e){try{return e.getReader({mode:"byob"}).releaseLock(),!0}catch(e){return!1}}function Pp(e,t){var r=(void 0===t?{}:t).type;return mp(kp(e)),mp(!1===e.locked),"bytes"===(r=xp(r))?new Dp(e):new Kp(e)}function xp(e){var t=e+"";if("bytes"===t)return t;if(void 0===e)return e;throw new RangeError("Invalid type is specified")}var Mp=function(){function e(e){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=e,this._attachDefaultReader()}return e.prototype.start=function(e){this._readableStreamController=e},e.prototype.cancel=function(e){return mp(void 0!==this._underlyingReader),this._underlyingReader.cancel(e)},e.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var e=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(e)}},e.prototype._attachReader=function(e){var t=this;mp(void 0===this._underlyingReader),this._underlyingReader=e;var r=this._underlyingReader.closed;r&&r.then((function(){return t._finishPendingRead()})).then((function(){e===t._underlyingReader&&t._readableStreamController.close()}),(function(r){e===t._underlyingReader&&t._readableStreamController.error(r)})).catch(wp)},e.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},e.prototype._pullWithDefaultReader=function(){var e=this;this._attachDefaultReader();var t=this._underlyingReader.read().then((function(t){var r=e._readableStreamController;t.done?e._tryClose():r.enqueue(t.value)}));return this._setPendingRead(t),t},e.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(e){}},e.prototype._setPendingRead=function(e){var t,r=this,i=function(){r._pendingRead===t&&(r._pendingRead=void 0)};this._pendingRead=t=e.then(i,i)},e.prototype._finishPendingRead=function(){var e=this;if(this._pendingRead){var t=function(){return e._finishPendingRead()};return this._pendingRead.then(t,t)}},e}(),Kp=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return gp(t,e),t.prototype.pull=function(){return this._pullWithDefaultReader()},t}(Mp);function Cp(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}var Dp=function(e){function t(t){var r=this,i=Ep(t);return(r=e.call(this,t)||this)._supportsByob=i,r}return gp(t,e),Object.defineProperty(t.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),t.prototype._attachByobReader=function(){if("byob"!==this._readerMode){mp(this._supportsByob),this._detachReader();var e=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(e)}},t.prototype.pull=function(){if(this._supportsByob){var e=this._readableStreamController.byobRequest;if(e)return this._pullWithByobRequest(e)}return this._pullWithDefaultReader()},t.prototype._pullWithByobRequest=function(e){var t=this;this._attachByobReader();var r=new Uint8Array(e.view.byteLength),i=this._underlyingReader.read(r).then((function(r){var i,n,a;t._readableStreamController,r.done?(t._tryClose(),e.respond(0)):(i=r.value,n=e.view,a=Cp(i),Cp(n).set(a,0),e.respond(r.value.byteLength))}));return this._setPendingRead(i),i},t}(Mp);function Up(e){mp(Ap(e)),mp(!1===e.locked);var t=e.getWriter();return new Rp(t)}var Rp=function(){function e(e){var t=this;this._writableStreamController=void 0,this._pendingWrite=void 0,this._state="writable",this._storedError=void 0,this._underlyingWriter=e,this._errorPromise=new Promise((function(e,r){t._errorPromiseReject=r})),this._errorPromise.catch(wp)}return e.prototype.start=function(e){var t=this;this._writableStreamController=e,this._underlyingWriter.closed.then((function(){t._state="closed"})).catch((function(e){return t._finishErroring(e)}))},e.prototype.write=function(e){var t=this,r=this._underlyingWriter;if(null===r.desiredSize)return r.ready;var i=r.write(e);i.catch((function(e){return t._finishErroring(e)})),r.ready.catch((function(e){return t._startErroring(e)}));var n=Promise.race([i,this._errorPromise]);return this._setPendingWrite(n),n},e.prototype.close=function(){var e=this;return void 0===this._pendingWrite?this._underlyingWriter.close():this._finishPendingWrite().then((function(){return e.close()}))},e.prototype.abort=function(e){if("errored"!==this._state)return this._underlyingWriter.abort(e)},e.prototype._setPendingWrite=function(e){var t,r=this,i=function(){r._pendingWrite===t&&(r._pendingWrite=void 0)};this._pendingWrite=t=e.then(i,i)},e.prototype._finishPendingWrite=function(){var e=this;if(void 0===this._pendingWrite)return Promise.resolve();var t=function(){return e._finishPendingWrite()};return this._pendingWrite.then(t,t)},e.prototype._startErroring=function(e){var t=this;if("writable"===this._state){this._state="erroring",this._storedError=e;var r=function(){return t._finishErroring(e)};void 0===this._pendingWrite?r():this._finishPendingWrite().then(r,r),this._writableStreamController.error(e)}},e.prototype._finishErroring=function(e){"writable"===this._state&&this._startErroring(e),"erroring"===this._state&&(this._state="errored",this._errorPromiseReject(this._storedError))},e}();function Ip(e){mp(Sp(e));var t=e.readable,r=e.writable;mp(!1===t.locked),mp(!1===r.locked);var i,n=t.getReader();try{i=r.getWriter()}catch(e){throw n.releaseLock(),e}return new Bp(n,i)}var Bp=function(){function e(e,t){var r=this;this._transformStreamController=void 0,this._onRead=function(e){if(!e.done)return r._transformStreamController.enqueue(e.value),r._reader.read().then(r._onRead)},this._onError=function(e){r._flushReject(e),r._transformStreamController.error(e),r._reader.cancel(e).catch(wp),r._writer.abort(e).catch(wp)},this._onTerminate=function(){r._flushResolve(),r._transformStreamController.terminate();var e=new TypeError("TransformStream terminated");r._writer.abort(e).catch(wp)},this._reader=e,this._writer=t,this._flushPromise=new Promise((function(e,t){r._flushResolve=e,r._flushReject=t}))}return e.prototype.start=function(e){this._transformStreamController=e,this._reader.read().then(this._onRead).then(this._onTerminate,this._onError);var t=this._reader.closed;t&&t.then(this._onTerminate,this._onError)},e.prototype.transform=function(e){return this._writer.write(e)},e.prototype.flush=function(){var e=this;return this._writer.close().then((function(){return e._flushPromise}))},e}(),Tp=/*#__PURE__*/Object.freeze({__proto__:null,createReadableStreamWrapper:function(e){mp(function(e){return!!_p(e)&&!!kp(new e)}(e));var t=function(e){try{return new e({type:"bytes"}),!0}catch(e){return!1}}(e);return function(r,i){var n=(void 0===i?{}:i).type;if("bytes"!==(n=xp(n))||t||(n=void 0),r.constructor===e&&("bytes"!==n||Ep(r)))return r;if("bytes"===n){var a=Pp(r,{type:n});return new e(a)}a=Pp(r);return new e(a)}},createTransformStreamWrapper:function(e){return mp(function(e){return!!_p(e)&&!!Sp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=Ip(t);return new e(r)}},createWrappingReadableSource:Pp,createWrappingTransformer:Ip,createWrappingWritableSink:Up,createWritableStreamWrapper:function(e){return mp(function(e){return!!_p(e)&&!!Ap(new e)}(e)),function(t){if(t.constructor===e)return t;var r=Up(t);return new e(r)}}}),zp=nt((function(e){!function(e,t){function r(e,t){if(!e)throw Error(t||"Assertion failed")}function i(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}function n(e,t,r){if(n.isBN(e))return e;this.negative=0,this.words=null,this.length=0,this.red=null,null!==e&&("le"!==t&&"be"!==t||(r=t,t=10),this._init(e||0,t||10,r||"be"))}var a;"object"==typeof e?e.exports=n:t.BN=n,n.BN=n,n.wordSize=26;try{a=void 0}catch(e){}function s(e,t,r){for(var i=0,n=Math.min(e.length,r),a=t;a=49&&s<=54?s-49+10:s>=17&&s<=22?s-17+10:15&s}return i}function o(e,t,r,i){for(var n=0,a=Math.min(e.length,r),s=t;s=49?o-49+10:o>=17?o-17+10:o}return n}n.isBN=function(e){return e instanceof n||null!==e&&"object"==typeof e&&e.constructor.wordSize===n.wordSize&&Array.isArray(e.words)},n.max=function(e,t){return e.cmp(t)>0?e:t},n.min=function(e,t){return e.cmp(t)<0?e:t},n.prototype._init=function(e,t,i){if("number"==typeof e)return this._initNumber(e,t,i);if("object"==typeof e)return this._initArray(e,t,i);"hex"===t&&(t=16),r(t===(0|t)&&t>=2&&t<=36);var n=0;"-"===(e=e.toString().replace(/\s+/g,""))[0]&&n++,16===t?this._parseHex(e,n):this._parseBase(e,t,n),"-"===e[0]&&(this.negative=1),this.strip(),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initNumber=function(e,t,i){e<0&&(this.negative=1,e=-e),e<67108864?(this.words=[67108863&e],this.length=1):e<4503599627370496?(this.words=[67108863&e,e/67108864&67108863],this.length=2):(r(e<9007199254740992),this.words=[67108863&e,e/67108864&67108863,1],this.length=3),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initArray=function(e,t,i){if(r("number"==typeof e.length),e.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(e.length/3),this.words=Array(this.length);for(var n=0;n=0;n-=3)s=e[n]|e[n-1]<<8|e[n-2]<<16,this.words[a]|=s<>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);else if("le"===i)for(n=0,a=0;n>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);return this.strip()},n.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=Array(this.length);for(var r=0;r=t;r-=6)n=s(e,r,r+6),this.words[i]|=n<>>26-a&4194303,(a+=24)>=26&&(a-=26,i++);r+6!==t&&(n=s(e,t,r+6),this.words[i]|=n<>>26-a&4194303),this.strip()},n.prototype._parseBase=function(e,t,r){this.words=[0],this.length=1;for(var i=0,n=1;n<=67108863;n*=t)i++;i--,n=n/t|0;for(var a=e.length-r,s=a%i,c=Math.min(a,a-s)+r,u=0,h=r;h1&&0===this.words[this.length-1];)this.length--;return this._normSign()},n.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},n.prototype.inspect=function(){return(this.red?""};var c=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],u=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],h=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function d(e,t,r){r.negative=t.negative^e.negative;var i=e.length+t.length|0;r.length=i,i=i-1|0;var n=0|e.words[0],a=0|t.words[0],s=n*a,o=67108863&s,c=s/67108864|0;r.words[0]=o;for(var u=1;u>>26,d=67108863&c,f=Math.min(u,t.length-1),l=Math.max(0,u-e.length+1);l<=f;l++){var p=u-l|0;h+=(s=(n=0|e.words[p])*(a=0|t.words[l])+d)/67108864|0,d=67108863&s}r.words[u]=0|d,c=0|h}return 0!==c?r.words[u]=0|c:r.length--,r.strip()}n.prototype.toString=function(e,t){var i;if(t=0|t||1,16===(e=e||10)||"hex"===e){i="";for(var n=0,a=0,s=0;s>>24-n&16777215)||s!==this.length-1?c[6-d.length]+d+i:d+i,(n+=2)>=26&&(n-=26,s--)}for(0!==a&&(i=a.toString(16)+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}if(e===(0|e)&&e>=2&&e<=36){var f=u[e],l=h[e];i="";var p=this.clone();for(p.negative=0;!p.isZero();){var y=p.modn(l).toString(e);i=(p=p.idivn(l)).isZero()?y+i:c[f-y.length]+y+i}for(this.isZero()&&(i="0"+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}r(!1,"Base should be between 2 and 36")},n.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:this.length>2&&r(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-e:e},n.prototype.toJSON=function(){return this.toString(16)},n.prototype.toBuffer=function(e,t){return r(void 0!==a),this.toArrayLike(a,e,t)},n.prototype.toArray=function(e,t){return this.toArrayLike(Array,e,t)},n.prototype.toArrayLike=function(e,t,i){var n=this.byteLength(),a=i||Math.max(1,n);r(n<=a,"byte array longer than desired length"),r(a>0,"Requested array length <= 0"),this.strip();var s,o,c="le"===t,u=new e(a),h=this.clone();if(c){for(o=0;!h.isZero();o++)s=h.andln(255),h.iushrn(8),u[o]=s;for(;o=4096&&(r+=13,t>>>=13),t>=64&&(r+=7,t>>>=7),t>=8&&(r+=4,t>>>=4),t>=2&&(r+=2,t>>>=2),r+t},n.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,r=0;return 0==(8191&t)&&(r+=13,t>>>=13),0==(127&t)&&(r+=7,t>>>=7),0==(15&t)&&(r+=4,t>>>=4),0==(3&t)&&(r+=2,t>>>=2),0==(1&t)&&r++,r},n.prototype.bitLength=function(){var e=this.words[this.length-1],t=this._countBits(e);return 26*(this.length-1)+t},n.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},n.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},n.prototype.iuand=function(e){var t;t=this.length>e.length?e:this;for(var r=0;re.length?this.clone().iand(e):e.clone().iand(this)},n.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},n.prototype.iuxor=function(e){var t,r;this.length>e.length?(t=this,r=e):(t=e,r=this);for(var i=0;ie.length?this.clone().ixor(e):e.clone().ixor(this)},n.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},n.prototype.inotn=function(e){r("number"==typeof e&&e>=0);var t=0|Math.ceil(e/26),i=e%26;this._expand(t),i>0&&t--;for(var n=0;n0&&(this.words[n]=~this.words[n]&67108863>>26-i),this.strip()},n.prototype.notn=function(e){return this.clone().inotn(e)},n.prototype.setn=function(e,t){r("number"==typeof e&&e>=0);var i=e/26|0,n=e%26;return this._expand(i+1),this.words[i]=t?this.words[i]|1<e.length?(r=this,i=e):(r=e,i=this);for(var n=0,a=0;a>>26;for(;0!==n&&a>>26;if(this.length=r.length,0!==n)this.words[this.length]=n,this.length++;else if(r!==this)for(;ae.length?this.clone().iadd(e):e.clone().iadd(this)},n.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var r,i,n=this.cmp(e);if(0===n)return this.negative=0,this.length=1,this.words[0]=0,this;n>0?(r=this,i=e):(r=e,i=this);for(var a=0,s=0;s>26,this.words[s]=67108863&t;for(;0!==a&&s>26,this.words[s]=67108863&t;if(0===a&&s>>13,l=0|s[1],p=8191&l,y=l>>>13,b=0|s[2],g=8191&b,m=b>>>13,w=0|s[3],v=8191&w,_=w>>>13,k=0|s[4],A=8191&k,S=k>>>13,E=0|s[5],P=8191&E,x=E>>>13,M=0|s[6],K=8191&M,C=M>>>13,D=0|s[7],U=8191&D,R=D>>>13,I=0|s[8],B=8191&I,T=I>>>13,z=0|s[9],q=8191&z,F=z>>>13,O=0|o[0],L=8191&O,N=O>>>13,j=0|o[1],H=8191&j,W=j>>>13,G=0|o[2],V=8191&G,$=G>>>13,Z=0|o[3],X=8191&Z,Y=Z>>>13,Q=0|o[4],J=8191&Q,ee=Q>>>13,te=0|o[5],re=8191&te,ie=te>>>13,ne=0|o[6],ae=8191&ne,se=ne>>>13,oe=0|o[7],ce=8191&oe,ue=oe>>>13,he=0|o[8],de=8191&he,fe=he>>>13,le=0|o[9],pe=8191&le,ye=le>>>13;r.negative=e.negative^t.negative,r.length=19;var be=(u+(i=Math.imul(d,L))|0)+((8191&(n=(n=Math.imul(d,N))+Math.imul(f,L)|0))<<13)|0;u=((a=Math.imul(f,N))+(n>>>13)|0)+(be>>>26)|0,be&=67108863,i=Math.imul(p,L),n=(n=Math.imul(p,N))+Math.imul(y,L)|0,a=Math.imul(y,N);var ge=(u+(i=i+Math.imul(d,H)|0)|0)+((8191&(n=(n=n+Math.imul(d,W)|0)+Math.imul(f,H)|0))<<13)|0;u=((a=a+Math.imul(f,W)|0)+(n>>>13)|0)+(ge>>>26)|0,ge&=67108863,i=Math.imul(g,L),n=(n=Math.imul(g,N))+Math.imul(m,L)|0,a=Math.imul(m,N),i=i+Math.imul(p,H)|0,n=(n=n+Math.imul(p,W)|0)+Math.imul(y,H)|0,a=a+Math.imul(y,W)|0;var me=(u+(i=i+Math.imul(d,V)|0)|0)+((8191&(n=(n=n+Math.imul(d,$)|0)+Math.imul(f,V)|0))<<13)|0;u=((a=a+Math.imul(f,$)|0)+(n>>>13)|0)+(me>>>26)|0,me&=67108863,i=Math.imul(v,L),n=(n=Math.imul(v,N))+Math.imul(_,L)|0,a=Math.imul(_,N),i=i+Math.imul(g,H)|0,n=(n=n+Math.imul(g,W)|0)+Math.imul(m,H)|0,a=a+Math.imul(m,W)|0,i=i+Math.imul(p,V)|0,n=(n=n+Math.imul(p,$)|0)+Math.imul(y,V)|0,a=a+Math.imul(y,$)|0;var we=(u+(i=i+Math.imul(d,X)|0)|0)+((8191&(n=(n=n+Math.imul(d,Y)|0)+Math.imul(f,X)|0))<<13)|0;u=((a=a+Math.imul(f,Y)|0)+(n>>>13)|0)+(we>>>26)|0,we&=67108863,i=Math.imul(A,L),n=(n=Math.imul(A,N))+Math.imul(S,L)|0,a=Math.imul(S,N),i=i+Math.imul(v,H)|0,n=(n=n+Math.imul(v,W)|0)+Math.imul(_,H)|0,a=a+Math.imul(_,W)|0,i=i+Math.imul(g,V)|0,n=(n=n+Math.imul(g,$)|0)+Math.imul(m,V)|0,a=a+Math.imul(m,$)|0,i=i+Math.imul(p,X)|0,n=(n=n+Math.imul(p,Y)|0)+Math.imul(y,X)|0,a=a+Math.imul(y,Y)|0;var ve=(u+(i=i+Math.imul(d,J)|0)|0)+((8191&(n=(n=n+Math.imul(d,ee)|0)+Math.imul(f,J)|0))<<13)|0;u=((a=a+Math.imul(f,ee)|0)+(n>>>13)|0)+(ve>>>26)|0,ve&=67108863,i=Math.imul(P,L),n=(n=Math.imul(P,N))+Math.imul(x,L)|0,a=Math.imul(x,N),i=i+Math.imul(A,H)|0,n=(n=n+Math.imul(A,W)|0)+Math.imul(S,H)|0,a=a+Math.imul(S,W)|0,i=i+Math.imul(v,V)|0,n=(n=n+Math.imul(v,$)|0)+Math.imul(_,V)|0,a=a+Math.imul(_,$)|0,i=i+Math.imul(g,X)|0,n=(n=n+Math.imul(g,Y)|0)+Math.imul(m,X)|0,a=a+Math.imul(m,Y)|0,i=i+Math.imul(p,J)|0,n=(n=n+Math.imul(p,ee)|0)+Math.imul(y,J)|0,a=a+Math.imul(y,ee)|0;var _e=(u+(i=i+Math.imul(d,re)|0)|0)+((8191&(n=(n=n+Math.imul(d,ie)|0)+Math.imul(f,re)|0))<<13)|0;u=((a=a+Math.imul(f,ie)|0)+(n>>>13)|0)+(_e>>>26)|0,_e&=67108863,i=Math.imul(K,L),n=(n=Math.imul(K,N))+Math.imul(C,L)|0,a=Math.imul(C,N),i=i+Math.imul(P,H)|0,n=(n=n+Math.imul(P,W)|0)+Math.imul(x,H)|0,a=a+Math.imul(x,W)|0,i=i+Math.imul(A,V)|0,n=(n=n+Math.imul(A,$)|0)+Math.imul(S,V)|0,a=a+Math.imul(S,$)|0,i=i+Math.imul(v,X)|0,n=(n=n+Math.imul(v,Y)|0)+Math.imul(_,X)|0,a=a+Math.imul(_,Y)|0,i=i+Math.imul(g,J)|0,n=(n=n+Math.imul(g,ee)|0)+Math.imul(m,J)|0,a=a+Math.imul(m,ee)|0,i=i+Math.imul(p,re)|0,n=(n=n+Math.imul(p,ie)|0)+Math.imul(y,re)|0,a=a+Math.imul(y,ie)|0;var ke=(u+(i=i+Math.imul(d,ae)|0)|0)+((8191&(n=(n=n+Math.imul(d,se)|0)+Math.imul(f,ae)|0))<<13)|0;u=((a=a+Math.imul(f,se)|0)+(n>>>13)|0)+(ke>>>26)|0,ke&=67108863,i=Math.imul(U,L),n=(n=Math.imul(U,N))+Math.imul(R,L)|0,a=Math.imul(R,N),i=i+Math.imul(K,H)|0,n=(n=n+Math.imul(K,W)|0)+Math.imul(C,H)|0,a=a+Math.imul(C,W)|0,i=i+Math.imul(P,V)|0,n=(n=n+Math.imul(P,$)|0)+Math.imul(x,V)|0,a=a+Math.imul(x,$)|0,i=i+Math.imul(A,X)|0,n=(n=n+Math.imul(A,Y)|0)+Math.imul(S,X)|0,a=a+Math.imul(S,Y)|0,i=i+Math.imul(v,J)|0,n=(n=n+Math.imul(v,ee)|0)+Math.imul(_,J)|0,a=a+Math.imul(_,ee)|0,i=i+Math.imul(g,re)|0,n=(n=n+Math.imul(g,ie)|0)+Math.imul(m,re)|0,a=a+Math.imul(m,ie)|0,i=i+Math.imul(p,ae)|0,n=(n=n+Math.imul(p,se)|0)+Math.imul(y,ae)|0,a=a+Math.imul(y,se)|0;var Ae=(u+(i=i+Math.imul(d,ce)|0)|0)+((8191&(n=(n=n+Math.imul(d,ue)|0)+Math.imul(f,ce)|0))<<13)|0;u=((a=a+Math.imul(f,ue)|0)+(n>>>13)|0)+(Ae>>>26)|0,Ae&=67108863,i=Math.imul(B,L),n=(n=Math.imul(B,N))+Math.imul(T,L)|0,a=Math.imul(T,N),i=i+Math.imul(U,H)|0,n=(n=n+Math.imul(U,W)|0)+Math.imul(R,H)|0,a=a+Math.imul(R,W)|0,i=i+Math.imul(K,V)|0,n=(n=n+Math.imul(K,$)|0)+Math.imul(C,V)|0,a=a+Math.imul(C,$)|0,i=i+Math.imul(P,X)|0,n=(n=n+Math.imul(P,Y)|0)+Math.imul(x,X)|0,a=a+Math.imul(x,Y)|0,i=i+Math.imul(A,J)|0,n=(n=n+Math.imul(A,ee)|0)+Math.imul(S,J)|0,a=a+Math.imul(S,ee)|0,i=i+Math.imul(v,re)|0,n=(n=n+Math.imul(v,ie)|0)+Math.imul(_,re)|0,a=a+Math.imul(_,ie)|0,i=i+Math.imul(g,ae)|0,n=(n=n+Math.imul(g,se)|0)+Math.imul(m,ae)|0,a=a+Math.imul(m,se)|0,i=i+Math.imul(p,ce)|0,n=(n=n+Math.imul(p,ue)|0)+Math.imul(y,ce)|0,a=a+Math.imul(y,ue)|0;var Se=(u+(i=i+Math.imul(d,de)|0)|0)+((8191&(n=(n=n+Math.imul(d,fe)|0)+Math.imul(f,de)|0))<<13)|0;u=((a=a+Math.imul(f,fe)|0)+(n>>>13)|0)+(Se>>>26)|0,Se&=67108863,i=Math.imul(q,L),n=(n=Math.imul(q,N))+Math.imul(F,L)|0,a=Math.imul(F,N),i=i+Math.imul(B,H)|0,n=(n=n+Math.imul(B,W)|0)+Math.imul(T,H)|0,a=a+Math.imul(T,W)|0,i=i+Math.imul(U,V)|0,n=(n=n+Math.imul(U,$)|0)+Math.imul(R,V)|0,a=a+Math.imul(R,$)|0,i=i+Math.imul(K,X)|0,n=(n=n+Math.imul(K,Y)|0)+Math.imul(C,X)|0,a=a+Math.imul(C,Y)|0,i=i+Math.imul(P,J)|0,n=(n=n+Math.imul(P,ee)|0)+Math.imul(x,J)|0,a=a+Math.imul(x,ee)|0,i=i+Math.imul(A,re)|0,n=(n=n+Math.imul(A,ie)|0)+Math.imul(S,re)|0,a=a+Math.imul(S,ie)|0,i=i+Math.imul(v,ae)|0,n=(n=n+Math.imul(v,se)|0)+Math.imul(_,ae)|0,a=a+Math.imul(_,se)|0,i=i+Math.imul(g,ce)|0,n=(n=n+Math.imul(g,ue)|0)+Math.imul(m,ce)|0,a=a+Math.imul(m,ue)|0,i=i+Math.imul(p,de)|0,n=(n=n+Math.imul(p,fe)|0)+Math.imul(y,de)|0,a=a+Math.imul(y,fe)|0;var Ee=(u+(i=i+Math.imul(d,pe)|0)|0)+((8191&(n=(n=n+Math.imul(d,ye)|0)+Math.imul(f,pe)|0))<<13)|0;u=((a=a+Math.imul(f,ye)|0)+(n>>>13)|0)+(Ee>>>26)|0,Ee&=67108863,i=Math.imul(q,H),n=(n=Math.imul(q,W))+Math.imul(F,H)|0,a=Math.imul(F,W),i=i+Math.imul(B,V)|0,n=(n=n+Math.imul(B,$)|0)+Math.imul(T,V)|0,a=a+Math.imul(T,$)|0,i=i+Math.imul(U,X)|0,n=(n=n+Math.imul(U,Y)|0)+Math.imul(R,X)|0,a=a+Math.imul(R,Y)|0,i=i+Math.imul(K,J)|0,n=(n=n+Math.imul(K,ee)|0)+Math.imul(C,J)|0,a=a+Math.imul(C,ee)|0,i=i+Math.imul(P,re)|0,n=(n=n+Math.imul(P,ie)|0)+Math.imul(x,re)|0,a=a+Math.imul(x,ie)|0,i=i+Math.imul(A,ae)|0,n=(n=n+Math.imul(A,se)|0)+Math.imul(S,ae)|0,a=a+Math.imul(S,se)|0,i=i+Math.imul(v,ce)|0,n=(n=n+Math.imul(v,ue)|0)+Math.imul(_,ce)|0,a=a+Math.imul(_,ue)|0,i=i+Math.imul(g,de)|0,n=(n=n+Math.imul(g,fe)|0)+Math.imul(m,de)|0,a=a+Math.imul(m,fe)|0;var Pe=(u+(i=i+Math.imul(p,pe)|0)|0)+((8191&(n=(n=n+Math.imul(p,ye)|0)+Math.imul(y,pe)|0))<<13)|0;u=((a=a+Math.imul(y,ye)|0)+(n>>>13)|0)+(Pe>>>26)|0,Pe&=67108863,i=Math.imul(q,V),n=(n=Math.imul(q,$))+Math.imul(F,V)|0,a=Math.imul(F,$),i=i+Math.imul(B,X)|0,n=(n=n+Math.imul(B,Y)|0)+Math.imul(T,X)|0,a=a+Math.imul(T,Y)|0,i=i+Math.imul(U,J)|0,n=(n=n+Math.imul(U,ee)|0)+Math.imul(R,J)|0,a=a+Math.imul(R,ee)|0,i=i+Math.imul(K,re)|0,n=(n=n+Math.imul(K,ie)|0)+Math.imul(C,re)|0,a=a+Math.imul(C,ie)|0,i=i+Math.imul(P,ae)|0,n=(n=n+Math.imul(P,se)|0)+Math.imul(x,ae)|0,a=a+Math.imul(x,se)|0,i=i+Math.imul(A,ce)|0,n=(n=n+Math.imul(A,ue)|0)+Math.imul(S,ce)|0,a=a+Math.imul(S,ue)|0,i=i+Math.imul(v,de)|0,n=(n=n+Math.imul(v,fe)|0)+Math.imul(_,de)|0,a=a+Math.imul(_,fe)|0;var xe=(u+(i=i+Math.imul(g,pe)|0)|0)+((8191&(n=(n=n+Math.imul(g,ye)|0)+Math.imul(m,pe)|0))<<13)|0;u=((a=a+Math.imul(m,ye)|0)+(n>>>13)|0)+(xe>>>26)|0,xe&=67108863,i=Math.imul(q,X),n=(n=Math.imul(q,Y))+Math.imul(F,X)|0,a=Math.imul(F,Y),i=i+Math.imul(B,J)|0,n=(n=n+Math.imul(B,ee)|0)+Math.imul(T,J)|0,a=a+Math.imul(T,ee)|0,i=i+Math.imul(U,re)|0,n=(n=n+Math.imul(U,ie)|0)+Math.imul(R,re)|0,a=a+Math.imul(R,ie)|0,i=i+Math.imul(K,ae)|0,n=(n=n+Math.imul(K,se)|0)+Math.imul(C,ae)|0,a=a+Math.imul(C,se)|0,i=i+Math.imul(P,ce)|0,n=(n=n+Math.imul(P,ue)|0)+Math.imul(x,ce)|0,a=a+Math.imul(x,ue)|0,i=i+Math.imul(A,de)|0,n=(n=n+Math.imul(A,fe)|0)+Math.imul(S,de)|0,a=a+Math.imul(S,fe)|0;var Me=(u+(i=i+Math.imul(v,pe)|0)|0)+((8191&(n=(n=n+Math.imul(v,ye)|0)+Math.imul(_,pe)|0))<<13)|0;u=((a=a+Math.imul(_,ye)|0)+(n>>>13)|0)+(Me>>>26)|0,Me&=67108863,i=Math.imul(q,J),n=(n=Math.imul(q,ee))+Math.imul(F,J)|0,a=Math.imul(F,ee),i=i+Math.imul(B,re)|0,n=(n=n+Math.imul(B,ie)|0)+Math.imul(T,re)|0,a=a+Math.imul(T,ie)|0,i=i+Math.imul(U,ae)|0,n=(n=n+Math.imul(U,se)|0)+Math.imul(R,ae)|0,a=a+Math.imul(R,se)|0,i=i+Math.imul(K,ce)|0,n=(n=n+Math.imul(K,ue)|0)+Math.imul(C,ce)|0,a=a+Math.imul(C,ue)|0,i=i+Math.imul(P,de)|0,n=(n=n+Math.imul(P,fe)|0)+Math.imul(x,de)|0,a=a+Math.imul(x,fe)|0;var Ke=(u+(i=i+Math.imul(A,pe)|0)|0)+((8191&(n=(n=n+Math.imul(A,ye)|0)+Math.imul(S,pe)|0))<<13)|0;u=((a=a+Math.imul(S,ye)|0)+(n>>>13)|0)+(Ke>>>26)|0,Ke&=67108863,i=Math.imul(q,re),n=(n=Math.imul(q,ie))+Math.imul(F,re)|0,a=Math.imul(F,ie),i=i+Math.imul(B,ae)|0,n=(n=n+Math.imul(B,se)|0)+Math.imul(T,ae)|0,a=a+Math.imul(T,se)|0,i=i+Math.imul(U,ce)|0,n=(n=n+Math.imul(U,ue)|0)+Math.imul(R,ce)|0,a=a+Math.imul(R,ue)|0,i=i+Math.imul(K,de)|0,n=(n=n+Math.imul(K,fe)|0)+Math.imul(C,de)|0,a=a+Math.imul(C,fe)|0;var Ce=(u+(i=i+Math.imul(P,pe)|0)|0)+((8191&(n=(n=n+Math.imul(P,ye)|0)+Math.imul(x,pe)|0))<<13)|0;u=((a=a+Math.imul(x,ye)|0)+(n>>>13)|0)+(Ce>>>26)|0,Ce&=67108863,i=Math.imul(q,ae),n=(n=Math.imul(q,se))+Math.imul(F,ae)|0,a=Math.imul(F,se),i=i+Math.imul(B,ce)|0,n=(n=n+Math.imul(B,ue)|0)+Math.imul(T,ce)|0,a=a+Math.imul(T,ue)|0,i=i+Math.imul(U,de)|0,n=(n=n+Math.imul(U,fe)|0)+Math.imul(R,de)|0,a=a+Math.imul(R,fe)|0;var De=(u+(i=i+Math.imul(K,pe)|0)|0)+((8191&(n=(n=n+Math.imul(K,ye)|0)+Math.imul(C,pe)|0))<<13)|0;u=((a=a+Math.imul(C,ye)|0)+(n>>>13)|0)+(De>>>26)|0,De&=67108863,i=Math.imul(q,ce),n=(n=Math.imul(q,ue))+Math.imul(F,ce)|0,a=Math.imul(F,ue),i=i+Math.imul(B,de)|0,n=(n=n+Math.imul(B,fe)|0)+Math.imul(T,de)|0,a=a+Math.imul(T,fe)|0;var Ue=(u+(i=i+Math.imul(U,pe)|0)|0)+((8191&(n=(n=n+Math.imul(U,ye)|0)+Math.imul(R,pe)|0))<<13)|0;u=((a=a+Math.imul(R,ye)|0)+(n>>>13)|0)+(Ue>>>26)|0,Ue&=67108863,i=Math.imul(q,de),n=(n=Math.imul(q,fe))+Math.imul(F,de)|0,a=Math.imul(F,fe);var Re=(u+(i=i+Math.imul(B,pe)|0)|0)+((8191&(n=(n=n+Math.imul(B,ye)|0)+Math.imul(T,pe)|0))<<13)|0;u=((a=a+Math.imul(T,ye)|0)+(n>>>13)|0)+(Re>>>26)|0,Re&=67108863;var Ie=(u+(i=Math.imul(q,pe))|0)+((8191&(n=(n=Math.imul(q,ye))+Math.imul(F,pe)|0))<<13)|0;return u=((a=Math.imul(F,ye))+(n>>>13)|0)+(Ie>>>26)|0,Ie&=67108863,c[0]=be,c[1]=ge,c[2]=me,c[3]=we,c[4]=ve,c[5]=_e,c[6]=ke,c[7]=Ae,c[8]=Se,c[9]=Ee,c[10]=Pe,c[11]=xe,c[12]=Me,c[13]=Ke,c[14]=Ce,c[15]=De,c[16]=Ue,c[17]=Re,c[18]=Ie,0!==u&&(c[19]=u,r.length++),r};function l(e,t,r){return(new p).mulp(e,t,r)}function p(e,t){this.x=e,this.y=t}Math.imul||(f=d),n.prototype.mulTo=function(e,t){var r,i=this.length+e.length;return r=10===this.length&&10===e.length?f(this,e,t):i<63?d(this,e,t):i<1024?function(e,t,r){r.negative=t.negative^e.negative,r.length=e.length+t.length;for(var i=0,n=0,a=0;a>>26)|0)>>>26,s&=67108863}r.words[a]=o,i=s,s=n}return 0!==i?r.words[a]=i:r.length--,r.strip()}(this,e,t):l(this,e,t),r},p.prototype.makeRBT=function(e){for(var t=Array(e),r=n.prototype._countBits(e)-1,i=0;i>=1;return i},p.prototype.permute=function(e,t,r,i,n,a){for(var s=0;s>>=1)n++;return 1<>>=13,i[2*s+1]=8191&a,a>>>=13;for(s=2*t;s>=26,t+=n/67108864|0,t+=a>>>26,this.words[i]=67108863&a}return 0!==t&&(this.words[i]=t,this.length++),this},n.prototype.muln=function(e){return this.clone().imuln(e)},n.prototype.sqr=function(){return this.mul(this)},n.prototype.isqr=function(){return this.imul(this.clone())},n.prototype.pow=function(e){var t=function(e){for(var t=Array(e.bitLength()),r=0;r>>n}return t}(e);if(0===t.length)return new n(1);for(var r=this,i=0;i=0);var t,i=e%26,n=(e-i)/26,a=67108863>>>26-i<<26-i;if(0!==i){var s=0;for(t=0;t>>26-i}s&&(this.words[t]=s,this.length++)}if(0!==n){for(t=this.length-1;t>=0;t--)this.words[t+n]=this.words[t];for(t=0;t=0),n=t?(t-t%26)/26:0;var a=e%26,s=Math.min((e-a)/26,this.length),o=67108863^67108863>>>a<s)for(this.length-=s,u=0;u=0&&(0!==h||u>=n);u--){var d=0|this.words[u];this.words[u]=h<<26-a|d>>>a,h=d&o}return c&&0!==h&&(c.words[c.length++]=h),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},n.prototype.ishrn=function(e,t,i){return r(0===this.negative),this.iushrn(e,t,i)},n.prototype.shln=function(e){return this.clone().ishln(e)},n.prototype.ushln=function(e){return this.clone().iushln(e)},n.prototype.shrn=function(e){return this.clone().ishrn(e)},n.prototype.ushrn=function(e){return this.clone().iushrn(e)},n.prototype.testn=function(e){r("number"==typeof e&&e>=0);var t=e%26,i=(e-t)/26,n=1<=0);var t=e%26,i=(e-t)/26;if(r(0===this.negative,"imaskn works only with positive numbers"),this.length<=i)return this;if(0!==t&&i++,this.length=Math.min(i,this.length),0!==t){var n=67108863^67108863>>>t<=67108864;t++)this.words[t]-=67108864,t===this.length-1?this.words[t+1]=1:this.words[t+1]++;return this.length=Math.max(this.length,t+1),this},n.prototype.isubn=function(e){if(r("number"==typeof e),r(e<67108864),e<0)return this.iaddn(-e);if(0!==this.negative)return this.negative=0,this.iaddn(e),this.negative=1,this;if(this.words[0]-=e,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var t=0;t>26)-(c/67108864|0),this.words[n+i]=67108863&a}for(;n>26,this.words[n+i]=67108863&a;if(0===o)return this.strip();for(r(-1===o),o=0,n=0;n>26,this.words[n]=67108863&a;return this.negative=1,this.strip()},n.prototype._wordDiv=function(e,t){var r=(this.length,e.length),i=this.clone(),a=e,s=0|a.words[a.length-1];0!==(r=26-this._countBits(s))&&(a=a.ushln(r),i.iushln(r),s=0|a.words[a.length-1]);var o,c=i.length-a.length;if("mod"!==t){(o=new n(null)).length=c+1,o.words=Array(o.length);for(var u=0;u=0;d--){var f=67108864*(0|i.words[a.length+d])+(0|i.words[a.length+d-1]);for(f=Math.min(f/s|0,67108863),i._ishlnsubmul(a,f,d);0!==i.negative;)f--,i.negative=0,i._ishlnsubmul(a,1,d),i.isZero()||(i.negative^=1);o&&(o.words[d]=f)}return o&&o.strip(),i.strip(),"div"!==t&&0!==r&&i.iushrn(r),{div:o||null,mod:i}},n.prototype.divmod=function(e,t,i){return r(!e.isZero()),this.isZero()?{div:new n(0),mod:new n(0)}:0!==this.negative&&0===e.negative?(o=this.neg().divmod(e,t),"mod"!==t&&(a=o.div.neg()),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.iadd(e)),{div:a,mod:s}):0===this.negative&&0!==e.negative?(o=this.divmod(e.neg(),t),"mod"!==t&&(a=o.div.neg()),{div:a,mod:o.mod}):0!=(this.negative&e.negative)?(o=this.neg().divmod(e.neg(),t),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.isub(e)),{div:o.div,mod:s}):e.length>this.length||this.cmp(e)<0?{div:new n(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new n(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new n(this.modn(e.words[0]))}:this._wordDiv(e,t);var a,s,o},n.prototype.div=function(e){return this.divmod(e,"div",!1).div},n.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},n.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},n.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var r=0!==t.div.negative?t.mod.isub(e):t.mod,i=e.ushrn(1),n=e.andln(1),a=r.cmp(i);return a<0||1===n&&0===a?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},n.prototype.modn=function(e){r(e<=67108863);for(var t=(1<<26)%e,i=0,n=this.length-1;n>=0;n--)i=(t*i+(0|this.words[n]))%e;return i},n.prototype.idivn=function(e){r(e<=67108863);for(var t=0,i=this.length-1;i>=0;i--){var n=(0|this.words[i])+67108864*t;this.words[i]=n/e|0,t=n%e}return this.strip()},n.prototype.divn=function(e){return this.clone().idivn(e)},n.prototype.egcd=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a=new n(1),s=new n(0),o=new n(0),c=new n(1),u=0;t.isEven()&&i.isEven();)t.iushrn(1),i.iushrn(1),++u;for(var h=i.clone(),d=t.clone();!t.isZero();){for(var f=0,l=1;0==(t.words[0]&l)&&f<26;++f,l<<=1);if(f>0)for(t.iushrn(f);f-- >0;)(a.isOdd()||s.isOdd())&&(a.iadd(h),s.isub(d)),a.iushrn(1),s.iushrn(1);for(var p=0,y=1;0==(i.words[0]&y)&&p<26;++p,y<<=1);if(p>0)for(i.iushrn(p);p-- >0;)(o.isOdd()||c.isOdd())&&(o.iadd(h),c.isub(d)),o.iushrn(1),c.iushrn(1);t.cmp(i)>=0?(t.isub(i),a.isub(o),s.isub(c)):(i.isub(t),o.isub(a),c.isub(s))}return{a:o,b:c,gcd:i.iushln(u)}},n.prototype._invmp=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a,s=new n(1),o=new n(0),c=i.clone();t.cmpn(1)>0&&i.cmpn(1)>0;){for(var u=0,h=1;0==(t.words[0]&h)&&u<26;++u,h<<=1);if(u>0)for(t.iushrn(u);u-- >0;)s.isOdd()&&s.iadd(c),s.iushrn(1);for(var d=0,f=1;0==(i.words[0]&f)&&d<26;++d,f<<=1);if(d>0)for(i.iushrn(d);d-- >0;)o.isOdd()&&o.iadd(c),o.iushrn(1);t.cmp(i)>=0?(t.isub(i),s.isub(o)):(i.isub(t),o.isub(s))}return(a=0===t.cmpn(1)?s:o).cmpn(0)<0&&a.iadd(e),a},n.prototype.gcd=function(e){if(this.isZero())return e.abs();if(e.isZero())return this.abs();var t=this.clone(),r=e.clone();t.negative=0,r.negative=0;for(var i=0;t.isEven()&&r.isEven();i++)t.iushrn(1),r.iushrn(1);for(;;){for(;t.isEven();)t.iushrn(1);for(;r.isEven();)r.iushrn(1);var n=t.cmp(r);if(n<0){var a=t;t=r,r=a}else if(0===n||0===r.cmpn(1))break;t.isub(r)}return r.iushln(i)},n.prototype.invm=function(e){return this.egcd(e).a.umod(e)},n.prototype.isEven=function(){return 0==(1&this.words[0])},n.prototype.isOdd=function(){return 1==(1&this.words[0])},n.prototype.andln=function(e){return this.words[0]&e},n.prototype.bincn=function(e){r("number"==typeof e);var t=e%26,i=(e-t)/26,n=1<>>26,o&=67108863,this.words[s]=o}return 0!==a&&(this.words[s]=a,this.length++),this},n.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},n.prototype.cmpn=function(e){var t,i=e<0;if(0!==this.negative&&!i)return-1;if(0===this.negative&&i)return 1;if(this.strip(),this.length>1)t=1;else{i&&(e=-e),r(e<=67108863,"Number is too big");var n=0|this.words[0];t=n===e?0:ne.length)return 1;if(this.length=0;r--){var i=0|this.words[r],n=0|e.words[r];if(i!==n){in&&(t=1);break}}return t},n.prototype.gtn=function(e){return 1===this.cmpn(e)},n.prototype.gt=function(e){return 1===this.cmp(e)},n.prototype.gten=function(e){return this.cmpn(e)>=0},n.prototype.gte=function(e){return this.cmp(e)>=0},n.prototype.ltn=function(e){return-1===this.cmpn(e)},n.prototype.lt=function(e){return-1===this.cmp(e)},n.prototype.lten=function(e){return this.cmpn(e)<=0},n.prototype.lte=function(e){return this.cmp(e)<=0},n.prototype.eqn=function(e){return 0===this.cmpn(e)},n.prototype.eq=function(e){return 0===this.cmp(e)},n.red=function(e){return new _(e)},n.prototype.toRed=function(e){return r(!this.red,"Already a number in reduction context"),r(0===this.negative,"red works only with positives"),e.convertTo(this)._forceRed(e)},n.prototype.fromRed=function(){return r(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},n.prototype._forceRed=function(e){return this.red=e,this},n.prototype.forceRed=function(e){return r(!this.red,"Already a number in reduction context"),this._forceRed(e)},n.prototype.redAdd=function(e){return r(this.red,"redAdd works only with red numbers"),this.red.add(this,e)},n.prototype.redIAdd=function(e){return r(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,e)},n.prototype.redSub=function(e){return r(this.red,"redSub works only with red numbers"),this.red.sub(this,e)},n.prototype.redISub=function(e){return r(this.red,"redISub works only with red numbers"),this.red.isub(this,e)},n.prototype.redShl=function(e){return r(this.red,"redShl works only with red numbers"),this.red.shl(this,e)},n.prototype.redMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.mul(this,e)},n.prototype.redIMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.imul(this,e)},n.prototype.redSqr=function(){return r(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},n.prototype.redISqr=function(){return r(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},n.prototype.redSqrt=function(){return r(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},n.prototype.redInvm=function(){return r(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},n.prototype.redNeg=function(){return r(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},n.prototype.redPow=function(e){return r(this.red&&!e.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,e)};var y={k256:null,p224:null,p192:null,p25519:null};function b(e,t){this.name=e,this.p=new n(t,16),this.n=this.p.bitLength(),this.k=new n(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function g(){b.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function m(){b.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function w(){b.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function v(){b.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function _(e){if("string"==typeof e){var t=n._prime(e);this.m=t.p,this.prime=t}else r(e.gtn(1),"modulus must be greater than 1"),this.m=e,this.prime=null}function k(e){_.call(this,e),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new n(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}b.prototype._tmp=function(){var e=new n(null);return e.words=Array(Math.ceil(this.n/13)),e},b.prototype.ireduce=function(e){var t,r=e;do{this.split(r,this.tmp),t=(r=(r=this.imulK(r)).iadd(this.tmp)).bitLength()}while(t>this.n);var i=t0?r.isub(this.p):r.strip(),r},b.prototype.split=function(e,t){e.iushrn(this.n,0,t)},b.prototype.imulK=function(e){return e.imul(this.k)},i(g,b),g.prototype.split=function(e,t){for(var r=4194303,i=Math.min(e.length,9),n=0;n>>22,a=s}a>>>=22,e.words[n-10]=a,0===a&&e.length>10?e.length-=10:e.length-=9},g.prototype.imulK=function(e){e.words[e.length]=0,e.words[e.length+1]=0,e.length+=2;for(var t=0,r=0;r>>=26,e.words[r]=n,t=i}return 0!==t&&(e.words[e.length++]=t),e},n._prime=function(e){if(y[e])return y[e];var t;if("k256"===e)t=new g;else if("p224"===e)t=new m;else if("p192"===e)t=new w;else{if("p25519"!==e)throw Error("Unknown prime "+e);t=new v}return y[e]=t,t},_.prototype._verify1=function(e){r(0===e.negative,"red works only with positives"),r(e.red,"red works only with red numbers")},_.prototype._verify2=function(e,t){r(0==(e.negative|t.negative),"red works only with positives"),r(e.red&&e.red===t.red,"red works only with red numbers")},_.prototype.imod=function(e){return this.prime?this.prime.ireduce(e)._forceRed(this):e.umod(this.m)._forceRed(this)},_.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},_.prototype.add=function(e,t){this._verify2(e,t);var r=e.add(t);return r.cmp(this.m)>=0&&r.isub(this.m),r._forceRed(this)},_.prototype.iadd=function(e,t){this._verify2(e,t);var r=e.iadd(t);return r.cmp(this.m)>=0&&r.isub(this.m),r},_.prototype.sub=function(e,t){this._verify2(e,t);var r=e.sub(t);return r.cmpn(0)<0&&r.iadd(this.m),r._forceRed(this)},_.prototype.isub=function(e,t){this._verify2(e,t);var r=e.isub(t);return r.cmpn(0)<0&&r.iadd(this.m),r},_.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},_.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},_.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},_.prototype.isqr=function(e){return this.imul(e,e.clone())},_.prototype.sqr=function(e){return this.mul(e,e)},_.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(r(t%2==1),3===t){var i=this.m.add(new n(1)).iushrn(2);return this.pow(e,i)}for(var a=this.m.subn(1),s=0;!a.isZero()&&0===a.andln(1);)s++,a.iushrn(1);r(!a.isZero());var o=new n(1).toRed(this),c=o.redNeg(),u=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new n(2*h*h).toRed(this);0!==this.pow(h,u).cmp(c);)h.redIAdd(c);for(var d=this.pow(h,a),f=this.pow(e,a.addn(1).iushrn(1)),l=this.pow(e,a),p=s;0!==l.cmp(o);){for(var y=l,b=0;0!==y.cmp(o);b++)y=y.redSqr();r(b=0;i--){for(var u=t.words[i],h=c-1;h>=0;h--){var d=u>>h&1;a!==r[0]&&(a=this.sqr(a)),0!==d||0!==s?(s<<=1,s|=d,(4===++o||0===i&&0===h)&&(a=this.mul(a,r[s]),o=0,s=0)):o=0}c=26}return a},_.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},_.prototype.convertFrom=function(e){var t=e.clone();return t.red=null,t},n.mont=function(e){return new k(e)},i(k,_),k.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},k.prototype.convertFrom=function(e){var t=this.imod(e.mul(this.rinv));return t.red=null,t},k.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;var r=e.imul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(i).iushrn(this.shift),a=n;return n.cmp(this.m)>=0?a=n.isub(this.m):n.cmpn(0)<0&&(a=n.iadd(this.m)),a._forceRed(this)},k.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new n(0)._forceRed(this);var r=e.mul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),a=r.isub(i).iushrn(this.shift),s=a;return a.cmp(this.m)>=0?s=a.isub(this.m):a.cmpn(0)<0&&(s=a.iadd(this.m)),s._forceRed(this)},k.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(e,it)})),qp=/*#__PURE__*/Object.freeze({__proto__:null,default:zp,__moduleExports:zp});class Fp{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");this.value=new zp(e)}clone(){const e=new Fp(null);return this.value.copy(e.value),e}iinc(){return this.value.iadd(new zp(1)),this}inc(){return this.clone().iinc()}idec(){return this.value.isub(new zp(1)),this}dec(){return this.clone().idec()}iadd(e){return this.value.iadd(e.value),this}add(e){return this.clone().iadd(e)}isub(e){return this.value.isub(e.value),this}sub(e){return this.clone().isub(e)}imul(e){return this.value.imul(e.value),this}mul(e){return this.clone().imul(e)}imod(e){return this.value=this.value.umod(e.value),this}mod(e){return this.clone().imod(e)}modExp(e,t){const r=t.isEven()?zp.red(t.value):zp.mont(t.value),i=this.clone();return i.value=i.value.toRed(r).redPow(e.value).fromRed(),i}modInv(e){if(!this.gcd(e).isOne())throw Error("Inverse does not exist");return new Fp(this.value.invm(e.value))}gcd(e){return new Fp(this.value.gcd(e.value))}ileftShift(e){return this.value.ishln(e.value.toNumber()),this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value.ishrn(e.value.toNumber()),this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value.eq(e.value)}lt(e){return this.value.lt(e.value)}lte(e){return this.value.lte(e.value)}gt(e){return this.value.gt(e.value)}gte(e){return this.value.gte(e.value)}isZero(){return this.value.isZero()}isOne(){return this.value.eq(new zp(1))}isNegative(){return this.value.isNeg()}isEven(){return this.value.isEven()}abs(){const e=this.clone();return e.value=e.value.abs(),e}toString(){return this.value.toString()}toNumber(){return this.value.toNumber()}getBit(e){return this.value.testn(e)?1:0}bitLength(){return this.value.bitLength()}byteLength(){return this.value.byteLength()}toUint8Array(e="be",t){return this.value.toArrayLike(Uint8Array,e,t)}}var Op,Lp=/*#__PURE__*/Object.freeze({__proto__:null,default:Fp}),Np=nt((function(e,t){var r=t;function i(e){return 1===e.length?"0"+e:e}function n(e){for(var t="",r=0;r>8,s=255&n;a?r.push(a,s):r.push(s)}return r},r.zero2=i,r.toHex=n,r.encode=function(e,t){return"hex"===t?n(e):e}})),jp=nt((function(e,t){var r=t;r.assert=tt,r.toArray=Np.toArray,r.zero2=Np.zero2,r.toHex=Np.toHex,r.encode=Np.encode,r.getNAF=function(e,t){for(var r=[],i=1<=0;){var a;if(n.isOdd()){var s=n.andln(i-1);a=s>(i>>1)-1?(i>>1)-s:s,n.isubn(a)}else a=0;r.push(a);for(var o=0!==n.cmpn(0)&&0===n.andln(i-1)?t+1:1,c=1;c0||t.cmpn(-n)>0;){var a,s,o,c=e.andln(3)+i&3,u=t.andln(3)+n&3;if(3===c&&(c=-1),3===u&&(u=-1),0==(1&c))a=0;else a=3!==(o=e.andln(7)+i&7)&&5!==o||2!==u?c:-c;if(r[0].push(a),0==(1&u))s=0;else s=3!==(o=t.andln(7)+n&7)&&5!==o||2!==c?u:-u;r[1].push(s),2*i===a+1&&(i=1-i),2*n===s+1&&(n=1-n),e.iushrn(1),t.iushrn(1)}return r},r.cachedProperty=function(e,t,r){var i="_"+t;e.prototype[t]=function(){return void 0!==this[i]?this[i]:this[i]=r.call(this)}},r.parseBytes=function(e){return"string"==typeof e?r.toArray(e,"hex"):e},r.intFromLE=function(e){return new zp(e,"hex","le")}})),Hp=function(e){return Op||(Op=new Wp(null)),Op.generate(e)};function Wp(e){this.rand=e}var Gp=Wp;if(Wp.prototype.generate=function(e){return this._rand(e)},Wp.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),r=0;r0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}var Qp=Yp;function Jp(e,t){this.curve=e,this.type=t,this.precomputed=null}Yp.prototype.point=function(){throw Error("Not implemented")},Yp.prototype.validate=function(){throw Error("Not implemented")},Yp.prototype._fixedNafMul=function(e,t){Xp(e.precomputed);var r=e._getDoubles(),i=$p(t,1),n=(1<=s;t--)o=(o<<1)+i[t];a.push(o)}for(var c=this.jpoint(null,null,null),u=this.jpoint(null,null,null),h=n;h>0;h--){for(s=0;s=0;o--){for(t=0;o>=0&&0===a[o];o--)t++;if(o>=0&&t++,s=s.dblp(t),o<0)break;var c=a[o];Xp(0!==c),s="affine"===e.type?c>0?s.mixedAdd(n[c-1>>1]):s.mixedAdd(n[-c-1>>1].neg()):c>0?s.add(n[c-1>>1]):s.add(n[-c-1>>1].neg())}return"affine"===e.type?s.toP():s},Yp.prototype._wnafMulAdd=function(e,t,r,i,n){for(var a=this._wnafT1,s=this._wnafT2,o=this._wnafT3,c=0,u=0;u=1;u-=2){var d=u-1,f=u;if(1===a[d]&&1===a[f]){var l=[t[d],null,null,t[f]];0===t[d].y.cmp(t[f].y)?(l[1]=t[d].add(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg())):0===t[d].y.cmp(t[f].y.redNeg())?(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].add(t[f].neg())):(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg()));var p=[-3,-1,-5,-7,0,7,5,1,3],y=Zp(r[d],r[f]);c=Math.max(y[0].length,c),o[d]=Array(c),o[f]=Array(c);for(var b=0;b=0;u--){for(var _=0;u>=0;){var k=!0;for(b=0;b=0&&_++,w=w.dblp(_),u<0)break;for(b=0;b0?A=s[b][S-1>>1]:S<0&&(A=s[b][-S-1>>1].neg()),w="affine"===A.type?w.mixedAdd(A):w.add(A))}}for(u=0;u=Math.ceil((e.bitLength()+1)/t.step)},Jp.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var r=[this],i=this,n=0;n=0&&(a=t,s=r),i.negative&&(i=i.neg(),n=n.neg()),a.negative&&(a=a.neg(),s=s.neg()),[{a:i,b:n},{a,b:s}]},ty.prototype._endoSplit=function(e){var t=this.endo.basis,r=t[0],i=t[1],n=i.b.mul(e).divRound(this.n),a=r.b.neg().mul(e).divRound(this.n),s=n.mul(r.a),o=a.mul(i.a),c=n.mul(r.b),u=a.mul(i.b);return{k1:e.sub(s).sub(o),k2:c.add(u).neg()}},ty.prototype.pointFromX=function(e,t){(e=new zp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),i=r.redSqrt();if(0!==i.redSqr().redSub(r).cmp(this.zero))throw Error("invalid point");var n=i.fromRed().isOdd();return(t&&!n||!t&&n)&&(i=i.redNeg()),this.point(e,i)},ty.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,r=e.y,i=this.a.redMul(t),n=t.redSqr().redMul(t).redIAdd(i).redIAdd(this.b);return 0===r.redSqr().redISub(n).cmpn(0)},ty.prototype._endoWnafMulAdd=function(e,t,r){for(var i=this._endoWnafT1,n=this._endoWnafT2,a=0;a":""},iy.prototype.isInfinity=function(){return this.inf},iy.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y);0!==t.cmpn(0)&&(t=t.redMul(this.x.redSub(e.x).redInvm()));var r=t.redSqr().redISub(this.x).redISub(e.x),i=t.redMul(this.x.redSub(r)).redISub(this.y);return this.curve.point(r,i)},iy.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,r=this.x.redSqr(),i=e.redInvm(),n=r.redAdd(r).redIAdd(r).redIAdd(t).redMul(i),a=n.redSqr().redISub(this.x.redAdd(this.x)),s=n.redMul(this.x.redSub(a)).redISub(this.y);return this.curve.point(a,s)},iy.prototype.getX=function(){return this.x.fromRed()},iy.prototype.getY=function(){return this.y.fromRed()},iy.prototype.mul=function(e){return e=new zp(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},iy.prototype.mulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n):this.curve._wnafMulAdd(1,i,n,2)},iy.prototype.jmulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n,!0):this.curve._wnafMulAdd(1,i,n,2,!0)},iy.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},iy.prototype.neg=function(e){if(this.inf)return this;var t=this.curve.point(this.x,this.y.redNeg());if(e&&this.precomputed){var r=this.precomputed,i=function(e){return e.neg()};t.precomputed={naf:r.naf&&{wnd:r.naf.wnd,points:r.naf.points.map(i)},doubles:r.doubles&&{step:r.doubles.step,points:r.doubles.points.map(i)}}}return t},iy.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},st(ny,Qp.BasePoint),ty.prototype.jpoint=function(e,t,r){return new ny(this,e,t,r)},ny.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),r=this.x.redMul(t),i=this.y.redMul(t).redMul(e);return this.curve.point(r,i)},ny.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},ny.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),r=this.z.redSqr(),i=this.x.redMul(t),n=e.x.redMul(r),a=this.y.redMul(t.redMul(e.z)),s=e.y.redMul(r.redMul(this.z)),o=i.redSub(n),c=a.redSub(s);if(0===o.cmpn(0))return 0!==c.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var u=o.redSqr(),h=u.redMul(o),d=i.redMul(u),f=c.redSqr().redIAdd(h).redISub(d).redISub(d),l=c.redMul(d.redISub(f)).redISub(a.redMul(h)),p=this.z.redMul(e.z).redMul(o);return this.curve.jpoint(f,l,p)},ny.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),r=this.x,i=e.x.redMul(t),n=this.y,a=e.y.redMul(t).redMul(this.z),s=r.redSub(i),o=n.redSub(a);if(0===s.cmpn(0))return 0!==o.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var c=s.redSqr(),u=c.redMul(s),h=r.redMul(c),d=o.redSqr().redIAdd(u).redISub(h).redISub(h),f=o.redMul(h.redISub(d)).redISub(n.redMul(u)),l=this.z.redMul(s);return this.curve.jpoint(d,f,l)},ny.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,r=0;r=0)return!1;if(r.redIAdd(n),0===this.x.cmp(r))return!0}},ny.prototype.inspect=function(){return this.isInfinity()?"":""},ny.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},st(ay,Qp);var sy=ay;function oy(e,t,r){Qp.BasePoint.call(this,e,"projective"),null===t&&null===r?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new zp(t,16),this.z=new zp(r,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}ay.prototype.validate=function(e){var t=e.normalize().x,r=t.redSqr(),i=r.redMul(t).redAdd(r.redMul(this.a)).redAdd(t);return 0===i.redSqrt().redSqr().cmp(i)},st(oy,Qp.BasePoint),ay.prototype.decodePoint=function(e,t){if(33===(e=jp.toArray(e,t)).length&&64===e[0]&&(e=e.slice(1,33).reverse()),32!==e.length)throw Error("Unknown point compression format");return this.point(e,1)},ay.prototype.point=function(e,t){return new oy(this,e,t)},ay.prototype.pointFromJSON=function(e){return oy.fromJSON(this,e)},oy.prototype.precompute=function(){},oy.prototype._encode=function(e){var t=this.curve.p.byteLength();return e?[64].concat(this.getX().toArray("le",t)):this.getX().toArray("be",t)},oy.fromJSON=function(e,t){return new oy(e,t[0],t[1]||e.one)},oy.prototype.inspect=function(){return this.isInfinity()?"":""},oy.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},oy.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),r=e.redSub(t),i=e.redMul(t),n=r.redMul(t.redAdd(this.curve.a24.redMul(r)));return this.curve.point(i,n)},oy.prototype.add=function(){throw Error("Not supported on Montgomery curve")},oy.prototype.diffAdd=function(e,t){var r=this.x.redAdd(this.z),i=this.x.redSub(this.z),n=e.x.redAdd(e.z),a=e.x.redSub(e.z).redMul(r),s=n.redMul(i),o=t.z.redMul(a.redAdd(s).redSqr()),c=t.x.redMul(a.redISub(s).redSqr());return this.curve.point(o,c)},oy.prototype.mul=function(e){for(var t=(e=new zp(e,16)).clone(),r=this,i=this.curve.point(null,null),n=[];0!==t.cmpn(0);t.iushrn(1))n.push(t.andln(1));for(var a=n.length-1;a>=0;a--)0===n[a]?(r=r.diffAdd(i,this),i=i.dbl()):(i=r.diffAdd(i,this),r=r.dbl());return i},oy.prototype.mulAdd=function(){throw Error("Not supported on Montgomery curve")},oy.prototype.jumlAdd=function(){throw Error("Not supported on Montgomery curve")},oy.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},oy.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},oy.prototype.getX=function(){return this.normalize(),this.x.fromRed()};var cy=jp.assert;function uy(e){this.twisted=1!=(0|e.a),this.mOneA=this.twisted&&-1==(0|e.a),this.extended=this.mOneA,Qp.call(this,"edwards",e),this.a=new zp(e.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new zp(e.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new zp(e.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),cy(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|e.c)}st(uy,Qp);var hy=uy;function dy(e,t,r,i,n){Qp.BasePoint.call(this,e,"projective"),null===t&&null===r&&null===i?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new zp(t,16),this.y=new zp(r,16),this.z=i?new zp(i,16):this.curve.one,this.t=n&&new zp(n,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}uy.prototype._mulA=function(e){return this.mOneA?e.redNeg():this.a.redMul(e)},uy.prototype._mulC=function(e){return this.oneC?e:this.c.redMul(e)},uy.prototype.jpoint=function(e,t,r,i){return this.point(e,t,r,i)},uy.prototype.pointFromX=function(e,t){(e=new zp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=this.c2.redSub(this.a.redMul(r)),n=this.one.redSub(this.c2.redMul(this.d).redMul(r)),a=i.redMul(n.redInvm()),s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");var o=s.fromRed().isOdd();return(t&&!o||!t&&o)&&(s=s.redNeg()),this.point(e,s)},uy.prototype.pointFromY=function(e,t){(e=new zp(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=r.redSub(this.c2),n=r.redMul(this.d).redMul(this.c2).redSub(this.a),a=i.redMul(n.redInvm());if(0===a.cmp(this.zero)){if(t)throw Error("invalid point");return this.point(this.zero,e)}var s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");return s.fromRed().isOdd()!==t&&(s=s.redNeg()),this.point(s,e)},uy.prototype.validate=function(e){if(e.isInfinity())return!0;e.normalize();var t=e.x.redSqr(),r=e.y.redSqr(),i=t.redMul(this.a).redAdd(r),n=this.c2.redMul(this.one.redAdd(this.d.redMul(t).redMul(r)));return 0===i.cmp(n)},st(dy,Qp.BasePoint),uy.prototype.pointFromJSON=function(e){return dy.fromJSON(this,e)},uy.prototype.point=function(e,t,r,i){return new dy(this,e,t,r,i)},dy.fromJSON=function(e,t){return new dy(e,t[0],t[1],t[2])},dy.prototype.inspect=function(){return this.isInfinity()?"":""},dy.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},dy.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),r=this.z.redSqr();r=r.redIAdd(r);var i=this.curve._mulA(e),n=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),a=i.redAdd(t),s=a.redSub(r),o=i.redSub(t),c=n.redMul(s),u=a.redMul(o),h=n.redMul(o),d=s.redMul(a);return this.curve.point(c,u,d,h)},dy.prototype._projDbl=function(){var e,t,r,i=this.x.redAdd(this.y).redSqr(),n=this.x.redSqr(),a=this.y.redSqr();if(this.curve.twisted){var s=(u=this.curve._mulA(n)).redAdd(a);if(this.zOne)e=i.redSub(n).redSub(a).redMul(s.redSub(this.curve.two)),t=s.redMul(u.redSub(a)),r=s.redSqr().redSub(s).redSub(s);else{var o=this.z.redSqr(),c=s.redSub(o).redISub(o);e=i.redSub(n).redISub(a).redMul(c),t=s.redMul(u.redSub(a)),r=s.redMul(c)}}else{var u=n.redAdd(a);o=this.curve._mulC(this.z).redSqr(),c=u.redSub(o).redSub(o);e=this.curve._mulC(i.redISub(u)).redMul(c),t=this.curve._mulC(u).redMul(n.redISub(a)),r=u.redMul(c)}return this.curve.point(e,t,r)},dy.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},dy.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),r=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),i=this.t.redMul(this.curve.dd).redMul(e.t),n=this.z.redMul(e.z.redAdd(e.z)),a=r.redSub(t),s=n.redSub(i),o=n.redAdd(i),c=r.redAdd(t),u=a.redMul(s),h=o.redMul(c),d=a.redMul(c),f=s.redMul(o);return this.curve.point(u,h,f,d)},dy.prototype._projAdd=function(e){var t,r,i=this.z.redMul(e.z),n=i.redSqr(),a=this.x.redMul(e.x),s=this.y.redMul(e.y),o=this.curve.d.redMul(a).redMul(s),c=n.redSub(o),u=n.redAdd(o),h=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(a).redISub(s),d=i.redMul(c).redMul(h);return this.curve.twisted?(t=i.redMul(u).redMul(s.redSub(this.curve._mulA(a))),r=c.redMul(u)):(t=i.redMul(u).redMul(s.redSub(a)),r=this.curve._mulC(c).redMul(u)),this.curve.point(d,t,r)},dy.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},dy.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},dy.prototype.mulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!1)},dy.prototype.jmulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!0)},dy.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},dy.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},dy.prototype.getX=function(){return this.normalize(),this.x.fromRed()},dy.prototype.getY=function(){return this.normalize(),this.y.fromRed()},dy.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},dy.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var r=e.clone(),i=this.curve.redN.redMul(this.z);;){if(r.iadd(this.curve.n),r.cmp(this.curve.p)>=0)return!1;if(t.redIAdd(i),0===this.x.cmp(t))return!0}},dy.prototype.toP=dy.prototype.normalize,dy.prototype.mixedAdd=dy.prototype.add;var fy=nt((function(e,t){var r=t;r.base=Qp,r.short=ry,r.mont=sy,r.edwards=hy})),ly=yt.rotl32,py=yt.sum32,yy=yt.sum32_5,by=St.ft_1,gy=mt.BlockHash,my=[1518500249,1859775393,2400959708,3395469782];function wy(){if(!(this instanceof wy))return new wy;gy.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=Array(80)}yt.inherits(wy,gy);var vy=wy;wy.blockSize=512,wy.outSize=160,wy.hmacStrength=80,wy.padLength=64,wy.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;ithis.blockSize&&(e=(new this.Hash).update(e).digest()),tt(e.length<=this.blockSize);for(var t=e.length;t=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,r,i)}var My=xy;xy.prototype._init=function(e,t,r){var i=e.concat(t).concat(r);this.K=Array(this.outLen/8),this.V=Array(this.outLen/8);for(var n=0;n=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(r||[])),this._reseed=1},xy.prototype.generate=function(e,t,r,i){if(this._reseed>this.reseedInterval)throw Error("Reseed is required");"string"!=typeof t&&(i=r,r=t,t=null),r&&(r=Np.toArray(r,i||"hex"),this._update(r));for(var n=[];n.length"};var Uy=jp.assert;function Ry(e,t){if(e instanceof Ry)return e;this._importDER(e,t)||(Uy(e.r&&e.s,"Signature without r or s"),this.r=new zp(e.r,16),this.s=new zp(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}var Iy=Ry;function By(){this.place=0}function Ty(e,t){var r=e[t.place++];if(!(128&r))return r;for(var i=15&r,n=0,a=0,s=t.place;a>>3);for(e.push(128|r);--r;)e.push(t>>>(r<<3)&255);e.push(t)}}Ry.prototype._importDER=function(e,t){e=jp.toArray(e,t);var r=new By;if(48!==e[r.place++])return!1;if(Ty(e,r)+r.place!==e.length)return!1;if(2!==e[r.place++])return!1;var i=Ty(e,r),n=e.slice(r.place,i+r.place);if(r.place+=i,2!==e[r.place++])return!1;var a=Ty(e,r);if(e.length!==a+r.place)return!1;var s=e.slice(r.place,a+r.place);return 0===n[0]&&128&n[1]&&(n=n.slice(1)),0===s[0]&&128&s[1]&&(s=s.slice(1)),this.r=new zp(n),this.s=new zp(s),this.recoveryParam=null,!0},Ry.prototype.toDER=function(e){var t=this.r.toArray(),r=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&r[0]&&(r=[0].concat(r)),t=zy(t),r=zy(r);!(r[0]||128&r[1]);)r=r.slice(1);var i=[2];qy(i,t.length),(i=i.concat(t)).push(2),qy(i,r.length);var n=i.concat(r),a=[48];return qy(a,n.length),a=a.concat(n),jp.encode(a,e)};var Fy=jp.assert;function Oy(e){if(!(this instanceof Oy))return new Oy(e);"string"==typeof e&&(Fy(Py.hasOwnProperty(e),"Unknown curve "+e),e=Py[e]),e instanceof Py.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}var Ly=Oy;Oy.prototype.keyPair=function(e){return new Dy(this,e)},Oy.prototype.keyFromPrivate=function(e,t){return Dy.fromPrivate(this,e,t)},Oy.prototype.keyFromPublic=function(e,t){return Dy.fromPublic(this,e,t)},Oy.prototype.genKeyPair=function(e){e||(e={});var t=new My({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||Hp(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()});if("mont"===this.curve.type){var r=new zp(t.generate(32));return this.keyFromPrivate(r)}for(var i=this.n.byteLength(),n=this.n.sub(new zp(2));;){if(!((r=new zp(t.generate(i))).cmp(n)>0))return r.iaddn(1),this.keyFromPrivate(r)}},Oy.prototype._truncateToN=function(e,t,r){var i=(r=r||8*e.byteLength())-this.n.bitLength();return i>0&&(e=e.ushrn(i)),!t&&e.cmp(this.n)>=0?e.sub(this.n):e},Oy.prototype.truncateMsg=function(e){var t;return e instanceof Uint8Array?(t=8*e.byteLength,e=this._truncateToN(new zp(e,16),!1,t)):"string"==typeof e?(t=4*e.length,e=this._truncateToN(new zp(e,16),!1,t)):e=this._truncateToN(new zp(e,16)),e},Oy.prototype.sign=function(e,t,r,i){"object"==typeof r&&(i=r,r=null),i||(i={}),t=this.keyFromPrivate(t,r),e=this.truncateMsg(e);for(var n=this.n.byteLength(),a=t.getPrivate().toArray("be",n),s=e.toArray("be",n),o=new My({hash:this.hash,entropy:a,nonce:s,pers:i.pers,persEnc:i.persEnc||"utf8"}),c=this.n.sub(new zp(1)),u=0;;u++){var h=i.k?i.k(u):new zp(o.generate(this.n.byteLength()));if(!((h=this._truncateToN(h,!0)).cmpn(1)<=0||h.cmp(c)>=0)){var d=this.g.mul(h);if(!d.isInfinity()){var f=d.getX(),l=f.umod(this.n);if(0!==l.cmpn(0)){var p=h.invm(this.n).mul(l.mul(t.getPrivate()).iadd(e));if(0!==(p=p.umod(this.n)).cmpn(0)){var y=(d.getY().isOdd()?1:0)|(0!==f.cmp(l)?2:0);return i.canonical&&p.cmp(this.nh)>0&&(p=this.n.sub(p),y^=1),new Iy({r:l,s:p,recoveryParam:y})}}}}}},Oy.prototype.verify=function(e,t,r,i){return r=this.keyFromPublic(r,i),t=new Iy(t,"hex"),this._verify(this.truncateMsg(e),t,r)||this._verify(this._truncateToN(new zp(e,16)),t,r)},Oy.prototype._verify=function(e,t,r){var i=t.r,n=t.s;if(i.cmpn(1)<0||i.cmp(this.n)>=0)return!1;if(n.cmpn(1)<0||n.cmp(this.n)>=0)return!1;var a,s=n.invm(this.n),o=s.mul(e).umod(this.n),c=s.mul(i).umod(this.n);return this.curve._maxwellTrick?!(a=this.g.jmulAdd(o,r.getPublic(),c)).isInfinity()&&a.eqXToP(i):!(a=this.g.mulAdd(o,r.getPublic(),c)).isInfinity()&&0===a.getX().umod(this.n).cmp(i)},Oy.prototype.recoverPubKey=function(e,t,r,i){Fy((3&r)===r,"The recovery param is more than two bits"),t=new Iy(t,i);var n=this.n,a=new zp(e),s=t.r,o=t.s,c=1&r,u=r>>1;if(s.cmp(this.curve.p.umod(this.curve.n))>=0&&u)throw Error("Unable to find sencond key candinate");s=u?this.curve.pointFromX(s.add(this.curve.n),c):this.curve.pointFromX(s,c);var h=t.r.invm(n),d=n.sub(a).mul(h).umod(n),f=o.mul(h).umod(n);return this.g.mulAdd(d,s,f)},Oy.prototype.getKeyRecoveryParam=function(e,t,r,i){if(null!==(t=new Iy(t,i)).recoveryParam)return t.recoveryParam;for(var n=0;n<4;n++){var a;try{a=this.recoverPubKey(e,t,n)}catch(e){continue}if(a.eq(r))return n}throw Error("Unable to find valid recovery factor")};var Ny=jp.assert,jy=jp.parseBytes,Hy=jp.cachedProperty;function Wy(e,t){if(this.eddsa=e,t.hasOwnProperty("secret")&&(this._secret=jy(t.secret)),e.isPoint(t.pub))this._pub=t.pub;else if(this._pubBytes=jy(t.pub),this._pubBytes&&33===this._pubBytes.length&&64===this._pubBytes[0]&&(this._pubBytes=this._pubBytes.slice(1,33)),this._pubBytes&&32!==this._pubBytes.length)throw Error("Unknown point compression format")}Wy.fromPublic=function(e,t){return t instanceof Wy?t:new Wy(e,{pub:t})},Wy.fromSecret=function(e,t){return t instanceof Wy?t:new Wy(e,{secret:t})},Wy.prototype.secret=function(){return this._secret},Hy(Wy,"pubBytes",(function(){return this.eddsa.encodePoint(this.pub())})),Hy(Wy,"pub",(function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())})),Hy(Wy,"privBytes",(function(){var e=this.eddsa,t=this.hash(),r=e.encodingLength-1,i=t.slice(0,e.encodingLength);return i[0]&=248,i[r]&=127,i[r]|=64,i})),Hy(Wy,"priv",(function(){return this.eddsa.decodeInt(this.privBytes())})),Hy(Wy,"hash",(function(){return this.eddsa.hash().update(this.secret()).digest()})),Hy(Wy,"messagePrefix",(function(){return this.hash().slice(this.eddsa.encodingLength)})),Wy.prototype.sign=function(e){return Ny(this._secret,"KeyPair can only verify"),this.eddsa.sign(e,this)},Wy.prototype.verify=function(e,t){return this.eddsa.verify(e,t,this)},Wy.prototype.getSecret=function(e){return Ny(this._secret,"KeyPair is public only"),jp.encode(this.secret(),e)},Wy.prototype.getPublic=function(e,t){return jp.encode((t?[64]:[]).concat(this.pubBytes()),e)};var Gy=Wy,Vy=jp.assert,$y=jp.cachedProperty,Zy=jp.parseBytes;function Xy(e,t){this.eddsa=e,"object"!=typeof t&&(t=Zy(t)),Array.isArray(t)&&(t={R:t.slice(0,e.encodingLength),S:t.slice(e.encodingLength)}),Vy(t.R&&t.S,"Signature without R or S"),e.isPoint(t.R)&&(this._R=t.R),t.S instanceof zp&&(this._S=t.S),this._Rencoded=Array.isArray(t.R)?t.R:t.Rencoded,this._Sencoded=Array.isArray(t.S)?t.S:t.Sencoded}$y(Xy,"S",(function(){return this.eddsa.decodeInt(this.Sencoded())})),$y(Xy,"R",(function(){return this.eddsa.decodePoint(this.Rencoded())})),$y(Xy,"Rencoded",(function(){return this.eddsa.encodePoint(this.R())})),$y(Xy,"Sencoded",(function(){return this.eddsa.encodeInt(this.S())})),Xy.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},Xy.prototype.toHex=function(){return jp.encode(this.toBytes(),"hex").toUpperCase()};var Yy=Xy,Qy=jp.assert,Jy=jp.parseBytes;function eb(e){if(Qy("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof eb))return new eb(e);e=Py[e].curve;this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=Sy.sha512}var tb=eb;eb.prototype.sign=function(e,t){e=Jy(e);var r=this.keyFromSecret(t),i=this.hashInt(r.messagePrefix(),e),n=this.g.mul(i),a=this.encodePoint(n),s=this.hashInt(a,r.pubBytes(),e).mul(r.priv()),o=i.add(s).umod(this.curve.n);return this.makeSignature({R:n,S:o,Rencoded:a})},eb.prototype.verify=function(e,t,r){e=Jy(e),t=this.makeSignature(t);var i=this.keyFromPublic(r),n=this.hashInt(t.Rencoded(),i.pubBytes(),e),a=this.g.mul(t.S());return t.R().add(i.pub().mul(n)).eq(a)},eb.prototype.hashInt=function(){for(var e=this.hash(),t=0;t0)throw Error("Unknown option: "+r.join(", "));return new Sh(e)},e.createMessage=async function({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){let s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!Y.isString(e)&&!Y.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!Y.isUint8Array(t)&&!Y.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=Y.isStream(s);c&&(await P(),s=M(s));const u=new ou(i);void 0!==e?u.setText(s,Z.write(Z.literal,n)):u.setBytes(s,Z.write(Z.literal,n)),void 0!==r&&u.setFilename(r);const h=new pu;h.push(u);const d=new vh(h);return d.fromStream=c,d},e.decrypt=async function({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Kh(u={...ae,...u}),Eh(e),n=Ch(n),t=Ch(t),r=Ch(r),i=Ch(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const d={};if(d.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),d.data="binary"===s?h.getLiteralData():h.getText(),d.filename=h.getFilename(),Uh(d,e),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===d.signatures.length)throw Error("Message is not signed");d.data=C([d.data,W((async()=>{await Y.anyPromise(d.signatures.map((e=>e.verified)))}))])}return d.data=await Dh(d.data,e.fromStream,s),d}catch(e){throw Y.wrapError("Error decrypting message",e)}},e.decryptKey=async function({privateKey:e,passphrase:t,config:r,...i}){Kh(r={...ae,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=Y.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>Y.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),Y.wrapError("Error decrypting private key",e)}},e.decryptSessionKeys=async function({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Kh(n={...ae,...n}),Eh(e),t=Ch(t),r=Ch(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,i,n)}catch(e){throw Y.wrapError("Error decrypting session keys",e)}},e.encrypt=async function({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:d=[],encryptionUserIDs:f=[],signatureNotations:l=[],config:p,...y}){if(Kh(p={...ae,...p}),Eh(e),xh(a),t=Ch(t),r=Ch(r),i=Ch(i),c=Ch(c),u=Ch(u),d=Ch(d),f=Ch(f),l=Ch(l),y.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(y.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(y.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==y.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const b=Object.keys(y);if(b.length>0)throw Error("Unknown option: "+b.join(", "));r||(r=[]);const g=e.fromStream;try{if((r.length||s)&&(e=await e.sign(r,s,c,h,d,l,p)),e=e.compress(await Xu("compression",t,h,f,p),p),e=await e.encrypt(t,i,n,o,u,h,f,p),"object"===a)return e;const y="armored"===a;return Dh(y?e.armor(p):e.write(),g,y?"utf8":"binary")}catch(e){throw Y.wrapError("Error encrypting message",e)}},e.encryptKey=async function({privateKey:e,passphrase:t,config:r,...i}){Kh(r={...ae,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=Y.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),Y.wrapError("Error encrypting private key",e)}},e.encryptSessionKey=async function({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...d}){if(Kh(h={...ae,...h}),function(e,t){if(!Y.isUint8Array(e))throw Error("Parameter ["+(t||"data")+"] must be of type Uint8Array")}(e),function(e,t){if(!Y.isString(e))throw Error("Parameter ["+(t||"data")+"] must be of type String")}(t,"algorithm"),xh(a),i=Ch(i),n=Ch(n),o=Ch(o),u=Ch(u),d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return Rh(await vh.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw Y.wrapError("Error encrypting session key",e)}},e.enums=Z,e.generateKey=async function({userIDs:e=[],passphrase:t,type:r="ecc",rsaBits:i=4096,curve:n="curve25519",keyExpirationTime:a=0,date:s=new Date,subkeys:o=[{}],format:c="armored",config:u,...h}){Kh(u={...ae,...u}),e=Ch(e);const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));if(0===e.length)throw Error("UserIDs are required for key generation");if("rsa"===r&&ith(e.subkeys[r],e)));let r=[Wu(e,t)];r=r.concat(e.subkeys.map((e=>Hu(e,t))));const i=await Promise.all(r),n=await bh(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(f,u);return e.getKeys().forEach((({keyPacket:e})=>ah(e,u))),{privateKey:Rh(e,c,u),publicKey:Rh(e.toPublic(),c,u),revocationCertificate:t}}catch(e){throw Y.wrapError("Error generating keypair",e)}},e.generateSessionKey=async function({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Kh(i={...ae,...i}),e=Ch(e),r=Ch(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await vh.generateSessionKey(e,t,r,i)}catch(e){throw Y.wrapError("Error generating session key",e)}},e.readCleartextMessage=async function({cleartextMessage:e,config:t,...r}){if(t={...ae,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!Y.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await le(e);if(n.type!==Z.armor.signed)throw Error("No cleartext signed message.");const a=await pu.fromBinary(n.data,Ah,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await le(e,r);if(t!==Z.armor.publicKey&&t!==Z.armor.privateKey)throw Error("Armored text not of type key");a=i}else a=t;return yh(await pu.fromBinary(a,ph,r))},e.readKeys=async function({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...ae,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!Y.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!Y.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:i}=await le(e,r);if(t!==Z.armor.publicKey&&t!==Z.armor.privateKey)throw Error("Armored text not of type key");n=i}const s=[],o=await pu.fromBinary(n,ph,r),c=o.indexOfTag(Z.packet.publicKey,Z.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)throw Error("Unknown option: "+a.join(", "));const s=Y.isStream(n);if(s&&(await P(),n=M(n)),e){const{type:e,data:t}=await le(n,r);if(e!==Z.armor.message)throw Error("Armored text not of type message");n=t}const o=await pu.fromBinary(n,gh,r),c=new vh(o);return c.fromStream=s,c},e.readPrivateKey=async function({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...ae,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!Y.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!Y.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await le(e,r);if(t!==Z.armor.privateKey)throw Error("Armored text not of type private key");a=i}else a=t;const s=await pu.fromBinary(a,ph,r);return new lh(s)},e.readPrivateKeys=async function({armoredKeys:e,binaryKeys:t,config:r}){r={...ae,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!Y.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!Y.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:n}=await le(e,r);if(t!==Z.armor.privateKey)throw Error("Armored text not of type private key");i=n}const n=[],a=await pu.fromBinary(i,ph,r),s=a.indexOfTag(Z.packet.secretKey);if(0===s.length)throw Error("No secret key packet found");for(let e=0;e0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await le(n,r);if(e!==Z.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await pu.fromBinary(n,Nu,r);return new ju(s)},e.reformatKey=async function({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Kh(s={...ae,...s}),t=Ch(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length)throw Error("UserIDs are required for key reformat");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await Gu(e.bindingSignatures,i,Z.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&Z.keyFlags.signData}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await bh(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=Y.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Rh(e,a,s),publicKey:Rh(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw Y.wrapError("Error reformatting keypair",e)}},e.revokeKey=async function({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Kh(a={...ae,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:Rh(s,n,a),publicKey:Rh(s.toPublic(),n,a)}:{privateKey:null,publicKey:Rh(s,n,a)}}catch(e){throw Y.wrapError("Error revoking key",e)}},e.sign=async function({message:e,signingKeys:t,format:r="armored",detached:i=!1,signingKeyIDs:n=[],date:a=new Date,signingUserIDs:s=[],signatureNotations:o=[],config:c,...u}){if(Kh(c={...ae,...c}),Ph(e),xh(r),t=Ch(t),n=Ch(n),s=Ch(s),o=Ch(o),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==u.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const h=Object.keys(u);if(h.length>0)throw Error("Unknown option: "+h.join(", "));if(e instanceof Sh&&"binary"===r)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Sh&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let u;if(u=i?await e.signDetached(t,void 0,n,a,s,o,c):await e.sign(t,void 0,n,a,s,o,c),"object"===r)return u;const h="armored"===r;return u=h?u.armor(c):u.write(),i&&(u=z(e.packets.write(),(async(e,t)=>{await Promise.all([R(u,t),j(e).catch((()=>{}))])}))),Dh(u,e.fromStream,h?"utf8":"binary")}catch(e){throw Y.wrapError("Error signing message",e)}},e.unarmor=le,e.verify=async function({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Kh(s={...ae,...s}),Ph(e),t=Ch(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Sh&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Sh&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&Uh(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=C([o.data,W((async()=>{await Y.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Dh(o.data,e.fromStream,i),o}catch(e){throw Y.wrapError("Error verifying signed message",e)}},Object.defineProperty(e,"__esModule",{value:!0}),e}({}); +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +var openpgp=function(e){"use strict";const t="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function r(e,t){return t.forEach((function(t){t&&"string"!=typeof t&&!Array.isArray(t)&&Object.keys(t).forEach((function(r){if("default"!==r&&!(r in e)){var n=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(e,r,n.get?n:{enumerable:!0,get:function(){return t[r]}})}}))})),Object.freeze(e)}const n=Symbol("doneWritingPromise"),i=Symbol("doneWritingResolve"),s=Symbol("doneWritingReject"),a=Symbol("readingIndex");class o extends Array{constructor(){super(),Object.setPrototypeOf(this,o.prototype),this[n]=new Promise(((e,t)=>{this[i]=e,this[s]=t})),this[n].catch((()=>{}))}}function c(e){return e&&e.getReader&&Array.isArray(e)}function h(e){if(!c(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function u(e){if(c(e))return"array";if(t.ReadableStream&&t.ReadableStream.prototype.isPrototypeOf(e))return"web";if(e&&!(t.ReadableStream&&e instanceof t.ReadableStream)&&"function"==typeof e._read&&"object"==typeof e._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!e||!e.getReader)&&"web-like"}function l(e){return Uint8Array.prototype.isPrototypeOf(e)}function y(e){if(1===e.length)return e[0];let t=0;for(let r=0;r(await this[n],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},o.prototype.readToEnd=async function(e){await this[n];const t=e(this.slice(this[a]));return this.length=0,t},o.prototype.clone=function(){const e=new o;return e[n]=this[n].then((()=>{e.push(...this)})),e},h.prototype.write=async function(e){this.stream.push(e)},h.prototype.close=async function(){this.stream[i]()},h.prototype.abort=async function(e){return this.stream[s](e),e},h.prototype.releaseLock=function(){},"object"==typeof t.process&&t.process.versions;const f=new WeakSet,g=Symbol("externalBuffer");function p(e){if(this.stream=e,e[g]&&(this[g]=e[g].slice()),c(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(u(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||f.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{f.add(e)}catch(e){}}}function d(e){return u(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function A(e){if(u(e))return e;const t=new o;return(async()=>{const r=Q(t);await r.write(e),await r.close()})(),t}function w(e){return e.some((e=>u(e)&&!c(e)))?function(e){e=e.map(d);const t=k((async function(e){await Promise.all(n.map((t=>D(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>v(n,((n,s)=>(r=r.then((()=>m(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>c(e)))?function(e){const t=new o;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>m(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):y(e)}async function m(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(u(e)&&!c(e)){e=d(e);try{if(e[g]){const r=Q(t);for(let t=0;t{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function E(e,t=()=>{},r=()=>{}){if(c(e)){const n=new o;return(async()=>{const i=Q(n);try{const n=await P(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?w([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(u(e))return b(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?w([n,i]):void 0!==n?n:i}function v(e,t){if(u(e)&&!c(e)){let r;const n=new TransformStream({start(e){r=e}}),i=m(e,n.writable),s=k((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=A(e);const r=new o;return t(e,r),r}function B(e,t){let r;const n=v(e,((e,i)=>{const s=x(e);s.remainder=()=>(s.releaseLock(),m(e,i),n),r=t(s)}));return r}function I(e){if(c(e))return e.clone();if(u(e)){const t=function(e){if(c(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(u(e)){const t=d(e).tee();return t[0][g]=t[1][g]=e[g],t}return[C(e),C(e)]}(e);return K(e,t[0]),t[1]}return C(e)}function S(e){return c(e)?I(e):u(e)?new ReadableStream({start(t){const r=v(e,(async(e,r)=>{const n=x(e),i=Q(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));K(e,r)}}):C(e)}function K(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function C(e,t=0,r=1/0){if(c(e))throw Error("Not implemented");if(u(e)){if(t>=0&&r>=0){let n=0;return b(e,{transform(e,i){n=t&&i.enqueue(C(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return E(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>C(w(n),t,r)))}if(0===t&&r<0){let n;return E(e,(e=>{const i=n?w([n,e]):e;if(i.length>=-r)return n=C(i,r),C(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),U((async()=>C(await P(e),t,r)))}return e[g]&&(e=w(e[g].concat([e]))),l(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=w){return c(e)?e.readToEnd(t):u(e)?x(e).readToEnd(t):e}async function D(e,t){if(u(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function U(e){const t=new o;return(async()=>{const r=Q(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new p(e)}function Q(e){return new h(e)}p.prototype.read=async function(){if(this[g]&&this[g].length){return{done:!1,value:this[g].shift()}}return this._read()},p.prototype.releaseLock=function(){this[g]&&(this.stream[g]=this[g]),this._releaseLock()},p.prototype.cancel=function(e){return this._cancel(e)},p.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?w(t):void 0;const i=n.indexOf("\n")+1;i&&(e=w(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},p.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(C(t,1)),r},p.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?w(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=w(t);return this.unshift(C(r,e)),C(r,0,e)}}},p.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},p.prototype.unshift=function(...e){this[g]||(this[g]=[]),1===e.length&&l(e[0])&&this[g].length&&e[0].length&&this[g][0].byteOffset>=e[0].length?this[g][0]=new Uint8Array(this[g][0].buffer,this[g][0].byteOffset-e[0].length,this[g][0].byteLength+e[0].length):this[g].unshift(...e.filter((e=>e&&e.length)))},p.prototype.readToEnd=async function(e=w){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const R=Symbol("byValue");var L={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[R]||(e[R]=[],Object.entries(e).forEach((([t,r])=>{e[R][r]=t}))),void 0!==e[R][t])return e[R][t];throw Error("Invalid enum value.")}},T={preferredHashAlgorithm:L.hash.sha512,preferredSymmetricAlgorithm:L.symmetric.aes256,preferredCompressionAlgorithm:L.compression.uncompressed,aeadProtect:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:L.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:L.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([L.symmetric.aes128,L.symmetric.aes192,L.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.0.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([L.hash.md5,L.hash.ripemd]),rejectMessageHashAlgorithms:new Set([L.hash.md5,L.hash.ripemd,L.hash.sha1]),rejectPublicKeyAlgorithms:new Set([L.publicKey.elgamal,L.publicKey.dsa]),rejectCurves:new Set([L.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),N={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:l,isStream:u,getNobleCurve:async(e,t)=>{if(!T.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return Vu}));switch(e){case L.publicKey.ecdh:case L.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case L.publicKey.x448:return r.get("x448");case L.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r>8*(t-n-1)&255;return r},readDate:function(e){const t=N.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return N.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return N.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.lengtht)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=N.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return N.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return E(e,(e=>{if(!N.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return E(e,r,(()=>r(new Uint8Array,!0)))},concat:w,concatUint8Array:y,equalsUint8Array:function(e,t){if(!N.isUint8Array(e)||!N.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const e=void 0!==t&&t.crypto&&t.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!e)throw Error("The WebCrypto API is not available");return e},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!N.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return E(e,(e=>{let r;t&&(e=N.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return E(e,(e=>{let r;13===(e=t&&10!==e[0]?N.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n{t=N.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=H(t.subarray(0,i));for(let e=0;et.length?H(t)+"\n":""))}function _(e){let t="";return E(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=O(t.substr(0,i));return t=t.substr(i),s}),(()=>O(t)))}function G(e){return _(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=z(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?L.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?L.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?L.armor.signed:/MESSAGE/.test(t[1])?L.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?L.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?L.armor.privateKey:/SIGNATURE/.test(t[1])?L.armor.signature:void 0}function V(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function J(e){const t=function(e){let t=13501623;return E(e,(e=>{const r=W?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^Y[1][t>>16&255]^Y[2][t>>8&255]^Y[3][255&t];for(let n=4*r;n>8^Y[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return z(t)}F?(H=e=>F.from(e).toString("base64"),O=e=>{const t=F.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(H=e=>btoa(N.uint8ArrayToString(e)),O=e=>N.stringToUint8Array(atob(e)));const Y=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);Y[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)Y[1][e]=Y[0][e]>>8^Y[0][255&Y[0][e]];for(let e=0;e<=255;e++)Y[2][e]=Y[1][e]>>8^Y[0][255&Y[1][e]];for(let e=0;e<=255;e++)Y[3][e]=Y[2][e]>>8^Y[0][255&Y[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Z(e){for(let t=0;t=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,h=a,u=[];const l=_(v(e,(async(e,y)=>{const f=x(e);try{for(;;){let e=await f.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=N.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==L.armor.signed||(n.test(e)?(u=u.join("\r\n"),c=!0,Z(h),h=[],o=!1):u.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if(Z(h),o=!0,c||s!==L.armor.signed){t({text:u,data:l,headers:a,type:s});break}}else h.push(e);else n.test(e)&&(s=q(e))}}catch(e){return void r(e)}const g=Q(y);try{for(;;){await g.ready;const{done:e,value:t}=await f.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await f.readToEnd();e.length||(e=""),e=r+e,e=N.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=$(t[0].slice(0,-1));await g.write(i);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(c(e.data)&&(e.data=await P(e.data)),e)))}function ee(e,t,r,n,i,s=!1,a=T){let o,c;e===L.armor.signed&&(o=t.text,c=t.hash,t=t.data);const h=s&&S(t),u=[];switch(e){case L.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case L.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case L.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push(c?`Hash: ${c}\n\n`:"\n"),u.push(o.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP SIGNATURE-----\n");break;case L.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP MESSAGE-----\n");break;case L.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case L.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case L.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(V(i,a)),u.push(z(t)),h&&u.push("=",J(h)),u.push("-----END PGP SIGNATURE-----\n")}return N.concat(u)}async function te(e){switch(e){case L.symmetric.aes128:case L.symmetric.aes192:case L.symmetric.aes256:throw Error("Not a legacy cipher");case L.symmetric.cast5:case L.symmetric.blowfish:case L.symmetric.twofish:case L.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return cl})),r=t.get(e);if(!r)throw Error("Unsupported cipher algorithm");return r}default:throw Error("Unsupported cipher algorithm")}}function re(e){switch(e){case L.symmetric.aes128:case L.symmetric.aes192:case L.symmetric.aes256:case L.symmetric.twofish:return 16;case L.symmetric.blowfish:case L.symmetric.cast5:case L.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function ne(e){switch(e){case L.symmetric.aes128:case L.symmetric.blowfish:case L.symmetric.cast5:return 16;case L.symmetric.aes192:case L.symmetric.tripledes:return 24;case L.symmetric.aes256:case L.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function ie(e){return{keySize:ne(e),blockSize:re(e)}}var se=/*#__PURE__*/Object.freeze({__proto__:null,getCipherParams:ie,getLegacyCipher:te});function ae(e,t){let r=e[0],n=e[1],i=e[2],s=e[3];r=ce(r,n,i,s,t[0],7,-680876936),s=ce(s,r,n,i,t[1],12,-389564586),i=ce(i,s,r,n,t[2],17,606105819),n=ce(n,i,s,r,t[3],22,-1044525330),r=ce(r,n,i,s,t[4],7,-176418897),s=ce(s,r,n,i,t[5],12,1200080426),i=ce(i,s,r,n,t[6],17,-1473231341),n=ce(n,i,s,r,t[7],22,-45705983),r=ce(r,n,i,s,t[8],7,1770035416),s=ce(s,r,n,i,t[9],12,-1958414417),i=ce(i,s,r,n,t[10],17,-42063),n=ce(n,i,s,r,t[11],22,-1990404162),r=ce(r,n,i,s,t[12],7,1804603682),s=ce(s,r,n,i,t[13],12,-40341101),i=ce(i,s,r,n,t[14],17,-1502002290),n=ce(n,i,s,r,t[15],22,1236535329),r=he(r,n,i,s,t[1],5,-165796510),s=he(s,r,n,i,t[6],9,-1069501632),i=he(i,s,r,n,t[11],14,643717713),n=he(n,i,s,r,t[0],20,-373897302),r=he(r,n,i,s,t[5],5,-701558691),s=he(s,r,n,i,t[10],9,38016083),i=he(i,s,r,n,t[15],14,-660478335),n=he(n,i,s,r,t[4],20,-405537848),r=he(r,n,i,s,t[9],5,568446438),s=he(s,r,n,i,t[14],9,-1019803690),i=he(i,s,r,n,t[3],14,-187363961),n=he(n,i,s,r,t[8],20,1163531501),r=he(r,n,i,s,t[13],5,-1444681467),s=he(s,r,n,i,t[2],9,-51403784),i=he(i,s,r,n,t[7],14,1735328473),n=he(n,i,s,r,t[12],20,-1926607734),r=ue(r,n,i,s,t[5],4,-378558),s=ue(s,r,n,i,t[8],11,-2022574463),i=ue(i,s,r,n,t[11],16,1839030562),n=ue(n,i,s,r,t[14],23,-35309556),r=ue(r,n,i,s,t[1],4,-1530992060),s=ue(s,r,n,i,t[4],11,1272893353),i=ue(i,s,r,n,t[7],16,-155497632),n=ue(n,i,s,r,t[10],23,-1094730640),r=ue(r,n,i,s,t[13],4,681279174),s=ue(s,r,n,i,t[0],11,-358537222),i=ue(i,s,r,n,t[3],16,-722521979),n=ue(n,i,s,r,t[6],23,76029189),r=ue(r,n,i,s,t[9],4,-640364487),s=ue(s,r,n,i,t[12],11,-421815835),i=ue(i,s,r,n,t[15],16,530742520),n=ue(n,i,s,r,t[2],23,-995338651),r=le(r,n,i,s,t[0],6,-198630844),s=le(s,r,n,i,t[7],10,1126891415),i=le(i,s,r,n,t[14],15,-1416354905),n=le(n,i,s,r,t[5],21,-57434055),r=le(r,n,i,s,t[12],6,1700485571),s=le(s,r,n,i,t[3],10,-1894986606),i=le(i,s,r,n,t[10],15,-1051523),n=le(n,i,s,r,t[1],21,-2054922799),r=le(r,n,i,s,t[8],6,1873313359),s=le(s,r,n,i,t[15],10,-30611744),i=le(i,s,r,n,t[6],15,-1560198380),n=le(n,i,s,r,t[13],21,1309151649),r=le(r,n,i,s,t[4],6,-145523070),s=le(s,r,n,i,t[11],10,-1120210379),i=le(i,s,r,n,t[2],15,718787259),n=le(n,i,s,r,t[9],21,-343485551),e[0]=pe(r,e[0]),e[1]=pe(n,e[1]),e[2]=pe(i,e[2]),e[3]=pe(s,e[3])}function oe(e,t,r,n,i,s){return t=pe(pe(t,e),pe(n,s)),pe(t<>>32-i,r)}function ce(e,t,r,n,i,s,a){return oe(t&r|~t&n,e,t,i,s,a)}function he(e,t,r,n,i,s,a){return oe(t&n|r&~n,e,t,i,s,a)}function ue(e,t,r,n,i,s,a){return oe(t^r^n,e,t,i,s,a)}function le(e,t,r,n,i,s,a){return oe(r^(t|~n),e,t,i,s,a)}function ye(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const fe="0123456789abcdef".split("");function ge(e){let t="",r=0;for(;r<4;r++)t+=fe[e>>8*r+4&15]+fe[e>>8*r&15];return t}function pe(e,t){return e+t&4294967295}const de=N.getWebCrypto(),Ae=N.getNodeCrypto(),we=Ae&&Ae.getHashes();function me(e){if(Ae&&we.includes(e))return async function(t){const r=Ae.createHash(e);return E(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function be(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return Kl})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(c(e)&&(e=await P(e)),N.isStream(e)){const t=(await r()).create();return E(e,(e=>{t.update(e)}),(()=>t.digest()))}if(de&&t)return new Uint8Array(await de.digest(t,e));return(await r())(e)}}var ke={md5:me("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let n;for(n=64;n<=e.length;n+=64)ae(r,ye(e.substring(n-64,n)));e=e.substring(n-64);const i=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(n=0;n>2]|=e.charCodeAt(n)<<(n%4<<3);if(i[n>>2]|=128<<(n%4<<3),n>55)for(ae(r,i),n=0;n<16;n++)i[n]=0;return i[14]=8*t,ae(r,i),r}(N.uint8ArrayToString(e));return N.hexToUint8Array(function(e){for(let t=0;t0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Be(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Ie(e,t){ve(e);const r=t.outputLen;if(e.lengthnew Uint8Array(e.buffer,e.byteOffset,e.byteLength),Ke=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),Ce=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function Pe(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!Ee(e))throw Error("Uint8Array expected, got "+typeof e);e=Re(e)}return e}function De(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n(Object.assign(t,e),t);function xe(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function Qe(e){return e.byteOffset%4==0}function Re(e){return Uint8Array.from(e)}function Le(...e){for(let t=0;t(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class He{constructor(e,t){this.blockLen=Te,this.outputLen=Te,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ve(e=Pe(e),16);const r=Ce(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Fe(n),s1:Fe(i),s2:Fe(s),s3:Fe(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(u=s)<<31|(l=a)>>>1,s2:(h=i)<<31|u>>>1,s1:(c=n)<<31|h>>>1,s0:c>>>1^225<<24&-(1&l)});var c,h,u,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const f=128/y,g=this.windowSize=2**y,p=[];for(let e=0;e>>y-a-1&1))continue;const{s0:c,s1:h,s2:u,s3:l}=o[y*e+a];r^=c,n^=h,i^=u,s^=l}p.push({s0:r,s1:n,s2:i,s3:s})}this.t=p}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,h=0,u=0;const l=(1<>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:f,s2:g,s3:p}=s[y*a+r];o^=n,c^=f,h^=g,u^=p,y+=1}}this.s0=o,this.s1=c,this.s2=h,this.s3=u}update(e){e=Pe(e),Be(this);const t=Ke(e),r=Math.floor(e.length/Te),n=e.length%Te;for(let e=0;e>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Re(e=Pe(e)));super(r,t),Le(r)}update(e){e=Pe(e),Be(this);const t=Ke(e),r=e.length%Te,n=Math.floor(e.length/Te);for(let e=0;ee(r,t.length).update(Pe(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const _e=ze(((e,t)=>new He(e,t)));ze(((e,t)=>new Oe(e,t)));const Ge=16,je=new Uint8Array(Ge),qe=283;function Ve(e){return e<<1^qe&-(e>>7)}function Je(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ve(e);return r}const Ye=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ve(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return Le(e),t})(),We=/* @__PURE__ */Ye.map(((e,t)=>Ye.indexOf(t))),Ze=e=>e<<24|e>>>8,$e=e=>e<<8|e>>>24,Xe=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function et(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map($e),i=n.map($e),s=i.map($e),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let h=0;h<256;h++){const u=256*t+h;a[u]=r[t]^n[h],o[u]=i[t]^s[h],c[u]=e[t]<<8|e[h]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const tt=/* @__PURE__ */et(Ye,(e=>Je(e,3)<<24|e<<16|e<<8|Je(e,2))),rt=/* @__PURE__ */et(We,(e=>Je(e,11)<<24|Je(e,13)<<16|Je(e,9)<<8|Je(e,14))),nt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ve(r))e[t]=r;return e})();function it(e){ve(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=tt,n=[];Qe(e)||n.push(e=Re(e));const i=Ke(e),s=i.length,a=e=>ot(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}return Le(...n),o}function st(e){const t=it(e),r=t.slice(),n=t.length,{sbox2:i}=tt,{T0:s,T1:a,T2:o,T3:c}=rt;for(let e=0;e>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function at(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function ot(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function ct(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=tt;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const h=e.length/4-2;for(let s=0;s=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:h,s3:u}=ct(e,a[0],a[1],a[2],a[3]))}const f=Ge*Math.floor(l.length/4);if(f>>0,o.setUint32(u,y,t),({s0:f,s1:g,s2:p,s3:d}=ct(e,a[0],a[1],a[2],a[3]));const A=Ge*Math.floor(c.length/4);if(Ar(e,t),decrypt:(e,t)=>r(e,t)}}));const gt=Ue({blockSize:16,nonceLength:16},(function(e,t,r={}){ve(e),ve(t,16);const n=!r.disablePadding;return{encrypt(r,i){const s=it(e),{b:a,o,out:c}=function(e,t,r){ve(e);let n=e.length;const i=n%Ge;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Qe(e)||(e=Re(e));const s=Ke(e);if(t){let e=Ge-i;e||(e=Ge),n+=e}const a=ut(n,r);return{b:s,o:Ke(a),out:a}}(r,n,i);let h=t;const u=[s];Qe(h)||u.push(h=Re(h));const l=Ke(h);let y=l[0],f=l[1],g=l[2],p=l[3],d=0;for(;d+4<=a.length;)y^=a[d+0],f^=a[d+1],g^=a[d+2],p^=a[d+3],({s0:y,s1:f,s2:g,s3:p}=ct(s,y,f,g,p)),o[d++]=y,o[d++]=f,o[d++]=g,o[d++]=p;if(n){const e=function(e){const t=new Uint8Array(16),r=Ke(t);t.set(e);const n=Ge-e.length;for(let e=Ge-n;e16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;tr(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const dt=Ue({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(ve(e),ve(t),void 0!==r&&ve(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const n=16;function i(e,t,n){const i=function(e,t,r,n,i){const s=null==i?0:i.length,a=e.create(r,n.length+s);i&&a.update(i),a.update(n);const o=new Uint8Array(16),c=Ce(o);i&&xe(c,0,BigInt(8*s),t),xe(c,8,BigInt(8*n.length),t),a.update(o);const h=a.digest();return Le(o),h}(_e,!1,e,n,r);for(let e=0;e=2**32)throw Error("plaintext should be less than 4gb");const r=it(e);if(16===t.length)wt(r,t);else{const e=Ke(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t=2**32)throw Error("ciphertext should be less than 4gb");const r=st(e),n=t.length/8-1;if(1===n)mt(r,t);else{const e=Ke(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=Xe(a);const{s0:n,s1:o,s2:c,s3:h}=ht(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=h}e[0]=i,e[1]=s}r.fill(0)}},kt=new Uint8Array(8).fill(166),Et=Ue({blockSize:8},(e=>({encrypt(t){if(ve(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Bt.importKey("raw",this.key,r,!1,["encrypt"]);const n=await Bt.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=N.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=N.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return Dt(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),Dt(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Dt(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(N.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Dt(t,e),this.clearSensitiveData(),t}}class Pt{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=ie(t);this.key=vt.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=Ut(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=Ut(e),r=new Uint8Array(e.length),n=Ut(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=vt.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=N.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Dt(e,t){const r=Math.min(e.length,t.length);for(let n=0;nnew Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));var xt=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n){const i=L.read(L.symmetric,e);if(It&&Kt[i])return function(e,t,r,n){const i=L.read(L.symmetric,e),s=new It.createDecipheriv(Kt[i],t,n);return E(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(N.isAES(e))return async function(e,t,r,n){if(N.isStream(r)){const i=new Pt(!1,e,t,n);return E(r,(e=>i.processChunk(e)),(()=>i.finish()))}return pt(t,n).decrypt(r)}(e,t,r,n);const s=new(await te(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const h=e=>{e&&(c=N.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;rnew Uint8Array(s.update(e))))}(e,t,r,n);if(N.isAES(e))return async function(e,t,r,n){if(Bt&&await Ct.isSupported(e)){const i=new Ct(e,t,n);return N.isStream(r)?E(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(N.isStream(r)){const i=new Pt(!0,e,t,n);return E(r,(e=>i.processChunk(e)),(()=>i.finish()))}return pt(t,n).encrypt(r)}(e,t,r,n);const a=new(await te(e))(t),o=a.blockSize,c=n.slice();let h=new Uint8Array;const u=e=>{e&&(h=N.concatUint8Array([h,e]));const t=new Uint8Array(h.length);let r,n=0;for(;e?h.length>=o:h.length;){const e=a.encrypt(c);for(r=0;ri.encrypt(e),a=e=>i.decrypt(e);let o;function c(e,t,r,i){const a=t.length/$t|0;!function(e,t){const r=N.nbits(Math.max(e.length,t.length)/$t|0)-1;for(let e=n+1;e<=r;e++)o[e]=N.double(o[e-1]);n=r}(t,i);const c=N.concatUint8Array([nr.subarray(0,15-r.length),ir,r]),h=63&c[15];c[15]&=192;const u=s(c),l=N.concatUint8Array([u,rr(u.subarray(0,8),u.subarray(1,9))]),y=N.shiftRight(l.subarray(0+(h>>3),17+(h>>3)),8-(7&h)).subarray(1),f=new Uint8Array($t),g=new Uint8Array(t.length+Xt);let p,d=0;for(p=0;p{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function dr(e,t){const r=e%t;return rfr;){const e=n&gr;n>>=gr;s=e?s*i%r:s,i=i*i%r}return s}function wr(e){return e>=fr?e:-e}function mr(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=wr(e),o=wr(t);const c=eNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function kr(e,t){return(e>>BigInt(t)&gr)===fr?0:1}function Er(e){const t=e>=gr)!==t;)r++;return r}function vr(e){const t=e>=r)!==t;)n++;return n}function Br(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;oe&&(a=dr(a,i<dr(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return Ar(t,e-Pr,e)===Pr}(e)&&!!function(e,t){const r=Er(e);t||(t=Math.max(1,r/48|0));const n=e-Pr;let i=0;for(;!kr(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=Ar(Kr(BigInt(2),n),s,e);if(r!==Pr&&r!==n){for(t=1;tBigInt(e)));const Qr=[];function Rr(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!n;if(t)return N.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Tr(e,t,r){let n;if(t.length!==ke.getHashByteLength(e))throw Error("Invalid hash length");const i=new Uint8Array(Qr[e].length);for(n=0;n=t)throw Error("Data too large.");const c=dr(n,s-Hr),h=dr(n,i-Hr),u=Kr(BigInt(2),t),l=Ar(mr(u,t),r,t);e=dr(e*l,t);const y=Ar(e,h,i),f=Ar(e,c,s),g=dr(a*(f-y),s);let p=g*i+y;return p=dr(p*u,t),Lr(Br(p,"be",vr(t)),o)}(e,t,r,n,i,s,a,o)},encrypt:async function(e,t,r){return N.getNodeCrypto()?async function(e,t,r){const n=zr(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:Fr.constants.RSA_PKCS1_PADDING};return new Uint8Array(Fr.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=pr(t),e=pr(Rr(e,vr(t))),r=pr(r),e>=t)throw Error("Message size cannot exceed modulus size");return Br(Ar(e,r,t),"be",vr(t))}(e,t,r)},generate:async function(e,t){if(t=BigInt(t),N.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:Br(t),hash:{name:"SHA-1"}},n=await Nr.generateKey(r,!0,["sign","verify"]);return _r(await Nr.exportKey("jwk",n.privateKey),t)}if(N.getNodeCrypto()){const r={modulusLength:e,publicExponent:br(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{Fr.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return _r(n,t)}let r,n,i;do{n=Dr(e-(e>>1),t,40),r=Dr(e>>1,t,40),i=r*n}while(Er(i)!==e);const s=(r-Hr)*(n-Hr);return n=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!N.isStream(t))if(N.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await Or(r,n,i,s,a,o),h={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},u=await Nr.importKey("jwk",c,h,!1,["sign"]);return new Uint8Array(await Nr.sign("RSASSA-PKCS1-v1_5",u,t))}(L.read(L.webHash,e),t,r,n,i,s,a,o)}catch(e){N.printDebugError(e)}else if(N.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=Fr.createSign(L.read(L.hash,e));c.write(t),c.end();const h=await Or(r,n,i,s,a,o);return new Uint8Array(c.sign({key:h,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=pr(t);const i=pr(Tr(e,n,vr(t)));return r=pr(r),Br(Ar(i,r,t),"be",vr(t))}(e,r,i,c)},validateParams:async function(e,t,r,n,i,s){if(e=pr(e),(n=pr(n))*(i=pr(i))!==e)return!1;const a=BigInt(2);if(dr(n*(s=pr(s)),i)!==BigInt(1))return!1;t=pr(t),r=pr(r);const o=Kr(a,a<=r)throw Error("Signature size cannot exceed modulus size");const s=Br(Ar(t,n,r),"be",vr(r)),a=Tr(e,i,vr(r));return N.equalsUint8Array(s,a)}(e,r,n,i,s)}});const jr=BigInt(1);var qr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i){return e=pr(e),t=pr(t),r=pr(r),Lr(Br(dr(mr(Ar(e,n=pr(n),r),r)*t,r),"be",vr(r)),i)},encrypt:async function(e,t,r,n){t=pr(t),r=pr(r),n=pr(n);const i=pr(Rr(e,vr(t))),s=Kr(jr,t-jr);return{c1:Br(Ar(r,s,t)),c2:Br(dr(Ar(n,s,t)*i,t))}},validateParams:async function(e,t,r,n){if(e=pr(e),t=pr(t),r=pr(r),t<=jr||t>=e)return!1;const i=BigInt(Er(e));if(i>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=n>>24&255,e[t+5]=n>>16&255,e[t+6]=n>>8&255,e[t+7]=255&n}function cn(e,t,r,n){return function(e,t,r,n,i){var s,a=0;for(s=0;s>>8)-1}(e,t,r,n,32)}function hn(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function un(e){var t,r,n=1;for(t=0;t<16;t++)r=e[t]+n+65535,n=Math.floor(r/65536),e[t]=r-65536*n;e[0]+=n-1+37*(n-1)}function ln(e,t,r){for(var n,i=~(r-1),s=0;s<16;s++)n=i&(e[s]^t[s]),e[s]^=n,t[s]^=n}function yn(e,t){var r,n,i,s=Yr(),a=Yr();for(r=0;r<16;r++)a[r]=t[r];for(un(a),un(a),un(a),n=0;n<2;n++){for(s[0]=a[0]-65517,r=1;r<15;r++)s[r]=a[r]-65535-(s[r-1]>>16&1),s[r-1]&=65535;s[15]=a[15]-32767-(s[14]>>16&1),i=s[15]>>16&1,s[14]&=65535,ln(a,s,1-i)}for(r=0;r<16;r++)e[2*r]=255&a[r],e[2*r+1]=a[r]>>8}function fn(e,t){var r=new Uint8Array(32),n=new Uint8Array(32);return yn(r,e),yn(n,t),cn(r,0,n,0)}function gn(e){var t=new Uint8Array(32);return yn(t,e),1&t[0]}function pn(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function dn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]+r[n]}function An(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]-r[n]}function wn(e,t,r){var n,i,s=0,a=0,o=0,c=0,h=0,u=0,l=0,y=0,f=0,g=0,p=0,d=0,A=0,w=0,m=0,b=0,k=0,E=0,v=0,B=0,I=0,S=0,K=0,C=0,P=0,D=0,U=0,x=0,Q=0,R=0,L=0,T=r[0],M=r[1],N=r[2],F=r[3],H=r[4],O=r[5],z=r[6],_=r[7],G=r[8],j=r[9],q=r[10],V=r[11],J=r[12],Y=r[13],W=r[14],Z=r[15];s+=(n=t[0])*T,a+=n*M,o+=n*N,c+=n*F,h+=n*H,u+=n*O,l+=n*z,y+=n*_,f+=n*G,g+=n*j,p+=n*q,d+=n*V,A+=n*J,w+=n*Y,m+=n*W,b+=n*Z,a+=(n=t[1])*T,o+=n*M,c+=n*N,h+=n*F,u+=n*H,l+=n*O,y+=n*z,f+=n*_,g+=n*G,p+=n*j,d+=n*q,A+=n*V,w+=n*J,m+=n*Y,b+=n*W,k+=n*Z,o+=(n=t[2])*T,c+=n*M,h+=n*N,u+=n*F,l+=n*H,y+=n*O,f+=n*z,g+=n*_,p+=n*G,d+=n*j,A+=n*q,w+=n*V,m+=n*J,b+=n*Y,k+=n*W,E+=n*Z,c+=(n=t[3])*T,h+=n*M,u+=n*N,l+=n*F,y+=n*H,f+=n*O,g+=n*z,p+=n*_,d+=n*G,A+=n*j,w+=n*q,m+=n*V,b+=n*J,k+=n*Y,E+=n*W,v+=n*Z,h+=(n=t[4])*T,u+=n*M,l+=n*N,y+=n*F,f+=n*H,g+=n*O,p+=n*z,d+=n*_,A+=n*G,w+=n*j,m+=n*q,b+=n*V,k+=n*J,E+=n*Y,v+=n*W,B+=n*Z,u+=(n=t[5])*T,l+=n*M,y+=n*N,f+=n*F,g+=n*H,p+=n*O,d+=n*z,A+=n*_,w+=n*G,m+=n*j,b+=n*q,k+=n*V,E+=n*J,v+=n*Y,B+=n*W,I+=n*Z,l+=(n=t[6])*T,y+=n*M,f+=n*N,g+=n*F,p+=n*H,d+=n*O,A+=n*z,w+=n*_,m+=n*G,b+=n*j,k+=n*q,E+=n*V,v+=n*J,B+=n*Y,I+=n*W,S+=n*Z,y+=(n=t[7])*T,f+=n*M,g+=n*N,p+=n*F,d+=n*H,A+=n*O,w+=n*z,m+=n*_,b+=n*G,k+=n*j,E+=n*q,v+=n*V,B+=n*J,I+=n*Y,S+=n*W,K+=n*Z,f+=(n=t[8])*T,g+=n*M,p+=n*N,d+=n*F,A+=n*H,w+=n*O,m+=n*z,b+=n*_,k+=n*G,E+=n*j,v+=n*q,B+=n*V,I+=n*J,S+=n*Y,K+=n*W,C+=n*Z,g+=(n=t[9])*T,p+=n*M,d+=n*N,A+=n*F,w+=n*H,m+=n*O,b+=n*z,k+=n*_,E+=n*G,v+=n*j,B+=n*q,I+=n*V,S+=n*J,K+=n*Y,C+=n*W,P+=n*Z,p+=(n=t[10])*T,d+=n*M,A+=n*N,w+=n*F,m+=n*H,b+=n*O,k+=n*z,E+=n*_,v+=n*G,B+=n*j,I+=n*q,S+=n*V,K+=n*J,C+=n*Y,P+=n*W,D+=n*Z,d+=(n=t[11])*T,A+=n*M,w+=n*N,m+=n*F,b+=n*H,k+=n*O,E+=n*z,v+=n*_,B+=n*G,I+=n*j,S+=n*q,K+=n*V,C+=n*J,P+=n*Y,D+=n*W,U+=n*Z,A+=(n=t[12])*T,w+=n*M,m+=n*N,b+=n*F,k+=n*H,E+=n*O,v+=n*z,B+=n*_,I+=n*G,S+=n*j,K+=n*q,C+=n*V,P+=n*J,D+=n*Y,U+=n*W,x+=n*Z,w+=(n=t[13])*T,m+=n*M,b+=n*N,k+=n*F,E+=n*H,v+=n*O,B+=n*z,I+=n*_,S+=n*G,K+=n*j,C+=n*q,P+=n*V,D+=n*J,U+=n*Y,x+=n*W,Q+=n*Z,m+=(n=t[14])*T,b+=n*M,k+=n*N,E+=n*F,v+=n*H,B+=n*O,I+=n*z,S+=n*_,K+=n*G,C+=n*j,P+=n*q,D+=n*V,U+=n*J,x+=n*Y,Q+=n*W,R+=n*Z,b+=(n=t[15])*T,a+=38*(E+=n*N),o+=38*(v+=n*F),c+=38*(B+=n*H),h+=38*(I+=n*O),u+=38*(S+=n*z),l+=38*(K+=n*_),y+=38*(C+=n*G),f+=38*(P+=n*j),g+=38*(D+=n*q),p+=38*(U+=n*V),d+=38*(x+=n*J),A+=38*(Q+=n*Y),w+=38*(R+=n*W),m+=38*(L+=n*Z),s=(n=(s+=38*(k+=n*M))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s=(n=(s+=i-1+37*(i-1))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s+=i-1+37*(i-1),e[0]=s,e[1]=a,e[2]=o,e[3]=c,e[4]=h,e[5]=u,e[6]=l,e[7]=y,e[8]=f,e[9]=g,e[10]=p,e[11]=d,e[12]=A,e[13]=w,e[14]=m,e[15]=b}function mn(e,t){wn(e,t,t)}function bn(e,t){var r,n=Yr();for(r=0;r<16;r++)n[r]=t[r];for(r=253;r>=0;r--)mn(n,n),2!==r&&4!==r&&wn(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}function kn(e,t,r){var n,i,s=new Uint8Array(32),a=new Float64Array(80),o=Yr(),c=Yr(),h=Yr(),u=Yr(),l=Yr(),y=Yr();for(i=0;i<31;i++)s[i]=t[i];for(s[31]=127&t[31]|64,s[0]&=248,pn(a,r),i=0;i<16;i++)c[i]=a[i],u[i]=o[i]=h[i]=0;for(o[0]=u[0]=1,i=254;i>=0;--i)ln(o,c,n=s[i>>>3]>>>(7&i)&1),ln(h,u,n),dn(l,o,h),An(o,o,h),dn(h,c,u),An(c,c,u),mn(u,l),mn(y,o),wn(o,h,o),wn(h,c,l),dn(l,o,h),An(o,o,h),mn(c,o),An(h,u,y),wn(o,h,en),dn(o,o,u),wn(h,h,o),wn(o,u,y),wn(u,c,a),mn(c,l),ln(o,c,n),ln(h,u,n);for(i=0;i<16;i++)a[i+16]=o[i],a[i+32]=h[i],a[i+48]=c[i],a[i+64]=u[i];var f=a.subarray(32),g=a.subarray(16);return bn(f,f),wn(g,g,f),yn(e,g),0}function En(e,t){return kn(e,t,Zr)}var vn=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function Bn(e,t,r,n){for(var i,s,a,o,c,h,u,l,y,f,g,p,d,A,w,m,b,k,E,v,B,I,S,K,C,P,D=new Int32Array(16),U=new Int32Array(16),x=e[0],Q=e[1],R=e[2],L=e[3],T=e[4],M=e[5],N=e[6],F=e[7],H=t[0],O=t[1],z=t[2],_=t[3],G=t[4],j=t[5],q=t[6],V=t[7],J=0;n>=128;){for(E=0;E<16;E++)v=8*E+J,D[E]=r[v+0]<<24|r[v+1]<<16|r[v+2]<<8|r[v+3],U[E]=r[v+4]<<24|r[v+5]<<16|r[v+6]<<8|r[v+7];for(E=0;E<80;E++)if(i=x,s=Q,a=R,o=L,c=T,h=M,u=N,F,y=H,f=O,g=z,p=_,d=G,A=j,w=q,V,S=65535&(I=V),K=I>>>16,C=65535&(B=F),P=B>>>16,S+=65535&(I=(G>>>14|T<<18)^(G>>>18|T<<14)^(T>>>9|G<<23)),K+=I>>>16,C+=65535&(B=(T>>>14|G<<18)^(T>>>18|G<<14)^(G>>>9|T<<23)),P+=B>>>16,S+=65535&(I=G&j^~G&q),K+=I>>>16,C+=65535&(B=T&M^~T&N),P+=B>>>16,B=vn[2*E],S+=65535&(I=vn[2*E+1]),K+=I>>>16,C+=65535&B,P+=B>>>16,B=D[E%16],K+=(I=U[E%16])>>>16,C+=65535&B,P+=B>>>16,C+=(K+=(S+=65535&I)>>>16)>>>16,S=65535&(I=k=65535&S|K<<16),K=I>>>16,C=65535&(B=b=65535&C|(P+=C>>>16)<<16),P=B>>>16,S+=65535&(I=(H>>>28|x<<4)^(x>>>2|H<<30)^(x>>>7|H<<25)),K+=I>>>16,C+=65535&(B=(x>>>28|H<<4)^(H>>>2|x<<30)^(H>>>7|x<<25)),P+=B>>>16,K+=(I=H&O^H&z^O&z)>>>16,C+=65535&(B=x&Q^x&R^Q&R),P+=B>>>16,l=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(P+=C>>>16)<<16,m=65535&S|K<<16,S=65535&(I=p),K=I>>>16,C=65535&(B=o),P=B>>>16,K+=(I=k)>>>16,C+=65535&(B=b),P+=B>>>16,Q=i,R=s,L=a,T=o=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(P+=C>>>16)<<16,M=c,N=h,F=u,x=l,O=y,z=f,_=g,G=p=65535&S|K<<16,j=d,q=A,V=w,H=m,E%16==15)for(v=0;v<16;v++)B=D[v],S=65535&(I=U[v]),K=I>>>16,C=65535&B,P=B>>>16,B=D[(v+9)%16],S+=65535&(I=U[(v+9)%16]),K+=I>>>16,C+=65535&B,P+=B>>>16,b=D[(v+1)%16],S+=65535&(I=((k=U[(v+1)%16])>>>1|b<<31)^(k>>>8|b<<24)^(k>>>7|b<<25)),K+=I>>>16,C+=65535&(B=(b>>>1|k<<31)^(b>>>8|k<<24)^b>>>7),P+=B>>>16,b=D[(v+14)%16],K+=(I=((k=U[(v+14)%16])>>>19|b<<13)^(b>>>29|k<<3)^(k>>>6|b<<26))>>>16,C+=65535&(B=(b>>>19|k<<13)^(k>>>29|b<<3)^b>>>6),P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,D[v]=65535&C|P<<16,U[v]=65535&S|K<<16;S=65535&(I=H),K=I>>>16,C=65535&(B=x),P=B>>>16,B=e[0],K+=(I=t[0])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[0]=x=65535&C|P<<16,t[0]=H=65535&S|K<<16,S=65535&(I=O),K=I>>>16,C=65535&(B=Q),P=B>>>16,B=e[1],K+=(I=t[1])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[1]=Q=65535&C|P<<16,t[1]=O=65535&S|K<<16,S=65535&(I=z),K=I>>>16,C=65535&(B=R),P=B>>>16,B=e[2],K+=(I=t[2])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[2]=R=65535&C|P<<16,t[2]=z=65535&S|K<<16,S=65535&(I=_),K=I>>>16,C=65535&(B=L),P=B>>>16,B=e[3],K+=(I=t[3])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[3]=L=65535&C|P<<16,t[3]=_=65535&S|K<<16,S=65535&(I=G),K=I>>>16,C=65535&(B=T),P=B>>>16,B=e[4],K+=(I=t[4])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[4]=T=65535&C|P<<16,t[4]=G=65535&S|K<<16,S=65535&(I=j),K=I>>>16,C=65535&(B=M),P=B>>>16,B=e[5],K+=(I=t[5])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[5]=M=65535&C|P<<16,t[5]=j=65535&S|K<<16,S=65535&(I=q),K=I>>>16,C=65535&(B=N),P=B>>>16,B=e[6],K+=(I=t[6])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[6]=N=65535&C|P<<16,t[6]=q=65535&S|K<<16,S=65535&(I=V),K=I>>>16,C=65535&(B=F),P=B>>>16,B=e[7],K+=(I=t[7])>>>16,C+=65535&B,P+=B>>>16,P+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[7]=F=65535&C|P<<16,t[7]=V=65535&S|K<<16,J+=128,n-=128}return n}function In(e,t,r){var n,i=new Int32Array(8),s=new Int32Array(8),a=new Uint8Array(256),o=r;for(i[0]=1779033703,i[1]=3144134277,i[2]=1013904242,i[3]=2773480762,i[4]=1359893119,i[5]=2600822924,i[6]=528734635,i[7]=1541459225,s[0]=4089235720,s[1]=2227873595,s[2]=4271175723,s[3]=1595750129,s[4]=2917565137,s[5]=725511199,s[6]=4215389547,s[7]=327033209,Bn(i,s,t,r),r%=128,n=0;n=0;--i)Kn(e,t,n=r[i/8|0]>>(7&i)&1),Sn(t,e),Sn(e,e),Kn(e,t,n)}function Dn(e,t){var r=[Yr(),Yr(),Yr(),Yr()];hn(r[0],nn),hn(r[1],sn),hn(r[2],Xr),wn(r[3],nn,sn),Pn(e,r,t)}function Un(e,t,r){var n,i=new Uint8Array(64),s=[Yr(),Yr(),Yr(),Yr()];for(r||Wr(t,32),In(i,t,32),i[0]&=248,i[31]&=127,i[31]|=64,Dn(s,i),Cn(e,s),n=0;n<32;n++)t[n+32]=e[n];return 0}var xn=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Qn(e,t){var r,n,i,s;for(n=63;n>=32;--n){for(r=0,i=n-32,s=n-12;i>4)*xn[i],r=t[i]>>8,t[i]&=255;for(i=0;i<32;i++)t[i]-=r*xn[i];for(n=0;n<32;n++)t[n+1]+=t[n]>>8,e[n]=255&t[n]}function Rn(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Qn(e,r)}function Ln(e,t){var r=Yr(),n=Yr(),i=Yr(),s=Yr(),a=Yr(),o=Yr(),c=Yr();return hn(e[2],Xr),pn(e[1],t),mn(i,e[1]),wn(s,i,tn),An(i,i,e[2]),dn(s,e[2],s),mn(a,s),mn(o,a),wn(c,o,a),wn(r,c,i),wn(r,r,s),function(e,t){var r,n=Yr();for(r=0;r<16;r++)n[r]=t[r];for(r=250;r>=0;r--)mn(n,n),1!==r&&wn(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}(r,r),wn(r,r,i),wn(r,r,s),wn(r,r,s),wn(e[0],r,s),mn(n,e[0]),wn(n,n,s),fn(n,i)&&wn(e[0],e[0],an),mn(n,e[0]),wn(n,n,s),fn(n,i)?-1:(gn(e[0])===t[31]>>7&&An(e[0],$r,e[0]),wn(e[3],e[0],e[1]),0)}var Tn=64;function Mn(){for(var e=0;e=0},Jr.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Un(e,t),{publicKey:e,secretKey:t}},Jr.sign.keyPair.fromSecretKey=function(e){if(Mn(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return N.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return N.uint8ArrayToHex(this.oid)}getName(){const e=Nn[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Hn(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=N.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function On(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):N.concatUint8Array([new Uint8Array([255]),N.writeNumber(e,4)])}function zn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function _n(e){return new Uint8Array([192|e])}function Gn(e,t){return N.concatUint8Array([_n(e),On(t)])}function jn(e){return[L.packet.literalData,L.packet.compressedData,L.packet.symmetricallyEncryptedData,L.packet.symEncryptedIntegrityProtectedData,L.packet.aeadEncryptedData].includes(e)}async function qn(e,t){const r=x(e);let n,i;try{const s=await r.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const a=await r.readByte();let c,h,u=-1,l=-1;l=0,64&a&&(l=1),l?u=63&a:(u=(63&a)>>2,h=3&a);const y=jn(u);let f,g=null;if(y){if("array"===N.isStream(e)){const e=new o;n=Q(e),g=e}else{const e=new TransformStream;n=Q(e.writable),g=e.readable}i=t({tag:u,packet:g})}else g=[];do{if(l){const e=await r.readByte();if(f=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),f=!0,!y)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(h){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){n&&await n.ready;const{done:t,value:i}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const s=c===1/0?i:i.subarray(0,c-e);if(n?await n.write(s):g.push(s),e+=i.length,e>=c){r.unshift(i.subarray(c-e+i.length));break}}}}while(f);const p=await r.peekBytes(y?1/0:2);return n?(await n.ready,await n.close()):(g=N.concatUint8Array(g),await t({tag:u,packet:g})),!p||!p.length}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i,r.releaseLock()}}class Vn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Vn),this.name="UnsupportedError"}}class Jn extends Vn{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Vn),this.name="UnknownPacketError"}}class Yn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function Wn(e){switch(e){case L.publicKey.ed25519:try{const e=N.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(G(n.x)),seed:G(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=Sr(Xn(e)),{publicKey:n}=Jr.sign.keyPair.fromSeed(r);return{A:n,seed:r}}case L.publicKey.ed448:{const e=await N.getNobleCurve(L.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function Zn(e,t,r,n,i,s){if(ke.getHashByteLength(t){if(e===L.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},ri=(e,t,r)=>{if(e===L.publicKey.ed25519){const n=ti(e,t);return n.d=j(r),n}throw Error("Unsupported EdDSA algorithm")};var ni=/*#__PURE__*/Object.freeze({__proto__:null,generate:Wn,getPayloadSize:Xn,getPreferredHashAlgo:ei,sign:Zn,validateParams:async function(e,t,r){switch(e){case L.publicKey.ed25519:{const{publicKey:e}=Jr.sign.keyPair.fromSeed(r);return N.equalsUint8Array(t,e)}case L.publicKey.ed448:{const e=(await N.getNobleCurve(L.publicKey.ed448)).getPublicKey(r);return N.equalsUint8Array(t,e)}default:return!1}},verify:$n});const ii=N.getWebCrypto();async function si(e,t,r){const{keySize:n}=ie(e);if(!N.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await ii.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await ii.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await ii.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;N.printDebugError("Browser did not support operation: "+e.message)}return Et(t).encrypt(r)}async function ai(e,t,r){const{keySize:n}=ie(e);if(!N.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await ii.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return N.printDebugError("Browser did not support operation: "+e.message),Et(t).decrypt(r)}try{const e=await ii.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await ii.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}var oi=/*#__PURE__*/Object.freeze({__proto__:null,unwrap:ai,wrap:si});const ci=N.getWebCrypto();async function hi(e,t,r,n,i){const s=L.read(L.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const a=await ci.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await ci.deriveBits({name:"HKDF",hash:s,salt:r,info:n},a,8*i);return new Uint8Array(o)}const ui={x25519:N.encodeUTF8("OpenPGP X25519"),x448:N.encodeUTF8("OpenPGP X448")};async function li(e){switch(e){case L.publicKey.x25519:{const e=Sr(32),{publicKey:t}=Jr.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case L.publicKey.x448:{const e=await N.getNobleCurve(L.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}function yi(e){switch(e){case L.publicKey.x25519:return 32;case L.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function fi(e,t){switch(e){case L.publicKey.x25519:{const r=Sr(yi(e)),n=Jr.scalarMult(r,t);pi(n);const{publicKey:i}=Jr.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:i,sharedSecret:n}}case L.publicKey.x448:{const e=await N.getNobleCurve(L.publicKey.x448),r=e.utils.randomPrivateKey(),n=e.getSharedSecret(r,t);pi(n);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:n}}default:throw Error("Unsupported ECDH algorithm")}}async function gi(e,t,r,n){switch(e){case L.publicKey.x25519:{const e=Jr.scalarMult(n,t);return pi(e),e}case L.publicKey.x448:{const e=(await N.getNobleCurve(L.publicKey.x448)).getSharedSecret(n,t);return pi(e),e}default:throw Error("Unsupported ECDH algorithm")}}function pi(e){let t=0;for(let r=0;r0===s[0]&&Ri(a,r,s.subarray(1),i);if(n&&!N.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=Ci(e.payloadSize,mi[e.name],s),o=await Di.importKey("jwk",a,{name:"ECDSA",namedCurve:mi[e.name],hash:{name:L.read(L.webHash,e.hash)}},!1,["verify"]),c=N.concatUint8Array([r,n]).buffer;return Di.verify({name:"ECDSA",namedCurve:mi[e.name],hash:{name:L.read(L.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;N.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=N.nodeRequire("eckey-utils"),o=N.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:ki[e.name],publicKey:o.from(s)}),h=Ui.createVerify(L.read(L.hash,t));h.write(i),h.end();const u=N.concatUint8Array([r,n]);try{return h.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},u)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await Ri(a,r,s,i)||o()}async function Ri(e,t,r,n){return(await N.getNobleCurve(L.publicKey.ecdsa,e.name)).verify(N.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var Li=/*#__PURE__*/Object.freeze({__proto__:null,sign:xi,validateParams:async function(e,t,r){const n=new vi(e);if(n.keyType!==L.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=Sr(8),i=L.hash.sha256,s=await ke.digest(i,n);try{const a=await xi(e,i,n,t,r,s);return await Qi(e,i,a,n,t,s)}catch(e){return!1}}default:return Bi(L.publicKey.ecdsa,e,t,r)}},verify:Qi});var Ti=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){if(Ii(new vi(e),n),ke.getHashByteLength(t)0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(N.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Fi=/*#__PURE__*/Object.freeze({__proto__:null,decode:Ni,encode:Mi});const Hi=N.getWebCrypto(),Oi=N.getNodeCrypto();function zi(e,t,r,n){return N.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),N.stringToUint8Array("Anonymous Sender "),n])}async function _i(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await ke.digest(e,N.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function Gi(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await fi(L.publicKey.x25519,t.subarray(1));return{publicKey:N.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&N.getWebCrypto())try{return await async function(e,t){const r=Ci(e.payloadSize,e.web,t);let n=Hi.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),i=Hi.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[n,i]=await Promise.all([n,i]);let s=Hi.deriveBits({name:"ECDH",namedCurve:e.web,public:i},n.privateKey,e.sharedSize),a=Hi.exportKey("jwk",n.publicKey);[s,a]=await Promise.all([s,a]);const o=new Uint8Array(s),c=new Uint8Array(Ki(a,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return N.printDebugError(r),Vi(e,t)}break;case"node":return async function(e,t){const r=Oi.createECDH(e.node);r.generateKeys();const n=new Uint8Array(r.computeSecret(t)),i=new Uint8Array(r.getPublicKey());return{publicKey:i,sharedKey:n}}(e,t);default:return Vi(e,t)}}async function ji(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await gi(L.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&N.getWebCrypto())try{return await async function(e,t,r,n){const i=Pi(e.payloadSize,e.web,r,n);let s=Hi.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const a=Ci(e.payloadSize,e.web,t);let o=Hi.importKey("jwk",a,{name:"ECDH",namedCurve:e.web},!0,[]);[s,o]=await Promise.all([s,o]);let c=Hi.deriveBits({name:"ECDH",namedCurve:e.web,public:o},s,e.sharedSize),h=Hi.exportKey("jwk",s);[c,h]=await Promise.all([c,h]);const u=new Uint8Array(c);return{secretKey:G(h.d),sharedKey:u}}(e,t,r,n)}catch(r){return N.printDebugError(r),qi(e,t,n)}break;case"node":return async function(e,t,r){const n=Oi.createECDH(e.node);n.setPrivateKey(r);const i=new Uint8Array(n.computeSecret(t));return{secretKey:new Uint8Array(n.getPrivateKey()),sharedKey:i}}(e,t,n);default:return qi(e,t,n)}}async function qi(e,t,r){return{secretKey:r,sharedKey:(await N.getNobleCurve(L.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Vi(e,t){const r=await N.getNobleCurve(L.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var Ji=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i,s,a){const o=new vi(e);Ii(o,i),Ii(o,r);const{sharedKey:c}=await ji(o,r,i,s),h=zi(L.publicKey.ecdh,e,t,a),{keySize:u}=ie(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await _i(t.hash,c,u,h,1===e,2===e);return Ni(await ai(t.cipher,r,n))}catch(e){l=e}throw l},encrypt:async function(e,t,r,n,i){const s=Mi(r),a=new vi(e);Ii(a,n);const{publicKey:o,sharedKey:c}=await Gi(a,n),h=zi(L.publicKey.ecdh,e,t,i),{keySize:u}=ie(t.cipher),l=await _i(t.hash,c,u,h);return{publicKey:o,wrappedKey:await si(t.cipher,l,s)}},validateParams:async function(e,t,r){return Bi(L.publicKey.ecdh,e,t,r)}}),Yi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:vi,ecdh:Ji,ecdhX:di,ecdsa:Li,eddsa:ni,eddsaLegacy:Ti,generate:async function(e){const t=new vi(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:N.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}},getPreferredHashAlgo:function(e){return Ei[e.getName()].hash}});const Wi=BigInt(0),Zi=BigInt(1);var $i=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,h,u;n=pr(n),i=pr(i),r=pr(r),s=pr(s),r=dr(r,n),s=dr(s,i);const l=dr(pr(t.subarray(0,vr(i))),i);for(;;){if(o=Kr(Zi,i),c=dr(Ar(r,o,n),i),c===a)continue;const e=dr(s*c,i);if(u=dr(l+e,i),h=dr(mr(o,i)*u,i),h!==a)break}return{r:Br(c,"be",vr(n)),s:Br(h,"be",vr(n))}},validateParams:async function(e,t,r,n,i){if(e=pr(e),t=pr(t),r=pr(r),n=pr(n),r<=Zi||r>=e)return!1;if(dr(e-Zi,t)!==Wi)return!1;if(Ar(r,t,e)!==Zi)return!1;const s=BigInt(Er(t));if(s=a||r<=Wi||r>=a)return N.printDebug("invalid DSA Signature"),!1;const c=dr(pr(n.subarray(0,vr(a))),a),h=mr(r,a);if(h===Wi)return N.printDebug("invalid DSA Signature"),!1;i=dr(i,s),o=dr(o,s);const u=dr(c*h,a),l=dr(t*h,a);return dr(dr(Ar(i,u,s)*Ar(o,l,s),s),a)===t}}),Xi={rsa:Gr,elgamal:qr,elliptic:Yi,dsa:$i};var es=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:case L.publicKey.rsaSign:{const e=N.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case L.publicKey.dsa:case L.publicKey.ecdsa:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=N.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case L.publicKey.eddsaLegacy:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=N.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case L.publicKey.ed25519:case L.publicKey.ed448:{const n=2*Xi.elliptic.eddsa.getPayloadSize(e),i=N.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}default:throw new Vn("Unknown signature algorithm.")}},sign:async function(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:case L.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:h,u}=n;return{s:await Xi.rsa.sign(t,i,e,a,o,c,h,u,s)}}case L.publicKey.dsa:{const{g:e,p:i,q:a}=r,{x:o}=n;return Xi.dsa.sign(t,s,e,i,a,o)}case L.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case L.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return Xi.elliptic.ecdsa.sign(e,t,i,a,o,s)}case L.publicKey.eddsaLegacy:{const{oid:e,Q:a}=r,{seed:o}=n;return Xi.elliptic.eddsaLegacy.sign(e,t,i,a,o,s)}case L.publicKey.ed25519:case L.publicKey.ed448:{const{A:a}=r,{seed:o}=n;return Xi.elliptic.eddsa.sign(e,t,i,a,o,s)}default:throw Error("Unknown signature algorithm.")}},verify:async function(e,t,r,n,i,s){switch(e){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:case L.publicKey.rsaSign:{const{n:e,e:a}=n,o=N.leftPad(r.s,e.length);return Xi.rsa.verify(t,i,o,e,a,s)}case L.publicKey.dsa:{const{g:e,p:i,q:a,y:o}=n,{r:c,s:h}=r;return Xi.dsa.verify(t,c,h,s,e,i,a,o)}case L.publicKey.ecdsa:{const{oid:e,Q:a}=n,o=new Xi.elliptic.CurveWithOID(e).payloadSize,c=N.leftPad(r.r,o),h=N.leftPad(r.s,o);return Xi.elliptic.ecdsa.verify(e,t,{r:c,s:h},i,a,s)}case L.publicKey.eddsaLegacy:{const{oid:e,Q:a}=n,o=new Xi.elliptic.CurveWithOID(e).payloadSize,c=N.leftPad(r.r,o),h=N.leftPad(r.s,o);return Xi.elliptic.eddsaLegacy.verify(e,t,{r:c,s:h},i,a,s)}case L.publicKey.ed25519:case L.publicKey.ed448:{const{A:a}=n;return Xi.elliptic.eddsa.verify(e,t,r,i,a,s)}default:throw Error("Unknown signature algorithm.")}}});class ts{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return N.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class rs{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new Vn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class ns{static fromObject({wrappedKey:e,algorithm:t}){const r=new ns;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=N.readExactSubarray(e,t,t+r),t+=r}write(){return N.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function is(e){try{e.getName()}catch(e){throw new Vn("Unknown curve OID")}}function ss(e,t){switch(e){case L.publicKey.ecdsa:case L.publicKey.ecdh:case L.publicKey.eddsaLegacy:return new Xi.elliptic.CurveWithOID(t).payloadSize;case L.publicKey.ed25519:case L.publicKey.ed448:return Xi.elliptic.eddsa.getPayloadSize(e);case L.publicKey.x25519:case L.publicKey.x448:return Xi.elliptic.ecdhX.getPayloadSize(e);default:throw Error("Unknown elliptic algo")}}var as=/*#__PURE__*/Object.freeze({__proto__:null,generateParams:function(e,t,r){switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:return Xi.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case L.publicKey.ecdsa:return Xi.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Fn(e),Q:t}})));case L.publicKey.eddsaLegacy:return Xi.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Fn(e),Q:t}})));case L.publicKey.ecdh:return Xi.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new Fn(e),Q:t,kdfParams:new rs({hash:n,cipher:i})}})));case L.publicKey.ed25519:case L.publicKey.ed448:return Xi.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case L.publicKey.x25519:case L.publicKey.x448:return Xi.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case L.publicKey.dsa:case L.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},generateSessionKey:function(e){const{keySize:t}=ie(e);return Sr(t)},getAEADMode:function(e){const t=L.read(L.aead,e);return yr[t]},getCipherParams:ie,getCurvePayloadSize:ss,getPreferredCurveHashAlgo:function(e,t){switch(e){case L.publicKey.ecdsa:case L.publicKey.eddsaLegacy:return Xi.elliptic.getPreferredHashAlgo(t);case L.publicKey.ed25519:case L.publicKey.ed448:return Xi.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}},getPrefixRandom:async function(e){const{blockSize:t}=ie(e),r=await Sr(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return N.concat([r,n])},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:return{c:N.readMPI(t.subarray(r))};case L.publicKey.elgamal:{const e=N.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:N.readMPI(t.subarray(r))}}case L.publicKey.ecdh:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=new ts;return n.read(t.subarray(r)),{V:e,C:n}}case L.publicKey.x25519:case L.publicKey.x448:{const n=ss(e),i=N.readExactSubarray(t,r,r+n);r+=i.length;const s=new ns;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}default:throw new Vn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let n=0;switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:{const e=N.readMPI(t.subarray(n));n+=e.length+2;const r=N.readMPI(t.subarray(n));n+=r.length+2;const i=N.readMPI(t.subarray(n));n+=i.length+2;const s=N.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case L.publicKey.dsa:case L.publicKey.elgamal:{const e=N.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case L.publicKey.ecdsa:case L.publicKey.ecdh:{const i=ss(e,r.oid);let s=N.readMPI(t.subarray(n));return n+=s.length+2,s=N.leftPad(s,i),{read:n,privateParams:{d:s}}}case L.publicKey.eddsaLegacy:{const i=ss(e,r.oid);if(r.oid.getName()!==L.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=N.readMPI(t.subarray(n));return n+=s.length+2,s=N.leftPad(s,i),{read:n,privateParams:{seed:s}}}case L.publicKey.ed25519:case L.publicKey.ed448:{const r=ss(e),i=N.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case L.publicKey.x25519:case L.publicKey.x448:{const r=ss(e),i=N.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}default:throw new Vn("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=N.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case L.publicKey.dsa:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=N.readMPI(t.subarray(r));r+=n.length+2;const i=N.readMPI(t.subarray(r));r+=i.length+2;const s=N.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case L.publicKey.elgamal:{const e=N.readMPI(t.subarray(r));r+=e.length+2;const n=N.readMPI(t.subarray(r));r+=n.length+2;const i=N.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case L.publicKey.ecdsa:{const e=new Fn;r+=e.read(t),is(e);const n=N.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case L.publicKey.eddsaLegacy:{const e=new Fn;if(r+=e.read(t),is(e),e.getName()!==L.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=N.readMPI(t.subarray(r));return r+=n.length+2,n=N.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case L.publicKey.ecdh:{const e=new Fn;r+=e.read(t),is(e);const n=N.readMPI(t.subarray(r));r+=n.length+2;const i=new rs;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case L.publicKey.ed25519:case L.publicKey.ed448:case L.publicKey.x25519:case L.publicKey.x448:{const n=N.readExactSubarray(t,r,r+ss(e));return r+=n.length,{read:r,publicParams:{A:n}}}default:throw new Vn("Unknown public key encryption algorithm.")}},publicKeyDecrypt:async function(e,t,r,n,i,s){switch(e){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:h,u}=r;return Xi.rsa.decrypt(e,i,a,o,c,h,u,s)}case L.publicKey.elgamal:{const{c1:e,c2:i}=n,a=t.p,o=r.x;return Xi.elgamal.decrypt(e,i,a,o,s)}case L.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:h}=n;return Xi.elliptic.ecdh.decrypt(e,a,c,h.data,s,o,i)}case L.publicKey.x25519:case L.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!N.isAES(o.algorithm))throw Error("AES session key expected");return Xi.elliptic.ecdhX.decrypt(e,a,o.wrappedKey,i,s)}default:throw Error("Unknown public key encryption algorithm.")}},publicKeyEncrypt:async function(e,t,r,n,i){switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await Xi.rsa.encrypt(n,e,t)}}case L.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return Xi.elgamal.encrypt(n,e,t,i)}case L.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:s}=r,{publicKey:a,wrappedKey:o}=await Xi.elliptic.ecdh.encrypt(e,s,n,t,i);return{V:a,C:new ts(o)}}case L.publicKey.x25519:case L.publicKey.x448:{if(t&&!N.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:s,wrappedKey:a}=await Xi.elliptic.ecdhX.encrypt(e,n,i);return{ephemeralPublicKey:s,C:ns.fromObject({algorithm:t,wrappedKey:a})}}default:return[]}},serializeParams:function(e,t){const r=new Set([L.publicKey.ed25519,L.publicKey.x25519,L.publicKey.ed448,L.publicKey.x448]),n=Object.keys(t).map((n=>{const i=t[n];return N.isUint8Array(i)?r.has(e)?i:N.uint8ArrayToMPI(i):i.write()}));return N.concatUint8Array(n)},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return Xi.rsa.validateParams(e,n,i,s,a,o)}case L.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return Xi.dsa.validateParams(e,n,i,s,a)}case L.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return Xi.elgamal.validateParams(e,n,i,s)}case L.publicKey.ecdsa:case L.publicKey.ecdh:{const n=Xi.elliptic[L.read(L.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case L.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return Xi.elliptic.eddsaLegacy.validateParams(n,e,i)}case L.publicKey.ed25519:case L.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return Xi.elliptic.eddsa.validateParams(e,n,i)}case L.publicKey.x25519:case L.publicKey.x448:{const{A:n}=t,{k:i}=r;return Xi.elliptic.ecdhX.validateParams(e,n,i)}default:throw Error("Unknown public key algorithm.")}}});const os={cipher:se,hash:ke,mode:yr,publicKey:Xi,signature:es,random:Cr,pkcs1:Mr,pkcs5:Fi,aesKW:oi};Object.assign(os,as);class cs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,cs),this.name="Argon2OutOfMemoryError"}}let hs,us;class ls{constructor(e=T){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=os.random.getRandomBytes(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([L.write(L.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return N.concatUint8Array(e)}async produceKey(e,t){const r=2<1048576&&(us=hs(),us.catch((()=>{}))),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new cs("Could not allocate required memory for Argon2"):e}}}class ys{constructor(e,t=T){this.algorithm=L.hash.sha256,this.type=L.read(L.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=os.random.getRandomBytes(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==N.uint8ArrayToString(e.subarray(t,t+3)))throw new Vn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Vn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Vn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...N.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([L.write(L.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return N.concatUint8Array(e)}async produceKey(e,t){e=N.encodeUTF8(e);const r=[];let n=0,i=0;for(;n>>1|(21845&Ds)<<1;Us=(61680&(Us=(52428&Us)>>>2|(13107&Us)<<2))>>>4|(3855&Us)<<4,Ps[Ds]=((65280&Us)>>>8|(255&Us)<<8)>>>1}var xs=function(e,t,r){for(var n=e.length,i=0,s=new As(t);i>>c]=h}else for(a=new As(n),i=0;i>>15-e[i]);return a},Qs=new ds(288);for(Ds=0;Ds<144;++Ds)Qs[Ds]=8;for(Ds=144;Ds<256;++Ds)Qs[Ds]=9;for(Ds=256;Ds<280;++Ds)Qs[Ds]=7;for(Ds=280;Ds<288;++Ds)Qs[Ds]=8;var Rs=new ds(32);for(Ds=0;Ds<32;++Ds)Rs[Ds]=5;var Ls=/*#__PURE__*/xs(Qs,9,0),Ts=/*#__PURE__*/xs(Qs,9,1),Ms=/*#__PURE__*/xs(Rs,5,0),Ns=/*#__PURE__*/xs(Rs,5,1),Fs=function(e){for(var t=e[0],r=1;rt&&(t=e[r]);return t},Hs=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},Os=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},zs=function(e){return(e+7)/8|0},_s=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var n=new(2==e.BYTES_PER_ELEMENT?As:4==e.BYTES_PER_ELEMENT?ws:ds)(r-t);return n.set(e.subarray(t,r)),n},Gs=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],js=function(e,t,r){var n=Error(t||Gs[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,js),!r)throw n;return n},qs=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8},Vs=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8,e[n+2]|=r>>>16},Js=function(e,t){for(var r=[],n=0;ny&&(y=s[n].s);var f=new As(y+1),g=Ys(r[u-1],f,0);if(g>t){n=0;var p=0,d=g-t,A=1<t))break;p+=A-(1<>>=d;p>0;){var m=s[n].s;f[m]=0&&p;--n){var b=s[n].s;f[b]==t&&(--f[b],++p)}g=t}return[new ds(f),g]},Ys=function(e,t,r){return-1==e.s?Math.max(Ys(e.l,t,r+1),Ys(e.r,t,r+1)):t[e.s]=r},Ws=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new As(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return[r.subarray(0,n),t]},Zs=function(e,t){for(var r=0,n=0;n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s4&&!S[ks[C-1]];--C);var P,D,U,x,Q=h+5<<3,R=Zs(i,Qs)+Zs(s,Rs)+a,L=Zs(i,y)+Zs(s,p)+a+14+3*C+Zs(v,S)+(2*v[16]+3*v[17]+7*v[18]);if(Q<=R&&Q<=L)return $s(t,u,e.subarray(c,c+h));if(qs(t,u,1+(L15&&(qs(t,u,F[B]>>>5&127),u+=F[B]>>>12)}}}else P=Ls,D=Qs,U=Ms,x=Rs;for(B=0;B255){H=n[B]>>>18&31;Vs(t,u,P[H+257]),u+=D[H+257],H>7&&(qs(t,u,n[B]>>>23&31),u+=ms[H]);var O=31&n[B];Vs(t,u,U[O]),u+=x[O],O>3&&(Vs(t,u,n[B]>>>5&8191),u+=bs[O])}else Vs(t,u,P[n[B]]),u+=D[n[B]];return Vs(t,u,P[256]),u+D[256]},ea=/*#__PURE__*/new ws([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),ta=/*#__PURE__*/new ds(0),ra=function(e,t,r,n,i){return function(e,t,r,n,i,s){var a=e.length,o=new ds(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),h=0;if(!t||a<8)for(var u=0;u<=a;u+=65535){var l=u+65535;l>=a&&(c[h>>3]=s),h=$s(c,h+1,e.subarray(u,l))}else{for(var y=ea[t-1],f=y>>>13,g=8191&y,p=(1<7e3||S>24576)&&x>423){h=Xs(e,c,0,k,E,v,I,S,C,u-C,h),S=B=I=0,C=u;for(var Q=0;Q<286;++Q)E[Q]=0;for(Q=0;Q<30;++Q)v[Q]=0}var R=2,L=0,T=g,M=D-U&32767;if(x>2&&P==b(u-M))for(var N=Math.min(f,x)-1,F=Math.min(32767,u),H=Math.min(258,x);M<=F&&--T&&D!=U;){if(e[u+R]==e[u+R-M]){for(var O=0;OR){if(R=O,L=M,O>N)break;var z=Math.min(M,O-2),_=0;for(Q=0;Q_&&(_=j,U=G)}}}M+=(D=U)-(U=d[D])+32768&32767}if(L){k[S++]=268435456|Is[R]<<18|Cs[L];var q=31&Is[R],V=31&Cs[L];I+=ms[q]+bs[V],++E[257+q],++v[V],K=u+R,++B}else k[S++]=e[u],++E[e[u]]}}h=Xs(e,c,s,k,E,v,I,S,C,u-C,h),!s&&7&h&&(h=$s(c,h+1,ta))}return _s(o,0,n+zs(h)+i)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,n,!i)},na=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(ra(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||js(5),this.d&&js(4),this.d=t,this.p(e,t||!1)},e}(),ia=/*#__PURE__*/function(){function e(e){this.s={},this.p=new ds(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||js(5),this.d&&js(4);var t=this.p.length,r=new ds(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var n=e.length;if(!n||r&&r.f&&!r.l)return t||new ds(0);var i=!t||r,s=!r||r.i;r||(r={}),t||(t=new ds(3*n));var a=function(e){var r=t.length;if(e>r){var n=new ds(Math.max(2*r,e));n.set(t),t=n}},o=r.f||0,c=r.p||0,h=r.b||0,u=r.l,l=r.d,y=r.m,f=r.n,g=8*n;do{if(!u){o=Hs(e,c,1);var p=Hs(e,c+1,3);if(c+=3,!p){var d=e[(K=zs(c)+4)-4]|e[K-3]<<8,A=K+d;if(A>n){s&&js(0);break}i&&a(h+d),t.set(e.subarray(K,A),h),r.b=h+=d,r.p=c=8*A,r.f=o;continue}if(1==p)u=Ts,l=Ns,y=9,f=5;else if(2==p){var w=Hs(e,c,31)+257,m=Hs(e,c+10,15)+4,b=w+Hs(e,c+5,31)+1;c+=14;for(var k=new ds(b),E=new ds(19),v=0;v>>4)<16)k[v++]=K;else{var P=0,D=0;for(16==K?(D=3+Hs(e,c,3),c+=2,P=k[v-1]):17==K?(D=3+Hs(e,c,7),c+=3):18==K&&(D=11+Hs(e,c,127),c+=7);D--;)k[v++]=P}}var U=k.subarray(0,w),x=k.subarray(w);y=Fs(U),f=Fs(x),u=xs(U,y,1),l=xs(x,f,1)}else js(1);if(c>g){s&&js(0);break}}i&&a(h+131072);for(var Q=(1<>>4;if((c+=15&P)>g){s&&js(0);break}if(P||js(2),T<256)t[h++]=T;else{if(256==T){L=c,u=null;break}var M=T-254;if(T>264){var N=ms[v=T-257];M=Hs(e,c,(1<>>4;if(F||js(3),c+=15&F,x=Ks[H],H>3&&(N=bs[H],x+=Os(e,c)&(1<g){s&&js(0);break}i&&a(h+131072);for(var O=h+M;h>16),i=(65535&i)+15*(i>>16)}r=t,n=i},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(n%=65521))<<8|n>>>8}}),this.v=1,na.call(this,e,t)}return e.prototype.push=function(e,t){na.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=ra(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=n<<6|(n?32-2*n:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),aa=/*#__PURE__*/function(){function e(e){this.v=1,ia.call(this,e)}return e.prototype.push=function(e,t){if(ia.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&js(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),ia.prototype.c.call(this,t)},e}(),oa="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{oa.decode(ta,{stream:!0}),1}catch(e){}class ca{static get tag(){return L.packet.literalData}constructor(e=new Date){this.format=L.literal.utf8,this.date=N.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=L.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||N.isStream(this.text))&&(this.text=N.decodeUTF8(N.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=N.canonicalizeEOL(N.encodeUTF8(this.text))),e?S(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await B(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=N.decodeUTF8(await e.readBytes(r)),this.date=N.readDate(await e.readBytes(4));let n=e.remainder();c(n)&&(n=await P(n)),this.setBytes(n,t)}))}writeHeader(){const e=N.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=N.writeDate(this.date);return N.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return N.concat([e,t])}}class ha{constructor(){this.bytes=""}read(e){return this.bytes=N.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return N.stringToUint8Array(this.bytes)}toHex(){return N.uint8ArrayToHex(N.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ha;return t.read(N.hexToUint8Array(e)),t}static wildcard(){const e=new ha;return e.read(new Uint8Array(8)),e}}const ua=Symbol("verified"),la="salt@notations.openpgpjs.org",ya=new Set([L.signatureSubpacket.issuerKeyID,L.signatureSubpacket.issuerFingerprint,L.signatureSubpacket.embeddedSignature]);class fa{static get tag(){return L.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ha,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ua]=null}read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Vn("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Vn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=os.signature.parseSignatureParams(this.publicKeyAlgorithm,n);if(ios.serializeParams(this.publicKeyAlgorithm,await this.params))):os.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),N.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=N.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=pa(this.hashAlgorithm);if(null===this.salt)this.salt=os.random.getRandomBytes(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===la)).length)throw Error("Unexpected existing salt notation");{const e=os.random.getRandomBytes(pa(this.hashAlgorithm));this.rawNotations.push({name:la,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=N.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=C(I(o),0,2);const c=async()=>os.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await P(o));N.isStream(o)?this.params=c():(this.params=await c(),this[ua]=!0)}writeHashedSubPackets(){const e=L.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(ga(e.signatureCreationTime,!0,N.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(ga(e.signatureExpirationTime,!0,N.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(ga(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(ga(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(ga(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(ga(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(ga(e.keyExpirationTime,!0,N.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(ga(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=N.concat([r,this.revocationKeyFingerprint]),t.push(ga(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(ga(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=N.encodeUTF8(n);r.push(N.writeNumber(o.length,2)),r.push(N.writeNumber(i.length,2)),r.push(o),r.push(i),r=N.concat(r),t.push(ga(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(ga(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(ga(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.keyServerPreferences)),t.push(ga(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(ga(e.preferredKeyServer,!1,N.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(ga(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(ga(e.policyURI,!1,N.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.keyFlags)),t.push(ga(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(ga(e.signersUserID,!1,N.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=N.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(ga(e.reasonForRevocation,!0,r))),null!==this.features&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.features)),t.push(ga(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(N.stringToUint8Array(this.signatureTargetHash)),r=N.concat(r),t.push(ga(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(ga(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=N.concat(r),t.push(ga(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=N.stringToUint8Array(N.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(ga(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(ga(e.preferredCipherSuites,!1,r)));const n=N.concat(t),i=N.writeNumber(n.length,6===this.version?4:2);return N.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>ga(e,t,r))),t=N.concat(e),r=N.writeNumber(t.length,6===this.version?4:2);return N.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),ya.has(i)))switch(i){case L.signatureSubpacket.signatureCreationTime:this.created=N.readDate(e.subarray(r,e.length));break;case L.signatureSubpacket.signatureExpirationTime:{const t=N.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case L.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case L.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case L.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case L.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case L.signatureSubpacket.keyExpirationTime:{const t=N.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case L.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case L.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case L.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=N.readNumber(e.subarray(r,r+2));r+=2;const s=N.readNumber(e.subarray(r,r+2));r+=2;const a=N.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=N.decodeUTF8(o));break}case L.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=N.decodeUTF8(e.subarray(r,e.length));break;case L.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case L.signatureSubpacket.policyURI:this.policyURI=N.decodeUTF8(e.subarray(r,e.length));break;case L.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.signersUserID:this.signersUserID=N.decodeUTF8(e.subarray(r,e.length));break;case L.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=N.decodeUTF8(e.subarray(r,e.length));break;case L.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=os.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=N.uint8ArrayToString(e.subarray(r,r+t));break}case L.signatureSubpacket.embeddedSignature:this.embeddedSignature=new fa,this.embeddedSignature.read(e.subarray(r,e.length));break;case L.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case L.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case L.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==L.signature.binary&&this.signatureType!==L.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(N.writeNumber(r,4)),N.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return N.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==pa(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),os.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=T){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===L.signature.binary||t===L.signature.text;if(!(this[ua]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await P(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[ua]=await os.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,n,s),!this[ua])throw Error("Signature verification failed")}const o=N.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+L.read(L.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[L.signature.binary,L.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+L.read(L.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=N.normalizeDate(e);return null!==t&&!(this.created<=t&&tfa.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==L.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!N.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!N.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function Aa(e,t){if(!t[e]){let t;try{t=L.read(L.packet,e)}catch(t){throw new Jn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}da.prototype.hash=fa.prototype.hash,da.prototype.toHash=fa.prototype.toHash,da.prototype.toSign=fa.prototype.toSign;class wa extends Array{static async fromBinary(e,t,r=T){const n=new wa;return await n.read(e,t,r),n}async read(e,t,r=T){r.additionalAllowedPackets.length&&(t={...t,...N.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=v(e,(async(e,n)=>{const i=Q(n);try{for(;;){await i.ready;if(await qn(e,(async e=>{try{if(e.tag===L.packet.marker||e.tag===L.packet.trust||e.tag===L.packet.padding)return;const n=Aa(e.tag,t);n.packets=new wa,n.fromStream=N.isStream(e.packet),await n.read(e.packet,r),await i.write(n)}catch(t){if(t instanceof Jn){if(!(e.tag<=39))return;await i.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof Vn,s=!(r.ignoreMalformedPackets||t instanceof Vn);if(n||s||jn(e.tag))await i.abort(t);else{const t=new Yn(e.tag,e.packet);await i.write(t)}N.printDebugError(t)}})))return await i.ready,void await i.close()}}catch(e){await i.abort(e)}}));const n=x(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||jn(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=N.concat([zn(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>N.concat([On(i)].concat(t)))))}else{if(N.isStream(n)){let t=0;e.push(E(I(n),(e=>{t+=e.length}),(()=>Gn(r,t))))}else e.push(Gn(r,n.length));e.push(n)}}return N.concat(e)}filterByTag(...e){const t=new wa,r=e=>t=>e===t;for(let n=0;nt.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),N.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=T){const t=L.read(L.compression,this.algorithm),r=Ia[t];if(!r)throw Error(t+" decompression not supported");this.packets=await wa.fromBinary(await r(this.compressed),ma,e)}compress(){const e=L.read(L.compression,this.algorithm),t=Ba[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ka(e,t){return r=>{if(!N.isStream(r)||c(r))return U((()=>P(r).then((e=>new Promise(((r,n)=>{const i=new t;i.ondata=e=>{r(e)};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function Ea(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return Dy}));return U((async()=>t(await P(e))))}}const va=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Ba={zip:/*#__PURE__*/ka(va("deflate-raw").compressor,na),zlib:/*#__PURE__*/ka(va("deflate").compressor,sa)},Ia={uncompressed:e=>e,zip:/*#__PURE__*/ka(va("deflate-raw").decompressor,ia),zlib:/*#__PURE__*/ka(va("deflate").decompressor,aa),bzip2:/*#__PURE__*/Ea()},Sa=/*#__PURE__*/N.constructAllowedPackets([ca,ba,da,fa]);class Ka{static get tag(){return L.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Ka;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await B(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Vn(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?N.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):N.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=T){const{blockSize:n,keySize:i}=os.getCipherParams(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(c(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=os.random.getRandomBytes(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Ca(this,"encrypt",t,s);else{const i=await os.getPrefixRandom(e),a=new Uint8Array([211,20]),o=N.concat([i,s,a]),c=await os.hash.sha1(S(o)),h=N.concat([o,c]);this.encrypted=await os.mode.cfb.encrypt(e,t,h,new Uint8Array(n),r)}return!0}async decrypt(e,t,r=T){if(t.length!==os.getCipherParams(e).keySize)throw Error("Unexpected session key size");let n,i=I(this.encrypted);if(c(i)&&(i=await P(i)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Ca(this,"decrypt",t,i)}else{const{blockSize:s}=os.getCipherParams(e),a=await os.mode.cfb.decrypt(e,t,i,new Uint8Array(s)),o=C(S(a),-20),c=C(a,0,-20),h=Promise.all([P(await os.hash.sha1(S(c))),P(o)]).then((([e,t])=>{if(!N.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=C(c,s+2);n=C(u,0,-2),n=w([n,U((()=>h))]),N.isStream(i)&&r.allowUnauthenticatedStream||(n=await P(n))}return this.packets=await wa.fromBinary(n,Sa,r),!0}}async function Ca(e,t,r,n){const i=e instanceof Ka&&2===e.version,s=!i&&e.constructor.tag===L.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=os.getAEADMode(e.aeadAlgorithm),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,h=2**(e.chunkSizeByte+6)+o,u=s?8:0,l=new ArrayBuffer(13+u),y=new Uint8Array(l,0,5+u),f=new Uint8Array(l),g=new DataView(l),p=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let d,A,w=0,b=Promise.resolve(),k=0,E=0;if(i){const{keySize:t}=os.getCipherParams(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await hi(L.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),d=s.subarray(t),d.fill(0,d.length-8),A=new DataView(d.buffer,d.byteOffset,d.byteLength)}else d=e.iv;const B=await a(e.cipherAlgorithm,r);return v(n,(async(r,n)=>{if("array"!==N.isStream(r)){const t=new TransformStream({},{highWaterMark:N.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,n),n=t.writable}const s=x(r),a=Q(n);try{for(;;){let e=await s.readBytes(h+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,m;if(e=e.subarray(0,e.length-o),i)m=d;else{m=d.slice();for(let e=0;e<8;e++)m[d.length-8+e]^=p[e]}if(!w||e.length?(s.unshift(r),n=B[t](e,m,y),n.catch((()=>{})),E+=e.length-o+c):(g.setInt32(5+u+4,k),n=B[t](r,m,f),n.catch((()=>{})),E+=c,l=!0),k+=e.length-o,b=b.then((()=>n)).then((async e=>{await a.ready,await a.write(e),E-=e.length})).catch((e=>a.abort(e))),(l||E>a.desiredSize)&&await b,l){await a.close();break}i?A.setInt32(d.length-4,++w):g.setInt32(9,++w)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const Pa=/*#__PURE__*/N.constructAllowedPackets([ca,ba,da,fa]);class Da{static get tag(){return L.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=L.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await B(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Vn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=os.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return N.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=T){this.packets=await wa.fromBinary(await Ca(this,"decrypt",t,I(this.encrypted)),Pa,r)}async encrypt(e,t,r=T){this.cipherAlgorithm=e;const{ivLength:n}=os.getAEADMode(this.aeadAlgorithm);this.iv=os.random.getRandomBytes(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Ca(this,"encrypt",t,i)}}class Ua{static get tag(){return L.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new ha,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Ua;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?ha.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Vn(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=ha.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=os.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t)),this.publicKeyAlgorithm===L.publicKey.x25519||this.publicKeyAlgorithm===L.publicKey.x448)if(3===this.version)this.sessionKeyAlgorithm=L.write(L.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),os.serializeParams(this.publicKeyAlgorithm,this.encrypted)),N.concatUint8Array(e)}async encrypt(e){const t=L.write(L.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=xa(this.version,t,r,this.sessionKey);this.encrypted=await os.publicKeyEncrypt(t,r,e.publicParams,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?xa(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await os.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.elgamal:case L.publicKey.ecdh:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=N.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:N.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:N.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||L.read(L.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case L.publicKey.x25519:case L.publicKey.x448:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=this.publicKeyAlgorithm!==L.publicKey.x25519&&this.publicKeyAlgorithm!==L.publicKey.x448;if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==os.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function xa(e,t,r,n){switch(t){case L.publicKey.rsaEncrypt:case L.publicKey.rsaEncryptSign:case L.publicKey.elgamal:case L.publicKey.ecdh:return N.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,N.writeChecksum(n.subarray(n.length%8))]);case L.publicKey.x25519:case L.publicKey.x448:return n;default:throw Error("Unsupported public key algorithm")}}class Qa{static get tag(){return L.packet.symEncryptedSessionKey}constructor(e=T){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=L.write(L.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Vn(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=gs(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=os.getAEADMode(this.aeadAlgorithm);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t=5){const e=os.getAEADMode(this.aeadAlgorithm),r=new Uint8Array([192|Qa.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await hi(L.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await os.mode.cfb.decrypt(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=L.write(L.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==os.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=T){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=ps(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=os.getCipherParams(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=os.generateSessionKey(this.sessionKeyAlgorithm)),this.version>=5){const e=os.getAEADMode(this.aeadAlgorithm);this.iv=os.random.getRandomBytes(e.ivLength);const t=new Uint8Array([192|Qa.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await hi(L.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=N.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await os.mode.cfb.encrypt(r,s,e,new Uint8Array(n),t)}}}class Ra{static get tag(){return L.packet.publicKey}constructor(e=new Date,t=T){this.version=t.v6Keys?6:4,this.created=N.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ra,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Vn("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=N.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=os.parsePublicKeyParams(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===L.curve.curve25519Legacy||n.oid.getName()===L.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Vn(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(N.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=os.serializeParams(this.algorithm,this.publicParams);return this.version>=5&&e.push(N.writeNumber(t.length,4)),e.push(t),N.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return N.concatUint8Array([new Uint8Array([r]),N.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new ha,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await os.hash.sha256(e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await os.hash.sha1(e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return N.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&N.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=L.read(L.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=N.uint8ArrayBitLength(t):this.publicParams.oid&&(e.curve=this.publicParams.oid.getName()),e}}Ra.prototype.readPublicKey=Ra.prototype.read,Ra.prototype.writePublicKey=Ra.prototype.write;const La=/*#__PURE__*/N.constructAllowedPackets([ca,ba,da,fa]);class Ta{static get tag(){return L.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=T){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=os.getCipherParams(e),i=await P(I(this.encrypted)),s=await os.mode.cfb.decrypt(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await wa.fromBinary(s,La,r)}async encrypt(e,t,r=T){const n=this.packets.write(),{blockSize:i}=os.getCipherParams(e),s=await os.getPrefixRandom(e),a=await os.mode.cfb.encrypt(e,t,s,new Uint8Array(i),r),o=await os.mode.cfb.encrypt(e,t,n,a.subarray(2),r);this.encrypted=N.concat([a,o])}}class Ma extends Ra{static get tag(){return L.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Ma,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Na{static get tag(){return L.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ha(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=os.getCipherParams(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const h=N.concatUint8Array([s,new Uint8Array([e,n,i])]);return hi(L.hash.sha256,c,new Uint8Array,h,o)}class Oa{static get tag(){return L.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(N.isString(e)||e.name&&!N.isString(e.name)||e.email&&!N.isEmailAddress(e.email)||e.comment&&!N.isString(e.comment))throw Error("Invalid user ID format");const t=new Oa;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=T){const r=N.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=/^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/.exec(r);if(null!==n){const{name:e,comment:t,email:r}=n.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return N.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class za extends Fa{static get tag(){return L.packet.secretSubkey}constructor(e=new Date,t=T){super(e,t)}}const _a=/*#__PURE__*/N.constructAllowedPackets([fa]);class Ga{constructor(e){this.packets=e||new wa}write(){return this.packets.write()}armor(e=T){const t=this.packets.some((e=>e.constructor.tag===fa.tag&&6!==e.version));return ee(L.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function ja(e,t){const r=new za(e.date,t);return r.packets=null,r.algorithm=L.write(L.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function qa(e,t){const r=new Fa(e.date,t);return r.packets=null,r.algorithm=L.write(L.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Va(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw N.wrapError(`Could not find valid ${L.read(L.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Ja(e,t,r=new Date){const n=N.normalizeDate(r);if(null!==n){const r=Xa(e,t);return!(e.created<=n&&n0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await Wa(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function Wa(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const h=new fa;return Object.assign(h,n),h.publicKeyAlgorithm=r.algorithm,h.hashAlgorithm=await async function(e,t,r=new Date,n=[],i){const s=L.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms))),c=new Map;for(const e of o)for(const t of e)try{const e=L.write(L.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const h=t=>0===e.length||c.get(t)===e.length||t===s,u=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>h(e))).sort(((e,t)=>os.hash.getHashByteLength(e)-os.hash.getHashByteLength(t)))[0];return os.hash.getHashByteLength(e)>=os.hash.getHashByteLength(s)?e:s};if(new Set([L.publicKey.ecdsa,L.publicKey.eddsaLegacy,L.publicKey.ed25519,L.publicKey.ed448]).has(t.algorithm)){const e=os.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid),r=h(a),n=os.hash.getHashByteLength(a)>=os.hash.getHashByteLength(e);if(r&&n)return a;{const t=u();return os.hash.getHashByteLength(t)>=os.hash.getHashByteLength(e)?t:e}}return h(a)?a:u()}(t,r,i,s,c),h.rawNotations=[...a],await h.sign(r,e,i,o,c),h}async function Za(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return N.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function $a(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![L.reasonForRevocation.keyRetired,L.reasonForRevocation.keySuperseded,L.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function Xa(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function eo(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=N.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=L.write(L.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==L.curve.ed25519Legacy&&e.curve!==L.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?L.curve.ed25519Legacy:L.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===L.curve.ed25519Legacy?L.publicKey.eddsaLegacy:L.publicKey.ecdsa:e.algorithm=L.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?L.publicKey.ed25519:L.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?L.publicKey.ed448:L.publicKey.x448;break;case"rsa":e.algorithm=L.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function to(e,t,r){switch(e.algorithm){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:case L.publicKey.dsa:case L.publicKey.ecdsa:case L.publicKey.eddsaLegacy:case L.publicKey.ed25519:case L.publicKey.ed448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&L.keyFlags.signData);default:return!1}}function ro(e,t,r){switch(e.algorithm){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:case L.publicKey.elgamal:case L.publicKey.ecdh:case L.publicKey.x25519:case L.publicKey.x448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&L.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&L.keyFlags.encryptStorage);default:return!1}}function no(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaEncrypt:case L.publicKey.elgamal:case L.publicKey.ecdh:case L.publicKey.x25519:case L.publicKey.x448:return!(!(!t.keyFlags||!!(t.keyFlags[0]&L.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&L.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&L.keyFlags.encryptStorage));default:return!1}}function io(e,t){const r=L.write(L.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case L.publicKey.rsaEncryptSign:case L.publicKey.rsaSign:case L.publicKey.rsaEncrypt:if(n.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,L.signature.certGeneric,a,r,void 0,n)}catch(e){throw N.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,L.signature.certGeneric,i,e,void 0,t)}catch(e){throw N.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await Za(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,L.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await Za(e,this,"otherCertifications",t),await Za(e,this,"revocationSignatures",t,(function(e){return $a(n,L.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=L.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=T){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new so(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await Wa(s,[],e,{signatureType:L.signature.certRevocation,reasonForRevocationFlag:L.write(L.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new wa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=T){const i=this.mainKey.keyPacket;return $a(i,L.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=T){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await Va(this.bindingSignatures,r,L.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(Ja(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=T){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await Va(this.bindingSignatures,r,L.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=Xa(this.keyPacket,i),a=i.getExpirationTime();return si.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,L.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await Za(e,this,"revocationSignatures",t,(function(e){return $a(n,L.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=L.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=T){const s={key:e,bind:this.keyPacket},a=new ao(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await Wa(s,[],e,{signatureType:L.signature.subkeyRevocation,reasonForRevocationFlag:L.write(L.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const oo=/*#__PURE__*/N.constructAllowedPackets([fa]),co=new Set([L.packet.publicKey,L.packet.privateKey]),ho=new Set([L.packet.publicKey,L.packet.privateKey,L.packet.publicSubkey,L.packet.privateSubkey]);class uo{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof Yn){ho.has(a.tag)&&!s&&(s=co.has(a.tag)?co:ho);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case L.packet.publicKey:case L.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case L.packet.userID:case L.packet.userAttribute:r=new so(a,this),this.users.push(r);break;case L.packet.publicSubkey:case L.packet.secretSubkey:r=null,i=new ao(a,this),this.subkeys.push(i);break;case L.packet.signature:switch(a.signatureType){case L.signature.certGeneric:case L.signature.certPersona:case L.signature.certCasual:case L.signature.certPositive:if(!r){N.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case L.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case L.signature.key:this.directSignatures.push(a);break;case L.signature.subkeyBinding:if(!i){N.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case L.signature.keyRevocation:this.revocationSignatures.push(a);break;case L.signature.subkeyRevocation:if(!i){N.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new wa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=T){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw N.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Va(r.bindingSignatures,i,L.signature.subkeyBinding,e,t,n);if(!to(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await Va([s.embeddedSignature],r.keyPacket,L.signature.keyBinding,e,t,n),io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&to(i,s,n))return io(i,n),this}catch(e){a=e}throw N.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=T){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw N.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Va(r.bindingSignatures,i,L.signature.subkeyBinding,e,t,n);if(ro(r.keyPacket,s,n))return io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&ro(i,s,n))return io(i,n),this}catch(e){a=e}throw N.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=T){return $a(this.keyPacket,L.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=T){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Ja(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await Va(this.directSignatures,n,L.signature.key,{key:n},e,r).catch((()=>{}));if(t&&Ja(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=T){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=Xa(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await Va(this.directSignatures,this.keyPacket,L.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=Xa(this.keyPacket,a);r=Math.min(i,s,e)}else r=ie.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await Za(e,n,"revocationSignatures",t,(i=>$a(n.keyPacket,L.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await Za(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=T){const r={key:this.keyPacket},n=await Va(this.revocationSignatures,this.keyPacket,L.signature.keyRevocation,r,e,t),i=new wa;i.push(n);const s=6!==this.keyPacket.version;return ee(L.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=T){const n=await X(e),i=(await wa.fromBinary(n.data,oo,r)).findPacket(L.packet.signature);if(!i||i.signatureType!==L.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,L.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw N.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=T){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=T){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=T){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=T){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{uo.prototype[e]=ao.prototype[e]}));class lo extends uo{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([L.packet.secretKey,L.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=T){const t=6!==this.keyPacket.version;return ee(L.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class yo extends lo{constructor(e){if(super(),this.packetListToStructure(e,new Set([L.packet.publicKey,L.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new wa,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case L.packet.secretKey:{const t=Ra.fromSecretKeyPacket(r);e.push(t);break}case L.packet.secretSubkey:{const t=Ma.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new lo(e)}armor(e=T){const t=6!==this.keyPacket.version;return ee(L.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=T){const i=this.keyPacket,s=[];let a=null;for(let r=0;re.isDecrypted()))}async validate(e=T){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=L.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=T){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await Wa(i,[],this.keyPacket,{signatureType:L.signature.keyRevocation,reasonForRevocationFlag:L.write(L.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...T,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}function a(){const e={};e.keyFlags=[L.keyFlags.certifyKeys|L.keyFlags.signData];const t=s([L.symmetric.aes256,L.symmetric.aes128],n.preferredSymmetricAlgorithm);if(e.preferredSymmetricAlgorithms=t,n.aeadProtect){const r=s([L.aead.gcm,L.aead.eax,L.aead.ocb],n.preferredAEADAlgorithm);e.preferredCipherSuites=r.flatMap((e=>t.map((t=>[t,e]))))}return e.preferredHashAlgorithms=s([L.hash.sha256,L.hash.sha512,L.hash.sha3_256,L.hash.sha3_512],n.preferredHashAlgorithm),e.preferredCompressionAlgorithms=s([L.compression.uncompressed,L.compression.zlib,L.compression.zip],n.preferredCompressionAlgorithm),e.features=[0],e.features[0]|=L.features.modificationDetection,n.aeadProtect&&(e.features[0]|=L.features.seipdv2),r.keyExpirationTime>0&&(e.keyExpirationTime=r.keyExpirationTime,e.keyNeverExpires=!1),e}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=L.signature.key;const o=await Wa(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=Oa.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=L.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await Wa(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ya(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await Wa(o,[],e,{signatureType:L.signature.keyRevocation,reasonForRevocationFlag:L.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new yo(i)}const Ao=/*#__PURE__*/N.constructAllowedPackets([ca,ba,Da,Ka,Ta,Ua,Qa,da,fa]),wo=/*#__PURE__*/N.constructAllowedPackets([Qa]),mo=/*#__PURE__*/N.constructAllowedPackets([fa]);class bo{constructor(e){this.packets=e||new wa}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(L.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(L.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(L.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=T){const s=this.packets.filterByTag(L.packet.symmetricallyEncryptedData,L.packet.symEncryptedIntegrityProtectedData,L.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let h=null;const u=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!N.isUint8Array(t)||!a.cipherAlgorithm&&!N.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||L.write(L.symmetric,e);await a.decrypt(r,t,i)}catch(e){N.printDebugError(e),h=e}})));if(D(a.encrypted),a.encrypted=null,await u,!a.packets||!a.packets.length)throw h||Error("Decryption failed.");const l=new bo(a.packets);return a.packets=new wa,l}async decryptSessionKeys(e,t,r,n=new Date,i=T){let s,a=[];if(t){const e=this.packets.filterByTag(L.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await wa.fromBinary(e.write(),wo,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){N.printDebugError(e),e instanceof cs&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(L.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[L.symmetric.aes256,L.symmetric.aes128,L.symmetric.tripledes,L.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===L.publicKey.rsaEncrypt||t.publicKeyAlgorithm===L.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===L.publicKey.rsaSign||t.publicKeyAlgorithm===L.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Ua;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:os.generateSessionKey(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){N.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(L.write(L.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){N.printDebugError(e),s=e}})))}))),D(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+N.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&L.read(L.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(L.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(L.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(L.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=T){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=T){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?i.every((e=>e.features&&e.features[0]&L.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:L.symmetric.aes128,aeadAlgo:L.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:L.aead.ocb},{symmetricAlgo:L.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=L.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=L.read(L.symmetric,i),o=s?L.read(L.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===L.publicKey.x25519||e.keyPacket.algorithm===L.publicKey.x448)&&!o&&!N.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:os.generateSessionKey(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=T){if(r){if(!N.isUint8Array(r.data)||!N.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await bo.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await bo.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:h,aeadAlgorithm:u}=r,l=await bo.encryptSessionKey(c,h,u,e,t,n,i,s,a,o),y=Ka.fromObject({version:u?2:1,aeadAlgorithm:u?L.write(L.aead,u):null});y.packets=this.packets;const f=L.write(L.symmetric,h);return await y.encrypt(f,c,o),l.packets.push(y),y.packets=new wa,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],h=T){const u=new wa,l=L.write(L.symmetric,t),y=r&&L.write(L.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,h),i=Ua.fromObject({version:y?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));u.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new Qa(h);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,h),h.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,y,t))));u.push(...s)}return new bo(u)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=T){const h=new wa,u=this.packets.findPacket(L.packet.literalData);if(!u)throw Error("No literal data packet to sign.");const l=await ko(u,e,t,r,n,i,s,a,o,!1,c),y=l.map(((e,t)=>da.fromSignaturePacket(e,0===t))).reverse();return h.push(...y),h.push(u),h.push(...l),new bo(h)}compress(e,t=T){if(e===L.compression.uncompressed)return this;const r=new ba(t);r.algorithm=e,r.packets=this.packets;const n=new wa;return n.push(r),new bo(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=T){const h=this.packets.findPacket(L.packet.literalData);if(!h)throw Error("No literal data packet to sign.");return new Ga(await ko(h,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=T){const n=this.unwrapCompressed(),i=n.packets.filterByTag(L.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");c(n.packets.stream)&&n.packets.push(...await P(n.packets.stream,(e=>e||[])));const s=n.packets.filterByTag(L.packet.onePassSignature).reverse(),a=n.packets.filterByTag(L.packet.signature);return s.length&&!a.length&&N.isStream(n.packets.stream)&&!c(n.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=U((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),n.packets.stream=v(n.packets.stream,(async(e,t)=>{const r=x(e),n=Q(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await n.abort(e)}})),Eo(s,i,e,t,!1,r)):Eo(a,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=T){const i=this.unwrapCompressed().packets.filterByTag(L.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return Eo(e.packets.filterByTag(L.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(L.packet.compressedData);return e.length?new bo(e[0].packets):this}async appendSignature(e,t=T){await this.packets.read(N.isUint8Array(e)?e:(await X(e)).data,mo,t)}write(){return this.packets.write()}armor(e=T){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Ka.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===fa.tag&&6!==e.version));return ee(L.armor.message,this.write(),null,null,null,r,e)}}async function ko(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],h=!1,u=T){const l=new wa,y=null===e.text?L.signature.binary:L.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const f=await t.getSigningKey(i[n],s,l,u);return Wa(e,r.length?r:[t],f.keyPacket,{signatureType:y},s,o,c,h,u)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(L.packet.signature);l.push(...e)}return l}async function Eo(e,t,r,n=new Date,i=!1,s=T){return Promise.all(e.filter((function(e){return["text","binary"].includes(L.read(L.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=T){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof da?e.correspondingSig:e,h={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new wa;return e&&t.push(e),new Ga(t)})()};return h.signature.catch((()=>{})),h.verified.catch((()=>{})),h}(e,t,r,n,i,s)})))}const vo=/*#__PURE__*/N.constructAllowedPackets([fa]);class Bo{constructor(e,t){if(this.text=N.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Ga))throw Error("Invalid signature input");this.signature=t||new Ga(new wa)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=T){const h=new ca;h.setText(this.text);const u=new Ga(await ko(h,e,t,r,n,i,s,a,o,!0,c));return new Bo(this.text,u)}verify(e,t=new Date,r=T){const n=this.signature.packets.filterByTag(L.packet.signature),i=new ca;return i.setText(this.text),Eo(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=T){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>L.read(L.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return ee(L.armor.signed,r,void 0,void 0,void 0,t,e)}}function Io(e){if(!(e instanceof bo))throw Error("Parameter [message] needs to be of type Message")}function So(e){if(!(e instanceof Bo||e instanceof bo))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Ko(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Co=Object.keys(T).length;function Po(e){const t=Object.keys(e);if(t.length!==Co)for(const e of t)if(void 0===T[e])throw Error("Unknown config property: "+e)}function Do(e){return e&&!N.isArray(e)&&(e=[e]),e}async function Uo(e){return"array"===N.isStream(e)?P(e):e}function xo(e,t){e.data=v(t.packets.stream,(async(t,r)=>{await m(e.data,r,{preventClose:!0});const n=Q(r);try{await P(t,(e=>e)),await n.close()}catch(e){await n.abort(e)}}))}function Qo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}function Ro(e){if(!Number.isSafeInteger(e)||e<0)throw Error("positive integer expected, not "+e)}function Lo(e,...t){if(!((r=e)instanceof Uint8Array||null!=r&&"object"==typeof r&&"Uint8Array"===r.constructor.name))throw Error("Uint8Array expected");var r;if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function To(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Mo(e,t){Lo(e);const r=t.outputLen;if(e.lengthnew DataView(e.buffer,e.byteOffset,e.byteLength),Ho=(e,t)=>e<<32-t|e>>>t,Oo=(e,t)=>e<>>32-t>>>0,zo=68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]; +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function _o(e){for(let r=0;r>>8&65280|t>>>24&255;var t}function Go(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}function jo(e){return"string"==typeof e&&(e=Go(e)),Lo(e),e}function qo(...e){let t=0;for(let r=0;re().update(jo(t)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Yo(e=32){if(No&&"function"==typeof No.getRandomValues)return No.getRandomValues(new Uint8Array(e));if(No&&"function"==typeof No.randomBytes)return No.randomBytes(e);throw Error("crypto.getRandomValues must be defined")}const Wo=(e,t,r)=>e&t^~e&r,Zo=(e,t,r)=>e&t^e&r^t&r;class $o extends Vo{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=Fo(this.buffer)}update(e){To(this);const{view:t,buffer:r,blockLen:n}=this,i=(e=jo(e)).length;for(let s=0;sn-s&&(this.process(r,0),s=0);for(let e=s;e>i&s),o=Number(r&s),c=n?4:0,h=n?0:4;e.setUint32(t+c,a,n),e.setUint32(t+h,o,n)}(r,n-8,BigInt(8*this.length),i),this.process(r,0);const a=Fo(e),o=this.outputLen;if(o%4)throw Error("_sha2: outputLen should be aligned to 32bit");const c=o/4,h=this.get();if(c>h.length)throw Error("_sha2: outputLen bigger than state");for(let e=0;e>>3,i=Ho(r,17)^Ho(r,19)^r>>>10;tc[e]=i+tc[e-7]+n+tc[e-16]|0}let{A:r,B:n,C:i,D:s,E:a,F:o,G:c,H:h}=this;for(let e=0;e<64;e++){const t=h+(Ho(a,6)^Ho(a,11)^Ho(a,25))+Wo(a,o,c)+Xo[e]+tc[e]|0,u=(Ho(r,2)^Ho(r,13)^Ho(r,22))+Zo(r,n,i)|0;h=c,c=o,o=a,a=s+t|0,s=i,i=n,n=r,r=t+u|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,s=s+this.D|0,a=a+this.E|0,o=o+this.F|0,c=c+this.G|0,h=h+this.H|0,this.set(r,n,i,s,a,o,c,h)}roundClean(){tc.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}}class nc extends rc{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}const ic=/* @__PURE__ */Jo((()=>new rc)),sc=/* @__PURE__ */Jo((()=>new nc));class ac extends Vo{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,function(e){if("function"!=typeof e||"function"!=typeof e.create)throw Error("Hash should be wrapped by utils.wrapConstructor");Ro(e.outputLen),Ro(e.blockLen)}(e);const r=jo(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const n=this.blockLen,i=new Uint8Array(n);i.set(r.length>n?e.create().update(r).digest():r);for(let e=0;enew ac(e,t).update(r).digest();oc.create=(e,t)=>new ac(e,t) +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const cc=/* @__PURE__ */BigInt(0),hc=/* @__PURE__ */BigInt(1),uc=/* @__PURE__ */BigInt(2);function lc(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function yc(e){if(!lc(e))throw Error("Uint8Array expected")}function fc(e,t){if("boolean"!=typeof t)throw Error(`${e} must be valid boolean, got "${t}".`)}const gc=/* @__PURE__ */Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function pc(e){yc(e);let t="";for(let r=0;r=wc._0&&e<=wc._9?e-wc._0:e>=wc._A&&e<=wc._F?e-(wc._A-10):e>=wc._a&&e<=wc._f?e-(wc._a-10):void 0}function bc(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);const t=e.length,r=t/2;if(t%2)throw Error("padded hex string expected, got unpadded hex of length "+t);const n=new Uint8Array(r);for(let t=0,i=0;t"bigint"==typeof e&&cc<=e;function Cc(e,t,r){return Kc(e)&&Kc(t)&&Kc(r)&&t<=e&&ecc;e>>=hc,t+=1);return t}const Uc=e=>(uc<new Uint8Array(e),Qc=e=>Uint8Array.from(e);function Rc(e,t,r){if("number"!=typeof e||e<2)throw Error("hashLen must be a number");if("number"!=typeof t||t<2)throw Error("qByteLen must be a number");if("function"!=typeof r)throw Error("hmacFn must be a function");let n=xc(e),i=xc(e),s=0;const a=()=>{n.fill(1),i.fill(0),s=0},o=(...e)=>r(i,n,...e),c=(e=xc())=>{i=o(Qc([0]),e),n=o(),0!==e.length&&(i=o(Qc([1]),e),n=o())},h=()=>{if(s++>=1e3)throw Error("drbg: tried 1000 values");let e=0;const r=[];for(;e{let r;for(a(),c(e);!(r=t(h()));)c();return a(),r}}const Lc={bigint:e=>"bigint"==typeof e,function:e=>"function"==typeof e,boolean:e=>"boolean"==typeof e,string:e=>"string"==typeof e,stringOrUint8Array:e=>"string"==typeof e||lc(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>"function"==typeof e&&Number.isSafeInteger(e.outputLen)};function Tc(e,t,r={}){const n=(t,r,n)=>{const i=Lc[r];if("function"!=typeof i)throw Error(`Invalid validator "${r}", expected function`);const s=e[t];if(!(n&&void 0===s||i(s,e)))throw Error(`Invalid param ${t+""}=${s} (${typeof s}), expected ${r}`)};for(const[e,r]of Object.entries(t))n(e,r,!1);for(const[e,t]of Object.entries(r))n(e,t,!0);return e}function Mc(e){const t=new WeakMap;return(r,...n)=>{const i=t.get(r);if(void 0!==i)return i;const s=e(r,...n);return t.set(r,s),s}}var Nc=/*#__PURE__*/Object.freeze({__proto__:null,aInRange:Pc,abool:fc,abytes:yc,bitGet:function(e,t){return e>>BigInt(t)&hc},bitLen:Dc,bitMask:Uc,bitSet:function(e,t,r){return e|(r?hc:cc)<{throw Error("not implemented")},numberToBytesBE:vc,numberToBytesLE:Bc,numberToHexUnpadded:dc,numberToVarBytesBE:function(e){return bc(dc(e))},utf8ToBytes:function(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))},validateObject:Tc}); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Fc=BigInt(0),Hc=BigInt(1),Oc=BigInt(2),zc=BigInt(3),_c=BigInt(4),Gc=BigInt(5),jc=BigInt(8);function qc(e,t){const r=e%t;return r>=Fc?r:t+r}function Vc(e,t,r){if(r<=Fc||t 0");if(r===Hc)return Fc;let n=Hc;for(;t>Fc;)t&Hc&&(n=n*e%r),e=e*e%r,t>>=Hc;return n}function Jc(e,t,r){let n=e;for(;t-- >Fc;)n*=n,n%=r;return n}function Yc(e,t){if(e===Fc||t<=Fc)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=qc(e,t),n=t,i=Fc,s=Hc;for(;r!==Fc;){const e=n%r,t=i-s*(n/r);n=r,r=e,i=s,s=t}if(n!==Hc)throw Error("invert: does not exist");return qc(i,t)}function Wc(e){if(e%_c===zc){const t=(e+Hc)/_c;return function(e,r){const n=e.pow(r,t);if(!e.eql(e.sqr(n),r))throw Error("Cannot find square root");return n}}if(e%jc===Gc){const t=(e-Gc)/jc;return function(e,r){const n=e.mul(r,Oc),i=e.pow(n,t),s=e.mul(r,i),a=e.mul(e.mul(s,Oc),i),o=e.mul(s,e.sub(a,e.ONE));if(!e.eql(e.sqr(o),r))throw Error("Cannot find square root");return o}}return function(e){const t=(e-Hc)/Oc;let r,n,i;for(r=e-Hc,n=0;r%Oc===Fc;r/=Oc,n++);for(i=Oc;i 0, got "+e);const{nBitLength:i,nByteLength:s}=$c(e,t);if(s>2048)throw Error("Field lengths over 2048 bytes are not supported");const a=Wc(e),o=Object.freeze({ORDER:e,BITS:i,BYTES:s,MASK:Uc(i),ZERO:Fc,ONE:Hc,create:t=>qc(t,e),isValid:t=>{if("bigint"!=typeof t)throw Error("Invalid field element: expected bigint, got "+typeof t);return Fc<=t&&te===Fc,isOdd:e=>(e&Hc)===Hc,neg:t=>qc(-t,e),eql:(e,t)=>e===t,sqr:t=>qc(t*t,e),add:(t,r)=>qc(t+r,e),sub:(t,r)=>qc(t-r,e),mul:(t,r)=>qc(t*r,e),pow:(e,t)=>function(e,t,r){if(r 0");if(r===Fc)return e.ONE;if(r===Hc)return t;let n=e.ONE,i=t;for(;r>Fc;)r&Hc&&(n=e.mul(n,i)),i=e.sqr(i),r>>=Hc;return n}(o,e,t),div:(t,r)=>qc(t*Yc(r,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>Yc(t,e),sqrt:n.sqrt||(e=>a(o,e)),invertBatch:e=>function(e,t){const r=Array(t.length),n=t.reduce(((t,n,i)=>e.is0(n)?t:(r[i]=t,e.mul(t,n))),e.ONE),i=e.inv(n);return t.reduceRight(((t,n,i)=>e.is0(n)?t:(r[i]=e.mul(t,r[i]),e.mul(t,n))),i),r}(o,e),cmov:(e,t,r)=>r?t:e,toBytes:e=>r?Bc(e,s):vc(e,s),fromBytes:e=>{if(e.length!==s)throw Error(`Fp.fromBytes: expected ${s}, got ${e.length}`);return r?Ec(e):kc(e)}});return Object.freeze(o)}function eh(e){if("bigint"!=typeof e)throw Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function th(e){const t=eh(e);return t+Math.ceil(t/2)} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const rh=BigInt(0),nh=BigInt(1),ih=new WeakMap,sh=new WeakMap;function ah(e,t){const r=(e,t)=>{const r=t.negate();return e?r:t},n=e=>{if(!Number.isSafeInteger(e)||e<=0||e>t)throw Error(`Wrong window size=${e}, should be [1..${t}]`)},i=e=>{n(e);return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1)}};return{constTimeNegate:r,unsafeLadder(t,r){let n=e.ZERO,i=t;for(;r>rh;)r&nh&&(n=n.add(i)),i=i.double(),r>>=nh;return n},precomputeWindow(e,t){const{windows:r,windowSize:n}=i(t),s=[];let a=e,o=a;for(let e=0;e>=y,i>o&&(i-=l,s+=nh);const a=t,f=t+Math.abs(i)-1,g=e%2!=0,p=i<0;0===i?h=h.add(r(g,n[a])):c=c.add(r(p,n[f]))}return{p:c,f:h}},wNAFCached(e,t,r){const n=sh.get(e)||1;let i=ih.get(e);return i||(i=this.precomputeWindow(e,n),1!==n&&ih.set(e,r(i))),this.wNAF(n,i,t)},setWindowSize(e,t){n(t),sh.set(e,t),ih.delete(e)}}}function oh(e,t,r,n){if(!Array.isArray(r)||!Array.isArray(n)||n.length!==r.length)throw Error("arrays of points and scalars must have equal length");n.forEach(((e,r)=>{if(!t.isValid(e))throw Error("wrong scalar at index "+r)})),r.forEach(((t,r)=>{if(!(t instanceof e))throw Error("wrong point at index "+r)}));const i=Dc(BigInt(r.length)),s=i>12?i-3:i>4?i-2:i?2:1,a=(1<=0;t-=s){o.fill(e.ZERO);for(let e=0;e>BigInt(t)&BigInt(a));o[s]=o[s].add(r[e])}let i=e.ZERO;for(let t=o.length-1,r=e.ZERO;t>0;t--)r=r.add(o[t]),i=i.add(r);if(h=h.add(i),0!==t)for(let e=0;e(e[t]="function",e)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"})),Tc(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...$c(e.n,e.nBitLength),...e,p:e.Fp.ORDER})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function hh(e){void 0!==e.lowS&&fc("lowS",e.lowS),void 0!==e.prehash&&fc("prehash",e.prehash)}const{bytesToNumberBE:uh,hexToBytes:lh}=Nc,yh={Err:class extends Error{constructor(e=""){super(e)}},_tlv:{encode:(e,t)=>{const{Err:r}=yh;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(1&t.length)throw new r("tlv.encode: unpadded data");const n=t.length/2,i=dc(n);if(i.length/2&128)throw new r("tlv.encode: long form length too big");const s=n>127?dc(i.length/2|128):"";return`${dc(e)}${s}${i}${t}`},decode(e,t){const{Err:r}=yh;let n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");const i=t[n++];let s=0;if(!!(128&i)){const e=127&i;if(!e)throw new r("tlv.decode(long): indefinite length not supported");if(e>4)throw new r("tlv.decode(long): byte length is too big");const a=t.subarray(n,n+e);if(a.length!==e)throw new r("tlv.decode: length bytes not complete");if(0===a[0])throw new r("tlv.decode(long): zero leftmost byte");for(const e of a)s=s<<8|e;if(n+=e,s<128)throw new r("tlv.decode(long): not minimal encoding")}else s=i;const a=t.subarray(n,n+s);if(a.length!==s)throw new r("tlv.decode: wrong value length");return{v:a,l:t.subarray(n+s)}}},_int:{encode(e){const{Err:t}=yh;if(e{const i=t.toAffine();return Sc(Uint8Array.from([4]),r.toBytes(i.x),r.toBytes(i.y))}),s=t.fromBytes||(e=>{const t=e.subarray(1);return{x:r.fromBytes(t.subarray(0,r.BYTES)),y:r.fromBytes(t.subarray(r.BYTES,2*r.BYTES))}});function a(e){const{a:n,b:i}=t,s=r.sqr(e),a=r.mul(s,e);return r.add(r.add(a,r.mul(e,n)),i)}if(!r.eql(r.sqr(t.Gy),a(t.Gx)))throw Error("bad generator point: equation left != right");function o(e){const{allowedPrivateKeyLengths:r,nByteLength:n,wrapPrivateKey:i,n:s}=t;if(r&&"bigint"!=typeof e){if(lc(e)&&(e=pc(e)),"string"!=typeof e||!r.includes(e.length))throw Error("Invalid key");e=e.padStart(2*n,"0")}let a;try{a="bigint"==typeof e?e:kc(Ic("private key",e,n))}catch(t){throw Error(`private key must be ${n} bytes, hex or bigint, not ${typeof e}`)}return i&&(a=qc(a,s)),Pc("private key",a,gh,s),a}function c(e){if(!(e instanceof l))throw Error("ProjectivePoint expected")}const h=Mc(((e,t)=>{const{px:n,py:i,pz:s}=e;if(r.eql(s,r.ONE))return{x:n,y:i};const a=e.is0();null==t&&(t=a?r.ONE:r.inv(s));const o=r.mul(n,t),c=r.mul(i,t),h=r.mul(s,t);if(a)return{x:r.ZERO,y:r.ZERO};if(!r.eql(h,r.ONE))throw Error("invZ was invalid");return{x:o,y:c}})),u=Mc((e=>{if(e.is0()){if(t.allowInfinityPoint&&!r.is0(e.py))return;throw Error("bad point: ZERO")}const{x:n,y:i}=e.toAffine();if(!r.isValid(n)||!r.isValid(i))throw Error("bad point: x or y not FE");const s=r.sqr(i),o=a(n);if(!r.eql(s,o))throw Error("bad point: equation left != right");if(!e.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));class l{constructor(e,t,n){if(this.px=e,this.py=t,this.pz=n,null==e||!r.isValid(e))throw Error("x required");if(null==t||!r.isValid(t))throw Error("y required");if(null==n||!r.isValid(n))throw Error("z required");Object.freeze(this)}static fromAffine(e){const{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw Error("invalid affine point");if(e instanceof l)throw Error("projective point not allowed");const i=e=>r.eql(e,r.ZERO);return i(t)&&i(n)?l.ZERO:new l(t,n,r.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.pz)));return e.map(((e,r)=>e.toAffine(t[r]))).map(l.fromAffine)}static fromHex(e){const t=l.fromAffine(s(Ic("pointHex",e)));return t.assertValidity(),t}static fromPrivateKey(e){return l.BASE.multiply(o(e))}static msm(e,t){return oh(l,n,e,t)}_setWindowSize(e){f.setWindowSize(this,e)}assertValidity(){u(this)}hasEvenY(){const{y:e}=this.toAffine();if(r.isOdd)return!r.isOdd(e);throw Error("Field doesn't support isOdd")}equals(e){c(e);const{px:t,py:n,pz:i}=this,{px:s,py:a,pz:o}=e,h=r.eql(r.mul(t,o),r.mul(s,i)),u=r.eql(r.mul(n,o),r.mul(a,i));return h&&u}negate(){return new l(this.px,r.neg(this.py),this.pz)}double(){const{a:e,b:n}=t,i=r.mul(n,ph),{px:s,py:a,pz:o}=this;let c=r.ZERO,h=r.ZERO,u=r.ZERO,y=r.mul(s,s),f=r.mul(a,a),g=r.mul(o,o),p=r.mul(s,a);return p=r.add(p,p),u=r.mul(s,o),u=r.add(u,u),c=r.mul(e,u),h=r.mul(i,g),h=r.add(c,h),c=r.sub(f,h),h=r.add(f,h),h=r.mul(c,h),c=r.mul(p,c),u=r.mul(i,u),g=r.mul(e,g),p=r.sub(y,g),p=r.mul(e,p),p=r.add(p,u),u=r.add(y,y),y=r.add(u,y),y=r.add(y,g),y=r.mul(y,p),h=r.add(h,y),g=r.mul(a,o),g=r.add(g,g),y=r.mul(g,p),c=r.sub(c,y),u=r.mul(g,f),u=r.add(u,u),u=r.add(u,u),new l(c,h,u)}add(e){c(e);const{px:n,py:i,pz:s}=this,{px:a,py:o,pz:h}=e;let u=r.ZERO,y=r.ZERO,f=r.ZERO;const g=t.a,p=r.mul(t.b,ph);let d=r.mul(n,a),A=r.mul(i,o),w=r.mul(s,h),m=r.add(n,i),b=r.add(a,o);m=r.mul(m,b),b=r.add(d,A),m=r.sub(m,b),b=r.add(n,s);let k=r.add(a,h);return b=r.mul(b,k),k=r.add(d,w),b=r.sub(b,k),k=r.add(i,s),u=r.add(o,h),k=r.mul(k,u),u=r.add(A,w),k=r.sub(k,u),f=r.mul(g,b),u=r.mul(p,w),f=r.add(u,f),u=r.sub(A,f),f=r.add(A,f),y=r.mul(u,f),A=r.add(d,d),A=r.add(A,d),w=r.mul(g,w),b=r.mul(p,b),A=r.add(A,w),w=r.sub(d,w),w=r.mul(g,w),b=r.add(b,w),d=r.mul(A,b),y=r.add(y,d),d=r.mul(k,b),u=r.mul(m,u),u=r.sub(u,d),d=r.mul(m,A),f=r.mul(k,f),f=r.add(f,d),new l(u,y,f)}subtract(e){return this.add(e.negate())}is0(){return this.equals(l.ZERO)}wNAF(e){return f.wNAFCached(this,e,l.normalizeZ)}multiplyUnsafe(e){Pc("scalar",e,fh,t.n);const n=l.ZERO;if(e===fh)return n;if(e===gh)return this;const{endo:i}=t;if(!i)return f.unsafeLadder(this,e);let{k1neg:s,k1:a,k2neg:o,k2:c}=i.splitScalar(e),h=n,u=n,y=this;for(;a>fh||c>fh;)a&gh&&(h=h.add(y)),c&gh&&(u=u.add(y)),y=y.double(),a>>=gh,c>>=gh;return s&&(h=h.negate()),o&&(u=u.negate()),u=new l(r.mul(u.px,i.beta),u.py,u.pz),h.add(u)}multiply(e){const{endo:n,n:i}=t;let s,a;if(Pc("scalar",e,gh,i),n){const{k1neg:t,k1:i,k2neg:o,k2:c}=n.splitScalar(e);let{p:h,f:u}=this.wNAF(i),{p:y,f:g}=this.wNAF(c);h=f.constTimeNegate(t,h),y=f.constTimeNegate(o,y),y=new l(r.mul(y.px,n.beta),y.py,y.pz),s=h.add(y),a=u.add(g)}else{const{p:t,f:r}=this.wNAF(e);s=t,a=r}return l.normalizeZ([s,a])[0]}multiplyAndAddUnsafe(e,t,r){const n=l.BASE,i=(e,t)=>t!==fh&&t!==gh&&e.equals(n)?e.multiply(t):e.multiplyUnsafe(t),s=i(this,t).add(i(e,r));return s.is0()?void 0:s}toAffine(e){return h(this,e)}isTorsionFree(){const{h:e,isTorsionFree:r}=t;if(e===gh)return!0;if(r)return r(l,this);throw Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:e,clearCofactor:r}=t;return e===gh?this:r?r(l,this):this.multiplyUnsafe(t.h)}toRawBytes(e=!0){return fc("isCompressed",e),this.assertValidity(),i(l,this,e)}toHex(e=!0){return fc("isCompressed",e),pc(this.toRawBytes(e))}}l.BASE=new l(t.Gx,t.Gy,r.ONE),l.ZERO=new l(r.ZERO,r.ONE,r.ZERO);const y=t.nBitLength,f=ah(l,t.endo?Math.ceil(y/2):y);return{CURVE:t,ProjectivePoint:l,normPrivateKeyToScalar:o,weierstrassEquation:a,isWithinCurveOrder:function(e){return Cc(e,gh,t.n)}}}function Ah(e){const t=function(e){const t=ch(e);return Tc(t,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...t})}(e),{Fp:r,n}=t,i=r.BYTES+1,s=2*r.BYTES+1;function a(e){return qc(e,n)}function o(e){return Yc(e,n)}const{ProjectivePoint:c,normPrivateKeyToScalar:h,weierstrassEquation:u,isWithinCurveOrder:l}=dh({...t,toBytes(e,t,n){const i=t.toAffine(),s=r.toBytes(i.x),a=Sc;return fc("isCompressed",n),n?a(Uint8Array.from([t.hasEvenY()?2:3]),s):a(Uint8Array.from([4]),s,r.toBytes(i.y))},fromBytes(e){const t=e.length,n=e[0],a=e.subarray(1);if(t!==i||2!==n&&3!==n){if(t===s&&4===n){return{x:r.fromBytes(a.subarray(0,r.BYTES)),y:r.fromBytes(a.subarray(r.BYTES,2*r.BYTES))}}throw Error(`Point of length ${t} was invalid. Expected ${i} compressed bytes or ${s} uncompressed bytes`)}{const e=kc(a);if(!Cc(e,gh,r.ORDER))throw Error("Point is not on curve");const t=u(e);let i;try{i=r.sqrt(t)}catch(e){const t=e instanceof Error?": "+e.message:"";throw Error("Point is not on curve"+t)}return!(1&~n)!==((i&gh)===gh)&&(i=r.neg(i)),{x:e,y:i}}}}),y=e=>pc(vc(e,t.nByteLength));function f(e){return e>n>>gh}const g=(e,t,r)=>kc(e.slice(t,r));class p{constructor(e,t,r){this.r=e,this.s=t,this.recovery=r,this.assertValidity()}static fromCompact(e){const r=t.nByteLength;return e=Ic("compactSignature",e,2*r),new p(g(e,0,r),g(e,r,2*r))}static fromDER(e){const{r:t,s:r}=yh.toSig(Ic("DER",e));return new p(t,r)}assertValidity(){Pc("r",this.r,gh,n),Pc("s",this.s,gh,n)}addRecoveryBit(e){return new p(this.r,this.s,e)}recoverPublicKey(e){const{r:n,s:i,recovery:s}=this,h=m(Ic("msgHash",e));if(null==s||![0,1,2,3].includes(s))throw Error("recovery id invalid");const u=2===s||3===s?n+t.n:n;if(u>=r.ORDER)throw Error("recovery id 2 or 3 invalid");const l=1&s?"03":"02",f=c.fromHex(l+y(u)),g=o(u),p=a(-h*g),d=a(i*g),A=c.BASE.multiplyAndAddUnsafe(f,p,d);if(!A)throw Error("point at infinify");return A.assertValidity(),A}hasHighS(){return f(this.s)}normalizeS(){return this.hasHighS()?new p(this.r,a(-this.s),this.recovery):this}toDERRawBytes(){return bc(this.toDERHex())}toDERHex(){return yh.hexFromSig({r:this.r,s:this.s})}toCompactRawBytes(){return bc(this.toCompactHex())}toCompactHex(){return y(this.r)+y(this.s)}}const d={isValidPrivateKey(e){try{return h(e),!0}catch(e){return!1}},normPrivateKeyToScalar:h,randomPrivateKey:()=>{const e=th(t.n);return function(e,t,r=!1){const n=e.length,i=eh(t),s=th(t);if(n<16||n1024)throw Error(`expected ${s}-1024 bytes of input, got ${n}`);const a=qc(r?kc(e):Ec(e),t-Hc)+Hc;return r?Bc(a,i):vc(a,i)}(t.randomBytes(e),t.n)},precompute:(e=8,t=c.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)};function A(e){const t=lc(e),r="string"==typeof e,n=(t||r)&&e.length;return t?n===i||n===s:r?n===2*i||n===2*s:e instanceof c}const w=t.bits2int||function(e){const r=kc(e),n=8*e.length-t.nBitLength;return n>0?r>>BigInt(n):r},m=t.bits2int_modN||function(e){return a(w(e))},b=Uc(t.nBitLength);function k(e){return Pc("num < 2^"+t.nBitLength,e,fh,b),vc(e,t.nByteLength)}function E(e,n,i=v){if(["recovered","canonical"].some((e=>e in i)))throw Error("sign() legacy options not supported");const{hash:s,randomBytes:u}=t;let{lowS:y,prehash:g,extraEntropy:d}=i;null==y&&(y=!0),e=Ic("msgHash",e),hh(i),g&&(e=Ic("prehashed msgHash",s(e)));const A=m(e),b=h(n),E=[k(b),k(A)];if(null!=d&&!1!==d){const e=!0===d?u(r.BYTES):d;E.push(Ic("extraEntropy",e))}const B=Sc(...E),I=A;return{seed:B,k2sig:function(e){const t=w(e);if(!l(t))return;const r=o(t),n=c.BASE.multiply(t).toAffine(),i=a(n.x);if(i===fh)return;const s=a(r*a(I+i*b));if(s===fh)return;let h=(n.x===i?0:2)|Number(n.y&gh),u=s;return y&&f(s)&&(u=function(e){return f(e)?a(-e):e}(s),h^=1),new p(i,u,h)}}}const v={lowS:t.lowS,prehash:!1},B={lowS:t.lowS,prehash:!1};return c.BASE._setWindowSize(8),{CURVE:t,getPublicKey:function(e,t=!0){return c.fromPrivateKey(e).toRawBytes(t)},getSharedSecret:function(e,t,r=!0){if(A(e))throw Error("first arg must be private key");if(!A(t))throw Error("second arg must be public key");return c.fromHex(t).multiply(h(e)).toRawBytes(r)},sign:function(e,r,n=v){const{seed:i,k2sig:s}=E(e,r,n),a=t;return Rc(a.hash.outputLen,a.nByteLength,a.hmac)(i,s)},verify:function(e,r,n,i=B){const s=e;if(r=Ic("msgHash",r),n=Ic("publicKey",n),"strict"in i)throw Error("options.strict was renamed to lowS");hh(i);const{lowS:h,prehash:u}=i;let l,y;try{if("string"==typeof s||lc(s))try{l=p.fromDER(s)}catch(e){if(!(e instanceof yh.Err))throw e;l=p.fromCompact(s)}else{if("object"!=typeof s||"bigint"!=typeof s.r||"bigint"!=typeof s.s)throw Error("PARSE");{const{r:e,s:t}=s;l=new p(e,t)}}y=c.fromHex(n)}catch(e){if("PARSE"===e.message)throw Error("signature must be Signature instance, Uint8Array or hex string");return!1}if(h&&l.hasHighS())return!1;u&&(r=t.hash(r));const{r:f,s:g}=l,d=m(r),A=o(g),w=a(d*A),b=a(f*A),k=c.BASE.multiplyAndAddUnsafe(y,w,b)?.toAffine();return!!k&&a(k.x)===f},ProjectivePoint:c,Signature:p,utils:d}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function wh(e){return{hash:e,hmac:(t,...r)=>oc(e,t,qo(...r)),randomBytes:Yo}}function mh(e,t){const r=t=>Ah({...e,...wh(t)});return Object.freeze({...r(t),create:r})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */BigInt(4);const bh=Xc(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff")),kh=mh({a:bh.create(BigInt("-3")),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Fp:bh,n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),h:BigInt(1),lowS:!1},ic),Eh=/* @__PURE__ */BigInt(2**32-1),vh=/* @__PURE__ */BigInt(32);function Bh(e,t=!1){return t?{h:Number(e&Eh),l:Number(e>>vh&Eh)}:{h:0|Number(e>>vh&Eh),l:0|Number(e&Eh)}}function Ih(e,t=!1){let r=new Uint32Array(e.length),n=new Uint32Array(e.length);for(let i=0;ie<>>32-r,Kh=(e,t,r)=>t<>>32-r,Ch=(e,t,r)=>t<>>64-r,Ph=(e,t,r)=>e<>>64-r;const Dh={fromBig:Bh,split:Ih,toBig:(e,t)=>BigInt(e>>>0)<>>0),shrSH:(e,t,r)=>e>>>r,shrSL:(e,t,r)=>e<<32-r|t>>>r,rotrSH:(e,t,r)=>e>>>r|t<<32-r,rotrSL:(e,t,r)=>e<<32-r|t>>>r,rotrBH:(e,t,r)=>e<<64-r|t>>>r-32,rotrBL:(e,t,r)=>e>>>r-32|t<<64-r,rotr32H:(e,t)=>t,rotr32L:(e,t)=>e,rotlSH:Sh,rotlSL:Kh,rotlBH:Ch,rotlBL:Ph,add:function(e,t,r,n){const i=(t>>>0)+(n>>>0);return{h:e+r+(i/2**32|0)|0,l:0|i}},add3L:(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),add3H:(e,t,r,n)=>t+r+n+(e/2**32|0)|0,add4L:(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),add4H:(e,t,r,n,i)=>t+r+n+i+(e/2**32|0)|0,add5H:(e,t,r,n,i,s)=>t+r+n+i+s+(e/2**32|0)|0,add5L:(e,t,r,n,i)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(i>>>0)},[Uh,xh]=/* @__PURE__ */(()=>Dh.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((e=>BigInt(e)))))(),Qh=/* @__PURE__ */new Uint32Array(80),Rh=/* @__PURE__ */new Uint32Array(80);class Lh extends $o{constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}get(){const{Ah:e,Al:t,Bh:r,Bl:n,Ch:i,Cl:s,Dh:a,Dl:o,Eh:c,El:h,Fh:u,Fl:l,Gh:y,Gl:f,Hh:g,Hl:p}=this;return[e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p]}set(e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p){this.Ah=0|e,this.Al=0|t,this.Bh=0|r,this.Bl=0|n,this.Ch=0|i,this.Cl=0|s,this.Dh=0|a,this.Dl=0|o,this.Eh=0|c,this.El=0|h,this.Fh=0|u,this.Fl=0|l,this.Gh=0|y,this.Gl=0|f,this.Hh=0|g,this.Hl=0|p}process(e,t){for(let r=0;r<16;r++,t+=4)Qh[r]=e.getUint32(t),Rh[r]=e.getUint32(t+=4);for(let e=16;e<80;e++){const t=0|Qh[e-15],r=0|Rh[e-15],n=Dh.rotrSH(t,r,1)^Dh.rotrSH(t,r,8)^Dh.shrSH(t,r,7),i=Dh.rotrSL(t,r,1)^Dh.rotrSL(t,r,8)^Dh.shrSL(t,r,7),s=0|Qh[e-2],a=0|Rh[e-2],o=Dh.rotrSH(s,a,19)^Dh.rotrBH(s,a,61)^Dh.shrSH(s,a,6),c=Dh.rotrSL(s,a,19)^Dh.rotrBL(s,a,61)^Dh.shrSL(s,a,6),h=Dh.add4L(i,c,Rh[e-7],Rh[e-16]),u=Dh.add4H(h,n,o,Qh[e-7],Qh[e-16]);Qh[e]=0|u,Rh[e]=0|h}let{Ah:r,Al:n,Bh:i,Bl:s,Ch:a,Cl:o,Dh:c,Dl:h,Eh:u,El:l,Fh:y,Fl:f,Gh:g,Gl:p,Hh:d,Hl:A}=this;for(let e=0;e<80;e++){const t=Dh.rotrSH(u,l,14)^Dh.rotrSH(u,l,18)^Dh.rotrBH(u,l,41),w=Dh.rotrSL(u,l,14)^Dh.rotrSL(u,l,18)^Dh.rotrBL(u,l,41),m=u&y^~u&g,b=l&f^~l&p,k=Dh.add5L(A,w,b,xh[e],Rh[e]),E=Dh.add5H(k,d,t,m,Uh[e],Qh[e]),v=0|k,B=Dh.rotrSH(r,n,28)^Dh.rotrBH(r,n,34)^Dh.rotrBH(r,n,39),I=Dh.rotrSL(r,n,28)^Dh.rotrBL(r,n,34)^Dh.rotrBL(r,n,39),S=r&i^r&a^i&a,K=n&s^n&o^s&o;d=0|g,A=0|p,g=0|y,p=0|f,y=0|u,f=0|l,({h:u,l}=Dh.add(0|c,0|h,0|E,0|v)),c=0|a,h=0|o,a=0|i,o=0|s,i=0|r,s=0|n;const C=Dh.add3L(v,I,K);r=Dh.add3H(C,E,B,S),n=0|C}({h:r,l:n}=Dh.add(0|this.Ah,0|this.Al,0|r,0|n)),({h:i,l:s}=Dh.add(0|this.Bh,0|this.Bl,0|i,0|s)),({h:a,l:o}=Dh.add(0|this.Ch,0|this.Cl,0|a,0|o)),({h:c,l:h}=Dh.add(0|this.Dh,0|this.Dl,0|c,0|h)),({h:u,l}=Dh.add(0|this.Eh,0|this.El,0|u,0|l)),({h:y,l:f}=Dh.add(0|this.Fh,0|this.Fl,0|y,0|f)),({h:g,l:p}=Dh.add(0|this.Gh,0|this.Gl,0|g,0|p)),({h:d,l:A}=Dh.add(0|this.Hh,0|this.Hl,0|d,0|A)),this.set(r,n,i,s,a,o,c,h,u,l,y,f,g,p,d,A)}roundClean(){Qh.fill(0),Rh.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class Th extends Lh{constructor(){super(),this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const Mh=/* @__PURE__ */Jo((()=>new Lh)),Nh=/* @__PURE__ */Jo((()=>new Th)),Fh=Xc(BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff")),Hh=mh({a:Fh.create(BigInt("-3")),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Fp:Fh,n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),h:BigInt(1),lowS:!1},Nh),Oh=Xc(BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")),zh={a:Oh.create(BigInt("-3")),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Fp:Oh,n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"),h:BigInt(1)},_h=mh({a:zh.a,b:zh.b,Fp:Oh,n:zh.n,Gx:zh.Gx,Gy:zh.Gy,h:zh.h,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},Mh),Gh=[],jh=[],qh=[],Vh=/* @__PURE__ */BigInt(0),Jh=/* @__PURE__ */BigInt(1),Yh=/* @__PURE__ */BigInt(2),Wh=/* @__PURE__ */BigInt(7),Zh=/* @__PURE__ */BigInt(256),$h=/* @__PURE__ */BigInt(113);for(let e=0,t=Jh,r=1,n=0;e<24;e++){[r,n]=[n,(2*r+3*n)%5],Gh.push(2*(5*n+r)),jh.push((e+1)*(e+2)/2%64);let i=Vh;for(let e=0;e<7;e++)t=(t<>Wh)*$h)%Zh,t&Yh&&(i^=Jh<<(Jh<r>32?Ch(e,t,r):Sh(e,t,r),ru=(e,t,r)=>r>32?Ph(e,t,r):Kh(e,t,r);class nu extends Vo{constructor(e,t,r,n=!1,i=24){if(super(),this.blockLen=e,this.suffix=t,this.outputLen=r,this.enableXOF=n,this.rounds=i,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,Ro(r),0>=this.blockLen||this.blockLen>=200)throw Error("Sha3 supports only keccak-f1600 function");var s;this.state=new Uint8Array(200),this.state32=(s=this.state,new Uint32Array(s.buffer,s.byteOffset,Math.floor(s.byteLength/4)))}keccak(){zo||_o(this.state32),function(e,t=24){const r=new Uint32Array(10);for(let n=24-t;n<24;n++){for(let t=0;t<10;t++)r[t]=e[t]^e[t+10]^e[t+20]^e[t+30]^e[t+40];for(let t=0;t<10;t+=2){const n=(t+8)%10,i=(t+2)%10,s=r[i],a=r[i+1],o=tu(s,a,1)^r[n],c=ru(s,a,1)^r[n+1];for(let r=0;r<50;r+=10)e[t+r]^=o,e[t+r+1]^=c}let t=e[2],i=e[3];for(let r=0;r<24;r++){const n=jh[r],s=tu(t,i,n),a=ru(t,i,n),o=Gh[r];t=e[o],i=e[o+1],e[o]=s,e[o+1]=a}for(let t=0;t<50;t+=10){for(let n=0;n<10;n++)r[n]=e[t+n];for(let n=0;n<10;n++)e[t+n]^=~r[(n+2)%10]&r[(n+4)%10]}e[0]^=Xh[n],e[1]^=eu[n]}r.fill(0)}(this.state32,this.rounds),zo||_o(this.state32),this.posOut=0,this.pos=0}update(e){To(this);const{blockLen:t,state:r}=this,n=(e=jo(e)).length;for(let i=0;i=r&&this.keccak();const s=Math.min(r-this.posOut,i-n);e.set(t.subarray(this.posOut,this.posOut+s),n),this.posOut+=s,n+=s}return e}xofInto(e){if(!this.enableXOF)throw Error("XOF is not possible for this instance");return this.writeInto(e)}xof(e){return Ro(e),this.xofInto(new Uint8Array(e))}digestInto(e){if(Mo(e,this),this.finished)throw Error("digest() was already called");return this.writeInto(e),this.destroy(),e}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(e){const{blockLen:t,suffix:r,outputLen:n,rounds:i,enableXOF:s}=this;return e||(e=new nu(t,r,n,s,i)),e.state32.set(this.state32),e.pos=this.pos,e.posOut=this.posOut,e.finished=this.finished,e.rounds=i,e.suffix=r,e.outputLen=n,e.enableXOF=s,e.destroyed=this.destroyed,e}}const iu=(e,t,r)=>Jo((()=>new nu(t,e,r))),su=/* @__PURE__ */iu(6,136,32),au=/* @__PURE__ */iu(6,72,64),ou=/* @__PURE__ */((e,t,r)=>function(e){const t=(t,r)=>e(r).update(jo(t)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=t=>e(t),t}(((n={})=>new nu(t,e,void 0===n.dkLen?r:n.dkLen,!0))))(31,136,32),cu=BigInt(0),hu=BigInt(1),uu=BigInt(2),lu=BigInt(8),yu={zip215:!0};function fu(e){const t=function(e){const t=ch(e);return Tc(e,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...t})}(e),{Fp:r,n,prehash:i,hash:s,randomBytes:a,nByteLength:o,h:c}=t,h=uu<{try{return{isValid:!0,value:r.sqrt(e*r.inv(t))}}catch(e){return{isValid:!1,value:cu}}}),f=t.adjustScalarBytes||(e=>e),g=t.domain||((e,t,r)=>{if(fc("phflag",r),t.length||r)throw Error("Contexts/pre-hash are not supported");return e});function p(e,t){Pc("coordinate "+e,t,cu,h)}function d(e){if(!(e instanceof m))throw Error("ExtendedPoint expected")}const A=Mc(((e,t)=>{const{ex:n,ey:i,ez:s}=e,a=e.is0();null==t&&(t=a?lu:r.inv(s));const o=u(n*t),c=u(i*t),h=u(s*t);if(a)return{x:cu,y:hu};if(h!==hu)throw Error("invZ was invalid");return{x:o,y:c}})),w=Mc((e=>{const{a:r,d:n}=t;if(e.is0())throw Error("bad point: ZERO");const{ex:i,ey:s,ez:a,et:o}=e,c=u(i*i),h=u(s*s),l=u(a*a),y=u(l*l),f=u(c*r);if(u(l*u(f+h))!==u(y+u(n*u(c*h))))throw Error("bad point: equation left != right (1)");if(u(i*s)!==u(a*o))throw Error("bad point: equation left != right (2)");return!0}));class m{constructor(e,t,r,n){this.ex=e,this.ey=t,this.ez=r,this.et=n,p("x",e),p("y",t),p("z",r),p("t",n),Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(e){if(e instanceof m)throw Error("extended point not allowed");const{x:t,y:r}=e||{};return p("x",t),p("y",r),new m(t,r,hu,u(t*r))}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.ez)));return e.map(((e,r)=>e.toAffine(t[r]))).map(m.fromAffine)}static msm(e,t){return oh(m,l,e,t)}_setWindowSize(e){E.setWindowSize(this,e)}assertValidity(){w(this)}equals(e){d(e);const{ex:t,ey:r,ez:n}=this,{ex:i,ey:s,ez:a}=e,o=u(t*a),c=u(i*n),h=u(r*a),l=u(s*n);return o===c&&h===l}is0(){return this.equals(m.ZERO)}negate(){return new m(u(-this.ex),this.ey,this.ez,u(-this.et))}double(){const{a:e}=t,{ex:r,ey:n,ez:i}=this,s=u(r*r),a=u(n*n),o=u(uu*u(i*i)),c=u(e*s),h=r+n,l=u(u(h*h)-s-a),y=c+a,f=y-o,g=c-a,p=u(l*f),d=u(y*g),A=u(l*g),w=u(f*y);return new m(p,d,w,A)}add(e){d(e);const{a:r,d:n}=t,{ex:i,ey:s,ez:a,et:o}=this,{ex:c,ey:h,ez:l,et:y}=e;if(r===BigInt(-1)){const e=u((s-i)*(h+c)),t=u((s+i)*(h-c)),r=u(t-e);if(r===cu)return this.double();const n=u(a*uu*y),f=u(o*uu*l),g=f+n,p=t+e,d=f-n,A=u(g*r),w=u(p*d),b=u(g*d),k=u(r*p);return new m(A,w,k,b)}const f=u(i*c),g=u(s*h),p=u(o*n*y),A=u(a*l),w=u((i+s)*(c+h)-f-g),b=A-p,k=A+p,E=u(g-r*f),v=u(w*b),B=u(k*E),I=u(w*E),S=u(b*k);return new m(v,B,S,I)}subtract(e){return this.add(e.negate())}wNAF(e){return E.wNAFCached(this,e,m.normalizeZ)}multiply(e){const t=e;Pc("scalar",t,hu,n);const{p:r,f:i}=this.wNAF(t);return m.normalizeZ([r,i])[0]}multiplyUnsafe(e){const t=e;return Pc("scalar",t,cu,n),t===cu?k:this.equals(k)||t===hu?this:this.equals(b)?this.wNAF(t).p:E.unsafeLadder(this,t)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}isTorsionFree(){return E.unsafeLadder(this,n).is0()}toAffine(e){return A(this,e)}clearCofactor(){const{h:e}=t;return e===hu?this:this.multiplyUnsafe(e)}static fromHex(e,n=!1){const{d:i,a:s}=t,a=r.BYTES;e=Ic("pointHex",e,a),fc("zip215",n);const o=e.slice(),c=e[a-1];o[a-1]=-129&c;const l=Ec(o),f=n?h:r.ORDER;Pc("pointHex.y",l,cu,f);const g=u(l*l),p=u(g-hu),d=u(i*g-s);let{isValid:A,value:w}=y(p,d);if(!A)throw Error("Point.fromHex: invalid y coordinate");const b=(w&hu)===hu,k=!!(128&c);if(!n&&w===cu&&k)throw Error("Point.fromHex: x=0 and x_0=1");return k!==b&&(w=u(-w)),m.fromAffine({x:w,y:l})}static fromPrivateKey(e){return I(e).point}toRawBytes(){const{x:e,y:t}=this.toAffine(),n=Bc(t,r.BYTES);return n[n.length-1]|=e&hu?128:0,n}toHex(){return pc(this.toRawBytes())}}m.BASE=new m(t.Gx,t.Gy,hu,u(t.Gx*t.Gy)),m.ZERO=new m(cu,hu,hu,cu);const{BASE:b,ZERO:k}=m,E=ah(m,8*o);function v(e){return qc(e,n)}function B(e){return v(Ec(e))}function I(e){const t=o;e=Ic("private key",e,t);const r=Ic("hashed private key",s(e),2*t),n=f(r.slice(0,t)),i=r.slice(t,2*t),a=B(n),c=b.multiply(a),h=c.toRawBytes();return{head:n,prefix:i,scalar:a,point:c,pointBytes:h}}function S(e=new Uint8Array,...t){const r=Sc(...t);return B(s(g(r,Ic("context",e),!!i)))}const K=yu;b._setWindowSize(8);return{CURVE:t,getPublicKey:function(e){return I(e).pointBytes},sign:function(e,t,s={}){e=Ic("message",e),i&&(e=i(e));const{prefix:a,scalar:c,pointBytes:h}=I(t),u=S(s.context,a,e),l=b.multiply(u).toRawBytes(),y=v(u+S(s.context,l,h,e)*c);return Pc("signature.s",y,cu,n),Ic("result",Sc(l,Bc(y,r.BYTES)),2*o)},verify:function(e,t,n,s=K){const{context:a,zip215:o}=s,c=r.BYTES;e=Ic("signature",e,2*c),t=Ic("message",t),void 0!==o&&fc("zip215",o),i&&(t=i(t));const h=Ec(e.slice(c,2*c));let u,l,y;try{u=m.fromHex(n,o),l=m.fromHex(e.slice(0,c),o),y=b.multiplyUnsafe(h)}catch(e){return!1}if(!o&&u.isSmallOrder())return!1;const f=S(a,l.toRawBytes(),u.toRawBytes(),t);return l.add(u.multiplyUnsafe(f)).subtract(y).clearCofactor().equals(m.ZERO)},ExtendedPoint:m,utils:{getExtendedPublicKey:I,randomPrivateKey:()=>a(r.BYTES),precompute:(e=8,t=m.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)}}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const gu=BigInt(0),pu=BigInt(1);function du(e){const t=(Tc(r=e,{a:"bigint"},{montgomeryBits:"isSafeInteger",nByteLength:"isSafeInteger",adjustScalarBytes:"function",domain:"function",powPminus2:"function",Gu:"bigint"}),Object.freeze({...r}));var r;const{P:n}=t,i=e=>qc(e,n),s=t.montgomeryBits,a=Math.ceil(s/8),o=t.nByteLength,c=t.adjustScalarBytes||(e=>e),h=t.powPminus2||(e=>Vc(e,n-BigInt(2),n));function u(e,t,r){const n=i(e*(t-r));return[t=i(t-n),r=i(r+n)]}const l=(t.a-BigInt(2))/BigInt(4);function y(e){return Bc(i(e),a)}function f(e,t){const r=function(e){const t=Ic("u coordinate",e,a);return 32===o&&(t[31]&=127),Ec(t)}(t),f=function(e){const t=Ic("scalar",e),r=t.length;if(r!==a&&r!==o)throw Error(`Expected ${a} or ${o} bytes, got ${r}`);return Ec(c(t))}(e),g=function(e,t){Pc("u",e,gu,n),Pc("scalar",t,gu,n);const r=t,a=e;let o,c=pu,y=gu,f=e,g=pu,p=gu;for(let e=BigInt(s-1);e>=gu;e--){const t=r>>e&pu;p^=t,o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1],p=t;const n=c+y,s=i(n*n),h=c-y,d=i(h*h),A=s-d,w=f+g,m=i((f-g)*n),b=i(w*h),k=m+b,E=m-b;f=i(k*k),g=i(a*i(E*E)),c=i(s*d),y=i(A*(s+i(l*A)))}o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1];const d=h(y);return i(c*d)}(r,f);if(g===gu)throw Error("Invalid private or public key received");return y(g)}const g=y(t.Gu);function p(e){return f(e,g)}return{scalarMult:f,scalarMultBase:p,getSharedSecret:(e,t)=>f(e,t),getPublicKey:e=>p(e),utils:{randomPrivateKey:()=>t.randomBytes(t.nByteLength)},GuBytes:g}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Au=Jo((()=>ou.create({dkLen:114}))),wu=(Jo((()=>ou.create({dkLen:64}))),BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439")),mu=BigInt(1),bu=BigInt(2),ku=BigInt(3);BigInt(4);const Eu=BigInt(11),vu=BigInt(22),Bu=BigInt(44),Iu=BigInt(88),Su=BigInt(223);function Ku(e){const t=wu,r=e*e*e%t,n=r*r*e%t,i=Jc(n,ku,t)*n%t,s=Jc(i,ku,t)*n%t,a=Jc(s,bu,t)*r%t,o=Jc(a,Eu,t)*a%t,c=Jc(o,vu,t)*o%t,h=Jc(c,Bu,t)*c%t,u=Jc(h,Iu,t)*h%t,l=Jc(u,Bu,t)*c%t,y=Jc(l,bu,t)*r%t,f=Jc(y,mu,t)*e%t;return Jc(f,Su,t)*y%t}function Cu(e){return e[0]&=252,e[55]|=128,e[56]=0,e}const Pu=Xc(wu,456,!0),Du={a:BigInt(1),d:BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358"),Fp:Pu,n:BigInt("181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779"),nBitLength:456,h:BigInt(4),Gx:BigInt("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710"),Gy:BigInt("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660"),hash:Au,randomBytes:Yo,adjustScalarBytes:Cu,domain:(e,t,r)=>{if(t.length>255)throw Error("Context is too big: "+t.length);return qo(Go("SigEd448"),new Uint8Array([r?1:0,t.length]),t,e)},uvRatio:function(e,t){const r=wu,n=qc(e*e*t,r),i=qc(n*e,r),s=qc(i*n*t,r),a=qc(i*Ku(s),r),o=qc(a*a,r);return{isValid:qc(o*t,r)===e,value:a}}},Uu=/* @__PURE__ */fu(Du),xu=/* @__PURE__ */(()=>du({a:BigInt(156326),montgomeryBits:448,nByteLength:56,P:wu,Gu:BigInt(5),powPminus2:e=>{const t=wu;return qc(Jc(Ku(e),BigInt(2),t)*e,t)},adjustScalarBytes:Cu,randomBytes:Yo}))();Pu.ORDER,BigInt(3),BigInt(4),BigInt(156326),BigInt("39082"),BigInt("78163"),BigInt("98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214"),BigInt("315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716"),BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const Qu=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),Ru=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),Lu=BigInt(1),Tu=BigInt(2),Mu=(e,t)=>(e+t/Tu)/t;const Nu=Xc(Qu,void 0,void 0,{sqrt:function(e){const t=Qu,r=BigInt(3),n=BigInt(6),i=BigInt(11),s=BigInt(22),a=BigInt(23),o=BigInt(44),c=BigInt(88),h=e*e*e%t,u=h*h*e%t,l=Jc(u,r,t)*u%t,y=Jc(l,r,t)*u%t,f=Jc(y,Tu,t)*h%t,g=Jc(f,i,t)*f%t,p=Jc(g,s,t)*g%t,d=Jc(p,o,t)*p%t,A=Jc(d,c,t)*d%t,w=Jc(A,o,t)*p%t,m=Jc(w,r,t)*u%t,b=Jc(m,a,t)*g%t,k=Jc(b,n,t)*h%t,E=Jc(k,Tu,t);if(!Nu.eql(Nu.sqr(E),e))throw Error("Cannot find square root");return E}}),Fu=mh({a:BigInt(0),b:BigInt(7),Fp:Nu,n:Ru,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const t=Ru,r=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),n=-Lu*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=r,a=BigInt("0x100000000000000000000000000000000"),o=Mu(s*e,t),c=Mu(-n*e,t);let h=qc(e-o*r-c*i,t),u=qc(-o*n-c*s,t);const l=h>a,y=u>a;if(l&&(h=t-h),y&&(u=t-u),h>a||u>a)throw Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:l,k1:h,k2neg:y,k2:u}}}},ic);BigInt(0),Fu.ProjectivePoint;const Hu=Xc(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),Ou=mh({a:Hu.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:Hu,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},ic),zu=Xc(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),_u=mh({a:zu.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:zu,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},Nh),Gu=Xc(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),ju=mh({a:Gu.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:Gu,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},Mh),qu=new Map(Object.entries({nistP256:kh,nistP384:Hh,nistP521:_h,brainpoolP256r1:Ou,brainpoolP384r1:_u,brainpoolP512r1:ju,secp256k1:Fu,x448:xu,ed448:Uu}));var Vu=/*#__PURE__*/Object.freeze({__proto__:null,nobleCurves:qu});function Ju(e,t,r,n,i,s){const a=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],h=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],u=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],y=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],f=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let g,p,d,A,w,m,b,k,E,v,B=0,I=t.length;const S=32===e.length?3:9;k=3===S?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e){const t=8-e.length%8;let r;if(!(t<8)){if(8===t)return e;throw Error("des: invalid padding")}r=0;const n=new Uint8Array(e.length+t);for(let t=0;t>>4^b),b^=d,m^=d<<4,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,m=m<<1|m>>>31,b=b<<1|b>>>31,p=0;p>>4|b<<28)^e[g+1],d=m,m=b,b=d^(o[A>>>24&63]|h[A>>>16&63]|l[A>>>8&63]|f[63&A]|a[w>>>24&63]|c[w>>>16&63]|u[w>>>8&63]|y[63&w]);d=m,m=b,b=d}m=m>>>1|m<<31,b=b>>>1|b<<31,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=252645135&(m>>>4^b),b^=d,m^=d<<4,K[C++]=m>>>24,K[C++]=m>>>16&255,K[C++]=m>>>8&255,K[C++]=255&m,K[C++]=b>>>24,K[C++]=b>>>16&255,K[C++]=b>>>8&255,K[C++]=255&b}return r||(K=function(e){let t,r=null;if(t=0,!r){for(r=1;e[e.length-r]===t;)r++;r--}return e.subarray(0,e.length-r)}(K)),K}function Yu(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],i=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],s=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],a=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],h=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],u=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],y=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],f=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],g=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],p=e.length>8?3:1,d=Array(32*p),A=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let w,m,b,k=0,E=0;for(let v=0;v>>4^v),v^=b,p^=b<<4,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=858993459&(p>>>2^v),v^=b,p^=b<<2,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=16711935&(v>>>8^p),p^=b,v^=b<<8,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=p<<8|v>>>20&240,p=v<<24|v<<8&16711680|v>>>8&65280|v>>>24&240,v=b;for(let e=0;e<16;e++)A[e]?(p=p<<2|p>>>26,v=v<<2|v>>>26):(p=p<<1|p>>>27,v=v<<1|v>>>27),p&=-15,v&=-15,w=t[p>>>28]|r[p>>>24&15]|n[p>>>20&15]|i[p>>>16&15]|s[p>>>12&15]|a[p>>>8&15]|o[p>>>4&15],m=c[v>>>28]|h[v>>>24&15]|u[v>>>20&15]|l[v>>>16&15]|y[v>>>12&15]|f[v>>>8&15]|g[v>>>4&15],b=65535&(m>>>16^w),d[E++]=w^b,d[E++]=m^b<<16}return d}function Wu(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Ju(Yu(this.key[2]),Ju(Yu(this.key[1]),Ju(Yu(this.key[0]),e,!0),!1),!0)}}function Zu(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>>16&255,t[s+6]=o>>>8&255,t[s+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>16&255,t[s+6]=o>>8&255,t[s+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const n=t+e,i=n<>>32-r;return(s[0][i>>>24]^s[1][i>>>16&255])-s[2][i>>>8&255]+s[3][255&i]}function n(e,t,r){const n=t^e,i=n<>>32-r;return s[0][i>>>24]-s[1][i>>>16&255]+s[2][i>>>8&255]^s[3][255&i]}function i(e,t,r){const n=t-e,i=n<>>32-r;return(s[0][i>>>24]+s[1][i>>>16&255]^s[2][i>>>8&255])-s[3][255&i]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const n=[,,,,,,,,],i=Array(32);let a;for(let e=0;e<4;e++)a=4*e,n[e]=r[a]<<24|r[a+1]<<16|r[a+2]<<8|r[a+3];const o=[6,7,4,5];let c,h=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(a=0;a<4;a++){const t=e[r][a];c=n[t[1]],c^=s[4][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=s[5][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=s[6][n[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=s[7][n[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=s[o[a]][n[t[6]>>>2]>>>24-8*(3&t[6])&255],n[t[0]]=c}for(a=0;a<4;a++){const e=t[r][a];c=s[4][n[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=s[5][n[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=s[6][n[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=s[7][n[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=s[4+a][n[e[4]>>>2]>>>24-8*(3&e[4])&255],i[h]=c,h++}}for(let e=0;e<16;e++)this.masking[e]=i[e],this.rotate[e]=31&i[16+e]};const s=[,,,,,,,,];s[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],s[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],s[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],s[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],s[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],s[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],s[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],s[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function $u(e){this.cast5=new Zu,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}Wu.keySize=Wu.prototype.keySize=24,Wu.blockSize=Wu.prototype.blockSize=8,$u.blockSize=$u.prototype.blockSize=8,$u.keySize=$u.prototype.keySize=16;const Xu=4294967295;function el(e,t){return(e<>>32-t)&Xu}function tl(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function rl(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function nl(e,t){return e>>>8*t&255}function il(e){this.tf=function(){let e=null,t=null,r=-1,n=[],i=[[],[],[],[]];function s(e){return i[0][nl(e,0)]^i[1][nl(e,1)]^i[2][nl(e,2)]^i[3][nl(e,3)]}function a(e){return i[0][nl(e,3)]^i[1][nl(e,0)]^i[2][nl(e,1)]^i[3][nl(e,2)]}function o(e,t){let r=s(t[0]),i=a(t[1]);t[2]=el(t[2]^r+i+n[4*e+8]&Xu,31),t[3]=el(t[3],1)^r+2*i+n[4*e+9]&Xu,r=s(t[2]),i=a(t[3]),t[0]=el(t[0]^r+i+n[4*e+10]&Xu,31),t[1]=el(t[1],1)^r+2*i+n[4*e+11]&Xu}function c(e,t){let r=s(t[0]),i=a(t[1]);t[2]=el(t[2],1)^r+i+n[4*e+10]&Xu,t[3]=el(t[3]^r+2*i+n[4*e+11]&Xu,31),r=s(t[2]),i=a(t[3]),t[0]=el(t[0],1)^r+i+n[4*e+8]&Xu,t[1]=el(t[1]^r+2*i+n[4*e+9]&Xu,31)}return{name:"twofish",blocksize:16,open:function(t){let r,s,a,o,c;e=t;const h=[],u=[],l=[];let y;const f=[];let g,p,d;const A=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],m=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],b=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],k=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],E=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],v=[[],[]],B=[[],[],[],[]];function I(e){return e^e>>2^[0,90,180,238][3&e]}function S(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function K(e,t){let r,n,i;for(r=0;r<8;r++)n=t>>>24,t=t<<8&Xu|e>>>24,e=e<<8&Xu,i=n<<1,128&n&&(i^=333),t^=n^i<<16,i^=n>>>1,1&n&&(i^=166),t^=i<<24|i<<8;return t}function C(e,t){const r=t>>4,n=15&t,i=A[e][r^n],s=w[e][k[n]^E[r]];return b[e][k[s]^E[i]]<<4|m[e][i^s]}function P(e,t){let r=nl(e,0),n=nl(e,1),i=nl(e,2),s=nl(e,3);switch(y){case 4:r=v[1][r]^nl(t[3],0),n=v[0][n]^nl(t[3],1),i=v[0][i]^nl(t[3],2),s=v[1][s]^nl(t[3],3);case 3:r=v[1][r]^nl(t[2],0),n=v[1][n]^nl(t[2],1),i=v[0][i]^nl(t[2],2),s=v[0][s]^nl(t[2],3);case 2:r=v[0][v[0][r]^nl(t[1],0)]^nl(t[0],0),n=v[0][v[1][n]^nl(t[1],1)]^nl(t[0],1),i=v[1][v[0][i]^nl(t[1],2)]^nl(t[0],2),s=v[1][v[1][s]^nl(t[1],3)]^nl(t[0],3)}return B[0][r]^B[1][n]^B[2][i]^B[3][s]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=tl(e,r);for(r=0;r<256;r++)v[0][r]=C(0,r),v[1][r]=C(1,r);for(r=0;r<256;r++)g=v[1][r],p=I(g),d=S(g),B[0][r]=g+(p<<8)+(d<<16)+(d<<24),B[2][r]=p+(d<<8)+(g<<16)+(d<<24),g=v[0][r],p=I(g),d=S(g),B[1][r]=d+(d<<8)+(p<<16)+(g<<24),B[3][r]=p+(g<<8)+(d<<16)+(p<<24);for(y=l.length/2,r=0;r=0;e--)c(e,s);rl(t,r,s[2]^n[0]),rl(t,r+4,s[3]^n[1]),rl(t,r+8,s[0]^n[2]),rl(t,r+12,s[1]^n[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function sl(){}function al(e){this.bf=new sl,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}il.keySize=il.prototype.keySize=32,il.blockSize=il.prototype.blockSize=16,sl.prototype.BLOCKSIZE=8,sl.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],sl.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],sl.prototype.NN=16,sl.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},sl.prototype._F=function(e){let t;const r=255&e,n=255&(e>>>=8),i=255&(e>>>=8),s=255&(e>>>=8);return t=this.sboxes[0][s]+this.sboxes[1][i],t^=this.sboxes[2][n],t+=this.sboxes[3][r],t},sl.prototype._encryptBlock=function(e){let t,r=e[0],n=e[1];for(t=0;t>>24-8*t&255,i[t+n]=r[1]>>>24-8*t&255;return i},sl.prototype._decryptBlock=function(e){let t,r=e[0],n=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],n=this._F(r)^n;const e=r;r=n,n=e}r^=this.parray[1],n^=this.parray[0],e[0]=this._clean(n),e[1]=this._clean(r)},sl.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^n}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const n=[0,0];for(t=0;tnew ll)),fl=/* @__PURE__ */new Uint8Array([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),gl=/* @__PURE__ */new Uint8Array(Array(16).fill(0).map(((e,t)=>t))),pl=/* @__PURE__ */gl.map((e=>(9*e+5)%16));let dl=[gl],Al=[pl];for(let e=0;e<4;e++)for(let t of[dl,Al])t.push(t[e].map((e=>fl[e])));const wl=/* @__PURE__ */[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map((e=>new Uint8Array(e))),ml=/* @__PURE__ */dl.map(((e,t)=>e.map((e=>wl[t][e])))),bl=/* @__PURE__ */Al.map(((e,t)=>e.map((e=>wl[t][e])))),kl=/* @__PURE__ */new Uint32Array([0,1518500249,1859775393,2400959708,2840853838]),El=/* @__PURE__ */new Uint32Array([1352829926,1548603684,1836072691,2053994217,0]);function vl(e,t,r,n){return 0===e?t^r^n:1===e?t&r|~t&n:2===e?(t|~r)^n:3===e?t&n|r&~n:t^(r|~n)}const Bl=/* @__PURE__ */new Uint32Array(16);class Il extends $o{constructor(){super(64,20,8,!0),this.h0=1732584193,this.h1=-271733879,this.h2=-1732584194,this.h3=271733878,this.h4=-1009589776}get(){const{h0:e,h1:t,h2:r,h3:n,h4:i}=this;return[e,t,r,n,i]}set(e,t,r,n,i){this.h0=0|e,this.h1=0|t,this.h2=0|r,this.h3=0|n,this.h4=0|i}process(e,t){for(let r=0;r<16;r++,t+=4)Bl[r]=e.getUint32(t,!0);let r=0|this.h0,n=r,i=0|this.h1,s=i,a=0|this.h2,o=a,c=0|this.h3,h=c,u=0|this.h4,l=u;for(let e=0;e<5;e++){const t=4-e,y=kl[e],f=El[e],g=dl[e],p=Al[e],d=ml[e],A=bl[e];for(let t=0;t<16;t++){const n=Oo(r+vl(e,i,a,c)+Bl[g[t]]+y,d[t])+u|0;r=u,u=c,c=0|Oo(a,10),a=i,i=n}for(let e=0;e<16;e++){const r=Oo(n+vl(t,s,o,h)+Bl[p[e]]+f,A[e])+l|0;n=l,l=h,h=0|Oo(o,10),o=s,s=r}}this.set(this.h1+a+h|0,this.h2+c+l|0,this.h3+u+n|0,this.h4+r+s|0,this.h0+i+o|0)}roundClean(){Bl.fill(0)}destroy(){this.destroyed=!0,this.buffer.fill(0),this.set(0,0,0,0,0)}}const Sl=new Map(Object.entries({sha1:yl,sha224:sc,sha256:ic,sha384:Nh,sha512:Mh,sha3_256:su,sha3_512:au,ripemd160:/* @__PURE__ */Jo((()=>new Il))}));var Kl=/*#__PURE__*/Object.freeze({__proto__:null,nobleHashes:Sl});function Cl(e,t,r,n){e[t]+=r[n],e[t+1]+=r[n+1]+(e[t]>>24^h<<8,e[n+1]=h>>>24^c<<8,Cl(e,r,e,n),Cl(e,r,t,o),c=e[s]^e[r],h=e[s+1]^e[r+1],e[s]=c>>>16^h<<16,e[s+1]=h>>>16^c<<16,Cl(e,i,e,s),c=e[n]^e[i],h=e[n+1]^e[i+1],e[n]=h>>>31^c<<1,e[n+1]=c>>>31^h<<1}const Ul=new Uint32Array([4089235720,1779033703,2227873595,3144134277,4271175723,1013904242,1595750129,2773480762,2917565137,1359893119,725511199,2600822924,4215389547,528734635,327033209,1541459225]),xl=new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3].map((e=>2*e)));function Ql(e,t){const r=new Uint32Array(32),n=new Uint32Array(e.b.buffer,e.b.byteOffset,32);for(let t=0;t<16;t++)r[t]=e.h[t],r[t+16]=Ul[t];r[24]^=e.t0[0],r[25]^=e.t0[1];const i=t?4294967295:0;r[28]^=i,r[29]^=i;for(let e=0;e<12;e++){const t=e<<4;Dl(r,n,0,8,16,24,xl[t+0],xl[t+1]),Dl(r,n,2,10,18,26,xl[t+2],xl[t+3]),Dl(r,n,4,12,20,28,xl[t+4],xl[t+5]),Dl(r,n,6,14,22,30,xl[t+6],xl[t+7]),Dl(r,n,0,10,20,30,xl[t+8],xl[t+9]),Dl(r,n,2,12,22,24,xl[t+10],xl[t+11]),Dl(r,n,4,14,16,26,xl[t+12],xl[t+13]),Dl(r,n,6,8,18,28,xl[t+14],xl[t+15])}for(let t=0;t<16;t++)e.h[t]^=r[t]^r[t+16]}class Rl{constructor(e,t,r,n){const i=new Uint8Array(64);this.S={b:new Uint8Array(Ml),h:new Uint32Array(Tl/4),t0:new Uint32Array(2),c:0,outlen:e},i[0]=e,t&&(i[1]=t.length),i[2]=1,i[3]=1,r&&i.set(r,32),n&&i.set(n,48);const s=new Uint32Array(i.buffer,i.byteOffset,i.length/Uint32Array.BYTES_PER_ELEMENT);for(let e=0;e<16;e++)this.S.h[e]=Ul[e]^s[e];if(t){const e=new Uint8Array(Ml);e.set(t),this.update(e)}}update(e){if(!(e instanceof Uint8Array))throw Error("Input must be Uint8Array or Buffer");let t=0;for(;t>2]>>8*(3&e);return this.S.h=null,t.buffer}}function Ll(e,t,r,n){if(e>Tl)throw Error(`outlen must be at most ${Tl} (given: ${e})`);return new Rl(e,t,r,n)}const Tl=64,Ml=128,Nl=2,Fl=19,Hl=4294967295,Ol=4,zl=4294967295,_l=8,Gl=4294967295,jl=8,ql=4294967295,Vl=4294967295,Jl=32,Yl=1024,Wl=64,Zl=205===new Uint8Array(new Uint16Array([43981]).buffer)[0];function $l(e,t,r){return e[r+0]=t,e[r+1]=t>>8,e[r+2]=t>>16,e[r+3]=t>>24,e}function Xl(e,t,r){if(t>Number.MAX_SAFE_INTEGER)throw Error("LE64: large numbers unsupported");let n=t;for(let t=r;t{if(tn)throw Error(`${e} size should be between ${r} and ${n} bytes`)};if(e!==Nl||t!==Fl)throw Error("Unsupported type or version");return u("password",n,jl,Gl),u("salt",i,_l,zl),u("tag",r,Ol,Hl),u("memory",c,8*o,ql),s&&u("associated data",s,0,Vl),a&&u("secret",a,0,Jl),{type:e,version:t,tagLength:r,password:n,salt:i,ad:s,secret:a,lanes:o,memorySize:c,passes:h}}({type:Nl,version:Fl,...e}),{G:i,G2:s,xor:a,getLZ:o}=r.exports,c={},h={};h.G=i,h.G2=s,h.XOR=a;const u=4*n.lanes*Math.floor(n.memorySize/(4*n.lanes)),l=u*Yl+10*sy;if(t.buffer.byteLength{r.set(e,n),n+=e.length})),r}(i));const s=t.digest();return new Uint8Array(s)}(n),m=u/n.lanes,b=Array(n.lanes).fill(null).map((()=>Array(m))),k=(e,t)=>(b[e][t]=d.subarray(e*m*1024+1024*t,e*m*1024+1024*t+Yl),b[e][t]);for(let e=0;e0?b[i][c-1]:b[i][m-1],u=r?a.next().value:h;o(f.byteOffset,u.byteOffset,i,n.lanes,e,t,s,4,E);const l=f[0],y=f[1];0===e&&k(i,c),ry(g,h,b[l][y],e>0?p:b[i][c]),e>0&&ty(g,b[i][c],p,b[i][c])}}}const v=b[0][m-1];for(let e=1;eoy(e,{instance:n.instance,memory:r})}function uy(e,r,n,i){var s=null,a=t.atob(n),o=a.length;s=new Uint8Array(new ArrayBuffer(o));for(var c=0;chy((e=>uy(0,0,"AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL",e)),(e=>uy(0,0,"AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==",e)))}),yy=[0,1,3,7,15,31,63,127,255],fy=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};fy.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},fy.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=yy[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var n=r-e;t|=(this.curByte&yy[e]<>n,this.bitOffset+=e,e=0}}return t},fy.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},fy.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var gy=fy,py=function(){};py.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},py.prototype.read=function(e,t,r){for(var n=0;n>>0},this.updateCRC=function(t){e=e<<8^dy[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^dy[255&(e>>>24^t)]}}),my=gy,by=Ay,ky=wy,Ey=function(e,t){var r,n=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=n,n},vy={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},By={};By[vy.LAST_BLOCK]="Bad file checksum",By[vy.NOT_BZIP_DATA]="Not bzip data",By[vy.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",By[vy.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",By[vy.DATA_ERROR]="Data error",By[vy.OUT_OF_MEMORY]="Out of memory",By[vy.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var Iy=function(e,t){var r=By[e]||"unknown error";t&&(r+=": "+t);var n=new TypeError(r);throw n.errorCode=e,n},Sy=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};Sy.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new ky,!0):(this.writeCount=-1,!1)},Sy.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||Iy(vy.NOT_BZIP_DATA,"bad magic");var n=r[3]-48;(n<1||n>9)&&Iy(vy.NOT_BZIP_DATA,"level out of range"),this.reader=new my(e),this.dbufSize=1e5*n,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},Sy.prototype._get_next_block=function(){var e,t,r,n=this.reader,i=n.pi();if("177245385090"===i)return!1;"314159265359"!==i&&Iy(vy.NOT_BZIP_DATA),this.targetBlockCRC=n.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,n.read(1)&&Iy(vy.OBSOLETE_INPUT);var s=n.read(24);s>this.dbufSize&&Iy(vy.DATA_ERROR,"initial position out of bounds");var a=n.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(a&1<<15-e){var h=16*e;for(r=n.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=h+t)}var u=n.read(3);(u<2||u>6)&&Iy(vy.DATA_ERROR);var l=n.read(15);0===l&&Iy(vy.DATA_ERROR);var y=new Uint8Array(256);for(e=0;e=u&&Iy(vy.DATA_ERROR);f[e]=Ey(y,t)}var g,p=c+2,d=[];for(t=0;t20)&&Iy(vy.DATA_ERROR),n.read(1);)n.read(1)?a--:a++;m[e]=a}for(A=w=m[0],e=1;ew?w=m[e]:m[e]=l&&Iy(vy.DATA_ERROR),g=d[f[S++]]),e=g.minLen,t=n.read(e);e>g.maxLen&&Iy(vy.DATA_ERROR),!(t<=g.limit[e]);e++)t=t<<1|n.read(1);((t-=g.base[e])<0||t>=258)&&Iy(vy.DATA_ERROR);var C=g.permute[t];if(0!==C&&1!==C){if(B)for(B=0,I+a>this.dbufSize&&Iy(vy.DATA_ERROR),E[v=o[y[0]]]+=a;a--;)K[I++]=v;if(C>c)break;I>=this.dbufSize&&Iy(vy.DATA_ERROR),E[v=o[v=Ey(y,e=C-1)]]++,K[I++]=v}else B||(B=1,a=0),a+=0===C?B:2*B,B<<=1}for((s<0||s>=I)&&Iy(vy.DATA_ERROR),t=0,e=0;e<256;e++)r=t+E[e],E[e]=t,t=r;for(e=0;e>=8,U=-1),this.writePos=P,this.writeCurrent=D,this.writeCount=I,this.writeRun=U,!0},Sy.prototype._read_bunzip=function(e,t){var r,n,i;if(this.writeCount<0)return 0;var s=this.dbuf,a=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var h=this.writeRun;c;){for(c--,n=o,o=255&(a=s[a]),a>>=8,3==h++?(r=o,i=n,o=-1):(r=1,i=o),this.blockCRC.updateCRCRun(i,r);r--;)this.outputStream.writeByte(i),this.nextoutput++;o!=n&&(h=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&Iy(vy.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var Ky=function(e){if("readByte"in e)return e;var t=new by;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},Cy=function(e){var t=new by,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var Py={Bunzip:Sy,Stream:by,Err:vy,decode:function(e,t,r){for(var n=Ky(e),i=Cy(t),s=new Sy(n,i);!("eof"in n)||!n.eof();)if(s._init_block())s._read_bunzip();else{var a=s.reader.read(32)>>>0;if(a!==s.streamCRC&&Iy(vy.DATA_ERROR,"Bad stream CRC (got "+s.streamCRC.toString(16)+" expected "+a.toString(16)+")"),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i)}if("getBuffer"in i)return i.getBuffer()},decodeBlock:function(e,t,r){var n=Ky(e),i=Cy(r),s=new Sy(n,i);if(s.reader.seek(t),s._get_next_block()&&(s.blockCRC=new ky,s.writeCopies=0,s._read_bunzip()),"getBuffer"in i)return i.getBuffer()},table:function(e,t,r){var n=new by;n.delegate=Ky(e),n.pos=0,n.readByte=function(){return this.pos++,this.delegate.readByte()},n.delegate.eof&&(n.eof=n.delegate.eof.bind(n.delegate));var i=new by;i.pos=0,i.writeByte=function(){this.pos++};for(var s=new Sy(n,i),a=s.dbufSize;!("eof"in n)||!n.eof();){var o=8*n.pos+s.reader.bitOffset;if(s.reader.hasByte&&(o-=8),s._init_block()){var c=i.pos;s._read_bunzip(),t(o,i.pos-c)}else{if(s.reader.read(32),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i),console.assert(s.dbufSize===a,"shouldn't change block size within multistream file")}}}},Dy=/*#__PURE__*/r({__proto__:null},[Py]);return e.AEADEncryptedDataPacket=Da,e.CleartextMessage=Bo,e.CompressedDataPacket=ba,e.LiteralDataPacket=ca,e.MarkerPacket=class{static get tag(){return L.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}},e.Message=bo,e.OnePassSignaturePacket=da,e.PacketList=wa,e.PaddingPacket=class{static get tag(){return L.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await os.random.getRandomBytes(e)}},e.PrivateKey=yo,e.PublicKey=lo,e.PublicKeyEncryptedSessionKeyPacket=Ua,e.PublicKeyPacket=Ra,e.PublicSubkeyPacket=Ma,e.SecretKeyPacket=Fa,e.SecretSubkeyPacket=za,e.Signature=Ga,e.SignaturePacket=fa,e.Subkey=ao,e.SymEncryptedIntegrityProtectedDataPacket=Ka,e.SymEncryptedSessionKeyPacket=Qa,e.SymmetricallyEncryptedDataPacket=Ta,e.TrustPacket=class{static get tag(){return L.packet.trust}read(){throw new Vn("Trust packets are not supported")}write(){throw new Vn("Trust packets are not supported")}},e.UnparseablePacket=Yn,e.UserAttributePacket=Na,e.UserIDPacket=Oa,e.armor=ee,e.config=T,e.createCleartextMessage=async function({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!N.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Bo(e)},e.createMessage=async function({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!N.isString(e)&&!N.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!N.isUint8Array(t)&&!N.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=N.isStream(a),h=new ca(n);void 0!==e?h.setText(a,L.write(L.literal,i)):h.setBytes(a,L.write(L.literal,i)),void 0!==r&&h.setFilename(r);const u=new wa;u.push(h);const l=new bo(u);return l.fromStream=c,l},e.decrypt=async function({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:h,...u}){if(Po(h={...T,...h}),Io(e),i=Do(i),t=Do(t),r=Do(r),n=Do(n),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(u.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const u=await e.decrypt(t,r,n,c,h);i||(i=[]);const l={};if(l.signatures=o?await u.verifyDetached(o,i,c,h):await u.verify(i,c,h),l.data="binary"===a?u.getLiteralData():u.getText(),l.filename=u.getFilename(),xo(l,e),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=w([l.data,U((async()=>{await N.anyPromise(l.signatures.map((e=>e.verified)))}))])}return l.data=await Uo(l.data),l}catch(e){throw N.wrapError("Error decrypting message",e)}},e.decryptKey=async function({privateKey:e,passphrase:t,config:r,...n}){Po(r={...T,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=N.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>N.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),N.wrapError("Error decrypting private key",e)}},e.decryptSessionKeys=async function({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if(Po(i={...T,...i}),Io(e),t=Do(t),r=Do(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw N.wrapError("Error decrypting session keys",e)}},e.encrypt=async function({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:h=[],date:u=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:f=[],config:g,...p}){if(Po(g={...T,...g}),Io(e),Ko(s),t=Do(t),r=Do(r),n=Do(n),c=Do(c),h=Do(h),l=Do(l),y=Do(y),f=Do(f),p.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(p.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(p.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==p.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const d=Object.keys(p);if(d.length>0)throw Error("Unknown option: "+d.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,u,l,h,f,g)),e=e.compress(await async function(e=[],t=new Date,r=[],n=T){const i=L.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,u,y,g),g),e=await e.encrypt(t,n,i,o,h,u,y,g),"object"===s)return e;const p="armored"===s?e.armor(g):e.write();return await Uo(p)}catch(e){throw N.wrapError("Error encrypting message",e)}},e.encryptKey=async function({privateKey:e,passphrase:t,config:r,...n}){Po(r={...T,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=N.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),N.wrapError("Error encrypting private key",e)}},e.encryptSessionKey=async function({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:h=[],config:u,...l}){if(Po(u={...T,...u}),function(e){if(!N.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!N.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Ko(s),n=Do(n),i=Do(i),o=Do(o),h=Do(h),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return Qo(await bo.encryptSessionKey(e,t,r,n,i,a,o,c,h,u),s,u)}catch(e){throw N.wrapError("Error encrypting session key",e)}},e.enums=L,e.generateKey=async function({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,keyExpirationTime:s=0,date:a=new Date,subkeys:o=[{}],format:c="armored",config:h,...u}){Po(h={...T,...h}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=h.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=Do(e);const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(0===e.length&&!h.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&ieo(e.subkeys[r],e)));let r=[qa(e,t)];r=r.concat(e.subkeys.map((e=>ja(e,t))));const n=await Promise.all(r),i=await po(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(y,h);return e.getKeys().forEach((({keyPacket:e})=>io(e,h))),{privateKey:Qo(e,c,h),publicKey:Qo(e.toPublic(),c,h),revocationCertificate:t}}catch(e){throw N.wrapError("Error generating keypair",e)}},e.generateSessionKey=async function({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(Po(n={...T,...n}),e=Do(e),r=Do(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await bo.generateSessionKey(e,t,r,n)}catch(e){throw N.wrapError("Error generating session key",e)}},e.readCleartextMessage=async function({cleartextMessage:e,config:t,...r}){if(t={...T,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!N.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await X(e);if(i.type!==L.armor.signed)throw Error("No cleartext signed message.");const s=await wa.fromBinary(i.data,vo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return L.write(L.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new Ga(s);return new Bo(i.text,a)},e.readKey=async function({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...T,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!N.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!N.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==L.armor.publicKey&&t!==L.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await wa.fromBinary(s,fo,r),o=a.indexOfTag(L.packet.publicKey,L.packet.secretKey);if(0===o.length)throw Error("No key packet found");return go(a.slice(o[0],o[1]))},e.readKeys=async function({armoredKeys:e,binaryKeys:t,config:r,...n}){r={...T,...r};let i=e||t;if(!i)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!N.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!N.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==L.armor.publicKey&&t!==L.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await wa.fromBinary(i,fo,r),c=o.indexOfTag(L.packet.publicKey,L.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));const a=N.isStream(i);if(e){const{type:e,data:t}=await X(i);if(e!==L.armor.message)throw Error("Armored text not of type message");i=t}const o=await wa.fromBinary(i,Ao,r),c=new bo(o);return c.fromStream=a,c},e.readPrivateKey=async function({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...T,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!N.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!N.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==L.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await wa.fromBinary(s,fo,r),o=a.indexOfTag(L.packet.publicKey,L.packet.secretKey);for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await X(i);if(e!==L.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await wa.fromBinary(i,_a,r);return new Ga(a)},e.reformatKey=async function({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){Po(a={...T,...a}),t=Do(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const h={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await Va(e.bindingSignatures,n,L.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&L.keyFlags.signData}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await po(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=N.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(h,a);return{privateKey:Qo(e,s,a),publicKey:Qo(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw N.wrapError("Error reformatting keypair",e)}},e.revokeKey=async function({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){Po(s={...T,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:Qo(a,i,s),publicKey:Qo(a.toPublic(),i,s)}:{privateKey:null,publicKey:Qo(a,i,s)}}catch(e){throw N.wrapError("Error revoking key",e)}},e.sign=async function({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:h=[],config:u,...l}){if(Po(u={...T,...u}),So(e),Ko(n),t=Do(t),s=Do(s),o=Do(o),r=Do(r),c=Do(c),h=Do(h),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Bo&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Bo&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,h,u):await e.sign(t,r,void 0,s,a,o,c,h,u),"object"===n)return l;return l="armored"===n?l.armor(u):l.write(),i&&(l=v(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),P(e).catch((()=>{}))])}))),await Uo(l)}catch(e){throw N.wrapError("Error signing message",e)}},e.unarmor=X,e.verify=async function({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if(Po(a={...T,...a}),So(e),t=Do(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Bo&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Bo&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&xo(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=w([o.data,U((async()=>{await N.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Uo(o.data),o}catch(e){throw N.wrapError("Error verifying signed message",e)}},e}({}); //# sourceMappingURL=openpgp.min.js.map diff --git a/app/node_modules/openpgp/dist/openpgp.min.js.map b/app/node_modules/openpgp/dist/openpgp.min.js.map index 4140a59a3..c9f37c5ad 100644 --- a/app/node_modules/openpgp/dist/openpgp.min.js.map +++ b/app/node_modules/openpgp/dist/openpgp.min.js.map @@ -1 +1 @@ -{"version":3,"file":"openpgp.min.js","sources":["../node_modules/@openpgp/web-stream-tools/lib/writer.js","../node_modules/@openpgp/web-stream-tools/lib/util.js","../node_modules/@openpgp/web-stream-tools/lib/node-conversions.js","../node_modules/@openpgp/web-stream-tools/lib/reader.js","../node_modules/@openpgp/web-stream-tools/lib/streams.js","../src/biginteger/native.interface.js","../src/biginteger/index.js","../src/enums.js","../src/util.js","../src/encoding/base64.js","../src/config/config.js","../src/encoding/armor.js","../src/type/keyid.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.asm.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/other/utils.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/other/errors.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ecb.js","../src/crypto/cipher/aes.js","../src/crypto/cipher/des.js","../src/crypto/cipher/cast5.js","../src/crypto/cipher/twofish.js","../src/crypto/cipher/blowfish.js","../src/crypto/cipher/index.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.asm.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/hash.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.asm.js","../node_modules/minimalistic-assert/index.js","../node_modules/inherits/inherits_browser.js","../node_modules/hash.js/lib/hash/utils.js","../node_modules/hash.js/lib/hash/common.js","../node_modules/hash.js/lib/hash/sha/common.js","../node_modules/hash.js/lib/hash/sha/256.js","../node_modules/hash.js/lib/hash/sha/224.js","../node_modules/hash.js/lib/hash/sha/512.js","../node_modules/hash.js/lib/hash/sha/384.js","../node_modules/hash.js/lib/hash/ripemd.js","../src/crypto/hash/md5.js","../src/crypto/hash/index.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cfb.js","../src/crypto/cipher/getCipher.js","../src/crypto/mode/cfb.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ctr.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cbc.js","../src/crypto/cmac.js","../src/crypto/mode/eax.js","../src/crypto/mode/ocb.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/gcm.js","../src/crypto/mode/gcm.js","../src/crypto/mode/index.js","../node_modules/@openpgp/tweetnacl/nacl-fast-light.js","../src/crypto/random.js","../src/crypto/public_key/prime.js","../src/crypto/pkcs1.js","../src/crypto/public_key/rsa.js","../src/crypto/public_key/elgamal.js","../src/type/oid.js","../src/crypto/public_key/elliptic/indutnyKey.js","../src/packet/packet.js","../src/crypto/public_key/elliptic/oid_curves.js","../src/crypto/public_key/elliptic/ecdsa.js","../src/crypto/public_key/elliptic/eddsa_legacy.js","../src/crypto/public_key/elliptic/eddsa.js","../src/crypto/aes_kw.js","../src/crypto/pkcs5.js","../src/crypto/public_key/elliptic/ecdh.js","../src/crypto/hkdf.js","../src/crypto/public_key/elliptic/ecdh_x.js","../src/crypto/public_key/dsa.js","../src/crypto/public_key/index.js","../src/crypto/signature.js","../src/type/ecdh_symkey.js","../src/type/kdf_params.js","../src/type/ecdh_x_symkey.js","../src/crypto/crypto.js","../src/crypto/index.js","../node_modules/@openpgp/pako/lib/utils/common.js","../node_modules/@openpgp/pako/lib/zlib/constants.js","../node_modules/@openpgp/pako/lib/zlib/trees.js","../node_modules/@openpgp/pako/lib/zlib/adler32.js","../node_modules/@openpgp/pako/lib/zlib/crc32.js","../node_modules/@openpgp/pako/lib/zlib/messages.js","../node_modules/@openpgp/pako/lib/zlib/deflate.js","../node_modules/@openpgp/pako/lib/utils/strings.js","../node_modules/@openpgp/pako/lib/zlib/zstream.js","../node_modules/@openpgp/pako/lib/deflate.js","../node_modules/@openpgp/pako/lib/zlib/inffast.js","../node_modules/@openpgp/pako/lib/zlib/inftrees.js","../node_modules/@openpgp/pako/lib/zlib/inflate.js","../node_modules/@openpgp/pako/lib/zlib/gzheader.js","../node_modules/@openpgp/pako/lib/inflate.js","../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../node_modules/@openpgp/seek-bzip/lib/stream.js","../node_modules/@openpgp/seek-bzip/lib/crc32.js","../node_modules/@openpgp/seek-bzip/lib/index.js","../src/packet/literal_data.js","../src/packet/signature.js","../src/packet/one_pass_signature.js","../src/packet/packetlist.js","../src/packet/compressed_data.js","../src/packet/sym_encrypted_integrity_protected_data.js","../src/packet/aead_encrypted_data.js","../src/packet/public_key_encrypted_session_key.js","../src/type/s2k.js","../src/packet/sym_encrypted_session_key.js","../src/packet/public_key.js","../src/packet/symmetrically_encrypted_data.js","../src/packet/public_subkey.js","../src/packet/user_attribute.js","../src/packet/secret_key.js","../node_modules/email-addresses/lib/email-addresses.js","../src/packet/userid.js","../src/packet/secret_subkey.js","../src/signature.js","../src/key/helper.js","../src/key/user.js","../src/key/subkey.js","../src/key/key.js","../src/key/public_key.js","../src/key/private_key.js","../src/key/factory.js","../src/message.js","../src/cleartext.js","../src/openpgp.js","../node_modules/@openpgp/web-stream-tools/node_modules/web-streams-polyfill/dist/ponyfill.es6.mjs","../node_modules/@mattiasbuelens/web-streams-adapter/dist/web-streams-adapter.mjs","../node_modules/bn.js/lib/bn.js","../src/biginteger/bn.interface.js","../node_modules/brorand/index.js","../node_modules/minimalistic-crypto-utils/lib/utils.js","../node_modules/@openpgp/elliptic/lib/elliptic/utils.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/base.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/short.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/mont.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/edwards.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/index.js","../node_modules/hash.js/lib/hash/sha/1.js","../node_modules/hash.js/lib/hash/sha.js","../node_modules/hash.js/lib/hash/hmac.js","../node_modules/hash.js/lib/hash.js","../node_modules/@openpgp/elliptic/lib/elliptic/precomputed/secp256k1.js","../node_modules/@openpgp/elliptic/lib/elliptic/curves.js","../node_modules/hmac-drbg/lib/hmac-drbg.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/key.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/signature.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/index.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/key.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/signature.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/index.js","../node_modules/@openpgp/elliptic/lib/elliptic.js","../src/packet/marker.js","../src/packet/trust.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","import * as streams from './streams';\nimport { isArrayStream } from './writer';\n\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n if (streams.ReadableStream && streams.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'ponyfill';\n }\n if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) {\n return 'node';\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isNode } from './util';\nimport * as streams from './streams';\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Web / node stream conversion functions\n * From https://github.com/gwicke/node-web-streams\n */\n\nlet nodeToWeb;\nlet webToNode;\n\nif (NodeReadableStream) {\n\n /**\n * Convert a Node Readable Stream to a Web ReadableStream\n * @param {Readable} nodeStream\n * @returns {ReadableStream}\n */\n nodeToWeb = function(nodeStream) {\n let canceled = false;\n return new streams.ReadableStream({\n start(controller) {\n nodeStream.pause();\n nodeStream.on('data', chunk => {\n if (canceled) {\n return;\n }\n if (NodeBuffer.isBuffer(chunk)) {\n chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength);\n }\n controller.enqueue(chunk);\n nodeStream.pause();\n });\n nodeStream.on('end', () => {\n if (canceled) {\n return;\n }\n controller.close();\n });\n nodeStream.on('error', e => controller.error(e));\n },\n pull() {\n nodeStream.resume();\n },\n cancel(reason) {\n canceled = true;\n nodeStream.destroy(reason);\n }\n });\n };\n\n\n class NodeReadable extends NodeReadableStream {\n constructor(webStream, options) {\n super(options);\n this._reader = streams.getReader(webStream);\n }\n\n async _read(size) {\n try {\n while (true) {\n const { done, value } = await this._reader.read();\n if (done) {\n this.push(null);\n break;\n }\n if (!this.push(value)) {\n break;\n }\n }\n } catch (e) {\n this.destroy(e);\n }\n }\n\n async _destroy(error, callback) {\n this._reader.cancel(error).then(callback, callback);\n }\n }\n\n /**\n * Convert a Web ReadableStream to a Node Readable Stream\n * @param {ReadableStream} webStream\n * @param {Object} options\n * @returns {Readable}\n */\n webToNode = function(webStream, options) {\n return new NodeReadable(webStream, options);\n };\n\n}\n\nexport { nodeToWeb, webToNode };\n","import * as streams from './streams';\nimport { isUint8Array } from './util';\n\nconst doneReadingSet = new WeakSet();\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (streams.isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = async () => {};\n return;\n }\n let streamType = streams.isStream(input);\n if (streamType === 'node') {\n input = streams.nodeToWeb(input);\n }\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array } from './util';\nimport { nodeToWeb, webToNode } from './node-conversions';\nimport { Reader, externalBuffer } from './reader';\nimport { ArrayStream, Writer } from './writer';\n\nlet { ReadableStream, WritableStream, TransformStream } = globalThis;\n\nlet toPonyfillReadable, toNativeReadable;\n\nasync function loadStreamsPonyfill() {\n if (TransformStream) {\n return;\n }\n\n const [ponyfill, adapter] = await Promise.all([\n import('web-streams-polyfill/ponyfill/es6'),\n import('@mattiasbuelens/web-streams-adapter')\n ]);\n\n ({ ReadableStream, WritableStream, TransformStream } = ponyfill);\n\n const { createReadableStreamWrapper } = adapter;\n\n if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) {\n toPonyfillReadable = createReadableStreamWrapper(ReadableStream);\n toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream);\n }\n}\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType === 'node') {\n return nodeToWeb(input);\n }\n if (streamType === 'web' && toPonyfillReadable) {\n return toPonyfillReadable(input);\n }\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert data to ArrayStream\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n if (NodeBuffer && NodeBuffer.isBuffer(list[0])) {\n return NodeBuffer.concat(list);\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n } else {\n lastBytes = returnValue;\n }\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input) && !(NodeBuffer && NodeBuffer.isBuffer(input))) {\n if (end === Infinity) end = input.length;\n return input.subarray(begin, end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n return input.cancel(reason);\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n\nexport { ReadableStream, WritableStream, TransformStream, ArrayStream, loadStreamsPonyfill, isStream, isArrayStream, isUint8Array, toStream, toPonyfillReadable, toNativeReadable, concatUint8Array, concatStream, concat, getReader, getWriter, pipe, transformRaw, transform, transformPair, parse, clone, passiveClone, slice, readToEnd, cancel, fromAsync, nodeToWeb, webToNode };\n","/* eslint-disable new-cap */\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * that wraps the native BigInt library.\n * Operations are not constant time,\n * but we try and limit timing leakage where we can\n * @module biginteger/native\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on null or undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n if (n instanceof Uint8Array) {\n const bytes = n;\n const hex = new Array(bytes.length);\n for (let i = 0; i < bytes.length; i++) {\n const hexByte = bytes[i].toString(16);\n hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte;\n }\n this.value = BigInt('0x0' + hex.join(''));\n } else {\n this.value = BigInt(n);\n }\n }\n\n clone() {\n return new BigInteger(this.value);\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value++;\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value--;\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value += x.value;\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value -= x.value;\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value *= x.value;\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value %= m.value;\n if (this.isNegative()) {\n this.iadd(m);\n }\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation using square and multiply\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n if (n.isZero()) throw Error('Modulo cannot be zero');\n if (n.isOne()) return new BigInteger(0);\n if (e.isNegative()) throw Error('Unsopported negative exponent');\n\n let exp = e.value;\n let x = this.value;\n\n x %= n.value;\n let r = BigInt(1);\n while (exp > BigInt(0)) {\n const lsb = exp & BigInt(1);\n exp >>= BigInt(1); // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n.value;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n.value; // Square\n }\n return new BigInteger(r);\n }\n\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n const { gcd, x } = this._egcd(n);\n if (!gcd.isOne()) {\n throw new Error('Inverse does not exist');\n }\n return x.add(n).mod(n);\n }\n\n /**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b)\n * @param {BigInteger} b - Second operand\n * @returns {{ gcd, x, y: BigInteger }}\n */\n _egcd(b) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n let a = this.value;\n b = b.value;\n\n while (b !== BigInt(0)) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: new BigInteger(xPrev),\n y: new BigInteger(yPrev),\n gcd: new BigInteger(a)\n };\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} b - Operand\n * @returns {BigInteger} gcd\n */\n gcd(b) {\n let a = this.value;\n b = b.value;\n while (b !== BigInt(0)) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return new BigInteger(a);\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value <<= x.value;\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value >>= x.value;\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value === x.value;\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value < x.value;\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value <= x.value;\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value > x.value;\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value >= x.value;\n }\n\n isZero() {\n return this.value === BigInt(0);\n }\n\n isOne() {\n return this.value === BigInt(1);\n }\n\n isNegative() {\n return this.value < BigInt(0);\n }\n\n isEven() {\n return !(this.value & BigInt(1));\n }\n\n abs() {\n const res = this.clone();\n if (this.isNegative()) {\n res.value = -res.value;\n }\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n const number = Number(this.value);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n const bit = (this.value >> BigInt(i)) & BigInt(1);\n return (bit === BigInt(0)) ? 0 : 1;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n const zero = new BigInteger(0);\n const one = new BigInteger(1);\n const negOne = new BigInteger(-1);\n\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = this.isNegative() ? negOne : zero;\n let bitlen = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(one).equal(target)) {\n bitlen++;\n }\n return bitlen;\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n const zero = new BigInteger(0);\n const negOne = new BigInteger(-1);\n\n const target = this.isNegative() ? negOne : zero;\n const eight = new BigInteger(8);\n let len = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(eight).equal(target)) {\n len++;\n }\n return len;\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = this.value.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? (length - rawLength) : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n }\n}\n","import BigInteger from './native.interface';\n\nconst detectBigInt = () => typeof BigInt !== 'undefined';\n\nasync function getBigInteger() {\n if (detectBigInt()) {\n return BigInteger;\n } else {\n const { default: BigInteger } = await import('./bn.interface');\n return BigInteger;\n }\n}\n\nexport { getBigInteger };\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'p256': 'p256',\n 'P-256': 'p256',\n 'secp256r1': 'p256',\n 'prime256v1': 'p256',\n '1.2.840.10045.3.1.7': 'p256',\n '2a8648ce3d030107': 'p256',\n '2A8648CE3D030107': 'p256',\n\n /** NIST P-384 Curve */\n 'p384': 'p384',\n 'P-384': 'p384',\n 'secp384r1': 'p384',\n '1.3.132.0.34': 'p384',\n '2b81040022': 'p384',\n '2B81040022': 'p384',\n\n /** NIST P-521 Curve */\n 'p521': 'p521',\n 'P-521': 'p521',\n 'secp521r1': 'p521',\n '1.3.132.0.35': 'p521',\n '2b81040023': 'p521',\n '2B81040023': 'p521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n '1.3.132.0.10': 'secp256k1',\n '2b8104000a': 'secp256k1',\n '2B8104000A': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519',\n 'ED25519': 'ed25519',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519',\n 'Ed25519': 'ed25519',\n '1.3.6.1.4.1.11591.15.1': 'ed25519',\n '2b06010401da470f01': 'ed25519',\n '2B06010401DA470F01': 'ed25519',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519',\n 'X25519': 'curve25519',\n 'cv25519': 'curve25519',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519',\n 'Curve25519': 'curve25519',\n '1.3.6.1.4.1.3029.1.5.1': 'curve25519',\n '2b060104019755010501': 'curve25519',\n '2B060104019755010501': 'curve25519',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',\n '2b2403030208010107': 'brainpoolP256r1',\n '2B2403030208010107': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',\n '2b240303020801010b': 'brainpoolP384r1',\n '2B240303020801010B': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1',\n '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',\n '2b240303020801010d': 'brainpoolP512r1',\n '2B240303020801010D': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility\n /** @deprecated use `eddsaLegacy` instead */\n ed25519Legacy: 22,\n /** @deprecated use `eddsaLegacy` instead */\n eddsa: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n plaintext: 0,\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuer: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { getBigInteger } from './biginteger';\nimport enums from './enums';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n return bytes.subarray(2, 2 + bytelen);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const r = [];\n const e = bytes.length;\n let c = 0;\n let h;\n while (c < e) {\n h = bytes[c++].toString(16);\n while (h.length < 2) {\n h = '0' + h;\n }\n r.push('' + h);\n }\n return r.join('');\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography api, only the current version of the spec.\n * @returns {Object} The SubtleCrypto api or 'undefined'.\n */\n getWebCrypto: function() {\n return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n },\n\n /**\n * Get BigInteger class\n * It wraps the native BigInt type if it's available\n * Otherwise it relies on bn.js\n * @returns {BigInteger}\n * @async\n */\n getBigInteger,\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return require('crypto');\n },\n\n getNodeZlib: function() {\n return require('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (require('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = require('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^(([^<>()[\\]\\\\.,;:\\s@\"]+(\\.[^<>()[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\\-0-9]+)))$/;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha256,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * @memberof module:config\n * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9\n */\n deflateLevel: 6,\n\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.eax,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use V5 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v5Keys\n */\n v5Keys: false,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:\n * Iteration Count Byte for S2K (String to Key)\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * @memberof module:config\n * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum\n */\n checksumRequired: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * @memberof module:config\n * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored\n */\n revocationsExpire: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n\n /**\n * @memberof module:config\n * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available\n */\n minBytesForWebCrypto: 1000,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * Note: the indutny/elliptic curve library is not designed to be constant time.\n * @memberof module:config\n * @property {Boolean} useIndutnyElliptic\n */\n useIndutnyElliptic: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n } else\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n } else\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n } else\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n } else\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n } else\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n } else\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Splits a message into two parts, the body and the checksum. This is an internal function\n * @param {String} text - OpenPGP armored message part\n * @returns {Object} An object with attribute \"body\" containing the body.\n * and an attribute \"checksum\" containing the checksum.\n * @private\n */\nfunction splitChecksum(text) {\n let body = text;\n let checksum = '';\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n checksum = text.slice(lastEquals + 1).substr(0, 4);\n }\n\n return { body: body, checksum: checksum };\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input, config = defaultConfig) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n let checksum;\n let data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== 2) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === 2) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const split = splitChecksum(parts[0].slice(0, -1));\n checksum = split.checksum;\n await writer.write(split.body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n data = stream.transformPair(data, async (readable, writable) => {\n const checksumVerified = stream.readToEnd(getCheckSum(stream.passiveClone(readable)));\n checksumVerified.catch(() => {});\n await stream.pipe(readable, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n const checksumVerifiedString = (await checksumVerified).replace('\\n', '');\n if (checksum !== checksumVerifiedString && (checksum || config.checksumRequired)) {\n throw new Error('Ascii armor integrity check failed');\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n const bodyClone = stream.passiveClone(body);\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push('Hash: ' + hash + '\\n\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n * @private\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","/**\n * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}.\n * @author Artem S Vybornov \n * @license MIT\n */\nexport var AES_asm = function () {\n \"use strict\";\n\n /**\n * Galois Field stuff init flag\n */\n var ginit_done = false;\n\n /**\n * Galois Field exponentiation and logarithm tables for 3 (the generator)\n */\n var gexp3, glog3;\n\n /**\n * Init Galois Field tables\n */\n function ginit() {\n gexp3 = [],\n glog3 = [];\n\n var a = 1, c, d;\n for (c = 0; c < 255; c++) {\n gexp3[c] = a;\n\n // Multiply by three\n d = a & 0x80, a <<= 1, a &= 255;\n if (d === 0x80) a ^= 0x1b;\n a ^= gexp3[c];\n\n // Set the log table value\n glog3[gexp3[c]] = c;\n }\n gexp3[255] = gexp3[0];\n glog3[0] = 0;\n\n ginit_done = true;\n }\n\n /**\n * Galois Field multiplication\n * @param {number} a\n * @param {number} b\n * @return {number}\n */\n function gmul(a, b) {\n var c = gexp3[(glog3[a] + glog3[b]) % 255];\n if (a === 0 || b === 0) c = 0;\n return c;\n }\n\n /**\n * Galois Field reciprocal\n * @param {number} a\n * @return {number}\n */\n function ginv(a) {\n var i = gexp3[255 - glog3[a]];\n if (a === 0) i = 0;\n return i;\n }\n\n /**\n * AES stuff init flag\n */\n var aes_init_done = false;\n\n /**\n * Encryption, Decryption, S-Box and KeyTransform tables\n *\n * @type {number[]}\n */\n var aes_sbox;\n\n /**\n * @type {number[]}\n */\n var aes_sinv;\n\n /**\n * @type {number[][]}\n */\n var aes_enc;\n\n /**\n * @type {number[][]}\n */\n var aes_dec;\n\n /**\n * Init AES tables\n */\n function aes_init() {\n if (!ginit_done) ginit();\n\n // Calculates AES S-Box value\n function _s(a) {\n var c, s, x;\n s = x = ginv(a);\n for (c = 0; c < 4; c++) {\n s = ((s << 1) | (s >>> 7)) & 255;\n x ^= s;\n }\n x ^= 99;\n return x;\n }\n\n // Tables\n aes_sbox = [],\n aes_sinv = [],\n aes_enc = [[], [], [], []],\n aes_dec = [[], [], [], []];\n\n for (var i = 0; i < 256; i++) {\n var s = _s(i);\n\n // S-Box and its inverse\n aes_sbox[i] = s;\n aes_sinv[s] = i;\n\n // Ecryption and Decryption tables\n aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s);\n aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i);\n // Rotate tables\n for (var t = 1; t < 4; t++) {\n aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24);\n aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24);\n }\n }\n\n aes_init_done = true;\n }\n\n /**\n * Asm.js module constructor.\n *\n *

\n * Heap buffer layout by offset:\n * 

\n   * 0x0000   encryption key schedule\n   * 0x0400   decryption key schedule\n   * 0x0800   sbox\n   * 0x0c00   inv sbox\n   * 0x1000   encryption tables\n   * 0x2000   decryption tables\n   * 0x3000   reserved (future GCM multiplication lookup table)\n   * 0x4000   data\n   *
\n * Don't touch anything before 0x400.\n *

\n *\n * @alias AES_asm\n * @class\n * @param foreign - ignored\n * @param buffer - heap buffer to link with\n */\n var wrapper = function (foreign, buffer) {\n // Init AES stuff for the first time\n if (!aes_init_done) aes_init();\n\n // Fill up AES tables\n var heap = new Uint32Array(buffer);\n heap.set(aes_sbox, 0x0800 >> 2);\n heap.set(aes_sinv, 0x0c00 >> 2);\n for (var i = 0; i < 4; i++) {\n heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2);\n heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2);\n }\n\n /**\n * Calculate AES key schedules.\n * @instance\n * @memberof AES_asm\n * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly)\n * @param {number} k0 - key vector components\n * @param {number} k1 - key vector components\n * @param {number} k2 - key vector components\n * @param {number} k3 - key vector components\n * @param {number} k4 - key vector components\n * @param {number} k5 - key vector components\n * @param {number} k6 - key vector components\n * @param {number} k7 - key vector components\n */\n function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) {\n var ekeys = heap.subarray(0x000, 60),\n dkeys = heap.subarray(0x100, 0x100 + 60);\n\n // Encryption key schedule\n ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]);\n for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) {\n var k = ekeys[i - 1];\n if ((i % ks === 0) || (ks === 8 && i % ks === 4)) {\n k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255];\n }\n if (i % ks === 0) {\n k = (k << 8) ^ (k >>> 24) ^ (rcon << 24);\n rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0);\n }\n ekeys[i] = ekeys[i - ks] ^ k;\n }\n\n // Decryption key schedule\n for (var j = 0; j < i; j += 4) {\n for (var jj = 0; jj < 4; jj++) {\n var k = ekeys[i - (4 + j) + (4 - jj) % 4];\n if (j < 4 || j >= i - 4) {\n dkeys[j + jj] = k;\n } else {\n dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]]\n ^ aes_dec[1][aes_sbox[k >>> 16 & 255]]\n ^ aes_dec[2][aes_sbox[k >>> 8 & 255]]\n ^ aes_dec[3][aes_sbox[k & 255]];\n }\n }\n }\n\n // Set rounds number\n asm.set_rounds(ks + 5);\n }\n\n // create library object with necessary properties\n var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array};\n\n var asm = function (stdlib, foreign, buffer) {\n \"use asm\";\n\n var S0 = 0, S1 = 0, S2 = 0, S3 = 0,\n I0 = 0, I1 = 0, I2 = 0, I3 = 0,\n N0 = 0, N1 = 0, N2 = 0, N3 = 0,\n M0 = 0, M1 = 0, M2 = 0, M3 = 0,\n H0 = 0, H1 = 0, H2 = 0, H3 = 0,\n R = 0;\n\n var HEAP = new stdlib.Uint32Array(buffer),\n DATA = new stdlib.Uint8Array(buffer);\n\n /**\n * AES core\n * @param {number} k - precomputed key schedule offset\n * @param {number} s - precomputed sbox table offset\n * @param {number} t - precomputed round table offset\n * @param {number} r - number of inner rounds to perform\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _core(k, s, t, r, x0, x1, x2, x3) {\n k = k | 0;\n s = s | 0;\n t = t | 0;\n r = r | 0;\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t1 = 0, t2 = 0, t3 = 0,\n y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n i = 0;\n\n t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00;\n\n // round 0\n x0 = x0 ^ HEAP[(k | 0) >> 2],\n x1 = x1 ^ HEAP[(k | 4) >> 2],\n x2 = x2 ^ HEAP[(k | 8) >> 2],\n x3 = x3 ^ HEAP[(k | 12) >> 2];\n\n // round 1..r\n for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) {\n y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n x0 = y0, x1 = y1, x2 = y2, x3 = y3;\n }\n\n // final round\n S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n }\n\n /**\n * ECB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n x0,\n x1,\n x2,\n x3\n );\n }\n\n /**\n * ECB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n }\n\n\n /**\n * CBC mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0 ^ x0,\n I1 ^ x1,\n I2 ^ x2,\n I3 ^ x3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n }\n\n /**\n * CBC mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n\n S0 = S0 ^ I0,\n S1 = S1 ^ I1,\n S2 = S2 ^ I2,\n S3 = S3 ^ I3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * CFB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0 = S0 ^ x0,\n I1 = S1 = S1 ^ x1,\n I2 = S2 = S2 ^ x2,\n I3 = S3 = S3 ^ x3;\n }\n\n\n /**\n * CFB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * OFB mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ofb(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n }\n\n /**\n * CTR mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ctr(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n N0,\n N1,\n N2,\n N3\n );\n\n N3 = (~M3 & N3) | M3 & (N3 + 1);\n N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0));\n N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0));\n N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0));\n\n S0 = S0 ^ x0;\n S1 = S1 ^ x1;\n S2 = S2 ^ x2;\n S3 = S3 ^ x3;\n }\n\n /**\n * GCM mode MAC calculation\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _gcm_mac(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n z0 = 0, z1 = 0, z2 = 0, z3 = 0,\n i = 0, c = 0;\n\n x0 = x0 ^ I0,\n x1 = x1 ^ I1,\n x2 = x2 ^ I2,\n x3 = x3 ^ I3;\n\n y0 = H0 | 0,\n y1 = H1 | 0,\n y2 = H2 | 0,\n y3 = H3 | 0;\n\n for (; (i | 0) < 128; i = (i + 1) | 0) {\n if (y0 >>> 31) {\n z0 = z0 ^ x0,\n z1 = z1 ^ x1,\n z2 = z2 ^ x2,\n z3 = z3 ^ x3;\n }\n\n y0 = (y0 << 1) | (y1 >>> 31),\n y1 = (y1 << 1) | (y2 >>> 31),\n y2 = (y2 << 1) | (y3 >>> 31),\n y3 = (y3 << 1);\n\n c = x3 & 1;\n\n x3 = (x3 >>> 1) | (x2 << 31),\n x2 = (x2 >>> 1) | (x1 << 31),\n x1 = (x1 >>> 1) | (x0 << 31),\n x0 = (x0 >>> 1);\n\n if (c) x0 = x0 ^ 0xe1000000;\n }\n\n I0 = z0,\n I1 = z1,\n I2 = z2,\n I3 = z3;\n }\n\n /**\n * Set the internal rounds number.\n * @instance\n * @memberof AES_asm\n * @param {number} r - number if inner AES rounds\n */\n function set_rounds(r) {\n r = r | 0;\n R = r;\n }\n\n /**\n * Populate the internal state of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} s0 - state vector\n * @param {number} s1 - state vector\n * @param {number} s2 - state vector\n * @param {number} s3 - state vector\n */\n function set_state(s0, s1, s2, s3) {\n s0 = s0 | 0;\n s1 = s1 | 0;\n s2 = s2 | 0;\n s3 = s3 | 0;\n\n S0 = s0,\n S1 = s1,\n S2 = s2,\n S3 = s3;\n }\n\n /**\n * Populate the internal iv of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} i0 - iv vector\n * @param {number} i1 - iv vector\n * @param {number} i2 - iv vector\n * @param {number} i3 - iv vector\n */\n function set_iv(i0, i1, i2, i3) {\n i0 = i0 | 0;\n i1 = i1 | 0;\n i2 = i2 | 0;\n i3 = i3 | 0;\n\n I0 = i0,\n I1 = i1,\n I2 = i2,\n I3 = i3;\n }\n\n /**\n * Set nonce for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} n0 - nonce vector\n * @param {number} n1 - nonce vector\n * @param {number} n2 - nonce vector\n * @param {number} n3 - nonce vector\n */\n function set_nonce(n0, n1, n2, n3) {\n n0 = n0 | 0;\n n1 = n1 | 0;\n n2 = n2 | 0;\n n3 = n3 | 0;\n\n N0 = n0,\n N1 = n1,\n N2 = n2,\n N3 = n3;\n }\n\n /**\n * Set counter mask for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} m0 - counter mask vector\n * @param {number} m1 - counter mask vector\n * @param {number} m2 - counter mask vector\n * @param {number} m3 - counter mask vector\n */\n function set_mask(m0, m1, m2, m3) {\n m0 = m0 | 0;\n m1 = m1 | 0;\n m2 = m2 | 0;\n m3 = m3 | 0;\n\n M0 = m0,\n M1 = m1,\n M2 = m2,\n M3 = m3;\n }\n\n /**\n * Set counter for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} c0 - counter vector\n * @param {number} c1 - counter vector\n * @param {number} c2 - counter vector\n * @param {number} c3 - counter vector\n */\n function set_counter(c0, c1, c2, c3) {\n c0 = c0 | 0;\n c1 = c1 | 0;\n c2 = c2 | 0;\n c3 = c3 | 0;\n\n N3 = (~M3 & N3) | M3 & c3,\n N2 = (~M2 & N2) | M2 & c2,\n N1 = (~M1 & N1) | M1 & c1,\n N0 = (~M0 & N0) | M0 & c0;\n }\n\n /**\n * Store the internal state vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_state(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n return 16;\n }\n\n /**\n * Store the internal iv vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_iv(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = I0 >>> 24,\n DATA[pos | 1] = I0 >>> 16 & 255,\n DATA[pos | 2] = I0 >>> 8 & 255,\n DATA[pos | 3] = I0 & 255,\n DATA[pos | 4] = I1 >>> 24,\n DATA[pos | 5] = I1 >>> 16 & 255,\n DATA[pos | 6] = I1 >>> 8 & 255,\n DATA[pos | 7] = I1 & 255,\n DATA[pos | 8] = I2 >>> 24,\n DATA[pos | 9] = I2 >>> 16 & 255,\n DATA[pos | 10] = I2 >>> 8 & 255,\n DATA[pos | 11] = I2 & 255,\n DATA[pos | 12] = I3 >>> 24,\n DATA[pos | 13] = I3 >>> 16 & 255,\n DATA[pos | 14] = I3 >>> 8 & 255,\n DATA[pos | 15] = I3 & 255;\n\n return 16;\n }\n\n /**\n * GCM initialization.\n * @instance\n * @memberof AES_asm\n */\n function gcm_init() {\n _ecb_enc(0, 0, 0, 0);\n H0 = S0,\n H1 = S1,\n H2 = S2,\n H3 = S3;\n }\n\n /**\n * Perform ciphering operation on the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function cipher(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _cipher_modes[mode & 7](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * Calculates MAC of the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function mac(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _mac_modes[mode & 1](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * AES cipher modes table (virual methods)\n */\n var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr];\n\n /**\n * AES MAC modes table (virual methods)\n */\n var _mac_modes = [_cbc_enc, _gcm_mac];\n\n /**\n * Asm.js module exports\n */\n return {\n set_rounds: set_rounds,\n set_state: set_state,\n set_iv: set_iv,\n set_nonce: set_nonce,\n set_mask: set_mask,\n set_counter: set_counter,\n get_state: get_state,\n get_iv: get_iv,\n gcm_init: gcm_init,\n cipher: cipher,\n mac: mac,\n };\n }(stdlib, foreign, buffer);\n\n asm.set_key = set_key;\n\n return asm;\n };\n\n /**\n * AES enciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.ENC = {\n ECB: 0,\n CBC: 2,\n CFB: 4,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES deciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.DEC = {\n ECB: 1,\n CBC: 3,\n CFB: 5,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES MAC mode constants\n * @enum {number}\n * @const\n */\n wrapper.MAC = {\n CBC: 0,\n GCM: 1,\n };\n\n /**\n * Heap data offset\n * @type {number}\n * @const\n */\n wrapper.HEAP_DATA = 0x4000;\n\n return wrapper;\n}();\n","const local_atob = typeof atob === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'base64').toString('binary') : atob;\nconst local_btoa = typeof btoa === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'binary').toString('base64') : btoa;\nexport function string_to_bytes(str, utf8 = false) {\n var len = str.length, bytes = new Uint8Array(utf8 ? 4 * len : len);\n for (var i = 0, j = 0; i < len; i++) {\n var c = str.charCodeAt(i);\n if (utf8 && 0xd800 <= c && c <= 0xdbff) {\n if (++i >= len)\n throw new Error('Malformed string, low surrogate expected at position ' + i);\n c = ((c ^ 0xd800) << 10) | 0x10000 | (str.charCodeAt(i) ^ 0xdc00);\n }\n else if (!utf8 && c >>> 8) {\n throw new Error('Wide characters are not allowed.');\n }\n if (!utf8 || c <= 0x7f) {\n bytes[j++] = c;\n }\n else if (c <= 0x7ff) {\n bytes[j++] = 0xc0 | (c >> 6);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else if (c <= 0xffff) {\n bytes[j++] = 0xe0 | (c >> 12);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else {\n bytes[j++] = 0xf0 | (c >> 18);\n bytes[j++] = 0x80 | ((c >> 12) & 0x3f);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n }\n return bytes.subarray(0, j);\n}\nexport function hex_to_bytes(str) {\n var len = str.length;\n if (len & 1) {\n str = '0' + str;\n len++;\n }\n var bytes = new Uint8Array(len >> 1);\n for (var i = 0; i < len; i += 2) {\n bytes[i >> 1] = parseInt(str.substr(i, 2), 16);\n }\n return bytes;\n}\nexport function base64_to_bytes(str) {\n return string_to_bytes(local_atob(str));\n}\nexport function bytes_to_string(bytes, utf8 = false) {\n var len = bytes.length, chars = new Array(len);\n for (var i = 0, j = 0; i < len; i++) {\n var b = bytes[i];\n if (!utf8 || b < 128) {\n chars[j++] = b;\n }\n else if (b >= 192 && b < 224 && i + 1 < len) {\n chars[j++] = ((b & 0x1f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 224 && b < 240 && i + 2 < len) {\n chars[j++] = ((b & 0xf) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 240 && b < 248 && i + 3 < len) {\n var c = ((b & 7) << 18) | ((bytes[++i] & 0x3f) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n if (c <= 0xffff) {\n chars[j++] = c;\n }\n else {\n c ^= 0x10000;\n chars[j++] = 0xd800 | (c >> 10);\n chars[j++] = 0xdc00 | (c & 0x3ff);\n }\n }\n else {\n throw new Error('Malformed UTF8 character at byte offset ' + i);\n }\n }\n var str = '', bs = 16384;\n for (var i = 0; i < j; i += bs) {\n str += String.fromCharCode.apply(String, chars.slice(i, i + bs <= j ? i + bs : j));\n }\n return str;\n}\nexport function bytes_to_hex(arr) {\n var str = '';\n for (var i = 0; i < arr.length; i++) {\n var h = (arr[i] & 0xff).toString(16);\n if (h.length < 2)\n str += '0';\n str += h;\n }\n return str;\n}\nexport function bytes_to_base64(arr) {\n return local_btoa(bytes_to_string(arr));\n}\nexport function pow2_ceil(a) {\n a -= 1;\n a |= a >>> 1;\n a |= a >>> 2;\n a |= a >>> 4;\n a |= a >>> 8;\n a |= a >>> 16;\n a += 1;\n return a;\n}\nexport function is_number(a) {\n return typeof a === 'number';\n}\nexport function is_string(a) {\n return typeof a === 'string';\n}\nexport function is_buffer(a) {\n return a instanceof ArrayBuffer;\n}\nexport function is_bytes(a) {\n return a instanceof Uint8Array;\n}\nexport function is_typed_array(a) {\n return (a instanceof Int8Array ||\n a instanceof Uint8Array ||\n a instanceof Int16Array ||\n a instanceof Uint16Array ||\n a instanceof Int32Array ||\n a instanceof Uint32Array ||\n a instanceof Float32Array ||\n a instanceof Float64Array);\n}\nexport function _heap_init(heap, heapSize) {\n const size = heap ? heap.byteLength : heapSize || 65536;\n if (size & 0xfff || size <= 0)\n throw new Error('heap size must be a positive integer and a multiple of 4096');\n heap = heap || new Uint8Array(new ArrayBuffer(size));\n return heap;\n}\nexport function _heap_write(heap, hpos, data, dpos, dlen) {\n const hlen = heap.length - hpos;\n const wlen = hlen < dlen ? hlen : dlen;\n heap.set(data.subarray(dpos, dpos + wlen), hpos);\n return wlen;\n}\nexport function joinBytes(...arg) {\n const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0);\n const ret = new Uint8Array(totalLenght);\n let cursor = 0;\n for (let i = 0; i < arg.length; i++) {\n ret.set(arg[i], cursor);\n cursor += arg[i].length;\n }\n return ret;\n}\n","export class IllegalStateError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalStateError' } });\n }\n}\nexport class IllegalArgumentError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalArgumentError' } });\n }\n}\nexport class SecurityError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'SecurityError' } });\n }\n}\n","import { AES_asm } from './aes.asm';\nimport { _heap_init, _heap_write, is_bytes } from '../other/utils';\nimport { IllegalArgumentError, SecurityError } from '../other/errors';\nconst heap_pool = [];\nconst asm_pool = [];\nexport class AES {\n constructor(key, iv, padding = true, mode, heap, asm) {\n this.pos = 0;\n this.len = 0;\n this.mode = mode;\n // The AES object state\n this.pos = 0;\n this.len = 0;\n this.key = key;\n this.iv = iv;\n this.padding = padding;\n // The AES \"worker\"\n this.acquire_asm(heap, asm);\n }\n acquire_asm(heap, asm) {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA);\n this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer);\n this.reset(this.key, this.iv);\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n reset(key, iv) {\n const { asm } = this.acquire_asm();\n // Key\n const keylen = key.length;\n if (keylen !== 16 && keylen !== 24 && keylen !== 32)\n throw new IllegalArgumentError('illegal key size');\n const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength);\n asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0);\n // IV\n if (iv !== undefined) {\n if (iv.length !== 16)\n throw new IllegalArgumentError('illegal iv size');\n let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12));\n }\n else {\n asm.set_iv(0, 0, 0, 0);\n }\n }\n AES_Encrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n let result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Encrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let plen = 16 - (len % 16);\n let rlen = len;\n if (this.hasOwnProperty('padding')) {\n if (this.padding) {\n for (let p = 0; p < plen; ++p) {\n heap[pos + len + p] = plen;\n }\n len += plen;\n rlen = len;\n }\n else if (len % 16) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n }\n else {\n len += plen;\n }\n const result = new Uint8Array(rlen);\n if (len)\n asm.cipher(amode, hpos + pos, len);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n AES_Decrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let plen = 0;\n let wlen = 0;\n if (this.padding) {\n plen = len + dlen - rlen || 16;\n rlen -= plen;\n }\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0));\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Decrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let rlen = len;\n if (len > 0) {\n if (len % 16) {\n if (this.hasOwnProperty('padding')) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n else {\n len += 16 - (len % 16);\n }\n }\n asm.cipher(amode, hpos + pos, len);\n if (this.hasOwnProperty('padding') && this.padding) {\n let pad = heap[pos + rlen - 1];\n if (pad < 1 || pad > 16 || pad > rlen)\n throw new SecurityError('bad padding');\n let pcheck = 0;\n for (let i = pad; i > 1; i--)\n pcheck |= pad ^ heap[pos + rlen - i];\n if (pcheck)\n throw new SecurityError('bad padding');\n rlen -= pad;\n }\n }\n const result = new Uint8Array(rlen);\n if (rlen > 0) {\n result.set(heap.subarray(pos, pos + rlen));\n }\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_ECB {\n static encrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).encrypt(data);\n }\n static decrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).decrypt(data);\n }\n constructor(key, padding = false, aes) {\n this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import { AES_ECB } from '@openpgp/asmcrypto.js/dist_es8/aes/ecb';\n\n/**\n * Javascript AES implementation.\n * This is used as fallback if the native Crypto APIs are not available.\n */\nfunction aes(length) {\n const C = function(key) {\n const aesECB = new AES_ECB(key);\n\n this.encrypt = function(block) {\n return aesECB.encrypt(block);\n };\n\n this.decrypt = function(block) {\n return aesECB.decrypt(block);\n };\n };\n\n C.blockSize = C.prototype.blockSize = 16;\n C.keySize = C.prototype.keySize = length / 8;\n\n return C;\n}\n\nexport default aes;\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * @fileoverview Symmetric cryptography functions\n * @module crypto/cipher\n * @private\n */\n\nimport aes from './aes';\nimport { DES, TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TF from './twofish';\nimport BF from './blowfish';\n\n/**\n * AES-128 encryption and decryption (ID 7)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes128 = aes(128);\n/**\n * AES-128 Block Cipher (ID 8)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes192 = aes(192);\n/**\n * AES-128 Block Cipher (ID 9)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes256 = aes(256);\n// Not in OpenPGP specifications\nexport const des = DES;\n/**\n * Triple DES Block Cipher (ID 2)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67}\n * @returns {Object}\n */\nexport const tripledes = TripleDES;\n/**\n * CAST-128 Block Cipher (ID 3)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm}\n * @returns {Object}\n */\nexport const cast5 = CAST5;\n/**\n * Twofish Block Cipher (ID 10)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH}\n * @returns {Object}\n */\nexport const twofish = TF;\n/**\n * Blowfish Block Cipher (ID 4)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH}\n * @returns {Object}\n */\nexport const blowfish = BF;\n/**\n * Not implemented\n * @function\n * @throws {Error}\n */\nexport const idea = function() {\n throw new Error('IDEA symmetric-key algorithm not implemented');\n};\n","export var sha1_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0,\n w16 = 0, w17 = 0, w18 = 0, w19 = 0,\n w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0,\n w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0,\n w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0,\n w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0,\n w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0,\n w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n\n // 0\n t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 1\n t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 2\n t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 3\n t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 4\n t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 5\n t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 6\n t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 7\n t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 8\n t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 9\n t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 10\n t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 11\n t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 12\n t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 13\n t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 14\n t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 15\n t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 16\n n = w13 ^ w8 ^ w2 ^ w0;\n w16 = (n << 1) | (n >>> 31);\n t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 17\n n = w14 ^ w9 ^ w3 ^ w1;\n w17 = (n << 1) | (n >>> 31);\n t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 18\n n = w15 ^ w10 ^ w4 ^ w2;\n w18 = (n << 1) | (n >>> 31);\n t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 19\n n = w16 ^ w11 ^ w5 ^ w3;\n w19 = (n << 1) | (n >>> 31);\n t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 20\n n = w17 ^ w12 ^ w6 ^ w4;\n w20 = (n << 1) | (n >>> 31);\n t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 21\n n = w18 ^ w13 ^ w7 ^ w5;\n w21 = (n << 1) | (n >>> 31);\n t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 22\n n = w19 ^ w14 ^ w8 ^ w6;\n w22 = (n << 1) | (n >>> 31);\n t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 23\n n = w20 ^ w15 ^ w9 ^ w7;\n w23 = (n << 1) | (n >>> 31);\n t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 24\n n = w21 ^ w16 ^ w10 ^ w8;\n w24 = (n << 1) | (n >>> 31);\n t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 25\n n = w22 ^ w17 ^ w11 ^ w9;\n w25 = (n << 1) | (n >>> 31);\n t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 26\n n = w23 ^ w18 ^ w12 ^ w10;\n w26 = (n << 1) | (n >>> 31);\n t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 27\n n = w24 ^ w19 ^ w13 ^ w11;\n w27 = (n << 1) | (n >>> 31);\n t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 28\n n = w25 ^ w20 ^ w14 ^ w12;\n w28 = (n << 1) | (n >>> 31);\n t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 29\n n = w26 ^ w21 ^ w15 ^ w13;\n w29 = (n << 1) | (n >>> 31);\n t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 30\n n = w27 ^ w22 ^ w16 ^ w14;\n w30 = (n << 1) | (n >>> 31);\n t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 31\n n = w28 ^ w23 ^ w17 ^ w15;\n w31 = (n << 1) | (n >>> 31);\n t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 32\n n = w29 ^ w24 ^ w18 ^ w16;\n w32 = (n << 1) | (n >>> 31);\n t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 33\n n = w30 ^ w25 ^ w19 ^ w17;\n w33 = (n << 1) | (n >>> 31);\n t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 34\n n = w31 ^ w26 ^ w20 ^ w18;\n w34 = (n << 1) | (n >>> 31);\n t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 35\n n = w32 ^ w27 ^ w21 ^ w19;\n w35 = (n << 1) | (n >>> 31);\n t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 36\n n = w33 ^ w28 ^ w22 ^ w20;\n w36 = (n << 1) | (n >>> 31);\n t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 37\n n = w34 ^ w29 ^ w23 ^ w21;\n w37 = (n << 1) | (n >>> 31);\n t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 38\n n = w35 ^ w30 ^ w24 ^ w22;\n w38 = (n << 1) | (n >>> 31);\n t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 39\n n = w36 ^ w31 ^ w25 ^ w23;\n w39 = (n << 1) | (n >>> 31);\n t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 40\n n = w37 ^ w32 ^ w26 ^ w24;\n w40 = (n << 1) | (n >>> 31);\n t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 41\n n = w38 ^ w33 ^ w27 ^ w25;\n w41 = (n << 1) | (n >>> 31);\n t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 42\n n = w39 ^ w34 ^ w28 ^ w26;\n w42 = (n << 1) | (n >>> 31);\n t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 43\n n = w40 ^ w35 ^ w29 ^ w27;\n w43 = (n << 1) | (n >>> 31);\n t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 44\n n = w41 ^ w36 ^ w30 ^ w28;\n w44 = (n << 1) | (n >>> 31);\n t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 45\n n = w42 ^ w37 ^ w31 ^ w29;\n w45 = (n << 1) | (n >>> 31);\n t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 46\n n = w43 ^ w38 ^ w32 ^ w30;\n w46 = (n << 1) | (n >>> 31);\n t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 47\n n = w44 ^ w39 ^ w33 ^ w31;\n w47 = (n << 1) | (n >>> 31);\n t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 48\n n = w45 ^ w40 ^ w34 ^ w32;\n w48 = (n << 1) | (n >>> 31);\n t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 49\n n = w46 ^ w41 ^ w35 ^ w33;\n w49 = (n << 1) | (n >>> 31);\n t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 50\n n = w47 ^ w42 ^ w36 ^ w34;\n w50 = (n << 1) | (n >>> 31);\n t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 51\n n = w48 ^ w43 ^ w37 ^ w35;\n w51 = (n << 1) | (n >>> 31);\n t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 52\n n = w49 ^ w44 ^ w38 ^ w36;\n w52 = (n << 1) | (n >>> 31);\n t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 53\n n = w50 ^ w45 ^ w39 ^ w37;\n w53 = (n << 1) | (n >>> 31);\n t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 54\n n = w51 ^ w46 ^ w40 ^ w38;\n w54 = (n << 1) | (n >>> 31);\n t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 55\n n = w52 ^ w47 ^ w41 ^ w39;\n w55 = (n << 1) | (n >>> 31);\n t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 56\n n = w53 ^ w48 ^ w42 ^ w40;\n w56 = (n << 1) | (n >>> 31);\n t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 57\n n = w54 ^ w49 ^ w43 ^ w41;\n w57 = (n << 1) | (n >>> 31);\n t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 58\n n = w55 ^ w50 ^ w44 ^ w42;\n w58 = (n << 1) | (n >>> 31);\n t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 59\n n = w56 ^ w51 ^ w45 ^ w43;\n w59 = (n << 1) | (n >>> 31);\n t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 60\n n = w57 ^ w52 ^ w46 ^ w44;\n w60 = (n << 1) | (n >>> 31);\n t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 61\n n = w58 ^ w53 ^ w47 ^ w45;\n w61 = (n << 1) | (n >>> 31);\n t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 62\n n = w59 ^ w54 ^ w48 ^ w46;\n w62 = (n << 1) | (n >>> 31);\n t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 63\n n = w60 ^ w55 ^ w49 ^ w47;\n w63 = (n << 1) | (n >>> 31);\n t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 64\n n = w61 ^ w56 ^ w50 ^ w48;\n w64 = (n << 1) | (n >>> 31);\n t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 65\n n = w62 ^ w57 ^ w51 ^ w49;\n w65 = (n << 1) | (n >>> 31);\n t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 66\n n = w63 ^ w58 ^ w52 ^ w50;\n w66 = (n << 1) | (n >>> 31);\n t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 67\n n = w64 ^ w59 ^ w53 ^ w51;\n w67 = (n << 1) | (n >>> 31);\n t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 68\n n = w65 ^ w60 ^ w54 ^ w52;\n w68 = (n << 1) | (n >>> 31);\n t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 69\n n = w66 ^ w61 ^ w55 ^ w53;\n w69 = (n << 1) | (n >>> 31);\n t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 70\n n = w67 ^ w62 ^ w56 ^ w54;\n w70 = (n << 1) | (n >>> 31);\n t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 71\n n = w68 ^ w63 ^ w57 ^ w55;\n w71 = (n << 1) | (n >>> 31);\n t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 72\n n = w69 ^ w64 ^ w58 ^ w56;\n w72 = (n << 1) | (n >>> 31);\n t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 73\n n = w70 ^ w65 ^ w59 ^ w57;\n w73 = (n << 1) | (n >>> 31);\n t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 74\n n = w71 ^ w66 ^ w60 ^ w58;\n w74 = (n << 1) | (n >>> 31);\n t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 75\n n = w72 ^ w67 ^ w61 ^ w59;\n w75 = (n << 1) | (n >>> 31);\n t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 76\n n = w73 ^ w68 ^ w62 ^ w60;\n w76 = (n << 1) | (n >>> 31);\n t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 77\n n = w74 ^ w69 ^ w63 ^ w61;\n w77 = (n << 1) | (n >>> 31);\n t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 78\n n = w75 ^ w70 ^ w64 ^ w62;\n w78 = (n << 1) | (n >>> 31);\n t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 79\n n = w76 ^ w71 ^ w65 ^ w63;\n w79 = (n << 1) | (n >>> 31);\n t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n }\n\n function reset () {\n H0 = 0x67452301;\n H1 = 0xefcdab89;\n H2 = 0x98badcfe;\n H3 = 0x10325476;\n H4 = 0xc3d2e1f0;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA1\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA1\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA1\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","import { _heap_write } from '../other/utils';\nimport { IllegalStateError } from '../other/errors';\nexport class Hash {\n constructor() {\n this.pos = 0;\n this.len = 0;\n }\n reset() {\n const { asm } = this.acquire_asm();\n this.result = null;\n this.pos = 0;\n this.len = 0;\n asm.reset();\n return this;\n }\n process(data) {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n let hpos = this.pos;\n let hlen = this.len;\n let dpos = 0;\n let dlen = data.length;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen);\n hlen += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.process(hpos, hlen);\n hpos += wlen;\n hlen -= wlen;\n if (!hlen)\n hpos = 0;\n }\n this.pos = hpos;\n this.len = hlen;\n return this;\n }\n finish() {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n asm.finish(this.pos, this.len, 0);\n this.result = new Uint8Array(this.HASH_SIZE);\n this.result.set(heap.subarray(0, this.HASH_SIZE));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return this;\n }\n}\n","import { sha1_asm } from './sha1.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha1_block_size = 64;\nexport const _sha1_hash_size = 20;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha1 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha1';\n this.BLOCK_SIZE = _sha1_block_size;\n this.HASH_SIZE = _sha1_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha1().process(data).finish().result;\n }\n}\nSha1.NAME = 'sha1';\nSha1.heap_pool = [];\nSha1.asm_pool = [];\nSha1.asm_function = sha1_asm;\n","import { sha256_asm } from './sha256.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha256_block_size = 64;\nexport const _sha256_hash_size = 32;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha256 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha256';\n this.BLOCK_SIZE = _sha256_block_size;\n this.HASH_SIZE = _sha256_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha256().process(data).finish().result;\n }\n}\nSha256.NAME = 'sha256';\n","export var sha256_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n f = H5;\n g = H6;\n h = H7;\n \n // 0\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 1\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 2\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 3\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 4\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 5\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 6\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 7\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 8\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 9\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 10\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 11\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 12\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 13\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 14\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 15\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 16\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 17\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 18\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 19\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 20\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 21\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 22\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 23\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 24\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 25\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 26\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 27\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 28\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 29\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 30\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 31\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 32\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 33\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 34\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 35\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 36\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 37\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 38\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 39\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 40\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 41\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 42\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 43\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 44\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 45\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 46\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 47\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 48\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 49\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 50\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 51\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 52\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 53\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 54\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 55\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 56\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 57\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 58\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 59\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 60\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 61\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 62\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 63\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n H5 = ( H5 + f )|0;\n H6 = ( H6 + g )|0;\n H7 = ( H7 + h )|0;\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n HEAP[output|20] = H5>>>24;\n HEAP[output|21] = H5>>>16&255;\n HEAP[output|22] = H5>>>8&255;\n HEAP[output|23] = H5&255;\n HEAP[output|24] = H6>>>24;\n HEAP[output|25] = H6>>>16&255;\n HEAP[output|26] = H6>>>8&255;\n HEAP[output|27] = H6&255;\n HEAP[output|28] = H7>>>24;\n HEAP[output|29] = H7>>>16&255;\n HEAP[output|30] = H7>>>8&255;\n HEAP[output|31] = H7&255;\n }\n\n function reset () {\n H0 = 0x6a09e667;\n H1 = 0xbb67ae85;\n H2 = 0x3c6ef372;\n H3 = 0xa54ff53a;\n H4 = 0x510e527f;\n H5 = 0x9b05688c;\n H6 = 0x1f83d9ab;\n H7 = 0x5be0cd19;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n h5 = h5|0;\n h6 = h6|0;\n h7 = h7|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n H5 = I5;\n H6 = I6;\n H7 = I7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n H5 = O5;\n H6 = O6;\n H7 = O7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n O5 = H5;\n O6 = H6;\n O7 = H7;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n I5 = H5;\n I6 = H6;\n I7 = H7;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n h5 = h5 ^ H5;\n h6 = h6 ^ H6;\n h7 = h7 ^ H7;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA256\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA256\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA256\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","module.exports = assert;\n\nfunction assert(val, msg) {\n if (!val)\n throw new Error(msg || 'Assertion failed');\n}\n\nassert.equal = function assertEqual(l, r, msg) {\n if (l != r)\n throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));\n};\n","if (typeof Object.create === 'function') {\n // implementation from standard node.js 'util' module\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n ctor.prototype = Object.create(superCtor.prototype, {\n constructor: {\n value: ctor,\n enumerable: false,\n writable: true,\n configurable: true\n }\n });\n };\n} else {\n // old school shim for old browsers\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n var TempCtor = function () {}\n TempCtor.prototype = superCtor.prototype\n ctor.prototype = new TempCtor()\n ctor.prototype.constructor = ctor\n }\n}\n","'use strict';\n\nvar assert = require('minimalistic-assert');\nvar inherits = require('inherits');\n\nexports.inherits = inherits;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg === 'string') {\n if (!enc) {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n } else if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n }\n } else {\n for (i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n }\n return res;\n}\nexports.toArray = toArray;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nexports.toHex = toHex;\n\nfunction htonl(w) {\n var res = (w >>> 24) |\n ((w >>> 8) & 0xff00) |\n ((w << 8) & 0xff0000) |\n ((w & 0xff) << 24);\n return res >>> 0;\n}\nexports.htonl = htonl;\n\nfunction toHex32(msg, endian) {\n var res = '';\n for (var i = 0; i < msg.length; i++) {\n var w = msg[i];\n if (endian === 'little')\n w = htonl(w);\n res += zero8(w.toString(16));\n }\n return res;\n}\nexports.toHex32 = toHex32;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nexports.zero2 = zero2;\n\nfunction zero8(word) {\n if (word.length === 7)\n return '0' + word;\n else if (word.length === 6)\n return '00' + word;\n else if (word.length === 5)\n return '000' + word;\n else if (word.length === 4)\n return '0000' + word;\n else if (word.length === 3)\n return '00000' + word;\n else if (word.length === 2)\n return '000000' + word;\n else if (word.length === 1)\n return '0000000' + word;\n else\n return word;\n}\nexports.zero8 = zero8;\n\nfunction join32(msg, start, end, endian) {\n var len = end - start;\n assert(len % 4 === 0);\n var res = new Array(len / 4);\n for (var i = 0, k = start; i < res.length; i++, k += 4) {\n var w;\n if (endian === 'big')\n w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];\n else\n w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];\n res[i] = w >>> 0;\n }\n return res;\n}\nexports.join32 = join32;\n\nfunction split32(msg, endian) {\n var res = new Array(msg.length * 4);\n for (var i = 0, k = 0; i < msg.length; i++, k += 4) {\n var m = msg[i];\n if (endian === 'big') {\n res[k] = m >>> 24;\n res[k + 1] = (m >>> 16) & 0xff;\n res[k + 2] = (m >>> 8) & 0xff;\n res[k + 3] = m & 0xff;\n } else {\n res[k + 3] = m >>> 24;\n res[k + 2] = (m >>> 16) & 0xff;\n res[k + 1] = (m >>> 8) & 0xff;\n res[k] = m & 0xff;\n }\n }\n return res;\n}\nexports.split32 = split32;\n\nfunction rotr32(w, b) {\n return (w >>> b) | (w << (32 - b));\n}\nexports.rotr32 = rotr32;\n\nfunction rotl32(w, b) {\n return (w << b) | (w >>> (32 - b));\n}\nexports.rotl32 = rotl32;\n\nfunction sum32(a, b) {\n return (a + b) >>> 0;\n}\nexports.sum32 = sum32;\n\nfunction sum32_3(a, b, c) {\n return (a + b + c) >>> 0;\n}\nexports.sum32_3 = sum32_3;\n\nfunction sum32_4(a, b, c, d) {\n return (a + b + c + d) >>> 0;\n}\nexports.sum32_4 = sum32_4;\n\nfunction sum32_5(a, b, c, d, e) {\n return (a + b + c + d + e) >>> 0;\n}\nexports.sum32_5 = sum32_5;\n\nfunction sum64(buf, pos, ah, al) {\n var bh = buf[pos];\n var bl = buf[pos + 1];\n\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n buf[pos] = hi >>> 0;\n buf[pos + 1] = lo;\n}\nexports.sum64 = sum64;\n\nfunction sum64_hi(ah, al, bh, bl) {\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n return hi >>> 0;\n}\nexports.sum64_hi = sum64_hi;\n\nfunction sum64_lo(ah, al, bh, bl) {\n var lo = al + bl;\n return lo >>> 0;\n}\nexports.sum64_lo = sum64_lo;\n\nfunction sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n\n var hi = ah + bh + ch + dh + carry;\n return hi >>> 0;\n}\nexports.sum64_4_hi = sum64_4_hi;\n\nfunction sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {\n var lo = al + bl + cl + dl;\n return lo >>> 0;\n}\nexports.sum64_4_lo = sum64_4_lo;\n\nfunction sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n lo = (lo + el) >>> 0;\n carry += lo < el ? 1 : 0;\n\n var hi = ah + bh + ch + dh + eh + carry;\n return hi >>> 0;\n}\nexports.sum64_5_hi = sum64_5_hi;\n\nfunction sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var lo = al + bl + cl + dl + el;\n\n return lo >>> 0;\n}\nexports.sum64_5_lo = sum64_5_lo;\n\nfunction rotr64_hi(ah, al, num) {\n var r = (al << (32 - num)) | (ah >>> num);\n return r >>> 0;\n}\nexports.rotr64_hi = rotr64_hi;\n\nfunction rotr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.rotr64_lo = rotr64_lo;\n\nfunction shr64_hi(ah, al, num) {\n return ah >>> num;\n}\nexports.shr64_hi = shr64_hi;\n\nfunction shr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.shr64_lo = shr64_lo;\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction BlockHash() {\n this.pending = null;\n this.pendingTotal = 0;\n this.blockSize = this.constructor.blockSize;\n this.outSize = this.constructor.outSize;\n this.hmacStrength = this.constructor.hmacStrength;\n this.padLength = this.constructor.padLength / 8;\n this.endian = 'big';\n\n this._delta8 = this.blockSize / 8;\n this._delta32 = this.blockSize / 32;\n}\nexports.BlockHash = BlockHash;\n\nBlockHash.prototype.update = function update(msg, enc) {\n // Convert message to array, pad it, and join into 32bit blocks\n msg = utils.toArray(msg, enc);\n if (!this.pending)\n this.pending = msg;\n else\n this.pending = this.pending.concat(msg);\n this.pendingTotal += msg.length;\n\n // Enough data, try updating\n if (this.pending.length >= this._delta8) {\n msg = this.pending;\n\n // Process pending data in blocks\n var r = msg.length % this._delta8;\n this.pending = msg.slice(msg.length - r, msg.length);\n if (this.pending.length === 0)\n this.pending = null;\n\n msg = utils.join32(msg, 0, msg.length - r, this.endian);\n for (var i = 0; i < msg.length; i += this._delta32)\n this._update(msg, i, i + this._delta32);\n }\n\n return this;\n};\n\nBlockHash.prototype.digest = function digest(enc) {\n this.update(this._pad());\n assert(this.pending === null);\n\n return this._digest(enc);\n};\n\nBlockHash.prototype._pad = function pad() {\n var len = this.pendingTotal;\n var bytes = this._delta8;\n var k = bytes - ((len + this.padLength) % bytes);\n var res = new Array(k + this.padLength);\n res[0] = 0x80;\n for (var i = 1; i < k; i++)\n res[i] = 0;\n\n // Append length\n len <<= 3;\n if (this.endian === 'big') {\n for (var t = 8; t < this.padLength; t++)\n res[i++] = 0;\n\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = len & 0xff;\n } else {\n res[i++] = len & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n\n for (t = 8; t < this.padLength; t++)\n res[i++] = 0;\n }\n\n return res;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar rotr32 = utils.rotr32;\n\nfunction ft_1(s, x, y, z) {\n if (s === 0)\n return ch32(x, y, z);\n if (s === 1 || s === 3)\n return p32(x, y, z);\n if (s === 2)\n return maj32(x, y, z);\n}\nexports.ft_1 = ft_1;\n\nfunction ch32(x, y, z) {\n return (x & y) ^ ((~x) & z);\n}\nexports.ch32 = ch32;\n\nfunction maj32(x, y, z) {\n return (x & y) ^ (x & z) ^ (y & z);\n}\nexports.maj32 = maj32;\n\nfunction p32(x, y, z) {\n return x ^ y ^ z;\n}\nexports.p32 = p32;\n\nfunction s0_256(x) {\n return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);\n}\nexports.s0_256 = s0_256;\n\nfunction s1_256(x) {\n return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);\n}\nexports.s1_256 = s1_256;\n\nfunction g0_256(x) {\n return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);\n}\nexports.g0_256 = g0_256;\n\nfunction g1_256(x) {\n return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);\n}\nexports.g1_256 = g1_256;\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\nvar assert = require('minimalistic-assert');\n\nvar sum32 = utils.sum32;\nvar sum32_4 = utils.sum32_4;\nvar sum32_5 = utils.sum32_5;\nvar ch32 = shaCommon.ch32;\nvar maj32 = shaCommon.maj32;\nvar s0_256 = shaCommon.s0_256;\nvar s1_256 = shaCommon.s1_256;\nvar g0_256 = shaCommon.g0_256;\nvar g1_256 = shaCommon.g1_256;\n\nvar BlockHash = common.BlockHash;\n\nvar sha256_K = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n];\n\nfunction SHA256() {\n if (!(this instanceof SHA256))\n return new SHA256();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\n 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n ];\n this.k = sha256_K;\n this.W = new Array(64);\n}\nutils.inherits(SHA256, BlockHash);\nmodule.exports = SHA256;\n\nSHA256.blockSize = 512;\nSHA256.outSize = 256;\nSHA256.hmacStrength = 192;\nSHA256.padLength = 64;\n\nSHA256.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i++)\n W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n var f = this.h[5];\n var g = this.h[6];\n var h = this.h[7];\n\n assert(this.k.length === W.length);\n for (i = 0; i < W.length; i++) {\n var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);\n var T2 = sum32(s0_256(a), maj32(a, b, c));\n h = g;\n g = f;\n f = e;\n e = sum32(d, T1);\n d = c;\n c = b;\n b = a;\n a = sum32(T1, T2);\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n this.h[5] = sum32(this.h[5], f);\n this.h[6] = sum32(this.h[6], g);\n this.h[7] = sum32(this.h[7], h);\n};\n\nSHA256.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar SHA256 = require('./256');\n\nfunction SHA224() {\n if (!(this instanceof SHA224))\n return new SHA224();\n\n SHA256.call(this);\n this.h = [\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\n 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];\n}\nutils.inherits(SHA224, SHA256);\nmodule.exports = SHA224;\n\nSHA224.blockSize = 512;\nSHA224.outSize = 224;\nSHA224.hmacStrength = 192;\nSHA224.padLength = 64;\n\nSHA224.prototype._digest = function digest(enc) {\n // Just truncate output\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 7), 'big');\n else\n return utils.split32(this.h.slice(0, 7), 'big');\n};\n\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar assert = require('minimalistic-assert');\n\nvar rotr64_hi = utils.rotr64_hi;\nvar rotr64_lo = utils.rotr64_lo;\nvar shr64_hi = utils.shr64_hi;\nvar shr64_lo = utils.shr64_lo;\nvar sum64 = utils.sum64;\nvar sum64_hi = utils.sum64_hi;\nvar sum64_lo = utils.sum64_lo;\nvar sum64_4_hi = utils.sum64_4_hi;\nvar sum64_4_lo = utils.sum64_4_lo;\nvar sum64_5_hi = utils.sum64_5_hi;\nvar sum64_5_lo = utils.sum64_5_lo;\n\nvar BlockHash = common.BlockHash;\n\nvar sha512_K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction SHA512() {\n if (!(this instanceof SHA512))\n return new SHA512();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xf3bcc908,\n 0xbb67ae85, 0x84caa73b,\n 0x3c6ef372, 0xfe94f82b,\n 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1,\n 0x9b05688c, 0x2b3e6c1f,\n 0x1f83d9ab, 0xfb41bd6b,\n 0x5be0cd19, 0x137e2179 ];\n this.k = sha512_K;\n this.W = new Array(160);\n}\nutils.inherits(SHA512, BlockHash);\nmodule.exports = SHA512;\n\nSHA512.blockSize = 1024;\nSHA512.outSize = 512;\nSHA512.hmacStrength = 192;\nSHA512.padLength = 128;\n\nSHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {\n var W = this.W;\n\n // 32 x 32bit words\n for (var i = 0; i < 32; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i += 2) {\n var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2\n var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);\n var c1_hi = W[i - 14]; // i - 7\n var c1_lo = W[i - 13];\n var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15\n var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);\n var c3_hi = W[i - 32]; // i - 16\n var c3_lo = W[i - 31];\n\n W[i] = sum64_4_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n W[i + 1] = sum64_4_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n }\n};\n\nSHA512.prototype._update = function _update(msg, start) {\n this._prepareBlock(msg, start);\n\n var W = this.W;\n\n var ah = this.h[0];\n var al = this.h[1];\n var bh = this.h[2];\n var bl = this.h[3];\n var ch = this.h[4];\n var cl = this.h[5];\n var dh = this.h[6];\n var dl = this.h[7];\n var eh = this.h[8];\n var el = this.h[9];\n var fh = this.h[10];\n var fl = this.h[11];\n var gh = this.h[12];\n var gl = this.h[13];\n var hh = this.h[14];\n var hl = this.h[15];\n\n assert(this.k.length === W.length);\n for (var i = 0; i < W.length; i += 2) {\n var c0_hi = hh;\n var c0_lo = hl;\n var c1_hi = s1_512_hi(eh, el);\n var c1_lo = s1_512_lo(eh, el);\n var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);\n var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);\n var c3_hi = this.k[i];\n var c3_lo = this.k[i + 1];\n var c4_hi = W[i];\n var c4_lo = W[i + 1];\n\n var T1_hi = sum64_5_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n var T1_lo = sum64_5_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n\n c0_hi = s0_512_hi(ah, al);\n c0_lo = s0_512_lo(ah, al);\n c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);\n c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);\n\n var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);\n var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);\n\n hh = gh;\n hl = gl;\n\n gh = fh;\n gl = fl;\n\n fh = eh;\n fl = el;\n\n eh = sum64_hi(dh, dl, T1_hi, T1_lo);\n el = sum64_lo(dl, dl, T1_hi, T1_lo);\n\n dh = ch;\n dl = cl;\n\n ch = bh;\n cl = bl;\n\n bh = ah;\n bl = al;\n\n ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);\n al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);\n }\n\n sum64(this.h, 0, ah, al);\n sum64(this.h, 2, bh, bl);\n sum64(this.h, 4, ch, cl);\n sum64(this.h, 6, dh, dl);\n sum64(this.h, 8, eh, el);\n sum64(this.h, 10, fh, fl);\n sum64(this.h, 12, gh, gl);\n sum64(this.h, 14, hh, hl);\n};\n\nSHA512.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n\nfunction ch64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ ((~xh) & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction ch64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ ((~xl) & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 28);\n var c1_hi = rotr64_hi(xl, xh, 2); // 34\n var c2_hi = rotr64_hi(xl, xh, 7); // 39\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 28);\n var c1_lo = rotr64_lo(xl, xh, 2); // 34\n var c2_lo = rotr64_lo(xl, xh, 7); // 39\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 14);\n var c1_hi = rotr64_hi(xh, xl, 18);\n var c2_hi = rotr64_hi(xl, xh, 9); // 41\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 14);\n var c1_lo = rotr64_lo(xh, xl, 18);\n var c2_lo = rotr64_lo(xl, xh, 9); // 41\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 1);\n var c1_hi = rotr64_hi(xh, xl, 8);\n var c2_hi = shr64_hi(xh, xl, 7);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 1);\n var c1_lo = rotr64_lo(xh, xl, 8);\n var c2_lo = shr64_lo(xh, xl, 7);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 19);\n var c1_hi = rotr64_hi(xl, xh, 29); // 61\n var c2_hi = shr64_hi(xh, xl, 6);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 19);\n var c1_lo = rotr64_lo(xl, xh, 29); // 61\n var c2_lo = shr64_lo(xh, xl, 6);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n","'use strict';\n\nvar utils = require('../utils');\n\nvar SHA512 = require('./512');\n\nfunction SHA384() {\n if (!(this instanceof SHA384))\n return new SHA384();\n\n SHA512.call(this);\n this.h = [\n 0xcbbb9d5d, 0xc1059ed8,\n 0x629a292a, 0x367cd507,\n 0x9159015a, 0x3070dd17,\n 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31,\n 0x8eb44a87, 0x68581511,\n 0xdb0c2e0d, 0x64f98fa7,\n 0x47b5481d, 0xbefa4fa4 ];\n}\nutils.inherits(SHA384, SHA512);\nmodule.exports = SHA384;\n\nSHA384.blockSize = 1024;\nSHA384.outSize = 384;\nSHA384.hmacStrength = 192;\nSHA384.padLength = 128;\n\nSHA384.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 12), 'big');\n else\n return utils.split32(this.h.slice(0, 12), 'big');\n};\n","'use strict';\n\nvar utils = require('./utils');\nvar common = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_3 = utils.sum32_3;\nvar sum32_4 = utils.sum32_4;\nvar BlockHash = common.BlockHash;\n\nfunction RIPEMD160() {\n if (!(this instanceof RIPEMD160))\n return new RIPEMD160();\n\n BlockHash.call(this);\n\n this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];\n this.endian = 'little';\n}\nutils.inherits(RIPEMD160, BlockHash);\nexports.ripemd160 = RIPEMD160;\n\nRIPEMD160.blockSize = 512;\nRIPEMD160.outSize = 160;\nRIPEMD160.hmacStrength = 192;\nRIPEMD160.padLength = 64;\n\nRIPEMD160.prototype._update = function update(msg, start) {\n var A = this.h[0];\n var B = this.h[1];\n var C = this.h[2];\n var D = this.h[3];\n var E = this.h[4];\n var Ah = A;\n var Bh = B;\n var Ch = C;\n var Dh = D;\n var Eh = E;\n for (var j = 0; j < 80; j++) {\n var T = sum32(\n rotl32(\n sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),\n s[j]),\n E);\n A = E;\n E = D;\n D = rotl32(C, 10);\n C = B;\n B = T;\n T = sum32(\n rotl32(\n sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),\n sh[j]),\n Eh);\n Ah = Eh;\n Eh = Dh;\n Dh = rotl32(Ch, 10);\n Ch = Bh;\n Bh = T;\n }\n T = sum32_3(this.h[1], C, Dh);\n this.h[1] = sum32_3(this.h[2], D, Eh);\n this.h[2] = sum32_3(this.h[3], E, Ah);\n this.h[3] = sum32_3(this.h[4], A, Bh);\n this.h[4] = sum32_3(this.h[0], B, Ch);\n this.h[0] = T;\n};\n\nRIPEMD160.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'little');\n else\n return utils.split32(this.h, 'little');\n};\n\nfunction f(j, x, y, z) {\n if (j <= 15)\n return x ^ y ^ z;\n else if (j <= 31)\n return (x & y) | ((~x) & z);\n else if (j <= 47)\n return (x | (~y)) ^ z;\n else if (j <= 63)\n return (x & z) | (y & (~z));\n else\n return x ^ (y | (~z));\n}\n\nfunction K(j) {\n if (j <= 15)\n return 0x00000000;\n else if (j <= 31)\n return 0x5a827999;\n else if (j <= 47)\n return 0x6ed9eba1;\n else if (j <= 63)\n return 0x8f1bbcdc;\n else\n return 0xa953fd4e;\n}\n\nfunction Kh(j) {\n if (j <= 15)\n return 0x50a28be6;\n else if (j <= 31)\n return 0x5c4dd124;\n else if (j <= 47)\n return 0x6d703ef3;\n else if (j <= 63)\n return 0x7a6d76e9;\n else\n return 0x00000000;\n}\n\nvar r = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,\n 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,\n 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,\n 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13\n];\n\nvar rh = [\n 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,\n 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,\n 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,\n 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,\n 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11\n];\n\nvar s = [\n 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,\n 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,\n 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,\n 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,\n 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6\n];\n\nvar sh = [\n 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,\n 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,\n 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,\n 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,\n 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11\n];\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n * @private\n */\n\nimport { Sha1 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1';\nimport { Sha256 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256';\nimport sha224 from 'hash.js/lib/hash/sha/224';\nimport sha384 from 'hash.js/lib/hash/sha/384';\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport { ripemd160 } from 'hash.js/lib/hash/ripemd';\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport defaultConfig from '../../config';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction hashjsHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n }\n const hashInstance = hash();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => new Uint8Array(hashInstance.digest()));\n };\n}\n\nfunction asmcryptoHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hashInstance = new hash();\n return stream.transform(data, value => {\n hashInstance.process(value);\n }, () => hashInstance.finish().result);\n } else if (webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n } else {\n return hash.bytes(data);\n }\n };\n}\n\nconst hashFunctions = {\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'),\n sha224: nodeHash('sha224') || hashjsHash(sha224),\n sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'),\n sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),\n sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.\n ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)\n};\n\nexport default {\n\n /** @see module:md5 */\n md5: hashFunctions.md5,\n /** @see asmCrypto */\n sha1: hashFunctions.sha1,\n /** @see hash.js */\n sha224: hashFunctions.sha224,\n /** @see asmCrypto */\n sha256: hashFunctions.sha256,\n /** @see hash.js */\n sha384: hashFunctions.sha384,\n /** @see asmCrypto */\n sha512: hashFunctions.sha512,\n /** @see hash.js */\n ripemd: hashFunctions.ripemd,\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n default:\n throw new Error('Invalid hash function.');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CFB {\n static encrypt(data, key, iv) {\n return new AES_CFB(key, iv).encrypt(data);\n }\n static decrypt(data, key, iv) {\n return new AES_CFB(key, iv).decrypt(data);\n }\n constructor(key, iv, aes) {\n this.aes = aes ? aes : new AES(key, iv, true, 'CFB');\n delete this.aes.padding;\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import * as cipher from '.';\nimport enums from '../../enums';\n\n/**\n * Get implementation of the given cipher\n * @param {enums.symmetric} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport default function getCipher(algo) {\n const algoName = enums.read(enums.symmetric, algo);\n return cipher[algoName];\n}\n","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n * @private\n */\n\nimport { AES_CFB } from '@openpgp/asmcrypto.js/dist_es8/aes/cfb';\nimport * as stream from '@openpgp/web-stream-tools';\nimport getCipher from '../cipher/getCipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nfunction aesEncrypt(algo, key, pt, iv, config) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support\n !util.isStream(pt) &&\n pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2\n ) { // Web Crypto\n return webEncrypt(algo, key, pt, iv);\n }\n // asm.js fallback\n const cfb = new AES_CFB(key, iv);\n return stream.transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish());\n}\n\nfunction aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new AES_CFB(key, iv);\n return stream.transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish());\n }\n return AES_CFB.decrypt(ct, key, iv);\n}\n\nfunction xorMut(a, b) {\n for (let i = 0; i < a.length; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nasync function webEncrypt(algo, key, pt, iv) {\n const ALGO = 'AES-CBC';\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']);\n const { blockSize } = getCipher(algo);\n const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]);\n const ct = new Uint8Array(await webCrypto.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length);\n xorMut(ct, pt);\n return ct;\n}\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","import { AES } from './aes';\nimport { IllegalArgumentError } from '../other/errors';\nimport { joinBytes } from '../other/utils';\nexport class AES_CTR {\n static encrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n static decrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n constructor(key, nonce, aes) {\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n delete this.aes.padding;\n this.AES_CTR_set_options(nonce);\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n AES_CTR_set_options(nonce, counter, size) {\n let { asm } = this.aes.acquire_asm();\n if (size !== undefined) {\n if (size < 8 || size > 48)\n throw new IllegalArgumentError('illegal counter size');\n let mask = Math.pow(2, size) - 1;\n asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0);\n }\n else {\n size = 48;\n asm.set_mask(0, 0, 0xffff, 0xffffffff);\n }\n if (nonce !== undefined) {\n let len = nonce.length;\n if (!len || len > 16)\n throw new IllegalArgumentError('illegal nonce size');\n let view = new DataView(new ArrayBuffer(16));\n new Uint8Array(view.buffer).set(nonce);\n asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12));\n }\n else {\n throw new Error('nonce is required');\n }\n if (counter !== undefined) {\n if (counter < 0 || counter >= Math.pow(2, size))\n throw new IllegalArgumentError('illegal counter value');\n asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0);\n }\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CBC {\n static encrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).encrypt(data);\n }\n static decrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).decrypt(data);\n }\n constructor(key, iv, padding = true, aes) {\n this.aes = aes ? aes : new AES(key, iv, padding, 'CBC');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n * @private\n */\n\nimport { AES_CBC } from '@openpgp/asmcrypto.js/dist_es8/aes/cbc';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt) {\n return AES_CBC.encrypt(pt, key, false, zeroBlock);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n * @private\n */\n\nimport { AES_CTR } from '@openpgp/asmcrypto.js/dist_es8/aes/ctr';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n ) {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt, iv) {\n return AES_CTR.encrypt(pt, key, iv);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n * @private\n */\n\nimport * as ciphers from '../cipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n\n let maxNtz = 0;\n let encipher;\n let decipher;\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables(cipher, key) {\n const cipherName = enums.read(enums.symmetric, cipher);\n const aes = new ciphers[cipherName](key);\n encipher = aes.encrypt.bind(aes);\n decipher = aes.decrypt.bind(aes);\n\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","import { IllegalArgumentError, IllegalStateError, SecurityError } from '../other/errors';\nimport { _heap_write } from '../other/utils';\nimport { AES } from './aes';\nimport { AES_asm } from './aes.asm';\nconst _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5\nexport class AES_GCM {\n constructor(key, nonce, adata, tagSize = 16, aes) {\n this.tagSize = tagSize;\n this.gamma0 = 0;\n this.counter = 1;\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n let { asm, heap } = this.aes.acquire_asm();\n // Init GCM\n asm.gcm_init();\n // Tag size\n if (this.tagSize < 4 || this.tagSize > 16)\n throw new IllegalArgumentError('illegal tagSize value');\n // Nonce\n const noncelen = nonce.length || 0;\n const noncebuf = new Uint8Array(16);\n if (noncelen !== 12) {\n this._gcm_mac_process(nonce);\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = 0;\n heap[4] = 0;\n heap[5] = 0;\n heap[6] = 0;\n heap[7] = 0;\n heap[8] = 0;\n heap[9] = 0;\n heap[10] = 0;\n heap[11] = noncelen >>> 29;\n heap[12] = (noncelen >>> 21) & 255;\n heap[13] = (noncelen >>> 13) & 255;\n heap[14] = (noncelen >>> 5) & 255;\n heap[15] = (noncelen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_iv(0, 0, 0, 0);\n noncebuf.set(heap.subarray(0, 16));\n }\n else {\n noncebuf.set(nonce);\n noncebuf[15] = 1;\n }\n const nonceview = new DataView(noncebuf.buffer);\n this.gamma0 = nonceview.getUint32(12);\n asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0);\n asm.set_mask(0, 0, 0, 0xffffffff);\n // Associated data\n if (adata !== undefined) {\n if (adata.length > _AES_GCM_data_maxLength)\n throw new IllegalArgumentError('illegal adata length');\n if (adata.length) {\n this.adata = adata;\n this._gcm_mac_process(adata);\n }\n else {\n this.adata = undefined;\n }\n }\n else {\n this.adata = undefined;\n }\n // Counter\n if (this.counter < 1 || this.counter > 0xffffffff)\n throw new RangeError('counter must be a positive 32-bit integer');\n asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0);\n }\n static encrypt(cleartext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext);\n }\n static decrypt(ciphertext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext);\n }\n encrypt(data) {\n return this.AES_GCM_encrypt(data);\n }\n decrypt(data) {\n return this.AES_GCM_decrypt(data);\n }\n AES_GCM_Encrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len);\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Encrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let adata = this.adata;\n let pos = this.aes.pos;\n let len = this.aes.len;\n const result = new Uint8Array(len + tagSize);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16);\n if (len)\n result.set(heap.subarray(pos, pos + len));\n let i = len;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n result.set(heap.subarray(0, tagSize), len);\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_Decrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0;\n let tlen = len + dlen - rlen;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > tlen) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n pos = 0;\n len = 0;\n }\n if (dlen > 0) {\n len += _heap_write(heap, 0, data, dpos, dlen);\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Decrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let tagSize = this.tagSize;\n let adata = this.adata;\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rlen = len - tagSize;\n if (len < tagSize)\n throw new IllegalStateError('authentication tag not found');\n const result = new Uint8Array(rlen);\n const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));\n let i = rlen;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len - tagSize;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n let acheck = 0;\n for (let i = 0; i < tagSize; ++i)\n acheck |= atag[i] ^ heap[i];\n if (acheck)\n throw new SecurityError('data integrity check failed');\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_decrypt(data) {\n const result1 = this.AES_GCM_Decrypt_process(data);\n const result2 = this.AES_GCM_Decrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n AES_GCM_encrypt(data) {\n const result1 = this.AES_GCM_Encrypt_process(data);\n const result2 = this.AES_GCM_Encrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n _gcm_mac_process(data) {\n let { asm, heap } = this.aes.acquire_asm();\n let dpos = 0;\n let dlen = data.length || 0;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, 0, data, dpos, dlen);\n dpos += wlen;\n dlen -= wlen;\n while (wlen & 15)\n heap[wlen++] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen);\n }\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n * @private\n */\n\nimport { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.encrypt(pt, key, iv, adata);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (ct.length === tagLength) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n }\n };\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return AES_GCM.encrypt(pt, key, iv, adata);\n },\n\n decrypt: async function(ct, iv, adata) {\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n * @private\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","/*jshint bitwise: false*/\n\n(function(nacl) {\n'use strict';\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d;\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d, h, r;\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n r = nacl.hash(sm.subarray(32, smlen));\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n h = nacl.hash(sm.subarray(0, smlen));\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h;\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n h = nacl.hash(m.subarray(0, n));\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;\n if (crypto && crypto.getRandomValues) {\n // Browsers.\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n } else if (typeof require !== 'undefined') {\n // Node.js.\n crypto = require('crypto');\n if (crypto && crypto.randomBytes) {\n nacl.setPRNG(function(x, n) {\n var i, v = crypto.randomBytes(n);\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n }\n})();\n\n})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {}));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n * @private\n */\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const buf = new Uint8Array(length);\n if (nodeCrypto) {\n const bytes = nodeCrypto.randomBytes(buf.length);\n buf.set(bytes);\n } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n return buf;\n}\n\n/**\n * Create a secure random BigInteger that is greater than or equal to min and less than max.\n * @param {module:BigInteger} min - Lower bound, included\n * @param {module:BigInteger} max - Upper bound, excluded\n * @returns {Promise} Random BigInteger.\n * @async\n */\nexport async function getRandomBigInteger(min, max) {\n const BigInteger = await util.getBigInteger();\n\n if (max.lt(min)) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max.sub(min);\n const bytes = modulus.byteLength();\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = new BigInteger(await getRandomBytes(bytes + 8));\n return r.mod(modulus).add(min);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\n\n/**\n * Generate a probably prime random number\n * @param {Integer} bits - Bit length of the prime\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns BigInteger\n * @async\n */\nexport async function randomProbablePrime(bits, e, k) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n const min = one.leftShift(new BigInteger(bits - 1));\n const thirty = new BigInteger(30);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n const n = await getRandomBigInteger(min, min.leftShift(one));\n let i = n.mod(thirty).toNumber();\n\n do {\n n.iadd(new BigInteger(adds[i]));\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (n.bitLength() > bits) {\n n.imod(min.leftShift(one)).iadd(min);\n i = n.mod(thirty).toNumber();\n }\n } while (!await isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns {boolean}\n * @async\n */\nexport async function isProbablePrime(n, e, k) {\n if (e && !n.dec().gcd(e).isOne()) {\n return false;\n }\n if (!await divisionTest(n)) {\n return false;\n }\n if (!await fermat(n)) {\n return false;\n }\n if (!await millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} b - Optional Fermat test base\n * @returns {boolean}\n */\nexport async function fermat(n, b) {\n const BigInteger = await util.getBigInteger();\n b = b || new BigInteger(2);\n return b.modExp(n.dec(), n).isOne();\n}\n\nexport async function divisionTest(n) {\n const BigInteger = await util.getBigInteger();\n return smallPrimes.every(m => {\n return n.mod(new BigInteger(m)) !== 0;\n });\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n];\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param {BigInteger} n - Number to test\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @param {Function} rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport async function millerRabin(n, k, rand) {\n const BigInteger = await util.getBigInteger();\n const len = n.bitLength();\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n.dec(); // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!n1.getBit(s)) { s++; }\n const d = n.rightShift(new BigInteger(s));\n\n for (; k > 0; k--) {\n const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);\n\n let x = a.modExp(d, n);\n if (x.isOne() || x.equal(n1)) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = x.mul(x).mod(n);\n\n if (x.isOne()) {\n return false;\n }\n if (x.equal(n1)) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n * @private\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport async function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n * @private\n */\n\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\n/* eslint-disable no-invalid-this */\nconst RSAPrivateKey = nodeCrypto ? asn1.define('RSAPrivateKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('version').int(), // 0\n this.key('modulus').int(), // n\n this.key('publicExponent').int(), // e\n this.key('privateExponent').int(), // d\n this.key('prime1').int(), // p\n this.key('prime2').int(), // q\n this.key('exponent1').int(), // dp\n this.key('exponent2').int(), // dq\n this.key('coefficient').int() // u\n );\n}) : undefined;\n\nconst RSAPublicKey = nodeCrypto ? asn1.define('RSAPubliceKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('modulus').int(), // n\n this.key('publicExponent').int() // e\n );\n}) : undefined;\n/* eslint-enable no-invalid-this */\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n const BigInteger = await util.getBigInteger();\n\n e = new BigInteger(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return {\n n: b64ToUint8Array(jwk.n),\n e: e.toUint8Array(),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n } else if (util.getNodeCrypto() && nodeCrypto.generateKeyPair && RSAPrivateKey) {\n const opts = {\n modulusLength: bits,\n publicExponent: e.toNumber(),\n publicKeyEncoding: { type: 'pkcs1', format: 'der' },\n privateKeyEncoding: { type: 'pkcs1', format: 'der' }\n };\n const prv = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, der) => {\n if (err) {\n reject(err);\n } else {\n resolve(RSAPrivateKey.decode(der, 'der'));\n }\n });\n });\n /**\n * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`.\n * @link https://tools.ietf.org/html/rfc3447#section-3.2\n * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1\n */\n return {\n n: prv.modulus.toArrayLike(Uint8Array),\n e: prv.publicExponent.toArrayLike(Uint8Array),\n d: prv.privateExponent.toArrayLike(Uint8Array),\n // switch p and q\n p: prv.prime2.toArrayLike(Uint8Array),\n q: prv.prime1.toArrayLike(Uint8Array),\n // Since p and q are switched in places, we can keep u as defined by DER\n u: prv.coefficient.toArrayLike(Uint8Array)\n };\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = await randomProbablePrime(bits - (bits >> 1), e, 40);\n p = await randomProbablePrime(bits >> 1, e, 40);\n n = p.mul(q);\n } while (n.bitLength() !== bits);\n\n const phi = p.dec().imul(q.dec());\n\n if (q.lt(p)) {\n [p, q] = [q, p];\n }\n\n return {\n n: n.toUint8Array(),\n e: e.toUint8Array(),\n d: e.modInv(phi).toUint8Array(),\n p: p.toUint8Array(),\n q: q.toUint8Array(),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: p.modInv(q).toUint8Array()\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n p = new BigInteger(p);\n q = new BigInteger(q);\n\n // expect pq = n\n if (!p.mul(q).equal(n)) {\n return false;\n }\n\n const two = new BigInteger(2);\n // expect p*u = 1 mod q\n u = new BigInteger(u);\n if (!p.mul(u).mod(q).isOne()) {\n return false;\n }\n\n e = new BigInteger(e);\n d = new BigInteger(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));\n const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r.mul(d).mul(e);\n\n const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));\n d = new BigInteger(d);\n if (m.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return m.modExp(d, n).toUint8Array('be', n.byteLength());\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPrivateKey.encode(keyObject, 'der');\n return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' }));\n }\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n return new Uint8Array(sign.sign(pem));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n s = new BigInteger(s);\n e = new BigInteger(e);\n if (s.gte(n)) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());\n const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1' };\n } else {\n key = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n }\n try {\n return await verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const { default: BN } = await import('bn.js');\n\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n data = new BigInteger(emeEncode(data, n.byteLength()));\n e = new BigInteger(e);\n if (data.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return data.modExp(e, n).toUint8Array('be', n.byteLength());\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPrivateKey.encode(keyObject, 'der');\n key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n const BigInteger = await util.getBigInteger();\n data = new BigInteger(data);\n n = new BigInteger(n);\n e = new BigInteger(e);\n d = new BigInteger(d);\n p = new BigInteger(p);\n q = new BigInteger(q);\n u = new BigInteger(u);\n if (data.gte(n)) {\n throw new Error('Data too large.');\n }\n const dq = d.mod(q.dec()); // d mod (q-1)\n const dp = d.mod(p.dec()); // d mod (p-1)\n\n const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);\n const blinder = unblinder.modInv(n).modExp(e, n);\n data = data.mul(blinder).mod(n);\n\n\n const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p\n const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q\n const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h.mul(p).add(mp); // result < n due to relations above\n\n result = result.mul(unblinder).mod(n);\n\n\n return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n const pNum = new BigInteger(p);\n const qNum = new BigInteger(q);\n const dNum = new BigInteger(d);\n\n let dq = dNum.mod(qNum.dec()); // d mod (q-1)\n let dp = dNum.mod(pNum.dec()); // d mod (p-1)\n dp = dp.toUint8Array();\n dq = dq.toUint8Array();\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const padded = emeEncode(data, p.byteLength());\n const m = new BigInteger(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = await getRandomBigInteger(new BigInteger(1), p.dec());\n return {\n c1: g.modExp(k, p).toUint8Array(),\n c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n const BigInteger = await util.getBigInteger();\n c1 = new BigInteger(c1);\n c2 = new BigInteger(c2);\n p = new BigInteger(p);\n x = new BigInteger(x);\n\n const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);\n return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = new BigInteger(p.bitLength());\n const n1023 = new BigInteger(1023);\n if (pSize.lt(n1023)) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (!g.modExp(p.dec(), p).isOne()) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n const i = new BigInteger(1);\n const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold\n while (i.lt(threshold)) {\n res = res.mul(g).imod(p);\n if (res.isOne()) {\n return false;\n }\n i.iinc();\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1\n const rqx = p.dec().imul(r).iadd(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n * @private\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {string} String with the canonical name of the curve.\n */\n getName() {\n const hex = this.toHex();\n if (enums.curve[hex]) {\n return enums.write(enums.curve, hex);\n } else {\n throw new Error('Unknown curve object identifier.');\n }\n }\n}\n\nexport default OID;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library\n * @module crypto/public_key/elliptic/indutnyKey\n * @private\n */\n\nimport config from '../../../config';\n\nexport function keyFromPrivate(indutnyCurve, priv) {\n const keyPair = indutnyCurve.keyPair({ priv: priv });\n return keyPair;\n}\n\nexport function keyFromPublic(indutnyCurve, pub) {\n const keyPair = indutnyCurve.keyPair({ pub: pub });\n if (keyPair.validate().result !== true) {\n throw new Error('Invalid elliptic public key');\n }\n return keyPair;\n}\n\nexport async function getIndutnyCurve(name) {\n if (!config.useIndutnyElliptic) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n const { default: elliptic } = await import('@openpgp/elliptic');\n return new elliptic.ec(name);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new stream.TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { getRandomBytes } from '../../random';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport { UnsupportedError } from '../../../packet/packet';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n 'p256': 'P-256',\n 'p384': 'P-384',\n 'p521': 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined,\n brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n p256: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.p256,\n web: webCurves.p256,\n payloadSize: 32,\n sharedSize: 256\n },\n p384: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.p384,\n web: webCurves.p384,\n payloadSize: 48,\n sharedSize: 384\n },\n p521: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.p521,\n web: webCurves.p521,\n payloadSize: 66,\n sharedSize: 528\n },\n secp256k1: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.secp256k1,\n payloadSize: 32\n },\n ed25519: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32\n },\n curve25519: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32\n },\n brainpoolP256r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.brainpoolP256r1,\n payloadSize: 32\n },\n brainpoolP384r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.brainpoolP384r1,\n payloadSize: 48\n },\n brainpoolP512r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.brainpoolP512r1,\n payloadSize: 64\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName, params) {\n try {\n if (util.isArray(oidOrName) ||\n util.isUint8Array(oidOrName)) {\n // by oid byte array\n oidOrName = new OID(oidOrName);\n }\n if (oidOrName instanceof OID) {\n // by curve OID\n oidOrName = oidOrName.getName();\n }\n // by curve name or oid string\n this.name = enums.write(enums.curve, oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n params = params || curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node && curves[this.name];\n this.web = params.web && curves[this.name];\n this.payloadSize = params.payloadSize;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === 'curve25519') {\n this.type = 'curve25519';\n } else if (this.name === 'ed25519') {\n this.type = 'ed25519';\n }\n }\n\n async genKeyPair() {\n let keyPair;\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n break;\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519': {\n const privateKey = getRandomBytes(32);\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const secretKey = privateKey.slice().reverse();\n keyPair = nacl.box.keyPair.fromSecretKey(secretKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n case 'ed25519': {\n const privateKey = getRandomBytes(32);\n const keyPair = nacl.sign.keyPair.fromSeed(privateKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n }\n const indutnyCurve = await getIndutnyCurve(this.name);\n keyPair = await indutnyCurve.genKeyPair({\n entropy: util.uint8ArrayToString(getRandomBytes(32))\n });\n return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) };\n }\n}\n\nasync function generate(curve) {\n const BigInteger = await util.getBigInteger();\n\n curve = new CurveWithOID(curve);\n const keyPair = await curve.genKeyPair();\n const Q = new BigInteger(keyPair.publicKey).toUint8Array();\n const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize);\n return {\n oid: curve.oid,\n Q,\n secret,\n hash: curve.hash,\n cipher: curve.cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[enums.write(enums.curve, oid.toHex())].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n p256: true,\n p384: true,\n p521: true,\n secp256k1: true,\n curve25519: algo === enums.publicKey.ecdh,\n brainpoolP256r1: true,\n brainpoolP384r1: true,\n brainpoolP512r1: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === 'curve25519') {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const curve = await getIndutnyCurve(curveName);\n try {\n // Parse Q and check that it is on the curve but not at infinity\n Q = keyFromPublic(curve, Q).getPublic();\n } catch (validationErrors) {\n return false;\n }\n\n /**\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = keyFromPrivate(curve, d).getPublic();\n if (!dG.eq(Q)) {\n return false;\n }\n\n return true;\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nasync function webGenKeyPair(name) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = 0x04;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n * @private\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams } from './oid_curves';\nimport { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web': {\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n }\n case 'node': {\n const signature = await nodeSign(curve, hashAlgo, message, keyPair);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n }\n }\n }\n return ellipticSign(curve, hashed, privateKey);\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n return await webVerify(curve, hashAlgo, signature, message, publicKey);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node':\n return nodeVerify(curve, hashAlgo, signature, message, publicKey);\n }\n }\n const digest = (typeof hashAlgo === 'undefined') ? message : hashed;\n return ellipticVerify(curve, signature, digest, publicKey);\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\nasync function ellipticSign(curve, hashed, privateKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPrivate(indutnyCurve, privateKey);\n const signature = key.sign(hashed);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n}\n\nasync function ellipticVerify(curve, signature, digest, publicKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPublic(indutnyCurve, publicKey);\n return key.verify(digest, signature);\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, keyPair) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n const key = ECPrivateKey.encode({\n version: 1,\n parameters: curve.oid,\n privateKey: Array.from(keyPair.privateKey),\n publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }\n }, 'pem', {\n label: 'EC PRIVATE KEY'\n });\n\n return ECDSASignature.decode(sign.sign(key), 'der');\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n const key = SubjectPublicKeyInfo.encode({\n algorithm: {\n algorithm: [1, 2, 840, 10045, 2, 1],\n parameters: curve.oid\n },\n subjectPublicKey: { unused: 0, data: Array.from(publicKey) }\n }, 'pem', {\n label: 'PUBLIC KEY'\n });\n const signature = ECDSASignature.encode({\n r: new BN(r), s: new BN(s)\n }, 'der');\n\n try {\n return verify.verify(key, signature);\n } catch (err) {\n return false;\n }\n}\n\n// Originally written by Owen Smith https://github.com/omsmith\n// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/\n\n/* eslint-disable no-invalid-this */\n\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\nconst ECDSASignature = nodeCrypto ?\n asn1.define('ECDSASignature', function() {\n this.seq().obj(\n this.key('r').int(),\n this.key('s').int()\n );\n }) : undefined;\n\nconst ECPrivateKey = nodeCrypto ?\n asn1.define('ECPrivateKey', function() {\n this.seq().obj(\n this.key('version').int(),\n this.key('privateKey').octstr(),\n this.key('parameters').explicit(0).optional().any(),\n this.key('publicKey').explicit(1).optional().bitstr()\n );\n }) : undefined;\n\nconst AlgorithmIdentifier = nodeCrypto ?\n asn1.define('AlgorithmIdentifier', function() {\n this.seq().obj(\n this.key('algorithm').objid(),\n this.key('parameters').optional().any()\n );\n }) : undefined;\n\nconst SubjectPublicKeyInfo = nodeCrypto ?\n asn1.define('SubjectPublicKeyInfo', function() {\n this.seq().obj(\n this.key('algorithm').use(AlgorithmIdentifier),\n this.key('subjectPublicKey').bitstr()\n );\n }) : undefined;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);\n const signature = nacl.sign.detached(hashed, secretKey);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const signature = util.concatUint8Array([r, s]);\n return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== 'ed25519') {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const seed = getRandomBytes(32);\n const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = nacl.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n return nacl.sign.detached.verify(hashed, RS, publicKey);\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: // unsupported\n default:\n return false;\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n * @private\n */\n\nimport * as cipher from './cipher';\nimport util from '../util';\n\n/**\n * AES key wrap\n * @function\n * @param {Uint8Array} key\n * @param {Uint8Array} data\n * @returns {Uint8Array}\n */\nexport function wrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const P = unpack(data);\n let A = IV;\n const R = P;\n const n = P.length / 2;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 0; j <= 5; ++j) {\n for (let i = 0; i < n; ++i) {\n t[1] = n * j + (1 + i);\n // B = A\n B[0] = A[0];\n B[1] = A[1];\n // B = A || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES(K, B)\n B = unpack(aes.encrypt(pack(B)));\n // A = MSB(64, B) ^ t\n A = B.subarray(0, 2);\n A[0] ^= t[0];\n A[1] ^= t[1];\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n return pack(A, R);\n}\n\n/**\n * AES key unwrap\n * @function\n * @param {String} key\n * @param {String} data\n * @returns {Uint8Array}\n * @throws {Error}\n */\nexport function unwrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const C = unpack(data);\n let A = C.subarray(0, 2);\n const R = C.subarray(2);\n const n = C.length / 2 - 1;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 5; j >= 0; --j) {\n for (let i = n - 1; i >= 0; --i) {\n t[1] = n * j + (i + 1);\n // B = A ^ t\n B[0] = A[0] ^ t[0];\n B[1] = A[1] ^ t[1];\n // B = (A ^ t) || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES-1(B)\n B = unpack(aes.decrypt(pack(B)));\n // A = MSB(64, B)\n A = B.subarray(0, 2);\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n if (A[0] === IV[0] && A[1] === IV[1]) {\n return pack(R);\n }\n throw new Error('Key Data Integrity failed');\n}\n\nfunction createArrayBuffer(data) {\n if (util.isString(data)) {\n const { length } = data;\n const buffer = new ArrayBuffer(length);\n const view = new Uint8Array(buffer);\n for (let j = 0; j < length; ++j) {\n view[j] = data.charCodeAt(j);\n }\n return buffer;\n }\n return new Uint8Array(data).buffer;\n}\n\nfunction unpack(data) {\n const { length } = data;\n const buffer = createArrayBuffer(data);\n const view = new DataView(buffer);\n const arr = new Uint32Array(length / 4);\n for (let i = 0; i < length / 4; ++i) {\n arr[i] = view.getUint32(4 * i);\n }\n return arr;\n}\n\nfunction pack() {\n let length = 0;\n for (let k = 0; k < arguments.length; ++k) {\n length += 4 * arguments[k].length;\n }\n const buffer = new ArrayBuffer(length);\n const view = new DataView(buffer);\n let offset = 0;\n for (let i = 0; i < arguments.length; ++i) {\n for (let j = 0; j < arguments[i].length; ++j) {\n view.setUint32(offset + 4 * j, arguments[i][j]);\n }\n offset += 4 * arguments[i].length;\n }\n return new Uint8Array(buffer);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport getCipher from '../../cipher/getCipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint.subarray(0, 20)\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519': {\n const d = getRandomBytes(32);\n const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d);\n let { publicKey } = nacl.box.keyPair.fromSecretKey(secretKey);\n publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n }\n return ellipticPublicEphemeralKey(curve, Q);\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = aesKW.wrap(Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519': {\n const secretKey = d.slice().reverse();\n const sharedKey = nacl.scalarMult(secretKey, V.subarray(1));\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n }\n return ellipticPrivateEphemeralKey(curve, V, d);\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(aesKW.unwrap(Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: sender\n },\n privateKey,\n curve.web.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.web.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPrivateEphemeralKey(curve, V, d) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n V = keyFromPublic(indutnyCurve, V);\n d = keyFromPrivate(indutnyCurve, d);\n const secretKey = new Uint8Array(d.getPrivate());\n const S = d.derive(V.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPublicEphemeralKey(curve, Q) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const v = await curve.genKeyPair();\n Q = keyFromPublic(indutnyCurve, Q);\n const V = keyFromPrivate(indutnyCurve, v.privateKey);\n const publicKey = v.publicKey;\n const S = V.derive(Q.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle;\n\nexport default async function HKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n if (webCrypto || nodeSubtleCrypto) {\n const crypto = webCrypto || nodeSubtleCrypto;\n const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n }\n\n if (nodeCrypto) {\n const hashAlgoName = enums.read(enums.hash, hashAlgo);\n // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869\n\n const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest();\n // Step 1: Extract\n // PRK = HMAC-Hash(salt, IKM)\n const pseudoRandomKey = computeHMAC(salt, inputKey);\n\n const hashLen = pseudoRandomKey.length;\n\n // Step 2: Expand\n // HKDF-Expand(PRK, info, L) -> OKM\n const n = Math.ceil(outLen / hashLen);\n const outputKeyingMaterial = new Uint8Array(n * hashLen);\n\n // HMAC input buffer updated at each iteration\n const roundInput = new Uint8Array(hashLen + info.length + 1);\n // T_i and last byte are updated at each iteration, but `info` remains constant\n roundInput.set(info, hashLen);\n\n for (let i = 0; i < n; i++) {\n // T(0) = empty string (zero length)\n // T(i) = HMAC-Hash(PRK, T(i-1) | info | i)\n roundInput[roundInput.length - 1] = i + 1;\n // t = T(i+1)\n const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen));\n roundInput.set(t, 0);\n\n outputKeyingMaterial.set(t, i * hashLen);\n }\n\n return outputKeyingMaterial.subarray(0, outLen);\n }\n\n throw new Error('No HKDF implementation available');\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport getCipher from '../../cipher/getCipher';\nimport computeHKDF from '../../hkdf';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(32);\n const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA);\n const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = aesKW.wrap(encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n * @private\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n x = new BigInteger(x);\n\n let k;\n let r;\n let s;\n let t;\n g = g.mod(p);\n x = x.mod(q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = await getRandomBigInteger(one, q); // returns in [1, q-1]\n r = g.modExp(k, p).imod(q); // (g**k mod p) mod q\n if (r.isZero()) {\n continue;\n }\n const xr = x.mul(r).imod(q);\n t = h.add(xr).imod(q); // H(m) + x*r mod q\n s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q\n if (s.isZero()) {\n continue;\n }\n break;\n }\n return {\n r: r.toUint8Array('be', q.byteLength()),\n s: s.toUint8Array('be', q.byteLength())\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n const BigInteger = await util.getBigInteger();\n const zero = new BigInteger(0);\n r = new BigInteger(r);\n s = new BigInteger(s);\n\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n if (r.lte(zero) || r.gte(q) ||\n s.lte(zero) || s.gte(q)) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);\n const w = s.modInv(q); // s**-1 mod q\n if (w.isZero()) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = g.mod(p);\n y = y.mod(p);\n const u1 = h.mul(w).imod(q); // H(m) * w mod q\n const u2 = r.mul(w).imod(q); // r * w mod q\n const t1 = g.modExp(u1, p); // g**u1 mod p\n const t2 = y.modExp(u2, p); // y**u2 mod p\n const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q\n return v.equal(r);\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (!p.dec().mod(q).isZero()) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (!g.modExp(q, p).isOne()) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = new BigInteger(q.bitLength());\n const n150 = new BigInteger(150);\n if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q\n const rqx = q.mul(r).add(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa,\n /** @see tweetnacl */\n nacl: nacl\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n * @private\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read));\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { s };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read));\n return { r, s };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n let r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n r = util.leftPad(r, 32);\n let s = util.readMPI(signature.subarray(read));\n s = util.leftPad(s, 32);\n return { r, s };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n case enums.publicKey.ed25519: {\n const RS = signature.subarray(read, read + 64); read += RS.length;\n return { RS };\n }\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n // signature already padded on parsing\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal: {\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n * @private\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n * @private\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport getCipher from './cipher/getCipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { CurveWithOID } from './public_key/elliptic/oid_curves';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519: {\n if (!util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (!util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.x25519: {\n const A = bytes.subarray(read, read + 32); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const curve = new CurveWithOID(publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, curve.payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const curve = new CurveWithOID(publicParams.oid);\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, curve.payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519: {\n const seed = bytes.subarray(read, read + 32); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519: {\n const k = bytes.subarray(read, read + 32); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key.\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519: {\n const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n }\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipher(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipher(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\nexport { getCipher };\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get preferred hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n * @private\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","\n\n\nvar TYPED_OK = typeof Uint8Array !== \"undefined\" &&\n typeof Uint16Array !== \"undefined\" &&\n typeof Int32Array !== \"undefined\";\n\nfunction _has(obj, key) {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function assign(obj /*...args obj, from1, from2, from3, ...*/) {\n var sources = Array.prototype.slice.call(arguments, 1);\n while (sources.length) {\n var source = sources.shift();\n if (!source) {\n continue; \n }\n\n if (typeof source !== \"object\") {\n throw new TypeError(source + \"must be non-object\");\n }\n\n for (var p in source) {\n if (_has(source, p)) {\n obj[p] = source[p];\n }\n }\n }\n\n return obj;\n //return Object.assign(...args);\n}\n\n\n// reduce buffer size, avoiding mem copy\nexport function shrinkBuf(buf, size) {\n if (buf.length === size) {\n return buf; \n }\n if (buf.subarray) {\n return buf.subarray(0, size); \n }\n buf.length = size;\n return buf;\n}\n\n\nconst fnTyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n if (src.subarray && dest.subarray) {\n dest.set(src.subarray(src_offs, src_offs + len), dest_offs);\n return;\n }\n // Fallback to ordinary array\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n let i, l, len, pos, chunk;\n\n // calculate data length\n len = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n len += chunks[i].length;\n }\n\n // join chunks\n const result = new Uint8Array(len);\n pos = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n chunk = chunks[i];\n result.set(chunk, pos);\n pos += chunk.length;\n }\n\n return result;\n }\n};\n\nconst fnUntyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n return [].concat.apply([], chunks);\n }\n};\n\n\n// Enable/Disable typed arrays use, for testing\n//\n\nexport let Buf8 = TYPED_OK ? Uint8Array : Array;\nexport let Buf16 = TYPED_OK ? Uint16Array : Array;\nexport let Buf32 = TYPED_OK ? Int32Array : Array;\nexport let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks;\nexport let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet;\nexport function setTyped(on) {\n if (on) {\n Buf8 = Uint8Array;\n Buf16 = Uint16Array;\n Buf32 = Int32Array;\n ({ flattenChunks, arraySet } = fnTyped);\n } else {\n Buf8 = Array;\n Buf16 = Array;\n Buf32 = Array;\n ({ flattenChunks, arraySet } = fnUntyped);\n }\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* Allowed flush values; see deflate() and inflate() below for details */\nexport const Z_NO_FLUSH = 0;\nexport const Z_PARTIAL_FLUSH = 1;\nexport const Z_SYNC_FLUSH = 2;\nexport const Z_FULL_FLUSH = 3;\nexport const Z_FINISH = 4;\nexport const Z_BLOCK = 5;\nexport const Z_TREES = 6;\n\n/* Return codes for the compression/decompression functions. Negative values\n * are errors, positive values are used for special but normal events.\n */\nexport const Z_OK = 0;\nexport const Z_STREAM_END = 1;\nexport const Z_NEED_DICT = 2;\nexport const Z_ERRNO = -1;\nexport const Z_STREAM_ERROR = -2;\nexport const Z_DATA_ERROR = -3;\n//export const Z_MEM_ERROR = -4;\nexport const Z_BUF_ERROR = -5;\n//export const Z_VERSION_ERROR = -6;\n\n /* compression levels */\nexport const Z_NO_COMPRESSION = 0;\nexport const Z_BEST_SPEED = 1;\nexport const Z_BEST_COMPRESSION = 9;\nexport const Z_DEFAULT_COMPRESSION = -1;\n\n\nexport const Z_FILTERED = 1;\nexport const Z_HUFFMAN_ONLY = 2;\nexport const Z_RLE = 3;\nexport const Z_FIXED = 4;\nexport const Z_DEFAULT_STRATEGY = 0;\n\n/* Possible values of the data_type field (though see inflate()) */\nexport const Z_BINARY = 0;\nexport const Z_TEXT = 1;\n//export const Z_ASCII = 1; // = Z_TEXT (deprecated)\nexport const Z_UNKNOWN = 2;\n\n/* The deflate compression method */\nexport const Z_DEFLATED = 8;\n//export const Z_NULL = null // Use -1 or null inline, depending on var type\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* eslint-disable space-unary-ops */\n\nimport * as utils from \"../utils/common.js\";\nimport {\n Z_FIXED,\n Z_BINARY,\n Z_TEXT,\n Z_UNKNOWN\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nfunction zero(buf) {\n let len = buf.length; while (--len >= 0) {\n buf[len] = 0; \n } \n}\n\n// From zutil.h\n\nconst STORED_BLOCK = 0;\nconst STATIC_TREES = 1;\nconst DYN_TREES = 2;\n/* The three kinds of block type */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\n/* The minimum and maximum match lengths */\n\n// From deflate.h\n/* ===========================================================================\n * Internal compression state.\n */\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\n\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\n\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\n\nconst D_CODES = 30;\n/* number of distance codes */\n\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\n\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\n\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst Buf_size = 16;\n/* size of bit buffer in bi_buf */\n\n\n/* ===========================================================================\n * Constants\n */\n\nconst MAX_BL_BITS = 7;\n/* Bit length codes must not exceed MAX_BL_BITS bits */\n\nconst END_BLOCK = 256;\n/* end of block literal code */\n\nconst REP_3_6 = 16;\n/* repeat previous bit length 3-6 times (2 bits of repeat count) */\n\nconst REPZ_3_10 = 17;\n/* repeat a zero length 3-10 times (3 bits of repeat count) */\n\nconst REPZ_11_138 = 18;\n/* repeat a zero length 11-138 times (7 bits of repeat count) */\n\n/* eslint-disable comma-spacing,array-bracket-spacing */\nconst extra_lbits = /* extra bits for each length code */\n [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0];\n\nconst extra_dbits = /* extra bits for each distance code */\n [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13];\n\nconst extra_blbits = /* extra bits for each bit length code */\n [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7];\n\nconst bl_order =\n [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];\n/* eslint-enable comma-spacing,array-bracket-spacing */\n\n/* The lengths of the bit length codes are sent in order of decreasing\n * probability, to avoid transmitting the lengths for unused bit length codes.\n */\n\n/* ===========================================================================\n * Local data. These are initialized only once.\n */\n\n// We pre-fill arrays with 0 to avoid uninitialized gaps\n\nconst DIST_CODE_LEN = 512; /* see definition of array dist_code below */\n\n// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1\nconst static_ltree = new Array((L_CODES + 2) * 2);\nzero(static_ltree);\n/* The static literal tree. Since the bit lengths are imposed, there is no\n * need for the L_CODES extra codes used during heap construction. However\n * The codes 286 and 287 are needed to build a canonical tree (see _tr_init\n * below).\n */\n\nconst static_dtree = new Array(D_CODES * 2);\nzero(static_dtree);\n/* The static distance tree. (Actually a trivial tree since all codes use\n * 5 bits.)\n */\n\nconst _dist_code = new Array(DIST_CODE_LEN);\nzero(_dist_code);\n/* Distance codes. The first 256 values correspond to the distances\n * 3 .. 258, the last 256 values correspond to the top 8 bits of\n * the 15 bit distances.\n */\n\nconst _length_code = new Array(MAX_MATCH - MIN_MATCH + 1);\nzero(_length_code);\n/* length code for each normalized match length (0 == MIN_MATCH) */\n\nconst base_length = new Array(LENGTH_CODES);\nzero(base_length);\n/* First normalized length for each code (0 = MIN_MATCH) */\n\nconst base_dist = new Array(D_CODES);\nzero(base_dist);\n/* First normalized distance for each code (0 = distance of 1) */\n\n\nfunction StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) {\n\n this.static_tree = static_tree; /* static tree or NULL */\n this.extra_bits = extra_bits; /* extra bits for each code or NULL */\n this.extra_base = extra_base; /* base index for extra_bits */\n this.elems = elems; /* max number of elements in the tree */\n this.max_length = max_length; /* max bit length for the codes */\n\n // show if `static_tree` has data or dummy - needed for monomorphic objects\n this.has_stree = static_tree && static_tree.length;\n}\n\n\nlet static_l_desc;\nlet static_d_desc;\nlet static_bl_desc;\n\n\nfunction TreeDesc(dyn_tree, stat_desc) {\n this.dyn_tree = dyn_tree; /* the dynamic tree */\n this.max_code = 0; /* largest code with non zero frequency */\n this.stat_desc = stat_desc; /* the corresponding static tree */\n}\n\n\n\nfunction d_code(dist) {\n return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)];\n}\n\n\n/* ===========================================================================\n * Output a short LSB first on the stream.\n * IN assertion: there is enough room in pendingBuf.\n */\nfunction put_short(s, w) {\n// put_byte(s, (uch)((w) & 0xff));\n// put_byte(s, (uch)((ush)(w) >> 8));\n s.pending_buf[s.pending++] = w & 0xff;\n s.pending_buf[s.pending++] = w >>> 8 & 0xff;\n}\n\n\n/* ===========================================================================\n * Send a value on a given number of bits.\n * IN assertion: length <= 16 and value fits in length bits.\n */\nfunction send_bits(s, value, length) {\n if (s.bi_valid > Buf_size - length) {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n put_short(s, s.bi_buf);\n s.bi_buf = value >> Buf_size - s.bi_valid;\n s.bi_valid += length - Buf_size;\n } else {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n s.bi_valid += length;\n }\n}\n\n\nfunction send_code(s, c, tree) {\n send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/);\n}\n\n\n/* ===========================================================================\n * Reverse the first len bits of a code, using straightforward code (a faster\n * method would use a table)\n * IN assertion: 1 <= len <= 15\n */\nfunction bi_reverse(code, len) {\n let res = 0;\n do {\n res |= code & 1;\n code >>>= 1;\n res <<= 1;\n } while (--len > 0);\n return res >>> 1;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer, keeping at most 7 bits in it.\n */\nfunction bi_flush(s) {\n if (s.bi_valid === 16) {\n put_short(s, s.bi_buf);\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n } else if (s.bi_valid >= 8) {\n s.pending_buf[s.pending++] = s.bi_buf & 0xff;\n s.bi_buf >>= 8;\n s.bi_valid -= 8;\n }\n}\n\n\n/* ===========================================================================\n * Compute the optimal bit lengths for a tree and update the total bit length\n * for the current block.\n * IN assertion: the fields freq and dad are set, heap[heap_max] and\n * above are the tree nodes sorted by increasing frequency.\n * OUT assertions: the field len is set to the optimal bit length, the\n * array bl_count contains the frequencies for each bit length.\n * The length opt_len is updated; static_len is also updated if stree is\n * not null.\n */\nfunction gen_bitlen(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const max_code = desc.max_code;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const extra = desc.stat_desc.extra_bits;\n const base = desc.stat_desc.extra_base;\n const max_length = desc.stat_desc.max_length;\n let h; /* heap index */\n let n, m; /* iterate over the tree elements */\n let bits; /* bit length */\n let xbits; /* extra bits */\n let f; /* frequency */\n let overflow = 0; /* number of elements with bit length too large */\n\n for (bits = 0; bits <= MAX_BITS; bits++) {\n s.bl_count[bits] = 0;\n }\n\n /* In a first pass, compute the optimal bit lengths (which may\n * overflow in the case of the bit length tree).\n */\n tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */\n\n for (h = s.heap_max + 1; h < HEAP_SIZE; h++) {\n n = s.heap[h];\n bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1;\n if (bits > max_length) {\n bits = max_length;\n overflow++;\n }\n tree[n * 2 + 1]/*.Len*/ = bits;\n /* We overwrite tree[n].Dad which is no longer needed */\n\n if (n > max_code) {\n continue; \n } /* not a leaf node */\n\n s.bl_count[bits]++;\n xbits = 0;\n if (n >= base) {\n xbits = extra[n - base];\n }\n f = tree[n * 2]/*.Freq*/;\n s.opt_len += f * (bits + xbits);\n if (has_stree) {\n s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits);\n }\n }\n if (overflow === 0) {\n return; \n }\n\n // Trace((stderr,\"\\nbit length overflow\\n\"));\n /* This happens for example on obj2 and pic of the Calgary corpus */\n\n /* Find the first bit length which could increase: */\n do {\n bits = max_length - 1;\n while (s.bl_count[bits] === 0) {\n bits--; \n }\n s.bl_count[bits]--; /* move one leaf down the tree */\n s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */\n s.bl_count[max_length]--;\n /* The brother of the overflow item also moves one step up,\n * but this does not affect bl_count[max_length]\n */\n overflow -= 2;\n } while (overflow > 0);\n\n /* Now recompute all bit lengths, scanning in increasing frequency.\n * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all\n * lengths instead of fixing only the wrong ones. This idea is taken\n * from 'ar' written by Haruhiko Okumura.)\n */\n for (bits = max_length; bits !== 0; bits--) {\n n = s.bl_count[bits];\n while (n !== 0) {\n m = s.heap[--h];\n if (m > max_code) {\n continue; \n }\n if (tree[m * 2 + 1]/*.Len*/ !== bits) {\n // Trace((stderr,\"code %d bits %d->%d\\n\", m, tree[m].Len, bits));\n s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/;\n tree[m * 2 + 1]/*.Len*/ = bits;\n }\n n--;\n }\n }\n}\n\n\n/* ===========================================================================\n * Generate the codes for a given tree and bit counts (which need not be\n * optimal).\n * IN assertion: the array bl_count contains the bit length statistics for\n * the given tree and the field len is set for all tree elements.\n * OUT assertion: the field code is set for all tree elements of non\n * zero code length.\n */\nfunction gen_codes(tree, max_code, bl_count)\n// ct_data *tree; /* the tree to decorate */\n// int max_code; /* largest code with non zero frequency */\n// ushf *bl_count; /* number of codes at each bit length */\n{\n const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */\n let code = 0; /* running code value */\n let bits; /* bit index */\n let n; /* code index */\n\n /* The distribution counts are first used to generate the code values\n * without bit reversal.\n */\n for (bits = 1; bits <= MAX_BITS; bits++) {\n next_code[bits] = code = code + bl_count[bits - 1] << 1;\n }\n /* Check that the bit counts in bl_count are consistent. The last code\n * must be all ones.\n */\n //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */\n length = 0;\n for (code = 0; code < LENGTH_CODES - 1; code++) {\n base_length[code] = length;\n for (n = 0; n < 1 << extra_lbits[code]; n++) {\n _length_code[length++] = code;\n }\n }\n //Assert (length == 256, \"tr_static_init: length != 256\");\n /* Note that the length 255 (match length 258) can be represented\n * in two different ways: code 284 + 5 bits or code 285, so we\n * overwrite length_code[255] to use the best encoding:\n */\n _length_code[length - 1] = code;\n\n /* Initialize the mapping dist (0..32K) -> dist code (0..29) */\n dist = 0;\n for (code = 0; code < 16; code++) {\n base_dist[code] = dist;\n for (n = 0; n < 1 << extra_dbits[code]; n++) {\n _dist_code[dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: dist != 256\");\n dist >>= 7; /* from now on, all distances are divided by 128 */\n for (; code < D_CODES; code++) {\n base_dist[code] = dist << 7;\n for (n = 0; n < 1 << extra_dbits[code] - 7; n++) {\n _dist_code[256 + dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: 256+dist != 512\");\n\n /* Construct the codes of the static literal tree */\n for (bits = 0; bits <= MAX_BITS; bits++) {\n bl_count[bits] = 0;\n }\n\n n = 0;\n while (n <= 143) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n while (n <= 255) {\n static_ltree[n * 2 + 1]/*.Len*/ = 9;\n n++;\n bl_count[9]++;\n }\n while (n <= 279) {\n static_ltree[n * 2 + 1]/*.Len*/ = 7;\n n++;\n bl_count[7]++;\n }\n while (n <= 287) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n /* Codes 286 and 287 do not exist, but we must include them in the\n * tree construction to get a canonical Huffman tree (longest code\n * all ones)\n */\n gen_codes(static_ltree, L_CODES + 1, bl_count);\n\n /* The static distance tree is trivial: */\n for (n = 0; n < D_CODES; n++) {\n static_dtree[n * 2 + 1]/*.Len*/ = 5;\n static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5);\n }\n\n // Now data ready and we can init static trees\n static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS);\n static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS);\n static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS);\n\n //static_init_done = true;\n}\n\n\n/* ===========================================================================\n * Initialize a new block.\n */\nfunction init_block(s) {\n let n; /* iterates over tree elements */\n\n /* Initialize the trees. */\n for (n = 0; n < L_CODES; n++) {\n s.dyn_ltree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < D_CODES; n++) {\n s.dyn_dtree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < BL_CODES; n++) {\n s.bl_tree[n * 2]/*.Freq*/ = 0; \n }\n\n s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1;\n s.opt_len = s.static_len = 0;\n s.last_lit = s.matches = 0;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer and align the output on a byte boundary\n */\nfunction bi_windup(s) {\n if (s.bi_valid > 8) {\n put_short(s, s.bi_buf);\n } else if (s.bi_valid > 0) {\n //put_byte(s, (Byte)s->bi_buf);\n s.pending_buf[s.pending++] = s.bi_buf;\n }\n s.bi_buf = 0;\n s.bi_valid = 0;\n}\n\n/* ===========================================================================\n * Copy a stored block, storing first the length and its\n * one's complement if requested.\n */\nfunction copy_block(s, buf, len, header)\n//DeflateState *s;\n//charf *buf; /* the input data */\n//unsigned len; /* its length */\n//int header; /* true if block header must be written */\n{\n bi_windup(s); /* align on byte boundary */\n\n if (header) {\n put_short(s, len);\n put_short(s, ~len);\n }\n // while (len--) {\n // put_byte(s, *buf++);\n // }\n utils.arraySet(s.pending_buf, s.window, buf, len, s.pending);\n s.pending += len;\n}\n\n/* ===========================================================================\n * Compares to subtrees, using the tree depth as tie breaker when\n * the subtrees have equal frequency. This minimizes the worst case length.\n */\nfunction smaller(tree, n, m, depth) {\n const _n2 = n * 2;\n const _m2 = m * 2;\n return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ ||\n tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m];\n}\n\n/* ===========================================================================\n * Restore the heap property by moving down the tree starting at node k,\n * exchanging a node with the smallest of its two sons if necessary, stopping\n * when the heap property is re-established (each father smaller than its\n * two sons).\n */\nfunction pqdownheap(s, tree, k)\n// deflate_state *s;\n// ct_data *tree; /* the tree to restore */\n// int k; /* node to move down */\n{\n const v = s.heap[k];\n let j = k << 1; /* left son of k */\n while (j <= s.heap_len) {\n /* Set j to the smallest of the two sons: */\n if (j < s.heap_len &&\n smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) {\n j++;\n }\n /* Exit if v is smaller than both sons */\n if (smaller(tree, v, s.heap[j], s.depth)) {\n break; \n }\n\n /* Exchange v with the smallest son */\n s.heap[k] = s.heap[j];\n k = j;\n\n /* And continue down the tree, setting j to the left son of k */\n j <<= 1;\n }\n s.heap[k] = v;\n}\n\n\n// inlined manually\n// var SMALLEST = 1;\n\n/* ===========================================================================\n * Send the block data compressed using the given Huffman trees\n */\nfunction compress_block(s, ltree, dtree)\n// deflate_state *s;\n// const ct_data *ltree; /* literal tree */\n// const ct_data *dtree; /* distance tree */\n{\n let dist; /* distance of matched string */\n let lc; /* match length or unmatched char (if dist == 0) */\n let lx = 0; /* running index in l_buf */\n let code; /* the code to send */\n let extra; /* number of extra bits to send */\n\n if (s.last_lit !== 0) {\n do {\n dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1];\n lc = s.pending_buf[s.l_buf + lx];\n lx++;\n\n if (dist === 0) {\n send_code(s, lc, ltree); /* send a literal byte */\n //Tracecv(isgraph(lc), (stderr,\" '%c' \", lc));\n } else {\n /* Here, lc is the match length - MIN_MATCH */\n code = _length_code[lc];\n send_code(s, code + LITERALS + 1, ltree); /* send the length code */\n extra = extra_lbits[code];\n if (extra !== 0) {\n lc -= base_length[code];\n send_bits(s, lc, extra); /* send the extra length bits */\n }\n dist--; /* dist is now the match distance - 1 */\n code = d_code(dist);\n //Assert (code < D_CODES, \"bad d_code\");\n\n send_code(s, code, dtree); /* send the distance code */\n extra = extra_dbits[code];\n if (extra !== 0) {\n dist -= base_dist[code];\n send_bits(s, dist, extra); /* send the extra distance bits */\n }\n } /* literal or match pair ? */\n\n /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */\n //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,\n // \"pendingBuf overflow\");\n\n } while (lx < s.last_lit);\n }\n\n send_code(s, END_BLOCK, ltree);\n}\n\n\n/* ===========================================================================\n * Construct one Huffman tree and assigns the code bit strings and lengths.\n * Update the total bit length for the current block.\n * IN assertion: the field freq is set for all tree elements.\n * OUT assertions: the fields len and code are set to the optimal bit length\n * and corresponding code. The length opt_len is updated; static_len is\n * also updated if stree is not null. The field max_code is set.\n */\nfunction build_tree(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const elems = desc.stat_desc.elems;\n let n, m; /* iterate over heap elements */\n let max_code = -1; /* largest code with non zero frequency */\n let node; /* new node being created */\n\n /* Construct the initial heap, with least frequent element in\n * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].\n * heap[0] is not used.\n */\n s.heap_len = 0;\n s.heap_max = HEAP_SIZE;\n\n for (n = 0; n < elems; n++) {\n if (tree[n * 2]/*.Freq*/ !== 0) {\n s.heap[++s.heap_len] = max_code = n;\n s.depth[n] = 0;\n\n } else {\n tree[n * 2 + 1]/*.Len*/ = 0;\n }\n }\n\n /* The pkzip format requires that at least one distance code exists,\n * and that at least one bit should be sent even if there is only one\n * possible code. So to avoid special checks later on we force at least\n * two codes of non zero frequency.\n */\n while (s.heap_len < 2) {\n node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0;\n tree[node * 2]/*.Freq*/ = 1;\n s.depth[node] = 0;\n s.opt_len--;\n\n if (has_stree) {\n s.static_len -= stree[node * 2 + 1]/*.Len*/;\n }\n /* node is 0 or 1 so it does not have extra bits */\n }\n desc.max_code = max_code;\n\n /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,\n * establish sub-heaps of increasing lengths:\n */\n for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) {\n pqdownheap(s, tree, n); \n }\n\n /* Construct the Huffman tree by repeatedly combining the least two\n * frequent nodes.\n */\n node = elems; /* next internal node of the tree */\n do {\n //pqremove(s, tree, n); /* n = node of least frequency */\n /*** pqremove ***/\n n = s.heap[1/*SMALLEST*/];\n s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--];\n pqdownheap(s, tree, 1/*SMALLEST*/);\n /***/\n\n m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */\n\n s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */\n s.heap[--s.heap_max] = m;\n\n /* Create a new node father of n and m */\n tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/;\n s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1;\n tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node;\n\n /* and insert the new node in the heap */\n s.heap[1/*SMALLEST*/] = node++;\n pqdownheap(s, tree, 1/*SMALLEST*/);\n\n } while (s.heap_len >= 2);\n\n s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/];\n\n /* At this point, the fields freq and dad are set. We can now\n * generate the bit lengths.\n */\n gen_bitlen(s, desc);\n\n /* The field len is now set, we can generate the bit codes */\n gen_codes(tree, max_code, s.bl_count);\n}\n\n\n/* ===========================================================================\n * Scan a literal or distance tree to determine the frequencies of the codes\n * in the bit length tree.\n */\nfunction scan_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n s.bl_tree[curlen * 2]/*.Freq*/ += count;\n\n } else if (curlen !== 0) {\n\n if (curlen !== prevlen) {\n s.bl_tree[curlen * 2]/*.Freq*/++; \n }\n s.bl_tree[REP_3_6 * 2]/*.Freq*/++;\n\n } else if (count <= 10) {\n s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++;\n\n } else {\n s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++;\n }\n\n count = 0;\n prevlen = curlen;\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Send a literal or distance tree in compressed form, using the codes in\n * bl_tree.\n */\nfunction send_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n /* tree[max_code+1].Len = -1; */ /* guard already set */\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n do {\n send_code(s, curlen, s.bl_tree); \n } while (--count !== 0);\n\n } else if (curlen !== 0) {\n if (curlen !== prevlen) {\n send_code(s, curlen, s.bl_tree);\n count--;\n }\n //Assert(count >= 3 && count <= 6, \" 3_6?\");\n send_code(s, REP_3_6, s.bl_tree);\n send_bits(s, count - 3, 2);\n\n } else if (count <= 10) {\n send_code(s, REPZ_3_10, s.bl_tree);\n send_bits(s, count - 3, 3);\n\n } else {\n send_code(s, REPZ_11_138, s.bl_tree);\n send_bits(s, count - 11, 7);\n }\n\n count = 0;\n prevlen = curlen;\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Construct the Huffman tree for the bit lengths and return the index in\n * bl_order of the last bit length code to send.\n */\nfunction build_bl_tree(s) {\n let max_blindex; /* index of last bit length code of non zero freq */\n\n /* Determine the bit length frequencies for literal and distance trees */\n scan_tree(s, s.dyn_ltree, s.l_desc.max_code);\n scan_tree(s, s.dyn_dtree, s.d_desc.max_code);\n\n /* Build the bit length tree: */\n build_tree(s, s.bl_desc);\n /* opt_len now includes the length of the tree representations, except\n * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.\n */\n\n /* Determine the number of bit length codes to send. The pkzip format\n * requires that at least 4 bit length codes be sent. (appnote.txt says\n * 3 but the actual value used is 4.)\n */\n for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) {\n if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) {\n break;\n }\n }\n /* Update opt_len to include the bit length tree and counts */\n s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;\n //Tracev((stderr, \"\\ndyn trees: dyn %ld, stat %ld\",\n // s->opt_len, s->static_len));\n\n return max_blindex;\n}\n\n\n/* ===========================================================================\n * Send the header for a block using dynamic Huffman trees: the counts, the\n * lengths of the bit length codes, the literal tree and the distance tree.\n * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.\n */\nfunction send_all_trees(s, lcodes, dcodes, blcodes)\n// deflate_state *s;\n// int lcodes, dcodes, blcodes; /* number of codes for each tree */\n{\n let rank; /* index in bl_order */\n\n //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, \"not enough codes\");\n //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,\n // \"too many codes\");\n //Tracev((stderr, \"\\nbl counts: \"));\n send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */\n send_bits(s, dcodes - 1, 5);\n send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */\n for (rank = 0; rank < blcodes; rank++) {\n //Tracev((stderr, \"\\nbl code %2d \", bl_order[rank]));\n send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3);\n }\n //Tracev((stderr, \"\\nbl tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */\n //Tracev((stderr, \"\\nlit tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */\n //Tracev((stderr, \"\\ndist tree: sent %ld\", s->bits_sent));\n}\n\n\n/* ===========================================================================\n * Check if the data type is TEXT or BINARY, using the following algorithm:\n * - TEXT if the two conditions below are satisfied:\n * a) There are no non-portable control characters belonging to the\n * \"black list\" (0..6, 14..25, 28..31).\n * b) There is at least one printable character belonging to the\n * \"white list\" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).\n * - BINARY otherwise.\n * - The following partially-portable control characters form a\n * \"gray list\" that is ignored in this detection algorithm:\n * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).\n * IN assertion: the fields Freq of dyn_ltree are set.\n */\nfunction detect_data_type(s) {\n /* black_mask is the bit mask of black-listed bytes\n * set bits 0..6, 14..25, and 28..31\n * 0xf3ffc07f = binary 11110011111111111100000001111111\n */\n let black_mask = 0xf3ffc07f;\n let n;\n\n /* Check for non-textual (\"black-listed\") bytes. */\n for (n = 0; n <= 31; n++, black_mask >>>= 1) {\n if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_BINARY;\n }\n }\n\n /* Check for textual (\"white-listed\") bytes. */\n if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||\n s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n for (n = 32; n < LITERALS; n++) {\n if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n }\n\n /* There are no \"black-listed\" or \"white-listed\" bytes:\n * this stream either is empty or has tolerated (\"gray-listed\") bytes only.\n */\n return Z_BINARY;\n}\n\n\nlet static_init_done = false;\n\n/* ===========================================================================\n * Initialize the tree data structures for a new zlib stream.\n */\nfunction _tr_init(s) {\n\n if (!static_init_done) {\n tr_static_init();\n static_init_done = true;\n }\n\n s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc);\n s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc);\n s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc);\n\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n /* Initialize the first block of the first file: */\n init_block(s);\n}\n\n\n/* ===========================================================================\n * Send a stored block\n */\nfunction _tr_stored_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */\n copy_block(s, buf, stored_len, true); /* with header */\n}\n\n\n/* ===========================================================================\n * Send one empty static block to give enough lookahead for inflate.\n * This takes 10 bits, of which 7 may remain in the bit buffer.\n */\nfunction _tr_align(s) {\n send_bits(s, STATIC_TREES << 1, 3);\n send_code(s, END_BLOCK, static_ltree);\n bi_flush(s);\n}\n\n\n/* ===========================================================================\n * Determine the best encoding for the current block: dynamic trees, static\n * trees or store, and output the encoded block to the zip file.\n */\nfunction _tr_flush_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block, or NULL if too old */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n let opt_lenb, static_lenb; /* opt_len and static_len in bytes */\n let max_blindex = 0; /* index of last bit length code of non zero freq */\n\n /* Build the Huffman trees unless a stored block is forced */\n if (s.level > 0) {\n\n /* Check if the file is binary or text */\n if (s.strm.data_type === Z_UNKNOWN) {\n s.strm.data_type = detect_data_type(s);\n }\n\n /* Construct the literal and distance trees */\n build_tree(s, s.l_desc);\n // Tracev((stderr, \"\\nlit data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n\n build_tree(s, s.d_desc);\n // Tracev((stderr, \"\\ndist data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n /* At this point, opt_len and static_len are the total bit lengths of\n * the compressed block data, excluding the tree representations.\n */\n\n /* Build the bit length tree for the above two trees, and get the index\n * in bl_order of the last bit length code to send.\n */\n max_blindex = build_bl_tree(s);\n\n /* Determine the best encoding. Compute the block lengths in bytes. */\n opt_lenb = s.opt_len + 3 + 7 >>> 3;\n static_lenb = s.static_len + 3 + 7 >>> 3;\n\n // Tracev((stderr, \"\\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u \",\n // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,\n // s->last_lit));\n\n if (static_lenb <= opt_lenb) {\n opt_lenb = static_lenb; \n }\n\n } else {\n // Assert(buf != (char*)0, \"lost buf\");\n opt_lenb = static_lenb = stored_len + 5; /* force a stored block */\n }\n\n if (stored_len + 4 <= opt_lenb && buf !== -1) {\n /* 4: two words for the lengths */\n\n /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.\n * Otherwise we can't have processed more than WSIZE input bytes since\n * the last block flush, because compression would have been\n * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to\n * transform a block into a stored block.\n */\n _tr_stored_block(s, buf, stored_len, last);\n\n } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) {\n\n send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3);\n compress_block(s, static_ltree, static_dtree);\n\n } else {\n send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3);\n send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1);\n compress_block(s, s.dyn_ltree, s.dyn_dtree);\n }\n // Assert (s->compressed_len == s->bits_sent, \"bad compressed size\");\n /* The above check is made mod 2^32, for files larger than 512 MB\n * and uLong implemented on 32 bits.\n */\n init_block(s);\n\n if (last) {\n bi_windup(s);\n }\n // Tracev((stderr,\"\\ncomprlen %lu(%lu) \", s->compressed_len>>3,\n // s->compressed_len-7*last));\n}\n\n/* ===========================================================================\n * Save the match info and tally the frequency counts. Return true if\n * the current block must be flushed.\n */\nfunction _tr_tally(s, dist, lc)\n// deflate_state *s;\n// unsigned dist; /* distance of matched string */\n// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */\n{\n //var out_length, in_length, dcode;\n\n s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff;\n s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff;\n\n s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff;\n s.last_lit++;\n\n if (dist === 0) {\n /* lc is the unmatched char */\n s.dyn_ltree[lc * 2]/*.Freq*/++;\n } else {\n s.matches++;\n /* Here, lc is the match length - MIN_MATCH */\n dist--; /* dist = match distance - 1 */\n //Assert((ush)dist < (ush)MAX_DIST(s) &&\n // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&\n // (ush)d_code(dist) < (ush)D_CODES, \"_tr_tally: bad match\");\n\n s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++;\n s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n\n //#ifdef TRUNCATE_BLOCK\n // /* Try to guess if it is profitable to stop the current block here */\n // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) {\n // /* Compute an upper bound for the compressed length */\n // out_length = s.last_lit*8;\n // in_length = s.strstart - s.block_start;\n //\n // for (dcode = 0; dcode < D_CODES; dcode++) {\n // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]);\n // }\n // out_length >>>= 3;\n // //Tracev((stderr,\"\\nlast_lit %u, in %ld, out ~%ld(%ld%%) \",\n // // s->last_lit, in_length, out_length,\n // // 100L - out_length*100L/in_length));\n // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) {\n // return true;\n // }\n // }\n //#endif\n\n return s.last_lit === s.lit_bufsize - 1;\n /* We avoid equality with lit_bufsize because of wraparound at 64K\n * on 16 bit machines and because stored blocks are restricted to\n * 64K-1 bytes.\n */\n}\n\nexport {\n _tr_init,\n _tr_stored_block,\n _tr_flush_block,\n _tr_tally,\n _tr_align\n};","\n\n// Note: adler32 takes 12% for level 0 and 2% for level 6.\n// It isn't worth it to make additional optimizations as in original.\n// Small size is preferable.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default function adler32(adler, buf, len, pos) {\n let s1 = adler & 0xffff |0,\n s2 = adler >>> 16 & 0xffff |0,\n n = 0;\n\n while (len !== 0) {\n // Set limit ~ twice less than 5552, to keep\n // s2 in 31-bits, because we force signed ints.\n // in other case %= will fail.\n n = len > 2000 ? 2000 : len;\n len -= n;\n\n do {\n s1 = s1 + buf[pos++] |0;\n s2 = s2 + s1 |0;\n } while (--n);\n\n s1 %= 65521;\n s2 %= 65521;\n }\n\n return s1 | s2 << 16 |0;\n}\n","\n\n// Note: we can't get significant speed boost here.\n// So write code to minimize size - no pregenerated tables\n// and array tools dependencies.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// Use ordinary array, since untyped makes no boost here\nfunction makeTable() {\n let c;\n const table = [];\n\n for (let n = 0; n < 256; n++) {\n c = n;\n for (let k = 0; k < 8; k++) {\n c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1;\n }\n table[n] = c;\n }\n\n return table;\n}\n\n// Create table on load. Just 255 signed longs. Not a problem.\nconst crcTable = makeTable();\n\n\nexport default function crc32(crc, buf, len, pos) {\n const t = crcTable,\n end = pos + len;\n\n crc ^= -1;\n\n for (let i = pos; i < end; i++) {\n crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF];\n }\n\n return crc ^ -1; // >>> 0;\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default {\n 2: \"need dictionary\", /* Z_NEED_DICT 2 */\n 1: \"stream end\", /* Z_STREAM_END 1 */\n 0: \"\", /* Z_OK 0 */\n \"-1\": \"file error\", /* Z_ERRNO (-1) */\n \"-2\": \"stream error\", /* Z_STREAM_ERROR (-2) */\n \"-3\": \"data error\", /* Z_DATA_ERROR (-3) */\n \"-4\": \"insufficient memory\", /* Z_MEM_ERROR (-4) */\n \"-5\": \"buffer error\", /* Z_BUF_ERROR (-5) */\n \"-6\": \"incompatible version\" /* Z_VERSION_ERROR (-6) */\n};\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport * as trees from \"./trees.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport msg from \"./messages.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_NO_FLUSH,\n Z_PARTIAL_FLUSH,\n Z_FULL_FLUSH,\n Z_FINISH,\n Z_BLOCK,\n Z_OK,\n Z_STREAM_END,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFAULT_COMPRESSION,\n Z_FILTERED,\n Z_HUFFMAN_ONLY,\n Z_RLE,\n Z_FIXED,\n Z_DEFAULT_STRATEGY,\n Z_UNKNOWN,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nconst MAX_MEM_LEVEL = 9;\n/* Maximum value for memLevel in deflateInit2 */\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_MEM_LEVEL = 8;\n\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\nconst D_CODES = 30;\n/* number of distance codes */\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\nconst MIN_LOOKAHEAD = (MAX_MATCH + MIN_MATCH + 1);\n\nconst PRESET_DICT = 0x20;\n\nconst INIT_STATE = 42;\nconst EXTRA_STATE = 69;\nconst NAME_STATE = 73;\nconst COMMENT_STATE = 91;\nconst HCRC_STATE = 103;\nconst BUSY_STATE = 113;\nconst FINISH_STATE = 666;\n\nconst BS_NEED_MORE = 1; /* block not completed, need more input or more output */\nconst BS_BLOCK_DONE = 2; /* block flush performed */\nconst BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */\nconst BS_FINISH_DONE = 4; /* finish done, accept no more input or output */\n\nconst OS_CODE = 0x03; // Unix :) . Don't detect, use this default.\n\nfunction err(strm, errorCode) {\n strm.msg = msg[errorCode];\n return errorCode;\n}\n\nfunction rank(f) {\n return ((f) << 1) - ((f) > 4 ? 9 : 0);\n}\n\nfunction zero(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } }\n\n\n/* =========================================================================\n * Flush as much pending output as possible. All deflate() output goes\n * through this function so some applications may wish to modify it\n * to avoid allocating a large strm->output buffer and copying into it.\n * (See also read_buf()).\n */\nfunction flush_pending(strm) {\n const s = strm.state;\n\n //_tr_flush_bits(s);\n let len = s.pending;\n if (len > strm.avail_out) {\n len = strm.avail_out;\n }\n if (len === 0) { return; }\n\n utils.arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out);\n strm.next_out += len;\n s.pending_out += len;\n strm.total_out += len;\n strm.avail_out -= len;\n s.pending -= len;\n if (s.pending === 0) {\n s.pending_out = 0;\n }\n}\n\n\nfunction flush_block_only(s, last) {\n trees._tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last);\n s.block_start = s.strstart;\n flush_pending(s.strm);\n}\n\n\nfunction put_byte(s, b) {\n s.pending_buf[s.pending++] = b;\n}\n\n\n/* =========================================================================\n * Put a short in the pending buffer. The 16-bit value is put in MSB order.\n * IN assertion: the stream state is correct and there is enough room in\n * pending_buf.\n */\nfunction putShortMSB(s, b) {\n // put_byte(s, (Byte)(b >> 8));\n // put_byte(s, (Byte)(b & 0xff));\n s.pending_buf[s.pending++] = (b >>> 8) & 0xff;\n s.pending_buf[s.pending++] = b & 0xff;\n}\n\n\n/* ===========================================================================\n * Read a new buffer from the current input stream, update the adler32\n * and total number of bytes read. All deflate() input goes through\n * this function so some applications may wish to modify it to avoid\n * allocating a large strm->input buffer and copying from it.\n * (See also flush_pending()).\n */\nfunction read_buf(strm, buf, start, size) {\n let len = strm.avail_in;\n\n if (len > size) { len = size; }\n if (len === 0) { return 0; }\n\n strm.avail_in -= len;\n\n // zmemcpy(buf, strm->next_in, len);\n utils.arraySet(buf, strm.input, strm.next_in, len, start);\n if (strm.state.wrap === 1) {\n strm.adler = adler32(strm.adler, buf, len, start);\n }\n\n else if (strm.state.wrap === 2) {\n strm.adler = crc32(strm.adler, buf, len, start);\n }\n\n strm.next_in += len;\n strm.total_in += len;\n\n return len;\n}\n\n\n/* ===========================================================================\n * Set match_start to the longest match starting at the given string and\n * return its length. Matches shorter or equal to prev_length are discarded,\n * in which case the result is equal to prev_length and match_start is\n * garbage.\n * IN assertions: cur_match is the head of the hash chain for the current\n * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1\n * OUT assertion: the match length is not greater than s->lookahead.\n */\nfunction longest_match(s, cur_match) {\n let chain_length = s.max_chain_length; /* max hash chain length */\n let scan = s.strstart; /* current string */\n let match; /* matched string */\n let len; /* length of current match */\n let best_len = s.prev_length; /* best match length so far */\n let nice_match = s.nice_match; /* stop if match long enough */\n const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ?\n s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/;\n\n const _win = s.window; // shortcut\n\n const wmask = s.w_mask;\n const prev = s.prev;\n\n /* Stop when cur_match becomes <= limit. To simplify the code,\n * we prevent matches with the string of window index 0.\n */\n\n const strend = s.strstart + MAX_MATCH;\n let scan_end1 = _win[scan + best_len - 1];\n let scan_end = _win[scan + best_len];\n\n /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.\n * It is easy to get rid of this optimization if necessary.\n */\n // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, \"Code too clever\");\n\n /* Do not waste too much time if we already have a good match: */\n if (s.prev_length >= s.good_match) {\n chain_length >>= 2;\n }\n /* Do not look for matches beyond the end of the input. This is necessary\n * to make deflate deterministic.\n */\n if (nice_match > s.lookahead) { nice_match = s.lookahead; }\n\n // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, \"need lookahead\");\n\n do {\n // Assert(cur_match < s->strstart, \"no future\");\n match = cur_match;\n\n /* Skip to next match if the match length cannot increase\n * or if the match length is less than 2. Note that the checks below\n * for insufficient lookahead only occur occasionally for performance\n * reasons. Therefore uninitialized memory will be accessed, and\n * conditional jumps will be made that depend on those values.\n * However the length of the match is limited to the lookahead, so\n * the output of deflate is not affected by the uninitialized values.\n */\n\n if (_win[match + best_len] !== scan_end ||\n _win[match + best_len - 1] !== scan_end1 ||\n _win[match] !== _win[scan] ||\n _win[++match] !== _win[scan + 1]) {\n continue;\n }\n\n /* The check at best_len-1 can be removed because it will be made\n * again later. (This heuristic is not always a win.)\n * It is not necessary to compare scan[2] and match[2] since they\n * are always equal when the other bytes match, given that\n * the hash keys are equal and that HASH_BITS >= 8.\n */\n scan += 2;\n match++;\n // Assert(*scan == *match, \"match[2]?\");\n\n /* We check for insufficient lookahead only every 8th comparison;\n * the 256th check will be made at strstart+258.\n */\n do {\n /*jshint noempty:false*/\n } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n scan < strend);\n\n // Assert(scan <= s->window+(unsigned)(s->window_size-1), \"wild scan\");\n\n len = MAX_MATCH - (strend - scan);\n scan = strend - MAX_MATCH;\n\n if (len > best_len) {\n s.match_start = cur_match;\n best_len = len;\n if (len >= nice_match) {\n break;\n }\n scan_end1 = _win[scan + best_len - 1];\n scan_end = _win[scan + best_len];\n }\n } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0);\n\n if (best_len <= s.lookahead) {\n return best_len;\n }\n return s.lookahead;\n}\n\n\n/* ===========================================================================\n * Fill the window when the lookahead becomes insufficient.\n * Updates strstart and lookahead.\n *\n * IN assertion: lookahead < MIN_LOOKAHEAD\n * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD\n * At least one byte has been read, or avail_in == 0; reads are\n * performed for at least two bytes (required for the zip translate_eol\n * option -- not supported here).\n */\nfunction fill_window(s) {\n const _w_size = s.w_size;\n let p, n, m, more, str;\n\n //Assert(s->lookahead < MIN_LOOKAHEAD, \"already enough lookahead\");\n\n do {\n more = s.window_size - s.lookahead - s.strstart;\n\n // JS ints have 32 bit, block below not needed\n /* Deal with !@#$% 64K limit: */\n //if (sizeof(int) <= 2) {\n // if (more == 0 && s->strstart == 0 && s->lookahead == 0) {\n // more = wsize;\n //\n // } else if (more == (unsigned)(-1)) {\n // /* Very unlikely, but possible on 16 bit machine if\n // * strstart == 0 && lookahead == 1 (input done a byte at time)\n // */\n // more--;\n // }\n //}\n\n\n /* If the window is almost full and there is insufficient lookahead,\n * move the upper half to the lower one to make room in the upper half.\n */\n if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) {\n\n utils.arraySet(s.window, s.window, _w_size, _w_size, 0);\n s.match_start -= _w_size;\n s.strstart -= _w_size;\n /* we now have strstart >= MAX_DIST */\n s.block_start -= _w_size;\n\n /* Slide the hash table (could be avoided with 32 bit values\n at the expense of memory usage). We slide even when level == 0\n to keep the hash table consistent if we switch back to level > 0\n later. (Using level 0 permanently is not an optimal usage of\n zlib, so we don't care about this pathological case.)\n */\n\n n = s.hash_size;\n p = n;\n do {\n m = s.head[--p];\n s.head[p] = (m >= _w_size ? m - _w_size : 0);\n } while (--n);\n\n n = _w_size;\n p = n;\n do {\n m = s.prev[--p];\n s.prev[p] = (m >= _w_size ? m - _w_size : 0);\n /* If n is not on any hash chain, prev[n] is garbage but\n * its value will never be used.\n */\n } while (--n);\n\n more += _w_size;\n }\n if (s.strm.avail_in === 0) {\n break;\n }\n\n /* If there was no sliding:\n * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&\n * more == window_size - lookahead - strstart\n * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)\n * => more >= window_size - 2*WSIZE + 2\n * In the BIG_MEM or MMAP case (not yet supported),\n * window_size == input_size + MIN_LOOKAHEAD &&\n * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.\n * Otherwise, window_size == 2*WSIZE so more >= 2.\n * If there was sliding, more >= WSIZE. So in all cases, more >= 2.\n */\n //Assert(more >= 2, \"more < 2\");\n n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more);\n s.lookahead += n;\n\n /* Initialize the hash value now that we have some input: */\n if (s.lookahead + s.insert >= MIN_MATCH) {\n str = s.strstart - s.insert;\n s.ins_h = s.window[str];\n\n /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask;\n //#if MIN_MATCH != 3\n // Call update_hash() MIN_MATCH-3 more times\n //#endif\n while (s.insert) {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = str;\n str++;\n s.insert--;\n if (s.lookahead + s.insert < MIN_MATCH) {\n break;\n }\n }\n }\n /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,\n * but this is not important since only literal bytes will be emitted.\n */\n\n } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0);\n\n /* If the WIN_INIT bytes after the end of the current data have never been\n * written, then zero those bytes in order to avoid memory check reports of\n * the use of uninitialized (or uninitialised as Julian writes) bytes by\n * the longest match routines. Update the high water mark for the next\n * time through here. WIN_INIT is set to MAX_MATCH since the longest match\n * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.\n */\n // if (s.high_water < s.window_size) {\n // var curr = s.strstart + s.lookahead;\n // var init = 0;\n //\n // if (s.high_water < curr) {\n // /* Previous high water mark below current data -- zero WIN_INIT\n // * bytes or up to end of window, whichever is less.\n // */\n // init = s.window_size - curr;\n // if (init > WIN_INIT)\n // init = WIN_INIT;\n // zmemzero(s->window + curr, (unsigned)init);\n // s->high_water = curr + init;\n // }\n // else if (s->high_water < (ulg)curr + WIN_INIT) {\n // /* High water mark at or above current data, but below current data\n // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up\n // * to end of window, whichever is less.\n // */\n // init = (ulg)curr + WIN_INIT - s->high_water;\n // if (init > s->window_size - s->high_water)\n // init = s->window_size - s->high_water;\n // zmemzero(s->window + s->high_water, (unsigned)init);\n // s->high_water += init;\n // }\n // }\n //\n // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,\n // \"not enough room for search\");\n}\n\n/* ===========================================================================\n * Copy without compression as much as possible from the input stream, return\n * the current block state.\n * This function does not insert new strings in the dictionary since\n * uncompressible data is probably not useful. This function is used\n * only for the level=0 compression option.\n * NOTE: this function should be optimized to avoid extra copying from\n * window to pending_buf.\n */\nfunction deflate_stored(s, flush) {\n /* Stored blocks are limited to 0xffff bytes, pending_buf is limited\n * to pending_buf_size, and each stored block has a 5 byte header:\n */\n let max_block_size = 0xffff;\n\n if (max_block_size > s.pending_buf_size - 5) {\n max_block_size = s.pending_buf_size - 5;\n }\n\n /* Copy as much as possible from input to output: */\n for (; ;) {\n /* Fill the window as much as possible: */\n if (s.lookahead <= 1) {\n\n //Assert(s->strstart < s->w_size+MAX_DIST(s) ||\n // s->block_start >= (long)s->w_size, \"slide too late\");\n // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) ||\n // s.block_start >= s.w_size)) {\n // throw new Error(\"slide too late\");\n // }\n\n fill_window(s);\n if (s.lookahead === 0 && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n\n if (s.lookahead === 0) {\n break;\n }\n /* flush the current block */\n }\n //Assert(s->block_start >= 0L, \"block gone\");\n // if (s.block_start < 0) throw new Error(\"block gone\");\n\n s.strstart += s.lookahead;\n s.lookahead = 0;\n\n /* Emit a stored block if pending_buf will be full: */\n const max_start = s.block_start + max_block_size;\n\n if (s.strstart === 0 || s.strstart >= max_start) {\n /* strstart == 0 is possible when wraparound on 16-bit machine */\n s.lookahead = s.strstart - max_start;\n s.strstart = max_start;\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n\n\n }\n /* Flush if we may have to slide, otherwise block_start may become\n * negative and the data will be gone:\n */\n if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n\n s.insert = 0;\n\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n\n if (s.strstart > s.block_start) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_NEED_MORE;\n}\n\n/* ===========================================================================\n * Compress as much as possible from the input stream, return the current\n * block state.\n * This function does not perform lazy evaluation of matches and inserts\n * new strings in the dictionary only for unmatched strings or for short\n * matches. It is used only for the fast compression options.\n */\nfunction deflate_fast(s, flush) {\n let hash_head; /* head of the hash chain */\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) {\n break; /* flush the current block */\n }\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n * At this point we have always match_length < MIN_MATCH\n */\n if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n }\n if (s.match_length >= MIN_MATCH) {\n // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only\n\n /*** _tr_tally_dist(s, s.strstart - s.match_start,\n s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n\n /* Insert new strings in the hash table only if the match length\n * is not too large. This saves time but degrades compression.\n */\n if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH) {\n s.match_length--; /* string at strstart already in table */\n do {\n s.strstart++;\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n /* strstart never exceeds WSIZE-MAX_MATCH, so there are\n * always MIN_MATCH bytes ahead.\n */\n } while (--s.match_length !== 0);\n s.strstart++;\n } else {\n s.strstart += s.match_length;\n s.match_length = 0;\n s.ins_h = s.window[s.strstart];\n /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask;\n\n //#if MIN_MATCH != 3\n // Call UPDATE_HASH() MIN_MATCH-3 more times\n //#endif\n /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not\n * matter since it will be recomputed at next deflate call.\n */\n }\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s.window[s.strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = ((s.strstart < (MIN_MATCH - 1)) ? s.strstart : MIN_MATCH - 1);\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * Same as above, but achieves better compression. We use a lazy\n * evaluation for matches: a match is finally adopted only if there is\n * no better match at the next window position.\n */\nfunction deflate_slow(s, flush) {\n let hash_head; /* head of hash chain */\n let bflush; /* set if current block must be flushed */\n\n let max_insert;\n\n /* Process the input block. */\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n */\n s.prev_length = s.match_length;\n s.prev_match = s.match_start;\n s.match_length = MIN_MATCH - 1;\n\n if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match &&\n s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n\n if (s.match_length <= 5 &&\n (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH && s.strstart - s.match_start > 4096/*TOO_FAR*/))) {\n\n /* If prev_match is also MIN_MATCH, match_start is garbage\n * but we will ignore the current match anyway.\n */\n s.match_length = MIN_MATCH - 1;\n }\n }\n /* If there was a match at the previous step and the current\n * match is not better, output the previous match:\n */\n if (s.prev_length >= MIN_MATCH && s.match_length <= s.prev_length) {\n max_insert = s.strstart + s.lookahead - MIN_MATCH;\n /* Do not insert strings in hash table beyond this. */\n\n //check_match(s, s.strstart-1, s.prev_match, s.prev_length);\n\n /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match,\n s.prev_length - MIN_MATCH, bflush);***/\n bflush = trees._tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH);\n /* Insert in hash table all strings up to the end of the match.\n * strstart-1 and strstart are already inserted. If there is not\n * enough lookahead, the last two strings are not inserted in\n * the hash table.\n */\n s.lookahead -= s.prev_length - 1;\n s.prev_length -= 2;\n do {\n if (++s.strstart <= max_insert) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n } while (--s.prev_length !== 0);\n s.match_available = 0;\n s.match_length = MIN_MATCH - 1;\n s.strstart++;\n\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n } else if (s.match_available) {\n /* If there was no match at the previous position, output a\n * single literal. If there was a match but the current match\n * is longer, truncate the previous match to a single literal.\n */\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n if (bflush) {\n /*** FLUSH_BLOCK_ONLY(s, 0) ***/\n flush_block_only(s, false);\n /***/\n }\n s.strstart++;\n s.lookahead--;\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n } else {\n /* There is no previous match to compare with, wait for\n * the next step to decide.\n */\n s.match_available = 1;\n s.strstart++;\n s.lookahead--;\n }\n }\n //Assert (flush != Z_NO_FLUSH, \"no flush?\");\n if (s.match_available) {\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n s.match_available = 0;\n }\n s.insert = s.strstart < MIN_MATCH - 1 ? s.strstart : MIN_MATCH - 1;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_BLOCK_DONE;\n}\n\n\n/* ===========================================================================\n * For Z_RLE, simply look for runs of bytes, generate matches only of distance\n * one. Do not maintain a hash table. (It will be regenerated if this run of\n * deflate switches away from Z_RLE.)\n */\nfunction deflate_rle(s, flush) {\n let bflush; /* set if current block must be flushed */\n let prev; /* byte at distance one to match */\n let scan, strend; /* scan goes up to strend for length of run */\n\n const _win = s.window;\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the longest run, plus one for the unrolled loop.\n */\n if (s.lookahead <= MAX_MATCH) {\n fill_window(s);\n if (s.lookahead <= MAX_MATCH && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* See how many times the previous byte repeats */\n s.match_length = 0;\n if (s.lookahead >= MIN_MATCH && s.strstart > 0) {\n scan = s.strstart - 1;\n prev = _win[scan];\n if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) {\n strend = s.strstart + MAX_MATCH;\n do {\n /*jshint noempty:false*/\n } while (prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n scan < strend);\n s.match_length = MAX_MATCH - (strend - scan);\n if (s.match_length > s.lookahead) {\n s.match_length = s.lookahead;\n }\n }\n //Assert(scan <= s->window+(uInt)(s->window_size-1), \"wild scan\");\n }\n\n /* Emit match if have run of MIN_MATCH or longer, else emit literal */\n if (s.match_length >= MIN_MATCH) {\n //check_match(s, s.strstart, s.strstart - 1, s.match_length);\n\n /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, 1, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n s.strstart += s.match_length;\n s.match_length = 0;\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table.\n * (It will be regenerated if this run of deflate switches away from Huffman.)\n */\nfunction deflate_huff(s, flush) {\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we have a literal to write. */\n if (s.lookahead === 0) {\n fill_window(s);\n if (s.lookahead === 0) {\n if (flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n break; /* flush the current block */\n }\n }\n\n /* Output a literal byte */\n s.match_length = 0;\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n s.lookahead--;\n s.strstart++;\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* Values for max_lazy_match, good_match and max_chain_length, depending on\n * the desired pack level (0..9). The values given below have been tuned to\n * exclude worst case performance for pathological files. Better values may be\n * found for specific files.\n */\nclass Config {\n constructor(good_length, max_lazy, nice_length, max_chain, func) {\n this.good_length = good_length;\n this.max_lazy = max_lazy;\n this.nice_length = nice_length;\n this.max_chain = max_chain;\n this.func = func;\n }\n};\n\nconst configuration_table = [\n /* good lazy nice chain */\n new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */\n new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */\n new Config(4, 5, 16, 8, deflate_fast), /* 2 */\n new Config(4, 6, 32, 32, deflate_fast), /* 3 */\n\n new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */\n new Config(8, 16, 32, 32, deflate_slow), /* 5 */\n new Config(8, 16, 128, 128, deflate_slow), /* 6 */\n new Config(8, 32, 128, 256, deflate_slow), /* 7 */\n new Config(32, 128, 258, 1024, deflate_slow), /* 8 */\n new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */\n];\n\n\n/* ===========================================================================\n * Initialize the \"longest match\" routines for a new zlib stream\n */\nfunction lm_init(s) {\n s.window_size = 2 * s.w_size;\n\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n\n /* Set the default configuration parameters:\n */\n s.max_lazy_match = configuration_table[s.level].max_lazy;\n s.good_match = configuration_table[s.level].good_length;\n s.nice_match = configuration_table[s.level].nice_length;\n s.max_chain_length = configuration_table[s.level].max_chain;\n\n s.strstart = 0;\n s.block_start = 0;\n s.lookahead = 0;\n s.insert = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n s.ins_h = 0;\n}\n\nclass DeflateState {\n constructor() {\n this.strm = null; /* pointer back to this zlib stream */\n this.status = 0; /* as the name implies */\n this.pending_buf = null; /* output still pending */\n this.pending_buf_size = 0; /* size of pending_buf */\n this.pending_out = 0; /* next pending byte to output to the stream */\n this.pending = 0; /* nb of bytes in the pending buffer */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.gzhead = null; /* gzip header information to write */\n this.gzindex = 0; /* where in extra, name, or comment */\n this.method = Z_DEFLATED; /* can only be DEFLATED */\n this.last_flush = -1; /* value of flush param for previous deflate call */\n\n this.w_size = 0; /* LZ77 window size (32K by default) */\n this.w_bits = 0; /* log2(w_size) (8..16) */\n this.w_mask = 0; /* w_size - 1 */\n\n this.window = null;\n /* Sliding window. Input bytes are read into the second half of the window,\n * and move to the first half later to keep a dictionary of at least wSize\n * bytes. With this organization, matches are limited to a distance of\n * wSize-MAX_MATCH bytes, but this ensures that IO is always\n * performed with a length multiple of the block size.\n */\n\n this.window_size = 0;\n /* Actual size of window: 2*wSize, except when the user input buffer\n * is directly used as sliding window.\n */\n\n this.prev = null;\n /* Link to older string with same hash index. To limit the size of this\n * array to 64K, this link is maintained only for the last 32K strings.\n * An index in this array is thus a window index modulo 32K.\n */\n\n this.head = null; /* Heads of the hash chains or NIL. */\n\n this.ins_h = 0; /* hash index of string to be inserted */\n this.hash_size = 0; /* number of elements in hash table */\n this.hash_bits = 0; /* log2(hash_size) */\n this.hash_mask = 0; /* hash_size-1 */\n\n this.hash_shift = 0;\n /* Number of bits by which ins_h must be shifted at each input\n * step. It must be such that after MIN_MATCH steps, the oldest\n * byte no longer takes part in the hash key, that is:\n * hash_shift * MIN_MATCH >= hash_bits\n */\n\n this.block_start = 0;\n /* Window position at the beginning of the current output block. Gets\n * negative when the window is moved backwards.\n */\n\n this.match_length = 0; /* length of best match */\n this.prev_match = 0; /* previous match */\n this.match_available = 0; /* set if previous match exists */\n this.strstart = 0; /* start of string to insert */\n this.match_start = 0; /* start of matching string */\n this.lookahead = 0; /* number of valid bytes ahead in window */\n\n this.prev_length = 0;\n /* Length of the best match at previous step. Matches not greater than this\n * are discarded. This is used in the lazy match evaluation.\n */\n\n this.max_chain_length = 0;\n /* To speed up deflation, hash chains are never searched beyond this\n * length. A higher limit improves compression ratio but degrades the\n * speed.\n */\n\n this.max_lazy_match = 0;\n /* Attempt to find a better match only when the current match is strictly\n * smaller than this value. This mechanism is used only for compression\n * levels >= 4.\n */\n // That's alias to max_lazy_match, don't use directly\n //this.max_insert_length = 0;\n /* Insert new strings in the hash table only if the match length is not\n * greater than this length. This saves time but degrades compression.\n * max_insert_length is used only for compression levels <= 3.\n */\n\n this.level = 0; /* compression level (1..9) */\n this.strategy = 0; /* favor or force Huffman coding*/\n\n this.good_match = 0;\n /* Use a faster search when the previous match is longer than this */\n\n this.nice_match = 0; /* Stop searching when current match exceeds this */\n\n /* used by trees.c: */\n\n /* Didn't use ct_data typedef below to suppress compiler warning */\n\n // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */\n // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */\n // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */\n\n // Use flat array of DOUBLE size, with interleaved fata,\n // because JS does not support effective\n this.dyn_ltree = new utils.Buf16(HEAP_SIZE * 2);\n this.dyn_dtree = new utils.Buf16((2 * D_CODES + 1) * 2);\n this.bl_tree = new utils.Buf16((2 * BL_CODES + 1) * 2);\n zero(this.dyn_ltree);\n zero(this.dyn_dtree);\n zero(this.bl_tree);\n\n this.l_desc = null; /* desc. for literal tree */\n this.d_desc = null; /* desc. for distance tree */\n this.bl_desc = null; /* desc. for bit length tree */\n\n //ush bl_count[MAX_BITS+1];\n this.bl_count = new utils.Buf16(MAX_BITS + 1);\n /* number of codes at each bit length for an optimal tree */\n\n //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */\n this.heap = new utils.Buf16(2 * L_CODES + 1); /* heap used to build the Huffman trees */\n zero(this.heap);\n\n this.heap_len = 0; /* number of elements in the heap */\n this.heap_max = 0; /* element of largest frequency */\n /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.\n * The same heap array is used to build all trees.\n */\n\n this.depth = new utils.Buf16(2 * L_CODES + 1); //uch depth[2*L_CODES+1];\n zero(this.depth);\n /* Depth of each subtree used as tie breaker for trees of equal frequency\n */\n\n this.l_buf = 0; /* buffer index for literals or lengths */\n\n this.lit_bufsize = 0;\n /* Size of match buffer for literals/lengths. There are 4 reasons for\n * limiting lit_bufsize to 64K:\n * - frequencies can be kept in 16 bit counters\n * - if compression is not successful for the first block, all input\n * data is still in the window so we can still emit a stored block even\n * when input comes from standard input. (This can also be done for\n * all blocks if lit_bufsize is not greater than 32K.)\n * - if compression is not successful for a file smaller than 64K, we can\n * even emit a stored file instead of a stored block (saving 5 bytes).\n * This is applicable only for zip (not gzip or zlib).\n * - creating new Huffman trees less frequently may not provide fast\n * adaptation to changes in the input data statistics. (Take for\n * example a binary file with poorly compressible code followed by\n * a highly compressible string table.) Smaller buffer sizes give\n * fast adaptation but have of course the overhead of transmitting\n * trees more frequently.\n * - I can't count above 4\n */\n\n this.last_lit = 0; /* running index in l_buf */\n\n this.d_buf = 0;\n /* Buffer index for distances. To simplify the code, d_buf and l_buf have\n * the same number of elements. To use different lengths, an extra flag\n * array would be necessary.\n */\n\n this.opt_len = 0; /* bit length of current block with optimal trees */\n this.static_len = 0; /* bit length of current block with static trees */\n this.matches = 0; /* number of string matches in current block */\n this.insert = 0; /* bytes at end of window left to insert */\n\n\n this.bi_buf = 0;\n /* Output buffer. bits are inserted starting at the bottom (least\n * significant bits).\n */\n this.bi_valid = 0;\n /* Number of valid bits in bi_buf. All bits above the last valid bit\n * are always zero.\n */\n\n // Used for window memory init. We safely ignore it for JS. That makes\n // sense only for pointers and memory check tools.\n //this.high_water = 0;\n /* High water mark offset in window for initialized bytes -- bytes above\n * this are set to zero in order to avoid memory check warnings when\n * longest match routines access bytes past the input. This is then\n * updated to the new high water mark.\n */\n }\n}\n\nfunction deflateResetKeep(strm) {\n let s;\n\n if (!strm || !strm.state) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.total_in = strm.total_out = 0;\n strm.data_type = Z_UNKNOWN;\n\n s = strm.state;\n s.pending = 0;\n s.pending_out = 0;\n\n if (s.wrap < 0) {\n s.wrap = -s.wrap;\n /* was made negative by deflate(..., Z_FINISH); */\n }\n s.status = (s.wrap ? INIT_STATE : BUSY_STATE);\n strm.adler = (s.wrap === 2) ?\n 0 // crc32(0, Z_NULL, 0)\n :\n 1; // adler32(0, Z_NULL, 0)\n s.last_flush = Z_NO_FLUSH;\n trees._tr_init(s);\n return Z_OK;\n}\n\n\nfunction deflateReset(strm) {\n const ret = deflateResetKeep(strm);\n if (ret === Z_OK) {\n lm_init(strm.state);\n }\n return ret;\n}\n\n\nfunction deflateSetHeader(strm, head) {\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; }\n strm.state.gzhead = head;\n return Z_OK;\n}\n\n\nfunction deflateInit2(strm, level, method, windowBits, memLevel, strategy) {\n if (!strm) { // === Z_NULL\n return Z_STREAM_ERROR;\n }\n let wrap = 1;\n\n if (level === Z_DEFAULT_COMPRESSION) {\n level = 6;\n }\n\n if (windowBits < 0) { /* suppress zlib wrapper */\n wrap = 0;\n windowBits = -windowBits;\n }\n\n else if (windowBits > 15) {\n wrap = 2; /* write gzip wrapper instead */\n windowBits -= 16;\n }\n\n\n if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED ||\n windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||\n strategy < 0 || strategy > Z_FIXED) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n\n if (windowBits === 8) {\n windowBits = 9;\n }\n /* until 256-byte window bug fixed */\n\n const s = new DeflateState();\n\n strm.state = s;\n s.strm = strm;\n\n s.wrap = wrap;\n s.gzhead = null;\n s.w_bits = windowBits;\n s.w_size = 1 << s.w_bits;\n s.w_mask = s.w_size - 1;\n\n s.hash_bits = memLevel + 7;\n s.hash_size = 1 << s.hash_bits;\n s.hash_mask = s.hash_size - 1;\n s.hash_shift = ~~((s.hash_bits + MIN_MATCH - 1) / MIN_MATCH);\n s.window = new utils.Buf8(s.w_size * 2);\n s.head = new utils.Buf16(s.hash_size);\n s.prev = new utils.Buf16(s.w_size);\n\n // Don't need mem init magic for JS.\n //s.high_water = 0; /* nothing written to s->window yet */\n\n s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */\n\n s.pending_buf_size = s.lit_bufsize * 4;\n\n //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);\n //s->pending_buf = (uchf *) overlay;\n s.pending_buf = new utils.Buf8(s.pending_buf_size);\n\n // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`)\n //s->d_buf = overlay + s->lit_bufsize/sizeof(ush);\n s.d_buf = 1 * s.lit_bufsize;\n\n //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;\n s.l_buf = (1 + 2) * s.lit_bufsize;\n\n s.level = level;\n s.strategy = strategy;\n s.method = method;\n\n return deflateReset(strm);\n}\n\nfunction deflateInit(strm, level) {\n return deflateInit2(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);\n}\n\n\nfunction deflate(strm, flush) {\n let old_flush, s;\n let beg, val; // for gzip header write only\n\n if (!strm || !strm.state ||\n flush > Z_BLOCK || flush < 0) {\n return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR;\n }\n\n s = strm.state;\n\n if (!strm.output ||\n (!strm.input && strm.avail_in !== 0) ||\n (s.status === FINISH_STATE && flush !== Z_FINISH)) {\n return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR);\n }\n\n s.strm = strm; /* just in case */\n old_flush = s.last_flush;\n s.last_flush = flush;\n\n /* Write the header */\n if (s.status === INIT_STATE) {\n\n if (s.wrap === 2) { // GZIP header\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n put_byte(s, 31);\n put_byte(s, 139);\n put_byte(s, 8);\n if (!s.gzhead) { // s->gzhead == Z_NULL\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, OS_CODE);\n s.status = BUSY_STATE;\n }\n else {\n put_byte(s, (s.gzhead.text ? 1 : 0) +\n (s.gzhead.hcrc ? 2 : 0) +\n (!s.gzhead.extra ? 0 : 4) +\n (!s.gzhead.name ? 0 : 8) +\n (!s.gzhead.comment ? 0 : 16)\n );\n put_byte(s, s.gzhead.time & 0xff);\n put_byte(s, (s.gzhead.time >> 8) & 0xff);\n put_byte(s, (s.gzhead.time >> 16) & 0xff);\n put_byte(s, (s.gzhead.time >> 24) & 0xff);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, s.gzhead.os & 0xff);\n if (s.gzhead.extra && s.gzhead.extra.length) {\n put_byte(s, s.gzhead.extra.length & 0xff);\n put_byte(s, (s.gzhead.extra.length >> 8) & 0xff);\n }\n if (s.gzhead.hcrc) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0);\n }\n s.gzindex = 0;\n s.status = EXTRA_STATE;\n }\n }\n else // DEFLATE header\n {\n let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8;\n let level_flags = -1;\n\n if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) {\n level_flags = 0;\n } else if (s.level < 6) {\n level_flags = 1;\n } else if (s.level === 6) {\n level_flags = 2;\n } else {\n level_flags = 3;\n }\n header |= (level_flags << 6);\n if (s.strstart !== 0) { header |= PRESET_DICT; }\n header += 31 - (header % 31);\n\n s.status = BUSY_STATE;\n putShortMSB(s, header);\n\n /* Save the adler32 of the preset dictionary: */\n if (s.strstart !== 0) {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n strm.adler = 1; // adler32(0L, Z_NULL, 0);\n }\n }\n\n //#ifdef GZIP\n if (s.status === EXTRA_STATE) {\n if (s.gzhead.extra/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n\n while (s.gzindex < (s.gzhead.extra.length & 0xffff)) {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n break;\n }\n }\n put_byte(s, s.gzhead.extra[s.gzindex] & 0xff);\n s.gzindex++;\n }\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (s.gzindex === s.gzhead.extra.length) {\n s.gzindex = 0;\n s.status = NAME_STATE;\n }\n }\n else {\n s.status = NAME_STATE;\n }\n }\n if (s.status === NAME_STATE) {\n if (s.gzhead.name/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.name.length) {\n val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.gzindex = 0;\n s.status = COMMENT_STATE;\n }\n }\n else {\n s.status = COMMENT_STATE;\n }\n }\n if (s.status === COMMENT_STATE) {\n if (s.gzhead.comment/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.comment.length) {\n val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.status = HCRC_STATE;\n }\n }\n else {\n s.status = HCRC_STATE;\n }\n }\n if (s.status === HCRC_STATE) {\n if (s.gzhead.hcrc) {\n if (s.pending + 2 > s.pending_buf_size) {\n flush_pending(strm);\n }\n if (s.pending + 2 <= s.pending_buf_size) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n s.status = BUSY_STATE;\n }\n }\n else {\n s.status = BUSY_STATE;\n }\n }\n //#endif\n\n /* Flush as much pending output as possible */\n if (s.pending !== 0) {\n flush_pending(strm);\n if (strm.avail_out === 0) {\n /* Since avail_out is 0, deflate will be called again with\n * more output space, but possibly with both pending and\n * avail_in equal to zero. There won't be anything to do,\n * but this is not an error situation so make sure we\n * return OK instead of BUF_ERROR at next call of deflate:\n */\n s.last_flush = -1;\n return Z_OK;\n }\n\n /* Make sure there is something to do and avoid duplicate consecutive\n * flushes. For repeated and useless calls with Z_FINISH, we keep\n * returning Z_STREAM_END instead of Z_BUF_ERROR.\n */\n } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) &&\n flush !== Z_FINISH) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* User must not provide more input after the first FINISH: */\n if (s.status === FINISH_STATE && strm.avail_in !== 0) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* Start a new block or continue the current one.\n */\n if (strm.avail_in !== 0 || s.lookahead !== 0 ||\n (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) {\n var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) :\n (s.strategy === Z_RLE ? deflate_rle(s, flush) :\n configuration_table[s.level].func(s, flush));\n\n if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) {\n s.status = FINISH_STATE;\n }\n if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) {\n if (strm.avail_out === 0) {\n s.last_flush = -1;\n /* avoid BUF_ERROR next call, see above */\n }\n return Z_OK;\n /* If flush != Z_NO_FLUSH && avail_out == 0, the next call\n * of deflate should use the same flush parameter to make sure\n * that the flush is complete. So we don't have to output an\n * empty block here, this will be done at next call. This also\n * ensures that for a very small output buffer, we emit at most\n * one empty block.\n */\n }\n if (bstate === BS_BLOCK_DONE) {\n if (flush === Z_PARTIAL_FLUSH) {\n trees._tr_align(s);\n }\n else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */\n\n trees._tr_stored_block(s, 0, 0, false);\n /* For a full flush, this empty block will be recognized\n * as a special marker by inflate_sync().\n */\n if (flush === Z_FULL_FLUSH) {\n /*** CLEAR_HASH(s); ***/ /* forget history */\n zero(s.head); // Fill with NIL (= 0);\n\n if (s.lookahead === 0) {\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n }\n }\n flush_pending(strm);\n if (strm.avail_out === 0) {\n s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */\n return Z_OK;\n }\n }\n }\n //Assert(strm->avail_out > 0, \"bug2\");\n //if (strm.avail_out <= 0) { throw new Error(\"bug2\");}\n\n if (flush !== Z_FINISH) { return Z_OK; }\n if (s.wrap <= 0) { return Z_STREAM_END; }\n\n /* Write the trailer */\n if (s.wrap === 2) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n put_byte(s, (strm.adler >> 16) & 0xff);\n put_byte(s, (strm.adler >> 24) & 0xff);\n put_byte(s, strm.total_in & 0xff);\n put_byte(s, (strm.total_in >> 8) & 0xff);\n put_byte(s, (strm.total_in >> 16) & 0xff);\n put_byte(s, (strm.total_in >> 24) & 0xff);\n }\n else {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n\n flush_pending(strm);\n /* If avail_out is zero, the application will call deflate again\n * to flush the rest.\n */\n if (s.wrap > 0) { s.wrap = -s.wrap; }\n /* write the trailer only once! */\n return s.pending !== 0 ? Z_OK : Z_STREAM_END;\n}\n\nfunction deflateEnd(strm) {\n let status;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n status = strm.state.status;\n if (status !== INIT_STATE &&\n status !== EXTRA_STATE &&\n status !== NAME_STATE &&\n status !== COMMENT_STATE &&\n status !== HCRC_STATE &&\n status !== BUSY_STATE &&\n status !== FINISH_STATE\n ) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.state = null;\n\n return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK;\n}\n\n\n/* =========================================================================\n * Initializes the compression dictionary from the given byte\n * sequence without producing any compressed output.\n */\nfunction deflateSetDictionary(strm, dictionary) {\n let dictLength = dictionary.length;\n\n let s;\n let str, n;\n let wrap;\n let avail;\n let next;\n let input;\n let tmpDict;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n s = strm.state;\n wrap = s.wrap;\n\n if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) {\n return Z_STREAM_ERROR;\n }\n\n /* when using zlib wrappers, compute Adler-32 for provided dictionary */\n if (wrap === 1) {\n /* adler32(strm->adler, dictionary, dictLength); */\n strm.adler = adler32(strm.adler, dictionary, dictLength, 0);\n }\n\n s.wrap = 0; /* avoid computing Adler-32 in read_buf */\n\n /* if dictionary would fill window, just replace the history */\n if (dictLength >= s.w_size) {\n if (wrap === 0) { /* already empty otherwise */\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n /* use the tail */\n // dictionary = dictionary.slice(dictLength - s.w_size);\n tmpDict = new utils.Buf8(s.w_size);\n utils.arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0);\n dictionary = tmpDict;\n dictLength = s.w_size;\n }\n /* insert dictionary into window and hash */\n avail = strm.avail_in;\n next = strm.next_in;\n input = strm.input;\n strm.avail_in = dictLength;\n strm.next_in = 0;\n strm.input = dictionary;\n fill_window(s);\n while (s.lookahead >= MIN_MATCH) {\n str = s.strstart;\n n = s.lookahead - (MIN_MATCH - 1);\n do {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n\n s.head[s.ins_h] = str;\n str++;\n } while (--n);\n s.strstart = str;\n s.lookahead = MIN_MATCH - 1;\n fill_window(s);\n }\n s.strstart += s.lookahead;\n s.block_start = s.strstart;\n s.insert = s.lookahead;\n s.lookahead = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n strm.next_in = next;\n strm.input = input;\n strm.avail_in = avail;\n s.wrap = wrap;\n return Z_OK;\n}\n\nconst deflateInfo = 'pako deflate (from Nodeca project)';\nexport {\n deflateInit,\n deflateInit2,\n deflateReset,\n deflateResetKeep,\n deflateSetHeader,\n deflate,\n deflateEnd,\n deflateSetDictionary,\n deflateInfo\n};\n\n/* Not implemented\nexports.deflateBound = deflateBound;\nexports.deflateCopy = deflateCopy;\nexports.deflateParams = deflateParams;\nexports.deflatePending = deflatePending;\nexports.deflatePrime = deflatePrime;\nexports.deflateTune = deflateTune;\n*/\n","// String encode/decode helpers\n\n\n\nimport * as utils from \"./common.js\";\n\n\n// Quick check if we can use fast array to bin string conversion\n//\n// - apply(Array) can fail on Android 2.2\n// - apply(Uint8Array) can fail on iOS 5.1 Safari\n//\nlet STR_APPLY_OK = true;\nlet STR_APPLY_UIA_OK = true;\n\ntry {\n String.fromCharCode.apply(null, [ 0 ]); \n} catch (__) {\n STR_APPLY_OK = false; \n}\ntry {\n String.fromCharCode.apply(null, new Uint8Array(1)); \n} catch (__) {\n STR_APPLY_UIA_OK = false; \n}\n\n\n// Table with utf8 lengths (calculated by first byte of sequence)\n// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,\n// because max possible codepoint is 0x10ffff\nconst _utf8len = new utils.Buf8(256);\nfor (let q = 0; q < 256; q++) {\n _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1;\n}\n_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start\n\n\n// convert string to array (typed, when possible)\nexport function string2buf (str) {\n let c, c2, m_pos, i, buf_len = 0;\n const str_len = str.length;\n\n // count binary size\n for (m_pos = 0; m_pos < str_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;\n }\n\n // allocate buffer\n const buf = new utils.Buf8(buf_len);\n\n // convert\n for (i = 0, m_pos = 0; i < buf_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n if (c < 0x80) {\n /* one byte */\n buf[i++] = c;\n } else if (c < 0x800) {\n /* two bytes */\n buf[i++] = 0xC0 | c >>> 6;\n buf[i++] = 0x80 | c & 0x3f;\n } else if (c < 0x10000) {\n /* three bytes */\n buf[i++] = 0xE0 | c >>> 12;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n } else {\n /* four bytes */\n buf[i++] = 0xf0 | c >>> 18;\n buf[i++] = 0x80 | c >>> 12 & 0x3f;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n }\n }\n\n return buf;\n}\n\n// Helper (used in 2 places)\nfunction _buf2binstring(buf, len) {\n // On Chrome, the arguments in a function call that are allowed is `65534`.\n // If the length of the buffer is smaller than that, we can use this optimization,\n // otherwise we will take a slower path.\n if (len < 65534) {\n if (buf.subarray && STR_APPLY_UIA_OK || !buf.subarray && STR_APPLY_OK) {\n return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));\n }\n }\n\n let result = \"\";\n for (let i = 0; i < len; i++) {\n result += String.fromCharCode(buf[i]);\n }\n return result;\n}\n\n\n// Convert byte array to binary string\nexport function buf2binstring (buf) {\n return _buf2binstring(buf, buf.length);\n}\n\n\n// Convert binary string (typed, when possible)\nexport function binstring2buf (str) {\n const buf = new utils.Buf8(str.length);\n for (let i = 0, len = buf.length; i < len; i++) {\n buf[i] = str.charCodeAt(i);\n }\n return buf;\n}\n\n\n// convert array to string\nexport function buf2string (buf, max) {\n let i, out, c, c_len;\n const len = max || buf.length;\n\n // Reserve max possible length (2 words per char)\n // NB: by unknown reasons, Array is significantly faster for\n // String.fromCharCode.apply than Uint16Array.\n // var utf16buf = new Array(len * 2);\n // try Uint16Array\n const utf16buf = new Uint16Array(len * 2);\n\n for (out = 0, i = 0; i < len;) {\n c = buf[i++];\n // quick process ascii\n if (c < 0x80) {\n utf16buf[out++] = c; continue; \n }\n\n c_len = _utf8len[c];\n // skip 5 & 6 byte codes\n if (c_len > 4) {\n utf16buf[out++] = 0xfffd; i += c_len - 1; continue; \n }\n\n // apply mask on first byte\n c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;\n // join the rest\n while (c_len > 1 && i < len) {\n c = c << 6 | buf[i++] & 0x3f;\n c_len--;\n }\n\n // terminated by end of string?\n if (c_len > 1) {\n utf16buf[out++] = 0xfffd; continue; \n }\n\n if (c < 0x10000) {\n utf16buf[out++] = c;\n } else {\n c -= 0x10000;\n utf16buf[out++] = 0xd800 | c >> 10 & 0x3ff;\n utf16buf[out++] = 0xdc00 | c & 0x3ff;\n }\n }\n\n return _buf2binstring(utf16buf, out);\n}\n\n\n// Calculate max possible position in utf8 buffer,\n// that will not break sequence. If that's not possible\n// - (very small limits) return max size as is.\n//\n// buf[] - utf8 bytes array\n// max - length limit (mandatory);\nexport function utf8border (buf, max) {\n let pos;\n\n max = max || buf.length;\n if (max > buf.length) {\n max = buf.length; \n }\n\n // go back from last position, until start of sequence found\n pos = max - 1;\n while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) {\n pos--; \n }\n\n // Very small and broken sequence,\n // return max, because we should return something anyway.\n if (pos < 0) {\n return max; \n }\n\n // If we came to start of buffer - that means buffer is too small,\n // return max too.\n if (pos === 0) {\n return max; \n }\n\n return pos + _utf8len[buf[pos]] > max ? pos : max;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class ZStream {\n constructor() {\n /* next input byte */\n this.input = null; // JS specific, because we have no pointers\n this.next_in = 0;\n /* number of bytes available at input */\n this.avail_in = 0;\n /* total number of input bytes read so far */\n this.total_in = 0;\n /* next output byte should be put there */\n this.output = null; // JS specific, because we have no pointers\n this.next_out = 0;\n /* remaining free space at output */\n this.avail_out = 0;\n /* total number of bytes output so far */\n this.total_out = 0;\n /* last error message, NULL if no error */\n this.msg = ''/*Z_NULL*/;\n /* not visible by applications */\n this.state = null;\n /* best guess about the data type: binary or text */\n this.data_type = 2/*Z_UNKNOWN*/;\n /* adler32 value of the uncompressed data */\n this.adler = 0;\n }\n}","'use strict';\n\nimport * as zlib_deflate from \"./zlib/deflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\nimport { Z_NO_FLUSH, Z_FINISH,\n Z_OK, Z_STREAM_END, Z_SYNC_FLUSH,\n Z_DEFAULT_COMPRESSION,\n Z_DEFAULT_STRATEGY,\n Z_DEFLATED } from \"./zlib/constants.js\"\n\n/* ===========================================================================*/\n\n\n/**\n * class Deflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[deflate]],\n * [[deflateRaw]] and [[gzip]].\n **/\n\n/* internal\n * Deflate.chunks -> Array\n *\n * Chunks of output data, if [[Deflate#onData]] not overridden.\n **/\n\n/**\n * Deflate.result -> Uint8Array|Array\n *\n * Compressed result, generated by default [[Deflate#onData]]\n * and [[Deflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Deflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Deflate.err -> Number\n *\n * Error code after deflate finished. 0 (Z_OK) on success.\n * You will not need it in real life, because deflate errors\n * are possible only on wrong options or bad `onData` / `onEnd`\n * custom handlers.\n **/\n\n/**\n * Deflate.msg -> String\n *\n * Error message, if [[Deflate.err]] != 0\n **/\n\n\n/**\n * new Deflate(options)\n * - options (Object): zlib deflate options.\n *\n * Creates new deflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `level`\n * - `windowBits`\n * - `memLevel`\n * - `strategy`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw deflate\n * - `gzip` (Boolean) - create gzip wrapper\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n * - `header` (Object) - custom header for gzip\n * - `text` (Boolean) - true if compressed data believed to be text\n * - `time` (Number) - modification time, unix timestamp\n * - `os` (Number) - operation system code\n * - `extra` (Array) - array of bytes with extra data (max 65536)\n * - `name` (String) - file name (binary string)\n * - `comment` (String) - comment (binary string)\n * - `hcrc` (Boolean) - true if header crc should be added\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var deflate = new pako.Deflate({ level: 3});\n *\n * deflate.push(chunk1, false);\n * deflate.push(chunk2, true); // true -> last chunk\n *\n * if (deflate.err) { throw new Error(deflate.err); }\n *\n * console.log(deflate.result);\n * ```\n **/\n\nclass Deflate {\n constructor(options) {\n this.options = {\n level: Z_DEFAULT_COMPRESSION,\n method: Z_DEFLATED,\n chunkSize: 16384,\n windowBits: 15,\n memLevel: 8,\n strategy: Z_DEFAULT_STRATEGY,\n ...(options || {})\n };\n\n const opt = this.options;\n\n if (opt.raw && (opt.windowBits > 0)) {\n opt.windowBits = -opt.windowBits;\n }\n\n else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) {\n opt.windowBits += 16;\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n var status = zlib_deflate.deflateInit2(\n this.strm,\n opt.level,\n opt.method,\n opt.windowBits,\n opt.memLevel,\n opt.strategy\n );\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n if (opt.header) {\n zlib_deflate.deflateSetHeader(this.strm, opt.header);\n }\n\n if (opt.dictionary) {\n let dict;\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n // If we need to compress text, change encoding to utf8.\n dict = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n dict = new Uint8Array(opt.dictionary);\n } else {\n dict = opt.dictionary;\n }\n\n status = zlib_deflate.deflateSetDictionary(this.strm, dict);\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n this._dict_set = true;\n }\n }\n\n /**\n * Deflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be\n * converted to utf8 byte sequence.\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with\n * new compressed chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the compression context.\n *\n * On fail call [[Deflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * array format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize } } = this;\n var status, _mode;\n\n if (this.ended) { return false; }\n\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // If we need to compress text, change encoding to utf8.\n strm.input = strings.string2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n status = zlib_deflate.deflate(strm, _mode); /* no bad return value */\n\n if (status !== Z_STREAM_END && status !== Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END);\n\n // Finalize on the last chunk.\n if (_mode === Z_FINISH) {\n status = zlib_deflate.deflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === Z_SYNC_FLUSH) {\n this.onEnd(Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n /**\n * Deflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n /**\n * Deflate#onEnd(status) -> Void\n * - status (Number): deflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called once after you tell deflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n\n\n\n/**\n * deflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * Compress `data` with deflate algorithm and `options`.\n *\n * Supported options are:\n *\n * - level\n * - windowBits\n * - memLevel\n * - strategy\n * - dictionary\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , data = Uint8Array([1,2,3,4,5,6,7,8,9]);\n *\n * console.log(pako.deflate(data));\n * ```\n **/\nfunction deflate(input, options) {\n const deflator = new Deflate(options);\n\n deflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (deflator.err) { throw new Error(deflator.msg || msg[deflator.err]); }\n\n return deflator.result;\n}\n\n\n/**\n * deflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction deflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return deflate(input, options);\n}\n\n\n/**\n * gzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but create gzip wrapper instead of\n * deflate one.\n **/\nfunction gzip(input, options) {\n options = options || {};\n options.gzip = true;\n return deflate(input, options);\n}\n\nexport { Deflate, deflate, deflateRaw, gzip };\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// See state defs from inflate.js\nconst BAD = 30; /* got a data error -- remain here until reset */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\n\n/*\n Decode literal, length, and distance codes and write out the resulting\n literal and match bytes until either not enough input or output is\n available, an end-of-block is encountered, or a data error is encountered.\n When large enough input and output buffers are supplied to inflate(), for\n example, a 16K input buffer and a 64K output buffer, more than 95% of the\n inflate execution time is spent in this routine.\n\n Entry assumptions:\n\n state.mode === LEN\n strm.avail_in >= 6\n strm.avail_out >= 258\n start >= strm.avail_out\n state.bits < 8\n\n On return, state.mode is one of:\n\n LEN -- ran out of enough output space or enough available input\n TYPE -- reached end of block code, inflate() to interpret next block\n BAD -- error in block data\n\n Notes:\n\n - The maximum input bits used by a length/distance pair is 15 bits for the\n length code, 5 bits for the length extra, 15 bits for the distance code,\n and 13 bits for the distance extra. This totals 48 bits, or six bytes.\n Therefore if strm.avail_in >= 6, then there is enough input to avoid\n checking for available input while decoding.\n\n - The maximum bytes that a single length/distance pair can output is 258\n bytes, which is the maximum length that can be coded. inflate_fast()\n requires strm.avail_out >= 258 for each loop to avoid checking for\n output space.\n */\nexport default function inflate_fast(strm, start) {\n let _in; /* local strm.input */\n let _out; /* local strm.output */\n // Use `s_window` instead `window`, avoid conflict with instrumentation tools\n let hold; /* local strm.hold */\n let bits; /* local strm.bits */\n let here; /* retrieved table entry */\n let op; /* code bits, operation, extra bits, or */\n /* window position, window bytes to copy */\n let len; /* match length, unused bytes */\n let dist; /* match distance */\n let from; /* where to copy match from */\n let from_source;\n\n\n\n /* copy state to local variables */\n const state = strm.state;\n //here = state.here;\n _in = strm.next_in;\n const input = strm.input;\n const last = _in + (strm.avail_in - 5);\n _out = strm.next_out;\n const output = strm.output;\n const beg = _out - (start - strm.avail_out);\n const end = _out + (strm.avail_out - 257);\n //#ifdef INFLATE_STRICT\n const dmax = state.dmax;\n //#endif\n const wsize = state.wsize;\n const whave = state.whave;\n const wnext = state.wnext;\n const s_window = state.window;\n hold = state.hold;\n bits = state.bits;\n const lcode = state.lencode;\n const dcode = state.distcode;\n const lmask = (1 << state.lenbits) - 1;\n const dmask = (1 << state.distbits) - 1;\n\n\n /* decode literals and length/distances until end-of-block or not enough\n input data or output space */\n\n top:\n do {\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n\n here = lcode[hold & lmask];\n\n dolen:\n for (;;) { // Goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n if (op === 0) { /* literal */\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n output[_out++] = here & 0xffff/*here.val*/;\n } else if (op & 16) { /* length base */\n len = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (op) {\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n len += hold & (1 << op) - 1;\n hold >>>= op;\n bits -= op;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", len));\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n here = dcode[hold & dmask];\n\n dodist:\n for (;;) { // goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n\n if (op & 16) { /* distance base */\n dist = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n }\n dist += hold & (1 << op) - 1;\n //#ifdef INFLATE_STRICT\n if (dist > dmax) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n //#endif\n hold >>>= op;\n bits -= op;\n //Tracevv((stderr, \"inflate: distance %u\\n\", dist));\n op = _out - beg; /* max distance in output */\n if (dist > op) { /* see if copy from window */\n op = dist - op; /* distance back in window */\n if (op > whave) {\n if (state.sane) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n // if (len <= op - whave) {\n // do {\n // output[_out++] = 0;\n // } while (--len);\n // continue top;\n // }\n // len -= op - whave;\n // do {\n // output[_out++] = 0;\n // } while (--op > whave);\n // if (op === 0) {\n // from = _out - dist;\n // do {\n // output[_out++] = output[from++];\n // } while (--len);\n // continue top;\n // }\n //#endif\n }\n from = 0; // window index\n from_source = s_window;\n if (wnext === 0) { /* very common case */\n from += wsize - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n } else if (wnext < op) { /* wrap around window */\n from += wsize + wnext - op;\n op -= wnext;\n if (op < len) { /* some from end of window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = 0;\n if (wnext < len) { /* some from start of window */\n op = wnext;\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n } else { /* contiguous in window */\n from += wnext - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n while (len > 2) {\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n len -= 3;\n }\n if (len) {\n output[_out++] = from_source[from++];\n if (len > 1) {\n output[_out++] = from_source[from++];\n }\n }\n } else {\n from = _out - dist; /* copy direct from output */\n do { /* minimum length is three */\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n len -= 3;\n } while (len > 2);\n if (len) {\n output[_out++] = output[from++];\n if (len > 1) {\n output[_out++] = output[from++];\n }\n }\n }\n } else if ((op & 64) === 0) { /* 2nd level distance code */\n here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dodist;\n } else {\n strm.msg = \"invalid distance code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } else if ((op & 64) === 0) { /* 2nd level length code */\n here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dolen;\n } else if (op & 32) { /* end-of-block */\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.mode = TYPE;\n break top;\n } else {\n strm.msg = \"invalid literal/length code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } while (_in < last && _out < end);\n\n /* return unused bytes (on entry, bits < 8, so in won't go too far back) */\n len = bits >> 3;\n _in -= len;\n bits -= len << 3;\n hold &= (1 << bits) - 1;\n\n /* update state and return */\n strm.next_in = _in;\n strm.next_out = _out;\n strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last);\n strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end);\n state.hold = hold;\n state.bits = bits;\n return;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\n\nconst MAXBITS = 15;\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\nconst lbase = [ /* Length codes 257..285 base */\n 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,\n 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0\n];\n\nconst lext = [ /* Length codes 257..285 extra */\n 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,\n 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78\n];\n\nconst dbase = [ /* Distance codes 0..29 base */\n 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,\n 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,\n 8193, 12289, 16385, 24577, 0, 0\n];\n\nconst dext = [ /* Distance codes 0..29 extra */\n 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,\n 23, 23, 24, 24, 25, 25, 26, 26, 27, 27,\n 28, 28, 29, 29, 64, 64\n];\n\nexport default function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) {\n const bits = opts.bits;\n //here = opts.here; /* table entry for duplication */\n\n let len = 0; /* a code's length in bits */\n let sym = 0; /* index of code symbols */\n let min = 0, max = 0; /* minimum and maximum code lengths */\n let root = 0; /* number of index bits for root table */\n let curr = 0; /* number of index bits for current table */\n let drop = 0; /* code bits to drop for sub-table */\n let left = 0; /* number of prefix codes available */\n let used = 0; /* code entries in table used */\n let huff = 0; /* Huffman code */\n let incr; /* for incrementing code, index */\n let fill; /* index for replicating entries */\n let low; /* low bits for current root entry */\n let next; /* next available space in table */\n let base = null; /* base value table to use */\n let base_index = 0;\n // var shoextra; /* extra bits table to use */\n let end; /* use base and extra for symbol > end */\n const count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */\n const offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */\n let extra = null;\n let extra_index = 0;\n\n let here_bits, here_op, here_val;\n\n /*\n Process a set of code lengths to create a canonical Huffman code. The\n code lengths are lens[0..codes-1]. Each length corresponds to the\n symbols 0..codes-1. The Huffman code is generated by first sorting the\n symbols by length from short to long, and retaining the symbol order\n for codes with equal lengths. Then the code starts with all zero bits\n for the first code of the shortest length, and the codes are integer\n increments for the same length, and zeros are appended as the length\n increases. For the deflate format, these bits are stored backwards\n from their more natural integer increment ordering, and so when the\n decoding tables are built in the large loop below, the integer codes\n are incremented backwards.\n\n This routine assumes, but does not check, that all of the entries in\n lens[] are in the range 0..MAXBITS. The caller must assure this.\n 1..MAXBITS is interpreted as that code length. zero means that that\n symbol does not occur in this code.\n\n The codes are sorted by computing a count of codes for each length,\n creating from that a table of starting indices for each length in the\n sorted table, and then entering the symbols in order in the sorted\n table. The sorted table is work[], with that space being provided by\n the caller.\n\n The length counts are used for other purposes as well, i.e. finding\n the minimum and maximum length codes, determining if there are any\n codes at all, checking for a valid set of lengths, and looking ahead\n at length counts to determine sub-table sizes when building the\n decoding tables.\n */\n\n /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */\n for (len = 0; len <= MAXBITS; len++) {\n count[len] = 0;\n }\n for (sym = 0; sym < codes; sym++) {\n count[lens[lens_index + sym]]++;\n }\n\n /* bound code lengths, force root to be within code lengths */\n root = bits;\n for (max = MAXBITS; max >= 1; max--) {\n if (count[max] !== 0) {\n break; \n }\n }\n if (root > max) {\n root = max;\n }\n if (max === 0) { /* no symbols to code at all */\n //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */\n //table.bits[opts.table_index] = 1; //here.bits = (var char)1;\n //table.val[opts.table_index++] = 0; //here.val = (var short)0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n\n //table.op[opts.table_index] = 64;\n //table.bits[opts.table_index] = 1;\n //table.val[opts.table_index++] = 0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n opts.bits = 1;\n return 0; /* no symbols, but wait for decoding to report error */\n }\n for (min = 1; min < max; min++) {\n if (count[min] !== 0) {\n break; \n }\n }\n if (root < min) {\n root = min;\n }\n\n /* check for an over-subscribed or incomplete set of lengths */\n left = 1;\n for (len = 1; len <= MAXBITS; len++) {\n left <<= 1;\n left -= count[len];\n if (left < 0) {\n return -1;\n } /* over-subscribed */\n }\n if (left > 0 && (type === CODES || max !== 1)) {\n return -1; /* incomplete set */\n }\n\n /* generate offsets into symbol table for each length for sorting */\n offs[1] = 0;\n for (len = 1; len < MAXBITS; len++) {\n offs[len + 1] = offs[len] + count[len];\n }\n\n /* sort symbols by length, by symbol order within each length */\n for (sym = 0; sym < codes; sym++) {\n if (lens[lens_index + sym] !== 0) {\n work[offs[lens[lens_index + sym]]++] = sym;\n }\n }\n\n /*\n Create and fill in decoding tables. In this loop, the table being\n filled is at next and has curr index bits. The code being used is huff\n with length len. That code is converted to an index by dropping drop\n bits off of the bottom. For codes where len is less than drop + curr,\n those top drop + curr - len bits are incremented through all values to\n fill the table with replicated entries.\n\n root is the number of index bits for the root table. When len exceeds\n root, sub-tables are created pointed to by the root entry with an index\n of the low root bits of huff. This is saved in low to check for when a\n new sub-table should be started. drop is zero when the root table is\n being filled, and drop is root when sub-tables are being filled.\n\n When a new sub-table is needed, it is necessary to look ahead in the\n code lengths to determine what size sub-table is needed. The length\n counts are used for this, and so count[] is decremented as codes are\n entered in the tables.\n\n used keeps track of how many table entries have been allocated from the\n provided *table space. It is checked for LENS and DIST tables against\n the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in\n the initial root table size constants. See the comments in inftrees.h\n for more information.\n\n sym increments through all symbols, and the loop terminates when\n all codes of length max, i.e. all codes, have been processed. This\n routine permits incomplete codes, so another loop after this one fills\n in the rest of the decoding tables with invalid code markers.\n */\n\n /* set up for code type */\n // poor man optimization - use if-else instead of switch,\n // to avoid deopts in old v8\n if (type === CODES) {\n base = extra = work; /* dummy value--not used */\n end = 19;\n\n } else if (type === LENS) {\n base = lbase;\n base_index -= 257;\n extra = lext;\n extra_index -= 257;\n end = 256;\n\n } else { /* DISTS */\n base = dbase;\n extra = dext;\n end = -1;\n }\n\n /* initialize opts for loop */\n huff = 0; /* starting code */\n sym = 0; /* starting code symbol */\n len = min; /* starting code length */\n next = table_index; /* current table to fill in */\n curr = root; /* current table index bits */\n drop = 0; /* current bits to drop from code for index */\n low = -1; /* trigger new sub-table when len > root */\n used = 1 << root; /* use root table entries */\n const mask = used - 1; /* mask for comparing low */\n\n /* check available table space */\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* process all codes and make table entries */\n for (;;) {\n /* create table entry */\n here_bits = len - drop;\n if (work[sym] < end) {\n here_op = 0;\n here_val = work[sym];\n } else if (work[sym] > end) {\n here_op = extra[extra_index + work[sym]];\n here_val = base[base_index + work[sym]];\n } else {\n here_op = 32 + 64; /* end of block */\n here_val = 0;\n }\n\n /* replicate for those indices with low len bits equal to huff */\n incr = 1 << len - drop;\n fill = 1 << curr;\n min = fill; /* save offset to next table */\n do {\n fill -= incr;\n table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0;\n } while (fill !== 0);\n\n /* backwards increment the len-bit code huff */\n incr = 1 << len - 1;\n while (huff & incr) {\n incr >>= 1;\n }\n if (incr !== 0) {\n huff &= incr - 1;\n huff += incr;\n } else {\n huff = 0;\n }\n\n /* go to next symbol, update count, len */\n sym++;\n if (--count[len] === 0) {\n if (len === max) {\n break; \n }\n len = lens[lens_index + work[sym]];\n }\n\n /* create new sub-table if needed */\n if (len > root && (huff & mask) !== low) {\n /* if first time, transition to sub-tables */\n if (drop === 0) {\n drop = root;\n }\n\n /* increment past last table */\n next += min; /* here min is 1 << curr */\n\n /* determine length of next table */\n curr = len - drop;\n left = 1 << curr;\n while (curr + drop < max) {\n left -= count[curr + drop];\n if (left <= 0) {\n break; \n }\n curr++;\n left <<= 1;\n }\n\n /* check for enough space */\n used += 1 << curr;\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* point entry in root table to sub-table */\n low = huff & mask;\n /*table.op[low] = curr;\n table.bits[low] = root;\n table.val[low] = next - opts.table_index;*/\n table[low] = root << 24 | curr << 16 | next - table_index |0;\n }\n }\n\n /* fill in remaining table entry if code is incomplete (guaranteed to have\n at most one remaining entry, since if the code is incomplete, the\n maximum code length that was allowed to get this far is one bit) */\n if (huff !== 0) {\n //table.op[next + huff] = 64; /* invalid code marker */\n //table.bits[next + huff] = len - drop;\n //table.val[next + huff] = 0;\n table[next + huff] = len - drop << 24 | 64 << 16 |0;\n }\n\n /* set return parameters */\n //opts.table_index += used;\n opts.bits = root;\n return 0;\n}\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport inflate_fast from \"./inffast.js\";\nimport inflate_table from \"./inftrees.js\";\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_FINISH,\n Z_BLOCK,\n Z_TREES,\n Z_OK,\n Z_STREAM_END,\n Z_NEED_DICT,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/* STATES ====================================================================*/\n/* ===========================================================================*/\n\n\nconst HEAD = 1; /* i: waiting for magic header */\nconst FLAGS = 2; /* i: waiting for method and flags (gzip) */\nconst TIME = 3; /* i: waiting for modification time (gzip) */\nconst OS = 4; /* i: waiting for extra flags and operating system (gzip) */\nconst EXLEN = 5; /* i: waiting for extra length (gzip) */\nconst EXTRA = 6; /* i: waiting for extra bytes (gzip) */\nconst NAME = 7; /* i: waiting for end of file name (gzip) */\nconst COMMENT = 8; /* i: waiting for end of comment (gzip) */\nconst HCRC = 9; /* i: waiting for header crc (gzip) */\nconst DICTID = 10; /* i: waiting for dictionary check value */\nconst DICT = 11; /* waiting for inflateSetDictionary() call */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\nconst TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */\nconst STORED = 14; /* i: waiting for stored size (length and complement) */\nconst COPY_ = 15; /* i/o: same as COPY below, but only first time in */\nconst COPY = 16; /* i/o: waiting for input or output to copy stored block */\nconst TABLE = 17; /* i: waiting for dynamic block table lengths */\nconst LENLENS = 18; /* i: waiting for code length code lengths */\nconst CODELENS = 19; /* i: waiting for length/lit and distance code lengths */\nconst LEN_ = 20; /* i: same as LEN below, but only first time in */\nconst LEN = 21; /* i: waiting for length/lit/eob code */\nconst LENEXT = 22; /* i: waiting for length extra bits */\nconst DIST = 23; /* i: waiting for distance code */\nconst DISTEXT = 24; /* i: waiting for distance extra bits */\nconst MATCH = 25; /* o: waiting for output space to copy string */\nconst LIT = 26; /* o: waiting for output space to write literal */\nconst CHECK = 27; /* i: waiting for 32-bit check value */\nconst LENGTH = 28; /* i: waiting for 32-bit length (gzip) */\nconst DONE = 29; /* finished check, done -- remain here until reset */\nconst BAD = 30; /* got a data error -- remain here until reset */\n//const MEM = 31; /* got an inflate() memory error -- remain here until reset */\nconst SYNC = 32; /* looking for synchronization bytes to restart inflate() */\n\n/* ===========================================================================*/\n\n\n\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_WBITS = MAX_WBITS;\n\n\nfunction zswap32(q) {\n return (((q >>> 24) & 0xff) +\n ((q >>> 8) & 0xff00) +\n ((q & 0xff00) << 8) +\n ((q & 0xff) << 24));\n}\n\n\nclass InflateState {\n constructor() {\n this.mode = 0; /* current inflate mode */\n this.last = false; /* true if processing last block */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.havedict = false; /* true if dictionary provided */\n this.flags = 0; /* gzip header method and flags (0 if zlib) */\n this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */\n this.check = 0; /* protected copy of check value */\n this.total = 0; /* protected copy of output count */\n // TODO: may be {}\n this.head = null; /* where to save gzip header information */\n\n /* sliding window */\n this.wbits = 0; /* log base 2 of requested window size */\n this.wsize = 0; /* window size or zero if not using window */\n this.whave = 0; /* valid bytes in the window */\n this.wnext = 0; /* window write index */\n this.window = null; /* allocated sliding window, if needed */\n\n /* bit accumulator */\n this.hold = 0; /* input bit accumulator */\n this.bits = 0; /* number of bits in \"in\" */\n\n /* for string and stored block copying */\n this.length = 0; /* literal or length of data to copy */\n this.offset = 0; /* distance back to copy string from */\n\n /* for table and code decoding */\n this.extra = 0; /* extra bits needed */\n\n /* fixed and dynamic code tables */\n this.lencode = null; /* starting table for length/literal codes */\n this.distcode = null; /* starting table for distance codes */\n this.lenbits = 0; /* index bits for lencode */\n this.distbits = 0; /* index bits for distcode */\n\n /* dynamic table building */\n this.ncode = 0; /* number of code length code lengths */\n this.nlen = 0; /* number of length code lengths */\n this.ndist = 0; /* number of distance code lengths */\n this.have = 0; /* number of code lengths in lens[] */\n this.next = null; /* next available space in codes[] */\n\n this.lens = new utils.Buf16(320); /* temporary storage for code lengths */\n this.work = new utils.Buf16(288); /* work area for code table building */\n\n /*\n because we don't have pointers in js, we use lencode and distcode directly\n as buffers so we don't need codes\n */\n //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */\n this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */\n this.distdyn = null; /* dynamic table for distance codes (JS specific) */\n this.sane = 0; /* if false, allow invalid distance too far */\n this.back = 0; /* bits back of last unprocessed length/lit */\n this.was = 0; /* initial length of match */\n }\n}\n\nfunction inflateResetKeep(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n strm.total_in = strm.total_out = state.total = 0;\n strm.msg = ''; /*Z_NULL*/\n if (state.wrap) { /* to support ill-conceived Java test suite */\n strm.adler = state.wrap & 1;\n }\n state.mode = HEAD;\n state.last = 0;\n state.havedict = 0;\n state.dmax = 32768;\n state.head = null/*Z_NULL*/;\n state.hold = 0;\n state.bits = 0;\n //state.lencode = state.distcode = state.next = state.codes;\n state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);\n state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);\n\n state.sane = 1;\n state.back = -1;\n //Tracev((stderr, \"inflate: reset\\n\"));\n return Z_OK;\n}\n\nfunction inflateReset(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n state.wsize = 0;\n state.whave = 0;\n state.wnext = 0;\n return inflateResetKeep(strm);\n\n}\n\nfunction inflateReset2(strm, windowBits) {\n let wrap;\n let state;\n\n /* get the state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n /* extract wrap request from windowBits parameter */\n if (windowBits < 0) {\n wrap = 0;\n windowBits = -windowBits;\n }\n else {\n wrap = (windowBits >> 4) + 1;\n if (windowBits < 48) {\n windowBits &= 15;\n }\n }\n\n /* set number of window bits, free window if different */\n if (windowBits && (windowBits < 8 || windowBits > 15)) {\n return Z_STREAM_ERROR;\n }\n if (state.window !== null && state.wbits !== windowBits) {\n state.window = null;\n }\n\n /* update state and reset the rest of it */\n state.wrap = wrap;\n state.wbits = windowBits;\n return inflateReset(strm);\n}\n\nfunction inflateInit2(strm, windowBits) {\n let ret;\n let state;\n\n if (!strm) { return Z_STREAM_ERROR; }\n //strm.msg = Z_NULL; /* in case we return an error */\n\n state = new InflateState();\n\n //if (state === Z_NULL) return Z_MEM_ERROR;\n //Tracev((stderr, \"inflate: allocated\\n\"));\n strm.state = state;\n state.window = null/*Z_NULL*/;\n ret = inflateReset2(strm, windowBits);\n if (ret !== Z_OK) {\n strm.state = null/*Z_NULL*/;\n }\n return ret;\n}\n\nfunction inflateInit(strm) {\n return inflateInit2(strm, DEF_WBITS);\n}\n\n\n/*\n Return state with length and distance decoding tables and index sizes set to\n fixed code decoding. Normally this returns fixed tables from inffixed.h.\n If BUILDFIXED is defined, then instead this routine builds the tables the\n first time it's called, and returns those tables the first time and\n thereafter. This reduces the size of the code by about 2K bytes, in\n exchange for a little execution time. However, BUILDFIXED should not be\n used for threaded applications, since the rewriting of the tables and virgin\n may not be thread-safe.\n */\nlet virgin = true;\n\nlet lenfix, distfix; // We have no pointers in JS, so keep tables separate\n\nfunction fixedtables(state) {\n /* build fixed huffman tables if first call (may not be thread safe) */\n if (virgin) {\n let sym;\n\n lenfix = new utils.Buf32(512);\n distfix = new utils.Buf32(32);\n\n /* literal/length table */\n sym = 0;\n while (sym < 144) { state.lens[sym++] = 8; }\n while (sym < 256) { state.lens[sym++] = 9; }\n while (sym < 280) { state.lens[sym++] = 7; }\n while (sym < 288) { state.lens[sym++] = 8; }\n\n inflate_table(LENS, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 });\n\n /* distance table */\n sym = 0;\n while (sym < 32) { state.lens[sym++] = 5; }\n\n inflate_table(DISTS, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 });\n\n /* do this just once */\n virgin = false;\n }\n\n state.lencode = lenfix;\n state.lenbits = 9;\n state.distcode = distfix;\n state.distbits = 5;\n}\n\n\n/*\n Update the window with the last wsize (normally 32K) bytes written before\n returning. If window does not exist yet, create it. This is only called\n when a window is already in use, or when output has been written during this\n inflate call, but the end of the deflate stream has not been reached yet.\n It is also called to create a window for dictionary data when a dictionary\n is loaded.\n\n Providing output buffers larger than 32K to inflate() should provide a speed\n advantage, since only the last 32K of output is copied to the sliding window\n upon return from inflate(), and since all distances after the first 32K of\n output will fall in the output data, making match copies simpler and faster.\n The advantage may be dependent on the size of the processor's data caches.\n */\nfunction updatewindow(strm, src, end, copy) {\n let dist;\n const state = strm.state;\n\n /* if it hasn't been done already, allocate space for the window */\n if (state.window === null) {\n state.wsize = 1 << state.wbits;\n state.wnext = 0;\n state.whave = 0;\n\n state.window = new utils.Buf8(state.wsize);\n }\n\n /* copy state->wsize or less output bytes into the circular window */\n if (copy >= state.wsize) {\n utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);\n state.wnext = 0;\n state.whave = state.wsize;\n }\n else {\n dist = state.wsize - state.wnext;\n if (dist > copy) {\n dist = copy;\n }\n //zmemcpy(state->window + state->wnext, end - copy, dist);\n utils.arraySet(state.window, src, end - copy, dist, state.wnext);\n copy -= dist;\n if (copy) {\n //zmemcpy(state->window, end - copy, copy);\n utils.arraySet(state.window, src, end - copy, copy, 0);\n state.wnext = copy;\n state.whave = state.wsize;\n }\n else {\n state.wnext += dist;\n if (state.wnext === state.wsize) { state.wnext = 0; }\n if (state.whave < state.wsize) { state.whave += dist; }\n }\n }\n return 0;\n}\n\nfunction inflate(strm, flush) {\n let state;\n let input, output; // input/output buffers\n let next; /* next input INDEX */\n let put; /* next output INDEX */\n let have, left; /* available input and output */\n let hold; /* bit buffer */\n let bits; /* bits in bit buffer */\n let _in, _out; /* save starting available input and output */\n let copy; /* number of stored or match bytes to copy */\n let from; /* where to copy match bytes from */\n let from_source;\n let here = 0; /* current decoding table entry */\n let here_bits, here_op, here_val; // paked \"here\" denormalized (JS specific)\n //var last; /* parent table entry */\n let last_bits, last_op, last_val; // paked \"last\" denormalized (JS specific)\n let len; /* length to copy for repeats, bits to drop */\n let ret; /* return code */\n let hbuf = new utils.Buf8(4); /* buffer for gzip header crc calculation */\n let opts;\n\n let n; // temporary var for NEED_BITS\n\n const order = /* permutation of code lengths */\n [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];\n\n\n if (!strm || !strm.state || !strm.output ||\n (!strm.input && strm.avail_in !== 0)) {\n return Z_STREAM_ERROR;\n }\n\n state = strm.state;\n if (state.mode === TYPE) { state.mode = TYPEDO; } /* skip check */\n\n\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n _in = have;\n _out = left;\n ret = Z_OK;\n\n inf_leave: // goto emulation\n for (;;) {\n switch (state.mode) {\n case HEAD:\n if (state.wrap === 0) {\n state.mode = TYPEDO;\n break;\n }\n //=== NEEDBITS(16);\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */\n state.check = 0/*crc32(0L, Z_NULL, 0)*/;\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = FLAGS;\n break;\n }\n state.flags = 0; /* expect zlib header */\n if (state.head) {\n state.head.done = false;\n }\n if (!(state.wrap & 1) || /* check if zlib header allowed */\n (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {\n strm.msg = 'incorrect header check';\n state.mode = BAD;\n break;\n }\n if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n len = (hold & 0x0f)/*BITS(4)*/ + 8;\n if (state.wbits === 0) {\n state.wbits = len;\n }\n else if (len > state.wbits) {\n strm.msg = 'invalid window size';\n state.mode = BAD;\n break;\n }\n state.dmax = 1 << len;\n //Tracev((stderr, \"inflate: zlib header ok\\n\"));\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = hold & 0x200 ? DICTID : TYPE;\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n break;\n case FLAGS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.flags = hold;\n if ((state.flags & 0xff) !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n if (state.flags & 0xe000) {\n strm.msg = 'unknown header flags set';\n state.mode = BAD;\n break;\n }\n if (state.head) {\n state.head.text = ((hold >> 8) & 1);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = TIME;\n /* falls through */\n case TIME:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.time = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC4(state.check, hold)\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n hbuf[2] = (hold >>> 16) & 0xff;\n hbuf[3] = (hold >>> 24) & 0xff;\n state.check = crc32(state.check, hbuf, 4, 0);\n //===\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = OS;\n /* falls through */\n case OS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.xflags = (hold & 0xff);\n state.head.os = (hold >> 8);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = EXLEN;\n /* falls through */\n case EXLEN:\n if (state.flags & 0x0400) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length = hold;\n if (state.head) {\n state.head.extra_len = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n else if (state.head) {\n state.head.extra = null/*Z_NULL*/;\n }\n state.mode = EXTRA;\n /* falls through */\n case EXTRA:\n if (state.flags & 0x0400) {\n copy = state.length;\n if (copy > have) { copy = have; }\n if (copy) {\n if (state.head) {\n len = state.head.extra_len - state.length;\n if (!state.head.extra) {\n // Use untyped array for more convenient processing later\n state.head.extra = new Array(state.head.extra_len);\n }\n utils.arraySet(\n state.head.extra,\n input,\n next,\n // extra field is limited to 65536 bytes\n // - no need for additional size check\n copy,\n /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/\n len\n );\n //zmemcpy(state.head.extra + len, next,\n // len + copy > state.head.extra_max ?\n // state.head.extra_max - len : copy);\n }\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n state.length -= copy;\n }\n if (state.length) { break inf_leave; }\n }\n state.length = 0;\n state.mode = NAME;\n /* falls through */\n case NAME:\n if (state.flags & 0x0800) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n // TODO: 2 or 1 bytes?\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.name_max*/)) {\n state.head.name += String.fromCharCode(len);\n }\n } while (len && copy < have);\n\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.name = null;\n }\n state.length = 0;\n state.mode = COMMENT;\n /* falls through */\n case COMMENT:\n if (state.flags & 0x1000) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.comm_max*/)) {\n state.head.comment += String.fromCharCode(len);\n }\n } while (len && copy < have);\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.comment = null;\n }\n state.mode = HCRC;\n /* falls through */\n case HCRC:\n if (state.flags & 0x0200) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.check & 0xffff)) {\n strm.msg = 'header crc mismatch';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n if (state.head) {\n state.head.hcrc = ((state.flags >> 9) & 1);\n state.head.done = true;\n }\n strm.adler = state.check = 0;\n state.mode = TYPE;\n break;\n case DICTID:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n strm.adler = state.check = zswap32(hold);\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = DICT;\n /* falls through */\n case DICT:\n if (state.havedict === 0) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n return Z_NEED_DICT;\n }\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = TYPE;\n /* falls through */\n case TYPE:\n if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case TYPEDO:\n if (state.last) {\n //--- BYTEBITS() ---//\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n state.mode = CHECK;\n break;\n }\n //=== NEEDBITS(3); */\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.last = (hold & 0x01)/*BITS(1)*/;\n //--- DROPBITS(1) ---//\n hold >>>= 1;\n bits -= 1;\n //---//\n\n switch ((hold & 0x03)/*BITS(2)*/) {\n case 0: /* stored block */\n //Tracev((stderr, \"inflate: stored block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = STORED;\n break;\n case 1: /* fixed block */\n fixedtables(state);\n //Tracev((stderr, \"inflate: fixed codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = LEN_; /* decode codes */\n if (flush === Z_TREES) {\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break inf_leave;\n }\n break;\n case 2: /* dynamic block */\n //Tracev((stderr, \"inflate: dynamic codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = TABLE;\n break;\n case 3:\n strm.msg = 'invalid block type';\n state.mode = BAD;\n }\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break;\n case STORED:\n //--- BYTEBITS() ---// /* go to byte boundary */\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {\n strm.msg = 'invalid stored block lengths';\n state.mode = BAD;\n break;\n }\n state.length = hold & 0xffff;\n //Tracev((stderr, \"inflate: stored length %u\\n\",\n // state.length));\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = COPY_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case COPY_:\n state.mode = COPY;\n /* falls through */\n case COPY:\n copy = state.length;\n if (copy) {\n if (copy > have) { copy = have; }\n if (copy > left) { copy = left; }\n if (copy === 0) { break inf_leave; }\n //--- zmemcpy(put, next, copy); ---\n utils.arraySet(output, input, next, copy, put);\n //---//\n have -= copy;\n next += copy;\n left -= copy;\n put += copy;\n state.length -= copy;\n break;\n }\n //Tracev((stderr, \"inflate: stored end\\n\"));\n state.mode = TYPE;\n break;\n case TABLE:\n //=== NEEDBITS(14); */\n while (bits < 14) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n//#ifndef PKZIP_BUG_WORKAROUND\n if (state.nlen > 286 || state.ndist > 30) {\n strm.msg = 'too many length or distance symbols';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracev((stderr, \"inflate: table sizes ok\\n\"));\n state.have = 0;\n state.mode = LENLENS;\n /* falls through */\n case LENLENS:\n while (state.have < state.ncode) {\n //=== NEEDBITS(3);\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n while (state.have < 19) {\n state.lens[order[state.have++]] = 0;\n }\n // We have separate tables & no pointers. 2 commented lines below not needed.\n //state.next = state.codes;\n //state.lencode = state.next;\n // Switch to use dynamic table\n state.lencode = state.lendyn;\n state.lenbits = 7;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);\n state.lenbits = opts.bits;\n\n if (ret) {\n strm.msg = 'invalid code lengths set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, \"inflate: code lengths ok\\n\"));\n state.have = 0;\n state.mode = CODELENS;\n /* falls through */\n case CODELENS:\n while (state.have < state.nlen + state.ndist) {\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_val < 16) {\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.lens[state.have++] = here_val;\n }\n else {\n if (here_val === 16) {\n //=== NEEDBITS(here.bits + 2);\n n = here_bits + 2;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n if (state.have === 0) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n len = state.lens[state.have - 1];\n copy = 3 + (hold & 0x03);//BITS(2);\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n }\n else if (here_val === 17) {\n //=== NEEDBITS(here.bits + 3);\n n = here_bits + 3;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 3 + (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n else {\n //=== NEEDBITS(here.bits + 7);\n n = here_bits + 7;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 11 + (hold & 0x7f);//BITS(7);\n //--- DROPBITS(7) ---//\n hold >>>= 7;\n bits -= 7;\n //---//\n }\n if (state.have + copy > state.nlen + state.ndist) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n while (copy--) {\n state.lens[state.have++] = len;\n }\n }\n }\n\n /* handle error breaks in while */\n if (state.mode === BAD) { break; }\n\n /* check for end-of-block code (better have one) */\n if (state.lens[256] === 0) {\n strm.msg = 'invalid code -- missing end-of-block';\n state.mode = BAD;\n break;\n }\n\n /* build code tables -- note: do not change the lenbits or distbits\n values here (9 and 6) without reading the comments in inftrees.h\n concerning the ENOUGH constants, which depend on those values */\n state.lenbits = 9;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.lenbits = opts.bits;\n // state.lencode = state.next;\n\n if (ret) {\n strm.msg = 'invalid literal/lengths set';\n state.mode = BAD;\n break;\n }\n\n state.distbits = 6;\n //state.distcode.copy(state.codes);\n // Switch to use dynamic table\n state.distcode = state.distdyn;\n opts = { bits: state.distbits };\n ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.distbits = opts.bits;\n // state.distcode = state.next;\n\n if (ret) {\n strm.msg = 'invalid distances set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, 'inflate: codes ok\\n'));\n state.mode = LEN_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case LEN_:\n state.mode = LEN;\n /* falls through */\n case LEN:\n if (have >= 6 && left >= 258) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n inflate_fast(strm, _out);\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n if (state.mode === TYPE) {\n state.back = -1;\n }\n break;\n }\n state.back = 0;\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if (here_bits <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_op && (here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.lencode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n state.length = here_val;\n if (here_op === 0) {\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n state.mode = LIT;\n break;\n }\n if (here_op & 32) {\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.back = -1;\n state.mode = TYPE;\n break;\n }\n if (here_op & 64) {\n strm.msg = 'invalid literal/length code';\n state.mode = BAD;\n break;\n }\n state.extra = here_op & 15;\n state.mode = LENEXT;\n /* falls through */\n case LENEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", state.length));\n state.was = state.length;\n state.mode = DIST;\n /* falls through */\n case DIST:\n for (;;) {\n here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if ((here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.distcode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n if (here_op & 64) {\n strm.msg = 'invalid distance code';\n state.mode = BAD;\n break;\n }\n state.offset = here_val;\n state.extra = (here_op) & 15;\n state.mode = DISTEXT;\n /* falls through */\n case DISTEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n//#ifdef INFLATE_STRICT\n if (state.offset > state.dmax) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracevv((stderr, \"inflate: distance %u\\n\", state.offset));\n state.mode = MATCH;\n /* falls through */\n case MATCH:\n if (left === 0) { break inf_leave; }\n copy = _out - left;\n if (state.offset > copy) { /* copy from window */\n copy = state.offset - copy;\n if (copy > state.whave) {\n if (state.sane) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n// (!) This block is disabled in zlib defaults,\n// don't enable it for binary compatibility\n//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n// Trace((stderr, \"inflate.c too far\\n\"));\n// copy -= state.whave;\n// if (copy > state.length) { copy = state.length; }\n// if (copy > left) { copy = left; }\n// left -= copy;\n// state.length -= copy;\n// do {\n// output[put++] = 0;\n// } while (--copy);\n// if (state.length === 0) { state.mode = LEN; }\n// break;\n//#endif\n }\n if (copy > state.wnext) {\n copy -= state.wnext;\n from = state.wsize - copy;\n }\n else {\n from = state.wnext - copy;\n }\n if (copy > state.length) { copy = state.length; }\n from_source = state.window;\n }\n else { /* copy from output */\n from_source = output;\n from = put - state.offset;\n copy = state.length;\n }\n if (copy > left) { copy = left; }\n left -= copy;\n state.length -= copy;\n do {\n output[put++] = from_source[from++];\n } while (--copy);\n if (state.length === 0) { state.mode = LEN; }\n break;\n case LIT:\n if (left === 0) { break inf_leave; }\n output[put++] = state.length;\n left--;\n state.mode = LEN;\n break;\n case CHECK:\n if (state.wrap) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n // Use '|' instead of '+' to make sure that result is signed\n hold |= input[next++] << bits;\n bits += 8;\n }\n //===//\n _out -= left;\n strm.total_out += _out;\n state.total += _out;\n if (_out) {\n strm.adler = state.check =\n /*UPDATE(state.check, put - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));\n\n }\n _out = left;\n // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too\n if ((state.flags ? hold : zswap32(hold)) !== state.check) {\n strm.msg = 'incorrect data check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: check matches trailer\\n\"));\n }\n state.mode = LENGTH;\n /* falls through */\n case LENGTH:\n if (state.wrap && state.flags) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.total & 0xffffffff)) {\n strm.msg = 'incorrect length check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: length matches trailer\\n\"));\n }\n state.mode = DONE;\n /* falls through */\n case DONE:\n ret = Z_STREAM_END;\n break inf_leave;\n case BAD:\n ret = Z_DATA_ERROR;\n break inf_leave;\n // case MEM:\n // return Z_MEM_ERROR;\n case SYNC:\n /* falls through */\n default:\n return Z_STREAM_ERROR;\n }\n }\n\n // inf_leave <- here is real place for \"goto inf_leave\", emulated via \"break inf_leave\"\n\n /*\n Return from inflate(), updating the total counts and the check value.\n If there was no progress during the inflate() call, return a buffer\n error. Call updatewindow() to create and/or update the window state.\n Note: a memory error from inflate() is non-recoverable.\n */\n\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n\n if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&\n (state.mode < CHECK || flush !== Z_FINISH))) {\n if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n }\n }\n _in -= strm.avail_in;\n _out -= strm.avail_out;\n strm.total_in += _in;\n strm.total_out += _out;\n state.total += _out;\n if (state.wrap && _out) {\n strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));\n }\n strm.data_type = state.bits + (state.last ? 64 : 0) +\n (state.mode === TYPE ? 128 : 0) +\n (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);\n if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {\n ret = Z_BUF_ERROR;\n }\n return ret;\n}\n\nfunction inflateEnd(strm) {\n\n if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {\n return Z_STREAM_ERROR;\n }\n\n const state = strm.state;\n if (state.window) {\n state.window = null;\n }\n strm.state = null;\n return Z_OK;\n}\n\nfunction inflateGetHeader(strm, head) {\n let state;\n\n /* check state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }\n\n /* save header structure */\n state.head = head;\n head.done = false;\n return Z_OK;\n}\n\nfunction inflateSetDictionary(strm, dictionary) {\n const dictLength = dictionary.length;\n\n let state;\n let dictid;\n let ret;\n\n /* check state */\n if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n if (state.wrap !== 0 && state.mode !== DICT) {\n return Z_STREAM_ERROR;\n }\n\n /* check for correct dictionary identifier */\n if (state.mode === DICT) {\n dictid = 1; /* adler32(0, null, 0)*/\n /* dictid = adler32(dictid, dictionary, dictLength); */\n dictid = adler32(dictid, dictionary, dictLength, 0);\n if (dictid !== state.check) {\n return Z_DATA_ERROR;\n }\n }\n /* copy dictionary to window using updatewindow(), which will amend the\n existing dictionary if appropriate */\n ret = updatewindow(strm, dictionary, dictLength, dictLength);\n // if (ret) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n // }\n state.havedict = 1;\n // Tracev((stderr, \"inflate: dictionary set\\n\"));\n return Z_OK;\n}\n\nconst inflateInfo = 'pako inflate (from Nodeca project)';\n\nexport {\n inflateReset,\n inflateReset2,\n inflateResetKeep,\n inflateInit,\n inflateInit2,\n inflate,\n inflateEnd,\n inflateGetHeader,\n inflateSetDictionary,\n inflateInfo\n};\n\n/* Not implemented\nexports.inflateCopy = inflateCopy;\nexports.inflateGetDictionary = inflateGetDictionary;\nexports.inflateMark = inflateMark;\nexports.inflatePrime = inflatePrime;\nexports.inflateSync = inflateSync;\nexports.inflateSyncPoint = inflateSyncPoint;\nexports.inflateUndermine = inflateUndermine;\n*/\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class GZheader {\n constructor() {\n /* true if compressed data believed to be text */\n this.text = 0;\n /* modification time */\n this.time = 0;\n /* extra flags (not used when writing a gzip file) */\n this.xflags = 0;\n /* operating system */\n this.os = 0;\n /* pointer to extra field or Z_NULL if none */\n this.extra = null;\n /* extra field length (valid if extra != Z_NULL) */\n this.extra_len = 0; // Actually, we don't need it in JS,\n // but leave for few code modifications\n\n //\n // Setup limits is not necessary because in js we should not preallocate memory\n // for inflate use constant limit in 65536 bytes\n //\n\n /* space at extra (only when reading header) */\n // this.extra_max = 0;\n /* pointer to zero-terminated file name or Z_NULL */\n this.name = '';\n /* space at name (only when reading header) */\n // this.name_max = 0;\n /* pointer to zero-terminated comment or Z_NULL */\n this.comment = '';\n /* space at comment (only when reading header) */\n // this.comm_max = 0;\n /* true if there was or will be a header crc */\n this.hcrc = 0;\n /* true when done reading gzip header (not used when writing a gzip file) */\n this.done = false;\n }\n}","'use strict';\n\nimport * as zlib_inflate from \"./zlib/inflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport * as c from \"./zlib/constants.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\nimport GZheader from \"./zlib/gzheader.js\";\n\n/**\n * class Inflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[inflate]]\n * and [[inflateRaw]].\n **/\n\n/* internal\n * inflate.chunks -> Array\n *\n * Chunks of output data, if [[Inflate#onData]] not overridden.\n **/\n\n/**\n * Inflate.result -> Uint8Array|Array|String\n *\n * Uncompressed result, generated by default [[Inflate#onData]]\n * and [[Inflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Inflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Inflate.err -> Number\n *\n * Error code after inflate finished. 0 (Z_OK) on success.\n * Should be checked if broken data possible.\n **/\n\n/**\n * Inflate.msg -> String\n *\n * Error message, if [[Inflate.err]] != 0\n **/\n\n\n/**\n * new Inflate(options)\n * - options (Object): zlib inflate options.\n *\n * Creates new inflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `windowBits`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw inflate\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n * By default, when no options set, autodetect deflate/gzip data format via\n * wrapper header.\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var inflate = new pako.Inflate({ level: 3});\n *\n * inflate.push(chunk1, false);\n * inflate.push(chunk2, true); // true -> last chunk\n *\n * if (inflate.err) { throw new Error(inflate.err); }\n *\n * console.log(inflate.result);\n * ```\n **/\nclass Inflate {\n constructor(options) {\n this.options = {\n chunkSize: 16384,\n windowBits: 0,\n ...(options || {})\n };\n\n const opt = this.options;\n\n // Force window size for `raw` data, if not set directly,\n // because we have no header for autodetect.\n if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {\n opt.windowBits = -opt.windowBits;\n if (opt.windowBits === 0) { opt.windowBits = -15; }\n }\n\n // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate\n if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&\n !(options && options.windowBits)) {\n opt.windowBits += 32;\n }\n\n // Gzip header has no info about windows size, we can do autodetect only\n // for deflate. So, if window size not set, force it to max when gzip possible\n if ((opt.windowBits > 15) && (opt.windowBits < 48)) {\n // bit 3 (16) -> gzipped data\n // bit 4 (32) -> autodetect gzip/deflate\n if ((opt.windowBits & 15) === 0) {\n opt.windowBits |= 15;\n }\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n let status = zlib_inflate.inflateInit2(\n this.strm,\n opt.windowBits\n );\n\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n\n this.header = new GZheader();\n\n zlib_inflate.inflateGetHeader(this.strm, this.header);\n\n // Setup dictionary\n if (opt.dictionary) {\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n opt.dictionary = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n opt.dictionary = new Uint8Array(opt.dictionary);\n }\n if (opt.raw) { //In raw mode we need to set the dictionary early\n status = zlib_inflate.inflateSetDictionary(this.strm, opt.dictionary);\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n }\n }\n }\n /**\n * Inflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with\n * new output chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the decompression context.\n *\n * On fail call [[Inflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize, dictionary } } = this;\n let status, _mode;\n let next_out_utf8, tail, utf8str;\n\n // Flag to properly process Z_BUF_ERROR on testing inflate call\n // when we check that all output data was flushed.\n let allowBufError = false;\n\n if (this.ended) { return false; }\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // Only binary strings can be decompressed on practice\n strm.input = strings.binstring2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n\n status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH); /* no bad return value */\n\n if (status === c.Z_NEED_DICT && dictionary) {\n status = zlib_inflate.inflateSetDictionary(this.strm, dictionary);\n }\n\n if (status === c.Z_BUF_ERROR && allowBufError === true) {\n status = c.Z_OK;\n allowBufError = false;\n }\n\n if (status !== c.Z_STREAM_END && status !== c.Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n\n if (strm.next_out) {\n if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n }\n\n // When no more input data, we should check that internal inflate buffers\n // are flushed. The only way to do it when avail_out = 0 - run one more\n // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.\n // Here we set flag to process this error properly.\n //\n // NOTE. Deflate does not return error in this case and does not needs such\n // logic.\n if (strm.avail_in === 0 && strm.avail_out === 0) {\n allowBufError = true;\n }\n\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);\n\n if (status === c.Z_STREAM_END) {\n _mode = c.Z_FINISH;\n }\n\n // Finalize on the last chunk.\n if (_mode === c.Z_FINISH) {\n status = zlib_inflate.inflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === c.Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === c.Z_SYNC_FLUSH) {\n this.onEnd(c.Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n\n /**\n * Inflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n\n\n /**\n * Inflate#onEnd(status) -> Void\n * - status (Number): inflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called either after you tell inflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === c.Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n/**\n * inflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Decompress `data` with inflate/ungzip and `options`. Autodetect\n * format via wrapper header by default. That's why we don't provide\n * separate `ungzip` method.\n *\n * Supported options are:\n *\n * - windowBits\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , input = pako.deflate([1,2,3,4,5,6,7,8,9])\n * , output;\n *\n * try {\n * output = pako.inflate(input);\n * } catch (err)\n * console.log(err);\n * }\n * ```\n **/\nfunction inflate(input, options) {\n const inflator = new Inflate(options);\n\n inflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (inflator.err) { throw new Error(inflator.msg || msg[inflator.err]); }\n\n return inflator.result;\n}\n\n\n/**\n * inflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * The same as [[inflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction inflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return inflate(input, options);\n}\n\n\n/**\n * ungzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Just shortcut to [[inflate]], because it autodetects format\n * by header.content. Done for convenience.\n **/\n\nexport { Inflate, inflate, inflateRaw, inflate as ungzip };\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuer,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.signedHashValue = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n this.params = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length));\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false) {\n if (key.version === 5) {\n this.version = 5;\n } else {\n this.version = 4;\n }\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = [];\n this.unhashedSubpackets.forEach(data => {\n arr.push(writeSimpleLength(data.length));\n arr.push(data);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n // V4 signature sub packets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n if (!hashed) {\n this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n mypos++;\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuer:\n // Issuer\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion === 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n default: {\n const err = new Error(`Unknown signature subpacket type ${type}`);\n if (critical) {\n throw err;\n } else {\n util.printDebug(err);\n }\n }\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, 2));\n\n let i = 2;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n constructor() {\n /** A one-octet version number. The current version is 3. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** An eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current version is 3.\n this.version = bytes[mypos++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n // An eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]);\n\n const end = new Uint8Array([this.flags]);\n\n return util.concatUint8Array([start, this.issuerKeyID.write(), end]);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID)\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnsupportedError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Deflate } from '@openpgp/pako/lib/deflate';\nimport { Inflate } from '@openpgp/pako/lib/inflate';\nimport { Z_SYNC_FLUSH, Z_FINISH } from '@openpgp/pako/lib/zlib/constants';\nimport { decode as BunzipDecode } from '@openpgp/seek-bzip';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n\n /**\n * zip/zlib compression level, between 1 and 9\n */\n this.deflateLevel = config.deflateLevel;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName];\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write(), this.deflateLevel);\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nconst nodeZlib = util.getNodeZlib();\n\nfunction uncompressed(data) {\n return data;\n}\n\nfunction node_zlib(func, create, options = {}) {\n return function (data) {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(data => {\n return new Promise((resolve, reject) => {\n func(data, options, (err, result) => {\n if (err) return reject(err);\n resolve(result);\n });\n });\n }));\n }\n return stream.nodeToWeb(stream.webToNode(data).pipe(create(options)));\n };\n}\n\nfunction pako_zlib(constructor, options = {}) {\n return function(data) {\n const obj = new constructor(options);\n return stream.transform(data, value => {\n if (value.length) {\n obj.push(value, Z_SYNC_FLUSH);\n return obj.result;\n }\n }, () => {\n if (constructor === Deflate) {\n obj.push([], Z_FINISH);\n return obj.result;\n }\n });\n };\n}\n\nfunction bzip2(func) {\n return function(data) {\n return stream.fromAsync(async () => func(await stream.readToEnd(data)));\n };\n}\n\nconst compress_fns = nodeZlib ? {\n zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed)\n} : {\n zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed)\n};\n\nconst decompress_fns = nodeZlib ? {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw),\n zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n} : {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }),\n zlib: /*#__PURE__*/ pako_zlib(Inflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n constructor() {\n this.version = VERSION;\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n // - A one-octet version number. The only currently defined value is 1.\n if (version !== VERSION) {\n throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`);\n }\n\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n return util.concat([new Uint8Array([VERSION]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n let packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await this.crypt('decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await this.crypt('encrypt', key, data);\n }\n\n /**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\n async crypt(fn, key, data) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const modeInstance = await mode(this.cipherAlgorithm, key);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const adataBuffer = new ArrayBuffer(21);\n const adataArray = new Uint8Array(adataBuffer, 0, 13);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n const iv = this.iv;\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new stream.TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray);\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...)\n cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray);\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = 3;\n\n this.publicKeyID = new KeyID();\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n i += this.publicKeyID.read(bytes.subarray(i));\n this.publicKeyAlgorithm = bytes[i++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version);\n if (this.publicKeyAlgorithm === enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version]),\n this.publicKeyID.write(),\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n // v3 Montgomery curves have cleartext cipher algo\n if (this.publicKeyAlgorithm !== enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = sessionKeyAlgorithm;\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // add checksum\n return util.concatUint8Array([\n new Uint8Array([cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n }\n case enums.publicKey.x25519:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm);\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n return {\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n * @private\n */\n\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport { UnsupportedError } from '../packet/packet';\nimport util from '../util';\n\nclass S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = 'iterated';\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n try {\n this.type = enums.read(enums.s2k, bytes[i++]);\n } catch (err) {\n throw new UnsupportedError('Unknown S2K type.');\n }\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport S2K from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 5 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = enums.symmetric.aes256;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number. The only currently defined version is 4.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version === 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n this.s2k = new S2K();\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version === 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, key);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n } else {\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const encryptionKey = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v5Keys ? 5 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes) {\n let pos = 0;\n // A one-octet version number (3, 4 or 5).\n this.version = bytes[pos++];\n\n if (this.version === 4 || this.version === 5) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version === 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version === 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n if (version === 5) {\n return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]);\n }\n return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version === 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version === 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport S2K from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n this.s2k = new S2K();\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipher(this.symmetric).blockSize\n );\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n const cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...this.s2k.write());\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = new S2K(config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n\n const { blockSize } = crypto.getCipher(this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = enums.aead.eax;\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } else {\n this.s2kUsage = 254;\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\nasync function produceEncryptionKey(s2k, passphrase, algorithm) {\n const { keySize } = crypto.getCipher(algorithm);\n return s2k.produceKey(passphrase, keySize);\n}\n\nexport default SecretKeyPacket;\n","\n// email-addresses.js - RFC 5322 email address parser\n// v 3.1.0\n//\n// http://tools.ietf.org/html/rfc5322\n//\n// This library does not validate email addresses.\n// emailAddresses attempts to parse addresses using the (fairly liberal)\n// grammar specified in RFC 5322.\n//\n// email-addresses returns {\n// ast: ,\n// addresses: [{\n// node: ,\n// name: ,\n// address: ,\n// local: ,\n// domain: \n// }, ...]\n// }\n//\n// emailAddresses.parseOneAddress and emailAddresses.parseAddressList\n// work as you might expect. Try it out.\n//\n// Many thanks to Dominic Sayers and his documentation on the is_email function,\n// http://code.google.com/p/isemail/ , which helped greatly in writing this parser.\n\n(function (global) {\n\"use strict\";\n\nfunction parse5322(opts) {\n\n // tokenizing functions\n\n function inStr() { return pos < len; }\n function curTok() { return parseString[pos]; }\n function getPos() { return pos; }\n function setPos(i) { pos = i; }\n function nextTok() { pos += 1; }\n function initialize() {\n pos = 0;\n len = parseString.length;\n }\n\n // parser helper functions\n\n function o(name, value) {\n return {\n name: name,\n tokens: value || \"\",\n semantic: value || \"\",\n children: []\n };\n }\n\n function wrap(name, ast) {\n var n;\n if (ast === null) { return null; }\n n = o(name);\n n.tokens = ast.tokens;\n n.semantic = ast.semantic;\n n.children.push(ast);\n return n;\n }\n\n function add(parent, child) {\n if (child !== null) {\n parent.tokens += child.tokens;\n parent.semantic += child.semantic;\n }\n parent.children.push(child);\n return parent;\n }\n\n function compareToken(fxnCompare) {\n var tok;\n if (!inStr()) { return null; }\n tok = curTok();\n if (fxnCompare(tok)) {\n nextTok();\n return o('token', tok);\n }\n return null;\n }\n\n function literal(lit) {\n return function literalFunc() {\n return wrap('literal', compareToken(function (tok) {\n return tok === lit;\n }));\n };\n }\n\n function and() {\n var args = arguments;\n return function andFunc() {\n var i, s, result, start;\n start = getPos();\n s = o('and');\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result === null) {\n setPos(start);\n return null;\n }\n add(s, result);\n }\n return s;\n };\n }\n\n function or() {\n var args = arguments;\n return function orFunc() {\n var i, result, start;\n start = getPos();\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result !== null) {\n return result;\n }\n setPos(start);\n }\n return null;\n };\n }\n\n function opt(prod) {\n return function optFunc() {\n var result, start;\n start = getPos();\n result = prod();\n if (result !== null) {\n return result;\n }\n else {\n setPos(start);\n return o('opt');\n }\n };\n }\n\n function invis(prod) {\n return function invisFunc() {\n var result = prod();\n if (result !== null) {\n result.semantic = \"\";\n }\n return result;\n };\n }\n\n function colwsp(prod) {\n return function collapseSemanticWhitespace() {\n var result = prod();\n if (result !== null && result.semantic.length > 0) {\n result.semantic = \" \";\n }\n return result;\n };\n }\n\n function star(prod, minimum) {\n return function starFunc() {\n var s, result, count, start, min;\n start = getPos();\n s = o('star');\n count = 0;\n min = minimum === undefined ? 0 : minimum;\n while ((result = prod()) !== null) {\n count = count + 1;\n add(s, result);\n }\n if (count >= min) {\n return s;\n }\n else {\n setPos(start);\n return null;\n }\n };\n }\n\n // One expects names to get normalized like this:\n // \" First Last \" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n function collapseWhitespace(s) {\n return s.replace(/([ \\t]|\\r\\n)+/g, ' ').replace(/^\\s*/, '').replace(/\\s*$/, '');\n }\n\n // UTF-8 pseudo-production (RFC 6532)\n // RFC 6532 extends RFC 5322 productions to include UTF-8\n // using the following productions:\n // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4\n // UTF8-2 = \n // UTF8-3 = \n // UTF8-4 = \n //\n // For reference, the extended RFC 5322 productions are:\n // VCHAR =/ UTF8-non-ascii\n // ctext =/ UTF8-non-ascii\n // atext =/ UTF8-non-ascii\n // qtext =/ UTF8-non-ascii\n // dtext =/ UTF8-non-ascii\n function isUTF8NonAscii(tok) {\n // In JavaScript, we just deal directly with Unicode code points,\n // so we aren't checking individual bytes for UTF-8 encoding.\n // Just check that the character is non-ascii.\n return tok.charCodeAt(0) >= 128;\n }\n\n\n // common productions (RFC 5234)\n // http://tools.ietf.org/html/rfc5234\n // B.1. Core Rules\n\n // CR = %x0D\n // ; carriage return\n function cr() { return wrap('cr', literal('\\r')()); }\n\n // CRLF = CR LF\n // ; Internet standard newline\n function crlf() { return wrap('crlf', and(cr, lf)()); }\n\n // DQUOTE = %x22\n // ; \" (Double Quote)\n function dquote() { return wrap('dquote', literal('\"')()); }\n\n // HTAB = %x09\n // ; horizontal tab\n function htab() { return wrap('htab', literal('\\t')()); }\n\n // LF = %x0A\n // ; linefeed\n function lf() { return wrap('lf', literal('\\n')()); }\n\n // SP = %x20\n function sp() { return wrap('sp', literal(' ')()); }\n\n // VCHAR = %x21-7E\n // ; visible (printing) characters\n function vchar() {\n return wrap('vchar', compareToken(function vcharFunc(tok) {\n var code = tok.charCodeAt(0);\n var accept = (0x21 <= code && code <= 0x7E);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // WSP = SP / HTAB\n // ; white space\n function wsp() { return wrap('wsp', or(sp, htab)()); }\n\n\n // email productions (RFC 5322)\n // http://tools.ietf.org/html/rfc5322\n // 3.2.1. Quoted characters\n\n // quoted-pair = (\"\\\" (VCHAR / WSP)) / obs-qp\n function quotedPair() {\n var qp = wrap('quoted-pair',\n or(\n and(literal('\\\\'), or(vchar, wsp)),\n obsQP\n )());\n if (qp === null) { return null; }\n // a quoted pair will be two characters, and the \"\\\" character\n // should be semantically \"invisible\" (RFC 5322 3.2.1)\n qp.semantic = qp.semantic[1];\n return qp;\n }\n\n // 3.2.2. Folding White Space and Comments\n\n // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS\n function fws() {\n return wrap('fws', or(\n obsFws,\n and(\n opt(and(\n star(wsp),\n invis(crlf)\n )),\n star(wsp, 1)\n )\n )());\n }\n\n // ctext = %d33-39 / ; Printable US-ASCII\n // %d42-91 / ; characters not including\n // %d93-126 / ; \"(\", \")\", or \"\\\"\n // obs-ctext\n function ctext() {\n return wrap('ctext', or(\n function ctextFunc1() {\n return compareToken(function ctextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 39) ||\n (42 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsCtext\n )());\n }\n\n // ccontent = ctext / quoted-pair / comment\n function ccontent() {\n return wrap('ccontent', or(ctext, quotedPair, comment)());\n }\n\n // comment = \"(\" *([FWS] ccontent) [FWS] \")\"\n function comment() {\n return wrap('comment', and(\n literal('('),\n star(and(opt(fws), ccontent)),\n opt(fws),\n literal(')')\n )());\n }\n\n // CFWS = (1*([FWS] comment) [FWS]) / FWS\n function cfws() {\n return wrap('cfws', or(\n and(\n star(\n and(opt(fws), comment),\n 1\n ),\n opt(fws)\n ),\n fws\n )());\n }\n\n // 3.2.3. Atom\n\n //atext = ALPHA / DIGIT / ; Printable US-ASCII\n // \"!\" / \"#\" / ; characters not including\n // \"$\" / \"%\" / ; specials. Used for atoms.\n // \"&\" / \"'\" /\n // \"*\" / \"+\" /\n // \"-\" / \"/\" /\n // \"=\" / \"?\" /\n // \"^\" / \"_\" /\n // \"`\" / \"{\" /\n // \"|\" / \"}\" /\n // \"~\"\n function atext() {\n return wrap('atext', compareToken(function atextFunc(tok) {\n var accept =\n ('a' <= tok && tok <= 'z') ||\n ('A' <= tok && tok <= 'Z') ||\n ('0' <= tok && tok <= '9') ||\n (['!', '#', '$', '%', '&', '\\'', '*', '+', '-', '/',\n '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // atom = [CFWS] 1*atext [CFWS]\n function atom() {\n return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))());\n }\n\n // dot-atom-text = 1*atext *(\".\" 1*atext)\n function dotAtomText() {\n var s, maybeText;\n s = wrap('dot-atom-text', star(atext, 1)());\n if (s === null) { return s; }\n maybeText = star(and(literal('.'), star(atext, 1)))();\n if (maybeText !== null) {\n add(s, maybeText);\n }\n return s;\n }\n\n // dot-atom = [CFWS] dot-atom-text [CFWS]\n function dotAtom() {\n return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))());\n }\n\n // 3.2.4. Quoted Strings\n\n // qtext = %d33 / ; Printable US-ASCII\n // %d35-91 / ; characters not including\n // %d93-126 / ; \"\\\" or the quote character\n // obs-qtext\n function qtext() {\n return wrap('qtext', or(\n function qtextFunc1() {\n return compareToken(function qtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 === code) ||\n (35 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsQtext\n )());\n }\n\n // qcontent = qtext / quoted-pair\n function qcontent() {\n return wrap('qcontent', or(qtext, quotedPair)());\n }\n\n // quoted-string = [CFWS]\n // DQUOTE *([FWS] qcontent) [FWS] DQUOTE\n // [CFWS]\n function quotedString() {\n return wrap('quoted-string', and(\n invis(opt(cfws)),\n invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote),\n invis(opt(cfws))\n )());\n }\n\n // 3.2.5 Miscellaneous Tokens\n\n // word = atom / quoted-string\n function word() {\n return wrap('word', or(atom, quotedString)());\n }\n\n // phrase = 1*word / obs-phrase\n function phrase() {\n return wrap('phrase', or(obsPhrase, star(word, 1))());\n }\n\n // 3.4. Address Specification\n // address = mailbox / group\n function address() {\n return wrap('address', or(mailbox, group)());\n }\n\n // mailbox = name-addr / addr-spec\n function mailbox() {\n return wrap('mailbox', or(nameAddr, addrSpec)());\n }\n\n // name-addr = [display-name] angle-addr\n function nameAddr() {\n return wrap('name-addr', and(opt(displayName), angleAddr)());\n }\n\n // angle-addr = [CFWS] \"<\" addr-spec \">\" [CFWS] /\n // obs-angle-addr\n function angleAddr() {\n return wrap('angle-addr', or(\n and(\n invis(opt(cfws)),\n literal('<'),\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n ),\n obsAngleAddr\n )());\n }\n\n // group = display-name \":\" [group-list] \";\" [CFWS]\n function group() {\n return wrap('group', and(\n displayName,\n literal(':'),\n opt(groupList),\n literal(';'),\n invis(opt(cfws))\n )());\n }\n\n // display-name = phrase\n function displayName() {\n return wrap('display-name', function phraseFixedSemantic() {\n var result = phrase();\n if (result !== null) {\n result.semantic = collapseWhitespace(result.semantic);\n }\n return result;\n }());\n }\n\n // mailbox-list = (mailbox *(\",\" mailbox)) / obs-mbox-list\n function mailboxList() {\n return wrap('mailbox-list', or(\n and(\n mailbox,\n star(and(literal(','), mailbox))\n ),\n obsMboxList\n )());\n }\n\n // address-list = (address *(\",\" address)) / obs-addr-list\n function addressList() {\n return wrap('address-list', or(\n and(\n address,\n star(and(literal(','), address))\n ),\n obsAddrList\n )());\n }\n\n // group-list = mailbox-list / CFWS / obs-group-list\n function groupList() {\n return wrap('group-list', or(\n mailboxList,\n invis(cfws),\n obsGroupList\n )());\n }\n\n // 3.4.1 Addr-Spec Specification\n\n // local-part = dot-atom / quoted-string / obs-local-part\n function localPart() {\n // note: quoted-string, dotAtom are proper subsets of obs-local-part\n // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree\n return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)());\n }\n\n // dtext = %d33-90 / ; Printable US-ASCII\n // %d94-126 / ; characters not including\n // obs-dtext ; \"[\", \"]\", or \"\\\"\n function dtext() {\n return wrap('dtext', or(\n function dtextFunc1() {\n return compareToken(function dtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 90) ||\n (94 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsDtext\n )()\n );\n }\n\n // domain-literal = [CFWS] \"[\" *([FWS] dtext) [FWS] \"]\" [CFWS]\n function domainLiteral() {\n return wrap('domain-literal', and(\n invis(opt(cfws)),\n literal('['),\n star(and(opt(fws), dtext)),\n opt(fws),\n literal(']'),\n invis(opt(cfws))\n )());\n }\n\n // domain = dot-atom / domain-literal / obs-domain\n function domain() {\n return wrap('domain', function domainCheckTLD() {\n var result = or(obsDomain, dotAtom, domainLiteral)();\n if (opts.rejectTLD) {\n if (result && result.semantic && result.semantic.indexOf('.') < 0) {\n return null;\n }\n }\n // strip all whitespace from domains\n if (result) {\n result.semantic = result.semantic.replace(/\\s+/g, '');\n }\n return result;\n }());\n }\n\n // addr-spec = local-part \"@\" domain\n function addrSpec() {\n return wrap('addr-spec', and(\n localPart, literal('@'), domain\n )());\n }\n\n // 3.6.2 Originator Fields\n // Below we only parse the field body, not the name of the field\n // like \"From:\", \"Sender:\", or \"Reply-To:\". Other libraries that\n // parse email headers can parse those and defer to these productions\n // for the \"RFC 5322\" part.\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // from = \"From:\" (mailbox-list / address-list) CRLF\n function fromSpec() {\n return wrap('from', or(\n mailboxList,\n addressList\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // sender = \"Sender:\" (mailbox / address) CRLF\n function senderSpec() {\n return wrap('sender', or(\n mailbox,\n address\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // reply-to = \"Reply-To:\" address-list CRLF\n function replyToSpec() {\n return wrap('reply-to', addressList());\n }\n\n // 4.1. Miscellaneous Obsolete Tokens\n\n // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control\n // %d11 / ; characters that do not\n // %d12 / ; include the carriage\n // %d14-31 / ; return, line feed, and\n // %d127 ; white space characters\n function obsNoWsCtl() {\n return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) {\n var code = tok.charCodeAt(0);\n return ((1 <= code && code <= 8) ||\n (11 === code || 12 === code) ||\n (14 <= code && code <= 31) ||\n (127 === code));\n }));\n }\n\n // obs-ctext = obs-NO-WS-CTL\n function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); }\n\n // obs-qtext = obs-NO-WS-CTL\n function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); }\n\n // obs-qp = \"\\\" (%d0 / obs-NO-WS-CTL / LF / CR)\n function obsQP() {\n return opts.strict ? null : wrap('obs-qp', and(\n literal('\\\\'),\n or(literal('\\0'), obsNoWsCtl, lf, cr)\n )());\n }\n\n // obs-phrase = word *(word / \".\" / CFWS)\n function obsPhrase() {\n if (opts.strict ) return null;\n return opts.atInDisplayName ? wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), literal('@'), colwsp(cfws)))\n )()) :\n wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), colwsp(cfws)))\n )());\n }\n\n // 4.2. Obsolete Folding White Space\n\n // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908\n // obs-FWS = 1*([CRLF] WSP)\n function obsFws() {\n return opts.strict ? null : wrap('obs-FWS', star(\n and(invis(opt(crlf)), wsp),\n 1\n )());\n }\n\n // 4.4. Obsolete Addressing\n\n // obs-angle-addr = [CFWS] \"<\" obs-route addr-spec \">\" [CFWS]\n function obsAngleAddr() {\n return opts.strict ? null : wrap('obs-angle-addr', and(\n invis(opt(cfws)),\n literal('<'),\n obsRoute,\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n )());\n }\n\n // obs-route = obs-domain-list \":\"\n function obsRoute() {\n return opts.strict ? null : wrap('obs-route', and(\n obsDomainList,\n literal(':')\n )());\n }\n\n // obs-domain-list = *(CFWS / \",\") \"@\" domain\n // *(\",\" [CFWS] [\"@\" domain])\n function obsDomainList() {\n return opts.strict ? null : wrap('obs-domain-list', and(\n star(or(invis(cfws), literal(','))),\n literal('@'),\n domain,\n star(and(\n literal(','),\n invis(opt(cfws)),\n opt(and(literal('@'), domain))\n ))\n )());\n }\n\n // obs-mbox-list = *([CFWS] \",\") mailbox *(\",\" [mailbox / CFWS])\n function obsMboxList() {\n return opts.strict ? null : wrap('obs-mbox-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n mailbox,\n star(and(\n literal(','),\n opt(and(\n mailbox,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-addr-list = *([CFWS] \",\") address *(\",\" [address / CFWS])\n function obsAddrList() {\n return opts.strict ? null : wrap('obs-addr-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n address,\n star(and(\n literal(','),\n opt(and(\n address,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-group-list = 1*([CFWS] \",\") [CFWS]\n function obsGroupList() {\n return opts.strict ? null : wrap('obs-group-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n ), 1),\n invis(opt(cfws))\n )());\n }\n\n // obs-local-part = word *(\".\" word)\n function obsLocalPart() {\n return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))());\n }\n\n // obs-domain = atom *(\".\" atom)\n function obsDomain() {\n return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))());\n }\n\n // obs-dtext = obs-NO-WS-CTL / quoted-pair\n function obsDtext() {\n return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)());\n }\n\n /////////////////////////////////////////////////////\n\n // ast analysis\n\n function findNode(name, root) {\n var i, stack, node;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n return node;\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return null;\n }\n\n function findAllNodes(name, root) {\n var i, stack, node, result;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n result.push(node);\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return result;\n }\n\n function findAllNodesNoChildren(names, root) {\n var i, stack, node, result, namesLookup;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n namesLookup = {};\n for (i = 0; i < names.length; i += 1) {\n namesLookup[names[i]] = true;\n }\n\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name in namesLookup) {\n result.push(node);\n // don't look at children (hence findAllNodesNoChildren)\n } else {\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n }\n return result;\n }\n\n function giveResult(ast) {\n var addresses, groupsAndMailboxes, i, groupOrMailbox, result;\n if (ast === null) {\n return null;\n }\n addresses = [];\n\n // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'.\n groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast);\n for (i = 0; i < groupsAndMailboxes.length; i += 1) {\n groupOrMailbox = groupsAndMailboxes[i];\n if (groupOrMailbox.name === 'group') {\n addresses.push(giveResultGroup(groupOrMailbox));\n } else if (groupOrMailbox.name === 'mailbox') {\n addresses.push(giveResultMailbox(groupOrMailbox));\n }\n }\n\n result = {\n ast: ast,\n addresses: addresses,\n };\n if (opts.simple) {\n result = simplifyResult(result);\n }\n if (opts.oneResult) {\n return oneResult(result);\n }\n if (opts.simple) {\n return result && result.addresses;\n } else {\n return result;\n }\n }\n\n function giveResultGroup(group) {\n var i;\n var groupName = findNode('display-name', group);\n var groupResultMailboxes = [];\n var mailboxes = findAllNodesNoChildren(['mailbox'], group);\n for (i = 0; i < mailboxes.length; i += 1) {\n groupResultMailboxes.push(giveResultMailbox(mailboxes[i]));\n }\n return {\n node: group,\n parts: {\n name: groupName,\n },\n type: group.name, // 'group'\n name: grabSemantic(groupName),\n addresses: groupResultMailboxes,\n };\n }\n\n function giveResultMailbox(mailbox) {\n var name = findNode('display-name', mailbox);\n var aspec = findNode('addr-spec', mailbox);\n var cfws = findAllNodes('cfws', mailbox);\n var comments = findAllNodesNoChildren(['comment'], mailbox);\n\n\n var local = findNode('local-part', aspec);\n var domain = findNode('domain', aspec);\n return {\n node: mailbox,\n parts: {\n name: name,\n address: aspec,\n local: local,\n domain: domain,\n comments: cfws\n },\n type: mailbox.name, // 'mailbox'\n name: grabSemantic(name),\n address: grabSemantic(aspec),\n local: grabSemantic(local),\n domain: grabSemantic(domain),\n comments: concatComments(comments),\n groupName: grabSemantic(mailbox.groupName),\n };\n }\n\n function grabSemantic(n) {\n return n !== null && n !== undefined ? n.semantic : null;\n }\n\n function simplifyResult(result) {\n var i;\n if (result && result.addresses) {\n for (i = 0; i < result.addresses.length; i += 1) {\n delete result.addresses[i].node;\n }\n }\n return result;\n }\n\n function concatComments(comments) {\n var result = '';\n if (comments) {\n for (var i = 0; i < comments.length; i += 1) {\n result += grabSemantic(comments[i]);\n }\n }\n return result;\n }\n\n function oneResult(result) {\n if (!result) { return null; }\n if (!opts.partial && result.addresses.length > 1) { return null; }\n return result.addresses && result.addresses[0];\n }\n\n /////////////////////////////////////////////////////\n\n var parseString, pos, len, parsed, startProduction;\n\n opts = handleOpts(opts, {});\n if (opts === null) { return null; }\n\n parseString = opts.input;\n\n startProduction = {\n 'address': address,\n 'address-list': addressList,\n 'angle-addr': angleAddr,\n 'from': fromSpec,\n 'group': group,\n 'mailbox': mailbox,\n 'mailbox-list': mailboxList,\n 'reply-to': replyToSpec,\n 'sender': senderSpec,\n }[opts.startAt] || addressList;\n\n if (!opts.strict) {\n initialize();\n opts.strict = true;\n parsed = startProduction(parseString);\n if (opts.partial || !inStr()) {\n return giveResult(parsed);\n }\n opts.strict = false;\n }\n\n initialize();\n parsed = startProduction(parseString);\n if (!opts.partial && inStr()) { return null; }\n return giveResult(parsed);\n}\n\nfunction parseOneAddressSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseAddressListSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseFromSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'from',\n }));\n}\n\nfunction parseSenderSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'sender',\n }));\n}\n\nfunction parseReplyToSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'reply-to',\n }));\n}\n\nfunction handleOpts(opts, defs) {\n function isString(str) {\n return Object.prototype.toString.call(str) === '[object String]';\n }\n\n function isObject(o) {\n return o === Object(o);\n }\n\n function isNullUndef(o) {\n return o === null || o === undefined;\n }\n\n var defaults, o;\n\n if (isString(opts)) {\n opts = { input: opts };\n } else if (!isObject(opts)) {\n return null;\n }\n\n if (!isString(opts.input)) { return null; }\n if (!defs) { return null; }\n\n defaults = {\n oneResult: false,\n partial: false,\n rejectTLD: false,\n rfc6532: false,\n simple: false,\n startAt: 'address-list',\n strict: false,\n atInDisplayName: false\n };\n\n for (o in defaults) {\n if (isNullUndef(opts[o])) {\n opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o];\n }\n }\n return opts;\n}\n\nparse5322.parseOneAddress = parseOneAddressSimple;\nparse5322.parseAddressList = parseAddressListSimple;\nparse5322.parseFrom = parseFromSimple;\nparse5322.parseSender = parseSenderSimple;\nparse5322.parseReplyTo = parseReplyToSimple;\n\nif (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {\n module.exports = parse5322;\n} else {\n global.emailAddresses = parse5322;\n}\n\n}(this));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport emailAddresses from 'email-addresses';\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n try {\n const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true });\n this.comment = comments.replace(/^\\(|\\)$/g, '');\n this.name = name;\n this.email = email;\n } catch (e) {}\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n * @private\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm of a key\n * @param {Key} [key] - The key to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userID = {}, config) {\n let hashAlgo = config.preferredHashAlgorithm;\n let prefAlgo = hashAlgo;\n if (key) {\n const primaryUser = await key.getPrimaryUser(date, userID, config);\n if (primaryUser.selfCertification.preferredHashAlgorithms) {\n [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms;\n hashAlgo = crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n }\n }\n switch (keyPacket.algorithm) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n prefAlgo = crypto.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid);\n }\n return crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n}\n\n/**\n * Returns the preferred symmetric/aead/compression algorithm for a set of keys\n * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred algorithm\n * @async\n */\nexport async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = { // these are all must-implement in rfc4880bis\n 'symmetric': enums.symmetric.aes128,\n 'aead': enums.aead.eax,\n 'compression': enums.compression.uncompressed\n }[type];\n const preferredSenderAlgo = {\n 'symmetric': config.preferredSymmetricAlgorithm,\n 'aead': config.preferredAEADAlgorithm,\n 'compression': config.preferredCompressionAlgorithm\n }[type];\n const prefPropertyName = {\n 'symmetric': 'preferredSymmetricAlgorithms',\n 'aead': 'preferredAEADAlgorithms',\n 'compression': 'preferredCompressionAlgorithms'\n }[type];\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n const recipientPrefs = primaryUser.selfCertification[prefPropertyName];\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {PrivateKey} privateKey - key to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userID, config);\n signaturePacket.rawNotations = notations;\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n await revocationSignature.verify(\n key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\n/**\n * Returns whether aead is supported by all keys in the set\n * @param {Array} keys - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function isAEADSupported(keys, date = new Date(), userIDs = [], config = defaultConfig) {\n let supported = true;\n // TODO replace when Promise.some or Promise.any are implemented\n await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n if (!primaryUser.selfCertification.features ||\n !(primaryUser.selfCertification.features[0] & enums.features.aead)) {\n supported = false;\n }\n }));\n return supported;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc':\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) {\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function isValidSigningKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.rsaEncrypt &&\n keyAlgo !== enums.publicKey.elgamal &&\n keyAlgo !== enums.publicKey.ecdh &&\n keyAlgo !== enums.publicKey.x25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0);\n}\n\nexport function isValidEncryptionKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.dsa &&\n keyAlgo !== enums.publicKey.rsaSign &&\n keyAlgo !== enums.publicKey.ecdsa &&\n keyAlgo !== enums.publicKey.eddsaLegacy &&\n keyAlgo !== enums.publicKey.ed25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0);\n}\n\nexport function isValidDecryptionKeyPacket(signature, config) {\n if (config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n * @private\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n // check for expiration time in direct signatures\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const { selfCertification } = await this.getPrimaryUser(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate');\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {}\n }\n }\n\n // evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) &&\n helper.isValidDecryptionKeyPacket(primaryUser.selfCertification, config)) {\n keys.push(this);\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n const keyPacket = await helper.generateSecretSubkey(options);\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {};\n dataToSign.userID = userIDPacket;\n dataToSign.key = secretKeyPacket;\n\n const signatureProperties = {};\n signatureProperties.signatureType = enums.signature.certGeneric;\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128,\n enums.symmetric.aes192\n ], config.preferredSymmetricAlgorithm);\n if (config.aeadProtect) {\n signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.zlib,\n enums.compression.zip,\n enums.compression.uncompressed\n ], config.preferredCompressionAlgorithm);\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.aead;\n }\n if (config.v5Keys) {\n signatureProperties.features[0] |= enums.features.v5Keys;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return createKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No secret key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport KeyID from './type/keyid';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config);\n\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || !util.isString(algorithmName)) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config); // TODO: Pass userID from somewhere.\n if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n // do not check key expiration to allow decryption of old messages\n const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {\n return;\n }\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config);\n const algorithmName = enums.read(enums.symmetric, algo);\n const aeadAlgorithmName = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?\n enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :\n undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) {\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(algo);\n return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n let symEncryptedPacket;\n if (aeadAlgorithmName) {\n symEncryptedPacket = new AEADEncryptedDataPacket();\n symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName);\n } else {\n symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket();\n }\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const algorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();\n pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();\n pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;\n pkESKeyPacket.sessionKey = sessionKey;\n pkESKeyPacket.sessionKeyAlgorithm = algorithm;\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n let i;\n let existingSigPacketlist;\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n if (signature) {\n existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n for (i = existingSigPacketlist.length - 1; i >= 0; i--) {\n const signaturePacket = existingSigPacketlist[i];\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n if (!signingKeys.length && i === 0) {\n onePassSig.flags = 1;\n }\n packetlist.push(onePassSig);\n }\n }\n\n await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];\n const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signatureType;\n onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);\n onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;\n onePassSig.issuerKeyID = signingKey.getKeyID();\n if (i === signingKeys.length - 1) {\n onePassSig.flags = 1;\n }\n return onePassSig;\n })).then(onePassSignatureList => {\n onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig));\n });\n\n packetlist.push(literalDataPacket);\n packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config)));\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.message, this.write(), null, null, null, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const userID = userIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);\n return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n let input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} privateKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n let hashes = this.signature.packets.map(function(packet) {\n return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();\n });\n hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });\n const body = {\n hash: hashes.join(),\n text: this.text,\n data: this.signature.packets.write()\n };\n return armor(enums.armor.signed, body, undefined, undefined, undefined, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n let oneHeader = null;\n let hashAlgos = [];\n headers.forEach(function(header) {\n oneHeader = header.match(/^Hash: (.+)$/); // get header value\n if (oneHeader) {\n oneHeader = oneHeader[1].replace(/\\s/g, ''); // remove whitespace\n oneHeader = oneHeader.split(',');\n oneHeader = oneHeader.map(function(hash) {\n hash = hash.toLowerCase();\n try {\n return enums.write(enums.hash, hash);\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hash);\n }\n });\n hashAlgos = hashAlgos.concat(oneHeader);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {\n throw new Error('If no \"Hash\" header in cleartext signed message, then only MD5 signatures allowed');\n } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:\n * curve25519 (default), p256, p384, p521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key generation');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key reformat');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n const streaming = message.fromStream;\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return convertStream(data, streaming, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type\n * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data, streaming, encoding = 'utf8') {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n if (streaming === 'node') {\n data = stream.webToNode(data);\n if (encoding !== 'binary') data.setEncoding(encoding);\n return data;\n }\n if (streaming === 'web' && streamType === 'ponyfill') {\n return stream.toNativeReadable(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","/**\n * web-streams-polyfill v3.0.3\n */\n/// \nconst SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ?\n Symbol :\n description => `Symbol(${description})`;\n\n/// \nfunction noop() {\n return undefined;\n}\nfunction getGlobals() {\n if (typeof self !== 'undefined') {\n return self;\n }\n else if (typeof window !== 'undefined') {\n return window;\n }\n else if (typeof global !== 'undefined') {\n return global;\n }\n return undefined;\n}\nconst globals = getGlobals();\n\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nconst rethrowAssertionErrorRejection = noop;\n\nconst originalPromise = Promise;\nconst originalPromiseThen = Promise.prototype.then;\nconst originalPromiseResolve = Promise.resolve.bind(originalPromise);\nconst originalPromiseReject = Promise.reject.bind(originalPromise);\nfunction newPromise(executor) {\n return new originalPromise(executor);\n}\nfunction promiseResolvedWith(value) {\n return originalPromiseResolve(value);\n}\nfunction promiseRejectedWith(reason) {\n return originalPromiseReject(reason);\n}\nfunction PerformPromiseThen(promise, onFulfilled, onRejected) {\n // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an\n // approximation.\n return originalPromiseThen.call(promise, onFulfilled, onRejected);\n}\nfunction uponPromise(promise, onFulfilled, onRejected) {\n PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection);\n}\nfunction uponFulfillment(promise, onFulfilled) {\n uponPromise(promise, onFulfilled);\n}\nfunction uponRejection(promise, onRejected) {\n uponPromise(promise, undefined, onRejected);\n}\nfunction transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) {\n return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler);\n}\nfunction setPromiseIsHandledToTrue(promise) {\n PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection);\n}\nconst queueMicrotask = (() => {\n const globalQueueMicrotask = globals && globals.queueMicrotask;\n if (typeof globalQueueMicrotask === 'function') {\n return globalQueueMicrotask;\n }\n const resolvedPromise = promiseResolvedWith(undefined);\n return (fn) => PerformPromiseThen(resolvedPromise, fn);\n})();\nfunction reflectCall(F, V, args) {\n if (typeof F !== 'function') {\n throw new TypeError('Argument is not a function');\n }\n return Function.prototype.apply.call(F, V, args);\n}\nfunction promiseCall(F, V, args) {\n try {\n return promiseResolvedWith(reflectCall(F, V, args));\n }\n catch (value) {\n return promiseRejectedWith(value);\n }\n}\n\n// Original from Chromium\n// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js\nconst QUEUE_MAX_ARRAY_SIZE = 16384;\n/**\n * Simple queue structure.\n *\n * Avoids scalability issues with using a packed array directly by using\n * multiple arrays in a linked list and keeping the array size bounded.\n */\nclass SimpleQueue {\n constructor() {\n this._cursor = 0;\n this._size = 0;\n // _front and _back are always defined.\n this._front = {\n _elements: [],\n _next: undefined\n };\n this._back = this._front;\n // The cursor is used to avoid calling Array.shift().\n // It contains the index of the front element of the array inside the\n // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE).\n this._cursor = 0;\n // When there is only one node, size === elements.length - cursor.\n this._size = 0;\n }\n get length() {\n return this._size;\n }\n // For exception safety, this method is structured in order:\n // 1. Read state\n // 2. Calculate required state mutations\n // 3. Perform state mutations\n push(element) {\n const oldBack = this._back;\n let newBack = oldBack;\n if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) {\n newBack = {\n _elements: [],\n _next: undefined\n };\n }\n // push() is the mutation most likely to throw an exception, so it\n // goes first.\n oldBack._elements.push(element);\n if (newBack !== oldBack) {\n this._back = newBack;\n oldBack._next = newBack;\n }\n ++this._size;\n }\n // Like push(), shift() follows the read -> calculate -> mutate pattern for\n // exception safety.\n shift() { // must not be called on an empty queue\n const oldFront = this._front;\n let newFront = oldFront;\n const oldCursor = this._cursor;\n let newCursor = oldCursor + 1;\n const elements = oldFront._elements;\n const element = elements[oldCursor];\n if (newCursor === QUEUE_MAX_ARRAY_SIZE) {\n newFront = oldFront._next;\n newCursor = 0;\n }\n // No mutations before this point.\n --this._size;\n this._cursor = newCursor;\n if (oldFront !== newFront) {\n this._front = newFront;\n }\n // Permit shifted element to be garbage collected.\n elements[oldCursor] = undefined;\n return element;\n }\n // The tricky thing about forEach() is that it can be called\n // re-entrantly. The queue may be mutated inside the callback. It is easy to\n // see that push() within the callback has no negative effects since the end\n // of the queue is checked for on every iteration. If shift() is called\n // repeatedly within the callback then the next iteration may return an\n // element that has been removed. In this case the callback will be called\n // with undefined values until we either \"catch up\" with elements that still\n // exist or reach the back of the queue.\n forEach(callback) {\n let i = this._cursor;\n let node = this._front;\n let elements = node._elements;\n while (i !== elements.length || node._next !== undefined) {\n if (i === elements.length) {\n node = node._next;\n elements = node._elements;\n i = 0;\n if (elements.length === 0) {\n break;\n }\n }\n callback(elements[i]);\n ++i;\n }\n }\n // Return the element that would be returned if shift() was called now,\n // without modifying the queue.\n peek() { // must not be called on an empty queue\n const front = this._front;\n const cursor = this._cursor;\n return front._elements[cursor];\n }\n}\n\nfunction ReadableStreamReaderGenericInitialize(reader, stream) {\n reader._ownerReadableStream = stream;\n stream._reader = reader;\n if (stream._state === 'readable') {\n defaultReaderClosedPromiseInitialize(reader);\n }\n else if (stream._state === 'closed') {\n defaultReaderClosedPromiseInitializeAsResolved(reader);\n }\n else {\n defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError);\n }\n}\n// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state\n// check.\nfunction ReadableStreamReaderGenericCancel(reader, reason) {\n const stream = reader._ownerReadableStream;\n return ReadableStreamCancel(stream, reason);\n}\nfunction ReadableStreamReaderGenericRelease(reader) {\n if (reader._ownerReadableStream._state === 'readable') {\n defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n else {\n defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n reader._ownerReadableStream._reader = undefined;\n reader._ownerReadableStream = undefined;\n}\n// Helper functions for the readers.\nfunction readerLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released reader');\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderClosedPromiseInitialize(reader) {\n reader._closedPromise = newPromise((resolve, reject) => {\n reader._closedPromise_resolve = resolve;\n reader._closedPromise_reject = reject;\n });\n}\nfunction defaultReaderClosedPromiseInitializeAsRejected(reader, reason) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseReject(reader, reason);\n}\nfunction defaultReaderClosedPromiseInitializeAsResolved(reader) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseResolve(reader);\n}\nfunction defaultReaderClosedPromiseReject(reader, reason) {\n if (reader._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(reader._closedPromise);\n reader._closedPromise_reject(reason);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\nfunction defaultReaderClosedPromiseResetToRejected(reader, reason) {\n defaultReaderClosedPromiseInitializeAsRejected(reader, reason);\n}\nfunction defaultReaderClosedPromiseResolve(reader) {\n if (reader._closedPromise_resolve === undefined) {\n return;\n }\n reader._closedPromise_resolve(undefined);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\n\nconst AbortSteps = SymbolPolyfill('[[AbortSteps]]');\nconst ErrorSteps = SymbolPolyfill('[[ErrorSteps]]');\nconst CancelSteps = SymbolPolyfill('[[CancelSteps]]');\nconst PullSteps = SymbolPolyfill('[[PullSteps]]');\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill\nconst NumberIsFinite = Number.isFinite || function (x) {\n return typeof x === 'number' && isFinite(x);\n};\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill\nconst MathTrunc = Math.trunc || function (v) {\n return v < 0 ? Math.ceil(v) : Math.floor(v);\n};\n\n// https://heycam.github.io/webidl/#idl-dictionaries\nfunction isDictionary(x) {\n return typeof x === 'object' || typeof x === 'function';\n}\nfunction assertDictionary(obj, context) {\n if (obj !== undefined && !isDictionary(obj)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-callback-functions\nfunction assertFunction(x, context) {\n if (typeof x !== 'function') {\n throw new TypeError(`${context} is not a function.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-object\nfunction isObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nfunction assertObject(x, context) {\n if (!isObject(x)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\nfunction assertRequiredArgument(x, position, context) {\n if (x === undefined) {\n throw new TypeError(`Parameter ${position} is required in '${context}'.`);\n }\n}\nfunction assertRequiredField(x, field, context) {\n if (x === undefined) {\n throw new TypeError(`${field} is required in '${context}'.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-unrestricted-double\nfunction convertUnrestrictedDouble(value) {\n return Number(value);\n}\nfunction censorNegativeZero(x) {\n return x === 0 ? 0 : x;\n}\nfunction integerPart(x) {\n return censorNegativeZero(MathTrunc(x));\n}\n// https://heycam.github.io/webidl/#idl-unsigned-long-long\nfunction convertUnsignedLongLongWithEnforceRange(value, context) {\n const lowerBound = 0;\n const upperBound = Number.MAX_SAFE_INTEGER;\n let x = Number(value);\n x = censorNegativeZero(x);\n if (!NumberIsFinite(x)) {\n throw new TypeError(`${context} is not a finite number`);\n }\n x = integerPart(x);\n if (x < lowerBound || x > upperBound) {\n throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`);\n }\n if (!NumberIsFinite(x) || x === 0) {\n return 0;\n }\n // TODO Use BigInt if supported?\n // let xBigInt = BigInt(integerPart(x));\n // xBigInt = BigInt.asUintN(64, xBigInt);\n // return Number(xBigInt);\n return x;\n}\n\nfunction assertReadableStream(x, context) {\n if (!IsReadableStream(x)) {\n throw new TypeError(`${context} is not a ReadableStream.`);\n }\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamDefaultReader(stream) {\n return new ReadableStreamDefaultReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadRequest(stream, readRequest) {\n stream._reader._readRequests.push(readRequest);\n}\nfunction ReadableStreamFulfillReadRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readRequest = reader._readRequests.shift();\n if (done) {\n readRequest._closeSteps();\n }\n else {\n readRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadRequests(stream) {\n return stream._reader._readRequests.length;\n}\nfunction ReadableStreamHasDefaultReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamDefaultReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A default reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamDefaultReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed,\n * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Returns a promise that allows access to the next chunk from the stream's internal queue, if available.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('read'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: () => resolvePromise({ value: undefined, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamDefaultReaderRead(this, readRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamDefaultReader(this)) {\n throw defaultReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamDefaultReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamDefaultReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultReaderRead(reader, readRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'closed') {\n readRequest._closeSteps();\n }\n else if (stream._state === 'errored') {\n readRequest._errorSteps(stream._storedError);\n }\n else {\n stream._readableStreamController[PullSteps](readRequest);\n }\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`);\n}\n\n/// \nlet AsyncIteratorPrototype;\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n // We're running inside a ES2018+ environment, but we're compiling to an older syntax.\n // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it.\n AsyncIteratorPrototype = {\n // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( )\n // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator\n [SymbolPolyfill.asyncIterator]() {\n return this;\n }\n };\n Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false });\n}\n\n/// \nclass ReadableStreamAsyncIteratorImpl {\n constructor(reader, preventCancel) {\n this._ongoingPromise = undefined;\n this._isFinished = false;\n this._reader = reader;\n this._preventCancel = preventCancel;\n }\n next() {\n const nextSteps = () => this._nextSteps();\n this._ongoingPromise = this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) :\n nextSteps();\n return this._ongoingPromise;\n }\n return(value) {\n const returnSteps = () => this._returnSteps(value);\n return this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) :\n returnSteps();\n }\n _nextSteps() {\n if (this._isFinished) {\n return Promise.resolve({ value: undefined, done: true });\n }\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('iterate'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => {\n this._ongoingPromise = undefined;\n // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test.\n // FIXME Is this a bug in the specification, or in the test?\n queueMicrotask(() => resolvePromise({ value: chunk, done: false }));\n },\n _closeSteps: () => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n resolvePromise({ value: undefined, done: true });\n },\n _errorSteps: reason => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n rejectPromise(reason);\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promise;\n }\n _returnSteps(value) {\n if (this._isFinished) {\n return Promise.resolve({ value, done: true });\n }\n this._isFinished = true;\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('finish iterating'));\n }\n if (!this._preventCancel) {\n const result = ReadableStreamReaderGenericCancel(reader, value);\n ReadableStreamReaderGenericRelease(reader);\n return transformPromiseWith(result, () => ({ value, done: true }));\n }\n ReadableStreamReaderGenericRelease(reader);\n return promiseResolvedWith({ value, done: true });\n }\n}\nconst ReadableStreamAsyncIteratorPrototype = {\n next() {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next'));\n }\n return this._asyncIteratorImpl.next();\n },\n return(value) {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return'));\n }\n return this._asyncIteratorImpl.return(value);\n }\n};\nif (AsyncIteratorPrototype !== undefined) {\n Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype);\n}\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamAsyncIterator(stream, preventCancel) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel);\n const iterator = Object.create(ReadableStreamAsyncIteratorPrototype);\n iterator._asyncIteratorImpl = impl;\n return iterator;\n}\nfunction IsReadableStreamAsyncIterator(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) {\n return false;\n }\n return true;\n}\n// Helper functions for the ReadableStream.\nfunction streamAsyncIteratorBrandCheckException(name) {\n return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`);\n}\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill\nconst NumberIsNaN = Number.isNaN || function (x) {\n // eslint-disable-next-line no-self-compare\n return x !== x;\n};\n\nfunction IsFiniteNonNegativeNumber(v) {\n if (!IsNonNegativeNumber(v)) {\n return false;\n }\n if (v === Infinity) {\n return false;\n }\n return true;\n}\nfunction IsNonNegativeNumber(v) {\n if (typeof v !== 'number') {\n return false;\n }\n if (NumberIsNaN(v)) {\n return false;\n }\n if (v < 0) {\n return false;\n }\n return true;\n}\n\nfunction DequeueValue(container) {\n const pair = container._queue.shift();\n container._queueTotalSize -= pair.size;\n if (container._queueTotalSize < 0) {\n container._queueTotalSize = 0;\n }\n return pair.value;\n}\nfunction EnqueueValueWithSize(container, value, size) {\n size = Number(size);\n if (!IsFiniteNonNegativeNumber(size)) {\n throw new RangeError('Size must be a finite, non-NaN, non-negative number.');\n }\n container._queue.push({ value, size });\n container._queueTotalSize += size;\n}\nfunction PeekQueueValue(container) {\n const pair = container._queue.peek();\n return pair.value;\n}\nfunction ResetQueue(container) {\n container._queue = new SimpleQueue();\n container._queueTotalSize = 0;\n}\n\nfunction CreateArrayFromList(elements) {\n // We use arrays to represent lists, so this is basically a no-op.\n // Do a slice though just in case we happen to depend on the unique-ness.\n return elements.slice();\n}\nfunction CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) {\n new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset);\n}\n// Not implemented correctly\nfunction TransferArrayBuffer(O) {\n return O;\n}\n// Not implemented correctly\nfunction IsDetachedBuffer(O) {\n return false;\n}\n\n/**\n * A pull-into request in a {@link ReadableByteStreamController}.\n *\n * @public\n */\nclass ReadableStreamBYOBRequest {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the view for writing in to, or `null` if the BYOB request has already been responded to.\n */\n get view() {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('view');\n }\n return this._view;\n }\n respond(bytesWritten) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respond');\n }\n assertRequiredArgument(bytesWritten, 1, 'respond');\n bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter');\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n if (IsDetachedBuffer(this._view.buffer)) ;\n ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten);\n }\n respondWithNewView(view) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respondWithNewView');\n }\n assertRequiredArgument(view, 1, 'respondWithNewView');\n if (!ArrayBuffer.isView(view)) {\n throw new TypeError('You can only respond with array buffer views');\n }\n if (view.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (view.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view);\n }\n}\nObject.defineProperties(ReadableStreamBYOBRequest.prototype, {\n respond: { enumerable: true },\n respondWithNewView: { enumerable: true },\n view: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBRequest',\n configurable: true\n });\n}\n/**\n * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableByteStreamController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the current BYOB pull request, or `null` if there isn't one.\n */\n get byobRequest() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('byobRequest');\n }\n if (this._byobRequest === null && this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled);\n const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype);\n SetUpReadableStreamBYOBRequest(byobRequest, this, view);\n this._byobRequest = byobRequest;\n }\n return this._byobRequest;\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('desiredSize');\n }\n return ReadableByteStreamControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('close');\n }\n if (this._closeRequested) {\n throw new TypeError('The stream has already been closed; do not close it again!');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`);\n }\n ReadableByteStreamControllerClose(this);\n }\n enqueue(chunk) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('enqueue');\n }\n assertRequiredArgument(chunk, 1, 'enqueue');\n if (!ArrayBuffer.isView(chunk)) {\n throw new TypeError('chunk must be an array buffer view');\n }\n if (chunk.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (chunk.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._closeRequested) {\n throw new TypeError('stream is closed or draining');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`);\n }\n ReadableByteStreamControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('error');\n }\n ReadableByteStreamControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n if (this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n firstDescriptor.bytesFilled = 0;\n }\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableByteStreamControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableByteStream;\n if (this._queueTotalSize > 0) {\n const entry = this._queue.shift();\n this._queueTotalSize -= entry.byteLength;\n ReadableByteStreamControllerHandleQueueDrain(this);\n const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength);\n readRequest._chunkSteps(view);\n return;\n }\n const autoAllocateChunkSize = this._autoAllocateChunkSize;\n if (autoAllocateChunkSize !== undefined) {\n let buffer;\n try {\n buffer = new ArrayBuffer(autoAllocateChunkSize);\n }\n catch (bufferE) {\n readRequest._errorSteps(bufferE);\n return;\n }\n const pullIntoDescriptor = {\n buffer,\n byteOffset: 0,\n byteLength: autoAllocateChunkSize,\n bytesFilled: 0,\n elementSize: 1,\n viewConstructor: Uint8Array,\n readerType: 'default'\n };\n this._pendingPullIntos.push(pullIntoDescriptor);\n }\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableByteStreamControllerCallPullIfNeeded(this);\n }\n}\nObject.defineProperties(ReadableByteStreamController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n byobRequest: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableByteStreamController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableByteStreamController.\nfunction IsReadableByteStreamController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamBYOBRequest(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) {\n return false;\n }\n return true;\n}\nfunction ReadableByteStreamControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableByteStreamControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n // TODO: Test controller argument\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableByteStreamControllerError(controller, e);\n });\n}\nfunction ReadableByteStreamControllerClearPendingPullIntos(controller) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n controller._pendingPullIntos = new SimpleQueue();\n}\nfunction ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) {\n let done = false;\n if (stream._state === 'closed') {\n done = true;\n }\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n if (pullIntoDescriptor.readerType === 'default') {\n ReadableStreamFulfillReadRequest(stream, filledView, done);\n }\n else {\n ReadableStreamFulfillReadIntoRequest(stream, filledView, done);\n }\n}\nfunction ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) {\n const bytesFilled = pullIntoDescriptor.bytesFilled;\n const elementSize = pullIntoDescriptor.elementSize;\n return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize);\n}\nfunction ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) {\n controller._queue.push({ buffer, byteOffset, byteLength });\n controller._queueTotalSize += byteLength;\n}\nfunction ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) {\n const elementSize = pullIntoDescriptor.elementSize;\n const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize;\n const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled);\n const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy;\n const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize;\n let totalBytesToCopyRemaining = maxBytesToCopy;\n let ready = false;\n if (maxAlignedBytes > currentAlignedBytes) {\n totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled;\n ready = true;\n }\n const queue = controller._queue;\n while (totalBytesToCopyRemaining > 0) {\n const headOfQueue = queue.peek();\n const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength);\n const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy);\n if (headOfQueue.byteLength === bytesToCopy) {\n queue.shift();\n }\n else {\n headOfQueue.byteOffset += bytesToCopy;\n headOfQueue.byteLength -= bytesToCopy;\n }\n controller._queueTotalSize -= bytesToCopy;\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor);\n totalBytesToCopyRemaining -= bytesToCopy;\n }\n return ready;\n}\nfunction ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n pullIntoDescriptor.bytesFilled += size;\n}\nfunction ReadableByteStreamControllerHandleQueueDrain(controller) {\n if (controller._queueTotalSize === 0 && controller._closeRequested) {\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(controller._controlledReadableByteStream);\n }\n else {\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n}\nfunction ReadableByteStreamControllerInvalidateBYOBRequest(controller) {\n if (controller._byobRequest === null) {\n return;\n }\n controller._byobRequest._associatedReadableByteStreamController = undefined;\n controller._byobRequest._view = null;\n controller._byobRequest = null;\n}\nfunction ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) {\n while (controller._pendingPullIntos.length > 0) {\n if (controller._queueTotalSize === 0) {\n return;\n }\n const pullIntoDescriptor = controller._pendingPullIntos.peek();\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) {\n const stream = controller._controlledReadableByteStream;\n let elementSize = 1;\n if (view.constructor !== DataView) {\n elementSize = view.constructor.BYTES_PER_ELEMENT;\n }\n const ctor = view.constructor;\n const buffer = TransferArrayBuffer(view.buffer);\n const pullIntoDescriptor = {\n buffer,\n byteOffset: view.byteOffset,\n byteLength: view.byteLength,\n bytesFilled: 0,\n elementSize,\n viewConstructor: ctor,\n readerType: 'byob'\n };\n if (controller._pendingPullIntos.length > 0) {\n controller._pendingPullIntos.push(pullIntoDescriptor);\n // No ReadableByteStreamControllerCallPullIfNeeded() call since:\n // - No change happens on desiredSize\n // - The source has already been notified of that there's at least 1 pending read(view)\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n return;\n }\n if (stream._state === 'closed') {\n const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0);\n readIntoRequest._closeSteps(emptyView);\n return;\n }\n if (controller._queueTotalSize > 0) {\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n ReadableByteStreamControllerHandleQueueDrain(controller);\n readIntoRequest._chunkSteps(filledView);\n return;\n }\n if (controller._closeRequested) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n readIntoRequest._errorSteps(e);\n return;\n }\n }\n controller._pendingPullIntos.push(pullIntoDescriptor);\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) {\n firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer);\n const stream = controller._controlledReadableByteStream;\n if (ReadableStreamHasBYOBReader(stream)) {\n while (ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) {\n if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) {\n throw new RangeError('bytesWritten out of range');\n }\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor);\n if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) {\n // TODO: Figure out whether we should detach the buffer or not here.\n return;\n }\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize;\n if (remainderSize > 0) {\n const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end);\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength);\n }\n pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer);\n pullIntoDescriptor.bytesFilled -= remainderSize;\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n}\nfunction ReadableByteStreamControllerRespondInternal(controller, bytesWritten) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n const state = controller._controlledReadableByteStream._state;\n if (state === 'closed') {\n if (bytesWritten !== 0) {\n throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream');\n }\n ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor);\n }\n else {\n ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerShiftPendingPullInto(controller) {\n const descriptor = controller._pendingPullIntos.shift();\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n return descriptor;\n}\nfunction ReadableByteStreamControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return false;\n }\n if (controller._closeRequested) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableByteStreamControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n}\n// A client of ReadableByteStreamController may use these functions directly to bypass state check.\nfunction ReadableByteStreamControllerClose(controller) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n if (controller._queueTotalSize > 0) {\n controller._closeRequested = true;\n return;\n }\n if (controller._pendingPullIntos.length > 0) {\n const firstPendingPullInto = controller._pendingPullIntos.peek();\n if (firstPendingPullInto.bytesFilled > 0) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n throw e;\n }\n }\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n}\nfunction ReadableByteStreamControllerEnqueue(controller, chunk) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n const buffer = chunk.buffer;\n const byteOffset = chunk.byteOffset;\n const byteLength = chunk.byteLength;\n const transferredBuffer = TransferArrayBuffer(buffer);\n if (ReadableStreamHasDefaultReader(stream)) {\n if (ReadableStreamGetNumReadRequests(stream) === 0) {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n else {\n const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength);\n ReadableStreamFulfillReadRequest(stream, transferredView, false);\n }\n }\n else if (ReadableStreamHasBYOBReader(stream)) {\n // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully.\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n }\n else {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerError(controller, e) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return;\n }\n ReadableByteStreamControllerClearPendingPullIntos(controller);\n ResetQueue(controller);\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableByteStreamControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableByteStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction ReadableByteStreamControllerRespond(controller, bytesWritten) {\n bytesWritten = Number(bytesWritten);\n if (!IsFiniteNonNegativeNumber(bytesWritten)) {\n throw new RangeError('bytesWritten must be a finite');\n }\n ReadableByteStreamControllerRespondInternal(controller, bytesWritten);\n}\nfunction ReadableByteStreamControllerRespondWithNewView(controller, view) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) {\n throw new RangeError('The region specified by view does not match byobRequest');\n }\n if (firstDescriptor.byteLength !== view.byteLength) {\n throw new RangeError('The buffer of view has different capacity than byobRequest');\n }\n firstDescriptor.buffer = view.buffer;\n ReadableByteStreamControllerRespondInternal(controller, view.byteLength);\n}\nfunction SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) {\n controller._controlledReadableByteStream = stream;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._byobRequest = null;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._closeRequested = false;\n controller._started = false;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n controller._autoAllocateChunkSize = autoAllocateChunkSize;\n controller._pendingPullIntos = new SimpleQueue();\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableByteStreamControllerError(controller, r);\n });\n}\nfunction SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) {\n const controller = Object.create(ReadableByteStreamController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingByteSource.start !== undefined) {\n startAlgorithm = () => underlyingByteSource.start(controller);\n }\n if (underlyingByteSource.pull !== undefined) {\n pullAlgorithm = () => underlyingByteSource.pull(controller);\n }\n if (underlyingByteSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingByteSource.cancel(reason);\n }\n const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize;\n if (autoAllocateChunkSize === 0) {\n throw new TypeError('autoAllocateChunkSize must be greater than 0');\n }\n SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize);\n}\nfunction SetUpReadableStreamBYOBRequest(request, controller, view) {\n request._associatedReadableByteStreamController = controller;\n request._view = view;\n}\n// Helper functions for the ReadableStreamBYOBRequest.\nfunction byobRequestBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`);\n}\n// Helper functions for the ReadableByteStreamController.\nfunction byteStreamControllerBrandCheckException(name) {\n return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`);\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamBYOBReader(stream) {\n return new ReadableStreamBYOBReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadIntoRequest(stream, readIntoRequest) {\n stream._reader._readIntoRequests.push(readIntoRequest);\n}\nfunction ReadableStreamFulfillReadIntoRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readIntoRequest = reader._readIntoRequests.shift();\n if (done) {\n readIntoRequest._closeSteps(chunk);\n }\n else {\n readIntoRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadIntoRequests(stream) {\n return stream._reader._readIntoRequests.length;\n}\nfunction ReadableStreamHasBYOBReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamBYOBReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A BYOB reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamBYOBReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n if (!IsReadableByteStreamController(stream._readableStreamController)) {\n throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' +\n 'source');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readIntoRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Attempts to reads bytes into view, and returns a promise resolved with the result.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read(view) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('read'));\n }\n if (!ArrayBuffer.isView(view)) {\n return promiseRejectedWith(new TypeError('view must be an array buffer view'));\n }\n if (view.byteLength === 0) {\n return promiseRejectedWith(new TypeError('view must have non-zero byteLength'));\n }\n if (view.buffer.byteLength === 0) {\n return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readIntoRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: chunk => resolvePromise({ value: chunk, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamBYOBReaderRead(this, view, readIntoRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamBYOBReader(this)) {\n throw byobReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readIntoRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamBYOBReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamBYOBReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'errored') {\n readIntoRequest._errorSteps(stream._storedError);\n }\n else {\n ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest);\n }\n}\n// Helper functions for the ReadableStreamBYOBReader.\nfunction byobReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`);\n}\n\nfunction ExtractHighWaterMark(strategy, defaultHWM) {\n const { highWaterMark } = strategy;\n if (highWaterMark === undefined) {\n return defaultHWM;\n }\n if (NumberIsNaN(highWaterMark) || highWaterMark < 0) {\n throw new RangeError('Invalid highWaterMark');\n }\n return highWaterMark;\n}\nfunction ExtractSizeAlgorithm(strategy) {\n const { size } = strategy;\n if (!size) {\n return () => 1;\n }\n return size;\n}\n\nfunction convertQueuingStrategy(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n const size = init === null || init === void 0 ? void 0 : init.size;\n return {\n highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark),\n size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`)\n };\n}\nfunction convertQueuingStrategySize(fn, context) {\n assertFunction(fn, context);\n return chunk => convertUnrestrictedDouble(fn(chunk));\n}\n\nfunction convertUnderlyingSink(original, context) {\n assertDictionary(original, context);\n const abort = original === null || original === void 0 ? void 0 : original.abort;\n const close = original === null || original === void 0 ? void 0 : original.close;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n const write = original === null || original === void 0 ? void 0 : original.write;\n return {\n abort: abort === undefined ?\n undefined :\n convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`),\n close: close === undefined ?\n undefined :\n convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`),\n write: write === undefined ?\n undefined :\n convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`),\n type\n };\n}\nfunction convertUnderlyingSinkAbortCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSinkCloseCallback(fn, original, context) {\n assertFunction(fn, context);\n return () => promiseCall(fn, original, []);\n}\nfunction convertUnderlyingSinkStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSinkWriteCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\nfunction assertWritableStream(x, context) {\n if (!IsWritableStream(x)) {\n throw new TypeError(`${context} is not a WritableStream.`);\n }\n}\n\n/**\n * A writable stream represents a destination for data, into which you can write.\n *\n * @public\n */\nclass WritableStream {\n constructor(rawUnderlyingSink = {}, rawStrategy = {}) {\n if (rawUnderlyingSink === undefined) {\n rawUnderlyingSink = null;\n }\n else {\n assertObject(rawUnderlyingSink, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter');\n InitializeWritableStream(this);\n const type = underlyingSink.type;\n if (type !== undefined) {\n throw new RangeError('Invalid type is specified');\n }\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm);\n }\n /**\n * Returns whether or not the writable stream is locked to a writer.\n */\n get locked() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('locked');\n }\n return IsWritableStreamLocked(this);\n }\n /**\n * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be\n * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort\n * mechanism of the underlying sink.\n *\n * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled\n * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel\n * the stream) if the stream is currently locked.\n */\n abort(reason = undefined) {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('abort'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer'));\n }\n return WritableStreamAbort(this, reason);\n }\n /**\n * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its\n * close behavior. During this time any further attempts to write will fail (without erroring the stream).\n *\n * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream\n * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with\n * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked.\n */\n close() {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('close'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer'));\n }\n if (WritableStreamCloseQueuedOrInFlight(this)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamClose(this);\n }\n /**\n * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream\n * is locked, no other writer can be acquired until this one is released.\n *\n * This functionality is especially useful for creating abstractions that desire the ability to write to a stream\n * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at\n * the same time, which would cause the resulting written data to be unpredictable and probably useless.\n */\n getWriter() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('getWriter');\n }\n return AcquireWritableStreamDefaultWriter(this);\n }\n}\nObject.defineProperties(WritableStream.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n getWriter: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStream',\n configurable: true\n });\n}\n// Abstract operations for the WritableStream.\nfunction AcquireWritableStreamDefaultWriter(stream) {\n return new WritableStreamDefaultWriter(stream);\n}\n// Throws if and only if startAlgorithm throws.\nfunction CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(WritableStream.prototype);\n InitializeWritableStream(stream);\n const controller = Object.create(WritableStreamDefaultController.prototype);\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeWritableStream(stream) {\n stream._state = 'writable';\n // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is\n // 'erroring' or 'errored'. May be set to an undefined value.\n stream._storedError = undefined;\n stream._writer = undefined;\n // Initialize to undefined first because the constructor of the controller checks this\n // variable to validate the caller.\n stream._writableStreamController = undefined;\n // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data\n // producer without waiting for the queued writes to finish.\n stream._writeRequests = new SimpleQueue();\n // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents\n // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here.\n stream._inFlightWriteRequest = undefined;\n // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer\n // has been detached.\n stream._closeRequest = undefined;\n // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it\n // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here.\n stream._inFlightCloseRequest = undefined;\n // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached.\n stream._pendingAbortRequest = undefined;\n // The backpressure signal set by the controller.\n stream._backpressure = false;\n}\nfunction IsWritableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsWritableStreamLocked(stream) {\n if (stream._writer === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamAbort(stream, reason) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseResolvedWith(undefined);\n }\n if (stream._pendingAbortRequest !== undefined) {\n return stream._pendingAbortRequest._promise;\n }\n let wasAlreadyErroring = false;\n if (state === 'erroring') {\n wasAlreadyErroring = true;\n // reason will not be used, so don't keep a reference to it.\n reason = undefined;\n }\n const promise = newPromise((resolve, reject) => {\n stream._pendingAbortRequest = {\n _promise: undefined,\n _resolve: resolve,\n _reject: reject,\n _reason: reason,\n _wasAlreadyErroring: wasAlreadyErroring\n };\n });\n stream._pendingAbortRequest._promise = promise;\n if (!wasAlreadyErroring) {\n WritableStreamStartErroring(stream, reason);\n }\n return promise;\n}\nfunction WritableStreamClose(stream) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`));\n }\n const promise = newPromise((resolve, reject) => {\n const closeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._closeRequest = closeRequest;\n });\n const writer = stream._writer;\n if (writer !== undefined && stream._backpressure && state === 'writable') {\n defaultWriterReadyPromiseResolve(writer);\n }\n WritableStreamDefaultControllerClose(stream._writableStreamController);\n return promise;\n}\n// WritableStream API exposed for controllers.\nfunction WritableStreamAddWriteRequest(stream) {\n const promise = newPromise((resolve, reject) => {\n const writeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._writeRequests.push(writeRequest);\n });\n return promise;\n}\nfunction WritableStreamDealWithRejection(stream, error) {\n const state = stream._state;\n if (state === 'writable') {\n WritableStreamStartErroring(stream, error);\n return;\n }\n WritableStreamFinishErroring(stream);\n}\nfunction WritableStreamStartErroring(stream, reason) {\n const controller = stream._writableStreamController;\n stream._state = 'erroring';\n stream._storedError = reason;\n const writer = stream._writer;\n if (writer !== undefined) {\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason);\n }\n if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) {\n WritableStreamFinishErroring(stream);\n }\n}\nfunction WritableStreamFinishErroring(stream) {\n stream._state = 'errored';\n stream._writableStreamController[ErrorSteps]();\n const storedError = stream._storedError;\n stream._writeRequests.forEach(writeRequest => {\n writeRequest._reject(storedError);\n });\n stream._writeRequests = new SimpleQueue();\n if (stream._pendingAbortRequest === undefined) {\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const abortRequest = stream._pendingAbortRequest;\n stream._pendingAbortRequest = undefined;\n if (abortRequest._wasAlreadyErroring) {\n abortRequest._reject(storedError);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const promise = stream._writableStreamController[AbortSteps](abortRequest._reason);\n uponPromise(promise, () => {\n abortRequest._resolve();\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n }, (reason) => {\n abortRequest._reject(reason);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n });\n}\nfunction WritableStreamFinishInFlightWrite(stream) {\n stream._inFlightWriteRequest._resolve(undefined);\n stream._inFlightWriteRequest = undefined;\n}\nfunction WritableStreamFinishInFlightWriteWithError(stream, error) {\n stream._inFlightWriteRequest._reject(error);\n stream._inFlightWriteRequest = undefined;\n WritableStreamDealWithRejection(stream, error);\n}\nfunction WritableStreamFinishInFlightClose(stream) {\n stream._inFlightCloseRequest._resolve(undefined);\n stream._inFlightCloseRequest = undefined;\n const state = stream._state;\n if (state === 'erroring') {\n // The error was too late to do anything, so it is ignored.\n stream._storedError = undefined;\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._resolve();\n stream._pendingAbortRequest = undefined;\n }\n }\n stream._state = 'closed';\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseResolve(writer);\n }\n}\nfunction WritableStreamFinishInFlightCloseWithError(stream, error) {\n stream._inFlightCloseRequest._reject(error);\n stream._inFlightCloseRequest = undefined;\n // Never execute sink abort() after sink close().\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._reject(error);\n stream._pendingAbortRequest = undefined;\n }\n WritableStreamDealWithRejection(stream, error);\n}\n// TODO(ricea): Fix alphabetical order.\nfunction WritableStreamCloseQueuedOrInFlight(stream) {\n if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamHasOperationMarkedInFlight(stream) {\n if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamMarkCloseRequestInFlight(stream) {\n stream._inFlightCloseRequest = stream._closeRequest;\n stream._closeRequest = undefined;\n}\nfunction WritableStreamMarkFirstWriteRequestInFlight(stream) {\n stream._inFlightWriteRequest = stream._writeRequests.shift();\n}\nfunction WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) {\n if (stream._closeRequest !== undefined) {\n stream._closeRequest._reject(stream._storedError);\n stream._closeRequest = undefined;\n }\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseReject(writer, stream._storedError);\n }\n}\nfunction WritableStreamUpdateBackpressure(stream, backpressure) {\n const writer = stream._writer;\n if (writer !== undefined && backpressure !== stream._backpressure) {\n if (backpressure) {\n defaultWriterReadyPromiseReset(writer);\n }\n else {\n defaultWriterReadyPromiseResolve(writer);\n }\n }\n stream._backpressure = backpressure;\n}\n/**\n * A default writer vended by a {@link WritableStream}.\n *\n * @public\n */\nclass WritableStreamDefaultWriter {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter');\n assertWritableStream(stream, 'First parameter');\n if (IsWritableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive writing by another writer');\n }\n this._ownerWritableStream = stream;\n stream._writer = this;\n const state = stream._state;\n if (state === 'writable') {\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) {\n defaultWriterReadyPromiseInitialize(this);\n }\n else {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n }\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'erroring') {\n defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError);\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'closed') {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n defaultWriterClosedPromiseInitializeAsResolved(this);\n }\n else {\n const storedError = stream._storedError;\n defaultWriterReadyPromiseInitializeAsRejected(this, storedError);\n defaultWriterClosedPromiseInitializeAsRejected(this, storedError);\n }\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the writer’s lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full.\n * A producer can use this information to determine the right amount of data to write.\n *\n * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort\n * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when\n * the writer’s lock is released.\n */\n get desiredSize() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('desiredSize');\n }\n if (this._ownerWritableStream === undefined) {\n throw defaultWriterLockException('desiredSize');\n }\n return WritableStreamDefaultWriterGetDesiredSize(this);\n }\n /**\n * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions\n * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips\n * back to zero or below, the getter will return a new promise that stays pending until the next transition.\n *\n * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become\n * rejected.\n */\n get ready() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('ready'));\n }\n return this._readyPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}.\n */\n abort(reason = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('abort'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('abort'));\n }\n return WritableStreamDefaultWriterAbort(this, reason);\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}.\n */\n close() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('close'));\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('close'));\n }\n if (WritableStreamCloseQueuedOrInFlight(stream)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamDefaultWriterClose(this);\n }\n /**\n * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active.\n * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from\n * now on; otherwise, the writer will appear closed.\n *\n * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the\n * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled).\n * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents\n * other producers from writing in an interleaved manner.\n */\n releaseLock() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('releaseLock');\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return;\n }\n WritableStreamDefaultWriterRelease(this);\n }\n write(chunk = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('write'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n return WritableStreamDefaultWriterWrite(this, chunk);\n }\n}\nObject.defineProperties(WritableStreamDefaultWriter.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n releaseLock: { enumerable: true },\n write: { enumerable: true },\n closed: { enumerable: true },\n desiredSize: { enumerable: true },\n ready: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultWriter',\n configurable: true\n });\n}\n// Abstract operations for the WritableStreamDefaultWriter.\nfunction IsWritableStreamDefaultWriter(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) {\n return false;\n }\n return true;\n}\n// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check.\nfunction WritableStreamDefaultWriterAbort(writer, reason) {\n const stream = writer._ownerWritableStream;\n return WritableStreamAbort(stream, reason);\n}\nfunction WritableStreamDefaultWriterClose(writer) {\n const stream = writer._ownerWritableStream;\n return WritableStreamClose(stream);\n}\nfunction WritableStreamDefaultWriterCloseWithErrorPropagation(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n return WritableStreamDefaultWriterClose(writer);\n}\nfunction WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) {\n if (writer._closedPromiseState === 'pending') {\n defaultWriterClosedPromiseReject(writer, error);\n }\n else {\n defaultWriterClosedPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) {\n if (writer._readyPromiseState === 'pending') {\n defaultWriterReadyPromiseReject(writer, error);\n }\n else {\n defaultWriterReadyPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterGetDesiredSize(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (state === 'errored' || state === 'erroring') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController);\n}\nfunction WritableStreamDefaultWriterRelease(writer) {\n const stream = writer._ownerWritableStream;\n const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`);\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError);\n // The state transitions to \"errored\" before the sink abort() method runs, but the writer.closed promise is not\n // rejected until afterwards. This means that simply testing state will not work.\n WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError);\n stream._writer = undefined;\n writer._ownerWritableStream = undefined;\n}\nfunction WritableStreamDefaultWriterWrite(writer, chunk) {\n const stream = writer._ownerWritableStream;\n const controller = stream._writableStreamController;\n const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk);\n if (stream !== writer._ownerWritableStream) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n const state = stream._state;\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to'));\n }\n if (state === 'erroring') {\n return promiseRejectedWith(stream._storedError);\n }\n const promise = WritableStreamAddWriteRequest(stream);\n WritableStreamDefaultControllerWrite(controller, chunk, chunkSize);\n return promise;\n}\nconst closeSentinel = {};\n/**\n * Allows control of a {@link WritableStream | writable stream}'s state and internal queue.\n *\n * @public\n */\nclass WritableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`.\n *\n * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying\n * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the\n * normal lifecycle of interactions with the underlying sink.\n */\n error(e = undefined) {\n if (!IsWritableStreamDefaultController(this)) {\n throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController');\n }\n const state = this._controlledWritableStream._state;\n if (state !== 'writable') {\n // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so\n // just treat it as a no-op.\n return;\n }\n WritableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [AbortSteps](reason) {\n const result = this._abortAlgorithm(reason);\n WritableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [ErrorSteps]() {\n ResetQueue(this);\n }\n}\nObject.defineProperties(WritableStreamDefaultController.prototype, {\n error: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations implementing interface required by the WritableStream.\nfunction IsWritableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledWritableStream = stream;\n stream._writableStreamController = controller;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._writeAlgorithm = writeAlgorithm;\n controller._closeAlgorithm = closeAlgorithm;\n controller._abortAlgorithm = abortAlgorithm;\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n const startResult = startAlgorithm();\n const startPromise = promiseResolvedWith(startResult);\n uponPromise(startPromise, () => {\n controller._started = true;\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, r => {\n controller._started = true;\n WritableStreamDealWithRejection(stream, r);\n });\n}\nfunction SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(WritableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let writeAlgorithm = () => promiseResolvedWith(undefined);\n let closeAlgorithm = () => promiseResolvedWith(undefined);\n let abortAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSink.start !== undefined) {\n startAlgorithm = () => underlyingSink.start(controller);\n }\n if (underlyingSink.write !== undefined) {\n writeAlgorithm = chunk => underlyingSink.write(chunk, controller);\n }\n if (underlyingSink.close !== undefined) {\n closeAlgorithm = () => underlyingSink.close();\n }\n if (underlyingSink.abort !== undefined) {\n abortAlgorithm = reason => underlyingSink.abort(reason);\n }\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls.\nfunction WritableStreamDefaultControllerClearAlgorithms(controller) {\n controller._writeAlgorithm = undefined;\n controller._closeAlgorithm = undefined;\n controller._abortAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\nfunction WritableStreamDefaultControllerClose(controller) {\n EnqueueValueWithSize(controller, closeSentinel, 0);\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\nfunction WritableStreamDefaultControllerGetChunkSize(controller, chunk) {\n try {\n return controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE);\n return 1;\n }\n}\nfunction WritableStreamDefaultControllerGetDesiredSize(controller) {\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) {\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE);\n return;\n }\n const stream = controller._controlledWritableStream;\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\n// Abstract operations for the WritableStreamDefaultController.\nfunction WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) {\n const stream = controller._controlledWritableStream;\n if (!controller._started) {\n return;\n }\n if (stream._inFlightWriteRequest !== undefined) {\n return;\n }\n const state = stream._state;\n if (state === 'erroring') {\n WritableStreamFinishErroring(stream);\n return;\n }\n if (controller._queue.length === 0) {\n return;\n }\n const value = PeekQueueValue(controller);\n if (value === closeSentinel) {\n WritableStreamDefaultControllerProcessClose(controller);\n }\n else {\n WritableStreamDefaultControllerProcessWrite(controller, value);\n }\n}\nfunction WritableStreamDefaultControllerErrorIfNeeded(controller, error) {\n if (controller._controlledWritableStream._state === 'writable') {\n WritableStreamDefaultControllerError(controller, error);\n }\n}\nfunction WritableStreamDefaultControllerProcessClose(controller) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkCloseRequestInFlight(stream);\n DequeueValue(controller);\n const sinkClosePromise = controller._closeAlgorithm();\n WritableStreamDefaultControllerClearAlgorithms(controller);\n uponPromise(sinkClosePromise, () => {\n WritableStreamFinishInFlightClose(stream);\n }, reason => {\n WritableStreamFinishInFlightCloseWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerProcessWrite(controller, chunk) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkFirstWriteRequestInFlight(stream);\n const sinkWritePromise = controller._writeAlgorithm(chunk);\n uponPromise(sinkWritePromise, () => {\n WritableStreamFinishInFlightWrite(stream);\n const state = stream._state;\n DequeueValue(controller);\n if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, reason => {\n if (stream._state === 'writable') {\n WritableStreamDefaultControllerClearAlgorithms(controller);\n }\n WritableStreamFinishInFlightWriteWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerGetBackpressure(controller) {\n const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller);\n return desiredSize <= 0;\n}\n// A client of WritableStreamDefaultController may use these functions directly to bypass state check.\nfunction WritableStreamDefaultControllerError(controller, error) {\n const stream = controller._controlledWritableStream;\n WritableStreamDefaultControllerClearAlgorithms(controller);\n WritableStreamStartErroring(stream, error);\n}\n// Helper functions for the WritableStream.\nfunction streamBrandCheckException$2(name) {\n return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`);\n}\n// Helper functions for the WritableStreamDefaultWriter.\nfunction defaultWriterBrandCheckException(name) {\n return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`);\n}\nfunction defaultWriterLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released writer');\n}\nfunction defaultWriterClosedPromiseInitialize(writer) {\n writer._closedPromise = newPromise((resolve, reject) => {\n writer._closedPromise_resolve = resolve;\n writer._closedPromise_reject = reject;\n writer._closedPromiseState = 'pending';\n });\n}\nfunction defaultWriterClosedPromiseInitializeAsRejected(writer, reason) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseReject(writer, reason);\n}\nfunction defaultWriterClosedPromiseInitializeAsResolved(writer) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseResolve(writer);\n}\nfunction defaultWriterClosedPromiseReject(writer, reason) {\n if (writer._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._closedPromise);\n writer._closedPromise_reject(reason);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'rejected';\n}\nfunction defaultWriterClosedPromiseResetToRejected(writer, reason) {\n defaultWriterClosedPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterClosedPromiseResolve(writer) {\n if (writer._closedPromise_resolve === undefined) {\n return;\n }\n writer._closedPromise_resolve(undefined);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'resolved';\n}\nfunction defaultWriterReadyPromiseInitialize(writer) {\n writer._readyPromise = newPromise((resolve, reject) => {\n writer._readyPromise_resolve = resolve;\n writer._readyPromise_reject = reject;\n });\n writer._readyPromiseState = 'pending';\n}\nfunction defaultWriterReadyPromiseInitializeAsRejected(writer, reason) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseReject(writer, reason);\n}\nfunction defaultWriterReadyPromiseInitializeAsResolved(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseResolve(writer);\n}\nfunction defaultWriterReadyPromiseReject(writer, reason) {\n if (writer._readyPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._readyPromise);\n writer._readyPromise_reject(reason);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'rejected';\n}\nfunction defaultWriterReadyPromiseReset(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n}\nfunction defaultWriterReadyPromiseResetToRejected(writer, reason) {\n defaultWriterReadyPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterReadyPromiseResolve(writer) {\n if (writer._readyPromise_resolve === undefined) {\n return;\n }\n writer._readyPromise_resolve(undefined);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'fulfilled';\n}\n\nfunction isAbortSignal(value) {\n if (typeof value !== 'object' || value === null) {\n return false;\n }\n try {\n return typeof value.aborted === 'boolean';\n }\n catch (_a) {\n // AbortSignal.prototype.aborted throws if its brand check fails\n return false;\n }\n}\n\n/// \nconst NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined;\n\n/// \nfunction isDOMExceptionConstructor(ctor) {\n if (!(typeof ctor === 'function' || typeof ctor === 'object')) {\n return false;\n }\n try {\n new ctor();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction createDOMExceptionPolyfill() {\n // eslint-disable-next-line no-shadow\n const ctor = function DOMException(message, name) {\n this.message = message || '';\n this.name = name || 'Error';\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n };\n ctor.prototype = Object.create(Error.prototype);\n Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true });\n return ctor;\n}\n// eslint-disable-next-line no-redeclare\nconst DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill();\n\nfunction ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) {\n const reader = AcquireReadableStreamDefaultReader(source);\n const writer = AcquireWritableStreamDefaultWriter(dest);\n source._disturbed = true;\n let shuttingDown = false;\n // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown.\n let currentWrite = promiseResolvedWith(undefined);\n return newPromise((resolve, reject) => {\n let abortAlgorithm;\n if (signal !== undefined) {\n abortAlgorithm = () => {\n const error = new DOMException$1('Aborted', 'AbortError');\n const actions = [];\n if (!preventAbort) {\n actions.push(() => {\n if (dest._state === 'writable') {\n return WritableStreamAbort(dest, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n if (!preventCancel) {\n actions.push(() => {\n if (source._state === 'readable') {\n return ReadableStreamCancel(source, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error);\n };\n if (signal.aborted) {\n abortAlgorithm();\n return;\n }\n signal.addEventListener('abort', abortAlgorithm);\n }\n // Using reader and writer, read all chunks from this and write them to dest\n // - Backpressure must be enforced\n // - Shutdown must stop all activity\n function pipeLoop() {\n return newPromise((resolveLoop, rejectLoop) => {\n function next(done) {\n if (done) {\n resolveLoop();\n }\n else {\n // Use `PerformPromiseThen` instead of `uponPromise` to avoid\n // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers\n PerformPromiseThen(pipeStep(), next, rejectLoop);\n }\n }\n next(false);\n });\n }\n function pipeStep() {\n if (shuttingDown) {\n return promiseResolvedWith(true);\n }\n return PerformPromiseThen(writer._readyPromise, () => {\n return newPromise((resolveRead, rejectRead) => {\n ReadableStreamDefaultReaderRead(reader, {\n _chunkSteps: chunk => {\n currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop);\n resolveRead(false);\n },\n _closeSteps: () => resolveRead(true),\n _errorSteps: rejectRead\n });\n });\n });\n }\n // Errors must be propagated forward\n isOrBecomesErrored(source, reader._closedPromise, storedError => {\n if (!preventAbort) {\n shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Errors must be propagated backward\n isOrBecomesErrored(dest, writer._closedPromise, storedError => {\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Closing must be propagated forward\n isOrBecomesClosed(source, reader._closedPromise, () => {\n if (!preventClose) {\n shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer));\n }\n else {\n shutdown();\n }\n });\n // Closing must be propagated backward\n if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') {\n const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it');\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed);\n }\n else {\n shutdown(true, destClosed);\n }\n }\n setPromiseIsHandledToTrue(pipeLoop());\n function waitForWritesToFinish() {\n // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait\n // for that too.\n const oldCurrentWrite = currentWrite;\n return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined);\n }\n function isOrBecomesErrored(stream, promise, action) {\n if (stream._state === 'errored') {\n action(stream._storedError);\n }\n else {\n uponRejection(promise, action);\n }\n }\n function isOrBecomesClosed(stream, promise, action) {\n if (stream._state === 'closed') {\n action();\n }\n else {\n uponFulfillment(promise, action);\n }\n }\n function shutdownWithAction(action, originalIsError, originalError) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), doTheRest);\n }\n else {\n doTheRest();\n }\n function doTheRest() {\n uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError));\n }\n }\n function shutdown(isError, error) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error));\n }\n else {\n finalize(isError, error);\n }\n }\n function finalize(isError, error) {\n WritableStreamDefaultWriterRelease(writer);\n ReadableStreamReaderGenericRelease(reader);\n if (signal !== undefined) {\n signal.removeEventListener('abort', abortAlgorithm);\n }\n if (isError) {\n reject(error);\n }\n else {\n resolve(undefined);\n }\n }\n });\n}\n\n/**\n * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('desiredSize');\n }\n return ReadableStreamDefaultControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('close');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits close');\n }\n ReadableStreamDefaultControllerClose(this);\n }\n enqueue(chunk = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('enqueue');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits enqueue');\n }\n return ReadableStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('error');\n }\n ReadableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableStream;\n if (this._queue.length > 0) {\n const chunk = DequeueValue(this);\n if (this._closeRequested && this._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(this);\n ReadableStreamClose(stream);\n }\n else {\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n readRequest._chunkSteps(chunk);\n }\n else {\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n }\n}\nObject.defineProperties(ReadableStreamDefaultController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableStreamDefaultController.\nfunction IsReadableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableStreamDefaultControllerError(controller, e);\n });\n}\nfunction ReadableStreamDefaultControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableStream;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableStreamDefaultControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\n// A client of ReadableStreamDefaultController may use these functions directly to bypass state check.\nfunction ReadableStreamDefaultControllerClose(controller) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n controller._closeRequested = true;\n if (controller._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n }\n}\nfunction ReadableStreamDefaultControllerEnqueue(controller, chunk) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n ReadableStreamFulfillReadRequest(stream, chunk, false);\n }\n else {\n let chunkSize;\n try {\n chunkSize = controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n ReadableStreamDefaultControllerError(controller, chunkSizeE);\n throw chunkSizeE;\n }\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n ReadableStreamDefaultControllerError(controller, enqueueE);\n throw enqueueE;\n }\n }\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n}\nfunction ReadableStreamDefaultControllerError(controller, e) {\n const stream = controller._controlledReadableStream;\n if (stream._state !== 'readable') {\n return;\n }\n ResetQueue(controller);\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableStreamDefaultControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\n// This is used in the implementation of TransformStream.\nfunction ReadableStreamDefaultControllerHasBackpressure(controller) {\n if (ReadableStreamDefaultControllerShouldCallPull(controller)) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) {\n const state = controller._controlledReadableStream._state;\n if (!controller._closeRequested && state === 'readable') {\n return true;\n }\n return false;\n}\nfunction SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledReadableStream = stream;\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._closeRequested = false;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableStreamDefaultControllerError(controller, r);\n });\n}\nfunction SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSource.start !== undefined) {\n startAlgorithm = () => underlyingSource.start(controller);\n }\n if (underlyingSource.pull !== undefined) {\n pullAlgorithm = () => underlyingSource.pull(controller);\n }\n if (underlyingSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingSource.cancel(reason);\n }\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// Helper functions for the ReadableStreamDefaultController.\nfunction defaultControllerBrandCheckException$1(name) {\n return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`);\n}\n\nfunction ReadableStreamTee(stream, cloneForBranch2) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n let reading = false;\n let canceled1 = false;\n let canceled2 = false;\n let reason1;\n let reason2;\n let branch1;\n let branch2;\n let resolveCancelPromise;\n const cancelPromise = newPromise(resolve => {\n resolveCancelPromise = resolve;\n });\n function pullAlgorithm() {\n if (reading) {\n return promiseResolvedWith(undefined);\n }\n reading = true;\n const readRequest = {\n _chunkSteps: value => {\n // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using\n // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let\n // successful synchronously-available reads get ahead of asynchronously-available errors.\n queueMicrotask(() => {\n reading = false;\n const value1 = value;\n const value2 = value;\n // There is no way to access the cloning code right now in the reference implementation.\n // If we add one then we'll need an implementation for serializable objects.\n // if (!canceled2 && cloneForBranch2) {\n // value2 = StructuredDeserialize(StructuredSerialize(value2));\n // }\n if (!canceled1) {\n ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2);\n }\n });\n },\n _closeSteps: () => {\n reading = false;\n if (!canceled1) {\n ReadableStreamDefaultControllerClose(branch1._readableStreamController);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerClose(branch2._readableStreamController);\n }\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n },\n _errorSteps: () => {\n reading = false;\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promiseResolvedWith(undefined);\n }\n function cancel1Algorithm(reason) {\n canceled1 = true;\n reason1 = reason;\n if (canceled2) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function cancel2Algorithm(reason) {\n canceled2 = true;\n reason2 = reason;\n if (canceled1) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function startAlgorithm() {\n // do nothing\n }\n branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm);\n branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm);\n uponRejection(reader._closedPromise, (r) => {\n ReadableStreamDefaultControllerError(branch1._readableStreamController, r);\n ReadableStreamDefaultControllerError(branch2._readableStreamController, r);\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n });\n return [branch1, branch2];\n}\n\nfunction convertUnderlyingDefaultOrByteSource(source, context) {\n assertDictionary(source, context);\n const original = source;\n const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize;\n const cancel = original === null || original === void 0 ? void 0 : original.cancel;\n const pull = original === null || original === void 0 ? void 0 : original.pull;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n return {\n autoAllocateChunkSize: autoAllocateChunkSize === undefined ?\n undefined :\n convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`),\n cancel: cancel === undefined ?\n undefined :\n convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`),\n pull: pull === undefined ?\n undefined :\n convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`),\n type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`)\n };\n}\nfunction convertUnderlyingSourceCancelCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSourcePullCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSourceStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertReadableStreamType(type, context) {\n type = `${type}`;\n if (type !== 'bytes') {\n throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`);\n }\n return type;\n}\n\nfunction convertReaderOptions(options, context) {\n assertDictionary(options, context);\n const mode = options === null || options === void 0 ? void 0 : options.mode;\n return {\n mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`)\n };\n}\nfunction convertReadableStreamReaderMode(mode, context) {\n mode = `${mode}`;\n if (mode !== 'byob') {\n throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`);\n }\n return mode;\n}\n\nfunction convertIteratorOptions(options, context) {\n assertDictionary(options, context);\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n return { preventCancel: Boolean(preventCancel) };\n}\n\nfunction convertPipeOptions(options, context) {\n assertDictionary(options, context);\n const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort;\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n const preventClose = options === null || options === void 0 ? void 0 : options.preventClose;\n const signal = options === null || options === void 0 ? void 0 : options.signal;\n if (signal !== undefined) {\n assertAbortSignal(signal, `${context} has member 'signal' that`);\n }\n return {\n preventAbort: Boolean(preventAbort),\n preventCancel: Boolean(preventCancel),\n preventClose: Boolean(preventClose),\n signal\n };\n}\nfunction assertAbortSignal(signal, context) {\n if (!isAbortSignal(signal)) {\n throw new TypeError(`${context} is not an AbortSignal.`);\n }\n}\n\nfunction convertReadableWritablePair(pair, context) {\n assertDictionary(pair, context);\n const readable = pair === null || pair === void 0 ? void 0 : pair.readable;\n assertRequiredField(readable, 'readable', 'ReadableWritablePair');\n assertReadableStream(readable, `${context} has member 'readable' that`);\n const writable = pair === null || pair === void 0 ? void 0 : pair.writable;\n assertRequiredField(writable, 'writable', 'ReadableWritablePair');\n assertWritableStream(writable, `${context} has member 'writable' that`);\n return { readable, writable };\n}\n\n/**\n * A readable stream represents a source of data, from which you can read.\n *\n * @public\n */\nclass ReadableStream {\n constructor(rawUnderlyingSource = {}, rawStrategy = {}) {\n if (rawUnderlyingSource === undefined) {\n rawUnderlyingSource = null;\n }\n else {\n assertObject(rawUnderlyingSource, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter');\n InitializeReadableStream(this);\n if (underlyingSource.type === 'bytes') {\n if (strategy.size !== undefined) {\n throw new RangeError('The strategy for a byte stream cannot have a size function');\n }\n const highWaterMark = ExtractHighWaterMark(strategy, 0);\n SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark);\n }\n else {\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm);\n }\n }\n /**\n * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}.\n */\n get locked() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('locked');\n }\n return IsReadableStreamLocked(this);\n }\n /**\n * Cancels the stream, signaling a loss of interest in the stream by a consumer.\n *\n * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()}\n * method, which might or might not use it.\n */\n cancel(reason = undefined) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('cancel'));\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader'));\n }\n return ReadableStreamCancel(this, reason);\n }\n getReader(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('getReader');\n }\n const options = convertReaderOptions(rawOptions, 'First parameter');\n if (options.mode === undefined) {\n return AcquireReadableStreamDefaultReader(this);\n }\n return AcquireReadableStreamBYOBReader(this);\n }\n pipeThrough(rawTransform, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('pipeThrough');\n }\n assertRequiredArgument(rawTransform, 1, 'pipeThrough');\n const transform = convertReadableWritablePair(rawTransform, 'First parameter');\n const options = convertPipeOptions(rawOptions, 'Second parameter');\n if (IsReadableStreamLocked(this)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream');\n }\n if (IsWritableStreamLocked(transform.writable)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream');\n }\n const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n setPromiseIsHandledToTrue(promise);\n return transform.readable;\n }\n pipeTo(destination, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('pipeTo'));\n }\n if (destination === undefined) {\n return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`);\n }\n if (!IsWritableStream(destination)) {\n return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`));\n }\n let options;\n try {\n options = convertPipeOptions(rawOptions, 'Second parameter');\n }\n catch (e) {\n return promiseRejectedWith(e);\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream'));\n }\n if (IsWritableStreamLocked(destination)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream'));\n }\n return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n }\n /**\n * Tees this readable stream, returning a two-element array containing the two resulting branches as\n * new {@link ReadableStream} instances.\n *\n * Teeing a stream will lock it, preventing any other consumer from acquiring a reader.\n * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be\n * propagated to the stream's underlying source.\n *\n * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable,\n * this could allow interference between the two branches.\n */\n tee() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('tee');\n }\n const branches = ReadableStreamTee(this);\n return CreateArrayFromList(branches);\n }\n values(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('values');\n }\n const options = convertIteratorOptions(rawOptions, 'First parameter');\n return AcquireReadableStreamAsyncIterator(this, options.preventCancel);\n }\n}\nObject.defineProperties(ReadableStream.prototype, {\n cancel: { enumerable: true },\n getReader: { enumerable: true },\n pipeThrough: { enumerable: true },\n pipeTo: { enumerable: true },\n tee: { enumerable: true },\n values: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStream',\n configurable: true\n });\n}\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, {\n value: ReadableStream.prototype.values,\n writable: true,\n configurable: true\n });\n}\n// Abstract operations for the ReadableStream.\n// Throws if and only if startAlgorithm throws.\nfunction CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(ReadableStream.prototype);\n InitializeReadableStream(stream);\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeReadableStream(stream) {\n stream._state = 'readable';\n stream._reader = undefined;\n stream._storedError = undefined;\n stream._disturbed = false;\n}\nfunction IsReadableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamLocked(stream) {\n if (stream._reader === undefined) {\n return false;\n }\n return true;\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamCancel(stream, reason) {\n stream._disturbed = true;\n if (stream._state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (stream._state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n ReadableStreamClose(stream);\n const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason);\n return transformPromiseWith(sourceCancelPromise, noop);\n}\nfunction ReadableStreamClose(stream) {\n stream._state = 'closed';\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseResolve(reader);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._closeSteps();\n });\n reader._readRequests = new SimpleQueue();\n }\n}\nfunction ReadableStreamError(stream, e) {\n stream._state = 'errored';\n stream._storedError = e;\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseReject(reader, e);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._errorSteps(e);\n });\n reader._readRequests = new SimpleQueue();\n }\n else {\n reader._readIntoRequests.forEach(readIntoRequest => {\n readIntoRequest._errorSteps(e);\n });\n reader._readIntoRequests = new SimpleQueue();\n }\n}\n// Helper functions for the ReadableStream.\nfunction streamBrandCheckException$1(name) {\n return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`);\n}\n\nfunction convertQueuingStrategyInit(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit');\n return {\n highWaterMark: convertUnrestrictedDouble(highWaterMark)\n };\n}\n\nconst byteLengthSizeFunction = function size(chunk) {\n return chunk.byteLength;\n};\n/**\n * A queuing strategy that counts the number of bytes in each chunk.\n *\n * @public\n */\nclass ByteLengthQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('highWaterMark');\n }\n return this._byteLengthQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by returning the value of its `byteLength` property.\n */\n get size() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('size');\n }\n return byteLengthSizeFunction;\n }\n}\nObject.defineProperties(ByteLengthQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'ByteLengthQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the ByteLengthQueuingStrategy.\nfunction byteLengthBrandCheckException(name) {\n return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`);\n}\nfunction IsByteLengthQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nconst countSizeFunction = function size() {\n return 1;\n};\n/**\n * A queuing strategy that counts the number of chunks.\n *\n * @public\n */\nclass CountQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'CountQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._countQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('highWaterMark');\n }\n return this._countQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by always returning 1.\n * This ensures that the total queue size is a count of the number of chunks in the queue.\n */\n get size() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('size');\n }\n return countSizeFunction;\n }\n}\nObject.defineProperties(CountQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'CountQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the CountQueuingStrategy.\nfunction countBrandCheckException(name) {\n return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`);\n}\nfunction IsCountQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nfunction convertTransformer(original, context) {\n assertDictionary(original, context);\n const flush = original === null || original === void 0 ? void 0 : original.flush;\n const readableType = original === null || original === void 0 ? void 0 : original.readableType;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const transform = original === null || original === void 0 ? void 0 : original.transform;\n const writableType = original === null || original === void 0 ? void 0 : original.writableType;\n return {\n flush: flush === undefined ?\n undefined :\n convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`),\n readableType,\n start: start === undefined ?\n undefined :\n convertTransformerStartCallback(start, original, `${context} has member 'start' that`),\n transform: transform === undefined ?\n undefined :\n convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`),\n writableType\n };\n}\nfunction convertTransformerFlushCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertTransformerStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertTransformerTransformCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\n// Class TransformStream\n/**\n * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream},\n * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side.\n * In a manner specific to the transform stream in question, writes to the writable side result in new data being\n * made available for reading from the readable side.\n *\n * @public\n */\nclass TransformStream {\n constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) {\n if (rawTransformer === undefined) {\n rawTransformer = null;\n }\n const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter');\n const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter');\n const transformer = convertTransformer(rawTransformer, 'First parameter');\n if (transformer.readableType !== undefined) {\n throw new RangeError('Invalid readableType specified');\n }\n if (transformer.writableType !== undefined) {\n throw new RangeError('Invalid writableType specified');\n }\n const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0);\n const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy);\n const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1);\n const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy);\n let startPromise_resolve;\n const startPromise = newPromise(resolve => {\n startPromise_resolve = resolve;\n });\n InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n SetUpTransformStreamDefaultControllerFromTransformer(this, transformer);\n if (transformer.start !== undefined) {\n startPromise_resolve(transformer.start(this._transformStreamController));\n }\n else {\n startPromise_resolve(undefined);\n }\n }\n /**\n * The readable side of the transform stream.\n */\n get readable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('readable');\n }\n return this._readable;\n }\n /**\n * The writable side of the transform stream.\n */\n get writable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('writable');\n }\n return this._writable;\n }\n}\nObject.defineProperties(TransformStream.prototype, {\n readable: { enumerable: true },\n writable: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStream',\n configurable: true\n });\n}\nfunction InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) {\n function startAlgorithm() {\n return startPromise;\n }\n function writeAlgorithm(chunk) {\n return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk);\n }\n function abortAlgorithm(reason) {\n return TransformStreamDefaultSinkAbortAlgorithm(stream, reason);\n }\n function closeAlgorithm() {\n return TransformStreamDefaultSinkCloseAlgorithm(stream);\n }\n stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm);\n function pullAlgorithm() {\n return TransformStreamDefaultSourcePullAlgorithm(stream);\n }\n function cancelAlgorithm(reason) {\n TransformStreamErrorWritableAndUnblockWrite(stream, reason);\n return promiseResolvedWith(undefined);\n }\n stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure.\n stream._backpressure = undefined;\n stream._backpressureChangePromise = undefined;\n stream._backpressureChangePromise_resolve = undefined;\n TransformStreamSetBackpressure(stream, true);\n stream._transformStreamController = undefined;\n}\nfunction IsTransformStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) {\n return false;\n }\n return true;\n}\n// This is a no-op if both sides are already errored.\nfunction TransformStreamError(stream, e) {\n ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e);\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n}\nfunction TransformStreamErrorWritableAndUnblockWrite(stream, e) {\n TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController);\n WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e);\n if (stream._backpressure) {\n // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure()\n // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time\n // _backpressure is set.\n TransformStreamSetBackpressure(stream, false);\n }\n}\nfunction TransformStreamSetBackpressure(stream, backpressure) {\n // Passes also when called during construction.\n if (stream._backpressureChangePromise !== undefined) {\n stream._backpressureChangePromise_resolve();\n }\n stream._backpressureChangePromise = newPromise(resolve => {\n stream._backpressureChangePromise_resolve = resolve;\n });\n stream._backpressure = backpressure;\n}\n// Class TransformStreamDefaultController\n/**\n * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}.\n *\n * @public\n */\nclass TransformStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full.\n */\n get desiredSize() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('desiredSize');\n }\n const readableController = this._controlledTransformStream._readable._readableStreamController;\n return ReadableStreamDefaultControllerGetDesiredSize(readableController);\n }\n enqueue(chunk = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('enqueue');\n }\n TransformStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors both the readable side and the writable side of the controlled transform stream, making all future\n * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded.\n */\n error(reason = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('error');\n }\n TransformStreamDefaultControllerError(this, reason);\n }\n /**\n * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the\n * transformer only needs to consume a portion of the chunks written to the writable side.\n */\n terminate() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('terminate');\n }\n TransformStreamDefaultControllerTerminate(this);\n }\n}\nObject.defineProperties(TransformStreamDefaultController.prototype, {\n enqueue: { enumerable: true },\n error: { enumerable: true },\n terminate: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStreamDefaultController',\n configurable: true\n });\n}\n// Transform Stream Default Controller Abstract Operations\nfunction IsTransformStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) {\n controller._controlledTransformStream = stream;\n stream._transformStreamController = controller;\n controller._transformAlgorithm = transformAlgorithm;\n controller._flushAlgorithm = flushAlgorithm;\n}\nfunction SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) {\n const controller = Object.create(TransformStreamDefaultController.prototype);\n let transformAlgorithm = (chunk) => {\n try {\n TransformStreamDefaultControllerEnqueue(controller, chunk);\n return promiseResolvedWith(undefined);\n }\n catch (transformResultE) {\n return promiseRejectedWith(transformResultE);\n }\n };\n let flushAlgorithm = () => promiseResolvedWith(undefined);\n if (transformer.transform !== undefined) {\n transformAlgorithm = chunk => transformer.transform(chunk, controller);\n }\n if (transformer.flush !== undefined) {\n flushAlgorithm = () => transformer.flush(controller);\n }\n SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm);\n}\nfunction TransformStreamDefaultControllerClearAlgorithms(controller) {\n controller._transformAlgorithm = undefined;\n controller._flushAlgorithm = undefined;\n}\nfunction TransformStreamDefaultControllerEnqueue(controller, chunk) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) {\n throw new TypeError('Readable side is not in a state that permits enqueue');\n }\n // We throttle transform invocations based on the backpressure of the ReadableStream, but we still\n // accept TransformStreamDefaultControllerEnqueue() calls.\n try {\n ReadableStreamDefaultControllerEnqueue(readableController, chunk);\n }\n catch (e) {\n // This happens when readableStrategy.size() throws.\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n throw stream._readable._storedError;\n }\n const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController);\n if (backpressure !== stream._backpressure) {\n TransformStreamSetBackpressure(stream, true);\n }\n}\nfunction TransformStreamDefaultControllerError(controller, e) {\n TransformStreamError(controller._controlledTransformStream, e);\n}\nfunction TransformStreamDefaultControllerPerformTransform(controller, chunk) {\n const transformPromise = controller._transformAlgorithm(chunk);\n return transformPromiseWith(transformPromise, undefined, r => {\n TransformStreamError(controller._controlledTransformStream, r);\n throw r;\n });\n}\nfunction TransformStreamDefaultControllerTerminate(controller) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n ReadableStreamDefaultControllerClose(readableController);\n const error = new TypeError('TransformStream terminated');\n TransformStreamErrorWritableAndUnblockWrite(stream, error);\n}\n// TransformStreamDefaultSink Algorithms\nfunction TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) {\n const controller = stream._transformStreamController;\n if (stream._backpressure) {\n const backpressureChangePromise = stream._backpressureChangePromise;\n return transformPromiseWith(backpressureChangePromise, () => {\n const writable = stream._writable;\n const state = writable._state;\n if (state === 'erroring') {\n throw writable._storedError;\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n });\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n}\nfunction TransformStreamDefaultSinkAbortAlgorithm(stream, reason) {\n // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already\n // errored.\n TransformStreamError(stream, reason);\n return promiseResolvedWith(undefined);\n}\nfunction TransformStreamDefaultSinkCloseAlgorithm(stream) {\n // stream._readable cannot change after construction, so caching it across a call to user code is safe.\n const readable = stream._readable;\n const controller = stream._transformStreamController;\n const flushPromise = controller._flushAlgorithm();\n TransformStreamDefaultControllerClearAlgorithms(controller);\n // Return a promise that is fulfilled with undefined on success.\n return transformPromiseWith(flushPromise, () => {\n if (readable._state === 'errored') {\n throw readable._storedError;\n }\n ReadableStreamDefaultControllerClose(readable._readableStreamController);\n }, r => {\n TransformStreamError(stream, r);\n throw readable._storedError;\n });\n}\n// TransformStreamDefaultSource Algorithms\nfunction TransformStreamDefaultSourcePullAlgorithm(stream) {\n // Invariant. Enforced by the promises returned by start() and pull().\n TransformStreamSetBackpressure(stream, false);\n // Prevent the next pull() call until there is backpressure.\n return stream._backpressureChangePromise;\n}\n// Helper functions for the TransformStreamDefaultController.\nfunction defaultControllerBrandCheckException(name) {\n return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`);\n}\n// Helper functions for the TransformStream.\nfunction streamBrandCheckException(name) {\n return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`);\n}\n\nexport { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter };\n//# sourceMappingURL=ponyfill.es6.mjs.map\n","/*! *****************************************************************************\nCopyright (c) Microsoft Corporation.\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\nPERFORMANCE OF THIS SOFTWARE.\n***************************************************************************** */\n/* global Reflect, Promise */\n\nvar extendStatics = function(d, b) {\n extendStatics = Object.setPrototypeOf ||\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\n return extendStatics(d, b);\n};\n\nfunction __extends(d, b) {\n if (typeof b !== \"function\" && b !== null)\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\n extendStatics(d, b);\n function __() { this.constructor = d; }\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\n}\n\nfunction assert(test) {\n if (!test) {\n throw new TypeError('Assertion failed');\n }\n}\n\nfunction noop() {\n return;\n}\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\n\nfunction isStreamConstructor(ctor) {\n if (typeof ctor !== 'function') {\n return false;\n }\n var startCalled = false;\n try {\n new ctor({\n start: function () {\n startCalled = true;\n }\n });\n }\n catch (e) {\n // ignore\n }\n return startCalled;\n}\nfunction isReadableStream(readable) {\n if (!typeIsObject(readable)) {\n return false;\n }\n if (typeof readable.getReader !== 'function') {\n return false;\n }\n return true;\n}\nfunction isReadableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isReadableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isWritableStream(writable) {\n if (!typeIsObject(writable)) {\n return false;\n }\n if (typeof writable.getWriter !== 'function') {\n return false;\n }\n return true;\n}\nfunction isWritableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isWritableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isTransformStream(transform) {\n if (!typeIsObject(transform)) {\n return false;\n }\n if (!isReadableStream(transform.readable)) {\n return false;\n }\n if (!isWritableStream(transform.writable)) {\n return false;\n }\n return true;\n}\nfunction isTransformStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isTransformStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction supportsByobReader(readable) {\n try {\n var reader = readable.getReader({ mode: 'byob' });\n reader.releaseLock();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction supportsByteSource(ctor) {\n try {\n new ctor({ type: 'bytes' });\n return true;\n }\n catch (_a) {\n return false;\n }\n}\n\nfunction createReadableStreamWrapper(ctor) {\n assert(isReadableStreamConstructor(ctor));\n var byteSourceSupported = supportsByteSource(ctor);\n return function (readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n type = parseReadableType(type);\n if (type === 'bytes' && !byteSourceSupported) {\n type = undefined;\n }\n if (readable.constructor === ctor) {\n if (type !== 'bytes' || supportsByobReader(readable)) {\n return readable;\n }\n }\n if (type === 'bytes') {\n var source = createWrappingReadableSource(readable, { type: type });\n return new ctor(source);\n }\n else {\n var source = createWrappingReadableSource(readable);\n return new ctor(source);\n }\n };\n}\nfunction createWrappingReadableSource(readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n assert(isReadableStream(readable));\n assert(readable.locked === false);\n type = parseReadableType(type);\n var source;\n if (type === 'bytes') {\n source = new WrappingReadableByteStreamSource(readable);\n }\n else {\n source = new WrappingReadableStreamDefaultSource(readable);\n }\n return source;\n}\nfunction parseReadableType(type) {\n var typeString = String(type);\n if (typeString === 'bytes') {\n return typeString;\n }\n else if (type === undefined) {\n return type;\n }\n else {\n throw new RangeError('Invalid type is specified');\n }\n}\nvar AbstractWrappingReadableStreamSource = /** @class */ (function () {\n function AbstractWrappingReadableStreamSource(underlyingStream) {\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n this._readableStreamController = undefined;\n this._pendingRead = undefined;\n this._underlyingStream = underlyingStream;\n // always keep a reader attached to detect close/error\n this._attachDefaultReader();\n }\n AbstractWrappingReadableStreamSource.prototype.start = function (controller) {\n this._readableStreamController = controller;\n };\n AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) {\n assert(this._underlyingReader !== undefined);\n return this._underlyingReader.cancel(reason);\n };\n AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () {\n if (this._readerMode === \"default\" /* DEFAULT */) {\n return;\n }\n this._detachReader();\n var reader = this._underlyingStream.getReader();\n this._readerMode = \"default\" /* DEFAULT */;\n this._attachReader(reader);\n };\n AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) {\n var _this = this;\n assert(this._underlyingReader === undefined);\n this._underlyingReader = reader;\n var closed = this._underlyingReader.closed;\n if (!closed) {\n return;\n }\n closed\n .then(function () { return _this._finishPendingRead(); })\n .then(function () {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.close();\n }\n }, function (reason) {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.error(reason);\n }\n })\n .catch(noop);\n };\n AbstractWrappingReadableStreamSource.prototype._detachReader = function () {\n if (this._underlyingReader === undefined) {\n return;\n }\n this._underlyingReader.releaseLock();\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n };\n AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () {\n var _this = this;\n this._attachDefaultReader();\n // TODO Backpressure?\n var read = this._underlyingReader.read()\n .then(function (result) {\n var controller = _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n }\n else {\n controller.enqueue(result.value);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n AbstractWrappingReadableStreamSource.prototype._tryClose = function () {\n try {\n this._readableStreamController.close();\n }\n catch (_a) {\n // already errored or closed\n }\n };\n AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) {\n var _this = this;\n var pendingRead;\n var finishRead = function () {\n if (_this._pendingRead === pendingRead) {\n _this._pendingRead = undefined;\n }\n };\n this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead);\n };\n AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () {\n var _this = this;\n if (!this._pendingRead) {\n return undefined;\n }\n var afterRead = function () { return _this._finishPendingRead(); };\n return this._pendingRead.then(afterRead, afterRead);\n };\n return AbstractWrappingReadableStreamSource;\n}());\nvar WrappingReadableStreamDefaultSource = /** @class */ (function (_super) {\n __extends(WrappingReadableStreamDefaultSource, _super);\n function WrappingReadableStreamDefaultSource() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n WrappingReadableStreamDefaultSource.prototype.pull = function () {\n return this._pullWithDefaultReader();\n };\n return WrappingReadableStreamDefaultSource;\n}(AbstractWrappingReadableStreamSource));\nfunction toUint8Array(view) {\n return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);\n}\nfunction copyArrayBufferView(from, to) {\n var fromArray = toUint8Array(from);\n var toArray = toUint8Array(to);\n toArray.set(fromArray, 0);\n}\nvar WrappingReadableByteStreamSource = /** @class */ (function (_super) {\n __extends(WrappingReadableByteStreamSource, _super);\n function WrappingReadableByteStreamSource(underlyingStream) {\n var _this = this;\n var supportsByob = supportsByobReader(underlyingStream);\n _this = _super.call(this, underlyingStream) || this;\n _this._supportsByob = supportsByob;\n return _this;\n }\n Object.defineProperty(WrappingReadableByteStreamSource.prototype, \"type\", {\n get: function () {\n return 'bytes';\n },\n enumerable: false,\n configurable: true\n });\n WrappingReadableByteStreamSource.prototype._attachByobReader = function () {\n if (this._readerMode === \"byob\" /* BYOB */) {\n return;\n }\n assert(this._supportsByob);\n this._detachReader();\n var reader = this._underlyingStream.getReader({ mode: 'byob' });\n this._readerMode = \"byob\" /* BYOB */;\n this._attachReader(reader);\n };\n WrappingReadableByteStreamSource.prototype.pull = function () {\n if (this._supportsByob) {\n var byobRequest = this._readableStreamController.byobRequest;\n if (byobRequest) {\n return this._pullWithByobRequest(byobRequest);\n }\n }\n return this._pullWithDefaultReader();\n };\n WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) {\n var _this = this;\n this._attachByobReader();\n // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly\n // create a separate buffer to read into, then copy that to byobRequest.view\n var buffer = new Uint8Array(byobRequest.view.byteLength);\n // TODO Backpressure?\n var read = this._underlyingReader.read(buffer)\n .then(function (result) {\n _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n byobRequest.respond(0);\n }\n else {\n copyArrayBufferView(result.value, byobRequest.view);\n byobRequest.respond(result.value.byteLength);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n return WrappingReadableByteStreamSource;\n}(AbstractWrappingReadableStreamSource));\n\nfunction createWritableStreamWrapper(ctor) {\n assert(isWritableStreamConstructor(ctor));\n return function (writable) {\n if (writable.constructor === ctor) {\n return writable;\n }\n var sink = createWrappingWritableSink(writable);\n return new ctor(sink);\n };\n}\nfunction createWrappingWritableSink(writable) {\n assert(isWritableStream(writable));\n assert(writable.locked === false);\n var writer = writable.getWriter();\n return new WrappingWritableStreamSink(writer);\n}\nvar WrappingWritableStreamSink = /** @class */ (function () {\n function WrappingWritableStreamSink(underlyingWriter) {\n var _this = this;\n this._writableStreamController = undefined;\n this._pendingWrite = undefined;\n this._state = \"writable\" /* WRITABLE */;\n this._storedError = undefined;\n this._underlyingWriter = underlyingWriter;\n this._errorPromise = new Promise(function (resolve, reject) {\n _this._errorPromiseReject = reject;\n });\n this._errorPromise.catch(noop);\n }\n WrappingWritableStreamSink.prototype.start = function (controller) {\n var _this = this;\n this._writableStreamController = controller;\n this._underlyingWriter.closed\n .then(function () {\n _this._state = \"closed\" /* CLOSED */;\n })\n .catch(function (reason) { return _this._finishErroring(reason); });\n };\n WrappingWritableStreamSink.prototype.write = function (chunk) {\n var _this = this;\n var writer = this._underlyingWriter;\n // Detect past errors\n if (writer.desiredSize === null) {\n return writer.ready;\n }\n var writeRequest = writer.write(chunk);\n // Detect future errors\n writeRequest.catch(function (reason) { return _this._finishErroring(reason); });\n writer.ready.catch(function (reason) { return _this._startErroring(reason); });\n // Reject write when errored\n var write = Promise.race([writeRequest, this._errorPromise]);\n this._setPendingWrite(write);\n return write;\n };\n WrappingWritableStreamSink.prototype.close = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return this._underlyingWriter.close();\n }\n return this._finishPendingWrite().then(function () { return _this.close(); });\n };\n WrappingWritableStreamSink.prototype.abort = function (reason) {\n if (this._state === \"errored\" /* ERRORED */) {\n return undefined;\n }\n var writer = this._underlyingWriter;\n return writer.abort(reason);\n };\n WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) {\n var _this = this;\n var pendingWrite;\n var finishWrite = function () {\n if (_this._pendingWrite === pendingWrite) {\n _this._pendingWrite = undefined;\n }\n };\n this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite);\n };\n WrappingWritableStreamSink.prototype._finishPendingWrite = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return Promise.resolve();\n }\n var afterWrite = function () { return _this._finishPendingWrite(); };\n return this._pendingWrite.then(afterWrite, afterWrite);\n };\n WrappingWritableStreamSink.prototype._startErroring = function (reason) {\n var _this = this;\n if (this._state === \"writable\" /* WRITABLE */) {\n this._state = \"erroring\" /* ERRORING */;\n this._storedError = reason;\n var afterWrite = function () { return _this._finishErroring(reason); };\n if (this._pendingWrite === undefined) {\n afterWrite();\n }\n else {\n this._finishPendingWrite().then(afterWrite, afterWrite);\n }\n this._writableStreamController.error(reason);\n }\n };\n WrappingWritableStreamSink.prototype._finishErroring = function (reason) {\n if (this._state === \"writable\" /* WRITABLE */) {\n this._startErroring(reason);\n }\n if (this._state === \"erroring\" /* ERRORING */) {\n this._state = \"errored\" /* ERRORED */;\n this._errorPromiseReject(this._storedError);\n }\n };\n return WrappingWritableStreamSink;\n}());\n\nfunction createTransformStreamWrapper(ctor) {\n assert(isTransformStreamConstructor(ctor));\n return function (transform) {\n if (transform.constructor === ctor) {\n return transform;\n }\n var transformer = createWrappingTransformer(transform);\n return new ctor(transformer);\n };\n}\nfunction createWrappingTransformer(transform) {\n assert(isTransformStream(transform));\n var readable = transform.readable, writable = transform.writable;\n assert(readable.locked === false);\n assert(writable.locked === false);\n var reader = readable.getReader();\n var writer;\n try {\n writer = writable.getWriter();\n }\n catch (e) {\n reader.releaseLock(); // do not leak reader\n throw e;\n }\n return new WrappingTransformStreamTransformer(reader, writer);\n}\nvar WrappingTransformStreamTransformer = /** @class */ (function () {\n function WrappingTransformStreamTransformer(reader, writer) {\n var _this = this;\n this._transformStreamController = undefined;\n this._onRead = function (result) {\n if (result.done) {\n return;\n }\n _this._transformStreamController.enqueue(result.value);\n return _this._reader.read().then(_this._onRead);\n };\n this._onError = function (reason) {\n _this._flushReject(reason);\n _this._transformStreamController.error(reason);\n _this._reader.cancel(reason).catch(noop);\n _this._writer.abort(reason).catch(noop);\n };\n this._onTerminate = function () {\n _this._flushResolve();\n _this._transformStreamController.terminate();\n var error = new TypeError('TransformStream terminated');\n _this._writer.abort(error).catch(noop);\n };\n this._reader = reader;\n this._writer = writer;\n this._flushPromise = new Promise(function (resolve, reject) {\n _this._flushResolve = resolve;\n _this._flushReject = reject;\n });\n }\n WrappingTransformStreamTransformer.prototype.start = function (controller) {\n this._transformStreamController = controller;\n this._reader.read()\n .then(this._onRead)\n .then(this._onTerminate, this._onError);\n var readerClosed = this._reader.closed;\n if (readerClosed) {\n readerClosed\n .then(this._onTerminate, this._onError);\n }\n };\n WrappingTransformStreamTransformer.prototype.transform = function (chunk) {\n return this._writer.write(chunk);\n };\n WrappingTransformStreamTransformer.prototype.flush = function () {\n var _this = this;\n return this._writer.close()\n .then(function () { return _this._flushPromise; });\n };\n return WrappingTransformStreamTransformer;\n}());\n\nexport { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper };\n//# sourceMappingURL=web-streams-adapter.mjs.map\n","(function (module, exports) {\n 'use strict';\n\n // Utils\n function assert (val, msg) {\n if (!val) throw new Error(msg || 'Assertion failed');\n }\n\n // Could use `inherits` module, but don't want to move from single file\n // architecture yet.\n function inherits (ctor, superCtor) {\n ctor.super_ = superCtor;\n var TempCtor = function () {};\n TempCtor.prototype = superCtor.prototype;\n ctor.prototype = new TempCtor();\n ctor.prototype.constructor = ctor;\n }\n\n // BN\n\n function BN (number, base, endian) {\n if (BN.isBN(number)) {\n return number;\n }\n\n this.negative = 0;\n this.words = null;\n this.length = 0;\n\n // Reduction context\n this.red = null;\n\n if (number !== null) {\n if (base === 'le' || base === 'be') {\n endian = base;\n base = 10;\n }\n\n this._init(number || 0, base || 10, endian || 'be');\n }\n }\n if (typeof module === 'object') {\n module.exports = BN;\n } else {\n exports.BN = BN;\n }\n\n BN.BN = BN;\n BN.wordSize = 26;\n\n var Buffer;\n try {\n Buffer = require('buffer').Buffer;\n } catch (e) {\n }\n\n BN.isBN = function isBN (num) {\n if (num instanceof BN) {\n return true;\n }\n\n return num !== null && typeof num === 'object' &&\n num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);\n };\n\n BN.max = function max (left, right) {\n if (left.cmp(right) > 0) return left;\n return right;\n };\n\n BN.min = function min (left, right) {\n if (left.cmp(right) < 0) return left;\n return right;\n };\n\n BN.prototype._init = function init (number, base, endian) {\n if (typeof number === 'number') {\n return this._initNumber(number, base, endian);\n }\n\n if (typeof number === 'object') {\n return this._initArray(number, base, endian);\n }\n\n if (base === 'hex') {\n base = 16;\n }\n assert(base === (base | 0) && base >= 2 && base <= 36);\n\n number = number.toString().replace(/\\s+/g, '');\n var start = 0;\n if (number[0] === '-') {\n start++;\n }\n\n if (base === 16) {\n this._parseHex(number, start);\n } else {\n this._parseBase(number, base, start);\n }\n\n if (number[0] === '-') {\n this.negative = 1;\n }\n\n this.strip();\n\n if (endian !== 'le') return;\n\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initNumber = function _initNumber (number, base, endian) {\n if (number < 0) {\n this.negative = 1;\n number = -number;\n }\n if (number < 0x4000000) {\n this.words = [ number & 0x3ffffff ];\n this.length = 1;\n } else if (number < 0x10000000000000) {\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff\n ];\n this.length = 2;\n } else {\n assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff,\n 1\n ];\n this.length = 3;\n }\n\n if (endian !== 'le') return;\n\n // Reverse the bytes\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initArray = function _initArray (number, base, endian) {\n // Perhaps a Uint8Array\n assert(typeof number.length === 'number');\n if (number.length <= 0) {\n this.words = [ 0 ];\n this.length = 1;\n return this;\n }\n\n this.length = Math.ceil(number.length / 3);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n var off = 0;\n if (endian === 'be') {\n for (i = number.length - 1, j = 0; i >= 0; i -= 3) {\n w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n } else if (endian === 'le') {\n for (i = 0, j = 0; i < number.length; i += 3) {\n w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n }\n return this.strip();\n };\n\n function parseHex (str, start, end) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r <<= 4;\n\n // 'a' - 'f'\n if (c >= 49 && c <= 54) {\n r |= c - 49 + 0xa;\n\n // 'A' - 'F'\n } else if (c >= 17 && c <= 22) {\n r |= c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r |= c & 0xf;\n }\n }\n return r;\n }\n\n BN.prototype._parseHex = function _parseHex (number, start) {\n // Create possibly bigger array to ensure that it fits the number\n this.length = Math.ceil((number.length - start) / 6);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n // Scan 24-bit chunks and add them to the number\n var off = 0;\n for (i = number.length - 6, j = 0; i >= start; i -= 6) {\n w = parseHex(number, i, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n if (i + 6 !== start) {\n w = parseHex(number, start, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n }\n this.strip();\n };\n\n function parseBase (str, start, end, mul) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r *= mul;\n\n // 'a'\n if (c >= 49) {\n r += c - 49 + 0xa;\n\n // 'A'\n } else if (c >= 17) {\n r += c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r += c;\n }\n }\n return r;\n }\n\n BN.prototype._parseBase = function _parseBase (number, base, start) {\n // Initialize as zero\n this.words = [ 0 ];\n this.length = 1;\n\n // Find length of limb in base\n for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {\n limbLen++;\n }\n limbLen--;\n limbPow = (limbPow / base) | 0;\n\n var total = number.length - start;\n var mod = total % limbLen;\n var end = Math.min(total, total - mod) + start;\n\n var word = 0;\n for (var i = start; i < end; i += limbLen) {\n word = parseBase(number, i, i + limbLen, base);\n\n this.imuln(limbPow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n\n if (mod !== 0) {\n var pow = 1;\n word = parseBase(number, i, number.length, base);\n\n for (i = 0; i < mod; i++) {\n pow *= base;\n }\n\n this.imuln(pow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n };\n\n BN.prototype.copy = function copy (dest) {\n dest.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n dest.words[i] = this.words[i];\n }\n dest.length = this.length;\n dest.negative = this.negative;\n dest.red = this.red;\n };\n\n BN.prototype.clone = function clone () {\n var r = new BN(null);\n this.copy(r);\n return r;\n };\n\n BN.prototype._expand = function _expand (size) {\n while (this.length < size) {\n this.words[this.length++] = 0;\n }\n return this;\n };\n\n // Remove leading `0` from `this`\n BN.prototype.strip = function strip () {\n while (this.length > 1 && this.words[this.length - 1] === 0) {\n this.length--;\n }\n return this._normSign();\n };\n\n BN.prototype._normSign = function _normSign () {\n // -0 = 0\n if (this.length === 1 && this.words[0] === 0) {\n this.negative = 0;\n }\n return this;\n };\n\n BN.prototype.inspect = function inspect () {\n return (this.red ? '';\n };\n\n /*\n\n var zeros = [];\n var groupSizes = [];\n var groupBases = [];\n\n var s = '';\n var i = -1;\n while (++i < BN.wordSize) {\n zeros[i] = s;\n s += '0';\n }\n groupSizes[0] = 0;\n groupSizes[1] = 0;\n groupBases[0] = 0;\n groupBases[1] = 0;\n var base = 2 - 1;\n while (++base < 36 + 1) {\n var groupSize = 0;\n var groupBase = 1;\n while (groupBase < (1 << BN.wordSize) / base) {\n groupBase *= base;\n groupSize += 1;\n }\n groupSizes[base] = groupSize;\n groupBases[base] = groupBase;\n }\n\n */\n\n var zeros = [\n '',\n '0',\n '00',\n '000',\n '0000',\n '00000',\n '000000',\n '0000000',\n '00000000',\n '000000000',\n '0000000000',\n '00000000000',\n '000000000000',\n '0000000000000',\n '00000000000000',\n '000000000000000',\n '0000000000000000',\n '00000000000000000',\n '000000000000000000',\n '0000000000000000000',\n '00000000000000000000',\n '000000000000000000000',\n '0000000000000000000000',\n '00000000000000000000000',\n '000000000000000000000000',\n '0000000000000000000000000'\n ];\n\n var groupSizes = [\n 0, 0,\n 25, 16, 12, 11, 10, 9, 8,\n 8, 7, 7, 7, 7, 6, 6,\n 6, 6, 6, 6, 6, 5, 5,\n 5, 5, 5, 5, 5, 5, 5,\n 5, 5, 5, 5, 5, 5, 5\n ];\n\n var groupBases = [\n 0, 0,\n 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,\n 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,\n 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,\n 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,\n 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176\n ];\n\n BN.prototype.toString = function toString (base, padding) {\n base = base || 10;\n padding = padding | 0 || 1;\n\n var out;\n if (base === 16 || base === 'hex') {\n out = '';\n var off = 0;\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = this.words[i];\n var word = (((w << off) | carry) & 0xffffff).toString(16);\n carry = (w >>> (24 - off)) & 0xffffff;\n if (carry !== 0 || i !== this.length - 1) {\n out = zeros[6 - word.length] + word + out;\n } else {\n out = word + out;\n }\n off += 2;\n if (off >= 26) {\n off -= 26;\n i--;\n }\n }\n if (carry !== 0) {\n out = carry.toString(16) + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n if (base === (base | 0) && base >= 2 && base <= 36) {\n // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));\n var groupSize = groupSizes[base];\n // var groupBase = Math.pow(base, groupSize);\n var groupBase = groupBases[base];\n out = '';\n var c = this.clone();\n c.negative = 0;\n while (!c.isZero()) {\n var r = c.modn(groupBase).toString(base);\n c = c.idivn(groupBase);\n\n if (!c.isZero()) {\n out = zeros[groupSize - r.length] + r + out;\n } else {\n out = r + out;\n }\n }\n if (this.isZero()) {\n out = '0' + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n assert(false, 'Base should be between 2 and 36');\n };\n\n BN.prototype.toNumber = function toNumber () {\n var ret = this.words[0];\n if (this.length === 2) {\n ret += this.words[1] * 0x4000000;\n } else if (this.length === 3 && this.words[2] === 0x01) {\n // NOTE: at this stage it is known that the top bit is set\n ret += 0x10000000000000 + (this.words[1] * 0x4000000);\n } else if (this.length > 2) {\n assert(false, 'Number can only safely store up to 53 bits');\n }\n return (this.negative !== 0) ? -ret : ret;\n };\n\n BN.prototype.toJSON = function toJSON () {\n return this.toString(16);\n };\n\n BN.prototype.toBuffer = function toBuffer (endian, length) {\n assert(typeof Buffer !== 'undefined');\n return this.toArrayLike(Buffer, endian, length);\n };\n\n BN.prototype.toArray = function toArray (endian, length) {\n return this.toArrayLike(Array, endian, length);\n };\n\n BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {\n var byteLength = this.byteLength();\n var reqLength = length || Math.max(1, byteLength);\n assert(byteLength <= reqLength, 'byte array longer than desired length');\n assert(reqLength > 0, 'Requested array length <= 0');\n\n this.strip();\n var littleEndian = endian === 'le';\n var res = new ArrayType(reqLength);\n\n var b, i;\n var q = this.clone();\n if (!littleEndian) {\n // Assume big-endian\n for (i = 0; i < reqLength - byteLength; i++) {\n res[i] = 0;\n }\n\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[reqLength - i - 1] = b;\n }\n } else {\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[i] = b;\n }\n\n for (; i < reqLength; i++) {\n res[i] = 0;\n }\n }\n\n return res;\n };\n\n if (Math.clz32) {\n BN.prototype._countBits = function _countBits (w) {\n return 32 - Math.clz32(w);\n };\n } else {\n BN.prototype._countBits = function _countBits (w) {\n var t = w;\n var r = 0;\n if (t >= 0x1000) {\n r += 13;\n t >>>= 13;\n }\n if (t >= 0x40) {\n r += 7;\n t >>>= 7;\n }\n if (t >= 0x8) {\n r += 4;\n t >>>= 4;\n }\n if (t >= 0x02) {\n r += 2;\n t >>>= 2;\n }\n return r + t;\n };\n }\n\n BN.prototype._zeroBits = function _zeroBits (w) {\n // Short-cut\n if (w === 0) return 26;\n\n var t = w;\n var r = 0;\n if ((t & 0x1fff) === 0) {\n r += 13;\n t >>>= 13;\n }\n if ((t & 0x7f) === 0) {\n r += 7;\n t >>>= 7;\n }\n if ((t & 0xf) === 0) {\n r += 4;\n t >>>= 4;\n }\n if ((t & 0x3) === 0) {\n r += 2;\n t >>>= 2;\n }\n if ((t & 0x1) === 0) {\n r++;\n }\n return r;\n };\n\n // Return number of used bits in a BN\n BN.prototype.bitLength = function bitLength () {\n var w = this.words[this.length - 1];\n var hi = this._countBits(w);\n return (this.length - 1) * 26 + hi;\n };\n\n function toBitArray (num) {\n var w = new Array(num.bitLength());\n\n for (var bit = 0; bit < w.length; bit++) {\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;\n }\n\n return w;\n }\n\n // Number of trailing zero bits\n BN.prototype.zeroBits = function zeroBits () {\n if (this.isZero()) return 0;\n\n var r = 0;\n for (var i = 0; i < this.length; i++) {\n var b = this._zeroBits(this.words[i]);\n r += b;\n if (b !== 26) break;\n }\n return r;\n };\n\n BN.prototype.byteLength = function byteLength () {\n return Math.ceil(this.bitLength() / 8);\n };\n\n BN.prototype.toTwos = function toTwos (width) {\n if (this.negative !== 0) {\n return this.abs().inotn(width).iaddn(1);\n }\n return this.clone();\n };\n\n BN.prototype.fromTwos = function fromTwos (width) {\n if (this.testn(width - 1)) {\n return this.notn(width).iaddn(1).ineg();\n }\n return this.clone();\n };\n\n BN.prototype.isNeg = function isNeg () {\n return this.negative !== 0;\n };\n\n // Return negative clone of `this`\n BN.prototype.neg = function neg () {\n return this.clone().ineg();\n };\n\n BN.prototype.ineg = function ineg () {\n if (!this.isZero()) {\n this.negative ^= 1;\n }\n\n return this;\n };\n\n // Or `num` with `this` in-place\n BN.prototype.iuor = function iuor (num) {\n while (this.length < num.length) {\n this.words[this.length++] = 0;\n }\n\n for (var i = 0; i < num.length; i++) {\n this.words[i] = this.words[i] | num.words[i];\n }\n\n return this.strip();\n };\n\n BN.prototype.ior = function ior (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuor(num);\n };\n\n // Or `num` with `this`\n BN.prototype.or = function or (num) {\n if (this.length > num.length) return this.clone().ior(num);\n return num.clone().ior(this);\n };\n\n BN.prototype.uor = function uor (num) {\n if (this.length > num.length) return this.clone().iuor(num);\n return num.clone().iuor(this);\n };\n\n // And `num` with `this` in-place\n BN.prototype.iuand = function iuand (num) {\n // b = min-length(num, this)\n var b;\n if (this.length > num.length) {\n b = num;\n } else {\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = this.words[i] & num.words[i];\n }\n\n this.length = b.length;\n\n return this.strip();\n };\n\n BN.prototype.iand = function iand (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuand(num);\n };\n\n // And `num` with `this`\n BN.prototype.and = function and (num) {\n if (this.length > num.length) return this.clone().iand(num);\n return num.clone().iand(this);\n };\n\n BN.prototype.uand = function uand (num) {\n if (this.length > num.length) return this.clone().iuand(num);\n return num.clone().iuand(this);\n };\n\n // Xor `num` with `this` in-place\n BN.prototype.iuxor = function iuxor (num) {\n // a.length > b.length\n var a;\n var b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = a.words[i] ^ b.words[i];\n }\n\n if (this !== a) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = a.length;\n\n return this.strip();\n };\n\n BN.prototype.ixor = function ixor (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuxor(num);\n };\n\n // Xor `num` with `this`\n BN.prototype.xor = function xor (num) {\n if (this.length > num.length) return this.clone().ixor(num);\n return num.clone().ixor(this);\n };\n\n BN.prototype.uxor = function uxor (num) {\n if (this.length > num.length) return this.clone().iuxor(num);\n return num.clone().iuxor(this);\n };\n\n // Not ``this`` with ``width`` bitwidth\n BN.prototype.inotn = function inotn (width) {\n assert(typeof width === 'number' && width >= 0);\n\n var bytesNeeded = Math.ceil(width / 26) | 0;\n var bitsLeft = width % 26;\n\n // Extend the buffer with leading zeroes\n this._expand(bytesNeeded);\n\n if (bitsLeft > 0) {\n bytesNeeded--;\n }\n\n // Handle complete words\n for (var i = 0; i < bytesNeeded; i++) {\n this.words[i] = ~this.words[i] & 0x3ffffff;\n }\n\n // Handle the residue\n if (bitsLeft > 0) {\n this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));\n }\n\n // And remove leading zeroes\n return this.strip();\n };\n\n BN.prototype.notn = function notn (width) {\n return this.clone().inotn(width);\n };\n\n // Set `bit` of `this`\n BN.prototype.setn = function setn (bit, val) {\n assert(typeof bit === 'number' && bit >= 0);\n\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n this._expand(off + 1);\n\n if (val) {\n this.words[off] = this.words[off] | (1 << wbit);\n } else {\n this.words[off] = this.words[off] & ~(1 << wbit);\n }\n\n return this.strip();\n };\n\n // Add `num` to `this` in-place\n BN.prototype.iadd = function iadd (num) {\n var r;\n\n // negative + positive\n if (this.negative !== 0 && num.negative === 0) {\n this.negative = 0;\n r = this.isub(num);\n this.negative ^= 1;\n return this._normSign();\n\n // positive + negative\n } else if (this.negative === 0 && num.negative !== 0) {\n num.negative = 0;\n r = this.isub(num);\n num.negative = 1;\n return r._normSign();\n }\n\n // a.length > b.length\n var a, b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) + (b.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n\n this.length = a.length;\n if (carry !== 0) {\n this.words[this.length] = carry;\n this.length++;\n // Copy the rest of the words\n } else if (a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n return this;\n };\n\n // Add `num` to `this`\n BN.prototype.add = function add (num) {\n var res;\n if (num.negative !== 0 && this.negative === 0) {\n num.negative = 0;\n res = this.sub(num);\n num.negative ^= 1;\n return res;\n } else if (num.negative === 0 && this.negative !== 0) {\n this.negative = 0;\n res = num.sub(this);\n this.negative = 1;\n return res;\n }\n\n if (this.length > num.length) return this.clone().iadd(num);\n\n return num.clone().iadd(this);\n };\n\n // Subtract `num` from `this` in-place\n BN.prototype.isub = function isub (num) {\n // this - (-num) = this + num\n if (num.negative !== 0) {\n num.negative = 0;\n var r = this.iadd(num);\n num.negative = 1;\n return r._normSign();\n\n // -this - num = -(this + num)\n } else if (this.negative !== 0) {\n this.negative = 0;\n this.iadd(num);\n this.negative = 1;\n return this._normSign();\n }\n\n // At this point both numbers are positive\n var cmp = this.cmp(num);\n\n // Optimization - zeroify\n if (cmp === 0) {\n this.negative = 0;\n this.length = 1;\n this.words[0] = 0;\n return this;\n }\n\n // a > b\n var a, b;\n if (cmp > 0) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) - (b.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n\n // Copy rest of the words\n if (carry === 0 && i < a.length && a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = Math.max(this.length, i);\n\n if (a !== this) {\n this.negative = 1;\n }\n\n return this.strip();\n };\n\n // Subtract `num` from `this`\n BN.prototype.sub = function sub (num) {\n return this.clone().isub(num);\n };\n\n function smallMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n var len = (self.length + num.length) | 0;\n out.length = len;\n len = (len - 1) | 0;\n\n // Peel one iteration (compiler can't do it, because of code complexity)\n var a = self.words[0] | 0;\n var b = num.words[0] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n var carry = (r / 0x4000000) | 0;\n out.words[0] = lo;\n\n for (var k = 1; k < len; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = carry >>> 26;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = (k - j) | 0;\n a = self.words[i] | 0;\n b = num.words[j] | 0;\n r = a * b + rword;\n ncarry += (r / 0x4000000) | 0;\n rword = r & 0x3ffffff;\n }\n out.words[k] = rword | 0;\n carry = ncarry | 0;\n }\n if (carry !== 0) {\n out.words[k] = carry | 0;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n // TODO(indutny): it may be reasonable to omit it for users who don't need\n // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit\n // multiplication (like elliptic secp256k1).\n var comb10MulTo = function comb10MulTo (self, num, out) {\n var a = self.words;\n var b = num.words;\n var o = out.words;\n var c = 0;\n var lo;\n var mid;\n var hi;\n var a0 = a[0] | 0;\n var al0 = a0 & 0x1fff;\n var ah0 = a0 >>> 13;\n var a1 = a[1] | 0;\n var al1 = a1 & 0x1fff;\n var ah1 = a1 >>> 13;\n var a2 = a[2] | 0;\n var al2 = a2 & 0x1fff;\n var ah2 = a2 >>> 13;\n var a3 = a[3] | 0;\n var al3 = a3 & 0x1fff;\n var ah3 = a3 >>> 13;\n var a4 = a[4] | 0;\n var al4 = a4 & 0x1fff;\n var ah4 = a4 >>> 13;\n var a5 = a[5] | 0;\n var al5 = a5 & 0x1fff;\n var ah5 = a5 >>> 13;\n var a6 = a[6] | 0;\n var al6 = a6 & 0x1fff;\n var ah6 = a6 >>> 13;\n var a7 = a[7] | 0;\n var al7 = a7 & 0x1fff;\n var ah7 = a7 >>> 13;\n var a8 = a[8] | 0;\n var al8 = a8 & 0x1fff;\n var ah8 = a8 >>> 13;\n var a9 = a[9] | 0;\n var al9 = a9 & 0x1fff;\n var ah9 = a9 >>> 13;\n var b0 = b[0] | 0;\n var bl0 = b0 & 0x1fff;\n var bh0 = b0 >>> 13;\n var b1 = b[1] | 0;\n var bl1 = b1 & 0x1fff;\n var bh1 = b1 >>> 13;\n var b2 = b[2] | 0;\n var bl2 = b2 & 0x1fff;\n var bh2 = b2 >>> 13;\n var b3 = b[3] | 0;\n var bl3 = b3 & 0x1fff;\n var bh3 = b3 >>> 13;\n var b4 = b[4] | 0;\n var bl4 = b4 & 0x1fff;\n var bh4 = b4 >>> 13;\n var b5 = b[5] | 0;\n var bl5 = b5 & 0x1fff;\n var bh5 = b5 >>> 13;\n var b6 = b[6] | 0;\n var bl6 = b6 & 0x1fff;\n var bh6 = b6 >>> 13;\n var b7 = b[7] | 0;\n var bl7 = b7 & 0x1fff;\n var bh7 = b7 >>> 13;\n var b8 = b[8] | 0;\n var bl8 = b8 & 0x1fff;\n var bh8 = b8 >>> 13;\n var b9 = b[9] | 0;\n var bl9 = b9 & 0x1fff;\n var bh9 = b9 >>> 13;\n\n out.negative = self.negative ^ num.negative;\n out.length = 19;\n /* k = 0 */\n lo = Math.imul(al0, bl0);\n mid = Math.imul(al0, bh0);\n mid = (mid + Math.imul(ah0, bl0)) | 0;\n hi = Math.imul(ah0, bh0);\n var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;\n w0 &= 0x3ffffff;\n /* k = 1 */\n lo = Math.imul(al1, bl0);\n mid = Math.imul(al1, bh0);\n mid = (mid + Math.imul(ah1, bl0)) | 0;\n hi = Math.imul(ah1, bh0);\n lo = (lo + Math.imul(al0, bl1)) | 0;\n mid = (mid + Math.imul(al0, bh1)) | 0;\n mid = (mid + Math.imul(ah0, bl1)) | 0;\n hi = (hi + Math.imul(ah0, bh1)) | 0;\n var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;\n w1 &= 0x3ffffff;\n /* k = 2 */\n lo = Math.imul(al2, bl0);\n mid = Math.imul(al2, bh0);\n mid = (mid + Math.imul(ah2, bl0)) | 0;\n hi = Math.imul(ah2, bh0);\n lo = (lo + Math.imul(al1, bl1)) | 0;\n mid = (mid + Math.imul(al1, bh1)) | 0;\n mid = (mid + Math.imul(ah1, bl1)) | 0;\n hi = (hi + Math.imul(ah1, bh1)) | 0;\n lo = (lo + Math.imul(al0, bl2)) | 0;\n mid = (mid + Math.imul(al0, bh2)) | 0;\n mid = (mid + Math.imul(ah0, bl2)) | 0;\n hi = (hi + Math.imul(ah0, bh2)) | 0;\n var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;\n w2 &= 0x3ffffff;\n /* k = 3 */\n lo = Math.imul(al3, bl0);\n mid = Math.imul(al3, bh0);\n mid = (mid + Math.imul(ah3, bl0)) | 0;\n hi = Math.imul(ah3, bh0);\n lo = (lo + Math.imul(al2, bl1)) | 0;\n mid = (mid + Math.imul(al2, bh1)) | 0;\n mid = (mid + Math.imul(ah2, bl1)) | 0;\n hi = (hi + Math.imul(ah2, bh1)) | 0;\n lo = (lo + Math.imul(al1, bl2)) | 0;\n mid = (mid + Math.imul(al1, bh2)) | 0;\n mid = (mid + Math.imul(ah1, bl2)) | 0;\n hi = (hi + Math.imul(ah1, bh2)) | 0;\n lo = (lo + Math.imul(al0, bl3)) | 0;\n mid = (mid + Math.imul(al0, bh3)) | 0;\n mid = (mid + Math.imul(ah0, bl3)) | 0;\n hi = (hi + Math.imul(ah0, bh3)) | 0;\n var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;\n w3 &= 0x3ffffff;\n /* k = 4 */\n lo = Math.imul(al4, bl0);\n mid = Math.imul(al4, bh0);\n mid = (mid + Math.imul(ah4, bl0)) | 0;\n hi = Math.imul(ah4, bh0);\n lo = (lo + Math.imul(al3, bl1)) | 0;\n mid = (mid + Math.imul(al3, bh1)) | 0;\n mid = (mid + Math.imul(ah3, bl1)) | 0;\n hi = (hi + Math.imul(ah3, bh1)) | 0;\n lo = (lo + Math.imul(al2, bl2)) | 0;\n mid = (mid + Math.imul(al2, bh2)) | 0;\n mid = (mid + Math.imul(ah2, bl2)) | 0;\n hi = (hi + Math.imul(ah2, bh2)) | 0;\n lo = (lo + Math.imul(al1, bl3)) | 0;\n mid = (mid + Math.imul(al1, bh3)) | 0;\n mid = (mid + Math.imul(ah1, bl3)) | 0;\n hi = (hi + Math.imul(ah1, bh3)) | 0;\n lo = (lo + Math.imul(al0, bl4)) | 0;\n mid = (mid + Math.imul(al0, bh4)) | 0;\n mid = (mid + Math.imul(ah0, bl4)) | 0;\n hi = (hi + Math.imul(ah0, bh4)) | 0;\n var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;\n w4 &= 0x3ffffff;\n /* k = 5 */\n lo = Math.imul(al5, bl0);\n mid = Math.imul(al5, bh0);\n mid = (mid + Math.imul(ah5, bl0)) | 0;\n hi = Math.imul(ah5, bh0);\n lo = (lo + Math.imul(al4, bl1)) | 0;\n mid = (mid + Math.imul(al4, bh1)) | 0;\n mid = (mid + Math.imul(ah4, bl1)) | 0;\n hi = (hi + Math.imul(ah4, bh1)) | 0;\n lo = (lo + Math.imul(al3, bl2)) | 0;\n mid = (mid + Math.imul(al3, bh2)) | 0;\n mid = (mid + Math.imul(ah3, bl2)) | 0;\n hi = (hi + Math.imul(ah3, bh2)) | 0;\n lo = (lo + Math.imul(al2, bl3)) | 0;\n mid = (mid + Math.imul(al2, bh3)) | 0;\n mid = (mid + Math.imul(ah2, bl3)) | 0;\n hi = (hi + Math.imul(ah2, bh3)) | 0;\n lo = (lo + Math.imul(al1, bl4)) | 0;\n mid = (mid + Math.imul(al1, bh4)) | 0;\n mid = (mid + Math.imul(ah1, bl4)) | 0;\n hi = (hi + Math.imul(ah1, bh4)) | 0;\n lo = (lo + Math.imul(al0, bl5)) | 0;\n mid = (mid + Math.imul(al0, bh5)) | 0;\n mid = (mid + Math.imul(ah0, bl5)) | 0;\n hi = (hi + Math.imul(ah0, bh5)) | 0;\n var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;\n w5 &= 0x3ffffff;\n /* k = 6 */\n lo = Math.imul(al6, bl0);\n mid = Math.imul(al6, bh0);\n mid = (mid + Math.imul(ah6, bl0)) | 0;\n hi = Math.imul(ah6, bh0);\n lo = (lo + Math.imul(al5, bl1)) | 0;\n mid = (mid + Math.imul(al5, bh1)) | 0;\n mid = (mid + Math.imul(ah5, bl1)) | 0;\n hi = (hi + Math.imul(ah5, bh1)) | 0;\n lo = (lo + Math.imul(al4, bl2)) | 0;\n mid = (mid + Math.imul(al4, bh2)) | 0;\n mid = (mid + Math.imul(ah4, bl2)) | 0;\n hi = (hi + Math.imul(ah4, bh2)) | 0;\n lo = (lo + Math.imul(al3, bl3)) | 0;\n mid = (mid + Math.imul(al3, bh3)) | 0;\n mid = (mid + Math.imul(ah3, bl3)) | 0;\n hi = (hi + Math.imul(ah3, bh3)) | 0;\n lo = (lo + Math.imul(al2, bl4)) | 0;\n mid = (mid + Math.imul(al2, bh4)) | 0;\n mid = (mid + Math.imul(ah2, bl4)) | 0;\n hi = (hi + Math.imul(ah2, bh4)) | 0;\n lo = (lo + Math.imul(al1, bl5)) | 0;\n mid = (mid + Math.imul(al1, bh5)) | 0;\n mid = (mid + Math.imul(ah1, bl5)) | 0;\n hi = (hi + Math.imul(ah1, bh5)) | 0;\n lo = (lo + Math.imul(al0, bl6)) | 0;\n mid = (mid + Math.imul(al0, bh6)) | 0;\n mid = (mid + Math.imul(ah0, bl6)) | 0;\n hi = (hi + Math.imul(ah0, bh6)) | 0;\n var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;\n w6 &= 0x3ffffff;\n /* k = 7 */\n lo = Math.imul(al7, bl0);\n mid = Math.imul(al7, bh0);\n mid = (mid + Math.imul(ah7, bl0)) | 0;\n hi = Math.imul(ah7, bh0);\n lo = (lo + Math.imul(al6, bl1)) | 0;\n mid = (mid + Math.imul(al6, bh1)) | 0;\n mid = (mid + Math.imul(ah6, bl1)) | 0;\n hi = (hi + Math.imul(ah6, bh1)) | 0;\n lo = (lo + Math.imul(al5, bl2)) | 0;\n mid = (mid + Math.imul(al5, bh2)) | 0;\n mid = (mid + Math.imul(ah5, bl2)) | 0;\n hi = (hi + Math.imul(ah5, bh2)) | 0;\n lo = (lo + Math.imul(al4, bl3)) | 0;\n mid = (mid + Math.imul(al4, bh3)) | 0;\n mid = (mid + Math.imul(ah4, bl3)) | 0;\n hi = (hi + Math.imul(ah4, bh3)) | 0;\n lo = (lo + Math.imul(al3, bl4)) | 0;\n mid = (mid + Math.imul(al3, bh4)) | 0;\n mid = (mid + Math.imul(ah3, bl4)) | 0;\n hi = (hi + Math.imul(ah3, bh4)) | 0;\n lo = (lo + Math.imul(al2, bl5)) | 0;\n mid = (mid + Math.imul(al2, bh5)) | 0;\n mid = (mid + Math.imul(ah2, bl5)) | 0;\n hi = (hi + Math.imul(ah2, bh5)) | 0;\n lo = (lo + Math.imul(al1, bl6)) | 0;\n mid = (mid + Math.imul(al1, bh6)) | 0;\n mid = (mid + Math.imul(ah1, bl6)) | 0;\n hi = (hi + Math.imul(ah1, bh6)) | 0;\n lo = (lo + Math.imul(al0, bl7)) | 0;\n mid = (mid + Math.imul(al0, bh7)) | 0;\n mid = (mid + Math.imul(ah0, bl7)) | 0;\n hi = (hi + Math.imul(ah0, bh7)) | 0;\n var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;\n w7 &= 0x3ffffff;\n /* k = 8 */\n lo = Math.imul(al8, bl0);\n mid = Math.imul(al8, bh0);\n mid = (mid + Math.imul(ah8, bl0)) | 0;\n hi = Math.imul(ah8, bh0);\n lo = (lo + Math.imul(al7, bl1)) | 0;\n mid = (mid + Math.imul(al7, bh1)) | 0;\n mid = (mid + Math.imul(ah7, bl1)) | 0;\n hi = (hi + Math.imul(ah7, bh1)) | 0;\n lo = (lo + Math.imul(al6, bl2)) | 0;\n mid = (mid + Math.imul(al6, bh2)) | 0;\n mid = (mid + Math.imul(ah6, bl2)) | 0;\n hi = (hi + Math.imul(ah6, bh2)) | 0;\n lo = (lo + Math.imul(al5, bl3)) | 0;\n mid = (mid + Math.imul(al5, bh3)) | 0;\n mid = (mid + Math.imul(ah5, bl3)) | 0;\n hi = (hi + Math.imul(ah5, bh3)) | 0;\n lo = (lo + Math.imul(al4, bl4)) | 0;\n mid = (mid + Math.imul(al4, bh4)) | 0;\n mid = (mid + Math.imul(ah4, bl4)) | 0;\n hi = (hi + Math.imul(ah4, bh4)) | 0;\n lo = (lo + Math.imul(al3, bl5)) | 0;\n mid = (mid + Math.imul(al3, bh5)) | 0;\n mid = (mid + Math.imul(ah3, bl5)) | 0;\n hi = (hi + Math.imul(ah3, bh5)) | 0;\n lo = (lo + Math.imul(al2, bl6)) | 0;\n mid = (mid + Math.imul(al2, bh6)) | 0;\n mid = (mid + Math.imul(ah2, bl6)) | 0;\n hi = (hi + Math.imul(ah2, bh6)) | 0;\n lo = (lo + Math.imul(al1, bl7)) | 0;\n mid = (mid + Math.imul(al1, bh7)) | 0;\n mid = (mid + Math.imul(ah1, bl7)) | 0;\n hi = (hi + Math.imul(ah1, bh7)) | 0;\n lo = (lo + Math.imul(al0, bl8)) | 0;\n mid = (mid + Math.imul(al0, bh8)) | 0;\n mid = (mid + Math.imul(ah0, bl8)) | 0;\n hi = (hi + Math.imul(ah0, bh8)) | 0;\n var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;\n w8 &= 0x3ffffff;\n /* k = 9 */\n lo = Math.imul(al9, bl0);\n mid = Math.imul(al9, bh0);\n mid = (mid + Math.imul(ah9, bl0)) | 0;\n hi = Math.imul(ah9, bh0);\n lo = (lo + Math.imul(al8, bl1)) | 0;\n mid = (mid + Math.imul(al8, bh1)) | 0;\n mid = (mid + Math.imul(ah8, bl1)) | 0;\n hi = (hi + Math.imul(ah8, bh1)) | 0;\n lo = (lo + Math.imul(al7, bl2)) | 0;\n mid = (mid + Math.imul(al7, bh2)) | 0;\n mid = (mid + Math.imul(ah7, bl2)) | 0;\n hi = (hi + Math.imul(ah7, bh2)) | 0;\n lo = (lo + Math.imul(al6, bl3)) | 0;\n mid = (mid + Math.imul(al6, bh3)) | 0;\n mid = (mid + Math.imul(ah6, bl3)) | 0;\n hi = (hi + Math.imul(ah6, bh3)) | 0;\n lo = (lo + Math.imul(al5, bl4)) | 0;\n mid = (mid + Math.imul(al5, bh4)) | 0;\n mid = (mid + Math.imul(ah5, bl4)) | 0;\n hi = (hi + Math.imul(ah5, bh4)) | 0;\n lo = (lo + Math.imul(al4, bl5)) | 0;\n mid = (mid + Math.imul(al4, bh5)) | 0;\n mid = (mid + Math.imul(ah4, bl5)) | 0;\n hi = (hi + Math.imul(ah4, bh5)) | 0;\n lo = (lo + Math.imul(al3, bl6)) | 0;\n mid = (mid + Math.imul(al3, bh6)) | 0;\n mid = (mid + Math.imul(ah3, bl6)) | 0;\n hi = (hi + Math.imul(ah3, bh6)) | 0;\n lo = (lo + Math.imul(al2, bl7)) | 0;\n mid = (mid + Math.imul(al2, bh7)) | 0;\n mid = (mid + Math.imul(ah2, bl7)) | 0;\n hi = (hi + Math.imul(ah2, bh7)) | 0;\n lo = (lo + Math.imul(al1, bl8)) | 0;\n mid = (mid + Math.imul(al1, bh8)) | 0;\n mid = (mid + Math.imul(ah1, bl8)) | 0;\n hi = (hi + Math.imul(ah1, bh8)) | 0;\n lo = (lo + Math.imul(al0, bl9)) | 0;\n mid = (mid + Math.imul(al0, bh9)) | 0;\n mid = (mid + Math.imul(ah0, bl9)) | 0;\n hi = (hi + Math.imul(ah0, bh9)) | 0;\n var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;\n w9 &= 0x3ffffff;\n /* k = 10 */\n lo = Math.imul(al9, bl1);\n mid = Math.imul(al9, bh1);\n mid = (mid + Math.imul(ah9, bl1)) | 0;\n hi = Math.imul(ah9, bh1);\n lo = (lo + Math.imul(al8, bl2)) | 0;\n mid = (mid + Math.imul(al8, bh2)) | 0;\n mid = (mid + Math.imul(ah8, bl2)) | 0;\n hi = (hi + Math.imul(ah8, bh2)) | 0;\n lo = (lo + Math.imul(al7, bl3)) | 0;\n mid = (mid + Math.imul(al7, bh3)) | 0;\n mid = (mid + Math.imul(ah7, bl3)) | 0;\n hi = (hi + Math.imul(ah7, bh3)) | 0;\n lo = (lo + Math.imul(al6, bl4)) | 0;\n mid = (mid + Math.imul(al6, bh4)) | 0;\n mid = (mid + Math.imul(ah6, bl4)) | 0;\n hi = (hi + Math.imul(ah6, bh4)) | 0;\n lo = (lo + Math.imul(al5, bl5)) | 0;\n mid = (mid + Math.imul(al5, bh5)) | 0;\n mid = (mid + Math.imul(ah5, bl5)) | 0;\n hi = (hi + Math.imul(ah5, bh5)) | 0;\n lo = (lo + Math.imul(al4, bl6)) | 0;\n mid = (mid + Math.imul(al4, bh6)) | 0;\n mid = (mid + Math.imul(ah4, bl6)) | 0;\n hi = (hi + Math.imul(ah4, bh6)) | 0;\n lo = (lo + Math.imul(al3, bl7)) | 0;\n mid = (mid + Math.imul(al3, bh7)) | 0;\n mid = (mid + Math.imul(ah3, bl7)) | 0;\n hi = (hi + Math.imul(ah3, bh7)) | 0;\n lo = (lo + Math.imul(al2, bl8)) | 0;\n mid = (mid + Math.imul(al2, bh8)) | 0;\n mid = (mid + Math.imul(ah2, bl8)) | 0;\n hi = (hi + Math.imul(ah2, bh8)) | 0;\n lo = (lo + Math.imul(al1, bl9)) | 0;\n mid = (mid + Math.imul(al1, bh9)) | 0;\n mid = (mid + Math.imul(ah1, bl9)) | 0;\n hi = (hi + Math.imul(ah1, bh9)) | 0;\n var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;\n w10 &= 0x3ffffff;\n /* k = 11 */\n lo = Math.imul(al9, bl2);\n mid = Math.imul(al9, bh2);\n mid = (mid + Math.imul(ah9, bl2)) | 0;\n hi = Math.imul(ah9, bh2);\n lo = (lo + Math.imul(al8, bl3)) | 0;\n mid = (mid + Math.imul(al8, bh3)) | 0;\n mid = (mid + Math.imul(ah8, bl3)) | 0;\n hi = (hi + Math.imul(ah8, bh3)) | 0;\n lo = (lo + Math.imul(al7, bl4)) | 0;\n mid = (mid + Math.imul(al7, bh4)) | 0;\n mid = (mid + Math.imul(ah7, bl4)) | 0;\n hi = (hi + Math.imul(ah7, bh4)) | 0;\n lo = (lo + Math.imul(al6, bl5)) | 0;\n mid = (mid + Math.imul(al6, bh5)) | 0;\n mid = (mid + Math.imul(ah6, bl5)) | 0;\n hi = (hi + Math.imul(ah6, bh5)) | 0;\n lo = (lo + Math.imul(al5, bl6)) | 0;\n mid = (mid + Math.imul(al5, bh6)) | 0;\n mid = (mid + Math.imul(ah5, bl6)) | 0;\n hi = (hi + Math.imul(ah5, bh6)) | 0;\n lo = (lo + Math.imul(al4, bl7)) | 0;\n mid = (mid + Math.imul(al4, bh7)) | 0;\n mid = (mid + Math.imul(ah4, bl7)) | 0;\n hi = (hi + Math.imul(ah4, bh7)) | 0;\n lo = (lo + Math.imul(al3, bl8)) | 0;\n mid = (mid + Math.imul(al3, bh8)) | 0;\n mid = (mid + Math.imul(ah3, bl8)) | 0;\n hi = (hi + Math.imul(ah3, bh8)) | 0;\n lo = (lo + Math.imul(al2, bl9)) | 0;\n mid = (mid + Math.imul(al2, bh9)) | 0;\n mid = (mid + Math.imul(ah2, bl9)) | 0;\n hi = (hi + Math.imul(ah2, bh9)) | 0;\n var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;\n w11 &= 0x3ffffff;\n /* k = 12 */\n lo = Math.imul(al9, bl3);\n mid = Math.imul(al9, bh3);\n mid = (mid + Math.imul(ah9, bl3)) | 0;\n hi = Math.imul(ah9, bh3);\n lo = (lo + Math.imul(al8, bl4)) | 0;\n mid = (mid + Math.imul(al8, bh4)) | 0;\n mid = (mid + Math.imul(ah8, bl4)) | 0;\n hi = (hi + Math.imul(ah8, bh4)) | 0;\n lo = (lo + Math.imul(al7, bl5)) | 0;\n mid = (mid + Math.imul(al7, bh5)) | 0;\n mid = (mid + Math.imul(ah7, bl5)) | 0;\n hi = (hi + Math.imul(ah7, bh5)) | 0;\n lo = (lo + Math.imul(al6, bl6)) | 0;\n mid = (mid + Math.imul(al6, bh6)) | 0;\n mid = (mid + Math.imul(ah6, bl6)) | 0;\n hi = (hi + Math.imul(ah6, bh6)) | 0;\n lo = (lo + Math.imul(al5, bl7)) | 0;\n mid = (mid + Math.imul(al5, bh7)) | 0;\n mid = (mid + Math.imul(ah5, bl7)) | 0;\n hi = (hi + Math.imul(ah5, bh7)) | 0;\n lo = (lo + Math.imul(al4, bl8)) | 0;\n mid = (mid + Math.imul(al4, bh8)) | 0;\n mid = (mid + Math.imul(ah4, bl8)) | 0;\n hi = (hi + Math.imul(ah4, bh8)) | 0;\n lo = (lo + Math.imul(al3, bl9)) | 0;\n mid = (mid + Math.imul(al3, bh9)) | 0;\n mid = (mid + Math.imul(ah3, bl9)) | 0;\n hi = (hi + Math.imul(ah3, bh9)) | 0;\n var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;\n w12 &= 0x3ffffff;\n /* k = 13 */\n lo = Math.imul(al9, bl4);\n mid = Math.imul(al9, bh4);\n mid = (mid + Math.imul(ah9, bl4)) | 0;\n hi = Math.imul(ah9, bh4);\n lo = (lo + Math.imul(al8, bl5)) | 0;\n mid = (mid + Math.imul(al8, bh5)) | 0;\n mid = (mid + Math.imul(ah8, bl5)) | 0;\n hi = (hi + Math.imul(ah8, bh5)) | 0;\n lo = (lo + Math.imul(al7, bl6)) | 0;\n mid = (mid + Math.imul(al7, bh6)) | 0;\n mid = (mid + Math.imul(ah7, bl6)) | 0;\n hi = (hi + Math.imul(ah7, bh6)) | 0;\n lo = (lo + Math.imul(al6, bl7)) | 0;\n mid = (mid + Math.imul(al6, bh7)) | 0;\n mid = (mid + Math.imul(ah6, bl7)) | 0;\n hi = (hi + Math.imul(ah6, bh7)) | 0;\n lo = (lo + Math.imul(al5, bl8)) | 0;\n mid = (mid + Math.imul(al5, bh8)) | 0;\n mid = (mid + Math.imul(ah5, bl8)) | 0;\n hi = (hi + Math.imul(ah5, bh8)) | 0;\n lo = (lo + Math.imul(al4, bl9)) | 0;\n mid = (mid + Math.imul(al4, bh9)) | 0;\n mid = (mid + Math.imul(ah4, bl9)) | 0;\n hi = (hi + Math.imul(ah4, bh9)) | 0;\n var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;\n w13 &= 0x3ffffff;\n /* k = 14 */\n lo = Math.imul(al9, bl5);\n mid = Math.imul(al9, bh5);\n mid = (mid + Math.imul(ah9, bl5)) | 0;\n hi = Math.imul(ah9, bh5);\n lo = (lo + Math.imul(al8, bl6)) | 0;\n mid = (mid + Math.imul(al8, bh6)) | 0;\n mid = (mid + Math.imul(ah8, bl6)) | 0;\n hi = (hi + Math.imul(ah8, bh6)) | 0;\n lo = (lo + Math.imul(al7, bl7)) | 0;\n mid = (mid + Math.imul(al7, bh7)) | 0;\n mid = (mid + Math.imul(ah7, bl7)) | 0;\n hi = (hi + Math.imul(ah7, bh7)) | 0;\n lo = (lo + Math.imul(al6, bl8)) | 0;\n mid = (mid + Math.imul(al6, bh8)) | 0;\n mid = (mid + Math.imul(ah6, bl8)) | 0;\n hi = (hi + Math.imul(ah6, bh8)) | 0;\n lo = (lo + Math.imul(al5, bl9)) | 0;\n mid = (mid + Math.imul(al5, bh9)) | 0;\n mid = (mid + Math.imul(ah5, bl9)) | 0;\n hi = (hi + Math.imul(ah5, bh9)) | 0;\n var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;\n w14 &= 0x3ffffff;\n /* k = 15 */\n lo = Math.imul(al9, bl6);\n mid = Math.imul(al9, bh6);\n mid = (mid + Math.imul(ah9, bl6)) | 0;\n hi = Math.imul(ah9, bh6);\n lo = (lo + Math.imul(al8, bl7)) | 0;\n mid = (mid + Math.imul(al8, bh7)) | 0;\n mid = (mid + Math.imul(ah8, bl7)) | 0;\n hi = (hi + Math.imul(ah8, bh7)) | 0;\n lo = (lo + Math.imul(al7, bl8)) | 0;\n mid = (mid + Math.imul(al7, bh8)) | 0;\n mid = (mid + Math.imul(ah7, bl8)) | 0;\n hi = (hi + Math.imul(ah7, bh8)) | 0;\n lo = (lo + Math.imul(al6, bl9)) | 0;\n mid = (mid + Math.imul(al6, bh9)) | 0;\n mid = (mid + Math.imul(ah6, bl9)) | 0;\n hi = (hi + Math.imul(ah6, bh9)) | 0;\n var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;\n w15 &= 0x3ffffff;\n /* k = 16 */\n lo = Math.imul(al9, bl7);\n mid = Math.imul(al9, bh7);\n mid = (mid + Math.imul(ah9, bl7)) | 0;\n hi = Math.imul(ah9, bh7);\n lo = (lo + Math.imul(al8, bl8)) | 0;\n mid = (mid + Math.imul(al8, bh8)) | 0;\n mid = (mid + Math.imul(ah8, bl8)) | 0;\n hi = (hi + Math.imul(ah8, bh8)) | 0;\n lo = (lo + Math.imul(al7, bl9)) | 0;\n mid = (mid + Math.imul(al7, bh9)) | 0;\n mid = (mid + Math.imul(ah7, bl9)) | 0;\n hi = (hi + Math.imul(ah7, bh9)) | 0;\n var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;\n w16 &= 0x3ffffff;\n /* k = 17 */\n lo = Math.imul(al9, bl8);\n mid = Math.imul(al9, bh8);\n mid = (mid + Math.imul(ah9, bl8)) | 0;\n hi = Math.imul(ah9, bh8);\n lo = (lo + Math.imul(al8, bl9)) | 0;\n mid = (mid + Math.imul(al8, bh9)) | 0;\n mid = (mid + Math.imul(ah8, bl9)) | 0;\n hi = (hi + Math.imul(ah8, bh9)) | 0;\n var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;\n w17 &= 0x3ffffff;\n /* k = 18 */\n lo = Math.imul(al9, bl9);\n mid = Math.imul(al9, bh9);\n mid = (mid + Math.imul(ah9, bl9)) | 0;\n hi = Math.imul(ah9, bh9);\n var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;\n w18 &= 0x3ffffff;\n o[0] = w0;\n o[1] = w1;\n o[2] = w2;\n o[3] = w3;\n o[4] = w4;\n o[5] = w5;\n o[6] = w6;\n o[7] = w7;\n o[8] = w8;\n o[9] = w9;\n o[10] = w10;\n o[11] = w11;\n o[12] = w12;\n o[13] = w13;\n o[14] = w14;\n o[15] = w15;\n o[16] = w16;\n o[17] = w17;\n o[18] = w18;\n if (c !== 0) {\n o[19] = c;\n out.length++;\n }\n return out;\n };\n\n // Polyfill comb\n if (!Math.imul) {\n comb10MulTo = smallMulTo;\n }\n\n function bigMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n out.length = self.length + num.length;\n\n var carry = 0;\n var hncarry = 0;\n for (var k = 0; k < out.length - 1; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = hncarry;\n hncarry = 0;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = k - j;\n var a = self.words[i] | 0;\n var b = num.words[j] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;\n lo = (lo + rword) | 0;\n rword = lo & 0x3ffffff;\n ncarry = (ncarry + (lo >>> 26)) | 0;\n\n hncarry += ncarry >>> 26;\n ncarry &= 0x3ffffff;\n }\n out.words[k] = rword;\n carry = ncarry;\n ncarry = hncarry;\n }\n if (carry !== 0) {\n out.words[k] = carry;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n function jumboMulTo (self, num, out) {\n var fftm = new FFTM();\n return fftm.mulp(self, num, out);\n }\n\n BN.prototype.mulTo = function mulTo (num, out) {\n var res;\n var len = this.length + num.length;\n if (this.length === 10 && num.length === 10) {\n res = comb10MulTo(this, num, out);\n } else if (len < 63) {\n res = smallMulTo(this, num, out);\n } else if (len < 1024) {\n res = bigMulTo(this, num, out);\n } else {\n res = jumboMulTo(this, num, out);\n }\n\n return res;\n };\n\n // Cooley-Tukey algorithm for FFT\n // slightly revisited to rely on looping instead of recursion\n\n function FFTM (x, y) {\n this.x = x;\n this.y = y;\n }\n\n FFTM.prototype.makeRBT = function makeRBT (N) {\n var t = new Array(N);\n var l = BN.prototype._countBits(N) - 1;\n for (var i = 0; i < N; i++) {\n t[i] = this.revBin(i, l, N);\n }\n\n return t;\n };\n\n // Returns binary-reversed representation of `x`\n FFTM.prototype.revBin = function revBin (x, l, N) {\n if (x === 0 || x === N - 1) return x;\n\n var rb = 0;\n for (var i = 0; i < l; i++) {\n rb |= (x & 1) << (l - i - 1);\n x >>= 1;\n }\n\n return rb;\n };\n\n // Performs \"tweedling\" phase, therefore 'emulating'\n // behaviour of the recursive algorithm\n FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {\n for (var i = 0; i < N; i++) {\n rtws[i] = rws[rbt[i]];\n itws[i] = iws[rbt[i]];\n }\n };\n\n FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {\n this.permute(rbt, rws, iws, rtws, itws, N);\n\n for (var s = 1; s < N; s <<= 1) {\n var l = s << 1;\n\n var rtwdf = Math.cos(2 * Math.PI / l);\n var itwdf = Math.sin(2 * Math.PI / l);\n\n for (var p = 0; p < N; p += l) {\n var rtwdf_ = rtwdf;\n var itwdf_ = itwdf;\n\n for (var j = 0; j < s; j++) {\n var re = rtws[p + j];\n var ie = itws[p + j];\n\n var ro = rtws[p + j + s];\n var io = itws[p + j + s];\n\n var rx = rtwdf_ * ro - itwdf_ * io;\n\n io = rtwdf_ * io + itwdf_ * ro;\n ro = rx;\n\n rtws[p + j] = re + ro;\n itws[p + j] = ie + io;\n\n rtws[p + j + s] = re - ro;\n itws[p + j + s] = ie - io;\n\n /* jshint maxdepth : false */\n if (j !== l) {\n rx = rtwdf * rtwdf_ - itwdf * itwdf_;\n\n itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;\n rtwdf_ = rx;\n }\n }\n }\n }\n };\n\n FFTM.prototype.guessLen13b = function guessLen13b (n, m) {\n var N = Math.max(m, n) | 1;\n var odd = N & 1;\n var i = 0;\n for (N = N / 2 | 0; N; N = N >>> 1) {\n i++;\n }\n\n return 1 << i + 1 + odd;\n };\n\n FFTM.prototype.conjugate = function conjugate (rws, iws, N) {\n if (N <= 1) return;\n\n for (var i = 0; i < N / 2; i++) {\n var t = rws[i];\n\n rws[i] = rws[N - i - 1];\n rws[N - i - 1] = t;\n\n t = iws[i];\n\n iws[i] = -iws[N - i - 1];\n iws[N - i - 1] = -t;\n }\n };\n\n FFTM.prototype.normalize13b = function normalize13b (ws, N) {\n var carry = 0;\n for (var i = 0; i < N / 2; i++) {\n var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +\n Math.round(ws[2 * i] / N) +\n carry;\n\n ws[i] = w & 0x3ffffff;\n\n if (w < 0x4000000) {\n carry = 0;\n } else {\n carry = w / 0x4000000 | 0;\n }\n }\n\n return ws;\n };\n\n FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {\n var carry = 0;\n for (var i = 0; i < len; i++) {\n carry = carry + (ws[i] | 0);\n\n rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;\n rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;\n }\n\n // Pad with zeroes\n for (i = 2 * len; i < N; ++i) {\n rws[i] = 0;\n }\n\n assert(carry === 0);\n assert((carry & ~0x1fff) === 0);\n };\n\n FFTM.prototype.stub = function stub (N) {\n var ph = new Array(N);\n for (var i = 0; i < N; i++) {\n ph[i] = 0;\n }\n\n return ph;\n };\n\n FFTM.prototype.mulp = function mulp (x, y, out) {\n var N = 2 * this.guessLen13b(x.length, y.length);\n\n var rbt = this.makeRBT(N);\n\n var _ = this.stub(N);\n\n var rws = new Array(N);\n var rwst = new Array(N);\n var iwst = new Array(N);\n\n var nrws = new Array(N);\n var nrwst = new Array(N);\n var niwst = new Array(N);\n\n var rmws = out.words;\n rmws.length = N;\n\n this.convert13b(x.words, x.length, rws, N);\n this.convert13b(y.words, y.length, nrws, N);\n\n this.transform(rws, _, rwst, iwst, N, rbt);\n this.transform(nrws, _, nrwst, niwst, N, rbt);\n\n for (var i = 0; i < N; i++) {\n var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];\n iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];\n rwst[i] = rx;\n }\n\n this.conjugate(rwst, iwst, N);\n this.transform(rwst, iwst, rmws, _, N, rbt);\n this.conjugate(rmws, _, N);\n this.normalize13b(rmws, N);\n\n out.negative = x.negative ^ y.negative;\n out.length = x.length + y.length;\n return out.strip();\n };\n\n // Multiply `this` by `num`\n BN.prototype.mul = function mul (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return this.mulTo(num, out);\n };\n\n // Multiply employing FFT\n BN.prototype.mulf = function mulf (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return jumboMulTo(this, num, out);\n };\n\n // In-place Multiplication\n BN.prototype.imul = function imul (num) {\n return this.clone().mulTo(num, this);\n };\n\n BN.prototype.imuln = function imuln (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n\n // Carry\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = (this.words[i] | 0) * num;\n var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);\n carry >>= 26;\n carry += (w / 0x4000000) | 0;\n // NOTE: lo is 27bit maximum\n carry += lo >>> 26;\n this.words[i] = lo & 0x3ffffff;\n }\n\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n\n return this;\n };\n\n BN.prototype.muln = function muln (num) {\n return this.clone().imuln(num);\n };\n\n // `this` * `this`\n BN.prototype.sqr = function sqr () {\n return this.mul(this);\n };\n\n // `this` * `this` in-place\n BN.prototype.isqr = function isqr () {\n return this.imul(this.clone());\n };\n\n // Math.pow(`this`, `num`)\n BN.prototype.pow = function pow (num) {\n var w = toBitArray(num);\n if (w.length === 0) return new BN(1);\n\n // Skip leading zeroes\n var res = this;\n for (var i = 0; i < w.length; i++, res = res.sqr()) {\n if (w[i] !== 0) break;\n }\n\n if (++i < w.length) {\n for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {\n if (w[i] === 0) continue;\n\n res = res.mul(q);\n }\n }\n\n return res;\n };\n\n // Shift-left in-place\n BN.prototype.iushln = function iushln (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);\n var i;\n\n if (r !== 0) {\n var carry = 0;\n\n for (i = 0; i < this.length; i++) {\n var newCarry = this.words[i] & carryMask;\n var c = ((this.words[i] | 0) - newCarry) << r;\n this.words[i] = c | carry;\n carry = newCarry >>> (26 - r);\n }\n\n if (carry) {\n this.words[i] = carry;\n this.length++;\n }\n }\n\n if (s !== 0) {\n for (i = this.length - 1; i >= 0; i--) {\n this.words[i + s] = this.words[i];\n }\n\n for (i = 0; i < s; i++) {\n this.words[i] = 0;\n }\n\n this.length += s;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishln = function ishln (bits) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushln(bits);\n };\n\n // Shift-right in-place\n // NOTE: `hint` is a lowest bit before trailing zeroes\n // NOTE: if `extended` is present - it will be filled with destroyed bits\n BN.prototype.iushrn = function iushrn (bits, hint, extended) {\n assert(typeof bits === 'number' && bits >= 0);\n var h;\n if (hint) {\n h = (hint - (hint % 26)) / 26;\n } else {\n h = 0;\n }\n\n var r = bits % 26;\n var s = Math.min((bits - r) / 26, this.length);\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n var maskedWords = extended;\n\n h -= s;\n h = Math.max(0, h);\n\n // Extended mode, copy masked part\n if (maskedWords) {\n for (var i = 0; i < s; i++) {\n maskedWords.words[i] = this.words[i];\n }\n maskedWords.length = s;\n }\n\n if (s === 0) {\n // No-op, we should not move anything at all\n } else if (this.length > s) {\n this.length -= s;\n for (i = 0; i < this.length; i++) {\n this.words[i] = this.words[i + s];\n }\n } else {\n this.words[0] = 0;\n this.length = 1;\n }\n\n var carry = 0;\n for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {\n var word = this.words[i] | 0;\n this.words[i] = (carry << (26 - r)) | (word >>> r);\n carry = word & mask;\n }\n\n // Push carried bits as a mask\n if (maskedWords && carry !== 0) {\n maskedWords.words[maskedWords.length++] = carry;\n }\n\n if (this.length === 0) {\n this.words[0] = 0;\n this.length = 1;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishrn = function ishrn (bits, hint, extended) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushrn(bits, hint, extended);\n };\n\n // Shift-left\n BN.prototype.shln = function shln (bits) {\n return this.clone().ishln(bits);\n };\n\n BN.prototype.ushln = function ushln (bits) {\n return this.clone().iushln(bits);\n };\n\n // Shift-right\n BN.prototype.shrn = function shrn (bits) {\n return this.clone().ishrn(bits);\n };\n\n BN.prototype.ushrn = function ushrn (bits) {\n return this.clone().iushrn(bits);\n };\n\n // Test if n bit is set\n BN.prototype.testn = function testn (bit) {\n assert(typeof bit === 'number' && bit >= 0);\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) return false;\n\n // Check bit and return\n var w = this.words[s];\n\n return !!(w & q);\n };\n\n // Return only lowers bits of number (in-place)\n BN.prototype.imaskn = function imaskn (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n\n assert(this.negative === 0, 'imaskn works only with positive numbers');\n\n if (this.length <= s) {\n return this;\n }\n\n if (r !== 0) {\n s++;\n }\n this.length = Math.min(s, this.length);\n\n if (r !== 0) {\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n this.words[this.length - 1] &= mask;\n }\n\n return this.strip();\n };\n\n // Return only lowers bits of number\n BN.prototype.maskn = function maskn (bits) {\n return this.clone().imaskn(bits);\n };\n\n // Add plain number `num` to `this`\n BN.prototype.iaddn = function iaddn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.isubn(-num);\n\n // Possible sign change\n if (this.negative !== 0) {\n if (this.length === 1 && (this.words[0] | 0) < num) {\n this.words[0] = num - (this.words[0] | 0);\n this.negative = 0;\n return this;\n }\n\n this.negative = 0;\n this.isubn(num);\n this.negative = 1;\n return this;\n }\n\n // Add without checks\n return this._iaddn(num);\n };\n\n BN.prototype._iaddn = function _iaddn (num) {\n this.words[0] += num;\n\n // Carry\n for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {\n this.words[i] -= 0x4000000;\n if (i === this.length - 1) {\n this.words[i + 1] = 1;\n } else {\n this.words[i + 1]++;\n }\n }\n this.length = Math.max(this.length, i + 1);\n\n return this;\n };\n\n // Subtract plain number `num` from `this`\n BN.prototype.isubn = function isubn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.iaddn(-num);\n\n if (this.negative !== 0) {\n this.negative = 0;\n this.iaddn(num);\n this.negative = 1;\n return this;\n }\n\n this.words[0] -= num;\n\n if (this.length === 1 && this.words[0] < 0) {\n this.words[0] = -this.words[0];\n this.negative = 1;\n } else {\n // Carry\n for (var i = 0; i < this.length && this.words[i] < 0; i++) {\n this.words[i] += 0x4000000;\n this.words[i + 1] -= 1;\n }\n }\n\n return this.strip();\n };\n\n BN.prototype.addn = function addn (num) {\n return this.clone().iaddn(num);\n };\n\n BN.prototype.subn = function subn (num) {\n return this.clone().isubn(num);\n };\n\n BN.prototype.iabs = function iabs () {\n this.negative = 0;\n\n return this;\n };\n\n BN.prototype.abs = function abs () {\n return this.clone().iabs();\n };\n\n BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {\n var len = num.length + shift;\n var i;\n\n this._expand(len);\n\n var w;\n var carry = 0;\n for (i = 0; i < num.length; i++) {\n w = (this.words[i + shift] | 0) + carry;\n var right = (num.words[i] | 0) * mul;\n w -= right & 0x3ffffff;\n carry = (w >> 26) - ((right / 0x4000000) | 0);\n this.words[i + shift] = w & 0x3ffffff;\n }\n for (; i < this.length - shift; i++) {\n w = (this.words[i + shift] | 0) + carry;\n carry = w >> 26;\n this.words[i + shift] = w & 0x3ffffff;\n }\n\n if (carry === 0) return this.strip();\n\n // Subtraction overflow\n assert(carry === -1);\n carry = 0;\n for (i = 0; i < this.length; i++) {\n w = -(this.words[i] | 0) + carry;\n carry = w >> 26;\n this.words[i] = w & 0x3ffffff;\n }\n this.negative = 1;\n\n return this.strip();\n };\n\n BN.prototype._wordDiv = function _wordDiv (num, mode) {\n var shift = this.length - num.length;\n\n var a = this.clone();\n var b = num;\n\n // Normalize\n var bhi = b.words[b.length - 1] | 0;\n var bhiBits = this._countBits(bhi);\n shift = 26 - bhiBits;\n if (shift !== 0) {\n b = b.ushln(shift);\n a.iushln(shift);\n bhi = b.words[b.length - 1] | 0;\n }\n\n // Initialize quotient\n var m = a.length - b.length;\n var q;\n\n if (mode !== 'mod') {\n q = new BN(null);\n q.length = m + 1;\n q.words = new Array(q.length);\n for (var i = 0; i < q.length; i++) {\n q.words[i] = 0;\n }\n }\n\n var diff = a.clone()._ishlnsubmul(b, 1, m);\n if (diff.negative === 0) {\n a = diff;\n if (q) {\n q.words[m] = 1;\n }\n }\n\n for (var j = m - 1; j >= 0; j--) {\n var qj = (a.words[b.length + j] | 0) * 0x4000000 +\n (a.words[b.length + j - 1] | 0);\n\n // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max\n // (0x7ffffff)\n qj = Math.min((qj / bhi) | 0, 0x3ffffff);\n\n a._ishlnsubmul(b, qj, j);\n while (a.negative !== 0) {\n qj--;\n a.negative = 0;\n a._ishlnsubmul(b, 1, j);\n if (!a.isZero()) {\n a.negative ^= 1;\n }\n }\n if (q) {\n q.words[j] = qj;\n }\n }\n if (q) {\n q.strip();\n }\n a.strip();\n\n // Denormalize\n if (mode !== 'div' && shift !== 0) {\n a.iushrn(shift);\n }\n\n return {\n div: q || null,\n mod: a\n };\n };\n\n // NOTE: 1) `mode` can be set to `mod` to request mod only,\n // to `div` to request div only, or be absent to\n // request both div & mod\n // 2) `positive` is true if unsigned mod is requested\n BN.prototype.divmod = function divmod (num, mode, positive) {\n assert(!num.isZero());\n\n if (this.isZero()) {\n return {\n div: new BN(0),\n mod: new BN(0)\n };\n }\n\n var div, mod, res;\n if (this.negative !== 0 && num.negative === 0) {\n res = this.neg().divmod(num, mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.iadd(num);\n }\n }\n\n return {\n div: div,\n mod: mod\n };\n }\n\n if (this.negative === 0 && num.negative !== 0) {\n res = this.divmod(num.neg(), mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n return {\n div: div,\n mod: res.mod\n };\n }\n\n if ((this.negative & num.negative) !== 0) {\n res = this.neg().divmod(num.neg(), mode);\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.isub(num);\n }\n }\n\n return {\n div: res.div,\n mod: mod\n };\n }\n\n // Both numbers are positive at this point\n\n // Strip both numbers to approximate shift value\n if (num.length > this.length || this.cmp(num) < 0) {\n return {\n div: new BN(0),\n mod: this\n };\n }\n\n // Very short reduction\n if (num.length === 1) {\n if (mode === 'div') {\n return {\n div: this.divn(num.words[0]),\n mod: null\n };\n }\n\n if (mode === 'mod') {\n return {\n div: null,\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return {\n div: this.divn(num.words[0]),\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return this._wordDiv(num, mode);\n };\n\n // Find `this` / `num`\n BN.prototype.div = function div (num) {\n return this.divmod(num, 'div', false).div;\n };\n\n // Find `this` % `num`\n BN.prototype.mod = function mod (num) {\n return this.divmod(num, 'mod', false).mod;\n };\n\n BN.prototype.umod = function umod (num) {\n return this.divmod(num, 'mod', true).mod;\n };\n\n // Find Round(`this` / `num`)\n BN.prototype.divRound = function divRound (num) {\n var dm = this.divmod(num);\n\n // Fast case - exact division\n if (dm.mod.isZero()) return dm.div;\n\n var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;\n\n var half = num.ushrn(1);\n var r2 = num.andln(1);\n var cmp = mod.cmp(half);\n\n // Round down\n if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;\n\n // Round up\n return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);\n };\n\n BN.prototype.modn = function modn (num) {\n assert(num <= 0x3ffffff);\n var p = (1 << 26) % num;\n\n var acc = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n acc = (p * acc + (this.words[i] | 0)) % num;\n }\n\n return acc;\n };\n\n // In-place division by number\n BN.prototype.idivn = function idivn (num) {\n assert(num <= 0x3ffffff);\n\n var carry = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var w = (this.words[i] | 0) + carry * 0x4000000;\n this.words[i] = (w / num) | 0;\n carry = w % num;\n }\n\n return this.strip();\n };\n\n BN.prototype.divn = function divn (num) {\n return this.clone().idivn(num);\n };\n\n BN.prototype.egcd = function egcd (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var x = this;\n var y = p.clone();\n\n if (x.negative !== 0) {\n x = x.umod(p);\n } else {\n x = x.clone();\n }\n\n // A * x + B * y = x\n var A = new BN(1);\n var B = new BN(0);\n\n // C * x + D * y = y\n var C = new BN(0);\n var D = new BN(1);\n\n var g = 0;\n\n while (x.isEven() && y.isEven()) {\n x.iushrn(1);\n y.iushrn(1);\n ++g;\n }\n\n var yp = y.clone();\n var xp = x.clone();\n\n while (!x.isZero()) {\n for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n x.iushrn(i);\n while (i-- > 0) {\n if (A.isOdd() || B.isOdd()) {\n A.iadd(yp);\n B.isub(xp);\n }\n\n A.iushrn(1);\n B.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n y.iushrn(j);\n while (j-- > 0) {\n if (C.isOdd() || D.isOdd()) {\n C.iadd(yp);\n D.isub(xp);\n }\n\n C.iushrn(1);\n D.iushrn(1);\n }\n }\n\n if (x.cmp(y) >= 0) {\n x.isub(y);\n A.isub(C);\n B.isub(D);\n } else {\n y.isub(x);\n C.isub(A);\n D.isub(B);\n }\n }\n\n return {\n a: C,\n b: D,\n gcd: y.iushln(g)\n };\n };\n\n // This is reduced incarnation of the binary EEA\n // above, designated to invert members of the\n // _prime_ fields F(p) at a maximal speed\n BN.prototype._invmp = function _invmp (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var a = this;\n var b = p.clone();\n\n if (a.negative !== 0) {\n a = a.umod(p);\n } else {\n a = a.clone();\n }\n\n var x1 = new BN(1);\n var x2 = new BN(0);\n\n var delta = b.clone();\n\n while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {\n for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n a.iushrn(i);\n while (i-- > 0) {\n if (x1.isOdd()) {\n x1.iadd(delta);\n }\n\n x1.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n b.iushrn(j);\n while (j-- > 0) {\n if (x2.isOdd()) {\n x2.iadd(delta);\n }\n\n x2.iushrn(1);\n }\n }\n\n if (a.cmp(b) >= 0) {\n a.isub(b);\n x1.isub(x2);\n } else {\n b.isub(a);\n x2.isub(x1);\n }\n }\n\n var res;\n if (a.cmpn(1) === 0) {\n res = x1;\n } else {\n res = x2;\n }\n\n if (res.cmpn(0) < 0) {\n res.iadd(p);\n }\n\n return res;\n };\n\n BN.prototype.gcd = function gcd (num) {\n if (this.isZero()) return num.abs();\n if (num.isZero()) return this.abs();\n\n var a = this.clone();\n var b = num.clone();\n a.negative = 0;\n b.negative = 0;\n\n // Remove common factor of two\n for (var shift = 0; a.isEven() && b.isEven(); shift++) {\n a.iushrn(1);\n b.iushrn(1);\n }\n\n do {\n while (a.isEven()) {\n a.iushrn(1);\n }\n while (b.isEven()) {\n b.iushrn(1);\n }\n\n var r = a.cmp(b);\n if (r < 0) {\n // Swap `a` and `b` to make `a` always bigger than `b`\n var t = a;\n a = b;\n b = t;\n } else if (r === 0 || b.cmpn(1) === 0) {\n break;\n }\n\n a.isub(b);\n } while (true);\n\n return b.iushln(shift);\n };\n\n // Invert number in the field F(num)\n BN.prototype.invm = function invm (num) {\n return this.egcd(num).a.umod(num);\n };\n\n BN.prototype.isEven = function isEven () {\n return (this.words[0] & 1) === 0;\n };\n\n BN.prototype.isOdd = function isOdd () {\n return (this.words[0] & 1) === 1;\n };\n\n // And first word and num\n BN.prototype.andln = function andln (num) {\n return this.words[0] & num;\n };\n\n // Increment at the bit position in-line\n BN.prototype.bincn = function bincn (bit) {\n assert(typeof bit === 'number');\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) {\n this._expand(s + 1);\n this.words[s] |= q;\n return this;\n }\n\n // Add bit and propagate, if needed\n var carry = q;\n for (var i = s; carry !== 0 && i < this.length; i++) {\n var w = this.words[i] | 0;\n w += carry;\n carry = w >>> 26;\n w &= 0x3ffffff;\n this.words[i] = w;\n }\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n return this;\n };\n\n BN.prototype.isZero = function isZero () {\n return this.length === 1 && this.words[0] === 0;\n };\n\n BN.prototype.cmpn = function cmpn (num) {\n var negative = num < 0;\n\n if (this.negative !== 0 && !negative) return -1;\n if (this.negative === 0 && negative) return 1;\n\n this.strip();\n\n var res;\n if (this.length > 1) {\n res = 1;\n } else {\n if (negative) {\n num = -num;\n }\n\n assert(num <= 0x3ffffff, 'Number is too big');\n\n var w = this.words[0] | 0;\n res = w === num ? 0 : w < num ? -1 : 1;\n }\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Compare two numbers and return:\n // 1 - if `this` > `num`\n // 0 - if `this` == `num`\n // -1 - if `this` < `num`\n BN.prototype.cmp = function cmp (num) {\n if (this.negative !== 0 && num.negative === 0) return -1;\n if (this.negative === 0 && num.negative !== 0) return 1;\n\n var res = this.ucmp(num);\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Unsigned comparison\n BN.prototype.ucmp = function ucmp (num) {\n // At this point both numbers have the same sign\n if (this.length > num.length) return 1;\n if (this.length < num.length) return -1;\n\n var res = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var a = this.words[i] | 0;\n var b = num.words[i] | 0;\n\n if (a === b) continue;\n if (a < b) {\n res = -1;\n } else if (a > b) {\n res = 1;\n }\n break;\n }\n return res;\n };\n\n BN.prototype.gtn = function gtn (num) {\n return this.cmpn(num) === 1;\n };\n\n BN.prototype.gt = function gt (num) {\n return this.cmp(num) === 1;\n };\n\n BN.prototype.gten = function gten (num) {\n return this.cmpn(num) >= 0;\n };\n\n BN.prototype.gte = function gte (num) {\n return this.cmp(num) >= 0;\n };\n\n BN.prototype.ltn = function ltn (num) {\n return this.cmpn(num) === -1;\n };\n\n BN.prototype.lt = function lt (num) {\n return this.cmp(num) === -1;\n };\n\n BN.prototype.lten = function lten (num) {\n return this.cmpn(num) <= 0;\n };\n\n BN.prototype.lte = function lte (num) {\n return this.cmp(num) <= 0;\n };\n\n BN.prototype.eqn = function eqn (num) {\n return this.cmpn(num) === 0;\n };\n\n BN.prototype.eq = function eq (num) {\n return this.cmp(num) === 0;\n };\n\n //\n // A reduce context, could be using montgomery or something better, depending\n // on the `m` itself.\n //\n BN.red = function red (num) {\n return new Red(num);\n };\n\n BN.prototype.toRed = function toRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n assert(this.negative === 0, 'red works only with positives');\n return ctx.convertTo(this)._forceRed(ctx);\n };\n\n BN.prototype.fromRed = function fromRed () {\n assert(this.red, 'fromRed works only with numbers in reduction context');\n return this.red.convertFrom(this);\n };\n\n BN.prototype._forceRed = function _forceRed (ctx) {\n this.red = ctx;\n return this;\n };\n\n BN.prototype.forceRed = function forceRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n return this._forceRed(ctx);\n };\n\n BN.prototype.redAdd = function redAdd (num) {\n assert(this.red, 'redAdd works only with red numbers');\n return this.red.add(this, num);\n };\n\n BN.prototype.redIAdd = function redIAdd (num) {\n assert(this.red, 'redIAdd works only with red numbers');\n return this.red.iadd(this, num);\n };\n\n BN.prototype.redSub = function redSub (num) {\n assert(this.red, 'redSub works only with red numbers');\n return this.red.sub(this, num);\n };\n\n BN.prototype.redISub = function redISub (num) {\n assert(this.red, 'redISub works only with red numbers');\n return this.red.isub(this, num);\n };\n\n BN.prototype.redShl = function redShl (num) {\n assert(this.red, 'redShl works only with red numbers');\n return this.red.shl(this, num);\n };\n\n BN.prototype.redMul = function redMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.mul(this, num);\n };\n\n BN.prototype.redIMul = function redIMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.imul(this, num);\n };\n\n BN.prototype.redSqr = function redSqr () {\n assert(this.red, 'redSqr works only with red numbers');\n this.red._verify1(this);\n return this.red.sqr(this);\n };\n\n BN.prototype.redISqr = function redISqr () {\n assert(this.red, 'redISqr works only with red numbers');\n this.red._verify1(this);\n return this.red.isqr(this);\n };\n\n // Square root over p\n BN.prototype.redSqrt = function redSqrt () {\n assert(this.red, 'redSqrt works only with red numbers');\n this.red._verify1(this);\n return this.red.sqrt(this);\n };\n\n BN.prototype.redInvm = function redInvm () {\n assert(this.red, 'redInvm works only with red numbers');\n this.red._verify1(this);\n return this.red.invm(this);\n };\n\n // Return negative clone of `this` % `red modulo`\n BN.prototype.redNeg = function redNeg () {\n assert(this.red, 'redNeg works only with red numbers');\n this.red._verify1(this);\n return this.red.neg(this);\n };\n\n BN.prototype.redPow = function redPow (num) {\n assert(this.red && !num.red, 'redPow(normalNum)');\n this.red._verify1(this);\n return this.red.pow(this, num);\n };\n\n // Prime numbers with efficient reduction\n var primes = {\n k256: null,\n p224: null,\n p192: null,\n p25519: null\n };\n\n // Pseudo-Mersenne prime\n function MPrime (name, p) {\n // P = 2 ^ N - K\n this.name = name;\n this.p = new BN(p, 16);\n this.n = this.p.bitLength();\n this.k = new BN(1).iushln(this.n).isub(this.p);\n\n this.tmp = this._tmp();\n }\n\n MPrime.prototype._tmp = function _tmp () {\n var tmp = new BN(null);\n tmp.words = new Array(Math.ceil(this.n / 13));\n return tmp;\n };\n\n MPrime.prototype.ireduce = function ireduce (num) {\n // Assumes that `num` is less than `P^2`\n // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)\n var r = num;\n var rlen;\n\n do {\n this.split(r, this.tmp);\n r = this.imulK(r);\n r = r.iadd(this.tmp);\n rlen = r.bitLength();\n } while (rlen > this.n);\n\n var cmp = rlen < this.n ? -1 : r.ucmp(this.p);\n if (cmp === 0) {\n r.words[0] = 0;\n r.length = 1;\n } else if (cmp > 0) {\n r.isub(this.p);\n } else {\n r.strip();\n }\n\n return r;\n };\n\n MPrime.prototype.split = function split (input, out) {\n input.iushrn(this.n, 0, out);\n };\n\n MPrime.prototype.imulK = function imulK (num) {\n return num.imul(this.k);\n };\n\n function K256 () {\n MPrime.call(\n this,\n 'k256',\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');\n }\n inherits(K256, MPrime);\n\n K256.prototype.split = function split (input, output) {\n // 256 = 9 * 26 + 22\n var mask = 0x3fffff;\n\n var outLen = Math.min(input.length, 9);\n for (var i = 0; i < outLen; i++) {\n output.words[i] = input.words[i];\n }\n output.length = outLen;\n\n if (input.length <= 9) {\n input.words[0] = 0;\n input.length = 1;\n return;\n }\n\n // Shift by 9 limbs\n var prev = input.words[9];\n output.words[output.length++] = prev & mask;\n\n for (i = 10; i < input.length; i++) {\n var next = input.words[i] | 0;\n input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);\n prev = next;\n }\n prev >>>= 22;\n input.words[i - 10] = prev;\n if (prev === 0 && input.length > 10) {\n input.length -= 10;\n } else {\n input.length -= 9;\n }\n };\n\n K256.prototype.imulK = function imulK (num) {\n // K = 0x1000003d1 = [ 0x40, 0x3d1 ]\n num.words[num.length] = 0;\n num.words[num.length + 1] = 0;\n num.length += 2;\n\n // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390\n var lo = 0;\n for (var i = 0; i < num.length; i++) {\n var w = num.words[i] | 0;\n lo += w * 0x3d1;\n num.words[i] = lo & 0x3ffffff;\n lo = w * 0x40 + ((lo / 0x4000000) | 0);\n }\n\n // Fast length reduction\n if (num.words[num.length - 1] === 0) {\n num.length--;\n if (num.words[num.length - 1] === 0) {\n num.length--;\n }\n }\n return num;\n };\n\n function P224 () {\n MPrime.call(\n this,\n 'p224',\n 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');\n }\n inherits(P224, MPrime);\n\n function P192 () {\n MPrime.call(\n this,\n 'p192',\n 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');\n }\n inherits(P192, MPrime);\n\n function P25519 () {\n // 2 ^ 255 - 19\n MPrime.call(\n this,\n '25519',\n '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');\n }\n inherits(P25519, MPrime);\n\n P25519.prototype.imulK = function imulK (num) {\n // K = 0x13\n var carry = 0;\n for (var i = 0; i < num.length; i++) {\n var hi = (num.words[i] | 0) * 0x13 + carry;\n var lo = hi & 0x3ffffff;\n hi >>>= 26;\n\n num.words[i] = lo;\n carry = hi;\n }\n if (carry !== 0) {\n num.words[num.length++] = carry;\n }\n return num;\n };\n\n // Exported mostly for testing purposes, use plain name instead\n BN._prime = function prime (name) {\n // Cached version of prime\n if (primes[name]) return primes[name];\n\n var prime;\n if (name === 'k256') {\n prime = new K256();\n } else if (name === 'p224') {\n prime = new P224();\n } else if (name === 'p192') {\n prime = new P192();\n } else if (name === 'p25519') {\n prime = new P25519();\n } else {\n throw new Error('Unknown prime ' + name);\n }\n primes[name] = prime;\n\n return prime;\n };\n\n //\n // Base reduction engine\n //\n function Red (m) {\n if (typeof m === 'string') {\n var prime = BN._prime(m);\n this.m = prime.p;\n this.prime = prime;\n } else {\n assert(m.gtn(1), 'modulus must be greater than 1');\n this.m = m;\n this.prime = null;\n }\n }\n\n Red.prototype._verify1 = function _verify1 (a) {\n assert(a.negative === 0, 'red works only with positives');\n assert(a.red, 'red works only with red numbers');\n };\n\n Red.prototype._verify2 = function _verify2 (a, b) {\n assert((a.negative | b.negative) === 0, 'red works only with positives');\n assert(a.red && a.red === b.red,\n 'red works only with red numbers');\n };\n\n Red.prototype.imod = function imod (a) {\n if (this.prime) return this.prime.ireduce(a)._forceRed(this);\n return a.umod(this.m)._forceRed(this);\n };\n\n Red.prototype.neg = function neg (a) {\n if (a.isZero()) {\n return a.clone();\n }\n\n return this.m.sub(a)._forceRed(this);\n };\n\n Red.prototype.add = function add (a, b) {\n this._verify2(a, b);\n\n var res = a.add(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.iadd = function iadd (a, b) {\n this._verify2(a, b);\n\n var res = a.iadd(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res;\n };\n\n Red.prototype.sub = function sub (a, b) {\n this._verify2(a, b);\n\n var res = a.sub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.isub = function isub (a, b) {\n this._verify2(a, b);\n\n var res = a.isub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res;\n };\n\n Red.prototype.shl = function shl (a, num) {\n this._verify1(a);\n return this.imod(a.ushln(num));\n };\n\n Red.prototype.imul = function imul (a, b) {\n this._verify2(a, b);\n return this.imod(a.imul(b));\n };\n\n Red.prototype.mul = function mul (a, b) {\n this._verify2(a, b);\n return this.imod(a.mul(b));\n };\n\n Red.prototype.isqr = function isqr (a) {\n return this.imul(a, a.clone());\n };\n\n Red.prototype.sqr = function sqr (a) {\n return this.mul(a, a);\n };\n\n Red.prototype.sqrt = function sqrt (a) {\n if (a.isZero()) return a.clone();\n\n var mod3 = this.m.andln(3);\n assert(mod3 % 2 === 1);\n\n // Fast case\n if (mod3 === 3) {\n var pow = this.m.add(new BN(1)).iushrn(2);\n return this.pow(a, pow);\n }\n\n // Tonelli-Shanks algorithm (Totally unoptimized and slow)\n //\n // Find Q and S, that Q * 2 ^ S = (P - 1)\n var q = this.m.subn(1);\n var s = 0;\n while (!q.isZero() && q.andln(1) === 0) {\n s++;\n q.iushrn(1);\n }\n assert(!q.isZero());\n\n var one = new BN(1).toRed(this);\n var nOne = one.redNeg();\n\n // Find quadratic non-residue\n // NOTE: Max is such because of generalized Riemann hypothesis.\n var lpow = this.m.subn(1).iushrn(1);\n var z = this.m.bitLength();\n z = new BN(2 * z * z).toRed(this);\n\n while (this.pow(z, lpow).cmp(nOne) !== 0) {\n z.redIAdd(nOne);\n }\n\n var c = this.pow(z, q);\n var r = this.pow(a, q.addn(1).iushrn(1));\n var t = this.pow(a, q);\n var m = s;\n while (t.cmp(one) !== 0) {\n var tmp = t;\n for (var i = 0; tmp.cmp(one) !== 0; i++) {\n tmp = tmp.redSqr();\n }\n assert(i < m);\n var b = this.pow(c, new BN(1).iushln(m - i - 1));\n\n r = r.redMul(b);\n c = b.redSqr();\n t = t.redMul(c);\n m = i;\n }\n\n return r;\n };\n\n Red.prototype.invm = function invm (a) {\n var inv = a._invmp(this.m);\n if (inv.negative !== 0) {\n inv.negative = 0;\n return this.imod(inv).redNeg();\n } else {\n return this.imod(inv);\n }\n };\n\n Red.prototype.pow = function pow (a, num) {\n if (num.isZero()) return new BN(1).toRed(this);\n if (num.cmpn(1) === 0) return a.clone();\n\n var windowSize = 4;\n var wnd = new Array(1 << windowSize);\n wnd[0] = new BN(1).toRed(this);\n wnd[1] = a;\n for (var i = 2; i < wnd.length; i++) {\n wnd[i] = this.mul(wnd[i - 1], a);\n }\n\n var res = wnd[0];\n var current = 0;\n var currentLen = 0;\n var start = num.bitLength() % 26;\n if (start === 0) {\n start = 26;\n }\n\n for (i = num.length - 1; i >= 0; i--) {\n var word = num.words[i];\n for (var j = start - 1; j >= 0; j--) {\n var bit = (word >> j) & 1;\n if (res !== wnd[0]) {\n res = this.sqr(res);\n }\n\n if (bit === 0 && current === 0) {\n currentLen = 0;\n continue;\n }\n\n current <<= 1;\n current |= bit;\n currentLen++;\n if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;\n\n res = this.mul(res, wnd[current]);\n currentLen = 0;\n current = 0;\n }\n start = 26;\n }\n\n return res;\n };\n\n Red.prototype.convertTo = function convertTo (num) {\n var r = num.umod(this.m);\n\n return r === num ? r.clone() : r;\n };\n\n Red.prototype.convertFrom = function convertFrom (num) {\n var res = num.clone();\n res.red = null;\n return res;\n };\n\n //\n // Montgomery method engine\n //\n\n BN.mont = function mont (num) {\n return new Mont(num);\n };\n\n function Mont (m) {\n Red.call(this, m);\n\n this.shift = this.m.bitLength();\n if (this.shift % 26 !== 0) {\n this.shift += 26 - (this.shift % 26);\n }\n\n this.r = new BN(1).iushln(this.shift);\n this.r2 = this.imod(this.r.sqr());\n this.rinv = this.r._invmp(this.m);\n\n this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);\n this.minv = this.minv.umod(this.r);\n this.minv = this.r.sub(this.minv);\n }\n inherits(Mont, Red);\n\n Mont.prototype.convertTo = function convertTo (num) {\n return this.imod(num.ushln(this.shift));\n };\n\n Mont.prototype.convertFrom = function convertFrom (num) {\n var r = this.imod(num.mul(this.rinv));\n r.red = null;\n return r;\n };\n\n Mont.prototype.imul = function imul (a, b) {\n if (a.isZero() || b.isZero()) {\n a.words[0] = 0;\n a.length = 1;\n return a;\n }\n\n var t = a.imul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.mul = function mul (a, b) {\n if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);\n\n var t = a.mul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.invm = function invm (a) {\n // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R\n var res = this.imod(a._invmp(this.m).mul(this.r2));\n return res._forceRed(this);\n };\n})(typeof module === 'undefined' || module, this);\n","import BN from 'bn.js';\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * Wrapper of bn.js library (wwww.github.com/indutny/bn.js)\n * @module biginteger/bn\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n this.value = new BN(n);\n }\n\n clone() {\n const clone = new BigInteger(null);\n this.value.copy(clone.value);\n return clone;\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value.iadd(new BN(1));\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value.isub(new BN(1));\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value.iadd(x.value);\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value.isub(x.value);\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value.imul(x.value);\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value = this.value.umod(m.value);\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation\n * Much faster than this.exp(e).mod(n)\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n // We use either Montgomery or normal reduction context\n // Montgomery requires coprime n and R (montogmery multiplier)\n // bn.js picks R as power of 2, so n must be odd\n const nred = n.isEven() ? BN.red(n.value) : BN.mont(n.value);\n const x = this.clone();\n x.value = x.value.toRed(nred).redPow(e.value).fromRed();\n return x;\n }\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n // invm returns a wrong result if the inverse does not exist\n if (!this.gcd(n).isOne()) {\n throw new Error('Inverse does not exist');\n }\n return new BigInteger(this.value.invm(n.value));\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} n - Operand\n * @returns {BigInteger} gcd\n */\n gcd(n) {\n return new BigInteger(this.value.gcd(n.value));\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value.ishln(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value.ishrn(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value.eq(x.value);\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value.lt(x.value);\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value.lte(x.value);\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value.gt(x.value);\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value.gte(x.value);\n }\n\n isZero() {\n return this.value.isZero();\n }\n\n isOne() {\n return this.value.eq(new BN(1));\n }\n\n isNegative() {\n return this.value.isNeg();\n }\n\n isEven() {\n return this.value.isEven();\n }\n\n abs() {\n const res = this.clone();\n res.value = res.value.abs();\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n return this.value.toNumber();\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n return this.value.testn(i) ? 1 : 0;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n return this.value.bitLength();\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n return this.value.byteLength();\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n return this.value.toArrayLike(Uint8Array, endian, length);\n }\n}\n","var r;\n\nmodule.exports = function rand(len) {\n if (!r)\n r = new Rand(null);\n\n return r.generate(len);\n};\n\nfunction Rand(rand) {\n this.rand = rand;\n}\nmodule.exports.Rand = Rand;\n\nRand.prototype.generate = function generate(len) {\n return this._rand(len);\n};\n\n// Emulate crypto API using randy\nRand.prototype._rand = function _rand(n) {\n if (this.rand.getBytes)\n return this.rand.getBytes(n);\n\n var res = new Uint8Array(n);\n for (var i = 0; i < res.length; i++)\n res[i] = this.rand.getByte();\n return res;\n};\n\nif (typeof self === 'object') {\n if (self.crypto && self.crypto.getRandomValues) {\n // Modern browsers\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.crypto.getRandomValues(arr);\n return arr;\n };\n } else if (self.msCrypto && self.msCrypto.getRandomValues) {\n // IE\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.msCrypto.getRandomValues(arr);\n return arr;\n };\n\n // Safari's WebWorkers do not have `crypto`\n } else if (typeof window === 'object') {\n // Old junk\n Rand.prototype._rand = function() {\n throw new Error('Not implemented yet');\n };\n }\n} else {\n // Node.js or Web worker with no crypto support\n try {\n var crypto = require('crypto');\n if (typeof crypto.randomBytes !== 'function')\n throw new Error('Not supported');\n\n Rand.prototype._rand = function _rand(n) {\n return crypto.randomBytes(n);\n };\n } catch (e) {\n }\n}\n","'use strict';\n\nvar utils = exports;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg !== 'string') {\n for (var i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n return res;\n }\n if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (var i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n } else {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n }\n return res;\n}\nutils.toArray = toArray;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nutils.zero2 = zero2;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nutils.toHex = toHex;\n\nutils.encode = function encode(arr, enc) {\n if (enc === 'hex')\n return toHex(arr);\n else\n return arr;\n};\n","'use strict';\n\nvar utils = exports;\nvar BN = require('bn.js');\nvar minAssert = require('minimalistic-assert');\nvar minUtils = require('minimalistic-crypto-utils');\n\nutils.assert = minAssert;\nutils.toArray = minUtils.toArray;\nutils.zero2 = minUtils.zero2;\nutils.toHex = minUtils.toHex;\nutils.encode = minUtils.encode;\n\n// Represent num in a w-NAF form\nfunction getNAF(num, w) {\n var naf = [];\n var ws = 1 << (w + 1);\n var k = num.clone();\n while (k.cmpn(1) >= 0) {\n var z;\n if (k.isOdd()) {\n var mod = k.andln(ws - 1);\n if (mod > (ws >> 1) - 1)\n z = (ws >> 1) - mod;\n else\n z = mod;\n k.isubn(z);\n } else {\n z = 0;\n }\n naf.push(z);\n\n // Optimization, shift by word if possible\n var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;\n for (var i = 1; i < shift; i++)\n naf.push(0);\n k.iushrn(shift);\n }\n\n return naf;\n}\nutils.getNAF = getNAF;\n\n// Represent k1, k2 in a Joint Sparse Form\nfunction getJSF(k1, k2) {\n var jsf = [\n [],\n []\n ];\n\n k1 = k1.clone();\n k2 = k2.clone();\n var d1 = 0;\n var d2 = 0;\n while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {\n\n // First phase\n var m14 = (k1.andln(3) + d1) & 3;\n var m24 = (k2.andln(3) + d2) & 3;\n if (m14 === 3)\n m14 = -1;\n if (m24 === 3)\n m24 = -1;\n var u1;\n if ((m14 & 1) === 0) {\n u1 = 0;\n } else {\n var m8 = (k1.andln(7) + d1) & 7;\n if ((m8 === 3 || m8 === 5) && m24 === 2)\n u1 = -m14;\n else\n u1 = m14;\n }\n jsf[0].push(u1);\n\n var u2;\n if ((m24 & 1) === 0) {\n u2 = 0;\n } else {\n var m8 = (k2.andln(7) + d2) & 7;\n if ((m8 === 3 || m8 === 5) && m14 === 2)\n u2 = -m24;\n else\n u2 = m24;\n }\n jsf[1].push(u2);\n\n // Second phase\n if (2 * d1 === u1 + 1)\n d1 = 1 - d1;\n if (2 * d2 === u2 + 1)\n d2 = 1 - d2;\n k1.iushrn(1);\n k2.iushrn(1);\n }\n\n return jsf;\n}\nutils.getJSF = getJSF;\n\nfunction cachedProperty(obj, name, computer) {\n var key = '_' + name;\n obj.prototype[name] = function cachedProperty() {\n return this[key] !== undefined ? this[key] :\n this[key] = computer.call(this);\n };\n}\nutils.cachedProperty = cachedProperty;\n\nfunction parseBytes(bytes) {\n return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :\n bytes;\n}\nutils.parseBytes = parseBytes;\n\nfunction intFromLE(bytes) {\n return new BN(bytes, 'hex', 'le');\n}\nutils.intFromLE = intFromLE;\n\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar getNAF = utils.getNAF;\nvar getJSF = utils.getJSF;\nvar assert = utils.assert;\n\nfunction BaseCurve(type, conf) {\n this.type = type;\n this.p = new BN(conf.p, 16);\n\n // Use Montgomery, when there is no fast reduction for the prime\n this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);\n\n // Useful for many curves\n this.zero = new BN(0).toRed(this.red);\n this.one = new BN(1).toRed(this.red);\n this.two = new BN(2).toRed(this.red);\n\n // Curve configuration, optional\n this.n = conf.n && new BN(conf.n, 16);\n this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);\n\n // Temporary arrays\n this._wnafT1 = new Array(4);\n this._wnafT2 = new Array(4);\n this._wnafT3 = new Array(4);\n this._wnafT4 = new Array(4);\n\n // Generalized Greg Maxwell's trick\n var adjustCount = this.n && this.p.div(this.n);\n if (!adjustCount || adjustCount.cmpn(100) > 0) {\n this.redN = null;\n } else {\n this._maxwellTrick = true;\n this.redN = this.n.toRed(this.red);\n }\n}\nmodule.exports = BaseCurve;\n\nBaseCurve.prototype.point = function point() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype.validate = function validate() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {\n assert(p.precomputed);\n var doubles = p._getDoubles();\n\n var naf = getNAF(k, 1);\n var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);\n I /= 3;\n\n // Translate into more windowed form\n var repr = [];\n for (var j = 0; j < naf.length; j += doubles.step) {\n var nafW = 0;\n for (var k = j + doubles.step - 1; k >= j; k--)\n nafW = (nafW << 1) + naf[k];\n repr.push(nafW);\n }\n\n var a = this.jpoint(null, null, null);\n var b = this.jpoint(null, null, null);\n for (var i = I; i > 0; i--) {\n for (var j = 0; j < repr.length; j++) {\n var nafW = repr[j];\n if (nafW === i)\n b = b.mixedAdd(doubles.points[j]);\n else if (nafW === -i)\n b = b.mixedAdd(doubles.points[j].neg());\n }\n a = a.add(b);\n }\n return a.toP();\n};\n\nBaseCurve.prototype._wnafMul = function _wnafMul(p, k) {\n var w = 4;\n\n // Precompute window\n var nafPoints = p._getNAFPoints(w);\n w = nafPoints.wnd;\n var wnd = nafPoints.points;\n\n // Get NAF form\n var naf = getNAF(k, w);\n\n // Add `this`*(N+1) for every w-NAF index\n var acc = this.jpoint(null, null, null);\n for (var i = naf.length - 1; i >= 0; i--) {\n // Count zeroes\n for (var k = 0; i >= 0 && naf[i] === 0; i--)\n k++;\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n\n if (i < 0)\n break;\n var z = naf[i];\n assert(z !== 0);\n if (p.type === 'affine') {\n // J +- P\n if (z > 0)\n acc = acc.mixedAdd(wnd[(z - 1) >> 1]);\n else\n acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());\n } else {\n // J +- J\n if (z > 0)\n acc = acc.add(wnd[(z - 1) >> 1]);\n else\n acc = acc.add(wnd[(-z - 1) >> 1].neg());\n }\n }\n return p.type === 'affine' ? acc.toP() : acc;\n};\n\nBaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,\n points,\n coeffs,\n len,\n jacobianResult) {\n var wndWidth = this._wnafT1;\n var wnd = this._wnafT2;\n var naf = this._wnafT3;\n\n // Fill all arrays\n var max = 0;\n for (var i = 0; i < len; i++) {\n var p = points[i];\n var nafPoints = p._getNAFPoints(defW);\n wndWidth[i] = nafPoints.wnd;\n wnd[i] = nafPoints.points;\n }\n\n // Comb small window NAFs\n for (var i = len - 1; i >= 1; i -= 2) {\n var a = i - 1;\n var b = i;\n if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {\n naf[a] = getNAF(coeffs[a], wndWidth[a]);\n naf[b] = getNAF(coeffs[b], wndWidth[b]);\n max = Math.max(naf[a].length, max);\n max = Math.max(naf[b].length, max);\n continue;\n }\n\n var comb = [\n points[a], /* 1 */\n null, /* 3 */\n null, /* 5 */\n points[b] /* 7 */\n ];\n\n // Try to avoid Projective points, if possible\n if (points[a].y.cmp(points[b].y) === 0) {\n comb[1] = points[a].add(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].add(points[b].neg());\n } else {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n }\n\n var index = [\n -3, /* -1 -1 */\n -1, /* -1 0 */\n -5, /* -1 1 */\n -7, /* 0 -1 */\n 0, /* 0 0 */\n 7, /* 0 1 */\n 5, /* 1 -1 */\n 1, /* 1 0 */\n 3 /* 1 1 */\n ];\n\n var jsf = getJSF(coeffs[a], coeffs[b]);\n max = Math.max(jsf[0].length, max);\n naf[a] = new Array(max);\n naf[b] = new Array(max);\n for (var j = 0; j < max; j++) {\n var ja = jsf[0][j] | 0;\n var jb = jsf[1][j] | 0;\n\n naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];\n naf[b][j] = 0;\n wnd[a] = comb;\n }\n }\n\n var acc = this.jpoint(null, null, null);\n var tmp = this._wnafT4;\n for (var i = max; i >= 0; i--) {\n var k = 0;\n\n while (i >= 0) {\n var zero = true;\n for (var j = 0; j < len; j++) {\n tmp[j] = naf[j][i] | 0;\n if (tmp[j] !== 0)\n zero = false;\n }\n if (!zero)\n break;\n k++;\n i--;\n }\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n if (i < 0)\n break;\n\n for (var j = 0; j < len; j++) {\n var z = tmp[j];\n var p;\n if (z === 0)\n continue;\n else if (z > 0)\n p = wnd[j][(z - 1) >> 1];\n else if (z < 0)\n p = wnd[j][(-z - 1) >> 1].neg();\n\n if (p.type === 'affine')\n acc = acc.mixedAdd(p);\n else\n acc = acc.add(p);\n }\n }\n // Zeroify references\n for (var i = 0; i < len; i++)\n wnd[i] = null;\n\n if (jacobianResult)\n return acc;\n else\n return acc.toP();\n};\n\nfunction BasePoint(curve, type) {\n this.curve = curve;\n this.type = type;\n this.precomputed = null;\n}\nBaseCurve.BasePoint = BasePoint;\n\nBasePoint.prototype.eq = function eq(/*other*/) {\n throw new Error('Not implemented');\n};\n\nBasePoint.prototype.validate = function validate() {\n return this.curve.validate(this);\n};\n\nBaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n bytes = utils.toArray(bytes, enc);\n\n var len = this.p.byteLength();\n\n // uncompressed, hybrid-odd, hybrid-even\n if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&\n bytes.length - 1 === 2 * len) {\n if (bytes[0] === 0x06)\n assert(bytes[bytes.length - 1] % 2 === 0);\n else if (bytes[0] === 0x07)\n assert(bytes[bytes.length - 1] % 2 === 1);\n\n var res = this.point(bytes.slice(1, 1 + len),\n bytes.slice(1 + len, 1 + 2 * len));\n\n return res;\n } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&\n bytes.length - 1 === len) {\n return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);\n }\n throw new Error('Unknown point format');\n};\n\nBasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {\n return this.encode(enc, true);\n};\n\nBasePoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n var x = this.getX().toArray('be', len);\n\n if (compact)\n return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);\n\n return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;\n};\n\nBasePoint.prototype.encode = function encode(enc, compact) {\n return utils.encode(this._encode(compact), enc);\n};\n\nBasePoint.prototype.precompute = function precompute(power) {\n if (this.precomputed)\n return this;\n\n var precomputed = {\n doubles: null,\n naf: null,\n beta: null\n };\n precomputed.naf = this._getNAFPoints(8);\n precomputed.doubles = this._getDoubles(4, power);\n precomputed.beta = this._getBeta();\n this.precomputed = precomputed;\n\n return this;\n};\n\nBasePoint.prototype._hasDoubles = function _hasDoubles(k) {\n if (!this.precomputed)\n return false;\n\n var doubles = this.precomputed.doubles;\n if (!doubles)\n return false;\n\n return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);\n};\n\nBasePoint.prototype._getDoubles = function _getDoubles(step, power) {\n if (this.precomputed && this.precomputed.doubles)\n return this.precomputed.doubles;\n\n var doubles = [ this ];\n var acc = this;\n for (var i = 0; i < power; i += step) {\n for (var j = 0; j < step; j++)\n acc = acc.dbl();\n doubles.push(acc);\n }\n return {\n step: step,\n points: doubles\n };\n};\n\nBasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {\n if (this.precomputed && this.precomputed.naf)\n return this.precomputed.naf;\n\n var res = [ this ];\n var max = (1 << wnd) - 1;\n var dbl = max === 1 ? null : this.dbl();\n for (var i = 1; i < max; i++)\n res[i] = res[i - 1].add(dbl);\n return {\n wnd: wnd,\n points: res\n };\n};\n\nBasePoint.prototype._getBeta = function _getBeta() {\n return null;\n};\n\nBasePoint.prototype.dblp = function dblp(k) {\n var r = this;\n for (var i = 0; i < k; i++)\n r = r.dbl();\n return r;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction ShortCurve(conf) {\n Base.call(this, 'short', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.tinv = this.two.redInvm();\n\n this.zeroA = this.a.fromRed().cmpn(0) === 0;\n this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;\n\n // If the curve is endomorphic, precalculate beta and lambda\n this.endo = this._getEndomorphism(conf);\n this._endoWnafT1 = new Array(4);\n this._endoWnafT2 = new Array(4);\n}\ninherits(ShortCurve, Base);\nmodule.exports = ShortCurve;\n\nShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {\n // No efficient endomorphism\n if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)\n return;\n\n // Compute beta and lambda, that lambda * P = (beta * Px; Py)\n var beta;\n var lambda;\n if (conf.beta) {\n beta = new BN(conf.beta, 16).toRed(this.red);\n } else {\n var betas = this._getEndoRoots(this.p);\n // Choose the smallest beta\n beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];\n beta = beta.toRed(this.red);\n }\n if (conf.lambda) {\n lambda = new BN(conf.lambda, 16);\n } else {\n // Choose the lambda that is matching selected beta\n var lambdas = this._getEndoRoots(this.n);\n if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {\n lambda = lambdas[0];\n } else {\n lambda = lambdas[1];\n assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);\n }\n }\n\n // Get basis vectors, used for balanced length-two representation\n var basis;\n if (conf.basis) {\n basis = conf.basis.map(function(vec) {\n return {\n a: new BN(vec.a, 16),\n b: new BN(vec.b, 16)\n };\n });\n } else {\n basis = this._getEndoBasis(lambda);\n }\n\n return {\n beta: beta,\n lambda: lambda,\n basis: basis\n };\n};\n\nShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {\n // Find roots of for x^2 + x + 1 in F\n // Root = (-1 +- Sqrt(-3)) / 2\n //\n var red = num === this.p ? this.red : BN.mont(num);\n var tinv = new BN(2).toRed(red).redInvm();\n var ntinv = tinv.redNeg();\n\n var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);\n\n var l1 = ntinv.redAdd(s).fromRed();\n var l2 = ntinv.redSub(s).fromRed();\n return [ l1, l2 ];\n};\n\nShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {\n // aprxSqrt >= sqrt(this.n)\n var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));\n\n // 3.74\n // Run EGCD, until r(L + 1) < aprxSqrt\n var u = lambda;\n var v = this.n.clone();\n var x1 = new BN(1);\n var y1 = new BN(0);\n var x2 = new BN(0);\n var y2 = new BN(1);\n\n // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)\n var a0;\n var b0;\n // First vector\n var a1;\n var b1;\n // Second vector\n var a2;\n var b2;\n\n var prevR;\n var i = 0;\n var r;\n var x;\n while (u.cmpn(0) !== 0) {\n var q = v.div(u);\n r = v.sub(q.mul(u));\n x = x2.sub(q.mul(x1));\n var y = y2.sub(q.mul(y1));\n\n if (!a1 && r.cmp(aprxSqrt) < 0) {\n a0 = prevR.neg();\n b0 = x1;\n a1 = r.neg();\n b1 = x;\n } else if (a1 && ++i === 2) {\n break;\n }\n prevR = r;\n\n v = u;\n u = r;\n x2 = x1;\n x1 = x;\n y2 = y1;\n y1 = y;\n }\n a2 = r.neg();\n b2 = x;\n\n var len1 = a1.sqr().add(b1.sqr());\n var len2 = a2.sqr().add(b2.sqr());\n if (len2.cmp(len1) >= 0) {\n a2 = a0;\n b2 = b0;\n }\n\n // Normalize signs\n if (a1.negative) {\n a1 = a1.neg();\n b1 = b1.neg();\n }\n if (a2.negative) {\n a2 = a2.neg();\n b2 = b2.neg();\n }\n\n return [\n { a: a1, b: b1 },\n { a: a2, b: b2 }\n ];\n};\n\nShortCurve.prototype._endoSplit = function _endoSplit(k) {\n var basis = this.endo.basis;\n var v1 = basis[0];\n var v2 = basis[1];\n\n var c1 = v2.b.mul(k).divRound(this.n);\n var c2 = v1.b.neg().mul(k).divRound(this.n);\n\n var p1 = c1.mul(v1.a);\n var p2 = c2.mul(v2.a);\n var q1 = c1.mul(v1.b);\n var q2 = c2.mul(v2.b);\n\n // Calculate answer\n var k1 = k.sub(p1).sub(p2);\n var k2 = q1.add(q2).neg();\n return { k1: k1, k2: k2 };\n};\n\nShortCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n // XXX Is there any way to tell if the number is odd without converting it\n // to non-red form?\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nShortCurve.prototype.validate = function validate(point) {\n if (point.inf)\n return true;\n\n var x = point.x;\n var y = point.y;\n\n var ax = this.a.redMul(x);\n var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);\n return y.redSqr().redISub(rhs).cmpn(0) === 0;\n};\n\nShortCurve.prototype._endoWnafMulAdd =\n function _endoWnafMulAdd(points, coeffs, jacobianResult) {\n var npoints = this._endoWnafT1;\n var ncoeffs = this._endoWnafT2;\n for (var i = 0; i < points.length; i++) {\n var split = this._endoSplit(coeffs[i]);\n var p = points[i];\n var beta = p._getBeta();\n\n if (split.k1.negative) {\n split.k1.ineg();\n p = p.neg(true);\n }\n if (split.k2.negative) {\n split.k2.ineg();\n beta = beta.neg(true);\n }\n\n npoints[i * 2] = p;\n npoints[i * 2 + 1] = beta;\n ncoeffs[i * 2] = split.k1;\n ncoeffs[i * 2 + 1] = split.k2;\n }\n var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);\n\n // Clean-up references to points and coefficients\n for (var j = 0; j < i * 2; j++) {\n npoints[j] = null;\n ncoeffs[j] = null;\n }\n return res;\n};\n\nfunction Point(curve, x, y, isRed) {\n Base.BasePoint.call(this, curve, 'affine');\n if (x === null && y === null) {\n this.x = null;\n this.y = null;\n this.inf = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n // Force redgomery representation when loading from JSON\n if (isRed) {\n this.x.forceRed(this.curve.red);\n this.y.forceRed(this.curve.red);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n this.inf = false;\n }\n}\ninherits(Point, Base.BasePoint);\n\nShortCurve.prototype.point = function point(x, y, isRed) {\n return new Point(this, x, y, isRed);\n};\n\nShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {\n return Point.fromJSON(this, obj, red);\n};\n\nPoint.prototype._getBeta = function _getBeta() {\n if (!this.curve.endo)\n return;\n\n var pre = this.precomputed;\n if (pre && pre.beta)\n return pre.beta;\n\n var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);\n if (pre) {\n var curve = this.curve;\n var endoMul = function(p) {\n return curve.point(p.x.redMul(curve.endo.beta), p.y);\n };\n pre.beta = beta;\n beta.precomputed = {\n beta: null,\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(endoMul)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(endoMul)\n }\n };\n }\n return beta;\n};\n\nPoint.prototype.toJSON = function toJSON() {\n if (!this.precomputed)\n return [ this.x, this.y ];\n\n return [ this.x, this.y, this.precomputed && {\n doubles: this.precomputed.doubles && {\n step: this.precomputed.doubles.step,\n points: this.precomputed.doubles.points.slice(1)\n },\n naf: this.precomputed.naf && {\n wnd: this.precomputed.naf.wnd,\n points: this.precomputed.naf.points.slice(1)\n }\n } ];\n};\n\nPoint.fromJSON = function fromJSON(curve, obj, red) {\n if (typeof obj === 'string')\n obj = JSON.parse(obj);\n var res = curve.point(obj[0], obj[1], red);\n if (!obj[2])\n return res;\n\n function obj2point(obj) {\n return curve.point(obj[0], obj[1], red);\n }\n\n var pre = obj[2];\n res.precomputed = {\n beta: null,\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: [ res ].concat(pre.doubles.points.map(obj2point))\n },\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: [ res ].concat(pre.naf.points.map(obj2point))\n }\n };\n return res;\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n return this.inf;\n};\n\nPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.inf)\n return p;\n\n // P + O = P\n if (p.inf)\n return this;\n\n // P + P = 2P\n if (this.eq(p))\n return this.dbl();\n\n // P + (-P) = O\n if (this.neg().eq(p))\n return this.curve.point(null, null);\n\n // P + Q = O\n if (this.x.cmp(p.x) === 0)\n return this.curve.point(null, null);\n\n var c = this.y.redSub(p.y);\n if (c.cmpn(0) !== 0)\n c = c.redMul(this.x.redSub(p.x).redInvm());\n var nx = c.redSqr().redISub(this.x).redISub(p.x);\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.inf)\n return this;\n\n // 2P = O\n var ys1 = this.y.redAdd(this.y);\n if (ys1.cmpn(0) === 0)\n return this.curve.point(null, null);\n\n var a = this.curve.a;\n\n var x2 = this.x.redSqr();\n var dyinv = ys1.redInvm();\n var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);\n\n var nx = c.redSqr().redISub(this.x.redAdd(this.x));\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.getX = function getX() {\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n return this.y.fromRed();\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n if (this.isInfinity())\n return this;\n else if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else if (this.curve.endo)\n return this.curve._endoWnafMulAdd([ this ], [ k ]);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs, true);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2, true);\n};\n\nPoint.prototype.eq = function eq(p) {\n return this === p ||\n this.inf === p.inf &&\n (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);\n};\n\nPoint.prototype.neg = function neg(_precompute) {\n if (this.inf)\n return this;\n\n var res = this.curve.point(this.x, this.y.redNeg());\n if (_precompute && this.precomputed) {\n var pre = this.precomputed;\n var negate = function(p) {\n return p.neg();\n };\n res.precomputed = {\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(negate)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(negate)\n }\n };\n }\n return res;\n};\n\nPoint.prototype.toJ = function toJ() {\n if (this.inf)\n return this.curve.jpoint(null, null, null);\n\n var res = this.curve.jpoint(this.x, this.y, this.curve.one);\n return res;\n};\n\nfunction JPoint(curve, x, y, z) {\n Base.BasePoint.call(this, curve, 'jacobian');\n if (x === null && y === null && z === null) {\n this.x = this.curve.one;\n this.y = this.curve.one;\n this.z = new BN(0);\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = new BN(z, 16);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n\n this.zOne = this.z === this.curve.one;\n}\ninherits(JPoint, Base.BasePoint);\n\nShortCurve.prototype.jpoint = function jpoint(x, y, z) {\n return new JPoint(this, x, y, z);\n};\n\nJPoint.prototype.toP = function toP() {\n if (this.isInfinity())\n return this.curve.point(null, null);\n\n var zinv = this.z.redInvm();\n var zinv2 = zinv.redSqr();\n var ax = this.x.redMul(zinv2);\n var ay = this.y.redMul(zinv2).redMul(zinv);\n\n return this.curve.point(ax, ay);\n};\n\nJPoint.prototype.neg = function neg() {\n return this.curve.jpoint(this.x, this.y.redNeg(), this.z);\n};\n\nJPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.isInfinity())\n return p;\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 12M + 4S + 7A\n var pz2 = p.z.redSqr();\n var z2 = this.z.redSqr();\n var u1 = this.x.redMul(pz2);\n var u2 = p.x.redMul(z2);\n var s1 = this.y.redMul(pz2.redMul(p.z));\n var s2 = p.y.redMul(z2.redMul(this.z));\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(p.z).redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mixedAdd = function mixedAdd(p) {\n // O + P = P\n if (this.isInfinity())\n return p.toJ();\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 8M + 3S + 7A\n var z2 = this.z.redSqr();\n var u1 = this.x;\n var u2 = p.x.redMul(z2);\n var s1 = this.y;\n var s2 = p.y.redMul(z2).redMul(this.z);\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.dblp = function dblp(pow) {\n if (pow === 0)\n return this;\n if (this.isInfinity())\n return this;\n if (!pow)\n return this.dbl();\n\n if (this.curve.zeroA || this.curve.threeA) {\n var r = this;\n for (var i = 0; i < pow; i++)\n r = r.dbl();\n return r;\n }\n\n // 1M + 2S + 1A + N * (4S + 5M + 8A)\n // N = 1 => 6M + 6S + 9A\n var a = this.curve.a;\n var tinv = this.curve.tinv;\n\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n // Reuse results\n var jyd = jy.redAdd(jy);\n for (var i = 0; i < pow; i++) {\n var jx2 = jx.redSqr();\n var jyd2 = jyd.redSqr();\n var jyd4 = jyd2.redSqr();\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var t1 = jx.redMul(jyd2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n var dny = c.redMul(t2);\n dny = dny.redIAdd(dny).redISub(jyd4);\n var nz = jyd.redMul(jz);\n if (i + 1 < pow)\n jz4 = jz4.redMul(jyd4);\n\n jx = nx;\n jz = nz;\n jyd = dny;\n }\n\n return this.curve.jpoint(jx, jyd.redMul(tinv), jz);\n};\n\nJPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n if (this.curve.zeroA)\n return this._zeroDbl();\n else if (this.curve.threeA)\n return this._threeDbl();\n else\n return this._dbl();\n};\n\nJPoint.prototype._zeroDbl = function _zeroDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 14A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // T = M ^ 2 - 2*S\n var t = m.redSqr().redISub(s).redISub(s);\n\n // 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2*Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-dbl-2009-l\n // 2M + 5S + 13A\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = B^2\n var c = b.redSqr();\n // D = 2 * ((X1 + B)^2 - A - C)\n var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);\n d = d.redIAdd(d);\n // E = 3 * A\n var e = a.redAdd(a).redIAdd(a);\n // F = E^2\n var f = e.redSqr();\n\n // 8 * C\n var c8 = c.redIAdd(c);\n c8 = c8.redIAdd(c8);\n c8 = c8.redIAdd(c8);\n\n // X3 = F - 2 * D\n nx = f.redISub(d).redISub(d);\n // Y3 = E * (D - X3) - 8 * C\n ny = e.redMul(d.redISub(nx)).redISub(c8);\n // Z3 = 2 * Y1 * Z1\n nz = this.y.redMul(this.z);\n nz = nz.redIAdd(nz);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._threeDbl = function _threeDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 15A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a\n var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);\n // T = M^2 - 2 * S\n var t = m.redSqr().redISub(s).redISub(s);\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2 * Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b\n // 3M + 5S\n\n // delta = Z1^2\n var delta = this.z.redSqr();\n // gamma = Y1^2\n var gamma = this.y.redSqr();\n // beta = X1 * gamma\n var beta = this.x.redMul(gamma);\n // alpha = 3 * (X1 - delta) * (X1 + delta)\n var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));\n alpha = alpha.redAdd(alpha).redIAdd(alpha);\n // X3 = alpha^2 - 8 * beta\n var beta4 = beta.redIAdd(beta);\n beta4 = beta4.redIAdd(beta4);\n var beta8 = beta4.redAdd(beta4);\n nx = alpha.redSqr().redISub(beta8);\n // Z3 = (Y1 + Z1)^2 - gamma - delta\n nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);\n // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2\n var ggamma8 = gamma.redSqr();\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._dbl = function _dbl() {\n var a = this.curve.a;\n\n // 4M + 6S + 10A\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n var jx2 = jx.redSqr();\n var jy2 = jy.redSqr();\n\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var jxd4 = jx.redAdd(jx);\n jxd4 = jxd4.redIAdd(jxd4);\n var t1 = jxd4.redMul(jy2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n\n var jyd8 = jy2.redSqr();\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n var ny = c.redMul(t2).redISub(jyd8);\n var nz = jy.redAdd(jy).redMul(jz);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.trpl = function trpl() {\n if (!this.curve.zeroA)\n return this.dbl().add(this);\n\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl\n // 5M + 10S + ...\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // ZZ = Z1^2\n var zz = this.z.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // M = 3 * XX + a * ZZ2; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // MM = M^2\n var mm = m.redSqr();\n // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM\n var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n e = e.redIAdd(e);\n e = e.redAdd(e).redIAdd(e);\n e = e.redISub(mm);\n // EE = E^2\n var ee = e.redSqr();\n // T = 16*YYYY\n var t = yyyy.redIAdd(yyyy);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n // U = (M + E)^2 - MM - EE - T\n var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);\n // X3 = 4 * (X1 * EE - 4 * YY * U)\n var yyu4 = yy.redMul(u);\n yyu4 = yyu4.redIAdd(yyu4);\n yyu4 = yyu4.redIAdd(yyu4);\n var nx = this.x.redMul(ee).redISub(yyu4);\n nx = nx.redIAdd(nx);\n nx = nx.redIAdd(nx);\n // Y3 = 8 * Y1 * (U * (T - U) - E * EE)\n var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n // Z3 = (Z1 + E)^2 - ZZ - EE\n var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mul = function mul(k, kbase) {\n k = new BN(k, kbase);\n\n return this.curve._wnafMul(this, k);\n};\n\nJPoint.prototype.eq = function eq(p) {\n if (p.type === 'affine')\n return this.eq(p.toJ());\n\n if (this === p)\n return true;\n\n // x1 * z2^2 == x2 * z1^2\n var z2 = this.z.redSqr();\n var pz2 = p.z.redSqr();\n if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)\n return false;\n\n // y1 * z2^3 == y2 * z1^3\n var z3 = z2.redMul(this.z);\n var pz3 = pz2.redMul(p.z);\n return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;\n};\n\nJPoint.prototype.eqXToP = function eqXToP(x) {\n var zs = this.z.redSqr();\n var rx = x.toRed(this.curve.red).redMul(zs);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(zs);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\nJPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nJPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar utils = require('../utils');\n\nfunction MontCurve(conf) {\n Base.call(this, 'mont', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.i4 = new BN(4).toRed(this.red).redInvm();\n this.two = new BN(2).toRed(this.red);\n // Note: this implementation is according to the original paper\n // by P. Montgomery, NOT the one by D. J. Bernstein.\n this.a24 = this.i4.redMul(this.a.redAdd(this.two));\n}\ninherits(MontCurve, Base);\nmodule.exports = MontCurve;\n\nMontCurve.prototype.validate = function validate(point) {\n var x = point.normalize().x;\n var x2 = x.redSqr();\n var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);\n var y = rhs.redSqrt();\n\n return y.redSqr().cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, z) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && z === null) {\n this.x = this.curve.one;\n this.z = this.curve.zero;\n } else {\n this.x = new BN(x, 16);\n this.z = new BN(z, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n }\n}\ninherits(Point, Base.BasePoint);\n\nMontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n var bytes = utils.toArray(bytes, enc);\n\n // TODO Curve448\n // Montgomery curve points must be represented in the compressed format\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (bytes.length === 33 && bytes[0] === 0x40)\n bytes = bytes.slice(1, 33).reverse(); // point must be little-endian\n if (bytes.length !== 32)\n throw new Error('Unknown point compression format');\n return this.point(bytes, 1);\n};\n\nMontCurve.prototype.point = function point(x, z) {\n return new Point(this, x, z);\n};\n\nMontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nPoint.prototype.precompute = function precompute() {\n // No-op\n};\n\nPoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n\n // Note: the output should always be little-endian\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (compact) {\n return [ 0x40 ].concat(this.getX().toArray('le', len));\n } else {\n return this.getX().toArray('be', len);\n }\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1] || curve.one);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n\nPoint.prototype.dbl = function dbl() {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3\n // 2M + 2S + 4A\n\n // A = X1 + Z1\n var a = this.x.redAdd(this.z);\n // AA = A^2\n var aa = a.redSqr();\n // B = X1 - Z1\n var b = this.x.redSub(this.z);\n // BB = B^2\n var bb = b.redSqr();\n // C = AA - BB\n var c = aa.redSub(bb);\n // X3 = AA * BB\n var nx = aa.redMul(bb);\n // Z3 = C * (BB + A24 * C)\n var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.add = function add() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.diffAdd = function diffAdd(p, diff) {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3\n // 4M + 2S + 6A\n\n // A = X2 + Z2\n var a = this.x.redAdd(this.z);\n // B = X2 - Z2\n var b = this.x.redSub(this.z);\n // C = X3 + Z3\n var c = p.x.redAdd(p.z);\n // D = X3 - Z3\n var d = p.x.redSub(p.z);\n // DA = D * A\n var da = d.redMul(a);\n // CB = C * B\n var cb = c.redMul(b);\n // X5 = Z1 * (DA + CB)^2\n var nx = diff.z.redMul(da.redAdd(cb).redSqr());\n // Z5 = X1 * (DA - CB)^2\n var nz = diff.x.redMul(da.redISub(cb).redSqr());\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n\n var t = k.clone();\n var a = this; // (N / 2) * Q + Q\n var b = this.curve.point(null, null); // (N / 2) * Q\n var c = this; // Q\n\n for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))\n bits.push(t.andln(1));\n\n for (var i = bits.length - 1; i >= 0; i--) {\n if (bits[i] === 0) {\n // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q\n a = a.diffAdd(b, c);\n // N * Q = 2 * ((N / 2) * Q + Q))\n b = b.dbl();\n } else {\n // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)\n b = a.diffAdd(b, c);\n // N * Q + Q = 2 * ((N / 2) * Q + Q)\n a = a.dbl();\n }\n }\n return b;\n};\n\nPoint.prototype.mulAdd = function mulAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.jumlAdd = function jumlAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.eq = function eq(other) {\n return this.getX().cmp(other.getX()) === 0;\n};\n\nPoint.prototype.normalize = function normalize() {\n this.x = this.x.redMul(this.z.redInvm());\n this.z = this.curve.one;\n return this;\n};\n\nPoint.prototype.getX = function getX() {\n // Normalize coordinates\n this.normalize();\n\n return this.x.fromRed();\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction EdwardsCurve(conf) {\n // NOTE: Important as we are creating point in Base.call()\n this.twisted = (conf.a | 0) !== 1;\n this.mOneA = this.twisted && (conf.a | 0) === -1;\n this.extended = this.mOneA;\n\n Base.call(this, 'edwards', conf);\n\n this.a = new BN(conf.a, 16).umod(this.red.m);\n this.a = this.a.toRed(this.red);\n this.c = new BN(conf.c, 16).toRed(this.red);\n this.c2 = this.c.redSqr();\n this.d = new BN(conf.d, 16).toRed(this.red);\n this.dd = this.d.redAdd(this.d);\n\n assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);\n this.oneC = (conf.c | 0) === 1;\n}\ninherits(EdwardsCurve, Base);\nmodule.exports = EdwardsCurve;\n\nEdwardsCurve.prototype._mulA = function _mulA(num) {\n if (this.mOneA)\n return num.redNeg();\n else\n return this.a.redMul(num);\n};\n\nEdwardsCurve.prototype._mulC = function _mulC(num) {\n if (this.oneC)\n return num;\n else\n return this.c.redMul(num);\n};\n\n// Just for compatibility with Short curve\nEdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {\n return this.point(x, y, z, t);\n};\n\nEdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var x2 = x.redSqr();\n var rhs = this.c2.redSub(this.a.redMul(x2));\n var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));\n\n var y2 = rhs.redMul(lhs.redInvm());\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {\n y = new BN(y, 16);\n if (!y.red)\n y = y.toRed(this.red);\n\n // x^2 = (y^2 - c^2) / (c^2 d y^2 - a)\n var y2 = y.redSqr();\n var lhs = y2.redSub(this.c2);\n var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a);\n var x2 = lhs.redMul(rhs.redInvm());\n\n if (x2.cmp(this.zero) === 0) {\n if (odd)\n throw new Error('invalid point');\n else\n return this.point(this.zero, y);\n }\n\n var x = x2.redSqrt();\n if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n if (x.fromRed().isOdd() !== odd)\n x = x.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.validate = function validate(point) {\n if (point.isInfinity())\n return true;\n\n // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)\n point.normalize();\n\n var x2 = point.x.redSqr();\n var y2 = point.y.redSqr();\n var lhs = x2.redMul(this.a).redAdd(y2);\n var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));\n\n return lhs.cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, y, z, t) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && y === null && z === null) {\n this.x = this.curve.zero;\n this.y = this.curve.one;\n this.z = this.curve.one;\n this.t = this.curve.zero;\n this.zOne = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = z ? new BN(z, 16) : this.curve.one;\n this.t = t && new BN(t, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n if (this.t && !this.t.red)\n this.t = this.t.toRed(this.curve.red);\n this.zOne = this.z === this.curve.one;\n\n // Use extended coordinates\n if (this.curve.extended && !this.t) {\n this.t = this.x.redMul(this.y);\n if (!this.zOne)\n this.t = this.t.redMul(this.z.redInvm());\n }\n }\n}\ninherits(Point, Base.BasePoint);\n\nEdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nEdwardsCurve.prototype.point = function point(x, y, z, t) {\n return new Point(this, x, y, z, t);\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1], obj[2]);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.x.cmpn(0) === 0 &&\n (this.y.cmp(this.z) === 0 ||\n (this.zOne && this.y.cmp(this.curve.c) === 0));\n};\n\nPoint.prototype._extDbl = function _extDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #doubling-dbl-2008-hwcd\n // 4M + 4S\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = 2 * Z1^2\n var c = this.z.redSqr();\n c = c.redIAdd(c);\n // D = a * A\n var d = this.curve._mulA(a);\n // E = (X1 + Y1)^2 - A - B\n var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);\n // G = D + B\n var g = d.redAdd(b);\n // F = G - C\n var f = g.redSub(c);\n // H = D - B\n var h = d.redSub(b);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projDbl = function _projDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #doubling-dbl-2008-bbjlp\n // #doubling-dbl-2007-bl\n // and others\n // Generally 3M + 4S or 2M + 4S\n\n // B = (X1 + Y1)^2\n var b = this.x.redAdd(this.y).redSqr();\n // C = X1^2\n var c = this.x.redSqr();\n // D = Y1^2\n var d = this.y.redSqr();\n\n var nx;\n var ny;\n var nz;\n if (this.curve.twisted) {\n // E = a * C\n var e = this.curve._mulA(c);\n // F = E + D\n var f = e.redAdd(d);\n if (this.zOne) {\n // X3 = (B - C - D) * (F - 2)\n nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F^2 - 2 * F\n nz = f.redSqr().redSub(f).redSub(f);\n } else {\n // H = Z1^2\n var h = this.z.redSqr();\n // J = F - 2 * H\n var j = f.redSub(h).redISub(h);\n // X3 = (B-C-D)*J\n nx = b.redSub(c).redISub(d).redMul(j);\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F * J\n nz = f.redMul(j);\n }\n } else {\n // E = C + D\n var e = c.redAdd(d);\n // H = (c * Z1)^2\n var h = this.curve._mulC(this.z).redSqr();\n // J = E - 2 * H\n var j = e.redSub(h).redSub(h);\n // X3 = c * (B - E) * J\n nx = this.curve._mulC(b.redISub(e)).redMul(j);\n // Y3 = c * E * (C - D)\n ny = this.curve._mulC(e).redMul(c.redISub(d));\n // Z3 = E * J\n nz = e.redMul(j);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n // Double in extended coordinates\n if (this.curve.extended)\n return this._extDbl();\n else\n return this._projDbl();\n};\n\nPoint.prototype._extAdd = function _extAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #addition-add-2008-hwcd-3\n // 8M\n\n // A = (Y1 - X1) * (Y2 - X2)\n var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));\n // B = (Y1 + X1) * (Y2 + X2)\n var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));\n // C = T1 * k * T2\n var c = this.t.redMul(this.curve.dd).redMul(p.t);\n // D = Z1 * 2 * Z2\n var d = this.z.redMul(p.z.redAdd(p.z));\n // E = B - A\n var e = b.redSub(a);\n // F = D - C\n var f = d.redSub(c);\n // G = D + C\n var g = d.redAdd(c);\n // H = B + A\n var h = b.redAdd(a);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projAdd = function _projAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #addition-add-2008-bbjlp\n // #addition-add-2007-bl\n // 10M + 1S\n\n // A = Z1 * Z2\n var a = this.z.redMul(p.z);\n // B = A^2\n var b = a.redSqr();\n // C = X1 * X2\n var c = this.x.redMul(p.x);\n // D = Y1 * Y2\n var d = this.y.redMul(p.y);\n // E = d * C * D\n var e = this.curve.d.redMul(c).redMul(d);\n // F = B - E\n var f = b.redSub(e);\n // G = B + E\n var g = b.redAdd(e);\n // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)\n var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);\n var nx = a.redMul(f).redMul(tmp);\n var ny;\n var nz;\n if (this.curve.twisted) {\n // Y3 = A * G * (D - a * C)\n ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));\n // Z3 = F * G\n nz = f.redMul(g);\n } else {\n // Y3 = A * G * (D - C)\n ny = a.redMul(g).redMul(d.redSub(c));\n // Z3 = c * F * G\n nz = this.curve._mulC(f).redMul(g);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.add = function add(p) {\n if (this.isInfinity())\n return p;\n if (p.isInfinity())\n return this;\n\n if (this.curve.extended)\n return this._extAdd(p);\n else\n return this._projAdd(p);\n};\n\nPoint.prototype.mul = function mul(k) {\n if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);\n};\n\nPoint.prototype.normalize = function normalize() {\n if (this.zOne)\n return this;\n\n // Normalize coordinates\n var zi = this.z.redInvm();\n this.x = this.x.redMul(zi);\n this.y = this.y.redMul(zi);\n if (this.t)\n this.t = this.t.redMul(zi);\n this.z = this.curve.one;\n this.zOne = true;\n return this;\n};\n\nPoint.prototype.neg = function neg() {\n return this.curve.point(this.x.redNeg(),\n this.y,\n this.z,\n this.t && this.t.redNeg());\n};\n\nPoint.prototype.getX = function getX() {\n this.normalize();\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n this.normalize();\n return this.y.fromRed();\n};\n\nPoint.prototype.eq = function eq(other) {\n return this === other ||\n this.getX().cmp(other.getX()) === 0 &&\n this.getY().cmp(other.getY()) === 0;\n};\n\nPoint.prototype.eqXToP = function eqXToP(x) {\n var rx = x.toRed(this.curve.red).redMul(this.z);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(this.z);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\n// Compatibility with BaseCurve\nPoint.prototype.toP = Point.prototype.normalize;\nPoint.prototype.mixedAdd = Point.prototype.add;\n","'use strict';\n\nvar curve = exports;\n\ncurve.base = require('./base');\ncurve.short = require('./short');\ncurve.mont = require('./mont');\ncurve.edwards = require('./edwards');\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_5 = utils.sum32_5;\nvar ft_1 = shaCommon.ft_1;\nvar BlockHash = common.BlockHash;\n\nvar sha1_K = [\n 0x5A827999, 0x6ED9EBA1,\n 0x8F1BBCDC, 0xCA62C1D6\n];\n\nfunction SHA1() {\n if (!(this instanceof SHA1))\n return new SHA1();\n\n BlockHash.call(this);\n this.h = [\n 0x67452301, 0xefcdab89, 0x98badcfe,\n 0x10325476, 0xc3d2e1f0 ];\n this.W = new Array(80);\n}\n\nutils.inherits(SHA1, BlockHash);\nmodule.exports = SHA1;\n\nSHA1.blockSize = 512;\nSHA1.outSize = 160;\nSHA1.hmacStrength = 80;\nSHA1.padLength = 64;\n\nSHA1.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n\n for(; i < W.length; i++)\n W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n\n for (i = 0; i < W.length; i++) {\n var s = ~~(i / 20);\n var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);\n e = d;\n d = c;\n c = rotl32(b, 30);\n b = a;\n a = t;\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n};\n\nSHA1.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nexports.sha1 = require('./sha/1');\nexports.sha224 = require('./sha/224');\nexports.sha256 = require('./sha/256');\nexports.sha384 = require('./sha/384');\nexports.sha512 = require('./sha/512');\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction Hmac(hash, key, enc) {\n if (!(this instanceof Hmac))\n return new Hmac(hash, key, enc);\n this.Hash = hash;\n this.blockSize = hash.blockSize / 8;\n this.outSize = hash.outSize / 8;\n this.inner = null;\n this.outer = null;\n\n this._init(utils.toArray(key, enc));\n}\nmodule.exports = Hmac;\n\nHmac.prototype._init = function init(key) {\n // Shorten key, if needed\n if (key.length > this.blockSize)\n key = new this.Hash().update(key).digest();\n assert(key.length <= this.blockSize);\n\n // Add padding to key\n for (var i = key.length; i < this.blockSize; i++)\n key.push(0);\n\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x36;\n this.inner = new this.Hash().update(key);\n\n // 0x36 ^ 0x5c = 0x6a\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x6a;\n this.outer = new this.Hash().update(key);\n};\n\nHmac.prototype.update = function update(msg, enc) {\n this.inner.update(msg, enc);\n return this;\n};\n\nHmac.prototype.digest = function digest(enc) {\n this.outer.update(this.inner.digest());\n return this.outer.digest(enc);\n};\n","var hash = exports;\n\nhash.utils = require('./hash/utils');\nhash.common = require('./hash/common');\nhash.sha = require('./hash/sha');\nhash.ripemd = require('./hash/ripemd');\nhash.hmac = require('./hash/hmac');\n\n// Proxy hash functions to the main object\nhash.sha1 = hash.sha.sha1;\nhash.sha256 = hash.sha.sha256;\nhash.sha224 = hash.sha.sha224;\nhash.sha384 = hash.sha.sha384;\nhash.sha512 = hash.sha.sha512;\nhash.ripemd160 = hash.ripemd.ripemd160;\n","module.exports = {\n doubles: {\n step: 4,\n points: [\n [\n 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',\n 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'\n ],\n [\n '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',\n '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'\n ],\n [\n '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',\n 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'\n ],\n [\n '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',\n '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'\n ],\n [\n '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',\n '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'\n ],\n [\n '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',\n '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'\n ],\n [\n 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',\n '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'\n ],\n [\n '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',\n 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'\n ],\n [\n 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',\n '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'\n ],\n [\n 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',\n 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'\n ],\n [\n 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',\n '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'\n ],\n [\n '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',\n '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'\n ],\n [\n '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',\n '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'\n ],\n [\n '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',\n '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'\n ],\n [\n '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',\n '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'\n ],\n [\n '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',\n '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'\n ],\n [\n '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',\n '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'\n ],\n [\n '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',\n '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'\n ],\n [\n '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',\n 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'\n ],\n [\n 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',\n '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'\n ],\n [\n 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',\n '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'\n ],\n [\n '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',\n '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'\n ],\n [\n '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',\n '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'\n ],\n [\n 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',\n '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'\n ],\n [\n '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',\n 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'\n ],\n [\n 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',\n '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'\n ],\n [\n 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',\n 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'\n ],\n [\n 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',\n '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'\n ],\n [\n 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',\n 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'\n ],\n [\n 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',\n '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'\n ],\n [\n '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',\n 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'\n ],\n [\n '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',\n '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'\n ],\n [\n 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',\n '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'\n ],\n [\n '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',\n 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'\n ],\n [\n 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',\n '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'\n ],\n [\n 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',\n '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'\n ],\n [\n 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',\n 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'\n ],\n [\n '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',\n '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'\n ],\n [\n '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',\n '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'\n ],\n [\n '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',\n 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'\n ],\n [\n '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',\n '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'\n ],\n [\n 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',\n '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'\n ],\n [\n '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',\n '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'\n ],\n [\n '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',\n 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'\n ],\n [\n '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',\n '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'\n ],\n [\n 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',\n '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'\n ],\n [\n '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',\n 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'\n ],\n [\n 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',\n 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'\n ],\n [\n 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',\n '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'\n ],\n [\n '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',\n 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'\n ],\n [\n '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',\n 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'\n ],\n [\n 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',\n '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'\n ],\n [\n 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',\n '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'\n ],\n [\n 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',\n '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'\n ],\n [\n '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',\n 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'\n ],\n [\n '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',\n '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'\n ],\n [\n 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',\n 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'\n ],\n [\n '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',\n 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'\n ],\n [\n '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',\n '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'\n ],\n [\n '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',\n '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'\n ],\n [\n 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',\n 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'\n ],\n [\n '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',\n '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'\n ],\n [\n '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',\n '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'\n ],\n [\n 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',\n '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'\n ],\n [\n 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',\n 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'\n ]\n ]\n },\n naf: {\n wnd: 7,\n points: [\n [\n 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',\n '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'\n ],\n [\n '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',\n 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'\n ],\n [\n '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',\n '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'\n ],\n [\n 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',\n 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'\n ],\n [\n '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',\n 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'\n ],\n [\n 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',\n 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'\n ],\n [\n 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',\n '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'\n ],\n [\n 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',\n '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'\n ],\n [\n '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',\n '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'\n ],\n [\n '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',\n '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'\n ],\n [\n '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',\n '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'\n ],\n [\n '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',\n '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'\n ],\n [\n 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',\n 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'\n ],\n [\n 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',\n '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'\n ],\n [\n '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',\n 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'\n ],\n [\n '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',\n 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'\n ],\n [\n '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',\n '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'\n ],\n [\n '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',\n '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'\n ],\n [\n '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',\n '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'\n ],\n [\n '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',\n 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'\n ],\n [\n 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',\n 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'\n ],\n [\n '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',\n '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'\n ],\n [\n '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',\n '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'\n ],\n [\n 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',\n 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'\n ],\n [\n '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',\n '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'\n ],\n [\n 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',\n 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'\n ],\n [\n 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',\n 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'\n ],\n [\n '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',\n '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'\n ],\n [\n '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',\n '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'\n ],\n [\n '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',\n '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'\n ],\n [\n 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',\n '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'\n ],\n [\n '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',\n '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'\n ],\n [\n 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',\n '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'\n ],\n [\n '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',\n 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'\n ],\n [\n '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',\n 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'\n ],\n [\n 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',\n 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'\n ],\n [\n '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',\n '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'\n ],\n [\n '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',\n 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'\n ],\n [\n 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',\n 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'\n ],\n [\n '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',\n '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'\n ],\n [\n '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',\n 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'\n ],\n [\n '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',\n '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'\n ],\n [\n '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',\n 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'\n ],\n [\n 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',\n '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'\n ],\n [\n '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',\n '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'\n ],\n [\n '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',\n 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'\n ],\n [\n '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',\n 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'\n ],\n [\n 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',\n 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'\n ],\n [\n 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',\n 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'\n ],\n [\n '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',\n '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'\n ],\n [\n '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',\n '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'\n ],\n [\n 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',\n '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'\n ],\n [\n 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',\n 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'\n ],\n [\n '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',\n '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'\n ],\n [\n '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',\n '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'\n ],\n [\n 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',\n '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'\n ],\n [\n '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',\n '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'\n ],\n [\n 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',\n 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'\n ],\n [\n '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',\n 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'\n ],\n [\n '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',\n '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'\n ],\n [\n 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',\n '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'\n ],\n [\n 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',\n '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'\n ],\n [\n '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',\n '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'\n ],\n [\n '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',\n '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'\n ],\n [\n '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',\n 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'\n ],\n [\n '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',\n 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'\n ],\n [\n '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',\n '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'\n ],\n [\n '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',\n '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'\n ],\n [\n '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',\n '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'\n ],\n [\n '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',\n 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'\n ],\n [\n 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',\n 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'\n ],\n [\n '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',\n 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'\n ],\n [\n 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',\n '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'\n ],\n [\n 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',\n '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'\n ],\n [\n 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',\n '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'\n ],\n [\n 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',\n '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'\n ],\n [\n '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',\n 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'\n ],\n [\n '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',\n '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'\n ],\n [\n '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',\n 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'\n ],\n [\n 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',\n 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'\n ],\n [\n 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',\n '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'\n ],\n [\n 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',\n 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'\n ],\n [\n 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',\n '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'\n ],\n [\n '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',\n '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'\n ],\n [\n 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',\n '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'\n ],\n [\n 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',\n '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'\n ],\n [\n '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',\n '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'\n ],\n [\n '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',\n 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'\n ],\n [\n 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',\n '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'\n ],\n [\n 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',\n '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'\n ],\n [\n 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',\n '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'\n ],\n [\n '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',\n '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'\n ],\n [\n 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',\n 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'\n ],\n [\n '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',\n 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'\n ],\n [\n 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',\n 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'\n ],\n [\n 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',\n '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'\n ],\n [\n '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',\n 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'\n ],\n [\n 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',\n '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'\n ],\n [\n 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',\n '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'\n ],\n [\n 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',\n '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'\n ],\n [\n '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',\n 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'\n ],\n [\n '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',\n 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'\n ],\n [\n 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',\n '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'\n ],\n [\n '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',\n 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'\n ],\n [\n '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',\n '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'\n ],\n [\n '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',\n 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'\n ],\n [\n 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',\n 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'\n ],\n [\n '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',\n 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'\n ],\n [\n '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',\n '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'\n ],\n [\n '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',\n 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'\n ],\n [\n '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',\n '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'\n ],\n [\n 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',\n 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'\n ],\n [\n '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',\n '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'\n ],\n [\n 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',\n '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'\n ],\n [\n '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',\n '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'\n ],\n [\n 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',\n 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'\n ],\n [\n 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',\n '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'\n ],\n [\n 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',\n 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'\n ],\n [\n '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',\n 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'\n ],\n [\n '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',\n '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'\n ],\n [\n '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',\n 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'\n ],\n [\n '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',\n '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'\n ],\n [\n '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',\n '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'\n ],\n [\n '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',\n 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'\n ],\n [\n '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',\n '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'\n ],\n [\n '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',\n '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'\n ],\n [\n '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',\n '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'\n ]\n ]\n }\n};\n","'use strict';\n\nvar curves = exports;\n\nvar hash = require('hash.js');\nvar curve = require('./curve');\nvar utils = require('./utils');\n\nvar assert = utils.assert;\n\nfunction PresetCurve(options) {\n if (options.type === 'short')\n this.curve = new curve.short(options);\n else if (options.type === 'edwards')\n this.curve = new curve.edwards(options);\n else if (options.type === 'mont')\n this.curve = new curve.mont(options);\n else throw new Error('Unknown curve type.');\n this.g = this.curve.g;\n this.n = this.curve.n;\n this.hash = options.hash;\n\n assert(this.g.validate(), 'Invalid curve');\n assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O');\n}\ncurves.PresetCurve = PresetCurve;\n\nfunction defineCurve(name, options) {\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n get: function() {\n var curve = new PresetCurve(options);\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n value: curve\n });\n return curve;\n }\n });\n}\n\ndefineCurve('p192', {\n type: 'short',\n prime: 'p192',\n p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',\n b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',\n n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',\n hash: hash.sha256,\n gRed: false,\n g: [\n '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',\n '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'\n ]\n});\n\ndefineCurve('p224', {\n type: 'short',\n prime: 'p224',\n p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',\n b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',\n n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',\n hash: hash.sha256,\n gRed: false,\n g: [\n 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',\n 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'\n ]\n});\n\ndefineCurve('p256', {\n type: 'short',\n prime: null,\n p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',\n a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',\n b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',\n n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',\n hash: hash.sha256,\n gRed: false,\n g: [\n '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',\n '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'\n ]\n});\n\ndefineCurve('p384', {\n type: 'short',\n prime: null,\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 ffffffff',\n a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 fffffffc',\n b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +\n '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',\n n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +\n 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',\n hash: hash.sha384,\n gRed: false,\n g: [\n 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +\n '5502f25d bf55296c 3a545e38 72760ab7',\n '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +\n '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'\n ]\n});\n\ndefineCurve('p521', {\n type: 'short',\n prime: null,\n p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff',\n a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff fffffffc',\n b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +\n '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +\n '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',\n n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +\n 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',\n hash: hash.sha512,\n gRed: false,\n g: [\n '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +\n '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +\n 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',\n '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +\n '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +\n '3fad0761 353c7086 a272c240 88be9476 9fd16650'\n ]\n});\n\n// https://tools.ietf.org/html/rfc7748#section-4.1\ndefineCurve('curve25519', {\n type: 'mont',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '76d06',\n b: '1',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '9'\n ]\n});\n\ndefineCurve('ed25519', {\n type: 'edwards',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '-1',\n c: '1',\n // -121665 * (121666^(-1)) (mod P)\n d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',\n // 4/5\n '6666666666666666666666666666666666666666666666666666666666666658'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.4\ndefineCurve('brainpoolP256r1', {\n type: 'short',\n prime: null,\n p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377',\n a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9',\n b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6',\n n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7',\n hash: hash.sha256, // or 384, or 512\n gRed: false,\n g: [\n '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262',\n '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.6\ndefineCurve('brainpoolP384r1', {\n type: 'short',\n prime: null,\n p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' +\n 'ACD3A729 901D1A71 87470013 3107EC53',\n a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' +\n '8AA5814A 503AD4EB 04A8C7DD 22CE2826',\n b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' +\n '7CB43902 95DBC994 3AB78696 FA504C11',\n n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' +\n 'CF3AB6AF 6B7FC310 3B883202 E9046565',\n hash: hash.sha384, // or 512\n gRed: false,\n g: [\n '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' +\n 'E8E826E03436D646AAEF87B2E247D4AF1E',\n '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' +\n '280E4646217791811142820341263C5315'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.7\ndefineCurve('brainpoolP512r1', {\n type: 'short',\n prime: null,\n p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' +\n '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3',\n a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' +\n '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA',\n b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' +\n '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723',\n n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' +\n '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069',\n hash: hash.sha512,\n gRed: false,\n g: [\n '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' +\n '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822',\n '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' +\n '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892'\n ]\n});\n\n// https://en.bitcoin.it/wiki/Secp256k1\nvar pre;\ntry {\n pre = require('./precomputed/secp256k1');\n} catch (e) {\n pre = undefined;\n}\n\ndefineCurve('secp256k1', {\n type: 'short',\n prime: 'k256',\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',\n a: '0',\n b: '7',\n n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',\n h: '1',\n hash: hash.sha256,\n\n // Precomputed endomorphism\n beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',\n lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',\n basis: [\n {\n a: '3086d221a7d46bcde86c90e49284eb15',\n b: '-e4437ed6010e88286f547fa90abfe4c3'\n },\n {\n a: '114ca50f7a8e2f3f657c1108d9d44cfd8',\n b: '3086d221a7d46bcde86c90e49284eb15'\n }\n ],\n\n gRed: false,\n g: [\n '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',\n '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',\n pre\n ]\n});\n","'use strict';\n\nvar hash = require('hash.js');\nvar utils = require('minimalistic-crypto-utils');\nvar assert = require('minimalistic-assert');\n\nfunction HmacDRBG(options) {\n if (!(this instanceof HmacDRBG))\n return new HmacDRBG(options);\n this.hash = options.hash;\n this.predResist = !!options.predResist;\n\n this.outLen = this.hash.outSize;\n this.minEntropy = options.minEntropy || this.hash.hmacStrength;\n\n this._reseed = null;\n this.reseedInterval = null;\n this.K = null;\n this.V = null;\n\n var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');\n var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');\n var pers = utils.toArray(options.pers, options.persEnc || 'hex');\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n this._init(entropy, nonce, pers);\n}\nmodule.exports = HmacDRBG;\n\nHmacDRBG.prototype._init = function init(entropy, nonce, pers) {\n var seed = entropy.concat(nonce).concat(pers);\n\n this.K = new Array(this.outLen / 8);\n this.V = new Array(this.outLen / 8);\n for (var i = 0; i < this.V.length; i++) {\n this.K[i] = 0x00;\n this.V[i] = 0x01;\n }\n\n this._update(seed);\n this._reseed = 1;\n this.reseedInterval = 0x1000000000000; // 2^48\n};\n\nHmacDRBG.prototype._hmac = function hmac() {\n return new hash.hmac(this.hash, this.K);\n};\n\nHmacDRBG.prototype._update = function update(seed) {\n var kmac = this._hmac()\n .update(this.V)\n .update([ 0x00 ]);\n if (seed)\n kmac = kmac.update(seed);\n this.K = kmac.digest();\n this.V = this._hmac().update(this.V).digest();\n if (!seed)\n return;\n\n this.K = this._hmac()\n .update(this.V)\n .update([ 0x01 ])\n .update(seed)\n .digest();\n this.V = this._hmac().update(this.V).digest();\n};\n\nHmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {\n // Optional entropy enc\n if (typeof entropyEnc !== 'string') {\n addEnc = add;\n add = entropyEnc;\n entropyEnc = null;\n }\n\n entropy = utils.toArray(entropy, entropyEnc);\n add = utils.toArray(add, addEnc);\n\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n\n this._update(entropy.concat(add || []));\n this._reseed = 1;\n};\n\nHmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {\n if (this._reseed > this.reseedInterval)\n throw new Error('Reseed is required');\n\n // Optional encoding\n if (typeof enc !== 'string') {\n addEnc = add;\n add = enc;\n enc = null;\n }\n\n // Optional additional data\n if (add) {\n add = utils.toArray(add, addEnc || 'hex');\n this._update(add);\n }\n\n var temp = [];\n while (temp.length < len) {\n this.V = this._hmac().update(this.V).digest();\n temp = temp.concat(this.V);\n }\n\n var res = temp.slice(0, len);\n this._update(add);\n this._reseed++;\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction KeyPair(ec, options) {\n this.ec = ec;\n this.priv = null;\n this.pub = null;\n\n // KeyPair(ec, { priv: ..., pub: ... })\n if (options.priv)\n this._importPrivate(options.priv, options.privEnc);\n if (options.pub)\n this._importPublic(options.pub, options.pubEnc);\n}\nmodule.exports = KeyPair;\n\nKeyPair.fromPublic = function fromPublic(ec, pub, enc) {\n if (pub instanceof KeyPair)\n return pub;\n\n return new KeyPair(ec, {\n pub: pub,\n pubEnc: enc\n });\n};\n\nKeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {\n if (priv instanceof KeyPair)\n return priv;\n\n return new KeyPair(ec, {\n priv: priv,\n privEnc: enc\n });\n};\n\n// TODO: should not validate for X25519\nKeyPair.prototype.validate = function validate() {\n var pub = this.getPublic();\n\n if (pub.isInfinity())\n return { result: false, reason: 'Invalid public key' };\n if (!pub.validate())\n return { result: false, reason: 'Public key is not a point' };\n if (!pub.mul(this.ec.curve.n).isInfinity())\n return { result: false, reason: 'Public key * N != O' };\n\n return { result: true, reason: null };\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n if (!this.pub)\n this.pub = this.ec.g.mul(this.priv);\n\n if (!enc)\n return this.pub;\n\n return this.pub.encode(enc, compact);\n};\n\nKeyPair.prototype.getPrivate = function getPrivate(enc) {\n if (enc === 'hex')\n return this.priv.toString(16, 2);\n else\n return this.priv;\n};\n\nKeyPair.prototype._importPrivate = function _importPrivate(key, enc) {\n this.priv = new BN(key, enc || 16);\n\n // For Curve25519/Curve448 we have a specific procedure.\n // TODO Curve448\n if (this.ec.curve.type === 'mont') {\n var one = this.ec.curve.one;\n var mask = one.ushln(255 - 3).sub(one).ushln(3);\n this.priv = this.priv.or(one.ushln(255 - 1));\n this.priv = this.priv.and(mask);\n } else\n // Ensure that the priv won't be bigger than n, otherwise we may fail\n // in fixed multiplication method\n this.priv = this.priv.umod(this.ec.curve.n);\n};\n\nKeyPair.prototype._importPublic = function _importPublic(key, enc) {\n if (key.x || key.y) {\n // Montgomery points only have an `x` coordinate.\n // Weierstrass/Edwards points on the other hand have both `x` and\n // `y` coordinates.\n if (this.ec.curve.type === 'mont') {\n assert(key.x, 'Need x coordinate');\n } else if (this.ec.curve.type === 'short' ||\n this.ec.curve.type === 'edwards') {\n assert(key.x && key.y, 'Need both x and y coordinate');\n }\n this.pub = this.ec.curve.point(key.x, key.y);\n return;\n }\n this.pub = this.ec.curve.decodePoint(key, enc);\n};\n\n// ECDH\nKeyPair.prototype.derive = function derive(pub) {\n return pub.mul(this.priv).getX();\n};\n\n// ECDSA\nKeyPair.prototype.sign = function sign(msg, enc, options) {\n return this.ec.sign(msg, this, enc, options);\n};\n\nKeyPair.prototype.verify = function verify(msg, signature) {\n return this.ec.verify(msg, signature, this);\n};\n\nKeyPair.prototype.inspect = function inspect() {\n return '';\n};\n","'use strict';\n\nvar BN = require('bn.js');\n\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction Signature(options, enc) {\n if (options instanceof Signature)\n return options;\n\n if (this._importDER(options, enc))\n return;\n\n assert(options.r && options.s, 'Signature without r or s');\n this.r = new BN(options.r, 16);\n this.s = new BN(options.s, 16);\n if (options.recoveryParam === undefined)\n this.recoveryParam = null;\n else\n this.recoveryParam = options.recoveryParam;\n}\nmodule.exports = Signature;\n\nfunction Position() {\n this.place = 0;\n}\n\nfunction getLength(buf, p) {\n var initial = buf[p.place++];\n if (!(initial & 0x80)) {\n return initial;\n }\n var octetLen = initial & 0xf;\n var val = 0;\n for (var i = 0, off = p.place; i < octetLen; i++, off++) {\n val <<= 8;\n val |= buf[off];\n }\n p.place = off;\n return val;\n}\n\nfunction rmPadding(buf) {\n var i = 0;\n var len = buf.length - 1;\n while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {\n i++;\n }\n if (i === 0) {\n return buf;\n }\n return buf.slice(i);\n}\n\nSignature.prototype._importDER = function _importDER(data, enc) {\n data = utils.toArray(data, enc);\n var p = new Position();\n if (data[p.place++] !== 0x30) {\n return false;\n }\n var len = getLength(data, p);\n if ((len + p.place) !== data.length) {\n return false;\n }\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var rlen = getLength(data, p);\n var r = data.slice(p.place, rlen + p.place);\n p.place += rlen;\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var slen = getLength(data, p);\n if (data.length !== slen + p.place) {\n return false;\n }\n var s = data.slice(p.place, slen + p.place);\n if (r[0] === 0 && (r[1] & 0x80)) {\n r = r.slice(1);\n }\n if (s[0] === 0 && (s[1] & 0x80)) {\n s = s.slice(1);\n }\n\n this.r = new BN(r);\n this.s = new BN(s);\n this.recoveryParam = null;\n\n return true;\n};\n\nfunction constructLength(arr, len) {\n if (len < 0x80) {\n arr.push(len);\n return;\n }\n var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);\n arr.push(octets | 0x80);\n while (--octets) {\n arr.push((len >>> (octets << 3)) & 0xff);\n }\n arr.push(len);\n}\n\nSignature.prototype.toDER = function toDER(enc) {\n var r = this.r.toArray();\n var s = this.s.toArray();\n\n // Pad values\n if (r[0] & 0x80)\n r = [ 0 ].concat(r);\n // Pad values\n if (s[0] & 0x80)\n s = [ 0 ].concat(s);\n\n r = rmPadding(r);\n s = rmPadding(s);\n\n while (!s[0] && !(s[1] & 0x80)) {\n s = s.slice(1);\n }\n var arr = [ 0x02 ];\n constructLength(arr, r.length);\n arr = arr.concat(r);\n arr.push(0x02);\n constructLength(arr, s.length);\n var backHalf = arr.concat(s);\n var res = [ 0x30 ];\n constructLength(res, backHalf.length);\n res = res.concat(backHalf);\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar HmacDRBG = require('hmac-drbg');\nvar utils = require('../utils');\nvar curves = require('../curves');\nvar rand = require('brorand');\nvar assert = utils.assert;\n\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EC(options) {\n if (!(this instanceof EC))\n return new EC(options);\n\n // Shortcut `elliptic.ec(curve-name)`\n if (typeof options === 'string') {\n assert(curves.hasOwnProperty(options), 'Unknown curve ' + options);\n\n options = curves[options];\n }\n\n // Shortcut for `elliptic.ec(elliptic.curves.curveName)`\n if (options instanceof curves.PresetCurve)\n options = { curve: options };\n\n this.curve = options.curve.curve;\n this.n = this.curve.n;\n this.nh = this.n.ushrn(1);\n this.g = this.curve.g;\n\n // Point on curve\n this.g = options.curve.g;\n this.g.precompute(options.curve.n.bitLength() + 1);\n\n // Hash function for DRBG\n this.hash = options.hash || options.curve.hash;\n}\nmodule.exports = EC;\n\nEC.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {\n return KeyPair.fromPrivate(this, priv, enc);\n};\n\nEC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {\n return KeyPair.fromPublic(this, pub, enc);\n};\n\nEC.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.n.toArray()\n });\n\n // Key generation for curve25519 is simpler\n if (this.curve.type === 'mont') {\n var priv = new BN(drbg.generate(32));\n return this.keyFromPrivate(priv);\n }\n\n var bytes = this.n.byteLength();\n var ns2 = this.n.sub(new BN(2));\n do {\n var priv = new BN(drbg.generate(bytes));\n if (priv.cmp(ns2) > 0)\n continue;\n\n priv.iaddn(1);\n return this.keyFromPrivate(priv);\n } while (true);\n};\n\nEC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) {\n bitSize = bitSize || msg.byteLength() * 8;\n var delta = bitSize - this.n.bitLength();\n if (delta > 0)\n msg = msg.ushrn(delta);\n if (!truncOnly && msg.cmp(this.n) >= 0)\n return msg.sub(this.n);\n else\n return msg;\n};\n\nEC.prototype.truncateMsg = function truncateMSG(msg) {\n // Bit size is only determined correctly for Uint8Arrays and hex strings\n var bitSize;\n if (msg instanceof Uint8Array) {\n bitSize = msg.byteLength * 8;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else if (typeof msg === 'string') {\n bitSize = msg.length * 4;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else {\n msg = this._truncateToN(new BN(msg, 16));\n }\n return msg;\n}\n\nEC.prototype.sign = function sign(msg, key, enc, options) {\n if (typeof enc === 'object') {\n options = enc;\n enc = null;\n }\n if (!options)\n options = {};\n\n key = this.keyFromPrivate(key, enc);\n msg = this.truncateMsg(msg);\n\n // Zero-extend key to provide enough entropy\n var bytes = this.n.byteLength();\n var bkey = key.getPrivate().toArray('be', bytes);\n\n // Zero-extend nonce to have the same byte size as N\n var nonce = msg.toArray('be', bytes);\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n entropy: bkey,\n nonce: nonce,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8'\n });\n\n // Number of bytes to generate\n var ns1 = this.n.sub(new BN(1));\n\n for (var iter = 0; true; iter++) {\n var k = options.k ?\n options.k(iter) :\n new BN(drbg.generate(this.n.byteLength()));\n k = this._truncateToN(k, true);\n if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)\n continue;\n\n var kp = this.g.mul(k);\n if (kp.isInfinity())\n continue;\n\n var kpX = kp.getX();\n var r = kpX.umod(this.n);\n if (r.cmpn(0) === 0)\n continue;\n\n var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));\n s = s.umod(this.n);\n if (s.cmpn(0) === 0)\n continue;\n\n var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |\n (kpX.cmp(r) !== 0 ? 2 : 0);\n\n // Use complement of `s`, if it is > `n / 2`\n if (options.canonical && s.cmp(this.nh) > 0) {\n s = this.n.sub(s);\n recoveryParam ^= 1;\n }\n\n return new Signature({ r: r, s: s, recoveryParam: recoveryParam });\n }\n};\n\nEC.prototype.verify = function verify(msg, signature, key, enc) {\n key = this.keyFromPublic(key, enc);\n signature = new Signature(signature, 'hex');\n // Fallback to the old code\n var ret = this._verify(this.truncateMsg(msg), signature, key) ||\n this._verify(this._truncateToN(new BN(msg, 16)), signature, key);\n return ret;\n};\n\nEC.prototype._verify = function _verify(msg, signature, key) {\n // Perform primitive values validation\n var r = signature.r;\n var s = signature.s;\n if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)\n return false;\n if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)\n return false;\n\n // Validate signature\n var sinv = s.invm(this.n);\n var u1 = sinv.mul(msg).umod(this.n);\n var u2 = sinv.mul(r).umod(this.n);\n\n if (!this.curve._maxwellTrick) {\n var p = this.g.mulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n return p.getX().umod(this.n).cmp(r) === 0;\n }\n\n // NOTE: Greg Maxwell's trick, inspired by:\n // https://git.io/vad3K\n\n var p = this.g.jmulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n // Compare `p.x` of Jacobian point with `r`,\n // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the\n // inverse of `p.z^2`\n return p.eqXToP(r);\n};\n\nEC.prototype.recoverPubKey = function(msg, signature, j, enc) {\n assert((3 & j) === j, 'The recovery param is more than two bits');\n signature = new Signature(signature, enc);\n\n var n = this.n;\n var e = new BN(msg);\n var r = signature.r;\n var s = signature.s;\n\n // A set LSB signifies that the y-coordinate is odd\n var isYOdd = j & 1;\n var isSecondKey = j >> 1;\n if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)\n throw new Error('Unable to find sencond key candinate');\n\n // 1.1. Let x = r + jn.\n if (isSecondKey)\n r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);\n else\n r = this.curve.pointFromX(r, isYOdd);\n\n var rInv = signature.r.invm(n);\n var s1 = n.sub(e).mul(rInv).umod(n);\n var s2 = s.mul(rInv).umod(n);\n\n // 1.6.1 Compute Q = r^-1 (sR - eG)\n // Q = r^-1 (sR + -eG)\n return this.g.mulAdd(s1, r, s2);\n};\n\nEC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {\n signature = new Signature(signature, enc);\n if (signature.recoveryParam !== null)\n return signature.recoveryParam;\n\n for (var i = 0; i < 4; i++) {\n var Qprime;\n try {\n Qprime = this.recoverPubKey(e, signature, i);\n } catch (e) {\n continue;\n }\n\n if (Qprime.eq(Q))\n return i;\n }\n throw new Error('Unable to find valid recovery factor');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar cachedProperty = utils.cachedProperty;\n\n/**\n* @param {EDDSA} eddsa - instance\n* @param {Object} params - public/private key parameters\n*\n* @param {Array} [params.secret] - secret seed bytes\n* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)\n* @param {Array} [params.pub] - public key point encoded as bytes\n*\n*/\nfunction KeyPair(eddsa, params) {\n this.eddsa = eddsa;\n if (params.hasOwnProperty('secret'))\n this._secret = parseBytes(params.secret);\n if (eddsa.isPoint(params.pub))\n this._pub = params.pub;\n else {\n this._pubBytes = parseBytes(params.pub);\n if (this._pubBytes && this._pubBytes.length === 33 &&\n this._pubBytes[0] === 0x40)\n this._pubBytes = this._pubBytes.slice(1, 33);\n if (this._pubBytes && this._pubBytes.length !== 32)\n throw new Error('Unknown point compression format');\n }\n}\n\nKeyPair.fromPublic = function fromPublic(eddsa, pub) {\n if (pub instanceof KeyPair)\n return pub;\n return new KeyPair(eddsa, { pub: pub });\n};\n\nKeyPair.fromSecret = function fromSecret(eddsa, secret) {\n if (secret instanceof KeyPair)\n return secret;\n return new KeyPair(eddsa, { secret: secret });\n};\n\nKeyPair.prototype.secret = function secret() {\n return this._secret;\n};\n\ncachedProperty(KeyPair, 'pubBytes', function pubBytes() {\n return this.eddsa.encodePoint(this.pub());\n});\n\ncachedProperty(KeyPair, 'pub', function pub() {\n if (this._pubBytes)\n return this.eddsa.decodePoint(this._pubBytes);\n return this.eddsa.g.mul(this.priv());\n});\n\ncachedProperty(KeyPair, 'privBytes', function privBytes() {\n var eddsa = this.eddsa;\n var hash = this.hash();\n var lastIx = eddsa.encodingLength - 1;\n\n // https://tools.ietf.org/html/rfc8032#section-5.1.5\n var a = hash.slice(0, eddsa.encodingLength);\n a[0] &= 248;\n a[lastIx] &= 127;\n a[lastIx] |= 64;\n\n return a;\n});\n\ncachedProperty(KeyPair, 'priv', function priv() {\n return this.eddsa.decodeInt(this.privBytes());\n});\n\ncachedProperty(KeyPair, 'hash', function hash() {\n return this.eddsa.hash().update(this.secret()).digest();\n});\n\ncachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {\n return this.hash().slice(this.eddsa.encodingLength);\n});\n\nKeyPair.prototype.sign = function sign(message) {\n assert(this._secret, 'KeyPair can only verify');\n return this.eddsa.sign(message, this);\n};\n\nKeyPair.prototype.verify = function verify(message, sig) {\n return this.eddsa.verify(message, sig, this);\n};\n\nKeyPair.prototype.getSecret = function getSecret(enc) {\n assert(this._secret, 'KeyPair is public only');\n return utils.encode(this.secret(), enc);\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n return utils.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc);\n};\n\nmodule.exports = KeyPair;\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar cachedProperty = utils.cachedProperty;\nvar parseBytes = utils.parseBytes;\n\n/**\n* @param {EDDSA} eddsa - eddsa instance\n* @param {Array|Object} sig -\n* @param {Array|Point} [sig.R] - R point as Point or bytes\n* @param {Array|bn} [sig.S] - S scalar as bn or bytes\n* @param {Array} [sig.Rencoded] - R point encoded\n* @param {Array} [sig.Sencoded] - S scalar encoded\n*/\nfunction Signature(eddsa, sig) {\n this.eddsa = eddsa;\n\n if (typeof sig !== 'object')\n sig = parseBytes(sig);\n\n if (Array.isArray(sig)) {\n sig = {\n R: sig.slice(0, eddsa.encodingLength),\n S: sig.slice(eddsa.encodingLength)\n };\n }\n\n assert(sig.R && sig.S, 'Signature without R or S');\n\n if (eddsa.isPoint(sig.R))\n this._R = sig.R;\n if (sig.S instanceof BN)\n this._S = sig.S;\n\n this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;\n this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;\n}\n\ncachedProperty(Signature, 'S', function S() {\n return this.eddsa.decodeInt(this.Sencoded());\n});\n\ncachedProperty(Signature, 'R', function R() {\n return this.eddsa.decodePoint(this.Rencoded());\n});\n\ncachedProperty(Signature, 'Rencoded', function Rencoded() {\n return this.eddsa.encodePoint(this.R());\n});\n\ncachedProperty(Signature, 'Sencoded', function Sencoded() {\n return this.eddsa.encodeInt(this.S());\n});\n\nSignature.prototype.toBytes = function toBytes() {\n return this.Rencoded().concat(this.Sencoded());\n};\n\nSignature.prototype.toHex = function toHex() {\n return utils.encode(this.toBytes(), 'hex').toUpperCase();\n};\n\nmodule.exports = Signature;\n","'use strict';\n\nvar hash = require('hash.js');\nvar HmacDRBG = require('hmac-drbg');\nvar rand = require('brorand');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n if (!(this instanceof EDDSA))\n return new EDDSA(curve);\n\n var curve = curves[curve].curve;\n this.curve = curve;\n this.g = curve.g;\n this.g.precompute(curve.n.bitLength() + 1);\n\n this.pointClass = curve.point().constructor;\n this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n message = parseBytes(message);\n var key = this.keyFromSecret(secret);\n var r = this.hashInt(key.messagePrefix(), message);\n var R = this.g.mul(r);\n var Rencoded = this.encodePoint(R);\n var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n .mul(key.priv());\n var S = r.add(s_).umod(this.curve.n);\n return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n message = parseBytes(message);\n sig = this.makeSignature(sig);\n var key = this.keyFromPublic(pub);\n var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n var SG = this.g.mul(sig.S());\n var RplusAh = sig.R().add(key.pub().mul(h));\n return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n var hash = this.hash();\n for (var i = 0; i < arguments.length; i++)\n hash.update(arguments[i]);\n return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.curve.n.toArray()\n });\n\n return this.keyFromSecret(drbg.generate(32));\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n if (sig instanceof Signature)\n return sig;\n return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n var enc = point.getY().toArray('le', this.encodingLength);\n enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n bytes = utils.parseBytes(bytes);\n\n var lastIx = bytes.length - 1;\n var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n var y = utils.intFromLE(normed);\n return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n return val instanceof this.pointClass;\n};\n","'use strict';\n\nvar elliptic = exports;\n\nelliptic.utils = require('./elliptic/utils');\nelliptic.rand = require('brorand');\nelliptic.curve = require('./elliptic/curve');\nelliptic.curves = require('./elliptic/curves');\n\n// Protocols\nelliptic.ec = require('./elliptic/ec');\nelliptic.eddsa = require('./elliptic/eddsa');\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","this","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","prototype","undefined","read","async","length","value","done","readToEnd","join","result","slice","clone","then","push","write","chunk","close","abort","reason","isNode","globalThis","process","versions","NodeReadableStream","isStream","ReadableStream","isPrototypeOf","streams.ReadableStream","isUint8Array","Uint8Array","concatUint8Array","arrays","totalLength","i","Error","pos","forEach","element","set","NodeBuffer","nodeToWeb","webToNode","nodeStream","canceled","start","controller","pause","on","isBuffer","buffer","byteOffset","byteLength","enqueue","e","error","pull","resume","cancel","destroy","NodeReadable","webStream","options","_reader","streams.getReader","size","callback","doneReadingSet","WeakSet","externalBuffer","Reader","streams.isArrayStream","reader","_read","bind","_releaseLock","_cancel","streamType","streams.isStream","streams.nodeToWeb","doneReading","has","add","shift","readLine","returnVal","streams.concat","lineEndIndex","indexOf","concat","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","filter","toPonyfillReadable","toNativeReadable","WritableStream","TransformStream","loadStreamsPonyfill","ponyfill","adapter","all","createReadableStreamWrapper","toStream","toArrayStream","list","some","map","transform","transformWithCancel","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","transformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","highWaterMark","finish","output","data","result1","result2","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","Object","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","arrayStream","BigInteger","n","hex","hexByte","toString","BigInt","iinc","inc","idec","dec","iadd","x","isub","sub","imul","mul","imod","m","isNegative","mod","modExp","isZero","isOne","exp","r","lsb","rx","modInv","gcd","_egcd","b","y","xPrev","yPrev","a","q","tmp","ileftShift","leftShift","irightShift","rightShift","equal","lt","lte","gt","gte","isEven","abs","res","toNumber","number","Number","MAX_SAFE_INTEGER","getBit","bitLength","zero","one","negOne","bitlen","eight","len","toUint8Array","endian","rawLength","offset","parseInt","reverse","detectBigInt","byValue","curve","p256","secp256r1","prime256v1","p384","secp384r1","p521","secp521r1","secp256k1","ed25519Legacy","ED25519","ed25519","Ed25519","curve25519Legacy","X25519","cv25519","curve25519","Curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","eddsa","aedh","aedsa","x25519","x448","ed448","symmetric","plaintext","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","webHash","aead","eax","ocb","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuer","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","type","debugMode","env","NODE_ENV","util","isString","String","stream.isUint8Array","stream.isStream","readNumber","writeNumber","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","leftPad","padded","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","k","uint8ArrayToHex","h","c","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","s","printDebug","log","printDebugError","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","crypto","subtle","getBigInteger","default","getNodeCrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","selectUint8","isAES","cipherAlgo","enums","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","from","btoa","atob","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","deflateLevel","aeadProtect","preferredAEADAlgorithm","aeadChunkSizeByte","s2kIterationCountByte","allowUnauthenticatedMessages","allowUnauthenticatedStream","checksumRequired","minRSABits","passwordCollisionCheck","revocationsExpire","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","minBytesForWebCrypto","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","useIndutnyElliptic","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","getType","header","match","addheader","customComment","config","getCheckSum","base64.encode","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","splitChecksum","body","checksum","lastEquals","lastIndexOf","unarmor","defaultConfig","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","checksumVerified","stream.readToEnd","stream.passiveClone","stream.pipe","checksumVerifiedString","stream.isArrayStream","messageType","partIndex","partTotal","bodyClone","KeyID","toHex","equals","keyID","matchWildcard","isWildcard","isNull","static","AES_asm","gexp3","glog3","ginit_done","gmul","aes_sbox","aes_sinv","aes_enc","aes_dec","aes_init_done","aes_init","_s","ginv","d","ginit","wrapper","foreign","heap","asm","stdlib","S0","S1","S2","S3","I0","I1","I2","I3","N0","N1","N2","N3","M0","M1","M2","M3","H0","H1","H2","H3","R","HEAP","DATA","_core","x0","x1","x2","x3","t1","t2","t3","y0","y1","y2","y3","_ecb_enc","_ecb_dec","_cbc_enc","_cbc_dec","_cfb_enc","_cfb_dec","_ofb","_ctr","_gcm_mac","z0","z1","z2","z3","set_rounds","set_state","s0","s1","s2","s3","set_iv","i0","i1","i2","i3","set_nonce","n0","n1","n2","n3","set_mask","m0","m1","m2","m3","set_counter","c0","c1","c2","c3","get_state","get_iv","gcm_init","cipher","mode","ret","_cipher_modes","mac","_mac_modes","set_key","ks","k0","k1","k2","k3","k4","k5","k6","k7","ekeys","dkeys","rcon","jj","ENC","ECB","CBC","CFB","OFB","CTR","DEC","MAC","GCM","HEAP_DATA","is_bytes","_heap_init","heapSize","_heap_write","hpos","dpos","dlen","hlen","wlen","joinBytes","arg","totalLenght","reduce","sum","curr","cursor","IllegalStateError","args","IllegalArgumentError","SecurityError","heap_pool","asm_pool","AES","iv","padding","acquire_asm","pop","reset","release_asm","keylen","keyview","getUint32","ivview","AES_Encrypt_process","TypeError","amode","rpos","AES_Encrypt_finish","plen","rlen","hasOwnProperty","p","AES_Decrypt_process","AES_Decrypt_finish","pad","pcheck","AES_ECB","encrypt","decrypt","aes","C","aesECB","block","blockSize","keySize","des","keys","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","left","right","looping","cbcleft","cbcleft2","cbcright","cbcright2","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","src","dst","l","f1","f2","f3","scheduleA","scheduleB","I","sBox","inn","w","ki","half","round","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","u","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","vector","off","_decryptBlock","kk","sha1_asm","H4","TOTAL0","TOTAL1","I4","O0","O1","O2","O3","O4","w0","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","w19","w20","w21","w22","w23","w24","w25","w26","w27","w28","w29","w30","w31","w32","w33","w34","w35","w36","w37","w38","w39","w40","w41","w42","w43","w44","w45","w46","w47","w48","w49","w50","w51","w52","w53","w54","w55","w56","w57","w58","w59","w60","w61","w62","w63","w64","w65","w66","w67","w68","w69","w70","w71","w72","w73","w74","w75","w76","w77","w78","w79","_core_heap","_state_to_heap","h0","h1","h2","h3","h4","total0","total1","hashed","hmac_reset","_hmac_opad","hmac_init","p0","p1","p2","p3","p4","p5","p6","p7","p8","p9","p10","p11","p12","p13","p14","p15","hmac_finish","t0","t4","pbkdf2_generate_block","count","Hash","HASH_SIZE","Sha1","NAME","BLOCK_SIZE","asm_function","Sha256","H5","H6","H7","I5","I6","I7","O5","O6","O7","f","g","h5","h6","h7","t5","t6","t7","sha256_asm","assert","val","msg","module","create","ctor","superCtor","super_","enumerable","configurable","TempCtor","enc","hi","lo","zero2","htonl","zero8","word","inherits","ah","al","bh","bl","ch","cl","dh","dl","carry","eh","el","num","BlockHash","pending","pendingTotal","outSize","hmacStrength","_delta8","_delta32","update","utils","toArray","join32","_update","digest","_pad","_digest","rotr32","z","ch32","p32","maj32","sum32","sum32_4","sum32_5","shaCommon","s0_256","s1_256","g0_256","g1_256","common","sha256_K","SHA256","W","SHA224","T1","T2","toHex32","split32","rotr64_hi","rotr64_lo","shr64_hi","shr64_lo","sum64","sum64_hi","sum64_lo","sum64_4_hi","sum64_4_lo","sum64_5_hi","sum64_5_lo","sha512_K","SHA512","ch64_hi","xh","xl","yh","yl","zh","ch64_lo","zl","maj64_hi","maj64_lo","s0_512_hi","s0_512_lo","s1_512_hi","s1_512_lo","g0_512_hi","g0_512_lo","g1_512_hi","g1_512_lo","SHA384","_prepareBlock","c0_hi","c0_lo","c1_hi","c1_lo","c2_hi","c2_lo","c3_hi","c3_lo","fh","fl","gh","gl","hh","hl","c4_hi","c4_lo","T1_hi","T1_lo","T2_hi","T2_lo","rotl32","sum32_3","RIPEMD160","K","Kh","A","B","D","E","Ah","Bh","Ch","Dh","Eh","T","rh","sh","md5cycle","ff","gg","add32","cmn","md5blk","md5blks","hex_chr","rhex","webCrypto","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","hashjsHash","webCryptoHash","hashInstance","asmcryptoHash","hashFunctions","entree","state","substring","tail","md51","ripemd160","algo","getHashByteLength","AES_CFB","getCipher","algoName","knownAlgos","getCiphers","nodeAlgos","pt","cipherObj","createCipheriv","nodeEncrypt","ALGO","_key","importKey","cbc_pt","ct","xorMut","webEncrypt","cfb","aesEncrypt","cipherfn","block_size","blockc","ciphertext","encblock","decipherObj","createDecipheriv","nodeDecrypt","aesDecrypt","blockp","decblock","AES_CTR","nonce","AES_CTR_set_options","counter","mask","pow","view","AES_CBC","blockLength","rightXORMut","zeroBlock","CMAC","cbc","padding2","ivLength","tagLength","two","OMAC","cmac","en","final","EAX","omac","ctr","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","xor","OCB","encipher","decipher","maxNtz","crypt","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","xorInput","$","cipherInput","cipherName","ciphers","mask_x","mask_$","constructKeyVariables","crypted","_AES_GCM_data_maxLength","AES_GCM","tagSize","gamma0","noncelen","noncebuf","_gcm_mac_process","nonceview","RangeError","cleartext","tagsize","AES_GCM_encrypt","AES_GCM_decrypt","AES_GCM_Encrypt_process","AES_GCM_Encrypt_finish","alen","clen","AES_GCM_Decrypt_process","tlen","AES_GCM_Decrypt_finish","atag","acheck","setAAD","getAuthTag","de","setAuthTag","additionalData","gcm","nacl","gf","Float64Array","randombytes","_9","gf0","gf1","_121665","D2","X","Y","crypto_verify_32","xi","yi","vn","set25519","car25519","o","v","sel25519","pack25519","neq25519","par25519","unpack25519","Z","M","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","x32","x16","crypto_scalarmult_base","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","cleanup","arr","scalarMult","box","keyPair","fromSecretKey","sign","signedMsg","sm","smlen","crypto_sign","detached","sig","verify","crypto_sign_open","fromSeed","seed","setPRNG","self","msCrypto","getRandomValues","min","require","randomBytes","exports","getRandomBytes","getRandomBigInteger","modulus","randomProbablePrime","thirty","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","rand","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","emLen","hashPrefix","tLen","fill","EM","asn1","RSAPrivateKey","define","seq","obj","int","RSAPublicKey","hashAlgo","hashName","jwk","pNum","qNum","dNum","dq","dp","kty","qi","ext","privateToJWK","webSign","err","BN","pBNum","qBNum","dBNum","subn","createSign","keyObject","version","publicExponent","privateExponent","prime1","prime2","exponent1","exponent2","coefficient","createPrivateKey","der","format","pem","label","nodeSign","bnSign","publicToJWK","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","constants","RSA_PKCS1_PADDING","publicEncrypt","bnEncrypt","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","keyGenOpt","modulusLength","generateKey","exportKey","generateKeyPair","opts","publicKeyEncoding","privateKeyEncoding","prv","_","toArrayLike","phi","nSizeOver3","rde","pSize","n1023","threshold","rqx","OID","oid","getName","keyFromPrivate","indutnyCurve","priv","keyFromPublic","pub","validate","getIndutnyCurve","elliptic","ec","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","stream.TransformStream","lengthByte","nextPacket","UnsupportedError","params","captureStackTrace","UnparseablePacket","rawContent","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","CurveWithOID","oidOrName","webCryptoKey","namedCurve","jwkToRawPublic","webGenKeyPair","createECDH","generateKeys","getPublicKey","getPrivateKey","nodeGenKeyPair","genKeyPair","entropy","getPublic","getPrivate","validateStandardParams","Q","supportedCurves","curveName","dG","validationErrors","eq","bufX","bufY","rawPublicToJWK","crv","ECPrivateKey","parameters","unused","ECDSASignature","ellipticSign","SubjectPublicKeyInfo","algorithm","subjectPublicKey","ellipticVerify","octstr","explicit","optional","any","bitstr","AlgorithmIdentifier","objid","use","getPreferredHashAlgo","RS","wrap","IV","P","unpack","unwrap","createArrayBuffer","setUint32","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","genPrivateEphemeralKey","recipient","deriveBits","public","webPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","V","derive","ellipticPublicEphemeralKey","secret","webPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","ellipticPrivateEphemeralKey","pkcs5.encode","wrappedKey","aesKW.wrap","pkcs5.decode","aesKW.unwrap","nodeSubtleCrypto","webcrypto","HKDF","inputKey","salt","info","outLen","importedKey","hashAlgoName","computeHMAC","hmacKey","hmacMessage","createHmac","pseudoRandomKey","hashLen","outputKeyingMaterial","roundInput","HKDF_INFO","recipientA","ephemeralSecretKey","sharedSecret","ephemeralPublicKey","hkdfInput","computeHKDF","xr","u1","u2","qSize","n150","rsa","publicParams","curveSize","publicKeyParams","privateKeyParams","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","instance","followLength","checkSupportedCurve","keyAlgo","symmetricAlgo","ECDHSymkey","ecdhX","fromObject","sessionKeyParams","privateParams","algosWithNativeRepresentation","orderedParams","generate","validateParams","algoModule","prefixrandom","repeat","random","pkcs1","pkcs5","aesKW","assign","TYPED_OK","Uint16Array","Int32Array","shrinkBuf","fnTyped","arraySet","dest","src_offs","dest_offs","flattenChunks","chunks","fnUntyped","Buf8","Buf16","Buf32","Z_NO_FLUSH","Z_PARTIAL_FLUSH","Z_SYNC_FLUSH","Z_FULL_FLUSH","Z_FINISH","Z_BLOCK","Z_TREES","Z_OK","Z_STREAM_END","Z_NEED_DICT","Z_STREAM_ERROR","Z_DATA_ERROR","Z_BUF_ERROR","Z_DEFAULT_COMPRESSION","Z_FILTERED","Z_HUFFMAN_ONLY","Z_RLE","Z_FIXED","Z_BINARY","Z_TEXT","Z_UNKNOWN","Z_DEFLATED","STORED_BLOCK","STATIC_TREES","DYN_TREES","LENGTH_CODES","LITERALS","L_CODES","D_CODES","BL_CODES","HEAP_SIZE","MAX_BITS","Buf_size","MAX_BL_BITS","END_BLOCK","REP_3_6","REPZ_3_10","REPZ_11_138","extra_lbits","extra_dbits","extra_blbits","bl_order","static_ltree","static_dtree","_dist_code","_length_code","MAX_MATCH","base_length","base_dist","StaticTreeDesc","static_tree","extra_bits","extra_base","elems","max_length","has_stree","static_l_desc","static_d_desc","static_bl_desc","TreeDesc","dyn_tree","stat_desc","max_code","d_code","dist","put_short","pending_buf","send_bits","bi_valid","bi_buf","send_code","tree","bi_reverse","code","gen_codes","bl_count","next_code","init_block","dyn_ltree","dyn_dtree","bl_tree","opt_len","static_len","last_lit","matches","bi_windup","smaller","depth","_n2","_m2","pqdownheap","heap_len","compress_block","ltree","dtree","lc","extra","lx","d_buf","l_buf","build_tree","desc","stree","heap_max","base","xbits","overflow","gen_bitlen","scan_tree","curlen","prevlen","nextlen","max_count","min_count","send_tree","static_init_done","_tr_init","tr_static_init","l_desc","d_desc","bl_desc","_tr_stored_block","stored_len","utils.arraySet","window","copy_block","_tr_align","bi_flush","_tr_flush_block","opt_lenb","static_lenb","max_blindex","level","strm","data_type","black_mask","detect_data_type","build_bl_tree","strategy","lcodes","dcodes","blcodes","rank","send_all_trees","_tr_tally","lit_bufsize","adler32","adler","crcTable","table","makeTable","crc32","MAX_MEM_LEVEL","MIN_MATCH","MIN_LOOKAHEAD","PRESET_DICT","INIT_STATE","EXTRA_STATE","NAME_STATE","COMMENT_STATE","HCRC_STATE","BUSY_STATE","FINISH_STATE","BS_NEED_MORE","BS_BLOCK_DONE","BS_FINISH_STARTED","BS_FINISH_DONE","OS_CODE","errorCode","flush_pending","avail_out","pending_out","next_out","total_out","flush_block_only","trees._tr_flush_block","block_start","strstart","put_byte","putShortMSB","read_buf","avail_in","next_in","total_in","longest_match","cur_match","chain_length","max_chain_length","scan","best_len","prev_length","nice_match","limit","w_size","_win","wmask","w_mask","strend","scan_end1","scan_end","good_match","lookahead","match_start","fill_window","_w_size","more","window_size","hash_size","head","insert","ins_h","hash_shift","hash_mask","deflate_fast","flush","hash_head","bflush","match_length","trees._tr_tally","max_lazy_match","deflate_slow","max_insert","prev_match","match_available","Config","good_length","max_lazy","nice_length","max_chain","func","configuration_table","max_block_size","pending_buf_size","max_start","DeflateState","status","gzhead","gzindex","method","last_flush","w_bits","hash_bits","utils.Buf16","deflateReset","trees._tr_init","deflateResetKeep","lm_init","deflate","old_flush","beg","hcrc","comment","os","level_flags","bstate","deflate_huff","deflate_rle","trees._tr_align","trees._tr_stored_block","__","_utf8len","utils.Buf8","string2buf","m_pos","buf_len","str_len","ZStream","Deflate","chunkSize","windowBits","memLevel","opt","raw","gzip","ended","zlib_deflate.deflateInit2","dictionary","dict","strings.string2buf","avail","next","tmpDict","dictLength","zlib_deflate.deflateSetDictionary","_dict_set","_mode","zlib_deflate.deflate","onEnd","onData","utils.shrinkBuf","zlib_deflate.deflateEnd","utils.flattenChunks","BAD","TYPE","inflate_fast","_in","_out","hold","here","op","from_source","dmax","wsize","whave","wnext","s_window","lcode","lencode","dcode","distcode","lmask","lenbits","dmask","distbits","top","dolen","dodist","sane","MAXBITS","ENOUGH_LENS","ENOUGH_DISTS","CODES","LENS","DISTS","lbase","lext","dbase","dext","inflate_table","lens","lens_index","codes","table_index","work","incr","low","sym","root","drop","used","huff","base_index","offs","here_bits","here_op","here_val","extra_index","HEAD","FLAGS","TIME","OS","EXLEN","EXTRA","COMMENT","HCRC","DICTID","DICT","TYPEDO","STORED","COPY_","COPY","TABLE","LENLENS","CODELENS","LEN_","LEN","LENEXT","DIST","DISTEXT","MATCH","LIT","CHECK","LENGTH","DONE","zswap32","InflateState","havedict","flags","check","total","wbits","ncode","nlen","ndist","have","lendyn","distdyn","back","was","inflateReset","utils.Buf32","inflateResetKeep","inflateInit2","inflateReset2","lenfix","distfix","virgin","fixedtables","updatewindow","copy","inflate","put","last_bits","last_op","last_val","hbuf","order","inf_leave","xflags","extra_len","inflateSetDictionary","dictid","GZheader","Inflate","zlib_inflate.inflateInit2","c.Z_OK","zlib_inflate.inflateGetHeader","zlib_inflate.inflateSetDictionary","allowBufError","c.Z_FINISH","c.Z_NO_FLUSH","strings.binstring2buf","zlib_inflate.inflate","c.Z_NEED_DICT","c.Z_BUF_ERROR","c.Z_STREAM_END","c.Z_SYNC_FLUSH","zlib_inflate.inflateEnd","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","remaining","seek","n_bit","n_byte","pi","bufToHex","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","getCRC","updateCRC","updateCRCRun","mtf","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","optDetail","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","CRC32","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","MAX_HUFCODE_BITS","permute","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","multistream","bz","targetStreamCRC","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","verified","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","issuerKeyID","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","writeHashedSubPackets","toHash","stream.slice","stream.clone","writeSubPacket","humanReadable","critical","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","fromBinary","compressionFn","compress_fns","nodeZlib","node_zlib","stream.nodeToWeb","stream.webToNode","pako_zlib","deflateRaw","createDeflateRaw","createDeflate","inflateRaw","createInflateRaw","createInflate","BunzipDecode","SymEncryptedIntegrityProtectedDataPacket","encrypted","sessionKeyAlgorithm","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","AEADEncryptedDataPacket","cipherAlgorithm","aeadAlgorithm","chunkSizeByte","getAEADMode","modeInstance","tagLengthIfDecrypting","tagLengthIfEncrypting","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","latestPromise","cryptedBytes","queuedBytes","finalChunk","cryptedPromise","setInt32","desiredSize","PublicKeyEncryptedSessionKeyPacket","publicKeyID","sessionKey","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","sessionKeyData","S2K","getCount","passphrase","numBytes","rlength","prefixlen","datalen","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","produceKey","encryptionKey","generateSessionKey","associatedData","toEncrypt","PublicKeyPacket","expirationTimeV3","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","PublicSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","startOfSecretKeyData","unparseableKeyMaterial","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","produceEncryptionKey","cleartextWithHash","validParams","generateParams","global","parse5322","inStr","getPos","setPos","initialize","parseString","tokens","semantic","children","ast","parent","child","compareToken","fxnCompare","tok","lit","and","or","prod","invis","colwsp","star","minimum","isUTF8NonAscii","cr","crlf","lf","dquote","htab","sp","vchar","accept","rfc6532","wsp","quotedPair","obsQP","fws","obsFws","ctext","obsCtext","ccontent","cfws","atext","atom","dotAtomText","maybeText","dotAtom","qtext","obsQtext","qcontent","quotedString","address","mailbox","group","nameAddr","addrSpec","displayName","angleAddr","obsAngleAddr","groupList","obsPhrase","collapseWhitespace","mailboxList","obsMboxList","addressList","obsAddrList","obsGroupList","localPart","obsLocalPart","dtext","obsDtext","domainLiteral","domain","obsDomain","rejectTLD","obsNoWsCtl","strict","atInDisplayName","obsRoute","obsDomainList","findNode","stack","findAllNodesNoChildren","names","namesLookup","giveResult","addresses","groupsAndMailboxes","groupOrMailbox","giveResultGroup","giveResultMailbox","simplifyResult","oneResult","partial","groupName","groupResultMailboxes","mailboxes","grabSemantic","aspec","findAllNodes","comments","local","concatComments","startProduction","handleOpts","startAt","defs","isNullUndef","defaults","isObject","parseOneAddress","parseAddressList","parseFrom","parseSender","parseReplyTo","UserIDPacket","email","components","emailAddresses","otherUserID","SecretSubkeyPacket","Signature","packetlist","getSigningKeyIDs","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","prefAlgo","primaryUser","getPrimaryUser","selfCertification","getPreferredCurveHashAlgo","getPreferredAlgo","userIDs","defaultAlgo","preferredSenderAlgo","prefPropertyName","senderAlgoSupport","recipientPrefs","Boolean","signingKeyPacket","signaturePacket","mergeSignatures","source","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","sanitizeKeyOptions","subkeyDefaults","isValidSigningKeyPacket","isValidEncryptionKeyPacket","isValidDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","signingKeys","isPrivate","signingKey","getSigningKey","certificate","verificationKeys","issuerKeys","getKeys","isRevoked","certifications","certification","valid","verifyCertificate","sourceUser","srcSelfSig","srcRevSig","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","sort","helper.isValidSigningKeyPacket","helper.checkKeyRequirements","helper.isValidEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","revocationCertificate","privateKeys","userSign","certify","verifyAllCertifications","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","fromSecretKeyPacket","pubSubkeyPacket","fromSecretSubkeyPacket","helper.isValidDecryptionKeyPacket","allDummies","defaultOptions","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","userIDPacket","subkeyOptions","subkeySignaturePacket","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","sessionKeyObjects","decryptSessionKeys","symEncryptedPacketlist","symEncryptedPacket","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","password","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","getDecryptionKeys","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgorithmName","supported","isAEADSupported","getEncryptionKey","maybeKey","wildcard","encryptionKeyIDs","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","literalDataPacket","existingSigPacketlist","onePassSig","signingKeyID","onePassSignatureList","createSignaturePackets","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","detachedSignature","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","CleartextMessage","newSignature","hashes","ar","checkMessage","checkCleartextOrMessage","checkOutputMessageFormat","defaultConfigPropsCount","checkConfig","inputConfigProps","inputProp","convertStream","streaming","encoding","setEncoding","stream.toNativeReadable","linkStreams","formatObject","object","SymbolPolyfill","iterator","description","noop","globals","typeIsObject","rethrowAssertionErrorRejection","originalPromise","originalPromiseThen","originalPromiseResolve","originalPromiseReject","newPromise","executor","promiseResolvedWith","promiseRejectedWith","PerformPromiseThen","onFulfilled","onRejected","uponPromise","uponFulfillment","uponRejection","transformPromiseWith","fulfillmentHandler","rejectionHandler","setPromiseIsHandledToTrue","queueMicrotask","globalQueueMicrotask","resolvedPromise","reflectCall","F","Function","promiseCall","SimpleQueue","_cursor","_size","_front","_elements","_next","_back","oldBack","newBack","QUEUE_MAX_ARRAY_SIZE","oldFront","newFront","oldCursor","newCursor","elements","peek","front","ReadableStreamReaderGenericInitialize","_ownerReadableStream","_state","defaultReaderClosedPromiseInitialize","defaultReaderClosedPromiseResolve","defaultReaderClosedPromiseInitializeAsResolved","defaultReaderClosedPromiseInitializeAsRejected","_storedError","ReadableStreamReaderGenericCancel","ReadableStreamCancel","ReadableStreamReaderGenericRelease","defaultReaderClosedPromiseReject","defaultReaderClosedPromiseResetToRejected","readerLockException","_closedPromise","_closedPromise_resolve","_closedPromise_reject","AbortSteps","ErrorSteps","CancelSteps","PullSteps","NumberIsFinite","isFinite","MathTrunc","trunc","assertDictionary","context","assertFunction","assertObject","assertRequiredArgument","position","assertRequiredField","field","convertUnrestrictedDouble","censorNegativeZero","convertUnsignedLongLongWithEnforceRange","upperBound","integerPart","assertReadableStream","IsReadableStream","AcquireReadableStreamDefaultReader","ReadableStreamDefaultReader","ReadableStreamAddReadRequest","readRequest","_readRequests","ReadableStreamFulfillReadRequest","_closeSteps","_chunkSteps","ReadableStreamGetNumReadRequests","ReadableStreamHasDefaultReader","IsReadableStreamDefaultReader","IsReadableStreamLocked","defaultReaderBrandCheckException","resolvePromise","rejectPromise","ReadableStreamDefaultReaderRead","_errorSteps","_disturbed","_readableStreamController","AsyncIteratorPrototype","defineProperties","toStringTag","asyncIterator","ReadableStreamAsyncIteratorImpl","_ongoingPromise","_isFinished","_preventCancel","nextSteps","_nextSteps","return","returnSteps","_returnSteps","ReadableStreamAsyncIteratorPrototype","IsReadableStreamAsyncIterator","_asyncIteratorImpl","streamAsyncIteratorBrandCheckException","setPrototypeOf","NumberIsNaN","isNaN","IsFiniteNonNegativeNumber","IsNonNegativeNumber","DequeueValue","container","pair","_queue","_queueTotalSize","EnqueueValueWithSize","ResetQueue","CreateArrayFromList","ReadableStreamBYOBRequest","IsReadableStreamBYOBRequest","byobRequestBrandCheckException","_view","respond","bytesWritten","_associatedReadableByteStreamController","ReadableByteStreamControllerRespondInternal","ReadableByteStreamControllerRespond","respondWithNewView","isView","firstDescriptor","_pendingPullIntos","bytesFilled","ReadableByteStreamControllerRespondWithNewView","ReadableByteStreamController","byobRequest","IsReadableByteStreamController","byteStreamControllerBrandCheckException","_byobRequest","request","SetUpReadableStreamBYOBRequest","ReadableByteStreamControllerGetDesiredSize","_closeRequested","_controlledReadableByteStream","ReadableByteStreamControllerError","ReadableByteStreamControllerClearAlgorithms","ReadableStreamClose","ReadableByteStreamControllerClose","transferredBuffer","ReadableByteStreamControllerEnqueueChunkToQueue","ReadableStreamHasBYOBReader","ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue","ReadableByteStreamControllerCallPullIfNeeded","ReadableByteStreamControllerEnqueue","_cancelAlgorithm","entry","ReadableByteStreamControllerHandleQueueDrain","autoAllocateChunkSize","_autoAllocateChunkSize","bufferE","pullIntoDescriptor","elementSize","viewConstructor","readerType","shouldPull","_started","ReadableStreamGetNumReadIntoRequests","ReadableByteStreamControllerShouldCallPull","_pulling","_pullAgain","_pullAlgorithm","ReadableByteStreamControllerCommitPullIntoDescriptor","filledView","ReadableByteStreamControllerConvertPullIntoDescriptor","readIntoRequest","_readIntoRequests","ReadableStreamFulfillReadIntoRequest","ReadableByteStreamControllerFillPullIntoDescriptorFromQueue","currentAlignedBytes","maxBytesToCopy","maxBytesFilled","maxAlignedBytes","totalBytesToCopyRemaining","queue","headOfQueue","bytesToCopy","destStart","destOffset","srcOffset","ReadableByteStreamControllerFillHeadPullIntoDescriptor","ReadableByteStreamControllerInvalidateBYOBRequest","ReadableByteStreamControllerShiftPendingPullInto","ReadableByteStreamControllerRespondInClosedState","remainderSize","ReadableByteStreamControllerRespondInReadableState","ReadableByteStreamControllerClearPendingPullIntos","ReadableStreamError","_strategyHWM","SetUpReadableByteStreamControllerFromUnderlyingSource","underlyingByteSource","startAlgorithm","pullAlgorithm","cancelAlgorithm","SetUpReadableByteStreamController","ReadableStreamAddReadIntoRequest","IsReadableStreamBYOBReader","ReadableStreamBYOBReader","byobReaderBrandCheckException","BYTES_PER_ELEMENT","emptyView","ReadableByteStreamControllerPullInto","ReadableStreamBYOBReaderRead","ExtractHighWaterMark","defaultHWM","ExtractSizeAlgorithm","convertQueuingStrategy","convertQueuingStrategySize","convertUnderlyingSinkAbortCallback","original","convertUnderlyingSinkCloseCallback","convertUnderlyingSinkStartCallback","convertUnderlyingSinkWriteCallback","assertWritableStream","IsWritableStream","rawUnderlyingSink","rawStrategy","underlyingSink","convertUnderlyingSink","InitializeWritableStream","sizeAlgorithm","WritableStreamDefaultController","writeAlgorithm","closeAlgorithm","abortAlgorithm","SetUpWritableStreamDefaultController","SetUpWritableStreamDefaultControllerFromUnderlyingSink","locked","streamBrandCheckException$2","IsWritableStreamLocked","WritableStreamAbort","WritableStreamCloseQueuedOrInFlight","WritableStreamClose","AcquireWritableStreamDefaultWriter","WritableStreamDefaultWriter","_writer","_writableStreamController","_writeRequests","_inFlightWriteRequest","_closeRequest","_inFlightCloseRequest","_pendingAbortRequest","_backpressure","_promise","wasAlreadyErroring","_resolve","_reject","_reason","_wasAlreadyErroring","WritableStreamStartErroring","closeRequest","defaultWriterReadyPromiseResolve","closeSentinel","WritableStreamDefaultControllerAdvanceQueueIfNeeded","WritableStreamDealWithRejection","WritableStreamFinishErroring","WritableStreamDefaultWriterEnsureReadyPromiseRejected","WritableStreamHasOperationMarkedInFlight","storedError","writeRequest","WritableStreamRejectCloseAndClosedPromiseIfNeeded","abortRequest","defaultWriterClosedPromiseReject","WritableStreamUpdateBackpressure","backpressure","defaultWriterReadyPromiseInitialize","defaultWriterReadyPromiseReset","_ownerWritableStream","defaultWriterReadyPromiseInitializeAsResolved","defaultWriterClosedPromiseInitialize","defaultWriterReadyPromiseInitializeAsRejected","defaultWriterClosedPromiseResolve","defaultWriterClosedPromiseInitializeAsRejected","IsWritableStreamDefaultWriter","defaultWriterBrandCheckException","defaultWriterLockException","WritableStreamDefaultControllerGetDesiredSize","WritableStreamDefaultWriterGetDesiredSize","_readyPromise","WritableStreamDefaultWriterAbort","WritableStreamDefaultWriterClose","WritableStreamDefaultWriterRelease","WritableStreamDefaultWriterWrite","WritableStreamDefaultWriterEnsureClosedPromiseRejected","_closedPromiseState","defaultWriterClosedPromiseResetToRejected","_readyPromiseState","defaultWriterReadyPromiseReject","defaultWriterReadyPromiseResetToRejected","releasedError","_strategySizeAlgorithm","chunkSizeE","WritableStreamDefaultControllerErrorIfNeeded","WritableStreamDefaultControllerGetChunkSize","WritableStreamAddWriteRequest","enqueueE","_controlledWritableStream","WritableStreamDefaultControllerGetBackpressure","WritableStreamDefaultControllerWrite","IsWritableStreamDefaultController","WritableStreamDefaultControllerError","_abortAlgorithm","WritableStreamDefaultControllerClearAlgorithms","_writeAlgorithm","_closeAlgorithm","WritableStreamMarkCloseRequestInFlight","sinkClosePromise","WritableStreamFinishInFlightClose","WritableStreamFinishInFlightCloseWithError","WritableStreamDefaultControllerProcessClose","WritableStreamMarkFirstWriteRequestInFlight","sinkWritePromise","WritableStreamFinishInFlightWrite","WritableStreamFinishInFlightWriteWithError","WritableStreamDefaultControllerProcessWrite","_readyPromise_resolve","_readyPromise_reject","NativeDOMException","DOMException","DOMException$1","_a","isDOMExceptionConstructor","createDOMExceptionPolyfill","ReadableStreamPipeTo","signal","shuttingDown","currentWrite","actions","shutdownWithAction","action","aborted","addEventListener","isOrBecomesErrored","shutdown","isOrBecomesClosed","WritableStreamDefaultWriterCloseWithErrorPropagation","destClosed","waitForWritesToFinish","oldCurrentWrite","originalIsError","originalError","doTheRest","newError","isError","removeEventListener","resolveLoop","rejectLoop","resolveRead","rejectRead","ReadableStreamDefaultController","IsReadableStreamDefaultController","defaultControllerBrandCheckException$1","ReadableStreamDefaultControllerGetDesiredSize","ReadableStreamDefaultControllerCanCloseOrEnqueue","ReadableStreamDefaultControllerClose","ReadableStreamDefaultControllerEnqueue","ReadableStreamDefaultControllerError","ReadableStreamDefaultControllerClearAlgorithms","_controlledReadableStream","ReadableStreamDefaultControllerCallPullIfNeeded","ReadableStreamDefaultControllerShouldCallPull","SetUpReadableStreamDefaultController","convertUnderlyingSourceCancelCallback","convertUnderlyingSourcePullCallback","convertUnderlyingSourceStartCallback","convertReadableStreamType","convertReadableStreamReaderMode","convertPipeOptions","isAbortSignal","assertAbortSignal","rawUnderlyingSource","underlyingSource","convertUnderlyingDefaultOrByteSource","InitializeReadableStream","SetUpReadableStreamDefaultControllerFromUnderlyingSource","streamBrandCheckException$1","rawOptions","convertReaderOptions","AcquireReadableStreamBYOBReader","pipeThrough","rawTransform","convertReadableWritablePair","destination","branches","cloneForBranch2","reason1","reason2","branch1","branch2","resolveCancelPromise","reading","canceled1","canceled2","cancelPromise","value1","value2","CreateReadableStream","compositeReason","cancelResult","ReadableStreamTee","impl","AcquireReadableStreamAsyncIterator","convertIteratorOptions","convertQueuingStrategyInit","byteLengthSizeFunction","ByteLengthQueuingStrategy","_byteLengthQueuingStrategyHighWaterMark","IsByteLengthQueuingStrategy","byteLengthBrandCheckException","countSizeFunction","CountQueuingStrategy","_countQueuingStrategyHighWaterMark","IsCountQueuingStrategy","countBrandCheckException","convertTransformerFlushCallback","convertTransformerStartCallback","convertTransformerTransformCallback","rawTransformer","rawWritableStrategy","rawReadableStrategy","writableStrategy","readableStrategy","transformer","readableType","writableType","convertTransformer","readableHighWaterMark","readableSizeAlgorithm","writableHighWaterMark","writableSizeAlgorithm","startPromise_resolve","startPromise","_transformStreamController","_backpressureChangePromise","_writable","TransformStreamDefaultControllerPerformTransform","TransformStreamDefaultSinkWriteAlgorithm","TransformStreamError","TransformStreamDefaultSinkAbortAlgorithm","_readable","flushPromise","_flushAlgorithm","TransformStreamDefaultControllerClearAlgorithms","TransformStreamDefaultSinkCloseAlgorithm","TransformStreamSetBackpressure","TransformStreamDefaultSourcePullAlgorithm","TransformStreamErrorWritableAndUnblockWrite","CreateWritableStream","_backpressureChangePromise_resolve","InitializeTransformStream","TransformStreamDefaultController","transformAlgorithm","TransformStreamDefaultControllerEnqueue","transformResultE","flushAlgorithm","_controlledTransformStream","_transformAlgorithm","SetUpTransformStreamDefaultController","SetUpTransformStreamDefaultControllerFromTransformer","IsTransformStream","streamBrandCheckException","IsTransformStreamDefaultController","defaultControllerBrandCheckException","readableController","TransformStreamDefaultControllerTerminate","ReadableStreamDefaultControllerHasBackpressure","extendStatics","__proto__","__extends","isStreamConstructor","startCalled","isReadableStream","isWritableStream","isTransformStream","supportsByobReader","createWrappingReadableSource","parseReadableType","WrappingReadableByteStreamSource","WrappingReadableStreamDefaultSource","typeString","AbstractWrappingReadableStreamSource","underlyingStream","_underlyingReader","_readerMode","_pendingRead","_underlyingStream","_attachDefaultReader","_detachReader","_attachReader","_this","_finishPendingRead","_pullWithDefaultReader","_tryClose","_setPendingRead","readPromise","pendingRead","finishRead","afterRead","_super","supportsByob","_supportsByob","_attachByobReader","_pullWithByobRequest","to","fromArray","createWrappingWritableSink","WrappingWritableStreamSink","underlyingWriter","_pendingWrite","_underlyingWriter","_errorPromise","_errorPromiseReject","_finishErroring","_startErroring","race","_setPendingWrite","_finishPendingWrite","writePromise","pendingWrite","finishWrite","afterWrite","createWrappingTransformer","WrappingTransformStreamTransformer","_onRead","_onError","_flushReject","_onTerminate","_flushResolve","_flushPromise","readerClosed","isReadableStreamConstructor","byteSourceSupported","supportsByteSource","isTransformStreamConstructor","isWritableStreamConstructor","sink","isBN","negative","words","red","_init","wordSize","parseHex","parseBase","cmp","_initNumber","_initArray","_parseHex","_parseBase","strip","limbLen","limbPow","imuln","_iaddn","_expand","_normSign","inspect","zeros","groupSizes","groupBases","smallMulTo","out","ncarry","rword","maxJ","groupSize","groupBase","modn","idivn","toJSON","toBuffer","ArrayType","reqLength","littleEndian","andln","iushrn","_countBits","clz32","_zeroBits","zeroBits","toTwos","width","inotn","iaddn","fromTwos","testn","notn","ineg","isNeg","neg","iuor","ior","uor","iuand","iand","uand","iuxor","ixor","uxor","bytesNeeded","bitsLeft","setn","bit","wbit","comb10MulTo","mid","a0","al0","ah0","a1","al1","ah1","a2","al2","ah2","a3","al3","ah3","a4","al4","ah4","a5","al5","ah5","a6","al6","ah6","a7","al7","ah7","a8","al8","ah8","a9","al9","ah9","bl0","bh0","bl1","bh1","bl2","bh2","bl3","bh3","bl4","bh4","bl5","bh5","bl6","bh6","bl7","bh7","bl8","bh8","bl9","bh9","jumboMulTo","FFTM","mulp","mulTo","hncarry","bigMulTo","makeRBT","N","revBin","rb","rbt","rws","iws","rtws","itws","rtwdf","cos","PI","itwdf","sin","rtwdf_","itwdf_","re","ie","ro","io","guessLen13b","odd","conjugate","normalize13b","ws","convert13b","stub","ph","rwst","iwst","nrws","nrwst","niwst","rmws","mulf","muln","sqr","isqr","toBitArray","iushln","carryMask","newCarry","ishln","hint","extended","maskedWords","ishrn","shln","ushln","shrn","ushrn","imaskn","maskn","isubn","addn","iabs","_ishlnsubmul","_wordDiv","bhi","diff","qj","div","divmod","positive","divn","umod","divRound","dm","r2","acc","egcd","yp","xp","im","isOdd","jm","_invmp","delta","cmpn","invm","bincn","ucmp","gtn","gten","ltn","lten","eqn","Red","toRed","ctx","convertTo","_forceRed","fromRed","convertFrom","forceRed","redAdd","redIAdd","redSub","redISub","redShl","shl","redMul","_verify2","redIMul","redSqr","_verify1","redISqr","redSqrt","sqrt","redInvm","redNeg","redPow","primes","k256","p224","p192","p25519","MPrime","_tmp","K256","P224","P192","P25519","prime","_prime","Mont","rinv","minv","ireduce","imulK","mod3","nOne","lpow","inv","wnd","currentLen","mont","nred","minAssert","minUtils","getNAF","naf","getJSF","jsf","d1","d2","m8","m14","m24","cachedProperty","computer","parseBytes","intFromLE","Rand","_rand","getByte","BaseCurve","conf","pointFromJSON","gRed","_wnafT1","_wnafT2","_wnafT3","_wnafT4","adjustCount","redN","_maxwellTrick","BasePoint","precomputed","point","_fixedNafMul","doubles","_getDoubles","step","repr","nafW","jpoint","mixedAdd","points","toP","_wnafMul","nafPoints","_getNAFPoints","dblp","_wnafMulAdd","defW","coeffs","jacobianResult","wndWidth","comb","toJ","ja","jb","decodePoint","pointFromX","encodeCompressed","_encode","compact","getX","getY","precompute","beta","_getBeta","_hasDoubles","dbl","ShortCurve","Base","tinv","zeroA","threeA","endo","_getEndomorphism","_endoWnafT1","_endoWnafT2","Point","isRed","inf","JPoint","zOne","MontCurve","i4","a24","lambda","betas","_getEndoRoots","lambdas","basis","vec","_getEndoBasis","ntinv","prevR","aprxSqrt","len1","_endoSplit","v1","v2","ax","rhs","_endoWnafMulAdd","npoints","ncoeffs","fromJSON","pre","endoMul","JSON","obj2point","isInfinity","nx","ny","ys1","dyinv","mulAdd","jmulAdd","_precompute","negate","zinv","zinv2","ay","pz2","nz","jx","jy","jz","jz4","jyd","jx2","jyd2","jyd4","dny","_zeroDbl","_threeDbl","_dbl","yyyy","yyyy8","c8","gamma","alpha","beta4","beta8","ggamma8","jy2","jxd4","jyd8","trpl","zz","mm","ee","yyu4","kbase","pz3","eqXToP","zs","xc","normalize","diffAdd","da","cb","jumlAdd","EdwardsCurve","twisted","mOneA","oneC","_mulA","_mulC","lhs","pointFromY","_extDbl","nt","_projDbl","_extAdd","_projAdd","require$$0","short","require$$1","require$$2","edwards","require$$3","ft_1","sha1_K","SHA1","require$$4","Hmac","inner","outer","sha","hmac","PresetCurve","defineCurve","cofactor","HmacDRBG","predResist","minEntropy","_reseed","reseedInterval","entropyEnc","nonceEnc","pers","persEnc","_hmac","kmac","reseed","addEnc","KeyPair","_importPrivate","privEnc","_importPublic","pubEnc","fromPublic","fromPrivate","_importDER","recoveryParam","Position","place","getLength","initial","octetLen","rmPadding","constructLength","octets","slen","toDER","backHalf","EC","nh","drbg","ns2","_truncateToN","truncOnly","truncateMsg","bkey","ns1","iter","kp","kpX","canonical","_verify","sinv","recoverPubKey","isYOdd","isSecondKey","rInv","getKeyRecoveryParam","Qprime","_secret","isPoint","_pub","_pubBytes","fromSecret","encodePoint","lastIx","encodingLength","decodeInt","privBytes","getSecret","pubBytes","_R","_S","_Rencoded","Rencoded","_Sencoded","Sencoded","encodeInt","toBytes","EDDSA","pointClass","keyFromSecret","hashInt","messagePrefix","s_","makeSignature","SG","normed","xIsOdd","require$$5","rest","unknownOptions","stream.loadStreamsPonyfill","stream.toStream","literalDataPacketlist","expectSigned","publicKeys","clonedPrivateKey","passphrases","signingUserIDs","encryptionUserIDs","signatureNotations","checkBinary","checkString","helper.generateSecretKey","getRevocationCertificate","cleartextMessage","checkHashAlgos","hashAlgos","oneHeader","armoredKey","binaryKey","armoredKeys","binaryKeys","keyIndex","newKey","armoredMessage","binaryMessage","oneKeyList","armoredSignature","binarySignature","reformattedKey","sanitize","reformat","revokedKey","applyRevocationCertificate","revoke","signDetached"],"mappings":";kJAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxBC,cACEC,QACAC,KAAKT,GAAsB,IAAIU,SAAQ,CAACC,EAASC,KAC/CH,KAAKP,GAAsBS,EAC3BF,KAAKN,GAAqBS,CAAM,IAElCH,KAAKT,GAAoBa,OAAM,UAuCnC,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAaV,MAAMW,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,EAETV,KAAKe,OAAST,CAChB,CAvDAV,EAAYoB,UAAUT,UAAY,WAIhC,YAH2BU,IAAvBjB,KAAKL,KACPK,KAAKL,GAAgB,GAEhB,CACLuB,KAAMC,gBACEnB,KAAKT,GACPS,KAAKL,KAAkBK,KAAKoB,OACvB,CAAEC,WAAOJ,EAAWK,MAAM,GAE5B,CAAED,MAAOrB,KAAKA,KAAKL,MAAkB2B,MAAM,IAGxD,EAEA1B,EAAYoB,UAAUO,UAAYJ,eAAeK,SACzCxB,KAAKT,GACX,MAAMkC,EAASD,EAAKxB,KAAK0B,MAAM1B,KAAKL,KAEpC,OADAK,KAAKoB,OAAS,EACPK,CACT,EAEA7B,EAAYoB,UAAUW,MAAQ,WAC5B,MAAMA,EAAQ,IAAI/B,EAIlB,OAHA+B,EAAMpC,GAAsBS,KAAKT,GAAoBqC,MAAK,KACxDD,EAAME,QAAQ7B,KAAK,IAEd2B,CACT,EAkCAlB,EAAOO,UAAUc,MAAQX,eAAeY,GACtC/B,KAAKe,OAAOc,KAAKE,EACnB,EAOAtB,EAAOO,UAAUgB,MAAQb,iBACvBnB,KAAKe,OAAOtB,IACd,EAOAgB,EAAOO,UAAUiB,MAAQd,eAAee,GAEtC,OADAlC,KAAKe,OAAOrB,GAAmBwC,GACxBA,CACT,EAOAzB,EAAOO,UAAUJ,YAAc,aCxG/B,MAAMuB,EAAuC,iBAAvBC,EAAWC,SACQ,iBAAhCD,EAAWC,QAAQC,SAEtBC,EAAqBJ,QAAU,EAOrC,SAASK,EAASlC,GAChB,OAAID,EAAcC,GACT,QAEL8B,EAAWK,gBAAkBL,EAAWK,eAAezB,UAAU0B,cAAcpC,GAC1E,MAELqC,GAA0BA,EAAuB3B,UAAU0B,cAAcpC,GACpE,WAELiC,GAAsBA,EAAmBvB,UAAU0B,cAAcpC,GAC5D,UAELA,IAASA,EAAMC,YACV,UAGX,CAOA,SAASqC,EAAatC,GACpB,OAAOuC,WAAW7B,UAAU0B,cAAcpC,EAC5C,CAOA,SAASwC,EAAiBC,GACxB,GAAsB,IAAlBA,EAAO3B,OAAc,OAAO2B,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIF,EAAO3B,OAAQ6B,IAAK,CACtC,IAAKL,EAAaG,EAAOE,IACvB,MAAUC,MAAM,8DAGlBF,GAAeD,EAAOE,GAAG7B,OAG3B,MAAMK,EAAS,IAAIoB,WAAWG,GAC9B,IAAIG,EAAM,EAMV,OALAJ,EAAOK,SAAQ,SAAUC,GACvB5B,EAAO6B,IAAID,EAASF,GACpBA,GAAOE,EAAQjC,UAGVK,CACT,CC/DA,MAAM8B,EAAapB,QAAU,EACvBI,EAAqBJ,QAAU,EAOrC,IAAIqB,EACAC,EAEJ,GAAIlB,EAAoB,CAOtBiB,EAAY,SAASE,GACnB,IAAIC,GAAW,EACf,OAAO,IAAIhB,EAAuB,CAChCiB,MAAMC,GACJH,EAAWI,QACXJ,EAAWK,GAAG,QAAQhC,IAChB4B,IAGAJ,EAAWS,SAASjC,KACtBA,EAAQ,IAAIc,WAAWd,EAAMkC,OAAQlC,EAAMmC,WAAYnC,EAAMoC,aAE/DN,EAAWO,QAAQrC,GACnB2B,EAAWI,QAAO,IAEpBJ,EAAWK,GAAG,OAAO,KACfJ,GAGJE,EAAW7B,OAAO,IAEpB0B,EAAWK,GAAG,SAASM,GAAKR,EAAWS,MAAMD,MAE/CE,OACEb,EAAWc,UAEbC,OAAOvC,GACLyB,GAAW,EACXD,EAAWgB,QAAQxC,OAMzB,MAAMyC,UAAqBpC,EACzBzC,YAAY8E,EAAWC,GACrB9E,MAAM8E,GACN7E,KAAK8E,QAAUC,EAAkBH,GAGnCzD,YAAY6D,GACV,IACE,OAAa,CACX,MAAM1D,KAAEA,EAAID,MAAEA,SAAgBrB,KAAK8E,QAAQ5D,OAC3C,GAAII,EAAM,CACRtB,KAAK6B,KAAK,MACV,MAEF,IAAK7B,KAAK6B,KAAKR,GACb,OAGJ,MAAOgD,GACPrE,KAAK0E,QAAQL,IAIjBlD,eAAemD,EAAOW,GACpBjF,KAAK8E,QAAQL,OAAOH,GAAO1C,KAAKqD,EAAUA,IAU9CxB,EAAY,SAASmB,EAAWC,GAC9B,OAAO,IAAIF,EAAaC,EAAWC,GAGvC,CC1FA,MAAMK,EAAiB,IAAIC,QACrBC,EAAiB5F,OAAO,kBAS9B,SAAS6F,EAAO/E,GAKd,GAJAN,KAAKe,OAAST,EACVA,EAAM8E,KACRpF,KAAKoF,GAAkB9E,EAAM8E,GAAgB1D,SAE3C4D,EAAsBhF,GAAQ,CAChC,MAAMiF,EAASjF,EAAMC,YAIrB,OAHAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,YACpB1F,KAAK2F,QAAUxE,aAGjB,IAAIyE,EAAaC,EAAiBvF,GAIlC,GAHmB,SAAfsF,IACFtF,EAAQwF,EAAkBxF,IAExBsF,EAAY,CACd,MAAML,EAASjF,EAAMC,YAOrB,OANAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,KAClBH,EAAO1E,OAAOT,OAAM,eACpBmF,EAAO3E,aAAa,OAEtBZ,KAAK2F,QAAUJ,EAAOd,OAAOgB,KAAKF,IAGpC,IAAIQ,GAAc,EAClB/F,KAAKwF,MAAQrE,SACP4E,GAAeb,EAAec,IAAI1F,GAC7B,CAAEe,WAAOJ,EAAWK,MAAM,IAEnCyE,GAAc,EACP,CAAE1E,MAAOf,EAAOgB,MAAM,IAE/BtB,KAAK0F,aAAe,KAClB,GAAIK,EACF,IACEb,EAAee,IAAI3F,GACnB,MAAM+D,KAGd,CAOAgB,EAAOrE,UAAUE,KAAOC,iBACtB,GAAInB,KAAKoF,IAAmBpF,KAAKoF,GAAgBhE,OAAQ,CAEvD,MAAO,CAAEE,MAAM,EAAOD,MADRrB,KAAKoF,GAAgBc,SAGrC,OAAOlG,KAAKwF,OACd,EAKAH,EAAOrE,UAAUJ,YAAc,WACzBZ,KAAKoF,KACPpF,KAAKe,OAAOqE,GAAkBpF,KAAKoF,IAErCpF,KAAK0F,cACP,EAKAL,EAAOrE,UAAUyD,OAAS,SAASvC,GACjC,OAAOlC,KAAK2F,QAAQzD,EACtB,EAOAmD,EAAOrE,UAAUmF,SAAWhF,iBAC1B,IACIiF,EADAnC,EAAS,GAEb,MAAQmC,GAAW,CACjB,IAAI9E,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OAEjC,GADAG,GAAS,GACLC,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAEF,MAAMqC,EAAejF,EAAMkF,QAAQ,MAAQ,EACvCD,IACFF,EAAYC,EAAepC,EAAOuC,OAAOnF,EAAMoF,OAAO,EAAGH,KACzDrC,EAAS,IAEPqC,IAAiBjF,EAAMD,QACzB6C,EAAOpC,KAAKR,EAAMoF,OAAOH,IAI7B,OADAtG,KAAK0G,WAAWzC,GACTmC,CACT,EAOAf,EAAOrE,UAAU2F,SAAWxF,iBAC1B,MAAMG,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,OACV,MAAMsF,EAAOvF,EAAM,GAEnB,OADArB,KAAK0G,QAAQG,EAAcxF,EAAO,IAC3BuF,CACT,EAOAvB,EAAOrE,UAAU8F,UAAY3F,eAAeC,GAC1C,MAAM6C,EAAS,GACf,IAAI8C,EAAe,EACnB,OAAa,CACX,MAAMzF,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAIF,GAFAA,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgB3F,EAAQ,CAC1B,MAAM4F,EAAeX,EAAepC,GAEpC,OADAjE,KAAK0G,QAAQG,EAAcG,EAAc5F,IAClCyF,EAAcG,EAAc,EAAG5F,IAG5C,EAOAiE,EAAOrE,UAAUiG,UAAY9F,eAAeC,GAC1C,MAAM8F,QAAclH,KAAK8G,UAAU1F,GAEnC,OADApB,KAAK0G,QAAQQ,GACNA,CACT,EAOA7B,EAAOrE,UAAU0F,QAAU,YAAYS,GAChCnH,KAAKoF,KACRpF,KAAKoF,GAAkB,IAGL,IAAlB+B,EAAO/F,QAAgBwB,EAAauE,EAAO,KAC3CnH,KAAKoF,GAAgBhE,QAAU+F,EAAO,GAAG/F,QACzCpB,KAAKoF,GAAgB,GAAGlB,YAAciD,EAAO,GAAG/F,OAEhDpB,KAAKoF,GAAgB,GAAK,IAAIvC,WAC5B7C,KAAKoF,GAAgB,GAAGnB,OACxBjE,KAAKoF,GAAgB,GAAGlB,WAAaiD,EAAO,GAAG/F,OAC/CpB,KAAKoF,GAAgB,GAAGjB,WAAagD,EAAO,GAAG/F,QAInDpB,KAAKoF,GAAgBsB,WAAWS,EAAOC,QAAO/F,GAASA,GAASA,EAAMD,SACxE,EAQAiE,EAAOrE,UAAUO,UAAYJ,eAAeK,EAAK6E,GAC/C,MAAM5E,EAAS,GACf,OAAa,CACX,MAAMH,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,MACVG,EAAOI,KAAKR,GAEd,OAAOG,EAAKC,EACd,ECnMA,IAEI4F,EAAoBC,GAFpB7E,eAAEA,EAAc8E,eAAEA,EAAcC,gBAAEA,GAAoBpF,EAI1DjB,eAAesG,IACb,GAAID,EACF,OAGF,MAAOE,EAAUC,SAAiB1H,QAAQ2H,IAAI,CAC5C3H,gDACAA,oDAGCwC,iBAAgB8E,iBAAgBC,mBAAoBE,GAEvD,MAAMG,4BAAEA,GAAgCF,EAEpCvF,EAAWK,gBAAkBA,IAAmBL,EAAWK,iBAC7D4E,EAAqBQ,EAA4BpF,GACjD6E,EAAmBO,EAA4BzF,EAAWK,gBAE9D,CAEA,MAAMc,EAAapB,QAAU,EAO7B,SAAS2F,EAASxH,GAChB,IAAIsF,EAAapD,EAASlC,GAC1B,MAAmB,SAAfsF,EACKpC,EAAUlD,GAEA,QAAfsF,GAAwByB,EACnBA,EAAmB/G,GAExBsF,EACKtF,EAEF,IAAImC,EAAe,CACxBmB,MAAMC,GACJA,EAAWO,QAAQ9D,GACnBuD,EAAW7B,UAGjB,CAOA,SAAS+F,EAAczH,GACrB,GAAIkC,EAASlC,GACX,OAAOA,EAET,MAAMS,EAAS,IAAInB,EAMnB,MALA,WACE,MAAMc,EAASC,EAAUI,SACnBL,EAAOoB,MAAMxB,SACbI,EAAOsB,OACd,EAJD,GAKOjB,CACT,CAQA,SAASyF,EAAOwB,GACd,OAAIA,EAAKC,MAAKlH,GAAUyB,EAASzB,KAAYV,EAAcU,KAoB7D,SAAsBiH,GACpBA,EAAOA,EAAKE,IAAIJ,GAChB,MAAMK,EAAYC,GAAoBjH,eAAee,SAC7CjC,QAAQ2H,IAAIS,EAAWH,KAAInH,GAAU0D,EAAO1D,EAAQmB,SAE5D,IAAIoG,EAAOrI,QAAQC,UACnB,MAAMmI,EAAaL,EAAKE,KAAI,CAACnH,EAAQkC,IAAMsF,EAAcxH,GAAQ,CAACyH,EAAUC,KAC1EH,EAAOA,EAAK1G,MAAK,IAAM8G,EAAKF,EAAUL,EAAUM,SAAU,CACxDE,aAAc1F,IAAM+E,EAAK5G,OAAS,MAE7BkH,OAET,OAAOH,EAAUK,QACnB,CAhCWI,CAAaZ,GAElBA,EAAKC,MAAKlH,GAAUV,EAAcU,KAqCxC,SAA2BiH,GACzB,MAAMvG,EAAS,IAAI7B,EACnB,IAAI0I,EAAOrI,QAAQC,UAOnB,OANA8H,EAAK5E,SAAQ,CAACrC,EAAQkC,KACpBqF,EAAOA,EAAK1G,MAAK,IAAM8G,EAAK3H,EAAQU,EAAQ,CAC1CkH,aAAc1F,IAAM+E,EAAK5G,OAAS,MAE7BkH,KAEF7G,CACT,CA9CWoH,CAAkBb,GAEJ,iBAAZA,EAAK,GACPA,EAAKxG,KAAK,IAEf+B,GAAcA,EAAWS,SAASgE,EAAK,IAClCzE,EAAWiD,OAAOwB,GAEpBlF,EAAiBkF,EAC1B,CA4CA,SAASzH,EAAUD,GACjB,OAAO,IAAI+E,EAAO/E,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CAUAa,eAAeuH,EAAKpI,EAAOwI,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIxG,EAASlC,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQwH,EAASxH,GACjB,IACE,GAAIA,EAAM8E,GAAiB,CACzB,MAAM1E,EAASC,EAAUmI,GACzB,IAAK,IAAI7F,EAAI,EAAGA,EAAI3C,EAAM8E,GAAgBhE,OAAQ6B,UAC1CvC,EAAOuI,YACPvI,EAAOoB,MAAMxB,EAAM8E,GAAgBnC,IAE3CvC,EAAOE,oBAEHN,EAAM4I,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,kBAEF,MAAM3E,IACR,OAGF,MAAMkB,EAAShF,EADfD,EAAQyH,EAAczH,IAEhBI,EAASC,EAAUmI,GACzB,IACE,OAAa,OACLpI,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACHqH,SAAoBjI,EAAOsB,QAChC,YAEItB,EAAOoB,MAAMT,IAErB,MAAOgD,GACF0E,SAAoBrI,EAAOuB,MAAMoC,WAEtCkB,EAAO3E,cACPF,EAAOE,cAEX,CAQA,SAASuI,EAAa7I,EAAOuE,GAC3B,MAAMuE,EAAkB,IAAI5B,EAAgB3C,GAE5C,OADA6D,EAAKpI,EAAO8I,EAAgBX,UACrBW,EAAgBZ,QACzB,CAOA,SAASJ,EAAoBiB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLlB,SAAU,IAAI/F,EAAe,CAC3BmB,MAAMC,GACJ2F,EAAmB3F,GAErBU,OACM+E,EACFA,IAEAG,GAAS,GAGbtI,aAAae,GACXwH,GAAY,EACRL,SACIA,EAAanH,GAEjBqH,GACFA,EAAgCrH,KAGnC,CAACyH,cAAe,IACnBlB,SAAU,IAAIlB,EAAe,CAC3BzF,MAAOX,eAAeY,GACpB,GAAI2H,EACF,MAAUxG,MAAM,uBAElBsG,EAAiBpF,QAAQrC,GACpB0H,EAQHA,GAAS,SAPH,IAAIxJ,SAAQ,CAACC,EAASC,KAC1BmJ,EAAmCpJ,EACnCqJ,EAAkCpJ,CAAM,IAE1CmJ,EAAmC,KACnCC,EAAkC,OAKtCvH,MAAOwH,EAAiBxH,MAAMyD,KAAK+D,GACnCvH,MAAOuH,EAAiBlF,MAAMmB,KAAK+D,KAGzC,CASA,SAASrB,EAAU7H,EAAO+B,EAAU,MAAe,GAAEuH,EAAS,MAAe,IAC3E,GAAIvJ,EAAcC,GAAQ,CACxB,MAAMuJ,EAAS,IAAIjK,EAgBnB,MAfA,WACE,MAAMc,EAASC,EAAUkJ,GACzB,IACE,MAAMC,QAAavI,EAAUjB,GACvByJ,EAAU1H,EAAQyH,GAClBE,EAAUJ,IAChB,IAAInI,EACgDA,OAApCR,IAAZ8I,QAAqC9I,IAAZ+I,EAAgCxD,EAAO,CAACuD,EAASC,SACpD/I,IAAZ8I,EAAwBA,EAAUC,QAC1CtJ,EAAOoB,MAAML,SACbf,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EAdD,GAeOwF,EAET,GAAIrH,EAASlC,GACX,OAAO6I,EAAa7I,EAAO,CACzBa,gBAAgBE,EAAOwC,GACrB,IACE,MAAMpC,QAAeY,EAAQhB,QACdJ,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,KAGrBlD,YAAY0C,GACV,IACE,MAAMpC,QAAemI,SACN3I,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,OAKzB,MAAM0F,EAAU1H,EAAQ/B,GAClB0J,EAAUJ,IAChB,YAAgB3I,IAAZ8I,QAAqC9I,IAAZ+I,EAA8BxD,EAAO,CAACuD,EAASC,SACzD/I,IAAZ8I,EAAwBA,EAAUC,CAC3C,CAWA,SAASzB,EAAcjI,EAAO2J,GAC5B,GAAIzH,EAASlC,KAAWD,EAAcC,GAAQ,CAC5C,IAAI4J,EACJ,MAAMC,EAAW,IAAI3C,EAAgB,CACnC5D,MAAMC,GACJqG,EAA8BrG,KAI5BuG,EAAkB1B,EAAKpI,EAAO6J,EAAS1B,UAEvC4B,EAAWjC,GAAoBjH,eAAee,GAClDgI,EAA4B5F,MAAMpC,SAC5BkI,QACA,IAAInK,QAAQqK,eAGpB,OADAL,EAAGE,EAAS3B,SAAU6B,EAAS5B,UACxB4B,EAAS7B,SAElBlI,EAAQyH,EAAczH,GACtB,MAAMuJ,EAAS,IAAIjK,EAEnB,OADAqK,EAAG3J,EAAOuJ,GACHA,CACT,CAWA,SAASU,EAAMjK,EAAO2J,GACpB,IAAIO,EACJ,MAAMC,EAAclC,EAAcjI,GAAO,CAACkI,EAAUC,KAClD,MAAMlD,EAAShF,EAAUiI,GACzBjD,EAAOmF,UAAY,KACjBnF,EAAO3E,cACP8H,EAAKF,EAAUC,GACRgC,GAETD,EAAcP,EAAG1E,EAAO,IAE1B,OAAOiF,CACT,CA4BA,SAAS7I,EAAMrB,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqB,QAEf,GAAIa,EAASlC,GAAQ,CACnB,MAAMqK,EAxBV,SAAarK,GACX,GAAID,EAAcC,GAChB,MAAU4C,MAAM,qDAElB,GAAIV,EAASlC,GAAQ,CACnB,MAAMqK,EAAO7C,EAASxH,GAAOsK,MAE7B,OADAD,EAAK,GAAGvF,GAAkBuF,EAAK,GAAGvF,GAAkB9E,EAAM8E,GACnDuF,EAET,MAAO,CAACjJ,EAAMpB,GAAQoB,EAAMpB,GAC9B,CAciBsK,CAAItK,GAEjB,OADAuK,EAAUvK,EAAOqK,EAAK,IACfA,EAAK,GAEd,OAAOjJ,EAAMpB,EACf,CAUA,SAASwK,EAAaxK,GACpB,OAAID,EAAcC,GACTqB,EAAMrB,GAEXkC,EAASlC,GACJ,IAAImC,EAAe,CACxBmB,MAAMC,GACJ,MAAM4G,EAAclC,EAAcjI,GAAOa,MAAOqH,EAAUC,KACxD,MAAMlD,EAAShF,EAAUiI,GACnB9H,EAASC,EAAU8H,GACzB,IACE,OAAa,OACL/H,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,IAAMuC,EAAW7B,QAAW,MAAMqC,IAElC,kBADM3D,EAAOsB,QAGf,IAAM6B,EAAWO,QAAQ/C,GAAU,MAAMgD,UACnC3D,EAAOoB,MAAMT,IAErB,MAAMgD,GACNR,EAAWS,MAAMD,SACX3D,EAAOuB,MAAMoC,OAGvBwG,EAAUvK,EAAOmK,MAIhB/I,EAAMpB,EACf,CAQA,SAASuK,EAAUvK,EAAOqB,GAExBoJ,OAAOC,QAAQD,OAAOE,0BAA0B3K,EAAMR,YAAYkB,YAAYoC,SAAQ,EAAE8H,EAAMC,MAC/E,gBAATD,IAGAC,EAAW9J,MACb8J,EAAW9J,MAAQ8J,EAAW9J,MAAMoE,KAAK9D,GAEzCwJ,EAAWC,IAAMD,EAAWC,IAAI3F,KAAK9D,GAEvCoJ,OAAOM,eAAe/K,EAAO4K,EAAMC,GAAW,GAElD,CAOA,SAASzJ,EAAMpB,EAAOgL,EAAM,EAAGC,EAAIC,KACjC,GAAInL,EAAcC,GAChB,MAAU4C,MAAM,mBAElB,GAAIV,EAASlC,GAAQ,CACnB,GAAIgL,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAOtC,EAAa7I,EAAO,CACzB6H,UAAU9G,EAAOwC,GACX4H,EAAYF,GACVE,EAAYpK,EAAMD,QAAUkK,GAC9BzH,EAAWO,QAAQ1C,EAAML,EAAOqK,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAapK,EAAMD,QAEnByC,EAAW+H,eAKnB,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAO1D,EAAU7H,GAAOe,IAClBA,EAAMD,SAAWkK,EAAOO,EAAY,CAACxK,GACpCwK,EAAUhK,KAAKR,EAAM,IACzB,IAAMK,EAAM8E,EAAOqF,GAAYP,EAAOC,KAE3C,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAO1D,EAAU7H,GAAOe,IACtB,MAAMmJ,EAAcqB,EAAYrF,EAAO,CAACqF,EAAWxK,IAAUA,EAC7D,GAAImJ,EAAYpJ,SAAWmK,EAEzB,OADAM,EAAYnK,EAAM8I,EAAae,GACxB7J,EAAM8I,EAAac,EAAOC,GAEjCM,EAAYrB,KAKlB,OADAsB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAU7K,SAAYO,QAAYH,EAAUjB,GAAQgL,EAAOC,KAKpE,OAHIjL,EAAM8E,KACR9E,EAAQkG,EAAOlG,EAAM8E,GAAgBoB,OAAO,CAAClG,OAE3CsC,EAAatC,IAAYiD,GAAcA,EAAWS,SAAS1D,GAIxDA,EAAMoB,MAAM4J,EAAOC,IAHpBA,IAAQC,MAAUD,EAAMjL,EAAMc,QAC3Bd,EAAM2L,SAASX,EAAOC,GAGjC,CASApK,eAAeI,EAAUjB,EAAOkB,EAAKgF,GACnC,OAAInG,EAAcC,GACTA,EAAMiB,UAAUC,GAErBgB,EAASlC,GACJC,EAAUD,GAAOiB,UAAUC,GAE7BlB,CACT,CASAa,eAAesD,EAAOnE,EAAO4B,GAC3B,GAAIM,EAASlC,GAAQ,CACnB,GAAIA,EAAMmE,OACR,OAAOnE,EAAMmE,OAAOvC,GAEtB,GAAI5B,EAAMoE,QAGR,OAFApE,EAAMoE,QAAQxC,SACR,IAAIjC,QAAQqK,YACXpI,EAGb,CAOA,SAAS8J,EAAU/B,GACjB,MAAMiC,EAAc,IAAItM,EAUxB,MATA,WACE,MAAMc,EAASC,EAAUuL,GACzB,UACQxL,EAAOoB,YAAYmI,WACnBvJ,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EARD,GASO6H,CACT,CCjkBe,MAAMC,EAMnBrM,YAAYsM,GACV,QAAUnL,IAANmL,EACF,MAAUlJ,MAAM,4BAGlB,GAAIkJ,aAAavJ,WAAY,CAC3B,MAAMqE,EAAQkF,EACRC,EAAUxM,MAAMqH,EAAM9F,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAAK,CACrC,MAAMqJ,EAAUpF,EAAMjE,GAAGsJ,SAAS,IAClCF,EAAIpJ,GAAMiE,EAAMjE,IAAM,GAAQ,IAAMqJ,EAAWA,EAEjDtM,KAAKqB,MAAQmL,OAAO,MAAQH,EAAI7K,KAAK,UAErCxB,KAAKqB,MAAQmL,OAAOJ,GAIxBzK,QACE,OAAO,IAAIwK,EAAWnM,KAAKqB,OAM7BoL,OAEE,OADAzM,KAAKqB,QACErB,KAOT0M,MACE,OAAO1M,KAAK2B,QAAQ8K,OAMtBE,OAEE,OADA3M,KAAKqB,QACErB,KAOT4M,MACE,OAAO5M,KAAK2B,QAAQgL,OAOtBE,KAAKC,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTiG,IAAI6G,GACF,OAAO9M,KAAK2B,QAAQkL,KAAKC,GAO3BC,KAAKD,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTgN,IAAIF,GACF,OAAO9M,KAAK2B,QAAQoL,KAAKD,GAO3BG,KAAKH,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTkN,IAAIJ,GACF,OAAO9M,KAAK2B,QAAQsL,KAAKH,GAO3BK,KAAKC,GAKH,OAJApN,KAAKqB,OAAS+L,EAAE/L,MACZrB,KAAKqN,cACPrN,KAAK6M,KAAKO,GAELpN,KAQTsN,IAAIF,GACF,OAAOpN,KAAK2B,QAAQwL,KAAKC,GAS3BG,OAAOlJ,EAAG+H,GACR,GAAIA,EAAEoB,SAAU,MAAMtK,MAAM,yBAC5B,GAAIkJ,EAAEqB,QAAS,OAAO,IAAItB,EAAW,GACrC,GAAI9H,EAAEgJ,aAAc,MAAMnK,MAAM,iCAEhC,IAAIwK,EAAMrJ,EAAEhD,MACRyL,EAAI9M,KAAKqB,MAEbyL,GAAKV,EAAE/K,MACP,IAAIsM,EAAInB,OAAO,GACf,KAAOkB,EAAMlB,OAAO,IAAI,CACtB,MAAMoB,EAAMF,EAAMlB,OAAO,GACzBkB,IAAQlB,OAAO,GAEf,MAAMqB,EAAMF,EAAIb,EAAKV,EAAE/K,MAEvBsM,EAAIC,EAAMC,EAAKF,EACfb,EAAKA,EAAIA,EAAKV,EAAE/K,MAElB,OAAO,IAAI8K,EAAWwB,GAWxBG,OAAO1B,GACL,MAAM2B,IAAEA,EAAGjB,EAAEA,GAAM9M,KAAKgO,MAAM5B,GAC9B,IAAK2B,EAAIN,QACP,MAAUvK,MAAM,0BAElB,OAAO4J,EAAE7G,IAAImG,GAAGkB,IAAIlB,GAStB4B,MAAMC,GACJ,IAAInB,EAAIN,OAAO,GACX0B,EAAI1B,OAAO,GACX2B,EAAQ3B,OAAO,GACf4B,EAAQ5B,OAAO,GAEf6B,EAAIrO,KAAKqB,MAGb,IAFA4M,EAAIA,EAAE5M,MAEC4M,IAAMzB,OAAO,IAAI,CACtB,MAAM8B,EAAID,EAAIJ,EACd,IAAIM,EAAMzB,EACVA,EAAIqB,EAAQG,EAAIxB,EAChBqB,EAAQI,EAERA,EAAML,EACNA,EAAIE,EAAQE,EAAIJ,EAChBE,EAAQG,EAERA,EAAMN,EACNA,EAAII,EAAIJ,EACRI,EAAIE,EAGN,MAAO,CACLzB,EAAG,IAAIX,EAAWgC,GAClBD,EAAG,IAAI/B,EAAWiC,GAClBL,IAAK,IAAI5B,EAAWkC,IASxBN,IAAIE,GACF,IAAII,EAAIrO,KAAKqB,MAEb,IADA4M,EAAIA,EAAE5M,MACC4M,IAAMzB,OAAO,IAAI,CACtB,MAAM+B,EAAMN,EACZA,EAAII,EAAIJ,EACRI,EAAIE,EAEN,OAAO,IAAIpC,EAAWkC,GAOxBG,WAAW1B,GAET,OADA9M,KAAKqB,QAAUyL,EAAEzL,MACVrB,KAQTyO,UAAU3B,GACR,OAAO9M,KAAK2B,QAAQ6M,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADA9M,KAAKqB,QAAUyL,EAAEzL,MACVrB,KAQT2O,WAAW7B,GACT,OAAO9M,KAAK2B,QAAQ+M,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAO9M,KAAKqB,QAAUyL,EAAEzL,MAQ1BwN,GAAG/B,GACD,OAAO9M,KAAKqB,MAAQyL,EAAEzL,MAQxByN,IAAIhC,GACF,OAAO9M,KAAKqB,OAASyL,EAAEzL,MAQzB0N,GAAGjC,GACD,OAAO9M,KAAKqB,MAAQyL,EAAEzL,MAQxB2N,IAAIlC,GACF,OAAO9M,KAAKqB,OAASyL,EAAEzL,MAGzBmM,SACE,OAAOxN,KAAKqB,QAAUmL,OAAO,GAG/BiB,QACE,OAAOzN,KAAKqB,QAAUmL,OAAO,GAG/Ba,aACE,OAAOrN,KAAKqB,MAAQmL,OAAO,GAG7ByC,SACE,QAASjP,KAAKqB,MAAQmL,OAAO,IAG/B0C,MACE,MAAMC,EAAMnP,KAAK2B,QAIjB,OAHI3B,KAAKqN,eACP8B,EAAI9N,OAAS8N,EAAI9N,OAEZ8N,EAOT5C,WACE,OAAOvM,KAAKqB,MAAMkL,WAQpB6C,WACE,MAAMC,EAASC,OAAOtP,KAAKqB,OAC3B,GAAIgO,EAASC,OAAOC,iBAElB,MAAUrM,MAAM,8CAElB,OAAOmM,EAQTG,OAAOvM,GAEL,OADajD,KAAKqB,OAASmL,OAAOvJ,GAAMuJ,OAAO,MAC/BA,OAAO,GAAM,EAAI,EAOnCiD,YACE,MAAMC,EAAO,IAAIvD,EAAW,GACtBwD,EAAM,IAAIxD,EAAW,GACrByD,EAAS,IAAIzD,GAAY,GAIzBrD,EAAS9I,KAAKqN,aAAeuC,EAASF,EAC5C,IAAIG,EAAS,EACb,MAAMtB,EAAMvO,KAAK2B,QACjB,MAAQ4M,EAAIG,YAAYiB,GAAKf,MAAM9F,IACjC+G,IAEF,OAAOA,EAOT1L,aACE,MAAMuL,EAAO,IAAIvD,EAAW,GACtByD,EAAS,IAAIzD,GAAY,GAEzBrD,EAAS9I,KAAKqN,aAAeuC,EAASF,EACtCI,EAAQ,IAAI3D,EAAW,GAC7B,IAAI4D,EAAM,EACV,MAAMxB,EAAMvO,KAAK2B,QACjB,MAAQ4M,EAAIG,YAAYoB,GAAOlB,MAAM9F,IACnCiH,IAEF,OAAOA,EASTC,aAAaC,EAAS,KAAM7O,GAG1B,IAAIiL,EAAMrM,KAAKqB,MAAMkL,SAAS,IAC1BF,EAAIjL,OAAS,GAAM,IACrBiL,EAAM,IAAMA,GAGd,MAAM6D,EAAY7D,EAAIjL,OAAS,EACzB8F,EAAQ,IAAIrE,WAAWzB,GAAU8O,GAEjCC,EAAS/O,EAAUA,EAAS8O,EAAa,EAC/C,IAAIjN,EAAI,EACR,KAAOA,EAAIiN,GACThJ,EAAMjE,EAAIkN,GAAUC,SAAS/D,EAAI3K,MAAM,EAAIuB,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXgN,GACF/I,EAAMmJ,UAGDnJ,GChcX,MAAMoJ,EAAe,IAAwB,oBAAX9D,OCElC,MAAM+D,EAAU/Q,OAAO,iBAER,CAObgR,MAAO,CAELC,KAAuB,OACvB,QAAuB,OACvBC,UAAuB,OACvBC,WAAuB,OACvB,sBAAuB,OACvB,mBAAuB,OACvB,mBAAuB,OAGvBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,UAAgB,YAChB,eAAgB,YAChB,aAAgB,YAChB,aAAgB,YAGhBC,cAA0B,UAC1BC,QAA0B,UAE1BC,QAA0B,UAC1BC,QAA0B,UAC1B,yBAA0B,UAC1B,qBAA0B,UAC1B,qBAA0B,UAG1BC,iBAA0B,aAC1BC,OAA0B,aAC1BC,QAA0B,aAE1BC,WAA0B,aAC1BC,WAA0B,aAC1B,yBAA0B,aAC1B,uBAA0B,aAC1B,uBAA0B,aAG1BC,gBAAyB,kBACzB,uBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbzB,cAAe,GAEf0B,MAAO,GAEPC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAEN5B,QAAS,GAET6B,MAAO,IAOTC,UAAW,CACTC,UAAW,EAEXC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,IAOVC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXhD,UAAW,EACXiD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,IAOrBC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRpB,UAAW,CAETiB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,OAAQ,GACRC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,IAO3BP,SAAU,CAERQ,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTrH,UAAW,EACXsH,WAAY,EACZzE,UAAW,GAObuD,oBAAqB,CAEnBmB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBtB,SAAU,CAERuB,sBAAuB,EAGvBrF,KAAM,EAGNsF,OAAQ,GAUVjY,MAAO,SAASkY,EAAM3V,GAKpB,GAJiB,iBAANA,IACTA,EAAIrE,KAAKkB,KAAK8Y,EAAM3V,SAGNpD,IAAZ+Y,EAAK3V,GACP,OAAO2V,EAAK3V,GAGd,MAAUnB,MAAM,wBAUlBhC,KAAM,SAAS8Y,EAAM3V,GAQnB,GAPK2V,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChBxF,OAAOC,QAAQgP,GAAM5W,SAAQ,EAAEwT,EAAKvV,MAClC2Y,EAAKzJ,GAASlP,GAASuV,CAAG,UAIL3V,IAArB+Y,EAAKzJ,GAASlM,GAChB,OAAO2V,EAAKzJ,GAASlM,GAGvB,MAAUnB,MAAM,yBC3dpB,MAAM+W,EAAY,MAChB,IACE,MAAgC,gBAAzB5X,QAAQ6X,IAAIC,SACnB,MAAO9V,IACT,OAAO,CACR,EALiB,GAOZ+V,EAAO,CACXC,SAAU,SAASvQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBwQ,QAGrD9Z,QAAS,SAASsJ,GAChB,OAAOA,aAAgBjK,OAGzB+C,aAAc2X,EAEd/X,SAAUgY,EAEVC,WAAY,SAAUvT,GACpB,IAAIkF,EAAI,EACR,IAAK,IAAInJ,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAChCmJ,GAAM,KAAOnJ,EAAKiE,EAAMA,EAAM9F,OAAS,EAAI6B,GAE7C,OAAOmJ,GAGTsO,YAAa,SAAUtO,EAAGlF,GACxB,MAAM+G,EAAI,IAAIpL,WAAWqE,GACzB,IAAK,IAAIjE,EAAI,EAAGA,EAAIiE,EAAOjE,IACzBgL,EAAEhL,GAAMmJ,GAAM,GAAKlF,EAAQjE,EAAI,GAAO,IAGxC,OAAOgL,GAGT0M,SAAU,SAAUzT,GAClB,MAAMkF,EAAIgO,EAAKK,WAAWvT,GAE1B,OADU,IAAI0T,KAAS,IAAJxO,IAIrByO,UAAW,SAAUC,GACnB,MAAMC,EAAUrP,KAAKsP,MAAMF,EAAKG,UAAY,KAE5C,OAAOb,EAAKM,YAAYK,EAAS,IAGnCG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAStP,IAAWsP,EAAO,IAAIF,KAAgC,IAA3BlP,KAAKsP,OAAOF,EAAO,OAQjFM,QAAS,SAAUlU,GACjB,MACMmU,GADQnU,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAC/B,OAAOA,EAAM+E,SAAS,EAAG,EAAIoP,IAS/BC,QAAQpU,EAAO9F,GACb,MAAMma,EAAS,IAAI1Y,WAAWzB,GACxB+O,EAAS/O,EAAS8F,EAAM9F,OAE9B,OADAma,EAAOjY,IAAI4D,EAAOiJ,GACXoL,GAQTC,gBAAiB,SAAUC,GACzB,MAAMC,EAAUtB,EAAKuB,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUxY,MAAM,YAElB,MAAM0Y,EAAWH,EAAIxP,SAASwP,EAAIra,OAASsK,KAAKmQ,KAAKH,EAAU,IACzDI,EAAS,IAAIjZ,WAAW,EAAY,MAAV6Y,IAAqB,EAAa,IAAVA,IACxD,OAAOtB,EAAKtX,iBAAiB,CAACgZ,EAAQF,KAQxCD,oBAAqB,SAAUF,GAC7B,IAAIxY,EACJ,IAAKA,EAAI,EAAGA,EAAIwY,EAAIra,QAA4B,IAAXqa,EAAIxY,GAAbA,KAC5B,GAAIA,IAAMwY,EAAIra,OACZ,OAAO,EAET,MAAMwa,EAAWH,EAAIxP,SAAShJ,GAC9B,OAA+B,GAAvB2Y,EAASxa,OAAS,GAASgZ,EAAK2B,MAAMH,EAAS,KAQzDI,gBAAiB,SAAU3P,GACzB,MAAM5K,EAAS,IAAIoB,WAAWwJ,EAAIjL,QAAU,GAC5C,IAAK,IAAI6a,EAAI,EAAGA,EAAI5P,EAAIjL,QAAU,EAAG6a,IACnCxa,EAAOwa,GAAK7L,SAAS/D,EAAI5F,OAAOwV,GAAK,EAAG,GAAI,IAE9C,OAAOxa,GAQTya,gBAAiB,SAAUhV,GACzB,MAAMyG,EAAI,GACJtJ,EAAI6C,EAAM9F,OAChB,IACI+a,EADAC,EAAI,EAER,KAAOA,EAAI/X,GAAG,CAEZ,IADA8X,EAAIjV,EAAMkV,KAAK7P,SAAS,IACjB4P,EAAE/a,OAAS,GAChB+a,EAAI,IAAMA,EAEZxO,EAAE9L,KAAK,GAAKsa,GAEd,OAAOxO,EAAEnM,KAAK,KAQhB6a,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlC,EAAKC,SAASiC,GACjB,MAAUpZ,MAAM,4DAGlB,MAAMzB,EAAS,IAAIoB,WAAWyZ,EAAIlb,QAClC,IAAK,IAAI6B,EAAI,EAAGA,EAAIqZ,EAAIlb,OAAQ6B,IAC9BxB,EAAOwB,GAAKqZ,EAAIE,WAAWvZ,GAE7B,OAAOxB,CAAM,KASjBgb,mBAAoB,SAAUvV,GAE5B,MAAMzF,EAAS,GACTib,EAAK,MACLC,GAHNzV,EAAQ,IAAIrE,WAAWqE,IAGP9F,OAEhB,IAAK,IAAI6B,EAAI,EAAGA,EAAI0Z,EAAG1Z,GAAKyZ,EAC1Bjb,EAAOI,KAAKyY,OAAOsC,aAAaC,MAAMvC,OAAQpT,EAAM+E,SAAShJ,EAAGA,EAAIyZ,EAAKC,EAAI1Z,EAAIyZ,EAAKC,KAExF,OAAOlb,EAAOD,KAAK,KAQrBsb,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAS3a,EAAQhB,EAAO4b,GAAY,GAClC,OAAOF,EAAQG,OAAO7b,EAAO,CAAEN,QAASkc,IAE1C,OAAOV,EAAiBD,EAAKja,GAAS,IAAMA,EAAQ,IAAI,MAQ1D8a,WAAY,SAAUjH,GACpB,MAAMkH,EAAU,IAAIC,YAAY,SAEhC,SAAShb,EAAQhB,EAAO4b,GAAY,GAClC,OAAOG,EAAQE,OAAOjc,EAAO,CAAEN,QAASkc,IAE1C,OAAOV,EAAiBrG,EAAM7T,GAAS,IAAMA,EAAQ,IAAIQ,YAAc,MASzE2D,OAAQ+W,EAORza,iBAAkB0a,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvD,EAAKxX,aAAa8a,KAAYtD,EAAKxX,aAAa+a,GACnD,MAAUza,MAAM,4CAGlB,GAAIwa,EAAOtc,SAAWuc,EAAOvc,OAC3B,OAAO,EAGT,IAAK,IAAI6B,EAAI,EAAGA,EAAIya,EAAOtc,OAAQ6B,IACjC,GAAIya,EAAOza,KAAO0a,EAAO1a,GACvB,OAAO,EAGX,OAAO,GAST2a,cAAe,SAAU3H,GACvB,IAAI4H,EAAI,EACR,IAAK,IAAI5a,EAAI,EAAGA,EAAIgT,EAAK7U,OAAQ6B,IAC/B4a,EAAKA,EAAI5H,EAAKhT,GAAM,MAEtB,OAAOmX,EAAKM,YAAYmD,EAAG,IAQ7BC,WAAY,SAAUxB,GAChBrC,GACFnO,QAAQiS,IAAI,qBAAsBzB,IAStC0B,gBAAiB,SAAU1Z,GACrB2V,GACFnO,QAAQxH,MAAM,qBAAsBA,IAKxCyX,MAAO,SAAUjP,GACf,IAAIa,EAAI,EACJsQ,EAAInR,IAAM,GAyBd,OAxBU,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,IAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEAA,GAYTuQ,OAAQ,SAASpU,GACf,MAAMqU,EAAY,IAAItb,WAAWiH,EAAK1I,QAChCgd,EAAOtU,EAAK1I,OAAS,EAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAImb,EAAMnb,IACxBkb,EAAUlb,GAAM6G,EAAK7G,IAAM,EAAM6G,EAAK7G,EAAI,IAAM,EAGlD,OADAkb,EAAUC,GAAStU,EAAKsU,IAAS,EAAuB,KAAhBtU,EAAK,IAAM,GAC5CqU,GAUTE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAItb,EAAIqb,EAAMld,OAAS,EAAG6B,GAAK,EAAGA,IACrCqb,EAAMrb,KAAOsb,EACTtb,EAAI,IACNqb,EAAMrb,IAAOqb,EAAMrb,EAAI,IAAO,EAAIsb,GAIxC,OAAOD,GAOTE,aAAc,WACZ,YAA6B,IAAfpc,GAA8BA,EAAWqc,QAAUrc,EAAWqc,OAAOC,QAUrFC,cFnYFxd,iBACE,GAAImP,IACF,OAAOnE,EACF,CACL,MAAQyS,QAASzS,SAAqBlM,gDACtC,OAAOkM,EAEX,EEkYE0S,cAAe,aAIfC,YAAa,aASbC,cAAe,WACb,MAAO,CAAwB,EAAEC,QAGnCC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,YADW,GACDC,OAAOhe,QAGnBie,eAAgB,SAASvV,GACvB,IAAKsQ,EAAKC,SAASvQ,GACjB,OAAO,EAGT,MADW,mLACDwV,KAAKxV,IAOjByV,gBAAiB,SAASzV,GAGxB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM5C,IAY5B,IAAIuY,EAXAD,IACFtY,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,KAN9C,KASLA,EAAMA,EAAM9F,OAAS,IACvBoe,GAAc,EACdtY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIzc,EAAI,EACXwc,EAAQvY,EAAMX,QAlBP,GAkBmBtD,GAAK,EAC3Bwc,EAFYxc,EAAIwc,EAlBb,KAqBDvY,EAAMuY,EAAQ,IAAWC,EAAQ7d,KAAK4d,GAK9C,IAAKC,EAAQte,OACX,OAAO8F,EAGT,MAAMyY,EAAa,IAAI9c,WAAWqE,EAAM9F,OAASse,EAAQte,QACzD,IAAIub,EAAI,EACR,IAAK,IAAI1Z,EAAI,EAAGA,EAAIyc,EAAQte,OAAQ6B,IAAK,CACvC,MAAM+J,EAAM9F,EAAM+E,SAASyT,EAAQzc,EAAI,IAAM,EAAGyc,EAAQzc,IACxD0c,EAAWrc,IAAI0J,EAAK2P,GACpBA,GAAK3P,EAAI5L,OACTue,EAAWhD,EAAI,GApCR,GAqCPgD,EAAWhD,GApCJ,GAqCPA,IAGF,OADAgD,EAAWrc,IAAI4D,EAAM+E,SAASyT,EAAQA,EAAQte,OAAS,IAAM,GAAIub,GAC1DgD,CAAU,IAChB,IAAOH,EAAc,IAAI3c,WAAW,CA1C5B,UA0CoC5B,KAOjD2e,UAAW,SAAS9V,GAGlB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM5C,IAc5B,IAAIuY,EAlBK,MAMPvY,EADEsY,GAJK,KAIUtY,EAAM,GACfkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,IAE7C,IAAIrE,WAAWqE,IAGfA,EAAM9F,OAAS,IACvBoe,GAAc,EACdtY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,IAAI7C,EAAI,EACR,IAAK,IAAI1Z,EAAI,EAAGA,IAAMiE,EAAM9F,OAAQ6B,EAAIwc,EAAO,CAC7CA,EAAQvY,EAAMX,QArBP,GAqBmBtD,GAAK,EAC1Bwc,IAAOA,EAAQvY,EAAM9F,QAC1B,MAAMgd,EAAOqB,GAtBN,KAsBevY,EAAMuY,GAAgB,EAAI,GAC5Cxc,GAAGiE,EAAM2Y,WAAWlD,EAAG1Z,EAAGmb,GAC9BzB,GAAKyB,EAAOnb,EAEd,OAAOiE,EAAM+E,SAAS,EAAG0Q,EAAE,IAC1B,IAAO6C,EAAc,IAAI3c,WAAW,CA5B5B,UA4BoC5B,KAMjD6e,qBAAsB,SAAS7J,GAC7B,OAAOA,EAAK8J,MAAM,MAAM7X,KAAI8X,IAC1B,IAAI/c,EAAI+c,EAAK5e,OAAS,EACtB,KAAO6B,GAAK,IAAkB,MAAZ+c,EAAK/c,IAA0B,OAAZ+c,EAAK/c,IAA2B,OAAZ+c,EAAK/c,IAAcA,KAC5E,OAAO+c,EAAKvZ,OAAO,EAAGxD,EAAI,EAAE,IAC3BzB,KAAK,OAGVye,UAAW,SAAS1G,EAASjV,GAC3B,IAAKA,EACH,OAAWpB,MAAMqW,GAInB,IACEjV,EAAMiV,QAAUA,EAAU,KAAOjV,EAAMiV,QACvC,MAAOlV,IAET,OAAOC,GAST4b,wBAAyB,SAASC,GAChC,MAAMjY,EAAM,GAOZ,OANAiY,EAAe/c,SAAQgd,IACrB,IAAKA,EAAYC,IACf,MAAUnd,MAAM,0CAElBgF,EAAIkY,EAAYC,KAAOD,CAAW,IAE7BlY,GAWToY,WAAY,SAASC,GAEnB,OAAO,IAAItgB,SAAQkB,MAAOjB,EAASC,KACjC,IAAIqgB,QACEvgB,QAAQ2H,IAAI2Y,EAASrY,KAAI/G,UAC7B,IACEjB,QAAcugB,GACd,MAAOpc,GACPmc,EAAYnc,OAGhBlE,EAAOqgB,EAAU,KAWrBE,iBAAkB,SAASC,EAAMtS,EAAGJ,GAClC,MAAM7M,EAASsK,KAAKC,IAAI0C,EAAEjN,OAAQ6M,EAAE7M,QAC9BK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAImK,EAAM,EACV,IAAK,IAAItI,EAAI,EAAGA,EAAIxB,EAAOL,OAAQ6B,IACjCxB,EAAOwB,GAAMoL,EAAEpL,GAAM,IAAM0d,EAAU1S,EAAEhL,GAAM,IAAM0d,EACnDpV,GAAQoV,EAAO1d,EAAIoL,EAAEjN,OAAY,EAAIuf,EAAQ1d,EAAIgL,EAAE7M,OAErD,OAAOK,EAAOwK,SAAS,EAAGV,IAU5BqV,YAAa,SAASD,EAAMtS,EAAGJ,GAC7B,OAAQI,EAAK,IAAMsS,EAAU1S,EAAK,IAAM0S,GAK1CE,MAAO,SAASC,GACd,OAAOA,IAAeC,EAAM9N,UAAUM,QAAUuN,IAAeC,EAAM9N,UAAUO,QAAUsN,IAAeC,EAAM9N,UAAUQ,SChlBtHuL,EAAS5E,EAAK2E,gBAEpB,IAAIiC,EACAC,GAkBG,SAAS/D,GAAOpT,GACrB,IAAIoX,EAAM,IAAIre,WACd,OAAO0Z,EAAiBzS,GAAMzI,IAC5B6f,EAAM9G,EAAKtX,iBAAiB,CAACoe,EAAK7f,IAClC,MAAMsM,EAAI,GAEJwT,EAAQzV,KAAKsP,MAAMkG,EAAI9f,OADR,IAEf8F,EAFe,GAEPia,EACRC,EAAUJ,EAAYE,EAAIjV,SAAS,EAAG/E,IAC5C,IAAK,IAAIjE,EAAI,EAAGA,EAAIke,EAAOle,IACzB0K,EAAE9L,KAAKuf,EAAQ3a,OAAW,GAAJxD,EAAQ,KAC9B0K,EAAE9L,KAAK,MAGT,OADAqf,EAAMA,EAAIjV,SAAS/E,GACZyG,EAAEnM,KAAK,GAAG,IAChB,IAAO0f,EAAI9f,OAAS4f,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS5D,GAAOxT,GACrB,IAAIoX,EAAM,GACV,OAAO3E,EAAiBzS,GAAMzI,IAC5B6f,GAAO7f,EAGP,IAAIggB,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIre,EAAI,EAAGA,EAAIqe,EAAWlgB,OAAQ6B,IAAK,CAC1C,MAAMse,EAAYD,EAAWre,GAC7B,IAAK,IAAIE,EAAM+d,EAAI3a,QAAQgb,IAAqB,IAATpe,EAAYA,EAAM+d,EAAI3a,QAAQgb,EAAWpe,EAAM,GACpFke,IAMJ,IAAIjgB,EAAS8f,EAAI9f,OACjB,KAAOA,EAAS,IAAMA,EAASigB,GAAU,GAAM,EAAGjgB,IAC5CkgB,EAAWE,SAASN,EAAI9f,KAAUigB,IAGxC,MAAMI,EAAUR,GAAYC,EAAIza,OAAO,EAAGrF,IAE1C,OADA8f,EAAMA,EAAIza,OAAOrF,GACVqgB,CAAO,IACb,IAAMR,GAAYC,IACvB,CASO,SAASQ,GAAgBC,GAC9B,OAAOrE,GAAOqE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,GAAgB3a,EAAO4a,GACrC,IAAIV,EAAUlE,GAAOhW,GAAO0a,QAAQ,UAAW,IAI/C,OAHIE,IACFV,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAEvER,CACT,CA5FIpC,GACFgC,EAAcE,GAAOlC,EAAO+C,KAAKb,GAAK3U,SAAS,UAC/C0U,GAAc3E,IACZ,MAAMrO,EAAI+Q,EAAO+C,KAAKzF,EAAK,UAC3B,OAAO,IAAIzZ,WAAWoL,EAAEhK,OAAQgK,EAAE/J,WAAY+J,EAAE9J,WAAW,IAG7D6c,EAAcE,GAAOc,KAAK5H,EAAKqC,mBAAmByE,IAClDD,GAAc3E,GAAOlC,EAAKiC,mBAAmB4F,KAAK3F,YCVrC,CAKb4F,uBAAwBnB,EAAM/M,KAAKI,OAKnC+N,4BAA6BpB,EAAM9N,UAAUQ,OAK7C2O,8BAA+BrB,EAAMpN,YAAYC,aAKjDyO,aAAc,EAUdC,aAAa,EAObC,uBAAwBxB,EAAMtM,KAAKC,IAQnC8N,kBAAmB,GAQnBzI,QAAQ,EAOR0I,sBAAuB,IASvBC,8BAA8B,EAU9BC,4BAA4B,EAK5BC,kBAAkB,EAOlBC,WAAY,KAOZC,wBAAwB,EAKxBC,mBAAmB,EAQnBC,wCAAwC,EASxCC,8CAA8C,EAW9CC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAACrC,EAAM9N,UAAUM,OAAQwN,EAAM9N,UAAUO,OAAQuN,EAAM9N,UAAUQ,SAMlI4P,qBAAsB,IAKtBC,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,oBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,oBAAoB,EAMpBC,qBAAsB,IAAIZ,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,SAM1D8P,4BAA6B,IAAIb,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,OAAQ4M,EAAM/M,KAAKE,OAMpFgQ,0BAA2B,IAAId,IAAI,CAACrC,EAAM7O,UAAUI,QAASyO,EAAM7O,UAAUK,MAM7E4R,aAAc,IAAIf,IAAI,CAACrC,EAAMvQ,MAAMQ,aCzNrC,SAASoT,GAAQnO,GACf,MAEMoO,EAASpO,EAAKqO,MAFH,yIAIjB,IAAKD,EACH,MAAUnhB,MAAM,4BAMlB,MAAI,yBAAyBoc,KAAK+E,EAAO,IAChCtD,EAAM5H,MAAMC,iBAMjB,oBAAoBkG,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAME,cAGjB,iBAAiBiG,KAAK+E,EAAO,IACxBtD,EAAM5H,MAAMG,OAIjB,UAAUgG,KAAK+E,EAAO,IACjBtD,EAAM5H,MAAMI,QAIjB,mBAAmB+F,KAAK+E,EAAO,IAC1BtD,EAAM5H,MAAMjH,UAIjB,oBAAoBoN,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAMK,WAMjB,YAAY8F,KAAK+E,EAAO,IACnBtD,EAAM5H,MAAMpE,eADrB,CAGF,CAWA,SAASwP,GAAUC,EAAeC,GAChC,IAAIhjB,EAAS,GAWb,OAVIgjB,EAAOhB,cACThiB,GAAU,YAAcgjB,EAAOd,cAAgB,MAE7Cc,EAAOf,cACTjiB,GAAU,YAAcgjB,EAAOb,cAAgB,MAE7CY,IACF/iB,GAAU,YAAc+iB,EAAgB,MAE1C/iB,GAAU,KACHA,CACT,CASA,SAASijB,GAAY5a,GAEnB,OAAO6a,GA8CT,SAAqBrkB,GACnB,IAAIskB,EAAM,SACV,OAAOrI,EAAiBjc,GAAOe,IAC7B,MAAMwjB,EAAQC,GAAiBpZ,KAAKsP,MAAM3Z,EAAMD,OAAS,GAAK,EACxD2jB,EAAQ,IAAIC,YAAY3jB,EAAM4C,OAAQ5C,EAAM6C,WAAY2gB,GAC9D,IAAK,IAAI5hB,EAAI,EAAGA,EAAI4hB,EAAO5hB,IACzB2hB,GAAOG,EAAM9hB,GACb2hB,EACEK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,EAAK,KAC1BK,GAAU,GAAIL,GAAO,EAAK,KAE9B,IAAK,IAAI3hB,EAAY,EAAR4hB,EAAW5hB,EAAI5B,EAAMD,OAAQ6B,IACxC2hB,EAAOA,GAAO,EAAKK,GAAU,GAAU,IAANL,EAAcvjB,EAAM4B,OAEtD,IAAM,IAAIJ,WAAW,CAAC+hB,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYpb,GAE1B,CAIA,MAAMmb,GAAY,CACZplB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAIoD,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAI2hB,EAAM3hB,GAAK,GACf,IAAK,IAAI0Z,EAAI,EAAGA,EAAI,EAAGA,IACrBiI,EAAOA,GAAO,GAA2B,IAAd,QAANA,GAAwB,QAAW,GAE1DK,GAAU,GAAGhiB,IACH,SAAN2hB,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAI3hB,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAIvE,MAAM6hB,GAAkB,WACtB,MAAM7gB,EAAS,IAAIkhB,YAAY,GAG/B,OAFA,IAAIC,SAASnhB,GAAQohB,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWrhB,GAAQ,EAChC,IAmCA,SAASshB,GAAcC,GACrB,IAAK,IAAIviB,EAAI,EAAGA,EAAIuiB,EAAQpkB,OAAQ6B,IAC7B,mCAAmCqc,KAAKkG,EAAQviB,KACnDmX,EAAK4D,gBAAoB9a,MAAM,sCAAwCsiB,EAAQviB,KAE5E,iDAAiDqc,KAAKkG,EAAQviB,KACjEmX,EAAK4D,gBAAoB9a,MAAM,mBAAqBsiB,EAAQviB,IAGlE,CASA,SAASwiB,GAAcxP,GACrB,IAAIyP,EAAOzP,EACP0P,EAAW,GAEf,MAAMC,EAAa3P,EAAK4P,YAAY,KAOpC,OALID,GAAc,GAAKA,IAAe3P,EAAK7U,OAAS,IAClDskB,EAAOzP,EAAKvU,MAAM,EAAGkkB,GACrBD,EAAW1P,EAAKvU,MAAMkkB,EAAa,GAAGnf,OAAO,EAAG,IAG3C,CAAEif,KAAMA,EAAMC,SAAUA,EACjC,CAWO,SAASG,GAAQxlB,EAAOmkB,EAASsB,IAEtC,OAAO,IAAI9lB,SAAQkB,MAAOjB,EAASC,KACjC,IACE,MAAM6lB,EAAU,qBACVC,EAAc,oDAEpB,IAAIjM,EACJ,MAAMwL,EAAU,GAChB,IACIU,EAEAC,EACAR,EAJAS,EAAcZ,EAEdvP,EAAO,GAGPnM,EAAOuc,GAAcC,EAAqBhmB,GAAOa,MAAOqH,EAAUC,KACpE,MAAMlD,EAASghB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAIwX,QAAaza,EAAOY,WACxB,QAAalF,IAAT+e,EACF,MAAU9c,MAAM,0BAIlB,GADA8c,EAAO5F,EAAK0F,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpD5H,EAIE,GAAKkM,EAcAC,GAAqB,IAATnM,IACjBgM,EAAQ1G,KAAKU,IAIhB/J,EAAOA,EAAKzU,KAAK,QACjB2kB,GAAW,EACXZ,GAAca,GACdA,EAAc,GACdF,GAAc,GANdjQ,EAAKpU,KAAKme,EAAK4B,QAAQ,MAAO,WAbhC,GAHIoE,EAAQ1G,KAAKU,IACf7f,EAAW+C,MAAM,sEAEd+iB,EAAY3G,KAAKU,IAKpB,GAFAuF,GAAca,GACdF,GAAc,EACVC,GAAqB,IAATnM,EAAY,CAC1B9Z,EAAQ,CAAE+V,OAAMnM,OAAM0b,UAASxL,SAC/B,YANFoM,EAAYvkB,KAAKme,QARfgG,EAAQ1G,KAAKU,KACfhG,EAAOoK,GAAQpE,KA6BrB,MAAO3b,GAEP,YADAlE,EAAOkE,GAGT,MAAM3D,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,OACL/H,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EACF,MAAU4B,MAAM,0BAElB,MAAM8c,EAAO3e,EAAQ,GACrB,IAA2B,IAAvB2e,EAAKzZ,QAAQ,OAAsC,IAAvByZ,EAAKzZ,QAAQ,KAEtC,CACL,IAAImE,QAAkBnF,EAAOhE,YACxBmJ,EAAUtJ,SAAQsJ,EAAY,IACnCA,EAAYsV,EAAOtV,EACnBA,EAAY0P,EAAK0F,qBAAqBpV,EAAUkX,QAAQ,MAAO,KAC/D,MAAM6E,EAAQ/b,EAAUqV,MAAMiG,GAC9B,GAAqB,IAAjBS,EAAMrlB,OACR,MAAU8B,MAAM,0BAElB,MAAM6c,EAAQ0F,GAAcgB,EAAM,GAAG/kB,MAAM,GAAI,IAC/CikB,EAAW5F,EAAM4F,eACXjlB,EAAOoB,MAAMie,EAAM2F,MACzB,YAbMhlB,EAAOoB,MAAMke,SAgBjBtf,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,QAGvByF,EAAOwc,EAAqBxc,GAAM3I,MAAOqH,EAAUC,KACjD,MAAMie,EAAmBC,EAAiBjC,GAAYkC,EAAoBpe,KAC1Eke,EAAiBtmB,OAAM,eACjBymB,EAAYre,EAAUC,EAAU,CACpCE,cAAc,IAEhB,MAAMjI,EAAS8lB,EAAiB/d,GAChC,IACE,MAAMqe,SAAgCJ,GAAkB9E,QAAQ,KAAM,IACtE,GAAI+D,IAAamB,IAA2BnB,GAAYlB,EAAO7B,kBAC7D,MAAU1f,MAAM,4CAEZxC,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAGvB,MAAOA,GACPlE,EAAOkE,OAERzC,MAAKT,UACF4lB,EAAqBtlB,EAAOqI,QAC9BrI,EAAOqI,WAAa6c,EAAiBllB,EAAOqI,OAEvCrI,IAEX,CAaO,SAAS0X,GAAM6N,EAAatB,EAAMuB,EAAWC,EAAW1C,EAAeC,EAASsB,IACrF,IAAI9P,EACAjC,EACAgT,IAAgBjG,EAAM5H,MAAMG,SAC9BrD,EAAOyP,EAAKzP,KACZjC,EAAO0R,EAAK1R,KACZ0R,EAAOA,EAAK5b,MAEd,MAAMqd,EAAYP,EAAoBlB,GAChCjkB,EAAS,GACf,OAAQulB,GACN,KAAKjG,EAAM5H,MAAMC,iBACf3X,EAAOI,KAAK,gCAAkColB,EAAY,IAAMC,EAAY,WAC5EzlB,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,8BAAgColB,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAKnG,EAAM5H,MAAME,cACf5X,EAAOI,KAAK,gCAAkColB,EAAY,WAC1DxlB,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,8BAAgColB,EAAY,WACxD,MACF,KAAKlG,EAAM5H,MAAMG,OACf7X,EAAOI,KAAK,wCACZJ,EAAOI,KAAK,SAAWmS,EAAO,QAC9BvS,EAAOI,KAAKoU,EAAK2L,QAAQ,OAAQ,QACjCngB,EAAOI,KAAK,qCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,iCACZ,MACF,KAAKkf,EAAM5H,MAAMI,QACf9X,EAAOI,KAAK,iCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,+BACZ,MACF,KAAKkf,EAAM5H,MAAMjH,UACfzQ,EAAOI,KAAK,0CACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,wCACZ,MACF,KAAKkf,EAAM5H,MAAMK,WACf/X,EAAOI,KAAK,2CACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,yCACZ,MACF,KAAKkf,EAAM5H,MAAMpE,UACftT,EAAOI,KAAK,mCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,iCAIhB,OAAOuY,EAAK5T,OAAO/E,EACrB,CC5YA,MAAM2lB,GACJtnB,cACEE,KAAKkH,MAAQ,GAOfhG,KAAKgG,GAEH,OADAlH,KAAKkH,MAAQkT,EAAKqC,mBAAmBvV,EAAM+E,SAAS,EAAG,IAChDjM,KAAKkH,MAAM9F,OAOpBU,QACE,OAAOsY,EAAKiC,mBAAmBrc,KAAKkH,OAOtCmgB,QACE,OAAOjN,EAAK8B,gBAAgB9B,EAAKiC,mBAAmBrc,KAAKkH,QAQ3DogB,OAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgBznB,KAAKynB,eAAkBznB,KAAKkH,QAAUqgB,EAAMrgB,MAO9FwgB,SACE,MAAsB,KAAf1nB,KAAKkH,MAOdugB,aACE,MAAO,OAAOnI,KAAKtf,KAAKqnB,SAG1BM,gBAAgBJ,GACd,OAAOA,EAAMF,QAGfM,cAActb,GACZ,MAAMkb,EAAQ,IAAIH,GAElB,OADAG,EAAMrmB,KAAKkZ,EAAK4B,gBAAgB3P,IACzBkb,EAGTI,kBACE,MAAMJ,EAAQ,IAAIH,GAElB,OADAG,EAAMrmB,KAAK,IAAI2B,WAAW,IACnB0kB,GChGJ,IAAIK,GAAU,WAMnB,IAKIC,EAAOC,EALPC,GAAa,EAsCjB,SAASC,EAAK3Z,EAAGJ,GACf,IAAImO,EAAIyL,GAAOC,EAAMzZ,GAAKyZ,EAAM7Z,IAAM,KAEtC,OADU,IAANI,GAAiB,IAANJ,IAASmO,EAAI,GACrBA,EAiBT,IAOI6L,EAKAC,EAKAC,EAKAC,EAtBAC,GAAgB,EA2BpB,SAASC,IAIP,SAASC,EAAGla,GACV,IAAI+N,EAAGyB,EAAG/Q,EAEV,IADA+Q,EAAI/Q,EA1CR,SAAcuB,GACZ,IAAIpL,EAAI4kB,EAAM,IAAMC,EAAMzZ,IAE1B,OADU,IAANA,IAASpL,EAAI,GACVA,EAuCGulB,CAAKna,GACR+N,EAAI,EAAGA,EAAI,EAAGA,IAEjBtP,GADA+Q,EAA6B,KAAvBA,GAAK,EAAMA,IAAM,GAIzB,OADA/Q,GAAK,GAVFib,GA5EP,WACEF,EAAQ,GACNC,EAAQ,GAEV,IAAW1L,EAAGqM,EAAVpa,EAAI,EACR,IAAK+N,EAAI,EAAGA,EAAI,IAAKA,IACnByL,EAAMzL,GAAK/N,EAGXoa,EAAQ,IAAJpa,EAAUA,IAAM,EAAGA,GAAK,IAClB,MAANoa,IAAYpa,GAAK,IACrBA,GAAKwZ,EAAMzL,GAGX0L,EAAMD,EAAMzL,IAAMA,EAEpByL,EAAM,KAAOA,EAAM,GACnBC,EAAM,GAAK,EAEXC,GAAa,EAyDIW,GAejBT,EAAW,GACTC,EAAW,GACXC,EAAU,CAAC,GAAI,GAAI,GAAI,IACvBC,EAAU,CAAC,GAAI,GAAI,GAAI,IAEzB,IAAK,IAAInlB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC5B,IAAI4a,EAAI0K,EAAGtlB,GAGXglB,EAAShlB,GAAK4a,EACdqK,EAASrK,GAAK5a,EAGdklB,EAAQ,GAAGllB,GAAM+kB,EAAK,EAAGnK,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKmK,EAAK,EAAGnK,GACpEuK,EAAQ,GAAGvK,GAAMmK,EAAK,GAAI/kB,IAAM,GAAO+kB,EAAK,EAAG/kB,IAAM,GAAO+kB,EAAK,GAAI/kB,IAAM,EAAK+kB,EAAK,GAAI/kB,GAEzF,IAAK,IAAIgb,EAAI,EAAGA,EAAI,EAAGA,IACrBkK,EAAQlK,GAAGhb,GAAMklB,EAAQlK,EAAI,GAAGhb,KAAO,EAAMklB,EAAQlK,EAAI,GAAGhb,IAAM,GAClEmlB,EAAQnK,GAAGJ,GAAMuK,EAAQnK,EAAI,GAAGJ,KAAO,EAAMuK,EAAQnK,EAAI,GAAGJ,IAAM,GAItEwK,GAAgB,EA0BlB,IAAIM,EAAU,SAAUC,EAAS3kB,GAE1BokB,GAAeC,IAGpB,IAAIO,EAAO,IAAI7D,YAAY/gB,GAC3B4kB,EAAKvlB,IAAI2kB,EAAU,KACnBY,EAAKvlB,IAAI4kB,EAAU,KACnB,IAAK,IAAIjlB,EAAI,EAAGA,EAAI,EAAGA,IACrB4lB,EAAKvlB,IAAI6kB,EAAQllB,GAAK,KAAS,KAAQA,GAAM,GAC7C4lB,EAAKvlB,IAAI8kB,EAAQnlB,GAAK,KAAS,KAAQA,GAAM,GAuD/C,IAEI6lB,EAAM,SAAUC,EAAQH,EAAS3kB,GACnC,UAEA,IAAI+kB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAI,EAEN,IAAIC,EAAO,IAAItB,EAAO/D,YAAY/gB,GAChCqmB,EAAO,IAAIvB,EAAOlmB,WAAWoB,GAa/B,SAASsmB,EAAMtO,EAAG4B,EAAGI,EAAGtQ,EAAG6c,EAAIC,EAAIC,EAAIC,GACrC1O,EAAIA,EAAI,EACR4B,EAAIA,EAAI,EACRI,EAAIA,EAAI,EACRtQ,EAAIA,EAAI,EACR6c,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAIC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACvBC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BjoB,EAAI,EAEN2nB,EAAK3M,EAAI,MAAO4M,EAAK5M,EAAI,MAAO6M,EAAK7M,EAAI,MAGzCuM,EAAKA,EAAKH,GAAMpO,EAAI,IAAM,GACxBwO,EAAKA,EAAKJ,GAAMpO,EAAI,IAAM,GAC1ByO,EAAKA,EAAKL,GAAMpO,EAAI,IAAM,GAC1B0O,EAAKA,EAAKN,GAAMpO,EAAI,KAAO,GAG7B,IAAKhZ,EAAI,IAAKA,EAAI,IAAO0K,GAAK,EAAI1K,EAAKA,EAAI,GAAM,EAAG,CAClD8nB,EAAKV,GAAMpM,EAAIuM,GAAM,GAAK,OAAS,GAAKH,GAAMO,EAAKH,GAAM,GAAK,OAAS,GAAKJ,GAAMQ,EAAKH,GAAM,EAAI,OAAS,GAAKL,GAAMS,EAAKH,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIhZ,EAAI,IAAM,GACpK+nB,EAAKX,GAAMpM,EAAIwM,GAAM,GAAK,OAAS,GAAKJ,GAAMO,EAAKF,GAAM,GAAK,OAAS,GAAKL,GAAMQ,EAAKF,GAAM,EAAI,OAAS,GAAKN,GAAMS,EAAKN,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIhZ,EAAI,IAAM,GACtKgoB,EAAKZ,GAAMpM,EAAIyM,GAAM,GAAK,OAAS,GAAKL,GAAMO,EAAKD,GAAM,GAAK,OAAS,GAAKN,GAAMQ,EAAKL,GAAM,EAAI,OAAS,GAAKH,GAAMS,EAAKL,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIhZ,EAAI,IAAM,GACtKioB,EAAKb,GAAMpM,EAAI0M,GAAM,GAAK,OAAS,GAAKN,GAAMO,EAAKJ,GAAM,GAAK,OAAS,GAAKH,GAAMQ,EAAKJ,GAAM,EAAI,OAAS,GAAKJ,GAAMS,EAAKJ,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIhZ,EAAI,KAAO,GACzKunB,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAIlClC,EAAKqB,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,IAAM,EAAIL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIhZ,EAAI,IAAM,GAClLgmB,EAAKoB,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,IAAM,EAAIN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIhZ,EAAI,IAAM,GACpLimB,EAAKmB,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,IAAM,EAAIH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIhZ,EAAI,IAAM,GACpLkmB,EAAKkB,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,IAAM,EAAIJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIhZ,EAAI,KAAO,GAUzL,SAASkoB,EAASX,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAC,EACAC,EACAC,GAWJ,SAASS,EAASZ,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAWxB,SAASoN,EAASb,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,GAGPvB,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAUT,SAASmC,EAASd,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAEtB+K,EAAKA,EAAKI,EACRH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EAEZH,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASY,EAASf,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EAAKA,EAAKwB,EACbnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EAWnB,SAASa,EAAShB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFP,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAEZvB,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASc,EAAKjB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAEPH,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASe,EAAKlB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAZ,EACAC,EACAC,EACAC,GAGFA,GAAOI,EAAKJ,EAAMI,EAAMJ,EAAK,EAC3BD,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAE5CT,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASgB,EAASnB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAII,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BU,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7B9oB,EAAI,EAAGmZ,EAAI,EAEboO,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAEZwB,EAAKf,EAAK,EACRgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EAEZ,MAAQlnB,EAAI,GAAK,IAAKA,EAAKA,EAAI,EAAK,EAAG,CACrC,GAAI8nB,IAAO,GAAI,CACba,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAGdI,EAAMA,GAAM,EAAMC,IAAO,GACvBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAEd9O,EAAIuO,EAAK,EAETA,EAAMA,IAAO,EAAMD,GAAM,GACvBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAEf,GAAIpO,EAAGoO,EAAKA,EAAK,WAGnBpB,EAAKwC,EACHvC,EAAKwC,EACLvC,EAAKwC,EACLvC,EAAKwC,EAST,SAASC,EAAWre,GAClBA,EAAIA,EAAI,EACRyc,EAAIzc,EAYN,SAASse,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVrD,EAAKkD,EACHjD,EAAKkD,EACLjD,EAAKkD,EACLjD,EAAKkD,EAYT,SAASC,EAAOC,EAAIC,EAAIC,EAAIC,GAC1BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVtD,EAAKmD,EACHlD,EAAKmD,EACLlD,EAAKmD,EACLlD,EAAKmD,EAYT,SAASC,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVvD,EAAKoD,EACHnD,EAAKoD,EACLnD,EAAKoD,EACLnD,EAAKoD,EAYT,SAASC,EAASC,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVxD,EAAKqD,EACHpD,EAAKqD,EACLpD,EAAKqD,EACLpD,EAAKqD,EAYT,SAASC,EAAYC,EAAIC,EAAIC,EAAIC,GAC/BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV9D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACrB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EAU3B,SAASI,EAAUvqB,GACjBA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBmnB,EAAKnnB,EAAM,GAAK6lB,IAAO,GACrBsB,EAAKnnB,EAAM,GAAK6lB,IAAO,GAAK,IAC5BsB,EAAKnnB,EAAM,GAAK6lB,IAAO,EAAI,IAC3BsB,EAAKnnB,EAAM,GAAK6lB,EAAK,IACrBsB,EAAKnnB,EAAM,GAAK8lB,IAAO,GACvBqB,EAAKnnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BqB,EAAKnnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BqB,EAAKnnB,EAAM,GAAK8lB,EAAK,IACrBqB,EAAKnnB,EAAM,GAAK+lB,IAAO,GACvBoB,EAAKnnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,IAAO,EAAI,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,EAAK,IACtBoB,EAAKnnB,EAAM,IAAMgmB,IAAO,GACxBmB,EAAKnnB,EAAM,IAAMgmB,IAAO,GAAK,IAC7BmB,EAAKnnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BmB,EAAKnnB,EAAM,IAAMgmB,EAAK,IAExB,OAAO,GAUT,SAASwE,EAAOxqB,GACdA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBmnB,EAAKnnB,EAAM,GAAKimB,IAAO,GACrBkB,EAAKnnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BkB,EAAKnnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BkB,EAAKnnB,EAAM,GAAKimB,EAAK,IACrBkB,EAAKnnB,EAAM,GAAKkmB,IAAO,GACvBiB,EAAKnnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BiB,EAAKnnB,EAAM,GAAKkmB,IAAO,EAAI,IAC3BiB,EAAKnnB,EAAM,GAAKkmB,EAAK,IACrBiB,EAAKnnB,EAAM,GAAKmmB,IAAO,GACvBgB,EAAKnnB,EAAM,GAAKmmB,IAAO,GAAK,IAC5BgB,EAAKnnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BgB,EAAKnnB,EAAM,IAAMmmB,EAAK,IACtBgB,EAAKnnB,EAAM,IAAMomB,IAAO,GACxBe,EAAKnnB,EAAM,IAAMomB,IAAO,GAAK,IAC7Be,EAAKnnB,EAAM,IAAMomB,IAAO,EAAI,IAC5Be,EAAKnnB,EAAM,IAAMomB,EAAK,IAExB,OAAO,GAQT,SAASqE,IACPzC,EAAS,EAAG,EAAG,EAAG,GAClBnB,EAAKhB,EACHiB,EAAKhB,EACLiB,EAAKhB,EACLiB,EAAKhB,EAYT,SAAS0E,EAAOC,EAAM3qB,EAAK4M,GACzB+d,EAAOA,EAAO,EACd3qB,EAAMA,EAAM,EACZ4M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI5qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ4M,EAAM,IAAM,GAAI,CACtBie,EAAcF,EAAO,GACnBxD,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,IAC7EmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,KAGjFmnB,EAAKnnB,EAAM,GAAK6lB,IAAO,GACrBsB,EAAKnnB,EAAM,GAAK6lB,IAAO,GAAK,IAC5BsB,EAAKnnB,EAAM,GAAK6lB,IAAO,EAAI,IAC3BsB,EAAKnnB,EAAM,GAAK6lB,EAAK,IACrBsB,EAAKnnB,EAAM,GAAK8lB,IAAO,GACvBqB,EAAKnnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BqB,EAAKnnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BqB,EAAKnnB,EAAM,GAAK8lB,EAAK,IACrBqB,EAAKnnB,EAAM,GAAK+lB,IAAO,GACvBoB,EAAKnnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,IAAO,EAAI,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,EAAK,IACtBoB,EAAKnnB,EAAM,IAAMgmB,IAAO,GACxBmB,EAAKnnB,EAAM,IAAMgmB,IAAO,GAAK,IAC7BmB,EAAKnnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BmB,EAAKnnB,EAAM,IAAMgmB,EAAK,IAExB4E,EAAOA,EAAM,GAAM,EACjB5qB,EAAOA,EAAM,GAAM,EACnB4M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAYf,SAASE,EAAIH,EAAM3qB,EAAK4M,GACtB+d,EAAOA,EAAO,EACd3qB,EAAMA,EAAM,EACZ4M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI5qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ4M,EAAM,IAAM,GAAI,CACtBme,EAAWJ,EAAO,GAChBxD,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,IAC7EmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,KAGjF4qB,EAAOA,EAAM,GAAM,EACjB5qB,EAAOA,EAAM,GAAM,EACnB4M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAMf,IAAIC,EAAgB,CAAC7C,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAMC,GAKvF,IAAIwC,EAAa,CAAC7C,EAAUM,GAK5B,MAAO,CACLK,WAAYA,EACZC,UAAWA,EACXK,OAAQA,EACRK,UAAWA,EACXK,SAAUA,EACVK,YAAaA,EACbK,UAAWA,EACXC,OAAQA,EACRC,SAAUA,EACVC,OAAQA,EACRI,IAAKA,GAxpBC,CAFG,CAACprB,WAAwBmiB,aA4pB5B4D,EAAS3kB,GAInB,OAFA6kB,EAAIqF,QApsBJ,SAAiBC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/C,IAAIC,EAAQhG,EAAK5c,SAAS,EAAO,IAC/B6iB,EAAQjG,EAAK5c,SAAS,IAAO,KAG/B4iB,EAAMvrB,IAAI,CAAC+qB,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,IACvC,IAAK,IAAI3rB,EAAImrB,EAAIW,EAAO,EAAG9rB,EAAI,EAAImrB,EAAK,GAAInrB,IAAK,CAC/C,IAAIgZ,EAAI4S,EAAM5rB,EAAI,IACbA,EAAImrB,GAAO,GAAc,IAAPA,GAAYnrB,EAAImrB,GAAO,KAC5CnS,EAAIgM,EAAShM,IAAM,KAAO,GAAKgM,EAAShM,IAAM,GAAK,MAAQ,GAAKgM,EAAShM,IAAM,EAAI,MAAQ,EAAIgM,EAAa,IAAJhM,IAEtGhZ,EAAImrB,GAAO,IACbnS,EAAKA,GAAK,EAAMA,IAAM,GAAO8S,GAAQ,GACrCA,EAAQA,GAAQ,GAAc,IAAPA,EAAe,GAAO,IAE/CF,EAAM5rB,GAAK4rB,EAAM5rB,EAAImrB,GAAMnS,EAI7B,IAAK,IAAIU,EAAI,EAAGA,EAAI1Z,EAAG0Z,GAAK,EAC1B,IAAK,IAAIqS,EAAK,EAAGA,EAAK,EAAGA,IAAM,CACzB/S,EAAI4S,EAAM5rB,GAAK,EAAI0Z,IAAM,EAAIqS,GAAM,GAErCF,EAAMnS,EAAIqS,GADRrS,EAAI,GAAKA,GAAK1Z,EAAI,EACJgZ,EAEAmM,EAAQ,GAAGH,EAAShM,IAAM,KACtCmM,EAAQ,GAAGH,EAAShM,IAAM,GAAK,MAC/BmM,EAAQ,GAAGH,EAAShM,IAAM,EAAI,MAC9BmM,EAAQ,GAAGH,EAAa,IAAJhM,IAM9B6M,EAAIkD,WAAWoC,EAAK,IAoqBftF,GA8CT,OAtCAH,EAAQsG,IAAM,CACZC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQL3G,EAAQ4G,IAAM,CACZL,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQP3G,EAAQ6G,IAAM,CACZL,IAAK,EACLM,IAAK,GAQT9G,EAAQ+G,UAAY,MAEb/G,CACT,CA36BqB,GC+Gd,SAASgH,GAASthB,GACrB,OAAOA,aAAaxL,UACxB,CAWO,SAAS+sB,GAAW/G,EAAMgH,GAC7B,MAAM7qB,EAAO6jB,EAAOA,EAAK1kB,WAAa0rB,GAAY,MAClD,GAAW,KAAP7qB,GAAgBA,GAAQ,EACxB,MAAU9B,MAAM,+DAEpB,OADA2lB,EAAOA,GAAQ,IAAIhmB,WAAW,IAAIsiB,YAAYngB,GAElD,CACO,SAAS8qB,GAAYjH,EAAMkH,EAAMjmB,EAAMkmB,EAAMC,GAChD,MAAMC,EAAOrH,EAAKznB,OAAS2uB,EACrBI,EAAOD,EAAOD,EAAOC,EAAOD,EAElC,OADApH,EAAKvlB,IAAIwG,EAAKmC,SAAS+jB,EAAMA,EAAOG,GAAOJ,GACpCI,CACX,CACO,SAASC,MAAaC,GACzB,MAAMC,EAAcD,EAAIE,QAAO,CAACC,EAAKC,IAASD,EAAMC,EAAKrvB,QAAQ,GAC3D2sB,EAAM,IAAIlrB,WAAWytB,GAC3B,IAAII,EAAS,EACb,IAAK,IAAIztB,EAAI,EAAGA,EAAIotB,EAAIjvB,OAAQ6B,IAC5B8qB,EAAIzqB,IAAI+sB,EAAIptB,GAAIytB,GAChBA,GAAUL,EAAIptB,GAAG7B,OAErB,OAAO2sB,CACX,CCvJO,MAAM4C,WAA0BztB,MACnCpD,eAAe8wB,GACX7wB,SAAS6wB,IAIV,MAAMC,WAA6B3tB,MACtCpD,eAAe8wB,GACX7wB,SAAS6wB,IAIV,MAAME,WAAsB5tB,MAC/BpD,eAAe8wB,GACX7wB,SAAS6wB,ICXjB,MAAMG,GAAY,GACZC,GAAW,GACV,MAAMC,GACTnxB,YAAY8W,EAAKsa,EAAIC,GAAU,EAAMrD,EAAMjF,EAAMC,GAC7C9oB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAK8tB,KAAOA,EAEZ9tB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAK4W,IAAMA,EACX5W,KAAKkxB,GAAKA,EACVlxB,KAAKmxB,QAAUA,EAEfnxB,KAAKoxB,YAAYvI,EAAMC,GAE3BsI,YAAYvI,EAAMC,GAMd,YALkB7nB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOA,GAAQkI,GAAUM,OAASzB,KAAa3jB,SAAS2b,GAAQ8H,WACrE1vB,KAAK8oB,IAAMA,GAAOkI,GAASK,OAAS,IAAIzJ,GAAQ,KAAM5nB,KAAK6oB,KAAK5kB,QAChEjE,KAAKsxB,MAAMtxB,KAAK4W,IAAK5W,KAAKkxB,KAEvB,CAAErI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEfqwB,MAAM1a,EAAKsa,GACP,MAAMpI,IAAEA,GAAQ9oB,KAAKoxB,cAEfI,EAAS5a,EAAIxV,OACnB,GAAe,KAAXowB,GAA4B,KAAXA,GAA4B,KAAXA,EAClC,MAAM,IAAIX,GAAqB,oBACnC,MAAMY,EAAU,IAAIrM,SAASxO,EAAI3S,OAAQ2S,EAAI1S,WAAY0S,EAAIzS,YAG7D,GAFA2kB,EAAIqF,QAAQqD,GAAU,EAAGC,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,IAAKF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,QAExQzwB,IAAPiwB,EAAkB,CAClB,GAAkB,KAAdA,EAAG9vB,OACH,MAAM,IAAIyvB,GAAqB,mBACnC,IAAIc,EAAS,IAAIvM,SAAS8L,EAAGjtB,OAAQitB,EAAGhtB,WAAYgtB,EAAG/sB,YACvD2kB,EAAIwD,OAAOqF,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,UAG3F5I,EAAIwD,OAAO,EAAG,EAAG,EAAG,GAG5BsF,oBAAoB9nB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQqH,IAAIjvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXigB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB2wB,EAAO,EAEP5B,EAAO,EACP1uB,EAAS,IAAIoB,WAFLkN,EAAMkgB,GAAS,IAG3B,KAAOA,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GACjCogB,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAKd,OAFA/P,KAAKmD,IAAMA,EACXnD,KAAK+P,IAAMA,EACJtO,EAEXuwB,qBACI,IAAInJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQqH,IAAIjvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXkiB,EAAO,GAAMliB,EAAM,GACnBmiB,EAAOniB,EACX,GAAI/P,KAAKmyB,eAAe,YACpB,GAAInyB,KAAKmxB,QAAS,CACd,IAAK,IAAIiB,EAAI,EAAGA,EAAIH,IAAQG,EACxBvJ,EAAK1lB,EAAM4M,EAAMqiB,GAAKH,EAE1BliB,GAAOkiB,EACPC,EAAOniB,OAEN,GAAIA,EAAM,GACX,MAAM,IAAI8gB,GAAqB,yDAInC9gB,GAAOkiB,EAEX,MAAMxwB,EAAS,IAAIoB,WAAWqvB,GAQ9B,OAPIniB,GACA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAC9BmiB,GACAzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IACxClyB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACE9vB,EAEX4wB,oBAAoBvoB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQ2H,IAAIvvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXigB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB2wB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBgC,EAAO,EACP9B,EAAO,EACPnwB,KAAKmxB,UACLc,EAAOliB,EAAMkgB,EAAOiC,GAAQ,GAC5BA,GAAQD,GAEZ,MAAMxwB,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAAQkgB,EAAc,EAAPgC,IAChD9B,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAKd,OAFA/P,KAAKmD,IAAMA,EACXnD,KAAK+P,IAAMA,EACJtO,EAEX6wB,qBACI,IAAIzJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQ2H,IAAIvvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXmiB,EAAOniB,EACX,GAAIA,EAAM,EAAG,CACT,GAAIA,EAAM,GAAI,CACV,GAAI/P,KAAKmyB,eAAe,WACpB,MAAM,IAAItB,GAAqB,oDAG/B9gB,GAAO,GAAMA,EAAM,GAI3B,GADA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAC1B/P,KAAKmyB,eAAe,YAAcnyB,KAAKmxB,QAAS,CAChD,IAAIoB,EAAM1J,EAAK1lB,EAAM+uB,EAAO,GAC5B,GAAIK,EAAM,GAAKA,EAAM,IAAMA,EAAML,EAC7B,MAAM,IAAIpB,GAAc,eAC5B,IAAI0B,EAAS,EACb,IAAK,IAAIvvB,EAAIsvB,EAAKtvB,EAAI,EAAGA,IACrBuvB,GAAUD,EAAM1J,EAAK1lB,EAAM+uB,EAAOjvB,GACtC,GAAIuvB,EACA,MAAM,IAAI1B,GAAc,eAC5BoB,GAAQK,GAGhB,MAAM9wB,EAAS,IAAIoB,WAAWqvB,GAO9B,OANIA,EAAO,GACPzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IAExClyB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACE9vB,GCtMR,MAAMgxB,GACT9K,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASuB,QAAQ5oB,GAE7C6d,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASwB,QAAQ7oB,GAE7ChK,YAAY8W,EAAKua,GAAU,EAAOyB,GAC9B5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,EAAWkwB,EAAS,OAE5DuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCb5B,SAASM,GAAIxxB,GACX,MAAMyxB,EAAI,SAASjc,GACjB,MAAMkc,EAAS,IAAIL,GAAQ7b,GAE3B5W,KAAK0yB,QAAU,SAASK,GACtB,OAAOD,EAAOJ,QAAQK,IAGxB/yB,KAAK2yB,QAAU,SAASI,GACtB,OAAOD,EAAOH,QAAQI,KAO1B,OAHAF,EAAEG,UAAYH,EAAE7xB,UAAUgyB,UAAY,GACtCH,EAAEI,QAAUJ,EAAE7xB,UAAUiyB,QAAU7xB,EAAS,EAEpCyxB,CACT,CCAA,SAASK,GAAIC,EAAM5Z,EAASmZ,EAAS5E,EAAMoD,EAAIC,GAE7C,MAAMiC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI1wB,EACA0Z,EACAiX,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAdAnnB,EAAI,EAeJ2C,EAAMwJ,EAAQnY,OAGlB,MAAMozB,EAA6B,KAAhBrB,EAAK/xB,OAAgB,EAAI,EAE1C6yB,EADiB,IAAfO,EACQ9B,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFnZ,EAqQJ,SAAuBA,EAAS4X,GAC9B,MAAMsD,EAAY,EAAKlb,EAAQnY,OAAS,EAExC,IAAImxB,EACJ,GAAgB,IAAZpB,GAAkBsD,EAAY,EAChClC,EAAM,QACD,GAAgB,IAAZpB,EACToB,EAAMkC,MACD,IAAKtD,KAAYsD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOlb,EAEP,MAAUrW,MAAM,wBAJhBqvB,EAAM,EAOR,MAAMmC,EAAgB,IAAI7xB,WAAW0W,EAAQnY,OAASqzB,GACtD,IAAK,IAAIxxB,EAAI,EAAGA,EAAIsW,EAAQnY,OAAQ6B,IAClCyxB,EAAczxB,GAAKsW,EAAQtW,GAE7B,IAAK,IAAI0Z,EAAI,EAAGA,EAAI8X,EAAW9X,IAC7B+X,EAAcnb,EAAQnY,OAASub,GAAK4V,EAGtC,OAAOmC,CACT,CA9RcC,CAAcpb,EAAS4X,GACjCphB,EAAMwJ,EAAQnY,QAIhB,IAAIK,EAAS,IAAIoB,WAAWkN,GACxBkM,EAAI,EASR,IAPa,IAAT6R,IACFoG,EAAWhD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KAClEgnB,EAAYlD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KACnEA,EAAI,GAICA,EAAI2C,GAAK,CAsCd,IArCAgkB,EAAQxa,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KACnF4mB,EAASza,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KAGvE,IAAT0gB,IACE4E,GACFqB,GAAQG,EACRF,GAASI,IAETD,EAAWD,EACXG,EAAYD,EACZF,EAAUH,EACVK,EAAWJ,IAKfJ,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BrX,EAAI,EAAGA,EAAI6X,EAAY7X,GAAK,EAAG,CAIlC,IAHA2X,EAAUL,EAAQtX,EAAI,GACtB4X,EAAUN,EAAQtX,EAAI,GAEjB1Z,EAAIgxB,EAAQtX,GAAI1Z,IAAMqxB,EAASrxB,GAAKsxB,EACvCV,EAASG,EAAQb,EAAKlwB,GACtB6wB,GAAWE,IAAU,EAAMA,GAAS,IAAOb,EAAKlwB,EAAI,GAEpD2wB,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,EAIVG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGJ,IAAT9F,IACE4E,GACFwB,EAAUH,EACVK,EAAWJ,IAEXD,GAAQI,EACRH,GAASK,IAIb5yB,EAAOwa,KAAQ8X,IAAS,GACxBtyB,EAAOwa,KAAS8X,IAAS,GAAM,IAC/BtyB,EAAOwa,KAAS8X,IAAS,EAAK,IAC9BtyB,EAAOwa,KAAe,IAAP8X,EACftyB,EAAOwa,KAAQ+X,IAAU,GACzBvyB,EAAOwa,KAAS+X,IAAU,GAAM,IAChCvyB,EAAOwa,KAAS+X,IAAU,EAAK,IAC/BvyB,EAAOwa,KAAgB,IAAR+X,EAQjB,OAJKtB,IACHjxB,EA4KJ,SAA0B8X,EAAS4X,GACjC,IACIoB,EADAkC,EAAY,KAEhB,GAAgB,IAAZtD,EACFoB,EAAM,QACD,GAAgB,IAAZpB,EACTsD,EAAYlb,EAAQA,EAAQnY,OAAS,OAChC,IAAK+vB,EAGV,MAAUjuB,MAAM,wBAFhBqvB,EAAM,EAKR,IAAKkC,EAAW,CAEd,IADAA,EAAY,EACLlb,EAAQA,EAAQnY,OAASqzB,KAAelC,GAC7CkC,IAEFA,IAGF,OAAOlb,EAAQtN,SAAS,EAAGsN,EAAQnY,OAASqzB,EAC9C,CAlMaG,CAAiBnzB,EAAQ0vB,IAG7B1vB,CACT,CAOA,SAASozB,GAAcje,GAErB,MAAMke,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa5d,EAAIxV,OAAS,EAAI,EAAI,EAElC+xB,EAAWtzB,MAAM,GAAK20B,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAlC,EAFAxmB,EAAI,EACJhB,EAAI,EAGR,IAAK,IAAIuQ,EAAI,EAAGA,EAAI6X,EAAY7X,IAAK,CACnC,IAAIoX,EAAQnd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KACnE4mB,EAASpd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KAExEwmB,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAI3wB,EAAI,EAAGA,EAAI2yB,GAAe3yB,IAE7B2yB,EAAO3yB,IACT8wB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMV6B,EAAWf,EAAUf,IAAS,IAAMgB,EAAWhB,IAAS,GAAM,IAAOiB,EAAWjB,IAAS,GAAM,IAAOkB,EACpGlB,IAAS,GAAM,IAAOmB,EAAWnB,IAAS,GAAM,IAAOoB,EAAWpB,IAAS,EAAK,IAAOqB,EAAWrB,IAAS,EAC3G,IACF+B,EAAYT,EAAUrB,IAAU,IAAMsB,EAAWtB,IAAU,GAAM,IAAOuB,EAAWvB,IAAU,GAAM,IACjGwB,EAAYxB,IAAU,GAAM,IAAOyB,EAAYzB,IAAU,GAAM,IAAO0B,EAAY1B,IAAU,EAAK,IACjG2B,EAAY3B,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCkC,IAAc,GAAMD,GAC7B1C,EAAK/mB,KAAOypB,EAAWjC,EACvBT,EAAK/mB,KAAO0pB,EAAalC,GAAQ,GAIrC,OAAOT,CACT,CAwDO,SAAS4C,GAAUnf,GACxB5W,KAAK4W,IAAM,GAEX,IAAK,IAAI3T,EAAI,EAAGA,EAAI,EAAGA,IACrBjD,KAAK4W,IAAI/U,KAAK,IAAIgB,WAAW+T,EAAI3K,SAAa,EAAJhJ,EAAY,EAAJA,EAAS,KAG7DjD,KAAK0yB,QAAU,SAASK,GACtB,OAAOG,GACL2B,GAAc70B,KAAK4W,IAAI,IACvBsc,GACE2B,GAAc70B,KAAK4W,IAAI,IACvBsc,GACE2B,GAAc70B,KAAK4W,IAAI,IACvBmc,GAAO,EAAM,EAAG,KAAM,OAExB,EAAO,EAAG,KAAM,OACf,EAAM,EAAG,KAAM,MAGxB,CCtbA,SAASiD,KACPh2B,KAAKi2B,UAAY,EACjBj2B,KAAKk2B,QAAU,GAEfl2B,KAAKm2B,OAAS,SAASvf,GAMrB,GALA5W,KAAKo2B,QAAcv2B,MAAM,IACzBG,KAAKq2B,OAAax2B,MAAM,IAExBG,KAAKsxB,QAED1a,EAAIxV,SAAWpB,KAAKk2B,QAGtB,MAAUhzB,MAAM,mCAElB,OAJElD,KAAKs2B,YAAY1f,IAIZ,GAGT5W,KAAKsxB,MAAQ,WACX,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKo2B,QAAQnzB,GAAK,EAClBjD,KAAKq2B,OAAOpzB,GAAK,GAIrBjD,KAAKu2B,aAAe,WAClB,OAAOv2B,KAAKi2B,WAGdj2B,KAAK0yB,QAAU,SAAS8D,GACtB,MAAMC,EAAU52B,MAAM22B,EAAIp1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIuzB,EAAIp1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIgb,EAFAyY,EAAKF,EAAIvzB,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GACtE0K,EAAK6oB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GAG9Egb,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJwY,EAAIxzB,GAAM0K,IAAM,GAAM,IACtB8oB,EAAIxzB,EAAI,GAAM0K,IAAM,GAAM,IAC1B8oB,EAAIxzB,EAAI,GAAM0K,IAAM,EAAK,IACzB8oB,EAAIxzB,EAAI,GAAS,IAAJ0K,EACb8oB,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,IAAM,EAAK,IACzBD,EAAIxzB,EAAI,GAAS,IAAJyzB,EAGf,OAAOD,GAGTz2B,KAAK2yB,QAAU,SAAS6D,GACtB,MAAMC,EAAU52B,MAAM22B,EAAIp1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIuzB,EAAIp1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIgb,EAFAyY,EAAKF,EAAIvzB,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GACtE0K,EAAK6oB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GAG9Egb,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJwY,EAAIxzB,GAAM0K,IAAM,GAAM,IACtB8oB,EAAIxzB,EAAI,GAAM0K,IAAM,GAAM,IAC1B8oB,EAAIxzB,EAAI,GAAM0K,IAAM,EAAK,IACzB8oB,EAAIxzB,EAAI,GAAS,IAAJ0K,EACb8oB,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,GAAK,GAAM,IACzBD,EAAIxzB,EAAI,GAAMyzB,GAAK,EAAK,IACxBD,EAAIxzB,EAAI,GAAS,IAAJyzB,EAGf,OAAOD,GAET,MAAMK,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGlO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASJ,EAAGnO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASH,EAAGpO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,GA7FhGD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnC/2B,KAAKs2B,YAAc,SAASY,GAC1B,MAAMjZ,aACAhC,EAAQpc,MAAM,IAEpB,IAAI8c,EAEJ,IAAK,IAAI1Z,EAAI,EAAGA,EAAI,EAAGA,IACrB0Z,EAAQ,EAAJ1Z,EACJgb,EAAEhb,GAAMi0B,EAAIva,IAAM,GAAOua,EAAIva,EAAI,IAAM,GAAOua,EAAIva,EAAI,IAAM,EAAKua,EAAIva,EAAI,GAG3E,MAAM7P,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIqqB,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK3a,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtO,EAAIyoB,EAAUQ,GAAO3a,GAC3Bwa,EAAIlZ,EAAE5P,EAAE,IAER8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAKnqB,EAAE6P,IAAKsB,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D4P,EAAE5P,EAAE,IAAM8oB,EAGZ,IAAKxa,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM1O,EAAI8oB,EAAUO,GAAO3a,GAC3Bwa,EAAIF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,EAAIta,GAAIsB,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7DgO,EAAEmb,GAAMD,EACRC,KAKN,IAAK,IAAIn0B,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKo2B,QAAQnzB,GAAKgZ,EAAEhZ,GACpBjD,KAAKq2B,OAAOpzB,GAAiB,GAAZgZ,EAAE,GAAKhZ,IAwB5B,MAAMg0B,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASM,GAAM3gB,GACb5W,KAAKqT,MAAQ,IAAI2iB,GACjBh2B,KAAKqT,MAAM8iB,OAAOvf,GAElB5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAKqT,MAAMqf,QAAQK,GAE9B,CDpJAgD,GAAU9C,QAAU8C,GAAU/0B,UAAUiyB,QAAU,GAClD8C,GAAU/C,UAAY+C,GAAU/0B,UAAUgyB,UAAY,ECqJtDuE,GAAMvE,UAAYuE,GAAMv2B,UAAUgyB,UAAY,EAC9CuE,GAAMtE,QAAUsE,GAAMv2B,UAAUiyB,QAAU,GCpkB1C,MAAMuE,GAAS,WAEf,SAASC,GAAKN,EAAG/qB,GACf,OAAQ+qB,GAAK/qB,EAAI+qB,IAAO,GAAK/qB,GAAMorB,EACrC,CAEA,SAASE,GAAKrpB,EAAGpL,GACf,OAAOoL,EAAEpL,GAAKoL,EAAEpL,EAAI,IAAM,EAAIoL,EAAEpL,EAAI,IAAM,GAAKoL,EAAEpL,EAAI,IAAM,EAC7D,CAEA,SAAS00B,GAAKtpB,EAAGpL,EAAGk0B,GAClB9oB,EAAEupB,OAAO30B,EAAG,EAAO,IAAJk0B,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASU,GAAK/qB,EAAGV,GACf,OAAQU,IAAW,EAAJV,EAAU,GAC3B,CAkSA,SAAS0rB,GAAGlhB,GACV5W,KAAK+3B,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMvrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASwrB,EAAMxrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASyrB,EAAQ5qB,EAAG6qB,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAC7DnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAGhE,SAASiB,EAAQx1B,EAAGu1B,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,IAAOu0B,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,IAAOu0B,GAAQ,IAClEnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,GAAMu0B,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,GAAMu0B,GAAQ,IAsDnE,MAAO,CACLtsB,KAAM,UACNwtB,UAAW,GACXC,KAhQF,SAAiB/hB,GAEf,IAAI3T,EACAoL,EACAJ,EACAmO,EACAqM,EALJuP,EAAWphB,EAMX,MAAMgiB,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DnrB,EAAI,CACR,GACA,IAEIlB,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASssB,EAAM5sB,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,GAG1C,SAAS6sB,EAAM7sB,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,GAGrD,SAAS8sB,EAAOxH,EAAG9jB,GACjB,IAAIrL,EACAgb,EACA4b,EACJ,IAAK52B,EAAI,EAAGA,EAAI,EAAGA,IACjBgb,EAAI3P,IAAM,GACVA,EAAMA,GAAK,EAAKkpB,GAAUpF,IAAM,GAChCA,EAAKA,GAAK,EAAKoF,GACfqC,EAAI5b,GAAK,EACD,IAAJA,IACF4b,GAAK,KAEPvrB,GAAK2P,EAAK4b,GAAK,GACfA,GAAK5b,IAAM,EACH,EAAJA,IACF4b,GAAK,KAEPvrB,GAAKurB,GAAK,GAAKA,GAAK,EAEtB,OAAOvrB,EAGT,SAASwrB,EAAG1tB,EAAGU,GACb,MAAMuB,EAAIvB,GAAK,EACTmB,EAAQ,GAAJnB,EACJsP,EAAIgd,EAAGhtB,GAAGiC,EAAIJ,GACdwa,EAAI4Q,EAAGjtB,GAAGotB,EAAKvrB,GAAKwrB,EAAKprB,IAC/B,OAAOkrB,EAAGntB,GAAGotB,EAAK/Q,GAAKgR,EAAKrd,KAAO,EAAIkd,EAAGltB,GAAGgQ,EAAIqM,GAGnD,SAASsR,EAAKjtB,EAAG8J,GACf,IAAIvI,EAAIwpB,GAAK/qB,EAAG,GACZmB,EAAI4pB,GAAK/qB,EAAG,GACZsP,EAAIyb,GAAK/qB,EAAG,GACZ2b,EAAIoP,GAAK/qB,EAAG,GAChB,OAAQisB,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD3I,EAAIK,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnDwF,EAAI9N,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD6R,EAAIna,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GAEvD,OAAOxJ,EAAE,GAAGiB,GAAKjB,EAAE,GAAGa,GAAKb,EAAE,GAAGgP,GAAKhP,EAAE,GAAGqb,GAK5C,IAFAuP,EAAWA,EAASt2B,MAAM,EAAG,IAC7BuB,EAAI+0B,EAAS52B,OACA,KAAN6B,GAAkB,KAANA,GAAkB,KAANA,GAC7B+0B,EAAS/0B,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAI+0B,EAAS52B,OAAQ6B,GAAK,EACpC61B,EAAM71B,GAAK,GAAKy0B,GAAKM,EAAU/0B,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBqL,EAAE,GAAGrL,GAAK62B,EAAG,EAAG72B,GAChBqL,EAAE,GAAGrL,GAAK62B,EAAG,EAAG72B,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBg2B,EAAM3qB,EAAE,GAAGrL,GACXi2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGnK,GAAKg2B,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnD/rB,EAAE,GAAGnK,GAAKi2B,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM3qB,EAAE,GAAGrL,GACXi2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGnK,GAAKk2B,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD7rB,EAAE,GAAGnK,GAAKi2B,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM13B,OAAS,EACjB6B,EAAI,EAAGA,EAAI81B,EAAM91B,IACpBoL,EAAIyqB,EAAM71B,EAAIA,GACd21B,EAAM31B,GAAKoL,EACXJ,EAAI6qB,EAAM71B,EAAIA,EAAI,GAClB41B,EAAM51B,GAAKgL,EACX+qB,EAAKD,EAAO91B,EAAI,GAAK22B,EAAOvrB,EAAGJ,GAEjC,IAAKhL,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBoL,EAAI,SAAYpL,EAChBgL,EAAII,EAAI,SACRA,EAAI0rB,EAAK1rB,EAAGuqB,GACZ3qB,EAAIwpB,GAAKsC,EAAK9rB,EAAG4qB,GAAQ,GACzBV,EAAOl1B,GAAMoL,EAAIJ,EAAKupB,GACtBW,EAAOl1B,EAAI,GAAKw0B,GAAKppB,EAAI,EAAIJ,EAAG,GAElC,IAAKhL,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAoL,EAAIJ,EAAImO,EAAIqM,EAAIxlB,EACR81B,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,MA0FzEh3B,MAvDF,WACEm2B,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,KAkDF1F,QA9CF,SAAoB5oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,EAAI,EAAGA,IACrB4b,EAAQ5b,EAAG6b,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,GAgCPtF,QA7BF,SAAoB7oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,GAAK,EAAGA,IACtB8b,EAAQ9b,EAAG6b,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,IAiBd8B,SAZF,WACE,OAAO/B,GAaX,CAKYgC,GACVj6B,KAAK+3B,GAAGY,KAAK94B,MAAMkiB,KAAKnL,GAAM,GAE9B5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAK+3B,GAAGrF,QAAQ7yB,MAAMkiB,KAAKgR,GAAQ,GAE9C,CCxUA,SAASmH,MAqXT,SAASC,GAAGvjB,GACV5W,KAAKo6B,GAAK,IAAIF,GACdl6B,KAAKo6B,GAAGC,KAAKzjB,GAEb5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAKo6B,GAAGE,aAAavH,GAEhC,CDlDA+E,GAAG7E,QAAU6E,GAAG92B,UAAUiyB,QAAU,GACpC6E,GAAG9E,UAAY8E,GAAG92B,UAAUgyB,UAAY,GCrUxCkH,GAASl5B,UAAUu5B,UAAY,EAK/BL,GAASl5B,UAAUw5B,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,GAASl5B,UAAUy5B,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,GAASl5B,UAAU05B,GAAK,GASxBR,GAASl5B,UAAU25B,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,WAEZ,OAAOA,CACT,EAKAV,GAASl5B,UAAU65B,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAK96B,KAAKm7B,OAAO,GAAGD,GAAMl7B,KAAKm7B,OAAO,GAAGF,GACzCH,GAAM96B,KAAKm7B,OAAO,GAAGH,GACrBF,GAAM96B,KAAKm7B,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,GAASl5B,UAAUo6B,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAKt7B,KAAK06B,KAAMY,EAAI,CAC/BC,GAASv7B,KAAKy7B,OAAOH,GACrBE,EAAQx7B,KAAK66B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASv7B,KAAKy7B,OAAOz7B,KAAK06B,GAAK,GAC/Bc,GAASx7B,KAAKy7B,OAAOz7B,KAAK06B,GAAK,GAE/BW,EAAK,GAAKr7B,KAAK26B,OAAOa,GACtBH,EAAK,GAAKr7B,KAAK26B,OAAOY,EACxB,EAWArB,GAASl5B,UAAUs5B,aAAe,SAASoB,GACzC,IAAIJ,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXM,EAAM37B,KAAKu6B,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAKt7B,KAAKu6B,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBK,EAAOJ,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBK,EAAOJ,EAAKK,GAG1C37B,KAAKo7B,cAAcC,GAEnB,MAAMtN,EAAM,GACZ,IAAKuN,EAAK,EAAGA,EAAKt7B,KAAKu6B,UAAY,IAAKe,EACtCvN,EAAIuN,EAAK,GAAOD,EAAK,KAAQ,GAAK,IAAa,IAC/CtN,EAAIuN,EAAKK,GAASN,EAAK,KAAQ,GAAK,IAAa,IAKnD,OAAOtN,CACT,EAMAmM,GAASl5B,UAAU46B,cAAgB,SAASP,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAKt7B,KAAK06B,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAASv7B,KAAKy7B,OAAOH,GACrBE,EAAQx7B,KAAK66B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASv7B,KAAKy7B,OAAO,GACrBD,GAASx7B,KAAKy7B,OAAO,GAErBJ,EAAK,GAAKr7B,KAAK26B,OAAOa,GACtBH,EAAK,GAAKr7B,KAAK26B,OAAOY,EACxB,EAMArB,GAASl5B,UAAUq5B,KAAO,SAASzjB,GACjC,IAAI0kB,EACAtM,EAAK,EAGT,IADAhvB,KAAKy7B,OAAS,GACTH,EAAK,EAAGA,EAAKt7B,KAAK06B,GAAK,IAAKY,EAAI,CACnC,IAAIxxB,EAAO,EACX,IAAK,IAAI+xB,EAAK,EAAGA,EAAK,IAAKA,EACzB/xB,EAAQA,GAAQ,EAAgB,IAAV8M,EAAIoY,KACpBA,GAAMpY,EAAIxV,SACd4tB,EAAK,GAGThvB,KAAKy7B,OAAOH,GAAMt7B,KAAKy6B,OAAOa,GAAMxxB,EAItC,IADA9J,KAAKm7B,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAt7B,KAAKm7B,OAAOG,GAAM,GACbtM,EAAK,EAAGA,EAAK,MAAOA,EACvBhvB,KAAKm7B,OAAOG,GAAItM,GAAMhvB,KAAKw6B,OAAOc,GAAItM,GAI1C,MAAMqM,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAKt7B,KAAK06B,GAAK,EAAGY,GAAM,EACnCt7B,KAAKo7B,cAAcC,GACnBr7B,KAAKy7B,OAAOH,EAAK,GAAKD,EAAK,GAC3Br7B,KAAKy7B,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKtM,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BhvB,KAAKo7B,cAAcC,GACnBr7B,KAAKm7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,GAC/Br7B,KAAKm7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,EAGrC,EAYAlB,GAAGlH,QAAUkH,GAAGn5B,UAAUiyB,QAAU,GACpCkH,GAAGnH,UAAYmH,GAAGn5B,UAAUgyB,UAAY,ECvXjC,MAAMzf,GAASqf,GAAI,KASbpf,GAASof,GAAI,KASbnf,GAASmf,GAAI,KAEbM,GJqaN,SAAatc,GAClB5W,KAAK4W,IAAMA,EAEX5W,KAAK0yB,QAAU,SAASK,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc70B,KAAK4W,KACfmc,GAAO,EAAM,EAAG,KAAM5B,IAGzCnxB,KAAK2yB,QAAU,SAASI,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc70B,KAAK4W,KACfmc,GAAO,EAAO,EAAG,KAAM5B,GAE5C,mGIzayB4E,SAQJwB,WAQEO,YAQCqC,QAMJ,WAClB,MAAUj3B,MAAM,+CAClB,IChFW44B,GAAW,SAAW/S,EAAQH,EAAS3kB,GAC9C,UAGA,IAAI+lB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EACrCC,EAAS,EAAGC,EAAS,EAGzB,IAAI7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EACrCC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAGzC,IAAIlS,EAAO,IAAItB,EAAOlmB,WAAWoB,GAEjC,SAASsmB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGpkB,EAAI,EAAG+H,EAAI,EAAG6R,EAAI,EAC9Cuf,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACjCC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAE3FlzB,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ9lB,EAAI03B,EAGJ9d,EAAMue,GAAOnuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMwe,GAAOpuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMye,GAAOruB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM0e,GAAOtuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM2e,GAAOvuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM4e,GAAOxuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM6e,GAAOzuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM8e,GAAO1uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM+e,GAAO3uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMgf,GAAO5uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMif,GAAQ7uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMkf,GAAQ9uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMmf,GAAQ/uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMof,GAAQhvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMqf,GAAQjvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMsf,GAAQlvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIixB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOpxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuf,GAAQnvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOrxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwf,GAAQpvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOtxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyf,GAAQrvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOvxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0f,GAAQtvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOxxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2f,GAAQvvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOzxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4f,GAAQxvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO1xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6f,GAAQzvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO3xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8f,GAAQ1vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyxB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+f,GAAQ3vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKggB,GAAQ5vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKigB,GAAQ7vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO/xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkgB,GAAQ9vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOhyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmgB,GAAQ/vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOjyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKogB,GAAQhwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOlyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqgB,GAAQjwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOnyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKsgB,GAAQlwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIiyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOpyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKugB,GAAQnwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOryB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwgB,GAAQpwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOtyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKygB,GAAQrwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOvyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0gB,GAAQtwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOxyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2gB,GAAQvwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOzyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4gB,GAAQxwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO1yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6gB,GAAQzwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO3yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8gB,GAAQ1wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+gB,GAAQ3wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKghB,GAAQ5wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO9yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKihB,IAAQ7wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO/yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkhB,IAAQ9wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOhzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmhB,IAAQ/wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOjzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKohB,IAAQhxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOlzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqhB,IAAQjxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOnzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKshB,IAAQlxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIizB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOpzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuhB,IAAQnxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOrzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwhB,IAAQpxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOtzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyhB,IAAQrxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIozB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOvzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0hB,IAAQtxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOxzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2hB,IAAQvxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIszB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOzzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4hB,IAAQxxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO1zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6hB,IAAQzxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO3zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8hB,IAAQ1xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyzB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO5zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+hB,IAAQ3xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO7zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKgiB,IAAQ5xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO9zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKiiB,IAAQ7xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkiB,IAAQ9xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmiB,IAAQ/xB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKoiB,IAAQhyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqiB,IAAQjyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsiB,IAAQlyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKuiB,IAAQnyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIk0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOr0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKwiB,IAAQpyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIm0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOt0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKyiB,IAAQryB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIo0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOv0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK0iB,IAAQtyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIq0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOx0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK2iB,IAAQvyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIs0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOz0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK4iB,IAAQxyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIu0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO10B,GAAK,EAAMA,IAAM,GACxB6R,EAAK6iB,IAAQzyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIw0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO30B,GAAK,EAAMA,IAAM,GACxB6R,EAAK8iB,IAAQ1yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIy0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO50B,GAAK,EAAMA,IAAM,GACxB6R,EAAK+iB,IAAQ3yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI00B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO70B,GAAK,EAAMA,IAAM,GACxB6R,EAAKgjB,IAAQ5yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI20B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO90B,GAAK,EAAMA,IAAM,GACxB6R,EAAKijB,IAAQ7yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI40B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKkjB,IAAQ9yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI60B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmjB,IAAQ/yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI80B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKojB,IAAQhzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqjB,IAAQjzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsjB,IAAQlzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAEpD+L,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK13B,EAAI,EAIpB,SAASm9B,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IAGzB,SAASzK,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLC,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAQC,GACxCN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACL9F,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS3/B,EAAU8N,EAAQ/O,GACvB+O,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAEhB,IAAI6gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAS/O,EAAO,IAAM,GAAK,CACvBogC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzB/O,EAAWA,EAAS,GAAK,EAEzB6gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQ/O,EAAQyI,GAC9BsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTh/B,EAAI,EAER,GAAKkN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAMzI,EAAO,IAAM,GAAK,CACpB6gC,EAAS5/B,EAAS8N,EAAQ/O,GAAS,EACnC,IAAM6gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B7gC,EAAWA,EAAS6gC,EAAS,EAGjCA,EAAWA,EAAS7gC,EAAS,EAC7B46B,EAAWA,EAAS56B,EAAS,EAC7B,GAAK46B,IAAS,EAAI56B,IAAS,EAAI66B,EAAUA,EAAS,EAAG,EAErD5R,EAAKla,EAAO/O,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,KACrBu+B,EAAWrxB,GAEX/O,EAAS,EAETipB,EAAKla,EAAO,GAAK,EAGrB,IAAMlN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,EAErBonB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACLF,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACLP,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EAGLzK,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EAELC,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQ/O,EAAQyI,GACnCsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGtB,EAAS,EAErD,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQ/O,GAAS,GAAI,EACtCkiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAElE,IAAM15B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQ/O,EAAQ2xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChB2xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACrCwB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAEzC,GAAKpzB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAO/O,EAAQ,GAAO2xB,IAAQ,GACpC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,EAAM,IAGlCsQ,EAAalzB,EAAS/O,EAAO,EAAG,GAAI,GAAI,EACxCsgC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAClE0H,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzC2F,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EAEV0H,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EAEL,IAAMj4B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNh4B,QAASA,EACTuH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,EC/1BO,MAAME,GACT5jC,cACIE,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EAEfuhB,QACI,MAAMxI,IAAEA,GAAQ9oB,KAAKoxB,cAKrB,OAJApxB,KAAKyB,OAAS,KACdzB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX+Y,EAAIwI,QACGtxB,KAEXqC,QAAQyH,GACJ,GAAoB,OAAhB9J,KAAKyB,OACL,MAAM,IAAIkvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAKoxB,cAC3B,IAAIrB,EAAO/vB,KAAKmD,IACZ+sB,EAAOlwB,KAAK+P,IACZigB,EAAO,EACPC,EAAOnmB,EAAK1I,OACZ+uB,EAAO,EACX,KAAOF,EAAO,GACVE,EAAOL,GAAYjH,EAAMkH,EAAOG,EAAMpmB,EAAMkmB,EAAMC,GAClDC,GAAQC,EACRH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAIzmB,QAAQ0tB,EAAMG,GACzBH,GAAQI,EACRD,GAAQC,EACHD,IACDH,EAAO,GAIf,OAFA/vB,KAAKmD,IAAM4sB,EACX/vB,KAAK+P,IAAMmgB,EACJlwB,KAEX4J,SACI,GAAoB,OAAhB5J,KAAKyB,OACL,MAAM,IAAIkvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAKoxB,cAO3B,OANAtI,EAAIlf,OAAO5J,KAAKmD,IAAKnD,KAAK+P,IAAK,GAC/B/P,KAAKyB,OAAS,IAAIoB,WAAW7C,KAAK2jC,WAClC3jC,KAAKyB,OAAO6B,IAAIulB,EAAK5c,SAAS,EAAGjM,KAAK2jC,YACtC3jC,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACEvxB,MC9CR,MAED+wB,GAAY,GACZC,GAAW,GACV,MAAM4S,WAAaF,GACtB5jC,cACIC,QACAC,KAAK6jC,KAAO,OACZ7jC,KAAK8jC,WARmB,GASxB9jC,KAAK2jC,UARkB,GASvB3jC,KAAKoxB,cAETA,cAMI,YALkBnwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOkI,GAAUM,OAASzB,KAC/B5vB,KAAK8oB,IAAMkI,GAASK,OAASyK,GAAS,CAAEj5B,YAA0B,KAAM7C,KAAK6oB,KAAK5kB,QAClFjE,KAAKsxB,SAEF,CAAEzI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEf0mB,aAAa7d,GACT,OAAO,IAAI85B,IAAOvhC,QAAQyH,GAAMF,SAASnI,QAGjDmiC,GAAKC,KAAO,OACZD,GAAK7S,UAAY,GACjB6S,GAAK5S,SAAW,GAChB4S,GAAKG,aAAejI,GCnCb,MAED/K,GAAY,GACZC,GAAW,GACV,MAAMgT,WAAeN,GACxB5jC,cACIC,QACAC,KAAK6jC,KAAO,SACZ7jC,KAAK8jC,WARqB,GAS1B9jC,KAAK2jC,UARoB,GASzB3jC,KAAKoxB,cAETA,cAMI,YALkBnwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOkI,GAAUM,OAASzB,KAC/B5vB,KAAK8oB,IAAMkI,GAASK,OClBR,SAAWtI,EAAQH,EAAS3kB,GAChD,UAGA,IAAI+lB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAS,EAAGC,EAAS,EAGrB7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGgI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAG7Dpa,EAAO,IAAItB,EAAOlmB,WAAWoB,GAEjC,SAASsmB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGpkB,EAAI,EAAGqgC,EAAI,EAAGC,EAAI,EAAGxoB,EAAI,EAEzD9N,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ9lB,EAAI03B,EACJ2I,EAAIT,EACJU,EAAIT,EACJ/nB,EAAIgoB,EAGJhoB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtgC,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGkO,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtgC,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAEhG+b,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK13B,EAAI,EAChB4/B,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKhoB,EAAI,EAGpB,SAASqlB,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IACrB1R,EAAKxgB,EAAO,IAAMo6B,IAAK,GACvB5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,GAAG,IAC1B5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,EAAE,IACzB5Z,EAAKxgB,EAAO,IAAMo6B,EAAG,IACrB5Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GACvB7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GAAG,IAC1B7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,EAAE,IACzB7Z,EAAKxgB,EAAO,IAAMq6B,EAAG,IACrB7Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GACvB9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GAAG,IAC1B9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,EAAE,IACzB9Z,EAAKxgB,EAAO,IAAMs6B,EAAG,IAGzB,SAAS7S,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLkI,EAAK,WACLC,EAAK,WACLC,EAAK,WACLnI,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAI8C,EAAIC,EAAIC,EAAI/C,EAAQC,GACpDN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR8C,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR/C,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EACL9I,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS3/B,EAAU8N,EAAQ/O,GACvB+O,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAEhB,IAAI6gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAS/O,EAAO,IAAM,GAAK,CACvBogC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzB/O,EAAWA,EAAS,GAAK,EAEzB6gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQ/O,EAAQyI,GAC9BsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTh/B,EAAI,EAER,GAAKkN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAMzI,EAAO,IAAM,GAAK,CACpB6gC,EAAS5/B,EAAS8N,EAAQ/O,GAAS,EACnC,IAAM6gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B7gC,EAAWA,EAAS6gC,EAAS,EAGjCA,EAAWA,EAAS7gC,EAAS,EAC7B46B,EAAWA,EAAS56B,EAAS,EAC7B,GAAK46B,IAAS,EAAI56B,IAAS,EAAI66B,EAAWA,EAAS,EAAI,EAEvD5R,EAAKla,EAAO/O,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,KAErBu+B,EAAWrxB,GAEX/O,EAAS,EAETipB,EAAKla,EAAO,GAAK,EAGrB,IAAMlN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,EAErBonB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACL+H,EAAKG,EACLF,EAAKG,EACLF,EAAKG,EACLtI,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACL0H,EAAKM,EACLL,EAAKM,EACLL,EAAKM,EACLzI,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EACLwI,EAAKN,EACLO,EAAKN,EACLO,EAAKN,EAGL7S,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EACLqI,EAAKH,EACLI,EAAKH,EACLI,EAAKH,EAELnI,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQ/O,EAAQyI,GACnCsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DhD,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQ/O,GAAS,GAAI,EACtCkiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAErE,IAAMp7B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQ/O,EAAQ2xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChB2xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG8C,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DxB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAEjE,GAAK90B,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAO/O,EAAQ,GAAO2xB,IAAQ,GACpC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,EAAM,IAGlCsQ,EAAalzB,EAAS/O,EAAO,EAAG,GAAI,GAAI,EACxCsgC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAAI6I,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAC5GV,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEzC,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EACV6I,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EAEVV,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EAEL,IAAMj7B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNh4B,QAASA,EACTuH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,CDtyByC0B,CAAW,CAAEriC,YAA0B,KAAM7C,KAAK6oB,KAAK5kB,QACpFjE,KAAKsxB,SAEF,CAAEzI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEf0mB,aAAa7d,GACT,OAAO,IAAIk6B,IAAS3hC,QAAQyH,GAAMF,SAASnI,QAGnDuiC,GAAOH,KAAO,SEnCd,OAAiBsB,GAEjB,SAASA,GAAOC,EAAKC,GACnB,IAAKD,EACH,MAAUliC,MAAMmiC,GAAO,mBAC3B,CAEAF,GAAOv2B,MAAQ,SAAqB8nB,EAAG/oB,EAAG03B,GACxC,GAAI3O,GAAK/oB,EACP,MAAUzK,MAAMmiC,GAAQ,qBAAuB3O,EAAI,OAAS/oB,EAChE,qTCRE23B,UAF2B,mBAAlBv6B,OAAOw6B,OAEC,SAAkBC,EAAMC,GACvCD,EAAKE,OAASD,EACdD,EAAKxkC,UAAY+J,OAAOw6B,OAAOE,EAAUzkC,UAAW,CAClDlB,YAAa,CACXuB,MAAOmkC,EACPG,YAAY,EACZl9B,UAAU,EACVm9B,cAAc,MAMH,SAAkBJ,EAAMC,GACvCD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAAS7kC,UAAYykC,EAAUzkC,UAC/BwkC,EAAKxkC,UAAY,IAAI6kC,EACrBL,EAAKxkC,UAAUlB,YAAc0lC,MCiBjC,OA9BA,SAAiBH,EAAKS,GACpB,GAAIjmC,MAAMW,QAAQ6kC,GAChB,OAAOA,EAAI3jC,QACb,IAAK2jC,EACH,MAAO,GACT,IAAIl2B,EAAM,GACV,GAAmB,iBAARk2B,EACT,GAAKS,GAUE,GAAY,QAARA,EAIT,KAHAT,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1BxgB,OAAS,GAAM,IACrBikC,EAAM,IAAMA,GACTpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAK,EAC/BkM,EAAItN,KAAKuO,SAASi1B,EAAIpiC,GAAKoiC,EAAIpiC,EAAI,GAAI,UAdzC,IAAK,IAAIA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAImZ,EAAIipB,EAAI7oB,WAAWvZ,GACnB8iC,EAAK3pB,GAAK,EACV4pB,EAAS,IAAJ5pB,EACL2pB,EACF52B,EAAItN,KAAKkkC,EAAIC,GAEb72B,EAAItN,KAAKmkC,QAUf,IAAK/iC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC1BkM,EAAIlM,GAAc,EAAToiC,EAAIpiC,GAEjB,OAAOkM,CACT,EASA,OANA,SAAek2B,GAEb,IADA,IAAIl2B,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,GAAO82B,GAAMZ,EAAIpiC,GAAGsJ,SAAS,KAC/B,OAAO4C,CACT,EAGA,SAAS+2B,GAAM/O,GAKb,OAJWA,IAAM,GACLA,IAAM,EAAK,MACXA,GAAK,EAAK,UACN,IAAJA,IAAa,MACV,CACjB,CAaA,OAVA,SAAiBkO,EAAKp1B,GAEpB,IADA,IAAId,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAIk0B,EAAIkO,EAAIpiC,GACG,WAAXgN,IACFknB,EAAI+O,GAAM/O,IACZhoB,GAAOg3B,GAAMhP,EAAE5qB,SAAS,KAE1B,OAAO4C,CACT,EAGA,SAAS82B,GAAMG,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EAENA,CACX,CAGA,SAASD,GAAMC,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EACU,IAAhBA,EAAKhlC,OACL,KAAOglC,EACS,IAAhBA,EAAKhlC,OACL,MAAQglC,EACQ,IAAhBA,EAAKhlC,OACL,OAASglC,EACO,IAAhBA,EAAKhlC,OACL,QAAUglC,EACM,IAAhBA,EAAKhlC,OACL,SAAWglC,EACK,IAAhBA,EAAKhlC,OACL,UAAYglC,EAEZA,CACX,CAiBA,OAdA,SAAgBf,EAAKzhC,EAAO2H,EAAK0E,GAC/B,IAAIF,EAAMxE,EAAM3H,EAChBuhC,GAAOp1B,EAAM,GAAM,GAEnB,IADA,IAAIZ,EAAUtP,MAAMkQ,EAAM,GACjB9M,EAAI,EAAGgZ,EAAIrY,EAAOX,EAAIkM,EAAI/N,OAAQ6B,IAAKgZ,GAAK,EAAG,CACtD,IAAIkb,EAEFA,EADa,QAAXlnB,EACGo1B,EAAIppB,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,EAAI,GAEjEopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,GACxE9M,EAAIlM,GAAKk0B,IAAM,EAEjB,OAAOhoB,CACT,EAqBA,OAlBA,SAAiBk2B,EAAKp1B,GAEpB,IADA,IAAId,EAAUtP,MAAmB,EAAbwlC,EAAIjkC,QACf6B,EAAI,EAAGgZ,EAAI,EAAGhZ,EAAIoiC,EAAIjkC,OAAQ6B,IAAKgZ,GAAK,EAAG,CAClD,IAAI7O,EAAIi4B,EAAIpiC,GACG,QAAXgN,GACFd,EAAI8M,GAAK7O,IAAM,GACf+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,EAAI,GAAS,IAAJ7O,IAEb+B,EAAI8M,EAAI,GAAK7O,IAAM,GACnB+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,GAAS,IAAJ7O,GAGb,OAAO+B,CACT,EA2HA,iBAvPmBk3B,6BAiDHH,oBAoBAD,SAoBAE,+BAsChB,SAAgBhP,EAAGlpB,GACjB,OAAQkpB,IAAMlpB,EAAMkpB,GAAM,GAAKlpB,CACjC,SAGA,SAAgBkpB,EAAGlpB,GACjB,OAAQkpB,GAAKlpB,EAAMkpB,IAAO,GAAKlpB,CACjC,QAGA,SAAeI,EAAGJ,GAChB,OAAQI,EAAIJ,IAAO,CACrB,UAGA,SAAiBI,EAAGJ,EAAGmO,GACrB,OAAQ/N,EAAIJ,EAAImO,IAAO,CACzB,UAGA,SAAiB/N,EAAGJ,EAAGmO,EAAGqM,GACxB,OAAQpa,EAAIJ,EAAImO,EAAIqM,IAAO,CAC7B,UAGA,SAAiBpa,EAAGJ,EAAGmO,EAAGqM,EAAGpkB,GAC3B,OAAQgK,EAAIJ,EAAImO,EAAIqM,EAAIpkB,IAAO,CACjC,QAGA,SAAe6c,EAAK/d,EAAKmjC,EAAIC,GAC3B,IAAIC,EAAKtlB,EAAI/d,GAGT6iC,EAAMO,EAFDrlB,EAAI/d,EAAM,KAEI,EACnB4iC,GAAMC,EAAKO,EAAK,EAAI,GAAKD,EAAKE,EAClCtlB,EAAI/d,GAAO4iC,IAAO,EAClB7kB,EAAI/d,EAAM,GAAK6iC,CACjB,WAGA,SAAkBM,EAAIC,EAAIC,EAAIC,GAG5B,OAFUF,EAAKE,IAAQ,EACRF,EAAK,EAAI,GAAKD,EAAKE,IACpB,CAChB,WAGA,SAAkBF,EAAIC,EAAIC,EAAIC,GAE5B,OADSF,EAAKE,IACA,CAChB,aAGA,SAAoBH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC9C,IAAIC,EAAQ,EACRd,EAAKO,EAST,OAPAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAIdL,EAAKE,EAAKE,EAAKE,GAFxBE,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAE9C,OADSN,EAAKE,EAAKE,EAAKE,IACV,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GACtD,IAAIF,EAAQ,EACRd,EAAKO,EAWT,OATAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAEvBG,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,EAIdP,EAAKE,EAAKE,EAAKE,EAAKG,GAF7BD,IADAd,EAAMA,EAAKgB,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBV,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GAGtD,OAFST,EAAKE,EAAKE,EAAKE,EAAKG,IAEf,CAChB,YAGA,SAAmBV,EAAIC,EAAIU,GAEzB,OADSV,GAAO,GAAKU,EAASX,IAAOW,KACxB,CACf,YAGA,SAAmBX,EAAIC,EAAIU,GAEzB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,WAGA,SAAkBX,EAAIC,EAAIU,GACxB,OAAOX,IAAOW,CAChB,WAGA,SAAkBX,EAAIC,EAAIU,GAExB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,GCtPA,SAASC,KACPlnC,KAAKmnC,QAAU,KACfnnC,KAAKonC,aAAe,EACpBpnC,KAAKgzB,UAAYhzB,KAAKF,YAAYkzB,UAClChzB,KAAKqnC,QAAUrnC,KAAKF,YAAYunC,QAChCrnC,KAAKsnC,aAAetnC,KAAKF,YAAYwnC,aACrCtnC,KAAKy0B,UAAYz0B,KAAKF,YAAY20B,UAAY,EAC9Cz0B,KAAKiQ,OAAS,MAEdjQ,KAAKunC,QAAUvnC,KAAKgzB,UAAY,EAChChzB,KAAKwnC,SAAWxnC,KAAKgzB,UAAY,EACnC,CACA,OAAoBkU,GAEpBA,GAAUlmC,UAAUymC,OAAS,SAAgBpC,EAAKS,GAUhD,GARAT,EAAMqC,GAAMC,QAAQtC,EAAKS,GACpB9lC,KAAKmnC,QAGRnnC,KAAKmnC,QAAUnnC,KAAKmnC,QAAQ3gC,OAAO6+B,GAFnCrlC,KAAKmnC,QAAU9B,EAGjBrlC,KAAKonC,cAAgB/B,EAAIjkC,OAGrBpB,KAAKmnC,QAAQ/lC,QAAUpB,KAAKunC,QAAS,CAIvC,IAAI55B,GAHJ03B,EAAMrlC,KAAKmnC,SAGC/lC,OAASpB,KAAKunC,QAC1BvnC,KAAKmnC,QAAU9B,EAAI3jC,MAAM2jC,EAAIjkC,OAASuM,EAAG03B,EAAIjkC,QACjB,IAAxBpB,KAAKmnC,QAAQ/lC,SACfpB,KAAKmnC,QAAU,MAEjB9B,EAAMqC,GAAME,OAAOvC,EAAK,EAAGA,EAAIjkC,OAASuM,EAAG3N,KAAKiQ,QAChD,IAAK,IAAIhN,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAKjD,KAAKwnC,SACxCxnC,KAAK6nC,QAAQxC,EAAKpiC,EAAGA,EAAIjD,KAAKwnC,UAGlC,OAAOxnC,IACT,EAEAknC,GAAUlmC,UAAU8mC,OAAS,SAAgBhC,GAI3C,OAHA9lC,KAAKynC,OAAOznC,KAAK+nC,QACjB5C,GAAwB,OAAjBnlC,KAAKmnC,SAELnnC,KAAKgoC,QAAQlC,EACtB,EAEAoB,GAAUlmC,UAAU+mC,KAAO,WACzB,IAAIh4B,EAAM/P,KAAKonC,aACXlgC,EAAQlH,KAAKunC,QACbtrB,EAAI/U,GAAU6I,EAAM/P,KAAKy0B,WAAavtB,EACtCiI,EAAUtP,MAAMoc,EAAIjc,KAAKy0B,WAC7BtlB,EAAI,GAAK,IACT,IAAK,IAAIlM,EAAI,EAAGA,EAAIgZ,EAAGhZ,IACrBkM,EAAIlM,GAAK,EAIX,GADA8M,IAAQ,EACY,QAAhB/P,KAAKiQ,OAAkB,CACzB,IAAK,IAAIgO,EAAI,EAAGA,EAAIje,KAAKy0B,UAAWxW,IAClC9O,EAAIlM,KAAO,EAEbkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,EAAK,IACzBZ,EAAIlM,KAAa,IAAN8M,OAWX,IATAZ,EAAIlM,KAAa,IAAN8M,EACXZ,EAAIlM,KAAQ8M,IAAQ,EAAK,IACzBZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EAENgb,EAAI,EAAGA,EAAIje,KAAKy0B,UAAWxW,IAC9B9O,EAAIlM,KAAO,EAGf,OAAOkM,CACT,wBCxFI84B,GAASP,GAAMO,OAUnB,OARA,SAAcpqB,EAAG/Q,EAAGoB,EAAGg6B,GACrB,OAAU,IAANrqB,EACKsqB,GAAKr7B,EAAGoB,EAAGg6B,GACV,IAANrqB,GAAiB,IAANA,EACNuqB,GAAIt7B,EAAGoB,EAAGg6B,GACT,IAANrqB,EACKwqB,GAAMv7B,EAAGoB,EAAGg6B,QADrB,CAEF,EAGA,SAASC,GAAKr7B,EAAGoB,EAAGg6B,GAClB,OAAQp7B,EAAIoB,GAAQpB,EAAKo7B,CAC3B,CAGA,SAASG,GAAMv7B,EAAGoB,EAAGg6B,GACnB,OAAQp7B,EAAIoB,EAAMpB,EAAIo7B,EAAMh6B,EAAIg6B,CAClC,CAGA,SAASE,GAAIt7B,EAAGoB,EAAGg6B,GACjB,OAAOp7B,EAAIoB,EAAIg6B,CACjB,CAqBA,qBA9BeC,SAKCE,OAKFD,UAEd,SAAgBt7B,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAOA,IAAM,CAC/C,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,IAAOA,IAAM,EAChD,GCxCIw7B,GAAQZ,GAAMY,MACdC,GAAUb,GAAMa,QAChBC,GAAUd,GAAMc,QAChBL,GAAOM,GAAUN,KACjBE,GAAQI,GAAUJ,MAClBK,GAASD,GAAUC,OACnBC,GAASF,GAAUE,OACnBC,GAASH,GAAUG,OACnBC,GAASJ,GAAUI,OAEnB3B,GAAY4B,GAAO5B,UAEnB6B,GAAW,CACb,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,YAGtC,SAASC,KACP,KAAMhpC,gBAAgBgpC,IACpB,OAAO,IAAIA,GAEb9B,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,YAEtCnc,KAAKic,EAAI8sB,GACT/oC,KAAKipC,EAAQppC,MAAM,GACrB,CACA6nC,GAAMrB,SAAS2C,GAAQ9B,IACvB,OAAiB8B,GC9CjB,SAASE,KACP,KAAMlpC,gBAAgBkpC,IACpB,OAAO,IAAIA,GAEbF,GAAOloC,KAAKd,MACZA,KAAKmc,EAAI,CACP,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACxC,CDwCA6sB,GAAOhW,UAAY,IACnBgW,GAAO3B,QAAU,IACjB2B,GAAO1B,aAAe,IACtB0B,GAAOvU,UAAY,GAEnBuU,GAAOhoC,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAG/C,IAFA,IAAIqlC,EAAIjpC,KAAKipC,EAEJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GACrB,KAAOA,EAAIgmC,EAAE7nC,OAAQ6B,IACnBgmC,EAAEhmC,GAAKslC,GAAQM,GAAOI,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,GAAI2lC,GAAOK,EAAEhmC,EAAI,KAAMgmC,EAAEhmC,EAAI,KAEtE,IAAIoL,EAAIrO,KAAKmc,EAAE,GACXlO,EAAIjO,KAAKmc,EAAE,GACXC,EAAIpc,KAAKmc,EAAE,GACXsM,EAAIzoB,KAAKmc,EAAE,GACX9X,EAAIrE,KAAKmc,EAAE,GACXuoB,EAAI1kC,KAAKmc,EAAE,GACXwoB,EAAI3kC,KAAKmc,EAAE,GACXA,EAAInc,KAAKmc,EAAE,GAGf,IADAgpB,GAAOnlC,KAAKic,EAAE7a,SAAW6nC,EAAE7nC,QACtB6B,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,IAAK,CAC7B,IAAIkmC,EAAKX,GAAQrsB,EAAGwsB,GAAOtkC,GAAI8jC,GAAK9jC,EAAGqgC,EAAGC,GAAI3kC,KAAKic,EAAEhZ,GAAIgmC,EAAEhmC,IACvDmmC,EAAKd,GAAMI,GAAOr6B,GAAIg6B,GAAMh6B,EAAGJ,EAAGmO,IACtCD,EAAIwoB,EACJA,EAAID,EACJA,EAAIrgC,EACJA,EAAIikC,GAAM7f,EAAG0gB,GACb1gB,EAAIrM,EACJA,EAAInO,EACJA,EAAII,EACJA,EAAIi6B,GAAMa,EAAIC,GAGhBppC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9N,GAC7BrO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIlO,GAC7BjO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIC,GAC7Bpc,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIsM,GAC7BzoB,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9X,GAC7BrE,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIuoB,GAC7B1kC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIwoB,GAC7B3kC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIA,EAC/B,EAEA6sB,GAAOhoC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,EC1FAurB,GAAMrB,SAAS6C,GAAQF,IACvB,OAAiBE,GAEjBA,GAAOlW,UAAY,IACnBkW,GAAO7B,QAAU,IACjB6B,GAAO5B,aAAe,IACtB4B,GAAOzU,UAAY,GAEnByU,GAAOloC,UAAUgnC,QAAU,SAAgBlC,GAEzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAEza,MAAM,EAAG,GAAI,OAElCgmC,GAAM4B,QAAQtpC,KAAKmc,EAAEza,MAAM,EAAG,GAAI,MAC7C,ECtBA,IAAI6nC,GAAY7B,GAAM6B,UAClBC,GAAY9B,GAAM8B,UAClBC,GAAW/B,GAAM+B,SACjBC,GAAWhC,GAAMgC,SACjBC,GAAQjC,GAAMiC,MACdC,GAAWlC,GAAMkC,SACjBC,GAAWnC,GAAMmC,SACjBC,GAAapC,GAAMoC,WACnBC,GAAarC,GAAMqC,WACnBC,GAAatC,GAAMsC,WACnBC,GAAavC,GAAMuC,WAEnB/C,GAAY4B,GAAO5B,UAEnBgD,GAAW,CACb,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,KACP,KAAMnqC,gBAAgBmqC,IACpB,OAAO,IAAIA,GAEbjD,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACdnc,KAAKic,EAAIiuB,GACTlqC,KAAKipC,EAAQppC,MAAM,IACrB,CACA6nC,GAAMrB,SAAS8D,GAAQjD,IACvB,OAAiBiD,GAsIjB,SAASC,GAAQC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/B,IAAI98B,EAAK08B,EAAKE,GAASF,EAAMI,EAG7B,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS+8B,GAAQL,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACnC,IAAIh9B,EAAK28B,EAAKE,GAASF,EAAMK,EAG7B,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASi9B,GAASP,EAAIC,EAAIC,EAAIC,EAAIC,GAChC,IAAI98B,EAAK08B,EAAKE,EAAOF,EAAKI,EAAOF,EAAKE,EAGtC,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASk9B,GAASR,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACpC,IAAIh9B,EAAK28B,EAAKE,EAAOF,EAAKK,EAAOH,EAAKG,EAGtC,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASm9B,GAAUT,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAClBd,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASo9B,GAAUV,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAClBb,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASq9B,GAAUX,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASs9B,GAAUZ,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASu9B,GAAUb,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,GAClBf,GAAUc,EAAIC,EAAI,GAClBb,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASw9B,GAAUd,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,GAClBd,GAAUa,EAAIC,EAAI,GAClBZ,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASy9B,GAAUf,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,IAClBZ,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS09B,GAAUhB,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,IAClBX,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CCnUA,SAAS29B,KACP,KAAMtrC,gBAAgBsrC,IACpB,OAAO,IAAIA,GAEbnB,GAAOrpC,KAAKd,MACZA,KAAKmc,EAAI,CACP,WAAY,WACZ,WAAY,UACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WAChB,CD+DAguB,GAAOnX,UAAY,KACnBmX,GAAO9C,QAAU,IACjB8C,GAAO7C,aAAe,IACtB6C,GAAO1V,UAAY,IAEnB0V,GAAOnpC,UAAUuqC,cAAgB,SAAuBlG,EAAKzhC,GAI3D,IAHA,IAAIqlC,EAAIjpC,KAAKipC,EAGJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GACrB,KAAOA,EAAIgmC,EAAE7nC,OAAQ6B,GAAK,EAAG,CAC3B,IAAIuoC,EAAQJ,GAAUnC,EAAEhmC,EAAI,GAAIgmC,EAAEhmC,EAAI,IAClCwoC,EAAQJ,GAAUpC,EAAEhmC,EAAI,GAAIgmC,EAAEhmC,EAAI,IAClCyoC,EAAQzC,EAAEhmC,EAAI,IACd0oC,EAAQ1C,EAAEhmC,EAAI,IACd2oC,EAAQV,GAAUjC,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,KACnC4oC,EAAQV,GAAUlC,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,KACnC6oC,EAAQ7C,EAAEhmC,EAAI,IACd8oC,EAAQ9C,EAAEhmC,EAAI,IAElBgmC,EAAEhmC,GAAK6mC,GACL0B,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GACT9C,EAAEhmC,EAAI,GAAK8mC,GACTyB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GAEb,EAEA5B,GAAOnpC,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAC/C5D,KAAKurC,cAAclG,EAAKzhC,GAExB,IAAIqlC,EAAIjpC,KAAKipC,EAET3C,EAAKtmC,KAAKmc,EAAE,GACZoqB,EAAKvmC,KAAKmc,EAAE,GACZqqB,EAAKxmC,KAAKmc,EAAE,GACZsqB,EAAKzmC,KAAKmc,EAAE,GACZuqB,EAAK1mC,KAAKmc,EAAE,GACZwqB,EAAK3mC,KAAKmc,EAAE,GACZyqB,EAAK5mC,KAAKmc,EAAE,GACZ0qB,EAAK7mC,KAAKmc,EAAE,GACZ4qB,EAAK/mC,KAAKmc,EAAE,GACZ6qB,EAAKhnC,KAAKmc,EAAE,GACZ6vB,EAAKhsC,KAAKmc,EAAE,IACZ8vB,EAAKjsC,KAAKmc,EAAE,IACZ+vB,EAAKlsC,KAAKmc,EAAE,IACZgwB,EAAKnsC,KAAKmc,EAAE,IACZiwB,EAAKpsC,KAAKmc,EAAE,IACZkwB,EAAKrsC,KAAKmc,EAAE,IAEhBgpB,GAAOnlC,KAAKic,EAAE7a,SAAW6nC,EAAE7nC,QAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,GAAK,EAAG,CACpC,IAAIuoC,EAAQY,EACRX,EAAQY,EACRX,EAAQV,GAAUjE,EAAIC,GACtB2E,EAAQV,GAAUlE,EAAIC,GACtB4E,EAAQxB,GAAQrD,EAAIC,EAAIgF,EAAIC,EAAIC,GAChCL,EAAQnB,GAAQ3D,EAAIC,EAAIgF,EAAIC,EAAIC,EAAIC,GACpCL,EAAQ9rC,KAAKic,EAAEhZ,GACf8oC,EAAQ/rC,KAAKic,EAAEhZ,EAAI,GACnBqpC,EAAQrD,EAAEhmC,GACVspC,EAAQtD,EAAEhmC,EAAI,GAEdupC,EAAQxC,GACVwB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GACLE,EAAQxC,GACVuB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GAETf,EAAQV,GAAUxE,EAAIC,GACtBkF,EAAQV,GAAUzE,EAAIC,GACtBmF,EAAQd,GAAStE,EAAIC,EAAIC,EAAIC,EAAIC,GACjCiF,EAAQd,GAASvE,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAErC,IAAI+F,EAAQ9C,GAAS4B,EAAOC,EAAOC,EAAOC,GACtCgB,EAAQ9C,GAAS2B,EAAOC,EAAOC,EAAOC,GAE1CS,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKjF,EACLkF,EAAKjF,EAELD,EAAK6C,GAAShD,EAAIC,EAAI2F,EAAOC,GAC7BzF,EAAK6C,GAAShD,EAAIA,EAAI2F,EAAOC,GAE7B7F,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKsD,GAAS4C,EAAOC,EAAOC,EAAOC,GACnCpG,EAAKsD,GAAS2C,EAAOC,EAAOC,EAAOC,GAGrChD,GAAM3pC,KAAKmc,EAAG,EAAGmqB,EAAIC,GACrBoD,GAAM3pC,KAAKmc,EAAG,EAAGqqB,EAAIC,GACrBkD,GAAM3pC,KAAKmc,EAAG,EAAGuqB,EAAIC,GACrBgD,GAAM3pC,KAAKmc,EAAG,EAAGyqB,EAAIC,GACrB8C,GAAM3pC,KAAKmc,EAAG,EAAG4qB,EAAIC,GACrB2C,GAAM3pC,KAAKmc,EAAG,GAAI6vB,EAAIC,GACtBtC,GAAM3pC,KAAKmc,EAAG,GAAI+vB,EAAIC,GACtBxC,GAAM3pC,KAAKmc,EAAG,GAAIiwB,EAAIC,EACxB,EAEAlC,GAAOnpC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,EChMAurB,GAAMrB,SAASiF,GAAQnB,IACvB,OAAiBmB,GAEjBA,GAAOtY,UAAY,KACnBsY,GAAOjE,QAAU,IACjBiE,GAAOhE,aAAe,IACtBgE,GAAO7W,UAAY,IAEnB6W,GAAOtqC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAEza,MAAM,EAAG,IAAK,OAEnCgmC,GAAM4B,QAAQtpC,KAAKmc,EAAEza,MAAM,EAAG,IAAK,MAC9C,EC7BA,IAAIkrC,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACduE,GAAUnF,GAAMmF,QAChBtE,GAAUb,GAAMa,QAChBrB,GAAY4B,GAAO5B,UAEvB,SAAS4F,KACP,KAAM9sC,gBAAgB8sC,IACpB,OAAO,IAAIA,GAEb5F,GAAUpmC,KAAKd,MAEfA,KAAKmc,EAAI,CAAE,WAAY,WAAY,WAAY,UAAY,YAC3Dnc,KAAKiQ,OAAS,QAChB,CACAy3B,GAAMrB,SAASyG,GAAW5F,IAC1B,OAAoB4F,GAuDpB,SAASpI,GAAE/nB,EAAG7P,EAAGoB,EAAGg6B,GAClB,OAAIvrB,GAAK,GACA7P,EAAIoB,EAAIg6B,EACRvrB,GAAK,GACJ7P,EAAIoB,GAAQpB,EAAKo7B,EAClBvrB,GAAK,IACJ7P,GAAMoB,GAAMg6B,EACbvrB,GAAK,GACJ7P,EAAIo7B,EAAMh6B,GAAMg6B,EAEjBp7B,GAAKoB,GAAMg6B,EACtB,CAEA,SAAS6E,GAAEpwB,GACT,OAAIA,GAAK,GACA,EACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,UACX,CAEA,SAASqwB,GAAGrwB,GACV,OAAIA,GAAK,GACA,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,CACX,CA1FAmwB,GAAU9Z,UAAY,IACtB8Z,GAAUzF,QAAU,IACpByF,GAAUxF,aAAe,IACzBwF,GAAUrY,UAAY,GAEtBqY,GAAU9rC,UAAU6mC,QAAU,SAAgBxC,EAAKzhC,GAWjD,IAVA,IAAIqpC,EAAIjtC,KAAKmc,EAAE,GACX+wB,EAAIltC,KAAKmc,EAAE,GACX0W,EAAI7yB,KAAKmc,EAAE,GACXgxB,EAAIntC,KAAKmc,EAAE,GACXixB,EAAIptC,KAAKmc,EAAE,GACXkxB,EAAKJ,EACLK,EAAKJ,EACLK,EAAK1a,EACL2a,EAAKL,EACLM,EAAKL,EACAzwB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAC3B,IAAI+wB,EAAIpF,GACNsE,GACErE,GAAQ0E,EAAGvI,GAAE/nB,EAAGuwB,EAAGra,EAAGsa,GAAI9H,EAAI13B,GAAEgP,GAAK/Y,GAAQmpC,GAAEpwB,IAC/CkB,GAAElB,IACJywB,GACFH,EAAIG,EACJA,EAAID,EACJA,EAAIP,GAAO/Z,EAAG,IACdA,EAAIqa,EACJA,EAAIQ,EACJA,EAAIpF,GACFsE,GACErE,GAAQ8E,EAAI3I,GAAE,GAAK/nB,EAAG2wB,EAAIC,EAAIC,GAAKnI,EAAIsI,GAAGhxB,GAAK/Y,GAAQopC,GAAGrwB,IAC1DixB,GAAGjxB,IACL8wB,GACFJ,EAAKI,EACLA,EAAKD,EACLA,EAAKZ,GAAOW,EAAI,IAChBA,EAAKD,EACLA,EAAKI,EAEPA,EAAIb,GAAQ7sC,KAAKmc,EAAE,GAAI0W,EAAG2a,GAC1BxtC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAIgxB,EAAGM,GAClCztC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAIixB,EAAGC,GAClCrtC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAI8wB,EAAGK,GAClCttC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAI+wB,EAAGK,GAClCvtC,KAAKmc,EAAE,GAAKuxB,CACd,EAEAZ,GAAU9rC,UAAUgnC,QAAU,SAAgBlC,GAC5C,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,UAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,SACjC,EAyCA,IAAIxO,GAAI,CACN,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,IAGhDggC,GAAK,CACP,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAClD,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAClD,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,IAGhD9vB,GAAI,CACN,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EACrD,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GACpD,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GACpD,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,GAGnD+vB,GAAK,CACP,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EACrD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GACpD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,EACrD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EACrD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,sBC1HtD,SAASC,GAAS/gC,EAAGmP,GACnB,IAAI5N,EAAIvB,EAAE,GACNmB,EAAInB,EAAE,GACNsP,EAAItP,EAAE,GACN2b,EAAI3b,EAAE,GAEVuB,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,OAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAE9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,EAAG,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,WAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,WAC5BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,GAAI,YAC9BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,YAC7B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,GAAI,YAC9BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,YAC7BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAE/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,QAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,YAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,UAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,YAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,UAC7B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,WAC/BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,SAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,YAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9BnP,EAAE,GAAKkhC,GAAM3/B,EAAGvB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM//B,EAAGnB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM5xB,EAAGtP,EAAE,IAClBA,EAAE,GAAKkhC,GAAMvlB,EAAG3b,EAAE,GACpB,CAEA,SAASmhC,GAAI3/B,EAAGD,EAAGJ,EAAGnB,EAAG+Q,EAAGI,GAE1B,OADA5P,EAAI2/B,GAAMA,GAAM3/B,EAAGC,GAAI0/B,GAAMlhC,EAAGmR,IACzB+vB,GAAO3/B,GAAKwP,EAAMxP,IAAO,GAAKwP,EAAK5P,EAC5C,CAEA,SAAS6/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAImO,GAAQnO,EAAKwa,EAAIpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAAS8vB,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAIwa,EAAMrM,GAAMqM,EAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAASmuB,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAIhgC,EAAImO,EAAIqM,EAAGpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACpC,CAEA,SAASqd,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAI7xB,GAAKnO,GAAMwa,GAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACzC,CAyCA,SAASiwB,GAAOrwB,GACd,MAAMswB,EAAU,GAChB,IAAIlrC,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBkrC,EAAQlrC,GAAK,GAAK4a,EAAErB,WAAWvZ,IAAM4a,EAAErB,WAAWvZ,EAAI,IAAM,IAAM4a,EAAErB,WAAWvZ,EAAI,IAAM,KAAO4a,EAAErB,WAAWvZ,EAAI,IAC/G,IAEJ,OAAOkrC,CACT,CAEA,MAAMC,GAAU,mBAAmBruB,MAAM,IAEzC,SAASsuB,GAAKjiC,GACZ,IAAIyR,EAAI,GACJlB,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZkB,GAAKuwB,GAAShiC,GAAU,EAAJuQ,EAAQ,EAAM,IAAQyxB,GAAShiC,GAAU,EAAJuQ,EAAU,IAErE,OAAOkB,CACT,CAeA,SAASmwB,GAAM3/B,EAAGJ,GAChB,OAAQI,EAAIJ,EAAK,UACnB,CClLA,MAAMqgC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClB2vB,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAAS10B,GAChB,GAAKu0B,IAAeC,GAAiBhtB,SAASxH,GAG9C,OAAO7Y,eAAgB2I,GACrB,MAAM6kC,EAASJ,GAAWK,WAAW50B,GACrC,OAAOuC,EAAiBzS,GAAMzI,IAC5BstC,EAAOlH,OAAOpmC,EAAM,IACnB,IAAM,IAAIwB,WAAW8rC,EAAO7G,YAEnC,CAEA,SAAS+G,GAAW76B,EAAM86B,GACxB,OAAO3tC,eAAe2I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,KAE3BsQ,EAAK5X,SAASsH,IAASwkC,IAAaQ,GAAiBhlC,EAAK1I,QAAUqjB,EAAOpB,qBAC9E,OAAO,IAAIxgB,iBAAiByrC,GAAUxG,OAAOgH,EAAehlC,IAE9D,MAAMilC,EAAe/6B,IACrB,OAAOuI,EAAiBzS,GAAMzI,IAC5B0tC,EAAatH,OAAOpmC,EAAM,IACzB,IAAM,IAAIwB,WAAWksC,EAAajH,YAEzC,CAEA,SAASkH,GAAch7B,EAAM86B,GAC3B,OAAO3tC,eAAe2I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,IAE5BsQ,EAAK5X,SAASsH,GAAO,CACvB,MAAMilC,EAAe,IAAI/6B,EACzB,OAAOuI,EAAiBzS,GAAMzI,IAC5B0tC,EAAa1sC,QAAQhB,EAAM,IAC1B,IAAM0tC,EAAanlC,SAASnI,SAC1B,OAAI6sC,IAAaQ,GAAiBhlC,EAAK1I,QAAUqjB,EAAOpB,qBACtD,IAAIxgB,iBAAiByrC,GAAUxG,OAAOgH,EAAehlC,IAErDkK,EAAK9M,MAAM4C,GAGxB,CAEA,MAAMmlC,GAAgB,CACpBh7B,IAAKy6B,GAAS,QDrDhBvtC,eAAmB+tC,GACjB,MAAMpH,EAyGR,SAAcjqB,GACZ,MAAMzR,EAAIyR,EAAEzc,OACN+tC,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIlsC,EACJ,IAAKA,EAAI,GAAIA,GAAK4a,EAAEzc,OAAQ6B,GAAK,GAC/B4qC,GAASsB,EAAOjB,GAAOrwB,EAAEuxB,UAAUnsC,EAAI,GAAIA,KAE7C4a,EAAIA,EAAEuxB,UAAUnsC,EAAI,IACpB,MAAMosC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKpsC,EAAI,EAAGA,EAAI4a,EAAEzc,OAAQ6B,IACxBosC,EAAKpsC,GAAK,IAAM4a,EAAErB,WAAWvZ,KAAQA,EAAI,GAAM,GAGjD,GADAosC,EAAKpsC,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADA4qC,GAASsB,EAAOE,GACXpsC,EAAI,EAAGA,EAAI,GAAIA,IAClBosC,EAAKpsC,GAAK,EAKd,OAFAosC,EAAK,IAAU,EAAJjjC,EACXyhC,GAASsB,EAAOE,GACTF,CACT,CA/HiBG,CAAKl1B,EAAKqC,mBAAmByyB,IAC5C,OAAO90B,EAAK4B,gBAoKd,SAAalP,GACX,IAAK,IAAI7J,EAAI,EAAGA,EAAI6J,EAAE1L,OAAQ6B,IAC5B6J,EAAE7J,GAAKorC,GAAKvhC,EAAE7J,IAEhB,OAAO6J,EAAEtL,KAAK,GAChB,CAzK8B6K,CAAIy7B,GAClC,ECmDE5zB,KAAMw6B,GAAS,SAAWM,GAAcpL,GAAM,SAC9CrvB,OAAQm6B,GAAS,WAAaG,GAAWt6B,IACzCH,OAAQs6B,GAAS,WAAaM,GAAchL,GAAQ,WACpD3vB,OAAQq6B,GAAS,WAAaG,GAAWx6B,GAAQ,WACjDC,OAAQo6B,GAAS,WAAaG,GAAWv6B,GAAQ,WACjDH,OAAQu6B,GAAS,cAAgBG,GAAWU,YAG/B,CAGbt7B,IAAKg7B,GAAch7B,IAEnBC,KAAM+6B,GAAc/6B,KAEpBK,OAAQ06B,GAAc16B,OAEtBH,OAAQ66B,GAAc76B,OAEtBC,OAAQ46B,GAAc56B,OAEtBC,OAAQ26B,GAAc36B,OAEtBH,OAAQ86B,GAAc96B,OAQtB2zB,OAAQ,SAAS0H,EAAM1lC,GACrB,OAAQ0lC,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAOjU,KAAKiU,IAAInK,GAClB,KAAKiX,EAAM/M,KAAKE,KACd,OAAOlU,KAAKkU,KAAKpK,GACnB,KAAKiX,EAAM/M,KAAKG,OACd,OAAOnU,KAAKmU,OAAOrK,GACrB,KAAKiX,EAAM/M,KAAKI,OACd,OAAOpU,KAAKoU,OAAOtK,GACrB,KAAKiX,EAAM/M,KAAKK,OACd,OAAOrU,KAAKqU,OAAOvK,GACrB,KAAKiX,EAAM/M,KAAKM,OACd,OAAOtU,KAAKsU,OAAOxK,GACrB,KAAKiX,EAAM/M,KAAKO,OACd,OAAOvU,KAAKuU,OAAOzK,GACrB,QACE,MAAU5G,MAAM,4BAStBusC,kBAAmB,SAASD,GAC1B,OAAQA,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAO,GACT,KAAK8M,EAAM/M,KAAKE,KAChB,KAAK6M,EAAM/M,KAAKG,OACd,OAAO,GACT,KAAK4M,EAAM/M,KAAKI,OACd,OAAO,GACT,KAAK2M,EAAM/M,KAAKK,OACd,OAAO,GACT,KAAK0M,EAAM/M,KAAKM,OACd,OAAO,GACT,KAAKyM,EAAM/M,KAAKO,OACd,OAAO,GACT,QACE,MAAUrR,MAAM,8BC9IjB,MAAMwsC,GACT/nB,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIwB,QAAQ5oB,GAExC6d,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIyB,QAAQ7oB,GAExChK,YAAY8W,EAAKsa,EAAI0B,GACjB5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,GAAI,EAAM,cACvClxB,KAAK4yB,IAAIzB,QAEpBuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCXb,SAASqd,GAAUH,GAChC,MAAMI,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,OAAO3hB,GAAO+hB,EAChB,CCkBA,MAAMtB,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBgxB,GAAatB,GAAaA,GAAWuB,aAAe,GACpDC,GAAY,CAChB58B,KAAM08B,GAAWruB,SAAS,YAAc,gBAAavgB,EACrDmS,UAAWy8B,GAAWruB,SAAS,gBAAkB,oBAAiBvgB,EAClEoS,MAAOw8B,GAAWruB,SAAS,aAAe,iBAAcvgB,EACxDqS,SAAUu8B,GAAWruB,SAAS,UAAY,cAAWvgB,EACrDsS,OAAQs8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,EAC7DuS,OAAQq8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,EAC7DwS,OAAQo8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,6DAaxDE,eAAuBquC,EAAM54B,EAAK1D,EAAWge,EAAIzM,GACtD,MAAMmrB,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OAiHJ,SAAqBJ,EAAM54B,EAAKo5B,EAAI9e,GAClC,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GACvCS,EAAY,IAAI1B,GAAW2B,eAAeH,GAAUH,GAAWh5B,EAAKsa,GAC1E,OAAO3U,EAAiByzB,GAAI3uC,GAAS,IAAIwB,WAAWotC,EAAUxI,OAAOpmC,KACvE,CArHW8uC,CAAYX,EAAM54B,EAAK1D,EAAWge,GAE3C,GAAI9W,EAAKyG,MAAM2uB,GACb,OAwEJ,SAAoBA,EAAM54B,EAAKo5B,EAAI9e,EAAIzM,GACrC,GACErK,EAAKoE,gBACU,KAAf5H,EAAIxV,SACHgZ,EAAK5X,SAASwtC,IACfA,EAAG5uC,QAAU,IAAOqjB,EAAOpB,qBAE3B,OAqBJliB,eAA0BquC,EAAM54B,EAAKo5B,EAAI9e,GACvC,MAAMkf,EAAO,UACPC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,IAAQ,EAAO,CAAC,aACrEpd,UAAEA,GAAc2c,GAAUH,GAC1Be,EAASn2B,EAAKtX,iBAAiB,CAAC,IAAID,WAAWmwB,GAAYgd,IAC3DQ,EAAK,IAAI3tC,iBAAiByrC,GAAU5b,QAAQ,CAAExnB,KAAMklC,EAAMlf,MAAMmf,EAAME,IAAStkC,SAAS,EAAG+jC,EAAG5uC,QAEpG,OAbF,SAAgBiN,EAAGJ,GACjB,IAAK,IAAIhL,EAAI,EAAGA,EAAIoL,EAAEjN,OAAQ6B,IAC5BoL,EAAEpL,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAEpB,CAQEwtC,CAAOD,EAAIR,GACJQ,CACT,CA7BWE,CAAWlB,EAAM54B,EAAKo5B,EAAI9e,GAGnC,MAAMyf,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiByzB,GAAI3uC,GAASsvC,EAAI/d,IAAIhB,oBAAoBvwB,KAAQ,IAAMsvC,EAAI/d,IAAIZ,sBACzF,CApFW4e,CAAWpB,EAAM54B,EAAK1D,EAAWge,EAAIzM,GAG9C,MACMosB,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAEtB+d,EAAS7f,EAAGxvB,QAClB,IAAIsuC,EAAK,IAAIntC,WACb,MAAMR,EAAUN,IACVA,IACFiuC,EAAK51B,EAAKtX,iBAAiB,CAACktC,EAAIjuC,KAElC,MAAMivC,EAAa,IAAInuC,WAAWmtC,EAAG5uC,QACrC,IAAI6B,EACA0Z,EAAI,EACR,KAAO5a,EAAQiuC,EAAG5uC,QAAU0vC,EAAad,EAAG5uC,QAAQ,CAClD,MAAM6vC,EAAWJ,EAASne,QAAQqe,GAClC,IAAK9tC,EAAI,EAAGA,EAAI6tC,EAAY7tC,IAC1B8tC,EAAO9tC,GAAK+sC,EAAG/sC,GAAKguC,EAAShuC,GAC7B+tC,EAAWr0B,KAAOo0B,EAAO9tC,GAE3B+sC,EAAKA,EAAG/jC,SAAS6kC,GAEnB,OAAOE,EAAW/kC,SAAS,EAAG0Q,EAAE,EAElC,OAAOJ,EAAiBrJ,EAAW7Q,EAASA,EAC9C,UAUOlB,eAAuBquC,EAAM54B,EAAKo6B,EAAY9f,GACnD,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OA4EJ,SAAqBJ,EAAM54B,EAAK45B,EAAItf,GAClC,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GACvC0B,EAAc,IAAI3C,GAAW4C,iBAAiBpB,GAAUH,GAAWh5B,EAAKsa,GAC9E,OAAO3U,EAAiBi0B,GAAInvC,GAAS,IAAIwB,WAAWquC,EAAYzJ,OAAOpmC,KACzE,CAhFW+vC,CAAY5B,EAAM54B,EAAKo6B,EAAY9f,GAE5C,GAAI9W,EAAKyG,MAAM2uB,GACb,OA2CJ,SAAoBA,EAAM54B,EAAK45B,EAAItf,GACjC,GAAI9W,EAAK5X,SAASguC,GAAK,CACrB,MAAMG,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiBi0B,GAAInvC,GAASsvC,EAAI/d,IAAIP,oBAAoBhxB,KAAQ,IAAMsvC,EAAI/d,IAAIN,uBAEzF,OAAOod,GAAQ/c,QAAQ6d,EAAI55B,EAAKsa,EAClC,CAjDWmgB,CAAW7B,EAAM54B,EAAKo6B,EAAY9f,GAG3C,MACM2f,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAE5B,IAAIse,EAASpgB,EACTsf,EAAK,IAAI3tC,WACb,MAAMR,EAAUN,IACVA,IACFyuC,EAAKp2B,EAAKtX,iBAAiB,CAAC0tC,EAAIzuC,KAElC,MAAMmR,EAAY,IAAIrQ,WAAW2tC,EAAGpvC,QACpC,IAAI6B,EACA0Z,EAAI,EACR,KAAO5a,EAAQyuC,EAAGpvC,QAAU0vC,EAAaN,EAAGpvC,QAAQ,CAClD,MAAMmwC,EAAWV,EAASne,QAAQ4e,GAElC,IADAA,EAASd,EAAGvkC,SAAS,EAAG6kC,GACnB7tC,EAAI,EAAGA,EAAI6tC,EAAY7tC,IAC1BiQ,EAAUyJ,KAAO20B,EAAOruC,GAAKsuC,EAAStuC,GAExCutC,EAAKA,EAAGvkC,SAAS6kC,GAEnB,OAAO59B,EAAUjH,SAAS,EAAG0Q,EAAE,EAEjC,OAAOJ,EAAiBy0B,EAAY3uC,EAASA,EAC/C,IC/HO,MAAMmvC,GACT7pB,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3C6d,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3ChK,YAAY8W,EAAK66B,EAAO7e,GACpB5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,GAAW,EAAO,cAC/CjB,KAAK4yB,IAAIzB,QAChBnxB,KAAK0xC,oBAAoBD,GAE7B/e,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxB0f,oBAAoBD,EAAOE,EAAS3sC,GAChC,IAAI8jB,IAAEA,GAAQ9oB,KAAK4yB,IAAIxB,cACvB,QAAanwB,IAAT+D,EAAoB,CACpB,GAAIA,EAAO,GAAKA,EAAO,GACnB,MAAM,IAAI6rB,GAAqB,wBACnC,IAAI+gB,EAAOlmC,KAAKmmC,IAAI,EAAG7sC,GAAQ,EAC/B8jB,EAAIkE,SAAS,EAAG,EAAI4kB,EAAO,WAAe,EAAU,EAAPA,QAG7C5sC,EAAO,GACP8jB,EAAIkE,SAAS,EAAG,EAAG,MAAQ,YAE/B,QAAc/rB,IAAVwwC,EASA,MAAUvuC,MAAM,qBATK,CACrB,IAAI6M,EAAM0hC,EAAMrwC,OAChB,IAAK2O,GAAOA,EAAM,GACd,MAAM,IAAI8gB,GAAqB,sBACnC,IAAIihB,EAAO,IAAI1sB,SAAS,IAAID,YAAY,KACxC,IAAItiB,WAAWivC,EAAK7tC,QAAQX,IAAImuC,GAChC3oB,EAAI6D,UAAUmlB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,KAK1F,QAAgBzwB,IAAZ0wC,EAAuB,CACvB,GAAIA,EAAU,GAAKA,GAAWjmC,KAAKmmC,IAAI,EAAG7sC,GACtC,MAAM,IAAI6rB,GAAqB,yBACnC/H,EAAIuE,YAAY,EAAG,EAAIskB,EAAU,WAAe,EAAa,EAAVA,KCjDxD,MAAMI,GACTpqB,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASuB,QAAQ5oB,GAEjD6d,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASwB,QAAQ7oB,GAEjDhK,YAAY8W,EAAKsa,EAAIC,GAAU,EAAMyB,GACjC5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,EAAIC,EAAS,OAErDuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCT5B,MAAMgc,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBlBmzB,GAAc,GAWpB,SAASC,GAAYnoC,EAAMqnB,GACzB,MAAMhhB,EAASrG,EAAK1I,OAAS4wC,GAC7B,IAAK,IAAI/uC,EAAI,EAAGA,EAAI+uC,GAAa/uC,IAC/B6G,EAAK7G,EAAIkN,IAAWghB,EAAQluB,GAE9B,OAAO6G,CACT,CAeA,MAAMooC,GAAY,IAAIrvC,WAAWmvC,IAElB7wC,eAAegxC,GAAKv7B,GACjC,MAAMw7B,QAYRjxC,eAAmByV,GACjB,GAAIwD,EAAKoE,gBAAiC,KAAf5H,EAAIxV,OAE7B,OADAwV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW9J,OAAqB,EAAbwV,EAAIxV,SAAc,EAAO,CAAC,YAC1FD,eAAe6uC,GACpB,MAAMQ,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWgmB,GAAIghB,GAAW9wC,OAAsB,EAAd4wC,IAAmBp7B,EAAKo5B,GACrG,OAAO,IAAIntC,WAAW2tC,GAAIvkC,SAAS,EAAGukC,EAAGrsC,WAAa6tC,KAG1D,GAAI53B,EAAKyE,gBACP,OAAO1d,eAAe6uC,GACpB,MACMQ,EADK,IAAIjC,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKs7B,IACpEzK,OAAOuI,GACrB,OAAO,IAAIntC,WAAW2tC,IAI1B,OAAOrvC,eAAe6uC,GACpB,OAAO+B,GAAQrf,QAAQsd,EAAIp5B,GAAK,EAAOs7B,IAE3C,CA/BoB/iB,CAAIvY,GAGhBua,EAAU/W,EAAK8D,aAAak0B,EAAIF,KAChCG,EAAWj4B,EAAK8D,OAAOiT,GAE7B,OAAOhwB,eAAe2I,GAEpB,aAAcsoC,EAxBlB,SAAatoC,EAAMqnB,EAASkhB,GAE1B,GAAIvoC,EAAK1I,QAAU0I,EAAK1I,OAAS4wC,IAAgB,EAE/C,OAAOC,GAAYnoC,EAAMqnB,GAG3B,MAAM5V,EAAS,IAAI1Y,WAAWiH,EAAK1I,QAAU4wC,GAAeloC,EAAK1I,OAAS4wC,KAG1E,OAFAz2B,EAAOjY,IAAIwG,GACXyR,EAAOzR,EAAK1I,QAAU,IACf6wC,GAAY12B,EAAQ82B,EAC7B,CAasB9f,CAAIzoB,EAAMqnB,EAASkhB,KAAYpmC,UAAU+lC,IAE/D,CC3CA,MAAM1D,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAGdizB,GAAc,GACdM,GAAWN,GACXO,GAAYP,GAEZtiC,GAAO,IAAI7M,WAAWmvC,IACtBriC,GAAM,IAAI9M,WAAWmvC,IAAcriC,GAAIqiC,GAAc,GAAK,EAChE,MAAMQ,GAAM,IAAI3vC,WAAWmvC,IAE3B7wC,eAAesxC,GAAK77B,GAClB,MAAM87B,QAAaP,GAAKv7B,GACxB,OAAO,SAASqH,EAAG1E,GACjB,OAAOm5B,EAAKt4B,EAAKtX,iBAAiB,CAACmb,EAAG1E,KAE1C,CAEApY,eAAemuB,GAAI1Y,GACjB,OACEwD,EAAKoE,gBACU,KAAf5H,EAAIxV,QAEJwV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW9J,OAAqB,EAAbwV,EAAIxV,SAAc,EAAO,CAAC,YAC1FD,eAAe6uC,EAAI9e,GACxB,MAAMsf,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWymC,QAASzgB,EAAI9vB,OAAsB,EAAd4wC,IAAmBp7B,EAAKo5B,GACnG,OAAO,IAAIntC,WAAW2tC,KAGtBp2B,EAAKyE,gBACA1d,eAAe6uC,EAAI9e,GACxB,MAAMyhB,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKsa,GAC5Esf,EAAKxxB,GAAOxY,OAAO,CAACmsC,EAAGlL,OAAOuI,GAAK2C,EAAGC,UAC5C,OAAO,IAAI/vC,WAAW2tC,IAInBrvC,eAAe6uC,EAAI9e,GACxB,OAAOsgB,GAAQ9e,QAAQsd,EAAIp5B,EAAKsa,GAEpC,CAQA/vB,eAAe0xC,GAAIhlB,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUvQ,MAAM,qCAGlB,MACE4vC,EACAC,SACQ9yC,QAAQ2H,IAAI,CACpB6qC,GAAK77B,GACL0Y,GAAI1Y,KAGN,MAAO,CAQL8b,QAASvxB,eAAe+R,EAAWu+B,EAAOuB,GACxC,MACEC,EACAC,SACQjzC,QAAQ2H,IAAI,CACpBkrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,KAENG,QAAiBJ,EAAI7/B,EAAW+/B,GAEhC5yB,QADqByyB,EAAKN,GAAKW,GAErC,IAAK,IAAIlwC,EAAI,EAAGA,EAAIsvC,GAAWtvC,IAC7Bod,EAAIpd,IAAMiwC,EAAUjwC,GAAKgwC,EAAUhwC,GAErC,OAAOmX,EAAKtX,iBAAiB,CAACqwC,EAAU9yB,KAU1CsS,QAASxxB,eAAe6vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW5vC,OAASmxC,GAAW,MAAUrvC,MAAM,0BACnD,MAAMiwC,EAAWnC,EAAW/kC,SAAS,GAAIsmC,IACnCa,EAAQpC,EAAW/kC,UAAUsmC,KAEjCU,EACAC,EACAG,SACQpzC,QAAQ2H,IAAI,CACpBkrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,GACVF,EAAKN,GAAKW,KAEN9yB,EAAMgzB,EACZ,IAAK,IAAIpwC,EAAI,EAAGA,EAAIsvC,GAAWtvC,IAC7Bod,EAAIpd,IAAMiwC,EAAUjwC,GAAKgwC,EAAUhwC,GAErC,IAAKmX,EAAKqD,iBAAiB21B,EAAO/yB,GAAM,MAAUnd,MAAM,+BAExD,aADwB6vC,EAAII,EAAUF,IAI5C,CA5GyCT,GAAIR,GAAc,GAAK,EAoHhEa,GAAIS,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAoB,GAAIb,YAAcA,GAClBa,GAAIP,SAAWA,GACfO,GAAIN,UAAYA,GC3IhB,MAAMP,GAAc,GACdM,GAAW,GAMXC,GAAY,GAGlB,SAASiB,GAAIpnC,GACX,IAAIonC,EAAM,EACV,IAAK,IAAIvwC,EAAI,EAAe,IAAXmJ,EAAInJ,GAAUA,IAAM,EACnCuwC,IAEF,OAAOA,CACT,CAEA,SAAS/C,GAAOgD,EAAG/F,GACjB,IAAK,IAAIzqC,EAAI,EAAGA,EAAIwwC,EAAEryC,OAAQ6B,IAC5BwwC,EAAExwC,IAAMyqC,EAAEzqC,GAEZ,OAAOwwC,CACT,CAEA,SAASC,GAAID,EAAG/F,GACd,OAAO+C,GAAOgD,EAAE/xC,QAASgsC,EAC3B,CAEA,MAAMwE,GAAY,IAAIrvC,WAAWmvC,IAC3BriC,GAAM,IAAI9M,WAAW,CAAC,IAO5B1B,eAAewyC,GAAI9lB,EAAQjX,GAEzB,IACIg9B,EACAC,EACAjC,EAHAkC,EAAS,EA2Eb,SAASC,EAAM9pC,EAAIgM,EAAMw7B,EAAOuB,GAI9B,MAAM5lC,EAAI6I,EAAK7U,OAAS4wC,GAAc,GAxDxC,SAA4B/7B,EAAM+8B,GAChC,MAAMgB,EAAY55B,EAAK2B,MAAMrQ,KAAKC,IAAIsK,EAAK7U,OAAQ4xC,EAAM5xC,QAAU4wC,GAAc,GAAK,EACtF,IAAK,IAAI/uC,EAAI6wC,EAAS,EAAG7wC,GAAK+wC,EAAW/wC,IACvC2uC,EAAK3uC,GAAKmX,EAAK8D,OAAO0zB,EAAK3uC,EAAI,IAEjC6wC,EAASE,EAwDTC,CAAmBh+B,EAAM+8B,GAOzB,MAAMkB,EAAc95B,EAAKtX,iBAAiB,CAACovC,GAAUjmC,SAAS,EAAGqmC,GAAWb,EAAMrwC,QAASuO,GAAK8hC,IAE1F0C,EAAwC,GAA/BD,EAAYlC,GAAc,GAEzCkC,EAAYlC,GAAc,IAAM,IAChC,MAAMoC,EAAOR,EAASM,GAEhBG,EAAYj6B,EAAKtX,iBAAiB,CAACsxC,EAAMV,GAAIU,EAAKnoC,SAAS,EAAG,GAAImoC,EAAKnoC,SAAS,EAAG,MAEnFkE,EAASiK,EAAKiE,WAAWg2B,EAAUpoC,SAAS,GAAKkoC,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAaloC,SAAS,GAE/G0Z,EAAW,IAAI9iB,WAAWmvC,IAE1BxB,EAAK,IAAI3tC,WAAWoT,EAAK7U,OAASmxC,IAKxC,IAAItvC,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAImK,EAAGnK,IAEjBwtC,GAAOtgC,EAAQyhC,EAAK4B,GAAIvwC,EAAI,KAG5ButC,EAAGltC,IAAImtC,GAAOxmC,EAAGypC,GAAIvjC,EAAQ8F,IAAQ9F,GAAShN,GAE9CstC,GAAO9qB,EAAU1b,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS9I,IAEtD8S,EAAOA,EAAKhK,SAAS+lC,IACrB7uC,GAAO6uC,GAMT,GAAI/7B,EAAK7U,OAAQ,CAEfqvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAMqkB,EAAUyiB,EAASzjC,GAEzBqgC,EAAGltC,IAAIowC,GAAIz9B,EAAMkb,GAAUhuB,GAG3B,MAAMmxC,EAAW,IAAIzxC,WAAWmvC,IAChCsC,EAAShxC,IAAI2G,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS9I,GAAMovC,IAAY,GACpE+B,EAASr+B,EAAK7U,QAAU,IACxBqvC,GAAO9qB,EAAU2uB,GACjBnxC,GAAO8S,EAAK7U,OAGd,MAAMif,EAAMowB,GAAOmD,EAASnD,GAAOA,GAAO9qB,EAAUxV,GAASyhC,EAAK2C,IAhHpE,SAAcvB,GACZ,IAAKA,EAAM5xC,OAET,OAAO8wC,GAMT,MAAM9kC,EAAI4lC,EAAM5xC,OAAS4wC,GAAc,EAEjC7hC,EAAS,IAAItN,WAAWmvC,IACxBxhB,EAAM,IAAI3tB,WAAWmvC,IAC3B,IAAK,IAAI/uC,EAAI,EAAGA,EAAImK,EAAGnK,IACrBwtC,GAAOtgC,EAAQyhC,EAAK4B,GAAIvwC,EAAI,KAC5BwtC,GAAOjgB,EAAKojB,EAASF,GAAIvjC,EAAQ6iC,KACjCA,EAAQA,EAAM/mC,SAAS+lC,IAMzB,GAAIgB,EAAM5xC,OAAQ,CAChBqvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAM0nC,EAAc,IAAI3xC,WAAWmvC,IACnCwC,EAAYlxC,IAAI0vC,EAAO,GACvBwB,EAAYxB,EAAM5xC,QAAU,IAC5BqvC,GAAO+D,EAAarkC,GAEpBsgC,GAAOjgB,EAAKojB,EAASY,IAGvB,OAAOhkB,EA+EgExc,CAAKg/B,IAO5E,OADAxC,EAAGltC,IAAI+c,EAAKld,GACLqtC,EAIT,OAnJA,SAA+B3iB,EAAQjX,GACrC,MAAM69B,EAAa1zB,EAAM7f,KAAK6f,EAAM9N,UAAW4a,GACzC+E,EAAM,IAAI8hB,GAAQD,GAAY79B,GACpCg9B,EAAWhhB,EAAIF,QAAQjtB,KAAKmtB,GAC5BihB,EAAWjhB,EAAID,QAAQltB,KAAKmtB,GAE5B,MAAM+hB,EAASf,EAAS1B,IAClB0C,EAASx6B,EAAK8D,OAAOy2B,GAC3B/C,EAAO,GACPA,EAAK,GAAKx3B,EAAK8D,OAAO02B,GAGtBhD,EAAK9kC,EAAI6nC,EACT/C,EAAK2C,EAAIK,EAfXC,CAAsBhnB,EAAQjX,GAqJvB,CAQL8b,QAASvxB,eAAe+R,EAAWu+B,EAAOuB,GACxC,OAAOe,EAAMH,EAAU1gC,EAAWu+B,EAAOuB,IAU3CrgB,QAASxxB,eAAe6vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW5vC,OAASmxC,GAAW,MAAUrvC,MAAM,0BAEnD,MAAMmd,EAAM2wB,EAAW/kC,UAAUsmC,IACjCvB,EAAaA,EAAW/kC,SAAS,GAAIsmC,IAErC,MAAMuC,EAAUf,EAAMF,EAAU7C,EAAYS,EAAOuB,GAEnD,GAAI54B,EAAKqD,iBAAiB4C,EAAKy0B,EAAQ7oC,UAAUsmC,KAC/C,OAAOuC,EAAQ7oC,SAAS,GAAIsmC,IAE9B,MAAUrvC,MAAM,gCAGtB,CAQAywC,GAAIL,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAkC,GAAI3B,YAAcA,GAClB2B,GAAIrB,SAAWA,GACfqB,GAAIpB,UAAYA,GC3QhB,MAAMwC,GAA0B,YACzB,MAAMC,GACTl1C,YAAY8W,EAAK66B,EAAOuB,EAAOiC,EAAU,GAAIriB,GACzC5yB,KAAKi1C,QAAUA,EACfj1C,KAAKk1C,OAAS,EACdl1C,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,GAAW,EAAO,OACtD,IAAI6nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cAI7B,GAFAtI,EAAI8E,WAEA5tB,KAAKi1C,QAAU,GAAKj1C,KAAKi1C,QAAU,GACnC,MAAM,IAAIpkB,GAAqB,yBAEnC,MAAMskB,EAAW1D,EAAMrwC,QAAU,EAC3Bg0C,EAAW,IAAIvyC,WAAW,IACf,KAAbsyC,GACAn1C,KAAKq1C,iBAAiB5D,GACtB5oB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,IAAM,EACXA,EAAK,IAAMssB,IAAa,GACxBtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,EAAK,IAC9BtsB,EAAK,IAAOssB,GAAY,EAAK,IAC7BrsB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIwD,OAAO,EAAG,EAAG,EAAG,GACpB8oB,EAAS9xC,IAAIulB,EAAK5c,SAAS,EAAG,OAG9BmpC,EAAS9xC,IAAImuC,GACb2D,EAAS,IAAM,GAEnB,MAAME,EAAY,IAAIlwB,SAASgwB,EAASnxC,QAKxC,GAJAjE,KAAKk1C,OAASI,EAAU5jB,UAAU,IAClC5I,EAAI6D,UAAU2oB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI,GACtF5I,EAAIkE,SAAS,EAAG,EAAG,EAAG,iBAER/rB,IAAV+xC,EAAqB,CACrB,GAAIA,EAAM5xC,OAAS2zC,GACf,MAAM,IAAIlkB,GAAqB,wBAC/BmiB,EAAM5xC,QACNpB,KAAKgzC,MAAQA,EACbhzC,KAAKq1C,iBAAiBrC,IAGtBhzC,KAAKgzC,WAAQ/xC,OAIjBjB,KAAKgzC,WAAQ/xC,EAGjB,GAAIjB,KAAK2xC,QAAU,GAAK3xC,KAAK2xC,QAAU,WACnC,MAAM,IAAI4D,WAAW,6CACzBzsB,EAAIuE,YAAY,EAAG,EAAG,EAAIrtB,KAAKk1C,OAASl1C,KAAK2xC,QAAW,GAE5DhqB,eAAe6tB,EAAW5+B,EAAK66B,EAAOuB,EAAOyC,GACzC,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS/iB,QAAQ8iB,GAE3D7tB,eAAeqpB,EAAYp6B,EAAK66B,EAAOuB,EAAOyC,GAC1C,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS9iB,QAAQqe,GAE3Dte,QAAQ5oB,GACJ,OAAO9J,KAAK01C,gBAAgB5rC,GAEhC6oB,QAAQ7oB,GACJ,OAAO9J,KAAK21C,gBAAgB7rC,GAEhC8rC,wBAAwB9rC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,GACtB0nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfxuC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBE,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM9zC,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYvsB,EAAK4M,GAC5DogB,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKgtB,GACrDA,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAMd,OAHA/P,KAAK2xC,QAAUA,EACf3xC,KAAK4yB,IAAIzvB,IAAMA,EACfnD,KAAK4yB,IAAI7iB,IAAMA,EACRtO,EAEXo0C,yBACI,IAAI/sB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfsD,EAAUj1C,KAAKi1C,QACfjC,EAAQhzC,KAAKgzC,MACb7vC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACnB,MAAMtO,EAAS,IAAIoB,WAAWkN,EAAMklC,GACpCnsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYvsB,EAAM4M,EAAM,IAAO,IAC/DA,GACAtO,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM4M,IACxC,IAAI9M,EAAI8M,EACR,KAAW,GAAJ9M,EAAQA,IACX4lB,EAAK1lB,EAAMF,GAAK,EACpB6lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKF,GAClD,MAAM6yC,OAAiB70C,IAAV+xC,EAAsBA,EAAM5xC,OAAS,EAC5C20C,GAASpE,EAAU,GAAM,GAAK5hC,EAuBpC,OAtBA8Y,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGrtB,KAAKk1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/CjuB,EAAO6B,IAAIulB,EAAK5c,SAAS,EAAGgpC,GAAUllC,GACtC/P,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAIzvB,IAAM,EACfnD,KAAK4yB,IAAI7iB,IAAM,EACRtO,EAEXu0C,wBAAwBlsC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,GACtB0nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfsD,EAAUj1C,KAAKi1C,QACf9xC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAOniB,EAAMkgB,EAAOglB,EAAWllC,EAAMkgB,EAAOglB,GAAY,GAAK,EAC7DgB,EAAOlmC,EAAMkgB,EAAOiC,EACpB/B,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM9zC,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAOgmB,GACV9lB,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,EAAOgmB,GACvDlmC,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKgtB,GACzDA,EAAOrH,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYvsB,EAAKgtB,GACxDA,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACRhtB,EAAM,EACN4M,EAAM,EAQV,OANIkgB,EAAO,IACPlgB,GAAO+f,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,IAE5CjwB,KAAK2xC,QAAUA,EACf3xC,KAAK4yB,IAAIzvB,IAAMA,EACfnD,KAAK4yB,IAAI7iB,IAAMA,EACRtO,EAEXy0C,yBACI,IAAIptB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzB6jB,EAAUj1C,KAAKi1C,QACfjC,EAAQhzC,KAAKgzC,MACbrB,EAAU3xC,KAAK2xC,QACfxuC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfmiB,EAAOniB,EAAMklC,EACjB,GAAIllC,EAAMklC,EACN,MAAM,IAAItkB,GAAkB,gCAChC,MAAMlvB,EAAS,IAAIoB,WAAWqvB,GACxBikB,EAAO,IAAItzC,WAAWgmB,EAAK5c,SAAS9I,EAAM+uB,EAAM/uB,EAAM4M,IAC5D,IAAI9M,EAAIivB,EACR,KAAW,GAAJjvB,EAAQA,IACX4lB,EAAK1lB,EAAMF,GAAK,EACpB6lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKF,GAClD6lB,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYvsB,EAAKF,GACjDivB,GACAzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IACxC,MAAM4jB,OAAiB70C,IAAV+xC,EAAsBA,EAAM5xC,OAAS,EAC5C20C,GAASpE,EAAU,GAAM,GAAK5hC,EAAMklC,EAC1CpsB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGrtB,KAAKk1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/C,IAAI0mB,EAAS,EACb,IAAK,IAAInzC,EAAI,EAAGA,EAAIgyC,IAAWhyC,EAC3BmzC,GAAUD,EAAKlzC,GAAK4lB,EAAK5lB,GAC7B,GAAImzC,EACA,MAAM,IAAItlB,GAAc,+BAI5B,OAHA9wB,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAIzvB,IAAM,EACfnD,KAAK4yB,IAAI7iB,IAAM,EACRtO,EAEXk0C,gBAAgB7rC,GACZ,MAAMC,EAAU/J,KAAKg2C,wBAAwBlsC,GACvCE,EAAUhK,KAAKk2C,yBACfz0C,EAAS,IAAIoB,WAAWkH,EAAQ3I,OAAS4I,EAAQ5I,QAKvD,OAJI2I,EAAQ3I,QACRK,EAAO6B,IAAIyG,GACXC,EAAQ5I,QACRK,EAAO6B,IAAI0G,EAASD,EAAQ3I,QACzBK,EAEXi0C,gBAAgB5rC,GACZ,MAAMC,EAAU/J,KAAK41C,wBAAwB9rC,GACvCE,EAAUhK,KAAK61C,yBACfp0C,EAAS,IAAIoB,WAAWkH,EAAQ3I,OAAS4I,EAAQ5I,QAKvD,OAJI2I,EAAQ3I,QACRK,EAAO6B,IAAIyG,GACXC,EAAQ5I,QACRK,EAAO6B,IAAI0G,EAASD,EAAQ3I,QACzBK,EAEX4zC,iBAAiBvrC,GACb,IAAIgf,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBpB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB+uB,EAAO,EACX,KAAOF,EAAO,GAAG,CAIb,IAHAE,EAAOL,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,GACxCD,GAAQG,EACRF,GAAQE,EACM,GAAPA,GACHtH,EAAKsH,KAAU,EACnBrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAWS,KC3PxD,MAAMme,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAIdwzB,GAAY,GACZnC,GAAO,UAObjvC,eAAesuB,GAAI5B,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUvQ,MAAM,qCAGlB,GAAIkX,EAAKyE,gBACP,MAAO,CACL6T,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,EAAQ,IAAInwC,YAC1C,MAAM8vC,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKsa,GAClFyhB,EAAG0D,OAAOrD,GACV,MAAMxC,EAAKxxB,GAAOxY,OAAO,CAACmsC,EAAGlL,OAAOuI,GAAK2C,EAAGC,QAASD,EAAG2D,eACxD,OAAO,IAAIzzC,WAAW2tC,IAGxB7d,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,EAAQ,IAAInwC,YAC1C,MAAM0zC,EAAK,IAAIhI,GAAW4C,iBAAiB,OAAuB,EAAbv6B,EAAIxV,OAAc,OAAQwV,EAAKsa,GACpFqlB,EAAGF,OAAOrD,GACVuD,EAAGC,WAAWhG,EAAG9uC,MAAM8uC,EAAGpvC,OAASmxC,GAAW/B,EAAGpvC,SACjD,MAAM4uC,EAAKhxB,GAAOxY,OAAO,CAAC+vC,EAAG9O,OAAO+I,EAAG9uC,MAAM,EAAG8uC,EAAGpvC,OAASmxC,KAAagE,EAAG3D,UAC5E,OAAO,IAAI/vC,WAAWmtC,KAK5B,GAAI51B,EAAKoE,gBAAiC,KAAf5H,EAAIxV,OAAe,CAC5C,MAAMivC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,KAAQ,EAAO,CAAC,UAAW,YAEtF,MAAO,CACL1d,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,EAAQ,IAAInwC,YAC1C,IAAKmtC,EAAG5uC,OACN,OAAO4zC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,GAEtC,MAAMxC,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAML,GAC9G,OAAO,IAAIntC,WAAW2tC,IAGxB7d,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,EAAQ,IAAInwC,YAC1C,GAAI2tC,EAAGpvC,SAAWmxC,GAChB,OAAOyC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,GAEtC,MAAMhD,QAAW1B,GAAU3b,QAAQ,CAAEznB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAMG,GAC9G,OAAO,IAAI3tC,WAAWmtC,KAK5B,MAAO,CACLtd,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,GAC9B,OAAOgC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,IAGtCrgB,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,GAC9B,OAAOgC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,IAG1C,CAWAvjB,GAAI6jB,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAhiB,GAAIuiB,YAtFgB,GAuFpBviB,GAAI6iB,SAtFa,GAuFjB7iB,GAAI8iB,UAAYA,UC7GD,CAEb5B,IAAKA,GAEL+F,IAAKA,GACL9hC,gBAAiB8hC,GAEjBhiC,IAAKA,GAELC,IAAKA,wBClBP,SAAUgiC,GASV,IAAIC,EAAK,SAASvc,GAChB,IAAIp3B,EAAG0K,EAAI,IAAIkpC,aAAa,IAC5B,GAAIxc,EAAM,IAAKp3B,EAAI,EAAGA,EAAIo3B,EAAKj5B,OAAQ6B,IAAK0K,EAAE1K,GAAKo3B,EAAKp3B,GACxD,OAAO0K,CACT,EAGImpC,EAAc,WAAuB,MAAU5zC,MAAM,YAErD6zC,EAAK,IAAIl0C,WAAW,IAAKk0C,EAAG,GAAK,EAErC,IAAIC,EAAMJ,IACNK,EAAML,EAAG,CAAC,IACVM,EAAUN,EAAG,CAAC,MAAQ,IACtBzJ,EAAIyJ,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIO,EAAKP,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIQ,EAAIR,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIS,EAAIT,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChI5f,EAAI4f,EAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAQpI,SAASU,EAAiBxqC,EAAGyqC,EAAIrpC,EAAGspC,GAClC,OAPF,SAAY1qC,EAAGyqC,EAAIrpC,EAAGspC,EAAIprC,GACxB,IAAInJ,EAAEwlB,EAAI,EACV,IAAKxlB,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKwlB,GAAK3b,EAAEyqC,EAAGt0C,GAAGiL,EAAEspC,EAAGv0C,GAC1C,OAAQ,EAAMwlB,EAAI,IAAO,GAAM,CACjC,CAGSgvB,CAAG3qC,EAAEyqC,EAAGrpC,EAAEspC,EAAG,GACtB,CAEA,SAASE,EAAS/pC,EAAGU,GACnB,IAAIpL,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0K,EAAE1K,GAAU,EAALoL,EAAEpL,EACpC,CAEA,SAAS00C,EAASC,GAChB,IAAI30C,EAAG40C,EAAGz7B,EAAI,EACd,IAAKnZ,EAAI,EAAGA,EAAI,GAAIA,IAClB40C,EAAID,EAAE30C,GAAKmZ,EAAI,MACfA,EAAI1Q,KAAKsP,MAAM68B,EAAI,OACnBD,EAAE30C,GAAK40C,EAAQ,MAAJz7B,EAEbw7B,EAAE,IAAMx7B,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAAS07B,EAAS1lB,EAAG9jB,EAAGL,GAEtB,IADA,IAAIgQ,EAAG7B,IAAMnO,EAAE,GACNhL,EAAI,EAAGA,EAAI,GAAIA,IACtBgb,EAAI7B,GAAKgW,EAAEnvB,GAAKqL,EAAErL,IAClBmvB,EAAEnvB,IAAMgb,EACR3P,EAAErL,IAAMgb,CAEZ,CAEA,SAAS85B,EAAUH,EAAGxrC,GACpB,IAAInJ,EAAG0Z,EAAG1O,EACNb,EAAIwpC,IAAM34B,EAAI24B,IAClB,IAAK3zC,EAAI,EAAGA,EAAI,GAAIA,IAAKgb,EAAEhb,GAAKmJ,EAAEnJ,GAIlC,IAHA00C,EAAS15B,GACT05B,EAAS15B,GACT05B,EAAS15B,GACJtB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAvP,EAAE,GAAK6Q,EAAE,GAAK,MACThb,EAAI,EAAGA,EAAI,GAAIA,IAClBmK,EAAEnK,GAAKgb,EAAEhb,GAAK,OAAWmK,EAAEnK,EAAE,IAAI,GAAM,GACvCmK,EAAEnK,EAAE,IAAM,MAEZmK,EAAE,IAAM6Q,EAAE,IAAM,OAAW7Q,EAAE,KAAK,GAAM,GACxCa,EAAKb,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACT0qC,EAAS75B,EAAG7Q,EAAG,EAAEa,GAEnB,IAAKhL,EAAI,EAAGA,EAAI,GAAIA,IAClB20C,EAAE,EAAE30C,GAAY,IAAPgb,EAAEhb,GACX20C,EAAE,EAAE30C,EAAE,GAAKgb,EAAEhb,IAAI,CAErB,CAEA,SAAS+0C,EAAS3pC,EAAGJ,GACnB,IAAImO,EAAI,IAAIvZ,WAAW,IAAK4lB,EAAI,IAAI5lB,WAAW,IAG/C,OAFAk1C,EAAU37B,EAAG/N,GACb0pC,EAAUtvB,EAAGxa,GACNqpC,EAAiBl7B,EAAG,EAAGqM,EAAG,EACnC,CAEA,SAASwvB,EAAS5pC,GAChB,IAAIoa,EAAI,IAAI5lB,WAAW,IAEvB,OADAk1C,EAAUtvB,EAAGpa,GACC,EAAPoa,EAAE,EACX,CAEA,SAASyvB,EAAYN,EAAGxrC,GACtB,IAAInJ,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKmJ,EAAE,EAAEnJ,IAAMmJ,EAAE,EAAEnJ,EAAE,IAAM,GACtD20C,EAAE,KAAO,KACX,CAEA,SAAS3K,EAAE2K,EAAGvpC,EAAGJ,GACf,IAAK,IAAIhL,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAC/C,CAEA,SAASk1C,EAAEP,EAAGvpC,EAAGJ,GACf,IAAK,IAAIhL,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAC/C,CAEA,SAASm1C,EAAER,EAAGvpC,EAAGJ,GACf,IAAI4pC,EAAGz7B,EACJknB,EAAK,EAAI1Y,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIyY,EAAK,EAAIwB,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEoT,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK3rC,EAAE,GACP4rC,EAAK5rC,EAAE,GACP6rC,EAAK7rC,EAAE,GACP8rC,EAAK9rC,EAAE,GACP+rC,EAAK/rC,EAAE,GACPgsC,EAAKhsC,EAAE,GACPisC,EAAKjsC,EAAE,GACPksC,EAAKlsC,EAAE,GACPmsC,EAAKnsC,EAAE,GACPosC,EAAKpsC,EAAE,GACPqsC,EAAMrsC,EAAE,IACRssC,EAAMtsC,EAAE,IACRusC,EAAMvsC,EAAE,IACRwsC,EAAMxsC,EAAE,IACRysC,EAAMzsC,EAAE,IACR0sC,EAAM1sC,EAAE,IAGVq1B,IADAuU,EAAIxpC,EAAE,IACIurC,EACVhvB,GAAMitB,EAAIgC,EACVhvB,GAAMgtB,EAAIiC,EACVhvB,GAAM+sB,EAAIkC,EACVxW,GAAMsU,EAAImC,EACVjV,GAAM8S,EAAIoC,EACVjV,GAAM6S,EAAIqC,EACVjV,GAAM4S,EAAIsC,EACV9B,GAAMR,EAAIuC,EACV9B,GAAMT,EAAIwC,EACV9B,GAAOV,EAAIyC,EACX9B,GAAOX,EAAI0C,EACX9B,GAAOZ,EAAI2C,EACX9B,GAAOb,EAAI4C,EACX9B,GAAOd,EAAI6C,EACX9B,GAAOf,EAAI8C,EAEX/vB,IADAitB,EAAIxpC,EAAE,IACIurC,EACV/uB,GAAMgtB,EAAIgC,EACV/uB,GAAM+sB,EAAIiC,EACVvW,GAAMsU,EAAIkC,EACVhV,GAAM8S,EAAImC,EACVhV,GAAM6S,EAAIoC,EACVhV,GAAM4S,EAAIqC,EACV7B,GAAMR,EAAIsC,EACV7B,GAAMT,EAAIuC,EACV7B,GAAOV,EAAIwC,EACX7B,GAAOX,EAAIyC,EACX7B,GAAOZ,EAAI0C,EACX7B,GAAOb,EAAI2C,EACX7B,GAAOd,EAAI4C,EACX7B,GAAOf,EAAI6C,EACX7B,GAAOhB,EAAI8C,EAEX9vB,IADAgtB,EAAIxpC,EAAE,IACIurC,EACV9uB,GAAM+sB,EAAIgC,EACVtW,GAAMsU,EAAIiC,EACV/U,GAAM8S,EAAIkC,EACV/U,GAAM6S,EAAImC,EACV/U,GAAM4S,EAAIoC,EACV5B,GAAMR,EAAIqC,EACV5B,GAAMT,EAAIsC,EACV5B,GAAOV,EAAIuC,EACX5B,GAAOX,EAAIwC,EACX5B,GAAOZ,EAAIyC,EACX5B,GAAOb,EAAI0C,EACX5B,GAAOd,EAAI2C,EACX5B,GAAOf,EAAI4C,EACX5B,GAAOhB,EAAI6C,EACX5B,GAAOjB,EAAI8C,EAEX7vB,IADA+sB,EAAIxpC,EAAE,IACIurC,EACVrW,GAAMsU,EAAIgC,EACV9U,GAAM8S,EAAIiC,EACV9U,GAAM6S,EAAIkC,EACV9U,GAAM4S,EAAImC,EACV3B,GAAMR,EAAIoC,EACV3B,GAAMT,EAAIqC,EACV3B,GAAOV,EAAIsC,EACX3B,GAAOX,EAAIuC,EACX3B,GAAOZ,EAAIwC,EACX3B,GAAOb,EAAIyC,EACX3B,GAAOd,EAAI0C,EACX3B,GAAOf,EAAI2C,EACX3B,GAAOhB,EAAI4C,EACX3B,GAAOjB,EAAI6C,EACX3B,GAAOlB,EAAI8C,EAEXpX,IADAsU,EAAIxpC,EAAE,IACIurC,EACV7U,GAAM8S,EAAIgC,EACV7U,GAAM6S,EAAIiC,EACV7U,GAAM4S,EAAIkC,EACV1B,GAAMR,EAAImC,EACV1B,GAAMT,EAAIoC,EACV1B,GAAOV,EAAIqC,EACX1B,GAAOX,EAAIsC,EACX1B,GAAOZ,EAAIuC,EACX1B,GAAOb,EAAIwC,EACX1B,GAAOd,EAAIyC,EACX1B,GAAOf,EAAI0C,EACX1B,GAAOhB,EAAI2C,EACX1B,GAAOjB,EAAI4C,EACX1B,GAAOlB,EAAI6C,EACX1B,GAAOnB,EAAI8C,EAEX5V,IADA8S,EAAIxpC,EAAE,IACIurC,EACV5U,GAAM6S,EAAIgC,EACV5U,GAAM4S,EAAIiC,EACVzB,GAAMR,EAAIkC,EACVzB,GAAMT,EAAImC,EACVzB,GAAOV,EAAIoC,EACXzB,GAAOX,EAAIqC,EACXzB,GAAOZ,EAAIsC,EACXzB,GAAOb,EAAIuC,EACXzB,GAAOd,EAAIwC,EACXzB,GAAOf,EAAIyC,EACXzB,GAAOhB,EAAI0C,EACXzB,GAAOjB,EAAI2C,EACXzB,GAAOlB,EAAI4C,EACXzB,GAAOnB,EAAI6C,EACXzB,GAAOpB,EAAI8C,EAEX3V,IADA6S,EAAIxpC,EAAE,IACIurC,EACV3U,GAAM4S,EAAIgC,EACVxB,GAAMR,EAAIiC,EACVxB,GAAMT,EAAIkC,EACVxB,GAAOV,EAAImC,EACXxB,GAAOX,EAAIoC,EACXxB,GAAOZ,EAAIqC,EACXxB,GAAOb,EAAIsC,EACXxB,GAAOd,EAAIuC,EACXxB,GAAOf,EAAIwC,EACXxB,GAAOhB,EAAIyC,EACXxB,GAAOjB,EAAI0C,EACXxB,GAAOlB,EAAI2C,EACXxB,GAAOnB,EAAI4C,EACXxB,GAAOpB,EAAI6C,EACXxB,GAAOrB,EAAI8C,EAEX1V,IADA4S,EAAIxpC,EAAE,IACIurC,EACVvB,GAAMR,EAAIgC,EACVvB,GAAMT,EAAIiC,EACVvB,GAAOV,EAAIkC,EACXvB,GAAOX,EAAImC,EACXvB,GAAOZ,EAAIoC,EACXvB,GAAOb,EAAIqC,EACXvB,GAAOd,EAAIsC,EACXvB,GAAOf,EAAIuC,EACXvB,GAAOhB,EAAIwC,EACXvB,GAAOjB,EAAIyC,EACXvB,GAAOlB,EAAI0C,EACXvB,GAAOnB,EAAI2C,EACXvB,GAAOpB,EAAI4C,EACXvB,GAAOrB,EAAI6C,EACXvB,GAAOtB,EAAI8C,EAEXtC,IADAR,EAAIxpC,EAAE,IACIurC,EACVtB,GAAMT,EAAIgC,EACVtB,GAAOV,EAAIiC,EACXtB,GAAOX,EAAIkC,EACXtB,GAAOZ,EAAImC,EACXtB,GAAOb,EAAIoC,EACXtB,GAAOd,EAAIqC,EACXtB,GAAOf,EAAIsC,EACXtB,GAAOhB,EAAIuC,EACXtB,GAAOjB,EAAIwC,EACXtB,GAAOlB,EAAIyC,EACXtB,GAAOnB,EAAI0C,EACXtB,GAAOpB,EAAI2C,EACXtB,GAAOrB,EAAI4C,EACXtB,GAAOtB,EAAI6C,EACXtB,GAAOvB,EAAI8C,EAEXrC,IADAT,EAAIxpC,EAAE,IACIurC,EACVrB,GAAOV,EAAIgC,EACXrB,GAAOX,EAAIiC,EACXrB,GAAOZ,EAAIkC,EACXrB,GAAOb,EAAImC,EACXrB,GAAOd,EAAIoC,EACXrB,GAAOf,EAAIqC,EACXrB,GAAOhB,EAAIsC,EACXrB,GAAOjB,EAAIuC,EACXrB,GAAOlB,EAAIwC,EACXrB,GAAOnB,EAAIyC,EACXrB,GAAOpB,EAAI0C,EACXrB,GAAOrB,EAAI2C,EACXrB,GAAOtB,EAAI4C,EACXrB,GAAOvB,EAAI6C,EACXrB,GAAOxB,EAAI8C,EAEXpC,IADAV,EAAIxpC,EAAE,KACKurC,EACXpB,GAAOX,EAAIgC,EACXpB,GAAOZ,EAAIiC,EACXpB,GAAOb,EAAIkC,EACXpB,GAAOd,EAAImC,EACXpB,GAAOf,EAAIoC,EACXpB,GAAOhB,EAAIqC,EACXpB,GAAOjB,EAAIsC,EACXpB,GAAOlB,EAAIuC,EACXpB,GAAOnB,EAAIwC,EACXpB,GAAOpB,EAAIyC,EACXpB,GAAOrB,EAAI0C,EACXpB,GAAOtB,EAAI2C,EACXpB,GAAOvB,EAAI4C,EACXpB,GAAOxB,EAAI6C,EACXpB,GAAOzB,EAAI8C,EAEXnC,IADAX,EAAIxpC,EAAE,KACKurC,EACXnB,GAAOZ,EAAIgC,EACXnB,GAAOb,EAAIiC,EACXnB,GAAOd,EAAIkC,EACXnB,GAAOf,EAAImC,EACXnB,GAAOhB,EAAIoC,EACXnB,GAAOjB,EAAIqC,EACXnB,GAAOlB,EAAIsC,EACXnB,GAAOnB,EAAIuC,EACXnB,GAAOpB,EAAIwC,EACXnB,GAAOrB,EAAIyC,EACXnB,GAAOtB,EAAI0C,EACXnB,GAAOvB,EAAI2C,EACXnB,GAAOxB,EAAI4C,EACXnB,GAAOzB,EAAI6C,EACXnB,GAAO1B,EAAI8C,EAEXlC,IADAZ,EAAIxpC,EAAE,KACKurC,EACXlB,GAAOb,EAAIgC,EACXlB,GAAOd,EAAIiC,EACXlB,GAAOf,EAAIkC,EACXlB,GAAOhB,EAAImC,EACXlB,GAAOjB,EAAIoC,EACXlB,GAAOlB,EAAIqC,EACXlB,GAAOnB,EAAIsC,EACXlB,GAAOpB,EAAIuC,EACXlB,GAAOrB,EAAIwC,EACXlB,GAAOtB,EAAIyC,EACXlB,GAAOvB,EAAI0C,EACXlB,GAAOxB,EAAI2C,EACXlB,GAAOzB,EAAI4C,EACXlB,GAAO1B,EAAI6C,EACXlB,GAAO3B,EAAI8C,EAEXjC,IADAb,EAAIxpC,EAAE,KACKurC,EACXjB,GAAOd,EAAIgC,EACXjB,GAAOf,EAAIiC,EACXjB,GAAOhB,EAAIkC,EACXjB,GAAOjB,EAAImC,EACXjB,GAAOlB,EAAIoC,EACXjB,GAAOnB,EAAIqC,EACXjB,GAAOpB,EAAIsC,EACXjB,GAAOrB,EAAIuC,EACXjB,GAAOtB,EAAIwC,EACXjB,GAAOvB,EAAIyC,EACXjB,GAAOxB,EAAI0C,EACXjB,GAAOzB,EAAI2C,EACXjB,GAAO1B,EAAI4C,EACXjB,GAAO3B,EAAI6C,EACXjB,GAAO5B,EAAI8C,EAEXhC,IADAd,EAAIxpC,EAAE,KACKurC,EACXhB,GAAOf,EAAIgC,EACXhB,GAAOhB,EAAIiC,EACXhB,GAAOjB,EAAIkC,EACXhB,GAAOlB,EAAImC,EACXhB,GAAOnB,EAAIoC,EACXhB,GAAOpB,EAAIqC,EACXhB,GAAOrB,EAAIsC,EACXhB,GAAOtB,EAAIuC,EACXhB,GAAOvB,EAAIwC,EACXhB,GAAOxB,EAAIyC,EACXhB,GAAOzB,EAAI0C,EACXhB,GAAO1B,EAAI2C,EACXhB,GAAO3B,EAAI4C,EACXhB,GAAO5B,EAAI6C,EACXhB,GAAO7B,EAAI8C,EAEX/B,IADAf,EAAIxpC,EAAE,KACKurC,EAkBXhvB,GAAO,IAhBPkuB,GAAOjB,EAAIiC,GAiBXjvB,GAAO,IAhBPkuB,GAAOlB,EAAIkC,GAiBXjvB,GAAO,IAhBPkuB,GAAOnB,EAAImC,GAiBXzW,GAAO,IAhBP0V,GAAOpB,EAAIoC,GAiBXlV,GAAO,IAhBPmU,GAAOrB,EAAIqC,GAiBXlV,GAAO,IAhBPmU,GAAOtB,EAAIsC,GAiBXlV,GAAO,IAhBPmU,GAAOvB,EAAIuC,GAiBX/B,GAAO,IAhBPgB,GAAOxB,EAAIwC,GAiBX/B,GAAO,IAhBPgB,GAAOzB,EAAIyC,GAiBX/B,GAAO,IAhBPgB,GAAO1B,EAAI0C,GAiBX/B,GAAO,IAhBPgB,GAAO3B,EAAI2C,GAiBX/B,GAAO,IAhBPgB,GAAO5B,EAAI4C,GAiBX/B,GAAO,IAhBPgB,GAAO7B,EAAI6C,GAiBX/B,GAAO,IAhBPgB,GAAO9B,EAAI8C,GAqBsCrX,GAAjDuU,GAnBAvU,GAAO,IAhBPuV,GAAOhB,EAAIgC,KAkCXz9B,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QAKSvU,GAAjDuU,GAJAvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACxCvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,GAEpBw7B,EAAG,GAAKtU,EACRsU,EAAG,GAAKhtB,EACRgtB,EAAG,GAAK/sB,EACR+sB,EAAG,GAAK9sB,EACR8sB,EAAG,GAAKrU,EACRqU,EAAG,GAAK7S,EACR6S,EAAG,GAAK5S,EACR4S,EAAG,GAAK3S,EACR2S,EAAG,GAAKS,EACRT,EAAG,GAAKU,EACRV,EAAE,IAAMW,EACRX,EAAE,IAAMY,EACRZ,EAAE,IAAMa,EACRb,EAAE,IAAMc,EACRd,EAAE,IAAMe,EACRf,EAAE,IAAMgB,CACV,CAEA,SAASnF,EAAEmE,EAAGvpC,GACZ+pC,EAAER,EAAGvpC,EAAGA,EACV,CAEA,SAASusC,EAAShD,EAAG30C,GACnB,IACIoL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKpL,EAAEoL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAiB,IAANA,GAAS+pC,EAAEh8B,EAAGA,EAAGnZ,GAEjC,IAAKoL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CAaA,SAASwsC,EAAkBvsC,EAAGlC,EAAGgmB,GAC/B,IAC8BzkB,EAAG1K,EAD7BilC,EAAI,IAAIrlC,WAAW,IACnBiK,EAAI,IAAI+pC,aAAa,IACrBxoC,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMvyC,EAAIuyC,IAAMlS,EAAIkS,IAC5B,IAAK3zC,EAAI,EAAGA,EAAI,GAAIA,IAAKilC,EAAEjlC,GAAKmJ,EAAEnJ,GAIlC,IAHAilC,EAAE,IAAW,IAAN97B,EAAE,IAAS,GAClB87B,EAAE,IAAI,IACNgQ,EAAYprC,EAAEslB,GACTnvB,EAAI,EAAGA,EAAI,GAAIA,IAClBgL,EAAEhL,GAAG6J,EAAE7J,GACPwlB,EAAExlB,GAAGoL,EAAEpL,GAAGmZ,EAAEnZ,GAAG,EAGjB,IADAoL,EAAE,GAAGoa,EAAE,GAAG,EACLxlB,EAAE,IAAKA,GAAG,IAAKA,EAElB60C,EAASzpC,EAAEJ,EADXN,EAAGu6B,EAAEjlC,IAAI,MAAQ,EAAFA,GAAM,GAErB60C,EAAS17B,EAAEqM,EAAE9a,GACbs/B,EAAE5oC,EAAEgK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACN6wB,EAAE7wB,EAAEnO,EAAEwa,GACN0vB,EAAElqC,EAAEA,EAAEwa,GACNgrB,EAAEhrB,EAAEpkB,GACJovC,EAAE/O,EAAEr2B,GACJ+pC,EAAE/pC,EAAE+N,EAAE/N,GACN+pC,EAAEh8B,EAAEnO,EAAE5J,GACN4oC,EAAE5oC,EAAEgK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACNq3B,EAAExlC,EAAEI,GACJ8pC,EAAE/7B,EAAEqM,EAAEic,GACN0T,EAAE/pC,EAAE+N,EAAE86B,GACNjK,EAAE5+B,EAAEA,EAAEoa,GACN2vB,EAAEh8B,EAAEA,EAAE/N,GACN+pC,EAAE/pC,EAAEoa,EAAEic,GACN0T,EAAE3vB,EAAExa,EAAEnB,GACN2mC,EAAExlC,EAAE5J,GACJyzC,EAASzpC,EAAEJ,EAAEN,GACbmqC,EAAS17B,EAAEqM,EAAE9a,GAEf,IAAK1K,EAAI,EAAGA,EAAI,GAAIA,IAClB6J,EAAE7J,EAAE,IAAIoL,EAAEpL,GACV6J,EAAE7J,EAAE,IAAImZ,EAAEnZ,GACV6J,EAAE7J,EAAE,IAAIgL,EAAEhL,GACV6J,EAAE7J,EAAE,IAAIwlB,EAAExlB,GAEZ,IAAI63C,EAAMhuC,EAAEb,SAAS,IACjB8uC,EAAMjuC,EAAEb,SAAS,IAIrB,OAHA2uC,EAASE,EAAIA,GACb1C,EAAE2C,EAAIA,EAAID,GACV/C,EAAUzpC,EAAEysC,GACL,CACT,CAEA,SAASC,EAAuB1sC,EAAGlC,GACjC,OAAOyuC,EAAkBvsC,EAAGlC,EAAG2qC,EACjC,CAOA,SAAS9wC,EAAImsB,EAAG9jB,GACd,IAAID,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMvyC,EAAIuyC,IAAMlS,EAAIkS,IACxBjS,EAAIiS,IAAMz6B,EAAIy6B,IAAM34B,EAAI24B,IAE5BuB,EAAE9pC,EAAG+jB,EAAE,GAAIA,EAAE,IACb+lB,EAAEl6B,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAE/pC,EAAGA,EAAG4P,GACRgvB,EAAEh/B,EAAGmkB,EAAE,GAAIA,EAAE,IACb6a,EAAEhvB,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAEnqC,EAAGA,EAAGgQ,GACRm6B,EAAEh8B,EAAGgW,EAAE,GAAI9jB,EAAE,IACb8pC,EAAEh8B,EAAGA,EAAG+6B,GACRiB,EAAE3vB,EAAG2J,EAAE,GAAI9jB,EAAE,IACb2+B,EAAExkB,EAAGA,EAAGA,GACR0vB,EAAE9zC,EAAG4J,EAAGI,GACR8pC,EAAEzT,EAAGjc,EAAGrM,GACR6wB,EAAEtI,EAAGlc,EAAGrM,GACR6wB,EAAE9wB,EAAGlO,EAAGI,GAER+pC,EAAEhmB,EAAE,GAAI/tB,EAAGqgC,GACX0T,EAAEhmB,EAAE,GAAIjW,EAAGwoB,GACXyT,EAAEhmB,EAAE,GAAIuS,EAAGD,GACX0T,EAAEhmB,EAAE,GAAI/tB,EAAG8X,EACb,CAEA,SAAS8+B,EAAM7oB,EAAG9jB,EAAGL,GACnB,IAAIhL,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB60C,EAAS1lB,EAAEnvB,GAAIqL,EAAErL,GAAIgL,EAEzB,CAEA,SAASitC,EAAKvtC,EAAGykB,GACf,IAAI+oB,EAAKvE,IAAMwE,EAAKxE,IAAMyE,EAAKzE,IAC/BgE,EAASS,EAAIjpB,EAAE,IACfgmB,EAAE+C,EAAI/oB,EAAE,GAAIipB,GACZjD,EAAEgD,EAAIhpB,EAAE,GAAIipB,GACZtD,EAAUpqC,EAAGytC,GACbztC,EAAE,KAAOsqC,EAASkD,IAAO,CAC3B,CAEA,SAASG,EAAWlpB,EAAG9jB,EAAGuP,GACxB,IAAI5P,EAAGhL,EAKP,IAJAy0C,EAAStlB,EAAE,GAAI4kB,GACfU,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI4kB,GACV/zC,EAAI,IAAKA,GAAK,IAAKA,EAEtBg4C,EAAM7oB,EAAG9jB,EADTL,EAAK4P,EAAG5a,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BgD,EAAIqI,EAAG8jB,GACPnsB,EAAImsB,EAAGA,GACP6oB,EAAM7oB,EAAG9jB,EAAGL,EAEhB,CAEA,SAASstC,EAAWnpB,EAAGvU,GACrB,IAAIvP,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAC3Bc,EAASppC,EAAE,GAAI8oC,GACfM,EAASppC,EAAE,GAAI+oC,GACfK,EAASppC,EAAE,GAAI2oC,GACfmB,EAAE9pC,EAAE,GAAI8oC,EAAGC,GACXiE,EAAWlpB,EAAG9jB,EAAGuP,EACnB,CAEA,SAAS29B,EAAoBC,EAAIC,EAAIC,GACnC,IAAIlzB,EAEAxlB,EADAmvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KAY3B,IATK+E,GAAQ7E,EAAY4E,EAAI,KAC7BjzB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8yB,EAAWnpB,EAAG3J,GACdyyB,EAAKO,EAAIrpB,GAEJnvB,EAAI,EAAGA,EAAI,GAAIA,IAAKy4C,EAAGz4C,EAAE,IAAMw4C,EAAGx4C,GACvC,OAAO,CACT,CAEA,IAAI24C,EAAI,IAAI/E,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgF,EAAKluC,EAAGb,GACf,IAAIg6B,EAAO7jC,EAAG0Z,EAAGV,EACjB,IAAKhZ,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADA6jC,EAAQ,EACHnqB,EAAI1Z,EAAI,GAAIgZ,EAAIhZ,EAAI,GAAI0Z,EAAIV,IAAKU,EACpC7P,EAAE6P,IAAMmqB,EAAQ,GAAKh6B,EAAE7J,GAAK24C,EAAEj/B,GAAK1Z,EAAI,KACvC6jC,EAAQp7B,KAAKsP,OAAOlO,EAAE6P,GAAK,KAAO,KAClC7P,EAAE6P,IAAc,IAARmqB,EAEVh6B,EAAE6P,IAAMmqB,EACRh6B,EAAE7J,GAAK,EAGT,IADA6jC,EAAQ,EACHnqB,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE6P,IAAMmqB,GAASh6B,EAAE,KAAO,GAAK8uC,EAAEj/B,GACjCmqB,EAAQh6B,EAAE6P,IAAM,EAChB7P,EAAE6P,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK7P,EAAE6P,IAAMmqB,EAAQ8U,EAAEj/B,GAC3C,IAAK1Z,EAAI,EAAGA,EAAI,GAAIA,IAClB6J,EAAE7J,EAAE,IAAM6J,EAAE7J,IAAM,EAClB0K,EAAE1K,GAAY,IAAP6J,EAAE7J,EAEb,CAEA,SAASstB,EAAO5iB,GACd,IAA8B1K,EAA1B6J,EAAI,IAAI+pC,aAAa,IACzB,IAAK5zC,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK0K,EAAE1K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0K,EAAE1K,GAAK,EAChC44C,EAAKluC,EAAGb,EACV,CAsCA,SAASgvC,EAAUnuC,EAAGykB,GACpB,IAAInU,EAAI24B,IAAMmF,EAAMnF,IAAM3P,EAAM2P,IAC5BoF,EAAMpF,IAAMqF,EAAOrF,IAAMsF,EAAOtF,IAChCuF,EAAOvF,IA2BX,OAzBAc,EAAS/pC,EAAE,GAAIspC,GACfiB,EAAYvqC,EAAE,GAAIykB,GAClBqhB,EAAExM,EAAKt5B,EAAE,IACTyqC,EAAE4D,EAAK/U,EAAKkG,GACZgL,EAAElR,EAAKA,EAAKt5B,EAAE,IACds/B,EAAE+O,EAAKruC,EAAE,GAAIquC,GAEbvI,EAAEwI,EAAMD,GACRvI,EAAEyI,EAAMD,GACR7D,EAAE+D,EAAMD,EAAMD,GACd7D,EAAEn6B,EAAGk+B,EAAMlV,GACXmR,EAAEn6B,EAAGA,EAAG+9B,GAnPV,SAAiBpE,EAAG30C,GAClB,IACIoL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKpL,EAAEoL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAS+pC,EAAEh8B,EAAGA,EAAGnZ,GAExB,IAAKoL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CA4OE+tC,CAAQn+B,EAAGA,GACXm6B,EAAEn6B,EAAGA,EAAGgpB,GACRmR,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEzqC,EAAE,GAAIsQ,EAAG+9B,GAEXvI,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAMmR,EAAEzqC,EAAE,GAAIA,EAAE,GAAIqpB,GAEtCyc,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAc,GAE5BgR,EAAStqC,EAAE,MAASykB,EAAE,KAAK,GAAI+lB,EAAExqC,EAAE,GAAIqpC,EAAKrpC,EAAE,IAElDyqC,EAAEzqC,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAII0uC,EAAoB,GAKxB,SAASC,IACP,IAAK,IAAIr5C,EAAI,EAAGA,EAAIs5C,UAAUn7C,OAAQ6B,IACpC,KAAMs5C,UAAUt5C,aAAcJ,YAC5B,MAAM,IAAIgvB,UAAU,kCAE1B,CAEA,SAAS2qB,EAAQC,GACf,IAAK,IAAIx5C,EAAI,EAAGA,EAAIw5C,EAAIr7C,OAAQ6B,IAAKw5C,EAAIx5C,GAAK,CAChD,CAEA0zC,EAAK+F,WAAa,SAAStwC,EAAGgmB,GAE5B,GADAkqB,EAAgBlwC,EAAGgmB,GApBe,KAqB9BhmB,EAAEhL,OAA0C,MAAU8B,MAAM,cAChE,GAvB4B,KAuBxBkvB,EAAEhxB,OAAoC,MAAU8B,MAAM,cAC1D,IAAIoL,EAAI,IAAIzL,WAxBgB,IA0B5B,OADAg4C,EAAkBvsC,EAAGlC,EAAGgmB,GACjB9jB,CACT,EAEAqoC,EAAKgG,IAAM,GAEXhG,EAAKgG,IAAIC,QAAU,WACjB,IAnQ0B1uC,EAAGpB,EAmQzB2uC,EAAK,IAAI54C,WA9BiB,IA+B1B64C,EAAK,IAAI74C,WA9BiB,IAgC9B,OAtQ0BqL,EAqQPutC,EApQnB3E,EAD6BhqC,EAqQN4uC,EApQR,IACRV,EAAuB9sC,EAAGpB,GAoQ1B,CAACoF,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKgG,IAAIC,QAAQC,cAAgB,SAAS3nC,GAExC,GADAonC,EAAgBpnC,GApCc,KAqC1BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAClB,IAAIu4C,EAAK,IAAI54C,WAxCiB,IA0C9B,OADAm4C,EAAuBS,EAAIvmC,GACpB,CAAChD,UAAWupC,EAAIvmC,UAAW,IAAIrS,WAAWqS,GACnD,EAEAyhC,EAAKmG,KAAO,SAASzX,EAAKnwB,GAExB,GADAonC,EAAgBjX,EAAKnwB,GA1CU,KA2C3BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAClB,IAAI65C,EAAY,IAAIl6C,WAAWw5C,EAAkBhX,EAAIjkC,QAErD,OA5JF,SAAqB47C,EAAI5vC,EAAGhB,EAAGsvC,GAC7B,IAAIjzB,EAAGtM,EAAGxO,EACN1K,EAAG0Z,EAAG7P,EAAI,IAAI+pC,aAAa,IAC3BzkB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,MAE3BnuB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIw0B,EAAQ7wC,EAAI,GAChB,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK+5C,EAAG,GAAK/5C,GAAKmK,EAAEnK,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+5C,EAAG,GAAK/5C,GAAKwlB,EAAE,GAAKxlB,GAO7C,IAJAstB,EADA5iB,EAAIgpC,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,GAAIgxC,KAE9B1B,EAAWnpB,EAAGzkB,GACdutC,EAAK8B,EAAI5qB,GAEJnvB,EAAI,GAAIA,EAAI,GAAIA,IAAK+5C,EAAG/5C,GAAKy4C,EAAGz4C,GAIrC,IAFAstB,EADApU,EAAIw6B,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,EAAGgxC,KAGxBh6C,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK0K,EAAE1K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAK0Z,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE7J,EAAE0Z,IAAMR,EAAElZ,GAAKwlB,EAAE9L,GAIvBk/B,EAAKmB,EAAG/wC,SAAS,IAAKa,EAExB,CA0HEowC,CAAYH,EAAW1X,EAAKA,EAAIjkC,OAAQ8T,GACjC6nC,CACT,EAEApG,EAAKmG,KAAKK,SAAW,SAAS9X,EAAKnwB,GAGjC,IAFA,IAAI6nC,EAAYpG,EAAKmG,KAAKzX,EAAKnwB,GAC3BkoC,EAAM,IAAIv6C,WAAWw5C,GAChBp5C,EAAI,EAAGA,EAAIm6C,EAAIh8C,OAAQ6B,IAAKm6C,EAAIn6C,GAAK85C,EAAU95C,GACxD,OAAOm6C,CACT,EAEAzG,EAAKmG,KAAKK,SAASE,OAAS,SAAShY,EAAK+X,EAAKlrC,GAE7C,GADAoqC,EAAgBjX,EAAK+X,EAAKlrC,GACtBkrC,EAAIh8C,SAAWi7C,EACjB,MAAUn5C,MAAM,sBAClB,GA9D+B,KA8D3BgP,EAAU9Q,OACZ,MAAU8B,MAAM,uBAClB,IAEID,EAFA+5C,EAAK,IAAIn6C,WAAWw5C,EAAoBhX,EAAIjkC,QAC5CgM,EAAI,IAAIvK,WAAWw5C,EAAoBhX,EAAIjkC,QAE/C,IAAK6B,EAAI,EAAGA,EAAIo5C,EAAmBp5C,IAAK+5C,EAAG/5C,GAAKm6C,EAAIn6C,GACpD,IAAKA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK+5C,EAAG/5C,EAAEo5C,GAAqBhX,EAAIpiC,GAC/D,OAxGF,SAA0BmK,EAAG4vC,EAAI5wC,EAAGqvC,GAClC,IAAIx4C,EACwBkZ,EAAxB8B,EAAI,IAAIpb,WAAW,IACnBuvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KACvBtoC,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAE3B,GAAIxqC,EAAI,GAAI,OAAQ,EAEpB,GAAI0vC,EAAUxtC,EAAGmtC,GAAK,OAAQ,EAE9B,IAAKx4C,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK+5C,EAAG/5C,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKmK,EAAEnK,EAAE,IAAMw4C,EAAGx4C,GAUtC,GARAstB,EADApU,EAAIw6B,EAAK3iC,KAAK5G,EAAEnB,SAAS,EAAGG,KAE5BkvC,EAAWlpB,EAAG9jB,EAAG6N,GAEjBo/B,EAAWjtC,EAAG0uC,EAAG/wC,SAAS,KAC1BhG,EAAImsB,EAAG9jB,GACP4sC,EAAKj9B,EAAGmU,GAERhmB,GAAK,GACDkrC,EAAiB0F,EAAI,EAAG/+B,EAAG,GAAI,CACjC,IAAKhb,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK,EAC/B,OAAQ,EAGV,IAAKA,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK+5C,EAAG/5C,EAAI,IACtC,OAAOmJ,CACT,CA4EUkxC,CAAiBlwC,EAAG4vC,EAAIA,EAAG57C,OAAQ8Q,IAAc,CAC3D,EAEAykC,EAAKmG,KAAKF,QAAU,WAClB,IAAInB,EAAK,IAAI54C,WAzEkB,IA0E3B64C,EAAK,IAAI74C,WAzEkB,IA2E/B,OADA24C,EAAoBC,EAAIC,GACjB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKmG,KAAKF,QAAQC,cAAgB,SAAS3nC,GAEzC,GADAonC,EAAgBpnC,GA/Ee,KAgF3BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAElB,IADA,IAAIu4C,EAAK,IAAI54C,WAnFkB,IAoFtBI,EAAI,EAAGA,EAAIw4C,EAAGr6C,OAAQ6B,IAAKw4C,EAAGx4C,GAAKiS,EAAU,GAAGjS,GACzD,MAAO,CAACiP,UAAWupC,EAAIvmC,UAAW,IAAIrS,WAAWqS,GACnD,EAEAyhC,EAAKmG,KAAKF,QAAQW,SAAW,SAASC,GAEpC,GADAlB,EAAgBkB,GAvFU,KAwFtBA,EAAKp8C,OACP,MAAU8B,MAAM,iBAGlB,IAFA,IAAIu4C,EAAK,IAAI54C,WA5FkB,IA6F3B64C,EAAK,IAAI74C,WA5FkB,IA6FtBI,EAAI,EAAGA,EAAI,GAAIA,IAAKy4C,EAAGz4C,GAAKu6C,EAAKv6C,GAE1C,OADAu4C,EAAoBC,EAAIC,GAAI,GACrB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAK8G,QAAU,SAASxzC,GACtB6sC,EAAc7sC,CAChB,EAEA,WAGE,IAAIwU,EAAyB,oBAATi/B,KAAwBA,KAAKj/B,QAAUi/B,KAAKC,SAAY,KAC5E,GAAIl/B,GAAUA,EAAOm/B,gBAAiB,CAGpCjH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAInJ,EAAG40C,EAAI,IAAIh1C,WAAWuJ,GAC1B,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,GAHT,MAIRwb,EAAOm/B,gBAAgB/F,EAAE5rC,SAAShJ,EAAGA,EAAIyI,KAAKmyC,IAAIzxC,EAAInJ,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK6J,EAAE7J,GAAK40C,EAAE50C,GACjCu5C,EAAQ3E,gBAEkB,IAAZiG,KAEhBr/B,OAAS,IACKA,EAAOs/B,aACnBpH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAInJ,EAAG40C,EAAIp5B,EAAOs/B,YAAY3xC,GAC9B,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK6J,EAAE7J,GAAK40C,EAAE50C,GACjCu5C,EAAQ3E,KAIf,CA1BD,EA4BC,CAn6BD,CAm6BoCvS,EAAO0Y,QAAU1Y,EAAO0Y,QAAWN,KAAK/G,KAAO+G,KAAK/G,MAAQ,OC34BhG,MAAMpI,GAAan0B,EAAKyE,gBAOjB,SAASo/B,GAAe78C,GAC7B,MAAM8f,EAAM,IAAIre,WAAWzB,GAC3B,GAAImtC,GAAY,CACd,MAAMrnC,EAAQqnC,GAAWwP,YAAY78B,EAAI9f,QACzC8f,EAAI5d,IAAI4D,OACH,IAAsB,oBAAXuX,SAA0BA,OAAOm/B,gBAGjD,MAAU16C,MAAM,gDAFhBub,OAAOm/B,gBAAgB18B,GAIzB,OAAOA,CACT,CASO/f,eAAe+8C,GAAoBL,EAAKlyC,GAC7C,MAAMQ,QAAmBiO,EAAKuE,gBAE9B,GAAIhT,EAAIkD,GAAGgvC,GACT,MAAU36C,MAAM,uCAGlB,MAAMi7C,EAAUxyC,EAAIqB,IAAI6wC,GAClB32C,EAAQi3C,EAAQh6C,aAMtB,OADU,IAAIgI,QAAiB8xC,GAAe/2C,EAAQ,IAC7CoG,IAAI6wC,GAASl4C,IAAI43C,EAC5B,8FClCO18C,eAAei9C,GAAoB7/B,EAAMla,EAAG4X,GACjD,MAAM9P,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GACrB0xC,EAAMluC,EAAIlB,UAAU,IAAItC,EAAWoS,EAAO,IAC1C8/B,EAAS,IAAIlyC,EAAW,IAOxBmyC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE/FlyC,QAAU8xC,GAAoBL,EAAKA,EAAIpvC,UAAUkB,IACvD,IAAI1M,EAAImJ,EAAEkB,IAAI+wC,GAAQjvC,WAEtB,GACEhD,EAAES,KAAK,IAAIV,EAAWmyC,EAAKr7C,KAC3BA,GAAKA,EAAIq7C,EAAKr7C,IAAMq7C,EAAKl9C,OAErBgL,EAAEqD,YAAc8O,IAClBnS,EAAEe,KAAK0wC,EAAIpvC,UAAUkB,IAAM9C,KAAKgxC,GAChC56C,EAAImJ,EAAEkB,IAAI+wC,GAAQjvC,yBAENmvC,GAAgBnyC,EAAG/H,EAAG4X,IACtC,OAAO7P,CACT,CAUOjL,eAAeo9C,GAAgBnyC,EAAG/H,EAAG4X,GAC1C,QAAI5X,IAAM+H,EAAEQ,MAAMmB,IAAI1J,GAAGoJ,mBA8BpBtM,eAA4BiL,GACjC,MAAMD,QAAmBiO,EAAKuE,gBAC9B,OAAO6/B,GAAYC,OAAMrxC,GACa,IAA7BhB,EAAEkB,IAAI,IAAInB,EAAWiB,KAEhC,CAhCasxC,CAAatyC,aAqBnBjL,eAAsBiL,EAAG6B,GAC9B,MAAM9B,QAAmBiO,EAAKuE,gBAE9B,OADA1Q,EAAIA,GAAK,IAAI9B,EAAW,GACjB8B,EAAEV,OAAOnB,EAAEQ,MAAOR,GAAGqB,OAC9B,CAtBakxC,CAAOvyC,YAyJbjL,eAA2BiL,EAAG6P,EAAG2iC,GACtC,MAAMzyC,QAAmBiO,EAAKuE,gBACxB5O,EAAM3D,EAAEqD,YAETwM,IACHA,EAAIvQ,KAAKC,IAAI,EAAIoE,EAAM,GAAM,IAG/B,MAAM8c,EAAKzgB,EAAEQ,MAGb,IAAIiR,EAAI,EACR,MAAQgP,EAAGrd,OAAOqO,IAAMA,IACxB,MAAM4K,EAAIrc,EAAEuC,WAAW,IAAIxC,EAAW0R,IAEtC,KAAO5B,EAAI,EAAGA,IAAK,CAGjB,IAKIhZ,EALA6J,GAFM8xC,EAAOA,UAAeV,GAAoB,IAAI/xC,EAAW,GAAI0gB,IAE7Dtf,OAAOkb,EAAGrc,GACpB,IAAIU,EAAEW,UAAWX,EAAE8B,MAAMie,GAAzB,CAKA,IAAK5pB,EAAI,EAAGA,EAAI4a,EAAG5a,IAAK,CAGtB,GAFA6J,EAAIA,EAAEI,IAAIJ,GAAGQ,IAAIlB,GAEbU,EAAEW,QACJ,OAAO,EAET,GAAIX,EAAE8B,MAAMie,GACV,MAIJ,GAAI5pB,IAAM4a,EACR,OAAO,GAIX,OAAO,CACT,CA/LaghC,CAAYzyC,EAAG6P,IAM5B,CAuBA,MAAMuiC,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MC1JtC,MAAMM,GAAe,GAyCd,SAASC,GAAUxlC,EAASylC,GACjC,MAAMC,EAAU1lC,EAAQnY,OAExB,GAAI69C,EAAUD,EAAY,GACxB,MAAU97C,MAAM,oBAIlB,MAAMg8C,EA7BR,SAAyB99C,GACvB,MAAMK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAIqiC,EAAQ,EACZ,KAAOA,EAAQriC,GAAQ,CACrB,MAAM28C,EAAcE,GAAe78C,EAASqiC,GAC5C,IAAK,IAAIxgC,EAAI,EAAGA,EAAI86C,EAAY38C,OAAQ6B,IACf,IAAnB86C,EAAY96C,KACdxB,EAAOgiC,KAAWsa,EAAY96C,IAIpC,OAAOxB,CACT,CAiBa09C,CAAgBH,EAAYC,EAAU,GAG3C79B,EAAU,IAAIve,WAAWm8C,GAM/B,OAJA59B,EAAQ,GAAK,EACbA,EAAQ9d,IAAI47C,EAAI,GAEhB99B,EAAQ9d,IAAIiW,EAASylC,EAAYC,GAC1B79B,CACT,CAUO,SAASg+B,GAAUh+B,EAASi+B,GAEjC,IAAIlvC,EAAS,EACTmvC,EAAoB,EACxB,IAAK,IAAI3iC,EAAIxM,EAAQwM,EAAIyE,EAAQhgB,OAAQub,IACvC2iC,GAAoC,IAAfl+B,EAAQzE,GAC7BxM,GAAUmvC,EAGZ,MAAMC,EAAQpvC,EAAS,EACjBqvC,EAAUp+B,EAAQnV,SAASkE,EAAS,GACpCsvC,EAAgC,IAAfr+B,EAAQ,GAA0B,IAAfA,EAAQ,GAAWm+B,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOjlC,EAAKsG,iBAAiB++B,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUt8C,MAAM,mBAClB,CAUO/B,eAAeu+C,GAAWlQ,EAAMvN,EAAQ0d,GAC7C,IAAI18C,EACJ,GAAIg/B,EAAO7gC,SAAW4S,GAAKy7B,kBAAkBD,GAC3C,MAAUtsC,MAAM,uBAIlB,MAAM08C,EAAa,IAAI/8C,WAAWi8C,GAAatP,GAAMpuC,QACrD,IAAK6B,EAAI,EAAGA,EAAI67C,GAAatP,GAAMpuC,OAAQ6B,IACzC28C,EAAW38C,GAAK67C,GAAatP,GAAMvsC,GAGrC,MAAM48C,EAAOD,EAAWx+C,OAAS6gC,EAAO7gC,OACxC,GAAIu+C,EAAQE,EAAO,GACjB,MAAU38C,MAAM,6CAIlB,MAAMg8C,EAAK,IAAIr8C,WAAW88C,EAAQE,EAAO,GAAGC,KAAK,KAI3CC,EAAK,IAAIl9C,WAAW88C,GAK1B,OAJAI,EAAG,GAAK,EACRA,EAAGz8C,IAAI47C,EAAI,GACXa,EAAGz8C,IAAIs8C,EAAYD,EAAQE,GAC3BE,EAAGz8C,IAAI2+B,EAAQ0d,EAAQ1d,EAAO7gC,QACvB2+C,CACT,CAhIAjB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGChBd,MAAMxQ,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBmhC,QAAoB,EAGpBC,GAAgB1R,GAAayR,GAAKE,OAAO,iBAAiB,WAC9DlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,kBAAkBypC,MAC3BrgD,KAAK4W,IAAI,mBAAmBypC,MAC5BrgD,KAAK4W,IAAI,UAAUypC,MACnBrgD,KAAK4W,IAAI,UAAUypC,MACnBrgD,KAAK4W,IAAI,aAAaypC,MACtBrgD,KAAK4W,IAAI,aAAaypC,MACtBrgD,KAAK4W,IAAI,eAAeypC,MAE5B,SAAKp/C,EAECq/C,GAAe/R,GAAayR,GAAKE,OAAO,iBAAiB,WAC7DlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,kBAAkBypC,MAE/B,SAAKp/C,yDAgBEE,eAAoBo/C,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,GAC3D,GAAIn4B,IAASsQ,EAAK5X,SAASsH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aAyPRrd,eAAuBq/C,EAAU12C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAQpD,MAAM4mB,QAyMRt/C,eAA4BiL,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACzC,MAAM1tB,QAAmBiO,EAAKuE,gBACxB+hC,EAAO,IAAIv0C,EAAWimB,GACtBuuB,EAAO,IAAIx0C,EAAWmC,GACtBsyC,EAAO,IAAIz0C,EAAWsc,GAE5B,IAAIo4B,EAAKD,EAAKtzC,IAAIqzC,EAAK/zC,OACnBk0C,EAAKF,EAAKtzC,IAAIozC,EAAK9zC,OAGvB,OAFAk0C,EAAKA,EAAG9wC,eACR6wC,EAAKA,EAAG7wC,eACD,CACL+wC,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtB/H,EAAGwd,GAAgBxd,GAAG,GACtBokB,EAAG5G,GAAgB4G,GAAG,GAEtB2J,EAAGvQ,GAAgBvT,GAAG,GACtBA,EAAGuT,GAAgBuQ,GAAG,GAEtB0uB,GAAIj/B,GAAgBg/B,GAAI,GACxBA,GAAIh/B,GAAgBi/B,GAAI,GACxBE,GAAIn/B,GAAgBgY,GAAG,GACvBonB,KAAK,EAET,CAjOoBC,CAAa90C,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACxC2V,EAAO,CACXtkC,KAAM,oBACN8I,KAAM,CAAE9I,KAAMs1C,IAEV5pC,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAKjR,GAAM,EAAO,CAAC,SAChE,OAAO,IAAI3sC,iBAAiByrC,GAAUwO,KAAK,oBAAqBlmC,EAAK9M,GACvE,CAxQqBq3C,CAAQpgC,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GAAWz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC/E,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAqQN1d,eAAwBo/C,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACrD,MAAQjb,QAASyiC,SAAaphD,gDACxBqhD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1B3E,EAAOvO,GAAWmT,WAAW3gC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC1DzD,EAAKh7C,MAAMgI,GACXgzC,EAAKvxC,MACL,MAAMo2C,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,GACvBy9C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,QAA2C,IAAhC0U,GAAW6T,iBAAkC,CACtD,MAAMC,EAAMpC,GAAc/iC,OAAOykC,EAAW,OAC5C,OAAO,IAAI9+C,WAAWi6C,EAAKA,KAAK,CAAElmC,IAAKyrC,EAAKC,OAAQ,MAAOtoC,KAAM,WAEnE,MAAMuoC,EAAMtC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAET,OAAO,IAAI3/C,WAAWi6C,EAAKA,KAAKyF,GAClC,CApSaE,CAASlC,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAGnD,OAsOF14B,eAAsBo/C,EAAUn0C,EAAGqc,EAAGwZ,GACpC,MAAM91B,QAAmBiO,EAAKuE,gBAC9BvS,EAAI,IAAID,EAAWC,GACnB,MAAMgB,EAAI,IAAIjB,QAAiBuzC,GAAWa,EAAUte,EAAQ71B,EAAEjI,eAE9D,GADAskB,EAAI,IAAItc,EAAWsc,GACfrb,EAAE4B,IAAI5C,GACR,MAAUlJ,MAAM,2CAElB,OAAOkK,EAAEG,OAAOkb,EAAGrc,GAAG4D,aAAa,KAAM5D,EAAEjI,aAC7C,CA/OSu+C,CAAOnC,EAAUn0C,EAAGqc,EAAGwZ,EAChC,SAaO9gC,eAAsBo/C,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,EAAG49B,GACpD,GAAIn4B,IAASsQ,EAAK5X,SAASsH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aA8RRrd,eAAyBq/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAC7C,MAAMo8C,EAiLR,SAAqBr0C,EAAG/H,GACtB,MAAO,CACL08C,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtB/H,EAAGwd,GAAgBxd,GAAG,GACtB48C,KAAK,EAET,CAxLc0B,CAAYv2C,EAAG/H,GACrBuS,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAK,CAChDv1C,KAAM,oBACN8I,KAAM,CAAE9I,KAAOs1C,KACd,EAAO,CAAC,WACX,OAAOlS,GAAU+O,OAAO,oBAAqBzmC,EAAKiH,EAAG/T,EACvD,CArSqB84C,CAAU7hC,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GAAWz2C,EAAM+T,EAAGzR,EAAG/H,GACxE,MAAO+8C,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAkSN1d,eAA0Bo/C,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,GAC9C,MAAQua,QAASyiC,SAAaphD,gDAExBo9C,EAAS9O,GAAWsU,aAAa9hC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC9DlD,EAAOv7C,MAAMgI,GACbuzC,EAAO9xC,MACP,MAAMo2C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,cAEvCpD,EAAM0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAC1Ca,MAAO,mBAGX,IACE,aAAanF,EAAOA,OAAOzmC,EAAKiH,GAChC,MAAOujC,GACP,OAAO,EAEX,CA1Ta0B,CAAWvC,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,GAG5C,OAyQFlD,eAAwBo/C,EAAU1iC,EAAGzR,EAAG/H,EAAG49B,GACzC,MAAM91B,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnByR,EAAI,IAAI1R,EAAW0R,GACnBxZ,EAAI,IAAI8H,EAAW9H,GACfwZ,EAAE7O,IAAI5C,GACR,MAAUlJ,MAAM,6CAElB,MAAM6/C,EAAMllC,EAAEtQ,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,cAC1C6+C,QAAYtD,GAAWa,EAAUte,EAAQ71B,EAAEjI,cACjD,OAAOiW,EAAKqD,iBAAiBslC,EAAKC,EACpC,CApRSC,CAAS1C,EAAU1iC,EAAGzR,EAAG/H,EAAG49B,EACrC,UAUO9gC,eAAuB2I,EAAMsC,EAAG/H,GACrC,OAAI+V,EAAKyE,gBA6SX1d,eAA2B2I,EAAMsC,EAAG/H,GAClC,MAAQua,QAASyiC,SAAaphD,gDAExB0hD,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBACzE,CAILvsC,EAAM,CAAEA,IAHI0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAChDa,MAAO,mBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,OAAO,IAAItgD,WAAW0rC,GAAW6U,cAAcxsC,EAAK9M,GACtD,CA9TWqmC,CAAYrmC,EAAMsC,EAAG/H,GAgUhClD,eAAyB2I,EAAMsC,EAAG/H,GAChC,MAAM8H,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnBtC,EAAO,IAAIqC,EAAW4yC,GAAUj1C,EAAMsC,EAAEjI,eACxCE,EAAI,IAAI8H,EAAW9H,GACfyF,EAAKkF,IAAI5C,GACX,MAAUlJ,MAAM,2CAElB,OAAO4G,EAAKyD,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,aAChD,CAvUSk/C,CAAUv5C,EAAMsC,EAAG/H,EAC5B,UAiBOlD,eAAuB2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAIpD,GAAIjlC,EAAKyE,kBAAoBwgC,EAC3B,IACE,aAiTNl+C,eAA2B2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAQjb,QAASyiC,SAAaphD,gDAExBqhD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1BE,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,GACvBy9C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,IAAIjjB,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADIqpC,GAAc/iC,OAAOykC,EAAW,OAC1BW,OAAQ,MAAQtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBAC1E,CAILvsC,EAAM,CAAEA,IAHIqpC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,IACE,OAAO,IAAItgD,WAAW0rC,GAAW+U,eAAe1sC,EAAK9M,IACrD,MAAOs3C,GACP,MAAUl+C,MAAM,oBAEpB,CArVmBkuC,CAAYtnC,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,OAkVFjgD,eAAyB2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAC/C,MAAMlzC,QAAmBiO,EAAKuE,gBAQ9B,GAPA7U,EAAO,IAAIqC,EAAWrC,GACtBsC,EAAI,IAAID,EAAWC,GACnB/H,EAAI,IAAI8H,EAAW9H,GACnBokB,EAAI,IAAItc,EAAWsc,GACnB2J,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBurB,EAAI,IAAI1tB,EAAW0tB,GACf/vB,EAAKkF,IAAI5C,GACX,MAAUlJ,MAAM,mBAElB,MAAM29C,EAAKp4B,EAAEnb,IAAIgB,EAAE1B,OACbk0C,EAAKr4B,EAAEnb,IAAI8kB,EAAExlB,OAEb22C,SAAmBrF,GAAoB,IAAI/xC,EAAW,GAAIC,IAAIkB,IAAIlB,GAClEo3C,EAAUD,EAAUz1C,OAAO1B,GAAGmB,OAAOlJ,EAAG+H,GAC9CtC,EAAOA,EAAKoD,IAAIs2C,GAASl2C,IAAIlB,GAG7B,MAAMq3C,EAAK35C,EAAKyD,OAAOuzC,EAAI1uB,GACrBsxB,EAAK55C,EAAKyD,OAAOszC,EAAIvyC,GACrB6N,EAAI0d,EAAE3sB,IAAIw2C,EAAG12C,IAAIy2C,IAAKn2C,IAAIgB,GAEhC,IAAI7M,EAAS0a,EAAEjP,IAAIklB,GAAGnsB,IAAIw9C,GAK1B,OAHAhiD,EAASA,EAAOyL,IAAIq2C,GAAWj2C,IAAIlB,GAG5BgzC,GAAU39C,EAAOuO,aAAa,KAAM5D,EAAEjI,cAAek7C,EAC9D,CAhXSsE,CAAU75C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,EAC3C,WAeOl+C,eAAwBod,EAAMla,GAMnC,GAHAA,EAAI,UAFqB+V,EAAKuE,iBAEXta,GAGf+V,EAAKoE,eAAgB,CACvB,MAAMolC,EAAY,CAChB14C,KAAM,oBACN24C,cAAetlC,EACfsjC,eAAgBx9C,EAAE2L,eAClBgE,KAAM,CACJ9I,KAAM,UAGJ0xC,QAAgBtO,GAAUwV,YAAYF,GAAW,EAAM,CAAC,OAAQ,WAIhEnD,QAAYnS,GAAUyV,UAAU,MAAOnH,EAAQpjC,YAErD,MAAO,CACLpN,EAAGsV,GAAgB++B,EAAIr0C,GACvB/H,EAAGA,EAAE2L,eACLyY,EAAG/G,GAAgB++B,EAAIh4B,GAEvB2J,EAAG1Q,GAAgB++B,EAAInyC,GACvBA,EAAGoT,GAAgB++B,EAAIruB,GAEvByH,EAAGnY,GAAgB++B,EAAIO,KAEpB,GAAI5mC,EAAKyE,iBAAmB0vB,GAAWyV,iBAAmB/D,GAAe,CAC9E,MAAMgE,EAAO,CACXJ,cAAetlC,EACfsjC,eAAgBx9C,EAAE+K,WAClB80C,kBAAmB,CAAElqC,KAAM,QAASsoC,OAAQ,OAC5C6B,mBAAoB,CAAEnqC,KAAM,QAASsoC,OAAQ,QAEzC8B,QAAY,IAAInkD,SAAQ,CAACC,EAASC,KACtCouC,GAAWyV,gBAAgB,MAAOC,GAAM,CAAC7C,EAAKiD,EAAGhC,KAC3CjB,EACFjhD,EAAOihD,GAEPlhD,EAAQ+/C,GAAc3iC,OAAO+kC,EAAK,UAEpC,IAOJ,MAAO,CACLj2C,EAAGg4C,EAAIjG,QAAQmG,YAAYzhD,YAC3BwB,EAAG+/C,EAAIvC,eAAeyC,YAAYzhD,YAClC4lB,EAAG27B,EAAItC,gBAAgBwC,YAAYzhD,YAEnCuvB,EAAGgyB,EAAIpC,OAAOsC,YAAYzhD,YAC1ByL,EAAG81C,EAAIrC,OAAOuC,YAAYzhD,YAE1Bg3B,EAAGuqB,EAAIjC,YAAYmC,YAAYzhD,aAOnC,IAAIuvB,EACA9jB,EACAlC,EACJ,GACEkC,QAAU8vC,GAAoB7/B,GAAQA,GAAQ,GAAIla,EAAG,IACrD+tB,QAAUgsB,GAAoB7/B,GAAQ,EAAGla,EAAG,IAC5C+H,EAAIgmB,EAAEllB,IAAIoB,SACHlC,EAAEqD,cAAgB8O,GAE3B,MAAMgmC,EAAMnyB,EAAExlB,MAAMK,KAAKqB,EAAE1B,OAM3B,OAJI0B,EAAEO,GAAGujB,MACNA,EAAG9jB,GAAK,CAACA,EAAG8jB,IAGR,CACLhmB,EAAGA,EAAE4D,eACL3L,EAAGA,EAAE2L,eACLyY,EAAGpkB,EAAEyJ,OAAOy2C,GAAKv0C,eACjBoiB,EAAGA,EAAEpiB,eACL1B,EAAGA,EAAE0B,eAGL6pB,EAAGzH,EAAEtkB,OAAOQ,GAAG0B,eAEnB,iBAaO7O,eAA8BiL,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAClD,MAAM1tB,QAAmBiO,EAAKuE,gBAM9B,GALAvS,EAAI,IAAID,EAAWC,GACnBgmB,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,IAGd8jB,EAAEllB,IAAIoB,GAAGM,MAAMxC,GAClB,OAAO,EAGT,MAAMomC,EAAM,IAAIrmC,EAAW,GAG3B,GADA0tB,EAAI,IAAI1tB,EAAW0tB,IACdzH,EAAEllB,IAAI2sB,GAAGvsB,IAAIgB,GAAGb,QACnB,OAAO,EAGTpJ,EAAI,IAAI8H,EAAW9H,GACnBokB,EAAI,IAAItc,EAAWsc,GAQnB,MAAM+7B,EAAa,IAAIr4C,EAAWT,KAAKsP,MAAM5O,EAAEqD,YAAc,IACvD9B,QAAUuwC,GAAoB1L,EAAKA,EAAI/jC,UAAU+1C,IACjDC,EAAM92C,EAAET,IAAIub,GAAGvb,IAAI7I,GAGzB,SADoBogD,EAAIn3C,IAAI8kB,EAAExlB,OAAOgC,MAAMjB,KAAM82C,EAAIn3C,IAAIgB,EAAE1B,OAAOgC,MAAMjB,GAM1E,8DCjROxM,eAAuB2I,EAAMsoB,EAAGuS,EAAGz2B,GACxC,MAAM/B,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MACMd,EAAI,IAAIjB,EADC4yC,GAAUj1C,EAAMsoB,EAAEjuB,eAK3B8X,QAAUiiC,GAAoB,IAAI/xC,EAAW,GAAIimB,EAAExlB,OACzD,MAAO,CACL2gB,GAAIoX,EAAEp3B,OAAO0O,EAAGmW,GAAGpiB,eACnBwd,GAAItf,EAAEX,OAAO0O,EAAGmW,GAAGnlB,KAAKG,GAAGD,KAAKilB,GAAGpiB,eAEvC,UAcO7O,eAAuBosB,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAC1C,MAAMlzC,QAAmBiO,EAAKuE,gBAO9B,OANA4O,EAAK,IAAIphB,EAAWohB,GACpBC,EAAK,IAAIrhB,EAAWqhB,GACpB4E,EAAI,IAAIjmB,EAAWimB,GACnBtlB,EAAI,IAAIX,EAAWW,GAGZsyC,GADQ7xB,EAAGhgB,OAAOT,EAAGslB,GAAGtkB,OAAOskB,GAAGnlB,KAAKugB,GAAIrgB,KAAKilB,GAC/BpiB,aAAa,KAAMoiB,EAAEjuB,cAAek7C,EAC9D,iBAWOl+C,eAA8BixB,EAAGuS,EAAGz2B,EAAGpB,GAC5C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAIT,MAAMsyB,EAAQ,IAAIv4C,EAAWimB,EAAE3iB,aACzBk1C,EAAQ,IAAIx4C,EAAW,MAC7B,GAAIu4C,EAAM71C,GAAG81C,GACX,OAAO,EAOT,IAAKhgB,EAAEp3B,OAAO6kB,EAAExlB,MAAOwlB,GAAG3kB,QACxB,OAAO,EAST,IAAI0B,EAAMw1B,EACV,MAAM1hC,EAAI,IAAIkJ,EAAW,GACnBy4C,EAAY,IAAIz4C,EAAW,GAAGsC,UAAU,IAAItC,EAAW,KAC7D,KAAOlJ,EAAE4L,GAAG+1C,IAAY,CAEtB,GADAz1C,EAAMA,EAAIjC,IAAIy3B,GAAGx3B,KAAKilB,GAClBjjB,EAAI1B,QACN,OAAO,EAETxK,EAAEwJ,OASJK,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUi2C,EAAM93C,OAAQ4lC,EAAI/jC,UAAUi2C,IACxEG,EAAMzyB,EAAExlB,MAAMK,KAAKU,GAAGd,KAAKC,GACjC,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,IC5GA,MAAM0yB,GACJhlD,YAAYilD,GACV,GAAIA,aAAeD,GACjB9kD,KAAK+kD,IAAMA,EAAIA,SACV,GAAI3qC,EAAK5Z,QAAQukD,IACb3qC,EAAKxX,aAAamiD,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIliD,WAAWkiD,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAI3jD,OAAS,EAC1B,MAAU8B,MAAM,sCAElB6hD,EAAMA,EAAI94C,SAAS,GAErBjM,KAAK+kD,IAAMA,OAEX/kD,KAAK+kD,IAAM,GASf7jD,KAAKZ,GACH,GAAIA,EAAMc,QAAU,EAAG,CACrB,MAAMA,EAASd,EAAM,GACrB,GAAIA,EAAMc,QAAU,EAAIA,EAEtB,OADApB,KAAK+kD,IAAMzkD,EAAM2L,SAAS,EAAG,EAAI7K,GAC1B,EAAIpB,KAAK+kD,IAAI3jD,OAGxB,MAAU8B,MAAM,eAOlBpB,QACE,OAAOsY,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK+kD,IAAI3jD,SAAUpB,KAAK+kD,MAOxE19B,QACE,OAAOjN,EAAK8B,gBAAgBlc,KAAK+kD,KAOnCC,UACE,MAAM34C,EAAMrM,KAAKqnB,QACjB,GAAItG,EAAMvQ,MAAMnE,GACd,OAAO0U,EAAMjf,MAAMif,EAAMvQ,MAAOnE,GAEhC,MAAUnJ,MAAM,qCCzEf,SAAS+hD,GAAeC,EAAcC,GAE3C,OADgBD,EAAatI,QAAQ,CAAEuI,KAAMA,GAE/C,CAEO,SAASC,GAAcF,EAAcG,GAC1C,MAAMzI,EAAUsI,EAAatI,QAAQ,CAAEyI,IAAKA,IAC5C,IAAkC,IAA9BzI,EAAQ0I,WAAW7jD,OACrB,MAAUyB,MAAM,+BAElB,OAAO05C,CACT,CAEOz7C,eAAeokD,GAAgBr6C,GACpC,IAAKuZ,GAAOV,mBACV,MAAU7gB,MAAM,gEAElB,MAAQ0b,QAAS4mC,SAAmBvlD,gDACpC,OAAO,IAAIulD,EAASC,GAAGv6C,EACzB,CCjBO,SAASw6C,GAAiBx+C,GAC/B,IACIiJ,EADAJ,EAAM,EAEV,MAAMiK,EAAO9S,EAAM,GAcnB,OAXI8S,EAAO,MACRjK,GAAO7I,EACRiJ,EAAS,GACA6J,EAAO,KAChBjK,GAAQ7I,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CiJ,EAAS,GACS,MAAT6J,IACTjK,EAAMqK,EAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IACxCkE,EAAS,GAGJ,CACLJ,IAAKA,EACLI,OAAQA,EAEZ,CASO,SAASw1C,GAAkBvkD,GAChC,OAAIA,EAAS,IACJ,IAAIyB,WAAW,CAACzB,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIyB,WAAW,CAAyB,KAAtBzB,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEgZ,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOuX,EAAKM,YAAYtZ,EAAQ,IAChF,CAEO,SAASwkD,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAU3iD,MAAM,iDAElB,OAAO,IAAIL,WAAW,CAAC,IAAMgjD,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIljD,WAAW,CAAC,IAAOkjD,GAChC,CAUO,SAASC,GAAYD,EAAU3kD,GAEpC,OAAOgZ,EAAKtX,iBAAiB,CAACgjD,GAASC,GAAWJ,GAAkBvkD,IACtE,CAOO,SAAS6kD,GAAkB5lC,GAChC,MAAO,CACLU,EAAMlM,OAAOU,YACbwL,EAAMlM,OAAOO,eACb2L,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBACb0L,SAASnB,EACb,CASOlf,eAAe+kD,GAAY5lD,EAAO2E,GACvC,MAAMM,EAASghB,EAAiBjmB,GAChC,IAAII,EACAylD,EACJ,IACE,MAAMC,QAAoB7gD,EAAO0B,UAAU,GAE3C,IAAKm/C,GAAeA,EAAYhlD,OAAS,GAAiC,IAAV,IAAjBglD,EAAY,IACzD,MAAUljD,MAAM,iGAElB,MAAMmjD,QAAmB9gD,EAAOoB,WAChC,IAEI2/C,EAOAC,EATAlmC,GAAO,EACPiiC,GAAU,EAGdA,EAAS,EACmB,IAAV,GAAb+D,KACH/D,EAAS,GAIPA,EAEFjiC,EAAmB,GAAbgmC,GAGNhmC,GAAoB,GAAbgmC,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BP,GAAkB5lC,GAClD,IAiBIomC,EAjBA5xC,EAAS,KACb,GAAI2xC,EAAyB,CAC3B,GAA6B,UAAzBpsC,EAAK5X,SAASlC,GAAoB,CACpC,MAAM4L,EAAc,IAAIw6C,EACxBhmD,EAAS8lB,EAAiBta,GAC1B2I,EAAS3I,MACJ,CACL,MAAM/D,EAAY,IAAIw+C,EACtBjmD,EAAS8lB,EAAiBre,EAAUM,UACpCoM,EAAS1M,EAAUK,SAGrB29C,EAAmBlhD,EAAS,CAAEob,MAAKxL,gBAEnCA,EAAS,GAIX,EAAG,CACD,GAAKytC,EAiCE,CAEL,MAAMsE,QAAmBrhD,EAAOoB,WAEhC,GADA8/C,GAAmB,EACfG,EAAa,IACfN,EAAeM,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CN,GAAiBM,EAAa,KAAQ,SAAYrhD,EAAOoB,WAAc,SAElE,GAAIigD,EAAa,KAAOA,EAAa,KAG1C,GAFAN,EAAe,IAAmB,GAAbM,GACrBH,GAAmB,GACdD,EACH,MAAM,IAAI30B,UAAU,2DAItBy0B,QAAsB/gD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,gBAlDtB,OAAQ4/C,GACN,KAAK,EAGHD,QAAqB/gD,EAAOoB,WAC5B,MACF,KAAK,EAGH2/C,QAAsB/gD,EAAOoB,YAAc,QAAWpB,EAAOoB,WAC7D,MACF,KAAK,EAGH2/C,QAAsB/gD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,WACpB,MACF,QAWE2/C,EAAe96C,IAyBrB,GAAI86C,EAAe,EAAG,CACpB,IAAI76C,EAAY,EAChB,OAAa,CACP/K,SAAcA,EAAOuI,MACzB,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,GAAIglD,IAAiB96C,IAAU,MAC/B,MAAUtI,MAAM,4BAElB,MAAMnB,EAAQukD,IAAiB96C,IAAWnK,EAAQA,EAAM4K,SAAS,EAAGq6C,EAAe76C,GAInF,GAHI/K,QAAcA,EAAOoB,MAAMC,GAC1B8S,EAAOhT,KAAKE,GACjB0J,GAAapK,EAAMD,OACfqK,GAAa66C,EAAc,CAC7B/gD,EAAOmB,QAAQrF,EAAM4K,SAASq6C,EAAe76C,EAAYpK,EAAMD,SAC/D,eAICqlD,GAiCT,MAAMI,QAAmBthD,EAAO0B,UAAUu/C,EAA0Bh7C,IAAW,GAS/E,OARI9K,SACIA,EAAOuI,YACPvI,EAAOsB,UAEb6S,EAASuF,EAAKtX,iBAAiB+R,SAEzB5P,EAAS,CAAEob,MAAKxL,aAEhBgyC,IAAeA,EAAWzlD,OAClC,MAAOiD,GACP,GAAI3D,EAEF,aADMA,EAAOuB,MAAMoC,IACZ,EAEP,MAAMA,UAGJ3D,SACIylD,EAER5gD,EAAO3E,cAEX,CAEO,MAAMkmD,WAAyB5jD,MACpCpD,eAAeinD,GACbhnD,SAASgnD,GAEL7jD,MAAM8jD,mBACR9jD,MAAM8jD,kBAAkBhnD,KAAM8mD,IAGhC9mD,KAAKkL,KAAO,oBAIT,MAAM+7C,GACXnnD,YAAYugB,EAAK6mC,GACflnD,KAAKqgB,IAAMA,EACXrgB,KAAKknD,WAAaA,EAGpBplD,QACE,OAAO9B,KAAKknD,YC9RhB,MAAM5Y,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBsoC,GAAY,CAChB12C,KAAQ,QACRG,KAAQ,QACRE,KAAQ,SAEJs2C,GAAc7Y,GAAaA,GAAW8Y,YAAc,GACpDC,GAAa/Y,GAAa,CAC9Bv9B,UAAWo2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EAC7DwP,KAAM22C,GAAY5lC,SAAS,cAAgB,kBAAevgB,EAC1D2P,KAAMw2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EACxD6P,KAAMs2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EACxDkQ,QAASi2C,GAAY5lC,SAAS,WAAa,eAAYvgB,EACvDuQ,WAAY41C,GAAY5lC,SAAS,UAAY,cAAWvgB,EACxDyQ,gBAAiB01C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,EAC/E0Q,gBAAiBy1C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,EAC/E2Q,gBAAiBw1C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,GAC7E,GAEEsmD,GAAS,CACb92C,KAAM,CACJs0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5DyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW72C,KACjBi3C,IAAKP,GAAU12C,KACfk3C,YAAa,GACbC,WAAY,KAEdh3C,KAAM,CACJm0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW12C,KACjB82C,IAAKP,GAAUv2C,KACf+2C,YAAa,GACbC,WAAY,KAEd92C,KAAM,CACJi0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAWx2C,KACjB42C,IAAKP,GAAUr2C,KACf62C,YAAa,GACbC,WAAY,KAEd52C,UAAW,CACT+zC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAWt2C,UACjB22C,YAAa,IAEfx2C,QAAS,CACP4zC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClEyC,QAASzmC,EAAM7O,UAAUQ,YACzBsB,KAAM+M,EAAM/M,KAAKM,OACjBmzC,MAAM,EACNE,YAAa,IAEfn2C,WAAY,CACVuzC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxEyC,QAASzmC,EAAM7O,UAAUM,KACzBwB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,MAAM,EACNE,YAAa,IAEfj2C,gBAAiB,CACfqzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW51C,gBACjBi2C,YAAa,IAEfh2C,gBAAiB,CACfozC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW31C,gBACjBg2C,YAAa,IAEf/1C,gBAAiB,CACfmzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAW11C,gBACjB+1C,YAAa,KAIjB,MAAME,GACJ/nD,YAAYgoD,EAAWf,GACrB,KACM3sC,EAAK5Z,QAAQsnD,IACb1tC,EAAKxX,aAAaklD,MAEpBA,EAAY,IAAIhD,GAAIgD,IAElBA,aAAqBhD,KAEvBgD,EAAYA,EAAU9C,WAGxBhlD,KAAKkL,KAAO6V,EAAMjf,MAAMif,EAAMvQ,MAAOs3C,GACrC,MAAO1G,GACP,MAAM,IAAI0F,GAAiB,iBAE7BC,EAASA,GAAUQ,GAAOvnD,KAAKkL,MAE/BlL,KAAKwnD,QAAUT,EAAOS,QAEtBxnD,KAAK+kD,IAAMgC,EAAOhC,IAClB/kD,KAAKgU,KAAO+yC,EAAO/yC,KACnBhU,KAAK6tB,OAASk5B,EAAOl5B,OACrB7tB,KAAKynD,KAAOV,EAAOU,MAAQF,GAAOvnD,KAAKkL,MACvClL,KAAK0nD,IAAMX,EAAOW,KAAOH,GAAOvnD,KAAKkL,MACrClL,KAAK2nD,YAAcZ,EAAOY,YACtB3nD,KAAK0nD,KAAOttC,EAAKoE,eACnBxe,KAAKga,KAAO,MACHha,KAAKynD,MAAQrtC,EAAKyE,gBAC3B7e,KAAKga,KAAO,OACW,eAAdha,KAAKkL,KACdlL,KAAKga,KAAO,aACW,YAAdha,KAAKkL,OACdlL,KAAKga,KAAO,WAIhB7Y,mBACE,IAAIy7C,EACJ,OAAQ58C,KAAKga,MACX,IAAK,MACH,IACE,aAiIV7Y,eAA6B+J,GAE3B,MAAM68C,QAAqBzZ,GAAUwV,YAAY,CAAE54C,KAAM,QAAS88C,WAAYb,GAAUj8C,KAAS,EAAM,CAAC,OAAQ,WAE1GsO,QAAmB80B,GAAUyV,UAAU,MAAOgE,EAAavuC,YAC3DtH,QAAkBo8B,GAAUyV,UAAU,MAAOgE,EAAa71C,WAEhE,MAAO,CACLA,UAAW+1C,GAAe/1C,GAC1BsH,WAAYkI,GAAgBlI,EAAWiP,GAE3C,CA5IuBy/B,CAAcloD,KAAKkL,MAChC,MAAOk2C,GACPhnC,EAAK4D,gBAAgB,6CAA+CojC,EAAI7nC,SACxE,MAEJ,IAAK,OACH,OAwIRpY,eAA8B+J,GAE5B,MAAMsH,EAAO+7B,GAAW4Z,WAAWb,GAAWp8C,IAE9C,aADMsH,EAAK41C,eACJ,CACLl2C,UAAW,IAAIrP,WAAW2P,EAAK61C,gBAC/B7uC,WAAY,IAAI3W,WAAW2P,EAAK81C,iBAEpC,CAhJeC,CAAevoD,KAAKkL,MAC7B,IAAK,aAAc,CACjB,MAAMsO,EAAaykC,GAAe,IAClCzkC,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAClB,MAAMtE,EAAYsE,EAAW9X,QAAQ2O,UACrCusC,EAAUjG,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEzC,MAAO,CAAEhD,UADSkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQ+5C,EAAQ1qC,YACrDsH,cAEtB,IAAK,UAAW,CACd,MAAMA,EAAaykC,GAAe,IAC5BrB,EAAUjG,GAAKmG,KAAKF,QAAQW,SAAS/jC,GAE3C,MAAO,CAAEtH,UADSkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQ+5C,EAAQ1qC,YACrDsH,eAGxB,MAAM0rC,QAAqBK,GAAgBvlD,KAAKkL,MAIhD,OAHA0xC,QAAgBsI,EAAasD,WAAW,CACtCC,QAASruC,EAAKqC,mBAAmBwhC,GAAe,OAE3C,CAAE/rC,UAAW,IAAIrP,WAAW+5C,EAAQ8L,UAAU,SAAS,IAASlvC,WAAYojC,EAAQ+L,aAAarE,YAAYzhD,cAuCxH1B,eAAeynD,GAAuBpZ,EAAMuV,EAAK8D,EAAGpgC,GAClD,MAAMqgC,EAAkB,CACtBr4C,MAAM,EACNG,MAAM,EACNE,MAAM,EACNE,WAAW,EACXQ,WAAYg+B,IAASzuB,EAAM7O,UAAUM,KACrCd,iBAAiB,EACjBC,iBAAiB,EACjBC,iBAAiB,GAIbm3C,EAAYhE,EAAIC,UACtB,IAAK8D,EAAgBC,GACnB,OAAO,EAGT,GAAkB,eAAdA,EAA4B,CAC9BtgC,EAAIA,EAAE/mB,QAAQ2O,UAEd,MAAM6B,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAcp0B,GAErDogC,EAAI,IAAIhmD,WAAWgmD,GACnB,MAAMG,EAAK,IAAInmD,WAAW,CAAC,MAASqP,IACpC,QAAKkI,EAAKqD,iBAAiBurC,EAAIH,GAOjC,MAAMr4C,QAAc+0C,GAAgBwD,GACpC,IAEEF,EAAIzD,GAAc50C,EAAOq4C,GAAGH,YAC5B,MAAOO,GACP,OAAO,EAQT,QADWhE,GAAez0C,EAAOiY,GAAGigC,YAC5BQ,GAAGL,EAKb,CA+CA,SAASZ,GAAexH,GACtB,MAAM0I,EAAOznC,GAAgB++B,EAAI3zC,GAC3Bs8C,EAAO1nC,GAAgB++B,EAAIvyC,GAC3BgE,EAAY,IAAIrP,WAAWsmD,EAAK/nD,OAASgoD,EAAKhoD,OAAS,GAI7D,OAHA8Q,EAAU,GAAK,EACfA,EAAU5O,IAAI6lD,EAAM,GACpBj3C,EAAU5O,IAAI8lD,EAAMD,EAAK/nD,OAAS,GAC3B8Q,CACT,CASA,SAASm3C,GAAe1B,EAAaz8C,EAAMgH,GACzC,MAAMnC,EAAM43C,EACNwB,EAAOj3C,EAAUxQ,MAAM,EAAGqO,EAAM,GAChCq5C,EAAOl3C,EAAUxQ,MAAMqO,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgxC,IAAK,KACLuI,IAAKp+C,EACL4B,EAAG+U,GAAgBsnC,GAAM,GACzBj7C,EAAG2T,GAAgBunC,GAAM,GACzBnI,KAAK,EAGT,CAUA,SAASC,GAAayG,EAAaz8C,EAAMgH,EAAWsH,GAClD,MAAMinC,EAAM4I,GAAe1B,EAAaz8C,EAAMgH,GAE9C,OADAuuC,EAAIh4B,EAAI5G,GAAgBrI,GAAY,GAC7BinC,CACT,CCjWA,MAAMnS,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBjB1d,eAAe27C,GAAKiI,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK5X,SAAS+W,GAAU,CACtC,MAAMqjC,EAAU,CAAE1qC,YAAWsH,cAC7B,OAAQhJ,EAAMwJ,MACZ,IAAK,MAEH,IAEE,aAwHV7Y,eAAuBqP,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAM7sC,EAAMS,EAAMm3C,YACZlH,EAAMS,GAAa1wC,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAO0xC,EAAQ1qC,UAAW0qC,EAAQpjC,YACxF5C,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,SAGGe,EAAY,IAAIlS,iBAAiByrC,GAAUwO,KAC/C,CACE5xC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,KAE5C3pC,EACA2C,IAGF,MAAO,CACL5L,EAAGoH,EAAUrT,MAAM,EAAGqO,GACtB8N,EAAG9I,EAAUrT,MAAMqO,EAAKA,GAAO,GAEnC,CArJuBoxC,CAAQ3wC,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAOwE,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,oCAAsCojC,EAAI7nC,SAEjE,MAEF,IAAK,OAAQ,CACX,MAAMxE,QAsKd5T,eAAwBqP,EAAO+vC,EAAUhnC,EAASqjC,GAChD,MAAME,EAAOvO,GAAWmT,WAAW3gC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC1DzD,EAAKh7C,MAAMyX,GACXujC,EAAKvxC,MACL,MAAMqL,EAAM2yC,GAAarsC,OAAO,CAC9B0kC,QAAS,EACT4H,WAAYh5C,EAAMu0C,IAClBvrC,WAAY3Z,MAAMkiB,KAAK66B,EAAQpjC,YAC/BtH,UAAW,CAAEu3C,OAAQ,EAAG3/C,KAAMjK,MAAMkiB,KAAK66B,EAAQ1qC,aAChD,MAAO,CACRswC,MAAO,mBAGT,OAAOkH,GAAepsC,OAAOw/B,EAAKA,KAAKlmC,GAAM,MAC/C,CApLgC6rC,CAASjyC,EAAO+vC,EAAUhnC,EAASqjC,GAC3D,MAAO,CACLjvC,EAAGoH,EAAUpH,EAAE22C,YAAYzhD,YAC3Bgb,EAAG9I,EAAU8I,EAAEymC,YAAYzhD,eAKnC,OAmFF1B,eAA4BqP,EAAOyxB,EAAQzoB,GACzC,MAAM0rC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMquC,GAAeC,EAAc1rC,GACnCzE,EAAY6B,EAAIkmC,KAAK7a,GAC3B,MAAO,CACLt0B,EAAGoH,EAAUpH,EAAE22C,YAAYzhD,YAC3Bgb,EAAG9I,EAAU8I,EAAEymC,YAAYzhD,YAE/B,CA3FS8mD,CAAan5C,EAAOyxB,EAAQzoB,EACrC,CAcOrY,eAAek8C,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASrH,EAAW+vB,GACzE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK5X,SAAS+W,GAC5B,OAAQ/I,EAAMwJ,MACZ,IAAK,MACH,IAEE,aA4GV7Y,eAAyBqP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC3D,MAAMuuC,EAAM4I,GAAe74C,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAOgH,GAC/D0E,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,WAGGe,EAAYqF,EAAKtX,iBAAiB,CAAC6K,EAAGkQ,IAAI5Z,OAEhD,OAAOqqC,GAAU+O,OACf,CACEnyC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,KAE5C3pC,EACA7B,EACAwE,EAEJ,CAtIuBqpC,CAAUpyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAC5D,MAAOkvC,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,sCAAwCojC,EAAI7nC,SAEnE,MACF,IAAK,OACH,OA4IRpY,eAA0BqP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC5D,MAAQ0M,QAASyiC,SAAaphD,gDAExBo9C,EAAS9O,GAAWsU,aAAa9hC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC9DlD,EAAOv7C,MAAMyX,GACb8jC,EAAO9xC,MACP,MAAMqL,EAAMgzC,GAAqB1sC,OAAO,CACtC2sC,UAAW,CACTA,UAAW,CAAC,EAAG,EAAG,IAAK,MAAO,EAAG,GACjCL,WAAYh5C,EAAMu0C,KAEpB+E,iBAAkB,CAAEL,OAAQ,EAAG3/C,KAAMjK,MAAMkiB,KAAK7P,KAC/C,MAAO,CACRswC,MAAO,eAEHztC,EAAY20C,GAAexsC,OAAO,CACtCvP,EAAG,IAAI0zC,EAAG1zC,GAAIkQ,EAAG,IAAIwjC,EAAGxjC,IACvB,OAEH,IACE,OAAOw/B,EAAOA,OAAOzmC,EAAK7B,GAC1B,MAAOqsC,GACP,OAAO,EAEX,CApKe0B,CAAWtyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAI7D,OAuDF/Q,eAA8BqP,EAAOuE,EAAW+yB,EAAQ51B,GACtD,MAAMgzC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMwuC,GAAcF,EAAchzC,GACxC,OAAO0E,EAAIymC,OAAOvV,EAAQ/yB,EAC5B,CA3DSg1C,CAAev5C,EAAOuE,OADO,IAAbwrC,EAA4BhnC,EAAU0oB,EACb/vB,EAClD,CAsKA,MAAM8tC,QAAoB,EAEpB0J,GAAiBnb,GACrByR,GAAKE,OAAO,kBAAkB,WAC5BlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,KAAKypC,MACdrgD,KAAK4W,IAAI,KAAKypC,eAEbp/C,EAEDsoD,GAAehb,GACnByR,GAAKE,OAAO,gBAAgB,WAC1BlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,cAAcozC,SACvBhqD,KAAK4W,IAAI,cAAcqzC,SAAS,GAAGC,WAAWC,MAC9CnqD,KAAK4W,IAAI,aAAaqzC,SAAS,GAAGC,WAAWE,kBAE5CnpD,EAEDopD,GAAsB9b,GAC1ByR,GAAKE,OAAO,uBAAuB,WACjClgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,aAAa0zC,QACtBtqD,KAAK4W,IAAI,cAAcszC,WAAWC,eAEjClpD,EAED2oD,GAAuBrb,GAC3ByR,GAAKE,OAAO,wBAAwB,WAClClgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,aAAa2zC,IAAIF,IAC1BrqD,KAAK4W,IAAI,oBAAoBwzC,kBAE5BnpD,qFA9LAE,eAA8B4jD,EAAK8D,EAAGpgC,GAC3C,MAAMjY,EAAQ,IAAIq3C,GAAa9C,GAE/B,GAAIv0C,EAAMg3C,UAAYzmC,EAAM7O,UAAUO,MACpC,OAAO,EAKT,OAAQjC,EAAMwJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMT,EAAU0kC,GAAe,GACzBsC,EAAWx/B,EAAM/M,KAAKI,OACtB6tB,QAAejuB,GAAK8zB,OAAOyY,EAAUhnC,GAC3C,IACE,MAAMxE,QAAkB+nC,GAAKiI,EAAKxE,EAAUhnC,EAASsvC,EAAGpgC,EAAGwZ,GAC3D,aAAaob,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASsvC,EAAG5mB,GAC1D,MAAOmf,GACP,OAAO,GAGX,QACE,OAAOwH,GAAuB7nC,EAAM7O,UAAUO,MAAOsyC,EAAK8D,EAAGpgC,GAEnE,OCzHKzU,KAAO9M,GAAS,IAAIrE,WAAWyR,KAASmzB,OAAOvgC,GAAO4gC,iEAgBpD3mC,eAAoB4jD,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QAEvE,MAAUlR,MAAM,sCAElB,MAAMgS,EAAYkF,EAAKtX,iBAAiB,CAAC0W,EAAYtH,EAAUjG,SAAS,KAClE8I,EAAY4hC,GAAKmG,KAAKK,SAASlb,EAAQ/sB,GAE7C,MAAO,CACLvH,EAAGoH,EAAU9I,SAAS,EAAG,IACzB4R,EAAG9I,EAAU9I,SAAS,IAE1B,SAcO9K,eAAsB4jD,EAAKxE,GAAU5yC,EAAGkQ,EAAEA,GAAKzQ,EAAG8E,EAAW+vB,GAClE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QACvE,MAAUlR,MAAM,sCAElB,MAAM6R,EAAYqF,EAAKtX,iBAAiB,CAAC6K,EAAGkQ,IAC5C,OAAO84B,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQltB,EAAW7C,EAAUjG,SAAS,GACzE,iBASO9K,eAA8B4jD,EAAK8D,EAAG5sC,GAE3C,GAAsB,YAAlB8oC,EAAIC,UACN,OAAO,EAOT,MAAM9yC,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASthC,GAC3C+sC,EAAK,IAAInmD,WAAW,CAAC,MAASqP,IACpC,OAAOkI,EAAKqD,iBAAiBorC,EAAGG,EAElC,IC4BO,SAASwB,GAAqBhb,GACnC,GAAQA,IACDzuB,EAAM7O,UAAUf,QACnB,OAAO4P,EAAM/M,KAAKI,OAElB,MAAUlR,MAAM,qBAEtB,IA1GK8Q,KAAO9M,GAAS,IAAIrE,WAAWyR,KAASmzB,OAAOvgC,GAAO4gC,qEAOpD3mC,eAAwBquC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOS,GAAe,KACpB/rC,UAAW+6B,GAAM0J,GAAKmG,KAAKF,QAAQW,SAASC,GACpD,MAAO,CAAEvQ,IAAGuQ,QAGZ,MAAUt6C,MAAM,8BAEtB,OAeO/B,eAAoBquC,EAAM+Q,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACzE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUtsC,MAAM,sCAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM+D,EAAYkF,EAAKtX,iBAAiB,CAAC0W,EAAYtH,IAErD,MAAO,CAAEu4C,GADS9T,GAAKmG,KAAKK,SAASlb,EAAQ/sB,IAG/C,KAAK6L,EAAM7O,UAAUc,MACrB,QACE,MAAU9P,MAAM,+BAGtB,SAaO/B,eAAsBquC,EAAM+Q,GAAUkK,GAAEA,GAAMr9C,EAAG8E,EAAW+vB,GACjE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUtsC,MAAM,sCAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUf,QACnB,OAAOwlC,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQwoB,EAAIv4C,GAE/C,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,MAAU9P,MAAM,+BAEtB,iBAUO/B,eAA8BquC,EAAMvC,EAAGuQ,GAC5C,OAAQhO,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAK5B,MAAMe,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASC,GACjD,OAAOpjC,EAAKqD,iBAAiBwvB,EAAG/6B,GAGlC,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,OAAO,EAEb,4BC7FO,SAAS03C,GAAK9zC,EAAK9M,GACxB,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIxV,QAAawV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC4lC,EAAIC,GAAO/gD,GACjB,IAAImjC,EAAI0d,EACR,MAAMvgC,EAAIwgC,EACJx+C,EAAIw+C,EAAExpD,OAAS,EACf6c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI1Z,EAAI,EAAGA,EAAImJ,IAAKnJ,EACvBgb,EAAE,GAAK7R,EAAIuQ,GAAK,EAAI1Z,GAEpBiqC,EAAE,GAAKD,EAAE,GACTC,EAAE,GAAKD,EAAE,GAETC,EAAE,GAAK9iB,EAAE,EAAInnB,GACbiqC,EAAE,GAAK9iB,EAAE,EAAInnB,EAAI,GAEjBiqC,EAAI2d,GAAOj4B,EAAIF,QAAQwoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAClBghC,EAAE,IAAMhvB,EAAE,GACVgvB,EAAE,IAAMhvB,EAAE,GAEVmM,EAAE,EAAInnB,GAAKiqC,EAAE,GACb9iB,EAAE,EAAInnB,EAAI,GAAKiqC,EAAE,GAGrB,OAAOgO,GAAKjO,EAAG7iB,EACjB,CAUO,SAAS0gC,GAAOl0C,EAAK9M,GAC1B,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIxV,QAAawV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC6N,EAAIg4B,GAAO/gD,GACjB,IAAImjC,EAAIpa,EAAE5mB,SAAS,EAAG,GACtB,MAAMme,EAAIyI,EAAE5mB,SAAS,GACfG,EAAIymB,EAAEzxB,OAAS,EAAI,EACnB6c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI1Z,EAAImJ,EAAI,EAAGnJ,GAAK,IAAKA,EAC5Bgb,EAAE,GAAK7R,EAAIuQ,GAAK1Z,EAAI,GAEpBiqC,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAChBivB,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAEhBivB,EAAE,GAAK9iB,EAAE,EAAInnB,GACbiqC,EAAE,GAAK9iB,EAAE,EAAInnB,EAAI,GAEjBiqC,EAAI2d,GAAOj4B,EAAID,QAAQuoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAElBme,EAAE,EAAInnB,GAAKiqC,EAAE,GACb9iB,EAAE,EAAInnB,EAAI,GAAKiqC,EAAE,GAGrB,GAAID,EAAE,KAAO0d,EAAG,IAAM1d,EAAE,KAAO0d,EAAG,GAChC,OAAOzP,GAAK9wB,GAEd,MAAUlnB,MAAM,4BAClB,CAeA,SAAS2nD,GAAO/gD,GACd,MAAM1I,OAAEA,GAAW0I,EACb7F,EAfR,SAA2B6F,GACzB,GAAIsQ,EAAKC,SAASvQ,GAAO,CACvB,MAAM1I,OAAEA,GAAW0I,EACb7F,EAAS,IAAIkhB,YAAY/jB,GACzB0wC,EAAO,IAAIjvC,WAAWoB,GAC5B,IAAK,IAAI0Y,EAAI,EAAGA,EAAIvb,IAAUub,EAC5Bm1B,EAAKn1B,GAAK7S,EAAK0S,WAAWG,GAE5B,OAAO1Y,EAET,OAAO,IAAIpB,WAAWiH,GAAM7F,MAC9B,CAIiB8mD,CAAkBjhD,GAC3BgoC,EAAO,IAAI1sB,SAASnhB,GACpBw4C,EAAM,IAAIz3B,YAAY5jB,EAAS,GACrC,IAAK,IAAI6B,EAAI,EAAGA,EAAI7B,EAAS,IAAK6B,EAChCw5C,EAAIx5C,GAAK6uC,EAAKpgB,UAAU,EAAIzuB,GAE9B,OAAOw5C,CACT,CAEA,SAASvB,KACP,IAAI95C,EAAS,EACb,IAAK,IAAI6a,EAAI,EAAGA,EAAIsgC,UAAUn7C,SAAU6a,EACtC7a,GAAU,EAAIm7C,UAAUtgC,GAAG7a,OAE7B,MAAM6C,EAAS,IAAIkhB,YAAY/jB,GACzB0wC,EAAO,IAAI1sB,SAASnhB,GAC1B,IAAIkM,EAAS,EACb,IAAK,IAAIlN,EAAI,EAAGA,EAAIs5C,UAAUn7C,SAAU6B,EAAG,CACzC,IAAK,IAAI0Z,EAAI,EAAGA,EAAI4/B,UAAUt5C,GAAG7B,SAAUub,EACzCm1B,EAAKkZ,UAAU76C,EAAS,EAAIwM,EAAG4/B,UAAUt5C,GAAG0Z,IAE9CxM,GAAU,EAAIosC,UAAUt5C,GAAG7B,OAE7B,OAAO,IAAIyB,WAAWoB,EACxB,uECnHO,SAASiZ,GAAO3D,GACrB,MAAM6C,EAAI,EAAK7C,EAAQnY,OAAS,EAC1Bma,EAAS,IAAI1Y,WAAW0W,EAAQnY,OAASgb,GAAG0jC,KAAK1jC,GAEvD,OADAb,EAAOjY,IAAIiW,GACJgC,CACT,CAOO,SAAS+B,GAAO/D,GACrB,MAAMxJ,EAAMwJ,EAAQnY,OACpB,GAAI2O,EAAM,EAAG,CACX,MAAMqM,EAAI7C,EAAQxJ,EAAM,GACxB,GAAIqM,GAAK,EAAG,CACV,MAAM6uC,EAAW1xC,EAAQtN,SAAS8D,EAAMqM,GAClC8uC,EAAW,IAAIroD,WAAWuZ,GAAG0jC,KAAK1jC,GACxC,GAAIhC,EAAKqD,iBAAiBwtC,EAAUC,GAClC,OAAO3xC,EAAQtN,SAAS,EAAG8D,EAAMqM,IAIvC,MAAUlZ,MAAM,kBAClB,yECrBA,MAAMorC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAexB,SAASssC,GAAeC,EAAarG,EAAKsG,EAAWC,GACnD,OAAOlxC,EAAKtX,iBAAiB,CAC3BiiD,EAAIjjD,QACJ,IAAIe,WAAW,CAACuoD,IAChBC,EAAUvpD,QACVsY,EAAKiC,mBAAmB,wBACxBivC,EAAYr/C,SAAS,EAAG,KAE5B,CAGA9K,eAAeoqD,GAAIhL,EAAUnJ,EAAGh2C,EAAQoqD,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAIzoD,EACJ,GAAIwoD,EAAc,CAEhB,IAAKxoD,EAAI,EAAGA,EAAIm0C,EAAEh2C,QAAmB,IAATg2C,EAAEn0C,GAAUA,KACxCm0C,EAAIA,EAAEnrC,SAAShJ,GAEjB,GAAIyoD,EAAe,CAEjB,IAAKzoD,EAAIm0C,EAAEh2C,OAAS,EAAG6B,GAAK,GAAc,IAATm0C,EAAEn0C,GAAUA,KAC7Cm0C,EAAIA,EAAEnrC,SAAS,EAAGhJ,EAAI,GAOxB,aALqB+Q,GAAK8zB,OAAOyY,EAAUnmC,EAAKtX,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBu0C,EACAoU,MAEYv/C,SAAS,EAAG7K,EAC5B,CAUAD,eAAewqD,GAAsBn7C,EAAOq4C,GAC1C,OAAQr4C,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAMyO,EAAIw1B,GAAe,KACnB/oC,UAAEA,EAAS02C,UAAEA,SAAoBC,GAAuBr7C,EAAOq4C,EAAG,KAAMpgC,GAC9E,IAAIvW,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEnD,OADAhD,EAAYkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQqP,IACpD,CAAEA,YAAW05C,aAEtB,IAAK,MACH,GAAIp7C,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAoKVrd,eAAqCqP,EAAOq4C,GAC1C,MAAMpI,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,GAC7D,IAAIjM,EAAUtO,GAAUwV,YACtB,CACE54C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEZoE,EAAYxd,GAAUgC,UACxB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAED9K,EAASkP,SAAmB7rD,QAAQ2H,IAAI,CAACg1C,EAASkP,IACnD,IAAIjuC,EAAIywB,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQF,GAEVlP,EAAQpjC,WACRhJ,EAAMk3C,IAAIE,YAERx1B,EAAIkc,GAAUyV,UAChB,MACAnH,EAAQ1qC,YAET2L,EAAGuU,SAAWnyB,QAAQ2H,IAAI,CAACiW,EAAGuU,IAC/B,MAAMw5B,EAAY,IAAI/oD,WAAWgb,GAC3B3L,EAAY,IAAIrP,WAAWolD,GAAe71B,IAChD,MAAO,CAAElgB,YAAW05C,YACtB,CA1MuBK,CAAsBz7C,EAAOq4C,GAC1C,MAAOzH,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OAsQNjgD,eAAsCqP,EAAOq4C,GAC3C,MAAMqD,EAAS3d,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MAChDyE,EAAO9D,eACP,MAAMwD,EAAY,IAAI/oD,WAAWqpD,EAAOC,cAActD,IAChD32C,EAAY,IAAIrP,WAAWqpD,EAAO7D,gBACxC,MAAO,CAAEn2C,YAAW05C,YACtB,CA5QaQ,CAAuB57C,EAAOq4C,GAEzC,OA+NF1nD,eAA0CqP,EAAOq4C,GAC/C,MAAM3D,QAAqBK,GAAgB/0C,EAAMtF,MAC3C2sC,QAAUrnC,EAAMg4C,aACtBK,EAAIzD,GAAcF,EAAc2D,GAChC,MAAMwD,EAAIpH,GAAeC,EAAcrN,EAAEr+B,YACnCtH,EAAY2lC,EAAE3lC,UACduhC,EAAI4Y,EAAEC,OAAOzD,EAAEH,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEjuB,aAC3BynD,EAAYnY,EAAE6Q,YAAYzhD,WAAY,KAAMkN,GAClD,MAAO,CAAEmC,YAAW05C,YACtB,CAzOSW,CAA2B/7C,EAAOq4C,EAC3C,CAmCA1nD,eAAe0qD,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GACjD,GAAIA,EAAErnB,SAAWoP,EAAMm3C,YAAa,CAClC,MAAMnuC,EAAa,IAAI3W,WAAW2N,EAAMm3C,aACxCnuC,EAAWlW,IAAImlB,EAAGjY,EAAMm3C,YAAcl/B,EAAErnB,QACxCqnB,EAAIjP,EAEN,OAAQhJ,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM9E,EAAYuT,EAAE/mB,QAAQ2O,UAE5B,MAAO,CAAE6E,YAAW02C,UADFjV,GAAK+F,WAAWxnC,EAAWm3C,EAAEpgD,SAAS,KAG1D,IAAK,MACH,GAAIuE,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAqDVrd,eAAsCqP,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAMqjC,EAAY5K,GAAa1wC,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,EAAGpgC,GACpE,IAAIjP,EAAa80B,GAAUgC,UACzB,MACAwb,EACA,CACE5gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEhB,MAAMjH,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAK2E,GAC7D,IAAIH,EAAS5d,GAAUgC,UACrB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAEDluC,EAAY0yC,SAAgBjsD,QAAQ2H,IAAI,CAAC4R,EAAY0yC,IACtD,IAAIzY,EAAInF,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQE,GAEV1yC,EACAhJ,EAAMk3C,IAAIE,YAER4E,EAASle,GAAUyV,UACrB,MACAvqC,IAEDi6B,EAAG+Y,SAAgBvsD,QAAQ2H,IAAI,CAAC6rC,EAAG+Y,IACpC,MAAMZ,EAAY,IAAI/oD,WAAW4wC,GAEjC,MAAO,CAAEv+B,UADSwM,GAAgB8qC,EAAO/jC,GACrBmjC,YACtB,CA9FuBa,CAAuBj8C,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAO24B,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OA0LNjgD,eAAuCqP,EAAO67C,EAAG5jC,GAC/C,MAAMqjC,EAAYvd,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MACnDqE,EAAUY,cAAcjkC,GACxB,MAAMmjC,EAAY,IAAI/oD,WAAWipD,EAAUK,cAAcE,IAEzD,MAAO,CAAEn3C,UADS,IAAIrS,WAAWipD,EAAUxD,iBACvBsD,YACtB,CAhMae,CAAwBn8C,EAAO67C,EAAG5jC,GAE7C,OAgJFtnB,eAA2CqP,EAAO67C,EAAG5jC,GACnD,MAAMy8B,QAAqBK,GAAgB/0C,EAAMtF,MACjDmhD,EAAIjH,GAAcF,EAAcmH,GAChC5jC,EAAIw8B,GAAeC,EAAcz8B,GACjC,MAAMvT,EAAY,IAAIrS,WAAW4lB,EAAEkgC,cAC7BlV,EAAIhrB,EAAE6jC,OAAOD,EAAE3D,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEjuB,aAC3BynD,EAAYnY,EAAE6Q,YAAYzhD,WAAY,KAAMkN,GAClD,MAAO,CAAEmF,YAAW02C,YACtB,CAzJSgB,CAA4Bp8C,EAAO67C,EAAG5jC,EAC/C,kEAjIOtnB,eAA8B4jD,EAAK8D,EAAGpgC,GAC3C,OAAOmgC,GAAuB7nC,EAAM7O,UAAUM,KAAMuyC,EAAK8D,EAAGpgC,EAC9D,UAgFOtnB,eAAuB4jD,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GACrD,MAAMl+C,EAAIy/C,GAAa/iD,GAEjB0G,EAAQ,IAAIq3C,GAAa9C,IACzB7yC,UAAEA,EAAS05C,UAAEA,SAAoBD,GAAsBn7C,EAAOq4C,GAC9D2C,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QAGxC,MAAO,CAAE3b,YAAW46C,WADDC,SADHxB,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,GACvBp+C,GAEnC,UAoDOjM,eAAuB4jD,EAAKsG,EAAWgB,EAAGx5B,EAAGg2B,EAAGpgC,EAAG6iC,GACxD,MAAM96C,EAAQ,IAAIq3C,GAAa9C,IACzB6G,UAAEA,SAAoBC,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GAC1D+iC,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QACxC,IAAIuzB,EACJ,IAAK,IAAIn+C,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAGE,OAAO+pD,GAAaC,SADJ1B,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,EAAa,IAANvoD,EAAe,IAANA,GACpC4vB,IACpC,MAAOxuB,GACP+8C,EAAM/8C,EAGV,MAAM+8C,CACR,ICrMA,MAAM9S,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBquC,GAAmB3e,IAAcA,GAAW4e,WAAa5e,GAAW4e,UAAUzuC,OAErEvd,eAAeisD,GAAK7M,EAAU8M,EAAUC,EAAMC,EAAMC,GACjE,MAAMx5C,EAAO+M,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GACvC,IAAKvsC,EAAM,MAAU9Q,MAAM,qCAE3B,GAAIorC,IAAa4e,GAAkB,CACjC,MAAMzuC,EAAS6vB,IAAa4e,GACtBO,QAAoBhvC,EAAO6xB,UAAU,MAAO+c,EAAU,QAAQ,EAAO,CAAC,eACtE9uC,QAAaE,EAAOstC,WAAW,CAAE7gD,KAAM,OAAQ8I,OAAMs5C,OAAMC,QAAQE,EAAsB,EAATD,GACtF,OAAO,IAAI3qD,WAAW0b,GAGxB,GAAIgwB,GAAY,CACd,MAAMmf,EAAe3sC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,GAGtCoN,EAAc,CAACC,EAASC,IAAgBtf,GAAWuf,WAAWJ,EAAcE,GAASnmB,OAAOomB,GAAa/lB,SAGzGimB,EAAkBJ,EAAYL,EAAMD,GAEpCW,EAAUD,EAAgB3sD,OAI1BgL,EAAIV,KAAKmQ,KAAK2xC,EAASQ,GACvBC,EAAuB,IAAIprD,WAAWuJ,EAAI4hD,GAG1CE,EAAa,IAAIrrD,WAAWmrD,EAAUT,EAAKnsD,OAAS,GAE1D8sD,EAAW5qD,IAAIiqD,EAAMS,GAErB,IAAK,IAAI/qD,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK,CAG1BirD,EAAWA,EAAW9sD,OAAS,GAAK6B,EAAI,EAExC,MAAMgb,EAAI0vC,EAAYI,EAAiB9qD,EAAI,EAAIirD,EAAaA,EAAWjiD,SAAS+hD,IAChFE,EAAW5qD,IAAI2a,EAAG,GAElBgwC,EAAqB3qD,IAAI2a,EAAGhb,EAAI+qD,GAGlC,OAAOC,EAAqBhiD,SAAS,EAAGuhD,GAG1C,MAAUtqD,MAAM,mCAClB,CC7CA,MAAMirD,GAAY,CAChBr7C,OAAQsH,EAAK0C,WAAW,8EAQnB3b,eAAwBquC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUY,OAAQ,CAE3B,MAAMmJ,EAAIgiC,GAAe,KACjB/rC,UAAW+6B,GAAM0J,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACxD,MAAO,CAAEgxB,IAAGhxB,KAGZ,MAAU/Y,MAAM,6BAEtB,iBAUO/B,eAA8BquC,EAAMvC,EAAGhxB,GAC5C,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAK3B,MAAMZ,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACrD,OAAO7B,EAAKqD,iBAAiBwvB,EAAG/6B,GAIhC,OAAO,CAEb,UAcO/Q,eAAuBquC,EAAM1lC,EAAMskD,GACxC,GAAQ5e,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMu7C,EAAqBpQ,GAAe,IACpCqQ,EAAe3X,GAAK+F,WAAW2R,EAAoBD,IACjDl8C,UAAWq8C,GAAuB5X,GAAKgG,IAAIC,QAAQC,cAAcwR,GACnEG,EAAYp0C,EAAKtX,iBAAiB,CACtCyrD,EACAH,EACAE,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAG9C,MAAO,CAAEg7C,qBAAoBzB,WADVC,SADS0B,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI3rD,WAAcsrD,GAAUr7C,OAAQmgB,GAC7DnpB,IAK7C,MAAU5G,MAAM,6BAEtB,UAaO/B,eAAuBquC,EAAM+e,EAAoBzB,EAAY7f,EAAGhxB,GACrE,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMw7C,EAAe3X,GAAK+F,WAAWzgC,EAAGsyC,GAClCC,EAAYp0C,EAAKtX,iBAAiB,CACtCyrD,EACAthB,EACAqhB,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAE9C,OAAO05C,SADqBwB,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI3rD,WAAcsrD,GAAUr7C,OAAQmgB,GACvE65B,GAGnC,MAAU5pD,MAAM,6BAEtB,6HRqFA/B,eAAwBqP,GACtB,MAAMrE,QAAmBiO,EAAKuE,gBAE9BnO,EAAQ,IAAIq3C,GAAar3C,GACzB,MAAMosC,QAAgBpsC,EAAMg4C,aACtBK,EAAI,IAAI18C,EAAWywC,EAAQ1qC,WAAWlC,eACtCw8C,EAAS,IAAIrgD,EAAWywC,EAAQpjC,YAAYxJ,aAAa,KAAMQ,EAAMm3C,aAC3E,MAAO,CACL5C,IAAKv0C,EAAMu0C,IACX8D,IACA2D,SACAx4C,KAAMxD,EAAMwD,KACZ6Z,OAAQrd,EAAMqd,OAElB,uBAOA,SAA8Bk3B,GAC5B,OAAOwC,GAAOxmC,EAAMjf,MAAMif,EAAMvQ,MAAOu0C,EAAI19B,UAAUrT,IACvD,2DS3LO7S,eAAoBo/C,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GACpD,MAAMX,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GAM3B,IAAI8P,EACAtO,EACAkQ,EACAI,EARJmU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnB73B,EAAI,IAAIX,EAAWW,GAMnB63B,EAAIA,EAAEr3B,IAAI8kB,GACVtlB,EAAIA,EAAEQ,IAAIgB,GAMV,MAAM6N,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEnK,eAAemJ,IAAIgB,GAMjE,OAAa,CAIX,GAFA2N,QAAUiiC,GAAoBvuC,EAAKrB,GACnCX,EAAIg3B,EAAEp3B,OAAO0O,EAAGmW,GAAGjlB,KAAKmB,GACpBX,EAAEH,SACJ,SAEF,MAAMkhD,EAAK5hD,EAAEI,IAAIS,GAAGR,KAAKmB,GAGzB,GAFA2P,EAAI9B,EAAElW,IAAIyoD,GAAIvhD,KAAKmB,GACnBuP,EAAI5B,EAAEnO,OAAOQ,GAAGrB,KAAKgR,GAAG9Q,KAAKmB,IACzBuP,EAAErQ,SAGN,MAEF,MAAO,CACLG,EAAGA,EAAEqC,aAAa,KAAM1B,EAAEnK,cAC1B0Z,EAAGA,EAAE7N,aAAa,KAAM1B,EAAEnK,cAE9B,SAeOhD,eAAsBo/C,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAC5D,MAAM/B,QAAmBiO,EAAKuE,gBACxBjP,EAAO,IAAIvD,EAAW,GAS5B,GARAwB,EAAI,IAAIxB,EAAWwB,GACnBkQ,EAAI,IAAI1R,EAAW0R,GAEnBuU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEfP,EAAEmB,IAAIY,IAAS/B,EAAEqB,IAAIV,IACrBuP,EAAE/O,IAAIY,IAASmO,EAAE7O,IAAIV,GAEvB,OADA8L,EAAK0D,WAAW,0BACT,EAET,MAAM3B,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEnK,eAAegJ,KAAKmB,GAC5D6oB,EAAItZ,EAAE/P,OAAOQ,GACnB,GAAI6oB,EAAE3pB,SAEJ,OADA4M,EAAK0D,WAAW,0BACT,EAGT6mB,EAAIA,EAAEr3B,IAAI8kB,GACVlkB,EAAIA,EAAEZ,IAAI8kB,GACV,MAAMu8B,EAAKxyC,EAAEjP,IAAIiqB,GAAGhqB,KAAKmB,GACnBsgD,EAAKjhD,EAAET,IAAIiqB,GAAGhqB,KAAKmB,GACnBsc,EAAK+Z,EAAEp3B,OAAOohD,EAAIv8B,GAClBvH,EAAK3c,EAAEX,OAAOqhD,EAAIx8B,GAExB,OADUxH,EAAG1d,IAAI2d,GAAI1d,KAAKilB,GAAGjlB,KAAKmB,GACzBM,MAAMjB,EACjB,iBAYOxM,eAA8BixB,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAC/C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GACnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAMT,IAAKA,EAAExlB,MAAMU,IAAIgB,GAAGd,SAClB,OAAO,EAOT,IAAKm3B,EAAEp3B,OAAOe,EAAG8jB,GAAG3kB,QAClB,OAAO,EAMT,MAAMohD,EAAQ,IAAI1iD,EAAWmC,EAAEmB,aACzBq/C,EAAO,IAAI3iD,EAAW,KAC5B,GAAI0iD,EAAMhgD,GAAGigD,WAAiBvQ,GAAgBjwC,EAAG,KAAM,IACrD,OAAO,EASTxB,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUogD,EAAMjiD,OAAQ4lC,EAAI/jC,UAAUogD,IACxEhK,EAAMv2C,EAAEpB,IAAIS,GAAG1H,IAAI6G,GACzB,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,OCxLe,CAEb28B,IAAKA,GAELz8C,QAASA,GAETkzC,SAAUA,GAEVjzC,IAAKA,GAELokC,KAAMA,2ECAD,SAA8BnH,EAAMz6B,GACzC,IAAI7T,EAAO,EACX,OAAQsuC,GAGN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAInB,MAAO,CAAEwL,EAHCzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,KAQ5C,KAAK6f,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUO,MACrB,CACE,MAAM9E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAAQA,GAAQyM,EAAEvM,OAAS,EAErE,MAAO,CAAEuM,IAAGkQ,EADFzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,KAM5C,KAAK6f,EAAM7O,UAAUQ,YAAa,CAGhC,IAAI/E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAAQA,GAAQyM,EAAEvM,OAAS,EACnEuM,EAAIyM,EAAKkB,QAAQ3N,EAAG,IACpB,IAAIkQ,EAAIzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAExC,OADA2c,EAAIzD,EAAKkB,QAAQuC,EAAG,IACb,CAAElQ,IAAGkQ,KAId,KAAKkD,EAAM7O,UAAUf,QAAS,CAC5B,MAAMs5C,EAAK11C,EAAU9I,SAAS/K,EAAMA,EAAO,IAC3C,OADgDA,GAAQupD,EAAGrpD,OACpD,CAAEqpD,MAEX,QACE,MAAM,IAAI3D,GAAiB,gCAEjC,SAgBO3lD,eAAsBquC,EAAM+Q,EAAUxrC,EAAWi6C,EAAcllD,EAAMm4B,GAC1E,OAAQuN,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM2qD,EACXnxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGzR,EAAEhL,QACtC,OAAO8Q,GAAU68C,IAAI1R,OAAOkD,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,EAAG49B,GAEvD,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,EAACJ,EAAEA,GAAM8gD,GACjBrhD,EAAEA,EAACkQ,EAAEA,GAAM9I,EACjB,OAAO7C,GAAUK,IAAI8qC,OAAOkD,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAE/D,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EACbC,EAAY,IAAI/8C,GAAUszC,SAASqC,aAAa9C,GAAK4C,YAErDh6C,EAAIyM,EAAKkB,QAAQvG,EAAUpH,EAAGshD,GAC9BpxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGoxC,GACpC,OAAO/8C,GAAUszC,SAAS/yC,MAAM4qC,OAAO0H,EAAKxE,EAAU,CAAE5yC,IAAGkQ,KAAK/T,EAAM++C,EAAG5mB,GAE3E,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EAEnB,OAAO98C,GAAUszC,SAAS9yC,YAAY2qC,OAAO0H,EAAKxE,EAAUxrC,EAAWjL,EAAM++C,EAAG5mB,GAElF,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,EACd,OAAO98C,GAAUszC,SAAS7yC,MAAM0qC,OAAO7N,EAAM+Q,EAAUxrC,EAAWjL,EAAMmjC,EAAGhL,GAE7E,QACE,MAAU/+B,MAAM,gCAEtB,OAgBO/B,eAAoBquC,EAAM+Q,EAAU2O,EAAiBC,EAAkBrlD,EAAMm4B,GAClF,IAAKitB,IAAoBC,EACvB,MAAUjsD,MAAM,0BAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM6qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMs1B,EAEvB,MAAO,CAAEtxC,QADO3L,GAAU68C,IAAIjS,KAAKyD,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,IAGvE,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,GAAM4gD,GACdpiD,EAAEA,GAAMqiD,EACd,OAAOj9C,GAAUK,IAAIuqC,KAAKyD,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GAEvD,KAAKiU,EAAM7O,UAAUI,QACnB,MAAUpP,MAAM,gEAElB,KAAK6d,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACbzmC,EAAEA,GAAM0mC,EACd,OAAOj9C,GAAUszC,SAAS/yC,MAAMqqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGpgC,EAAGwZ,GAElE,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACb1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS9yC,YAAYoqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGrL,EAAMvb,GAE3E,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAMiiB,GACR1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS7yC,MAAMmqC,KAAKtN,EAAM+Q,EAAUz2C,EAAMmjC,EAAGuQ,EAAMvb,GAEtE,QACE,MAAU/+B,MAAM,gCAEtB,ICjJA,MAAMksD,GACJtvD,YAAYgK,GACNA,IACF9J,KAAK8J,KAAOA,GAWhB5I,KAAKgG,GACH,GAAIA,EAAM9F,QAAU,EAAG,CACrB,MAAMA,EAAS8F,EAAM,GACrB,GAAIA,EAAM9F,QAAU,EAAIA,EAEtB,OADApB,KAAK8J,KAAO5C,EAAM+E,SAAS,EAAG,EAAI7K,GAC3B,EAAIpB,KAAK8J,KAAK1I,OAGzB,MAAU8B,MAAM,yBAOlBpB,QACE,OAAOsY,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK8J,KAAK1I,SAAUpB,KAAK8J,QCzB3E,MAAMulD,GAKJvvD,YAAYgK,GACV,GAAIA,EAAM,CACR,MAAMkK,KAAEA,EAAI6Z,OAAEA,GAAW/jB,EACzB9J,KAAKgU,KAAOA,EACZhU,KAAK6tB,OAASA,OAEd7tB,KAAKgU,KAAO,KACZhU,KAAK6tB,OAAS,KASlB3sB,KAAKZ,GACH,GAAIA,EAAMc,OAAS,GAAkB,IAAbd,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIwmD,GAAiB,yBAI7B,OAFA9mD,KAAKgU,KAAO1T,EAAM,GAClBN,KAAK6tB,OAASvtB,EAAM,GACb,EAOTwB,QACE,OAAO,IAAIe,WAAW,CAAC,EAAG,EAAG7C,KAAKgU,KAAMhU,KAAK6tB,UCxDjD,MAAMyhC,GACJ3nC,mBAAkBmlC,WAAEA,EAAUjD,UAAEA,IAC9B,MAAM0F,EAAW,IAAID,GAGrB,OAFAC,EAASzC,WAAaA,EACtByC,EAAS1F,UAAYA,EACd0F,EASTruD,KAAKgG,GACH,IAAIhG,EAAO,EACPsuD,EAAetoD,EAAMhG,KACzBlB,KAAK6pD,UAAY2F,EAAe,EAAItoD,EAAMhG,KAAU,KACpDsuD,GAAgBA,EAAe,EAC/BxvD,KAAK8sD,WAAa5lD,EAAM+E,SAAS/K,EAAMA,EAAOsuD,GAAetuD,GAAQsuD,EAOvE1tD,QACE,OAAOsY,EAAKtX,iBAAiB,CAC3B9C,KAAK6pD,UACH,IAAIhnD,WAAW,CAAC7C,KAAK8sD,WAAW1rD,OAAS,EAAGpB,KAAK6pD,YACjD,IAAIhnD,WAAW,CAAC7C,KAAK8sD,WAAW1rD,SAClCpB,KAAK8sD,cCsaX,SAAS2C,GAAoB1K,GAC3B,IACEA,EAAIC,UACJ,MAAO3gD,GACP,MAAM,IAAIyiD,GAAiB,qBAE/B,oEAnaO3lD,eAAgCuuD,EAASC,EAAeX,EAAcllD,EAAMwhD,GACjF,OAAQoE,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAAgB,CACnC,MAAM/F,EAAEA,EAAC/H,EAAEA,GAAM2qD,EAEjB,MAAO,CAAE5yC,QADOlK,GAAU68C,IAAIr8B,QAAQ5oB,EAAMsC,EAAG/H,IAGjD,KAAK0c,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,EACpB,OAAO98C,GAAUI,QAAQogB,QAAQ5oB,EAAMsoB,EAAGuS,EAAGz2B,GAE/C,KAAK6S,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc2D,GACtB98C,UAAWm6C,EAAGS,WAAYj6B,SAAY3gB,GAAUszC,SAAShzC,KAAKkgB,QACpEqyB,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GAC3B,MAAO,CAAEe,IAAGx5B,EAAG,IAAI+8B,GAAW/8B,IAEhC,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,IAAKsH,EAAKyG,MAAM8uC,GAEd,MAAUzsD,MAAM,iDAElB,MAAM+pC,EAAEA,GAAM+hB,GACRT,mBAAEA,EAAkBzB,WAAEA,SAAqB56C,GAAUszC,SAASqK,MAAMn9B,QACxEg9B,EAAS5lD,EAAMmjC,GAEjB,MAAO,CAAEshB,qBAAoB17B,EADnBy8B,GAAkBQ,WAAW,CAAEjG,UAAW8F,EAAe7C,gBAGrE,QACE,MAAO,GAEb,mBAgBO3rD,eAAgCquC,EAAM0f,EAAiBC,EAAkBY,EAAkBzE,EAAajM,GAC7G,OAAQ7P,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WAAY,CAC/B,MAAMgK,EAAEA,GAAM2zC,GACR3jD,EAAG/H,EAAEA,GAAM6qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMs1B,EACvB,OAAOj9C,GAAU68C,IAAIp8B,QAAQvW,EAAGhQ,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAEpD,KAAKt+B,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,GAAEA,EAAEC,GAAEA,GAAOuiC,EACb39B,EAAI88B,EAAgB98B,EACpBtlB,EAAIqiD,EAAiBriD,EAC3B,OAAOoF,GAAUI,QAAQqgB,QAAQpF,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAEjD,KAAKt+B,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc6D,GACxBzmC,EAAEA,GAAM0mC,GACR9C,EAAEA,EAACx5B,EAAEA,GAAMk9B,EACjB,OAAO79C,GAAUszC,SAAShzC,KAAKmgB,QAC7BoyB,EAAKsG,EAAWgB,EAAGx5B,EAAE/oB,KAAM++C,EAAGpgC,EAAG6iC,GAErC,KAAKvqC,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAMiiB,GACRjzC,EAAEA,GAAMkzC,GACRZ,mBAAEA,EAAkB17B,EAAEA,GAAMk9B,EAClC,IAAK31C,EAAKyG,MAAMgS,EAAEg3B,WAChB,MAAU3mD,MAAM,4BAElB,OAAOgP,GAAUszC,SAASqK,MAAMl9B,QAC9B6c,EAAM+e,EAAoB17B,EAAEi6B,WAAY7f,EAAGhxB,GAE/C,QACE,MAAU/Y,MAAM,4CAEtB,uBAQO,SAA8BssC,EAAMtoC,GACzC,IAAIhG,EAAO,EACX,OAAQsuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAIgO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkL,EAAEhL,OAAS,EACjE,MAAMiD,EAAI+V,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQmD,EAAEjD,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE5iD,IAAG/H,MAEpC,KAAK0c,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMkN,EAAI8L,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQoN,EAAElN,OAAS,EACjE,MAAMujC,EAAIvqB,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQyjC,EAAEvjC,OAAS,EACjE,MAAM8M,EAAIkM,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQgN,EAAE9M,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE58B,IAAG9jB,IAAGq2B,IAAGz2B,MAE1C,KAAK6S,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMujC,EAAIvqB,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQyjC,EAAEvjC,OAAS,EACjE,MAAM8M,EAAIkM,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQgN,EAAE9M,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE58B,IAAGuS,IAAGz2B,MAEvC,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ2nD,EAAEznD,OAAS,EAC1D,CAAEF,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,IAAI8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEpC,OAF4CA,GAAQ2nD,EAAEznD,OAAS,EAC/DynD,EAAIzuC,EAAKkB,QAAQutC,EAAG,IACb,CAAE3nD,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQ2nD,EAAEznD,OAAS,EACjE,MAAMiqD,EAAY,IAAIgE,GACtB,OADmCnuD,GAAQmqD,EAAUnqD,KAAKgG,EAAM+E,SAAS/K,IAClE,CAAEA,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,IAAGwC,cAE/C,KAAKtqC,EAAM7O,UAAUf,QACrB,KAAK4P,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAI/lC,EAAM+E,SAAS/K,EAAMA,EAAO,IACtC,OAD2CA,GAAQ+rC,EAAE7rC,OAC9C,CAAEF,OAAM8tD,aAAc,CAAE/hB,MAEjC,QACE,MAAM,IAAI6Z,GAAiB,4CAEjC,wBASO,SAA+BtX,EAAMtoC,EAAO8nD,GACjD,IAAI9tD,EAAO,EACX,OAAQsuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMoW,EAAIrO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQunB,EAAErnB,OAAS,EACjE,MAAMgxB,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMkN,EAAI8L,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQoN,EAAElN,OAAS,EACjE,MAAMy4B,EAAIzf,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ24B,EAAEz4B,OAAS,EAC1D,CAAEF,OAAM8uD,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,MAE3C,KAAK9Y,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QAAS,CAC5B,MAAMxF,EAAIsN,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ4L,EAAE1L,OAAS,EAC1D,CAAEF,OAAM8uD,cAAe,CAAEljD,MAElC,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAMhC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIt8B,EAAIrO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEpC,OAF4CA,GAAQunB,EAAErnB,OAAS,EAC/DqnB,EAAIrO,EAAKkB,QAAQmN,EAAGjY,EAAMm3C,aACnB,CAAEzmD,OAAM8uD,cAAe,CAAEvnC,MAElC,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMlC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIvH,EAAOpjC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEvC,OAF+CA,GAAQs8C,EAAKp8C,OAAS,EACrEo8C,EAAOpjC,EAAKkB,QAAQkiC,EAAMhtC,EAAMm3C,aACzB,CAAEzmD,OAAM8uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOt2C,EAAM+E,SAAS/K,EAAMA,EAAO,IACzC,OAD8CA,GAAQs8C,EAAKp8C,OACpD,CAAEF,OAAM8uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMmJ,EAAI/U,EAAM+E,SAAS/K,EAAMA,EAAO,IACtC,OAD2CA,GAAQ+a,EAAE7a,OAC9C,CAAEF,OAAM8uD,cAAe,CAAE/zC,MAElC,QACE,MAAM,IAAI6qC,GAAiB,4CAEjC,2BAOO,SAAkCtX,EAAMtoC,GAC7C,IAAIhG,EAAO,EACX,OAAQsuC,GAGN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAEnB,MAAO,CAAEiK,EADChC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,KAOxC,KAAK6f,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,EAAKnT,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQqsB,EAAGnsB,OAAS,EAEnE,MAAO,CAAEmsB,KAAIC,GADFpT,EAAKgB,QAAQlU,EAAM+E,SAAS/K,KAMzC,KAAK6f,EAAM7O,UAAUM,KAAM,CACzB,MAAM65C,EAAIjyC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQmrD,EAAEjrD,OAAS,EACjE,MAAMyxB,EAAI,IAAI+8B,GACd,OAD4B/8B,EAAE3xB,KAAKgG,EAAM+E,SAAS/K,IAC3C,CAAEmrD,IAAGx5B,KAOd,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMy7C,EAAqBrnD,EAAM+E,SAAS/K,EAAMA,EAAO,IAAKA,GAAQqtD,EAAmBntD,OACvF,MAAMyxB,EAAI,IAAIy8B,GACd,OADmCz8B,EAAE3xB,KAAKgG,EAAM+E,SAAS/K,IAClD,CAAEqtD,qBAAoB17B,KAE/B,QACE,MAAM,IAAIi0B,GAAiB,4CAEjC,kBAQO,SAAyBtX,EAAMuX,GAEpC,MAAMkJ,EAAgC,IAAI7sC,IAAI,CAACrC,EAAM7O,UAAUf,QAAS4P,EAAM7O,UAAUY,SAClFo9C,EAAgBnlD,OAAOooB,KAAK4zB,GAAQ7+C,KAAIgD,IAC5C,MAAMsgD,EAAQzE,EAAO77C,GACrB,OAAKkP,EAAKxX,aAAa4oD,GAChByE,EAA8BjqD,IAAIwpC,GAAQgc,EAAQpxC,EAAKoB,gBAAgBgwC,GADxCA,EAAM1pD,OACwC,IAEtF,OAAOsY,EAAKtX,iBAAiBotD,EAC/B,iBAUO,SAAwB1gB,EAAMjxB,EAAMwmC,GACzC,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACnB,OAAOH,GAAU68C,IAAIoB,SAAS5xC,EAAM,OAAO3c,MAAK,EAAGwK,IAAG/H,IAAGokB,IAAG2J,IAAG9jB,IAAGurB,SAChEm2B,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,KAC1Bm1B,aAAc,CAAE5iD,IAAG/H,SAGvB,KAAK0c,EAAM7O,UAAUO,MACnB,OAAOP,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAExS,KAAMgP,GACvBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUM,KACnB,OAAON,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,SAAQx4C,OAAM6Z,cACpEmiC,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CACZjK,IAAK,IAAID,GAAIC,GACb8D,IACAwC,UAAW,IAAIgE,GAAU,CAAEr7C,OAAM6Z,gBAGvC,KAAK9M,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAMw9C,SAAS3gB,GAAM5tC,MAAK,EAAGqrC,IAAGuQ,YACxDwS,cAAe,CAAExS,QACjBwR,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUY,OACnB,OAAOZ,GAAUszC,SAASqK,MAAMM,SAAS3gB,GAAM5tC,MAAK,EAAGqrC,IAAGhxB,SACxD+zC,cAAe,CAAE/zC,KACjB+yC,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QACnB,MAAUpP,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,iBAUO/B,eAA8BquC,EAAMwf,EAAcgB,GACvD,IAAKhB,IAAiBgB,EACpB,MAAU9sD,MAAM,0BAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM2qD,GACXvmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMm2B,EACvB,OAAO99C,GAAU68C,IAAIqB,eAAehkD,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAErD,KAAK9Y,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAEA,EAAC9jB,EAAEA,EAACq2B,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACjBliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUK,IAAI69C,eAAeh+B,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAElD,KAAKiU,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACdliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUI,QAAQ89C,eAAeh+B,EAAGuS,EAAGz2B,EAAGpB,GAEnD,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAM69C,EAAan+C,GAAUszC,SAASzkC,EAAM7f,KAAK6f,EAAM7O,UAAWs9B,KAC5DuV,IAAEA,EAAG8D,EAAEA,GAAMmG,GACbvmC,EAAEA,GAAMunC,EACd,OAAOK,EAAWD,eAAerL,EAAK8D,EAAGpgC,GAE3C,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMm2C,EAAEA,EAAC9D,IAAEA,GAAQiK,GACbxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS9yC,YAAY09C,eAAerL,EAAK8D,EAAGrL,GAE/D,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,GACRxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS7yC,MAAMy9C,eAAe5gB,EAAMvC,EAAGuQ,GAE1D,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAM+hB,GACR/yC,EAAEA,GAAM+zC,EACd,OAAO99C,GAAUszC,SAASqK,MAAMO,eAAe5gB,EAAMvC,EAAGhxB,GAE1D,QACE,MAAU/Y,MAAM,iCAEtB,kBASO/B,eAA+BquC,GACpC,MAAMxc,UAAEA,GAAc2c,GAAUH,GAC1B8gB,QAAqBrS,GAAejrB,GACpCu9B,EAAS,IAAI1tD,WAAW,CAACytD,EAAaA,EAAalvD,OAAS,GAAIkvD,EAAaA,EAAalvD,OAAS,KACzG,OAAOgZ,EAAK5T,OAAO,CAAC8pD,EAAcC,GACpC,qBAQO,SAA4B/gB,GACjC,MAAMvc,QAAEA,GAAY0c,GAAUH,GAC9B,OAAOyO,GAAehrB,EACxB,cAQO,SAAqBuc,GAC1B,MAAMI,EAAW7uB,EAAM7f,KAAK6f,EAAMtM,KAAM+6B,GACxC,OAAO1hB,GAAK8hB,EACd,yCAsBO,SAAmCJ,EAAMuV,GAC9C,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAASgF,qBAAqBzF,GACjD,KAAKhkC,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAM63C,qBAAqBhb,GACvD,QACE,MAAUtsC,MAAM,iCAEtB,IC9cA,MAAMoK,GAAM,CAEVugB,OAAQA,GAER7Z,KAAMA,GAEN8Z,KAAMA,GAEN5b,UAAWA,GAEX6C,UAAWA,GAEXy7C,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT5lD,OAAO6lD,OAAOtjD,GAAKmR,IC1CnB,IAAIoyC,GAAiC,oBAAfhuD,YACG,oBAAhBiuD,aACe,oBAAfC,WA+BF,SAASC,GAAU9vC,EAAKlc,GAC3B,OAAIkc,EAAI9f,SAAW4D,EACRkc,EAEPA,EAAIjV,SACGiV,EAAIjV,SAAS,EAAGjH,IAE3Bkc,EAAI9f,OAAS4D,EACNkc,EACX,CAGA,MAAM+vC,GAAU,CACZC,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,GAAI76B,EAAIvqB,UAAYklD,EAAKllD,SACrBklD,EAAK7tD,IAAIkzB,EAAIvqB,SAASmlD,EAAUA,EAAWrhD,GAAMshD,QAIrD,IAAK,IAAIpuD,EAAI,EAAGA,EAAI8M,EAAK9M,IACrBkuD,EAAKE,EAAYpuD,GAAKuzB,EAAI46B,EAAWnuD,IAI7CquD,cAAe,SAAUC,GACrB,IAAItuD,EAAGyzB,EAAG3mB,EAAK5M,EAAKpB,EAIpB,IADAgO,EAAM,EACD9M,EAAI,EAAGyzB,EAAI66B,EAAOnwD,OAAQ6B,EAAIyzB,EAAGzzB,IAClC8M,GAAOwhD,EAAOtuD,GAAG7B,OAIrB,MAAMK,EAAS,IAAIoB,WAAWkN,GAE9B,IADA5M,EAAM,EACDF,EAAI,EAAGyzB,EAAI66B,EAAOnwD,OAAQ6B,EAAIyzB,EAAGzzB,IAClClB,EAAQwvD,EAAOtuD,GACfxB,EAAO6B,IAAIvB,EAAOoB,GAClBA,GAAOpB,EAAMX,OAGjB,OAAOK,IAIT+vD,GAAY,CACdN,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,IAAK,IAAIpuD,EAAI,EAAGA,EAAI8M,EAAK9M,IACrBkuD,EAAKE,EAAYpuD,GAAKuzB,EAAI46B,EAAWnuD,IAI7CquD,cAAe,SAAUC,GACrB,MAAO,GAAG/qD,OAAOqW,MAAM,GAAI00C,KAQ5B,IAAIE,GAAOZ,GAAWhuD,WAAahD,MAC/B6xD,GAAQb,GAAWC,YAAcjxD,MACjC8xD,GAAQd,GAAWE,WAAalxD,MAChCyxD,GAAgBT,GAAWI,GAAQK,cAAgBE,GAAUF,cAC7DJ,GAAWL,GAAWI,GAAQC,SAAWM,GAAUN,SChFvD,MAAMU,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAKrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAErBC,IAAqB,EACrBC,IAAqB,EAErBC,IAAqB,EAOrBC,IAA2B,EAG3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAI3BC,GAA2B,EAC3BC,GAA2B,EAE3BC,GAA2B,EAG3BC,GAA2B,EC7BxC,SAASvjD,GAAKwR,GACV,IAAInR,EAAMmR,EAAI9f,OAAQ,OAAS2O,GAAO,GAClCmR,EAAInR,GAAO,CAEnB,CAIA,MAAMmjD,GAAe,EACfC,GAAe,EACfC,GAAe,EAYfC,GAAgB,GAGhBC,GAAgB,IAGhBC,GAAgBD,GAAW,EAAID,GAG/BG,GAAgB,GAGhBC,GAAgB,GAGhBC,GAAgB,EAAIH,GAAU,EAG9BI,GAAgB,GAGhBC,GAAgB,GAQhBC,GAAc,EAGdC,GAAc,IAGdC,GAAc,GAGdC,GAAc,GAGdC,GAAc,GAIdC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAErDC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAE9DC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAEjCC,GACJ,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAgBzCC,GAAoBz0D,MAAsB,GAAf0zD,GAAU,OACtCe,IAOL,MAAMC,GAAoB10D,MAAgB,EAAV2zD,OAC3Be,IAKL,MAAMC,GAAoB30D,MAjBJ,QAkBjB20D,IAML,MAAMC,GAAoB50D,MAAM60D,QAC3BD,IAGL,MAAME,GAAoB90D,MAAMwzD,OAC3BsB,IAGL,MAAMC,GAAoB/0D,MAAM2zD,IAKhC,SAASqB,GAAeC,EAAaC,EAAYC,EAAYC,EAAOC,GAEhEl1D,KAAK80D,YAAeA,EACpB90D,KAAK+0D,WAAeA,EACpB/0D,KAAKg1D,WAAeA,EACpBh1D,KAAKi1D,MAAeA,EACpBj1D,KAAKk1D,WAAeA,EAGpBl1D,KAAKm1D,UAAeL,GAAeA,EAAY1zD,MACnD,CAGA,IAAIg0D,GACAC,GACAC,GAGJ,SAASC,GAASC,EAAUC,GACxBz1D,KAAKw1D,SAAWA,EAChBx1D,KAAK01D,SAAW,EAChB11D,KAAKy1D,UAAYA,CACrB,CAIA,SAASE,GAAOC,GACZ,OAAOA,EAAO,IAAMpB,GAAWoB,GAAQpB,GAAW,KAAOoB,IAAS,GACtE,CAOA,SAASC,GAAUh4C,EAAGsZ,GAGlBtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJhQ,EAC7BtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAahQ,IAAM,EAAI,GAC3C,CAOA,SAAS4+B,GAAUl4C,EAAGxc,EAAOD,GACrByc,EAAEm4C,SAAWpC,GAAWxyD,GACxByc,EAAEo4C,QAAU50D,GAASwc,EAAEm4C,SAAW,MAClCH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS50D,GAASuyD,GAAW/1C,EAAEm4C,SACjCn4C,EAAEm4C,UAAY50D,EAASwyD,KAEvB/1C,EAAEo4C,QAAU50D,GAASwc,EAAEm4C,SAAW,MAClCn4C,EAAEm4C,UAAY50D,EAEtB,CAGA,SAAS80D,GAAUr4C,EAAGzB,EAAG+5C,GACrBJ,GAAUl4C,EAAGs4C,EAAS,EAAJ/5C,GAAiB+5C,EAAS,EAAJ/5C,EAAQ,GACpD,CAQA,SAASg6C,GAAWC,EAAMtmD,GACtB,IAAIZ,EAAM,EACV,GACIA,GAAc,EAAPknD,EACPA,KAAU,EACVlnD,IAAQ,UACDY,EAAM,GACjB,OAAOZ,IAAQ,CACnB,CAuIA,SAASmnD,GAAUH,EAAMT,EAAUa,GAK/B,MAAMC,EAAgB32D,MAAM8zD,GAAW,GACvC,IACIp1C,EACAnS,EAFAiqD,EAAO,EAOX,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bi4C,EAAUj4C,GAAQ83C,EAAOA,EAAOE,EAASh4C,EAAO,IAAM,EAS1D,IAAKnS,EAAI,EAAIA,GAAKspD,EAAUtpD,IAAK,CAC7B,MAAM2D,EAAMomD,EAAS,EAAJ/pD,EAAQ,GACb,IAAR2D,IAIJomD,EAAS,EAAJ/pD,GAAkBgqD,GAAWI,EAAUzmD,KAAQA,IAK5D,CA8GA,SAAS0mD,GAAW54C,GAChB,IAAIzR,EAGJ,IAAKA,EAAI,EAAGA,EAAImnD,GAAUnnD,IACtByR,EAAE64C,UAAc,EAAJtqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIonD,GAAUpnD,IACtByR,EAAE84C,UAAc,EAAJvqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIqnD,GAAUrnD,IACtByR,EAAE+4C,QAAY,EAAJxqD,GAAkB,EAGhCyR,EAAE64C,UAAsB,EAAZ5C,IAA0B,EACtCj2C,EAAEg5C,QAAUh5C,EAAEi5C,WAAa,EAC3Bj5C,EAAEk5C,SAAWl5C,EAAEm5C,QAAU,CAC7B,CAMA,SAASC,GAAUp5C,GACXA,EAAEm4C,SAAW,EACbH,GAAUh4C,EAAGA,EAAEo4C,QACRp4C,EAAEm4C,SAAW,IAEpBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAatpB,EAAEo4C,QAEnCp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,CACjB,CA6BA,SAASkB,GAAQf,EAAM/pD,EAAGgB,EAAG+pD,GACzB,MAAMC,EAAU,EAAJhrD,EACNirD,EAAU,EAAJjqD,EACZ,OAAO+oD,EAAKiB,GAAgBjB,EAAKkB,IAC5BlB,EAAKiB,KAAkBjB,EAAKkB,IAAiBF,EAAM/qD,IAAM+qD,EAAM/pD,EACxE,CAQA,SAASkqD,GAAWz5C,EAAGs4C,EAAMl6C,GAKzB,MAAM47B,EAAIh6B,EAAEgL,KAAK5M,GACjB,IAAIU,EAAIV,GAAK,EACb,KAAOU,GAAKkB,EAAE05C,WAEN56C,EAAIkB,EAAE05C,UACZL,GAAQf,EAAMt4C,EAAEgL,KAAKlM,EAAI,GAAIkB,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,QACpCx6C,KAGAu6C,GAAQf,EAAMte,EAAGh6B,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,SAKlCt5C,EAAEgL,KAAK5M,GAAK4B,EAAEgL,KAAKlM,GACnBV,EAAIU,EAGJA,IAAM,EAEVkB,EAAEgL,KAAK5M,GAAK47B,CAChB,CASA,SAAS2f,GAAe35C,EAAG45C,EAAOC,GAK9B,IAAI9B,EACA+B,EAEAtB,EACAuB,EAFAC,EAAK,EAIT,GAAmB,IAAfh6C,EAAEk5C,SACF,GACInB,EAAO/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,IAAW,EAAIh6C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,EAAS,GAC/EF,EAAK95C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQF,GAC7BA,IAEa,IAATjC,EACAM,GAAUr4C,EAAG85C,EAAIF,IAIjBpB,EAAO5B,GAAakD,GACpBzB,GAAUr4C,EAAGw4C,EAAO/C,GAAW,EAAGmE,GAClCG,EAAQ1D,GAAYmC,GACN,IAAVuB,IACAD,GAAMhD,GAAY0B,GAClBN,GAAUl4C,EAAG85C,EAAIC,IAErBhC,IACAS,EAAOV,GAAOC,GAGdM,GAAUr4C,EAAGw4C,EAAMqB,GACnBE,EAAQzD,GAAYkC,GACN,IAAVuB,IACAhC,GAAQhB,GAAUyB,GAClBN,GAAUl4C,EAAG+3C,EAAMgC,WAQtBC,EAAKh6C,EAAEk5C,UAGpBb,GAAUr4C,EAAGi2C,GAAW2D,EAC5B,CAWA,SAASO,GAAWn6C,EAAGo6C,GAInB,MAAM9B,EAAW8B,EAAKzC,SAChB0C,EAAWD,EAAKxC,UAAUX,YAC1BK,EAAY8C,EAAKxC,UAAUN,UAC3BF,EAAWgD,EAAKxC,UAAUR,MAChC,IAAI7oD,EAAGgB,EAEHq6C,EADAiO,GAAY,EAUhB,IAHA73C,EAAE05C,SAAW,EACb15C,EAAEs6C,SAAWzE,GAERtnD,EAAI,EAAGA,EAAI6oD,EAAO7oD,IACU,IAAzB+pD,EAAS,EAAJ/pD,IACLyR,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAWtpD,EAClCyR,EAAEs5C,MAAM/qD,GAAK,GAGb+pD,EAAS,EAAJ/pD,EAAQ,GAAa,EASlC,KAAOyR,EAAE05C,SAAW,GAChB9P,EAAO5pC,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAW,IAAMA,EAAW,EAC1DS,EAAY,EAAP1O,GAAqB,EAC1B5pC,EAAEs5C,MAAM1P,GAAQ,EAChB5pC,EAAEg5C,UAEE1B,IACAt3C,EAAEi5C,YAAcoB,EAAa,EAAPzQ,EAAW,IASzC,IALAwQ,EAAKvC,SAAWA,EAKXtpD,EAAIyR,EAAE05C,UAAY,EAAanrD,GAAK,EAAGA,IACxCkrD,GAAWz5C,EAAGs4C,EAAM/pD,GAMxBq7C,EAAOwN,EACP,GAGI7oD,EAAIyR,EAAEgL,KAAK,GACXhL,EAAEgL,KAAK,GAAiBhL,EAAEgL,KAAKhL,EAAE05C,YACjCD,GAAWz5C,EAAGs4C,EAAM,GAGpB/oD,EAAIyQ,EAAEgL,KAAK,GAEXhL,EAAEgL,OAAOhL,EAAEs6C,UAAY/rD,EACvByR,EAAEgL,OAAOhL,EAAEs6C,UAAY/qD,EAGvB+oD,EAAY,EAAP1O,GAAqB0O,EAAS,EAAJ/pD,GAAkB+pD,EAAS,EAAJ/oD,GACtDyQ,EAAEs5C,MAAM1P,IAAS5pC,EAAEs5C,MAAM/qD,IAAMyR,EAAEs5C,MAAM/pD,GAAKyQ,EAAEs5C,MAAM/qD,GAAKyR,EAAEs5C,MAAM/pD,IAAM,EACvE+oD,EAAS,EAAJ/pD,EAAQ,GAAa+pD,EAAS,EAAJ/oD,EAAQ,GAAaq6C,EAGpD5pC,EAAEgL,KAAK,GAAiB4+B,IACxB6P,GAAWz5C,EAAGs4C,EAAM,SAEft4C,EAAE05C,UAAY,GAEvB15C,EAAEgL,OAAOhL,EAAEs6C,UAAYt6C,EAAEgL,KAAK,GApflC,SAAoBhL,EAAGo6C,GAInB,MAAM9B,EAAkB8B,EAAKzC,SACvBE,EAAkBuC,EAAKvC,SACvBwC,EAAkBD,EAAKxC,UAAUX,YACjCK,EAAkB8C,EAAKxC,UAAUN,UACjCyC,EAAkBK,EAAKxC,UAAUV,WACjCqD,EAAkBH,EAAKxC,UAAUT,WACjCE,EAAkB+C,EAAKxC,UAAUP,WACvC,IAAI/4C,EACA/P,EAAGgB,EACHmR,EACA85C,EACA3zB,EACA4zB,EAAW,EAEf,IAAK/5C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7BV,EAAE04C,SAASh4C,GAAQ,EAQvB,IAFA43C,EAA0B,EAArBt4C,EAAEgL,KAAKhL,EAAEs6C,UAAgB,GAAa,EAEtCh8C,EAAI0B,EAAEs6C,SAAW,EAAGh8C,EAAIu3C,GAAWv3C,IACpC/P,EAAIyR,EAAEgL,KAAK1M,GACXoC,EAAO43C,EAA+B,EAA1BA,EAAS,EAAJ/pD,EAAQ,GAAiB,GAAa,EACnDmS,EAAO22C,IACP32C,EAAO22C,EACPoD,KAEJnC,EAAS,EAAJ/pD,EAAQ,GAAamS,EAGtBnS,EAAIspD,IAIR73C,EAAE04C,SAASh4C,KACX85C,EAAQ,EACJjsD,GAAKgsD,IACLC,EAAQT,EAAMxrD,EAAIgsD,IAEtB1zB,EAAIyxB,EAAS,EAAJ/pD,GACTyR,EAAEg5C,SAAWnyB,GAAKnmB,EAAO85C,GACrBlD,IACAt3C,EAAEi5C,YAAcpyB,GAAKwzB,EAAU,EAAJ9rD,EAAQ,GAAaisD,KAGxD,GAAiB,IAAbC,EAAJ,CAQA,EAAG,CAEC,IADA/5C,EAAO22C,EAAa,EACQ,IAArBr3C,EAAE04C,SAASh4C,IACdA,IAEJV,EAAE04C,SAASh4C,KACXV,EAAE04C,SAASh4C,EAAO,IAAM,EACxBV,EAAE04C,SAASrB,KAIXoD,GAAY,QACPA,EAAW,GAOpB,IAAK/5C,EAAO22C,EAAqB,IAAT32C,EAAYA,IAEhC,IADAnS,EAAIyR,EAAE04C,SAASh4C,GACF,IAANnS,GACHgB,EAAIyQ,EAAEgL,OAAO1M,GACT/O,EAAIsoD,IAGJS,EAAS,EAAJ/oD,EAAQ,KAAemR,IAE5BV,EAAEg5C,UAAYt4C,EAAO43C,EAAS,EAAJ/oD,EAAQ,IAAc+oD,EAAS,EAAJ/oD,GACrD+oD,EAAS,EAAJ/oD,EAAQ,GAAamR,GAE9BnS,KAGZ,CA2ZImsD,CAAW16C,EAAGo6C,GAGd3B,GAAUH,EAAMT,EAAU73C,EAAE04C,SAChC,CAOA,SAASiC,GAAU36C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IANgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAEhB1C,EAAsB,GAAhBT,EAAW,GAAS,GAAa,MAElCtpD,EAAI,EAAGA,GAAKspD,EAAUtpD,IACvBqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,KAEvBq3B,EAAQm1B,GAAaH,IAAWE,IAG3Bl1B,EAAQo1B,EACfh7C,EAAE+4C,QAAiB,EAAT6B,IAAwBh1B,EAEhB,IAAXg1B,GAEHA,IAAWC,GACX76C,EAAE+4C,QAAiB,EAAT6B,KAEd56C,EAAE+4C,QAAkB,EAAV7C,OAEHtwB,GAAS,GAChB5lB,EAAE+4C,QAAoB,EAAZ5C,MAGVn2C,EAAE+4C,QAAsB,EAAd3C,MAGdxwB,EAAQ,EACRi1B,EAAUD,EAEM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CAOA,SAASC,GAAUj7C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IALgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAGXzsD,EAAI,EAAGA,GAAKspD,EAAUtpD,IAIvB,GAHAqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,OAEvBq3B,EAAQm1B,GAAaH,IAAWE,GAAtC,CAGO,GAAIl1B,EAAQo1B,EACf,GACI3C,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,eACN,KAAVnzB,QAEO,IAAXg1B,GACHA,IAAWC,IACXxC,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,SACvBnzB,KAGJyyB,GAAUr4C,EAAGk2C,GAASl2C,EAAE+4C,SACxBb,GAAUl4C,EAAG4lB,EAAQ,EAAG,IAEjBA,GAAS,IAChByyB,GAAUr4C,EAAGm2C,GAAWn2C,EAAE+4C,SAC1Bb,GAAUl4C,EAAG4lB,EAAQ,EAAG,KAGxByyB,GAAUr4C,EAAGo2C,GAAap2C,EAAE+4C,SAC5Bb,GAAUl4C,EAAG4lB,EAAQ,GAAI,IAG7BA,EAAQ,EACRi1B,EAAUD,EACM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,IA1vBKjE,IA82BL,IAAImE,IAAmB,EAKvB,SAASC,GAASn7C,GAETk7C,MApnBT,WACI,IAAI3sD,EACAmS,EACAnd,EACAi1D,EACAT,EACJ,MAAMW,EAAe12D,MAAM8zD,GAAW,GAiBtC,IADAvyD,EAAS,EACJi1D,EAAO,EAAGA,EAAOhD,GAAe,EAAGgD,IAEpC,IADA1B,GAAY0B,GAAQj1D,EACfgL,EAAI,EAAGA,EAAI,GAAK8nD,GAAYmC,GAAOjqD,IACpCqoD,GAAarzD,KAAYi1D,EAYjC,IAJA5B,GAAarzD,EAAS,GAAKi1D,EAG3BT,EAAO,EACFS,EAAO,EAAGA,EAAO,GAAIA,IAEtB,IADAzB,GAAUyB,GAAQT,EACbxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAOjqD,IACpCooD,GAAWoB,KAAUS,EAK7B,IADAT,IAAS,EACFS,EAAO7C,GAAS6C,IAEnB,IADAzB,GAAUyB,GAAQT,GAAQ,EACrBxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAQ,EAAGjqD,IACxCooD,GAAW,IAAMoB,KAAUS,EAMnC,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bg4C,EAASh4C,GAAQ,EAIrB,IADAnS,EAAI,EACGA,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KASb,IAHAD,GAAUhC,GAAcf,GAAU,EAAGgD,GAGhCnqD,EAAI,EAAGA,EAAIonD,GAASpnD,IACrBmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCmoD,GAAiB,EAAJnoD,GAAkBgqD,GAAWhqD,EAAG,GAIjDgpD,GAAgB,IAAIP,GAAeP,GAAcJ,GAAaZ,GAAW,EAAGC,GAASI,IACrF0B,GAAgB,IAAIR,GAAeN,GAAcJ,GAAa,EAAYX,GAASG,IACnF2B,GAAiB,IAAIT,MAA6BT,GAAc,EAAWX,GAAUI,GAGzF,CAmhBQoF,GACAF,IAAmB,GAGvBl7C,EAAEq7C,OAAU,IAAI3D,GAAS13C,EAAE64C,UAAWtB,IACtCv3C,EAAEs7C,OAAU,IAAI5D,GAAS13C,EAAE84C,UAAWtB,IACtCx3C,EAAEu7C,QAAU,IAAI7D,GAAS13C,EAAE+4C,QAAStB,IAEpCz3C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,EAGbS,GAAW54C,EACf,CAMA,SAASw7C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAM1C23C,GAAUl4C,GAAIq1C,IAAgB,IAAM90C,EAAO,EAAI,GAAI,GAhgBvD,SAAoBP,EAAGqD,EAAKnR,EAAKsU,GAM7B4yC,GAAUp5C,GAENwG,IACAwxC,GAAUh4C,EAAG9N,GACb8lD,GAAUh4C,GAAI9N,IAKlBwpD,GAAe17C,EAAEi4C,YAAaj4C,EAAE27C,OAAQt4C,EAAKnR,EAAK8N,EAAEspB,SACpDtpB,EAAEspB,SAAWp3B,CACjB,CAgfI0pD,CAAW57C,EAAGqD,EAAKo4C,GAAY,EACnC,CAOA,SAASI,GAAU77C,GACfk4C,GAAUl4C,EAAGs1C,IAAgB,EAAG,GAChC+C,GAAUr4C,EAAGi2C,GAAWQ,IAl0B5B,SAAkBz2C,GACK,KAAfA,EAAEm4C,UACFH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,GAENn4C,EAAEm4C,UAAY,IACrBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAwB,IAAXtpB,EAAEo4C,OAC/Bp4C,EAAEo4C,SAAW,EACbp4C,EAAEm4C,UAAY,EAEtB,CAwzBI2D,CAAS97C,EACb,CAOA,SAAS+7C,GAAgB/7C,EAAGqD,EAAKo4C,EAAYl7C,GAMzC,IAAIy7C,EAAUC,EACVC,EAAc,EAGdl8C,EAAEm8C,MAAQ,GAGNn8C,EAAEo8C,KAAKC,YAAclH,KACrBn1C,EAAEo8C,KAAKC,UApGnB,SAA0Br8C,GAKtB,IACIzR,EADA+tD,EAAa,WAIjB,IAAK/tD,EAAI,EAAGA,GAAK,GAAIA,IAAK+tD,KAAgB,EACtC,GAAiB,EAAbA,GAAkD,IAAhCt8C,EAAE64C,UAAc,EAAJtqD,GAC9B,OAAO0mD,GAKf,GAAoC,IAAhCj1C,EAAE64C,UAAU,KAA0D,IAAjC74C,EAAE64C,UAAU,KAClB,IAAjC74C,EAAE64C,UAAU,IACV,OAAO3D,GAEX,IAAK3mD,EAAI,GAAIA,EAAIknD,GAAUlnD,IACvB,GAAoC,IAAhCyR,EAAE64C,UAAc,EAAJtqD,GACZ,OAAO2mD,GAOf,OAAOD,EACX,CAsE+BsH,CAAiBv8C,IAIxCm6C,GAAWn6C,EAAGA,EAAEq7C,QAIhBlB,GAAWn6C,EAAGA,EAAEs7C,QAUhBY,EAlMR,SAAuBl8C,GACnB,IAAIk8C,EAgBJ,IAbAvB,GAAU36C,EAAGA,EAAE64C,UAAW74C,EAAEq7C,OAAOxD,UACnC8C,GAAU36C,EAAGA,EAAE84C,UAAW94C,EAAEs7C,OAAOzD,UAGnCsC,GAAWn6C,EAAGA,EAAEu7C,SASXW,EAActG,GAAW,EAAGsG,GAAe,GACa,IAArDl8C,EAAE+4C,QAAgC,EAAxBvC,GAAS0F,GAAmB,GADKA,KAUnD,OAJAl8C,EAAEg5C,SAAW,GAAKkD,EAAc,GAAK,EAAI,EAAI,EAItCA,CACX,CAsKsBM,CAAcx8C,GAG5Bg8C,EAAWh8C,EAAEg5C,QAAU,EAAI,IAAM,EACjCiD,EAAcj8C,EAAEi5C,WAAa,EAAI,IAAM,EAMnCgD,GAAeD,IACfA,EAAWC,IAKfD,EAAWC,EAAcR,EAAa,EAGtCA,EAAa,GAAKO,IAAqB,IAAT34C,EAS9Bm4C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAE9BP,EAAEy8C,WAAazH,IAAWiH,IAAgBD,GAEjD9D,GAAUl4C,GAAIs1C,IAAgB,IAAM/0C,EAAO,EAAI,GAAI,GACnDo5C,GAAe35C,EAAGy2C,GAAcC,MAGhCwB,GAAUl4C,GAAIu1C,IAAa,IAAMh1C,EAAO,EAAI,GAAI,GAlMxD,SAAwBP,EAAG08C,EAAQC,EAAQC,GAIvC,IAAIC,EASJ,IAHA3E,GAAUl4C,EAAG08C,EAAS,IAAK,GAC3BxE,GAAUl4C,EAAG28C,EAAS,EAAK,GAC3BzE,GAAUl4C,EAAG48C,EAAU,EAAI,GACtBC,EAAO,EAAGA,EAAOD,EAASC,IAE3B3E,GAAUl4C,EAAGA,EAAE+4C,QAAyB,EAAjBvC,GAASqG,GAAY,GAAY,GAI5D5B,GAAUj7C,EAAGA,EAAE64C,UAAW6D,EAAS,GAGnCzB,GAAUj7C,EAAGA,EAAE84C,UAAW6D,EAAS,EAEvC,CA2KQG,CAAe98C,EAAGA,EAAEq7C,OAAOxD,SAAW,EAAG73C,EAAEs7C,OAAOzD,SAAW,EAAGqE,EAAc,GAC9EvC,GAAe35C,EAAGA,EAAE64C,UAAW74C,EAAE84C,YAMrCF,GAAW54C,GAEPO,GACA64C,GAAUp5C,EAIlB,CAMA,SAAS+8C,GAAU/8C,EAAG+3C,EAAM+B,GAmDxB,OA5CA95C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,UAAoBnB,IAAS,EAAI,IAC3D/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,SAAe,GAAY,IAAPnB,EAE9C/3C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQl6C,EAAEk5C,UAAiB,IAALY,EACtC95C,EAAEk5C,WAEW,IAATnB,EAEA/3C,EAAE64C,UAAe,EAALiB,MAEZ95C,EAAEm5C,UAEFpB,IAKA/3C,EAAE64C,UAA8C,GAAnCjC,GAAakD,GAAMrE,GAAW,MAC3Cz1C,EAAE84C,UAAyB,EAAfhB,GAAOC,OA0BhB/3C,EAAEk5C,WAAal5C,EAAEg9C,YAAc,CAK1C,CCxrCe,SAASC,GAAQC,EAAO75C,EAAKnR,EAAK5M,GAC7C,IAAIgpB,EAAa,MAAR4uC,EAAgB,EACrB3uC,EAAK2uC,IAAU,GAAK,MAAQ,EAC5B3uD,EAAI,EAER,KAAe,IAAR2D,GAAW,CAId3D,EAAI2D,EAAM,IAAO,IAAOA,EACxBA,GAAO3D,EAEP,GACI+f,EAAKA,EAAKjL,EAAI/d,KAAQ,EACtBipB,EAAKA,EAAKD,EAAI,UACP/f,GAEX+f,GAAM,MACNC,GAAM,MAGV,OAAOD,EAAKC,GAAM,GAAI,CAC1B,CCLA,MAAM4uC,GAhBN,WACI,IAAI5+C,EACJ,MAAM6+C,EAAQ,GAEd,IAAK,IAAI7uD,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1BgQ,EAAIhQ,EACJ,IAAK,IAAI6P,EAAI,EAAGA,EAAI,EAAGA,IACnBG,EAAQ,EAAJA,EAAQ,WAAaA,IAAM,EAAIA,IAAM,EAE7C6+C,EAAM7uD,GAAKgQ,EAGf,OAAO6+C,CACX,CAGiBC,GAGF,SAASC,GAAMv2C,EAAK1D,EAAKnR,EAAK5M,GACzC,MAAM8a,EAAI+8C,GACNzvD,EAAMpI,EAAM4M,EAEhB6U,IAAQ,EAER,IAAK,IAAI3hB,EAAIE,EAAKF,EAAIsI,EAAKtI,IACvB2hB,EAAMA,IAAQ,EAAI3G,EAAmB,KAAhB2G,EAAM1D,EAAIje,KAGnC,OAAc,EAAP2hB,CACX,QCnCe,CACX,EAAQ,kBACR,EAAQ,aACR,EAAQ,GACR,KAAQ,aACR,KAAQ,eACR,KAAQ,aACR,KAAQ,sBACR,KAAQ,eACR,KAAQ,wBCwBZ,MAAMw2C,GAAgB,EAsBhBC,GAAY,EACZ3G,GAAY,IACZ4G,GAAiB5G,GAAY2G,GAAY,EAEzCE,GAAc,GAEdC,GAAa,GACbC,GAAc,GACdC,GAAa,GACbC,GAAgB,GAChBC,GAAa,IACbC,GAAa,IACbC,GAAe,IAEfC,GAAe,EACfC,GAAgB,EAChBC,GAAoB,EACpBC,GAAiB,EAEjBC,GAAU,EAEhB,SAAS/a,GAAI6Y,EAAMmC,GAEjB,OADAnC,EAAK50B,IAAMA,GAAI+2B,GACRA,CACT,CAEA,SAAS1B,GAAKh2B,GACZ,OAAQ,GAAO,IAAM,EAAM,EAAI,EAAI,EACrC,CAEA,SAASh1B,GAAKwR,GAAO,IAAInR,EAAMmR,EAAI9f,OAAQ,OAAS2O,GAAO,GAAKmR,EAAInR,GAAO,EAS3E,SAASssD,GAAcpC,GACrB,MAAMp8C,EAAIo8C,EAAK9qB,MAGf,IAAIp/B,EAAM8N,EAAEspB,QACRp3B,EAAMkqD,EAAKqC,YACbvsD,EAAMkqD,EAAKqC,WAED,IAARvsD,IAEJwpD,GAAeU,EAAKpwD,OAAQgU,EAAEi4C,YAAaj4C,EAAE0+C,YAAaxsD,EAAKkqD,EAAKuC,UACpEvC,EAAKuC,UAAYzsD,EACjB8N,EAAE0+C,aAAexsD,EACjBkqD,EAAKwC,WAAa1sD,EAClBkqD,EAAKqC,WAAavsD,EAClB8N,EAAEspB,SAAWp3B,EACK,IAAd8N,EAAEspB,UACJtpB,EAAE0+C,YAAc,GAEpB,CAGA,SAASG,GAAiB7+C,EAAGO,GAC3Bu+C,GAAsB9+C,EAAIA,EAAE++C,aAAe,EAAI/+C,EAAE++C,aAAe,EAAI/+C,EAAEg/C,SAAWh/C,EAAE++C,YAAax+C,GAChGP,EAAE++C,YAAc/+C,EAAEg/C,SAClBR,GAAcx+C,EAAEo8C,KAClB,CAGA,SAAS6C,GAASj/C,EAAG5P,GACnB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAal5B,CAC/B,CAQA,SAAS8uD,GAAYl/C,EAAG5P,GAGtB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAcl5B,IAAM,EAAK,IACzC4P,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJl5B,CAC/B,CAUA,SAAS+uD,GAAS/C,EAAM/4C,EAAKtd,EAAOoB,GAClC,IAAI+K,EAAMkqD,EAAKgD,SAGf,OADIltD,EAAM/K,IAAQ+K,EAAM/K,GACZ,IAAR+K,EAAoB,GAExBkqD,EAAKgD,UAAYltD,EAGjBwpD,GAAer4C,EAAK+4C,EAAK35D,MAAO25D,EAAKiD,QAASntD,EAAKnM,GAC3B,IAApBq2D,EAAK9qB,MAAMub,KACbuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAO75C,EAAKnR,EAAKnM,GAGhB,IAApBq2D,EAAK9qB,MAAMub,OAClBuP,EAAKc,MAAQI,GAAMlB,EAAKc,MAAO75C,EAAKnR,EAAKnM,IAG3Cq2D,EAAKiD,SAAWntD,EAChBkqD,EAAKkD,UAAYptD,EAEVA,EACT,CAYA,SAASqtD,GAAcv/C,EAAGw/C,GACxB,IAEI/4C,EACAvU,EAHAutD,EAAez/C,EAAE0/C,iBACjBC,EAAO3/C,EAAEg/C,SAGTY,EAAW5/C,EAAE6/C,YACbC,EAAa9/C,EAAE8/C,WACnB,MAAMC,EAAS//C,EAAEg/C,SAAYh/C,EAAEggD,OAASvC,GACtCz9C,EAAEg/C,UAAYh/C,EAAEggD,OAASvC,IAAiB,EAEtCwC,EAAOjgD,EAAE27C,OAETuE,EAAQlgD,EAAEmgD,OACV11D,EAAOuV,EAAEvV,KAMT21D,EAASpgD,EAAEg/C,SAAWnI,GAC5B,IAAIwJ,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,GAQvB5/C,EAAE6/C,aAAe7/C,EAAEugD,aACrBd,IAAiB,GAKfK,EAAa9/C,EAAEwgD,YAAaV,EAAa9/C,EAAEwgD,WAI/C,GAaE,GAXA/5C,EAAQ+4C,EAWJS,EAAKx5C,EAAQm5C,KAAcU,GAC7BL,EAAKx5C,EAAQm5C,EAAW,KAAOS,GAC/BJ,EAAKx5C,KAAWw5C,EAAKN,IACrBM,IAAOx5C,KAAWw5C,EAAKN,EAAO,GAHhC,CAaAA,GAAQ,EACRl5C,IAMA,UAESw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACnEw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACxDk5C,EAAOS,GAOT,GAHAluD,EAAM2kD,IAAauJ,EAAST,GAC5BA,EAAOS,EAASvJ,GAEZ3kD,EAAM0tD,EAAU,CAGlB,GAFA5/C,EAAEygD,YAAcjB,EAChBI,EAAW1tD,EACPA,GAAO4tD,EACT,MAEFO,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,YAEjBJ,EAAY/0D,EAAK+0D,EAAYU,IAAUH,GAA4B,KAAjBN,GAE5D,OAAIG,GAAY5/C,EAAEwgD,UACTZ,EAEF5/C,EAAEwgD,SACX,CAaA,SAASE,GAAY1gD,GACnB,MAAM2gD,EAAU3gD,EAAEggD,OAClB,IAAIzrC,EAAGhmB,EAAGgB,EAAGqxD,EAAMniD,EAInB,EAAG,CAqBD,GApBAmiD,EAAO5gD,EAAE6gD,YAAc7gD,EAAEwgD,UAAYxgD,EAAEg/C,SAoBnCh/C,EAAEg/C,UAAY2B,GAAWA,EAAUlD,IAAgB,CAErD/B,GAAe17C,EAAE27C,OAAQ37C,EAAE27C,OAAQgF,EAASA,EAAS,GACrD3gD,EAAEygD,aAAeE,EACjB3gD,EAAEg/C,UAAY2B,EAEd3gD,EAAE++C,aAAe4B,EASjBpyD,EAAIyR,EAAE8gD,UACNvsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAE+gD,OAAOxsC,GACbvU,EAAE+gD,KAAKxsC,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UACjCpyD,GAEXA,EAAIoyD,EACJpsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAEvV,OAAO8pB,GACbvU,EAAEvV,KAAK8pB,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UAIjCpyD,GAEXqyD,GAAQD,EAEV,GAAwB,IAApB3gD,EAAEo8C,KAAKgD,SACT,MAmBF,GAJA7wD,EAAI4wD,GAASn/C,EAAEo8C,KAAMp8C,EAAE27C,OAAQ37C,EAAEg/C,SAAWh/C,EAAEwgD,UAAWI,GACzD5gD,EAAEwgD,WAAajyD,EAGXyR,EAAEwgD,UAAYxgD,EAAEghD,QAAUxD,GAS5B,IARA/+C,EAAMuB,EAAEg/C,SAAWh/C,EAAEghD,OACrBhhD,EAAEihD,MAAQjhD,EAAE27C,OAAOl9C,GAGnBuB,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM,IAAMuB,EAAEmhD,UAIvDnhD,EAAEghD,SAEPhhD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAClCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,IACAuB,EAAEghD,WACEhhD,EAAEwgD,UAAYxgD,EAAEghD,OAASxD,cAS1Bx9C,EAAEwgD,UAAY/C,IAAqC,IAApBz9C,EAAEo8C,KAAKgD,SAsCjD,CA6GA,SAASgC,GAAaphD,EAAGqhD,GACvB,IAAIC,EACAC,EAEJ,OAAU,CAMR,GAAIvhD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MA2BJ,GApBAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAOJ,IAAdsC,GAA4BthD,EAAEg/C,SAAWsC,GAAethD,EAAEggD,OAASvC,KAKrEz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,IAGhCthD,EAAEwhD,cAAgBhE,GAYpB,GAPA+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAWh/C,EAAEygD,YAAazgD,EAAEwhD,aAAehE,IAEzEx9C,EAAEwgD,WAAaxgD,EAAEwhD,aAKbxhD,EAAEwhD,cAAgBxhD,EAAE0hD,gBAAuC1hD,EAAEwgD,WAAahD,GAAW,CACvFx9C,EAAEwhD,eACF,GACExhD,EAAEg/C,WAEFh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,eAKQ,KAAnBh/C,EAAEwhD,cACbxhD,EAAEg/C,gBAEFh/C,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,EACjBxhD,EAAEihD,MAAQjhD,EAAE27C,OAAO37C,EAAEg/C,UAErBh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAAMh/C,EAAEmhD,eAavEI,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WAEJ,GAAIuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAWhhD,EAAEg/C,SAAYxB,GAAY,EAAMx9C,EAAEg/C,SAAWxB,GAAY,EAClE6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAOA,SAASwD,GAAa3hD,EAAGqhD,GACvB,IAAIC,EACAC,EAEAK,EAGJ,OAAU,CAMR,GAAI5hD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MA0C3B,GApCAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAMtBh/C,EAAE6/C,YAAc7/C,EAAEwhD,aAClBxhD,EAAE6hD,WAAa7hD,EAAEygD,YACjBzgD,EAAEwhD,aAAehE,GAAY,EAEX,IAAd8D,GAA0BthD,EAAE6/C,YAAc7/C,EAAE0hD,gBAC9C1hD,EAAEg/C,SAAWsC,GAActhD,EAAEggD,OAASvC,KAKtCz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,GAG9BthD,EAAEwhD,cAAgB,IACnBxhD,EAAEy8C,WAAa5H,IAAe70C,EAAEwhD,eAAiBhE,IAAax9C,EAAEg/C,SAAWh/C,EAAEygD,YAAc,QAK5FzgD,EAAEwhD,aAAehE,GAAY,IAM7Bx9C,EAAE6/C,aAAerC,IAAax9C,EAAEwhD,cAAgBxhD,EAAE6/C,YAAa,CACjE+B,EAAa5hD,EAAEg/C,SAAWh/C,EAAEwgD,UAAYhD,GAOxC+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAW,EAAIh/C,EAAE6hD,WAAY7hD,EAAE6/C,YAAcrC,IAM3Ex9C,EAAEwgD,WAAaxgD,EAAE6/C,YAAc,EAC/B7/C,EAAE6/C,aAAe,EACjB,KACQ7/C,EAAEg/C,UAAY4C,IAElB5hD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,gBAGK,KAAlBh/C,EAAE6/C,aAKb,GAJA7/C,EAAE8hD,gBAAkB,EACpB9hD,EAAEwhD,aAAehE,GAAY,EAC7Bx9C,EAAEg/C,WAEEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,QAKN,GAAIl+C,EAAE8hD,iBAgBX,GATAP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAEjDuC,GAEF1C,GAAiB7+C,GAAG,GAGtBA,EAAEg/C,WACFh/C,EAAEwgD,YACuB,IAArBxgD,EAAEo8C,KAAKqC,UACT,OAAOP,QAMTl+C,EAAE8hD,gBAAkB,EACpB9hD,EAAEg/C,WACFh/C,EAAEwgD,YAYN,OARIxgD,EAAE8hD,kBAGJP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAErDh/C,EAAE8hD,gBAAkB,GAEtB9hD,EAAEghD,OAAShhD,EAAEg/C,SAAWxB,GAAY,EAAIx9C,EAAEg/C,SAAWxB,GAAY,EAC7D6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAKJC,EACT,CAgKA,MAAM4D,GACJ9/D,YAAY+/D,EAAaC,EAAUC,EAAaC,EAAWC,GACzDjgE,KAAK6/D,YAAcA,EACnB7/D,KAAK8/D,SAAWA,EAChB9/D,KAAK+/D,YAAcA,EACnB//D,KAAKggE,UAAYA,EACjBhgE,KAAKigE,KAAOA,GAIhB,MAAMC,GAAsB,CAE1B,IAAIN,GAAO,EAAG,EAAG,EAAG,GAviBtB,SAAwB/hD,EAAGqhD,GAIzB,IAAIiB,EAAiB,MAOrB,IALIA,EAAiBtiD,EAAEuiD,iBAAmB,IACxCD,EAAiBtiD,EAAEuiD,iBAAmB,KAI9B,CAER,GAAIviD,EAAEwgD,WAAa,EAAG,CAUpB,GADAE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAmBa,IAAUtN,GACjC,OAAOmK,GAGT,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MAOJxgD,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAEwgD,UAAY,EAGd,MAAMgC,EAAYxiD,EAAE++C,YAAcuD,EAElC,IAAmB,IAAftiD,EAAEg/C,UAAkBh/C,EAAEg/C,UAAYwD,KAEpCxiD,EAAEwgD,UAAYxgD,EAAEg/C,SAAWwD,EAC3BxiD,EAAEg/C,SAAWwD,EAEb3D,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GASX,GAAIl+C,EAAEg/C,SAAWh/C,EAAE++C,aAAgB/+C,EAAEggD,OAASvC,KAE5CoB,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAQb,OAFAl+C,EAAEghD,OAAS,EAEPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,KAGLr+C,EAAEg/C,SAAWh/C,EAAE++C,cAEjBF,GAAiB7+C,GAAG,GAChBA,EAAEo8C,KAAKqC,WACFP,GAMb,IA+cE,IAAI6D,GAAO,EAAG,EAAG,EAAG,EAAGX,IACvB,IAAIW,GAAO,EAAG,EAAG,GAAI,EAAGX,IACxB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIX,IAEzB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIJ,IACzB,IAAII,GAAO,EAAG,GAAI,GAAI,GAAIJ,IAC1B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,IAC/B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,KA6BjC,MAAMc,GACJxgE,cACEE,KAAKi6D,KAAO,KACZj6D,KAAKugE,OAAS,EACdvgE,KAAK81D,YAAc,KACnB91D,KAAKogE,iBAAmB,EACxBpgE,KAAKu8D,YAAc,EACnBv8D,KAAKmnC,QAAU,EACfnnC,KAAK0qD,KAAO,EACZ1qD,KAAKwgE,OAAS,KACdxgE,KAAKygE,QAAU,EACfzgE,KAAK0gE,OAASzN,GACdjzD,KAAK2gE,YAAc,EAEnB3gE,KAAK69D,OAAS,EACd79D,KAAK4gE,OAAS,EACd5gE,KAAKg+D,OAAS,EAEdh+D,KAAKw5D,OAAS,KAQdx5D,KAAK0+D,YAAc,EAKnB1+D,KAAKsI,KAAO,KAMZtI,KAAK4+D,KAAO,KAEZ5+D,KAAK8+D,MAAQ,EACb9+D,KAAK2+D,UAAY,EACjB3+D,KAAK6gE,UAAY,EACjB7gE,KAAKg/D,UAAY,EAEjBh/D,KAAK++D,WAAa,EAOlB/+D,KAAK48D,YAAc,EAKnB58D,KAAKq/D,aAAe,EACpBr/D,KAAK0/D,WAAa,EAClB1/D,KAAK2/D,gBAAkB,EACvB3/D,KAAK68D,SAAW,EAChB78D,KAAKs+D,YAAc,EACnBt+D,KAAKq+D,UAAY,EAEjBr+D,KAAK09D,YAAc,EAKnB19D,KAAKu9D,iBAAmB,EAMxBv9D,KAAKu/D,eAAiB,EAYtBv/D,KAAKg6D,MAAQ,EACbh6D,KAAKs6D,SAAW,EAEhBt6D,KAAKo+D,WAAa,EAGlBp+D,KAAK29D,WAAa,EAYlB39D,KAAK02D,UAAa,IAAIoK,GAAYpN,MAClC1zD,KAAK22D,UAAa,IAAImK,GAAY,KAClC9gE,KAAK42D,QAAa,IAAIkK,GAAY,IAClCpxD,GAAK1P,KAAK02D,WACVhnD,GAAK1P,KAAK22D,WACVjnD,GAAK1P,KAAK42D,SAEV52D,KAAKk5D,OAAW,KAChBl5D,KAAKm5D,OAAW,KAChBn5D,KAAKo5D,QAAW,KAGhBp5D,KAAKu2D,SAAW,IAAIuK,GAAYnN,IAIhC3zD,KAAK6oB,KAAO,IAAIi4C,GAAY,KAC5BpxD,GAAK1P,KAAK6oB,MAEV7oB,KAAKu3D,SAAW,EAChBv3D,KAAKm4D,SAAW,EAKhBn4D,KAAKm3D,MAAQ,IAAI2J,GAAY,KAC7BpxD,GAAK1P,KAAKm3D,OAIVn3D,KAAK+3D,MAAQ,EAEb/3D,KAAK66D,YAAc,EAoBnB76D,KAAK+2D,SAAW,EAEhB/2D,KAAK83D,MAAQ,EAMb93D,KAAK62D,QAAU,EACf72D,KAAK82D,WAAa,EAClB92D,KAAKg3D,QAAU,EACfh3D,KAAK6+D,OAAS,EAGd7+D,KAAKi2D,OAAS,EAIdj2D,KAAKg2D,SAAW,GA6CpB,SAAS+K,GAAa9G,GACpB,MAAMlsC,EA9BR,SAA0BksC,GACxB,IAAIp8C,EAEJ,OAAKo8C,GAASA,EAAK9qB,OAInB8qB,EAAKkD,SAAWlD,EAAKwC,UAAY,EACjCxC,EAAKC,UAAYlH,GAEjBn1C,EAAIo8C,EAAK9qB,MACTtxB,EAAEspB,QAAU,EACZtpB,EAAE0+C,YAAc,EAEZ1+C,EAAE6sC,KAAO,IACX7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAGd7sC,EAAE0iD,OAAU1iD,EAAE6sC,KAAO8Q,GAAaK,GAClC5B,EAAKc,MAAoB,IAAXl9C,EAAE6sC,KACd,EAEA,EACF7sC,EAAE8iD,WAAa/O,GACfoP,GAAenjD,GACRs0C,IArBE/Q,GAAI6Y,EAAM3H,GAsBrB,CAIc2O,CAAiBhH,GAI7B,OAHIlsC,IAAQokC,IAnPd,SAAiBt0C,GACfA,EAAE6gD,YAAc,EAAI7gD,EAAEggD,OAGtBnuD,GAAKmO,EAAE+gD,MAIP/gD,EAAE0hD,eAAiBW,GAAoBriD,EAAEm8C,OAAO8F,SAChDjiD,EAAEugD,WAAa8B,GAAoBriD,EAAEm8C,OAAO6F,YAC5ChiD,EAAE8/C,WAAauC,GAAoBriD,EAAEm8C,OAAO+F,YAC5CliD,EAAE0/C,iBAAmB2C,GAAoBriD,EAAEm8C,OAAOgG,UAElDniD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEwgD,UAAY,EACdxgD,EAAEghD,OAAS,EACXhhD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB9hD,EAAEihD,MAAQ,CACZ,CAgOIoC,CAAQjH,EAAK9qB,OAERphB,CACT,CA6FA,SAASozC,GAAQlH,EAAMiF,GACrB,IAAIkC,EAAWvjD,EACXwjD,EAAKj8B,EAET,IAAK60B,IAASA,EAAK9qB,OACjB+vB,EAAQjN,IAAWiN,EAAQ,EAC3B,OAAOjF,EAAO7Y,GAAI6Y,EAAM3H,IAAkBA,GAK5C,GAFAz0C,EAAIo8C,EAAK9qB,OAEJ8qB,EAAKpwD,SACNowD,EAAK35D,OAA2B,IAAlB25D,EAAKgD,UACpBp/C,EAAE0iD,SAAWzE,IAAgBoD,IAAUlN,GACxC,OAAO5Q,GAAI6Y,EAA0B,IAAnBA,EAAKqC,UAAmB9J,GAAcF,IAQ1D,GALAz0C,EAAEo8C,KAAOA,EACTmH,EAAYvjD,EAAE8iD,WACd9iD,EAAE8iD,WAAazB,EAGXrhD,EAAE0iD,SAAW/E,GAEf,GAAe,IAAX39C,EAAE6sC,KACJuP,EAAKc,MAAQ,EACb+B,GAASj/C,EAAG,IACZi/C,GAASj/C,EAAG,KACZi/C,GAASj/C,EAAG,GACPA,EAAE2iD,QAaL1D,GAASj/C,GAAIA,EAAE2iD,OAAOvqD,KAAO,EAAI,IAC9B4H,EAAE2iD,OAAOc,KAAO,EAAI,IACnBzjD,EAAE2iD,OAAO5I,MAAY,EAAJ,IACjB/5C,EAAE2iD,OAAOt1D,KAAW,EAAJ,IAChB2S,EAAE2iD,OAAOe,QAAc,GAAJ,IAEvBzE,GAASj/C,EAAmB,IAAhBA,EAAE2iD,OAAO1lD,MACrBgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,EAAK,KACnCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAiB,IAAdA,EAAE2iD,OAAOgB,IACjB3jD,EAAE2iD,OAAO5I,OAAS/5C,EAAE2iD,OAAO5I,MAAMx2D,SACnC07D,GAASj/C,EAA2B,IAAxBA,EAAE2iD,OAAO5I,MAAMx2D,QAC3B07D,GAASj/C,EAAIA,EAAE2iD,OAAO5I,MAAMx2D,QAAU,EAAK,MAEzCyc,EAAE2iD,OAAOc,OACXrH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAS,IAE3DtpB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS9E,KAlCXqB,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAGs+C,IACZt+C,EAAE0iD,OAAS1E,QA6Bf,CACE,IAAIx3C,EAAU4uC,IAAep1C,EAAE+iD,OAAS,GAAM,IAAO,EACjDa,GAAe,EAGjBA,EADE5jD,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EAC9B,EACLn8C,EAAEm8C,MAAQ,EACL,EACO,IAAZn8C,EAAEm8C,MACG,EAEA,EAEhB31C,GAAWo9C,GAAe,EACP,IAAf5jD,EAAEg/C,WAAkBx4C,GAAUk3C,IAClCl3C,GAAU,GAAMA,EAAS,GAEzBxG,EAAE0iD,OAAS1E,GACXkB,GAAYl/C,EAAGwG,GAGI,IAAfxG,EAAEg/C,WACJE,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAEtBd,EAAKc,MAAQ,EAKjB,GAAIl9C,EAAE0iD,SAAW9E,GACf,GAAI59C,EAAE2iD,OAAO5I,MAAqB,CAGhC,IAFAyJ,EAAMxjD,EAAEspB,QAEDtpB,EAAE4iD,SAAmC,MAAxB5iD,EAAE2iD,OAAO5I,MAAMx2D,UAC7Byc,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,oBAItBtD,GAASj/C,EAA+B,IAA5BA,EAAE2iD,OAAO5I,MAAM/5C,EAAE4iD,UAC7B5iD,EAAE4iD,UAEA5iD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAE7DxjD,EAAE4iD,UAAY5iD,EAAE2iD,OAAO5I,MAAMx2D,SAC/Byc,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS7E,SAIb79C,EAAE0iD,OAAS7E,GAGf,GAAI79C,EAAE0iD,SAAW7E,GACf,GAAI79C,EAAE2iD,OAAOt1D,KAAoB,CAC/Bm2D,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOt1D,KAAK9J,OACkB,IAAxCyc,EAAE2iD,OAAOt1D,KAAKsR,WAAWqB,EAAE4iD,WAE3B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS5E,SAIb99C,EAAE0iD,OAAS5E,GAGf,GAAI99C,EAAE0iD,SAAW5E,GACf,GAAI99C,EAAE2iD,OAAOe,QAAuB,CAClCF,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOe,QAAQngE,OACkB,IAA3Cyc,EAAE2iD,OAAOe,QAAQ/kD,WAAWqB,EAAE4iD,WAE9B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE0iD,OAAS3E,SAIb/9C,EAAE0iD,OAAS3E,GAsBf,GAnBI/9C,EAAE0iD,SAAW3E,KACX/9C,EAAE2iD,OAAOc,MACPzjD,EAAEspB,QAAU,EAAItpB,EAAEuiD,kBACpB/D,GAAcpC,GAEZp8C,EAAEspB,QAAU,GAAKtpB,EAAEuiD,mBACrBtD,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChCd,EAAKc,MAAQ,EACbl9C,EAAE0iD,OAAS1E,KAIbh+C,EAAE0iD,OAAS1E,IAMG,IAAdh+C,EAAEspB,SAEJ,GADAk1B,GAAcpC,GACS,IAAnBA,EAAKqC,UAQP,OADAz+C,EAAE8iD,YAAc,EACTxO,QAOJ,GAAsB,IAAlB8H,EAAKgD,UAAkBvC,GAAKwE,IAAUxE,GAAK0G,IACpDlC,IAAUlN,GACV,OAAO5Q,GAAI6Y,EAAMzH,IAInB,GAAI30C,EAAE0iD,SAAWzE,IAAkC,IAAlB7B,EAAKgD,SACpC,OAAO7b,GAAI6Y,EAAMzH,IAKnB,GAAsB,IAAlByH,EAAKgD,UAAkC,IAAhBp/C,EAAEwgD,WAC1Ba,IAAUtN,IAAc/zC,EAAE0iD,SAAWzE,GAAe,CACrD,IAAI4F,EAAU7jD,EAAEy8C,WAAa3H,GAvqBjC,SAAsB90C,EAAGqhD,GACvB,IAAIE,EAEJ,OAAU,CAER,GAAoB,IAAhBvhD,EAAEwgD,YACJE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAiB,CACrB,GAAIa,IAAUtN,GACZ,OAAOmK,GAET,MAWJ,GANAl+C,EAAEwhD,aAAe,EAGjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAC1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WACEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAqnBmD2F,CAAa9jD,EAAGqhD,GAC5DrhD,EAAEy8C,WAAa1H,GAvwBtB,SAAqB/0C,EAAGqhD,GACtB,IAAIE,EACA92D,EACAk1D,EAAMS,EAEV,MAAMH,EAAOjgD,EAAE27C,OAEf,OAAU,CAKR,GAAI37C,EAAEwgD,WAAa3J,GAAW,CAE5B,GADA6J,GAAY1gD,GACRA,EAAEwgD,WAAa3J,IAAawK,IAAUtN,GACxC,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MAK3B,GADAxgD,EAAEwhD,aAAe,EACbxhD,EAAEwgD,WAAahD,IAAax9C,EAAEg/C,SAAW,IAC3CW,EAAO3/C,EAAEg/C,SAAW,EACpBv0D,EAAOw1D,EAAKN,GACRl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAAO,CAC3ES,EAASpgD,EAAEg/C,SAAWnI,GACtB,UAESpsD,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAClDl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACvCA,EAAOS,GACTpgD,EAAEwhD,aAAe3K,IAAauJ,EAAST,GACnC3/C,EAAEwhD,aAAexhD,EAAEwgD,YACrBxgD,EAAEwhD,aAAexhD,EAAEwgD,WAyBzB,GAlBIxgD,EAAEwhD,cAAgBhE,IAIpB+D,EAASE,GAAgBzhD,EAAG,EAAGA,EAAEwhD,aAAehE,IAEhDx9C,EAAEwgD,WAAaxgD,EAAEwhD,aACjBxhD,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,IAKjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,YAEAuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CA8qB8B4F,CAAY/jD,EAAGqhD,GACrCgB,GAAoBriD,EAAEm8C,OAAOiG,KAAKpiD,EAAGqhD,GAKzC,GAHIwC,IAAWzF,IAAqByF,IAAWxF,KAC7Cr+C,EAAE0iD,OAASzE,IAET4F,IAAW3F,IAAgB2F,IAAWzF,GAKxC,OAJuB,IAAnBhC,EAAKqC,YACPz+C,EAAE8iD,YAAc,GAGXxO,GAST,GAAIuP,IAAW1F,KACTkD,IAAUrN,GACZgQ,GAAgBhkD,GAETqhD,IAAUjN,KAEjB6P,GAAuBjkD,EAAG,EAAG,GAAG,GAI5BqhD,IAAUnN,KAEZriD,GAAKmO,EAAE+gD,MAEa,IAAhB/gD,EAAEwgD,YACJxgD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,KAIjBxC,GAAcpC,GACS,IAAnBA,EAAKqC,WAEP,OADAz+C,EAAE8iD,YAAc,EACTxO,GAOb,OAAI+M,IAAUlN,GAAmBG,GAC7Bt0C,EAAE6sC,MAAQ,EAAY0H,IAGX,IAAXv0C,EAAE6sC,MACJoS,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAmB,IAAhBo8C,EAAKkD,UACjBL,GAASj/C,EAAIo8C,EAAKkD,UAAY,EAAK,KACnCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,KACpCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,OAGpCJ,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAGtBsB,GAAcpC,GAIVp8C,EAAE6sC,KAAO,IAAK7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAET,IAAd7sC,EAAEspB,QAAgBgrB,GAAOC,GAClC,CChqDA,IACI93C,OAAOsC,aAAaC,KAAM,KAAQ,EACtC,CAAE,MAAOklD,GAET,CACA,IACIznD,OAAOsC,aAAaC,MAAM,KAAM,IAAIha,WAAW,GACnD,CAAE,MAAOk/D,GAET,CAMA,MAAMC,GAAW,IAAIC,GAAW,KAChC,IAAK,IAAI3zD,EAAI,EAAGA,EAAI,IAAKA,IACrB0zD,GAAS1zD,GAAKA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAI,EAMtF,SAAS4zD,GAAY5lD,GACxB,IAAIF,EAAGoR,EAAI20C,EAAOl/D,EAAGm/D,EAAU,EAC/B,MAAMC,EAAU/lD,EAAIlb,OAGpB,IAAK+gE,EAAQ,EAAGA,EAAQE,EAASF,IAC7B/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGRC,GAAWhmD,EAAI,IAAO,EAAIA,EAAI,KAAQ,EAAIA,EAAI,MAAU,EAAI,EAIhE,MAAM8E,EAAM,IAAI+gD,GAAWG,GAG3B,IAAKn/D,EAAI,EAAGk/D,EAAQ,EAAGl/D,EAAIm/D,EAASD,IAChC/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGJ/lD,EAAI,IAEJ8E,EAAIje,KAAOmZ,EACJA,EAAI,MAEX8E,EAAIje,KAAO,IAAOmZ,IAAM,EACxB8E,EAAIje,KAAO,IAAW,GAAJmZ,GACXA,EAAI,OAEX8E,EAAIje,KAAO,IAAOmZ,IAAM,GACxB8E,EAAIje,KAAO,IAAOmZ,IAAM,EAAI,GAC5B8E,EAAIje,KAAO,IAAW,GAAJmZ,IAGlB8E,EAAIje,KAAO,IAAOmZ,IAAM,GACxB8E,EAAIje,KAAO,IAAOmZ,IAAM,GAAK,GAC7B8E,EAAIje,KAAO,IAAOmZ,IAAM,EAAI,GAC5B8E,EAAIje,KAAO,IAAW,GAAJmZ,GAI1B,OAAO8E,CACX,CAxDA8gD,GAAS,KAAOA,GAAS,KAAO,ECbjB,MAAMM,GACnBxiE,cAEEE,KAAKM,MAAQ,KACbN,KAAKk9D,QAAU,EAEfl9D,KAAKi9D,SAAW,EAEhBj9D,KAAKm9D,SAAW,EAEhBn9D,KAAK6J,OAAS,KACd7J,KAAKw8D,SAAW,EAEhBx8D,KAAKs8D,UAAY,EAEjBt8D,KAAKy8D,UAAY,EAEjBz8D,KAAKqlC,IAAM,GAEXrlC,KAAKmvC,MAAQ,KAEbnvC,KAAKk6D,UAAY,EAEjBl6D,KAAK+6D,MAAQ,GCiEjB,MAAMwH,GACJziE,YAAY+E,GACV7E,KAAK6E,QAAU,CACbm1D,MAAOvH,GACPiO,OAAQzN,GACRuP,UAAW,MACXC,WAAY,GACZC,SAAU,EACVpI,SR/DkC,KQgE9Bz1D,GAAW,IAGjB,MAAM89D,EAAM3iE,KAAK6E,QAEb89D,EAAIC,KAAQD,EAAIF,WAAa,EAC/BE,EAAIF,YAAcE,EAAIF,WAGfE,EAAIE,MAASF,EAAIF,WAAa,GAAOE,EAAIF,WAAa,KAC7DE,EAAIF,YAAc,IAGpBziE,KAAKohD,IAAS,EACdphD,KAAKqlC,IAAS,GACdrlC,KAAK8iE,OAAS,EACd9iE,KAAKuxD,OAAS,GAEdvxD,KAAKi6D,KAAO,IAAIqI,GAChBtiE,KAAKi6D,KAAKqC,UAAY,EAEtB,IH+nCsBrC,EAAM2E,EG/nCxB2B,EHuoCR,SAAsBtG,EAAMD,EAAO0G,EAAQ+B,EAAYC,EAAUpI,GAC/D,IAAKL,EACH,OAAO3H,GAET,IAAI5H,EAAO,EAiBX,GAfIsP,IAAUvH,KACZuH,EAAQ,GAGNyI,EAAa,GACf/X,EAAO,EACP+X,GAAcA,GAGPA,EAAa,KACpB/X,EAAO,EACP+X,GAAc,IAIZC,EAAW,GAAKA,EAAWtH,IAAiBsF,IAAWzN,IACzDwP,EAAa,GAAKA,EAAa,IAAMzI,EAAQ,GAAKA,EAAQ,GAC1DM,EAAW,GAAKA,EAAWzH,GAC3B,OAAOzR,GAAI6Y,EAAM3H,IAIA,IAAfmQ,IACFA,EAAa,GAIf,MAAM5kD,EAAI,IAAIyiD,GAyCd,OAvCArG,EAAK9qB,MAAQtxB,EACbA,EAAEo8C,KAAOA,EAETp8C,EAAE6sC,KAAOA,EACT7sC,EAAE2iD,OAAS,KACX3iD,EAAE+iD,OAAS6B,EACX5kD,EAAEggD,OAAS,GAAKhgD,EAAE+iD,OAClB/iD,EAAEmgD,OAASngD,EAAEggD,OAAS,EAEtBhgD,EAAEgjD,UAAY6B,EAAW,EACzB7kD,EAAE8gD,UAAY,GAAK9gD,EAAEgjD,UACrBhjD,EAAEmhD,UAAYnhD,EAAE8gD,UAAY,EAC5B9gD,EAAEkhD,eAAiBlhD,EAAEgjD,UAAYxF,GAAY,GAAKA,IAClDx9C,EAAE27C,OAAS,IAAIyI,GAAsB,EAAXpkD,EAAEggD,QAC5BhgD,EAAE+gD,KAAO,IAAIkC,GAAYjjD,EAAE8gD,WAC3B9gD,EAAEvV,KAAO,IAAIw4D,GAAYjjD,EAAEggD,QAK3BhgD,EAAEg9C,YAAc,GAAM6H,EAAW,EAEjC7kD,EAAEuiD,iBAAmC,EAAhBviD,EAAEg9C,YAIvBh9C,EAAEi4C,YAAc,IAAImM,GAAWpkD,EAAEuiD,kBAIjCviD,EAAEi6C,MAAQ,EAAIj6C,EAAEg9C,YAGhBh9C,EAAEk6C,MAAQ,EAAUl6C,EAAEg9C,YAEtBh9C,EAAEm8C,MAAQA,EACVn8C,EAAEy8C,SAAWA,EACbz8C,EAAE6iD,OAASA,EAEJK,GAAa9G,EACtB,CGltCiB8I,CACX/iE,KAAKi6D,KACL0I,EAAI3I,MACJ2I,EAAIjC,OACJiC,EAAIF,WACJE,EAAID,SACJC,EAAIrI,UAGN,GAAIiG,IAAWpO,GACb,MAAUjvD,MAAMmiC,GAAIk7B,IAOtB,GAJIoC,EAAIt+C,SHknCc41C,EGjnCUj6D,KAAKi6D,KHinCT2E,EGjnCe+D,EAAIt+C,OHknC5C41C,GAASA,EAAK9qB,QACK,IAApB8qB,EAAK9qB,MAAMub,OACfuP,EAAK9qB,MAAMqxB,OAAS5B,KGjnCd+D,EAAIK,WAAY,CAClB,IAAIC,EAaJ,GATEA,EAF4B,iBAAnBN,EAAIK,WAENE,GAAmBP,EAAIK,YACrBL,EAAIK,sBAAsB79C,YAC5B,IAAItiB,WAAW8/D,EAAIK,YAEnBL,EAAIK,WAGbzC,EHsiDN,SAA8BtG,EAAM+I,GAClC,IAEInlD,EACAvB,EAAKlQ,EACLs+C,EACAyY,EACAC,EACA9iE,EACA+iE,EARAC,EAAaN,EAAW5hE,OAU5B,IAAK64D,IAAsBA,EAAK9qB,MAC9B,OAAOmjB,GAMT,GAHAz0C,EAAIo8C,EAAK9qB,MACTub,EAAO7sC,EAAE6sC,KAEI,IAATA,GAAwB,IAATA,GAAc7sC,EAAE0iD,SAAW/E,IAAe39C,EAAEwgD,UAC7D,OAAO/L,GAmCT,IA/Ba,IAAT5H,IAEFuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAOiI,EAAYM,EAAY,IAG3DzlD,EAAE6sC,KAAO,EAGL4Y,GAAczlD,EAAEggD,SACL,IAATnT,IAEFh7C,GAAKmO,EAAE+gD,MACP/gD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,GAIbwE,EAAU,IAAIpB,GAAWpkD,EAAEggD,QAC3BtE,GAAe8J,EAASL,EAAYM,EAAazlD,EAAEggD,OAAQhgD,EAAEggD,OAAQ,GACrEmF,EAAaK,EACbC,EAAazlD,EAAEggD,QAGjBsF,EAAQlJ,EAAKgD,SACbmG,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACb25D,EAAKgD,SAAWqG,EAChBrJ,EAAKiD,QAAU,EACfjD,EAAK35D,MAAQ0iE,EACbzE,GAAY1gD,GACLA,EAAEwgD,WAAahD,IAAW,CAC/B/+C,EAAMuB,EAAEg/C,SACRzwD,EAAIyR,EAAEwgD,WAAahD,GAAY,GAC/B,GAEEx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAElCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,YACSlQ,GACXyR,EAAEg/C,SAAWvgD,EACbuB,EAAEwgD,UAAYhD,GAAY,EAC1BkD,GAAY1gD,GAYd,OAVAA,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAE++C,YAAc/+C,EAAEg/C,SAClBh/C,EAAEghD,OAAShhD,EAAEwgD,UACbxgD,EAAEwgD,UAAY,EACdxgD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB1F,EAAKiD,QAAUkG,EACfnJ,EAAK35D,MAAQA,EACb25D,EAAKgD,SAAWkG,EAChBtlD,EAAE6sC,KAAOA,EACFyH,EACT,CGvnDeoR,CAAkCvjE,KAAKi6D,KAAMgJ,GAElD1C,IAAWpO,GACb,MAAUjvD,MAAMmiC,GAAIk7B,IAGtBvgE,KAAKwjE,WAAY,GAiCrB3hE,KAAKiI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMp1D,SAAS29D,UAAEA,IAAgBxiE,KACzC,IAAIugE,EAAQkD,EAEZ,GAAIzjE,KAAK8iE,MAAS,OAAO,EAEzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBkkC,GAAWJ,GAG7C,iBAAT9nD,EAETmwD,EAAK35D,MAAQ4iE,GAAmBp5D,GACvBA,aAAgBqb,YACzB80C,EAAK35D,MAAQ,IAAIuC,WAAWiH,GAE5BmwD,EAAK35D,MAAQwJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK35D,MAAMc,OAE3B,EAAG,CAQD,GAPuB,IAAnB64D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,IAEnBjC,EAASmD,GAAqBzJ,EAAMwJ,MAErBrR,IAAgBmO,IAAWpO,GAGxC,OAFAnyD,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,GACN,EAEc,IAAnB7I,EAAKqC,YAAsC,IAAlBrC,EAAKgD,UAAmBwG,IAAUzR,IAAYyR,IAAU3R,KACnF9xD,KAAK4jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,kBAExCvC,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAWnO,IAGnE,OAAIqR,IAAUzR,IACZuO,EHy7CN,SAAoBtG,GAClB,IAAIsG,EAEJ,OAAKtG,GAAsBA,EAAK9qB,OAIhCoxB,EAAStG,EAAK9qB,MAAMoxB,OAChBA,IAAW/E,IACb+E,IAAW9E,IACX8E,IAAW7E,IACX6E,IAAW5E,IACX4E,IAAW3E,IACX2E,IAAW1E,IACX0E,IAAWzE,GAEJ1a,GAAI6Y,EAAM3H,KAGnB2H,EAAK9qB,MAAQ,KAENoxB,IAAW1E,GAAaza,GAAI6Y,EAAM1H,IAAgBJ,KAjBhDG,EAkBX,CG/8CewR,CAAwB9jE,KAAKi6D,MACtCj6D,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,EACNvC,IAAWpO,IAIhBsR,IAAU3R,KACZ9xD,KAAK2jE,MAAMxR,IACX8H,EAAKqC,UAAY,GACV,GAcXsH,OAAO7hE,GACL/B,KAAKuxD,OAAO1vD,KAAKE,GAanB4hE,MAAMpD,GAEAA,IAAWpO,KACbnyD,KAAKyB,OAASsiE,GAAoB/jE,KAAKuxD,SAEzCvxD,KAAKuxD,OAAS,GACdvxD,KAAKohD,IAAMmf,EACXvgE,KAAKqlC,IAAMrlC,KAAKi6D,KAAK50B,KC/QzB,MAAM2+B,GAAM,GACNC,GAAO,GAqCE,SAASC,GAAajK,EAAMr2D,GACvC,IAAIugE,EACAC,EAEAC,EACA9lD,EACA+lD,EACAC,EAEAx0D,EACA6lD,EACA7zC,EACAyiD,EAKJ,MAAMr1B,EAAQ8qB,EAAK9qB,MAEnBg1B,EAAMlK,EAAKiD,QACX,MAAM58D,EAAQ25D,EAAK35D,MACb8d,EAAO+lD,GAAOlK,EAAKgD,SAAW,GACpCmH,EAAOnK,EAAKuC,SACZ,MAAM3yD,EAASowD,EAAKpwD,OACdw3D,EAAM+C,GAAQxgE,EAAQq2D,EAAKqC,WAC3B/wD,EAAM64D,GAAQnK,EAAKqC,UAAY,KAE/BmI,EAAOt1B,EAAMs1B,KAEbC,EAAQv1B,EAAMu1B,MACdC,EAAQx1B,EAAMw1B,MACdC,EAAQz1B,EAAMy1B,MACdC,EAAW11B,EAAMqqB,OACvB6K,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KACb,MAAMumD,EAAQ31B,EAAM41B,QACdC,EAAQ71B,EAAM81B,SACdC,GAAS,GAAK/1B,EAAMg2B,SAAW,EAC/BC,GAAS,GAAKj2B,EAAMk2B,UAAY,EAMtCC,EACA,EAAG,CACK/mD,EAAO,KACP8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAGZ+lD,EAAOQ,EAAMT,EAAOa,GAEpBK,EACA,OAAS,CAKL,GAJAhB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,IACR,IAAPC,EAIA16D,EAAOu6D,KAAiB,MAAPE,MACd,MAAS,GAALC,GAkKJ,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOQ,GAAc,MAAPR,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASgB,EACN,GAAS,GAALhB,EAAS,CAEhBp1B,EAAMrhB,KAAOm2C,GACb,MAAMqB,EAENrL,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA3KNv1D,EAAa,MAAPu0D,EACNC,GAAM,GACFA,IACIhmD,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAEZxO,GAAOs0D,GAAQ,GAAKE,GAAM,EAC1BF,KAAUE,EACVhmD,GAAQgmD,GAGRhmD,EAAO,KACP8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAEZ+lD,EAAOU,EAAMX,EAAOe,GAEpBI,EACA,OAAS,CAML,GALAjB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,MAEV,GAALC,GA2HG,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOU,GAAc,MAAPV,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASiB,EAETvL,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EApHN,GAZA1P,EAAc,MAAP0O,EACPC,GAAM,GACFhmD,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACJA,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,IAGhBq3C,GAAQyO,GAAQ,GAAKE,GAAM,EAEvB3O,EAAO6O,EAAM,CACbxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EAOV,GAJAjB,KAAUE,EACVhmD,GAAQgmD,EAERA,EAAKH,EAAO/C,EACRzL,EAAO2O,EAAI,CAEX,GADAA,EAAK3O,EAAO2O,EACRA,EAAKI,GACDx1B,EAAMs2B,KAAM,CACZxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA2Bd,GAFAvjD,EAAO,EACPyiD,EAAcK,EACA,IAAVD,GAEA,GADA7iD,GAAQ2iD,EAAQH,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,QAEf,GAAI+6D,EAAQL,GAGf,GAFAxiD,GAAQ2iD,EAAQE,EAAQL,EACxBA,GAAMK,EACFL,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GAEX,GADAxiD,EAAO,EACH6iD,EAAQ70D,EAAK,CACbw0D,EAAKK,EACL70D,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,SAKtB,GADAkY,GAAQ6iD,EAAQL,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,EAGtB,KAAOkG,EAAM,GACTlG,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BhS,GAAO,EAEPA,IACAlG,EAAOu6D,KAAUI,EAAYziD,KACzBhS,EAAM,IACNlG,EAAOu6D,KAAUI,EAAYziD,WAGlC,CACHA,EAAOqiD,EAAOxO,EACd,GACI/rD,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBhS,GAAO,QACFA,EAAM,GACXA,IACAlG,EAAOu6D,KAAUv6D,EAAOkY,KACpBhS,EAAM,IACNlG,EAAOu6D,KAAUv6D,EAAOkY,OAaxC,OAeR,aAECoiD,EAAM/lD,GAAQgmD,EAAO74D,GAG9BwE,EAAMwO,GAAQ,EACd4lD,GAAOp0D,EACPwO,GAAQxO,GAAO,EACfs0D,IAAS,GAAK9lD,GAAQ,EAGtB07C,EAAKiD,QAAUiH,EACflK,EAAKuC,SAAW4H,EAChBnK,EAAKgD,SAAWkH,EAAM/lD,EAAYA,EAAO+lD,EAAZ,EAAmB,GAAKA,EAAM/lD,GAC3D67C,EAAKqC,UAAY8H,EAAO74D,EAAaA,EAAM64D,EAAb,IAAqB,KAAOA,EAAO74D,GACjE4jC,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,CAEjB,CCxSA,MAAMmnD,GAAU,GACVC,GAAc,IACdC,GAAe,IAGfC,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAERC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,EAAG,GAG3DC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAGtDC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IACtD,IAAK,IAAK,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KAClD,KAAM,MAAO,MAAO,MAAO,EAAG,GAG5BC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACpC,GAAI,GAAI,GAAI,GAAI,GAAI,IAGT,SAASC,GAAcpsD,EAAMqsD,EAAMC,EAAYC,EAAOtL,EAAOuL,EAAaC,EAAMxiB,GAC3F,MAAM1lC,EAAO0lC,EAAK1lC,KAGlB,IASImoD,EACA5mB,EACA6mB,EACAvD,EAIA73D,EAhBAwE,EAAM,EACN62D,EAAM,EACN/oB,EAAM,EAAGlyC,EAAM,EACfk7D,EAAO,EACPp2C,EAAO,EACPq2C,EAAO,EACP/yC,EAAO,EACPgzC,EAAO,EACPC,EAAO,EAKP5O,EAAO,KACP6O,EAAa,EAGjB,MAAMxjC,EAAQ,IAAIq9B,GAAY4E,GAAU,GAClCwB,EAAO,IAAIpG,GAAY4E,GAAU,GACvC,IAGIyB,EAAWC,EAASC,EAHpBzP,EAAQ,KACR0P,EAAc,EAoClB,IAAKv3D,EAAM,EAAGA,GAAO21D,GAAS31D,IAC1B0zB,EAAM1zB,GAAO,EAEjB,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACvBnjC,EAAM4iC,EAAKC,EAAaM,MAK5B,IADAC,EAAOtoD,EACF5S,EAAM+5D,GAAS/5D,GAAO,GACJ,IAAf83B,EAAM93B,GADgBA,KAQ9B,GAHIk7D,EAAOl7D,IACPk7D,EAAOl7D,GAEC,IAARA,EAaA,OATAsvD,EAAMuL,KAAiB,SAMvBvL,EAAMuL,KAAiB,SAEvBviB,EAAK1lC,KAAO,EACL,EAEX,IAAKs/B,EAAM,EAAGA,EAAMlyC,GACG,IAAf83B,EAAMoa,GADWA,KAWzB,IANIgpB,EAAOhpB,IACPgpB,EAAOhpB,GAIX9pB,EAAO,EACFhkB,EAAM,EAAGA,GAAO21D,GAAS31D,IAG1B,GAFAgkB,IAAS,EACTA,GAAQ0P,EAAM1zB,GACVgkB,EAAO,EACP,OAAQ,EAGhB,GAAIA,EAAO,IAAM/Z,IAAS6rD,IAAiB,IAARl6D,GAC/B,OAAQ,EAKZ,IADAu7D,EAAK,GAAK,EACLn3D,EAAM,EAAGA,EAAM21D,GAAS31D,IACzBm3D,EAAKn3D,EAAM,GAAKm3D,EAAKn3D,GAAO0zB,EAAM1zB,GAItC,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACQ,IAA3BP,EAAKC,EAAaM,KAClBH,EAAKS,EAAKb,EAAKC,EAAaM,OAAWA,GAsC3C5sD,IAAS6rD,IACTzN,EAAOR,EAAQ6O,EACfl7D,EAAM,IAECyO,IAAS8rD,IAChB1N,EAAO4N,GACPiB,GAAc,IACdrP,EAAQqO,GACRqB,GAAe,IACf/7D,EAAM,MAGN6sD,EAAO8N,GACPtO,EAAQuO,GACR56D,GAAO,GAIXy7D,EAAO,EACPJ,EAAM,EACN72D,EAAM8tC,EACNulB,EAAOoD,EACP/1C,EAAOo2C,EACPC,EAAO,EACPH,GAAO,EACPI,EAAO,GAAKF,EACZ,MAAMj1B,EAAOm1B,EAAO,EAGpB,GAAI/sD,IAAS8rD,IAAQiB,EAAOpB,IAC5B3rD,IAAS+rD,IAASgB,EAAOnB,GACrB,OAAO,EAIX,OAAS,CAELuB,EAAYp3D,EAAM+2D,EACdL,EAAKG,GAAOr7D,GACZ67D,EAAU,EACVC,EAAWZ,EAAKG,IACTH,EAAKG,GAAOr7D,GACnB67D,EAAUxP,EAAM0P,EAAcb,EAAKG,IACnCS,EAAWjP,EAAK6O,EAAaR,EAAKG,MAElCQ,EAAU,GACVC,EAAW,GAIfX,EAAO,GAAK32D,EAAM+2D,EAClBhnB,EAAO,GAAKrvB,EACZotB,EAAMiC,EACN,GACIA,GAAQ4mB,EACRzL,EAAMmI,GAAQ4D,GAAQF,GAAQhnB,GAAQqnB,GAAa,GAAKC,GAAW,GAAKC,EAAU,QACpE,IAATvnB,GAIT,IADA4mB,EAAO,GAAK32D,EAAM,EACXi3D,EAAON,GACVA,IAAS,EAWb,GATa,IAATA,GACAM,GAAQN,EAAO,EACfM,GAAQN,GAERM,EAAO,EAIXJ,IACqB,KAAfnjC,EAAM1zB,GAAY,CACpB,GAAIA,IAAQpE,EACR,MAEJoE,EAAMs2D,EAAKC,EAAaG,EAAKG,IAIjC,GAAI72D,EAAM82D,IAASG,EAAOp1B,KAAU+0B,EAAK,CAYrC,IAVa,IAATG,IACAA,EAAOD,GAIXzD,GAAQvlB,EAGRptB,EAAO1gB,EAAM+2D,EACb/yC,EAAO,GAAKtD,EACLA,EAAOq2C,EAAOn7D,IACjBooB,GAAQ0P,EAAMhT,EAAOq2C,KACjB/yC,GAAQ,KAGZtD,IACAsD,IAAS,EAKb,GADAgzC,GAAQ,GAAKt2C,EACTzW,IAAS8rD,IAAQiB,EAAOpB,IAChC3rD,IAAS+rD,IAASgB,EAAOnB,GACjB,OAAO,EAIXe,EAAMK,EAAOp1B,EAIbqpB,EAAM0L,GAAOE,GAAQ,GAAKp2C,GAAQ,GAAK2yC,EAAOoD,EAAa,GAiBnE,OAVa,IAATQ,IAIA/L,EAAMmI,EAAO4D,GAAQj3D,EAAM+2D,GAAQ,GAAK,IAAM,GAAI,GAKtD7iB,EAAK1lC,KAAOsoD,EACL,CACX,CC/TA,MAAMhB,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAsBLwB,GAAO,EACPC,GAAQ,EACRC,GAAO,EACPC,GAAK,EACLC,GAAQ,EACRC,GAAQ,EACR/jC,GAAO,EACPgkC,GAAU,EACVC,GAAO,EACPC,GAAS,GACTC,GAAO,GACH/D,GAAO,GACPgE,GAAS,GACTC,GAAS,GACTC,GAAQ,GACRC,GAAO,GACPC,GAAQ,GACRC,GAAU,GACVC,GAAW,GACPC,GAAO,GACPC,GAAM,GACNC,GAAS,GACTC,GAAO,GACPC,GAAU,GACVC,GAAQ,GACRC,GAAM,GACdC,GAAQ,GACRC,GAAS,GACTC,GAAO,GACPjF,GAAM,GAQT2B,GAAc,IACdC,GAAe,IAQrB,SAASsD,GAAQ56D,GACf,OAAWA,IAAM,GAAM,MACbA,IAAM,EAAK,SACP,MAAJA,IAAe,KACX,IAAJA,IAAa,GACzB,CAGA,MAAM66D,GACJrpE,cACEE,KAAK8tB,KAAO,EACZ9tB,KAAKoe,MAAO,EACZpe,KAAK0qD,KAAO,EACZ1qD,KAAKopE,UAAW,EAChBppE,KAAKqpE,MAAQ,EACbrpE,KAAKykE,KAAO,EACZzkE,KAAKspE,MAAQ,EACbtpE,KAAKupE,MAAQ,EAEbvpE,KAAK4+D,KAAO,KAGZ5+D,KAAKwpE,MAAQ,EACbxpE,KAAK0kE,MAAQ,EACb1kE,KAAK2kE,MAAQ,EACb3kE,KAAK4kE,MAAQ,EACb5kE,KAAKw5D,OAAS,KAGdx5D,KAAKqkE,KAAO,EACZrkE,KAAKue,KAAO,EAGZve,KAAKoB,OAAS,EACdpB,KAAKmQ,OAAS,EAGdnQ,KAAK43D,MAAQ,EAGb53D,KAAK+kE,QAAU,KACf/kE,KAAKilE,SAAW,KAChBjlE,KAAKmlE,QAAU,EACfnlE,KAAKqlE,SAAW,EAGhBrlE,KAAKypE,MAAQ,EACbzpE,KAAK0pE,KAAO,EACZ1pE,KAAK2pE,MAAQ,EACb3pE,KAAK4pE,KAAO,EACZ5pE,KAAKojE,KAAO,KAEZpjE,KAAKqmE,KAAO,IAAIvF,GAAY,KAC5B9gE,KAAKymE,KAAO,IAAI3F,GAAY,KAO5B9gE,KAAK6pE,OAAS,KACd7pE,KAAK8pE,QAAU,KACf9pE,KAAKylE,KAAO,EACZzlE,KAAK+pE,KAAO,EACZ/pE,KAAKgqE,IAAM,GA+Bf,SAASC,GAAahQ,GACpB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACbA,EAAMu1B,MAAQ,EACdv1B,EAAMw1B,MAAQ,EACdx1B,EAAMy1B,MAAQ,EAlChB,SAA0B3K,GACxB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACb8qB,EAAKkD,SAAWlD,EAAKwC,UAAYttB,EAAMo6B,MAAQ,EAC/CtP,EAAK50B,IAAM,GACP8J,EAAMub,OACRuP,EAAKc,MAAqB,EAAb5rB,EAAMub,MAErBvb,EAAMrhB,KAAOy5C,GACbp4B,EAAM/wB,KAAO,EACb+wB,EAAMi6B,SAAW,EACjBj6B,EAAMs1B,KAAO,MACbt1B,EAAMyvB,KAAO,KACbzvB,EAAMk1B,KAAO,EACbl1B,EAAM5wB,KAAO,EAEb4wB,EAAM41B,QAAU51B,EAAM06B,OAAS,IAAIK,GAAYvE,IAC/Cx2B,EAAM81B,SAAW91B,EAAM26B,QAAU,IAAII,GAAYtE,IAEjDz2B,EAAMs2B,KAAO,EACbt2B,EAAM46B,MAAQ,EAEP5X,IArB4BG,EAsBrC,CAUS6X,CAAiBlQ,IALW3H,EAOrC,CAoCA,SAAS8X,GAAanQ,EAAMwI,GAC1B,IAAI10C,EACAohB,EAEJ,OAAK8qB,GAGL9qB,EAAQ,IAAIg6B,GAIZlP,EAAK9qB,MAAQA,EACbA,EAAMqqB,OAAS,KACfzrC,EA/CF,SAAuBksC,EAAMwI,GAC3B,IAAI/X,EACAvb,EAGJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MAGTszB,EAAa,GACf/X,EAAO,EACP+X,GAAcA,IAGd/X,EAA2B,GAAnB+X,GAAc,GAClBA,EAAa,KACfA,GAAc,KAKdA,IAAeA,EAAa,GAAKA,EAAa,IACzCnQ,IAEY,OAAjBnjB,EAAMqqB,QAAmBrqB,EAAMq6B,QAAU/G,IAC3CtzB,EAAMqqB,OAAS,MAIjBrqB,EAAMub,KAAOA,EACbvb,EAAMq6B,MAAQ/G,EACPwH,GAAahQ,KA1Be3H,EA2BrC,CAeQ+X,CAAcpQ,EAAMwI,GACtB10C,IAAQokC,KACV8H,EAAK9qB,MAAQ,MAERphB,GAbaukC,EActB,CAiBA,IAEIgY,GAAQC,GAFRC,IAAS,EAIb,SAASC,GAAYt7B,GAEnB,GAAIq7B,GAAQ,CACV,IAAI5D,EAOJ,IALA0D,GAAS,IAAIJ,GAAY,KACzBK,GAAU,IAAIL,GAAY,IAG1BtD,EAAM,EACCA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EAMxC,IAJAR,GAAcN,GAAO32B,EAAMk3B,KAAM,EAAG,IAAKiE,GAAU,EAAGn7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EqoD,EAAM,EACCA,EAAM,IAAMz3B,EAAMk3B,KAAKO,KAAS,EAEvCR,GAAcL,GAAO52B,EAAMk3B,KAAM,EAAG,GAAMkE,GAAS,EAAGp7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EisD,IAAS,EAGXr7B,EAAM41B,QAAUuF,GAChBn7B,EAAMg2B,QAAU,EAChBh2B,EAAM81B,SAAWsF,GACjBp7B,EAAMk2B,SAAW,CACnB,CAiBA,SAASqF,GAAazQ,EAAMzjC,EAAKjrB,EAAKo/D,GACpC,IAAI/U,EACJ,MAAMzmB,EAAQ8qB,EAAK9qB,MAqCnB,OAlCqB,OAAjBA,EAAMqqB,SACRrqB,EAAMu1B,MAAQ,GAAKv1B,EAAMq6B,MACzBr6B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQ,EAEdx1B,EAAMqqB,OAAS,IAAIyI,GAAW9yB,EAAMu1B,QAIlCiG,GAAQx7B,EAAMu1B,OAChBnL,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAM4jC,EAAMu1B,MAAOv1B,EAAMu1B,MAAO,GAClEv1B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpB9O,EAAOzmB,EAAMu1B,MAAQv1B,EAAMy1B,MACvBhP,EAAO+U,IACT/U,EAAO+U,GAGTpR,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAM/U,EAAMzmB,EAAMy1B,QAC1D+F,GAAQ/U,IAGN2D,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAMA,EAAM,GACpDx7B,EAAMy1B,MAAQ+F,EACdx7B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpBv1B,EAAMy1B,OAAShP,EACXzmB,EAAMy1B,QAAUz1B,EAAMu1B,QAASv1B,EAAMy1B,MAAQ,GAC7Cz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAASv1B,EAAMw1B,OAAS/O,KAG7C,CACT,CAEA,SAASgV,GAAQ3Q,EAAMiF,GACrB,IAAI/vB,EACA7uC,EAAOuJ,EACPu5D,EACAyH,EACAjB,EAAM71C,EACNswC,EACA9lD,EACA4lD,EAAKC,EACLuG,EACA5oD,EACAyiD,EAEA2C,EAAWC,EAASC,EAEpByD,EAAWC,EAASC,EACpBj7D,EACAge,EAEAk2B,EAEA73C,EATAk4D,EAAO,EAMP2G,EAAO,IAAIhJ,GAAW,GAK1B,MAAMiJ,EACJ,CAAE,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAGlE,IAAKjR,IAASA,EAAK9qB,QAAU8qB,EAAKpwD,SAC5BowD,EAAK35D,OAA2B,IAAlB25D,EAAKgD,SACvB,OAAO3K,GAGTnjB,EAAQ8qB,EAAK9qB,MACTA,EAAMrhB,OAASm2C,KAAQ90B,EAAMrhB,KAAOm6C,IAIxC4C,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACbspE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGb4lD,EAAMyF,EACNxF,EAAOrwC,EACPhG,EAAMokC,GAENgZ,EACA,OACE,OAAQh8B,EAAMrhB,MACZ,KAAKy5C,GACH,GAAmB,IAAfp4B,EAAMub,KAAY,CACpBvb,EAAMrhB,KAAOm6C,GACb,MAGF,KAAO1pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAkB,EAAb4wB,EAAMub,MAAsB,QAAT2Z,EAAiB,CACvCl1B,EAAMm6B,MAAQ,EAEd2B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,GAI1C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO05C,GACb,MAMF,GAJAr4B,EAAMk6B,MAAQ,EACVl6B,EAAMyvB,OACRzvB,EAAMyvB,KAAKt9D,MAAO,KAED,EAAb6tC,EAAMub,UACA,IAAP2Z,IAA2B,IAAMA,GAAQ,IAAM,GAAI,CACtDpK,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,IAAY,GAAPK,KAA4BpR,GAAY,CAC3CgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAOF,GAJAK,KAAU,EACV9lD,GAAQ,EAERxO,EAAiC,GAAnB,GAAPs0D,GACa,IAAhBl1B,EAAMq6B,MACRr6B,EAAMq6B,MAAQz5D,OAEX,GAAIA,EAAMo/B,EAAMq6B,MAAO,CAC1BvP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMs1B,KAAO,GAAK10D,EAElBkqD,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAc,IAAPu2C,EAAe0D,GAAS9D,GAErCI,EAAO,EACP9lD,EAAO,EAEP,MACF,KAAKipD,GAEH,KAAOjpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV,GADA4wB,EAAMk6B,MAAQhF,GACK,IAAdl1B,EAAMk6B,SAAkBpW,GAAY,CACvCgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,GAAkB,MAAd70B,EAAMk6B,MAAgB,CACxBpP,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAEE70B,EAAMyvB,OACRzvB,EAAMyvB,KAAK3oD,KAASouD,GAAQ,EAAK,GAEjB,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO25C,GAEf,KAAKA,GAEH,KAAOlpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK9jD,KAAOupD,GAEF,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzB4G,EAAK,GAAM5G,IAAS,GAAM,IAC1B4G,EAAK,GAAM5G,IAAS,GAAM,IAC1Bl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO45C,GAEf,KAAKA,GAEH,KAAOnpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAKwM,OAAiB,IAAP/G,EACrBl1B,EAAMyvB,KAAK4C,GAAM6C,GAAQ,GAET,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO65C,GAEf,KAAKA,GACH,GAAkB,KAAdx4B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAM/tC,OAASijE,EACXl1B,EAAMyvB,OACRzvB,EAAMyvB,KAAKyM,UAAYhH,GAEP,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,OAGA4wB,EAAMyvB,OACbzvB,EAAMyvB,KAAKhH,MAAQ,MAErBzoB,EAAMrhB,KAAO85C,GAEf,KAAKA,GACH,GAAkB,KAAdz4B,EAAMk6B,QACRsB,EAAOx7B,EAAM/tC,OACTupE,EAAOf,IAAQe,EAAOf,GACtBe,IACEx7B,EAAMyvB,OACR7uD,EAAMo/B,EAAMyvB,KAAKyM,UAAYl8B,EAAM/tC,OAC9B+tC,EAAMyvB,KAAKhH,QAEdzoB,EAAMyvB,KAAKhH,MAAY/3D,MAAMsvC,EAAMyvB,KAAKyM,YAE1C9R,GACEpqB,EAAMyvB,KAAKhH,MACXt3D,EACA8iE,EAGAuH,EAEA56D,IAMc,IAAdo/B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACRx7B,EAAM/tC,QAAUupE,GAEdx7B,EAAM/tC,QAAU,MAAM+pE,EAE5Bh8B,EAAM/tC,OAAS,EACf+tC,EAAMrhB,KAAO+V,GAEf,KAAKA,GACH,GAAkB,KAAdsL,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GAEE56D,EAAMzP,EAAM8iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAM/tC,OAAS,QAClB+tC,EAAMyvB,KAAK1zD,MAAQoP,OAAOsC,aAAa7M,UAElCA,GAAO46D,EAAOf,GAOvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK1zD,KAAO,MAEpBikC,EAAM/tC,OAAS,EACf+tC,EAAMrhB,KAAO+5C,GAEf,KAAKA,GACH,GAAkB,KAAd14B,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GACE56D,EAAMzP,EAAM8iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAM/tC,OAAS,QAClB+tC,EAAMyvB,KAAK2C,SAAWjnD,OAAOsC,aAAa7M,UAErCA,GAAO46D,EAAOf,GAMvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK2C,QAAU,MAEvBpyB,EAAMrhB,KAAOg6C,GAEf,KAAKA,GACH,GAAkB,IAAd34B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,MAAdl1B,EAAMm6B,OAAiB,CACnCrP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAGL4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK0C,KAASnyB,EAAMk6B,OAAS,EAAK,EACxCl6B,EAAMyvB,KAAKt9D,MAAO,GAEpB24D,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GACb,MACF,KAAK8D,GAEH,KAAOxpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV07C,EAAKc,MAAQ5rB,EAAMm6B,MAAQJ,GAAQ7E,GAEnCA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOk6C,GAEf,KAAKA,GACH,GAAuB,IAAnB74B,EAAMi6B,SASR,OAPAnP,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEN8zC,GAET4H,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GAEf,KAAKA,GACH,GAAI/E,IAAUjN,IAAWiN,IAAUhN,GAAW,MAAMiZ,EAEtD,KAAKlD,GACH,GAAI94B,EAAM/wB,KAAM,CAEdimD,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAER4wB,EAAMrhB,KAAOi7C,GACb,MAGF,KAAOxqD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EASV,OANA4wB,EAAM/wB,KAAe,EAAPimD,EAEdA,KAAU,EACV9lD,GAAQ,EAGQ,EAAP8lD,GACP,KAAK,EAGHl1B,EAAMrhB,KAAOo6C,GACb,MACF,KAAK,EAKH,GAJAuC,GAAYt7B,GAGZA,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAS,CAErBmS,KAAU,EACV9lD,GAAQ,EAER,MAAM4sD,EAER,MACF,KAAK,EAGHh8B,EAAMrhB,KAAOu6C,GACb,MACF,KAAK,EACHpO,EAAK50B,IAAM,qBACX8J,EAAMrhB,KAAOk2C,GAGjBK,KAAU,EACV9lD,GAAQ,EAER,MACF,KAAK2pD,GAMH,IAJA7D,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAGDA,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,IAAY,MAAP8lD,KAAqBA,IAAS,GAAM,OAAS,CAChDpK,EAAK50B,IAAM,+BACX8J,EAAMrhB,KAAOk2C,GACb,MAUF,GARA70B,EAAM/tC,OAAgB,MAAPijE,EAIfA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOq6C,GACTjJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAKhD,GACHh5B,EAAMrhB,KAAOs6C,GAEf,KAAKA,GAEH,GADAuC,EAAOx7B,EAAM/tC,OACTupE,EAAM,CAGR,GAFIA,EAAOf,IAAQe,EAAOf,GACtBe,EAAO52C,IAAQ42C,EAAO52C,GACb,IAAT42C,EAAc,MAAMQ,EAExB5R,GAAe1vD,EAAQvJ,EAAO8iE,EAAMuH,EAAME,GAE1CjB,GAAQe,EACRvH,GAAQuH,EACR52C,GAAQ42C,EACRE,GAAOF,EACPx7B,EAAM/tC,QAAUupE,EAChB,MAGFx7B,EAAMrhB,KAAOm2C,GACb,MACF,KAAKoE,GAEH,KAAO9pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAmBV,GAhBA4wB,EAAMu6B,KAAkC,KAAnB,GAAPrF,GAEdA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMw6B,MAAmC,GAAnB,GAAPtF,GAEfA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMs6B,MAAmC,GAAnB,GAAPpF,GAEfA,KAAU,EACV9lD,GAAQ,EAGJ4wB,EAAMu6B,KAAO,KAAOv6B,EAAMw6B,MAAQ,GAAI,CACxC1P,EAAK50B,IAAM,sCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOw6C,GAEf,KAAKA,GACH,KAAOn5B,EAAMy6B,KAAOz6B,EAAMs6B,OAAO,CAE/B,KAAOlrD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAmB,EAAPvF,EAEnCA,KAAU,EACV9lD,GAAQ,EAGV,KAAO4wB,EAAMy6B,KAAO,IAClBz6B,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAW,EAapC,GAPAz6B,EAAM41B,QAAU51B,EAAM06B,OACtB16B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcP,GAAO12B,EAAMk3B,KAAM,EAAG,GAAIl3B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAC5E9U,EAAMg2B,QAAUlhB,EAAK1lC,KAEjBwP,EAAK,CACPksC,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAGF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOy6C,GAEf,KAAKA,GACH,KAAOp5B,EAAMy6B,KAAOz6B,EAAMu6B,KAAOv6B,EAAMw6B,OAAO,CAC5C,KACErF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8oD,EAAW,GAEbhD,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAMk3B,KAAKl3B,EAAMy6B,QAAUvC,MAExB,CACH,GAAiB,KAAbA,EAAiB,CAGnB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAOV,GAHA8lD,KAAU8C,EACV5oD,GAAQ4oD,EAEW,IAAfh4B,EAAMy6B,KAAY,CACpB3P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEFj0D,EAAMo/B,EAAMk3B,KAAKl3B,EAAMy6B,KAAO,GAC9Be,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,OAGL,GAAiB,KAAb8oD,EAAiB,CAGxB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,MAGL,CAGH,IADAnS,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,IAAa,IAAPtG,GAEbA,KAAU,EACV9lD,GAAQ,EAGV,GAAI4wB,EAAMy6B,KAAOe,EAAOx7B,EAAMu6B,KAAOv6B,EAAMw6B,MAAO,CAChD1P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,KAAO2G,KACLx7B,EAAMk3B,KAAKl3B,EAAMy6B,QAAU75D,GAMjC,GAAIo/B,EAAMrhB,OAASk2C,GAAO,MAG1B,GAAwB,IAApB70B,EAAMk3B,KAAK,KAAY,CACzBpM,EAAK50B,IAAM,uCACX8J,EAAMrhB,KAAOk2C,GACb,MAeF,GATA70B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcN,GAAM32B,EAAMk3B,KAAM,EAAGl3B,EAAMu6B,KAAMv6B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAGnF9U,EAAMg2B,QAAUlhB,EAAK1lC,KAGjBwP,EAAK,CACPksC,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAcF,GAXA70B,EAAMk2B,SAAW,EAGjBl2B,EAAM81B,SAAW91B,EAAM26B,QACvB7lB,EAAO,CAAE1lC,KAAM4wB,EAAMk2B,UACrBt3C,EAAMq4C,GAAcL,GAAO52B,EAAMk3B,KAAMl3B,EAAMu6B,KAAMv6B,EAAMw6B,MAAOx6B,EAAM81B,SAAU,EAAG91B,EAAMs3B,KAAMxiB,GAG/F9U,EAAMk2B,SAAWphB,EAAK1lC,KAGlBwP,EAAK,CACPksC,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAIF,GADA70B,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAK3C,GACHr5B,EAAMrhB,KAAO26C,GAEf,KAAKA,GACH,GAAImB,GAAQ,GAAK71C,GAAQ,IAAK,CAE5BkmC,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEb2lD,GAAajK,EAAMmK,GAEnByG,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACbspE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGT4wB,EAAMrhB,OAASm2C,KACjB90B,EAAM46B,MAAQ,GAEhB,MAGF,IADA56B,EAAM46B,KAAO,EAEXzF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP6C,GAAa5oD,IANV,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI6oD,GAAgC,IAAV,IAAVA,GAAuB,CAIrC,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM41B,QAAQiG,IACX3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAQhB,GALAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACdh4B,EAAM/tC,OAASimE,EACC,IAAZD,EAAe,CAIjBj4B,EAAMrhB,KAAOg7C,GACb,MAEF,GAAc,GAAV1B,EAAc,CAEhBj4B,EAAM46B,MAAQ,EACd56B,EAAMrhB,KAAOm2C,GACb,MAEF,GAAc,GAAVmD,EAAc,CAChBnN,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMyoB,MAAkB,GAAVwP,EACdj4B,EAAMrhB,KAAO46C,GAEf,KAAKA,GACH,GAAIv5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAM/tC,QAAUijE,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtBzoB,EAAM66B,IAAM76B,EAAM/tC,OAClB+tC,EAAMrhB,KAAO66C,GAEf,KAAKA,GACH,KACErE,EAAOn1B,EAAM81B,SAASZ,GAAS,GAAKl1B,EAAMk2B,UAAY,GACtD8B,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAyB,IAAV,IAAV6oD,GAAuB,CAI1B,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM81B,SAAS+F,IACZ3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAOhB,GAJAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACA,GAAVC,EAAc,CAChBnN,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMh/B,OAASk3D,EACfl4B,EAAMyoB,MAAoB,GAAZ,EACdzoB,EAAMrhB,KAAO86C,GAEf,KAAKA,GACH,GAAIz5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMh/B,QAAUk0D,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtB,GAAIzoB,EAAMh/B,OAASg/B,EAAMs1B,KAAM,CAC7BxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMrhB,KAAO+6C,GAEf,KAAKA,GACH,GAAa,IAAT90C,EAAc,MAAMo3C,EAExB,GADAR,EAAOvG,EAAOrwC,EACVob,EAAMh/B,OAASw6D,EAAM,CAEvB,GADAA,EAAOx7B,EAAMh/B,OAASw6D,EAClBA,EAAOx7B,EAAMw1B,OACXx1B,EAAMs2B,KAAM,CACdxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAkBA2G,EAAOx7B,EAAMy1B,OACf+F,GAAQx7B,EAAMy1B,MACd7iD,EAAOotB,EAAMu1B,MAAQiG,GAGrB5oD,EAAOotB,EAAMy1B,MAAQ+F,EAEnBA,EAAOx7B,EAAM/tC,SAAUupE,EAAOx7B,EAAM/tC,QACxCojE,EAAcr1B,EAAMqqB,YAGpBgL,EAAc36D,EACdkY,EAAO8oD,EAAM17B,EAAMh/B,OACnBw6D,EAAOx7B,EAAM/tC,OAEXupE,EAAO52C,IAAQ42C,EAAO52C,GAC1BA,GAAQ42C,EACRx7B,EAAM/tC,QAAUupE,EAChB,GACE9gE,EAAOghE,KAASrG,EAAYziD,aACnB4oD,GACU,IAAjBx7B,EAAM/tC,SAAgB+tC,EAAMrhB,KAAO26C,IACvC,MACF,KAAKK,GACH,GAAa,IAAT/0C,EAAc,MAAMo3C,EACxBthE,EAAOghE,KAAS17B,EAAM/tC,OACtB2yB,IACAob,EAAMrhB,KAAO26C,GACb,MACF,KAAKM,GACH,GAAI55B,EAAMub,KAAM,CAEd,KAAOnsC,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IAEAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAcV,GAXA6lD,GAAQrwC,EACRkmC,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXA,IACFnK,EAAKc,MAAQ5rB,EAAMm6B,MAEdn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,IAG7GA,EAAOrwC,GAEFob,EAAMk6B,MAAQhF,EAAO6E,GAAQ7E,MAAWl1B,EAAMm6B,MAAO,CACxDrP,EAAK50B,IAAM,uBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOk7C,GAEf,KAAKA,GACH,GAAI75B,EAAMub,MAAQvb,EAAMk6B,MAAO,CAE7B,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,WAAdl1B,EAAMo6B,OAAqB,CACvCtP,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOm7C,GAEf,KAAKA,GACHl7C,EAAMqkC,GACN,MAAM+Y,EACR,KAAKnH,GACHj2C,EAAMwkC,GACN,MAAM4Y,EAKR,QACE,OAAO7Y,GA4Cb,OA9BA2H,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,GAGT4wB,EAAMu1B,OAAUN,IAASnK,EAAKqC,WAAantB,EAAMrhB,KAAOk2C,KACvC70B,EAAMrhB,KAAOi7C,IAAS7J,IAAUlN,MAC/C0Y,GAAazQ,EAAMA,EAAKpwD,OAAQowD,EAAKuC,SAAU4H,EAAOnK,EAAKqC,WAKjE6H,GAAOlK,EAAKgD,SACZmH,GAAQnK,EAAKqC,UACbrC,EAAKkD,UAAYgH,EACjBlK,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXj1B,EAAMub,MAAQ0Z,IAChBnK,EAAKc,MAAQ5rB,EAAMm6B,MAChBn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,IAE/HnK,EAAKC,UAAY/qB,EAAM5wB,MAAQ4wB,EAAM/wB,KAAO,GAAK,IAC9B+wB,EAAMrhB,OAASm2C,GAAO,IAAM,IAC5B90B,EAAMrhB,OAAS06C,IAAQr5B,EAAMrhB,OAASq6C,GAAQ,IAAM,IACzD,IAARhE,GAAsB,IAATC,GAAelF,IAAUlN,KAAajkC,IAAQokC,KAC/DpkC,EAAMykC,IAEDzkC,CACT,CA8BA,SAASu9C,GAAqBrR,EAAM+I,GAClC,MAAMM,EAAaN,EAAW5hE,OAE9B,IAAI+tC,EACAo8B,EAIJ,OAAKtR,GAAyBA,EAAK9qB,OACnCA,EAAQ8qB,EAAK9qB,MAEM,IAAfA,EAAMub,MAAcvb,EAAMrhB,OAASk6C,GAC9B1V,GAILnjB,EAAMrhB,OAASk6C,KACjBuD,EAAS,EAETA,EAASzQ,GAAQyQ,EAAQvI,EAAYM,EAAY,GAC7CiI,IAAWp8B,EAAMm6B,OACZ/W,IAKLmY,GAAazQ,EAAM+I,EAAYM,EAAYA,GAKjDn0B,EAAMi6B,SAAW,EAEVjX,KAzB4DG,EA0BrE,CC59Ce,MAAMkZ,GACnB1rE,cAEEE,KAAKiW,KAAa,EAElBjW,KAAK8a,KAAa,EAElB9a,KAAKorE,OAAa,EAElBprE,KAAKwhE,GAAa,EAElBxhE,KAAK43D,MAAa,KAElB53D,KAAKqrE,UAAa,EAWlBrrE,KAAKkL,KAAa,GAIlBlL,KAAKuhE,QAAa,GAIlBvhE,KAAKshE,KAAa,EAElBthE,KAAKsB,MAAa,GCkCtB,MAAMmqE,GACJ3rE,YAAY+E,GACV7E,KAAK6E,QAAU,CACb29D,UAAW,MACXC,WAAY,KACR59D,GAAW,IAGjB,MAAM89D,EAAM3iE,KAAK6E,QAIb89D,EAAIC,KAAQD,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KACxDE,EAAIF,YAAcE,EAAIF,WACC,IAAnBE,EAAIF,aAAoBE,EAAIF,YAAc,OAI3CE,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KAC3C59D,GAAWA,EAAQ49D,aACrBE,EAAIF,YAAc,IAKfE,EAAIF,WAAa,IAAQE,EAAIF,WAAa,IAGf,IAAR,GAAjBE,EAAIF,cACPE,EAAIF,YAAc,IAItBziE,KAAKohD,IAAS,EACdphD,KAAKqlC,IAAS,GACdrlC,KAAK8iE,OAAS,EACd9iE,KAAKuxD,OAAS,GAEdvxD,KAAKi6D,KAAS,IAAIqI,GAClBtiE,KAAKi6D,KAAKqC,UAAY,EAEtB,IAAIiE,EAASmL,GACX1rE,KAAKi6D,KACL0I,EAAIF,YAGN,GAAIlC,IAAWoL,GACb,MAAUzoE,MAAMmiC,GAAIk7B,IAQtB,GALAvgE,KAAKqkB,OAAS,IAAImnD,GFszCtB,SAA0BvR,EAAM2E,GAC9B,IAAIzvB,EAGC8qB,GAASA,EAAK9qB,QACnBA,EAAQ8qB,EAAK9qB,MACY,IAAP,EAAbA,EAAMub,QAGXvb,EAAMyvB,KAAOA,EACbA,EAAKt9D,MAAO,GAEd,CEh0CIsqE,CAA8B5rE,KAAKi6D,KAAMj6D,KAAKqkB,QAG1Cs+C,EAAIK,aAEwB,iBAAnBL,EAAIK,WACbL,EAAIK,WAAaE,GAAmBP,EAAIK,YAC/BL,EAAIK,sBAAsB79C,cACnCw9C,EAAIK,WAAa,IAAIngE,WAAW8/D,EAAIK,aAElCL,EAAIC,MACNrC,EAASsL,GAAkC7rE,KAAKi6D,KAAM0I,EAAIK,YACtDzC,IAAWoL,KACb,MAAUzoE,MAAMmiC,GAAIk7B,IAiC5B1+D,KAAKiI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMp1D,SAAS29D,UAAEA,EAASQ,WAAEA,IAAiBhjE,KACrD,IAAIugE,EAAQkD,EAKRqI,GAAgB,EAEpB,GAAI9rE,KAAK8iE,MAAS,OAAO,EACzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBi+C,GAAaC,GAG/C,iBAATliE,EAETmwD,EAAK35D,MPpFJ,SAAwBgc,GAC3B,MAAM4E,EAAM,IAAI+gD,GAAW3lD,EAAIlb,QAC/B,IAAK,IAAI6B,EAAI,EAAG8M,EAAMmR,EAAI9f,OAAQ6B,EAAI8M,EAAK9M,IACvCie,EAAIje,GAAKqZ,EAAIE,WAAWvZ,GAE5B,OAAOie,CACX,CO8EmB+qD,CAAsBniE,GAC1BA,aAAgBqb,YACzB80C,EAAK35D,MAAQ,IAAIuC,WAAWiH,GAE5BmwD,EAAK35D,MAAQwJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK35D,MAAMc,OAE3B,EAAG,CAkBD,GAjBuB,IAAnB64D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,GAGnBjC,EAAS2L,GAAqBjS,EAAM+R,IAEhCzL,IAAW4L,IAAiBnJ,IAC9BzC,EAASsL,GAAkC7rE,KAAKi6D,KAAM+I,IAGpDzC,IAAW6L,KAAmC,IAAlBN,IAC9BvL,EAASoL,GACTG,GAAgB,GAGdvL,IAAW8L,IAAkB9L,IAAWoL,GAG1C,OAFA3rE,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,GACN,EAGL7I,EAAKuC,WACgB,IAAnBvC,EAAKqC,WAAmBiE,IAAW8L,KAAqC,IAAlBpS,EAAKgD,UAAmBwG,IAAUsI,IAActI,IAAU6I,KAClHtsE,KAAK4jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,YAW5B,IAAlBvC,EAAKgD,UAAqC,IAAnBhD,EAAKqC,YAC9BwP,GAAgB,UAGV7R,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAW8L,IAOnE,OALI9L,IAAW8L,KACb5I,EAAQsI,IAINtI,IAAUsI,IACZxL,EF8qCN,SAAoBtG,GAElB,IAAKA,IAASA,EAAK9qB,MACjB,OAAOmjB,GAGT,MAAMnjB,EAAQ8qB,EAAK9qB,MAKnB,OAJIA,EAAMqqB,SACRrqB,EAAMqqB,OAAS,MAEjBS,EAAK9qB,MAAQ,KACNgjB,EACT,CE1rCeoa,CAAwBvsE,KAAKi6D,MACtCj6D,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,EACNvC,IAAWoL,IAIhBlI,IAAU6I,KACZtsE,KAAK2jE,MAAMgI,IACX1R,EAAKqC,UAAY,GACV,GAeXsH,OAAO7hE,GACL/B,KAAKuxD,OAAO1vD,KAAKE,GAenB4hE,MAAMpD,GAEAA,IAAWoL,KACb3rE,KAAKyB,OAASsiE,GAAoB/jE,KAAKuxD,SAEzCvxD,KAAKuxD,OAAS,GACdvxD,KAAKohD,IAAMmf,EACXvgE,KAAKqlC,IAAMrlC,KAAKi6D,KAAK50B,KCxRzB,IAAImnC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS1rE,GACvBf,KAAKe,OAASA,EACdf,KAAK0sE,UAAY,EACjB1sE,KAAK2sE,QAAU,EACf3sE,KAAK4sE,SAAU,CACjB,EAEAH,GAAUzrE,UAAU6rE,YAAc,WAC3B7sE,KAAK4sE,UACR5sE,KAAK2sE,QAAU3sE,KAAKe,OAAO4F,WAC3B3G,KAAK4sE,SAAU,EAEnB,EAGAH,GAAUzrE,UAAUE,KAAO,SAASqd,GAElC,IADA,IAAI9c,EAAS,EACN8c,EAAO,GAAG,CACfve,KAAK6sE,cACL,IAAIC,EAAY,EAAI9sE,KAAK0sE,UAEzB,GAAInuD,GAAQuuD,EACVrrE,IAAWqrE,EACXrrE,GAAU+qE,GAAQM,GAAa9sE,KAAK2sE,QACpC3sE,KAAK4sE,SAAU,EACf5sE,KAAK0sE,UAAY,EACjBnuD,GAAQuuD,MACH,CACLrrE,IAAW8c,EACX,IAAIrY,EAAQ4mE,EAAYvuD,EACxB9c,IAAWzB,KAAK2sE,QAAWH,GAAQjuD,IAASrY,IAAWA,EACvDlG,KAAK0sE,WAAanuD,EAClBA,EAAO,GAGX,OAAO9c,CACT,EAGAgrE,GAAUzrE,UAAU+rE,KAAO,SAAS5pE,GAClC,IAAI6pE,EAAQ7pE,EAAM,EACd8pE,GAAU9pE,EAAM6pE,GAAS,EAC7BhtE,KAAK0sE,UAAYM,EACjBhtE,KAAKe,OAAOgsE,KAAKE,GACjBjtE,KAAK4sE,SAAU,CACjB,EAGAH,GAAUzrE,UAAUksE,GAAK,WACvB,IAA6BjqE,EAAzBie,EAAM,IAAIre,WAAW,GACzB,IAAKI,EAAI,EAAGA,EAAIie,EAAI9f,OAAQ6B,IAC1Bie,EAAIje,GAAKjD,KAAKkB,KAAK,GAErB,OAGF,SAAkBggB,GAChB,OAAOrhB,MAAMmB,UAAUkH,IAAIpH,KAAKogB,GAAKpU,IAAM,KAAOA,EAAEP,SAAS,KAAK7K,OAAO,KAAIF,KAAK,GACpF,CALS2rE,CAASjsD,EAClB,EAMA,OAAiBurD,GC3FbW,GAAS,WACb,EAIAA,GAAOpsE,UAAU2F,SAAW,WAC1B,MAAUzD,MAAM,6CAClB,EAGAkqE,GAAOpsE,UAAUE,KAAO,SAAS+C,EAAQopE,EAAWjsE,GAElD,IADA,IAAIqK,EAAY,EACTA,EAAYrK,GAAQ,CACzB,IAAIgb,EAAIpc,KAAK2G,WACb,GAAIyV,EAAI,EACN,OAAoB,IAAZ3Q,GAAkB,EAAIA,EAEhCxH,EAAOopE,KAAejxD,EACtB3Q,IAEF,OAAOA,CACT,EACA2hE,GAAOpsE,UAAU+rE,KAAO,SAASO,GAC/B,MAAUpqE,MAAM,yCAClB,EAGAkqE,GAAOpsE,UAAUusE,UAAY,SAASC,GACpC,MAAUtqE,MAAM,6CAClB,EACAkqE,GAAOpsE,UAAUc,MAAQ,SAASmC,EAAQopE,EAAWjsE,GACnD,IAAI6B,EACJ,IAAKA,EAAE,EAAGA,EAAE7B,EAAQ6B,IAClBjD,KAAKutE,UAAUtpE,EAAOopE,MAExB,OAAOjsE,CACT,EACAgsE,GAAOpsE,UAAUk+D,MAAQ,WACzB,EAEA,ICNMuO,MDMWL,OCNXK,GAAc,IAAIzoD,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKV5kB,KAAK0tE,OAAS,WACZ,OAAS9oD,IAAS,GAOpB5kB,KAAK2tE,UAAY,SAAStsE,GACxBujB,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMvjB,KAQjDrB,KAAK4tE,aAAe,SAASvsE,EAAOoiC,GAClC,KAAOA,KAAU,GACf7e,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMvjB,OCnDnDwsE,GAAM,SAASvvD,EAAOmB,GACxB,IAAwBxc,EAApBuzB,EAAMlY,EAAMmB,GAChB,IAAKxc,EAAIwc,EAAOxc,EAAI,EAAGA,IACrBqb,EAAMrb,GAAKqb,EAAMrb,EAAE,GAGrB,OADAqb,EAAM,GAAKkY,EACJA,CACT,EAEIs3C,GAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,GACpBA,GAAcV,GAAIE,YAAyB,oBAC3CQ,GAAcV,GAAIG,eAAyB,gBAC3CO,GAAcV,GAAII,sBAAyB,uBAC3CM,GAAcV,GAAIK,uBAAyB,wBAC3CK,GAAcV,GAAIM,YAAyB,aAC3CI,GAAcV,GAAIO,eAAyB,gBAC3CG,GAAcV,GAAIQ,gBAAkB,kDAEpC,IAAIG,GAAS,SAASlO,EAAQmO,GAC5B,IAAIrpC,EAAMmpC,GAAcjO,IAAW,gBAC/BmO,IAAarpC,GAAO,KAAKqpC,GAC7B,IAAIrqE,EAAI,IAAIwtB,UAAUwT,GAEtB,MADAhhC,EAAE+3D,UAAYmE,EACRl8D,CACR,EAEIsqE,GAAS,SAASC,EAAaC,GACjC7uE,KAAK8uE,SAAW9uE,KAAK+uE,aAAe/uE,KAAKgvE,WAAa,EAEtDhvE,KAAKivE,cAAcL,EAAaC,EAClC,EACAF,GAAO3tE,UAAUkuE,YAAc,WAE7B,OADiBlvE,KAAKmvE,mBAKtBnvE,KAAKovE,SAAW,IAAIC,IACb,IAJLrvE,KAAKgvE,YAAc,GACZ,EAIX,EAEAL,GAAO3tE,UAAUiuE,cAAgB,SAASL,EAAaC,GAErD,IAAI3tD,EAAM,IAAIre,WAAW,GACW,IAAhC+rE,EAAY1tE,KAAKggB,EAAK,EAAG,IACuB,QAAhD5G,OAAOsC,aAAasE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CutD,GAAOX,GAAIG,cAAe,aAE5B,IAAIjU,EAAQ94C,EAAI,GAAK,IACjB84C,EAAQ,GAAKA,EAAQ,IACvByU,GAAOX,GAAIG,cAAe,sBAE5BjuE,KAAKuF,OAAS,IAAIknE,GAAUmC,GAI5B5uE,KAAKsvE,SAAW,IAAStV,EACzBh6D,KAAKuvE,WAAa,EAClBvvE,KAAK6uE,aAAeA,EACpB7uE,KAAKwvE,UAAY,CACnB,EACAb,GAAO3tE,UAAUmuE,gBAAkB,WACjC,IAAIlsE,EAAG0Z,EAAGV,EACN1W,EAASvF,KAAKuF,OAId4W,EAAI5W,EAAO2nE,KACf,GAjFW,iBAiFP/wD,EACF,OAAO,EAnFG,iBAqFRA,GACFsyD,GAAOX,GAAIG,eACbjuE,KAAKyvE,eAAiBlqE,EAAOrE,KAAK,MAAQ,EAC1ClB,KAAKwvE,WAAaxvE,KAAKyvE,gBACHzvE,KAAKwvE,WAAa,EAAMxvE,KAAKwvE,YAAY,OAAU,EAInEjqE,EAAOrE,KAAK,IACdutE,GAAOX,GAAIQ,gBACb,IAAIoB,EAAcnqE,EAAOrE,KAAK,IAC1BwuE,EAAc1vE,KAAKsvE,UACrBb,GAAOX,GAAIM,WAAY,kCAMzB,IAAInwD,EAAI1Y,EAAOrE,KAAK,IAChByuE,EAAY,IAAI9sE,WAAW,KAAM+sE,EAAW,EAChD,IAAK3sE,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIgb,EAAK,GAAM,GAAMhb,EAAK,CACxB,IAAI20C,EAAQ,GAAJ30C,EAER,IADAgZ,EAAI1W,EAAOrE,KAAK,IACXyb,EAAI,EAAGA,EAAI,GAAIA,IACdV,EAAK,GAAM,GAAMU,IACnBgzD,EAAUC,KAAch4B,EAAIj7B,GAKpC,IAAIkzD,EAAatqE,EAAOrE,KAAK,IACzB2uE,EAzHW,GAyHgBA,EAxHhB,IAyHbpB,GAAOX,GAAIM,YAKb,IAAI0B,EAAavqE,EAAOrE,KAAK,IACV,IAAf4uE,GACFrB,GAAOX,GAAIM,YAEb,IAAI2B,EAAY,IAAIltE,WAAW,KAC/B,IAAKI,EAAI,EAAGA,EAAI4sE,EAAY5sE,IAC1B8sE,EAAU9sE,GAAKA,EAEjB,IAAI+sE,EAAY,IAAIntE,WAAWitE,GAE/B,IAAK7sE,EAAI,EAAGA,EAAI6sE,EAAY7sE,IAAK,CAE/B,IAAK0Z,EAAI,EAAGpX,EAAOrE,KAAK,GAAIyb,IACtBA,GAAKkzD,GAAYpB,GAAOX,GAAIM,YAElC4B,EAAU/sE,GAAK4qE,GAAIkC,EAAWpzD,GAKhC,IACiBszD,EADbC,EAAWN,EAAW,EACtBO,EAAS,GACb,IAAKxzD,EAAI,EAAGA,EAAIkzD,EAAYlzD,IAAK,CAC/B,IAqBIyzD,EAASC,EArBTjvE,EAAS,IAAIyB,WAAWqtE,GAAWt8C,EAAO,IAAIk9B,YAAYwf,IAK9D,IADAryD,EAAI1Y,EAAOrE,KAAK,GACX+B,EAAI,EAAGA,EAAIitE,EAAUjtE,IAAK,CAC7B,MACMgb,EAAI,GAAKA,EAjKE,KAiKoBwwD,GAAOX,GAAIM,YAG1C7oE,EAAOrE,KAAK,IAEZqE,EAAOrE,KAAK,GAGd+c,IAFAA,IAIJ7c,EAAO6B,GAAKgb,EAMd,IADAmyD,EAASC,EAASjvE,EAAO,GACpB6B,EAAI,EAAGA,EAAIitE,EAAUjtE,IACpB7B,EAAO6B,GAAKotE,EACdA,EAASjvE,EAAO6B,GACT7B,EAAO6B,GAAKmtE,IACnBA,EAAShvE,EAAO6B,IAapBgtE,EAAW,GACXE,EAAOtuE,KAAKouE,GACZA,EAASM,QAAU,IAAIzf,YAnMT,KAoMdmf,EAASrS,MAAQ,IAAI54C,YAAYsrD,IACjCL,EAAS7X,KAAO,IAAIpzC,YAAYsrD,IAChCL,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIG,EAAK,EACT,IAAKvtE,EAAImtE,EAAQntE,GAAKotE,EAAQptE,IAE5B,IADA2wB,EAAK3wB,GAAKgtE,EAASrS,MAAM36D,GAAK,EACzBgb,EAAI,EAAGA,EAAIiyD,EAAUjyD,IACpB7c,EAAO6c,KAAOhb,IAChBgtE,EAASM,QAAQC,KAAQvyD,GAG/B,IAAKhb,EAAI,EAAGA,EAAIitE,EAAUjtE,IACxB2wB,EAAKxyB,EAAO6B,MAMd,IADAutE,EAAKvyD,EAAI,EACJhb,EAAImtE,EAAQntE,EAAIotE,EAAQptE,IAC3ButE,GAAM58C,EAAK3wB,GAOXgtE,EAASrS,MAAM36D,GAAKutE,EAAK,EACzBA,IAAO,EACPvyD,GAAK2V,EAAK3wB,GACVgtE,EAAS7X,KAAKn1D,EAAI,GAAKutE,EAAKvyD,EAE9BgyD,EAASrS,MAAMyS,EAAS,GAAK/gE,OAAOmhE,UACpCR,EAASrS,MAAMyS,GAAUG,EAAK58C,EAAKy8C,GAAU,EAC7CJ,EAAS7X,KAAKgY,GAAU,EAO1B,IAAIM,EAAY,IAAI1rD,YAAY,KAChC,IAAK/hB,EAAI,EAAGA,EAAI,IAAKA,IACnB8sE,EAAU9sE,GAAKA,EAEjB,IAA6C0tE,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAO/wE,KAAK+wE,KAAO,IAAI/rD,YAAYhlB,KAAKsvE,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWc,GACPF,GAAYhB,GAAcrB,GAAOX,GAAIM,YACzC6B,EAAWE,EAAOH,EAAUc,OAG9B7tE,EAAIgtE,EAASG,OACbzzD,EAAIpX,EAAOrE,KAAK+B,GAEVA,EAAIgtE,EAASI,QAAU5B,GAAOX,GAAIM,cAClCzxD,GAAKszD,EAASrS,MAAM36D,IAFnBA,IAIL0Z,EAAKA,GAAK,EAAKpX,EAAOrE,KAAK,KAG7Byb,GAAKszD,EAAS7X,KAAKn1D,IACX,GAAK0Z,GAvQC,MAuQmB8xD,GAAOX,GAAIM,YAC5C,IAAI6C,EAAUhB,EAASM,QAAQ5zD,GAK/B,GA5Qc,IA4QVs0D,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY5yD,EAAIje,KAAKsvE,UAAYb,GAAOX,GAAIM,YAEhDsC,EADAC,EAAKhB,EAAUI,EAAU,MACR9xD,EACVA,KACL8yD,EAAKF,KAAeF,EAGxB,GAAIM,EAAUrB,EACZ,MAQEiB,GAAa7wE,KAAKsvE,UAAYb,GAAOX,GAAIM,YAK7CsC,EAFAC,EAAKhB,EADLgB,EAAK9C,GAAIkC,EADT9sE,EAAIguE,EAAU,OAKdF,EAAKF,KAAeF,OA9CbC,IACHA,EAAS,EACT3yD,EAAI,GAUJA,GA1RU,IAyRRgzD,EACGL,EAEA,EAAIA,EACXA,IAAW,EA0Cf,KAHIlB,EAAc,GAAKA,GAAemB,IAAapC,GAAOX,GAAIM,YAE9DzxD,EAAI,EACC1Z,EAAI,EAAGA,EAAI,IAAKA,IACnBgZ,EAAIU,EAAI+zD,EAAUztE,GAClBytE,EAAUztE,GAAK0Z,EACfA,EAAIV,EAGN,IAAKhZ,EAAI,EAAGA,EAAI4tE,EAAW5tE,IAEzB8tE,EAAKL,EADLC,EAAe,IAAVI,EAAK9tE,MACcA,GAAK,EAC7BytE,EAAUC,KAKZ,IAAIxtE,EAAM,EAAG+tE,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjB/tE,EAAM4tE,EAAKrB,IAEXvsE,IAAQ,EACRguE,GAAO,GAETnxE,KAAK8uE,SAAW3rE,EAChBnD,KAAK+uE,aAAemC,EACpBlxE,KAAKgvE,WAAa6B,EAClB7wE,KAAKoxE,SAAWD,GAET,CACT,EAOAxC,GAAO3tE,UAAUqwE,aAAe,SAASC,EAAcvhE,GACnD,IAAIwhE,EAAQC,EAAUC,EAKxB,GAAIzxE,KAAKgvE,WAAa,EAAK,OAAO,EAGlC,IAAI+B,EAAO/wE,KAAK+wE,KAAM5tE,EAAMnD,KAAK8uE,SAAUoC,EAAUlxE,KAAK+uE,aACtD8B,EAAY7wE,KAAKgvE,WAAyBhvE,KAAK0xE,WAGnD,IAFA,IAAIP,EAAMnxE,KAAKoxE,SAERP,GAAW,CAehB,IAdAA,IACAW,EAAWN,EAEXA,EAAgB,KADhB/tE,EAAM4tE,EAAK5tE,IAEXA,IAAQ,EACM,GAAVguE,KACFI,EAASL,EACTO,EAAUD,EACVN,GAAW,IAEXK,EAAS,EACTE,EAAUP,GAEZlxE,KAAKovE,SAASxB,aAAa6D,EAASF,GAC7BA,KACLvxE,KAAK6uE,aAAatB,UAAUkE,GAC5BzxE,KAAKuvE,aAEH2B,GAAWM,IACbL,EAAM,GASV,OAPAnxE,KAAKgvE,WAAa6B,EAEd7wE,KAAKovE,SAAS1B,WAAa1tE,KAAKyvE,gBAClChB,GAAOX,GAAIM,WAAY,sBACRpuE,KAAKovE,SAAS1B,SAASnhE,SAAS,IACxC,aAAavM,KAAKyvE,eAAeljE,SAAS,IAAI,KAEhDvM,KAAKuvE,UACd,EAEA,IAAIoC,GAAoB,SAASrxE,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIsuE,EAAc,IAAIxB,GAKtB,OAJAwB,EAAYzrE,IAAM,EAClByrE,EAAYjoE,SAAW,WAAa,OAAOrG,EAAMN,KAAKmD,QACtDyrE,EAAY7B,KAAO,SAAS5pE,GAAOnD,KAAKmD,IAAMA,GAC9CyrE,EAAYgD,IAAM,WAAa,OAAO5xE,KAAKmD,KAAO7C,EAAMc,QACjDwtE,CACT,EACIiD,GAAqB,SAAShoE,GAChC,IAAIglE,EAAe,IAAIzB,GACnB0E,GAAW,EACf,GAAIjoE,EACF,GAAqB,mBACnBglE,EAAa5qE,OAAS,IAAIpB,WAAWgH,GACrCioE,GAAW,MACN,IAAI,cAAejoE,EACxB,OAAOA,EAEPglE,EAAa5qE,OAAS4F,EACtBioE,GAAW,OAGbjD,EAAa5qE,OAAS,IAAIpB,WAAW,OAuBvC,OArBAgsE,EAAa1rE,IAAM,EACnB0rE,EAAatB,UAAY,SAASC,GAChC,GAAIsE,GAAY9xE,KAAKmD,KAAOnD,KAAKiE,OAAO7C,OAAQ,CAC9C,IAAI2wE,EAAY,IAAIlvE,WAA8B,EAAnB7C,KAAKiE,OAAO7C,QAC3C2wE,EAAUzuE,IAAItD,KAAKiE,QACnBjE,KAAKiE,OAAS8tE,EAEhB/xE,KAAKiE,OAAOjE,KAAKmD,OAASqqE,GAE5BqB,EAAamD,UAAY,WAEvB,GAAIhyE,KAAKmD,MAAQnD,KAAKiE,OAAO7C,OAAQ,CACnC,IAAK0wE,EACH,MAAM,IAAIjgD,UAAU,2CACtB,IAAIkgD,EAAY,IAAIlvE,WAAW7C,KAAKmD,KACpC4uE,EAAUzuE,IAAItD,KAAKiE,OAAOgI,SAAS,EAAGjM,KAAKmD,MAC3CnD,KAAKiE,OAAS8tE,EAEhB,OAAO/xE,KAAKiE,QAEd4qE,EAAaoD,UAAW,EACjBpD,CACT,EAqGA,OAhGe,SAASvuE,EAAOuJ,EAAQqoE,GAMrC,IAJA,IAAItD,EAAc+C,GAAkBrxE,GAChCuuE,EAAegD,GAAmBhoE,GAElCsoE,EAAK,IAAIxD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgD,OACxC,GAAIO,EAAGjD,cACLiD,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG5sE,OAAOrE,KAAK,MAAQ,EAM7C,GALIkxE,IAAoBD,EAAG3C,WACzBf,GAAOX,GAAIM,WAAY,uBACR+D,EAAG3C,UAAUjjE,SAAS,IAC9B,aAAa6lE,EAAgB7lE,SAAS,IAAI,MAE/C2lE,KACA,QAAStD,IACRA,EAAYgD,MAGV,MADLO,EAAGlD,cAAcL,EAAaC,GAIpC,GAAI,cAAeA,EACjB,OAAOA,EAAamD,WACxB,EC/eA,MAAMK,GACOhyD,iBACT,OAAOU,EAAMlM,OAAOU,YAMtBzV,YAAYwyE,EAAO,IAAI13D,MACrB5a,KAAKsiD,OAASvhC,EAAMhL,QAAQG,KAC5BlW,KAAKsyE,KAAOl4D,EAAKc,cAAco3D,GAC/BtyE,KAAKiW,KAAO,KACZjW,KAAK8J,KAAO,KACZ9J,KAAKuyE,SAAW,GASlBC,QAAQv8D,EAAMqsC,EAASvhC,EAAMhL,QAAQG,MACnClW,KAAKsiD,OAASA,EACdtiD,KAAKiW,KAAOA,EACZjW,KAAK8J,KAAO,KASd2oE,QAAQ9wE,GAAQ,GAId,OAHkB,OAAd3B,KAAKiW,MAAiBmE,EAAK5X,SAASxC,KAAKiW,SAC3CjW,KAAKiW,KAAOmE,EAAK+C,WAAW/C,EAAKwF,UAAU5f,KAAK0yE,SAAS/wE,MAEpD3B,KAAKiW,KAQd08D,SAASzrE,EAAOo7C,GACdtiD,KAAKsiD,OAASA,EACdtiD,KAAK8J,KAAO5C,EACZlH,KAAKiW,KAAO,KASdy8D,SAAS/wE,GAAQ,GAKf,OAJkB,OAAd3B,KAAK8J,OAEP9J,KAAK8J,KAAOsQ,EAAKmF,gBAAgBnF,EAAK0C,WAAW9c,KAAKiW,QAEpDtU,EACKilB,EAAoB5mB,KAAK8J,MAE3B9J,KAAK8J,KAQd8oE,YAAYL,GACVvyE,KAAKuyE,SAAWA,EAQlBM,cACE,OAAO7yE,KAAKuyE,SAUdpxE,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UAExB,MAAMmhD,QAAe/8C,EAAOoB,WAEtBosE,QAAqBxtE,EAAOoB,WAClC3G,KAAKuyE,SAAWn4D,EAAK+C,iBAAiB5X,EAAOuB,UAAUisE,IAEvD/yE,KAAKsyE,KAAOl4D,EAAKO,eAAepV,EAAOuB,UAAU,IAEjD,IAAIgD,EAAOvE,EAAOmF,YACdqc,EAAqBjd,KAAOA,QAAa6c,EAAiB7c,IAC9D9J,KAAK2yE,SAAS7oE,EAAMw4C,EAAO,IAS/B0D,cACE,MAAMusB,EAAWn4D,EAAK0C,WAAW9c,KAAKuyE,UAChCS,EAAkB,IAAInwE,WAAW,CAAC0vE,EAASnxE,SAE3CkhD,EAAS,IAAIz/C,WAAW,CAAC7C,KAAKsiD,SAC9BgwB,EAAOl4D,EAAKS,UAAU7a,KAAKsyE,MAEjC,OAAOl4D,EAAKtX,iBAAiB,CAACw/C,EAAQ0wB,EAAiBT,EAAUD,IAQnExwE,QACE,MAAMuiB,EAASrkB,KAAKgmD,cACdl8C,EAAO9J,KAAK0yE,WAElB,OAAOt4D,EAAK5T,OAAO,CAAC6d,EAAQva,KCxIhC,MAAMmpE,GAAWzzE,OAAO,YAKlB0zE,GAA4B,IAAI9vD,IAAI,CACxCrC,EAAM9J,mBAAmBW,OACzBmJ,EAAM9J,mBAAmByB,kBACzBqI,EAAM9J,mBAAmBwB,oBAW3B,MAAM06D,GACO9yD,iBACT,OAAOU,EAAMlM,OAAOE,UAGtBjV,cACEE,KAAK4hD,QAAU,KAEf5hD,KAAKozE,cAAgB,KAErBpzE,KAAKqzE,cAAgB,KAErBrzE,KAAKszE,mBAAqB,KAE1BtzE,KAAKuzE,cAAgB,KACrBvzE,KAAKwzE,mBAAqB,GAC1BxzE,KAAKyzE,gBAAkB,KAEvBzzE,KAAK0zE,QAAU,KACf1zE,KAAKmX,wBAA0B,KAC/BnX,KAAK2zE,uBAAwB,EAC7B3zE,KAAK4zE,WAAa,KAClB5zE,KAAK6zE,WAAa,KAClB7zE,KAAK8zE,YAAc,KACnB9zE,KAAKsX,kBAAoB,KACzBtX,KAAKuX,UAAY,KACjBvX,KAAKwX,kBAAoB,KACzBxX,KAAK+zE,gBAAkB,KACvB/zE,KAAK0X,6BAA+B,KACpC1X,KAAKg0E,mBAAqB,KAC1Bh0E,KAAKi0E,uBAAyB,KAC9Bj0E,KAAKk0E,yBAA2B,KAChCl0E,KAAKm0E,YAAc,IAAI/sD,GACvBpnB,KAAKo0E,aAAe,GACpBp0E,KAAKq0E,UAAY,GACjBr0E,KAAK8X,wBAA0B,KAC/B9X,KAAK+X,+BAAiC,KACtC/X,KAAKgY,qBAAuB,KAC5BhY,KAAKiY,mBAAqB,KAC1BjY,KAAKs0E,gBAAkB,KACvBt0E,KAAKmY,UAAY,KACjBnY,KAAKoY,SAAW,KAChBpY,KAAKqY,cAAgB,KACrBrY,KAAKu0E,wBAA0B,KAC/Bv0E,KAAKw0E,0BAA4B,KACjCx0E,KAAKuY,SAAW,KAChBvY,KAAKy0E,kCAAoC,KACzCz0E,KAAK00E,6BAA+B,KACpC10E,KAAK20E,oBAAsB,KAC3B30E,KAAKyY,kBAAoB,KACzBzY,KAAK40E,iBAAmB,KACxB50E,KAAK0Y,kBAAoB,KACzB1Y,KAAK2Y,wBAA0B,KAE/B3Y,KAAK60E,QAAU,KACf70E,KAAKizE,IAAY,KAQnB/xE,KAAKgG,GACH,IAAIjE,EAAI,EAGR,GAFAjD,KAAK4hD,QAAU16C,EAAMjE,KAEA,IAAjBjD,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,mDAS7C,GANA5hD,KAAKozE,cAAgBlsE,EAAMjE,KAC3BjD,KAAKszE,mBAAqBpsE,EAAMjE,KAChCjD,KAAKqzE,cAAgBnsE,EAAMjE,KAG3BA,GAAKjD,KAAK80E,eAAe5tE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAAS,IACrDpB,KAAK0zE,QACR,MAAUxwE,MAAM,8CASlBlD,KAAKuzE,cAAgBrsE,EAAM+E,SAAS,EAAGhJ,GAGvCA,GAAKjD,KAAK80E,eAAe5tE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAAS,GAG1DpB,KAAKyzE,gBAAkBvsE,EAAM+E,SAAShJ,EAAGA,EAAI,GAC7CA,GAAK,EAELjD,KAAK+mD,OAAStoC,GAAO1J,UAAUggE,qBAAqB/0E,KAAKszE,mBAAoBpsE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAMvG4zE,cACE,OAAIh1E,KAAK+mD,kBAAkB9mD,QAClBg1E,GACL9zE,SAAYsd,GAAOy2D,gBAAgBl1E,KAAKszE,yBAA0BtzE,KAAK+mD,UAGpEtoC,GAAOy2D,gBAAgBl1E,KAAKszE,mBAAoBtzE,KAAK+mD,QAG9DjlD,QACE,MAAM26C,EAAM,GAKZ,OAJAA,EAAI56C,KAAK7B,KAAKuzE,eACd92B,EAAI56C,KAAK7B,KAAKm1E,2BACd14B,EAAI56C,KAAK7B,KAAKyzE,iBACdh3B,EAAI56C,KAAK7B,KAAKg1E,eACP56D,EAAK5T,OAAOi2C,GAYrBt7C,WAAWyV,EAAK9M,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,GAC9B,IAAhBvmC,EAAIgrC,QACN5hD,KAAK4hD,QAAU,EAEf5hD,KAAK4hD,QAAU,EAEjB,MAAMnF,EAAM,CAAC,IAAI55C,WAAW,CAAC7C,KAAK4hD,QAAS5hD,KAAKozE,cAAepzE,KAAKszE,mBAAoBtzE,KAAKqzE,iBAE7FrzE,KAAK0zE,QAAUt5D,EAAKc,cAAco3D,GAClCtyE,KAAK40E,iBAAmBh+D,EAAIgrC,QAC5B5hD,KAAK0Y,kBAAoB9B,EAAIw+D,sBAC7Bp1E,KAAKm0E,YAAcv9D,EAAIy+D,WAGvB54B,EAAI56C,KAAK7B,KAAKs1E,yBAKdt1E,KAAKwzE,mBAAqB,GAE1BxzE,KAAKuzE,cAAgBn5D,EAAK5T,OAAOi2C,GAEjC,MAAM84B,EAASv1E,KAAKu1E,OAAOv1E,KAAKozE,cAAetpE,EAAMqzC,GAC/CnpC,QAAahU,KAAKgU,KAAKhU,KAAKozE,cAAetpE,EAAMyrE,EAAQp4B,GAE/Dn9C,KAAKyzE,gBAAkB+B,EAAaC,EAAazhE,GAAO,EAAG,GAC3D,MAAMsF,EAASnY,SAAYsd,GAAO1J,UAAU+nC,KAC1C98C,KAAKszE,mBAAoBtzE,KAAKqzE,cAAez8D,EAAIo4C,aAAcp4C,EAAIo5C,cAAeulB,QAAc5uD,EAAiB3S,IAE/GoG,EAAK5X,SAASwR,GAChBhU,KAAK+mD,OAASztC,KAEdtZ,KAAK+mD,aAAeztC,IAMpBtZ,KAAKizE,KAAY,GAQrBqC,wBACE,MAAMtoE,EAAM+T,EAAM9J,mBACZwlC,EAAM,GACZ,IAAIv1C,EACJ,GAAqB,OAAjBlH,KAAK0zE,QACP,MAAUxwE,MAAM,mCAElBu5C,EAAI56C,KAAK6zE,GAAe1oE,EAAIkK,uBAAuB,EAAMkD,EAAKS,UAAU7a,KAAK0zE,WACxC,OAAjC1zE,KAAKmX,yBACPslC,EAAI56C,KAAK6zE,GAAe1oE,EAAImK,yBAAyB,EAAMiD,EAAKM,YAAY1a,KAAKmX,wBAAyB,KAEpF,OAApBnX,KAAK4zE,YACPn3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIoK,yBAAyB,EAAM,IAAIvU,WAAW,CAAC7C,KAAK4zE,WAAa,EAAI,MAE3E,OAApB5zE,KAAK6zE,aACP3sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAK6zE,WAAY7zE,KAAK8zE,cAC9Cr3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIqK,gBAAgB,EAAMnQ,KAErB,OAA3BlH,KAAKsX,mBACPmlC,EAAI56C,KAAK6zE,GAAe1oE,EAAIsK,mBAAmB,EAAMtX,KAAKsX,oBAErC,OAAnBtX,KAAKuX,WACPklC,EAAI56C,KAAK6zE,GAAe1oE,EAAIuK,WAAW,EAAM,IAAI1U,WAAW,CAAC7C,KAAKuX,UAAY,EAAI,MAErD,OAA3BvX,KAAKwX,mBACPilC,EAAI56C,KAAK6zE,GAAe1oE,EAAIwK,mBAAmB,EAAM4C,EAAKM,YAAY1a,KAAKwX,kBAAmB,KAEtD,OAAtCxX,KAAK0X,+BACPxQ,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK0X,+BAC7D+kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI0K,8BAA8B,EAAOxQ,KAEnC,OAA5BlH,KAAKg0E,qBACP9sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAKg0E,mBAAoBh0E,KAAKi0E,yBACtD/sE,EAAQkT,EAAK5T,OAAO,CAACU,EAAOlH,KAAKk0E,2BACjCz3B,EAAI56C,KAAK6zE,GAAe1oE,EAAI2K,eAAe,EAAOzQ,KAE/ClH,KAAKm0E,YAAYzsD,UAAsC,IAA1B1nB,KAAK40E,kBAGrCn4B,EAAI56C,KAAK6zE,GAAe1oE,EAAI4K,QAAQ,EAAM5X,KAAKm0E,YAAYryE,UAE7D9B,KAAKo0E,aAAahxE,SAAQ,EAAG8H,OAAM7J,QAAOs0E,gBAAeC,eACvD1uE,EAAQ,CAAC,IAAIrE,WAAW,CAAC8yE,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAME,EAAcz7D,EAAK0C,WAAW5R,GAEpChE,EAAMrF,KAAKuY,EAAKM,YAAYm7D,EAAYz0E,OAAQ,IAEhD8F,EAAMrF,KAAKuY,EAAKM,YAAYrZ,EAAMD,OAAQ,IAC1C8F,EAAMrF,KAAKg0E,GACX3uE,EAAMrF,KAAKR,GACX6F,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAI6K,aAAc+9D,EAAU1uE,GAAO,IAExB,OAAjClH,KAAK8X,0BACP5Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK8X,0BAC7D2kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI8K,yBAAyB,EAAO5Q,KAElB,OAAxClH,KAAK+X,iCACP7Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK+X,iCAC7D0kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI+K,gCAAgC,EAAO7Q,KAEnC,OAA9BlH,KAAKgY,uBACP9Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKgY,uBAC7DykC,EAAI56C,KAAK6zE,GAAe1oE,EAAIgL,sBAAsB,EAAO9Q,KAE3B,OAA5BlH,KAAKiY,oBACPwkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIiL,oBAAoB,EAAOmC,EAAK0C,WAAW9c,KAAKiY,sBAEjD,OAAzBjY,KAAKs0E,iBACP73B,EAAI56C,KAAK6zE,GAAe1oE,EAAIkL,eAAe,EAAO,IAAIrV,WAAW,CAAC7C,KAAKs0E,gBAAkB,EAAI,MAExE,OAAnBt0E,KAAKmY,WACPskC,EAAI56C,KAAK6zE,GAAe1oE,EAAImL,WAAW,EAAOiC,EAAK0C,WAAW9c,KAAKmY,aAE/C,OAAlBnY,KAAKoY,WACPlR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKoY,WAC7DqkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIoL,UAAU,EAAMlR,KAEnB,OAAvBlH,KAAKqY,eACPokC,EAAI56C,KAAK6zE,GAAe1oE,EAAIqL,eAAe,EAAO+B,EAAK0C,WAAW9c,KAAKqY,iBAEpC,OAAjCrY,KAAKu0E,0BACPrtE,EAAQkT,EAAKiC,mBAAmB/B,OAAOsC,aAAa5c,KAAKu0E,yBAA2Bv0E,KAAKw0E,2BACzF/3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIsL,qBAAqB,EAAMpR,KAEnC,OAAlBlH,KAAKuY,WACPrR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKuY,WAC7DkkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIuL,UAAU,EAAOrR,KAEA,OAA3ClH,KAAKy0E,oCACPvtE,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAKy0E,kCAAmCz0E,KAAK00E,gCACtExtE,EAAMrF,KAAKuY,EAAKiC,mBAAmBrc,KAAK20E,sBACxCztE,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAIwL,iBAAiB,EAAMtR,KAEtB,OAA3BlH,KAAKyY,mBACPgkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIyL,mBAAmB,EAAMzY,KAAKyY,kBAAkB3W,UAE/C,OAA3B9B,KAAK0Y,oBACPxR,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAK40E,mBAAoB50E,KAAK0Y,mBACvDxR,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAI0L,kBAAoC,IAAjB1Y,KAAK4hD,QAAe16C,KAEhC,OAAjClH,KAAK2Y,0BACPzR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK2Y,0BAC7D8jC,EAAI56C,KAAK6zE,GAAe1oE,EAAI2L,yBAAyB,EAAOzR,KAG9D,MAAMzF,EAAS2Y,EAAK5T,OAAOi2C,GACrBr7C,EAASgZ,EAAKM,YAAYjZ,EAAOL,OAAQ,GAE/C,OAAOgZ,EAAK5T,OAAO,CAACpF,EAAQK,IAO9B0zE,0BACE,MAAM14B,EAAM,GACZz8C,KAAKwzE,mBAAmBpwE,SAAQ0G,IAC9B2yC,EAAI56C,KAAK8jD,GAAkB77C,EAAK1I,SAChCq7C,EAAI56C,KAAKiI,EAAK,IAGhB,MAAMrI,EAAS2Y,EAAK5T,OAAOi2C,GACrBr7C,EAASgZ,EAAKM,YAAYjZ,EAAOL,OAAQ,GAE/C,OAAOgZ,EAAK5T,OAAO,CAACpF,EAAQK,IAI9Bq0E,cAAc5uE,EAAO+6B,GAAS,GAC5B,IAAI8zC,EAAQ,EAGZ,MAAMH,KAA6B,IAAf1uE,EAAM6uE,IACpB/7D,EAAsB,IAAf9S,EAAM6uE,GAEnB,GAAK9zC,IACHjiC,KAAKwzE,mBAAmB3xE,KAAKqF,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACpD8xE,GAA0BltE,IAAIgU,IAQrC,OAHA+7D,IAGQ/7D,GACN,KAAK+G,EAAM9J,mBAAmBC,sBAE5BlX,KAAK0zE,QAAUt5D,EAAKO,SAASzT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACzD,MACF,KAAK2f,EAAM9J,mBAAmBE,wBAAyB,CAErD,MAAM6+D,EAAU57D,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAE5DpB,KAAK2zE,sBAAoC,IAAZqC,EAC7Bh2E,KAAKmX,wBAA0B6+D,EAE/B,MAEF,KAAKj1D,EAAM9J,mBAAmBG,wBAE5BpX,KAAK4zE,WAAgC,IAAnB1sE,EAAM6uE,KACxB,MACF,KAAKh1D,EAAM9J,mBAAmBI,eAE5BrX,KAAK6zE,WAAa3sE,EAAM6uE,KACxB/1E,KAAK8zE,YAAc5sE,EAAM6uE,KACzB,MACF,KAAKh1D,EAAM9J,mBAAmBK,kBAE5BtX,KAAKsX,kBAAoBpQ,EAAM6uE,GAC/B,MACF,KAAKh1D,EAAM9J,mBAAmBM,UAE5BvX,KAAKuX,UAA+B,IAAnBrQ,EAAM6uE,KACvB,MACF,KAAKh1D,EAAM9J,mBAAmBO,kBAAmB,CAE/C,MAAMw+D,EAAU57D,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAE5DpB,KAAKwX,kBAAoBw+D,EACzBh2E,KAAK+zE,gBAA8B,IAAZiC,EAEvB,MAEF,KAAKj1D,EAAM9J,mBAAmBS,6BAE5B1X,KAAK0X,6BAA+B,IAAIxQ,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACpE,MACF,KAAK2f,EAAM9J,mBAAmBU,cAK5B3X,KAAKg0E,mBAAqB9sE,EAAM6uE,KAChC/1E,KAAKi0E,uBAAyB/sE,EAAM6uE,KACpC/1E,KAAKk0E,yBAA2BhtE,EAAM+E,SAAS8pE,EAAOA,EAAQ,IAC9D,MAEF,KAAKh1D,EAAM9J,mBAAmBW,OAE5B5X,KAAKm0E,YAAYjzE,KAAKgG,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAClD,MAEF,KAAK2f,EAAM9J,mBAAmBY,aAAc,CAE1C,MAAM89D,KAAkC,IAAfzuE,EAAM6uE,IAG/BA,GAAS,EACT,MAAM3oE,EAAIgN,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAM3pE,EAAIgO,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM7qE,EAAOkP,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAOA,EAAQ3oE,IACrD/L,EAAQ6F,EAAM+E,SAAS8pE,EAAQ3oE,EAAG2oE,EAAQ3oE,EAAIhB,GAEpDpM,KAAKo0E,aAAavyE,KAAK,CAAEqJ,OAAMyqE,gBAAet0E,QAAOu0E,aAEjDD,IACF31E,KAAKq0E,UAAUnpE,GAAQkP,EAAK+C,WAAW9b,IAEzC,MAEF,KAAK0f,EAAM9J,mBAAmBa,wBAE5B9X,KAAK8X,wBAA0B,IAAI5Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC/D,MACF,KAAK2f,EAAM9J,mBAAmBc,+BAE5B/X,KAAK+X,+BAAiC,IAAI7Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACtE,MACF,KAAK2f,EAAM9J,mBAAmBe,qBAE5BhY,KAAKgY,qBAAuB,IAAI9Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC5D,MACF,KAAK2f,EAAM9J,mBAAmBgB,mBAE5BjY,KAAKiY,mBAAqBmC,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACtE,MACF,KAAK2f,EAAM9J,mBAAmBiB,cAE5BlY,KAAKs0E,gBAAqC,IAAnBptE,EAAM6uE,KAC7B,MACF,KAAKh1D,EAAM9J,mBAAmBkB,UAE5BnY,KAAKmY,UAAYiC,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC7D,MACF,KAAK2f,EAAM9J,mBAAmBmB,SAE5BpY,KAAKoY,SAAW,IAAIlR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAChD,MACF,KAAK2f,EAAM9J,mBAAmBoB,cAE5BrY,KAAKqY,cAAgB+B,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACjE,MACF,KAAK2f,EAAM9J,mBAAmBqB,oBAE5BtY,KAAKu0E,wBAA0BrtE,EAAM6uE,KACrC/1E,KAAKw0E,0BAA4Bp6D,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC7E,MACF,KAAK2f,EAAM9J,mBAAmBsB,SAE5BvY,KAAKuY,SAAW,IAAIrR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAChD,MACF,KAAK2f,EAAM9J,mBAAmBuB,gBAAiB,CAG7CxY,KAAKy0E,kCAAoCvtE,EAAM6uE,KAC/C/1E,KAAK00E,6BAA+BxtE,EAAM6uE,KAE1C,MAAMhmE,EAAM0O,GAAOgxB,kBAAkBzvC,KAAK00E,8BAE1C10E,KAAK20E,oBAAsBv6D,EAAKqC,mBAAmBvV,EAAM+E,SAAS8pE,EAAOA,EAAQhmE,IACjF,MAEF,KAAKgR,EAAM9J,mBAAmBwB,kBAE5BzY,KAAKyY,kBAAoB,IAAI06D,GAC7BnzE,KAAKyY,kBAAkBvX,KAAKgG,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACxD,MACF,KAAK2f,EAAM9J,mBAAmByB,kBAE5B1Y,KAAK40E,iBAAmB1tE,EAAM6uE,KAC9B/1E,KAAK0Y,kBAAoBxR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,QACvB,IAA1BpB,KAAK40E,iBACP50E,KAAKm0E,YAAYjzE,KAAKlB,KAAK0Y,mBAE3B1Y,KAAKm0E,YAAYjzE,KAAKlB,KAAK0Y,kBAAkBzM,UAAU,IAEzD,MACF,KAAK8U,EAAM9J,mBAAmB0B,wBAE5B3Y,KAAK2Y,wBAA0B,IAAIzR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC/D,MACF,QAAS,CACP,MAAMggD,EAAUl+C,MAAM,oCAAoC8W,GAC1D,GAAI47D,EACF,MAAMx0B,EAENhnC,EAAK0D,WAAWsjC,KAMxB0zB,eAAe5tE,EAAO+uE,GAAU,EAAMxxD,GAEpC,MAAMyxD,EAAkB97D,EAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IAE1D,IAAIhJ,EAAI,EAGR,KAAOA,EAAI,EAAIizE,GAAiB,CAC9B,MAAMnmE,EAAM21C,GAAiBx+C,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SACrD6B,GAAK8M,EAAII,OAETnQ,KAAK81E,cAAc5uE,EAAM+E,SAAShJ,EAAGA,EAAI8M,EAAIA,KAAMkmE,EAASxxD,GAE5DxhB,GAAK8M,EAAIA,IAGX,OAAO9M,EAITkzE,OAAOn8D,EAAMlQ,GACX,MAAMmU,EAAI8C,EAAMhM,UAEhB,OAAQiF,GACN,KAAKiE,EAAEjI,OACL,OAAkB,OAAdlM,EAAKmM,KACAmE,EAAK0C,WAAWhT,EAAK2oE,SAAQ,IAE/B3oE,EAAK4oE,UAAS,GAEvB,KAAKz0D,EAAEhI,KAAM,CACX,MAAM/O,EAAQ4C,EAAK4oE,UAAS,GAE5B,OAAOt4D,EAAKmF,gBAAgBrY,GAE9B,KAAK+W,EAAE7H,WACL,OAAO,IAAIvT,WAAW,GAExB,KAAKob,EAAE5H,YACP,KAAK4H,EAAE3H,YACP,KAAK2H,EAAE1H,WACP,KAAK0H,EAAEzH,aACP,KAAKyH,EAAExH,eAAgB,CACrB,IAAI5B,EACAwL,EAEJ,GAAIvW,EAAK2L,OACP4K,EAAM,IACNxL,EAAS/K,EAAK2L,WACT,KAAI3L,EAAK6L,cAId,MAAUzS,MAAM,mFAHhBmd,EAAM,IACNxL,EAAS/K,EAAK6L,cAMhB,MAAMzO,EAAQ2N,EAAO/S,QAErB,OAAOsY,EAAK5T,OAAO,CAACxG,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GACrC,IAAIjH,WAAW,CAACwd,IAChBjG,EAAKM,YAAYxT,EAAM9F,OAAQ,GAC/B8F,IAEJ,KAAK+W,EAAEvH,cACP,KAAKuH,EAAEnH,iBACP,KAAKmH,EAAEtH,WACL,OAAOyD,EAAK5T,OAAO,CAACxG,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GAAO9J,KAAKm2E,OAAOl4D,EAAErH,IAAK,CAC/DA,IAAK9M,EAAKrE,SAGd,KAAKwY,EAAErH,IACL,QAAiB3V,IAAb6I,EAAK8M,IACP,MAAU1T,MAAM,8CAElB,OAAO4G,EAAK8M,IAAIw/D,aAAap2E,KAAK4hD,SAEpC,KAAK3jC,EAAEpH,cACL,OAAO7W,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GAC5B,KAAKmU,EAAElH,UACL,OAAO,IAAIlU,WAAW,GACxB,KAAKob,EAAEjH,WACL,MAAU9T,MAAM,mBAClB,QACE,MAAUA,MAAM,4BAItBmzE,iBAAiBvsE,EAAMqzC,GACrB,IAAI/7C,EAAS,EACb,OAAOmb,EAAiBk5D,EAAaz1E,KAAKuzE,gBAAgBlyE,IACxDD,GAAUC,EAAMD,MAAM,IACrB,KACD,MAAMq7C,EAAM,GAeZ,OAdqB,IAAjBz8C,KAAK4hD,SAAkB5hD,KAAKozE,gBAAkBryD,EAAMhM,UAAUiB,QAAUhW,KAAKozE,gBAAkBryD,EAAMhM,UAAUkB,OAC7GknC,EACFV,EAAI56C,KAAK,IAAIgB,WAAW,IAExB45C,EAAI56C,KAAKiI,EAAKk8C,gBAGlBvJ,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK4hD,QAAS,OAClB,IAAjB5hD,KAAK4hD,SACPnF,EAAI56C,KAAK,IAAIgB,WAAW,IAE1B45C,EAAI56C,KAAKuY,EAAKM,YAAYtZ,EAAQ,IAG3BgZ,EAAK5T,OAAOi2C,EAAI,IAI3B84B,OAAOnC,EAAetpE,EAAMqzC,GAAW,GACrC,MAAMj2C,EAAQlH,KAAKm2E,OAAO/C,EAAetpE,GAEzC,OAAOsQ,EAAK5T,OAAO,CAACU,EAAOlH,KAAKuzE,cAAevzE,KAAKq2E,iBAAiBvsE,EAAMqzC,KAG7Eh8C,WAAWiyE,EAAetpE,EAAMyrE,EAAQp4B,GAAW,GAEjD,OADKo4B,IAAQA,EAASv1E,KAAKu1E,OAAOnC,EAAetpE,EAAMqzC,IAChD1+B,GAAOzK,KAAK8zB,OAAO9nC,KAAKqzE,cAAekC,GAehDp0E,aAAayV,EAAKw8D,EAAetpE,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IACnF,IAAK/lB,KAAKm0E,YAAY7sD,OAAO1Q,EAAIy+D,YAC/B,MAAUnyE,MAAM,oDAElB,GAAIlD,KAAKszE,qBAAuB18D,EAAIizC,UAClC,MAAU3mD,MAAM,oFAGlB,MAAMozE,EAAqBlD,IAAkBryD,EAAMhM,UAAUiB,QAAUo9D,IAAkBryD,EAAMhM,UAAUkB,KAIzG,KADmBjW,KAAKizE,MAAcqD,GACrB,CACf,IAAIf,EACAvhE,EAQJ,GAPIhU,KAAKiiC,OACPjuB,QAAahU,KAAKiiC,QAElBszC,EAASv1E,KAAKu1E,OAAOnC,EAAetpE,EAAMqzC,GAC1CnpC,QAAahU,KAAKgU,KAAKo/D,EAAetpE,EAAMyrE,IAE9CvhE,QAAa2S,EAAiB3S,GAC1BhU,KAAKyzE,gBAAgB,KAAOz/D,EAAK,IACjChU,KAAKyzE,gBAAgB,KAAOz/D,EAAK,GACnC,MAAU9Q,MAAM,+BAUlB,GAPAlD,KAAK+mD,aAAe/mD,KAAK+mD,OAEzB/mD,KAAKizE,UAAkBx0D,GAAO1J,UAAUsoC,OACtCr9C,KAAKszE,mBAAoBtzE,KAAKqzE,cAAerzE,KAAK+mD,OAAQnwC,EAAIo4C,aAC9DumB,EAAQvhE,IAGLhU,KAAKizE,IACR,MAAU/vE,MAAM,iCAIpB,MAAMqzE,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAIiE,GAAYv2E,KAAK0zE,QAAU6C,EAC7B,MAAUrzE,MAAM,4CAElB,GAAIqzE,GAAYA,GAAYv2E,KAAKw2E,oBAC/B,MAAUtzE,MAAM,wBAElB,GAAIuhB,EAAOT,qBAAqBhe,IAAIhG,KAAKqzE,eACvC,MAAUnwE,MAAM,4BAA8B6d,EAAM7f,KAAK6f,EAAM/M,KAAMhU,KAAKqzE,eAAeoD,eAE3F,GAAIhyD,EAAOR,4BAA4Bje,IAAIhG,KAAKqzE,gBAC9C,CAACtyD,EAAMhM,UAAUiB,OAAQ+K,EAAMhM,UAAUkB,MAAMuL,SAASxhB,KAAKozE,eAC7D,MAAUlwE,MAAM,oCAAsC6d,EAAM7f,KAAK6f,EAAM/M,KAAMhU,KAAKqzE,eAAeoD,eAOnG,GALAz2E,KAAKo0E,aAAahxE,SAAQ,EAAG8H,OAAM0qE,eACjC,GAAIA,GAAanxD,EAAOX,eAAevd,QAAQ2E,GAAQ,EACrD,MAAUhI,MAAM,8BAA8BgI,MAGlB,OAA5BlL,KAAKg0E,mBACP,MAAU9wE,MAAM,iGASpBwzE,UAAUpE,EAAO,IAAI13D,MACnB,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,OAAiB,OAAbiE,KACOv2E,KAAK0zE,SAAW6C,GAAYA,EAAWv2E,KAAKw2E,qBASzDA,oBACE,OAAOx2E,KAAK2zE,sBAAwBnoE,IAAW,IAAIoP,KAAK5a,KAAK0zE,QAAQz4D,UAA2C,IAA/Bjb,KAAKmX,0BAgB1F,SAASu+D,GAAe17D,EAAM47D,EAAU9rE,GACtC,MAAM2yC,EAAM,GAIZ,OAHAA,EAAI56C,KAAK8jD,GAAkB77C,EAAK1I,OAAS,IACzCq7C,EAAI56C,KAAK,IAAIgB,WAAW,EAAE+yE,EAAW,IAAO,GAAK57D,KACjDyiC,EAAI56C,KAAKiI,GACFsQ,EAAK5T,OAAOi2C,EACrB,CC9tBA,MAAMk6B,GACOt2D,iBACT,OAAOU,EAAMlM,OAAOI,iBAGtBnV,cAEEE,KAAK4hD,QAAU,KAQf5hD,KAAKozE,cAAgB,KAMrBpzE,KAAKqzE,cAAgB,KAMrBrzE,KAAKszE,mBAAqB,KAE1BtzE,KAAKm0E,YAAc,KAMnBn0E,KAAKqpE,MAAQ,KAQfnoE,KAAKgG,GACH,IAAI6uE,EAAQ,EAGZ,GADA/1E,KAAK4hD,QAAU16C,EAAM6uE,KA1DT,IA2DR/1E,KAAK4hD,QACP,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,4DAuB7C,OAlBA5hD,KAAKozE,cAAgBlsE,EAAM6uE,KAG3B/1E,KAAKqzE,cAAgBnsE,EAAM6uE,KAG3B/1E,KAAKszE,mBAAqBpsE,EAAM6uE,KAGhC/1E,KAAKm0E,YAAc,IAAI/sD,GACvBpnB,KAAKm0E,YAAYjzE,KAAKgG,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACpDA,GAAS,EAMT/1E,KAAKqpE,MAAQniE,EAAM6uE,KACZ/1E,KAOT8B,QACE,MAAM8B,EAAQ,IAAIf,WAAW,CA3FjB,EA2F2B7C,KAAKozE,cAAepzE,KAAKqzE,cAAerzE,KAAKszE,qBAE9E/nE,EAAM,IAAI1I,WAAW,CAAC7C,KAAKqpE,QAEjC,OAAOjvD,EAAKtX,iBAAiB,CAACc,EAAO5D,KAAKm0E,YAAYryE,QAASyJ,IAGjE8qE,oBAAoBzlD,GAClB,OAAOqkD,GAAiB9zE,SAAYgyE,GAAgBnyE,UAAUq1E,iBAAiBx5D,YAAY7c,KAAK42E,iBAAkBhmD,KAGpHzvB,eACE,MAAMy1E,QAAyB52E,KAAK42E,iBACpC,IAAKA,GAAoBA,EAAiB92E,YAAYugB,MAAQU,EAAMlM,OAAOE,UACzE,MAAU7R,MAAM,0CAElB,GACE0zE,EAAiBxD,gBAAkBpzE,KAAKozE,eACxCwD,EAAiBvD,gBAAkBrzE,KAAKqzE,eACxCuD,EAAiBtD,qBAAuBtzE,KAAKszE,qBAC5CsD,EAAiBzC,YAAY7sD,OAAOtnB,KAAKm0E,aAE1C,MAAUjxE,MAAM,2EAGlB,OADA0zE,EAAiB30C,OAASjiC,KAAKiiC,OACxB20C,EAAiBv5B,OAAOxgC,MAAM+5D,EAAkBr6B,YCxHpD,SAASs6B,GAAiBx2D,EAAKy2D,GACpC,IAAKA,EAAez2D,GAAM,CAExB,IAAI02D,EACJ,IACEA,EAAah2D,EAAM7f,KAAK6f,EAAMlM,OAAQwL,GACtC,MAAOhc,GACP,MAAM,IAAIyiD,GAAiB,iCAAiCzmC,GAE9D,MAAUnd,MAAM,uCAAuC6zE,GAEzD,OAAO,IAAID,EAAez2D,EAC5B,CDgHAs2D,GAAuB31E,UAAUgT,KAAOm/D,GAAgBnyE,UAAUgT,KAClE2iE,GAAuB31E,UAAUu0E,OAASpC,GAAgBnyE,UAAUu0E,OACpEoB,GAAuB31E,UAAUm1E,OAAShD,GAAgBnyE,UAAUm1E,OC1GpE,MAAMa,WAAmBn3E,MAWvB8nB,wBAAwBzgB,EAAO4vE,EAAgBryD,EAASsB,IACtD,MAAMkxD,EAAU,IAAID,GAEpB,aADMC,EAAQ/1E,KAAKgG,EAAO4vE,EAAgBryD,GACnCwyD,EAWT91E,WAAW+F,EAAO4vE,EAAgBryD,EAASsB,IACrCtB,EAAOjB,yBAAyBpiB,SAClC01E,EAAiB,IAAKA,KAAmB18D,EAAK8F,wBAAwBuE,EAAOjB,4BAE/ExjB,KAAKe,OAASulB,EAAqBpf,GAAO/F,MAAOqH,EAAUC,KACzD,MAAM/H,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,OACL/H,EAAOuI,MA6Bb,SA5BmBi9C,GAAY19C,GAAUrH,UACvC,IACE,GAAI+1E,EAAO72D,MAAQU,EAAMlM,OAAOS,QAAU4hE,EAAO72D,MAAQU,EAAMlM,OAAOW,MAIpE,OAEF,MAAMX,EAASgiE,GAAiBK,EAAO72D,IAAKy2D,GAC5CjiE,EAAOoiE,QAAU,IAAID,GACrBniE,EAAOsiE,WAAa/8D,EAAK5X,SAAS00E,EAAOriE,cACnCA,EAAO3T,KAAKg2E,EAAOriE,OAAQ4P,SAC3B/jB,EAAOoB,MAAM+S,GACnB,MAAOxQ,GACP,MAAM+yE,GAAyB3yD,EAAOnB,0BAA4Bjf,aAAayiD,GACzEuwB,IAAuB5yD,EAAOlB,wBAA4Blf,aAAayiD,IAC7E,GAAIswB,GAAyBC,GAAuBpxB,GAAkBixB,EAAO72D,WAIrE3f,EAAOuB,MAAMoC,OACd,CACL,MAAMizE,EAAiB,IAAIrwB,GAAkBiwB,EAAO72D,IAAK62D,EAAOriE,cAC1DnU,EAAOoB,MAAMw1E,GAErBl9D,EAAK4D,gBAAgB3Z,OAMvB,aAFM3D,EAAOuI,iBACPvI,EAAOsB,SAIjB,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAKvB,MAAMkB,EAASghB,EAAiBvmB,KAAKe,QACrC,OAAa,CACX,MAAMO,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OAMrC,GALKI,EAGHtB,KAAKe,OAAS,KAFdf,KAAK6B,KAAKR,GAIRC,GAAQ2kD,GAAkB5kD,EAAMvB,YAAYugB,KAC9C,MAGJ9a,EAAO3E,cAQTkB,QACE,MAAM26C,EAAM,GAEZ,IAAK,IAAIx5C,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,MAAMod,EAAMrgB,KAAKiD,aAAcgkD,GAAoBjnD,KAAKiD,GAAGod,IAAMrgB,KAAKiD,GAAGnD,YAAYugB,IAC/Ek3D,EAAcv3E,KAAKiD,GAAGnB,QAC5B,GAAIsY,EAAK5X,SAAS+0E,IAAgBtxB,GAAkBjmD,KAAKiD,GAAGnD,YAAYugB,KAAM,CAC5E,IAAIpc,EAAS,GACT8C,EAAe,EACnB,MAAMywE,EAAY,IAClB/6B,EAAI56C,KAAKikD,GAASzlC,IAClBo8B,EAAI56C,KAAK0a,EAAiBg7D,GAAal2E,IAGrC,GAFA4C,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgBywE,EAAW,CAC7B,MAAMC,EAAW/rE,KAAKmyC,IAAInyC,KAAKqS,IAAIhX,GAAgB2E,KAAKgsE,IAAM,EAAG,IAC3DlV,EAAY,GAAKiV,EACjBzwE,EAAeoT,EAAK5T,OAAO,CAACo/C,GAAmB6xB,IAAWjxE,OAAOvC,IAGvE,OAFAA,EAAS,CAAC+C,EAAaiF,SAAS,EAAIu2D,IACpCz7D,EAAe9C,EAAO,GAAG7C,OAClB4F,EAAaiF,SAAS,EAAG,EAAIu2D,OAErC,IAAMpoD,EAAK5T,OAAO,CAACm/C,GAAkB5+C,IAAeP,OAAOvC,WACzD,CACL,GAAImW,EAAK5X,SAAS+0E,GAAc,CAC9B,IAAIn2E,EAAS,EACbq7C,EAAI56C,KAAK0a,EAAiBk5D,EAAa8B,IAAcl2E,IACnDD,GAAUC,EAAMD,MAAM,IACrB,IAAM4kD,GAAY3lC,EAAKjf,WAE1Bq7C,EAAI56C,KAAKmkD,GAAY3lC,EAAKk3D,EAAYn2E,SAExCq7C,EAAI56C,KAAK01E,IAIb,OAAOn9D,EAAK5T,OAAOi2C,GAQrBk7B,eAAeC,GACb,MAAMC,EAAW,IAAIb,GAEfc,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI9zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B20E,EAAK3vE,KAAK6vE,EAAO93E,KAAKiD,GAAGnD,YAAYugB,OACvCw3D,EAASh2E,KAAK7B,KAAKiD,IAIvB,OAAO40E,EAQTE,WAAW13D,GACT,OAAOrgB,KAAKg4E,MAAKnjE,GAAUA,EAAO/U,YAAYugB,MAAQA,IAQxD43D,cAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOn4E,KAEP83E,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI9zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B20E,EAAK3vE,KAAK6vE,EAAOK,EAAKl1E,GAAGnD,YAAYugB,OACvC63D,EAASr2E,KAAKoB,GAGlB,OAAOi1E,GCzLX,MAAMpB,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACAsE,GACAxD,KAWF,MAAMiF,GACO/3D,iBACT,OAAOU,EAAMlM,OAAOO,eAMtBtV,YAAY2kB,EAASsB,IAKnB/lB,KAAKi3E,QAAU,KAKfj3E,KAAK6pD,UAAYplC,EAAOrC,8BAMxBpiB,KAAKq4E,WAAa,KAKlBr4E,KAAKqiB,aAAeoC,EAAOpC,aAQ7BlhB,WAAW+F,EAAOud,EAASsB,UACnB+sD,EAAa5rE,GAAO/F,UAGxBnB,KAAK6pD,gBAAkBtkD,EAAOoB,WAG9B3G,KAAKq4E,WAAa9yE,EAAOmF,kBAEnB1K,KAAKs4E,WAAW7zD,EAAO,IASjC3iB,QAKE,OAJwB,OAApB9B,KAAKq4E,YACPr4E,KAAKu4E,WAGAn+D,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK6pD,YAAa7pD,KAAKq4E,aAS7Dl3E,iBAAiBsjB,EAASsB,IACxB,MAAMyyD,EAAkBz3D,EAAM7f,KAAK6f,EAAMpN,YAAa3T,KAAK6pD,WACrD4uB,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUv1E,MAASs1E,EAAH,gCAGlBx4E,KAAKi3E,cAAgBD,GAAW2B,WAAWF,EAAgBz4E,KAAKq4E,YAAavB,GAAgBryD,GAM/F8zD,WACE,MAAMC,EAAkBz3D,EAAM7f,KAAK6f,EAAMpN,YAAa3T,KAAK6pD,WACrD+uB,EAAgBC,GAAaL,GACnC,IAAKI,EACH,MAAU11E,MAASs1E,EAAH,8BAGlBx4E,KAAKq4E,WAAaO,EAAc54E,KAAKi3E,QAAQn1E,QAAS9B,KAAKqiB,eAa/D,MAAMy2D,GAAW1+D,EAAK0E,cAEtB,SAASlL,GAAa9J,GACpB,OAAOA,CACT,CAEA,SAASivE,GAAU9Y,EAAM16B,EAAQ1gC,EAAU,IACzC,OAAO,SAAUiF,GACf,OAAKsQ,EAAK5X,SAASsH,IAASid,EAAqBjd,GACxCmrE,GAAiB,IAAMtuD,EAAiB7c,GAAMlI,MAAKkI,GACjD,IAAI7J,SAAQ,CAACC,EAASC,KAC3B8/D,EAAKn2D,EAAMjF,GAAS,CAACu8C,EAAK3/C,KACxB,GAAI2/C,EAAK,OAAOjhD,EAAOihD,GACvBlhD,EAAQuB,EAAO,GACf,QAIDu3E,EAAiBC,EAAiBnvE,GAAMpB,KAAK68B,EAAO1gC,KAE/D,CAEA,SAASq0E,GAAUp5E,EAAa+E,EAAU,IACxC,OAAO,SAASiF,GACd,MAAMs2C,EAAM,IAAItgD,EAAY+E,GAC5B,OAAO0X,EAAiBzS,GAAMzI,IAC5B,GAAIA,EAAMD,OAER,OADAg/C,EAAIv+C,KAAKR,EAAOywD,IACT1R,EAAI3+C,UAEZ,KACD,GAAI3B,IAAgByiE,GAElB,OADAniB,EAAIv+C,KAAK,GAAImwD,IACN5R,EAAI3+C,UAInB,CAEA,SAASsS,GAAMksD,GACb,OAAO,SAASn2D,GACd,OAAOmrE,GAAiB9zE,SAAY8+D,QAAWt5C,EAAiB7c,MAEpE,CAEA,MAAM+uE,GAAeC,GAAW,CAC9BjlE,iBAAmB,CAACwkE,EAAYre,IAAU+e,GAAUD,GAASK,WAAYL,GAASM,iBAAkB,CAAEpf,SAA5D+e,CAAqEV,GAC/GvkE,kBAAoB,CAACukE,EAAYre,IAAU+e,GAAUD,GAAS3X,QAAS2X,GAASO,cAAe,CAAErf,SAAtD+e,CAA+DV,IACxG,CACFxkE,iBAAmB,CAACwkE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEK,KAAK,EAAM5I,SAAhCkf,CAAyCb,GACnFvkE,kBAAoB,CAACukE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEvI,SAArBkf,CAA8Bb,IAGrEK,GAAiBI,GAAW,CAChCllE,aAAcA,GACdC,iBAAmBklE,GAAUD,GAASQ,WAAYR,GAASS,kBAC3DzlE,kBAAoBilE,GAAUD,GAASlO,QAASkO,GAASU,eACzDzlE,mBAAqBA,GAAM0lE,KACzB,CACF7lE,aAAcA,GACdC,iBAAmBqlE,GAAUzN,GAAS,CAAE7I,KAAK,IAC7C9uD,kBAAoBolE,GAAUzN,IAC9B13D,mBAAqBA,GAAM0lE,KCnLvB3C,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAeF,MAAMuG,GACOr5D,iBACT,OAAOU,EAAMlM,OAAOe,mCAGtB9V,cACEE,KAAK4hD,QAlBO,EAmBZ5hD,KAAK25E,UAAY,KACjB35E,KAAKi3E,QAAU,KAGjB91E,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UACxB,MAAMygD,QAAgBr8C,EAAOoB,WAE7B,GA3BU,IA2BNi7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,wCAMxC5hD,KAAK25E,UAAYp0E,EAAOmF,WAAW,IAIvC5I,QACE,OAAOsY,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAvCvB,IAuCmC7C,KAAK25E,YAYtDx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEvC,IAAI1yE,EAAQlH,KAAKi3E,QAAQn1E,QACrBilB,EAAqB7f,KAAQA,QAAcyf,EAAiBzf,IAChE,MAAM4U,QAAe2C,GAAOo7D,gBAAgBD,GACtCE,EAAM,IAAIj3E,WAAW,CAAC,IAAM,KAE5Bk3E,EAAS3/D,EAAK5T,OAAO,CAACsV,EAAQ5U,EAAO4yE,IACrC9lE,QAAayK,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,IAClD7mE,EAAYkH,EAAK5T,OAAO,CAACuzE,EAAQ/lE,IAGvC,OADAhU,KAAK25E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK1D,EAAW,IAAIrQ,WAAWmwB,GAAYvO,IACxG,EAYTtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACvC,IAAID,EAAYlE,EAAaz1E,KAAK25E,WAC9B5yD,EAAqB4yD,KAAYA,QAAkBhzD,EAAiBgzD,IACxE,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EAAK+iE,EAAW,IAAI92E,WAAWmwB,IAI9FinD,EAAWzE,EAAa5uD,EAAoBozD,IAAa,IACzDD,EAASvE,EAAawE,EAAW,GAAI,IACrCE,EAAaj6E,QAAQ2H,IAAI,CAC7B+e,QAAuBlI,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,KAC5DpzD,EAAiBszD,KAChBr4E,MAAK,EAAEoS,EAAM8lE,MACd,IAAK1/D,EAAKqD,iBAAiBzJ,EAAM8lE,GAC/B,MAAU52E,MAAM,0BAElB,OAAO,IAAIL,UAAY,IAEnBqE,EAAQsuE,EAAauE,EAAQ/mD,EAAY,GAC/C,IAAIukD,EAAc/B,EAAatuE,EAAO,GAAI,GAM1C,OALAqwE,EAAch6D,EAAc,CAACg6D,EAAatC,GAAiB,IAAMiF,MAC5D9/D,EAAK5X,SAASm3E,IAAel1D,EAAO9B,6BACvC40D,QAAoB5wD,EAAiB4wD,IAEvCv3E,KAAKi3E,cAAgBD,GAAW2B,WAAWpB,EAAaT,GAAgBryD,IACjE,GC7GX,MAAMqyD,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAYF,MAAMgH,GACO95D,iBACT,OAAOU,EAAMlM,OAAOiB,kBAGtBhW,cACEE,KAAK4hD,QAfO,EAiBZ5hD,KAAKo6E,gBAAkB,KAEvBp6E,KAAKq6E,cAAgBt5D,EAAMtM,KAAKC,IAChC1U,KAAKs6E,cAAgB,KACrBt6E,KAAKkxB,GAAK,KACVlxB,KAAK25E,UAAY,KACjB35E,KAAKi3E,QAAU,KAQjB91E,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UACxB,MAAMygD,QAAgBr8C,EAAOoB,WAC7B,GAlCU,IAkCNi7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,yDAExC5hD,KAAKo6E,sBAAwB70E,EAAOoB,WACpC3G,KAAKq6E,oBAAsB90E,EAAOoB,WAClC3G,KAAKs6E,oBAAsB/0E,EAAOoB,WAElC,MAAMmnB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eACrCr6E,KAAKkxB,SAAW3rB,EAAOuB,UAAUgnB,EAAKwkB,UACtCtyC,KAAK25E,UAAYp0E,EAAOmF,WAAW,IAQvC5I,QACE,OAAOsY,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK4hD,QAAS5hD,KAAKo6E,gBAAiBp6E,KAAKq6E,cAAer6E,KAAKs6E,gBAAiBt6E,KAAKkxB,GAAIlxB,KAAK25E,YAWlIx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C/lB,KAAKi3E,cAAgBD,GAAW2B,iBACxB34E,KAAK+zC,MAAM,UAAWn9B,EAAK6+D,EAAaz1E,KAAK25E,YACnD7C,GACAryD,GAYJtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C/lB,KAAKo6E,gBAAkBR,EAEvB,MAAMtnC,SAAEA,GAAa7zB,GAAO87D,YAAYv6E,KAAKq6E,eAC7Cr6E,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAe3L,GACvCtyC,KAAKs6E,cAAgB71D,EAAOjC,kBAC5B,MAAM1Y,EAAO9J,KAAKi3E,QAAQn1E,QAC1B9B,KAAK25E,gBAAkB35E,KAAK+zC,MAAM,UAAWn9B,EAAK9M,GAWpD3I,YAAY8I,EAAI2M,EAAK9M,GACnB,MAAMgkB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAC/BG,QAAqB1sD,EAAK9tB,KAAKo6E,gBAAiBxjE,GAChD6jE,EAA+B,YAAPxwE,EAAmB6jB,EAAKykB,UAAY,EAC5DmoC,EAA+B,YAAPzwE,EAAmB6jB,EAAKykB,UAAY,EAC5DiwB,EAAY,IAAMxiE,KAAKs6E,cAAgB,GAAKG,EAC5CE,EAAc,IAAIx1D,YAAY,IAC9By1D,EAAa,IAAI/3E,WAAW83E,EAAa,EAAG,IAC5CE,EAAgB,IAAIh4E,WAAW83E,GAC/BG,EAAY,IAAI11D,SAASu1D,GACzBI,EAAkB,IAAIl4E,WAAW83E,EAAa,EAAG,GACvDC,EAAWt3E,IAAI,CAAC,IAAO62E,GAAwB95D,IAAKrgB,KAAK4hD,QAAS5hD,KAAKo6E,gBAAiBp6E,KAAKq6E,cAAer6E,KAAKs6E,eAAgB,GACjI,IAAI/mC,EAAa,EACbynC,EAAgB/6E,QAAQC,UACxB+6E,EAAe,EACfC,EAAc,EAClB,MAAMhqD,EAAKlxB,KAAKkxB,GAChB,OAAO5K,EAAqBxc,GAAM3I,MAAOqH,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK5X,SAASgG,GAAuB,CACvC,MAAMvE,EAAS,IAAI0iD,EAAuB,GAAI,CAC5Ch9C,cAAeyQ,EAAK6E,yBAA2B,IAAMjf,KAAKs6E,cAAgB,GAC1Et1E,KAAMsZ,GAASA,EAAMld,SAEvBylB,EAAY5iB,EAAOuE,SAAUC,GAC7BA,EAAWxE,EAAOwE,SAEpB,MAAMlD,EAASghB,EAAiB/d,GAC1B9H,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAI1G,QAAcwD,EAAOuB,UAAU07D,EAAYiY,IAA0B,IAAI53E,WAC7E,MAAMs4E,EAAap5E,EAAMkK,SAASlK,EAAMX,OAASq5E,GAEjD,IAAIW,EACA95E,EAwBJ,GA1BAS,EAAQA,EAAMkK,SAAS,EAAGlK,EAAMX,OAASq5E,IAGpClnC,GAAcxxC,EAAMX,QACvBmE,EAAOmB,QAAQy0E,GACfC,EAAiBZ,EAAavwE,GAAIlI,EAAO+rB,EAAKwlB,SAASpiB,EAAI6pD,GAAkBH,GAC7EM,GAAen5E,EAAMX,OAASq5E,EAAwBC,IAKtDI,EAAUO,SAAS,GAAQJ,GAC3BG,EAAiBZ,EAAavwE,GAAIkxE,EAAYrtD,EAAKwlB,SAASpiB,EAAI6pD,GAAkBF,GAClFK,GAAeR,EACfp5E,GAAO,GAET25E,GAAgBl5E,EAAMX,OAASq5E,EAE/BO,EAAgBA,EAAcp5E,MAAK,IAAMw5E,IAAgBx5E,MAAKT,gBACtDT,EAAOuI,YACPvI,EAAOoB,MAAMgzC,GACnBomC,GAAepmC,EAAQ1zC,MAAM,IAC5BhB,OAAMghD,GAAO1gD,EAAOuB,MAAMm/C,MACzB9/C,GAAQ45E,EAAcx6E,EAAO46E,oBACzBN,EAEH15E,EAEE,OACCZ,EAAOsB,QACb,MAHA84E,EAAUO,SAAS,IAAS9nC,IAMhC,MAAOlvC,SACD3D,EAAOuB,MAAMoC,QChK3B,MAAMk3E,GACOl7D,iBACT,OAAOU,EAAMlM,OAAOC,6BAGtBhV,cACEE,KAAK4hD,QAAU,EAEf5hD,KAAKw7E,YAAc,IAAIp0D,GACvBpnB,KAAKszE,mBAAqB,KAE1BtzE,KAAKy7E,WAAa,KAKlBz7E,KAAK45E,oBAAsB,KAG3B55E,KAAK25E,UAAY,GAQnBz4E,KAAKgG,GACH,IAAIjE,EAAI,EAER,GADAjD,KAAK4hD,QAAU16C,EAAMjE,KA/CT,IAgDRjD,KAAK4hD,QACP,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,+CAE7C3+C,GAAKjD,KAAKw7E,YAAYt6E,KAAKgG,EAAM+E,SAAShJ,IAC1CjD,KAAKszE,mBAAqBpsE,EAAMjE,KAChCjD,KAAK25E,UAAYl7D,GAAOi9D,yBAAyB17E,KAAKszE,mBAAoBpsE,EAAM+E,SAAShJ,GAAIjD,KAAK4hD,SAC9F5hD,KAAKszE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C9S,KAAK45E,oBAAsB74D,EAAMjf,MAAMif,EAAM9N,UAAWjT,KAAK25E,UAAU9mD,EAAEg3B,YAS7E/nD,QACE,MAAM26C,EAAM,CACV,IAAI55C,WAAW,CAAC7C,KAAK4hD,UACrB5hD,KAAKw7E,YAAY15E,QACjB,IAAIe,WAAW,CAAC7C,KAAKszE,qBACrB70D,GAAOy2D,gBAAgBl1E,KAAKszE,mBAAoBtzE,KAAK25E,YAGvD,OAAOv/D,EAAKtX,iBAAiB25C,GAS/Bt7C,cAAcyV,GACZ,MAAM44B,EAAOzuB,EAAMjf,MAAMif,EAAM7O,UAAWlS,KAAKszE,oBACzClyD,EAAUu6D,GAAiB37E,KAAK4hD,QAASpS,EAAMxvC,KAAK45E,oBAAqB55E,KAAKy7E,YACpFz7E,KAAK25E,gBAAkBl7D,GAAOm9D,iBAC5BpsC,EAAMxvC,KAAK45E,oBAAqBhjE,EAAIo4C,aAAc5tC,EAASxK,EAAIw+D,uBAWnEj0E,cAAcyV,EAAKilE,GAEjB,GAAI77E,KAAKszE,qBAAuB18D,EAAIizC,UAClC,MAAU3mD,MAAM,oBAGlB,MAAMm8C,EAAgBw8B,EACpBF,GAAiB37E,KAAK4hD,QAAS5hD,KAAKszE,mBAAoBuI,EAAiBjC,oBAAqBiC,EAAiBJ,YAC/G,KACIK,QAAsBr9D,GAAOs9D,iBAAiB/7E,KAAKszE,mBAAoB18D,EAAIo4C,aAAcp4C,EAAIo5C,cAAehwD,KAAK25E,UAAW/iE,EAAIw+D,sBAAuB/1B,IAEvJo8B,WAAEA,EAAU7B,oBAAEA,GAkCxB,SAA0Bh4B,EAAS8N,EAASosB,EAAeD,GACzD,OAAQnsB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAAM,CAEzB,MAAM/Q,EAASq6E,EAAc7vE,SAAS,EAAG6vE,EAAc16E,OAAS,GAC1DukB,EAAWm2D,EAAc7vE,SAAS6vE,EAAc16E,OAAS,GACzD46E,EAAmB5hE,EAAKwD,cAAcnc,EAAOwK,SAASxK,EAAOL,OAAS,IACtE66E,EAAkBD,EAAiB,KAAOr2D,EAAS,GAAKq2D,EAAiB,KAAOr2D,EAAS,GACzFu2D,EAAsB,CAAEtC,oBAAqBn4E,EAAO,GAAIg6E,WAAYh6E,EAAOwK,SAAS,IAC1F,GAAI4vE,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBtC,sBAAwBiC,EAAiBjC,oBAC7DsC,EAAoBT,WAAWr6E,SAAWy6E,EAAiBJ,WAAWr6E,OACxE,MAAO,CACLq6E,WAAYrhE,EAAKsG,iBAAiBy7D,EAAgBD,EAAoBT,WAAYI,EAAiBJ,YACnG7B,oBAAqBx/D,EAAKwG,YACxBu7D,EACAD,EAAoBtC,oBACpBiC,EAAiBjC,sBAKrB,GADuBqC,GAAmBl7D,EAAM7f,KAAK6f,EAAM9N,UAAWipE,EAAoBtC,qBAExF,OAAOsC,EAEP,MAAUh5E,MAAM,oBAItB,KAAK6d,EAAM7O,UAAUY,OACnB,MAAO,CACL2oE,WAAYK,GAEhB,QACE,MAAU54E,MAAM,oCAEtB,CA5EgDk5E,CAAiBp8E,KAAK4hD,QAAS5hD,KAAKszE,mBAAoBwI,EAAeD,GAG/G77E,KAAKszE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C9S,KAAK45E,oBAAsBA,GAE7B55E,KAAKy7E,WAAaA,GAOtB,SAASE,GAAiB/5B,EAAS8N,EAAS5uC,EAAYu7D,GACtD,OAAQ3sB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAEnB,OAAO4H,EAAKtX,iBAAiB,CAC3B,IAAID,WAAW,CAACie,IAChBu7D,EACAjiE,EAAKwD,cAAcy+D,EAAepwE,SAASowE,EAAej7E,OAAS,MAGvE,KAAK2f,EAAM7O,UAAUY,OACnB,OAAOupE,EACT,QACE,MAAUn5E,MAAM,oCAEtB,CC7HA,MAAMo5E,GAIJx8E,YAAY2kB,EAASsB,IAKnB/lB,KAAK6pD,UAAY9oC,EAAM/M,KAAKI,OAK5BpU,KAAKga,KAAO,WAEZha,KAAKoc,EAAIqI,EAAOhC,sBAIhBziB,KAAKstD,KAAO,KAGdivB,WAIE,OAAQ,IAAe,GAATv8E,KAAKoc,IAFH,GAEiBpc,KAAKoc,GAAK,GAQ7Clb,KAAKgG,GACH,IAAIjE,EAAI,EACR,IACEjD,KAAKga,KAAO+G,EAAM7f,KAAK6f,EAAMlP,IAAK3K,EAAMjE,MACxC,MAAOm+C,GACP,MAAM,IAAI0F,GAAiB,qBAI7B,OAFA9mD,KAAK6pD,UAAY3iD,EAAMjE,KAEfjD,KAAKga,MACX,IAAK,SACH,MAEF,IAAK,SACHha,KAAKstD,KAAOpmD,EAAM+E,SAAShJ,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACHjD,KAAKstD,KAAOpmD,EAAM+E,SAAShJ,EAAGA,EAAI,GAClCA,GAAK,EAGLjD,KAAKoc,EAAIlV,EAAMjE,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDmX,EAAKqC,mBAAmBvV,EAAM+E,SAAShJ,EAAGA,EAAI,IAUhD,MAAM,IAAI6jD,GAAiB,qBAT3B7jD,GAAK,EAEL,GAAmB,OADA,IAAOiE,EAAMjE,KAK9B,MAAM,IAAI6jD,GAAiB,oCAH3B9mD,KAAKga,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI8sC,GAAiB,qBAG/B,OAAO7jD,EAOTnB,QACE,GAAkB,cAAd9B,KAAKga,KACP,OAAO,IAAInX,WAAW,CAAC,IAAK,KAAMuX,EAAKiC,mBAAmB,OAAQ,IAEpE,MAAMogC,EAAM,CAAC,IAAI55C,WAAW,CAACke,EAAMjf,MAAMif,EAAMlP,IAAK7R,KAAKga,MAAOha,KAAK6pD,aAErE,OAAQ7pD,KAAKga,MACX,IAAK,SACH,MACF,IAAK,SACHyiC,EAAI56C,KAAK7B,KAAKstD,MACd,MACF,IAAK,WACH7Q,EAAI56C,KAAK7B,KAAKstD,MACd7Q,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAKoc,KAC9B,MACF,IAAK,MACH,MAAUlZ,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOkX,EAAKtX,iBAAiB25C,GAW/Bt7C,iBAAiBq7E,EAAYC,GAC3BD,EAAapiE,EAAK0C,WAAW0/D,GAE7B,MAAM//B,EAAM,GACZ,IAAIigC,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIlH,EACJ,OAAQv1E,KAAKga,MACX,IAAK,SACHu7D,EAASn7D,EAAKtX,iBAAiB,CAAC,IAAID,WAAW85E,GAAYH,IAC3D,MACF,IAAK,SACHjH,EAASn7D,EAAKtX,iBAAiB,CAAC,IAAID,WAAW85E,GAAY38E,KAAKstD,KAAMkvB,IACtE,MACF,IAAK,WAAY,CACf,MAAM1yE,EAAOsQ,EAAKtX,iBAAiB,CAAC9C,KAAKstD,KAAMkvB,IAC/C,IAAII,EAAU9yE,EAAK1I,OACnB,MAAMqiC,EAAQ/3B,KAAKC,IAAI3L,KAAKu8E,WAAYK,GACxCrH,EAAS,IAAI1yE,WAAW85E,EAAYl5C,GACpC8xC,EAAOjyE,IAAIwG,EAAM6yE,GACjB,IAAK,IAAIx5E,EAAMw5E,EAAYC,EAASz5E,EAAMsgC,EAAOtgC,GAAOy5E,EAASA,GAAW,EAC1ErH,EAAO11D,WAAW1c,EAAKw5E,EAAWx5E,GAEpC,MAEF,IAAK,MACH,MAAUD,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMzB,QAAegd,GAAOzK,KAAK8zB,OAAO9nC,KAAK6pD,UAAW0rB,GACxD94B,EAAI56C,KAAKJ,GACTi7E,GAAWj7E,EAAOL,OAClBu7E,IAGF,OAAOviE,EAAKtX,iBAAiB25C,GAAKxwC,SAAS,EAAGwwE,IC7JlD,MAAMI,GACOx8D,iBACT,OAAOU,EAAMlM,OAAOG,uBAMtBlV,YAAY2kB,EAASsB,IACnB/lB,KAAK4hD,QAAUn9B,EAAOnC,YAAc,EAAI,EACxCtiB,KAAKy7E,WAAa,KAKlBz7E,KAAK88E,8BAAgC,KAKrC98E,KAAK45E,oBAAsB74D,EAAM9N,UAAUQ,OAK3CzT,KAAKq6E,cAAgBt5D,EAAMjf,MAAMif,EAAMtM,KAAMgQ,EAAOlC,wBACpDviB,KAAK25E,UAAY,KACjB35E,KAAK6R,IAAM,KACX7R,KAAKkxB,GAAK,KAQZhwB,KAAKgG,GACH,IAAIiJ,EAAS,EAIb,GADAnQ,KAAK4hD,QAAU16C,EAAMiJ,KACA,IAAjBnQ,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,+CAI7C,MAAMpS,EAAOtoC,EAAMiJ,KAWnB,GATqB,IAAjBnQ,KAAK4hD,UAEP5hD,KAAKq6E,cAAgBnzE,EAAMiJ,MAI7BnQ,KAAK6R,IAAM,IAAIyqE,GACfnsE,GAAUnQ,KAAK6R,IAAI3Q,KAAKgG,EAAM+E,SAASkE,EAAQjJ,EAAM9F,SAEhC,IAAjBpB,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAIrCr6E,KAAKkxB,GAAKhqB,EAAM+E,SAASkE,EAAQA,GAAU2d,EAAKwkB,UAK7B,IAAjBtyC,KAAK4hD,SAAiBzxC,EAASjJ,EAAM9F,QACvCpB,KAAK25E,UAAYzyE,EAAM+E,SAASkE,EAAQjJ,EAAM9F,QAC9CpB,KAAK88E,8BAAgCttC,GAErCxvC,KAAK45E,oBAAsBpqC,EAS/B1tC,QACE,MAAM0tC,EAA0B,OAAnBxvC,KAAK25E,UAChB35E,KAAK45E,oBACL55E,KAAK88E,8BAEP,IAAI51E,EAYJ,OAVqB,IAAjBlH,KAAK4hD,QACP16C,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK4hD,QAASpS,EAAMxvC,KAAKq6E,gBAAiBr6E,KAAK6R,IAAI/P,QAAS9B,KAAKkxB,GAAIlxB,KAAK25E,aAEzHzyE,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK4hD,QAASpS,IAAQxvC,KAAK6R,IAAI/P,UAEvD,OAAnB9B,KAAK25E,YACPzyE,EAAQkT,EAAKtX,iBAAiB,CAACoE,EAAOlH,KAAK25E,cAIxCzyE,EAST/F,cAAcq7E,GACZ,MAAMhtC,EAA8C,OAAvCxvC,KAAK88E,8BAChB98E,KAAK88E,8BACL98E,KAAK45E,qBAED5mD,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1C54B,QAAY5W,KAAK6R,IAAIkrE,WAAWP,EAAYvpD,GAElD,GAAqB,IAAjBjzB,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAC/BrnC,EAAQ,IAAInwC,WAAW,CAAC,IAAOg6E,GAA6Bx8D,IAAKrgB,KAAK4hD,QAAS5hD,KAAK88E,8BAA+B98E,KAAKq6E,gBACxHG,QAAqB1sD,EAAK0hB,EAAM54B,GACtC5W,KAAKy7E,iBAAmBjB,EAAa7nD,QAAQ3yB,KAAK25E,UAAW35E,KAAKkxB,GAAI8hB,QACjE,GAAuB,OAAnBhzC,KAAK25E,UAAoB,CAClC,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQ6c,EAAM54B,EAAK5W,KAAK25E,UAAW,IAAI92E,WAAWmwB,IAE1FhzB,KAAK45E,oBAAsB74D,EAAMjf,MAAMif,EAAM9N,UAAW+mE,EAAU,IAClEh6E,KAAKy7E,WAAazB,EAAU/tE,SAAS,EAAG+tE,EAAU54E,aAElDpB,KAAKy7E,WAAa7kE,EAWtBzV,cAAcq7E,EAAY/3D,EAASsB,IACjC,MAAMypB,EAA8C,OAAvCxvC,KAAK88E,8BAChB98E,KAAK88E,8BACL98E,KAAK45E,oBAEP55E,KAAK88E,8BAAgCttC,EAErCxvC,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAE7C,MAAMjrB,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1CwtC,QAAsBh9E,KAAK6R,IAAIkrE,WAAWP,EAAYvpD,GAM5D,GAJwB,OAApBjzB,KAAKy7E,aACPz7E,KAAKy7E,WAAah9D,GAAOw+D,mBAAmBj9E,KAAK45E,sBAG9B,IAAjB55E,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eACrCr6E,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAenwB,EAAKwkB,UAC5C,MAAM4qC,EAAiB,IAAIr6E,WAAW,CAAC,IAAOg6E,GAA6Bx8D,IAAKrgB,KAAK4hD,QAAS5hD,KAAK88E,8BAA+B98E,KAAKq6E,gBACjIG,QAAqB1sD,EAAK0hB,EAAMwtC,GACtCh9E,KAAK25E,gBAAkBa,EAAa9nD,QAAQ1yB,KAAKy7E,WAAYz7E,KAAKkxB,GAAIgsD,OACjE,CACL,MAAMC,EAAY/iE,EAAKtX,iBAAiB,CACtC,IAAID,WAAW,CAAC7C,KAAK45E,sBACrB55E,KAAKy7E,aAEPz7E,KAAK25E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQ8c,EAAMwtC,EAAeG,EAAW,IAAIt6E,WAAWmwB,GAAYvO,KCtKhH,MAAM24D,GACO/8D,iBACT,OAAOU,EAAMlM,OAAO3C,UAOtBpS,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAKtC/lB,KAAK4hD,QAAUn9B,EAAO1K,OAAS,EAAI,EAKnC/Z,KAAK0zE,QAAUt5D,EAAKc,cAAco3D,GAKlCtyE,KAAK6pD,UAAY,KAKjB7pD,KAAKgvD,aAAe,KAKpBhvD,KAAKq9E,iBAAmB,EAKxBr9E,KAAKsrD,YAAc,KAKnBtrD,KAAKunB,MAAQ,KASfI,2BAA2B21D,GACzB,MAAMC,EAAY,IAAIH,IAChBx7B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBgyB,EAO1E,OANAC,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,EASTp8E,WAAW+F,GACT,IAAI/D,EAAM,EAIV,GAFAnD,KAAK4hD,QAAU16C,EAAM/D,KAEA,IAAjBnD,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAAe,CAE5C5hD,KAAK0zE,QAAUt5D,EAAKO,SAASzT,EAAM+E,SAAS9I,EAAKA,EAAM,IACvDA,GAAO,EAGPnD,KAAK6pD,UAAY3iD,EAAM/D,KAEF,IAAjBnD,KAAK4hD,UAEPz+C,GAAO,GAIT,MAAMjC,KAAEA,EAAI8tD,aAAEA,GAAiBvwC,GAAO++D,qBAAqBx9E,KAAK6pD,UAAW3iD,EAAM+E,SAAS9I,IAM1F,OALAnD,KAAKgvD,aAAeA,EACpB7rD,GAAOjC,QAGDlB,KAAKy9E,6BACJt6E,EAET,MAAM,IAAI2jD,GAAiB,WAAW9mD,KAAK4hD,6CAO7C9/C,QACE,MAAM26C,EAAM,GAEZA,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK4hD,WAC9BnF,EAAI56C,KAAKuY,EAAKS,UAAU7a,KAAK0zE,UAE7Bj3B,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK6pD,aAE9B,MAAM9C,EAAStoC,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgvD,cAO3D,OANqB,IAAjBhvD,KAAK4hD,SAEPnF,EAAI56C,KAAKuY,EAAKM,YAAYqsC,EAAO3lD,OAAQ,IAG3Cq7C,EAAI56C,KAAKklD,GACF3sC,EAAKtX,iBAAiB25C,GAO/B25B,aAAax0B,GACX,MAAM16C,EAAQlH,KAAK09E,iBAEnB,OAAgB,IAAZ97B,EACKxnC,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQuX,EAAKM,YAAYxT,EAAM9F,OAAQ,GAAI8F,IAEpFkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQuX,EAAKM,YAAYxT,EAAM9F,OAAQ,GAAI8F,IAO3Fy2E,cACE,OAAO,KAOTC,kBACE,OAAO59E,KAAK0zE,QAOd2B,WACE,OAAOr1E,KAAKunB,MAOdpmB,mCAIE,SAHMnB,KAAK69E,qBACX79E,KAAKunB,MAAQ,IAAIH,GAEI,IAAjBpnB,KAAK4hD,QACP5hD,KAAKunB,MAAMrmB,KAAKlB,KAAKsrD,YAAYr/C,SAAS,EAAG,QACxC,IAAqB,IAAjBjM,KAAK4hD,QAGd,MAAU1+C,MAAM,2BAFhBlD,KAAKunB,MAAMrmB,KAAKlB,KAAKsrD,YAAYr/C,SAAS,GAAI,MASlD9K,2BACE,MAAMo0E,EAASv1E,KAAKo2E,aAAap2E,KAAK4hD,SAEtC,GAAqB,IAAjB5hD,KAAK4hD,QACP5hD,KAAKsrD,kBAAoB7sC,GAAOzK,KAAKI,OAAOmhE,OACvC,IAAqB,IAAjBv1E,KAAK4hD,QAGd,MAAU1+C,MAAM,2BAFhBlD,KAAKsrD,kBAAoB7sC,GAAOzK,KAAKE,KAAKqhE,IAU9CH,sBACE,OAAOp1E,KAAKsrD,YAOdwyB,iBACE,OAAO1jE,EAAK8B,gBAAgBlc,KAAKo1E,uBAOnC2I,qBAAqBC,GACnB,OAAOh+E,KAAK4hD,UAAYo8B,EAAMp8B,SAAWxnC,EAAKqD,iBAAiBzd,KAAK09E,iBAAkBM,EAAMN,kBAO9FO,mBACE,MAAMx8E,EAAS,GACfA,EAAOooD,UAAY9oC,EAAM7f,KAAK6f,EAAM7O,UAAWlS,KAAK6pD,WAEpD,MAAMq0B,EAASl+E,KAAKgvD,aAAa5iD,GAAKpM,KAAKgvD,aAAa58B,EAMxD,OALI8rD,EACFz8E,EAAO8c,KAAOnE,EAAKuB,oBAAoBuiE,GAC9Bl+E,KAAKgvD,aAAajK,MAC3BtjD,EAAO+O,MAAQxQ,KAAKgvD,aAAajK,IAAIC,WAEhCvjD,GAQX27E,GAAgBp8E,UAAUm9E,cAAgBf,GAAgBp8E,UAAUE,KAMpEk8E,GAAgBp8E,UAAU08E,eAAiBN,GAAgBp8E,UAAUc,MCzPrE,MAAMg1E,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAaF,MAAMiL,GACO/9D,iBACT,OAAOU,EAAMlM,OAAOQ,2BAGtBvV,cAIEE,KAAK25E,UAAY,KAKjB35E,KAAKi3E,QAAU,KAGjB/1E,KAAKgG,GACHlH,KAAK25E,UAAYzyE,EAGnBpF,QACE,OAAO9B,KAAK25E,UAadx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAE/C,IAAKtB,EAAO/B,6BACV,MAAUxf,MAAM,iCAGlB,MAAM8vB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACjCD,QAAkBhzD,EAAiB8uD,EAAaz1E,KAAK25E,YACrDK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EACnE+iE,EAAU1tE,SAAS+mB,EAAY,GAC/B2mD,EAAU1tE,SAAS,EAAG+mB,EAAY,IAGpChzB,KAAKi3E,cAAgBD,GAAW2B,WAAWqB,EAAWlD,GAAgBryD,GAYxEtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMjc,EAAO9J,KAAKi3E,QAAQn1E,SACpBkxB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEjC99D,QAAe2C,GAAOo7D,gBAAgBD,GACtCyE,QAAY5/D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAKkF,EAAQ,IAAIjZ,WAAWmwB,GAAYvO,GACjGusB,QAAmBvyB,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK9M,EAAMu0E,EAAIpyE,SAAS,GAAIwY,GAClGzkB,KAAK25E,UAAYv/D,EAAK5T,OAAO,CAAC63E,EAAKrtC,KCtFvC,MAAMstC,WAA2BlB,GACpB/8D,iBACT,OAAOU,EAAMlM,OAAOa,aAQtB5V,YAAYwyE,EAAM7tD,GAChB1kB,MAAMuyE,EAAM7tD,GASdkD,8BAA8B42D,GAC5B,MAAMhB,EAAY,IAAIe,IAChB18B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBizB,EAO1E,OANAhB,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,GCnBX,MAAMiB,GACOn+D,iBACT,OAAOU,EAAMlM,OAAOc,cAGtB7V,cACEE,KAAKy+E,WAAa,GAOpBv9E,KAAKgG,GACH,IAAIjE,EAAI,EACR,KAAOA,EAAIiE,EAAM9F,QAAQ,CACvB,MAAM2O,EAAM21C,GAAiBx+C,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SACrD6B,GAAK8M,EAAII,OAETnQ,KAAKy+E,WAAW58E,KAAKuY,EAAKqC,mBAAmBvV,EAAM+E,SAAShJ,EAAGA,EAAI8M,EAAIA,OACvE9M,GAAK8M,EAAIA,KAQbjO,QACE,MAAM26C,EAAM,GACZ,IAAK,IAAIx5C,EAAI,EAAGA,EAAIjD,KAAKy+E,WAAWr9E,OAAQ6B,IAC1Cw5C,EAAI56C,KAAK8jD,GAAkB3lD,KAAKy+E,WAAWx7E,GAAG7B,SAC9Cq7C,EAAI56C,KAAKuY,EAAKiC,mBAAmBrc,KAAKy+E,WAAWx7E,KAEnD,OAAOmX,EAAKtX,iBAAiB25C,GAQ/Bn1B,OAAOo3D,GACL,SAAKA,GAAaA,aAAmBF,KAG9Bx+E,KAAKy+E,WAAWhgC,OAAM,SAASkgC,EAAMl/D,GAC1C,OAAOk/D,IAASD,EAAQD,WAAWh/D,OCtDzC,MAAMm/D,WAAwBxB,GACjB/8D,iBACT,OAAOU,EAAMlM,OAAOK,UAOtBpV,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtChmB,MAAMuyE,EAAM7tD,GAIZzkB,KAAK6+E,YAAc,KAInB7+E,KAAK8+E,YAAc,KAKnB9+E,KAAK++E,SAAW,EAKhB/+E,KAAK6R,IAAM,KAKX7R,KAAKiT,UAAY,KAKjBjT,KAAKyU,KAAO,KAKZzU,KAAKgwD,cAAgB,KAWvB7uD,WAAW+F,GAET,IAAIjE,QAAUjD,KAAKm+E,cAAcj3E,GACjC,MAAM83E,EAAuB/7E,EAM7BjD,KAAK++E,SAAW73E,EAAMjE,KAID,IAAjBjD,KAAK4hD,SACP3+C,IAGF,IAGE,GAAsB,MAAlBjD,KAAK++E,UAAsC,MAAlB/+E,KAAK++E,UAAsC,MAAlB/+E,KAAK++E,UAezD,GAdA/+E,KAAKiT,UAAY/L,EAAMjE,KAID,MAAlBjD,KAAK++E,WACP/+E,KAAKyU,KAAOvN,EAAMjE,MAMpBjD,KAAK6R,IAAM,IAAIyqE,GACfr5E,GAAKjD,KAAK6R,IAAI3Q,KAAKgG,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAErB,cAAlBpB,KAAK6R,IAAImI,KACX,YAEOha,KAAK++E,WACd/+E,KAAKiT,UAAYjT,KAAK++E,UAMpB/+E,KAAK++E,WACP/+E,KAAKkxB,GAAKhqB,EAAM+E,SACdhJ,EACAA,EAAIwb,GAAOkxB,UAAU3vC,KAAKiT,WAAW+f,WAGvC/vB,GAAKjD,KAAKkxB,GAAG9vB,QAEf,MAAOiD,GAEP,IAAKrE,KAAK++E,SAAU,MAAM16E,EAC1BrE,KAAKi/E,uBAAyB/3E,EAAM+E,SAAS+yE,GAC7Ch/E,KAAK8+E,aAAc,EAerB,GAVqB,IAAjB9+E,KAAK4hD,UACP3+C,GAAK,GAMPjD,KAAK6+E,YAAc33E,EAAM+E,SAAShJ,GAClCjD,KAAK8+E,cAAgB9+E,KAAK++E,UAErB/+E,KAAK8+E,YAAa,CACrB,MAAMtpC,EAAYx1C,KAAK6+E,YAAY5yE,SAAS,GAAI,GAChD,IAAKmO,EAAKqD,iBAAiBrD,EAAKwD,cAAc43B,GAAYx1C,KAAK6+E,YAAY5yE,UAAU,IACnF,MAAU/I,MAAM,yBAElB,IACE,MAAM8sD,cAAEA,GAAkBvxC,GAAOygE,sBAAsBl/E,KAAK6pD,UAAWrU,EAAWx1C,KAAKgvD,cACvFhvD,KAAKgwD,cAAgBA,EACrB,MAAO5O,GACP,GAAIA,aAAe0F,GAAkB,MAAM1F,EAE3C,MAAUl+C,MAAM,wBAStBpB,QACE,MAAMq9E,EAAsBn/E,KAAK09E,iBACjC,GAAI19E,KAAKi/E,uBACP,OAAO7kE,EAAKtX,iBAAiB,CAC3Bq8E,EACAn/E,KAAKi/E,yBAIT,MAAMxiC,EAAM,CAAC0iC,GACb1iC,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK++E,YAE9B,MAAMK,EAAoB,GA6C1B,OA1CsB,MAAlBp/E,KAAK++E,UAAsC,MAAlB/+E,KAAK++E,UAAsC,MAAlB/+E,KAAK++E,WACzDK,EAAkBv9E,KAAK7B,KAAKiT,WAIN,MAAlBjT,KAAK++E,UACPK,EAAkBv9E,KAAK7B,KAAKyU,MAM9B2qE,EAAkBv9E,QAAQ7B,KAAK6R,IAAI/P,UAMjC9B,KAAK++E,UAA8B,cAAlB/+E,KAAK6R,IAAImI,MAC5BolE,EAAkBv9E,QAAQ7B,KAAKkxB,IAGZ,IAAjBlxB,KAAK4hD,SACPnF,EAAI56C,KAAK,IAAIgB,WAAW,CAACu8E,EAAkBh+E,UAE7Cq7C,EAAI56C,KAAK,IAAIgB,WAAWu8E,IAEnBp/E,KAAKq/E,YACHr/E,KAAK++E,WACR/+E,KAAK6+E,YAAcpgE,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgwD,gBAG5C,IAAjBhwD,KAAK4hD,SACPnF,EAAI56C,KAAKuY,EAAKM,YAAY1a,KAAK6+E,YAAYz9E,OAAQ,IAErDq7C,EAAI56C,KAAK7B,KAAK6+E,aAET7+E,KAAK++E,UACRtiC,EAAI56C,KAAKuY,EAAKwD,cAAc5d,KAAK6+E,eAI9BzkE,EAAKtX,iBAAiB25C,GAQ/BkhC,cACE,OAA4B,IAArB39E,KAAK8+E,YAWdQ,6BACE,YAAuCr+E,IAAhCjB,KAAKi/E,wBAAwCj/E,KAAKq/E,UAO3DA,UACE,SAAUr/E,KAAK6R,KAAyB,cAAlB7R,KAAK6R,IAAImI,MAQjCulE,UAAU96D,EAASsB,IACb/lB,KAAKq/E,YAGLr/E,KAAK29E,eACP39E,KAAKw/E,4BAEAx/E,KAAKi/E,uBACZj/E,KAAK8+E,YAAc,KACnB9+E,KAAK6+E,YAAc,KACnB7+E,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIg4C,UAAY,EACrB7pD,KAAK6R,IAAIuK,EAAI,EACbpc,KAAK6R,IAAImI,KAAO,YAChBha,KAAK++E,SAAW,IAChB/+E,KAAKiT,UAAY8N,EAAM9N,UAAUQ,QAanCtS,cAAcq7E,EAAY/3D,EAASsB,IACjC,GAAI/lB,KAAKq/E,UACP,OAGF,IAAKr/E,KAAK29E,cACR,MAAUz6E,MAAM,mCAGlB,IAAKs5E,EACH,MAAUt5E,MAAM,0DAGlBlD,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAC7C,MAAMzI,EAAY/2B,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgwD,eAC9DhwD,KAAKiT,UAAY8N,EAAM9N,UAAUQ,OACjC,MAAMmD,QAAY6oE,GAAqBz/E,KAAK6R,IAAK2qE,EAAYx8E,KAAKiT,YAE5D+f,UAAEA,GAAcvU,GAAOkxB,UAAU3vC,KAAKiT,WAG5C,GAFAjT,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAejrB,GAEnCvO,EAAOnC,YAAa,CACtBtiB,KAAK++E,SAAW,IAChB/+E,KAAKyU,KAAOsM,EAAMtM,KAAKC,IACvB,MAAMoZ,EAAOrP,GAAO87D,YAAYv6E,KAAKyU,MAC/B+lE,QAAqB1sD,EAAK9tB,KAAKiT,UAAW2D,GAChD5W,KAAK6+E,kBAAoBrE,EAAa9nD,QAAQ8iB,EAAWx1C,KAAKkxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAIzvC,iBAEjG7C,KAAK++E,SAAW,IAChB/+E,KAAK6+E,kBAAoBpgE,GAAOqP,KAAK6iB,IAAIje,QAAQ1yB,KAAKiT,UAAW2D,EAAKwD,EAAKtX,iBAAiB,CAC1F0yC,QACM/2B,GAAOzK,KAAKE,KAAKshC,EAAW/wB,KAChCzkB,KAAKkxB,GAAIzM,GAajBtjB,cAAcq7E,GACZ,GAAIx8E,KAAKq/E,UACP,OAAO,EAGT,GAAIr/E,KAAKi/E,uBACP,MAAU/7E,MAAM,kEAGlB,GAAIlD,KAAK29E,cACP,MAAUz6E,MAAM,oCAGlB,IAAI0T,EASA4+B,EARJ,GAAsB,MAAlBx1C,KAAK++E,UAAsC,MAAlB/+E,KAAK++E,SAE3B,MAAsB,MAAlB/+E,KAAK++E,SACJ77E,MAAM,0EAENA,MAAM,yEAIlB,GARE0T,QAAY6oE,GAAqBz/E,KAAK6R,IAAK2qE,EAAYx8E,KAAKiT,WAQxC,MAAlBjT,KAAK++E,SAAkB,CACzB,MAAMjxD,EAAOrP,GAAO87D,YAAYv6E,KAAKyU,MAC/B+lE,QAAqB1sD,EAAK9tB,KAAKiT,UAAW2D,GAChD,IACE4+B,QAAkBglC,EAAa7nD,QAAQ3yB,KAAK6+E,YAAa7+E,KAAKkxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAIzvC,YACjG,MAAOu+C,GACP,GAAoB,gCAAhBA,EAAI7nC,QACN,MAAUrW,MAAM,6BAA+Bk+C,EAAI7nC,SAErD,MAAM6nC,OAEH,CACL,MAAMs+B,QAA0BjhE,GAAOqP,KAAK6iB,IAAIhe,QAAQ3yB,KAAKiT,UAAW2D,EAAK5W,KAAK6+E,YAAa7+E,KAAKkxB,IAEpGskB,EAAYkqC,EAAkBzzE,SAAS,GAAI,IAC3C,MAAM+H,QAAayK,GAAOzK,KAAKE,KAAKshC,GAEpC,IAAKp7B,EAAKqD,iBAAiBzJ,EAAM0rE,EAAkBzzE,UAAU,KAC3D,MAAU/I,MAAM,4BAIpB,IACE,MAAM8sD,cAAEA,GAAkBvxC,GAAOygE,sBAAsBl/E,KAAK6pD,UAAWrU,EAAWx1C,KAAKgvD,cACvFhvD,KAAKgwD,cAAgBA,EACrB,MAAO5O,GACP,MAAUl+C,MAAM,sBAElBlD,KAAK8+E,aAAc,EACnB9+E,KAAK6+E,YAAc,KACnB7+E,KAAK++E,SAAW,EAQlB59E,iBACE,GAAInB,KAAKq/E,UACP,OAGF,IAAKr/E,KAAK29E,cACR,MAAUz6E,MAAM,wBAGlB,IAAIy8E,EACJ,IAEEA,QAAoBlhE,GAAO2xC,eAAepwD,KAAK6pD,UAAW7pD,KAAKgvD,aAAchvD,KAAKgwD,eAClF,MAAO3L,GACPs7B,GAAc,EAEhB,IAAKA,EACH,MAAUz8E,MAAM,kBAIpB/B,eAAeod,EAAM/N,GACnB,MAAMw/C,cAAEA,EAAahB,aAAEA,SAAuBvwC,GAAOmhE,eAAe5/E,KAAK6pD,UAAWtrC,EAAM/N,GAC1FxQ,KAAKgwD,cAAgBA,EACrBhwD,KAAKgvD,aAAeA,EACpBhvD,KAAK8+E,aAAc,EAMrBU,qBACMx/E,KAAKs/E,+BAITv0E,OAAOooB,KAAKnzB,KAAKgwD,eAAe5sD,SAAQ8H,IACxBlL,KAAKgwD,cAAc9kD,GAC3B40C,KAAK,UACJ9/C,KAAKgwD,cAAc9kD,EAAK,IAEjClL,KAAKgwD,cAAgB,KACrBhwD,KAAK8+E,aAAc,IAIvB39E,eAAes+E,GAAqB5tE,EAAK2qE,EAAY3yB,GACnD,MAAM52B,QAAEA,GAAYxU,GAAOkxB,UAAUka,GACrC,OAAOh4C,EAAIkrE,WAAWP,EAAYvpD,EACpC,yBC5aC,SAAU4sD,GAGX,SAASC,EAAU77B,GAIf,SAAS87B,IAAU,OAAO58E,GAAM4M,GAEhC,SAASiwE,IAAW,OAAO78E,GAC3B,SAAS88E,EAAOh9E,GAAKE,GAAMF,EAE3B,SAASi9E,IACL/8E,GAAM,EACN4M,GAAMowE,GAAY/+E,OAKtB,SAASw2C,EAAE1sC,EAAM7J,GACb,MAAO,CACH6J,KAAMA,EACNk1E,OAAQ/+E,GAAS,GACjBg/E,SAAUh/E,GAAS,GACnBi/E,SAAU,IAIlB,SAAS51B,EAAKx/C,EAAMq1E,GAChB,IAAIn0E,EACJ,OAAY,OAARm0E,EAAuB,OAC3Bn0E,EAAIwrC,EAAE1sC,IACJk1E,OAASG,EAAIH,OACfh0E,EAAEi0E,SAAWE,EAAIF,SACjBj0E,EAAEk0E,SAASz+E,KAAK0+E,GACTn0E,GAGX,SAASnG,EAAIu6E,EAAQC,GAMjB,OALc,OAAVA,IACAD,EAAOJ,QAAUK,EAAML,OACvBI,EAAOH,UAAYI,EAAMJ,UAE7BG,EAAOF,SAASz+E,KAAK4+E,GACdD,EAGX,SAASE,EAAaC,GAClB,IAAIC,EACJ,OAAKb,KAEDY,EADJC,EA1CuBT,GAAYh9E,MAGlBA,IAAO,EA0Cby0C,EAAE,QAASgpC,IAJC,KAS3B,SAAS7qE,EAAQ8qE,GACb,OAAO,WACH,OAAOn2B,EAAK,UAAWg2B,GAAa,SAAUE,GAC1C,OAAOA,IAAQC,OAK3B,SAASC,IACL,IAAIlwD,EAAO2rB,UACX,OAAO,WACH,IAAIt5C,EAAG4a,EAAGpc,EAAQmC,EAGlB,IAFAA,EAAQo8E,IACRniE,EAAI+5B,EAAE,OACD30C,EAAI,EAAGA,EAAI2tB,EAAKxvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASmvB,EAAK3tB,MAGV,OADAg9E,EAAOr8E,GACA,KAEXqC,EAAI4X,EAAGpc,GAEX,OAAOoc,GAIf,SAASkjE,IACL,IAAInwD,EAAO2rB,UACX,OAAO,WACH,IAAIt5C,EAAGxB,EAAQmC,EAEf,IADAA,EAAQo8E,IACH/8E,EAAI,EAAGA,EAAI2tB,EAAKxvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASmvB,EAAK3tB,MAEV,OAAOxB,EAEXw+E,EAAOr8E,GAEX,OAAO,MAIf,SAAS++D,EAAIqe,GACT,OAAO,WACH,IAAIv/E,EAAQmC,EAGZ,OAFAA,EAAQo8E,IAEO,QADfv+E,EAASu/E,KAEEv/E,GAGPw+E,EAAOr8E,GACAg0C,EAAE,SAKrB,SAASqpC,EAAMD,GACX,OAAO,WACH,IAAIv/E,EAASu/E,IAIb,OAHe,OAAXv/E,IACAA,EAAO4+E,SAAW,IAEf5+E,GAIf,SAASy/E,EAAOF,GACZ,OAAO,WACH,IAAIv/E,EAASu/E,IAIb,OAHe,OAAXv/E,GAAmBA,EAAO4+E,SAASj/E,OAAS,IAC5CK,EAAO4+E,SAAW,KAEf5+E,GAIf,SAAS0/E,EAAKH,EAAMI,GAChB,OAAO,WACH,IAAIvjE,EAAGpc,EAAQgiC,EAAO7/B,EAAOi6C,EAK7B,IAJAj6C,EAAQo8E,IACRniE,EAAI+5B,EAAE,QACNnU,EAAQ,EACRoa,OAAkB58C,IAAZmgF,EAAwB,EAAIA,EACL,QAArB3/E,EAASu/E,MACbv9C,GAAgB,EAChBx9B,EAAI4X,EAAGpc,GAEX,OAAIgiC,GAASoa,EACFhgC,GAGPoiE,EAAOr8E,GACA,OA2BnB,SAASy9E,EAAeT,GAIpB,OAAOA,EAAIpkE,WAAW,IAAM,IAUhC,SAAS8kE,IAAO,OAAO52B,EAAK,KAAM30C,EAAQ,KAARA,IAIlC,SAASwrE,IAAS,OAAO72B,EAAK,OAAQo2B,EAAIQ,EAAIE,EAARV,IAItC,SAASW,IAAW,OAAO/2B,EAAK,SAAU30C,EAAQ,IAARA,IAI1C,SAAS2rE,IAAS,OAAOh3B,EAAK,OAAQ30C,EAAQ,KAARA,IAItC,SAASyrE,IAAO,OAAO92B,EAAK,KAAM30C,EAAQ,KAARA,IAGlC,SAAS4rE,IAAO,OAAOj3B,EAAK,KAAM30C,EAAQ,IAARA,IAIlC,SAAS6rE,IACL,OAAOl3B,EAAK,QAASg2B,GAAa,SAAmBE,GACjD,IAAIvqB,EAAOuqB,EAAIpkE,WAAW,GACtBqlE,EAAU,IAAQxrB,GAAQA,GAAQ,IAItC,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAMf,SAASE,IAAQ,OAAOr3B,EAAK,MAAOq2B,EAAGY,EAAID,EAAPX,IAQpC,SAASiB,IACL,IAAIloD,EAAK4wB,EAAK,cACdq2B,EACID,EAAI/qE,EAAQ,MAAOgrE,EAAGa,EAAOG,IAC7BE,GAFJlB,IAIA,OAAW,OAAPjnD,EAAsB,MAG1BA,EAAGumD,SAAWvmD,EAAGumD,SAAS,GACnBvmD,GAMX,SAASooD,IACL,OAAOx3B,EAAK,MAAOq2B,EACfoB,GACArB,EACIne,EAAIme,EACAK,EAAKY,GACLd,EAAMM,KAEVJ,EAAKY,EAAK,IAPChB,IAgBvB,SAASqB,IACL,OAAO13B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIpkE,WAAW,GACtBqlE,EACC,IAAMxrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfQ,GAdiBtB,IAmBzB,SAASuB,IACL,OAAO53B,EAAK,WAAYq2B,EAAGqB,EAAOJ,EAAYzgB,EAAtBwf,IAI5B,SAASxf,IACL,OAAO7W,EAAK,UAAWo2B,EACnB/qE,EAAQ,KACRorE,EAAKL,EAAIne,EAAIuf,GAAMI,IACnB3f,EAAIuf,GACJnsE,EAAQ,KAJW+qE,IAS3B,SAASyB,IACL,OAAO73B,EAAK,OAAQq2B,EAChBD,EACIK,EACIL,EAAIne,EAAIuf,GAAM3gB,GACd,GAEJoB,EAAIuf,IAERA,EARgBnB,IAyBxB,SAASyB,IACL,OAAO93B,EAAK,QAASg2B,GAAa,SAAmBE,GACjD,IAAIiB,EACC,KAAOjB,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,CAAC,IAAK,IAAK,IAAK,IAAK,IAAK,IAAM,IAAK,IAAK,IAAK,IAC9C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,KAAKr6E,QAAQq6E,IAAQ,EAInE,OAHI38B,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAKf,SAASY,IACL,OAAO/3B,EAAK,OAAQo2B,EAAII,EAAOve,EAAI4f,IAAQpB,EAAKqB,EAAO,GAAItB,EAAOve,EAAI4f,IAAlDzB,IAIxB,SAAS4B,IACL,IAAI7kE,EAAG8kE,EAEP,OAAU,QADV9kE,EAAI6sC,EAAK,gBAAiBy2B,EAAKqB,EAAO,EAAZrB,MAGR,QADlBwB,EAAYxB,EAAKL,EAAI/qE,EAAQ,KAAMorE,EAAKqB,EAAO,IAAnCrB,KAERl7E,EAAI4X,EAAG8kE,GAHc9kE,EAS7B,SAAS+kE,IACL,OAAOl4B,EAAK,WAAYo2B,EAAIG,EAAMte,EAAI4f,IAAQG,EAAazB,EAAMte,EAAI4f,IAA7CzB,IAS5B,SAAS+B,IACL,OAAOn4B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIpkE,WAAW,GACtBqlE,EACC,KAAOxrB,GACP,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfiB,GAdiB/B,IAmBzB,SAASgC,IACL,OAAOr4B,EAAK,WAAYq2B,EAAG8B,EAAOb,EAAVjB,IAM5B,SAASiC,IACL,OAAOt4B,EAAK,gBAAiBo2B,EACzBG,EAAMte,EAAI4f,IACVtB,EAAMQ,GAASN,EAAKL,EAAIne,EAAIue,EAAOgB,IAAOa,IAAYpgB,EAAIse,EAAMiB,IAAOjB,EAAMQ,GAC7ER,EAAMte,EAAI4f,IAHezB,IAUjC,SAAS16C,IACL,OAAOskB,EAAK,OAAQq2B,EAAG0B,EAAMO,EAATjC,IAUxB,SAASkC,IACL,OAAOv4B,EAAK,UAAWq2B,EAAGmC,EAASC,EAAZpC,IAI3B,SAASmC,IACL,OAAOx4B,EAAK,UAAWq2B,EAAGqC,EAAUC,EAAbtC,IAI3B,SAASqC,IACL,OAAO14B,EAAK,YAAao2B,EAAIne,EAAI2gB,GAAcC,EAAtBzC,IAK7B,SAASyC,IACL,OAAO74B,EAAK,aAAcq2B,EACtBD,EACIG,EAAMte,EAAI4f,IACVxsE,EAAQ,KACRstE,EACAttE,EAAQ,KACRkrE,EAAMte,EAAI4f,KAEdiB,GARsBzC,IAa9B,SAASoC,IACL,OAAOz4B,EAAK,QAASo2B,EACjBwC,EACAvtE,EAAQ,KACR4sD,EAAI8gB,GACJ1tE,EAAQ,KACRkrE,EAAMte,EAAI4f,IALOzB,IAUzB,SAASwC,IACL,OAAO54B,EAAK,gBAEO,QADXjpD,EAhDDipD,EAAK,SAAUq2B,EAAG2C,GAAWvC,EAAK/6C,EAAM,GAAzB26C,OAkDdt/E,EAAO4+E,SAnTnB,SAA4BxiE,GACxB,OAAOA,EAAE+D,QAAQ,iBAAkB,KAAKA,QAAQ,OAAQ,IAAIA,QAAQ,OAAQ,IAkTlD+hE,CAAmBliF,EAAO4+E,WAEzC5+E,IALiB,IACpBA,EASZ,SAASmiF,IACL,OAAOl5B,EAAK,eAAgBq2B,EACxBD,EACIoC,EACA/B,EAAKL,EAAI/qE,EAAQ,KAAMmtE,KAE3BW,GALwB9C,IAUhC,SAAS+C,IACL,OAAOp5B,EAAK,eAAgBq2B,EACxBD,EACImC,EACA9B,EAAKL,EAAI/qE,EAAQ,KAAMktE,KAE3Bc,GALwBhD,IAUhC,SAAS0C,IACL,OAAO/4B,EAAK,aAAcq2B,EACtB6C,EACA3C,EAAMsB,GACNyB,GAHsBjD,IAU9B,SAASkD,IAGL,OAAOv5B,EAAK,aAAcq2B,EAAGmD,GAActB,EAASI,EAA1BjC,IAM9B,SAASoD,IACL,OAAOz5B,EAAK,QAASq2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIvqB,EAAOuqB,EAAIpkE,WAAW,GACtBqlE,EACC,IAAMxrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK69B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfuC,GAbiBrD,IAmBzB,SAASsD,IACL,OAAO35B,EAAK,iBAAkBo2B,EAC1BG,EAAMte,EAAI4f,IACVxsE,EAAQ,KACRorE,EAAKL,EAAIne,EAAIuf,GAAMiC,IACnBxhB,EAAIuf,GACJnsE,EAAQ,KACRkrE,EAAMte,EAAI4f,IANgBzB,IAWlC,SAASwD,IACL,OAAO55B,EAAK,UACJjpD,EAASs/E,EAAGwD,GAAW3B,EAASyB,EAAvBtD,GACT98B,EAAKugC,WACD/iF,GAAUA,EAAO4+E,UAAY5+E,EAAO4+E,SAAS95E,QAAQ,KAAO,EACrD,MAIX9E,IACAA,EAAO4+E,SAAW5+E,EAAO4+E,SAASz+D,QAAQ,OAAQ,KAE/CngB,KAXW,IACdA,EAeZ,SAAS4hF,IACL,OAAO34B,EAAK,YAAao2B,EACrBmD,EAAWluE,EAAQ,KAAMuuE,EADJxD,IA0C7B,SAAS2D,KACL,OAAOxgC,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBg2B,GAAa,SAAUE,GACrE,IAAIvqB,EAAOuqB,EAAIpkE,WAAW,GAC1B,OAAS,GAAK65C,GAAQA,GAAQ,GACrB,KAAOA,GAAQ,KAAOA,GACtB,IAAMA,GAAQA,GAAQ,IACtB,MAAQA,MAKzB,SAASgsB,KAAa,OAAOp+B,EAAKygC,OAAS,KAAOh6B,EAAK,YAAa+5B,MAGpE,SAAS3B,KAAa,OAAO7+B,EAAKygC,OAAS,KAAOh6B,EAAK,YAAa+5B,MAGpE,SAASxC,KACL,OAAOh+B,EAAKygC,OAAS,KAAOh6B,EAAK,SAAUo2B,EACvC/qE,EAAQ,MACRgrE,EAAGhrE,EAAQ,MAAO0uE,GAAYjD,EAAIF,GAFKR,IAO/C,SAAS4C,KACL,OAAIz/B,EAAKygC,OAAgB,KAClBzgC,EAAK0gC,gBAAkBj6B,EAAK,aAAco2B,EAC7C16C,EACA+6C,EAAKJ,EAAG36C,EAAMrwB,EAAQ,KAAMA,EAAQ,KAAMmrE,EAAOqB,KAFJzB,IAIjDp2B,EAAK,aAAco2B,EACf16C,EACA+6C,EAAKJ,EAAG36C,EAAMrwB,EAAQ,KAAMmrE,EAAOqB,KAFpBzB,IAUvB,SAASqB,KACL,OAAOl+B,EAAKygC,OAAS,KAAOh6B,EAAK,UAAWy2B,EACxCL,EAAIG,EAAMte,EAAI4e,IAAQQ,GACtB,EAFwCZ,IAShD,SAASqC,KACL,OAAOv/B,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAC/CG,EAAMte,EAAI4f,IACVxsE,EAAQ,KACR6uE,GACAvB,EACAttE,EAAQ,KACRkrE,EAAMte,EAAI4f,IANqCzB,IAWvD,SAAS8D,KACL,OAAO3gC,EAAKygC,OAAS,KAAOh6B,EAAK,YAAao2B,EAC1C+D,GACA9uE,EAAQ,KAFkC+qE,IAQlD,SAAS+D,KACL,OAAO5gC,EAAKygC,OAAS,KAAOh6B,EAAK,kBAAmBo2B,EAChDK,EAAKJ,EAAGE,EAAMsB,GAAOxsE,EAAQ,OAC7BA,EAAQ,KACRuuE,EACAnD,EAAKL,EACD/qE,EAAQ,KACRkrE,EAAMte,EAAI4f,IACV5f,EAAIme,EAAI/qE,EAAQ,KAAMuuE,MAPsBxD,IAaxD,SAAS+C,KACL,OAAO5/B,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBo2B,EAC9CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVxsE,EAAQ,OAEZmtE,EACA/B,EAAKL,EACD/qE,EAAQ,KACR4sD,EAAIme,EACAoC,EACAjC,EAAMsB,OAVgCzB,IAiBtD,SAASiD,KACL,OAAO9/B,EAAKygC,OAAS,KAAOh6B,EAAK,gBAAiBo2B,EAC9CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVxsE,EAAQ,OAEZktE,EACA9B,EAAKL,EACD/qE,EAAQ,KACR4sD,EAAIme,EACAmC,EACAhC,EAAMsB,OAVgCzB,IAiBtD,SAASkD,KACL,OAAO//B,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAC/CK,EAAKL,EACDG,EAAMte,EAAI4f,IACVxsE,EAAQ,MACT,GACHkrE,EAAMte,EAAI4f,IALqCzB,IAUvD,SAASoD,KACL,OAAOjgC,EAAKygC,OAAS,KAAOh6B,EAAK,iBAAkBo2B,EAAI16C,EAAM+6C,EAAKL,EAAI/qE,EAAQ,KAAMqwB,IAAjC06C,IAIvD,SAASyD,KACL,OAAOtgC,EAAKygC,OAAS,KAAOh6B,EAAK,aAAco2B,EAAI2B,EAAMtB,EAAKL,EAAI/qE,EAAQ,KAAM0sE,IAAjC3B,IAInD,SAASsD,KACL,OAAOngC,EAAKygC,OAAS,KAAOh6B,EAAK,YAAaq2B,EAAG0D,GAAYzC,EAAfjB,IAOlD,SAAS+D,GAAS55E,EAAM27D,GACpB,IAAI5jE,EAAG8hF,EAAOt9B,EACd,GAAIof,QAAuC,OAAO,KAElD,IADAke,EAAQ,CAACle,GACFke,EAAM3jF,OAAS,GAAG,CAErB,IADAqmD,EAAOs9B,EAAM1zD,OACJnmB,OAASA,EACd,OAAOu8C,EAEX,IAAKxkD,EAAIwkD,EAAK64B,SAASl/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C8hF,EAAMljF,KAAK4lD,EAAK64B,SAASr9E,IAGjC,OAAO,KAoBX,SAAS+hF,GAAuBC,EAAOpe,GACnC,IAAI5jE,EAAG8hF,EAAOt9B,EAAMhmD,EAAQyjF,EAC5B,GAAIre,QAAuC,OAAO,KAIlD,IAHAke,EAAQ,CAACle,GACTplE,EAAS,GACTyjF,EAAc,GACTjiF,EAAI,EAAGA,EAAIgiF,EAAM7jF,OAAQ6B,GAAK,EAC/BiiF,EAAYD,EAAMhiF,KAAM,EAG5B,KAAO8hF,EAAM3jF,OAAS,GAElB,IADAqmD,EAAOs9B,EAAM1zD,OACJnmB,QAAQg6E,EACbzjF,EAAOI,KAAK4lD,QAGZ,IAAKxkD,EAAIwkD,EAAK64B,SAASl/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C8hF,EAAMljF,KAAK4lD,EAAK64B,SAASr9E,IAIrC,OAAOxB,EAGX,SAAS0jF,GAAW5E,GAChB,IAAI6E,EAAWC,EAAoBpiF,EAAGqiF,EAAgB7jF,EACtD,GAAY,OAAR8+E,EACA,OAAO,KAMX,IAJA6E,EAAY,GAGZC,EAAqBL,GAAuB,CAAC,QAAS,WAAYzE,GAC7Dt9E,EAAI,EAAGA,EAAKoiF,EAAmBjkF,OAAQ6B,GAAK,EAEjB,WAD5BqiF,EAAiBD,EAAmBpiF,IACjBiI,KACfk6E,EAAUvjF,KAAK0jF,GAAgBD,IACA,YAAxBA,EAAep6E,MACtBk6E,EAAUvjF,KAAK2jF,GAAkBF,IAWzC,OAPA7jF,EAAS,CACL8+E,IAAKA,EACL6E,UAAWA,GAEXnhC,EAAKnyC,SACLrQ,EA+DR,SAAwBA,GACpB,IAAIwB,EACJ,GAAIxB,GAAUA,EAAO2jF,UACjB,IAAKniF,EAAI,EAAGA,EAAIxB,EAAO2jF,UAAUhkF,OAAQ6B,GAAK,SACnCxB,EAAO2jF,UAAUniF,GAAGwkD,KAGnC,OAAOhmD,EAtEMgkF,CAAehkF,IAExBwiD,EAAKyhC,UAiFb,SAAmBjkF,GACf,IAAKA,EAAU,OAAO,KACtB,IAAKwiD,EAAK0hC,SAAWlkF,EAAO2jF,UAAUhkF,OAAS,EAAK,OAAO,KAC3D,OAAOK,EAAO2jF,WAAa3jF,EAAO2jF,UAAU,GAnFjCM,CAAUjkF,GAEjBwiD,EAAKnyC,OACErQ,GAAUA,EAAO2jF,UAEjB3jF,EAIf,SAAS8jF,GAAgBpC,GACrB,IAAIlgF,EACA2iF,EAAYd,GAAS,eAAgB3B,GACrC0C,EAAuB,GACvBC,EAAYd,GAAuB,CAAC,WAAY7B,GACpD,IAAKlgF,EAAI,EAAGA,EAAI6iF,EAAU1kF,OAAQ6B,GAAK,EACnC4iF,EAAqBhkF,KAAK2jF,GAAkBM,EAAU7iF,KAE1D,MAAO,CACHwkD,KAAM07B,EACN18D,MAAO,CACHvb,KAAM06E,GAEV5rE,KAAMmpE,EAAMj4E,KACZA,KAAM66E,GAAaH,GACnBR,UAAWS,GAInB,SAASL,GAAkBtC,GACvB,IAAIh4E,EAAO45E,GAAS,eAAgB5B,GAChC8C,EAAQlB,GAAS,YAAa5B,GAC9BX,EAlGR,SAAsBr3E,EAAM27D,GACxB,IAAI5jE,EAAG8hF,EAAOt9B,EAAMhmD,EACpB,GAAIolE,QAAuC,OAAO,KAGlD,IAFAke,EAAQ,CAACle,GACTplE,EAAS,GACFsjF,EAAM3jF,OAAS,GAKlB,KAJAqmD,EAAOs9B,EAAM1zD,OACJnmB,OAASA,GACdzJ,EAAOI,KAAK4lD,GAEXxkD,EAAIwkD,EAAK64B,SAASl/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C8hF,EAAMljF,KAAK4lD,EAAK64B,SAASr9E,IAGjC,OAAOxB,EAoFIwkF,CAAa,OAAQ/C,GAC5BgD,EAAWlB,GAAuB,CAAC,WAAY9B,GAG/CiD,EAAQrB,GAAS,aAAckB,GAC/B1B,EAASQ,GAAS,SAAUkB,GAChC,MAAO,CACHv+B,KAAMy7B,EACNz8D,MAAO,CACHvb,KAAMA,EACN+3E,QAAS+C,EACTG,MAAOA,EACP7B,OAAQA,EACR4B,SAAU3D,GAEdvoE,KAAMkpE,EAAQh4E,KACdA,KAAM66E,GAAa76E,GACnB+3E,QAAS8C,GAAaC,GACtBG,MAAOJ,GAAaI,GACpB7B,OAAQyB,GAAazB,GACrB4B,SAAUE,GAAeF,GACzBN,UAAWG,GAAa7C,EAAQ0C,YAIxC,SAASG,GAAa35E,GAClB,OAAOA,QAAgCA,EAAEi0E,SAAW,KAaxD,SAAS+F,GAAeF,GACpB,IAAIzkF,EAAS,GACb,GAAIykF,EACA,IAAK,IAAIjjF,EAAI,EAAGA,EAAIijF,EAAS9kF,OAAQ6B,GAAK,EACtCxB,GAAUskF,GAAaG,EAASjjF,IAGxC,OAAOxB,EAWX,IAAI0+E,GAAah9E,GAAK4M,GAAKmnE,GAAQmP,GAGnC,GAAa,QADbpiC,EAAOqiC,EAAWriC,EAAM,KACH,OAAO,KAgB5B,GAdAk8B,GAAcl8B,EAAK3jD,MAEnB+lF,GAAkB,CACdpD,QAAWA,EACX,eAAgBa,EAChB,aAAcP,EACdxhE,KA1WJ,WACI,OAAO2oC,EAAK,OAAQq2B,EAChB6C,EACAE,EAFgB/C,KA0WpBoC,MAASA,EACTD,QAAWA,EACX,eAAgBU,EAChB,WA5VJ,WACI,OAAOl5B,EAAK,WAAYo5B,MA4VxB53B,OAtWJ,WACI,OAAOxB,EAAK,SAAUq2B,EAClBmC,EACAD,EAFkBlC,MAsWxB98B,EAAKsiC,UAAYzC,GAEd7/B,EAAKygC,OAAQ,CAId,GAHAxE,IACAj8B,EAAKygC,QAAS,EACdxN,GAASmP,GAAgBlG,IACrBl8B,EAAK0hC,UAAY5F,IACjB,OAAOoF,GAAWjO,IAEtBjzB,EAAKygC,QAAS,EAKlB,OAFAxE,IACAhJ,GAASmP,GAAgBlG,KACpBl8B,EAAK0hC,SAAW5F,IAAkB,KAChCoF,GAAWjO,GACtB,CA4CA,SAASoP,EAAWriC,EAAMuiC,GACtB,SAASnsE,EAASiC,GACd,MAA+C,oBAAxCvR,OAAO/J,UAAUuL,SAASzL,KAAKwb,GAO1C,SAASmqE,EAAY7uC,GACjB,OAAOA,QAGX,IAAI8uC,EAAU9uC,EAEd,GAAIv9B,EAAS4pC,GACTA,EAAO,CAAE3jD,MAAO2jD,QACb,IAZP,SAAkBrM,GACd,OAAOA,IAAM7sC,OAAO6sC,GAWZ+uC,CAAS1iC,GACjB,OAAO,KAGX,IAAK5pC,EAAS4pC,EAAK3jD,OAAU,OAAO,KACpC,IAAKkmF,EAAQ,OAAO,KAapB,IAAK5uC,KAXL8uC,EAAW,CACPhB,WAAW,EACXC,SAAS,EACTnB,WAAW,EACX1C,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,eACT7B,QAAQ,EACRC,iBAAiB,GAIb8B,EAAYxiC,EAAKrM,MACjBqM,EAAKrM,GAAM6uC,EAAYD,EAAK5uC,IAAgB8uC,EAAS9uC,GAAnB4uC,EAAK5uC,IAG/C,OAAOqM,CACX,CAEA67B,EAAU8G,gBArFV,SAA+B3iC,GAC3B,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9ByhC,WAAW,EACX5D,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,iBAEjB,EA+EAzG,EAAU+G,iBA7EV,SAAgC5iC,GAC5B,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,iBAEjB,EAwEAzG,EAAUgH,UAtEV,SAAyB7iC,GACrB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,SAEjB,EAiEAzG,EAAUiH,YA/DV,SAA2B9iC,GACvB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9ByhC,WAAW,EACX5D,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,WAEjB,EAyDAzG,EAAUkH,aAvDV,SAA4B/iC,GACxB,OAAO67B,EAAUwG,EAAWriC,EAAM,CAC9B69B,SAAS,EACThwE,QAAQ,EACRy0E,QAAS,aAEjB,EAoDIjhD,UAAiBw6C,CAKrB,CAtiCA,MCKA,MAAMmH,GACO5mE,iBACT,OAAOU,EAAMlM,OAAOY,OAGtB3V,cAKEE,KAAKyV,OAAS,GAEdzV,KAAKkL,KAAO,GACZlL,KAAKknF,MAAQ,GACblnF,KAAKuhE,QAAU,GASjB55C,kBAAkBlS,GAChB,GAAI2E,EAAKC,SAAS5E,IACfA,EAAOvK,OAASkP,EAAKC,SAAS5E,EAAOvK,OACrCuK,EAAOyxE,QAAU9sE,EAAKiF,eAAe5J,EAAOyxE,QAC5CzxE,EAAO8rD,UAAYnnD,EAAKC,SAAS5E,EAAO8rD,SACzC,MAAUr+D,MAAM,0BAElB,MAAM2R,EAAS,IAAIoyE,GACnBl8E,OAAO6lD,OAAO/7C,EAAQY,GACtB,MAAM0xE,EAAa,GAKnB,OAJItyE,EAAO3J,MAAMi8E,EAAWtlF,KAAKgT,EAAO3J,MACpC2J,EAAO0sD,SAAS4lB,EAAWtlF,KAAK,IAAIgT,EAAO0sD,YAC3C1sD,EAAOqyE,OAAOC,EAAWtlF,KAAK,IAAIgT,EAAOqyE,UAC7CryE,EAAOY,OAAS0xE,EAAW3lF,KAAK,KACzBqT,EAOT3T,KAAKgG,EAAOud,EAASsB,IACnB,MAAMtQ,EAAS2E,EAAK+C,WAAWjW,GAC/B,GAAIuO,EAAOrU,OAASqjB,EAAOZ,gBACzB,MAAU3gB,MAAM,8BAElB,IACE,MAAMgI,KAAEA,EAAM+3E,QAASiE,EAAKhB,SAAEA,GAAakB,GAAeR,gBAAgB,CAAEtmF,MAAOmV,EAAQkvE,iBAAiB,IAC5G3kF,KAAKuhE,QAAU2kB,EAAStkE,QAAQ,WAAY,IAC5C5hB,KAAKkL,KAAOA,EACZlL,KAAKknF,MAAQA,EACb,MAAO7iF,IACTrE,KAAKyV,OAASA,EAOhB3T,QACE,OAAOsY,EAAK0C,WAAW9c,KAAKyV,QAG9B6R,OAAO+/D,GACL,OAAOA,GAAeA,EAAY5xE,SAAWzV,KAAKyV,QCzEtD,MAAM6xE,WAA2B1I,GACpBv+D,iBACT,OAAOU,EAAMlM,OAAOM,aAOtBrV,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtChmB,MAAMuyE,EAAM7tD,ICZhB,MAAMqyD,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAK5D,MAAMoU,GAIXznF,YAAY0nF,GACVxnF,KAAKi3E,QAAUuQ,GAAc,IAAIxQ,GAOnCl1E,QACE,OAAO9B,KAAKi3E,QAAQn1E,QAQtBqX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMpE,UAAW/U,KAAK8B,aAASb,OAAWA,OAAWA,EAAWwjB,GAOrFgjE,mBACE,OAAOznF,KAAKi3E,QAAQ/uE,KAAI2M,GAAUA,EAAOs/D,eC3CtChzE,eAAeumF,GAAqB7iF,EAAS4f,GAClD,MAAM85D,EAAqB,IAAI+I,GAAmBziF,EAAQytE,KAAM7tD,GAKhE,OAJA85D,EAAmBtH,QAAU,KAC7BsH,EAAmB10B,UAAY9oC,EAAMjf,MAAMif,EAAM7O,UAAWrN,EAAQglD,iBAC9D00B,EAAmBpuB,SAAStrD,EAAQ8iF,QAAS9iF,EAAQ2L,aACrD+tE,EAAmBd,6BAClBc,CACT,CAEOp9E,eAAeymF,GAAkB/iF,EAAS4f,GAC/C,MAAM64D,EAAkB,IAAIsB,GAAgB/5E,EAAQytE,KAAM7tD,GAK1D,OAJA64D,EAAgBrG,QAAU,KAC1BqG,EAAgBzzB,UAAY9oC,EAAMjf,MAAMif,EAAM7O,UAAWrN,EAAQglD,iBAC3DyzB,EAAgBntB,SAAStrD,EAAQ8iF,QAAS9iF,EAAQ2L,MAAO3L,EAAQ4f,cACjE64D,EAAgBG,6BACfH,CACT,CAWOn8E,eAAe0mF,GAAwBC,EAAY51E,EAAWkhE,EAAe2U,EAAczV,EAAO,IAAI13D,KAAQ6J,GACnH,IAAIujE,EACAxnE,EACJ,IAAK,IAAIvd,EAAI6kF,EAAW1mF,OAAS,EAAG6B,GAAK,EAAGA,IAC1C,MAEM+kF,GAAeF,EAAW7kF,GAAGywE,SAAWsU,EAAYtU,iBAEhDoU,EAAW7kF,GAAGo6C,OAAOnrC,EAAWkhE,EAAe2U,EAAczV,OAAMrxE,EAAWwjB,GACpFujE,EAAcF,EAAW7kF,IAE3B,MAAOoB,GACPmc,EAAYnc,EAGhB,IAAK2jF,EACH,MAAM5tE,EAAK6F,UACT,wBAAwBc,EAAM7f,KAAK6f,EAAMhM,UAAWq+D,uBAAmClhE,EAAUmjE,WAAWhuD,UACzGzF,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACyiC,EAAG4jC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3D3nE,GAEJ,OAAOwnE,CACT,CAEO,SAASI,GAAc7K,EAAWxoE,EAAWu9D,EAAO,IAAI13D,MAC7D,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAiB,OAAbiE,EAAmB,CACrB,MAAM8R,EAAiBC,GAAqB/K,EAAWxoE,GACvD,QAASwoE,EAAU7J,SAAW6C,GAAYA,EAAW8R,GAEvD,OAAO,CACT,CASOlnF,eAAeonF,GAAuBC,EAAQC,EAAY5jF,EAAS4f,GACxE,MAAMikE,EAAa,GACnBA,EAAW9xE,IAAM6xE,EACjBC,EAAWjjF,KAAO+iF,EAClB,MAAMG,EAAsB,CAAEvV,cAAeryD,EAAMhM,UAAU2B,eACzD7R,EAAQi4C,MACV6rC,EAAoBvwE,SAAW,CAAC2I,EAAM3I,SAASS,UAC/C8vE,EAAoBlwE,wBAA0BmwE,GAAsBF,EAAY,KAAMF,EAAQ,CAC5FpV,cAAeryD,EAAMhM,UAAU4B,YAC9B9R,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,IAElDkkE,EAAoBvwE,SAAW,CAAC2I,EAAM3I,SAASU,qBAAuBiI,EAAM3I,SAASW,gBAEnFlU,EAAQ2S,kBAAoB,IAC9BmxE,EAAoBnxE,kBAAoB3S,EAAQ2S,kBAChDmxE,EAAoB5U,iBAAkB,GAGxC,aADoC6U,GAAsBF,EAAY,KAAMD,EAAYE,EAAqB9jF,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,EAE9J,CAYOtjB,eAAeqpD,GAAqB5zC,EAAK2mE,EAAWjL,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,GACzF,IAAI87B,EAAW97B,EAAOvC,uBAClB2mE,EAAWtoC,EACf,GAAI3pC,EAAK,CACP,MAAMkyE,QAAoBlyE,EAAImyE,eAAezW,EAAM78D,EAAQgP,GACvDqkE,EAAYE,kBAAkBlxE,2BAC/B+wE,GAAYC,EAAYE,kBAAkBlxE,wBAC3CyoC,EAAW9hC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkBo5C,GAClFA,EAAWtoC,GAGjB,OAAQg9B,EAAU1zB,WAChB,KAAK9oC,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUf,QACnB03E,EAAWpqE,GAAOwqE,0BAA0B1L,EAAU1zB,UAAW0zB,EAAUvuB,aAAajK,KAE5F,OAAOtmC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkBo5C,GAC9EA,EAAWtoC,CACf,CAYOp/C,eAAe+nF,GAAiBlvE,EAAMmZ,EAAO,GAAIm/C,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI1kE,EAASsB,IAChG,MAAMqjE,EAAc,CAClBn2E,UAAa8N,EAAM9N,UAAUM,OAC7BkB,KAAQsM,EAAMtM,KAAKC,IACnBf,YAAeoN,EAAMpN,YAAYC,cACjCoG,GACIqvE,EAAsB,CAC1Bp2E,UAAawR,EAAOtC,4BACpB1N,KAAQgQ,EAAOlC,uBACf5O,YAAe8Q,EAAOrC,+BACtBpI,GACIsvE,EAAmB,CACvBr2E,UAAa,+BACbwB,KAAQ,0BACRd,YAAe,kCACfqG,GAKIuvE,QAA0BtpF,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,eAAeyV,EAAK3T,GACvE,MACMumF,SADoB5yE,EAAImyE,eAAezW,EAAM6W,EAAQlmF,GAAIwhB,IAC5BukE,kBAAkBM,GACrD,QAASE,GAAkBA,EAAejjF,QAAQ8iF,IAAwB,MAE5E,OAAOE,EAAkB9qC,MAAMgrC,SAAWJ,EAAsBD,CAClE,CAgBOjoF,eAAeynF,GAAsBF,EAAYlvE,EAAYkwE,EAAkBf,EAAqBrW,EAAM78D,EAAQ4+D,EAAY,GAAIl3B,GAAW,EAAO14B,GACzJ,GAAIilE,EAAiBrK,UACnB,MAAUn8E,MAAM,qCAElB,IAAKwmF,EAAiB/L,cACpB,MAAUz6E,MAAM,iCAElB,MAAMymF,EAAkB,IAAIxW,GAM5B,OALApoE,OAAO6lD,OAAO+4B,EAAiBhB,GAC/BgB,EAAgBrW,mBAAqBoW,EAAiB7/B,UACtD8/B,EAAgBtW,oBAAsB7oB,GAAqBhxC,EAAYkwE,EAAkBpX,EAAM78D,EAAQgP,GACvGklE,EAAgBvV,aAAeC,QACzBsV,EAAgB7sC,KAAK4sC,EAAkBhB,EAAYpW,EAAMn1B,GACxDwsC,CACT,CAUOxoF,eAAeyoF,GAAgBC,EAAQ14B,EAAMwtB,EAAMrM,EAAO,IAAI13D,KAAQkvE,IAC3ED,EAASA,EAAOlL,MAETxtB,EAAKwtB,GAAMv9E,aAGRnB,QAAQ2H,IAAIiiF,EAAO3hF,KAAI/G,eAAe4oF,GACrCA,EAAUrT,UAAUpE,IAAWwX,UAAiBA,EAAQC,IACxD54B,EAAKwtB,GAAM12E,MAAK,SAAS+hF,GACxB,OAAO5vE,EAAKqD,iBAAiBusE,EAAQhV,cAAe+U,EAAU/U,mBAElE7jB,EAAKwtB,GAAM98E,KAAKkoF,OAPpB54B,EAAKwtB,GAAQkL,EAYnB,CAkBO1oF,eAAe8oF,GAAcxB,EAAYrV,EAAe2U,EAAcmC,EAAan1E,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,GAC3H7N,EAAMA,GAAO6xE,EACb,MAAM0B,EAAmB,GAwBzB,aAvBMlqF,QAAQ2H,IAAIsiF,EAAYhiF,KAAI/G,eAAeipF,GAC/C,IAUKr1E,IAAaq1E,EAAoBjW,YAAY7sD,OAAOvS,EAAUo/D,qBAEzDiW,EAAoB/sC,OACxBzmC,EAAKw8D,EAAe2U,EAActjE,EAAO1B,kBAAoBuvD,EAAO,MAAM,EAAO7tD,GAInF0lE,EAAiBtoF,KAAKuoF,EAAoBjW,cAE5C,MAAO9vE,SAGP0Q,GACFA,EAAU8/D,UAAUsV,EAAiBliF,MAAKsf,GAASA,EAAMD,OAAOvS,EAAUo/D,iBACxEp/D,EAAU8/D,UAAW,GAChB9/D,EAAU8/D,SAEZsV,EAAiB/oF,OAAS,CACnC,CASO,SAASknF,GAAqB/K,EAAWxoE,GAC9C,IAAIszE,EAKJ,OAHkC,IAA9BtzE,EAAUg/D,kBACZsU,EAAiB9K,EAAU7J,QAAQz4D,UAA0C,IAA9BlG,EAAUyC,mBAEpD6wE,EAAiB,IAAIztE,KAAKytE,GAAkB78E,GACrD,CAwBO,SAAS6+E,GAAmBxlF,EAASylF,EAAiB,IAU3D,OATAzlF,EAAQmV,KAAOnV,EAAQmV,MAAQswE,EAAetwE,KAC9CnV,EAAQ2L,MAAQ3L,EAAQ2L,OAAS85E,EAAe95E,MAChD3L,EAAQ8iF,QAAU9iF,EAAQ8iF,SAAW2C,EAAe3C,QACpD9iF,EAAQ2S,uBAAkDvW,IAA9B4D,EAAQ2S,kBAAkC3S,EAAQ2S,kBAAoB8yE,EAAe9yE,kBACjH3S,EAAQ23E,WAAapiE,EAAKC,SAASxV,EAAQ23E,YAAc33E,EAAQ23E,WAAa8N,EAAe9N,WAC7F33E,EAAQytE,KAAOztE,EAAQytE,MAAQgY,EAAehY,KAE9CztE,EAAQi4C,KAAOj4C,EAAQi4C,OAAQ,EAEvBj4C,EAAQmV,MACd,IAAK,MACH,IACEnV,EAAQ2L,MAAQuQ,EAAMjf,MAAMif,EAAMvQ,MAAO3L,EAAQ2L,OACjD,MAAOnM,GACP,MAAUnB,MAAM,iBAEd2B,EAAQ2L,QAAUuQ,EAAMvQ,MAAMS,eAAiBpM,EAAQ2L,QAAUuQ,EAAMvQ,MAAMa,mBAC/ExM,EAAQ2L,MAAQ3L,EAAQi4C,KAAO/7B,EAAMvQ,MAAMS,cAAgB8P,EAAMvQ,MAAMa,kBAErExM,EAAQi4C,KACVj4C,EAAQglD,UAAYhlD,EAAQ2L,QAAUuQ,EAAMvQ,MAAMS,cAAgB8P,EAAM7O,UAAUQ,YAAcqO,EAAM7O,UAAUO,MAEhH5N,EAAQglD,UAAY9oC,EAAM7O,UAAUM,KAEtC,MACF,IAAK,MACH3N,EAAQglD,UAAY9oC,EAAM7O,UAAUC,eACpC,MACF,QACE,MAAUjP,MAAM,wBAAwB2B,EAAQmV,MAEpD,OAAOnV,CACT,CAEO,SAAS0lF,GAAwBhN,EAAWxoE,GACjD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUE,YACjCs9C,IAAY3uC,EAAM7O,UAAUI,SAC5Bo9C,IAAY3uC,EAAM7O,UAAUM,MAC5Bk9C,IAAY3uC,EAAM7O,UAAUY,UAC1BiC,EAAUqD,UAC4C,IAArDrD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASS,UAC9C,CAEO,SAAS2xE,GAA2BjN,EAAWxoE,GACpD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUK,KACjCm9C,IAAY3uC,EAAM7O,UAAUG,SAC5Bq9C,IAAY3uC,EAAM7O,UAAUO,OAC5Bi9C,IAAY3uC,EAAM7O,UAAUQ,aAC5Bg9C,IAAY3uC,EAAM7O,UAAUf,WAC1B4D,EAAUqD,UACwD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC9C,CAEO,SAAS0xE,GAA2B11E,EAAW0P,GACpD,QAAIA,EAAOzB,0CAKHjO,EAAUqD,UACkD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC5C,CASO,SAAS2xE,GAAqBnN,EAAW94D,GAC9C,MAAMirC,EAAU3uC,EAAMjf,MAAMif,EAAM7O,UAAWqrE,EAAU1zB,WACjD8gC,EAAWpN,EAAUU,mBAC3B,GAAIx5D,EAAOP,0BAA0Ble,IAAI0pD,GACvC,MAAUxsD,MAASynF,EAAS9gC,UAAZ,kCAElB,OAAQ6F,GACN,KAAK3uC,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACrB,KAAK0O,EAAM7O,UAAUE,WACnB,GAAIu4E,EAASpsE,KAAOkG,EAAO5B,WACzB,MAAU3f,MAAM,yBAAyBuhB,EAAO5B,4CAElD,MACF,KAAK9B,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUM,KACnB,GAAIiS,EAAON,aAAane,IAAI2kF,EAASn6E,OACnC,MAAUtN,MAAM,eAAeynF,EAAS9gC,8BAA8B8gC,EAASn6E,sBAMvF,CCjZA,MAAMo6E,GACJ9qF,YAAY+qF,EAAYC,GACtB9qF,KAAKyV,OAASo1E,EAAW/qF,YAAYugB,MAAQU,EAAMlM,OAAOY,OAASo1E,EAAa,KAChF7qF,KAAK2V,cAAgBk1E,EAAW/qF,YAAYugB,MAAQU,EAAMlM,OAAOc,cAAgBk1E,EAAa,KAC9F7qF,KAAK+qF,mBAAqB,GAC1B/qF,KAAKgrF,oBAAsB,GAC3BhrF,KAAKirF,qBAAuB,GAC5BjrF,KAAK8qF,QAAUA,EAOjBI,eACE,MAAM1D,EAAa,IAAIxQ,GAKvB,OAJAwQ,EAAW3lF,KAAK7B,KAAKyV,QAAUzV,KAAK2V,eACpC6xE,EAAW3lF,QAAQ7B,KAAKirF,sBACxBzD,EAAW3lF,QAAQ7B,KAAK+qF,oBACxBvD,EAAW3lF,QAAQ7B,KAAKgrF,qBACjBxD,EAOT7lF,QACE,MAAMwpF,EAAO,IAAIP,GAAK5qF,KAAKyV,QAAUzV,KAAK2V,cAAe3V,KAAK8qF,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAI/qF,KAAK+qF,oBACnCI,EAAKH,oBAAsB,IAAIhrF,KAAKgrF,qBACpCG,EAAKF,qBAAuB,IAAIjrF,KAAKirF,sBAC9BE,EAWThqF,cAAciqF,EAAa9Y,EAAM7tD,GAC/B,MAAMgkE,EAAazoF,KAAK8qF,QAAQvN,UAC1BmL,EAAa,CACjBjzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAK6xE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWjzE,QAAUizE,EAAW/yE,cAAe3V,KAAK8qF,SAgB1E,OAfAK,EAAKH,0BAA4B/qF,QAAQ2H,IAAIwjF,EAAYljF,KAAI/G,eAAeqY,GAC1E,IAAKA,EAAW6xE,YACd,MAAUnoF,MAAM,gCAElB,GAAIsW,EAAWukE,qBAAqB0K,GAClC,MAAUvlF,MAAM,+DAElB,MAAMooF,QAAmB9xE,EAAW+xE,mBAActqF,EAAWqxE,OAAMrxE,EAAWwjB,GAC9E,OAAOmkE,GAAsBF,EAAYlvE,EAAY8xE,EAAW/N,UAAW,CAEzEnK,cAAeryD,EAAMhM,UAAUsB,YAC/B+B,SAAU,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,WACtDy5D,OAAMrxE,OAAWA,OAAWA,EAAWwjB,aAEtC0mE,EAAK1jD,OAAOznC,KAAMsyE,EAAM7tD,GACvB0mE,EAeThqF,gBAAgBqqF,EAAajO,EAAWjL,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClE,MAAM0iE,EAAazoF,KAAK8qF,QAAQvN,UAChC,OAAO0M,GAAcxB,EAAY1nE,EAAMhM,UAAU0B,eAAgB,CAC/DG,IAAK6xE,EACLhzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,eACnB3V,KAAKirF,qBAAsBO,EAAajO,EAAWjL,EAAM7tD,GAa9DtjB,wBAAwBqqF,EAAaC,EAAkBnZ,EAAO,IAAI13D,KAAQ6J,GACxE,MAAM0zD,EAAOn4E,KACPyoF,EAAazoF,KAAK8qF,QAAQvN,UAC1BwK,EAAe,CACnBtyE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAK6xE,IAEDtU,YAAEA,GAAgBqX,EAClBE,EAAaD,EAAiBrkF,QAAOwP,GAAOA,EAAI+0E,QAAQxX,GAAa/yE,OAAS,IACpF,OAA0B,IAAtBsqF,EAAWtqF,OACN,YAEHnB,QAAQ2H,IAAI8jF,EAAWxjF,KAAI/G,UAC/B,MAAMmqF,QAAmB10E,EAAI20E,cAAcpX,EAAaqX,EAAY9X,aAASzyE,EAAWwjB,GACxF,GAAI+mE,EAAY3W,eAAiBsD,EAAKyT,UAAUJ,EAAaF,EAAW/N,UAAWjL,EAAM7tD,GACvF,MAAUvhB,MAAM,+BAElB,UACQsoF,EAAYnuC,OAAOiuC,EAAW/N,UAAWx8D,EAAMhM,UAAUsB,YAAa0xE,EAAczV,OAAMrxE,EAAWwjB,GAC3G,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,8BAA+B5b,SAGjD,GAeTlD,8BAA8BsqF,EAAkBnZ,EAAO,IAAI13D,KAAQ6J,GACjE,MAAM0zD,EAAOn4E,KACP6rF,EAAiB7rF,KAAK+qF,mBAAmBvkF,OAAOxG,KAAKgrF,qBAC3D,OAAO/qF,QAAQ2H,IAAIikF,EAAe3jF,KAAI/G,WACpComB,MAAOukE,EAAc3X,YACrB4X,YAAa5T,EAAK6T,kBAAkBF,EAAeL,EAAkBnZ,EAAM7tD,GAAQrkB,OAAM,KAAM,SAanGe,aAAamxE,EAAO,IAAI13D,KAAQ6J,GAC9B,IAAKzkB,KAAK+qF,mBAAmB3pF,OAC3B,MAAU8B,MAAM,gCAElB,MAAMi1E,EAAOn4E,KACPyoF,EAAazoF,KAAK8qF,QAAQvN,UAC1BwK,EAAe,CACnBtyE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAK6xE,GAGP,IAAIjoE,EACJ,IAAK,IAAIvd,EAAIjD,KAAK+qF,mBAAmB3pF,OAAS,EAAG6B,GAAK,EAAGA,IACvD,IACE,MAAM+lF,EAAoBhpF,KAAK+qF,mBAAmB9nF,GAClD,GAAI+lF,EAAkBnU,eAAiBsD,EAAKyT,UAAU5C,OAAmB/nF,EAAWqxE,EAAM7tD,GACxF,MAAUvhB,MAAM,iCAElB,UACQ8lF,EAAkB3rC,OAAOorC,EAAY1nE,EAAMhM,UAAUsB,YAAa0xE,EAAczV,OAAMrxE,EAAWwjB,GACvG,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,gCAAiC5b,GAExD,OAAO,EACP,MAAOA,GACPmc,EAAYnc,EAGhB,MAAMmc,EAWRrf,aAAa8qF,EAAY3Z,EAAM7tD,GAC7B,MAAMgkE,EAAazoF,KAAK8qF,QAAQvN,UAC1BwK,EAAe,CACnBtyE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAK6xE,SAGDmB,GAAgBqC,EAAYjsF,KAAM,qBAAsBsyE,GAAMnxE,eAAe+qF,GACjF,IAEE,aADMA,EAAW7uC,OAAOorC,EAAY1nE,EAAMhM,UAAUsB,YAAa0xE,EAAczV,GAAM,EAAO7tD,IACrF,EACP,MAAOpgB,GACP,OAAO,YAILulF,GAAgBqC,EAAYjsF,KAAM,sBAAuBsyE,SAEzDsX,GAAgBqC,EAAYjsF,KAAM,uBAAwBsyE,GAAM,SAAS6Z,GAC7E,OAAOlC,GAAcxB,EAAY1nE,EAAMhM,UAAU0B,eAAgBsxE,EAAc,CAACoE,QAAYlrF,OAAWA,EAAWqxE,EAAM7tD,MAe5HtjB,aACEsnF,GAEE2D,KAAM7X,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1D4yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAM2iE,EAAa,CACjBjzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAK6xE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWjzE,QAAUizE,EAAW/yE,cAAe3V,KAAK8qF,SAO1E,OANAK,EAAKF,qBAAqBppF,WAAW+mF,GAAsBF,EAAY,KAAMD,EAAY,CACvFrV,cAAeryD,EAAMhM,UAAU0B,eAC/B89D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,GAAW,EAAOwjB,UAChC0mE,EAAK1jD,OAAOznC,MACXmrF,GC1PX,MAAMmB,GAKJxsF,YAAYysF,EAAczB,GACxB9qF,KAAKu9E,UAAYgP,EACjBvsF,KAAKwsF,kBAAoB,GACzBxsF,KAAKirF,qBAAuB,GAC5BjrF,KAAK8qF,QAAUA,EAOjBI,eACE,MAAM1D,EAAa,IAAIxQ,GAIvB,OAHAwQ,EAAW3lF,KAAK7B,KAAKu9E,WACrBiK,EAAW3lF,QAAQ7B,KAAKirF,sBACxBzD,EAAW3lF,QAAQ7B,KAAKwsF,mBACjBhF,EAOT7lF,QACE,MAAM6mF,EAAS,IAAI8D,GAAOtsF,KAAKu9E,UAAWv9E,KAAK8qF,SAG/C,OAFAtC,EAAOgE,kBAAoB,IAAIxsF,KAAKwsF,mBACpChE,EAAOyC,qBAAuB,IAAIjrF,KAAKirF,sBAChCzC,EAeTrnF,gBAAgB4T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAM0iE,EAAazoF,KAAK8qF,QAAQvN,UAChC,OAAOkP,GACLhE,EAAY1nE,EAAMhM,UAAU+B,iBAAkB,CAC5CF,IAAK6xE,EACLhjF,KAAMzF,KAAKu9E,WACVv9E,KAAKirF,qBAAsBl2E,EAAW6B,EAAK07D,EAAM7tD,GAaxDtjB,aAAamxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAM0iE,EAAazoF,KAAK8qF,QAAQvN,UAC1BwK,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAMzF,KAAKu9E,WAE7CmP,QAAyBC,GAA+B3sF,KAAKwsF,kBAAmB/D,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,EAAM7tD,GAErJ,GAAIioE,EAAiB7X,eAAiB70E,KAAK4rF,UAAUc,EAAkB,KAAMpa,EAAM7tD,GACjF,MAAUvhB,MAAM,qBAGlB,GAAI0pF,GAAqB5sF,KAAKu9E,UAAWmP,EAAkBpa,GACzD,MAAUpvE,MAAM,qBAElB,OAAOwpF,EAWTvrF,wBAAwBmxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,MAAM0iE,EAAazoF,KAAK8qF,QAAQvN,UAC1BwK,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAMzF,KAAKu9E,WACnD,IAAImP,EACJ,IACEA,QAAyBC,GAA+B3sF,KAAKwsF,kBAAmB/D,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,EAAM7tD,GAC/I,MAAOpgB,GACP,OAAO,KAET,MAAMwoF,EAAYC,GAA4B9sF,KAAKu9E,UAAWmP,GACxDK,EAAYL,EAAiBlW,oBACnC,OAAOqW,EAAYE,EAAYF,EAAYE,EAW7C5rF,aAAaqnF,EAAQlW,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC/C,MAAM0iE,EAAazoF,KAAK8qF,QAAQvN,UAChC,IAAKv9E,KAAK+9E,qBAAqByK,GAC7B,MAAUtlF,MAAM,2DAGdlD,KAAKu9E,UAAUz9E,YAAYugB,MAAQU,EAAMlM,OAAOa,cAChD8yE,EAAOjL,UAAUz9E,YAAYugB,MAAQU,EAAMlM,OAAOM,eACpDnV,KAAKu9E,UAAYiL,EAAOjL,WAG1B,MAAMpF,EAAOn4E,KACP+nF,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAM0yE,EAAKoF,iBAC7CyP,GAAuBxE,EAAQxoF,KAAM,oBAAqBsyE,GAAMnxE,eAAe8rF,GACnF,IAAK,IAAIhqF,EAAI,EAAGA,EAAIk1E,EAAKqU,kBAAkBprF,OAAQ6B,IACjD,GAAIk1E,EAAKqU,kBAAkBvpF,GAAGkxE,YAAY7sD,OAAO2lE,EAAW9Y,aAI1D,OAHI8Y,EAAWvZ,QAAUyE,EAAKqU,kBAAkBvpF,GAAGywE,UACjDyE,EAAKqU,kBAAkBvpF,GAAKgqF,IAEvB,EAGX,IAEE,aADMA,EAAW5vC,OAAOorC,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,OAAMrxE,EAAWwjB,IAC3F,EACP,MAAOpgB,GACP,OAAO,YAIL2oF,GAAuBxE,EAAQxoF,KAAM,uBAAwBsyE,GAAM,SAAS6Z,GAChF,OAAOM,GAAqBhE,EAAY1nE,EAAMhM,UAAU+B,iBAAkBixE,EAAc,CAACoE,QAAYlrF,OAAWA,EAAWqxE,EAAM7tD,MAerItjB,aACEsnF,GAEE2D,KAAM7X,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1D4yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAM2iE,EAAa,CAAE9xE,IAAK6xE,EAAYhjF,KAAMzF,KAAKu9E,WAC3CiL,EAAS,IAAI8D,GAAOtsF,KAAKu9E,UAAWv9E,KAAK8qF,SAO/C,OANAtC,EAAOyC,qBAAqBppF,WAAWqrF,GAA6BxE,EAAY,KAAMD,EAAY,CAChGrV,cAAeryD,EAAMhM,UAAU+B,iBAC/By9D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,GAAW,EAAOwjB,UAChC+jE,EAAO/gD,OAAOznC,MACbwoF,EAGTzK,qBAAqBC,GACnB,OAAOh+E,KAAKu9E,UAAUQ,qBAAqBC,EAAMT,WAAaS,IAIlE,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe56E,SAAQ8H,IAC3FohF,GAAOtrF,UAAUkK,GACf,WACE,OAAOlL,KAAKu9E,UAAUryE,KACvB,IC/KL,MAAMiiF,gBAAyC/yE,EAAK8F,wBAAwB,CAACizD,KACvEia,GAAoB,IAAIhqE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,aAClE6zE,GAAgB,IAAIjqE,IAAI,CAC5BrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,WACrCuH,EAAMlM,OAAOa,aAAcqL,EAAMlM,OAAOy4E,gBAY1C,MAAMC,GAMJC,sBAAsBhG,EAAYiG,EAAoB,IAAIrqE,KACxD,IAAI+nE,EACAuC,EACAlF,EACAmF,EAEJ,IAAK,MAAM94E,KAAU2yE,EAAY,CAE/B,GAAI3yE,aAAkBoyC,GAAmB,CACRomC,GAAcrnF,IAAI6O,EAAOwL,OACzBstE,IAI3BA,EADEP,GAAkBpnF,IAAI6O,EAAOwL,KACjB+sE,GAEAC,IAGlB,SAGF,MAAMhtE,EAAMxL,EAAO/U,YAAYugB,IAC/B,GAAIstE,EAAa,CACf,IAAKA,EAAY3nF,IAAIqa,GAAM,SAC3BstE,EAAc,KAEhB,GAAIF,EAAkBznF,IAAIqa,GACxB,MAAUnd,MAAM,2BAA2Bmd,GAE7C,OAAQA,GACN,KAAKU,EAAMlM,OAAO3C,UAClB,KAAK6O,EAAMlM,OAAOK,UAChB,GAAIlV,KAAKu9E,UACP,MAAUr6E,MAAM,oCAIlB,GAFAlD,KAAKu9E,UAAY1oE,EACjB64E,EAAe1tF,KAAKq1E,YACfqY,EACH,MAAUxqF,MAAM,kBAElB,MACF,KAAK6d,EAAMlM,OAAOY,OAClB,KAAKsL,EAAMlM,OAAOc,cAChBw1E,EAAO,IAAIP,GAAK/1E,EAAQ7U,MACxBA,KAAK4tF,MAAM/rF,KAAKspF,GAChB,MACF,KAAKpqE,EAAMlM,OAAOa,aAClB,KAAKqL,EAAMlM,OAAOM,aAChBg2E,EAAO,KACP3C,EAAS,IAAI8D,GAAOz3E,EAAQ7U,MAC5BA,KAAK6tF,QAAQhsF,KAAK2mF,GAClB,MACF,KAAKznE,EAAMlM,OAAOE,UAChB,OAAQF,EAAOu+D,eACb,KAAKryD,EAAMhM,UAAUsB,YACrB,KAAK0K,EAAMhM,UAAUuB,YACrB,KAAKyK,EAAMhM,UAAUwB,WACrB,KAAKwK,EAAMhM,UAAUyB,aACnB,IAAK20E,EAAM,CACT/wE,EAAK0D,WAAW,mEAChB,SAEEjJ,EAAOs/D,YAAY7sD,OAAOomE,GAC5BvC,EAAKJ,mBAAmBlpF,KAAKgT,GAE7Bs2E,EAAKH,oBAAoBnpF,KAAKgT,GAEhC,MACF,KAAKkM,EAAMhM,UAAU0B,eACf00E,EACFA,EAAKF,qBAAqBppF,KAAKgT,GAE/B7U,KAAK8tF,iBAAiBjsF,KAAKgT,GAE7B,MACF,KAAKkM,EAAMhM,UAAU6B,IACnB5W,KAAK8tF,iBAAiBjsF,KAAKgT,GAC3B,MACF,KAAKkM,EAAMhM,UAAU2B,cACnB,IAAK8xE,EAAQ,CACXpuE,EAAK0D,WAAW,qEAChB,SAEF0qE,EAAOgE,kBAAkB3qF,KAAKgT,GAC9B,MACF,KAAKkM,EAAMhM,UAAU8B,cACnB7W,KAAKirF,qBAAqBppF,KAAKgT,GAC/B,MACF,KAAKkM,EAAMhM,UAAU+B,iBACnB,IAAK0xE,EAAQ,CACXpuE,EAAK0D,WAAW,wEAChB,SAEF0qE,EAAOyC,qBAAqBppF,KAAKgT,MAY7Cq2E,eACE,MAAM1D,EAAa,IAAIxQ,GAMvB,OALAwQ,EAAW3lF,KAAK7B,KAAKu9E,WACrBiK,EAAW3lF,QAAQ7B,KAAKirF,sBACxBzD,EAAW3lF,QAAQ7B,KAAK8tF,kBACxB9tF,KAAK4tF,MAAM1lF,KAAIijF,GAAQ3D,EAAW3lF,QAAQspF,EAAKD,kBAC/ClrF,KAAK6tF,QAAQ3lF,KAAIsgF,GAAUhB,EAAW3lF,QAAQ2mF,EAAO0C,kBAC9C1D,EAQT7lF,MAAMosF,GAAqB,GACzB,MAAMn3E,EAAM,IAAI5W,KAAKF,YAAYE,KAAKkrF,gBAiBtC,OAhBI6C,GACFn3E,EAAI+0E,UAAUvoF,SAAQ6Y,IAMpB,GAJAA,EAAEshE,UAAYxyE,OAAOw6B,OACnBx6B,OAAOijF,eAAe/xE,EAAEshE,WACxBxyE,OAAOE,0BAA0BgR,EAAEshE,aAEhCthE,EAAEshE,UAAUI,cAAe,OAEhC,MAAM3tB,EAAgB,GACtBjlD,OAAOooB,KAAKlX,EAAEshE,UAAUvtB,eAAe5sD,SAAQ8H,IAC7C8kD,EAAc9kD,GAAQ,IAAIrI,WAAWoZ,EAAEshE,UAAUvtB,cAAc9kD,GAAM,IAEvE+Q,EAAEshE,UAAUvtB,cAAgBA,CAAa,IAGtCp5C,EASTq3E,WAAW1mE,EAAQ,MAIjB,OAHgBvnB,KAAK6tF,QAAQzmF,QAAOohF,IACjCjhE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GAAO,KAW9CokE,QAAQpkE,EAAQ,MACd,MAAM4L,EAAO,GAIb,OAHK5L,IAASvnB,KAAKq1E,WAAW/tD,OAAOC,GAAO,IAC1C4L,EAAKtxB,KAAK7B,MAELmzB,EAAK3sB,OAAOxG,KAAKiuF,WAAW1mE,IAOrC2mE,YACE,OAAOluF,KAAK2rF,UAAUzjF,KAAI0O,GAAOA,EAAIy+D,aAOvC8Y,aACE,OAAOnuF,KAAK4tF,MAAM1lF,KAAIijF,GACbA,EAAK11E,OAAS01E,EAAK11E,OAAOA,OAAS,OACzCrO,QAAOqO,GAAqB,OAAXA,IAOtB3T,QACE,OAAO9B,KAAKkrF,eAAeppF,QAa7BX,oBAAoBomB,EAAQ,KAAM+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UACnE/lB,KAAKouF,iBAAiB9b,EAAM78D,EAAQgP,GAC1C,MAAMgkE,EAAazoF,KAAKu9E,UAClBsQ,EAAU7tF,KAAK6tF,QAAQnsF,QAAQ2sF,MAAK,CAAChgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMgoE,KAAUqF,EACnB,IAAKtmE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GACrC,UACQihE,EAAOnrC,OAAOi1B,EAAM7tD,GAC1B,MAAMsjE,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAM+iF,EAAOjL,WAC/CmP,QAAyBC,GAC7BnE,EAAOgE,kBAAmB/D,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,EAAM7tD,GAE3F,IAAK6pE,GAA+B9F,EAAOjL,UAAWmP,GACpD,SAEF,IAAKA,EAAiBj0E,kBACpB,MAAUvV,MAAM,8BAOlB,aAJMypF,GACJ,CAACD,EAAiBj0E,mBAAoB+vE,EAAOjL,UAAWx8D,EAAMhM,UAAU4B,WAAYoxE,EAAczV,EAAM7tD,GAE1G8pE,GAA4B/F,EAAOjL,UAAW94D,GACvC+jE,EACP,MAAOnkF,GACPmc,EAAYnc,EAKlB,IACE,MAAMykF,QAAoB9oF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASkhE,EAAWpT,WAAW/tD,OAAOC,KACxC+mE,GAA+B7F,EAAYK,EAAYE,mBAEzD,OADAuF,GAA4B9F,EAAYhkE,GACjCzkB,KAET,MAAOqE,GACPmc,EAAYnc,EAEd,MAAM+V,EAAK6F,UAAU,kDAAoDjgB,KAAKq1E,WAAWhuD,QAAS7G,GAapGrf,uBAAuBomB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UAC/D/lB,KAAKouF,iBAAiB9b,EAAM78D,EAAQgP,GAC1C,MAAMgkE,EAAazoF,KAAKu9E,UAElBsQ,EAAU7tF,KAAK6tF,QAAQnsF,QAAQ2sF,MAAK,CAAChgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMgoE,KAAUqF,EACnB,IAAKtmE,GAASihE,EAAOnT,WAAW/tD,OAAOC,GACrC,UACQihE,EAAOnrC,OAAOi1B,EAAM7tD,GAC1B,MAAMsjE,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAM+iF,EAAOjL,WAC/CmP,QAAyBC,GAA+BnE,EAAOgE,kBAAmB/D,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,EAAM7tD,GACvJ,GAAI+pE,GAAkChG,EAAOjL,UAAWmP,GAEtD,OADA6B,GAA4B/F,EAAOjL,UAAW94D,GACvC+jE,EAET,MAAOnkF,GACPmc,EAAYnc,EAKlB,IAEE,MAAMykF,QAAoB9oF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASkhE,EAAWpT,WAAW/tD,OAAOC,KACxCinE,GAAkC/F,EAAYK,EAAYE,mBAE5D,OADAuF,GAA4B9F,EAAYhkE,GACjCzkB,KAET,MAAOqE,GACPmc,EAAYnc,EAEd,MAAM+V,EAAK6F,UAAU,qDAAuDjgB,KAAKq1E,WAAWhuD,QAAS7G,GAevGrf,gBAAgB4T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,OAAO0mE,GACLzsF,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK5W,KAAKu9E,WAAav9E,KAAKirF,qBAAsBl2E,EAAW6B,EAAK07D,EAAM7tD,GAa7HtjB,uBAAuBmxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC9D,MAAM0iE,EAAazoF,KAAKu9E,UAExB,SAAUv9E,KAAK4rF,UAAU,KAAM,KAAMtZ,EAAM7tD,GACzC,MAAUvhB,MAAM,0BAGlB,MAAM8lF,kBAAEA,SAA4BhpF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAEtE,GAAImoE,GAAqBnE,EAAYO,EAAmB1W,GACtD,MAAUpvE,MAAM,0BAGlB,MAAMurF,QAAwB9B,GAC5B3sF,KAAK8tF,iBAAkBrF,EAAY1nE,EAAMhM,UAAU6B,IAAK,CAAEA,IAAK6xE,GAAcnW,EAAM7tD,GACnFrkB,OAAM,SAER,GAAIquF,GAAmB7B,GAAqBnE,EAAYgG,EAAiBnc,GACvE,MAAUpvE,MAAM,0BAYpB/B,wBAAwBsU,EAAQgP,EAASsB,IACvC,IAAI2oE,EACJ,IACE,MAAM1F,kBAAEA,SAA4BhpF,KAAK+oF,eAAe,KAAMtzE,EAAQgP,GAChEkqE,EAAmB7B,GAA4B9sF,KAAKu9E,UAAWyL,GAC/D4F,EAAgB5F,EAAkBxS,oBAClCiY,QAAwB9B,GAC5B3sF,KAAK8tF,iBAAkB9tF,KAAKu9E,UAAWx8D,EAAMhM,UAAU6B,IAAK,CAAEA,IAAK5W,KAAKu9E,WAAa,KAAM94D,GAC3FrkB,OAAM,SACR,GAAIquF,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4B9sF,KAAKu9E,UAAWkR,GAGvEC,EAAmBhjF,KAAKmyC,IAAI8wC,EAAkBC,EAAeC,QAE7DH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,EAE3E,MAAOvqF,GACPqqF,EAAmB,KAGrB,OAAOt0E,EAAKc,cAAcwzE,GAiB5BvtF,qBAAqBmxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC5D,MAAM0iE,EAAazoF,KAAKu9E,UAClBqQ,EAAQ,GACd,IAAIptE,EACJ,IAAK,IAAIvd,EAAI,EAAGA,EAAIjD,KAAK4tF,MAAMxsF,OAAQ6B,IACrC,IACE,MAAMkoF,EAAOnrF,KAAK4tF,MAAM3qF,GACxB,IAAKkoF,EAAK11E,OACR,SAEF,QACmBxU,IAAhBwU,EAAOvK,MAAsBigF,EAAK11E,OAAOvK,OAASuK,EAAOvK,WACxCjK,IAAjBwU,EAAOyxE,OAAuBiE,EAAK11E,OAAOyxE,QAAUzxE,EAAOyxE,YACxCjmF,IAAnBwU,EAAO8rD,SAAyB4pB,EAAK11E,OAAO8rD,UAAY9rD,EAAO8rD,QAEhE,MAAUr+D,MAAM,iDAElB,MAAM6kF,EAAe,CAAEtyE,OAAQ01E,EAAK11E,OAAQmB,IAAK6xE,GAC3CO,QAA0B2D,GAA+BxB,EAAKJ,mBAAoBtC,EAAY1nE,EAAMhM,UAAUsB,YAAa0xE,EAAczV,EAAM7tD,GACrJmpE,EAAM/rF,KAAK,CAAE4d,MAAOxc,EAAGkoF,OAAMnC,sBAC7B,MAAO3kF,GACPmc,EAAYnc,EAGhB,IAAKupF,EAAMxsF,OACT,MAAMof,GAAiBtd,MAAM,qCAEzBjD,QAAQ2H,IAAIgmF,EAAM1lF,KAAI/G,eAAgBkN,GAC1C,OAAOA,EAAE26E,kBAAkBnU,SAAWxmE,EAAE88E,KAAKS,UAAUv9E,EAAE26E,kBAAmB,KAAM1W,EAAM7tD,OAG1F,MAAMqkE,EAAc8E,EAAMS,MAAK,SAAShgF,EAAGJ,GACzC,MAAMg/B,EAAI5+B,EAAE26E,kBACN97C,EAAIj/B,EAAE+6E,kBACZ,OAAO97C,EAAE2nC,QAAU5nC,EAAE4nC,SAAW5nC,EAAEqnC,gBAAkBpnC,EAAEonC,iBAAmBrnC,EAAEymC,QAAUxmC,EAAEwmC,WACtFriD,OACG85D,KAAEA,EAAMnC,kBAAmB8F,GAAShG,EAC1C,GAAIgG,EAAKja,eAAiBsW,EAAKS,UAAUkD,EAAM,KAAMxc,EAAM7tD,GACzD,MAAUvhB,MAAM,2BAElB,OAAO4lF,EAgBT3nF,aAAa4tF,EAAWzc,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,IAAK/lB,KAAK+9E,qBAAqBgR,GAC7B,MAAU7rF,MAAM,4DAElB,IAAKlD,KAAKqrF,aAAe0D,EAAU1D,YAAa,CAQ9C,KANerrF,KAAK6tF,QAAQzsF,SAAW2tF,EAAUlB,QAAQzsF,QAClDpB,KAAK6tF,QAAQpvC,OAAMuwC,GACXD,EAAUlB,QAAQ5lF,MAAKgnF,GACrBD,EAAWjR,qBAAqBkR,QAI/C,MAAU/rF,MAAM,iEAGlB,OAAO6rF,EAAUtnD,OAAOznC,KAAMykB,GAMhC,MAAMyqE,EAAalvF,KAAK2B,QA0CxB,aAxCMqrF,GAAuB+B,EAAWG,EAAY,uBAAwB5c,GAAM6Z,GACzEM,GAAqByC,EAAW3R,UAAWx8D,EAAMhM,UAAU8B,cAAeq4E,EAAY,CAAC/C,GAAY,KAAM4C,EAAUxR,UAAWjL,EAAM7tD,WAGvIuoE,GAAuB+B,EAAWG,EAAY,mBAAoB5c,SAElEryE,QAAQ2H,IAAImnF,EAAUnB,MAAM1lF,KAAI/G,UAGpC,MAAMguF,EAAgBD,EAAWtB,MAAMxmF,QAAOgoF,GAC3CC,EAAQ55E,QAAU45E,EAAQ55E,OAAO6R,OAAO8nE,EAAQ35E,SAChD45E,EAAQ15E,eAAiB05E,EAAQ15E,cAAc2R,OAAO8nE,EAAQz5E,iBAEjE,GAAIw5E,EAAc/tF,OAAS,QACnBnB,QAAQ2H,IACZunF,EAAcjnF,KAAIonF,GAAgBA,EAAa7nD,OAAO4nD,EAAS/c,EAAM7tD,UAElE,CACL,MAAM8qE,EAAUF,EAAQ1tF,QACxB4tF,EAAQzE,QAAUoE,EAClBA,EAAWtB,MAAM/rF,KAAK0tF,cAIpBtvF,QAAQ2H,IAAImnF,EAAUlB,QAAQ3lF,KAAI/G,UAEtC,MAAMquF,EAAkBN,EAAWrB,QAAQzmF,QAAOqoF,GAChDA,EAAU1R,qBAAqBkR,KAEjC,GAAIO,EAAgBpuF,OAAS,QACrBnB,QAAQ2H,IACZ4nF,EAAgBtnF,KAAIwnF,GAAkBA,EAAejoD,OAAOwnD,EAAW3c,EAAM7tD,UAE1E,CACL,MAAMkrE,EAAYV,EAAUttF,QAC5BguF,EAAU7E,QAAUoE,EACpBA,EAAWrB,QAAQhsF,KAAK8tF,QAIrBT,EAWT/tF,+BAA+BmxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMgiE,EAAe,CAAEnxE,IAAK5W,KAAKu9E,WAC3B6M,QAA4BuC,GAA+B3sF,KAAKirF,qBAAsBjrF,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAekxE,EAAczV,EAAM7tD,GACzJ+iE,EAAa,IAAIxQ,GAEvB,OADAwQ,EAAW3lF,KAAKuoF,GACTjxE,GAAM4H,EAAM5H,MAAMjH,UAAWs1E,EAAW1lF,QAAS,KAAM,KAAM,oCAatEX,iCAAiCyuF,EAAuBtd,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClF,MAAMzlB,QAAcwlB,GAAQ8pE,EAAuBnrE,GAE7C2lE,SADmBpT,GAAW2B,WAAWr4E,EAAMwJ,KAAMqjF,GAA0B1oE,IAC9CszD,WAAWh3D,EAAMlM,OAAOE,WAC/D,IAAKq1E,GAAuBA,EAAoBhX,gBAAkBryD,EAAMhM,UAAU8B,cAChF,MAAU3T,MAAM,8CAElB,IAAKknF,EAAoBjW,YAAY7sD,OAAOtnB,KAAKq1E,YAC/C,MAAUnyE,MAAM,2CAElB,UACQknF,EAAoB/sC,OAAOr9C,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK5W,KAAKu9E,WAAajL,OAAMrxE,EAAWwjB,GAC1H,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,wCAAyC5b,GAEhE,MAAMuS,EAAM5W,KAAK2B,QAEjB,OADAiV,EAAIq0E,qBAAqBppF,KAAKuoF,GACvBxzE,EAYTzV,sBAAsB0uF,EAAavd,EAAM78D,EAAQgP,EAASsB,IACxD,MAAMtG,MAAEA,EAAK0rE,KAAEA,SAAenrF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAC1DqrE,QAAiB3E,EAAK4E,QAAQF,EAAavd,EAAM7tD,GACjD7N,EAAM5W,KAAK2B,QAEjB,OADAiV,EAAIg3E,MAAMnuE,GAASqwE,EACZl5E,EAWTzV,mBAAmB0uF,EAAavd,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAMnP,EAAM5W,KAAK2B,QAIjB,OAHAiV,EAAIg3E,YAAc3tF,QAAQ2H,IAAI5H,KAAK4tF,MAAM1lF,KAAI,SAASijF,GACpD,OAAOA,EAAK4E,QAAQF,EAAavd,EAAM7tD,OAElC7N,EAkBTzV,wBAAwBsqF,EAAkBnZ,EAAO,IAAI13D,KAAQnF,EAAQgP,EAASsB,IAC5E,MAAM0iE,EAAazoF,KAAKu9E,WAClB4N,KAAEA,SAAenrF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAIzD,OAHgBgnE,QACRN,EAAK6E,wBAAwBvE,EAAkBnZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOkhE,EAAWpT,WAAY0W,YAAaZ,EAAK9tC,OAAOi1B,EAAM7tD,GAAQrkB,OAAM,KAAM,MAmBxFe,qBAAqBsqF,EAAkBnZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACjE,MAAM0iE,EAAazoF,KAAKu9E,UAClB0S,EAAU,GAehB,aAdMhwF,QAAQ2H,IAAI5H,KAAK4tF,MAAM1lF,KAAI/G,UAC/B,MAAM2mF,EAAa2D,QACXN,EAAK6E,wBAAwBvE,EAAkBnZ,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOkhE,EAAWpT,WAAY0W,YAAaZ,EAAK9tC,OAAOi1B,EAAM7tD,GAAQrkB,OAAM,KAAM,MAEtF6vF,EAAQpuF,QAAQimF,EAAW5/E,KACzB6M,KACEU,OAAQ01E,EAAK11E,OAAS01E,EAAK11E,OAAOA,OAAS,KAC3CE,cAAew1E,EAAKx1E,cACpB4R,MAAOxS,EAAUwS,MACjBwkE,MAAOh3E,EAAUg3E,UAEpB,KAEIkE,GAIX,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwB7sF,SAAQ8H,IACpGqiF,GAAIvsF,UAAUkK,GACdohF,GAAOtrF,UAAUkK,EAAK,IC7qBxB,MAAMglF,WAAkB3C,GAItBztF,YAAY0nF,GAOV,GANAznF,QACAC,KAAKu9E,UAAY,KACjBv9E,KAAKirF,qBAAuB,GAC5BjrF,KAAK8tF,iBAAmB,GACxB9tF,KAAK4tF,MAAQ,GACb5tF,KAAK6tF,QAAU,GACXrG,IACFxnF,KAAKwtF,sBAAsBhG,EAAY,IAAIpkE,IAAI,CAACrC,EAAMlM,OAAOK,UAAW6L,EAAMlM,OAAOM,iBAChFnV,KAAKu9E,WACR,MAAUr6E,MAAM,0CAStBmoF,YACE,OAAO,EAOT8E,WACE,OAAOnwF,KAQTmZ,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMjH,UAAWlS,KAAKkrF,eAAeppF,aAASb,OAAWA,OAAWA,EAAWwjB,ICjDtG,MAAM2rE,WAAmBF,GAIvBpwF,YAAY0nF,GAGV,GAFAznF,QACAC,KAAKwtF,sBAAsBhG,EAAY,IAAIpkE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOa,iBAChF1V,KAAKu9E,UACR,MAAUr6E,MAAM,2CAQpBmoF,YACE,OAAO,EAOT8E,WACE,MAAM3I,EAAa,IAAIxQ,GACjBqZ,EAAarwF,KAAKkrF,eACxB,IAAK,MAAM3N,KAAa8S,EACtB,OAAQ9S,EAAUz9E,YAAYugB,KAC5B,KAAKU,EAAMlM,OAAOK,UAAW,CAC3B,MAAMo7E,EAAelT,GAAgBmT,oBAAoBhT,GACzDiK,EAAW3lF,KAAKyuF,GAChB,MAEF,KAAKvvE,EAAMlM,OAAOM,aAAc,CAC9B,MAAMq7E,EAAkBlS,GAAmBmS,uBAAuBlT,GAClEiK,EAAW3lF,KAAK2uF,GAChB,MAEF,QACEhJ,EAAW3lF,KAAK07E,GAGtB,OAAO,IAAI2S,GAAU1I,GAQvBruE,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMK,WAAYxZ,KAAKkrF,eAAeppF,aAASb,OAAWA,OAAWA,EAAWwjB,GAarGtjB,wBAAwBomB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IACtE,MAAM0iE,EAAazoF,KAAKu9E,UAClBpqD,EAAO,GACb,IAAK,IAAIlwB,EAAI,EAAGA,EAAIjD,KAAK6tF,QAAQzsF,OAAQ6B,IACvC,IAAKskB,GAASvnB,KAAK6tF,QAAQ5qF,GAAGoyE,WAAW/tD,OAAOC,GAAO,GACrD,IACE,MAAMwgE,EAAe,CAAEnxE,IAAK6xE,EAAYhjF,KAAMzF,KAAK6tF,QAAQ5qF,GAAGs6E,WAE1DmT,SAD2B/D,GAA+B3sF,KAAK6tF,QAAQ5qF,GAAGupF,kBAAmB/D,EAAY1nE,EAAMhM,UAAU2B,cAAeqxE,EAAczV,EAAM7tD,GACxGA,IACtD0O,EAAKtxB,KAAK7B,KAAK6tF,QAAQ5qF,IAEzB,MAAOoB,IAKb,MAAMykF,QAAoB9oF,KAAK+oF,eAAezW,EAAM78D,EAAQgP,GAM5D,OALM8C,IAASkhE,EAAWpT,WAAW/tD,OAAOC,GAAO,KAC/CmpE,GAAkC5H,EAAYE,kBAAmBvkE,IACnE0O,EAAKtxB,KAAK7B,MAGLmzB,EAOTwqD,cACE,OAAO39E,KAAK2rF,UAAU1jF,MAAK,EAAGs1E,eAAgBA,EAAUI,gBAa1Dx8E,eAAesjB,EAASsB,IACtB,IAAK/lB,KAAKqrF,YACR,MAAUnoF,MAAM,gCAGlB,IAAIwmF,EACJ,GAAK1pF,KAAKu9E,UAAU8B,UAEb,CAKL,MAAMiM,QAAmBtrF,KAAKurF,cAAc,KAAM,UAAMtqF,EAAW,IAAKwjB,EAAQP,0BAA2B,IAAId,IAAOP,WAAY,IAE9HyoE,IAAeA,EAAW/N,UAAU8B,YACtCqK,EAAmB4B,EAAW/N,gBAThCmM,EAAmB1pF,KAAKu9E,UAa1B,GAAImM,EACF,OAAOA,EAAiBpkC,WACnB,CACL,MAAMnyB,EAAOnzB,KAAK2rF,UACZgF,EAAax9D,EAAKjrB,KAAI0O,GAAOA,EAAI2mE,UAAU8B,YAAW5gC,MAAMgrC,SAClE,GAAIkH,EACF,MAAUztF,MAAM,wCAGlB,OAAOjD,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,SAAayV,EAAI2mE,UAAUj4B,eAO3Dk6B,qBACEx/E,KAAK2rF,UAAUvoF,SAAQ,EAAGm6E,gBACpBA,EAAUI,eACZJ,EAAUiC,wBAehBr+E,cAEIirF,KAAM7X,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1D4yE,OAAQ7X,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,IAAK/lB,KAAKqrF,YACR,MAAUnoF,MAAM,iCAElB,MAAMwlF,EAAa,CAAE9xE,IAAK5W,KAAKu9E,WACzB3mE,EAAM5W,KAAK2B,QAMjB,OALAiV,EAAIq0E,qBAAqBppF,WAAWqrF,GAA6BxE,EAAY,KAAM1oF,KAAKu9E,UAAW,CACjGnK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,OAAWA,EAAWwjB,IACnC7N,EAiBTzV,gBAAgB0D,EAAU,IACxB,MAAM4f,EAAS,IAAKsB,MAAkBlhB,EAAQ4f,QAC9C,GAAI5f,EAAQ23E,WACV,MAAUt5E,MAAM,gEAElB,GAAI2B,EAAQ8iF,QAAUljE,EAAO5B,WAC3B,MAAU3f,MAAM,8BAA8BuhB,EAAO5B,oBAAoBhe,EAAQ8iF,WAEnF,MAAMrK,EAAkBt9E,KAAKu9E,UAC7B,GAAID,EAAgB+B,UAClB,MAAUn8E,MAAM,8CAElB,IAAKo6E,EAAgBK,cACnB,MAAUz6E,MAAM,wBAElB,MAAM0tF,EAAiBtT,EAAgBW,mBACvC2S,EAAe52E,KAAO42E,EAAepgF,MAAQ,MAAQ,MACrDogF,EAAejJ,QAAUiJ,EAAeryE,MAAQ,KAChDqyE,EAAepgF,MAAQogF,EAAepgF,OAAS,aAC/C3L,EAAUgsF,GAA0BhsF,EAAS+rF,GAC7C,MAAMrT,QAAkBuT,GAA4BjsF,GACpD0pF,GAA4BhR,EAAW94D,GACvC,MAAMioE,QAAyBqE,GAA8BxT,EAAWD,EAAiBz4E,EAAS4f,GAC5FusE,EAAahxF,KAAKkrF,eAExB,OADA8F,EAAWnvF,KAAK07E,EAAWmP,GACpB,IAAI0D,GAAWY,ICxM1B,MAAMC,gBAAkC72E,EAAK8F,wBAAwB,CACnEk9D,GACAkB,GACAM,GACA0I,GACAL,GACAzI,GACArL,KASF,SAAS+d,GAAU1J,GACjB,IAAK,MAAM3yE,KAAU2yE,EACnB,OAAQ3yE,EAAO/U,YAAYugB,KACzB,KAAKU,EAAMlM,OAAOK,UAChB,OAAO,IAAIk7E,GAAW5I,GACxB,KAAKzmE,EAAMlM,OAAO3C,UAChB,OAAO,IAAIg+E,GAAU1I,GAG3B,MAAUtkF,MAAM,sBAClB,CAgHA/B,eAAegwF,GAAc7T,EAAiB8T,EAAqBvsF,EAAS4f,GAEtE5f,EAAQ23E,kBACJc,EAAgB5qD,QAAQ7tB,EAAQ23E,WAAY/3D,SAG9CxkB,QAAQ2H,IAAIwpF,EAAoBlpF,KAAI/G,eAAeo9E,EAAoB9+D,GAC3E,MAAM4xE,EAAmBxsF,EAAQgpF,QAAQpuE,GAAO+8D,WAC5C6U,SACI9S,EAAmB7rD,QAAQ2+D,EAAkB5sE,OAIvD,MAAM+iE,EAAa,IAAIxQ,GACvBwQ,EAAW3lF,KAAKy7E,SAEVr9E,QAAQ2H,IAAI/C,EAAQskF,QAAQjhF,KAAI/G,eAAesU,EAAQgK,GAC3D,SAAS6xE,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMnqF,QAAOooC,GAAQA,IAASgiD,KAG1D,MAAMC,EAAexK,GAAan3B,WAAWr6C,GACvCizE,EAAa,GACnBA,EAAWjzE,OAASg8E,EACpB/I,EAAW9xE,IAAM0mE,EAEjB,MAAMqL,EAAsB,GAC5BA,EAAoBvV,cAAgBryD,EAAMhM,UAAUsB,YACpDsyE,EAAoBvwE,SAAW,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,UAC5E8vE,EAAoBjxE,6BAA+B45E,EAAqB,CAEtEvwE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUO,QACfiR,EAAOtC,6BACNsC,EAAOnC,cACTqmE,EAAoBhwE,wBAA0B24E,EAAqB,CACjEvwE,EAAMtM,KAAKC,IACXqM,EAAMtM,KAAKE,KACV8P,EAAOlC,yBAEZomE,EAAoB7wE,wBAA0Bw5E,EAAqB,CAEjEvwE,EAAM/M,KAAKI,OACX2M,EAAM/M,KAAKM,QACVmQ,EAAOvC,wBACVymE,EAAoB5wE,+BAAiCu5E,EAAqB,CACxEvwE,EAAMpN,YAAYG,KAClBiN,EAAMpN,YAAYE,IAClBkN,EAAMpN,YAAYC,cACjB6Q,EAAOrC,+BACI,IAAV3C,IACFkpE,EAAoBrU,iBAAkB,GAGxCqU,EAAoBpwE,SAAW,CAAC,GAChCowE,EAAoBpwE,SAAS,IAAMwI,EAAMxI,SAASuB,sBAC9C2K,EAAOnC,cACTqmE,EAAoBpwE,SAAS,IAAMwI,EAAMxI,SAAS9D,MAEhDgQ,EAAO1K,SACT4uE,EAAoBpwE,SAAS,IAAMwI,EAAMxI,SAASwB,QAEhDlV,EAAQ2S,kBAAoB,IAC9BmxE,EAAoBnxE,kBAAoB3S,EAAQ2S,kBAChDmxE,EAAoB5U,iBAAkB,GAKxC,MAAO,CAAE0d,eAAc9H,sBAFOuD,GAA6BxE,EAAY,KAAMpL,EAAiBqL,EAAqB9jF,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,QAGhK7iB,MAAKoG,IACPA,EAAK5E,SAAQ,EAAGquF,eAAc9H,sBAC5BnC,EAAW3lF,KAAK4vF,GAChBjK,EAAW3lF,KAAK8nF,EAAgB,GAChC,UAGE1pF,QAAQ2H,IAAIwpF,EAAoBlpF,KAAI/G,eAAeo9E,EAAoB9+D,GAC3E,MAAMiyE,EAAgB7sF,EAAQgpF,QAAQpuE,GAEtC,MAAO,CAAE8+D,qBAAoBoT,4BADOZ,GAA8BxS,EAAoBjB,EAAiBoU,EAAejtE,QAEpH7iB,MAAKq1E,IACPA,EAAQ7zE,SAAQ,EAAGm7E,qBAAoBoT,4BACrCnK,EAAW3lF,KAAK08E,GAChBiJ,EAAW3lF,KAAK8vF,EAAsB,GACtC,IAKJ,MAAMjJ,EAAa,CAAE9xE,IAAK0mE,GAkB1B,OAjBAkK,EAAW3lF,WAAWqrF,GAA6BxE,EAAY,KAAMpL,EAAiB,CACpFlK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMzI,oBAAoBmB,SACnD+6D,0BAA2B,IAC1B3vE,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,IAE9C5f,EAAQ23E,YACVc,EAAgBkC,2BAGZv/E,QAAQ2H,IAAIwpF,EAAoBlpF,KAAI/G,eAAeo9E,EAAoB9+D,GAClD5a,EAAQgpF,QAAQpuE,GAAO+8D,YAE9C+B,EAAmBiB,yBAIhB,IAAI4Q,GAAW5I,EACxB,CCpPA,MAAMoK,gBAAsCx3E,EAAK8F,wBAAwB,CACvEmyD,GACA+F,GACA+B,GACAT,GACA0E,GACA7C,GACAsB,GACAlG,GACAxD,KAGI0e,gBAA4Cz3E,EAAK8F,wBAAwB,CAAC28D,KAE1EiV,gBAAgD13E,EAAK8F,wBAAwB,CAACizD,KAO7E,MAAM4e,GAIXjyF,YAAY0nF,GACVxnF,KAAKi3E,QAAUuQ,GAAc,IAAIxQ,GAOnCgb,sBACE,MAAMC,EAAS,GAKf,OAJ0BjyF,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC9C1R,SAAQ,SAASyR,GACjCo9E,EAAOpwF,KAAKgT,EAAO2mE,gBAEdyW,EAOTxK,mBACE,MAAMpiD,EAAMrlC,KAAKkyF,mBAEXC,EAAiB9sD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAC5D,GAAIk9E,EAAe/wF,OAAS,EAC1B,OAAO+wF,EAAejqF,KAAI2M,GAAUA,EAAOs/D,cAI7C,OADsB9uC,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WACtC7M,KAAI2M,GAAUA,EAAOs/D,cAa5ChzE,cAAcixF,EAAgBC,EAAWC,EAAahgB,EAAO,IAAI13D,KAAQ6J,EAASsB,IAChF,MAAMwsE,EAAoBD,SAAqBtyF,KAAKwyF,mBAAmBJ,EAAgBC,EAAW/f,EAAM7tD,GAElGguE,EAAyBzyF,KAAKi3E,QAAQU,YAC1C52D,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBAGf,GAAsC,IAAlC28E,EAAuBrxF,OACzB,MAAU8B,MAAM,2BAGlB,MAAMwvF,EAAqBD,EAAuB,GAClD,IAAIjyE,EAAY,KAChB,MAAMmyE,EAAmB1yF,QAAQ2H,IAAI2qF,EAAkBrqF,KAAI/G,OAAS0oD,UAAW+oC,EAAe9oF,WAC5F,IAAKsQ,EAAKxX,aAAakH,KAAUsQ,EAAKC,SAASu4E,GAC7C,MAAU1vF,MAAM,uCAGlB,IACE,MAAMssC,EAAOzuB,EAAMjf,MAAMif,EAAM9N,UAAW2/E,SACpCF,EAAmB//D,QAAQ6c,EAAM1lC,EAAM2a,GAC7C,MAAOpgB,GACP+V,EAAK4D,gBAAgB3Z,GACrBmc,EAAYnc,OAQhB,GAJAwuF,EAAcH,EAAmB/Y,WACjC+Y,EAAmB/Y,UAAY,WACzBgZ,GAEDD,EAAmBzb,UAAYyb,EAAmBzb,QAAQ71E,OAC7D,MAAMof,GAAiBtd,MAAM,sBAG/B,MAAM4vF,EAAY,IAAIf,GAAQW,EAAmBzb,SAGjD,OAFAyb,EAAmBzb,QAAU,IAAID,GAE1B8b,EAeT3xF,yBAAyBixF,EAAgBC,EAAW/f,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC9E,IAEIvF,EAFAuyE,EAA6B,GAGjC,GAAIV,EAAW,CACb,MAAMW,EAAehzF,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOG,wBAC3D,GAA4B,IAAxBg+E,EAAa5xF,OACf,MAAU8B,MAAM,8DAEZjD,QAAQ2H,IAAIyqF,EAAUnqF,KAAI/G,eAAe8xF,EAAUhwF,GACvD,IAAIg0E,EAEFA,EADEh0E,QACc+zE,GAAW2B,WAAWqa,EAAalxF,QAAS+vF,GAA6BptE,GAE/EuuE,QAEN/yF,QAAQ2H,IAAIqvE,EAAQ/uE,KAAI/G,eAAe+xF,GAC3C,UACQA,EAAYvgE,QAAQsgE,GAC1BF,EAA2BlxF,KAAKqxF,GAChC,MAAO9xC,GACPhnC,EAAK4D,gBAAgBojC,gBAItB,KAAIgxC,EAqFT,MAAUlvF,MAAM,iCArFS,CACzB,MAAMiwF,EAAenzF,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC3D,GAA4B,IAAxBq+E,EAAa/xF,OACf,MAAU8B,MAAM,2DAEZjD,QAAQ2H,IAAIurF,EAAajrF,KAAI/G,eAAeiyF,SAC1CnzF,QAAQ2H,IAAIwqF,EAAelqF,KAAI/G,eAAekyF,GAClD,IAAI9B,EAAQ,CACVxwE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUG,UAChB2N,EAAM9N,UAAUI,OAElB,IACE,MAAMy1E,QAAoBuK,EAActK,eAAezW,OAAMrxE,EAAWwjB,GACpEqkE,EAAYE,kBAAkBtxE,+BAChC65E,EAAQA,EAAM/qF,OAAOsiF,EAAYE,kBAAkBtxE,+BAErD,MAAOrT,IAGT,MAAMivF,SAA8BD,EAAcE,kBAAkBH,EAAY5X,YAAa,UAAMv6E,EAAWwjB,IAASvc,KAAI0O,GAAOA,EAAI2mE,kBAChIt9E,QAAQ2H,IAAI0rF,EAAqBprF,KAAI/G,eAAeqyF,GACxD,IAAKA,GAAuBA,EAAoBnU,UAC9C,OAEF,IAAKmU,EAAoB7V,cACvB,MAAUz6E,MAAM,oCAWlB,GAPiCuhB,EAAOvB,8BACtCkwE,EAAY9f,qBAAuBvyD,EAAM7O,UAAUE,YACnDghF,EAAY9f,qBAAuBvyD,EAAM7O,UAAUC,gBACnDihF,EAAY9f,qBAAuBvyD,EAAM7O,UAAUG,SACnD+gF,EAAY9f,qBAAuBvyD,EAAM7O,UAAUI,SAGvB,CAW5B,MAAMmhF,EAAkBL,EAAYtxF,cAC9B7B,QAAQ2H,IAAI/H,MAAMkiB,KAAK0C,EAAOtB,yDAAyDjb,KAAI/G,UAC/F,MAAMuyF,EAAkB,IAAInY,GAC5BmY,EAAgBxyF,KAAKuyF,GACrB,MAAM5X,EAAmB,CACvBjC,sBACA6B,WAAYh9D,GAAOw+D,mBAAmBrD,IAExC,UACQ8Z,EAAgB/gE,QAAQ6gE,EAAqB3X,GACnDkX,EAA2BlxF,KAAK6xF,GAChC,MAAOtyC,GAEPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,YAKhB,IAEE,SADMgyC,EAAYzgE,QAAQ6gE,IACrBjC,EAAM/vE,SAAST,EAAMjf,MAAMif,EAAM9N,UAAWmgF,EAAYxZ,sBAC3D,MAAU12E,MAAM,iDAElB6vF,EAA2BlxF,KAAKuxF,GAChC,MAAOhyC,GACPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,WAKpByxC,EAAcO,EAAYzZ,WAC1ByZ,EAAYzZ,UAAY,UAM5B,GAAIoZ,EAA2B3xF,OAAS,EAAG,CAEzC,GAAI2xF,EAA2B3xF,OAAS,EAAG,CACzC,MAAMuyF,EAAO,IAAIvwE,IACjB2vE,EAA6BA,EAA2B3rF,QAAOwsF,IAC7D,MAAM33E,EAAI23E,EAAKha,oBAAsBx/D,EAAKqC,mBAAmBm3E,EAAKnY,YAClE,OAAIkY,EAAK3tF,IAAIiW,KAGb03E,EAAK1tF,IAAIgW,IACF,EAAI,IAIf,OAAO82E,EAA2B7qF,KAAI2M,KACpC/K,KAAM+K,EAAO4mE,WACb5xB,UAAW9oC,EAAM7f,KAAK6f,EAAM9N,UAAW4B,EAAO+kE,yBAGlD,MAAMp5D,GAAiBtd,MAAM,kCAO/B2wF,iBACE,MACM99E,EADM/V,KAAKkyF,mBACGjb,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ28D,YAAe,KAO5CG,cACE,MACM98D,EADM/V,KAAKkyF,mBACGjb,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ88D,eAAkB,KAO/CJ,UACE,MACM18D,EADM/V,KAAKkyF,mBACGjb,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAIQ,EACKA,EAAQ08D,UAEV,KAYT9qD,gCAAgCmsE,EAAiB,GAAIxhB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI1kE,EAASsB,IAC7F,MAAMypB,QAAa05C,GAAiB,YAAa4K,EAAgBxhB,EAAM6W,EAAS1kE,GAC1EmuE,EAAgB7xE,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC5CukD,EAAoBtvE,EAAOnC,mBPtC9BnhB,eAA+BgyB,EAAMm/C,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI1kE,EAASsB,IACpF,IAAIiuE,GAAY,EAShB,aAPM/zF,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,eAAeyV,EAAK3T,GAC7C,MAAM6lF,QAAoBlyE,EAAImyE,eAAezW,EAAM6W,EAAQlmF,GAAIwhB,GAC1DqkE,EAAYE,kBAAkBzwE,UAC7BuwE,EAAYE,kBAAkBzwE,SAAS,GAAKwI,EAAMxI,SAAS9D,OAC/Du/E,GAAY,OAGTA,CACT,CO2B0DC,CAAgBH,EAAgBxhB,EAAM6W,EAAS1kE,GACnG1D,EAAM7f,KAAK6f,EAAMtM,WAAYy0E,GAAiB,OAAQ4K,EAAgBxhB,EAAM6W,EAAS1kE,SACrFxjB,QAEIhB,QAAQ2H,IAAIksF,EAAe5rF,KAAI0O,GAAOA,EAAIs9E,mBAC7C9zF,OAAM,IAAM,OACZwB,MAAKuyF,IACJ,GAAIA,GAAaA,EAAS5W,UAAU1zB,YAAc9oC,EAAM7O,UAAUY,SAAYsH,EAAKyG,MAAM2uB,GACvF,MAAUtsC,MAAM,yMAMtB,MAAO,CAAE4G,KADc2U,GAAOw+D,mBAAmBztC,GAClBqa,UAAW+oC,EAAevY,cAAe0Z,GAgB1E5yF,cAAc2yF,EAAgBzB,EAAW5W,EAAY2Y,GAAW,EAAOC,EAAmB,GAAI/hB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI1kE,EAASsB,IACtI,GAAI01D,GACF,IAAKrhE,EAAKxX,aAAa64E,EAAW3xE,QAAUsQ,EAAKC,SAASohE,EAAW5xB,WACnE,MAAU3mD,MAAM,4CAEb,GAAI4wF,GAAkBA,EAAe1yF,OAC1Cq6E,QAAmBsW,GAAQ9U,mBAAmB6W,EAAgBxhB,EAAM6W,EAAS1kE,OACxE,KAAI4tE,IAAaA,EAAUjxF,OAGhC,MAAU8B,MAAM,gDAFhBu4E,QAAmBsW,GAAQ9U,wBAAmBh8E,OAAWA,OAAWA,EAAWwjB,GAKjF,MAAQ3a,KAAMuyE,EAAgBxyB,UAAW+oC,EAAevY,cAAe0Z,GAAsBtY,EAEvFp2C,QAAY0sD,GAAQuC,kBAAkBjY,EAAgBuW,EAAemB,EAAmBD,EAAgBzB,EAAW+B,EAAUC,EAAkB/hB,EAAM6W,EAAS1kE,GAEpK,IAAIiuE,EACAqB,GACFrB,EAAqB,IAAIvY,GACzBuY,EAAmBrY,cAAgBt5D,EAAMjf,MAAMif,EAAMtM,KAAMs/E,IAE3DrB,EAAqB,IAAIhZ,GAE3BgZ,EAAmBzb,QAAUj3E,KAAKi3E,QAElC,MAAMptB,EAAY9oC,EAAMjf,MAAMif,EAAM9N,UAAW2/E,GAK/C,aAJMF,EAAmBhgE,QAAQm3B,EAAWwyB,EAAgB53D,GAE5D4gB,EAAI4xC,QAAQp1E,KAAK6wF,GACjBA,EAAmBzb,QAAU,IAAID,GAC1B3xC,EAkBT1d,+BAA+B8zD,EAAYmX,EAAemB,EAAmBD,EAAgBzB,EAAW+B,GAAW,EAAOC,EAAmB,GAAI/hB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI1kE,EAASsB,IACzL,MAAMyhE,EAAa,IAAIxQ,GACjBntB,EAAY9oC,EAAMjf,MAAMif,EAAM9N,UAAW2/E,GACzCvY,EAAgB0Z,GAAqBhzE,EAAMjf,MAAMif,EAAMtM,KAAMs/E,GAEnE,GAAID,EAAgB,CAClB,MAAM7D,QAAgBhwF,QAAQ2H,IAAIksF,EAAe5rF,KAAI/G,eAAesnF,EAAYxlF,GAC9E,MAAM+5E,QAAsByL,EAAWyL,iBAAiBG,EAAiBpxF,GAAIqvE,EAAM6W,EAAS1kE,GACtF8vE,EAAgB,IAAIhZ,GAO1B,OANAgZ,EAAc/Y,YAAc4Y,EAAWhtE,GAAMgtE,WAAapX,EAAc3H,WACxEkf,EAAcjhB,mBAAqB0J,EAAcO,UAAU1zB,UAC3D0qC,EAAc9Y,WAAaA,EAC3B8Y,EAAc3a,oBAAsB/vB,QAC9B0qC,EAAc7hE,QAAQsqD,EAAcO,kBACnCgX,EAAc9Y,WACd8Y,MAET/M,EAAW3lF,QAAQouF,GAErB,GAAIoC,EAAW,CACb,MAAMmC,EAAcrzF,eAAeo8E,EAAW0V,GAC5C,IAEE,aADM1V,EAAU5qD,QAAQsgE,GACjB,EACP,MAAO5uF,GACP,OAAO,IAILmsB,EAAM,CAACikE,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkBxzF,eAAes6E,EAAY5xB,EAAWwwB,EAAe4Y,GAC3E,MAAM2B,EAA+B,IAAI/X,GAA6Bp4D,GAQtE,GAPAmwE,EAA6BnZ,WAAaA,EAC1CmZ,EAA6Bhb,oBAAsB/vB,EAC/CwwB,IACFua,EAA6Bva,cAAgBA,SAEzCua,EAA6BliE,QAAQugE,EAAUxuE,GAEjDA,EAAO3B,uBAAwB,CAEjC,GAA4B,WADN7iB,QAAQ2H,IAAIyqF,EAAUnqF,KAAI2sF,GAAOL,EAAYI,EAA8BC,OACrFtkE,OAAOC,GACjB,OAAOmkE,EAAgBlZ,EAAY5xB,EAAWopC,GAKlD,cADO2B,EAA6BnZ,WAC7BmZ,GAGH3E,QAAgBhwF,QAAQ2H,IAAIyqF,EAAUnqF,KAAI2sF,GAAOF,EAAgBlZ,EAAY5xB,EAAWwwB,EAAewa,MAC7GrN,EAAW3lF,QAAQouF,GAGrB,OAAO,IAAI8B,GAAQvK,GAerBrmF,WAAWiqF,EAAc,GAAIr2E,EAAY,KAAM+/E,EAAgB,GAAIxiB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IAC3H,MAAMyhE,EAAa,IAAIxQ,GAEjB+d,EAAoB/0F,KAAKi3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAKw/E,EACH,MAAU7xF,MAAM,mCAGlB,IAAID,EACA+xF,EAEJ,MAAM5hB,EAA2C,OAA3B2hB,EAAkB9+E,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAE3C,GAAIlB,EAEF,IADAigF,EAAwBjgF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC9D9R,EAAI+xF,EAAsB5zF,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACtD,MAAM0mF,EAAkBqL,EAAsB/xF,GACxCgyF,EAAa,IAAIte,GACvBse,EAAW7hB,cAAgBuW,EAAgBvW,cAC3C6hB,EAAW5hB,cAAgBsW,EAAgBtW,cAC3C4hB,EAAW3hB,mBAAqBqW,EAAgBrW,mBAChD2hB,EAAW9gB,YAAcwV,EAAgBxV,YACpCiX,EAAYhqF,QAAgB,IAAN6B,IACzBgyF,EAAW5rB,MAAQ,GAErBme,EAAW3lF,KAAKozF,GA0BpB,aAtBMh1F,QAAQ2H,IAAI/H,MAAMkiB,KAAKqpE,GAAa/6E,UAAUnI,KAAI/G,eAAgBsnF,EAAYxlF,GAClF,IAAKwlF,EAAW4C,YACd,MAAUnoF,MAAM,gCAElB,MAAMgyF,EAAeJ,EAAc1J,EAAYhqF,OAAS,EAAI6B,GACtDqoF,QAAmB7C,EAAW8C,cAAc2J,EAAc5iB,EAAM6W,EAAS1kE,GACzEwwE,EAAa,IAAIte,GAQvB,OAPAse,EAAW7hB,cAAgBA,EAC3B6hB,EAAW5hB,oBAAsB7oB,GAAqBi+B,EAAY6C,EAAW/N,UAAWjL,EAAM6W,EAAS1kE,GACvGwwE,EAAW3hB,mBAAqBgY,EAAW/N,UAAU1zB,UACrDorC,EAAW9gB,YAAcmX,EAAWjW,WAChCpyE,IAAMmoF,EAAYhqF,OAAS,IAC7B6zF,EAAW5rB,MAAQ,GAEd4rB,MACLrzF,MAAKuzF,IACPA,EAAqB/xF,SAAQ6xF,GAAczN,EAAW3lF,KAAKozF,IAAY,IAGzEzN,EAAW3lF,KAAKkzF,GAChBvN,EAAW3lF,cAAeuzF,GAAuBL,EAAmB3J,EAAar2E,EAAW+/E,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAO5vD,IAErI,IAAIstE,GAAQvK,GASrBjP,SAAS/oC,EAAM/qB,EAASsB,IACtB,GAAIypB,IAASzuB,EAAMpN,YAAYC,aAC7B,OAAO5T,KAGT,MAAMq4E,EAAa,IAAID,GAAqB3zD,GAC5C4zD,EAAWxuB,UAAYra,EACvB6oC,EAAWpB,QAAUj3E,KAAKi3E,QAE1B,MAAM+Z,EAAa,IAAIha,GAGvB,OAFAga,EAAWnvF,KAAKw2E,GAET,IAAI0Z,GAAQf,GAerB7vF,mBAAmBiqF,EAAc,GAAIr2E,EAAY,KAAM+/E,EAAgB,GAAIxiB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IACnI,MAAMgvE,EAAoB/0F,KAAKi3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAKw/E,EACH,MAAU7xF,MAAM,mCAElB,OAAO,IAAIqkF,SAAgB6N,GAAuBL,EAAmB3J,EAAar2E,EAAW+/E,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAM5vD,IAe9ItjB,aAAasqF,EAAkBnZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMsf,EAAMrlC,KAAKkyF,mBACXmD,EAAkBhwD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3B8/E,EAAgBj0F,OAClB,MAAU8B,MAAM,yDAEd6jB,EAAqBse,EAAI4xC,QAAQl2E,SACnCskC,EAAI4xC,QAAQp1E,cAAc8kB,EAAiB0e,EAAI4xC,QAAQl2E,QAAQsjD,GAAKA,GAAK,MAE3E,MAAM8tC,EAAiB9sD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAAkB5E,UACxEilF,EAAgBjwD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC3D,OAAIo9E,EAAe/wF,SAAWk0F,EAAcl0F,QAAUgZ,EAAK5X,SAAS6iC,EAAI4xC,QAAQl2E,UAAYgmB,EAAqBse,EAAI4xC,QAAQl2E,eACrHd,QAAQ2H,IAAIuqF,EAAejqF,KAAI/G,UACnC8zF,EAAWre,iBAAmB,IAAI32E,SAAQ,CAACC,EAASC,KAClD80F,EAAWM,wBAA0Br1F,EACrC+0F,EAAWO,uBAAyBr1F,CAAM,IAE5C80F,EAAW1hB,cAAgB0B,GAAiB9zE,gBAAmB8zF,EAAWre,kBAAkBrD,gBAC5F0hB,EAAWhzD,OAAStb,QAAuBsuE,EAAWjhF,KAAKihF,EAAW7hB,cAAeiiB,EAAgB,QAAIp0F,GAAW,IACpHg0F,EAAWhzD,OAAO7hC,OAAM,QAAS,KAEnCilC,EAAI4xC,QAAQl2E,OAASulB,EAAqB+e,EAAI4xC,QAAQl2E,QAAQI,MAAOqH,EAAUC,KAC7E,MAAMlD,EAASghB,EAAiB/d,GAC1B9H,EAAS8lB,EAAiB/d,GAChC,IACE,IAAK,IAAIxF,EAAI,EAAGA,EAAIkvF,EAAe/wF,OAAQ6B,IAAK,CAC9C,MAAQ5B,MAAO0T,SAAoBxP,EAAOrE,OAC1CixF,EAAelvF,GAAGsyF,wBAAwBxgF,SAEtCxP,EAAOhE,kBACPb,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,GACP8tF,EAAe/uF,SAAQ6xF,IACrBA,EAAWO,uBAAuBnxF,EAAE,UAEhC3D,EAAOuB,MAAMoC,OAGhBoxF,GAA0BtD,EAAgBkD,EAAiB5J,EAAkBnZ,GAAM,EAAO7tD,IAE5FgxE,GAA0BH,EAAeD,EAAiB5J,EAAkBnZ,GAAM,EAAO7tD,GAgBlGixE,eAAe3gF,EAAW02E,EAAkBnZ,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtE,MACMsvE,EADMr1F,KAAKkyF,mBACWjb,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3B8/E,EAAgBj0F,OAClB,MAAU8B,MAAM,yDAGlB,OAAOuyF,GADe1gF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACjBsgF,EAAiB5J,EAAkBnZ,GAAM,EAAM7tD,GAOjGytE,mBACE,MAAM7Z,EAAar4E,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOO,gBACzD,OAAIijE,EAAWj3E,OACN,IAAI2wF,GAAQ1Z,EAAW,GAAGpB,SAE5Bj3E,KAQTmB,sBAAsBw0F,EAAmBlxE,EAASsB,UAC1C/lB,KAAKi3E,QAAQ/1E,KACjBkZ,EAAKxX,aAAa+yF,GAAqBA,SAA2B7vE,GAAQ6vE,IAAoB7rF,KAC9FgoF,GACArtE,GAQJ3iB,QACE,OAAO9B,KAAKi3E,QAAQn1E,QAQtBqX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMI,QAASvZ,KAAK8B,QAAS,KAAM,KAAM,KAAM2iB,IAmB/DtjB,eAAei0F,GAAuBL,EAAmB3J,EAAar2E,EAAY,KAAM+/E,EAAgB,GAAIxiB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI9U,EAAY,GAAIl3B,GAAW,EAAO14B,EAASsB,IAC7L,MAAMyhE,EAAa,IAAIxQ,GAGjB5D,EAA2C,OAA3B2hB,EAAkB9+E,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAa3C,SAXMhW,QAAQ2H,IAAIwjF,EAAYljF,KAAI/G,MAAOsnF,EAAYxlF,KACnD,MAAMwS,EAAS0zE,EAAQlmF,GACvB,IAAKwlF,EAAW4C,YACd,MAAUnoF,MAAM,gCAElB,MAAMooF,QAAmB7C,EAAW8C,cAAcuJ,EAAc7xF,GAAIqvE,EAAM78D,EAAQgP,GAClF,OAAOmkE,GAAsBmM,EAAmBtM,EAAY6C,EAAW/N,UAAW,CAAEnK,iBAAiBd,EAAM78D,EAAQ4+D,EAAWl3B,EAAU14B,EAAO,KAC7I7iB,MAAK0zF,IACP9N,EAAW3lF,QAAQyzF,EAAc,IAG/BvgF,EAAW,CACb,MAAMigF,EAAwBjgF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACzEyyE,EAAW3lF,QAAQmzF,GAErB,OAAOxN,CACT,CAkGOrmF,eAAes0F,GAA0BH,EAAeD,EAAiB5J,EAAkBnZ,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAC9I,OAAO9lB,QAAQ2H,IAAI0tF,EAAcluF,QAAO,SAAS2N,GAC/C,MAAO,CAAC,OAAQ,UAAUyM,SAAST,EAAM7f,KAAK6f,EAAMhM,UAAWA,EAAUq+D,mBACxElrE,KAAI/G,eAAe4T,GACpB,OApFJ5T,eAAwC4T,EAAWsgF,EAAiB5J,EAAkBnZ,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAClI,IAAI0iE,EACAmN,EAEJ,IAAK,MAAMh/E,KAAO60E,EAAkB,CAClC,MAAMC,EAAa90E,EAAI+0E,QAAQ52E,EAAUo/D,aACzC,GAAIuX,EAAWtqF,OAAS,EAAG,CACzBqnF,EAAa7xE,EACbg/E,EAAuBlK,EAAW,GAClC,OAIJ,MACMmK,EADqB9gF,aAAqB4hE,GACI5hE,EAAU6hE,iBAAmB7hE,EAE3E+gF,EAAc,CAClBvuE,MAAOxS,EAAUo/D,YACjBlB,SAAU,WACR,IAAK2iB,EACH,MAAU1yF,MAAM,0CAA0C6R,EAAUo/D,YAAY9sD,eAG5EtS,EAAUsoC,OAAOu4C,EAAqBrY,UAAWxoE,EAAUq+D,cAAeiiB,EAAgB,GAAI/iB,EAAMn1B,EAAU14B,GACpH,MAAMklE,QAAwBkM,EAC9B,GAAID,EAAqBhY,kBAAoB+L,EAAgBjW,QAC3D,MAAUxwE,MAAM,mCAIlB,UACQulF,EAAW8C,cAAcqK,EAAqBvgB,WAAYsU,EAAgBjW,aAASzyE,EAAWwjB,GACpG,MAAOpgB,GAKP,IAAIogB,EAAOxB,+CAAgD5e,EAAEkV,QAAQ+K,MAAM,4CAGzE,MAAMjgB,QAFAokF,EAAW8C,cAAcqK,EAAqBvgB,WAAY/C,OAAMrxE,EAAWwjB,GAKrF,OAAO,CACR,EA1BS,GA2BV1P,UAAW,WACT,MAAM40E,QAAwBkM,EACxBrO,EAAa,IAAIxQ,GAEvB,OADA2S,GAAmBnC,EAAW3lF,KAAK8nF,GAC5B,IAAIpC,GAAUC,EACtB,EALU,IAeb,OAHAsO,EAAY/gF,UAAU3U,OAAM,SAC5B01F,EAAY7iB,SAAS7yE,OAAM,SAEpB01F,CACT,CAuBWC,CAAyBhhF,EAAWsgF,EAAiB5J,EAAkBnZ,EAAMn1B,EAAU14B,MAElG,CC1zBA,MAAMqyD,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAM5D,MAAM6iB,GAKXl2F,YAAYmW,EAAMlB,GAGhB,GADA/U,KAAKiW,KAAOmE,EAAK0F,qBAAqB7J,GAAM2L,QAAQ,SAAU,QAC1D7M,KAAeA,aAAqBwyE,IACtC,MAAUrkF,MAAM,2BAElBlD,KAAK+U,UAAYA,GAAa,IAAIwyE,GAAU,IAAIvQ,IAOlDyQ,mBACE,MAAMwK,EAAS,GAKf,OAJsBjyF,KAAK+U,UAAUkiE,QACvB7zE,SAAQ,SAASyR,GAC7Bo9E,EAAOpwF,KAAKgT,EAAOs/D,gBAEd8d,EAeT9wF,WAAW0uF,EAAa96E,EAAY,KAAM+/E,EAAgB,GAAIxiB,EAAO,IAAI13D,KAAQuuE,EAAU,GAAI9U,EAAY,GAAI5vD,EAASsB,IACtH,MAAMgvE,EAAoB,IAAI1iB,GAC9B0iB,EAAkBviB,QAAQxyE,KAAKiW,MAC/B,MAAMggF,EAAe,IAAI1O,SAAgB6N,GAAuBL,EAAmBlF,EAAa96E,EAAW+/E,EAAexiB,EAAM6W,EAAS9U,GAAW,EAAM5vD,IAC1J,OAAO,IAAIuxE,GAAiBh2F,KAAKiW,KAAMggF,GAezC54C,OAAOlqB,EAAMm/C,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAMuvE,EAAgBt1F,KAAK+U,UAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAChEggF,EAAoB,IAAI1iB,GAG9B,OADA0iB,EAAkBviB,QAAQxyE,KAAKiW,MACxBw/E,GAA0BH,EAAe,CAACP,GAAoB5hE,EAAMm/C,GAAM,EAAM7tD,GAOzFguD,UAEE,OAAOzyE,KAAKiW,KAAK2L,QAAQ,QAAS,MAQpCzI,MAAMsL,EAASsB,IACb,IAAImwE,EAASl2F,KAAK+U,UAAUkiE,QAAQ/uE,KAAI,SAAS2M,GAC/C,OAAOkM,EAAM7f,KAAK6f,EAAM/M,KAAMa,EAAOw+D,eAAeoD,iBAEtDyf,EAASA,EAAO9uF,QAAO,SAASwsF,EAAM3wF,EAAGkzF,GAAM,OAAOA,EAAG5vF,QAAQqtF,KAAU3wF,KAC3E,MAAMyiB,EAAO,CACX1R,KAAMkiF,EAAO10F,OACbyU,KAAMjW,KAAKiW,KACXnM,KAAM9J,KAAK+U,UAAUkiE,QAAQn1E,SAE/B,OAAOqX,GAAM4H,EAAM5H,MAAMG,OAAQoM,OAAMzkB,OAAWA,OAAWA,EAAWwjB,ICof5E,SAAS2xE,GAAa78E,GACpB,KAAMA,aAAmBw4E,IACvB,MAAU7uF,MAAM,kDAEpB,CACA,SAASmzF,GAAwB98E,GAC/B,KAAMA,aAAmBy8E,IAAuBz8E,aAAmBw4E,IACjE,MAAU7uF,MAAM,sEAEpB,CACA,SAASozF,GAAyBh0C,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUp/C,MAAM,sBAAsBo/C,EAE1C,CACA,MAAMi0C,GAA0BxrF,OAAOooB,KAAKpN,IAAe3kB,OAC3D,SAASo1F,GAAY/xE,GACnB,MAAMgyE,EAAmB1rF,OAAOooB,KAAK1O,GACrC,GAAIgyE,EAAiBr1F,SAAWm1F,GAC9B,IAAK,MAAMG,KAAaD,EACtB,QAAiCx1F,IAA7B8kB,GAAc2wE,GAChB,MAAUxzF,MAAM,4BAA4BwzF,EAIpD,CAQA,SAAS/uD,GAAQ6jB,GAIf,OAHIA,IAAUpxC,EAAK5Z,QAAQgrD,KACzBA,EAAQ,CAACA,IAEJA,CACT,CAWArqD,eAAew1F,GAAc7sF,EAAM8sF,EAAWC,EAAW,QACvD,MAAMjxF,EAAawU,EAAK5X,SAASsH,GACjC,MAAmB,UAAflE,EACK+gB,EAAiB7c,GAER,SAAd8sF,GACF9sF,EAAOmvE,EAAiBnvE,GACP,WAAb+sF,GAAuB/sF,EAAKgtF,YAAYD,GACrC/sF,GAES,QAAd8sF,GAAsC,aAAfhxF,EAClBmxF,EAAwBjtF,GAE1BA,CACT,CAUA,SAASktF,GAAYv1F,EAAQ8X,GAC3B9X,EAAOqI,KAAOwc,EAAqB/M,EAAQ09D,QAAQl2E,QAAQI,MAAOqH,EAAUC,WACpEoe,EAAYplB,EAAOqI,KAAMrB,EAAU,CACvCE,cAAc,IAEhB,MAAMjI,EAAS8lB,EAAiB/d,GAChC,UAEQke,EAAiBne,GAAU67C,GAAKA,UAChC3jD,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,MAGzB,CASA,SAAS4yF,GAAaC,EAAQ50C,EAAQ79B,GACpC,OAAQ69B,GACN,IAAK,SACH,OAAO40C,EACT,IAAK,UACH,OAAOA,EAAO/9E,MAAMsL,GACtB,IAAK,SACH,OAAOyyE,EAAOp1F,QAChB,QACE,MAAUoB,MAAM,sBAAsBo/C,GAE5C,CCrtBA,MAAM60C,GAAmC,mBAAX33F,QAAoD,iBAApBA,OAAO43F,SACjE53F,OACA63F,GAAe,UAAUA,KAG7B,SAASC,KAET,CAaA,MAAMC,GAXkB,oBAAT75C,KACAA,KAEgB,oBAAX8b,OACLA,OAEgB,oBAAXqmB,OACLA,YADN,EAOT,SAAS2X,GAAa1qF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CACA,MAAM2qF,GAAiCH,GAEjCI,GAAkBz3F,QAClB03F,GAAsB13F,QAAQe,UAAUY,KACxCg2F,GAAyB33F,QAAQC,QAAQuF,KAAKiyF,IAC9CG,GAAwB53F,QAAQE,OAAOsF,KAAKiyF,IAClD,SAASI,GAAWC,GAChB,OAAO,IAAIL,GAAgBK,EAC/B,CACA,SAASC,GAAoB32F,GACzB,OAAOu2F,GAAuBv2F,EAClC,CACA,SAAS42F,GAAoB/1F,GACzB,OAAO21F,GAAsB31F,EACjC,CACA,SAASg2F,GAAmBz3E,EAAS03E,EAAaC,GAG9C,OAAOT,GAAoB72F,KAAK2f,EAAS03E,EAAaC,EAC1D,CACA,SAASC,GAAY53E,EAAS03E,EAAaC,GACvCF,GAAmBA,GAAmBz3E,EAAS03E,EAAaC,QAAan3F,EAAWw2F,GACxF,CACA,SAASa,GAAgB73E,EAAS03E,GAC9BE,GAAY53E,EAAS03E,EACzB,CACA,SAASI,GAAc93E,EAAS23E,GAC5BC,GAAY53E,OAASxf,EAAWm3F,EACpC,CACA,SAASI,GAAqB/3E,EAASg4E,EAAoBC,GACvD,OAAOR,GAAmBz3E,EAASg4E,EAAoBC,EAC3D,CACA,SAASC,GAA0Bl4E,GAC/By3E,GAAmBz3E,OAASxf,EAAWw2F,GAC3C,CACA,MAAMmB,GAAiB,MACnB,MAAMC,EAAuBtB,IAAWA,GAAQqB,eAChD,GAAoC,mBAAzBC,EACP,OAAOA,EAEX,MAAMC,EAAkBd,QAAoB/2F,GAC5C,OAAQgJ,GAAOiuF,GAAmBY,EAAiB7uF,EACtD,EAPsB,GAQvB,SAAS8uF,GAAYC,EAAG3sC,EAAGz7B,GACvB,GAAiB,mBAANooE,EACP,MAAM,IAAInnE,UAAU,8BAExB,OAAOonE,SAASj4F,UAAU6b,MAAM/b,KAAKk4F,EAAG3sC,EAAGz7B,EAC/C,CACA,SAASsoE,GAAYF,EAAG3sC,EAAGz7B,GACvB,IACI,OAAOonE,GAAoBe,GAAYC,EAAG3sC,EAAGz7B,IAEjD,MAAOvvB,GACH,OAAO42F,GAAoB52F,GAEnC,CAWA,MAAM83F,GACFr5F,cACIE,KAAKo5F,QAAU,EACfp5F,KAAKq5F,MAAQ,EAEbr5F,KAAKs5F,OAAS,CACVC,UAAW,GACXC,WAAOv4F,GAEXjB,KAAKy5F,MAAQz5F,KAAKs5F,OAIlBt5F,KAAKo5F,QAAU,EAEfp5F,KAAKq5F,MAAQ,EAEbj4F,aACA,OAAOpB,KAAKq5F,MAMhBx3F,KAAKwB,GACD,MAAMq2F,EAAU15F,KAAKy5F,MACrB,IAAIE,EAAUD,EACmBE,QAA7BF,EAAQH,UAAUn4F,SAClBu4F,EAAU,CACNJ,UAAW,GACXC,WAAOv4F,IAKfy4F,EAAQH,UAAU13F,KAAKwB,GACnBs2F,IAAYD,IACZ15F,KAAKy5F,MAAQE,EACbD,EAAQF,MAAQG,KAElB35F,KAAKq5F,MAIXnzF,QACI,MAAM2zF,EAAW75F,KAAKs5F,OACtB,IAAIQ,EAAWD,EACf,MAAME,EAAY/5F,KAAKo5F,QACvB,IAAIY,EAAYD,EAAY,EAC5B,MAAME,EAAWJ,EAASN,UACpBl2F,EAAU42F,EAASF,GAazB,OAtEqB,QA0DjBC,IACAF,EAAWD,EAASL,MACpBQ,EAAY,KAGdh6F,KAAKq5F,MACPr5F,KAAKo5F,QAAUY,EACXH,IAAaC,IACb95F,KAAKs5F,OAASQ,GAGlBG,EAASF,QAAa94F,EACfoC,EAUXD,QAAQ6B,GACJ,IAAIhC,EAAIjD,KAAKo5F,QACT3xC,EAAOznD,KAAKs5F,OACZW,EAAWxyC,EAAK8xC,UACpB,OAAOt2F,IAAMg3F,EAAS74F,aAAyBH,IAAfwmD,EAAK+xC,OAC7Bv2F,IAAMg3F,EAAS74F,SACfqmD,EAAOA,EAAK+xC,MACZS,EAAWxyC,EAAK8xC,UAChBt2F,EAAI,EACoB,IAApBg3F,EAAS74F,UAIjB6D,EAASg1F,EAASh3F,MAChBA,EAKVi3F,OACI,MAAMC,EAAQn6F,KAAKs5F,OACb5oE,EAAS1wB,KAAKo5F,QACpB,OAAOe,EAAMZ,UAAU7oE,IAI/B,SAAS0pE,GAAsC70F,EAAQxE,GACnDwE,EAAO80F,qBAAuBt5F,EAC9BA,EAAO+D,QAAUS,EACK,aAAlBxE,EAAOu5F,OACPC,GAAqCh1F,GAEd,WAAlBxE,EAAOu5F,OAsCpB,SAAwD/0F,GACpDg1F,GAAqCh1F,GACrCi1F,GAAkCj1F,EACtC,CAxCQk1F,CAA+Cl1F,GAG/Cm1F,GAA+Cn1F,EAAQxE,EAAO45F,aAEtE,CAGA,SAASC,GAAkCr1F,EAAQrD,GAE/C,OAAO24F,GADQt1F,EAAO80F,qBACcn4F,EACxC,CACA,SAAS44F,GAAmCv1F,GACG,aAAvCA,EAAO80F,qBAAqBC,OAC5BS,GAAiCx1F,EAAQ,IAAIssB,UAAU,qFAoC/D,SAAmDtsB,EAAQrD,GACvDw4F,GAA+Cn1F,EAAQrD,EAC3D,CAnCQ84F,CAA0Cz1F,EAAQ,IAAIssB,UAAU,qFAEpEtsB,EAAO80F,qBAAqBv1F,aAAU7D,EACtCsE,EAAO80F,0BAAuBp5F,CAClC,CAEA,SAASg6F,GAAoB/vF,GACzB,OAAO,IAAI2mB,UAAU,UAAY3mB,EAAO,oCAC5C,CAEA,SAASqvF,GAAqCh1F,GAC1CA,EAAO21F,eAAiBpD,IAAW,CAAC53F,EAASC,KACzCoF,EAAO41F,uBAAyBj7F,EAChCqF,EAAO61F,sBAAwBj7F,CAAM,GAE7C,CACA,SAASu6F,GAA+Cn1F,EAAQrD,GAC5Dq4F,GAAqCh1F,GACrCw1F,GAAiCx1F,EAAQrD,EAC7C,CAKA,SAAS64F,GAAiCx1F,EAAQrD,QACTjB,IAAjCsE,EAAO61F,wBAGXzC,GAA0BpzF,EAAO21F,gBACjC31F,EAAO61F,sBAAsBl5F,GAC7BqD,EAAO41F,4BAAyBl6F,EAChCsE,EAAO61F,2BAAwBn6F,EACnC,CAIA,SAASu5F,GAAkCj1F,QACDtE,IAAlCsE,EAAO41F,yBAGX51F,EAAO41F,4BAAuBl6F,GAC9BsE,EAAO41F,4BAAyBl6F,EAChCsE,EAAO61F,2BAAwBn6F,EACnC,CAEA,MAAMo6F,GAAalE,GAAe,kBAC5BmE,GAAanE,GAAe,kBAC5BoE,GAAcpE,GAAe,mBAC7BqE,GAAYrE,GAAe,iBAI3BsE,GAAiBnsF,OAAOosF,UAAY,SAAU5uF,GAChD,MAAoB,iBAANA,GAAkB4uF,SAAS5uF,EAC7C,EAIM6uF,GAAYjwF,KAAKkwF,OAAS,SAAU/jD,GACtC,OAAOA,EAAI,EAAInsC,KAAKmQ,KAAKg8B,GAAKnsC,KAAKsP,MAAM68B,EAC7C,EAMA,SAASgkD,GAAiBz7C,EAAK07C,GAC3B,QAAY76F,IAARm/C,IAHgB,iBADFtzC,EAIqBszC,IAHM,mBAANtzC,GAInC,MAAM,IAAI+kB,UAAaiqE,EAAH,sBAL5B,IAAsBhvF,CAOtB,CAEA,SAASivF,GAAejvF,EAAGgvF,GACvB,GAAiB,mBAANhvF,EACP,MAAM,IAAI+kB,UAAaiqE,EAAH,sBAE5B,CAKA,SAASE,GAAalvF,EAAGgvF,GACrB,IAJJ,SAAkBhvF,GACd,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAES65E,CAAS75E,GACV,MAAM,IAAI+kB,UAAaiqE,EAAH,qBAE5B,CACA,SAASG,GAAuBnvF,EAAGovF,EAAUJ,GACzC,QAAU76F,IAAN6L,EACA,MAAM,IAAI+kB,UAAU,aAAaqqE,qBAA4BJ,MAErE,CACA,SAASK,GAAoBrvF,EAAGsvF,EAAON,GACnC,QAAU76F,IAAN6L,EACA,MAAM,IAAI+kB,UAAU,GAAGuqE,qBAAyBN,MAExD,CAEA,SAASO,GAA0Bh7F,GAC/B,OAAOiO,OAAOjO,EAClB,CACA,SAASi7F,GAAmBxvF,GACxB,OAAa,IAANA,EAAU,EAAIA,CACzB,CAKA,SAASyvF,GAAwCl7F,EAAOy6F,GACpD,MACMU,EAAaltF,OAAOC,iBAC1B,IAAIzC,EAAIwC,OAAOjO,GAEf,GADAyL,EAAIwvF,GAAmBxvF,IAClB2uF,GAAe3uF,GAChB,MAAM,IAAI+kB,UAAaiqE,EAAH,2BAGxB,GADAhvF,EAZJ,SAAqBA,GACjB,OAAOwvF,GAAmBX,GAAU7uF,GACxC,CAUQ2vF,CAAY3vF,GACZA,EARe,GAQGA,EAAI0vF,EACtB,MAAM,IAAI3qE,UAAU,GAAGiqE,2CAA6DU,gBAExF,OAAKf,GAAe3uF,IAAY,IAANA,EAOnBA,EANI,CAOf,CAEA,SAAS4vF,GAAqB5vF,EAAGgvF,GAC7B,IAAKa,GAAiB7vF,GAClB,MAAM,IAAI+kB,UAAaiqE,EAAH,4BAE5B,CAGA,SAASc,GAAmC77F,GACxC,OAAO,IAAI87F,GAA4B97F,EAC3C,CAEA,SAAS+7F,GAA6B/7F,EAAQg8F,GAC1Ch8F,EAAO+D,QAAQk4F,cAAcn7F,KAAKk7F,EACtC,CACA,SAASE,GAAiCl8F,EAAQgB,EAAOT,GACrD,MACMy7F,EADSh8F,EAAO+D,QACKk4F,cAAc92F,QACrC5E,EACAy7F,EAAYG,cAGZH,EAAYI,YAAYp7F,EAEhC,CACA,SAASq7F,GAAiCr8F,GACtC,OAAOA,EAAO+D,QAAQk4F,cAAc57F,MACxC,CACA,SAASi8F,GAA+Bt8F,GACpC,MAAMwE,EAASxE,EAAO+D,QACtB,YAAe7D,IAAXsE,KAGC+3F,GAA8B/3F,EAIvC,CAMA,MAAMs3F,GACF/8F,YAAYiB,GAGR,GAFAk7F,GAAuBl7F,EAAQ,EAAG,+BAClC27F,GAAqB37F,EAAQ,mBACzBw8F,GAAuBx8F,GACvB,MAAM,IAAI8wB,UAAU,+EAExBuoE,GAAsCp6F,KAAMe,GAC5Cf,KAAKg9F,cAAgB,IAAI7D,GAMzBt4F,aACA,OAAKy8F,GAA8Bt9F,MAG5BA,KAAKk7F,eAFDjD,GAAoBuF,GAAiC,WAOpE/4F,OAAOvC,EAASjB,WACZ,OAAKq8F,GAA8Bt9F,WAGDiB,IAA9BjB,KAAKq6F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkC56F,KAAMkC,GALpC+1F,GAAoBuF,GAAiC,WAYpEt8F,OACI,IAAKo8F,GAA8Bt9F,MAC/B,OAAOi4F,GAAoBuF,GAAiC,SAEhE,QAAkCv8F,IAA9BjB,KAAKq6F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAAC53F,EAASC,KACjCs9F,EAAiBv9F,EACjBw9F,EAAgBv9F,CAAM,IAQ1B,OADAw9F,GAAgC39F,KALZ,CAChBm9F,YAAap7F,GAAS07F,EAAe,CAAEp8F,MAAOU,EAAOT,MAAM,IAC3D47F,YAAa,IAAMO,EAAe,CAAEp8F,WAAOJ,EAAWK,MAAM,IAC5Ds8F,YAAav5F,GAAKq5F,EAAcr5F,KAG7Boc,EAWX7f,cACI,IAAK08F,GAA8Bt9F,MAC/B,MAAMw9F,GAAiC,eAE3C,QAAkCv8F,IAA9BjB,KAAKq6F,qBAAT,CAGA,GAAIr6F,KAAKg9F,cAAc57F,OAAS,EAC5B,MAAM,IAAIywB,UAAU,uFAExBipE,GAAmC96F,QAgB3C,SAASs9F,GAA8BxwF,GACnC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,gBAIjD,CACA,SAAS6wF,GAAgCp4F,EAAQw3F,GAC7C,MAAMh8F,EAASwE,EAAO80F,qBACtBt5F,EAAO88F,YAAa,EACE,WAAlB98F,EAAOu5F,OACPyC,EAAYG,cAEW,YAAlBn8F,EAAOu5F,OACZyC,EAAYa,YAAY78F,EAAO45F,cAG/B55F,EAAO+8F,0BAA0BtC,IAAWuB,EAEpD,CAEA,SAASS,GAAiCtyF,GACtC,OAAO,IAAI2mB,UAAU,yCAAyC3mB,sDAClE,CAGA,IAAI6yF,GAzCJhzF,OAAOizF,iBAAiBnB,GAA4B77F,UAAW,CAC3DyD,OAAQ,CAAEkhC,YAAY,GACtBzkC,KAAM,CAAEykC,YAAY,GACpB/kC,YAAa,CAAE+kC,YAAY,GAC3B9kC,OAAQ,CAAE8kC,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAewxF,GAA4B77F,UAAWm2F,GAAe8G,YAAa,CACrF58F,MAAO,8BACPukC,cAAc,IAiCsB,iBAAjCuxD,GAAe+G,gBAGtBH,GAAyB,CAGrB,CAAC5G,GAAe+G,iBACZ,OAAOl+F,OAGf+K,OAAOM,eAAe0yF,GAAwB5G,GAAe+G,cAAe,CAAEv4D,YAAY,KAI9F,MAAMw4D,GACFr+F,YAAYyF,EAAQyD,GAChBhJ,KAAKo+F,qBAAkBn9F,EACvBjB,KAAKq+F,aAAc,EACnBr+F,KAAK8E,QAAUS,EACfvF,KAAKs+F,eAAiBt1F,EAE1Bo6D,OACI,MAAMm7B,EAAY,IAAMv+F,KAAKw+F,aAI7B,OAHAx+F,KAAKo+F,gBAAkBp+F,KAAKo+F,gBACxB5F,GAAqBx4F,KAAKo+F,gBAAiBG,EAAWA,GACtDA,IACGv+F,KAAKo+F,gBAEhBK,OAAOp9F,GACH,MAAMq9F,EAAc,IAAM1+F,KAAK2+F,aAAat9F,GAC5C,OAAOrB,KAAKo+F,gBACR5F,GAAqBx4F,KAAKo+F,gBAAiBM,EAAaA,GACxDA,IAERF,aACI,GAAIx+F,KAAKq+F,YACL,OAAOp+F,QAAQC,QAAQ,CAAEmB,WAAOJ,EAAWK,MAAM,IAErD,MAAMiE,EAASvF,KAAK8E,QACpB,QAAoC7D,IAAhCsE,EAAO80F,qBACP,OAAOpC,GAAoBgD,GAAoB,YAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAAC53F,EAASC,KACjCs9F,EAAiBv9F,EACjBw9F,EAAgBv9F,CAAM,IAuB1B,OADAw9F,GAAgCp4F,EApBZ,CAChB43F,YAAap7F,IACT/B,KAAKo+F,qBAAkBn9F,EAGvB23F,IAAe,IAAM6E,EAAe,CAAEp8F,MAAOU,EAAOT,MAAM,KAAS,EAEvE47F,YAAa,KACTl9F,KAAKo+F,qBAAkBn9F,EACvBjB,KAAKq+F,aAAc,EACnBvD,GAAmCv1F,GACnCk4F,EAAe,CAAEp8F,WAAOJ,EAAWK,MAAM,GAAO,EAEpDs8F,YAAa17F,IACTlC,KAAKo+F,qBAAkBn9F,EACvBjB,KAAKq+F,aAAc,EACnBvD,GAAmCv1F,GACnCm4F,EAAcx7F,EAAO,IAItBue,EAEXk+E,aAAat9F,GACT,GAAIrB,KAAKq+F,YACL,OAAOp+F,QAAQC,QAAQ,CAAEmB,QAAOC,MAAM,IAE1CtB,KAAKq+F,aAAc,EACnB,MAAM94F,EAASvF,KAAK8E,QACpB,QAAoC7D,IAAhCsE,EAAO80F,qBACP,OAAOpC,GAAoBgD,GAAoB,qBAEnD,IAAKj7F,KAAKs+F,eAAgB,CACtB,MAAM78F,EAASm5F,GAAkCr1F,EAAQlE,GAEzD,OADAy5F,GAAmCv1F,GAC5BizF,GAAqB/2F,GAAQ,MAASJ,QAAOC,MAAM,MAG9D,OADAw5F,GAAmCv1F,GAC5ByyF,GAAoB,CAAE32F,QAAOC,MAAM,KAGlD,MAAMs9F,GAAuC,CACzCx7B,OACI,OAAKy7B,GAA8B7+F,MAG5BA,KAAK8+F,mBAAmB17B,OAFpB60B,GAAoB8G,GAAuC,UAI1EN,OAAOp9F,GACH,OAAKw9F,GAA8B7+F,MAG5BA,KAAK8+F,mBAAmBL,OAAOp9F,GAF3B42F,GAAoB8G,GAAuC,aAgB9E,SAASF,GAA8B/xF,GACnC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,qBAIjD,CAEA,SAASiyF,GAAuC7zF,GAC5C,OAAO,IAAI2mB,UAAU,+BAA+B3mB,qDACxD,MAvB+BjK,IAA3B88F,IACAhzF,OAAOi0F,eAAeJ,GAAsCb,IA0BhE,MAAMkB,GAAc3vF,OAAO4vF,OAAS,SAAUpyF,GAE1C,OAAOA,GAAMA,CACjB,EAEA,SAASqyF,GAA0BtnD,GAC/B,QAQJ,SAA6BA,GACzB,GAAiB,iBAANA,EACP,OAAO,EAEX,GAAIonD,GAAYpnD,GACZ,OAAO,EAEX,GAAIA,EAAI,EACJ,OAAO,EAEX,OAAO,CACX,CAnBSunD,CAAoBvnD,IAGrBA,IAAMrsC,GAId,CAcA,SAAS6zF,GAAaC,GAClB,MAAMC,EAAOD,EAAUE,OAAOt5F,QAK9B,OAJAo5F,EAAUG,iBAAmBF,EAAKv6F,KAC9Bs6F,EAAUG,gBAAkB,IAC5BH,EAAUG,gBAAkB,GAEzBF,EAAKl+F,KAChB,CACA,SAASq+F,GAAqBJ,EAAWj+F,EAAO2D,GAE5C,IAAKm6F,GADLn6F,EAAOsK,OAAOtK,IAEV,MAAM,IAAIuwC,WAAW,wDAEzB+pD,EAAUE,OAAO39F,KAAK,CAAER,QAAO2D,SAC/Bs6F,EAAUG,iBAAmBz6F,CACjC,CAKA,SAAS26F,GAAWL,GAChBA,EAAUE,OAAS,IAAIrG,GACvBmG,EAAUG,gBAAkB,CAChC,CAEA,SAASG,GAAoB3F,GAGzB,OAAOA,EAASv4F,OACpB,CAkBA,MAAMm+F,GACF//F,cACI,MAAM,IAAI+xB,UAAU,uBAKpBigB,WACA,IAAKguD,GAA4B9/F,MAC7B,MAAM+/F,GAA+B,QAEzC,OAAO//F,KAAKggG,MAEhBC,QAAQC,GACJ,IAAKJ,GAA4B9/F,MAC7B,MAAM+/F,GAA+B,WAIzC,GAFA9D,GAAuBiE,EAAc,EAAG,WACxCA,EAAe3D,GAAwC2D,EAAc,wBAChBj/F,IAAjDjB,KAAKmgG,wCACL,MAAM,IAAItuE,UAAU,0CAEH7xB,KAAKggG,MAAM/7F,OAufxC,SAA6CJ,EAAYq8F,GAErD,GADAA,EAAe5wF,OAAO4wF,IACjBf,GAA0Be,GAC3B,MAAM,IAAI3qD,WAAW,iCAEzB6qD,GAA4Cv8F,EAAYq8F,EAC5D,CA5fQG,CAAoCrgG,KAAKmgG,wCAAyCD,GAEtFI,mBAAmBxuD,GACf,IAAKguD,GAA4B9/F,MAC7B,MAAM+/F,GAA+B,sBAGzC,GADA9D,GAAuBnqD,EAAM,EAAG,uBAC3B3sB,YAAYo7E,OAAOzuD,GACpB,MAAM,IAAIjgB,UAAU,gDAExB,GAAwB,IAApBigB,EAAK3tC,WACL,MAAM,IAAI0tB,UAAU,uCAExB,GAA+B,IAA3BigB,EAAK7tC,OAAOE,WACZ,MAAM,IAAI0tB,UAAU,gDAExB,QAAqD5wB,IAAjDjB,KAAKmgG,wCACL,MAAM,IAAItuE,UAAU,2CA4ehC,SAAwDhuB,EAAYiuC,GAChE,MAAM0uD,EAAkB38F,EAAW48F,kBAAkBvG,OACrD,GAAIsG,EAAgBt8F,WAAas8F,EAAgBE,cAAgB5uD,EAAK5tC,WAClE,MAAM,IAAIqxC,WAAW,2DAEzB,GAAIirD,EAAgBr8F,aAAe2tC,EAAK3tC,WACpC,MAAM,IAAIoxC,WAAW,8DAEzBirD,EAAgBv8F,OAAS6tC,EAAK7tC,OAC9Bm8F,GAA4Cv8F,EAAYiuC,EAAK3tC,WACjE,CApfQw8F,CAA+C3gG,KAAKmgG,wCAAyCruD,IAGrG/mC,OAAOizF,iBAAiB6B,GAA0B7+F,UAAW,CACzDi/F,QAAS,CAAEt6D,YAAY,GACvB26D,mBAAoB,CAAE36D,YAAY,GAClCmM,KAAM,CAAEnM,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAew0F,GAA0B7+F,UAAWm2F,GAAe8G,YAAa,CACnF58F,MAAO,4BACPukC,cAAc,IAQtB,MAAMg7D,GACF9gG,cACI,MAAM,IAAI+xB,UAAU,uBAKpBgvE,kBACA,IAAKC,GAA+B9gG,MAChC,MAAM+gG,GAAwC,eAElD,GAA0B,OAAtB/gG,KAAKghG,cAAyBhhG,KAAKygG,kBAAkBr/F,OAAS,EAAG,CACjE,MAAMo/F,EAAkBxgG,KAAKygG,kBAAkBvG,OACzCpoD,EAAO,IAAIjvC,WAAW29F,EAAgBv8F,OAAQu8F,EAAgBt8F,WAAas8F,EAAgBE,YAAaF,EAAgBr8F,WAAaq8F,EAAgBE,aACrJG,EAAc91F,OAAOw6B,OAAOs6D,GAA0B7+F,YAggBxE,SAAwCigG,EAASp9F,EAAYiuC,GACzDmvD,EAAQd,wCAA0Ct8F,EAClDo9F,EAAQjB,MAAQluD,CACpB,CAlgBYovD,CAA+BL,EAAa7gG,KAAM8xC,GAClD9xC,KAAKghG,aAAeH,EAExB,OAAO7gG,KAAKghG,aAMZ1lB,kBACA,IAAKwlB,GAA+B9gG,MAChC,MAAM+gG,GAAwC,eAElD,OAAOI,GAA2CnhG,MAMtDgC,QACI,IAAK8+F,GAA+B9gG,MAChC,MAAM+gG,GAAwC,SAElD,GAAI/gG,KAAKohG,gBACL,MAAM,IAAIvvE,UAAU,8DAExB,MAAMsd,EAAQnvC,KAAKqhG,8BAA8B/G,OACjD,GAAc,aAAVnrD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,+DAiWlD,SAA2CtrC,GACvC,MAAM9C,EAAS8C,EAAWw9F,8BAC1B,GAAIx9F,EAAWu9F,iBAAqC,aAAlBrgG,EAAOu5F,OACrC,OAEJ,GAAIz2F,EAAW47F,gBAAkB,EAE7B,YADA57F,EAAWu9F,iBAAkB,GAGjC,GAAIv9F,EAAW48F,kBAAkBr/F,OAAS,EAAG,CAEzC,GAD6ByC,EAAW48F,kBAAkBvG,OACjCwG,YAAc,EAAG,CACtC,MAAMr8F,EAAI,IAAIwtB,UAAU,2DAExB,MADAyvE,GAAkCz9F,EAAYQ,GACxCA,GAGdk9F,GAA4C19F,GAC5C29F,GAAoBzgG,EACxB,CAlXQ0gG,CAAkCzhG,MAEtCoE,QAAQrC,GACJ,IAAK++F,GAA+B9gG,MAChC,MAAM+gG,GAAwC,WAGlD,GADA9E,GAAuBl6F,EAAO,EAAG,YAC5BojB,YAAYo7E,OAAOx+F,GACpB,MAAM,IAAI8vB,UAAU,sCAExB,GAAyB,IAArB9vB,EAAMoC,WACN,MAAM,IAAI0tB,UAAU,uCAExB,GAAgC,IAA5B9vB,EAAMkC,OAAOE,WACb,MAAM,IAAI0tB,UAAU,gDAExB,GAAI7xB,KAAKohG,gBACL,MAAM,IAAIvvE,UAAU,gCAExB,MAAMsd,EAAQnvC,KAAKqhG,8BAA8B/G,OACjD,GAAc,aAAVnrD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,oEA8VlD,SAA6CtrC,EAAY9B,GACrD,MAAMhB,EAAS8C,EAAWw9F,8BAC1B,GAAIx9F,EAAWu9F,iBAAqC,aAAlBrgG,EAAOu5F,OACrC,OAEJ,MAAMr2F,EAASlC,EAAMkC,OACfC,EAAanC,EAAMmC,WACnBC,EAAapC,EAAMoC,WACnBu9F,EAAwCz9F,EAC9C,GAAIo5F,GAA+Bt8F,GAC/B,GAAiD,IAA7Cq8F,GAAiCr8F,GACjC4gG,GAAgD99F,EAAY69F,EAAmBx9F,EAAYC,OAE1F,CAED84F,GAAiCl8F,EADT,IAAI8B,WAAW6+F,EAAmBx9F,EAAYC,IACZ,QAGzDy9F,GAA4B7gG,IAEjC4gG,GAAgD99F,EAAY69F,EAAmBx9F,EAAYC,GAC3F09F,GAAiEh+F,IAGjE89F,GAAgD99F,EAAY69F,EAAmBx9F,EAAYC,GAE/F29F,GAA6Cj+F,EACjD,CAvXQk+F,CAAoC/hG,KAAM+B,GAK9CuC,MAAMD,EAAIpD,WACN,IAAK6/F,GAA+B9gG,MAChC,MAAM+gG,GAAwC,SAElDO,GAAkCthG,KAAMqE,GAG5Ck3F,CAACA,IAAar5F,GACV,GAAIlC,KAAKygG,kBAAkBr/F,OAAS,EAAG,CACXpB,KAAKygG,kBAAkBvG,OAC/BwG,YAAc,EAElCf,GAAW3/F,MACX,MAAMyB,EAASzB,KAAKgiG,iBAAiB9/F,GAErC,OADAq/F,GAA4CvhG,MACrCyB,EAGX+5F,CAACA,IAAWuB,GACR,MAAMh8F,EAASf,KAAKqhG,8BACpB,GAAIrhG,KAAKy/F,gBAAkB,EAAG,CAC1B,MAAMwC,EAAQjiG,KAAKw/F,OAAOt5F,QAC1BlG,KAAKy/F,iBAAmBwC,EAAM99F,WAC9B+9F,GAA6CliG,MAC7C,MAAM8xC,EAAO,IAAIjvC,WAAWo/F,EAAMh+F,OAAQg+F,EAAM/9F,WAAY+9F,EAAM99F,YAElE,YADA44F,EAAYI,YAAYrrD,GAG5B,MAAMqwD,EAAwBniG,KAAKoiG,uBACnC,QAA8BnhG,IAA1BkhG,EAAqC,CACrC,IAAIl+F,EACJ,IACIA,EAAS,IAAIkhB,YAAYg9E,GAE7B,MAAOE,GAEH,YADAtF,EAAYa,YAAYyE,GAG5B,MAAMC,EAAqB,CACvBr+F,SACAC,WAAY,EACZC,WAAYg+F,EACZzB,YAAa,EACb6B,YAAa,EACbC,gBAAiB3/F,WACjB4/F,WAAY,WAEhBziG,KAAKygG,kBAAkB5+F,KAAKygG,GAEhCxF,GAA6B/7F,EAAQg8F,GACrC+E,GAA6C9hG,OAiBrD,SAAS8gG,GAA+Bh0F,GACpC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,gCAIjD,CACA,SAASgzF,GAA4BhzF,GACjC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,0CAIjD,CACA,SAASg1F,GAA6Cj+F,GAClD,MAAM6+F,EAiNV,SAAoD7+F,GAChD,MAAM9C,EAAS8C,EAAWw9F,8BAC1B,GAAsB,aAAlBtgG,EAAOu5F,OACP,OAAO,EAEX,GAAIz2F,EAAWu9F,gBACX,OAAO,EAEX,IAAKv9F,EAAW8+F,SACZ,OAAO,EAEX,GAAItF,GAA+Bt8F,IAAWq8F,GAAiCr8F,GAAU,EACrF,OAAO,EAEX,GAAI6gG,GAA4B7gG,IAAW6hG,GAAqC7hG,GAAU,EACtF,OAAO,EAEX,MAAMu6E,EAAc6lB,GAA2Ct9F,GAC/D,GAAIy3E,EAAc,EACd,OAAO,EAEX,OAAO,CACX,CAvOuBunB,CAA2Ch/F,GAC9D,IAAK6+F,EACD,OAEJ,GAAI7+F,EAAWi/F,SAEX,YADAj/F,EAAWk/F,YAAa,GAG5Bl/F,EAAWi/F,UAAW,EAGtBzK,GADoBx0F,EAAWm/F,kBACN,KACrBn/F,EAAWi/F,UAAW,EAClBj/F,EAAWk/F,aACXl/F,EAAWk/F,YAAa,EACxBjB,GAA6Cj+F,OAElDQ,IACCi9F,GAAkCz9F,EAAYQ,EAAE,GAExD,CAKA,SAAS4+F,GAAqDliG,EAAQuhG,GAClE,IAAIhhG,GAAO,EACW,WAAlBP,EAAOu5F,SACPh5F,GAAO,GAEX,MAAM4hG,EAAaC,GAAsDb,GACnC,YAAlCA,EAAmBG,WACnBxF,GAAiCl8F,EAAQmiG,EAAY5hG,GAoW7D,SAA8CP,EAAQgB,EAAOT,GACzD,MAAMiE,EAASxE,EAAO+D,QAChBs+F,EAAkB79F,EAAO89F,kBAAkBn9F,QAC7C5E,EACA8hG,EAAgBlG,YAAYn7F,GAG5BqhG,EAAgBjG,YAAYp7F,EAEpC,CA1WQuhG,CAAqCviG,EAAQmiG,EAAY5hG,EAEjE,CACA,SAAS6hG,GAAsDb,GAC3D,MAAM5B,EAAc4B,EAAmB5B,YACjC6B,EAAcD,EAAmBC,YACvC,OAAO,IAAID,EAAmBE,gBAAgBF,EAAmBr+F,OAAQq+F,EAAmBp+F,WAAYw8F,EAAc6B,EAC1H,CACA,SAASZ,GAAgD99F,EAAYI,EAAQC,EAAYC,GACrFN,EAAW27F,OAAO39F,KAAK,CAAEoC,SAAQC,aAAYC,eAC7CN,EAAW47F,iBAAmBt7F,CAClC,CACA,SAASo/F,GAA4D1/F,EAAYy+F,GAC7E,MAAMC,EAAcD,EAAmBC,YACjCiB,EAAsBlB,EAAmB5B,YAAc4B,EAAmB5B,YAAc6B,EACxFkB,EAAiB/3F,KAAKmyC,IAAIh6C,EAAW47F,gBAAiB6C,EAAmBn+F,WAAam+F,EAAmB5B,aACzGgD,EAAiBpB,EAAmB5B,YAAc+C,EAClDE,EAAkBD,EAAiBA,EAAiBnB,EAC1D,IAAIqB,EAA4BH,EAC5Bx6F,GAAQ,EACR06F,EAAkBH,IAClBI,EAA4BD,EAAkBrB,EAAmB5B,YACjEz3F,GAAQ,GAEZ,MAAM46F,EAAQhgG,EAAW27F,OACzB,KAAOoE,EAA4B,GAAG,CAClC,MAAME,EAAcD,EAAM3J,OACpB6J,EAAcr4F,KAAKmyC,IAAI+lD,EAA2BE,EAAY3/F,YAC9D6/F,EAAY1B,EAAmBp+F,WAAao+F,EAAmB5B,YA5SjDvvC,EA6SDmxC,EAAmBr+F,OA7SZggG,EA6SoBD,EA7SRxtE,EA6SmBstE,EAAY7/F,OA7S1BigG,EA6SkCJ,EAAY5/F,WA7SnCkI,EA6S+C23F,EA5SzG,IAAIlhG,WAAWsuD,GAAM7tD,IAAI,IAAIT,WAAW2zB,EAAK0tE,EAAW93F,GAAI63F,GA6SpDH,EAAY3/F,aAAe4/F,EAC3BF,EAAM39F,SAGN49F,EAAY5/F,YAAc6/F,EAC1BD,EAAY3/F,YAAc4/F,GAE9BlgG,EAAW47F,iBAAmBsE,EAC9BI,GAAuDtgG,EAAYkgG,EAAazB,GAChFsB,GAA6BG,EAvTrC,IAA4B5yC,EAAM8yC,EAAYztE,EAAK0tE,EAAW93F,EAyT1D,OAAOnD,CACX,CACA,SAASk7F,GAAuDtgG,EAAYmB,EAAMs9F,GAC9E8B,GAAkDvgG,GAClDy+F,EAAmB5B,aAAe17F,CACtC,CACA,SAASk9F,GAA6Cr+F,GACf,IAA/BA,EAAW47F,iBAAyB57F,EAAWu9F,iBAC/CG,GAA4C19F,GAC5C29F,GAAoB39F,EAAWw9F,gCAG/BS,GAA6Cj+F,EAErD,CACA,SAASugG,GAAkDvgG,GACvB,OAA5BA,EAAWm9F,eAGfn9F,EAAWm9F,aAAab,6CAA0Cl/F,EAClE4C,EAAWm9F,aAAahB,MAAQ,KAChCn8F,EAAWm9F,aAAe,KAC9B,CACA,SAASa,GAAiEh+F,GACtE,KAAOA,EAAW48F,kBAAkBr/F,OAAS,GAAG,CAC5C,GAAmC,IAA/ByC,EAAW47F,gBACX,OAEJ,MAAM6C,EAAqBz+F,EAAW48F,kBAAkBvG,OACpDqJ,GAA4D1/F,EAAYy+F,KACxE+B,GAAiDxgG,GACjDo/F,GAAqDp/F,EAAWw9F,8BAA+BiB,IAG3G,CAgFA,SAASlC,GAA4Cv8F,EAAYq8F,GAC7D,MAAMM,EAAkB38F,EAAW48F,kBAAkBvG,OAErD,GAAc,WADAr2F,EAAWw9F,8BAA8B/G,OAC/B,CACpB,GAAqB,IAAjB4F,EACA,MAAM,IAAIruE,UAAU,qEApChC,SAA0DhuB,EAAY28F,GAClEA,EAAgBv8F,OAA6Bu8F,EAAgBv8F,OAC7D,MAAMlD,EAAS8C,EAAWw9F,8BAC1B,GAAIO,GAA4B7gG,GAC5B,KAAO6hG,GAAqC7hG,GAAU,GAElDkiG,GAAqDliG,EAD1BsjG,GAAiDxgG,GAIxF,CA6BQygG,CAAiDzgG,EAAY28F,QA5BrE,SAA4D38F,EAAYq8F,EAAcoC,GAClF,GAAIA,EAAmB5B,YAAcR,EAAeoC,EAAmBn+F,WACnE,MAAM,IAAIoxC,WAAW,6BAGzB,GADA4uD,GAAuDtgG,EAAYq8F,EAAcoC,GAC7EA,EAAmB5B,YAAc4B,EAAmBC,YAEpD,OAEJ8B,GAAiDxgG,GACjD,MAAM0gG,EAAgBjC,EAAmB5B,YAAc4B,EAAmBC,YAC1E,GAAIgC,EAAgB,EAAG,CACnB,MAAMh5F,EAAM+2F,EAAmBp+F,WAAao+F,EAAmB5B,YACzDh2F,EAAY43F,EAAmBr+F,OAAOvC,MAAM6J,EAAMg5F,EAAeh5F,GACvEo2F,GAAgD99F,EAAY6G,EAAW,EAAGA,EAAUvG,YAExFm+F,EAAmBr+F,OAA6Bq+F,EAAmBr+F,OACnEq+F,EAAmB5B,aAAe6D,EAClCtB,GAAqDp/F,EAAWw9F,8BAA+BiB,GAC/FT,GAAiEh+F,EACrE,CAWQ2gG,CAAmD3gG,EAAYq8F,EAAcM,GAEjFsB,GAA6Cj+F,EACjD,CACA,SAASwgG,GAAiDxgG,GACtD,MAAMsH,EAAatH,EAAW48F,kBAAkBv6F,QAEhD,OADAk+F,GAAkDvgG,GAC3CsH,CACX,CAwBA,SAASo2F,GAA4C19F,GACjDA,EAAWm/F,oBAAiB/hG,EAC5B4C,EAAWm+F,sBAAmB/gG,CAClC,CAkDA,SAASqgG,GAAkCz9F,EAAYQ,GACnD,MAAMtD,EAAS8C,EAAWw9F,8BACJ,aAAlBtgG,EAAOu5F,UA1Qf,SAA2Dz2F,GACvDugG,GAAkDvgG,GAClDA,EAAW48F,kBAAoB,IAAItH,EACvC,CA0QIsL,CAAkD5gG,GAClD87F,GAAW97F,GACX09F,GAA4C19F,GAC5C6gG,GAAoB3jG,EAAQsD,GAChC,CACA,SAAS88F,GAA2Ct9F,GAChD,MAAMsrC,EAAQtrC,EAAWw9F,8BAA8B/G,OACvD,MAAc,YAAVnrD,EACO,KAEG,WAAVA,EACO,EAEJtrC,EAAW8gG,aAAe9gG,EAAW47F,eAChD,CA2CA,SAASmF,GAAsD7jG,EAAQ8jG,EAAsBl7F,GACzF,MAAM9F,EAAakH,OAAOw6B,OAAOq7D,GAA6B5/F,WAC9D,IAAI8jG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoB/2F,GAC1C+jG,EAAkB,IAAMhN,QAAoB/2F,QACbA,IAA/B4jG,EAAqBjhG,QACrBkhG,EAAiB,IAAMD,EAAqBjhG,MAAMC,SAEpB5C,IAA9B4jG,EAAqBtgG,OACrBwgG,EAAgB,IAAMF,EAAqBtgG,KAAKV,SAEhB5C,IAAhC4jG,EAAqBpgG,SACrBugG,EAAkB9iG,GAAU2iG,EAAqBpgG,OAAOvC,IAE5D,MAAMigG,EAAwB0C,EAAqB1C,sBACnD,GAA8B,IAA1BA,EACA,MAAM,IAAItwE,UAAU,iDAxC5B,SAA2C9wB,EAAQ8C,EAAYihG,EAAgBC,EAAeC,EAAiBr7F,EAAew4F,GAC1Ht+F,EAAWw9F,8BAAgCtgG,EAC3C8C,EAAWk/F,YAAa,EACxBl/F,EAAWi/F,UAAW,EACtBj/F,EAAWm9F,aAAe,KAE1Bn9F,EAAW27F,OAAS37F,EAAW47F,qBAAkBx+F,EACjD0+F,GAAW97F,GACXA,EAAWu9F,iBAAkB,EAC7Bv9F,EAAW8+F,UAAW,EACtB9+F,EAAW8gG,aAAeh7F,EAC1B9F,EAAWm/F,eAAiB+B,EAC5BlhG,EAAWm+F,iBAAmBgD,EAC9BnhG,EAAWu+F,uBAAyBD,EACpCt+F,EAAW48F,kBAAoB,IAAItH,GACnCp4F,EAAO+8F,0BAA4Bj6F,EAEnCw0F,GAAYL,GADQ8M,MAC0B,KAC1CjhG,EAAW8+F,UAAW,EACtBb,GAA6Cj+F,EAAW,IACzD8J,IACC2zF,GAAkCz9F,EAAY8J,EAAE,GAExD,CAmBIs3F,CAAkClkG,EAAQ8C,EAAYihG,EAAgBC,EAAeC,EAAiBr7F,EAAew4F,EACzH,CAMA,SAASpC,GAA+B70F,GACpC,OAAO,IAAI2mB,UAAU,uCAAuC3mB,oDAChE,CAEA,SAAS61F,GAAwC71F,GAC7C,OAAO,IAAI2mB,UAAU,0CAA0C3mB,uDACnE,CAOA,SAASg6F,GAAiCnkG,EAAQqiG,GAC9CriG,EAAO+D,QAAQu+F,kBAAkBxhG,KAAKuhG,EAC1C,CAWA,SAASR,GAAqC7hG,GAC1C,OAAOA,EAAO+D,QAAQu+F,kBAAkBjiG,MAC5C,CACA,SAASwgG,GAA4B7gG,GACjC,MAAMwE,EAASxE,EAAO+D,QACtB,YAAe7D,IAAXsE,KAGC4/F,GAA2B5/F,EAIpC,CA3bAwF,OAAOizF,iBAAiB4C,GAA6B5/F,UAAW,CAC5DgB,MAAO,CAAE2jC,YAAY,GACrBvhC,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrBk7D,YAAa,CAAEl7D,YAAY,GAC3B21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAeu1F,GAA6B5/F,UAAWm2F,GAAe8G,YAAa,CACtF58F,MAAO,+BACPukC,cAAc,IAubtB,MAAMw/D,GACFtlG,YAAYiB,GAGR,GAFAk7F,GAAuBl7F,EAAQ,EAAG,4BAClC27F,GAAqB37F,EAAQ,mBACzBw8F,GAAuBx8F,GACvB,MAAM,IAAI8wB,UAAU,+EAExB,IAAKivE,GAA+B//F,EAAO+8F,2BACvC,MAAM,IAAIjsE,UAAU,+FAGxBuoE,GAAsCp6F,KAAMe,GAC5Cf,KAAKqjG,kBAAoB,IAAIlK,GAM7Bt4F,aACA,OAAKskG,GAA2BnlG,MAGzBA,KAAKk7F,eAFDjD,GAAoBoN,GAA8B,WAOjE5gG,OAAOvC,EAASjB,WACZ,OAAKkkG,GAA2BnlG,WAGEiB,IAA9BjB,KAAKq6F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkC56F,KAAMkC,GALpC+1F,GAAoBoN,GAA8B,WAYjEnkG,KAAK4wC,GACD,IAAKqzD,GAA2BnlG,MAC5B,OAAOi4F,GAAoBoN,GAA8B,SAE7D,IAAKlgF,YAAYo7E,OAAOzuD,GACpB,OAAOmmD,GAAoB,IAAIpmE,UAAU,sCAE7C,GAAwB,IAApBigB,EAAK3tC,WACL,OAAO8zF,GAAoB,IAAIpmE,UAAU,uCAE7C,GAA+B,IAA3BigB,EAAK7tC,OAAOE,WACZ,OAAO8zF,GAAoB,IAAIpmE,UAAU,gDAE7C,QAAkC5wB,IAA9BjB,KAAKq6F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMj9E,EAAUq3E,IAAW,CAAC53F,EAASC,KACjCs9F,EAAiBv9F,EACjBw9F,EAAgBv9F,CAAM,IAQ1B,OA8CR,SAAsCoF,EAAQusC,EAAMsxD,GAChD,MAAMriG,EAASwE,EAAO80F,qBACtBt5F,EAAO88F,YAAa,EACE,YAAlB98F,EAAOu5F,OACP8I,EAAgBxF,YAAY78F,EAAO45F,cAxa3C,SAA8C92F,EAAYiuC,EAAMsxD,GAC5D,MAAMriG,EAAS8C,EAAWw9F,8BAC1B,IAAIkB,EAAc,EACdzwD,EAAKhyC,cAAgBslB,WACrBm9E,EAAczwD,EAAKhyC,YAAYwlG,mBAEnC,MAAM9/D,EAAOsM,EAAKhyC,YAEZwiG,EAAqB,CACvBr+F,OAF+B6tC,EAAK7tC,OAGpCC,WAAY4tC,EAAK5tC,WACjBC,WAAY2tC,EAAK3tC,WACjBu8F,YAAa,EACb6B,cACAC,gBAAiBh9D,EACjBi9D,WAAY,QAEhB,GAAI5+F,EAAW48F,kBAAkBr/F,OAAS,EAMtC,OALAyC,EAAW48F,kBAAkB5+F,KAAKygG,QAIlC4C,GAAiCnkG,EAAQqiG,GAG7C,GAAsB,WAAlBriG,EAAOu5F,OAAX,CAKA,GAAIz2F,EAAW47F,gBAAkB,EAAG,CAChC,GAAI8D,GAA4D1/F,EAAYy+F,GAAqB,CAC7F,MAAMY,EAAaC,GAAsDb,GAGzE,OAFAJ,GAA6Cr+F,QAC7Cu/F,EAAgBjG,YAAY+F,GAGhC,GAAIr/F,EAAWu9F,gBAAiB,CAC5B,MAAM/8F,EAAI,IAAIwtB,UAAU,2DAGxB,OAFAyvE,GAAkCz9F,EAAYQ,QAC9C++F,EAAgBxF,YAAYv5F,IAIpCR,EAAW48F,kBAAkB5+F,KAAKygG,GAClC4C,GAAiCnkG,EAAQqiG,GACzCtB,GAA6Cj+F,OArB7C,CACI,MAAM0hG,EAAY,IAAI//D,EAAK88D,EAAmBr+F,OAAQq+F,EAAmBp+F,WAAY,GACrFk/F,EAAgBlG,YAAYqI,GAoBpC,CA4XQC,CAAqCzkG,EAAO+8F,0BAA2BhsD,EAAMsxD,EAErF,CAxDQqC,CAA6BzlG,KAAM8xC,EALX,CACpBqrD,YAAap7F,GAAS07F,EAAe,CAAEp8F,MAAOU,EAAOT,MAAM,IAC3D47F,YAAan7F,GAAS07F,EAAe,CAAEp8F,MAAOU,EAAOT,MAAM,IAC3Ds8F,YAAav5F,GAAKq5F,EAAcr5F,KAG7Boc,EAWX7f,cACI,IAAKukG,GAA2BnlG,MAC5B,MAAMqlG,GAA8B,eAExC,QAAkCpkG,IAA9BjB,KAAKq6F,qBAAT,CAGA,GAAIr6F,KAAKqjG,kBAAkBjiG,OAAS,EAChC,MAAM,IAAIywB,UAAU,uFAExBipE,GAAmC96F,QAgB3C,SAASmlG,GAA2Br4F,GAChC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,oBAIjD,CAYA,SAASu4F,GAA8Bn6F,GACnC,OAAO,IAAI2mB,UAAU,sCAAsC3mB,mDAC/D,CAEA,SAASw6F,GAAqBprC,EAAUqrC,GACpC,MAAMh8F,cAAEA,GAAkB2wD,EAC1B,QAAsBr5D,IAAlB0I,EACA,OAAOg8F,EAEX,GAAI1G,GAAYt1F,IAAkBA,EAAgB,EAC9C,MAAM,IAAI4rC,WAAW,yBAEzB,OAAO5rC,CACX,CACA,SAASi8F,GAAqBtrC,GAC1B,MAAMt1D,KAAEA,GAASs1D,EACjB,OAAKt1D,GACM,KAAM,EAGrB,CAEA,SAAS6gG,GAAuBxrE,EAAMyhE,GAClCD,GAAiBxhE,EAAMyhE,GACvB,MAAMnyF,EAAgB0wB,aAAmC,EAASA,EAAK1wB,cACjE3E,EAAOq1B,aAAmC,EAASA,EAAKr1B,KAC9D,MAAO,CACH2E,mBAAiC1I,IAAlB0I,OAA8B1I,EAAYo7F,GAA0B1yF,GACnF3E,UAAe/D,IAAT+D,OAAqB/D,EAAY6kG,GAA2B9gG,EAAS82F,EAAH,2BAEhF,CACA,SAASgK,GAA2B77F,EAAI6xF,GAEpC,OADAC,GAAe9xF,EAAI6xF,GACZ/5F,GAASs6F,GAA0BpyF,EAAGlI,GACjD,CAyBA,SAASgkG,GAAmC97F,EAAI+7F,EAAUlK,GAEtD,OADAC,GAAe9xF,EAAI6xF,GACX55F,GAAWg3F,GAAYjvF,EAAI+7F,EAAU,CAAC9jG,GAClD,CACA,SAAS+jG,GAAmCh8F,EAAI+7F,EAAUlK,GAEtD,OADAC,GAAe9xF,EAAI6xF,GACZ,IAAM5C,GAAYjvF,EAAI+7F,EAAU,GAC3C,CACA,SAASE,GAAmCj8F,EAAI+7F,EAAUlK,GAEtD,OADAC,GAAe9xF,EAAI6xF,GACXj4F,GAAek1F,GAAY9uF,EAAI+7F,EAAU,CAACniG,GACtD,CACA,SAASsiG,GAAmCl8F,EAAI+7F,EAAUlK,GAEtD,OADAC,GAAe9xF,EAAI6xF,GACZ,CAAC/5F,EAAO8B,IAAeq1F,GAAYjvF,EAAI+7F,EAAU,CAACjkG,EAAO8B,GACpE,CAEA,SAASuiG,GAAqBt5F,EAAGgvF,GAC7B,IAAKuK,GAAiBv5F,GAClB,MAAM,IAAI+kB,UAAaiqE,EAAH,4BAE5B,CAjHA/wF,OAAOizF,iBAAiBoH,GAAyBpkG,UAAW,CACxDyD,OAAQ,CAAEkhC,YAAY,GACtBzkC,KAAM,CAAEykC,YAAY,GACpB/kC,YAAa,CAAE+kC,YAAY,GAC3B9kC,OAAQ,CAAE8kC,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe+5F,GAAyBpkG,UAAWm2F,GAAe8G,YAAa,CAClF58F,MAAO,2BACPukC,cAAc,IA+GtB,MAAMr+B,GACFzH,YAAYwmG,EAAoB,GAAIC,EAAc,SACpBtlG,IAAtBqlG,EACAA,EAAoB,KAGpBtK,GAAasK,EAAmB,mBAEpC,MAAMhsC,EAAWurC,GAAuBU,EAAa,oBAC/CC,EA5Dd,SAA+BR,EAAUlK,GACrCD,GAAiBmK,EAAUlK,GAC3B,MAAM75F,EAAQ+jG,aAA2C,EAASA,EAAS/jG,MACrED,EAAQgkG,aAA2C,EAASA,EAAShkG,MACrE4B,EAAQoiG,aAA2C,EAASA,EAASpiG,MACrEoW,EAAOgsF,aAA2C,EAASA,EAAShsF,KACpElY,EAAQkkG,aAA2C,EAASA,EAASlkG,MAC3E,MAAO,CACHG,WAAiBhB,IAAVgB,OACHhB,EACA8kG,GAAmC9jG,EAAO+jG,EAAalK,EAAH,4BACxD95F,WAAiBf,IAAVe,OACHf,EACAglG,GAAmCjkG,EAAOgkG,EAAalK,EAAH,4BACxDl4F,WAAiB3C,IAAV2C,OACH3C,EACAilG,GAAmCtiG,EAAOoiG,EAAalK,EAAH,4BACxDh6F,WAAiBb,IAAVa,OACHb,EACAklG,GAAmCrkG,EAAOkkG,EAAalK,EAAH,4BACxD9hF,OAER,CAsC+BysF,CAAsBH,EAAmB,mBAChEI,GAAyB1mG,MAEzB,QAAaiB,IADAulG,EAAexsF,KAExB,MAAM,IAAIu7B,WAAW,6BAEzB,MAAMoxD,EAAgBf,GAAqBtrC,IAioBnD,SAAgEv5D,EAAQylG,EAAgB78F,EAAeg9F,GACnG,MAAM9iG,EAAakH,OAAOw6B,OAAOqhE,GAAgC5lG,WACjE,IAAI8jG,EAAiB,KAAe,EAChC+B,EAAiB,IAAM7O,QAAoB/2F,GAC3C6lG,EAAiB,IAAM9O,QAAoB/2F,GAC3C8lG,EAAiB,IAAM/O,QAAoB/2F,QAClBA,IAAzBulG,EAAe5iG,QACfkhG,EAAiB,IAAM0B,EAAe5iG,MAAMC,SAEnB5C,IAAzBulG,EAAe1kG,QACf+kG,EAAiB9kG,GAASykG,EAAe1kG,MAAMC,EAAO8B,SAE7B5C,IAAzBulG,EAAexkG,QACf8kG,EAAiB,IAAMN,EAAexkG,cAEbf,IAAzBulG,EAAevkG,QACf8kG,EAAiB7kG,GAAUskG,EAAevkG,MAAMC,IAEpD8kG,GAAqCjmG,EAAQ8C,EAAYihG,EAAgB+B,EAAgBC,EAAgBC,EAAgBp9F,EAAeg9F,EAC5I,CAlpBQM,CAAuDjnG,KAAMwmG,EADvCd,GAAqBprC,EAAU,GACuCqsC,GAK5FO,aACA,IAAKb,GAAiBrmG,MAClB,MAAMmnG,GAA4B,UAEtC,OAAOC,GAAuBpnG,MAWlCiC,MAAMC,EAASjB,WACX,OAAKolG,GAAiBrmG,MAGlBonG,GAAuBpnG,MAChBi4F,GAAoB,IAAIpmE,UAAU,oDAEtCw1E,GAAoBrnG,KAAMkC,GALtB+1F,GAAoBkP,GAA4B,UAe/DnlG,QACI,OAAKqkG,GAAiBrmG,MAGlBonG,GAAuBpnG,MAChBi4F,GAAoB,IAAIpmE,UAAU,oDAEzCy1E,GAAoCtnG,MAC7Bi4F,GAAoB,IAAIpmE,UAAU,2CAEtC01E,GAAoBvnG,MARhBi4F,GAAoBkP,GAA4B,UAkB/DxmG,YACI,IAAK0lG,GAAiBrmG,MAClB,MAAMmnG,GAA4B,aAEtC,OAAOK,GAAmCxnG,OAgBlD,SAASwnG,GAAmCzmG,GACxC,OAAO,IAAI0mG,GAA4B1mG,EAC3C,CASA,SAAS2lG,GAAyB3lG,GAC9BA,EAAOu5F,OAAS,WAGhBv5F,EAAO45F,kBAAe15F,EACtBF,EAAO2mG,aAAUzmG,EAGjBF,EAAO4mG,+BAA4B1mG,EAGnCF,EAAO6mG,eAAiB,IAAIzO,GAG5Bp4F,EAAO8mG,2BAAwB5mG,EAG/BF,EAAO+mG,mBAAgB7mG,EAGvBF,EAAOgnG,2BAAwB9mG,EAE/BF,EAAOinG,0BAAuB/mG,EAE9BF,EAAOknG,eAAgB,CAC3B,CACA,SAAS5B,GAAiBv5F,GACtB,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAASs6F,GAAuBrmG,GAC5B,YAAuBE,IAAnBF,EAAO2mG,OAIf,CACA,SAASL,GAAoBtmG,EAAQmB,GACjC,MAAMitC,EAAQpuC,EAAOu5F,OACrB,GAAc,WAAVnrD,GAAgC,YAAVA,EACtB,OAAO6oD,QAAoB/2F,GAE/B,QAAoCA,IAAhCF,EAAOinG,qBACP,OAAOjnG,EAAOinG,qBAAqBE,SAEvC,IAAIC,GAAqB,EACX,aAAVh5D,IACAg5D,GAAqB,EAErBjmG,OAASjB,GAEb,MAAMwf,EAAUq3E,IAAW,CAAC53F,EAASC,KACjCY,EAAOinG,qBAAuB,CAC1BE,cAAUjnG,EACVmnG,SAAUloG,EACVmoG,QAASloG,EACTmoG,QAASpmG,EACTqmG,oBAAqBJ,EACxB,IAML,OAJApnG,EAAOinG,qBAAqBE,SAAWznF,EAClC0nF,GACDK,GAA4BznG,EAAQmB,GAEjCue,CACX,CACA,SAAS8mF,GAAoBxmG,GACzB,MAAMouC,EAAQpuC,EAAOu5F,OACrB,GAAc,WAAVnrD,GAAgC,YAAVA,EACtB,OAAO8oD,GAAoB,IAAIpmE,UAAU,kBAAkBsd,+DAE/D,MAAM1uB,EAAUq3E,IAAW,CAAC53F,EAASC,KACjC,MAAMsoG,EAAe,CACjBL,SAAUloG,EACVmoG,QAASloG,GAEbY,EAAO+mG,cAAgBW,CAAY,IAEjC/nG,EAASK,EAAO2mG,QAgf1B,IAA8C7jG,EA3e1C,YAJe5C,IAAXP,GAAwBK,EAAOknG,eAA2B,aAAV94D,GAChDu5D,GAAiChoG,GA+erCg/F,GAD0C77F,EA5eL9C,EAAO4mG,0BA6eXgB,GAAe,GAChDC,GAAoD/kG,GA7e7C4c,CACX,CAYA,SAASooF,GAAgC9nG,EAAQuD,GAE/B,aADAvD,EAAOu5F,OAKrBwO,GAA6B/nG,GAHzBynG,GAA4BznG,EAAQuD,EAI5C,CACA,SAASkkG,GAA4BznG,EAAQmB,GACzC,MAAM2B,EAAa9C,EAAO4mG,0BAC1B5mG,EAAOu5F,OAAS,WAChBv5F,EAAO45F,aAAez4F,EACtB,MAAMxB,EAASK,EAAO2mG,aACPzmG,IAAXP,GACAqoG,GAAsDroG,EAAQwB,IA8EtE,SAAkDnB,GAC9C,QAAqCE,IAAjCF,EAAO8mG,4BAAwE5mG,IAAjCF,EAAOgnG,sBACrD,OAAO,EAEX,OAAO,CACX,CAjFSiB,CAAyCjoG,IAAW8C,EAAW8+F,UAChEmG,GAA6B/nG,EAErC,CACA,SAAS+nG,GAA6B/nG,GAClCA,EAAOu5F,OAAS,UAChBv5F,EAAO4mG,0BAA0BrM,MACjC,MAAM2N,EAAcloG,EAAO45F,aAK3B,GAJA55F,EAAO6mG,eAAexkG,SAAQ8lG,IAC1BA,EAAab,QAAQY,EAAY,IAErCloG,EAAO6mG,eAAiB,IAAIzO,QACQl4F,IAAhCF,EAAOinG,qBAEP,YADAmB,GAAkDpoG,GAGtD,MAAMqoG,EAAeroG,EAAOinG,qBAE5B,GADAjnG,EAAOinG,0BAAuB/mG,EAC1BmoG,EAAab,oBAGb,OAFAa,EAAaf,QAAQY,QACrBE,GAAkDpoG,GAItDs3F,GADgBt3F,EAAO4mG,0BAA0BtM,IAAY+N,EAAad,UACrD,KACjBc,EAAahB,WACbe,GAAkDpoG,EAAO,IACzDmB,IACAknG,EAAaf,QAAQnmG,GACrBinG,GAAkDpoG,EAAO,GAEjE,CAuCA,SAASumG,GAAoCvmG,GACzC,YAA6BE,IAAzBF,EAAO+mG,oBAAgE7mG,IAAjCF,EAAOgnG,qBAIrD,CAcA,SAASoB,GAAkDpoG,QAC1BE,IAAzBF,EAAO+mG,gBACP/mG,EAAO+mG,cAAcO,QAAQtnG,EAAO45F,cACpC55F,EAAO+mG,mBAAgB7mG,GAE3B,MAAMP,EAASK,EAAO2mG,aACPzmG,IAAXP,GACA2oG,GAAiC3oG,EAAQK,EAAO45F,aAExD,CACA,SAAS2O,GAAiCvoG,EAAQwoG,GAC9C,MAAM7oG,EAASK,EAAO2mG,aACPzmG,IAAXP,GAAwB6oG,IAAiBxoG,EAAOknG,gBAC5CsB,EAwhBZ,SAAwC7oG,GACpC8oG,GAAoC9oG,EACxC,CAzhBY+oG,CAA+B/oG,GAG/BgoG,GAAiChoG,IAGzCK,EAAOknG,cAAgBsB,CAC3B,CA1PAx+F,OAAOizF,iBAAiBz2F,GAAevG,UAAW,CAC9CiB,MAAO,CAAE0jC,YAAY,GACrB3jC,MAAO,CAAE2jC,YAAY,GACrBhlC,UAAW,CAAEglC,YAAY,GACzBuhE,OAAQ,CAAEvhE,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe9D,GAAevG,UAAWm2F,GAAe8G,YAAa,CACxE58F,MAAO,iBACPukC,cAAc,IAuPtB,MAAM6hE,GACF3nG,YAAYiB,GAGR,GAFAk7F,GAAuBl7F,EAAQ,EAAG,+BAClCqlG,GAAqBrlG,EAAQ,mBACzBqmG,GAAuBrmG,GACvB,MAAM,IAAI8wB,UAAU,+EAExB7xB,KAAK0pG,qBAAuB3oG,EAC5BA,EAAO2mG,QAAU1nG,KACjB,MAAMmvC,EAAQpuC,EAAOu5F,OACrB,GAAc,aAAVnrD,GACKm4D,GAAoCvmG,IAAWA,EAAOknG,cACvDuB,GAAoCxpG,MAGpC2pG,GAA8C3pG,MAElD4pG,GAAqC5pG,WAEpC,GAAc,aAAVmvC,EACL06D,GAA8C7pG,KAAMe,EAAO45F,cAC3DiP,GAAqC5pG,WAEpC,GAAc,WAAVmvC,EACLw6D,GAA8C3pG,MAgctD4pG,GADoDlpG,EA9bGV,MAgcvD8pG,GAAkCppG,OA9bzB,CACD,MAAMuoG,EAAcloG,EAAO45F,aAC3BkP,GAA8C7pG,KAAMipG,GACpDc,GAA+C/pG,KAAMipG,GAybjE,IAAwDvoG,EAlbhDG,aACA,OAAKmpG,GAA8BhqG,MAG5BA,KAAKk7F,eAFDjD,GAAoBgS,GAAiC,WAYhE3uB,kBACA,IAAK0uB,GAA8BhqG,MAC/B,MAAMiqG,GAAiC,eAE3C,QAAkChpG,IAA9BjB,KAAK0pG,qBACL,MAAMQ,GAA2B,eAErC,OAuIR,SAAmDxpG,GAC/C,MAAMK,EAASL,EAAOgpG,qBAChBv6D,EAAQpuC,EAAOu5F,OACrB,GAAc,YAAVnrD,GAAiC,aAAVA,EACvB,OAAO,KAEX,GAAc,WAAVA,EACA,OAAO,EAEX,OAAOg7D,GAA8CppG,EAAO4mG,0BAChE,CAjJeyC,CAA0CpqG,MAUjDiJ,YACA,OAAK+gG,GAA8BhqG,MAG5BA,KAAKqqG,cAFDpS,GAAoBgS,GAAiC,UAOpEhoG,MAAMC,EAASjB,WACX,OAAK+oG,GAA8BhqG,WAGDiB,IAA9BjB,KAAK0pG,qBACEzR,GAAoBiS,GAA2B,UA4ElE,SAA0CxpG,EAAQwB,GAC9C,MAAMnB,EAASL,EAAOgpG,qBACtB,OAAOrC,GAAoBtmG,EAAQmB,EACvC,CA7EeooG,CAAiCtqG,KAAMkC,GALnC+1F,GAAoBgS,GAAiC,UAUpEjoG,QACI,IAAKgoG,GAA8BhqG,MAC/B,OAAOi4F,GAAoBgS,GAAiC,UAEhE,MAAMlpG,EAASf,KAAK0pG,qBACpB,YAAezoG,IAAXF,EACOk3F,GAAoBiS,GAA2B,UAEtD5C,GAAoCvmG,GAC7Bk3F,GAAoB,IAAIpmE,UAAU,2CAEtC04E,GAAiCvqG,MAY5CY,cACI,IAAKopG,GAA8BhqG,MAC/B,MAAMiqG,GAAiC,oBAG5BhpG,IADAjB,KAAK0pG,sBAIpBc,GAAmCxqG,MAEvC8B,MAAMC,EAAQd,WACV,OAAK+oG,GAA8BhqG,WAGDiB,IAA9BjB,KAAK0pG,qBACEzR,GAAoBiS,GAA2B,aAEnDO,GAAiCzqG,KAAM+B,GALnCk2F,GAAoBgS,GAAiC,WAwBxE,SAASD,GAA8Bl9F,GACnC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,uBAIjD,CAMA,SAASy9F,GAAiC7pG,GAEtC,OAAO6mG,GADQ7mG,EAAOgpG,qBAE1B,CAYA,SAASgB,GAAuDhqG,EAAQ4D,GACjC,YAA/B5D,EAAOiqG,oBACPtB,GAAiC3oG,EAAQ4D,GAkTjD,SAAmD5D,EAAQwB,GACvD6nG,GAA+CrpG,EAAQwB,EAC3D,CAjTQ0oG,CAA0ClqG,EAAQ4D,EAE1D,CACA,SAASykG,GAAsDroG,EAAQ4D,GACjC,YAA9B5D,EAAOmqG,mBACPC,GAAgCpqG,EAAQ4D,GAkVhD,SAAkD5D,EAAQwB,GACtD2nG,GAA8CnpG,EAAQwB,EAC1D,CAjVQ6oG,CAAyCrqG,EAAQ4D,EAEzD,CAYA,SAASkmG,GAAmC9pG,GACxC,MAAMK,EAASL,EAAOgpG,qBAChBsB,EAAgB,IAAIn5E,UAAU,oFACpCk3E,GAAsDroG,EAAQsqG,GAG9DN,GAAuDhqG,EAAQsqG,GAC/DjqG,EAAO2mG,aAAUzmG,EACjBP,EAAOgpG,0BAAuBzoG,CAClC,CACA,SAASwpG,GAAiC/pG,EAAQqB,GAC9C,MAAMhB,EAASL,EAAOgpG,qBAChB7lG,EAAa9C,EAAO4mG,0BACpBnlC,EAqIV,SAAqD3+D,EAAY9B,GAC7D,IACI,OAAO8B,EAAWonG,uBAAuBlpG,GAE7C,MAAOmpG,GAEH,OADAC,GAA6CtnG,EAAYqnG,GAClD,EAEf,CA7IsBE,CAA4CvnG,EAAY9B,GAC1E,GAAIhB,IAAWL,EAAOgpG,qBAClB,OAAOzR,GAAoBiS,GAA2B,aAE1D,MAAM/6D,EAAQpuC,EAAOu5F,OACrB,GAAc,YAAVnrD,EACA,OAAO8oD,GAAoBl3F,EAAO45F,cAEtC,GAAI2M,GAAoCvmG,IAAqB,WAAVouC,EAC/C,OAAO8oD,GAAoB,IAAIpmE,UAAU,6DAE7C,GAAc,aAAVsd,EACA,OAAO8oD,GAAoBl3F,EAAO45F,cAEtC,MAAMl6E,EArXV,SAAuC1f,GAQnC,OAPgB+2F,IAAW,CAAC53F,EAASC,KACjC,MAAM+oG,EAAe,CACjBd,SAAUloG,EACVmoG,QAASloG,GAEbY,EAAO6mG,eAAe/lG,KAAKqnG,EAAa,GAGhD,CA4WoBmC,CAA8BtqG,GAE9C,OAiIJ,SAA8C8C,EAAY9B,EAAOygE,GAC7D,IACIk9B,GAAqB77F,EAAY9B,EAAOygE,GAE5C,MAAO8oC,GAEH,YADAH,GAA6CtnG,EAAYynG,GAG7D,MAAMvqG,EAAS8C,EAAW0nG,0BAC1B,IAAKjE,GAAoCvmG,IAA6B,aAAlBA,EAAOu5F,OAAuB,CAE9EgP,GAAiCvoG,EADZyqG,GAA+C3nG,IAGxE+kG,GAAoD/kG,EACxD,CAhJI4nG,CAAqC5nG,EAAY9B,EAAOygE,GACjD/hD,CACX,CAtGA1V,OAAOizF,iBAAiByJ,GAA4BzmG,UAAW,CAC3DiB,MAAO,CAAE0jC,YAAY,GACrB3jC,MAAO,CAAE2jC,YAAY,GACrB/kC,YAAa,CAAE+kC,YAAY,GAC3B7jC,MAAO,CAAE6jC,YAAY,GACrB9kC,OAAQ,CAAE8kC,YAAY,GACtB21C,YAAa,CAAE31C,YAAY,GAC3B18B,MAAO,CAAE08B,YAAY,KAEiB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAeo8F,GAA4BzmG,UAAWm2F,GAAe8G,YAAa,CACrF58F,MAAO,8BACPukC,cAAc,IA2FtB,MAAM+iE,GAAgB,GAMtB,MAAM/B,GACF9mG,cACI,MAAM,IAAI+xB,UAAU,uBASxBvtB,MAAMD,EAAIpD,WACN,IAgCR,SAA2C6L,GACvC,IAAK0qF,GAAa1qF,GACd,OAAO,EAEX,IAAK/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BACzC,OAAO,EAEX,OAAO,CACX,CAxCa4+F,CAAkC1rG,MACnC,MAAM,IAAI6xB,UAAU,yGAGV,aADA7xB,KAAKurG,0BAA0BjR,QAM7CqR,GAAqC3rG,KAAMqE,GAG/Cg3F,CAACA,IAAYn5F,GACT,MAAMT,EAASzB,KAAK4rG,gBAAgB1pG,GAEpC,OADA2pG,GAA+C7rG,MACxCyB,EAGX65F,CAACA,MACGqE,GAAW3/F,OAsBnB,SAASgnG,GAAqCjmG,EAAQ8C,EAAYihG,EAAgB+B,EAAgBC,EAAgBC,EAAgBp9F,EAAeg9F,GAC7I9iG,EAAW0nG,0BAA4BxqG,EACvCA,EAAO4mG,0BAA4B9jG,EAEnCA,EAAW27F,YAASv+F,EACpB4C,EAAW47F,qBAAkBx+F,EAC7B0+F,GAAW97F,GACXA,EAAW8+F,UAAW,EACtB9+F,EAAWonG,uBAAyBtE,EACpC9iG,EAAW8gG,aAAeh7F,EAC1B9F,EAAWioG,gBAAkBjF,EAC7BhjG,EAAWkoG,gBAAkBjF,EAC7BjjG,EAAW+nG,gBAAkB7E,EAC7B,MAAMwC,EAAeiC,GAA+C3nG,GACpEylG,GAAiCvoG,EAAQwoG,GAGzClR,GADqBL,GADD8M,MAEM,KACtBjhG,EAAW8+F,UAAW,EACtBiG,GAAoD/kG,EAAW,IAChE8J,IACC9J,EAAW8+F,UAAW,EACtBkG,GAAgC9nG,EAAQ4M,EAAE,GAElD,CAsBA,SAASk+F,GAA+ChoG,GACpDA,EAAWioG,qBAAkB7qG,EAC7B4C,EAAWkoG,qBAAkB9qG,EAC7B4C,EAAW+nG,qBAAkB3qG,EAC7B4C,EAAWonG,4BAAyBhqG,CACxC,CAcA,SAASkpG,GAA8CtmG,GACnD,OAAOA,EAAW8gG,aAAe9gG,EAAW47F,eAChD,CAiBA,SAASmJ,GAAoD/kG,GACzD,MAAM9C,EAAS8C,EAAW0nG,0BAC1B,IAAK1nG,EAAW8+F,SACZ,OAEJ,QAAqC1hG,IAAjCF,EAAO8mG,sBACP,OAGJ,GAAc,aADA9mG,EAAOu5F,OAGjB,YADAwO,GAA6B/nG,GAGjC,GAAiC,IAA7B8C,EAAW27F,OAAOp+F,OAClB,OAEJ,MAAMC,EAAuBwC,EA1kDN27F,OAAOtF,OAClB74F,MA0kDRA,IAAUsnG,GAYlB,SAAqD9kG,GACjD,MAAM9C,EAAS8C,EAAW0nG,2BA1b9B,SAAgDxqG,GAC5CA,EAAOgnG,sBAAwBhnG,EAAO+mG,cACtC/mG,EAAO+mG,mBAAgB7mG,CAC3B,EAwbI+qG,CAAuCjrG,GACvCs+F,GAAax7F,GACb,MAAMooG,EAAmBpoG,EAAWkoG,kBACpCF,GAA+ChoG,GAC/Cw0F,GAAY4T,GAAkB,MAxelC,SAA2ClrG,GACvCA,EAAOgnG,sBAAsBK,cAASnnG,GACtCF,EAAOgnG,2BAAwB9mG,EAEjB,aADAF,EAAOu5F,SAGjBv5F,EAAO45F,kBAAe15F,OACcA,IAAhCF,EAAOinG,uBACPjnG,EAAOinG,qBAAqBI,WAC5BrnG,EAAOinG,0BAAuB/mG,IAGtCF,EAAOu5F,OAAS,SAChB,MAAM55F,EAASK,EAAO2mG,aACPzmG,IAAXP,GACAopG,GAAkCppG,EAE1C,CAwdQwrG,CAAkCnrG,EAAO,IAC1CmB,KAxdP,SAAoDnB,EAAQuD,GACxDvD,EAAOgnG,sBAAsBM,QAAQ/jG,GACrCvD,EAAOgnG,2BAAwB9mG,OAEKA,IAAhCF,EAAOinG,uBACPjnG,EAAOinG,qBAAqBK,QAAQ/jG,GACpCvD,EAAOinG,0BAAuB/mG,GAElC4nG,GAAgC9nG,EAAQuD,EAC5C,CAgdQ6nG,CAA2CprG,EAAQmB,EAAO,GAElE,CAtBQkqG,CAA4CvoG,GAuBpD,SAAqDA,EAAY9B,GAC7D,MAAMhB,EAAS8C,EAAW0nG,2BAlc9B,SAAqDxqG,GACjDA,EAAO8mG,sBAAwB9mG,EAAO6mG,eAAe1hG,OACzD,CAicImmG,CAA4CtrG,GAC5C,MAAMurG,EAAmBzoG,EAAWioG,gBAAgB/pG,GACpDs2F,GAAYiU,GAAkB,MA3flC,SAA2CvrG,GACvCA,EAAO8mG,sBAAsBO,cAASnnG,GACtCF,EAAO8mG,2BAAwB5mG,CACnC,CAyfQsrG,CAAkCxrG,GAClC,MAAMouC,EAAQpuC,EAAOu5F,OAErB,GADA+E,GAAax7F,IACRyjG,GAAoCvmG,IAAqB,aAAVouC,EAAsB,CACtE,MAAMo6D,EAAeiC,GAA+C3nG,GACpEylG,GAAiCvoG,EAAQwoG,GAE7CX,GAAoD/kG,EAAW,IAChE3B,IACuB,aAAlBnB,EAAOu5F,QACPuR,GAA+ChoG,GAlgB3D,SAAoD9C,EAAQuD,GACxDvD,EAAO8mG,sBAAsBQ,QAAQ/jG,GACrCvD,EAAO8mG,2BAAwB5mG,EAC/B4nG,GAAgC9nG,EAAQuD,EAC5C,CAggBQkoG,CAA2CzrG,EAAQmB,EAAO,GAElE,CAvCQuqG,CAA4C5oG,EAAYxC,EAEhE,CACA,SAAS8pG,GAA6CtnG,EAAYS,GACV,aAAhDT,EAAW0nG,0BAA0BjR,QACrCqR,GAAqC9nG,EAAYS,EAEzD,CAiCA,SAASknG,GAA+C3nG,GAEpD,OADoBsmG,GAA8CtmG,IAC5C,CAC1B,CAEA,SAAS8nG,GAAqC9nG,EAAYS,GACtD,MAAMvD,EAAS8C,EAAW0nG,0BAC1BM,GAA+ChoG,GAC/C2kG,GAA4BznG,EAAQuD,EACxC,CAEA,SAAS6iG,GAA4Bj8F,GACjC,OAAO,IAAI2mB,UAAU,4BAA4B3mB,yCACrD,CAEA,SAAS++F,GAAiC/+F,GACtC,OAAO,IAAI2mB,UAAU,yCAAyC3mB,sDAClE,CACA,SAASg/F,GAA2Bh/F,GAChC,OAAO,IAAI2mB,UAAU,UAAY3mB,EAAO,oCAC5C,CACA,SAAS0+F,GAAqClpG,GAC1CA,EAAOw6F,eAAiBpD,IAAW,CAAC53F,EAASC,KACzCO,EAAOy6F,uBAAyBj7F,EAChCQ,EAAO06F,sBAAwBj7F,EAC/BO,EAAOiqG,oBAAsB,SAAS,GAE9C,CACA,SAASZ,GAA+CrpG,EAAQwB,GAC5D0nG,GAAqClpG,GACrC2oG,GAAiC3oG,EAAQwB,EAC7C,CAKA,SAASmnG,GAAiC3oG,EAAQwB,QACTjB,IAAjCP,EAAO06F,wBAGXzC,GAA0Bj4F,EAAOw6F,gBACjCx6F,EAAO06F,sBAAsBl5F,GAC7BxB,EAAOy6F,4BAAyBl6F,EAChCP,EAAO06F,2BAAwBn6F,EAC/BP,EAAOiqG,oBAAsB,WACjC,CAIA,SAASb,GAAkCppG,QACDO,IAAlCP,EAAOy6F,yBAGXz6F,EAAOy6F,4BAAuBl6F,GAC9BP,EAAOy6F,4BAAyBl6F,EAChCP,EAAO06F,2BAAwBn6F,EAC/BP,EAAOiqG,oBAAsB,WACjC,CACA,SAASnB,GAAoC9oG,GACzCA,EAAO2pG,cAAgBvS,IAAW,CAAC53F,EAASC,KACxCO,EAAOgsG,sBAAwBxsG,EAC/BQ,EAAOisG,qBAAuBxsG,CAAM,IAExCO,EAAOmqG,mBAAqB,SAChC,CACA,SAAShB,GAA8CnpG,EAAQwB,GAC3DsnG,GAAoC9oG,GACpCoqG,GAAgCpqG,EAAQwB,EAC5C,CACA,SAASynG,GAA8CjpG,GACnD8oG,GAAoC9oG,GACpCgoG,GAAiChoG,EACrC,CACA,SAASoqG,GAAgCpqG,EAAQwB,QACTjB,IAAhCP,EAAOisG,uBAGXhU,GAA0Bj4F,EAAO2pG,eACjC3pG,EAAOisG,qBAAqBzqG,GAC5BxB,EAAOgsG,2BAAwBzrG,EAC/BP,EAAOisG,0BAAuB1rG,EAC9BP,EAAOmqG,mBAAqB,WAChC,CAOA,SAASnC,GAAiChoG,QACDO,IAAjCP,EAAOgsG,wBAGXhsG,EAAOgsG,2BAAsBzrG,GAC7BP,EAAOgsG,2BAAwBzrG,EAC/BP,EAAOisG,0BAAuB1rG,EAC9BP,EAAOmqG,mBAAqB,YAChC,CArQA9/F,OAAOizF,iBAAiB4I,GAAgC5lG,UAAW,CAC/DsD,MAAO,CAAEqhC,YAAY,KAEiB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAeu7F,GAAgC5lG,UAAWm2F,GAAe8G,YAAa,CACzF58F,MAAO,kCACPukC,cAAc,IA+QtB,MAAMgnE,GAA6C,oBAAjBC,aAA+BA,kBAAe5rG,EA6BhF,MAAM6rG,GA1BN,SAAmCtnE,GAC/B,GAAsB,mBAATA,GAAuC,iBAATA,EACvC,OAAO,EAEX,IAEI,OADA,IAAIA,GACG,EAEX,MAAOunE,GACH,OAAO,EAEf,CAeuBC,CAA0BJ,IAAsBA,GAdvE,WAEI,MAAMpnE,EAAO,SAAsBjsB,EAASrO,GACxClL,KAAKuZ,QAAUA,GAAW,GAC1BvZ,KAAKkL,KAAOA,GAAQ,QAChBhI,MAAM8jD,mBACN9jD,MAAM8jD,kBAAkBhnD,KAAMA,KAAKF,cAK3C,OADAiL,OAAOM,eADPm6B,EAAKxkC,UAAY+J,OAAOw6B,OAAOriC,MAAMlC,WACC,cAAe,CAAEK,MAAOmkC,EAAM/8B,UAAU,EAAMm9B,cAAc,IAC3FJ,CACX,CAE4FynE,GAE5F,SAASC,GAAqBrjB,EAAQ14B,EAAMxoD,EAAcI,EAAcC,EAAemkG,GACnF,MAAM5nG,EAASq3F,GAAmC/S,GAC5CnpF,EAAS8mG,GAAmCr2C,GAClD04B,EAAOgU,YAAa,EACpB,IAAIuP,GAAe,EAEfC,EAAerV,QAAoB/2F,GACvC,OAAO62F,IAAW,CAAC53F,EAASC,KACxB,IAAI4mG,EACJ,QAAe9lG,IAAXksG,EAAsB,CAsBtB,GArBApG,EAAiB,KACb,MAAMziG,EAAQ,IAAIwoG,GAAe,UAAW,cACtCQ,EAAU,GACXvkG,GACDukG,EAAQzrG,MAAK,IACW,aAAhBsvD,EAAKmpC,OACE+M,GAAoBl2C,EAAM7sD,GAE9B0zF,QAAoB/2F,KAG9B+H,GACDskG,EAAQzrG,MAAK,IACa,aAAlBgoF,EAAOyQ,OACAO,GAAqBhR,EAAQvlF,GAEjC0zF,QAAoB/2F,KAGnCssG,GAAmB,IAAMttG,QAAQ2H,IAAI0lG,EAAQplG,KAAIslG,GAAUA,SAAY,EAAMlpG,EAAM,EAEnF6oG,EAAOM,QAEP,YADA1G,IAGJoG,EAAOO,iBAAiB,QAAS3G,GAiErC,GA3BA4G,EAAmB9jB,EAAQtkF,EAAO21F,gBAAgB+N,IACzClgG,EAID6kG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAMlG,GAAoBl2C,EAAM83C,KAAc,EAAMA,MAO/E0E,EAAmBx8C,EAAMzwD,EAAOw6F,gBAAgB+N,IACvCjgG,EAID4kG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAM1S,GAAqBhR,EAAQof,KAAc,EAAMA,MAwClF,SAA2BloG,EAAQ0f,EAAS+sF,GAClB,WAAlBzsG,EAAOu5F,OACPkT,IAGAlV,GAAgB73E,EAAS+sF,GAtCjCK,CAAkBhkB,EAAQtkF,EAAO21F,gBAAgB,KACxCvyF,EAIDilG,IAHAL,GAAmB,IA9fnC,SAA8D7sG,GAC1D,MAAMK,EAASL,EAAOgpG,qBAChBv6D,EAAQpuC,EAAOu5F,OACrB,OAAIgN,GAAoCvmG,IAAqB,WAAVouC,EACxC6oD,QAAoB/2F,GAEjB,YAAVkuC,EACO8oD,GAAoBl3F,EAAO45F,cAE/B4P,GAAiC7pG,EAC5C,CAofyCotG,CAAqDptG,QAOlF4mG,GAAoCn2C,IAAyB,WAAhBA,EAAKmpC,OAAqB,CACvE,MAAMyT,EAAa,IAAIl8E,UAAU,+EAC5B7oB,EAID4kG,GAAS,EAAMG,GAHfR,GAAmB,IAAM1S,GAAqBhR,EAAQkkB,KAAa,EAAMA,GAOjF,SAASC,IAGL,MAAMC,EAAkBZ,EACxB,OAAOnV,GAAmBmV,GAAc,IAAMY,IAAoBZ,EAAeW,SAA0B/sG,IAE/G,SAAS0sG,EAAmB5sG,EAAQ0f,EAAS+sF,GACnB,YAAlBzsG,EAAOu5F,OACPkT,EAAOzsG,EAAO45F,cAGdpC,GAAc93E,EAAS+sF,GAW/B,SAASD,EAAmBC,EAAQU,EAAiBC,GAWjD,SAASC,IACL/V,GAAYmV,KAAU,IAAMxzE,EAASk0E,EAAiBC,KAAgBE,GAAYr0E,GAAS,EAAMq0E,KAXjGjB,IAGJA,GAAe,EACK,aAAhBj8C,EAAKmpC,QAA0BgN,GAAoCn2C,GAInEi9C,IAHA9V,GAAgB0V,IAAyBI,IASjD,SAASR,EAASU,EAAShqG,GACnB8oG,IAGJA,GAAe,EACK,aAAhBj8C,EAAKmpC,QAA0BgN,GAAoCn2C,GAInEn3B,EAASs0E,EAAShqG,GAHlBg0F,GAAgB0V,KAAyB,IAAMh0E,EAASs0E,EAAShqG,MAMzE,SAAS01B,EAASs0E,EAAShqG,GACvBkmG,GAAmC9pG,GACnCo6F,GAAmCv1F,QACpBtE,IAAXksG,GACAA,EAAOoB,oBAAoB,QAASxH,GAEpCuH,EACAnuG,EAAOmE,GAGPpE,OAAQe,GA5DhB03F,GApEWb,IAAW,CAAC0W,EAAaC,MAC5B,SAASrrC,EAAK9hE,GACNA,EACAktG,IAKAtW,GAORkV,EACOpV,IAAoB,GAExBE,GAAmBx3F,EAAO2pG,eAAe,IACrCvS,IAAW,CAAC4W,EAAaC,KAC5BhR,GAAgCp4F,EAAQ,CACpC43F,YAAap7F,IACTsrG,EAAenV,GAAmBuS,GAAiC/pG,EAAQqB,QAAQd,EAAWq2F,IAC9FoX,GAAY,EAAM,EAEtBxR,YAAa,IAAMwR,GAAY,GAC/B9Q,YAAa+Q,GACf,MAnBiCvrC,EAAMqrC,GAG7CrrC,EAAK,EAAM,OAyH3B,CAOA,MAAMwrC,GACF9uG,cACI,MAAM,IAAI+xB,UAAU,uBAMpBypD,kBACA,IAAKuzB,GAAkC7uG,MACnC,MAAM8uG,GAAuC,eAEjD,OAAOC,GAA8C/uG,MAMzDgC,QACI,IAAK6sG,GAAkC7uG,MACnC,MAAM8uG,GAAuC,SAEjD,IAAKE,GAAiDhvG,MAClD,MAAM,IAAI6xB,UAAU,mDAExBo9E,GAAqCjvG,MAEzCoE,QAAQrC,EAAQd,WACZ,IAAK4tG,GAAkC7uG,MACnC,MAAM8uG,GAAuC,WAEjD,IAAKE,GAAiDhvG,MAClD,MAAM,IAAI6xB,UAAU,qDAExB,OAAOq9E,GAAuClvG,KAAM+B,GAKxDuC,MAAMD,EAAIpD,WACN,IAAK4tG,GAAkC7uG,MACnC,MAAM8uG,GAAuC,SAEjDK,GAAqCnvG,KAAMqE,GAG/Ck3F,CAACA,IAAar5F,GACVy9F,GAAW3/F,MACX,MAAMyB,EAASzB,KAAKgiG,iBAAiB9/F,GAErC,OADAktG,GAA+CpvG,MACxCyB,EAGX+5F,CAACA,IAAWuB,GACR,MAAMh8F,EAASf,KAAKqvG,0BACpB,GAAIrvG,KAAKw/F,OAAOp+F,OAAS,EAAG,CACxB,MAAMW,EAAQs9F,GAAar/F,MACvBA,KAAKohG,iBAA0C,IAAvBphG,KAAKw/F,OAAOp+F,QACpCguG,GAA+CpvG,MAC/CwhG,GAAoBzgG,IAGpBuuG,GAAgDtvG,MAEpD+8F,EAAYI,YAAYp7F,QAGxB+6F,GAA6B/7F,EAAQg8F,GACrCuS,GAAgDtvG,OAiB5D,SAAS6uG,GAAkC/hG,GACvC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAASwiG,GAAgDzrG,GAErD,IADmB0rG,GAA8C1rG,GAE7D,OAEJ,GAAIA,EAAWi/F,SAEX,YADAj/F,EAAWk/F,YAAa,GAG5Bl/F,EAAWi/F,UAAW,EAEtBzK,GADoBx0F,EAAWm/F,kBACN,KACrBn/F,EAAWi/F,UAAW,EAClBj/F,EAAWk/F,aACXl/F,EAAWk/F,YAAa,EACxBuM,GAAgDzrG,OAErDQ,IACC8qG,GAAqCtrG,EAAYQ,EAAE,GAE3D,CACA,SAASkrG,GAA8C1rG,GACnD,MAAM9C,EAAS8C,EAAWwrG,0BAC1B,IAAKL,GAAiDnrG,GAClD,OAAO,EAEX,IAAKA,EAAW8+F,SACZ,OAAO,EAEX,GAAIpF,GAAuBx8F,IAAWq8F,GAAiCr8F,GAAU,EAC7E,OAAO,EAGX,OADoBguG,GAA8ClrG,GAChD,CAItB,CACA,SAASurG,GAA+CvrG,GACpDA,EAAWm/F,oBAAiB/hG,EAC5B4C,EAAWm+F,sBAAmB/gG,EAC9B4C,EAAWonG,4BAAyBhqG,CACxC,CAEA,SAASguG,GAAqCprG,GAC1C,IAAKmrG,GAAiDnrG,GAClD,OAEJ,MAAM9C,EAAS8C,EAAWwrG,0BAC1BxrG,EAAWu9F,iBAAkB,EACI,IAA7Bv9F,EAAW27F,OAAOp+F,SAClBguG,GAA+CvrG,GAC/C29F,GAAoBzgG,GAE5B,CACA,SAASmuG,GAAuCrrG,EAAY9B,GACxD,IAAKitG,GAAiDnrG,GAClD,OAEJ,MAAM9C,EAAS8C,EAAWwrG,0BAC1B,GAAI9R,GAAuBx8F,IAAWq8F,GAAiCr8F,GAAU,EAC7Ek8F,GAAiCl8F,EAAQgB,GAAO,OAE/C,CACD,IAAIygE,EACJ,IACIA,EAAY3+D,EAAWonG,uBAAuBlpG,GAElD,MAAOmpG,GAEH,MADAiE,GAAqCtrG,EAAYqnG,GAC3CA,EAEV,IACIxL,GAAqB77F,EAAY9B,EAAOygE,GAE5C,MAAO8oC,GAEH,MADA6D,GAAqCtrG,EAAYynG,GAC3CA,GAGdgE,GAAgDzrG,EACpD,CACA,SAASsrG,GAAqCtrG,EAAYQ,GACtD,MAAMtD,EAAS8C,EAAWwrG,0BACJ,aAAlBtuG,EAAOu5F,SAGXqF,GAAW97F,GACXurG,GAA+CvrG,GAC/C6gG,GAAoB3jG,EAAQsD,GAChC,CACA,SAAS0qG,GAA8ClrG,GACnD,MAAMsrC,EAAQtrC,EAAWwrG,0BAA0B/U,OACnD,MAAc,YAAVnrD,EACO,KAEG,WAAVA,EACO,EAEJtrC,EAAW8gG,aAAe9gG,EAAW47F,eAChD,CAQA,SAASuP,GAAiDnrG,GACtD,MAAMsrC,EAAQtrC,EAAWwrG,0BAA0B/U,OACnD,OAAKz2F,EAAWu9F,iBAA6B,aAAVjyD,CAIvC,CACA,SAASqgE,GAAqCzuG,EAAQ8C,EAAYihG,EAAgBC,EAAeC,EAAiBr7F,EAAeg9F,GAC7H9iG,EAAWwrG,0BAA4BtuG,EACvC8C,EAAW27F,YAASv+F,EACpB4C,EAAW47F,qBAAkBx+F,EAC7B0+F,GAAW97F,GACXA,EAAW8+F,UAAW,EACtB9+F,EAAWu9F,iBAAkB,EAC7Bv9F,EAAWk/F,YAAa,EACxBl/F,EAAWi/F,UAAW,EACtBj/F,EAAWonG,uBAAyBtE,EACpC9iG,EAAW8gG,aAAeh7F,EAC1B9F,EAAWm/F,eAAiB+B,EAC5BlhG,EAAWm+F,iBAAmBgD,EAC9BjkG,EAAO+8F,0BAA4Bj6F,EAEnCw0F,GAAYL,GADQ8M,MAC0B,KAC1CjhG,EAAW8+F,UAAW,EACtB2M,GAAgDzrG,EAAW,IAC5D8J,IACCwhG,GAAqCtrG,EAAY8J,EAAE,GAE3D,CAkBA,SAASmhG,GAAuC5jG,GAC5C,OAAO,IAAI2mB,UAAU,6CAA6C3mB,0DACtE,CAwHA,SAASukG,GAAsCxlG,EAAI+7F,EAAUlK,GAEzD,OADAC,GAAe9xF,EAAI6xF,GACX55F,GAAWg3F,GAAYjvF,EAAI+7F,EAAU,CAAC9jG,GAClD,CACA,SAASwtG,GAAoCzlG,EAAI+7F,EAAUlK,GAEvD,OADAC,GAAe9xF,EAAI6xF,GACXj4F,GAAeq1F,GAAYjvF,EAAI+7F,EAAU,CAACniG,GACtD,CACA,SAAS8rG,GAAqC1lG,EAAI+7F,EAAUlK,GAExD,OADAC,GAAe9xF,EAAI6xF,GACXj4F,GAAek1F,GAAY9uF,EAAI+7F,EAAU,CAACniG,GACtD,CACA,SAAS+rG,GAA0B51F,EAAM8hF,GAErC,GAAa,WADb9hF,EAAO,GAAGA,GAEN,MAAM,IAAI6X,UAAU,GAAGiqE,MAAY9hF,8DAEvC,OAAOA,CACX,CASA,SAAS61F,GAAgC/hF,EAAMguE,GAE3C,GAAa,UADbhuE,EAAO,GAAGA,GAEN,MAAM,IAAI+D,UAAU,GAAGiqE,MAAYhuE,oEAEvC,OAAOA,CACX,CAQA,SAASgiF,GAAmBjrG,EAASi3F,GACjCD,GAAiBh3F,EAASi3F,GAC1B,MAAM/yF,EAAelE,aAAyC,EAASA,EAAQkE,aACzEC,EAAgBnE,aAAyC,EAASA,EAAQmE,cAC1EL,EAAe9D,aAAyC,EAASA,EAAQ8D,aACzEwkG,EAAStoG,aAAyC,EAASA,EAAQsoG,OAIzE,YAHelsG,IAAXksG,GAUR,SAA2BA,EAAQrR,GAC/B,IA7oBJ,SAAuBz6F,GACnB,GAAqB,iBAAVA,GAAgC,OAAVA,EAC7B,OAAO,EAEX,IACI,MAAgC,kBAAlBA,EAAMosG,QAExB,MAAOV,GAEH,OAAO,EAEf,CAkoBSgD,CAAc5C,GACf,MAAM,IAAIt7E,UAAaiqE,EAAH,0BAE5B,CAbQkU,CAAkB7C,EAAWrR,EAAH,6BAEvB,CACH/yF,eAAsBA,EACtBC,gBAAuBA,EACvBL,eAAsBA,EACtBwkG,SAER,CAlWApiG,OAAOizF,iBAAiB4Q,GAAgC5tG,UAAW,CAC/DgB,MAAO,CAAE2jC,YAAY,GACrBvhC,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAeujG,GAAgC5tG,UAAWm2F,GAAe8G,YAAa,CACzF58F,MAAO,kCACPukC,cAAc,IAgXtB,MAAMnjC,GACF3C,YAAYmwG,EAAsB,GAAI1J,EAAc,SACpBtlG,IAAxBgvG,EACAA,EAAsB,KAGtBjU,GAAaiU,EAAqB,mBAEtC,MAAM31C,EAAWurC,GAAuBU,EAAa,oBAC/C2J,EAhHd,SAA8CrmB,EAAQiS,GAClDD,GAAiBhS,EAAQiS,GACzB,MAAMkK,EAAWnc,EACXsY,EAAwB6D,aAA2C,EAASA,EAAS7D,sBACrF19F,EAASuhG,aAA2C,EAASA,EAASvhG,OACtEF,EAAOyhG,aAA2C,EAASA,EAASzhG,KACpEX,EAAQoiG,aAA2C,EAASA,EAASpiG,MACrEoW,EAAOgsF,aAA2C,EAASA,EAAShsF,KAC1E,MAAO,CACHmoF,2BAAiDlhG,IAA1BkhG,OACnBlhG,EACAs7F,GAAwC4F,EAA0BrG,EAAH,4CACnEr3F,YAAmBxD,IAAXwD,OACJxD,EACAwuG,GAAsChrG,EAAQuhG,EAAalK,EAAH,6BAC5Dv3F,UAAetD,IAATsD,OACFtD,EACAyuG,GAAoCnrG,EAAMyhG,EAAalK,EAAH,2BACxDl4F,WAAiB3C,IAAV2C,OACH3C,EACA0uG,GAAqC/rG,EAAOoiG,EAAalK,EAAH,4BAC1D9hF,UAAe/Y,IAAT+Y,OAAqB/Y,EAAY2uG,GAA0B51F,EAAS8hF,EAAH,2BAE/E,CAyFiCqU,CAAqCF,EAAqB,mBAEnF,GADAG,GAAyBpwG,MACK,UAA1BkwG,EAAiBl2F,KAAkB,CACnC,QAAsB/Y,IAAlBq5D,EAASt1D,KACT,MAAM,IAAIuwC,WAAW,8DAGzBqvD,GAAsD5kG,KAAMkwG,EADtCxK,GAAqBprC,EAAU,QAGpD,CACD,MAAMqsC,EAAgBf,GAAqBtrC,IA7OvD,SAAkEv5D,EAAQmvG,EAAkBvmG,EAAeg9F,GACvG,MAAM9iG,EAAakH,OAAOw6B,OAAOqpE,GAAgC5tG,WACjE,IAAI8jG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoB/2F,GAC1C+jG,EAAkB,IAAMhN,QAAoB/2F,QACjBA,IAA3BivG,EAAiBtsG,QACjBkhG,EAAiB,IAAMoL,EAAiBtsG,MAAMC,SAEpB5C,IAA1BivG,EAAiB3rG,OACjBwgG,EAAgB,IAAMmL,EAAiB3rG,KAAKV,SAEhB5C,IAA5BivG,EAAiBzrG,SACjBugG,EAAkB9iG,GAAUguG,EAAiBzrG,OAAOvC,IAExDstG,GAAqCzuG,EAAQ8C,EAAYihG,EAAgBC,EAAeC,EAAiBr7F,EAAeg9F,EAC5H,CAgOY0J,CAAyDrwG,KAAMkwG,EADzCxK,GAAqBprC,EAAU,GAC2CqsC,IAMpGO,aACA,IAAKvK,GAAiB38F,MAClB,MAAMswG,GAA4B,UAEtC,OAAO/S,GAAuBv9F,MAQlCyE,OAAOvC,EAASjB,WACZ,OAAK07F,GAAiB38F,MAGlBu9F,GAAuBv9F,MAChBi4F,GAAoB,IAAIpmE,UAAU,qDAEtCgpE,GAAqB76F,KAAMkC,GALvB+1F,GAAoBqY,GAA4B,WAO/D/vG,UAAUgwG,EAAatvG,WACnB,IAAK07F,GAAiB38F,MAClB,MAAMswG,GAA4B,aAEtC,MAAMzrG,EA/Gd,SAA8BA,EAASi3F,GACnCD,GAAiBh3F,EAASi3F,GAC1B,MAAMhuE,EAAOjpB,aAAyC,EAASA,EAAQipB,KACvE,MAAO,CACHA,UAAe7sB,IAAT6sB,OAAqB7sB,EAAY4uG,GAAgC/hF,EAASguE,EAAH,2BAErF,CAyGwB0U,CAAqBD,EAAY,mBACjD,YAAqBtvG,IAAjB4D,EAAQipB,KACD8uE,GAAmC58F,MA3zDtD,SAAyCe,GACrC,OAAO,IAAIqkG,GAAyBrkG,EACxC,CA2zDe0vG,CAAgCzwG,MAE3C0wG,YAAYC,EAAcJ,EAAa,IACnC,IAAK5T,GAAiB38F,MAClB,MAAMswG,GAA4B,eAEtCrU,GAAuB0U,EAAc,EAAG,eACxC,MAAMxoG,EA/Ed,SAAqCo3F,EAAMzD,GACvCD,GAAiB0D,EAAMzD,GACvB,MAAMtzF,EAAW+2F,aAAmC,EAASA,EAAK/2F,SAClE2zF,GAAoB3zF,EAAU,WAAY,wBAC1Ck0F,GAAqBl0F,EAAaszF,EAAH,+BAC/B,MAAMrzF,EAAW82F,aAAmC,EAASA,EAAK92F,SAGlE,OAFA0zF,GAAoB1zF,EAAU,WAAY,wBAC1C29F,GAAqB39F,EAAaqzF,EAAH,+BACxB,CAAEtzF,WAAUC,WACvB,CAsE0BmoG,CAA4BD,EAAc,mBACtD9rG,EAAUirG,GAAmBS,EAAY,oBAC/C,GAAIhT,GAAuBv9F,MACvB,MAAM,IAAI6xB,UAAU,kFAExB,GAAIu1E,GAAuBj/F,EAAUM,UACjC,MAAM,IAAIopB,UAAU,kFAIxB,OADA8mE,GADgBuU,GAAqBltG,KAAMmI,EAAUM,SAAU5D,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQsoG,SAEnIhlG,EAAUK,SAErBU,OAAO2nG,EAAaN,EAAa,IAC7B,IAAK5T,GAAiB38F,MAClB,OAAOi4F,GAAoBqY,GAA4B,WAE3D,QAAoBrvG,IAAhB4vG,EACA,OAAO5Y,GAAoB,wCAE/B,IAAKoO,GAAiBwK,GAClB,OAAO5Y,GAAoB,IAAIpmE,UAAU,8EAE7C,IAAIhtB,EACJ,IACIA,EAAUirG,GAAmBS,EAAY,oBAE7C,MAAOlsG,GACH,OAAO4zF,GAAoB5zF,GAE/B,OAAIk5F,GAAuBv9F,MAChBi4F,GAAoB,IAAIpmE,UAAU,8EAEzCu1E,GAAuByJ,GAChB5Y,GAAoB,IAAIpmE,UAAU,8EAEtCq7E,GAAqBltG,KAAM6wG,EAAahsG,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQsoG,QAa9HviG,MACI,IAAK+xF,GAAiB38F,MAClB,MAAMswG,GAA4B,OAEtC,MAAMQ,EAxTd,SAA2B/vG,EAAQgwG,GAC/B,MAAMxrG,EAASq3F,GAAmC77F,GAClD,IAGIiwG,EACAC,EACAC,EACAC,EACAC,EAPAC,GAAU,EACVC,GAAY,EACZC,GAAY,EAMhB,MAAMC,EAAgB1Z,IAAW53F,IAC7BkxG,EAAuBlxG,CAAO,IAElC,SAAS6kG,IACL,OAAIsM,IAGJA,GAAU,EAuCV1T,GAAgCp4F,EAtCZ,CAChB43F,YAAa97F,IAITu3F,IAAe,KACXyY,GAAU,EACV,MAAMI,EAASpwG,EACTqwG,EAASrwG,EAMViwG,GACDpC,GAAuCgC,EAAQpT,0BAA2B2T,GAEzEF,GACDrC,GAAuCiC,EAAQrT,0BAA2B4T,KAEhF,EAENxU,YAAa,KACTmU,GAAU,EACLC,GACDrC,GAAqCiC,EAAQpT,2BAE5CyT,GACDtC,GAAqCkC,EAAQrT,2BAE5CwT,GAAcC,GACfH,OAAqBnwG,IAG7B28F,YAAa,KACTyT,GAAU,CAAK,KAtCZrZ,QAAoB/2F,GAgEnC,SAAS6jG,KAYT,OATAoM,EAAUS,GAAqB7M,EAAgBC,GAvB/C,SAA0B7iG,GAGtB,GAFAovG,GAAY,EACZN,EAAU9uG,EACNqvG,EAAW,CACX,MAAMK,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqB95F,EAAQ6wG,GAClDR,EAAqBS,GAEzB,OAAOL,KAgBXL,EAAUQ,GAAqB7M,EAAgBC,GAd/C,SAA0B7iG,GAGtB,GAFAqvG,GAAY,EACZN,EAAU/uG,EACNovG,EAAW,CACX,MAAMM,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqB95F,EAAQ6wG,GAClDR,EAAqBS,GAEzB,OAAOL,KAOXjZ,GAAchzF,EAAO21F,gBAAiBvtF,IAClCwhG,GAAqC+B,EAAQpT,0BAA2BnwF,GACxEwhG,GAAqCgC,EAAQrT,0BAA2BnwF,GACnE2jG,GAAcC,GACfH,OAAqBnwG,MAGtB,CAACiwG,EAASC,EACrB,CA4NyBW,CAAkB9xG,MACnC,OAAO4/F,GAAoBkR,GAE/B3pG,OAAOopG,EAAatvG,WAChB,IAAK07F,GAAiB38F,MAClB,MAAMswG,GAA4B,UAGtC,OA1jFR,SAA4CvvG,EAAQiI,GAChD,MAAMzD,EAASq3F,GAAmC77F,GAC5CgxG,EAAO,IAAI5T,GAAgC54F,EAAQyD,GACnDouF,EAAWrsF,OAAOw6B,OAAOq5D,IAE/B,OADAxH,EAAS0H,mBAAqBiT,EACvB3a,CACX,CAojFe4a,CAAmChyG,KAvKlD,SAAgC6E,EAASi3F,GAGrC,OAFAD,GAAiBh3F,EAASi3F,GAEnB,CAAE9yF,iBADanE,aAAyC,EAASA,EAAQmE,eAEpF,CAkKwBipG,CAAuB1B,EAAY,mBACKvnG,gBA2BhE,SAAS2oG,GAAqB7M,EAAgBC,EAAeC,EAAiBr7F,EAAgB,EAAGg9F,EAAgB,KAAM,IACnH,MAAM5lG,EAASgK,OAAOw6B,OAAO9iC,GAAezB,WAC5CovG,GAAyBrvG,GAGzB,OADAyuG,GAAqCzuG,EADlBgK,OAAOw6B,OAAOqpE,GAAgC5tG,WACR8jG,EAAgBC,EAAeC,EAAiBr7F,EAAeg9F,GACjH5lG,CACX,CACA,SAASqvG,GAAyBrvG,GAC9BA,EAAOu5F,OAAS,WAChBv5F,EAAO+D,aAAU7D,EACjBF,EAAO45F,kBAAe15F,EACtBF,EAAO88F,YAAa,CACxB,CACA,SAASlB,GAAiB7vF,GACtB,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAASywF,GAAuBx8F,GAC5B,YAAuBE,IAAnBF,EAAO+D,OAIf,CAEA,SAAS+1F,GAAqB95F,EAAQmB,GAElC,GADAnB,EAAO88F,YAAa,EACE,WAAlB98F,EAAOu5F,OACP,OAAOtC,QAAoB/2F,GAE/B,GAAsB,YAAlBF,EAAOu5F,OACP,OAAOrC,GAAoBl3F,EAAO45F,cAEtC6G,GAAoBzgG,GAEpB,OAAOy3F,GADqBz3F,EAAO+8F,0BAA0BvC,IAAar5F,GACzBo1F,GACrD,CACA,SAASkK,GAAoBzgG,GACzBA,EAAOu5F,OAAS,SAChB,MAAM/0F,EAASxE,EAAO+D,aACP7D,IAAXsE,IAGJi1F,GAAkCj1F,GAC9B+3F,GAA8B/3F,KAC9BA,EAAOy3F,cAAc55F,SAAQ25F,IACzBA,EAAYG,aAAa,IAE7B33F,EAAOy3F,cAAgB,IAAI7D,IAEnC,CACA,SAASuL,GAAoB3jG,EAAQsD,GACjCtD,EAAOu5F,OAAS,UAChBv5F,EAAO45F,aAAet2F,EACtB,MAAMkB,EAASxE,EAAO+D,aACP7D,IAAXsE,IAGJw1F,GAAiCx1F,EAAQlB,GACrCi5F,GAA8B/3F,IAC9BA,EAAOy3F,cAAc55F,SAAQ25F,IACzBA,EAAYa,YAAYv5F,EAAE,IAE9BkB,EAAOy3F,cAAgB,IAAI7D,KAG3B5zF,EAAO89F,kBAAkBjgG,SAAQggG,IAC7BA,EAAgBxF,YAAYv5F,EAAE,IAElCkB,EAAO89F,kBAAoB,IAAIlK,IAEvC,CAEA,SAASmX,GAA4BplG,GACjC,OAAO,IAAI2mB,UAAU,4BAA4B3mB,yCACrD,CAEA,SAASgnG,GAA2B73E,EAAMyhE,GACtCD,GAAiBxhE,EAAMyhE,GACvB,MAAMnyF,EAAgB0wB,aAAmC,EAASA,EAAK1wB,cAEvE,OADAwyF,GAAoBxyF,EAAe,gBAAiB,uBAC7C,CACHA,cAAe0yF,GAA0B1yF,GAEjD,CAhHAoB,OAAOizF,iBAAiBv7F,GAAezB,UAAW,CAC9CyD,OAAQ,CAAEkhC,YAAY,GACtBplC,UAAW,CAAEolC,YAAY,GACzB+qE,YAAa,CAAE/qE,YAAY,GAC3Bz8B,OAAQ,CAAEy8B,YAAY,GACtB/6B,IAAK,CAAE+6B,YAAY,GACnBx+B,OAAQ,CAAEw+B,YAAY,GACtBuhE,OAAQ,CAAEvhE,YAAY,KAEgB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe5I,GAAezB,UAAWm2F,GAAe8G,YAAa,CACxE58F,MAAO,iBACPukC,cAAc,IAGsB,iBAAjCuxD,GAAe+G,eACtBnzF,OAAOM,eAAe5I,GAAezB,UAAWm2F,GAAe+G,cAAe,CAC1E78F,MAAOoB,GAAezB,UAAUmG,OAChCsB,UAAU,EACVm9B,cAAc,IA+FtB,MAAMusE,GAAyB,SAAcpwG,GACzC,OAAOA,EAAMoC,UACjB,EAMA,MAAMiuG,GACFtyG,YAAY+E,GACRo3F,GAAuBp3F,EAAS,EAAG,6BACnCA,EAAUqtG,GAA2BrtG,EAAS,mBAC9C7E,KAAKqyG,wCAA0CxtG,EAAQ8E,cAKvDA,oBACA,IAAK2oG,GAA4BtyG,MAC7B,MAAMuyG,GAA8B,iBAExC,OAAOvyG,KAAKqyG,wCAKZrtG,WACA,IAAKstG,GAA4BtyG,MAC7B,MAAMuyG,GAA8B,QAExC,OAAOJ,IAcf,SAASI,GAA8BrnG,GACnC,OAAO,IAAI2mB,UAAU,uCAAuC3mB,oDAChE,CACA,SAASonG,GAA4BxlG,GACjC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,0CAIjD,CAtBA/B,OAAOizF,iBAAiBoU,GAA0BpxG,UAAW,CACzD2I,cAAe,CAAEg8B,YAAY,GAC7B3gC,KAAM,CAAE2gC,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe+mG,GAA0BpxG,UAAWm2F,GAAe8G,YAAa,CACnF58F,MAAO,4BACPukC,cAAc,IAiBtB,MAAM4sE,GAAoB,WACtB,OAAO,CACX,EAMA,MAAMC,GACF3yG,YAAY+E,GACRo3F,GAAuBp3F,EAAS,EAAG,wBACnCA,EAAUqtG,GAA2BrtG,EAAS,mBAC9C7E,KAAK0yG,mCAAqC7tG,EAAQ8E,cAKlDA,oBACA,IAAKgpG,GAAuB3yG,MACxB,MAAM4yG,GAAyB,iBAEnC,OAAO5yG,KAAK0yG,mCAMZ1tG,WACA,IAAK2tG,GAAuB3yG,MACxB,MAAM4yG,GAAyB,QAEnC,OAAOJ,IAcf,SAASI,GAAyB1nG,GAC9B,OAAO,IAAI2mB,UAAU,kCAAkC3mB,+CAC3D,CACA,SAASynG,GAAuB7lG,GAC5B,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,qCAIjD,CAuBA,SAAS+lG,GAAgC5oG,EAAI+7F,EAAUlK,GAEnD,OADAC,GAAe9xF,EAAI6xF,GACXj4F,GAAeq1F,GAAYjvF,EAAI+7F,EAAU,CAACniG,GACtD,CACA,SAASivG,GAAgC7oG,EAAI+7F,EAAUlK,GAEnD,OADAC,GAAe9xF,EAAI6xF,GACXj4F,GAAek1F,GAAY9uF,EAAI+7F,EAAU,CAACniG,GACtD,CACA,SAASkvG,GAAoC9oG,EAAI+7F,EAAUlK,GAEvD,OADAC,GAAe9xF,EAAI6xF,GACZ,CAAC/5F,EAAO8B,IAAeq1F,GAAYjvF,EAAI+7F,EAAU,CAACjkG,EAAO8B,GACpE,CAxDAkH,OAAOizF,iBAAiByU,GAAqBzxG,UAAW,CACpD2I,cAAe,CAAEg8B,YAAY,GAC7B3gC,KAAM,CAAE2gC,YAAY,KAEkB,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAeonG,GAAqBzxG,UAAWm2F,GAAe8G,YAAa,CAC9E58F,MAAO,uBACPukC,cAAc,IA4DtB,MAAMp+B,GACF1H,YAAYkzG,EAAiB,GAAIC,EAAsB,GAAIC,EAAsB,SACtDjyG,IAAnB+xG,IACAA,EAAiB,MAErB,MAAMG,EAAmBtN,GAAuBoN,EAAqB,oBAC/DG,EAAmBvN,GAAuBqN,EAAqB,mBAC/DG,EAlDd,SAA4BrN,EAAUlK,GAClCD,GAAiBmK,EAAUlK,GAC3B,MAAM58B,EAAQ8mC,aAA2C,EAASA,EAAS9mC,MACrEo0C,EAAetN,aAA2C,EAASA,EAASsN,aAC5E1vG,EAAQoiG,aAA2C,EAASA,EAASpiG,MACrEuE,EAAY69F,aAA2C,EAASA,EAAS79F,UACzEorG,EAAevN,aAA2C,EAASA,EAASuN,aAClF,MAAO,CACHr0C,WAAiBj+D,IAAVi+D,OACHj+D,EACA4xG,GAAgC3zC,EAAO8mC,EAAalK,EAAH,4BACrDwX,eACA1vG,WAAiB3C,IAAV2C,OACH3C,EACA6xG,GAAgClvG,EAAOoiG,EAAalK,EAAH,4BACrD3zF,eAAyBlH,IAAdkH,OACPlH,EACA8xG,GAAoC5qG,EAAW69F,EAAalK,EAAH,gCAC7DyX,eAER,CA8B4BC,CAAmBR,EAAgB,mBACvD,QAAiC/xG,IAA7BoyG,EAAYC,aACZ,MAAM,IAAI/9D,WAAW,kCAEzB,QAAiCt0C,IAA7BoyG,EAAYE,aACZ,MAAM,IAAIh+D,WAAW,kCAEzB,MAAMk+D,EAAwB/N,GAAqB0N,EAAkB,GAC/DM,EAAwB9N,GAAqBwN,GAC7CO,EAAwBjO,GAAqByN,EAAkB,GAC/DS,EAAwBhO,GAAqBuN,GACnD,IAAIU,GA0CZ,SAAmC9yG,EAAQ+yG,EAAcH,EAAuBC,EAAuBH,EAAuBC,GAC1H,SAAS5O,IACL,OAAOgP,EAEX,SAASjN,EAAe9kG,GACpB,OAoMR,SAAkDhB,EAAQgB,GACtD,MAAM8B,EAAa9C,EAAOgzG,2BAC1B,GAAIhzG,EAAOknG,cAAe,CAEtB,OAAOzP,GAD2Bz3F,EAAOizG,4BACc,KACnD,MAAMvrG,EAAW1H,EAAOkzG,UAExB,GAAc,aADAxrG,EAAS6xF,OAEnB,MAAM7xF,EAASkyF,aAEnB,OAAOuZ,GAAiDrwG,EAAY9B,EAAM,IAGlF,OAAOmyG,GAAiDrwG,EAAY9B,EACxE,CAlNeoyG,CAAyCpzG,EAAQgB,GAE5D,SAASglG,EAAe7kG,GACpB,OAgNR,SAAkDnB,EAAQmB,GAItD,OADAkyG,GAAqBrzG,EAAQmB,GACtB81F,QAAoB/2F,EAC/B,CArNeozG,CAAyCtzG,EAAQmB,GAE5D,SAAS4kG,IACL,OAmNR,SAAkD/lG,GAE9C,MAAMyH,EAAWzH,EAAOuzG,UAClBzwG,EAAa9C,EAAOgzG,2BACpBQ,EAAe1wG,EAAW2wG,kBAGhC,OAFAC,GAAgD5wG,GAEzC20F,GAAqB+b,GAAc,KACtC,GAAwB,YAApB/rG,EAAS8xF,OACT,MAAM9xF,EAASmyF,aAEnBsU,GAAqCzmG,EAASs1F,0BAA0B,IACzEnwF,IAEC,MADAymG,GAAqBrzG,EAAQ4M,GACvBnF,EAASmyF,YAAY,GAEnC,CAnOe+Z,CAAyC3zG,GAGpD,SAASgkG,IACL,OAiOR,SAAmDhkG,GAI/C,OAFA4zG,GAA+B5zG,GAAQ,GAEhCA,EAAOizG,0BAClB,CAtOeY,CAA0C7zG,GAErD,SAASikG,EAAgB9iG,GAErB,OADA2yG,GAA4C9zG,EAAQmB,GAC7C81F,QAAoB/2F,GAN/BF,EAAOkzG,UAl4DX,SAA8BnP,EAAgB+B,EAAgBC,EAAgBC,EAAgBp9F,EAAgB,EAAGg9F,EAAgB,KAAM,IACnI,MAAM5lG,EAASgK,OAAOw6B,OAAOh+B,GAAevG,WAI5C,OAHA0lG,GAAyB3lG,GAEzBimG,GAAqCjmG,EADlBgK,OAAOw6B,OAAOqhE,GAAgC5lG,WACR8jG,EAAgB+B,EAAgBC,EAAgBC,EAAgBp9F,EAAeg9F,GACjI5lG,CACX,CA43DuB+zG,CAAqBhQ,EAAgB+B,EAAgBC,EAAgBC,EAAgB4M,EAAuBC,GAQ/H7yG,EAAOuzG,UAAY3C,GAAqB7M,EAAgBC,EAAeC,EAAiByO,EAAuBC,GAE/G3yG,EAAOknG,mBAAgBhnG,EACvBF,EAAOizG,gCAA6B/yG,EACpCF,EAAOg0G,wCAAqC9zG,EAC5C0zG,GAA+B5zG,GAAQ,GACvCA,EAAOgzG,gCAA6B9yG,CACxC,CAlEQ+zG,CAA0Bh1G,KAHL83F,IAAW53F,IAC5B2zG,EAAuB3zG,CAAO,IAEYyzG,EAAuBC,EAAuBH,EAAuBC,GAgL3H,SAA8D3yG,EAAQsyG,GAClE,MAAMxvG,EAAakH,OAAOw6B,OAAO0vE,GAAiCj0G,WAClE,IAAIk0G,EAAsBnzG,IACtB,IAEI,OADAozG,GAAwCtxG,EAAY9B,GAC7Ci2F,QAAoB/2F,GAE/B,MAAOm0G,GACH,OAAOnd,GAAoBmd,KAG/BC,EAAiB,IAAMrd,QAAoB/2F,QACjBA,IAA1BoyG,EAAYlrG,YACZ+sG,EAAqBnzG,GAASsxG,EAAYlrG,UAAUpG,EAAO8B,SAErC5C,IAAtBoyG,EAAYn0C,QACZm2C,EAAiB,IAAMhC,EAAYn0C,MAAMr7D,KAtBjD,SAA+C9C,EAAQ8C,EAAYqxG,EAAoBG,GACnFxxG,EAAWyxG,2BAA6Bv0G,EACxCA,EAAOgzG,2BAA6BlwG,EACpCA,EAAW0xG,oBAAsBL,EACjCrxG,EAAW2wG,gBAAkBa,CACjC,CAmBIG,CAAsCz0G,EAAQ8C,EAAYqxG,EAAoBG,EAClF,CAlMQI,CAAqDz1G,KAAMqzG,QACjCpyG,IAAtBoyG,EAAYzvG,MACZiwG,EAAqBR,EAAYzvG,MAAM5D,KAAK+zG,6BAG5CF,OAAqB5yG,GAMzBuH,eACA,IAAKktG,GAAkB11G,MACnB,MAAM21G,GAA0B,YAEpC,OAAO31G,KAAKs0G,UAKZ7rG,eACA,IAAKitG,GAAkB11G,MACnB,MAAM21G,GAA0B,YAEpC,OAAO31G,KAAKi0G,WA0CpB,SAASyB,GAAkB5oG,GACvB,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BAIjD,CAEA,SAASsnG,GAAqBrzG,EAAQsD,GAClC8qG,GAAqCpuG,EAAOuzG,UAAUxW,0BAA2Bz5F,GACjFwwG,GAA4C9zG,EAAQsD,EACxD,CACA,SAASwwG,GAA4C9zG,EAAQsD,GACzDowG,GAAgD1zG,EAAOgzG,4BACvD5I,GAA6CpqG,EAAOkzG,UAAUtM,0BAA2BtjG,GACrFtD,EAAOknG,eAIP0M,GAA+B5zG,GAAQ,EAE/C,CACA,SAAS4zG,GAA+B5zG,EAAQwoG,QAEFtoG,IAAtCF,EAAOizG,4BACPjzG,EAAOg0G,qCAEXh0G,EAAOizG,2BAA6Blc,IAAW53F,IAC3Ca,EAAOg0G,mCAAqC70G,CAAO,IAEvDa,EAAOknG,cAAgBsB,CAC3B,CAxEAx+F,OAAOizF,iBAAiBx2F,GAAgBxG,UAAW,CAC/CwH,SAAU,CAAEm9B,YAAY,GACxBl9B,SAAU,CAAEk9B,YAAY,KAEc,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe7D,GAAgBxG,UAAWm2F,GAAe8G,YAAa,CACzE58F,MAAO,kBACPukC,cAAc,IAwEtB,MAAMqvE,GACFn1G,cACI,MAAM,IAAI+xB,UAAU,uBAKpBypD,kBACA,IAAKs6B,GAAmC51G,MACpC,MAAM61G,GAAqC,eAG/C,OAAO9G,GADoB/uG,KAAKs1G,2BAA2BhB,UAAUxW,2BAGzE15F,QAAQrC,EAAQd,WACZ,IAAK20G,GAAmC51G,MACpC,MAAM61G,GAAqC,WAE/CV,GAAwCn1G,KAAM+B,GAMlDuC,MAAMpC,EAASjB,WACX,IAAK20G,GAAmC51G,MACpC,MAAM61G,GAAqC,SAwFvD,IAA2DxxG,IAtFPnC,EAuFhDkyG,GAvF0Cp0G,KAuFVs1G,2BAA4BjxG,GAjF5DuH,YACI,IAAKgqG,GAAmC51G,MACpC,MAAM61G,GAAqC,cAwFvD,SAAmDhyG,GAC/C,MAAM9C,EAAS8C,EAAWyxG,2BACpBQ,EAAqB/0G,EAAOuzG,UAAUxW,0BAC5CmR,GAAqC6G,GAErCjB,GAA4C9zG,EAD9B,IAAI8wB,UAAU,8BAEhC,CA5FQkkF,CAA0C/1G,OAgBlD,SAAS41G,GAAmC9oG,GACxC,QAAK0qF,GAAa1qF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BAIjD,CA2BA,SAAS2nG,GAAgD5wG,GACrDA,EAAW0xG,yBAAsBt0G,EACjC4C,EAAW2wG,qBAAkBvzG,CACjC,CACA,SAASk0G,GAAwCtxG,EAAY9B,GACzD,MAAMhB,EAAS8C,EAAWyxG,2BACpBQ,EAAqB/0G,EAAOuzG,UAAUxW,0BAC5C,IAAKkR,GAAiD8G,GAClD,MAAM,IAAIjkF,UAAU,wDAIxB,IACIq9E,GAAuC4G,EAAoB/zG,GAE/D,MAAOsC,GAGH,MADAwwG,GAA4C9zG,EAAQsD,GAC9CtD,EAAOuzG,UAAU3Z,aAE3B,MAAM4O,EAz3BV,SAAwD1lG,GACpD,OAAI0rG,GAA8C1rG,EAItD,CAo3ByBmyG,CAA+CF,GAChEvM,IAAiBxoG,EAAOknG,eACxB0M,GAA+B5zG,GAAQ,EAE/C,CAIA,SAASmzG,GAAiDrwG,EAAY9B,GAElE,OAAOy2F,GADkB30F,EAAW0xG,oBAAoBxzG,QACVd,GAAW0M,IAErD,MADAymG,GAAqBvwG,EAAWyxG,2BAA4B3nG,GACtDA,CAAC,GAEf,CAuDA,SAASkoG,GAAqC3qG,GAC1C,OAAO,IAAI2mB,UAAU,8CAA8C3mB,2DACvE,CAEA,SAASyqG,GAA0BzqG,GAC/B,OAAO,IAAI2mB,UAAU,6BAA6B3mB,0CACtD,CA/IAH,OAAOizF,iBAAiBiX,GAAiCj0G,UAAW,CAChEoD,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrB/5B,UAAW,CAAE+5B,YAAY,GACzB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/BwxD,GAAe8G,aACtBlzF,OAAOM,eAAe4pG,GAAiCj0G,UAAWm2F,GAAe8G,YAAa,CAC1F58F,MAAO,mCACPukC,cAAc,qaC3lHlBqwE,GAAgB,SAASxtF,EAAGxa,GAI5B,OAHAgoG,GAAgBlrG,OAAOi0F,gBAClB,CAAEkX,UAAW,cAAgBr2G,OAAS,SAAU4oB,EAAGxa,GAAKwa,EAAEytF,UAAYjoG,IACvE,SAAUwa,EAAGxa,GAAK,IAAK,IAAImkB,KAAKnkB,EAAOlD,OAAO/J,UAAUmxB,eAAerxB,KAAKmN,EAAGmkB,KAAI3J,EAAE2J,GAAKnkB,EAAEmkB,KACzF6jF,GAAcxtF,EAAGxa,EAC5B;;;;;;;;;;;;;;kFAEA,SAASkoG,GAAU1tF,EAAGxa,GAClB,GAAiB,mBAANA,GAA0B,OAANA,EAC3B,MAAM,IAAI4jB,UAAU,uBAAgC5jB,EAAK,iCAE7D,SAAS8zD,IAAO/hE,KAAKF,YAAc2oB,EADnCwtF,GAAcxtF,EAAGxa,GAEjBwa,EAAEznB,UAAkB,OAANiN,EAAalD,OAAOw6B,OAAOt3B,IAAM8zD,EAAG/gE,UAAYiN,EAAEjN,UAAW,IAAI+gE,EACnF,CAEA,SAAS58B,GAAO7lB,GACZ,IAAKA,EACD,MAAM,IAAIuS,UAAU,mBAE5B,CAEA,SAASylE,KAET,CACA,SAASE,GAAa1qF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAEA,SAASspG,GAAoB5wE,GACzB,GAAoB,mBAATA,EACP,OAAO,EAEX,IAAI6wE,GAAc,EAClB,IACI,IAAI7wE,EAAK,CACL5hC,MAAO,WACHyyG,GAAc,KAI1B,MAAOhyG,IAGP,OAAOgyG,CACX,CACA,SAASC,GAAiB9tG,GACtB,QAAKgvF,GAAahvF,IAGgB,mBAAvBA,EAASjI,SAIxB,CAUA,SAASg2G,GAAiB9tG,GACtB,QAAK+uF,GAAa/uF,IAGgB,mBAAvBA,EAAS9H,SAIxB,CAUA,SAAS61G,GAAkBruG,GACvB,QAAKqvF,GAAarvF,OAGbmuG,GAAiBnuG,EAAUK,aAG3B+tG,GAAiBpuG,EAAUM,UAIpC,CAUA,SAASguG,GAAmBjuG,GACxB,IAGI,OAFaA,EAASjI,UAAU,CAAEutB,KAAM,SACjCltB,eACA,EAEX,MAAOmsG,GACH,OAAO,EAEf,CAmCA,SAAS2J,GAA6BluG,EAAUukG,GAC5C,IAAkC/yF,QAAlB,IAAP+yF,EAAgB,GAAKA,GAAc/yF,KAW5C,OAVAmrB,GAAOmxE,GAAiB9tG,IACxB28B,IAA2B,IAApB38B,EAAS0+F,QAGH,WAFbltF,EAAO28F,GAAkB38F,IAGZ,IAAI48F,GAAiCpuG,GAGrC,IAAIquG,GAAoCruG,EAGzD,CACA,SAASmuG,GAAkB38F,GACvB,IAAI88F,EAAoB98F,EAAPM,GACjB,GAAmB,UAAfw8F,EACA,OAAOA,EAEN,QAAa71G,IAAT+Y,EACL,OAAOA,EAGP,MAAM,IAAIu7B,WAAW,4BAE7B,CACA,IAAIwhE,GAAsD,WACtD,SAASA,EAAqCC,GAC1Ch3G,KAAKi3G,uBAAoBh2G,EACzBjB,KAAKk3G,iBAAcj2G,EACnBjB,KAAK89F,+BAA4B78F,EACjCjB,KAAKm3G,kBAAel2G,EACpBjB,KAAKo3G,kBAAoBJ,EAEzBh3G,KAAKq3G,uBA0FT,OAxFAN,EAAqC/1G,UAAU4C,MAAQ,SAAUC,GAC7D7D,KAAK89F,0BAA4Bj6F,GAErCkzG,EAAqC/1G,UAAUyD,OAAS,SAAUvC,GAE9D,OADAijC,QAAkClkC,IAA3BjB,KAAKi3G,mBACLj3G,KAAKi3G,kBAAkBxyG,OAAOvC,IAEzC60G,EAAqC/1G,UAAUq2G,qBAAuB,WAClE,GAAyB,YAArBr3G,KAAKk3G,YAAT,CAGAl3G,KAAKs3G,gBACL,IAAI/xG,EAASvF,KAAKo3G,kBAAkB72G,YACpCP,KAAKk3G,YAAc,UACnBl3G,KAAKu3G,cAAchyG,KAEvBwxG,EAAqC/1G,UAAUu2G,cAAgB,SAAUhyG,GACrE,IAAIiyG,EAAQx3G,KACZmlC,QAAkClkC,IAA3BjB,KAAKi3G,mBACZj3G,KAAKi3G,kBAAoB1xG,EACzB,IAAI1E,EAASb,KAAKi3G,kBAAkBp2G,OAC/BA,GAGLA,EACKe,MAAK,WAAc,OAAO41G,EAAMC,wBAChC71G,MAAK,WACF2D,IAAWiyG,EAAMP,mBACjBO,EAAM1Z,0BAA0B97F,WAErC,SAAUE,GACLqD,IAAWiyG,EAAMP,mBACjBO,EAAM1Z,0BAA0Bx5F,MAAMpC,MAGzC9B,MAAMk3F,KAEfyf,EAAqC/1G,UAAUs2G,cAAgB,gBAC5Br2G,IAA3BjB,KAAKi3G,oBAGTj3G,KAAKi3G,kBAAkBr2G,cACvBZ,KAAKi3G,uBAAoBh2G,EACzBjB,KAAKk3G,iBAAcj2G,IAEvB81G,EAAqC/1G,UAAU02G,uBAAyB,WACpE,IAAIF,EAAQx3G,KACZA,KAAKq3G,uBAEL,IAAIn2G,EAAOlB,KAAKi3G,kBAAkB/1G,OAC7BU,MAAK,SAAUH,GAChB,IAAIoC,EAAa2zG,EAAM1Z,0BACnBr8F,EAAOH,KACPk2G,EAAMG,YAGN9zG,EAAWO,QAAQ3C,EAAOJ,UAIlC,OADArB,KAAK43G,gBAAgB12G,GACdA,GAEX61G,EAAqC/1G,UAAU22G,UAAY,WACvD,IACI33G,KAAK89F,0BAA0B97F,QAEnC,MAAO+qG,MAIXgK,EAAqC/1G,UAAU42G,gBAAkB,SAAUC,GACvE,IACIC,EADAN,EAAQx3G,KAER+3G,EAAa,WACTP,EAAML,eAAiBW,IACvBN,EAAML,kBAAel2G,IAG7BjB,KAAKm3G,aAAeW,EAAcD,EAAYj2G,KAAKm2G,EAAYA,IAEnEhB,EAAqC/1G,UAAUy2G,mBAAqB,WAChE,IAAID,EAAQx3G,KACZ,GAAKA,KAAKm3G,aAAV,CAGA,IAAIa,EAAY,WAAc,OAAOR,EAAMC,sBAC3C,OAAOz3G,KAAKm3G,aAAav1G,KAAKo2G,EAAWA,KAEtCjB,CACX,IACIF,GAAqD,SAAUoB,GAE/D,SAASpB,IACL,OAAkB,OAAXoB,GAAmBA,EAAOp7F,MAAM7c,KAAMu8C,YAAcv8C,KAK/D,OAPAm2G,GAAUU,EAAqCoB,GAI/CpB,EAAoC71G,UAAUuD,KAAO,WACjD,OAAOvE,KAAK03G,0BAETb,CACX,EAAEE,IACF,SAAS/mG,GAAa8hC,GAClB,OAAO,IAAIjvC,WAAWivC,EAAK7tC,OAAQ6tC,EAAK5tC,WAAY4tC,EAAK3tC,WAC7D,CAMA,IAAIyyG,GAAkD,SAAUqB,GAE5D,SAASrB,EAAiCI,GACtC,IAAIQ,EAAQx3G,KACRk4G,EAAezB,GAAmBO,GAGtC,OAFAQ,EAAQS,EAAOn3G,KAAKd,KAAMg3G,IAAqBh3G,MACzCm4G,cAAgBD,EACfV,EAkDX,OAxDArB,GAAUS,EAAkCqB,GAQ5CltG,OAAOM,eAAeurG,EAAiC51G,UAAW,OAAQ,CACtEoK,IAAK,WACD,MAAO,SAEXu6B,YAAY,EACZC,cAAc,IAElBgxE,EAAiC51G,UAAUo3G,kBAAoB,WAC3D,GAAyB,SAArBp4G,KAAKk3G,YAAT,CAGA/xE,GAAOnlC,KAAKm4G,eACZn4G,KAAKs3G,gBACL,IAAI/xG,EAASvF,KAAKo3G,kBAAkB72G,UAAU,CAAEutB,KAAM,SACtD9tB,KAAKk3G,YAAc,OACnBl3G,KAAKu3G,cAAchyG,KAEvBqxG,EAAiC51G,UAAUuD,KAAO,WAC9C,GAAIvE,KAAKm4G,cAAe,CACpB,IAAItX,EAAc7gG,KAAK89F,0BAA0B+C,YACjD,GAAIA,EACA,OAAO7gG,KAAKq4G,qBAAqBxX,GAGzC,OAAO7gG,KAAK03G,0BAEhBd,EAAiC51G,UAAUq3G,qBAAuB,SAAUxX,GACxE,IAAI2W,EAAQx3G,KACZA,KAAKo4G,oBAGL,IAAIn0G,EAAS,IAAIpB,WAAWg+F,EAAY/uD,KAAK3tC,YAEzCjD,EAAOlB,KAAKi3G,kBAAkB/1G,KAAK+C,GAClCrC,MAAK,SAAUH,GAhD5B,IAA6BsgB,EAAMu2F,EAC3BC,EAgDIf,EAAM1Z,0BACFr8F,EAAOH,MACPk2G,EAAMG,YACN9W,EAAYZ,QAAQ,KApDPl+E,EAuDOtgB,EAAOJ,MAvDRi3G,EAuDezX,EAAY/uD,KAtDtDymE,EAAYvoG,GAAa+R,GACf/R,GAAasoG,GACnBh1G,IAAIi1G,EAAW,GAqDX1X,EAAYZ,QAAQx+F,EAAOJ,MAAM8C,gBAIzC,OADAnE,KAAK43G,gBAAgB12G,GACdA,GAEJ01G,CACX,EAAEG,IAYF,SAASyB,GAA2B/vG,GAChC08B,GAAOoxE,GAAiB9tG,IACxB08B,IAA2B,IAApB18B,EAASy+F,QAChB,IAAIxmG,EAAS+H,EAAS9H,YACtB,OAAO,IAAI83G,GAA2B/3G,EAC1C,CACA,IAAI+3G,GAA4C,WAC5C,SAASA,EAA2BC,GAChC,IAAIlB,EAAQx3G,KACZA,KAAK2nG,+BAA4B1mG,EACjCjB,KAAK24G,mBAAgB13G,EACrBjB,KAAKs6F,OAAS,WACdt6F,KAAK26F,kBAAe15F,EACpBjB,KAAK44G,kBAAoBF,EACzB14G,KAAK64G,cAAgB,IAAI54G,SAAQ,SAAUC,EAASC,GAChDq3G,EAAMsB,oBAAsB34G,KAEhCH,KAAK64G,cAAcz4G,MAAMk3F,IAmF7B,OAjFAmhB,EAA2Bz3G,UAAU4C,MAAQ,SAAUC,GACnD,IAAI2zG,EAAQx3G,KACZA,KAAK2nG,0BAA4B9jG,EACjC7D,KAAK44G,kBAAkB/3G,OAClBe,MAAK,WACN41G,EAAMld,OAAS,YAEdl6F,OAAM,SAAU8B,GAAU,OAAOs1G,EAAMuB,gBAAgB72G,OAEhEu2G,EAA2Bz3G,UAAUc,MAAQ,SAAUC,GACnD,IAAIy1G,EAAQx3G,KACRU,EAASV,KAAK44G,kBAElB,GAA2B,OAAvBl4G,EAAO46E,YACP,OAAO56E,EAAOuI,MAElB,IAAIigG,EAAexoG,EAAOoB,MAAMC,GAEhCmnG,EAAa9oG,OAAM,SAAU8B,GAAU,OAAOs1G,EAAMuB,gBAAgB72G,MACpExB,EAAOuI,MAAM7I,OAAM,SAAU8B,GAAU,OAAOs1G,EAAMwB,eAAe92G,MAEnE,IAAIJ,EAAQ7B,QAAQg5G,KAAK,CAAC/P,EAAclpG,KAAK64G,gBAE7C,OADA74G,KAAKk5G,iBAAiBp3G,GACfA,GAEX22G,EAA2Bz3G,UAAUgB,MAAQ,WACzC,IAAIw1G,EAAQx3G,KACZ,YAA2BiB,IAAvBjB,KAAK24G,cACE34G,KAAK44G,kBAAkB52G,QAE3BhC,KAAKm5G,sBAAsBv3G,MAAK,WAAc,OAAO41G,EAAMx1G,YAEtEy2G,EAA2Bz3G,UAAUiB,MAAQ,SAAUC,GACnD,GAAoB,YAAhBlC,KAAKs6F,OAIT,OADat6F,KAAK44G,kBACJ32G,MAAMC,IAExBu2G,EAA2Bz3G,UAAUk4G,iBAAmB,SAAUE,GAC9D,IACIC,EADA7B,EAAQx3G,KAERs5G,EAAc,WACV9B,EAAMmB,gBAAkBU,IACxB7B,EAAMmB,mBAAgB13G,IAG9BjB,KAAK24G,cAAgBU,EAAeD,EAAax3G,KAAK03G,EAAaA,IAEvEb,EAA2Bz3G,UAAUm4G,oBAAsB,WACvD,IAAI3B,EAAQx3G,KACZ,QAA2BiB,IAAvBjB,KAAK24G,cACL,OAAO14G,QAAQC,UAEnB,IAAIq5G,EAAa,WAAc,OAAO/B,EAAM2B,uBAC5C,OAAOn5G,KAAK24G,cAAc/2G,KAAK23G,EAAYA,IAE/Cd,EAA2Bz3G,UAAUg4G,eAAiB,SAAU92G,GAC5D,IAAIs1G,EAAQx3G,KACZ,GAAoB,aAAhBA,KAAKs6F,OAAsC,CAC3Ct6F,KAAKs6F,OAAS,WACdt6F,KAAK26F,aAAez4F,EACpB,IAAIq3G,EAAa,WAAc,OAAO/B,EAAMuB,gBAAgB72G,SACjCjB,IAAvBjB,KAAK24G,cACLY,IAGAv5G,KAAKm5G,sBAAsBv3G,KAAK23G,EAAYA,GAEhDv5G,KAAK2nG,0BAA0BrjG,MAAMpC,KAG7Cu2G,EAA2Bz3G,UAAU+3G,gBAAkB,SAAU72G,GACzC,aAAhBlC,KAAKs6F,QACLt6F,KAAKg5G,eAAe92G,GAEJ,aAAhBlC,KAAKs6F,SACLt6F,KAAKs6F,OAAS,UACdt6F,KAAK84G,oBAAoB94G,KAAK26F,gBAG/B8d,CACX,IAYA,SAASe,GAA0BrxG,GAC/Bg9B,GAAOqxE,GAAkBruG,IACzB,IAAIK,EAAWL,EAAUK,SAAUC,EAAWN,EAAUM,SACxD08B,IAA2B,IAApB38B,EAAS0+F,QAChB/hE,IAA2B,IAApB18B,EAASy+F,QAChB,IACIxmG,EADA6E,EAASiD,EAASjI,YAEtB,IACIG,EAAS+H,EAAS9H,YAEtB,MAAO0D,GAEH,MADAkB,EAAO3E,cACDyD,EAEV,OAAO,IAAIo1G,GAAmCl0G,EAAQ7E,EAC1D,CACA,IAAI+4G,GAAoD,WACpD,SAASA,EAAmCl0G,EAAQ7E,GAChD,IAAI82G,EAAQx3G,KACZA,KAAK+zG,gCAA6B9yG,EAClCjB,KAAK05G,QAAU,SAAUj4G,GACrB,IAAIA,EAAOH,KAIX,OADAk2G,EAAMzD,2BAA2B3vG,QAAQ3C,EAAOJ,OACzCm2G,EAAM1yG,QAAQ5D,OAAOU,KAAK41G,EAAMkC,UAE3C15G,KAAK25G,SAAW,SAAUz3G,GACtBs1G,EAAMoC,aAAa13G,GACnBs1G,EAAMzD,2BAA2BzvG,MAAMpC,GACvCs1G,EAAM1yG,QAAQL,OAAOvC,GAAQ9B,MAAMk3F,IACnCkgB,EAAM9P,QAAQzlG,MAAMC,GAAQ9B,MAAMk3F,KAEtCt3F,KAAK65G,aAAe,WAChBrC,EAAMsC,gBACNtC,EAAMzD,2BAA2BnoG,YACjC,IAAItH,EAAQ,IAAIutB,UAAU,8BAC1B2lF,EAAM9P,QAAQzlG,MAAMqC,GAAOlE,MAAMk3F,KAErCt3F,KAAK8E,QAAUS,EACfvF,KAAK0nG,QAAUhnG,EACfV,KAAK+5G,cAAgB,IAAI95G,SAAQ,SAAUC,EAASC,GAChDq3G,EAAMsC,cAAgB55G,EACtBs3G,EAAMoC,aAAez5G,KAsB7B,OAnBAs5G,EAAmCz4G,UAAU4C,MAAQ,SAAUC,GAC3D7D,KAAK+zG,2BAA6BlwG,EAClC7D,KAAK8E,QAAQ5D,OACRU,KAAK5B,KAAK05G,SACV93G,KAAK5B,KAAK65G,aAAc75G,KAAK25G,UAClC,IAAIK,EAAeh6G,KAAK8E,QAAQjE,OAC5Bm5G,GACAA,EACKp4G,KAAK5B,KAAK65G,aAAc75G,KAAK25G,WAG1CF,EAAmCz4G,UAAUmH,UAAY,SAAUpG,GAC/D,OAAO/B,KAAK0nG,QAAQ5lG,MAAMC,IAE9B03G,EAAmCz4G,UAAUk+D,MAAQ,WACjD,IAAIs4C,EAAQx3G,KACZ,OAAOA,KAAK0nG,QAAQ1lG,QACfJ,MAAK,WAAc,OAAO41G,EAAMuC,kBAElCN,CACX,8EAjaA,SAAqCj0E,GACjCL,GArEJ,SAAqCK,GACjC,QAAK4wE,GAAoB5wE,MAGpB8wE,GAAiB,IAAI9wE,EAI9B,CA6DWy0E,CAA4Bz0E,IACnC,IAAI00E,EAZR,SAA4B10E,GACxB,IAEI,OADA,IAAIA,EAAK,CAAExrB,KAAM,WACV,EAEX,MAAO+yF,GACH,OAAO,EAEf,CAI8BoN,CAAmB30E,GAC7C,OAAO,SAAUh9B,EAAUukG,GACvB,IAAkC/yF,QAAlB,IAAP+yF,EAAgB,GAAKA,GAAc/yF,KAK5C,GAHa,WADbA,EAAO28F,GAAkB38F,KACAkgG,IACrBlgG,OAAO/Y,GAEPuH,EAAS1I,cAAgB0lC,IACZ,UAATxrB,GAAoBy8F,GAAmBjuG,IACvC,OAAOA,EAGf,GAAa,UAATwR,EAAkB,CAClB,IAAI6vE,EAAS6sB,GAA6BluG,EAAU,CAAEwR,KAAMA,IAC5D,OAAO,IAAIwrB,EAAKqkD,GAGZA,EAAS6sB,GAA6BluG,GAC1C,OAAO,IAAIg9B,EAAKqkD,GAG5B,+BA8TA,SAAsCrkD,GAElC,OADAL,GAnXJ,SAAsCK,GAClC,QAAK4wE,GAAoB5wE,MAGpBgxE,GAAkB,IAAIhxE,EAI/B,CA2WW40E,CAA6B50E,IAC7B,SAAUr9B,GACb,GAAIA,EAAUrI,cAAgB0lC,EAC1B,OAAOr9B,EAEX,IAAIkrG,EAAcmG,GAA0BrxG,GAC5C,OAAO,IAAIq9B,EAAK6tE,GAExB,yHA1HA,SAAqC7tE,GAEjC,OADAL,GAvRJ,SAAqCK,GACjC,QAAK4wE,GAAoB5wE,MAGpB+wE,GAAiB,IAAI/wE,EAI9B,CA+QW60E,CAA4B70E,IAC5B,SAAU/8B,GACb,GAAIA,EAAS3I,cAAgB0lC,EACzB,OAAO/8B,EAEX,IAAI6xG,EAAO9B,GAA2B/vG,GACtC,OAAO,IAAI+8B,EAAK80E,GAExB,wBCvXA,SAAWh1E,EAAQ0Y,GAIjB,SAAS7Y,EAAQC,EAAKC,GACpB,IAAKD,EAAK,MAAUliC,MAAMmiC,GAAO,oBAKnC,SAASgB,EAAUb,EAAMC,GACvBD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAAS7kC,UAAYykC,EAAUzkC,UAC/BwkC,EAAKxkC,UAAY,IAAI6kC,EACrBL,EAAKxkC,UAAUlB,YAAc0lC,EAK/B,SAAS6b,EAAIhyC,EAAQ+oD,EAAMnoD,GACzB,GAAIoxC,EAAGk5D,KAAKlrG,GACV,OAAOA,EAGTrP,KAAKw6G,SAAW,EAChBx6G,KAAKy6G,MAAQ,KACbz6G,KAAKoB,OAAS,EAGdpB,KAAK06G,IAAM,KAEI,OAAXrrG,IACW,OAAT+oD,GAA0B,OAATA,IACnBnoD,EAASmoD,EACTA,EAAO,IAGTp4D,KAAK26G,MAAMtrG,GAAU,EAAG+oD,GAAQ,GAAInoD,GAAU,OAYlD,IAAI+O,EATkB,iBAAXsmB,EACTA,EAAO0Y,QAAUqD,EAEjBrD,EAAQqD,GAAKA,EAGfA,EAAGA,GAAKA,EACRA,EAAGu5D,SAAW,GAGd,IACE57F,OAAS,EACT,MAAO3a,IAoIT,SAASw2G,EAAUv+F,EAAK1Y,EAAO2H,GAG7B,IAFA,IAAIoC,EAAI,EACJoC,EAAMrE,KAAKmyC,IAAIvhC,EAAIlb,OAAQmK,GACtBtI,EAAIW,EAAOX,EAAI8M,EAAK9M,IAAK,CAChC,IAAImZ,EAAIE,EAAIE,WAAWvZ,GAAK,GAE5B0K,IAAM,EAIJA,GADEyO,GAAK,IAAMA,GAAK,GACbA,EAAI,GAAK,GAGLA,GAAK,IAAMA,GAAK,GACpBA,EAAI,GAAK,GAIL,GAAJA,EAGT,OAAOzO,EAiCT,SAASmtG,EAAWx+F,EAAK1Y,EAAO2H,EAAK2B,GAGnC,IAFA,IAAIS,EAAI,EACJoC,EAAMrE,KAAKmyC,IAAIvhC,EAAIlb,OAAQmK,GACtBtI,EAAIW,EAAOX,EAAI8M,EAAK9M,IAAK,CAChC,IAAImZ,EAAIE,EAAIE,WAAWvZ,GAAK,GAE5B0K,GAAKT,EAIHS,GADEyO,GAAK,GACFA,EAAI,GAAK,GAGLA,GAAK,GACTA,EAAI,GAAK,GAITA,EAGT,OAAOzO,EA5MT0zC,EAAGk5D,KAAO,SAAetzE,GACvB,OAAIA,aAAeoa,GAIJ,OAARpa,GAA+B,iBAARA,GAC5BA,EAAInnC,YAAY86G,WAAav5D,EAAGu5D,UAAY/6G,MAAMW,QAAQymC,EAAIwzE,QAGlEp5D,EAAG11C,IAAM,SAAcooB,EAAMC,GAC3B,OAAID,EAAKgnF,IAAI/mF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGxD,IAAM,SAAc9pB,EAAMC,GAC3B,OAAID,EAAKgnF,IAAI/mF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGrgD,UAAU25G,MAAQ,SAAetrG,EAAQ+oD,EAAMnoD,GAChD,GAAsB,iBAAXZ,EACT,OAAOrP,KAAKg7G,YAAY3rG,EAAQ+oD,EAAMnoD,GAGxC,GAAsB,iBAAXZ,EACT,OAAOrP,KAAKi7G,WAAW5rG,EAAQ+oD,EAAMnoD,GAG1B,QAATmoD,IACFA,EAAO,IAETjzB,EAAOizB,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,IAGnD,IAAIx0D,EAAQ,EACM,OAFlByL,EAASA,EAAO9C,WAAWqV,QAAQ,OAAQ,KAEhC,IACThe,IAGW,KAATw0D,EACFp4D,KAAKk7G,UAAU7rG,EAAQzL,GAEvB5D,KAAKm7G,WAAW9rG,EAAQ+oD,EAAMx0D,GAGd,MAAdyL,EAAO,KACTrP,KAAKw6G,SAAW,GAGlBx6G,KAAKo7G,QAEU,OAAXnrG,GAEJjQ,KAAKi7G,WAAWj7G,KAAK2nC,UAAWywB,EAAMnoD,IAGxCoxC,EAAGrgD,UAAUg6G,YAAc,SAAsB3rG,EAAQ+oD,EAAMnoD,GACzDZ,EAAS,IACXrP,KAAKw6G,SAAW,EAChBnrG,GAAUA,GAERA,EAAS,UACXrP,KAAKy6G,MAAQ,CAAW,SAATprG,GACfrP,KAAKoB,OAAS,GACLiO,EAAS,kBAClBrP,KAAKy6G,MAAQ,CACF,SAATprG,EACCA,EAAS,SAAa,UAEzBrP,KAAKoB,OAAS,IAEd+jC,EAAO91B,EAAS,kBAChBrP,KAAKy6G,MAAQ,CACF,SAATprG,EACCA,EAAS,SAAa,SACvB,GAEFrP,KAAKoB,OAAS,GAGD,OAAX6O,GAGJjQ,KAAKi7G,WAAWj7G,KAAK2nC,UAAWywB,EAAMnoD,IAGxCoxC,EAAGrgD,UAAUi6G,WAAa,SAAqB5rG,EAAQ+oD,EAAMnoD,GAG3D,GADAk1B,EAAgC,iBAAlB91B,EAAOjO,QACjBiO,EAAOjO,QAAU,EAGnB,OAFApB,KAAKy6G,MAAQ,CAAE,GACfz6G,KAAKoB,OAAS,EACPpB,KAGTA,KAAKoB,OAASsK,KAAKmQ,KAAKxM,EAAOjO,OAAS,GACxCpB,KAAKy6G,MAAY56G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BjD,KAAKy6G,MAAMx3G,GAAK,EAGlB,IAAI0Z,EAAGwa,EACHwE,EAAM,EACV,GAAe,OAAX1rB,EACF,IAAKhN,EAAIoM,EAAOjO,OAAS,EAAGub,EAAI,EAAG1Z,GAAK,EAAGA,GAAK,EAC9Ck0B,EAAI9nB,EAAOpM,GAAMoM,EAAOpM,EAAI,IAAM,EAAMoM,EAAOpM,EAAI,IAAM,GACzDjD,KAAKy6G,MAAM99F,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAKy6G,MAAM99F,EAAI,GAAMwa,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPhf,UAGC,GAAe,OAAX1M,EACT,IAAKhN,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAIoM,EAAOjO,OAAQ6B,GAAK,EACzCk0B,EAAI9nB,EAAOpM,GAAMoM,EAAOpM,EAAI,IAAM,EAAMoM,EAAOpM,EAAI,IAAM,GACzDjD,KAAKy6G,MAAM99F,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAKy6G,MAAM99F,EAAI,GAAMwa,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPhf,KAIN,OAAO3c,KAAKo7G,SA2Bd/5D,EAAGrgD,UAAUk6G,UAAY,SAAoB7rG,EAAQzL,GAEnD5D,KAAKoB,OAASsK,KAAKmQ,MAAMxM,EAAOjO,OAASwC,GAAS,GAClD5D,KAAKy6G,MAAY56G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BjD,KAAKy6G,MAAMx3G,GAAK,EAGlB,IAAI0Z,EAAGwa,EAEHwE,EAAM,EACV,IAAK14B,EAAIoM,EAAOjO,OAAS,EAAGub,EAAI,EAAG1Z,GAAKW,EAAOX,GAAK,EAClDk0B,EAAI0jF,EAASxrG,EAAQpM,EAAGA,EAAI,GAC5BjD,KAAKy6G,MAAM99F,IAAOwa,GAAKwE,EAAO,SAE9B37B,KAAKy6G,MAAM99F,EAAI,IAAMwa,IAAO,GAAKwE,EAAO,SACxCA,GAAO,KACI,KACTA,GAAO,GACPhf,KAGA1Z,EAAI,IAAMW,IACZuzB,EAAI0jF,EAASxrG,EAAQzL,EAAOX,EAAI,GAChCjD,KAAKy6G,MAAM99F,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAKy6G,MAAM99F,EAAI,IAAMwa,IAAO,GAAKwE,EAAO,SAE1C37B,KAAKo7G,SA2BP/5D,EAAGrgD,UAAUm6G,WAAa,SAAqB9rG,EAAQ+oD,EAAMx0D,GAE3D5D,KAAKy6G,MAAQ,CAAE,GACfz6G,KAAKoB,OAAS,EAGd,IAAK,IAAIi6G,EAAU,EAAGC,EAAU,EAAGA,GAAW,SAAWA,GAAWljD,EAClEijD,IAEFA,IACAC,EAAWA,EAAUljD,EAAQ,EAO7B,IALA,IAAImR,EAAQl6D,EAAOjO,OAASwC,EACxB0J,EAAMi8D,EAAQ8xC,EACd9vG,EAAMG,KAAKmyC,IAAI0rB,EAAOA,EAAQj8D,GAAO1J,EAErCwiC,EAAO,EACFnjC,EAAIW,EAAOX,EAAIsI,EAAKtI,GAAKo4G,EAChCj1E,EAAO00E,EAAUzrG,EAAQpM,EAAGA,EAAIo4G,EAASjjD,GAEzCp4D,KAAKu7G,MAAMD,GACPt7G,KAAKy6G,MAAM,GAAKr0E,EAAO,SACzBpmC,KAAKy6G,MAAM,IAAMr0E,EAEjBpmC,KAAKw7G,OAAOp1E,GAIhB,GAAY,IAAR94B,EAAW,CACb,IAAIukC,EAAM,EAGV,IAFAzL,EAAO00E,EAAUzrG,EAAQpM,EAAGoM,EAAOjO,OAAQg3D,GAEtCn1D,EAAI,EAAGA,EAAIqK,EAAKrK,IACnB4uC,GAAOumB,EAGTp4D,KAAKu7G,MAAM1pE,GACP7xC,KAAKy6G,MAAM,GAAKr0E,EAAO,SACzBpmC,KAAKy6G,MAAM,IAAMr0E,EAEjBpmC,KAAKw7G,OAAOp1E,KAKlBib,EAAGrgD,UAAU2pE,KAAO,SAAexZ,GACjCA,EAAKspD,MAAY56G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BkuD,EAAKspD,MAAMx3G,GAAKjD,KAAKy6G,MAAMx3G,GAE7BkuD,EAAK/vD,OAASpB,KAAKoB,OACnB+vD,EAAKqpD,SAAWx6G,KAAKw6G,SACrBrpD,EAAKupD,IAAM16G,KAAK06G,KAGlBr5D,EAAGrgD,UAAUW,MAAQ,WACnB,IAAIgM,EAAI,IAAI0zC,EAAG,MAEf,OADArhD,KAAK2qE,KAAKh9D,GACHA,GAGT0zC,EAAGrgD,UAAUy6G,QAAU,SAAkBz2G,GACvC,KAAOhF,KAAKoB,OAAS4D,GACnBhF,KAAKy6G,MAAMz6G,KAAKoB,UAAY,EAE9B,OAAOpB,MAITqhD,EAAGrgD,UAAUo6G,MAAQ,WACnB,KAAOp7G,KAAKoB,OAAS,GAAqC,IAAhCpB,KAAKy6G,MAAMz6G,KAAKoB,OAAS,IACjDpB,KAAKoB,SAEP,OAAOpB,KAAK07G,aAGdr6D,EAAGrgD,UAAU06G,UAAY,WAKvB,OAHoB,IAAhB17G,KAAKoB,QAAkC,IAAlBpB,KAAKy6G,MAAM,KAClCz6G,KAAKw6G,SAAW,GAEXx6G,MAGTqhD,EAAGrgD,UAAU26G,QAAU,WACrB,OAAQ37G,KAAK06G,IAAM,UAAY,SAAW16G,KAAKuM,SAAS,IAAM,KAiChE,IAAIqvG,EAAQ,CACV,GACA,IACA,KACA,MACA,OACA,QACA,SACA,UACA,WACA,YACA,aACA,cACA,eACA,gBACA,iBACA,kBACA,mBACA,oBACA,qBACA,sBACA,uBACA,wBACA,yBACA,0BACA,2BACA,6BAGEC,EAAa,CACf,EAAG,EACH,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EACvB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAGhBC,EAAa,CACf,EAAG,EACH,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAC5D,SAAU,IAAU,SAAU,SAAU,SAAU,QAAS,SAC3D,SAAU,SAAU,SAAU,SAAU,KAAU,QAAS,QAC3D,QAAS,QAAS,QAAS,SAAU,SAAU,SAAU,SACzD,MAAU,SAAU,SAAU,SAAU,SAAU,SAAU,UAsjB9D,SAASC,EAAYr+D,EAAMzW,EAAK+0E,GAC9BA,EAAIxB,SAAWvzE,EAAIuzE,SAAW98D,EAAK88D,SACnC,IAAIzqG,EAAO2tC,EAAKt8C,OAAS6lC,EAAI7lC,OAAU,EACvC46G,EAAI56G,OAAS2O,EACbA,EAAOA,EAAM,EAAK,EAGlB,IAAI1B,EAAoB,EAAhBqvC,EAAK+8D,MAAM,GACfxsG,EAAmB,EAAfg5B,EAAIwzE,MAAM,GACd9sG,EAAIU,EAAIJ,EAER+3B,EAAS,SAAJr4B,EACLm5B,EAASn5B,EAAI,SAAa,EAC9BquG,EAAIvB,MAAM,GAAKz0E,EAEf,IAAK,IAAI/pB,EAAI,EAAGA,EAAIlM,EAAKkM,IAAK,CAM5B,IAHA,IAAIggG,EAASn1E,IAAU,GACnBo1E,EAAgB,SAARp1E,EACRq1E,EAAOzwG,KAAKmyC,IAAI5hC,EAAGgrB,EAAI7lC,OAAS,GAC3Bub,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAIyhC,EAAKt8C,OAAS,GAAIub,GAAKw/F,EAAMx/F,IAAK,CAC7D,IAAI1Z,EAAKgZ,EAAIU,EAAK,EAIlBs/F,IADAtuG,GAFAU,EAAoB,EAAhBqvC,EAAK+8D,MAAMx3G,KACfgL,EAAmB,EAAfg5B,EAAIwzE,MAAM99F,IACFu/F,GACG,SAAa,EAC5BA,EAAY,SAAJvuG,EAEVquG,EAAIvB,MAAMx+F,GAAa,EAARigG,EACfp1E,EAAiB,EAATm1E,EAQV,OANc,IAAVn1E,EACFk1E,EAAIvB,MAAMx+F,GAAa,EAAR6qB,EAEfk1E,EAAI56G,SAGC46G,EAAIZ,QAzlBb/5D,EAAGrgD,UAAUuL,SAAW,SAAmB6rD,EAAMjnC,GAI/C,IAAI6qF,EACJ,GAHA7qF,EAAoB,EAAVA,GAAe,EAGZ,MAJbinC,EAAOA,GAAQ,KAIa,QAATA,EAAgB,CACjC4jD,EAAM,GAGN,IAFA,IAAIrgF,EAAM,EACNmL,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIk0B,EAAIn3B,KAAKy6G,MAAMx3G,GACfmjC,GAA+B,UAArBjP,GAAKwE,EAAOmL,IAAmBv6B,SAAS,IAGpDyvG,EADY,KADdl1E,EAAS3P,IAAO,GAAKwE,EAAQ,WACV14B,IAAMjD,KAAKoB,OAAS,EAC/Bw6G,EAAM,EAAIx1E,EAAKhlC,QAAUglC,EAAO41E,EAEhC51E,EAAO41E,GAEfrgF,GAAO,IACI,KACTA,GAAO,GACP14B,KAMJ,IAHc,IAAV6jC,IACFk1E,EAAMl1E,EAAMv6B,SAAS,IAAMyvG,GAEtBA,EAAI56G,OAAS+vB,GAAY,GAC9B6qF,EAAM,IAAMA,EAKd,OAHsB,IAAlBh8G,KAAKw6G,WACPwB,EAAM,IAAMA,GAEPA,EAGT,GAAI5jD,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,GAAI,CAElD,IAAIgkD,EAAYP,EAAWzjD,GAEvBikD,EAAYP,EAAW1jD,GAC3B4jD,EAAM,GACN,IAAI5/F,EAAIpc,KAAK2B,QAEb,IADAya,EAAEo+F,SAAW,GACLp+F,EAAE5O,UAAU,CAClB,IAAIG,EAAIyO,EAAEkgG,KAAKD,GAAW9vG,SAAS6rD,GAMjC4jD,GALF5/F,EAAIA,EAAEmgG,MAAMF,IAEL7uG,SAGCG,EAAIquG,EAFJJ,EAAMQ,EAAYzuG,EAAEvM,QAAUuM,EAAIquG,EAQ5C,IAHIh8G,KAAKwN,WACPwuG,EAAM,IAAMA,GAEPA,EAAI56G,OAAS+vB,GAAY,GAC9B6qF,EAAM,IAAMA,EAKd,OAHsB,IAAlBh8G,KAAKw6G,WACPwB,EAAM,IAAMA,GAEPA,EAGT72E,GAAO,EAAO,oCAGhBkc,EAAGrgD,UAAUoO,SAAW,WACtB,IAAI2e,EAAM/tB,KAAKy6G,MAAM,GASrB,OARoB,IAAhBz6G,KAAKoB,OACP2sB,GAAuB,SAAhB/tB,KAAKy6G,MAAM,GACO,IAAhBz6G,KAAKoB,QAAkC,IAAlBpB,KAAKy6G,MAAM,GAEzC1sF,GAAO,iBAAoC,SAAhB/tB,KAAKy6G,MAAM,GAC7Bz6G,KAAKoB,OAAS,GACvB+jC,GAAO,EAAO,8CAEU,IAAlBnlC,KAAKw6G,UAAmBzsF,EAAMA,GAGxCszB,EAAGrgD,UAAUw7G,OAAS,WACpB,OAAOx8G,KAAKuM,SAAS,KAGvB80C,EAAGrgD,UAAUy7G,SAAW,SAAmBxsG,EAAQ7O,GAEjD,OADA+jC,OAAyB,IAAXnmB,GACPhf,KAAKskD,YAAYtlC,EAAQ/O,EAAQ7O,IAG1CigD,EAAGrgD,UAAU2mC,QAAU,SAAkB13B,EAAQ7O,GAC/C,OAAOpB,KAAKskD,YAAYzkD,MAAOoQ,EAAQ7O,IAGzCigD,EAAGrgD,UAAUsjD,YAAc,SAAsBo4D,EAAWzsG,EAAQ7O,GAClE,IAAI+C,EAAanE,KAAKmE,aAClBw4G,EAAYv7G,GAAUsK,KAAKC,IAAI,EAAGxH,GACtCghC,EAAOhhC,GAAcw4G,EAAW,yCAChCx3E,EAAOw3E,EAAY,EAAG,+BAEtB38G,KAAKo7G,QACL,IAGIntG,EAAGhL,EAHH25G,EAA0B,OAAX3sG,EACfd,EAAM,IAAIutG,EAAUC,GAGpBruG,EAAItO,KAAK2B,QACb,GAAKi7G,EAYE,CACL,IAAK35G,EAAI,GAAIqL,EAAEd,SAAUvK,IACvBgL,EAAIK,EAAEuuG,MAAM,KACZvuG,EAAEwuG,OAAO,GAET3tG,EAAIlM,GAAKgL,EAGX,KAAOhL,EAAI05G,EAAW15G,IACpBkM,EAAIlM,GAAK,MArBM,CAEjB,IAAKA,EAAI,EAAGA,EAAI05G,EAAYx4G,EAAYlB,IACtCkM,EAAIlM,GAAK,EAGX,IAAKA,EAAI,GAAIqL,EAAEd,SAAUvK,IACvBgL,EAAIK,EAAEuuG,MAAM,KACZvuG,EAAEwuG,OAAO,GAET3tG,EAAIwtG,EAAY15G,EAAI,GAAKgL,EAe7B,OAAOkB,GAIPkyC,EAAGrgD,UAAU+7G,WADXrxG,KAAKsxG,MACmB,SAAqB7lF,GAC7C,OAAO,GAAKzrB,KAAKsxG,MAAM7lF,IAGC,SAAqBA,GAC7C,IAAIlZ,EAAIkZ,EACJxpB,EAAI,EAiBR,OAhBIsQ,GAAK,OACPtQ,GAAK,GACLsQ,KAAO,IAELA,GAAK,KACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAEFtQ,EAAIsQ,GAIfojC,EAAGrgD,UAAUi8G,UAAY,SAAoB9lF,GAE3C,GAAU,IAANA,EAAS,OAAO,GAEpB,IAAIlZ,EAAIkZ,EACJxpB,EAAI,EAoBR,OAnBqB,IAAZ,KAAJsQ,KACHtQ,GAAK,GACLsQ,KAAO,IAEU,IAAV,IAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,GAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,IACHtQ,IAEKA,GAIT0zC,EAAGrgD,UAAUyO,UAAY,WACvB,IAAI0nB,EAAIn3B,KAAKy6G,MAAMz6G,KAAKoB,OAAS,GAC7B2kC,EAAK/lC,KAAK+8G,WAAW5lF,GACzB,OAA2B,IAAnBn3B,KAAKoB,OAAS,GAAU2kC,GAiBlCsb,EAAGrgD,UAAUk8G,SAAW,WACtB,GAAIl9G,KAAKwN,SAAU,OAAO,EAG1B,IADA,IAAIG,EAAI,EACC1K,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIgL,EAAIjO,KAAKi9G,UAAUj9G,KAAKy6G,MAAMx3G,IAElC,GADA0K,GAAKM,EACK,KAANA,EAAU,MAEhB,OAAON,GAGT0zC,EAAGrgD,UAAUmD,WAAa,WACxB,OAAOuH,KAAKmQ,KAAK7b,KAAKyP,YAAc,IAGtC4xC,EAAGrgD,UAAUm8G,OAAS,SAAiBC,GACrC,OAAsB,IAAlBp9G,KAAKw6G,SACAx6G,KAAKkP,MAAMmuG,MAAMD,GAAOE,MAAM,GAEhCt9G,KAAK2B,SAGd0/C,EAAGrgD,UAAUu8G,SAAW,SAAmBH,GACzC,OAAIp9G,KAAKw9G,MAAMJ,EAAQ,GACdp9G,KAAKy9G,KAAKL,GAAOE,MAAM,GAAGI,OAE5B19G,KAAK2B,SAGd0/C,EAAGrgD,UAAU28G,MAAQ,WACnB,OAAyB,IAAlB39G,KAAKw6G,UAIdn5D,EAAGrgD,UAAU48G,IAAM,WACjB,OAAO59G,KAAK2B,QAAQ+7G,QAGtBr8D,EAAGrgD,UAAU08G,KAAO,WAKlB,OAJK19G,KAAKwN,WACRxN,KAAKw6G,UAAY,GAGZx6G,MAITqhD,EAAGrgD,UAAU68G,KAAO,SAAe52E,GACjC,KAAOjnC,KAAKoB,OAAS6lC,EAAI7lC,QACvBpB,KAAKy6G,MAAMz6G,KAAKoB,UAAY,EAG9B,IAAK,IAAI6B,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAC9BjD,KAAKy6G,MAAMx3G,GAAKjD,KAAKy6G,MAAMx3G,GAAKgkC,EAAIwzE,MAAMx3G,GAG5C,OAAOjD,KAAKo7G,SAGd/5D,EAAGrgD,UAAU88G,IAAM,SAAc72E,GAE/B,OADA9B,EAA0C,IAAlCnlC,KAAKw6G,SAAWvzE,EAAIuzE,WACrBx6G,KAAK69G,KAAK52E,IAInBoa,EAAGrgD,UAAU+/E,GAAK,SAAa95C,GAC7B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQm8G,IAAI72E,GAC/CA,EAAItlC,QAAQm8G,IAAI99G,OAGzBqhD,EAAGrgD,UAAU+8G,IAAM,SAAc92E,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQk8G,KAAK52E,GAChDA,EAAItlC,QAAQk8G,KAAK79G,OAI1BqhD,EAAGrgD,UAAUg9G,MAAQ,SAAgB/2E,GAEnC,IAAIh5B,EAEFA,EADEjO,KAAKoB,OAAS6lC,EAAI7lC,OAChB6lC,EAEAjnC,KAGN,IAAK,IAAIiD,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5BjD,KAAKy6G,MAAMx3G,GAAKjD,KAAKy6G,MAAMx3G,GAAKgkC,EAAIwzE,MAAMx3G,GAK5C,OAFAjD,KAAKoB,OAAS6M,EAAE7M,OAETpB,KAAKo7G,SAGd/5D,EAAGrgD,UAAUi9G,KAAO,SAAeh3E,GAEjC,OADA9B,EAA0C,IAAlCnlC,KAAKw6G,SAAWvzE,EAAIuzE,WACrBx6G,KAAKg+G,MAAM/2E,IAIpBoa,EAAGrgD,UAAU8/E,IAAM,SAAc75C,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQs8G,KAAKh3E,GAChDA,EAAItlC,QAAQs8G,KAAKj+G,OAG1BqhD,EAAGrgD,UAAUk9G,KAAO,SAAej3E,GACjC,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQq8G,MAAM/2E,GACjDA,EAAItlC,QAAQq8G,MAAMh+G,OAI3BqhD,EAAGrgD,UAAUm9G,MAAQ,SAAgBl3E,GAEnC,IAAI54B,EACAJ,EACAjO,KAAKoB,OAAS6lC,EAAI7lC,QACpBiN,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAGN,IAAK,IAAIiD,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5BjD,KAAKy6G,MAAMx3G,GAAKoL,EAAEosG,MAAMx3G,GAAKgL,EAAEwsG,MAAMx3G,GAGvC,GAAIjD,OAASqO,EACX,KAAOpL,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAKy6G,MAAMx3G,GAAKoL,EAAEosG,MAAMx3G,GAM5B,OAFAjD,KAAKoB,OAASiN,EAAEjN,OAETpB,KAAKo7G,SAGd/5D,EAAGrgD,UAAUo9G,KAAO,SAAen3E,GAEjC,OADA9B,EAA0C,IAAlCnlC,KAAKw6G,SAAWvzE,EAAIuzE,WACrBx6G,KAAKm+G,MAAMl3E,IAIpBoa,EAAGrgD,UAAU0yC,IAAM,SAAczM,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQy8G,KAAKn3E,GAChDA,EAAItlC,QAAQy8G,KAAKp+G,OAG1BqhD,EAAGrgD,UAAUq9G,KAAO,SAAep3E,GACjC,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQw8G,MAAMl3E,GACjDA,EAAItlC,QAAQw8G,MAAMn+G,OAI3BqhD,EAAGrgD,UAAUq8G,MAAQ,SAAgBD,GACnCj4E,EAAwB,iBAAVi4E,GAAsBA,GAAS,GAE7C,IAAIkB,EAAsC,EAAxB5yG,KAAKmQ,KAAKuhG,EAAQ,IAChCmB,EAAWnB,EAAQ,GAGvBp9G,KAAKy7G,QAAQ6C,GAETC,EAAW,GACbD,IAIF,IAAK,IAAIr7G,EAAI,EAAGA,EAAIq7G,EAAar7G,IAC/BjD,KAAKy6G,MAAMx3G,GAAsB,UAAhBjD,KAAKy6G,MAAMx3G,GAS9B,OALIs7G,EAAW,IACbv+G,KAAKy6G,MAAMx3G,IAAMjD,KAAKy6G,MAAMx3G,GAAM,UAAc,GAAKs7G,GAIhDv+G,KAAKo7G,SAGd/5D,EAAGrgD,UAAUy8G,KAAO,SAAeL,GACjC,OAAOp9G,KAAK2B,QAAQ07G,MAAMD,IAI5B/7D,EAAGrgD,UAAUw9G,KAAO,SAAeC,EAAKr5E,GACtCD,EAAsB,iBAARs5E,GAAoBA,GAAO,GAEzC,IAAI9iF,EAAO8iF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAUjB,OARAz+G,KAAKy7G,QAAQ9/E,EAAM,GAGjB37B,KAAKy6G,MAAM9+E,GADTyJ,EACgBplC,KAAKy6G,MAAM9+E,GAAQ,GAAK+iF,EAExB1+G,KAAKy6G,MAAM9+E,KAAS,GAAK+iF,GAGtC1+G,KAAKo7G,SAId/5D,EAAGrgD,UAAU6L,KAAO,SAAeo6B,GACjC,IAAIt5B,EAkBAU,EAAGJ,EAfP,GAAsB,IAAlBjO,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,SAI7B,OAHAx6G,KAAKw6G,SAAW,EAChB7sG,EAAI3N,KAAK+M,KAAKk6B,GACdjnC,KAAKw6G,UAAY,EACVx6G,KAAK07G,YAGP,GAAsB,IAAlB17G,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,SAIpC,OAHAvzE,EAAIuzE,SAAW,EACf7sG,EAAI3N,KAAK+M,KAAKk6B,GACdA,EAAIuzE,SAAW,EACR7sG,EAAE+tG,YAKP17G,KAAKoB,OAAS6lC,EAAI7lC,QACpBiN,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAIN,IADA,IAAI8mC,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5B0K,GAAkB,EAAbU,EAAEosG,MAAMx3G,KAAwB,EAAbgL,EAAEwsG,MAAMx3G,IAAU6jC,EAC1C9mC,KAAKy6G,MAAMx3G,GAAS,SAAJ0K,EAChBm5B,EAAQn5B,IAAM,GAEhB,KAAiB,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,OAAQ6B,IAClC0K,GAAkB,EAAbU,EAAEosG,MAAMx3G,IAAU6jC,EACvB9mC,KAAKy6G,MAAMx3G,GAAS,SAAJ0K,EAChBm5B,EAAQn5B,IAAM,GAIhB,GADA3N,KAAKoB,OAASiN,EAAEjN,OACF,IAAV0lC,EACF9mC,KAAKy6G,MAAMz6G,KAAKoB,QAAU0lC,EAC1B9mC,KAAKoB,cAEA,GAAIiN,IAAMrO,KACf,KAAOiD,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAKy6G,MAAMx3G,GAAKoL,EAAEosG,MAAMx3G,GAI5B,OAAOjD,MAITqhD,EAAGrgD,UAAUiF,IAAM,SAAcghC,GAC/B,IAAI93B,EACJ,OAAqB,IAAjB83B,EAAIuzE,UAAoC,IAAlBx6G,KAAKw6G,UAC7BvzE,EAAIuzE,SAAW,EACfrrG,EAAMnP,KAAKgN,IAAIi6B,GACfA,EAAIuzE,UAAY,EACTrrG,GACmB,IAAjB83B,EAAIuzE,UAAoC,IAAlBx6G,KAAKw6G,UACpCx6G,KAAKw6G,SAAW,EAChBrrG,EAAM83B,EAAIj6B,IAAIhN,MACdA,KAAKw6G,SAAW,EACTrrG,GAGLnP,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQkL,KAAKo6B,GAEhDA,EAAItlC,QAAQkL,KAAK7M,OAI1BqhD,EAAGrgD,UAAU+L,KAAO,SAAek6B,GAEjC,GAAqB,IAAjBA,EAAIuzE,SAAgB,CACtBvzE,EAAIuzE,SAAW,EACf,IAAI7sG,EAAI3N,KAAK6M,KAAKo6B,GAElB,OADAA,EAAIuzE,SAAW,EACR7sG,EAAE+tG,YAGJ,GAAsB,IAAlB17G,KAAKw6G,SAId,OAHAx6G,KAAKw6G,SAAW,EAChBx6G,KAAK6M,KAAKo6B,GACVjnC,KAAKw6G,SAAW,EACTx6G,KAAK07G,YAId,IAWIrtG,EAAGJ,EAXH8sG,EAAM/6G,KAAK+6G,IAAI9zE,GAGnB,GAAY,IAAR8zE,EAIF,OAHA/6G,KAAKw6G,SAAW,EAChBx6G,KAAKoB,OAAS,EACdpB,KAAKy6G,MAAM,GAAK,EACTz6G,KAKL+6G,EAAM,GACR1sG,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAIN,IADA,IAAI8mC,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAE5B6jC,GADAn5B,GAAkB,EAAbU,EAAEosG,MAAMx3G,KAAwB,EAAbgL,EAAEwsG,MAAMx3G,IAAU6jC,IAC7B,GACb9mC,KAAKy6G,MAAMx3G,GAAS,SAAJ0K,EAElB,KAAiB,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,OAAQ6B,IAElC6jC,GADAn5B,GAAkB,EAAbU,EAAEosG,MAAMx3G,IAAU6jC,IACV,GACb9mC,KAAKy6G,MAAMx3G,GAAS,SAAJ0K,EAIlB,GAAc,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,QAAUiN,IAAMrO,KACvC,KAAOiD,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAKy6G,MAAMx3G,GAAKoL,EAAEosG,MAAMx3G,GAU5B,OANAjD,KAAKoB,OAASsK,KAAKC,IAAI3L,KAAKoB,OAAQ6B,GAEhCoL,IAAMrO,OACRA,KAAKw6G,SAAW,GAGXx6G,KAAKo7G,SAId/5D,EAAGrgD,UAAUgM,IAAM,SAAci6B,GAC/B,OAAOjnC,KAAK2B,QAAQoL,KAAKk6B,IA+C3B,IAAI03E,EAAc,SAAsBjhE,EAAMzW,EAAK+0E,GACjD,IAIIh2E,EACA44E,EACA74E,EANA13B,EAAIqvC,EAAK+8D,MACTxsG,EAAIg5B,EAAIwzE,MACR7iE,EAAIokE,EAAIvB,MACRr+F,EAAI,EAIJyiG,EAAY,EAAPxwG,EAAE,GACPywG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP3wG,EAAE,GACP4wG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP9wG,EAAE,GACP+wG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPjxG,EAAE,GACPkxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPpxG,EAAE,GACPqxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPvxG,EAAE,GACPwxG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP1xG,EAAE,GACP2xG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP7xG,EAAE,GACP8xG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPhyG,EAAE,GACPiyG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPnyG,EAAE,GACPoyG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACb5mE,EAAY,EAAP3rC,EAAE,GACP0yG,EAAW,KAAL/mE,EACNgnE,EAAMhnE,IAAO,GACbC,EAAY,EAAP5rC,EAAE,GACP4yG,EAAW,KAALhnE,EACNinE,EAAMjnE,IAAO,GACbC,EAAY,EAAP7rC,EAAE,GACP8yG,EAAW,KAALjnE,EACNknE,EAAMlnE,IAAO,GACbC,EAAY,EAAP9rC,EAAE,GACPgzG,EAAW,KAALlnE,EACNmnE,EAAMnnE,IAAO,GACbC,EAAY,EAAP/rC,EAAE,GACPkzG,EAAW,KAALnnE,EACNonE,GAAMpnE,IAAO,GACbC,GAAY,EAAPhsC,EAAE,GACPozG,GAAW,KAALpnE,GACNqnE,GAAMrnE,KAAO,GACbC,GAAY,EAAPjsC,EAAE,GACPszG,GAAW,KAALrnE,GACNsnE,GAAMtnE,KAAO,GACbC,GAAY,EAAPlsC,EAAE,GACPwzG,GAAW,KAALtnE,GACNunE,GAAMvnE,KAAO,GACbC,GAAY,EAAPnsC,EAAE,GACP0zG,GAAW,KAALvnE,GACNwnE,GAAMxnE,KAAO,GACbC,GAAY,EAAPpsC,EAAE,GACP4zG,GAAW,KAALxnE,GACNynE,GAAMznE,KAAO,GAEjB2hE,EAAIxB,SAAW98D,EAAK88D,SAAWvzE,EAAIuzE,SACnCwB,EAAI56G,OAAS,GAMb,IAAIo7B,IAAQpgB,GAJZ4pB,EAAKt6B,KAAKuB,KAAK6xG,EAAK6B,IAIE,KAAa,MAFnC/B,GADAA,EAAMlzG,KAAKuB,KAAK6xG,EAAK8B,IACRl1G,KAAKuB,KAAK8xG,EAAK4B,GAAQ,KAEU,IAAO,EACrDvkG,IAFA2pB,EAAKr6B,KAAKuB,KAAK8xG,EAAK6B,KAEPhC,IAAQ,IAAO,IAAMpiF,KAAO,IAAO,EAChDA,IAAM,SAENwJ,EAAKt6B,KAAKuB,KAAKgyG,EAAK0B,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKgyG,EAAK2B,IACRl1G,KAAKuB,KAAKiyG,EAAKyB,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKiyG,EAAK0B,GAKpB,IAAInkF,IAAQrgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAK+B,GAAQ,GAIZ,KAAa,MAFnCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKgC,GAAQ,GACvBp1G,KAAKuB,KAAK8xG,EAAK8B,GAAQ,KAEU,IAAO,EACrDzkG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAK+B,GAAQ,IAErBlC,IAAQ,IAAO,IAAMniF,KAAO,IAAO,EAChDA,IAAM,SAENuJ,EAAKt6B,KAAKuB,KAAKmyG,EAAKuB,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKmyG,EAAKwB,IACRl1G,KAAKuB,KAAKoyG,EAAKsB,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKoyG,EAAKuB,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAK4B,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAK6B,GAAQ,GACvBp1G,KAAKuB,KAAKiyG,EAAK2B,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAK4B,GAAQ,EAKlC,IAAIpkF,IAAQtgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAKiC,GAAQ,GAIZ,KAAa,MAFnCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKkC,GAAQ,GACvBt1G,KAAKuB,KAAK8xG,EAAKgC,GAAQ,KAEU,IAAO,EACrD3kG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAKiC,GAAQ,IAErBpC,IAAQ,IAAO,IAAMliF,KAAO,IAAO,EAChDA,IAAM,SAENsJ,EAAKt6B,KAAKuB,KAAKsyG,EAAKoB,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKsyG,EAAKqB,IACRl1G,KAAKuB,KAAKuyG,EAAKmB,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKuyG,EAAKoB,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKyB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAK0B,GAAQ,GACvBp1G,KAAKuB,KAAKoyG,EAAKwB,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKyB,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAK8B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAK+B,GAAQ,GACvBt1G,KAAKuB,KAAKiyG,EAAK6B,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAK8B,GAAQ,EAKlC,IAAIrkF,IAAQvgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAKmC,GAAQ,GAIZ,KAAa,MAFnCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKoC,GAAQ,GACvBx1G,KAAKuB,KAAK8xG,EAAKkC,GAAQ,KAEU,IAAO,EACrD7kG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAKmC,GAAQ,IAErBtC,IAAQ,IAAO,IAAMjiF,KAAO,IAAO,EAChDA,IAAM,SAENqJ,EAAKt6B,KAAKuB,KAAKyyG,EAAKiB,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKyyG,EAAKkB,IACRl1G,KAAKuB,KAAK0yG,EAAKgB,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAK0yG,EAAKiB,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKsB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKuB,GAAQ,GACvBp1G,KAAKuB,KAAKuyG,EAAKqB,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKsB,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAK2B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAK4B,GAAQ,GACvBt1G,KAAKuB,KAAKoyG,EAAK0B,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAK2B,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAKgC,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAKiC,GAAQ,GACvBx1G,KAAKuB,KAAKiyG,EAAK+B,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAKgC,GAAQ,EAKlC,IAAItkF,IAAQxgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAKqC,GAAQ,GAIZ,KAAa,MAFnCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKsC,IAAQ,GACvB11G,KAAKuB,KAAK8xG,EAAKoC,GAAQ,KAEU,IAAO,EACrD/kG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAKqC,IAAQ,IAErBxC,IAAQ,IAAO,IAAMhiF,KAAO,IAAO,EAChDA,IAAM,SAENoJ,EAAKt6B,KAAKuB,KAAK4yG,EAAKc,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAK4yG,EAAKe,IACRl1G,KAAKuB,KAAK6yG,EAAKa,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAK6yG,EAAKc,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKmB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKoB,GAAQ,GACvBp1G,KAAKuB,KAAK0yG,EAAKkB,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKmB,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKwB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKyB,GAAQ,GACvBt1G,KAAKuB,KAAKuyG,EAAKuB,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKwB,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAK6B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAK8B,GAAQ,GACvBx1G,KAAKuB,KAAKoyG,EAAK4B,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAK6B,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAKkC,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAKmC,IAAQ,GACvB11G,KAAKuB,KAAKiyG,EAAKiC,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAKkC,IAAQ,EAKlC,IAAIvkF,IAAQzgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAKuC,IAAQ,GAIZ,KAAa,MAFnCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKwC,IAAQ,GACvB51G,KAAKuB,KAAK8xG,EAAKsC,IAAQ,KAEU,IAAO,EACrDjlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAKuC,IAAQ,IAErB1C,IAAQ,IAAO,IAAM/hF,KAAO,IAAO,EAChDA,IAAM,SAENmJ,EAAKt6B,KAAKuB,KAAK+yG,EAAKW,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAK+yG,EAAKY,IACRl1G,KAAKuB,KAAKgzG,EAAKU,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKgzG,EAAKW,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKgB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKiB,GAAQ,GACvBp1G,KAAKuB,KAAK6yG,EAAKe,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKgB,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKqB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKsB,GAAQ,GACvBt1G,KAAKuB,KAAK0yG,EAAKoB,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKqB,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAK0B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAK2B,GAAQ,GACvBx1G,KAAKuB,KAAKuyG,EAAKyB,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAK0B,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAK+B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAKgC,IAAQ,GACvB11G,KAAKuB,KAAKoyG,EAAK8B,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAK+B,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAKoC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAKqC,IAAQ,GACvB51G,KAAKuB,KAAKiyG,EAAKmC,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAKoC,IAAQ,EAKlC,IAAIxkF,IAAQ1gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAKyC,IAAQ,GAIZ,KAAa,MAFnC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAK0C,IAAQ,GACvB91G,KAAKuB,KAAK8xG,EAAKwC,IAAQ,KAEU,IAAO,EACrDnlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAKyC,IAAQ,IAErB5C,IAAQ,IAAO,IAAM9hF,KAAO,IAAO,EAChDA,IAAM,SAENkJ,EAAKt6B,KAAKuB,KAAKkzG,EAAKQ,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKkzG,EAAKS,IACRl1G,KAAKuB,KAAKmzG,EAAKO,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKmzG,EAAKQ,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKa,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKc,GAAQ,GACvBp1G,KAAKuB,KAAKgzG,EAAKY,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKa,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKkB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKmB,GAAQ,GACvBt1G,KAAKuB,KAAK6yG,EAAKiB,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKkB,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKuB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKwB,GAAQ,GACvBx1G,KAAKuB,KAAK0yG,EAAKsB,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKuB,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAK4B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAK6B,IAAQ,GACvB11G,KAAKuB,KAAKuyG,EAAK2B,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAK4B,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKiC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAKkC,IAAQ,GACvB51G,KAAKuB,KAAKoyG,EAAKgC,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKiC,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAKsC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAKuC,IAAQ,GACvB91G,KAAKuB,KAAKiyG,EAAKqC,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAKsC,IAAQ,EAKlC,IAAIzkF,IAAQ3gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAK2C,IAAQ,GAIZ,KAAa,MAFnC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAK4C,IAAQ,GACvBh2G,KAAKuB,KAAK8xG,EAAK0C,IAAQ,KAEU,IAAO,EACrDrlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAK2C,IAAQ,IAErB9C,IAAQ,IAAO,IAAM7hF,KAAO,IAAO,EAChDA,IAAM,SAENiJ,EAAKt6B,KAAKuB,KAAKqzG,EAAKK,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKqzG,EAAKM,IACRl1G,KAAKuB,KAAKszG,EAAKI,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKszG,EAAKK,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKU,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKW,GAAQ,GACvBp1G,KAAKuB,KAAKmzG,EAAKS,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKU,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKe,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKgB,GAAQ,GACvBt1G,KAAKuB,KAAKgzG,EAAKc,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKe,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKoB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKqB,GAAQ,GACvBx1G,KAAKuB,KAAK6yG,EAAKmB,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKoB,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKyB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAK0B,IAAQ,GACvB11G,KAAKuB,KAAK0yG,EAAKwB,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKyB,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAK8B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAK+B,IAAQ,GACvB51G,KAAKuB,KAAKuyG,EAAK6B,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAK8B,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKmC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAKoC,IAAQ,GACvB91G,KAAKuB,KAAKoyG,EAAKkC,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKmC,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAKwC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAKyC,IAAQ,GACvBh2G,KAAKuB,KAAKiyG,EAAKuC,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAKwC,IAAQ,EAKlC,IAAI1kF,IAAQ5gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAK6C,IAAQ,GAIZ,KAAa,MAFnC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAK8C,IAAQ,GACvBl2G,KAAKuB,KAAK8xG,EAAK4C,IAAQ,KAEU,IAAO,EACrDvlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAK6C,IAAQ,IAErBhD,IAAQ,IAAO,IAAM5hF,KAAO,IAAO,EAChDA,IAAM,SAENgJ,EAAKt6B,KAAKuB,KAAKwzG,EAAKE,GAEpB/B,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKG,IACRl1G,KAAKuB,KAAKyzG,EAAKC,GAAQ,EACpC56E,EAAKr6B,KAAKuB,KAAKyzG,EAAKE,GACpB56E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKO,GAAQ,EAElCjC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKQ,GAAQ,GACvBp1G,KAAKuB,KAAKszG,EAAKM,GAAQ,EACpC96E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKO,GAAQ,EAClC96E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKY,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKa,GAAQ,GACvBt1G,KAAKuB,KAAKmzG,EAAKW,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKY,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKiB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKkB,GAAQ,GACvBx1G,KAAKuB,KAAKgzG,EAAKgB,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKiB,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKsB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKuB,IAAQ,GACvB11G,KAAKuB,KAAK6yG,EAAKqB,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKsB,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAK2B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAK4B,IAAQ,GACvB51G,KAAKuB,KAAK0yG,EAAK0B,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAK2B,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKgC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKiC,IAAQ,GACvB91G,KAAKuB,KAAKuyG,EAAK+B,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKgC,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKqC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAKsC,IAAQ,GACvBh2G,KAAKuB,KAAKoyG,EAAKoC,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKqC,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAK0C,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAK2C,IAAQ,GACvBl2G,KAAKuB,KAAKiyG,EAAKyC,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAK0C,IAAQ,EAKlC,IAAI3kF,IAAQ7gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAK6xG,EAAK+C,IAAQ,GAIZ,KAAa,MAFnCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK6xG,EAAKgD,IAAQ,GACvBp2G,KAAKuB,KAAK8xG,EAAK8C,IAAQ,KAEU,IAAO,EACrDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK8xG,EAAK+C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM3hF,KAAO,IAAO,EAChDA,IAAM,SAEN+I,EAAKt6B,KAAKuB,KAAKwzG,EAAKI,GAEpBjC,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKK,IACRp1G,KAAKuB,KAAKyzG,EAAKG,GAAQ,EACpC96E,EAAKr6B,KAAKuB,KAAKyzG,EAAKI,GACpB96E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKS,GAAQ,EAElCnC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKU,GAAQ,GACvBt1G,KAAKuB,KAAKszG,EAAKQ,GAAQ,EACpCh7E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKS,GAAQ,EAClCh7E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKc,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKe,GAAQ,GACvBx1G,KAAKuB,KAAKmzG,EAAKa,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKc,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKmB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKoB,IAAQ,GACvB11G,KAAKuB,KAAKgzG,EAAKkB,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKmB,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKwB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKyB,IAAQ,GACvB51G,KAAKuB,KAAK6yG,EAAKuB,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKwB,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAK6B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAK8B,IAAQ,GACvB91G,KAAKuB,KAAK0yG,EAAK4B,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAK6B,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKkC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKmC,IAAQ,GACvBh2G,KAAKuB,KAAKuyG,EAAKiC,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKkC,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKuC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAKwC,IAAQ,GACvBl2G,KAAKuB,KAAKoyG,EAAKsC,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKuC,IAAQ,EAKlC,IAAI1kF,IAAS9gB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKgyG,EAAK4C,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKgyG,EAAK6C,IAAQ,GACvBp2G,KAAKuB,KAAKiyG,EAAK2C,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKiyG,EAAK4C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM1hF,KAAQ,IAAO,EACjDA,IAAO,SAEP8I,EAAKt6B,KAAKuB,KAAKwzG,EAAKM,GAEpBnC,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKO,IACRt1G,KAAKuB,KAAKyzG,EAAKK,GAAQ,EACpCh7E,EAAKr6B,KAAKuB,KAAKyzG,EAAKM,GACpBh7E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKW,GAAQ,EAElCrC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKY,GAAQ,GACvBx1G,KAAKuB,KAAKszG,EAAKU,GAAQ,EACpCl7E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKW,GAAQ,EAClCl7E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKgB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKiB,IAAQ,GACvB11G,KAAKuB,KAAKmzG,EAAKe,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKgB,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKqB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKsB,IAAQ,GACvB51G,KAAKuB,KAAKgzG,EAAKoB,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKqB,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAK0B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAK2B,IAAQ,GACvB91G,KAAKuB,KAAK6yG,EAAKyB,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAK0B,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAK+B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKgC,IAAQ,GACvBh2G,KAAKuB,KAAK0yG,EAAK8B,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAK+B,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKoC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKqC,IAAQ,GACvBl2G,KAAKuB,KAAKuyG,EAAKmC,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKoC,IAAQ,EAKlC,IAAIzkF,IAAS/gB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKmyG,EAAKyC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKmyG,EAAK0C,IAAQ,GACvBp2G,KAAKuB,KAAKoyG,EAAKwC,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKoyG,EAAKyC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMzhF,KAAQ,IAAO,EACjDA,IAAO,SAEP6I,EAAKt6B,KAAKuB,KAAKwzG,EAAKQ,GAEpBrC,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKS,IACRx1G,KAAKuB,KAAKyzG,EAAKO,GAAQ,EACpCl7E,EAAKr6B,KAAKuB,KAAKyzG,EAAKQ,GACpBl7E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKa,GAAQ,EAElCvC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKc,IAAQ,GACvB11G,KAAKuB,KAAKszG,EAAKY,GAAQ,EACpCp7E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKa,IAAQ,EAClCp7E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKkB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKmB,IAAQ,GACvB51G,KAAKuB,KAAKmzG,EAAKiB,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKkB,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKuB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAKwB,IAAQ,GACvB91G,KAAKuB,KAAKgzG,EAAKsB,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKuB,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAK4B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAK6B,IAAQ,GACvBh2G,KAAKuB,KAAK6yG,EAAK2B,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAK4B,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKiC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKkC,IAAQ,GACvBl2G,KAAKuB,KAAK0yG,EAAKgC,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKiC,IAAQ,EAKlC,IAAIxkF,IAAShhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKsyG,EAAKsC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKsyG,EAAKuC,IAAQ,GACvBp2G,KAAKuB,KAAKuyG,EAAKqC,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKuyG,EAAKsC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMxhF,KAAQ,IAAO,EACjDA,IAAO,SAEP4I,EAAKt6B,KAAKuB,KAAKwzG,EAAKU,GAEpBvC,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKW,KACR11G,KAAKuB,KAAKyzG,EAAKS,GAAQ,EACpCp7E,EAAKr6B,KAAKuB,KAAKyzG,EAAKU,IACpBp7E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKe,IAAQ,EAElCzC,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKgB,IAAQ,GACvB51G,KAAKuB,KAAKszG,EAAKc,IAAQ,EACpCt7E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKe,IAAQ,EAClCt7E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKoB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKqB,IAAQ,GACvB91G,KAAKuB,KAAKmzG,EAAKmB,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKoB,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAKyB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAK0B,IAAQ,GACvBh2G,KAAKuB,KAAKgzG,EAAKwB,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAKyB,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAK8B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAK+B,IAAQ,GACvBl2G,KAAKuB,KAAK6yG,EAAK6B,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAK8B,IAAQ,EAKlC,IAAIvkF,IAASjhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKyyG,EAAKmC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKyyG,EAAKoC,IAAQ,GACvBp2G,KAAKuB,KAAK0yG,EAAKkC,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK0yG,EAAKmC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMvhF,KAAQ,IAAO,EACjDA,IAAO,SAEP2I,EAAKt6B,KAAKuB,KAAKwzG,EAAKY,IAEpBzC,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKa,KACR51G,KAAKuB,KAAKyzG,EAAKW,IAAQ,EACpCt7E,EAAKr6B,KAAKuB,KAAKyzG,EAAKY,IACpBt7E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKiB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKkB,IAAQ,GACvB91G,KAAKuB,KAAKszG,EAAKgB,IAAQ,EACpCx7E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKiB,IAAQ,EAClCx7E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKsB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKuB,IAAQ,GACvBh2G,KAAKuB,KAAKmzG,EAAKqB,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKsB,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAK2B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAK4B,IAAQ,GACvBl2G,KAAKuB,KAAKgzG,EAAK0B,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAK2B,IAAQ,EAKlC,IAAItkF,IAASlhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAK4yG,EAAKgC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK4yG,EAAKiC,IAAQ,GACvBp2G,KAAKuB,KAAK6yG,EAAK+B,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK6yG,EAAKgC,IAAQ,IAErBlD,IAAQ,IAAO,IAAMthF,KAAQ,IAAO,EACjDA,IAAO,SAEP0I,EAAKt6B,KAAKuB,KAAKwzG,EAAKc,IAEpB3C,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKe,KACR91G,KAAKuB,KAAKyzG,EAAKa,IAAQ,EACpCx7E,EAAKr6B,KAAKuB,KAAKyzG,EAAKc,IACpBx7E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKmB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKoB,IAAQ,GACvBh2G,KAAKuB,KAAKszG,EAAKkB,IAAQ,EACpC17E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKmB,IAAQ,EAClC17E,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAKwB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAKyB,IAAQ,GACvBl2G,KAAKuB,KAAKmzG,EAAKuB,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAKwB,IAAQ,EAKlC,IAAIrkF,IAASnhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAK+yG,EAAK6B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAK+yG,EAAK8B,IAAQ,GACvBp2G,KAAKuB,KAAKgzG,EAAK4B,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKgzG,EAAK6B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMrhF,KAAQ,IAAO,EACjDA,IAAO,SAEPyI,EAAKt6B,KAAKuB,KAAKwzG,EAAKgB,IAEpB7C,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKiB,KACRh2G,KAAKuB,KAAKyzG,EAAKe,IAAQ,EACpC17E,EAAKr6B,KAAKuB,KAAKyzG,EAAKgB,IACpB17E,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKqB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKsB,IAAQ,GACvBl2G,KAAKuB,KAAKszG,EAAKoB,IAAQ,EACpC57E,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKqB,IAAQ,EAKlC,IAAIpkF,IAASphB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKkzG,EAAK0B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKkzG,EAAK2B,IAAQ,GACvBp2G,KAAKuB,KAAKmzG,EAAKyB,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKmzG,EAAK0B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMphF,KAAQ,IAAO,EACjDA,IAAO,SAEPwI,EAAKt6B,KAAKuB,KAAKwzG,EAAKkB,IAEpB/C,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKmB,KACRl2G,KAAKuB,KAAKyzG,EAAKiB,IAAQ,EACpC57E,EAAKr6B,KAAKuB,KAAKyzG,EAAKkB,IAKpB,IAAInkF,IAASrhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKqzG,EAAKuB,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMlzG,KAAKuB,KAAKqzG,EAAKwB,IAAQ,GACvBp2G,KAAKuB,KAAKszG,EAAKsB,IAAQ,KAEW,IAAO,EACtDzlG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKszG,EAAKuB,IAAQ,IAErBlD,IAAQ,IAAO,IAAMnhF,KAAQ,IAAO,EACjDA,IAAO,SAMP,IAAIC,IAASthB,GAJb4pB,EAAKt6B,KAAKuB,KAAKwzG,EAAKoB,KAIG,KAAa,MAFpCjD,GADAA,EAAMlzG,KAAKuB,KAAKwzG,EAAKqB,KACRp2G,KAAKuB,KAAKyzG,EAAKmB,IAAQ,KAEW,IAAO,EA0BtD,OAzBAzlG,IAFA2pB,EAAKr6B,KAAKuB,KAAKyzG,EAAKoB,MAEPlD,IAAQ,IAAO,IAAMlhF,KAAQ,IAAO,EACjDA,IAAO,SACPka,EAAE,GAAKpb,GACPob,EAAE,GAAKnb,GACPmb,EAAE,GAAKlb,GACPkb,EAAE,GAAKjb,GACPib,EAAE,GAAKhb,GACPgb,EAAE,GAAK/a,GACP+a,EAAE,GAAK9a,GACP8a,EAAE,GAAK7a,GACP6a,EAAE,GAAK5a,GACP4a,EAAE,GAAK3a,GACP2a,EAAE,IAAM1a,GACR0a,EAAE,IAAMza,GACRya,EAAE,IAAMxa,GACRwa,EAAE,IAAMva,GACRua,EAAE,IAAMta,GACRsa,EAAE,IAAMra,GACRqa,EAAE,IAAMpa,GACRoa,EAAE,IAAMna,GACRma,EAAE,IAAMla,GACE,IAANthB,IACFw7B,EAAE,IAAMx7B,EACR4/F,EAAI56G,UAEC46G,GAiDT,SAAS+F,EAAYrkE,EAAMzW,EAAK+0E,GAE9B,OADW,IAAIgG,GACHC,KAAKvkE,EAAMzW,EAAK+0E,GAsB9B,SAASgG,EAAMl1G,EAAGoB,GAChBlO,KAAK8M,EAAIA,EACT9M,KAAKkO,EAAIA,EAvENxC,KAAKuB,OACR0xG,EAAc5C,GAiDhB16D,EAAGrgD,UAAUkhH,MAAQ,SAAgBj7E,EAAK+0E,GACxC,IAAI7sG,EACAY,EAAM/P,KAAKoB,OAAS6lC,EAAI7lC,OAW5B,OATE+N,EADkB,KAAhBnP,KAAKoB,QAAgC,KAAf6lC,EAAI7lC,OACtBu9G,EAAY3+G,KAAMinC,EAAK+0E,GACpBjsG,EAAM,GACTgsG,EAAW/7G,KAAMinC,EAAK+0E,GACnBjsG,EAAM,KArDnB,SAAmB2tC,EAAMzW,EAAK+0E,GAC5BA,EAAIxB,SAAWvzE,EAAIuzE,SAAW98D,EAAK88D,SACnCwB,EAAI56G,OAASs8C,EAAKt8C,OAAS6lC,EAAI7lC,OAI/B,IAFA,IAAI0lC,EAAQ,EACRq7E,EAAU,EACLlmG,EAAI,EAAGA,EAAI+/F,EAAI56G,OAAS,EAAG6a,IAAK,CAGvC,IAAIggG,EAASkG,EACbA,EAAU,EAGV,IAFA,IAAIjG,EAAgB,SAARp1E,EACRq1E,EAAOzwG,KAAKmyC,IAAI5hC,EAAGgrB,EAAI7lC,OAAS,GAC3Bub,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAIyhC,EAAKt8C,OAAS,GAAIub,GAAKw/F,EAAMx/F,IAAK,CAC7D,IAAI1Z,EAAIgZ,EAAIU,EAGRhP,GAFoB,EAAhB+vC,EAAK+8D,MAAMx3G,KACI,EAAfgkC,EAAIwzE,MAAM99F,IAGdqpB,EAAS,SAAJr4B,EAGTuuG,EAAa,UADbl2E,EAAMA,EAAKk2E,EAAS,GAIpBiG,IAFAlG,GAHAA,EAAUA,GAAWtuG,EAAI,SAAa,GAAM,IAGxBq4B,IAAO,IAAO,KAEZ,GACtBi2E,GAAU,SAEZD,EAAIvB,MAAMx+F,GAAKigG,EACfp1E,EAAQm1E,EACRA,EAASkG,EAQX,OANc,IAAVr7E,EACFk1E,EAAIvB,MAAMx+F,GAAK6qB,EAEfk1E,EAAI56G,SAGC46G,EAAIZ,QAgBHgH,CAASpiH,KAAMinC,EAAK+0E,GAEpB+F,EAAW/hH,KAAMinC,EAAK+0E,GAGvB7sG,GAWT6yG,EAAKhhH,UAAUqhH,QAAU,SAAkBC,GAGzC,IAFA,IAAIrkG,EAAQpe,MAAMyiH,GACd5rF,EAAI2qB,EAAGrgD,UAAU+7G,WAAWuF,GAAK,EAC5Br/G,EAAI,EAAGA,EAAIq/G,EAAGr/G,IACrBgb,EAAEhb,GAAKjD,KAAKuiH,OAAOt/G,EAAGyzB,EAAG4rF,GAG3B,OAAOrkG,GAIT+jG,EAAKhhH,UAAUuhH,OAAS,SAAiBz1G,EAAG4pB,EAAG4rF,GAC7C,GAAU,IAANx1G,GAAWA,IAAMw1G,EAAI,EAAG,OAAOx1G,EAGnC,IADA,IAAI01G,EAAK,EACAv/G,EAAI,EAAGA,EAAIyzB,EAAGzzB,IACrBu/G,IAAW,EAAJ11G,IAAW4pB,EAAIzzB,EAAI,EAC1B6J,IAAM,EAGR,OAAO01G,GAKTR,EAAKhhH,UAAUuvE,QAAU,SAAkBkyC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GACpE,IAAK,IAAIr/G,EAAI,EAAGA,EAAIq/G,EAAGr/G,IACrB2/G,EAAK3/G,GAAKy/G,EAAID,EAAIx/G,IAClB4/G,EAAK5/G,GAAK0/G,EAAIF,EAAIx/G,KAItB++G,EAAKhhH,UAAUmH,UAAY,SAAoBu6G,EAAKC,EAAKC,EAAMC,EAAMP,EAAGG,GACtEziH,KAAKuwE,QAAQkyC,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GAExC,IAAK,IAAIzkG,EAAI,EAAGA,EAAIykG,EAAGzkG,IAAM,EAM3B,IALA,IAAI6Y,EAAI7Y,GAAK,EAETilG,EAAQp3G,KAAKq3G,IAAI,EAAIr3G,KAAKs3G,GAAKtsF,GAC/BusF,EAAQv3G,KAAKw3G,IAAI,EAAIx3G,KAAKs3G,GAAKtsF,GAE1BtE,EAAI,EAAGA,EAAIkwF,EAAGlwF,GAAKsE,EAI1B,IAHA,IAAIysF,EAASL,EACTM,EAASH,EAEJtmG,EAAI,EAAGA,EAAIkB,EAAGlB,IAAK,CAC1B,IAAI0mG,EAAKT,EAAKxwF,EAAIzV,GACd2mG,EAAKT,EAAKzwF,EAAIzV,GAEd4mG,EAAKX,EAAKxwF,EAAIzV,EAAIkB,GAClB2lG,EAAKX,EAAKzwF,EAAIzV,EAAIkB,GAElBhQ,EAAKs1G,EAASI,EAAKH,EAASI,EAEhCA,EAAKL,EAASK,EAAKJ,EAASG,EAC5BA,EAAK11G,EAEL+0G,EAAKxwF,EAAIzV,GAAK0mG,EAAKE,EACnBV,EAAKzwF,EAAIzV,GAAK2mG,EAAKE,EAEnBZ,EAAKxwF,EAAIzV,EAAIkB,GAAKwlG,EAAKE,EACvBV,EAAKzwF,EAAIzV,EAAIkB,GAAKylG,EAAKE,EAGnB7mG,IAAM+Z,IACR7oB,EAAKi1G,EAAQK,EAASF,EAAQG,EAE9BA,EAASN,EAAQM,EAASH,EAAQE,EAClCA,EAASt1G,KAOnBm0G,EAAKhhH,UAAUyiH,YAAc,SAAsBr3G,EAAGgB,GACpD,IAAIk1G,EAAqB,EAAjB52G,KAAKC,IAAIyB,EAAGhB,GAChBs3G,EAAU,EAAJpB,EACNr/G,EAAI,EACR,IAAKq/G,EAAIA,EAAI,EAAI,EAAGA,EAAGA,KAAU,EAC/Br/G,IAGF,OAAO,GAAKA,EAAI,EAAIygH,GAGtB1B,EAAKhhH,UAAU2iH,UAAY,SAAoBjB,EAAKC,EAAKL,GACvD,KAAIA,GAAK,GAET,IAAK,IAAIr/G,EAAI,EAAGA,EAAIq/G,EAAI,EAAGr/G,IAAK,CAC9B,IAAIgb,EAAIykG,EAAIz/G,GAEZy/G,EAAIz/G,GAAKy/G,EAAIJ,EAAIr/G,EAAI,GACrBy/G,EAAIJ,EAAIr/G,EAAI,GAAKgb,EAEjBA,EAAI0kG,EAAI1/G,GAER0/G,EAAI1/G,IAAM0/G,EAAIL,EAAIr/G,EAAI,GACtB0/G,EAAIL,EAAIr/G,EAAI,IAAMgb,IAItB+jG,EAAKhhH,UAAU4iH,aAAe,SAAuBC,EAAIvB,GAEvD,IADA,IAAIx7E,EAAQ,EACH7jC,EAAI,EAAGA,EAAIq/G,EAAI,EAAGr/G,IAAK,CAC9B,IAAIk0B,EAAoC,KAAhCzrB,KAAK4rB,MAAMusF,EAAG,EAAI5gH,EAAI,GAAKq/G,GACjC52G,KAAK4rB,MAAMusF,EAAG,EAAI5gH,GAAKq/G,GACvBx7E,EAEF+8E,EAAG5gH,GAAS,SAAJk0B,EAGN2P,EADE3P,EAAI,SACE,EAEAA,EAAI,SAAY,EAI5B,OAAO0sF,GAGT7B,EAAKhhH,UAAU8iH,WAAa,SAAqBD,EAAI9zG,EAAK2yG,EAAKJ,GAE7D,IADA,IAAIx7E,EAAQ,EACH7jC,EAAI,EAAGA,EAAI8M,EAAK9M,IACvB6jC,GAAyB,EAAR+8E,EAAG5gH,GAEpBy/G,EAAI,EAAIz/G,GAAa,KAAR6jC,EAAgBA,KAAkB,GAC/C47E,EAAI,EAAIz/G,EAAI,GAAa,KAAR6jC,EAAgBA,KAAkB,GAIrD,IAAK7jC,EAAI,EAAI8M,EAAK9M,EAAIq/G,IAAKr/G,EACzBy/G,EAAIz/G,GAAK,EAGXkiC,EAAiB,IAAV2B,GACP3B,EAA6B,KAAb,KAAR2B,KAGVk7E,EAAKhhH,UAAU+iH,KAAO,SAAezB,GAEnC,IADA,IAAI0B,EAASnkH,MAAMyiH,GACVr/G,EAAI,EAAGA,EAAIq/G,EAAGr/G,IACrB+gH,EAAG/gH,GAAK,EAGV,OAAO+gH,GAGThC,EAAKhhH,UAAUihH,KAAO,SAAen1G,EAAGoB,EAAG8tG,GACzC,IAAIsG,EAAI,EAAItiH,KAAKyjH,YAAY32G,EAAE1L,OAAQ8M,EAAE9M,QAErCqhH,EAAMziH,KAAKqiH,QAAQC,GAEnBj+D,EAAIrkD,KAAK+jH,KAAKzB,GAEdI,EAAU7iH,MAAMyiH,GAChB2B,EAAWpkH,MAAMyiH,GACjB4B,EAAWrkH,MAAMyiH,GAEjB6B,EAAWtkH,MAAMyiH,GACjB8B,EAAYvkH,MAAMyiH,GAClB+B,EAAYxkH,MAAMyiH,GAElBgC,EAAOtI,EAAIvB,MACf6J,EAAKljH,OAASkhH,EAEdtiH,KAAK8jH,WAAWh3G,EAAE2tG,MAAO3tG,EAAE1L,OAAQshH,EAAKJ,GACxCtiH,KAAK8jH,WAAW51G,EAAEusG,MAAOvsG,EAAE9M,OAAQ+iH,EAAM7B,GAEzCtiH,KAAKmI,UAAUu6G,EAAKr+D,EAAG4/D,EAAMC,EAAM5B,EAAGG,GACtCziH,KAAKmI,UAAUg8G,EAAM9/D,EAAG+/D,EAAOC,EAAO/B,EAAGG,GAEzC,IAAK,IAAIx/G,EAAI,EAAGA,EAAIq/G,EAAGr/G,IAAK,CAC1B,IAAI4K,EAAKo2G,EAAKhhH,GAAKmhH,EAAMnhH,GAAKihH,EAAKjhH,GAAKohH,EAAMphH,GAC9CihH,EAAKjhH,GAAKghH,EAAKhhH,GAAKohH,EAAMphH,GAAKihH,EAAKjhH,GAAKmhH,EAAMnhH,GAC/CghH,EAAKhhH,GAAK4K,EAUZ,OAPA7N,KAAK2jH,UAAUM,EAAMC,EAAM5B,GAC3BtiH,KAAKmI,UAAU87G,EAAMC,EAAMI,EAAMjgE,EAAGi+D,EAAGG,GACvCziH,KAAK2jH,UAAUW,EAAMjgE,EAAGi+D,GACxBtiH,KAAK4jH,aAAaU,EAAMhC,GAExBtG,EAAIxB,SAAW1tG,EAAE0tG,SAAWtsG,EAAEssG,SAC9BwB,EAAI56G,OAAS0L,EAAE1L,OAAS8M,EAAE9M,OACnB46G,EAAIZ,SAIb/5D,EAAGrgD,UAAUkM,IAAM,SAAc+5B,GAC/B,IAAI+0E,EAAM,IAAI36D,EAAG,MAEjB,OADA26D,EAAIvB,MAAY56G,MAAMG,KAAKoB,OAAS6lC,EAAI7lC,QACjCpB,KAAKkiH,MAAMj7E,EAAK+0E,IAIzB36D,EAAGrgD,UAAUujH,KAAO,SAAet9E,GACjC,IAAI+0E,EAAM,IAAI36D,EAAG,MAEjB,OADA26D,EAAIvB,MAAY56G,MAAMG,KAAKoB,OAAS6lC,EAAI7lC,QACjC2gH,EAAW/hH,KAAMinC,EAAK+0E,IAI/B36D,EAAGrgD,UAAUiM,KAAO,SAAeg6B,GACjC,OAAOjnC,KAAK2B,QAAQugH,MAAMj7E,EAAKjnC,OAGjCqhD,EAAGrgD,UAAUu6G,MAAQ,SAAgBt0E,GACnC9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UAIb,IADA,IAAIH,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIk0B,GAAqB,EAAhBn3B,KAAKy6G,MAAMx3G,IAAUgkC,EAC1BjB,GAAU,SAAJ7O,IAA0B,SAAR2P,GAC5BA,IAAU,GACVA,GAAU3P,EAAI,SAAa,EAE3B2P,GAASd,IAAO,GAChBhmC,KAAKy6G,MAAMx3G,GAAU,SAAL+iC,EAQlB,OALc,IAAVc,IACF9mC,KAAKy6G,MAAMx3G,GAAK6jC,EAChB9mC,KAAKoB,UAGApB,MAGTqhD,EAAGrgD,UAAUwjH,KAAO,SAAev9E,GACjC,OAAOjnC,KAAK2B,QAAQ45G,MAAMt0E,IAI5Boa,EAAGrgD,UAAUyjH,IAAM,WACjB,OAAOzkH,KAAKkN,IAAIlN,OAIlBqhD,EAAGrgD,UAAU0jH,KAAO,WAClB,OAAO1kH,KAAKiN,KAAKjN,KAAK2B,UAIxB0/C,EAAGrgD,UAAU6wC,IAAM,SAAc5K,GAC/B,IAAI9P,EAxxCN,SAAqB8P,GAGnB,IAFA,IAAI9P,EAAQt3B,MAAMonC,EAAIx3B,aAEbgvG,EAAM,EAAGA,EAAMtnF,EAAE/1B,OAAQq9G,IAAO,CACvC,IAAI9iF,EAAO8iF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAEjBtnF,EAAEsnF,IAAQx3E,EAAIwzE,MAAM9+E,GAAQ,GAAK+iF,KAAWA,EAG9C,OAAOvnF,EA8wCCwtF,CAAW19E,GACnB,GAAiB,IAAb9P,EAAE/1B,OAAc,OAAO,IAAIigD,EAAG,GAIlC,IADA,IAAIlyC,EAAMnP,KACDiD,EAAI,EAAGA,EAAIk0B,EAAE/1B,QACP,IAAT+1B,EAAEl0B,GADsBA,IAAKkM,EAAMA,EAAIs1G,OAI7C,KAAMxhH,EAAIk0B,EAAE/1B,OACV,IAAK,IAAIkN,EAAIa,EAAIs1G,MAAOxhH,EAAIk0B,EAAE/1B,OAAQ6B,IAAKqL,EAAIA,EAAEm2G,MAClC,IAATttF,EAAEl0B,KAENkM,EAAMA,EAAIjC,IAAIoB,IAIlB,OAAOa,GAITkyC,EAAGrgD,UAAU4jH,OAAS,SAAiBrmG,GACrC4mB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAC3C,IAGItb,EAHA0K,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GACjBk3G,EAAa,WAAe,GAAKl3G,GAAQ,GAAKA,EAGlD,GAAU,IAANA,EAAS,CACX,IAAIm5B,EAAQ,EAEZ,IAAK7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CAChC,IAAI6hH,EAAW9kH,KAAKy6G,MAAMx3G,GAAK4hH,EAC3BzoG,GAAsB,EAAhBpc,KAAKy6G,MAAMx3G,IAAU6hH,GAAan3G,EAC5C3N,KAAKy6G,MAAMx3G,GAAKmZ,EAAI0qB,EACpBA,EAAQg+E,IAAc,GAAKn3G,EAGzBm5B,IACF9mC,KAAKy6G,MAAMx3G,GAAK6jC,EAChB9mC,KAAKoB,UAIT,GAAU,IAANyc,EAAS,CACX,IAAK5a,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAChCjD,KAAKy6G,MAAMx3G,EAAI4a,GAAK7d,KAAKy6G,MAAMx3G,GAGjC,IAAKA,EAAI,EAAGA,EAAI4a,EAAG5a,IACjBjD,KAAKy6G,MAAMx3G,GAAK,EAGlBjD,KAAKoB,QAAUyc,EAGjB,OAAO7d,KAAKo7G,SAGd/5D,EAAGrgD,UAAU+jH,MAAQ,SAAgBxmG,GAGnC,OADA4mB,EAAyB,IAAlBnlC,KAAKw6G,UACLx6G,KAAK4kH,OAAOrmG,IAMrB8iC,EAAGrgD,UAAU87G,OAAS,SAAiBv+F,EAAMymG,EAAMC,GAEjD,IAAI9oG,EADJgpB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAGzCpC,EADE6oG,GACGA,EAAQA,EAAO,IAAO,GAEvB,EAGN,IAAIr3G,EAAI4Q,EAAO,GACXV,EAAInS,KAAKmyC,KAAKt/B,EAAO5Q,GAAK,GAAI3N,KAAKoB,QACnCwwC,EAAO,SAAc,WAAcjkC,GAAMA,EACzCu3G,EAAcD,EAMlB,GAHA9oG,EAAIzQ,KAAKC,IAAI,EADbwQ,GAAK0B,GAIDqnG,EAAa,CACf,IAAK,IAAIjiH,EAAI,EAAGA,EAAI4a,EAAG5a,IACrBiiH,EAAYzK,MAAMx3G,GAAKjD,KAAKy6G,MAAMx3G,GAEpCiiH,EAAY9jH,OAASyc,EAGvB,GAAU,IAANA,QAEG,GAAI7d,KAAKoB,OAASyc,EAEvB,IADA7d,KAAKoB,QAAUyc,EACV5a,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3BjD,KAAKy6G,MAAMx3G,GAAKjD,KAAKy6G,MAAMx3G,EAAI4a,QAGjC7d,KAAKy6G,MAAM,GAAK,EAChBz6G,KAAKoB,OAAS,EAGhB,IAAI0lC,EAAQ,EACZ,IAAK7jC,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,IAAgB,IAAV6jC,GAAe7jC,GAAKkZ,GAAIlZ,IAAK,CAChE,IAAImjC,EAAuB,EAAhBpmC,KAAKy6G,MAAMx3G,GACtBjD,KAAKy6G,MAAMx3G,GAAM6jC,GAAU,GAAKn5B,EAAOy4B,IAASz4B,EAChDm5B,EAAQV,EAAOwL,EAajB,OATIszE,GAAyB,IAAVp+E,IACjBo+E,EAAYzK,MAAMyK,EAAY9jH,UAAY0lC,GAGxB,IAAhB9mC,KAAKoB,SACPpB,KAAKy6G,MAAM,GAAK,EAChBz6G,KAAKoB,OAAS,GAGTpB,KAAKo7G,SAGd/5D,EAAGrgD,UAAUmkH,MAAQ,SAAgB5mG,EAAMymG,EAAMC,GAG/C,OADA9/E,EAAyB,IAAlBnlC,KAAKw6G,UACLx6G,KAAK88G,OAAOv+F,EAAMymG,EAAMC,IAIjC5jE,EAAGrgD,UAAUokH,KAAO,SAAe7mG,GACjC,OAAOve,KAAK2B,QAAQojH,MAAMxmG,IAG5B8iC,EAAGrgD,UAAUqkH,MAAQ,SAAgB9mG,GACnC,OAAOve,KAAK2B,QAAQijH,OAAOrmG,IAI7B8iC,EAAGrgD,UAAUskH,KAAO,SAAe/mG,GACjC,OAAOve,KAAK2B,QAAQwjH,MAAM5mG,IAG5B8iC,EAAGrgD,UAAUukH,MAAQ,SAAgBhnG,GACnC,OAAOve,KAAK2B,QAAQm7G,OAAOv+F,IAI7B8iC,EAAGrgD,UAAUw8G,MAAQ,SAAgBiB,GACnCt5E,EAAsB,iBAARs5E,GAAoBA,GAAO,GACzC,IAAI9wG,EAAI8wG,EAAM,GACV5gG,GAAK4gG,EAAM9wG,GAAK,GAChBW,EAAI,GAAKX,EAGb,QAAI3N,KAAKoB,QAAUyc,OAGX7d,KAAKy6G,MAAM58F,GAELvP,IAIhB+yC,EAAGrgD,UAAUwkH,OAAS,SAAiBjnG,GACrC4mB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAC3C,IAAI5Q,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GAIrB,GAFAw3B,EAAyB,IAAlBnlC,KAAKw6G,SAAgB,2CAExBx6G,KAAKoB,QAAUyc,EACjB,OAAO7d,KAQT,GALU,IAAN2N,GACFkQ,IAEF7d,KAAKoB,OAASsK,KAAKmyC,IAAIhgC,EAAG7d,KAAKoB,QAErB,IAANuM,EAAS,CACX,IAAIikC,EAAO,SAAc,WAAcjkC,GAAMA,EAC7C3N,KAAKy6G,MAAMz6G,KAAKoB,OAAS,IAAMwwC,EAGjC,OAAO5xC,KAAKo7G,SAId/5D,EAAGrgD,UAAUykH,MAAQ,SAAgBlnG,GACnC,OAAOve,KAAK2B,QAAQ6jH,OAAOjnG,IAI7B8iC,EAAGrgD,UAAUs8G,MAAQ,SAAgBr2E,GAGnC,OAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAUjnC,KAAK0lH,OAAOz+E,GAGV,IAAlBjnC,KAAKw6G,SACa,IAAhBx6G,KAAKoB,SAAiC,EAAhBpB,KAAKy6G,MAAM,IAAUxzE,GAC7CjnC,KAAKy6G,MAAM,GAAKxzE,GAAuB,EAAhBjnC,KAAKy6G,MAAM,IAClCz6G,KAAKw6G,SAAW,EACTx6G,OAGTA,KAAKw6G,SAAW,EAChBx6G,KAAK0lH,MAAMz+E,GACXjnC,KAAKw6G,SAAW,EACTx6G,MAIFA,KAAKw7G,OAAOv0E,IAGrBoa,EAAGrgD,UAAUw6G,OAAS,SAAiBv0E,GACrCjnC,KAAKy6G,MAAM,IAAMxzE,EAGjB,IAAK,IAAIhkC,EAAI,EAAGA,EAAIjD,KAAKoB,QAAUpB,KAAKy6G,MAAMx3G,IAAM,SAAWA,IAC7DjD,KAAKy6G,MAAMx3G,IAAM,SACbA,IAAMjD,KAAKoB,OAAS,EACtBpB,KAAKy6G,MAAMx3G,EAAI,GAAK,EAEpBjD,KAAKy6G,MAAMx3G,EAAI,KAKnB,OAFAjD,KAAKoB,OAASsK,KAAKC,IAAI3L,KAAKoB,OAAQ6B,EAAI,GAEjCjD,MAITqhD,EAAGrgD,UAAU0kH,MAAQ,SAAgBz+E,GAGnC,GAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAG,OAAOjnC,KAAKs9G,OAAOr2E,GAEhC,GAAsB,IAAlBjnC,KAAKw6G,SAIP,OAHAx6G,KAAKw6G,SAAW,EAChBx6G,KAAKs9G,MAAMr2E,GACXjnC,KAAKw6G,SAAW,EACTx6G,KAKT,GAFAA,KAAKy6G,MAAM,IAAMxzE,EAEG,IAAhBjnC,KAAKoB,QAAgBpB,KAAKy6G,MAAM,GAAK,EACvCz6G,KAAKy6G,MAAM,IAAMz6G,KAAKy6G,MAAM,GAC5Bz6G,KAAKw6G,SAAW,OAGhB,IAAK,IAAIv3G,EAAI,EAAGA,EAAIjD,KAAKoB,QAAUpB,KAAKy6G,MAAMx3G,GAAK,EAAGA,IACpDjD,KAAKy6G,MAAMx3G,IAAM,SACjBjD,KAAKy6G,MAAMx3G,EAAI,IAAM,EAIzB,OAAOjD,KAAKo7G,SAGd/5D,EAAGrgD,UAAU2kH,KAAO,SAAe1+E,GACjC,OAAOjnC,KAAK2B,QAAQ27G,MAAMr2E,IAG5Boa,EAAGrgD,UAAUygD,KAAO,SAAexa,GACjC,OAAOjnC,KAAK2B,QAAQ+jH,MAAMz+E,IAG5Boa,EAAGrgD,UAAU4kH,KAAO,WAGlB,OAFA5lH,KAAKw6G,SAAW,EAETx6G,MAGTqhD,EAAGrgD,UAAUkO,IAAM,WACjB,OAAOlP,KAAK2B,QAAQikH,QAGtBvkE,EAAGrgD,UAAU6kH,aAAe,SAAuB5+E,EAAK/5B,EAAKhH,GAC3D,IACIjD,EAIAk0B,EALApnB,EAAMk3B,EAAI7lC,OAAS8E,EAGvBlG,KAAKy7G,QAAQ1rG,GAGb,IAAI+2B,EAAQ,EACZ,IAAK7jC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CAC/Bk0B,GAA6B,EAAxBn3B,KAAKy6G,MAAMx3G,EAAIiD,IAAc4gC,EAClC,IAAI9S,GAAwB,EAAfiT,EAAIwzE,MAAMx3G,IAAUiK,EAEjC45B,IADA3P,GAAa,SAARnD,IACS,KAAQA,EAAQ,SAAa,GAC3Ch0B,KAAKy6G,MAAMx3G,EAAIiD,GAAa,SAAJixB,EAE1B,KAAOl0B,EAAIjD,KAAKoB,OAAS8E,EAAOjD,IAE9B6jC,GADA3P,GAA6B,EAAxBn3B,KAAKy6G,MAAMx3G,EAAIiD,IAAc4gC,IACrB,GACb9mC,KAAKy6G,MAAMx3G,EAAIiD,GAAa,SAAJixB,EAG1B,GAAc,IAAV2P,EAAa,OAAO9mC,KAAKo7G,QAK7B,IAFAj2E,GAAkB,IAAX2B,GACPA,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAE3B6jC,GADA3P,IAAsB,EAAhBn3B,KAAKy6G,MAAMx3G,IAAU6jC,IACd,GACb9mC,KAAKy6G,MAAMx3G,GAAS,SAAJk0B,EAIlB,OAFAn3B,KAAKw6G,SAAW,EAETx6G,KAAKo7G,SAGd/5D,EAAGrgD,UAAU8kH,SAAW,SAAmB7+E,EAAKnZ,GAC9C,IAAI5nB,GAAQlG,KAAKoB,OAAS6lC,EAAI7lC,QAE1BiN,EAAIrO,KAAK2B,QACTsM,EAAIg5B,EAGJ8+E,EAA8B,EAAxB93G,EAAEwsG,MAAMxsG,EAAE7M,OAAS,GAGf,KADd8E,EAAQ,GADMlG,KAAK+8G,WAAWgJ,MAG5B93G,EAAIA,EAAEo3G,MAAMn/G,GACZmI,EAAEu2G,OAAO1+G,GACT6/G,EAA8B,EAAxB93G,EAAEwsG,MAAMxsG,EAAE7M,OAAS,IAI3B,IACIkN,EADAlB,EAAIiB,EAAEjN,OAAS6M,EAAE7M,OAGrB,GAAa,QAAT0sB,EAAgB,EAClBxf,EAAI,IAAI+yC,EAAG,OACTjgD,OAASgM,EAAI,EACfkB,EAAEmsG,MAAY56G,MAAMyO,EAAElN,QACtB,IAAK,IAAI6B,EAAI,EAAGA,EAAIqL,EAAElN,OAAQ6B,IAC5BqL,EAAEmsG,MAAMx3G,GAAK,EAIjB,IAAI+iH,EAAO33G,EAAE1M,QAAQkkH,aAAa53G,EAAG,EAAGb,GAClB,IAAlB44G,EAAKxL,WACPnsG,EAAI23G,EACA13G,IACFA,EAAEmsG,MAAMrtG,GAAK,IAIjB,IAAK,IAAIuP,EAAIvP,EAAI,EAAGuP,GAAK,EAAGA,IAAK,CAC/B,IAAIspG,EAAmC,UAAL,EAAxB53G,EAAEosG,MAAMxsG,EAAE7M,OAASub,KACE,EAA5BtO,EAAEosG,MAAMxsG,EAAE7M,OAASub,EAAI,IAO1B,IAHAspG,EAAKv6G,KAAKmyC,IAAKooE,EAAKF,EAAO,EAAG,UAE9B13G,EAAEw3G,aAAa53G,EAAGg4G,EAAItpG,GACA,IAAftO,EAAEmsG,UACPyL,IACA53G,EAAEmsG,SAAW,EACbnsG,EAAEw3G,aAAa53G,EAAG,EAAG0O,GAChBtO,EAAEb,WACLa,EAAEmsG,UAAY,GAGdlsG,IACFA,EAAEmsG,MAAM99F,GAAKspG,GAajB,OAVI33G,GACFA,EAAE8sG,QAEJ/sG,EAAE+sG,QAGW,QAATttF,GAA4B,IAAV5nB,GACpBmI,EAAEyuG,OAAO52G,GAGJ,CACLggH,IAAK53G,GAAK,KACVhB,IAAKe,IAQTgzC,EAAGrgD,UAAUmlH,OAAS,SAAiBl/E,EAAKnZ,EAAMs4F,GAGhD,OAFAjhF,GAAQ8B,EAAIz5B,UAERxN,KAAKwN,SACA,CACL04G,IAAK,IAAI7kE,EAAG,GACZ/zC,IAAK,IAAI+zC,EAAG,IAKM,IAAlBrhD,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,UAC7BrrG,EAAMnP,KAAK49G,MAAMuI,OAAOl/E,EAAKnZ,GAEhB,QAATA,IACFo4F,EAAM/2G,EAAI+2G,IAAItI,OAGH,QAAT9vF,IACFxgB,EAAM6B,EAAI7B,IAAIswG,MACVwI,GAA6B,IAAjB94G,EAAIktG,UAClBltG,EAAIT,KAAKo6B,IAIN,CACLi/E,IAAKA,EACL54G,IAAKA,IAIa,IAAlBtN,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,UAC7BrrG,EAAMnP,KAAKmmH,OAAOl/E,EAAI22E,MAAO9vF,GAEhB,QAATA,IACFo4F,EAAM/2G,EAAI+2G,IAAItI,OAGT,CACLsI,IAAKA,EACL54G,IAAK6B,EAAI7B,MAI0B,IAAlCtN,KAAKw6G,SAAWvzE,EAAIuzE,WACvBrrG,EAAMnP,KAAK49G,MAAMuI,OAAOl/E,EAAI22E,MAAO9vF,GAEtB,QAATA,IACFxgB,EAAM6B,EAAI7B,IAAIswG,MACVwI,GAA6B,IAAjB94G,EAAIktG,UAClBltG,EAAIP,KAAKk6B,IAIN,CACLi/E,IAAK/2G,EAAI+2G,IACT54G,IAAKA,IAOL25B,EAAI7lC,OAASpB,KAAKoB,QAAUpB,KAAK+6G,IAAI9zE,GAAO,EACvC,CACLi/E,IAAK,IAAI7kE,EAAG,GACZ/zC,IAAKtN,MAKU,IAAfinC,EAAI7lC,OACO,QAAT0sB,EACK,CACLo4F,IAAKlmH,KAAKqmH,KAAKp/E,EAAIwzE,MAAM,IACzBntG,IAAK,MAII,QAATwgB,EACK,CACLo4F,IAAK,KACL54G,IAAK,IAAI+zC,EAAGrhD,KAAKs8G,KAAKr1E,EAAIwzE,MAAM,MAI7B,CACLyL,IAAKlmH,KAAKqmH,KAAKp/E,EAAIwzE,MAAM,IACzBntG,IAAK,IAAI+zC,EAAGrhD,KAAKs8G,KAAKr1E,EAAIwzE,MAAM,MAI7Bz6G,KAAK8lH,SAAS7+E,EAAKnZ,GAlF1B,IAAIo4F,EAAK54G,EAAK6B,GAsFhBkyC,EAAGrgD,UAAUklH,IAAM,SAAcj/E,GAC/B,OAAOjnC,KAAKmmH,OAAOl/E,EAAK,OAAO,GAAOi/E,KAIxC7kE,EAAGrgD,UAAUsM,IAAM,SAAc25B,GAC/B,OAAOjnC,KAAKmmH,OAAOl/E,EAAK,OAAO,GAAO35B,KAGxC+zC,EAAGrgD,UAAUslH,KAAO,SAAer/E,GACjC,OAAOjnC,KAAKmmH,OAAOl/E,EAAK,OAAO,GAAM35B,KAIvC+zC,EAAGrgD,UAAUulH,SAAW,SAAmBt/E,GACzC,IAAIu/E,EAAKxmH,KAAKmmH,OAAOl/E,GAGrB,GAAIu/E,EAAGl5G,IAAIE,SAAU,OAAOg5G,EAAGN,IAE/B,IAAI54G,EAA0B,IAApBk5G,EAAGN,IAAI1L,SAAiBgM,EAAGl5G,IAAIP,KAAKk6B,GAAOu/E,EAAGl5G,IAEpD+pB,EAAO4P,EAAIs+E,MAAM,GACjBkB,EAAKx/E,EAAI41E,MAAM,GACf9B,EAAMztG,EAAIytG,IAAI1jF,GAGlB,OAAI0jF,EAAM,GAAY,IAAP0L,GAAoB,IAAR1L,EAAkByL,EAAGN,IAGrB,IAApBM,EAAGN,IAAI1L,SAAiBgM,EAAGN,IAAIR,MAAM,GAAKc,EAAGN,IAAI5I,MAAM,IAGhEj8D,EAAGrgD,UAAUs7G,KAAO,SAAer1E,GACjC9B,EAAO8B,GAAO,UAId,IAHA,IAAI7U,GAAK,GAAK,IAAM6U,EAEhBy/E,EAAM,EACDzjH,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IACpCyjH,GAAOt0F,EAAIs0F,GAAuB,EAAhB1mH,KAAKy6G,MAAMx3G,KAAWgkC,EAG1C,OAAOy/E,GAITrlE,EAAGrgD,UAAUu7G,MAAQ,SAAgBt1E,GACnC9B,EAAO8B,GAAO,UAGd,IADA,IAAIH,EAAQ,EACH7jC,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACzC,IAAIk0B,GAAqB,EAAhBn3B,KAAKy6G,MAAMx3G,IAAkB,SAAR6jC,EAC9B9mC,KAAKy6G,MAAMx3G,GAAMk0B,EAAI8P,EAAO,EAC5BH,EAAQ3P,EAAI8P,EAGd,OAAOjnC,KAAKo7G,SAGd/5D,EAAGrgD,UAAUqlH,KAAO,SAAep/E,GACjC,OAAOjnC,KAAK2B,QAAQ46G,MAAMt1E,IAG5Boa,EAAGrgD,UAAU2lH,KAAO,SAAev0F,GACjC+S,EAAsB,IAAf/S,EAAEooF,UACTr1E,GAAQ/S,EAAE5kB,UAEV,IAAIV,EAAI9M,KACJkO,EAAIkkB,EAAEzwB,QAGRmL,EADiB,IAAfA,EAAE0tG,SACA1tG,EAAEw5G,KAAKl0F,GAEPtlB,EAAEnL,QAaR,IATA,IAAIsrC,EAAI,IAAIoU,EAAG,GACXnU,EAAI,IAAImU,EAAG,GAGXxuB,EAAI,IAAIwuB,EAAG,GACXlU,EAAI,IAAIkU,EAAG,GAEX1c,EAAI,EAED73B,EAAEmC,UAAYf,EAAEe,UACrBnC,EAAEgwG,OAAO,GACT5uG,EAAE4uG,OAAO,KACPn4E,EAMJ,IAHA,IAAIiiF,EAAK14G,EAAEvM,QACPklH,EAAK/5G,EAAEnL,SAEHmL,EAAEU,UAAU,CAClB,IAAK,IAAIvK,EAAI,EAAG6jH,EAAK,EAAyB,IAArBh6G,EAAE2tG,MAAM,GAAKqM,IAAa7jH,EAAI,KAAMA,EAAG6jH,IAAO,GACvE,GAAI7jH,EAAI,EAEN,IADA6J,EAAEgwG,OAAO75G,GACFA,KAAM,IACPgqC,EAAE85E,SAAW75E,EAAE65E,WACjB95E,EAAEpgC,KAAK+5G,GACP15E,EAAEngC,KAAK85G,IAGT55E,EAAE6vE,OAAO,GACT5vE,EAAE4vE,OAAO,GAIb,IAAK,IAAIngG,EAAI,EAAGqqG,EAAK,EAAyB,IAArB94G,EAAEusG,MAAM,GAAKuM,IAAarqG,EAAI,KAAMA,EAAGqqG,IAAO,GACvE,GAAIrqG,EAAI,EAEN,IADAzO,EAAE4uG,OAAOngG,GACFA,KAAM,IACPkW,EAAEk0F,SAAW55E,EAAE45E,WACjBl0F,EAAEhmB,KAAK+5G,GACPz5E,EAAEpgC,KAAK85G,IAGTh0F,EAAEiqF,OAAO,GACT3vE,EAAE2vE,OAAO,GAIThwG,EAAEiuG,IAAI7sG,IAAM,GACdpB,EAAEC,KAAKmB,GACP++B,EAAElgC,KAAK8lB,GACPqa,EAAEngC,KAAKogC,KAEPj/B,EAAEnB,KAAKD,GACP+lB,EAAE9lB,KAAKkgC,GACPE,EAAEpgC,KAAKmgC,IAIX,MAAO,CACL7+B,EAAGwkB,EACH5kB,EAAGk/B,EACHp/B,IAAKG,EAAE02G,OAAOjgF,KAOlB0c,EAAGrgD,UAAUimH,OAAS,SAAiB70F,GACrC+S,EAAsB,IAAf/S,EAAEooF,UACTr1E,GAAQ/S,EAAE5kB,UAEV,IAAIa,EAAIrO,KACJiO,EAAImkB,EAAEzwB,QAGR0M,EADiB,IAAfA,EAAEmsG,SACAnsG,EAAEi4G,KAAKl0F,GAEP/jB,EAAE1M,QAQR,IALA,IAuCIwN,EAvCAsb,EAAK,IAAI42B,EAAG,GACZ32B,EAAK,IAAI22B,EAAG,GAEZ6lE,EAAQj5G,EAAEtM,QAEP0M,EAAE84G,KAAK,GAAK,GAAKl5G,EAAEk5G,KAAK,GAAK,GAAG,CACrC,IAAK,IAAIlkH,EAAI,EAAG6jH,EAAK,EAAyB,IAArBz4G,EAAEosG,MAAM,GAAKqM,IAAa7jH,EAAI,KAAMA,EAAG6jH,IAAO,GACvE,GAAI7jH,EAAI,EAEN,IADAoL,EAAEyuG,OAAO75G,GACFA,KAAM,GACPwnB,EAAGs8F,SACLt8F,EAAG5d,KAAKq6G,GAGVz8F,EAAGqyF,OAAO,GAId,IAAK,IAAIngG,EAAI,EAAGqqG,EAAK,EAAyB,IAArB/4G,EAAEwsG,MAAM,GAAKuM,IAAarqG,EAAI,KAAMA,EAAGqqG,IAAO,GACvE,GAAIrqG,EAAI,EAEN,IADA1O,EAAE6uG,OAAOngG,GACFA,KAAM,GACP+N,EAAGq8F,SACLr8F,EAAG7d,KAAKq6G,GAGVx8F,EAAGoyF,OAAO,GAIVzuG,EAAE0sG,IAAI9sG,IAAM,GACdI,EAAEtB,KAAKkB,GACPwc,EAAG1d,KAAK2d,KAERzc,EAAElB,KAAKsB,GACPqc,EAAG3d,KAAK0d,IAeZ,OATEtb,EADgB,IAAdd,EAAE84G,KAAK,GACH18F,EAEAC,GAGAy8F,KAAK,GAAK,GAChBh4G,EAAItC,KAAKulB,GAGJjjB,GAGTkyC,EAAGrgD,UAAU+M,IAAM,SAAck5B,GAC/B,GAAIjnC,KAAKwN,SAAU,OAAOy5B,EAAI/3B,MAC9B,GAAI+3B,EAAIz5B,SAAU,OAAOxN,KAAKkP,MAE9B,IAAIb,EAAIrO,KAAK2B,QACTsM,EAAIg5B,EAAItlC,QACZ0M,EAAEmsG,SAAW,EACbvsG,EAAEusG,SAAW,EAGb,IAAK,IAAIt0G,EAAQ,EAAGmI,EAAEY,UAAYhB,EAAEgB,SAAU/I,IAC5CmI,EAAEyuG,OAAO,GACT7uG,EAAE6uG,OAAO,GAGX,OAAG,CACD,KAAOzuG,EAAEY,UACPZ,EAAEyuG,OAAO,GAEX,KAAO7uG,EAAEgB,UACPhB,EAAE6uG,OAAO,GAGX,IAAInvG,EAAIU,EAAE0sG,IAAI9sG,GACd,GAAIN,EAAI,EAAG,CAET,IAAIsQ,EAAI5P,EACRA,EAAIJ,EACJA,EAAIgQ,OACC,GAAU,IAANtQ,GAAyB,IAAdM,EAAEk5G,KAAK,GAC3B,MAGF94G,EAAEtB,KAAKkB,GAGT,OAAOA,EAAE22G,OAAO1+G,IAIlBm7C,EAAGrgD,UAAUomH,KAAO,SAAengF,GACjC,OAAOjnC,KAAK2mH,KAAK1/E,GAAK54B,EAAEi4G,KAAKr/E,IAG/Boa,EAAGrgD,UAAUiO,OAAS,WACpB,OAA+B,IAAP,EAAhBjP,KAAKy6G,MAAM,KAGrBp5D,EAAGrgD,UAAU+lH,MAAQ,WACnB,OAA+B,IAAP,EAAhB/mH,KAAKy6G,MAAM,KAIrBp5D,EAAGrgD,UAAU67G,MAAQ,SAAgB51E,GACnC,OAAOjnC,KAAKy6G,MAAM,GAAKxzE,GAIzBoa,EAAGrgD,UAAUqmH,MAAQ,SAAgB5I,GACnCt5E,EAAsB,iBAARs5E,GACd,IAAI9wG,EAAI8wG,EAAM,GACV5gG,GAAK4gG,EAAM9wG,GAAK,GAChBW,EAAI,GAAKX,EAGb,GAAI3N,KAAKoB,QAAUyc,EAGjB,OAFA7d,KAAKy7G,QAAQ59F,EAAI,GACjB7d,KAAKy6G,MAAM58F,IAAMvP,EACVtO,KAKT,IADA,IAAI8mC,EAAQx4B,EACHrL,EAAI4a,EAAa,IAAVipB,GAAe7jC,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACnD,IAAIk0B,EAAoB,EAAhBn3B,KAAKy6G,MAAMx3G,GAEnB6jC,GADA3P,GAAK2P,KACS,GACd3P,GAAK,SACLn3B,KAAKy6G,MAAMx3G,GAAKk0B,EAMlB,OAJc,IAAV2P,IACF9mC,KAAKy6G,MAAMx3G,GAAK6jC,EAChB9mC,KAAKoB,UAEApB,MAGTqhD,EAAGrgD,UAAUwM,OAAS,WACpB,OAAuB,IAAhBxN,KAAKoB,QAAkC,IAAlBpB,KAAKy6G,MAAM,IAGzCp5D,EAAGrgD,UAAUmmH,KAAO,SAAelgF,GACjC,IAOI93B,EAPAqrG,EAAWvzE,EAAM,EAErB,GAAsB,IAAlBjnC,KAAKw6G,WAAmBA,EAAU,OAAQ,EAC9C,GAAsB,IAAlBx6G,KAAKw6G,UAAkBA,EAAU,OAAO,EAK5C,GAHAx6G,KAAKo7G,QAGDp7G,KAAKoB,OAAS,EAChB+N,EAAM,MACD,CACDqrG,IACFvzE,GAAOA,GAGT9B,EAAO8B,GAAO,SAAW,qBAEzB,IAAI9P,EAAoB,EAAhBn3B,KAAKy6G,MAAM,GACnBtrG,EAAMgoB,IAAM8P,EAAM,EAAI9P,EAAI8P,GAAO,EAAI,EAEvC,OAAsB,IAAlBjnC,KAAKw6G,SAA8B,GAANrrG,EAC1BA,GAOTkyC,EAAGrgD,UAAU+5G,IAAM,SAAc9zE,GAC/B,GAAsB,IAAlBjnC,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,SAAgB,OAAQ,EACvD,GAAsB,IAAlBx6G,KAAKw6G,UAAmC,IAAjBvzE,EAAIuzE,SAAgB,OAAO,EAEtD,IAAIrrG,EAAMnP,KAAKsnH,KAAKrgF,GACpB,OAAsB,IAAlBjnC,KAAKw6G,SAA8B,GAANrrG,EAC1BA,GAITkyC,EAAGrgD,UAAUsmH,KAAO,SAAergF,GAEjC,GAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAQ,OAAO,EACrC,GAAIpB,KAAKoB,OAAS6lC,EAAI7lC,OAAQ,OAAQ,EAGtC,IADA,IAAI+N,EAAM,EACDlM,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACzC,IAAIoL,EAAoB,EAAhBrO,KAAKy6G,MAAMx3G,GACfgL,EAAmB,EAAfg5B,EAAIwzE,MAAMx3G,GAElB,GAAIoL,IAAMJ,EAAV,CACII,EAAIJ,EACNkB,GAAO,EACEd,EAAIJ,IACbkB,EAAM,GAER,OAEF,OAAOA,GAGTkyC,EAAGrgD,UAAUumH,IAAM,SAActgF,GAC/B,OAA0B,IAAnBjnC,KAAKmnH,KAAKlgF,IAGnBoa,EAAGrgD,UAAU+N,GAAK,SAAak4B,GAC7B,OAAyB,IAAlBjnC,KAAK+6G,IAAI9zE,IAGlBoa,EAAGrgD,UAAUwmH,KAAO,SAAevgF,GACjC,OAAOjnC,KAAKmnH,KAAKlgF,IAAQ,GAG3Boa,EAAGrgD,UAAUgO,IAAM,SAAci4B,GAC/B,OAAOjnC,KAAK+6G,IAAI9zE,IAAQ,GAG1Boa,EAAGrgD,UAAUymH,IAAM,SAAcxgF,GAC/B,OAA2B,IAApBjnC,KAAKmnH,KAAKlgF,IAGnBoa,EAAGrgD,UAAU6N,GAAK,SAAao4B,GAC7B,OAA0B,IAAnBjnC,KAAK+6G,IAAI9zE,IAGlBoa,EAAGrgD,UAAU0mH,KAAO,SAAezgF,GACjC,OAAOjnC,KAAKmnH,KAAKlgF,IAAQ,GAG3Boa,EAAGrgD,UAAU8N,IAAM,SAAcm4B,GAC/B,OAAOjnC,KAAK+6G,IAAI9zE,IAAQ,GAG1Boa,EAAGrgD,UAAU2mH,IAAM,SAAc1gF,GAC/B,OAA0B,IAAnBjnC,KAAKmnH,KAAKlgF,IAGnBoa,EAAGrgD,UAAUkoD,GAAK,SAAajiB,GAC7B,OAAyB,IAAlBjnC,KAAK+6G,IAAI9zE,IAOlBoa,EAAGq5D,IAAM,SAAczzE,GACrB,OAAO,IAAI2gF,EAAI3gF,IAGjBoa,EAAGrgD,UAAU6mH,MAAQ,SAAgBC,GAGnC,OAFA3iF,GAAQnlC,KAAK06G,IAAK,yCAClBv1E,EAAyB,IAAlBnlC,KAAKw6G,SAAgB,iCACrBsN,EAAIC,UAAU/nH,MAAMgoH,UAAUF,IAGvCzmE,EAAGrgD,UAAUinH,QAAU,WAErB,OADA9iF,EAAOnlC,KAAK06G,IAAK,wDACV16G,KAAK06G,IAAIwN,YAAYloH,OAG9BqhD,EAAGrgD,UAAUgnH,UAAY,SAAoBF,GAE3C,OADA9nH,KAAK06G,IAAMoN,EACJ9nH,MAGTqhD,EAAGrgD,UAAUmnH,SAAW,SAAmBL,GAEzC,OADA3iF,GAAQnlC,KAAK06G,IAAK,yCACX16G,KAAKgoH,UAAUF,IAGxBzmE,EAAGrgD,UAAUonH,OAAS,SAAiBnhF,GAErC,OADA9B,EAAOnlC,KAAK06G,IAAK,sCACV16G,KAAK06G,IAAIz0G,IAAIjG,KAAMinC,IAG5Boa,EAAGrgD,UAAUqnH,QAAU,SAAkBphF,GAEvC,OADA9B,EAAOnlC,KAAK06G,IAAK,uCACV16G,KAAK06G,IAAI7tG,KAAK7M,KAAMinC,IAG7Boa,EAAGrgD,UAAUsnH,OAAS,SAAiBrhF,GAErC,OADA9B,EAAOnlC,KAAK06G,IAAK,sCACV16G,KAAK06G,IAAI1tG,IAAIhN,KAAMinC,IAG5Boa,EAAGrgD,UAAUunH,QAAU,SAAkBthF,GAEvC,OADA9B,EAAOnlC,KAAK06G,IAAK,uCACV16G,KAAK06G,IAAI3tG,KAAK/M,KAAMinC,IAG7Boa,EAAGrgD,UAAUwnH,OAAS,SAAiBvhF,GAErC,OADA9B,EAAOnlC,KAAK06G,IAAK,sCACV16G,KAAK06G,IAAI+N,IAAIzoH,KAAMinC,IAG5Boa,EAAGrgD,UAAU0nH,OAAS,SAAiBzhF,GAGrC,OAFA9B,EAAOnlC,KAAK06G,IAAK,sCACjB16G,KAAK06G,IAAIiO,SAAS3oH,KAAMinC,GACjBjnC,KAAK06G,IAAIxtG,IAAIlN,KAAMinC,IAG5Boa,EAAGrgD,UAAU4nH,QAAU,SAAkB3hF,GAGvC,OAFA9B,EAAOnlC,KAAK06G,IAAK,sCACjB16G,KAAK06G,IAAIiO,SAAS3oH,KAAMinC,GACjBjnC,KAAK06G,IAAIztG,KAAKjN,KAAMinC,IAG7Boa,EAAGrgD,UAAU6nH,OAAS,WAGpB,OAFA1jF,EAAOnlC,KAAK06G,IAAK,sCACjB16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAI+J,IAAIzkH,OAGtBqhD,EAAGrgD,UAAU+nH,QAAU,WAGrB,OAFA5jF,EAAOnlC,KAAK06G,IAAK,uCACjB16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAIgK,KAAK1kH,OAIvBqhD,EAAGrgD,UAAUgoH,QAAU,WAGrB,OAFA7jF,EAAOnlC,KAAK06G,IAAK,uCACjB16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAIuO,KAAKjpH,OAGvBqhD,EAAGrgD,UAAUkoH,QAAU,WAGrB,OAFA/jF,EAAOnlC,KAAK06G,IAAK,uCACjB16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAI0M,KAAKpnH,OAIvBqhD,EAAGrgD,UAAUmoH,OAAS,WAGpB,OAFAhkF,EAAOnlC,KAAK06G,IAAK,sCACjB16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAIkD,IAAI59G,OAGtBqhD,EAAGrgD,UAAUooH,OAAS,SAAiBniF,GAGrC,OAFA9B,EAAOnlC,KAAK06G,MAAQzzE,EAAIyzE,IAAK,qBAC7B16G,KAAK06G,IAAIoO,SAAS9oH,MACXA,KAAK06G,IAAI7oE,IAAI7xC,KAAMinC,IAI5B,IAAIoiF,EAAS,CACXC,KAAM,KACNC,KAAM,KACNC,KAAM,KACNC,OAAQ,MAIV,SAASC,EAAQx+G,EAAMknB,GAErBpyB,KAAKkL,KAAOA,EACZlL,KAAKoyB,EAAI,IAAIivB,EAAGjvB,EAAG,IACnBpyB,KAAKoM,EAAIpM,KAAKoyB,EAAE3iB,YAChBzP,KAAKic,EAAI,IAAIolC,EAAG,GAAGujE,OAAO5kH,KAAKoM,GAAGW,KAAK/M,KAAKoyB,GAE5CpyB,KAAKuO,IAAMvO,KAAK2pH,OA2ClB,SAASC,IACPF,EAAO5oH,KACLd,KACA,OACA,2EA+DJ,SAAS6pH,IACPH,EAAO5oH,KACLd,KACA,OACA,kEAIJ,SAAS8pH,IACPJ,EAAO5oH,KACLd,KACA,OACA,yDAIJ,SAAS+pH,IAEPL,EAAO5oH,KACLd,KACA,QACA,uEA8CJ,SAAS4nH,EAAKx6G,GACZ,GAAiB,iBAANA,EAAgB,CACzB,IAAI48G,EAAQ3oE,EAAG4oE,OAAO78G,GACtBpN,KAAKoN,EAAI48G,EAAM53F,EACfpyB,KAAKgqH,MAAQA,OAEb7kF,EAAO/3B,EAAEm6G,IAAI,GAAI,kCACjBvnH,KAAKoN,EAAIA,EACTpN,KAAKgqH,MAAQ,KAkOjB,SAASE,EAAM98G,GACbw6G,EAAI9mH,KAAKd,KAAMoN,GAEfpN,KAAKkG,MAAQlG,KAAKoN,EAAEqC,YAChBzP,KAAKkG,MAAQ,IAAO,IACtBlG,KAAKkG,OAAS,GAAMlG,KAAKkG,MAAQ,IAGnClG,KAAK2N,EAAI,IAAI0zC,EAAG,GAAGujE,OAAO5kH,KAAKkG,OAC/BlG,KAAKymH,GAAKzmH,KAAKmN,KAAKnN,KAAK2N,EAAE82G,OAC3BzkH,KAAKmqH,KAAOnqH,KAAK2N,EAAEs5G,OAAOjnH,KAAKoN,GAE/BpN,KAAKoqH,KAAOpqH,KAAKmqH,KAAKj9G,IAAIlN,KAAK2N,GAAG+3G,MAAM,GAAGQ,IAAIlmH,KAAKoN,GACpDpN,KAAKoqH,KAAOpqH,KAAKoqH,KAAK9D,KAAKtmH,KAAK2N,GAChC3N,KAAKoqH,KAAOpqH,KAAK2N,EAAEX,IAAIhN,KAAKoqH,MAta9BV,EAAO1oH,UAAU2oH,KAAO,WACtB,IAAIp7G,EAAM,IAAI8yC,EAAG,MAEjB,OADA9yC,EAAIksG,MAAY56G,MAAM6L,KAAKmQ,KAAK7b,KAAKoM,EAAI,KAClCmC,GAGTm7G,EAAO1oH,UAAUqpH,QAAU,SAAkBpjF,GAG3C,IACI/U,EADAvkB,EAAIs5B,EAGR,GACEjnC,KAAK+f,MAAMpS,EAAG3N,KAAKuO,KAGnB2jB,GADAvkB,GADAA,EAAI3N,KAAKsqH,MAAM38G,IACTd,KAAK7M,KAAKuO,MACPkB,kBACFyiB,EAAOlyB,KAAKoM,GAErB,IAAI2uG,EAAM7oF,EAAOlyB,KAAKoM,GAAK,EAAIuB,EAAE25G,KAAKtnH,KAAKoyB,GAU3C,OATY,IAAR2oF,GACFptG,EAAE8sG,MAAM,GAAK,EACb9sG,EAAEvM,OAAS,GACF25G,EAAM,EACfptG,EAAEZ,KAAK/M,KAAKoyB,GAEZzkB,EAAEytG,QAGGztG,GAGT+7G,EAAO1oH,UAAU+e,MAAQ,SAAgBzf,EAAO07G,GAC9C17G,EAAMw8G,OAAO98G,KAAKoM,EAAG,EAAG4vG,IAG1B0N,EAAO1oH,UAAUspH,MAAQ,SAAgBrjF,GACvC,OAAOA,EAAIh6B,KAAKjN,KAAKic,IASvBoqB,EAASujF,EAAMF,GAEfE,EAAK5oH,UAAU+e,MAAQ,SAAgBzf,EAAOuJ,GAK5C,IAHA,IAAI+nC,EAAO,QAEP4b,EAAS9hD,KAAKmyC,IAAIv9C,EAAMc,OAAQ,GAC3B6B,EAAI,EAAGA,EAAIuqD,EAAQvqD,IAC1B4G,EAAO4wG,MAAMx3G,GAAK3C,EAAMm6G,MAAMx3G,GAIhC,GAFA4G,EAAOzI,OAASosD,EAEZltD,EAAMc,QAAU,EAGlB,OAFAd,EAAMm6G,MAAM,GAAK,OACjBn6G,EAAMc,OAAS,GAKjB,IAAIkH,EAAOhI,EAAMm6G,MAAM,GAGvB,IAFA5wG,EAAO4wG,MAAM5wG,EAAOzI,UAAYkH,EAAOspC,EAElC3uC,EAAI,GAAIA,EAAI3C,EAAMc,OAAQ6B,IAAK,CAClC,IAAImgE,EAAwB,EAAjB9iE,EAAMm6G,MAAMx3G,GACvB3C,EAAMm6G,MAAMx3G,EAAI,KAAQmgE,EAAOxxB,IAAS,EAAMtpC,IAAS,GACvDA,EAAO86D,EAET96D,KAAU,GACVhI,EAAMm6G,MAAMx3G,EAAI,IAAMqF,EACT,IAATA,GAAchI,EAAMc,OAAS,GAC/Bd,EAAMc,QAAU,GAEhBd,EAAMc,QAAU,GAIpBwoH,EAAK5oH,UAAUspH,MAAQ,SAAgBrjF,GAErCA,EAAIwzE,MAAMxzE,EAAI7lC,QAAU,EACxB6lC,EAAIwzE,MAAMxzE,EAAI7lC,OAAS,GAAK,EAC5B6lC,EAAI7lC,QAAU,EAId,IADA,IAAI4kC,EAAK,EACA/iC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CACnC,IAAIk0B,EAAmB,EAAf8P,EAAIwzE,MAAMx3G,GAClB+iC,GAAU,IAAJ7O,EACN8P,EAAIwzE,MAAMx3G,GAAU,SAAL+iC,EACfA,EAAS,GAAJ7O,GAAa6O,EAAK,SAAa,GAUtC,OANkC,IAA9BiB,EAAIwzE,MAAMxzE,EAAI7lC,OAAS,KACzB6lC,EAAI7lC,SAC8B,IAA9B6lC,EAAIwzE,MAAMxzE,EAAI7lC,OAAS,IACzB6lC,EAAI7lC,UAGD6lC,GASTZ,EAASwjF,EAAMH,GAQfrjF,EAASyjF,EAAMJ,GASfrjF,EAAS0jF,EAAQL,GAEjBK,EAAO/oH,UAAUspH,MAAQ,SAAgBrjF,GAGvC,IADA,IAAIH,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CACnC,IAAI8iC,EAA0B,IAAL,EAAfkB,EAAIwzE,MAAMx3G,IAAiB6jC,EACjCd,EAAU,SAALD,EACTA,KAAQ,GAERkB,EAAIwzE,MAAMx3G,GAAK+iC,EACfc,EAAQf,EAKV,OAHc,IAAVe,IACFG,EAAIwzE,MAAMxzE,EAAI7lC,UAAY0lC,GAErBG,GAIToa,EAAG4oE,OAAS,SAAgB/+G,GAE1B,GAAIm+G,EAAOn+G,GAAO,OAAOm+G,EAAOn+G,GAEhC,IAAI8+G,EACJ,GAAa,SAAT9+G,EACF8+G,EAAQ,IAAIJ,OACP,GAAa,SAAT1+G,EACT8+G,EAAQ,IAAIH,OACP,GAAa,SAAT3+G,EACT8+G,EAAQ,IAAIF,MACP,IAAa,WAAT5+G,EAGT,MAAUhI,MAAM,iBAAmBgI,GAFnC8+G,EAAQ,IAAID,EAMd,OAFAV,EAAOn+G,GAAQ8+G,EAERA,GAkBTpC,EAAI5mH,UAAU8nH,SAAW,SAAmBz6G,GAC1C82B,EAAsB,IAAf92B,EAAEmsG,SAAgB,iCACzBr1E,EAAO92B,EAAEqsG,IAAK,oCAGhBkN,EAAI5mH,UAAU2nH,SAAW,SAAmBt6G,EAAGJ,GAC7Ck3B,EAAqC,IAA7B92B,EAAEmsG,SAAWvsG,EAAEusG,UAAiB,iCACxCr1E,EAAO92B,EAAEqsG,KAAOrsG,EAAEqsG,MAAQzsG,EAAEysG,IAC1B,oCAGJkN,EAAI5mH,UAAUmM,KAAO,SAAekB,GAClC,OAAIrO,KAAKgqH,MAAchqH,KAAKgqH,MAAMK,QAAQh8G,GAAG25G,UAAUhoH,MAChDqO,EAAEi4G,KAAKtmH,KAAKoN,GAAG46G,UAAUhoH,OAGlC4nH,EAAI5mH,UAAU48G,IAAM,SAAcvvG,GAChC,OAAIA,EAAEb,SACGa,EAAE1M,QAGJ3B,KAAKoN,EAAEJ,IAAIqB,GAAG25G,UAAUhoH,OAGjC4nH,EAAI5mH,UAAUiF,IAAM,SAAcoI,EAAGJ,GACnCjO,KAAK2oH,SAASt6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEpI,IAAIgI,GAIhB,OAHIkB,EAAI4rG,IAAI/6G,KAAKoN,IAAM,GACrB+B,EAAIpC,KAAK/M,KAAKoN,GAET+B,EAAI64G,UAAUhoH,OAGvB4nH,EAAI5mH,UAAU6L,KAAO,SAAewB,EAAGJ,GACrCjO,KAAK2oH,SAASt6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAExB,KAAKoB,GAIjB,OAHIkB,EAAI4rG,IAAI/6G,KAAKoN,IAAM,GACrB+B,EAAIpC,KAAK/M,KAAKoN,GAET+B,GAGTy4G,EAAI5mH,UAAUgM,IAAM,SAAcqB,EAAGJ,GACnCjO,KAAK2oH,SAASt6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAErB,IAAIiB,GAIhB,OAHIkB,EAAIg4G,KAAK,GAAK,GAChBh4G,EAAItC,KAAK7M,KAAKoN,GAET+B,EAAI64G,UAAUhoH,OAGvB4nH,EAAI5mH,UAAU+L,KAAO,SAAesB,EAAGJ,GACrCjO,KAAK2oH,SAASt6G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEtB,KAAKkB,GAIjB,OAHIkB,EAAIg4G,KAAK,GAAK,GAChBh4G,EAAItC,KAAK7M,KAAKoN,GAET+B,GAGTy4G,EAAI5mH,UAAUynH,IAAM,SAAcp6G,EAAG44B,GAEnC,OADAjnC,KAAK8oH,SAASz6G,GACPrO,KAAKmN,KAAKkB,EAAEg3G,MAAMp+E,KAG3B2gF,EAAI5mH,UAAUiM,KAAO,SAAeoB,EAAGJ,GAErC,OADAjO,KAAK2oH,SAASt6G,EAAGJ,GACVjO,KAAKmN,KAAKkB,EAAEpB,KAAKgB,KAG1B25G,EAAI5mH,UAAUkM,IAAM,SAAcmB,EAAGJ,GAEnC,OADAjO,KAAK2oH,SAASt6G,EAAGJ,GACVjO,KAAKmN,KAAKkB,EAAEnB,IAAIe,KAGzB25G,EAAI5mH,UAAU0jH,KAAO,SAAer2G,GAClC,OAAOrO,KAAKiN,KAAKoB,EAAGA,EAAE1M,UAGxBimH,EAAI5mH,UAAUyjH,IAAM,SAAcp2G,GAChC,OAAOrO,KAAKkN,IAAImB,EAAGA,IAGrBu5G,EAAI5mH,UAAUioH,KAAO,SAAe56G,GAClC,GAAIA,EAAEb,SAAU,OAAOa,EAAE1M,QAEzB,IAAI4oH,EAAOvqH,KAAKoN,EAAEyvG,MAAM,GAIxB,GAHA13E,EAAOolF,EAAO,GAAM,GAGP,IAATA,EAAY,CACd,IAAI14E,EAAM7xC,KAAKoN,EAAEnH,IAAI,IAAIo7C,EAAG,IAAIy7D,OAAO,GACvC,OAAO98G,KAAK6xC,IAAIxjC,EAAGwjC,GAQrB,IAFA,IAAIvjC,EAAItO,KAAKoN,EAAEq0C,KAAK,GAChB5jC,EAAI,GACAvP,EAAEd,UAA2B,IAAfc,EAAEuuG,MAAM,IAC5Bh/F,IACAvP,EAAEwuG,OAAO,GAEX33E,GAAQ72B,EAAEd,UAEV,IAAImC,EAAM,IAAI0xC,EAAG,GAAGwmE,MAAM7nH,MACtBwqH,EAAO76G,EAAIw5G,SAIXsB,EAAOzqH,KAAKoN,EAAEq0C,KAAK,GAAGq7D,OAAO,GAC7B50E,EAAIloC,KAAKoN,EAAEqC,YAGf,IAFAy4B,EAAI,IAAImZ,EAAG,EAAInZ,EAAIA,GAAG2/E,MAAM7nH,MAEW,IAAhCA,KAAK6xC,IAAI3J,EAAGuiF,GAAM1P,IAAIyP,IAC3BtiF,EAAEmgF,QAAQmC,GAOZ,IAJA,IAAIpuG,EAAIpc,KAAK6xC,IAAI3J,EAAG55B,GAChBX,EAAI3N,KAAK6xC,IAAIxjC,EAAGC,EAAEq3G,KAAK,GAAG7I,OAAO,IACjC7+F,EAAIje,KAAK6xC,IAAIxjC,EAAGC,GAChBlB,EAAIyQ,EACc,IAAfI,EAAE88F,IAAIprG,IAAY,CAEvB,IADA,IAAIpB,EAAM0P,EACDhb,EAAI,EAAoB,IAAjBsL,EAAIwsG,IAAIprG,GAAY1M,IAClCsL,EAAMA,EAAIs6G,SAEZ1jF,EAAOliC,EAAImK,GACX,IAAIa,EAAIjO,KAAK6xC,IAAIz1B,EAAG,IAAIilC,EAAG,GAAGujE,OAAOx3G,EAAInK,EAAI,IAE7C0K,EAAIA,EAAE+6G,OAAOz6G,GACbmO,EAAInO,EAAE46G,SACN5qG,EAAIA,EAAEyqG,OAAOtsG,GACbhP,EAAInK,EAGN,OAAO0K,GAGTi6G,EAAI5mH,UAAUomH,KAAO,SAAe/4G,GAClC,IAAIq8G,EAAMr8G,EAAE44G,OAAOjnH,KAAKoN,GACxB,OAAqB,IAAjBs9G,EAAIlQ,UACNkQ,EAAIlQ,SAAW,EACRx6G,KAAKmN,KAAKu9G,GAAKvB,UAEfnpH,KAAKmN,KAAKu9G,IAIrB9C,EAAI5mH,UAAU6wC,IAAM,SAAcxjC,EAAG44B,GACnC,GAAIA,EAAIz5B,SAAU,OAAO,IAAI6zC,EAAG,GAAGwmE,MAAM7nH,MACzC,GAAoB,IAAhBinC,EAAIkgF,KAAK,GAAU,OAAO94G,EAAE1M,QAEhC,IACIgpH,EAAU9qH,MAAM,IACpB8qH,EAAI,GAAK,IAAItpE,EAAG,GAAGwmE,MAAM7nH,MACzB2qH,EAAI,GAAKt8G,EACT,IAAK,IAAIpL,EAAI,EAAGA,EAAI0nH,EAAIvpH,OAAQ6B,IAC9B0nH,EAAI1nH,GAAKjD,KAAKkN,IAAIy9G,EAAI1nH,EAAI,GAAIoL,GAGhC,IAAIc,EAAMw7G,EAAI,GACVz5C,EAAU,EACV05C,EAAa,EACbhnH,EAAQqjC,EAAIx3B,YAAc,GAK9B,IAJc,IAAV7L,IACFA,EAAQ,IAGLX,EAAIgkC,EAAI7lC,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CAEpC,IADA,IAAImjC,EAAOa,EAAIwzE,MAAMx3G,GACZ0Z,EAAI/Y,EAAQ,EAAG+Y,GAAK,EAAGA,IAAK,CACnC,IAAI8hG,EAAOr4E,GAAQzpB,EAAK,EACpBxN,IAAQw7G,EAAI,KACdx7G,EAAMnP,KAAKykH,IAAIt1G,IAGL,IAARsvG,GAAyB,IAAZvtC,GAKjBA,IAAY,EACZA,GAAWutC,GA9BE,MA+BbmM,GACwC,IAAN3nH,GAAiB,IAAN0Z,KAE7CxN,EAAMnP,KAAKkN,IAAIiC,EAAKw7G,EAAIz5C,IACxB05C,EAAa,EACb15C,EAAU,IAXR05C,EAAa,EAajBhnH,EAAQ,GAGV,OAAOuL,GAGTy4G,EAAI5mH,UAAU+mH,UAAY,SAAoB9gF,GAC5C,IAAIt5B,EAAIs5B,EAAIq/E,KAAKtmH,KAAKoN,GAEtB,OAAOO,IAAMs5B,EAAMt5B,EAAEhM,QAAUgM,GAGjCi6G,EAAI5mH,UAAUknH,YAAc,SAAsBjhF,GAChD,IAAI93B,EAAM83B,EAAItlC,QAEd,OADAwN,EAAIurG,IAAM,KACHvrG,GAOTkyC,EAAGwpE,KAAO,SAAe5jF,GACvB,OAAO,IAAIijF,EAAKjjF,IAmBlBZ,EAAS6jF,EAAMtC,GAEfsC,EAAKlpH,UAAU+mH,UAAY,SAAoB9gF,GAC7C,OAAOjnC,KAAKmN,KAAK85B,EAAIo+E,MAAMrlH,KAAKkG,SAGlCgkH,EAAKlpH,UAAUknH,YAAc,SAAsBjhF,GACjD,IAAIt5B,EAAI3N,KAAKmN,KAAK85B,EAAI/5B,IAAIlN,KAAKmqH,OAE/B,OADAx8G,EAAE+sG,IAAM,KACD/sG,GAGTu8G,EAAKlpH,UAAUiM,KAAO,SAAeoB,EAAGJ,GACtC,GAAII,EAAEb,UAAYS,EAAET,SAGlB,OAFAa,EAAEosG,MAAM,GAAK,EACbpsG,EAAEjN,OAAS,EACJiN,EAGT,IAAI4P,EAAI5P,EAAEpB,KAAKgB,GACXmO,EAAI6B,EAAEwnG,MAAMzlH,KAAKkG,OAAOgH,IAAIlN,KAAKoqH,MAAM5E,OAAOxlH,KAAKkG,OAAOgH,IAAIlN,KAAKoN,GACnEysB,EAAI5b,EAAElR,KAAKqP,GAAG0gG,OAAO98G,KAAKkG,OAC1BiJ,EAAM0qB,EAQV,OANIA,EAAEkhF,IAAI/6G,KAAKoN,IAAM,EACnB+B,EAAM0qB,EAAE9sB,KAAK/M,KAAKoN,GACTysB,EAAEstF,KAAK,GAAK,IACrBh4G,EAAM0qB,EAAEhtB,KAAK7M,KAAKoN,IAGb+B,EAAI64G,UAAUhoH,OAGvBkqH,EAAKlpH,UAAUkM,IAAM,SAAcmB,EAAGJ,GACpC,GAAII,EAAEb,UAAYS,EAAET,SAAU,OAAO,IAAI6zC,EAAG,GAAG2mE,UAAUhoH,MAEzD,IAAIie,EAAI5P,EAAEnB,IAAIe,GACVmO,EAAI6B,EAAEwnG,MAAMzlH,KAAKkG,OAAOgH,IAAIlN,KAAKoqH,MAAM5E,OAAOxlH,KAAKkG,OAAOgH,IAAIlN,KAAKoN,GACnEysB,EAAI5b,EAAElR,KAAKqP,GAAG0gG,OAAO98G,KAAKkG,OAC1BiJ,EAAM0qB,EAOV,OANIA,EAAEkhF,IAAI/6G,KAAKoN,IAAM,EACnB+B,EAAM0qB,EAAE9sB,KAAK/M,KAAKoN,GACTysB,EAAEstF,KAAK,GAAK,IACrBh4G,EAAM0qB,EAAEhtB,KAAK7M,KAAKoN,IAGb+B,EAAI64G,UAAUhoH,OAGvBkqH,EAAKlpH,UAAUomH,KAAO,SAAe/4G,GAGnC,OADUrO,KAAKmN,KAAKkB,EAAE44G,OAAOjnH,KAAKoN,GAAGF,IAAIlN,KAAKymH,KACnCuB,UAAUhoH,MAExB,CAl2GD,CAk2GoCslC,EAAQtlC,qFCr1G7B,MAAMmM,GAMnBrM,YAAYsM,GACV,QAAUnL,IAANmL,EACF,MAAUlJ,MAAM,4BAGlBlD,KAAKqB,MAAQ,IAAIggD,GAAGj1C,GAGtBzK,QACE,MAAMA,EAAQ,IAAIwK,GAAW,MAE7B,OADAnM,KAAKqB,MAAMspE,KAAKhpE,EAAMN,OACfM,EAMT8K,OAEE,OADAzM,KAAKqB,MAAMwL,KAAK,IAAIw0C,GAAG,IAChBrhD,KAOT0M,MACE,OAAO1M,KAAK2B,QAAQ8K,OAMtBE,OAEE,OADA3M,KAAKqB,MAAM0L,KAAK,IAAIs0C,GAAG,IAChBrhD,KAOT4M,MACE,OAAO5M,KAAK2B,QAAQgL,OAQtBE,KAAKC,GAEH,OADA9M,KAAKqB,MAAMwL,KAAKC,EAAEzL,OACXrB,KAQTiG,IAAI6G,GACF,OAAO9M,KAAK2B,QAAQkL,KAAKC,GAO3BC,KAAKD,GAEH,OADA9M,KAAKqB,MAAM0L,KAAKD,EAAEzL,OACXrB,KAQTgN,IAAIF,GACF,OAAO9M,KAAK2B,QAAQoL,KAAKD,GAO3BG,KAAKH,GAEH,OADA9M,KAAKqB,MAAM4L,KAAKH,EAAEzL,OACXrB,KAQTkN,IAAIJ,GACF,OAAO9M,KAAK2B,QAAQsL,KAAKH,GAO3BK,KAAKC,GAEH,OADApN,KAAKqB,MAAQrB,KAAKqB,MAAMilH,KAAKl5G,EAAE/L,OACxBrB,KAQTsN,IAAIF,GACF,OAAOpN,KAAK2B,QAAQwL,KAAKC,GAU3BG,OAAOlJ,EAAG+H,GAIR,MAAM0+G,EAAO1+G,EAAE6C,SAAWoyC,GAAGq5D,IAAItuG,EAAE/K,OAASggD,GAAGwpE,KAAKz+G,EAAE/K,OAChDyL,EAAI9M,KAAK2B,QAEf,OADAmL,EAAEzL,MAAQyL,EAAEzL,MAAMwmH,MAAMiD,GAAM1B,OAAO/kH,EAAEhD,OAAO4mH,UACvCn7G,EAUTgB,OAAO1B,GAEL,IAAKpM,KAAK+N,IAAI3B,GAAGqB,QACf,MAAUvK,MAAM,0BAElB,OAAO,IAAIiJ,GAAWnM,KAAKqB,MAAM+lH,KAAKh7G,EAAE/K,QAQ1C0M,IAAI3B,GACF,OAAO,IAAID,GAAWnM,KAAKqB,MAAM0M,IAAI3B,EAAE/K,QAOzCmN,WAAW1B,GAET,OADA9M,KAAKqB,MAAM0jH,MAAMj4G,EAAEzL,MAAM+N,YAClBpP,KAQTyO,UAAU3B,GACR,OAAO9M,KAAK2B,QAAQ6M,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADA9M,KAAKqB,MAAM8jH,MAAMr4G,EAAEzL,MAAM+N,YAClBpP,KAQT2O,WAAW7B,GACT,OAAO9M,KAAK2B,QAAQ+M,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAO9M,KAAKqB,MAAM6nD,GAAGp8C,EAAEzL,OAQzBwN,GAAG/B,GACD,OAAO9M,KAAKqB,MAAMwN,GAAG/B,EAAEzL,OAQzByN,IAAIhC,GACF,OAAO9M,KAAKqB,MAAMyN,IAAIhC,EAAEzL,OAQ1B0N,GAAGjC,GACD,OAAO9M,KAAKqB,MAAM0N,GAAGjC,EAAEzL,OAQzB2N,IAAIlC,GACF,OAAO9M,KAAKqB,MAAM2N,IAAIlC,EAAEzL,OAG1BmM,SACE,OAAOxN,KAAKqB,MAAMmM,SAGpBC,QACE,OAAOzN,KAAKqB,MAAM6nD,GAAG,IAAI7H,GAAG,IAG9Bh0C,aACE,OAAOrN,KAAKqB,MAAMs8G,QAGpB1uG,SACE,OAAOjP,KAAKqB,MAAM4N,SAGpBC,MACE,MAAMC,EAAMnP,KAAK2B,QAEjB,OADAwN,EAAI9N,MAAQ8N,EAAI9N,MAAM6N,MACfC,EAOT5C,WACE,OAAOvM,KAAKqB,MAAMkL,WAQpB6C,WACE,OAAOpP,KAAKqB,MAAM+N,WAQpBI,OAAOvM,GACL,OAAOjD,KAAKqB,MAAMm8G,MAAMv6G,GAAK,EAAI,EAOnCwM,YACE,OAAOzP,KAAKqB,MAAMoO,YAOpBtL,aACE,OAAOnE,KAAKqB,MAAM8C,aASpB6L,aAAaC,EAAS,KAAM7O,GAC1B,OAAOpB,KAAKqB,MAAMijD,YAAYzhD,WAAYoN,EAAQ7O,QC3UlDuM,mFCEJ,IAAI+5B,EAAQsW,EAkCZ,SAAS/X,EAAMG,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EAENA,CACX,CAGA,SAAS/e,EAAMge,GAEb,IADA,IAAIl2B,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,GAAO82B,EAAMZ,EAAIpiC,GAAGsJ,SAAS,KAC/B,OAAO4C,CACT,CAfAu4B,EAAMC,QA9BN,SAAiBtC,EAAKS,GACpB,GAAIjmC,MAAMW,QAAQ6kC,GAChB,OAAOA,EAAI3jC,QACb,IAAK2jC,EACH,MAAO,GACT,IAAIl2B,EAAM,GACV,GAAmB,iBAARk2B,EAAkB,CAC3B,IAAK,IAAIpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,EAAIlM,GAAc,EAAToiC,EAAIpiC,GACf,OAAOkM,EAET,GAAY,QAAR22B,EAAe,EACjBT,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1BxgB,OAAS,GAAM,IACrBikC,EAAM,IAAMA,GACd,IAASpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAK,EACnCkM,EAAItN,KAAKuO,SAASi1B,EAAIpiC,GAAKoiC,EAAIpiC,EAAI,GAAI,UAEzC,IAASA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAImZ,EAAIipB,EAAI7oB,WAAWvZ,GACnB8iC,EAAK3pB,GAAK,EACV4pB,EAAS,IAAJ5pB,EACL2pB,EACF52B,EAAItN,KAAKkkC,EAAIC,GAEb72B,EAAItN,KAAKmkC,GAGf,OAAO72B,CACT,EASAu4B,EAAMzB,MAAQA,EAQdyB,EAAMrgB,MAAQA,EAEdqgB,EAAMxqB,OAAS,SAAgBu/B,EAAK3W,GAClC,MAAY,QAARA,EACKze,EAAMo1B,GAENA,CACX,0BCvDA,IAAI/U,EAAQsW,EAKZtW,EAAMvC,OAAS4lF,GACfrjF,EAAMC,QAAUqjF,GAASrjF,QACzBD,EAAMzB,MAAQ+kF,GAAS/kF,MACvByB,EAAMrgB,MAAQ2jG,GAAS3jG,MACvBqgB,EAAMxqB,OAAS8tG,GAAS9tG,OA8BxBwqB,EAAMujF,OA3BN,SAAgBhkF,EAAK9P,GAInB,IAHA,IAAI+zF,EAAM,GACNrH,EAAK,GAAM1sF,EAAI,EACflb,EAAIgrB,EAAItlC,QACLsa,EAAEkrG,KAAK,IAAM,GAAG,CACrB,IAAIj/E,EACJ,GAAIjsB,EAAE8qG,QAAS,CACb,IAAIz5G,EAAM2O,EAAE4gG,MAAMgH,EAAK,GAErB37E,EADE56B,GAAOu2G,GAAM,GAAK,GACfA,GAAM,GAAKv2G,EAEZA,EACN2O,EAAEypG,MAAMx9E,QAERA,EAAI,EAENgjF,EAAIrpH,KAAKqmC,GAIT,IADA,IAAIhiC,EAAuB,IAAd+V,EAAEkrG,KAAK,IAAgC,IAApBlrG,EAAE4gG,MAAMgH,EAAK,GAAa1sF,EAAI,EAAK,EAC1Dl0B,EAAI,EAAGA,EAAIiD,EAAOjD,IACzBioH,EAAIrpH,KAAK,GACXoa,EAAE6gG,OAAO52G,GAGX,OAAOglH,CACT,EA0DAxjF,EAAMyjF,OAtDN,SAAgB78F,EAAIC,GAClB,IAAI68F,EAAM,CACR,GACA,IAGF98F,EAAKA,EAAG3sB,QACR4sB,EAAKA,EAAG5sB,QAGR,IAFA,IAAI0pH,EAAK,EACLC,EAAK,EACFh9F,EAAG64F,MAAMkE,GAAM,GAAK98F,EAAG44F,MAAMmE,GAAM,GAAG,CAG3C,IAMI38D,EAYAC,EAIE28D,EAtBFC,EAAOl9F,EAAGuuF,MAAM,GAAKwO,EAAM,EAC3BI,EAAOl9F,EAAGsuF,MAAM,GAAKyO,EAAM,EAM/B,GALY,IAARE,IACFA,GAAO,GACG,IAARC,IACFA,GAAO,GAES,IAAP,EAAND,GACH78D,EAAK,OAMHA,EAHU,KADR48D,EAAMj9F,EAAGuuF,MAAM,GAAKwO,EAAM,IACN,IAAPE,GAAqB,IAARE,EAGvBD,GAFCA,EAOV,GAHAJ,EAAI,GAAGvpH,KAAK8sD,GAGM,IAAP,EAAN88D,GACH78D,EAAK,OAMHA,EAHU,KADR28D,EAAMh9F,EAAGsuF,MAAM,GAAKyO,EAAM,IACN,IAAPC,GAAqB,IAARC,EAGvBC,GAFCA,EAIVL,EAAI,GAAGvpH,KAAK+sD,GAGR,EAAIy8D,IAAO18D,EAAK,IAClB08D,EAAK,EAAIA,GACP,EAAIC,IAAO18D,EAAK,IAClB08D,EAAK,EAAIA,GACXh9F,EAAGwuF,OAAO,GACVvuF,EAAGuuF,OAAO,GAGZ,OAAOsO,CACT,EAUA1jF,EAAMgkF,eAPN,SAAwBtrE,EAAKl1C,EAAMygH,GACjC,IAAI/0G,EAAM,IAAM1L,EAChBk1C,EAAIp/C,UAAUkK,GAAQ,WACpB,YAAqBjK,IAAdjB,KAAK4W,GAAqB5W,KAAK4W,GAC/B5W,KAAK4W,GAAO+0G,EAAS7qH,KAAKd,MAErC,EAOA0nC,EAAMkkF,WAJN,SAAoB1kH,GAClB,MAAwB,iBAAVA,EAAqBwgC,EAAMC,QAAQzgC,EAAO,OACrBA,CACrC,EAMAwgC,EAAMmkF,UAHN,SAAmB3kH,GACjB,OAAO,IAAIm6C,GAAGn6C,EAAO,MAAO,KAC9B,QFnHiB,SAAc6I,GAI7B,OAHKpC,KACHA,GAAI,IAAIm+G,GAAK,OAERn+G,GAAEwiD,SAASpgD,EACpB,EAEA,SAAS+7G,GAAKltE,GACZ5+C,KAAK4+C,KAAOA,CACd,CACA,OAAsBktE,GAiBtB,GAfAA,GAAK9qH,UAAUmvD,SAAW,SAAkBpgD,GAC1C,OAAO/P,KAAK+rH,MAAMh8G,EACpB,EAGA+7G,GAAK9qH,UAAU+qH,MAAQ,SAAe3/G,GACpC,GAAIpM,KAAK4+C,KAAK8zB,SACZ,OAAO1yE,KAAK4+C,KAAK8zB,SAAStmE,GAG5B,IADA,IAAI+C,EAAM,IAAItM,WAAWuJ,GAChBnJ,EAAI,EAAGA,EAAIkM,EAAI/N,OAAQ6B,IAC9BkM,EAAIlM,GAAKjD,KAAK4+C,KAAKotE,UACrB,OAAO78G,CACT,EAEoB,iBAATuuC,KACLA,KAAKj/B,QAAUi/B,KAAKj/B,OAAOm/B,gBAE7BkuE,GAAK9qH,UAAU+qH,MAAQ,SAAe3/G,GACpC,IAAIqwC,EAAM,IAAI55C,WAAWuJ,GAEzB,OADAsxC,KAAKj/B,OAAOm/B,gBAAgBnB,GACrBA,GAEAiB,KAAKC,UAAYD,KAAKC,SAASC,gBAExCkuE,GAAK9qH,UAAU+qH,MAAQ,SAAe3/G,GACpC,IAAIqwC,EAAM,IAAI55C,WAAWuJ,GAEzB,OADAsxC,KAAKC,SAASC,gBAAgBnB,GACvBA,GAIkB,iBAAX+c,SAEhBsyD,GAAK9qH,UAAU+qH,MAAQ,WACrB,MAAU7oH,MAAM,8BAKpB,IACE,IAAIub,QAAS,EACb,GAAkC,mBAAvBA,GAAOs/B,YAChB,MAAU76C,MAAM,iBAElB4oH,GAAK9qH,UAAU+qH,MAAQ,SAAe3/G,GACpC,OAAOqS,GAAOs/B,YAAY3xC,IAE5B,MAAO/H,eG1DX,IAAI4mH,GAASvjF,GAAMujF,OACfE,GAASzjF,GAAMyjF,OACfhmF,GAASuC,GAAMvC,OAEnB,SAAS8mF,GAAUjyG,EAAMkyG,GACvBlsH,KAAKga,KAAOA,EACZha,KAAKoyB,EAAI,IAAIivB,GAAG6qE,EAAK95F,EAAG,IAGxBpyB,KAAK06G,IAAMwR,EAAKlC,MAAQ3oE,GAAGq5D,IAAIwR,EAAKlC,OAAS3oE,GAAGwpE,KAAK7qH,KAAKoyB,GAG1DpyB,KAAK0P,KAAO,IAAI2xC,GAAG,GAAGwmE,MAAM7nH,KAAK06G,KACjC16G,KAAK2P,IAAM,IAAI0xC,GAAG,GAAGwmE,MAAM7nH,KAAK06G,KAChC16G,KAAKwyC,IAAM,IAAI6O,GAAG,GAAGwmE,MAAM7nH,KAAK06G,KAGhC16G,KAAKoM,EAAI8/G,EAAK9/G,GAAK,IAAIi1C,GAAG6qE,EAAK9/G,EAAG,IAClCpM,KAAK2kC,EAAIunF,EAAKvnF,GAAK3kC,KAAKmsH,cAAcD,EAAKvnF,EAAGunF,EAAKE,MAGnDpsH,KAAKqsH,eACLrsH,KAAKssH,eACLtsH,KAAKusH,eACLvsH,KAAKwsH,eAGL,IAAIC,EAAczsH,KAAKoM,GAAKpM,KAAKoyB,EAAE8zF,IAAIlmH,KAAKoM,IACvCqgH,GAAeA,EAAYtF,KAAK,KAAO,EAC1CnnH,KAAK0sH,KAAO,MAEZ1sH,KAAK2sH,eAAgB,EACrB3sH,KAAK0sH,KAAO1sH,KAAKoM,EAAEy7G,MAAM7nH,KAAK06G,KAElC,CACA,OAAiBuR,GAgNjB,SAASW,GAAUp8G,EAAOwJ,GACxBha,KAAKwQ,MAAQA,EACbxQ,KAAKga,KAAOA,EACZha,KAAK6sH,YAAc,IACrB,CAlNAZ,GAAUjrH,UAAU8rH,MAAQ,WAC1B,MAAU5pH,MAAM,kBAClB,EAEA+oH,GAAUjrH,UAAUskD,SAAW,WAC7B,MAAUpiD,MAAM,kBAClB,EAEA+oH,GAAUjrH,UAAU+rH,aAAe,SAAsB36F,EAAGnW,GAC1DkpB,GAAO/S,EAAEy6F,aACT,IAAIG,EAAU56F,EAAE66F,cAEZ/B,EAAMD,GAAOhvG,EAAG,GAChB+a,GAAK,GAAMg2F,EAAQE,KAAO,IAAOF,EAAQE,KAAO,GAAM,EAAI,EAAI,GAClEl2F,GAAK,EAIL,IADA,IAAIm2F,EAAO,GACFxwG,EAAI,EAAGA,EAAIuuG,EAAI9pH,OAAQub,GAAKqwG,EAAQE,KAAM,CACjD,IAAIE,EAAO,EACX,IAASnxG,EAAIU,EAAIqwG,EAAQE,KAAO,EAAGjxG,GAAKU,EAAGV,IACzCmxG,GAAQA,GAAQ,GAAKlC,EAAIjvG,GAC3BkxG,EAAKtrH,KAAKurH,GAKZ,IAFA,IAAI/+G,EAAIrO,KAAKqtH,OAAO,KAAM,KAAM,MAC5Bp/G,EAAIjO,KAAKqtH,OAAO,KAAM,KAAM,MACvBpqH,EAAI+zB,EAAG/zB,EAAI,EAAGA,IAAK,CAC1B,IAAS0Z,EAAI,EAAGA,EAAIwwG,EAAK/rH,OAAQub,IAAK,EAChCywG,EAAOD,EAAKxwG,MACH1Z,EACXgL,EAAIA,EAAEq/G,SAASN,EAAQO,OAAO5wG,IACvBywG,KAAUnqH,IACjBgL,EAAIA,EAAEq/G,SAASN,EAAQO,OAAO5wG,GAAGihG,QAErCvvG,EAAIA,EAAEpI,IAAIgI,GAEZ,OAAOI,EAAEm/G,KACX,EAEAvB,GAAUjrH,UAAUysH,SAAW,SAAkBr7F,EAAGnW,GAClD,IAAIkb,EAAI,EAGJu2F,EAAYt7F,EAAEu7F,cAAcx2F,GAChCA,EAAIu2F,EAAU/C,IAQd,IAPA,IAAIA,EAAM+C,EAAUH,OAGhBrC,EAAMD,GAAOhvG,EAAGkb,GAGhBuvF,EAAM1mH,KAAKqtH,OAAO,KAAM,KAAM,MACzBpqH,EAAIioH,EAAI9pH,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CAExC,IAASgZ,EAAI,EAAGhZ,GAAK,GAAgB,IAAXioH,EAAIjoH,GAAUA,IACtCgZ,IAKF,GAJIhZ,GAAK,GACPgZ,IACFyqG,EAAMA,EAAIkH,KAAK3xG,GAEXhZ,EAAI,EACN,MACF,IAAIilC,EAAIgjF,EAAIjoH,GACZkiC,GAAa,IAAN+C,GAIHw+E,EAHW,WAAXt0F,EAAEpY,KAEAkuB,EAAI,EACAw+E,EAAI4G,SAAS3C,EAAKziF,EAAI,GAAM,IAE5Bw+E,EAAI4G,SAAS3C,GAAMziF,EAAI,GAAM,GAAG01E,OAGpC11E,EAAI,EACAw+E,EAAIzgH,IAAI0kH,EAAKziF,EAAI,GAAM,IAEvBw+E,EAAIzgH,IAAI0kH,GAAMziF,EAAI,GAAM,GAAG01E,OAGvC,MAAkB,WAAXxrF,EAAEpY,KAAoB0sG,EAAI8G,MAAQ9G,CAC3C,EAEAuF,GAAUjrH,UAAU6sH,YAAc,SAAqBC,EACAP,EACAQ,EACAh+G,EACAi+G,GAOrD,IANA,IAAIC,EAAWjuH,KAAKqsH,QAChB1B,EAAM3qH,KAAKssH,QACXpB,EAAMlrH,KAAKusH,QAGX5gH,EAAM,EACD1I,EAAI,EAAGA,EAAI8M,EAAK9M,IAAK,CAC5B,IACIyqH,GADAt7F,EAAIm7F,EAAOtqH,IACG0qH,cAAcG,GAChCG,EAAShrH,GAAKyqH,EAAU/C,IACxBA,EAAI1nH,GAAKyqH,EAAUH,OAIrB,IAAStqH,EAAI8M,EAAM,EAAG9M,GAAK,EAAGA,GAAK,EAAG,CACpC,IAAIoL,EAAIpL,EAAI,EACRgL,EAAIhL,EACR,GAAoB,IAAhBgrH,EAAS5/G,IAA4B,IAAhB4/G,EAAShgH,GAAlC,CAQA,IAAIigH,EAAO,CACTX,EAAOl/G,GACP,KACA,KACAk/G,EAAOt/G,IAI4B,IAAjCs/G,EAAOl/G,GAAGH,EAAE6sG,IAAIwS,EAAOt/G,GAAGC,IAC5BggH,EAAK,GAAKX,EAAOl/G,GAAGpI,IAAIsnH,EAAOt/G,IAC/BigH,EAAK,GAAKX,EAAOl/G,GAAG8/G,MAAMb,SAASC,EAAOt/G,GAAG2vG,QACM,IAA1C2P,EAAOl/G,GAAGH,EAAE6sG,IAAIwS,EAAOt/G,GAAGC,EAAEi7G,WACrC+E,EAAK,GAAKX,EAAOl/G,GAAG8/G,MAAMb,SAASC,EAAOt/G,IAC1CigH,EAAK,GAAKX,EAAOl/G,GAAGpI,IAAIsnH,EAAOt/G,GAAG2vG,SAElCsQ,EAAK,GAAKX,EAAOl/G,GAAG8/G,MAAMb,SAASC,EAAOt/G,IAC1CigH,EAAK,GAAKX,EAAOl/G,GAAG8/G,MAAMb,SAASC,EAAOt/G,GAAG2vG,QAG/C,IAAIn+F,EAAQ,EACT,GACA,GACA,GACA,EACD,EACA,EACA,EACA,EACA,GAGE2rG,EAAMD,GAAO4C,EAAO1/G,GAAI0/G,EAAO9/G,IACnCtC,EAAMD,KAAKC,IAAIy/G,EAAI,GAAGhqH,OAAQuK,GAC9Bu/G,EAAI78G,GAASxO,MAAM8L,GACnBu/G,EAAIj9G,GAASpO,MAAM8L,GACnB,IAAK,IAAIgR,EAAI,EAAGA,EAAIhR,EAAKgR,IAAK,CAC5B,IAAIyxG,EAAiB,EAAZhD,EAAI,GAAGzuG,GACZ0xG,EAAiB,EAAZjD,EAAI,GAAGzuG,GAEhBuuG,EAAI78G,GAAGsO,GAAK8C,EAAiB,GAAV2uG,EAAK,IAAUC,EAAK,IACvCnD,EAAIj9G,GAAG0O,GAAK,EACZguG,EAAIt8G,GAAK6/G,QAhDThD,EAAI78G,GAAK48G,GAAO8C,EAAO1/G,GAAI4/G,EAAS5/G,IACpC68G,EAAIj9G,GAAKg9G,GAAO8C,EAAO9/G,GAAIggH,EAAShgH,IACpCtC,EAAMD,KAAKC,IAAIu/G,EAAI78G,GAAGjN,OAAQuK,GAC9BA,EAAMD,KAAKC,IAAIu/G,EAAIj9G,GAAG7M,OAAQuK,GAiDlC,IAAI+6G,EAAM1mH,KAAKqtH,OAAO,KAAM,KAAM,MAC9B9+G,EAAMvO,KAAKwsH,QACf,IAASvpH,EAAI0I,EAAK1I,GAAK,EAAGA,IAAK,CAG7B,IAFA,IAAIgZ,EAAI,EAEDhZ,GAAK,GAAG,CACb,IAAIyM,GAAO,EACX,IAASiN,EAAI,EAAGA,EAAI5M,EAAK4M,IACvBpO,EAAIoO,GAAiB,EAAZuuG,EAAIvuG,GAAG1Z,GACD,IAAXsL,EAAIoO,KACNjN,GAAO,GAEX,IAAKA,EACH,MACFuM,IACAhZ,IAKF,GAHIA,GAAK,GACPgZ,IACFyqG,EAAMA,EAAIkH,KAAK3xG,GACXhZ,EAAI,EACN,MAEF,IAAS0Z,EAAI,EAAGA,EAAI5M,EAAK4M,IAAK,CAC5B,IACIyV,EADA8V,EAAI35B,EAAIoO,GAEF,IAANurB,IAEKA,EAAI,EACX9V,EAAIu4F,EAAIhuG,GAAIurB,EAAI,GAAM,GACfA,EAAI,IACX9V,EAAIu4F,EAAIhuG,IAAKurB,EAAI,GAAM,GAAG01E,OAG1B8I,EADa,WAAXt0F,EAAEpY,KACE0sG,EAAI4G,SAASl7F,GAEbs0F,EAAIzgH,IAAImsB,KAIpB,IAASnvB,EAAI,EAAGA,EAAI8M,EAAK9M,IACvB0nH,EAAI1nH,GAAK,KAEX,OAAI+qH,EACKtH,EAEAA,EAAI8G,KACf,EAOAvB,GAAUW,UAAYA,GAEtBA,GAAU5rH,UAAUkoD,GAAK,WACvB,MAAUhmD,MAAM,kBAClB,EAEA0pH,GAAU5rH,UAAUskD,SAAW,WAC7B,OAAOtlD,KAAKwQ,MAAM80C,SAAStlD,KAC7B,EAEAisH,GAAUjrH,UAAUstH,YAAc,SAAqBpnH,EAAO4+B,GAC5D5+B,EAAQwgC,GAAMC,QAAQzgC,EAAO4+B,GAE7B,IAAI/1B,EAAM/P,KAAKoyB,EAAEjuB,aAGjB,IAAkB,IAAb+C,EAAM,IAA4B,IAAbA,EAAM,IAA4B,IAAbA,EAAM,KACjDA,EAAM9F,OAAS,GAAM,EAAI2O,EAS3B,OARiB,IAAb7I,EAAM,GACRi+B,GAAOj+B,EAAMA,EAAM9F,OAAS,GAAK,GAAM,GACnB,IAAb8F,EAAM,IACbi+B,GAAOj+B,EAAMA,EAAM9F,OAAS,GAAK,GAAM,GAE9BpB,KAAK8sH,MAAM5lH,EAAMxF,MAAM,EAAG,EAAIqO,GACnB7I,EAAMxF,MAAM,EAAIqO,EAAK,EAAI,EAAIA,IAG9C,IAAkB,IAAb7I,EAAM,IAA4B,IAAbA,EAAM,KAC3BA,EAAM9F,OAAS,IAAM2O,EAC/B,OAAO/P,KAAKuuH,WAAWrnH,EAAMxF,MAAM,EAAG,EAAIqO,GAAmB,IAAb7I,EAAM,IAExD,MAAUhE,MAAM,uBAClB,EAEA0pH,GAAU5rH,UAAUwtH,iBAAmB,SAA0B1oF,GAC/D,OAAO9lC,KAAKkd,OAAO4oB,GAAK,EAC1B,EAEA8mF,GAAU5rH,UAAUytH,QAAU,SAAiBC,GAC7C,IAAI3+G,EAAM/P,KAAKwQ,MAAM4hB,EAAEjuB,aACnB2I,EAAI9M,KAAK2uH,OAAOhnF,QAAQ,KAAM53B,GAElC,OAAI2+G,EACK,CAAE1uH,KAAK4uH,OAAO3/G,SAAW,EAAO,GAAOzI,OAAOsG,GAEhD,CAAE,GAAOtG,OAAOsG,EAAG9M,KAAK4uH,OAAOjnF,QAAQ,KAAM53B,GACtD,EAEA68G,GAAU5rH,UAAUkc,OAAS,SAAgB4oB,EAAK4oF,GAChD,OAAOhnF,GAAMxqB,OAAOld,KAAKyuH,QAAQC,GAAU5oF,EAC7C,EAEA8mF,GAAU5rH,UAAU6tH,WAAa,SAAoBhpE,GACnD,GAAI7lD,KAAK6sH,YACP,OAAO7sH,KAET,IAAI6sH,EAAc,CAChBG,QAAS,KACT9B,IAAK,KACL4D,KAAM,MAOR,OALAjC,EAAY3B,IAAMlrH,KAAK2tH,cAAc,GACrCd,EAAYG,QAAUhtH,KAAKitH,YAAY,EAAGpnE,GAC1CgnE,EAAYiC,KAAO9uH,KAAK+uH,WACxB/uH,KAAK6sH,YAAcA,EAEZ7sH,IACT,EAEA4sH,GAAU5rH,UAAUguH,YAAc,SAAqB/yG,GACrD,IAAKjc,KAAK6sH,YACR,OAAO,EAET,IAAIG,EAAUhtH,KAAK6sH,YAAYG,QAC/B,QAAKA,GAGEA,EAAQO,OAAOnsH,QAAUsK,KAAKmQ,MAAMI,EAAExM,YAAc,GAAKu9G,EAAQE,KAC1E,EAEAN,GAAU5rH,UAAUisH,YAAc,SAAqBC,EAAMrnE,GAC3D,GAAI7lD,KAAK6sH,aAAe7sH,KAAK6sH,YAAYG,QACvC,OAAOhtH,KAAK6sH,YAAYG,QAI1B,IAFA,IAAIA,EAAU,CAAEhtH,MACZ0mH,EAAM1mH,KACDiD,EAAI,EAAGA,EAAI4iD,EAAO5iD,GAAKiqH,EAAM,CACpC,IAAK,IAAIvwG,EAAI,EAAGA,EAAIuwG,EAAMvwG,IACxB+pG,EAAMA,EAAIuI,MACZjC,EAAQnrH,KAAK6kH,GAEf,MAAO,CACLwG,KAAMA,EACNK,OAAQP,EAEZ,EAEAJ,GAAU5rH,UAAU2sH,cAAgB,SAAuBhD,GACzD,GAAI3qH,KAAK6sH,aAAe7sH,KAAK6sH,YAAY3B,IACvC,OAAOlrH,KAAK6sH,YAAY3B,IAK1B,IAHA,IAAI/7G,EAAM,CAAEnP,MACR2L,GAAO,GAAKg/G,GAAO,EACnBsE,EAAc,IAARtjH,EAAY,KAAO3L,KAAKivH,MACzBhsH,EAAI,EAAGA,EAAI0I,EAAK1I,IACvBkM,EAAIlM,GAAKkM,EAAIlM,EAAI,GAAGgD,IAAIgpH,GAC1B,MAAO,CACLtE,IAAKA,EACL4C,OAAQp+G,EAEZ,EAEAy9G,GAAU5rH,UAAU+tH,SAAW,WAC7B,OAAO,IACT,EAEAnC,GAAU5rH,UAAU4sH,KAAO,SAAc3xG,GAEvC,IADA,IAAItO,EAAI3N,KACCiD,EAAI,EAAGA,EAAIgZ,EAAGhZ,IACrB0K,EAAIA,EAAEshH,MACR,OAAOthH,CACT,EC9WA,IAAIw3B,GAASuC,GAAMvC,OAEnB,SAAS+pF,GAAWhD,GAClBiD,GAAKruH,KAAKd,KAAM,QAASksH,GAEzBlsH,KAAKqO,EAAI,IAAIgzC,GAAG6qE,EAAK79G,EAAG,IAAIw5G,MAAM7nH,KAAK06G,KACvC16G,KAAKiO,EAAI,IAAIozC,GAAG6qE,EAAKj+G,EAAG,IAAI45G,MAAM7nH,KAAK06G,KACvC16G,KAAKovH,KAAOpvH,KAAKwyC,IAAI02E,UAErBlpH,KAAKqvH,MAAqC,IAA7BrvH,KAAKqO,EAAE45G,UAAUd,KAAK,GACnCnnH,KAAKsvH,OAAmD,IAA1CtvH,KAAKqO,EAAE45G,UAAUj7G,IAAIhN,KAAKoyB,GAAG+0F,MAAM,GAGjDnnH,KAAKuvH,KAAOvvH,KAAKwvH,iBAAiBtD,GAClClsH,KAAKyvH,mBACLzvH,KAAK0vH,kBACP,IACSR,GAAYC,IACrB,OAAiBD,GAiOjB,SAASS,GAAMn/G,EAAO1D,EAAGoB,EAAG0hH,GAC1BT,GAAKvC,UAAU9rH,KAAKd,KAAMwQ,EAAO,UACvB,OAAN1D,GAAoB,OAANoB,GAChBlO,KAAK8M,EAAI,KACT9M,KAAKkO,EAAI,KACTlO,KAAK6vH,KAAM,IAEX7vH,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IAEf0hH,IACF5vH,KAAK8M,EAAEq7G,SAASnoH,KAAKwQ,MAAMkqG,KAC3B16G,KAAKkO,EAAEi6G,SAASnoH,KAAKwQ,MAAMkqG,MAExB16G,KAAK8M,EAAE4tG,MACV16G,KAAK8M,EAAI9M,KAAK8M,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkO,EAAEwsG,MACV16G,KAAKkO,EAAIlO,KAAKkO,EAAE25G,MAAM7nH,KAAKwQ,MAAMkqG,MACnC16G,KAAK6vH,KAAM,EAEf,CA2NA,SAASC,GAAOt/G,EAAO1D,EAAGoB,EAAGg6B,GAC3BinF,GAAKvC,UAAU9rH,KAAKd,KAAMwQ,EAAO,YACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANg6B,GAC9BloC,KAAK8M,EAAI9M,KAAKwQ,MAAMb,IACpB3P,KAAKkO,EAAIlO,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAI,IAAImZ,GAAG,KAEhBrhD,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IACnBlO,KAAKkoC,EAAI,IAAImZ,GAAGnZ,EAAG,KAEhBloC,KAAK8M,EAAE4tG,MACV16G,KAAK8M,EAAI9M,KAAK8M,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkO,EAAEwsG,MACV16G,KAAKkO,EAAIlO,KAAKkO,EAAE25G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkoC,EAAEwyE,MACV16G,KAAKkoC,EAAIloC,KAAKkoC,EAAE2/E,MAAM7nH,KAAKwQ,MAAMkqG,MAEnC16G,KAAK+vH,KAAO/vH,KAAKkoC,IAAMloC,KAAKwQ,MAAMb,GACpC,CCpfA,SAASqgH,GAAU9D,GACjBiD,GAAKruH,KAAKd,KAAM,OAAQksH,GAExBlsH,KAAKqO,EAAI,IAAIgzC,GAAG6qE,EAAK79G,EAAG,IAAIw5G,MAAM7nH,KAAK06G,KACvC16G,KAAKiO,EAAI,IAAIozC,GAAG6qE,EAAKj+G,EAAG,IAAI45G,MAAM7nH,KAAK06G,KACvC16G,KAAKiwH,GAAK,IAAI5uE,GAAG,GAAGwmE,MAAM7nH,KAAK06G,KAAKwO,UACpClpH,KAAKwyC,IAAM,IAAI6O,GAAG,GAAGwmE,MAAM7nH,KAAK06G,KAGhC16G,KAAKkwH,IAAMlwH,KAAKiwH,GAAGvH,OAAO1oH,KAAKqO,EAAE+5G,OAAOpoH,KAAKwyC,KAC/C,CDSA08E,GAAWluH,UAAUwuH,iBAAmB,SAA0BtD,GAEhE,GAAKlsH,KAAKqvH,OAAUrvH,KAAK2kC,GAAM3kC,KAAKoM,GAAwB,IAAnBpM,KAAKoyB,EAAEkqF,KAAK,GAArD,CAIA,IAAIwS,EACAqB,EACJ,GAAIjE,EAAK4C,KACPA,EAAO,IAAIztE,GAAG6qE,EAAK4C,KAAM,IAAIjH,MAAM7nH,KAAK06G,SACnC,CACL,IAAI0V,EAAQpwH,KAAKqwH,cAAcrwH,KAAKoyB,GAGpC08F,GADAA,EAAOsB,EAAM,GAAGrV,IAAIqV,EAAM,IAAM,EAAIA,EAAM,GAAKA,EAAM,IACzCvI,MAAM7nH,KAAK06G,KAEzB,GAAIwR,EAAKiE,OACPA,EAAS,IAAI9uE,GAAG6qE,EAAKiE,OAAQ,QACxB,CAEL,IAAIG,EAAUtwH,KAAKqwH,cAAcrwH,KAAKoM,GACsB,IAAxDpM,KAAK2kC,EAAEz3B,IAAIojH,EAAQ,IAAIxjH,EAAEiuG,IAAI/6G,KAAK2kC,EAAE73B,EAAE47G,OAAOoG,IAC/CqB,EAASG,EAAQ,IAEjBH,EAASG,EAAQ,GACjBnrF,GAA2D,IAApDnlC,KAAK2kC,EAAEz3B,IAAIijH,GAAQrjH,EAAEiuG,IAAI/6G,KAAK2kC,EAAE73B,EAAE47G,OAAOoG,MAiBpD,MAAO,CACLA,KAAMA,EACNqB,OAAQA,EACRI,MAdErE,EAAKqE,MACCrE,EAAKqE,MAAMroH,KAAI,SAASsoH,GAC9B,MAAO,CACLniH,EAAG,IAAIgzC,GAAGmvE,EAAIniH,EAAG,IACjBJ,EAAG,IAAIozC,GAAGmvE,EAAIviH,EAAG,QAIbjO,KAAKywH,cAAcN,IAQ/B,EAEAjB,GAAWluH,UAAUqvH,cAAgB,SAAuBppF,GAI1D,IAAIyzE,EAAMzzE,IAAQjnC,KAAKoyB,EAAIpyB,KAAK06G,IAAMr5D,GAAGwpE,KAAK5jF,GAC1CmoF,EAAO,IAAI/tE,GAAG,GAAGwmE,MAAMnN,GAAKwO,UAC5BwH,EAAQtB,EAAKjG,SAEbtrG,EAAI,IAAIwjC,GAAG,GAAGwmE,MAAMnN,GAAKyO,SAASH,UAAUN,OAAO0G,GAIvD,MAAO,CAFEsB,EAAMtI,OAAOvqG,GAAGoqG,UAChByI,EAAMpI,OAAOzqG,GAAGoqG,UAE3B,EAEAiH,GAAWluH,UAAUyvH,cAAgB,SAAuBN,GA2B1D,IAzBA,IAYItR,EACAjlE,EAEAolE,EACAnlE,EAEAslE,EACArlE,EAEA62E,EAEAhjH,EACAb,EAxBA8jH,EAAW5wH,KAAKoM,EAAEm5G,MAAM75G,KAAKsP,MAAMhb,KAAKoM,EAAEqD,YAAc,IAIxDoqB,EAAIs2F,EACJt4E,EAAI73C,KAAKoM,EAAEzK,QACX8oB,EAAK,IAAI42B,GAAG,GACZr2B,EAAK,IAAIq2B,GAAG,GACZ32B,EAAK,IAAI22B,GAAG,GACZp2B,EAAK,IAAIo2B,GAAG,GAaZp+C,EAAI,EAGa,IAAd42B,EAAEstF,KAAK,IAAU,CACtB,IAAI74G,EAAIupC,EAAEquE,IAAIrsF,GACdlsB,EAAIkqC,EAAE7qC,IAAIsB,EAAEpB,IAAI2sB,IAChB/sB,EAAI4d,EAAG1d,IAAIsB,EAAEpB,IAAIud,IACjB,IAAIvc,EAAI+c,EAAGje,IAAIsB,EAAEpB,IAAI8d,IAErB,IAAKg0F,GAAMrxG,EAAEotG,IAAI6V,GAAY,EAC3B/R,EAAK8R,EAAM/S,MACXhkE,EAAKnvB,EACLu0F,EAAKrxG,EAAEiwG,MACP/jE,EAAK/sC,OACA,GAAIkyG,GAAc,KAAN/7G,EACjB,MAEF0tH,EAAQhjH,EAERkqC,EAAIhe,EACJA,EAAIlsB,EACJ+c,EAAKD,EACLA,EAAK3d,EACLme,EAAKD,EACLA,EAAK9c,EAEPixG,EAAKxxG,EAAEiwG,MACP9jE,EAAKhtC,EAEL,IAAI+jH,EAAO7R,EAAGyF,MAAMx+G,IAAI4zC,EAAG4qE,OAiB3B,OAhBWtF,EAAGsF,MAAMx+G,IAAI6zC,EAAG2qE,OAClB1J,IAAI8V,IAAS,IACpB1R,EAAKN,EACL/kE,EAAKF,GAIHolE,EAAGxE,WACLwE,EAAKA,EAAGpB,MACR/jE,EAAKA,EAAG+jE,OAENuB,EAAG3E,WACL2E,EAAKA,EAAGvB,MACR9jE,EAAKA,EAAG8jE,OAGH,CACL,CAAEvvG,EAAG2wG,EAAI/wG,EAAG4rC,GACZ,CAAExrC,EAAOJ,EAAG6rC,GAEhB,EAEAo1E,GAAWluH,UAAU8vH,WAAa,SAAoB70G,GACpD,IAAIs0G,EAAQvwH,KAAKuvH,KAAKgB,MAClBQ,EAAKR,EAAM,GACXS,EAAKT,EAAM,GAEXhjG,EAAKyjG,EAAG/iH,EAAEf,IAAI+O,GAAGsqG,SAASvmH,KAAKoM,GAC/BohB,EAAKujG,EAAG9iH,EAAE2vG,MAAM1wG,IAAI+O,GAAGsqG,SAASvmH,KAAKoM,GAErCk2B,EAAK/U,EAAGrgB,IAAI6jH,EAAG1iH,GACfk0B,EAAK/U,EAAGtgB,IAAI8jH,EAAG3iH,GACfgrB,EAAK9L,EAAGrgB,IAAI6jH,EAAG9iH,GACfqrB,EAAK9L,EAAGtgB,IAAI8jH,EAAG/iH,GAKnB,MAAO,CAAEqgB,GAFArS,EAAEjP,IAAIs1B,GAAIt1B,IAAIu1B,GAENhU,GADR8K,EAAGpzB,IAAIqzB,GAAIskF,MAEtB,EAEAsR,GAAWluH,UAAUutH,WAAa,SAAoBzhH,EAAG42G,IACvD52G,EAAI,IAAIu0C,GAAGv0C,EAAG,KACP4tG,MACL5tG,EAAIA,EAAE+6G,MAAM7nH,KAAK06G,MAEnB,IAAIzvF,EAAKne,EAAE+7G,SAASH,OAAO57G,GAAGu7G,QAAQv7G,EAAE47G,OAAO1oH,KAAKqO,IAAIg6G,QAAQroH,KAAKiO,GACjEC,EAAI+c,EAAG+9F,UACX,GAA6C,IAAzC96G,EAAE26G,SAASP,OAAOr9F,GAAI8vF,IAAI/6G,KAAK0P,MACjC,MAAUxM,MAAM,iBAIlB,IAAI6jH,EAAQ74G,EAAE+5G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3B74G,EAAIA,EAAEi7G,UAEDnpH,KAAK8sH,MAAMhgH,EAAGoB,EACvB,EAEAghH,GAAWluH,UAAUskD,SAAW,SAAkBwnE,GAChD,GAAIA,EAAM+C,IACR,OAAO,EAET,IAAI/iH,EAAIggH,EAAMhgH,EACVoB,EAAI4+G,EAAM5+G,EAEV+iH,EAAKjxH,KAAKqO,EAAEq6G,OAAO57G,GACnBokH,EAAMpkH,EAAE+7G,SAASH,OAAO57G,GAAGu7G,QAAQ4I,GAAI5I,QAAQroH,KAAKiO,GACxD,OAA2C,IAApCC,EAAE26G,SAASN,QAAQ2I,GAAK/J,KAAK,EACtC,EAEA+H,GAAWluH,UAAUmwH,gBACjB,SAAyB5D,EAAQQ,EAAQC,GAG3C,IAFA,IAAIoD,EAAUpxH,KAAKyvH,YACf4B,EAAUrxH,KAAK0vH,YACVzsH,EAAI,EAAGA,EAAIsqH,EAAOnsH,OAAQ6B,IAAK,CACtC,IAAI8c,EAAQ/f,KAAK8wH,WAAW/C,EAAO9qH,IAC/BmvB,EAAIm7F,EAAOtqH,GACX6rH,EAAO18F,EAAE28F,WAEThvG,EAAMuO,GAAGksF,WACXz6F,EAAMuO,GAAGovF,OACTtrF,EAAIA,EAAEwrF,KAAI,IAER79F,EAAMwO,GAAGisF,WACXz6F,EAAMwO,GAAGmvF,OACToR,EAAOA,EAAKlR,KAAI,IAGlBwT,EAAY,EAAJnuH,GAASmvB,EACjBg/F,EAAY,EAAJnuH,EAAQ,GAAK6rH,EACrBuC,EAAY,EAAJpuH,GAAS8c,EAAMuO,GACvB+iG,EAAY,EAAJpuH,EAAQ,GAAK8c,EAAMwO,GAK7B,IAHA,IAAIpf,EAAMnP,KAAK6tH,YAAY,EAAGuD,EAASC,EAAa,EAAJpuH,EAAO+qH,GAG9CrxG,EAAI,EAAGA,EAAQ,EAAJ1Z,EAAO0Z,IACzBy0G,EAAQz0G,GAAK,KACb00G,EAAQ10G,GAAK,KAEf,OAAOxN,CACT,KAuBSwgH,GAAOR,GAAKvC,WAErBsC,GAAWluH,UAAU8rH,MAAQ,SAAehgH,EAAGoB,EAAG0hH,GAChD,OAAO,IAAID,GAAM3vH,KAAM8M,EAAGoB,EAAG0hH,EAC/B,EAEAV,GAAWluH,UAAUmrH,cAAgB,SAAuB/rE,EAAKs6D,GAC/D,OAAOiV,GAAM2B,SAAStxH,KAAMogD,EAAKs6D,EACnC,EAEAiV,GAAM3uH,UAAU+tH,SAAW,WACzB,GAAK/uH,KAAKwQ,MAAM++G,KAAhB,CAGA,IAAIgC,EAAMvxH,KAAK6sH,YACf,GAAI0E,GAAOA,EAAIzC,KACb,OAAOyC,EAAIzC,KAEb,IAAIA,EAAO9uH,KAAKwQ,MAAMs8G,MAAM9sH,KAAK8M,EAAE47G,OAAO1oH,KAAKwQ,MAAM++G,KAAKT,MAAO9uH,KAAKkO,GACtE,GAAIqjH,EAAK,CACP,IAAI/gH,EAAQxQ,KAAKwQ,MACbghH,EAAU,SAASp/F,GACrB,OAAO5hB,EAAMs8G,MAAM16F,EAAEtlB,EAAE47G,OAAOl4G,EAAM++G,KAAKT,MAAO18F,EAAElkB,IAEpDqjH,EAAIzC,KAAOA,EACXA,EAAKjC,YAAc,CACjBiC,KAAM,KACN5D,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAOrlH,IAAIspH,IAE7BxE,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAOrlH,IAAIspH,KAIrC,OAAO1C,EACT,EAEAa,GAAM3uH,UAAUw7G,OAAS,WACvB,OAAKx8G,KAAK6sH,YAGH,CAAE7sH,KAAK8M,EAAG9M,KAAKkO,EAAGlO,KAAK6sH,aAAe,CAC3CG,QAAShtH,KAAK6sH,YAAYG,SAAW,CACnCE,KAAMltH,KAAK6sH,YAAYG,QAAQE,KAC/BK,OAAQvtH,KAAK6sH,YAAYG,QAAQO,OAAO7rH,MAAM,IAEhDwpH,IAAKlrH,KAAK6sH,YAAY3B,KAAO,CAC3BP,IAAK3qH,KAAK6sH,YAAY3B,IAAIP,IAC1B4C,OAAQvtH,KAAK6sH,YAAY3B,IAAIqC,OAAO7rH,MAAM,MATrC,CAAE1B,KAAK8M,EAAG9M,KAAKkO,EAY1B,EAEAyhH,GAAM2B,SAAW,SAAkB9gH,EAAO4vC,EAAKs6D,GAC1B,iBAARt6D,IACTA,EAAMqxE,KAAKlnH,MAAM61C,IACnB,IAAIjxC,EAAMqB,EAAMs8G,MAAM1sE,EAAI,GAAIA,EAAI,GAAIs6D,GACtC,IAAKt6D,EAAI,GACP,OAAOjxC,EAET,SAASuiH,EAAUtxE,GACjB,OAAO5vC,EAAMs8G,MAAM1sE,EAAI,GAAIA,EAAI,GAAIs6D,GAGrC,IAAI6W,EAAMnxE,EAAI,GAYd,OAXAjxC,EAAI09G,YAAc,CAChBiC,KAAM,KACN9B,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQ,CAAEp+G,GAAM3I,OAAO+qH,EAAIvE,QAAQO,OAAOrlH,IAAIwpH,KAEhDxG,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQ,CAAEp+G,GAAM3I,OAAO+qH,EAAIrG,IAAIqC,OAAOrlH,IAAIwpH,MAGvCviH,CACT,EAEAwgH,GAAM3uH,UAAU26G,QAAU,WACxB,OAAI37G,KAAK2xH,aACA,sBACF,gBAAkB3xH,KAAK8M,EAAEm7G,UAAU17G,SAAS,GAAI,GACnD,OAASvM,KAAKkO,EAAE+5G,UAAU17G,SAAS,GAAI,GAAK,GAClD,EAEAojH,GAAM3uH,UAAU2wH,WAAa,WAC3B,OAAO3xH,KAAK6vH,GACd,EAEAF,GAAM3uH,UAAUiF,IAAM,SAAamsB,GAEjC,GAAIpyB,KAAK6vH,IACP,OAAOz9F,EAGT,GAAIA,EAAEy9F,IACJ,OAAO7vH,KAGT,GAAIA,KAAKkpD,GAAG92B,GACV,OAAOpyB,KAAKivH,MAGd,GAAIjvH,KAAK49G,MAAM10D,GAAG92B,GAChB,OAAOpyB,KAAKwQ,MAAMs8G,MAAM,KAAM,MAGhC,GAAwB,IAApB9sH,KAAK8M,EAAEiuG,IAAI3oF,EAAEtlB,GACf,OAAO9M,KAAKwQ,MAAMs8G,MAAM,KAAM,MAEhC,IAAI1wG,EAAIpc,KAAKkO,EAAEo6G,OAAOl2F,EAAElkB,GACN,IAAdkO,EAAE+qG,KAAK,KACT/qG,EAAIA,EAAEssG,OAAO1oH,KAAK8M,EAAEw7G,OAAOl2F,EAAEtlB,GAAGo8G,YAClC,IAAI0I,EAAKx1G,EAAEysG,SAASN,QAAQvoH,KAAK8M,GAAGy7G,QAAQn2F,EAAEtlB,GAC1C+kH,EAAKz1G,EAAEssG,OAAO1oH,KAAK8M,EAAEw7G,OAAOsJ,IAAKrJ,QAAQvoH,KAAKkO,GAClD,OAAOlO,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAM3uH,UAAUiuH,IAAM,WACpB,GAAIjvH,KAAK6vH,IACP,OAAO7vH,KAGT,IAAI8xH,EAAM9xH,KAAKkO,EAAEk6G,OAAOpoH,KAAKkO,GAC7B,GAAoB,IAAhB4jH,EAAI3K,KAAK,GACX,OAAOnnH,KAAKwQ,MAAMs8G,MAAM,KAAM,MAEhC,IAAIz+G,EAAIrO,KAAKwQ,MAAMnC,EAEfqc,EAAK1qB,KAAK8M,EAAE+7G,SACZkJ,EAAQD,EAAI5I,UACZ9sG,EAAIsO,EAAG09F,OAAO19F,GAAI29F,QAAQ39F,GAAI29F,QAAQh6G,GAAGq6G,OAAOqJ,GAEhDH,EAAKx1G,EAAEysG,SAASN,QAAQvoH,KAAK8M,EAAEs7G,OAAOpoH,KAAK8M,IAC3C+kH,EAAKz1G,EAAEssG,OAAO1oH,KAAK8M,EAAEw7G,OAAOsJ,IAAKrJ,QAAQvoH,KAAKkO,GAClD,OAAOlO,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAM3uH,UAAU2tH,KAAO,WACrB,OAAO3uH,KAAK8M,EAAEm7G,SAChB,EAEA0H,GAAM3uH,UAAU4tH,KAAO,WACrB,OAAO5uH,KAAKkO,EAAE+5G,SAChB,EAEA0H,GAAM3uH,UAAUkM,IAAM,SAAa+O,GAEjC,OADAA,EAAI,IAAIolC,GAAGplC,EAAG,IACVjc,KAAK2xH,aACA3xH,KACAA,KAAKgvH,YAAY/yG,GACjBjc,KAAKwQ,MAAMu8G,aAAa/sH,KAAMic,GAC9Bjc,KAAKwQ,MAAM++G,KACXvvH,KAAKwQ,MAAM2gH,gBAAgB,CAAEnxH,MAAQ,CAAEic,IAEvCjc,KAAKwQ,MAAMi9G,SAASztH,KAAMic,EACrC,EAEA0zG,GAAM3uH,UAAUgxH,OAAS,SAAgB1jG,EAAIiU,EAAIhU,GAC/C,IAAIg/F,EAAS,CAAEvtH,KAAMuiC,GACjBwrF,EAAS,CAAEz/F,EAAIC,GACnB,OAAIvuB,KAAKwQ,MAAM++G,KACNvvH,KAAKwQ,MAAM2gH,gBAAgB5D,EAAQQ,GAEnC/tH,KAAKwQ,MAAMq9G,YAAY,EAAGN,EAAQQ,EAAQ,EACrD,EAEA4B,GAAM3uH,UAAUixH,QAAU,SAAiB3jG,EAAIiU,EAAIhU,GACjD,IAAIg/F,EAAS,CAAEvtH,KAAMuiC,GACjBwrF,EAAS,CAAEz/F,EAAIC,GACnB,OAAIvuB,KAAKwQ,MAAM++G,KACNvvH,KAAKwQ,MAAM2gH,gBAAgB5D,EAAQQ,GAAQ,GAE3C/tH,KAAKwQ,MAAMq9G,YAAY,EAAGN,EAAQQ,EAAQ,GAAG,EACxD,EAEA4B,GAAM3uH,UAAUkoD,GAAK,SAAY92B,GAC/B,OAAOpyB,OAASoyB,GACTpyB,KAAK6vH,MAAQz9F,EAAEy9F,MACV7vH,KAAK6vH,KAA2B,IAApB7vH,KAAK8M,EAAEiuG,IAAI3oF,EAAEtlB,IAAgC,IAApB9M,KAAKkO,EAAE6sG,IAAI3oF,EAAElkB,GAChE,EAEAyhH,GAAM3uH,UAAU48G,IAAM,SAAasU,GACjC,GAAIlyH,KAAK6vH,IACP,OAAO7vH,KAET,IAAImP,EAAMnP,KAAKwQ,MAAMs8G,MAAM9sH,KAAK8M,EAAG9M,KAAKkO,EAAEi7G,UAC1C,GAAI+I,GAAelyH,KAAK6sH,YAAa,CACnC,IAAI0E,EAAMvxH,KAAK6sH,YACXsF,EAAS,SAAS//F,GACpB,OAAOA,EAAEwrF,OAEXzuG,EAAI09G,YAAc,CAChB3B,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAOrlH,IAAIiqH,IAE7BnF,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAOrlH,IAAIiqH,KAIrC,OAAOhjH,CACT,EAEAwgH,GAAM3uH,UAAUmtH,IAAM,WACpB,OAAInuH,KAAK6vH,IACA7vH,KAAKwQ,MAAM68G,OAAO,KAAM,KAAM,MAE7BrtH,KAAKwQ,MAAM68G,OAAOrtH,KAAK8M,EAAG9M,KAAKkO,EAAGlO,KAAKwQ,MAAMb,IAEzD,KAsBSmgH,GAAQX,GAAKvC,WAEtBsC,GAAWluH,UAAUqsH,OAAS,SAAgBvgH,EAAGoB,EAAGg6B,GAClD,OAAO,IAAI4nF,GAAO9vH,KAAM8M,EAAGoB,EAAGg6B,EAChC,EAEA4nF,GAAO9uH,UAAUwsH,IAAM,WACrB,GAAIxtH,KAAK2xH,aACP,OAAO3xH,KAAKwQ,MAAMs8G,MAAM,KAAM,MAEhC,IAAIsF,EAAOpyH,KAAKkoC,EAAEghF,UACdmJ,EAAQD,EAAKvJ,SACboI,EAAKjxH,KAAK8M,EAAE47G,OAAO2J,GACnBC,EAAKtyH,KAAKkO,EAAEw6G,OAAO2J,GAAO3J,OAAO0J,GAErC,OAAOpyH,KAAKwQ,MAAMs8G,MAAMmE,EAAIqB,EAC9B,EAEAxC,GAAO9uH,UAAU48G,IAAM,WACrB,OAAO59G,KAAKwQ,MAAM68G,OAAOrtH,KAAK8M,EAAG9M,KAAKkO,EAAEi7G,SAAUnpH,KAAKkoC,EACzD,EAEA4nF,GAAO9uH,UAAUiF,IAAM,SAAamsB,GAElC,GAAIpyB,KAAK2xH,aACP,OAAOv/F,EAGT,GAAIA,EAAEu/F,aACJ,OAAO3xH,KAGT,IAAIuyH,EAAMngG,EAAE8V,EAAE2gF,SACV/8F,EAAK9rB,KAAKkoC,EAAE2gF,SACZl6D,EAAK3uD,KAAK8M,EAAE47G,OAAO6J,GACnB3jE,EAAKx8B,EAAEtlB,EAAE47G,OAAO58F,GAChBK,EAAKnsB,KAAKkO,EAAEw6G,OAAO6J,EAAI7J,OAAOt2F,EAAE8V,IAChC9b,EAAKgG,EAAElkB,EAAEw6G,OAAO58F,EAAG48F,OAAO1oH,KAAKkoC,IAE/B/rB,EAAIwyC,EAAG25D,OAAO15D,GACdjhD,EAAIwe,EAAGm8F,OAAOl8F,GAClB,GAAkB,IAAdjQ,EAAEgrG,KAAK,GACT,OAAkB,IAAdx5G,EAAEw5G,KAAK,GACFnnH,KAAKwQ,MAAM68G,OAAO,KAAM,KAAM,MAE9BrtH,KAAKivH,MAGhB,IAAIrtF,EAAKzlB,EAAE0sG,SACPhnF,EAAKD,EAAG8mF,OAAOvsG,GACf07B,EAAI8W,EAAG+5D,OAAO9mF,GAEdgwF,EAAKjkH,EAAEk7G,SAASR,QAAQxmF,GAAI0mF,QAAQ1wE,GAAG0wE,QAAQ1wE,GAC/Cg6E,EAAKlkH,EAAE+6G,OAAO7wE,EAAE0wE,QAAQqJ,IAAKrJ,QAAQp8F,EAAGu8F,OAAO7mF,IAC/C2wF,EAAKxyH,KAAKkoC,EAAEwgF,OAAOt2F,EAAE8V,GAAGwgF,OAAOvsG,GAEnC,OAAOnc,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAUssH,SAAW,SAAkBl7F,GAE5C,GAAIpyB,KAAK2xH,aACP,OAAOv/F,EAAE+7F,MAGX,GAAI/7F,EAAEu/F,aACJ,OAAO3xH,KAGT,IAAI8rB,EAAK9rB,KAAKkoC,EAAE2gF,SACZl6D,EAAK3uD,KAAK8M,EACV8hD,EAAKx8B,EAAEtlB,EAAE47G,OAAO58F,GAChBK,EAAKnsB,KAAKkO,EACVke,EAAKgG,EAAElkB,EAAEw6G,OAAO58F,GAAI48F,OAAO1oH,KAAKkoC,GAEhC/rB,EAAIwyC,EAAG25D,OAAO15D,GACdjhD,EAAIwe,EAAGm8F,OAAOl8F,GAClB,GAAkB,IAAdjQ,EAAEgrG,KAAK,GACT,OAAkB,IAAdx5G,EAAEw5G,KAAK,GACFnnH,KAAKwQ,MAAM68G,OAAO,KAAM,KAAM,MAE9BrtH,KAAKivH,MAGhB,IAAIrtF,EAAKzlB,EAAE0sG,SACPhnF,EAAKD,EAAG8mF,OAAOvsG,GACf07B,EAAI8W,EAAG+5D,OAAO9mF,GAEdgwF,EAAKjkH,EAAEk7G,SAASR,QAAQxmF,GAAI0mF,QAAQ1wE,GAAG0wE,QAAQ1wE,GAC/Cg6E,EAAKlkH,EAAE+6G,OAAO7wE,EAAE0wE,QAAQqJ,IAAKrJ,QAAQp8F,EAAGu8F,OAAO7mF,IAC/C2wF,EAAKxyH,KAAKkoC,EAAEwgF,OAAOvsG,GAEvB,OAAOnc,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAU4sH,KAAO,SAAc/7E,GACpC,GAAY,IAARA,EACF,OAAO7xC,KACT,GAAIA,KAAK2xH,aACP,OAAO3xH,KACT,IAAK6xC,EACH,OAAO7xC,KAAKivH,MAEd,GAAIjvH,KAAKwQ,MAAM6+G,OAASrvH,KAAKwQ,MAAM8+G,OAAQ,CAEzC,IADA,IAAI3hH,EAAI3N,KACCiD,EAAI,EAAGA,EAAI4uC,EAAK5uC,IACvB0K,EAAIA,EAAEshH,MACR,OAAOthH,EAKT,IAAIU,EAAIrO,KAAKwQ,MAAMnC,EACf+gH,EAAOpvH,KAAKwQ,MAAM4+G,KAElBqD,EAAKzyH,KAAK8M,EACV4lH,EAAK1yH,KAAKkO,EACVykH,EAAK3yH,KAAKkoC,EACV0qF,EAAMD,EAAG9J,SAASA,SAGlBgK,EAAMH,EAAGtK,OAAOsK,GACpB,IAASzvH,EAAI,EAAGA,EAAI4uC,EAAK5uC,IAAK,CAC5B,IAAI6vH,EAAML,EAAG5J,SACTkK,EAAOF,EAAIhK,SACXmK,EAAOD,EAAKlK,SACZzsG,EAAI02G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQh6G,EAAEq6G,OAAOkK,IAElDhoG,EAAK6nG,EAAG/J,OAAOqK,GACfnB,EAAKx1G,EAAEysG,SAASN,QAAQ39F,EAAGw9F,OAAOx9F,IAClCC,EAAKD,EAAG29F,QAAQqJ,GAChBqB,EAAM72G,EAAEssG,OAAO79F,GACnBooG,EAAMA,EAAI5K,QAAQ4K,GAAK1K,QAAQyK,GAC/B,IAAIR,EAAKK,EAAInK,OAAOiK,GAChB1vH,EAAI,EAAI4uC,IACV+gF,EAAMA,EAAIlK,OAAOsK,IAEnBP,EAAKb,EACLe,EAAKH,EACLK,EAAMI,EAGR,OAAOjzH,KAAKwQ,MAAM68G,OAAOoF,EAAII,EAAInK,OAAO0G,GAAOuD,EACjD,EAEA7C,GAAO9uH,UAAUiuH,IAAM,WACrB,OAAIjvH,KAAK2xH,aACA3xH,KAELA,KAAKwQ,MAAM6+G,MACNrvH,KAAKkzH,WACLlzH,KAAKwQ,MAAM8+G,OACXtvH,KAAKmzH,YAELnzH,KAAKozH,MAChB,EAEAtD,GAAO9uH,UAAUkyH,SAAW,WAC1B,IAAItB,EACAC,EACAW,EAEJ,GAAIxyH,KAAK+vH,KAAM,CAMb,IAAIn1F,EAAK56B,KAAK8M,EAAE+7G,SAEZ/tF,EAAK96B,KAAKkO,EAAE26G,SAEZwK,EAAOv4F,EAAG+tF,SAEVhrG,EAAI7d,KAAK8M,EAAEs7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GACvDx1G,EAAIA,EAAEwqG,QAAQxqG,GAEd,IAAIzQ,EAAIwtB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAE1B3c,EAAI7Q,EAAEy7G,SAASN,QAAQ1qG,GAAG0qG,QAAQ1qG,GAGlCy1G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GAGtB1B,EAAK3zG,EAEL4zG,EAAKzkH,EAAEs7G,OAAO7qG,EAAE0qG,QAAQtqG,IAAIsqG,QAAQ+K,GAEpCd,EAAKxyH,KAAKkO,EAAEk6G,OAAOpoH,KAAKkO,OACnB,CAML,IAAIG,EAAIrO,KAAK8M,EAAE+7G,SAEX56G,EAAIjO,KAAKkO,EAAE26G,SAEXzsG,EAAInO,EAAE46G,SAENpgG,EAAIzoB,KAAK8M,EAAEs7G,OAAOn6G,GAAG46G,SAASN,QAAQl6G,GAAGk6G,QAAQnsG,GACrDqM,EAAIA,EAAE4/F,QAAQ5/F,GAEd,IAAIpkB,EAAIgK,EAAE+5G,OAAO/5G,GAAGg6G,QAAQh6G,GAExBq2B,EAAIrgC,EAAEwkH,SAGN0K,EAAKn3G,EAAEisG,QAAQjsG,GAEnBm3G,GADAA,EAAKA,EAAGlL,QAAQkL,IACRlL,QAAQkL,GAGhB3B,EAAKltF,EAAE6jF,QAAQ9/F,GAAG8/F,QAAQ9/F,GAE1BopG,EAAKxtH,EAAEqkH,OAAOjgG,EAAE8/F,QAAQqJ,IAAKrJ,QAAQgL,GAGrCf,GADAA,EAAKxyH,KAAKkO,EAAEw6G,OAAO1oH,KAAKkoC,IAChBmgF,QAAQmK,GAGlB,OAAOxyH,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAUmyH,UAAY,WAC3B,IAAIvB,EACAC,EACAW,EAEJ,GAAIxyH,KAAK+vH,KAAM,CAMb,IAAIn1F,EAAK56B,KAAK8M,EAAE+7G,SAEZ/tF,EAAK96B,KAAKkO,EAAE26G,SAEZwK,EAAOv4F,EAAG+tF,SAEVhrG,EAAI7d,KAAK8M,EAAEs7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GACvDx1G,EAAIA,EAAEwqG,QAAQxqG,GAEd,IAAIzQ,EAAIwtB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAAIytF,QAAQroH,KAAKwQ,MAAMnC,GAEjD4P,EAAI7Q,EAAEy7G,SAASN,QAAQ1qG,GAAG0qG,QAAQ1qG,GAEtC+zG,EAAK3zG,EAEL,IAAIq1G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GACtBzB,EAAKzkH,EAAEs7G,OAAO7qG,EAAE0qG,QAAQtqG,IAAIsqG,QAAQ+K,GAEpCd,EAAKxyH,KAAKkO,EAAEk6G,OAAOpoH,KAAKkO,OACnB,CAKL,IAAIg5G,EAAQlnH,KAAKkoC,EAAE2gF,SAEf2K,EAAQxzH,KAAKkO,EAAE26G,SAEfiG,EAAO9uH,KAAK8M,EAAE47G,OAAO8K,GAErBC,EAAQzzH,KAAK8M,EAAEw7G,OAAOpB,GAAOwB,OAAO1oH,KAAK8M,EAAEs7G,OAAOlB,IACtDuM,EAAQA,EAAMrL,OAAOqL,GAAOpL,QAAQoL,GAEpC,IAAIC,EAAQ5E,EAAKzG,QAAQyG,GAErB6E,GADJD,EAAQA,EAAMrL,QAAQqL,IACJtL,OAAOsL,GACzB9B,EAAK6B,EAAM5K,SAASN,QAAQoL,GAE5BnB,EAAKxyH,KAAKkO,EAAEk6G,OAAOpoH,KAAKkoC,GAAG2gF,SAASN,QAAQiL,GAAOjL,QAAQrB,GAE3D,IAAI0M,EAAUJ,EAAM3K,SAGpB+K,GADAA,GADAA,EAAUA,EAAQvL,QAAQuL,IACRvL,QAAQuL,IACRvL,QAAQuL,GAC1B/B,EAAK4B,EAAM/K,OAAOgL,EAAMnL,QAAQqJ,IAAKrJ,QAAQqL,GAG/C,OAAO5zH,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAUoyH,KAAO,WACtB,IAAI/kH,EAAIrO,KAAKwQ,MAAMnC,EAGfokH,EAAKzyH,KAAK8M,EACV4lH,EAAK1yH,KAAKkO,EACVykH,EAAK3yH,KAAKkoC,EACV0qF,EAAMD,EAAG9J,SAASA,SAElBiK,EAAML,EAAG5J,SACTgL,EAAMnB,EAAG7J,SAETzsG,EAAI02G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQh6G,EAAEq6G,OAAOkK,IAElDkB,EAAOrB,EAAGrK,OAAOqK,GAEjB7nG,GADJkpG,EAAOA,EAAKzL,QAAQyL,IACNpL,OAAOmL,GACjBjC,EAAKx1G,EAAEysG,SAASN,QAAQ39F,EAAGw9F,OAAOx9F,IAClCC,EAAKD,EAAG29F,QAAQqJ,GAEhBmC,EAAOF,EAAIhL,SAGfkL,GADAA,GADAA,EAAOA,EAAK1L,QAAQ0L,IACR1L,QAAQ0L,IACR1L,QAAQ0L,GACpB,IAAIlC,EAAKz1G,EAAEssG,OAAO79F,GAAI09F,QAAQwL,GAC1BvB,EAAKE,EAAGtK,OAAOsK,GAAIhK,OAAOiK,GAE9B,OAAO3yH,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAUgzH,KAAO,WACtB,IAAKh0H,KAAKwQ,MAAM6+G,MACd,OAAOrvH,KAAKivH,MAAMhpH,IAAIjG,MAMxB,IAAI46B,EAAK56B,KAAK8M,EAAE+7G,SAEZ/tF,EAAK96B,KAAKkO,EAAE26G,SAEZoL,EAAKj0H,KAAKkoC,EAAE2gF,SAEZwK,EAAOv4F,EAAG+tF,SAEVz7G,EAAIwtB,EAAGwtF,OAAOxtF,GAAIytF,QAAQztF,GAE1Bs5F,EAAK9mH,EAAEy7G,SAEPxkH,EAAIrE,KAAK8M,EAAEs7G,OAAOttF,GAAI+tF,SAASN,QAAQ3tF,GAAI2tF,QAAQ8K,GAKnDc,GAFJ9vH,GADAA,GADAA,EAAIA,EAAEgkH,QAAQhkH,IACR+jH,OAAO/jH,GAAGgkH,QAAQhkH,IAClBkkH,QAAQ2L,IAEHrL,SAEP5qG,EAAIo1G,EAAKhL,QAAQgL,GAGrBp1G,GADAA,GADAA,EAAIA,EAAEoqG,QAAQpqG,IACRoqG,QAAQpqG,IACRoqG,QAAQpqG,GAEd,IAAI4b,EAAIzsB,EAAEi7G,QAAQhkH,GAAGwkH,SAASN,QAAQ2L,GAAI3L,QAAQ4L,GAAI5L,QAAQtqG,GAE1Dm2G,EAAOt5F,EAAG4tF,OAAO7uF,GAErBu6F,GADAA,EAAOA,EAAK/L,QAAQ+L,IACR/L,QAAQ+L,GACpB,IAAIxC,EAAK5xH,KAAK8M,EAAE47G,OAAOyL,GAAI5L,QAAQ6L,GAEnCxC,GADAA,EAAKA,EAAGvJ,QAAQuJ,IACRvJ,QAAQuJ,GAEhB,IAAIC,EAAK7xH,KAAKkO,EAAEw6G,OAAO7uF,EAAE6uF,OAAOzqG,EAAEsqG,QAAQ1uF,IAAI0uF,QAAQlkH,EAAEqkH,OAAOyL,KAG/DtC,GADAA,GADAA,EAAKA,EAAGxJ,QAAQwJ,IACRxJ,QAAQwJ,IACRxJ,QAAQwJ,GAEhB,IAAIW,EAAKxyH,KAAKkoC,EAAEkgF,OAAO/jH,GAAGwkH,SAASN,QAAQ0L,GAAI1L,QAAQ4L,GAEvD,OAAOn0H,KAAKwQ,MAAM68G,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAO9uH,UAAUkM,IAAM,SAAa+O,EAAGo4G,GAGrC,OAFAp4G,EAAI,IAAIolC,GAAGplC,EAAGo4G,GAEPr0H,KAAKwQ,MAAMi9G,SAASztH,KAAMic,EACnC,EAEA6zG,GAAO9uH,UAAUkoD,GAAK,SAAY92B,GAChC,GAAe,WAAXA,EAAEpY,KACJ,OAAOha,KAAKkpD,GAAG92B,EAAE+7F,OAEnB,GAAInuH,OAASoyB,EACX,OAAO,EAGT,IAAItG,EAAK9rB,KAAKkoC,EAAE2gF,SACZ0J,EAAMngG,EAAE8V,EAAE2gF,SACd,GAA2D,IAAvD7oH,KAAK8M,EAAE47G,OAAO6J,GAAKhK,QAAQn2F,EAAEtlB,EAAE47G,OAAO58F,IAAKq7F,KAAK,GAClD,OAAO,EAGT,IAAIp7F,EAAKD,EAAG48F,OAAO1oH,KAAKkoC,GACpBosF,EAAM/B,EAAI7J,OAAOt2F,EAAE8V,GACvB,OAA8D,IAAvDloC,KAAKkO,EAAEw6G,OAAO4L,GAAK/L,QAAQn2F,EAAElkB,EAAEw6G,OAAO38F,IAAKo7F,KAAK,EACzD,EAEA2I,GAAO9uH,UAAUuzH,OAAS,SAAgBznH,GACxC,IAAI0nH,EAAKx0H,KAAKkoC,EAAE2gF,SACZh7G,EAAKf,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,KAAKgO,OAAO8L,GACxC,GAAuB,IAAnBx0H,KAAK8M,EAAEiuG,IAAIltG,GACb,OAAO,EAIT,IAFA,IAAI4mH,EAAK3nH,EAAEnL,QACPsc,EAAIje,KAAKwQ,MAAMk8G,KAAKhE,OAAO8L,KACtB,CAEP,GADAC,EAAG5nH,KAAK7M,KAAKwQ,MAAMpE,GACfqoH,EAAG1Z,IAAI/6G,KAAKwQ,MAAM4hB,IAAM,EAC1B,OAAO,EAGT,GADAvkB,EAAGw6G,QAAQpqG,GACY,IAAnBje,KAAK8M,EAAEiuG,IAAIltG,GACb,OAAO,EAEb,EAEAiiH,GAAO9uH,UAAU26G,QAAU,WACzB,OAAI37G,KAAK2xH,aACA,uBACF,iBAAmB3xH,KAAK8M,EAAEP,SAAS,GAAI,GAC1C,OAASvM,KAAKkO,EAAE3B,SAAS,GAAI,GAC7B,OAASvM,KAAKkoC,EAAE37B,SAAS,GAAI,GAAK,GACxC,EAEAujH,GAAO9uH,UAAU2wH,WAAa,WAE5B,OAA0B,IAAnB3xH,KAAKkoC,EAAEi/E,KAAK,EACrB,KCr5BS6I,GAAWb,IACpB,OAAiBa,GAWjB,SAASL,GAAMn/G,EAAO1D,EAAGo7B,GACvBinF,GAAKvC,UAAU9rH,KAAKd,KAAMwQ,EAAO,cACvB,OAAN1D,GAAoB,OAANo7B,GAChBloC,KAAK8M,EAAI9M,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAIloC,KAAKwQ,MAAMd,OAEpB1P,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkoC,EAAI,IAAImZ,GAAGnZ,EAAG,IACdloC,KAAK8M,EAAE4tG,MACV16G,KAAK8M,EAAI9M,KAAK8M,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkoC,EAAEwyE,MACV16G,KAAKkoC,EAAIloC,KAAKkoC,EAAE2/E,MAAM7nH,KAAKwQ,MAAMkqG,MAEvC,CAtBAsV,GAAUhvH,UAAUskD,SAAW,SAAkBwnE,GAC/C,IAAIhgH,EAAIggH,EAAM4H,YAAY5nH,EACtB4d,EAAK5d,EAAE+7G,SACPqI,EAAMxmG,EAAGg+F,OAAO57G,GAAGs7G,OAAO19F,EAAGg+F,OAAO1oH,KAAKqO,IAAI+5G,OAAOt7G,GAGxD,OAA+B,IAFvBokH,EAAIlI,UAEHH,SAAS9N,IAAImW,EACxB,KAgBSvB,GAAOR,GAAKvC,WAErBoD,GAAUhvH,UAAUstH,YAAc,SAAqBpnH,EAAO4+B,GAQ5D,GAFqB,MALjB5+B,EAAQwgC,GAAMC,QAAQzgC,EAAO4+B,IAKvB1kC,QAA8B,KAAb8F,EAAM,KAC/BA,EAAQA,EAAMxF,MAAM,EAAG,IAAI2O,WACR,KAAjBnJ,EAAM9F,OACR,MAAU8B,MAAM,oCAClB,OAAOlD,KAAK8sH,MAAM5lH,EAAO,EAC3B,EAEA8oH,GAAUhvH,UAAU8rH,MAAQ,SAAehgH,EAAGo7B,GAC5C,OAAO,IAAIynF,GAAM3vH,KAAM8M,EAAGo7B,EAC5B,EAEA8nF,GAAUhvH,UAAUmrH,cAAgB,SAAuB/rE,GACzD,OAAOuvE,GAAM2B,SAAStxH,KAAMogD,EAC9B,KAEMp/C,UAAU6tH,WAAa,WAE7B,KAEM7tH,UAAUytH,QAAU,SAAiBC,GACzC,IAAI3+G,EAAM/P,KAAKwQ,MAAM4hB,EAAEjuB,aAIvB,OAAIuqH,EACK,CAAE,IAAOloH,OAAOxG,KAAK2uH,OAAOhnF,QAAQ,KAAM53B,IAE1C/P,KAAK2uH,OAAOhnF,QAAQ,KAAM53B,EAErC,KAEMuhH,SAAW,SAAkB9gH,EAAO4vC,GACxC,OAAO,IAAIuvE,GAAMn/G,EAAO4vC,EAAI,GAAIA,EAAI,IAAM5vC,EAAMb,IAClD,KAEM3O,UAAU26G,QAAU,WACxB,OAAI37G,KAAK2xH,aACA,sBACF,gBAAkB3xH,KAAK8M,EAAEm7G,UAAU17G,SAAS,GAAI,GACnD,OAASvM,KAAKkoC,EAAE+/E,UAAU17G,SAAS,GAAI,GAAK,GAClD,KAEMvL,UAAU2wH,WAAa,WAE3B,OAA0B,IAAnB3xH,KAAKkoC,EAAEi/E,KAAK,EACrB,KAEMnmH,UAAUiuH,IAAM,WAKpB,IAEI/zF,EAFIl7B,KAAK8M,EAAEs7G,OAAOpoH,KAAKkoC,GAEhB2gF,SAIP5tF,EAFIj7B,KAAK8M,EAAEw7G,OAAOtoH,KAAKkoC,GAEhB2gF,SAEPzsG,EAAI8e,EAAGotF,OAAOrtF,GAEd22F,EAAK12F,EAAGwtF,OAAOztF,GAEfu3F,EAAKp2G,EAAEssG,OAAOztF,EAAGmtF,OAAOpoH,KAAKwQ,MAAM0/G,IAAIxH,OAAOtsG,KAClD,OAAOpc,KAAKwQ,MAAMs8G,MAAM8E,EAAIY,EAC9B,KAEMxxH,UAAUiF,IAAM,WACpB,MAAU/C,MAAM,oCAClB,KAEMlC,UAAU2zH,QAAU,SAAiBviG,EAAG4zF,GAK5C,IAAI33G,EAAIrO,KAAK8M,EAAEs7G,OAAOpoH,KAAKkoC,GAEvBj6B,EAAIjO,KAAK8M,EAAEw7G,OAAOtoH,KAAKkoC,GAEvB9rB,EAAIgW,EAAEtlB,EAAEs7G,OAAOh2F,EAAE8V,GAIjB0sF,EAFIxiG,EAAEtlB,EAAEw7G,OAAOl2F,EAAE8V,GAEVwgF,OAAOr6G,GAEdwmH,EAAKz4G,EAAEssG,OAAOz6G,GAEd2jH,EAAK5L,EAAK99E,EAAEwgF,OAAOkM,EAAGxM,OAAOyM,GAAIhM,UAEjC2J,EAAKxM,EAAKl5G,EAAE47G,OAAOkM,EAAGrM,QAAQsM,GAAIhM,UACtC,OAAO7oH,KAAKwQ,MAAMs8G,MAAM8E,EAAIY,EAC9B,KAEMxxH,UAAUkM,IAAM,SAAa+O,GAQjC,IALA,IAAIgC,GAFJhC,EAAI,IAAIolC,GAAGplC,EAAG,KAEJta,QACN0M,EAAIrO,KACJiO,EAAIjO,KAAKwQ,MAAMs8G,MAAM,KAAM,MAGtBvuG,EAAO,GAAkB,IAAdN,EAAEkpG,KAAK,GAAUlpG,EAAE6+F,OAAO,GAC5Cv+F,EAAK1c,KAAKoc,EAAE4+F,MAAM,IAEpB,IAAK,IAAI55G,EAAIsb,EAAKnd,OAAS,EAAG6B,GAAK,EAAGA,IACpB,IAAZsb,EAAKtb,IAEPoL,EAAIA,EAAEsmH,QAAQ1mH,EARVjO,MAUJiO,EAAIA,EAAEghH,QAGNhhH,EAAII,EAAEsmH,QAAQ1mH,EAbVjO,MAeJqO,EAAIA,EAAE4gH,OAGV,OAAOhhH,CACT,KAEMjN,UAAUgxH,OAAS,WACvB,MAAU9uH,MAAM,oCAClB,KAEMlC,UAAU8zH,QAAU,WACxB,MAAU5xH,MAAM,oCAClB,KAEMlC,UAAUkoD,GAAK,SAAY80B,GAC/B,OAAyC,IAAlCh+E,KAAK2uH,OAAO5T,IAAI/8B,EAAM2wC,OAC/B,KAEM3tH,UAAU0zH,UAAY,WAG1B,OAFA10H,KAAK8M,EAAI9M,KAAK8M,EAAE47G,OAAO1oH,KAAKkoC,EAAEghF,WAC9BlpH,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACb3P,IACT,KAEMgB,UAAU2tH,KAAO,WAIrB,OAFA3uH,KAAK00H,YAEE10H,KAAK8M,EAAEm7G,SAChB,EC/LA,IAAI9iF,GAASuC,GAAMvC,OAEnB,SAAS4vF,GAAa7I,GAEpBlsH,KAAKg1H,QAA2B,IAAP,EAAT9I,EAAK79G,GACrBrO,KAAKi1H,MAAQj1H,KAAKg1H,UAA6B,IAAR,EAAT9I,EAAK79G,GACnCrO,KAAKilH,SAAWjlH,KAAKi1H,MAErB9F,GAAKruH,KAAKd,KAAM,UAAWksH,GAE3BlsH,KAAKqO,EAAI,IAAIgzC,GAAG6qE,EAAK79G,EAAG,IAAIi4G,KAAKtmH,KAAK06G,IAAIttG,GAC1CpN,KAAKqO,EAAIrO,KAAKqO,EAAEw5G,MAAM7nH,KAAK06G,KAC3B16G,KAAKoc,EAAI,IAAIilC,GAAG6qE,EAAK9vG,EAAG,IAAIyrG,MAAM7nH,KAAK06G,KACvC16G,KAAKwtB,GAAKxtB,KAAKoc,EAAEysG,SACjB7oH,KAAKyoB,EAAI,IAAI44B,GAAG6qE,EAAKzjG,EAAG,IAAIo/F,MAAM7nH,KAAK06G,KACvC16G,KAAK+6B,GAAK/6B,KAAKyoB,EAAE2/F,OAAOpoH,KAAKyoB,GAE7B0c,IAAQnlC,KAAKg1H,SAAwC,IAA7Bh1H,KAAKoc,EAAE6rG,UAAUd,KAAK,IAC9CnnH,KAAKk1H,KAAwB,IAAP,EAAThJ,EAAK9vG,EACpB,IACS24G,GAAc5F,IACvB,OAAiB4F,GAqFjB,SAASpF,GAAMn/G,EAAO1D,EAAGoB,EAAGg6B,EAAGjqB,GAC7BkxG,GAAKvC,UAAU9rH,KAAKd,KAAMwQ,EAAO,cACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANg6B,GAC9BloC,KAAK8M,EAAI9M,KAAKwQ,MAAMd,KACpB1P,KAAKkO,EAAIlO,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACpB3P,KAAKie,EAAIje,KAAKwQ,MAAMd,KACpB1P,KAAK+vH,MAAO,IAEZ/vH,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IACnBlO,KAAKkoC,EAAIA,EAAI,IAAImZ,GAAGnZ,EAAG,IAAMloC,KAAKwQ,MAAMb,IACxC3P,KAAKie,EAAIA,GAAK,IAAIojC,GAAGpjC,EAAG,IACnBje,KAAK8M,EAAE4tG,MACV16G,KAAK8M,EAAI9M,KAAK8M,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkO,EAAEwsG,MACV16G,KAAKkO,EAAIlO,KAAKkO,EAAE25G,MAAM7nH,KAAKwQ,MAAMkqG,MAC9B16G,KAAKkoC,EAAEwyE,MACV16G,KAAKkoC,EAAIloC,KAAKkoC,EAAE2/E,MAAM7nH,KAAKwQ,MAAMkqG,MAC/B16G,KAAKie,IAAMje,KAAKie,EAAEy8F,MACpB16G,KAAKie,EAAIje,KAAKie,EAAE4pG,MAAM7nH,KAAKwQ,MAAMkqG,MACnC16G,KAAK+vH,KAAO/vH,KAAKkoC,IAAMloC,KAAKwQ,MAAMb,IAG9B3P,KAAKwQ,MAAMy0G,WAAajlH,KAAKie,IAC/Bje,KAAKie,EAAIje,KAAK8M,EAAE47G,OAAO1oH,KAAKkO,GACvBlO,KAAK+vH,OACR/vH,KAAKie,EAAIje,KAAKie,EAAEyqG,OAAO1oH,KAAKkoC,EAAEghF,aAGtC,CAjHA6L,GAAa/zH,UAAUm0H,MAAQ,SAAeluF,GAC5C,OAAIjnC,KAAKi1H,MACAhuF,EAAIkiF,SAEJnpH,KAAKqO,EAAEq6G,OAAOzhF,EACzB,EAEA8tF,GAAa/zH,UAAUo0H,MAAQ,SAAenuF,GAC5C,OAAIjnC,KAAKk1H,KACAjuF,EAEAjnC,KAAKoc,EAAEssG,OAAOzhF,EACzB,EAGA8tF,GAAa/zH,UAAUqsH,OAAS,SAAgBvgH,EAAGoB,EAAGg6B,EAAGjqB,GACvD,OAAOje,KAAK8sH,MAAMhgH,EAAGoB,EAAGg6B,EAAGjqB,EAC7B,EAEA82G,GAAa/zH,UAAUutH,WAAa,SAAoBzhH,EAAG42G,IACzD52G,EAAI,IAAIu0C,GAAGv0C,EAAG,KACP4tG,MACL5tG,EAAIA,EAAE+6G,MAAM7nH,KAAK06G,MAEnB,IAAIhwF,EAAK5d,EAAE+7G,SACPqI,EAAMlxH,KAAKwtB,GAAG86F,OAAOtoH,KAAKqO,EAAEq6G,OAAOh+F,IACnC2qG,EAAMr1H,KAAK2P,IAAI24G,OAAOtoH,KAAKwtB,GAAGk7F,OAAO1oH,KAAKyoB,GAAGigG,OAAOh+F,IAEpDO,EAAKimG,EAAIxI,OAAO2M,EAAInM,WACpBh7G,EAAI+c,EAAG+9F,UACX,GAA6C,IAAzC96G,EAAE26G,SAASP,OAAOr9F,GAAI8vF,IAAI/6G,KAAK0P,MACjC,MAAUxM,MAAM,iBAElB,IAAI6jH,EAAQ74G,EAAE+5G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3B74G,EAAIA,EAAEi7G,UAEDnpH,KAAK8sH,MAAMhgH,EAAGoB,EACvB,EAEA6mH,GAAa/zH,UAAUs0H,WAAa,SAAoBpnH,EAAGw1G,IACzDx1G,EAAI,IAAImzC,GAAGnzC,EAAG,KACPwsG,MACLxsG,EAAIA,EAAE25G,MAAM7nH,KAAK06G,MAGnB,IAAIzvF,EAAK/c,EAAE26G,SACPwM,EAAMpqG,EAAGq9F,OAAOtoH,KAAKwtB,IACrB0jG,EAAMjmG,EAAGy9F,OAAO1oH,KAAKyoB,GAAGigG,OAAO1oH,KAAKwtB,IAAI86F,OAAOtoH,KAAKqO,GACpDqc,EAAK2qG,EAAI3M,OAAOwI,EAAIhI,WAExB,GAA0B,IAAtBx+F,EAAGqwF,IAAI/6G,KAAK0P,MAAa,CAC3B,GAAIg0G,EACF,MAAUxgH,MAAM,iBAEhB,OAAOlD,KAAK8sH,MAAM9sH,KAAK0P,KAAMxB,GAGjC,IAAIpB,EAAI4d,EAAGs+F,UACX,GAA6C,IAAzCl8G,EAAE+7G,SAASP,OAAO59F,GAAIqwF,IAAI/6G,KAAK0P,MACjC,MAAUxM,MAAM,iBAKlB,OAHI4J,EAAEm7G,UAAUlB,UAAYrD,IAC1B52G,EAAIA,EAAEq8G,UAEDnpH,KAAK8sH,MAAMhgH,EAAGoB,EACvB,EAEA6mH,GAAa/zH,UAAUskD,SAAW,SAAkBwnE,GAClD,GAAIA,EAAM6E,aACR,OAAO,EAGT7E,EAAM4H,YAEN,IAAIhqG,EAAKoiG,EAAMhgH,EAAE+7G,SACb59F,EAAK6hG,EAAM5+G,EAAE26G,SACbwM,EAAM3qG,EAAGg+F,OAAO1oH,KAAKqO,GAAG+5G,OAAOn9F,GAC/BimG,EAAMlxH,KAAKwtB,GAAGk7F,OAAO1oH,KAAK2P,IAAIy4G,OAAOpoH,KAAKyoB,EAAEigG,OAAOh+F,GAAIg+F,OAAOz9F,KAElE,OAAwB,IAAjBoqG,EAAIta,IAAImW,EACjB,KAiCSvB,GAAOR,GAAKvC,WAErBmI,GAAa/zH,UAAUmrH,cAAgB,SAAuB/rE,GAC5D,OAAOuvE,GAAM2B,SAAStxH,KAAMogD,EAC9B,EAEA20E,GAAa/zH,UAAU8rH,MAAQ,SAAehgH,EAAGoB,EAAGg6B,EAAGjqB,GACrD,OAAO,IAAI0xG,GAAM3vH,KAAM8M,EAAGoB,EAAGg6B,EAAGjqB,EAClC,KAEMqzG,SAAW,SAAkB9gH,EAAO4vC,GACxC,OAAO,IAAIuvE,GAAMn/G,EAAO4vC,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAC9C,KAEMp/C,UAAU26G,QAAU,WACxB,OAAI37G,KAAK2xH,aACA,sBACF,gBAAkB3xH,KAAK8M,EAAEm7G,UAAU17G,SAAS,GAAI,GACnD,OAASvM,KAAKkO,EAAE+5G,UAAU17G,SAAS,GAAI,GACvC,OAASvM,KAAKkoC,EAAE+/E,UAAU17G,SAAS,GAAI,GAAK,GAClD,KAEMvL,UAAU2wH,WAAa,WAE3B,OAA0B,IAAnB3xH,KAAK8M,EAAEq6G,KAAK,KACO,IAAvBnnH,KAAKkO,EAAE6sG,IAAI/6G,KAAKkoC,IAChBloC,KAAK+vH,MAAqC,IAA7B/vH,KAAKkO,EAAE6sG,IAAI/6G,KAAKwQ,MAAM4L,GACxC,KAEMpb,UAAUu0H,QAAU,WAMxB,IAAIlnH,EAAIrO,KAAK8M,EAAE+7G,SAEX56G,EAAIjO,KAAKkO,EAAE26G,SAEXzsG,EAAIpc,KAAKkoC,EAAE2gF,SACfzsG,EAAIA,EAAEisG,QAAQjsG,GAEd,IAAIqM,EAAIzoB,KAAKwQ,MAAM2kH,MAAM9mH,GAErBhK,EAAIrE,KAAK8M,EAAEs7G,OAAOpoH,KAAKkO,GAAG26G,SAASN,QAAQl6G,GAAGk6G,QAAQt6G,GAEtD02B,EAAIlc,EAAE2/F,OAAOn6G,GAEby2B,EAAIC,EAAE2jF,OAAOlsG,GAEbD,EAAIsM,EAAE6/F,OAAOr6G,GAEb2jH,EAAKvtH,EAAEqkH,OAAOhkF,GAEdmtF,EAAKltF,EAAE+jF,OAAOvsG,GAEdq5G,EAAKnxH,EAAEqkH,OAAOvsG,GAEdq2G,EAAK9tF,EAAEgkF,OAAO/jF,GAClB,OAAO3kC,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,KAEMx0H,UAAUy0H,SAAW,WAQzB,IAMI7D,EACAC,EACAW,EARAvkH,EAAIjO,KAAK8M,EAAEs7G,OAAOpoH,KAAKkO,GAAG26G,SAE1BzsG,EAAIpc,KAAK8M,EAAE+7G,SAEXpgG,EAAIzoB,KAAKkO,EAAE26G,SAKf,GAAI7oH,KAAKwQ,MAAMwkH,QAAS,CAEtB,IAEItwF,GAFArgC,EAAIrE,KAAKwQ,MAAM2kH,MAAM/4G,IAEfgsG,OAAO3/F,GACjB,GAAIzoB,KAAK+vH,KAEP6B,EAAK3jH,EAAEq6G,OAAOlsG,GAAGksG,OAAO7/F,GAAGigG,OAAOhkF,EAAE4jF,OAAOtoH,KAAKwQ,MAAMgiC,MAEtDq/E,EAAKntF,EAAEgkF,OAAOrkH,EAAEikH,OAAO7/F,IAEvB+pG,EAAK9tF,EAAEmkF,SAASP,OAAO5jF,GAAG4jF,OAAO5jF,OAC5B,CAEL,IAAIvoB,EAAInc,KAAKkoC,EAAE2gF,SAEXlsG,EAAI+nB,EAAE4jF,OAAOnsG,GAAGosG,QAAQpsG,GAE5By1G,EAAK3jH,EAAEq6G,OAAOlsG,GAAGmsG,QAAQ9/F,GAAGigG,OAAO/rG,GAEnCk1G,EAAKntF,EAAEgkF,OAAOrkH,EAAEikH,OAAO7/F,IAEvB+pG,EAAK9tF,EAAEgkF,OAAO/rG,QAEX,CAEL,IAAItY,EAAI+X,EAAEgsG,OAAO3/F,GAEbtM,EAAInc,KAAKwQ,MAAM4kH,MAAMp1H,KAAKkoC,GAAG2gF,SAE7BlsG,EAAItY,EAAEikH,OAAOnsG,GAAGmsG,OAAOnsG,GAE3By1G,EAAK5xH,KAAKwQ,MAAM4kH,MAAMnnH,EAAEs6G,QAAQlkH,IAAIqkH,OAAO/rG,GAE3Ck1G,EAAK7xH,KAAKwQ,MAAM4kH,MAAM/wH,GAAGqkH,OAAOtsG,EAAEmsG,QAAQ9/F,IAE1C+pG,EAAKnuH,EAAEqkH,OAAO/rG,GAEhB,OAAO3c,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAAIW,EAClC,KAEMxxH,UAAUiuH,IAAM,WACpB,OAAIjvH,KAAK2xH,aACA3xH,KAGLA,KAAKwQ,MAAMy0G,SACNjlH,KAAKu1H,UAELv1H,KAAKy1H,UAChB,KAEMz0H,UAAU00H,QAAU,SAAiBtjG,GAMzC,IAAI/jB,EAAIrO,KAAKkO,EAAEo6G,OAAOtoH,KAAK8M,GAAG47G,OAAOt2F,EAAElkB,EAAEo6G,OAAOl2F,EAAEtlB,IAE9CmB,EAAIjO,KAAKkO,EAAEk6G,OAAOpoH,KAAK8M,GAAG47G,OAAOt2F,EAAElkB,EAAEk6G,OAAOh2F,EAAEtlB,IAE9CsP,EAAIpc,KAAKie,EAAEyqG,OAAO1oH,KAAKwQ,MAAMuqB,IAAI2tF,OAAOt2F,EAAEnU,GAE1CwK,EAAIzoB,KAAKkoC,EAAEwgF,OAAOt2F,EAAE8V,EAAEkgF,OAAOh2F,EAAE8V,IAE/B7jC,EAAI4J,EAAEq6G,OAAOj6G,GAEbq2B,EAAIjc,EAAE6/F,OAAOlsG,GAEbuoB,EAAIlc,EAAE2/F,OAAOhsG,GAEbD,EAAIlO,EAAEm6G,OAAO/5G,GAEbujH,EAAKvtH,EAAEqkH,OAAOhkF,GAEdmtF,EAAKltF,EAAE+jF,OAAOvsG,GAEdq5G,EAAKnxH,EAAEqkH,OAAOvsG,GAEdq2G,EAAK9tF,EAAEgkF,OAAO/jF,GAClB,OAAO3kC,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,KAEMx0H,UAAU20H,SAAW,SAAkBvjG,GAO3C,IAgBIy/F,EACAW,EAjBAnkH,EAAIrO,KAAKkoC,EAAEwgF,OAAOt2F,EAAE8V,GAEpBj6B,EAAII,EAAEw6G,SAENzsG,EAAIpc,KAAK8M,EAAE47G,OAAOt2F,EAAEtlB,GAEpB2b,EAAIzoB,KAAKkO,EAAEw6G,OAAOt2F,EAAElkB,GAEpB7J,EAAIrE,KAAKwQ,MAAMiY,EAAEigG,OAAOtsG,GAAGssG,OAAOjgG,GAElCic,EAAIz2B,EAAEq6G,OAAOjkH,GAEbsgC,EAAI12B,EAAEm6G,OAAO/jH,GAEbkK,EAAMvO,KAAK8M,EAAEs7G,OAAOpoH,KAAKkO,GAAGw6G,OAAOt2F,EAAEtlB,EAAEs7G,OAAOh2F,EAAElkB,IAAIq6G,QAAQnsG,GAAGmsG,QAAQ9/F,GACvEmpG,EAAKvjH,EAAEq6G,OAAOhkF,GAAGgkF,OAAOn6G,GAc5B,OAXIvO,KAAKwQ,MAAMwkH,SAEbnD,EAAKxjH,EAAEq6G,OAAO/jF,GAAG+jF,OAAOjgG,EAAE6/F,OAAOtoH,KAAKwQ,MAAM2kH,MAAM/4G,KAElDo2G,EAAK9tF,EAAEgkF,OAAO/jF,KAGdktF,EAAKxjH,EAAEq6G,OAAO/jF,GAAG+jF,OAAOjgG,EAAE6/F,OAAOlsG,IAEjCo2G,EAAKxyH,KAAKwQ,MAAM4kH,MAAM1wF,GAAGgkF,OAAO/jF,IAE3B3kC,KAAKwQ,MAAMs8G,MAAM8E,EAAIC,EAAIW,EAClC,KAEMxxH,UAAUiF,IAAM,SAAamsB,GACjC,OAAIpyB,KAAK2xH,aACAv/F,EACLA,EAAEu/F,aACG3xH,KAELA,KAAKwQ,MAAMy0G,SACNjlH,KAAK01H,QAAQtjG,GAEbpyB,KAAK21H,SAASvjG,EACzB,KAEMpxB,UAAUkM,IAAM,SAAa+O,GACjC,OAAIjc,KAAKgvH,YAAY/yG,GACZjc,KAAKwQ,MAAMu8G,aAAa/sH,KAAMic,GAE9Bjc,KAAKwQ,MAAMi9G,SAASztH,KAAMic,EACrC,KAEMjb,UAAUgxH,OAAS,SAAgB1jG,EAAI8D,EAAG7D,GAC9C,OAAOvuB,KAAKwQ,MAAMq9G,YAAY,EAAG,CAAE7tH,KAAMoyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,KAEMvtB,UAAUixH,QAAU,SAAiB3jG,EAAI8D,EAAG7D,GAChD,OAAOvuB,KAAKwQ,MAAMq9G,YAAY,EAAG,CAAE7tH,KAAMoyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,KAEMvtB,UAAU0zH,UAAY,WAC1B,GAAI10H,KAAK+vH,KACP,OAAO/vH,KAGT,IAAIq7C,EAAKr7C,KAAKkoC,EAAEghF,UAOhB,OANAlpH,KAAK8M,EAAI9M,KAAK8M,EAAE47G,OAAOrtE,GACvBr7C,KAAKkO,EAAIlO,KAAKkO,EAAEw6G,OAAOrtE,GACnBr7C,KAAKie,IACPje,KAAKie,EAAIje,KAAKie,EAAEyqG,OAAOrtE,IACzBr7C,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACpB3P,KAAK+vH,MAAO,EACL/vH,IACT,KAEMgB,UAAU48G,IAAM,WACpB,OAAO59G,KAAKwQ,MAAMs8G,MAAM9sH,KAAK8M,EAAEq8G,SACPnpH,KAAKkO,EACLlO,KAAKkoC,EACLloC,KAAKie,GAAKje,KAAKie,EAAEkrG,SAC3C,KAEMnoH,UAAU2tH,KAAO,WAErB,OADA3uH,KAAK00H,YACE10H,KAAK8M,EAAEm7G,SAChB,KAEMjnH,UAAU4tH,KAAO,WAErB,OADA5uH,KAAK00H,YACE10H,KAAKkO,EAAE+5G,SAChB,KAEMjnH,UAAUkoD,GAAK,SAAY80B,GAC/B,OAAOh+E,OAASg+E,GACyB,IAAlCh+E,KAAK2uH,OAAO5T,IAAI/8B,EAAM2wC,SACY,IAAlC3uH,KAAK4uH,OAAO7T,IAAI/8B,EAAM4wC,OAC/B,KAEM5tH,UAAUuzH,OAAS,SAAgBznH,GACvC,IAAIe,EAAKf,EAAE+6G,MAAM7nH,KAAKwQ,MAAMkqG,KAAKgO,OAAO1oH,KAAKkoC,GAC7C,GAAuB,IAAnBloC,KAAK8M,EAAEiuG,IAAIltG,GACb,OAAO,EAIT,IAFA,IAAI4mH,EAAK3nH,EAAEnL,QACPsc,EAAIje,KAAKwQ,MAAMk8G,KAAKhE,OAAO1oH,KAAKkoC,KAC3B,CAEP,GADAusF,EAAG5nH,KAAK7M,KAAKwQ,MAAMpE,GACfqoH,EAAG1Z,IAAI/6G,KAAKwQ,MAAM4hB,IAAM,EAC1B,OAAO,EAGT,GADAvkB,EAAGw6G,QAAQpqG,GACY,IAAnBje,KAAK8M,EAAEiuG,IAAIltG,GACb,OAAO,EAEb,KAGM7M,UAAUwsH,IAAMmC,GAAM3uH,UAAU0zH,aAChC1zH,UAAUssH,SAAWqC,GAAM3uH,UAAUiF,6BC7a3C,IAAIuK,EAAQwtC,EAEZxtC,EAAM4nD,KAAOw9D,GACbplH,EAAMqlH,MAAQC,GACdtlH,EAAMq6G,KAAOkL,GACbvlH,EAAMwlH,QAAUC,MCDZrpF,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACdE,GAAUd,GAAMc,QAChB0tF,GAAOztF,GAAUytF,KACjBhvF,GAAY4B,GAAO5B,UAEnBivF,GAAS,CACX,WAAY,WACZ,WAAY,YAGd,SAASC,KACP,KAAMp2H,gBAAgBo2H,IACpB,OAAO,IAAIA,GAEblvF,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WAAY,WACxB,UAAY,YACdnc,KAAKipC,EAAQppC,MAAM,GACrB,CAEA6nC,GAAMrB,SAAS+vF,GAAMlvF,IACrB,OAAiBkvF,GAEjBA,GAAKpjG,UAAY,IACjBojG,GAAK/uF,QAAU,IACf+uF,GAAK9uF,aAAe,GACpB8uF,GAAK3hG,UAAY,GAEjB2hG,GAAKp1H,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAG7C,IAFA,IAAIqlC,EAAIjpC,KAAKipC,EAEJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GAErB,KAAMA,EAAIgmC,EAAE7nC,OAAQ6B,IAClBgmC,EAAEhmC,GAAK2pC,GAAO3D,EAAEhmC,EAAI,GAAKgmC,EAAEhmC,EAAI,GAAKgmC,EAAEhmC,EAAI,IAAMgmC,EAAEhmC,EAAI,IAAK,GAE7D,IAAIoL,EAAIrO,KAAKmc,EAAE,GACXlO,EAAIjO,KAAKmc,EAAE,GACXC,EAAIpc,KAAKmc,EAAE,GACXsM,EAAIzoB,KAAKmc,EAAE,GACX9X,EAAIrE,KAAKmc,EAAE,GAEf,IAAKlZ,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,IAAK,CAC7B,IAAI4a,KAAO5a,EAAI,IACXgb,EAAIuqB,GAAQoE,GAAOv+B,EAAG,GAAI6nH,GAAKr4G,EAAG5P,EAAGmO,EAAGqM,GAAIpkB,EAAG4kC,EAAEhmC,GAAIkzH,GAAOt4G,IAChExZ,EAAIokB,EACJA,EAAIrM,EACJA,EAAIwwB,GAAO3+B,EAAG,IACdA,EAAII,EACJA,EAAI4P,EAGNje,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9N,GAC7BrO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIlO,GAC7BjO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIC,GAC7Bpc,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIsM,GAC7BzoB,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9X,EAC/B,EAEA+xH,GAAKp1H,UAAUgnC,QAAU,SAAgBlC,GACvC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,ECvEA,aAAey5G,UACEE,UACAC,UACAE,UACAI,ICDjB,SAASC,GAAKtiH,EAAM4C,EAAKkvB,GACvB,KAAM9lC,gBAAgBs2H,IACpB,OAAO,IAAIA,GAAKtiH,EAAM4C,EAAKkvB,GAC7B9lC,KAAK0jC,KAAO1vB,EACZhU,KAAKgzB,UAAYhf,EAAKgf,UAAY,EAClChzB,KAAKqnC,QAAUrzB,EAAKqzB,QAAU,EAC9BrnC,KAAKu2H,MAAQ,KACbv2H,KAAKw2H,MAAQ,KAEbx2H,KAAK26G,MAAMjzE,GAAMC,QAAQ/wB,EAAKkvB,GAChC,CACA,OAAiBwwF,GAEjBA,GAAKt1H,UAAU25G,MAAQ,SAAc/jG,GAE/BA,EAAIxV,OAASpB,KAAKgzB,YACpBpc,GAAM,IAAI5W,KAAK0jC,MAAO+D,OAAO7wB,GAAKkxB,UACpC3C,GAAOvuB,EAAIxV,QAAUpB,KAAKgzB,WAG1B,IAAK,IAAI/vB,EAAI2T,EAAIxV,OAAQ6B,EAAIjD,KAAKgzB,UAAW/vB,IAC3C2T,EAAI/U,KAAK,GAEX,IAAKoB,EAAI,EAAGA,EAAI2T,EAAIxV,OAAQ6B,IAC1B2T,EAAI3T,IAAM,GAIZ,IAHAjD,KAAKu2H,OAAQ,IAAIv2H,KAAK0jC,MAAO+D,OAAO7wB,GAG/B3T,EAAI,EAAGA,EAAI2T,EAAIxV,OAAQ6B,IAC1B2T,EAAI3T,IAAM,IACZjD,KAAKw2H,OAAQ,IAAIx2H,KAAK0jC,MAAO+D,OAAO7wB,EACtC,EAEA0/G,GAAKt1H,UAAUymC,OAAS,SAAgBpC,EAAKS,GAE3C,OADA9lC,KAAKu2H,MAAM9uF,OAAOpC,EAAKS,GAChB9lC,IACT,EAEAs2H,GAAKt1H,UAAU8mC,OAAS,SAAgBhC,GAEtC,OADA9lC,KAAKw2H,MAAM/uF,OAAOznC,KAAKu2H,MAAMzuF,UACtB9nC,KAAKw2H,MAAM1uF,OAAOhC,EAC3B,2BC9CA,IAAI9xB,EAAOgqC,EAEXhqC,EAAK0zB,MAAQkuF,GACb5hH,EAAK80B,OAASgtF,GACd9hH,EAAKyiH,IAAMV,GACX/hH,EAAKG,OAAS8hH,GACdjiH,EAAK0iH,KAAOL,GAGZriH,EAAKE,KAAOF,EAAKyiH,IAAIviH,KACrBF,EAAKI,OAASJ,EAAKyiH,IAAIriH,OACvBJ,EAAKO,OAASP,EAAKyiH,IAAIliH,OACvBP,EAAKK,OAASL,EAAKyiH,IAAIpiH,OACvBL,EAAKM,OAASN,EAAKyiH,IAAIniH,OACvBN,EAAKu7B,UAAYv7B,EAAKG,OAAOo7B,gBCdZ,CACfy9E,QAAS,CACPE,KAAM,EACNK,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,kEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,sEAINrC,IAAK,CACHP,IAAK,EACL4C,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,iEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,4FCrwBR,IAsOIgE,EAtOAhqE,EAASvJ,EAMT7Y,EAASuC,GAAMvC,OAEnB,SAASwxF,EAAY9xH,GACnB,GAAqB,UAAjBA,EAAQmV,KACVha,KAAKwQ,MAAQ,IAAIA,GAAMqlH,MAAMhxH,QAC1B,GAAqB,YAAjBA,EAAQmV,KACfha,KAAKwQ,MAAQ,IAAIA,GAAMwlH,QAAQnxH,OAC5B,IAAqB,SAAjBA,EAAQmV,KAEZ,MAAU9W,MAAM,uBADnBlD,KAAKwQ,MAAQ,IAAIA,GAAMq6G,KAAKhmH,EACa,CAC3C7E,KAAK2kC,EAAI3kC,KAAKwQ,MAAMm0B,EACpB3kC,KAAKoM,EAAIpM,KAAKwQ,MAAMpE,EACpBpM,KAAKgU,KAAOnP,EAAQmP,KAEpBmxB,EAAOnlC,KAAK2kC,EAAE2gB,WAAY,iBAC1BngB,EAAOnlC,KAAK2kC,EAAEz3B,IAAIlN,KAAKoM,GAAGulH,aAAc,0BAC1C,CAGA,SAASiF,EAAY1rH,EAAMrG,GACzBkG,OAAOM,eAAek8C,EAAQr8C,EAAM,CAClC06B,cAAc,EACdD,YAAY,EACZv6B,IAAK,WACH,IAAIoF,EAAQ,IAAImmH,EAAY9xH,GAM5B,OALAkG,OAAOM,eAAek8C,EAAQr8C,EAAM,CAClC06B,cAAc,EACdD,YAAY,EACZtkC,MAAOmP,IAEFA,IAGb,CAhBA+2C,EAAOovE,YAAcA,EAkBrBC,EAAY,OAAQ,CAClB58G,KAAM,QACNgwG,MAAO,OACP53F,EAAG,wDACH/jB,EAAG,wDACHJ,EAAG,wDACH7B,EAAG,wDACH4H,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,wDACA,2DAIJiyF,EAAY,OAAQ,CAClB58G,KAAM,QACNgwG,MAAO,OACP53F,EAAG,iEACH/jB,EAAG,iEACHJ,EAAG,iEACH7B,EAAG,iEACH4H,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,iEACA,oEAIJiyF,EAAY,OAAQ,CAClB58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,0EACH/jB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,0EACA,6EAIJiyF,EAAY,OAAQ,CAClB58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,8GAEH/jB,EAAG,8GAEHJ,EAAG,8GAEH7B,EAAG,8GAEH4H,KAAMA,GAAKK,OACX+3G,MAAM,EACNznF,EAAG,CACD,8GAEA,iHAKJiyF,EAAY,OAAQ,CAClB58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,2JAGH/jB,EAAG,2JAGHJ,EAAG,2JAGH7B,EAAG,2JAGH4H,KAAMA,GAAKM,OACX83G,MAAM,EACNznF,EAAG,CACD,2JAGA,8JAOJiyF,EAAY,aAAc,CACxB58G,KAAM,OACNgwG,MAAO,SACP53F,EAAG,sEACH/jB,EAAG,QACHJ,EAAG,IACH7B,EAAG,sEACHyqH,SAAU,IACV7iH,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,OAIJiyF,EAAY,UAAW,CACrB58G,KAAM,UACNgwG,MAAO,SACP53F,EAAG,sEACH/jB,EAAG,KACH+N,EAAG,IAEHqM,EAAG,sEACHrc,EAAG,sEACHyqH,SAAU,IACV7iH,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,mEAEA,sEAKJiyF,EAAY,kBAAmB,CAC7B58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,0EACH/jB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXg4G,MAAM,EACNznF,EAAG,CACD,mEACA,sEAKJiyF,EAAY,kBAAmB,CAC7B58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,6GAEH/jB,EAAG,6GAEHJ,EAAG,6GAEH7B,EAAG,6GAEH4H,KAAMA,GAAKK,OACX+3G,MAAM,EACNznF,EAAG,CACD,mGAEA,sGAMJiyF,EAAY,kBAAmB,CAC7B58G,KAAM,QACNgwG,MAAO,KACP53F,EAAG,iJAEH/jB,EAAG,iJAEHJ,EAAG,iJAEH7B,EAAG,iJAEH4H,KAAMA,GAAKM,OACX83G,MAAM,EACNznF,EAAG,CACD,mIAEA,sIAOJ,IACE4sF,EAAMqE,EACR,CAAE,MAAOvxH,GACPktH,OAAMtwH,CACR,CAEA21H,EAAY,YAAa,CACvB58G,KAAM,QACNgwG,MAAO,OACP53F,EAAG,0EACH/jB,EAAG,IACHJ,EAAG,IACH7B,EAAG,0EACH+P,EAAG,IACHnI,KAAMA,GAAKI,OAGX06G,KAAM,mEACNqB,OAAQ,mEACRI,MAAO,CACL,CACEliH,EAAG,mCACHJ,EAAG,qCAEL,CACEI,EAAG,oCACHJ,EAAG,qCAIPm+G,MAAM,EACNznF,EAAG,CACD,mEACA,mEACA4sF,QCrQJ,SAASuF,GAASjyH,GAChB,KAAM7E,gBAAgB82H,IACpB,OAAO,IAAIA,GAASjyH,GACtB7E,KAAKgU,KAAOnP,EAAQmP,KACpBhU,KAAK+2H,aAAelyH,EAAQkyH,WAE5B/2H,KAAKwtD,OAASxtD,KAAKgU,KAAKqzB,QACxBrnC,KAAKg3H,WAAanyH,EAAQmyH,YAAch3H,KAAKgU,KAAKszB,aAElDtnC,KAAKi3H,QAAU,KACfj3H,KAAKk3H,eAAiB,KACtBl3H,KAAK+sC,EAAI,KACT/sC,KAAKqsD,EAAI,KAET,IAAI5D,EAAU/gB,GAAMC,QAAQ9iC,EAAQ4jD,QAAS5jD,EAAQsyH,YAAc,OAC/D1lF,EAAQ/J,GAAMC,QAAQ9iC,EAAQ4sC,MAAO5sC,EAAQuyH,UAAY,OACzDC,EAAO3vF,GAAMC,QAAQ9iC,EAAQwyH,KAAMxyH,EAAQyyH,SAAW,OAC1DnyF,GAAOsjB,EAAQrnD,QAAWpB,KAAKg3H,WAAa,EACrC,mCAAqCh3H,KAAKg3H,WAAa,SAC9Dh3H,KAAK26G,MAAMlyD,EAAShX,EAAO4lF,EAC7B,CACA,OAAiBP,GAEjBA,GAAS91H,UAAU25G,MAAQ,SAAclyD,EAAShX,EAAO4lF,GACvD,IAAI75E,EAAOiL,EAAQjiD,OAAOirC,GAAOjrC,OAAO6wH,GAExCr3H,KAAK+sC,EAAQltC,MAAMG,KAAKwtD,OAAS,GACjCxtD,KAAKqsD,EAAQxsD,MAAMG,KAAKwtD,OAAS,GACjC,IAAK,IAAIvqD,EAAI,EAAGA,EAAIjD,KAAKqsD,EAAEjrD,OAAQ6B,IACjCjD,KAAK+sC,EAAE9pC,GAAK,EACZjD,KAAKqsD,EAAEppD,GAAK,EAGdjD,KAAK6nC,QAAQ2V,GACbx9C,KAAKi3H,QAAU,EACfj3H,KAAKk3H,eAAiB,eACxB,EAEAJ,GAAS91H,UAAUu2H,MAAQ,WACzB,OAAO,IAAIvjH,GAAK0iH,KAAK12H,KAAKgU,KAAMhU,KAAK+sC,EACvC,EAEA+pF,GAAS91H,UAAU6mC,QAAU,SAAgB2V,GAC3C,IAAIg6E,EAAOx3H,KAAKu3H,QACA9vF,OAAOznC,KAAKqsD,GACZ5kB,OAAO,CAAE,IACrB+V,IACFg6E,EAAOA,EAAK/vF,OAAO+V,IACrBx9C,KAAK+sC,EAAIyqF,EAAK1vF,SACd9nC,KAAKqsD,EAAIrsD,KAAKu3H,QAAQ9vF,OAAOznC,KAAKqsD,GAAGvkB,SAChC0V,IAGLx9C,KAAK+sC,EAAI/sC,KAAKu3H,QACA9vF,OAAOznC,KAAKqsD,GACZ5kB,OAAO,CAAE,IACTA,OAAO+V,GACP1V,SACd9nC,KAAKqsD,EAAIrsD,KAAKu3H,QAAQ9vF,OAAOznC,KAAKqsD,GAAGvkB,SACvC,EAEAgvF,GAAS91H,UAAUy2H,OAAS,SAAgBhvE,EAAS0uE,EAAYlxH,EAAKyxH,GAE1C,iBAAfP,IACTO,EAASzxH,EACTA,EAAMkxH,EACNA,EAAa,MAGf1uE,EAAU/gB,GAAMC,QAAQ8gB,EAAS0uE,GACjClxH,EAAMyhC,GAAMC,QAAQ1hC,EAAKyxH,GAEzBvyF,GAAOsjB,EAAQrnD,QAAWpB,KAAKg3H,WAAa,EACrC,mCAAqCh3H,KAAKg3H,WAAa,SAE9Dh3H,KAAK6nC,QAAQ4gB,EAAQjiD,OAAOP,GAAO,KACnCjG,KAAKi3H,QAAU,CACjB,EAEAH,GAAS91H,UAAUmvD,SAAW,SAAkBpgD,EAAK+1B,EAAK7/B,EAAKyxH,GAC7D,GAAI13H,KAAKi3H,QAAUj3H,KAAKk3H,eACtB,MAAUh0H,MAAM,sBAGC,iBAAR4iC,IACT4xF,EAASzxH,EACTA,EAAM6/B,EACNA,EAAM,MAIJ7/B,IACFA,EAAMyhC,GAAMC,QAAQ1hC,EAAKyxH,GAAU,OACnC13H,KAAK6nC,QAAQ5hC,IAIf,IADA,IAAI2tB,EAAO,GACJA,EAAKxyB,OAAS2O,GACnB/P,KAAKqsD,EAAIrsD,KAAKu3H,QAAQ9vF,OAAOznC,KAAKqsD,GAAGvkB,SACrClU,EAAOA,EAAKptB,OAAOxG,KAAKqsD,GAG1B,IAAIl9C,EAAMykB,EAAKlyB,MAAM,EAAGqO,GAGxB,OAFA/P,KAAK6nC,QAAQ5hC,GACbjG,KAAKi3H,UACEvvF,GAAMxqB,OAAO/N,EAAK22B,EAC3B,EC5GA,IAAIX,GAASuC,GAAMvC,OAEnB,SAASwyF,GAAQlyE,EAAI5gD,GACnB7E,KAAKylD,GAAKA,EACVzlD,KAAKmlD,KAAO,KACZnlD,KAAKqlD,IAAM,KAGPxgD,EAAQsgD,MACVnlD,KAAK43H,eAAe/yH,EAAQsgD,KAAMtgD,EAAQgzH,SACxChzH,EAAQwgD,KACVrlD,KAAK83H,cAAcjzH,EAAQwgD,IAAKxgD,EAAQkzH,OAC5C,CACA,OAAiBJ,GAEjBA,GAAQK,WAAa,SAAoBvyE,EAAIJ,EAAKvf,GAChD,OAAIuf,aAAesyE,GACVtyE,EAEF,IAAIsyE,GAAQlyE,EAAI,CACrBJ,IAAKA,EACL0yE,OAAQjyF,GAEZ,EAEA6xF,GAAQM,YAAc,SAAqBxyE,EAAIN,EAAMrf,GACnD,OAAIqf,aAAgBwyE,GACXxyE,EAEF,IAAIwyE,GAAQlyE,EAAI,CACrBN,KAAMA,EACN0yE,QAAS/xF,GAEb,EAGA6xF,GAAQ32H,UAAUskD,SAAW,WAC3B,IAAID,EAAMrlD,KAAK0oD,YAEf,OAAIrD,EAAIssE,aACC,CAAElwH,QAAQ,EAAOS,OAAQ,sBAC7BmjD,EAAIC,WAEJD,EAAIn4C,IAAIlN,KAAKylD,GAAGj1C,MAAMpE,GAAGulH,aAGvB,CAAElwH,QAAQ,EAAMS,OAAQ,MAFtB,CAAET,QAAQ,EAAOS,OAAQ,uBAFzB,CAAET,QAAQ,EAAOS,OAAQ,4BAKpC,EAEAy1H,GAAQ32H,UAAU0nD,UAAY,SAAmB5iB,EAAK4oF,GAIpD,OAHK1uH,KAAKqlD,MACRrlD,KAAKqlD,IAAMrlD,KAAKylD,GAAG9gB,EAAEz3B,IAAIlN,KAAKmlD,OAE3Brf,EAGE9lC,KAAKqlD,IAAInoC,OAAO4oB,EAAK4oF,GAFnB1uH,KAAKqlD,GAGhB,EAEAsyE,GAAQ32H,UAAU2nD,WAAa,SAAoB7iB,GACjD,MAAY,QAARA,EACK9lC,KAAKmlD,KAAK54C,SAAS,GAAI,GAEvBvM,KAAKmlD,IAChB,EAEAwyE,GAAQ32H,UAAU42H,eAAiB,SAAwBhhH,EAAKkvB,GAK9D,GAJA9lC,KAAKmlD,KAAO,IAAI9D,GAAGzqC,EAAKkvB,GAAO,IAIJ,SAAvB9lC,KAAKylD,GAAGj1C,MAAMwJ,KAAiB,CACjC,IAAIrK,EAAM3P,KAAKylD,GAAGj1C,MAAMb,IACpBiiC,EAAOjiC,EAAI01G,MAAM,KAASr4G,IAAI2C,GAAK01G,MAAM,GAC7CrlH,KAAKmlD,KAAOnlD,KAAKmlD,KAAK47B,GAAGpxE,EAAI01G,MAAM,MACnCrlH,KAAKmlD,KAAOnlD,KAAKmlD,KAAK27B,IAAIlvC,QAI1B5xC,KAAKmlD,KAAOnlD,KAAKmlD,KAAKmhE,KAAKtmH,KAAKylD,GAAGj1C,MAAMpE,EAC7C,EAEAurH,GAAQ32H,UAAU82H,cAAgB,SAAuBlhH,EAAKkvB,GAC5D,GAAIlvB,EAAI9J,GAAK8J,EAAI1I,EAWf,MAP2B,SAAvBlO,KAAKylD,GAAGj1C,MAAMwJ,KAChBmrB,GAAOvuB,EAAI9J,EAAG,qBACkB,UAAvB9M,KAAKylD,GAAGj1C,MAAMwJ,MACS,YAAvBha,KAAKylD,GAAGj1C,MAAMwJ,MACvBmrB,GAAOvuB,EAAI9J,GAAK8J,EAAI1I,EAAG,qCAEzBlO,KAAKqlD,IAAMrlD,KAAKylD,GAAGj1C,MAAMs8G,MAAMl2G,EAAI9J,EAAG8J,EAAI1I,IAG5ClO,KAAKqlD,IAAMrlD,KAAKylD,GAAGj1C,MAAM89G,YAAY13G,EAAKkvB,EAC5C,EAGA6xF,GAAQ32H,UAAUsrD,OAAS,SAAgBjH,GACzC,OAAOA,EAAIn4C,IAAIlN,KAAKmlD,MAAMwpE,MAC5B,EAGAgJ,GAAQ32H,UAAU87C,KAAO,SAAczX,EAAKS,EAAKjhC,GAC/C,OAAO7E,KAAKylD,GAAG3I,KAAKzX,EAAKrlC,KAAM8lC,EAAKjhC,EACtC,EAEA8yH,GAAQ32H,UAAUq8C,OAAS,SAAgBhY,EAAKtwB,GAC9C,OAAO/U,KAAKylD,GAAGpI,OAAOhY,EAAKtwB,EAAW/U,KACxC,EAEA23H,GAAQ32H,UAAU26G,QAAU,WAC1B,MAAO,eAAiB37G,KAAKmlD,MAAQnlD,KAAKmlD,KAAK54C,SAAS,GAAI,IACrD,UAAYvM,KAAKqlD,KAAOrlD,KAAKqlD,IAAIs2D,WAAa,IACvD,ECnHA,IAAIx2E,GAASuC,GAAMvC,OAEnB,SAASoiD,GAAU1iF,EAASihC,GAC1B,GAAIjhC,aAAmB0iF,GACrB,OAAO1iF,EAEL7E,KAAKk4H,WAAWrzH,EAASihC,KAG7BX,GAAOtgC,EAAQ8I,GAAK9I,EAAQgZ,EAAG,4BAC/B7d,KAAK2N,EAAI,IAAI0zC,GAAGx8C,EAAQ8I,EAAG,IAC3B3N,KAAK6d,EAAI,IAAIwjC,GAAGx8C,EAAQgZ,EAAG,SACG5c,IAA1B4D,EAAQszH,cACVn4H,KAAKm4H,cAAgB,KAErBn4H,KAAKm4H,cAAgBtzH,EAAQszH,cACjC,CACA,OAAiB5wC,GAEjB,SAAS6wC,KACPp4H,KAAKq4H,MAAQ,CACf,CAEA,SAASC,GAAUp3G,EAAKkR,GACtB,IAAImmG,EAAUr3G,EAAIkR,EAAEimG,SACpB,KAAgB,IAAVE,GACJ,OAAOA,EAIT,IAFA,IAAIC,EAAqB,GAAVD,EACXnzF,EAAM,EACDniC,EAAI,EAAG04B,EAAMvJ,EAAEimG,MAAOp1H,EAAIu1H,EAAUv1H,IAAK04B,IAChDyJ,IAAQ,EACRA,GAAOlkB,EAAIya,GAGb,OADAvJ,EAAEimG,MAAQ18F,EACHyJ,CACT,CAEA,SAASqzF,GAAUv3G,GAGjB,IAFA,IAAIje,EAAI,EACJ8M,EAAMmR,EAAI9f,OAAS,GACf8f,EAAIje,MAAqB,IAAbie,EAAIje,EAAI,KAAcA,EAAI8M,GAC5C9M,IAEF,OAAU,IAANA,EACKie,EAEFA,EAAIxf,MAAMuB,EACnB,CAwCA,SAASy1H,GAAgBj8E,EAAK1sC,GAC5B,GAAIA,EAAM,IACR0sC,EAAI56C,KAAKkO,OADX,CAIA,IAAI4oH,EAAS,GAAKjtH,KAAKqS,IAAIhO,GAAOrE,KAAKgsE,MAAQ,GAE/C,IADAj7B,EAAI56C,KAAc,IAAT82H,KACAA,GACPl8E,EAAI56C,KAAMkO,KAAS4oH,GAAU,GAAM,KAErCl8E,EAAI56C,KAAKkO,GACX,IAjDU/O,UAAUk3H,WAAa,SAAoBpuH,EAAMg8B,GACzDh8B,EAAO49B,GAAMC,QAAQ79B,EAAMg8B,GAC3B,IAAI1T,EAAI,IAAIgmG,GACZ,GAAwB,KAApBtuH,EAAKsoB,EAAEimG,SACT,OAAO,EAGT,GADUC,GAAUxuH,EAAMsoB,GACfA,EAAEimG,QAAWvuH,EAAK1I,OAC3B,OAAO,EAET,GAAwB,IAApB0I,EAAKsoB,EAAEimG,SACT,OAAO,EAET,IAAInmG,EAAOomG,GAAUxuH,EAAMsoB,GACvBzkB,EAAI7D,EAAKpI,MAAM0wB,EAAEimG,MAAOnmG,EAAOE,EAAEimG,OAErC,GADAjmG,EAAEimG,OAASnmG,EACa,IAApBpoB,EAAKsoB,EAAEimG,SACT,OAAO,EAET,IAAIO,EAAON,GAAUxuH,EAAMsoB,GAC3B,GAAItoB,EAAK1I,SAAWw3H,EAAOxmG,EAAEimG,MAC3B,OAAO,EAET,IAAIx6G,EAAI/T,EAAKpI,MAAM0wB,EAAEimG,MAAOO,EAAOxmG,EAAEimG,OAYrC,OAXa,IAAT1qH,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEjM,MAAM,IAED,IAATmc,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEnc,MAAM,IAGd1B,KAAK2N,EAAI,IAAI0zC,GAAG1zC,GAChB3N,KAAK6d,EAAI,IAAIwjC,GAAGxjC,GAChB7d,KAAKm4H,cAAgB,MAEd,CACT,KAeUn3H,UAAU63H,MAAQ,SAAe/yF,GACzC,IAAIn4B,EAAI3N,KAAK2N,EAAEg6B,UACX9pB,EAAI7d,KAAK6d,EAAE8pB,UAYf,IATW,IAAPh6B,EAAE,KACJA,EAAI,CAAE,GAAInH,OAAOmH,IAER,IAAPkQ,EAAE,KACJA,EAAI,CAAE,GAAIrX,OAAOqX,IAEnBlQ,EAAI8qH,GAAU9qH,GACdkQ,EAAI46G,GAAU56G,KAENA,EAAE,IAAe,IAAPA,EAAE,KAClBA,EAAIA,EAAEnc,MAAM,GAEd,IAAI+6C,EAAM,CAAE,GACZi8E,GAAgBj8E,EAAK9uC,EAAEvM,SACvBq7C,EAAMA,EAAIj2C,OAAOmH,IACb9L,KAAK,GACT62H,GAAgBj8E,EAAK5+B,EAAEzc,QACvB,IAAI03H,EAAWr8E,EAAIj2C,OAAOqX,GACtB1O,EAAM,CAAE,IAGZ,OAFAupH,GAAgBvpH,EAAK2pH,EAAS13H,QAC9B+N,EAAMA,EAAI3I,OAAOsyH,GACVpxF,GAAMxqB,OAAO/N,EAAK22B,EAC3B,EC9HA,IAAIX,GAASuC,GAAMvC,OAKnB,SAAS4zF,GAAGl0H,GACV,KAAM7E,gBAAgB+4H,IACpB,OAAO,IAAIA,GAAGl0H,GAGO,iBAAZA,IACTsgC,GAAOoiB,GAAOp1B,eAAettB,GAAU,iBAAmBA,GAE1DA,EAAU0iD,GAAO1iD,IAIfA,aAAmB0iD,GAAOovE,cAC5B9xH,EAAU,CAAE2L,MAAO3L,IAErB7E,KAAKwQ,MAAQ3L,EAAQ2L,MAAMA,MAC3BxQ,KAAKoM,EAAIpM,KAAKwQ,MAAMpE,EACpBpM,KAAKg5H,GAAKh5H,KAAKoM,EAAEm5G,MAAM,GACvBvlH,KAAK2kC,EAAI3kC,KAAKwQ,MAAMm0B,EAGpB3kC,KAAK2kC,EAAI9/B,EAAQ2L,MAAMm0B,EACvB3kC,KAAK2kC,EAAEkqF,WAAWhqH,EAAQ2L,MAAMpE,EAAEqD,YAAc,GAGhDzP,KAAKgU,KAAOnP,EAAQmP,MAAQnP,EAAQ2L,MAAMwD,IAC5C,CACA,OAAiB+kH,GAEjBA,GAAG/3H,UAAU47C,QAAU,SAAiB/3C,GACtC,OAAO,IAAI8yH,GAAQ33H,KAAM6E,EAC3B,EAEAk0H,GAAG/3H,UAAUikD,eAAiB,SAAwBE,EAAMrf,GAC1D,OAAO6xF,GAAQM,YAAYj4H,KAAMmlD,EAAMrf,EACzC,EAEAizF,GAAG/3H,UAAUokD,cAAgB,SAAuBC,EAAKvf,GACvD,OAAO6xF,GAAQK,WAAWh4H,KAAMqlD,EAAKvf,EACvC,EAEAizF,GAAG/3H,UAAUwnD,WAAa,SAAoB3jD,GACvCA,IACHA,EAAU,IAGZ,IAAIo0H,EAAO,IAAInC,GAAS,CACtB9iH,KAAMhU,KAAKgU,KACXqjH,KAAMxyH,EAAQwyH,KACdC,QAASzyH,EAAQyyH,SAAW,OAC5B7uE,QAAS5jD,EAAQ4jD,SAAW7J,GAAK5+C,KAAKgU,KAAKszB,cAC3C6vF,WAAYtyH,EAAQ4jD,SAAW5jD,EAAQsyH,YAAc,OACrD1lF,MAAOzxC,KAAKoM,EAAEu7B,YAIhB,GAAwB,SAApB3nC,KAAKwQ,MAAMwJ,KAAiB,CAC9B,IAAImrC,EAAO,IAAI9D,GAAG43E,EAAK9oE,SAAS,KAChC,OAAOnwD,KAAKilD,eAAeE,GAK7B,IAFA,IAAIj+C,EAAQlH,KAAKoM,EAAEjI,aACf+0H,EAAMl5H,KAAKoM,EAAEY,IAAI,IAAIq0C,GAAG,MACzB,CAED,MADI8D,EAAO,IAAI9D,GAAG43E,EAAK9oE,SAASjpD,KACvB6zG,IAAIme,GAAO,GAIpB,OADA/zE,EAAKm4D,MAAM,GACJt9G,KAAKilD,eAAeE,GAE/B,EAEA4zE,GAAG/3H,UAAUm4H,aAAe,SAAqB9zF,EAAK+zF,EAAW19G,GAE/D,IAAIwrG,GADJxrG,EAAUA,GAA8B,EAAnB2pB,EAAIlhC,cACHnE,KAAKoM,EAAEqD,YAG7B,OAFIy3G,EAAQ,IACV7hF,EAAMA,EAAIkgF,MAAM2B,KACbkS,GAAa/zF,EAAI01E,IAAI/6G,KAAKoM,IAAM,EAC5Bi5B,EAAIr4B,IAAIhN,KAAKoM,GAEbi5B,CACX,EAEA0zF,GAAG/3H,UAAUq4H,YAAe,SAAqBh0F,GAE/C,IAAI3pB,EAUJ,OATI2pB,aAAexiC,YACjB6Y,EAA2B,EAAjB2pB,EAAIlhC,WACdkhC,EAAMrlC,KAAKm5H,aAAa,IAAI93E,GAAGhc,EAAK,KAAK,EAAO3pB,IACxB,iBAAR2pB,GAChB3pB,EAAuB,EAAb2pB,EAAIjkC,OACdikC,EAAMrlC,KAAKm5H,aAAa,IAAI93E,GAAGhc,EAAK,KAAK,EAAO3pB,IAEhD2pB,EAAMrlC,KAAKm5H,aAAa,IAAI93E,GAAGhc,EAAK,KAE/BA,CACT,EAEA0zF,GAAG/3H,UAAU87C,KAAO,SAAczX,EAAKzuB,EAAKkvB,EAAKjhC,GAC5B,iBAARihC,IACTjhC,EAAUihC,EACVA,EAAM,MAEHjhC,IACHA,EAAU,IAEZ+R,EAAM5W,KAAKilD,eAAeruC,EAAKkvB,GAC/BT,EAAMrlC,KAAKq5H,YAAYh0F,GAqBvB,IAlBA,IAAIn+B,EAAQlH,KAAKoM,EAAEjI,aACfm1H,EAAO1iH,EAAI+xC,aAAahhB,QAAQ,KAAMzgC,GAGtCuqC,EAAQpM,EAAIsC,QAAQ,KAAMzgC,GAG1B+xH,EAAO,IAAInC,GAAS,CACtB9iH,KAAMhU,KAAKgU,KACXy0C,QAAS6wE,EACT7nF,MAAOA,EACP4lF,KAAMxyH,EAAQwyH,KACdC,QAASzyH,EAAQyyH,SAAW,SAI1BiC,EAAMv5H,KAAKoM,EAAEY,IAAI,IAAIq0C,GAAG,IAEnBm4E,EAAO,GAASA,IAAQ,CAC/B,IAAIv9G,EAAIpX,EAAQoX,EACZpX,EAAQoX,EAAEu9G,GACV,IAAIn4E,GAAG43E,EAAK9oE,SAASnwD,KAAKoM,EAAEjI,eAEhC,MADA8X,EAAIjc,KAAKm5H,aAAal9G,GAAG,IACnBkrG,KAAK,IAAM,GAAKlrG,EAAE8+F,IAAIwe,IAAQ,GAApC,CAGA,IAAIE,EAAKz5H,KAAK2kC,EAAEz3B,IAAI+O,GACpB,IAAIw9G,EAAG9H,aAAP,CAGA,IAAI+H,EAAMD,EAAG9K,OACThhH,EAAI+rH,EAAIpT,KAAKtmH,KAAKoM,GACtB,GAAkB,IAAduB,EAAEw5G,KAAK,GAAX,CAGA,IAAItpG,EAAI5B,EAAEmrG,KAAKpnH,KAAKoM,GAAGc,IAAIS,EAAET,IAAI0J,EAAI+xC,cAAc97C,KAAKw4B,IAExD,GAAkB,KADlBxnB,EAAIA,EAAEyoG,KAAKtmH,KAAKoM,IACV+6G,KAAK,GAAX,CAGA,IAAIgR,GAAiBsB,EAAG7K,OAAO7H,QAAU,EAAI,IACT,IAAf2S,EAAI3e,IAAIptG,GAAW,EAAI,GAQ5C,OALI9I,EAAQ80H,WAAa97G,EAAEk9F,IAAI/6G,KAAKg5H,IAAM,IACxCn7G,EAAI7d,KAAKoM,EAAEY,IAAI6Q,GACfs6G,GAAiB,GAGZ,IAAI5wC,GAAU,CAAE55E,EAAGA,EAAGkQ,EAAGA,EAAGs6G,cAAeA,QAEtD,EAEAY,GAAG/3H,UAAUq8C,OAAS,SAAgBhY,EAAKtwB,EAAW6B,EAAKkvB,GAMzD,OALAlvB,EAAM5W,KAAKolD,cAAcxuC,EAAKkvB,GAC9B/wB,EAAY,IAAIwyE,GAAUxyE,EAAW,OAE3B/U,KAAK45H,QAAQ55H,KAAKq5H,YAAYh0F,GAAMtwB,EAAW6B,IACzD5W,KAAK45H,QAAQ55H,KAAKm5H,aAAa,IAAI93E,GAAGhc,EAAK,KAAMtwB,EAAW6B,EAE9D,EAEAmiH,GAAG/3H,UAAU44H,QAAU,SAAiBv0F,EAAKtwB,EAAW6B,GAEtD,IAAIjJ,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAClB,GAAIlQ,EAAEw5G,KAAK,GAAK,GAAKx5G,EAAEotG,IAAI/6G,KAAKoM,IAAM,EACpC,OAAO,EACT,GAAIyR,EAAEspG,KAAK,GAAK,GAAKtpG,EAAEk9F,IAAI/6G,KAAKoM,IAAM,EACpC,OAAO,EAGT,IAeIgmB,EAfAynG,EAAOh8G,EAAEupG,KAAKpnH,KAAKoM,GACnBuiD,EAAKkrE,EAAK3sH,IAAIm4B,GAAKihF,KAAKtmH,KAAKoM,GAC7BwiD,EAAKirE,EAAK3sH,IAAIS,GAAG24G,KAAKtmH,KAAKoM,GAE/B,OAAKpM,KAAKwQ,MAAMm8G,gBAWZv6F,EAAIpyB,KAAK2kC,EAAEstF,QAAQtjE,EAAI/3C,EAAI8xC,YAAakG,IACtC+iE,cAMCv/F,EAAEmiG,OAAO5mH,KAjBVykB,EAAIpyB,KAAK2kC,EAAEqtF,OAAOrjE,EAAI/3C,EAAI8xC,YAAakG,IACrC+iE,cAGkC,IAAjCv/F,EAAEu8F,OAAOrI,KAAKtmH,KAAKoM,GAAG2uG,IAAIptG,EAcrC,EAEAorH,GAAG/3H,UAAU84H,cAAgB,SAASz0F,EAAKtwB,EAAW4H,EAAGmpB,GACvDX,IAAQ,EAAIxoB,KAAOA,EAAG,4CACtB5H,EAAY,IAAIwyE,GAAUxyE,EAAW+wB,GAErC,IAAI15B,EAAIpM,KAAKoM,EACT/H,EAAI,IAAIg9C,GAAGhc,GACX13B,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAGdk8G,EAAa,EAAJp9G,EACTq9G,EAAcr9G,GAAK,EACvB,GAAIhP,EAAEotG,IAAI/6G,KAAKwQ,MAAM4hB,EAAEk0F,KAAKtmH,KAAKwQ,MAAMpE,KAAO,GAAK4tH,EACjD,MAAU92H,MAAM,wCAIhByK,EADEqsH,EACEh6H,KAAKwQ,MAAM+9G,WAAW5gH,EAAE1H,IAAIjG,KAAKwQ,MAAMpE,GAAI2tH,GAE3C/5H,KAAKwQ,MAAM+9G,WAAW5gH,EAAGosH,GAE/B,IAAIE,EAAOllH,EAAUpH,EAAEy5G,KAAKh7G,GACxB+f,EAAK/f,EAAEY,IAAI3I,GAAG6I,IAAI+sH,GAAM3T,KAAKl6G,GAC7BggB,EAAKvO,EAAE3Q,IAAI+sH,GAAM3T,KAAKl6G,GAI1B,OAAOpM,KAAK2kC,EAAEqtF,OAAO7lG,EAAIxe,EAAGye,EAC9B,EAEA2sG,GAAG/3H,UAAUk5H,oBAAsB,SAAS71H,EAAG0Q,EAAW8zC,EAAG/iB,GAE3D,GAAgC,QADhC/wB,EAAY,IAAIwyE,GAAUxyE,EAAW+wB,IACvBqyF,cACZ,OAAOpjH,EAAUojH,cAEnB,IAAK,IAAIl1H,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAC1B,IAAIk3H,EACJ,IACEA,EAASn6H,KAAK85H,cAAcz1H,EAAG0Q,EAAW9R,GAC1C,MAAOoB,GACP,SAGF,GAAI81H,EAAOjxE,GAAGL,GACZ,OAAO5lD,EAEX,MAAUC,MAAM,uCAClB,ECxQA,IAAIiiC,GAASuC,GAAMvC,OACfymF,GAAalkF,GAAMkkF,WACnBF,GAAiBhkF,GAAMgkF,eAW3B,SAASiM,GAAQhlH,EAAOo0C,GAItB,GAHA/mD,KAAK2S,MAAQA,EACTo0C,EAAO50B,eAAe,YACxBnyB,KAAKo6H,QAAUxO,GAAW7kE,EAAOyF,SAC/B75C,EAAM0nH,QAAQtzE,EAAO1B,KACvBrlD,KAAKs6H,KAAOvzE,EAAO1B,SAMnB,GAJArlD,KAAKu6H,UAAY3O,GAAW7kE,EAAO1B,KAC/BrlD,KAAKu6H,WAAuC,KAA1Bv6H,KAAKu6H,UAAUn5H,QACX,KAAtBpB,KAAKu6H,UAAU,KACjBv6H,KAAKu6H,UAAYv6H,KAAKu6H,UAAU74H,MAAM,EAAG,KACvC1B,KAAKu6H,WAAuC,KAA1Bv6H,KAAKu6H,UAAUn5H,OACnC,MAAU8B,MAAM,mCAEtB,IAEQ80H,WAAa,SAAoBrlH,EAAO0yC,GAC9C,OAAIA,aAAesyE,GACVtyE,EACF,IAAIsyE,GAAQhlH,EAAO,CAAE0yC,IAAKA,GACnC,KAEQm1E,WAAa,SAAoB7nH,EAAO65C,GAC9C,OAAIA,aAAkBmrE,GACbnrE,EACF,IAAImrE,GAAQhlH,EAAO,CAAE65C,OAAQA,GACtC,KAEQxrD,UAAUwrD,OAAS,WACzB,OAAOxsD,KAAKo6H,OACd,EAEA1O,GAAeiM,GAAS,YAAY,WAClC,OAAO33H,KAAK2S,MAAM8nH,YAAYz6H,KAAKqlD,MACrC,IAEAqmE,GAAeiM,GAAS,OAAO,WAC7B,OAAI33H,KAAKu6H,UACAv6H,KAAK2S,MAAM27G,YAAYtuH,KAAKu6H,WAC9Bv6H,KAAK2S,MAAMgyB,EAAEz3B,IAAIlN,KAAKmlD,OAC/B,IAEAumE,GAAeiM,GAAS,aAAa,WACnC,IAAIhlH,EAAQ3S,KAAK2S,MACbqB,EAAOhU,KAAKgU,OACZ0mH,EAAS/nH,EAAMgoH,eAAiB,EAGhCtsH,EAAI2F,EAAKtS,MAAM,EAAGiR,EAAMgoH,gBAK5B,OAJAtsH,EAAE,IAAM,IACRA,EAAEqsH,IAAW,IACbrsH,EAAEqsH,IAAW,GAENrsH,CACT,IAEAq9G,GAAeiM,GAAS,QAAQ,WAC9B,OAAO33H,KAAK2S,MAAMioH,UAAU56H,KAAK66H,YACnC,IAEAnP,GAAeiM,GAAS,QAAQ,WAC9B,OAAO33H,KAAK2S,MAAMqB,OAAOyzB,OAAOznC,KAAKwsD,UAAU1kB,QACjD,IAEA4jF,GAAeiM,GAAS,iBAAiB,WACvC,OAAO33H,KAAKgU,OAAOtS,MAAM1B,KAAK2S,MAAMgoH,eACtC,OAEQ35H,UAAU87C,KAAO,SAAcvjC,GAErC,OADA4rB,GAAOnlC,KAAKo6H,QAAS,2BACdp6H,KAAK2S,MAAMmqC,KAAKvjC,EAASvZ,KAClC,KAEQgB,UAAUq8C,OAAS,SAAgB9jC,EAAS6jC,GAClD,OAAOp9C,KAAK2S,MAAM0qC,OAAO9jC,EAAS6jC,EAAKp9C,KACzC,KAEQgB,UAAU85H,UAAY,SAAmBh1F,GAE/C,OADAX,GAAOnlC,KAAKo6H,QAAS,0BACd1yF,GAAMxqB,OAAOld,KAAKwsD,SAAU1mB,EACrC,KAEQ9kC,UAAU0nD,UAAY,SAAmB5iB,EAAK4oF,GACpD,OAAOhnF,GAAMxqB,QAAQwxG,EAAU,CAAE,IAAS,IAAIloH,OAAOxG,KAAK+6H,YAAaj1F,EACzE,EAEA,OAAiB6xF,GClGbxyF,GAASuC,GAAMvC,OACfumF,GAAiBhkF,GAAMgkF,eACvBE,GAAalkF,GAAMkkF,WAUvB,SAASrkC,GAAU50E,EAAOyqC,GACxBp9C,KAAK2S,MAAQA,EAEM,iBAARyqC,IACTA,EAAMwuE,GAAWxuE,IAEfv9C,MAAMW,QAAQ48C,KAChBA,EAAM,CACJhzB,EAAGgzB,EAAI17C,MAAM,EAAGiR,EAAMgoH,gBACtBlnF,EAAG2J,EAAI17C,MAAMiR,EAAMgoH,kBAIvBx1F,GAAOiY,EAAIhzB,GAAKgzB,EAAI3J,EAAG,4BAEnB9gC,EAAM0nH,QAAQj9E,EAAIhzB,KACpBpqB,KAAKg7H,GAAK59E,EAAIhzB,GACZgzB,EAAI3J,aAAa4N,KACnBrhD,KAAKi7H,GAAK79E,EAAI3J,GAEhBzzC,KAAKk7H,UAAYr7H,MAAMW,QAAQ48C,EAAIhzB,GAAKgzB,EAAIhzB,EAAIgzB,EAAI+9E,SACpDn7H,KAAKo7H,UAAYv7H,MAAMW,QAAQ48C,EAAI3J,GAAK2J,EAAI3J,EAAI2J,EAAIi+E,QACtD,IAEe9zC,GAAW,KAAK,WAC7B,OAAOvnF,KAAK2S,MAAMioH,UAAU56H,KAAKq7H,WACnC,OAEe9zC,GAAW,KAAK,WAC7B,OAAOvnF,KAAK2S,MAAM27G,YAAYtuH,KAAKm7H,WACrC,OAEe5zC,GAAW,YAAY,WACpC,OAAOvnF,KAAK2S,MAAM8nH,YAAYz6H,KAAKoqB,IACrC,OAEem9D,GAAW,YAAY,WACpC,OAAOvnF,KAAK2S,MAAM2oH,UAAUt7H,KAAKyzC,IACnC,OAEUzyC,UAAUu6H,QAAU,WAC5B,OAAOv7H,KAAKm7H,WAAW30H,OAAOxG,KAAKq7H,WACrC,KAEUr6H,UAAUqmB,MAAQ,WAC1B,OAAOqgB,GAAMxqB,OAAOld,KAAKu7H,UAAW,OAAO9kD,aAC7C,EAEA,OAAiB8Q,GCzDbpiD,GAASuC,GAAMvC,OACfymF,GAAalkF,GAAMkkF,WAIvB,SAAS4P,GAAMhrH,GAGb,GAFA20B,GAAiB,YAAV30B,EAAqB,qCAEtBxQ,gBAAgBw7H,IACpB,OAAO,IAAIA,GAAMhrH,GAEfA,EAAQ+2C,GAAO/2C,GAAOA,MAC1BxQ,KAAKwQ,MAAQA,EACbxQ,KAAK2kC,EAAIn0B,EAAMm0B,EACf3kC,KAAK2kC,EAAEkqF,WAAWr+G,EAAMpE,EAAEqD,YAAc,GAExCzP,KAAKy7H,WAAajrH,EAAMs8G,QAAQhtH,YAChCE,KAAK26H,eAAiBjvH,KAAKmQ,KAAKrL,EAAMpE,EAAEqD,YAAc,GACtDzP,KAAKgU,KAAOA,GAAKM,MACnB,CAEA,OAAiBknH,GAOjBA,GAAMx6H,UAAU87C,KAAO,SAAcvjC,EAASizC,GAC5CjzC,EAAUqyG,GAAWryG,GACrB,IAAI3C,EAAM5W,KAAK07H,cAAclvE,GACzB7+C,EAAI3N,KAAK27H,QAAQ/kH,EAAIglH,gBAAiBriH,GACtC6Q,EAAIpqB,KAAK2kC,EAAEz3B,IAAIS,GACfwtH,EAAWn7H,KAAKy6H,YAAYrwG,GAC5ByxG,EAAK77H,KAAK27H,QAAQR,EAAUvkH,EAAImkH,WAAYxhH,GAClCrM,IAAI0J,EAAIuuC,QAClB1R,EAAI9lC,EAAE1H,IAAI41H,GAAIvV,KAAKtmH,KAAKwQ,MAAMpE,GAClC,OAAOpM,KAAK87H,cAAc,CAAE1xG,EAAGA,EAAGqpB,EAAGA,EAAG0nF,SAAUA,GACpD,EAQAK,GAAMx6H,UAAUq8C,OAAS,SAAgB9jC,EAAS6jC,EAAKiI,GACrD9rC,EAAUqyG,GAAWryG,GACrB6jC,EAAMp9C,KAAK87H,cAAc1+E,GACzB,IAAIxmC,EAAM5W,KAAKolD,cAAcC,GACzBlpC,EAAInc,KAAK27H,QAAQv+E,EAAI+9E,WAAYvkH,EAAImkH,WAAYxhH,GACjDwiH,EAAK/7H,KAAK2kC,EAAEz3B,IAAIkwC,EAAI3J,KAExB,OADc2J,EAAIhzB,IAAInkB,IAAI2Q,EAAIyuC,MAAMn4C,IAAIiP,IACzB+sC,GAAG6yE,EACpB,EAEAP,GAAMx6H,UAAU26H,QAAU,WAExB,IADA,IAAI3nH,EAAOhU,KAAKgU,OACP/Q,EAAI,EAAGA,EAAIs5C,UAAUn7C,OAAQ6B,IACpC+Q,EAAKyzB,OAAO8U,UAAUt5C,IACxB,OAAOykC,GAAMmkF,UAAU73G,EAAK8zB,UAAUw+E,KAAKtmH,KAAKwQ,MAAMpE,EACxD,EAEAovH,GAAMx6H,UAAU47C,QAAU,SAAiB/3C,GACzC,OAAO,IAAI8yH,GAAQ33H,KAAM6E,EAC3B,EAEA22H,GAAMx6H,UAAUokD,cAAgB,SAAuBC,GACrD,OAAOsyE,GAAQK,WAAWh4H,KAAMqlD,EAClC,EAEAm2E,GAAMx6H,UAAU06H,cAAgB,SAAuBlvE,GACrD,OAAOmrE,GAAQ6C,WAAWx6H,KAAMwsD,EAClC,EAEAgvE,GAAMx6H,UAAUwnD,WAAa,SAAoB3jD,GAC1CA,IACHA,EAAU,IAGZ,IAAIo0H,EAAO,IAAInC,GAAS,CACtB9iH,KAAMhU,KAAKgU,KACXqjH,KAAMxyH,EAAQwyH,KACdC,QAASzyH,EAAQyyH,SAAW,OAC5B7uE,QAAS5jD,EAAQ4jD,SAAW7J,GAAK5+C,KAAKgU,KAAKszB,cAC3C6vF,WAAYtyH,EAAQ4jD,SAAW5jD,EAAQsyH,YAAc,OACrD1lF,MAAOzxC,KAAKwQ,MAAMpE,EAAEu7B,YAGtB,OAAO3nC,KAAK07H,cAAczC,EAAK9oE,SAAS,IAC1C,EAEAqrE,GAAMx6H,UAAU86H,cAAgB,SAAuB1+E,GACrD,OAAIA,aAAemqC,GACVnqC,EACF,IAAImqC,GAAUvnF,KAAMo9C,EAC7B,EAUAo+E,GAAMx6H,UAAUy5H,YAAc,SAAqB3N,GACjD,IAAIhnF,EAAMgnF,EAAM8B,OAAOjnF,QAAQ,KAAM3nC,KAAK26H,gBAE1C,OADA70F,EAAI9lC,KAAK26H,eAAiB,IAAM7N,EAAM6B,OAAO5H,QAAU,IAAO,EACvDjhF,CACT,EAEA01F,GAAMx6H,UAAUstH,YAAc,SAAqBpnH,GAGjD,IAAIwzH,GAFJxzH,EAAQwgC,GAAMkkF,WAAW1kH,IAEN9F,OAAS,EACxB46H,EAAS90H,EAAMxF,MAAM,EAAGg5H,GAAQl0H,QAAuB,IAAhBU,EAAMwzH,IAC7CuB,EAAoC,IAAV,IAAhB/0H,EAAMwzH,IAEhBxsH,EAAIw5B,GAAMmkF,UAAUmQ,GACxB,OAAOh8H,KAAKwQ,MAAM8kH,WAAWpnH,EAAG+tH,EAClC,EAEAT,GAAMx6H,UAAUs6H,UAAY,SAAmBr0F,GAC7C,OAAOA,EAAIU,QAAQ,KAAM3nC,KAAK26H,eAChC,EAEAa,GAAMx6H,UAAU45H,UAAY,SAAmB1zH,GAC7C,OAAOwgC,GAAMmkF,UAAU3kH,EACzB,EAEAs0H,GAAMx6H,UAAUq5H,QAAU,SAAiBj1F,GACzC,OAAOA,aAAeplC,KAAKy7H,UAC7B,2BC1IA,IAAIj2E,EAAWxH,EAEfwH,EAAS9d,MAAQkuF,GACjBpwE,EAAS5G,KAAOk3E,GAChBtwE,EAASh1C,MAAQulH,GACjBvwE,EAAS+B,OAAS0uE,GAGlBzwE,EAASC,GAAK4wE,GACd7wE,EAAS7yC,MAAQupH,8MCyBjB,MACa77G,iBACT,OAAOU,EAAMlM,OAAOS,OAQtBpU,KAAKgG,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,GAMZpF,QACE,OAAO,IAAIe,WAAW,CAAC,GAAM,GAAM,qZCtCvC,MACawd,iBACT,OAAOU,EAAMlM,OAAOW,MAOtBtU,OACE,MAAM,IAAI4lD,GAAiB,mCAG7BhlD,QACE,MAAM,IAAIglD,GAAiB,uJ7BgLxB3lD,gBAAsC8U,KAAEA,KAASkmH,IACtD,IAAKlmH,EACH,MAAU/S,MAAM,sEAElB,IAAKkX,EAAKC,SAASpE,GACjB,MAAU/S,MAAM,yDAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,OAAO,IAAIw0F,GAAiB//E,EAC9B,kBDkrBO9U,gBAA6B8U,KAAEA,EAAID,OAAEA,EAAMu8D,SAAEA,EAAQD,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,QAAkBrhD,IAATgV,EAAqB,OAAS,aAAakmH,IACnI,IAAI77H,OAAiBW,IAATgV,EAAqBA,EAAOD,EACxC,QAAc/U,IAAVX,EACF,MAAU4C,MAAM,yEAElB,GAAI+S,IAASmE,EAAKC,SAASpE,KAAUmE,EAAK5X,SAASyT,GACjD,MAAU/S,MAAM,0DAElB,GAAI8S,IAAWoE,EAAKxX,aAAaoT,KAAYoE,EAAK5X,SAASwT,GACzD,MAAU9S,MAAM,gEAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,MAAMoE,EAAawU,EAAK5X,SAASlC,GAC7BsF,UACIy2H,IACN/7H,EAAQg8H,EAAgBh8H,IAE1B,MAAMy0F,EAAoB,IAAI1iB,GAAkBC,QACnCrxE,IAATgV,EACF8+E,EAAkBviB,QAAQlyE,EAAOygB,EAAMjf,MAAMif,EAAMhL,QAASusC,IAE5DyyC,EAAkBpiB,SAASryE,EAAOygB,EAAMjf,MAAMif,EAAMhL,QAASusC,SAE9CrhD,IAAbsxE,GACFwiB,EAAkBniB,YAAYL,GAEhC,MAAMgqD,EAAwB,IAAIvlD,GAClCulD,EAAsB16H,KAAKkzF,GAC3B,MAAMx7E,EAAU,IAAIw4E,GAAQwqC,GAE5B,OADAhjH,EAAQ49D,WAAavxE,EACd2T,CACT,YE/lBOpY,gBAAuBoY,QAAEA,EAAO64E,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAW7G,iBAAEA,EAAgB+wC,aAAEA,GAAe,EAAKl6E,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAW03G,IAGxL,GAF0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa78E,GAAUkyE,EAAmB9jD,GAAQ8jD,GAAmB2G,EAAiBzqD,GAAQyqD,GAAiBC,EAAY1qD,GAAQ0qD,GAAYC,EAAc3qD,GAAQ2qD,GACjK6pC,EAAKtsC,YAAa,MAAU3sF,MAAM,iGACtC,GAAIi5H,EAAKM,WAAY,MAAUv5H,MAAM,kGACrC,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IACE,MAAMw4E,QAAkBzgE,EAAQoZ,QAAQy/D,EAAgBC,EAAWC,EAAahgB,EAAM7tD,GACjFgnE,IACHA,EAAmB,IAGrB,MAAMhqF,EAAS,GAKf,GAJAA,EAAOqmF,WAAa/yE,QAAkBilE,EAAU0b,eAAe3gF,EAAW02E,EAAkBnZ,EAAM7tD,SAAgBu1D,EAAU38B,OAAOouC,EAAkBnZ,EAAM7tD,GAC3JhjB,EAAOqI,KAAkB,WAAXw4C,EAAsB03B,EAAU6Z,iBAAmB7Z,EAAUvH,UAC3EhxE,EAAO8wE,SAAWyH,EAAUnH,cAC5BmkB,GAAYv1F,EAAQ8X,GAChBijH,EAAc,CAChB,GAAgC,IAA5B/wC,EAAiBrqF,OACnB,MAAU8B,MAAM,+DAElB,GAAiC,IAA7BzB,EAAOqmF,WAAW1mF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOqI,KAAOyT,EAAc,CAC1B9b,EAAOqI,KACPmrE,GAAiB9zE,gBACTiZ,EAAKkG,WAAW7e,EAAOqmF,WAAW5/E,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAxxE,EAAOqI,WAAa6sF,GAAcl1F,EAAOqI,KAAMyP,EAAQ49D,WAAY70B,GAC5D7gD,EACP,MAAO2/C,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,eAvMOjgD,gBAA0BqY,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAW03G,IAC1B3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAM23G,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAAKgY,EAAW6xE,YACd,MAAUnoF,MAAM,+BAElB,MAAMw5H,EAAmBljH,EAAW7X,OAAM,GACpCg7H,EAAcviH,EAAK5Z,QAAQg8E,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMv8E,QAAQ2H,IAAI80H,EAAiB/wC,UAAUzjF,KAAI0O,GAE/CwD,EAAKkG,WAAWq8G,EAAYz0H,KAAIs0E,GAAc5lE,EAAI2mE,UAAU5qD,QAAQ6pD,eAGhEkgD,EAAiBp3E,SAAS7gC,GACzBi4G,EACP,MAAOt7E,GAEP,MADAs7E,EAAiBl9C,qBACXplE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,uBAyYOjgD,gBAAkCoY,QAAEA,EAAO64E,eAAEA,EAAcC,UAAEA,EAAS/f,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAW03G,IAG3G,GAF0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa78E,GAAU64E,EAAiBzqD,GAAQyqD,GAAiBC,EAAY1qD,GAAQ0qD,GACjF8pC,EAAKtsC,YAAa,MAAU3sF,MAAM,4GACtC,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAEE,aAD0B+X,EAAQi5E,mBAAmBJ,EAAgBC,EAAW/f,EAAM7tD,GAEtF,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,gCAAiCmhC,GAE1D,YA9UOjgD,gBAAuBoY,QAAEA,EAAOu6E,eAAEA,EAAc1I,YAAEA,EAAWiH,UAAEA,EAAS5W,WAAEA,EAAUn5B,OAAEA,EAAS,UAASvtC,UAAEA,EAAY,KAAIq/E,SAAEA,GAAW,EAAKU,cAAEA,EAAgB,GAAET,iBAAEA,EAAmB,GAAE/hB,KAAEA,EAAO,IAAI13D,KAAMgiH,eAAEA,EAAiB,GAAEC,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,UAAIr4G,KAAW03G,IAKlS,GAJ0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC2xE,GAAa78E,GAAU+8E,GAAyBh0C,GAChDwxC,EAAiBnsD,GAAQmsD,GAAiB1I,EAAczjD,GAAQyjD,GAAciH,EAAY1qD,GAAQ0qD,GAClGyC,EAAgBntD,GAAQmtD,GAAgBT,EAAmB1sD,GAAQ0sD,GAAmBuoC,EAAiBj1F,GAAQi1F,GAAiBC,EAAoBl1F,GAAQk1F,GAAoBC,EAAqBn1F,GAAQm1F,GACzMX,EAAKh/E,SACP,MAAUj6C,MAAM,+JAElB,GAAIi5H,EAAKM,WAAY,MAAUv5H,MAAM,gGACrC,GAAIi5H,EAAKtsC,YAAa,MAAU3sF,MAAM,8FACtC,QAAmBjC,IAAfk7H,EAAKhjH,MAAqB,MAAUjW,MAAM,oFAC9C,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAE3H4pF,IACHA,EAAc,IAEhB,MAAMwL,EAAYr9E,EAAQ49D,WAC1B,IASE,IARIiU,EAAYhqF,QAAU2T,KACxBwE,QAAgBA,EAAQujC,KAAKsuC,EAAar2E,EAAW+/E,EAAexiB,EAAMsqD,EAAgBE,EAAoBr4G,IAEhHlL,EAAUA,EAAQg/D,eACV2Q,GAAiB,cAAe4K,EAAgBxhB,EAAMuqD,EAAmBp4G,GAC/EA,GAEFlL,QAAgBA,EAAQmZ,QAAQohE,EAAgBzB,EAAW5W,EAAY2Y,EAAUC,EAAkB/hB,EAAMuqD,EAAmBp4G,GAC7G,WAAX69B,EAAqB,OAAO/oC,EAEhC,MAAMJ,EAAmB,YAAXmpC,EAEd,OAAOq0C,GADMx9E,EAAQI,EAAQJ,MAAMsL,GAAUlL,EAAQzX,QAC1B80F,EAAWz9E,EAAQ,OAAS,UACvD,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,eA7FOjgD,gBAA0BqY,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAW03G,IAC1B3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAM23G,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAAKgY,EAAW6xE,YACd,MAAUnoF,MAAM,+BAElB,MAAMw5H,EAAmBljH,EAAW7X,OAAM,GAEpCwxB,EAAOupG,EAAiB/wC,UACxBgxC,EAAcviH,EAAK5Z,QAAQg8E,GAAcA,EAAiB38E,MAAMszB,EAAK/xB,QAAQ0+C,KAAK08B,GACxF,GAAImgD,EAAYv7H,SAAW+xB,EAAK/xB,OAC9B,MAAU8B,MAAM,0DAGlB,IAME,aALMjD,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,MAAOyV,EAAK3T,KACrC,MAAMs6E,UAAEA,GAAc3mE,QAChB2mE,EAAU7qD,QAAQiqG,EAAY15H,GAAIwhB,GACxC84D,EAAUiC,oBAAoB,KAEzBk9C,EACP,MAAOt7E,GAEP,MADAs7E,EAAiBl9C,qBACXplE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,sBAiUOjgD,gBAAiC2I,KAAEA,EAAI+/C,UAAEA,EAASwwB,cAAEA,EAAayZ,eAAEA,EAAczB,UAAEA,EAAS/vC,OAAEA,EAAS,UAAS8xC,SAAEA,GAAW,EAAKC,iBAAEA,EAAmB,GAAE/hB,KAAEA,EAAO,IAAI13D,KAAMiiH,kBAAEA,EAAoB,UAAIp4G,KAAW03G,IAItN,GAH0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAgElC,SAAqB3a,EAAMoB,GACzB,IAAKkP,EAAKxX,aAAakH,GACrB,MAAU5G,MAAM,eAAiBgI,GAAQ,QAAU,+BAEvD,CAnEE6xH,CAAYjzH,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAKkP,EAAKC,SAASvQ,GACjB,MAAU5G,MAAM,eAAiBgI,GAAQ,QAAU,2BAEvD,CA9DqB8xH,CAAYnzE,EAAW,aAAcysC,GAAyBh0C,GACjFwxC,EAAiBnsD,GAAQmsD,GAAiBzB,EAAY1qD,GAAQ0qD,GAAYgC,EAAmB1sD,GAAQ0sD,GAAmBwoC,EAAoBl1F,GAAQk1F,GAChJV,EAAKM,WAAY,MAAUv5H,MAAM,0GACrC,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,KAAMsyF,GAA4C,IAA1BA,EAAe1yF,QAAmBixF,GAAkC,IAArBA,EAAUjxF,QAC/E,MAAU8B,MAAM,6CAGlB,IAEE,OAAO+zF,SADelF,GAAQuC,kBAAkBxqF,EAAM+/C,EAAWwwB,EAAeyZ,EAAgBzB,EAAW+B,EAAUC,EAAkB/hB,EAAMuqD,EAAmBp4G,GACnI69B,EAAQ79B,GACrC,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,0BAlgBOjgD,gBAA2BgoF,QAAEA,EAAU,GAAE3M,WAAEA,EAAUxiE,KAAEA,EAAO,MAAK2tE,QAAEA,EAAU,KAAIn3E,MAAEA,EAAQ,aAAYgH,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAO,IAAI13D,KAAMizE,QAAEA,EAAU,CAAC,IAAGvrC,OAAEA,EAAS,iBAAW79B,KAAW03G,IAC/J3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC0kE,EAAUxhD,GAAQwhD,GAClB,MAAMizC,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAuB,IAAnB2nF,EAAQ/nF,OACV,MAAU8B,MAAM,2CAElB,GAAa,QAAT8W,GAAkB2tE,EAAUljE,EAAO5B,WACrC,MAAU3f,MAAM,8BAA8BuhB,EAAO5B,oBAAoB8kE,KAG3E,MAAM9iF,EAAU,CAAEskF,UAAS3M,aAAYxiE,OAAM2tE,UAASn3E,QAAOgH,oBAAmB86D,OAAMub,WAEtF,IACE,MAAMj3E,IAAEA,EAAGg5E,sBAAEA,SHaVzuF,eAAwB0D,EAAS4f,GACtC5f,EAAQi4C,MAAO,GACfj4C,EAAUgsF,GAA0BhsF,IAC5BgpF,QAAUhpF,EAAQgpF,QAAQ3lF,KAAI,CAACsgF,EAAQ/oE,IAAUoxE,GAA0BhsF,EAAQgpF,QAAQpuE,GAAQ5a,KAC3G,IAAI0b,EAAW,CAAC08G,GAAyBp4H,EAAS4f,IAClDlE,EAAWA,EAAS/Z,OAAO3B,EAAQgpF,QAAQ3lF,KAAIrD,GAAWisF,GAA4BjsF,EAAS4f,MAC/F,MAAMwyD,QAAgBh3E,QAAQ2H,IAAI2Y,GAE5B3J,QAAYu6E,GAAcla,EAAQ,GAAIA,EAAQv1E,MAAM,GAAImD,EAAS4f,GACjEmrE,QAA8Bh5E,EAAIsmH,yBAAyBr4H,EAAQytE,KAAM7tD,GAE/E,OADA7N,EAAIq0E,qBAAuB,GACpB,CAAEr0E,MAAKg5E,wBAChB,CGzBiDz/B,CAAStrD,EAAS4f,GAG/D,OAFA7N,EAAI+0E,UAAUvoF,SAAQ,EAAGm6E,eAAgBmN,GAAqBnN,EAAW94D,KAElE,CACLjL,WAAYy9E,GAAargF,EAAK0rC,EAAQ79B,GACtCvS,UAAW+kF,GAAargF,EAAIu5E,WAAY7tC,EAAQ79B,GAChDmrE,yBAEF,MAAOxuC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,uBAsbOjgD,gBAAkC2yF,eAAEA,EAAcxhB,KAAEA,EAAO,IAAI13D,KAAMiiH,kBAAEA,EAAoB,UAAIp4G,KAAW03G,IAG/G,GAF0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChCqvE,EAAiBnsD,GAAQmsD,GAAiB+oC,EAAoBl1F,GAAQk1F,GAClEV,EAAKM,WAAY,MAAUv5H,MAAM,2GACrC,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAEE,aAD0BuwF,GAAQ9U,mBAAmB6W,EAAgBxhB,EAAMuqD,EAAmBp4G,GAE9F,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,yBD5YOjgD,gBAAoCg8H,iBAAEA,SAAkB14G,KAAW03G,IAExE,GADA13G,EAAS,IAAKsB,MAAkBtB,IAC3B04G,EACH,MAAUj6H,MAAM,gFAElB,IAAKkX,EAAKC,SAAS8iH,GACjB,MAAUj6H,MAAM,mEAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,MAAMlB,QAAcwlB,GAAQq3G,GAC5B,GAAI78H,EAAM0Z,OAAS+G,EAAM5H,MAAMG,OAC7B,MAAUpW,MAAM,gCAElB,MAAMskF,QAAmBxQ,GAAW2B,WAAWr4E,EAAMwJ,KAAMgtE,GAAgBryD,IAY7E,SAAuBe,EAASgiE,GAC9B,MAAM41C,EAAiB,SAASC,GAC9B,MAAM/zD,EAAQz0D,GAAU26B,GAAQ36B,EAAOw+D,gBAAkB7jC,EAEzD,IAAK,IAAIvsC,EAAI,EAAGA,EAAIukF,EAAWpmF,OAAQ6B,IACrC,GAAIukF,EAAWvkF,GAAGnD,YAAYugB,MAAQU,EAAMlM,OAAOE,YAAcsoH,EAAUp1H,KAAKqhE,EAAMke,EAAWvkF,KAC/F,OAAO,EAGX,OAAO,GAGT,IAAIq6H,EAAY,KACZD,EAAY,GAoBhB,GAnBA73G,EAAQpiB,SAAQ,SAASihB,GAEvB,GADAi5G,EAAYj5G,EAAOC,MAAM,iBACrBg5G,EAaF,MAAUp6H,MAAM,0DAZhBo6H,EAAYA,EAAU,GAAG17G,QAAQ,MAAO,IACxC07G,EAAYA,EAAUv9G,MAAM,KAC5Bu9G,EAAYA,EAAUp1H,KAAI,SAAS8L,GACjCA,EAAOA,EAAKm0E,cACZ,IACE,OAAOpnE,EAAMjf,MAAMif,EAAM/M,KAAMA,GAC/B,MAAO3P,GACP,MAAUnB,MAAM,2CAA6C8Q,OAGjEqpH,EAAYA,EAAU72H,OAAO82H,OAM5BD,EAAUj8H,SAAWg8H,EAAe,CAACr8G,EAAM/M,KAAKC,MACnD,MAAU/Q,MAAM,qFACX,GAAIm6H,EAAUj8H,SAAWg8H,EAAeC,GAC7C,MAAUn6H,MAAM,wDAEpB,CAjDEqiB,CAAcjlB,EAAMklB,QAASgiE,GAC7B,MAAMzyE,EAAY,IAAIwyE,GAAUC,GAChC,OAAO,IAAIwO,GAAiB11F,EAAM2V,KAAMlB,EAC1C,YF+IO5T,gBAAuBo8H,WAAEA,EAAUC,UAAEA,SAAW/4G,KAAW03G,IAEhE,GADA13G,EAAS,IAAKsB,MAAkBtB,IAC3B84G,IAAeC,EAClB,MAAUt6H,MAAM,4EAElB,GAAIq6H,IAAenjH,EAAKC,SAASkjH,GAC/B,MAAUr6H,MAAM,gDAElB,GAAIs6H,IAAcpjH,EAAKxX,aAAa46H,GAClC,MAAUt6H,MAAM,mDAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAAIlB,EACJ,GAAIi9H,EAAY,CACd,MAAMvjH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQy3G,EAAY94G,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WAC3D,MAAUtW,MAAM,gCAElB5C,EAAQwJ,OAERxJ,EAAQk9H,EAGV,OAAOtsC,SADkBla,GAAW2B,WAAWr4E,EAAO2wF,GAAmBxsE,GAE3E,aAiDOtjB,gBAAwBs8H,YAAEA,EAAWC,WAAEA,SAAYj5G,KAAW03G,IACnE13G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQm9H,GAAeC,EAC3B,IAAKp9H,EACH,MAAU4C,MAAM,+EAElB,GAAIu6H,IAAgBrjH,EAAKC,SAASojH,GAChC,MAAUv6H,MAAM,kDAElB,GAAIw6H,IAAetjH,EAAKxX,aAAa86H,GACnC,MAAUx6H,MAAM,qDAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAIi8H,EAAa,CACf,MAAMzjH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQ23G,EAAah5G,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WACzD,MAAUtW,MAAM,gCAElB5C,EAAQwJ,EAEV,MAAMqpB,EAAO,GACPq0D,QAAmBxQ,GAAW2B,WAAWr4E,EAAO2wF,GAAmBxsE,GACnEk5G,EAAWn2C,EAAWvP,WAAWl3D,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOK,WAC5E,GAAwB,IAApByoH,EAASv8H,OACX,MAAU8B,MAAM,uBAElB,IAAK,IAAID,EAAI,EAAGA,EAAI06H,EAASv8H,OAAQ6B,IAAK,CACxC,MACM26H,EAAS1sC,GADI1J,EAAW9lF,MAAMi8H,EAAS16H,GAAI06H,EAAS16H,EAAI,KAE9DkwB,EAAKtxB,KAAK+7H,GAEZ,OAAOzqG,CACT,gBC6cOhyB,gBAA2B08H,eAAEA,EAAcC,cAAEA,SAAer5G,KAAW03G,IAC5E13G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQu9H,GAAkBC,EAC9B,IAAKx9H,EACH,MAAU4C,MAAM,wFAElB,GAAI26H,IAAmBzjH,EAAKC,SAASwjH,KAAoBzjH,EAAK5X,SAASq7H,GACrE,MAAU36H,MAAM,kEAElB,GAAI46H,IAAkB1jH,EAAKxX,aAAak7H,KAAmB1jH,EAAK5X,SAASs7H,GACvE,MAAU56H,MAAM,qEAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,MAAMoE,EAAawU,EAAK5X,SAASlC,GAKjC,GAJIsF,UACIy2H,IACN/7H,EAAQg8H,EAAgBh8H,IAEtBu9H,EAAgB,CAClB,MAAM7jH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQxlB,EAAOmkB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMI,QACvB,MAAUrW,MAAM,oCAElB5C,EAAQwJ,EAEV,MAAM09E,QAAmBxQ,GAAW2B,WAAWr4E,EAAOsxF,GAAuBntE,GACvElL,EAAU,IAAIw4E,GAAQvK,GAE5B,OADAjuE,EAAQ49D,WAAavxE,EACd2T,CACT,mBDjjBOpY,gBAA8Bo8H,WAAEA,EAAUC,UAAEA,SAAW/4G,KAAW03G,IAEvE,GADA13G,EAAS,IAAKsB,MAAkBtB,IAC3B84G,IAAeC,EAClB,MAAUt6H,MAAM,mFAElB,GAAIq6H,IAAenjH,EAAKC,SAASkjH,GAC/B,MAAUr6H,MAAM,uDAElB,GAAIs6H,IAAcpjH,EAAKxX,aAAa46H,GAClC,MAAUt6H,MAAM,0DAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IAAIlB,EACJ,GAAIi9H,EAAY,CACd,MAAMvjH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQy3G,EAAY94G,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMK,WACzB,MAAUtW,MAAM,wCAElB5C,EAAQwJ,OAERxJ,EAAQk9H,EAEV,MAAMh2C,QAAmBxQ,GAAW2B,WAAWr4E,EAAO2wF,GAAmBxsE,GACzE,OAAO,IAAI2rE,GAAW5I,EACxB,oBAyDOrmF,gBAA+Bs8H,YAAEA,EAAWC,WAAEA,SAAYj5G,IAC/DA,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQm9H,GAAeC,EAC3B,IAAKp9H,EACH,MAAU4C,MAAM,sFAElB,GAAIu6H,IAAgBrjH,EAAKC,SAASojH,GAChC,MAAUv6H,MAAM,yDAElB,GAAIw6H,IAAetjH,EAAKxX,aAAa86H,GACnC,MAAUx6H,MAAM,4DAElB,GAAIu6H,EAAa,CACf,MAAMzjH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQ23G,EAAah5G,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMK,WACvB,MAAUtW,MAAM,wCAElB5C,EAAQwJ,EAEV,MAAMqpB,EAAO,GACPq0D,QAAmBxQ,GAAW2B,WAAWr4E,EAAO2wF,GAAmBxsE,GACnEk5G,EAAWn2C,EAAWvP,WAAWl3D,EAAMlM,OAAOK,WACpD,GAAwB,IAApByoH,EAASv8H,OACX,MAAU8B,MAAM,8BAElB,IAAK,IAAID,EAAI,EAAGA,EAAI06H,EAASv8H,OAAQ6B,IAAK,CACxC,MAAM86H,EAAav2C,EAAW9lF,MAAMi8H,EAAS16H,GAAI06H,EAAS16H,EAAI,IACxD26H,EAAS,IAAIxtC,GAAW2tC,GAC9B5qG,EAAKtxB,KAAK+7H,GAEZ,OAAOzqG,CACT,kBPrXOhyB,gBAA6B68H,iBAAEA,EAAgBC,gBAAEA,SAAiBx5G,KAAW03G,IAClF13G,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQ09H,GAAoBC,EAChC,IAAK39H,EACH,MAAU4C,MAAM,8FAElB,GAAI86H,IAAqB5jH,EAAKC,SAAS2jH,GACrC,MAAU96H,MAAM,4DAElB,GAAI+6H,IAAoB7jH,EAAKxX,aAAaq7H,GACxC,MAAU/6H,MAAM,+DAElB,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAIw8H,EAAkB,CACpB,MAAMhkH,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQxlB,EAAOmkB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMpE,UACvB,MAAU7R,MAAM,sCAElB5C,EAAQwJ,EAEV,MAAM09E,QAAmBxQ,GAAW2B,WAAWr4E,EAAOw2E,GAAgBryD,GACtE,OAAO,IAAI8iE,GAAUC,EACvB,gBUGOrmF,gBAA2BqY,WAAEA,EAAU2vE,QAAEA,EAAU,GAAE3M,WAAEA,EAAUhlE,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAIhwB,OAAEA,EAAS,iBAAW79B,KAAW03G,IAC1F3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC0kE,EAAUxhD,GAAQwhD,GAClB,MAAMizC,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAuB,IAAnB2nF,EAAQ/nF,OACV,MAAU8B,MAAM,yCAElB,MAAM2B,EAAU,CAAE2U,aAAY2vE,UAAS3M,aAAYhlE,oBAAmB86D,QAEtE,IACE,MAAQ17D,IAAKsnH,EAActuC,sBAAEA,SHE1BzuF,eAAwB0D,EAAS4f,GACtC5f,EAAUs5H,EAASt5H,GACnB,MAAM2U,WAAEA,GAAe3U,EAEvB,IAAK2U,EAAW6xE,YACd,MAAUnoF,MAAM,gCAGlB,GAAIsW,EAAW+jE,UAAU8B,UACvB,MAAUn8E,MAAM,2CAIlB,IADoBsW,EAAWmyE,UAAUltC,OAAM,EAAG8+B,eAAgBA,EAAUI,gBAE1E,MAAUz6E,MAAM,wBAGlB,MAAMo6E,EAAkB9jE,EAAW+jE,UAE9B14E,EAAQgpF,UACXhpF,EAAQgpF,cAAgB5tF,QAAQ2H,IAAI4R,EAAWq0E,QAAQ3lF,KAAI/G,UACzD,MAAMo9E,EAAqBiK,EAAOjL,UAC5BwK,EAAe,CAAEnxE,IAAK0mE,EAAiB73E,KAAM84E,GAC7CmO,QACJC,GAA+BnE,EAAOgE,kBAAmBlP,EAAiBv8D,EAAMhM,UAAU2B,cAAeqxE,EAAc,KAAMtjE,GAC7HrkB,OAAM,MAAS,KACjB,MAAO,CACL08C,KAAM4vC,EAAiBt0E,UAAas0E,EAAiBt0E,SAAS,GAAK2I,EAAM3I,SAASS,SACnF,MAIL,MAAMu4E,EAAsB53E,EAAWq0E,QAAQ3lF,KAAIsgF,GAAUA,EAAOjL,YACpE,GAAI14E,EAAQgpF,QAAQzsF,SAAWgwF,EAAoBhwF,OACjD,MAAU8B,MAAM,6DAGlB2B,EAAQgpF,QAAUhpF,EAAQgpF,QAAQ3lF,KAAIwpF,GAAiBysC,EAASzsC,EAAe7sF,KAE/E,MAAM+R,QAAYu6E,GAAc7T,EAAiB8T,EAAqBvsF,EAAS4f,GACzEmrE,QAA8Bh5E,EAAIsmH,yBAAyBr4H,EAAQytE,KAAM7tD,GAE/E,OADA7N,EAAIq0E,qBAAuB,GACpB,CAAEr0E,MAAKg5E,yBAEd,SAASuuC,EAASt5H,EAASylF,EAAiB,IAK1C,OAJAzlF,EAAQ2S,kBAAoB3S,EAAQ2S,mBAAqB8yE,EAAe9yE,kBACxE3S,EAAQ23E,WAAapiE,EAAKC,SAASxV,EAAQ23E,YAAc33E,EAAQ23E,WAAa8N,EAAe9N,WAC7F33E,EAAQytE,KAAOztE,EAAQytE,MAAQgY,EAAehY,KAEvCztE,EAEX,CGrDiEu5H,CAASv5H,EAAS4f,GAE/E,MAAO,CACLjL,WAAYy9E,GAAainC,EAAgB57E,EAAQ79B,GACjDvS,UAAW+kF,GAAainC,EAAe/tC,WAAY7tC,EAAQ79B,GAC3DmrE,yBAEF,MAAOxuC,GACP,MAAMhnC,EAAK6F,UAAU,6BAA8BmhC,GAEvD,cAoBOjgD,gBAAyByV,IAAEA,EAAGg5E,sBAAEA,EAAqBt3E,oBAAEA,EAAmBg6D,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,EAAS,iBAAW79B,KAAW03G,IACzF3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAM23G,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,IACE,MAAM68H,EAAazuC,QACXh5E,EAAI0nH,2BAA2B1uC,EAAuBtd,EAAM7tD,SAC5D7N,EAAI2nH,OAAOjmH,EAAqBg6D,EAAM7tD,GAE9C,OAAO45G,EAAWhzC,YAAc,CAC9B7xE,WAAYy9E,GAAaonC,EAAY/7E,EAAQ79B,GAC7CvS,UAAW+kF,GAAaonC,EAAWluC,WAAY7tC,EAAQ79B,IACrD,CACFjL,WAAY,KACZtH,UAAW+kF,GAAaonC,EAAY/7E,EAAQ79B,IAE9C,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,qBAAsBmhC,GAE/C,SA6OOjgD,gBAAoBoY,QAAEA,EAAO6xE,YAAEA,EAAW9oC,OAAEA,EAAS,UAASnF,SAAEA,GAAW,EAAK23C,cAAEA,EAAgB,GAAExiB,KAAEA,EAAO,IAAI13D,KAAMgiH,eAAEA,EAAiB,GAAEE,mBAAEA,EAAqB,UAAIr4G,KAAW03G,IAKvL,GAJ0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC4xE,GAAwB98E,GAAU+8E,GAAyBh0C,GAC3D8oC,EAAczjD,GAAQyjD,GAAc0J,EAAgBntD,GAAQmtD,GAAgB8nC,EAAiBj1F,GAAQi1F,GAAiBE,EAAqBn1F,GAAQm1F,GAE/IX,EAAKtsC,YAAa,MAAU3sF,MAAM,2FACtC,QAAmBjC,IAAfk7H,EAAKhjH,MAAqB,MAAUjW,MAAM,iFAC9C,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAI+X,aAAmBy8E,IAA+B,WAAX1zC,EAAqB,MAAUp/C,MAAM,2DAChF,GAAIqW,aAAmBy8E,IAAoB74C,EAAU,MAAUj6C,MAAM,0CAErE,IAAKkoF,GAAsC,IAAvBA,EAAYhqF,OAC9B,MAAU8B,MAAM,4BAGlB,IACE,IAAI6R,EAMJ,GAJEA,EADEooC,QACgB5jC,EAAQilH,aAAapzC,OAAanqF,EAAW6zF,EAAexiB,EAAMsqD,EAAgBE,EAAoBr4G,SAEtGlL,EAAQujC,KAAKsuC,OAAanqF,EAAW6zF,EAAexiB,EAAMsqD,EAAgBE,EAAoBr4G,GAEnG,WAAX69B,EAAqB,OAAOvtC,EAEhC,MAAMoE,EAAmB,YAAXmpC,EAUd,OATAvtC,EAAYoE,EAAQpE,EAAUoE,MAAMsL,GAAU1P,EAAUjT,QACpDq7C,IACFpoC,EAAYuR,EAAqB/M,EAAQ09D,QAAQn1E,SAASX,MAAOqH,EAAUC,WACnExI,QAAQ2H,IAAI,CAChBif,EAAY9R,EAAWtM,GACvBke,EAAiBne,GAAUpI,OAAM,UACjC,KAGCu2F,GAAc5hF,EAAWwE,EAAQ49D,WAAYh+D,EAAQ,OAAS,UACrE,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,wBAAyBmhC,GAElD,wBA8BOjgD,gBAAsBoY,QAAEA,EAAOkyE,iBAAEA,EAAgB+wC,aAAEA,GAAe,EAAKl6E,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAW03G,IAG/I,GAF0C3lC,GAA1C/xE,EAAS,IAAKsB,MAAkBtB,IAChC4xE,GAAwB98E,GAAUkyE,EAAmB9jD,GAAQ8jD,GACzD0wC,EAAKM,WAAY,MAAUv5H,MAAM,iGACrC,MAAMk5H,EAAiBrxH,OAAOooB,KAAKgpG,GAAO,GAAIC,EAAeh7H,OAAS,EAAG,MAAU8B,MAAM,mBAAmBk5H,EAAe56H,KAAK,OAEhI,GAAI+X,aAAmBy8E,IAA+B,WAAX1zC,EAAqB,MAAUp/C,MAAM,iDAChF,GAAIqW,aAAmBy8E,IAAoBjhF,EAAW,MAAU7R,MAAM,6CAEtE,IACE,MAAMzB,EAAS,GAQf,GANEA,EAAOqmF,WADL/yE,QACwBwE,EAAQm8E,eAAe3gF,EAAW02E,EAAkBnZ,EAAM7tD,SAE1DlL,EAAQ8jC,OAAOouC,EAAkBnZ,EAAM7tD,GAEnEhjB,EAAOqI,KAAkB,WAAXw4C,EAAsB/oC,EAAQs6E,iBAAmBt6E,EAAQk5D,UACnEl5D,EAAQ49D,aAAepiE,GAAWiiF,GAAYv1F,EAAQ8X,GACtDijH,EAAc,CAChB,GAAiC,IAA7B/6H,EAAOqmF,WAAW1mF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOqI,KAAOyT,EAAc,CAC1B9b,EAAOqI,KACPmrE,GAAiB9zE,gBACTiZ,EAAKkG,WAAW7e,EAAOqmF,WAAW5/E,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAxxE,EAAOqI,WAAa6sF,GAAcl1F,EAAOqI,KAAMyP,EAAQ49D,WAAY70B,GAC5D7gD,EACP,MAAO2/C,GACP,MAAMhnC,EAAK6F,UAAU,iCAAkCmhC,GAE3D"} \ No newline at end of file +{"version":3,"file":"openpgp.min.js","sources":["../node_modules/@openpgp/web-stream-tools/lib/writer.js","../node_modules/@openpgp/web-stream-tools/lib/util.js","../node_modules/@openpgp/web-stream-tools/lib/reader.js","../node_modules/@openpgp/web-stream-tools/lib/streams.js","../src/enums.js","../src/config/config.js","../src/util.js","../src/encoding/base64.js","../src/encoding/armor.js","../src/crypto/cipher/index.js","../src/crypto/hash/md5.js","../src/crypto/hash/index.js","../node_modules/@noble/ciphers/esm/_assert.js","../node_modules/@noble/ciphers/esm/utils.js","../node_modules/@noble/ciphers/esm/_polyval.js","../node_modules/@noble/ciphers/esm/aes.js","../src/crypto/mode/cfb.js","../src/crypto/cmac.js","../src/crypto/mode/eax.js","../src/crypto/mode/ocb.js","../src/crypto/mode/gcm.js","../src/crypto/mode/index.js","../../../src/crypto/biginteger.ts","../src/crypto/random.js","../../../src/crypto/public_key/prime.ts","../src/crypto/pkcs1.js","../src/crypto/public_key/rsa.js","../src/crypto/public_key/elgamal.js","../node_modules/@openpgp/tweetnacl/cryptoBrowser.js","../node_modules/@openpgp/tweetnacl/nacl-fast.js","../src/type/oid.js","../src/packet/packet.js","../src/crypto/public_key/elliptic/eddsa.js","../src/crypto/aes_kw.js","../src/crypto/hkdf.js","../src/crypto/public_key/elliptic/ecdh_x.js","../src/crypto/public_key/elliptic/oid_curves.js","../src/crypto/public_key/elliptic/ecdsa.js","../src/crypto/public_key/elliptic/eddsa_legacy.js","../src/crypto/pkcs5.js","../src/crypto/public_key/elliptic/ecdh.js","../src/crypto/public_key/dsa.js","../src/crypto/public_key/index.js","../src/crypto/signature.js","../src/type/ecdh_symkey.js","../src/type/kdf_params.js","../src/type/ecdh_x_symkey.js","../src/crypto/crypto.js","../src/crypto/index.js","../src/type/s2k/argon2.js","../src/type/s2k/generic.js","../src/type/s2k/index.js","../node_modules/fflate/esm/browser.js","../src/packet/literal_data.js","../src/type/keyid.js","../src/packet/signature.js","../src/packet/one_pass_signature.js","../src/packet/packetlist.js","../src/packet/compressed_data.js","../src/packet/sym_encrypted_integrity_protected_data.js","../src/packet/aead_encrypted_data.js","../src/packet/public_key_encrypted_session_key.js","../src/packet/sym_encrypted_session_key.js","../src/packet/public_key.js","../src/packet/symmetrically_encrypted_data.js","../src/packet/public_subkey.js","../src/packet/user_attribute.js","../src/packet/secret_key.js","../src/packet/userid.js","../src/packet/secret_subkey.js","../src/signature.js","../src/key/helper.js","../src/key/user.js","../src/key/subkey.js","../src/key/key.js","../src/key/public_key.js","../src/key/private_key.js","../src/key/factory.js","../src/message.js","../src/cleartext.js","../src/openpgp.js","../node_modules/@noble/hashes/esm/_assert.js","../node_modules/@noble/hashes/esm/crypto.js","../node_modules/@noble/hashes/esm/utils.js","../node_modules/@noble/hashes/esm/_md.js","../node_modules/@noble/hashes/esm/sha256.js","../node_modules/@noble/hashes/esm/hmac.js","../node_modules/@noble/curves/esm/abstract/utils.js","../node_modules/@noble/curves/esm/abstract/modular.js","../node_modules/@noble/curves/esm/abstract/curve.js","../node_modules/@noble/curves/esm/abstract/weierstrass.js","../node_modules/@noble/curves/esm/_shortw_utils.js","../node_modules/@noble/curves/esm/p256.js","../node_modules/@noble/hashes/esm/_u64.js","../node_modules/@noble/hashes/esm/sha512.js","../node_modules/@noble/curves/esm/p384.js","../node_modules/@noble/curves/esm/p521.js","../node_modules/@noble/hashes/esm/sha3.js","../node_modules/@noble/curves/esm/abstract/edwards.js","../node_modules/@noble/curves/esm/abstract/montgomery.js","../node_modules/@noble/curves/esm/ed448.js","../node_modules/@noble/curves/esm/secp256k1.js","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP256r1.ts","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP384r1.ts","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP512r1.ts","../src/crypto/public_key/elliptic/noble_curves.js","../src/crypto/cipher/des.js","../src/crypto/cipher/cast5.js","../src/crypto/cipher/twofish.js","../src/crypto/cipher/blowfish.js","../src/crypto/cipher/legacy_ciphers.js","../node_modules/@noble/hashes/esm/sha1.js","../node_modules/@noble/hashes/esm/ripemd160.js","../src/crypto/hash/noble_hashes.js","../node_modules/argon2id/lib/blake2b.js","../node_modules/argon2id/lib/argon2id.js","../node_modules/argon2id/lib/setup.js","../node_modules/argon2id/index.js","../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../node_modules/@openpgp/seek-bzip/lib/stream.js","../node_modules/@openpgp/seek-bzip/lib/crc32.js","../node_modules/@openpgp/seek-bzip/lib/index.js","../src/packet/marker.js","../src/packet/padding.js","../src/packet/trust.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work\n Object.setPrototypeOf(this, ArrayStream.prototype);\n\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","/* eslint-disable no-prototype-builtins */\nimport { isArrayStream } from './writer.js';\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n // try and detect a node native stream without having to import its class\n if (input &&\n !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) &&\n typeof input._read === 'function' && typeof input._readableState === 'object') {\n throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`');\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isUint8Array, isStream, isArrayStream } from './util.js';\nimport * as streams from './streams.js';\n\nconst doneReadingSet = new WeakSet();\n/**\n * The external buffer is used to store values that have been peeked or unshifted from the original stream.\n * Because of how streams are implemented, such values cannot be \"put back\" in the original stream,\n * but they need to be returned first when reading from the input again.\n */\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = () => {};\n return;\n }\n let streamType = isStream(input);\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isStream, isArrayStream, isUint8Array, concatUint8Array } from './util.js';\nimport { Reader, externalBuffer } from './reader.js';\nimport { ArrayStream, Writer } from './writer.js';\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream.\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n }\n lastBytes = returnValue;\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input)) {\n return input.subarray(begin, end === Infinity ? input.length : end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n const cancelled = await input.cancel(reason);\n // the stream is not always cancelled at this point, so we wait some more\n await new Promise(setTimeout);\n return cancelled;\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n\nexport {\n ArrayStream,\n toStream,\n concatStream,\n concat,\n getReader,\n getWriter,\n pipe,\n transformRaw,\n transform,\n transformPair,\n parse,\n clone,\n passiveClone,\n slice,\n readToEnd,\n cancel,\n fromAsync\n};\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'nistP256': 'nistP256',\n /** @deprecated use `nistP256` instead */\n 'p256': 'nistP256',\n\n /** NIST P-384 Curve */\n 'nistP384': 'nistP384',\n /** @deprecated use `nistP384` instead */\n 'p384': 'nistP384',\n\n /** NIST P-521 Curve */\n 'nistP521': 'nistP521',\n /** @deprecated use `nistP521` instead */\n 'p521': 'nistP521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519Legacy',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519Legacy',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519Legacy',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519Legacy',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n argon2: 4,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11,\n sha3_256: 12,\n sha3_512: 14\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n gcm: 3,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n padding: 21\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuerKeyID: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34,\n preferredCipherSuites: 39\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4,\n seipdv2: 8\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha512,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * This option is applicable to:\n * - key generation (encryption key preferences),\n * - password-based message encryption, and\n * - private key encryption.\n * In the case of message encryption using public keys, the encryption key preferences are respected instead.\n * Note: not all OpenPGP implementations are compatible with this option.\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)\n * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,\n * this option must be set, otherwise key parsing and/or key decryption will fail.\n * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys\n * will be processed incorrectly.\n */\n parseAEADEncryptedV4KeysAsLegacy: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.gcm,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use v6 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v6Keys\n */\n v6Keys: false,\n /**\n * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet).\n * These are non-standard entities, which in the crypto-refresh have been superseded\n * by v6 keys and v6 signatures, respectively.\n * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries,\n * hence parsing them might be necessary in some cases.\n */\n enableParsingV5Entities: false,\n /**\n * S2K (String to Key) type, used for key derivation in the context of secret key encryption\n * and password-encrypted data. Weaker s2k options are not allowed.\n * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it\n * (pending standardisation).\n * @memberof module:config\n * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}\n */\n s2kType: enums.s2k.iterated,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:\n * Iteration Count Byte for Iterated and Salted S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.\n * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:\n * Argon2 parameters for S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.\n * Default settings correspond to the second recommendation from RFC9106 (\"uniformly safe option\"),\n * to ensure compatibility with memory-constrained environments.\n * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.\n * @memberof module:config\n * @property {Object} params\n * @property {Integer} params.passes - number of iterations t\n * @property {Integer} params.parallelism - degree of parallelism p\n * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.\n */\n s2kArgon2Params: {\n passes: 3,\n parallelism: 4, // lanes\n memoryExponent: 16 // 64 MiB of RAM\n },\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:\n * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL\n * (see https://efail.de/).\n * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.\n *\n * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n /**\n * Allow using keys that do not have any key flags set.\n * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages\n * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).\n * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.\n * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.\n */\n allowMissingKeyFlags: false,\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design).\n * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur\n * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of\n * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.\n * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases.\n */\n nonDeterministicSignaturesViaNotation: true,\n /**\n * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * @memberof module:config\n * @property {Boolean} useEllipticFallback\n */\n useEllipticFallback: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { createRequire } from 'module'; // Must be stripped in browser built\nimport enums from './enums';\nimport defaultConfig from './config';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n nodeRequire: createRequire(import.meta.url),\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n /**\n * Load noble-curves lib on demand and return the requested curve function\n * @param {enums.publicKey} publicKeyAlgo\n * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA)\n * @returns curve implementation\n * @throws on unrecognized curve, or curve not implemented by noble-curve\n */\n getNobleCurve: async (publicKeyAlgo, curveName) => {\n if (!defaultConfig.useEllipticFallback) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n\n const { nobleCurves } = await import('./crypto/public_key/elliptic/noble_curves');\n switch (publicKeyAlgo) {\n case enums.publicKey.ecdh:\n case enums.publicKey.ecdsa: {\n const curve = nobleCurves.get(curveName);\n if (!curve) throw new Error('Unsupported curve');\n return curve;\n }\n case enums.publicKey.x448:\n return nobleCurves.get('x448');\n case enums.publicKey.ed448:\n return nobleCurves.get('ed448');\n default:\n throw new Error('Unsupported curve');\n }\n },\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures,\n // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed\n // has not been authenticated (yet).\n // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues.\n // Also, AEAD is also not affected.\n return util.readExactSubarray(bytes, 2, 2 + bytelen);\n },\n\n /**\n * Read exactly `end - start` bytes from input.\n * This is a stricter version of `.subarray`.\n * @param {Uint8Array} input - Input data to parse\n * @returns {Uint8Array} subarray of size always equal to `end - start`\n * @throws if the input array is too short.\n */\n readExactSubarray: function (input, start, end) {\n if (input.length < (end - start)) {\n throw new Error('Input array too short');\n }\n return input.subarray(start, end);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n if (bytes.length > length) {\n throw new Error('Input array too long');\n }\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const hexAlphabet = '0123456789abcdef';\n let s = '';\n bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; });\n return s;\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography API.\n * @returns {Object} The SubtleCrypto API\n * @throws if the API is not available\n */\n getWebCrypto: function() {\n const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n // Fallback for Node 16, which does not expose WebCrypto as a global\n const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle;\n if (!webCrypto) {\n throw new Error('The WebCrypto API is not available');\n }\n return webCrypto;\n },\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return this.nodeRequire('crypto');\n },\n\n getNodeZlib: function() {\n return this.nodeRequire('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (this.nodeRequire('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = this.nodeRequire('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n /**\n * Test email format to ensure basic compliance:\n * - must include a single @\n * - no control or space unicode chars allowed\n * - no backslash and square brackets (as the latter can mess with the userID parsing)\n * - cannot end with a punctuation char\n * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation,\n * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)).\n */\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^[^\\p{C}\\p{Z}@<>\\\\]+@[^\\p{C}\\p{Z}@<>\\\\]+[^\\p{C}\\p{Z}\\p{P}]$/u;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n }\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n }\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n }\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n }\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n }\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n }\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Remove the (optional) checksum from an armored message.\n * @param {String} text - OpenPGP armored message\n * @returns {String} The body of the armored message.\n * @private\n */\nfunction removeChecksum(text) {\n let body = text;\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n }\n\n return body;\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n const data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== enums.armor.signed) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === enums.armor.signed) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const body = removeChecksum(parts[0].slice(0, -1));\n await writer.write(body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum\n * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug\n // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)\n const maybeBodyClone = emitChecksum && stream.passiveClone(body);\n\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push(hash ? `Hash: ${hash}\\n\\n` : '\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","import enums from '../../enums';\n\nexport async function getLegacyCipher(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n throw new Error('Not a legacy cipher');\n case enums.symmetric.cast5:\n case enums.symmetric.blowfish:\n case enums.symmetric.twofish:\n case enums.symmetric.tripledes: {\n const { legacyCiphers } = await import('./legacy_ciphers');\n const cipher = legacyCiphers.get(algo);\n if (!cipher) {\n throw new Error('Unsupported cipher algorithm');\n }\n return cipher;\n }\n default:\n throw new Error('Unsupported cipher algorithm');\n }\n}\n\n/**\n * Get block size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherBlockSize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 16;\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n case enums.symmetric.tripledes:\n return 8;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherKeySize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n return 16;\n case enums.symmetric.aes192:\n case enums.symmetric.tripledes:\n return 24;\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 32;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get block and key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nexport function getCipherParams(algo) {\n return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) };\n}\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction nobleHash(nobleHashName, webCryptoHashName) {\n const getNobleHash = async () => {\n const { nobleHashes } = await import('./noble_hashes');\n const hash = nobleHashes.get(nobleHashName);\n if (!hash) throw new Error('Unsupported hash');\n return hash;\n };\n\n return async function(data) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hash = await getNobleHash();\n\n const hashInstance = hash.create();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => hashInstance.digest());\n } else if (webCrypto && webCryptoHashName) {\n return new Uint8Array(await webCrypto.digest(webCryptoHashName, data));\n } else {\n const hash = await getNobleHash();\n\n return hash(data);\n }\n };\n}\n\nexport default {\n\n /** @see module:md5 */\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),\n sha224: nodeHash('sha224') || nobleHash('sha224'),\n sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),\n sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),\n sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),\n ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),\n sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),\n sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n case enums.hash.sha3_256:\n return this.sha3_256(data);\n case enums.hash.sha3_512:\n return this.sha3_512(data);\n default:\n throw new Error('Unsupported hash function');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n case enums.hash.sha3_256:\n return 32;\n case enums.hash.sha3_512:\n return 64;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(hash) {\n if (typeof hash !== 'function' || typeof hash.create !== 'function')\n throw new Error('hash must be wrapped by utils.wrapConstructor');\n number(hash.outputLen);\n number(hash.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\nimport { bytes as abytes, isBytes } from './_assert.js';\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u16 = (arr) => new Uint16Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 2));\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// big-endian hardware is rare. Just in case someone still decides to run ciphers:\n// early-throw an error because we don't support BE yet.\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\nif (!isLE)\n throw new Error('Non little-endian hardware is not supported');\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`string expected, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n else if (isBytes(data))\n data = copyBytes(data);\n else\n throw new Error(`Uint8Array expected, got ${typeof data}`);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n// For runtime check if class implements interface\nexport class Hash {\n}\n/**\n * @__NO_SIDE_EFFECTS__\n */\nexport const wrapCipher = (params, c) => {\n Object.assign(c, params);\n return c;\n};\n// Polyfill for Safari 14\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\nexport function u64Lengths(ciphertext, AAD) {\n const num = new Uint8Array(16);\n const view = createView(num);\n setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);\n setBigUint64(view, 8, BigInt(ciphertext.length), true);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n//# sourceMappingURL=utils.js.map","import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';\nimport { clean, copyBytes, createView, toBytes, u32 } from './utils.js';\n// GHash from AES-GCM and its little-endian \"mirror image\" Polyval from AES-SIV.\n// Implemented in terms of GHash with conversion function for keys\n// GCM GHASH from NIST SP800-38d, SIV from RFC 8452.\n// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf\n// GHASH modulo: x^128 + x^7 + x^2 + x + 1\n// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1\nconst BLOCK_SIZE = 16;\n// TODO: rewrite\n// temporary padding buffer\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\nconst ZEROS32 = u32(ZEROS16);\nconst POLY = 0xe1; // v = 2*v % POLY\n// v = 2*v % POLY\n// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x\n// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor)\nconst mul2 = (s0, s1, s2, s3) => {\n const hiBit = s3 & 1;\n return {\n s3: (s2 << 31) | (s3 >>> 1),\n s2: (s1 << 31) | (s2 >>> 1),\n s1: (s0 << 31) | (s1 >>> 1),\n s0: (s0 >>> 1) ^ ((POLY << 24) & -(hiBit & 1)), // reduce % poly\n };\n};\nconst swapLE = (n) => (((n >>> 0) & 0xff) << 24) |\n (((n >>> 8) & 0xff) << 16) |\n (((n >>> 16) & 0xff) << 8) |\n ((n >>> 24) & 0xff) |\n 0;\n/**\n * `mulX_POLYVAL(ByteReverse(H))` from spec\n * @param k mutated in place\n */\nexport function _toGHASHKey(k) {\n k.reverse();\n const hiBit = k[15] & 1;\n // k >>= 1\n let carry = 0;\n for (let i = 0; i < k.length; i++) {\n const t = k[i];\n k[i] = (t >>> 1) | carry;\n carry = (t & 1) << 7;\n }\n k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000;\n return k;\n}\nconst estimateWindow = (bytes) => {\n if (bytes > 64 * 1024)\n return 8;\n if (bytes > 1024)\n return 4;\n return 2;\n};\nclass GHASH {\n // We select bits per window adaptively based on expectedLength\n constructor(key, expectedLength) {\n this.blockLen = BLOCK_SIZE;\n this.outputLen = BLOCK_SIZE;\n this.s0 = 0;\n this.s1 = 0;\n this.s2 = 0;\n this.s3 = 0;\n this.finished = false;\n key = toBytes(key);\n abytes(key, 16);\n const kView = createView(key);\n let k0 = kView.getUint32(0, false);\n let k1 = kView.getUint32(4, false);\n let k2 = kView.getUint32(8, false);\n let k3 = kView.getUint32(12, false);\n // generate table of doubled keys (half of montgomery ladder)\n const doubles = [];\n for (let i = 0; i < 128; i++) {\n doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });\n ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));\n }\n const W = estimateWindow(expectedLength || 1024);\n if (![1, 2, 4, 8].includes(W))\n throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);\n this.W = W;\n const bits = 128; // always 128 bits;\n const windows = bits / W;\n const windowSize = (this.windowSize = 2 ** W);\n const items = [];\n // Create precompute table for window of W bits\n for (let w = 0; w < windows; w++) {\n // truth table: 00, 01, 10, 11\n for (let byte = 0; byte < windowSize; byte++) {\n // prettier-ignore\n let s0 = 0, s1 = 0, s2 = 0, s3 = 0;\n for (let j = 0; j < W; j++) {\n const bit = (byte >>> (W - j - 1)) & 1;\n if (!bit)\n continue;\n const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];\n (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3);\n }\n items.push({ s0, s1, s2, s3 });\n }\n }\n this.t = items;\n }\n _updateBlock(s0, s1, s2, s3) {\n (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3);\n const { W, t, windowSize } = this;\n // prettier-ignore\n let o0 = 0, o1 = 0, o2 = 0, o3 = 0;\n const mask = (1 << W) - 1; // 2**W will kill performance.\n let w = 0;\n for (const num of [s0, s1, s2, s3]) {\n for (let bytePos = 0; bytePos < 4; bytePos++) {\n const byte = (num >>> (8 * bytePos)) & 0xff;\n for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {\n const bit = (byte >>> (W * bitPos)) & mask;\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];\n (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3);\n w += 1;\n }\n }\n }\n this.s0 = o0;\n this.s1 = o1;\n this.s2 = o2;\n this.s3 = o3;\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n const left = data.length % BLOCK_SIZE;\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);\n clean(ZEROS32); // clean tmp buffer\n }\n return this;\n }\n destroy() {\n const { t } = this;\n // clean precompute table\n for (const elm of t) {\n (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0);\n }\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out;\n }\n digest() {\n const res = new Uint8Array(BLOCK_SIZE);\n this.digestInto(res);\n this.destroy();\n return res;\n }\n}\nclass Polyval extends GHASH {\n constructor(key, expectedLength) {\n key = toBytes(key);\n const ghKey = _toGHASHKey(copyBytes(key));\n super(ghKey, expectedLength);\n clean(ghKey);\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const left = data.length % BLOCK_SIZE;\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));\n clean(ZEROS32);\n }\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // tmp ugly hack\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out.reverse();\n }\n}\nfunction wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest();\n const tmp = hashCons(new Uint8Array(16), 0);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key, expectedLength) => hashCons(key, expectedLength);\n return hashC;\n}\nexport const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));\nexport const polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));\n//# sourceMappingURL=_polyval.js.map","// prettier-ignore\nimport { bytes as abytes } from './_assert.js';\nimport { ghash, polyval } from './_polyval.js';\nimport { clean, concatBytes, copyBytes, createView, equalBytes, isAligned32, setBigUint64, u32, u8, wrapCipher, } from './utils.js';\n/*\nAES (Advanced Encryption Standard) aka Rijndael block cipher.\n\nData is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round:\n1. **S-box**, table substitution\n2. **Shift rows**, cyclic shift left of all rows of data array\n3. **Mix columns**, multiplying every column by fixed polynomial\n4. **Add round key**, round_key xor i-th column of array\n\nResources:\n- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf\n- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf\n*/\nconst BLOCK_SIZE = 16;\nconst BLOCK_SIZE32 = 4;\nconst EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE);\nconst POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8\n// TODO: remove multiplication, binary ops only\nfunction mul2(n) {\n return (n << 1) ^ (POLY & -(n >> 7));\n}\nfunction mul(a, b) {\n let res = 0;\n for (; b > 0; b >>= 1) {\n // Montgomery ladder\n res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time).\n a = mul2(a); // a = 2*a\n }\n return res;\n}\n// AES S-box is generated using finite field inversion,\n// an affine transform, and xor of a constant 0x63.\nconst sbox = /* @__PURE__ */ (() => {\n const t = new Uint8Array(256);\n for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x))\n t[i] = x;\n const box = new Uint8Array(256);\n box[0] = 0x63; // first elm\n for (let i = 0; i < 255; i++) {\n let x = t[255 - i];\n x |= x << 8;\n box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff;\n }\n clean(t);\n return box;\n})();\n// Inverted S-box\nconst invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));\n// Rotate u32 by 8\nconst rotr32_8 = (n) => (n << 24) | (n >>> 8);\nconst rotl32_8 = (n) => (n << 8) | (n >>> 24);\n// The byte swap operation for uint32 (LE<->BE)\nconst byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes:\n// - LE instead of BE\n// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23;\n// so index is u16, instead of u8. This speeds up things, unexpectedly\nfunction genTtable(sbox, fn) {\n if (sbox.length !== 256)\n throw new Error('Wrong sbox length');\n const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j]));\n const T1 = T0.map(rotl32_8);\n const T2 = T1.map(rotl32_8);\n const T3 = T2.map(rotl32_8);\n const T01 = new Uint32Array(256 * 256);\n const T23 = new Uint32Array(256 * 256);\n const sbox2 = new Uint16Array(256 * 256);\n for (let i = 0; i < 256; i++) {\n for (let j = 0; j < 256; j++) {\n const idx = i * 256 + j;\n T01[idx] = T0[i] ^ T1[j];\n T23[idx] = T2[i] ^ T3[j];\n sbox2[idx] = (sbox[i] << 8) | sbox[j];\n }\n }\n return { sbox, sbox2, T0, T1, T2, T3, T01, T23 };\n}\nconst tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2));\nconst tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14));\nconst xPowers = /* @__PURE__ */ (() => {\n const p = new Uint8Array(16);\n for (let i = 0, x = 1; i < 16; i++, x = mul2(x))\n p[i] = x;\n return p;\n})();\nexport function expandKeyLE(key) {\n abytes(key);\n const len = key.length;\n if (![16, 24, 32].includes(len))\n throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);\n const { sbox2 } = tableEncoding;\n const toClean = [];\n if (!isAligned32(key))\n toClean.push((key = copyBytes(key)));\n const k32 = u32(key);\n const Nk = k32.length;\n const subByte = (n) => applySbox(sbox2, n, n, n, n);\n const xk = new Uint32Array(len + 28); // expanded key\n xk.set(k32);\n // 4.3.1 Key expansion\n for (let i = Nk; i < xk.length; i++) {\n let t = xk[i - 1];\n if (i % Nk === 0)\n t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1];\n else if (Nk > 6 && i % Nk === 4)\n t = subByte(t);\n xk[i] = xk[i - Nk] ^ t;\n }\n clean(...toClean);\n return xk;\n}\nexport function expandKeyDecLE(key) {\n const encKey = expandKeyLE(key);\n const xk = encKey.slice();\n const Nk = encKey.length;\n const { sbox2 } = tableEncoding;\n const { T0, T1, T2, T3 } = tableDecoding;\n // Inverse key by chunks of 4 (rounds)\n for (let i = 0; i < Nk; i += 4) {\n for (let j = 0; j < 4; j++)\n xk[i + j] = encKey[Nk - i - 4 + j];\n }\n clean(encKey);\n // apply InvMixColumn except first & last round\n for (let i = 4; i < Nk - 4; i++) {\n const x = xk[i];\n const w = applySbox(sbox2, x, x, x, x);\n xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24];\n }\n return xk;\n}\n// Apply tables\nfunction apply0123(T01, T23, s0, s1, s2, s3) {\n return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^\n T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]);\n}\nfunction applySbox(sbox2, s0, s1, s2, s3) {\n return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] |\n (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16));\n}\nfunction encrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableEncoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // last round (without mixcolumns, so using SBOX2 table)\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\n// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different\nfunction decrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableDecoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // Last round\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\nfunction getDst(len, dst) {\n if (dst === undefined)\n return new Uint8Array(len);\n abytes(dst);\n if (dst.length < len)\n throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);\n if (!isAligned32(dst))\n throw new Error('unaligned dst');\n return dst;\n}\n// TODO: investigate merging with ctr32\nfunction ctrCounter(xk, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const ctr = nonce;\n const c32 = u32(ctr);\n // Fill block (empty, ctr=0)\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n const src32 = u32(src);\n const dst32 = u32(dst);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n // Full 128 bit counter with wrap around\n let carry = 1;\n for (let i = ctr.length - 1; i >= 0; i--) {\n carry = (carry + (ctr[i] & 0xff)) | 0;\n ctr[i] = carry & 0xff;\n carry >>>= 8;\n }\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than block)\n // It's possible to handle > u32 fast, but is it worth it?\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n// AES CTR with overflowing 32 bit counter\n// It's possible to do 32le significantly simpler (and probably faster) by using u32.\n// But, we need both, and perf bottleneck is in ghash anyway.\nfunction ctr32(xk, isLE, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n dst = getDst(src.length, dst);\n const ctr = nonce; // write new value to nonce, so it can be re-used\n const c32 = u32(ctr);\n const view = createView(ctr);\n const src32 = u32(src);\n const dst32 = u32(dst);\n const ctrPos = isLE ? 0 : 12;\n const srcLen = src.length;\n // Fill block (empty, ctr=0)\n let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n ctrNum = (ctrNum + 1) >>> 0; // u32 wrap\n view.setUint32(ctrPos, ctrNum, isLE);\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than a block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n/**\n * CTR: counter mode. Creates stream cipher.\n * Requires good IV. Parallelizable. OK, but no MAC.\n */\nexport const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) {\n abytes(key);\n abytes(nonce, BLOCK_SIZE);\n function processCtr(buf, dst) {\n abytes(buf);\n if (dst !== undefined) {\n abytes(dst);\n if (!isAligned32(dst))\n throw new Error('unaligned destination');\n }\n const xk = expandKeyLE(key);\n const n = copyBytes(nonce); // align + avoid changing\n const toClean = [xk, n];\n if (!isAligned32(buf))\n toClean.push((buf = copyBytes(buf)));\n const out = ctrCounter(xk, n, buf, dst);\n clean(...toClean);\n return out;\n }\n return {\n encrypt: (plaintext, dst) => processCtr(plaintext, dst),\n decrypt: (ciphertext, dst) => processCtr(ciphertext, dst),\n };\n});\nfunction validateBlockDecrypt(data) {\n abytes(data);\n if (data.length % BLOCK_SIZE !== 0) {\n throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`);\n }\n}\nfunction validateBlockEncrypt(plaintext, pcks5, dst) {\n abytes(plaintext);\n let outLen = plaintext.length;\n const remaining = outLen % BLOCK_SIZE;\n if (!pcks5 && remaining !== 0)\n throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding');\n if (!isAligned32(plaintext))\n plaintext = copyBytes(plaintext);\n const b = u32(plaintext);\n if (pcks5) {\n let left = BLOCK_SIZE - remaining;\n if (!left)\n left = BLOCK_SIZE; // if no bytes left, create empty padding block\n outLen = outLen + left;\n }\n const out = getDst(outLen, dst);\n const o = u32(out);\n return { b, o, out };\n}\nfunction validatePCKS(data, pcks5) {\n if (!pcks5)\n return data;\n const len = data.length;\n if (!len)\n throw new Error('aes/pcks5: empty ciphertext not allowed');\n const lastByte = data[len - 1];\n if (lastByte <= 0 || lastByte > 16)\n throw new Error('aes/pcks5: wrong padding');\n const out = data.subarray(0, -lastByte);\n for (let i = 0; i < lastByte; i++)\n if (data[len - i - 1] !== lastByte)\n throw new Error('aes/pcks5: wrong padding');\n return out;\n}\nfunction padPCKS(left) {\n const tmp = new Uint8Array(16);\n const tmp32 = u32(tmp);\n tmp.set(left);\n const paddingByte = BLOCK_SIZE - left.length;\n for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++)\n tmp[i] = paddingByte;\n return tmp32;\n}\n/**\n * ECB: Electronic CodeBook. Simple deterministic replacement.\n * Dangerous: always map x to y. See [AES Penguin](https://words.filippo.io/the-ecb-penguin/).\n */\nexport const ecb = wrapCipher({ blockSize: 16 }, function ecb(key, opts = {}) {\n abytes(key);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n const xk = expandKeyLE(key);\n let i = 0;\n for (; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = encrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(xk);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n const out = getDst(ciphertext.length, dst);\n const toClean = [xk];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n for (let i = 0; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = decrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CBC: Cipher-Block-Chaining. Key is previous round’s block.\n * Fragile: needs proper padding. Unauthenticated: needs MAC.\n */\nexport const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) {\n abytes(key);\n abytes(iv, 16);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const xk = expandKeyLE(key);\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n let i = 0;\n for (; i + 4 <= b.length;) {\n (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n const out = getDst(ciphertext.length, dst);\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= b.length;) {\n // prettier-ignore\n const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;\n (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]);\n const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);\n (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output.\n * Unauthenticated: needs MAC.\n */\nexport const cfb = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) {\n abytes(key);\n abytes(iv, 16);\n function processCfb(src, isEncrypt, dst) {\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const xk = expandKeyLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n if (!isAligned32(src))\n toClean.push((src = copyBytes(src)));\n const src32 = u32(src);\n const dst32 = u32(dst);\n const next32 = isEncrypt ? dst32 : src32;\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= src32.length;) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt(xk, s0, s1, s2, s3);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]);\n }\n // leftovers (less than block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n const buf = u8(new Uint32Array([s0, s1, s2, s3]));\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(buf);\n }\n clean(...toClean);\n return dst;\n }\n return {\n encrypt: (plaintext, dst) => processCfb(plaintext, true, dst),\n decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst),\n };\n});\n// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen\nfunction computeTag(fn, isLE, key, data, AAD) {\n const aadLength = AAD == null ? 0 : AAD.length;\n const h = fn.create(key, data.length + aadLength);\n if (AAD)\n h.update(AAD);\n h.update(data);\n const num = new Uint8Array(16);\n const view = createView(num);\n if (AAD)\n setBigUint64(view, 0, BigInt(aadLength * 8), isLE);\n setBigUint64(view, 8, BigInt(data.length * 8), isLE);\n h.update(num);\n const res = h.digest();\n clean(num);\n return res;\n}\n/**\n * GCM: Galois/Counter Mode.\n * Modern, parallel version of CTR, with MAC.\n * Be careful: MACs can be forged.\n * Unsafe to use random nonces under the same key, due to collision chance.\n * As for nonce size, prefer 12-byte, instead of 8-byte.\n */\nexport const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) {\n abytes(key);\n abytes(nonce);\n if (AAD !== undefined)\n abytes(AAD);\n // NIST 800-38d doesn't enforce minimum nonce length.\n // We enforce 8 bytes for compat with openssl.\n // 12 bytes are recommended. More than 12 bytes would be converted into 12.\n if (nonce.length < 8)\n throw new Error('aes/gcm: invalid nonce length');\n const tagLength = 16;\n function _computeTag(authKey, tagMask, data) {\n const tag = computeTag(ghash, false, authKey, data, AAD);\n for (let i = 0; i < tagMask.length; i++)\n tag[i] ^= tagMask[i];\n return tag;\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const authKey = EMPTY_BLOCK.slice();\n const counter = EMPTY_BLOCK.slice();\n ctr32(xk, false, counter, counter, authKey);\n // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces\n if (nonce.length === 12) {\n counter.set(nonce);\n }\n else {\n const nonceLen = EMPTY_BLOCK.slice();\n const view = createView(nonceLen);\n setBigUint64(view, 8, BigInt(nonce.length * 8), false);\n // ghash(nonce || u64be(0) || u64be(nonceLen*8))\n const g = ghash.create(authKey).update(nonce).update(nonceLen);\n g.digestInto(counter); // digestInto doesn't trigger '.destroy'\n g.destroy();\n }\n const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);\n return { xk, authKey, counter, tagMask };\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const out = new Uint8Array(plaintext.length + tagLength);\n const toClean = [xk, authKey, counter, tagMask];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n ctr32(xk, false, counter, plaintext, out);\n const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));\n toClean.push(tag);\n out.set(tag, plaintext.length);\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n if (ciphertext.length < tagLength)\n throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const toClean = [xk, authKey, tagMask, counter];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = _computeTag(authKey, tagMask, data);\n toClean.push(tag);\n if (!equalBytes(tag, passedTag))\n throw new Error('aes/gcm: invalid ghash tag');\n const out = ctr32(xk, false, counter, data);\n clean(...toClean);\n return out;\n },\n };\n});\nconst limit = (name, min, max) => (value) => {\n if (!Number.isSafeInteger(value) || min > value || value > max)\n throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);\n};\n/**\n * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.\n * Guarantees that, when a nonce is repeated, the only security loss is that identical\n * plaintexts will produce identical ciphertexts.\n * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452\n */\nexport const siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv(key, nonce, AAD) {\n const tagLength = 16;\n // From RFC 8452: Section 6\n const AAD_LIMIT = limit('AAD', 0, 2 ** 36);\n const PLAIN_LIMIT = limit('plaintext', 0, 2 ** 36);\n const NONCE_LIMIT = limit('nonce', 12, 12);\n const CIPHER_LIMIT = limit('ciphertext', 16, 2 ** 36 + 16);\n abytes(key, 16, 24, 32);\n abytes(nonce);\n NONCE_LIMIT(nonce.length);\n if (AAD !== undefined) {\n abytes(AAD);\n AAD_LIMIT(AAD.length);\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const encKey = new Uint8Array(key.length);\n const authKey = new Uint8Array(16);\n const toClean = [xk, encKey];\n let _nonce = nonce;\n if (!isAligned32(_nonce))\n toClean.push((_nonce = copyBytes(_nonce)));\n const n32 = u32(_nonce);\n // prettier-ignore\n let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];\n let counter = 0;\n for (const derivedKey of [authKey, encKey].map(u32)) {\n const d32 = u32(derivedKey);\n for (let i = 0; i < d32.length; i += 2) {\n // aes(u32le(0) || nonce)[:8] || aes(u32le(1) || nonce)[:8] ...\n const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);\n d32[i + 0] = o0;\n d32[i + 1] = o1;\n s0 = ++counter; // increment counter inside state\n }\n }\n const res = { authKey, encKey: expandKeyLE(encKey) };\n // Cleanup\n clean(...toClean);\n return res;\n }\n function _computeTag(encKey, authKey, data) {\n const tag = computeTag(polyval, true, authKey, data, AAD);\n // Compute the expected tag by XORing S_s and the nonce, clearing the\n // most significant bit of the last byte and encrypting with the\n // message-encryption key.\n for (let i = 0; i < 12; i++)\n tag[i] ^= nonce[i];\n tag[15] &= 0x7f; // Clear the highest bit\n // encrypt tag as block\n const t32 = u32(tag);\n // prettier-ignore\n let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];\n ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));\n (t32[0] = s0), (t32[1] = s1), (t32[2] = s2), (t32[3] = s3);\n return tag;\n }\n // actual decrypt/encrypt of message.\n function processSiv(encKey, tag, input) {\n let block = copyBytes(tag);\n block[15] |= 0x80; // Force highest bit\n const res = ctr32(encKey, true, block, input);\n // Cleanup\n clean(block);\n return res;\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n PLAIN_LIMIT(plaintext.length);\n const { encKey, authKey } = deriveKeys();\n const tag = _computeTag(encKey, authKey, plaintext);\n const toClean = [encKey, authKey, tag];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n const out = new Uint8Array(plaintext.length + tagLength);\n out.set(tag, plaintext.length);\n out.set(processSiv(encKey, tag, plaintext));\n // Cleanup\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n CIPHER_LIMIT(ciphertext.length);\n const tag = ciphertext.subarray(-tagLength);\n const { encKey, authKey } = deriveKeys();\n const toClean = [encKey, authKey];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));\n const expectedTag = _computeTag(encKey, authKey, plaintext);\n toClean.push(expectedTag);\n if (!equalBytes(tag, expectedTag)) {\n clean(...toClean);\n throw new Error('invalid polyval tag');\n }\n // Cleanup\n clean(...toClean);\n return plaintext;\n },\n };\n});\nfunction isBytes32(a) {\n return (a != null &&\n typeof a === 'object' &&\n (a instanceof Uint32Array || a.constructor.name === 'Uint32Array'));\n}\nfunction encryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_encryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = encrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\nfunction decryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_decryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = decrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\n/**\n * AES-W (base for AESKW/AESKWP).\n * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf),\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/).\n */\nconst AESW = {\n /*\n High-level pseudocode:\n ```\n A: u64 = IV\n out = []\n for (let i=0, ctr = 0; i<6; i++) {\n for (const chunk of chunks(plaintext, 8)) {\n A ^= swapEndianess(ctr++)\n [A, res] = chunks(encrypt(A || chunk), 8);\n out ||= res\n }\n }\n out = A || out\n ```\n Decrypt is the same, but reversed.\n */\n encrypt(kek, out) {\n // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints.\n // If you need it larger, open an issue.\n if (out.length >= 2 ** 32)\n throw new Error('plaintext should be less than 4gb');\n const xk = expandKeyLE(kek);\n if (out.length === 16)\n encryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = 1; j < 6; j++) {\n for (let pos = 2; pos < o32.length; pos += 2, ctr++) {\n const { s0, s1, s2, s3 } = encrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n // A = MSB(64, B) ^ t where t = (n*j)+i\n (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1); // out = A || out\n }\n xk.fill(0);\n },\n decrypt(kek, out) {\n if (out.length - 8 >= 2 ** 32)\n throw new Error('ciphertext should be less than 4gb');\n const xk = expandKeyDecLE(kek);\n const chunks = out.length / 8 - 1; // first chunk is IV\n if (chunks === 1)\n decryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = chunks * 6; j < 6; j++) {\n for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) {\n a1 ^= byteSwap(ctr);\n const { s0, s1, s2, s3 } = decrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1);\n }\n xk.fill(0);\n },\n};\nconst AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6\n/**\n * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times.\n * Reduces block size from 16 to 8 bytes.\n * For padded version, use aeskwp.\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf).\n */\nexport const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length || plaintext.length % 8 !== 0)\n throw new Error('invalid plaintext length');\n if (plaintext.length === 8)\n throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead');\n const out = concatBytes(AESKW_IV, plaintext);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // ciphertext must be at least 24 bytes and a multiple of 8 bytes\n // 24 because should have at least two block (1 iv + 2).\n // Replace with 16 to enable '8-byte keys'\n if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n AESW.decrypt(kek, out);\n if (!equalBytes(out.subarray(0, 8), AESKW_IV))\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8);\n },\n}));\n/*\nWe don't support 8-byte keys. The rabbit hole:\n\n- Wycheproof says: \"NIST SP 800-38F does not define the wrapping of 8 byte keys.\n RFC 3394 Section 2 on the other hand specifies that 8 byte keys are wrapped\n by directly encrypting one block with AES.\"\n - https://github.com/C2SP/wycheproof/blob/master/doc/key_wrap.md\n - \"RFC 3394 specifies in Section 2, that the input for the key wrap\n algorithm must be at least two blocks and otherwise the constant\n field and key are simply encrypted with ECB as a single block\"\n- What RFC 3394 actually says (in Section 2):\n - \"Before being wrapped, the key data is parsed into n blocks of 64 bits.\n The only restriction the key wrap algorithm places on n is that n be\n at least two\"\n - \"For key data with length less than or equal to 64 bits, the constant\n field used in this specification and the key data form a single\n 128-bit codebook input making this key wrap unnecessary.\"\n- Which means \"assert(n >= 2)\" and \"use something else for 8 byte keys\"\n- NIST SP800-38F actually prohibits 8-byte in \"5.3.1 Mandatory Limits\".\n It states that plaintext for KW should be \"2 to 2^54 -1 semiblocks\".\n- So, where does \"directly encrypt single block with AES\" come from?\n - Not RFC 3394. Pseudocode of key wrap in 2.2 explicitly uses\n loop of 6 for any code path\n - There is a weird W3C spec:\n https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#kw-aes128\n - This spec is outdated, as admitted by Wycheproof authors\n - There is RFC 5649 for padded key wrap, which is padding construction on\n top of AESKW. In '4.1.2' it says: \"If the padded plaintext contains exactly\n eight octets, then prepend the AIV as defined in Section 3 above to P[1] and\n encrypt the resulting 128-bit block using AES in ECB mode [Modes] with key\n K (the KEK). In this case, the output is two 64-bit blocks C[0] and C[1]:\"\n - Browser subtle crypto is actually crashes on wrapping keys less than 16 bytes:\n `Error: error:1C8000E6:Provider routines::invalid input length] { opensslErrorStack: [ 'error:030000BD:digital envelope routines::update error' ]`\n\nIn the end, seems like a bug in Wycheproof.\nThe 8-byte check can be easily disabled inside of AES_W.\n*/\nconst AESKWP_IV = 0xa65959a6; // single u32le value\n/**\n * AES-KW, but with padding and allows random keys.\n * Second u32 of IV is used as counter for length.\n * [RFC 5649](https://www.rfc-editor.org/rfc/rfc5649)\n */\nexport const aeskwp = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length)\n throw new Error('invalid plaintext length');\n const padded = Math.ceil(plaintext.length / 8) * 8;\n const out = new Uint8Array(8 + padded);\n out.set(plaintext, 8);\n const out32 = u32(out);\n out32[0] = AESKWP_IV;\n out32[1] = byteSwap(plaintext.length);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // 16 because should have at least one block\n if (ciphertext.length < 16)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n const o32 = u32(out);\n AESW.decrypt(kek, out);\n const len = byteSwap(o32[1]) >>> 0;\n const padded = Math.ceil(len / 8) * 8;\n if (o32[0] !== AESKWP_IV || out.length - 8 !== padded)\n throw new Error('integrity check failed');\n for (let i = len; i < padded; i++)\n if (out[8 + i] !== 0)\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8, 8 + len);\n },\n}));\n// Private, unsafe low-level methods. Can change at any time.\nexport const unsafe = {\n expandKeyLE,\n expandKeyDecLE,\n encrypt,\n decrypt,\n encryptBlock,\n decryptBlock,\n ctrCounter,\n ctr32,\n};\n//# sourceMappingURL=aes.js.map","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n */\n\nimport { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../../util';\nimport enums from '../../enums';\nimport { getLegacyCipher, getCipherParams } from '../cipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (nodeCrypto && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nclass WebCryptoEncryptor {\n constructor(algo, key, iv) {\n const { blockSize } = getCipherParams(algo);\n this.key = key;\n this.prevBlock = iv;\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n this.zeroBlock = new Uint8Array(this.blockSize);\n }\n\n static async isSupported(algo) {\n const { keySize } = getCipherParams(algo);\n return webCrypto.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt'])\n .then(() => true, () => false);\n }\n\n async _runCBC(plaintext, nonZeroIV) {\n const mode = 'AES-CBC';\n this.keyRef = this.keyRef || await webCrypto.importKey('raw', this.key, mode, false, ['encrypt']);\n const ciphertext = await webCrypto.encrypt(\n { name: mode, iv: nonZeroIV || this.zeroBlock },\n this.keyRef,\n plaintext\n );\n return new Uint8Array(ciphertext).subarray(0, plaintext.length);\n }\n\n async encryptChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const plaintext = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n const toEncrypt = util.concatUint8Array([\n this.prevBlock,\n plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block \"early\", since we only need to xor the plaintext and pass it over as prevBlock\n ]);\n\n const encryptedBlocks = await this._runCBC(toEncrypt);\n xorMut(encryptedBlocks, plaintext);\n this.prevBlock = encryptedBlocks.slice(-this.blockSize);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return encryptedBlocks;\n }\n\n this.i += added.length;\n let encryptedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n const curBlock = this.nextBlock;\n encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n this.prevBlock = encryptedBlock.slice();\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n encryptedBlock = new Uint8Array();\n }\n\n return encryptedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n this.nextBlock = this.nextBlock.subarray(0, this.i);\n const curBlock = this.nextBlock;\n const encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n result = encryptedBlock.subarray(0, curBlock.length);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.keyRef = null;\n this.key = null;\n }\n\n async encrypt(plaintext) {\n // plaintext is internally padded to block length before encryption\n const encryptedWithPadding = await this._runCBC(\n util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]),\n this.iv\n );\n // drop encrypted padding\n const ct = encryptedWithPadding.subarray(0, plaintext.length);\n xorMut(ct, plaintext);\n this.clearSensitiveData();\n return ct;\n }\n}\n\nclass NobleStreamProcessor {\n constructor(forEncryption, algo, key, iv) {\n this.forEncryption = forEncryption;\n const { blockSize } = getCipherParams(algo);\n this.key = nobleAesHelpers.expandKeyLE(key);\n\n if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers\n this.prevBlock = getUint32Array(iv);\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n }\n\n _runCFB(src) {\n const src32 = getUint32Array(src);\n const dst = new Uint8Array(src.length);\n const dst32 = getUint32Array(dst);\n for (let i = 0; i + 4 <= dst32.length; i += 4) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = nobleAesHelpers.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4);\n }\n return dst;\n }\n\n async processChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const toProcess = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n\n const processedBlocks = this._runCFB(toProcess);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return processedBlocks;\n }\n\n this.i += added.length;\n\n let processedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n processedBlock = this._runCFB(this.nextBlock);\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n processedBlock = new Uint8Array();\n }\n\n return processedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n const processedBlock = this._runCFB(this.nextBlock);\n\n result = processedBlock.subarray(0, this.i);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.key.fill(0);\n }\n}\n\n\nasync function aesEncrypt(algo, key, pt, iv) {\n if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys\n const cfb = new WebCryptoEncryptor(algo, key, iv);\n return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);\n } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream\n const cfb = new NobleStreamProcessor(true, algo, key, iv);\n return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).encrypt(pt);\n}\n\nasync function aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new NobleStreamProcessor(false, algo, key, iv);\n return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).decrypt(ct);\n}\n\nfunction xorMut(a, b) {\n const aLength = Math.min(a.length, b.length);\n for (let i = 0; i < aLength; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nconst getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt) {\n return nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(pt);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n */\n\nimport { ctr as nobleAesCtr } from '@noble/ciphers/aes';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const keyRef = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, keyRef, pt);\n return new Uint8Array(ct);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt, iv) {\n return nobleAesCtr(key, iv).encrypt(pt);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport { getCipherParams } from '../cipher';\nimport util from '../../util';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n const { keySize } = getCipherParams(cipher);\n // sanity checks\n if (!util.isAES(cipher) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let maxNtz = 0;\n\n // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,\n // hence its execution cannot be broken up.\n // As a result, WebCrypto cannot currently be used for `encipher`.\n const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });\n const encipher = block => aes.encrypt(block);\n const decipher = block => aes.decrypt(block);\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables() {\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n */\n\nimport { gcm as nobleAesGcm } from '@noble/ciphers/aes';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages\n const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\\/13\\.\\d(\\.\\d)* Safari/) ||\n navigator.userAgent.match(/Version\\/(13|14)\\.\\d(\\.\\d)* Mobile\\/\\S* Safari/);\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && !pt.length) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n try {\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n } catch (e) {\n if (e.name === 'OperationError') {\n throw new Error('Authentication tag mismatch');\n }\n }\n }\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n },\n\n decrypt: async function(ct, iv, adata) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","// Operations are not constant time, but we try and limit timing leakage where we can\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\nexport function uint8ArrayToBigInt(bytes: Uint8Array) {\n const hexAlphabet = '0123456789ABCDEF';\n let s = '';\n bytes.forEach(v => {\n s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];\n });\n return BigInt('0x0' + s);\n}\n\nexport function mod(a: bigint, m: bigint) {\n const reduced = a % m;\n return reduced < _0n ? reduced + m : reduced;\n}\n\n/**\n * Compute modular exponentiation using square and multiply\n * @param {BigInt} a - Base\n * @param {BigInt} e - Exponent\n * @param {BigInt} n - Modulo\n * @returns {BigInt} b ** e mod n.\n */\nexport function modExp(b: bigint, e: bigint, n: bigint) {\n if (n === _0n) throw Error('Modulo cannot be zero');\n if (n === _1n) return BigInt(0);\n if (e < _0n) throw Error('Unsopported negative exponent');\n\n let exp = e;\n let x = b;\n\n x %= n;\n let r = BigInt(1);\n while (exp > _0n) {\n const lsb = exp & _1n;\n exp >>= _1n; // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n; // Square\n }\n return r;\n}\n\n\nfunction abs(x: bigint) {\n return x >= _0n ? x : -x;\n}\n\n/**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a and b, compute (x, y) such that ax + by = gdc(a, b).\n * Negative numbers are also supported.\n * @param {BigInt} a - First operand\n * @param {BigInt} b - Second operand\n * @returns {{ gcd, x, y: bigint }}\n */\nfunction _egcd(aInput: bigint, bInput: bigint) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n // Deal with negative numbers: run algo over absolute values,\n // and \"move\" the sign to the returned x and/or y.\n // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers\n let a = abs(aInput);\n let b = abs(bInput);\n const aNegated = aInput < _0n;\n const bNegated = bInput < _0n;\n\n while (b !== _0n) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: aNegated ? -xPrev : xPrev,\n y: bNegated ? -yPrev : yPrev,\n gcd: a\n };\n}\n\n/**\n * Compute the inverse of `a` modulo `n`\n * Note: `a` and and `n` must be relatively prime\n * @param {BigInt} a\n * @param {BigInt} n - Modulo\n * @returns {BigInt} x such that a*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\nexport function modInv(a: bigint, n: bigint) {\n const { gcd, x } = _egcd(a, n);\n if (gcd !== _1n) {\n throw new Error('Inverse does not exist');\n }\n return mod(x + n, n);\n}\n\n/**\n * Compute greatest common divisor between this and n\n * @param {BigInt} aInput - Operand\n * @param {BigInt} bInput - Operand\n * @returns {BigInt} gcd\n */\nexport function gcd(aInput: bigint, bInput: bigint) {\n let a = aInput;\n let b = bInput;\n while (b !== _0n) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return a;\n}\n\n/**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\nexport function bigIntToNumber(x: bigint) {\n const number = Number(x);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n}\n\n/**\n * Get value of i-th bit\n * @param {BigInt} x\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\nexport function getBit(x:bigint, i: number) {\n const bit = (x >> BigInt(i)) & _1n;\n return bit === _0n ? 0 : 1;\n}\n\n/**\n * Compute bit length\n */\nexport function bitLength(x: bigint) {\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = x < _0n ? BigInt(-1) : _0n;\n let bitlen = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _1n) !== target) {\n bitlen++;\n }\n return bitlen;\n}\n\n/**\n * Compute byte length\n */\nexport function byteLength(x: bigint) {\n const target = x < _0n ? BigInt(-1) : _0n;\n const _8n = BigInt(8);\n let len = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _8n) !== target) {\n len++;\n }\n return len;\n}\n\n/**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\nexport function bigIntToUint8Array(x: bigint, endian = 'be', length: number) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = x.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? length - rawLength : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n */\nimport { byteLength, mod, uint8ArrayToBigInt } from './biginteger';\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto?.webcrypto;\n if (webcrypto?.getRandomValues) {\n const buf = new Uint8Array(length);\n return webcrypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n}\n\n/**\n * Create a secure random BigInt that is greater than or equal to min and less than max.\n * @param {bigint} min - Lower bound, included\n * @param {bigint} max - Upper bound, excluded\n * @returns {bigint} Random BigInt.\n * @async\n */\nexport function getRandomBigInteger(min, max) {\n if (max < min) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max - min;\n const bytes = byteLength(modulus);\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));\n return mod(r, modulus) + min;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n */\nimport { bigIntToNumber, bitLength, gcd, getBit, mod, modExp } from '../biginteger';\nimport { getRandomBigInteger } from '../random';\n\nconst _1n = BigInt(1);\n\n/**\n * Generate a probably prime random number\n * @param bits - Bit length of the prime\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function randomProbablePrime(bits: number, e: bigint, k: number) {\n const _30n = BigInt(30);\n const min = _1n << BigInt(bits - 1);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n let n = getRandomBigInteger(min, min << _1n);\n let i = bigIntToNumber(mod(n, _30n));\n\n do {\n n += BigInt(adds[i]);\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (bitLength(n) > bits) {\n n = mod(n, min << _1n); n += min;\n i = bigIntToNumber(mod(n, _30n));\n }\n } while (!isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param n - Number to test\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function isProbablePrime(n: bigint, e: bigint, k: number) {\n if (e && gcd(n - _1n, e) !== _1n) {\n return false;\n }\n if (!divisionTest(n)) {\n return false;\n }\n if (!fermat(n)) {\n return false;\n }\n if (!millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param n - Number to test\n * @param b - Optional Fermat test base\n */\nexport function fermat(n: bigint, b = BigInt(2)) {\n return modExp(b, n - _1n, n) === _1n;\n}\n\nexport function divisionTest(n: bigint) {\n const _0n = BigInt(0);\n return smallPrimes.every(m => mod(n, m) !== _0n);\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n].map(n => BigInt(n));\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param n - Number to test\n * @param k - Optional number of iterations of Miller-Rabin test\n * @param rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport function millerRabin(n: bigint, k: number, rand?: () => bigint) {\n const len = bitLength(n);\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n - _1n; // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!getBit(n1, s)) { s++; }\n const d = n >> BigInt(s);\n\n for (; k > 0; k--) {\n const a = rand ? rand() : getRandomBigInteger(BigInt(2), n1);\n\n let x = modExp(a, d, n);\n if (x === _1n || x === n1) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = mod(x * x, n);\n\n if (x === _1n) {\n return false;\n }\n if (x === n1) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n */\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\nimport { bigIntToNumber, bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\nimport hash from '../hash';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst _1n = BigInt(1);\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (hash.getHashByteLength(hashAlgo) >= n.length) {\n // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error\n // e.g. if a 512-bit RSA key is used with a SHA-512 digest.\n // The size limit is actually slightly different but here we only care about throwing\n // on common key sizes.\n throw new Error('Digest size cannot exceed key modulus size');\n }\n\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n e = BigInt(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return jwkToPrivate(jwk, e);\n } else if (util.getNodeCrypto()) {\n const opts = {\n modulusLength: bits,\n publicExponent: bigIntToNumber(e),\n publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },\n privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }\n };\n const jwk = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => {\n if (err) {\n reject(err);\n } else {\n resolve(jwkPrivateKey);\n }\n });\n });\n return jwkToPrivate(jwk, e);\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = randomProbablePrime(bits - (bits >> 1), e, 40);\n p = randomProbablePrime(bits >> 1, e, 40);\n n = p * q;\n } while (bitLength(n) !== bits);\n\n const phi = (p - _1n) * (q - _1n);\n\n if (q < p) {\n [p, q] = [q, p];\n }\n\n return {\n n: bigIntToUint8Array(n),\n e: bigIntToUint8Array(e),\n d: bigIntToUint8Array(modInv(e, phi)),\n p: bigIntToUint8Array(p),\n q: bigIntToUint8Array(q),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: bigIntToUint8Array(modInv(p, q))\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n n = uint8ArrayToBigInt(n);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n\n // expect pq = n\n if ((p * q) !== n) {\n return false;\n }\n\n const _2n = BigInt(2);\n // expect p*u = 1 mod q\n u = uint8ArrayToBigInt(u);\n if (mod(p * u, q) !== BigInt(1)) {\n return false;\n }\n\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));\n const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r * d * e;\n\n const areInverses = mod(rde, p - _1n) === r && mod(rde, q - _1n) === r;\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n n = uint8ArrayToBigInt(n);\n const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));\n d = uint8ArrayToBigInt(d);\n return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n\n const jwk = await privateToJWK(n, e, d, p, q, u);\n return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' }));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n n = uint8ArrayToBigInt(n);\n s = uint8ArrayToBigInt(s);\n e = uint8ArrayToBigInt(e);\n if (s >= n) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));\n const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1' };\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n\n try {\n return verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n n = uint8ArrayToBigInt(n);\n data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));\n e = uint8ArrayToBigInt(e);\n if (data >= n) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n data = uint8ArrayToBigInt(data);\n n = uint8ArrayToBigInt(n);\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n u = uint8ArrayToBigInt(u);\n if (data >= n) {\n throw new Error('Data too large.');\n }\n const dq = mod(d, q - _1n); // d mod (q-1)\n const dp = mod(d, p - _1n); // d mod (p-1)\n\n const unblinder = getRandomBigInteger(BigInt(2), n);\n const blinder = modExp(modInv(unblinder, n), e, n);\n data = mod(data * blinder, n);\n\n const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p\n const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q\n const h = mod(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h * p + mp; // result < n due to relations above\n\n result = mod(result * unblinder, n);\n\n return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const pNum = uint8ArrayToBigInt(p);\n const qNum = uint8ArrayToBigInt(q);\n const dNum = uint8ArrayToBigInt(d);\n\n let dq = mod(dNum, qNum - _1n); // d mod (q-1)\n let dp = mod(dNum, pNum - _1n); // d mod (p-1)\n dp = bigIntToUint8Array(dp);\n dq = bigIntToUint8Array(dq);\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n\n/** Convert JWK private key to OpenPGP private key params */\nfunction jwkToPrivate(jwk, e) {\n return {\n n: b64ToUint8Array(jwk.n),\n e: bigIntToUint8Array(e),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n */\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\nconst _1n = BigInt(1);\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n const padded = emeEncode(data, byteLength(p));\n const m = uint8ArrayToBigInt(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = getRandomBigInteger(_1n, p - _1n);\n return {\n c1: bigIntToUint8Array(modExp(g, k, p)),\n c2: bigIntToUint8Array(mod(modExp(y, k, p) * m, p))\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n c1 = uint8ArrayToBigInt(c1);\n c2 = uint8ArrayToBigInt(c2);\n p = uint8ArrayToBigInt(p);\n x = uint8ArrayToBigInt(x);\n\n const padded = mod(modInv(modExp(c1, x, p), p) * c2, p);\n return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = BigInt(bitLength(p));\n const _1023n = BigInt(1023);\n if (pSize < _1023n) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (modExp(g, p - _1n, p) !== _1n) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n let i = BigInt(1);\n const _2n = BigInt(2);\n const threshold = _2n << BigInt(17); // we want order > threshold\n while (i < threshold) {\n res = mod(res * g, p);\n if (res === _1n) {\n return false;\n }\n i++;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const r = getRandomBigInteger(_2n << (pSize - _1n), _2n << pSize); // draw r of same size as p-1\n const rqx = (p - _1n) * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","// declare const globalThis: Record | undefined;\nexport const crypto =\n typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n","import { crypto } from './crypto.js';\n\n'use strict';\nconst nacl = {};\nexport default nacl;\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction ts64(x, i, h, l) {\n x[i] = (h >> 24) & 0xff;\n x[i+1] = (h >> 16) & 0xff;\n x[i+2] = (h >> 8) & 0xff;\n x[i+3] = h & 0xff;\n x[i+4] = (l >> 24) & 0xff;\n x[i+5] = (l >> 16) & 0xff;\n x[i+6] = (l >> 8) & 0xff;\n x[i+7] = l & 0xff;\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nvar K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction crypto_hashblocks_hl(hh, hl, m, n) {\n var wh = new Int32Array(16), wl = new Int32Array(16),\n bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\n bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\n th, tl, i, j, h, l, a, b, c, d;\n\n var ah0 = hh[0],\n ah1 = hh[1],\n ah2 = hh[2],\n ah3 = hh[3],\n ah4 = hh[4],\n ah5 = hh[5],\n ah6 = hh[6],\n ah7 = hh[7],\n\n al0 = hl[0],\n al1 = hl[1],\n al2 = hl[2],\n al3 = hl[3],\n al4 = hl[4],\n al5 = hl[5],\n al6 = hl[6],\n al7 = hl[7];\n\n var pos = 0;\n while (n >= 128) {\n for (i = 0; i < 16; i++) {\n j = 8 * i + pos;\n wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];\n wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];\n }\n for (i = 0; i < 80; i++) {\n bh0 = ah0;\n bh1 = ah1;\n bh2 = ah2;\n bh3 = ah3;\n bh4 = ah4;\n bh5 = ah5;\n bh6 = ah6;\n bh7 = ah7;\n\n bl0 = al0;\n bl1 = al1;\n bl2 = al2;\n bl3 = al3;\n bl4 = al4;\n bl5 = al5;\n bl6 = al6;\n bl7 = al7;\n\n // add\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma1\n h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\n l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Ch\n h = (ah4 & ah5) ^ (~ah4 & ah6);\n l = (al4 & al5) ^ (~al4 & al6);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // K\n h = K[i*2];\n l = K[i*2+1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // w\n h = wh[i%16];\n l = wl[i%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n th = c & 0xffff | d << 16;\n tl = a & 0xffff | b << 16;\n\n // add\n h = th;\n l = tl;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma0\n h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\n l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Maj\n h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\n l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh7 = (c & 0xffff) | (d << 16);\n bl7 = (a & 0xffff) | (b << 16);\n\n // add\n h = bh3;\n l = bl3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = th;\n l = tl;\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh3 = (c & 0xffff) | (d << 16);\n bl3 = (a & 0xffff) | (b << 16);\n\n ah1 = bh0;\n ah2 = bh1;\n ah3 = bh2;\n ah4 = bh3;\n ah5 = bh4;\n ah6 = bh5;\n ah7 = bh6;\n ah0 = bh7;\n\n al1 = bl0;\n al2 = bl1;\n al3 = bl2;\n al4 = bl3;\n al5 = bl4;\n al6 = bl5;\n al7 = bl6;\n al0 = bl7;\n\n if (i%16 === 15) {\n for (j = 0; j < 16; j++) {\n // add\n h = wh[j];\n l = wl[j];\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = wh[(j+9)%16];\n l = wl[(j+9)%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma0\n th = wh[(j+1)%16];\n tl = wl[(j+1)%16];\n h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\n l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma1\n th = wh[(j+14)%16];\n tl = wl[(j+14)%16];\n h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\n l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n wh[j] = (c & 0xffff) | (d << 16);\n wl[j] = (a & 0xffff) | (b << 16);\n }\n }\n }\n\n // add\n h = ah0;\n l = al0;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[0];\n l = hl[0];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[0] = ah0 = (c & 0xffff) | (d << 16);\n hl[0] = al0 = (a & 0xffff) | (b << 16);\n\n h = ah1;\n l = al1;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[1];\n l = hl[1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[1] = ah1 = (c & 0xffff) | (d << 16);\n hl[1] = al1 = (a & 0xffff) | (b << 16);\n\n h = ah2;\n l = al2;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[2];\n l = hl[2];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[2] = ah2 = (c & 0xffff) | (d << 16);\n hl[2] = al2 = (a & 0xffff) | (b << 16);\n\n h = ah3;\n l = al3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[3];\n l = hl[3];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[3] = ah3 = (c & 0xffff) | (d << 16);\n hl[3] = al3 = (a & 0xffff) | (b << 16);\n\n h = ah4;\n l = al4;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[4];\n l = hl[4];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[4] = ah4 = (c & 0xffff) | (d << 16);\n hl[4] = al4 = (a & 0xffff) | (b << 16);\n\n h = ah5;\n l = al5;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[5];\n l = hl[5];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[5] = ah5 = (c & 0xffff) | (d << 16);\n hl[5] = al5 = (a & 0xffff) | (b << 16);\n\n h = ah6;\n l = al6;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[6];\n l = hl[6];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[6] = ah6 = (c & 0xffff) | (d << 16);\n hl[6] = al6 = (a & 0xffff) | (b << 16);\n\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[7];\n l = hl[7];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[7] = ah7 = (c & 0xffff) | (d << 16);\n hl[7] = al7 = (a & 0xffff) | (b << 16);\n\n pos += 128;\n n -= 128;\n }\n\n return n;\n}\n\nfunction crypto_hash(out, m, n) {\n var hh = new Int32Array(8),\n hl = new Int32Array(8),\n x = new Uint8Array(256),\n i, b = n;\n\n hh[0] = 0x6a09e667;\n hh[1] = 0xbb67ae85;\n hh[2] = 0x3c6ef372;\n hh[3] = 0xa54ff53a;\n hh[4] = 0x510e527f;\n hh[5] = 0x9b05688c;\n hh[6] = 0x1f83d9ab;\n hh[7] = 0x5be0cd19;\n\n hl[0] = 0xf3bcc908;\n hl[1] = 0x84caa73b;\n hl[2] = 0xfe94f82b;\n hl[3] = 0x5f1d36f1;\n hl[4] = 0xade682d1;\n hl[5] = 0x2b3e6c1f;\n hl[6] = 0xfb41bd6b;\n hl[7] = 0x137e2179;\n\n crypto_hashblocks_hl(hh, hl, m, n);\n n %= 128;\n\n for (i = 0; i < n; i++) x[i] = m[b-n+i];\n x[n] = 128;\n\n n = 256-128*(n<112?1:0);\n x[n-9] = 0;\n ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\n crypto_hashblocks_hl(hh, hl, x, n);\n\n for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\n\n return 0;\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n crypto_hash(r, sm.subarray(32), n+32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n crypto_hash(h, sm, n + 64);\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n crypto_hash(h, m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n if (crypto && crypto.getRandomValues) {\n // Browsers and Node v16+\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n})();\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nconst knownOIDs = {\n '2a8648ce3d030107': enums.curve.nistP256,\n '2b81040022': enums.curve.nistP384,\n '2b81040023': enums.curve.nistP521,\n '2b8104000a': enums.curve.secp256k1,\n '2b06010401da470f01': enums.curve.ed25519Legacy,\n '2b060104019755010501': enums.curve.curve25519Legacy,\n '2b2403030208010107': enums.curve.brainpoolP256r1,\n '2b240303020801010b': enums.curve.brainpoolP384r1,\n '2b240303020801010d': enums.curve.brainpoolP512r1\n};\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {enums.curve} String with the canonical name of the curve\n * @throws if unknown\n */\n getName() {\n const name = knownOIDs[this.toHex()];\n if (!name) {\n throw new Error('Unknown curve object identifier.');\n }\n\n return name;\n }\n}\n\nexport default OID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\n// unknown packet types are handled differently depending on the packet criticality\nexport class UnknownPacketError extends UnsupportedError {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnknownPacketError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n */\n\nimport ed25519 from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\nimport { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';\n\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n A: new Uint8Array(b64ToUint8Array(publicKey.x)),\n seed: b64ToUint8Array(privateKey.d, true)\n };\n } catch (err) {\n if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux\n throw err;\n }\n const seed = getRandomBytes(getPayloadSize(algo));\n const { publicKey: A } = ed25519.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const seed = ed448.utils.randomPrivateKey();\n const A = ed448.getPublicKey(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = privateKeyToJWK(algo, publicKey, privateKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']);\n\n const signature = new Uint8Array(\n await webCrypto.sign('Ed25519', key, hashed)\n );\n\n return { RS: signature };\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = ed25519.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const signature = ed448.sign(hashed, privateKey);\n return { RS: signature };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = publicKeyToJWK(algo, publicKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']);\n const verified = await webCrypto.verify('Ed25519', key, RS, hashed);\n return verified;\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n return ed25519.sign.detached.verify(hashed, RS, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n return ed448.verify(RS, hashed, publicKey);\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented\n */\n const { publicKey } = ed25519.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n\n const publicKey = ed448.getPublicKey(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n default:\n return false;\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return 32;\n\n case enums.publicKey.ed448:\n return 57;\n\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n case enums.publicKey.ed448:\n return enums.hash.sha512;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n\nconst publicKeyToJWK = (algo, publicKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = {\n kty: 'OKP',\n crv: 'Ed25519',\n x: uint8ArrayToB64(publicKey, true),\n ext: true\n };\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n\nconst privateKeyToJWK = (algo, publicKey, privateKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = publicKeyToJWK(algo, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n */\n\nimport { aeskw as nobleAesKW } from '@noble/ciphers/aes';\nimport { getCipherParams } from './cipher';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n/**\n * AES key wrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} dataToWrap\n * @returns {Uint8Array} wrapped key\n */\nexport async function wrap(algo, key, dataToWrap) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n try {\n const wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']);\n // Import data as HMAC key, as it has no key length requirements\n const keyToWrap = await webCrypto.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n const wrapped = await webCrypto.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' });\n return new Uint8Array(wrapped);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n\n return nobleAesKW(key).encrypt(dataToWrap);\n}\n\n/**\n * AES key unwrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} wrappedData\n * @returns {Uint8Array} unwrapped data\n */\nexport async function unwrap(algo, key, wrappedData) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let wrappingKey;\n try {\n wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n return nobleAesKW(key).decrypt(wrappedData);\n }\n\n try {\n const unwrapped = await webCrypto.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n return new Uint8Array(await webCrypto.exportKey('raw', unwrapped));\n } catch (err) {\n if (err.name === 'OperationError') {\n throw new Error('Key Data Integrity failed');\n }\n throw err;\n }\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n\nexport default async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n const importedKey = await webCrypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await webCrypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport x25519 from '@openpgp/tweetnacl';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport computeHKDF from '../../hkdf';\nimport { getCipherParams } from '../../cipher';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519'),\n x448: util.encodeUTF8('OpenPGP X448')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const k = x448.utils.randomPrivateKey();\n const A = x448.getPublicKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = x25519.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const publicKey = x448.getPublicKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.x25519:\n return 32;\n\n case enums.publicKey.x448:\n return 56;\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Generate shared secret and ephemeral public key for encryption\n * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret\n * @async\n */\nexport async function generateEphemeralEncryptionMaterial(algo, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));\n const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const ephemeralSecretKey = x448.utils.randomPrivateKey();\n const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * x25519 and x448 produce an all-zero value when given as input a point with small order.\n * This does not lead to a security issue in the context of ECDH, but it is still unexpected,\n * hence we throw.\n * @param {Uint8Array} sharedSecret\n */\nfunction assertNonZeroArray(sharedSecret) {\n let acc = 0;\n for (let i = 0; i < sharedSecret.length; i++) {\n acc |= sharedSecret[i];\n }\n if (acc === 0) {\n throw new Error('Unexpected low order point');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n */\nimport nacl from '@openpgp/tweetnacl';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { UnsupportedError } from '../../../packet/packet';\nimport { generate as eddsaGenerate } from './eddsa';\nimport { generate as ecdhXGenerate } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n [enums.curve.nistP256]: 'P-256',\n [enums.curve.nistP384]: 'P-384',\n [enums.curve.nistP521]: 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,\n [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n [enums.curve.nistP256]: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.nistP256],\n web: webCurves[enums.curve.nistP256],\n payloadSize: 32,\n sharedSize: 256,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP384]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.nistP384],\n web: webCurves[enums.curve.nistP384],\n payloadSize: 48,\n sharedSize: 384,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP521]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.nistP521],\n web: webCurves[enums.curve.nistP521],\n payloadSize: 66,\n sharedSize: 528,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.secp256k1]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.secp256k1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.ed25519Legacy]: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.curve25519Legacy]: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.brainpoolP256r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.brainpoolP256r1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP384r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.brainpoolP384r1],\n payloadSize: 48,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP512r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.brainpoolP512r1],\n payloadSize: 64,\n wireFormatLeadingByte: 0x04\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName) {\n try {\n this.name = oidOrName instanceof OID ?\n oidOrName.getName() :\n enums.write(enums.curve,oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n const params = curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node;\n this.web = params.web;\n this.payloadSize = params.payloadSize;\n this.sharedSize = params.sharedSize;\n this.wireFormatLeadingByte = params.wireFormatLeadingByte;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === enums.curve.curve25519Legacy) {\n this.type = 'curve25519Legacy';\n } else if (this.name === enums.curve.ed25519Legacy) {\n this.type = 'ed25519Legacy';\n }\n }\n\n async genKeyPair() {\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name, this.wireFormatLeadingByte);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n return jsGenKeyPair(this.name);\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519Legacy': {\n // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3\n const { k, A } = await ecdhXGenerate(enums.publicKey.x25519);\n const privateKey = k.slice().reverse();\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n case 'ed25519Legacy': {\n const { seed: privateKey, A } = await eddsaGenerate(enums.publicKey.ed25519);\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n default:\n return jsGenKeyPair(this.name);\n }\n }\n}\n\nasync function generate(curveName) {\n const curve = new CurveWithOID(curveName);\n const { oid, hash, cipher } = curve;\n const keyPair = await curve.genKeyPair();\n return {\n oid,\n Q: keyPair.publicKey,\n secret: util.leftPad(keyPair.privateKey, curve.payloadSize),\n hash,\n cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[oid.getName()].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n [enums.curve.nistP256]: true,\n [enums.curve.nistP384]: true,\n [enums.curve.nistP521]: true,\n [enums.curve.secp256k1]: true,\n [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh,\n [enums.curve.brainpoolP256r1]: true,\n [enums.curve.brainpoolP384r1]: true,\n [enums.curve.brainpoolP512r1]: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === enums.curve.curve25519Legacy) {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n /*\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = nobleCurve.getPublicKey(d, false);\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n}\n\n/**\n * Check whether the public point has a valid encoding.\n * NB: this function does not check e.g. whether the point belongs to the curve.\n */\nfunction checkPublicPointEnconding(curve, V) {\n const { payloadSize, wireFormatLeadingByte, name: curveName } = curve;\n\n const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2;\n\n if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) {\n throw new Error('Invalid point encoding');\n }\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\nasync function jsGenKeyPair(name) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n const privateKey = nobleCurve.utils.randomPrivateKey();\n const publicKey = nobleCurve.getPublicKey(privateKey, false);\n return { publicKey, privateKey };\n}\n\nasync function webGenKeyPair(name, wireFormatLeadingByte) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk, wireFormatLeadingByte) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = wireFormatLeadingByte;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';\nimport { bigIntToUint8Array } from '../../biginteger';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web':\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n case 'node':\n return nodeSign(curve, hashAlgo, message, privateKey);\n }\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });\n return {\n r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),\n s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)\n };\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n // See https://github.com/openpgpjs/openpgpjs/pull/948.\n // NB: the impact was more likely limited to Brainpool curves, since thanks\n // to WebCrypto availability, NIST curve should not have been affected.\n // Similarly, secp256k1 should have been used rarely enough.\n // However, we implement the fix for all curves, since it's only needed in case of\n // verification failure, which is unexpected, hence a minor slowdown is acceptable.\n const tryFallbackVerificationForOldBug = async () => (\n hashed[0] === 0 ?\n jsVerify(curve, signature, hashed.subarray(1), publicKey) :\n false\n );\n\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n const verified = await webVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node': {\n const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n }\n }\n }\n\n const verified = await jsVerify(curve, signature, hashed, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n // eslint-disable-next-line @typescript-eslint/return-await\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Fallback javascript implementation of ECDSA verification.\n * To be used if no native implementation is available for the given curve/operation.\n */\nasync function jsVerify(curve, signature, hashed, publicKey) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false });\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, privateKey) {\n // JWT encoding cannot be used for now, as Brainpool curves are not supported\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n privateKey: nodeBuffer.from(privateKey)\n });\n\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n\n const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' }));\n const len = curve.payloadSize;\n\n return {\n r: signature.subarray(0, len),\n s: signature.subarray(len, len << 1)\n };\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { publicKey: derPublicKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n publicKey: nodeBuffer.from(publicKey)\n });\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n\n const signature = util.concatUint8Array([r, s]);\n\n try {\n return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature);\n } catch (err) {\n return false;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n */\n\nimport nacl from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { CurveWithOID, checkPublicPointEnconding } from './oid_curves';\nimport { sign as eddsaSign, verify as eddsaVerify } from './eddsa';\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const { RS: signature } = await eddsaSign(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const RS = util.concatUint8Array([r, s]);\n return eddsaVerify(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed);\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { getCipherParams } from '../../cipher';\nimport { generateEphemeralEncryptionMaterial as ecdhXGenerateEphemeralEncryptionMaterial, recomputeSharedSecret as ecdhXRecomputeSharedSecret } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519Legacy': {\n const { sharedSecret: sharedKey, ephemeralPublicKey } = await ecdhXGenerateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1));\n const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n return jsPublicEphemeralKey(curve, Q);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n default:\n return jsPublicEphemeralKey(curve, Q);\n\n }\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = await aesKW.wrap(kdfParams.cipher, Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519Legacy': {\n const secretKey = d.slice().reverse();\n const sharedKey = await ecdhXRecomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey);\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n return jsPrivateEphemeralKey(curve, V, d);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n default:\n return jsPrivateEphemeralKey(curve, V, d);\n }\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n checkPublicPointEnconding(curve, V);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(await aesKW.unwrap(kdfParams.cipher, Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\nasync function jsPrivateEphemeralKey(curve, V, d) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { secretKey: d, sharedKey };\n}\n\nasync function jsPublicEphemeralKey(curve, Q) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n const { publicKey: V, privateKey: v } = await curve.genKeyPair();\n\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { publicKey: V, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: sender\n },\n privateKey,\n curve.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const _0n = BigInt(0);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n x = uint8ArrayToBigInt(x);\n\n let k;\n let r;\n let s;\n let t;\n g = mod(g, p);\n x = mod(x, q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = getRandomBigInteger(_1n, q); // returns in [1, q-1]\n r = mod(modExp(g, k, p), q); // (g**k mod p) mod q\n if (r === _0n) {\n continue;\n }\n const xr = mod(x * r, q);\n t = mod(h + xr, q); // H(m) + x*r mod q\n s = mod(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q\n if (s === _0n) {\n continue;\n }\n break;\n }\n return {\n r: bigIntToUint8Array(r, 'be', byteLength(p)),\n s: bigIntToUint8Array(s, 'be', byteLength(p))\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n r = uint8ArrayToBigInt(r);\n s = uint8ArrayToBigInt(s);\n\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n if (r <= _0n || r >= q ||\n s <= _0n || s >= q) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n const w = modInv(s, q); // s**-1 mod q\n if (w === _0n) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = mod(g, p);\n y = mod(y, p);\n const u1 = mod(h * w, q); // H(m) * w mod q\n const u2 = mod(r * w, q); // r * w mod q\n const t1 = modExp(g, u1, p); // g**u1 mod p\n const t2 = modExp(y, u2, p); // y**u2 mod p\n const v = mod(mod(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q\n return v === r;\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (mod(p - _1n, q) !== _0n) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (modExp(g, q, p) !== _1n) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = BigInt(bitLength(q));\n const _150n = BigInt(150);\n if (qSize < _150n || !isProbablePrime(q, null, 32)) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const _2n = BigInt(2);\n const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q\n const rqx = q * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n */\n\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { read, signatureParams: { s } };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n // If the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature\n // verification: if the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n // Algorithm-Specific Fields for Ed448 signatures:\n // - 114 octets of the native signature\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo);\n const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length;\n return { read, signatureParams: { RS } };\n }\n\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal:\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport { getCipherParams } from './cipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only)\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n if (symmetricAlgo && !util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 and X448 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (C.algorithm !== null && !util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const payloadSize = getCurvePayloadSize(algo);\n const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const payloadSize = getCurvePayloadSize(algo);\n const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 or X448 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448).\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const pointSize = getCurvePayloadSize(algo);\n const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([\n enums.publicKey.ed25519,\n enums.publicKey.x25519,\n enums.publicKey.ed448,\n enums.publicKey.x448\n ]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipherParams(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipherParams(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get encoded secret size for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getCurvePayloadSize(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh:\n case enums.publicKey.eddsaLegacy:\n return new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPayloadSize(algo);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.getPayloadSize(algo);\n default:\n throw new Error('Unknown elliptic algo');\n }\n}\n\n/**\n * Get preferred signing hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n\n\nexport { getCipherParams };\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","import defaultConfig from '../../config';\nimport enums from '../../enums';\nimport util from '../../util';\nimport crypto from '../../crypto';\n\nconst ARGON2_TYPE = 0x02; // id\nconst ARGON2_VERSION = 0x13;\nconst ARGON2_SALT_SIZE = 16;\n\nexport class Argon2OutOfMemoryError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Argon2OutOfMemoryError);\n }\n\n this.name = 'Argon2OutOfMemoryError';\n }\n}\n\n// cache argon wasm module\nlet loadArgonWasmModule;\nlet argon2Promise;\n// reload wasm module above this treshold, to deallocated used memory\nconst ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;\n\nclass Argon2S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n const { passes, parallelism, memoryExponent } = config.s2kArgon2Params;\n\n this.type = 'argon2';\n /**\n * 16 bytes of salt\n * @type {Uint8Array}\n */\n this.salt = null;\n /**\n * number of passes\n * @type {Integer}\n */\n this.t = passes;\n /**\n * degree of parallelism (lanes)\n * @type {Integer}\n */\n this.p = parallelism;\n /**\n * exponent indicating memory size\n * @type {Integer}\n */\n this.encodedM = memoryExponent;\n }\n\n generateSalt() {\n this.salt = crypto.random.getRandomBytes(ARGON2_SALT_SIZE);\n }\n\n /**\n * Parsing function for argon2 string-to-key specifier.\n * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n\n this.salt = bytes.subarray(i, i + 16);\n i += 16;\n\n this.t = bytes[i++];\n this.p = bytes[i++];\n this.encodedM = bytes[i++]; // memory size exponent, one-octect\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n const arr = [\n new Uint8Array([enums.write(enums.s2k, this.type)]),\n this.salt,\n new Uint8Array([this.t, this.p, this.encodedM])\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to `keySize`\n * @throws {Argon2OutOfMemoryError|Errors}\n * @async\n */\n async produceKey(passphrase, keySize) {\n const decodedM = 2 << (this.encodedM - 1);\n\n try {\n // on first load, the argon2 lib is imported and the WASM module is initialized.\n // the two steps need to be atomic to avoid race conditions causing multiple wasm modules\n // being loaded when `argon2Promise` is not initialized.\n loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;\n argon2Promise = argon2Promise || loadArgonWasmModule();\n\n // important to keep local ref to argon2 in case the module is reloaded by another instance\n const argon2 = await argon2Promise;\n\n const passwordBytes = util.encodeUTF8(passphrase);\n const hash = argon2({\n version: ARGON2_VERSION,\n type: ARGON2_TYPE,\n password: passwordBytes,\n salt: this.salt,\n tagLength: keySize,\n memorySize: decodedM,\n parallelism: this.p,\n passes: this.t\n });\n\n // a lot of memory was used, reload to deallocate\n if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {\n // it will be awaited if needed at the next `produceKey` invocation\n argon2Promise = loadArgonWasmModule();\n argon2Promise.catch(() => {});\n }\n return hash;\n } catch (e) {\n if (e.message && (\n e.message.includes('Unable to grow instance memory') || // Chrome\n e.message.includes('failed to grow memory') || // Firefox\n e.message.includes('WebAssembly.Memory.grow') || // Safari\n e.message.includes('Out of memory') // Safari iOS\n )) {\n throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');\n } else {\n throw e;\n }\n }\n }\n}\n\nexport default Argon2S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n */\n\nimport defaultConfig from '../../config';\nimport crypto from '../../crypto';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\nimport util from '../../util';\n\nclass GenericS2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(s2kType, config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = enums.read(enums.s2k, s2kType);\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n generateSalt() {\n switch (this.type) {\n case 'salted':\n case 'iterated':\n this.salt = crypto.random.getRandomBytes(8);\n }\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default GenericS2K;\n","import defaultConfig from '../../config';\nimport Argon2S2K, { Argon2OutOfMemoryError } from './argon2';\nimport GenericS2K from './generic';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\n\nconst allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);\n\n/**\n * Instantiate a new S2K instance of the given type\n * @param {module:enums.s2k} type\n * @oaram {Object} [config]\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromType(type, config = defaultConfig) {\n switch (type) {\n case enums.s2k.argon2:\n return new Argon2S2K(config);\n case enums.s2k.iterated:\n case enums.s2k.gnu:\n case enums.s2k.salted:\n case enums.s2k.simple:\n return new GenericS2K(type, config);\n default:\n throw new UnsupportedError('Unsupported S2K type');\n }\n}\n\n/**\n * Instantiate a new S2K instance based on the config settings\n * @oaram {Object} config\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromConfig(config) {\n const { s2kType } = config;\n\n if (!allowedS2KTypesForEncryption.has(s2kType)) {\n throw new Error('The provided `config.s2kType` value is not allowed');\n }\n\n return newS2KFromType(s2kType, config);\n}\n\nexport { Argon2OutOfMemoryError };\n","// DEFLATE is a complex format; to read this code, you should probably check the RFC first:\n// https://tools.ietf.org/html/rfc1951\n// You may also wish to take a look at the guide I made about this program:\n// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad\n// Some of the following code is similar to that of UZIP.js:\n// https://github.com/photopea/UZIP.js\n// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size.\n// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint\n// is better for memory in most engines (I *think*).\nvar ch2 = {};\nvar wk = (function (c, id, msg, transfer, cb) {\n var w = new Worker(ch2[id] || (ch2[id] = URL.createObjectURL(new Blob([\n c + ';addEventListener(\"error\",function(e){e=e.error;postMessage({$e$:[e.message,e.code,e.stack]})})'\n ], { type: 'text/javascript' }))));\n w.onmessage = function (e) {\n var d = e.data, ed = d.$e$;\n if (ed) {\n var err = new Error(ed[0]);\n err['code'] = ed[1];\n err.stack = ed[2];\n cb(err, null);\n }\n else\n cb(null, d);\n };\n w.postMessage(msg, transfer);\n return w;\n});\n\n// aliases for shorter compressed code (most minifers don't do this)\nvar u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array;\n// fixed length extra bits\nvar fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]);\n// fixed distance extra bits\n// see fleb note\nvar fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]);\n// code length index map\nvar clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);\n// get base, reverse index map from extra bits\nvar freb = function (eb, start) {\n var b = new u16(31);\n for (var i = 0; i < 31; ++i) {\n b[i] = start += 1 << eb[i - 1];\n }\n // numbers here are at max 18 bits\n var r = new u32(b[30]);\n for (var i = 1; i < 30; ++i) {\n for (var j = b[i]; j < b[i + 1]; ++j) {\n r[j] = ((j - b[i]) << 5) | i;\n }\n }\n return [b, r];\n};\nvar _a = freb(fleb, 2), fl = _a[0], revfl = _a[1];\n// we can ignore the fact that the other numbers are wrong; they never happen anyway\nfl[28] = 258, revfl[258] = 28;\nvar _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1];\n// map of value to reverse (assuming 16 bits)\nvar rev = new u16(32768);\nfor (var i = 0; i < 32768; ++i) {\n // reverse table algorithm from SO\n var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1);\n x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2);\n x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4);\n rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1;\n}\n// create huffman tree from u8 \"map\": index -> code length for code index\n// mb (max bits) must be at most 15\n// TODO: optimize/split up?\nvar hMap = (function (cd, mb, r) {\n var s = cd.length;\n // index\n var i = 0;\n // u16 \"map\": index -> # of codes with bit length = index\n var l = new u16(mb);\n // length of cd must be 288 (total # of codes)\n for (; i < s; ++i) {\n if (cd[i])\n ++l[cd[i] - 1];\n }\n // u16 \"map\": index -> minimum code for bit length = index\n var le = new u16(mb);\n for (i = 0; i < mb; ++i) {\n le[i] = (le[i - 1] + l[i - 1]) << 1;\n }\n var co;\n if (r) {\n // u16 \"map\": index -> number of actual bits, symbol for code\n co = new u16(1 << mb);\n // bits to remove for reverser\n var rvb = 15 - mb;\n for (i = 0; i < s; ++i) {\n // ignore 0 lengths\n if (cd[i]) {\n // num encoding both symbol and bits read\n var sv = (i << 4) | cd[i];\n // free bits\n var r_1 = mb - cd[i];\n // start value\n var v = le[cd[i] - 1]++ << r_1;\n // m is end value\n for (var m = v | ((1 << r_1) - 1); v <= m; ++v) {\n // every 16 bit value starting with the code yields the same result\n co[rev[v] >>> rvb] = sv;\n }\n }\n }\n }\n else {\n co = new u16(s);\n for (i = 0; i < s; ++i) {\n if (cd[i]) {\n co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]);\n }\n }\n }\n return co;\n});\n// fixed length tree\nvar flt = new u8(288);\nfor (var i = 0; i < 144; ++i)\n flt[i] = 8;\nfor (var i = 144; i < 256; ++i)\n flt[i] = 9;\nfor (var i = 256; i < 280; ++i)\n flt[i] = 7;\nfor (var i = 280; i < 288; ++i)\n flt[i] = 8;\n// fixed distance tree\nvar fdt = new u8(32);\nfor (var i = 0; i < 32; ++i)\n fdt[i] = 5;\n// fixed length map\nvar flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1);\n// fixed distance map\nvar fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1);\n// find max of array\nvar max = function (a) {\n var m = a[0];\n for (var i = 1; i < a.length; ++i) {\n if (a[i] > m)\n m = a[i];\n }\n return m;\n};\n// read d, starting at bit p and mask with m\nvar bits = function (d, p, m) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m;\n};\n// read d, starting at bit p continuing for at least 16 bits\nvar bits16 = function (d, p) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7));\n};\n// get end of byte\nvar shft = function (p) { return ((p + 7) / 8) | 0; };\n// typed array slice - allows garbage collector to free original reference,\n// while being more compatible than .slice\nvar slc = function (v, s, e) {\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n // can't use .constructor in case user-supplied\n var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\n/**\n * Codes for errors generated within this library\n */\nexport var FlateErrorCode = {\n UnexpectedEOF: 0,\n InvalidBlockType: 1,\n InvalidLengthLiteral: 2,\n InvalidDistance: 3,\n StreamFinished: 4,\n NoStreamHandler: 5,\n InvalidHeader: 6,\n NoCallback: 7,\n InvalidUTF8: 8,\n ExtraFieldTooLong: 9,\n InvalidDate: 10,\n FilenameTooLong: 11,\n StreamFinishing: 12,\n InvalidZipData: 13,\n UnknownCompressionMethod: 14\n};\n// error codes\nvar ec = [\n 'unexpected EOF',\n 'invalid block type',\n 'invalid length/literal',\n 'invalid distance',\n 'stream finished',\n 'no stream handler',\n ,\n 'no callback',\n 'invalid UTF-8 data',\n 'extra field too long',\n 'date not in range 1980-2099',\n 'filename too long',\n 'stream finishing',\n 'invalid zip data'\n // determined by unknown compression method\n];\n;\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\n// expands raw DEFLATE data\nvar inflt = function (dat, buf, st) {\n // source length\n var sl = dat.length;\n if (!sl || (st && st.f && !st.l))\n return buf || new u8(0);\n // have to estimate size\n var noBuf = !buf || st;\n // no state\n var noSt = !st || st.i;\n if (!st)\n st = {};\n // Assumes roughly 33% compression ratio average\n if (!buf)\n buf = new u8(sl * 3);\n // ensure buffer can fit at least l elements\n var cbuf = function (l) {\n var bl = buf.length;\n // need to increase size to fit\n if (l > bl) {\n // Double or set to necessary, whichever is greater\n var nbuf = new u8(Math.max(bl * 2, l));\n nbuf.set(buf);\n buf = nbuf;\n }\n };\n // last chunk bitpos bytes\n var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;\n // total bits\n var tbts = sl * 8;\n do {\n if (!lm) {\n // BFINAL - this is only 1 when last chunk is next\n final = bits(dat, pos, 1);\n // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman\n var type = bits(dat, pos + 1, 3);\n pos += 3;\n if (!type) {\n // go to end of byte boundary\n var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l;\n if (t > sl) {\n if (noSt)\n err(0);\n break;\n }\n // ensure size\n if (noBuf)\n cbuf(bt + l);\n // Copy over uncompressed data\n buf.set(dat.subarray(s, t), bt);\n // Get new bitpos, update byte count\n st.b = bt += l, st.p = pos = t * 8, st.f = final;\n continue;\n }\n else if (type == 1)\n lm = flrm, dm = fdrm, lbt = 9, dbt = 5;\n else if (type == 2) {\n // literal lengths\n var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;\n var tl = hLit + bits(dat, pos + 5, 31) + 1;\n pos += 14;\n // length+distance tree\n var ldt = new u8(tl);\n // code length tree\n var clt = new u8(19);\n for (var i = 0; i < hcLen; ++i) {\n // use index map to get real code\n clt[clim[i]] = bits(dat, pos + i * 3, 7);\n }\n pos += hcLen * 3;\n // code lengths bits\n var clb = max(clt), clbmsk = (1 << clb) - 1;\n // code lengths map\n var clm = hMap(clt, clb, 1);\n for (var i = 0; i < tl;) {\n var r = clm[bits(dat, pos, clbmsk)];\n // bits read\n pos += r & 15;\n // symbol\n var s = r >>> 4;\n // code length to copy\n if (s < 16) {\n ldt[i++] = s;\n }\n else {\n // copy count\n var c = 0, n = 0;\n if (s == 16)\n n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1];\n else if (s == 17)\n n = 3 + bits(dat, pos, 7), pos += 3;\n else if (s == 18)\n n = 11 + bits(dat, pos, 127), pos += 7;\n while (n--)\n ldt[i++] = c;\n }\n }\n // length tree distance tree\n var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);\n // max length bits\n lbt = max(lt);\n // max dist bits\n dbt = max(dt);\n lm = hMap(lt, lbt, 1);\n dm = hMap(dt, dbt, 1);\n }\n else\n err(1);\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n }\n // Make sure the buffer can hold this + the largest possible addition\n // Maximum chunk size (practically, theoretically infinite) is 2^17;\n if (noBuf)\n cbuf(bt + 131072);\n var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;\n var lpos = pos;\n for (;; lpos = pos) {\n // bits read, code\n var c = lm[bits16(dat, pos) & lms], sym = c >>> 4;\n pos += c & 15;\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (!c)\n err(2);\n if (sym < 256)\n buf[bt++] = sym;\n else if (sym == 256) {\n lpos = pos, lm = null;\n break;\n }\n else {\n var add = sym - 254;\n // no extra bits needed if less\n if (sym > 264) {\n // index\n var i = sym - 257, b = fleb[i];\n add = bits(dat, pos, (1 << b) - 1) + fl[i];\n pos += b;\n }\n // dist\n var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4;\n if (!d)\n err(3);\n pos += d & 15;\n var dt = fd[dsym];\n if (dsym > 3) {\n var b = fdeb[dsym];\n dt += bits16(dat, pos) & ((1 << b) - 1), pos += b;\n }\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (noBuf)\n cbuf(bt + 131072);\n var end = bt + add;\n for (; bt < end; bt += 4) {\n buf[bt] = buf[bt - dt];\n buf[bt + 1] = buf[bt + 1 - dt];\n buf[bt + 2] = buf[bt + 2 - dt];\n buf[bt + 3] = buf[bt + 3 - dt];\n }\n bt = end;\n }\n }\n st.l = lm, st.p = lpos, st.b = bt, st.f = final;\n if (lm)\n final = 1, st.m = lbt, st.d = dm, st.n = dbt;\n } while (!final);\n return bt == buf.length ? buf : slc(buf, 0, bt);\n};\n// starting at p, write the minimum number of bits that can hold v to d\nvar wbits = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n};\n// starting at p, write the minimum number of bits (>8) that can hold v to d\nvar wbits16 = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n d[o + 2] |= v >>> 16;\n};\n// creates code lengths from a frequency table\nvar hTree = function (d, mb) {\n // Need extra info to make a tree\n var t = [];\n for (var i = 0; i < d.length; ++i) {\n if (d[i])\n t.push({ s: i, f: d[i] });\n }\n var s = t.length;\n var t2 = t.slice();\n if (!s)\n return [et, 0];\n if (s == 1) {\n var v = new u8(t[0].s + 1);\n v[t[0].s] = 1;\n return [v, 1];\n }\n t.sort(function (a, b) { return a.f - b.f; });\n // after i2 reaches last ind, will be stopped\n // freq must be greater than largest possible number of symbols\n t.push({ s: -1, f: 25001 });\n var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2;\n t[0] = { s: -1, f: l.f + r.f, l: l, r: r };\n // efficient algorithm from UZIP.js\n // i0 is lookbehind, i2 is lookahead - after processing two low-freq\n // symbols that combined have high freq, will start processing i2 (high-freq,\n // non-composite) symbols instead\n // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/\n while (i1 != s - 1) {\n l = t[t[i0].f < t[i2].f ? i0++ : i2++];\n r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++];\n t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r };\n }\n var maxSym = t2[0].s;\n for (var i = 1; i < s; ++i) {\n if (t2[i].s > maxSym)\n maxSym = t2[i].s;\n }\n // code lengths\n var tr = new u16(maxSym + 1);\n // max bits in tree\n var mbt = ln(t[i1 - 1], tr, 0);\n if (mbt > mb) {\n // more algorithms from UZIP.js\n // TODO: find out how this code works (debt)\n // ind debt\n var i = 0, dt = 0;\n // left cost\n var lft = mbt - mb, cst = 1 << lft;\n t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; });\n for (; i < s; ++i) {\n var i2_1 = t2[i].s;\n if (tr[i2_1] > mb) {\n dt += cst - (1 << (mbt - tr[i2_1]));\n tr[i2_1] = mb;\n }\n else\n break;\n }\n dt >>>= lft;\n while (dt > 0) {\n var i2_2 = t2[i].s;\n if (tr[i2_2] < mb)\n dt -= 1 << (mb - tr[i2_2]++ - 1);\n else\n ++i;\n }\n for (; i >= 0 && dt; --i) {\n var i2_3 = t2[i].s;\n if (tr[i2_3] == mb) {\n --tr[i2_3];\n ++dt;\n }\n }\n mbt = mb;\n }\n return [new u8(tr), mbt];\n};\n// get the max length and assign length codes\nvar ln = function (n, l, d) {\n return n.s == -1\n ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1))\n : (l[n.s] = d);\n};\n// length codes generation\nvar lc = function (c) {\n var s = c.length;\n // Note that the semicolon was intentional\n while (s && !c[--s])\n ;\n var cl = new u16(++s);\n // ind num streak\n var cli = 0, cln = c[0], cls = 1;\n var w = function (v) { cl[cli++] = v; };\n for (var i = 1; i <= s; ++i) {\n if (c[i] == cln && i != s)\n ++cls;\n else {\n if (!cln && cls > 2) {\n for (; cls > 138; cls -= 138)\n w(32754);\n if (cls > 2) {\n w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305);\n cls = 0;\n }\n }\n else if (cls > 3) {\n w(cln), --cls;\n for (; cls > 6; cls -= 6)\n w(8304);\n if (cls > 2)\n w(((cls - 3) << 5) | 8208), cls = 0;\n }\n while (cls--)\n w(cln);\n cls = 1;\n cln = c[i];\n }\n }\n return [cl.subarray(0, cli), s];\n};\n// calculate the length of output from tree, code lengths\nvar clen = function (cf, cl) {\n var l = 0;\n for (var i = 0; i < cl.length; ++i)\n l += cf[i] * cl[i];\n return l;\n};\n// writes a fixed block\n// returns the new bit pos\nvar wfblk = function (out, pos, dat) {\n // no need to write 00 as type: TypedArray defaults to 0\n var s = dat.length;\n var o = shft(pos + 2);\n out[o] = s & 255;\n out[o + 1] = s >>> 8;\n out[o + 2] = out[o] ^ 255;\n out[o + 3] = out[o + 1] ^ 255;\n for (var i = 0; i < s; ++i)\n out[o + i + 4] = dat[i];\n return (o + 4 + s) * 8;\n};\n// writes a block\nvar wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) {\n wbits(out, p++, final);\n ++lf[256];\n var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1];\n var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1];\n var _c = lc(dlt), lclt = _c[0], nlc = _c[1];\n var _d = lc(ddt), lcdt = _d[0], ndc = _d[1];\n var lcfreq = new u16(19);\n for (var i = 0; i < lclt.length; ++i)\n lcfreq[lclt[i] & 31]++;\n for (var i = 0; i < lcdt.length; ++i)\n lcfreq[lcdt[i] & 31]++;\n var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1];\n var nlcc = 19;\n for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc)\n ;\n var flen = (bl + 5) << 3;\n var ftlen = clen(lf, flt) + clen(df, fdt) + eb;\n var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]);\n if (flen <= ftlen && flen <= dtlen)\n return wfblk(out, p, dat.subarray(bs, bs + bl));\n var lm, ll, dm, dl;\n wbits(out, p, 1 + (dtlen < ftlen)), p += 2;\n if (dtlen < ftlen) {\n lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt;\n var llm = hMap(lct, mlcb, 0);\n wbits(out, p, nlc - 257);\n wbits(out, p + 5, ndc - 1);\n wbits(out, p + 10, nlcc - 4);\n p += 14;\n for (var i = 0; i < nlcc; ++i)\n wbits(out, p + 3 * i, lct[clim[i]]);\n p += 3 * nlcc;\n var lcts = [lclt, lcdt];\n for (var it = 0; it < 2; ++it) {\n var clct = lcts[it];\n for (var i = 0; i < clct.length; ++i) {\n var len = clct[i] & 31;\n wbits(out, p, llm[len]), p += lct[len];\n if (len > 15)\n wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12;\n }\n }\n }\n else {\n lm = flm, ll = flt, dm = fdm, dl = fdt;\n }\n for (var i = 0; i < li; ++i) {\n if (syms[i] > 255) {\n var len = (syms[i] >>> 18) & 31;\n wbits16(out, p, lm[len + 257]), p += ll[len + 257];\n if (len > 7)\n wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len];\n var dst = syms[i] & 31;\n wbits16(out, p, dm[dst]), p += dl[dst];\n if (dst > 3)\n wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst];\n }\n else {\n wbits16(out, p, lm[syms[i]]), p += ll[syms[i]];\n }\n }\n wbits16(out, p, lm[256]);\n return p + ll[256];\n};\n// deflate options (nice << 13) | chain\nvar deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]);\n// empty\nvar et = /*#__PURE__*/ new u8(0);\n// compresses data into a raw DEFLATE buffer\nvar dflt = function (dat, lvl, plvl, pre, post, lst) {\n var s = dat.length;\n var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post);\n // writing to this writes to the output buffer\n var w = o.subarray(pre, o.length - post);\n var pos = 0;\n if (!lvl || s < 8) {\n for (var i = 0; i <= s; i += 65535) {\n // end\n var e = i + 65535;\n if (e >= s) {\n // write final block\n w[pos >> 3] = lst;\n }\n pos = wfblk(w, pos + 1, dat.subarray(i, e));\n }\n }\n else {\n var opt = deo[lvl - 1];\n var n = opt >>> 13, c = opt & 8191;\n var msk_1 = (1 << plvl) - 1;\n // prev 2-byte val map curr 2-byte val map\n var prev = new u16(32768), head = new u16(msk_1 + 1);\n var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1;\n var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; };\n // 24576 is an arbitrary number of maximum symbols per block\n // 424 buffer for last block\n var syms = new u32(25000);\n // length/literal freq distance freq\n var lf = new u16(288), df = new u16(32);\n // l/lcnt exbits index l/lind waitdx bitpos\n var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0;\n for (; i < s; ++i) {\n // hash value\n // deopt when i > s - 3 - at end, deopt acceptable\n var hv = hsh(i);\n // index mod 32768 previous index mod\n var imod = i & 32767, pimod = head[hv];\n prev[imod] = pimod;\n head[hv] = imod;\n // We always should modify head and prev, but only add symbols if\n // this data is not yet processed (\"wait\" for wait index)\n if (wi <= i) {\n // bytes remaining\n var rem = s - i;\n if ((lc_1 > 7000 || li > 24576) && rem > 423) {\n pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos);\n li = lc_1 = eb = 0, bs = i;\n for (var j = 0; j < 286; ++j)\n lf[j] = 0;\n for (var j = 0; j < 30; ++j)\n df[j] = 0;\n }\n // len dist chain\n var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767;\n if (rem > 2 && hv == hsh(i - dif)) {\n var maxn = Math.min(n, rem) - 1;\n var maxd = Math.min(32767, i);\n // max possible length\n // not capped at dif because decompressors implement \"rolling\" index population\n var ml = Math.min(258, rem);\n while (dif <= maxd && --ch_1 && imod != pimod) {\n if (dat[i + l] == dat[i + l - dif]) {\n var nl = 0;\n for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl)\n ;\n if (nl > l) {\n l = nl, d = dif;\n // break out early when we reach \"nice\" (we are satisfied enough)\n if (nl > maxn)\n break;\n // now, find the rarest 2-byte sequence within this\n // length of literals and search for that instead.\n // Much faster than just using the start\n var mmd = Math.min(dif, nl - 2);\n var md = 0;\n for (var j = 0; j < mmd; ++j) {\n var ti = (i - dif + j + 32768) & 32767;\n var pti = prev[ti];\n var cd = (ti - pti + 32768) & 32767;\n if (cd > md)\n md = cd, pimod = ti;\n }\n }\n }\n // check the previous match\n imod = pimod, pimod = prev[imod];\n dif += (imod - pimod + 32768) & 32767;\n }\n }\n // d will be nonzero only when a match was found\n if (d) {\n // store both dist and len data in one Uint32\n // Make sure this is recognized as a len/dist with 28th bit (2^28)\n syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d];\n var lin = revfl[l] & 31, din = revfd[d] & 31;\n eb += fleb[lin] + fdeb[din];\n ++lf[257 + lin];\n ++df[din];\n wi = i + l;\n ++lc_1;\n }\n else {\n syms[li++] = dat[i];\n ++lf[dat[i]];\n }\n }\n }\n pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos);\n // this is the easiest way to avoid needing to maintain state\n if (!lst && pos & 7)\n pos = wfblk(w, pos + 1, et);\n }\n return slc(o, 0, pre + shft(pos) + post);\n};\n// CRC32 table\nvar crct = /*#__PURE__*/ (function () {\n var t = new Int32Array(256);\n for (var i = 0; i < 256; ++i) {\n var c = i, k = 9;\n while (--k)\n c = ((c & 1) && -306674912) ^ (c >>> 1);\n t[i] = c;\n }\n return t;\n})();\n// CRC32\nvar crc = function () {\n var c = -1;\n return {\n p: function (d) {\n // closures have awful performance\n var cr = c;\n for (var i = 0; i < d.length; ++i)\n cr = crct[(cr & 255) ^ d[i]] ^ (cr >>> 8);\n c = cr;\n },\n d: function () { return ~c; }\n };\n};\n// Alder32\nvar adler = function () {\n var a = 1, b = 0;\n return {\n p: function (d) {\n // closures have awful performance\n var n = a, m = b;\n var l = d.length | 0;\n for (var i = 0; i != l;) {\n var e = Math.min(i + 2655, l);\n for (; i < e; ++i)\n m += n += d[i];\n n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16);\n }\n a = n, b = m;\n },\n d: function () {\n a %= 65521, b %= 65521;\n return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8);\n }\n };\n};\n;\n// deflate with opts\nvar dopt = function (dat, opt, pre, post, st) {\n return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st);\n};\n// Walmart object spread\nvar mrg = function (a, b) {\n var o = {};\n for (var k in a)\n o[k] = a[k];\n for (var k in b)\n o[k] = b[k];\n return o;\n};\n// worker clone\n// This is possibly the craziest part of the entire codebase, despite how simple it may seem.\n// The only parameter to this function is a closure that returns an array of variables outside of the function scope.\n// We're going to try to figure out the variable names used in the closure as strings because that is crucial for workerization.\n// We will return an object mapping of true variable name to value (basically, the current scope as a JS object).\n// The reason we can't just use the original variable names is minifiers mangling the toplevel scope.\n// This took me three weeks to figure out how to do.\nvar wcln = function (fn, fnStr, td) {\n var dt = fn();\n var st = fn.toString();\n var ks = st.slice(st.indexOf('[') + 1, st.lastIndexOf(']')).replace(/\\s+/g, '').split(',');\n for (var i = 0; i < dt.length; ++i) {\n var v = dt[i], k = ks[i];\n if (typeof v == 'function') {\n fnStr += ';' + k + '=';\n var st_1 = v.toString();\n if (v.prototype) {\n // for global objects\n if (st_1.indexOf('[native code]') != -1) {\n var spInd = st_1.indexOf(' ', 8) + 1;\n fnStr += st_1.slice(spInd, st_1.indexOf('(', spInd));\n }\n else {\n fnStr += st_1;\n for (var t in v.prototype)\n fnStr += ';' + k + '.prototype.' + t + '=' + v.prototype[t].toString();\n }\n }\n else\n fnStr += st_1;\n }\n else\n td[k] = v;\n }\n return [fnStr, td];\n};\nvar ch = [];\n// clone bufs\nvar cbfs = function (v) {\n var tl = [];\n for (var k in v) {\n if (v[k].buffer) {\n tl.push((v[k] = new v[k].constructor(v[k])).buffer);\n }\n }\n return tl;\n};\n// use a worker to execute code\nvar wrkr = function (fns, init, id, cb) {\n var _a;\n if (!ch[id]) {\n var fnStr = '', td_1 = {}, m = fns.length - 1;\n for (var i = 0; i < m; ++i)\n _a = wcln(fns[i], fnStr, td_1), fnStr = _a[0], td_1 = _a[1];\n ch[id] = wcln(fns[m], fnStr, td_1);\n }\n var td = mrg({}, ch[id][1]);\n return wk(ch[id][0] + ';onmessage=function(e){for(var k in e.data)self[k]=e.data[k];onmessage=' + init.toString() + '}', id, td, cbfs(td), cb);\n};\n// base async inflate fn\nvar bInflt = function () { return [u8, u16, u32, fleb, fdeb, clim, fl, fd, flrm, fdrm, rev, ec, hMap, max, bits, bits16, shft, slc, err, inflt, inflateSync, pbf, gu8]; };\nvar bDflt = function () { return [u8, u16, u32, fleb, fdeb, clim, revfl, revfd, flm, flt, fdm, fdt, rev, deo, et, hMap, wbits, wbits16, hTree, ln, lc, clen, wfblk, wblk, shft, slc, dflt, dopt, deflateSync, pbf]; };\n// gzip extra\nvar gze = function () { return [gzh, gzhl, wbytes, crc, crct]; };\n// gunzip extra\nvar guze = function () { return [gzs, gzl]; };\n// zlib extra\nvar zle = function () { return [zlh, wbytes, adler]; };\n// unzlib extra\nvar zule = function () { return [zlv]; };\n// post buf\nvar pbf = function (msg) { return postMessage(msg, [msg.buffer]); };\n// get u8\nvar gu8 = function (o) { return o && o.size && new u8(o.size); };\n// async helper\nvar cbify = function (dat, opts, fns, init, id, cb) {\n var w = wrkr(fns, init, id, function (err, dat) {\n w.terminate();\n cb(err, dat);\n });\n w.postMessage([dat, opts], opts.consume ? [dat.buffer] : []);\n return function () { w.terminate(); };\n};\n// auto stream\nvar astrm = function (strm) {\n strm.ondata = function (dat, final) { return postMessage([dat, final], [dat.buffer]); };\n return function (ev) { return strm.push(ev.data[0], ev.data[1]); };\n};\n// async stream attach\nvar astrmify = function (fns, strm, opts, init, id) {\n var t;\n var w = wrkr(fns, init, id, function (err, dat) {\n if (err)\n w.terminate(), strm.ondata.call(strm, err);\n else {\n if (dat[1])\n w.terminate();\n strm.ondata.call(strm, err, dat[0], dat[1]);\n }\n });\n w.postMessage(opts);\n strm.push = function (d, f) {\n if (!strm.ondata)\n err(5);\n if (t)\n strm.ondata(err(4, 0, 1), null, !!f);\n w.postMessage([d, t = f], [d.buffer]);\n };\n strm.terminate = function () { w.terminate(); };\n};\n// read 2 bytes\nvar b2 = function (d, b) { return d[b] | (d[b + 1] << 8); };\n// read 4 bytes\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\nvar b8 = function (d, b) { return b4(d, b) + (b4(d, b + 4) * 4294967296); };\n// write bytes\nvar wbytes = function (d, b, v) {\n for (; v; ++b)\n d[b] = v, v >>>= 8;\n};\n// gzip header\nvar gzh = function (c, o) {\n var fn = o.filename;\n c[0] = 31, c[1] = 139, c[2] = 8, c[8] = o.level < 2 ? 4 : o.level == 9 ? 2 : 0, c[9] = 3; // assume Unix\n if (o.mtime != 0)\n wbytes(c, 4, Math.floor(new Date(o.mtime || Date.now()) / 1000));\n if (fn) {\n c[3] = 8;\n for (var i = 0; i <= fn.length; ++i)\n c[i + 10] = fn.charCodeAt(i);\n }\n};\n// gzip footer: -8 to -4 = CRC, -4 to -0 is length\n// gzip start\nvar gzs = function (d) {\n if (d[0] != 31 || d[1] != 139 || d[2] != 8)\n err(6, 'invalid gzip data');\n var flg = d[3];\n var st = 10;\n if (flg & 4)\n st += d[10] | (d[11] << 8) + 2;\n for (var zs = (flg >> 3 & 1) + (flg >> 4 & 1); zs > 0; zs -= !d[st++])\n ;\n return st + (flg & 2);\n};\n// gzip length\nvar gzl = function (d) {\n var l = d.length;\n return ((d[l - 4] | d[l - 3] << 8 | d[l - 2] << 16) | (d[l - 1] << 24)) >>> 0;\n};\n// gzip header length\nvar gzhl = function (o) { return 10 + ((o.filename && (o.filename.length + 1)) || 0); };\n// zlib header\nvar zlh = function (c, o) {\n var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2;\n c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1);\n};\n// zlib valid\nvar zlv = function (d) {\n if ((d[0] & 15) != 8 || (d[0] >>> 4) > 7 || ((d[0] << 8 | d[1]) % 31))\n err(6, 'invalid zlib data');\n if (d[1] & 32)\n err(6, 'invalid zlib data: preset dictionaries not supported');\n};\nfunction AsyncCmpStrm(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n return opts;\n}\n// zlib footer: -4 to -0 is Adler32\n/**\n * Streaming DEFLATE compression\n */\nvar Deflate = /*#__PURE__*/ (function () {\n function Deflate(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n this.o = opts || {};\n }\n Deflate.prototype.p = function (c, f) {\n this.ondata(dopt(c, this.o, 0, 0, !f), f);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Deflate.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.d = final;\n this.p(chunk, final || false);\n };\n return Deflate;\n}());\nexport { Deflate };\n/**\n * Asynchronous streaming DEFLATE compression\n */\nvar AsyncDeflate = /*#__PURE__*/ (function () {\n function AsyncDeflate(opts, cb) {\n astrmify([\n bDflt,\n function () { return [astrm, Deflate]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Deflate(ev.data);\n onmessage = astrm(strm);\n }, 6);\n }\n return AsyncDeflate;\n}());\nexport { AsyncDeflate };\nexport function deflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n ], function (ev) { return pbf(deflateSync(ev.data[0], ev.data[1])); }, 0, cb);\n}\n/**\n * Compresses data with DEFLATE without any wrapper\n * @param data The data to compress\n * @param opts The compression options\n * @returns The deflated version of the data\n */\nexport function deflateSync(data, opts) {\n return dopt(data, opts || {}, 0, 0);\n}\n/**\n * Streaming DEFLATE decompression\n */\nvar Inflate = /*#__PURE__*/ (function () {\n /**\n * Creates an inflation stream\n * @param cb The callback to call whenever data is inflated\n */\n function Inflate(cb) {\n this.s = {};\n this.p = new u8(0);\n this.ondata = cb;\n }\n Inflate.prototype.e = function (c) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n var l = this.p.length;\n var n = new u8(l + c.length);\n n.set(this.p), n.set(c, l), this.p = n;\n };\n Inflate.prototype.c = function (final) {\n this.d = this.s.i = final || false;\n var bts = this.s.b;\n var dt = inflt(this.p, this.o, this.s);\n this.ondata(slc(dt, bts, this.s.b), this.d);\n this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length;\n this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7;\n };\n /**\n * Pushes a chunk to be inflated\n * @param chunk The chunk to push\n * @param final Whether this is the final chunk\n */\n Inflate.prototype.push = function (chunk, final) {\n this.e(chunk), this.c(final);\n };\n return Inflate;\n}());\nexport { Inflate };\n/**\n * Asynchronous streaming DEFLATE decompression\n */\nvar AsyncInflate = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous inflation stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncInflate(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n function () { return [astrm, Inflate]; }\n ], this, 0, function () {\n var strm = new Inflate();\n onmessage = astrm(strm);\n }, 7);\n }\n return AsyncInflate;\n}());\nexport { AsyncInflate };\nexport function inflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt\n ], function (ev) { return pbf(inflateSync(ev.data[0], gu8(ev.data[1]))); }, 1, cb);\n}\n/**\n * Expands DEFLATE data with no wrapper\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function inflateSync(data, out) {\n return inflt(data, out);\n}\n// before you yell at me for not just using extends, my reason is that TS inheritance is hard to workerize.\n/**\n * Streaming GZIP compression\n */\nvar Gzip = /*#__PURE__*/ (function () {\n function Gzip(opts, cb) {\n this.c = crc();\n this.l = 0;\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be GZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gzip.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Gzip.prototype.p = function (c, f) {\n this.c.p(c);\n this.l += c.length;\n var raw = dopt(c, this.o, this.v && gzhl(this.o), f && 8, !f);\n if (this.v)\n gzh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 8, this.c.d()), wbytes(raw, raw.length - 4, this.l);\n this.ondata(raw, f);\n };\n return Gzip;\n}());\nexport { Gzip };\n/**\n * Asynchronous streaming GZIP compression\n */\nvar AsyncGzip = /*#__PURE__*/ (function () {\n function AsyncGzip(opts, cb) {\n astrmify([\n bDflt,\n gze,\n function () { return [astrm, Deflate, Gzip]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Gzip(ev.data);\n onmessage = astrm(strm);\n }, 8);\n }\n return AsyncGzip;\n}());\nexport { AsyncGzip };\nexport function gzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n gze,\n function () { return [gzipSync]; }\n ], function (ev) { return pbf(gzipSync(ev.data[0], ev.data[1])); }, 2, cb);\n}\n/**\n * Compresses data with GZIP\n * @param data The data to compress\n * @param opts The compression options\n * @returns The gzipped version of the data\n */\nexport function gzipSync(data, opts) {\n if (!opts)\n opts = {};\n var c = crc(), l = data.length;\n c.p(data);\n var d = dopt(data, opts, gzhl(opts), 8), s = d.length;\n return gzh(d, opts), wbytes(d, s - 8, c.d()), wbytes(d, s - 4, l), d;\n}\n/**\n * Streaming GZIP decompression\n */\nvar Gunzip = /*#__PURE__*/ (function () {\n /**\n * Creates a GUNZIP stream\n * @param cb The callback to call whenever data is inflated\n */\n function Gunzip(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be GUNZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gunzip.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n var s = this.p.length > 3 ? gzs(this.p) : 4;\n if (s >= this.p.length && !final)\n return;\n this.p = this.p.subarray(s), this.v = 0;\n }\n if (final) {\n if (this.p.length < 8)\n err(6, 'invalid gzip data');\n this.p = this.p.subarray(0, -8);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Gunzip;\n}());\nexport { Gunzip };\n/**\n * Asynchronous streaming GZIP decompression\n */\nvar AsyncGunzip = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous GUNZIP stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncGunzip(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n guze,\n function () { return [astrm, Inflate, Gunzip]; }\n ], this, 0, function () {\n var strm = new Gunzip();\n onmessage = astrm(strm);\n }, 9);\n }\n return AsyncGunzip;\n}());\nexport { AsyncGunzip };\nexport function gunzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n guze,\n function () { return [gunzipSync]; }\n ], function (ev) { return pbf(gunzipSync(ev.data[0])); }, 3, cb);\n}\n/**\n * Expands GZIP data\n * @param data The data to decompress\n * @param out Where to write the data. GZIP already encodes the output size, so providing this doesn't save memory.\n * @returns The decompressed version of the data\n */\nexport function gunzipSync(data, out) {\n return inflt(data.subarray(gzs(data), -8), out || new u8(gzl(data)));\n}\n/**\n * Streaming Zlib compression\n */\nvar Zlib = /*#__PURE__*/ (function () {\n function Zlib(opts, cb) {\n this.c = adler();\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be zlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Zlib.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Zlib.prototype.p = function (c, f) {\n this.c.p(c);\n var raw = dopt(c, this.o, this.v && 2, f && 4, !f);\n if (this.v)\n zlh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 4, this.c.d());\n this.ondata(raw, f);\n };\n return Zlib;\n}());\nexport { Zlib };\n/**\n * Asynchronous streaming Zlib compression\n */\nvar AsyncZlib = /*#__PURE__*/ (function () {\n function AsyncZlib(opts, cb) {\n astrmify([\n bDflt,\n zle,\n function () { return [astrm, Deflate, Zlib]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Zlib(ev.data);\n onmessage = astrm(strm);\n }, 10);\n }\n return AsyncZlib;\n}());\nexport { AsyncZlib };\nexport function zlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n zle,\n function () { return [zlibSync]; }\n ], function (ev) { return pbf(zlibSync(ev.data[0], ev.data[1])); }, 4, cb);\n}\n/**\n * Compress data with Zlib\n * @param data The data to compress\n * @param opts The compression options\n * @returns The zlib-compressed version of the data\n */\nexport function zlibSync(data, opts) {\n if (!opts)\n opts = {};\n var a = adler();\n a.p(data);\n var d = dopt(data, opts, 2, 4);\n return zlh(d, opts), wbytes(d, d.length - 4, a.d()), d;\n}\n/**\n * Streaming Zlib decompression\n */\nvar Unzlib = /*#__PURE__*/ (function () {\n /**\n * Creates a Zlib decompression stream\n * @param cb The callback to call whenever data is inflated\n */\n function Unzlib(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be unzlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzlib.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n if (this.p.length < 2 && !final)\n return;\n this.p = this.p.subarray(2), this.v = 0;\n }\n if (final) {\n if (this.p.length < 4)\n err(6, 'invalid zlib data');\n this.p = this.p.subarray(0, -4);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Unzlib;\n}());\nexport { Unzlib };\n/**\n * Asynchronous streaming Zlib decompression\n */\nvar AsyncUnzlib = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous Zlib decompression stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncUnzlib(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n zule,\n function () { return [astrm, Inflate, Unzlib]; }\n ], this, 0, function () {\n var strm = new Unzlib();\n onmessage = astrm(strm);\n }, 11);\n }\n return AsyncUnzlib;\n}());\nexport { AsyncUnzlib };\nexport function unzlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n zule,\n function () { return [unzlibSync]; }\n ], function (ev) { return pbf(unzlibSync(ev.data[0], gu8(ev.data[1]))); }, 5, cb);\n}\n/**\n * Expands Zlib data\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function unzlibSync(data, out) {\n return inflt((zlv(data), data.subarray(2, -4)), out);\n}\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzip as compress, AsyncGzip as AsyncCompress };\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzipSync as compressSync, Gzip as Compress };\n/**\n * Streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function Decompress(cb) {\n this.G = Gunzip;\n this.I = Inflate;\n this.Z = Unzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Decompress.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (!this.s) {\n if (this.p && this.p.length) {\n var n = new u8(this.p.length + chunk.length);\n n.set(this.p), n.set(chunk, this.p.length);\n }\n else\n this.p = chunk;\n if (this.p.length > 2) {\n var _this_1 = this;\n var cb = function () { _this_1.ondata.apply(_this_1, arguments); };\n this.s = (this.p[0] == 31 && this.p[1] == 139 && this.p[2] == 8)\n ? new this.G(cb)\n : ((this.p[0] & 15) != 8 || (this.p[0] >> 4) > 7 || ((this.p[0] << 8 | this.p[1]) % 31))\n ? new this.I(cb)\n : new this.Z(cb);\n this.s.push(this.p, final);\n this.p = null;\n }\n }\n else\n this.s.push(chunk, final);\n };\n return Decompress;\n}());\nexport { Decompress };\n/**\n * Asynchronous streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar AsyncDecompress = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function AsyncDecompress(cb) {\n this.G = AsyncGunzip;\n this.I = AsyncInflate;\n this.Z = AsyncUnzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncDecompress.prototype.push = function (chunk, final) {\n Decompress.prototype.push.call(this, chunk, final);\n };\n return AsyncDecompress;\n}());\nexport { AsyncDecompress };\nexport function decompress(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzip(data, opts, cb)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflate(data, opts, cb)\n : unzlib(data, opts, cb);\n}\n/**\n * Expands compressed GZIP, Zlib, or raw DEFLATE data, automatically detecting the format\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function decompressSync(data, out) {\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzipSync(data, out)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflateSync(data, out)\n : unzlibSync(data, out);\n}\n// flatten a directory structure\nvar fltn = function (d, p, t, o) {\n for (var k in d) {\n var val = d[k], n = p + k, op = o;\n if (Array.isArray(val))\n op = mrg(o, val[1]), val = val[0];\n if (val instanceof u8)\n t[n] = [val, op];\n else {\n t[n += '/'] = [new u8(0), op];\n fltn(val, n, t, o);\n }\n }\n};\n// text encoder\nvar te = typeof TextEncoder != 'undefined' && /*#__PURE__*/ new TextEncoder();\n// text decoder\nvar td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder();\n// text decoder stream\nvar tds = 0;\ntry {\n td.decode(et, { stream: true });\n tds = 1;\n}\ncatch (e) { }\n// decode UTF8\nvar dutf8 = function (d) {\n for (var r = '', i = 0;;) {\n var c = d[i++];\n var eb = (c > 127) + (c > 223) + (c > 239);\n if (i + eb > d.length)\n return [r, slc(d, i - 1)];\n if (!eb)\n r += String.fromCharCode(c);\n else if (eb == 3) {\n c = ((c & 15) << 18 | (d[i++] & 63) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63)) - 65536,\n r += String.fromCharCode(55296 | (c >> 10), 56320 | (c & 1023));\n }\n else if (eb & 1)\n r += String.fromCharCode((c & 31) << 6 | (d[i++] & 63));\n else\n r += String.fromCharCode((c & 15) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63));\n }\n};\n/**\n * Streaming UTF-8 decoding\n */\nvar DecodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is decoded\n */\n function DecodeUTF8(cb) {\n this.ondata = cb;\n if (tds)\n this.t = new TextDecoder();\n else\n this.p = et;\n }\n /**\n * Pushes a chunk to be decoded from UTF-8 binary\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n DecodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n final = !!final;\n if (this.t) {\n this.ondata(this.t.decode(chunk, { stream: true }), final);\n if (final) {\n if (this.t.decode().length)\n err(8);\n this.t = null;\n }\n return;\n }\n if (!this.p)\n err(4);\n var dat = new u8(this.p.length + chunk.length);\n dat.set(this.p);\n dat.set(chunk, this.p.length);\n var _a = dutf8(dat), ch = _a[0], np = _a[1];\n if (final) {\n if (np.length)\n err(8);\n this.p = null;\n }\n else\n this.p = np;\n this.ondata(ch, final);\n };\n return DecodeUTF8;\n}());\nexport { DecodeUTF8 };\n/**\n * Streaming UTF-8 encoding\n */\nvar EncodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is encoded\n */\n function EncodeUTF8(cb) {\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be encoded to UTF-8\n * @param chunk The string data to push\n * @param final Whether this is the last chunk\n */\n EncodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.ondata(strToU8(chunk), this.d = final || false);\n };\n return EncodeUTF8;\n}());\nexport { EncodeUTF8 };\n/**\n * Converts a string into a Uint8Array for use with compression/decompression methods\n * @param str The string to encode\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless decoding a binary string.\n * @returns The string encoded in UTF-8/Latin-1 binary\n */\nexport function strToU8(str, latin1) {\n if (latin1) {\n var ar_1 = new u8(str.length);\n for (var i = 0; i < str.length; ++i)\n ar_1[i] = str.charCodeAt(i);\n return ar_1;\n }\n if (te)\n return te.encode(str);\n var l = str.length;\n var ar = new u8(str.length + (str.length >> 1));\n var ai = 0;\n var w = function (v) { ar[ai++] = v; };\n for (var i = 0; i < l; ++i) {\n if (ai + 5 > ar.length) {\n var n = new u8(ai + 8 + ((l - i) << 1));\n n.set(ar);\n ar = n;\n }\n var c = str.charCodeAt(i);\n if (c < 128 || latin1)\n w(c);\n else if (c < 2048)\n w(192 | (c >> 6)), w(128 | (c & 63));\n else if (c > 55295 && c < 57344)\n c = 65536 + (c & 1023 << 10) | (str.charCodeAt(++i) & 1023),\n w(240 | (c >> 18)), w(128 | ((c >> 12) & 63)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n else\n w(224 | (c >> 12)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n }\n return slc(ar, 0, ai);\n}\n/**\n * Converts a Uint8Array to a string\n * @param dat The data to decode to string\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless encoding to binary string.\n * @returns The original UTF-8/Latin-1 string\n */\nexport function strFromU8(dat, latin1) {\n if (latin1) {\n var r = '';\n for (var i = 0; i < dat.length; i += 16384)\n r += String.fromCharCode.apply(null, dat.subarray(i, i + 16384));\n return r;\n }\n else if (td)\n return td.decode(dat);\n else {\n var _a = dutf8(dat), out = _a[0], ext = _a[1];\n if (ext.length)\n err(8);\n return out;\n }\n}\n;\n// deflate bit flag\nvar dbf = function (l) { return l == 1 ? 3 : l < 6 ? 2 : l == 9 ? 1 : 0; };\n// skip local zip header\nvar slzh = function (d, b) { return b + 30 + b2(d, b + 26) + b2(d, b + 28); };\n// read zip header\nvar zh = function (d, b, z) {\n var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);\n var _a = z && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a[0], su = _a[1], off = _a[2];\n return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];\n};\n// read zip64 extra field\nvar z64e = function (d, b) {\n for (; b2(d, b) != 1; b += 4 + b2(d, b + 2))\n ;\n return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];\n};\n// extra field length\nvar exfl = function (ex) {\n var le = 0;\n if (ex) {\n for (var k in ex) {\n var l = ex[k].length;\n if (l > 65535)\n err(9);\n le += l + 4;\n }\n }\n return le;\n};\n// write zip header\nvar wzh = function (d, b, f, fn, u, c, ce, co) {\n var fl = fn.length, ex = f.extra, col = co && co.length;\n var exl = exfl(ex);\n wbytes(d, b, ce != null ? 0x2014B50 : 0x4034B50), b += 4;\n if (ce != null)\n d[b++] = 20, d[b++] = f.os;\n d[b] = 20, b += 2; // spec compliance? what's that?\n d[b++] = (f.flag << 1) | (c < 0 && 8), d[b++] = u && 8;\n d[b++] = f.compression & 255, d[b++] = f.compression >> 8;\n var dt = new Date(f.mtime == null ? Date.now() : f.mtime), y = dt.getFullYear() - 1980;\n if (y < 0 || y > 119)\n err(10);\n wbytes(d, b, (y << 25) | ((dt.getMonth() + 1) << 21) | (dt.getDate() << 16) | (dt.getHours() << 11) | (dt.getMinutes() << 5) | (dt.getSeconds() >>> 1)), b += 4;\n if (c != -1) {\n wbytes(d, b, f.crc);\n wbytes(d, b + 4, c < 0 ? -c - 2 : c);\n wbytes(d, b + 8, f.size);\n }\n wbytes(d, b + 12, fl);\n wbytes(d, b + 14, exl), b += 16;\n if (ce != null) {\n wbytes(d, b, col);\n wbytes(d, b + 6, f.attrs);\n wbytes(d, b + 10, ce), b += 14;\n }\n d.set(fn, b);\n b += fl;\n if (exl) {\n for (var k in ex) {\n var exf = ex[k], l = exf.length;\n wbytes(d, b, +k);\n wbytes(d, b + 2, l);\n d.set(exf, b + 4), b += 4 + l;\n }\n }\n if (col)\n d.set(co, b), b += col;\n return b;\n};\n// write zip footer (end of central directory)\nvar wzf = function (o, b, c, d, e) {\n wbytes(o, b, 0x6054B50); // skip disk\n wbytes(o, b + 8, c);\n wbytes(o, b + 10, c);\n wbytes(o, b + 12, d);\n wbytes(o, b + 16, e);\n};\n/**\n * A pass-through stream to keep data uncompressed in a ZIP archive.\n */\nvar ZipPassThrough = /*#__PURE__*/ (function () {\n /**\n * Creates a pass-through stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n */\n function ZipPassThrough(filename) {\n this.filename = filename;\n this.c = crc();\n this.size = 0;\n this.compression = 0;\n }\n /**\n * Processes a chunk and pushes to the output stream. You can override this\n * method in a subclass for custom behavior, but by default this passes\n * the data through. You must call this.ondata(err, chunk, final) at some\n * point in this method.\n * @param chunk The chunk to process\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.process = function (chunk, final) {\n this.ondata(null, chunk, final);\n };\n /**\n * Pushes a chunk to be added. If you are subclassing this with a custom\n * compression algorithm, note that you must push data from the source\n * file only, pre-compression.\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n this.c.p(chunk);\n this.size += chunk.length;\n if (final)\n this.crc = this.c.d();\n this.process(chunk, final || false);\n };\n return ZipPassThrough;\n}());\nexport { ZipPassThrough };\n// I don't extend because TypeScript extension adds 1kB of runtime bloat\n/**\n * Streaming DEFLATE compression for ZIP archives. Prefer using AsyncZipDeflate\n * for better performance\n */\nvar ZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function ZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new Deflate(opts, function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n }\n ZipDeflate.prototype.process = function (chunk, final) {\n try {\n this.d.push(chunk, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return ZipDeflate;\n}());\nexport { ZipDeflate };\n/**\n * Asynchronous streaming DEFLATE compression for ZIP archives\n */\nvar AsyncZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function AsyncZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new AsyncDeflate(opts, function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n this.terminate = this.d.terminate;\n }\n AsyncZipDeflate.prototype.process = function (chunk, final) {\n this.d.push(chunk, final);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return AsyncZipDeflate;\n}());\nexport { AsyncZipDeflate };\n// TODO: Better tree shaking\n/**\n * A zippable archive to which files can incrementally be added\n */\nvar Zip = /*#__PURE__*/ (function () {\n /**\n * Creates an empty ZIP archive to which files can be added\n * @param cb The callback to call whenever data for the generated ZIP archive\n * is available\n */\n function Zip(cb) {\n this.ondata = cb;\n this.u = [];\n this.d = 1;\n }\n /**\n * Adds a file to the ZIP archive\n * @param file The file stream to add\n */\n Zip.prototype.add = function (file) {\n var _this_1 = this;\n if (!this.ondata)\n err(5);\n // finishing or finished\n if (this.d & 2)\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, false);\n else {\n var f = strToU8(file.filename), fl_1 = f.length;\n var com = file.comment, o = com && strToU8(com);\n var u = fl_1 != file.filename.length || (o && (com.length != o.length));\n var hl_1 = fl_1 + exfl(file.extra) + 30;\n if (fl_1 > 65535)\n this.ondata(err(11, 0, 1), null, false);\n var header = new u8(hl_1);\n wzh(header, 0, file, f, u, -1);\n var chks_1 = [header];\n var pAll_1 = function () {\n for (var _i = 0, chks_2 = chks_1; _i < chks_2.length; _i++) {\n var chk = chks_2[_i];\n _this_1.ondata(null, chk, false);\n }\n chks_1 = [];\n };\n var tr_1 = this.d;\n this.d = 0;\n var ind_1 = this.u.length;\n var uf_1 = mrg(file, {\n f: f,\n u: u,\n o: o,\n t: function () {\n if (file.terminate)\n file.terminate();\n },\n r: function () {\n pAll_1();\n if (tr_1) {\n var nxt = _this_1.u[ind_1 + 1];\n if (nxt)\n nxt.r();\n else\n _this_1.d = 1;\n }\n tr_1 = 1;\n }\n });\n var cl_1 = 0;\n file.ondata = function (err, dat, final) {\n if (err) {\n _this_1.ondata(err, dat, final);\n _this_1.terminate();\n }\n else {\n cl_1 += dat.length;\n chks_1.push(dat);\n if (final) {\n var dd = new u8(16);\n wbytes(dd, 0, 0x8074B50);\n wbytes(dd, 4, file.crc);\n wbytes(dd, 8, cl_1);\n wbytes(dd, 12, file.size);\n chks_1.push(dd);\n uf_1.c = cl_1, uf_1.b = hl_1 + cl_1 + 16, uf_1.crc = file.crc, uf_1.size = file.size;\n if (tr_1)\n uf_1.r();\n tr_1 = 1;\n }\n else if (tr_1)\n pAll_1();\n }\n };\n this.u.push(uf_1);\n }\n };\n /**\n * Ends the process of adding files and prepares to emit the final chunks.\n * This *must* be called after adding all desired files for the resulting\n * ZIP file to work properly.\n */\n Zip.prototype.end = function () {\n var _this_1 = this;\n if (this.d & 2) {\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, true);\n return;\n }\n if (this.d)\n this.e();\n else\n this.u.push({\n r: function () {\n if (!(_this_1.d & 1))\n return;\n _this_1.u.splice(-1, 1);\n _this_1.e();\n },\n t: function () { }\n });\n this.d = 3;\n };\n Zip.prototype.e = function () {\n var bt = 0, l = 0, tl = 0;\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n tl += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0);\n }\n var out = new u8(tl + 22);\n for (var _b = 0, _c = this.u; _b < _c.length; _b++) {\n var f = _c[_b];\n wzh(out, bt, f, f.f, f.u, -f.c - 2, l, f.o);\n bt += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0), l += f.b;\n }\n wzf(out, bt, this.u.length, tl, l);\n this.ondata(null, out, true);\n this.d = 2;\n };\n /**\n * A method to terminate any internal workers used by the stream. Subsequent\n * calls to add() will fail.\n */\n Zip.prototype.terminate = function () {\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n f.t();\n }\n this.d = 2;\n };\n return Zip;\n}());\nexport { Zip };\nexport function zip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var r = {};\n fltn(data, '', r, opts);\n var k = Object.keys(r);\n var lft = k.length, o = 0, tot = 0;\n var slft = lft, files = new Array(lft);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var cbf = function () {\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n tot = 0;\n for (var i = 0; i < slft; ++i) {\n var f = files[i];\n try {\n var l = f.c.length;\n wzh(out, tot, f, f.f, f.u, l);\n var badd = 30 + f.f.length + exfl(f.extra);\n var loc = tot + badd;\n out.set(f.c, loc);\n wzh(out, o, f, f.f, f.u, l, tot, f.m), o += 16 + badd + (f.m ? f.m.length : 0), tot = loc + l;\n }\n catch (e) {\n return cbd(e, null);\n }\n }\n wzf(out, o, files.length, cdl, oe);\n cbd(null, out);\n };\n if (!lft)\n cbf();\n var _loop_1 = function (i) {\n var fn = k[i];\n var _a = r[fn], file = _a[0], p = _a[1];\n var c = crc(), size = file.length;\n c.p(file);\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n var compression = p.level == 0 ? 0 : 8;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n var l = d.length;\n files[i] = mrg(p, {\n size: size,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n compression: compression\n });\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n if (!--lft)\n cbf();\n }\n };\n if (s > 65535)\n cbl(err(11, 0, 1), null);\n if (!compression)\n cbl(null, file);\n else if (size < 160000) {\n try {\n cbl(null, deflateSync(file, p));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(deflate(file, p, cbl));\n };\n // Cannot use lft because it can decrease\n for (var i = 0; i < slft; ++i) {\n _loop_1(i);\n }\n return tAll;\n}\n/**\n * Synchronously creates a ZIP file. Prefer using `zip` for better performance\n * with more than one file.\n * @param data The directory structure for the ZIP archive\n * @param opts The main options, merged with per-file options\n * @returns The generated ZIP archive\n */\nexport function zipSync(data, opts) {\n if (!opts)\n opts = {};\n var r = {};\n var files = [];\n fltn(data, '', r, opts);\n var o = 0;\n var tot = 0;\n for (var fn in r) {\n var _a = r[fn], file = _a[0], p = _a[1];\n var compression = p.level == 0 ? 0 : 8;\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n if (s > 65535)\n err(11);\n var d = compression ? deflateSync(file, p) : file, l = d.length;\n var c = crc();\n c.p(file);\n files.push(mrg(p, {\n size: file.length,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n o: o,\n compression: compression\n }));\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n }\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n for (var i = 0; i < files.length; ++i) {\n var f = files[i];\n wzh(out, f.o, f, f.f, f.u, f.c.length);\n var badd = 30 + f.f.length + exfl(f.extra);\n out.set(f.c, f.o + badd);\n wzh(out, o, f, f.f, f.u, f.c.length, f.o, f.m), o += 16 + badd + (f.m ? f.m.length : 0);\n }\n wzf(out, o, files.length, cdl, oe);\n return out;\n}\n/**\n * Streaming pass-through decompression for ZIP archives\n */\nvar UnzipPassThrough = /*#__PURE__*/ (function () {\n function UnzipPassThrough() {\n }\n UnzipPassThrough.prototype.push = function (data, final) {\n this.ondata(null, data, final);\n };\n UnzipPassThrough.compression = 0;\n return UnzipPassThrough;\n}());\nexport { UnzipPassThrough };\n/**\n * Streaming DEFLATE decompression for ZIP archives. Prefer AsyncZipInflate for\n * better performance.\n */\nvar UnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function UnzipInflate() {\n var _this_1 = this;\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n UnzipInflate.prototype.push = function (data, final) {\n try {\n this.i.push(data, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n UnzipInflate.compression = 8;\n return UnzipInflate;\n}());\nexport { UnzipInflate };\n/**\n * Asynchronous streaming DEFLATE decompression for ZIP archives\n */\nvar AsyncUnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function AsyncUnzipInflate(_, sz) {\n var _this_1 = this;\n if (sz < 320000) {\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n else {\n this.i = new AsyncInflate(function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.terminate = this.i.terminate;\n }\n }\n AsyncUnzipInflate.prototype.push = function (data, final) {\n if (this.i.terminate)\n data = slc(data, 0);\n this.i.push(data, final);\n };\n AsyncUnzipInflate.compression = 8;\n return AsyncUnzipInflate;\n}());\nexport { AsyncUnzipInflate };\n/**\n * A ZIP archive decompression stream that emits files as they are discovered\n */\nvar Unzip = /*#__PURE__*/ (function () {\n /**\n * Creates a ZIP decompression stream\n * @param cb The callback to call whenever a file in the ZIP archive is found\n */\n function Unzip(cb) {\n this.onfile = cb;\n this.k = [];\n this.o = {\n 0: UnzipPassThrough\n };\n this.p = et;\n }\n /**\n * Pushes a chunk to be unzipped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzip.prototype.push = function (chunk, final) {\n var _this_1 = this;\n if (!this.onfile)\n err(5);\n if (!this.p)\n err(4);\n if (this.c > 0) {\n var len = Math.min(this.c, chunk.length);\n var toAdd = chunk.subarray(0, len);\n this.c -= len;\n if (this.d)\n this.d.push(toAdd, !this.c);\n else\n this.k[0].push(toAdd);\n chunk = chunk.subarray(len);\n if (chunk.length)\n return this.push(chunk, final);\n }\n else {\n var f = 0, i = 0, is = void 0, buf = void 0;\n if (!this.p.length)\n buf = chunk;\n else if (!chunk.length)\n buf = this.p;\n else {\n buf = new u8(this.p.length + chunk.length);\n buf.set(this.p), buf.set(chunk, this.p.length);\n }\n var l = buf.length, oc = this.c, add = oc && this.d;\n var _loop_2 = function () {\n var _a;\n var sig = b4(buf, i);\n if (sig == 0x4034B50) {\n f = 1, is = i;\n this_1.d = null;\n this_1.c = 0;\n var bf = b2(buf, i + 6), cmp_1 = b2(buf, i + 8), u = bf & 2048, dd = bf & 8, fnl = b2(buf, i + 26), es = b2(buf, i + 28);\n if (l > i + 30 + fnl + es) {\n var chks_3 = [];\n this_1.k.unshift(chks_3);\n f = 2;\n var sc_1 = b4(buf, i + 18), su_1 = b4(buf, i + 22);\n var fn_1 = strFromU8(buf.subarray(i + 30, i += 30 + fnl), !u);\n if (sc_1 == 4294967295) {\n _a = dd ? [-2] : z64e(buf, i), sc_1 = _a[0], su_1 = _a[1];\n }\n else if (dd)\n sc_1 = -1;\n i += es;\n this_1.c = sc_1;\n var d_1;\n var file_1 = {\n name: fn_1,\n compression: cmp_1,\n start: function () {\n if (!file_1.ondata)\n err(5);\n if (!sc_1)\n file_1.ondata(null, et, true);\n else {\n var ctr = _this_1.o[cmp_1];\n if (!ctr)\n file_1.ondata(err(14, 'unknown compression type ' + cmp_1, 1), null, false);\n d_1 = sc_1 < 0 ? new ctr(fn_1) : new ctr(fn_1, sc_1, su_1);\n d_1.ondata = function (err, dat, final) { file_1.ondata(err, dat, final); };\n for (var _i = 0, chks_4 = chks_3; _i < chks_4.length; _i++) {\n var dat = chks_4[_i];\n d_1.push(dat, false);\n }\n if (_this_1.k[0] == chks_3 && _this_1.c)\n _this_1.d = d_1;\n else\n d_1.push(et, true);\n }\n },\n terminate: function () {\n if (d_1 && d_1.terminate)\n d_1.terminate();\n }\n };\n if (sc_1 >= 0)\n file_1.size = sc_1, file_1.originalSize = su_1;\n this_1.onfile(file_1);\n }\n return \"break\";\n }\n else if (oc) {\n if (sig == 0x8074B50) {\n is = i += 12 + (oc == -2 && 8), f = 3, this_1.c = 0;\n return \"break\";\n }\n else if (sig == 0x2014B50) {\n is = i -= 4, f = 3, this_1.c = 0;\n return \"break\";\n }\n }\n };\n var this_1 = this;\n for (; i < l - 4; ++i) {\n var state_1 = _loop_2();\n if (state_1 === \"break\")\n break;\n }\n this.p = et;\n if (oc < 0) {\n var dat = f ? buf.subarray(0, is - 12 - (oc == -2 && 8) - (b4(buf, is - 16) == 0x8074B50 && 4)) : buf.subarray(0, i);\n if (add)\n add.push(dat, !!f);\n else\n this.k[+(f == 2)].push(dat);\n }\n if (f & 2)\n return this.push(buf.subarray(i), final);\n this.p = buf.subarray(i);\n }\n if (final) {\n if (this.c)\n err(13);\n this.p = null;\n }\n };\n /**\n * Registers a decoder with the stream, allowing for files compressed with\n * the compression type provided to be expanded correctly\n * @param decoder The decoder constructor\n */\n Unzip.prototype.register = function (decoder) {\n this.o[decoder.compression] = decoder;\n };\n return Unzip;\n}());\nexport { Unzip };\nvar mt = typeof queueMicrotask == 'function' ? queueMicrotask : typeof setTimeout == 'function' ? setTimeout : function (fn) { fn(); };\nexport function unzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var files = {};\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558) {\n cbd(err(13, 0, 1), null);\n return tAll;\n }\n }\n ;\n var lft = b2(data, e + 8);\n if (lft) {\n var c = lft;\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = lft = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n var _loop_3 = function (i) {\n var _a = zh(data, o, z), c_1 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n if (d)\n files[fn] = d;\n if (!--lft)\n cbd(null, files);\n }\n };\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_1\n })) {\n if (!c_1)\n cbl(null, slc(data, b, b + sc));\n else if (c_1 == 8) {\n var infl = data.subarray(b, b + sc);\n if (sc < 320000) {\n try {\n cbl(null, inflateSync(infl, new u8(su)));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(inflate(infl, { size: su }, cbl));\n }\n else\n cbl(err(14, 'unknown compression type ' + c_1, 1), null);\n }\n else\n cbl(null, null);\n };\n for (var i = 0; i < c; ++i) {\n _loop_3(i);\n }\n }\n else\n cbd(null, {});\n return tAll;\n}\n/**\n * Synchronously decompresses a ZIP archive. Prefer using `unzip` for better\n * performance with more than one file.\n * @param data The raw compressed ZIP file\n * @param opts The ZIP extraction options\n * @returns The decompressed files\n */\nexport function unzipSync(data, opts) {\n var files = {};\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558)\n err(13);\n }\n ;\n var c = b2(data, e + 8);\n if (!c)\n return {};\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n for (var i = 0; i < c; ++i) {\n var _a = zh(data, o, z), c_2 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_2\n })) {\n if (!c_2)\n files[fn] = slc(data, b, b + sc);\n else if (c_2 == 8)\n files[fn] = inflateSync(data.subarray(b, b + sc), new u8(su));\n else\n err(14, 'unknown compression type ' + c_2);\n }\n }\n return files;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// A salt notation is used to randomize signatures.\n// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks\n// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).\n// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.\n// some chosen-prefix attacks.\n// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.\nconst SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org';\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuerKeyID,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.unknownSubpackets = [];\n this.signedHashValue = null;\n this.salt = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n this.preferredCipherSuites = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes, config = defaultConfig) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n // Only for v6 signatures, a variable-length field containing:\n if (this.version === 6) {\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[i++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(i, i + saltLength);\n i += saltLength;\n }\n\n const signatureMaterial = bytes.subarray(i, bytes.length);\n const { read, signatureParams } = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial);\n if (read < signatureMaterial.length) {\n throw new Error('Error reading MPIs');\n }\n this.params = signatureParams;\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n if (this.version === 6) {\n arr.push(new Uint8Array([this.salt.length]));\n arr.push(this.salt);\n }\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false, config) {\n this.version = key.version;\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n // add randomness to the signature\n if (this.version === 6) {\n const saltLength = saltLengthForHash(this.hashAlgorithm);\n if (this.salt === null) {\n this.salt = crypto.random.getRandomBytes(saltLength);\n } else if (saltLength !== this.salt.length) {\n throw new Error('Provided salt does not have the required length');\n }\n } else if (config.nonDeterministicSignaturesViaNotation) {\n const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME));\n // since re-signing the same object is not supported, it's not expected to have multiple salt notations,\n // but we guard against it as a sanity check\n if (saltNotations.length === 0) {\n const saltValue = crypto.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm));\n this.rawNotations.push({\n name: SALT_NOTATION_NAME,\n value: saltValue,\n humanReadable: false,\n critical: false\n });\n } else {\n throw new Error('Unexpected existing salt notation');\n }\n }\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n if (this.preferredCipherSuites !== null) {\n bytes = new Uint8Array([].concat(...this.preferredCipherSuites));\n arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = this.unhashedSubpackets.map(({ type, critical, body }) => {\n return writeSubPacket(type, critical, body);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n // Signature subpackets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n mypos++;\n\n if (!hashed) {\n this.unhashedSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuerKeyID:\n // Issuer\n if (this.version === 4) {\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n } else if (hashed) {\n // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature,\n // since the Issuer Fingerprint subpacket is to be used instead.\n // The `issuerKeyID` value will be set when reading the issuerFingerprint packet.\n // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it,\n // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed)\n // issuerFingerprint.\n // If the packet is hashed, then we reject the signature, to avoid verifying data different from\n // what was parsed.\n throw new Error('Unexpected Issuer Key ID subpacket');\n }\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion >= 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCipherSuites:\n // Preferred AEAD Cipher Suites\n this.preferredCipherSuites = [];\n for (let i = mypos; i < bytes.length; i += 2) {\n this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);\n }\n break;\n default:\n this.unknownSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n break;\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n const subpacketLengthBytes = this.version === 6 ? 4 : 2;\n\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes));\n\n let i = subpacketLengthBytes;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) {\n // avoid hashing unexpected salt size\n throw new Error('Signature salt does not have the expected length');\n }\n\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.unknownSubpackets.forEach(({ type, critical }) => {\n if (critical) {\n throw new Error(`Unknown critical signature subpacket type ${type}`);\n }\n });\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n\n/**\n * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh.\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5}\n * @param {enums.hash} hashAlgorithm - Hash algorithm.\n * @returns {Integer} Salt length.\n * @private\n */\nfunction saltLengthForHash(hashAlgorithm) {\n switch (hashAlgorithm) {\n case enums.hash.sha256: return 16;\n case enums.hash.sha384: return 24;\n case enums.hash.sha512: return 32;\n case enums.hash.sha224: return 16;\n case enums.hash.sha3_256: return 16;\n case enums.hash.sha3_512: return 32;\n default: throw new Error('Unsupported hash function');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n static fromSignaturePacket(signaturePacket, isLast) {\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.version = signaturePacket.version === 6 ? 6 : 3;\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n onePassSig.salt = signaturePacket.salt; // v6 only\n onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only\n\n onePassSig.flags = isLast ? 1 : 0;\n return onePassSig;\n }\n\n constructor() {\n /** A one-octet version number. The current versions are 3 and 6. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** Only for v6, a variable-length field containing the salt. */\n this.salt = null;\n /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */\n this.issuerFingerprint = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current versions are 3 or 6.\n this.version = bytes[mypos++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n if (this.version === 6) {\n // Only for v6 signatures, a variable-length field containing:\n\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[mypos++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(mypos, mypos + saltLength);\n mypos += saltLength;\n\n // Only for v6 packets, 32 octets of the fingerprint of the signing key.\n this.issuerFingerprint = bytes.subarray(mypos, mypos + 32);\n mypos += 32;\n this.issuerKeyID = new KeyID();\n // For v6 the Key ID is the high-order 64 bits of the fingerprint.\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n // Only for v3 packets, an eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n }\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const arr = [new Uint8Array([\n this.version,\n this.signatureType,\n this.hashAlgorithm,\n this.publicKeyAlgorithm\n ])];\n if (this.version === 6) {\n arr.push(\n new Uint8Array([this.salt.length]),\n this.salt,\n this.issuerFingerprint\n );\n } else {\n arr.push(this.issuerKeyID.write());\n }\n arr.push(new Uint8Array([this.flags]));\n return util.concatUint8Array(arr);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID) ||\n (this.version === 3 && correspondingSig.version === 6) ||\n (this.version === 6 && correspondingSig.version !== 6) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt))\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError,\n UnknownPacketError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence,\n // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored.\n // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical.\n if (e instanceof UnknownPacketError) {\n if (parsed.tag <= 39) {\n await writer.abort(e);\n } else {\n return;\n }\n }\n\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Inflate, Deflate, Zlib, Unzlib } from 'fflate';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write());\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise.\n * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator\n * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor\n * @returns {ReadableStream} compressed or decompressed data\n */\nfunction zlib(compressionStreamInstantiator, ZlibStreamedConstructor) {\n return data => {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(inputData => {\n return new Promise((resolve, reject) => {\n const zlibStream = new ZlibStreamedConstructor();\n zlibStream.ondata = processedData => {\n resolve(processedData);\n };\n try {\n zlibStream.push(inputData, true); // only one chunk to push\n } catch (err) {\n reject(err);\n }\n });\n }));\n }\n\n // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API)\n if (compressionStreamInstantiator) {\n try {\n const compressorOrDecompressor = compressionStreamInstantiator();\n return data.pipeThrough(compressorOrDecompressor);\n } catch (err) {\n // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate.\n if (err.name !== 'TypeError') {\n throw err;\n }\n }\n }\n\n // JS fallback\n const inputReader = data.getReader();\n const zlibStream = new ZlibStreamedConstructor();\n\n return new ReadableStream({\n async start(controller) {\n zlibStream.ondata = async (value, isLast) => {\n controller.enqueue(value);\n if (isLast) {\n controller.close();\n }\n };\n\n while (true) {\n const { done, value } = await inputReader.read();\n if (done) {\n zlibStream.push(new Uint8Array(), true);\n return;\n } else if (value.length) {\n zlibStream.push(value);\n }\n }\n }\n });\n };\n}\n\nfunction bzip2Decompress() {\n return async function(data) {\n const { decode: bunzipDecode } = await import('@openpgp/seek-bzip');\n return stream.fromAsync(async () => bunzipDecode(await stream.readToEnd(data)));\n };\n}\n\n/**\n * Get Compression Stream API instatiators if the constructors are implemented.\n * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported\n * (supported formats cannot be determined in advance).\n * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat\n * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }}\n */\nconst getCompressionStreamInstantiators = compressionFormat => ({\n compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)),\n decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat))\n});\n\nconst compress_fns = {\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib)\n};\n\nconst decompress_fns = {\n uncompressed: data => data,\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib),\n bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n static fromObject({ version, aeadAlgorithm }) {\n if (version !== 1 && version !== 2) {\n throw new Error('Unsupported SEIPD version');\n }\n\n const seip = new SymEncryptedIntegrityProtectedDataPacket();\n seip.version = version;\n if (version === 2) {\n seip.aeadAlgorithm = aeadAlgorithm;\n }\n\n return seip;\n }\n\n constructor() {\n this.version = null;\n\n // The following 4 fields are for V2 only.\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = null;\n this.chunkSizeByte = null;\n this.salt = null;\n\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n this.version = await reader.readByte();\n // - A one-octet version number with value 1 or 2.\n if (this.version !== 1 && this.version !== 2) {\n throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`);\n }\n\n if (this.version === 2) {\n // - A one-octet cipher algorithm.\n this.cipherAlgorithm = await reader.readByte();\n // - A one-octet AEAD algorithm.\n this.aeadAlgorithm = await reader.readByte();\n // - A one-octet chunk size.\n this.chunkSizeByte = await reader.readByte();\n // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique.\n this.salt = await reader.readBytes(32);\n }\n\n // For V1:\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n // For V2:\n // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode.\n // - A final, summary authentication tag for the AEAD mode.\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n if (this.version === 2) {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]);\n }\n return util.concat([new Uint8Array([this.version]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n const { blockSize, keySize } = crypto.getCipherParams(sessionKeyAlgorithm);\n if (key.length !== keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n\n if (this.version === 2) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n this.salt = crypto.random.getRandomBytes(32);\n this.chunkSizeByte = config.aeadChunkSizeByte;\n this.encrypted = await runAEAD(this, 'encrypt', key, bytes);\n } else {\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n }\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n if (key.length !== crypto.getCipherParams(sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n\n let packetbytes;\n if (this.version === 2) {\n if (this.cipherAlgorithm !== sessionKeyAlgorithm) {\n // sanity check\n throw new Error('Unexpected session key algorithm');\n }\n packetbytes = await runAEAD(this, 'decrypt', key, encrypted);\n } else {\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n }\n\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n\n/**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\nexport async function runAEAD(packet, fn, key, data) {\n const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2;\n const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import)\n if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type');\n\n const mode = crypto.getAEADMode(packet.aeadAlgorithm);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0;\n const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP);\n const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n let iv;\n let ivView;\n if (isSEIPDv2) {\n const { keySize } = crypto.getCipherParams(packet.cipherAlgorithm);\n const { ivLength } = mode;\n const info = new Uint8Array(adataBuffer, 0, 5);\n const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength);\n key = derived.subarray(0, keySize);\n iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy.\n iv.fill(0, iv.length - 8);\n ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n } else { // AEADEncryptedDataPacket\n iv = packet.iv;\n // ivView is unused in this case\n }\n const modeInstance = await mode(packet.cipherAlgorithm, key);\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n let nonce;\n if (isSEIPDv2) { // SEIPD V2\n nonce = iv;\n } else { // AEADEncryptedDataPacket\n nonce = iv.slice();\n for (let i = 0; i < 8; i++) {\n nonce[iv.length - 8 + i] ^= chunkIndexArray[i];\n }\n }\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, nonce, adataArray);\n cryptedPromise.catch(() => {});\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...)\n cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray);\n cryptedPromise.catch(() => {});\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line @typescript-eslint/no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n if (isSEIPDv2) { // SEIPD V2\n ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...)\n } else { // AEADEncryptedDataPacket\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n }\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.ready.catch(() => {});\n await writer.abort(e);\n }\n });\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\nimport { runAEAD } from './sym_encrypted_integrity_protected_data';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await runAEAD(this, 'decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await runAEAD(this, 'encrypt', key, data);\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = null;\n\n // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()`\n this.publicKeyID = new KeyID();\n\n // For version 6:\n this.publicKeyVersion = null;\n this.publicKeyFingerprint = null;\n\n // For all versions:\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n static fromObject({\n version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm\n }) {\n const pkesk = new PublicKeyEncryptedSessionKeyPacket();\n\n if (version !== 3 && version !== 6) {\n throw new Error('Unsupported PKESK version');\n }\n\n pkesk.version = version;\n\n if (version === 6) {\n pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version;\n pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes();\n }\n\n pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID();\n pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm;\n pkesk.sessionKey = sessionKey;\n pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm;\n\n return pkesk;\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let offset = 0;\n this.version = bytes[offset++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n if (this.version === 6) {\n // A one-octet size of the following two fields:\n // - A one octet key version number.\n // - The fingerprint of the public key or subkey to which the session key is encrypted.\n // The size may also be zero.\n const versionAndFingerprintLength = bytes[offset++];\n if (versionAndFingerprintLength) {\n this.publicKeyVersion = bytes[offset++];\n const fingerprintLength = versionAndFingerprintLength - 1;\n this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength;\n if (this.publicKeyVersion >= 5) {\n // For v5/6 the Key ID is the high-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint);\n } else {\n // For v4 The Key ID is the low-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8));\n }\n } else {\n // The size may also be zero, and the key version and\n // fingerprint omitted for an \"anonymous recipient\"\n this.publicKeyID = KeyID.wildcard();\n }\n } else {\n offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8));\n }\n this.publicKeyAlgorithm = bytes[offset++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset));\n if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) {\n if (this.version === 3) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n } else if (this.encrypted.C.algorithm !== null) {\n throw new Error('Unexpected cleartext symmetric algorithm');\n }\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version])\n ];\n\n if (this.version === 6) {\n if (this.publicKeyFingerprint !== null) {\n arr.push(new Uint8Array([\n this.publicKeyFingerprint.length + 1,\n this.publicKeyVersion]\n ));\n arr.push(this.publicKeyFingerprint);\n } else {\n arr.push(new Uint8Array([0]));\n }\n } else {\n arr.push(this.publicKeyID.write());\n }\n\n arr.push(\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n );\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a\n // v6 PKESK packet, as it is included in the v2 SEIPD packet.\n const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n if (this.version === 3) {\n // v3 Montgomery curves have cleartext cipher algo\n const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448;\n this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm;\n\n if (sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n // add checksum\n return util.concatUint8Array([\n new Uint8Array(version === 6 ? [] : [cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = version === 6 ?\n { sessionKeyAlgorithm: null, sessionKey: result } :\n { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: version === 6 ? null : util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && (\n version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm));\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return {\n sessionKeyAlgorithm: null,\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 6 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number with value 4, 5 or 6.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following 5 fields.\n offset++;\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version >= 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following field.\n offset++;\n }\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n const s2kType = bytes[offset++];\n this.s2k = newS2KFromType(s2kType);\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version >= 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n const s2k = this.s2k.write();\n if (this.version === 6) {\n const s2kLen = s2k.length;\n const fieldsLen = 3 + s2kLen + this.iv.length;\n bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]);\n } else if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n if (this.sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n } else {\n // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v6Keys ? 6 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes, config = defaultConfig) {\n let pos = 0;\n // A one-octet version number (4, 5 or 6).\n this.version = bytes[pos++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version === 4 || this.version === 5 || this.version === 6) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version >= 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (\n this.version === 6 &&\n publicParams.oid && (\n publicParams.oid.getName() === enums.curve.curve25519Legacy ||\n publicParams.oid.getName() === enums.curve.ed25519Legacy\n )\n ) {\n throw new Error('Legacy curve25519 cannot be used with v6 keys');\n }\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version >= 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n const versionOctet = 0x95 + version;\n const lengthOctets = version >= 5 ? 4 : 2;\n return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version >= 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version >= 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line @typescript-eslint/no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError, writeTag } from './packet';\nimport computeHKDF from '../crypto/hkdf';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis\n * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older).\n * This value is only relevant to know how to decrypt the key:\n * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism.\n * @type {Boolean}\n * @private\n */\n this.isLegacyAEAD = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n /**\n * `true` for keys whose integrity is already confirmed, based on\n * the AEAD encryption mechanism\n * @type {Boolean}\n * @private\n */\n this.usedModernAEAD = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes, config = defaultConfig) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes, config);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n // - Only for a version 6 packet where the secret key material is\n // encrypted (that is, where the previous octet is not zero), a one-\n // octet scalar octet count of the cumulative length of all the\n // following optional string-to-key parameter fields.\n if (this.version === 6 && this.s2kUsage) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n i++;\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n const s2kType = bytes[i++];\n this.s2k = newS2KFromType(s2kType);\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n\n if (this.s2kUsage) {\n // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5).\n // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format).\n // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always\n // fail if the key was parsed according to the wrong format, since the keys are processed differently.\n // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag.\n this.isLegacyAEAD = this.s2kUsage === 253 && (\n this.version === 5 || (this.version === 4 && config.parseAEADEncryptedV4KeysAsLegacy));\n // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV)\n // of the same length as the cipher's block size.\n // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the\n // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm.\n // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero\n if (this.s2kUsage !== 253 || this.isLegacyAEAD) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipherParams(this.symmetric).blockSize\n );\n this.usedModernAEAD = false;\n } else {\n // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted),\n // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which\n // is used as the nonce for the AEAD algorithm.\n this.iv = bytes.subarray(\n i,\n i + crypto.getAEADMode(this.aead).ivLength\n );\n // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation.\n this.usedModernAEAD = true;\n }\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n let cleartext;\n if (this.version === 6) {\n cleartext = this.keyMaterial;\n } else {\n cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n }\n try {\n const { read, privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n if (read < cleartext.length) {\n throw new Error('Error reading MPIs');\n }\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n const s2k = this.s2k.write();\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n optionalFieldsArr.push(s2k.length);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...s2k);\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5 || (this.version === 6 && this.s2kUsage)) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage && this.version !== 6) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = newS2KFromType(enums.s2k.gnu, config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n this.isLegacyAEAD = null;\n this.usedModernAEAD = null;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n\n const { blockSize } = crypto.getCipherParams(this.symmetric);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = config.preferredAEADAlgorithm;\n const mode = crypto.getAEADMode(this.aead);\n this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead.\n this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material\n\n const serializedPacketTag = writeTag(this.constructor.tag);\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n\n const modeInstance = await mode(this.symmetric, key);\n this.iv = this.isLegacyAEAD ? crypto.random.getRandomBytes(blockSize) : crypto.random.getRandomBytes(mode.ivLength);\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData);\n } else {\n this.s2kUsage = 254;\n this.usedModernAEAD = false;\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(\n this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData);\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n this.aead = null;\n this.symmetric = null;\n this.isLegacyAEAD = null;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n if (this.usedModernAEAD) {\n // key integrity confirmed by successful AEAD decryption\n return;\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (this.version === 6 && (\n (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||\n this.algorithm === enums.publicKey.eddsaLegacy\n )) {\n throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);\n }\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\n/**\n * Derive encryption key\n * @param {Number} keyVersion - key derivation differs for v5 keys\n * @param {module:type/s2k} s2k\n * @param {String} passphrase\n * @param {module:enums.symmetric} cipherAlgo\n * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5)\n * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5)\n * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only)\n * @returns encryption key\n */\nasync function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) {\n if (s2k.type === 'argon2' && !aeadMode) {\n throw new Error('Using Argon2 S2K without AEAD is not allowed');\n }\n if (s2k.type === 'simple' && keyVersion === 6) {\n throw new Error('Using Simple S2K with version 6 keys is not allowed');\n }\n const { keySize } = crypto.getCipherParams(cipherAlgo);\n const derivedKey = await s2k.produceKey(passphrase, keySize);\n if (!aeadMode || keyVersion === 5 || isLegacyAEAD) {\n return derivedKey;\n }\n const info = util.concatUint8Array([\n serializedPacketTag,\n new Uint8Array([keyVersion, cipherAlgo, aeadMode])\n ]);\n return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize);\n}\n\nexport default SecretKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n\n /**\n * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1,\n * as well comments placed between the name (if present) and the bracketed email address:\n * - name (comment) \n * - email\n * In the first case, the `email` is the only required part, and it must contain the `@` symbol.\n * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`,\n * since they interfere with `comment` parsing.\n */\n const re = /^(?[^()]+\\s+)?(?\\([^()]+\\)\\s+)?(?<\\S+@\\S+>)$/;\n const matches = re.exec(userID);\n if (matches !== null) {\n const { name, comment, email } = matches.groups;\n this.comment = comment?.replace(/^\\(|\\)|\\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace\n this.name = name?.trim() || '';\n this.email = email.substring(1, email.length - 1); // remove brackets\n } else if (/^[^\\s@]+@[^\\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace\n this.email = userID;\n }\n\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures,\n * `enums.signatures.certGeneric` should be given regardless of the actual trust level)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm for a set of keys.\n * @param {Array} [targetKeys] - The keys to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {\n /**\n * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the\n * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).\n * if no keys are available, `preferredSenderAlgo` is returned.\n * For ECC signing key, the curve preferred hash is taken into account as well (see logic below).\n */\n const defaultAlgo = enums.hash.sha256; // MUST implement\n const preferredSenderAlgo = config.preferredHashAlgorithm;\n\n const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => {\n const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config);\n const targetPrefs = selfCertification.preferredHashAlgorithms;\n return targetPrefs;\n }));\n const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys\n for (const supportedAlgos of supportedAlgosPerTarget) {\n for (const hashAlgo of supportedAlgos) {\n try {\n // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on\n const supportedAlgo = enums.write(enums.hash, hashAlgo);\n supportedAlgosMap.set(\n supportedAlgo,\n supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1\n );\n } catch {}\n }\n }\n const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo;\n const getStrongestSupportedHashAlgo = () => {\n if (supportedAlgosMap.size === 0) {\n return defaultAlgo;\n }\n const sortedHashAlgos = Array.from(supportedAlgosMap.keys())\n .filter(hashAlgo => isSupportedHashAlgo(hashAlgo))\n .sort((algoA, algoB) => crypto.hash.getHashByteLength(algoA) - crypto.hash.getHashByteLength(algoB));\n const strongestHashAlgo = sortedHashAlgos[0];\n // defaultAlgo is always implicilty supported, and might be stronger than the rest\n return crypto.hash.getHashByteLength(strongestHashAlgo) >= crypto.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo;\n };\n\n const eccAlgos = new Set([\n enums.publicKey.ecdsa,\n enums.publicKey.eddsaLegacy,\n enums.publicKey.ed25519,\n enums.publicKey.ed448\n ]);\n\n if (eccAlgos.has(signingKeyPacket.algorithm)) {\n // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:\n // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5\n // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough;\n // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve\n // preferred algo, even if not supported by all targets.\n const preferredCurveAlgo = crypto.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid);\n\n const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo);\n const preferredSenderAlgoStrongerThanCurveAlgo = crypto.hash.getHashByteLength(preferredSenderAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo);\n\n if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) {\n return preferredSenderAlgo;\n } else {\n const strongestSupportedAlgo = getStrongestSupportedHashAlgo();\n return crypto.hash.getHashByteLength(strongestSupportedAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo) ?\n strongestSupportedAlgo :\n preferredCurveAlgo;\n }\n }\n\n // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this,\n // since it was manually set by the sender.\n return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo();\n}\n\n/**\n * Returns the preferred compression algorithm for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred compression algorithm\n * @async\n */\nexport async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = enums.compression.uncompressed;\n const preferredSenderAlgo = config.preferredCompressionAlgorithm;\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config);\n const recipientPrefs = selfCertification.preferredCompressionAlgorithms;\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred\n * @async\n */\nexport async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));\n const withAEAD = keys.length ?\n selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :\n config.aeadProtect;\n\n if (withAEAD) {\n const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };\n const desiredCipherSuites = [\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },\n { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }\n ];\n for (const desiredCipherSuite of desiredCipherSuites) {\n if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(\n cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo\n ))) {\n return desiredCipherSuite;\n }\n }\n return defaultCipherSuite;\n }\n const defaultSymAlgo = enums.symmetric.aes128;\n const desiredSymAlgo = config.preferredSymmetricAlgorithm;\n return {\n symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ?\n desiredSymAlgo :\n defaultSymAlgo,\n aeadAlgo: undefined\n };\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {Array} recipientKeys - keys to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config);\n signaturePacket.rawNotations = [...notations];\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n const isHardRevocation = ![\n enums.reasonForRevocation.keyRetired,\n enums.reasonForRevocation.keySuperseded,\n enums.reasonForRevocation.userIDInvalid\n ].includes(revocationSignature.reasonForRevocationFlag);\n\n await revocationSignature.verify(\n key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve`\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy ||\n options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'curve25519':\n options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519;\n break;\n case 'curve448':\n options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448;\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function validateSigningKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateEncryptionKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateDecryptionKeyPacket(keyPacket, signature, config) {\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateSigningKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateEncryptionKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n if (primaryKey.version !== 6) {\n // check for expiration time in direct signatures (for V6 keys, the above already did so)\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const selfCertification = await this.getPrimarySelfSignature(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature.\n await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * For V4 keys, returns the self-signature of the primary user.\n * For V5 keys, returns the latest valid direct-key self-signature.\n * This self-signature is to be used to check the key expiration,\n * algorithm preferences, and so on.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} The primary self-signature\n * @async\n */\n async getPrimarySelfSignature(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n if (primaryKey.version === 6) {\n return helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n );\n }\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n return selfCertification;\n }\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config);\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @throws {Error} if no decryption key is found\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n let exception = null;\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n if (this.subkeys[i].keyPacket.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n continue;\n }\n\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n // evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && helper.validateDecryptionKeyPacket(primaryKey, selfCertification, config)) {\n if (primaryKey.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n } else {\n keys.push(this);\n }\n }\n\n if (keys.length === 0) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('No decryption key packets found');\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.\n * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).\n * Note: Curve448 and Curve25519 are not widely supported yet.\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n // Every subkey for a v4 primary key MUST be a v4 subkey.\n // Every subkey for a v6 primary key MUST be a v6 subkey.\n // For v5 keys, since we dropped generation support, a v4 subkey is added.\n // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.\n const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nfunction getDefaultSubkeyType(algoName) {\n const algo = enums.write(enums.publicKey, algoName);\n // NB: no encryption-only algos, since they cannot be in primary keys\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n return 'rsa';\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return 'ecc';\n case enums.publicKey.ed25519:\n return 'curve25519';\n case enums.publicKey.ed448:\n return 'curve448';\n default:\n throw new Error('Unsupported algorithm');\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format).\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n function getKeySignatureProperties() {\n const signatureProperties = {};\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n const symmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128\n ], config.preferredSymmetricAlgorithm);\n signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;\n if (config.aeadProtect) {\n const aeadAlgorithms = createPreferredAlgos([\n enums.aead.gcm,\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {\n return symmetricAlgorithms.map(symmetricAlgorithm => {\n return [symmetricAlgorithm, aeadAlgorithm];\n });\n });\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512,\n enums.hash.sha3_256,\n enums.hash.sha3_512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.uncompressed,\n enums.compression.zlib,\n enums.compression.zip\n ], config.preferredCompressionAlgorithm);\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.seipdv2;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n return signatureProperties;\n }\n\n if (secretKeyPacket.version === 6) { // add direct key signature with key prefs\n const dataToSign = {\n key: secretKeyPacket\n };\n\n const signatureProperties = getKeySignatureProperties();\n signatureProperties.signatureType = enums.signature.key;\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n packetlist.push(signaturePacket);\n }\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {\n userID: userIDPacket,\n key: secretKeyPacket\n };\n const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};\n signatureProperties.signatureType = enums.signature.certPositive;\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);\n return createKey(firstKeyPacketList);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n return new PrivateKey(firstPrivateKeyList);\n }\n throw new Error('No secret key packet found');\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n if (keys.length === 0) {\n throw new Error('No secret key packet found');\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport { Argon2OutOfMemoryError } from './type/s2k';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredCipherSuite, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm;\n\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config);\n\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable)\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n if (err instanceof Argon2OutOfMemoryError) {\n exception = err;\n }\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let decryptionKeyPackets;\n try {\n // do not check key expiration to allow decryption of old messages\n decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n } catch (err) {\n exception = err;\n return;\n }\n\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config); // TODO: Pass userID from somewhere.\n if (selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all((\n expectedSymmetricAlgorithm ?\n [expectedSymmetricAlgorithm] :\n Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)\n ).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm;\n if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config);\n const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo);\n const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) &&\n !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(symmetricAlgo);\n return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({\n version: aeadAlgorithmName ? 2 : 1,\n aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null\n });\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n\n const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({\n version: aeadAlgorithm ? 6 : 3,\n encryptionKeyPacket: encryptionKey.keyPacket,\n anonymousRecipient: wildcard,\n sessionKey,\n sessionKeyAlgorithm: symmetricAlgorithm\n });\n\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config); // this returns the existing signature packets as well\n const onePassSignaturePackets = signaturePackets.map(\n (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0))\n .reverse(); // innermost OPS refers to the first signature packet\n\n packetlist.push(...onePassSignaturePackets);\n packetlist.push(literalDataPacket);\n packetlist.push(...signaturePackets);\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n const trailingPacket = this.packets[this.packets.length - 1];\n // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer.\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ?\n trailingPacket.version !== 2 :\n this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const signingUserID = signingUserIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config);\n return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n const input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // emit header and checksum if one of the signatures has a version not 6\n const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6);\n const hash = emitHeaderAndChecksum ?\n Array.from(new Set(this.signature.packets.map(\n packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase()\n ))).join() :\n null;\n\n const body = {\n hash,\n text: this.text,\n data: this.signature.packets.write()\n };\n\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n const hashAlgos = [];\n headers.forEach(header => {\n const hashHeader = header.match(/^Hash: (.+)$/); // get header value\n if (hashHeader) {\n const parsedHashIDs = hashHeader[1]\n .replace(/\\s/g, '') // remove whitespace\n .split(',')\n .map(hashName => {\n try {\n return enums.write(enums.hash, hashName.toLowerCase());\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase());\n }\n });\n hashAlgos.push(...parsedHashIDs);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredCompressionAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).\n * Note: Curve448 and Curve25519 (new format) are not widely supported yet.\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:\n * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n if (!type && !curve) {\n type = config.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them)\n curve = 'curve25519Legacy'; // unused with type != 'ecc'\n } else {\n type = type || 'ecc';\n curve = curve || 'curve25519Legacy';\n }\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && !config.v6Keys) {\n throw new Error('UserIDs are required for V4 keys');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) {\n throw new Error('UserIDs are required for V4 keys');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return await convertStream(data);\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return await convertStream(signature);\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data) {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\n// copied from utils\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(h) {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.wrapConstructor');\n number(h.outputLen);\n number(h.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","export const crypto = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n//# sourceMappingURL=crypto.js.map","/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0);\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// For runtime check if class implements interface\nexport class Hash {\n // Safe version that clones internal state\n clone() {\n return this._cloneInto();\n }\n}\nconst toStr = {}.toString;\nexport function checkOpts(defaults, opts) {\n if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n throw new Error('Options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\nexport function wrapConstructor(hashCons) {\n const hashC = (msg) => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\nexport function wrapConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\nexport function wrapXOFConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32) {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return crypto.randomBytes(bytesLength);\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n//# sourceMappingURL=utils.js.map","import { exists, output } from './_assert.js';\nimport { Hash, createView, toBytes } from './utils.js';\n/**\n * Polyfill for Safari 14\n */\nfunction setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/**\n * Choice: a ? b : c\n */\nexport const Chi = (a, b, c) => (a & b) ^ (~a & c);\n/**\n * Majority function, true if any two inputs is true\n */\nexport const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n */\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n exists(this);\n const { view, buffer, blockLen } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n exists(this);\n output(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n this.buffer.subarray(pos).fill(0);\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to || (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.length = length;\n to.pos = pos;\n to.finished = finished;\n to.destroyed = destroyed;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n}\n//# sourceMappingURL=_md.js.map","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotr, wrapConstructor } from './utils.js';\n// SHA2-256 need to try 2^128 hashes to execute birthday attack.\n// BTC network is doing 2^67 hashes/sec as per early 2023.\n// Round constants:\n// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ new Uint32Array([\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n// Initial state:\n// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19\n// prettier-ignore\nconst SHA256_IV = /* @__PURE__ */ new Uint32Array([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\nexport class SHA256 extends HashMD {\n constructor() {\n super(64, 32, 8, false);\n // We cannot use array here since array allows indexing by variable\n // which means optimizer/compiler cannot use registers.\n this.A = SHA256_IV[0] | 0;\n this.B = SHA256_IV[1] | 0;\n this.C = SHA256_IV[2] | 0;\n this.D = SHA256_IV[3] | 0;\n this.E = SHA256_IV[4] | 0;\n this.F = SHA256_IV[5] | 0;\n this.G = SHA256_IV[6] | 0;\n this.H = SHA256_IV[7] | 0;\n }\n get() {\n const { A, B, C, D, E, F, G, H } = this;\n return [A, B, C, D, E, F, G, H];\n }\n // prettier-ignore\n set(A, B, C, D, E, F, G, H) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n this.F = F | 0;\n this.G = G | 0;\n this.H = H | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4)\n SHA256_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 64; i++) {\n const W15 = SHA256_W[i - 15];\n const W2 = SHA256_W[i - 2];\n const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n }\n // Compression function main loop, 64 rounds\n let { A, B, C, D, E, F, G, H } = this;\n for (let i = 0; i < 64; i++) {\n const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n const T2 = (sigma0 + Maj(A, B, C)) | 0;\n H = G;\n G = F;\n F = E;\n E = (D + T1) | 0;\n D = C;\n C = B;\n B = A;\n A = (T1 + T2) | 0;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n F = (F + this.F) | 0;\n G = (G + this.G) | 0;\n H = (H + this.H) | 0;\n this.set(A, B, C, D, E, F, G, H);\n }\n roundClean() {\n SHA256_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\nclass SHA224 extends SHA256 {\n constructor() {\n super();\n this.A = 0xc1059ed8 | 0;\n this.B = 0x367cd507 | 0;\n this.C = 0x3070dd17 | 0;\n this.D = 0xf70e5939 | 0;\n this.E = 0xffc00b31 | 0;\n this.F = 0x68581511 | 0;\n this.G = 0x64f98fa7 | 0;\n this.H = 0xbefa4fa4 | 0;\n this.outputLen = 28;\n }\n}\n/**\n * SHA2-256 hash function\n * @param message - data that would be hashed\n */\nexport const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());\n/**\n * SHA2-224 hash function\n */\nexport const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224());\n//# sourceMappingURL=sha256.js.map","import { hash as assertHash, bytes as assertBytes, exists as assertExists } from './_assert.js';\nimport { Hash, toBytes } from './utils.js';\n// HMAC (RFC 2104)\nexport class HMAC extends Hash {\n constructor(hash, _key) {\n super();\n this.finished = false;\n this.destroyed = false;\n assertHash(hash);\n const key = toBytes(_key);\n this.iHash = hash.create();\n if (typeof this.iHash.update !== 'function')\n throw new Error('Expected instance of class which extends utils.Hash');\n this.blockLen = this.iHash.blockLen;\n this.outputLen = this.iHash.outputLen;\n const blockLen = this.blockLen;\n const pad = new Uint8Array(blockLen);\n // blockLen can be bigger than outputLen\n pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36;\n this.iHash.update(pad);\n // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone\n this.oHash = hash.create();\n // Undo internal XOR && apply outer XOR\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36 ^ 0x5c;\n this.oHash.update(pad);\n pad.fill(0);\n }\n update(buf) {\n assertExists(this);\n this.iHash.update(buf);\n return this;\n }\n digestInto(out) {\n assertExists(this);\n assertBytes(out, this.outputLen);\n this.finished = true;\n this.iHash.digestInto(out);\n this.oHash.update(out);\n this.oHash.digestInto(out);\n this.destroy();\n }\n digest() {\n const out = new Uint8Array(this.oHash.outputLen);\n this.digestInto(out);\n return out;\n }\n _cloneInto(to) {\n // Create new instance without calling constructor since key already in state and we don't know it.\n to || (to = Object.create(Object.getPrototypeOf(this), {}));\n const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;\n to = to;\n to.finished = finished;\n to.destroyed = destroyed;\n to.blockLen = blockLen;\n to.outputLen = outputLen;\n to.oHash = oHash._cloneInto(to.oHash);\n to.iHash = iHash._cloneInto(to.iHash);\n return to;\n }\n destroy() {\n this.destroyed = true;\n this.oHash.destroy();\n this.iHash.destroy();\n }\n}\n/**\n * HMAC: RFC2104 message authentication code.\n * @param hash - function that would be used e.g. sha256\n * @param key - message key\n * @param message - message data\n * @example\n * import { hmac } from '@noble/hashes/hmac';\n * import { sha256 } from '@noble/hashes/sha2';\n * const mac1 = hmac(sha256, 'key', 'message');\n */\nexport const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();\nhmac.create = (hash, key) => new HMAC(hash, key);\n//# sourceMappingURL=hmac.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// 100 lines of code in the file are duplicated from noble-hashes (utils).\n// This is OK: `abstract` directory does not use noble-hashes.\n// User may opt-in into using different hashing library. This way, noble-hashes\n// won't be included into their bundle.\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nexport function abytes(item) {\n if (!isBytes(item))\n throw new Error('Uint8Array expected');\n}\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(`${title} must be valid boolean, got \"${value}\".`);\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? `0${hex}` : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes(bytes);\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'private key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes(hex);\n }\n catch (e) {\n throw new Error(`${title} must be valid hex string, got \"${hex}\". Cause: ${e}`);\n }\n }\n else if (isBytes(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(`${title} must be hex string or Uint8Array`);\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);\n return res;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;\n// DRBG\nconst u8n = (data) => new Uint8Array(data); // creates Uint8Array\nconst u8fr = (arr) => Uint8Array.from(arr); // another shortcut\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n()) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error(`Invalid validator \"${type}\", expected function`);\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Utilities for modular arithmetics and finite fields\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js';\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);\n// prettier-ignore\nconst _9n = BigInt(9), _16n = BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/**\n * Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n */\n// TODO: use field version && remove\nexport function pow(num, power, modulo) {\n if (modulo <= _0n || power < _0n)\n throw new Error('Expected power/modulo > 0');\n if (modulo === _1n)\n return _0n;\n let res = _1n;\n while (power > _0n) {\n if (power & _1n)\n res = (res * num) % modulo;\n num = (num * num) % modulo;\n power >>= _1n;\n }\n return res;\n}\n// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res *= res;\n res %= modulo;\n }\n return res;\n}\n// Inverses number over modulo\nexport function invert(number, modulo) {\n if (number === _0n || modulo <= _0n) {\n throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);\n }\n // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u * q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n/**\n * Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * Will start an infinite loop if field order P is not prime.\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n */\nexport function tonelliShanks(P) {\n // Legendre constant: used to calculate Legendre symbol (a | p),\n // which denotes the value of a^((p-1)/2) (mod p).\n // (a | p) ≡ 1 if a is a square (mod p)\n // (a | p) ≡ -1 if a is not a square (mod p)\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreC = (P - _1n) / _2n;\n let Q, S, Z;\n // Step 1: By factoring out powers of 2 from p - 1,\n // find q and s such that p - 1 = q*(2^s) with q odd\n for (Q = P - _1n, S = 0; Q % _2n === _0n; Q /= _2n, S++)\n ;\n // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq\n for (Z = _2n; Z < P && pow(Z, legendreC, P) !== P - _1n; Z++)\n ;\n // Fast-path\n if (S === 1) {\n const p1div4 = (P + _1n) / _4n;\n return function tonelliFast(Fp, n) {\n const root = Fp.pow(n, p1div4);\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Slow-path\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1\n if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))\n throw new Error('Cannot find square root');\n let r = S;\n // TODO: will fail at Fp2/etc\n let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b\n let x = Fp.pow(n, Q1div2); // first guess at the square root\n let b = Fp.pow(n, Q); // first guess at the fudge factor\n while (!Fp.eql(b, Fp.ONE)) {\n if (Fp.eql(b, Fp.ZERO))\n return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0)\n // Find m such b^(2^m)==1\n let m = 1;\n for (let t2 = Fp.sqr(b); m < r; m++) {\n if (Fp.eql(t2, Fp.ONE))\n break;\n t2 = Fp.sqr(t2); // t2 *= t2\n }\n // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow\n const ge = Fp.pow(g, _1n << BigInt(r - m - 1)); // ge = 2^(r-m-1)\n g = Fp.sqr(ge); // g = ge * ge\n x = Fp.mul(x, ge); // x *= ge\n b = Fp.mul(b, g); // b *= g\n r = m;\n }\n return x;\n };\n}\nexport function FpSqrt(P) {\n // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.\n // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n // P ≡ 3 (mod 4)\n // √n = n^((P+1)/4)\n if (P % _4n === _3n) {\n // Not all roots possible!\n // const ORDER =\n // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn;\n // const NUM = 72057594037927816n;\n const p1div4 = (P + _1n) / _4n;\n return function sqrt3mod4(Fp, n) {\n const root = Fp.pow(n, p1div4);\n // Throw if root**2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10)\n if (P % _8n === _5n) {\n const c1 = (P - _5n) / _8n;\n return function sqrt5mod8(Fp, n) {\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, c1);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // P ≡ 9 (mod 16)\n if (P % _16n === _9n) {\n // NOTE: tonelli is too slow for bls-Fp2 calculations even on start\n // Means we cannot use sqrt for constants at all!\n //\n // const c1 = Fp.sqrt(Fp.negate(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n // const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n // const c3 = Fp.sqrt(Fp.negate(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n // const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n // sqrt = (x) => {\n // let tv1 = Fp.pow(x, c4); // 1. tv1 = x^c4\n // let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n // const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n // let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n // const e1 = Fp.equals(Fp.square(tv2), x); // 5. e1 = (tv2^2) == x\n // const e2 = Fp.equals(Fp.square(tv3), x); // 6. e2 = (tv3^2) == x\n // tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n // tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n // const e3 = Fp.equals(Fp.square(tv2), x); // 9. e3 = (tv2^2) == x\n // return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n // }\n }\n // Other cases: Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/**\n * Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n */\nexport function FpPow(f, num, power) {\n // Should have same speed as pow for bigints\n // TODO: benchmark!\n if (power < _0n)\n throw new Error('Expected power > 0');\n if (power === _0n)\n return f.ONE;\n if (power === _1n)\n return num;\n let p = f.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = f.mul(p, d);\n d = f.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/**\n * Efficiently invert an array of Field elements.\n * `inv(0)` will return `undefined` here: make sure to throw an error.\n */\nexport function FpInvertBatch(f, nums) {\n const tmp = new Array(nums.length);\n // Walk from first to last, multiply them by each other MOD p\n const lastMultiplied = nums.reduce((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = acc;\n return f.mul(acc, num);\n }, f.ONE);\n // Invert last element\n const inverted = f.inv(lastMultiplied);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = f.mul(acc, tmp[i]);\n return f.mul(acc, num);\n }, inverted);\n return tmp;\n}\nexport function FpDiv(f, lhs, rhs) {\n return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));\n}\nexport function FpLegendre(order) {\n // (a | p) ≡ 1 if a is a square (mod p), quadratic residue\n // (a | p) ≡ -1 if a is not a square (mod p), quadratic non residue\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreConst = (order - _1n) / _2n; // Integer arithmetic\n return (f, x) => f.pow(x, legendreConst);\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(f) {\n const legendre = FpLegendre(f.ORDER);\n return (x) => {\n const p = legendre(f, x);\n return f.eql(p, f.ZERO) || f.eql(p, f.ONE);\n };\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/**\n * Initializes a finite field over prime. **Non-primes are not supported.**\n * Do not init in loop: slow. Very fragile: always run a benchmark on a change.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * NOTE: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n */\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('Field lengths over 2048 bytes are not supported');\n const sqrtP = FpSqrt(ORDER);\n const f = Object.freeze({\n ORDER,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num * num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt || ((n) => sqrtP(f, n)),\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // TODO: do we really need constant cmov?\n // We don't have const-time bigints anyway, so probably will be not very useful\n cmov: (a, b, c) => (c ? b : a),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use mapKeyToField instead\n */\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 || hashLen < minLen || hashLen > 1024)\n throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/**\n * Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n */\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/**\n * Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n */\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 || len < minLen || len > 1024)\n throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);\n const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Abelian group utilities\nimport { validateField, nLength } from './modular.js';\nimport { validateObject, bitLen } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)\n// Elliptic curve multiplication of Point by scalar. Fragile.\n// Scalars should always be less than curve order: this should be checked inside of a curve itself.\n// Creates precomputation tables for fast multiplication:\n// - private scalar is split by fixed size windows of W bits\n// - every window point is collected from window's table & added to accumulator\n// - since windows are different, same point inside tables won't be accessed more than once per calc\n// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n// - +1 window is neccessary for wNAF\n// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow\n// windows to be in different memory locations\nexport function wNAF(c, bits) {\n const constTimeNegate = (condition, item) => {\n const neg = item.negate();\n return condition ? neg : item;\n };\n const validateW = (W) => {\n if (!Number.isSafeInteger(W) || W <= 0 || W > bits)\n throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);\n };\n const opts = (W) => {\n validateW(W);\n const windows = Math.ceil(bits / W) + 1; // +1, because\n const windowSize = 2 ** (W - 1); // -1 because we skip zero\n return { windows, windowSize };\n };\n return {\n constTimeNegate,\n // non-const time multiplication ladder\n unsafeLadder(elm, n) {\n let p = c.ZERO;\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /**\n * Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @returns precomputed point tables flattened to a single array\n */\n precomputeWindow(elm, W) {\n const { windows, windowSize } = opts(W);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // =1, because we skip zero\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /**\n * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n */\n wNAF(W, precomputes, n) {\n // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise\n // But need to carefully remove other checks before wNAF. ORDER == bits here\n const { windows, windowSize } = opts(W);\n let p = c.ZERO;\n let f = c.BASE;\n const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.\n const maxNumber = 2 ** W;\n const shiftBy = BigInt(W);\n for (let window = 0; window < windows; window++) {\n const offset = window * windowSize;\n // Extract W bits.\n let wbits = Number(n & mask);\n // Shift number by W bits.\n n >>= shiftBy;\n // If the bits are bigger than max size, we'll split those.\n // +224 => 256 - 32\n if (wbits > windowSize) {\n wbits -= maxNumber;\n n += _1n;\n }\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 ** W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n // Check if we're onto Zero point.\n // Add random point inside current window to f.\n const offset1 = offset;\n const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero\n const cond1 = window % 2 !== 0;\n const cond2 = wbits < 0;\n if (wbits === 0) {\n // The most important part for const-time getPublicKey\n f = f.add(constTimeNegate(cond1, precomputes[offset1]));\n }\n else {\n p = p.add(constTimeNegate(cond2, precomputes[offset2]));\n }\n }\n // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ()\n // Even if the variable is still unused, there are some checks which will\n // throw an exception, so compiler needs to prove they won't happen, which is hard.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n wNAFCached(P, n, transform) {\n const W = pointWindowSizes.get(P) || 1;\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return this.wNAF(W, comp, n);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/**\n * Pippenger algorithm for multi-scalar multiplication (MSM).\n * MSM is basically (Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster with precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param field field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n */\nexport function pippenger(c, field, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)\n throw new Error('arrays of points and scalars must have equal length');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error(`wrong scalar at index ${i}`);\n });\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error(`wrong point at index ${i}`);\n });\n const wbits = bitLen(BigInt(points.length));\n const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits\n const MASK = (1 << windowSize) - 1;\n const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array\n const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;\n let sum = c.ZERO;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(c.ZERO);\n for (let j = 0; j < scalars.length; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = c.ZERO; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Short Weierstrass curve. The formula is: y² = x³ + ax + b\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport * as mod from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\nfunction validateSigVerOpts(opts) {\n if (opts.lowS !== undefined)\n abool('lowS', opts.lowS);\n if (opts.prehash !== undefined)\n abool('prehash', opts.prehash);\n}\nfunction validatePointOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n a: 'field',\n b: 'field',\n }, {\n allowedPrivateKeyLengths: 'array',\n wrapPrivateKey: 'boolean',\n isTorsionFree: 'function',\n clearCofactor: 'function',\n allowInfinityPoint: 'boolean',\n fromBytes: 'function',\n toBytes: 'function',\n });\n const { endo, Fp, a } = opts;\n if (endo) {\n if (!Fp.eql(a, Fp.ZERO)) {\n throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');\n }\n if (typeof endo !== 'object' ||\n typeof endo.beta !== 'bigint' ||\n typeof endo.splitScalar !== 'function') {\n throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');\n }\n }\n return Object.freeze({ ...opts });\n}\nconst { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;\n/**\n * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:\n *\n * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]\n *\n * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html\n */\nexport const DER = {\n // asn.1 DER encoding utils\n Err: class DERErr extends Error {\n constructor(m = '') {\n super(m);\n }\n },\n // Basic building block is TLV (Tag-Length-Value)\n _tlv: {\n encode: (tag, data) => {\n const { Err: E } = DER;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length & 1)\n throw new E('tlv.encode: unpadded data');\n const dataLen = data.length / 2;\n const len = ut.numberToHexUnpadded(dataLen);\n if ((len.length / 2) & 128)\n throw new E('tlv.encode: long form length too big');\n // length of length with long form flag\n const lenLen = dataLen > 127 ? ut.numberToHexUnpadded((len.length / 2) | 128) : '';\n return `${ut.numberToHexUnpadded(tag)}${lenLen}${len}${data}`;\n },\n // v - value, l - left bytes (unparsed)\n decode(tag, data) {\n const { Err: E } = DER;\n let pos = 0;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length < 2 || data[pos++] !== tag)\n throw new E('tlv.decode: wrong tlv');\n const first = data[pos++];\n const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form\n let length = 0;\n if (!isLong)\n length = first;\n else {\n // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]\n const lenLen = first & 127;\n if (!lenLen)\n throw new E('tlv.decode(long): indefinite length not supported');\n if (lenLen > 4)\n throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js\n const lengthBytes = data.subarray(pos, pos + lenLen);\n if (lengthBytes.length !== lenLen)\n throw new E('tlv.decode: length bytes not complete');\n if (lengthBytes[0] === 0)\n throw new E('tlv.decode(long): zero leftmost byte');\n for (const b of lengthBytes)\n length = (length << 8) | b;\n pos += lenLen;\n if (length < 128)\n throw new E('tlv.decode(long): not minimal encoding');\n }\n const v = data.subarray(pos, pos + length);\n if (v.length !== length)\n throw new E('tlv.decode: wrong value length');\n return { v, l: data.subarray(pos + length) };\n },\n },\n // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,\n // since we always use positive integers here. It must always be empty:\n // - add zero byte if exists\n // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)\n _int: {\n encode(num) {\n const { Err: E } = DER;\n if (num < _0n)\n throw new E('integer: negative integers are not allowed');\n let hex = ut.numberToHexUnpadded(num);\n // Pad with zero byte if negative flag is present\n if (Number.parseInt(hex[0], 16) & 0b1000)\n hex = '00' + hex;\n if (hex.length & 1)\n throw new E('unexpected assertion');\n return hex;\n },\n decode(data) {\n const { Err: E } = DER;\n if (data[0] & 128)\n throw new E('Invalid signature integer: negative');\n if (data[0] === 0x00 && !(data[1] & 128))\n throw new E('Invalid signature integer: unnecessary leading zero');\n return b2n(data);\n },\n },\n toSig(hex) {\n // parse DER signature\n const { Err: E, _int: int, _tlv: tlv } = DER;\n const data = typeof hex === 'string' ? h2b(hex) : hex;\n ut.abytes(data);\n const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);\n if (seqLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);\n const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);\n if (sLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n return { r: int.decode(rBytes), s: int.decode(sBytes) };\n },\n hexFromSig(sig) {\n const { _tlv: tlv, _int: int } = DER;\n const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;\n return tlv.encode(0x30, seq);\n },\n};\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4);\nexport function weierstrassPoints(opts) {\n const CURVE = validatePointOpts(opts);\n const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ\n const Fn = mod.Field(CURVE.n, CURVE.nBitLength);\n const toBytes = CURVE.toBytes ||\n ((_c, point, _isCompressed) => {\n const a = point.toAffine();\n return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));\n });\n const fromBytes = CURVE.fromBytes ||\n ((bytes) => {\n // const head = bytes[0];\n const tail = bytes.subarray(1);\n // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n });\n /**\n * y² = x³ + ax + b: Short weierstrass curve formula\n * @returns y²\n */\n function weierstrassEquation(x) {\n const { a, b } = CURVE;\n const x2 = Fp.sqr(x); // x * x\n const x3 = Fp.mul(x2, x); // x2 * x\n return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b\n }\n // Validate whether the passed curve params are valid.\n // We check if curve equation works for generator point.\n // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381.\n // ProjectivePoint class has not been initialized yet.\n if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))\n throw new Error('bad generator point: equation left != right');\n // Valid group elements reside in range 1..n-1\n function isWithinCurveOrder(num) {\n return ut.inRange(num, _1n, CURVE.n);\n }\n // Validates if priv key is valid and converts it to bigint.\n // Supports options allowedPrivateKeyLengths and wrapPrivateKey.\n function normPrivateKeyToScalar(key) {\n const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;\n if (lengths && typeof key !== 'bigint') {\n if (ut.isBytes(key))\n key = ut.bytesToHex(key);\n // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes\n if (typeof key !== 'string' || !lengths.includes(key.length))\n throw new Error('Invalid key');\n key = key.padStart(nByteLength * 2, '0');\n }\n let num;\n try {\n num =\n typeof key === 'bigint'\n ? key\n : ut.bytesToNumberBE(ensureBytes('private key', key, nByteLength));\n }\n catch (error) {\n throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);\n }\n if (wrapPrivateKey)\n num = mod.mod(num, N); // disabled by default, enabled for BLS\n ut.aInRange('private key', num, _1n, N); // num in range [1..N-1]\n return num;\n }\n function assertPrjPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ProjectivePoint expected');\n }\n // Memoized toAffine / validity check. They are heavy. Points are immutable.\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n const toAffineMemo = memoized((p, iz) => {\n const { px: x, py: y, pz: z } = p;\n // Fast-path for normalized points\n if (Fp.eql(z, Fp.ONE))\n return { x, y };\n const is0 = p.is0();\n // If invZ was 0, we return zero point. However we still want to execute\n // all operations, so we replace invZ with a random number, 1.\n if (iz == null)\n iz = is0 ? Fp.ONE : Fp.inv(z);\n const ax = Fp.mul(x, iz);\n const ay = Fp.mul(y, iz);\n const zz = Fp.mul(z, iz);\n if (is0)\n return { x: Fp.ZERO, y: Fp.ZERO };\n if (!Fp.eql(zz, Fp.ONE))\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n // NOTE: on exception this will crash 'cached' and no value will be set.\n // Otherwise true will be return\n const assertValidMemo = memoized((p) => {\n if (p.is0()) {\n // (0, 1, 0) aka ZERO is invalid in most contexts.\n // In BLS, ZERO can be serialized, so we allow it.\n // (0, 0, 0) is wrong representation of ZERO and is always invalid.\n if (CURVE.allowInfinityPoint && !Fp.is0(p.py))\n return;\n throw new Error('bad point: ZERO');\n }\n // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`\n const { x, y } = p.toAffine();\n // Check if x, y are valid field elements\n if (!Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('bad point: x or y not FE');\n const left = Fp.sqr(y); // y²\n const right = weierstrassEquation(x); // x³ + ax + b\n if (!Fp.eql(left, right))\n throw new Error('bad point: equation left != right');\n if (!p.isTorsionFree())\n throw new Error('bad point: not in prime-order subgroup');\n return true;\n });\n /**\n * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)\n * Default Point works in 2d / affine coordinates: (x, y)\n * We're doing calculations in projective, because its operations don't require costly inversion.\n */\n class Point {\n constructor(px, py, pz) {\n this.px = px;\n this.py = py;\n this.pz = pz;\n if (px == null || !Fp.isValid(px))\n throw new Error('x required');\n if (py == null || !Fp.isValid(py))\n throw new Error('y required');\n if (pz == null || !Fp.isValid(pz))\n throw new Error('z required');\n Object.freeze(this);\n }\n // Does not validate if the point is on-curve.\n // Use fromHex instead, or call assertValidity() later.\n static fromAffine(p) {\n const { x, y } = p || {};\n if (!p || !Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('invalid affine point');\n if (p instanceof Point)\n throw new Error('projective point not allowed');\n const is0 = (i) => Fp.eql(i, Fp.ZERO);\n // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)\n if (is0(x) && is0(y))\n return Point.ZERO;\n return new Point(x, y, Fp.ONE);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n /**\n * Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n */\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.pz));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n /**\n * Converts hash string or Uint8Array to Point.\n * @param hex short/long ECDSA hex\n */\n static fromHex(hex) {\n const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));\n P.assertValidity();\n return P;\n }\n // Multiplies generator point by privateKey.\n static fromPrivateKey(privateKey) {\n return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // A point on curve is valid if it conforms to equation.\n assertValidity() {\n assertValidMemo(this);\n }\n hasEvenY() {\n const { y } = this.toAffine();\n if (Fp.isOdd)\n return !Fp.isOdd(y);\n throw new Error(\"Field doesn't support isOdd\");\n }\n /**\n * Compare one point to another.\n */\n equals(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));\n const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));\n return U1 && U2;\n }\n /**\n * Flips point to one corresponding to (x, -y) in Affine coordinates.\n */\n negate() {\n return new Point(this.px, Fp.neg(this.py), this.pz);\n }\n // Renes-Costello-Batina exception-free doubling formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 3\n // Cost: 8M + 3S + 3*a + 2*b3 + 15add.\n double() {\n const { a, b } = CURVE;\n const b3 = Fp.mul(b, _3n);\n const { px: X1, py: Y1, pz: Z1 } = this;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n let t0 = Fp.mul(X1, X1); // step 1\n let t1 = Fp.mul(Y1, Y1);\n let t2 = Fp.mul(Z1, Z1);\n let t3 = Fp.mul(X1, Y1);\n t3 = Fp.add(t3, t3); // step 5\n Z3 = Fp.mul(X1, Z1);\n Z3 = Fp.add(Z3, Z3);\n X3 = Fp.mul(a, Z3);\n Y3 = Fp.mul(b3, t2);\n Y3 = Fp.add(X3, Y3); // step 10\n X3 = Fp.sub(t1, Y3);\n Y3 = Fp.add(t1, Y3);\n Y3 = Fp.mul(X3, Y3);\n X3 = Fp.mul(t3, X3);\n Z3 = Fp.mul(b3, Z3); // step 15\n t2 = Fp.mul(a, t2);\n t3 = Fp.sub(t0, t2);\n t3 = Fp.mul(a, t3);\n t3 = Fp.add(t3, Z3);\n Z3 = Fp.add(t0, t0); // step 20\n t0 = Fp.add(Z3, t0);\n t0 = Fp.add(t0, t2);\n t0 = Fp.mul(t0, t3);\n Y3 = Fp.add(Y3, t0);\n t2 = Fp.mul(Y1, Z1); // step 25\n t2 = Fp.add(t2, t2);\n t0 = Fp.mul(t2, t3);\n X3 = Fp.sub(X3, t0);\n Z3 = Fp.mul(t2, t1);\n Z3 = Fp.add(Z3, Z3); // step 30\n Z3 = Fp.add(Z3, Z3);\n return new Point(X3, Y3, Z3);\n }\n // Renes-Costello-Batina exception-free addition formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 1\n // Cost: 12M + 0S + 3*a + 3*b3 + 23add.\n add(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n const a = CURVE.a;\n const b3 = Fp.mul(CURVE.b, _3n);\n let t0 = Fp.mul(X1, X2); // step 1\n let t1 = Fp.mul(Y1, Y2);\n let t2 = Fp.mul(Z1, Z2);\n let t3 = Fp.add(X1, Y1);\n let t4 = Fp.add(X2, Y2); // step 5\n t3 = Fp.mul(t3, t4);\n t4 = Fp.add(t0, t1);\n t3 = Fp.sub(t3, t4);\n t4 = Fp.add(X1, Z1);\n let t5 = Fp.add(X2, Z2); // step 10\n t4 = Fp.mul(t4, t5);\n t5 = Fp.add(t0, t2);\n t4 = Fp.sub(t4, t5);\n t5 = Fp.add(Y1, Z1);\n X3 = Fp.add(Y2, Z2); // step 15\n t5 = Fp.mul(t5, X3);\n X3 = Fp.add(t1, t2);\n t5 = Fp.sub(t5, X3);\n Z3 = Fp.mul(a, t4);\n X3 = Fp.mul(b3, t2); // step 20\n Z3 = Fp.add(X3, Z3);\n X3 = Fp.sub(t1, Z3);\n Z3 = Fp.add(t1, Z3);\n Y3 = Fp.mul(X3, Z3);\n t1 = Fp.add(t0, t0); // step 25\n t1 = Fp.add(t1, t0);\n t2 = Fp.mul(a, t2);\n t4 = Fp.mul(b3, t4);\n t1 = Fp.add(t1, t2);\n t2 = Fp.sub(t0, t2); // step 30\n t2 = Fp.mul(a, t2);\n t4 = Fp.add(t4, t2);\n t0 = Fp.mul(t1, t4);\n Y3 = Fp.add(Y3, t0);\n t0 = Fp.mul(t5, t4); // step 35\n X3 = Fp.mul(t3, X3);\n X3 = Fp.sub(X3, t0);\n t0 = Fp.mul(t3, t1);\n Z3 = Fp.mul(t5, Z3);\n Z3 = Fp.add(Z3, t0); // step 40\n return new Point(X3, Y3, Z3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n /**\n * Non-constant-time multiplication. Uses double-and-add algorithm.\n * It's faster, but should only be used when you don't care about\n * an exposed private key e.g. sig verification, which works over *public* keys.\n */\n multiplyUnsafe(sc) {\n ut.aInRange('scalar', sc, _0n, CURVE.n);\n const I = Point.ZERO;\n if (sc === _0n)\n return I;\n if (sc === _1n)\n return this;\n const { endo } = CURVE;\n if (!endo)\n return wnaf.unsafeLadder(this, sc);\n // Apply endomorphism\n let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);\n let k1p = I;\n let k2p = I;\n let d = this;\n while (k1 > _0n || k2 > _0n) {\n if (k1 & _1n)\n k1p = k1p.add(d);\n if (k2 & _1n)\n k2p = k2p.add(d);\n d = d.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n if (k1neg)\n k1p = k1p.negate();\n if (k2neg)\n k2p = k2p.negate();\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n return k1p.add(k2p);\n }\n /**\n * Constant time multiplication.\n * Uses wNAF method. Windowed method may be 10% faster,\n * but takes 2x longer to generate and consumes 2x memory.\n * Uses precomputes when available.\n * Uses endomorphism for Koblitz curves.\n * @param scalar by which the point would be multiplied\n * @returns New point\n */\n multiply(scalar) {\n const { endo, n: N } = CURVE;\n ut.aInRange('scalar', scalar, _1n, N);\n let point, fake; // Fake point is used to const-time mult\n if (endo) {\n const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);\n let { p: k1p, f: f1p } = this.wNAF(k1);\n let { p: k2p, f: f2p } = this.wNAF(k2);\n k1p = wnaf.constTimeNegate(k1neg, k1p);\n k2p = wnaf.constTimeNegate(k2neg, k2p);\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n point = k1p.add(k2p);\n fake = f1p.add(f2p);\n }\n else {\n const { p, f } = this.wNAF(scalar);\n point = p;\n fake = f;\n }\n // Normalize `z` for both points, but return only real one\n return Point.normalizeZ([point, fake])[0];\n }\n /**\n * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.\n * Not using Strauss-Shamir trick: precomputation tables are faster.\n * The trick could be useful if both P and Q are not G (not in our case).\n * @returns non-zero affine point\n */\n multiplyAndAddUnsafe(Q, a, b) {\n const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes\n const mul = (P, a // Select faster multiply() method\n ) => (a === _0n || a === _1n || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));\n const sum = mul(this, a).add(mul(Q, b));\n return sum.is0() ? undefined : sum;\n }\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n isTorsionFree() {\n const { h: cofactor, isTorsionFree } = CURVE;\n if (cofactor === _1n)\n return true; // No subgroups, always torsion-free\n if (isTorsionFree)\n return isTorsionFree(Point, this);\n throw new Error('isTorsionFree() has not been declared for the elliptic curve');\n }\n clearCofactor() {\n const { h: cofactor, clearCofactor } = CURVE;\n if (cofactor === _1n)\n return this; // Fast-path\n if (clearCofactor)\n return clearCofactor(Point, this);\n return this.multiplyUnsafe(CURVE.h);\n }\n toRawBytes(isCompressed = true) {\n abool('isCompressed', isCompressed);\n this.assertValidity();\n return toBytes(Point, this, isCompressed);\n }\n toHex(isCompressed = true) {\n abool('isCompressed', isCompressed);\n return ut.bytesToHex(this.toRawBytes(isCompressed));\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);\n Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO);\n const _bits = CURVE.nBitLength;\n const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits);\n // Validate if generator point is on curve\n return {\n CURVE,\n ProjectivePoint: Point,\n normPrivateKeyToScalar,\n weierstrassEquation,\n isWithinCurveOrder,\n };\n}\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n hash: 'hash',\n hmac: 'function',\n randomBytes: 'function',\n }, {\n bits2int: 'function',\n bits2int_modN: 'function',\n lowS: 'boolean',\n });\n return Object.freeze({ lowS: true, ...opts });\n}\n/**\n * Creates short weierstrass curve and ECDSA signature methods for it.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, b, p, n, Gx, Gy\n * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })\n */\nexport function weierstrass(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER } = CURVE;\n const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32\n const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32\n function modN(a) {\n return mod.mod(a, CURVE_ORDER);\n }\n function invN(a) {\n return mod.invert(a, CURVE_ORDER);\n }\n const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({\n ...CURVE,\n toBytes(_c, point, isCompressed) {\n const a = point.toAffine();\n const x = Fp.toBytes(a.x);\n const cat = ut.concatBytes;\n abool('isCompressed', isCompressed);\n if (isCompressed) {\n return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);\n }\n else {\n return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));\n }\n },\n fromBytes(bytes) {\n const len = bytes.length;\n const head = bytes[0];\n const tail = bytes.subarray(1);\n // this.assertValidity() is done inside of fromHex\n if (len === compressedLen && (head === 0x02 || head === 0x03)) {\n const x = ut.bytesToNumberBE(tail);\n if (!ut.inRange(x, _1n, Fp.ORDER))\n throw new Error('Point is not on curve');\n const y2 = weierstrassEquation(x); // y² = x³ + ax + b\n let y;\n try {\n y = Fp.sqrt(y2); // y = y² ^ (p+1)/4\n }\n catch (sqrtError) {\n const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';\n throw new Error('Point is not on curve' + suffix);\n }\n const isYOdd = (y & _1n) === _1n;\n // ECDSA\n const isHeadOdd = (head & 1) === 1;\n if (isHeadOdd !== isYOdd)\n y = Fp.neg(y);\n return { x, y };\n }\n else if (len === uncompressedLen && head === 0x04) {\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n }\n else {\n throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);\n }\n },\n });\n const numToNByteStr = (num) => ut.bytesToHex(ut.numberToBytesBE(num, CURVE.nByteLength));\n function isBiggerThanHalfOrder(number) {\n const HALF = CURVE_ORDER >> _1n;\n return number > HALF;\n }\n function normalizeS(s) {\n return isBiggerThanHalfOrder(s) ? modN(-s) : s;\n }\n // slice bytes num\n const slcNum = (b, from, to) => ut.bytesToNumberBE(b.slice(from, to));\n /**\n * ECDSA signature with its (r, s) properties. Supports DER & compact representations.\n */\n class Signature {\n constructor(r, s, recovery) {\n this.r = r;\n this.s = s;\n this.recovery = recovery;\n this.assertValidity();\n }\n // pair (bytes of r, bytes of s)\n static fromCompact(hex) {\n const l = CURVE.nByteLength;\n hex = ensureBytes('compactSignature', hex, l * 2);\n return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));\n }\n // DER encoded ECDSA signature\n // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script\n static fromDER(hex) {\n const { r, s } = DER.toSig(ensureBytes('DER', hex));\n return new Signature(r, s);\n }\n assertValidity() {\n ut.aInRange('r', this.r, _1n, CURVE_ORDER); // r in [1..N]\n ut.aInRange('s', this.s, _1n, CURVE_ORDER); // s in [1..N]\n }\n addRecoveryBit(recovery) {\n return new Signature(this.r, this.s, recovery);\n }\n recoverPublicKey(msgHash) {\n const { r, s, recovery: rec } = this;\n const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash\n if (rec == null || ![0, 1, 2, 3].includes(rec))\n throw new Error('recovery id invalid');\n const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;\n if (radj >= Fp.ORDER)\n throw new Error('recovery id 2 or 3 invalid');\n const prefix = (rec & 1) === 0 ? '02' : '03';\n const R = Point.fromHex(prefix + numToNByteStr(radj));\n const ir = invN(radj); // r^-1\n const u1 = modN(-h * ir); // -hr^-1\n const u2 = modN(s * ir); // sr^-1\n const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n if (!Q)\n throw new Error('point at infinify'); // unsafe is fine: no priv data leaked\n Q.assertValidity();\n return Q;\n }\n // Signatures should be low-s, to prevent malleability.\n hasHighS() {\n return isBiggerThanHalfOrder(this.s);\n }\n normalizeS() {\n return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;\n }\n // DER-encoded\n toDERRawBytes() {\n return ut.hexToBytes(this.toDERHex());\n }\n toDERHex() {\n return DER.hexFromSig({ r: this.r, s: this.s });\n }\n // padded bytes of r, then padded bytes of s\n toCompactRawBytes() {\n return ut.hexToBytes(this.toCompactHex());\n }\n toCompactHex() {\n return numToNByteStr(this.r) + numToNByteStr(this.s);\n }\n }\n const utils = {\n isValidPrivateKey(privateKey) {\n try {\n normPrivateKeyToScalar(privateKey);\n return true;\n }\n catch (error) {\n return false;\n }\n },\n normPrivateKeyToScalar: normPrivateKeyToScalar,\n /**\n * Produces cryptographically secure private key from random of size\n * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.\n */\n randomPrivateKey: () => {\n const length = mod.getMinHashLength(CURVE.n);\n return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);\n },\n /**\n * Creates precompute table for an arbitrary EC point. Makes point \"cached\".\n * Allows to massively speed-up `point.multiply(scalar)`.\n * @returns cached point\n * @example\n * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));\n * fast.multiply(privKey); // much faster ECDH now\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here\n return point;\n },\n };\n /**\n * Computes public key for a private key. Checks for validity of the private key.\n * @param privateKey private key\n * @param isCompressed whether to return compact (default), or full key\n * @returns Public key, full when isCompressed=false; short when isCompressed=true\n */\n function getPublicKey(privateKey, isCompressed = true) {\n return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);\n }\n /**\n * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.\n */\n function isProbPub(item) {\n const arr = ut.isBytes(item);\n const str = typeof item === 'string';\n const len = (arr || str) && item.length;\n if (arr)\n return len === compressedLen || len === uncompressedLen;\n if (str)\n return len === 2 * compressedLen || len === 2 * uncompressedLen;\n if (item instanceof Point)\n return true;\n return false;\n }\n /**\n * ECDH (Elliptic Curve Diffie Hellman).\n * Computes shared public key from private key and public key.\n * Checks: 1) private key validity 2) shared key is on-curve.\n * Does NOT hash the result.\n * @param privateA private key\n * @param publicB different public key\n * @param isCompressed whether to return compact (default), or full key\n * @returns shared public key\n */\n function getSharedSecret(privateA, publicB, isCompressed = true) {\n if (isProbPub(privateA))\n throw new Error('first arg must be private key');\n if (!isProbPub(publicB))\n throw new Error('second arg must be public key');\n const b = Point.fromHex(publicB); // check for being on-curve\n return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);\n }\n // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.\n // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.\n // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.\n // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors\n const bits2int = CURVE.bits2int ||\n function (bytes) {\n // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)\n // for some cases, since bytes.length * 8 is not actual bitLength.\n const num = ut.bytesToNumberBE(bytes); // check for == u8 done here\n const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits\n return delta > 0 ? num >> BigInt(delta) : num;\n };\n const bits2int_modN = CURVE.bits2int_modN ||\n function (bytes) {\n return modN(bits2int(bytes)); // can't use bytesToNumberBE here\n };\n // NOTE: pads output with zero as per spec\n const ORDER_MASK = ut.bitMask(CURVE.nBitLength);\n /**\n * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.\n */\n function int2octets(num) {\n ut.aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);\n // works with order, can have different size than numToField!\n return ut.numberToBytesBE(num, CURVE.nByteLength);\n }\n // Steps A, D of RFC6979 3.2\n // Creates RFC6979 seed; converts msg/privKey to numbers.\n // Used only in sign, not in verify.\n // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.\n // Also it can be bigger for P224 + SHA256\n function prepSig(msgHash, privateKey, opts = defaultSigOpts) {\n if (['recovered', 'canonical'].some((k) => k in opts))\n throw new Error('sign() legacy options not supported');\n const { hash, randomBytes } = CURVE;\n let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default\n if (lowS == null)\n lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash\n msgHash = ensureBytes('msgHash', msgHash);\n validateSigVerOpts(opts);\n if (prehash)\n msgHash = ensureBytes('prehashed msgHash', hash(msgHash));\n // We can't later call bits2octets, since nested bits2int is broken for curves\n // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.\n // const bits2octets = (bits) => int2octets(bits2int_modN(bits))\n const h1int = bits2int_modN(msgHash);\n const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint\n const seedArgs = [int2octets(d), int2octets(h1int)];\n // extraEntropy. RFC6979 3.6: additional k' (optional).\n if (ent != null && ent !== false) {\n // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is\n seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes\n }\n const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2\n const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!\n // Converts signature params into point w r/s, checks result for validity.\n function k2sig(kBytes) {\n // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n const k = bits2int(kBytes); // Cannot use fields methods, since it is group element\n if (!isWithinCurveOrder(k))\n return; // Important: all mod() calls here must be done over N\n const ik = invN(k); // k^-1 mod n\n const q = Point.BASE.multiply(k).toAffine(); // q = Gk\n const r = modN(q.x); // r = q.x mod n\n if (r === _0n)\n return;\n // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to\n // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:\n // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT\n const s = modN(ik * modN(m + r * d)); // Not using blinding here\n if (s === _0n)\n return;\n let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)\n let normS = s;\n if (lowS && isBiggerThanHalfOrder(s)) {\n normS = normalizeS(s); // if lowS was passed, ensure s is always\n recovery ^= 1; // // in the bottom half of N\n }\n return new Signature(r, normS, recovery); // use normS, not s\n }\n return { seed, k2sig };\n }\n const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };\n const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };\n /**\n * Signs message hash with a private key.\n * ```\n * sign(m, d, k) where\n * (x, y) = G × k\n * r = x mod n\n * s = (m + dr)/k mod n\n * ```\n * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.\n * @param privKey private key\n * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.\n * @returns signature with recovery param\n */\n function sign(msgHash, privKey, opts = defaultSigOpts) {\n const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.\n const C = CURVE;\n const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);\n return drbg(seed, k2sig); // Steps B, C, D, E, F, G\n }\n // Enable precomputes. Slows down first publicKey computation by 20ms.\n Point.BASE._setWindowSize(8);\n // utils.precompute(8, ProjectivePoint.BASE)\n /**\n * Verifies a signature against message hash and public key.\n * Rejects lowS signatures by default: to override,\n * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf:\n *\n * ```\n * verify(r, s, h, P) where\n * U1 = hs^-1 mod n\n * U2 = rs^-1 mod n\n * R = U1⋅G - U2⋅P\n * mod(R.x, n) == r\n * ```\n */\n function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {\n const sg = signature;\n msgHash = ensureBytes('msgHash', msgHash);\n publicKey = ensureBytes('publicKey', publicKey);\n if ('strict' in opts)\n throw new Error('options.strict was renamed to lowS');\n validateSigVerOpts(opts);\n const { lowS, prehash } = opts;\n let _sig = undefined;\n let P;\n try {\n if (typeof sg === 'string' || ut.isBytes(sg)) {\n // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).\n // Since DER can also be 2*nByteLength bytes, we check for it first.\n try {\n _sig = Signature.fromDER(sg);\n }\n catch (derError) {\n if (!(derError instanceof DER.Err))\n throw derError;\n _sig = Signature.fromCompact(sg);\n }\n }\n else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {\n const { r, s } = sg;\n _sig = new Signature(r, s);\n }\n else {\n throw new Error('PARSE');\n }\n P = Point.fromHex(publicKey);\n }\n catch (error) {\n if (error.message === 'PARSE')\n throw new Error(`signature must be Signature instance, Uint8Array or hex string`);\n return false;\n }\n if (lowS && _sig.hasHighS())\n return false;\n if (prehash)\n msgHash = CURVE.hash(msgHash);\n const { r, s } = _sig;\n const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element\n const is = invN(s); // s^-1\n const u1 = modN(h * is); // u1 = hs^-1 mod n\n const u2 = modN(r * is); // u2 = rs^-1 mod n\n const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P\n if (!R)\n return false;\n const v = modN(R.x);\n return v === r;\n }\n return {\n CURVE,\n getPublicKey,\n getSharedSecret,\n sign,\n verify,\n ProjectivePoint: Point,\n Signature,\n utils,\n };\n}\n/**\n * Implementation of the Shallue and van de Woestijne method for any weierstrass curve.\n * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.\n * b = True and y = sqrt(u / v) if (u / v) is square in F, and\n * b = False and y = sqrt(Z * (u / v)) otherwise.\n * @param Fp\n * @param Z\n * @returns\n */\nexport function SWUFpSqrtRatio(Fp, Z) {\n // Generic implementation\n const q = Fp.ORDER;\n let l = _0n;\n for (let o = q - _1n; o % _2n === _0n; o /= _2n)\n l += _1n;\n const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.\n // We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.\n // 2n ** c1 == 2n << (c1-1)\n const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);\n const _2n_pow_c1 = _2n_pow_c1_1 * _2n;\n const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic\n const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic\n const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic\n const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic\n const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2\n const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)\n let sqrtRatio = (u, v) => {\n let tv1 = c6; // 1. tv1 = c6\n let tv2 = Fp.pow(v, c4); // 2. tv2 = v^c4\n let tv3 = Fp.sqr(tv2); // 3. tv3 = tv2^2\n tv3 = Fp.mul(tv3, v); // 4. tv3 = tv3 * v\n let tv5 = Fp.mul(u, tv3); // 5. tv5 = u * tv3\n tv5 = Fp.pow(tv5, c3); // 6. tv5 = tv5^c3\n tv5 = Fp.mul(tv5, tv2); // 7. tv5 = tv5 * tv2\n tv2 = Fp.mul(tv5, v); // 8. tv2 = tv5 * v\n tv3 = Fp.mul(tv5, u); // 9. tv3 = tv5 * u\n let tv4 = Fp.mul(tv3, tv2); // 10. tv4 = tv3 * tv2\n tv5 = Fp.pow(tv4, c5); // 11. tv5 = tv4^c5\n let isQR = Fp.eql(tv5, Fp.ONE); // 12. isQR = tv5 == 1\n tv2 = Fp.mul(tv3, c7); // 13. tv2 = tv3 * c7\n tv5 = Fp.mul(tv4, tv1); // 14. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, isQR); // 15. tv3 = CMOV(tv2, tv3, isQR)\n tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)\n // 17. for i in (c1, c1 - 1, ..., 2):\n for (let i = c1; i > _1n; i--) {\n let tv5 = i - _2n; // 18. tv5 = i - 2\n tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5\n let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5\n const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1\n tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1\n tv1 = Fp.mul(tv1, tv1); // 23. tv1 = tv1 * tv1\n tvv5 = Fp.mul(tv4, tv1); // 24. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, e1); // 25. tv3 = CMOV(tv2, tv3, e1)\n tv4 = Fp.cmov(tvv5, tv4, e1); // 26. tv4 = CMOV(tv5, tv4, e1)\n }\n return { isValid: isQR, value: tv3 };\n };\n if (Fp.ORDER % _4n === _3n) {\n // sqrt_ratio_3mod4(u, v)\n const c1 = (Fp.ORDER - _3n) / _4n; // 1. c1 = (q - 3) / 4 # Integer arithmetic\n const c2 = Fp.sqrt(Fp.neg(Z)); // 2. c2 = sqrt(-Z)\n sqrtRatio = (u, v) => {\n let tv1 = Fp.sqr(v); // 1. tv1 = v^2\n const tv2 = Fp.mul(u, v); // 2. tv2 = u * v\n tv1 = Fp.mul(tv1, tv2); // 3. tv1 = tv1 * tv2\n let y1 = Fp.pow(tv1, c1); // 4. y1 = tv1^c1\n y1 = Fp.mul(y1, tv2); // 5. y1 = y1 * tv2\n const y2 = Fp.mul(y1, c2); // 6. y2 = y1 * c2\n const tv3 = Fp.mul(Fp.sqr(y1), v); // 7. tv3 = y1^2; 8. tv3 = tv3 * v\n const isQR = Fp.eql(tv3, u); // 9. isQR = tv3 == u\n let y = Fp.cmov(y2, y1, isQR); // 10. y = CMOV(y2, y1, isQR)\n return { isValid: isQR, value: y }; // 11. return (isQR, y) isQR ? y : y*c2\n };\n }\n // No curves uses that\n // if (Fp.ORDER % _8n === _5n) // sqrt_ratio_5mod8\n return sqrtRatio;\n}\n/**\n * Simplified Shallue-van de Woestijne-Ulas Method\n * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2\n */\nexport function mapToCurveSimpleSWU(Fp, opts) {\n mod.validateField(Fp);\n if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))\n throw new Error('mapToCurveSimpleSWU: invalid opts');\n const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);\n if (!Fp.isOdd)\n throw new Error('Fp.isOdd is not implemented!');\n // Input: u, an element of F.\n // Output: (x, y), a point on E.\n return (u) => {\n // prettier-ignore\n let tv1, tv2, tv3, tv4, tv5, tv6, x, y;\n tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, opts.Z); // 2. tv1 = Z * tv1\n tv2 = Fp.sqr(tv1); // 3. tv2 = tv1^2\n tv2 = Fp.add(tv2, tv1); // 4. tv2 = tv2 + tv1\n tv3 = Fp.add(tv2, Fp.ONE); // 5. tv3 = tv2 + 1\n tv3 = Fp.mul(tv3, opts.B); // 6. tv3 = B * tv3\n tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO)); // 7. tv4 = CMOV(Z, -tv2, tv2 != 0)\n tv4 = Fp.mul(tv4, opts.A); // 8. tv4 = A * tv4\n tv2 = Fp.sqr(tv3); // 9. tv2 = tv3^2\n tv6 = Fp.sqr(tv4); // 10. tv6 = tv4^2\n tv5 = Fp.mul(tv6, opts.A); // 11. tv5 = A * tv6\n tv2 = Fp.add(tv2, tv5); // 12. tv2 = tv2 + tv5\n tv2 = Fp.mul(tv2, tv3); // 13. tv2 = tv2 * tv3\n tv6 = Fp.mul(tv6, tv4); // 14. tv6 = tv6 * tv4\n tv5 = Fp.mul(tv6, opts.B); // 15. tv5 = B * tv6\n tv2 = Fp.add(tv2, tv5); // 16. tv2 = tv2 + tv5\n x = Fp.mul(tv1, tv3); // 17. x = tv1 * tv3\n const { isValid, value } = sqrtRatio(tv2, tv6); // 18. (is_gx1_square, y1) = sqrt_ratio(tv2, tv6)\n y = Fp.mul(tv1, u); // 19. y = tv1 * u -> Z * u^3 * y1\n y = Fp.mul(y, value); // 20. y = y * y1\n x = Fp.cmov(x, tv3, isValid); // 21. x = CMOV(x, tv3, is_gx1_square)\n y = Fp.cmov(y, value, isValid); // 22. y = CMOV(y, y1, is_gx1_square)\n const e1 = Fp.isOdd(u) === Fp.isOdd(y); // 23. e1 = sgn0(u) == sgn0(y)\n y = Fp.cmov(Fp.neg(y), y, e1); // 24. y = CMOV(-y, y, e1)\n x = Fp.div(x, tv4); // 25. x = x / tv4\n return { x, y };\n };\n}\n//# sourceMappingURL=weierstrass.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { hmac } from '@noble/hashes/hmac';\nimport { concatBytes, randomBytes } from '@noble/hashes/utils';\nimport { weierstrass } from './abstract/weierstrass.js';\n// connects noble-curves to noble-hashes\nexport function getHash(hash) {\n return {\n hash,\n hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),\n randomBytes,\n };\n}\nexport function createCurve(curveDef, defHash) {\n const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });\n return Object.freeze({ ...create(defHash), create });\n}\n//# sourceMappingURL=_shortw_utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp256r1 aka p256\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256\nconst Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));\nconst CURVE_A = Fp.create(BigInt('-3'));\nconst CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');\n// prettier-ignore\nexport const p256 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n\n // Curve order, total count of valid points in the field\n n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),\n Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),\n h: BigInt(1),\n lowS: false,\n}, sha256);\nexport const secp256r1 = p256;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-10')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P256_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p256.js.map","const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\n// We are not using BigUint64Array, because they are extremely slow as per 2022\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };\n}\nfunction split(lst, le = false) {\n let Ah = new Uint32Array(lst.length);\n let Al = new Uint32Array(lst.length);\n for (let i = 0; i < lst.length; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { fromBig, split, toBig, shrSH, shrSL, rotrSH, rotrSL, rotrBH, rotrBL, rotr32H, rotr32L, rotlSH, rotlSL, rotlBH, rotlBL, add, add3L, add3H, add4L, add4H, add5H, add5L, };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map","import { HashMD } from './_md.js';\nimport u64 from './_u64.js';\nimport { wrapConstructor } from './utils.js';\n// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):\n// prettier-ignore\nconst [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([\n '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\n// Temporary buffer, not used to store anything between runs\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA512 extends HashMD {\n constructor() {\n super(128, 64, 16, false);\n // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.\n // Also looks cleaner and easier to verify with spec.\n // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x6a09e667 | 0;\n this.Al = 0xf3bcc908 | 0;\n this.Bh = 0xbb67ae85 | 0;\n this.Bl = 0x84caa73b | 0;\n this.Ch = 0x3c6ef372 | 0;\n this.Cl = 0xfe94f82b | 0;\n this.Dh = 0xa54ff53a | 0;\n this.Dl = 0x5f1d36f1 | 0;\n this.Eh = 0x510e527f | 0;\n this.El = 0xade682d1 | 0;\n this.Fh = 0x9b05688c | 0;\n this.Fl = 0x2b3e6c1f | 0;\n this.Gh = 0x1f83d9ab | 0;\n this.Gl = 0xfb41bd6b | 0;\n this.Hh = 0x5be0cd19 | 0;\n this.Hl = 0x137e2179 | 0;\n }\n // prettier-ignore\n get() {\n const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n }\n // prettier-ignore\n set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {\n this.Ah = Ah | 0;\n this.Al = Al | 0;\n this.Bh = Bh | 0;\n this.Bl = Bl | 0;\n this.Ch = Ch | 0;\n this.Cl = Cl | 0;\n this.Dh = Dh | 0;\n this.Dl = Dl | 0;\n this.Eh = Eh | 0;\n this.El = El | 0;\n this.Fh = Fh | 0;\n this.Fl = Fl | 0;\n this.Gh = Gh | 0;\n this.Gl = Gl | 0;\n this.Hh = Hh | 0;\n this.Hl = Hl | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4) {\n SHA512_W_H[i] = view.getUint32(offset);\n SHA512_W_L[i] = view.getUint32((offset += 4));\n }\n for (let i = 16; i < 80; i++) {\n // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n const W15h = SHA512_W_H[i - 15] | 0;\n const W15l = SHA512_W_L[i - 15] | 0;\n const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n const W2h = SHA512_W_H[i - 2] | 0;\n const W2l = SHA512_W_L[i - 2] | 0;\n const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];\n const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n SHA512_W_H[i] = SUMh | 0;\n SHA512_W_L[i] = SUMl | 0;\n }\n let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n // Compression function main loop, 80 rounds\n for (let i = 0; i < 80; i++) {\n // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n const CHIl = (El & Fl) ^ (~El & Gl);\n // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n // prettier-ignore\n const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n const T1l = T1ll | 0;\n // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n Hh = Gh | 0;\n Hl = Gl | 0;\n Gh = Fh | 0;\n Gl = Fl | 0;\n Fh = Eh | 0;\n Fl = El | 0;\n ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n Dh = Ch | 0;\n Dl = Cl | 0;\n Ch = Bh | 0;\n Cl = Bl | 0;\n Bh = Ah | 0;\n Bl = Al | 0;\n const All = u64.add3L(T1l, sigma0l, MAJl);\n Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n Al = All | 0;\n }\n // Add the compressed chunk to the current hash value\n ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n }\n roundClean() {\n SHA512_W_H.fill(0);\n SHA512_W_L.fill(0);\n }\n destroy() {\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n }\n}\nexport class SHA512_224 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x8c3d37c8 | 0;\n this.Al = 0x19544da2 | 0;\n this.Bh = 0x73e19966 | 0;\n this.Bl = 0x89dcd4d6 | 0;\n this.Ch = 0x1dfab7ae | 0;\n this.Cl = 0x32ff9c82 | 0;\n this.Dh = 0x679dd514 | 0;\n this.Dl = 0x582f9fcf | 0;\n this.Eh = 0x0f6d2b69 | 0;\n this.El = 0x7bd44da8 | 0;\n this.Fh = 0x77e36f73 | 0;\n this.Fl = 0x04c48942 | 0;\n this.Gh = 0x3f9d85a8 | 0;\n this.Gl = 0x6a1d36c8 | 0;\n this.Hh = 0x1112e6ad | 0;\n this.Hl = 0x91d692a1 | 0;\n this.outputLen = 28;\n }\n}\nexport class SHA512_256 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x22312194 | 0;\n this.Al = 0xfc2bf72c | 0;\n this.Bh = 0x9f555fa3 | 0;\n this.Bl = 0xc84c64c2 | 0;\n this.Ch = 0x2393b86b | 0;\n this.Cl = 0x6f53b151 | 0;\n this.Dh = 0x96387719 | 0;\n this.Dl = 0x5940eabd | 0;\n this.Eh = 0x96283ee2 | 0;\n this.El = 0xa88effe3 | 0;\n this.Fh = 0xbe5e1e25 | 0;\n this.Fl = 0x53863992 | 0;\n this.Gh = 0x2b0199fc | 0;\n this.Gl = 0x2c85b8aa | 0;\n this.Hh = 0x0eb72ddc | 0;\n this.Hl = 0x81c52ca2 | 0;\n this.outputLen = 32;\n }\n}\nexport class SHA384 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0xcbbb9d5d | 0;\n this.Al = 0xc1059ed8 | 0;\n this.Bh = 0x629a292a | 0;\n this.Bl = 0x367cd507 | 0;\n this.Ch = 0x9159015a | 0;\n this.Cl = 0x3070dd17 | 0;\n this.Dh = 0x152fecd8 | 0;\n this.Dl = 0xf70e5939 | 0;\n this.Eh = 0x67332667 | 0;\n this.El = 0xffc00b31 | 0;\n this.Fh = 0x8eb44a87 | 0;\n this.Fl = 0x68581511 | 0;\n this.Gh = 0xdb0c2e0d | 0;\n this.Gl = 0x64f98fa7 | 0;\n this.Hh = 0x47b5481d | 0;\n this.Hl = 0xbefa4fa4 | 0;\n this.outputLen = 48;\n }\n}\nexport const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());\nexport const sha512_224 = /* @__PURE__ */ wrapConstructor(() => new SHA512_224());\nexport const sha512_256 = /* @__PURE__ */ wrapConstructor(() => new SHA512_256());\nexport const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384());\n//# sourceMappingURL=sha512.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha384 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp384r1 aka p384\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');\nconst Fp = Field(P);\nconst CURVE_A = Fp.create(BigInt('-3'));\n// prettier-ignore\nconst CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');\n// prettier-ignore\nexport const p384 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n\n // Curve order, total count of valid points in the field.\n n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),\n // Base (generator) point (x, y)\n Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),\n Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),\n h: BigInt(1),\n lowS: false,\n}, sha384);\nexport const secp384r1 = p384;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-12')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P384_XMD:SHA-384_SSWU_RO_',\n encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 192,\n expand: 'xmd',\n hash: sha384,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p384.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha512 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp521r1 aka p521\n// Note that it's 521, which differs from 512 of its hash function.\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst Fp = Field(P);\nconst CURVE = {\n a: Fp.create(BigInt('-3')),\n b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),\n Fp,\n n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),\n Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),\n Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),\n h: BigInt(1),\n};\n// prettier-ignore\nexport const p521 = createCurve({\n a: CURVE.a, // Equation params: a, b\n b: CURVE.b,\n Fp, // Field: 2n**521n - 1n\n // Curve order, total count of valid points in the field\n n: CURVE.n,\n Gx: CURVE.Gx, // Base point (x, y) aka generator point\n Gy: CURVE.Gy,\n h: CURVE.h,\n lowS: false,\n allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b\n}, sha512);\nexport const secp521r1 = p521;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE.a,\n B: CURVE.b,\n Z: Fp.create(BigInt('-4')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P521_XMD:SHA-512_SSWU_RO_',\n encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 256,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p521.js.map","import { bytes, exists, number, output } from './_assert.js';\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';\nimport { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';\n// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.\n// It's called a sponge function.\n// Various per round constants calculations\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nconst _7n = /* @__PURE__ */ BigInt(7);\nconst _256n = /* @__PURE__ */ BigInt(256);\nconst _0x71n = /* @__PURE__ */ BigInt(0x71);\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true);\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n// Same as keccakf1600, but allows to skip some rounds\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n B.fill(0);\n}\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n // Can be passed from user as dkLen\n number(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n if (0 >= this.blockLen || this.blockLen >= 200)\n throw new Error('Sha3 supports only keccak-f1600 function');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n keccak() {\n if (!isLE)\n byteSwap32(this.state32);\n keccakP(this.state32, this.rounds);\n if (!isLE)\n byteSwap32(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n exists(this);\n const { blockLen, state } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n exists(this, false);\n bytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n number(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n output(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n this.state.fill(0);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));\nexport const sha3_224 = /* @__PURE__ */ gen(0x06, 144, 224 / 8);\n/**\n * SHA3-256 hash function\n * @param message - that would be hashed\n */\nexport const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8);\nexport const sha3_384 = /* @__PURE__ */ gen(0x06, 104, 384 / 8);\nexport const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8);\nexport const keccak_224 = /* @__PURE__ */ gen(0x01, 144, 224 / 8);\n/**\n * keccak-256 hash function. Different from SHA3-256.\n * @param message - that would be hashed\n */\nexport const keccak_256 = /* @__PURE__ */ gen(0x01, 136, 256 / 8);\nexport const keccak_384 = /* @__PURE__ */ gen(0x01, 104, 384 / 8);\nexport const keccak_512 = /* @__PURE__ */ gen(0x01, 72, 512 / 8);\nconst genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\nexport const shake128 = /* @__PURE__ */ genShake(0x1f, 168, 128 / 8);\nexport const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8);\n//# sourceMappingURL=sha3.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport { mod, Field } from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/**\n * Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n */\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n const MASK = _2n << (BigInt(nByteLength * 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio ||\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP\n const domain = CURVE.domain ||\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length || phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n) {\n ut.aInRange('coordinate ' + title, n, _0n, MASK);\n }\n function assertPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T\n const XY = modP(X * Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez);\n aCoordinate('t', et);\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p || {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n assertPoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1*a + 6add + 1*2.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12\n const D = modP(a * A); // D = a*A\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1*a + 1*d + 7add.\n add(other) {\n assertPoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n // Faster algo for adding 2 Extended Points when curve's a=-1.\n // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4\n // Cost: 8M + 8add + 2*2.\n // Note: It does not check whether the `other` point is valid.\n if (a === BigInt(-1)) {\n const A = modP((Y1 - X1) * (Y2 + X2));\n const B = modP((Y1 + X1) * (Y2 - X2));\n const F = modP(B - A);\n if (F === _0n)\n return this.double(); // Same point. Tests say it doesn't affect timing\n const C = modP(Z1 * _2n * T2);\n const D = modP(T1 * _2n * Z2);\n const E = D + C;\n const G = B + A;\n const H = D - C;\n const X3 = modP(E * F);\n const Y3 = modP(G * H);\n const T3 = modP(E * H);\n const Z3 = modP(F * G);\n return new Point(X3, Y3, Z3, T3);\n }\n const A = modP(X1 * X2); // A = X1*X2\n const B = modP(Y1 * Y2); // B = Y1*Y2\n const C = modP(T1 * d * T2); // C = T1*d*T2\n const D = modP(Z1 * Z2); // D = Z1*Z2\n const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a * A); // H = B-a*A\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n multiplyUnsafe(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.equals(I) || n === _1n)\n return this;\n if (this.equals(G))\n return this.wNAF(n).p;\n return wnaf.unsafeLadder(this, n);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = ut.bytesToNumberLE(normed);\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n ut.aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n return getExtendedPublicKey(privKey).point;\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(ut.bytesToNumberLE(hash));\n }\n /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */\n function getExtendedPublicKey(key) {\n const len = nByteLength;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) || msgs)) mod N\n function hashDomainToScalar(context = new Uint8Array(), ...msgs) {\n const msg = ut.concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 */\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)\n const s = modN(r + k * scalar); // S = (r + k * s) mod L\n ut.aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, nByteLength * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));\n // zip215: true is good for consensus-critical apps and allows points < 2^256\n // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p\n let A, R, SB;\n try {\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /**\n * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { mod, pow } from './modular.js';\nimport { aInRange, bytesToNumberLE, ensureBytes, numberToBytesLE, validateObject, } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction validateOpts(curve) {\n validateObject(curve, {\n a: 'bigint',\n }, {\n montgomeryBits: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n adjustScalarBytes: 'function',\n domain: 'function',\n powPminus2: 'function',\n Gu: 'bigint',\n });\n // Set defaults\n return Object.freeze({ ...curve });\n}\n// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748)\n// Uses only one coordinate instead of two\nexport function montgomery(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { P } = CURVE;\n const modP = (n) => mod(n, P);\n const montgomeryBits = CURVE.montgomeryBits;\n const montgomeryBytes = Math.ceil(montgomeryBits / 8);\n const fieldLen = CURVE.nByteLength;\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes);\n const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P));\n // cswap from RFC7748. But it is not from RFC7748!\n /*\n cswap(swap, x_2, x_3):\n dummy = mask(swap) AND (x_2 XOR x_3)\n x_2 = x_2 XOR dummy\n x_3 = x_3 XOR dummy\n Return (x_2, x_3)\n Where mask(swap) is the all-1 or all-0 word of the same length as x_2\n and x_3, computed, e.g., as mask(swap) = 0 - swap.\n */\n function cswap(swap, x_2, x_3) {\n const dummy = modP(swap * (x_2 - x_3));\n x_2 = modP(x_2 - dummy);\n x_3 = modP(x_3 + dummy);\n return [x_2, x_3];\n }\n // x25519 from 4\n // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519\n const a24 = (CURVE.a - BigInt(2)) / BigInt(4);\n /**\n *\n * @param pointU u coordinate (x) on Montgomery Curve 25519\n * @param scalar by which the point would be multiplied\n * @returns new Point on Montgomery curve\n */\n function montgomeryLadder(u, scalar) {\n aInRange('u', u, _0n, P);\n aInRange('scalar', scalar, _0n, P);\n // Section 5: Implementations MUST accept non-canonical values and process them as\n // if they had been reduced modulo the field prime.\n const k = scalar;\n const x_1 = u;\n let x_2 = _1n;\n let z_2 = _0n;\n let x_3 = u;\n let z_3 = _1n;\n let swap = _0n;\n let sw;\n for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {\n const k_t = (k >> t) & _1n;\n swap ^= k_t;\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n swap = k_t;\n const A = x_2 + z_2;\n const AA = modP(A * A);\n const B = x_2 - z_2;\n const BB = modP(B * B);\n const E = AA - BB;\n const C = x_3 + z_3;\n const D = x_3 - z_3;\n const DA = modP(D * A);\n const CB = modP(C * B);\n const dacb = DA + CB;\n const da_cb = DA - CB;\n x_3 = modP(dacb * dacb);\n z_3 = modP(x_1 * modP(da_cb * da_cb));\n x_2 = modP(AA * BB);\n z_2 = modP(E * (AA + modP(a24 * E)));\n }\n // (x_2, x_3) = cswap(swap, x_2, x_3)\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n // (z_2, z_3) = cswap(swap, z_2, z_3)\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n // z_2^(p - 2)\n const z2 = powPminus2(z_2);\n // Return x_2 * (z_2^(p - 2))\n return modP(x_2 * z2);\n }\n function encodeUCoordinate(u) {\n return numberToBytesLE(modP(u), montgomeryBytes);\n }\n function decodeUCoordinate(uEnc) {\n // Section 5: When receiving such an array, implementations of X25519\n // MUST mask the most significant bit in the final byte.\n const u = ensureBytes('u coordinate', uEnc, montgomeryBytes);\n if (fieldLen === 32)\n u[31] &= 127; // 0b0111_1111\n return bytesToNumberLE(u);\n }\n function decodeScalar(n) {\n const bytes = ensureBytes('scalar', n);\n const len = bytes.length;\n if (len !== montgomeryBytes && len !== fieldLen)\n throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`);\n return bytesToNumberLE(adjustScalarBytes(bytes));\n }\n function scalarMult(scalar, u) {\n const pointU = decodeUCoordinate(u);\n const _scalar = decodeScalar(scalar);\n const pu = montgomeryLadder(pointU, _scalar);\n // The result was not contributory\n // https://cr.yp.to/ecdh.html#validate\n if (pu === _0n)\n throw new Error('Invalid private or public key received');\n return encodeUCoordinate(pu);\n }\n // Computes public key from private. By doing scalar multiplication of base point.\n const GuBytes = encodeUCoordinate(CURVE.Gu);\n function scalarMultBase(scalar) {\n return scalarMult(scalar, GuBytes);\n }\n return {\n scalarMult,\n scalarMultBase,\n getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),\n getPublicKey: (privateKey) => scalarMultBase(privateKey),\n utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },\n GuBytes: GuBytes,\n };\n}\n//# sourceMappingURL=montgomery.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3';\nimport { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';\nimport { twistedEdwards } from './abstract/edwards.js';\nimport { createHasher, expand_message_xof } from './abstract/hash-to-curve.js';\nimport { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js';\nimport { montgomery } from './abstract/montgomery.js';\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js';\n/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n */\nconst shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));\nconst ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448P;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most\n // significant bit of the last byte to 1.\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448P;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\nconst Fp = Field(ed448P, 456, true);\nconst ED448_DEF = {\n // Param: a\n a: BigInt(1),\n // -39081. Negative number is P - number\n d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),\n // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n\n Fp,\n // Subgroup order: how many points curve has;\n // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\n n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n nBitLength: 456,\n // Cofactor\n h: BigInt(4),\n // Base point (x, y) aka generator point\n Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),\n Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),\n // SHAKE256(dom4(phflag,context)||x, 114)\n hash: shake256_114,\n randomBytes,\n adjustScalarBytes,\n // dom4\n domain: (data, ctx, phflag) => {\n if (ctx.length > 255)\n throw new Error(`Context is too big: ${ctx.length}`);\n return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n },\n uvRatio,\n};\nexport const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF);\n// NOTE: there is no ed448ctx, since ed448 supports ctx by default\nexport const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 });\nexport const x448 = /* @__PURE__ */ (() => montgomery({\n a: BigInt(156326),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n montgomeryBits: 448,\n nByteLength: 56,\n P: ed448P,\n Gu: BigInt(5),\n powPminus2: (x) => {\n const P = ed448P;\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, BigInt(2), P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/**\n * Converts edwards448 public key to x448 public key. Uses formula:\n * * `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`\n * * `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`\n * @example\n * const aPub = ed448.getPublicKey(utils.randomPrivateKey());\n * x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))\n */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = Fp.invertBatch([xEd, yEd]); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\nconst htf = /* @__PURE__ */ (() => createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\nfunction assertDcfPoint(other) {\n if (!(other instanceof DcfPoint))\n throw new Error('DecafPoint expected');\n}\n// 1-d\nconst ONE_MINUS_D = BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_448B = BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes448ToNumberLE = (bytes) => ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);\n// Computes Elligator map for Decaf\n// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/**\n * Each ed448/ExtendedPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448\n */\nclass DcfPoint {\n // Private property to discourage combining ExtendedPoint + DecafPoint\n // Always use Decaf encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));\n }\n /**\n * Takes uniform output of 112-byte hash function like shake256 and converts it to `DecafPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * **Note:** this is one-way map, there is no conversion from point to hash.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\n * @param hex 112-byte output of a hash function\n */\n static hashToCurve(hex) {\n hex = ensureBytes('decafHash', hex, 112);\n const r1 = bytes448ToNumberLE(hex.slice(0, 56));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = bytes448ToNumberLE(hex.slice(56, 112));\n const R2 = calcElligatorDecafMap(r2);\n return new DcfPoint(R1.add(R2));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-decode-2\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n hex = ensureBytes('decafHex', hex, 56);\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';\n const s = bytes448ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 56), hex) || isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error(emsg);\n return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));\n }\n /**\n * Encodes decaf point to Uint8Array.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-encode-2\n */\n toRawBytes() {\n let { ex: x, ey: _y, ez: z, et: t } = this.ep;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const u1 = mod(mod(x + t) * mod(x - t)); // 1\n const x2 = mod(x * x);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * z - t); // 4\n let s = mod(ONE_MINUS_D * invsqrt * x * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 56);\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n // Compare one point to another.\n // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-equals-2\n equals(other) {\n assertDcfPoint(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed448.CURVE.Fp.create;\n // (x1 * y2 == y1 * x2)\n return mod(X1 * Y2) === mod(Y1 * X2);\n }\n add(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new DcfPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new DcfPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new DcfPoint(this.ep.double());\n }\n negate() {\n return new DcfPoint(this.ep.negate());\n }\n}\nexport const DecafPoint = /* @__PURE__ */ (() => {\n // decaf448 base point is ed448 base x 2\n // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699\n if (!DcfPoint.BASE)\n DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);\n if (!DcfPoint.ZERO)\n DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);\n return DcfPoint;\n})();\n// Hashing to decaf448. https://www.rfc-editor.org/rfc/rfc9380#appendix-C\nexport const hashToDecaf448 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xof(msg, DST, 112, 224, shake256);\n const P = DcfPoint.hashToCurve(uniform_bytes);\n return P;\n};\nexport const hash_to_decaf448 = hashToDecaf448; // legacy\n//# sourceMappingURL=ed448.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher, isogenyMap } from './abstract/hash-to-curve.js';\nimport { Field, mod, pow2 } from './abstract/modular.js';\nimport { inRange, aInRange, bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE, } from './abstract/utils.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\nconst secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');\nconst secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst divNearest = (a, b) => (a + b / _2n) / b;\n/**\n * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.\n * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]\n */\nfunction sqrtMod(y) {\n const P = secp256k1P;\n // prettier-ignore\n const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);\n // prettier-ignore\n const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);\n const b2 = (y * y * y) % P; // x^3, 11\n const b3 = (b2 * b2 * y) % P; // x^7\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b223 = (pow2(b220, _3n, P) * b3) % P;\n const t1 = (pow2(b223, _23n, P) * b22) % P;\n const t2 = (pow2(t1, _6n, P) * b2) % P;\n const root = pow2(t2, _2n, P);\n if (!Fp.eql(Fp.sqr(root), y))\n throw new Error('Cannot find square root');\n return root;\n}\nconst Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });\n/**\n * secp256k1 short weierstrass curve and ECDSA signatures over it.\n */\nexport const secp256k1 = createCurve({\n a: BigInt(0), // equation params: a, b\n b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975\n Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n\n n: secp256k1N, // Curve order, total count of valid points in the field\n // Base point (x, y) aka generator point\n Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),\n Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),\n h: BigInt(1), // Cofactor\n lowS: true, // Allow only low-S signatures by default in sign() and verify()\n /**\n * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.\n * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.\n * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.\n * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066\n */\n endo: {\n beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),\n splitScalar: (k) => {\n const n = secp256k1N;\n const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');\n const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');\n const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');\n const b2 = a1;\n const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)\n const c1 = divNearest(b2 * k, n);\n const c2 = divNearest(-b1 * k, n);\n let k1 = mod(k - c1 * a1 - c2 * a2, n);\n let k2 = mod(-c1 * b1 - c2 * b2, n);\n const k1neg = k1 > POW_2_128;\n const k2neg = k2 > POW_2_128;\n if (k1neg)\n k1 = n - k1;\n if (k2neg)\n k2 = n - k2;\n if (k1 > POW_2_128 || k2 > POW_2_128) {\n throw new Error('splitScalar: Endomorphism failed, k=' + k);\n }\n return { k1neg, k1, k2neg, k2 };\n },\n },\n}, sha256);\n// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.\n// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki\nconst _0n = BigInt(0);\n/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */\nconst TAGGED_HASH_PREFIXES = {};\nfunction taggedHash(tag, ...messages) {\n let tagP = TAGGED_HASH_PREFIXES[tag];\n if (tagP === undefined) {\n const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));\n tagP = concatBytes(tagH, tagH);\n TAGGED_HASH_PREFIXES[tag] = tagP;\n }\n return sha256(concatBytes(tagP, ...messages));\n}\n// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03\nconst pointToBytes = (point) => point.toRawBytes(true).slice(1);\nconst numTo32b = (n) => numberToBytesBE(n, 32);\nconst modP = (x) => mod(x, secp256k1P);\nconst modN = (x) => mod(x, secp256k1N);\nconst Point = secp256k1.ProjectivePoint;\nconst GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);\n// Calculate point, scalar and bytes\nfunction schnorrGetExtPubKey(priv) {\n let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey\n let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside\n const scalar = p.hasEvenY() ? d_ : modN(-d_);\n return { scalar: scalar, bytes: pointToBytes(p) };\n}\n/**\n * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.\n * @returns valid point checked for being on-curve\n */\nfunction lift_x(x) {\n aInRange('x', x, _1n, secp256k1P); // Fail if x ≥ p.\n const xx = modP(x * x);\n const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.\n let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.\n if (y % _2n !== _0n)\n y = modP(-y); // Return the unique point P such that x(P) = x and\n const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.\n p.assertValidity();\n return p;\n}\nconst num = bytesToNumberBE;\n/**\n * Create tagged hash, convert it to bigint, reduce modulo-n.\n */\nfunction challenge(...args) {\n return modN(num(taggedHash('BIP0340/challenge', ...args)));\n}\n/**\n * Schnorr public key is just `x` coordinate of Point as per BIP340.\n */\nfunction schnorrGetPublicKey(privateKey) {\n return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)\n}\n/**\n * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.\n * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.\n */\nfunction schnorrSign(message, privateKey, auxRand = randomBytes(32)) {\n const m = ensureBytes('message', message);\n const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder\n const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array\n const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)\n const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)\n const k_ = modN(num(rand)); // Let k' = int(rand) mod n\n if (k_ === _0n)\n throw new Error('sign failed: k is zero'); // Fail if k' = 0.\n const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.\n const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.\n const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).\n sig.set(rx, 0);\n sig.set(numTo32b(modN(k + e * d)), 32);\n // If Verify(bytes(P), m, sig) (see below) returns failure, abort\n if (!schnorrVerify(sig, m, px))\n throw new Error('sign: Invalid signature produced');\n return sig;\n}\n/**\n * Verifies Schnorr signature.\n * Will swallow errors & return false except for initial type validation of arguments.\n */\nfunction schnorrVerify(signature, message, publicKey) {\n const sig = ensureBytes('signature', signature, 64);\n const m = ensureBytes('message', message);\n const pub = ensureBytes('publicKey', publicKey, 32);\n try {\n const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails\n const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.\n if (!inRange(r, _1n, secp256k1P))\n return false;\n const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.\n if (!inRange(s, _1n, secp256k1N))\n return false;\n const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n\n const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P\n if (!R || !R.hasEvenY() || R.toAffine().x !== r)\n return false; // -eP == (n-e)P\n return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.\n }\n catch (error) {\n return false;\n }\n}\n/**\n * Schnorr signatures over secp256k1.\n */\nexport const schnorr = /* @__PURE__ */ (() => ({\n getPublicKey: schnorrGetPublicKey,\n sign: schnorrSign,\n verify: schnorrVerify,\n utils: {\n randomPrivateKey: secp256k1.utils.randomPrivateKey,\n lift_x,\n pointToBytes,\n numberToBytesBE,\n bytesToNumberBE,\n taggedHash,\n mod,\n },\n}))();\nconst isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [\n // xNum\n [\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',\n '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',\n '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',\n ],\n // xDen\n [\n '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',\n '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n // yNum\n [\n '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',\n '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',\n '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',\n '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',\n ],\n // yDen\n [\n '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',\n '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',\n '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n].map((i) => i.map((j) => BigInt(j)))))();\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),\n B: BigInt('1771'),\n Z: Fp.create(BigInt('-11')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {\n const { x, y } = mapSWU(Fp.create(scalars[0]));\n return isoMap(x, y);\n}, {\n DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=secp256k1.js.map","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'));\nconst CURVE_A = Fp.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'));\nconst CURVE_B = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6');\n\n// prettier-ignore\nexport const brainpoolP256r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),\n Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),\n h: BigInt(1),\n lowS: false\n} as const, sha256);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha384 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'));\nconst CURVE_A = Fp.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'));\nconst CURVE_B = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11');\n\n// prettier-ignore\nexport const brainpoolP384r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),\n Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),\n h: BigInt(1),\n lowS: false\n} as const, sha384);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha512 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'));\nconst CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'));\nconst CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723');\n\n// prettier-ignore\nexport const brainpoolP512r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),\n Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),\n h: BigInt(1),\n lowS: false\n} as const, sha512);\n","/**\n * This file is needed to dynamic import the noble-curves.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { p256 as nistP256 } from '@noble/curves/p256';\nimport { p384 as nistP384 } from '@noble/curves/p384';\nimport { p521 as nistP521 } from '@noble/curves/p521';\nimport { x448, ed448 } from '@noble/curves/ed448';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { brainpoolP256r1 } from './brainpool/brainpoolP256r1';\nimport { brainpoolP384r1 } from './brainpool/brainpoolP384r1';\nimport { brainpoolP512r1 } from './brainpool/brainpoolP512r1';\n\nexport const nobleCurves = new Map(Object.entries({\n nistP256,\n nistP384,\n nistP521,\n brainpoolP256r1,\n brainpoolP384r1,\n brainpoolP512r1,\n secp256k1,\n x448,\n ed448\n}));\n\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * This file is needed to dynamic import the legacy ciphers.\n * Separate dynamic imports are not convenient as they result in multiple chunks.\n */\n\nimport { TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TwoFish from './twofish';\nimport BlowFish from './blowfish';\nimport enums from '../../enums';\n\nexport const legacyCiphers = new Map([\n [enums.symmetric.tripledes, TripleDES],\n [enums.symmetric.cast5, CAST5],\n [enums.symmetric.blowfish, BlowFish],\n [enums.symmetric.twofish, TwoFish]\n]);\n","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms.\n// Initial state\nconst SHA1_IV = /* @__PURE__ */ new Uint32Array([\n 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA1_W = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA1 extends HashMD {\n constructor() {\n super(64, 20, 8, false);\n this.A = SHA1_IV[0] | 0;\n this.B = SHA1_IV[1] | 0;\n this.C = SHA1_IV[2] | 0;\n this.D = SHA1_IV[3] | 0;\n this.E = SHA1_IV[4] | 0;\n }\n get() {\n const { A, B, C, D, E } = this;\n return [A, B, C, D, E];\n }\n set(A, B, C, D, E) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n SHA1_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 80; i++)\n SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);\n // Compression function main loop, 80 rounds\n let { A, B, C, D, E } = this;\n for (let i = 0; i < 80; i++) {\n let F, K;\n if (i < 20) {\n F = Chi(B, C, D);\n K = 0x5a827999;\n }\n else if (i < 40) {\n F = B ^ C ^ D;\n K = 0x6ed9eba1;\n }\n else if (i < 60) {\n F = Maj(B, C, D);\n K = 0x8f1bbcdc;\n }\n else {\n F = B ^ C ^ D;\n K = 0xca62c1d6;\n }\n const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0;\n E = D;\n D = C;\n C = rotl(B, 30);\n B = A;\n A = T;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n this.set(A, B, C, D, E);\n }\n roundClean() {\n SHA1_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n/**\n * SHA1 (RFC 3174) hash function.\n * It was cryptographically broken: prefer newer algorithms.\n * @param message - data that would be hashed\n */\nexport const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1());\n//# sourceMappingURL=sha1.js.map","import { HashMD } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf\nconst Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);\nconst Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));\nconst Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16);\nlet idxL = [Id];\nlet idxR = [Pi];\nfor (let i = 0; i < 4; i++)\n for (let j of [idxL, idxR])\n j.push(j[i].map((k) => Rho[k]));\nconst shifts = /* @__PURE__ */ [\n [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],\n [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],\n [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],\n [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],\n [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],\n].map((i) => new Uint8Array(i));\nconst shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst Kl = /* @__PURE__ */ new Uint32Array([\n 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e,\n]);\nconst Kr = /* @__PURE__ */ new Uint32Array([\n 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000,\n]);\n// It's called f() in spec.\nfunction f(group, x, y, z) {\n if (group === 0)\n return x ^ y ^ z;\n else if (group === 1)\n return (x & y) | (~x & z);\n else if (group === 2)\n return (x | ~y) ^ z;\n else if (group === 3)\n return (x & z) | (y & ~z);\n else\n return x ^ (y | ~z);\n}\n// Temporary buffer, not used to store anything between runs\nconst R_BUF = /* @__PURE__ */ new Uint32Array(16);\nexport class RIPEMD160 extends HashMD {\n constructor() {\n super(64, 20, 8, true);\n this.h0 = 0x67452301 | 0;\n this.h1 = 0xefcdab89 | 0;\n this.h2 = 0x98badcfe | 0;\n this.h3 = 0x10325476 | 0;\n this.h4 = 0xc3d2e1f0 | 0;\n }\n get() {\n const { h0, h1, h2, h3, h4 } = this;\n return [h0, h1, h2, h3, h4];\n }\n set(h0, h1, h2, h3, h4) {\n this.h0 = h0 | 0;\n this.h1 = h1 | 0;\n this.h2 = h2 | 0;\n this.h3 = h3 | 0;\n this.h4 = h4 | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n R_BUF[i] = view.getUint32(offset, true);\n // prettier-ignore\n let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;\n // Instead of iterating 0 to 80, we split it into 5 groups\n // And use the groups in constants, functions, etc. Much simpler\n for (let group = 0; group < 5; group++) {\n const rGroup = 4 - group;\n const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore\n const rl = idxL[group], rr = idxR[group]; // prettier-ignore\n const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore\n for (let i = 0; i < 16; i++) {\n const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0;\n al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore\n }\n // 2 loops are 10% faster\n for (let i = 0; i < 16; i++) {\n const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0;\n ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore\n }\n }\n // Add the compressed chunk to the current hash value\n this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);\n }\n roundClean() {\n R_BUF.fill(0);\n }\n destroy() {\n this.destroyed = true;\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0);\n }\n}\n/**\n * RIPEMD-160 - a hash function from 1990s.\n * @param message - msg that would be hashed\n */\nexport const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160());\n//# sourceMappingURL=ripemd160.js.map","/**\n * This file is needed to dynamic import the noble-hashes.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { sha1 } from '@noble/hashes/sha1';\nimport { sha224, sha256 } from '@noble/hashes/sha256';\nimport { sha384, sha512 } from '@noble/hashes/sha512';\nimport { sha3_256, sha3_512 } from '@noble/hashes/sha3';\nimport { ripemd160 } from '@noble/hashes/ripemd160';\n\nexport const nobleHashes = new Map(Object.entries({\n sha1,\n sha224,\n sha256,\n sha384,\n sha512,\n sha3_256,\n sha3_512,\n ripemd160\n}));\n","// Adapted from the reference implementation in RFC7693\n// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes\n\n// Uint64 values are represented using two Uint32s, stored as little endian\n// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays\n// need to be manually handled\n\n// 64-bit unsigned addition (little endian, in place)\n// Sets a[i,i+1] += b[j,j+1]\n// `a` and `b` must be Uint32Array(2)\nfunction ADD64 (a, i, b, j) {\n a[i] += b[j];\n a[i+1] += b[j+1] + (a[i] < b[j]); // add carry\n}\n\n// Increment 64-bit little-endian unsigned value by `c` (in place)\n// `a` must be Uint32Array(2)\nfunction INC64 (a, c) {\n a[0] += c;\n a[1] += (a[0] < c);\n}\n\n// G Mixing function\n// The ROTRs are inlined for speed\nfunction G (v, m, a, b, c, d, ix, iy) {\n ADD64(v, a, v, b) // v[a,a+1] += v[b,b+1]\n ADD64(v, a, m, ix) // v[a, a+1] += x ... x0\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits\n let xor0 = v[d] ^ v[a]\n let xor1 = v[d + 1] ^ v[a + 1]\n v[d] = xor1\n v[d + 1] = xor0\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor0 >>> 24) ^ (xor1 << 8)\n v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8)\n\n ADD64(v, a, v, b)\n ADD64(v, a, m, iy)\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits\n xor0 = v[d] ^ v[a]\n xor1 = v[d + 1] ^ v[a + 1]\n v[d] = (xor0 >>> 16) ^ (xor1 << 16)\n v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16)\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor1 >>> 31) ^ (xor0 << 1)\n v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1)\n}\n\n// Initialization Vector\nconst BLAKE2B_IV32 = new Uint32Array([\n 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,\n 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,\n 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,\n 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19\n])\n\n// These are offsets into a Uint64 buffer.\n// Multiply them all by 2 to make them offsets into a Uint32 buffer\nconst SIGMA = new Uint8Array([\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,\n 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,\n 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,\n 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,\n 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,\n 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,\n 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,\n 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,\n 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3\n].map(x => x * 2))\n\n// Compression function. 'last' flag indicates last block.\n// Note: we're representing 16 uint64s as 32 uint32s\nfunction compress(S, last) {\n const v = new Uint32Array(32)\n const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32)\n\n // init work variables\n for (let i = 0; i < 16; i++) {\n v[i] = S.h[i]\n v[i + 16] = BLAKE2B_IV32[i]\n }\n\n // low 64 bits of offset\n v[24] ^= S.t0[0]\n v[25] ^= S.t0[1]\n // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1\n\n // if last block\n const f0 = last ? 0xFFFFFFFF : 0;\n v[28] ^= f0;\n v[29] ^= f0;\n\n // twelve rounds of mixing\n for (let i = 0; i < 12; i++) {\n // ROUND(r)\n const i16 = i << 4;\n G(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1])\n G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3])\n G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5])\n G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7])\n G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9])\n G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11])\n G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13])\n G(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15])\n }\n\n for (let i = 0; i < 16; i++) {\n S.h[i] ^= v[i] ^ v[i + 16]\n }\n}\n\n// Creates a BLAKE2b hashing context\n// Requires an output length between 1 and 64 bytes\n// Takes an optional Uint8Array key\nclass Blake2b {\n constructor(outlen, key, salt, personal) {\n const params = new Uint8Array(64)\n // 0: outlen, keylen, fanout, depth\n // 4: leaf length, sequential mode\n // 8: node offset\n // 12: node offset\n // 16: node depth, inner length, rfu\n // 20: rfu\n // 24: rfu\n // 28: rfu\n // 32: salt\n // 36: salt\n // 40: salt\n // 44: salt\n // 48: personal\n // 52: personal\n // 56: personal\n // 60: personal\n\n // init internal state\n this.S = {\n b: new Uint8Array(BLOCKBYTES),\n h: new Uint32Array(OUTBYTES_MAX / 4),\n t0: new Uint32Array(2), // input counter `t`, lower 64-bits only\n c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`\n outlen // output length in bytes\n }\n\n // init parameter block\n params[0] = outlen\n if (key) params[1] = key.length\n params[2] = 1 // fanout\n params[3] = 1 // depth\n if (salt) params.set(salt, 32)\n if (personal) params.set(personal, 48)\n const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);\n\n // initialize hash state\n for (let i = 0; i < 16; i++) {\n this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];\n }\n\n // key the hash, if applicable\n if (key) {\n const block = new Uint8Array(BLOCKBYTES)\n block.set(key)\n this.update(block)\n }\n }\n\n // Updates a BLAKE2b streaming hash\n // Requires Uint8Array (byte array)\n update(input) {\n if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')\n // for (let i = 0; i < input.length; i++) {\n // if (this.S.c === BLOCKBYTES) { // buffer full\n // INC64(this.S.t0, this.S.c) // add counters\n // compress(this.S, false)\n // this.S.c = 0 // empty buffer\n // }\n // this.S.b[this.S.c++] = input[i]\n // }\n let i = 0\n while(i < input.length) {\n if (this.S.c === BLOCKBYTES) { // buffer full\n INC64(this.S.t0, this.S.c) // add counters\n compress(this.S, false)\n this.S.c = 0 // empty buffer\n }\n let left = BLOCKBYTES - this.S.c\n this.S.b.set(input.subarray(i, i + left), this.S.c) // end index can be out of bounds\n const fill = Math.min(left, input.length - i)\n this.S.c += fill\n i += fill\n }\n return this\n }\n\n /**\n * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one\n * @param {Uint8Array} [prealloc] - optional preallocated buffer\n * @returns {ArrayBuffer} message digest\n */\n digest(prealloc) {\n INC64(this.S.t0, this.S.c) // mark last block offset\n\n // final block, padded\n this.S.b.fill(0, this.S.c);\n this.S.c = BLOCKBYTES;\n compress(this.S, true)\n\n const out = prealloc || new Uint8Array(this.S.outlen);\n for (let i = 0; i < this.S.outlen; i++) {\n // must be loaded individually since default Uint32 endianness is platform dependant\n out[i] = this.S.h[i >> 2] >> (8 * (i & 3))\n }\n this.S.h = null; // prevent calling `update` after `digest`\n return out.buffer;\n }\n}\n\n\nexport default function createHash(outlen, key, salt, personal) {\n if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)\n if (key) {\n if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')\n if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)\n }\n if (salt) {\n if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')\n if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)\n }\n if (personal) {\n if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')\n if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)\n }\n\n return new Blake2b(outlen, key, salt, personal)\n}\n\nconst OUTBYTES_MAX = 64;\nconst KEYBYTES_MAX = 64;\nconst SALTBYTES = 16;\nconst PERSONALBYTES = 16;\nconst BLOCKBYTES = 128;\n\n","import blake2b from \"./blake2b.js\"\nconst TYPE = 2; // Argon2id\nconst VERSION = 0x13;\nconst TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MIN = 8;\nconst passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst passwordBYTES_MIN = 8;\nconst MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)\nconst SECRETBYTES_MAX = 32; // key (optional)\n\nconst ARGON2_BLOCK_SIZE = 1024;\nconst ARGON2_PREHASH_DIGEST_LENGTH = 64;\n\nconst isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;\n\n// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])\nfunction LE32(buf, n, i) {\n buf[i+0] = n;\n buf[i+1] = n >> 8;\n buf[i+2] = n >> 16;\n buf[i+3] = n >> 24;\n return buf;\n}\n\n/**\n * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])\n * @param {Uint8Array} buf\n * @param {Number} n\n * @param {Number} i\n */\nfunction LE64(buf, n, i) {\n if (n > Number.MAX_SAFE_INTEGER) throw new Error(\"LE64: large numbers unsupported\");\n // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations\n // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)\n // so we manually extract each byte\n let remainder = n;\n for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER\n buf[offset] = remainder; // implicit & 0xff\n remainder = (remainder - buf[offset]) / 256;\n }\n return buf;\n}\n\n/**\n * Variable-Length Hash Function H'\n * @param {Number} outlen - T\n * @param {Uint8Array} X - value to hash\n * @param {Uint8Array} res - output buffer, of length `outlength` or larger\n */\nfunction H_(outlen, X, res) {\n const V = new Uint8Array(64); // no need to keep around all V_i\n\n const V1_in = new Uint8Array(4 + X.length);\n LE32(V1_in, outlen, 0);\n V1_in.set(X, 4);\n if (outlen <= 64) {\n // H'^T(A) = H^T(LE32(T)||A)\n blake2b(outlen).update(V1_in).digest(res);\n return res\n }\n\n const r = Math.ceil(outlen / 32) - 2;\n\n // Let V_i be a 64-byte block and W_i be its first 32 bytes.\n // V_1 = H^(64)(LE32(T)||A)\n // V_2 = H^(64)(V_1)\n // ...\n // V_r = H^(64)(V_{r-1})\n // V_{r+1} = H^(T-32*r)(V_{r})\n // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}\n for (let i = 0; i < r; i++) {\n blake2b(64).update(i === 0 ? V1_in : V).digest(V);\n // store W_i in result buffer already\n res.set(V.subarray(0, 32), i*32)\n }\n // V_{r+1}\n const V_r1 = new Uint8Array(blake2b(outlen - 32*r).update(V).digest());\n res.set(V_r1, r*32);\n\n return res;\n}\n\n// compute buf = xs ^ ys\nfunction XOR(wasmContext, buf, xs, ys) {\n wasmContext.fn.XOR(\n buf.byteOffset,\n xs.byteOffset,\n ys.byteOffset,\n );\n return buf\n}\n\n/**\n * @param {Uint8Array} X (read-only)\n * @param {Uint8Array} Y (read-only)\n * @param {Uint8Array} R - output buffer\n * @returns\n */\nfunction G(wasmContext, X, Y, R) {\n wasmContext.fn.G(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\nfunction G2(wasmContext, X, Y, R) {\n wasmContext.fn.G2(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\n// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.\nfunction* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {\n // For each segment, we do the following. First, we compute the value Z as:\n // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )\n wasmContext.refs.prngTmp.fill(0);\n const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);\n LE64(Z, pass, 0);\n LE64(Z, lane, 8);\n LE64(Z, slice, 16);\n LE64(Z, m_, 24);\n LE64(Z, totalPasses, 32);\n LE64(Z, TYPE, 40);\n\n // Then we compute q/(128*SL) 1024-byte values\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),\n // ...,\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),\n for(let i = 1; i <= segmentLength; i++) {\n // tmp.set(Z); // no need to re-copy\n LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed\n const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );\n\n // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2\n // NB: the first generated pair must be used for the first block of the segment, and so on.\n // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.\n for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {\n yield g2.subarray(k, k+8);\n }\n }\n return [];\n}\n\nfunction validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {\n const assertLength = (name, value, min, max) => {\n if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }\n }\n\n if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version');\n assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);\n assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);\n assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);\n assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);\n // optional fields\n ad && assertLength('associated data', ad, 0, ADBYTES_MAX);\n secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);\n\n return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };\n}\n\nconst KB = 1024;\nconst WASM_PAGE_SIZE = 64 * KB;\n\nexport default function argon2id(params, { memory, instance: wasmInstance }) {\n if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system\n\n const ctx = validateParams({ type: TYPE, version: VERSION, ...params });\n\n const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;\n const wasmRefs = {};\n const wasmFn = {};\n wasmFn.G = wasmG;\n wasmFn.G2 = wasmG2;\n wasmFn.XOR = wasmXOR;\n\n // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.\n const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));\n const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references\n if (memory.buffer.byteLength < requiredMemory) {\n const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE)\n // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.\n // Otherwise, the operation fails, and the original memory can still be used.\n memory.grow(missing)\n }\n\n let offset = 0;\n // Init wasm memory needed in other functions\n wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;\n wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;\n wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;\n wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;\n // Init wasm memory needed locally\n const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;\n const wasmContext = { fn: wasmFn, refs: wasmRefs };\n const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;\n const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);\n const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);\n\n // 1. Establish H_0\n const H0 = getH0(ctx);\n\n // 2. Allocate the memory as m' 1024-byte blocks\n // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.\n const q = m_ / ctx.lanes;\n const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));\n const initBlock = (i, j) => {\n B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);\n return B[i][j];\n }\n\n for (let i = 0; i < ctx.lanes; i++) {\n // const LEi = LE0; // since p = 1 for us\n const tmp = new Uint8Array(H0.length + 8);\n // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p\n // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))\n tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));\n // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p\n // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))\n LE32(tmp, 1, H0.length);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));\n }\n\n // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2\n // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes\n // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.\n const SL = 4; // vertical slices\n const segmentLength = q / SL;\n for (let pass = 0; pass < ctx.passes; pass++) {\n // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel\n for (let sl = 0; sl < SL; sl++) {\n const isDataIndependent = pass === 0 && sl <= 1;\n for (let i = 0; i < ctx.lanes; i++) { // lane\n // On the first slice of the first pass, blocks 0 and 1 are already filled\n let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;\n // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)\n const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;\n for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {\n const j = sl * segmentLength + segmentOffset;\n const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]\n\n // we can assume the PRNG is never done\n const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength)\n const l = lz[0]; const z = lz[1];\n // for (let i = 0; i < p; i++ )\n // B[i][j] = G(B[i][j-1], B[l][z])\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n if (pass === 0) initBlock(i, j);\n G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);\n\n // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one\n if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j])\n }\n }\n }\n }\n\n // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:\n // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]\n const C = B[0][q-1];\n for(let i = 1; i < ctx.lanes; i++) {\n XOR(wasmContext, C, C, B[i][q-1])\n }\n\n const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));\n // clear memory since the module might be cached\n allocatedMemory.fill(0) // clear sensitive contents\n memory.grow(0) // allow deallocation\n // 8. The output tag is computed as H'^T(C).\n return tag;\n\n}\n\nfunction getH0(ctx) {\n const H = blake2b(ARGON2_PREHASH_DIGEST_LENGTH);\n const ZERO32 = new Uint8Array(4);\n const params = new Uint8Array(24);\n LE32(params, ctx.lanes, 0);\n LE32(params, ctx.tagLength, 4);\n LE32(params, ctx.memorySize, 8);\n LE32(params, ctx.passes, 12);\n LE32(params, ctx.version, 16);\n LE32(params, ctx.type, 20);\n\n const toHash = [params];\n if (ctx.password) {\n toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0))\n toHash.push(ctx.password)\n } else {\n toHash.push(ZERO32) // context.password.length\n }\n\n if (ctx.salt) {\n toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0))\n toHash.push(ctx.salt)\n } else {\n toHash.push(ZERO32) // context.salt.length\n }\n\n if (ctx.secret) {\n toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0))\n toHash.push(ctx.secret)\n // todo clear secret?\n } else {\n toHash.push(ZERO32) // context.secret.length\n }\n\n if (ctx.ad) {\n toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0))\n toHash.push(ctx.ad)\n } else {\n toHash.push(ZERO32) // context.ad.length\n }\n H.update(concatArrays(toHash))\n\n const outputBuffer = H.digest();\n return new Uint8Array(outputBuffer);\n}\n\nfunction concatArrays(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!(arrays[i] instanceof Uint8Array)) {\n throw new Error('concatArrays: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach((element) => {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n","import argon2id from \"./argon2id.js\";\n\nlet isSIMDSupported;\nasync function wasmLoader(memory, getSIMD, getNonSIMD) {\n const importObject = { env: { memory } };\n if (isSIMDSupported === undefined) {\n try {\n const loaded = await getSIMD(importObject);\n isSIMDSupported = true;\n return loaded;\n } catch(e) {\n isSIMDSupported = false;\n }\n }\n\n const loader = isSIMDSupported ? getSIMD : getNonSIMD;\n return loader(importObject);\n}\n\nexport default async function setupWasm(getSIMD, getNonSIMD) {\n const memory = new WebAssembly.Memory({\n // in pages of 64KiB each\n // these values need to be compatible with those declared when building in `build-wasm`\n initial: 1040, // 65MB\n maximum: 65536, // 4GB\n });\n const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);\n\n /**\n * Argon2id hash function\n * @callback computeHash\n * @param {Object} params\n * @param {Uint8Array} params.password - password\n * @param {Uint8Array} params.salt - salt\n * @param {Integer} params.parallelism\n * @param {Integer} params.passes\n * @param {Integer} params.memorySize - in kibibytes\n * @param {Integer} params.tagLength - output tag length\n * @param {Uint8Array} [params.ad] - associated data (optional)\n * @param {Uint8Array} [params.secret] - secret data (optional)\n * @return {Uint8Array} argon2id hash\n */\n const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });\n\n return computeHash;\n}\n","import setupWasm from './lib/setup.js';\nimport wasmSIMD from './dist/simd.wasm';\nimport wasmNonSIMD from './dist/no-simd.wasm';\n\nconst loadWasm = async () => setupWasm(\n (instanceObject) => wasmSIMD(instanceObject),\n (instanceObject) => wasmNonSIMD(instanceObject),\n);\n\nexport default loadWasm;\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2022 Proton AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport crypto from '../crypto';\nimport enums from '../enums';\n\n/**\n * Implementation of the Padding Packet\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}:\n * Padding Packet\n */\nclass PaddingPacket {\n static get tag() {\n return enums.packet.padding;\n }\n\n constructor() {\n this.padding = null;\n }\n\n /**\n * Read a padding packet\n * @param {Uint8Array | ReadableStream} bytes\n */\n read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars\n // Padding packets are ignored, so this function is never called.\n }\n\n /**\n * Write the padding packet\n * @returns {Uint8Array} The padding packet.\n */\n write() {\n return this.padding;\n }\n\n /**\n * Create random padding.\n * @param {Number} length - The length of padding to be generated.\n * @throws {Error} if padding generation was not successful\n * @async\n */\n async createPadding(length) {\n this.padding = await crypto.random.getRandomBytes(length);\n }\n}\n\nexport default PaddingPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","Object","setPrototypeOf","this","prototype","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","isStream","globalThis","ReadableStream","isPrototypeOf","_read","_readableState","Error","isUint8Array","Uint8Array","concatUint8Array","arrays","length","totalLength","i","result","pos","forEach","element","set","undefined","read","async","value","done","readToEnd","join","slice","clone","then","push","write","chunk","close","abort","reason","process","versions","doneReadingSet","WeakSet","externalBuffer","Reader","reader","bind","_releaseLock","_cancel","cancel","doneReading","has","add","e","toStream","start","controller","enqueue","toArrayStream","concat","list","some","map","transform","transformWithCancel","all","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","options","transformStream","TransformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","pull","highWaterMark","WritableStream","error","finish","output","data","result1","result2","flush","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","destroy","arrayStream","shift","readLine","returnVal","buffer","streams.concat","lineEndIndex","indexOf","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","byteOffset","byteLength","filter","byValue","enums","curve","nistP256","p256","nistP384","p384","nistP521","p521","secp256k1","ed25519Legacy","ed25519","curve25519Legacy","curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","argon2","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","aedh","aedsa","x25519","x448","ed448","symmetric","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","sha3_256","sha3_512","webHash","aead","eax","ocb","gcm","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","padding","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuerKeyID","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","preferredCipherSuites","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","seipdv2","type","config","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","aeadProtect","parseAEADEncryptedV4KeysAsLegacy","preferredAEADAlgorithm","aeadChunkSizeByte","v6Keys","enableParsingV5Entities","s2kType","s2kIterationCountByte","s2kArgon2Params","passes","parallelism","memoryExponent","allowUnauthenticatedMessages","allowUnauthenticatedStream","minRSABits","passwordCollisionCheck","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","allowMissingKeyFlags","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","nonDeterministicSignaturesViaNotation","useEllipticFallback","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","debugMode","env","NODE_ENV","util","isString","String","nodeRequire","stream.isUint8Array","stream.isStream","getNobleCurve","publicKeyAlgo","curveName","defaultConfig","nobleCurves","noble_curves","readNumber","n","writeNumber","b","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","readExactSubarray","leftPad","padded","offset","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","hex","k","parseInt","uint8ArrayToHex","hexAlphabet","s","v","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","printDebug","log","printDebugError","x","r","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","webCrypto","crypto","subtle","getNodeCrypto","webcrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","sub","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","a","selectUint8","isAES","cipherAlgo","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","getType","header","match","addheader","customComment","getCheckSum","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","base64.encode","from","toString","btoa","atob","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","removeChecksum","body","lastEquals","lastIndexOf","unarmor","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","stream.isArrayStream","stream.readToEnd","messageType","partIndex","partTotal","emitChecksum","maybeBodyClone","stream.passiveClone","getLegacyCipher","algo","legacyCiphers","legacy_ciphers","cipher","getCipherBlockSize","getCipherKeySize","getCipherParams","keySize","blockSize","md5cycle","c","d","ff","gg","hh","ii","add32","cmn","q","md5blk","md5blks","hex_chr","rhex","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","update","digest","nobleHash","nobleHashName","webCryptoHashName","getNobleHash","nobleHashes","noble_hashes","hashInstance","create","hash$1","entree","state","substring","tail","md51","getHashByteLength","isBytes","lengths","exists","instance","checkFinished","destroyed","finished","out","min","outputLen","u8","arr","u32","createView","toBytes","utf8ToBytes","copyBytes","equalBytes","diff","wrapCipher","params","assign","setBigUint64","view","isLE","_32n","BigInt","_u32_max","wh","Number","wl","setUint32","isAligned32","clean","fill","BLOCK_SIZE","ZEROS16","ZEROS32","swapLE","GHASH","expectedLength","blockLen","s0","s1","s2","s3","abytes","kView","k0","getUint32","k1","k2","k3","doubles","W","estimateWindow","windows","windowSize","items","w","d0","d1","d2","d3","_updateBlock","o0","o1","o2","o3","mask","num","bytePos","bitPos","bit","e0","e1","e2","e3","aexists","b32","blocks","left","elm","digestInto","aoutput","o32","res","Polyval","ghKey","reverse","hiBit","carry","_toGHASHKey","wrapConstructorWithKey","hashCons","hashC","msg","tmp","ghash","EMPTY_BLOCK","POLY","mul2","mul","sbox","box","invSbox","_","rotr32_8","rotl32_8","byteSwap","word","genTtable","T0","T1","T2","T3","T01","T23","sbox2","Uint16Array","idx","tableEncoding","tableDecoding","xPowers","p","expandKeyLE","len","toClean","k32","Nk","subByte","applySbox","xk","expandKeyDecLE","encKey","apply0123","encrypt","rounds","t0","t1","t2","t3","decrypt","getDst","dst","ctrCounter","nonce","src","srcLen","ctr","c32","src32","dst32","ctr32","ctrPos","ctrNum","nonceLength","processCtr","plaintext","ciphertext","cbc","iv","opts","pcks5","disablePadding","o","_out","outLen","remaining","validateBlockEncrypt","_iv","n32","tmp32","paddingByte","padPCKS","validateBlockDecrypt","ps0","ps1","ps2","ps3","lastByte","validatePCKS","cfb","processCfb","isEncrypt","next32","tagLength","AAD","_computeTag","authKey","tagMask","aadLength","h","computeTag","deriveKeys","counter","nonceLen","g","passedTag","isBytes32","encryptBlock","block","decryptBlock","AESW","kek","a0","a1","chunks","AESKW_IV","aeskw","sum","pad","concatBytes","unsafe","knownAlgos","getCiphers","nodeAlgos","WebCryptoEncryptor","prevBlock","nextBlock","zeroBlock","isSupported","importKey","_runCBC","nonZeroIV","mode","keyRef","encryptChunk","missing","added","leftover","toEncrypt","encryptedBlocks","xorMut","encryptedBlock","curBlock","clearSensitiveData","ct","NobleStreamProcessor","forEncryption","nobleAesHelpers","getUint32Array","_runCFB","processChunk","toProcess","processedBlocks","processedBlock","aLength","algoName","decipherObj","createDecipheriv","nodeDecrypt","nobleAesCfb","aesDecrypt","cipherfn","block_size","blockp","decblock","pt","cipherObj","createCipheriv","nodeEncrypt","aesEncrypt","blockc","encblock","blockLength","rightXORMut","CMAC","CBC","padding2","err","nobleAesCbc","ivLength","zero","one","two","OMAC","cmac","CTR","en","final","nobleAesCtr","EAX","omac","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","T","xor","OCB","maxNtz","aes","encipher","decipher","crypt","m","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","checksum","xorInput","$","cipherInput","mask_x","mask_$","constructKeyVariables","crypted","ALGO","GCM","setAAD","getAuthTag","de","setAuthTag","_key","webcryptoEmptyMessagesUnsupported","userAgent","nobleAesGcm","additionalData","_0n","_1n","uint8ArrayToBigInt","mod","reduced","modExp","exp","lsb","abs","modInv","gcd","aInput","bInput","y","xPrev","yPrev","aNegated","bNegated","_egcd","bigIntToNumber","number","MAX_SAFE_INTEGER","getBit","bitLength","bitlen","_8n","bigIntToUint8Array","endian","rawLength","getRandomBytes","getRandomValues","getRandomBigInteger","modulus","randomProbablePrime","_30n","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","n1","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","count","randomBytes","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","hashed","emLen","hashPrefix","tLen","EM","privateToJWK","u","pNum","qNum","dNum","dq","dp","kty","qi","ext","publicToJWK","jwkToPrivate","jwk","format","constants","RSA_PKCS1_PADDING","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","publicEncrypt","bnEncrypt","keyGenOpt","modulusLength","publicExponent","keyPair","generateKey","exportKey","publicKeyEncoding","privateKeyEncoding","generateKeyPair","jwkPrivateKey","phi","hashAlgo","hashName","sign","webSign","createSign","nodeSign","bnSign","_2n","rde","verify","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","c1","c2","pSize","threshold","nacl","gf","init","Float64Array","randombytes","_9","gf0","gf1","_121665","D","D2","X","Y","I","ts64","l","crypto_verify_32","xi","yi","vn","set25519","car25519","sel25519","pack25519","neq25519","par25519","unpack25519","A","Z","M","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","z","f","x32","x16","crypto_scalarmult_base","K","crypto_hashblocks_hl","hl","bh0","bh1","bh2","bh3","bh4","bh5","bh6","bh7","bl0","bl1","bl2","bl3","bl4","bl5","bl6","bl7","th","tl","Int32Array","ah0","ah1","ah2","ah3","ah4","ah5","ah6","ah7","al0","al1","al2","al3","al4","al5","al6","al7","crypto_hash","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","reduce","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","TypeError","scalarMult","crypto_box_keypair","fromSecretKey","signedMsg","sm","smlen","crypto_sign","detached","sig","crypto_sign_open","fromSeed","seed","setPRNG","cleanup","knownOIDs","OID","oid","toHex","getName","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callback","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","lengthByte","nextPacket","UnsupportedError","captureStackTrace","UnknownPacketError","UnparseablePacket","rawContent","generate","webCryptoKey","getPayloadSize","utils","randomPrivateKey","getPublicKey","getPreferredHashAlgo","privateKeyToJWK","RS","publicKeyToJWK","crv","wrap","dataToWrap","wrappingKey","keyToWrap","wrapped","wrapKey","nobleAesKW","unwrap","wrappedData","unwrapped","unwrapKey","computeHKDF","inputKey","salt","info","importedKey","deriveBits","HKDF_INFO","generateEphemeralEncryptionMaterial","recipientA","ephemeralSecretKey","sharedSecret","assertNonZeroArray","ephemeralPublicKey","getSharedSecret","recomputeSharedSecret","acc","wrappedKey","hkdfInput","aesKW.unwrap","encryptionKey","aesKW.wrap","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","wireFormatLeadingByte","CurveWithOID","oidOrName","genKeyPair","namedCurve","jwkToRawPublic","webGenKeyPair","jsGenKeyPair","createECDH","generateKeys","getPrivateKey","nodeGenKeyPair","ecdhXGenerate","eddsaGenerate","validateStandardParams","Q","supportedCurves","dG","checkPublicPointEnconding","V","pointSize","nobleCurve","bufX","bufY","rawPublicToJWK","ecKeyUtils","nodeBuffer","derPrivateKey","generateDer","dsaEncoding","lowS","tryFallbackVerificationForOldBug","jsVerify","verified","derPublicKey","eddsaSign","eddsaVerify","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","ecdhXGenerateEphemeralEncryptionMaterial","recipient","public","webPublicEphemeralKey","jsPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","genPrivateEphemeralKey","ecdhXRecomputeSharedSecret","secret","webPrivateEphemeralKey","jsPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","C","pkcs5.decode","pkcs5.encode","xr","qSize","u1","u2","rsa","elliptic","signatureParams","rsSize","eddsa","publicKeyParams","privateKeyParams","publicParams","curveSize","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","fromObject","algorithm","followLength","checkSupportedCurve","getCurvePayloadSize","ecdhX","privateParams","prefixrandom","repeat","ECDHSymkey","sessionKeyParams","keyAlgo","symmetricAlgo","algosWithNativeRepresentation","orderedParams","keys","validateParams","algoModule","random","pkcs1","pkcs5","aesKW","Argon2OutOfMemoryError","loadArgonWasmModule","argon2Promise","Argon2S2K","encodedM","generateSalt","produceKey","passphrase","decodedM","index$1","default","version","password","memorySize","GenericS2K","getCount","numBytes","rlength","prefixlen","toHash","datalen","allowedS2KTypesForEncryption","newS2KFromType","newS2KFromConfig","u16","fleb","fdeb","clim","freb","eb","_a","fl","revfl","_b","fd","revfd","rev","hMap","cd","mb","co","le","rvb","sv","r_1","flt","fdt","flm","flrm","fdm","fdrm","bits16","shft","slc","BYTES_PER_ELEMENT","ec","ind","nt","code","wbits","wbits16","hTree","et","sort","i0","i1","i2","maxSym","tr","mbt","ln","dt","lft","cst","i2_1","i2_2","i2_3","lc","cl","cli","cln","cls","clen","cf","wfblk","dat","wblk","syms","lf","df","li","bl","dlt","mlb","ddt","mdb","_c","lclt","nlc","_d","lcdt","ndc","lcfreq","_e","lct","mlcb","nlcc","lm","ll","dm","dl","flen","ftlen","dtlen","llm","lcts","it","clct","deo","dopt","opt","pre","post","st","lvl","plvl","lst","msk_1","head","bs1_1","bs2_1","hsh","lc_1","wi","hv","imod","pimod","rem","ch_1","dif","maxn","maxd","ml","nl","mmd","md","ti","lin","din","dflt","level","mem","Deflate","cb","ondata","Inflate","bts","sl","noBuf","noSt","cbuf","nbuf","bt","lbt","dbt","tbts","hLit","hcLen","ldt","clt","clb","clbmsk","clm","lt","lms","dms","lpos","sym","dsym","inflt","Zlib","raw","lv","zlh","wbytes","Unzlib","td","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","KeyID","equals","keyID","matchWildcard","isWildcard","isNull","mapToHex","fromID","wildcard","SALT_NOTATION_NAME","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","unknownSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","saltLength","signatureMaterial","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","saltLengthForHash","saltValue","humanReadable","critical","writeHashedSubPackets","stream.slice","stream.clone","writeSubPacket","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLengthBytes","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","fromSignaturePacket","signaturePacket","isLast","onePassSig","flags","args","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","fromBinary","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","chunkSize","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","compressionFn","compress_fns","compressionStreamInstantiator","ZlibStreamedConstructor","inputData","zlibStream","processedData","compressorOrDecompressor","pipeThrough","inputReader","bzip2Decompress","bunzipDecode","getCompressionStreamInstantiators","compressionFormat","compressor","CompressionStream","decompressor","DecompressionStream","SymEncryptedIntegrityProtectedDataPacket","aeadAlgorithm","seip","cipherAlgorithm","chunkSizeByte","encrypted","sessionKeyAlgorithm","runAEAD","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","isSEIPDv2","isAEADP","getAEADMode","tagLengthIfDecrypting","tagLengthIfEncrypting","chunkIndexSizeIfAEADEP","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","ivView","latestPromise","cryptedBytes","queuedBytes","derived","modeInstance","size","stream.pipe","finalChunk","cryptedPromise","setInt32","desiredSize","AEADEncryptedDataPacket","PublicKeyEncryptedSessionKeyPacket","publicKeyID","publicKeyVersion","publicKeyFingerprint","sessionKey","encryptionKeyPacket","anonymousRecipient","pkesk","versionAndFingerprintLength","fingerprintLength","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","hasEncryptedAlgo","sessionKeyData","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","s2kLen","fieldsLen","generateSessionKey","PublicKeyPacket","expirationTimeV3","fromSecretKeyPacket","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","versionOctet","lengthOctets","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","PublicSubkeyPacket","fromSecretSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","isLegacyAEAD","usedModernAEAD","startOfSecretKeyData","unparseableKeyMaterial","cleartext","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","serializedPacketTag","produceEncryptionKey","associateData","cleartextWithHash","validate","validParams","generateParams","keyVersion","aeadMode","derivedKey","UserIDPacket","email","comment","components","matches","exec","groups","trim","otherUserID","SecretSubkeyPacket","Signature","packetlist","getSigningKeyIDs","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","recipientKeys","signingKeyPacket","recipientUserIDs","targetKeys","targetUserIDs","defaultAlgo","preferredSenderAlgo","supportedAlgosPerTarget","getPrimarySelfSignature","supportedAlgosMap","Map","supportedAlgos","supportedAlgo","isSupportedHashAlgo","getStrongestSupportedHashAlgo","strongestHashAlgo","algoA","algoB","preferredCurveAlgo","getPreferredCurveHashAlgo","preferredSenderAlgoIsSupported","preferredSenderAlgoStrongerThanCurveAlgo","strongestSupportedAlgo","mergeSignatures","source","dest","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","isHardRevocation","sanitizeKeyOptions","subkeyDefaults","validateSigningKeyPacket","validateEncryptionKeyPacket","validateDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","certify","signingKeys","isPrivate","signingKey","getSigningKey","isRevoked","certificate","verifyCertificate","verificationKeys","issuerKeys","getKeys","verifyAllCertifications","certifications","certification","valid","selfCertification","sourceUser","srcSelfSig","srcRevSig","revoke","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","helper.checkKeyRequirements","helper.validateSigningKeyPacket","getEncryptionKey","helper.validateEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","getPrimaryUser","primaryUser","B","pop","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","getRevocationCertificate","applyRevocationCertificate","revocationCertificate","signPrimaryUser","privateKeys","userSign","signAllUsers","verifyPrimaryUser","verifyAllUsers","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","pubSubkeyPacket","getDecryptionKeys","helper.validateDecryptionKeyPacket","Boolean","addSubkey","defaultOptions","getDefaultSubkeyType","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","getKeySignatureProperties","symmetricAlgorithms","aeadAlgorithms","flatMap","symmetricAlgorithm","userIDs","userIDPacket","subkeyOptions","subkeySignaturePacket","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","symEncryptedPacketlist","symEncryptedPacket","expectedSymmetricAlgorithm","sessionKeyObjects","decryptSessionKeys","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgo","selfSigs","selfSig","defaultCipherSuite","desiredCipherSuites","desiredCipherSuite","cipherSuite","defaultSymAlgo","desiredSymAlgo","getPreferredCipherSuite","symmetricAlgoName","aeadAlgoName","maybeKey","encryptionKeyIDs","aeadAlgorithmName","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","signingUserIDs","literalDataPacket","signaturePackets","createSignaturePackets","onePassSignaturePackets","signDetached","recipientKeyIDs","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","appendSignature","detachedSignature","trailingPacket","signingUserID","existingSigPacketlist","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","CleartextMessage","newSignature","emitHeaderAndChecksum","checkMessage","checkCleartextOrMessage","checkOutputMessageFormat","defaultConfigPropsCount","checkConfig","inputConfigProps","inputProp","toArray","convertStream","linkStreams","formatObject","object","isSafeInteger","rotr","rotl","byteSwap32","Hash","_cloneInto","wrapConstructor","bytesLength","Chi","Maj","HashMD","padOffset","take","dataView","roundClean","oview","to","SHA256_K","SHA256_IV","SHA256_W","SHA256","E","F","G","H","W15","W2","SHA224","HMAC","assertHash","iHash","oHash","assertExists","assertBytes","hmac","abool","title","hexes","padStart","bytesToHex","numberToHexUnpadded","hexToNumber","asciis","_0","_A","_F","_f","asciiToBase16","char","hexToBytes","al","ai","hi","n2","bytesToNumberBE","bytesToNumberLE","numberToBytesBE","numberToBytesLE","ensureBytes","isPosBig","inRange","aInRange","bitLen","bitMask","u8n","u8fr","createHmacDrbg","hashLen","qByteLen","hmacFn","reset","reseed","gen","pred","validatorFns","bigint","val","function","boolean","stringOrUint8Array","field","Fp","isValid","validateObject","validators","optValidators","checkField","fieldName","isOptional","checkVal","memoized","WeakMap","arg","_3n","_4n","_5n","pow","pow2","invert","FpSqrt","P","p1div4","root","eql","sqr","nv","ONE","legendreC","Q1div2","neg","ZERO","ge","tonelliShanks","FIELD_FIELDS","nLength","nBitLength","_nBitLength","nByteLength","Field","ORDER","redef","BITS","BYTES","sqrtP","freeze","MASK","is0","isOdd","lhs","rhs","FpPow","div","sqrN","addN","subN","mulN","inv","sqrt","invertBatch","nums","lastMultiplied","inverted","reduceRight","FpInvertBatch","cmov","fromBytes","getFieldBytesLength","fieldOrder","getMinHashLength","pointPrecomputes","pointWindowSizes","wNAF","constTimeNegate","condition","negate","validateW","unsafeLadder","precomputeWindow","points","base","window","precomputes","BASE","maxNumber","shiftBy","offset1","offset2","cond1","cond2","wNAFCached","comp","setWindowSize","delete","pippenger","scalars","buckets","lastBits","scalar","resI","sumI","validateBasic","Gx","Gy","validateSigVerOpts","prehash","b2n","h2b","ut","DER","Err","_tlv","dataLen","ut.numberToHexUnpadded","lenLen","first","lengthBytes","_int","toSig","int","tlv","ut.abytes","seqBytes","seqLeftBytes","rBytes","rLeftBytes","sBytes","sLeftBytes","hexFromSig","seq","weierstrassPoints","CURVE","ut.validateObject","allowedPrivateKeyLengths","wrapPrivateKey","isTorsionFree","clearCofactor","allowInfinityPoint","endo","beta","splitScalar","validatePointOpts","Fn","mod.Field","point","_isCompressed","toAffine","ut.concatBytes","weierstrassEquation","x2","x3","normPrivateKeyToScalar","N","ut.isBytes","ut.bytesToHex","ut.bytesToNumberBE","mod.mod","ut.aInRange","assertPrjPoint","Point","toAffineMemo","iz","px","py","pz","ax","ay","zz","assertValidMemo","right","fromAffine","normalizeZ","toInv","fromHex","assertValidity","fromPrivateKey","multiply","msm","_setWindowSize","wnaf","hasEvenY","X1","Y1","Z1","X2","Y2","Z2","U1","U2","X3","Y3","Z3","subtract","multiplyUnsafe","sc","k1neg","k2neg","k1p","k2p","fake","f1p","f2p","multiplyAndAddUnsafe","cofactor","toRawBytes","isCompressed","_bits","ProjectivePoint","isWithinCurveOrder","ut.inRange","weierstrass","curveDef","bits2int","bits2int_modN","validateOpts","compressedLen","uncompressedLen","modN","CURVE_ORDER","invN","mod.invert","cat","y2","sqrtError","suffix","numToNByteStr","ut.numberToBytesBE","isBiggerThanHalfOrder","slcNum","recovery","fromCompact","fromDER","addRecoveryBit","recoverPublicKey","msgHash","rec","radj","R","ir","hasHighS","normalizeS","toDERRawBytes","ut.hexToBytes","toDERHex","toCompactRawBytes","toCompactHex","isValidPrivateKey","mod.getMinHashLength","fieldLen","minLen","mod.mapHashToField","precompute","isProbPub","delta","ORDER_MASK","ut.bitMask","int2octets","prepSig","defaultSigOpts","extraEntropy","ent","h1int","seedArgs","k2sig","kBytes","ik","normS","defaultVerOpts","privateA","publicB","privKey","ut.createHmacDrbg","drbg","sg","_sig","derError","is","getHash","msgs","createCurve","defHash","U32_MASK64","fromBig","Ah","Al","rotlSH","rotlSL","rotlBH","rotlBL","u64","toBig","shrSH","_l","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","rotr32H","_h","rotr32L","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5H","Eh","add5L","El","SHA512_Kh","SHA512_Kl","SHA512_W_H","SHA512_W_L","SHA512","Fh","Fl","Gh","Gl","Hh","Hl","W15h","W15l","s0h","s0l","W2h","W2l","s1h","s1l","SUMl","SUMh","sigma1h","sigma1l","CHIh","CHIl","T1ll","T1h","T1l","sigma0h","sigma0l","MAJh","MAJl","All","SHA384","SHA3_PI","SHA3_ROTL","_SHA3_IOTA","_7n","_256n","_0x71n","round","SHA3_IOTA_H","SHA3_IOTA_L","rotlH","rotlL","Keccak","enableXOF","posOut","state32","keccak","idx1","idx0","B0","B1","Th","Tl","curH","curL","PI","keccakP","writeInto","bufferOut","xofInto","xof","shake256","wrapXOFConstructorWithOpts","dkLen","genShake","VERIFY_DEFAULT","zip215","twistedEdwards","adjustScalarBytes","domain","uvRatio","mapToCurve","cHash","modP","ctx","phflag","aCoordinate","assertPoint","ex","ey","ez","Z4","aX2","X1Z2","X2Z1","Y1Z2","Y2Z1","x1y1","isSmallOrder","normed","ut.bytesToNumberLE","isXOdd","isLastByteOdd","getExtendedPublicKey","ut.numberToBytesLE","modN_LE","pointBytes","hashDomainToScalar","context","verifyOpts","SB","ExtendedPoint","montgomery","montgomeryBits","powPminus2","Gu","montgomeryBytes","swap","x_2","x_3","dummy","a24","encodeUCoordinate","pointU","uEnc","decodeUCoordinate","_scalar","decodeScalar","pu","x_1","sw","z_2","z_3","k_t","AA","BB","DA","CB","dacb","da_cb","z2","montgomeryLadder","GuBytes","scalarMultBase","shake256_114","ed448P","_11n","_22n","_44n","_88n","_223n","ed448_pow_Pminus3div4","b22","b44","b88","b176","b220","b222","b223","ED448_DEF","u2v","u3v","u5v3","secp256k1P","secp256k1N","divNearest","_6n","_23n","a2","POW_2_128","des","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","looping","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","f1","f2","f3","scheduleA","scheduleB","sBox","inn","ki","half","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","dataL","dataR","parray","vector","off","ret","_decryptBlock","jj","kk","BlowFish","TwoFish","SHA1_IV","SHA1_W","SHA1","Rho","Id","Pi","idxL","idxR","shiftsL","shiftsR","Kl","Kr","group","R_BUF","RIPEMD160","h0","h1","h2","h3","h4","ar","br","cr","dr","el","er","rGroup","hbl","hbr","rl","rr","sr","ripemd160","ADD64","INC64","ix","iy","xor0","xor1","BLAKE2B_IV32","SIGMA","f0","i16","Blake2b","outlen","personal","BLOCKBYTES","OUTBYTES_MAX","params32","prealloc","TYPE","VERSION","TAGBYTES_MAX","TAGBYTES_MIN","SALTBYTES_MAX","SALTBYTES_MIN","passwordBYTES_MAX","passwordBYTES_MIN","MEMBYTES_MAX","ADBYTES_MAX","SECRETBYTES_MAX","ARGON2_BLOCK_SIZE","ARGON2_PREHASH_DIGEST_LENGTH","LE32","LE64","H_","V1_in","blake2b","V_r1","XOR","wasmContext","xs","ys","refs","gZ","G2","makePRNG","pass","lane","m_","totalPasses","segmentLength","segmentOffset","prngTmp","g2","ZERO1024","prngR","KB","WASM_PAGE_SIZE","argon2id","memory","wasmInstance","ad","assertLength","lanes","wasmG","wasmG2","wasmXOR","getLZ","wasmLZ","exports","wasmRefs","wasmFn","requiredMemory","grow","lz","newBlock","blockMemory","allocatedMemory","H0","ZERO32","concatArrays","outputBuffer","getH0","initBlock","isDataIndependent","PRNG","J1J2","next","isSIMDSupported","setupWasm","getSIMD","getNonSIMD","WebAssembly","Memory","initial","maximum","wasmModule","importObject","loaded","wasmLoader","instanceObject","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","seek","n_bit","n_byte","pi","bufToHex","bitreader","Stream","Stream$1","bufOffset","new_pos","writeByte","_byte","crc32Lookup","crc32","getCRC","updateCRC","updateCRCRun","require$$0","require$$1","CRC32","require$$2","mtf","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","status","optDetail","errorCode","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","maxLen","MAX_HUFCODE_BITS","permute","limit","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","lib","multistream","bz","targetStreamCRC","decodeBlock","writeCopies","table","delegate","position","assert","createPadding","rest","unknownOptions","streamType","literalDataPacketlist","expectSigned","publicKeys","clonedPrivateKey","passphrases","encryptionUserIDs","signatureNotations","senderAlgoSupport","recipientPrefs","getPreferredCompressionAlgo","checkBinary","checkString","helper.generateSecretKey","cleartextMessage","checkHashAlgos","hashAlgos","check","hashHeader","parsedHashIDs","armoredKey","binaryKey","keyIndex","armoredKeys","binaryKeys","newKey","armoredMessage","binaryMessage","firstPrivateKeyList","oneKeyList","armoredSignature","binarySignature","reformattedKey","sanitize","reformat","revokedKey"],"mappings":";6bAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxB,WAAAC,GACEC,QAEAC,OAAOC,eAAeC,KAAMN,EAAYO,WAExCD,KAAKX,GAAsB,IAAIa,SAAQ,CAACC,EAASC,KAC/CJ,KAAKT,GAAsBY,EAC3BH,KAAKR,GAAqBY,CAAM,IAElCJ,KAAKX,GAAoBgB,OAAM,QACnC,EAsCA,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAab,MAAMc,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,CACX,CACEX,KAAKgB,OAAST,CAChB,CCjEA,SAASU,EAASV,GAChB,GAAID,EAAcC,GAChB,MAAO,QAET,GAAIW,EAAWC,gBAAkBD,EAAWC,eAAelB,UAAUmB,cAAcb,GACjF,MAAO,MAGT,GAAIA,KACAW,EAAWC,gBAAkBZ,aAAiBW,EAAWC,iBACpC,mBAAhBZ,EAAMc,OAAwD,iBAAzBd,EAAMe,eAClD,MAAUC,MAAM,sIAElB,SAAIhB,IAASA,EAAMC,YACV,UAGX,CAOA,SAASgB,EAAajB,GACpB,OAAOkB,WAAWxB,UAAUmB,cAAcb,EAC5C,CAOA,SAASmB,EAAiBC,GACxB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACtC,IAAKN,EAAaG,EAAOG,IACvB,MAAUP,MAAM,8DAGlBM,GAAeF,EAAOG,GAAGF,MAC7B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAAQ,SAAUC,GACvBH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MACnB,IAESG,CACT,CD3CArC,EAAYO,UAAUO,UAAY,WAIhC,YAH2B4B,IAAvBpC,KAAKP,KACPO,KAAKP,GAAgB,GAEhB,CACL4C,KAAMC,gBACEtC,KAAKX,GACPW,KAAKP,KAAkBO,KAAK4B,OACvB,CAAEW,WAAOH,EAAWI,MAAM,GAE5B,CAAED,MAAOvC,KAAKA,KAAKP,MAAkB+C,MAAM,IAGxD,EAEA9C,EAAYO,UAAUwC,UAAYH,eAAeI,SACzC1C,KAAKX,GACX,MAAM0C,EAASW,EAAK1C,KAAK2C,MAAM3C,KAAKP,KAEpC,OADAO,KAAK4B,OAAS,EACPG,CACT,EAEArC,EAAYO,UAAU2C,MAAQ,WAC5B,MAAMA,EAAQ,IAAIlD,EAIlB,OAHAkD,EAAMvD,GAAsBW,KAAKX,GAAoBwD,MAAK,KACxDD,EAAME,QAAQ9C,KAAK,IAEd4C,CACT,EAkCAlC,EAAOT,UAAU8C,MAAQT,eAAeU,GACtChD,KAAKgB,OAAO8B,KAAKE,EACnB,EAOAtC,EAAOT,UAAUgD,MAAQX,iBACvBtC,KAAKgB,OAAOzB,IACd,EAOAmB,EAAOT,UAAUiD,MAAQZ,eAAea,GAEtC,OADAnD,KAAKgB,OAAOxB,GAAmB2D,GACxBA,CACT,EAOAzC,EAAOT,UAAUY,YAAc,WAAa,EC5GC,iBAAvBK,EAAWkC,SACxBlC,EAAWkC,QAAQC,SCA5B,MAAMC,EAAiB,IAAIC,QAMrBC,EAAiBlE,OAAO,kBAS9B,SAASmE,EAAOlD,GAKd,GAJAP,KAAKgB,OAAST,EACVA,EAAMiD,KACRxD,KAAKwD,GAAkBjD,EAAMiD,GAAgBb,SAE3CrC,EAAcC,GAAQ,CACxB,MAAMmD,EAASnD,EAAMC,YAIrB,OAHAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,YACpB5D,KAAK6D,QAAU,OAEnB,CAEE,GADiB5C,EAASV,GACV,CACd,MAAMmD,EAASnD,EAAMC,YAOrB,OANAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,KAClBF,EAAO5C,OAAOT,OAAM,eACpBqD,EAAO7C,aAAa,OAEtBb,KAAK6D,QAAUH,EAAOI,OAAOH,KAAKD,GAEtC,CACE,IAAIK,GAAc,EAClB/D,KAAKqB,MAAQiB,SACPyB,GAAeT,EAAeU,IAAIzD,GAC7B,CAAEgC,WAAOH,EAAWI,MAAM,IAEnCuB,GAAc,EACP,CAAExB,MAAOhC,EAAOiC,MAAM,IAE/BxC,KAAK4D,aAAe,KAClB,GAAIG,EACF,IACET,EAAeW,IAAI1D,EACpB,CAAC,MAAM2D,GAAG,CACjB,CAEA,CC/CA,SAASC,EAAS5D,GAEhB,OADiBU,EAASV,GAEjBA,EAEF,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJA,EAAWC,QAAQ/D,GACnB8D,EAAWpB,OACjB,GAEA,CAOA,SAASsB,EAAchE,GACrB,GAAIU,EAASV,GACX,OAAOA,EAET,MAAMS,EAAS,IAAItB,EAMnB,MALA,WACE,MAAMiB,EAASC,EAAUI,SACnBL,EAAOoC,MAAMxC,SACbI,EAAOsC,OACd,EAJD,GAKOjC,CACT,CAQA,SAASwD,EAAOC,GACd,OAAIA,EAAKC,MAAK1D,GAAUC,EAASD,KAAYV,EAAcU,KAiB7D,SAAsByD,GACpBA,EAAOA,EAAKE,IAAIR,GAChB,MAAMS,EAAYC,GAAoBvC,eAAea,SAC7CjD,QAAQ4E,IAAIC,EAAWJ,KAAI3D,GAAU8C,EAAO9C,EAAQmC,KAC9D,IACE,IAAI6B,EAAO9E,QAAQC,UACnB,MAAM4E,EAAaN,EAAKE,KAAI,CAAC3D,EAAQc,IAAMmD,EAAcjE,GAAQ,CAACkE,EAAUC,KAC1EH,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKF,EAAUN,EAAUO,SAAU,CACxDE,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,OAET,OAAOJ,EAAUM,QACnB,CA7BWI,CAAab,GAElBA,EAAKC,MAAK1D,GAAUV,EAAcU,KAkCxC,SAA2ByD,GACzB,MAAM1C,EAAS,IAAIrC,EACnB,IAAIsF,EAAO9E,QAAQC,UAOnB,OANAsE,EAAKxC,SAAQ,CAACjB,EAAQc,KACpBkD,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKpE,EAAQe,EAAQ,CAC1CsD,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,KAEFjD,CACT,CA3CWwD,CAAkBd,GAEJ,iBAAZA,EAAK,GACPA,EAAK/B,KAAK,IAEZhB,EAAiB+C,EAC1B,CA+CAnC,eAAe8C,EAAK7E,EAAOiF,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzE,EAASV,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4D,EAAS5D,GACjB,IACE,GAAIA,EAAMiD,GAAiB,CACzB,MAAM7C,EAASC,EAAU4E,GACzB,IAAK,IAAI1D,EAAI,EAAGA,EAAIvB,EAAMiD,GAAgB5B,OAAQE,UAC1CnB,EAAOgF,YACPhF,EAAOoC,MAAMxC,EAAMiD,GAAgB1B,IAE3CnB,EAAOE,aACf,OACYN,EAAMqF,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,iBAEH,CAAC,MAAMxB,GAAG,CACX,MACJ,CAEE,MAAMR,EAASlD,EADfD,EAAQgE,EAAchE,IAEhBI,EAASC,EAAU4E,GACzB,IAEE,OAAa,OACL7E,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACH6C,SAAoB1E,EAAOsC,QAChC,KACR,OACYtC,EAAOoC,MAAMR,EACzB,CACG,CAAC,MAAO2B,GACFuB,SAAoB9E,EAAOuC,MAAMgB,EAC1C,CAAY,QACRR,EAAO7C,cACPF,EAAOE,aACX,CACA,CAQA,SAASgF,EAAatF,EAAOuF,GAC3B,MAAMC,EAAkB,IAAIC,gBAAgBF,GAE5C,OADAV,EAAK7E,EAAOwF,EAAgBZ,UACrBY,EAAgBb,QACzB,CAOA,SAASL,EAAoBoB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLpB,SAAU,IAAI/D,eAAe,CAC3B,KAAAiD,CAAMC,GACJ+B,EAAmB/B,CACpB,EACD,IAAAkC,GACML,EACFA,IAEAG,GAAS,CAEZ,EACD,YAAMvC,CAAOX,GACXmD,GAAY,EACRL,SACIA,EAAa9C,GAEjBgD,GACFA,EAAgChD,EAE1C,GACO,CAACqD,cAAe,IACnBrB,SAAU,IAAIsB,eAAe,CAC3B1D,MAAOT,eAAeU,GACpB,GAAIsD,EACF,MAAU/E,MAAM,uBAElB6E,EAAiB9B,QAAQtB,GACpBqD,EAQHA,GAAS,SAPH,IAAInG,SAAQ,CAACC,EAASC,KAC1B8F,EAAmC/F,EACnCgG,EAAkC/F,CAAM,IAE1C8F,EAAmC,KACnCC,EAAkC,KAIrC,EACDlD,MAAOmD,EAAiBnD,MAAMU,KAAKyC,GACnClD,MAAOkD,EAAiBM,MAAM/C,KAAKyC,KAGzC,CASA,SAASxB,EAAUrE,EAAO6C,EAAU,KAAe,EAAEuD,EAAS,KAAe,GAC3E,GAAIrG,EAAcC,GAAQ,CACxB,MAAMqG,EAAS,IAAIlH,EAgBnB,MAfA,WACE,MAAMiB,EAASC,EAAUgG,GACzB,IACE,MAAMC,QAAapE,EAAUlC,GACvBuG,EAAU1D,EAAQyD,GAClBE,EAAUJ,IAChB,IAAI5E,EACgDA,OAApCK,IAAZ0E,QAAqC1E,IAAZ2E,EAAgCvC,EAAO,CAACsC,EAASC,SACpD3E,IAAZ0E,EAAwBA,EAAUC,QAC1CpG,EAAOoC,MAAMhB,SACbpB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,CACK,EAdD,GAeO0C,CACX,CACE,GAAI3F,EAASV,GACX,OAAOsF,EAAatF,EAAO,CACzB,eAAMqE,CAAUrC,EAAO8B,GACrB,IACE,MAAMtC,QAAeqB,EAAQb,QACdH,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACO,EACD,WAAM8C,CAAM3C,GACV,IACE,MAAMtC,QAAe4E,SACNvE,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACA,IAGE,MAAM4C,EAAU1D,EAAQ7C,GAClBwG,EAAUJ,IAChB,YAAgBvE,IAAZ0E,QAAqC1E,IAAZ2E,EAA8BvC,EAAO,CAACsC,EAASC,SACzD3E,IAAZ0E,EAAwBA,EAAUC,CAC3C,CAWA,SAAS9B,EAAc1E,EAAO0G,GAC5B,GAAIhG,EAASV,KAAWD,EAAcC,GAAQ,CAC5C,IAAI2G,EACJ,MAAMC,EAAW,IAAInB,gBAAgB,CACnC,KAAA5B,CAAMC,GACJ6C,EAA8B7C,CACtC,IAGU+C,EAAkBhC,EAAK7E,EAAO4G,EAAShC,UAEvCkC,EAAWxC,GAAoBvC,eAAea,GAClD+D,EAA4BR,MAAMvD,SAC5BiE,QACA,IAAIlH,QAAQoH,WACxB,IAEI,OADAL,EAAGE,EAASjC,SAAUmC,EAASlC,UACxBkC,EAASnC,QACpB,CACE3E,EAAQgE,EAAchE,GACtB,MAAMqG,EAAS,IAAIlH,EAEnB,OADAuH,EAAG1G,EAAOqG,GACHA,CACT,CAWA,SAASW,EAAMhH,EAAO0G,GACpB,IAAIO,EACJ,MAAMC,EAAcxC,EAAc1E,GAAO,CAAC2E,EAAUC,KAClD,MAAMzB,EAASlD,EAAU0E,GACzBxB,EAAOgE,UAAY,KACjBhE,EAAO7C,cACPuE,EAAKF,EAAUC,GACRsC,GAETD,EAAcP,EAAGvD,EAAO,IAE1B,OAAO8D,CACT,CA4BA,SAAS5E,EAAMrC,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqC,QAEf,GAAI3B,EAASV,GAAQ,CACnB,MAAMoH,EAxBV,SAAapH,GACX,GAAID,EAAcC,GAChB,MAAUgB,MAAM,qDAElB,GAAIN,EAASV,GAAQ,CACnB,MAAMoH,EAAOxD,EAAS5D,GAAOqH,MAE7B,OADAD,EAAK,GAAGnE,GAAkBmE,EAAK,GAAGnE,GAAkBjD,EAAMiD,GACnDmE,CACX,CACE,MAAO,CAAChF,EAAMpC,GAAQoC,EAAMpC,GAC9B,CAciBqH,CAAIrH,GAEjB,OADAsH,EAAUtH,EAAOoH,EAAK,IACfA,EAAK,EAChB,CACE,OAAOhF,EAAMpC,EACf,CAUA,SAASuH,EAAavH,GACpB,OAAID,EAAcC,GACTqC,EAAMrC,GAEXU,EAASV,GACJ,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJ,MAAMoD,EAAcxC,EAAc1E,GAAO+B,MAAO4C,EAAUC,KACxD,MAAMzB,EAASlD,EAAU0E,GACnBvE,EAASC,EAAUuE,GACzB,IAEE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,IAAM6B,EAAWpB,OAAU,CAAC,MAAMiB,GAAG,CAErC,kBADMvD,EAAOsC,OAE7B,CACc,IAAMoB,EAAWC,QAAQ/B,EAAO,CAAG,MAAM2B,GAAG,OACtCvD,EAAOoC,MAAMR,EACjC,CACW,CAAC,MAAM2B,GACNG,EAAWqC,MAAMxC,SACXvD,EAAOuC,MAAMgB,EAC/B,KAEQ2D,EAAUtH,EAAOkH,EACzB,IAGS9E,EAAMpC,EACf,CAQA,SAASsH,EAAUtH,EAAOqC,GAExB9C,OAAOiI,QAAQjI,OAAOkI,0BAA0BzH,EAAMX,YAAYK,YAAYgC,SAAQ,EAAEgG,EAAMC,MAC/E,gBAATD,IAGAC,EAAW3F,MACb2F,EAAW3F,MAAQ2F,EAAW3F,MAAMoB,KAAKf,GAEzCsF,EAAWC,IAAMD,EAAWC,IAAIxE,KAAKf,GAEvC9C,OAAOsI,eAAe7H,EAAO0H,EAAMC,GAAW,GAElD,CAOA,SAASvF,EAAMpC,EAAO8H,EAAM,EAAGC,EAAIC,KACjC,GAAIjI,EAAcC,GAChB,MAAUgB,MAAM,mBAElB,GAAIN,EAASV,GAAQ,CACnB,GAAI8H,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAO3C,EAAatF,EAAO,CACzB,SAAAqE,CAAUrC,EAAO8B,GACXmE,EAAYF,GACVE,EAAYjG,EAAMX,QAAUyG,GAC9BhE,EAAWC,QAAQ3B,EAAMJ,EAAOkG,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAajG,EAAMX,QAEnByC,EAAWsE,WAEvB,GAEA,CACI,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAOhE,EAAUrE,GAAOgC,IAClBA,EAAMX,SAAWyG,EAAOO,EAAY,CAACrG,GACpCqG,EAAU9F,KAAKP,EAAM,IACzB,IAAMI,EAAM6B,EAAOoE,GAAYP,EAAOC,IAC/C,CACI,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAOhE,EAAUrE,GAAOgC,IACtB,MAAMiF,EAAcoB,EAAYpE,EAAO,CAACoE,EAAWrG,IAAUA,EAC7D,GAAIiF,EAAY5F,SAAW0G,EAEzB,OADAM,EAAYjG,EAAM6E,EAAac,GACxB3F,EAAM6E,EAAaa,EAAOC,GAEjCM,EAAYpB,CAAW,GAEjC,CAEI,OADAqB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUzG,SAAYK,QAAYF,EAAUlC,GAAQ8H,EAAOC,IACtE,CAIE,OAHI/H,EAAMiD,KACRjD,EAAQiE,EAAOjE,EAAMiD,GAAgBgB,OAAO,CAACjE,MAE3CiB,EAAajB,GACRA,EAAMyI,SAASX,EAAOC,IAAQC,IAAWhI,EAAMqB,OAAS0G,GAE1D/H,EAAMoC,MAAM0F,EAAOC,EAC5B,CASAhG,eAAeG,EAAUlC,EAAOmC,EAAK8B,GACnC,OAAIlE,EAAcC,GACTA,EAAMkC,UAAUC,GAErBzB,EAASV,GACJC,EAAUD,GAAOkC,UAAUC,GAE7BnC,CACT,CASA+B,eAAewB,EAAOvD,EAAO4C,GAC3B,GAAIlC,EAASV,GAAQ,CACnB,GAAIA,EAAMuD,OAAQ,CAChB,MAAMwC,QAAkB/F,EAAMuD,OAAOX,GAGrC,aADM,IAAIjD,QAAQoH,YACXhB,CACb,CACI,GAAI/F,EAAM0I,QAGR,OAFA1I,EAAM0I,QAAQ9F,SACR,IAAIjD,QAAQoH,YACXnE,CAEb,CACA,CAOA,SAAS4F,EAAU9B,GACjB,MAAMiC,EAAc,IAAIxJ,EAUxB,MATA,WACE,MAAMiB,EAASC,EAAUsI,GACzB,UACQvI,EAAOoC,YAAYkE,WACnBtG,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,CACG,EARD,GASOgF,CACT,CAOA,SAAS1I,EAAUD,GACjB,OAAO,IAAIkD,EAAOlD,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CDhfAkD,EAAOxD,UAAUoC,KAAOC,iBACtB,GAAItC,KAAKwD,IAAmBxD,KAAKwD,GAAgB5B,OAAQ,CAEvD,MAAO,CAAEY,MAAM,EAAOD,MADRvC,KAAKwD,GAAgB2F,QAEvC,CACE,OAAOnJ,KAAKqB,OACd,EAKAoC,EAAOxD,UAAUY,YAAc,WACzBb,KAAKwD,KACPxD,KAAKgB,OAAOwC,GAAkBxD,KAAKwD,IAErCxD,KAAK4D,cACP,EAKAH,EAAOxD,UAAU6D,OAAS,SAASX,GACjC,OAAOnD,KAAK6D,QAAQV,EACtB,EAOAM,EAAOxD,UAAUmJ,SAAW9G,iBAC1B,IACI+G,EADAC,EAAS,GAEb,MAAQD,GAAW,CACjB,IAAI7G,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OAEjC,GADAE,GAAS,GACLC,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAEF,MAAME,EAAejH,EAAMkH,QAAQ,MAAQ,EACvCD,IACFH,EAAYE,EAAeD,EAAO9E,OAAOjC,EAAMmH,OAAO,EAAGF,KACzDF,EAAS,IAEPE,IAAiBjH,EAAMX,QACzB0H,EAAOxG,KAAKP,EAAMmH,OAAOF,GAE/B,CAEE,OADAxJ,KAAK2J,WAAWL,GACTD,CACT,EAOA5F,EAAOxD,UAAU2J,SAAWtH,iBAC1B,MAAME,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,OACV,MAAMqH,EAAOtH,EAAM,GAEnB,OADAvC,KAAK2J,QAAQG,EAAcvH,EAAO,IAC3BsH,CACT,EAOApG,EAAOxD,UAAU8J,UAAYzH,eAAeV,GAC1C,MAAM0H,EAAS,GACf,IAAIU,EAAe,EAEnB,OAAa,CACX,MAAMxH,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAIF,GAFAA,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBpI,EAAQ,CAC1B,MAAMqI,EAAeV,EAAeD,GAEpC,OADAtJ,KAAK2J,QAAQG,EAAcG,EAAcrI,IAClCkI,EAAcG,EAAc,EAAGrI,EAC5C,CACA,CACA,EAOA6B,EAAOxD,UAAUiK,UAAY5H,eAAeV,GAC1C,MAAMuI,QAAcnK,KAAK+J,UAAUnI,GAEnC,OADA5B,KAAK2J,QAAQQ,GACNA,CACT,EAOA1G,EAAOxD,UAAU0J,QAAU,YAAYS,GAChCpK,KAAKwD,KACRxD,KAAKwD,GAAkB,IAGL,IAAlB4G,EAAOxI,QAAgBJ,EAAa4I,EAAO,KAC3CpK,KAAKwD,GAAgB5B,QAAUwI,EAAO,GAAGxI,QACzC5B,KAAKwD,GAAgB,GAAG6G,YAAcD,EAAO,GAAGxI,OAEhD5B,KAAKwD,GAAgB,GAAK,IAAI/B,WAC5BzB,KAAKwD,GAAgB,GAAG8F,OACxBtJ,KAAKwD,GAAgB,GAAG6G,WAAaD,EAAO,GAAGxI,OAC/C5B,KAAKwD,GAAgB,GAAG8G,WAAaF,EAAO,GAAGxI,QAInD5B,KAAKwD,GAAgBmG,WAAWS,EAAOG,QAAOhI,GAASA,GAASA,EAAMX,SACxE,EAQA6B,EAAOxD,UAAUwC,UAAYH,eAAeI,EAAK6G,GAC/C,MAAMxH,EAAS,GAEf,OAAa,CACX,MAAMS,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,MACVT,EAAOe,KAAKP,EAChB,CACE,OAAOG,EAAKX,EACd,EExMA,MAAMyI,EAAUlL,OAAO,WAER,IAAAmL,EAAA,CAObC,MAAO,CAELC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,UAA0B,YAG1BC,cAA0B,gBAE1BC,QAA0B,gBAG1BC,iBAA0B,mBAE1BC,WAA0B,mBAG1BC,gBAAyB,kBAGzBC,gBAAyB,kBAGzBC,gBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,OAAQ,EACRC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAENxB,QAAS,GAETyB,MAAO,IAOTC,UAAW,CAETC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,GACRC,SAAU,GACVC,SAAU,IAOZC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXjD,UAAW,EACXkD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,GACnBC,QAAS,IAOXC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRrB,UAAW,CAETkB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,YAAa,GACbC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,GACzBC,sBAAuB,IAOzBR,SAAU,CAERS,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTxH,UAAW,EACXyH,WAAY,EACZ3E,UAAW,GAObwD,oBAAqB,CAEnBoB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBvB,SAAU,CAERwB,sBAAuB,EAGvBxF,KAAM,EAGNyF,OAAQ,EACRC,QAAS,GAUXjR,MAAO,SAASkR,EAAM/P,GAKpB,GAJiB,iBAANA,IACTA,EAAIlE,KAAKqC,KAAK4R,EAAM/P,SAGN9B,IAAZ6R,EAAK/P,GACP,OAAO+P,EAAK/P,GAGd,MAAU3C,MAAM,sBACjB,EASDc,KAAM,SAAS4R,EAAM/P,GAQnB,GAPK+P,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChB1K,OAAOiI,QAAQkM,GAAMhS,SAAQ,EAAE0O,EAAKpO,MAClC0R,EAAKzJ,GAASjI,GAASoO,CAAG,UAILvO,IAArB6R,EAAKzJ,GAAStG,GAChB,OAAO+P,EAAKzJ,GAAStG,GAGvB,MAAU3C,MAAM,sBACpB,GCnce2S,EAAA,CAKbC,uBAAwB1J,EAAMkD,KAAKM,OAKnCmG,4BAA6B3J,EAAMoC,UAAUO,OAK7CiH,8BAA+B5J,EAAM6C,YAAYC,aAajD+G,aAAa,EAQbC,kCAAkC,EAOlCC,uBAAwB/J,EAAM6D,KAAKG,IAQnCgG,kBAAmB,GAQnBC,QAAQ,EAQRC,yBAAyB,EASzBC,QAASnK,EAAMgB,IAAIG,SASnBiJ,sBAAuB,IAcvBC,gBAAiB,CACfC,OAAQ,EACRC,YAAa,EACbC,eAAgB,IAUlBC,8BAA8B,EAe9BC,4BAA4B,EAO5BC,WAAY,KAOZC,wBAAwB,EAQxBC,wCAAwC,EASxCC,8CAA8C,EAQ9CC,sBAAsB,EAUtBC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAAClL,EAAMoC,UAAUK,OAAQzC,EAAMoC,UAAUM,OAAQ1C,EAAMoC,UAAUO,SAKlIwI,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,mBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,uCAAuC,EAOvCC,qBAAqB,EAMrBC,qBAAsB,IAAIZ,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,SAM1D0I,4BAA6B,IAAIb,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,OAAQrD,EAAMkD,KAAKE,OAMpF4I,0BAA2B,IAAId,IAAI,CAAClL,EAAMsB,UAAUI,QAAS1B,EAAMsB,UAAUK,MAM7EsK,aAAc,IAAIf,IAAI,CAAClL,EAAMC,MAAMO,aCjRrC,MAIM0L,EAAY,MAChB,IACE,MAAgC,gBAAzBvT,QAAQwT,IAAIC,QACpB,CAAC,MAAO3S,GAAG,CACZ,OAAO,CACR,EALiB,GAOZ4S,EAAO,CACXC,SAAU,SAASlQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBmQ,MACpD,EAEDC,YAhBF,OAkBExW,QAAS,SAASoG,GAChB,OAAOA,aAAgBlH,KACxB,EAED6B,aAAc0V,EAEdjW,SAAUkW,EASVC,cAAe9U,MAAO+U,EAAeC,KACnC,IAAKC,EAAcjB,oBACjB,MAAU/U,MAAM,gEAGlB,MAAMiW,YAAEA,SAAsBtX,QAAmDC,UAAA0C,MAAA,WAAA,OAAA4U,EAAA,IACjF,OAAQJ,GACN,KAAK5M,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUO,MAAO,CAC1B,MAAM5B,EAAQ8M,EAAYrP,IAAImP,GAC9B,IAAK5M,EAAO,MAAUnJ,MAAM,qBAC5B,OAAOmJ,CACf,CACM,KAAKD,EAAMsB,UAAUY,KACnB,OAAO6K,EAAYrP,IAAI,QACzB,KAAKsC,EAAMsB,UAAUa,MACnB,OAAO4K,EAAYrP,IAAI,SACzB,QACE,MAAU5G,MAAM,qBACxB,EAGEmW,WAAY,SAAUvN,GACpB,IAAIwN,EAAI,EACR,IAAK,IAAI7V,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAChC6V,GAAM,KAAO7V,EAAKqI,EAAMA,EAAMvI,OAAS,EAAIE,GAE7C,OAAO6V,CACR,EAEDC,YAAa,SAAUD,EAAGxN,GACxB,MAAM0N,EAAI,IAAIpW,WAAW0I,GACzB,IAAK,IAAIrI,EAAI,EAAGA,EAAIqI,EAAOrI,IACzB+V,EAAE/V,GAAM6V,GAAM,GAAKxN,EAAQrI,EAAI,GAAO,IAGxC,OAAO+V,CACR,EAEDC,SAAU,SAAU3N,GAClB,MAAMwN,EAAIb,EAAKY,WAAWvN,GAE1B,OADU,IAAI4N,KAAS,IAAJJ,EAEpB,EAEDK,UAAW,SAAUC,GACnB,MAAMC,EAAUzP,KAAK0P,MAAMF,EAAKG,UAAY,KAE5C,OAAOtB,EAAKc,YAAYM,EAAS,EAClC,EAEDG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAS1P,IAAW0P,EAAO,IAAIF,KAAgC,IAA3BtP,KAAK0P,OAAOF,EAAO,KAChF,EAODM,QAAS,SAAUpO,GACjB,MACMqO,GADQrO,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAM/B,OAAO2M,EAAK2B,kBAAkBtO,EAAO,EAAG,EAAIqO,EAC7C,EASDC,kBAAmB,SAAUlY,EAAO6D,EAAOkE,GACzC,GAAI/H,EAAMqB,OAAU0G,EAAMlE,EACxB,MAAU7C,MAAM,yBAElB,OAAOhB,EAAMyI,SAAS5E,EAAOkE,EAC9B,EAQD,OAAAoQ,CAAQvO,EAAOvI,GACb,GAAIuI,EAAMvI,OAASA,EACjB,MAAUL,MAAM,wBAElB,MAAMoX,EAAS,IAAIlX,WAAWG,GACxBgX,EAAShX,EAASuI,EAAMvI,OAE9B,OADA+W,EAAOxW,IAAIgI,EAAOyO,GACXD,CACR,EAODE,gBAAiB,SAAUC,GACzB,MAAMC,EAAUjC,EAAKkC,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUxX,MAAM,YAElB,MAAM0X,EAAWH,EAAI9P,SAAS8P,EAAIlX,OAAS6G,KAAKyQ,KAAKH,EAAU,IACzDI,EAAS,IAAI1X,WAAW,EAAY,MAAVsX,IAAqB,EAAa,IAAVA,IACxD,OAAOjC,EAAKpV,iBAAiB,CAACyX,EAAQF,GACvC,EAODD,oBAAqB,SAAUF,GAC7B,IAAIhX,EACJ,IAAKA,EAAI,EAAGA,EAAIgX,EAAIlX,QAA4B,IAAXkX,EAAIhX,GAAbA,KAC5B,GAAIA,IAAMgX,EAAIlX,OACZ,OAAO,EAET,MAAMqX,EAAWH,EAAI9P,SAASlH,GAC9B,OAA+B,GAAvBmX,EAASrX,OAAS,GAASkV,EAAKsC,MAAMH,EAAS,GACxD,EAODI,gBAAiB,SAAUC,GACzB,MAAMvX,EAAS,IAAIN,WAAW6X,EAAI1X,QAAU,GAC5C,IAAK,IAAI2X,EAAI,EAAGA,EAAID,EAAI1X,QAAU,EAAG2X,IACnCxX,EAAOwX,GAAKC,SAASF,EAAI5P,OAAO6P,GAAK,EAAG,GAAI,IAE9C,OAAOxX,CACR,EAOD0X,gBAAiB,SAAUtP,GACzB,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAER,OADAxP,EAAMlI,SAAQ2X,IAAOD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAC5DD,CACR,EAODE,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKhD,EAAKC,SAAS+C,GACjB,MAAUvY,MAAM,4DAGlB,MAAMQ,EAAS,IAAIN,WAAWqY,EAAIlY,QAClC,IAAK,IAAIE,EAAI,EAAGA,EAAIgY,EAAIlY,OAAQE,IAC9BC,EAAOD,GAAKgY,EAAIE,WAAWlY,GAE7B,OAAOC,CAAM,GAEhB,EAODkY,mBAAoB,SAAU9P,GAE5B,MAAMpI,EAAS,GACTmY,EAAK,MACLC,GAHNhQ,EAAQ,IAAI1I,WAAW0I,IAGPvI,OAEhB,IAAK,IAAIE,EAAI,EAAGA,EAAIqY,EAAGrY,GAAKoY,EAC1BnY,EAAOe,KAAKkU,OAAOoD,aAAaC,MAAMrD,OAAQ7M,EAAMnB,SAASlH,EAAGA,EAAIoY,EAAKC,EAAIrY,EAAIoY,EAAKC,KAExF,OAAOpY,EAAOW,KAAK,GACpB,EAOD4X,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAASpX,EAAQb,EAAOkY,GAAY,GAClC,OAAOF,EAAQG,OAAOnY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiBD,EAAK1W,GAAS,IAAMA,EAAQ,IAAI,IACzD,EAODuX,WAAY,SAAU1K,GACpB,MAAM2K,EAAU,IAAIC,YAAY,SAEhC,SAASzX,EAAQb,EAAOkY,GAAY,GAClC,OAAOG,EAAQE,OAAOvY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiB9J,EAAM7M,GAAS,IAAMA,EAAQ,IAAI3B,YAAc,IACxE,EAQD+C,OAAQuW,EAORrZ,iBAAkBsZ,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKrE,EAAKtV,aAAa0Z,KAAYpE,EAAKtV,aAAa2Z,GACnD,MAAU5Z,MAAM,4CAGlB,GAAI2Z,EAAOtZ,SAAWuZ,EAAOvZ,OAC3B,OAAO,EAGT,IAAK,IAAIE,EAAI,EAAGA,EAAIoZ,EAAOtZ,OAAQE,IACjC,GAAIoZ,EAAOpZ,KAAOqZ,EAAOrZ,GACvB,OAAO,EAGX,OAAO,CACR,EAQDsZ,cAAe,SAAUpL,GACvB,IAAI2J,EAAI,EACR,IAAK,IAAI7X,EAAI,EAAGA,EAAIkO,EAAKpO,OAAQE,IAC/B6X,EAAKA,EAAI3J,EAAKlO,GAAM,MAEtB,OAAOgV,EAAKc,YAAY+B,EAAG,EAC5B,EAOD0B,WAAY,SAAUvB,GAChBnD,GACF9N,QAAQyS,IAAI,qBAAsBxB,EAErC,EAODyB,gBAAiB,SAAU7U,GACrBiQ,GACF9N,QAAQnC,MAAM,qBAAsBA,EAEvC,EAGD0S,MAAO,SAAUoC,GACf,IAAIC,EAAI,EACJC,EAAIF,IAAM,GAyBd,OAxBU,IAANE,IACFF,EAAIE,EACJD,GAAK,IAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEAA,CACR,EAWDE,OAAQ,SAAS9U,GACf,MAAM+U,EAAY,IAAIna,WAAWoF,EAAKjF,QAChCia,EAAOhV,EAAKjF,OAAS,EAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAI+Z,EAAM/Z,IACxB8Z,EAAU9Z,GAAM+E,EAAK/E,IAAM,EAAM+E,EAAK/E,EAAI,IAAM,EAGlD,OADA8Z,EAAUC,GAAShV,EAAKgV,IAAS,EAAuB,KAAhBhV,EAAK,IAAM,GAC5C+U,CACR,EASDE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIla,EAAIia,EAAMna,OAAS,EAAGE,GAAK,EAAGA,IACrCia,EAAMja,KAAOka,EACTla,EAAI,IACNia,EAAMja,IAAOia,EAAMja,EAAI,IAAO,EAAIka,GAIxC,OAAOD,CACR,EAODE,aAAc,WACZ,MAEMC,OAFwC,IAAfhb,GAA8BA,EAAWib,QAAUjb,EAAWib,OAAOC,QAE/Dpc,KAAKqc,iBAAiBC,UAAUF,OACrE,IAAKF,EACH,MAAU3a,MAAM,sCAElB,OAAO2a,CACR,EAMDG,cAAe,WACb,OAAOrc,KAAKiX,YAAY,SACzB,EAEDsF,YAAa,WACX,OAAOvc,KAAKiX,YAAY,OACzB,EAODuF,cAAe,WACb,OAAQxc,KAAKiX,YAAY,WAAa,CAAE,GAAEwF,MAC3C,EAEDC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADW5c,KAAKiX,YAAY,MAClB4F,OAAOjb,MAClB,EAWDkb,eAAgB,SAASjW,GACvB,IAAKiQ,EAAKC,SAASlQ,GACjB,OAAO,EAGT,MADW,+DACDkW,KAAKlW,EAChB,EAMDmW,gBAAiB,SAASnW,GAGxB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAY5B,IAAI+S,EAXAD,IACF9S,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,KAN9C,KASLA,EAAMA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIrb,EAAI,EACXob,EAAQ/S,EAAMV,QAlBP,GAkBmB3H,GAAK,EAC3Bob,EAFYpb,EAAIob,EAlBb,KAqBD/S,EAAM+S,EAAQ,IAAWC,EAAQra,KAAKoa,GAK9C,IAAKC,EAAQvb,OACX,OAAOuI,EAGT,MAAMiT,EAAa,IAAI3b,WAAW0I,EAAMvI,OAASub,EAAQvb,QACzD,IAAIuY,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,EAAIqb,EAAQvb,OAAQE,IAAK,CACvC,MAAMub,EAAMlT,EAAMnB,SAASmU,EAAQrb,EAAI,IAAM,EAAGqb,EAAQrb,IACxDsb,EAAWjb,IAAIkb,EAAKlD,GACpBA,GAAKkD,EAAIzb,OACTwb,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,GACR,CAEM,OADAiD,EAAWjb,IAAIgI,EAAMnB,SAASmU,EAAQA,EAAQvb,OAAS,IAAM,GAAIuY,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAIxb,WAAW,CA1C5B,UA0CoCW,GAChD,EAMDkb,UAAW,SAASzW,GAGlB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAc5B,IAAI+S,EAlBK,MAMP/S,EADE8S,GAJK,KAIU9S,EAAM,GACf2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,IAE7C,IAAI1I,WAAW0I,IAGfA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,IAAMqI,EAAMvI,OAAQE,EAAIob,EAAO,CAC7CA,EAAQ/S,EAAMV,QArBP,GAqBmB3H,GAAK,EAC1Bob,IAAOA,EAAQ/S,EAAMvI,QAC1B,MAAMia,EAAOqB,GAtBN,KAsBe/S,EAAM+S,GAAgB,EAAI,GAC5Cpb,GAAGqI,EAAMoT,WAAWpD,EAAGrY,EAAG+Z,GAC9B1B,GAAK0B,EAAO/Z,CACpB,CACM,OAAOqI,EAAMnB,SAAS,EAAGmR,EAAE,IAC1B,IAAO8C,EAAc,IAAIxb,WAAW,CA5B5B,UA4BoCW,GAChD,EAKDob,qBAAsB,SAASxN,GAC7B,OAAOA,EAAKyN,MAAM,MAAM9Y,KAAI+Y,IAC1B,IAAI5b,EAAI4b,EAAK9b,OAAS,EACtB,KAAOE,GAAK,IAAkB,MAAZ4b,EAAK5b,IAA0B,OAAZ4b,EAAK5b,IAA2B,OAAZ4b,EAAK5b,IAAcA,KAC5E,OAAO4b,EAAKhU,OAAO,EAAG5H,EAAI,EAAE,IAC3BY,KAAK,KACT,EAEDib,UAAW,SAASpK,EAAS7M,GAC3B,IAAKA,EACH,OAAWnF,MAAMgS,GAInB,IACE7M,EAAM6M,QAAUA,EAAU,KAAO7M,EAAM6M,OACxC,CAAC,MAAOrP,GAAG,CAEZ,OAAOwC,CACR,EAQDkX,wBAAyB,SAASC,GAChC,MAAMlZ,EAAM,CAAE,EAOd,OANAkZ,EAAe5b,SAAQ6b,IACrB,IAAKA,EAAYC,IACf,MAAUxc,MAAM,0CAElBoD,EAAImZ,EAAYC,KAAOD,CAAW,IAE7BnZ,CACR,EAUDqZ,WAAY,SAASC,GAEnB,OAAO,IAAI/d,SAAQoC,MAAOnC,EAASC,KACjC,IAAI8d,QACEhe,QAAQ4E,IAAImZ,EAAStZ,KAAIrC,UAC7B,IACEnC,QAAcge,EACf,CAAC,MAAOja,GACPga,EAAYha,CACtB,MAEM9D,EAAO8d,EAAU,GAEpB,EASDE,iBAAkB,SAASC,EAAMC,EAAGzG,GAClC,MAAMjW,EAAS6G,KAAKC,IAAI4V,EAAE1c,OAAQiW,EAAEjW,QAC9BG,EAAS,IAAIN,WAAWG,GAC9B,IAAI0G,EAAM,EACV,IAAK,IAAIxG,EAAI,EAAGA,EAAIC,EAAOH,OAAQE,IACjCC,EAAOD,GAAMwc,EAAExc,GAAM,IAAMuc,EAAUxG,EAAE/V,GAAM,IAAMuc,EACnD/V,GAAQ+V,EAAOvc,EAAIwc,EAAE1c,OAAY,EAAIyc,EAAQvc,EAAI+V,EAAEjW,OAErD,OAAOG,EAAOiH,SAAS,EAAGV,EAC3B,EASDiW,YAAa,SAASF,EAAMC,EAAGzG,GAC7B,OAAQyG,EAAK,IAAMD,EAAUxG,EAAK,IAAMwG,CACzC,EAIDG,MAAO,SAASC,GACd,OAAOA,IAAehU,EAAMoC,UAAUK,QAAUuR,IAAehU,EAAMoC,UAAUM,QAAUsR,IAAehU,EAAMoC,UAAUO,MAC5H,GCtoBMqP,EAAS3F,EAAK0F,gBAEpB,IAAIkC,EACAC,EAkBG,SAASjE,EAAO7T,GACrB,IAAI+X,EAAM,IAAInd,WACd,OAAOsY,EAAiBlT,GAAMtE,IAC5Bqc,EAAM9H,EAAKpV,iBAAiB,CAACkd,EAAKrc,IAClC,MAAMkZ,EAAI,GAEJoD,EAAQpW,KAAK0P,MAAMyG,EAAIhd,OADR,IAEfuI,EAFe,GAEP0U,EACRC,EAAUJ,EAAYE,EAAI5V,SAAS,EAAGmB,IAC5C,IAAK,IAAIrI,EAAI,EAAGA,EAAI+c,EAAO/c,IACzB2Z,EAAE3Y,KAAKgc,EAAQpV,OAAW,GAAJ5H,EAAQ,KAC9B2Z,EAAE3Y,KAAK,MAGT,OADA8b,EAAMA,EAAI5V,SAASmB,GACZsR,EAAE/Y,KAAK,GAAG,IAChB,IAAOkc,EAAIhd,OAAS8c,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS9D,EAAOjU,GACrB,IAAI+X,EAAM,GACV,OAAO7E,EAAiBlT,GAAMtE,IAC5Bqc,GAAOrc,EAGP,IAAIwc,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIld,EAAI,EAAGA,EAAIkd,EAAWpd,OAAQE,IAAK,CAC1C,MAAMmd,EAAYD,EAAWld,GAC7B,IAAK,IAAIE,EAAM4c,EAAInV,QAAQwV,IAAqB,IAATjd,EAAYA,EAAM4c,EAAInV,QAAQwV,EAAWjd,EAAM,GACpF+c,GAER,CAII,IAAInd,EAASgd,EAAIhd,OACjB,KAAOA,EAAS,IAAMA,EAASmd,GAAU,GAAM,EAAGnd,IAC5Cod,EAAWE,SAASN,EAAIhd,KAAUmd,IAGxC,MAAMI,EAAUR,EAAYC,EAAIlV,OAAO,EAAG9H,IAE1C,OADAgd,EAAMA,EAAIlV,OAAO9H,GACVud,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,EAAgBC,GAC9B,OAAOvE,EAAOuE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,EAAgBpV,EAAOqV,GACrC,IAAIV,EAAUpE,EAAOvQ,GAAOmV,QAAQ,UAAW,IAI/C,OAFER,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,IAEvER,CACT,CCjFA,SAASW,EAAQzP,GACf,MAEM0P,EAAS1P,EAAK2P,MAFH,yIAIjB,IAAKD,EACH,MAAUne,MAAM,4BAMlB,MAAI,yBAAyBwb,KAAK2C,EAAO,IAChCjV,EAAM0I,MAAMC,iBAMjB,oBAAoB2J,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAME,cAGjB,iBAAiB0J,KAAK2C,EAAO,IACxBjV,EAAM0I,MAAMG,OAIjB,UAAUyJ,KAAK2C,EAAO,IACjBjV,EAAM0I,MAAMI,QAIjB,mBAAmBwJ,KAAK2C,EAAO,IAC1BjV,EAAM0I,MAAMpH,UAIjB,oBAAoBgR,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAMK,WAMjB,YAAYuJ,KAAK2C,EAAO,IACnBjV,EAAM0I,MAAMtE,eADrB,CAGF,CAWA,SAAS+Q,EAAUC,EAAe3L,GAChC,IAAInS,EAAS,GAWb,OAVImS,EAAO6B,cACThU,GAAU,YAAcmS,EAAO+B,cAAgB,MAE7C/B,EAAO8B,cACTjU,GAAU,YAAcmS,EAAOgC,cAAgB,MAE7C2J,IACF9d,GAAU,YAAc8d,EAAgB,MAE1C9d,GAAU,KACHA,CACT,CAQA,SAAS+d,EAAYjZ,GACnB,MAAMkZ,EA+CR,SAAqBxf,GACnB,IAAIwf,EAAM,SACV,OAAOhG,EAAiBxZ,GAAOgC,IAC7B,MAAMyd,EAAQC,EAAiBxX,KAAK0P,MAAM5V,EAAMX,OAAS,GAAK,EACxDse,EAAQ,IAAIC,YAAY5d,EAAM+G,OAAQ/G,EAAM8H,WAAY2V,GAC9D,IAAK,IAAIle,EAAI,EAAGA,EAAIke,EAAOle,IACzBie,GAAOG,EAAMpe,GACbie,EACEK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,EAAK,KAC1BK,EAAU,GAAgB,IAAZL,GAElB,IAAK,IAAIje,EAAY,EAARke,EAAWle,EAAIS,EAAMX,OAAQE,IACxCie,EAAOA,GAAO,EAAKK,EAAU,GAAU,IAANL,EAAcxd,EAAMT,GAC3D,IACK,IAAM,IAAIL,WAAW,CAACse,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYxZ,GACxB,OAAOyZ,EAAcP,EACvB,CD9FItD,GACFiC,EAAcE,GAAOnC,EAAO8D,KAAK3B,GAAK4B,SAAS,UAC/C7B,EAAc7E,IACZ,MAAMjC,EAAI4E,EAAO8D,KAAKzG,EAAK,UAC3B,OAAO,IAAIrY,WAAWoW,EAAEvO,OAAQuO,EAAExN,WAAYwN,EAAEvN,WAAW,IAG7DoU,EAAcE,GAAO6B,KAAK3J,EAAKmD,mBAAmB2E,IAClDD,EAAc7E,GAAOhD,EAAK+C,mBAAmB6G,KAAK5G,KC0FpD,MAAMsG,EAAY,CACZzgB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAImC,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAIie,EAAMje,GAAK,GACf,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACrB4F,EAAOA,GAAO,GAAa,QAANA,EAAwB,QAAW,GAE1DK,EAAU,GAAGte,IACH,SAANie,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAIje,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAIvE,MAAMme,EAAkB,WACtB,MAAM3W,EAAS,IAAIqX,YAAY,GAG/B,OAFA,IAAIC,SAAStX,GAAQuX,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWxX,GAAQ,EAChC,IAmCA,SAASyX,EAAcC,GACrB,IAAK,IAAIlf,EAAI,EAAGA,EAAIkf,EAAQpf,OAAQE,IAC7B,mCAAmCib,KAAKiE,EAAQlf,KACnDgV,EAAKyE,gBAAoBha,MAAM,sCAAwCyf,EAAQlf,KAE5E,iDAAiDib,KAAKiE,EAAQlf,KACjEgV,EAAKyE,gBAAoBha,MAAM,mBAAqByf,EAAQlf,IAGlE,CAQA,SAASmf,EAAejR,GACtB,IAAIkR,EAAOlR,EAEX,MAAMmR,EAAanR,EAAKoR,YAAY,KAMpC,OAJID,GAAc,GAAKA,IAAenR,EAAKpO,OAAS,IAClDsf,EAAOlR,EAAKrN,MAAM,EAAGwe,IAGhBD,CACT,CAWO,SAASG,EAAQ9gB,GAEtB,OAAO,IAAIL,SAAQoC,MAAOnC,EAASC,KACjC,IACE,MAAMkhB,EAAU,qBACVC,EAAc,oDAEpB,IAAItN,EACJ,MAAM+M,EAAU,GAChB,IACIQ,EAEAC,EAHAC,EAAcV,EAEdhR,EAAO,GAEX,MAAMnJ,EAAO8a,EAAcC,EAAqBrhB,GAAO+B,MAAO4C,EAAUC,KACtE,MAAMzB,EAASme,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAIwY,QAAaha,EAAO0F,WACxB,QAAahH,IAATsb,EACF,MAAUnc,MAAM,0BAIlB,GADAmc,EAAO5G,EAAK0G,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpDrL,EAIE,GAAKuN,EAcAC,GAAYxN,IAASxJ,EAAM0I,MAAMG,SACtCgO,EAAQvE,KAAKW,IAIhB1N,EAAOA,EAAKtN,KAAK,QACjB+e,GAAW,EACXV,EAAcW,GACdA,EAAc,GACdF,GAAc,GANdxR,EAAKlN,KAAK4a,EAAK4B,QAAQ,MAAO,WAbhC,GAHIgC,EAAQvE,KAAKW,IACftd,EAAWmB,MAAM,sEAEdggB,EAAYxE,KAAKW,IAKpB,GAFAqD,EAAcW,GACdF,GAAc,EACVC,GAAYxN,IAASxJ,EAAM0I,MAAMG,OAAQ,CAC3CnT,EAAQ,CAAE6P,OAAMnJ,OAAMma,UAAS/M,SAC/B,KAClB,OAPgByN,EAAY5e,KAAK4a,QARf4D,EAAQvE,KAAKW,KACfzJ,EAAOwL,EAAQ/B,GA4B/B,CACS,CAAC,MAAOxZ,GAEP,YADA9D,EAAO8D,EAEjB,CACQ,MAAMvD,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EACF,MAAUjB,MAAM,0BAElB,MAAMmc,EAAOnb,EAAQ,GACrB,IAA2B,IAAvBmb,EAAKjU,QAAQ,OAAsC,IAAvBiU,EAAKjU,QAAQ,KAEtC,CACL,IAAI/B,QAAkBhE,EAAOjB,YACxBiF,EAAU9F,SAAQ8F,EAAY,IACnCA,EAAYgW,EAAOhW,EACnBA,EAAYoP,EAAK0G,qBAAqB9V,EAAU4X,QAAQ,MAAO,KAC/D,MAAMyC,EAAQra,EAAU+V,MAAM6D,GAC9B,GAAqB,IAAjBS,EAAMngB,OACR,MAAUL,MAAM,0BAElB,MAAM2f,EAAOD,EAAec,EAAM,GAAGpf,MAAM,GAAI,UACzChC,EAAOoC,MAAMme,GACnB,KACd,OAboBvgB,EAAOoC,MAAM2a,EAcjC,OACgB/c,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC7B,KAEK,CAAC,MAAOA,GACP9D,EAAO8D,EACb,KACKrB,MAAKP,UACF0f,EAAqBjgB,EAAO8E,QAC9B9E,EAAO8E,WAAaob,EAAiBlgB,EAAO8E,OAEvC9E,IAEX,CAgBO,SAASoR,GAAM+O,EAAahB,EAAMiB,EAAWC,EAAWvC,EAAewC,GAAe,EAAOnO,EAASqD,GAC3G,IAAIvH,EACArC,EACAuU,IAAgBzX,EAAM0I,MAAMG,SAC9BtD,EAAOkR,EAAKlR,KACZrC,EAAOuT,EAAKvT,KACZuT,EAAOA,EAAKra,MAId,MAAMyb,EAAiBD,GAAgBE,EAAoBrB,GAErDnf,EAAS,GACf,OAAQmgB,GACN,KAAKzX,EAAM0I,MAAMC,iBACfrR,EAAOe,KAAK,gCAAkCqf,EAAY,IAAMC,EAAY,WAC5ErgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAK3X,EAAM0I,MAAME,cACftR,EAAOe,KAAK,gCAAkCqf,EAAY,WAC1DpgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,WACxD,MACF,KAAK1X,EAAM0I,MAAMG,OACfvR,EAAOe,KAAK,wCACZf,EAAOe,KAAK6K,EAAO,SAASA,QAAa,MACzC5L,EAAOe,KAAKkN,EAAKsP,QAAQ,OAAQ,QACjCvd,EAAOe,KAAK,qCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCACZ,MACF,KAAK2H,EAAM0I,MAAMI,QACfxR,EAAOe,KAAK,iCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,+BACZ,MACF,KAAK2H,EAAM0I,MAAMpH,UACfhK,EAAOe,KAAK,0CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,wCACZ,MACF,KAAK2H,EAAM0I,MAAMK,WACfzR,EAAOe,KAAK,2CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,yCACZ,MACF,KAAK2H,EAAM0I,MAAMtE,UACf9M,EAAOe,KAAK,mCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCAIhB,OAAOgU,EAAKtS,OAAOzC,EACrB,CCzZOO,eAAekgB,GAAgBC,GACpC,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACnB,MAAU7L,MAAM,uBAClB,KAAKkJ,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUQ,QACrB,KAAK5C,EAAMoC,UAAUE,UAAW,CAC9B,MAAM2V,cAAEA,SAAwBxiB,QAA0BC,UAAA0C,MAAA,WAAA,OAAA8f,EAAA,IACpDC,EAASF,EAAcva,IAAIsa,GACjC,IAAKG,EACH,MAAUrhB,MAAM,gCAElB,OAAOqhB,CACb,CACI,QACE,MAAUrhB,MAAM,gCAEtB,CAMA,SAASshB,GAAmBJ,GAC1B,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,KAAK5C,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUE,UACnB,OAAO,EACT,QACE,MAAUxL,MAAM,sBAEtB,CAMA,SAASuhB,GAAiBL,GACxB,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACnB,OAAO,GACT,KAAKvC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUE,UACnB,OAAO,GACT,KAAKtC,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,QACE,MAAU9L,MAAM,sBAEtB,CAMO,SAASwhB,GAAgBN,GAC9B,MAAO,CAAEO,QAASF,GAAiBL,GAAOQ,UAAWJ,GAAmBJ,GAC1E,2FCjDA,SAASS,GAAS1H,EAAGjC,GACnB,IAAI+E,EAAI9C,EAAE,GACN3D,EAAI2D,EAAE,GACN2H,EAAI3H,EAAE,GACN4H,EAAI5H,EAAE,GAEV8C,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,OAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAE9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,EAAG,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,WAC/B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,WAC5B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,GAAI,YAC9B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,YAC7B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,GAAI,YAC9B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,YAC7B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAE/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,QAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,YAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,UAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,YAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,UAC7B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,WAC/B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,SAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,YAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9BiC,EAAE,GAAKiI,GAAMnF,EAAG9C,EAAE,IAClBA,EAAE,GAAKiI,GAAM5L,EAAG2D,EAAE,IAClBA,EAAE,GAAKiI,GAAMN,EAAG3H,EAAE,IAClBA,EAAE,GAAKiI,GAAML,EAAG5H,EAAE,GACpB,CAEA,SAASkI,GAAIC,EAAGrF,EAAGzG,EAAG2D,EAAG7B,EAAG+B,GAE1B,OADA4C,EAAImF,GAAMA,GAAMnF,EAAGqF,GAAIF,GAAMjI,EAAGE,IACzB+H,GAAOnF,GAAK3E,EAAM2E,IAAO,GAAK3E,EAAK9B,EAC5C,CAEA,SAASwL,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIsL,GAAQtL,EAAKuL,EAAI9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS4H,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIuL,EAAMD,GAAMC,EAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS6H,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAI7L,EAAIsL,EAAIC,EAAG9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACpC,CAEA,SAAS8H,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAIP,GAAKtL,GAAMuL,GAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACzC,CAyCA,SAASkI,GAAOjK,GACd,MAAMkK,EAAU,GAChB,IAAI/hB,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvB+hB,EAAQ/hB,GAAK,GAAK6X,EAAEK,WAAWlY,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,KAAO6X,EAAEK,WAAWlY,EAAI,IAC/G,IAEJ,OAAO+hB,CACT,CAEA,MAAMC,GAAU,mBAAmBrG,MAAM,IAEzC,SAASsG,GAAKpM,GACZ,IAAIgC,EAAI,GACJQ,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZR,GAAKmK,GAASnM,GAAU,EAAJwC,EAAQ,EAAM,IAAQ2J,GAASnM,GAAU,EAAJwC,EAAU,IAErE,OAAOR,CACT,CAeA,SAAS8J,GAAMnF,EAAGzG,GAChB,OAAQyG,EAAIzG,EAAK,UACnB,CC1LA,MAAMqE,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClB4H,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAASlQ,GAChB,GAAK+P,IAAeC,GAAiB/E,SAASjL,GAG9C,OAAO3R,eAAgBuE,GACrB,MAAMud,EAASJ,GAAWK,WAAWpQ,GACrC,OAAO8F,EAAiBlT,GAAMtE,IAC5B6hB,EAAOE,OAAO/hB,EAAM,IACnB,IAAM,IAAId,WAAW2iB,EAAOG,WAChC,CACH,CAEA,SAASC,GAAUC,EAAeC,GAChC,MAAMC,EAAeriB,UACnB,MAAMsiB,YAAEA,SAAsB1kB,QAAwBC,UAAA0C,MAAA,WAAA,OAAAgiB,EAAA,IAChDlX,EAAOiX,EAAYzc,IAAIsc,GAC7B,IAAK9W,EAAM,MAAUpM,MAAM,oBAC3B,OAAOoM,CAAI,EAGb,OAAOrL,eAAeuE,GAIpB,GAHImb,EAAqBnb,KACvBA,QAAaob,EAAiBpb,IAE5BiQ,EAAK7V,SAAS4F,GAAO,CACvB,MAEMie,SAFaH,KAEOI,SAC1B,OAAOhL,EAAiBlT,GAAMtE,IAC5BuiB,EAAaR,OAAO/hB,EAAM,IACzB,IAAMuiB,EAAaP,UAC5B,CAAW,GAAIrI,IAAawI,EACtB,OAAO,IAAIjjB,iBAAiBya,GAAUqI,OAAOG,EAAmB7d,IAIhE,aAFmB8d,KAEP9d,EAEf,CACH,CAEe,IAAAme,GAAA,CAGbpX,IAAKuW,GAAS,QD3ChB7hB,eAAmB2iB,GACjB,MAAMV,EAyGR,SAAc5K,GACZ,MAAMhC,EAAIgC,EAAE/X,OACNsjB,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIpjB,EACJ,IAAKA,EAAI,GAAIA,GAAK6X,EAAE/X,OAAQE,GAAK,GAC/BohB,GAASgC,EAAOtB,GAAOjK,EAAEwL,UAAUrjB,EAAI,GAAIA,KAE7C6X,EAAIA,EAAEwL,UAAUrjB,EAAI,IACpB,MAAMsjB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKtjB,EAAI,EAAGA,EAAI6X,EAAE/X,OAAQE,IACxBsjB,EAAKtjB,GAAK,IAAM6X,EAAEK,WAAWlY,KAAQA,EAAI,GAAM,GAGjD,GADAsjB,EAAKtjB,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADAohB,GAASgC,EAAOE,GACXtjB,EAAI,EAAGA,EAAI,GAAIA,IAClBsjB,EAAKtjB,GAAK,EAKd,OAFAsjB,EAAK,IAAU,EAAJzN,EACXuL,GAASgC,EAAOE,GACTF,CACT,CA/HiBG,CAAKvO,EAAKmD,mBAAmBgL,IAC5C,OAAOnO,EAAKuC,gBAoKd,SAAamC,GACX,IAAK,IAAI1Z,EAAI,EAAGA,EAAI0Z,EAAE5Z,OAAQE,IAC5B0Z,EAAE1Z,GAAKiiB,GAAKvI,EAAE1Z,IAEhB,OAAO0Z,EAAE9Y,KAAK,GAChB,CAzK8B4W,CAAIiL,GAClC,ECyCE1W,KAAMsW,GAAS,SAAWK,GAAU,OAAQ,SAC5CtW,OAAQiW,GAAS,WAAaK,GAAU,UACxCzW,OAAQoW,GAAS,WAAaK,GAAU,SAAU,WAClDxW,OAAQmW,GAAS,WAAaK,GAAU,SAAU,WAClDvW,OAAQkW,GAAS,WAAaK,GAAU,SAAU,WAClD1W,OAAQqW,GAAS,cAAgBK,GAAU,aAC3CrW,SAAUgW,GAAS,aAAeK,GAAU,YAC5CpW,SAAU+V,GAAS,aAAeK,GAAU,YAQ5CD,OAAQ,SAAS9B,EAAM5b,GACrB,OAAQ4b,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO5N,KAAK4N,IAAI/G,GAClB,KAAK4D,EAAMkD,KAAKE,KACd,OAAO7N,KAAK6N,KAAKhH,GACnB,KAAK4D,EAAMkD,KAAKG,OACd,OAAO9N,KAAK8N,OAAOjH,GACrB,KAAK4D,EAAMkD,KAAKI,OACd,OAAO/N,KAAK+N,OAAOlH,GACrB,KAAK4D,EAAMkD,KAAKK,OACd,OAAOhO,KAAKgO,OAAOnH,GACrB,KAAK4D,EAAMkD,KAAKM,OACd,OAAOjO,KAAKiO,OAAOpH,GACrB,KAAK4D,EAAMkD,KAAKO,OACd,OAAOlO,KAAKkO,OAAOrH,GACrB,KAAK4D,EAAMkD,KAAKQ,SACd,OAAOnO,KAAKmO,SAAStH,GACvB,KAAK4D,EAAMkD,KAAKS,SACd,OAAOpO,KAAKoO,SAASvH,GACvB,QACE,MAAUtF,MAAM,6BAErB,EAOD+jB,kBAAmB,SAAS7C,GAC1B,OAAQA,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO,GACT,KAAKnD,EAAMkD,KAAKE,KAChB,KAAKpD,EAAMkD,KAAKG,OACd,OAAO,GACT,KAAKrD,EAAMkD,KAAKI,OACd,OAAO,GACT,KAAKtD,EAAMkD,KAAKK,OACd,OAAO,GACT,KAAKvD,EAAMkD,KAAKM,OACd,OAAO,GACT,KAAKxD,EAAMkD,KAAKO,OACd,OAAO,GACT,KAAKzD,EAAMkD,KAAKQ,SACd,OAAO,GACT,KAAK1D,EAAMkD,KAAKS,SACd,OAAO,GACT,QACE,MAAU7M,MAAM,2BAExB,GCxHO,SAASgkB,GAAQjH,GACpB,OAAQA,aAAa7c,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,IAC7D,CACA,SAASkC,GAAM0N,KAAM2N,GACjB,IAAKD,GAAQ1N,GACT,MAAUtW,MAAM,uBACpB,GAAIikB,EAAQ5jB,OAAS,IAAM4jB,EAAQtG,SAASrH,EAAEjW,QAC1C,MAAUL,MAAM,iCAAiCikB,oBAA0B3N,EAAEjW,SACrF,CAOA,SAAS6jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUrkB,MAAM,oCACpB,GAAIokB,GAAiBD,EAASG,SAC1B,MAAUtkB,MAAM,wCACxB,CACA,SAASqF,GAAOkf,EAAKJ,GACjBvb,GAAM2b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAIlkB,OAASmkB,EACb,MAAUxkB,MAAM,yDAAyDwkB,EAEjF;uECjCO,MAAME,GAAMC,GAAQ,IAAIzkB,WAAWykB,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAE7D6b,GAAOD,GAAQ,IAAI/F,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,IAEvF8b,GAAcF,GAAQ,IAAItF,SAASsF,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAIhF,KADgF,KAA5D,IAAI7I,WAAW,IAAI0e,YAAY,CAAC,YAAa7W,QAAQ,IAErE,MAAU/H,MAAM,+CAiGb,SAAS8kB,GAAQxf,GACpB,GAAoB,iBAATA,EACPA,EAlBD,SAAqBiT,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,+BAA+BuY,GACnD,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD,CAcewM,CAAYzf,OAClB,KAAI0e,GAAQ1e,GAGb,MAAUtF,MAAM,mCAAmCsF,GAFnDA,EAAO0f,GAAU1f,EAEyC,CAC9D,OAAOA,CACX,CA0BO,SAAS2f,GAAWlI,EAAGzG,GAC1B,GAAIyG,EAAE1c,SAAWiW,EAAEjW,OACf,OAAO,EACX,IAAI6kB,EAAO,EACX,IAAK,IAAI3kB,EAAI,EAAGA,EAAIwc,EAAE1c,OAAQE,IAC1B2kB,GAAQnI,EAAExc,GAAK+V,EAAE/V,GACrB,OAAgB,IAAT2kB,CACX,CAOO,MAAMC,GAAa,CAACC,EAAQxD,KAC/BrjB,OAAO8mB,OAAOzD,EAAGwD,GACVxD,GAGJ,SAAS0D,GAAaC,EAAMzc,EAAY9H,EAAOwkB,GAClD,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAaxc,EAAY9H,EAAOwkB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ7kB,GAASykB,EAAQE,GAC9BG,EAAKD,OAAO7kB,EAAQ2kB,GAG1BJ,EAAKQ,UAAUjd,EAFM,EAEU8c,EAAIJ,GACnCD,EAAKQ,UAAUjd,EAFM,EAEUgd,EAAIN,EACvC,CASO,SAASQ,GAAYpd,GACxB,OAAOA,EAAME,WAAa,GAAM,CACpC,CAEO,SAASkc,GAAUpc,GACtB,OAAO1I,WAAW8e,KAAKpW,EAC3B,CACO,SAASqd,MAAS7lB,GACrB,IAAK,IAAIG,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAC/BH,EAAOG,GAAG2lB,KAAK,EAEvB,CCzLA,MAAMC,GAAa,GAGbC,kBAA0B,IAAIlmB,WAAW,IACzCmmB,GAAUzB,GAAIwB,IAcdE,GAAUlQ,IAASA,IAAM,EAAK,MAAS,IACtCA,IAAM,EAAK,MAAS,IACpBA,IAAM,GAAM,MAAS,EACtBA,IAAM,GAAM,IA0BlB,MAAMmQ,GAEF,WAAAloB,CAAY+Q,EAAKoX,GACb/nB,KAAKgoB,SAAWN,GAChB1nB,KAAKgmB,UAAY0B,GACjB1nB,KAAKioB,GAAK,EACVjoB,KAAKkoB,GAAK,EACVloB,KAAKmoB,GAAK,EACVnoB,KAAKooB,GAAK,EACVpoB,KAAK6lB,UAAW,EAEhBwC,GADA1X,EAAM0V,GAAQ1V,GACF,IACZ,MAAM2X,EAAQlC,GAAWzV,GACzB,IAAI4X,EAAKD,EAAME,UAAU,GAAG,GACxBC,EAAKH,EAAME,UAAU,GAAG,GACxBE,EAAKJ,EAAME,UAAU,GAAG,GACxBG,EAAKL,EAAME,UAAU,IAAI,GAE7B,MAAMI,EAAU,GAChB,IAAK,IAAI9mB,EAAI,EAAGA,EAAI,IAAKA,IACrB8mB,EAAQ9lB,KAAK,CAAEmlB,GAAIJ,GAAOU,GAAKL,GAAIL,GAAOY,GAAKN,GAAIN,GAAOa,GAAKN,GAAIP,GAAOc,OACvEV,GAAIM,EAAIL,GAAIO,EAAIN,GAAIO,EAAIN,GAAIO,GAzDhC,CACHP,IAHcD,EA2DyCO,IAxD5C,IAHON,EA2DyCO,KAxDlC,EACzBR,IAJUD,EA2DyCO,IAvDxC,GAAON,IAAO,EACzBD,IALMD,EA2DyCM,IAtDpC,GAAOL,IAAO,EACzBD,GAAKA,IAAO,EAVP,KAUsB,KAAgB,EALjCG,KADL,IAACH,EAAIC,EAAIC,EAAIC,EA6DlB,MAAMS,EA9BS,CAAC1e,GAChBA,EAAQ,MACD,EACPA,EAAQ,KACD,EACJ,EAyBO2e,CAAef,GAAkB,MAC3C,IAAK,CAAC,EAAG,EAAG,EAAG,GAAG7I,SAAS2J,GACvB,MAAUtnB,MAAM,4BAA4BsnB,0BAChD7oB,KAAK6oB,EAAIA,EACT,MACME,EADO,IACUF,EACjBG,EAAchpB,KAAKgpB,WAAa,GAAKH,EACrCI,EAAQ,GAEd,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAASG,IAEzB,IAAK,IAAIrf,EAAO,EAAGA,EAAOmf,EAAYnf,IAAQ,CAE1C,IAAIoe,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,IAAK,IAAIjO,EAAI,EAAGA,EAAI0O,EAAG1O,IAAK,CAExB,KADatQ,IAAUgf,EAAI1O,EAAI,EAAM,GAEjC,SACJ,MAAQ8N,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,GAAOV,EAAQC,EAAIK,EAAI/O,GAC1D8N,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,CAC/D,CACgBL,EAAMnmB,KAAK,CAAEmlB,KAAIC,KAAIC,KAAIC,MACzC,CAEQpoB,KAAK0b,EAAIuN,CACjB,CACI,YAAAM,CAAatB,EAAIC,EAAIC,EAAIC,GACpBH,GAAMjoB,KAAKioB,GAAMC,GAAMloB,KAAKkoB,GAAMC,GAAMnoB,KAAKmoB,GAAMC,GAAMpoB,KAAKooB,GAC/D,MAAMS,EAAEA,EAACnN,EAAEA,EAACsN,WAAEA,GAAehpB,KAE7B,IAAIwpB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,MAAMC,GAAQ,GAAKf,GAAK,EACxB,IAAIK,EAAI,EACR,IAAK,MAAMW,IAAO,CAAC5B,EAAIC,EAAIC,EAAIC,GAC3B,IAAK,IAAI0B,EAAU,EAAGA,EAAU,EAAGA,IAAW,CAC1C,MAAMjgB,EAAQggB,IAAS,EAAIC,EAAY,IACvC,IAAK,IAAIC,EAAS,EAAIlB,EAAI,EAAGkB,GAAU,EAAGA,IAAU,CAChD,MAAMC,EAAOngB,IAAUgf,EAAIkB,EAAWH,GAC9B3B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO1O,EAAEwN,EAAIF,EAAagB,GAC7DR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAC3ClB,GAAK,CACzB,CACA,CAEQlpB,KAAKioB,GAAKuB,EACVxpB,KAAKkoB,GAAKuB,EACVzpB,KAAKmoB,GAAKuB,EACV1pB,KAAKooB,GAAKuB,CAClB,CACI,MAAArF,CAAOzd,GACHA,EAAOwf,GAAQxf,GACfwjB,GAAQrqB,MACR,MAAMsqB,EAAMnE,GAAItf,GACV0jB,EAAS9hB,KAAK0P,MAAMtR,EAAKjF,OAAS8lB,IAClC8C,EAAO3jB,EAAKjF,OAAS8lB,GAC3B,IAAK,IAAI5lB,EAAI,EAAGA,EAAIyoB,EAAQzoB,IACxB9B,KAAKupB,aAAae,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,IAOlF,OALI0oB,IACA7C,GAAQxlB,IAAI0E,EAAKmC,SAASuhB,EAAS7C,KACnC1nB,KAAKupB,aAAa3B,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,IAC9DJ,GAAMI,KAEH5nB,IACf,CACI,OAAAiJ,GACI,MAAMyS,EAAEA,GAAM1b,KAEd,IAAK,MAAMyqB,KAAO/O,EACb+O,EAAIxC,GAAK,EAAKwC,EAAIvC,GAAK,EAAKuC,EAAItC,GAAK,EAAKsC,EAAIrC,GAAK,CAEhE,CACI,UAAAsC,CAAW5E,GACPuE,GAAQrqB,MACR2qB,GAAQ7E,EAAK9lB,MACbA,KAAK6lB,UAAW,EAChB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOpoB,KACrB4qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,CACf,CACI,MAAAvB,GACI,MAAMsG,EAAM,IAAIppB,WAAWimB,IAG3B,OAFA1nB,KAAK0qB,WAAWG,GAChB7qB,KAAKiJ,UACE4hB,CACf,EAEA,MAAMC,WAAgBhD,GAClB,WAAAloB,CAAY+Q,EAAKoX,GAEb,MAAMgD,EAzIP,SAAqBxR,GACxBA,EAAEyR,UACF,MAAMC,EAAgB,EAAR1R,EAAE,IAEhB,IAAI2R,EAAQ,EACZ,IAAK,IAAIppB,EAAI,EAAGA,EAAIyX,EAAE3X,OAAQE,IAAK,CAC/B,MAAM4Z,EAAInC,EAAEzX,GACZyX,EAAEzX,GAAM4Z,IAAM,EAAKwP,EACnBA,GAAa,EAAJxP,IAAU,CAC3B,CAEI,OADAnC,EAAE,IAAe,KAAR0R,EACF1R,CACX,CA6HsB4R,CAAY5E,GAD1B5V,EAAM0V,GAAQ1V,KAEd9Q,MAAMkrB,EAAOhD,GACbP,GAAMuD,EACd,CACI,MAAAzG,CAAOzd,GACHA,EAAOwf,GAAQxf,GACfwjB,GAAQrqB,MACR,MAAMsqB,EAAMnE,GAAItf,GACV2jB,EAAO3jB,EAAKjF,OAAS8lB,GACrB6C,EAAS9hB,KAAK0P,MAAMtR,EAAKjF,OAAS8lB,IACxC,IAAK,IAAI5lB,EAAI,EAAGA,EAAIyoB,EAAQzoB,IACxB9B,KAAKupB,aAAa1B,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,KAOjH,OALI0oB,IACA7C,GAAQxlB,IAAI0E,EAAKmC,SAASuhB,EAAS7C,KACnC1nB,KAAKupB,aAAa1B,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,KAC7FJ,GAAMI,KAEH5nB,IACf,CACI,UAAA0qB,CAAW5E,GACPuE,GAAQrqB,MACR2qB,GAAQ7E,EAAK9lB,MACbA,KAAK6lB,UAAW,EAEhB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOpoB,KACrB4qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,EAAIkF,SACnB,EAEA,SAASI,GAAuBC,GAC5B,MAAMC,EAAQ,CAACC,EAAK5a,IAAQ0a,EAAS1a,EAAK4a,EAAI3pB,QAAQ0iB,OAAO+B,GAAQkF,IAAMhH,SACrEiH,EAAMH,EAAS,IAAI5pB,WAAW,IAAK,GAIzC,OAHA6pB,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,CAACpU,EAAKoX,IAAmBsD,EAAS1a,EAAKoX,GAC/CuD,CACX,CACO,MAAMG,GAAQL,IAAuB,CAACza,EAAKoX,IAAmB,IAAID,GAAMnX,EAAKoX,KAC7DqD,IAAuB,CAACza,EAAKoX,IAAmB,IAAI+C,GAAQna,EAAKoX,KCtMxF,MAAML,GAAa,GAEbgE,GAAc,IAAIjqB,WAAWimB,IAC7BiE,GAAO,IAEb,SAASC,GAAKjU,GACV,OAAQA,GAAK,EAAMgU,KAAShU,GAAK,EACrC,CACA,SAASkU,GAAIvN,EAAGzG,GACZ,IAAIgT,EAAM,EACV,KAAOhT,EAAI,EAAGA,IAAM,EAEhBgT,GAAOvM,IAAU,EAAJzG,GACbyG,EAAIsN,GAAKtN,GAEb,OAAOuM,CACX,CAGA,MAAMiB,kBAAuB,MACzB,MAAMpQ,EAAI,IAAIja,WAAW,KACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,IAAKA,IAAK0Z,GAAKoQ,GAAKpQ,GAC3CE,EAAE5Z,GAAK0Z,EACX,MAAMuQ,EAAM,IAAItqB,WAAW,KAC3BsqB,EAAI,GAAK,GACT,IAAK,IAAIjqB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,IAAI0Z,EAAIE,EAAE,IAAM5Z,GAChB0Z,GAAKA,GAAK,EACVuQ,EAAIrQ,EAAE5Z,IAA+D,KAAxD0Z,EAAKA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAK,GACrE,CAEI,OADAgM,GAAM9L,GACCqQ,CACV,EAb4B,GAevBC,kBAA0BF,GAAKnnB,KAAI,CAACsnB,EAAG9R,IAAM2R,GAAKriB,QAAQ0Q,KAE1D+R,GAAYvU,GAAOA,GAAK,GAAOA,IAAM,EACrCwU,GAAYxU,GAAOA,GAAK,EAAMA,IAAM,GAEpCyU,GAAYC,GAAWA,GAAQ,GAAM,WACrCA,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAKrB,SAASC,GAAUR,EAAM7kB,GACrB,GAAoB,MAAhB6kB,EAAKlqB,OACL,MAAUL,MAAM,qBACpB,MAAMgrB,EAAK,IAAIpM,YAAY,KAAKxb,KAAI,CAACsnB,EAAG9R,IAAMlT,EAAG6kB,EAAK3R,MAChDqS,EAAKD,EAAG5nB,IAAIwnB,IACZM,EAAKD,EAAG7nB,IAAIwnB,IACZO,EAAKD,EAAG9nB,IAAIwnB,IACZQ,EAAM,IAAIxM,YAAY,OACtByM,EAAM,IAAIzM,YAAY,OACtB0M,EAAQ,IAAIC,YAAY,OAC9B,IAAK,IAAIhrB,EAAI,EAAGA,EAAI,IAAKA,IACrB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,MAAM4S,EAAU,IAAJjrB,EAAUqY,EACtBwS,EAAII,GAAOR,EAAGzqB,GAAK0qB,EAAGrS,GACtByS,EAAIG,GAAON,EAAG3qB,GAAK4qB,EAAGvS,GACtB0S,EAAME,GAAQjB,EAAKhqB,IAAM,EAAKgqB,EAAK3R,EAC/C,CAEI,MAAO,CAAE2R,OAAMe,QAAON,KAAIC,KAAIC,KAAIC,KAAIC,MAAKC,MAC/C,CACA,MAAMI,kBAAgCV,GAAUR,IAAOnS,GAAOkS,GAAIlS,EAAG,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKkS,GAAIlS,EAAG,KACzGsT,kBAAgCX,GAAUN,IAAUrS,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,IAAM,EAAKkS,GAAIlS,EAAG,MAC9HuT,kBAA0B,MAC5B,MAAMC,EAAI,IAAI1rB,WAAW,IACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,GAAIA,IAAK0Z,EAAIoQ,GAAKpQ,GACzC2R,EAAErrB,GAAK0Z,EACX,OAAO2R,CACV,EAL+B,GAMzB,SAASC,GAAYzc,GACxB0X,GAAO1X,GACP,MAAM0c,EAAM1c,EAAI/O,OAChB,IAAK,CAAC,GAAI,GAAI,IAAIsd,SAASmO,GACvB,MAAU9rB,MAAM,qDAAqD8rB,GACzE,MAAMR,MAAEA,GAAUG,GACZM,EAAU,GACX/F,GAAY5W,IACb2c,EAAQxqB,KAAM6N,EAAM4V,GAAU5V,IAClC,MAAM4c,EAAMpH,GAAIxV,GACV6c,EAAKD,EAAI3rB,OACT6rB,EAAW9V,GAAM+V,GAAUb,EAAOlV,EAAGA,EAAGA,EAAGA,GAC3CgW,EAAK,IAAIxN,YAAYkN,EAAM,IACjCM,EAAGxrB,IAAIorB,GAEP,IAAK,IAAIzrB,EAAI0rB,EAAI1rB,EAAI6rB,EAAG/rB,OAAQE,IAAK,CACjC,IAAI4Z,EAAIiS,EAAG7rB,EAAI,GACXA,EAAI0rB,GAAO,EACX9R,EAAI+R,EAAQvB,GAASxQ,IAAMwR,GAAQprB,EAAI0rB,EAAK,GACvCA,EAAK,GAAK1rB,EAAI0rB,GAAO,IAC1B9R,EAAI+R,EAAQ/R,IAChBiS,EAAG7rB,GAAK6rB,EAAG7rB,EAAI0rB,GAAM9R,CAC7B,CAEI,OADA8L,MAAS8F,GACFK,CACX,CACO,SAASC,GAAejd,GAC3B,MAAMkd,EAAST,GAAYzc,GACrBgd,EAAKE,EAAOlrB,QACZ6qB,EAAKK,EAAOjsB,QACZirB,MAAEA,GAAUG,IACZT,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOO,GAE3B,IAAK,IAAInrB,EAAI,EAAGA,EAAI0rB,EAAI1rB,GAAK,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACnBwT,EAAG7rB,EAAIqY,GAAK0T,EAAOL,EAAK1rB,EAAI,EAAIqY,GAExCqN,GAAMqG,GAEN,IAAK,IAAI/rB,EAAI,EAAGA,EAAI0rB,EAAK,EAAG1rB,IAAK,CAC7B,MAAM0Z,EAAImS,EAAG7rB,GACPonB,EAAIwE,GAAUb,EAAOrR,EAAGA,EAAGA,EAAGA,GACpCmS,EAAG7rB,GAAKyqB,EAAO,IAAJrD,GAAYsD,EAAItD,IAAM,EAAK,KAAQuD,EAAIvD,IAAM,GAAM,KAAQwD,EAAGxD,IAAM,GACvF,CACI,OAAOyE,CACX,CAEA,SAASG,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GACrC,OAAQuE,EAAM1E,GAAM,EAAK,MAAYC,IAAO,EAAK,KAC7C0E,EAAMzE,IAAO,EAAK,MAAYC,IAAO,GAAM,IACnD,CACA,SAASsF,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAClC,OAAQyE,EAAY,IAAL5E,EAAmB,MAALC,GACxB2E,EAAQ1E,IAAO,GAAM,IAAUC,IAAO,GAAM,QAAY,EACjE,CACA,SAAS2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQI,GAC5B,IAAIzT,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAG/rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAIksB,EAAQlsB,IAAK,CAC7B,MAAMmsB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GAC/C8F,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAIC,EAAIC,EAAIH,GAC/CkG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAIC,EAAIH,EAAIC,GAC/CkG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAIH,EAAIC,EAAIC,GACpDF,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAIjCF,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAIC,EAAIC,EAAIH,GAGzBE,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAIC,EAAIH,EAAIC,GAEjBE,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAIH,EAAIC,EAAIC,GAEtD,CAEA,SAASkG,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQK,GAC5B,IAAI1T,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAG/rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAIksB,EAAQlsB,IAAK,CAC7B,MAAMmsB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIG,EAAID,EAAID,GAC/CgG,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAID,EAAIG,EAAID,GAC/CgG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAID,EAAID,EAAIG,GAC/CgG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAID,EAAID,EAAID,GACpDA,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIG,EAAID,EAAID,GAIjCA,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAID,EAAIG,EAAID,GAGzBA,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAID,EAAID,EAAIG,GAEjBA,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAID,EAAID,EAAID,GAEtD,CACA,SAASqG,GAAOjB,EAAKkB,GACjB,QAAYnsB,IAARmsB,EACA,OAAO,IAAI9sB,WAAW4rB,GAE1B,GADAhF,GAAOkG,GACHA,EAAI3sB,OAASyrB,EACb,MAAU9rB,MAAM,oDAAoD8rB,WAAakB,EAAI3sB,UACzF,IAAK2lB,GAAYgH,GACb,MAAUhtB,MAAM,iBACpB,OAAOgtB,CACX,CAEA,SAASC,GAAWb,EAAIc,EAAOC,EAAKH,GAChClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACP,MAAMC,EAASD,EAAI9sB,OACnB2sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GAEhB,IAAI3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACjE,MAAMC,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GAElB,IAAK,IAAIzsB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,OAAQE,GAAK,EAAG,CAC3CitB,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmmB,EAC9B8G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKomB,EAC9B6G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqmB,EAC9B4G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsmB,EAE9B,IAAI8C,EAAQ,EACZ,IAAK,IAAIppB,EAAI8sB,EAAIhtB,OAAS,EAAGE,GAAK,EAAGA,IACjCopB,EAASA,GAAkB,IAAT0D,EAAI9sB,IAAc,EACpC8sB,EAAI9sB,GAAa,IAARopB,EACTA,KAAW,IAEZjD,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACtE,CAGI,MAAMzqB,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OA/M3B,GAgNjB,GAAIwC,EAAQuqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIxoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAIA,SAASS,GAAMrB,EAAI5G,EAAM0H,EAAOC,EAAKH,GACjClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACPH,EAAMD,GAAOI,EAAI9sB,OAAQ2sB,GACzB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GACV9H,EAAOV,GAAWwI,GAClBE,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZU,EAASlI,EAAO,EAAI,GACpB4H,EAASD,EAAI9sB,OAEnB,IAAIstB,EAASpI,EAAK0B,UAAUyG,EAAQlI,IAChCkB,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,IAAK,IAAI/sB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,OAAQE,GAAK,EACxCitB,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmmB,EAC9B8G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKomB,EAC9B6G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqmB,EAC9B4G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsmB,EAC9B8G,EAAUA,EAAS,IAAO,EAC1BpI,EAAKQ,UAAU2H,EAAQC,EAAQnI,KAC5BkB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAGlE,MAAMzqB,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OArP3B,GAsPjB,GAAIwC,EAAQuqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIxoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAKO,MAAMK,GAAMlI,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK8d,GAGhF,SAASW,EAAWxQ,EAAK2P,GAErB,GADAlG,GAAOzJ,QACKxc,IAARmsB,IACAlG,GAAOkG,IACFhH,GAAYgH,IACb,MAAUhtB,MAAM,yBAExB,MAAMosB,EAAKP,GAAYzc,GACjBgH,EAAI4O,GAAUkI,GACdnB,EAAU,CAACK,EAAIhW,GAChB4P,GAAY3I,IACb0O,EAAQxqB,KAAM8b,EAAM2H,GAAU3H,IAClC,MAAMkH,EAAM0I,GAAWb,EAAIhW,EAAGiH,EAAK2P,GAEnC,OADA/G,MAAS8F,GACFxH,CACf,CACI,OAlBAuC,GAAO1X,GACP0X,GAAOoG,EAAO/G,IAiBP,CACHqG,QAAS,CAACsB,EAAWd,IAAQa,EAAWC,EAAWd,GACnDF,QAAS,CAACiB,EAAYf,IAAQa,EAAWE,EAAYf,GAE7D,IAgGO,MAAMgB,GAAM7I,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK6e,EAAIC,EAAO,CAAA,GAC3FpH,GAAO1X,GACP0X,GAAOmH,EAAI,IACX,MAAME,GAASD,EAAKE,eACpB,MAAO,CACH,OAAA5B,CAAQsB,EAAWd,GACf,MAAMZ,EAAKP,GAAYzc,IACjBkH,EAAEA,EAAC+X,EAAK9J,IAAK+J,GAhG/B,SAA8BR,EAAWK,EAAOnB,GAC5ClG,GAAOgH,GACP,IAAIS,EAAST,EAAUztB,OACvB,MAAMmuB,EAAYD,EAASpI,GAC3B,IAAKgI,GAAuB,IAAdK,EACV,MAAUxuB,MAAM,2DACfgmB,GAAY8H,KACbA,EAAY9I,GAAU8I,IAC1B,MAAMxX,EAAIsO,GAAIkJ,GACd,GAAIK,EAAO,CACP,IAAIlF,EAAO9C,GAAaqI,EACnBvF,IACDA,EAAO9C,IACXoI,GAAkBtF,CAC1B,CACI,MAAM1E,EAAMwI,GAAOwB,EAAQvB,GAE3B,MAAO,CAAE1W,IAAG+X,EADFzJ,GAAIL,GACCA,MACnB,CA8EwCkK,CAAqBX,EAAWK,EAAOnB,GACnE,IAAI0B,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GAChDpuB,EAAI,EACR,KAAOA,EAAI,GAAK+V,EAAEjW,QACbqmB,GAAMpQ,EAAE/V,EAAI,GAAMomB,GAAMrQ,EAAE/V,EAAI,GAAMqmB,GAAMtQ,EAAE/V,EAAI,GAAMsmB,GAAMvQ,EAAE/V,EAAI,KAChEmmB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE9tB,KAAOmmB,EAAM2H,EAAE9tB,KAAOomB,EAAM0H,EAAE9tB,KAAOqmB,EAAMyH,EAAE9tB,KAAOsmB,EAE3D,GAAIsH,EAAO,CACP,MAAMS,EA7EtB,SAAiB3F,GACb,MAAMgB,EAAM,IAAI/pB,WAAW,IACrB0uB,EAAQhK,GAAIqF,GAClBA,EAAIrpB,IAAIqoB,GACR,MAAM4F,EAAc1I,GAAa8C,EAAK5oB,OACtC,IAAK,IAAIE,EAAI4lB,GAAa0I,EAAatuB,EAAI4lB,GAAY5lB,IACnD0pB,EAAI1pB,GAAKsuB,EACb,OAAOD,CACX,CAqE8BE,CAAQhB,EAAUrmB,SAAa,EAAJlH,IACxCmmB,GAAMkI,EAAM,GAAMjI,GAAMiI,EAAM,GAAMhI,GAAMgI,EAAM,GAAM/H,GAAM+H,EAAM,KAChElI,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE9tB,KAAOmmB,EAAM2H,EAAE9tB,KAAOomB,EAAM0H,EAAE9tB,KAAOqmB,EAAMyH,EAAE9tB,KAAOsmB,CACvE,CAEY,OADAZ,MAAS8F,GACFuC,CACV,EACD,OAAAxB,CAAQiB,EAAYf,IA7H5B,SAA8B1nB,GAE1B,GADAwhB,GAAOxhB,GACHA,EAAKjF,OAAS8lB,IAAe,EAC7B,MAAUnmB,MAAM,yEAExB,CAyHY+uB,CAAqBhB,GACrB,MAAM3B,EAAKC,GAAejd,GAC1B,IAAIsf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GACVnK,EAAMwI,GAAOgB,EAAW1tB,OAAQ2sB,GACjChH,GAAY+H,IACbhC,EAAQxqB,KAAMwsB,EAAa/I,GAAU+I,IACzC,MAAMzX,EAAIsO,GAAImJ,GACRM,EAAIzJ,GAAIL,GAEd,IAAImC,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIpuB,EAAI,EAAGA,EAAI,GAAK+V,EAAEjW,QAAS,CAEhC,MAAM2uB,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EACzCH,EAAKpQ,EAAE/V,EAAI,GAAMomB,EAAKrQ,EAAE/V,EAAI,GAAMqmB,EAAKtQ,EAAE/V,EAAI,GAAMsmB,EAAKvQ,EAAE/V,EAAI,GAC/D,MAAQmmB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAO0E,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAClEwH,EAAE9tB,KAAO0nB,EAAK+G,EAAOX,EAAE9tB,KAAO2nB,EAAK+G,EAAOZ,EAAE9tB,KAAO4nB,EAAK+G,EAAOb,EAAE9tB,KAAO6nB,EAAK+G,CAC9F,CAEY,OADAlJ,MAAS8F,GA1HrB,SAAsBzmB,EAAM6oB,GACxB,IAAKA,EACD,OAAO7oB,EACX,MAAMwmB,EAAMxmB,EAAKjF,OACjB,IAAKyrB,EACD,MAAU9rB,MAAM,2CACpB,MAAMovB,EAAW9pB,EAAKwmB,EAAM,GAC5B,GAAIsD,GAAY,GAAKA,EAAW,GAC5B,MAAUpvB,MAAM,4BACpB,MAAMukB,EAAMjf,EAAKmC,SAAS,GAAI2nB,GAC9B,IAAK,IAAI7uB,EAAI,EAAGA,EAAI6uB,EAAU7uB,IAC1B,GAAI+E,EAAKwmB,EAAMvrB,EAAI,KAAO6uB,EACtB,MAAUpvB,MAAM,4BACxB,OAAOukB,CACX,CA6GmB8K,CAAa9K,EAAK4J,EAC5B,EAET,IAKamB,GAAMnK,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK6e,GAGhF,SAASsB,EAAWpC,EAAKqC,EAAWxC,GAChClG,GAAOqG,GACP,MAAMC,EAASD,EAAI9sB,OACnB2sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMZ,EAAKP,GAAYzc,GACvB,IAAIsf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAC7B1I,GAAYmH,IACbpB,EAAQxqB,KAAM4rB,EAAMnI,GAAUmI,IAClC,MAAMI,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZyC,EAASD,EAAYhC,EAAQD,EAC7BoB,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIpuB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,QAAS,CACpC,MAAQqmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO2D,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GACnE2G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmoB,EAC9B8E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKooB,EAC9B6E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqoB,EAC9B4E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsoB,EAC7BnC,EAAK+I,EAAOlvB,KAAQomB,EAAK8I,EAAOlvB,KAAQqmB,EAAK6I,EAAOlvB,KAAQsmB,EAAK4I,EAAOlvB,IACrF,CAEQ,MAAMsC,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OApd/B,GAqdb,GAAIwC,EAAQuqB,EAAQ,GACb1G,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC9C,MAAMxJ,EAAMqH,GAAG,IAAI9F,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,KAC5C,IAAK,IAAItmB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM5I,EAClB,CAEQ,OADA4I,MAAS8F,GACFiB,CACf,CACI,OAvCAlG,GAAO1X,GACP0X,GAAOmH,EAAI,IAsCJ,CACHzB,QAAS,CAACsB,EAAWd,IAAQuC,EAAWzB,GAAW,EAAMd,GACzDF,QAAS,CAACiB,EAAYf,IAAQuC,EAAWxB,GAAY,EAAOf,GAEpE,IAyBO,MAAM9f,GAAMiY,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,GAAI8B,UAAW,KAAM,SAAatgB,EAAK8d,EAAOyC,GAQtG,GAPA7I,GAAO1X,GACP0X,GAAOoG,QACKrsB,IAAR8uB,GACA7I,GAAO6I,GAIPzC,EAAM7sB,OAAS,EACf,MAAUL,MAAM,iCACpB,MAAM0vB,EAAY,GAClB,SAASE,EAAYC,EAASC,EAASxqB,GACnC,MAAMkX,EAnCd,SAAoB9W,EAAI8f,EAAMpW,EAAK9J,EAAMqqB,GACrC,MAAMI,EAAmB,MAAPJ,EAAc,EAAIA,EAAItvB,OAClC2vB,EAAItqB,EAAG8d,OAAOpU,EAAK9J,EAAKjF,OAAS0vB,GACnCJ,GACAK,EAAEjN,OAAO4M,GACbK,EAAEjN,OAAOzd,GACT,MAAMgjB,EAAM,IAAIpoB,WAAW,IACrBqlB,EAAOV,GAAWyD,GACpBqH,GACArK,GAAaC,EAAM,EAAGG,OAAmB,EAAZqK,GAAgBvK,GACjDF,GAAaC,EAAM,EAAGG,OAAqB,EAAdpgB,EAAKjF,QAAamlB,GAC/CwK,EAAEjN,OAAOuF,GACT,MAAMgB,EAAM0G,EAAEhN,SAEd,OADAiD,GAAMqC,GACCgB,CACX,CAoBoB2G,CAAW/F,IAAO,EAAO2F,EAASvqB,EAAMqqB,GACpD,IAAK,IAAIpvB,EAAI,EAAGA,EAAIuvB,EAAQzvB,OAAQE,IAChCic,EAAIjc,IAAMuvB,EAAQvvB,GACtB,OAAOic,CACf,CACI,SAAS0T,IACL,MAAM9D,EAAKP,GAAYzc,GACjBygB,EAAU1F,GAAY/oB,QACtB+uB,EAAUhG,GAAY/oB,QAG5B,GAFAqsB,GAAMrB,GAAI,EAAO+D,EAASA,EAASN,GAEd,KAAjB3C,EAAM7sB,OACN8vB,EAAQvvB,IAAIssB,OAEX,CACD,MAAMkD,EAAWjG,GAAY/oB,QAE7BkkB,GADaT,GAAWuL,GACL,EAAG1K,OAAsB,EAAfwH,EAAM7sB,SAAa,GAEhD,MAAMgwB,EAAInG,GAAM1G,OAAOqM,GAAS9M,OAAOmK,GAAOnK,OAAOqN,GACrDC,EAAElH,WAAWgH,GACbE,EAAE3oB,SACd,CAEQ,MAAO,CAAE0kB,KAAIyD,UAASM,UAASL,QADfrC,GAAMrB,GAAI,EAAO+D,EAAShG,IAElD,CACI,MAAO,CACH,OAAAqC,CAAQsB,GACJhH,GAAOgH,GACP,MAAM1B,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpC3L,EAAM,IAAIrkB,WAAW4tB,EAAUztB,OAASqvB,GACxC3D,EAAU,CAACK,EAAIyD,EAASM,EAASL,GAClC9J,GAAY8H,IACb/B,EAAQxqB,KAAMusB,EAAY9I,GAAU8I,IACxCL,GAAMrB,GAAI,EAAO+D,EAASrC,EAAWvJ,GACrC,MAAM/H,EAAMoT,EAAYC,EAASC,EAASvL,EAAI9c,SAAS,EAAG8c,EAAIlkB,OAASqvB,IAIvE,OAHA3D,EAAQxqB,KAAKib,GACb+H,EAAI3jB,IAAI4b,EAAKsR,EAAUztB,QACvB4lB,MAAS8F,GACFxH,CACV,EACD,OAAAuI,CAAQiB,GAEJ,GADAjH,GAAOiH,GACHA,EAAW1tB,OAASqvB,EACpB,MAAU1vB,MAAM,6CACpB,MAAMosB,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpCnE,EAAU,CAACK,EAAIyD,EAASC,EAASK,GAClCnK,GAAY+H,IACbhC,EAAQxqB,KAAMwsB,EAAa/I,GAAU+I,IACzC,MAAMzoB,EAAOyoB,EAAWtmB,SAAS,GAAG,IAC9B6oB,EAAYvC,EAAWtmB,UAAS,IAChC+U,EAAMoT,EAAYC,EAASC,EAASxqB,GAE1C,GADAymB,EAAQxqB,KAAKib,IACRyI,GAAWzI,EAAK8T,GACjB,MAAUtwB,MAAM,8BACpB,MAAMukB,EAAMkJ,GAAMrB,GAAI,EAAO+D,EAAS7qB,GAEtC,OADA2gB,MAAS8F,GACFxH,CACV,EAET,IAkHA,SAASgM,GAAUxT,GACf,OAAa,MAALA,GACS,iBAANA,IACNA,aAAa6B,aAAsC,gBAAvB7B,EAAE1e,YAAYqI,KACnD,CACA,SAAS8pB,GAAapE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUpsB,MAAM,+CACpB,MAAM+oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CACA,SAASC,GAAatE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUpsB,MAAM,+CACpB,MAAM+oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CAOA,MAAME,GAAO,CAiBT,OAAAnE,CAAQoE,EAAKrM,GAGT,GAAIA,EAAIlkB,QAAU,GAAK,GACnB,MAAUL,MAAM,qCACpB,MAAMosB,EAAKP,GAAY+E,GACvB,GAAmB,KAAfrM,EAAIlkB,OACJmwB,GAAapE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAM,EAAGzU,EAAI,EAAGA,IAC5B,IAAK,IAAInY,EAAM,EAAGA,EAAM4oB,EAAIhpB,OAAQI,GAAO,EAAG4sB,IAAO,CACjD,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIyE,EAAIC,EAAIzH,EAAI5oB,GAAM4oB,EAAI5oB,EAAM,IAElEowB,EAAKnK,EAAMoK,EAAKnK,EAAKkE,GAASwC,GAAQhE,EAAI5oB,GAAOmmB,EAAMyC,EAAI5oB,EAAM,GAAKomB,CAC3F,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,EACD,OAAA4G,CAAQ8D,EAAKrM,GACT,GAAIA,EAAIlkB,OAAS,GAAK,GAAK,GACvB,MAAUL,MAAM,sCACpB,MAAMosB,EAAKC,GAAeuE,GACpBG,EAASxM,EAAIlkB,OAAS,EAAI,EAChC,GAAe,IAAX0wB,EACAL,GAAatE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAe,EAAT0D,EAAYnY,EAAI,EAAGA,IACrC,IAAK,IAAInY,EAAe,EAATswB,EAAYtwB,GAAO,EAAGA,GAAO,EAAG4sB,IAAO,CAClDyD,GAAMjG,GAASwC,GACf,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIyE,EAAIC,EAAIzH,EAAI5oB,GAAM4oB,EAAI5oB,EAAM,IAClEowB,EAAKnK,EAAMoK,EAAKnK,EAAM0C,EAAI5oB,GAAOmmB,EAAMyC,EAAI5oB,EAAM,GAAKomB,CAC3E,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,GAEC8K,GAAW,IAAI9wB,WAAW,GAAGgmB,KAAK,KAQ3B+K,GAAQ9L,GAAW,CAAEzD,UAAW,IAAMkP,IAAS,CACxD,OAAApE,CAAQsB,GAEJ,GADAhH,GAAOgH,IACFA,EAAUztB,QAAUytB,EAAUztB,OAAS,GAAM,EAC9C,MAAUL,MAAM,4BACpB,GAAyB,IAArB8tB,EAAUztB,OACV,MAAUL,MAAM,wDACpB,MAAMukB,EF1rBP,YAAwBnkB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CE4qBoB8H,CAAYJ,GAAUlD,GAElC,OADA6C,GAAKnE,QAAQoE,EAAKrM,GACXA,CACV,EACD,OAAAuI,CAAQiB,GAKJ,GAJAjH,GAAOiH,GAIHA,EAAW1tB,OAAS,GAAM,GAAK0tB,EAAW1tB,OAAS,GACnD,MAAUL,MAAM,6BACpB,MAAMukB,EAAMS,GAAU+I,GAEtB,GADA4C,GAAK7D,QAAQ8D,EAAKrM,IACbU,GAAWV,EAAI9c,SAAS,EAAG,GAAIupB,IAChC,MAAUhxB,MAAM,0BAEpB,OADAukB,EAAI9c,SAAS,EAAG,GAAGye,KAAK,GACjB3B,EAAI9c,SAAS,EACvB,MA+EQ4pB,GAAS,CAClBxF,eACAQ,kBACJG,QAAIA,GACJM,QAAIA,GACA0D,gBACAE,gBACAzD,cACAQ,UC73BE9S,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAElBwW,GAAa7O,GAAaA,GAAW8O,aAAe,GACpDC,GAAY,CAChBjmB,KAAM+lB,GAAW3T,SAAS,YAAc,gBAAa9c,EACrD2K,UAAW8lB,GAAW3T,SAAS,gBAAkB,oBAAiB9c,EAClE4K,MAAO6lB,GAAW3T,SAAS,aAAe,iBAAc9c,EACxD6K,SAAU4lB,GAAW3T,SAAS,UAAY,cAAW9c,EACrD8K,OAAQ2lB,GAAW3T,SAAS,eAAiB,mBAAgB9c,EAC7D+K,OAAQ0lB,GAAW3T,SAAS,eAAiB,mBAAgB9c,EAC7DgL,OAAQylB,GAAW3T,SAAS,eAAiB,mBAAgB9c,GA2F/D,MAAM4wB,GACJ,WAAApzB,CAAY6iB,EAAM9R,EAAK6e,GACrB,MAAMvM,UAAEA,GAAcF,GAAgBN,GACtCziB,KAAK2Q,IAAMA,EACX3Q,KAAKizB,UAAYzD,EACjBxvB,KAAKkzB,UAAY,IAAIzxB,WAAWwhB,GAChCjjB,KAAK8B,EAAI,EACT9B,KAAKijB,UAAYA,EACjBjjB,KAAKmzB,UAAY,IAAI1xB,WAAWzB,KAAKijB,UACzC,CAEE,wBAAamQ,CAAY3Q,GACvB,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOvG,GAAUmX,UAAU,MAAO,IAAI5xB,WAAWuhB,GAAU,WAAW,EAAO,CAAC,YAC3EngB,MAAK,KAAM,IAAM,KAAM,GAC9B,CAEE,aAAMywB,CAAQjE,EAAWkE,GACvB,MAAMC,EAAO,UACbxzB,KAAKyzB,OAASzzB,KAAKyzB,cAAgBvX,GAAUmX,UAAU,MAAOrzB,KAAK2Q,IAAK6iB,GAAM,EAAO,CAAC,YACtF,MAAMlE,QAAmBpT,GAAU6R,QACjC,CAAE9lB,KAAMurB,EAAMhE,GAAI+D,GAAavzB,KAAKmzB,WACpCnzB,KAAKyzB,OACLpE,GAEF,OAAO,IAAI5tB,WAAW6tB,GAAYtmB,SAAS,EAAGqmB,EAAUztB,OAC5D,CAEE,kBAAM8xB,CAAanxB,GACjB,MAAMoxB,EAAU3zB,KAAKkzB,UAAUtxB,OAAS5B,KAAK8B,EACvC8xB,EAAQrxB,EAAMyG,SAAS,EAAG2qB,GAEhC,GADA3zB,KAAKkzB,UAAU/wB,IAAIyxB,EAAO5zB,KAAK8B,GAC1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKijB,UAAY,CACnD,MAAM4Q,GAAYtxB,EAAMX,OAAS+xB,GAAW3zB,KAAKijB,UAC3CoM,EAAYvY,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL3wB,EAAMyG,SAAS2qB,EAASpxB,EAAMX,OAASiyB,KAEnCC,EAAYhd,EAAKpV,iBAAiB,CACtC1B,KAAKizB,UACL5D,EAAUrmB,SAAS,EAAGqmB,EAAUztB,OAAS5B,KAAKijB,aAG1C8Q,QAAwB/zB,KAAKszB,QAAQQ,GAQ3C,OAPAE,GAAOD,EAAiB1E,GACxBrvB,KAAKizB,UAAYc,EAAgBpxB,OAAO3C,KAAKijB,WAGzC4Q,EAAW,GAAG7zB,KAAKkzB,UAAU/wB,IAAII,EAAMyG,UAAU6qB,IACrD7zB,KAAK8B,EAAI+xB,EAEFE,CACb,CAGI,IAAIE,EACJ,GAFAj0B,KAAK8B,GAAK8xB,EAAMhyB,OAEZ5B,KAAK8B,IAAM9B,KAAKkzB,UAAUtxB,OAAQ,CACpC,MAAMsyB,EAAWl0B,KAAKkzB,UACtBe,QAAuBj0B,KAAKszB,QAAQtzB,KAAKizB,WACzCe,GAAOC,EAAgBC,GACvBl0B,KAAKizB,UAAYgB,EAAetxB,QAChC3C,KAAK8B,EAAI,EAET,MAAMiuB,EAAYxtB,EAAMyG,SAAS4qB,EAAMhyB,QACvC5B,KAAKkzB,UAAU/wB,IAAI4tB,EAAW/vB,KAAK8B,GACnC9B,KAAK8B,GAAKiuB,EAAUnuB,MAC1B,MACMqyB,EAAiB,IAAIxyB,WAGvB,OAAOwyB,CACX,CAEE,YAAMttB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CACLzB,KAAKkzB,UAAYlzB,KAAKkzB,UAAUlqB,SAAS,EAAGhJ,KAAK8B,GACjD,MAAMoyB,EAAWl0B,KAAKkzB,UAChBe,QAAuBj0B,KAAKszB,QAAQtzB,KAAKizB,WAC/Ce,GAAOC,EAAgBC,GACvBnyB,EAASkyB,EAAejrB,SAAS,EAAGkrB,EAAStyB,OACnD,CAGI,OADA5B,KAAKm0B,qBACEpyB,CACX,CAEE,kBAAAoyB,GACEn0B,KAAKkzB,UAAUzL,KAAK,GACpBznB,KAAKizB,UAAUxL,KAAK,GACpBznB,KAAKyzB,OAAS,KACdzzB,KAAK2Q,IAAM,IACf,CAEE,aAAMod,CAAQsB,GAEZ,MAKM+E,SAL6Bp0B,KAAKszB,QACtCxc,EAAKpV,iBAAiB,CAAC,IAAID,WAAWzB,KAAKijB,WAAYoM,IACvDrvB,KAAKwvB,KAGyBxmB,SAAS,EAAGqmB,EAAUztB,QAGtD,OAFAoyB,GAAOI,EAAI/E,GACXrvB,KAAKm0B,qBACEC,CACX,EAGA,MAAMC,GACJ,WAAAz0B,CAAY00B,EAAe7R,EAAM9R,EAAK6e,GACpCxvB,KAAKs0B,cAAgBA,EACrB,MAAMrR,UAAEA,GAAcF,GAAgBN,GACtCziB,KAAK2Q,IAAM4jB,GAAgBnH,YAAYzc,GAEnC6e,EAAGnlB,WAAa,GAAM,IAAGmlB,EAAKA,EAAG7sB,SACrC3C,KAAKizB,UAAYuB,GAAehF,GAChCxvB,KAAKkzB,UAAY,IAAIzxB,WAAWwhB,GAChCjjB,KAAK8B,EAAI,EACT9B,KAAKijB,UAAYA,CACrB,CAEE,OAAAwR,CAAQ/F,GACN,MAAMI,EAAQ0F,GAAe9F,GACvBH,EAAM,IAAI9sB,WAAWitB,EAAI9sB,QACzBmtB,EAAQyF,GAAejG,GAC7B,IAAK,IAAIzsB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EAAG,CAC7C,MAAQmmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOmK,GAAgBxG,QAAQ/tB,KAAK2Q,IAAK3Q,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,IACrJlE,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmoB,EAC9B8E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKooB,EAC9B6E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqoB,EAC9B4E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsoB,EAC9BpqB,KAAKizB,WAAajzB,KAAKs0B,cAAgBvF,EAAQD,GAAOnsB,MAAMb,EAAGA,EAAI,EACzE,CACI,OAAOysB,CACX,CAEE,kBAAMmG,CAAanyB,GACjB,MAAMoxB,EAAU3zB,KAAKkzB,UAAUtxB,OAAS5B,KAAK8B,EACvC8xB,EAAQrxB,EAAMyG,SAAS,EAAG2qB,GAGhC,GAFA3zB,KAAKkzB,UAAU/wB,IAAIyxB,EAAO5zB,KAAK8B,GAE1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKijB,UAAY,CACnD,MAAM4Q,GAAYtxB,EAAMX,OAAS+xB,GAAW3zB,KAAKijB,UAC3C0R,EAAY7d,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL3wB,EAAMyG,SAAS2qB,EAASpxB,EAAMX,OAASiyB,KAGnCe,EAAkB50B,KAAKy0B,QAAQE,GAMrC,OAHId,EAAW,GAAG7zB,KAAKkzB,UAAU/wB,IAAII,EAAMyG,UAAU6qB,IACrD7zB,KAAK8B,EAAI+xB,EAEFe,CACb,CAII,IAAIC,EACJ,GAHA70B,KAAK8B,GAAK8xB,EAAMhyB,OAGZ5B,KAAK8B,IAAM9B,KAAKkzB,UAAUtxB,OAAQ,CACpCizB,EAAiB70B,KAAKy0B,QAAQz0B,KAAKkzB,WACnClzB,KAAK8B,EAAI,EAET,MAAMiuB,EAAYxtB,EAAMyG,SAAS4qB,EAAMhyB,QACvC5B,KAAKkzB,UAAU/wB,IAAI4tB,EAAW/vB,KAAK8B,GACnC9B,KAAK8B,GAAKiuB,EAAUnuB,MAC1B,MACMizB,EAAiB,IAAIpzB,WAGvB,OAAOozB,CACX,CAEE,YAAMluB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CAGLM,EAFuB/B,KAAKy0B,QAAQz0B,KAAKkzB,WAEjBlqB,SAAS,EAAGhJ,KAAK8B,EAC/C,CAGI,OADA9B,KAAKm0B,qBACEpyB,CACX,CAEE,kBAAAoyB,GACEn0B,KAAKkzB,UAAUzL,KAAK,GACpBznB,KAAKizB,UAAUxL,KAAK,GACpBznB,KAAK2Q,IAAI8W,KAAK,EAClB,EAuBA,SAASuM,GAAO1V,EAAGzG,GACjB,MAAMid,EAAUrsB,KAAKsd,IAAIzH,EAAE1c,OAAQiW,EAAEjW,QACrC,IAAK,IAAIE,EAAI,EAAGA,EAAIgzB,EAAShzB,IAC3Bwc,EAAExc,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAEpB,CAEA,MAAM0yB,GAAiBtO,GAAO,IAAI/F,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,8DAnQ/FhI,eAAuBmgB,EAAM9R,EAAK2e,EAAYE,GACnD,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAIuB,IAAc+O,GAAUgC,GAC1B,OAwQJ,SAAqBtS,EAAM9R,EAAKyjB,EAAI5E,GAClC,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvCuS,EAAc,IAAIhR,GAAWiR,iBAAiBlC,GAAUgC,GAAWpkB,EAAK6e,GAC9E,OAAOzV,EAAiBqa,GAAI7xB,GAAS,IAAId,WAAWuzB,EAAY1Q,OAAO/hB,KACzE,CA5QW2yB,CAAYzS,EAAM9R,EAAK2e,EAAYE,GAE5C,GAAI1Y,EAAK0H,MAAMiE,GACb,OA8OJngB,eAA0BmgB,EAAM9R,EAAKyjB,EAAI5E,GACvC,GAAI1Y,EAAK7V,SAASmzB,GAAK,CACrB,MAAMvD,EAAM,IAAIwD,IAAqB,EAAO5R,EAAM9R,EAAK6e,GACvD,OAAOzV,EAAiBqa,GAAI7xB,GAASsuB,EAAI6D,aAAanyB,KAAQ,IAAMsuB,EAAIlqB,UAC5E,CACE,OAAOwuB,GAAYxkB,EAAK6e,GAAInB,QAAQ+F,EACtC,CApPWgB,CAAW3S,EAAM9R,EAAK2e,EAAYE,GAG3C,MACM6F,EAAW,UADU7S,GAAgBC,IACT9R,GAC5B2kB,EAAaD,EAASpS,UAE5B,IAAIsS,EAAS/F,EACT4E,EAAK,IAAI3yB,WACb,MAAM2B,EAAUJ,IACVA,IACFoxB,EAAKtd,EAAKpV,iBAAiB,CAAC0yB,EAAIpxB,KAElC,MAAMqsB,EAAY,IAAI5tB,WAAW2yB,EAAGxyB,QACpC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQoxB,EAAGxyB,QAAU0zB,EAAalB,EAAGxyB,QAAQ,CAClD,MAAM4zB,EAAWH,EAAStH,QAAQwH,GAElC,IADAA,EAASnB,EAAGprB,SAAS,EAAGssB,GACnBxzB,EAAI,EAAGA,EAAIwzB,EAAYxzB,IAC1ButB,EAAUlV,KAAOob,EAAOzzB,GAAK0zB,EAAS1zB,GAExCsyB,EAAKA,EAAGprB,SAASssB,EACvB,CACI,OAAOjG,EAAUrmB,SAAS,EAAGmR,EAAE,EAEjC,OAAOJ,EAAiBuV,EAAYlsB,EAASA,EAC/C,UA5EOd,eAAuBmgB,EAAM9R,EAAK0e,EAAWG,EAAItb,GACtD,MAAM6gB,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAI3L,EAAKuF,iBAAmB0W,GAAUgC,GACpC,OA6SJ,SAAqBtS,EAAM9R,EAAK8kB,EAAIjG,GAClC,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvCiT,EAAY,IAAI1R,GAAW2R,eAAe5C,GAAUgC,GAAWpkB,EAAK6e,GAC1E,OAAOzV,EAAiB0b,GAAIlzB,GAAS,IAAId,WAAWi0B,EAAUpR,OAAO/hB,KACvE,CAjTWqzB,CAAYnT,EAAM9R,EAAK0e,EAAWG,GAE3C,GAAI1Y,EAAK0H,MAAMiE,GACb,OA8QJngB,eAA0BmgB,EAAM9R,EAAK8kB,EAAIjG,GACvC,GAAItT,UAAmB8W,GAAmBI,YAAY3Q,GAAO,CAC3D,MAAMoO,EAAM,IAAImC,GAAmBvQ,EAAM9R,EAAK6e,GAC9C,OAAO1Y,EAAK7V,SAASw0B,GAAM1b,EAAiB0b,GAAIlzB,GAASsuB,EAAI6C,aAAanxB,KAAQ,IAAMsuB,EAAIlqB,WAAYkqB,EAAI9C,QAAQ0H,EACrH,CAAM,GAAI3e,EAAK7V,SAASw0B,GAAK,CAC5B,MAAM5E,EAAM,IAAIwD,IAAqB,EAAM5R,EAAM9R,EAAK6e,GACtD,OAAOzV,EAAiB0b,GAAIlzB,GAASsuB,EAAI6D,aAAanyB,KAAQ,IAAMsuB,EAAIlqB,UAC5E,CACE,OAAOwuB,GAAYxkB,EAAK6e,GAAIzB,QAAQ0H,EACtC,CAvRWI,CAAWpT,EAAM9R,EAAK0e,EAAWG,GAG1C,MACM6F,EAAW,UADU7S,GAAgBC,IACT9R,GAC5B2kB,EAAaD,EAASpS,UAEtB6S,EAAStG,EAAG7sB,QAClB,IAAI8yB,EAAK,IAAIh0B,WACb,MAAM2B,EAAUJ,IACVA,IACFyyB,EAAK3e,EAAKpV,iBAAiB,CAAC+zB,EAAIzyB,KAElC,MAAMssB,EAAa,IAAI7tB,WAAWg0B,EAAG7zB,QACrC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQyyB,EAAG7zB,QAAU0zB,EAAaG,EAAG7zB,QAAQ,CAClD,MAAMm0B,EAAWV,EAAStH,QAAQ+H,GAClC,IAAKh0B,EAAI,EAAGA,EAAIwzB,EAAYxzB,IAC1Bg0B,EAAOh0B,GAAK2zB,EAAG3zB,GAAKi0B,EAASj0B,GAC7BwtB,EAAWnV,KAAO2b,EAAOh0B,GAE3B2zB,EAAKA,EAAGzsB,SAASssB,EACvB,CACI,OAAOhG,EAAWtmB,SAAS,EAAGmR,EAAE,EAElC,OAAOJ,EAAiBsV,EAAWjsB,EAASA,EAC9C,IC9EA,MAAM8Y,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAgBlB2Z,GAAc,GAWpB,SAASC,GAAYpvB,EAAMgJ,GACzB,MAAM+I,EAAS/R,EAAKjF,OAASo0B,GAC7B,IAAK,IAAIl0B,EAAI,EAAGA,EAAIk0B,GAAal0B,IAC/B+E,EAAK/E,EAAI8W,IAAW/I,EAAQ/N,GAE9B,OAAO+E,CACT,CAeA,MAAMssB,GAAY,IAAI1xB,WAAWu0B,IAElB1zB,eAAe4zB,GAAKvlB,GACjC,MAAM4e,QAAY4G,GAAIxlB,GAGhBd,EAAUiH,EAAK6E,aAAa4T,EAAI4D,KAChCiD,EAAWtf,EAAK6E,OAAO9L,GAE7B,OAAOvN,eAAeuE,GAEpB,aAAc0oB,EAxBlB,SAAa1oB,EAAMgJ,EAASumB,GAE1B,GAAIvvB,EAAKjF,QAAUiF,EAAKjF,OAASo0B,IAAgB,EAE/C,OAAOC,GAAYpvB,EAAMgJ,GAG3B,MAAM8I,EAAS,IAAIlX,WAAWoF,EAAKjF,QAAUo0B,GAAenvB,EAAKjF,OAASo0B,KAG1E,OAFArd,EAAOxW,IAAI0E,GACX8R,EAAO9R,EAAKjF,QAAU,IACfq0B,GAAYtd,EAAQyd,EAC7B,CAasB1D,CAAI7rB,EAAMgJ,EAASumB,KAAYptB,UAAUgtB,GAC5D,CACH,CAEA1zB,eAAe6zB,GAAIxlB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAemzB,GACpB,MACMrB,EADK,IAAIpQ,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAKwiB,IACpE7O,OAAOmR,GACrB,OAAO,IAAIh0B,WAAW2yB,EACvB,EAGH,GAAItd,EAAKmF,eACP,IAEE,OADAtL,QAAYuL,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1FU,eAAemzB,GACpB,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAM,UAAWunB,GAAI2D,GAAWvxB,OAAsB,EAAdo0B,IAAmBrlB,EAAK8kB,GACrG,OAAO,IAAIh0B,WAAW2yB,GAAIprB,SAAS,EAAGorB,EAAG9pB,WAAa0rB,GACvD,CACF,CAAC,MAAOK,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,OAAOjR,eAAemzB,GACpB,OAAOa,GAAY3lB,EAAKwiB,GAAW,CAAExD,gBAAgB,IAAQ5B,QAAQ0H,EACtE,CACH,CC1EA,MAAMvZ,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAGdwZ,GAAc,GACdO,GAAWP,GACX/E,GAAY+E,GAEZQ,GAAO,IAAI/0B,WAAWu0B,IACtBS,GAAM,IAAIh1B,WAAWu0B,IAAcS,GAAIT,GAAc,GAAK,EAChE,MAAMU,GAAM,IAAIj1B,WAAWu0B,IAE3B1zB,eAAeq0B,GAAKhmB,GAClB,MAAMimB,QAAaV,GAAKvlB,GACxB,OAAO,SAAS+K,EAAGnI,GACjB,OAAOqjB,EAAK9f,EAAKpV,iBAAiB,CAACga,EAAGnI,IACvC,CACH,CAEAjR,eAAeu0B,GAAIlmB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAemzB,EAAIjG,GACxB,MAAMsH,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GAC5E4E,EAAK3X,GAAOjY,OAAO,CAACsyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,UAC5C,OAAO,IAAIt1B,WAAW2yB,EACvB,EAGH,GAAItd,EAAKmF,eACP,IACE,MAAMwX,QAAevX,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1G,OAAOU,eAAemzB,EAAIjG,GACxB,MAAM4E,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAM,UAAWypB,QAASlC,EAAI5tB,OAAsB,EAAdo0B,IAAmBvC,EAAQgC,GACtG,OAAO,IAAIh0B,WAAW2yB,EACvB,CACF,CAAC,MAAOiC,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,OAAOjR,eAAemzB,EAAIjG,GACxB,OAAOwH,GAAYrmB,EAAK6e,GAAIzB,QAAQ0H,EACrC,CACH,CAQAnzB,eAAe20B,GAAIrU,EAAQjS,GACzB,GAAIiS,IAAWnY,EAAMoC,UAAUK,QAC7B0V,IAAWnY,EAAMoC,UAAUM,QAC3ByV,IAAWnY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,MACE21B,EACAtI,SACQ1uB,QAAQ4E,IAAI,CACpB6xB,GAAKhmB,GACLkmB,GAAIlmB,KAGN,MAAO,CAQLod,QAASzrB,eAAe+sB,EAAWZ,EAAO0I,GACxC,MACEC,EACAC,SACQn3B,QAAQ4E,IAAI,CACpBoyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,KAENG,QAAiB1I,EAAIS,EAAW+H,GAEhCrZ,QADqBmZ,EAAKR,GAAKY,GAErC,IAAK,IAAIx1B,EAAI,EAAGA,EAAImvB,GAAWnvB,IAC7Bic,EAAIjc,IAAMu1B,EAAUv1B,GAAKs1B,EAAUt1B,GAErC,OAAOgV,EAAKpV,iBAAiB,CAAC41B,EAAUvZ,GACzC,EASDsQ,QAAS/rB,eAAegtB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW1tB,OAASqvB,GAAW,MAAU1vB,MAAM,0BACnD,MAAM+1B,EAAWhI,EAAWtmB,SAAS,GAAIioB,IACnCsG,EAAQjI,EAAWtmB,UAAUioB,KAEjCmG,EACAC,EACAG,SACQt3B,QAAQ4E,IAAI,CACpBoyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,GACVD,EAAKR,GAAKY,KAENvZ,EAAMyZ,EACZ,IAAK,IAAI11B,EAAI,EAAGA,EAAImvB,GAAWnvB,IAC7Bic,EAAIjc,IAAMu1B,EAAUv1B,GAAKs1B,EAAUt1B,GAErC,IAAKgV,EAAKmE,iBAAiBsc,EAAOxZ,GAAM,MAAUxc,MAAM,+BAExD,aADwBqtB,EAAI0I,EAAUF,EAE5C,EAEA,CAnHyCV,GAAIV,GAAc,GAAK,EA2HhEiB,GAAIQ,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEAwI,GAAIjB,YAAcA,GAClBiB,GAAIV,SAAWA,GACfU,GAAIhG,UAAYA,GClJhB,MAAM+E,GAAc,GAOd/E,GAAY,GAGlB,SAAS0G,GAAIhgB,GACX,IAAIggB,EAAM,EACV,IAAK,IAAI71B,EAAI,IAAI6V,EAAI7V,GAAUA,IAAM,EACnC61B,IAEF,OAAOA,CACT,CAEA,SAAS3D,GAAO4D,EAAGC,GACjB,IAAK,IAAI/1B,EAAI,EAAGA,EAAI81B,EAAEh2B,OAAQE,IAC5B81B,EAAE91B,IAAM+1B,EAAE/1B,GAEZ,OAAO81B,CACT,CAEA,SAASE,GAAIF,EAAGC,GACd,OAAO7D,GAAO4D,EAAEj1B,QAASk1B,EAC3B,CAEA,MAAM1E,GAAY,IAAI1xB,WAAWu0B,IAC3BS,GAAM,IAAIh1B,WAAW,CAAC,IAO5Ba,eAAey1B,GAAInV,EAAQjS,GACzB,MAAMqS,QAAEA,GAAYD,GAAgBH,GAEpC,IAAK9L,EAAK0H,MAAMoE,IAAWjS,EAAI/O,SAAWohB,EACxC,MAAUzhB,MAAM,oCAGlB,IAAIy2B,EAAS,EAKb,MAAMC,EAAM3B,GAAY3lB,EAAKwiB,GAAW,CAAExD,gBAAgB,IACpDuI,EAAWlG,GAASiG,EAAIlK,QAAQiE,GAChCmG,EAAWnG,GAASiG,EAAI5J,QAAQ2D,GACtC,IAAIpI,EAmEJ,SAASwO,EAAMnxB,EAAI+I,EAAMye,EAAO0I,GAI9B,MAAMkB,EAAIroB,EAAKpO,OAASo0B,GAAc,GAxDxC,SAA4BhmB,EAAMmnB,GAChC,MAAMmB,EAAYxhB,EAAKsC,MAAM3Q,KAAKC,IAAIsH,EAAKpO,OAAQu1B,EAAMv1B,QAAUo0B,GAAc,GAAK,EACtF,IAAK,IAAIl0B,EAAIk2B,EAAS,EAAGl2B,GAAKw2B,EAAWx2B,IACvC8nB,EAAK9nB,GAAKgV,EAAK6E,OAAOiO,EAAK9nB,EAAI,IAEjCk2B,EAASM,CACb,CAuDIC,CAAmBvoB,EAAMmnB,GAOzB,MAAMqB,EAAc1hB,EAAKpV,iBAAiB,CAACyxB,GAAUnqB,SAAS,EAtIjD,GAsI+DylB,EAAM7sB,QAAS60B,GAAKhI,IAE1FgK,EAAwC,GAA/BD,EAAYxC,IAE3BwC,EAAYxC,KAAoB,IAChC,MAAM0C,EAAOR,EAASM,GAEhBG,EAAY7hB,EAAKpV,iBAAiB,CAACg3B,EAAMZ,GAAIY,EAAK1vB,SAAS,EAAG,GAAI0vB,EAAK1vB,SAAS,EAAG,MAEnF4P,EAAS9B,EAAKgF,WAAW6c,EAAU3vB,SAAS,GAAKyvB,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAazvB,SAAS,GAE/G4vB,EAAW,IAAIn3B,WAAWu0B,IAE1B5B,EAAK,IAAI3yB,WAAWuO,EAAKpO,OAASqvB,IAKxC,IAAInvB,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIu2B,EAAGv2B,IAEjBkyB,GAAOpb,EAAQgR,EAAK+N,GAAI71B,EAAI,KAG5BsyB,EAAGjyB,IAAI6xB,GAAO/sB,EAAG6wB,GAAIlf,EAAQ5I,IAAQ4I,GAAS5W,GAE9CgyB,GAAO4E,EAAU3xB,IAAOixB,EAAWloB,EAAOokB,EAAGprB,SAAShH,IAEtDgO,EAAOA,EAAKhH,SAASgtB,IACrBh0B,GAAOg0B,GAMT,GAAIhmB,EAAKpO,OAAQ,CAEfoyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAM3L,EAAUqoB,EAAStf,GAEzBwb,EAAGjyB,IAAI21B,GAAI9nB,EAAMH,GAAU7N,GAG3B,MAAM62B,EAAW,IAAIp3B,WAAWu0B,IAChC6C,EAAS12B,IAAI8E,IAAOixB,EAAWloB,EAAOokB,EAAGprB,SAAShH,GAAK,IAAa,GACpE62B,EAAS7oB,EAAKpO,QAAU,IACxBoyB,GAAO4E,EAAUC,GACjB72B,GAAOgO,EAAKpO,MAClB,CAEI,MAAMmc,EAAMiW,GAAOkE,EAASlE,GAAOA,GAAO4E,EAAUhgB,GAASgR,EAAKkP,IAhHpE,SAAc3B,GACZ,IAAKA,EAAMv1B,OAET,OAAOuxB,GAMT,MAAMkF,EAAIlB,EAAMv1B,OAASo0B,GAAc,EAEjCpd,EAAS,IAAInX,WAAWu0B,IACxBvD,EAAM,IAAIhxB,WAAWu0B,IAC3B,IAAK,IAAIl0B,EAAI,EAAGA,EAAIu2B,EAAGv2B,IACrBkyB,GAAOpb,EAAQgR,EAAK+N,GAAI71B,EAAI,KAC5BkyB,GAAOvB,EAAKyF,EAASJ,GAAIlf,EAAQue,KACjCA,EAAQA,EAAMnuB,SAASgtB,IAMzB,GAAImB,EAAMv1B,OAAQ,CAChBoyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAMud,EAAc,IAAIt3B,WAAWu0B,IACnC+C,EAAY52B,IAAIg1B,EAAO,GACvB4B,EAAY5B,EAAMv1B,QAAU,IAC5BoyB,GAAO+E,EAAangB,GAEpBob,GAAOvB,EAAKyF,EAASa,GAC3B,CAEI,OAAOtG,CACX,CA8E2E9kB,CAAKwpB,IAO5E,OADA/C,EAAGjyB,IAAI4b,EAAK/b,GACLoyB,CACX,CAGE,OA9IA,WACE,MAAM4E,EAASd,EAAS/E,IAClB8F,EAASniB,EAAK6E,OAAOqd,GAC3BpP,EAAO,GACPA,EAAK,GAAK9S,EAAK6E,OAAOsd,GAGtBrP,EAAKpO,EAAIwd,EACTpP,EAAKkP,EAAIG,CACb,CAXEC,GAgJO,CAQLnL,QAASzrB,eAAe+sB,EAAWZ,EAAO0I,GACxC,OAAOiB,EAAMF,EAAU7I,EAAWZ,EAAO0I,EAC1C,EASD9I,QAAS/rB,eAAegtB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW1tB,OAASqvB,GAAW,MAAU1vB,MAAM,0BAEnD,MAAMwc,EAAMuR,EAAWtmB,UAAS,IAChCsmB,EAAaA,EAAWtmB,SAAS,GAAG,IAEpC,MAAMmwB,EAAUf,EAAMD,EAAU7I,EAAYb,EAAO0I,GAEnD,GAAIrgB,EAAKmE,iBAAiB8C,EAAKob,EAAQnwB,UAAS,KAC9C,OAAOmwB,EAAQnwB,SAAS,GAAG,IAE7B,MAAUzH,MAAM,8BACtB,EAEA,CAQAw2B,GAAIN,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEAsJ,GAAI/B,YAAcA,GAClB+B,GAAIxB,SAvPa,GAwPjBwB,GAAI9G,UAAYA,GCxPhB,MAAM/U,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAIdyU,GAAY,GACZmI,GAAO,UAOb92B,eAAe+2B,GAAIzW,EAAQjS,GACzB,GAAIiS,IAAWnY,EAAMoC,UAAUK,QAC7B0V,IAAWnY,EAAMoC,UAAUM,QAC3ByV,IAAWnY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,GAAIuV,EAAKuF,gBACP,MAAO,CACL0R,QAASzrB,eAAemzB,EAAIjG,EAAI2H,EAAQ,IAAI11B,YAC1C,MAAMq1B,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GAClFsH,EAAGwC,OAAOnC,GACV,MAAM/C,EAAK3X,GAAOjY,OAAO,CAACsyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,QAASD,EAAGyC,eACxD,OAAO,IAAI93B,WAAW2yB,EACvB,EAED/F,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,EAAQ,IAAI11B,YAC1C,MAAM+3B,EAAK,IAAIxV,GAAWiR,iBAAiB,OAAuB,EAAbtkB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GACpFgK,EAAGF,OAAOnC,GACVqC,EAAGC,WAAWrF,EAAGzxB,MAAMyxB,EAAGxyB,OAASqvB,GAAWmD,EAAGxyB,SACjD,MAAM6zB,EAAKhZ,GAAOjY,OAAO,CAACg1B,EAAGlV,OAAO8P,EAAGzxB,MAAM,EAAGyxB,EAAGxyB,OAASqvB,KAAauI,EAAGzC,UAC5E,OAAO,IAAIt1B,WAAWg0B,EAC9B,GAIE,GAAI3e,EAAKmF,eACP,IACE,MAAMyd,QAAaxd,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAMmxB,KAAQ,EAAO,CAAC,UAAW,YAEhFO,EAAoChd,UAAUid,UAAUja,MAAM,kCAClEhD,UAAUid,UAAUja,MAAM,kDAC5B,MAAO,CACLoO,QAASzrB,eAAemzB,EAAIjG,EAAI2H,EAAQ,IAAI11B,YAC1C,GAAIk4B,IAAsClE,EAAG7zB,OAC3C,OAAOi4B,GAAYlpB,EAAK6e,EAAI2H,GAAOpJ,QAAQ0H,GAE7C,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAMmxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMjE,GAC9G,OAAO,IAAIh0B,WAAW2yB,EACvB,EAED/F,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,EAAQ,IAAI11B,YAC1C,GAAIk4B,GAAqCvF,EAAGxyB,SAAWqvB,GACrD,OAAO4I,GAAYlpB,EAAK6e,EAAI2H,GAAO9I,QAAQ+F,GAE7C,IACE,MAAMqB,QAAWvZ,GAAUmS,QAAQ,CAAEpmB,KAAMmxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMtF,GAC9G,OAAO,IAAI3yB,WAAWg0B,EACvB,CAAC,MAAOvxB,GACP,GAAe,mBAAXA,EAAE+D,KACJ,MAAU1G,MAAM,8BAE9B,CACA,EAEK,CAAC,MAAO80B,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,MAAO,CACLwa,QAASzrB,eAAemzB,EAAIjG,EAAI2H,GAC9B,OAAO0C,GAAYlpB,EAAK6e,EAAI2H,GAAOpJ,QAAQ0H,EAC5C,EAEDpH,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,GAC9B,OAAO0C,GAAYlpB,EAAK6e,EAAI2H,GAAO9I,QAAQ+F,EACjD,EAEA,CAWAiF,GAAI5B,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEA4K,GAAIrD,YAvGgB,GAwGpBqD,GAAI9C,SAvGa,GAwGjB8C,GAAIpI,UAAYA,GC9HD,IAAAuC,GAAA,CAEb3C,IAAKA,GAELpiB,IAAKA,GACLC,gBAAiBD,GAEjBF,IAAKA,GAELC,IAAKA,ICjBP,MAAMurB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAEb,SAAUgT,GAAmB9vB,GACjC,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAIR,OAHAxP,EAAMlI,SAAQ2X,IACZD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAEzCqN,OAAO,MAAQtN,EACxB,CAEgB,SAAAugB,GAAI5b,EAAW+Z,GAC7B,MAAM8B,EAAU7b,EAAI+Z,EACpB,OAAO8B,EAAUJ,GAAMI,EAAU9B,EAAI8B,CACvC,UASgBC,GAAOviB,EAAW3T,EAAWyT,GAC3C,GAAIA,IAAMoiB,GAAK,MAAMx4B,MAAM,yBAC3B,GAAIoW,IAAMqiB,GAAK,OAAO/S,OAAO,GAC7B,GAAI/iB,EAAI61B,GAAK,MAAMx4B,MAAM,iCAEzB,IAAI84B,EAAMn2B,EACNsX,EAAI3D,EAER2D,GAAK7D,EACL,IAAI8D,EAAIwL,OAAO,GACf,KAAOoT,EAAMN,IAAK,CAChB,MAAMO,EAAMD,EAAML,GAClBK,IAAQL,GAIRve,EAAI6e,EAFQ7e,EAAID,EAAK7D,EAEN8D,EACfD,EAAKA,EAAIA,EAAK7D,EAEhB,OAAO8D,CACT,CAGA,SAAS8e,GAAI/e,GACX,OAAOA,GAAKue,GAAMve,GAAKA,CACzB,CAsDgB,SAAAgf,GAAOlc,EAAW3G,GAChC,MAAM8iB,IAAEA,EAAGjf,EAAEA,GA7Cf,SAAekf,EAAgBC,GAC7B,IAAInf,EAAIyL,OAAO,GACX2T,EAAI3T,OAAO,GACX4T,EAAQ5T,OAAO,GACf6T,EAAQ7T,OAAO,GAKf3I,EAAIic,GAAIG,GACR7iB,EAAI0iB,GAAII,GACZ,MAAMI,EAAWL,EAASX,GACpBiB,EAAWL,EAASZ,GAE1B,KAAOliB,IAAMkiB,IAAK,CAChB,MAAMpW,EAAIrF,EAAIzG,EACd,IAAI2T,EAAMhQ,EACVA,EAAIqf,EAAQlX,EAAInI,EAChBqf,EAAQrP,EAERA,EAAMoP,EACNA,EAAIE,EAAQnX,EAAIiX,EAChBE,EAAQtP,EAERA,EAAM3T,EACNA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAGN,MAAO,CACLhQ,EAAGuf,GAAYF,EAAQA,EACvBD,EAAGI,GAAYF,EAAQA,EACvBL,IAAKnc,EAET,CAWqB2c,CAAM3c,EAAG3G,GAC5B,GAAI8iB,IAAQT,GACV,MAAUz4B,MAAM,0BAElB,OAAO24B,GAAI1e,EAAI7D,EAAGA,EACpB,CAwBM,SAAUujB,GAAe1f,GAC7B,MAAM2f,EAAS/T,OAAO5L,GACtB,GAAI2f,EAAS/T,OAAOgU,iBAElB,MAAU75B,MAAM,8CAElB,OAAO45B,CACT,CAQgB,SAAAE,GAAO7f,EAAU1Z,GAE/B,OADa0Z,GAAKyL,OAAOnlB,GAAMk4B,MAChBD,GAAM,EAAI,CAC3B,CAKM,SAAUuB,GAAU9f,GAGxB,MAAMhW,EAASgW,EAAIue,GAAM9S,QAAQ,GAAK8S,GACtC,IAAIwB,EAAS,EACT/P,EAAMhQ,EAEV,MAAQgQ,IAAQwO,MAASx0B,GACvB+1B,IAEF,OAAOA,CACT,CAKM,SAAUjxB,GAAWkR,GACzB,MAAMhW,EAASgW,EAAIue,GAAM9S,QAAQ,GAAK8S,GAChCyB,EAAMvU,OAAO,GACnB,IAAIoG,EAAM,EACN7B,EAAMhQ,EAEV,MAAQgQ,IAAQgQ,KAASh2B,GACvB6nB,IAEF,OAAOA,CACT,CAQM,SAAUoO,GAAmBjgB,EAAWkgB,EAAS,KAAM95B,GAG3D,IAAI0X,EAAMkC,EAAEgF,SAAS,IACjBlH,EAAI1X,OAAS,GAAM,IACrB0X,EAAM,IAAMA,GAGd,MAAMqiB,EAAYriB,EAAI1X,OAAS,EACzBuI,EAAQ,IAAI1I,WAAWG,GAAU+5B,GAEjC/iB,EAAShX,EAASA,EAAS+5B,EAAY,EAC7C,IAAI75B,EAAI,EACR,KAAOA,EAAI65B,GACTxxB,EAAMrI,EAAI8W,GAAUY,SAASF,EAAI3W,MAAM,EAAIb,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAX45B,GACFvxB,EAAM6gB,UAGD7gB,CACT,CC7LA,MAAM6Z,GAAalN,EAAKuF,gBAOjB,SAASuf,GAAeh6B,GAC7B,MAAM0a,EAA8B,oBAAXH,OAAyBA,OAAS6H,IAAY1H,UACvE,GAAIA,GAAWuf,gBAAiB,CAC9B,MAAMjd,EAAM,IAAInd,WAAWG,GAC3B,OAAO0a,EAAUuf,gBAAgBjd,EACrC,CACI,MAAUrd,MAAM,+CAEpB,CASO,SAASu6B,GAAoB/V,EAAKrd,GACvC,GAAIA,EAAMqd,EACR,MAAUxkB,MAAM,uCAGlB,MAAMw6B,EAAUrzB,EAAMqd,EAOtB,OAAOmU,GADGD,GAAmB2B,GALftxB,GAAWyxB,GAK2B,IACtCA,GAAWhW,CAC3B,8FCvCA,MAAMiU,GAAM/S,OAAO,YAQH+U,GAAoBhgB,EAAc9X,EAAWqV,GAC3D,MAAM0iB,EAAOhV,OAAO,IACdlB,EAAMiU,IAAO/S,OAAOjL,EAAO,GAO3BkgB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAErG,IAAIvkB,EAAImkB,GAAoB/V,EAAKA,GAAOiU,IACpCl4B,EAAIo5B,GAAehB,GAAIviB,EAAGskB,IAE9B,GACEtkB,GAAKsP,OAAOiV,EAAKp6B,IACjBA,GAAKA,EAAIo6B,EAAKp6B,IAAMo6B,EAAKt6B,OAErB05B,GAAU3jB,GAAKqE,IACjBrE,EAAIuiB,GAAIviB,EAAGoO,GAAOiU,IAAMriB,GAAKoO,EAC7BjkB,EAAIo5B,GAAehB,GAAIviB,EAAGskB,YAEpBE,GAAgBxkB,EAAGzT,EAAGqV,IAChC,OAAO5B,CACT,UAQgBwkB,GAAgBxkB,EAAWzT,EAAWqV,GACpD,QAAIrV,GFsDU,SAAIw2B,EAAgBC,GAClC,IAAIrc,EAAIoc,EACJ7iB,EAAI8iB,EACR,KAAO9iB,IAAMkiB,IAAK,CAChB,MAAMvO,EAAM3T,EACZA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAEN,OAAOlN,CACT,CE/DWmc,CAAI9iB,EAAIqiB,GAAK91B,KAAO81B,QA2BzB,SAAuBriB,GAC3B,MAAMoiB,EAAM9S,OAAO,GACnB,OAAOmV,GAAYC,OAAMhE,GAAK6B,GAAIviB,EAAG0gB,KAAO0B,GAC9C,CA3BOuC,CAAa3kB,OAoBd,SAAiBA,EAAWE,EAAIoP,OAAO,IAC3C,OAAOmT,GAAOviB,EAAGF,EAAIqiB,GAAKriB,KAAOqiB,EACnC,CAnBOuC,CAAO5kB,eAoJcA,EAAW4B,GACrC,MAAM8T,EAAMiO,GAAU3jB,GAEjB4B,IACHA,EAAI9Q,KAAKC,IAAI,EAAI2kB,EAAM,GAAM,IAG/B,MAAMmP,EAAK7kB,EAAIqiB,GAGf,IAAIrgB,EAAI,EACR,MAAQ0hB,GAAOmB,EAAI7iB,IAAMA,IACzB,MAAMyJ,EAAIzL,GAAKsP,OAAOtN,GAEtB,KAAOJ,EAAI,EAAGA,IAAK,CAGjB,IAKIzX,EALA0Z,EAAI4e,GAFkB0B,GAAoB7U,OAAO,GAAIuV,GAEvCpZ,EAAGzL,GACrB,GAAI6D,IAAMwe,IAAOxe,IAAMghB,EAAvB,CAKA,IAAK16B,EAAI,EAAGA,EAAI6X,EAAG7X,IAAK,CAGtB,GAFA0Z,EAAI0e,GAAI1e,EAAIA,EAAG7D,GAEX6D,IAAMwe,GACR,OAAO,EAET,GAAIxe,IAAMghB,EACR,MAIJ,GAAI16B,IAAM6X,EACR,OAAO,GAIX,OAAO,CACT,CAzLO8iB,CAAY9kB,EAAG4B,IAMtB,CAkBA,MAAM6iB,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MACpCz3B,KAAIgT,GAAKsP,OAAOtP,KCjJlB,MAAM+kB,GAAe,GAyCd,SAASC,GAAUppB,EAASqpB,GACjC,MAAMC,EAAUtpB,EAAQ3R,OAExB,GAAIi7B,EAAUD,EAAY,GACxB,MAAUr7B,MAAM,oBAIlB,MAAMu7B,EA7BR,SAAyBl7B,GACvB,MAAMG,EAAS,IAAIN,WAAWG,GAC9B,IAAIm7B,EAAQ,EACZ,KAAOA,EAAQn7B,GAAQ,CACrB,MAAMo7B,EAAcpB,GAAeh6B,EAASm7B,GAC5C,IAAK,IAAIj7B,EAAI,EAAGA,EAAIk7B,EAAYp7B,OAAQE,IACf,IAAnBk7B,EAAYl7B,KACdC,EAAOg7B,KAAWC,EAAYl7B,GAGtC,CACE,OAAOC,CACT,CAiBak7B,CAAgBL,EAAYC,EAAU,GAG3C/d,EAAU,IAAIrd,WAAWm7B,GAM/B,OAJA9d,EAAQ,GAAK,EACbA,EAAQ3c,IAAI26B,EAAI,GAEhBhe,EAAQ3c,IAAIoR,EAASqpB,EAAYC,GAC1B/d,CACT,CAUO,SAASoe,GAAUpe,EAASqe,GAEjC,IAAIvkB,EAAS,EACTwkB,EAAoB,EACxB,IAAK,IAAIjjB,EAAIvB,EAAQuB,EAAI2E,EAAQld,OAAQuY,IACvCijB,GAAoC,IAAfte,EAAQ3E,GAC7BvB,GAAUwkB,EAGZ,MAAMC,EAAQzkB,EAAS,EACjB0kB,EAAUxe,EAAQ9V,SAAS4P,EAAS,GACpC2kB,EAAgC,IAAfze,EAAQ,GAA0B,IAAfA,EAAQ,GAAWue,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOrmB,EAAKsH,iBAAiBmf,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAU/7B,MAAM,mBAClB,CAUO,SAASi8B,GAAW/a,EAAMgb,EAAQC,GACvC,IAAI57B,EACJ,GAAI27B,EAAO77B,SAAW+L,GAAK2X,kBAAkB7C,GAC3C,MAAUlhB,MAAM,uBAIlB,MAAMo8B,EAAa,IAAIl8B,WAAWi7B,GAAaja,GAAM7gB,QACrD,IAAKE,EAAI,EAAGA,EAAI46B,GAAaja,GAAM7gB,OAAQE,IACzC67B,EAAW77B,GAAK46B,GAAaja,GAAM3gB,GAGrC,MAAM87B,EAAOD,EAAW/7B,OAAS67B,EAAO77B,OACxC,GAAI87B,EAAQE,EAAO,GACjB,MAAUr8B,MAAM,6CAIlB,MAAMu7B,EAAK,IAAIr7B,WAAWi8B,EAAQE,EAAO,GAAGnW,KAAK,KAI3CoW,EAAK,IAAIp8B,WAAWi8B,GAK1B,OAJAG,EAAG,GAAK,EACRA,EAAG17B,IAAI26B,EAAI,GACXe,EAAG17B,IAAIw7B,EAAYD,EAAQE,GAC3BC,EAAG17B,IAAIs7B,EAAQC,EAAQD,EAAO77B,QACvBi8B,CACT,CAhIAnB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGCfd,MAAMxgB,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClB2d,GAAM/S,OAAO,GAuXnB3kB,eAAew7B,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACzC,MAAMC,EAAO/D,GAAmB9M,GAC1B8Q,EAAOhE,GAAmBtW,GAC1Bua,EAAOjE,GAAmB7W,GAEhC,IAAI+a,EAAKjE,GAAIgE,EAAMD,EAAOjE,IACtBoE,EAAKlE,GAAIgE,EAAMF,EAAOhE,IAG1B,OAFAoE,EAAK3C,GAAmB2C,GACxBD,EAAK1C,GAAmB0C,GACjB,CACLE,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBkf,EAAG7D,EAAgB6D,GAEnB+J,EAAG5N,EAAgBoE,GACnBA,EAAGpE,EAAgB4N,GAEnBiR,GAAI7e,EAAgB4e,GACpBA,GAAI5e,EAAgB6e,GACpBE,GAAI/e,EAAgBwe,GACpBQ,KAAK,EAET,CAQA,SAASC,GAAY7mB,EAAGzT,GACtB,MAAO,CACLm6B,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBq6B,KAAK,EAET,CAGA,SAASE,GAAaC,EAAKx6B,GACzB,MAAO,CACLyT,EAAGyH,EAAgBsf,EAAI/mB,GACvBzT,EAAGu3B,GAAmBv3B,GACtBkf,EAAGhE,EAAgBsf,EAAItb,GAEvB+J,EAAG/N,EAAgBsf,EAAI/a,GACvBA,EAAGvE,EAAgBsf,EAAIvR,GAEvB4Q,EAAG3e,EAAgBsf,EAAIJ,IAE3B,2DA7UOh8B,eAAuBuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAIpD,GAAIrmB,EAAKuF,kBAAoB8gB,EAC3B,IACE,aAiON76B,eAA2BuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,MAAMW,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACxCptB,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAQ1qB,KAAM,QAASpE,QAASmU,GAAW4a,UAAUC,mBAErF,IACE,OAAO,IAAIp9B,WAAWuiB,GAAW8a,eAAenuB,EAAK9J,GACtD,CAAC,MAAOwvB,GACP,MAAU90B,MAAM,mBACpB,CACA,CA1OmB2zB,CAAYruB,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAC/C,CAAC,MAAO1H,GACPvf,EAAKyE,gBAAgB8a,EAC3B,CAEE,OAuOF/zB,eAAyBuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAQ/C,GAPAt2B,EAAOozB,GAAmBpzB,GAC1B8Q,EAAIsiB,GAAmBtiB,GACvBzT,EAAI+1B,GAAmB/1B,GACvBkf,EAAI6W,GAAmB7W,GACvB+J,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBoa,EAAI9D,GAAmB8D,GACnBl3B,GAAQ8Q,EACV,MAAUpW,MAAM,mBAElB,MAAM48B,EAAKjE,GAAI9W,EAAGO,EAAIqW,IAChBoE,EAAKlE,GAAI9W,EAAG+J,EAAI6M,IAEhB+E,EAAYjD,GAAoB7U,OAAO,GAAItP,GAC3CqnB,EAAU5E,GAAOI,GAAOuE,EAAWpnB,GAAIzT,EAAGyT,GAChD9Q,EAAOqzB,GAAIrzB,EAAOm4B,EAASrnB,GAE3B,MAAMsnB,EAAK7E,GAAOvzB,EAAMu3B,EAAIjR,GACtB+R,EAAK9E,GAAOvzB,EAAMs3B,EAAIxa,GACtB4N,EAAI2I,GAAI6D,GAAKmB,EAAKD,GAAKtb,GAE7B,IAAI5hB,EAASwvB,EAAIpE,EAAI8R,EAIrB,OAFAl9B,EAASm4B,GAAIn4B,EAASg9B,EAAWpnB,GAE1BulB,GAAUzB,GAAmB15B,EAAQ,KAAMuI,GAAWqN,IAAKwlB,EACpE,CAlQSgC,CAAUt4B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EAC3C,UAlCO76B,eAAuBuE,EAAM8Q,EAAGzT,GACrC,OAAI4S,EAAKuF,gBA2OX/Z,eAA2BuE,EAAM8Q,EAAGzT,GAClC,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,QAASpE,QAASmU,GAAW4a,UAAUC,mBAEpF,OAAO,IAAIp9B,WAAWuiB,GAAWob,cAAczuB,EAAK9J,GACtD,CA/OW+uB,CAAY/uB,EAAM8Q,EAAGzT,GAiPhC5B,eAAyBuE,EAAM8Q,EAAGzT,GAIhC,GAHAyT,EAAIsiB,GAAmBtiB,GACvB9Q,EAAOozB,GAAmB0C,GAAU91B,EAAMyD,GAAWqN,KACrDzT,EAAI+1B,GAAmB/1B,GACnB2C,GAAQ8Q,EACV,MAAUpW,MAAM,2CAElB,OAAOk6B,GAAmBrB,GAAOvzB,EAAM3C,EAAGyT,GAAI,KAAMrN,GAAWqN,GACjE,CAvPS0nB,CAAUx4B,EAAM8Q,EAAGzT,EAC5B,WA4CO5B,eAAwB0Z,EAAM9X,GAInC,GAHAA,EAAI+iB,OAAO/iB,GAGP4S,EAAKmF,eAAgB,CACvB,MAAMqjB,EAAY,CAChBr3B,KAAM,oBACNs3B,cAAevjB,EACfwjB,eAAgB/D,GAAmBv3B,GACnCyJ,KAAM,CACJ1F,KAAM,UAGJw3B,QAAgBvjB,GAAUwjB,YAAYJ,GAAW,EAAM,CAAC,OAAQ,WAMtE,OAAOb,SAFWviB,GAAUyjB,UAAU,MAAOF,EAAQjsB,YAE5BtP,EAC7B,CAAS,GAAI4S,EAAKuF,gBAAiB,CAC/B,MAAMoT,EAAO,CACX8P,cAAevjB,EACfwjB,eAAgBtE,GAAeh3B,GAC/B07B,kBAAmB,CAAE3rB,KAAM,QAAS0qB,OAAQ,OAC5CkB,mBAAoB,CAAE5rB,KAAM,QAAS0qB,OAAQ,QAEzCD,QAAY,IAAIx+B,SAAQ,CAACC,EAASC,KACtC4jB,GAAW8b,gBAAgB,MAAOrQ,GAAM,CAAC4G,EAAKpK,EAAG8T,KAC3C1J,EACFj2B,EAAOi2B,GAEPl2B,EAAQ4/B,EAClB,GACQ,IAEJ,OAAOtB,GAAaC,EAAKx6B,EAC7B,CAKE,IAAIipB,EACAxJ,EACAhM,EACJ,GACEgM,EAAIqY,GAAoBhgB,GAAQA,GAAQ,GAAI9X,EAAG,IAC/CipB,EAAI6O,GAAoBhgB,GAAQ,EAAG9X,EAAG,IACtCyT,EAAIwV,EAAIxJ,QACD2X,GAAU3jB,KAAOqE,GAE1B,MAAMgkB,GAAO7S,EAAI6M,KAAQrW,EAAIqW,IAM7B,OAJIrW,EAAIwJ,KACLA,EAAGxJ,GAAK,CAACA,EAAGwJ,IAGR,CACLxV,EAAG8jB,GAAmB9jB,GACtBzT,EAAGu3B,GAAmBv3B,GACtBkf,EAAGqY,GAAmBjB,GAAOt2B,EAAG87B,IAChC7S,EAAGsO,GAAmBtO,GACtBxJ,EAAG8X,GAAmB9X,GAGtBoa,EAAGtC,GAAmBjB,GAAOrN,EAAGxJ,IAEpC,OA7KOrhB,eAAoB29B,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAC3D,GAAI9vB,GAAK2X,kBAAkB2a,IAAatoB,EAAE/V,OAKxC,MAAUL,MAAM,8CAGlB,GAAIsF,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aA2NR3Z,eAAuB49B,EAAUr5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAQpD,MAAMW,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACxCtb,EAAO,CACXxa,KAAM,oBACN0F,KAAM,CAAE1F,KAAMi4B,IAEVvvB,QAAYuL,GAAUmX,UAAU,MAAOqL,EAAKjc,GAAM,EAAO,CAAC,SAChE,OAAO,IAAIhhB,iBAAiBya,GAAUikB,KAAK,oBAAqBxvB,EAAK9J,GACvE,CA1OqBu5B,CAAQ31B,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GAAWp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAChF,CAAC,MAAO1H,GACPvf,EAAKyE,gBAAgB8a,EAC7B,MACW,GAAIvf,EAAKuF,gBACd,OAuON/Z,eAAwB29B,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACrD,MAAMoC,EAAOnc,GAAWqc,WAAW51B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC1DE,EAAKp9B,MAAM8D,GACXs5B,EAAK73B,MAEL,MAAMo2B,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,OAAO,IAAIt8B,WAAW0+B,EAAKA,KAAK,CAAExvB,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,UACnE,CA9OaqsB,CAASL,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAGnD,OA4MFz7B,eAAsB29B,EAAUtoB,EAAGyL,EAAGqa,GACpC9lB,EAAIsiB,GAAmBtiB,GACvB,MAAM0gB,EAAI4B,GAAmBuD,GAAWyC,EAAUxC,EAAQnzB,GAAWqN,KAErE,OADAyL,EAAI6W,GAAmB7W,GAChBqY,GAAmBrB,GAAO/B,EAAGjV,EAAGzL,GAAI,KAAMrN,GAAWqN,GAC9D,CAjNS4oB,CAAON,EAAUtoB,EAAGyL,EAAGqa,EAChC,iBAqKOn7B,eAA8BqV,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAMlD,GALApmB,EAAIsiB,GAAmBtiB,IACvBwV,EAAI8M,GAAmB9M,KACvBxJ,EAAIsW,GAAmBtW,MAGPhM,EACd,OAAO,EAGT,MAAM6oB,EAAMvZ,OAAO,GAGnB,GAAIiT,GAAI/M,GADR4Q,EAAI9D,GAAmB8D,IACRpa,KAAOsD,OAAO,GAC3B,OAAO,EAGT/iB,EAAI+1B,GAAmB/1B,GACvBkf,EAAI6W,GAAmB7W,GAQvB,MACM3H,EAAIqgB,GAAoB0E,EAAKA,GADhBvZ,OAAOxe,KAAK0P,MAAMmjB,GAAU3jB,GAAK,KAE9C8oB,EAAMhlB,EAAI2H,EAAIlf,EAGpB,QADoBg2B,GAAIuG,EAAKtT,EAAI6M,MAASve,GAAKye,GAAIuG,EAAK9c,EAAIqW,MAASve,EAMvE,SA5LOnZ,eAAsB29B,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,EAAGu5B,GACpD,GAAI52B,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aAuOR3Z,eAAyB49B,EAAUr5B,EAAM8S,EAAGhC,EAAGzT,GAC7C,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,QAAYuL,GAAUmX,UAAU,MAAOqL,EAAK,CAChDz2B,KAAM,oBACN0F,KAAM,CAAE1F,KAAOi4B,KACd,EAAO,CAAC,WACX,OAAOhkB,GAAUwkB,OAAO,oBAAqB/vB,EAAKgJ,EAAG9S,EACvD,CA9OqB85B,CAAUl2B,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GAAWp5B,EAAM8S,EAAGhC,EAAGzT,EACzE,CAAC,MAAOmyB,GACPvf,EAAKyE,gBAAgB8a,EAC7B,MACW,GAAIvf,EAAKuF,gBACd,OA2ON/Z,eAA0B29B,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,GAC9C,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,SAEvCysB,EAAS1c,GAAW4c,aAAan2B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC9DS,EAAO39B,MAAM8D,GACb65B,EAAOp4B,MAEP,IACE,OAAOo4B,EAAOA,OAAO/vB,EAAKgJ,EAC3B,CAAC,MAAO0c,GACP,OAAO,CACX,CACA,CAxPawK,CAAWZ,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,GAG5C,OAmNF5B,eAAwB29B,EAAUtmB,EAAGhC,EAAGzT,EAAGu5B,GAIzC,GAHA9lB,EAAIsiB,GAAmBtiB,GACvBgC,EAAIsgB,GAAmBtgB,GACvBzV,EAAI+1B,GAAmB/1B,GACnByV,GAAKhC,EACP,MAAUpW,MAAM,6CAElB,MAAMu/B,EAAMrF,GAAmBrB,GAAOzgB,EAAGzV,EAAGyT,GAAI,KAAMrN,GAAWqN,IAC3DopB,EAAMvD,GAAWyC,EAAUxC,EAAQnzB,GAAWqN,IACpD,OAAOb,EAAKmE,iBAAiB6lB,EAAKC,EACpC,CA7NSC,CAASf,EAAUtmB,EAAGhC,EAAGzT,EAAGu5B,EACrC,ICrEA,MAAMzD,GAAM/S,OAAO,6DAyCZ3kB,eAAuB2+B,EAAIC,EAAI/T,EAAG3R,EAAG2hB,GAO1C,OANA8D,EAAKhH,GAAmBgH,GACxBC,EAAKjH,GAAmBiH,GACxB/T,EAAI8M,GAAmB9M,GAIhB+P,GAAUzB,GADFvB,GAAIM,GAAOJ,GAAO6G,EAFjCzlB,EAAIye,GAAmBze,GAEiB2R,GAAIA,GAAK+T,EAAI/T,GACT,KAAM7iB,GAAW6iB,IAAKgQ,EACpE,UArCO76B,eAAuBuE,EAAMsmB,EAAGyE,EAAGgJ,GACxCzN,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEvB,MACMvC,EAAI4B,GADK0C,GAAU91B,EAAMyD,GAAW6iB,KAKpC5T,EAAIuiB,GAAoB9B,GAAK7M,EAAI6M,IACvC,MAAO,CACLiH,GAAIxF,GAAmBrB,GAAOxI,EAAGrY,EAAG4T,IACpC+T,GAAIzF,GAAmBvB,GAAIE,GAAOQ,EAAGrhB,EAAG4T,GAAKkL,EAAGlL,IAEpD,iBAiCO7qB,eAA8B6qB,EAAGyE,EAAGgJ,EAAGpf,GAM5C,GALA2R,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAGnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAIT,MAAMgU,EAAQla,OAAOqU,GAAUnO,IAE/B,GAAIgU,EADWla,OAAO,MAEpB,OAAO,EAOT,GAAImT,GAAOxI,EAAGzE,EAAI6M,GAAK7M,KAAO6M,GAC5B,OAAO,EAST,IAAInP,EAAM+G,EACN9vB,EAAImlB,OAAO,GACf,MAAMuZ,EAAMvZ,OAAO,GACbma,EAAYZ,GAAOvZ,OAAO,IAChC,KAAOnlB,EAAIs/B,GAAW,CAEpB,GADAvW,EAAMqP,GAAIrP,EAAM+G,EAAGzE,GACftC,IAAQmP,GACV,OAAO,EAETl4B,GACJ,CAQE0Z,EAAIye,GAAmBze,GACvB,MAAMC,EAAIqgB,GAAoB0E,GAAQW,EAAQnH,GAAMwG,GAAOW,GAE3D,OAAIvG,IAAMR,GAAOxI,GADJzE,EAAI6M,IAAOve,EAAID,EACH2R,EAK3B,IC7IO,MAAMhR,GACW,iBAAfjb,GAA2B,WAAYA,EAAaA,EAAWib,YAAS/Z,ECC3Ei/B,GAAO,CAAE,EASf,IAAIC,GAAK,SAASC,GAChB,IAAIz/B,EAAG2Z,EAAI,IAAI+lB,aAAa,IAC5B,GAAID,EAAM,IAAKz/B,EAAI,EAAGA,EAAIy/B,EAAK3/B,OAAQE,IAAK2Z,EAAE3Z,GAAKy/B,EAAKz/B,GACxD,OAAO2Z,CACT,EAGIgmB,GAAc,WAAuB,MAAUlgC,MAAM,UAAa,EAElEmgC,GAAK,IAAIjgC,WAAW,IAAKigC,GAAG,GAAK,EAErC,IAAIC,GAAML,KACNM,GAAMN,GAAG,CAAC,IACVO,GAAUP,GAAG,CAAC,MAAQ,IACtBQ,GAAIR,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIS,GAAKT,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIU,GAAIV,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIW,GAAIX,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIY,GAAIZ,GAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAEpI,SAASa,GAAK3mB,EAAG1Z,EAAGyvB,EAAG6Q,GACrB5mB,EAAE1Z,GAAQyvB,GAAK,GAAM,IACrB/V,EAAE1Z,EAAE,GAAMyvB,GAAK,GAAM,IACrB/V,EAAE1Z,EAAE,GAAMyvB,GAAM,EAAK,IACrB/V,EAAE1Z,EAAE,GAAS,IAAJyvB,EACT/V,EAAE1Z,EAAE,GAAMsgC,GAAK,GAAO,IACtB5mB,EAAE1Z,EAAE,GAAMsgC,GAAK,GAAO,IACtB5mB,EAAE1Z,EAAE,GAAMsgC,GAAM,EAAM,IACtB5mB,EAAE1Z,EAAE,GAAS,IAAJsgC,CACX,CAQA,SAASC,GAAiB7mB,EAAG8mB,EAAI1H,EAAG2H,GAClC,OAPF,SAAY/mB,EAAG8mB,EAAI1H,EAAG2H,EAAI5qB,GACxB,IAAI7V,EAAEshB,EAAI,EACV,IAAKthB,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKshB,GAAK5H,EAAE8mB,EAAGxgC,GAAG84B,EAAE2H,EAAGzgC,GAC1C,OAAQ,EAAMshB,EAAI,IAAO,GAAM,CACjC,CAGSof,CAAGhnB,EAAE8mB,EAAG1H,EAAE2H,EAAG,GACtB,CAEA,SAASE,GAAShnB,EAAG6C,GACnB,IAAIxc,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAU,EAALwc,EAAExc,EACpC,CAEA,SAAS4gC,GAAS9S,GAChB,IAAI9tB,EAAG8X,EAAGuJ,EAAI,EACd,IAAKrhB,EAAI,EAAGA,EAAI,GAAIA,IAClB8X,EAAIgW,EAAE9tB,GAAKqhB,EAAI,MACfA,EAAI1a,KAAK0P,MAAMyB,EAAI,OACnBgW,EAAE9tB,GAAK8X,EAAQ,MAAJuJ,EAEbyM,EAAE,IAAMzM,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAASwf,GAASxV,EAAGxJ,EAAG9L,GAEtB,IADA,IAAI6D,EAAGyH,IAAMtL,EAAE,GACN/V,EAAI,EAAGA,EAAI,GAAIA,IACtB4Z,EAAIyH,GAAKgK,EAAErrB,GAAK6hB,EAAE7hB,IAClBqrB,EAAErrB,IAAM4Z,EACRiI,EAAE7hB,IAAM4Z,CAEZ,CAEA,SAASknB,GAAUhT,EAAGjY,GACpB,IAAI7V,EAAGqY,EAAGtC,EACNwgB,EAAIiJ,KAAM5lB,EAAI4lB,KAClB,IAAKx/B,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK6V,EAAE7V,GAIlC,IAHA4gC,GAAShnB,GACTgnB,GAAShnB,GACTgnB,GAAShnB,GACJvB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAke,EAAE,GAAK3c,EAAE,GAAK,MACT5Z,EAAI,EAAGA,EAAI,GAAIA,IAClBu2B,EAAEv2B,GAAK4Z,EAAE5Z,GAAK,OAAWu2B,EAAEv2B,EAAE,IAAI,GAAM,GACvCu2B,EAAEv2B,EAAE,IAAM,MAEZu2B,EAAE,IAAM3c,EAAE,IAAM,OAAW2c,EAAE,KAAK,GAAM,GACxCxgB,EAAKwgB,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACTsK,GAASjnB,EAAG2c,EAAG,EAAExgB,EACrB,CACE,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,IAClB8tB,EAAE,EAAE9tB,GAAY,IAAP4Z,EAAE5Z,GACX8tB,EAAE,EAAE9tB,EAAE,GAAK4Z,EAAE5Z,IAAI,CAErB,CAEA,SAAS+gC,GAASvkB,EAAGzG,GACnB,IAAIsL,EAAI,IAAI1hB,WAAW,IAAK2hB,EAAI,IAAI3hB,WAAW,IAG/C,OAFAmhC,GAAUzf,EAAG7E,GACbskB,GAAUxf,EAAGvL,GACNwqB,GAAiBlf,EAAG,EAAGC,EAAG,EACnC,CAEA,SAAS0f,GAASxkB,GAChB,IAAI8E,EAAI,IAAI3hB,WAAW,IAEvB,OADAmhC,GAAUxf,EAAG9E,GACC,EAAP8E,EAAE,EACX,CAEA,SAAS2f,GAAYnT,EAAGjY,GACtB,IAAI7V,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAK6V,EAAE,EAAE7V,IAAM6V,EAAE,EAAE7V,EAAE,IAAM,GACtD8tB,EAAE,KAAO,KACX,CAEA,SAASoT,GAAEpT,EAAGtR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASmhC,GAAErT,EAAGtR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASohC,GAAEtT,EAAGtR,EAAGzG,GACf,IAAI+B,EAAGuJ,EACJ8K,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAI+U,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAKjtB,EAAE,GACPktB,EAAKltB,EAAE,GACPmtB,EAAKntB,EAAE,GACPotB,EAAKptB,EAAE,GACPqtB,EAAKrtB,EAAE,GACPstB,EAAKttB,EAAE,GACPutB,EAAKvtB,EAAE,GACPwtB,EAAKxtB,EAAE,GACPytB,EAAKztB,EAAE,GACP0tB,EAAK1tB,EAAE,GACP2tB,EAAM3tB,EAAE,IACR4tB,EAAM5tB,EAAE,IACR6tB,EAAM7tB,EAAE,IACR8tB,EAAM9tB,EAAE,IACR+tB,EAAM/tB,EAAE,IACRguB,EAAMhuB,EAAE,IAGVoW,IADArU,EAAI0E,EAAE,IACIwmB,EACV5W,GAAMtU,EAAImrB,EACV5W,GAAMvU,EAAIorB,EACV5W,GAAMxU,EAAIqrB,EACV9B,GAAMvpB,EAAIsrB,EACV9B,GAAMxpB,EAAIurB,EACV9B,GAAMzpB,EAAIwrB,EACV9B,GAAM1pB,EAAIyrB,EACV9B,GAAM3pB,EAAI0rB,EACV9B,GAAM5pB,EAAI2rB,EACV9B,GAAO7pB,EAAI4rB,EACX9B,GAAO9pB,EAAI6rB,EACX9B,GAAO/pB,EAAI8rB,EACX9B,GAAOhqB,EAAI+rB,EACX9B,GAAOjqB,EAAIgsB,EACX9B,GAAOlqB,EAAIisB,EAEX3X,IADAtU,EAAI0E,EAAE,IACIwmB,EACV3W,GAAMvU,EAAImrB,EACV3W,GAAMxU,EAAIorB,EACV7B,GAAMvpB,EAAIqrB,EACV7B,GAAMxpB,EAAIsrB,EACV7B,GAAMzpB,EAAIurB,EACV7B,GAAM1pB,EAAIwrB,EACV7B,GAAM3pB,EAAIyrB,EACV7B,GAAM5pB,EAAI0rB,EACV7B,GAAO7pB,EAAI2rB,EACX7B,GAAO9pB,EAAI4rB,EACX7B,GAAO/pB,EAAI6rB,EACX7B,GAAOhqB,EAAI8rB,EACX7B,GAAOjqB,EAAI+rB,EACX7B,GAAOlqB,EAAIgsB,EACX7B,GAAOnqB,EAAIisB,EAEX1X,IADAvU,EAAI0E,EAAE,IACIwmB,EACV1W,GAAMxU,EAAImrB,EACV5B,GAAMvpB,EAAIorB,EACV5B,GAAMxpB,EAAIqrB,EACV5B,GAAMzpB,EAAIsrB,EACV5B,GAAM1pB,EAAIurB,EACV5B,GAAM3pB,EAAIwrB,EACV5B,GAAM5pB,EAAIyrB,EACV5B,GAAO7pB,EAAI0rB,EACX5B,GAAO9pB,EAAI2rB,EACX5B,GAAO/pB,EAAI4rB,EACX5B,GAAOhqB,EAAI6rB,EACX5B,GAAOjqB,EAAI8rB,EACX5B,GAAOlqB,EAAI+rB,EACX5B,GAAOnqB,EAAIgsB,EACX5B,GAAOpqB,EAAIisB,EAEXzX,IADAxU,EAAI0E,EAAE,IACIwmB,EACV3B,GAAMvpB,EAAImrB,EACV3B,GAAMxpB,EAAIorB,EACV3B,GAAMzpB,EAAIqrB,EACV3B,GAAM1pB,EAAIsrB,EACV3B,GAAM3pB,EAAIurB,EACV3B,GAAM5pB,EAAIwrB,EACV3B,GAAO7pB,EAAIyrB,EACX3B,GAAO9pB,EAAI0rB,EACX3B,GAAO/pB,EAAI2rB,EACX3B,GAAOhqB,EAAI4rB,EACX3B,GAAOjqB,EAAI6rB,EACX3B,GAAOlqB,EAAI8rB,EACX3B,GAAOnqB,EAAI+rB,EACX3B,GAAOpqB,EAAIgsB,EACX3B,GAAOrqB,EAAIisB,EAEX1C,IADAvpB,EAAI0E,EAAE,IACIwmB,EACV1B,GAAMxpB,EAAImrB,EACV1B,GAAMzpB,EAAIorB,EACV1B,GAAM1pB,EAAIqrB,EACV1B,GAAM3pB,EAAIsrB,EACV1B,GAAM5pB,EAAIurB,EACV1B,GAAO7pB,EAAIwrB,EACX1B,GAAO9pB,EAAIyrB,EACX1B,GAAO/pB,EAAI0rB,EACX1B,GAAOhqB,EAAI2rB,EACX1B,GAAOjqB,EAAI4rB,EACX1B,GAAOlqB,EAAI6rB,EACX1B,GAAOnqB,EAAI8rB,EACX1B,GAAOpqB,EAAI+rB,EACX1B,GAAOrqB,EAAIgsB,EACX1B,GAAOtqB,EAAIisB,EAEXzC,IADAxpB,EAAI0E,EAAE,IACIwmB,EACVzB,GAAMzpB,EAAImrB,EACVzB,GAAM1pB,EAAIorB,EACVzB,GAAM3pB,EAAIqrB,EACVzB,GAAM5pB,EAAIsrB,EACVzB,GAAO7pB,EAAIurB,EACXzB,GAAO9pB,EAAIwrB,EACXzB,GAAO/pB,EAAIyrB,EACXzB,GAAOhqB,EAAI0rB,EACXzB,GAAOjqB,EAAI2rB,EACXzB,GAAOlqB,EAAI4rB,EACXzB,GAAOnqB,EAAI6rB,EACXzB,GAAOpqB,EAAI8rB,EACXzB,GAAOrqB,EAAI+rB,EACXzB,GAAOtqB,EAAIgsB,EACXzB,GAAOvqB,EAAIisB,EAEXxC,IADAzpB,EAAI0E,EAAE,IACIwmB,EACVxB,GAAM1pB,EAAImrB,EACVxB,GAAM3pB,EAAIorB,EACVxB,GAAM5pB,EAAIqrB,EACVxB,GAAO7pB,EAAIsrB,EACXxB,GAAO9pB,EAAIurB,EACXxB,GAAO/pB,EAAIwrB,EACXxB,GAAOhqB,EAAIyrB,EACXxB,GAAOjqB,EAAI0rB,EACXxB,GAAOlqB,EAAI2rB,EACXxB,GAAOnqB,EAAI4rB,EACXxB,GAAOpqB,EAAI6rB,EACXxB,GAAOrqB,EAAI8rB,EACXxB,GAAOtqB,EAAI+rB,EACXxB,GAAOvqB,EAAIgsB,EACXxB,GAAOxqB,EAAIisB,EAEXvC,IADA1pB,EAAI0E,EAAE,IACIwmB,EACVvB,GAAM3pB,EAAImrB,EACVvB,GAAM5pB,EAAIorB,EACVvB,GAAO7pB,EAAIqrB,EACXvB,GAAO9pB,EAAIsrB,EACXvB,GAAO/pB,EAAIurB,EACXvB,GAAOhqB,EAAIwrB,EACXvB,GAAOjqB,EAAIyrB,EACXvB,GAAOlqB,EAAI0rB,EACXvB,GAAOnqB,EAAI2rB,EACXvB,GAAOpqB,EAAI4rB,EACXvB,GAAOrqB,EAAI6rB,EACXvB,GAAOtqB,EAAI8rB,EACXvB,GAAOvqB,EAAI+rB,EACXvB,GAAOxqB,EAAIgsB,EACXvB,GAAOzqB,EAAIisB,EAEXtC,IADA3pB,EAAI0E,EAAE,IACIwmB,EACVtB,GAAM5pB,EAAImrB,EACVtB,GAAO7pB,EAAIorB,EACXtB,GAAO9pB,EAAIqrB,EACXtB,GAAO/pB,EAAIsrB,EACXtB,GAAOhqB,EAAIurB,EACXtB,GAAOjqB,EAAIwrB,EACXtB,GAAOlqB,EAAIyrB,EACXtB,GAAOnqB,EAAI0rB,EACXtB,GAAOpqB,EAAI2rB,EACXtB,GAAOrqB,EAAI4rB,EACXtB,GAAOtqB,EAAI6rB,EACXtB,GAAOvqB,EAAI8rB,EACXtB,GAAOxqB,EAAI+rB,EACXtB,GAAOzqB,EAAIgsB,EACXtB,GAAO1qB,EAAIisB,EAEXrC,IADA5pB,EAAI0E,EAAE,IACIwmB,EACVrB,GAAO7pB,EAAImrB,EACXrB,GAAO9pB,EAAIorB,EACXrB,GAAO/pB,EAAIqrB,EACXrB,GAAOhqB,EAAIsrB,EACXrB,GAAOjqB,EAAIurB,EACXrB,GAAOlqB,EAAIwrB,EACXrB,GAAOnqB,EAAIyrB,EACXrB,GAAOpqB,EAAI0rB,EACXrB,GAAOrqB,EAAI2rB,EACXrB,GAAOtqB,EAAI4rB,EACXrB,GAAOvqB,EAAI6rB,EACXrB,GAAOxqB,EAAI8rB,EACXrB,GAAOzqB,EAAI+rB,EACXrB,GAAO1qB,EAAIgsB,EACXrB,GAAO3qB,EAAIisB,EAEXpC,IADA7pB,EAAI0E,EAAE,KACKwmB,EACXpB,GAAO9pB,EAAImrB,EACXpB,GAAO/pB,EAAIorB,EACXpB,GAAOhqB,EAAIqrB,EACXpB,GAAOjqB,EAAIsrB,EACXpB,GAAOlqB,EAAIurB,EACXpB,GAAOnqB,EAAIwrB,EACXpB,GAAOpqB,EAAIyrB,EACXpB,GAAOrqB,EAAI0rB,EACXpB,GAAOtqB,EAAI2rB,EACXpB,GAAOvqB,EAAI4rB,EACXpB,GAAOxqB,EAAI6rB,EACXpB,GAAOzqB,EAAI8rB,EACXpB,GAAO1qB,EAAI+rB,EACXpB,GAAO3qB,EAAIgsB,EACXpB,GAAO5qB,EAAIisB,EAEXnC,IADA9pB,EAAI0E,EAAE,KACKwmB,EACXnB,GAAO/pB,EAAImrB,EACXnB,GAAOhqB,EAAIorB,EACXnB,GAAOjqB,EAAIqrB,EACXnB,GAAOlqB,EAAIsrB,EACXnB,GAAOnqB,EAAIurB,EACXnB,GAAOpqB,EAAIwrB,EACXnB,GAAOrqB,EAAIyrB,EACXnB,GAAOtqB,EAAI0rB,EACXnB,GAAOvqB,EAAI2rB,EACXnB,GAAOxqB,EAAI4rB,EACXnB,GAAOzqB,EAAI6rB,EACXnB,GAAO1qB,EAAI8rB,EACXnB,GAAO3qB,EAAI+rB,EACXnB,GAAO5qB,EAAIgsB,EACXnB,GAAO7qB,EAAIisB,EAEXlC,IADA/pB,EAAI0E,EAAE,KACKwmB,EACXlB,GAAOhqB,EAAImrB,EACXlB,GAAOjqB,EAAIorB,EACXlB,GAAOlqB,EAAIqrB,EACXlB,GAAOnqB,EAAIsrB,EACXlB,GAAOpqB,EAAIurB,EACXlB,GAAOrqB,EAAIwrB,EACXlB,GAAOtqB,EAAIyrB,EACXlB,GAAOvqB,EAAI0rB,EACXlB,GAAOxqB,EAAI2rB,EACXlB,GAAOzqB,EAAI4rB,EACXlB,GAAO1qB,EAAI6rB,EACXlB,GAAO3qB,EAAI8rB,EACXlB,GAAO5qB,EAAI+rB,EACXlB,GAAO7qB,EAAIgsB,EACXlB,GAAO9qB,EAAIisB,EAEXjC,IADAhqB,EAAI0E,EAAE,KACKwmB,EACXjB,GAAOjqB,EAAImrB,EACXjB,GAAOlqB,EAAIorB,EACXjB,GAAOnqB,EAAIqrB,EACXjB,GAAOpqB,EAAIsrB,EACXjB,GAAOrqB,EAAIurB,EACXjB,GAAOtqB,EAAIwrB,EACXjB,GAAOvqB,EAAIyrB,EACXjB,GAAOxqB,EAAI0rB,EACXjB,GAAOzqB,EAAI2rB,EACXjB,GAAO1qB,EAAI4rB,EACXjB,GAAO3qB,EAAI6rB,EACXjB,GAAO5qB,EAAI8rB,EACXjB,GAAO7qB,EAAI+rB,EACXjB,GAAO9qB,EAAIgsB,EACXjB,GAAO/qB,EAAIisB,EAEXhC,IADAjqB,EAAI0E,EAAE,KACKwmB,EACXhB,GAAOlqB,EAAImrB,EACXhB,GAAOnqB,EAAIorB,EACXhB,GAAOpqB,EAAIqrB,EACXhB,GAAOrqB,EAAIsrB,EACXhB,GAAOtqB,EAAIurB,EACXhB,GAAOvqB,EAAIwrB,EACXhB,GAAOxqB,EAAIyrB,EACXhB,GAAOzqB,EAAI0rB,EACXhB,GAAO1qB,EAAI2rB,EACXhB,GAAO3qB,EAAI4rB,EACXhB,GAAO5qB,EAAI6rB,EACXhB,GAAO7qB,EAAI8rB,EACXhB,GAAO9qB,EAAI+rB,EACXhB,GAAO/qB,EAAIgsB,EACXhB,GAAOhrB,EAAIisB,EAEX/B,IADAlqB,EAAI0E,EAAE,KACKwmB,EAkBX5W,GAAO,IAhBP8V,GAAOpqB,EAAIorB,GAiBX7W,GAAO,IAhBP8V,GAAOrqB,EAAIqrB,GAiBX7W,GAAO,IAhBP8V,GAAOtqB,EAAIsrB,GAiBX/B,GAAO,IAhBPgB,GAAOvqB,EAAIurB,GAiBX/B,GAAO,IAhBPgB,GAAOxqB,EAAIwrB,GAiBX/B,GAAO,IAhBPgB,GAAOzqB,EAAIyrB,GAiBX/B,GAAO,IAhBPgB,GAAO1qB,EAAI0rB,GAiBX/B,GAAO,IAhBPgB,GAAO3qB,EAAI2rB,GAiBX/B,GAAO,IAhBPgB,GAAO5qB,EAAI4rB,GAiBX/B,GAAO,IAhBPgB,GAAO7qB,EAAI6rB,GAiBX/B,GAAO,IAhBPgB,GAAO9qB,EAAI8rB,GAiBX/B,GAAO,IAhBPgB,GAAO/qB,EAAI+rB,GAiBX/B,GAAO,IAhBPgB,GAAOhrB,EAAIgsB,GAiBX/B,GAAO,IAhBPgB,GAAOjrB,EAAIisB,GAqBsC5X,GAAjDrU,GAnBAqU,GAAO,IAhBP8V,GAAOnqB,EAAImrB,KAkCX5hB,EAAI,GACU,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QAKSqU,GAAjDrU,GAJAqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACxCqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,GAEpByM,EAAG,GAAK3B,EACR2B,EAAG,GAAK1B,EACR0B,EAAG,GAAKzB,EACRyB,EAAG,GAAKxB,EACRwB,EAAG,GAAKuT,EACRvT,EAAG,GAAKwT,EACRxT,EAAG,GAAKyT,EACRzT,EAAG,GAAK0T,EACR1T,EAAG,GAAK2T,EACR3T,EAAG,GAAK4T,EACR5T,EAAE,IAAM6T,EACR7T,EAAE,IAAM8T,EACR9T,EAAE,IAAM+T,EACR/T,EAAE,IAAMgU,EACRhU,EAAE,IAAMiU,EACRjU,EAAE,IAAMkU,CACV,CAEA,SAASlM,GAAEhI,EAAGtR,GACZ4kB,GAAEtT,EAAGtR,EAAGA,EACV,CAEA,SAASwnB,GAASlW,EAAG9tB,GACnB,IACIwc,EADA6E,EAAIme,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAiB,IAANA,GAAS4kB,GAAE/f,EAAGA,EAAGrhB,GAEjC,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAaA,SAASynB,GAAkBpiB,EAAGhM,EAAGwV,GAC/B,IAC8B1R,EAAG3Z,EAD7BkkC,EAAI,IAAIvkC,WAAW,IACnB+Z,EAAI,IAAIgmB,aAAa,IACrBljB,EAAIgjB,KAAMzpB,EAAIypB,KAAMne,EAAIme,KACxBle,EAAIke,KAAMp9B,EAAIo9B,KAAM2E,EAAI3E,KAC5B,IAAKx/B,EAAI,EAAGA,EAAI,GAAIA,IAAKkkC,EAAElkC,GAAK6V,EAAE7V,GAIlC,IAHAkkC,EAAE,IAAW,IAANruB,EAAE,IAAS,GAClBquB,EAAE,IAAI,IACNjD,GAAYvnB,EAAE2R,GACTrrB,EAAI,EAAGA,EAAI,GAAIA,IAClB+V,EAAE/V,GAAG0Z,EAAE1Z,GACPshB,EAAEthB,GAAGwc,EAAExc,GAAGqhB,EAAErhB,GAAG,EAGjB,IADAwc,EAAE,GAAG8E,EAAE,GAAG,EACLthB,EAAE,IAAKA,GAAG,IAAKA,EAElB6gC,GAASrkB,EAAEzG,EADX4D,EAAGuqB,EAAElkC,IAAI,MAAQ,EAAFA,GAAM,GAErB6gC,GAASxf,EAAEC,EAAE3H,GACbunB,GAAE9+B,EAAEoa,EAAE6E,GACN8f,GAAE3kB,EAAEA,EAAE6E,GACN6f,GAAE7f,EAAEtL,EAAEuL,GACN6f,GAAEprB,EAAEA,EAAEuL,GACNwU,GAAExU,EAAElf,GACJ0zB,GAAEqO,EAAE3nB,GACJ4kB,GAAE5kB,EAAE6E,EAAE7E,GACN4kB,GAAE/f,EAAEtL,EAAE3T,GACN8+B,GAAE9+B,EAAEoa,EAAE6E,GACN8f,GAAE3kB,EAAEA,EAAE6E,GACNyU,GAAE/f,EAAEyG,GACJ2kB,GAAE9f,EAAEC,EAAE6iB,GACN/C,GAAE5kB,EAAE6E,EAAE0e,IACNmB,GAAE1kB,EAAEA,EAAE8E,GACN8f,GAAE/f,EAAEA,EAAE7E,GACN4kB,GAAE5kB,EAAE8E,EAAE6iB,GACN/C,GAAE9f,EAAEvL,EAAE2D,GACNoc,GAAE/f,EAAE3T,GACJy+B,GAASrkB,EAAEzG,EAAE4D,GACbknB,GAASxf,EAAEC,EAAE3H,GAEf,IAAK3Z,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAIwc,EAAExc,GACV0Z,EAAE1Z,EAAE,IAAIqhB,EAAErhB,GACV0Z,EAAE1Z,EAAE,IAAI+V,EAAE/V,GACV0Z,EAAE1Z,EAAE,IAAIshB,EAAEthB,GAEZ,IAAIokC,EAAM1qB,EAAExS,SAAS,IACjBm9B,EAAM3qB,EAAExS,SAAS,IAIrB,OAHA88B,GAASI,EAAIA,GACbhD,GAAEiD,EAAIA,EAAID,GACVtD,GAAUjf,EAAEwiB,GACL,CACT,CAEA,SAASC,GAAuBziB,EAAGhM,GACjC,OAAOouB,GAAkBpiB,EAAGhM,EAAG+pB,GACjC,CAOA,IAAI2E,GAAI,CACN,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,GAAqB/iB,EAAIgjB,EAAIlO,EAAG1gB,GAyBvC,IAxBA,IACI6uB,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAIC,EAAI3lC,EAAGqY,EAAGoX,EAAG6Q,EAAG9jB,EAAGzG,EAAGsL,EAAGC,EAH7B+D,EAAK,IAAIugB,WAAW,IAAKrgB,EAAK,IAAIqgB,WAAW,IAK7CC,EAAMpkB,EAAG,GACTqkB,EAAMrkB,EAAG,GACTskB,EAAMtkB,EAAG,GACTukB,EAAMvkB,EAAG,GACTwkB,EAAMxkB,EAAG,GACTykB,EAAMzkB,EAAG,GACT0kB,EAAM1kB,EAAG,GACT2kB,EAAM3kB,EAAG,GAET4kB,EAAM5B,EAAG,GACT6B,EAAM7B,EAAG,GACT8B,EAAM9B,EAAG,GACT+B,EAAM/B,EAAG,GACTgC,EAAMhC,EAAG,GACTiC,EAAMjC,EAAG,GACTkC,EAAMlC,EAAG,GACTmC,EAAMnC,EAAG,GAETvkC,EAAM,EACH2V,GAAK,KAAK,CACf,IAAK7V,EAAI,EAAGA,EAAI,GAAIA,IAClBqY,EAAI,EAAIrY,EAAIE,EACZmlB,EAAGrlB,GAAMu2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAC9DkN,EAAGvlB,GAAMu2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAEhE,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IA+HlB,GA9HA0kC,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAENlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAMNpqB,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAM1BjT,GAAS,OAFT8jB,GAAMmG,IAAQ,GAAOR,GAAQ,KAAaQ,IAAQ,GAAOR,GAAQ,KAAaA,IAAG,EAAiBQ,GAAG,KAEpF1wB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMwW,IAAQ,GAAOQ,GAAQ,KAAaR,IAAQ,GAAOQ,GAAQ,KAAaA,IAAG,EAAiBR,GAAG,KAIpF3kB,GAAKmO,IAAM,GAM5BjT,GAAS,OAFT8jB,EAAKmG,EAAMC,GAASD,EAAME,GAET5wB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,EAAKwW,EAAMC,GAASD,EAAME,GAIT7kB,GAAKmO,IAAM,GAG5BA,EAAI8U,GAAI,EAAFvkC,GAGNwc,GAAS,OAFT8jB,EAAIiE,GAAI,EAAFvkC,EAAI,IAEO+V,GAAKuqB,IAAM,GAC5Bjf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BA,EAAIpK,EAAGrlB,EAAE,IAGQ+V,IAFjBuqB,EAAI/a,EAAGvlB,EAAE,OAEmB,GAC5BqhB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BpO,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,GAUX9jB,EAAQ,OAFR8jB,EAJAqF,EAAS,MAAJnpB,EAAazG,GAAK,IAMPA,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAJAiW,EAAS,MAAJrkB,GAFLC,GAAKD,IAAM,KAEY,IAQPC,EAAImO,IAAM,GAM1BjT,GAAS,OAFT8jB,GAAM+F,IAAQ,GAAOR,GAAG,IAAkBA,IAAG,EAAiBQ,GAAQ,KAAkBR,IAAG,EAAiBQ,GAAG,KAE9FtwB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMoW,IAAQ,GAAOQ,GAAG,IAAkBA,IAAG,EAAiBR,GAAQ,KAAkBQ,IAAG,EAAiBR,GAAG,KAI9FvkB,GAAKmO,IAAM,GAMX1Z,IAFjBuqB,EAAK+F,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,KAEX,GAC5BllB,GAAS,OAJToO,EAAKoW,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,GAItBzkB,GAAKmO,IAAM,GAM5BwV,EAAW,OAHX5jB,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXhf,GAAKD,IAAM,KAEgB,GAC3BokB,EAAW,MAAJjpB,EAAezG,GAAK,GAM3ByG,EAAQ,OAFR8jB,EAAI+E,GAEYtvB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIoV,GAIYvjB,EAAImO,IAAM,GAKT1Z,IAFjBuqB,EAAIqF,KAEwB,GAC5BtkB,GAAS,OAJToO,EAAIiW,GAIapkB,GAAKmO,IAAM,GAS5BqW,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EANApB,EAAW,OAHXxjB,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXhf,GAAKD,IAAM,KAEgB,GAO3B6kB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAENqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAdApB,EAAW,MAAJ7oB,EAAezG,GAAK,GAe3B2wB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAEFzlC,EAAE,IAAO,GACX,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAElBoX,EAAIpK,EAAGhN,GAGPmE,EAAQ,OAFR8jB,EAAI/a,EAAGlN,IAEStC,EAAIuqB,IAAM,GAC1Bjf,EAAQ,MAAJoO,EAAYnO,EAAImO,IAAM,GAE1BA,EAAIpK,GAAIhN,EAAE,GAAG,IAGbmE,GAAS,OAFT8jB,EAAI/a,GAAIlN,EAAE,GAAG,KAEItC,GAAKuqB,IAAM,GAC5Bjf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BiW,EAAKrgB,GAAIhN,EAAE,GAAG,IAKdmE,GAAS,OAFT8jB,IAFAqF,EAAKpgB,GAAIlN,EAAE,GAAG,OAED,EAAMqtB,QAAmBC,IAAO,EAAMD,GAAE,KAAiBC,IAAO,EAAMD,GAAO,KAEzE3vB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMiW,IAAO,EAAMC,GAAO,KAAYD,IAAO,EAAMC,OAAkBD,IAAO,GAI3DpkB,GAAKmO,IAAM,GAG5BiW,EAAKrgB,GAAIhN,EAAE,IAAI,IAKEtC,IAFjBuqB,IAFAqF,EAAKpgB,GAAIlN,EAAE,IAAI,OAEF,GAAOqtB,GAAO,KAAaA,IAAQ,GAAWC,GAAO,IAAkBA,IAAO,EAAMD,GAAE,OAEvE,GAC5BrkB,GAAS,OAJToO,GAAMiW,IAAO,GAAOC,GAAE,KAAkBA,IAAE,GAAiBD,GAAO,GAAiBA,IAAO,GAIzEpkB,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEXjb,EAAGhN,GAAU,MAAJgJ,EAAeC,GAAK,GAC7BiE,EAAGlN,GAAU,MAAJmE,EAAezG,GAAK,GASnCyG,EAAQ,OAFR8jB,EAAI+F,GAEYtwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIoW,GAIYvkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKokB,EAAW,MAAJxkB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK4B,EAAW,MAAJ7pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIgG,GAEYvwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIqW,GAIYxkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKqkB,EAAW,MAAJzkB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK6B,EAAW,MAAJ9pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIiG,GAEYxwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIsW,GAIYzkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKskB,EAAW,MAAJ1kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK8B,EAAW,MAAJ/pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIkG,GAEYzwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIuW,GAIY1kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKukB,EAAW,MAAJ3kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK+B,EAAW,MAAJhqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAImG,GAEY1wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIwW,GAIY3kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKwkB,EAAW,MAAJ5kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKgC,EAAW,MAAJjqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIoG,GAEY3wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIyW,GAIY5kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKykB,EAAW,MAAJ7kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKiC,EAAW,MAAJlqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIqG,GAEY5wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI0W,GAIY7kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAK0kB,EAAW,MAAJ9kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKkC,EAAW,MAAJnqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAK2kB,EAAW,MAAJ/kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKmC,EAAW,MAAJpqB,EAAezG,GAAK,GAEnC7V,GAAO,IACP2V,GAAK,GACT,CAEE,OAAOA,CACT,CAEA,SAASgxB,GAAY7iB,EAAKuS,EAAG1gB,GAC3B,IAGI7V,EAHAyhB,EAAK,IAAImkB,WAAW,GACpBnB,EAAK,IAAImB,WAAW,GACpBlsB,EAAI,IAAI/Z,WAAW,KAChBoW,EAAIF,EAuBX,IArBA4L,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WAERgjB,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UAERD,GAAqB/iB,EAAIgjB,EAAIlO,EAAG1gB,GAChCA,GAAK,IAEA7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAKu2B,EAAExgB,EAAEF,EAAE7V,GAQrC,IAPA0Z,EAAE7D,GAAK,IAGP6D,GADA7D,EAAI,IAAI,KAAKA,EAAE,IAAI,EAAE,IACjB,GAAK,EACTwqB,GAAK3mB,EAAG7D,EAAE,EAAKE,EAAI,UAAc,EAAGA,GAAK,GACzCyuB,GAAqB/iB,EAAIgjB,EAAI/qB,EAAG7D,GAE3B7V,EAAI,EAAGA,EAAI,EAAGA,IAAKqgC,GAAKrc,EAAK,EAAEhkB,EAAGyhB,EAAGzhB,GAAIykC,EAAGzkC,IAEjD,OAAO,CACT,CAEA,SAASmC,GAAIkpB,EAAGxJ,GACd,IAAIrF,EAAIgjB,KAAMzpB,EAAIypB,KAAMne,EAAIme,KACxBle,EAAIke,KAAMp9B,EAAIo9B,KAAM2E,EAAI3E,KACxB1P,EAAI0P,KAAM/P,EAAI+P,KAAM5lB,EAAI4lB,KAE5B2B,GAAE3kB,EAAG6O,EAAE,GAAIA,EAAE,IACb8V,GAAEvnB,EAAGiI,EAAE,GAAIA,EAAE,IACbuf,GAAE5kB,EAAGA,EAAG5C,GACRsnB,GAAEnrB,EAAGsV,EAAE,GAAIA,EAAE,IACb6V,GAAEtnB,EAAGiI,EAAE,GAAIA,EAAE,IACbuf,GAAErrB,EAAGA,EAAG6D,GACRwnB,GAAE/f,EAAGgK,EAAE,GAAIxJ,EAAE,IACbuf,GAAE/f,EAAGA,EAAG4e,IACRmB,GAAE9f,EAAG+J,EAAE,GAAIxJ,EAAE,IACbqf,GAAE5f,EAAGA,EAAGA,GACR6f,GAAE/+B,EAAG2T,EAAGyG,GACR2kB,GAAEgD,EAAG7iB,EAAGD,GACR6f,GAAEpR,EAAGxO,EAAGD,GACR6f,GAAEzR,EAAG1Z,EAAGyG,GAER4kB,GAAE/V,EAAE,GAAIjpB,EAAG+hC,GACX/C,GAAE/V,EAAE,GAAIoE,EAAGK,GACXsR,GAAE/V,EAAE,GAAIyE,EAAGqU,GACX/C,GAAE/V,EAAE,GAAIjpB,EAAGqtB,EACb,CAEA,SAASqX,GAAMzb,EAAGxJ,EAAG9L,GACnB,IAAI/V,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB6gC,GAASxV,EAAErrB,GAAI6hB,EAAE7hB,GAAI+V,EAEzB,CAEA,SAASgxB,GAAKptB,EAAG0R,GACf,IAAI2b,EAAKxH,KAAMyH,EAAKzH,KAAM0H,EAAK1H,KAC/BwE,GAASkD,EAAI7b,EAAE,IACf+V,GAAE4F,EAAI3b,EAAE,GAAI6b,GACZ9F,GAAE6F,EAAI5b,EAAE,GAAI6b,GACZpG,GAAUnnB,EAAGstB,GACbttB,EAAE,KAAOqnB,GAASgG,IAAO,CAC3B,CAEA,SAASG,GAAW9b,EAAGxJ,EAAGhK,GACxB,IAAI9B,EAAG/V,EAKP,IAJA2gC,GAAStV,EAAE,GAAIwU,IACfc,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIwU,IACV7/B,EAAI,IAAKA,GAAK,IAAKA,EAEtB8mC,GAAMzb,EAAGxJ,EADT9L,EAAK8B,EAAG7X,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BmC,GAAI0f,EAAGwJ,GACPlpB,GAAIkpB,EAAGA,GACPyb,GAAMzb,EAAGxJ,EAAG9L,EAEhB,CAEA,SAASqxB,GAAW/b,EAAGxT,GACrB,IAAIgK,EAAI,CAAC2d,KAAMA,KAAMA,KAAMA,MAC3BmB,GAAS9e,EAAE,GAAIqe,IACfS,GAAS9e,EAAE,GAAIse,IACfQ,GAAS9e,EAAE,GAAIie,IACfsB,GAAEvf,EAAE,GAAIqe,GAAGC,IACXgH,GAAW9b,EAAGxJ,EAAGhK,EACnB,CAEA,SAASwvB,GAAoBC,EAAIC,EAAIC,GACnC,IAEIxnC,EAFAshB,EAAI,IAAI3hB,WAAW,IACnB0rB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAY3B,IATKgI,GAAQ7H,GAAY4H,EAAI,IAC7BV,GAAYvlB,EAAGimB,EAAI,IACnBjmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8lB,GAAW/b,EAAG/J,GACdylB,GAAKO,EAAIjc,GAEJrrB,EAAI,EAAGA,EAAI,GAAIA,IAAKunC,EAAGvnC,EAAE,IAAMsnC,EAAGtnC,GACvC,OAAO,CACT,CAEA,IAAIynC,GAAI,IAAI/H,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgI,GAAK/tB,EAAGD,GACf,IAAI0P,EAAOppB,EAAGqY,EAAGZ,EACjB,IAAKzX,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAopB,EAAQ,EACH/Q,EAAIrY,EAAI,GAAIyX,EAAIzX,EAAI,GAAIqY,EAAIZ,IAAKY,EACpCqB,EAAErB,IAAM+Q,EAAQ,GAAK1P,EAAE1Z,GAAKynC,GAAEpvB,GAAKrY,EAAI,KACvCopB,EAAQziB,KAAK0P,OAAOqD,EAAErB,GAAK,KAAO,KAClCqB,EAAErB,IAAc,IAAR+Q,EAEV1P,EAAErB,IAAM+Q,EACR1P,EAAE1Z,GAAK,CACX,CAEE,IADAopB,EAAQ,EACH/Q,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAErB,IAAM+Q,GAAS1P,EAAE,KAAO,GAAK+tB,GAAEpvB,GACjC+Q,EAAQ1P,EAAErB,IAAM,EAChBqB,EAAErB,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqB,EAAErB,IAAM+Q,EAAQqe,GAAEpvB,GAC3C,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAM0Z,EAAE1Z,IAAM,EAClB2Z,EAAE3Z,GAAY,IAAP0Z,EAAE1Z,EAEb,CAEA,SAAS2nC,GAAOhuB,GACd,IAA8B3Z,EAA1B0Z,EAAI,IAAIgmB,aAAa,IACzB,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK,EAChC0nC,GAAK/tB,EAAGD,EACV,CAsCA,SAASkuB,GAAUjuB,EAAG0R,GACpB,IAAIzR,EAAI4lB,KAAMqI,EAAMrI,KAAMzX,EAAMyX,KAC5BsI,EAAMtI,KAAMuI,EAAOvI,KAAMwI,EAAOxI,KAChCyI,EAAOzI,KA2BX,OAzBAmB,GAAShnB,EAAE,GAAImmB,IACfmB,GAAYtnB,EAAE,GAAI0R,GAClByK,GAAE/N,EAAKpO,EAAE,IACTynB,GAAE0G,EAAK/f,EAAKiY,IACZmB,GAAEpZ,EAAKA,EAAKpO,EAAE,IACdunB,GAAE4G,EAAKnuB,EAAE,GAAImuB,GAEbhS,GAAEiS,EAAMD,GACRhS,GAAEkS,EAAMD,GACR3G,GAAE6G,EAAMD,EAAMD,GACd3G,GAAExnB,EAAGquB,EAAMlgB,GACXqZ,GAAExnB,EAAGA,EAAGkuB,GA/qBV,SAAiBha,EAAG9tB,GAClB,IACIwc,EADA6E,EAAIme,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAS4kB,GAAE/f,EAAGA,EAAGrhB,GAExB,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAwqBE0rB,CAAQtuB,EAAGA,GACXwnB,GAAExnB,EAAGA,EAAGmO,GACRqZ,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAEznB,EAAE,GAAIC,EAAGkuB,GAEXhS,GAAE+R,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAMqZ,GAAEznB,EAAE,GAAIA,EAAE,GAAIymB,IAEtCtK,GAAE+R,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAc,GAE5BiZ,GAASrnB,EAAE,MAAS0R,EAAE,KAAK,GAAI8V,GAAExnB,EAAE,GAAIkmB,GAAKlmB,EAAE,IAElDynB,GAAEznB,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAIIwuB,GAAoB,GAKxB,SAASC,KACP,IAAK,IAAIpoC,EAAI,EAAGA,EAAIqoC,UAAUvoC,OAAQE,IACpC,KAAMqoC,UAAUroC,aAAcL,YAC5B,MAAM,IAAI2oC,UAAU,kCAE1B,CAMA/I,GAAKgJ,WAAa,SAAS1yB,EAAGwV,GAE5B,GADA+c,GAAgBvyB,EAAGwV,GApBe,KAqB9BxV,EAAE/V,OAA0C,MAAUL,MAAM,cAChE,GAvB4B,KAuBxB4rB,EAAEvrB,OAAoC,MAAUL,MAAM,cAC1D,IAAIoiB,EAAI,IAAIliB,WAxBgB,IA0B5B,OADAskC,GAAkBpiB,EAAGhM,EAAGwV,GACjBxJ,CACT,EAEA0d,GAAKtV,IAAM,CAAE,EAEbsV,GAAKtV,IAAI0T,QAAU,WACjB,IAAI2J,EAAK,IAAI3nC,WA9BiB,IA+B1B4nC,EAAK,IAAI5nC,WA9BiB,IAgC9B,OAlsBF,SAA4Bm5B,EAAGpf,GAC7BimB,GAAYjmB,EAAG,IACR4qB,GAAuBxL,EAAGpf,EACnC,CA8rBE8uB,CAAmBlB,EAAIC,GAChB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAKtV,IAAI0T,QAAQ8K,cAAgB,SAASv7B,GAExC,GADAk7B,GAAgBl7B,GApCc,KAqC1BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI6nC,EAAK,IAAI3nC,WAxCiB,IA0C9B,OADA2kC,GAAuBgD,EAAIp6B,GACpB,CAACjD,UAAWq9B,EAAIp6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAqyB,GAAKlB,KAAO,SAAS5U,EAAKvc,GAExB,GADAk7B,GAAgB3e,EAAKvc,GA1CU,KA2C3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAIipC,EAAY,IAAI/oC,WAAWwoC,GAAkB1e,EAAI3pB,QAErD,OA5JF,SAAqB6oC,EAAIpS,EAAG1gB,EAAG0xB,GAC7B,IACIvnC,EAAGqY,EADHiJ,EAAI,IAAI3hB,WAAW,IAAK8vB,EAAI,IAAI9vB,WAAW,IAAKga,EAAI,IAAIha,WAAW,IAC7D+Z,EAAI,IAAIgmB,aAAa,IAC3BrU,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAE3BqH,GAAYvlB,EAAGimB,EAAI,IACnBjmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIsnB,EAAQ/yB,EAAI,GAChB,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK2oC,EAAG,GAAK3oC,GAAKu2B,EAAEv2B,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2oC,EAAG,GAAK3oC,GAAKshB,EAAE,GAAKthB,GAO7C,IALA6mC,GAAYltB,EAAGgvB,EAAGzhC,SAAS,IAAK2O,EAAE,IAClC8xB,GAAOhuB,GACPytB,GAAW/b,EAAG1R,GACdotB,GAAK4B,EAAItd,GAEJrrB,EAAI,GAAIA,EAAI,GAAIA,IAAK2oC,EAAG3oC,GAAKunC,EAAGvnC,GAIrC,IAHA6mC,GAAYpX,EAAGkZ,EAAI9yB,EAAI,IACvB8xB,GAAOlY,GAEFzvB,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAE1Z,EAAEqY,IAAMoX,EAAEzvB,GAAKshB,EAAEjJ,GAIvBqvB,GAAKiB,EAAGzhC,SAAS,IAAKwS,EAExB,CA0HEmvB,CAAYH,EAAWjf,EAAKA,EAAI3pB,OAAQoN,GACjCw7B,CACT,EAEAnJ,GAAKlB,KAAKyK,SAAW,SAASrf,EAAKvc,GAGjC,IAFA,IAAIw7B,EAAYnJ,GAAKlB,KAAK5U,EAAKvc,GAC3B67B,EAAM,IAAIppC,WAAWwoC,IAChBnoC,EAAI,EAAGA,EAAI+oC,EAAIjpC,OAAQE,IAAK+oC,EAAI/oC,GAAK0oC,EAAU1oC,GACxD,OAAO+oC,CACT,EAEAxJ,GAAKlB,KAAKyK,SAASlK,OAAS,SAASnV,EAAKsf,EAAK9+B,GAE7C,GADAm+B,GAAgB3e,EAAKsf,EAAK9+B,GACtB8+B,EAAIjpC,SAAWqoC,GACjB,MAAU1oC,MAAM,sBAClB,GA9D+B,KA8D3BwK,EAAUnK,OACZ,MAAUL,MAAM,uBAClB,IAEIO,EAFA2oC,EAAK,IAAIhpC,WAAWwoC,GAAoB1e,EAAI3pB,QAC5Cy2B,EAAI,IAAI52B,WAAWwoC,GAAoB1e,EAAI3pB,QAE/C,IAAKE,EAAI,EAAGA,EAAImoC,GAAmBnoC,IAAK2oC,EAAG3oC,GAAK+oC,EAAI/oC,GACpD,IAAKA,EAAI,EAAGA,EAAIypB,EAAI3pB,OAAQE,IAAK2oC,EAAG3oC,EAAEmoC,IAAqB1e,EAAIzpB,GAC/D,OAxGF,SAA0Bu2B,EAAGoS,EAAI9yB,EAAGyxB,GAClC,IAAItnC,EACA4Z,EAAI,IAAIja,WAAW,IAAK8vB,EAAI,IAAI9vB,WAAW,IAC3C0rB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MACvB3d,EAAI,CAAC2d,KAAMA,KAAMA,KAAMA,MAE3B,GAAI3pB,EAAI,GAAI,OAAQ,EAEpB,GAAI+xB,GAAU/lB,EAAGylB,GAAK,OAAQ,EAE9B,IAAKtnC,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK2oC,EAAG3oC,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKu2B,EAAEv2B,EAAE,IAAMsnC,EAAGtnC,GAUtC,GATA6mC,GAAYpX,EAAG8G,EAAG1gB,GAClB8xB,GAAOlY,GACP0X,GAAW9b,EAAGxJ,EAAG4N,GAEjB2X,GAAWvlB,EAAG8mB,EAAGzhC,SAAS,KAC1B/E,GAAIkpB,EAAGxJ,GACPklB,GAAKntB,EAAGyR,GAERxV,GAAK,GACD0qB,GAAiBoI,EAAI,EAAG/uB,EAAG,GAAI,CACjC,IAAK5Z,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK,EAC/B,OAAQ,CACZ,CAEE,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK2oC,EAAG3oC,EAAI,IACtC,OAAO6V,CACT,CA4EUmzB,CAAiBzS,EAAGoS,EAAIA,EAAG7oC,OAAQmK,IAAc,CAC3D,EAEAs1B,GAAKlB,KAAKV,QAAU,WAClB,IAAI2J,EAAK,IAAI3nC,WAzEkB,IA0E3B4nC,EAAK,IAAI5nC,WAzEkB,IA2E/B,OADA0nC,GAAoBC,EAAIC,GACjB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAKlB,KAAKV,QAAQ8K,cAAgB,SAASv7B,GAEzC,GADAk7B,GAAgBl7B,GA/Ee,KAgF3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAElB,IADA,IAAI6nC,EAAK,IAAI3nC,WAnFkB,IAoFtBK,EAAI,EAAGA,EAAIsnC,EAAGxnC,OAAQE,IAAKsnC,EAAGtnC,GAAKkN,EAAU,GAAGlN,GACzD,MAAO,CAACiK,UAAWq9B,EAAIp6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAqyB,GAAKlB,KAAKV,QAAQsL,SAAW,SAASC,GAEpC,GADAd,GAAgBc,GAvFU,KAwFtBA,EAAKppC,OACP,MAAUL,MAAM,iBAGlB,IAFA,IAAI6nC,EAAK,IAAI3nC,WA5FkB,IA6F3B4nC,EAAK,IAAI5nC,WA5FkB,IA6FtBK,EAAI,EAAGA,EAAI,GAAIA,IAAKunC,EAAGvnC,GAAKkpC,EAAKlpC,GAE1C,OADAqnC,GAAoBC,EAAIC,GAAI,GACrB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAK4J,QAAU,SAAShkC,GACtBw6B,GAAcx6B,CAChB,EAEA,WAGE,GAAIkV,IAAUA,GAAO0f,gBAAiB,CAGpCwF,GAAK4J,SAAQ,SAASzvB,EAAG7D,GACvB,IAAI7V,EAAG8X,EAAI,IAAInY,WAAWkW,GAC1B,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,GAHT,MAIRqa,GAAO0f,gBAAgBjiB,EAAE5Q,SAASlH,EAAGA,EAAI2G,KAAKsd,IAAIpO,EAAI7V,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAK8X,EAAE9X,IAvGvC,SAAiBokB,GACf,IAAK,IAAIpkB,EAAI,EAAGA,EAAIokB,EAAItkB,OAAQE,IAAKokB,EAAIpkB,GAAK,CAChD,CAsGMopC,CAAQtxB,EACd,GACA,CACC,CAfD,GC5yCA,MAAMuxB,GAAY,CAChB,mBAAoB1gC,EAAMC,MAAMC,SAChC,aAAcF,EAAMC,MAAMG,SAC1B,aAAcJ,EAAMC,MAAMK,SAC1B,aAAcN,EAAMC,MAAMO,UAC1B,qBAAsBR,EAAMC,MAAMQ,cAClC,uBAAwBT,EAAMC,MAAMU,iBACpC,qBAAsBX,EAAMC,MAAMY,gBAClC,qBAAsBb,EAAMC,MAAMa,gBAClC,qBAAsBd,EAAMC,MAAMc,iBAGpC,MAAM4/B,GACJ,WAAAxrC,CAAYyrC,GACV,GAAIA,aAAeD,GACjBprC,KAAKqrC,IAAMA,EAAIA,SACV,GAAIv0B,EAAKrW,QAAQ4qC,IACbv0B,EAAKtV,aAAa6pC,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAI5pC,WAAW4pC,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAIzpC,OAAS,EAC1B,MAAUL,MAAM,sCAElB8pC,EAAMA,EAAIriC,SAAS,EAC3B,CACMhJ,KAAKqrC,IAAMA,CACjB,MACMrrC,KAAKqrC,IAAM,EAEjB,CAOE,IAAAhpC,CAAK9B,GACH,GAAIA,EAAMqB,QAAU,EAAG,CACrB,MAAMA,EAASrB,EAAM,GACrB,GAAIA,EAAMqB,QAAU,EAAIA,EAEtB,OADA5B,KAAKqrC,IAAM9qC,EAAMyI,SAAS,EAAG,EAAIpH,GAC1B,EAAI5B,KAAKqrC,IAAIzpC,MAE5B,CACI,MAAUL,MAAM,cACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKqrC,IAAIzpC,SAAU5B,KAAKqrC,KAC1E,CAME,KAAAC,GACE,OAAOx0B,EAAK2C,gBAAgBzZ,KAAKqrC,IACrC,CAOE,OAAAE,GACE,MAAMtjC,EAAOkjC,GAAUnrC,KAAKsrC,SAC5B,IAAKrjC,EACH,MAAU1G,MAAM,oCAGlB,OAAO0G,CACX,ECtFO,SAASujC,GAAiBrhC,GAC/B,IACIyO,EADAyU,EAAM,EAEV,MAAMpZ,EAAO9J,EAAM,GAcnB,OAXI8J,EAAO,MACRoZ,GAAOljB,EACRyO,EAAS,GACA3E,EAAO,KAChBoZ,GAAQljB,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CyO,EAAS,GACS,MAAT3E,IACToZ,EAAMvW,EAAKY,WAAWvN,EAAMnB,SAAS,EAAG,IACxC4P,EAAS,GAGJ,CACLyU,IAAKA,EACLzU,OAAQA,EAEZ,CASO,SAAS6yB,GAAkB7pC,GAChC,OAAIA,EAAS,IACJ,IAAIH,WAAW,CAACG,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIH,WAAW,CAAyB,KAAtBG,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEkV,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOqV,EAAKc,YAAYhW,EAAQ,IAChF,CAEO,SAAS8pC,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAUpqC,MAAM,iDAElB,OAAO,IAAIE,WAAW,CAAC,IAAMkqC,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIpqC,WAAW,CAAC,IAAOoqC,GAChC,CAUO,SAASC,GAAYD,EAAUjqC,GAEpC,OAAOkV,EAAKpV,iBAAiB,CAACkqC,GAASC,GAAWJ,GAAkB7pC,IACtE,CAOO,SAASmqC,GAAkBhuB,GAChC,MAAO,CACLtT,EAAMkE,OAAOU,YACb5E,EAAMkE,OAAOO,eACbzE,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBACbsP,SAASnB,EACb,CASOzb,eAAe0pC,GAAYzrC,EAAO0rC,GACvC,MAAMvoC,EAASme,EAAiBthB,GAChC,IAAII,EACAurC,EACJ,IACE,MAAMC,QAAoBzoC,EAAOwG,UAAU,GAE3C,IAAKiiC,GAAeA,EAAYvqC,OAAS,KAAuB,IAAjBuqC,EAAY,IACzD,MAAU5qC,MAAM,iGAElB,MAAM6qC,QAAmB1oC,EAAOkG,WAChC,IAEIyiC,EAOAC,EATAvuB,GAAO,EACP4gB,GAAU,EAGdA,EAAS,EACS,GAAbyN,IACHzN,EAAS,GAIPA,EAEF5gB,EAAmB,GAAbquB,GAGNruB,GAAoB,GAAbquB,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BR,GAAkBhuB,GAClD,IAiBIyuB,EAjBA79B,EAAS,KACb,GAAI49B,EAAyB,CAC3B,GAA6B,UAAzBz1B,EAAK7V,SAASV,GAAoB,CACpC,MAAM2I,EAAc,IAAIujC,EACxB9rC,EAASmhB,EAAiB5Y,GAC1ByF,EAASzF,CACjB,KAAa,CACL,MAAMtE,EAAY,IAAIoB,gBACtBrF,EAASmhB,EAAiBld,EAAUO,UACpCwJ,EAAS/J,EAAUM,QAC3B,CAEMgnC,EAAmBD,EAAS,CAAEluB,MAAKpP,UACzC,MACMA,EAAS,GAIX,EAAG,CACD,GAAKgwB,EAiCE,CAEL,MAAM+N,QAAmBhpC,EAAOkG,WAEhC,GADA4iC,GAAmB,EACfE,EAAa,IACfL,EAAeK,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CL,GAAiBK,EAAa,KAAQ,SAAYhpC,EAAOkG,WAAc,SAElE,GAAI8iC,EAAa,KAAOA,EAAa,KAG1C,GAFAL,EAAe,IAAmB,GAAbK,GACrBF,GAAmB,GACdD,EACH,MAAM,IAAInC,UAAU,2DAItBiC,QAAsB3oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,UAE9B,MApDQ,OAAQ0iC,GACN,KAAK,EAGHD,QAAqB3oC,EAAOkG,WAC5B,MACF,KAAK,EAGHyiC,QAAsB3oC,EAAOkG,YAAc,QAAWlG,EAAOkG,WAC7D,MACF,KAAK,EAGHyiC,QAAsB3oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,WACpB,MACF,QAWEyiC,EAAe9jC,IAyBrB,GAAI8jC,EAAe,EAAG,CACpB,IAAI7jC,EAAY,EAChB,OAAa,CACP7H,SAAcA,EAAOgF,MACzB,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,GAAI6pC,IAAiB9jC,IAAU,MAC/B,MAAUhH,MAAM,2BAC5B,CACU,MAAMyB,EAAQqpC,IAAiB9jC,IAAWhG,EAAQA,EAAMyG,SAAS,EAAGqjC,EAAe7jC,GAInF,GAHI7H,QAAcA,EAAOoC,MAAMC,GAC1B2L,EAAO7L,KAAKE,GACjBwF,GAAajG,EAAMX,OACf4G,GAAa6jC,EAAc,CAC7B3oC,EAAOiG,QAAQpH,EAAMyG,SAASqjC,EAAe7jC,EAAYjG,EAAMX,SAC/D,KACZ,CACA,CACA,CACA,OAAa4qC,GAiCT,MAAMG,QAAmBjpC,EAAOwG,UAAUqiC,EAA0BhkC,IAAW,GAS/E,OARI5H,SACIA,EAAOgF,YACPhF,EAAOsC,UAEb0L,EAASmI,EAAKpV,iBAAiBiN,SAEzBs9B,EAAS,CAAEluB,MAAKpP,aAEhBg+B,IAAeA,EAAW/qC,MACnC,CAAC,MAAOsC,GACP,GAAIvD,EAEF,aADMA,EAAOuC,MAAMgB,IACZ,EAEP,MAAMA,CAEZ,CAAY,QACJvD,SACIurC,EAERxoC,EAAO7C,aACX,CACA,CAEO,MAAM+rC,WAAyBrrC,MACpC,WAAA3B,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM4sC,IAGhC5sC,KAAKiI,KAAO,kBAChB,EAIO,MAAM6kC,WAA2BF,GACtC,WAAAhtC,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM4sC,IAGhC5sC,KAAKiI,KAAO,oBAChB,EAGO,MAAM8kC,GACX,WAAAntC,CAAYme,EAAKivB,GACfhtC,KAAK+d,IAAMA,EACX/d,KAAKgtC,WAAaA,CACtB,CAEE,KAAAjqC,GACE,OAAO/C,KAAKgtC,UAChB,ECxSO1qC,eAAe2qC,GAASxqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjBixB,QAAqBhxB,EAAUwjB,YAAY,WAAW,EAAM,CAAC,OAAQ,WAErElsB,QAAmB0I,EAAUyjB,UAAU,MAAOuN,EAAa15B,YAC3DzH,QAAkBmQ,EAAUyjB,UAAU,MAAOuN,EAAanhC,WAEhE,MAAO,CACLi3B,EAAG,IAAIvhC,WAAW2d,EAAgBrT,EAAUyP,IAC5CwvB,KAAM5rB,EAAgB5L,EAAW4P,GAEpC,CAAC,MAAOiT,GACP,GAAiB,sBAAbA,EAAIpuB,MAA6C,mBAAbouB,EAAIpuB,KAC1C,MAAMouB,EAER,MAAM2U,EAAOpP,GAAeuR,GAAe1qB,KACnC1W,UAAWi3B,GAAM73B,GAAQg1B,KAAKV,QAAQsL,SAASC,GACvD,MAAO,CAAEhI,IAAGgI,OACpB,CAEI,KAAKvgC,EAAMsB,UAAUa,MAAO,CAC1B,MAAMA,QAAckK,EAAKM,cAAc3M,EAAMsB,UAAUa,OACjDo+B,EAAOp+B,EAAMwgC,MAAMC,mBAEzB,MAAO,CAAErK,EADCp2B,EAAM0gC,aAAatC,GACjBA,OAClB,CACI,QACE,MAAUzpC,MAAM,+BAEtB,CAeOe,eAAe69B,GAAK1d,EAAMwd,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GACzE,GAAI9vB,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkBioB,GAAqB9qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjByiB,EAAM8O,GAAgB/qB,EAAM1W,EAAWyH,GACvC7C,QAAYuL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,SAMrE,MAAO,CAAE+O,GAJS,IAAIhsC,iBACdya,EAAUikB,KAAK,UAAWxvB,EAAK8sB,IAIxC,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIpuB,KACN,MAAMouB,EAER,MAAMrnB,EAAY8H,EAAKpV,iBAAiB,CAAC8R,EAAYzH,IAErD,MAAO,CAAE0hC,GADStiC,GAAQg1B,KAAKyK,SAASnN,EAAQzuB,GAExD,CAEI,KAAKvE,EAAMsB,UAAUa,MAGnB,MAAO,CAAE6gC,UAFW32B,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC/BuzB,KAAK1C,EAAQjqB,IAGvC,QACE,MAAUjS,MAAM,+BAGtB,CAaOe,eAAeo+B,GAAOje,EAAMwd,GAAUwN,GAAEA,GAAMpV,EAAGtsB,EAAW0xB,GACjE,GAAI9vB,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkBioB,GAAqB9qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjByiB,EAAMgP,GAAejrB,EAAM1W,GAC3B4E,QAAYuL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,WAErE,aADuBxiB,EAAUwkB,OAAO,UAAW/vB,EAAK88B,EAAIhQ,EAE7D,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIpuB,KACN,MAAMouB,EAER,OAAOlrB,GAAQg1B,KAAKyK,SAASlK,OAAOjD,EAAQgQ,EAAI1hC,EACxD,CAEI,KAAKtB,EAAMsB,UAAUa,MAEnB,aADoBkK,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC1C8zB,OAAO+M,EAAIhQ,EAAQ1xB,GAElC,QACE,MAAUxK,MAAM,+BAEtB,CAiCO,SAAS4rC,GAAe1qB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAO,GAET,KAAKV,EAAMsB,UAAUa,MACnB,OAAO,GAET,QACE,MAAUrL,MAAM,+BAEtB,CAEO,SAASgsC,GAAqB9qB,GACnC,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAOV,EAAMkD,KAAKI,OACpB,KAAKtD,EAAMsB,UAAUa,MACnB,OAAOnC,EAAMkD,KAAKM,OACpB,QACE,MAAU1M,MAAM,sBAEtB,CAEA,MAAMmsC,GAAiB,CAACjrB,EAAM1W,KAC5B,GAAQ0W,IACDhY,EAAMsB,UAAUZ,QAAS,CAO5B,MANY,CACVkzB,IAAK,MACLsP,IAAK,UACLnyB,EAAG+D,EAAgBxT,GACnBwyB,KAAK,EAGb,CAEM,MAAUh9B,MAAM,8BACtB,EAGMisC,GAAkB,CAAC/qB,EAAM1W,EAAWyH,KACxC,GAAQiP,IACDhY,EAAMsB,UAAUZ,QAAS,CAC5B,MAAMuzB,EAAMgP,GAAejrB,EAAM1W,GAEjC,OADA2yB,EAAItb,EAAI7D,EAAgB/L,GACjBkrB,CACb,CAEM,MAAUn9B,MAAM,8BACtB,iIAxEOe,eAA8BmgB,EAAMugB,EAAGgI,GAC5C,OAAQvoB,GACN,KAAKhY,EAAMsB,UAAUZ,QAAS,CAM5B,MAAMY,UAAEA,GAAcZ,GAAQg1B,KAAKV,QAAQsL,SAASC,GACpD,OAAOl0B,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CAEI,KAAKtB,EAAMsB,UAAUa,MAAO,CAC1B,MAEMb,SAFc+K,EAAKM,cAAc3M,EAAMsB,UAAUa,QAE/B0gC,aAAatC,GACrC,OAAOl0B,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CACI,QACE,OAAO,EAEb,cCrKA,MAAMmQ,GAAYpF,EAAKmF,eAQhB3Z,eAAesrC,GAAKnrB,EAAM9R,EAAKk9B,GACpC,MAAM7qB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWohB,EACtC,MAAUzhB,MAAM,oCAGlB,IACE,MAAMusC,QAAoB5xB,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,YAEhF8lC,QAAkB7xB,GAAUmX,UAAU,MAAOwa,EAAY,CAAE5lC,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SACnGqgC,QAAgB9xB,GAAU+xB,QAAQ,MAAOF,EAAWD,EAAa,CAAE7lC,KAAM,WAC/E,OAAO,IAAIxG,WAAWusC,EACvB,CAAC,MAAO3X,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACrE,CAEE,OAAO26B,GAAWv9B,GAAKod,QAAQ8f,EACjC,CASOvrC,eAAe6rC,GAAO1rB,EAAM9R,EAAKy9B,GACtC,MAAMprB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWohB,EACtC,MAAUzhB,MAAM,oCAGlB,IAAIusC,EACJ,IACEA,QAAoB5xB,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,aACjF,CAAC,MAAOouB,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAGR,OADAvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,SAC1D26B,GAAWv9B,GAAK0d,QAAQ+f,EACnC,CAEE,IACE,MAAMC,QAAkBnyB,GAAUoyB,UAAU,MAAOF,EAAaN,EAAa,CAAE7lC,KAAM,UAAY,CAAEA,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SAC3I,OAAO,IAAIlM,iBAAiBya,GAAUyjB,UAAU,MAAO0O,GACxD,CAAC,MAAOhY,GACP,GAAiB,mBAAbA,EAAIpuB,KACN,MAAU1G,MAAM,6BAElB,MAAM80B,CACV,CACA,uECxFA,MAAMna,GAAYpF,EAAKmF,eAER3Z,eAAeisC,GAAYtO,EAAUuO,EAAUC,EAAMC,EAAM5e,GACxE,MAAMniB,EAAOlD,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GACvC,IAAKtyB,EAAM,MAAUpM,MAAM,qCAE3B,MAAMotC,QAAoBzyB,GAAUmX,UAAU,MAAOmb,EAAU,QAAQ,EAAO,CAAC,eACzExyB,QAAaE,GAAU0yB,WAAW,CAAE3mC,KAAM,OAAQ0F,OAAM8gC,OAAMC,QAAQC,EAAsB,EAAT7e,GACzF,OAAO,IAAIruB,WAAWua,EACxB,CCHA,MAAM6yB,GAAY,CAChBniC,OAAQoK,EAAKwD,WAAW,kBACxB3N,KAAMmK,EAAKwD,WAAW,iBAQjBhY,eAAe2qC,GAASxqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAE3B,MAAM6M,EAAIqiB,GAAe,KACjB7vB,UAAWi3B,GAAMt2B,GAAOqf,IAAI0T,QAAQ8K,cAAchxB,GAC1D,MAAO,CAAEypB,IAAGzpB,IAClB,CAEI,KAAK9O,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChD4M,EAAI5M,EAAKygC,MAAMC,mBAErB,MAAO,CAAErK,EADCr2B,EAAK2gC,aAAa/zB,GAChBA,IAClB,CACI,QACE,MAAUhY,MAAM,8BAEtB,CA+GO,SAAS4rC,GAAe1qB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OACnB,OAAO,GAET,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO,GAET,QACE,MAAUpL,MAAM,8BAEtB,CAOOe,eAAewsC,GAAoCrsB,EAAMssB,GAC9D,OAAQtsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMsiC,EAAqBpT,GAAeuR,GAAe1qB,IACnDwsB,EAAeviC,GAAO29B,WAAW2E,EAAoBD,GAC3DG,GAAmBD,GACnB,MAAQljC,UAAWojC,GAAuBziC,GAAOqf,IAAI0T,QAAQ8K,cAAcyE,GAC3E,MAAO,CAAEG,qBAAoBF,eACnC,CACI,KAAKxkC,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChDqiC,EAAqBriC,EAAKygC,MAAMC,mBAChC4B,EAAetiC,EAAKyiC,gBAAgBJ,EAAoBD,GAC9DG,GAAmBD,GAEnB,MAAO,CAAEE,mBADkBxiC,EAAK2gC,aAAa0B,GAChBC,eACnC,CACI,QACE,MAAU1tC,MAAM,8BAEtB,CAEOe,eAAe+sC,GAAsB5sB,EAAM0sB,EAAoBnM,EAAGzpB,GACvE,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMuiC,EAAeviC,GAAO29B,WAAW9wB,EAAG41B,GAE1C,OADAD,GAAmBD,GACZA,CACb,CACI,KAAKxkC,EAAMsB,UAAUY,KAAM,CACzB,MACMsiC,SADan4B,EAAKM,cAAc3M,EAAMsB,UAAUY,OAC5ByiC,gBAAgB71B,EAAG41B,GAE7C,OADAD,GAAmBD,GACZA,CACb,CACI,QACE,MAAU1tC,MAAM,8BAEtB,CAQA,SAAS2tC,GAAmBD,GAC1B,IAAIK,EAAM,EACV,IAAK,IAAIxtC,EAAI,EAAGA,EAAImtC,EAAartC,OAAQE,IACvCwtC,GAAOL,EAAantC,GAEtB,GAAY,IAARwtC,EACF,MAAU/tC,MAAM,6BAEpB,2DAjGOe,eAAuBmgB,EAAM0sB,EAAoBI,EAAYvM,EAAGzpB,GACrE,MAAM01B,QAAqBI,GAAsB5sB,EAAM0sB,EAAoBnM,EAAGzpB,GACxEi2B,EAAY14B,EAAKpV,iBAAiB,CACtCytC,EACAnM,EACAiM,IAEF,OAAQxsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B8V,QAAEA,GAAYD,GAAgBtE,GAEpC,OAAOgxB,GAAahxB,QADQ8vB,GAAY9jC,EAAMkD,KAAKI,OAAQyhC,EAAW,IAAI/tC,WAAcotC,GAAUniC,OAAQsW,GAC3DusB,EACrD,CACI,KAAK9kC,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B4V,QAAEA,GAAYD,GAAgBtY,EAAMoC,UAAUO,QAEpD,OAAOqiC,GAAahxB,QADQ8vB,GAAY9jC,EAAMkD,KAAKM,OAAQuhC,EAAW,IAAI/tC,WAAcotC,GAAUliC,KAAMqW,GACzDusB,EACrD,CACI,QACE,MAAUhuC,MAAM,8BAEtB,UA9DOe,eAAuBmgB,EAAM5b,EAAMkoC,GACxC,MAAMI,mBAAEA,EAAkBF,aAAEA,SAAuBH,GAAoCrsB,EAAMssB,GACvFS,EAAY14B,EAAKpV,iBAAiB,CACtCytC,EACAJ,EACAE,IAEF,OAAQxsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B8V,QAAEA,GAAYD,GAAgBtE,GAC9BixB,QAAsBnB,GAAY9jC,EAAMkD,KAAKI,OAAQyhC,EAAW,IAAI/tC,WAAcotC,GAAUniC,OAAQsW,GAE1G,MAAO,CAAEmsB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe7oC,GAErE,CACI,KAAK4D,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B4V,QAAEA,GAAYD,GAAgBtY,EAAMoC,UAAUO,QAC9CsiC,QAAsBnB,GAAY9jC,EAAMkD,KAAKM,OAAQuhC,EAAW,IAAI/tC,WAAcotC,GAAUliC,KAAMqW,GAExG,MAAO,CAAEmsB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe7oC,GAErE,CAEI,QACE,MAAUtF,MAAM,8BAEtB,+GA/DOe,eAA8BmgB,EAAMugB,EAAGzpB,GAC5C,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAK3B,MAAMX,UAAEA,GAAcW,GAAOqf,IAAI0T,QAAQ8K,cAAchxB,GACvD,OAAOzC,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CACI,KAAKtB,EAAMsB,UAAUY,KAAM,CACzB,MAKMZ,SALa+K,EAAKM,cAAc3M,EAAMsB,UAAUY,OAK/B2gC,aAAa/zB,GACpC,OAAOzC,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CAEI,QACE,OAAO,EAEb,IC7CA,MAAMmQ,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAElBuzB,GAAY,CAChB,CAACnlC,EAAMC,MAAMC,UAAW,QACxB,CAACF,EAAMC,MAAMG,UAAW,QACxB,CAACJ,EAAMC,MAAMK,UAAW,SAEpB8kC,GAAc7rB,GAAaA,GAAW8rB,YAAc,GACpDC,GAAa/rB,GAAa,CAC9B,CAACvZ,EAAMC,MAAMO,WAAY4kC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC3E,CAACqI,EAAMC,MAAMC,UAAWklC,GAAY3wB,SAAS,cAAgB,kBAAe9c,EAC5E,CAACqI,EAAMC,MAAMG,UAAWglC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMK,UAAW8kC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMQ,eAAgB2kC,GAAY3wB,SAAS,WAAa,eAAY9c,EAC3E,CAACqI,EAAMC,MAAMU,kBAAmBykC,GAAY3wB,SAAS,UAAY,cAAW9c,EAC5E,CAACqI,EAAMC,MAAMY,iBAAkBukC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMa,iBAAkBskC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMc,iBAAkBqkC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,GAC3F,CAAE,EAEA4tC,GAAS,CACb,CAACvlC,EAAMC,MAAMC,UAAW,CACtB0gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5D4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMC,UAC7BwlC,IAAKP,GAAUnlC,EAAMC,MAAMC,UAC3BylC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMG,UAAW,CACtBwgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB4U,OAAQnY,EAAMoC,UAAUM,OACxB+iC,KAAMH,GAAWtlC,EAAMC,MAAMG,UAC7BslC,IAAKP,GAAUnlC,EAAMC,MAAMG,UAC3BulC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMK,UAAW,CACtBsgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB2U,OAAQnY,EAAMoC,UAAUO,OACxB8iC,KAAMH,GAAWtlC,EAAMC,MAAMK,UAC7BolC,IAAKP,GAAUnlC,EAAMC,MAAMK,UAC3BqlC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMO,WAAY,CACvBogC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMO,WAC7BmlC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMQ,eAAgB,CAC3BmgC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClE4E,QAASxlC,EAAMsB,UAAUQ,YACzBoB,KAAMlD,EAAMkD,KAAKM,OACjBiiC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC7lC,EAAMC,MAAMU,kBAAmB,CAC9BigC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxE4E,QAASxlC,EAAMsB,UAAUM,KACzBsB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC7lC,EAAMC,MAAMY,iBAAkB,CAC7B+/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMY,iBAC7B8kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMa,iBAAkB,CAC7B8/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB4U,OAAQnY,EAAMoC,UAAUM,OACxB+iC,KAAMH,GAAWtlC,EAAMC,MAAMa,iBAC7B6kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMc,iBAAkB,CAC7B6/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB2U,OAAQnY,EAAMoC,UAAUO,OACxB8iC,KAAMH,GAAWtlC,EAAMC,MAAMc,iBAC7B4kC,YAAa,GACbE,sBAAuB,IAI3B,MAAMC,GACJ,WAAA3wC,CAAY4wC,GACV,IACExwC,KAAKiI,KAAOuoC,aAAqBpF,GAC/BoF,EAAUjF,UACV9gC,EAAM1H,MAAM0H,EAAMC,MAAM8lC,EAC3B,CAAC,MAAOna,GACP,MAAM,IAAIuW,GAAiB,gBACjC,CACI,MAAMjmB,EAASqpB,GAAOhwC,KAAKiI,MAE3BjI,KAAKiwC,QAAUtpB,EAAOspB,QAEtBjwC,KAAKqrC,IAAM1kB,EAAO0kB,IAClBrrC,KAAK2N,KAAOgZ,EAAOhZ,KACnB3N,KAAK4iB,OAAS+D,EAAO/D,OACrB5iB,KAAKkwC,KAAOvpB,EAAOupB,KACnBlwC,KAAKmwC,IAAMxpB,EAAOwpB,IAClBnwC,KAAKowC,YAAczpB,EAAOypB,YAC1BpwC,KAAKqwC,WAAa1pB,EAAO0pB,WACzBrwC,KAAKswC,sBAAwB3pB,EAAO2pB,sBAChCtwC,KAAKmwC,KAAOr5B,EAAKmF,eACnBjc,KAAKiU,KAAO,MACHjU,KAAKkwC,MAAQp5B,EAAKuF,gBAC3Brc,KAAKiU,KAAO,OACHjU,KAAKiI,OAASwC,EAAMC,MAAMU,iBACnCpL,KAAKiU,KAAO,mBACHjU,KAAKiI,OAASwC,EAAMC,MAAMQ,gBACnClL,KAAKiU,KAAO,gBAElB,CAEE,gBAAMw8B,GACJ,OAAQzwC,KAAKiU,MACX,IAAK,MACH,IACE,aAsIV3R,eAA6B2F,EAAMqoC,GAEjC,MAAMpD,QAAqBhxB,GAAUwjB,YAAY,CAAEz3B,KAAM,QAASyoC,WAAYd,GAAU3nC,KAAS,EAAM,CAAC,OAAQ,WAE1GuL,QAAmB0I,GAAUyjB,UAAU,MAAOuN,EAAa15B,YAC3DzH,QAAkBmQ,GAAUyjB,UAAU,MAAOuN,EAAanhC,WAEhE,MAAO,CACLA,UAAW4kC,GAAe5kC,EAAWukC,GACrC98B,WAAY4L,EAAgB5L,EAAW4P,GAE3C,CAjJuBwtB,CAAc5wC,KAAKiI,KAAMjI,KAAKswC,sBAC5C,CAAC,MAAOja,GAEP,OADAvf,EAAKyE,gBAAgB,6CAA+C8a,EAAI9iB,SACjEs9B,GAAa7wC,KAAKiI,KACnC,CACM,IAAK,OACH,OA6IR3F,eAA8B2F,GAE5B,MAAMoE,EAAO2X,GAAW8sB,WAAWf,GAAW9nC,IAE9C,aADMoE,EAAK0kC,eACJ,CACLhlC,UAAW,IAAItK,WAAW4K,EAAKihC,gBAC/B95B,WAAY,IAAI/R,WAAW4K,EAAK2kC,iBAEpC,CArJeC,CAAejxC,KAAKiI,MAC7B,IAAK,mBAAoB,CAEvB,MAAMsR,EAAEA,EAACypB,EAAEA,SAAYkO,GAAczmC,EAAMsB,UAAUW,QAC/C8G,EAAa+F,EAAE5W,QAAQqoB,UAC7BxX,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAElB,MAAO,CAAEzH,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKswC,wBAAyBtN,IACnExvB,aAC5B,CACM,IAAK,gBAAiB,CACpB,MAAQw3B,KAAMx3B,EAAUwvB,EAAEA,SAAYmO,GAAc1mC,EAAMsB,UAAUZ,SAEpE,MAAO,CAAEY,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKswC,wBAAyBtN,IACnExvB,aAC5B,CACM,QACE,OAAOq9B,GAAa7wC,KAAKiI,MAEjC,EAmCA3F,eAAe8uC,GAAuB3uB,EAAM4oB,EAAKgG,EAAGjuB,GAClD,MAAMkuB,EAAkB,CACtB,CAAC7mC,EAAMC,MAAMC,WAAW,EACxB,CAACF,EAAMC,MAAMG,WAAW,EACxB,CAACJ,EAAMC,MAAMK,WAAW,EACxB,CAACN,EAAMC,MAAMO,YAAY,EACzB,CAACR,EAAMC,MAAMU,kBAAmBqX,IAAShY,EAAMsB,UAAUM,KACzD,CAAC5B,EAAMC,MAAMY,kBAAkB,EAC/B,CAACb,EAAMC,MAAMa,kBAAkB,EAC/B,CAACd,EAAMC,MAAMc,kBAAkB,GAI3B8L,EAAY+zB,EAAIE,UACtB,IAAK+F,EAAgBh6B,GACnB,OAAO,EAGT,GAAIA,IAAc7M,EAAMC,MAAMU,iBAAkB,CAC9CgY,EAAIA,EAAEzgB,QAAQqoB,UAEd,MAAMjf,UAAEA,GAAcs1B,GAAKtV,IAAI0T,QAAQ8K,cAAcnnB,GAErDiuB,EAAI,IAAI5vC,WAAW4vC,GACnB,MAAME,EAAK,IAAI9vC,WAAW,CAAC,MAASsK,IACpC,QAAK+K,EAAKmE,iBAAiBs2B,EAAIF,EAKnC,CAEE,MAKME,SALmBz6B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOgL,IAK7Cg2B,aAAalqB,GAAG,GACtC,QAAKtM,EAAKmE,iBAAiBs2B,EAAIF,EAKjC,CAMA,SAASG,GAA0B9mC,EAAO+mC,GACxC,MAAMrB,YAAEA,EAAWE,sBAAEA,EAAuBroC,KAAMqP,GAAc5M,EAE1DgnC,EAAap6B,IAAc7M,EAAMC,MAAMU,kBAAoBkM,IAAc7M,EAAMC,MAAMQ,cAAiBklC,EAA4B,EAAdA,EAE1H,GAAIqB,EAAE,KAAOnB,GAAyBmB,EAAE7vC,SAAW8vC,EAAY,EAC7D,MAAUnwC,MAAM,yBAEpB,CAWAe,eAAeuuC,GAAa5oC,GAC1B,MAAM0pC,QAAmB76B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOrE,GAC7DuL,EAAam+B,EAAWvE,MAAMC,mBAEpC,MAAO,CAAEthC,UADS4lC,EAAWrE,aAAa95B,GAAY,GAClCA,aACtB,CAoCA,SAASm9B,GAAejS,EAAK4R,GAC3B,MAAMsB,EAAOxyB,EAAgBsf,EAAIljB,GAC3Bq2B,EAAOzyB,EAAgBsf,EAAI9D,GAC3B7uB,EAAY,IAAItK,WAAWmwC,EAAKhwC,OAASiwC,EAAKjwC,OAAS,GAI7D,OAHAmK,EAAU,GAAKukC,EACfvkC,EAAU5J,IAAIyvC,EAAM,GACpB7lC,EAAU5J,IAAI0vC,EAAMD,EAAKhwC,OAAS,GAC3BmK,CACT,CASA,SAAS+lC,GAAe1B,EAAanoC,EAAM8D,GACzC,MAAMshB,EAAM+iB,EACNwB,EAAO7lC,EAAUpJ,MAAM,EAAG0qB,EAAM,GAChCwkB,EAAO9lC,EAAUpJ,MAAM0qB,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgR,IAAK,KACLsP,IAAK1lC,EACLuT,EAAG+D,EAAgBqyB,GACnBhX,EAAGrb,EAAgBsyB,GACnBtT,KAAK,EAGT,CAUA,SAAST,GAAasS,EAAanoC,EAAM8D,EAAWyH,GAClD,MAAMkrB,EAAMoT,GAAe1B,EAAanoC,EAAM8D,GAE9C,OADA2yB,EAAItb,EAAI7D,EAAgB/L,GACjBkrB,CACT,CCvWA,MAAMxiB,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAgBjB/Z,eAAe69B,GAAKkL,EAAKpL,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GACxE,MAAM/yB,EAAQ,IAAI6lC,GAAalF,GAE/B,GADAmG,GAA0B9mC,EAAOqB,GAC7BwH,IAAYuD,EAAK7V,SAASsS,GAAU,CACtC,MAAMksB,EAAU,CAAE1zB,YAAWyH,cAC7B,OAAQ9I,EAAMuJ,MACZ,IAAK,MAEH,IAEE,aAqIV3R,eAAuBoI,EAAOu1B,EAAU1sB,EAASksB,GAC/C,MAAMpS,EAAM3iB,EAAM0lC,YACZ1R,EAAMZ,GAAapzB,EAAM0lC,YAAaR,GAAUllC,EAAMzC,MAAOw3B,EAAQ1zB,UAAW0zB,EAAQjsB,YACxF7C,QAAYuL,GAAUmX,UAC1B,MACAqL,EACA,CACEz2B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,SAGGkB,EAAY,IAAIpN,iBAAiBya,GAAUikB,KAC/C,CACEl4B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,KAE5CtvB,EACA4C,IAGF,MAAO,CACLkI,EAAG5M,EAAUlM,MAAM,EAAG0qB,GACtB1T,EAAG9K,EAAUlM,MAAM0qB,EAAKA,GAAO,GAEnC,CAlKuB+S,CAAQ11B,EAAOu1B,EAAU1sB,EAASksB,EAChD,CAAC,MAAOpJ,GAIP,GAAmB,aAAf3rB,EAAMzC,OAAqC,cAAbouB,EAAIpuB,MAAqC,mBAAbouB,EAAIpuB,MAChE,MAAMouB,EAERvf,EAAKyE,gBAAgB,oCAAsC8a,EAAI9iB,QACzE,CACQ,MACF,IAAK,OACH,OAoLRjR,eAAwBoI,EAAOu1B,EAAU1sB,EAASC,GAEhD,MAAMu+B,EAAaj7B,EAAKG,YAAY,eAC9B+6B,EAAal7B,EAAK0F,iBAChBhJ,WAAYy+B,GAAkBF,EAAWG,YAAY,CAC3D56B,UAAWy4B,GAAWrlC,EAAMzC,MAC5BuL,WAAYw+B,EAAWzxB,KAAK/M,KAGxB2sB,EAAOnc,GAAWqc,WAAW51B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC1DE,EAAKp9B,MAAMwQ,GACX4sB,EAAK73B,MAEL,MAAMuG,EAAY,IAAIpN,WAAW0+B,EAAKA,KAAK,CAAExvB,IAAKshC,EAAetT,OAAQ,MAAO1qB,KAAM,OAAQk+B,YAAa,gBACrG9kB,EAAM3iB,EAAM0lC,YAElB,MAAO,CACL30B,EAAG5M,EAAU7F,SAAS,EAAGqkB,GACzB1T,EAAG9K,EAAU7F,SAASqkB,EAAKA,GAAO,GAEtC,CAxMeiT,CAAS51B,EAAOu1B,EAAU1sB,EAASC,GAElD,CAEE,MAEM3E,SAFmBiI,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAE5Ck4B,KAAK1C,EAAQjqB,EAAY,CAAE4+B,MAAM,IAC9D,MAAO,CACL32B,EAAGggB,GAAmB5sB,EAAU4M,EAAG,KAAM/Q,EAAM0lC,aAC/Cz2B,EAAG8hB,GAAmB5sB,EAAU8K,EAAG,KAAMjP,EAAM0lC,aAEnD,CAcO9tC,eAAeo+B,GAAO2K,EAAKpL,EAAUpxB,EAAW0E,EAASxH,EAAW0xB,GACzE,MAAM/yB,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAOqB,GAOjC,MAAMsmC,EAAmC/vC,SACzB,IAAdm7B,EAAO,IACL6U,GAAS5nC,EAAOmE,EAAW4uB,EAAOz0B,SAAS,GAAI+C,GAInD,GAAIwH,IAAYuD,EAAK7V,SAASsS,GAC5B,OAAQ7I,EAAMuJ,MACZ,IAAK,MACH,IAEE,MAAMs+B,QA2GhBjwC,eAAyBoI,EAAOu1B,GAAUxkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC3D,MAAM2yB,EAAMoT,GAAepnC,EAAM0lC,YAAaR,GAAUllC,EAAMzC,MAAO8D,GAC/D4E,QAAYuL,GAAUmX,UAC1B,MACAqL,EACA,CACEz2B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,WAGGkB,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAAIrQ,OAEhD,OAAO4S,GAAUwkB,OACf,CACEz4B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,KAE5CtvB,EACA9B,EACA0E,EAEJ,CArIiCotB,CAAUj2B,EAAOu1B,EAAUpxB,EAAW0E,EAASxH,GACtE,OAAOwmC,GAAYF,GACpB,CAAC,MAAOhc,GAIP,GAAmB,aAAf3rB,EAAMzC,OAAqC,cAAbouB,EAAIpuB,MAAqC,mBAAbouB,EAAIpuB,MAChE,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QAC3E,CACQ,MACF,IAAK,OAAQ,CACX,MAAMg/B,QAgJdjwC,eAA0BoI,EAAOu1B,GAAUxkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC5D,MAAMgmC,EAAaj7B,EAAKG,YAAY,eAC9B+6B,EAAal7B,EAAK0F,iBAChBzQ,UAAWymC,GAAiBT,EAAWG,YAAY,CACzD56B,UAAWy4B,GAAWrlC,EAAMzC,MAC5B8D,UAAWimC,EAAWzxB,KAAKxU,KAGvB20B,EAAS1c,GAAW4c,aAAan2B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC9DS,EAAO39B,MAAMwQ,GACbmtB,EAAOp4B,MAEP,MAAMuG,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAE5C,IACE,OAAO+mB,EAAOA,OAAO,CAAE/vB,IAAK6hC,EAAc7T,OAAQ,MAAO1qB,KAAM,OAAQk+B,YAAa,cAAgBtjC,EACrG,CAAC,MAAOwnB,GACP,OAAO,CACX,CACA,CAnK+BwK,CAAWn2B,EAAOu1B,EAAUpxB,EAAW0E,EAASxH,GACvE,OAAOwmC,GAAYF,GAC3B,EAKE,aADuBC,GAAS5nC,EAAOmE,EAAW4uB,EAAQ1xB,IACvCsmC,GACrB,CAiDA/vC,eAAegwC,GAAS5nC,EAAOmE,EAAW4uB,EAAQ1xB,GAGhD,aAFyB+K,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAEvDy4B,OAAO5pB,EAAKpV,iBAAiB,CAACmN,EAAU4M,EAAG5M,EAAU8K,IAAK8jB,EAAQ1xB,EAAW,CAAEqmC,MAAM,GACzG,0EA3CO9vC,eAA8B+oC,EAAKgG,EAAGjuB,GAC3C,MAAM1Y,EAAQ,IAAI6lC,GAAalF,GAE/B,GAAI3gC,EAAMulC,UAAYxlC,EAAMsB,UAAUO,MACpC,OAAO,EAKT,OAAQ5B,EAAMuJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMV,EAAUqoB,GAAe,GACzBqE,EAAWx1B,EAAMkD,KAAKI,OACtB0vB,QAAe9vB,GAAK4W,OAAO0b,EAAU1sB,GAC3C,IACE,MAAM1E,QAAkBsxB,GAAKkL,EAAKpL,EAAU1sB,EAAS89B,EAAGjuB,EAAGqa,GAE3D,aAAaiD,GAAO2K,EAAKpL,EAAUpxB,EAAW0E,EAAS89B,EAAG5T,EAC3D,CAAC,MAAOpH,GACP,OAAO,CACf,CACA,CACI,QACE,OAAO+a,GAAuB3mC,EAAMsB,UAAUO,MAAO++B,EAAKgG,EAAGjuB,GAEnE,qEC9HO9gB,eAAoB+oC,EAAKpL,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GAGxE,GADA+T,GADc,IAAIjB,GAAalF,GACEt/B,GAC7B4B,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkB7a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAQksC,GAAI5+B,SAAoB4jC,GAAUhoC,EAAMsB,UAAUZ,QAAS80B,EAAU1sB,EAASxH,EAAU/C,SAAS,GAAIwK,EAAYiqB,GAEzH,MAAO,CACLhiB,EAAG5M,EAAU7F,SAAS,EAAG,IACzB2Q,EAAG9K,EAAU7F,SAAS,IAE1B,iBAkCO1G,eAA8B+oC,EAAKgG,EAAG93B,GAE3C,GAAI8xB,EAAIE,YAAc9gC,EAAMC,MAAMQ,cAChC,OAAO,EAOT,MAAMa,UAAEA,GAAcs1B,GAAKlB,KAAKV,QAAQsL,SAASxxB,GAC3Cg4B,EAAK,IAAI9vC,WAAW,CAAC,MAASsK,IACpC,OAAO+K,EAAKmE,iBAAiBo2B,EAAGE,EAElC,SAlCOjvC,eAAsB+oC,EAAKpL,GAAUxkB,EAAG9B,EAAEA,GAAK0e,EAAGtsB,EAAW0xB,GAGlE,GADA+T,GADc,IAAIjB,GAAalF,GACEt/B,GAC7B4B,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkB7a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAMksC,EAAK32B,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IACrC,OAAO+4B,GAAYjoC,EAAMsB,UAAUZ,QAAS80B,EAAU,CAAEwN,MAAMpV,EAAGtsB,EAAU/C,SAAS,GAAIy0B,EAC1F,ICrDO,SAAS/iB,GAAOnH,GACrB,MAAM4P,EAAI,EAAK5P,EAAQ3R,OAAS,EAC1B+W,EAAS,IAAIlX,WAAW8R,EAAQ3R,OAASuhB,GAAGsE,KAAKtE,GAEvD,OADAxK,EAAOxW,IAAIoR,GACJoF,CACT,CAOO,SAASmC,GAAOvH,GACrB,MAAM8Z,EAAM9Z,EAAQ3R,OACpB,GAAIyrB,EAAM,EAAG,CACX,MAAMlK,EAAI5P,EAAQ8Z,EAAM,GACxB,GAAIlK,GAAK,EAAG,CACV,MAAMwvB,EAAWp/B,EAAQvK,SAASqkB,EAAMlK,GAClCyvB,EAAW,IAAInxC,WAAW0hB,GAAGsE,KAAKtE,GACxC,GAAIrM,EAAKmE,iBAAiB03B,EAAUC,GAClC,OAAOr/B,EAAQvK,SAAS,EAAGqkB,EAAMlK,EAEzC,CACA,CACE,MAAU5hB,MAAM,kBAClB,yECxBA,MAAM2a,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAexB,SAASw2B,GAAeC,EAAazH,EAAK0H,EAAWC,GACnD,OAAOl8B,EAAKpV,iBAAiB,CAC3B2pC,EAAItoC,QACJ,IAAItB,WAAW,CAACqxC,IAChBC,EAAUhwC,QACV+T,EAAK+C,mBAAmB,wBACxBm5B,GAEJ,CAGA1wC,eAAe2wC,GAAIhT,EAAU+B,EAAGpgC,EAAQsxC,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAItxC,EACJ,GAAIqxC,EAAc,CAEhB,IAAKrxC,EAAI,EAAGA,EAAIkgC,EAAEpgC,QAAmB,IAATogC,EAAElgC,GAAUA,KACxCkgC,EAAIA,EAAEh5B,SAASlH,EACnB,CACE,GAAIsxC,EAAe,CAEjB,IAAKtxC,EAAIkgC,EAAEpgC,OAAS,EAAGE,GAAK,GAAc,IAATkgC,EAAElgC,GAAUA,KAC7CkgC,EAAIA,EAAEh5B,SAAS,EAAGlH,EAAI,EAC1B,CAME,aALqB6L,GAAK4W,OAAO0b,EAAUnpB,EAAKpV,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBugC,EACAkR,MAEYlqC,SAAS,EAAGpH,EAC5B,CAUAU,eAAe+wC,GAAsB3oC,EAAO2mC,GAC1C,OAAQ3mC,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAQg7B,aAAcqE,EAASnE,mBAAEA,SAA6BoE,GAAyC9oC,EAAMsB,UAAUW,OAAQ2kC,EAAEroC,SAAS,IAE1I,MAAO,CAAE+C,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACiJ,EAAM4lC,wBAAyBnB,IACpEmE,YAC1B,CACI,IAAK,MACH,GAAI5oC,EAAMylC,KAAOr5B,EAAKmF,eACpB,IACE,aA8LV3Z,eAAqCoI,EAAO2mC,GAC1C,MAAM3S,EAAMoT,GAAepnC,EAAM0lC,YAAa1lC,EAAMylC,IAAKkB,GACzD,IAAI5R,EAAUvjB,GAAUwjB,YACtB,CACEz3B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,CAAC,YAAa,eAEZqD,EAAYt3B,GAAUmX,UACxB,MACAqL,EACA,CACEz2B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,KAED1Q,EAAS+T,SAAmBtzC,QAAQ4E,IAAI,CAAC26B,EAAS+T,IACnD,IAAI75B,EAAIuC,GAAU0yB,WAChB,CACE3mC,KAAM,OACNyoC,WAAYhmC,EAAMylC,IAClBsD,OAAQD,GAEV/T,EAAQjsB,WACR9I,EAAM2lC,YAEJljB,EAAIjR,GAAUyjB,UAChB,MACAF,EAAQ1zB,YAET4N,EAAGwT,SAAWjtB,QAAQ4E,IAAI,CAAC6U,EAAGwT,IAC/B,MAAMmmB,EAAY,IAAI7xC,WAAWkY,GAC3B5N,EAAY,IAAItK,WAAWkvC,GAAexjB,EAAGziB,EAAM4lC,wBACzD,MAAO,CAAEvkC,YAAWunC,YACtB,CApOuBI,CAAsBhpC,EAAO2mC,EAC3C,CAAC,MAAOhb,GAEP,OADAvf,EAAKyE,gBAAgB8a,GACdsd,GAAqBjpC,EAAO2mC,EAC7C,CAEM,MACF,IAAK,OACH,OAuPN/uC,eAAsCoI,EAAO2mC,GAC3C,MAAMuC,EAAS5vB,GAAW8sB,WAAWpmC,EAAMwlC,MAC3C0D,EAAO7C,eACP,MAAMuC,EAAY,IAAI7xC,WAAWmyC,EAAOC,cAAcxC,IAChDtlC,EAAY,IAAItK,WAAWmyC,EAAOtG,gBACxC,MAAO,CAAEvhC,YAAWunC,YACtB,CA7PaQ,CAAuBppC,EAAO2mC,GACvC,QACE,OAAOsC,GAAqBjpC,EAAO2mC,GAGzC,CAoCA/uC,eAAeyxC,GAAuBrpC,EAAO+mC,EAAGJ,EAAGjuB,GACjD,GAAIA,EAAExhB,SAAW8I,EAAM0lC,YAAa,CAClC,MAAM58B,EAAa,IAAI/R,WAAWiJ,EAAM0lC,aACxC58B,EAAWrR,IAAIihB,EAAG1Y,EAAM0lC,YAAchtB,EAAExhB,QACxCwhB,EAAI5P,CACR,CACE,OAAQ9I,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAMjF,EAAYoU,EAAEzgB,QAAQqoB,UAE5B,MAAO,CAAEhc,YAAWskC,gBADIU,GAA2BvpC,EAAMsB,UAAUW,OAAQ+kC,EAAEzoC,SAAS,GAAIqoC,EAAEroC,SAAS,GAAIgG,GAE/G,CACI,IAAK,MACH,GAAItE,EAAMylC,KAAOr5B,EAAKmF,eACpB,IACE,aA2EV3Z,eAAsCoI,EAAO+mC,EAAGJ,EAAGjuB,GACjD,MAAMowB,EAAY1V,GAAapzB,EAAM0lC,YAAa1lC,EAAMylC,IAAKkB,EAAGjuB,GAChE,IAAI5P,EAAa0I,GAAUmX,UACzB,MACAmgB,EACA,CACEvrC,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,CAAC,YAAa,eAEhB,MAAMzR,EAAMoT,GAAepnC,EAAM0lC,YAAa1lC,EAAMylC,IAAKsB,GACzD,IAAImC,EAAS13B,GAAUmX,UACrB,MACAqL,EACA,CACEz2B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,KAED38B,EAAYogC,SAAgB1zC,QAAQ4E,IAAI,CAAC0O,EAAYogC,IACtD,IAAIhc,EAAI1b,GAAU0yB,WAChB,CACE3mC,KAAM,OACNyoC,WAAYhmC,EAAMylC,IAClBsD,OAAQG,GAEVpgC,EACA9I,EAAM2lC,YAEJ4D,EAAS/3B,GAAUyjB,UACrB,MACAnsB,IAEDokB,EAAGqc,SAAgB/zC,QAAQ4E,IAAI,CAAC8yB,EAAGqc,IACpC,MAAMX,EAAY,IAAI7xC,WAAWm2B,GAEjC,MAAO,CAAE5oB,UADSoQ,EAAgB60B,EAAO7wB,GACrBkwB,YACtB,CApHuBY,CAAuBxpC,EAAO+mC,EAAGJ,EAAGjuB,EAClD,CAAC,MAAOiT,GAEP,OADAvf,EAAKyE,gBAAgB8a,GACd8d,GAAsBzpC,EAAO+mC,EAAGruB,EACjD,CAEM,MACF,IAAK,OACH,OAuKN9gB,eAAuCoI,EAAO+mC,EAAGruB,GAC/C,MAAMowB,EAAYxvB,GAAW8sB,WAAWpmC,EAAMwlC,MAC9CsD,EAAUY,cAAchxB,GACxB,MAAMkwB,EAAY,IAAI7xC,WAAW+xC,EAAUK,cAAcpC,IAEzD,MAAO,CAAEziC,UADS,IAAIvN,WAAW+xC,EAAUxC,iBACvBsC,YACtB,CA7Kae,CAAwB3pC,EAAO+mC,EAAGruB,GAC3C,QACE,OAAO+wB,GAAsBzpC,EAAO+mC,EAAGruB,GAE7C,CAmCA9gB,eAAe6xC,GAAsBzpC,EAAO+mC,EAAGruB,GAK7C,MAAO,CAAEpU,UAAWoU,EAAGkwB,iBAJEx8B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAE9BmnC,gBAAgBhsB,EAAGquB,GACpBzoC,SAAS,GAEpD,CAEA1G,eAAeqxC,GAAqBjpC,EAAO2mC,GACzC,MAAMM,QAAmB76B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAChE8D,UAAW0lC,EAAGj+B,WAAYoG,SAAYlP,EAAM+lC,aAKpD,MAAO,CAAE1kC,UAAW0lC,EAAG6B,UAFQ3B,EAAWvC,gBAAgBx1B,EAAGy3B,GACpBroC,SAAS,GAEpD,2DApCO1G,eAAuB+oC,EAAK0H,EAAWtB,EAAG6C,EAAGjD,EAAGjuB,EAAG4vB,GACxD,MAAMtoC,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAO2mC,GACjCG,GAA0B9mC,EAAO+mC,GACjC,MAAM6B,UAAEA,SAAoBS,GAAuBrpC,EAAO+mC,EAAGJ,EAAGjuB,GAC1D8vB,EAAQL,GAAepoC,EAAMsB,UAAUM,KAAMg/B,EAAK0H,EAAWC,IAC7DhwB,QAAEA,GAAYD,GAAgBgwB,EAAUnwB,QAC9C,IAAIyT,EACJ,IAAK,IAAIv0B,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAEE,MAAMmhC,QAAUgQ,GAAIF,EAAUplC,KAAM2lC,EAAWtwB,EAASkwB,EAAa,IAANpxC,EAAe,IAANA,GACxE,OAAOyyC,SAAmB9E,GAAasD,EAAUnwB,OAAQqgB,EAAGqR,GAC7D,CAAC,MAAOpwC,GACPmyB,EAAMnyB,CACZ,CAEE,MAAMmyB,CACR,UAnFO/zB,eAAuB+oC,EAAK0H,EAAWlsC,EAAMwqC,EAAG2B,GACrD,MAAM3a,EAAImc,GAAa3tC,GAEjB6D,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAO2mC,GACjC,MAAMtlC,UAAEA,EAASunC,UAAEA,SAAoBD,GAAsB3oC,EAAO2mC,GAC9D6B,EAAQL,GAAepoC,EAAMsB,UAAUM,KAAMg/B,EAAK0H,EAAWC,IAC7DhwB,QAAEA,GAAYD,GAAgBgwB,EAAUnwB,QACxCqgB,QAAUgQ,GAAIF,EAAUplC,KAAM2lC,EAAWtwB,EAASkwB,GAExD,MAAO,CAAEnnC,YAAWwjC,iBADKI,GAAWoD,EAAUnwB,OAAQqgB,EAAG5K,GAE3D,iBA9FO/1B,eAA8B+oC,EAAKgG,EAAGjuB,GAC3C,OAAOguB,GAAuB3mC,EAAMsB,UAAUM,KAAMg/B,EAAKgG,EAAGjuB,EAC9D,6HJ8JA9gB,eAAwBgV,GACtB,MAAM5M,EAAQ,IAAI6lC,GAAaj5B,IACzB+zB,IAAEA,EAAG19B,KAAEA,EAAIiV,OAAEA,GAAWlY,EACxB+0B,QAAgB/0B,EAAM+lC,aAC5B,MAAO,CACLpF,MACAgG,EAAG5R,EAAQ1zB,UACXkoC,OAAQn9B,EAAK4B,QAAQ+mB,EAAQjsB,WAAY9I,EAAM0lC,aAC/CziC,OACAiV,SAEJ,uBAOA,SAA8ByoB,GAC5B,OAAO2E,GAAO3E,EAAIE,WAAW59B,IAC/B,IK/LA,MAAMosB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,0DAaZ3kB,eAAoB29B,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,GACpD,MAAMue,EAAM9S,OAAO,GAMnB,IAAI1N,EACAkC,EACA9B,EACA+B,EARJyR,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBpW,EAAIye,GAAmBze,GAMvBoW,EAAIsI,GAAItI,EAAGzE,GACX3R,EAAI0e,GAAI1e,EAAGmI,GAMX,MAAM4N,EAAI2I,GAAID,GAAmBwD,EAAOz0B,SAAS,EAAGsB,GAAWqZ,KAAMA,GAMrE,OAAa,CAIX,GAFApK,EAAIuiB,GAAoB9B,GAAKrW,GAC7BlI,EAAIye,GAAIE,GAAOxI,EAAGrY,EAAG4T,GAAIxJ,GACrBlI,IAAMse,EACR,SAEF,MAAM0a,EAAKva,GAAI1e,EAAIC,EAAGkI,GAGtB,GAFAjI,EAAIwe,GAAI3I,EAAIkjB,EAAI9wB,GAChBhK,EAAIugB,GAAIM,GAAOjhB,EAAGoK,GAAKjI,EAAGiI,GACtBhK,IAAMogB,EAGV,KACJ,CACE,MAAO,CACLte,EAAGggB,GAAmBhgB,EAAG,KAAMnR,GAAW6iB,IAC1CxT,EAAG8hB,GAAmB9hB,EAAG,KAAMrP,GAAW6iB,IAE9C,iBAwDO7qB,eAA8B6qB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,GAM/C,GALA2R,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAMT,GAAI+M,GAAI/M,EAAI6M,GAAKrW,KAAOoW,GACtB,OAAO,EAOT,GAAIK,GAAOxI,EAAGjO,EAAGwJ,KAAO6M,GACtB,OAAO,EAMT,MAAM0a,EAAQztB,OAAOqU,GAAU3X,IAE/B,GAAI+wB,EADUztB,OAAO,OACCkV,GAAgBxY,EAAG,KAAM,IAC7C,OAAO,EASTnI,EAAIye,GAAmBze,GACvB,MAAMglB,EAAMvZ,OAAO,GAGnB,OAAI2T,IAAMR,GAAOxI,EADLjO,EADFmY,GAAoB0E,GAAQkU,EAAQ1a,GAAMwG,GAAOkU,GACvCl5B,EACK2R,EAK3B,SA1FO7qB,eAAsB29B,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,GAS5D,GARAnf,EAAIwe,GAAmBxe,GACvB9B,EAAIsgB,GAAmBtgB,GAEvBwT,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBnf,GAAKse,IAAOte,GAAKkI,GACjBhK,GAAKogB,IAAOpgB,GAAKgK,EAEnB,OADA7M,EAAKuE,WAAW,0BACT,EAET,MAAMkW,EAAI2I,GAAID,GAAmBwD,EAAOz0B,SAAS,EAAGsB,GAAWqZ,KAAMA,GAC/DuF,EAAIsR,GAAO7gB,EAAGgK,GACpB,GAAIuF,IAAM6Q,GAER,OADAjjB,EAAKuE,WAAW,0BACT,EAGTuW,EAAIsI,GAAItI,EAAGzE,GACXyN,EAAIV,GAAIU,EAAGzN,GACX,MAAMwnB,EAAKza,GAAI3I,EAAIrI,EAAGvF,GAChBixB,EAAK1a,GAAIze,EAAIyN,EAAGvF,GAItB,OADUuW,GAAIA,GAFHE,GAAOxI,EAAG+iB,EAAIxnB,GACdiN,GAAOQ,EAAGga,EAAIznB,GACEA,GAAIxJ,KAClBlI,CACf,IC3He1P,GAAA,CAEb8oC,IAAKA,GAEL1oC,QAASA,GAET2oC,SAAUA,GAEV1oC,IAAKA,2ECGA,SAA8BqW,EAAM5T,GACzC,IAAIxM,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyN,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAG1C,OAHkDA,GAAQsX,EAAE/X,OAAS,EAG9D,CAAES,OAAM0yC,gBAAiB,CAAEp7B,KACxC,CAII,KAAKlP,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,CAGE,MAAMmP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAM0yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAII,KAAKlP,EAAMsB,UAAUQ,YAAa,CAIhC,MAAMkP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAM0yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAKI,KAAKlP,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMooC,EAAS,EAAIjpC,GAAU+oC,SAASG,MAAM9H,eAAe1qB,GACrDgrB,EAAK32B,EAAK2B,kBAAkB5J,EAAWxM,EAAMA,EAAO2yC,GAC1D,OADmE3yC,GAAQorC,EAAG7rC,OACvE,CAAES,OAAM0yC,gBAAiB,CAAEtH,MACxC,CAEI,QACE,MAAM,IAAIb,GAAiB,gCAEjC,OAuEOtqC,eAAoBmgB,EAAMwd,EAAUiV,EAAiBC,EAAkBtuC,EAAM42B,GAClF,IAAKyX,IAAoBC,EACvB,MAAU5zC,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMgxC,GACX9xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQoX,EAEvB,MAAO,CAAEx7B,QADO5N,GAAU8oC,IAAI1U,KAAKF,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAE3E,CACI,KAAKhzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMwlB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,GAAMuxB,GACd15B,EAAEA,GAAM25B,EACd,OAAOppC,GAAUK,IAAI+zB,KAAKF,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,EAC3D,CACI,KAAK/Q,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,gEAClB,KAAKkJ,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACb9xB,EAAEA,GAAM+xB,EACd,OAAOppC,GAAU+oC,SAASxoC,MAAM6zB,KAAKkL,EAAKpL,EAAUp5B,EAAMwqC,EAAGjuB,EAAGqa,EACtE,CACI,KAAKhzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACblK,KAAEA,GAASmK,EACjB,OAAOppC,GAAU+oC,SAASvoC,YAAY4zB,KAAKkL,EAAKpL,EAAUp5B,EAAMwqC,EAAGrG,EAAMvN,EAC/E,CACI,KAAKhzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMkS,GACRlK,KAAEA,GAASmK,EACjB,OAAOppC,GAAU+oC,SAASG,MAAM9U,KAAK1d,EAAMwd,EAAUp5B,EAAMm8B,EAAGgI,EAAMvN,EAC1E,CACI,QACE,MAAUl8B,MAAM,gCAEtB,SA9FOe,eAAsBmgB,EAAMwd,EAAUpxB,EAAWumC,EAAcvuC,EAAM42B,GAC1E,OAAQhb,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMkxC,EACXz7B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAGhC,EAAE/V,QACtC,OAAOmK,GAAU8oC,IAAInU,OAAOT,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,EAAGu5B,EAC3D,CACI,KAAKhzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMwlB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,EAACiX,EAAEA,GAAMwa,GACjB35B,EAAEA,EAAC9B,EAAEA,GAAM9K,EACjB,OAAO9C,GAAUK,IAAIs0B,OAAOT,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,EACnE,CACI,KAAKnwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAItpC,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAErD30B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAG45B,GAC9B17B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAG07B,GACpC,OAAOtpC,GAAU+oC,SAASxoC,MAAMo0B,OAAO2K,EAAKpL,EAAU,CAAExkB,IAAG9B,KAAK9S,EAAMwqC,EAAG5T,EAC/E,CACI,KAAKhzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAItpC,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAGrD30B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAG45B,GAC9B17B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAG07B,GACpC,OAAOtpC,GAAU+oC,SAASvoC,YAAYm0B,OAAO2K,EAAKpL,EAAU,CAAExkB,IAAG9B,KAAK9S,EAAMwqC,EAAG5T,EACrF,CACI,KAAKhzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMoS,EACd,OAAOrpC,GAAU+oC,SAASG,MAAMvU,OAAOje,EAAMwd,EAAUpxB,EAAWhI,EAAMm8B,EAAGvF,EACjF,CACI,QACE,MAAUl8B,MAAM,gCAEtB,ICrGA,MAAM+zC,GACJ,WAAA11C,CAAYiH,GACNA,IACF7G,KAAK6G,KAAOA,EAElB,CASE,IAAAxE,CAAK8H,GACH,GAAIA,EAAMvI,QAAU,EAAG,CACrB,MAAMA,EAASuI,EAAM,GACrB,GAAIA,EAAMvI,QAAU,EAAIA,EAEtB,OADA5B,KAAK6G,KAAOsD,EAAMnB,SAAS,EAAG,EAAIpH,GAC3B,EAAI5B,KAAK6G,KAAKjF,MAE7B,CACI,MAAUL,MAAM,wBACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK6G,KAAKjF,SAAU5B,KAAK6G,MAC3E,ECzBA,MAAM0uC,GAKJ,WAAA31C,CAAYiH,GACV,GAAIA,EAAM,CACR,MAAM8G,KAAEA,EAAIiV,OAAEA,GAAW/b,EACzB7G,KAAK2N,KAAOA,EACZ3N,KAAK4iB,OAASA,CACpB,MACM5iB,KAAK2N,KAAO,KACZ3N,KAAK4iB,OAAS,IAEpB,CAOE,IAAAvgB,CAAK9B,GACH,GAAIA,EAAMqB,OAAS,GAAkB,IAAbrB,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIqsC,GAAiB,yBAI7B,OAFA5sC,KAAK2N,KAAOpN,EAAM,GAClBP,KAAK4iB,OAASriB,EAAM,GACb,CACX,CAME,KAAAwC,GACE,OAAO,IAAItB,WAAW,CAAC,EAAG,EAAGzB,KAAK2N,KAAM3N,KAAK4iB,QACjD,ECzDA,MAAM4yB,GACJ,iBAAOC,EAAWlG,WAAEA,EAAUmG,UAAEA,IAC9B,MAAMhwB,EAAW,IAAI8vB,GAGrB,OAFA9vB,EAAS6pB,WAAaA,EACtB7pB,EAASgwB,UAAYA,EACdhwB,CACX,CAQE,IAAArjB,CAAK8H,GACH,IAAI9H,EAAO,EACPszC,EAAexrC,EAAM9H,KACzBrC,KAAK01C,UAAYC,EAAe,EAAIxrC,EAAM9H,KAAU,KACpDszC,GAAgBA,EAAe,EAC/B31C,KAAKuvC,WAAaz4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOszC,GAAetzC,GAAQszC,CACxF,CAME,KAAA5yC,GACE,OAAO+T,EAAKpV,iBAAiB,CAC3B1B,KAAK01C,UACH,IAAIj0C,WAAW,CAACzB,KAAKuvC,WAAW3tC,OAAS,EAAG5B,KAAK01C,YACjD,IAAIj0C,WAAW,CAACzB,KAAKuvC,WAAW3tC,SAClC5B,KAAKuvC,YAEX,ECwbA,SAASqG,GAAoBvK,GAC3B,IACEA,EAAIE,SACL,CAAC,MAAOrnC,GACP,MAAM,IAAI0oC,GAAiB,oBAC/B,CACA,CAOO,SAASiJ,GAAoBpzB,EAAM4oB,GACxC,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUQ,YACnB,OAAO,IAAIR,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAClD,KAAK3lC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAM9H,eAAe1qB,GACjD,KAAKhY,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU+oC,SAASgB,MAAM3I,eAAe1qB,GACjD,QACE,MAAUlhB,MAAM,yBAEtB,kEAhLO,SAAwBkhB,EAAMzG,EAAMqvB,GACzC,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACnB,OAAOH,GAAU8oC,IAAI5H,SAASjxB,EAAM,OAAOnZ,MAAK,EAAG8U,IAAGzT,IAAGkf,IAAG+J,IAAGxJ,IAAGoa,QAAS,CACzEgY,cAAe,CAAE3yB,IAAG+J,IAAGxJ,IAAGoa,KAC1BqX,aAAc,CAAEz9B,IAAGzT,SAEvB,KAAKuG,EAAMsB,UAAUO,MACnB,OAAOP,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE3yB,EAAG6wB,GACpBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK5mC,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE/K,KAAMiJ,GACvBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK5mC,EAAMsB,UAAUM,KACnB,OAAON,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,SAAQtmC,OAAMiV,aAAc,CAClFmzB,cAAe,CAAE3yB,EAAG6wB,GACpBmB,aAAc,CACZ/J,IAAK,IAAID,GAAIC,GACbgG,IACA0B,UAAW,IAAIwC,GAAU,CAAE5nC,OAAMiV,gBAGvC,KAAKnY,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAMhI,SAASxqB,GAAM5f,MAAK,EAAGmgC,IAAGgI,WAAY,CACpE+K,cAAe,CAAE/K,QACjBoK,aAAc,CAAEpS,SAEpB,KAAKv4B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU+oC,SAASgB,MAAM7I,SAASxqB,GAAM5f,MAAK,EAAGmgC,IAAGzpB,QAAS,CACjEw8B,cAAe,CAAEx8B,KACjB67B,aAAc,CAAEpS,SAEpB,KAAKv4B,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,qBAiFO,SAA4BkhB,GACjC,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOmZ,GAAe5Y,EACxB,cAQO,SAAqBP,GAC1B,MAAMsS,EAAWtqB,EAAMpI,KAAKoI,EAAM6D,KAAMmU,GACxC,OAAO+Q,GAAKuB,EACd,sEA0CO,SAAmCtS,EAAM4oB,GAC9C,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU+oC,SAASvH,qBAAqBlC,GACjD,KAAK5gC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAM1H,qBAAqB9qB,GACvD,QACE,MAAUlhB,MAAM,iCAEtB,kBAhFOe,eAA+BmgB,GACpC,MAAMQ,UAAEA,GAAcF,GAAgBN,GAChCuzB,QAAqBpa,GAAe3Y,GACpCgzB,EAAS,IAAIx0C,WAAW,CAACu0C,EAAaA,EAAap0C,OAAS,GAAIo0C,EAAaA,EAAap0C,OAAS,KACzG,OAAOkV,EAAKtS,OAAO,CAACwxC,EAAcC,GACpC,2BAjMO,SAAkCxzB,EAAMtY,GAC7C,IAAI9H,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAEnB,MAAO,CAAEmX,EADCrM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,KAOxC,KAAKoI,EAAMsB,UAAUI,QAAS,CAC5B,MAAM80B,EAAKnqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ4+B,EAAGr/B,OAAS,EAEnE,MAAO,CAAEq/B,KAAIC,GADFpqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAE7C,CAII,KAAKoI,EAAMsB,UAAUM,KAAM,CACzB,MAAMolC,EAAI36B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQovC,EAAE7vC,OAAS,EACjE,MAAM0yC,EAAI,IAAI4B,GACd,OAD4B5B,EAAEjyC,KAAK8H,EAAMnB,SAAS3G,IAC3C,CAAEovC,IAAG6C,IAClB,CAMI,KAAK7pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAM+kC,EAAYmE,GAAoBpzB,GAChC0sB,EAAqBr4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOqvC,GAAYrvC,GAAQ8sC,EAAmBvtC,OAC7G,MAAM0yC,EAAI,IAAIkB,GACd,OADmClB,EAAEjyC,KAAK8H,EAAMnB,SAAS3G,IAClD,CAAE8sC,qBAAoBmF,IACnC,CACI,QACE,MAAM,IAAI1H,GAAiB,4CAEjC,wBAjGO,SAA+BnqB,EAAMtY,EAAOirC,GACjD,IAAI/yC,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMkX,EAAItM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ+gB,EAAExhB,OAAS,EACjE,MAAMurB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAM+hB,EAAI7M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQshB,EAAE/hB,OAAS,EACjE,MAAMm8B,EAAIjnB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ07B,EAAEn8B,OAAS,EAC1D,CAAES,OAAM0zC,cAAe,CAAE3yB,IAAG+J,IAAGxJ,IAAGoa,KAC/C,CACI,KAAKtzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QAAS,CAC5B,MAAMqP,EAAI1E,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQmZ,EAAE5Z,OAAS,EAC1D,CAAES,OAAM0zC,cAAe,CAAEv6B,KACtC,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAM+jC,EAAcyF,GAAoBpzB,EAAM2yB,EAAa/J,KAC3D,IAAIjoB,EAAItM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQ+gB,EAAExhB,OAAS,EAC/DwhB,EAAItM,EAAK4B,QAAQ0K,EAAGgtB,GACb,CAAE/tC,OAAM0zC,cAAe,CAAE3yB,KACtC,CACI,KAAK3Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM6jC,EAAcyF,GAAoBpzB,EAAM2yB,EAAa/J,KAC3D,GAAI+J,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMQ,cAC7C,MAAU3J,MAAM,kCAElB,IAAIypC,EAAOl0B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEvC,OAF+CA,GAAQ2oC,EAAKppC,OAAS,EACrEopC,EAAOl0B,EAAK4B,QAAQsyB,EAAMoF,GACnB,CAAE/tC,OAAM0zC,cAAe,CAAE/K,QACtC,CACI,KAAKvgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMwjC,EAAcyF,GAAoBpzB,GAClCuoB,EAAOl0B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO+tC,GACxD,OADsE/tC,GAAQ2oC,EAAKppC,OAC5E,CAAES,OAAM0zC,cAAe,CAAE/K,QACtC,CACI,KAAKvgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMyjC,EAAcyF,GAAoBpzB,GAClClJ,EAAIzC,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO+tC,GACrD,OADmE/tC,GAAQkX,EAAE3X,OACtE,CAAES,OAAM0zC,cAAe,CAAEx8B,KACtC,CACI,QACE,MAAM,IAAIqzB,GAAiB,4CAEjC,uBAjHO,SAA8BnqB,EAAMtY,GACzC,IAAI9H,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAIb,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQsV,EAAE/V,OAAS,EACjE,MAAMsC,EAAI4S,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6B,EAAEtC,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEz9B,IAAGzT,KACxC,CACI,KAAKuG,EAAMsB,UAAUK,IAAK,CACxB,MAAM+gB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAM+hB,EAAI7M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQshB,EAAE/hB,OAAS,EACjE,MAAMgwB,EAAI9a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQuvB,EAAEhwB,OAAS,EACjE,MAAMg5B,EAAI9jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQu4B,EAAEh5B,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEjoB,IAAGxJ,IAAGiO,IAAGgJ,KAC9C,CACI,KAAKnwB,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAMgwB,EAAI9a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQuvB,EAAEhwB,OAAS,EACjE,MAAMg5B,EAAI9jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQu4B,EAAEh5B,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEjoB,IAAGyE,IAAGgJ,KAC3C,CACI,KAAKnwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,EAAM,IAAID,GAAO/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GACpB,MAAMgG,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQgvC,EAAEzvC,OAAS,EAC1D,CAAES,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK5mC,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,EAAM,IAAID,GAEhB,GAFuB/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GAChBA,EAAIE,YAAc9gC,EAAMC,MAAMQ,cAChC,MAAU3J,MAAM,kCAElB,IAAI8vC,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQgvC,EAAEzvC,OAAS,EAC/DyvC,EAAIv6B,EAAK4B,QAAQ24B,EAAG,IACb,CAAEhvC,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK5mC,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,EAAM,IAAID,GAAO/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GACpB,MAAMgG,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQgvC,EAAEzvC,OAAS,EACjE,MAAMmxC,EAAY,IAAIwC,GACtB,OADmClzC,GAAQ0wC,EAAU1wC,KAAK8H,EAAMnB,SAAS3G,IAClE,CAAEA,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,IAAG0B,aACnD,CACI,KAAKtoC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACrB,KAAKnC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAIlsB,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOwzC,GAAoBpzB,IACzE,OADiFpgB,GAAQ2gC,EAAEphC,OACpF,CAAES,OAAM+yC,aAAc,CAAEpS,KACrC,CACI,QACE,MAAM,IAAI4J,GAAiB,4CAEjC,mBApGOtqC,eAAgCmgB,EAAMyyB,EAAiBC,EAAkBgB,EAAkBnD,EAAa7V,GAC7G,OAAQ1a,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WAAY,CAC/B,MAAMkX,EAAEA,GAAMgzB,GACRx+B,EAAEA,EAACzT,EAAEA,GAAMgxC,GACX9xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQoX,EACvB,OAAOppC,GAAU8oC,IAAIxmB,QAAQlL,EAAGxL,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EACxD,CACI,KAAK1yB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM80B,GAAEA,EAAEC,GAAEA,GAAOiV,EACbhpB,EAAI+nB,EAAgB/nB,EACpB3R,EAAI25B,EAAiB35B,EAC3B,OAAOzP,GAAUI,QAAQkiB,QAAQ4S,EAAIC,EAAI/T,EAAG3R,EAAG2hB,EACrD,CACI,KAAK1yB,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcmC,GACxB9xB,EAAEA,GAAM+xB,GACR1D,EAAEA,EAAC6C,EAAEA,GAAM6B,EACjB,OAAOpqC,GAAU+oC,SAASzoC,KAAKgiB,QAC7Bgd,EAAK0H,EAAWtB,EAAG6C,EAAEztC,KAAMwqC,EAAGjuB,EAAG4vB,EACzC,CACI,KAAKvoC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAEA,GAAMkS,GACR37B,EAAEA,GAAM47B,GACRhG,mBAAEA,EAAkBmF,EAAEA,GAAM6B,EAClC,GAAoB,OAAhB7B,EAAEoB,YAAuB5+B,EAAK0H,MAAM81B,EAAEoB,WACxC,MAAUn0C,MAAM,4BAElB,OAAOwK,GAAU+oC,SAASgB,MAAMznB,QAC9B5L,EAAM0sB,EAAoBmF,EAAE/E,WAAYvM,EAAGzpB,EACnD,CACI,QACE,MAAUhY,MAAM,4CAEtB,mBArFOe,eAAgC8zC,EAASC,EAAejB,EAAcvuC,EAAMmsC,GACjF,OAAQoD,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAAgB,CACnC,MAAM2L,EAAEA,EAACzT,EAAEA,GAAMkxC,EAEjB,MAAO,CAAEjyB,QADOpX,GAAU8oC,IAAI9mB,QAAQlnB,EAAM8Q,EAAGzT,GAErD,CACI,KAAKuG,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,EACpB,OAAOrpC,GAAUI,QAAQ4hB,QAAQlnB,EAAMsmB,EAAGyE,EAAGgJ,EACnD,CACI,KAAKnwB,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcqC,GACtBrpC,UAAW0lC,EAAGlC,WAAY+E,SAAYvoC,GAAU+oC,SAASzoC,KAAK0hB,QACpEsd,EAAK0H,EAAWlsC,EAAMwqC,EAAG2B,GAC3B,MAAO,CAAEvB,IAAG6C,EAAG,IAAI4B,GAAW5B,GACpC,CACI,KAAK7pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,GAAI0pC,IAAkBv/B,EAAK0H,MAAM63B,GAE/B,MAAU90C,MAAM,0DAElB,MAAMyhC,EAAEA,GAAMoS,GACRjG,mBAAEA,EAAkBI,WAAEA,SAAqBxjC,GAAU+oC,SAASgB,MAAM/nB,QACxEqoB,EAASvvC,EAAMm8B,GAEjB,MAAO,CAAEmM,qBAAoBmF,EADnBkB,GAAkBC,WAAW,CAAEC,UAAWW,EAAe9G,eAEzE,CACI,QACE,MAAO,GAEb,kBAsOO,SAAyB9sB,EAAMkE,GAEpC,MAAM2vB,EAAgC,IAAI3gC,IAAI,CAC5ClL,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUW,OAChBjC,EAAMsB,UAAUa,MAChBnC,EAAMsB,UAAUY,OAEZ4pC,EAAgBz2C,OAAO02C,KAAK7vB,GAAQhiB,KAAIsD,IAC5C,MAAMirC,EAAQvsB,EAAO1e,GACrB,OAAK6O,EAAKtV,aAAa0xC,GAChBoD,EAA8BtyC,IAAIye,GAAQywB,EAAQp8B,EAAK+B,gBAAgBq6B,GADxCA,EAAMnwC,OACwC,IAEtF,OAAO+T,EAAKpV,iBAAiB60C,EAC/B,iBAkEOj0C,eAA8BmgB,EAAM2yB,EAAcW,GACvD,IAAKX,IAAiBW,EACpB,MAAUx0C,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMkxC,GACXhyB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,EAAEA,GAAMgY,EACvB,OAAOhqC,GAAU8oC,IAAI4B,eAAe9+B,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EACzD,CACI,KAAKtzB,EAAMsB,UAAUK,IAAK,CACxB,MAAM+gB,EAAEA,EAACxJ,EAAEA,EAACiO,EAAEA,EAACgJ,EAAEA,GAAMwa,GACjB55B,EAAEA,GAAMu6B,EACd,OAAOhqC,GAAUK,IAAIqqC,eAAetpB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,EACtD,CACI,KAAK/Q,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,GACd55B,EAAEA,GAAMu6B,EACd,OAAOhqC,GAAUI,QAAQsqC,eAAetpB,EAAGyE,EAAGgJ,EAAGpf,EACvD,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMqqC,EAAa3qC,GAAU+oC,SAASrqC,EAAMpI,KAAKoI,EAAMsB,UAAW0W,KAC5D4oB,IAAEA,EAAGgG,EAAEA,GAAM+D,GACbhyB,EAAEA,GAAM2yB,EACd,OAAOW,EAAWD,eAAepL,EAAKgG,EAAGjuB,EAC/C,CACI,KAAK3Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8kC,EAAEA,EAAChG,IAAEA,GAAQ+J,GACbpK,KAAEA,GAAS+K,EACjB,OAAOhqC,GAAU+oC,SAASvoC,YAAYkqC,eAAepL,EAAKgG,EAAGrG,EACnE,CACI,KAAKvgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMoS,GACRpK,KAAEA,GAAS+K,EACjB,OAAOhqC,GAAU+oC,SAASG,MAAMwB,eAAeh0B,EAAMugB,EAAGgI,EAC9D,CACI,KAAKvgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAEA,GAAMoS,GACR77B,EAAEA,GAAMw8B,EACd,OAAOhqC,GAAU+oC,SAASgB,MAAMW,eAAeh0B,EAAMugB,EAAGzpB,EAC9D,CACI,QACE,MAAUhY,MAAM,iCAEtB,ICjaA,MAAM24B,GAAM,CAEVtX,OAAQA,GAERjV,KAAMA,GAEN6lB,KAAMA,GAENznB,UAAWA,GAEX8C,UAAWA,GAEX8nC,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGTh3C,OAAO8mB,OAAOsT,GAAK/d,ICnCZ,MAAM46B,WAA+Bx1C,MAC1C,WAAA3B,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM+2C,IAGhC/2C,KAAKiI,KAAO,wBAChB,EAIA,IAAI+uC,GACAC,GAIJ,MAAMC,GAIJ,WAAAt3C,CAAYsU,EAASqD,GACnB,MAAMxC,OAAEA,EAAMC,YAAEA,EAAWC,eAAEA,GAAmBf,EAAOY,gBAEvD9U,KAAKiU,KAAO,SAKZjU,KAAKyuC,KAAO,KAKZzuC,KAAK0b,EAAI3G,EAKT/U,KAAKmtB,EAAInY,EAKThV,KAAKm3C,SAAWliC,CACpB,CAEE,YAAAmiC,GACEp3C,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAnDL,GAoDzB,CAOE,IAAAv5B,CAAK8H,GACH,IAAIrI,EAAI,EASR,OAPA9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,IAClCA,GAAK,GAEL9B,KAAK0b,EAAIvR,EAAMrI,KACf9B,KAAKmtB,EAAIhjB,EAAMrI,KACf9B,KAAKm3C,SAAWhtC,EAAMrI,KAEfA,CACX,CAME,KAAAiB,GACE,MAAMmjB,EAAM,CACV,IAAIzkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,QAC5CjU,KAAKyuC,KACL,IAAIhtC,WAAW,CAACzB,KAAK0b,EAAG1b,KAAKmtB,EAAGntB,KAAKm3C,YAGvC,OAAOrgC,EAAKpV,iBAAiBwkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYt0B,GAC3B,MAAMu0B,EAAW,GAAMv3C,KAAKm3C,SAAW,EAEvC,IAIEH,GAAsBA,WAA8B92C,QAAAC,UAAA0C,MAAA,WAAA,OAAA20C,EAAA,KAAoBC,QACxER,GAAgBA,IAAiBD,KAGjC,MAAMnrC,QAAeorC,GAGftpC,EAAO9B,EAAO,CAClB6rC,QA9Ge,GA+GfzjC,KAhHY,EAiHZ0jC,SAJoB7gC,EAAKwD,WAAWg9B,GAKpC7I,KAAMzuC,KAAKyuC,KACXxd,UAAWjO,EACX40B,WAAYL,EACZviC,YAAahV,KAAKmtB,EAClBpY,OAAQ/U,KAAK0b,IASf,OALI67B,EAtGkC,UAwGpCN,GAAgBD,KAChBC,GAAc52C,OAAM,UAEfsN,CACR,CAAC,MAAOzJ,GACP,MAAIA,EAAEqP,UACJrP,EAAEqP,QAAQ2L,SAAS,mCACnBhb,EAAEqP,QAAQ2L,SAAS,0BACnBhb,EAAEqP,QAAQ2L,SAAS,4BACnBhb,EAAEqP,QAAQ2L,SAAS,kBAEb,IAAI63B,GAAuB,iDAE3B7yC,CAEd,CACA,EC9GA,MAAM2zC,GAIJ,WAAAj4C,CAAYgV,EAASV,EAASqD,GAK5BvX,KAAK01C,UAAYjrC,EAAMkD,KAAKI,OAK5B/N,KAAKiU,KAAOxJ,EAAMpI,KAAKoI,EAAMgB,IAAKmJ,GAElC5U,KAAKmjB,EAAIjP,EAAOW,sBAIhB7U,KAAKyuC,KAAO,IAChB,CAEE,YAAA2I,GACE,OAAQp3C,KAAKiU,MACX,IAAK,SACL,IAAK,WACHjU,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAe,GAEjD,CAEE,QAAAkc,GAIE,OAAQ,IAAe,GAAT93C,KAAKmjB,IAFH,GAEiBnjB,KAAKmjB,GAAK,EAC/C,CAOE,IAAA9gB,CAAK8H,GACH,IAAIrI,EAAI,EAGR,OAFA9B,KAAK01C,UAAYvrC,EAAMrI,KAEf9B,KAAKiU,MACX,IAAK,SACH,MAEF,IAAK,SACHjU,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACH9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EAGL9B,KAAKmjB,EAAIhZ,EAAMrI,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDgV,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAI,IAUhD,MAAM,IAAI8qC,GAAiB,qBAT3B9qC,GAAK,EAEL,GAAmB,OADA,IAAOqI,EAAMrI,KAK9B,MAAM,IAAI8qC,GAAiB,oCAH3B5sC,KAAKiU,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI24B,GAAiB,qBAG/B,OAAO9qC,CACX,CAME,KAAAiB,GACE,GAAkB,cAAd/C,KAAKiU,KACP,OAAO,IAAIxS,WAAW,CAAC,IAAK,KAAMqV,EAAK+C,mBAAmB,OAAQ,IAEpE,MAAMqM,EAAM,CAAC,IAAIzkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,MAAOjU,KAAK01C,aAErE,OAAQ11C,KAAKiU,MACX,IAAK,SACH,MACF,IAAK,SACHiS,EAAIpjB,KAAK9C,KAAKyuC,MACd,MACF,IAAK,WACHvoB,EAAIpjB,KAAK9C,KAAKyuC,MACdvoB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKmjB,KAC9B,MACF,IAAK,MACH,MAAU5hB,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOuV,EAAKpV,iBAAiBwkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYS,GAC3BT,EAAaxgC,EAAKwD,WAAWg9B,GAE7B,MAAMpxB,EAAM,GACZ,IAAI8xB,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIG,EACJ,OAAQl4C,KAAKiU,MACX,IAAK,SACHikC,EAASphC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWw2C,GAAYX,IAC3D,MACF,IAAK,SACHY,EAASphC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWw2C,GAAYj4C,KAAKyuC,KAAM6I,IACtE,MACF,IAAK,WAAY,CACf,MAAMzwC,EAAOiQ,EAAKpV,iBAAiB,CAAC1B,KAAKyuC,KAAM6I,IAC/C,IAAIa,EAAUtxC,EAAKjF,OACnB,MAAMm7B,EAAQt0B,KAAKC,IAAI1I,KAAK83C,WAAYK,GACxCD,EAAS,IAAIz2C,WAAWw2C,EAAYlb,GACpCmb,EAAO/1C,IAAI0E,EAAMoxC,GACjB,IAAK,IAAIj2C,EAAMi2C,EAAYE,EAASn2C,EAAM+6B,EAAO/6B,GAAOm2C,EAASA,GAAW,EAC1ED,EAAO36B,WAAWvb,EAAKi2C,EAAWj2C,GAEpC,KACV,CACQ,IAAK,MACH,MAAUT,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMQ,QAAeoa,GAAOxO,KAAK4W,OAAOvkB,KAAK01C,UAAWwC,GACxDhyB,EAAIpjB,KAAKf,GACTi2C,GAAWj2C,EAAOH,OAClBq2C,GACN,CAEI,OAAOnhC,EAAKpV,iBAAiBwkB,GAAKld,SAAS,EAAG+uC,EAClD,EC/LA,MAAMK,GAA+B,IAAIziC,IAAI,CAAClL,EAAMgB,IAAII,OAAQpB,EAAMgB,IAAIG,WASnE,SAASysC,GAAepkC,EAAMC,EAASqD,GAC5C,OAAQtD,GACN,KAAKxJ,EAAMgB,IAAII,OACb,OAAO,IAAIqrC,GAAUhjC,GACvB,KAAKzJ,EAAMgB,IAAIG,SACf,KAAKnB,EAAMgB,IAAIK,IACf,KAAKrB,EAAMgB,IAAIE,OACf,KAAKlB,EAAMgB,IAAIC,OACb,OAAO,IAAImsC,GAAW5jC,EAAMC,GAC9B,QACE,MAAM,IAAI04B,GAAiB,wBAEjC,CAQO,SAAS0L,GAAiBpkC,GAC/B,MAAMU,QAAEA,GAAYV,EAEpB,IAAKkkC,GAA6Bp0C,IAAI4Q,GACpC,MAAUrT,MAAM,sDAGlB,OAAO82C,GAAezjC,EAASV,EACjC,CCbA,IAAI+R,GAAKxkB,WAAY82C,GAAMzrB,YAAa3G,GAAMhG,YAE1Cq4B,GAAO,IAAIvyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAgB,EAAG,EAAoB,IAG1IwyB,GAAO,IAAIxyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAiB,EAAG,IAEjIyyB,GAAO,IAAIzyB,GAAG,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,KAE7E0yB,GAAO,SAAUC,EAAIx0C,GAErB,IADA,IAAIyT,EAAI,IAAI0gC,GAAI,IACPz2C,EAAI,EAAGA,EAAI,KAAMA,EACtB+V,EAAE/V,GAAKsC,GAAS,GAAKw0C,EAAG92C,EAAI,GAGhC,IAAI2Z,EAAI,IAAI0K,GAAItO,EAAE,KAClB,IAAS/V,EAAI,EAAGA,EAAI,KAAMA,EACtB,IAAK,IAAIqY,EAAItC,EAAE/V,GAAIqY,EAAItC,EAAE/V,EAAI,KAAMqY,EAC/BsB,EAAEtB,GAAOA,EAAItC,EAAE/V,IAAO,EAAKA,EAGnC,MAAO,CAAC+V,EAAG4D,EACf,EACIo9B,GAAKF,GAAKH,GAAM,GAAIM,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE/CC,GAAG,IAAM,IAAKC,GAAM,KAAO,GAI3B,IAHA,IAAIC,GAAKL,GAAKF,GAAM,GAAIQ,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE3CG,GAAM,IAAIZ,GAAI,OACTz2C,GAAI,EAAGA,GAAI,QAASA,GAAG,CAE5B,IAAI0Z,IAAU,MAAJ1Z,MAAgB,GAAW,MAAJA,KAAe,EAEhD0Z,IAAU,OADVA,IAAU,MAAJA,MAAgB,GAAW,MAAJA,KAAe,MACtB,GAAW,KAAJA,KAAe,EAC5C29B,GAAIr3C,MAAY,MAAJ0Z,MAAgB,GAAW,IAAJA,KAAe,KAAQ,CAC9D,CAIA,IAAI49B,YAAkBC,EAAIC,EAAI79B,GAO1B,IANA,IAAI9B,EAAI0/B,EAAGz3C,OAEPE,EAAI,EAEJsgC,EAAI,IAAImW,GAAIe,GAETx3C,EAAI6X,IAAK7X,EACRu3C,EAAGv3C,MACDsgC,EAAEiX,EAAGv3C,GAAK,GAGpB,IAIIy3C,EAJAC,EAAK,IAAIjB,GAAIe,GACjB,IAAKx3C,EAAI,EAAGA,EAAIw3C,IAAMx3C,EAClB03C,EAAG13C,GAAM03C,EAAG13C,EAAI,GAAKsgC,EAAEtgC,EAAI,IAAO,EAGtC,GAAI2Z,EAAG,CAEH89B,EAAK,IAAIhB,GAAI,GAAKe,GAElB,IAAIG,EAAM,GAAKH,EACf,IAAKx3C,EAAI,EAAGA,EAAI6X,IAAK7X,EAEjB,GAAIu3C,EAAGv3C,GAQH,IANA,IAAI43C,EAAM53C,GAAK,EAAKu3C,EAAGv3C,GAEnB63C,EAAML,EAAKD,EAAGv3C,GAEd8X,EAAI4/B,EAAGH,EAAGv3C,GAAK,MAAQ63C,EAElBthB,EAAIze,GAAM,GAAK+/B,GAAO,EAAI//B,GAAKye,IAAKze,EAEzC2/B,EAAGJ,GAAIv/B,KAAO6/B,GAAOC,CAIzC,MAGQ,IADAH,EAAK,IAAIhB,GAAI5+B,GACR7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACbu3C,EAAGv3C,KACHy3C,EAAGz3C,GAAKq3C,GAAIK,EAAGH,EAAGv3C,GAAK,QAAW,GAAKu3C,EAAGv3C,IAItD,OAAOy3C,CACV,EAEGK,GAAM,IAAI3zB,GAAG,KACjB,IAASnkB,GAAI,EAAGA,GAAI,MAAOA,GACvB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EAEb,IAAI+3C,GAAM,IAAI5zB,GAAG,IACjB,IAASnkB,GAAI,EAAGA,GAAI,KAAMA,GACtB+3C,GAAI/3C,IAAK,EAEb,IAAIg4C,gBAAoBV,GAAKQ,GAAK,EAAG,GAAIG,gBAAqBX,GAAKQ,GAAK,EAAG,GAEvEI,gBAAoBZ,GAAKS,GAAK,EAAG,GAAII,gBAAqBb,GAAKS,GAAK,EAAG,GAEvEnxC,GAAM,SAAU4V,GAEhB,IADA,IAAI+Z,EAAI/Z,EAAE,GACDxc,EAAI,EAAGA,EAAIwc,EAAE1c,SAAUE,EACxBwc,EAAExc,GAAKu2B,IACPA,EAAI/Z,EAAExc,IAEd,OAAOu2B,CACX,EAEIrc,GAAO,SAAUoH,EAAG+J,EAAGkL,GACvB,IAAIzI,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,KAAY,EAAJzC,GAAUkL,CACnD,EAEI6hB,GAAS,SAAU92B,EAAG+J,GACtB,IAAIyC,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,EAAMxM,EAAEwM,EAAI,IAAM,MAAa,EAAJzC,EAC5D,EAEIgtB,GAAO,SAAUhtB,GAAK,OAASA,EAAI,GAAK,EAAK,CAAI,EAGjDitB,GAAM,SAAUxgC,EAAGD,EAAGzV,IACb,MAALyV,GAAaA,EAAI,KACjBA,EAAI,IACC,MAALzV,GAAaA,EAAI0V,EAAEhY,UACnBsC,EAAI0V,EAAEhY,QAEV,IAAI+V,EAAI,IAA4B,GAAvBiC,EAAEygC,kBAAyB9B,GAA6B,GAAvB3+B,EAAEygC,kBAAyBl0B,GAAMF,IAAI/hB,EAAIyV,GAEvF,OADAhC,EAAExV,IAAIyX,EAAE5Q,SAAS2Q,EAAGzV,IACbyT,CACX,EAsBI2iC,GAAK,CACL,iBACA,qBACA,yBACA,mBACA,kBACA,oBACJ,CACI,cACA,qBACA,uBACA,8BACA,oBACA,mBACA,oBAIAjkB,GAAM,SAAUkkB,EAAKhvB,EAAKivB,GAC1B,IAAIt2C,EAAQ3C,MAAMgqB,GAAO+uB,GAAGC,IAI5B,GAHAr2C,EAAEu2C,KAAOF,EACLh5C,MAAMsrC,mBACNtrC,MAAMsrC,kBAAkB3oC,EAAGmyB,KAC1BmkB,EACD,MAAMt2C,EACV,OAAOA,CACX,EAqLIw2C,GAAQ,SAAUt3B,EAAG+J,EAAGvT,GACxBA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,CACtB,EAEI+gC,GAAU,SAAUv3B,EAAG+J,EAAGvT,GAC1BA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,EAClBwJ,EAAEwM,EAAI,IAAMhW,IAAM,EACtB,EAEIghC,GAAQ,SAAUx3B,EAAGk2B,GAGrB,IADA,IAAI59B,EAAI,GACC5Z,EAAI,EAAGA,EAAIshB,EAAExhB,SAAUE,EACxBshB,EAAEthB,IACF4Z,EAAE5Y,KAAK,CAAE6W,EAAG7X,EAAGmkC,EAAG7iB,EAAEthB,KAE5B,IAAI6X,EAAI+B,EAAE9Z,OACNusB,EAAKzS,EAAE/Y,QACX,IAAKgX,EACD,MAAO,CAACkhC,GAAI,GAChB,GAAS,GAALlhC,EAAQ,CACR,IAAIC,EAAI,IAAIqM,GAAGvK,EAAE,GAAG/B,EAAI,GAExB,OADAC,EAAE8B,EAAE,GAAG/B,GAAK,EACL,CAACC,EAAG,EACnB,CACI8B,EAAEo/B,MAAK,SAAUx8B,EAAGzG,GAAK,OAAOyG,EAAE2nB,EAAIpuB,EAAEouB,KAGxCvqB,EAAE5Y,KAAK,CAAE6W,GAAI,EAAGssB,EAAG,QACnB,IAAI7D,EAAI1mB,EAAE,GAAID,EAAIC,EAAE,GAAIq/B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAO7C,IANAv/B,EAAE,GAAK,CAAE/B,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAMhCu/B,GAAMrhC,EAAI,GACbyoB,EAAI1mB,EAAEA,EAAEq/B,GAAI9U,EAAIvqB,EAAEu/B,GAAIhV,EAAI8U,IAAOE,KACjCx/B,EAAIC,EAAEq/B,GAAMC,GAAMt/B,EAAEq/B,GAAI9U,EAAIvqB,EAAEu/B,GAAIhV,EAAI8U,IAAOE,KAC7Cv/B,EAAEs/B,KAAQ,CAAErhC,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAE9C,IAAIy/B,EAAS/sB,EAAG,GAAGxU,EACnB,IAAS7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACjBqsB,EAAGrsB,GAAG6X,EAAIuhC,IACVA,EAAS/sB,EAAGrsB,GAAG6X,GAGvB,IAAIwhC,EAAK,IAAI5C,GAAI2C,EAAS,GAEtBE,EAAMC,GAAG3/B,EAAEs/B,EAAK,GAAIG,EAAI,GAC5B,GAAIC,EAAM9B,EAAI,CAINx3C,EAAI,EAAR,IAAWw5C,EAAK,EAEZC,EAAMH,EAAM9B,EAAIkC,EAAM,GAAKD,EAE/B,IADAptB,EAAG2sB,MAAK,SAAUx8B,EAAGzG,GAAK,OAAOsjC,EAAGtjC,EAAE8B,GAAKwhC,EAAG78B,EAAE3E,IAAM2E,EAAE2nB,EAAIpuB,EAAEouB,KACvDnkC,EAAI6X,IAAK7X,EAAG,CACf,IAAI25C,EAAOttB,EAAGrsB,GAAG6X,EACjB,KAAIwhC,EAAGM,GAAQnC,GAKX,MAJAgC,GAAME,GAAO,GAAMJ,EAAMD,EAAGM,IAC5BN,EAAGM,GAAQnC,CAI3B,CAEQ,IADAgC,KAAQC,EACDD,EAAK,GAAG,CACX,IAAII,EAAOvtB,EAAGrsB,GAAG6X,EACbwhC,EAAGO,GAAQpC,EACXgC,GAAM,GAAMhC,EAAK6B,EAAGO,KAAU,IAE5B55C,CAClB,CACQ,KAAOA,GAAK,GAAKw5C,IAAMx5C,EAAG,CACtB,IAAI65C,EAAOxtB,EAAGrsB,GAAG6X,EACbwhC,EAAGQ,IAASrC,MACV6B,EAAGQ,KACHL,EAElB,CACQF,EAAM9B,CACd,CACI,MAAO,CAAC,IAAIrzB,GAAGk1B,GAAKC,EACxB,EAEIC,GAAK,SAAU1jC,EAAGyqB,EAAGhf,GACrB,OAAe,GAARzL,EAAEgC,EACHlR,KAAKC,IAAI2yC,GAAG1jC,EAAEyqB,EAAGA,EAAGhf,EAAI,GAAIi4B,GAAG1jC,EAAE8D,EAAG2mB,EAAGhf,EAAI,IAC1Cgf,EAAEzqB,EAAEgC,GAAKyJ,CACpB,EAEIw4B,GAAK,SAAUz4B,GAGf,IAFA,IAAIxJ,EAAIwJ,EAAEvhB,OAEH+X,IAAMwJ,IAAIxJ,KAMjB,IAJA,IAAIkiC,EAAK,IAAItD,KAAM5+B,GAEfmiC,EAAM,EAAGC,EAAM54B,EAAE,GAAI64B,EAAM,EAC3B9yB,EAAI,SAAUtP,GAAKiiC,EAAGC,KAASliC,CAAI,EAC9B9X,EAAI,EAAGA,GAAK6X,IAAK7X,EACtB,GAAIqhB,EAAErhB,IAAMi6C,GAAOj6C,GAAK6X,IAClBqiC,MACD,CACD,IAAKD,GAAOC,EAAM,EAAG,CACjB,KAAOA,EAAM,IAAKA,GAAO,IACrB9yB,EAAE,OACF8yB,EAAM,IACN9yB,EAAE8yB,EAAM,GAAOA,EAAM,IAAO,EAAK,MAAUA,EAAM,GAAM,EAAK,OAC5DA,EAAM,EAE1B,MACiB,GAAIA,EAAM,EAAG,CAEd,IADA9yB,EAAE6yB,KAAQC,EACHA,EAAM,EAAGA,GAAO,EACnB9yB,EAAE,MACF8yB,EAAM,IACN9yB,EAAI8yB,EAAM,GAAM,EAAK,MAAOA,EAAM,EACtD,CACY,KAAOA,KACH9yB,EAAE6yB,GACNC,EAAM,EACND,EAAM54B,EAAErhB,EACpB,CAEI,MAAO,CAAC+5C,EAAG7yC,SAAS,EAAG8yC,GAAMniC,EACjC,EAEIsiC,GAAO,SAAUC,EAAIL,GAErB,IADA,IAAIzZ,EAAI,EACCtgC,EAAI,EAAGA,EAAI+5C,EAAGj6C,SAAUE,EAC7BsgC,GAAK8Z,EAAGp6C,GAAK+5C,EAAG/5C,GACpB,OAAOsgC,CACX,EAGI+Z,GAAQ,SAAUr2B,EAAK9jB,EAAKo6C,GAE5B,IAAIziC,EAAIyiC,EAAIx6C,OACRguB,EAAIuqB,GAAKn4C,EAAM,GACnB8jB,EAAI8J,GAAS,IAAJjW,EACTmM,EAAI8J,EAAI,GAAKjW,IAAM,EACnBmM,EAAI8J,EAAI,GAAc,IAAT9J,EAAI8J,GACjB9J,EAAI8J,EAAI,GAAkB,IAAb9J,EAAI8J,EAAI,GACrB,IAAK,IAAI9tB,EAAI,EAAGA,EAAI6X,IAAK7X,EACrBgkB,EAAI8J,EAAI9tB,EAAI,GAAKs6C,EAAIt6C,GACzB,OAAqB,GAAb8tB,EAAI,EAAIjW,EACpB,EAEI0iC,GAAO,SAAUD,EAAKt2B,EAAKiR,EAAOulB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIwiC,EAAIvvB,GAChEutB,GAAM50B,EAAKqH,IAAK4J,KACdwlB,EAAG,KAML,IALA,IAAI1D,EAAK+B,GAAM2B,EAAI,IAAKI,EAAM9D,EAAG,GAAI+D,EAAM/D,EAAG,GAC1CG,EAAK4B,GAAM4B,EAAI,IAAKK,EAAM7D,EAAG,GAAI8D,EAAM9D,EAAG,GAC1C+D,EAAKnB,GAAGe,GAAMK,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAKtB,GAAGiB,GAAMM,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAS,IAAI9E,GAAI,IACZz2C,EAAI,EAAGA,EAAIk7C,EAAKp7C,SAAUE,EAC/Bu7C,EAAiB,GAAVL,EAAKl7C,MAChB,IAASA,EAAI,EAAGA,EAAIq7C,EAAKv7C,SAAUE,EAC/Bu7C,EAAiB,GAAVF,EAAKr7C,MAGhB,IAFA,IAAIw7C,EAAK1C,GAAMyC,EAAQ,GAAIE,EAAMD,EAAG,GAAIE,EAAOF,EAAG,GAC9CG,EAAO,GACJA,EAAO,IAAMF,EAAI7E,GAAK+E,EAAO,MAAOA,GAE3C,IAKIC,EAAIC,EAAIC,EAAIC,EALZC,EAAQpB,EAAK,GAAM,EACnBqB,EAAQ9B,GAAKM,EAAI3C,IAAOqC,GAAKO,EAAI3C,IAAOjB,EACxCoF,EAAQ/B,GAAKM,EAAII,GAAOV,GAAKO,EAAIK,GAAOjE,EAAK,GAAK,EAAI6E,EAAOxB,GAAKoB,EAAQE,IAAQ,EAAIF,EAAO,IAAM,EAAIA,EAAO,IAAM,EAAIA,EAAO,KACnI,GAAIS,GAAQC,GAASD,GAAQE,EACzB,OAAO7B,GAAMr2B,EAAKqH,EAAGivB,EAAIpzC,SAASkR,EAAIA,EAAKwiC,IAG/C,GADAhC,GAAM50B,EAAKqH,EAAG,GAAK6wB,EAAQD,IAAS5wB,GAAK,EACrC6wB,EAAQD,EAAO,CACfL,EAAKtE,GAAKuD,EAAKC,EAAK,GAAIe,EAAKhB,EAAKiB,EAAKxE,GAAKyD,EAAKC,EAAK,GAAIe,EAAKhB,EAC/D,IAAIoB,EAAM7E,GAAKmE,EAAKC,EAAM,GAC1B9C,GAAM50B,EAAKqH,EAAG8vB,EAAM,KACpBvC,GAAM50B,EAAKqH,EAAI,EAAGiwB,EAAM,GACxB1C,GAAM50B,EAAKqH,EAAI,GAAIswB,EAAO,GAC1BtwB,GAAK,GACL,IAASrrB,EAAI,EAAGA,EAAI27C,IAAQ37C,EACxB44C,GAAM50B,EAAKqH,EAAI,EAAIrrB,EAAGy7C,EAAI7E,GAAK52C,KACnCqrB,GAAK,EAAIswB,EAET,IADA,IAAIS,EAAO,CAAClB,EAAMG,GACTgB,EAAK,EAAGA,EAAK,IAAKA,EACvB,KAAIC,EAAOF,EAAKC,GAChB,IAASr8C,EAAI,EAAGA,EAAIs8C,EAAKx8C,SAAUE,EAAG,CAClC,IAAIurB,EAAgB,GAAV+wB,EAAKt8C,GACf44C,GAAM50B,EAAKqH,EAAG8wB,EAAI5wB,IAAOF,GAAKowB,EAAIlwB,GAC9BA,EAAM,KACNqtB,GAAM50B,EAAKqH,EAAIixB,EAAKt8C,KAAO,EAAK,KAAMqrB,GAAKixB,EAAKt8C,KAAO,GAC3E,CAN+B,CAQ/B,MAEQ47C,EAAK5D,GAAK6D,EAAK/D,GAAKgE,EAAK5D,GAAK6D,EAAKhE,GAEvC,IAAS/3C,EAAI,EAAGA,EAAI26C,IAAM36C,EACtB,GAAIw6C,EAAKx6C,GAAK,IAAK,CACXurB,EAAOivB,EAAKx6C,KAAO,GAAM,GAC7B64C,GAAQ70B,EAAKqH,EAAGuwB,EAAGrwB,EAAM,MAAOF,GAAKwwB,EAAGtwB,EAAM,KAC1CA,EAAM,IACNqtB,GAAM50B,EAAKqH,EAAImvB,EAAKx6C,KAAO,GAAM,IAAKqrB,GAAKqrB,GAAKnrB,IACpD,IAAIkB,EAAgB,GAAV+tB,EAAKx6C,GACf64C,GAAQ70B,EAAKqH,EAAGywB,EAAGrvB,IAAOpB,GAAK0wB,EAAGtvB,GAC9BA,EAAM,IACNosB,GAAQ70B,EAAKqH,EAAImvB,EAAKx6C,KAAO,EAAK,MAAOqrB,GAAKsrB,GAAKlqB,GACnE,MAEYosB,GAAQ70B,EAAKqH,EAAGuwB,EAAGpB,EAAKx6C,KAAMqrB,GAAKwwB,EAAGrB,EAAKx6C,IAInD,OADA64C,GAAQ70B,EAAKqH,EAAGuwB,EAAG,MACZvwB,EAAIwwB,EAAG,IAClB,EAEIU,gBAAoB,IAAIl4B,GAAI,CAAC,MAAO,OAAQ,OAAQ,OAAQ,OAAQ,QAAS,QAAS,QAAS,UAE/F00B,gBAAmB,IAAI50B,GAAG,GAsK1Bq4B,GAAO,SAAUlC,EAAKmC,EAAKC,EAAKC,EAAMC,GACtC,OArKO,SAAUtC,EAAKuC,EAAKC,EAAMJ,EAAKC,EAAMI,GAC5C,IAAIllC,EAAIyiC,EAAIx6C,OACRguB,EAAI,IAAI3J,GAAGu4B,EAAM7kC,EAAI,GAAK,EAAIlR,KAAKyQ,KAAKS,EAAI,MAAS8kC,GAErDv1B,EAAI0G,EAAE5mB,SAASw1C,EAAK5uB,EAAEhuB,OAAS68C,GAC/Bz8C,EAAM,EACV,IAAK28C,GAAOhlC,EAAI,EACZ,IAAK,IAAI7X,EAAI,EAAGA,GAAK6X,EAAG7X,GAAK,MAAO,CAEhC,IAAIoC,EAAIpC,EAAI,MACRoC,GAAKyV,IAELuP,EAAElnB,GAAO,GAAK68C,GAElB78C,EAAMm6C,GAAMjzB,EAAGlnB,EAAM,EAAGo6C,EAAIpzC,SAASlH,EAAGoC,GACpD,KAES,CAeD,IAdA,IAAIq6C,EAAMF,GAAIM,EAAM,GAChBhnC,EAAI4mC,IAAQ,GAAIp7B,EAAU,KAANo7B,EACpBO,GAAS,GAAKF,GAAQ,EAEtB55C,EAAO,IAAIuzC,GAAI,OAAQwG,EAAO,IAAIxG,GAAIuG,EAAQ,GAC9CE,EAAQv2C,KAAKyQ,KAAK0lC,EAAO,GAAIK,EAAQ,EAAID,EACzCE,EAAM,SAAUp9C,GAAK,OAAQs6C,EAAIt6C,GAAMs6C,EAAIt6C,EAAI,IAAMk9C,EAAU5C,EAAIt6C,EAAI,IAAMm9C,GAAUH,CAAQ,EAG/FxC,EAAO,IAAIn2B,GAAI,MAEfo2B,EAAK,IAAIhE,GAAI,KAAMiE,EAAK,IAAIjE,GAAI,IAEhC4G,EAAO,EAAGvG,EAAK,EAAU6D,GAAP36C,EAAI,EAAQ,GAAGs9C,EAAK,EAAGllC,EAAK,EAC3CpY,EAAI6X,IAAK7X,EAAG,CAGf,IAAIu9C,EAAKH,EAAIp9C,GAETw9C,EAAW,MAAJx9C,EAAWy9C,EAAQR,EAAKM,GAKnC,GAJAr6C,EAAKs6C,GAAQC,EACbR,EAAKM,GAAMC,EAGPF,GAAMt9C,EAAG,CAET,IAAI09C,EAAM7lC,EAAI7X,EACd,IAAKq9C,EAAO,KAAQ1C,EAAK,QAAU+C,EAAM,IAAK,CAC1Cx9C,EAAMq6C,GAAKD,EAAKlzB,EAAG,EAAGozB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIpY,EAAIoY,EAAIlY,GACxDy6C,EAAK0C,EAAOvG,EAAK,EAAG1+B,EAAKpY,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,MAAOA,EACvBoiC,EAAGpiC,GAAK,EACZ,IAASA,EAAI,EAAGA,EAAI,KAAMA,EACtBqiC,EAAGriC,GAAK,CAChC,CAEgB,IAAIioB,EAAI,EAAGhf,EAAI,EAAGq8B,EAAOt8B,EAAGu8B,EAAOJ,EAAOC,EAAS,MACnD,GAAIC,EAAM,GAAKH,GAAMH,EAAIp9C,EAAI49C,GAMzB,IALA,IAAIC,EAAOl3C,KAAKsd,IAAIpO,EAAG6nC,GAAO,EAC1BI,EAAOn3C,KAAKsd,IAAI,MAAOjkB,GAGvB+9C,EAAKp3C,KAAKsd,IAAI,IAAKy5B,GAChBE,GAAOE,KAAUH,GAAQH,GAAQC,GAAO,CAC3C,GAAInD,EAAIt6C,EAAIsgC,IAAMga,EAAIt6C,EAAIsgC,EAAIsd,GAAM,CAEhC,IADA,IAAII,EAAK,EACFA,EAAKD,GAAMzD,EAAIt6C,EAAIg+C,IAAO1D,EAAIt6C,EAAIg+C,EAAKJ,KAAQI,GAEtD,GAAIA,EAAK1d,EAAG,CAGR,GAFAA,EAAI0d,EAAI18B,EAAIs8B,EAERI,EAAKH,EACL,MAIJ,IAAII,EAAMt3C,KAAKsd,IAAI25B,EAAKI,EAAK,GACzBE,EAAK,EACT,IAAS7lC,EAAI,EAAGA,EAAI4lC,IAAO5lC,EAAG,CAC1B,IAAI8lC,EAAMn+C,EAAI49C,EAAMvlC,EAAI,MAAS,MAE7Bk/B,EAAM4G,EADAj7C,EAAKi7C,GACM,MAAS,MAC1B5G,EAAK2G,IACLA,EAAK3G,EAAIkG,EAAQU,EACzD,CACA,CACA,CAGwBP,IADAJ,EAAOC,IAAOA,EAAQv6C,EAAKs6C,IACJ,MAAS,KACxD,CAGgB,GAAIl8B,EAAG,CAGHk5B,EAAKG,KAAQ,UAAa1D,GAAM3W,IAAM,GAAM8W,GAAM91B,GAClD,IAAI88B,EAAiB,GAAXnH,GAAM3W,GAAS+d,EAAiB,GAAXjH,GAAM91B,GACrCw1B,GAAMJ,GAAK0H,GAAOzH,GAAK0H,KACrB5D,EAAG,IAAM2D,KACT1D,EAAG2D,GACLf,EAAKt9C,EAAIsgC,IACP+c,CACtB,MAEoB7C,EAAKG,KAAQL,EAAIt6C,KACfy6C,EAAGH,EAAIt6C,GAE7B,CACA,CACQE,EAAMq6C,GAAKD,EAAKlzB,EAAG21B,EAAKvC,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIpY,EAAIoY,EAAIlY,IAErD68C,GAAa,EAAN78C,IACRA,EAAMm6C,GAAMjzB,EAAGlnB,EAAM,EAAG64C,IACpC,CACI,OAAOT,GAAIxqB,EAAG,EAAG4uB,EAAMrE,GAAKn4C,GAAOy8C,EACvC,CAmDW2B,CAAKhE,EAAkB,MAAbmC,EAAI8B,MAAgB,EAAI9B,EAAI8B,MAAkB,MAAX9B,EAAI+B,IAAc73C,KAAKyQ,KAAuD,IAAlDzQ,KAAKC,IAAI,EAAGD,KAAKsd,IAAI,GAAItd,KAAK6S,IAAI8gC,EAAIx6C,WAAoB,GAAK28C,EAAI+B,IAAM9B,EAAKC,GAAOC,EACzK,EAwLI6B,gBAAyB,WACzB,SAASA,EAAQ9wB,EAAM+wB,GACdA,GAAqB,mBAAR/wB,IACd+wB,EAAK/wB,EAAMA,EAAO,CAAE,GACxBzvB,KAAKygD,OAASD,EACdxgD,KAAK4vB,EAAIH,GAAQ,CAAE,CAC3B,CAiBI,OAhBA8wB,EAAQtgD,UAAUktB,EAAI,SAAUhK,EAAG8iB,GAC/BjmC,KAAKygD,OAAOnC,GAAKn7B,EAAGnjB,KAAK4vB,EAAG,EAAG,GAAIqW,GAAIA,EAC1C,EAMDsa,EAAQtgD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACjC/2B,KAAKygD,QACNpqB,GAAI,GACJr2B,KAAKojB,GACLiT,GAAI,GACRr2B,KAAKojB,EAAI2T,EACT/2B,KAAKmtB,EAAEnqB,EAAO+zB,IAAS,EAC1B,EACMwpB,CACX,IAuCIG,gBAAyB,WAKzB,SAASA,EAAQF,GACbxgD,KAAK2Z,EAAI,CAAE,EACX3Z,KAAKmtB,EAAI,IAAIlH,GAAG,GAChBjmB,KAAKygD,OAASD,CACtB,CA0BI,OAzBAE,EAAQzgD,UAAUiE,EAAI,SAAUif,GACvBnjB,KAAKygD,QACNpqB,GAAI,GACJr2B,KAAKojB,GACLiT,GAAI,GACR,IAAI+L,EAAIpiC,KAAKmtB,EAAEvrB,OACX+V,EAAI,IAAIsO,GAAGmc,EAAIjf,EAAEvhB,QACrB+V,EAAExV,IAAInC,KAAKmtB,GAAIxV,EAAExV,IAAIghB,EAAGif,GAAIpiC,KAAKmtB,EAAIxV,CACxC,EACD+oC,EAAQzgD,UAAUkjB,EAAI,SAAU4T,GAC5B/2B,KAAKojB,EAAIpjB,KAAK2Z,EAAE7X,EAAIi1B,IAAS,EAC7B,IAAI4pB,EAAM3gD,KAAK2Z,EAAE9B,EACbyjC,EAz0BA,SAAUc,EAAKx9B,EAAK8/B,GAE5B,IAAIkC,EAAKxE,EAAIx6C,OACb,IAAKg/C,GAAOlC,GAAMA,EAAGzY,IAAMyY,EAAGtc,EAC1B,OAAOxjB,GAAO,IAAIqH,GAAG,GAEzB,IAAI46B,GAASjiC,GAAO8/B,EAEhBoC,GAAQpC,GAAMA,EAAG58C,EAChB48C,IACDA,EAAK,CAAE,GAEN9/B,IACDA,EAAM,IAAIqH,GAAQ,EAAL26B,IAEjB,IAAIG,EAAO,SAAU3e,GACjB,IAAIsa,EAAK99B,EAAIhd,OAEb,GAAIwgC,EAAIsa,EAAI,CAER,IAAIsE,EAAO,IAAI/6B,GAAGxd,KAAKC,IAAS,EAALg0C,EAAQta,IACnC4e,EAAK7+C,IAAIyc,GACTA,EAAMoiC,CAClB,CACK,EAEGjqB,EAAQ2nB,EAAGzY,GAAK,EAAGjkC,EAAM08C,EAAGvxB,GAAK,EAAG8zB,EAAKvC,EAAG7mC,GAAK,EAAG6lC,EAAKgB,EAAGtc,EAAGwb,EAAKc,EAAGt7B,EAAG89B,EAAMxC,EAAGrmB,EAAG8oB,EAAMzC,EAAG/mC,EAE/FypC,EAAY,EAALR,EACX,EAAG,CACC,IAAKlD,EAAI,CAEL3mB,EAAQ/a,GAAKogC,EAAKp6C,EAAK,GAEvB,IAAIiS,EAAO+H,GAAKogC,EAAKp6C,EAAM,EAAG,GAE9B,GADAA,GAAO,GACFiS,EAAM,CAEP,IAAuBmuB,EAAIga,GAAvBziC,EAAIwgC,GAAKn4C,GAAO,GAAe,GAAMo6C,EAAIziC,EAAI,IAAM,EAAI+B,EAAI/B,EAAIyoB,EACnE,GAAI1mB,EAAIklC,EAAI,CACJE,GACAzqB,GAAI,GACR,KACpB,CAEoBwqB,GACAE,EAAKE,EAAK7e,GAEdxjB,EAAIzc,IAAIi6C,EAAIpzC,SAAS2Q,EAAG+B,GAAIulC,GAE5BvC,EAAG7mC,EAAIopC,GAAM7e,EAAGsc,EAAGvxB,EAAInrB,EAAU,EAAJ0Z,EAAOgjC,EAAGzY,EAAIlP,EAC3C,QAChB,CACiB,GAAY,GAAR9iB,EACLypC,EAAK3D,GAAM6D,EAAK3D,GAAMiH,EAAM,EAAGC,EAAM,OACpC,GAAY,GAARltC,EAAW,CAEhB,IAAIotC,EAAOrlC,GAAKogC,EAAKp6C,EAAK,IAAM,IAAKs/C,EAAQtlC,GAAKogC,EAAKp6C,EAAM,GAAI,IAAM,EACnEylC,EAAK4Z,EAAOrlC,GAAKogC,EAAKp6C,EAAM,EAAG,IAAM,EACzCA,GAAO,GAKP,IAHA,IAAIu/C,EAAM,IAAIt7B,GAAGwhB,GAEb+Z,EAAM,IAAIv7B,GAAG,IACRnkB,EAAI,EAAGA,EAAIw/C,IAASx/C,EAEzB0/C,EAAI9I,GAAK52C,IAAMka,GAAKogC,EAAKp6C,EAAU,EAAJF,EAAO,GAE1CE,GAAe,EAARs/C,EAEP,IAAIG,EAAM/4C,GAAI84C,GAAME,GAAU,GAAKD,GAAO,EAEtCE,EAAMvI,GAAKoI,EAAKC,EAAK,GACzB,IAAS3/C,EAAI,EAAGA,EAAI2lC,GAAK,CACrB,IAII9tB,EAJA8B,EAAIkmC,EAAI3lC,GAAKogC,EAAKp6C,EAAK0/C,IAM3B,GAJA1/C,GAAW,GAAJyZ,GAEH9B,EAAI8B,IAAM,GAEN,GACJ8lC,EAAIz/C,KAAO6X,MAEV,CAED,IAAIwJ,EAAI,EAAGxL,EAAI,EAOf,IANS,IAALgC,GACAhC,EAAI,EAAIqE,GAAKogC,EAAKp6C,EAAK,GAAIA,GAAO,EAAGmhB,EAAIo+B,EAAIz/C,EAAI,IACvC,IAAL6X,GACLhC,EAAI,EAAIqE,GAAKogC,EAAKp6C,EAAK,GAAIA,GAAO,GACxB,IAAL2X,IACLhC,EAAI,GAAKqE,GAAKogC,EAAKp6C,EAAK,KAAMA,GAAO,GAClC2V,KACH4pC,EAAIz/C,KAAOqhB,CACvC,CACA,CAEgB,IAAIy+B,EAAKL,EAAIv4C,SAAS,EAAGq4C,GAAO/F,EAAKiG,EAAIv4C,SAASq4C,GAElDH,EAAMx4C,GAAIk5C,GAEVT,EAAMz4C,GAAI4yC,GACVoC,EAAKtE,GAAKwI,EAAIV,EAAK,GACnBtD,EAAKxE,GAAKkC,EAAI6F,EAAK,EACnC,MAEgB9qB,GAAI,GACR,GAAIr0B,EAAMo/C,EAAM,CACRN,GACAzqB,GAAI,GACR,KAChB,CACA,CAGYwqB,GACAE,EAAKE,EAAK,QAGd,IAFA,IAAIY,GAAO,GAAKX,GAAO,EAAGY,GAAO,GAAKX,GAAO,EACzCY,EAAO//C,GACH+/C,EAAO//C,EAAK,CAEhB,IAAoCggD,GAAhC7+B,EAAIu6B,EAAGxD,GAAOkC,EAAKp6C,GAAO6/C,MAAkB,EAEhD,IADA7/C,GAAW,GAAJmhB,GACGi+B,EAAM,CACRN,GACAzqB,GAAI,GACR,KAChB,CAGY,GAFKlT,GACDkT,GAAI,GACJ2rB,EAAM,IACNpjC,EAAIqiC,KAAQe,MACX,IAAW,KAAPA,EAAY,CACjBD,EAAO//C,EAAK07C,EAAK,KACjB,KAChB,CAEgB,IAAIz5C,EAAM+9C,EAAM,IAEhB,GAAIA,EAAM,IAAK,CAEX,IAAmBnqC,EAAI2gC,GAAnB12C,EAAIkgD,EAAM,KACd/9C,EAAM+X,GAAKogC,EAAKp6C,GAAM,GAAK6V,GAAK,GAAKihC,GAAGh3C,GACxCE,GAAO6V,CAC3B,CAEgB,IAAIuL,EAAIw6B,EAAG1D,GAAOkC,EAAKp6C,GAAO8/C,GAAMG,EAAO7+B,IAAM,EASjD,GARKA,GACDiT,GAAI,GACRr0B,GAAW,GAAJohB,EACHk4B,EAAKrC,GAAGgJ,GACRA,EAAO,IACHpqC,EAAI4gC,GAAKwJ,GACb3G,GAAMpB,GAAOkC,EAAKp6C,IAAS,GAAK6V,GAAK,EAAI7V,GAAO6V,GAEhD7V,EAAMo/C,EAAM,CACRN,GACAzqB,GAAI,GACR,KACpB,CACoBwqB,GACAE,EAAKE,EAAK,QAEd,IADA,IAAI34C,EAAM24C,EAAKh9C,EACRg9C,EAAK34C,EAAK24C,GAAM,EACnBriC,EAAIqiC,GAAMriC,EAAIqiC,EAAK3F,GACnB18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAC3B18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAC3B18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAE/B2F,EAAK34C,CACrB,CACA,CACQo2C,EAAGtc,EAAIsb,EAAIgB,EAAGvxB,EAAI40B,EAAMrD,EAAG7mC,EAAIopC,EAAIvC,EAAGzY,EAAIlP,EACtC2mB,IACA3mB,EAAQ,EAAG2nB,EAAGrmB,EAAI6oB,EAAKxC,EAAGt7B,EAAIw6B,EAAIc,EAAG/mC,EAAIwpC,EAChD,QAASpqB,GACV,OAAOkqB,GAAMriC,EAAIhd,OAASgd,EAAMw7B,GAAIx7B,EAAK,EAAGqiC,EAChD,CAwpBiBiB,CAAMliD,KAAKmtB,EAAGntB,KAAK4vB,EAAG5vB,KAAK2Z,GACpC3Z,KAAKygD,OAAOrG,GAAIkB,EAAIqF,EAAK3gD,KAAK2Z,EAAE9B,GAAI7X,KAAKojB,GACzCpjB,KAAK4vB,EAAIwqB,GAAIkB,EAAIt7C,KAAK2Z,EAAE9B,EAAI,OAAQ7X,KAAK2Z,EAAE9B,EAAI7X,KAAK4vB,EAAEhuB,OACtD5B,KAAKmtB,EAAIitB,GAAIp6C,KAAKmtB,EAAIntB,KAAK2Z,EAAEwT,EAAI,EAAK,GAAIntB,KAAK2Z,EAAEwT,GAAK,CACzD,EAMDuzB,EAAQzgD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACtC/2B,KAAKkE,EAAElB,GAAQhD,KAAKmjB,EAAE4T,EACzB,EACM2pB,CACX,IAqMIyB,gBAAsB,WACtB,SAASA,EAAK1yB,EAAM+wB,GA1fZ,IACJliC,EAAOzG,EA0fP7X,KAAKmjB,GA1fL7E,EAAI,EAAGzG,EAAI,EACR,CACHsV,EAAG,SAAU/J,GAIT,IAFA,IAAIzL,EAAI2G,EAAG+Z,EAAIxgB,EACXuqB,EAAe,EAAXhf,EAAExhB,OACDE,EAAI,EAAGA,GAAKsgC,GAAI,CAErB,IADA,IAAIl+B,EAAIuE,KAAKsd,IAAIjkB,EAAI,KAAMsgC,GACpBtgC,EAAIoC,IAAKpC,EACZu2B,GAAK1gB,GAAKyL,EAAEthB,GAChB6V,GAAS,MAAJA,GAAa,IAAMA,GAAK,IAAK0gB,GAAS,MAAJA,GAAa,IAAMA,GAAK,GAC/E,CACY/Z,EAAI3G,EAAGE,EAAIwgB,CACd,EACDjV,EAAG,WAEC,OAAY,KADZ9E,GAAK,SACe,GAAMA,IAAM,GAAM,IAAU,KADpCzG,GAAK,SACuC,EAAKA,IAAM,CAC/E,IA0eQ7X,KAAK4Z,EAAI,EACT2mC,GAAQx/C,KAAKf,KAAMyvB,EAAM+wB,EACjC,CAkBI,OAZA2B,EAAKliD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACnCwpB,GAAQtgD,UAAU6C,KAAK/B,KAAKf,KAAMgD,EAAO+zB,EAC5C,EACDorB,EAAKliD,UAAUktB,EAAI,SAAUhK,EAAG8iB,GAC5BjmC,KAAKmjB,EAAEgK,EAAEhK,GACT,IAAIi/B,EAAM9D,GAAKn7B,EAAGnjB,KAAK4vB,EAAG5vB,KAAK4Z,GAAK,EAAGqsB,GAAK,GAAIA,GAC5CjmC,KAAK4Z,IA9UP,SAAUuJ,EAAGyM,GACnB,IAAIyyB,EAAKzyB,EAAEywB,MAAOvH,EAAW,GAANuJ,EAAU,EAAIA,EAAK,EAAI,EAAU,GAANA,EAAU,EAAI,EAChEl/B,EAAE,GAAK,IAAKA,EAAE,GAAM21B,GAAM,GAAMA,EAAM,GAAK,EAAIA,EAAM,EACzD,CA4UYwJ,CAAIF,EAAKpiD,KAAK4vB,GAAI5vB,KAAK4Z,EAAI,GAC3BqsB,GArXC,SAAU7iB,EAAGvL,EAAG+B,GACzB,KAAOA,IAAK/B,EACRuL,EAAEvL,GAAK+B,EAAGA,KAAO,CACzB,CAmXY2oC,CAAOH,EAAKA,EAAIxgD,OAAS,EAAG5B,KAAKmjB,EAAEC,KACvCpjB,KAAKygD,OAAO2B,EAAKnc,EACpB,EACMkc,CACX,IA+CIK,gBAAwB,WAKxB,SAASA,EAAOhC,GACZxgD,KAAK4Z,EAAI,EACT8mC,GAAQ3/C,KAAKf,KAAMwgD,EAC3B,CAsBI,OAhBAgC,EAAOviD,UAAU6C,KAAO,SAAUE,EAAO+zB,GAErC,GADA2pB,GAAQzgD,UAAUiE,EAAEnD,KAAKf,KAAMgD,GAC3BhD,KAAK4Z,EAAG,CACR,GAAI5Z,KAAKmtB,EAAEvrB,OAAS,IAAMm1B,EACtB,OACJ/2B,KAAKmtB,EAAIntB,KAAKmtB,EAAEnkB,SAAS,GAAIhJ,KAAK4Z,EAAI,CAClD,CACYmd,IACI/2B,KAAKmtB,EAAEvrB,OAAS,GAChBy0B,GAAI,EAAG,qBACXr2B,KAAKmtB,EAAIntB,KAAKmtB,EAAEnkB,SAAS,GAAI,IAIjC03C,GAAQzgD,UAAUkjB,EAAEpiB,KAAKf,KAAM+2B,EAClC,EACMyrB,CACX,IAiKIC,GAA2B,oBAAf5nC,0BAA4C,IAAIA,YAGhE,IACI4nC,GAAG3nC,OAAO+/B,GAAI,CAAE75C,QAAQ,IAClB,CACV,CACA,MAAOkD,GAAG,CCx+CV,MAAMw+C,GACJ,cAAW3kC,GACT,OAAOtT,EAAMkE,OAAOU,WACxB,CAKE,WAAAzP,CAAY+iD,EAAO,IAAI5qC,MACrB/X,KAAK2+B,OAASl0B,EAAMqF,QAAQG,KAC5BjQ,KAAK2iD,KAAO7rC,EAAKuB,cAAcsqC,GAC/B3iD,KAAKgQ,KAAO,KACZhQ,KAAK6G,KAAO,KACZ7G,KAAK4iD,SAAW,EACpB,CAQE,OAAAC,CAAQ7yC,EAAM2uB,EAASl0B,EAAMqF,QAAQG,MACnCjQ,KAAK2+B,OAASA,EACd3+B,KAAKgQ,KAAOA,EACZhQ,KAAK6G,KAAO,IAChB,CAQE,OAAAi8C,CAAQlgD,GAAQ,GAId,OAHkB,OAAd5C,KAAKgQ,MAAiB8G,EAAK7V,SAASjB,KAAKgQ,SAC3ChQ,KAAKgQ,KAAO8G,EAAK6D,WAAW7D,EAAKwG,UAAUtd,KAAK+iD,SAASngD,MAEpD5C,KAAKgQ,IAChB,CAOE,QAAAgzC,CAAS74C,EAAOw0B,GACd3+B,KAAK2+B,OAASA,EACd3+B,KAAK6G,KAAOsD,EACZnK,KAAKgQ,KAAO,IAChB,CAQE,QAAA+yC,CAASngD,GAAQ,GAKf,OAJkB,OAAd5C,KAAK6G,OAEP7G,KAAK6G,KAAOiQ,EAAKkG,gBAAgBlG,EAAKwD,WAAWta,KAAKgQ,QAEpDpN,EACK2f,EAAoBviB,KAAK6G,MAE3B7G,KAAK6G,IAChB,CAOE,WAAAo8C,CAAYL,GACV5iD,KAAK4iD,SAAWA,CACpB,CAOE,WAAAM,GACE,OAAOljD,KAAK4iD,QAChB,CASE,UAAMvgD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UAExB,MAAMq8B,QAAej7B,EAAOkG,WAEtBw5C,QAAqB1/C,EAAOkG,WAClC5J,KAAK4iD,SAAW9rC,EAAK6D,iBAAiBjX,EAAOqG,UAAUq5C,IAEvDpjD,KAAK2iD,KAAO7rC,EAAKgB,eAAepU,EAAOqG,UAAU,IAEjD,IAAIlD,EAAOnD,EAAOgE,YACdsa,EAAqBnb,KAAOA,QAAaob,EAAiBpb,IAC9D7G,KAAKgjD,SAASn8C,EAAM83B,EAAO,GAEjC,CAOE,WAAAmN,GACE,MAAM8W,EAAW9rC,EAAKwD,WAAWta,KAAK4iD,UAChCS,EAAkB,IAAI5hD,WAAW,CAACmhD,EAAShhD,SAE3C+8B,EAAS,IAAIl9B,WAAW,CAACzB,KAAK2+B,SAC9BgkB,EAAO7rC,EAAKkB,UAAUhY,KAAK2iD,MAEjC,OAAO7rC,EAAKpV,iBAAiB,CAACi9B,EAAQ0kB,EAAiBT,EAAUD,GACrE,CAOE,KAAA5/C,GACE,MAAM2c,EAAS1f,KAAK8rC,cACdjlC,EAAO7G,KAAK+iD,WAElB,OAAOjsC,EAAKtS,OAAO,CAACkb,EAAQ7Y,GAChC,ECnIA,MAAMy8C,GACJ,WAAA1jD,GACEI,KAAKmK,MAAQ,EACjB,CAME,IAAA9H,CAAK8H,GAEH,OADAnK,KAAKmK,MAAQ2M,EAAKmD,mBAAmB9P,EAAMnB,SAAS,EAAG,IAChDhJ,KAAKmK,MAAMvI,MACtB,CAME,KAAAmB,GACE,OAAO+T,EAAK+C,mBAAmB7Z,KAAKmK,MACxC,CAME,KAAAmhC,GACE,OAAOx0B,EAAK2C,gBAAgB3C,EAAK+C,mBAAmB7Z,KAAKmK,OAC7D,CAOE,MAAAo5C,CAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB1jD,KAAK0jD,eAAkB1jD,KAAKmK,QAAUq5C,EAAMr5C,KAChG,CAME,MAAAw5C,GACE,MAAsB,KAAf3jD,KAAKmK,KAChB,CAME,UAAAu5C,GACE,MAAO,OAAO3mC,KAAK/c,KAAKsrC,QAC5B,CAEE,eAAOsY,CAASJ,GACd,OAAOA,EAAMlY,OACjB,CAEE,aAAOuY,CAAOvqC,GACZ,MAAMkqC,EAAQ,IAAIF,GAElB,OADAE,EAAMnhD,KAAKyU,EAAKuC,gBAAgBC,IACzBkqC,CACX,CAEE,eAAOM,GACL,MAAMN,EAAQ,IAAIF,GAElB,OADAE,EAAMnhD,KAAK,IAAIZ,WAAW,IACnB+hD,CACX,EC3EA,MAAMjR,GAAWjzC,OAAO,YAQlBykD,GAAqB,+BAKrBC,GAA4B,IAAIruC,IAAI,CACxClL,EAAMuG,mBAAmBW,YACzBlH,EAAMuG,mBAAmByB,kBACzBhI,EAAMuG,mBAAmBwB,oBAW3B,MAAMyxC,GACJ,cAAWlmC,GACT,OAAOtT,EAAMkE,OAAOE,SACxB,CAEE,WAAAjP,GACEI,KAAK03C,QAAU,KAEf13C,KAAKkkD,cAAgB,KAErBlkD,KAAKmkD,cAAgB,KAErBnkD,KAAKokD,mBAAqB,KAE1BpkD,KAAKqkD,cAAgB,KACrBrkD,KAAKskD,mBAAqB,GAC1BtkD,KAAKukD,kBAAoB,GACzBvkD,KAAKwkD,gBAAkB,KACvBxkD,KAAKyuC,KAAO,KAEZzuC,KAAKykD,QAAU,KACfzkD,KAAKkR,wBAA0B,KAC/BlR,KAAK0kD,uBAAwB,EAC7B1kD,KAAK2kD,WAAa,KAClB3kD,KAAK4kD,WAAa,KAClB5kD,KAAK6kD,YAAc,KACnB7kD,KAAKqR,kBAAoB,KACzBrR,KAAKsR,UAAY,KACjBtR,KAAKuR,kBAAoB,KACzBvR,KAAK8kD,gBAAkB,KACvB9kD,KAAKyR,6BAA+B,KACpCzR,KAAK+kD,mBAAqB,KAC1B/kD,KAAKglD,uBAAyB,KAC9BhlD,KAAKilD,yBAA2B,KAChCjlD,KAAK2R,YAAc,IAAI2xC,GACvBtjD,KAAKklD,aAAe,GACpBllD,KAAKmlD,UAAY,CAAE,EACnBnlD,KAAK6R,wBAA0B,KAC/B7R,KAAK8R,+BAAiC,KACtC9R,KAAK+R,qBAAuB,KAC5B/R,KAAKgS,mBAAqB,KAC1BhS,KAAKolD,gBAAkB,KACvBplD,KAAKkS,UAAY,KACjBlS,KAAKmS,SAAW,KAChBnS,KAAKoS,cAAgB,KACrBpS,KAAKqlD,wBAA0B,KAC/BrlD,KAAKslD,0BAA4B,KACjCtlD,KAAKsS,SAAW,KAChBtS,KAAKulD,kCAAoC,KACzCvlD,KAAKwlD,6BAA+B,KACpCxlD,KAAKylD,oBAAsB,KAC3BzlD,KAAKwS,kBAAoB,KACzBxS,KAAK0lD,iBAAmB,KACxB1lD,KAAKyS,kBAAoB,KACzBzS,KAAK0S,wBAA0B,KAC/B1S,KAAK2S,sBAAwB,KAE7B3S,KAAK2lD,QAAU,KACf3lD,KAAKuyC,IAAY,IACrB,CAOE,IAAAlwC,CAAK8H,EAAO+J,EAASqD,GACnB,IAAIzV,EAAI,EAER,GADA9B,KAAK03C,QAAUvtC,EAAMrI,KACA,IAAjB9B,KAAK03C,UAAkBxjC,EAAOS,wBAChC,MAAM,IAAIi4B,GAAiB,2FAG7B,GAAqB,IAAjB5sC,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QACnD,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,mDAS7C,GANA13C,KAAKkkD,cAAgB/5C,EAAMrI,KAC3B9B,KAAKokD,mBAAqBj6C,EAAMrI,KAChC9B,KAAKmkD,cAAgBh6C,EAAMrI,KAG3BA,GAAK9B,KAAK4lD,eAAez7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,IACrD5B,KAAKykD,QACR,MAAUljD,MAAM,8CAmBlB,GAVAvB,KAAKqkD,cAAgBl6C,EAAMnB,SAAS,EAAGlH,GAGvCA,GAAK9B,KAAK4lD,eAAez7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,GAG1D5B,KAAKwkD,gBAAkBr6C,EAAMnB,SAASlH,EAAGA,EAAI,GAC7CA,GAAK,EAGgB,IAAjB9B,KAAK03C,QAAe,CAItB,MAAMmO,EAAa17C,EAAMrI,KAGzB9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI+jD,GAClC/jD,GAAK+jD,CACX,CAEI,MAAMC,EAAoB37C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAC5CS,KAAEA,EAAI0yC,gBAAEA,GAAoB54B,GAAOtN,UAAUk3C,qBAAqB/lD,KAAKokD,mBAAoB0B,GACjG,GAAIzjD,EAAOyjD,EAAkBlkD,OAC3B,MAAUL,MAAM,sBAElBvB,KAAK2mB,OAASouB,CAClB,CAKE,WAAAiR,GACE,OAAIhmD,KAAK2mB,kBAAkBzmB,QAClB+lD,GACL3jD,SAAY6Z,GAAO+pC,gBAAgBlmD,KAAKokD,yBAA0BpkD,KAAK2mB,UAGpExK,GAAO+pC,gBAAgBlmD,KAAKokD,mBAAoBpkD,KAAK2mB,OAChE,CAEE,KAAA5jB,GACE,MAAMmjB,EAAM,GASZ,OARAA,EAAIpjB,KAAK9C,KAAKqkD,eACdn+B,EAAIpjB,KAAK9C,KAAKmmD,2BACdjgC,EAAIpjB,KAAK9C,KAAKwkD,iBACO,IAAjBxkD,KAAK03C,UACPxxB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKyuC,KAAK7sC,UACnCskB,EAAIpjB,KAAK9C,KAAKyuC,OAEhBvoB,EAAIpjB,KAAK9C,KAAKgmD,eACPlvC,EAAKtS,OAAO0hB,EACvB,CAWE,UAAMia,CAAKxvB,EAAK9J,EAAM87C,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,GACzDlU,KAAK03C,QAAU/mC,EAAI+mC,QAEnB13C,KAAKykD,QAAU3tC,EAAKuB,cAAcsqC,GAClC3iD,KAAK0lD,iBAAmB/0C,EAAI+mC,QAC5B13C,KAAKyS,kBAAoB9B,EAAIy1C,sBAC7BpmD,KAAK2R,YAAchB,EAAI01C,WAEvB,MAAMngC,EAAM,CAAC,IAAIzkB,WAAW,CAACzB,KAAK03C,QAAS13C,KAAKkkD,cAAelkD,KAAKokD,mBAAoBpkD,KAAKmkD,iBAG7F,GAAqB,IAAjBnkD,KAAK03C,QAAe,CACtB,MAAMmO,EAAaS,GAAkBtmD,KAAKmkD,eAC1C,GAAkB,OAAdnkD,KAAKyuC,KACPzuC,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAeiqB,QACpC,GAAIA,IAAe7lD,KAAKyuC,KAAK7sC,OAClC,MAAUL,MAAM,kDAExB,MAAW,GAAI2S,EAAOmC,sCAAuC,CAIvD,GAA6B,IAHPrW,KAAKklD,aAAa36C,QAAO,EAAGtC,UAAYA,IAAS87C,KAGrDniD,OAShB,MAAUL,MAAM,qCATc,CAC9B,MAAMglD,EAAYpqC,GAAOw6B,OAAO/a,eAAe0qB,GAAkBtmD,KAAKmkD,gBACtEnkD,KAAKklD,aAAapiD,KAAK,CACrBmF,KAAM87C,GACNxhD,MAAOgkD,EACPC,eAAe,EACfC,UAAU,GAEpB,CAGA,CAGIvgC,EAAIpjB,KAAK9C,KAAK0mD,yBAKd1mD,KAAKskD,mBAAqB,GAE1BtkD,KAAKqkD,cAAgBvtC,EAAKtS,OAAO0hB,GAEjC,MAAMgyB,EAASl4C,KAAKk4C,OAAOl4C,KAAKkkD,cAAer9C,EAAM+jC,GAC/Cj9B,QAAa3N,KAAK2N,KAAK3N,KAAKkkD,cAAer9C,EAAMqxC,EAAQtN,GAE/D5qC,KAAKwkD,gBAAkBmC,EAAaC,EAAaj5C,GAAO,EAAG,GAC3D,MAAM2F,EAAShR,SAAY6Z,GAAOtN,UAAUsxB,KAC1CngC,KAAKokD,mBAAoBpkD,KAAKmkD,cAAexzC,EAAIykC,aAAczkC,EAAIolC,cAAemC,QAAcj2B,EAAiBtU,IAE/GmJ,EAAK7V,SAAS0M,GAChB3N,KAAK2mB,OAASrT,KAEdtT,KAAK2mB,aAAerT,IAMpBtT,KAAKuyC,KAAY,EAEvB,CAME,qBAAAmU,GACE,MAAMrpC,EAAM5S,EAAMuG,mBACZkV,EAAM,GACZ,IAAI/b,EACJ,GAAqB,OAAjBnK,KAAKykD,QACP,MAAUljD,MAAM,mCAElB2kB,EAAIpjB,KAAK+jD,GAAexpC,EAAIpM,uBAAuB,EAAM6F,EAAKkB,UAAUhY,KAAKykD,WACxC,OAAjCzkD,KAAKkR,yBACPgV,EAAIpjB,KAAK+jD,GAAexpC,EAAInM,yBAAyB,EAAM4F,EAAKc,YAAY5X,KAAKkR,wBAAyB,KAEpF,OAApBlR,KAAK2kD,YACPz+B,EAAIpjB,KAAK+jD,GAAexpC,EAAIlM,yBAAyB,EAAM,IAAI1P,WAAW,CAACzB,KAAK2kD,WAAa,EAAI,MAE3E,OAApB3kD,KAAK4kD,aACPz6C,EAAQ,IAAI1I,WAAW,CAACzB,KAAK4kD,WAAY5kD,KAAK6kD,cAC9C3+B,EAAIpjB,KAAK+jD,GAAexpC,EAAIjM,gBAAgB,EAAMjH,KAErB,OAA3BnK,KAAKqR,mBACP6U,EAAIpjB,KAAK+jD,GAAexpC,EAAIhM,mBAAmB,EAAMrR,KAAKqR,oBAErC,OAAnBrR,KAAKsR,WACP4U,EAAIpjB,KAAK+jD,GAAexpC,EAAI/L,WAAW,EAAM,IAAI7P,WAAW,CAACzB,KAAKsR,UAAY,EAAI,MAErD,OAA3BtR,KAAKuR,mBACP2U,EAAIpjB,KAAK+jD,GAAexpC,EAAI9L,mBAAmB,EAAMuF,EAAKc,YAAY5X,KAAKuR,kBAAmB,KAEtD,OAAtCvR,KAAKyR,+BACPtH,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKyR,+BAC7DyU,EAAIpjB,KAAK+jD,GAAexpC,EAAI5L,8BAA8B,EAAOtH,KAEnC,OAA5BnK,KAAK+kD,qBACP56C,EAAQ,IAAI1I,WAAW,CAACzB,KAAK+kD,mBAAoB/kD,KAAKglD,yBACtD76C,EAAQ2M,EAAKtS,OAAO,CAAC2F,EAAOnK,KAAKilD,2BACjC/+B,EAAIpjB,KAAK+jD,GAAexpC,EAAI3L,eAAe,EAAOvH,MAE/CnK,KAAK2R,YAAYgyC,UAAY3jD,KAAK0lD,iBAAmB,GAGxDx/B,EAAIpjB,KAAK+jD,GAAexpC,EAAI1L,aAAa,EAAM3R,KAAK2R,YAAY5O,UAElE/C,KAAKklD,aAAajjD,SAAQ,EAAGgG,OAAM1F,QAAOikD,gBAAeC,eACvDt8C,EAAQ,CAAC,IAAI1I,WAAW,CAAC+kD,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAMM,EAAchwC,EAAKwD,WAAWrS,GAEpCkC,EAAMrH,KAAKgU,EAAKc,YAAYkvC,EAAYllD,OAAQ,IAEhDuI,EAAMrH,KAAKgU,EAAKc,YAAYrV,EAAMX,OAAQ,IAC1CuI,EAAMrH,KAAKgkD,GACX38C,EAAMrH,KAAKP,GACX4H,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAIzL,aAAc60C,EAAUt8C,GAAO,IAExB,OAAjCnK,KAAK6R,0BACP1H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK6R,0BAC7DqU,EAAIpjB,KAAK+jD,GAAexpC,EAAIxL,yBAAyB,EAAO1H,KAElB,OAAxCnK,KAAK8R,iCACP3H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK8R,iCAC7DoU,EAAIpjB,KAAK+jD,GAAexpC,EAAIvL,gCAAgC,EAAO3H,KAEnC,OAA9BnK,KAAK+R,uBACP5H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK+R,uBAC7DmU,EAAIpjB,KAAK+jD,GAAexpC,EAAItL,sBAAsB,EAAO5H,KAE3B,OAA5BnK,KAAKgS,oBACPkU,EAAIpjB,KAAK+jD,GAAexpC,EAAIrL,oBAAoB,EAAO8E,EAAKwD,WAAWta,KAAKgS,sBAEjD,OAAzBhS,KAAKolD,iBACPl/B,EAAIpjB,KAAK+jD,GAAexpC,EAAIpL,eAAe,EAAO,IAAIxQ,WAAW,CAACzB,KAAKolD,gBAAkB,EAAI,MAExE,OAAnBplD,KAAKkS,WACPgU,EAAIpjB,KAAK+jD,GAAexpC,EAAInL,WAAW,EAAO4E,EAAKwD,WAAWta,KAAKkS,aAE/C,OAAlBlS,KAAKmS,WACPhI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKmS,WAC7D+T,EAAIpjB,KAAK+jD,GAAexpC,EAAIlL,UAAU,EAAMhI,KAEnB,OAAvBnK,KAAKoS,eACP8T,EAAIpjB,KAAK+jD,GAAexpC,EAAIjL,eAAe,EAAO0E,EAAKwD,WAAWta,KAAKoS,iBAEpC,OAAjCpS,KAAKqlD,0BACPl7C,EAAQ2M,EAAK+C,mBAAmB7C,OAAOoD,aAAapa,KAAKqlD,yBAA2BrlD,KAAKslD,2BACzFp/B,EAAIpjB,KAAK+jD,GAAexpC,EAAIhL,qBAAqB,EAAMlI,KAEnC,OAAlBnK,KAAKsS,WACPnI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKsS,WAC7D4T,EAAIpjB,KAAK+jD,GAAexpC,EAAI/K,UAAU,EAAOnI,KAEA,OAA3CnK,KAAKulD,oCACPp7C,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAKulD,kCAAmCvlD,KAAKwlD,gCACtEr7C,EAAMrH,KAAKgU,EAAK+C,mBAAmB7Z,KAAKylD,sBACxCt7C,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAI9K,iBAAiB,EAAMpI,KAEtB,OAA3BnK,KAAKwS,mBACP0T,EAAIpjB,KAAK+jD,GAAexpC,EAAI7K,mBAAmB,EAAMxS,KAAKwS,kBAAkBzP,UAE/C,OAA3B/C,KAAKyS,oBACPtI,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK0lD,mBAAoB1lD,KAAKyS,mBACvDtI,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAI5K,kBAAmBzS,KAAK03C,SAAW,EAAGvtC,KAE/B,OAAjCnK,KAAK0S,0BACPvI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK0S,0BAC7DwT,EAAIpjB,KAAK+jD,GAAexpC,EAAI3K,yBAAyB,EAAOvI,KAE3B,OAA/BnK,KAAK2S,wBACPxI,EAAQ,IAAI1I,WAAW,GAAG+C,UAAUxE,KAAK2S,wBACzCuT,EAAIpjB,KAAK+jD,GAAexpC,EAAI1K,uBAAuB,EAAOxI,KAG5D,MAAMpI,EAAS+U,EAAKtS,OAAO0hB,GACrBtkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAK03C,QAAgB,EAAI,GAExE,OAAO5gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAME,uBAAAokD,GACE,MAAMjgC,EAAMlmB,KAAKskD,mBAAmB3/C,KAAI,EAAGsP,OAAMwyC,WAAUvlC,UAClD2lC,GAAe5yC,EAAMwyC,EAAUvlC,KAGlCnf,EAAS+U,EAAKtS,OAAO0hB,GACrBtkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAK03C,QAAgB,EAAI,GAExE,OAAO5gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAGE,aAAAglD,CAAc58C,EAAOszB,GAAS,GAC5B,IAAIupB,EAAQ,EAGZ,MAAMP,KAA6B,IAAft8C,EAAM68C,IACpB/yC,EAAsB,IAAf9J,EAAM68C,GAInB,GAFAA,IAEKvpB,IACHz9B,KAAKskD,mBAAmBxhD,KAAK,CAC3BmR,OACAwyC,WACAvlC,KAAM/W,EAAMnB,SAASg+C,EAAO78C,EAAMvI,UAE/BoiD,GAA0BhgD,IAAIiQ,IAMrC,OAAQA,GACN,KAAKxJ,EAAMuG,mBAAmBC,sBAE5BjR,KAAKykD,QAAU3tC,EAAKgB,SAAS3N,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACzD,MACF,KAAK6I,EAAMuG,mBAAmBE,wBAAyB,CAErD,MAAM+1C,EAAUnwC,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAE5D5B,KAAK0kD,sBAAoC,IAAZuC,EAC7BjnD,KAAKkR,wBAA0B+1C,EAE/B,KACR,CACM,KAAKx8C,EAAMuG,mBAAmBG,wBAE5BnR,KAAK2kD,WAAgC,IAAnBx6C,EAAM68C,KACxB,MACF,KAAKv8C,EAAMuG,mBAAmBI,eAE5BpR,KAAK4kD,WAAaz6C,EAAM68C,KACxBhnD,KAAK6kD,YAAc16C,EAAM68C,KACzB,MACF,KAAKv8C,EAAMuG,mBAAmBK,kBAE5BrR,KAAKqR,kBAAoBlH,EAAM68C,GAC/B,MACF,KAAKv8C,EAAMuG,mBAAmBM,UAE5BtR,KAAKsR,UAA+B,IAAnBnH,EAAM68C,KACvB,MACF,KAAKv8C,EAAMuG,mBAAmBO,kBAAmB,CAE/C,MAAM01C,EAAUnwC,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAE5D5B,KAAKuR,kBAAoB01C,EACzBjnD,KAAK8kD,gBAA8B,IAAZmC,EAEvB,KACR,CACM,KAAKx8C,EAAMuG,mBAAmBS,6BAE5BzR,KAAKyR,6BAA+B,IAAItH,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACpE,MACF,KAAK6I,EAAMuG,mBAAmBU,cAK5B1R,KAAK+kD,mBAAqB56C,EAAM68C,KAChChnD,KAAKglD,uBAAyB76C,EAAM68C,KACpChnD,KAAKilD,yBAA2B96C,EAAMnB,SAASg+C,EAAOA,EAAQ,IAC9D,MAEF,KAAKv8C,EAAMuG,mBAAmBW,YAE5B,GAAqB,IAAjB3R,KAAK03C,QACP13C,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,cAC7C,GAAI67B,EAST,MAAUl8B,MAAM,sCAElB,MAEF,KAAKkJ,EAAMuG,mBAAmBY,aAAc,CAE1C,MAAM40C,KAAkC,IAAfr8C,EAAM68C,IAG/BA,GAAS,EACT,MAAM3uB,EAAIvhB,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAMrvC,EAAIb,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM/+C,EAAO6O,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAOA,EAAQ3uB,IACrD91B,EAAQ4H,EAAMnB,SAASg+C,EAAQ3uB,EAAG2uB,EAAQ3uB,EAAI1gB,GAEpD3X,KAAKklD,aAAapiD,KAAK,CAAEmF,OAAMu+C,gBAAejkD,QAAOkkD,aAEjDD,IACFxmD,KAAKmlD,UAAUl9C,GAAQ6O,EAAK6D,WAAWpY,IAEzC,KACR,CACM,KAAKkI,EAAMuG,mBAAmBa,wBAE5B7R,KAAK6R,wBAA0B,IAAI1H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmBc,+BAE5B9R,KAAK8R,+BAAiC,IAAI3H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBe,qBAE5B/R,KAAK+R,qBAAuB,IAAI5H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC5D,MACF,KAAK6I,EAAMuG,mBAAmBgB,mBAE5BhS,KAAKgS,mBAAqB8E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBiB,cAE5BjS,KAAKolD,gBAAqC,IAAnBj7C,EAAM68C,KAC7B,MACF,KAAKv8C,EAAMuG,mBAAmBkB,UAE5BlS,KAAKkS,UAAY4E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC7D,MACF,KAAK6I,EAAMuG,mBAAmBmB,SAE5BnS,KAAKmS,SAAW,IAAIhI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBoB,cAE5BpS,KAAKoS,cAAgB0E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACjE,MACF,KAAK6I,EAAMuG,mBAAmBqB,oBAE5BrS,KAAKqlD,wBAA0Bl7C,EAAM68C,KACrChnD,KAAKslD,0BAA4BxuC,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC7E,MACF,KAAK6I,EAAMuG,mBAAmBsB,SAE5BtS,KAAKsS,SAAW,IAAInI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBuB,gBAAiB,CAG7CvS,KAAKulD,kCAAoCp7C,EAAM68C,KAC/ChnD,KAAKwlD,6BAA+Br7C,EAAM68C,KAE1C,MAAM35B,EAAMlR,GAAOmJ,kBAAkBtlB,KAAKwlD,8BAE1CxlD,KAAKylD,oBAAsB3uC,EAAKmD,mBAAmB9P,EAAMnB,SAASg+C,EAAOA,EAAQ35B,IACjF,KACR,CACM,KAAK5iB,EAAMuG,mBAAmBwB,kBAE5BxS,KAAKwS,kBAAoB,IAAIyxC,GAC7BjkD,KAAKwS,kBAAkBnQ,KAAK8H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACxD,MACF,KAAK6I,EAAMuG,mBAAmByB,kBAE5BzS,KAAK0lD,iBAAmBv7C,EAAM68C,KAC9BhnD,KAAKyS,kBAAoBtI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,QACjD5B,KAAK0lD,kBAAoB,EAC3B1lD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,mBAE3BzS,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBAAkBzJ,UAAU,IAEzD,MACF,KAAKyB,EAAMuG,mBAAmB0B,wBAE5B1S,KAAK0S,wBAA0B,IAAIvI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmB2B,sBAE5B3S,KAAK2S,sBAAwB,GAC7B,IAAK,IAAI7Q,EAAIklD,EAAOllD,EAAIqI,EAAMvI,OAAQE,GAAK,EACzC9B,KAAK2S,sBAAsB7P,KAAK,CAACqH,EAAMrI,GAAIqI,EAAMrI,EAAI,KAEvD,MACF,QACE9B,KAAKukD,kBAAkBzhD,KAAK,CAC1BmR,OACAwyC,WACAvlC,KAAM/W,EAAMnB,SAASg+C,EAAO78C,EAAMvI,UAI5C,CAEE,cAAAgkD,CAAez7C,EAAO+8C,GAAU,EAAMhzC,GACpC,MAAMizC,EAAwC,IAAjBnnD,KAAK03C,QAAgB,EAAI,EAGhD0P,EAAkBtwC,EAAKY,WAAWvN,EAAMnB,SAAS,EAAGm+C,IAE1D,IAAIrlD,EAAIqlD,EAGR,KAAOrlD,EAAI,EAAIslD,GAAiB,CAC9B,MAAM/5B,EAAMme,GAAiBrhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKurB,EAAIzU,OAET5Y,KAAK+mD,cAAc58C,EAAMnB,SAASlH,EAAGA,EAAIurB,EAAIA,KAAM65B,EAAShzC,GAE5DpS,GAAKurB,EAAIA,GACf,CAEI,OAAOvrB,CACX,CAGE,MAAAulD,CAAOpzC,EAAMpN,GACX,MAAM6U,EAAIjR,EAAMoE,UAEhB,OAAQoF,GACN,KAAKyH,EAAE3L,OACL,OAAkB,OAAdlJ,EAAKmJ,KACA8G,EAAKwD,WAAWzT,EAAKi8C,SAAQ,IAE/Bj8C,EAAKk8C,UAAS,GAEvB,KAAKrnC,EAAE1L,KAAM,CACX,MAAM7F,EAAQtD,EAAKk8C,UAAS,GAE5B,OAAOjsC,EAAKkG,gBAAgB7S,EACpC,CACM,KAAKuR,EAAEvL,WACL,OAAO,IAAI1O,WAAW,GAExB,KAAKia,EAAEtL,YACP,KAAKsL,EAAErL,YACP,KAAKqL,EAAEpL,WACP,KAAKoL,EAAEnL,aACP,KAAKmL,EAAElL,eAAgB,CACrB,IAAI7B,EACAoP,EAEJ,GAAIlX,EAAK0I,OACPwO,EAAM,IACNpP,EAAS9H,EAAK0I,WACT,KAAI1I,EAAK4I,cAId,MAAUlO,MAAM,mFAHhBwc,EAAM,IACNpP,EAAS9H,EAAK4I,aAIxB,CAEQ,MAAMtF,EAAQwE,EAAO5L,QAErB,OAAO+T,EAAKtS,OAAO,CAACxE,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GACrC,IAAIpF,WAAW,CAACsc,IAChBjH,EAAKc,YAAYzN,EAAMvI,OAAQ,GAC/BuI,GACV,CACM,KAAKuR,EAAEjL,cACP,KAAKiL,EAAE7K,iBACP,KAAK6K,EAAEhL,WACL,OAAOoG,EAAKtS,OAAO,CAACxE,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GAAO7G,KAAKqnD,OAAO3rC,EAAE/K,IAAK,CAC/DA,IAAK9J,EAAKlD,SAGd,KAAK+X,EAAE/K,IACL,QAAiBvO,IAAbyE,EAAK8J,IACP,MAAUpP,MAAM,8CAElB,OAAOsF,EAAK8J,IAAI22C,aAAatnD,KAAK03C,SAEpC,KAAKh8B,EAAE9K,cACL,OAAO5Q,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GAC5B,KAAK6U,EAAE5K,UACL,OAAO,IAAIrP,WAAW,GACxB,KAAKia,EAAE3K,WACL,MAAUxP,MAAM,mBAClB,QACE,MAAUA,MAAM,2BAExB,CAEE,gBAAAgmD,CAAiB1gD,EAAM+jC,GACrB,IAAIhpC,EAAS,EACb,OAAOmY,EAAiB6sC,EAAa5mD,KAAKqkD,gBAAgB9hD,IACxDX,GAAUW,EAAMX,MAAM,IACrB,KACD,MAAMskB,EAAM,GAeZ,OAdqB,IAAjBlmB,KAAK03C,SAAkB13C,KAAKkkD,gBAAkBz5C,EAAMoE,UAAUkB,QAAU/P,KAAKkkD,gBAAkBz5C,EAAMoE,UAAUmB,OAC7G46B,EACF1kB,EAAIpjB,KAAK,IAAIrB,WAAW,IAExBykB,EAAIpjB,KAAK+D,EAAKilC,gBAGlB5lB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK03C,QAAS,OAClB,IAAjB13C,KAAK03C,SACPxxB,EAAIpjB,KAAK,IAAIrB,WAAW,IAE1BykB,EAAIpjB,KAAKgU,EAAKc,YAAYhW,EAAQ,IAG3BkV,EAAKtS,OAAO0hB,EAAI,GAE7B,CAEE,MAAAgyB,CAAOgM,EAAer9C,EAAM+jC,GAAW,GACrC,MAAMzgC,EAAQnK,KAAKqnD,OAAOnD,EAAer9C,GAEzC,OAAOiQ,EAAKtS,OAAO,CAACxE,KAAKyuC,MAAQ,IAAIhtC,WAAc0I,EAAOnK,KAAKqkD,cAAerkD,KAAKunD,iBAAiB1gD,EAAM+jC,IAC9G,CAEE,UAAMj9B,CAAKu2C,EAAer9C,EAAMqxC,EAAQtN,GAAW,GACjD,GAAqB,IAAjB5qC,KAAK03C,SAAiB13C,KAAKyuC,KAAK7sC,SAAW0kD,GAAkBtmD,KAAKmkD,eAEpE,MAAU5iD,MAAM,oDAIlB,OADK22C,IAAQA,EAASl4C,KAAKk4C,OAAOgM,EAAer9C,EAAM+jC,IAChDzuB,GAAOxO,KAAK4W,OAAOvkB,KAAKmkD,cAAejM,EAClD,CAcE,YAAMxX,CAAO/vB,EAAKuzC,EAAer9C,EAAM87C,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GACnF,IAAKvX,KAAK2R,YAAY4xC,OAAO5yC,EAAI01C,YAC/B,MAAU9kD,MAAM,oDAElB,GAAIvB,KAAKokD,qBAAuBzzC,EAAI+kC,UAClC,MAAUn0C,MAAM,oFAGlB,MAAMimD,EAAqBtD,IAAkBz5C,EAAMoE,UAAUkB,QAAUm0C,IAAkBz5C,EAAMoE,UAAUmB,KAIzG,KADmBhQ,KAAKuyC,MAAciV,GACrB,CACf,IAAItP,EACAvqC,EAQJ,GAPI3N,KAAKy9B,OACP9vB,QAAa3N,KAAKy9B,QAElBya,EAASl4C,KAAKk4C,OAAOgM,EAAer9C,EAAM+jC,GAC1Cj9B,QAAa3N,KAAK2N,KAAKu2C,EAAer9C,EAAMqxC,IAE9CvqC,QAAasU,EAAiBtU,GAC1B3N,KAAKwkD,gBAAgB,KAAO72C,EAAK,IACjC3N,KAAKwkD,gBAAgB,KAAO72C,EAAK,GACnC,MAAUpM,MAAM,+BAUlB,GAPAvB,KAAK2mB,aAAe3mB,KAAK2mB,OAEzB3mB,KAAKuyC,UAAkBp2B,GAAOtN,UAAU6xB,OACtC1gC,KAAKokD,mBAAoBpkD,KAAKmkD,cAAenkD,KAAK2mB,OAAQhW,EAAIykC,aAC9D8C,EAAQvqC,IAGL3N,KAAKuyC,IACR,MAAUhxC,MAAM,gCAExB,CAEI,MAAMkmD,EAAW3wC,EAAKuB,cAAcsqC,GACpC,GAAI8E,GAAYznD,KAAKykD,QAAUgD,EAC7B,MAAUlmD,MAAM,4CAElB,GAAIkmD,GAAYA,GAAYznD,KAAK0nD,oBAC/B,MAAUnmD,MAAM,wBAElB,GAAI2S,EAAOqC,qBAAqBvS,IAAIhE,KAAKmkD,eACvC,MAAU5iD,MAAM,4BAA8BkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKmkD,eAAewD,eAE3F,GAAIzzC,EAAOsC,4BAA4BxS,IAAIhE,KAAKmkD,gBAC9C,CAAC15C,EAAMoE,UAAUkB,OAAQtF,EAAMoE,UAAUmB,MAAMkP,SAASlf,KAAKkkD,eAC7D,MAAU3iD,MAAM,oCAAsCkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKmkD,eAAewD,eAYnG,GAVA3nD,KAAKukD,kBAAkBtiD,SAAQ,EAAGgS,OAAMwyC,eACtC,GAAIA,EACF,MAAUllD,MAAM,6CAA6C0S,EACrE,IAEIjU,KAAKklD,aAAajjD,SAAQ,EAAGgG,OAAMw+C,eACjC,GAAIA,GAAavyC,EAAOkC,eAAe3M,QAAQxB,GAAQ,EACrD,MAAU1G,MAAM,8BAA8B0G,EACtD,IAEoC,OAA5BjI,KAAK+kD,mBACP,MAAUxjD,MAAM,gGAEtB,CAOE,SAAAqmD,CAAUjF,EAAO,IAAI5qC,MACnB,MAAM0vC,EAAW3wC,EAAKuB,cAAcsqC,GACpC,OAAiB,OAAb8E,KACOznD,KAAKykD,SAAWgD,GAAYA,EAAWznD,KAAK0nD,oBAG3D,CAME,iBAAAA,GACE,OAAO1nD,KAAK0kD,sBAAwBn8C,IAAW,IAAIwP,KAAK/X,KAAKykD,QAAQrsC,UAA2C,IAA/BpY,KAAKkR,wBAC1F,EAeA,SAAS21C,GAAe5yC,EAAMwyC,EAAU5/C,GACtC,MAAMqf,EAAM,GAIZ,OAHAA,EAAIpjB,KAAK2oC,GAAkB5kC,EAAKjF,OAAS,IACzCskB,EAAIpjB,KAAK,IAAIrB,WAAW,EAAEglD,EAAW,IAAO,GAAKxyC,KACjDiS,EAAIpjB,KAAK+D,GACFiQ,EAAKtS,OAAO0hB,EACrB,CASA,SAASogC,GAAkBnC,GACzB,OAAQA,GACN,KAAK15C,EAAMkD,KAAKI,OAAQ,OAAO,GAC/B,KAAKtD,EAAMkD,KAAKK,OAAQ,OAAO,GAC/B,KAAKvD,EAAMkD,KAAKM,OAAQ,OAAO,GAC/B,KAAKxD,EAAMkD,KAAKO,OAChB,KAAKzD,EAAMkD,KAAKQ,SAAU,OAAO,GACjC,KAAK1D,EAAMkD,KAAKS,SAAU,OAAO,GACjC,QAAS,MAAU7M,MAAM,6BAE7B,CCh1BA,MAAMsmD,GACJ,cAAW9pC,GACT,OAAOtT,EAAMkE,OAAOI,gBACxB,CAEE,0BAAO+4C,CAAoBC,EAAiBC,GAC1C,MAAMC,EAAa,IAAIJ,GAUvB,OATAI,EAAWvQ,QAAsC,IAA5BqQ,EAAgBrQ,QAAgB,EAAI,EACzDuQ,EAAW/D,cAAgB6D,EAAgB7D,cAC3C+D,EAAW9D,cAAgB4D,EAAgB5D,cAC3C8D,EAAW7D,mBAAqB2D,EAAgB3D,mBAChD6D,EAAWt2C,YAAco2C,EAAgBp2C,YACzCs2C,EAAWxZ,KAAOsZ,EAAgBtZ,KAClCwZ,EAAWx1C,kBAAoBs1C,EAAgBt1C,kBAE/Cw1C,EAAWC,MAAQF,EAAS,EAAI,EACzBC,CACX,CAEE,WAAAroD,GAEEI,KAAK03C,QAAU,KAQf13C,KAAKkkD,cAAgB,KAMrBlkD,KAAKmkD,cAAgB,KAMrBnkD,KAAKokD,mBAAqB,KAE1BpkD,KAAKyuC,KAAO,KAEZzuC,KAAK2R,YAAc,KAEnB3R,KAAKyS,kBAAoB,KAMzBzS,KAAKkoD,MAAQ,IACjB,CAOE,IAAA7lD,CAAK8H,GACH,IAAI68C,EAAQ,EAGZ,GADAhnD,KAAK03C,QAAUvtC,EAAM68C,KACA,IAAjBhnD,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,4DAa7C,GARA13C,KAAKkkD,cAAgB/5C,EAAM68C,KAG3BhnD,KAAKmkD,cAAgBh6C,EAAM68C,KAG3BhnD,KAAKokD,mBAAqBj6C,EAAM68C,KAEX,IAAjBhnD,KAAK03C,QAAe,CAMtB,MAAMmO,EAAa17C,EAAM68C,KAGzBhnD,KAAKyuC,KAAOtkC,EAAMnB,SAASg+C,EAAOA,EAAQnB,GAC1CmB,GAASnB,EAGT7lD,KAAKyS,kBAAoBtI,EAAMnB,SAASg+C,EAAOA,EAAQ,IACvDA,GAAS,GACThnD,KAAK2R,YAAc,IAAI2xC,GAEvBtjD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBACjC,MAEMzS,KAAK2R,YAAc,IAAI2xC,GACvBtjD,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASg+C,EAAOA,EAAQ,IACpDA,GAAS,EAQX,OADAhnD,KAAKkoD,MAAQ/9C,EAAM68C,KACZhnD,IACX,CAME,KAAA+C,GACE,MAAMmjB,EAAM,CAAC,IAAIzkB,WAAW,CAC1BzB,KAAK03C,QACL13C,KAAKkkD,cACLlkD,KAAKmkD,cACLnkD,KAAKokD,sBAYP,OAVqB,IAAjBpkD,KAAK03C,QACPxxB,EAAIpjB,KACF,IAAIrB,WAAW,CAACzB,KAAKyuC,KAAK7sC,SAC1B5B,KAAKyuC,KACLzuC,KAAKyS,mBAGPyT,EAAIpjB,KAAK9C,KAAK2R,YAAY5O,SAE5BmjB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKkoD,SACvBpxC,EAAKpV,iBAAiBwkB,EACjC,CAEE,gBAAAqhC,IAAoBY,GAClB,OAAOlC,GAAiB3jD,SAAY2hD,GAAgBhkD,UAAUsnD,iBAAiBltC,YAAYra,KAAKooD,iBAAkBD,IACtH,CAEE,YAAMznB,GACJ,MAAM0nB,QAAyBpoD,KAAKooD,iBACpC,IAAKA,GAAoBA,EAAiBxoD,YAAYme,MAAQtT,EAAMkE,OAAOE,UACzE,MAAUtN,MAAM,0CAElB,GACE6mD,EAAiBlE,gBAAkBlkD,KAAKkkD,eACxCkE,EAAiBjE,gBAAkBnkD,KAAKmkD,eACxCiE,EAAiBhE,qBAAuBpkD,KAAKokD,qBAC5CgE,EAAiBz2C,YAAY4xC,OAAOvjD,KAAK2R,cACxB,IAAjB3R,KAAK03C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjB13C,KAAK03C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjB13C,KAAK03C,UAAkB5gC,EAAKmE,iBAAiBmtC,EAAiB31C,kBAAmBzS,KAAKyS,oBACrE,IAAjBzS,KAAK03C,UAAkB5gC,EAAKmE,iBAAiBmtC,EAAiB3Z,KAAMzuC,KAAKyuC,MAE1E,MAAUltC,MAAM,2EAGlB,OADA6mD,EAAiB3qB,OAASz9B,KAAKy9B,OACxB2qB,EAAiB1nB,OAAOrmB,MAAM+tC,EAAkBje,UAC3D,EC5KO,SAASke,GAAiBtqC,EAAKuqC,GACpC,IAAKA,EAAevqC,GAAM,CAExB,IAAIwqC,EACJ,IACEA,EAAa99C,EAAMpI,KAAKoI,EAAMkE,OAAQoP,EACvC,CAAC,MAAO7Z,GACP,MAAM,IAAI4oC,GAAmB,iCAAiC/uB,EACpE,CACI,MAAUxc,MAAM,uCAAuCgnD,EAC3D,CACE,OAAO,IAAID,EAAevqC,EAC5B,CDmKA8pC,GAAuB5nD,UAAU0N,KAAOs2C,GAAgBhkD,UAAU0N,KAClEk6C,GAAuB5nD,UAAUi4C,OAAS+L,GAAgBhkD,UAAUi4C,OACpE2P,GAAuB5nD,UAAUonD,OAASpD,GAAgBhkD,UAAUonD,OC7JpE,MAAMmB,WAAmB7oD,MAWvB,uBAAa8oD,CAAWt+C,EAAOm+C,EAAgBp0C,EAASqD,GACtD,MAAMmxC,EAAU,IAAIF,GAEpB,aADME,EAAQrmD,KAAK8H,EAAOm+C,EAAgBp0C,GACnCw0C,CACX,CAUE,UAAMrmD,CAAK8H,EAAOm+C,EAAgBp0C,EAASqD,GACrCrD,EAAO4B,yBAAyBlU,SAClC0mD,EAAiB,IAAKA,KAAmBxxC,EAAK8G,wBAAwB1J,EAAO4B,4BAE/E9V,KAAKgB,OAAS4gB,EAAqBzX,GAAO7H,MAAO4C,EAAUC,KACzD,MAAMxE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MAyCb,SAxCmBqmC,GAAY9mC,GAAU5C,UACvC,IACE,GAAIqmD,EAAO5qC,MAAQtT,EAAMkE,OAAOS,QAAUu5C,EAAO5qC,MAAQtT,EAAMkE,OAAOW,OAASq5C,EAAO5qC,MAAQtT,EAAMkE,OAAOkB,QAKzG,OAEF,MAAMlB,EAAS05C,GAAiBM,EAAO5qC,IAAKuqC,GAC5C35C,EAAO+5C,QAAU,IAAIF,GACrB75C,EAAOi6C,WAAa9xC,EAAK7V,SAAS0nD,EAAOh6C,cACnCA,EAAOtM,KAAKsmD,EAAOh6C,OAAQuF,SAC3BvT,EAAOoC,MAAM4L,EACpB,CAAC,MAAOzK,GAIP,GAAIA,aAAa4oC,GAAoB,CACnC,KAAI6b,EAAO5qC,KAAO,IAGhB,aAFMpd,EAAOuC,MAAMgB,EAIrC,CAEc,MAAM2kD,GAAyB30C,EAAO0B,0BAA4B1R,aAAa0oC,GACzEkc,IAAuB50C,EAAO2B,wBAA4B3R,aAAa0oC,IAC7E,GAAIic,GAAyBC,GAAuB/c,GAAkB4c,EAAO5qC,WAIrEpd,EAAOuC,MAAMgB,OACd,CACL,MAAM6kD,EAAiB,IAAIhc,GAAkB4b,EAAO5qC,IAAK4qC,EAAOh6C,cAC1DhO,EAAOoC,MAAMgmD,EACnC,CACcjyC,EAAKyE,gBAAgBrX,EACnC,KAKY,aAFMvD,EAAOgF,iBACPhF,EAAOsC,OAGzB,CACO,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,KAII,MAAMR,EAASme,EAAiB7hB,KAAKgB,QACrC,OAAa,CACX,MAAMwB,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OAMrC,GALKG,EAGHxC,KAAKgB,OAAS,KAFdhB,KAAK8C,KAAKP,GAIRC,GAAQupC,GAAkBxpC,EAAM3C,YAAYme,KAC9C,KAER,CACIra,EAAO7C,aACX,CAOE,KAAAkC,GACE,MAAMmjB,EAAM,GAEZ,IAAK,IAAIpkB,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAAK,CACpC,MAAMic,EAAM/d,KAAK8B,aAAcirC,GAAoB/sC,KAAK8B,GAAGic,IAAM/d,KAAK8B,GAAGlC,YAAYme,IAC/EirC,EAAchpD,KAAK8B,GAAGiB,QAC5B,GAAI+T,EAAK7V,SAAS+nD,IAAgBjd,GAAkB/rC,KAAK8B,GAAGlC,YAAYme,KAAM,CAC5E,IAAIzU,EAAS,GACTU,EAAe,EACnB,MAAMi/C,EAAY,IAClB/iC,EAAIpjB,KAAK8oC,GAAS7tB,IAClBmI,EAAIpjB,KAAKiX,EAAiBivC,GAAazmD,IAGrC,GAFA+G,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBi/C,EAAW,CAC7B,MAAMC,EAAWzgD,KAAKsd,IAAItd,KAAK6S,IAAItR,GAAgBvB,KAAK0gD,IAAM,EAAG,IAC3DC,EAAY,GAAKF,EACjBj/C,EAAe6M,EAAKtS,OAAO,CAACknC,GAAmBwd,IAAW1kD,OAAO8E,IAGvE,OAFAA,EAAS,CAACW,EAAajB,SAAS,EAAIogD,IACpCp/C,EAAeV,EAAO,GAAG1H,OAClBqI,EAAajB,SAAS,EAAG,EAAIogD,EAChD,KACW,IAAMtyC,EAAKtS,OAAO,CAACinC,GAAkBzhC,IAAexF,OAAO8E,MACtE,KAAa,CACL,GAAIwN,EAAK7V,SAAS+nD,GAAc,CAC9B,IAAIpnD,EAAS,EACbskB,EAAIpjB,KAAKiX,EAAiB6sC,EAAaoC,IAAczmD,IACnDX,GAAUW,EAAMX,MAAM,IACrB,IAAMkqC,GAAY/tB,EAAKnc,KACpC,MACUskB,EAAIpjB,KAAKgpC,GAAY/tB,EAAKirC,EAAYpnD,SAExCskB,EAAIpjB,KAAKkmD,EACjB,CACA,CAEI,OAAOlyC,EAAKtS,OAAO0hB,EACvB,CAOE,WAAAmjC,IAAeC,GACb,MAAMC,EAAW,IAAIf,GAEfgB,EAASzrC,GAAOwqC,GAAcxqC,IAAQwqC,EAE5C,IAAK,IAAIzmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BwnD,EAAK5kD,KAAK8kD,EAAOxpD,KAAK8B,GAAGlC,YAAYme,OACvCwrC,EAASzmD,KAAK9C,KAAK8B,IAIvB,OAAOynD,CACX,CAOE,UAAAE,CAAW1rC,GACT,OAAO/d,KAAK0pD,MAAK/6C,GAAUA,EAAO/O,YAAYme,MAAQA,GAC1D,CAOE,UAAA4rC,IAAcL,GACZ,MAAMM,EAAW,GACXC,EAAO7pD,KAEPwpD,EAASzrC,GAAOwqC,GAAcxqC,IAAQwqC,EAE5C,IAAK,IAAIzmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BwnD,EAAK5kD,KAAK8kD,EAAOK,EAAK/nD,GAAGlC,YAAYme,OACvC6rC,EAAS9mD,KAAKhB,GAGlB,OAAO8nD,CACX,EC1MA,MAAMtB,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAmF,GACA5D,KAWF,MAAM6F,GACJ,cAAW/rC,GACT,OAAOtT,EAAMkE,OAAOO,cACxB,CAKE,WAAAtP,CAAYsU,EAASqD,GAKnBvX,KAAK0oD,QAAU,KAKf1oD,KAAK01C,UAAYxhC,EAAOG,8BAMxBrU,KAAK+pD,WAAa,IACtB,CAOE,UAAM1nD,CAAK8H,EAAO+J,EAASqD,SACnB4rC,EAAah5C,GAAO7H,UAGxBtC,KAAK01C,gBAAkBhyC,EAAOkG,WAG9B5J,KAAK+pD,WAAarmD,EAAOgE,kBAEnB1H,KAAKgqD,WAAW91C,EAAO,GAEnC,CAOE,KAAAnR,GAKE,OAJwB,OAApB/C,KAAK+pD,YACP/pD,KAAKiqD,WAGAnzC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK01C,YAAa11C,KAAK+pD,YAC/D,CAQE,gBAAMC,CAAW91C,EAASqD,GACxB,MAAM2yC,EAAkBz/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK01C,WACrDyU,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAU5oD,MAAS2oD,EAAH,gCAGlBlqD,KAAK0oD,cAAgBF,GAAWC,iBAAiB0B,EAAgBnqD,KAAK+pD,YAAazB,GAAgBp0C,EACvG,CAKE,QAAA+1C,GACE,MAAMC,EAAkBz/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK01C,WACrD2U,EAAgBC,GAAaJ,GACnC,IAAKG,EACH,MAAU9oD,MAAS2oD,EAAH,8BAGlBlqD,KAAK+pD,WAAaM,EAAcrqD,KAAK0oD,QAAQ3lD,QACjD,EAiBA,SAAS0K,GAAK88C,EAA+BC,GAC3C,OAAO3jD,IACL,IAAKiQ,EAAK7V,SAAS4F,IAASmb,EAAqBnb,GAC/C,OAAOo/C,GAAiB,IAAMhkC,EAAiBpb,GAAMhE,MAAK4nD,GACjD,IAAIvqD,SAAQ,CAACC,EAASC,KAC3B,MAAMsqD,EAAa,IAAIF,EACvBE,EAAWjK,OAASkK,IAClBxqD,EAAQwqD,EAAc,EAExB,IACED,EAAW5nD,KAAK2nD,GAAW,EAC5B,CAAC,MAAOp0B,GACPj2B,EAAOi2B,EACnB,SAMI,GAAIk0B,EACF,IACE,MAAMK,EAA2BL,IACjC,OAAO1jD,EAAKgkD,YAAYD,EACzB,CAAC,MAAOv0B,GAEP,GAAiB,cAAbA,EAAIpuB,KACN,MAAMouB,CAEhB,CAII,MAAMy0B,EAAcjkD,EAAKrG,YACnBkqD,EAAa,IAAIF,EAEvB,OAAO,IAAIrpD,eAAe,CACxB,WAAMiD,CAAMC,GAQV,IAPAqmD,EAAWjK,OAASn+C,MAAOC,EAAOylD,KAChC3jD,EAAWC,QAAQ/B,GACfylD,GACF3jD,EAAWpB,OACvB,IAGqB,CACX,MAAMT,KAAEA,EAAID,MAAEA,SAAgBuoD,EAAYzoD,OAC1C,GAAIG,EAEF,YADAkoD,EAAW5nD,KAAK,IAAIrB,YAAc,GAEzBc,EAAMX,QACf8oD,EAAW5nD,KAAKP,EAE5B,CACA,GACM,CAEN,CAEA,SAASwoD,KACP,OAAOzoD,eAAeuE,GACpB,MAAQiU,OAAQkwC,SAAuB9qD,QAA4BC,UAAA0C,MAAA,WAAA,OAAAqa,EAAA,IACnE,OAAO+oC,GAAiB3jD,SAAY0oD,QAAmB/oC,EAAiBpb,KACzE,CACH,CASA,MAAMokD,GAAoCC,IAAsB,CAC9DC,WAAyC,oBAAtBC,mBAAsC,KAAM,IAAIA,kBAAkBF,IACrFG,aAA6C,oBAAxBC,qBAAwC,KAAM,IAAIA,oBAAoBJ,MAGvFZ,GAAe,CACnB98C,iBAAmBC,GAAKw9C,GAAkC,eAAeE,WAAY5K,IACrF9yC,kBAAoBA,GAAKw9C,GAAkC,WAAWE,WAAYhJ,KAG9EiI,GAAiB,CACrB78C,aAAc1G,GAAQA,EACtB2G,iBAAmBC,GAAKw9C,GAAkC,eAAeI,aAAc3K,IACvFjzC,kBAAoBA,GAAKw9C,GAAkC,WAAWI,aAAc7I,IACpF90C,mBAAqBq9C,MCvMjBzC,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAaF,MAAMsH,GACJ,cAAWxtC,GACT,OAAOtT,EAAMkE,OAAOe,kCACxB,CAEE,iBAAO+lC,EAAWiC,QAAEA,EAAO8T,cAAEA,IAC3B,GAAgB,IAAZ9T,GAA6B,IAAZA,EACnB,MAAUn2C,MAAM,6BAGlB,MAAMkqD,EAAO,IAAIF,GAMjB,OALAE,EAAK/T,QAAUA,EACC,IAAZA,IACF+T,EAAKD,cAAgBA,GAGhBC,CACX,CAEE,WAAA7rD,GACEI,KAAK03C,QAAU,KAIf13C,KAAK0rD,gBAAkB,KAEvB1rD,KAAKwrD,cAAgB,KACrBxrD,KAAK2rD,cAAgB,KACrB3rD,KAAKyuC,KAAO,KAEZzuC,KAAK4rD,UAAY,KACjB5rD,KAAK0oD,QAAU,IACnB,CAEE,UAAMrmD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UAGxB,GAFAtC,KAAK03C,cAAgBh0C,EAAOkG,WAEP,IAAjB5J,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,8CAGxB,IAAjB13C,KAAK03C,UAEP13C,KAAK0rD,sBAAwBhoD,EAAOkG,WAEpC5J,KAAKwrD,oBAAsB9nD,EAAOkG,WAElC5J,KAAK2rD,oBAAsBjoD,EAAOkG,WAElC5J,KAAKyuC,WAAa/qC,EAAOqG,UAAU,KAUrC/J,KAAK4rD,UAAYloD,EAAOgE,WAAW,GAEzC,CAEE,KAAA3E,GACE,OAAqB,IAAjB/C,KAAK03C,QACA5gC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,QAAS13C,KAAK0rD,gBAAiB1rD,KAAKwrD,cAAexrD,KAAK2rD,gBAAiB3rD,KAAKyuC,KAAMzuC,KAAK4rD,YAE7H90C,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,UAAW13C,KAAK4rD,WAC7D,CAWE,aAAM79B,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAM/C,MAAM0L,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgB8oC,GACtD,GAAIl7C,EAAI/O,SAAWohB,EACjB,MAAUzhB,MAAM,+BAGlB,IAAI4I,EAAQnK,KAAK0oD,QAAQ3lD,QAGzB,GAFIif,EAAqB7X,KAAQA,QAAc8X,EAAiB9X,IAE3C,IAAjBnK,KAAK03C,QACP13C,KAAK0rD,gBAAkBG,EAEvB7rD,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAe,IACzC57B,KAAK2rD,cAAgBz3C,EAAOO,kBAC5BzU,KAAK4rD,gBAAkBE,GAAQ9rD,KAAM,UAAW2Q,EAAKxG,OAChD,CACL,MAAMgP,QAAegD,GAAO4vC,gBAAgBF,GACtCG,EAAM,IAAIvqD,WAAW,CAAC,IAAM,KAE5BwqD,EAASn1C,EAAKtS,OAAO,CAAC2U,EAAQhP,EAAO6hD,IACrCr+C,QAAawO,GAAOxO,KAAKE,KAAK0U,EAAoB0pC,IAClD58B,EAAYvY,EAAKtS,OAAO,CAACynD,EAAQt+C,IAEvC3N,KAAK4rD,gBAAkBzvC,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAK0e,EAAW,IAAI5tB,WAAWwhB,GAAY/O,EACrH,CACI,OAAO,CACX,CAWE,aAAMma,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAM/C,GAAI5G,EAAI/O,SAAWua,GAAO4G,gBAAgB8oC,GAAqB7oC,QAC7D,MAAUzhB,MAAM,+BAGlB,IAGIynD,EAHA4C,EAAYhF,EAAa5mD,KAAK4rD,WAIlC,GAHI5pC,EAAqB4pC,KAAYA,QAAkB3pC,EAAiB2pC,IAGnD,IAAjB5rD,KAAK03C,QAAe,CACtB,GAAI13C,KAAK0rD,kBAAoBG,EAE3B,MAAUtqD,MAAM,oCAElBynD,QAAoB8C,GAAQ9rD,KAAM,UAAW2Q,EAAKi7C,EACxD,KAAW,CACL,MAAM3oC,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GACvCK,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQw9B,EAAqBl7C,EAAKi7C,EAAW,IAAInqD,WAAWwhB,IAI9FkpC,EAAWxF,EAAapkC,EAAoB2pC,IAAa,IACzDD,EAAStF,EAAauF,EAAW,GAAI,IACrCE,EAAalsD,QAAQ4E,IAAI,CAC7Bmd,QAAuB9F,GAAOxO,KAAKE,KAAK0U,EAAoB0pC,KAC5DhqC,EAAiBkqC,KAChBtpD,MAAK,EAAE8K,EAAMq+C,MACd,IAAKl1C,EAAKmE,iBAAiBtN,EAAMq+C,GAC/B,MAAUzqD,MAAM,0BAElB,OAAO,IAAIE,UAAY,IAEnB0I,EAAQw8C,EAAasF,EAAQhpC,EAAY,GAC/C+lC,EAAcrC,EAAax8C,EAAO,GAAI,GACtC6+C,EAAcjuC,EAAc,CAACiuC,EAAa/C,GAAiB,IAAMmG,MAC5Dt1C,EAAK7V,SAAS2qD,IAAe13C,EAAOiB,6BACvC6zC,QAAoB/mC,EAAiB+mC,GAE7C,CAGI,OADAhpD,KAAK0oD,cAAgBF,GAAWC,WAAWO,EAAaV,GAAgBp0C,IACjE,CACX,EAaO5R,eAAewpD,GAAQn9C,EAAQ1H,EAAI0J,EAAK9J,GAC7C,MAAMwlD,EAAY19C,aAAkB48C,IAA+D,IAAnB58C,EAAO+oC,QACjF4U,GAAWD,GAAa19C,EAAO/O,YAAYme,MAAQtT,EAAMkE,OAAOiB,kBACtE,IAAKy8C,IAAcC,EAAS,MAAU/qD,MAAM,0BAE5C,MAAMiyB,EAAOrX,GAAOowC,YAAY59C,EAAO68C,eACjCgB,EAA+B,YAAPvlD,EAAmBusB,EAAKvC,UAAY,EAC5Dw7B,EAA+B,YAAPxlD,EAAmBusB,EAAKvC,UAAY,EAC5Dm4B,EAAY,IAAMz6C,EAAOg9C,cAAgB,GAAKa,EAC9CE,EAAyBJ,EAAU,EAAI,EACvCK,EAAc,IAAIhsC,YAAY,GAAK+rC,GACnCE,EAAa,IAAInrD,WAAWkrD,EAAa,EAAG,EAAID,GAChDG,EAAgB,IAAIprD,WAAWkrD,GAC/BG,EAAY,IAAIlsC,SAAS+rC,GACzBI,EAAkB,IAAItrD,WAAWkrD,EAAa,EAAG,GACvDC,EAAWzqD,IAAI,CAAC,IAAOwM,EAAO/O,YAAYme,IAAKpP,EAAO+oC,QAAS/oC,EAAO+8C,gBAAiB/8C,EAAO68C,cAAe78C,EAAOg9C,eAAgB,GACpI,IAIIn8B,EACAw9B,EALAt1B,EAAa,EACbu1B,EAAgB/sD,QAAQC,UACxB+sD,EAAe,EACfC,EAAc,EAGlB,GAAId,EAAW,CACb,MAAMrpC,QAAEA,GAAY7G,GAAO4G,gBAAgBpU,EAAO+8C,kBAC5Cn1B,SAAEA,GAAa/C,EACfkb,EAAO,IAAIjtC,WAAWkrD,EAAa,EAAG,GACtCS,QAAgB7e,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAKhC,EAAO8/B,KAAMC,EAAM1rB,EAAUuT,GACvF5lB,EAAMy8C,EAAQpkD,SAAS,EAAGga,GAC1BwM,EAAK49B,EAAQpkD,SAASga,GACtBwM,EAAG/H,KAAK,EAAG+H,EAAG5tB,OAAS,GACvBorD,EAAS,IAAIpsC,SAAS4O,EAAGlmB,OAAQkmB,EAAGnlB,WAAYmlB,EAAGllB,WACvD,MACIklB,EAAK7gB,EAAO6gB,GAGd,MAAM69B,QAAqB75B,EAAK7kB,EAAO+8C,gBAAiB/6C,GACxD,OAAOiR,EAAqB/a,GAAMvE,MAAO4C,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7V,SAASiE,GAAuB,CACvC,MAAMoE,EAAS,IAAItD,gBAAgB,GAAI,CACrCQ,cAAesQ,EAAK4F,yBAA2B,IAAM/N,EAAOg9C,cAAgB,GAC5E2B,KAAMvxC,GAASA,EAAMna,SAEvB2rD,EAAYjkD,EAAOpE,SAAUC,GAC7BA,EAAWmE,EAAOnE,QACxB,CACI,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAInC,QAAcU,EAAOqG,UAAUq/C,EAAYoD,IAA0B,IAAI/qD,WAC7E,MAAM+rD,EAAaxqD,EAAMgG,SAAShG,EAAMpB,OAAS4qD,GAEjD,IAAIiB,EACAjrD,EACAisB,EACJ,GAJAzrB,EAAQA,EAAMgG,SAAS,EAAGhG,EAAMpB,OAAS4qD,GAIrCH,EACF59B,EAAQe,MACH,CACLf,EAAQe,EAAG7sB,QACX,IAAK,IAAIb,EAAI,EAAGA,EAAI,EAAGA,IACrB2sB,EAAMe,EAAG5tB,OAAS,EAAIE,IAAMirD,EAAgBjrD,EAExD,CA0BQ,IAzBK41B,GAAc10B,EAAMpB,QACvB8B,EAAOiG,QAAQ6jD,GACfC,EAAiBJ,EAAapmD,GAAIjE,EAAOyrB,EAAOm+B,GAChDa,EAAeptD,OAAM,SACrB8sD,GAAenqD,EAAMpB,OAAS4qD,EAAwBC,IAKtDK,EAAUY,SAAS,EAAIhB,EAAyB,EAAGQ,GACnDO,EAAiBJ,EAAapmD,GAAIumD,EAAY/+B,EAAOo+B,GACrDY,EAAeptD,OAAM,SACrB8sD,GAAeV,EACfjqD,GAAO,GAET0qD,GAAgBlqD,EAAMpB,OAAS4qD,EAE/BS,EAAgBA,EAAcpqD,MAAK,IAAM4qD,IAAgB5qD,MAAKP,gBACtD3B,EAAOgF,YACPhF,EAAOoC,MAAMo2B,GACnBg0B,GAAeh0B,EAAQv3B,MAAM,IAC5BvB,OAAMg2B,GAAO11B,EAAOuC,MAAMmzB,MACzB7zB,GAAQ2qD,EAAcxsD,EAAOgtD,oBACzBV,EAEHzqD,EAME,OACC7B,EAAOsC,QACb,KACV,CARcopD,EACFW,EAAOU,SAASl+B,EAAG5tB,OAAS,IAAK81B,GAEjCo1B,EAAUY,SAAS,IAASh2B,EAMxC,CACK,CAAC,MAAOxzB,SACDvD,EAAOgF,MAAMtF,OAAM,eACnBM,EAAOuC,MAAMgB,EACzB,IAEA,CC/SA,MAAMokD,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAYF,MAAM2J,GACJ,cAAW7vC,GACT,OAAOtT,EAAMkE,OAAOiB,iBACxB,CAEE,WAAAhQ,GACEI,KAAK03C,QAfO,EAiBZ13C,KAAK0rD,gBAAkB,KAEvB1rD,KAAKwrD,cAAgB/gD,EAAM6D,KAAKC,IAChCvO,KAAK2rD,cAAgB,KACrB3rD,KAAKwvB,GAAK,KACVxvB,KAAK4rD,UAAY,KACjB5rD,KAAK0oD,QAAU,IACnB,CAOE,UAAMrmD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UACxB,MAAMo1C,QAAgBh0C,EAAOkG,WAC7B,GAlCU,IAkCN8tC,EACF,MAAM,IAAI9K,GAAiB,WAAW8K,yDAExC13C,KAAK0rD,sBAAwBhoD,EAAOkG,WACpC5J,KAAKwrD,oBAAsB9nD,EAAOkG,WAClC5J,KAAK2rD,oBAAsBjoD,EAAOkG,WAElC,MAAM4pB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eACrCxrD,KAAKwvB,SAAW9rB,EAAOqG,UAAUypB,EAAK+C,UACtCv2B,KAAK4rD,UAAYloD,EAAOgE,WAAW,GAEzC,CAME,KAAA3E,GACE,OAAO+T,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,QAAS13C,KAAK0rD,gBAAiB1rD,KAAKwrD,cAAexrD,KAAK2rD,gBAAiB3rD,KAAKwvB,GAAIxvB,KAAK4rD,WACpI,CAUE,aAAMv9B,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAC/CvX,KAAK0oD,cAAgBF,GAAWC,iBACxBqD,GAAQ9rD,KAAM,UAAW2Q,EAAKi2C,EAAa5mD,KAAK4rD,YACtDtD,GACAp0C,EAEN,CAUE,aAAM6Z,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAC/CvX,KAAK0rD,gBAAkBG,EAEvB,MAAMt1B,SAAEA,GAAapa,GAAOowC,YAAYvsD,KAAKwrD,eAC7CxrD,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAerF,GACvCv2B,KAAK2rD,cAAgBz3C,EAAOO,kBAC5B,MAAM5N,EAAO7G,KAAK0oD,QAAQ3lD,QAC1B/C,KAAK4rD,gBAAkBE,GAAQ9rD,KAAM,UAAW2Q,EAAK9J,EACzD,ECvFA,MAAMgnD,GACJ,cAAW9vC,GACT,OAAOtT,EAAMkE,OAAOC,4BACxB,CAEE,WAAAhP,GACEI,KAAK03C,QAAU,KAGf13C,KAAK8tD,YAAc,IAAIxK,GAGvBtjD,KAAK+tD,iBAAmB,KACxB/tD,KAAKguD,qBAAuB,KAG5BhuD,KAAKokD,mBAAqB,KAE1BpkD,KAAKiuD,WAAa,KAKlBjuD,KAAK6rD,oBAAsB,KAG3B7rD,KAAK4rD,UAAY,CAAE,CACvB,CAEE,iBAAOnW,EAAWiC,QAChBA,EAAOwW,oBAAEA,EAAmBC,mBAAEA,EAAkBF,WAAEA,EAAUpC,oBAAEA,IAE9D,MAAMuC,EAAQ,IAAIP,GAElB,GAAgB,IAAZnW,GAA6B,IAAZA,EACnB,MAAUn2C,MAAM,6BAelB,OAZA6sD,EAAM1W,QAAUA,EAEA,IAAZA,IACF0W,EAAML,iBAAmBI,EAAqB,KAAOD,EAAoBxW,QACzE0W,EAAMJ,qBAAuBG,EAAqB,KAAOD,EAAoB9H,uBAG/EgI,EAAMN,YAAcK,EAAqB7K,GAAMQ,WAAaoK,EAAoB7H,WAChF+H,EAAMhK,mBAAqB8J,EAAoBxY,UAC/C0Y,EAAMH,WAAaA,EACnBG,EAAMvC,oBAAsBA,EAErBuC,CACX,CAOE,IAAA/rD,CAAK8H,GACH,IAAIyO,EAAS,EAEb,GADA5Y,KAAK03C,QAAUvtC,EAAMyO,KACA,IAAjB5Y,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,+CAE7C,GAAqB,IAAjB13C,KAAK03C,QAAe,CAKtB,MAAM2W,EAA8BlkD,EAAMyO,KAC1C,GAAIy1C,EAA6B,CAC/BruD,KAAK+tD,iBAAmB5jD,EAAMyO,KAC9B,MAAM01C,EAAoBD,EAA8B,EACxDruD,KAAKguD,qBAAuB7jD,EAAMnB,SAAS4P,EAAQA,EAAS01C,GAAoB11C,GAAU01C,EACtFtuD,KAAK+tD,kBAAoB,EAE3B/tD,KAAK8tD,YAAYzrD,KAAKrC,KAAKguD,sBAG3BhuD,KAAK8tD,YAAYzrD,KAAKrC,KAAKguD,qBAAqBhlD,UAAU,GAEpE,MAGQhJ,KAAK8tD,YAAcxK,GAAMQ,UAEjC,MACMlrC,GAAU5Y,KAAK8tD,YAAYzrD,KAAK8H,EAAMnB,SAAS4P,EAAQA,EAAS,IAIlE,GAFA5Y,KAAKokD,mBAAqBj6C,EAAMyO,KAChC5Y,KAAK4rD,UAAYzvC,GAAOoyC,yBAAyBvuD,KAAKokD,mBAAoBj6C,EAAMnB,SAAS4P,IACrF5Y,KAAKokD,qBAAuB35C,EAAMsB,UAAUW,QAAU1M,KAAKokD,qBAAuB35C,EAAMsB,UAAUY,KACpG,GAAqB,IAAjB3M,KAAK03C,QACP13C,KAAK6rD,oBAAsBphD,EAAM1H,MAAM0H,EAAMoC,UAAW7M,KAAK4rD,UAAUtX,EAAEoB,gBACpE,GAAmC,OAA/B11C,KAAK4rD,UAAUtX,EAAEoB,UAC1B,MAAUn0C,MAAM,2CAGxB,CAOE,KAAAwB,GACE,MAAMmjB,EAAM,CACV,IAAIzkB,WAAW,CAACzB,KAAK03C,WAsBvB,OAnBqB,IAAjB13C,KAAK03C,QAC2B,OAA9B13C,KAAKguD,sBACP9nC,EAAIpjB,KAAK,IAAIrB,WAAW,CACtBzB,KAAKguD,qBAAqBpsD,OAAS,EACnC5B,KAAK+tD,oBAEP7nC,EAAIpjB,KAAK9C,KAAKguD,uBAEd9nC,EAAIpjB,KAAK,IAAIrB,WAAW,CAAC,KAG3BykB,EAAIpjB,KAAK9C,KAAK8tD,YAAY/qD,SAG5BmjB,EAAIpjB,KACF,IAAIrB,WAAW,CAACzB,KAAKokD,qBACrBjoC,GAAO+pC,gBAAgBlmD,KAAKokD,mBAAoBpkD,KAAK4rD,YAGhD90C,EAAKpV,iBAAiBwkB,EACjC,CAQE,aAAM6H,CAAQpd,GACZ,MAAM8R,EAAOhY,EAAM1H,MAAM0H,EAAMsB,UAAW/L,KAAKokD,oBAGzCyH,EAAuC,IAAjB7rD,KAAK03C,QAAgB13C,KAAK6rD,oBAAsB,KACtE7Y,EAA8B,IAAhBriC,EAAI+mC,QAAgB/mC,EAAIy1C,sBAAsBp9C,SAAS,EAAG,IAAM2H,EAAIy1C,sBAClFtnC,EAAU0vC,GAAiBxuD,KAAK03C,QAASj1B,EAAMopC,EAAqB7rD,KAAKiuD,YAC/EjuD,KAAK4rD,gBAAkBzvC,GAAOsyC,iBAC5BhsC,EAAMopC,EAAqBl7C,EAAIykC,aAAct2B,EAASk0B,EAC5D,CAUE,aAAM3kB,CAAQ1d,EAAK+9C,GAEjB,GAAI1uD,KAAKokD,qBAAuBzzC,EAAI+kC,UAClC,MAAUn0C,MAAM,oBAGlB,MAAM47B,EAAgBuxB,EACpBF,GAAiBxuD,KAAK03C,QAAS13C,KAAKokD,mBAAoBsK,EAAiB7C,oBAAqB6C,EAAiBT,YAC/G,KACIjb,EAA8B,IAAhBriC,EAAI+mC,QAAgB/mC,EAAIy1C,sBAAsBp9C,SAAS,EAAG,IAAM2H,EAAIy1C,sBAClFuI,QAAsBxyC,GAAOyyC,iBAAiB5uD,KAAKokD,mBAAoBzzC,EAAIykC,aAAczkC,EAAIolC,cAAe/1C,KAAK4rD,UAAW5Y,EAAa7V,IAEzI8wB,WAAEA,EAAUpC,oBAAEA,GAuCxB,SAA0BnU,EAAStB,EAASuY,EAAeD,GACzD,OAAQtY,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAAM,CAEzB,MAAMtK,EAAS4sD,EAAc3lD,SAAS,EAAG2lD,EAAc/sD,OAAS,GAC1Dg3B,EAAW+1B,EAAc3lD,SAAS2lD,EAAc/sD,OAAS,GACzDitD,EAAmB/3C,EAAKsE,cAAcrZ,EAAOiH,SAASjH,EAAOH,OAAS,IACtEktD,EAAkBD,EAAiB,KAAOj2B,EAAS,GAAKi2B,EAAiB,KAAOj2B,EAAS,GACzFm2B,EAAkC,IAAZrX,EAC1B,CAAEmU,oBAAqB,KAAMoC,WAAYlsD,GACzC,CAAE8pD,oBAAqB9pD,EAAO,GAAIksD,WAAYlsD,EAAOiH,SAAS,IAChE,GAAI0lD,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBlD,sBAAwB6C,EAAiB7C,oBAC7DkD,EAAoBd,WAAWrsD,SAAW8sD,EAAiBT,WAAWrsD,OACxE,MAAO,CACLqsD,WAAYn3C,EAAKsH,iBAAiB4wC,EAAgBD,EAAoBd,WAAYS,EAAiBT,YACnGpC,oBAAiC,IAAZnU,EAAgB,KAAO5gC,EAAKyH,YAC/CywC,EACAD,EAAoBlD,oBACpB6C,EAAiB7C,qBAG7B,CAGQ,GAFuBiD,IACT,IAAZpX,GAAiBjtC,EAAMpI,KAAKoI,EAAMoC,UAAWkiD,EAAoBlD,sBAEjE,OAAOkD,EAEP,MAAUxtD,MAAM,mBAG1B,CACI,KAAKkJ,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,MAAO,CACLk/C,oBAAqB,KACrBoC,WAAYU,GAEhB,QACE,MAAUptD,MAAM,oCAEtB,CAtFgD0tD,CAAiBjvD,KAAK03C,QAAS13C,KAAKokD,mBAAoBuK,EAAeD,GAEnH,GAAqB,IAAjB1uD,KAAK03C,QAAe,CAEtB,MAAMwX,EAAmBlvD,KAAKokD,qBAAuB35C,EAAMsB,UAAUW,QAAU1M,KAAKokD,qBAAuB35C,EAAMsB,UAAUY,KAG3H,GAFA3M,KAAK6rD,oBAAsBqD,EAAmBrD,EAAsB7rD,KAAK6rD,oBAErEoC,EAAWrsD,SAAWua,GAAO4G,gBAAgB/iB,KAAK6rD,qBAAqB7oC,QACzE,MAAUzhB,MAAM,8BAExB,CACIvB,KAAKiuD,WAAaA,CACtB,EAMA,SAASO,GAAiB9W,EAAStB,EAAS33B,EAAY0wC,GACtD,OAAQ/Y,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAEnB,OAAOyK,EAAKpV,iBAAiB,CAC3B,IAAID,WAAuB,IAAZi2C,EAAgB,GAAK,CAACj5B,IACrC0wC,EACAr4C,EAAKsE,cAAc+zC,EAAenmD,SAASmmD,EAAevtD,OAAS,MAEvE,KAAK6I,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOwiD,EACT,QACE,MAAU5tD,MAAM,oCAEtB,CC9MA,MAAM6tD,GACJ,cAAWrxC,GACT,OAAOtT,EAAMkE,OAAOG,sBACxB,CAKE,WAAAlP,CAAYsU,EAASqD,GACnBvX,KAAK03C,QAAUxjC,EAAOI,YAAc,EAAI,EACxCtU,KAAKiuD,WAAa,KAKlBjuD,KAAKqvD,8BAAgC,KAKrCrvD,KAAK6rD,oBAAsB,KAK3B7rD,KAAKwrD,cAAgB/gD,EAAM1H,MAAM0H,EAAM6D,KAAM4F,EAAOM,wBACpDxU,KAAK4rD,UAAY,KACjB5rD,KAAKyL,IAAM,KACXzL,KAAKwvB,GAAK,IACd,CAOE,IAAAntB,CAAK8H,GACH,IAAIyO,EAAS,EAIb,GADA5Y,KAAK03C,QAAUvtC,EAAMyO,KACA,IAAjB5Y,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QACnD,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,+CAGxB,IAAjB13C,KAAK03C,SAEP9+B,IAIF,MAAM6J,EAAOtY,EAAMyO,KAEf5Y,KAAK03C,SAAW,IAElB13C,KAAKwrD,cAAgBrhD,EAAMyO,KAEN,IAAjB5Y,KAAK03C,SAEP9+B,KAKJ,MAAMhE,EAAUzK,EAAMyO,KAItB,GAHA5Y,KAAKyL,IAAM4sC,GAAezjC,GAC1BgE,GAAU5Y,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAAS4P,EAAQzO,EAAMvI,SAEjD5B,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eAIrCxrD,KAAKwvB,GAAKrlB,EAAMnB,SAAS4P,EAAQA,GAAU4a,EAAK+C,SACtD,CAIQv2B,KAAK03C,SAAW,GAAK9+B,EAASzO,EAAMvI,QACtC5B,KAAK4rD,UAAYzhD,EAAMnB,SAAS4P,EAAQzO,EAAMvI,QAC9C5B,KAAKqvD,8BAAgC5sC,GAErCziB,KAAK6rD,oBAAsBppC,CAEjC,CAOE,KAAA1f,GACE,MAAM0f,EAA0B,OAAnBziB,KAAK4rD,UAChB5rD,KAAK6rD,oBACL7rD,KAAKqvD,8BAEP,IAAIllD,EAEJ,MAAMsB,EAAMzL,KAAKyL,IAAI1I,QACrB,GAAqB,IAAjB/C,KAAK03C,QAAe,CACtB,MAAM4X,EAAS7jD,EAAI7J,OACb2tD,EAAY,EAAID,EAAStvD,KAAKwvB,GAAG5tB,OACvCuI,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAAS6X,EAAW9sC,EAAMziB,KAAKwrD,cAAe8D,IAAU7jD,EAAKzL,KAAKwvB,GAAIxvB,KAAK4rD,WACrI,MAAgC,IAAjB5rD,KAAK03C,QACdvtC,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAASj1B,EAAMziB,KAAKwrD,gBAAiB//C,EAAKzL,KAAKwvB,GAAIxvB,KAAK4rD,aAE5GzhD,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAASj1B,IAAQhX,IAE9C,OAAnBzL,KAAK4rD,YACPzhD,EAAQ2M,EAAKpV,iBAAiB,CAACyI,EAAOnK,KAAK4rD,cAI/C,OAAOzhD,CACX,CAQE,aAAMkkB,CAAQipB,GACZ,MAAM70B,EAA8C,OAAvCziB,KAAKqvD,8BAChBrvD,KAAKqvD,8BACLrvD,KAAK6rD,qBAED5oC,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD9R,QAAY3Q,KAAKyL,IAAI4rC,WAAWC,EAAYt0B,GAElD,GAAIhjB,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eAC/Br0B,EAAQ,IAAI11B,WAAW,CAAC,IAAO2tD,GAA6BrxC,IAAK/d,KAAK03C,QAAS13C,KAAKqvD,8BAA+BrvD,KAAKwrD,gBACxH9b,EAAiC,IAAjB1vC,KAAK03C,cAAsBnJ,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc01B,EAAOnU,GAAWrS,EACnH08C,QAAqB75B,EAAK/Q,EAAMitB,GACtC1vC,KAAKiuD,iBAAmBZ,EAAah/B,QAAQruB,KAAK4rD,UAAW5rD,KAAKwvB,GAAI2H,EAC5E,MAAW,GAAuB,OAAnBn3B,KAAK4rD,UAAoB,CAClC,MAAMM,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQ5L,EAAM9R,EAAK3Q,KAAK4rD,UAAW,IAAInqD,WAAWwhB,IAI1F,GAFAjjB,KAAK6rD,oBAAsBphD,EAAM1H,MAAM0H,EAAMoC,UAAWq/C,EAAU,IAClElsD,KAAKiuD,WAAa/B,EAAUljD,SAAS,EAAGkjD,EAAUtqD,QAC9C5B,KAAKiuD,WAAWrsD,SAAWua,GAAO4G,gBAAgB/iB,KAAK6rD,qBAAqB7oC,QAC9E,MAAUzhB,MAAM,8BAExB,MAEMvB,KAAKiuD,WAAat9C,CAExB,CASE,aAAMod,CAAQupB,EAAYpjC,EAASqD,GACjC,MAAMkL,EAA8C,OAAvCziB,KAAKqvD,8BAChBrvD,KAAKqvD,8BACLrvD,KAAK6rD,oBAEP7rD,KAAKqvD,8BAAgC5sC,EAErCziB,KAAKyL,IAAM6sC,GAAiBpkC,GAC5BlU,KAAKyL,IAAI2rC,eAET,MAAMn0B,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD9R,QAAY3Q,KAAKyL,IAAI4rC,WAAWC,EAAYt0B,GAMlD,GAJwB,OAApBhjB,KAAKiuD,aACPjuD,KAAKiuD,WAAa9xC,GAAOqzC,mBAAmBxvD,KAAK6rD,sBAG/C7rD,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eACrCxrD,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAepI,EAAK+C,UAC5C,MAAMY,EAAQ,IAAI11B,WAAW,CAAC,IAAO2tD,GAA6BrxC,IAAK/d,KAAK03C,QAAS13C,KAAKqvD,8BAA+BrvD,KAAKwrD,gBACxH9b,EAAiC,IAAjB1vC,KAAK03C,cAAsBnJ,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc01B,EAAOnU,GAAWrS,EACnH08C,QAAqB75B,EAAK/Q,EAAMitB,GACtC1vC,KAAK4rD,gBAAkByB,EAAat/B,QAAQ/tB,KAAKiuD,WAAYjuD,KAAKwvB,GAAI2H,EAC5E,KAAW,CACL,MAAMrD,EAAYhd,EAAKpV,iBAAiB,CACtC,IAAID,WAAW,CAACzB,KAAK6rD,sBACrB7rD,KAAKiuD,aAEPjuD,KAAK4rD,gBAAkBzvC,GAAOqX,KAAK3C,IAAI9C,QAAQtL,EAAM9R,EAAKmjB,EAAW,IAAIryB,WAAWwhB,GAAY/O,EACtG,CACA,EC/LA,MAAMu7C,GACJ,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAO5C,SACxB,CAME,WAAAnM,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAKtCvX,KAAK03C,QAAUxjC,EAAOQ,OAAS,EAAI,EAKnC1U,KAAKykD,QAAU3tC,EAAKuB,cAAcsqC,GAKlC3iD,KAAK01C,UAAY,KAKjB11C,KAAKo1C,aAAe,KAKpBp1C,KAAK0vD,iBAAmB,EAKxB1vD,KAAKgzC,YAAc,KAKnBhzC,KAAKwjD,MAAQ,IACjB,CAQE,0BAAOmM,CAAoBC,GACzB,MAAMC,EAAY,IAAIJ,IAChB/X,QAAEA,EAAO+M,QAAEA,EAAO/O,UAAEA,EAASN,aAAEA,EAAYoO,MAAEA,EAAKxQ,YAAEA,GAAgB4c,EAO1E,OANAC,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUna,UAAYA,EACtBma,EAAUza,aAAeA,EACzBya,EAAUrM,MAAQA,EAClBqM,EAAU7c,YAAcA,EACjB6c,CACX,CAQE,UAAMxtD,CAAK8H,EAAO+J,EAASqD,GACzB,IAAIvV,EAAM,EAGV,GADAhC,KAAK03C,QAAUvtC,EAAMnI,KACA,IAAjBhC,KAAK03C,UAAkBxjC,EAAOS,wBAChC,MAAM,IAAIi4B,GAAiB,mGAG7B,GAAqB,IAAjB5sC,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAAe,CAElE13C,KAAKykD,QAAU3tC,EAAKgB,SAAS3N,EAAMnB,SAAShH,EAAKA,EAAM,IACvDA,GAAO,EAGPhC,KAAK01C,UAAYvrC,EAAMnI,KAEnBhC,KAAK03C,SAAW,IAElB11C,GAAO,GAIT,MAAMK,KAAEA,EAAI+yC,aAAEA,GAAiBj5B,GAAO2zC,qBAAqB9vD,KAAK01C,UAAWvrC,EAAMnB,SAAShH,IAG1F,GACmB,IAAjBhC,KAAK03C,SACLtC,EAAa/J,MACX+J,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMU,kBAC3CgqC,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMQ,eAG7C,MAAU3J,MAAM,iDAOlB,OALAvB,KAAKo1C,aAAeA,EACpBpzC,GAAOK,QAGDrC,KAAK+vD,6BACJ/tD,CACb,CACI,MAAM,IAAI4qC,GAAiB,WAAW5sC,KAAK03C,4CAC/C,CAME,KAAA30C,GACE,MAAMmjB,EAAM,GAEZA,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK03C,WAC9BxxB,EAAIpjB,KAAKgU,EAAKkB,UAAUhY,KAAKykD,UAE7Bv+B,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK01C,aAE9B,MAAM/uB,EAASxK,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAKo1C,cAO3D,OANIp1C,KAAK03C,SAAW,GAElBxxB,EAAIpjB,KAAKgU,EAAKc,YAAY+O,EAAO/kB,OAAQ,IAG3CskB,EAAIpjB,KAAK6jB,GACF7P,EAAKpV,iBAAiBwkB,EACjC,CAME,YAAAohC,CAAa5P,GACX,MAAMvtC,EAAQnK,KAAKgwD,iBAEbC,EAAe,IAAOvY,EACtBwY,EAAexY,GAAW,EAAI,EAAI,EACxC,OAAO5gC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACwuD,IAAgBn5C,EAAKc,YAAYzN,EAAMvI,OAAQsuD,GAAe/lD,GAChH,CAME,WAAAgmD,GACE,OAAO,IACX,CAME,eAAAC,GACE,OAAOpwD,KAAKykD,OAChB,CAME,QAAA4B,GACE,OAAOrmD,KAAKwjD,KAChB,CAME,gCAAMuM,GAIJ,SAHM/vD,KAAKqwD,qBACXrwD,KAAKwjD,MAAQ,IAAIF,GAEbtjD,KAAK03C,SAAW,EAClB13C,KAAKwjD,MAAMnhD,KAAKrC,KAAKgzC,YAAYhqC,SAAS,EAAG,QACxC,IAAqB,IAAjBhJ,KAAK03C,QAGd,MAAUn2C,MAAM,2BAFhBvB,KAAKwjD,MAAMnhD,KAAKrC,KAAKgzC,YAAYhqC,SAAS,GAAI,IAGpD,CACA,CAKE,wBAAMqnD,GACJ,MAAMnY,EAASl4C,KAAKsnD,aAAatnD,KAAK03C,SAEtC,GAAI13C,KAAK03C,SAAW,EAClB13C,KAAKgzC,kBAAoB72B,GAAOxO,KAAKI,OAAOmqC,OACvC,IAAqB,IAAjBl4C,KAAK03C,QAGd,MAAUn2C,MAAM,2BAFhBvB,KAAKgzC,kBAAoB72B,GAAOxO,KAAKE,KAAKqqC,EAGhD,CACA,CAME,mBAAAkO,GACE,OAAOpmD,KAAKgzC,WAChB,CAME,cAAAsd,GACE,OAAOx5C,EAAK2C,gBAAgBzZ,KAAKomD,sBACrC,CAME,oBAAAmK,CAAqBC,GACnB,OAAOxwD,KAAK03C,UAAY8Y,EAAM9Y,SAAW5gC,EAAKmE,iBAAiBjb,KAAKgwD,iBAAkBQ,EAAMR,iBAChG,CAME,gBAAAS,GACE,MAAM1uD,EAAS,CAAE,EACjBA,EAAO2zC,UAAYjrC,EAAMpI,KAAKoI,EAAMsB,UAAW/L,KAAK01C,WAEpD,MAAMgb,EAAS1wD,KAAKo1C,aAAaz9B,GAAK3X,KAAKo1C,aAAajoB,EAMxD,OALIujC,EACF3uD,EAAOia,KAAOlF,EAAKkC,oBAAoB03C,GAC9B1wD,KAAKo1C,aAAa/J,MAC3BtpC,EAAO2I,MAAQ1K,KAAKo1C,aAAa/J,IAAIE,WAEhCxpC,CACX,EAOA0tD,GAAgBxvD,UAAU0wD,cAAgBlB,GAAgBxvD,UAAUoC,KAMpEotD,GAAgBxvD,UAAU+vD,eAAiBP,GAAgBxvD,UAAU8C,MCtQrE,MAAMulD,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAaF,MAAM2M,GACJ,cAAW7yC,GACT,OAAOtT,EAAMkE,OAAOQ,0BACxB,CAEE,WAAAvP,GAIEI,KAAK4rD,UAAY,KAKjB5rD,KAAK0oD,QAAU,IACnB,CAEE,IAAArmD,CAAK8H,GACHnK,KAAK4rD,UAAYzhD,CACrB,CAEE,KAAApH,GACE,OAAO/C,KAAK4rD,SAChB,CAYE,aAAMv9B,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAE/C,IAAKrD,EAAOgB,6BACV,MAAU3T,MAAM,iCAGlB,MAAM0hB,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GACvCD,QAAkB3pC,EAAiB2kC,EAAa5mD,KAAK4rD,YACrDM,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQw9B,EAAqBl7C,EACnEi7C,EAAU5iD,SAASia,EAAY,GAC/B2oC,EAAU5iD,SAAS,EAAGia,EAAY,IAGpCjjB,KAAK0oD,cAAgBF,GAAWC,WAAWyD,EAAW5D,GAAgBp0C,EAC1E,CAWE,aAAM6Z,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAC/C,MAAM1Q,EAAO7G,KAAK0oD,QAAQ3lD,SACpBkgB,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GAEvC1yC,QAAegD,GAAO4vC,gBAAgBF,GACtCgF,QAAY10C,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAKwI,EAAQ,IAAI1X,WAAWwhB,GAAY/O,GACjGob,QAAmBnT,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAK9J,EAAMgqD,EAAI7nD,SAAS,GAAIkL,GAClGlU,KAAK4rD,UAAY90C,EAAKtS,OAAO,CAACqsD,EAAKvhC,GACvC,ECvFA,MAAMwhC,WAA2BrB,GAC/B,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAOa,YACxB,CAOE,WAAA5P,CAAY+iD,EAAMzuC,GAChBrU,MAAM8iD,EAAMzuC,EAChB,CAQE,6BAAO68C,CAAuBC,GAC5B,MAAMnB,EAAY,IAAIiB,IAChBpZ,QAAEA,EAAO+M,QAAEA,EAAO/O,UAAEA,EAASN,aAAEA,EAAYoO,MAAEA,EAAKxQ,YAAEA,GAAgBge,EAO1E,OANAnB,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUna,UAAYA,EACtBma,EAAUza,aAAeA,EACzBya,EAAUrM,MAAQA,EAClBqM,EAAU7c,YAAcA,EACjB6c,CACX,ECpBA,MAAMoB,GACJ,cAAWlzC,GACT,OAAOtT,EAAMkE,OAAOc,aACxB,CAEE,WAAA7P,GACEI,KAAKkxD,WAAa,EACtB,CAME,IAAA7uD,CAAK8H,GACH,IAAIrI,EAAI,EACR,KAAOA,EAAIqI,EAAMvI,QAAQ,CACvB,MAAMyrB,EAAMme,GAAiBrhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKurB,EAAIzU,OAET5Y,KAAKkxD,WAAWpuD,KAAKgU,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAIurB,EAAIA,OACvEvrB,GAAKurB,EAAIA,GACf,CACA,CAME,KAAAtqB,GACE,MAAMmjB,EAAM,GACZ,IAAK,IAAIpkB,EAAI,EAAGA,EAAI9B,KAAKkxD,WAAWtvD,OAAQE,IAC1CokB,EAAIpjB,KAAK2oC,GAAkBzrC,KAAKkxD,WAAWpvD,GAAGF,SAC9CskB,EAAIpjB,KAAKgU,EAAK+C,mBAAmB7Z,KAAKkxD,WAAWpvD,KAEnD,OAAOgV,EAAKpV,iBAAiBwkB,EACjC,CAOE,MAAAq9B,CAAO4N,GACL,SAAKA,GAAaA,aAAmBF,KAG9BjxD,KAAKkxD,WAAW70B,OAAM,SAAS+0B,EAAMl0C,GAC1C,OAAOk0C,IAASD,EAAQD,WAAWh0C,EACzC,GACA,ECvDA,MAAMm0C,WAAwB5B,GAC5B,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAOK,SACxB,CAME,WAAApP,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtC1X,MAAM8iD,EAAMzuC,GAIZlU,KAAKsxD,YAAc,KAInBtxD,KAAKuxD,YAAc,KAKnBvxD,KAAKwxD,SAAW,EAKhBxxD,KAAKyL,IAAM,KAKXzL,KAAK6M,UAAY,KAKjB7M,KAAKsO,KAAO,KASZtO,KAAKyxD,aAAe,KAKpBzxD,KAAK+1C,cAAgB,KAOrB/1C,KAAK0xD,eAAiB,IAC1B,CAUE,UAAMrvD,CAAK8H,EAAO+J,EAASqD,GAEzB,IAAIzV,QAAU9B,KAAK2wD,cAAcxmD,EAAO+J,GACxC,MAAMy9C,EAAuB7vD,EAM7B9B,KAAKwxD,SAAWrnD,EAAMrI,KAID,IAAjB9B,KAAK03C,SACP51C,IAOmB,IAAjB9B,KAAK03C,SAAiB13C,KAAKwxD,UAC7B1vD,IAGF,IAGE,GAAsB,MAAlB9B,KAAKwxD,UAAsC,MAAlBxxD,KAAKwxD,UAAsC,MAAlBxxD,KAAKwxD,SAAkB,CAC3ExxD,KAAK6M,UAAY1C,EAAMrI,KAID,MAAlB9B,KAAKwxD,WACPxxD,KAAKsO,KAAOnE,EAAMrI,MAKC,IAAjB9B,KAAK03C,SACP51C,IAMF,MAAM8S,EAAUzK,EAAMrI,KAItB,GAHA9B,KAAKyL,IAAM4sC,GAAezjC,GAC1B9S,GAAK9B,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAErB,cAAlB5B,KAAKyL,IAAIwI,KACX,MAEV,MAAiBjU,KAAKwxD,WACdxxD,KAAK6M,UAAY7M,KAAKwxD,UAIpBxxD,KAAKwxD,WAMPxxD,KAAKyxD,aAAiC,MAAlBzxD,KAAKwxD,WACN,IAAjBxxD,KAAK03C,SAAmC,IAAjB13C,KAAK03C,SAAiBxjC,EAAOK,kCAMhC,MAAlBvU,KAAKwxD,UAAoBxxD,KAAKyxD,cAChCzxD,KAAKwvB,GAAKrlB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAO4G,gBAAgB/iB,KAAK6M,WAAWoW,WAE7CjjB,KAAK0xD,gBAAiB,IAKtB1xD,KAAKwvB,GAAKrlB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAOowC,YAAYvsD,KAAKsO,MAAMioB,UAGpCv2B,KAAK0xD,gBAAiB,GAGxB5vD,GAAK9B,KAAKwvB,GAAG5tB,OAEhB,CAAC,MAAOsC,GAEP,IAAKlE,KAAKwxD,SAAU,MAAMttD,EAC1BlE,KAAK4xD,uBAAyBznD,EAAMnB,SAAS2oD,GAC7C3xD,KAAKuxD,aAAc,CACzB,CAcI,GAVqB,IAAjBvxD,KAAK03C,UACP51C,GAAK,GAMP9B,KAAKsxD,YAAcnnD,EAAMnB,SAASlH,GAClC9B,KAAKuxD,cAAgBvxD,KAAKwxD,UAErBxxD,KAAKuxD,YAAa,CACrB,IAAIM,EACJ,GAAqB,IAAjB7xD,KAAK03C,QACPma,EAAY7xD,KAAKsxD,iBAGjB,GADAO,EAAY7xD,KAAKsxD,YAAYtoD,SAAS,GAAI,IACrC8N,EAAKmE,iBAAiBnE,EAAKsE,cAAcy2C,GAAY7xD,KAAKsxD,YAAYtoD,UAAU,IACnF,MAAUzH,MAAM,yBAGpB,IACE,MAAMc,KAAEA,EAAI0zC,cAAEA,GAAkB55B,GAAO21C,sBAAsB9xD,KAAK01C,UAAWmc,EAAW7xD,KAAKo1C,cAC7F,GAAI/yC,EAAOwvD,EAAUjwD,OACnB,MAAUL,MAAM,sBAElBvB,KAAK+1C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,GAAIA,aAAeuW,GAAkB,MAAMvW,EAE3C,MAAU90B,MAAM,qBACxB,CACA,CACA,CAME,KAAAwB,GACE,MAAMgvD,EAAsB/xD,KAAKgwD,iBACjC,GAAIhwD,KAAK4xD,uBACP,OAAO96C,EAAKpV,iBAAiB,CAC3BqwD,EACA/xD,KAAK4xD,yBAIT,MAAM1rC,EAAM,CAAC6rC,GACb7rC,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKwxD,YAE9B,MAAMQ,EAAoB,GAG1B,GAAsB,MAAlBhyD,KAAKwxD,UAAsC,MAAlBxxD,KAAKwxD,UAAsC,MAAlBxxD,KAAKwxD,SAAkB,CAC3EQ,EAAkBlvD,KAAK9C,KAAK6M,WAIN,MAAlB7M,KAAKwxD,UACPQ,EAAkBlvD,KAAK9C,KAAKsO,MAG9B,MAAM7C,EAAMzL,KAAKyL,IAAI1I,QAIA,IAAjB/C,KAAK03C,SACPsa,EAAkBlvD,KAAK2I,EAAI7J,QAM7BowD,EAAkBlvD,QAAQ2I,EAChC,CA6BI,OAxBIzL,KAAKwxD,UAA8B,cAAlBxxD,KAAKyL,IAAIwI,MAC5B+9C,EAAkBlvD,QAAQ9C,KAAKwvB,KAGZ,IAAjBxvB,KAAK03C,SAAmC,IAAjB13C,KAAK03C,SAAiB13C,KAAKwxD,WACpDtrC,EAAIpjB,KAAK,IAAIrB,WAAW,CAACuwD,EAAkBpwD,UAE7CskB,EAAIpjB,KAAK,IAAIrB,WAAWuwD,IAEnBhyD,KAAKiyD,YACHjyD,KAAKwxD,WACRxxD,KAAKsxD,YAAcn1C,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAK+1C,gBAG5C,IAAjB/1C,KAAK03C,SACPxxB,EAAIpjB,KAAKgU,EAAKc,YAAY5X,KAAKsxD,YAAY1vD,OAAQ,IAErDskB,EAAIpjB,KAAK9C,KAAKsxD,aAETtxD,KAAKwxD,UAA6B,IAAjBxxD,KAAK03C,SACzBxxB,EAAIpjB,KAAKgU,EAAKsE,cAAcpb,KAAKsxD,eAI9Bx6C,EAAKpV,iBAAiBwkB,EACjC,CAOE,WAAAiqC,GACE,OAA4B,IAArBnwD,KAAKuxD,WAChB,CAUE,0BAAAW,GACE,YAAuC9vD,IAAhCpC,KAAK4xD,wBAAwC5xD,KAAKiyD,SAC7D,CAME,OAAAA,GACE,SAAUjyD,KAAKyL,KAAyB,cAAlBzL,KAAKyL,IAAIwI,KACnC,CAOE,SAAAk+C,CAAUj+C,EAASqD,GACbvX,KAAKiyD,YAGLjyD,KAAKmwD,eACPnwD,KAAKoyD,4BAEApyD,KAAK4xD,uBACZ5xD,KAAKuxD,YAAc,KACnBvxD,KAAKsxD,YAAc,KACnBtxD,KAAKyL,IAAM4sC,GAAe5tC,EAAMgB,IAAIK,IAAKoI,GACzClU,KAAKyL,IAAIiqC,UAAY,EACrB11C,KAAKyL,IAAI0X,EAAI,EACbnjB,KAAKyL,IAAIwI,KAAO,YAChBjU,KAAKwxD,SAAW,IAChBxxD,KAAK6M,UAAYpC,EAAMoC,UAAUO,OACjCpN,KAAKyxD,aAAe,KACpBzxD,KAAK0xD,eAAiB,KAC1B,CAYE,aAAM3jC,CAAQupB,EAAYpjC,EAASqD,GACjC,GAAIvX,KAAKiyD,UACP,OAGF,IAAKjyD,KAAKmwD,cACR,MAAU5uD,MAAM,mCAGlB,IAAK+1C,EACH,MAAU/1C,MAAM,0DAGlBvB,KAAKyL,IAAM6sC,GAAiBpkC,GAC5BlU,KAAKyL,IAAI2rC,eACT,MAAMya,EAAY11C,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAK+1C,eAC9D/1C,KAAK6M,UAAYpC,EAAMoC,UAAUO,OAEjC,MAAM6V,UAAEA,GAAc9G,GAAO4G,gBAAgB/iB,KAAK6M,WAElD,GAAIqH,EAAOI,YAAa,CACtBtU,KAAKwxD,SAAW,IAChBxxD,KAAKsO,KAAO4F,EAAOM,uBACnB,MAAMgf,EAAOrX,GAAOowC,YAAYvsD,KAAKsO,MACrCtO,KAAKyxD,aAAgC,IAAjBzxD,KAAK03C,QACzB13C,KAAK0xD,gBAAkB1xD,KAAKyxD,aAE5B,MAAMY,EAAsBzmB,GAAS5rC,KAAKJ,YAAYme,KAChDpN,QAAY2hD,GAAqBtyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,UAAW7M,KAAKsO,KAAM+jD,EAAqBryD,KAAKyxD,cAE1HpE,QAAqB75B,EAAKxzB,KAAK6M,UAAW8D,GAChD3Q,KAAKwvB,GAAKxvB,KAAKyxD,aAAet1C,GAAOw6B,OAAO/a,eAAe3Y,GAAa9G,GAAOw6B,OAAO/a,eAAepI,EAAK+C,UAC1G,MAAMg8B,EAAgBvyD,KAAKyxD,aACzB,IAAIhwD,WACJqV,EAAKpV,iBAAiB,CAAC2wD,EAAqBryD,KAAKgwD,mBAEnDhwD,KAAKsxD,kBAAoBjE,EAAat/B,QAAQ8jC,EAAW7xD,KAAKwvB,GAAGxmB,SAAS,EAAGwqB,EAAK+C,UAAWg8B,EACnG,KAAW,CACLvyD,KAAKwxD,SAAW,IAChBxxD,KAAK0xD,gBAAiB,EACtB,MAAM/gD,QAAY2hD,GAAqBtyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,WAChF7M,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAe3Y,GACvCjjB,KAAKsxD,kBAAoBn1C,GAAOqX,KAAK3C,IAAI9C,QAAQ/tB,KAAK6M,UAAW8D,EAAKmG,EAAKpV,iBAAiB,CAC1FmwD,QACM11C,GAAOxO,KAAKE,KAAKgkD,EAAW39C,KAChClU,KAAKwvB,GAAItb,EACnB,CACA,CAWE,aAAMma,CAAQipB,GACZ,GAAIt3C,KAAKiyD,UACP,OAAO,EAGT,GAAIjyD,KAAK4xD,uBACP,MAAUrwD,MAAM,kEAGlB,GAAIvB,KAAKmwD,cACP,MAAU5uD,MAAM,oCAGlB,IAAIoP,EACJ,MAAM0hD,EAAsBzmB,GAAS5rC,KAAKJ,YAAYme,KACtD,GAAsB,MAAlB/d,KAAKwxD,UAAsC,MAAlBxxD,KAAKwxD,SAG3B,MAAsB,MAAlBxxD,KAAKwxD,SACJjwD,MAAM,0EAENA,MAAM,yEAGlB,IAAIswD,EACJ,GATElhD,QAAY2hD,GACVtyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,UAAW7M,KAAKsO,KAAM+jD,EAAqBryD,KAAKyxD,cAQvE,MAAlBzxD,KAAKwxD,SAAkB,CACzB,MAAMh+B,EAAOrX,GAAOowC,YAAYvsD,KAAKsO,MAC/B++C,QAAqB75B,EAAKxzB,KAAK6M,UAAW8D,GAChD,IACE,MAAM4hD,EAAgBvyD,KAAKyxD,aACzB,IAAIhwD,WACJqV,EAAKpV,iBAAiB,CAAC2wD,EAAqBryD,KAAKgwD,mBACnD6B,QAAkBxE,EAAah/B,QAAQruB,KAAKsxD,YAAatxD,KAAKwvB,GAAGxmB,SAAS,EAAGwqB,EAAK+C,UAAWg8B,EAC9F,CAAC,MAAOl8B,GACP,GAAoB,gCAAhBA,EAAI9iB,QACN,MAAUhS,MAAM,6BAA+B80B,EAAI9iB,SAErD,MAAM8iB,CACd,CACA,KAAW,CACL,MAAMm8B,QAA0Br2C,GAAOqX,KAAK3C,IAAIxC,QAAQruB,KAAK6M,UAAW8D,EAAK3Q,KAAKsxD,YAAatxD,KAAKwvB,IAEpGqiC,EAAYW,EAAkBxpD,SAAS,GAAI,IAC3C,MAAM2E,QAAawO,GAAOxO,KAAKE,KAAKgkD,GAEpC,IAAK/6C,EAAKmE,iBAAiBtN,EAAM6kD,EAAkBxpD,UAAU,KAC3D,MAAUzH,MAAM,2BAExB,CAEI,IACE,MAAMw0C,cAAEA,GAAkB55B,GAAO21C,sBAAsB9xD,KAAK01C,UAAWmc,EAAW7xD,KAAKo1C,cACvFp1C,KAAK+1C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,MAAU90B,MAAM,qBACtB,CACIvB,KAAKuxD,aAAc,EACnBvxD,KAAKsxD,YAAc,KACnBtxD,KAAKwxD,SAAW,EAChBxxD,KAAKsO,KAAO,KACZtO,KAAK6M,UAAY,KACjB7M,KAAKyxD,aAAe,IACxB,CAOE,cAAMgB,GACJ,GAAIzyD,KAAKiyD,UACP,OAGF,IAAKjyD,KAAKmwD,cACR,MAAU5uD,MAAM,wBAGlB,GAAIvB,KAAK0xD,eAEP,OAGF,IAAIgB,EACJ,IAEEA,QAAoBv2C,GAAOs6B,eAAez2C,KAAK01C,UAAW11C,KAAKo1C,aAAcp1C,KAAK+1C,cACnF,CAAC,MAAO9pB,GACPymC,GAAc,CACpB,CACI,IAAKA,EACH,MAAUnxD,MAAM,iBAEtB,CAEE,cAAM0rC,CAASjxB,EAAMtR,GAGnB,GAAqB,IAAjB1K,KAAK03C,UACN13C,KAAK01C,YAAcjrC,EAAMsB,UAAUM,MAAQ3B,IAAUD,EAAMC,MAAMU,kBAClEpL,KAAK01C,YAAcjrC,EAAMsB,UAAUQ,aAEnC,MAAUhL,MAAM,oDAAoDmJ,kDAEtE,MAAMqrC,cAAEA,EAAaX,aAAEA,SAAuBj5B,GAAOw2C,eAAe3yD,KAAK01C,UAAW15B,EAAMtR,GAC1F1K,KAAK+1C,cAAgBA,EACrB/1C,KAAKo1C,aAAeA,EACpBp1C,KAAKuxD,aAAc,CACvB,CAKE,kBAAAa,GACMpyD,KAAKkyD,+BAITpyD,OAAO02C,KAAKx2C,KAAK+1C,eAAe9zC,SAAQgG,IACxBjI,KAAK+1C,cAAc9tC,GAC3Bwf,KAAK,UACJznB,KAAK+1C,cAAc9tC,EAAK,IAEjCjI,KAAK+1C,cAAgB,KACrB/1C,KAAKuxD,aAAc,EACvB,EAcAjvD,eAAegwD,GAAqBM,EAAYnnD,EAAK6rC,EAAY74B,EAAYo0C,EAAUR,EAAqBZ,GAC1G,GAAiB,WAAbhmD,EAAIwI,OAAsB4+C,EAC5B,MAAUtxD,MAAM,gDAElB,GAAiB,WAAbkK,EAAIwI,MAAoC,IAAf2+C,EAC3B,MAAUrxD,MAAM,uDAElB,MAAMyhB,QAAEA,GAAY7G,GAAO4G,gBAAgBtE,GACrCq0C,QAAmBrnD,EAAI4rC,WAAWC,EAAYt0B,GACpD,IAAK6vC,GAA2B,IAAfD,GAAoBnB,EACnC,OAAOqB,EAET,MAAMpkB,EAAO53B,EAAKpV,iBAAiB,CACjC2wD,EACA,IAAI5wD,WAAW,CAACmxD,EAAYn0C,EAAYo0C,MAE1C,OAAOtkB,GAAY9jC,EAAMkD,KAAKI,OAAQ+kD,EAAY,IAAIrxD,WAAcitC,EAAM1rB,EAC5E,CC5iBA,MAAM+vC,GACJ,cAAWh1C,GACT,OAAOtT,EAAMkE,OAAOY,MACxB,CAEE,WAAA3P,GAKEI,KAAKuP,OAAS,GAEdvP,KAAKiI,KAAO,GACZjI,KAAKgzD,MAAQ,GACbhzD,KAAKizD,QAAU,EACnB,CAQE,iBAAOxd,CAAWlmC,GAChB,GAAIuH,EAAKC,SAASxH,IACfA,EAAOtH,OAAS6O,EAAKC,SAASxH,EAAOtH,OACrCsH,EAAOyjD,QAAUl8C,EAAKgG,eAAevN,EAAOyjD,QAC5CzjD,EAAO0jD,UAAYn8C,EAAKC,SAASxH,EAAO0jD,SACzC,MAAU1xD,MAAM,0BAElB,MAAMoN,EAAS,IAAIokD,GACnBjzD,OAAO8mB,OAAOjY,EAAQY,GACtB,MAAM2jD,EAAa,GAKnB,OAJIvkD,EAAO1G,MAAMirD,EAAWpwD,KAAK6L,EAAO1G,MACpC0G,EAAOskD,SAASC,EAAWpwD,KAAK,IAAI6L,EAAOskD,YAC3CtkD,EAAOqkD,OAAOE,EAAWpwD,KAAK,IAAI6L,EAAOqkD,UAC7CrkD,EAAOY,OAAS2jD,EAAWxwD,KAAK,KACzBiM,CACX,CAME,IAAAtM,CAAK8H,EAAO+J,EAASqD,GACnB,MAAMhI,EAASuH,EAAK6D,WAAWxQ,GAC/B,GAAIoF,EAAO3N,OAASsS,EAAOiC,gBACzB,MAAU5U,MAAM,8BAYlB,MACM4xD,EADK,qEACQC,KAAK7jD,GACxB,GAAgB,OAAZ4jD,EAAkB,CACpB,MAAMlrD,KAAEA,EAAIgrD,QAAEA,EAAOD,MAAEA,GAAUG,EAAQE,OACzCrzD,KAAKizD,QAAUA,GAAS3zC,QAAQ,cAAe,IAAIg0C,QAAU,GAC7DtzD,KAAKiI,KAAOA,GAAMqrD,QAAU,GAC5BtzD,KAAKgzD,MAAQA,EAAM7tC,UAAU,EAAG6tC,EAAMpxD,OAAS,EAChD,KAAU,oBAAoBmb,KAAKxN,KAClCvP,KAAKgzD,MAAQzjD,GAGfvP,KAAKuP,OAASA,CAClB,CAME,KAAAxM,GACE,OAAO+T,EAAKwD,WAAWta,KAAKuP,OAChC,CAEE,MAAAg0C,CAAOgQ,GACL,OAAOA,GAAeA,EAAYhkD,SAAWvP,KAAKuP,MACtD,ECvFA,MAAMikD,WAA2BnC,GAC/B,cAAWtzC,GACT,OAAOtT,EAAMkE,OAAOM,YACxB,CAME,WAAArP,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtC1X,MAAM8iD,EAAMzuC,EAChB,ECbA,MAAMo0C,gBAA+BxxC,EAAK8G,wBAAwB,CAACqmC,KAK5D,MAAMwP,GAIX,WAAA7zD,CAAY8zD,GACV1zD,KAAK0oD,QAAUgL,GAAc,IAAIlL,EACrC,CAME,KAAAzlD,GACE,OAAO/C,KAAK0oD,QAAQ3lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GAEb,MAAM8K,EAAeriB,KAAK0oD,QAAQhkD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQkmC,GAAgBlmC,KAA0B,IAAnBpP,EAAO+oC,UAC1G,OAAOvkC,GAAM1I,EAAM0I,MAAMtE,UAAW7O,KAAK+C,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrG,CAME,gBAAAy/C,GACE,OAAO3zD,KAAK0oD,QAAQ/jD,KAAIgK,GAAUA,EAAOgD,aAC7C,EC/COrP,eAAesxD,GAAqB9tD,EAASoO,GAClD,MAAM88C,EAAqB,IAAIwC,GAAmB1tD,EAAQ68C,KAAMzuC,GAKhE,OAJA88C,EAAmBtI,QAAU,KAC7BsI,EAAmBtb,UAAYjrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ4vC,iBAC9Dsb,EAAmB/jB,SAASnnC,EAAQ+tD,QAAS/tD,EAAQ4E,aACrDsmD,EAAmBjB,6BAClBiB,CACT,CAEO1uD,eAAewxD,GAAkBhuD,EAASoO,GAC/C,MAAM07C,EAAkB,IAAIyB,GAAgBvrD,EAAQ68C,KAAMzuC,GAK1D,OAJA07C,EAAgBlH,QAAU,KAC1BkH,EAAgBla,UAAYjrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ4vC,iBAC3Dka,EAAgB3iB,SAASnnC,EAAQ+tD,QAAS/tD,EAAQ4E,MAAO5E,EAAQoO,cACjE07C,EAAgBG,6BACfH,CACT,CAaOttD,eAAeyxD,GAAwBC,EAAYjoD,EAAWm4C,EAAe+P,EAActR,EAAO,IAAI5qC,KAAQ7D,GACnH,IAAIggD,EACAh2C,EACJ,IAAK,IAAIpc,EAAIkyD,EAAWpyD,OAAS,EAAGE,GAAK,EAAGA,IAC1C,MAEMoyD,GAAeF,EAAWlyD,GAAG2iD,SAAWyP,EAAYzP,iBAEhDuP,EAAWlyD,GAAG4+B,OAAO30B,EAAWm4C,EAAe+P,EAActR,OAAMvgD,EAAW8R,GACpFggD,EAAcF,EAAWlyD,GAE5B,CAAC,MAAOoC,GACPga,EAAYha,CAClB,CAEE,IAAKgwD,EACH,MAAMp9C,EAAK6G,UACT,wBAAwBlT,EAAMpI,KAAKoI,EAAMoE,UAAWq1C,uBAAmCn4C,EAAUs6C,WAAW/a,UACzGhsB,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAAC2M,EAAGkoC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3Dn2C,GAEJ,OAAOg2C,CACT,CAEO,SAASI,GAAczE,EAAWhhD,EAAW8zC,EAAO,IAAI5qC,MAC7D,MAAM0vC,EAAW3wC,EAAKuB,cAAcsqC,GACpC,GAAiB,OAAb8E,EAAmB,CACrB,MAAM8M,EAAiBC,GAAqB3E,EAAWhhD,GACvD,QAASghD,EAAUpL,SAAWgD,GAAYA,EAAW8M,EACzD,CACE,OAAO,CACT,CASOjyD,eAAemyD,GAAuBC,EAAQC,EAAY7uD,EAASoO,GACxE,MAAM0gD,EAAa,CAAE,EACrBA,EAAWjkD,IAAMgkD,EACjBC,EAAWjxD,KAAO+wD,EAClB,MAAMG,EAAsB,CAAE3Q,cAAez5C,EAAMoE,UAAU4B,eACzD3K,EAAQq6B,MACV00B,EAAoB1iD,SAAW,CAAC1H,EAAM0H,SAASU,UAC/CgiD,EAAoBriD,wBAA0BsiD,GAAsBF,EAAY,GAAIF,EAAQ,CAC1FxQ,cAAez5C,EAAMoE,UAAU6B,YAC9B5K,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,IAElD2gD,EAAoB1iD,SAAW,CAAC1H,EAAM0H,SAASW,qBAAuBrI,EAAM0H,SAASY,gBAEnFjN,EAAQyL,kBAAoB,IAC9BsjD,EAAoBtjD,kBAAoBzL,EAAQyL,kBAChDsjD,EAAoB/P,iBAAkB,GAGxC,aADoCgQ,GAAsBF,EAAY,GAAID,EAAYE,EAAqB/uD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,EAE5J,CAwKO5R,eAAewyD,GAAsBF,EAAYG,EAAeC,EAAkBH,EAAqBlS,EAAMsS,EAAkB9P,EAAY,GAAIva,GAAW,EAAO12B,GACtK,GAAI8gD,EAAiB/C,UACnB,MAAU1wD,MAAM,qCAElB,IAAKyzD,EAAiB7E,cACpB,MAAU5uD,MAAM,iCAElB,MAAMwmD,EAAkB,IAAI9D,GAM5B,OALAnkD,OAAO8mB,OAAOmhC,EAAiB8M,GAC/B9M,EAAgB3D,mBAAqB4Q,EAAiBtf,UACtDqS,EAAgB5D,oBAtKX7hD,eAAoC4yD,EAAYF,EAAkBrS,EAAO,IAAI5qC,KAAQo9C,EAAgB,GAAIjhD,GAO9G,MAAMkhD,EAAc3qD,EAAMkD,KAAKI,OACzBsnD,EAAsBnhD,EAAOC,uBAE7BmhD,QAAgCp1D,QAAQ4E,IAAIowD,EAAWvwD,KAAIrC,MAAOqO,EAAK7O,WAC3C6O,EAAI4kD,wBAAwB5S,EAAMwS,EAAcrzD,GAAIoS,IAC9CrC,2BAGlC2jD,EAAoB,IAAIC,IAC9B,IAAK,MAAMC,KAAkBJ,EAC3B,IAAK,MAAMr1B,KAAYy1B,EACrB,IAEE,MAAMC,EAAgBlrD,EAAM1H,MAAM0H,EAAMkD,KAAMsyB,GAC9Cu1B,EAAkBrzD,IAChBwzD,EACAH,EAAkBxxD,IAAI2xD,GAAiBH,EAAkBrtD,IAAIwtD,GAAiB,EAAI,EAE5F,CAAQ,MAAM,CAGZ,MAAMC,EAAsB31B,GAAkC,IAAtBi1B,EAAWtzD,QAAgB4zD,EAAkBrtD,IAAI83B,KAAci1B,EAAWtzD,QAAUq+B,IAAam1B,EACnIS,EAAgC,KACpC,GAA+B,IAA3BL,EAAkBlI,KACpB,OAAO8H,EAET,MAGMU,EAHkBn2D,MAAM4gB,KAAKi1C,EAAkBhf,QAClDjsC,QAAO01B,GAAY21B,EAAoB31B,KACvC6a,MAAK,CAACib,EAAOC,IAAU75C,GAAOxO,KAAK2X,kBAAkBywC,GAAS55C,GAAOxO,KAAK2X,kBAAkB0wC,KACrD,GAE1C,OAAO75C,GAAOxO,KAAK2X,kBAAkBwwC,IAAsB35C,GAAOxO,KAAK2X,kBAAkB8vC,GAAeU,EAAoBV,CAAW,EAUzI,GAPiB,IAAIz/C,IAAI,CACvBlL,EAAMsB,UAAUO,MAChB7B,EAAMsB,UAAUQ,YAChB9B,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUa,QAGL5I,IAAIgxD,EAAiBtf,WAAY,CAS5C,MAAMugB,EAAqB95C,GAAO+5C,0BAA0BlB,EAAiBtf,UAAWsf,EAAiB5f,aAAa/J,KAEhH8qB,EAAiCP,EAAoBP,GACrDe,EAA2Cj6C,GAAOxO,KAAK2X,kBAAkB+vC,IAAwBl5C,GAAOxO,KAAK2X,kBAAkB2wC,GAErI,GAAIE,GAAkCC,EACpC,OAAOf,EACF,CACL,MAAMgB,EAAyBR,IAC/B,OAAO15C,GAAOxO,KAAK2X,kBAAkB+wC,IAA2Bl6C,GAAOxO,KAAK2X,kBAAkB2wC,GAC5FI,EACAJ,CACR,CACA,CAIE,OAAOL,EAAoBP,GAAuBA,EAAsBQ,GAC1E,CA2FwCtoB,CAAqBwnB,EAAeC,EAAkBrS,EAAMsS,EAAkB/gD,GACpH6zC,EAAgB7C,aAAe,IAAIC,SAC7B4C,EAAgB5nB,KAAK60B,EAAkBJ,EAAYjS,EAAM/X,EAAU12B,GAClE6zC,CACT,CAUOzlD,eAAeg0D,GAAgBC,EAAQC,EAAMpF,EAAMzO,EAAO,IAAI5qC,KAAQ0+C,IAC3EF,EAASA,EAAOnF,MAEToF,EAAKpF,GAAMxvD,aAGR1B,QAAQ4E,IAAIyxD,EAAO5xD,KAAIrC,eAAeo0D,GACrCA,EAAU9O,UAAUjF,IAAW8T,UAAiBA,EAAQC,IACxDF,EAAKpF,GAAM1sD,MAAK,SAASiyD,GACxB,OAAO7/C,EAAKmE,iBAAiB07C,EAAQ3Q,cAAe0Q,EAAU1Q,cAC5E,KACUwQ,EAAKpF,GAAMtuD,KAAK4zD,EAE1B,KATMF,EAAKpF,GAAQmF,EAYnB,CAkBOj0D,eAAes0D,GAAcjC,EAAYzQ,EAAe+P,EAAc4C,EAAahoD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,GAC3HvD,EAAMA,GAAOgkD,EACb,MAAMmC,EAAmB,GA8BzB,aA7BM52D,QAAQ4E,IAAI+xD,EAAYlyD,KAAIrC,eAAey0D,GAC/C,IACE,IASGloD,GAAakoD,EAAoBplD,YAAY4xC,OAAO10C,EAAU8C,aAC/D,CACA,MAAMqlD,GAAoB,CACxBvsD,EAAM4H,oBAAoBuB,WAC1BnJ,EAAM4H,oBAAoBqB,cAC1BjJ,EAAM4H,oBAAoBwB,eAC1BqL,SAAS63C,EAAoB1R,+BAEzB0R,EAAoBr2B,OACxB/vB,EAAKuzC,EAAe+P,EAAc+C,EAAmB,KAAOrU,GAAM,EAAOzuC,GAI3E4iD,EAAiBh0D,KAAKi0D,EAAoBplD,YAClD,CACK,CAAC,MAAOzN,GAAG,CAChB,KAEM2K,GACFA,EAAU82C,UAAUmR,EAAiBpyD,MAAK8+C,GAASA,EAAMD,OAAO10C,EAAU8C,iBACxE9C,EAAU82C,UAAW,GAChB92C,EAAU82C,SAEZmR,EAAiBl1D,OAAS,CACnC,CASO,SAAS4yD,GAAqB3E,EAAWhhD,GAC9C,IAAI0lD,EAKJ,OAHkC,IAA9B1lD,EAAUi2C,kBACZyP,EAAiB1E,EAAUpL,QAAQrsC,UAA0C,IAA9BvJ,EAAU0C,mBAEpDgjD,EAAiB,IAAIx8C,KAAKw8C,GAAkBhsD,GACrD,CAEO,SAAS0uD,GAAmBnxD,EAASoxD,EAAiB,IAU3D,OATApxD,EAAQmO,KAAOnO,EAAQmO,MAAQijD,EAAejjD,KAC9CnO,EAAQ4E,MAAQ5E,EAAQ4E,OAASwsD,EAAexsD,MAChD5E,EAAQ+tD,QAAU/tD,EAAQ+tD,SAAWqD,EAAerD,QACpD/tD,EAAQyL,uBAAkDnP,IAA9B0D,EAAQyL,kBAAkCzL,EAAQyL,kBAAoB2lD,EAAe3lD,kBACjHzL,EAAQwxC,WAAaxgC,EAAKC,SAASjR,EAAQwxC,YAAcxxC,EAAQwxC,WAAa4f,EAAe5f,WAC7FxxC,EAAQ68C,KAAO78C,EAAQ68C,MAAQuU,EAAevU,KAE9C78C,EAAQq6B,KAAOr6B,EAAQq6B,OAAQ,EAEvBr6B,EAAQmO,MACd,IAAK,MACH,IACEnO,EAAQ4E,MAAQD,EAAM1H,MAAM0H,EAAMC,MAAO5E,EAAQ4E,MAClD,CAAC,MAAOxG,GACP,MAAU3C,MAAM,gBACxB,CACUuE,EAAQ4E,QAAUD,EAAMC,MAAMQ,eAAiBpF,EAAQ4E,QAAUD,EAAMC,MAAMU,kBAC7D,YAAlBtF,EAAQ4E,OAAyC,eAAlB5E,EAAQ4E,QACvC5E,EAAQ4E,MAAQ5E,EAAQq6B,KAAO11B,EAAMC,MAAMQ,cAAgBT,EAAMC,MAAMU,kBAErEtF,EAAQq6B,KACVr6B,EAAQ4vC,UAAY5vC,EAAQ4E,QAAUD,EAAMC,MAAMQ,cAAgBT,EAAMsB,UAAUQ,YAAc9B,EAAMsB,UAAUO,MAEhHxG,EAAQ4vC,UAAYjrC,EAAMsB,UAAUM,KAEtC,MACF,IAAK,aACHvG,EAAQ4vC,UAAY5vC,EAAQq6B,KAAO11B,EAAMsB,UAAUZ,QAAUV,EAAMsB,UAAUW,OAC7E,MACF,IAAK,WACH5G,EAAQ4vC,UAAY5vC,EAAQq6B,KAAO11B,EAAMsB,UAAUa,MAAQnC,EAAMsB,UAAUY,KAC3E,MACF,IAAK,MACH7G,EAAQ4vC,UAAYjrC,EAAMsB,UAAUC,eACpC,MACF,QACE,MAAUzK,MAAM,wBAAwBuE,EAAQmO,MAEpD,OAAOnO,CACT,CAEO,SAASqxD,GAAyBtH,EAAWhhD,EAAWqF,GAC7D,OAAQ27C,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,IAAKiC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,UAC5C,QACE,OAAO,EAEb,CAEO,SAASukD,GAA4BvH,EAAWhhD,EAAWqF,GAChE,OAAQ27C,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,IAAKkC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,gBAC5C,QACE,OAAO,EAEb,CAEO,SAASskD,GAA4BxH,EAAWhhD,EAAWqF,GAChE,IAAKrF,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAGlB,OAAQsuD,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAEnB,WADiCkC,EAAUsD,aAAatD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,aAChEqB,EAAOoB,2CAK9BzG,EAAUsD,aACjBtD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,iBAE1C,QACE,OAAO,EAEb,CASO,SAASukD,GAAqBzH,EAAW37C,GAC9C,MAAMkiC,EAAU3rC,EAAM1H,MAAM0H,EAAMsB,UAAW8jD,EAAUna,WACjD6hB,EAAW1H,EAAUY,mBAC3B,GAAIv8C,EAAOuC,0BAA0BzS,IAAIoyC,GACvC,MAAU70C,MAASg2D,EAAS7hB,UAAZ,kCAElB,OAAQU,GACN,KAAK3rC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUE,WACnB,GAAIsrD,EAASv7C,KAAO9H,EAAOkB,WACzB,MAAU7T,MAAM,yBAAyB2S,EAAOkB,4CAElD,MACF,KAAK3K,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUM,KACnB,GAAI6H,EAAOwC,aAAa1S,IAAIuzD,EAAS7sD,OACnC,MAAUnJ,MAAM,eAAeg2D,EAAS7hB,8BAA8B6hB,EAAS7sD,sBAMvF,CC7fA,MAAM8sD,GACJ,WAAA53D,CAAY63D,EAAYC,GACtB13D,KAAKuP,OAASkoD,EAAW73D,YAAYme,MAAQtT,EAAMkE,OAAOY,OAASkoD,EAAa,KAChFz3D,KAAKyP,cAAgBgoD,EAAW73D,YAAYme,MAAQtT,EAAMkE,OAAOc,cAAgBgoD,EAAa,KAC9Fz3D,KAAK23D,mBAAqB,GAC1B33D,KAAK43D,oBAAsB,GAC3B53D,KAAK63D,qBAAuB,GAC5B73D,KAAK03D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMpE,EAAa,IAAIlL,GAKvB,OAJAkL,EAAW5wD,KAAK9C,KAAKuP,QAAUvP,KAAKyP,eACpCikD,EAAW5wD,QAAQ9C,KAAK63D,sBACxBnE,EAAW5wD,QAAQ9C,KAAK23D,oBACxBjE,EAAW5wD,QAAQ9C,KAAK43D,qBACjBlE,CACX,CAME,KAAA9wD,GACE,MAAMm1D,EAAO,IAAIP,GAAKx3D,KAAKuP,QAAUvP,KAAKyP,cAAezP,KAAK03D,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAI33D,KAAK23D,oBACnCI,EAAKH,oBAAsB,IAAI53D,KAAK43D,qBACpCG,EAAKF,qBAAuB,IAAI73D,KAAK63D,sBAC9BE,CACX,CAUE,aAAMC,CAAQC,EAAatV,EAAMzuC,GAC/B,MAAMygD,EAAa30D,KAAK03D,QAAQ7H,UAC1B+E,EAAa,CACjBrlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKgkD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWrlD,QAAUqlD,EAAWnlD,cAAezP,KAAK03D,SAgB1E,OAfAK,EAAKH,0BAA4B13D,QAAQ4E,IAAImzD,EAAYtzD,KAAIrC,eAAekR,GAC1E,IAAKA,EAAW0kD,YACd,MAAU32D,MAAM,gCAElB,GAAIiS,EAAW+8C,qBAAqBoE,GAClC,MAAUpzD,MAAM,+DAElB,MAAM42D,QAAmB3kD,EAAW4kD,mBAAch2D,EAAWugD,OAAMvgD,EAAW8R,GAC9E,OAAO4gD,GAAsBF,EAAY,CAACphD,GAAa2kD,EAAWtI,UAAW,CAE3E3L,cAAez5C,EAAMoE,UAAUuB,YAC/B+B,SAAU,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,WACtD8vC,OAAMvgD,OAAWA,OAAWA,EAAW8R,EAChD,WACU6jD,EAAKzzC,OAAOtkB,KAAM2iD,EAAMzuC,GACvB6jD,CACX,CAcE,eAAMM,CAAUC,EAAazI,EAAWlN,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClE,MAAMo9C,EAAa30D,KAAK03D,QAAQ7H,UAChC,OAAO+G,GAAcjC,EAAYlqD,EAAMoE,UAAU2B,eAAgB,CAC/DG,IAAKgkD,EACLplD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,eACnBzP,KAAK63D,qBAAsBS,EAAazI,EAAWlN,EAAMzuC,EAChE,CAYE,uBAAMqkD,CAAkBD,EAAaE,EAAkB7V,EAAO,IAAI5qC,KAAQ7D,GACxE,MAAM21C,EAAO7pD,KACP20D,EAAa30D,KAAK03D,QAAQ7H,UAC1BoE,EAAe,CACnB1kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKgkD,IAEDhjD,YAAEA,GAAgB2mD,EAClBG,EAAaD,EAAiBjuD,QAAOoG,GAAOA,EAAI+nD,QAAQ/mD,GAAa/P,OAAS,IACpF,OAA0B,IAAtB62D,EAAW72D,OACN,YAEH1B,QAAQ4E,IAAI2zD,EAAW9zD,KAAIrC,UAC/B,MAAM61D,QAAmBxnD,EAAIynD,cAAczmD,EAAa2mD,EAAY7T,aAASriD,EAAW8R,GACxF,GAAIokD,EAAY3S,eAAiBkE,EAAKwO,UAAUC,EAAaH,EAAWtI,UAAWlN,EAAMzuC,GACvF,MAAU3S,MAAM,+BAElB,UACQ+2D,EAAY53B,OAAOy3B,EAAWtI,UAAWplD,EAAMoE,UAAUuB,YAAa6jD,EAActR,OAAMvgD,EAAW8R,EAC5G,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,8BAA+BzZ,EAC5D,OAEW,EACX,CAcE,6BAAMy0D,CAAwBH,EAAkB7V,EAAO,IAAI5qC,KAAQ7D,GACjE,MAAM21C,EAAO7pD,KACP44D,EAAiB54D,KAAK23D,mBAAmBnzD,OAAOxE,KAAK43D,qBAC3D,OAAO13D,QAAQ4E,IAAI8zD,EAAej0D,KAAIrC,UAAwB,CAC5DkhD,MAAOqV,EAAclnD,YACrBmnD,YAAajP,EAAK0O,kBAAkBM,EAAeL,EAAkB7V,EAAMzuC,GAAQ7T,OAAM,KAAM,QAErG,CAWE,YAAMqgC,CAAOiiB,EAAO,IAAI5qC,KAAQ7D,GAC9B,IAAKlU,KAAK23D,mBAAmB/1D,OAC3B,MAAUL,MAAM,gCAElB,MAAMsoD,EAAO7pD,KACP20D,EAAa30D,KAAK03D,QAAQ7H,UAC1BoE,EAAe,CACnB1kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKgkD,GAGP,IAAIz2C,EACJ,IAAK,IAAIpc,EAAI9B,KAAK23D,mBAAmB/1D,OAAS,EAAGE,GAAK,EAAGA,IACvD,IACE,MAAMi3D,EAAoB/4D,KAAK23D,mBAAmB71D,GAClD,GAAIi3D,EAAkBpT,eAAiBkE,EAAKwO,UAAUU,OAAmB32D,EAAWugD,EAAMzuC,GACxF,MAAU3S,MAAM,iCAElB,UACQw3D,EAAkBr4B,OAAOi0B,EAAYlqD,EAAMoE,UAAUuB,YAAa6jD,EAActR,OAAMvgD,EAAW8R,EACxG,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,gCAAiCzZ,EAChE,CACQ,OAAO,CACR,CAAC,MAAOA,GACPga,EAAYha,CACpB,CAEI,MAAMga,CACV,CAUE,YAAMoG,CAAO00C,EAAYrW,EAAMzuC,GAC7B,MAAMygD,EAAa30D,KAAK03D,QAAQ7H,UAC1BoE,EAAe,CACnB1kD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKgkD,SAGD2B,GAAgB0C,EAAYh5D,KAAM,qBAAsB2iD,GAAMrgD,eAAe22D,GACjF,IAEE,aADMA,EAAWv4B,OAAOi0B,EAAYlqD,EAAMoE,UAAUuB,YAAa6jD,EAActR,GAAM,EAAOzuC,IACrF,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUoyD,GAAgB0C,EAAYh5D,KAAM,sBAAuB2iD,SAEzD2T,GAAgB0C,EAAYh5D,KAAM,uBAAwB2iD,GAAM,SAASuW,GAC7E,OAAOtC,GAAcjC,EAAYlqD,EAAMoE,UAAU2B,eAAgByjD,EAAc,CAACiF,QAAY92D,OAAWA,EAAWugD,EAAMzuC,EAC9H,GACA,CAaE,YAAMilD,CACJxE,GAEEyE,KAAM/T,EAA0B56C,EAAM4H,oBAAoBoB,SAC1D4lD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,MAAMq9C,EAAa,CACjBrlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKgkD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAWrlD,QAAUqlD,EAAWnlD,cAAezP,KAAK03D,SAO1E,OANAK,EAAKF,qBAAqB/0D,WAAWgyD,GAAsBF,EAAY,GAAID,EAAY,CACrFzQ,cAAez5C,EAAMoE,UAAU2B,eAC/B60C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,GAAW,EAAO8R,UAChC6jD,EAAKzzC,OAAOtkB,MACX+3D,CACX,EC3PA,MAAMuB,GAKJ,WAAA15D,CAAY25D,EAAc7B,GACxB13D,KAAK6vD,UAAY0J,EACjBv5D,KAAKw5D,kBAAoB,GACzBx5D,KAAK63D,qBAAuB,GAC5B73D,KAAK03D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMpE,EAAa,IAAIlL,GAIvB,OAHAkL,EAAW5wD,KAAK9C,KAAK6vD,WACrB6D,EAAW5wD,QAAQ9C,KAAK63D,sBACxBnE,EAAW5wD,QAAQ9C,KAAKw5D,mBACjB9F,CACX,CAME,KAAA9wD,GACE,MAAM8xD,EAAS,IAAI4E,GAAOt5D,KAAK6vD,UAAW7vD,KAAK03D,SAG/C,OAFAhD,EAAO8E,kBAAoB,IAAIx5D,KAAKw5D,mBACpC9E,EAAOmD,qBAAuB,IAAI73D,KAAK63D,sBAChCnD,CACX,CAcE,eAAM2D,CAAUxpD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,MAAMo9C,EAAa30D,KAAK03D,QAAQ7H,UAChC,OAAO4J,GACL9E,EAAYlqD,EAAMoE,UAAUgC,iBAAkB,CAC5CF,IAAKgkD,EACLhxD,KAAM3D,KAAK6vD,WACV7vD,KAAK63D,qBAAsBhpD,EAAW8B,EAAKgyC,EAAMzuC,EAE1D,CAWE,YAAMwsB,CAAOiiB,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACvC,MAAMo9C,EAAa30D,KAAK03D,QAAQ7H,UAC1BoE,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAM3D,KAAK6vD,WAE7C6J,QAAyBC,GAA+B35D,KAAKw5D,kBAAmB7E,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,EAAMzuC,GAErJ,GAAIwlD,EAAiB/T,eAAiB3lD,KAAKq4D,UAAUqB,EAAkB,KAAM/W,EAAMzuC,GACjF,MAAU3S,MAAM,qBAGlB,GAAIq4D,GAAqB55D,KAAK6vD,UAAW6J,EAAkB/W,GACzD,MAAUphD,MAAM,qBAElB,OAAOm4D,CACX,CAUE,uBAAMhS,CAAkB/E,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClD,MAAMo9C,EAAa30D,KAAK03D,QAAQ7H,UAC1BoE,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAM3D,KAAK6vD,WACnD,IAAI6J,EACJ,IACEA,QAAyBC,GAA+B35D,KAAKw5D,kBAAmB7E,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,EAAMzuC,EAChJ,CAAC,MAAOhQ,GACP,OAAO,IACb,CACI,MAAM21D,EAAYC,GAA4B95D,KAAK6vD,UAAW6J,GACxDK,EAAYL,EAAiBhS,oBACnC,OAAOmS,EAAYE,EAAYF,EAAYE,CAC/C,CAUE,YAAMz1C,CAAOowC,EAAQ/R,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC/C,MAAMo9C,EAAa30D,KAAK03D,QAAQ7H,UAChC,IAAK7vD,KAAKuwD,qBAAqBmE,GAC7B,MAAUnzD,MAAM,2DAGdvB,KAAK6vD,UAAUjwD,YAAYme,MAAQtT,EAAMkE,OAAOa,cAChDklD,EAAO7E,UAAUjwD,YAAYme,MAAQtT,EAAMkE,OAAOM,eACpDjP,KAAK6vD,UAAY6E,EAAO7E,WAG1B,MAAMhG,EAAO7pD,KACPi0D,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAMkmD,EAAKgG,iBAC7CmK,GAAuBtF,EAAQ10D,KAAM,oBAAqB2iD,GAAMrgD,eAAe23D,GACnF,IAAK,IAAIn4D,EAAI,EAAGA,EAAI+nD,EAAK2P,kBAAkB53D,OAAQE,IACjD,GAAI+nD,EAAK2P,kBAAkB13D,GAAG6P,YAAY4xC,OAAO0W,EAAWtoD,aAI1D,OAHIsoD,EAAWxV,QAAUoF,EAAK2P,kBAAkB13D,GAAG2iD,UACjDoF,EAAK2P,kBAAkB13D,GAAKm4D,IAEvB,EAGX,IAEE,aADMA,EAAWv5B,OAAOi0B,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,OAAMvgD,EAAW8R,IAC3F,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEU81D,GAAuBtF,EAAQ10D,KAAM,uBAAwB2iD,GAAM,SAASuW,GAChF,OAAOO,GAAqB9E,EAAYlqD,EAAMoE,UAAUgC,iBAAkBojD,EAAc,CAACiF,QAAY92D,OAAWA,EAAWugD,EAAMzuC,EACvI,GACA,CAaE,YAAMilD,CACJxE,GAEEyE,KAAM/T,EAA0B56C,EAAM4H,oBAAoBoB,SAC1D4lD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,MAAMq9C,EAAa,CAAEjkD,IAAKgkD,EAAYhxD,KAAM3D,KAAK6vD,WAC3C6E,EAAS,IAAI4E,GAAOt5D,KAAK6vD,UAAW7vD,KAAK03D,SAO/C,OANAhD,EAAOmD,qBAAqB/0D,WAAWo3D,GAA6BtF,EAAY,GAAID,EAAY,CAC9FzQ,cAAez5C,EAAMoE,UAAUgC,iBAC/Bw0C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,GAAW,EAAO8R,UAChCwgD,EAAOpwC,OAAOtkB,MACb00D,CACX,CAEE,oBAAAnE,CAAqBC,GACnB,OAAOxwD,KAAK6vD,UAAUU,qBAAqBC,EAAMX,WAAaW,EAClE,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAevuD,SAAQgG,IAC3FqxD,GAAOr5D,UAAUgI,GACf,WACE,OAAOjI,KAAK6vD,UAAU5nD,IACvB,CAAA,IC9KL,MAAMkyD,gBAAyCrjD,EAAK8G,wBAAwB,CAACqmC,KACvEmW,GAAoB,IAAIzkD,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,aAClE6mD,GAAgB,IAAI1kD,IAAI,CAC5BlL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,WACrC/I,EAAMkE,OAAOa,aAAc/E,EAAMkE,OAAO2rD,gBAY1C,MAAMC,GAMJ,qBAAAC,CAAsB9G,EAAY+G,EAAoB,IAAI9kD,KACxD,IAAIoiD,EACA2C,EACAhG,EACAiG,EAEJ,IAAK,MAAMhsD,KAAU+kD,EAAY,CAE/B,GAAI/kD,aAAkBo+B,GAAmB,CACRstB,GAAcr2D,IAAI2K,EAAOoP,OACzB48C,IAI3BA,EADEP,GAAkBp2D,IAAI2K,EAAOoP,KACjBq8C,GAEAC,IAGlB,QACR,CAEM,MAAMt8C,EAAMpP,EAAO/O,YAAYme,IAC/B,GAAI48C,EAAa,CACf,IAAKA,EAAY32D,IAAI+Z,GAAM,SAC3B48C,EAAc,IACtB,CACM,GAAIF,EAAkBz2D,IAAI+Z,GACxB,MAAUxc,MAAM,2BAA2Bwc,GAE7C,OAAQA,GACN,KAAKtT,EAAMkE,OAAO5C,UAClB,KAAKtB,EAAMkE,OAAOK,UAChB,GAAIhP,KAAK6vD,UACP,MAAUtuD,MAAM,oCAIlB,GAFAvB,KAAK6vD,UAAYlhD,EACjB+rD,EAAe16D,KAAKqmD,YACfqU,EACH,MAAUn5D,MAAM,kBAElB,MACF,KAAKkJ,EAAMkE,OAAOY,OAClB,KAAK9E,EAAMkE,OAAOc,cAChBsoD,EAAO,IAAIP,GAAK7oD,EAAQ3O,MACxBA,KAAK46D,MAAM93D,KAAKi1D,GAChB,MACF,KAAKttD,EAAMkE,OAAOa,aAClB,KAAK/E,EAAMkE,OAAOM,aAChB8oD,EAAO,KACPrD,EAAS,IAAI4E,GAAO3qD,EAAQ3O,MAC5BA,KAAK66D,QAAQ/3D,KAAK4xD,GAClB,MACF,KAAKjqD,EAAMkE,OAAOE,UAChB,OAAQF,EAAOu1C,eACb,KAAKz5C,EAAMoE,UAAUuB,YACrB,KAAK3F,EAAMoE,UAAUwB,YACrB,KAAK5F,EAAMoE,UAAUyB,WACrB,KAAK7F,EAAMoE,UAAU0B,aACnB,IAAKwnD,EAAM,CACTjhD,EAAKuE,WAAW,mEAChB,QAChB,CACkB1M,EAAOgD,YAAY4xC,OAAOmX,GAC5B3C,EAAKJ,mBAAmB70D,KAAK6L,GAE7BopD,EAAKH,oBAAoB90D,KAAK6L,GAEhC,MACF,KAAKlE,EAAMoE,UAAU2B,eACfunD,EACFA,EAAKF,qBAAqB/0D,KAAK6L,GAE/B3O,KAAK86D,iBAAiBh4D,KAAK6L,GAE7B,MACF,KAAKlE,EAAMoE,UAAU8B,IACnB3Q,KAAK86D,iBAAiBh4D,KAAK6L,GAC3B,MACF,KAAKlE,EAAMoE,UAAU4B,cACnB,IAAKikD,EAAQ,CACX59C,EAAKuE,WAAW,qEAChB,QAChB,CACcq5C,EAAO8E,kBAAkB12D,KAAK6L,GAC9B,MACF,KAAKlE,EAAMoE,UAAU+B,cACnB5Q,KAAK63D,qBAAqB/0D,KAAK6L,GAC/B,MACF,KAAKlE,EAAMoE,UAAUgC,iBACnB,IAAK6jD,EAAQ,CACX59C,EAAKuE,WAAW,wEAChB,QAChB,CACcq5C,EAAOmD,qBAAqB/0D,KAAK6L,IAK/C,CACA,CAME,YAAAmpD,GACE,MAAMpE,EAAa,IAAIlL,GAMvB,OALAkL,EAAW5wD,KAAK9C,KAAK6vD,WACrB6D,EAAW5wD,QAAQ9C,KAAK63D,sBACxBnE,EAAW5wD,QAAQ9C,KAAK86D,kBACxB96D,KAAK46D,MAAMj2D,KAAIozD,GAAQrE,EAAW5wD,QAAQi1D,EAAKD,kBAC/C93D,KAAK66D,QAAQl2D,KAAI+vD,GAAUhB,EAAW5wD,QAAQ4xD,EAAOoD,kBAC9CpE,CACX,CAOE,KAAA9wD,CAAMm4D,GAAqB,GACzB,MAAMpqD,EAAM,IAAI3Q,KAAKJ,YAAYI,KAAK83D,gBAiBtC,OAhBIiD,GACFpqD,EAAI+nD,UAAUz2D,SAAQsX,IAMpB,GAJAA,EAAEs2C,UAAY/vD,OAAOilB,OACnBjlB,OAAOk7D,eAAezhD,EAAEs2C,WACxB/vD,OAAOkI,0BAA0BuR,EAAEs2C,aAEhCt2C,EAAEs2C,UAAUM,cAAe,OAEhC,MAAMpa,EAAgB,CAAE,EACxBj2C,OAAO02C,KAAKj9B,EAAEs2C,UAAU9Z,eAAe9zC,SAAQgG,IAC7C8tC,EAAc9tC,GAAQ,IAAIxG,WAAW8X,EAAEs2C,UAAU9Z,cAAc9tC,GAAM,IAEvEsR,EAAEs2C,UAAU9Z,cAAgBA,CAAa,IAGtCplC,CACX,CAQE,UAAAsqD,CAAWzX,EAAQ,MAIjB,OAHgBxjD,KAAK66D,QAAQtwD,QAAOmqD,IACjClR,GAASkR,EAAOrO,WAAW9C,OAAOC,GAAO,IAGhD,CAQE,OAAAkV,CAAQlV,EAAQ,MACd,MAAMhN,EAAO,GAIb,OAHKgN,IAASxjD,KAAKqmD,WAAW9C,OAAOC,GAAO,IAC1ChN,EAAK1zC,KAAK9C,MAELw2C,EAAKhyC,OAAOxE,KAAKi7D,WAAWzX,GACvC,CAME,SAAA0X,GACE,OAAOl7D,KAAK04D,UAAU/zD,KAAIgM,GAAOA,EAAI01C,YACzC,CAME,UAAA8U,GACE,OAAOn7D,KAAK46D,MAAMj2D,KAAIozD,GACbA,EAAKxoD,OAASwoD,EAAKxoD,OAAOA,OAAS,OACzChF,QAAOgF,GAAqB,OAAXA,GACxB,CAME,KAAAxM,GACE,OAAO/C,KAAK83D,eAAe/0D,OAC/B,CAYE,mBAAMq1D,CAAc5U,EAAQ,KAAMb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SACnEvX,KAAKo7D,iBAAiBzY,EAAMpzC,EAAQ2E,GAC1C,MAAMygD,EAAa30D,KAAK6vD,UACxB,IACEwL,GAA4B1G,EAAYzgD,EACzC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EAC3D,CACI,MAAMwkC,EAAU76D,KAAK66D,QAAQl4D,QAAQm4C,MAAK,CAACx8B,EAAGzG,IAAMA,EAAEg4C,UAAUpL,QAAUnmC,EAAEuxC,UAAUpL,UACtF,IAAIvmC,EACJ,IAAK,MAAMw2C,KAAUmG,EACnB,IAAKrX,GAASkR,EAAOrO,WAAW9C,OAAOC,GACrC,UACQkR,EAAOh0B,OAAOiiB,EAAMzuC,GAC1B,MAAM+/C,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAM+wD,EAAO7E,WAC/C6J,QAAyBC,GAC7BjF,EAAO8E,kBAAmB7E,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,EAAMzuC,GAE3F,IAAKonD,GAAgC5G,EAAO7E,UAAW6J,EAAkBxlD,GACvE,SAEF,IAAKwlD,EAAiBlnD,kBACpB,MAAUjR,MAAM,8BAOlB,aAJMo4D,GACJ,CAACD,EAAiBlnD,mBAAoBkiD,EAAO7E,UAAWplD,EAAMoE,UAAU6B,WAAYujD,EAActR,EAAMzuC,GAE1GmnD,GAA4B3G,EAAO7E,UAAW37C,GACvCwgD,CACR,CAAC,MAAOxwD,GACPga,EAAYha,CACtB,CAII,IACE,MAAM60D,QAA0B/4D,KAAKu1D,wBAAwB5S,EAAMpzC,EAAQ2E,GAC3E,KAAMsvC,GAASmR,EAAWtO,WAAW9C,OAAOC,KACxC8X,GAAgC3G,EAAYoE,EAAmB7kD,GAEjE,OADAmnD,GAA4B1G,EAAYzgD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,kDAAoD3d,KAAKqmD,WAAW/a,QAASptB,EACtG,CAYE,sBAAMq9C,CAAiB/X,EAAOb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SAC/DvX,KAAKo7D,iBAAiBzY,EAAMpzC,EAAQ2E,GAC1C,MAAMygD,EAAa30D,KAAK6vD,UACxB,IACEwL,GAA4B1G,EAAYzgD,EACzC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EAC3D,CAEI,MAAMwkC,EAAU76D,KAAK66D,QAAQl4D,QAAQm4C,MAAK,CAACx8B,EAAGzG,IAAMA,EAAEg4C,UAAUpL,QAAUnmC,EAAEuxC,UAAUpL,UACtF,IAAIvmC,EACJ,IAAK,MAAMw2C,KAAUmG,EACnB,IAAKrX,GAASkR,EAAOrO,WAAW9C,OAAOC,GACrC,UACQkR,EAAOh0B,OAAOiiB,EAAMzuC,GAC1B,MAAM+/C,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAM+wD,EAAO7E,WAC/C6J,QAAyBC,GAA+BjF,EAAO8E,kBAAmB7E,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,EAAMzuC,GACvJ,GAAIsnD,GAAmC9G,EAAO7E,UAAW6J,EAAkBxlD,GAEzE,OADAmnD,GAA4B3G,EAAO7E,UAAW37C,GACvCwgD,CAEV,CAAC,MAAOxwD,GACPga,EAAYha,CACtB,CAII,IAEE,MAAM60D,QAA0B/4D,KAAKu1D,wBAAwB5S,EAAMpzC,EAAQ2E,GAC3E,KAAMsvC,GAASmR,EAAWtO,WAAW9C,OAAOC,KACxCgY,GAAmC7G,EAAYoE,EAAmB7kD,GAEpE,OADAmnD,GAA4B1G,EAAYzgD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,qDAAuD3d,KAAKqmD,WAAW/a,QAASptB,EACzG,CAcE,eAAMm6C,CAAUxpD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,OAAOkiD,GACLz5D,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAK6vD,WAAa7vD,KAAK63D,qBAAsBhpD,EAAW8B,EAAKgyC,EAAMzuC,EAE/H,CAWE,sBAAMknD,CAAiBzY,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC9D,MAAMo9C,EAAa30D,KAAK6vD,UAExB,SAAU7vD,KAAKq4D,UAAU,KAAM,KAAM1V,EAAMzuC,GACzC,MAAU3S,MAAM,0BAKlB,GAAIq4D,GAAqBjF,QAFO30D,KAAKu1D,wBAAwB5S,EAAMpzC,EAAQ2E,GAEnByuC,GACtD,MAAUphD,MAAM,0BAElB,GAA2B,IAAvBozD,EAAWjd,QAAe,CAE5B,MAAM+jB,QAAwB9B,GAC5B35D,KAAK86D,iBAAkBnG,EAAYlqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKgkD,GAAchS,EAAMzuC,GACnF7T,OAAM,SAER,GAAIo7D,GAAmB7B,GAAqBjF,EAAY8G,EAAiB9Y,GACvE,MAAUphD,MAAM,yBAExB,CACA,CAUE,uBAAMmmD,CAAkBn4C,EAAQ2E,EAASqD,GACvC,IAAImkD,EACJ,IACE,MAAM3C,QAA0B/4D,KAAKu1D,wBAAwB,KAAMhmD,EAAQ2E,GACrEynD,EAAmB7B,GAA4B95D,KAAK6vD,UAAWkJ,GAC/D6C,EAAgB7C,EAAkBrR,oBAClC+T,EAA6C,IAA3Bz7D,KAAK6vD,UAAUnY,eAC/BiiB,GACJ35D,KAAK86D,iBAAkB96D,KAAK6vD,UAAWplD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK3Q,KAAK6vD,WAAa,KAAM37C,GAC3F7T,OAAM,SACV,GAAIo7D,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4B95D,KAAK6vD,UAAW4L,GAGvEC,EAAmBjzD,KAAKsd,IAAI41C,EAAkBC,EAAeC,EACrE,MACQH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,CAE5E,CAAC,MAAO13D,GACPw3D,EAAmB,IACzB,CAEI,OAAO5kD,EAAKuB,cAAcqjD,EAC9B,CAcE,6BAAMnG,CAAwB5S,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GACrE,MAAMo9C,EAAa30D,KAAK6vD,UACxB,GAA2B,IAAvB8E,EAAWjd,QACb,OAAOiiB,GACL35D,KAAK86D,iBAAkBnG,EAAYlqD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKgkD,GAAchS,EAAMzuC,GAGvF,MAAM6kD,kBAAEA,SAA4B/4D,KAAK87D,eAAenZ,EAAMpzC,EAAQ2E,GACtE,OAAO6kD,CACX,CAeE,oBAAM+C,CAAenZ,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC5D,MAAMo9C,EAAa30D,KAAK6vD,UAClB+K,EAAQ,GACd,IAAI18C,EACJ,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAK46D,MAAMh5D,OAAQE,IACrC,IACE,MAAMi2D,EAAO/3D,KAAK46D,MAAM94D,GACxB,IAAKi2D,EAAKxoD,OACR,SAEF,QACmBnN,IAAhBmN,EAAOtH,MAAsB8vD,EAAKxoD,OAAOtH,OAASsH,EAAOtH,WACxC7F,IAAjBmN,EAAOyjD,OAAuB+E,EAAKxoD,OAAOyjD,QAAUzjD,EAAOyjD,YACxC5wD,IAAnBmN,EAAO0jD,SAAyB8E,EAAKxoD,OAAO0jD,UAAY1jD,EAAO0jD,QAEhE,MAAU1xD,MAAM,iDAElB,MAAM0yD,EAAe,CAAE1kD,OAAQwoD,EAAKxoD,OAAQoB,IAAKgkD,GAC3CoE,QAA0BY,GAA+B5B,EAAKJ,mBAAoBhD,EAAYlqD,EAAMoE,UAAUuB,YAAa6jD,EAActR,EAAMzuC,GACrJ0mD,EAAM93D,KAAK,CAAEoa,MAAOpb,EAAGi2D,OAAMgB,qBAC9B,CAAC,MAAO70D,GACPga,EAAYha,CACpB,CAEI,IAAK02D,EAAMh5D,OAET,MAAMsc,GAAiB3c,MAAM,qCAEzBrB,QAAQ4E,IAAI81D,EAAMj2D,KAAIrC,eAAgBgc,GAC1C,OAAOA,EAAEy6C,kBAAkBpT,SAAWrnC,EAAEy5C,KAAKM,UAAU/5C,EAAEy6C,kBAAmB,KAAMpW,EAAMzuC,EAC9F,KAEI,MAAM6nD,EAAcnB,EAAM9f,MAAK,SAASx8B,EAAGzG,GACzC,MAAMmrB,EAAI1kB,EAAEy6C,kBACNiD,EAAInkD,EAAEkhD,kBACZ,OAAOiD,EAAErW,QAAU3iB,EAAE2iB,SAAW3iB,EAAEoiB,gBAAkB4W,EAAE5W,iBAAmBpiB,EAAEyhB,QAAUuX,EAAEvX,OACxF,IAAEwX,OACGlE,KAAEA,EAAMgB,kBAAmBmD,GAASH,EAC1C,GAAIG,EAAKvW,eAAiBoS,EAAKM,UAAU6D,EAAM,KAAMvZ,EAAMzuC,GACzD,MAAU3S,MAAM,2BAElB,OAAOw6D,CACX,CAeE,YAAMz3C,CAAO63C,EAAWxZ,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClD,IAAKvX,KAAKuwD,qBAAqB4L,GAC7B,MAAU56D,MAAM,4DAElB,IAAKvB,KAAKk4D,aAAeiE,EAAUjE,YAAa,CAQ9C,KANel4D,KAAK66D,QAAQj5D,SAAWu6D,EAAUtB,QAAQj5D,QAClD5B,KAAK66D,QAAQx+B,OAAM+/B,GACXD,EAAUtB,QAAQn2D,MAAK23D,GACrBD,EAAW7L,qBAAqB8L,QAI/C,MAAU96D,MAAM,iEAGlB,OAAO46D,EAAU73C,OAAOtkB,KAAMkU,EACpC,CAKI,MAAMooD,EAAat8D,KAAK4C,QA0CxB,aAxCMo3D,GAAuBmC,EAAWG,EAAY,uBAAwB3Z,GAAMuW,GACzEO,GAAqB6C,EAAWzM,UAAWplD,EAAMoE,UAAU+B,cAAe0rD,EAAY,CAACpD,GAAY,KAAMiD,EAAUtM,UAAWlN,EAAMzuC,WAGvI8lD,GAAuBmC,EAAWG,EAAY,mBAAoB3Z,SAElEziD,QAAQ4E,IAAIq3D,EAAUvB,MAAMj2D,KAAIrC,UAGpC,MAAMi6D,EAAgBD,EAAW1B,MAAMrwD,QAAOiyD,GAC3CC,EAAQltD,QAAUktD,EAAQltD,OAAOg0C,OAAOiZ,EAAQjtD,SAChDktD,EAAQhtD,eAAiBgtD,EAAQhtD,cAAc8zC,OAAOiZ,EAAQ/sD,iBAEjE,GAAI8sD,EAAc36D,OAAS,QACnB1B,QAAQ4E,IACZy3D,EAAc53D,KAAI+3D,GAAgBA,EAAap4C,OAAOm4C,EAAS9Z,EAAMzuC,UAElE,CACL,MAAMyoD,EAAUF,EAAQ75D,QACxB+5D,EAAQjF,QAAU4E,EAClBA,EAAW1B,MAAM93D,KAAK65D,EAC9B,YAGUz8D,QAAQ4E,IAAIq3D,EAAUtB,QAAQl2D,KAAIrC,UAEtC,MAAMs6D,EAAkBN,EAAWzB,QAAQtwD,QAAOsyD,GAChDA,EAAUtM,qBAAqB8L,KAEjC,GAAIO,EAAgBh7D,OAAS,QACrB1B,QAAQ4E,IACZ83D,EAAgBj4D,KAAIm4D,GAAkBA,EAAex4C,OAAO+3C,EAAW1Z,EAAMzuC,UAE1E,CACL,MAAM6oD,EAAYV,EAAUz5D,QAC5Bm6D,EAAUrF,QAAU4E,EACpBA,EAAWzB,QAAQ/3D,KAAKi6D,EAChC,MAGWT,CACX,CAUE,8BAAMU,CAAyBra,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACzD,MAAM08C,EAAe,CAAEtjD,IAAK3Q,KAAK6vD,WAC3BkH,QAA4B4C,GAA+B35D,KAAK63D,qBAAsB73D,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAeqjD,EAActR,EAAMzuC,GACzJw/C,EAAa,IAAIlL,GACvBkL,EAAW5wD,KAAKi0D,GAEhB,MAAM10C,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,GAAM1I,EAAM0I,MAAMpH,UAAW2nD,EAAW3wD,QAAS,KAAM,KAAM,mCAAoCsf,EAAcnO,EAC1H,CAYE,gCAAM+oD,CAA2BC,EAAuBva,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClF,MAAMhX,QAAc8gB,EAAQ67C,GAEtBnG,SADmBvO,GAAWC,WAAWloD,EAAMsG,KAAMszD,GAA0BjmD,IAC9Cu1C,WAAWh/C,EAAMkE,OAAOE,WAC/D,IAAKkoD,GAAuBA,EAAoB7S,gBAAkBz5C,EAAMoE,UAAU+B,cAChF,MAAUrP,MAAM,8CAElB,IAAKw1D,EAAoBplD,YAAY4xC,OAAOvjD,KAAKqmD,YAC/C,MAAU9kD,MAAM,2CAElB,UACQw1D,EAAoBr2B,OAAO1gC,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAK6vD,WAAalN,OAAMvgD,EAAW8R,EAC3H,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,wCAAyCzZ,EACpE,CACI,MAAMyM,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIknD,qBAAqB/0D,KAAKi0D,GACvBpmD,CACX,CAWE,qBAAMwsD,CAAgBC,EAAaza,EAAMpzC,EAAQ2E,EAASqD,GACxD,MAAM2F,MAAEA,EAAK66C,KAAEA,SAAe/3D,KAAK87D,eAAenZ,EAAMpzC,EAAQ2E,GAC1DmpD,QAAiBtF,EAAKC,QAAQoF,EAAaza,EAAMzuC,GACjDvD,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAIiqD,MAAM19C,GAASmgD,EACZ1sD,CACX,CAUE,kBAAM2sD,CAAaF,EAAaza,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,MAAM5G,EAAM3Q,KAAK4C,QAIjB,OAHA+N,EAAIiqD,YAAc16D,QAAQ4E,IAAI9E,KAAK46D,MAAMj2D,KAAI,SAASozD,GACpD,OAAOA,EAAKC,QAAQoF,EAAaza,EAAMzuC,EAC7C,KACWvD,CACX,CAiBE,uBAAM4sD,CAAkB/E,EAAkB7V,EAAO,IAAI5qC,KAAQxI,EAAQ2E,EAASqD,GAC5E,MAAMo9C,EAAa30D,KAAK6vD,WAClBkI,KAAEA,SAAe/3D,KAAK87D,eAAenZ,EAAMpzC,EAAQ2E,GAIzD,OAHgBskD,QACRT,EAAKY,wBAAwBH,EAAkB7V,EAAMzuC,GAC3D,CAAC,CAAEsvC,MAAOmR,EAAWtO,WAAYyS,YAAaf,EAAKr3B,OAAOiiB,EAAMzuC,GAAQ7T,OAAM,KAAM,KAE1F,CAiBE,oBAAMm9D,CAAehF,EAAkB7V,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACjE,MAAMo9C,EAAa30D,KAAK6vD,UAClB4N,EAAU,GAehB,aAdMv9D,QAAQ4E,IAAI9E,KAAK46D,MAAMj2D,KAAIrC,UAC/B,MAAM0xD,EAAawE,QACXT,EAAKY,wBAAwBH,EAAkB7V,EAAMzuC,GAC3D,CAAC,CAAEsvC,MAAOmR,EAAWtO,WAAYyS,YAAaf,EAAKr3B,OAAOiiB,EAAMzuC,GAAQ7T,OAAM,KAAM,MAEtFo9D,EAAQ36D,QAAQkxD,EAAWrvD,KACzBkK,IAAc,CACZU,OAAQwoD,EAAKxoD,OAASwoD,EAAKxoD,OAAOA,OAAS,KAC3CE,cAAesoD,EAAKtoD,cACpB+zC,MAAO30C,EAAU20C,MACjBsV,MAAOjqD,EAAUiqD,UAEpB,KAEI2E,CACX,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBx7D,SAAQgG,IACpGsyD,GAAIt6D,UAAUgI,GACdqxD,GAAOr5D,UAAUgI,EAAK,ICntBxB,MAAMy1D,WAAkBnD,GAItB,WAAA36D,CAAY8zD,GAOV,GANA7zD,QACAG,KAAK6vD,UAAY,KACjB7vD,KAAK63D,qBAAuB,GAC5B73D,KAAK86D,iBAAmB,GACxB96D,KAAK46D,MAAQ,GACb56D,KAAK66D,QAAU,GACXnH,IACF1zD,KAAKw6D,sBAAsB9G,EAAY,IAAI/9C,IAAI,CAAClL,EAAMkE,OAAOK,UAAWvE,EAAMkE,OAAOM,iBAChFjP,KAAK6vD,WACR,MAAUtuD,MAAM,yCAGxB,CAME,SAAA22D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,OAAO39D,IACX,CAOE,KAAAmT,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,GAAM1I,EAAM0I,MAAMpH,UAAW/L,KAAK83D,eAAe/0D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACpH,ECpDA,MAAM0pD,WAAmBF,GAIvB,WAAA99D,CAAY8zD,GAGV,GAFA7zD,QACAG,KAAKw6D,sBAAsB9G,EAAY,IAAI/9C,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOa,iBAChFxP,KAAK6vD,UACR,MAAUtuD,MAAM,0CAEtB,CAME,SAAA22D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,MAAMjK,EAAa,IAAIlL,GACjBqV,EAAa79D,KAAK83D,eACxB,IAAK,MAAMjI,KAAagO,EACtB,OAAQhO,EAAUjwD,YAAYme,KAC5B,KAAKtT,EAAMkE,OAAOK,UAAW,CAC3B,MAAM8uD,EAAerO,GAAgBE,oBAAoBE,GACzD6D,EAAW5wD,KAAKg7D,GAChB,KACV,CACQ,KAAKrzD,EAAMkE,OAAOM,aAAc,CAC9B,MAAM8uD,EAAkBjN,GAAmBC,uBAAuBlB,GAClE6D,EAAW5wD,KAAKi7D,GAChB,KACV,CACQ,QACErK,EAAW5wD,KAAK+sD,GAGtB,OAAO,IAAI6N,GAAUhK,EACzB,CAOE,KAAAvgD,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,GAAM1I,EAAM0I,MAAMK,WAAYxT,KAAK83D,eAAe/0D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrH,CAaE,uBAAM8pD,CAAkBxa,EAAOb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,GACtE,MAAMo9C,EAAa30D,KAAK6vD,UAClBrZ,EAAO,GACb,IAAIt4B,EAAY,KAChB,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAK66D,QAAQj5D,OAAQE,IACvC,IAAK0hD,GAASxjD,KAAK66D,QAAQ/4D,GAAGukD,WAAW9C,OAAOC,GAAO,GAAO,CAC5D,GAAIxjD,KAAK66D,QAAQ/4D,GAAG+tD,UAAUoC,UAAW,CACvC/zC,EAAYA,GAAiB3c,MAAM,uDACnC,QACV,CAEQ,IACE,MAAM0yD,EAAe,CAAEtjD,IAAKgkD,EAAYhxD,KAAM3D,KAAK66D,QAAQ/4D,GAAG+tD,WACxD6J,QAAyBC,GAA+B35D,KAAK66D,QAAQ/4D,GAAG03D,kBAAmB7E,EAAYlqD,EAAMoE,UAAU4B,cAAewjD,EAActR,EAAMzuC,GAC5J+pD,GAAmCj+D,KAAK66D,QAAQ/4D,GAAG+tD,UAAW6J,EAAkBxlD,IAClFsiC,EAAK1zC,KAAK9C,KAAK66D,QAAQ/4D,GAE1B,CAAC,MAAOoC,GACPga,EAAYha,CACtB,CACA,CAII,MAAM60D,QAA0B/4D,KAAKu1D,wBAAwB5S,EAAMpzC,EAAQ2E,GAS3E,GARMsvC,IAASmR,EAAWtO,WAAW9C,OAAOC,GAAO,KAAUya,GAAmCtJ,EAAYoE,EAAmB7kD,KACzHygD,EAAW1C,UACb/zC,EAAYA,GAAiB3c,MAAM,uDAEnCi1C,EAAK1zC,KAAK9C,OAIM,IAAhBw2C,EAAK50C,OAEP,MAAMsc,GAAiB3c,MAAM,mCAG/B,OAAOi1C,CACX,CAME,WAAA2Z,GACE,OAAOnwD,KAAK04D,UAAUh0D,MAAK,EAAGmrD,eAAgBA,EAAUM,eAC5D,CAYE,cAAMsC,CAASv+C,EAASqD,GACtB,IAAKvX,KAAKk4D,YACR,MAAU32D,MAAM,gCAGlB,IAAIyzD,EACJ,GAAKh1D,KAAK6vD,UAAUoC,UAEb,CAKL,MAAMkG,QAAmBn4D,KAAKo4D,cAAc,KAAM,UAAMh2D,EAAW,IAAK8R,EAAQuC,0BAA2B,IAAId,IAAOP,WAAY,IAE9H+iD,IAAeA,EAAWtI,UAAUoC,YACtC+C,EAAmBmD,EAAWtI,UAEtC,MAXMmF,EAAmBh1D,KAAK6vD,UAa1B,GAAImF,EACF,OAAOA,EAAiBvC,WACnB,CACL,MAAMjc,EAAOx2C,KAAK04D,UAElB,GADmBliB,EAAK7xC,KAAIgM,GAAOA,EAAIk/C,UAAUoC,YAAW51B,MAAM6hC,SAEhE,MAAU38D,MAAM,wCAGlB,OAAOrB,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,SAAaqO,EAAIk/C,UAAU4C,aAC7D,CACA,CAKE,kBAAAL,GACEpyD,KAAK04D,UAAUz2D,SAAQ,EAAG4tD,gBACpBA,EAAUM,eACZN,EAAUuC,oBAClB,GAEA,CAYE,YAAM+G,EAEFC,KAAM/T,EAA0B56C,EAAM4H,oBAAoBoB,SAC1D4lD,OAAQ/T,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,IAAKvX,KAAKk4D,YACR,MAAU32D,MAAM,iCAElB,MAAMqzD,EAAa,CAAEjkD,IAAK3Q,KAAK6vD,WACzBl/C,EAAM3Q,KAAK4C,QAMjB,OALA+N,EAAIknD,qBAAqB/0D,WAAWo3D,GAA6BtF,EAAY,GAAI50D,KAAK6vD,UAAW,CAC/F3L,cAAez5C,EAAMoE,UAAU+B,cAC/By0C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,OAAWA,EAAW8R,IACnCvD,CACX,CAkBE,eAAMwtD,CAAUr4D,EAAU,IACxB,MAAMoO,EAAS,IAAKqD,KAAkBzR,EAAQoO,QAC9C,GAAIpO,EAAQwxC,WACV,MAAU/1C,MAAM,gEAElB,GAAIuE,EAAQ+tD,QAAU3/C,EAAOkB,WAC3B,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBtP,EAAQ+tD,WAEnF,MAAMjE,EAAkB5vD,KAAK6vD,UAC7B,GAAID,EAAgBqC,UAClB,MAAU1wD,MAAM,8CAElB,IAAKquD,EAAgBO,cACnB,MAAU5uD,MAAM,wBAElB,MAAM68D,EAAiBxO,EAAgBa,mBACvC2N,EAAenqD,KAiBnB,SAA8B8gB,GAG5B,OAFatqB,EAAM1H,MAAM0H,EAAMsB,UAAWgpB,IAGxC,KAAKtqB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACnB,MAAO,MACT,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,MAAO,MACT,KAAK9B,EAAMsB,UAAUZ,QACnB,MAAO,aACT,KAAKV,EAAMsB,UAAUa,MACnB,MAAO,WACT,QACE,MAAUrL,MAAM,yBAEtB,CApC0B88D,CAAqBD,EAAe1oB,WAC1D0oB,EAAevK,QAAUuK,EAAepiD,MAAQ,KAChDoiD,EAAe1zD,MAAQ0zD,EAAe1zD,OAAS,mBAC/C5E,EAAUw4D,GAA0Bx4D,EAASs4D,GAK7C,MAAMvO,QAAkB0O,GAA4Bz4D,EAAS,IAAKoO,EAAQQ,OAAmC,IAA3B1U,KAAK6vD,UAAUnY,UACjG2jB,GAA4BxL,EAAW37C,GACvC,MAAMwlD,QAAyB8E,GAA8B3O,EAAWD,EAAiB9pD,EAASoO,GAC5FuqD,EAAaz+D,KAAK83D,eAExB,OADA2G,EAAW37D,KAAK+sD,EAAW6J,GACpB,IAAIkE,GAAWa,EAC1B,EClOA,MAAMC,gBAAkC5nD,EAAK8G,wBAAwB,CACnE6xC,GACAqB,GACAO,GACAmC,GACAT,GACA9B,GACAhN,KASF,SAAS0a,GAAUjL,GACjB,IAAK,MAAM/kD,KAAU+kD,EACnB,OAAQ/kD,EAAO/O,YAAYme,KACzB,KAAKtT,EAAMkE,OAAOK,UAChB,OAAO,IAAI4uD,GAAWlK,GACxB,KAAKjpD,EAAMkE,OAAO5C,UAChB,OAAO,IAAI2xD,GAAUhK,GAG3B,MAAUnyD,MAAM,sBAClB,CAgHAe,eAAes8D,GAAchP,EAAiBiP,EAAqB/4D,EAASoO,GAEtEpO,EAAQwxC,kBACJsY,EAAgB7hC,QAAQjoB,EAAQwxC,WAAYpjC,SAG9ChU,QAAQ4E,IAAI+5D,EAAoBl6D,KAAIrC,eAAe0uD,EAAoB9zC,GAC3E,MAAM4hD,EAAmBh5D,EAAQ+0D,QAAQ39C,GAAOo6B,WAC5CwnB,SACI9N,EAAmBjjC,QAAQ+wC,EAAkB5qD,EAEzD,KAEE,MAAMw/C,EAAa,IAAIlL,GAGvB,SAASuW,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMz0D,QAAOkY,GAAQA,IAASw8C,IAC5D,CAEE,SAASC,IACP,MAAMrK,EAAsB,CAAE,EAC9BA,EAAoB1iD,SAAW,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,UAC5E,MAAMssD,EAAsBJ,EAAqB,CAE/Ct0D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,QACfgH,EAAOE,6BAEV,GADAygD,EAAoBpjD,6BAA+B0tD,EAC/CjrD,EAAOI,YAAa,CACtB,MAAM8qD,EAAiBL,EAAqB,CAC1Ct0D,EAAM6D,KAAKG,IACXhE,EAAM6D,KAAKC,IACX9D,EAAM6D,KAAKE,KACV0F,EAAOM,wBACVqgD,EAAoBliD,sBAAwBysD,EAAeC,SAAQ7T,GAC1D2T,EAAoBx6D,KAAI26D,GACtB,CAACA,EAAoB9T,MAGtC,CAuBI,OAtBAqJ,EAAoBhjD,wBAA0BktD,EAAqB,CAEjEt0D,EAAMkD,KAAKI,OACXtD,EAAMkD,KAAKM,OACXxD,EAAMkD,KAAKQ,SACX1D,EAAMkD,KAAKS,UACV8F,EAAOC,wBACV0gD,EAAoB/iD,+BAAiCitD,EAAqB,CACxEt0D,EAAM6C,YAAYC,aAClB9C,EAAM6C,YAAYG,KAClBhD,EAAM6C,YAAYE,KACjB0G,EAAOG,+BAEVwgD,EAAoBviD,SAAW,CAAC,GAChCuiD,EAAoBviD,SAAS,IAAM7H,EAAM6H,SAASwB,sBAC9CI,EAAOI,cACTugD,EAAoBviD,SAAS,IAAM7H,EAAM6H,SAAS0B,SAEhDlO,EAAQyL,kBAAoB,IAC9BsjD,EAAoBtjD,kBAAoBzL,EAAQyL,kBAChDsjD,EAAoB/P,iBAAkB,GAEjC+P,CACX,CAEE,GApDAnB,EAAW5wD,KAAK8sD,GAoDgB,IAA5BA,EAAgBlY,QAAe,CACjC,MAAMkd,EAAa,CACjBjkD,IAAKi/C,GAGDiF,EAAsBqK,IAC5BrK,EAAoB3Q,cAAgBz5C,EAAMoE,UAAU8B,IAEpD,MAAMo3C,QAAwBmS,GAA6BtF,EAAY,GAAIhF,EAAiBiF,EAAqB/uD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,GAChKw/C,EAAW5wD,KAAKilD,EACpB,OAEQ7nD,QAAQ4E,IAAIgB,EAAQy5D,QAAQ56D,KAAIrC,eAAeiN,EAAQ2N,GAC3D,MAAMsiD,EAAezM,GAAatd,WAAWlmC,GACvCqlD,EAAa,CACjBrlD,OAAQiwD,EACR7uD,IAAKi/C,GAEDiF,EAAkD,IAA5BjF,EAAgBlY,QAAgBwnB,IAA8B,CAAE,EAC5FrK,EAAoB3Q,cAAgBz5C,EAAMoE,UAAU0B,aACtC,IAAV2M,IACF23C,EAAoBzP,iBAAkB,GAKxC,MAAO,CAAEoa,eAAczX,sBAFOmS,GAA6BtF,EAAY,GAAIhF,EAAiBiF,EAAqB/uD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,GAGpK,KAAMrR,MAAK4B,IACPA,EAAKxC,SAAQ,EAAGu9D,eAAczX,sBAC5B2L,EAAW5wD,KAAK08D,GAChB9L,EAAW5wD,KAAKilD,EAAgB,GAChC,UAGE7nD,QAAQ4E,IAAI+5D,EAAoBl6D,KAAIrC,eAAe0uD,EAAoB9zC,GAC3E,MAAMuiD,EAAgB35D,EAAQ+0D,QAAQ39C,GAEtC,MAAO,CAAE8zC,qBAAoB0O,4BADOlB,GAA8BxN,EAAoBpB,EAAiB6P,EAAevrD,GAE1H,KAAMrR,MAAK6lD,IACPA,EAAQzmD,SAAQ,EAAG+uD,qBAAoB0O,4BACrChM,EAAW5wD,KAAKkuD,GAChB0C,EAAW5wD,KAAK48D,EAAsB,GACtC,IAKJ,MAAM9K,EAAa,CAAEjkD,IAAKi/C,GAkB1B,OAjBA8D,EAAW5wD,WAAWo3D,GAA6BtF,EAAY,GAAIhF,EAAiB,CAClF1L,cAAez5C,EAAMoE,UAAU+B,cAC/By0C,wBAAyB56C,EAAM4H,oBAAoBoB,SACnD6xC,0BAA2B,IAC1Bx/C,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,IAE9CpO,EAAQwxC,YACVsY,EAAgBwC,2BAGZlyD,QAAQ4E,IAAI+5D,EAAoBl6D,KAAIrC,eAAe0uD,EAAoB9zC,GAClDpX,EAAQ+0D,QAAQ39C,GAAOo6B,YAE9C0Z,EAAmBoB,oBAEzB,KAES,IAAIwL,GAAWlK,EACxB,CC1QA,MAAMiM,gBAAsC7oD,EAAK8G,wBAAwB,CACvE8kC,GACAoH,GACA8D,GACArC,GACAqF,GACA/C,GACAuB,GACAvH,GACA5D,KAGI2b,gBAA4C9oD,EAAK8G,wBAAwB,CAACwxC,KAE1EyQ,gBAAgD/oD,EAAK8G,wBAAwB,CAACqmC,KAO7E,MAAM6b,GAIX,WAAAlgE,CAAY8zD,GACV1zD,KAAK0oD,QAAUgL,GAAc,IAAIlL,EACrC,CAME,mBAAAuX,GACE,MAAMC,EAAS,GAKf,OAJ0BhgE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOC,8BAC9C3M,SAAQ,SAAS0M,GACjCqxD,EAAOl9D,KAAK6L,EAAOm/C,YACzB,IACWkS,CACX,CAME,gBAAArM,GACE,MAAMpoC,EAAMvrB,KAAKigE,mBAEXC,EAAiB30C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOI,kBAC5D,GAAImxD,EAAet+D,OAAS,EAC1B,OAAOs+D,EAAev7D,KAAIgK,GAAUA,EAAOgD,cAI7C,OADsB4Z,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACtClK,KAAIgK,GAAUA,EAAOgD,aAC9C,CAYE,aAAM0c,CAAQ8xC,EAAgBC,EAAWC,EAAa1d,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAChF,MAAM+oD,EAAyBtgE,KAAK0oD,QAAQW,YAC1C5+C,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBAGf,GAAsC,IAAlC0wD,EAAuB1+D,OACzB,MAAUL,MAAM,2BAGlB,MAAMg/D,EAAqBD,EAAuB,GAC5CE,EAA6BD,EAAmB7U,gBAEhD+U,EAAoBJ,SAAqBrgE,KAAK0gE,mBAAmBP,EAAgBC,EAAWI,EAA4B7d,EAAMzuC,GAEpI,IAAIgK,EAAY,KAChB,MAAMyiD,EAAmBzgE,QAAQ4E,IAAI27D,EAAkB97D,KAAIrC,OAASozC,UAAWkrB,EAAe/5D,WAC5F,IAAKiQ,EAAKtV,aAAaqF,KAAW05D,EAAmB7U,kBAAoB50C,EAAKC,SAAS6pD,GACrF,MAAUr/D,MAAM,uCAGlB,IACE,MAAMkhB,EAAO89C,EAAmB7U,iBAAmBjhD,EAAM1H,MAAM0H,EAAMoC,UAAW+zD,SAC1EL,EAAmBlyC,QAAQ5L,EAAM5b,EAAMqN,EAC9C,CAAC,MAAOhQ,GACP4S,EAAKyE,gBAAgBrX,GACrBga,EAAYha,CACpB,MAOI,GAJA28D,EAAcN,EAAmB3U,WACjC2U,EAAmB3U,UAAY,WACzB+U,GAEDJ,EAAmB7X,UAAY6X,EAAmB7X,QAAQ9mD,OAC7D,MAAMsc,GAAiB3c,MAAM,sBAG/B,MAAMu/D,EAAY,IAAIhB,GAAQS,EAAmB7X,SAGjD,OAFA6X,EAAmB7X,QAAU,IAAIF,GAE1BsY,CACX,CAeE,wBAAMJ,CAAmBP,EAAgBC,EAAWI,EAA4B7d,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1G,IAEI2G,EAFA6iD,EAA6B,GAGjC,GAAIX,EAAW,CACb,MAAMY,EAAehhE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOG,wBAC3D,GAA4B,IAAxBkyD,EAAap/D,OACf,MAAUL,MAAM,8DAEZrB,QAAQ4E,IAAIs7D,EAAUz7D,KAAIrC,eAAeq1C,EAAU71C,GACvD,IAAI4mD,EAEFA,EADE5mD,QACc0mD,GAAWC,WAAWuY,EAAaj+D,QAAS68D,GAA6B1rD,GAE/E8sD,QAEN9gE,QAAQ4E,IAAI4jD,EAAQ/jD,KAAIrC,eAAe2+D,GAC3C,UACQA,EAAY5yC,QAAQspB,GAC1BopB,EAA2Bj+D,KAAKm+D,EACjC,CAAC,MAAO5qC,GACPvf,EAAKyE,gBAAgB8a,GACjBA,aAAe0gB,KACjB74B,EAAYmY,EAE1B,CACA,IACA,IACK,KAAM,KAAI8pC,EA8FT,MAAU5+D,MAAM,iCA9FS,CACzB,MAAM2/D,EAAelhE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOC,8BAC3D,GAA4B,IAAxBsyD,EAAat/D,OACf,MAAUL,MAAM,2DAEZrB,QAAQ4E,IAAIo8D,EAAav8D,KAAIrC,eAAe6+D,SAC1CjhE,QAAQ4E,IAAIq7D,EAAex7D,KAAIrC,eAAe8+D,GAClD,IAAIC,EACJ,IAEEA,SAA8BD,EAAcpD,kBAAkBmD,EAAYrT,YAAa,UAAM1rD,EAAW8R,IAASvP,KAAIgM,GAAOA,EAAIk/C,WACjI,CAAC,MAAOx5B,GAEP,YADAnY,EAAYmY,EAExB,CAEU,IAAI2oC,EAAQ,CACVv0D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,OAChBzC,EAAMoC,UAAUE,UAChBtC,EAAMoC,UAAUG,OAElB,IACE,MAAM+rD,QAA0BqI,EAAc7L,wBAAwB5S,OAAMvgD,EAAW8R,GACnF6kD,EAAkBtnD,+BACpButD,EAAQA,EAAMx6D,OAAOu0D,EAAkBtnD,8BAE1C,CAAC,MAAOvN,GAAG,OAENhE,QAAQ4E,IAAIu8D,EAAqB18D,KAAIrC,eAAeg/D,GACxD,IAAKA,EAAoBnR,cACvB,MAAU5uD,MAAM,oCAWlB,GAPiC2S,EAAOuB,8BACtC0rD,EAAY/c,qBAAuB35C,EAAMsB,UAAUE,YACnDk1D,EAAY/c,qBAAuB35C,EAAMsB,UAAUC,gBACnDm1D,EAAY/c,qBAAuB35C,EAAMsB,UAAUG,SACnDi1D,EAAY/c,qBAAuB35C,EAAMsB,UAAUI,SAGvB,CAW5B,MAAMo1D,EAAkBJ,EAAYp+D,cAC9B7C,QAAQ4E,KACZ07D,EACE,CAACA,GACD7gE,MAAM4gB,KAAKrM,EAAOwB,0DACpB/Q,KAAIrC,UACJ,MAAMk/D,EAAkB,IAAI3T,GAC5B2T,EAAgBn/D,KAAKk/D,GACrB,MAAM7S,EAAmB,CACvB7C,sBACAoC,WAAY9xC,GAAOqzC,mBAAmB3D,IAExC,UACQ2V,EAAgBnzC,QAAQizC,EAAqB5S,GACnDqS,EAA2Bj+D,KAAK0+D,EACjC,CAAC,MAAOnrC,GAEPvf,EAAKyE,gBAAgB8a,GACrBnY,EAAYmY,CAC9B,KAGA,MACc,UACQ8qC,EAAY9yC,QAAQizC,GAC1B,MAAMhC,EAAqBkB,GAA8BW,EAAYtV,oBACrE,GAAIyT,IAAuBN,EAAM9/C,SAASzU,EAAM1H,MAAM0H,EAAMoC,UAAWyyD,IACrE,MAAU/9D,MAAM,iDAElBw/D,EAA2Bj+D,KAAKq+D,EACjC,CAAC,MAAO9qC,GACPvf,EAAKyE,gBAAgB8a,GACrBnY,EAAYmY,CAC5B,CAEA,IACA,KACQwqC,EAAcM,EAAYvV,WAC1BuV,EAAYvV,UAAY,IAChC,IACA,CAEA,CAEI,GAAImV,EAA2Bn/D,OAAS,EAAG,CAEzC,GAAIm/D,EAA2Bn/D,OAAS,EAAG,CACzC,MAAM6/D,EAAO,IAAI9rD,IACjBorD,EAA6BA,EAA2Bx2D,QAAOm3D,IAC7D,MAAMnoD,EAAImoD,EAAK7V,oBAAsB/0C,EAAKmD,mBAAmBynD,EAAKzT,YAClE,OAAIwT,EAAKz9D,IAAIuV,KAGbkoD,EAAKx9D,IAAIsV,IACF,EAAI,GAErB,CAEM,OAAOwnD,EAA2Bp8D,KAAIgK,IAAW,CAC/C9H,KAAM8H,EAAOs/C,WACbvY,UAAW/mC,EAAOk9C,qBAAuBphD,EAAMpI,KAAKoI,EAAMoC,UAAW8B,EAAOk9C,wBAEpF,CACI,MAAM3tC,GAAiB3c,MAAM,iCACjC,CAME,cAAAogE,GACE,MACM7xD,EADM9P,KAAKigE,mBACGvX,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQizC,YAAe,IAC9C,CAME,WAAAG,GACE,MACMpzC,EADM9P,KAAKigE,mBACGvX,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQozC,eAAkB,IACjD,CAME,OAAAJ,GACE,MACMhzC,EADM9P,KAAKigE,mBACGvX,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAIS,EACKA,EAAQgzC,UAEV,IACX,CAWE,+BAAa0M,CAAmBoS,EAAiB,GAAIjf,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIrrD,EAASqD,GAC7F,MAAM8+B,cAAEA,EAAawrB,SAAEA,SPlIpBv/D,eAAuCk0C,EAAO,GAAImM,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIrrD,EAASqD,GACjG,MAAMuqD,QAAiB5hE,QAAQ4E,IAAI0xC,EAAK7xC,KAAI,CAACgM,EAAK7O,IAAM6O,EAAI4kD,wBAAwB5S,EAAM4c,EAAQz9D,GAAIoS,MAKtG,GAJiBsiC,EAAK50C,OACpBkgE,EAASzlC,OAAM0lC,GAAWA,EAAQzvD,UAAayvD,EAAQzvD,SAAS,GAAK7H,EAAM6H,SAAS0B,UACpFE,EAAOI,YAEK,CACZ,MAAM0tD,EAAqB,CAAE3rB,cAAe5rC,EAAMoC,UAAUK,OAAQ20D,SAAUp3D,EAAM6D,KAAKE,KACnFyzD,EAAsB,CAC1B,CAAE5rB,cAAeniC,EAAOE,4BAA6BytD,SAAU3tD,EAAOM,wBACtE,CAAE6hC,cAAeniC,EAAOE,4BAA6BytD,SAAUp3D,EAAM6D,KAAKE,KAC1E,CAAE6nC,cAAe5rC,EAAMoC,UAAUK,OAAQ20D,SAAU3tD,EAAOM,yBAE5D,IAAK,MAAM0tD,KAAsBD,EAC/B,GAAIH,EAASzlC,OAAM0lC,GAAWA,EAAQpvD,uBAAyBovD,EAAQpvD,sBAAsBjO,MAC3Fy9D,GAAeA,EAAY,KAAOD,EAAmB7rB,eAAiB8rB,EAAY,KAAOD,EAAmBL,aAE5G,OAAOK,EAGX,OAAOF,CACX,CACE,MAAMI,EAAiB33D,EAAMoC,UAAUK,OACjCm1D,EAAiBnuD,EAAOE,4BAC9B,MAAO,CACLiiC,cAAeyrB,EAASzlC,OAAM0lC,GAAWA,EAAQtwD,8BAAgCswD,EAAQtwD,6BAA6ByN,SAASmjD,KAC7HA,EACAD,EACFP,cAAUz/D,EAEd,COoG8CkgE,CAAwBV,EAAgBjf,EAAM4c,EAASrrD,GAC3FquD,EAAoB93D,EAAMpI,KAAKoI,EAAMoC,UAAWwpC,GAChDmsB,EAAeX,EAAWp3D,EAAMpI,KAAKoI,EAAM6D,KAAMuzD,QAAYz/D,QAE7DlC,QAAQ4E,IAAI88D,EAAej9D,KAAIgM,GAAOA,EAAI4qD,mBAC7Cl7D,OAAM,IAAM,OACZwC,MAAK4/D,IACJ,GAAIA,IAAaA,EAAS5S,UAAUna,YAAcjrC,EAAMsB,UAAUW,QAAU+1D,EAAS5S,UAAUna,YAAcjrC,EAAMsB,UAAUY,QAC1H61D,IAAiB1rD,EAAK0H,MAAM63B,GAC7B,MAAU90C,MAAM,2MAC1B,OAKI,MAAO,CAAEsF,KADcsV,GAAOqzC,mBAAmBnZ,GAClBX,UAAW6sB,EAAmB/W,cAAegX,EAChF,CAeE,aAAMz0C,CAAQ6zC,EAAgBxB,EAAWnS,EAAYnK,GAAW,EAAO4e,EAAmB,GAAI/f,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIrrD,EAASqD,GACtI,GAAI02C,GACF,IAAKn3C,EAAKtV,aAAaysD,EAAWpnD,QAAUiQ,EAAKC,SAASk3C,EAAWvY,WACnE,MAAUn0C,MAAM,4CAEb,GAAIqgE,GAAkBA,EAAehgE,OAC1CqsD,QAAmB6R,GAAQtQ,mBAAmBoS,EAAgBjf,EAAM4c,EAASrrD,OACxE,KAAIksD,IAAaA,EAAUx+D,OAGhC,MAAUL,MAAM,gDAFhB0sD,QAAmB6R,GAAQtQ,wBAAmBptD,OAAWA,OAAWA,EAAW8R,EAGrF,CAEI,MAAQrN,KAAMsoD,EAAgBzZ,UAAWkrB,EAAepV,cAAemX,GAAsB1U,EAEvF1iC,QAAYu0C,GAAQ8C,kBAAkBzT,EAAgByR,EAAe+B,EAAmBf,EAAgBxB,EAAWtc,EAAU4e,EAAkB/f,EAAM4c,EAASrrD,GAE9JqsD,EAAqBhV,GAAyC9V,WAAW,CAC7EiC,QAASirB,EAAoB,EAAI,EACjCnX,cAAemX,EAAoBl4D,EAAM1H,MAAM0H,EAAM6D,KAAMq0D,GAAqB,OAElFpC,EAAmB7X,QAAU1oD,KAAK0oD,QAElC,MAAMhT,EAAYjrC,EAAM1H,MAAM0H,EAAMoC,UAAW+zD,GAK/C,aAJML,EAAmBxyC,QAAQ2nB,EAAWyZ,EAAgBj7C,GAE5DqX,EAAIm9B,QAAQ5lD,KAAKy9D,GACjBA,EAAmB7X,QAAU,IAAIF,GAC1Bj9B,CACX,CAiBE,8BAAaq3C,CAAkB3U,EAAY2S,EAAe+B,EAAmBf,EAAgBxB,EAAWtc,GAAW,EAAO4e,EAAmB,GAAI/f,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIrrD,EAASqD,GACzL,MAAMm8C,EAAa,IAAIlL,GACjB8W,EAAqB70D,EAAM1H,MAAM0H,EAAMoC,UAAW+zD,GAClDpV,EAAgBmX,GAAqBl4D,EAAM1H,MAAM0H,EAAM6D,KAAMq0D,GAEnE,GAAIf,EAAgB,CAClB,MAAMnE,QAAgBv9D,QAAQ4E,IAAI88D,EAAej9D,KAAIrC,eAAeqyD,EAAY7yD,GAC9E,MAAM4tC,QAAsBilB,EAAW4G,iBAAiBmH,EAAiB5gE,GAAI6gD,EAAM4c,EAASrrD,GAEtF2uD,EAAgBhV,GAAmCpY,WAAW,CAClEiC,QAAS8T,EAAgB,EAAI,EAC7B0C,oBAAqBxe,EAAcmgB,UACnC1B,mBAAoBrK,EACpBmK,aACApC,oBAAqByT,IAKvB,aAFMuD,EAAc90C,QAAQ2hB,EAAcmgB,kBACnCgT,EAAc5U,WACd4U,CACf,KACMnP,EAAW5wD,QAAQ26D,EACzB,CACI,GAAI2C,EAAW,CACb,MAAM0C,EAAcxgE,eAAeutD,EAAWlY,GAC5C,IAEE,aADMkY,EAAUxhC,QAAQspB,GACjB,CACR,CAAC,MAAOzzC,GACP,OAAO,CACjB,CACO,EAEKuuB,EAAM,CAACswC,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB3gE,eAAe2rD,EAAYvY,EAAW8V,EAAe7T,GAC3E,MAAMurB,EAA+B,IAAI9T,GAA6Bl7C,GAQtE,GAPAgvD,EAA6BjV,WAAaA,EAC1CiV,EAA6BrX,oBAAsBnW,EAC/C8V,IACF0X,EAA6B1X,cAAgBA,SAEzC0X,EAA6Bn1C,QAAQ4pB,EAAUzjC,GAEjDA,EAAOmB,uBAAwB,CAEjC,GAA4B,WADNnV,QAAQ4E,IAAIs7D,EAAUz7D,KAAIw+D,GAAOL,EAAYI,EAA8BC,OACrF15B,OAAOhX,GACjB,OAAOwwC,EAAgBhV,EAAYvY,EAAWiC,EAE1D,CAGQ,cADOurB,EAA6BjV,WAC7BiV,CACR,EAEKzF,QAAgBv9D,QAAQ4E,IAAIs7D,EAAUz7D,KAAIw+D,GAAOF,EAAgBhV,EAAYqR,EAAoB9T,EAAe2X,MACtHzP,EAAW5wD,QAAQ26D,EACzB,CAEI,OAAO,IAAIqC,GAAQpM,EACvB,CAgBE,UAAMvzB,CAAK83B,EAAc,GAAIlD,EAAgB,GAAIlmD,EAAY,KAAMu0D,EAAgB,GAAIzgB,EAAO,IAAI5qC,KAAQsrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIjxC,EAASqD,GAC7K,MAAMm8C,EAAa,IAAIlL,GAEjB8a,EAAoBtjE,KAAK0oD,QAAQe,WAAWh/C,EAAMkE,OAAOU,aAC/D,IAAKi0D,EACH,MAAU/hE,MAAM,mCAGlB,MAAMgiE,QAAyBC,GAAuBF,EAAmBrL,EAAalD,EAAelmD,EAAWu0D,EAAezgB,EAAM0gB,EAAgBpO,EAAkB9P,GAAW,EAAOjxC,GACnLuvD,EAA0BF,EAAiB5+D,KAC/C,CAACojD,EAAiBjmD,IAAM+lD,GAAuBC,oBAAoBC,EAAuB,IAANjmD,KACnFkpB,UAMH,OAJA0oC,EAAW5wD,QAAQ2gE,GACnB/P,EAAW5wD,KAAKwgE,GAChB5P,EAAW5wD,QAAQygE,GAEZ,IAAIzD,GAAQpM,EACvB,CAQE,QAAAzJ,CAASxnC,EAAMvO,EAASqD,GACtB,GAAIkL,IAAShY,EAAM6C,YAAYC,aAC7B,OAAOvN,KAGT,MAAM+pD,EAAa,IAAID,GAAqB51C,GAC5C61C,EAAWrU,UAAYjzB,EACvBsnC,EAAWrB,QAAU1oD,KAAK0oD,QAE1B,MAAM+V,EAAa,IAAIjW,GAGvB,OAFAiW,EAAW37D,KAAKinD,GAET,IAAI+V,GAAQrB,EACvB,CAgBE,kBAAMiF,CAAazL,EAAc,GAAIlD,EAAgB,GAAIlmD,EAAY,KAAMu0D,EAAgB,GAAIO,EAAkB,GAAIhhB,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIpa,EAAY,GAAIjxC,EAASqD,GAC7K,MAAM+rD,EAAoBtjE,KAAK0oD,QAAQe,WAAWh/C,EAAMkE,OAAOU,aAC/D,IAAKi0D,EACH,MAAU/hE,MAAM,mCAElB,OAAO,IAAIkyD,SAAgB+P,GAAuBF,EAAmBrL,EAAalD,EAAelmD,EAAWu0D,EAAeO,EAAiBhhB,EAAM4c,EAASpa,GAAW,EAAMjxC,GAChL,CAcE,YAAMwsB,CAAO83B,EAAkB7V,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACzD,MAAMgU,EAAMvrB,KAAKigE,mBACX2D,EAAkBr4C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bu0D,EAAgBhiE,OAClB,MAAUL,MAAM,yDAEdygB,EAAqBuJ,EAAIm9B,QAAQ1nD,SACnCuqB,EAAIm9B,QAAQ5lD,cAAcmf,EAAiBsJ,EAAIm9B,QAAQ1nD,QAAQirB,GAAKA,GAAK,MAE3E,MAAMi0C,EAAiB30C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOI,kBAAkBic,UACxE64C,EAAgBt4C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOE,WAC3D,OAAIqxD,EAAet+D,SAAWiiE,EAAcjiE,QAAUkV,EAAK7V,SAASsqB,EAAIm9B,QAAQ1nD,UAAYghB,EAAqBuJ,EAAIm9B,QAAQ1nD,eACrHd,QAAQ4E,IAAIo7D,EAAev7D,KAAIrC,UACnC2lD,EAAWG,iBAAmB,IAAIloD,SAAQ,CAACC,EAASC,KAClD6nD,EAAW6b,wBAA0B3jE,EACrC8nD,EAAW8b,uBAAyB3jE,CAAM,IAE5C6nD,EAAW5D,cAAgB4B,GAAiB3jD,gBAAmB2lD,EAAWG,kBAAkB/D,gBAC5F4D,EAAWxqB,OAASxb,QAAuBgmC,EAAWt6C,KAAKs6C,EAAW/D,cAAe0f,EAAgB,QAAIxhE,GAAW,IACpH6lD,EAAWxqB,OAAOp9B,OAAM,QAAS,KAEnCkrB,EAAIm9B,QAAQ1nD,OAAS4gB,EAAqB2J,EAAIm9B,QAAQ1nD,QAAQsB,MAAO4C,EAAUC,KAC7E,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,IAAK,IAAIrD,EAAI,EAAGA,EAAIo+D,EAAet+D,OAAQE,IAAK,CAC9C,MAAQS,MAAOsM,SAAoBnL,EAAOrB,OAC1C69D,EAAep+D,GAAGgiE,wBAAwBj1D,EACtD,OACgBnL,EAAOjB,kBACP9B,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,GACPg8D,EAAej+D,SAAQgmD,IACrBA,EAAW8b,uBAAuB7/D,EAAE,UAEhCvD,EAAOuC,MAAMgB,EAC7B,KAEa8/D,GAA0B9D,EAAgB0D,EAAiBpL,EAAkB7V,GAAM,EAAOzuC,IAE5F8vD,GAA0BH,EAAeD,EAAiBpL,EAAkB7V,GAAM,EAAOzuC,EACpG,CAeE,cAAA+vD,CAAep1D,EAAW2pD,EAAkB7V,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtE,MACMqsD,EADM5jE,KAAKigE,mBACWvX,QAAQW,YAAY5+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3Bu0D,EAAgBhiE,OAClB,MAAUL,MAAM,yDAGlB,OAAOyiE,GADen1D,EAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACjB+0D,EAAiBpL,EAAkB7V,GAAM,EAAMzuC,EACnG,CAME,gBAAA+rD,GACE,MAAMlW,EAAa/pD,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOO,gBACzD,OAAI66C,EAAWnoD,OACN,IAAIk+D,GAAQ/V,EAAW,GAAGrB,SAE5B1oD,IACX,CAOE,qBAAMkkE,CAAgBC,EAAmBjwD,EAASqD,SAC1CvX,KAAK0oD,QAAQrmD,KACjByU,EAAKtV,aAAa2iE,GAAqBA,SAA2B9iD,EAAQ8iD,IAAoBt9D,KAC9Fg5D,GACA3rD,EAEN,CAME,KAAAnR,GACE,OAAO/C,KAAK0oD,QAAQ3lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GACb,MAAM6sD,EAAiBpkE,KAAK0oD,QAAQ1oD,KAAK0oD,QAAQ9mD,OAAS,GAGpDygB,EAAe+hD,EAAexkE,YAAYme,MAAQwtC,GAAyCxtC,IACpE,IAA3BqmD,EAAe1sB,QACf13C,KAAK0oD,QAAQhkD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQkmC,GAAgBlmC,KAA0B,IAAnBpP,EAAO+oC,UACvF,OAAOvkC,GAAM1I,EAAM0I,MAAMI,QAASvT,KAAK+C,QAAS,KAAM,KAAM,KAAMsf,EAAcnO,EACpF,EAqBO5R,eAAekhE,GAAuBF,EAAmBrL,EAAalD,EAAgB,GAAIlmD,EAAY,KAAMu0D,EAAgB,GAAIzgB,EAAO,IAAI5qC,KAAQsrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIva,GAAW,EAAO12B,EAASqD,GAC/O,MAAMm8C,EAAa,IAAIlL,GAGjBtE,EAA2C,OAA3Bof,EAAkBtzD,KACtCvF,EAAMoE,UAAUkB,OAAStF,EAAMoE,UAAUmB,KAa3C,SAXM9P,QAAQ4E,IAAImzD,EAAYtzD,KAAIrC,MAAOqyD,EAAY7yD,KACnD,MAAMuiE,EAAgBhB,EAAevhE,GACrC,IAAK6yD,EAAWuD,YACd,MAAU32D,MAAM,gCAElB,MAAM42D,QAAmBxD,EAAWyD,cAAcgL,EAActhE,GAAI6gD,EAAM0hB,EAAenwD,GACzF,OAAO4gD,GAAsBwO,EAAmBvO,EAAcnzD,OAASmzD,EAAgB,CAACJ,GAAawD,EAAWtI,UAAW,CAAE3L,iBAAiBvB,EAAMsS,EAAkB9P,EAAWva,EAAU12B,EAAO,KAChMrR,MAAKghE,IACPnQ,EAAW5wD,QAAQ+gE,EAAc,IAG/Bh1D,EAAW,CACb,MAAMy1D,EAAwBz1D,EAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACzE6kD,EAAW5wD,QAAQwhE,EACvB,CACE,OAAO5Q,CACT,CAkGOpxD,eAAe0hE,GAA0BH,EAAeD,EAAiBpL,EAAkB7V,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GAC9I,OAAOrX,QAAQ4E,IAAI++D,EAAct5D,QAAO,SAASsE,GAC/C,MAAO,CAAC,OAAQ,UAAUqQ,SAASzU,EAAMpI,KAAKoI,EAAMoE,UAAWA,EAAUq1C,eAC7E,IAAKv/C,KAAIrC,eAAeuM,GACpB,OApFJvM,eAAwCuM,EAAW+0D,EAAiBpL,EAAkB7V,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GAClI,IAAIo9C,EACA4P,EAEJ,IAAK,MAAM5zD,KAAO6nD,EAAkB,CAClC,MAAMC,EAAa9nD,EAAI+nD,QAAQ7pD,EAAU8C,aACzC,GAAI8mD,EAAW72D,OAAS,EAAG,CACzB+yD,EAAahkD,EACb4zD,EAAuB9L,EAAW,GAClC,KACN,CACA,CAEE,MACM+L,EADqB31D,aAAqBg5C,GACIh5C,EAAUu5C,iBAAmBv5C,EAE3E41D,EAAc,CAClBjhB,MAAO30C,EAAU8C,YACjB4gC,SAAU,WACR,IAAKgyB,EACH,MAAUhjE,MAAM,0CAA0CsN,EAAU8C,YAAY25B,eAG5Ez8B,EAAU6xB,OAAO6jC,EAAqB1U,UAAWhhD,EAAUq1C,cAAe0f,EAAgB,GAAIjhB,EAAM/X,EAAU12B,GACpH,MAAM6zC,QAAwByc,EAC9B,GAAID,EAAqBnU,kBAAoBrI,EAAgBtD,QAC3D,MAAUljD,MAAM,mCAIlB,UACQozD,EAAWyD,cAAcmM,EAAqBle,WAAY0B,EAAgBtD,aAASriD,EAAW8R,EACrG,CAAC,MAAOhQ,GAKP,IAAIgQ,EAAOqB,+CAAgDrR,EAAEqP,QAAQoM,MAAM,4CAGzE,MAAMzb,QAFAywD,EAAWyD,cAAcmM,EAAqBle,WAAY1D,OAAMvgD,EAAW8R,EAI3F,CACM,OAAO,CACR,EA1BS,GA2BVrF,UAAW,WACT,MAAMk5C,QAAwByc,EACxB9Q,EAAa,IAAIlL,GAEvB,OADAT,GAAmB2L,EAAW5wD,KAAKilD,GAC5B,IAAI0L,GAAUC,EACtB,EALU,IAeb,OAHA+Q,EAAY51D,UAAUxO,OAAM,SAC5BokE,EAAYlyB,SAASlyC,OAAM,SAEpBokE,CACT,CAuBWC,CAAyB71D,EAAW+0D,EAAiBpL,EAAkB7V,EAAM/X,EAAU12B,EAClG,IACA,CCnzBA,MAAMo0C,gBAA+BxxC,EAAK8G,wBAAwB,CAACqmC,KAM5D,MAAM0gB,GAKX,WAAA/kE,CAAYoQ,EAAMnB,GAGhB,GADA7O,KAAKgQ,KAAO8G,EAAK0G,qBAAqBxN,GAAMsP,QAAQ,SAAU,QAC1DzQ,KAAeA,aAAqB4kD,IACtC,MAAUlyD,MAAM,2BAElBvB,KAAK6O,UAAYA,GAAa,IAAI4kD,GAAU,IAAIjL,GACpD,CAME,gBAAAmL,GACE,MAAMqM,EAAS,GAKf,OAJsBhgE,KAAK6O,UAAU65C,QACvBzmD,SAAQ,SAAS0M,GAC7BqxD,EAAOl9D,KAAK6L,EAAOgD,YACzB,IACWquD,CACX,CAgBE,UAAM7/B,CAAK83B,EAAalD,EAAgB,GAAIlmD,EAAY,KAAMu0D,EAAgB,GAAIzgB,EAAO,IAAI5qC,KAAQsrD,EAAiB,GAAIpO,EAAmB,GAAI9P,EAAY,GAAIjxC,EAASqD,GACxK,MAAM+rD,EAAoB,IAAI5gB,GAC9B4gB,EAAkBzgB,QAAQ7iD,KAAKgQ,MAC/B,MAAM40D,EAAe,IAAInR,SAAgB+P,GAAuBF,EAAmBrL,EAAalD,EAAelmD,EAAWu0D,EAAezgB,EAAM0gB,EAAgBpO,EAAkB9P,GAAW,EAAMjxC,IAClM,OAAO,IAAIywD,GAAiB3kE,KAAKgQ,KAAM40D,EAC3C,CAcE,MAAAlkC,CAAO8V,EAAMmM,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACvC,MAAMssD,EAAgB7jE,KAAK6O,UAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WAChEy0D,EAAoB,IAAI5gB,GAG9B,OADA4gB,EAAkBzgB,QAAQ7iD,KAAKgQ,MACxBg0D,GAA0BH,EAAe,CAACP,GAAoB9sB,EAAMmM,GAAM,EAAMzuC,EAC3F,CAME,OAAA4uC,GAEE,OAAO9iD,KAAKgQ,KAAKsP,QAAQ,QAAS,KACtC,CAOE,KAAAnM,CAAMe,EAASqD,GAEb,MAAMstD,EAAwB7kE,KAAK6O,UAAU65C,QAAQhkD,MAAKiK,GAA6B,IAAnBA,EAAO+oC,UAOrEx2B,EAAO,CACXvT,KAPWk3D,EACXllE,MAAM4gB,KAAK,IAAI5K,IAAI3V,KAAK6O,UAAU65C,QAAQ/jD,KACxCgK,GAAUlE,EAAMpI,KAAKoI,EAAMkD,KAAMgB,EAAOw1C,eAAewD,kBACrDjlD,OACJ,KAIAsN,KAAMhQ,KAAKgQ,KACXnJ,KAAM7G,KAAK6O,UAAU65C,QAAQ3lD,SAI/B,OAAOoQ,GAAM1I,EAAM0I,MAAMG,OAAQ4N,OAAM9e,OAAWA,OAAWA,EAAWyiE,EAAuB3wD,EACnG,ECsfA,SAAS4wD,GAAavxD,GACpB,KAAMA,aAAmBusD,IACvB,MAAUv+D,MAAM,kDAEpB,CACA,SAASwjE,GAAwBxxD,GAC/B,KAAMA,aAAmBoxD,IAAuBpxD,aAAmBusD,IACjE,MAAUv+D,MAAM,sEAEpB,CACA,SAASyjE,GAAyBrmC,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUp9B,MAAM,sBAAsBo9B,EAE1C,CACA,MAAMsmC,GAA0BnlE,OAAO02C,KAAKj/B,GAAe3V,OAC3D,SAASsjE,GAAYhxD,GACnB,MAAMixD,EAAmBrlE,OAAO02C,KAAKtiC,GACrC,GAAIixD,EAAiBvjE,SAAWqjE,GAC9B,IAAK,MAAMG,KAAaD,EACtB,QAAiC/iE,IAA7BmV,EAAc6tD,GAChB,MAAU7jE,MAAM,4BAA4B6jE,EAIpD,CAQA,SAASC,GAAQnyB,GAIf,OAHIA,IAAUp8B,EAAKrW,QAAQyyC,KACzBA,EAAQ,CAACA,IAEJA,CACT,CASA5wC,eAAegjE,GAAcz+D,GAE3B,MAAmB,UADAiQ,EAAK7V,SAAS4F,GAExBob,EAAiBpb,GAEnBA,CACT,CAUA,SAAS0+D,GAAYxjE,EAAQwR,GAC3BxR,EAAO8E,KAAO+a,EAAqBrO,EAAQm1C,QAAQ1nD,QAAQsB,MAAO4C,EAAUC,WACpEooD,EAAYxrD,EAAO8E,KAAM1B,EAAU,CACvCE,cAAc,IAEhB,MAAM1E,EAASmhB,EAAiB3c,GAChC,UAEQ8c,EAAiB/c,GAAU+mB,GAAKA,UAChCtrB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,IAEA,CASA,SAASshE,GAAaC,EAAQ9mC,EAAQzqB,GACpC,OAAQyqB,GACN,IAAK,SACH,OAAO8mC,EACT,IAAK,UACH,OAAOA,EAAOtyD,MAAMe,GACtB,IAAK,SACH,OAAOuxD,EAAO1iE,QAChB,QACE,MAAUxB,MAAM,sBAAsBo9B,GAE5C,CC1tBA,SAASxD,GAAOxjB,GACZ,IAAKyP,OAAOs+C,cAAc/tD,IAAMA,EAAI,EAChC,MAAUpW,MAAM,kCAAkCoW,EAC1D,CAUA,SAASxN,GAAM0N,KAAM2N,GACjB,MALoBlH,EAKPzG,aAJQpW,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,MAIrD,MAAU1G,MAAM,uBANjB,IAAiB+c,EAOpB,GAAIkH,EAAQ5jB,OAAS,IAAM4jB,EAAQtG,SAASrH,EAAEjW,QAC1C,MAAUL,MAAM,iCAAiCikB,oBAA0B3N,EAAEjW,SACrF,CAOA,SAAS6jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUrkB,MAAM,oCACpB,GAAIokB,GAAiBD,EAASG,SAC1B,MAAUtkB,MAAM,wCACxB,CACA,SAASqF,GAAOkf,EAAKJ,GACjBvb,GAAM2b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAIlkB,OAASmkB,EACb,MAAUxkB,MAAM,yDAAyDwkB,EAEjF,CCrCO,MAAM5J,GAA+B,iBAAfjb,GAA2B,WAAYA,EAAaA,EAAWib,YAAS/Z,ECmBxFgkB,GAAcF,GAAQ,IAAItF,SAASsF,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAEnEq7D,GAAO,CAACt5C,EAAMljB,IAAWkjB,GAAS,GAAKljB,EAAWkjB,IAASljB,EAE3Dy8D,GAAO,CAACv5C,EAAMljB,IAAWkjB,GAAQljB,EAAWkjB,IAAU,GAAKljB,IAAY,EACvE4d,GAAmE,KAA5D,IAAItlB,WAAW,IAAI0e,YAAY,CAAC,YAAa7W,QAAQ;sEASlE,SAASu8D,GAAW3/C,GACvB,IAAK,IAAIpkB,EAAI,EAAGA,EAAIokB,EAAItkB,OAAQE,IAC5BokB,EAAIpkB,IATauqB,EASCnG,EAAIpkB,KATc,GAAM,WAC5CuqB,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAHG,IAACA,CAWzB,CAoEO,SAAS/F,GAAYxM,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,2CAA2CuY,GAC/D,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD,CAMO,SAASuM,GAAQxf,GAIpB,MAHoB,iBAATA,IACPA,EAAOyf,GAAYzf,IACvBwhB,GAAOxhB,GACAA,CACX,CAIO,SAAS8rB,MAAehxB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CAEO,MAAMi7C,GAET,KAAAljE,GACI,OAAO5C,KAAK+lE,YACpB,EASO,SAASC,GAAgB36C,GAC5B,MAAMC,EAASC,GAAQF,IAAW/G,OAAO+B,GAAQkF,IAAMhH,SACjDiH,EAAMH,IAIZ,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,IAAMsG,IACdC,CACX,CAoBO,SAAS0R,GAAYipC,EAAc,IACtC,GAAI9pD,IAA4C,mBAA3BA,GAAO0f,gBACxB,OAAO1f,GAAO0f,gBAAgB,IAAIp6B,WAAWwkE,IAGjD,GAAI9pD,IAAwC,mBAAvBA,GAAO6gB,YACxB,OAAO7gB,GAAO6gB,YAAYipC,GAE9B,MAAU1kE,MAAM,yCACpB,CCzKO,MAAM2kE,GAAM,CAAC5nD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,GAAOyG,EAAI6E,EAInCgjD,GAAM,CAAC7nD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,EAAMyG,EAAI6E,EAAMtL,EAAIsL,EAKlD,MAAMijD,WAAeN,GACxB,WAAAlmE,CAAYooB,EAAUhC,EAAWqgD,EAAWt/C,GACxClnB,QACAG,KAAKgoB,SAAWA,EAChBhoB,KAAKgmB,UAAYA,EACjBhmB,KAAKqmE,UAAYA,EACjBrmE,KAAK+mB,KAAOA,EACZ/mB,KAAK6lB,UAAW,EAChB7lB,KAAK4B,OAAS,EACd5B,KAAKgC,IAAM,EACXhC,KAAK4lB,WAAY,EACjB5lB,KAAKsJ,OAAS,IAAI7H,WAAWumB,GAC7BhoB,KAAK8mB,KAAOV,GAAWpmB,KAAKsJ,OACpC,CACI,MAAAgb,CAAOzd,GACH4e,GAAOzlB,MACP,MAAM8mB,KAAEA,EAAIxd,OAAEA,EAAM0e,SAAEA,GAAahoB,KAE7BqtB,GADNxmB,EAAOwf,GAAQxf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMqrB,GAAM,CAC1B,MAAMi5C,EAAO79D,KAAKsd,IAAIiC,EAAWhoB,KAAKgC,IAAKqrB,EAAMrrB,GAEjD,GAAIskE,IAASt+C,EAMb1e,EAAOnH,IAAI0E,EAAKmC,SAAShH,EAAKA,EAAMskE,GAAOtmE,KAAKgC,KAChDhC,KAAKgC,KAAOskE,EACZtkE,GAAOskE,EACHtmE,KAAKgC,MAAQgmB,IACbhoB,KAAKoD,QAAQ0jB,EAAM,GACnB9mB,KAAKgC,IAAM,OAXf,CACI,MAAMukE,EAAWngD,GAAWvf,GAC5B,KAAOmhB,GAAYqF,EAAMrrB,EAAKA,GAAOgmB,EACjChoB,KAAKoD,QAAQmjE,EAAUvkE,EAE3C,CAQA,CAGQ,OAFAhC,KAAK4B,QAAUiF,EAAKjF,OACpB5B,KAAKwmE,aACExmE,IACf,CACI,UAAA0qB,CAAW5E,GACPL,GAAOzlB,MACP4G,GAAOkf,EAAK9lB,MACZA,KAAK6lB,UAAW,EAIhB,MAAMvc,OAAEA,EAAMwd,KAAEA,EAAIkB,SAAEA,EAAQjB,KAAEA,GAAS/mB,KACzC,IAAIgC,IAAEA,GAAQhC,KAEdsJ,EAAOtH,KAAS,IAChBhC,KAAKsJ,OAAON,SAAShH,GAAKylB,KAAK,GAG3BznB,KAAKqmE,UAAYr+C,EAAWhmB,IAC5BhC,KAAKoD,QAAQ0jB,EAAM,GACnB9kB,EAAM,GAGV,IAAK,IAAIF,EAAIE,EAAKF,EAAIkmB,EAAUlmB,IAC5BwH,EAAOxH,GAAK,GApFxB,SAAsBglB,EAAMzc,EAAY9H,EAAOwkB,GAC3C,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAaxc,EAAY9H,EAAOwkB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ7kB,GAASykB,EAAQE,GAC9BG,EAAKD,OAAO7kB,EAAQ2kB,GACpBqK,EAAIxK,EAAO,EAAI,EACfqb,EAAIrb,EAAO,EAAI,EACrBD,EAAKQ,UAAUjd,EAAaknB,EAAGpK,EAAIJ,GACnCD,EAAKQ,UAAUjd,EAAa+3B,EAAG/a,EAAIN,EACvC,CA6EQF,CAAaC,EAAMkB,EAAW,EAAGf,OAAqB,EAAdjnB,KAAK4B,QAAamlB,GAC1D/mB,KAAKoD,QAAQ0jB,EAAM,GACnB,MAAM2/C,EAAQrgD,GAAWN,GACnBuH,EAAMrtB,KAAKgmB,UAEjB,GAAIqH,EAAM,EACN,MAAU9rB,MAAM,+CACpB,MAAMuuB,EAASzC,EAAM,EACfnI,EAAQllB,KAAKmI,MACnB,GAAI2nB,EAAS5K,EAAMtjB,OACf,MAAUL,MAAM,sCACpB,IAAK,IAAIO,EAAI,EAAGA,EAAIguB,EAAQhuB,IACxB2kE,EAAMn/C,UAAU,EAAIxlB,EAAGojB,EAAMpjB,GAAIilB,EAC7C,CACI,MAAAxC,GACI,MAAMjb,OAAEA,EAAM0c,UAAEA,GAAchmB,KAC9BA,KAAK0qB,WAAWphB,GAChB,MAAMuhB,EAAMvhB,EAAO3G,MAAM,EAAGqjB,GAE5B,OADAhmB,KAAKiJ,UACE4hB,CACf,CACI,UAAAk7C,CAAWW,GACPA,IAAOA,EAAK,IAAI1mE,KAAKJ,aACrB8mE,EAAGvkE,OAAOnC,KAAKmI,OACf,MAAM6f,SAAEA,EAAQ1e,OAAEA,EAAM1H,OAAEA,EAAMikB,SAAEA,EAAQD,UAAEA,EAAS5jB,IAAEA,GAAQhC,KAO/D,OANA0mE,EAAG9kE,OAASA,EACZ8kE,EAAG1kE,IAAMA,EACT0kE,EAAG7gD,SAAWA,EACd6gD,EAAG9gD,UAAYA,EACXhkB,EAASomB,GACT0+C,EAAGp9D,OAAOnH,IAAImH,GACXo9D,CACf,ECtHA,MAAMC,kBAA2B,IAAIxmD,YAAY,CAC7C,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAKlFymD,kBAA4B,IAAIzmD,YAAY,CAC9C,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAIlF0mD,kBAA2B,IAAI1mD,YAAY,IAC1C,MAAM2mD,WAAeV,GACxB,WAAAxmE,GACIC,MAAM,GAAI,GAAI,GAAG,GAGjBG,KAAKgjC,EAAmB,EAAf4jC,GAAU,GACnB5mE,KAAKg8D,EAAmB,EAAf4K,GAAU,GACnB5mE,KAAKs0C,EAAmB,EAAfsyB,GAAU,GACnB5mE,KAAK8hC,EAAmB,EAAf8kC,GAAU,GACnB5mE,KAAK+mE,EAAmB,EAAfH,GAAU,GACnB5mE,KAAKgnE,EAAmB,EAAfJ,GAAU,GACnB5mE,KAAKinE,EAAmB,EAAfL,GAAU,GACnB5mE,KAAKknE,EAAmB,EAAfN,GAAU,EAC3B,CACI,GAAAz+D,GACI,MAAM66B,EAAEA,EAACg5B,EAAEA,EAAC1nB,EAAEA,EAACxS,EAAEA,EAACilC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMlnE,KACnC,MAAO,CAACgjC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,EAAGC,EAAGC,EAAGC,EACrC,CAEI,GAAA/kE,CAAI6gC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,EAAGC,EAAGC,EAAGC,GACrBlnE,KAAKgjC,EAAQ,EAAJA,EACThjC,KAAKg8D,EAAQ,EAAJA,EACTh8D,KAAKs0C,EAAQ,EAAJA,EACTt0C,KAAK8hC,EAAQ,EAAJA,EACT9hC,KAAK+mE,EAAQ,EAAJA,EACT/mE,KAAKgnE,EAAQ,EAAJA,EACThnE,KAAKinE,EAAQ,EAAJA,EACTjnE,KAAKknE,EAAQ,EAAJA,CACjB,CACI,OAAA9jE,CAAQ0jB,EAAMlO,GAEV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnCiuD,GAAS/kE,GAAKglB,EAAK0B,UAAU5P,GAAQ,GACzC,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAC1B,MAAMqlE,EAAMN,GAAS/kE,EAAI,IACnBslE,EAAKP,GAAS/kE,EAAI,GAClBmmB,EAAK09C,GAAKwB,EAAK,GAAKxB,GAAKwB,EAAK,IAAOA,IAAQ,EAC7Cj/C,EAAKy9C,GAAKyB,EAAI,IAAMzB,GAAKyB,EAAI,IAAOA,IAAO,GACjDP,GAAS/kE,GAAMomB,EAAK2+C,GAAS/kE,EAAI,GAAKmmB,EAAK4+C,GAAS/kE,EAAI,IAAO,CAC3E,CAEQ,IAAIkhC,EAAEA,EAACg5B,EAAEA,EAAC1nB,EAAEA,EAACxS,EAAEA,EAACilC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMlnE,KACjC,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MACM0qB,EAAM06C,GADGvB,GAAKoB,EAAG,GAAKpB,GAAKoB,EAAG,IAAMpB,GAAKoB,EAAG,KACzBb,GAAIa,EAAGC,EAAGC,GAAKN,GAAS7kE,GAAK+kE,GAAS/kE,GAAM,EAE/D2qB,GADSk5C,GAAK3iC,EAAG,GAAK2iC,GAAK3iC,EAAG,IAAM2iC,GAAK3iC,EAAG,KAC7BmjC,GAAInjC,EAAGg5B,EAAG1nB,GAAM,EACrC4yB,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAKjlC,EAAItV,EAAM,EACfsV,EAAIwS,EACJA,EAAI0nB,EACJA,EAAIh5B,EACJA,EAAKxW,EAAKC,EAAM,CAC5B,CAEQuW,EAAKA,EAAIhjC,KAAKgjC,EAAK,EACnBg5B,EAAKA,EAAIh8D,KAAKg8D,EAAK,EACnB1nB,EAAKA,EAAIt0C,KAAKs0C,EAAK,EACnBxS,EAAKA,EAAI9hC,KAAK8hC,EAAK,EACnBilC,EAAKA,EAAI/mE,KAAK+mE,EAAK,EACnBC,EAAKA,EAAIhnE,KAAKgnE,EAAK,EACnBC,EAAKA,EAAIjnE,KAAKinE,EAAK,EACnBC,EAAKA,EAAIlnE,KAAKknE,EAAK,EACnBlnE,KAAKmC,IAAI6gC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,EAAGC,EAAGC,EAAGC,EACtC,CACI,UAAAV,GACIK,GAASp/C,KAAK,EACtB,CACI,OAAAxe,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC9BnC,KAAKsJ,OAAOme,KAAK,EACzB,EAGA,MAAM4/C,WAAeP,GACjB,WAAAlnE,GACIC,QACAG,KAAKgjC,GAAI,WACThjC,KAAKg8D,EAAI,UACTh8D,KAAKs0C,EAAI,UACTt0C,KAAK8hC,GAAI,UACT9hC,KAAK+mE,GAAI,QACT/mE,KAAKgnE,EAAI,WACThnE,KAAKinE,EAAI,WACTjnE,KAAKknE,GAAI,WACTlnE,KAAKgmB,UAAY,EACzB,EAMO,MAAMjY,kBAAyBi4D,IAAgB,IAAM,IAAIc,KAInD54D,kBAAyB83D,IAAgB,IAAM,IAAIqB,KCzHzD,MAAMC,WAAaxB,GACtB,WAAAlmE,CAAY+N,EAAM+rB,GACd75B,QACAG,KAAK6lB,UAAW,EAChB7lB,KAAK4lB,WAAY,ELYzB,SAAc2L,GACV,GAAiB,mBAANA,GAAwC,mBAAbA,EAAExM,OACpC,MAAUxjB,MAAM,mDACpB45B,GAAO5J,EAAEvL,WACTmV,GAAO5J,EAAEvJ,SACb,CKhBQu/C,CAAW55D,GACX,MAAMgD,EAAM0V,GAAQqT,GAEpB,GADA15B,KAAKwnE,MAAQ75D,EAAKoX,SACe,mBAAtB/kB,KAAKwnE,MAAMljD,OAClB,MAAU/iB,MAAM,uDACpBvB,KAAKgoB,SAAWhoB,KAAKwnE,MAAMx/C,SAC3BhoB,KAAKgmB,UAAYhmB,KAAKwnE,MAAMxhD,UAC5B,MAAMgC,EAAWhoB,KAAKgoB,SAChB0K,EAAM,IAAIjxB,WAAWumB,GAE3B0K,EAAIvwB,IAAIwO,EAAI/O,OAASomB,EAAWra,EAAKoX,SAAST,OAAO3T,GAAK4T,SAAW5T,GACrE,IAAK,IAAI7O,EAAI,EAAGA,EAAI4wB,EAAI9wB,OAAQE,IAC5B4wB,EAAI5wB,IAAM,GACd9B,KAAKwnE,MAAMljD,OAAOoO,GAElB1yB,KAAKynE,MAAQ95D,EAAKoX,SAElB,IAAK,IAAIjjB,EAAI,EAAGA,EAAI4wB,EAAI9wB,OAAQE,IAC5B4wB,EAAI5wB,IAAM,IACd9B,KAAKynE,MAAMnjD,OAAOoO,GAClBA,EAAIjL,KAAK,EACjB,CACI,MAAAnD,CAAO1F,GAGH,OAFA8oD,GAAa1nE,MACbA,KAAKwnE,MAAMljD,OAAO1F,GACX5e,IACf,CACI,UAAA0qB,CAAW5E,GACP4hD,GAAa1nE,MACb2nE,GAAY7hD,EAAK9lB,KAAKgmB,WACtBhmB,KAAK6lB,UAAW,EAChB7lB,KAAKwnE,MAAM98C,WAAW5E,GACtB9lB,KAAKynE,MAAMnjD,OAAOwB,GAClB9lB,KAAKynE,MAAM/8C,WAAW5E,GACtB9lB,KAAKiJ,SACb,CACI,MAAAsb,GACI,MAAMuB,EAAM,IAAIrkB,WAAWzB,KAAKynE,MAAMzhD,WAEtC,OADAhmB,KAAK0qB,WAAW5E,GACTA,CACf,CACI,UAAAigD,CAAWW,GAEPA,IAAOA,EAAK5mE,OAAOilB,OAAOjlB,OAAOk7D,eAAeh7D,MAAO,CAAA,IACvD,MAAMynE,MAAEA,EAAKD,MAAEA,EAAK3hD,SAAEA,EAAQD,UAAEA,EAASoC,SAAEA,EAAQhC,UAAEA,GAAchmB,KAQnE,OANA0mE,EAAG7gD,SAAWA,EACd6gD,EAAG9gD,UAAYA,EACf8gD,EAAG1+C,SAAWA,EACd0+C,EAAG1gD,UAAYA,EACf0gD,EAAGe,MAAQA,EAAM1B,WAAWW,EAAGe,OAC/Bf,EAAGc,MAAQA,EAAMzB,WAAWW,EAAGc,OACxBd,CACf,CACI,OAAAz9D,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKynE,MAAMx+D,UACXjJ,KAAKwnE,MAAMv+D,SACnB,EAYO,MAAM2+D,GAAO,CAACj6D,EAAMgD,EAAK4C,IAAY,IAAI+zD,GAAK35D,EAAMgD,GAAK2T,OAAO/Q,GAASgR,SAChFqjD,GAAK7iD,OAAS,CAACpX,EAAMgD,IAAQ,IAAI22D,GAAK35D,EAAMgD;uEC1E5C,MAAMopB,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC5B,SAAS1B,GAAQjH,GACpB,OAAQA,aAAa7c,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,IAC7D,CACO,SAASogB,GAAOq5C,GACnB,IAAKn8C,GAAQm8C,GACT,MAAUngE,MAAM,sBACxB,CACO,SAASsmE,GAAMC,EAAOvlE,GACzB,GAAqB,kBAAVA,EACP,MAAUhB,MAAM,GAAGumE,iCAAqCvlE,MAChE,CAEA,MAAMwlE,kBAAwBpoE,MAAM4gB,KAAK,CAAE3e,OAAQ,MAAO,CAACqqB,EAAGnqB,IAAMA,EAAE0e,SAAS,IAAIwnD,SAAS,EAAG,OAIxF,SAASC,GAAW99D,GACvBke,GAAOle,GAEP,IAAImP,EAAM,GACV,IAAK,IAAIxX,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAC9BwX,GAAOyuD,GAAM59D,EAAMrI,IAEvB,OAAOwX,CACX,CACO,SAAS4uD,GAAoBr+C,GAChC,MAAMvQ,EAAMuQ,EAAIrJ,SAAS,IACzB,OAAoB,EAAblH,EAAI1X,OAAa,IAAI0X,EAAQA,CACxC,CACO,SAAS6uD,GAAY7uD,GACxB,GAAmB,iBAARA,EACP,MAAU/X,MAAM,mCAAqC+X,GAEzD,OAAO2N,OAAe,KAAR3N,EAAa,IAAM,KAAKA,EAC1C,CAEA,MAAM8uD,GAAS,CAAEC,GAAI,GAAI3mC,GAAI,GAAI4mC,GAAI,GAAIC,GAAI,GAAI1vB,GAAI,GAAI2vB,GAAI,KAC7D,SAASC,GAAcC,GACnB,OAAIA,GAAQN,GAAOC,IAAMK,GAAQN,GAAO1mC,GAC7BgnC,EAAON,GAAOC,GACrBK,GAAQN,GAAOE,IAAMI,GAAQN,GAAOG,GAC7BG,GAAQN,GAAOE,GAAK,IAC3BI,GAAQN,GAAOvvB,IAAM6vB,GAAQN,GAAOI,GAC7BE,GAAQN,GAAOvvB,GAAK,SAD/B,CAGJ,CAIO,SAAS8vB,GAAWrvD,GACvB,GAAmB,iBAARA,EACP,MAAU/X,MAAM,mCAAqC+X,GACzD,MAAMitB,EAAKjtB,EAAI1X,OACTgnE,EAAKriC,EAAK,EAChB,GAAIA,EAAK,EACL,MAAUhlC,MAAM,0DAA4DglC,GAChF,MAAMxqB,EAAQ,IAAIta,WAAWmnE,GAC7B,IAAK,IAAIC,EAAK,EAAGC,EAAK,EAAGD,EAAKD,EAAIC,IAAMC,GAAM,EAAG,CAC7C,MAAMtsC,EAAKisC,GAAcnvD,EAAIU,WAAW8uD,IAClCC,EAAKN,GAAcnvD,EAAIU,WAAW8uD,EAAK,IAC7C,QAAW1mE,IAAPo6B,QAA2Bp6B,IAAP2mE,EAAkB,CACtC,MAAML,EAAOpvD,EAAIwvD,GAAMxvD,EAAIwvD,EAAK,GAChC,MAAUvnE,MAAM,+CAAiDmnE,EAAO,cAAgBI,EACpG,CACQ/sD,EAAM8sD,GAAW,GAALrsC,EAAUusC,CAC9B,CACI,OAAOhtD,CACX,CAEO,SAASitD,GAAgB7+D,GAC5B,OAAOg+D,GAAYF,GAAW99D,GAClC,CACO,SAAS8+D,GAAgB9+D,GAE5B,OADAke,GAAOle,GACAg+D,GAAYF,GAAWxmE,WAAW8e,KAAKpW,GAAO6gB,WACzD,CACO,SAASk+C,GAAgBvxD,EAAG0V,GAC/B,OAAOs7C,GAAWhxD,EAAE6I,SAAS,IAAIwnD,SAAe,EAAN36C,EAAS,KACvD,CACO,SAAS87C,GAAgBxxD,EAAG0V,GAC/B,OAAO67C,GAAgBvxD,EAAG0V,GAAKrC,SACnC,CAcO,SAASo+C,GAAYtB,EAAOxuD,EAAKyO,GACpC,IAAI8C,EACJ,GAAmB,iBAARvR,EACP,IACIuR,EAAM89C,GAAWrvD,EAC7B,CACQ,MAAOpV,GACH,MAAU3C,MAAM,GAAGumE,oCAAwCxuD,cAAgBpV,IACvF,KAES,KAAIqhB,GAAQjM,GAMb,MAAU/X,MAASumE,EAAH,qCAHhBj9C,EAAMppB,WAAW8e,KAAKjH,EAI9B,CACI,MAAM+T,EAAMxC,EAAIjpB,OAChB,GAA8B,iBAAnBmmB,GAA+BsF,IAAQtF,EAC9C,MAAUxmB,MAAM,GAAGumE,cAAkB//C,gBAA6BsF,KACtE,OAAOxC,CACX,CAIO,SAAS8H,MAAehxB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CAmBA,MAAMw+C,GAAY1xD,GAAmB,iBAANA,GAAkBoiB,IAAOpiB,EACjD,SAAS2xD,GAAQ3xD,EAAGoO,EAAKrd,GAC5B,OAAO2gE,GAAS1xD,IAAM0xD,GAAStjD,IAAQsjD,GAAS3gE,IAAQqd,GAAOpO,GAAKA,EAAIjP,CAC5E,CAMO,SAAS6gE,GAASzB,EAAOnwD,EAAGoO,EAAKrd,GAMpC,IAAK4gE,GAAQ3xD,EAAGoO,EAAKrd,GACjB,MAAUnH,MAAM,kBAAkBumE,MAAU/hD,YAAcrd,iBAAmBiP,KAAKA,IAC1F,CAMO,SAAS6xD,GAAO7xD,GACnB,IAAI0V,EACJ,IAAKA,EAAM,EAAG1V,EAAIoiB,GAAKpiB,IAAMqiB,GAAK3M,GAAO,GAEzC,OAAOA,CACX,CAmBO,MAAMo8C,GAAW9xD,IAAO6oB,IAAOvZ,OAAOtP,EAAI,IAAMqiB,GAEjD0vC,GAAO7iE,GAAS,IAAIpF,WAAWoF,GAC/B8iE,GAAQzjD,GAAQzkB,WAAW8e,KAAK2F,GAQ/B,SAAS0jD,GAAeC,EAASC,EAAUC,GAC9C,GAAuB,iBAAZF,GAAwBA,EAAU,EACzC,MAAUtoE,MAAM,4BACpB,GAAwB,iBAAbuoE,GAAyBA,EAAW,EAC3C,MAAUvoE,MAAM,6BACpB,GAAsB,mBAAXwoE,EACP,MAAUxoE,MAAM,6BAEpB,IAAIqY,EAAI8vD,GAAIG,GACRtwD,EAAImwD,GAAIG,GACR/nE,EAAI,EACR,MAAMkoE,EAAQ,KACVpwD,EAAE6N,KAAK,GACPlO,EAAEkO,KAAK,GACP3lB,EAAI,CAAC,EAEHyvB,EAAI,IAAI1Z,IAAMkyD,EAAOxwD,EAAGK,KAAM/B,GAC9BoyD,EAAS,CAACj/B,EAAO0+B,QAEnBnwD,EAAIgY,EAAEo4C,GAAK,CAAC,IAAQ3+B,GACpBpxB,EAAI2X,IACgB,IAAhByZ,EAAKppC,SAET2X,EAAIgY,EAAEo4C,GAAK,CAAC,IAAQ3+B,GACpBpxB,EAAI2X,IAAG,EAEL24C,EAAM,KAER,GAAIpoE,KAAO,IACP,MAAUP,MAAM,2BACpB,IAAI8rB,EAAM,EACV,MAAMvH,EAAM,GACZ,KAAOuH,EAAMy8C,GAAU,CACnBlwD,EAAI2X,IACJ,MAAMqvB,EAAKhnC,EAAEjX,QACbmjB,EAAIhjB,KAAK89C,GACTvzB,GAAOzT,EAAEhY,MACrB,CACQ,OAAO+wB,MAAe7M,EAAI,EAW9B,MATiB,CAACklB,EAAMm/B,KAGpB,IAAIt/C,EACJ,IAHAm/C,IACAC,EAAOj/B,KAEEngB,EAAMs/C,EAAKD,OAChBD,IAEJ,OADAD,IACOn/C,CAAG,CAGlB,CAEA,MAAMu/C,GAAe,CACjBC,OAASC,GAAuB,iBAARA,EACxBC,SAAWD,GAAuB,mBAARA,EAC1BE,QAAUF,GAAuB,kBAARA,EACzBjR,OAASiR,GAAuB,iBAARA,EACxBG,mBAAqBH,GAAuB,iBAARA,GAAoB/kD,GAAQ+kD,GAChE5E,cAAgB4E,GAAQljD,OAAOs+C,cAAc4E,GAC7CvuD,MAAQuuD,GAAQ3qE,MAAMc,QAAQ6pE,GAC9BI,MAAO,CAACJ,EAAK7E,IAAWA,EAAOkF,GAAGC,QAAQN,GAC1C38D,KAAO28D,GAAuB,mBAARA,GAAsBljD,OAAOs+C,cAAc4E,EAAItkD,YAGlE,SAAS6kD,GAAepF,EAAQqF,EAAYC,EAAgB,CAAA,GAC/D,MAAMC,EAAa,CAACC,EAAWh3D,EAAMi3D,KACjC,MAAMC,EAAWf,GAAan2D,GAC9B,GAAwB,mBAAbk3D,EACP,MAAU5pE,MAAM,sBAAsB0S,yBAC1C,MAAMq2D,EAAM7E,EAAOwF,GACnB,KAAIC,QAAsB9oE,IAARkoE,GAEba,EAASb,EAAK7E,IACf,MAAUlkE,MAAM,iBAAwB0pE,EAAPj0D,MAAqBszD,aAAeA,gBAAkBr2D,IACnG,EAEI,IAAK,MAAOg3D,EAAWh3D,KAASnU,OAAOiI,QAAQ+iE,GAC3CE,EAAWC,EAAWh3D,GAAM,GAChC,IAAK,MAAOg3D,EAAWh3D,KAASnU,OAAOiI,QAAQgjE,GAC3CC,EAAWC,EAAWh3D,GAAM,GAChC,OAAOwxD,CACX,CAmBO,SAAS2F,GAASnkE,GACrB,MAAMtC,EAAM,IAAI0mE,QAChB,MAAO,CAACC,KAAQnjB,KACZ,MAAMmiB,EAAM3lE,EAAIwD,IAAImjE,GACpB,QAAYlpE,IAARkoE,EACA,OAAOA,EACX,MAAM13B,EAAW3rC,EAAGqkE,KAAQnjB,GAE5B,OADAxjD,EAAIxC,IAAImpE,EAAK14B,GACNA,CAAQ,CAEvB,yFAtIO,SAAgBj7B,EAAG3V,GACtB,OAAQ2V,GAAKsP,OAAOjlB,GAAQg4B,EAChC,8BAIO,SAAgBriB,EAAG3V,EAAKO,GAC3B,OAAOoV,GAAMpV,EAAQy3B,GAAMD,KAAQ9S,OAAOjlB,EAC9C,iHA3DO,SAAoBsc,EAAGzG,GAC1B,GAAIyG,EAAE1c,SAAWiW,EAAEjW,OACf,OAAO,EACX,IAAI6kB,EAAO,EACX,IAAK,IAAI3kB,EAAI,EAAGA,EAAIwc,EAAE1c,OAAQE,IAC1B2kB,GAAQnI,EAAExc,GAAK+V,EAAE/V,GACrB,OAAgB,IAAT2kB,CACX,gFAiK8B,KAC1B,MAAUllB,MAAM,kBAAkB,kFA/N/B,SAA4BoW,GAC/B,OAAOgxD,GAAWT,GAAoBvwD,GAC1C,cA+DO,SAAqBmC,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,2CAA2CuY,GAC/D,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD;sEC7JA,MAAMigB,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIskD,GAAMtkD,OAAO,GAEhEukD,GAAMvkD,OAAO,GAAIwkD,GAAMxkD,OAAO,GAAIuU,GAAMvU,OAAO,GAI9C,SAASiT,GAAI5b,EAAGzG,GACnB,MAAM9V,EAASuc,EAAIzG,EACnB,OAAO9V,GAAUg4B,GAAMh4B,EAAS8V,EAAI9V,CACxC,CAQO,SAAS2pE,GAAI7hD,EAAK8hB,EAAO+kB,GAC5B,GAAIA,GAAU32B,IAAO4R,EAAQ5R,GACzB,MAAUx4B,MAAM,6BACpB,GAAImvD,IAAW12B,GACX,OAAOD,GACX,IAAIlP,EAAMmP,GACV,KAAO2R,EAAQ5R,IACP4R,EAAQ3R,KACRnP,EAAOA,EAAMhB,EAAO6mC,GACxB7mC,EAAOA,EAAMA,EAAO6mC,EACpB/kB,IAAU3R,GAEd,OAAOnP,CACX,CAEO,SAAS8gD,GAAKnwD,EAAGmwB,EAAO+kB,GAC3B,IAAI7lC,EAAMrP,EACV,KAAOmwB,KAAU5R,IACblP,GAAOA,EACPA,GAAO6lC,EAEX,OAAO7lC,CACX,CAEO,SAAS+gD,GAAOzwC,EAAQu1B,GAC3B,GAAIv1B,IAAWpB,IAAO22B,GAAU32B,GAC5B,MAAUx4B,MAAM,6CAA6C45B,SAAcu1B,KAI/E,IAAIpyC,EAAI4b,GAAIiB,EAAQu1B,GAChB74C,EAAI64C,EAEJl1C,EAAIue,GAAcgE,EAAI/D,GAC1B,KAAO1b,IAAMyb,IAAK,CAEd,MACMte,EAAI5D,EAAIyG,EACR+Z,EAAI7c,EAAIuiB,GAFJlmB,EAAIyG,GAKdzG,EAAIyG,EAAGA,EAAI7C,EAAGD,EAAIuiB,EAAUA,EAAI1F,CACxC,CAEI,GADYxgB,IACAmiB,GACR,MAAUz4B,MAAM,0BACpB,OAAO24B,GAAI1e,EAAGk1C,EAClB,CAiEO,SAASmb,GAAOC,GAKnB,GAAIA,EAAIN,KAAQD,GAAK,CAKjB,MAAMQ,GAAUD,EAAI9xC,IAAOwxC,GAC3B,OAAO,SAAmBb,EAAIhzD,GAC1B,MAAMq0D,EAAOrB,EAAGe,IAAI/zD,EAAGo0D,GAEvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOr0D,GACtB,MAAUpW,MAAM,2BACpB,OAAOyqE,CACV,CACT,CAEI,GAAIF,EAAItwC,KAAQiwC,GAAK,CACjB,MAAMxqC,GAAM6qC,EAAIL,IAAOjwC,GACvB,OAAO,SAAmBmvC,EAAIhzD,GAC1B,MAAMoxD,EAAK4B,EAAG9+C,IAAIlU,EAAG6oB,IACf5mB,EAAI+wD,EAAGe,IAAI3C,EAAI9nC,GACfkrC,EAAKxB,EAAG9+C,IAAIlU,EAAGiC,GACf9X,EAAI6oE,EAAG9+C,IAAI8+C,EAAG9+C,IAAIsgD,EAAI3rC,IAAM5mB,GAC5BoyD,EAAOrB,EAAG9+C,IAAIsgD,EAAIxB,EAAGttD,IAAIvb,EAAG6oE,EAAGyB,MACrC,IAAKzB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOr0D,GACtB,MAAUpW,MAAM,2BACpB,OAAOyqE,CACV,CACT,CAwBI,OAhHG,SAAuBF,GAM1B,MAAMO,GAAaP,EAAI9xC,IAAOwG,GAC9B,IAAI6Q,EAAGzZ,EAAGqL,EAGV,IAAKoO,EAAIy6B,EAAI9xC,GAAKpC,EAAI,EAAGyZ,EAAI7Q,KAAQzG,GAAKsX,GAAK7Q,GAAK5I,KAGpD,IAAKqL,EAAIzC,GAAKyC,EAAI6oC,GAAKJ,GAAIzoC,EAAGopC,EAAWP,KAAOA,EAAI9xC,GAAKiJ,KAGzD,GAAU,IAANrL,EAAS,CACT,MAAMm0C,GAAUD,EAAI9xC,IAAOwxC,GAC3B,OAAO,SAAqBb,EAAIhzD,GAC5B,MAAMq0D,EAAOrB,EAAGe,IAAI/zD,EAAGo0D,GACvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAOr0D,GACtB,MAAUpW,MAAM,2BACpB,OAAOyqE,CACV,CACT,CAEI,MAAMM,GAAUj7B,EAAIrX,IAAOwG,GAC3B,OAAO,SAAqBmqC,EAAIhzD,GAE5B,GAAIgzD,EAAGe,IAAI/zD,EAAG00D,KAAe1B,EAAG4B,IAAI5B,EAAGyB,KACnC,MAAU7qE,MAAM,2BACpB,IAAIka,EAAImc,EAEJhG,EAAI+4C,EAAGe,IAAIf,EAAG9+C,IAAI8+C,EAAGyB,IAAKnpC,GAAIoO,GAC9B71B,EAAImvD,EAAGe,IAAI/zD,EAAG20D,GACdz0D,EAAI8yD,EAAGe,IAAI/zD,EAAG05B,GAClB,MAAQs5B,EAAGsB,IAAIp0D,EAAG8yD,EAAGyB,MAAM,CACvB,GAAIzB,EAAGsB,IAAIp0D,EAAG8yD,EAAG6B,MACb,OAAO7B,EAAG6B,KAEd,IAAIn0C,EAAI,EACR,IAAK,IAAIlK,EAAKw8C,EAAGuB,IAAIr0D,GAAIwgB,EAAI5c,IACrBkvD,EAAGsB,IAAI99C,EAAIw8C,EAAGyB,KADU/zC,IAG5BlK,EAAKw8C,EAAGuB,IAAI/9C,GAGhB,MAAMs+C,EAAK9B,EAAGe,IAAI95C,EAAGoI,IAAO/S,OAAOxL,EAAI4c,EAAI,IAC3CzG,EAAI+4C,EAAGuB,IAAIO,GACXjxD,EAAImvD,EAAG9+C,IAAIrQ,EAAGixD,GACd50D,EAAI8yD,EAAG9+C,IAAIhU,EAAG+Z,GACdnW,EAAI4c,CAChB,CACQ,OAAO7c,CACV,CACL,CAyDWkxD,CAAcZ,EACzB,CAtLY7kD,OAAO,GAAWA,OAAO,IA0LrC,MAAM0lD,GAAe,CACjB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAkFrB,SAASC,GAAQj1D,EAAGk1D,GAEvB,MAAMC,OAA6B1qE,IAAfyqE,EAA2BA,EAAal1D,EAAE6I,SAAS,GAAG5e,OAE1E,MAAO,CAAEirE,WAAYC,EAAaC,YADdtkE,KAAKyQ,KAAK4zD,EAAc,GAEhD,CAgBO,SAASE,GAAMC,EAAOzD,EAAQziD,GAAO,EAAOmmD,EAAQ,IACvD,GAAID,GAASlzC,GACT,MAAUx4B,MAAM,iCAAiC0rE,GACrD,MAAQJ,WAAYM,EAAMJ,YAAaK,GAAUR,GAAQK,EAAOzD,GAChE,GAAI4D,EAAQ,KACR,MAAU7rE,MAAM,mDACpB,MAAM8rE,EAAQxB,GAAOoB,GACfhnC,EAAInmC,OAAOwtE,OAAO,CACpBL,QACAE,OACAC,QACAG,KAAM9D,GAAQ0D,GACdX,KAAMzyC,GACNqyC,IAAKpyC,GACLjV,OAAS8E,GAAQqQ,GAAIrQ,EAAKojD,GAC1BrC,QAAU/gD,IACN,GAAmB,iBAARA,EACP,MAAUtoB,MAAM,sDAAsDsoB,GAC1E,OAAOkQ,IAAOlQ,GAAOA,EAAMojD,CAAK,EAEpCO,IAAM3jD,GAAQA,IAAQkQ,GACtB0zC,MAAQ5jD,IAASA,EAAMmQ,MAASA,GAChCuyC,IAAM1iD,GAAQqQ,IAAKrQ,EAAKojD,GACxBhB,IAAK,CAACyB,EAAKC,IAAQD,IAAQC,EAC3BzB,IAAMriD,GAAQqQ,GAAIrQ,EAAMA,EAAKojD,GAC7BhpE,IAAK,CAACypE,EAAKC,IAAQzzC,GAAIwzC,EAAMC,EAAKV,GAClC5vD,IAAK,CAACqwD,EAAKC,IAAQzzC,GAAIwzC,EAAMC,EAAKV,GAClCphD,IAAK,CAAC6hD,EAAKC,IAAQzzC,GAAIwzC,EAAMC,EAAKV,GAClCvB,IAAK,CAAC7hD,EAAK8hB,IA/GZ,SAAe1F,EAAGpc,EAAK8hB,GAG1B,GAAIA,EAAQ5R,GACR,MAAUx4B,MAAM,sBACpB,GAAIoqC,IAAU5R,GACV,OAAOkM,EAAEmmC,IACb,GAAIzgC,IAAU3R,GACV,OAAOnQ,EACX,IAAIsD,EAAI8Y,EAAEmmC,IACNhpD,EAAIyG,EACR,KAAO8hB,EAAQ5R,IACP4R,EAAQ3R,KACR7M,EAAI8Y,EAAEpa,IAAIsB,EAAG/J,IACjBA,EAAI6iB,EAAEimC,IAAI9oD,GACVuoB,IAAU3R,GAEd,OAAO7M,CACX,CA6F6BygD,CAAM3nC,EAAGpc,EAAK8hB,GACnCkiC,IAAK,CAACH,EAAKC,IAAQzzC,GAAIwzC,EAAM9B,GAAO+B,EAAKV,GAAQA,GAEjDa,KAAOjkD,GAAQA,EAAMA,EACrBkkD,KAAM,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAM,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAM,CAACP,EAAKC,IAAQD,EAAMC,EAC1BO,IAAMrkD,GAAQ+hD,GAAO/hD,EAAKojD,GAC1BkB,KAAMjB,EAAMiB,MAAS,CAACx2D,GAAM01D,EAAMpnC,EAAGtuB,IACrCy2D,YAAcvvB,GAjGf,SAAuB5Y,EAAGooC,GAC7B,MAAM7iD,EAAU7rB,MAAM0uE,EAAKzsE,QAErB0sE,EAAiBD,EAAK5kC,QAAO,CAAC6F,EAAKzlB,EAAK/nB,IACtCmkC,EAAEunC,IAAI3jD,GACCylB,GACX9jB,EAAI1pB,GAAKwtC,EACFrJ,EAAEpa,IAAIyjB,EAAKzlB,KACnBoc,EAAEmmC,KAECmC,EAAWtoC,EAAEioC,IAAII,GAQvB,OANAD,EAAKG,aAAY,CAACl/B,EAAKzlB,EAAK/nB,IACpBmkC,EAAEunC,IAAI3jD,GACCylB,GACX9jB,EAAI1pB,GAAKmkC,EAAEpa,IAAIyjB,EAAK9jB,EAAI1pB,IACjBmkC,EAAEpa,IAAIyjB,EAAKzlB,KACnB0kD,GACI/iD,CACX,CA8E8BijD,CAAcxoC,EAAG4Y,GAGvC6vB,KAAM,CAACpwD,EAAGzG,EAAGsL,IAAOA,EAAItL,EAAIyG,EAC5B+H,QAAUwD,GAAS9C,EAAOoiD,GAAgBt/C,EAAKujD,GAASlE,GAAgBr/C,EAAKujD,GAC7EuB,UAAYxkE,IACR,GAAIA,EAAMvI,SAAWwrE,EACjB,MAAU7rE,MAAM,0BAA0B6rE,UAAcjjE,EAAMvI,UAClE,OAAOmlB,EAAOkiD,GAAgB9+D,GAAS6+D,GAAgB7+D,EAAM,IAGrE,OAAOrK,OAAOwtE,OAAOrnC,EACzB,CAkCO,SAAS2oC,GAAoBC,GAChC,GAA0B,iBAAfA,EACP,MAAUttE,MAAM,8BACpB,MAAM+5B,EAAYuzC,EAAWruD,SAAS,GAAG5e,OACzC,OAAO6G,KAAKyQ,KAAKoiB,EAAY,EACjC,CAQO,SAASwzC,GAAiBD,GAC7B,MAAMjtE,EAASgtE,GAAoBC,GACnC,OAAOjtE,EAAS6G,KAAKyQ,KAAKtX,EAAS,EACvC;;AC3YA,MAAMm4B,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAGb8nD,GAAmB,IAAI1D,QACvB2D,GAAmB,IAAI3D,QAYtB,SAAS4D,GAAK9rD,EAAGnH,GACpB,MAAMkzD,EAAkB,CAACC,EAAWzN,KAChC,MAAM6K,EAAM7K,EAAK0N,SACjB,OAAOD,EAAY5C,EAAM7K,CAAI,EAE3B2N,EAAaxmD,IACf,IAAKzB,OAAOs+C,cAAc78C,IAAMA,GAAK,GAAKA,EAAI7M,EAC1C,MAAUza,MAAM,qBAAqBsnB,oBAAoB7M,KAAQ,EAEnEyT,EAAQ5G,IACVwmD,EAAUxmD,GAGV,MAAO,CAAEE,QAFOtgB,KAAKyQ,KAAK8C,EAAO6M,GAAK,EAEpBG,WADC,IAAMH,EAAI,GACC,EAElC,MAAO,CACHqmD,kBAEA,YAAAI,CAAa7kD,EAAK9S,GACd,IAAIwV,EAAIhK,EAAEqpD,KACNppD,EAAIqH,EACR,KAAO9S,EAAIoiB,IACHpiB,EAAIqiB,KACJ7M,EAAIA,EAAElpB,IAAImf,IACdA,EAAIA,EAAEzH,SACNhE,IAAMqiB,GAEV,OAAO7M,CACV,EAWD,gBAAAoiD,CAAiB9kD,EAAK5B,GAClB,MAAME,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GAC/B2mD,EAAS,GACf,IAAIriD,EAAI1C,EACJglD,EAAOtiD,EACX,IAAK,IAAIuiD,EAAS,EAAGA,EAAS3mD,EAAS2mD,IAAU,CAC7CD,EAAOtiD,EACPqiD,EAAO1sE,KAAK2sE,GAEZ,IAAK,IAAI3tE,EAAI,EAAGA,EAAIknB,EAAYlnB,IAC5B2tE,EAAOA,EAAKxrE,IAAIkpB,GAChBqiD,EAAO1sE,KAAK2sE,GAEhBtiD,EAAIsiD,EAAK9zD,QACzB,CACY,OAAO6zD,CACV,EAQD,IAAAP,CAAKpmD,EAAG8mD,EAAah4D,GAGjB,MAAMoR,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GACrC,IAAIsE,EAAIhK,EAAEqpD,KACNvmC,EAAI9iB,EAAEysD,KACV,MAAMhmD,EAAO3C,OAAO,GAAK4B,EAAI,GACvBgnD,EAAY,GAAKhnD,EACjBinD,EAAU7oD,OAAO4B,GACvB,IAAK,IAAI6mD,EAAS,EAAGA,EAAS3mD,EAAS2mD,IAAU,CAC7C,MAAM92D,EAAS82D,EAAS1mD,EAExB,IAAI0xB,EAAQtzB,OAAOzP,EAAIiS,GAEvBjS,IAAMm4D,EAGFp1B,EAAQ1xB,IACR0xB,GAASm1B,EACTl4D,GAAKqiB,IAST,MAAM+1C,EAAUn3D,EACVo3D,EAAUp3D,EAASnQ,KAAK8xB,IAAImgB,GAAS,EACrCu1B,EAAQP,EAAS,GAAM,EACvBQ,EAAQx1B,EAAQ,EACR,IAAVA,EAEAzU,EAAIA,EAAEhiC,IAAIirE,EAAgBe,EAAON,EAAYI,KAG7C5iD,EAAIA,EAAElpB,IAAIirE,EAAgBgB,EAAOP,EAAYK,IAEjE,CAMY,MAAO,CAAE7iD,IAAG8Y,IACf,EACD,UAAAkqC,CAAWrE,EAAGn0D,EAAG/S,GACb,MAAMikB,EAAImmD,GAAiB7mE,IAAI2jE,IAAM,EAErC,IAAIsE,EAAOrB,GAAiB5mE,IAAI2jE,GAMhC,OALKsE,IACDA,EAAOpwE,KAAKuvE,iBAAiBzD,EAAGjjD,GACtB,IAANA,GACAkmD,GAAiB5sE,IAAI2pE,EAAGlnE,EAAUwrE,KAEnCpwE,KAAKivE,KAAKpmD,EAAGunD,EAAMz4D,EAC7B,EAID,aAAA04D,CAAcvE,EAAGjjD,GACbwmD,EAAUxmD,GACVmmD,GAAiB7sE,IAAI2pE,EAAGjjD,GACxBkmD,GAAiBuB,OAAOxE,EAC3B,EAET,CAYO,SAASyE,GAAUptD,EAAGunD,EAAO8E,EAAQgB,GAOxC,IAAK7wE,MAAMc,QAAQ+uE,KAAY7vE,MAAMc,QAAQ+vE,IAAYA,EAAQ5uE,SAAW4tE,EAAO5tE,OAC/E,MAAUL,MAAM,uDACpBivE,EAAQvuE,SAAQ,CAAC0X,EAAG7X,KAChB,IAAK4oE,EAAME,QAAQjxD,GACf,MAAUpY,MAAM,yBAAyBO,EAAI,IAErD0tE,EAAOvtE,SAAQ,CAACkrB,EAAGrrB,KACf,KAAMqrB,aAAahK,GACf,MAAU5hB,MAAM,wBAAwBO,EAAI,IAEpD,MAAM44C,EAAQ8uB,GAAOviD,OAAOuoD,EAAO5tE,SAC7BonB,EAAa0xB,EAAQ,GAAKA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAI,EAC1E6yB,GAAQ,GAAKvkD,GAAc,EAC3BynD,EAAc9wE,MAAM4tE,EAAO,GAAG9lD,KAAKtE,EAAEqpD,MACrCkE,EAAWjoE,KAAK0P,OAAOuyD,EAAMyC,KAAO,GAAKnkD,GAAcA,EAC7D,IAAIyJ,EAAMtP,EAAEqpD,KACZ,IAAK,IAAI1qE,EAAI4uE,EAAU5uE,GAAK,EAAGA,GAAKknB,EAAY,CAC5CynD,EAAQhpD,KAAKtE,EAAEqpD,MACf,IAAK,IAAIryD,EAAI,EAAGA,EAAIq2D,EAAQ5uE,OAAQuY,IAAK,CACrC,MAAMw2D,EAASH,EAAQr2D,GACjBugC,EAAQtzB,OAAQupD,GAAU1pD,OAAOnlB,GAAMmlB,OAAOsmD,IACpDkD,EAAQ/1B,GAAS+1B,EAAQ/1B,GAAOz2C,IAAIurE,EAAOr1D,GACvD,CACQ,IAAIy2D,EAAOztD,EAAEqpD,KAEb,IAAK,IAAIryD,EAAIs2D,EAAQ7uE,OAAS,EAAGivE,EAAO1tD,EAAEqpD,KAAMryD,EAAI,EAAGA,IACnD02D,EAAOA,EAAK5sE,IAAIwsE,EAAQt2D,IACxBy2D,EAAOA,EAAK3sE,IAAI4sE,GAGpB,GADAp+C,EAAMA,EAAIxuB,IAAI2sE,GACJ,IAAN9uE,EACA,IAAK,IAAIqY,EAAI,EAAGA,EAAI6O,EAAY7O,IAC5BsY,EAAMA,EAAI9W,QAC1B,CACI,OAAO8W,CACX,CACO,SAASq+C,GAAcpmE,GAY1B,ODROmgE,GCHOngE,EAAMigE,GDDPgC,GAAaljC,QAAO,CAAC9kC,EAAK2lE,KACnC3lE,EAAI2lE,GAAO,WACJ3lE,IARK,CACZsoE,MAAO,SACPM,KAAM,SACNH,MAAO,gBACPD,KAAM,mBCIVtC,GAAengE,EAAO,CAClBiN,EAAG,SACH4Z,EAAG,SACHw/C,GAAI,QACJC,GAAI,SACL,CACCnE,WAAY,gBACZE,YAAa,kBAGVjtE,OAAOwtE,OAAO,IACdV,GAAQliE,EAAMiN,EAAGjN,EAAMmiE,eACvBniE,EACEyiB,EAAGziB,EAAMigE,GAAGsC,OAEzB;sECzNA,SAASgE,GAAmBxhD,QACNrtB,IAAdqtB,EAAK2iB,MACLy1B,GAAM,OAAQp4C,EAAK2iB,WACFhwC,IAAjBqtB,EAAKyhD,SACLrJ,GAAM,UAAWp4C,EAAKyhD,QAC9B,CA4BA,MAAQlI,gBAAiBmI,GAAKxI,WAAYyI,IAAQC,GAQrCC,GAAM,CAEfC,IAAK,cAAqBhwE,MACtB,WAAA3B,CAAYy4B,EAAI,IACZx4B,MAAMw4B,EAClB,GAGIm5C,KAAM,CACF92D,OAAQ,CAACqD,EAAKlX,KACV,MAAQ0qE,IAAKxK,GAAMuK,GACnB,GAAIvzD,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIgpD,EAAE,yBAChB,GAAkB,EAAdlgE,EAAKjF,OACL,MAAM,IAAImlE,EAAE,6BAChB,MAAM0K,EAAU5qE,EAAKjF,OAAS,EACxByrB,EAAMqkD,GAAuBD,GACnC,GAAKpkD,EAAIzrB,OAAS,EAAK,IACnB,MAAM,IAAImlE,EAAE,wCAEhB,MAAM4K,EAASF,EAAU,IAAMC,GAAwBrkD,EAAIzrB,OAAS,EAAK,KAAO,GAChF,MAAO,GAAG8vE,GAAuB3zD,KAAO4zD,IAAStkD,IAAMxmB,GAAM,EAGjE,MAAAiU,CAAOiD,EAAKlX,GACR,MAAQ0qE,IAAKxK,GAAMuK,GACnB,IAAItvE,EAAM,EACV,GAAI+b,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIgpD,EAAE,yBAChB,GAAIlgE,EAAKjF,OAAS,GAAKiF,EAAK7E,OAAW+b,EACnC,MAAM,IAAIgpD,EAAE,yBAChB,MAAM6K,EAAQ/qE,EAAK7E,KAEnB,IAAIJ,EAAS,EACb,MAF0B,IAARgwE,GAIb,CAED,MAAMD,EAAiB,IAARC,EACf,IAAKD,EACD,MAAM,IAAI5K,EAAE,qDAChB,GAAI4K,EAAS,EACT,MAAM,IAAI5K,EAAE,4CAChB,MAAM8K,EAAchrE,EAAKmC,SAAShH,EAAKA,EAAM2vE,GAC7C,GAAIE,EAAYjwE,SAAW+vE,EACvB,MAAM,IAAI5K,EAAE,yCAChB,GAAuB,IAAnB8K,EAAY,GACZ,MAAM,IAAI9K,EAAE,wCAChB,IAAK,MAAMlvD,KAAKg6D,EACZjwE,EAAUA,GAAU,EAAKiW,EAE7B,GADA7V,GAAO2vE,EACH/vE,EAAS,IACT,MAAM,IAAImlE,EAAE,yCAChC,MAlBgBnlE,EAASgwE,EAmBb,MAAMh4D,EAAI/S,EAAKmC,SAAShH,EAAKA,EAAMJ,GACnC,GAAIgY,EAAEhY,SAAWA,EACb,MAAM,IAAImlE,EAAE,kCAChB,MAAO,CAAEntD,IAAGwoB,EAAGv7B,EAAKmC,SAAShH,EAAMJ,GACtC,GAMLkwE,KAAM,CACF,MAAAp3D,CAAOmP,GACH,MAAQ0nD,IAAKxK,GAAMuK,GACnB,GAAIznD,EAAMkQ,GACN,MAAM,IAAIgtC,EAAE,8CAChB,IAAIztD,EAAMo4D,GAAuB7nD,GAIjC,GAFkC,EAA9BzC,OAAO5N,SAASF,EAAI,GAAI,MACxBA,EAAM,KAAOA,GACA,EAAbA,EAAI1X,OACJ,MAAM,IAAImlE,EAAE,wBAChB,OAAOztD,CACV,EACD,MAAAwB,CAAOjU,GACH,MAAQ0qE,IAAKxK,GAAMuK,GACnB,GAAc,IAAVzqE,EAAK,GACL,MAAM,IAAIkgE,EAAE,uCAChB,GAAgB,IAAZlgE,EAAK,MAA2B,IAAVA,EAAK,IAC3B,MAAM,IAAIkgE,EAAE,uDAChB,OAAOoK,GAAItqE,EACd,GAEL,KAAAkrE,CAAMz4D,GAEF,MAAQi4D,IAAKxK,EAAG+K,KAAME,EAAKR,KAAMS,GAAQX,GACnCzqE,EAAsB,iBAARyS,EAAmB83D,GAAI93D,GAAOA,EAClD44D,GAAUrrE,GACV,MAAQ+S,EAAGu4D,EAAU/vC,EAAGgwC,GAAiBH,EAAIn3D,OAAO,GAAMjU,GAC1D,GAAIurE,EAAaxwE,OACb,MAAM,IAAImlE,EAAE,+CAChB,MAAQntD,EAAGy4D,EAAQjwC,EAAGkwC,GAAeL,EAAIn3D,OAAO,EAAMq3D,IAC9Cv4D,EAAG24D,EAAQnwC,EAAGowC,GAAeP,EAAIn3D,OAAO,EAAMw3D,GACtD,GAAIE,EAAW5wE,OACX,MAAM,IAAImlE,EAAE,+CAChB,MAAO,CAAEtrD,EAAGu2D,EAAIl3D,OAAOu3D,GAAS14D,EAAGq4D,EAAIl3D,OAAOy3D,GACjD,EACD,UAAAE,CAAW5nC,GACP,MAAQ2mC,KAAMS,EAAKH,KAAME,GAAQV,GAC3BoB,EAAM,GAAGT,EAAIv3D,OAAO,EAAMs3D,EAAIt3D,OAAOmwB,EAAIpvB,MAAMw2D,EAAIv3D,OAAO,EAAMs3D,EAAIt3D,OAAOmwB,EAAIlxB,MACrF,OAAOs4D,EAAIv3D,OAAO,GAAMg4D,EAC3B,GAIC34C,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAUA,OAAO,GAAG,MAACskD,GAAMtkD,OAAO,GAC/D,SAAS0rD,GAAkBljD,GAC9B,MAAMmjD,EAjJV,SAA2BloE,GACvB,MAAM+kB,EAAOqhD,GAAcpmE,GAC3BmoE,GAAkBpjD,EAAM,CACpBnR,EAAG,QACHzG,EAAG,SACJ,CACCi7D,yBAA0B,QAC1BC,eAAgB,UAChBC,cAAe,WACfC,cAAe,WACfC,mBAAoB,UACpBvE,UAAW,WACXtoD,QAAS,aAEb,MAAM8sD,KAAEA,EAAIxI,GAAEA,EAAErsD,EAAEA,GAAMmR,EACxB,GAAI0jD,EAAM,CACN,IAAKxI,EAAGsB,IAAI3tD,EAAGqsD,EAAG6B,MACd,MAAUjrE,MAAM,qEAEpB,GAAoB,iBAAT4xE,GACc,iBAAdA,EAAKC,MACgB,mBAArBD,EAAKE,YACZ,MAAU9xE,MAAM,oEAE5B,CACI,OAAOzB,OAAOwtE,OAAO,IAAK79C,GAC9B,CAuHkB6jD,CAAkB7jD,IAC1Bk7C,GAAEA,GAAOiI,EACTW,EAAKC,GAAUZ,EAAMj7D,EAAGi7D,EAAM/F,YAC9BxmD,EAAUusD,EAAMvsD,SAC1B,EAAU02B,EAAI02B,EAAOC,KACT,MAAMp1D,EAAIm1D,EAAME,WAChB,OAAOC,GAAenyE,WAAW8e,KAAK,CAAC,IAAQoqD,EAAGtkD,QAAQ/H,EAAE9C,GAAImvD,EAAGtkD,QAAQ/H,EAAEsc,GAChF,GACC+zC,EAAYiE,EAAMjE,WACnB,CAACxkE,IAEE,MAAMib,EAAOjb,EAAMnB,SAAS,GAI5B,MAAO,CAAEwS,EAFCmvD,EAAGgE,UAAUvpD,EAAKpc,SAAS,EAAG2hE,EAAGyC,QAE/BxyC,EADF+vC,EAAGgE,UAAUvpD,EAAKpc,SAAS2hE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEzD,GAKL,SAASyG,EAAoBr4D,GACzB,MAAM8C,EAAEA,EAACzG,EAAEA,GAAM+6D,EACXkB,EAAKnJ,EAAGuB,IAAI1wD,GACZu4D,EAAKpJ,EAAG9+C,IAAIioD,EAAIt4D,GACtB,OAAOmvD,EAAG1mE,IAAI0mE,EAAG1mE,IAAI8vE,EAAIpJ,EAAG9+C,IAAIrQ,EAAG8C,IAAKzG,EAChD,CAKI,IAAK8yD,EAAGsB,IAAItB,EAAGuB,IAAI0G,EAAM5B,IAAK6C,EAAoBjB,EAAM7B,KACpD,MAAUxvE,MAAM,+CAOpB,SAASyyE,EAAuBrjE,GAC5B,MAAQmiE,yBAA0BttD,EAAOunD,YAAEA,EAAWgG,eAAEA,EAAgBp7D,EAAGs8D,GAAMrB,EACjF,GAAIptD,GAA0B,iBAAR7U,EAAkB,CAIpC,GAHIujE,GAAWvjE,KACXA,EAAMwjE,GAAcxjE,IAEL,iBAARA,IAAqB6U,EAAQtG,SAASvO,EAAI/O,QACjD,MAAUL,MAAM,eACpBoP,EAAMA,EAAIq3D,SAAuB,EAAd+E,EAAiB,IAChD,CACQ,IAAIljD,EACJ,IACIA,EACmB,iBAARlZ,EACDA,EACAyjE,GAAmBhL,GAAY,cAAez4D,EAAKo8D,GACzE,CACQ,MAAOrmE,GACH,MAAUnF,MAAM,uBAAuBwrE,sCAAgDp8D,IACnG,CAIQ,OAHIoiE,IACAlpD,EAAMwqD,GAAQxqD,EAAKoqD,IACvBK,GAAY,cAAezqD,EAAKmQ,GAAKi6C,GAC9BpqD,CACf,CACI,SAAS0qD,EAAe/jB,GACpB,KAAMA,aAAiBgkB,GACnB,MAAUjzE,MAAM,2BAC5B,CAKI,MAAMkzE,EAAerJ,IAAS,CAACj+C,EAAGunD,KAC9B,MAAQC,GAAIn5D,EAAGo5D,GAAIh6C,EAAGi6C,GAAI7uC,GAAM7Y,EAEhC,GAAIw9C,EAAGsB,IAAIjmC,EAAG2kC,EAAGyB,KACb,MAAO,CAAE5wD,IAAGof,KAChB,MAAM4yC,EAAMrgD,EAAEqgD,MAGJ,MAANkH,IACAA,EAAKlH,EAAM7C,EAAGyB,IAAMzB,EAAGuD,IAAIloC,IAC/B,MAAM8uC,EAAKnK,EAAG9+C,IAAIrQ,EAAGk5D,GACfK,EAAKpK,EAAG9+C,IAAI+O,EAAG85C,GACfM,EAAKrK,EAAG9+C,IAAIma,EAAG0uC,GACrB,GAAIlH,EACA,MAAO,CAAEhyD,EAAGmvD,EAAG6B,KAAM5xC,EAAG+vC,EAAG6B,MAC/B,IAAK7B,EAAGsB,IAAI+I,EAAIrK,EAAGyB,KACf,MAAU7qE,MAAM,oBACpB,MAAO,CAAEia,EAAGs5D,EAAIl6C,EAAGm6C,EAAI,IAIrBE,EAAkB7J,IAAUj+C,IAC9B,GAAIA,EAAEqgD,MAAO,CAIT,GAAIoF,EAAMM,qBAAuBvI,EAAG6C,IAAIrgD,EAAEynD,IACtC,OACJ,MAAUrzE,MAAM,kBAC5B,CAEQ,MAAMia,EAAEA,EAACof,EAAEA,GAAMzN,EAAEwmD,WAEnB,IAAKhJ,EAAGC,QAAQpvD,KAAOmvD,EAAGC,QAAQhwC,GAC9B,MAAUr5B,MAAM,4BACpB,MAAMipB,EAAOmgD,EAAGuB,IAAItxC,GACds6C,EAAQrB,EAAoBr4D,GAClC,IAAKmvD,EAAGsB,IAAIzhD,EAAM0qD,GACd,MAAU3zE,MAAM,qCACpB,IAAK4rB,EAAE6lD,gBACH,MAAUzxE,MAAM,0CACpB,OAAO,CAAI,IAOf,MAAMizE,EACF,WAAA50E,CAAY+0E,EAAIC,EAAIC,GAIhB,GAHA70E,KAAK20E,GAAKA,EACV30E,KAAK40E,GAAKA,EACV50E,KAAK60E,GAAKA,EACA,MAANF,IAAehK,EAAGC,QAAQ+J,GAC1B,MAAUpzE,MAAM,cACpB,GAAU,MAANqzE,IAAejK,EAAGC,QAAQgK,GAC1B,MAAUrzE,MAAM,cACpB,GAAU,MAANszE,IAAelK,EAAGC,QAAQiK,GAC1B,MAAUtzE,MAAM,cACpBzB,OAAOwtE,OAAOttE,KAC1B,CAGQ,iBAAOm1E,CAAWhoD,GACd,MAAM3R,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EACxB,IAAKA,IAAMw9C,EAAGC,QAAQpvD,KAAOmvD,EAAGC,QAAQhwC,GACpC,MAAUr5B,MAAM,wBACpB,GAAI4rB,aAAaqnD,EACb,MAAUjzE,MAAM,gCACpB,MAAMisE,EAAO1rE,GAAM6oE,EAAGsB,IAAInqE,EAAG6oE,EAAG6B,MAEhC,OAAIgB,EAAIhyD,IAAMgyD,EAAI5yC,GACP45C,EAAMhI,KACV,IAAIgI,EAAMh5D,EAAGof,EAAG+vC,EAAGyB,IACtC,CACQ,KAAI5wD,GACA,OAAOxb,KAAK2zE,WAAWn4D,CACnC,CACQ,KAAIof,GACA,OAAO56B,KAAK2zE,WAAW/4C,CACnC,CAOQ,iBAAOw6C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAO7qE,KAAKwoB,GAAMA,EAAE0nD,MACjD,OAAOrF,EAAO7qE,KAAI,CAACwoB,EAAGrrB,IAAMqrB,EAAEwmD,SAAS0B,EAAMvzE,MAAK6C,IAAI6vE,EAAMW,WACxE,CAKQ,cAAOG,CAAQh8D,GACX,MAAMwyD,EAAI0I,EAAMW,WAAWxG,EAAUvF,GAAY,WAAY9vD,KAE7D,OADAwyD,EAAEyJ,iBACKzJ,CACnB,CAEQ,qBAAO0J,CAAehiE,GAClB,OAAOghE,EAAM5E,KAAK6F,SAASzB,EAAuBxgE,GAC9D,CAEQ,UAAOkiE,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAe3sD,GACX4sD,EAAKvF,cAAcrwE,KAAMgpB,EACrC,CAEQ,cAAAusD,GACIN,EAAgBj1E,KAC5B,CACQ,QAAA61E,GACI,MAAMj7C,EAAEA,GAAM56B,KAAK2zE,WACnB,GAAIhJ,EAAG8C,MACH,OAAQ9C,EAAG8C,MAAM7yC,GACrB,MAAUr5B,MAAM,8BAC5B,CAIQ,MAAAgiD,CAAOiN,GACH+jB,EAAe/jB,GACf,MAAQmkB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOh2E,MAC3B20E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAO3lB,EAC7B4lB,EAAKzL,EAAGsB,IAAItB,EAAG9+C,IAAIiqD,EAAIK,GAAKxL,EAAG9+C,IAAIoqD,EAAID,IACvCK,EAAK1L,EAAGsB,IAAItB,EAAG9+C,IAAIkqD,EAAII,GAAKxL,EAAG9+C,IAAIqqD,EAAIF,IAC7C,OAAOI,GAAMC,CACzB,CAIQ,MAAAjH,GACI,OAAO,IAAIoF,EAAMx0E,KAAK20E,GAAIhK,EAAG4B,IAAIvsE,KAAK40E,IAAK50E,KAAK60E,GAC5D,CAKQ,MAAAl5D,GACI,MAAM2C,EAAEA,EAACzG,EAAEA,GAAM+6D,EACX3tC,EAAK0lC,EAAG9+C,IAAIhU,EAAG0zD,KACboJ,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOh2E,KACnC,IAAIs2E,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACpCv+C,EAAK08C,EAAG9+C,IAAIiqD,EAAIA,GAChB5nD,EAAKy8C,EAAG9+C,IAAIkqD,EAAIA,GAChB5nD,EAAKw8C,EAAG9+C,IAAImqD,EAAIA,GAChB5nD,EAAKu8C,EAAG9+C,IAAIiqD,EAAIC,GA4BpB,OA3BA3nD,EAAKu8C,EAAG1mE,IAAImqB,EAAIA,GAChBooD,EAAK7L,EAAG9+C,IAAIiqD,EAAIE,GAChBQ,EAAK7L,EAAG1mE,IAAIuyE,EAAIA,GAChBF,EAAK3L,EAAG9+C,IAAIvN,EAAGk4D,GACfD,EAAK5L,EAAG9+C,IAAIoZ,EAAI9W,GAChBooD,EAAK5L,EAAG1mE,IAAIqyE,EAAIC,GAChBD,EAAK3L,EAAGttD,IAAI6Q,EAAIqoD,GAChBA,EAAK5L,EAAG1mE,IAAIiqB,EAAIqoD,GAChBA,EAAK5L,EAAG9+C,IAAIyqD,EAAIC,GAChBD,EAAK3L,EAAG9+C,IAAIuC,EAAIkoD,GAChBE,EAAK7L,EAAG9+C,IAAIoZ,EAAIuxC,GAChBroD,EAAKw8C,EAAG9+C,IAAIvN,EAAG6P,GACfC,EAAKu8C,EAAGttD,IAAI4Q,EAAIE,GAChBC,EAAKu8C,EAAG9+C,IAAIvN,EAAG8P,GACfA,EAAKu8C,EAAG1mE,IAAImqB,EAAIooD,GAChBA,EAAK7L,EAAG1mE,IAAIgqB,EAAIA,GAChBA,EAAK08C,EAAG1mE,IAAIuyE,EAAIvoD,GAChBA,EAAK08C,EAAG1mE,IAAIgqB,EAAIE,GAChBF,EAAK08C,EAAG9+C,IAAIoC,EAAIG,GAChBmoD,EAAK5L,EAAG1mE,IAAIsyE,EAAItoD,GAChBE,EAAKw8C,EAAG9+C,IAAIkqD,EAAIC,GAChB7nD,EAAKw8C,EAAG1mE,IAAIkqB,EAAIA,GAChBF,EAAK08C,EAAG9+C,IAAIsC,EAAIC,GAChBkoD,EAAK3L,EAAGttD,IAAIi5D,EAAIroD,GAChBuoD,EAAK7L,EAAG9+C,IAAIsC,EAAID,GAChBsoD,EAAK7L,EAAG1mE,IAAIuyE,EAAIA,GAChBA,EAAK7L,EAAG1mE,IAAIuyE,EAAIA,GACT,IAAIhC,EAAM8B,EAAIC,EAAIC,EACrC,CAKQ,GAAAvyE,CAAIusD,GACA+jB,EAAe/jB,GACf,MAAQmkB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOh2E,MAC3B20E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAO3lB,EACnC,IAAI8lB,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACxC,MAAMluD,EAAIs0D,EAAMt0D,EACV2mB,EAAK0lC,EAAG9+C,IAAI+mD,EAAM/6D,EAAG0zD,IAC3B,IAAIt9C,EAAK08C,EAAG9+C,IAAIiqD,EAAIG,GAChB/nD,EAAKy8C,EAAG9+C,IAAIkqD,EAAIG,GAChB/nD,EAAKw8C,EAAG9+C,IAAImqD,EAAIG,GAChB/nD,EAAKu8C,EAAG1mE,IAAI6xE,EAAIC,GAChB5yC,EAAKwnC,EAAG1mE,IAAIgyE,EAAIC,GACpB9nD,EAAKu8C,EAAG9+C,IAAIuC,EAAI+U,GAChBA,EAAKwnC,EAAG1mE,IAAIgqB,EAAIC,GAChBE,EAAKu8C,EAAGttD,IAAI+Q,EAAI+U,GAChBA,EAAKwnC,EAAG1mE,IAAI6xE,EAAIE,GAChB,IAAI5yC,EAAKunC,EAAG1mE,IAAIgyE,EAAIE,GA+BpB,OA9BAhzC,EAAKwnC,EAAG9+C,IAAIsX,EAAIC,GAChBA,EAAKunC,EAAG1mE,IAAIgqB,EAAIE,GAChBgV,EAAKwnC,EAAGttD,IAAI8lB,EAAIC,GAChBA,EAAKunC,EAAG1mE,IAAI8xE,EAAIC,GAChBM,EAAK3L,EAAG1mE,IAAIiyE,EAAIC,GAChB/yC,EAAKunC,EAAG9+C,IAAIuX,EAAIkzC,GAChBA,EAAK3L,EAAG1mE,IAAIiqB,EAAIC,GAChBiV,EAAKunC,EAAGttD,IAAI+lB,EAAIkzC,GAChBE,EAAK7L,EAAG9+C,IAAIvN,EAAG6kB,GACfmzC,EAAK3L,EAAG9+C,IAAIoZ,EAAI9W,GAChBqoD,EAAK7L,EAAG1mE,IAAIqyE,EAAIE,GAChBF,EAAK3L,EAAGttD,IAAI6Q,EAAIsoD,GAChBA,EAAK7L,EAAG1mE,IAAIiqB,EAAIsoD,GAChBD,EAAK5L,EAAG9+C,IAAIyqD,EAAIE,GAChBtoD,EAAKy8C,EAAG1mE,IAAIgqB,EAAIA,GAChBC,EAAKy8C,EAAG1mE,IAAIiqB,EAAID,GAChBE,EAAKw8C,EAAG9+C,IAAIvN,EAAG6P,GACfgV,EAAKwnC,EAAG9+C,IAAIoZ,EAAI9B,GAChBjV,EAAKy8C,EAAG1mE,IAAIiqB,EAAIC,GAChBA,EAAKw8C,EAAGttD,IAAI4Q,EAAIE,GAChBA,EAAKw8C,EAAG9+C,IAAIvN,EAAG6P,GACfgV,EAAKwnC,EAAG1mE,IAAIk/B,EAAIhV,GAChBF,EAAK08C,EAAG9+C,IAAIqC,EAAIiV,GAChBozC,EAAK5L,EAAG1mE,IAAIsyE,EAAItoD,GAChBA,EAAK08C,EAAG9+C,IAAIuX,EAAID,GAChBmzC,EAAK3L,EAAG9+C,IAAIuC,EAAIkoD,GAChBA,EAAK3L,EAAGttD,IAAIi5D,EAAIroD,GAChBA,EAAK08C,EAAG9+C,IAAIuC,EAAIF,GAChBsoD,EAAK7L,EAAG9+C,IAAIuX,EAAIozC,GAChBA,EAAK7L,EAAG1mE,IAAIuyE,EAAIvoD,GACT,IAAIumD,EAAM8B,EAAIC,EAAIC,EACrC,CACQ,QAAAC,CAASjmB,GACL,OAAOxwD,KAAKiE,IAAIusD,EAAM4e,SAClC,CACQ,GAAA5B,GACI,OAAOxtE,KAAKujD,OAAOixB,EAAMhI,KACrC,CACQ,IAAAyC,CAAKt3D,GACD,OAAOi+D,EAAKzF,WAAWnwE,KAAM2X,EAAG68D,EAAMY,WAClD,CAMQ,cAAAsB,CAAeC,GACXrC,GAAY,SAAUqC,EAAI58C,GAAK64C,EAAMj7D,GACrC,MAAMuqB,EAAIsyC,EAAMhI,KAChB,GAAImK,IAAO58C,GACP,OAAOmI,EACX,GAAIy0C,IAAO38C,GACP,OAAOh6B,KACX,MAAMmzE,KAAEA,GAASP,EACjB,IAAKO,EACD,OAAOyC,EAAKtG,aAAatvE,KAAM22E,GAEnC,IAAIC,MAAEA,EAAKnuD,GAAEA,EAAEouD,MAAEA,EAAKnuD,GAAEA,GAAOyqD,EAAKE,YAAYsD,GAC5CG,EAAM50C,EACN60C,EAAM70C,EACN9e,EAAIpjB,KACR,KAAOyoB,EAAKsR,IAAOrR,EAAKqR,IAChBtR,EAAKuR,KACL88C,EAAMA,EAAI7yE,IAAImf,IACdsF,EAAKsR,KACL+8C,EAAMA,EAAI9yE,IAAImf,IAClBA,EAAIA,EAAEzH,SACN8M,IAAOuR,GACPtR,IAAOsR,GAOX,OALI48C,IACAE,EAAMA,EAAI1H,UACVyH,IACAE,EAAMA,EAAI3H,UACd2H,EAAM,IAAIvC,EAAM7J,EAAG9+C,IAAIkrD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IAChDiC,EAAI7yE,IAAI8yE,EAC3B,CAUQ,QAAAtB,CAAS9E,GACL,MAAMwC,KAAEA,EAAMx7D,EAAGs8D,GAAMrB,EAEvB,IAAIa,EAAOuD,EACX,GAFA1C,GAAY,SAAU3D,EAAQ32C,GAAKi6C,GAE/Bd,EAAM,CACN,MAAMyD,MAAEA,EAAKnuD,GAAEA,EAAEouD,MAAEA,EAAKnuD,GAAEA,GAAOyqD,EAAKE,YAAY1C,GAClD,IAAMxjD,EAAG2pD,EAAK7wC,EAAGgxC,GAAQj3E,KAAKivE,KAAKxmD,IAC7B0E,EAAG4pD,EAAK9wC,EAAGixC,GAAQl3E,KAAKivE,KAAKvmD,GACnCouD,EAAMlB,EAAK1G,gBAAgB0H,EAAOE,GAClCC,EAAMnB,EAAK1G,gBAAgB2H,EAAOE,GAClCA,EAAM,IAAIvC,EAAM7J,EAAG9+C,IAAIkrD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IACvDpB,EAAQqD,EAAI7yE,IAAI8yE,GAChBC,EAAOC,EAAIhzE,IAAIizE,EAC/B,KACiB,CACD,MAAM/pD,EAAEA,EAAC8Y,EAAEA,GAAMjmC,KAAKivE,KAAK0B,GAC3B8C,EAAQtmD,EACR6pD,EAAO/wC,CACvB,CAEY,OAAOuuC,EAAMY,WAAW,CAAC3B,EAAOuD,IAAO,EACnD,CAOQ,oBAAAG,CAAqB9lC,EAAG/yB,EAAGzG,GACvB,MAAMovD,EAAIuN,EAAM5E,KACV/jD,EAAM,CAACigD,EAAGxtD,IACVA,IAAMyb,IAAOzb,IAAM0b,IAAQ8xC,EAAEvoB,OAAO0jB,GAA2B6E,EAAE2J,SAASn3D,GAAjCwtD,EAAE4K,eAAep4D,GAC1DmU,EAAM5G,EAAI7rB,KAAMse,GAAGra,IAAI4nB,EAAIwlB,EAAGx5B,IACpC,OAAO4a,EAAI+6C,WAAQprE,EAAYqwB,CAC3C,CAIQ,QAAAkhD,CAASe,GACL,OAAOD,EAAaz0E,KAAM00E,EACtC,CACQ,aAAA1B,GACI,MAAQzhD,EAAG6lD,EAAQpE,cAAEA,GAAkBJ,EACvC,GAAIwE,IAAap9C,GACb,OAAO,EACX,GAAIg5C,EACA,OAAOA,EAAcwB,EAAOx0E,MAChC,MAAUuB,MAAM,+DAC5B,CACQ,aAAA0xE,GACI,MAAQ1hD,EAAG6lD,EAAQnE,cAAEA,GAAkBL,EACvC,OAAIwE,IAAap9C,GACNh6B,KACPizE,EACOA,EAAcuB,EAAOx0E,MACzBA,KAAK02E,eAAe9D,EAAMrhD,EAC7C,CACQ,UAAA8lD,CAAWC,GAAe,GAGtB,OAFAzP,GAAM,eAAgByP,GACtBt3E,KAAKu1E,iBACElvD,EAAQmuD,EAAOx0E,KAAMs3E,EACxC,CACQ,KAAAhsC,CAAMgsC,GAAe,GAEjB,OADAzP,GAAM,eAAgByP,GACfnD,GAAcn0E,KAAKq3E,WAAWC,GACjD,EAEI9C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIrG,EAAGyB,KAC9CoI,EAAMhI,KAAO,IAAIgI,EAAM7J,EAAG6B,KAAM7B,EAAGyB,IAAKzB,EAAG6B,MAC3C,MAAM+K,EAAQ3E,EAAM/F,WACd+I,EAAO3G,GAAKuF,EAAO5B,EAAMO,KAAO1qE,KAAKyQ,KAAKq+D,EAAQ,GAAKA,GAE7D,MAAO,CACH3E,QACA4E,gBAAiBhD,EACjBR,yBACAH,sBACA4D,mBAnZJ,SAA4B5tD,GACxB,OAAO6tD,GAAW7tD,EAAKmQ,GAAK44C,EAAMj7D,EAC1C,EAmZA,CAqBO,SAASggE,GAAYC,GACxB,MAAMhF,EArBV,SAAsBloE,GAClB,MAAM+kB,EAAOqhD,GAAcpmE,GAU3B,OATAmoE,GAAkBpjD,EAAM,CACpB9hB,KAAM,OACNi6D,KAAM,WACN5qC,YAAa,YACd,CACC66C,SAAU,WACVC,cAAe,WACf1lC,KAAM,YAEHtyC,OAAOwtE,OAAO,CAAEl7B,MAAM,KAAS3iB,GAC1C,CASkBsoD,CAAaH,IACrBjN,GAAEA,EAAIhzD,GAAmBi7D,EACzBoF,EAAgBrN,EAAGyC,MAAQ,EAC3B6K,EAAkB,EAAItN,EAAGyC,MAAQ,EACvC,SAAS8K,EAAK55D,GACV,OAAO+1D,GAAQ/1D,EAAG65D,EAC1B,CACI,SAASC,EAAK95D,GACV,OAAO+5D,GAAW/5D,EAAG65D,EAC7B,CACI,MAAQX,gBAAiBhD,EAAKR,uBAAEA,EAAsBH,oBAAEA,EAAmB4D,mBAAEA,GAAwB9E,GAAkB,IAChHC,EACH,OAAAvsD,CAAQ02B,EAAI02B,EAAO6D,GACf,MAAMh5D,EAAIm1D,EAAME,WACVn4D,EAAImvD,EAAGtkD,QAAQ/H,EAAE9C,GACjB88D,EAAM1E,GAEZ,OADA/L,GAAM,eAAgByP,GAClBA,EACOgB,EAAI72E,WAAW8e,KAAK,CAACkzD,EAAMoC,WAAa,EAAO,IAAQr6D,GAGvD88D,EAAI72E,WAAW8e,KAAK,CAAC,IAAQ/E,EAAGmvD,EAAGtkD,QAAQ/H,EAAEsc,GAE3D,EACD,SAAA+zC,CAAUxkE,GACN,MAAMkjB,EAAMljB,EAAMvI,OACZm9C,EAAO50C,EAAM,GACbib,EAAOjb,EAAMnB,SAAS,GAE5B,GAAIqkB,IAAQ2qD,GAA2B,IAATj5B,GAA0B,IAATA,EAoB1C,IAAI1xB,IAAQ4qD,GAA4B,IAATl5B,EAAe,CAG/C,MAAO,CAAEvjC,EAFCmvD,EAAGgE,UAAUvpD,EAAKpc,SAAS,EAAG2hE,EAAGyC,QAE/BxyC,EADF+vC,EAAGgE,UAAUvpD,EAAKpc,SAAS2hE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEtE,CAEgB,MAAU7rE,MAAM,mBAAmB8rB,2BAA6B2qD,yBAAqCC,uBACrH,CA3B2E,CAC3D,MAAMz8D,EAAI44D,GAAmBhvD,GAC7B,IAAKsyD,GAAWl8D,EAAGwe,GAAK2wC,EAAGsC,OACvB,MAAU1rE,MAAM,yBACpB,MAAMg3E,EAAK1E,EAAoBr4D,GAC/B,IAAIof,EACJ,IACIA,EAAI+vC,EAAGwD,KAAKoK,EAChC,CACgB,MAAOC,GACH,MAAMC,EAASD,aAAqBj3E,MAAQ,KAAOi3E,EAAUjlE,QAAU,GACvE,MAAUhS,MAAM,wBAA0Bk3E,EAC9D,CAMgB,QAHiC,GAAd15B,OAFHnkB,EAAIZ,MAASA,MAIzBY,EAAI+vC,EAAG4B,IAAI3xC,IACR,CAAEpf,IAAGof,IAC5B,CASS,IAEC89C,EAAiB7uD,GAAQsqD,GAAcwE,GAAmB9uD,EAAK+oD,EAAM7F,cAC3E,SAAS6L,EAAsBz9C,GAE3B,OAAOA,EADMg9C,GAAen+C,EAEpC,CAKI,MAAM6+C,EAAS,CAAChhE,EAAG0I,EAAMmmD,IAAO0N,GAAmBv8D,EAAElV,MAAM4d,EAAMmmD,IAIjE,MAAMjT,EACF,WAAA7zD,CAAY6b,EAAG9B,EAAGm/D,GACd94E,KAAKyb,EAAIA,EACTzb,KAAK2Z,EAAIA,EACT3Z,KAAK84E,SAAWA,EAChB94E,KAAKu1E,gBACjB,CAEQ,kBAAOwD,CAAYz/D,GACf,MAAM8oB,EAAIwwC,EAAM7F,YAEhB,OADAzzD,EAAM8vD,GAAY,mBAAoB9vD,EAAS,EAAJ8oB,GACpC,IAAIqxB,EAAUolB,EAAOv/D,EAAK,EAAG8oB,GAAIy2C,EAAOv/D,EAAK8oB,EAAG,EAAIA,GACvE,CAGQ,cAAO42C,CAAQ1/D,GACX,MAAMmC,EAAEA,EAAC9B,EAAEA,GAAM23D,GAAIS,MAAM3I,GAAY,MAAO9vD,IAC9C,OAAO,IAAIm6C,EAAUh4C,EAAG9B,EACpC,CACQ,cAAA47D,GACIjB,GAAY,IAAKt0E,KAAKyb,EAAGue,GAAKm+C,GAC9B7D,GAAY,IAAKt0E,KAAK2Z,EAAGqgB,GAAKm+C,EAC1C,CACQ,cAAAc,CAAeH,GACX,OAAO,IAAIrlB,EAAUzzD,KAAKyb,EAAGzb,KAAK2Z,EAAGm/D,EACjD,CACQ,gBAAAI,CAAiBC,GACb,MAAM19D,EAAEA,EAAC9B,EAAEA,EAAGm/D,SAAUM,GAAQp5E,KAC1BuxB,EAAIumD,EAAc1O,GAAY,UAAW+P,IAC/C,GAAW,MAAPC,IAAgB,CAAC,EAAG,EAAG,EAAG,GAAGl6D,SAASk6D,GACtC,MAAU73E,MAAM,uBACpB,MAAM83E,EAAe,IAARD,GAAqB,IAARA,EAAY39D,EAAIm3D,EAAMj7D,EAAI8D,EACpD,GAAI49D,GAAQ1O,EAAGsC,MACX,MAAU1rE,MAAM,8BACpB,MAAM4X,EAAgB,EAANigE,EAAwB,KAAP,KAC3BE,EAAI9E,EAAMc,QAAQn8D,EAASu/D,EAAcW,IACzCE,EAAKnB,EAAKiB,GACV1kC,EAAKujC,GAAM3mD,EAAIgoD,GACf3kC,EAAKsjC,EAAKv+D,EAAI4/D,GACdloC,EAAImjC,EAAM5E,KAAKuH,qBAAqBmC,EAAG3kC,EAAIC,GACjD,IAAKvD,EACD,MAAU9vC,MAAM,qBAEpB,OADA8vC,EAAEkkC,iBACKlkC,CACnB,CAEQ,QAAAmoC,GACI,OAAOZ,EAAsB54E,KAAK2Z,EAC9C,CACQ,UAAA8/D,GACI,OAAOz5E,KAAKw5E,WAAa,IAAI/lB,EAAUzzD,KAAKyb,EAAGy8D,GAAMl4E,KAAK2Z,GAAI3Z,KAAK84E,UAAY94E,IAC3F,CAEQ,aAAA05E,GACI,OAAOC,GAAc35E,KAAK45E,WACtC,CACQ,QAAAA,GACI,OAAOtI,GAAImB,WAAW,CAAEh3D,EAAGzb,KAAKyb,EAAG9B,EAAG3Z,KAAK2Z,GACvD,CAEQ,iBAAAkgE,GACI,OAAOF,GAAc35E,KAAK85E,eACtC,CACQ,YAAAA,GACI,OAAOpB,EAAc14E,KAAKyb,GAAKi9D,EAAc14E,KAAK2Z,EAC9D,EAEI,MAAMyzB,EAAQ,CACV,iBAAA2sC,CAAkBvmE,GACd,IAEI,OADAwgE,EAAuBxgE,IAChB,CACvB,CACY,MAAO9M,GACH,OAAO,CACvB,CACS,EACDstE,uBAAwBA,EAKxB3mC,iBAAkB,KACd,MAAMzrC,EAASo4E,GAAqBpH,EAAMj7D,GAC1C,OFzWL,SAAwBhH,EAAKk+D,EAAY9nD,GAAO,GACnD,MAAMsG,EAAM1c,EAAI/O,OACVq4E,EAAWrL,GAAoBC,GAC/BqL,EAASpL,GAAiBD,GAEhC,GAAIxhD,EAAM,IAAMA,EAAM6sD,GAAU7sD,EAAM,KAClC,MAAU9rB,MAAM,YAAY24E,8BAAmC7sD,KACnE,MAEM8M,EAAUD,GAFJnT,EAAOiiD,GAAgBr4D,GAAOs4D,GAAgBt4D,GAEjCk+D,EAAa70C,IAAOA,GAC7C,OAAOjT,EAAOoiD,GAAgBhvC,EAAS8/C,GAAY/Q,GAAgB/uC,EAAS8/C,EAChF,CE8VmBE,CAAmBvH,EAAM51C,YAAYp7B,GAASgxE,EAAMj7D,EAAE,EAUjEyiE,WAAU,CAACpxD,EAAa,EAAGyqD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAe3sD,GACrByqD,EAAMgC,SAASxuD,OAAO,IACfwsD,IAef,SAAS4G,EAAU3Y,GACf,MAAMx7C,EAAMguD,GAAWxS,GACjB5nD,EAAsB,iBAAT4nD,EACbr0C,GAAOnH,GAAOpM,IAAQ4nD,EAAK9/D,OACjC,OAAIskB,EACOmH,IAAQ2qD,GAAiB3qD,IAAQ4qD,EACxCn+D,EACOuT,IAAQ,EAAI2qD,GAAiB3qD,IAAQ,EAAI4qD,EAChDvW,aAAgB8S,CAG5B,CAuBI,MAAMqD,EAAWjF,EAAMiF,UACnB,SAAU1tE,GAGN,MAAM0f,EAAMuqD,GAAmBjqE,GACzBmwE,EAAuB,EAAfnwE,EAAMvI,OAAagxE,EAAM/F,WACvC,OAAOyN,EAAQ,EAAIzwD,GAAO5C,OAAOqzD,GAASzwD,CAC7C,EACCiuD,EAAgBlF,EAAMkF,eACxB,SAAU3tE,GACN,OAAO+tE,EAAKL,EAAS1tE,GACxB,EAECowE,EAAaC,GAAW5H,EAAM/F,YAIpC,SAAS4N,EAAW5wD,GAGhB,OAFAyqD,GAAY,WAAW1B,EAAM/F,WAAchjD,EAAKkQ,GAAKwgD,GAE9C5B,GAAmB9uD,EAAK+oD,EAAM7F,YAC7C,CAMI,SAAS2N,EAAQvB,EAAS3lE,EAAYic,EAAOkrD,GACzC,GAAI,CAAC,YAAa,aAAaj2E,MAAM6U,GAAMA,KAAKkW,IAC5C,MAAUluB,MAAM,uCACpB,MAAMoM,KAAEA,EAAIqvB,YAAEA,GAAgB41C,EAC9B,IAAIxgC,KAAEA,EAAI8+B,QAAEA,EAAS0J,aAAcC,GAAQprD,EAC/B,MAAR2iB,IACAA,GAAO,GACX+mC,EAAU/P,GAAY,UAAW+P,GACjClI,GAAmBxhD,GACfyhD,IACAiI,EAAU/P,GAAY,oBAAqBz7D,EAAKwrE,KAIpD,MAAM2B,EAAQhD,EAAcqB,GACtB/1D,EAAI4wD,EAAuBxgE,GAC3BunE,EAAW,CAACN,EAAWr3D,GAAIq3D,EAAWK,IAE5C,GAAW,MAAPD,IAAuB,IAARA,EAAe,CAE9B,MAAM32E,GAAY,IAAR22E,EAAe79C,EAAY2tC,EAAGyC,OAASyN,EACjDE,EAASj4E,KAAKsmE,GAAY,eAAgBllE,GACtD,CACQ,MAAM8mC,EAAO4oC,MAAkBmH,GACzB1iD,EAAIyiD,EA0BV,MAAO,CAAE9vC,OAAMgwC,MAxBf,SAAeC,GAEX,MAAM1hE,EAAIs+D,EAASoD,GACnB,IAAKxD,EAAmBl+D,GACpB,OACJ,MAAM2hE,EAAK9C,EAAK7+D,GACVoK,EAAI6wD,EAAM5E,KAAK6F,SAASl8D,GAAGo6D,WAC3Bl4D,EAAIy8D,EAAKv0D,EAAEnI,GACjB,GAAIC,IAAMse,GACN,OAIJ,MAAMpgB,EAAIu+D,EAAKgD,EAAKhD,EAAK7/C,EAAI5c,EAAI2H,IACjC,GAAIzJ,IAAMogB,GACN,OACJ,IAAI++C,GAAYn1D,EAAEnI,IAAMC,EAAI,EAAI,GAAK2L,OAAOzD,EAAEiX,EAAIZ,IAC9CmhD,EAAQxhE,EAKZ,OAJIy4B,GAAQwmC,EAAsBj/D,KAC9BwhE,EAlOZ,SAAoBxhE,GAChB,OAAOi/D,EAAsBj/D,GAAKu+D,GAAMv+D,GAAKA,CACrD,CAgOwB8/D,CAAW9/D,GACnBm/D,GAAY,GAET,IAAIrlB,EAAUh4C,EAAG0/D,EAAOrC,EAC3C,EAEA,CACI,MAAM6B,EAAiB,CAAEvoC,KAAMwgC,EAAMxgC,KAAM8+B,SAAS,GAC9CkK,EAAiB,CAAEhpC,KAAMwgC,EAAMxgC,KAAM8+B,SAAS,GAwFpD,OAnEAsD,EAAM5E,KAAK+F,eAAe,GAmEnB,CACH/C,QACAtlC,aAlNJ,SAAsB95B,EAAY8jE,GAAe,GAC7C,OAAO9C,EAAMgB,eAAehiE,GAAY6jE,WAAWC,EAC3D,EAiNQloC,gBAvLJ,SAAyBisC,EAAUC,EAAShE,GAAe,GACvD,GAAI+C,EAAUgB,GACV,MAAU95E,MAAM,iCACpB,IAAK84E,EAAUiB,GACX,MAAU/5E,MAAM,iCAEpB,OADUizE,EAAMc,QAAQgG,GACf7F,SAASzB,EAAuBqH,IAAWhE,WAAWC,EACvE,EAiLQn3C,KA9EJ,SAAcg5C,EAASoC,EAAS9rD,EAAOkrD,GACnC,MAAM3vC,KAAEA,EAAIgwC,MAAEA,GAAUN,EAAQvB,EAASoC,EAAS9rD,GAC5C6kB,EAAIs+B,EAEV,OADa4I,GAAkBlnC,EAAE3mC,KAAKqY,UAAWsuB,EAAEy4B,YAAaz4B,EAAEszB,KAC3D6T,CAAKzwC,EAAMgwC,EAC1B,EA0EQt6C,OAzDJ,SAAgB7xB,EAAWsqE,EAASptE,EAAW0jB,EAAO2rD,GAClD,MAAMM,EAAK7sE,EAGX,GAFAsqE,EAAU/P,GAAY,UAAW+P,GACjCptE,EAAYq9D,GAAY,YAAar9D,GACjC,WAAY0jB,EACZ,MAAUluB,MAAM,sCACpB0vE,GAAmBxhD,GACnB,MAAM2iB,KAAEA,EAAI8+B,QAAEA,GAAYzhD,EAC1B,IAAIksD,EACA7P,EACJ,IACI,GAAkB,iBAAP4P,GAAmBxH,GAAWwH,GAGrC,IACIC,EAAOloB,EAAUulB,QAAQ0C,EAC7C,CACgB,MAAOE,GACH,KAAMA,aAAoBtK,GAAIC,KAC1B,MAAMqK,EACVD,EAAOloB,EAAUslB,YAAY2C,EACjD,KAEiB,IAAkB,iBAAPA,GAAmC,iBAATA,EAAGjgE,GAAkC,iBAATigE,EAAG/hE,EAKrE,MAAUpY,MAAM,SALqE,CACrF,MAAMka,EAAEA,EAAC9B,EAAEA,GAAM+hE,EACjBC,EAAO,IAAIloB,EAAUh4C,EAAG9B,EACxC,CAGA,CACYmyD,EAAI0I,EAAMc,QAAQvpE,EAC9B,CACQ,MAAOrF,GACH,GAAsB,UAAlBA,EAAM6M,QACN,MAAUhS,MAAM,kEACpB,OAAO,CACnB,CACQ,GAAI6wC,GAAQupC,EAAKnC,WACb,OAAO,EACPtI,IACAiI,EAAUvG,EAAMjlE,KAAKwrE,IACzB,MAAM19D,EAAEA,EAAC9B,EAAEA,GAAMgiE,EACXpqD,EAAIumD,EAAcqB,GAClB0C,EAAKzD,EAAKz+D,GACVg7B,EAAKujC,EAAK3mD,EAAIsqD,GACdjnC,EAAKsjC,EAAKz8D,EAAIogE,GACdvC,EAAI9E,EAAM5E,KAAKuH,qBAAqBrL,EAAGn3B,EAAIC,IAAK++B,WACtD,QAAK2F,GAEKpB,EAAKoB,EAAE99D,KACJC,CACrB,EAOQ+7D,gBAAiBhD,EACjB/gB,YACArmB,QAER;sECj/BO,SAAS0uC,GAAQnuE,GACpB,MAAO,CACHA,OACAi6D,KAAM,CAACj3D,KAAQorE,IAASnU,GAAKj6D,EAAMgD,EAAKgiB,MAAeopD,IACvD/+C,eAER,CACO,SAASg/C,GAAYpE,EAAUqE,GAClC,MAAMl3D,EAAUpX,GAASgqE,GAAY,IAAKC,KAAakE,GAAQnuE,KAC/D,OAAO7N,OAAOwtE,OAAO,IAAKvoD,EAAOk3D,GAAUl3D,UAC/C;sED4IgFkC,OAAO,GEnJvF,MAAM0jD,GAAKqC,GAAM/lD,OAAO,uEAIXrc,GAAOoxE,GAAY,CAC5B19D,EAJYqsD,GAAG5lD,OAAOkC,OAAO,OAK7BpP,EAJYoP,OAAO,sEAKvB0jD,GAAIA,GAEAhzD,EAAGsP,OAAO,sEAEV8pD,GAAI9pD,OAAO,sEACX+pD,GAAI/pD,OAAO,sEACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACPrkC,ICvBGmuE,kBAA6Bj1D,OAAO,GAAK,GAAK,GAC9CD,kBAAuBC,OAAO,IAEpC,SAASk1D,GAAQxkE,EAAG6hC,GAAK,GACrB,OAAIA,EACO,CAAEjoB,EAAGnK,OAAOzP,EAAIukE,IAAa95C,EAAGhb,OAAQzP,GAAKqP,GAAQk1D,KACzD,CAAE3qD,EAAsC,EAAnCnK,OAAQzP,GAAKqP,GAAQk1D,IAAiB95C,EAA4B,EAAzBhb,OAAOzP,EAAIukE,IACpE,CACA,SAASz+D,GAAMohC,EAAKrF,GAAK,GACrB,IAAI4iC,EAAK,IAAIj8D,YAAY0+B,EAAIj9C,QACzBy6E,EAAK,IAAIl8D,YAAY0+B,EAAIj9C,QAC7B,IAAK,IAAIE,EAAI,EAAGA,EAAI+8C,EAAIj9C,OAAQE,IAAK,CACjC,MAAMyvB,EAAEA,EAAC6Q,EAAEA,GAAM+5C,GAAQt9B,EAAI/8C,GAAI03C,IAChC4iC,EAAGt6E,GAAIu6E,EAAGv6E,IAAM,CAACyvB,EAAG6Q,EAC7B,CACI,MAAO,CAACg6C,EAAIC,EAChB,CACA,MAcMC,GAAS,CAAC/qD,EAAG6Q,EAAGzoB,IAAO4X,GAAK5X,EAAMyoB,IAAO,GAAKzoB,EAC9C4iE,GAAS,CAAChrD,EAAG6Q,EAAGzoB,IAAOyoB,GAAKzoB,EAAM4X,IAAO,GAAK5X,EAE9C6iE,GAAS,CAACjrD,EAAG6Q,EAAGzoB,IAAOyoB,GAAMzoB,EAAI,GAAQ4X,IAAO,GAAK5X,EACrD8iE,GAAS,CAAClrD,EAAG6Q,EAAGzoB,IAAO4X,GAAM5X,EAAI,GAAQyoB,IAAO,GAAKzoB,EAQ3D,MASM+iE,GAAM,CACRP,WAAS1+D,SAAOk/D,MApCN,CAACprD,EAAG6Q,IAAOnb,OAAOsK,IAAM,IAAMvK,GAAQC,OAAOmb,IAAM,GAqC7Dw6C,MAnCU,CAACrrD,EAAGsrD,EAAIljE,IAAM4X,IAAM5X,EAmCvBmjE,MAlCG,CAACvrD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAMzoB,EAmChDojE,OAjCW,CAACxrD,EAAG6Q,EAAGzoB,IAAO4X,IAAM5X,EAAMyoB,GAAM,GAAKzoB,EAiCxCqjE,OAhCG,CAACzrD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAMzoB,EAgCjCsjE,OA9BL,CAAC1rD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAOzoB,EAAI,GA8B9BujE,OA7Bb,CAAC3rD,EAAG6Q,EAAGzoB,IAAO4X,IAAO5X,EAAI,GAAQyoB,GAAM,GAAKzoB,EA8BvDwjE,QA5BY,CAACC,EAAIh7C,IAAMA,EA4Bdi7C,QA3BG,CAAC9rD,EAAGsrD,IAAOtrD,EA4BvB+qD,UAAQC,UAAQC,UAAQC,UACxBx4E,IApBJ,SAAam4E,EAAIC,EAAIiB,EAAIC,GACrB,MAAMn7C,GAAKi6C,IAAO,IAAMkB,IAAO,GAC/B,MAAO,CAAEhsD,EAAI6qD,EAAKkB,GAAOl7C,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACxD,EAiBSo7C,MAfK,CAACnB,EAAIkB,EAAIE,KAAQpB,IAAO,IAAMkB,IAAO,IAAME,IAAO,GAehDC,MAdF,CAACC,EAAKvB,EAAIkB,EAAIM,IAAQxB,EAAKkB,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EAcrDE,MAbT,CAACxB,EAAIkB,EAAIE,EAAIK,KAAQzB,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,GAanDC,MAZhB,CAACJ,EAAKvB,EAAIkB,EAAIM,EAAII,IAAQ5B,EAAKkB,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAYhDM,MAVvB,CAACN,EAAKvB,EAAIkB,EAAIM,EAAII,EAAIE,IAAQ9B,EAAKkB,EAAKM,EAAKI,EAAKE,GAAOP,EAAM,GAAK,GAAM,GAAM,EAUlDQ,MAX9B,CAAC9B,EAAIkB,EAAIE,EAAIK,EAAIM,KAAQ/B,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMM,IAAO,KC1C3FC,GAAWC,mBAA6B,KAAO5B,GAAIj/D,MAAM,CAC5D,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,sBACpE9Y,KAAIgT,GAAKsP,OAAOtP,MArB6B,GAuBzC4mE,kBAA6B,IAAIp+D,YAAY,IAC7Cq+D,kBAA6B,IAAIr+D,YAAY,IAC5C,MAAMs+D,WAAerY,GACxB,WAAAxmE,GACIC,MAAM,IAAK,GAAI,IAAI,GAKnBG,KAAKo8E,GAAK,WACVp8E,KAAKq8E,IAAK,UACVr8E,KAAKs9E,IAAK,WACVt9E,KAAKu9E,IAAK,WACVv9E,KAAK49E,GAAK,WACV59E,KAAKy9E,IAAK,SACVz9E,KAAKg+E,IAAK,WACVh+E,KAAK89E,GAAK,WACV99E,KAAKk+E,GAAK,WACVl+E,KAAKo+E,IAAK,WACVp+E,KAAK0+E,IAAK,WACV1+E,KAAK2+E,GAAK,UACV3+E,KAAK4+E,GAAK,UACV5+E,KAAK6+E,IAAK,SACV7+E,KAAK8+E,GAAK,WACV9+E,KAAK++E,GAAK,SAClB,CAEI,GAAA52E,GACI,MAAMi0E,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO/+E,KAC3E,MAAO,CAACo8E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC5E,CAEI,GAAA58E,CAAIi6E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC5D/+E,KAAKo8E,GAAU,EAALA,EACVp8E,KAAKq8E,GAAU,EAALA,EACVr8E,KAAKs9E,GAAU,EAALA,EACVt9E,KAAKu9E,GAAU,EAALA,EACVv9E,KAAK49E,GAAU,EAALA,EACV59E,KAAKy9E,GAAU,EAALA,EACVz9E,KAAKg+E,GAAU,EAALA,EACVh+E,KAAK89E,GAAU,EAALA,EACV99E,KAAKk+E,GAAU,EAALA,EACVl+E,KAAKo+E,GAAU,EAALA,EACVp+E,KAAK0+E,GAAU,EAALA,EACV1+E,KAAK2+E,GAAU,EAALA,EACV3+E,KAAK4+E,GAAU,EAALA,EACV5+E,KAAK6+E,GAAU,EAALA,EACV7+E,KAAK8+E,GAAU,EAALA,EACV9+E,KAAK++E,GAAU,EAALA,CAClB,CACI,OAAA37E,CAAQ0jB,EAAMlO,GAEV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnC2lE,GAAWz8E,GAAKglB,EAAK0B,UAAU5P,GAC/B4lE,GAAW18E,GAAKglB,EAAK0B,UAAW5P,GAAU,GAE9C,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAE1B,MAAMk9E,EAA4B,EAArBT,GAAWz8E,EAAI,IACtBm9E,EAA4B,EAArBT,GAAW18E,EAAI,IACtBo9E,EAAMxC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIE,MAAMoC,EAAMC,EAAM,GACpFE,EAAMzC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAII,MAAMkC,EAAMC,EAAM,GAEpFG,EAA0B,EAApBb,GAAWz8E,EAAI,GACrBu9E,EAA0B,EAApBb,GAAW18E,EAAI,GACrBw9E,EAAM5C,GAAIK,OAAOqC,EAAKC,EAAK,IAAM3C,GAAIO,OAAOmC,EAAKC,EAAK,IAAM3C,GAAIE,MAAMwC,EAAKC,EAAK,GAChFE,EAAM7C,GAAIM,OAAOoC,EAAKC,EAAK,IAAM3C,GAAIQ,OAAOkC,EAAKC,EAAK,IAAM3C,GAAII,MAAMsC,EAAKC,EAAK,GAEhFG,EAAO9C,GAAImB,MAAMsB,EAAKI,EAAKf,GAAW18E,EAAI,GAAI08E,GAAW18E,EAAI,KAC7D29E,EAAO/C,GAAIqB,MAAMyB,EAAMN,EAAKI,EAAKf,GAAWz8E,EAAI,GAAIy8E,GAAWz8E,EAAI,KACzEy8E,GAAWz8E,GAAY,EAAP29E,EAChBjB,GAAW18E,GAAY,EAAP09E,CAC5B,CACQ,IAAIpD,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO/+E,KAEzE,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAEzB,MAAM49E,EAAUhD,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIO,OAAOiB,EAAIE,EAAI,IAC/EuB,EAAUjD,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIQ,OAAOgB,EAAIE,EAAI,IAE/EwB,EAAQ1B,EAAKQ,GAAQR,EAAKU,EAC1BiB,EAAQzB,EAAKO,GAAQP,EAAKS,EAG1BiB,EAAOpD,GAAIyB,MAAMY,EAAIY,EAASE,EAAMvB,GAAUx8E,GAAI08E,GAAW18E,IAC7Di+E,EAAMrD,GAAIuB,MAAM6B,EAAMhB,EAAIY,EAASE,EAAMvB,GAAUv8E,GAAIy8E,GAAWz8E,IAClEk+E,EAAa,EAAPF,EAENG,EAAUvD,GAAIK,OAAOX,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAC/E6D,EAAUxD,GAAIM,OAAOZ,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAC/E8D,EAAQ/D,EAAKkB,EAAOlB,EAAKwB,EAAON,EAAKM,EACrCwC,EAAQ/D,EAAKkB,EAAOlB,EAAKoB,EAAOF,EAAKE,EAC3CqB,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALR,EACLS,EAAU,EAALP,IACF7sD,EAAG2sD,EAAI97C,GAAUs6C,GAAIz4E,IAAS,EAAL+5E,EAAa,EAALF,EAAc,EAANiC,EAAe,EAANC,IACrDhC,EAAU,EAALJ,EACLE,EAAU,EAALL,EACLG,EAAU,EAALN,EACLG,EAAU,EAALF,EACLD,EAAU,EAALlB,EACLmB,EAAU,EAALlB,EACL,MAAMgE,EAAM3D,GAAIc,MAAMwC,EAAKE,EAASE,GACpChE,EAAKM,GAAIgB,MAAM2C,EAAKN,EAAKE,EAASE,GAClC9D,EAAW,EAANgE,CACjB,GAEW9uD,EAAG6qD,EAAIh6C,EAAGi6C,GAAOK,GAAIz4E,IAAc,EAAVjE,KAAKo8E,GAAkB,EAAVp8E,KAAKq8E,GAAa,EAALD,EAAa,EAALC,MAC3D9qD,EAAG+rD,EAAIl7C,EAAGm7C,GAAOb,GAAIz4E,IAAc,EAAVjE,KAAKs9E,GAAkB,EAAVt9E,KAAKu9E,GAAa,EAALD,EAAa,EAALC,MAC3DhsD,EAAGqsD,EAAIx7C,EAAGq7C,GAAOf,GAAIz4E,IAAc,EAAVjE,KAAK49E,GAAkB,EAAV59E,KAAKy9E,GAAa,EAALG,EAAa,EAALH,MAC3DlsD,EAAGysD,EAAI57C,EAAG07C,GAAOpB,GAAIz4E,IAAc,EAAVjE,KAAKg+E,GAAkB,EAAVh+E,KAAK89E,GAAa,EAALE,EAAa,EAALF,MAC3DvsD,EAAG2sD,EAAI97C,GAAUs6C,GAAIz4E,IAAc,EAAVjE,KAAKk+E,GAAkB,EAAVl+E,KAAKo+E,GAAa,EAALF,EAAa,EAALE,MAC3D7sD,EAAGmtD,EAAIt8C,EAAGu8C,GAAOjC,GAAIz4E,IAAc,EAAVjE,KAAK0+E,GAAkB,EAAV1+E,KAAK2+E,GAAa,EAALD,EAAa,EAALC,MAC3DptD,EAAGqtD,EAAIx8C,EAAGy8C,GAAOnC,GAAIz4E,IAAc,EAAVjE,KAAK4+E,GAAkB,EAAV5+E,KAAK6+E,GAAa,EAALD,EAAa,EAALC,MAC3DttD,EAAGutD,EAAI18C,EAAG28C,GAAOrC,GAAIz4E,IAAc,EAAVjE,KAAK8+E,GAAkB,EAAV9+E,KAAK++E,GAAa,EAALD,EAAa,EAALC,IAC9D/+E,KAAKmC,IAAIi6E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC7E,CACI,UAAAvY,GACI+X,GAAW92D,KAAK,GAChB+2D,GAAW/2D,KAAK,EACxB,CACI,OAAAxe,GACIjJ,KAAKsJ,OAAOme,KAAK,GACjBznB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC9D,EAgDO,MAAMm+E,WAAe7B,GACxB,WAAA7+E,GACIC,QAEAG,KAAKo8E,IAAK,UACVp8E,KAAKq8E,IAAK,WACVr8E,KAAKs9E,GAAK,WACVt9E,KAAKu9E,GAAK,UACVv9E,KAAK49E,IAAK,WACV59E,KAAKy9E,GAAK,UACVz9E,KAAKg+E,GAAK,UACVh+E,KAAK89E,IAAK,UACV99E,KAAKk+E,GAAK,WACVl+E,KAAKo+E,IAAK,QACVp+E,KAAK0+E,IAAK,WACV1+E,KAAK2+E,GAAK,WACV3+E,KAAK4+E,IAAK,UACV5+E,KAAK6+E,GAAK,WACV7+E,KAAK8+E,GAAK,WACV9+E,KAAK++E,IAAK,WACV/+E,KAAKgmB,UAAY,EACzB,EAEO,MAAM/X,kBAAyB+3D,IAAgB,IAAM,IAAIyY,KAGnDzwE,kBAAyBg4D,IAAgB,IAAM,IAAIsa,KC1N1D3V,GAAKqC,GADD/lD,OAAO,uGAMJnc,GAAOkxE,GAAY,CAC5B19D,EALYqsD,GAAG5lD,OAAOkC,OAAO,OAM7BpP,EAJYoP,OAAO,sGAKvB0jD,GAAIA,GAEAhzD,EAAGsP,OAAO,sGAEV8pD,GAAI9pD,OAAO,sGACX+pD,GAAI/pD,OAAO,sGACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACPpkC,ICfG28D,GAAKqC,GADD/lD,OAAO,0IAEX2rD,GAAQ,CACVt0D,EAAGqsD,GAAG5lD,OAAOkC,OAAO,OACpBpP,EAAGoP,OAAO,0IACd0jD,GAAIA,GACAhzD,EAAGsP,OAAO,0IACV8pD,GAAI9pD,OAAO,0IACX+pD,GAAI/pD,OAAO,0IACXsK,EAAGtK,OAAO,IAGDjc,GAAOgxE,GAAY,CAC5B19D,EAAGs0D,GAAMt0D,EACTzG,EAAG+6D,GAAM/6D,EACb8yD,GAAIA,GAEAhzD,EAAGi7D,GAAMj7D,EACTo5D,GAAI6B,GAAM7B,GACVC,GAAI4B,GAAM5B,GACVz/C,EAAGqhD,GAAMrhD,EACT6gB,MAAM,EACN0gC,yBAA0B,CAAC,IAAK,IAAK,MACtC7kE,IC5BGsyE,GAAU,GACVC,GAAY,GACZC,GAAa,GACb1mD,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC7By5D,kBAAsBz5D,OAAO,GAC7B05D,kBAAwB15D,OAAO,KAC/B25D,kBAAyB35D,OAAO,KACtC,IAAK,IAAI45D,EAAQ,EAAGvH,EAAIt/C,GAAKxe,EAAI,EAAGof,EAAI,EAAGimD,EAAQ,GAAIA,IAAS,EAE3DrlE,EAAGof,GAAK,CAACA,GAAI,EAAIpf,EAAI,EAAIof,GAAK,GAC/B2lD,GAAQz9E,KAAK,GAAK,EAAI83B,EAAIpf,IAE1BglE,GAAU19E,MAAQ+9E,EAAQ,IAAMA,EAAQ,GAAM,EAAK,IAEnD,IAAInlE,EAAIqe,GACR,IAAK,IAAI5f,EAAI,EAAGA,EAAI,EAAGA,IACnBm/D,GAAMA,GAAKt/C,IAASs/C,GAAKoH,IAAOE,IAAWD,GACvCrH,EAAI94C,KACJ9kB,GAAKse,KAASA,mBAAuB/S,OAAO9M,IAAM6f,IAE1DymD,GAAW39E,KAAK4Y,EACpB,CACA,MAAOolE,GAAaC,mBAA+BtjE,GAAMgjE,IAAY,GAE/DO,GAAQ,CAACzvD,EAAG6Q,EAAGzoB,IAAOA,EAAI,GAAK6iE,GAAOjrD,EAAG6Q,EAAGzoB,GAAK2iE,GAAO/qD,EAAG6Q,EAAGzoB,GAC9DsnE,GAAQ,CAAC1vD,EAAG6Q,EAAGzoB,IAAOA,EAAI,GAAK8iE,GAAOlrD,EAAG6Q,EAAGzoB,GAAK4iE,GAAOhrD,EAAG6Q,EAAGzoB,GA+C7D,MAAMunE,WAAepb,GAExB,WAAAlmE,CAAYooB,EAAUywD,EAAQzyD,EAAWm7D,GAAY,EAAOnzD,EAAS,IAcjE,GAbAnuB,QACAG,KAAKgoB,SAAWA,EAChBhoB,KAAKy4E,OAASA,EACdz4E,KAAKgmB,UAAYA,EACjBhmB,KAAKmhF,UAAYA,EACjBnhF,KAAKguB,OAASA,EACdhuB,KAAKgC,IAAM,EACXhC,KAAKohF,OAAS,EACdphF,KAAK6lB,UAAW,EAChB7lB,KAAK4lB,WAAY,EAEjBuV,GAAOnV,GAEH,GAAKhmB,KAAKgoB,UAAYhoB,KAAKgoB,UAAY,IACvC,MAAUzmB,MAAM,4CdhFT,IAAC2kB,EciFZlmB,KAAKklB,MAAQ,IAAIzjB,WAAW,KAC5BzB,KAAKqhF,SdlFOn7D,EckFOlmB,KAAKklB,MdlFJ,IAAI/E,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,IcmFpG,CACI,MAAAg3E,GACSv6D,IACD8+C,GAAW7lE,KAAKqhF,SApErB,SAAiB1nE,EAAGqU,EAAS,IAChC,MAAMguC,EAAI,IAAI77C,YAAY,IAE1B,IAAK,IAAI0gE,EAAQ,GAAK7yD,EAAQ6yD,EAAQ,GAAIA,IAAS,CAE/C,IAAK,IAAIrlE,EAAI,EAAGA,EAAI,GAAIA,IACpBwgD,EAAExgD,GAAK7B,EAAE6B,GAAK7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAC5D,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EAAG,CAC5B,MAAM+lE,GAAQ/lE,EAAI,GAAK,GACjBgmE,GAAQhmE,EAAI,GAAK,GACjBimE,EAAKzlB,EAAEwlB,GACPE,EAAK1lB,EAAEwlB,EAAO,GACdG,EAAKX,GAAMS,EAAIC,EAAI,GAAK1lB,EAAEulB,GAC1BK,EAAKX,GAAMQ,EAAIC,EAAI,GAAK1lB,EAAEulB,EAAO,GACvC,IAAK,IAAI3mD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GACzBjhB,EAAE6B,EAAIof,IAAM+mD,EACZhoE,EAAE6B,EAAIof,EAAI,IAAMgnD,CAEhC,CAEQ,IAAIC,EAAOloE,EAAE,GACTmoE,EAAOnoE,EAAE,GACb,IAAK,IAAI+B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMvS,EAAQq3E,GAAU9kE,GAClBimE,EAAKX,GAAMa,EAAMC,EAAM34E,GACvBy4E,EAAKX,GAAMY,EAAMC,EAAM34E,GACvB44E,EAAKxB,GAAQ7kE,GACnBmmE,EAAOloE,EAAEooE,GACTD,EAAOnoE,EAAEooE,EAAK,GACdpoE,EAAEooE,GAAMJ,EACRhoE,EAAEooE,EAAK,GAAKH,CACxB,CAEQ,IAAK,IAAIhnD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GAAI,CAC7B,IAAK,IAAIpf,EAAI,EAAGA,EAAI,GAAIA,IACpBwgD,EAAExgD,GAAK7B,EAAEihB,EAAIpf,GACjB,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACpB7B,EAAEihB,EAAIpf,KAAOwgD,GAAGxgD,EAAI,GAAK,IAAMwgD,GAAGxgD,EAAI,GAAK,GAC3D,CAEQ7B,EAAE,IAAMmnE,GAAYD,GACpBlnE,EAAE,IAAMonE,GAAYF,EAC5B,CACI7kB,EAAEv0C,KAAK,EACX,CAyBQu6D,CAAQhiF,KAAKqhF,QAASrhF,KAAKguB,QACtBjH,IACD8+C,GAAW7lE,KAAKqhF,SACpBrhF,KAAKohF,OAAS,EACdphF,KAAKgC,IAAM,CACnB,CACI,MAAAsiB,CAAOzd,GACH4e,GAAOzlB,MACP,MAAMgoB,SAAEA,EAAQ9C,MAAEA,GAAUllB,KAEtBqtB,GADNxmB,EAAOwf,GAAQxf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMqrB,GAAM,CAC1B,MAAMi5C,EAAO79D,KAAKsd,IAAIiC,EAAWhoB,KAAKgC,IAAKqrB,EAAMrrB,GACjD,IAAK,IAAIF,EAAI,EAAGA,EAAIwkE,EAAMxkE,IACtBojB,EAAMllB,KAAKgC,QAAU6E,EAAK7E,KAC1BhC,KAAKgC,MAAQgmB,GACbhoB,KAAKshF,QACrB,CACQ,OAAOthF,IACf,CACI,MAAA2G,GACI,GAAI3G,KAAK6lB,SACL,OACJ7lB,KAAK6lB,UAAW,EAChB,MAAMX,MAAEA,EAAKuzD,OAAEA,EAAMz2E,IAAEA,EAAGgmB,SAAEA,GAAahoB,KAEzCklB,EAAMljB,IAAQy2E,EACA,IAATA,GAAwBz2E,IAAQgmB,EAAW,GAC5ChoB,KAAKshF,SACTp8D,EAAM8C,EAAW,IAAM,IACvBhoB,KAAKshF,QACb,CACI,SAAAW,CAAUn8D,GACNL,GAAOzlB,MAAM,GACbmK,GAAM2b,GACN9lB,KAAK2G,SACL,MAAMu7E,EAAYliF,KAAKklB,OACjB8C,SAAEA,GAAahoB,KACrB,IAAK,IAAIgC,EAAM,EAAGqrB,EAAMvH,EAAIlkB,OAAQI,EAAMqrB,GAAM,CACxCrtB,KAAKohF,QAAUp5D,GACfhoB,KAAKshF,SACT,MAAMhb,EAAO79D,KAAKsd,IAAIiC,EAAWhoB,KAAKohF,OAAQ/zD,EAAMrrB,GACpD8jB,EAAI3jB,IAAI+/E,EAAUl5E,SAAShJ,KAAKohF,OAAQphF,KAAKohF,OAAS9a,GAAOtkE,GAC7DhC,KAAKohF,QAAU9a,EACftkE,GAAOskE,CACnB,CACQ,OAAOxgD,CACf,CACI,OAAAq8D,CAAQr8D,GAEJ,IAAK9lB,KAAKmhF,UACN,MAAU5/E,MAAM,yCACpB,OAAOvB,KAAKiiF,UAAUn8D,EAC9B,CACI,GAAAs8D,CAAIj4E,GAEA,OADAgxB,GAAOhxB,GACAnK,KAAKmiF,QAAQ,IAAI1gF,WAAW0I,GAC3C,CACI,UAAAugB,CAAW5E,GAEP,GADAlf,GAAOkf,EAAK9lB,MACRA,KAAK6lB,SACL,MAAUtkB,MAAM,+BAGpB,OAFAvB,KAAKiiF,UAAUn8D,GACf9lB,KAAKiJ,UACE6c,CACf,CACI,MAAAvB,GACI,OAAOvkB,KAAK0qB,WAAW,IAAIjpB,WAAWzB,KAAKgmB,WACnD,CACI,OAAA/c,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKklB,MAAMuC,KAAK,EACxB,CACI,UAAAs+C,CAAWW,GACP,MAAM1+C,SAAEA,EAAQywD,OAAEA,EAAMzyD,UAAEA,EAASgI,OAAEA,EAAMmzD,UAAEA,GAAcnhF,KAY3D,OAXA0mE,IAAOA,EAAK,IAAIwa,GAAOl5D,EAAUywD,EAAQzyD,EAAWm7D,EAAWnzD,IAC/D04C,EAAG2a,QAAQl/E,IAAInC,KAAKqhF,SACpB3a,EAAG1kE,IAAMhC,KAAKgC,IACd0kE,EAAG0a,OAASphF,KAAKohF,OACjB1a,EAAG7gD,SAAW7lB,KAAK6lB,SACnB6gD,EAAG14C,OAASA,EAEZ04C,EAAG+R,OAASA,EACZ/R,EAAG1gD,UAAYA,EACf0gD,EAAGya,UAAYA,EACfza,EAAG9gD,UAAY5lB,KAAK4lB,UACb8gD,CACf,EAEA,MAAMwD,GAAM,CAACuO,EAAQzwD,EAAUhC,IAAcggD,IAAgB,IAAM,IAAIkb,GAAOl5D,EAAUywD,EAAQzyD,KAMnF7X,kBAA2B+7D,GAAI,EAAM,IAAK,IAE1C97D,kBAA2B87D,GAAI,EAAM,GAAI,IAWzCmY,kBAFI,EAAC5J,EAAQzwD,EAAUhC,IdzC7B,SAAoCqF,GACvC,MAAMC,EAAQ,CAACC,EAAKkE,IAASpE,EAASoE,GAAMnL,OAAO+B,GAAQkF,IAAMhH,SAC3DiH,EAAMH,EAAS,IAIrB,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAU0K,GAASpE,EAASoE,GAC3BnE,CACX,CckCkDg3D,EAA2B,CAAC7yD,EAAO,CAAA,IAAO,IAAIyxD,GAAOl5D,EAAUywD,OAAuBr2E,IAAfqtB,EAAK8yD,MAAsBv8D,EAAYyJ,EAAK8yD,OAAO,KAEpIC,CAAS,GAAM,IAAK,IC5MtDzoD,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIuU,GAAMvU,OAAO,GAEhEw7D,GAAiB,CAAEC,QAAQ,GAwB1B,SAASC,GAAe/K,GAC3B,MAAMhF,EAxBV,SAAsBloE,GAClB,MAAM+kB,EAAOqhD,GAAcpmE,GAa3B,OAZAmoE,GAAkBnoE,EAAO,CACrBiD,KAAM,WACN2Q,EAAG,SACH8E,EAAG,SACH4Z,YAAa,YACd,CACC4lD,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAGTjjF,OAAOwtE,OAAO,IAAK79C,GAC9B,CASkBsoD,CAAaH,IACrBjN,GAAEA,EAAIhzD,EAAgBu5D,QAASA,EAASvjE,KAAMq1E,EAAKhmD,YAAEA,EAAW+vC,YAAEA,EAAax7C,EAAG6lD,GAAcxE,EAChGrF,EAAO/sC,IAAQvZ,OAAqB,EAAd8lD,GAAmB/yC,GACzCipD,EAAOtY,EAAG5lD,OACVwuD,EAAKvG,GAAM4F,EAAMj7D,EAAGi7D,EAAM/F,YAE1BiW,EAAUlQ,EAAMkQ,SAC1B,EAAU/kD,EAAGnkB,KACD,IACI,MAAO,CAAEgxD,SAAS,EAAMroE,MAAOooE,EAAGwD,KAAKpwC,EAAI4sC,EAAGuD,IAAIt0D,IAClE,CACY,MAAO1V,GACH,MAAO,CAAE0mE,SAAS,EAAOroE,MAAOw3B,GAChD,CACS,GACC6oD,EAAoBhQ,EAAMgQ,mBAAsB,CAACz4E,GAAUA,GAC3D04E,EAASjQ,EAAMiQ,QACzB,EAAUh8E,EAAMq8E,EAAKC,KAET,GADAtb,GAAM,SAAUsb,GACZD,EAAIthF,QAAUuhF,EACd,MAAU5hF,MAAM,uCACpB,OAAOsF,CACV,GAGL,SAASu8E,EAAYtb,EAAOnwD,GACxB28D,GAAY,cAAgBxM,EAAOnwD,EAAGoiB,GAAKwzC,EACnD,CACI,SAAS8V,EAAY7yB,GACjB,KAAMA,aAAiBgkB,GACnB,MAAUjzE,MAAM,yBAC5B,CAGI,MAAMkzE,EAAerJ,IAAS,CAACj+C,EAAGunD,KAC9B,MAAQ4O,GAAI9nE,EAAG+nE,GAAI3oD,EAAG4oD,GAAIx9C,GAAM7Y,EAC1BqgD,EAAMrgD,EAAEqgD,MACJ,MAANkH,IACAA,EAAKlH,EAAMhyC,GAAMmvC,EAAGuD,IAAIloC,IAC5B,MAAM8uC,EAAKmO,EAAKznE,EAAIk5D,GACdK,EAAKkO,EAAKroD,EAAI85C,GACdM,EAAKiO,EAAKj9C,EAAI0uC,GACpB,GAAIlH,EACA,MAAO,CAAEhyD,EAAGue,GAAKa,EAAGZ,IACxB,GAAIg7C,IAAOh7C,GACP,MAAUz4B,MAAM,oBACpB,MAAO,CAAEia,EAAGs5D,EAAIl6C,EAAGm6C,EAAI,IAErBE,EAAkB7J,IAAUj+C,IAC9B,MAAM7O,EAAEA,EAAC8E,EAAEA,GAAMwvD,EACjB,GAAIzlD,EAAEqgD,MACF,MAAUjsE,MAAM,mBAGpB,MAAQ+hF,GAAIthD,EAAGuhD,GAAIthD,EAAGuhD,GAAIvgD,EAAG4X,GAAIhjB,GAAM1K,EACjC8oD,EAAKgN,EAAKjhD,EAAIA,GACdk0C,EAAK+M,EAAKhhD,EAAIA,GACdk0C,EAAK8M,EAAKhgD,EAAIA,GACdwgD,EAAKR,EAAK9M,EAAKA,GACfuN,EAAMT,EAAKhN,EAAK33D,GAGtB,GAFa2kE,EAAK9M,EAAK8M,EAAKS,EAAMxN,MACpB+M,EAAKQ,EAAKR,EAAK7/D,EAAI6/D,EAAKhN,EAAKC,KAEvC,MAAU30E,MAAM,yCAIpB,GAFW0hF,EAAKjhD,EAAIC,KACTghD,EAAKhgD,EAAIpL,GAEhB,MAAUt2B,MAAM,yCACpB,OAAO,CAAI,IAIf,MAAMizE,EACF,WAAA50E,CAAY0jF,EAAIC,EAAIC,EAAI3oC,GACpB76C,KAAKsjF,GAAKA,EACVtjF,KAAKujF,GAAKA,EACVvjF,KAAKwjF,GAAKA,EACVxjF,KAAK66C,GAAKA,EACVuoC,EAAY,IAAKE,GACjBF,EAAY,IAAKG,GACjBH,EAAY,IAAKI,GACjBJ,EAAY,IAAKvoC,GACjB/6C,OAAOwtE,OAAOttE,KAC1B,CACQ,KAAIwb,GACA,OAAOxb,KAAK2zE,WAAWn4D,CACnC,CACQ,KAAIof,GACA,OAAO56B,KAAK2zE,WAAW/4C,CACnC,CACQ,iBAAOu6C,CAAWhoD,GACd,GAAIA,aAAaqnD,EACb,MAAUjzE,MAAM,8BACpB,MAAMia,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EAGxB,OAFAi2D,EAAY,IAAK5nE,GACjB4nE,EAAY,IAAKxoD,GACV,IAAI45C,EAAMh5D,EAAGof,EAAGZ,GAAKipD,EAAKznE,EAAIof,GACjD,CACQ,iBAAOw6C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAO7qE,KAAKwoB,GAAMA,EAAEq2D,MACjD,OAAOhU,EAAO7qE,KAAI,CAACwoB,EAAGrrB,IAAMqrB,EAAEwmD,SAAS0B,EAAMvzE,MAAK6C,IAAI6vE,EAAMW,WACxE,CAEQ,UAAOO,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAe3sD,GACX4sD,EAAKvF,cAAcrwE,KAAMgpB,EACrC,CAGQ,cAAAusD,GACIN,EAAgBj1E,KAC5B,CAEQ,MAAAujD,CAAOiN,GACH6yB,EAAY7yB,GACZ,MAAQ8yB,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOh2E,MAC3BsjF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,GAAO3lB,EAC7BmzB,EAAOV,EAAKnN,EAAKK,GACjByN,EAAOX,EAAKhN,EAAKD,GACjB6N,EAAOZ,EAAKlN,EAAKI,GACjB2N,EAAOb,EAAK/M,EAAKF,GACvB,OAAO2N,IAASC,GAAQC,IAASC,CAC7C,CACQ,GAAAtW,GACI,OAAOxtE,KAAKujD,OAAOixB,EAAMhI,KACrC,CACQ,MAAA4C,GAEI,OAAO,IAAIoF,EAAMyO,GAAMjjF,KAAKsjF,IAAKtjF,KAAKujF,GAAIvjF,KAAKwjF,GAAIP,GAAMjjF,KAAK66C,IAC1E,CAIQ,MAAAl/B,GACI,MAAM2C,EAAEA,GAAMs0D,GACN0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOh2E,KAC7BgjC,EAAIigD,EAAKnN,EAAKA,GACd9Z,EAAIinB,EAAKlN,EAAKA,GACdzhC,EAAI2uC,EAAKziD,GAAMyiD,EAAKjN,EAAKA,IACzBl0C,EAAImhD,EAAK3kE,EAAI0kB,GACb+gD,EAAOjO,EAAKC,EACZhP,EAAIkc,EAAKA,EAAKc,EAAOA,GAAQ/gD,EAAIg5B,GACjCiL,EAAInlC,EAAIk6B,EACRgL,EAAIC,EAAI3yB,EACR4yB,EAAIplC,EAAIk6B,EACRsa,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdx6C,EAAKu2D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAI9pD,EACzC,CAIQ,GAAAzoB,CAAIusD,GACA6yB,EAAY7yB,GACZ,MAAMlyC,EAAEA,EAAC8E,EAAEA,GAAMwvD,GACT0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,EAAIn7B,GAAIruB,GAAOxsB,MACnCsjF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,EAAIt7B,GAAIpuB,GAAO+jC,EAK3C,GAAIlyC,IAAM2I,QAAQ,GAAI,CAClB,MAAM+b,EAAIigD,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3Bja,EAAIinB,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3BjP,EAAIic,EAAKjnB,EAAIh5B,GACnB,GAAIgkC,IAAMjtC,GACN,OAAO/5B,KAAK2b,SAChB,MAAM24B,EAAI2uC,EAAKjN,EAAKx1C,GAAM/T,GACpBqV,EAAImhD,EAAKz2D,EAAKgU,GAAM21C,GACpBpP,EAAIjlC,EAAIwS,EACR2yB,EAAIjL,EAAIh5B,EACRkkC,EAAIplC,EAAIwS,EACRgiC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdx6C,EAAKu2D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAI9pD,EAC7C,CACY,MAAMsW,EAAIigD,EAAKnN,EAAKG,GACdja,EAAIinB,EAAKlN,EAAKG,GACd5hC,EAAI2uC,EAAKz2D,EAAKpJ,EAAIqJ,GAClBqV,EAAImhD,EAAKjN,EAAKG,GACdpP,EAAIkc,GAAMnN,EAAKC,IAAOE,EAAKC,GAAMlzC,EAAIg5B,GACrCgL,EAAIllC,EAAIwS,EACR2yB,EAAInlC,EAAIwS,EACR4yB,EAAI+b,EAAKjnB,EAAI19C,EAAI0kB,GACjBszC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACdx6C,EAAKu2D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAI9pD,EACzC,CACQ,QAAA+pD,CAASjmB,GACL,OAAOxwD,KAAKiE,IAAIusD,EAAM4e,SAClC,CACQ,IAAAH,CAAKt3D,GACD,OAAOi+D,EAAKzF,WAAWnwE,KAAM2X,EAAG68D,EAAMY,WAClD,CAEQ,QAAAK,CAAS9E,GACL,MAAMh5D,EAAIg5D,EACV2D,GAAY,SAAU38D,EAAGqiB,GAAKm+C,GAC9B,MAAMhrD,EAAEA,EAAC8Y,EAAEA,GAAMjmC,KAAKivE,KAAKt3D,GAC3B,OAAO68D,EAAMY,WAAW,CAACjoD,EAAG8Y,IAAI,EAC5C,CAKQ,cAAAywC,CAAe/F,GACX,MAAMh5D,EAAIg5D,EAEV,OADA2D,GAAY,SAAU38D,EAAGoiB,GAAKo+C,GAC1BxgE,IAAMoiB,GACCmI,EACPliC,KAAKujD,OAAOrhB,IAAMvqB,IAAMqiB,GACjBh6B,KACPA,KAAKujD,OAAO0jB,GACLjnE,KAAKivE,KAAKt3D,GAAGwV,EACjByoD,EAAKtG,aAAatvE,KAAM2X,EAC3C,CAKQ,YAAAqsE,GACI,OAAOhkF,KAAK02E,eAAeU,GAAU5J,KACjD,CAGQ,aAAAwF,GACI,OAAO4C,EAAKtG,aAAatvE,KAAMm4E,GAAa3K,KACxD,CAGQ,QAAAmG,CAASe,GACL,OAAOD,EAAaz0E,KAAM00E,EACtC,CACQ,aAAAzB,GACI,MAAQ1hD,EAAG6lD,GAAaxE,EACxB,OAAIwE,IAAap9C,GACNh6B,KACJA,KAAK02E,eAAeU,EACvC,CAGQ,cAAO9B,CAAQh8D,EAAKopE,GAAS,GACzB,MAAMt/D,EAAEA,EAAC9E,EAAEA,GAAMs0D,EACXvlD,EAAMs9C,EAAGyC,MACf9zD,EAAM8vD,GAAY,WAAY9vD,EAAK+T,GACnCw6C,GAAM,SAAU6a,GAChB,MAAMuB,EAAS3qE,EAAI3W,QACbguB,EAAWrX,EAAI+T,EAAM,GAC3B42D,EAAO52D,EAAM,IAAgB,IAAXsD,EAClB,MAAMiK,EAAIspD,GAAmBD,GAIvBv7E,EAAMg6E,EAASnV,EAAO5C,EAAGsC,MAC/BqH,GAAY,aAAc15C,EAAGb,GAAKrxB,GAGlC,MAAM6vE,EAAK0K,EAAKroD,EAAIA,GACdmD,EAAIklD,EAAK1K,EAAKv+C,IACdpgB,EAAIqpE,EAAK7/D,EAAIm1D,EAAKj6D,GACxB,IAAIssD,QAAEA,EAASroE,MAAOiZ,GAAMsnE,EAAQ/kD,EAAGnkB,GACvC,IAAKgxD,EACD,MAAUrpE,MAAM,uCACpB,MAAM4iF,GAAU3oE,EAAIwe,MAASA,GACvBoqD,KAA4B,IAAXzzD,GACvB,IAAK+xD,GAAUlnE,IAAMue,IAAOqqD,EAExB,MAAU7iF,MAAM,gCAGpB,OAFI6iF,IAAkBD,IAClB3oE,EAAIynE,GAAMznE,IACPg5D,EAAMW,WAAW,CAAE35D,IAAGof,KACzC,CACQ,qBAAO46C,CAAe+F,GAClB,OAAO8I,EAAqB9I,GAAS9H,KACjD,CACQ,UAAA4D,GACI,MAAM77D,EAAEA,EAACof,EAAEA,GAAM56B,KAAK2zE,WAChBxpE,EAAQm6E,GAAmB1pD,EAAG+vC,EAAGyC,OAEvC,OADAjjE,EAAMA,EAAMvI,OAAS,IAAM4Z,EAAIwe,GAAM,IAAO,EACrC7vB,CACnB,CACQ,KAAAmhC,GACI,OAAO6oC,GAAcn0E,KAAKq3E,aACtC,EAEI7C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIh3C,GAAKipD,EAAKrQ,EAAM7B,GAAK6B,EAAM5B,KACtEwD,EAAMhI,KAAO,IAAIgI,EAAMz6C,GAAKC,GAAKA,GAAKD,IACtC,MAAQ61C,KAAM3I,EAAGuF,KAAMtqC,GAAMsyC,EACvBoB,EAAO3G,GAAKuF,EAAqB,EAAdzH,GACzB,SAASmL,EAAK55D,GACV,OAAO4b,GAAI5b,EAAG65D,EACtB,CAEI,SAASoM,EAAQ52E,GACb,OAAOuqE,EAAKgM,GAAmBv2E,GACvC,CAEI,SAAS02E,EAAqB1zE,GAC1B,MAAM0c,EAAM0/C,EACZp8D,EAAMy4D,GAAY,cAAez4D,EAAK0c,GAGtC,MAAMoQ,EAAS2rC,GAAY,qBAAsB4Z,EAAMryE,GAAM,EAAI0c,GAC3D0xB,EAAO6jC,EAAkBnlD,EAAO96B,MAAM,EAAG0qB,IACzClU,EAASskB,EAAO96B,MAAM0qB,EAAK,EAAIA,GAC/BsjD,EAAS4T,EAAQxlC,GACjB00B,EAAQxM,EAAEwO,SAAS9E,GACnB6T,EAAa/Q,EAAM4D,aACzB,MAAO,CAAEt4B,OAAM5lC,SAAQw3D,SAAQ8C,QAAO+Q,aAC9C,CAMI,SAASC,EAAmBC,EAAU,IAAIjjF,cAAiBs6E,GACvD,MAAMxwD,EAAMqoD,MAAkBmI,GAC9B,OAAOwI,EAAQvB,EAAMH,EAAOt3D,EAAK69C,GAAY,UAAWsb,KAAYxT,IAC5E,CAeI,MAAMyT,EAAalC,GA6BnBxb,EAAE0O,eAAe,GAiBjB,MAAO,CACH/C,QACAtlC,aAtEJ,SAAsBiuC,GAClB,OAAO8I,EAAqB9I,GAASiJ,UAC7C,EAqEQrkD,KA9DJ,SAAc5U,EAAKgwD,EAASz1E,EAAU,CAAA,GAClCylB,EAAM69C,GAAY,UAAW79C,GACzB2lD,IACA3lD,EAAM2lD,EAAQ3lD,IAClB,MAAMpS,OAAEA,EAAMw3D,OAAEA,EAAM6T,WAAEA,GAAeH,EAAqB9I,GACtD9/D,EAAIgpE,EAAmB3+E,EAAQ4+E,QAASvrE,EAAQoS,GAChD+tD,EAAIrS,EAAEwO,SAASh6D,GAAG47D,aAElB19D,EAAIu+D,EAAKz8D,EADLgpE,EAAmB3+E,EAAQ4+E,QAASpL,EAAGkL,EAAYj5D,GACtColD,GAGvB,OAFA2D,GAAY,cAAe36D,EAAGogB,GAAKo+C,GAE5B/O,GAAY,SADPwK,GAAe0F,EAAGgL,GAAmB3qE,EAAGgxD,EAAGyC,QACP,EAAdL,EAC1C,EAmDQrsC,OAjDJ,SAAgBmK,EAAKtf,EAAKxf,EAAWjG,EAAU6+E,GAC3C,MAAMD,QAAEA,EAAOhC,OAAEA,GAAW58E,EACtBunB,EAAMs9C,EAAGyC,MACfviC,EAAMu+B,GAAY,YAAav+B,EAAK,EAAIxd,GACxC9B,EAAM69C,GAAY,UAAW79C,QACdnpB,IAAXsgF,GACA7a,GAAM,SAAU6a,GAChBxR,IACA3lD,EAAM2lD,EAAQ3lD,IAClB,MAAM5R,EAAIuqE,GAAmBr5C,EAAIloC,MAAM0qB,EAAK,EAAIA,IAGhD,IAAI2V,EAAGs2C,EAAGsL,EACV,IACI5hD,EAAIwxC,EAAMc,QAAQvpE,EAAW22E,GAC7BpJ,EAAI9E,EAAMc,QAAQzqC,EAAIloC,MAAM,EAAG0qB,GAAMq1D,GACrCkC,EAAK3d,EAAEyP,eAAe/8D,EAClC,CACQ,MAAOjT,GACH,OAAO,CACnB,CACQ,IAAKg8E,GAAU1/C,EAAEghD,eACb,OAAO,EACX,MAAMzqE,EAAIkrE,EAAmBC,EAASpL,EAAEjC,aAAcr0C,EAAEq0C,aAAc9rD,GAGtE,OAFY+tD,EAAEr1E,IAAI++B,EAAE0zC,eAAen9D,IAExBk9D,SAASmO,GAAI3R,gBAAgB1vB,OAAOixB,EAAMhI,KAC7D,EAuBQqY,cAAerQ,EACfpnC,MAtBU,CACVi3C,uBAEAh3C,iBAAkB,IAAMrQ,EAAY2tC,EAAGyC,OAOvCgN,WAAU,CAACpxD,EAAa,EAAGyqD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAe3sD,GACrByqD,EAAMgC,SAASxuD,OAAO,IACfwsD,IAWnB;sEC7aA,MAAM15C,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAiBZ,SAAS69D,GAAWlN,GACvB,MAAMhF,GAhBN/H,GADkBngE,EAiBSktE,EAhBL,CAClBt5D,EAAG,UACJ,CACCymE,eAAgB,gBAChBhY,YAAa,gBACb6V,kBAAmB,WACnBC,OAAQ,WACRmC,WAAY,WACZC,GAAI,WAGDnlF,OAAOwtE,OAAO,IAAK5iE,KAZ9B,IAAsBA,EAkBlB,MAAMohE,EAAEA,GAAM8G,EACRqQ,EAAQtrE,GAAMuiB,GAAIviB,EAAGm0D,GACrBiZ,EAAiBnS,EAAMmS,eACvBG,EAAkBz8E,KAAKyQ,KAAK6rE,EAAiB,GAC7C9K,EAAWrH,EAAM7F,YACjB6V,EAAoBhQ,EAAMgQ,mBAAiB,CAAMz4E,GAAUA,GAC3D66E,EAAapS,EAAMoS,YAAU,CAAMxpE,GAAMkwD,GAAIlwD,EAAGswD,EAAI7kD,OAAO,GAAI6kD,IAWrE,SAASljC,EAAMu8C,EAAMC,EAAKC,GACtB,MAAMC,EAAQrC,EAAKkC,GAAQC,EAAMC,IAGjC,MAAO,CAFPD,EAAMnC,EAAKmC,EAAME,GACjBD,EAAMpC,EAAKoC,EAAMC,GAEzB,CAGI,MAAMC,GAAO3S,EAAMt0D,EAAI2I,OAAO,IAAMA,OAAO,GA2D3C,SAASu+D,EAAkBznD,GACvB,OAAOorC,GAAgB8Z,EAAKllD,GAAImnD,EACxC,CAgBI,SAAS76C,EAAWsmC,EAAQ5yC,GACxB,MAAM0nD,EAhBV,SAA2BC,GAGvB,MAAM3nD,EAAIqrC,GAAY,eAAgBsc,EAAMR,GAG5C,OAFiB,KAAbjL,IACAl8C,EAAE,KAAO,KACNkrC,GAAgBlrC,EAC/B,CASuB4nD,CAAkB5nD,GAC3B6nD,EATV,SAAsBjuE,GAClB,MAAMxN,EAAQi/D,GAAY,SAAUzxD,GAC9B0V,EAAMljB,EAAMvI,OAClB,GAAIyrB,IAAQ63D,GAAmB73D,IAAQ4sD,EACnC,MAAU14E,MAAM,YAAY2jF,QAAsBjL,gBAAuB5sD,KAC7E,OAAO47C,GAAgB2Z,EAAkBz4E,GACjD,CAGwB07E,CAAalV,GACvBmV,EAzEV,SAA0B/nD,EAAG4yC,GACzBpH,GAAS,IAAKxrC,EAAGhE,GAAK+xC,GACtBvC,GAAS,SAAUoH,EAAQ52C,GAAK+xC,GAGhC,MAAMvyD,EAAIo3D,EACJoV,EAAMhoD,EACZ,IAKIioD,EALAZ,EAAMprD,GACNisD,EAAMlsD,GACNsrD,EAAMtnD,EACNmoD,EAAMlsD,GACNmrD,EAAOprD,GAEX,IAAK,IAAIre,EAAIuL,OAAO89D,EAAiB,GAAIrpE,GAAKqe,GAAKre,IAAK,CACpD,MAAMyqE,EAAO5sE,GAAKmC,EAAKse,GACvBmrD,GAAQgB,EACRH,EAAKp9C,EAAMu8C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GACTA,EAAKp9C,EAAMu8C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GACTb,EAAOgB,EACP,MAAMnjD,EAAIoiD,EAAMa,EACVG,EAAKnD,EAAKjgD,EAAIA,GACdg5B,EAAIopB,EAAMa,EACVI,EAAKpD,EAAKjnB,EAAIA,GACd+K,EAAIqf,EAAKC,EACT/xC,EAAI+wC,EAAMa,EAEVI,EAAKrD,GADDoC,EAAMa,GACIljD,GACdujD,EAAKtD,EAAK3uC,EAAI0nB,GACdwqB,EAAOF,EAAKC,EACZE,EAAQH,EAAKC,EACnBlB,EAAMpC,EAAKuD,EAAOA,GAClBN,EAAMjD,EAAK8C,EAAM9C,EAAKwD,EAAQA,IAC9BrB,EAAMnC,EAAKmD,EAAKC,GAChBJ,EAAMhD,EAAKlc,GAAKqf,EAAKnD,EAAKsC,EAAMxe,IAC5C,CAEQif,EAAKp9C,EAAMu8C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GAETA,EAAKp9C,EAAMu8C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GAET,MAAMU,EAAK1B,EAAWiB,GAEtB,OAAOhD,EAAKmC,EAAMsB,EAC1B,CAsBmBC,CAAiBlB,EAAQG,GAGpC,GAAIE,IAAO/rD,GACP,MAAUx4B,MAAM,0CACpB,OAAOikF,EAAkBM,EACjC,CAEI,MAAMc,EAAUpB,EAAkB5S,EAAMqS,IACxC,SAAS4B,EAAelW,GACpB,OAAOtmC,EAAWsmC,EAAQiW,EAClC,CACI,MAAO,CACHv8C,aACAw8C,iBACAz3C,gBAAiB,CAAC57B,EAAYzH,IAAcs+B,EAAW72B,EAAYzH,GACnEuhC,aAAe95B,GAAeqzE,EAAerzE,GAC7C45B,MAAO,CAAEC,iBAAkB,IAAMulC,EAAM51C,YAAY41C,EAAM7F,cACzD6Z,QAASA,EAEjB;sECrIA,MAAME,GAAe9gB,IAAgB,IAAMqc,GAASt9D,OAAO,CAAEw9D,MAAO,QAE9DwE,IADc/gB,IAAgB,IAAMqc,GAASt9D,OAAO,CAAEw9D,MAAO,OACpDt7D,OAAO,4IAEhB+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIskD,GAAMtkD,OAAO,GAAUA,OAAO,GAAI,MAAA+/D,GAAO//D,OAAO,IAElFggE,GAAOhgE,OAAO,IAAKigE,GAAOjgE,OAAO,IAAKkgE,GAAOlgE,OAAO,IAAKmgE,GAAQngE,OAAO,KAI9E,SAASogE,GAAsB7rE,GAC3B,MAAMswD,EAAIib,GACJ/hD,EAAMxpB,EAAIA,EAAIA,EAAKswD,EACnB7mC,EAAMD,EAAKA,EAAKxpB,EAAKswD,EACrB1mC,EAAMumC,GAAK1mC,EAAIsmC,GAAKO,GAAK7mC,EAAM6mC,EAC/BvmC,EAAMomC,GAAKvmC,EAAImmC,GAAKO,GAAK7mC,EAAM6mC,EAC/BrmC,EAAOkmC,GAAKpmC,EAAI/E,GAAKsrC,GAAK9mC,EAAM8mC,EAChCwb,EAAO3b,GAAKlmC,EAAKuhD,GAAMlb,GAAKrmC,EAAOqmC,EACnCyb,EAAO5b,GAAK2b,EAAKL,GAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,GAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,GAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,GAAMpb,GAAKyb,EAAOzb,EACrC6b,EAAQhc,GAAK+b,EAAMlnD,GAAKsrC,GAAK9mC,EAAM8mC,EACnC8b,EAAQjc,GAAKgc,EAAM3tD,GAAK8xC,GAAKtwD,EAAKswD,EACxC,OAAQH,GAAKic,EAAMR,GAAOtb,GAAK6b,EAAQ7b,CAC3C,CACA,SAAS8W,GAAkBz4E,GAQvB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,IAAM,EACLA,CACX,CAsBA,MAAMwgE,GAAKqC,GAAM+Z,GAAQ,KAAK,GACxBc,GAAY,CAEdvpE,EAAG2I,OAAO,GAEV7D,EAAG6D,OAAO,2IAEd0jD,GAAIA,GAGAhzD,EAAGsP,OAAO,2IAEV4lD,WAAY,IAEZt7C,EAAGtK,OAAO,GAEV8pD,GAAI9pD,OAAO,2IACX+pD,GAAI/pD,OAAO,2IAEXtZ,KAAMm5E,GACN9pD,eACA4lD,qBAEAC,OAAQ,CAACh8E,EAAMq8E,EAAKC,KAChB,GAAID,EAAIthF,OAAS,IACb,MAAUL,MAAM,uBAAuB2hF,EAAIthF,QAC/C,OAAO+wB,GAAYrM,GAAY,YAAa,IAAI7kB,WAAW,CAAC0hF,EAAS,EAAI,EAAGD,EAAIthF,SAAUshF,EAAKr8E,EAAK,EAExGi8E,QA/CJ,SAAiB/kD,EAAGnkB,GAChB,MAAMkyD,EAAIib,GAOJe,EAAM5tD,GAAI6D,EAAIA,EAAInkB,EAAGkyD,GACrBic,EAAM7tD,GAAI4tD,EAAM/pD,EAAG+tC,GACnBkc,EAAO9tD,GAAI6tD,EAAMD,EAAMluE,EAAGkyD,GAE1BtwD,EAAI0e,GAAI6tD,EADDV,GAAsBW,GACTlc,GAEpBgI,EAAK55C,GAAI1e,EAAIA,EAAGswD,GAGtB,MAAO,CAAElB,QAAS1wC,GAAI45C,EAAKl6D,EAAGkyD,KAAO/tC,EAAGx7B,MAAOiZ,EACnD,GA+Ba5O,kBAAwB+1E,GAAekF,IAGvCl7E,kBAAuB,KAAOm4E,GAAW,CAClDxmE,EAAG2I,OAAO,QAEV89D,eAAgB,IAChBhY,YAAa,GACbjB,EAAGib,GACH9B,GAAIh+D,OAAO,GACX+9D,WAAaxpE,IACT,MAAMswD,EAAIib,GAGV,OAAO7sD,GADSyxC,GADI0b,GAAsB7rE,GACRyL,OAAO,GAAI6kD,GACxBtwD,EAAGswD,EAAE,EAE9B8W,qBACA5lD,iBAdgC,GAgCnB2tC,GAAGsC,MAAQhmD,OAAO,GAAMA,OAAO,GACjCA,OAAO,QAuFFA,OAAO,SAEHA,OAAO,SAEVA,OAAO,0IAEJA,OAAO,2IAGdA,OAAO;;AClOxB,MAAMghE,GAAahhE,OAAO,sEACpBihE,GAAajhE,OAAO,sEACpB+S,GAAM/S,OAAO,GACbuZ,GAAMvZ,OAAO,GACbkhE,GAAa,CAAC7pE,EAAGzG,KAAOyG,EAAIzG,EAAI2oB,IAAO3oB,EA6B7C,MAAM8yD,GAAKqC,GAAMib,QAAY7lF,OAAWA,EAAW,CAAE+rE,KAxBrD,SAAiBvzC,GACb,MAAMkxC,EAAImc,GAEJ1c,EAAMtkD,OAAO,GAAImhE,EAAMnhE,OAAO,GAAI+/D,EAAO//D,OAAO,IAAKggE,EAAOhgE,OAAO,IAEnEohE,EAAOphE,OAAO,IAAKigE,EAAOjgE,OAAO,IAAKkgE,EAAOlgE,OAAO,IACpD+d,EAAMpK,EAAIA,EAAIA,EAAKkxC,EACnB7mC,EAAMD,EAAKA,EAAKpK,EAAKkxC,EACrB1mC,EAAMumC,GAAK1mC,EAAIsmC,EAAKO,GAAK7mC,EAAM6mC,EAC/BvmC,EAAMomC,GAAKvmC,EAAImmC,EAAKO,GAAK7mC,EAAM6mC,EAC/BrmC,EAAOkmC,GAAKpmC,EAAI/E,GAAKsrC,GAAK9mC,EAAM8mC,EAChCwb,EAAO3b,GAAKlmC,EAAKuhD,EAAMlb,GAAKrmC,EAAOqmC,EACnCyb,EAAO5b,GAAK2b,EAAKL,EAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,EAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,EAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,EAAMpb,GAAKyb,EAAOzb,EACrC8b,EAAQjc,GAAK+b,EAAMnc,EAAKO,GAAK7mC,EAAM6mC,EACnC59C,EAAMy9C,GAAKic,EAAMS,EAAMvc,GAAKwb,EAAOxb,EACnC39C,EAAMw9C,GAAKz9C,EAAIk6D,EAAKtc,GAAK9mC,EAAM8mC,EAC/BE,EAAOL,GAAKx9C,EAAIqS,GAAKsrC,GAC3B,IAAKnB,GAAGsB,IAAItB,GAAGuB,IAAIF,GAAOpxC,GACtB,MAAUr5B,MAAM,2BACpB,OAAOyqE,CACX,IAKa/gE,GAAY+wE,GAAY,CACjC19D,EAAG2I,OAAO,GACVpP,EAAGoP,OAAO,GACd0jD,GAAIA,GACAhzD,EAAGuwE,GAEHnX,GAAI9pD,OAAO,iFACX+pD,GAAI/pD,OAAO,iFACXsK,EAAGtK,OAAO,GACVmrB,MAAM,EAON+gC,KAAM,CACFC,KAAMnsD,OAAO,sEACbosD,YAAc95D,IACV,MAAM5B,EAAIuwE,GACJ71D,EAAKpL,OAAO,sCACZ8d,GAAM/K,GAAM/S,OAAO,sCACnBqhE,EAAKrhE,OAAO,uCACZ+d,EAAK3S,EACLk2D,EAAYthE,OAAO,uCACnBga,EAAKknD,GAAWnjD,EAAKzrB,EAAG5B,GACxBupB,EAAKinD,IAAYpjD,EAAKxrB,EAAG5B,GAC/B,IAAI8Q,EAAKyR,GAAI3gB,EAAI0nB,EAAK5O,EAAK6O,EAAKonD,EAAI3wE,GAChC+Q,EAAKwR,IAAK+G,EAAK8D,EAAK7D,EAAK8D,EAAIrtB,GACjC,MAAMi/D,EAAQnuD,EAAK8/D,EACb1R,EAAQnuD,EAAK6/D,EAKnB,GAJI3R,IACAnuD,EAAK9Q,EAAI8Q,GACTouD,IACAnuD,EAAK/Q,EAAI+Q,GACTD,EAAK8/D,GAAa7/D,EAAK6/D,EACvB,MAAUhnF,MAAM,uCAAyCgY,GAE7D,MAAO,CAAEq9D,QAAOnuD,KAAIouD,QAAOnuD,KAAI,IAGxC3a,IAGSkZ,OAAO,GAiBLhc,GAAUusE,gBCnGxB,MAAM7M,GAAKqC,GAAM/lD,OAAO,uEAKX3b,GAAkB0wE,GAAY,CACzC19D,EALcqsD,GAAG5lD,OAAOkC,OAAO,uEAM/BpP,EALcoP,OAAO,yEAMrB0jD,GAEAhzD,EAAGsP,OAAO,sEAEV8pD,GAAI9pD,OAAO,sEACX+pD,GAAI/pD,OAAO,sEACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACIrkC,IChBN48D,GAAKqC,GAAM/lD,OAAO,uGAKX1b,GAAkBywE,GAAY,CACzC19D,EALcqsD,GAAG5lD,OAAOkC,OAAO,uGAM/BpP,EALcoP,OAAO,yGAMrB0jD,GAEAhzD,EAAGsP,OAAO,sGAEV8pD,GAAI9pD,OAAO,sGACX+pD,GAAI/pD,OAAO,sGACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACIpkC,IChBN28D,GAAKqC,GAAM/lD,OAAO,uIAKXzb,GAAkBwwE,GAAY,CACzC19D,EALcqsD,GAAG5lD,OAAOkC,OAAO,uIAM/BpP,EALcoP,OAAO,sIAMrB0jD,MAEAhzD,EAAGsP,OAAO,sIAEV8pD,GAAI9pD,OAAO,sIACX+pD,GAAI/pD,OAAO,sIACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACInkC,ICRCuJ,GAAc,IAAIi+C,IAAI31D,OAAOiI,QAAQ,CAClD4C,SAAEA,GACFE,SAAEA,GACFE,SAAEA,GACAO,mBACAC,mBACAC,mBACAP,aACA0B,QACAC,+ECDF,SAAS47E,GAAIhyC,EAAMjjC,EAASwa,EAASyF,EAAMhE,EAAI3f,GAE7C,MAAM44E,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACIlnF,EACAqY,EACA8uE,EACAC,EACAC,EACA3+D,EACA0qD,EACAkU,EAKAC,EACAC,EAdAjxD,EAAI,EAeJhL,EAAM9Z,EAAQ3R,OAGlB,MAAM2nF,EAA6B,KAAhB/yC,EAAK50C,OAAgB,EAAI,EAE1CwnF,EADiB,IAAfG,EACQx7D,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFxa,EAqQJ,SAAuBA,GACrB,MAAMi2E,EAAY,EAAKj2E,EAAQ3R,OAAS,EAExC,IAAI8wB,EAKG,KAAiB82D,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOj2E,EAEP,MAAUhS,MAAM,uBACpB,CALImxB,EAAM,EAOR,MAAM+2D,EAAgB,IAAIhoF,WAAW8R,EAAQ3R,OAAS4nF,GACtD,IAAK,IAAI1nF,EAAI,EAAGA,EAAIyR,EAAQ3R,OAAQE,IAClC2nF,EAAc3nF,GAAKyR,EAAQzR,GAE7B,IAAK,IAAIqY,EAAI,EAAGA,EAAIqvE,EAAWrvE,IAC7BsvE,EAAcl2E,EAAQ3R,OAASuY,GAAKuY,EAGtC,OAAO+2D,CACT,CA9RcC,CAAcn2E,GACxB8Z,EAAM9Z,EAAQ3R,QAIhB,IAAIG,EAAS,IAAIN,WAAW4rB,GACxB9T,EAAI,EASR,KAAO8e,EAAIhL,GAAK,CAsCd,IArCA7C,EAAQjX,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,EAAK9kB,EAAQ8kB,KACnF68C,EAAS3hE,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,EAAK9kB,EAAQ8kB,KAgBpF4wD,EAAgC,WAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EACjBA,EAAiC,OAAxBz+D,IAAS,GAAM0qD,GACxBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,GACjBA,EAAgC,WAAvB/T,IAAU,EAAK1qD,GACxBA,GAAQy+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,UAAvB/T,IAAU,EAAK1qD,GACxBA,GAAQy+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EAEjBz+D,EAASA,GAAQ,EAAMA,IAAS,GAChC0qD,EAAUA,GAAS,EAAMA,IAAU,GAG9B/6D,EAAI,EAAGA,EAAIovE,EAAYpvE,GAAK,EAAG,CAIlC,IAHAkvE,EAAUD,EAAQjvE,EAAI,GACtBmvE,EAAUF,EAAQjvE,EAAI,GAEjBrY,EAAIsnF,EAAQjvE,GAAIrY,IAAMunF,EAASvnF,GAAKwnF,EACvCJ,EAAShU,EAAQ1+B,EAAK10C,GACtBqnF,GAAWjU,IAAU,EAAMA,GAAS,IAAO1+B,EAAK10C,EAAI,GAEpDmnF,EAAOz+D,EACPA,EAAO0qD,EACPA,EAAQ+T,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOz+D,EACPA,EAAO0qD,EACPA,EAAQ+T,CACT,CAGDz+D,EAASA,IAAS,EAAMA,GAAQ,GAChC0qD,EAAUA,IAAU,EAAMA,GAAS,GAGnC+T,EAAgC,YAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAK1qD,GACxBA,GAAQy+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,WAAvB/T,IAAU,EAAK1qD,GACxBA,GAAQy+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAiC,OAAxBz+D,IAAS,GAAM0qD,GACxBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,GACjBA,EAAgC,WAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EAajBlnF,EAAOwX,KAAQiR,IAAS,GACxBzoB,EAAOwX,KAASiR,IAAS,GAAM,IAC/BzoB,EAAOwX,KAASiR,IAAS,EAAK,IAC9BzoB,EAAOwX,KAAe,IAAPiR,EACfzoB,EAAOwX,KAAQ27D,IAAU,GACzBnzE,EAAOwX,KAAS27D,IAAU,GAAM,IAChCnzE,EAAOwX,KAAS27D,IAAU,EAAK,IAC/BnzE,EAAOwX,KAAgB,IAAR27D,CAChB,CAOD,OAJKnnD,IACHhsB,EA4KJ,SAA0BwR,GACxB,IACImf,EADA82D,EAAY,KAYhB,GALE92D,EAAM,GAKH82D,EAAW,CAEd,IADAA,EAAY,EACLj2E,EAAQA,EAAQ3R,OAAS4nF,KAAe92D,GAC7C82D,IAEFA,GACJ,CAEE,OAAOj2E,EAAQvK,SAAS,EAAGuK,EAAQ3R,OAAS4nF,EAC9C,CAlMaG,CAAiB5nF,IAGrBA,CACT,CAOA,SAAS6nF,GAAcj5E,GAErB,MAAMk5E,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa54E,EAAI/O,OAAS,EAAI,EAAI,EAElC40C,EAAW72C,MAAM,GAAK4pF,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGA5B,EAFA5wD,EAAI,EACJ1gB,EAAI,EAGR,IAAK,IAAIwC,EAAI,EAAGA,EAAIovE,EAAYpvE,IAAK,CACnC,IAAIqQ,EAAQ7Z,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,EAAK1nB,EAAI0nB,KACnE68C,EAASvkE,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,EAAK1nB,EAAI0nB,KAExE4wD,EAAgC,WAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAM1qD,GAC1BA,GAAQy+D,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,WAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAM1qD,GAC1BA,GAAQy+D,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,YAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAK1qD,GACxBA,GAAQy+D,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBz+D,IAAS,EAAK0qD,GACvBA,GAAS+T,EACTz+D,GAASy+D,GAAQ,EAGjBA,EAAQz+D,GAAQ,EAAO0qD,IAAU,GAAM,IAEvC1qD,EAAQ0qD,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQ+T,EAGR,IAAK,IAAInnF,EAAI,EAAGA,EAAI6oF,GAAe7oF,IAE7B6oF,EAAO7oF,IACT0oB,EAAQA,GAAQ,EAAMA,IAAS,GAC/B0qD,EAASA,GAAS,EAAMA,IAAU,KAElC1qD,EAAQA,GAAQ,EAAMA,IAAS,GAC/B0qD,EAASA,GAAS,EAAMA,IAAU,IAEpC1qD,IAAS,GACT0qD,IAAU,GAMV0V,EAAWf,EAAUr/D,IAAS,IAAMs/D,EAAWt/D,IAAS,GAAM,IAAOu/D,EAAWv/D,IAAS,GAAM,IAAOw/D,EACpGx/D,IAAS,GAAM,IAAOy/D,EAAWz/D,IAAS,GAAM,IAAO0/D,EAAW1/D,IAAS,EAAK,IAAO2/D,EAAW3/D,IAAS,EAC3G,IACFqgE,EAAYT,EAAUlV,IAAU,IAAMmV,EAAWnV,IAAU,GAAM,IAAOoV,EAAWpV,IAAU,GAAM,IACjGqV,EAAYrV,IAAU,GAAM,IAAOsV,EAAYtV,IAAU,GAAM,IAAOuV,EAAYvV,IAAU,EAAK,IACjGwV,EAAYxV,IAAU,EAAK,IAC7B+T,EAAyC,OAAhC4B,IAAc,GAAMD,GAC7Bp0C,EAAK7+B,KAAOizE,EAAW3B,EACvBzyC,EAAK7+B,KAAOkzE,EAAa5B,GAAQ,EAEpC,CAED,OAAOzyC,CACT,CAwDO,SAASs0C,GAAUn6E,GACxB3Q,KAAK2Q,IAAM,GAEX,IAAK,IAAI7O,EAAI,EAAGA,EAAI,EAAGA,IACrB9B,KAAK2Q,IAAI7N,KAAK,IAAIrB,WAAWkP,EAAI3H,SAAa,EAAJlH,EAAY,EAAJA,EAAS,KAG7D9B,KAAK+tB,QAAU,SAASiE,GACtB,OAAOw2D,GACLoB,GAAc5pF,KAAK2Q,IAAI,IACvB63E,GACEoB,GAAc5pF,KAAK2Q,IAAI,IACvB63E,GACEoB,GAAc5pF,KAAK2Q,IAAI,IACvBqhB,GAAO,IAET,IACC,EAEN,CACH,CCtbA,SAAS+4D,KACP/qF,KAAKgrF,UAAY,EACjBhrF,KAAKirF,QAAU,GAEfjrF,KAAKkrF,OAAS,SAASv6E,GAMrB,GALA3Q,KAAKmrF,QAAcxrF,MAAM,IACzBK,KAAKorF,OAAazrF,MAAM,IAExBK,KAAKgqE,QAEDr5D,EAAI/O,SAAW5B,KAAKirF,QAGtB,MAAU1pF,MAAM,mCAElB,OAJEvB,KAAKqrF,YAAY16E,IAIZ,CACR,EAED3Q,KAAKgqE,MAAQ,WACX,IAAK,IAAIloE,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAKmrF,QAAQrpF,GAAK,EAClB9B,KAAKorF,OAAOtpF,GAAK,CAEpB,EAED9B,KAAKsrF,aAAe,WAClB,OAAOtrF,KAAKgrF,SACb,EAEDhrF,KAAK+tB,QAAU,SAASW,GACtB,MAAMH,EAAU5uB,MAAM+uB,EAAI9sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI4sB,EAAI9sB,OAAQE,GAAK,EAAG,CACtC,IAEI4Z,EAFA0mB,EAAK1T,EAAI5sB,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GACtE2Z,EAAKiT,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GAG9E4Z,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EAEJ6S,EAAIzsB,GAAM2Z,IAAM,GAAM,IACtB8S,EAAIzsB,EAAI,GAAM2Z,IAAM,GAAM,IAC1B8S,EAAIzsB,EAAI,GAAM2Z,IAAM,EAAK,IACzB8S,EAAIzsB,EAAI,GAAS,IAAJ2Z,EACb8S,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,IAAM,EAAK,IACzB7T,EAAIzsB,EAAI,GAAS,IAAJsgC,CACnB,CAEI,OAAO7T,CACR,EAEDvuB,KAAKquB,QAAU,SAASK,GACtB,MAAMH,EAAU5uB,MAAM+uB,EAAI9sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI4sB,EAAI9sB,OAAQE,GAAK,EAAG,CACtC,IAEI4Z,EAFA0mB,EAAK1T,EAAI5sB,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GACtE2Z,EAAKiT,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GAG9E4Z,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,IAAKnrF,KAAKorF,OAAO,KAC5ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIqpD,EAAGhwE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAIopD,EAAG/vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAImpD,EAAG9vE,EAAGzb,KAAKmrF,QAAQ,GAAInrF,KAAKorF,OAAO,IAC3ChpD,EAAI1mB,EAEJ6S,EAAIzsB,GAAM2Z,IAAM,GAAM,IACtB8S,EAAIzsB,EAAI,GAAM2Z,IAAM,GAAM,IAC1B8S,EAAIzsB,EAAI,GAAM2Z,IAAM,EAAK,IACzB8S,EAAIzsB,EAAI,GAAS,IAAJ2Z,EACb8S,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,GAAK,GAAM,IACzB7T,EAAIzsB,EAAI,GAAMsgC,GAAK,EAAK,IACxB7T,EAAIzsB,EAAI,GAAS,IAAJsgC,CACnB,CAEI,OAAO7T,CACR,EACD,MAAMm9D,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGnoE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASmwE,EAAK,GAAG1pD,IAAM,IAAM0pD,EAAK,GAAI1pD,IAAM,GAAM,MAAQ0pD,EAAK,GAAI1pD,IAAM,EAAK,KAAQ0pD,EAAK,GAAO,IAAJ1pD,EAClG,CAEE,SAASspD,EAAGpoE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASmwE,EAAK,GAAG1pD,IAAM,IAAM0pD,EAAK,GAAI1pD,IAAM,GAAM,KAAQ0pD,EAAK,GAAI1pD,IAAM,EAAK,KAAQ0pD,EAAK,GAAO,IAAJ1pD,EAClG,CAEE,SAASupD,EAAGroE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAASmwE,EAAK,GAAG1pD,IAAM,IAAM0pD,EAAK,GAAI1pD,IAAM,GAAM,KAAQ0pD,EAAK,GAAI1pD,IAAM,EAAK,MAAQ0pD,EAAK,GAAO,IAAJ1pD,EAClG,CA9FEypD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnC3rF,KAAKqrF,YAAc,SAASQ,GAC1B,MAAMnwE,aACAnC,EAAQ5Z,MAAM,IAEpB,IAAIwa,EAEJ,IAAK,IAAIrY,EAAI,EAAGA,EAAI,EAAGA,IACrBqY,EAAQ,EAAJrY,EACJ4Z,EAAE5Z,GAAM+pF,EAAI1xE,IAAM,GAAO0xE,EAAI1xE,EAAI,IAAM,GAAO0xE,EAAI1xE,EAAI,IAAM,EAAK0xE,EAAI1xE,EAAI,GAG3E,MAAMqB,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACI0N,EADA4iE,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIlL,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK1mE,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMmE,EAAIotE,EAAU7K,GAAO1mE,GAC3B+O,EAAIxN,EAAE4C,EAAE,IAER4K,GAAK0iE,EAAK,GAAIlwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK0iE,EAAK,GAAIlwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK0iE,EAAK,GAAIlwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK0iE,EAAK,GAAIlwE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAK0iE,EAAKpwE,EAAErB,IAAKuB,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D5C,EAAE4C,EAAE,IAAM4K,CACpB,CAEQ,IAAK/O,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtC,EAAI8zE,EAAU9K,GAAO1mE,GAC3B+O,EAAI0iE,EAAK,GAAIlwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDqR,GAAK0iE,EAAK,GAAIlwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK0iE,EAAK,GAAIlwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK0iE,EAAK,GAAIlwE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAK0iE,EAAK,EAAIzxE,GAAIuB,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7D0B,EAAEuyE,GAAM5iE,EACR4iE,GACV,CACA,CAGI,IAAK,IAAIhqF,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAKmrF,QAAQrpF,GAAKyX,EAAEzX,GACpB9B,KAAKorF,OAAOtpF,GAAiB,GAAZyX,EAAE,GAAKzX,EAE3B,EAsBD,MAAM8pF,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASI,GAAMr7E,GACb3Q,KAAKgN,MAAQ,IAAI+9E,GACjB/qF,KAAKgN,MAAMk+E,OAAOv6E,GAElB3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAKgN,MAAM+gB,QAAQiE,EAC3B,CACH,CDpJA84D,GAAU9nE,QAAU8nE,GAAU7qF,UAAU+iB,QAAU,GAClD8nE,GAAU7nE,UAAY6nE,GAAU7qF,UAAUgjB,UAAY,ECqJtD+oE,GAAM/oE,UAAY+oE,GAAM/rF,UAAUgjB,UAAY,EAC9C+oE,GAAMhpE,QAAUgpE,GAAM/rF,UAAU+iB,QAAU,GCpkB1C,MAAMipE,GAAS,WAEf,SAASC,GAAKhjE,EAAGvR,GACf,OAAQuR,GAAKvR,EAAIuR,IAAO,GAAKvR,GAAMs0E,EACrC,CAEA,SAASE,GAAK7tE,EAAGxc,GACf,OAAOwc,EAAExc,GAAKwc,EAAExc,EAAI,IAAM,EAAIwc,EAAExc,EAAI,IAAM,GAAKwc,EAAExc,EAAI,IAAM,EAC7D,CAEA,SAASsqF,GAAK9tE,EAAGxc,EAAGonB,GAClB5K,EAAE+tE,OAAOvqF,EAAG,EAAO,IAAJonB,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASojE,GAAK9wE,EAAG7D,GACf,OAAQ6D,IAAW,EAAJ7D,EAAU,GAC3B,CAkSA,SAAS40E,GAAG57E,GACV3Q,KAAKwsF,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMtxE,GACb,OAAOqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,GAC7F,CAEE,SAASuxE,EAAMvxE,GACb,OAAOqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,IAAMqxE,EAAK,GAAGP,GAAK9wE,EAAG,GAC7F,CAEE,SAASwxE,EAAQvxE,EAAGwxE,GAClB,IAAI3uE,EAAIwuE,EAAMG,EAAI,IACdp1E,EAAIk1E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAM3uE,EAAIzG,EAAI+0E,EAAO,EAAInxE,EAAI,GAAMwwE,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM3uE,EAAI,EAAIzG,EAAI+0E,EAAO,EAAInxE,EAAI,GAAMwwE,GAC7D3tE,EAAIwuE,EAAMG,EAAI,IACdp1E,EAAIk1E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAM3uE,EAAIzG,EAAI+0E,EAAO,EAAInxE,EAAI,IAAOwwE,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM3uE,EAAI,EAAIzG,EAAI+0E,EAAO,EAAInxE,EAAI,IAAOwwE,EAClE,CAEE,SAASiB,EAAQprF,EAAGmrF,GAClB,IAAI3uE,EAAIwuE,EAAMG,EAAI,IACdp1E,EAAIk1E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM3uE,EAAIzG,EAAI+0E,EAAO,EAAI9qF,EAAI,IAAOmqF,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAM3uE,EAAI,EAAIzG,EAAI+0E,EAAO,EAAI9qF,EAAI,IAAOmqF,GAAQ,IAClE3tE,EAAIwuE,EAAMG,EAAI,IACdp1E,EAAIk1E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAM3uE,EAAIzG,EAAI+0E,EAAO,EAAI9qF,EAAI,GAAMmqF,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAM3uE,EAAI,EAAIzG,EAAI+0E,EAAO,EAAI9qF,EAAI,GAAMmqF,GAAQ,GACrE,CAqDE,MAAO,CACLhkF,KAAM,UACNklF,UAAW,GACXC,KAhQF,SAAiBz8E,GAEf,IAAI7O,EACAwc,EACAzG,EACAsL,EACAC,EALJqpE,EAAW97E,EAMX,MAAM08E,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DvqE,EAAI,CACR,GACA,IAEI0U,EAAI,CACR,GACA,GACA,GACA,IAGF,SAAS81D,EAAM3yE,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,EAC9C,CAEI,SAAS4yE,EAAM5yE,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,EACzD,CAEI,SAAS6yE,EAAOlhE,EAAGxJ,GACjB,IAAI7hB,EACA4Z,EACAqiB,EACJ,IAAKj8B,EAAI,EAAGA,EAAI,EAAGA,IACjB4Z,EAAIiI,IAAM,GACVA,EAAMA,GAAK,EAAKsoE,GAAU9+D,IAAM,GAChCA,EAAKA,GAAK,EAAK8+D,GACfluD,EAAIriB,GAAK,EACD,IAAJA,IACFqiB,GAAK,KAEPpa,GAAKjI,EAAKqiB,GAAK,GACfA,GAAKriB,IAAM,EACH,EAAJA,IACFqiB,GAAK,KAEPpa,GAAKoa,GAAK,GAAKA,GAAK,EAEtB,OAAOpa,CACb,CAEI,SAAS2qE,EAAG32E,EAAG6D,GACb,MAAM8C,EAAI9C,GAAK,EACT3D,EAAQ,GAAJ2D,EACJ2H,EAAI0qE,EAAGl2E,GAAG2G,EAAIzG,GACduL,EAAI0qE,EAAGn2E,GAAGs2E,EAAKp2E,GAAKq2E,EAAK5vE,IAC/B,OAAO0vE,EAAGr2E,GAAGs2E,EAAK7qE,GAAK8qE,EAAK/qE,KAAO,EAAI4qE,EAAGp2E,GAAGwL,EAAIC,EACvD,CAEI,SAASmrE,EAAK/yE,EAAG7K,GACf,IAAI2N,EAAIguE,GAAK9wE,EAAG,GACZ3D,EAAIy0E,GAAK9wE,EAAG,GACZ2H,EAAImpE,GAAK9wE,EAAG,GACZ4H,EAAIkpE,GAAK9wE,EAAG,GAChB,OAAQgyE,GACN,KAAK,EACHlvE,EAAIqF,EAAE,GAAGrF,GAAKguE,GAAK37E,EAAI,GAAI,GAC3BkH,EAAI8L,EAAE,GAAG9L,GAAKy0E,GAAK37E,EAAI,GAAI,GAC3BwS,EAAIQ,EAAE,GAAGR,GAAKmpE,GAAK37E,EAAI,GAAI,GAC3ByS,EAAIO,EAAE,GAAGP,GAAKkpE,GAAK37E,EAAI,GAAI,GAC7B,KAAK,EACH2N,EAAIqF,EAAE,GAAGrF,GAAKguE,GAAK37E,EAAI,GAAI,GAC3BkH,EAAI8L,EAAE,GAAG9L,GAAKy0E,GAAK37E,EAAI,GAAI,GAC3BwS,EAAIQ,EAAE,GAAGR,GAAKmpE,GAAK37E,EAAI,GAAI,GAC3ByS,EAAIO,EAAE,GAAGP,GAAKkpE,GAAK37E,EAAI,GAAI,GAC7B,KAAK,EACH2N,EAAIqF,EAAE,GAAGA,EAAE,GAAGrF,GAAKguE,GAAK37E,EAAI,GAAI,IAAM27E,GAAK37E,EAAI,GAAI,GACnDkH,EAAI8L,EAAE,GAAGA,EAAE,GAAG9L,GAAKy0E,GAAK37E,EAAI,GAAI,IAAM27E,GAAK37E,EAAI,GAAI,GACnDwS,EAAIQ,EAAE,GAAGA,EAAE,GAAGR,GAAKmpE,GAAK37E,EAAI,GAAI,IAAM27E,GAAK37E,EAAI,GAAI,GACnDyS,EAAIO,EAAE,GAAGA,EAAE,GAAGP,GAAKkpE,GAAK37E,EAAI,GAAI,IAAM27E,GAAK37E,EAAI,GAAI,GAEvD,OAAO0nB,EAAE,GAAG/Z,GAAK+Z,EAAE,GAAGxgB,GAAKwgB,EAAE,GAAGlV,GAAKkV,EAAE,GAAGjV,EAChD,CAII,IAFAqpE,EAAWA,EAAS9pF,MAAM,EAAG,IAC7Bb,EAAI2qF,EAAS7qF,OACA,KAANE,GAAkB,KAANA,GAAkB,KAANA,GAC7B2qF,EAAS3qF,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAI2qF,EAAS7qF,OAAQE,GAAK,EACpCyrF,EAAMzrF,GAAK,GAAKqqF,GAAKM,EAAU3qF,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnB6hB,EAAE,GAAG7hB,GAAKwsF,EAAG,EAAGxsF,GAChB6hB,EAAE,GAAG7hB,GAAKwsF,EAAG,EAAGxsF,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnB4rF,EAAM/pE,EAAE,GAAG7hB,GACX6rF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZr1D,EAAE,GAAGv2B,GAAK4rF,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnDv1D,EAAE,GAAGv2B,GAAK6rF,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM/pE,EAAE,GAAG7hB,GACX6rF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZr1D,EAAE,GAAGv2B,GAAK8rF,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnDr1D,EAAE,GAAGv2B,GAAK6rF,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM3rF,OAAS,EACjBE,EAAI,EAAGA,EAAI0rF,EAAM1rF,IACpBwc,EAAIivE,EAAMzrF,EAAIA,GACdurF,EAAMvrF,GAAKwc,EACXzG,EAAI01E,EAAMzrF,EAAIA,EAAI,GAClBwrF,EAAMxrF,GAAK+V,EACX41E,EAAKD,EAAO1rF,EAAI,GAAKusF,EAAO/vE,EAAGzG,GAEjC,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBwc,EAAI,SAAYxc,EAChB+V,EAAIyG,EAAI,SACRA,EAAIiwE,EAAKjwE,EAAG+uE,GACZx1E,EAAIq0E,GAAKqC,EAAK12E,EAAGy1E,GAAQ,GACzBV,EAAO9qF,GAAMwc,EAAIzG,EAAKo0E,GACtBW,EAAO9qF,EAAI,GAAKoqF,GAAK5tE,EAAI,EAAIzG,EAAG,GAElC,IAAK/V,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAwc,EAAIzG,EAAIsL,EAAIC,EAAIthB,EACR0rF,GACN,KAAK,EACHlvE,EAAIqF,EAAE,GAAGrF,GAAKguE,GAAKmB,EAAK,GAAI,GAC5B51E,EAAI8L,EAAE,GAAG9L,GAAKy0E,GAAKmB,EAAK,GAAI,GAC5BtqE,EAAIQ,EAAE,GAAGR,GAAKmpE,GAAKmB,EAAK,GAAI,GAC5BrqE,EAAIO,EAAE,GAAGP,GAAKkpE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHnvE,EAAIqF,EAAE,GAAGrF,GAAKguE,GAAKmB,EAAK,GAAI,GAC5B51E,EAAI8L,EAAE,GAAG9L,GAAKy0E,GAAKmB,EAAK,GAAI,GAC5BtqE,EAAIQ,EAAE,GAAGR,GAAKmpE,GAAKmB,EAAK,GAAI,GAC5BrqE,EAAIO,EAAE,GAAGP,GAAKkpE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAG/qF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGrF,GAAKguE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG/qF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAG9L,GAAKy0E,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG/qF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGR,GAAKmpE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAG/qF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGP,GAAKkpE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IAG7E,EAuFIxqF,MAvDF,WACE2pF,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,GAEN,EAgDI9+D,QA9CF,SAAoBlnB,EAAM+R,GACxB8zE,EAAY7lF,EACZ8lF,EAAa/zE,EACb,MAAMq0E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzyE,EAAI,EAAGA,EAAI,EAAGA,IACrB6yE,EAAQ7yE,EAAG8yE,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,CACX,EA+BIr+D,QA7BF,SAAoBxnB,EAAM+R,GACxB8zE,EAAY7lF,EACZ8lF,EAAa/zE,EACb,MAAMq0E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIzyE,EAAI,EAAGA,GAAK,EAAGA,IACtB+yE,EAAQ/yE,EAAG8yE,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,EAClB,EAgBI6B,SAZF,WACE,OAAO9B,CACX,EAYA,CAKY+B,GACVzuF,KAAKwsF,GAAGY,KAAKztF,MAAM4gB,KAAK5P,GAAM,GAE9B3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAKwsF,GAAGz+D,QAAQpuB,MAAM4gB,KAAKyR,GAAQ,EAC3C,CACH,CCxUA,SAAS08D,KAAW,CAqXpB,SAASC,GAAGh+E,GACV3Q,KAAK4uF,GAAK,IAAIF,GACd1uF,KAAK4uF,GAAGrtD,KAAK5wB,GAEb3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAK4uF,GAAG78D,aAAaC,EAC7B,CACH,CDlDAu6D,GAAGvpE,QAAUupE,GAAGtsF,UAAU+iB,QAAU,GACpCupE,GAAGtpE,UAAYspE,GAAGtsF,UAAUgjB,UAAY,GCrUxCyrE,GAASzuF,UAAU4uF,UAAY,EAK/BH,GAASzuF,UAAU6uF,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCJ,GAASzuF,UAAU8uF,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DL,GAASzuF,UAAU+uF,GAAK,GASxBN,GAASzuF,UAAUgvF,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,UACd,CACE,OAAOA,CACT,EAKAR,GAASzuF,UAAUsoE,GAAK,SAAS2mB,GAC/B,IAAIC,EAEJ,MAAMC,EAAU,IAALF,EAELG,EAAU,KADhBH,KAAQ,GAGFI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAOR,OAJAC,EAAKnvF,KAAKwvF,OAAO,GAAGD,GAAMvvF,KAAKwvF,OAAO,GAAGF,GACzCH,GAAMnvF,KAAKwvF,OAAO,GAAGH,GACrBF,GAAMnvF,KAAKwvF,OAAO,GAAGJ,GAEdD,CACT,EAMAT,GAASzuF,UAAUwvF,cAAgB,SAASC,GAC1C,IAGIlsE,EAHAmsE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKlsE,EAAK,EAAGA,EAAKxjB,KAAKgvF,KAAMxrE,EAAI,CAC/BmsE,GAAS3vF,KAAK6vF,OAAOrsE,GACrBosE,EAAQ5vF,KAAKuoE,GAAGonB,GAASC,EAEzB,MAAMpkE,EAAMmkE,EACZA,EAAQC,EACRA,EAAQpkE,CACZ,CAEEmkE,GAAS3vF,KAAK6vF,OAAO7vF,KAAKgvF,GAAK,GAC/BY,GAAS5vF,KAAK6vF,OAAO7vF,KAAKgvF,GAAK,GAE/BU,EAAK,GAAK1vF,KAAKivF,OAAOW,GACtBF,EAAK,GAAK1vF,KAAKivF,OAAOU,EACxB,EAWAjB,GAASzuF,UAAU8xB,aAAe,SAAS+9D,GACzC,IAAItsE,EACJ,MAAMksE,EAAO,CAAC,EAAG,GACXK,EAAM/vF,KAAK6uF,UAAY,EAC7B,IAAKrrE,EAAK,EAAGA,EAAKxjB,KAAK6uF,UAAY,IAAKrrE,EACtCksE,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBI,EAAOtsE,EAAK,GACxCksE,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBI,EAAOtsE,EAAKusE,GAG1C/vF,KAAKyvF,cAAcC,GAEnB,MAAMM,EAAM,GACZ,IAAKxsE,EAAK,EAAGA,EAAKxjB,KAAK6uF,UAAY,IAAKrrE,EACtCwsE,EAAIxsE,EAAK,GAAOksE,EAAK,KAAQ,GAAK,EAAC,EAAY,IAC/CM,EAAIxsE,EAAKusE,GAASL,EAAK,KAAQ,GAAK,EAAC,EAAY,IAKnD,OAAOM,CACT,EAMAtB,GAASzuF,UAAUgwF,cAAgB,SAASP,GAC1C,IAGIlsE,EAHAmsE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKlsE,EAAKxjB,KAAKgvF,GAAK,EAAGxrE,EAAK,IAAKA,EAAI,CACnCmsE,GAAS3vF,KAAK6vF,OAAOrsE,GACrBosE,EAAQ5vF,KAAKuoE,GAAGonB,GAASC,EAEzB,MAAMpkE,EAAMmkE,EACZA,EAAQC,EACRA,EAAQpkE,CACZ,CAEEmkE,GAAS3vF,KAAK6vF,OAAO,GACrBD,GAAS5vF,KAAK6vF,OAAO,GAErBH,EAAK,GAAK1vF,KAAKivF,OAAOW,GACtBF,EAAK,GAAK1vF,KAAKivF,OAAOU,EACxB,EAMAjB,GAASzuF,UAAUshC,KAAO,SAAS5wB,GACjC,IAAI6S,EACA0sE,EAAK,EAGT,IADAlwF,KAAK6vF,OAAS,GACTrsE,EAAK,EAAGA,EAAKxjB,KAAKgvF,GAAK,IAAKxrE,EAAI,CACnC,IAAI3c,EAAO,EACX,IAAK,IAAIspF,EAAK,EAAGA,EAAK,IAAKA,EACzBtpF,EAAQA,GAAQ,EAAgB,IAAV8J,EAAIu/E,KACpBA,GAAMv/E,EAAI/O,SACdsuF,EAAK,GAGTlwF,KAAK6vF,OAAOrsE,GAAMxjB,KAAK+uF,OAAOvrE,GAAM3c,CACxC,CAGE,IADA7G,KAAKwvF,OAAS,GACThsE,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAxjB,KAAKwvF,OAAOhsE,GAAM,GACb0sE,EAAK,EAAGA,EAAK,MAAOA,EACvBlwF,KAAKwvF,OAAOhsE,GAAI0sE,GAAMlwF,KAAK8uF,OAAOtrE,GAAI0sE,GAI1C,MAAMR,EAAO,CAAC,EAAY,GAE1B,IAAKlsE,EAAK,EAAGA,EAAKxjB,KAAKgvF,GAAK,EAAGxrE,GAAM,EACnCxjB,KAAKyvF,cAAcC,GACnB1vF,KAAK6vF,OAAOrsE,EAAK,GAAKksE,EAAK,GAC3B1vF,KAAK6vF,OAAOrsE,EAAK,GAAKksE,EAAK,GAG7B,IAAKlsE,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAK0sE,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BlwF,KAAKyvF,cAAcC,GACnB1vF,KAAKwvF,OAAOhsE,GAAI0sE,EAAK,GAAKR,EAAK,GAC/B1vF,KAAKwvF,OAAOhsE,GAAI0sE,EAAK,GAAKR,EAAK,EAGrC,EAYAf,GAAG3rE,QAAU2rE,GAAG1uF,UAAU+iB,QAAU,GACpC2rE,GAAG1rE,UAAY0rE,GAAG1uF,UAAUgjB,UAAY,EChYjC,MAAMP,GAAgB,IAAI+yC,IAAI,CACnC,CAAChrD,EAAMoC,UAAUE,UAAW+9E,IAC5B,CAACrgF,EAAMoC,UAAUG,MAAOg/E,IACxB,CAACvhF,EAAMoC,UAAUI,SAAUmjF,IAC3B,CAAC3lF,EAAMoC,UAAUQ,QAASgjF,2ECX5B,MAAMC,kBAA0B,IAAInwE,YAAY,CAC5C,WAAY,WAAY,WAAY,UAAY,aAI9CowE,kBAAyB,IAAIpwE,YAAY,IACxC,MAAMqwE,WAAapqB,GACtB,WAAAxmE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKgjC,EAAiB,EAAbstD,GAAQ,GACjBtwF,KAAKg8D,EAAiB,EAAbs0B,GAAQ,GACjBtwF,KAAKs0C,EAAiB,EAAbg8C,GAAQ,GACjBtwF,KAAK8hC,EAAiB,EAAbwuD,GAAQ,GACjBtwF,KAAK+mE,EAAiB,EAAbupB,GAAQ,EACzB,CACI,GAAAnoF,GACI,MAAM66B,EAAEA,EAACg5B,EAAEA,EAAC1nB,EAAEA,EAACxS,EAAEA,EAACilC,EAAEA,GAAM/mE,KAC1B,MAAO,CAACgjC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,EAC5B,CACI,GAAA5kE,CAAI6gC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,GACZ/mE,KAAKgjC,EAAQ,EAAJA,EACThjC,KAAKg8D,EAAQ,EAAJA,EACTh8D,KAAKs0C,EAAQ,EAAJA,EACTt0C,KAAK8hC,EAAQ,EAAJA,EACT9hC,KAAK+mE,EAAQ,EAAJA,CACjB,CACI,OAAA3jE,CAAQ0jB,EAAMlO,GACV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnC23E,GAAOzuF,GAAKglB,EAAK0B,UAAU5P,GAAQ,GACvC,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IACrByuF,GAAOzuF,GAAK8jE,GAAK2qB,GAAOzuF,EAAI,GAAKyuF,GAAOzuF,EAAI,GAAKyuF,GAAOzuF,EAAI,IAAMyuF,GAAOzuF,EAAI,IAAK,GAEtF,IAAIkhC,EAAEA,EAACg5B,EAAEA,EAAC1nB,EAAEA,EAACxS,EAAEA,EAACilC,EAAEA,GAAM/mE,KACxB,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,IAAIklE,EAAG3gC,EACHvkC,EAAI,IACJklE,EAAId,GAAIlK,EAAG1nB,EAAGxS,GACduE,EAAI,YAECvkC,EAAI,IACTklE,EAAIhL,EAAI1nB,EAAIxS,EACZuE,EAAI,YAECvkC,EAAI,IACTklE,EAAIb,GAAInK,EAAG1nB,EAAGxS,GACduE,EAAI,aAGJ2gC,EAAIhL,EAAI1nB,EAAIxS,EACZuE,EAAI,YAER,MAAMxO,EAAK+tC,GAAK5iC,EAAG,GAAKgkC,EAAID,EAAI1gC,EAAIkqD,GAAOzuF,GAAM,EACjDilE,EAAIjlC,EACJA,EAAIwS,EACJA,EAAIsxB,GAAK5J,EAAG,IACZA,EAAIh5B,EACJA,EAAInL,CAChB,CAEQmL,EAAKA,EAAIhjC,KAAKgjC,EAAK,EACnBg5B,EAAKA,EAAIh8D,KAAKg8D,EAAK,EACnB1nB,EAAKA,EAAIt0C,KAAKs0C,EAAK,EACnBxS,EAAKA,EAAI9hC,KAAK8hC,EAAK,EACnBilC,EAAKA,EAAI/mE,KAAK+mE,EAAK,EACnB/mE,KAAKmC,IAAI6gC,EAAGg5B,EAAG1nB,EAAGxS,EAAGilC,EAC7B,CACI,UAAAP,GACI+pB,GAAO9oE,KAAK,EACpB,CACI,OAAAxe,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,GACrBnC,KAAKsJ,OAAOme,KAAK,EACzB,EAOO,MAAM5Z,kBAAuBm4D,IAAgB,IAAM,IAAIwqB,KC/ExDC,kBAAsB,IAAIhvF,WAAW,CAAC,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IACzFivF,kBAAqB,IAAIjvF,WAAe9B,MAAM,IAAI8nB,KAAK,GAAG9iB,KAAI,CAACsnB,EAAGnqB,IAAMA,KACxE6uF,kBAAqBD,GAAG/rF,KAAK7C,IAAO,EAAIA,EAAI,GAAK,KACvD,IAAI8uF,GAAO,CAACF,IACRG,GAAO,CAACF,IACZ,IAAK,IAAI7uF,EAAI,EAAGA,EAAI,EAAGA,IACnB,IAAK,IAAIqY,IAAK,CAACy2E,GAAMC,IACjB12E,EAAErX,KAAKqX,EAAErY,GAAG6C,KAAK4U,GAAMk3E,GAAIl3E,MACnC,MAAMoxE,kBAAyB,CAC3B,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,IACxDhmF,KAAK7C,GAAM,IAAIL,WAAWK,KACtBgvF,kBAA0BF,GAAKjsF,KAAI,CAACooB,EAAKjrB,IAAMirB,EAAIpoB,KAAKwV,GAAMwwE,GAAO7oF,GAAGqY,OACxE42E,kBAA0BF,GAAKlsF,KAAI,CAACooB,EAAKjrB,IAAMirB,EAAIpoB,KAAKwV,GAAMwwE,GAAO7oF,GAAGqY,OACxE62E,kBAAqB,IAAI7wE,YAAY,CACvC,EAAY,WAAY,WAAY,WAAY,aAE9C8wE,kBAAqB,IAAI9wE,YAAY,CACvC,WAAY,WAAY,WAAY,WAAY,IAGpD,SAAS8lB,GAAEirD,EAAO11E,EAAGof,EAAGoL,GACpB,OAAc,IAAVkrD,EACO11E,EAAIof,EAAIoL,EACA,IAAVkrD,EACG11E,EAAIof,GAAOpf,EAAIwqB,EACR,IAAVkrD,GACG11E,GAAKof,GAAKoL,EACH,IAAVkrD,EACG11E,EAAIwqB,EAAMpL,GAAKoL,EAEhBxqB,GAAKof,GAAKoL,EACzB,CAEA,MAAMmrD,kBAAwB,IAAIhxE,YAAY,IACvC,MAAMixE,WAAkBhrB,GAC3B,WAAAxmE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKqxF,GAAK,WACVrxF,KAAKsxF,IAAK,UACVtxF,KAAKuxF,IAAK,WACVvxF,KAAKwxF,GAAK,UACVxxF,KAAKyxF,IAAK,UAClB,CACI,GAAAtpF,GACI,MAAMkpF,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOzxF,KAC/B,MAAO,CAACqxF,EAAIC,EAAIC,EAAIC,EAAIC,EAChC,CACI,GAAAtvF,CAAIkvF,EAAIC,EAAIC,EAAIC,EAAIC,GAChBzxF,KAAKqxF,GAAU,EAALA,EACVrxF,KAAKsxF,GAAU,EAALA,EACVtxF,KAAKuxF,GAAU,EAALA,EACVvxF,KAAKwxF,GAAU,EAALA,EACVxxF,KAAKyxF,GAAU,EAALA,CAClB,CACI,OAAAruF,CAAQ0jB,EAAMlO,GACV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnCu4E,GAAMrvF,GAAKglB,EAAK0B,UAAU5P,GAAQ,GAEtC,IAAIgwD,EAAe,EAAV5oE,KAAKqxF,GAAQK,EAAK9oB,EAAIlsB,EAAe,EAAV18C,KAAKsxF,GAAQK,EAAKj1C,EAAIb,EAAe,EAAV77C,KAAKuxF,GAAQK,EAAK/1C,EAAIgC,EAAe,EAAV79C,KAAKwxF,GAAQK,EAAKh0C,EAAIi0C,EAAe,EAAV9xF,KAAKyxF,GAAQM,EAAKD,EAGvI,IAAK,IAAIZ,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACpC,MAAMc,EAAS,EAAId,EACbe,EAAMjB,GAAGE,GAAQgB,EAAMjB,GAAGC,GAC1BiB,EAAKvB,GAAKM,GAAQkB,EAAKvB,GAAKK,GAC5BtwC,EAAKkwC,GAAQI,GAAQmB,EAAKtB,GAAQG,GACxC,IAAK,IAAIpvF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM2lC,EAAMm+B,GAAKgD,EAAK3iC,GAAEirD,EAAOx0C,EAAIb,EAAIgC,GAAMszC,GAAMgB,EAAGrwF,IAAMmwF,EAAKrxC,EAAG9+C,IAAMgwF,EAAM,EAChFlpB,EAAKkpB,EAAIA,EAAKj0C,EAAIA,EAAoB,EAAf+nB,GAAK/pB,EAAI,IAASA,EAAKa,EAAIA,EAAKjV,CACvE,CAEY,IAAK,IAAI3lC,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMq5C,EAAMyqB,GAAK8rB,EAAKzrD,GAAE+rD,EAAQL,EAAIC,EAAIC,GAAMV,GAAMiB,EAAGtwF,IAAMowF,EAAKG,EAAGvwF,IAAMiwF,EAAM,EACjFL,EAAKK,EAAIA,EAAKF,EAAIA,EAAoB,EAAfjsB,GAAKgsB,EAAI,IAASA,EAAKD,EAAIA,EAAKx2C,CACvE,CACA,CAEQn7C,KAAKmC,IAAKnC,KAAKsxF,GAAKz1C,EAAKg2C,EAAM,EAAI7xF,KAAKuxF,GAAK1zC,EAAKk0C,EAAM,EAAI/xF,KAAKwxF,GAAKM,EAAKJ,EAAM,EAAI1xF,KAAKyxF,GAAK7oB,EAAK+oB,EAAM,EAAI3xF,KAAKqxF,GAAK30C,EAAKk1C,EAAM,EAC3I,CACI,UAAAprB,GACI2qB,GAAM1pE,KAAK,EACnB,CACI,OAAAxe,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKsJ,OAAOme,KAAK,GACjBznB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAC7B,EAMO,MCxFMyiB,GAAc,IAAI6wC,IAAI31D,OAAOiI,QAAQ,CAChD8F,QACAK,UACAH,UACAC,UACAC,UACAE,YACAC,YACAkkF,yBDgFuCtsB,IAAgB,IAAM,IAAIorB,2EE1FnE,SAASmB,GAAOj0E,EAAGxc,EAAG+V,EAAGsC,GACvBmE,EAAExc,IAAM+V,EAAEsC,GACVmE,EAAExc,EAAE,IAAM+V,EAAEsC,EAAE,IAAMmE,EAAExc,GAAK+V,EAAEsC,GAC/B,CAIA,SAASq4E,GAAOl0E,EAAG6E,GACjB7E,EAAE,IAAM6E,EACR7E,EAAE,IAAOA,EAAE,GAAK6E,CAClB,CAIA,SAAS8jD,GAAGrtD,EAAGye,EAAG/Z,EAAGzG,EAAGsL,EAAGC,EAAGqvE,EAAIC,GAChCH,GAAM34E,EAAG0E,EAAG1E,EAAG/B,GACf06E,GAAM34E,EAAG0E,EAAG+Z,EAAGo6D,GAGf,IAAIE,EAAO/4E,EAAEwJ,GAAKxJ,EAAE0E,GAChBs0E,EAAOh5E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GAC5B1E,EAAEwJ,GAAKwvE,EACPh5E,EAAEwJ,EAAI,GAAKuvE,EAEXJ,GAAM34E,EAAGuJ,EAAGvJ,EAAGwJ,GAGfuvE,EAAO/4E,EAAE/B,GAAK+B,EAAEuJ,GAChByvE,EAAOh5E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAM86E,IAAS,GAAOC,GAAQ,EAChCh5E,EAAE/B,EAAI,GAAM+6E,IAAS,GAAOD,GAAQ,EAEpCJ,GAAM34E,EAAG0E,EAAG1E,EAAG/B,GACf06E,GAAM34E,EAAG0E,EAAG+Z,EAAGq6D,GAGfC,EAAO/4E,EAAEwJ,GAAKxJ,EAAE0E,GAChBs0E,EAAOh5E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GACxB1E,EAAEwJ,GAAMuvE,IAAS,GAAOC,GAAQ,GAChCh5E,EAAEwJ,EAAI,GAAMwvE,IAAS,GAAOD,GAAQ,GAEpCJ,GAAM34E,EAAGuJ,EAAGvJ,EAAGwJ,GAGfuvE,EAAO/4E,EAAE/B,GAAK+B,EAAEuJ,GAChByvE,EAAOh5E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAM+6E,IAAS,GAAOD,GAAQ,EAChC/4E,EAAE/B,EAAI,GAAM86E,IAAS,GAAOC,GAAQ,CACtC,CAGA,MAAMC,GAAe,IAAI1yE,YAAY,CACnC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,WAAY,UAAY,UAAY,aAKhC2yE,GAAQ,IAAIrxF,WAAW,CAC3B,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EACnD,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EACnD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAClD,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GACnDkD,KAAI6W,GAAS,EAAJA,KAIX,SAASyuC,GAASryB,EAAG/b,GACnB,MAAMjC,EAAI,IAAIuG,YAAY,IACpBkY,EAAI,IAAIlY,YAAYyX,EAAE/f,EAAEvO,OAAQsuB,EAAE/f,EAAExN,WAAY,IAGtD,IAAK,IAAIvI,EAAI,EAAGA,EAAI,GAAIA,IACtB8X,EAAE9X,GAAK81B,EAAErG,EAAEzvB,GACX8X,EAAE9X,EAAI,IAAM+wF,GAAa/wF,GAI3B8X,EAAE,KAAOge,EAAE3J,GAAG,GACdrU,EAAE,KAAOge,EAAE3J,GAAG,GAId,MAAM8kE,EAAKl3E,EAAO,WAAa,EAC/BjC,EAAE,KAAOm5E,EACTn5E,EAAE,KAAOm5E,EAGT,IAAK,IAAIjxF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAE3B,MAAMkxF,EAAMlxF,GAAK,EACjBmlE,GAAErtD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAKy6D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAErtD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIy6D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAErtD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAKy6D,GAAME,EAAM,IAAKF,GAAME,EAAM,IACxD,CAEE,IAAK,IAAIlxF,EAAI,EAAGA,EAAI,GAAIA,IACtB81B,EAAErG,EAAEzvB,IAAM8X,EAAE9X,GAAK8X,EAAE9X,EAAI,GAE3B,CAKA,MAAMmxF,GACJ,WAAArzF,CAAYszF,EAAQviF,EAAK89B,EAAM0kD,GAC7B,MAAMxsE,EAAS,IAAIllB,WAAW,IAmB9BzB,KAAK43B,EAAI,CACP/f,EAAG,IAAIpW,WAAW2xF,IAClB7hE,EAAG,IAAIpR,YAAYkzE,GAAe,GAClCplE,GAAI,IAAI9N,YAAY,GACpBgD,EAAG,EACH+vE,UAIFvsE,EAAO,GAAKusE,EACRviF,IAAKgW,EAAO,GAAKhW,EAAI/O,QACzB+kB,EAAO,GAAK,EACZA,EAAO,GAAK,EACR8nB,GAAM9nB,EAAOxkB,IAAIssC,EAAM,IACvB0kD,GAAUxsE,EAAOxkB,IAAIgxF,EAAU,IACnC,MAAMG,EAAW,IAAInzE,YAAYwG,EAAOrd,OAAQqd,EAAOtc,WAAYsc,EAAO/kB,OAASue,YAAYk6B,mBAG/F,IAAK,IAAIv4C,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK43B,EAAErG,EAAEzvB,GAAK+wF,GAAa/wF,GAAKwxF,EAASxxF,GAI3C,GAAI6O,EAAK,CACP,MAAMqhB,EAAQ,IAAIvwB,WAAW2xF,IAC7BphE,EAAM7vB,IAAIwO,GACV3Q,KAAKskB,OAAO0N,EAClB,CACA,CAIE,MAAA1N,CAAO/jB,GACL,KAAMA,aAAiBkB,YAAa,MAAUF,MAAM,sCASpD,IAAIO,EAAI,EACR,KAAMA,EAAIvB,EAAMqB,QAAQ,CAClB5B,KAAK43B,EAAEzU,IAAMiwE,KACfZ,GAAMxyF,KAAK43B,EAAE3J,GAAIjuB,KAAK43B,EAAEzU,GACxB8mC,GAASjqD,KAAK43B,GAAG,GACjB53B,KAAK43B,EAAEzU,EAAI,GAEb,IAAIqH,EAAO4oE,GAAapzF,KAAK43B,EAAEzU,EAC/BnjB,KAAK43B,EAAE/f,EAAE1V,IAAI5B,EAAMyI,SAASlH,EAAGA,EAAI0oB,GAAOxqB,KAAK43B,EAAEzU,GACjD,MAAMsE,EAAOhf,KAAKsd,IAAIyE,EAAMjqB,EAAMqB,OAASE,GAC3C9B,KAAK43B,EAAEzU,GAAKsE,EACZ3lB,GAAK2lB,CACX,CACI,OAAOznB,IACX,CAOE,MAAAukB,CAAOgvE,GACLf,GAAMxyF,KAAK43B,EAAE3J,GAAIjuB,KAAK43B,EAAEzU,GAGxBnjB,KAAK43B,EAAE/f,EAAE4P,KAAK,EAAGznB,KAAK43B,EAAEzU,GACxBnjB,KAAK43B,EAAEzU,EAAIiwE,GACXnpC,GAASjqD,KAAK43B,GAAG,GAEjB,MAAM9R,EAAMytE,GAAY,IAAI9xF,WAAWzB,KAAK43B,EAAEs7D,QAC9C,IAAK,IAAIpxF,EAAI,EAAGA,EAAI9B,KAAK43B,EAAEs7D,OAAQpxF,IAEjCgkB,EAAIhkB,GAAK9B,KAAK43B,EAAErG,EAAEzvB,GAAK,IAAO,GAAS,EAAJA,GAGrC,OADA9B,KAAK43B,EAAErG,EAAI,KACJzL,EAAIxc,MACf,EAIe,SAAS+a,GAAW6uE,EAAQviF,EAAK89B,EAAM0kD,GACpD,GAAID,EAASG,GAAc,MAAU9xF,MAAM,0BAA0B8xF,cAAwBH,MAc7F,OAAO,IAAID,GAAQC,EAAQviF,EAAK89B,EAAM0kD,EACxC,CAEA,MAAME,GAAe,GAIfD,GAAa,IC7PbI,GAAO,EACPC,GAAU,GACVC,GAAe,WACfC,GAAe,EACfC,GAAgB,WAChBC,GAAgB,EAChBC,GAAoB,WACpBC,GAAoB,EACpBC,GAAe,WACfC,GAAc,WACdC,GAAkB,GAElBC,GAAoB,KACpBC,GAA+B,GAE/Bn0E,GAAyE,MAAxD,IAAIxe,WAAW,IAAIqrB,YAAY,CAAC,QAASxjB,QAAQ,GAGxE,SAAS+qF,GAAKz1E,EAAKjH,EAAG7V,GAKpB,OAJA8c,EAAI9c,EAAE,GAAK6V,EACXiH,EAAI9c,EAAE,GAAK6V,GAAM,EACjBiH,EAAI9c,EAAE,GAAK6V,GAAK,GAChBiH,EAAI9c,EAAE,GAAK6V,GAAK,GACTiH,CACT,CAQA,SAAS01E,GAAK11E,EAAKjH,EAAG7V,GACpB,GAAI6V,EAAIyP,OAAOgU,iBAAkB,MAAU75B,MAAM,mCAIjD,IAAImG,EAAYiQ,EAChB,IAAK,IAAIiB,EAAS9W,EAAG8W,EAAS9W,EAAE,EAAG8W,IACjCgG,EAAIhG,GAAUlR,EACdA,GAAaA,EAAYkX,EAAIhG,IAAW,IAE1C,OAAOgG,CACT,CAQA,SAAS21E,GAAGrB,EAAQlxD,EAAGnX,GACrB,MAAM4mB,EAAI,IAAIhwC,WAAW,IAEnB+yF,EAAQ,IAAI/yF,WAAW,EAAIugC,EAAEpgC,QAGnC,GAFAyyF,GAAKG,EAAOtB,EAAQ,GACpBsB,EAAMryF,IAAI6/B,EAAG,GACTkxD,GAAU,GAGZ,OADAuB,GAAQvB,GAAQ5uE,OAAOkwE,GAAOjwE,OAAOsG,GAC9BA,EAGT,MAAMpP,EAAIhT,KAAKyQ,KAAKg6E,EAAS,IAAM,EASnC,IAAK,IAAIpxF,EAAI,EAAGA,EAAI2Z,EAAG3Z,IACrB2yF,GAAQ,IAAInwE,OAAa,IAANxiB,EAAU0yF,EAAQ/iD,GAAGltB,OAAOktB,GAE/C5mB,EAAI1oB,IAAIsvC,EAAEzoC,SAAS,EAAG,IAAO,GAAFlH,GAG7B,MAAM4yF,EAAO,IAAIjzF,WAAWgzF,GAAQvB,EAAS,GAAGz3E,GAAG6I,OAAOmtB,GAAGltB,UAG7D,OAFAsG,EAAI1oB,IAAIuyF,EAAQ,GAAFj5E,GAEPoP,CACT,CAGA,SAAS8pE,GAAIC,EAAah2E,EAAKi2E,EAAIC,GAMjC,OALAF,EAAY3tF,GAAG0tF,IACb/1E,EAAIvU,WACJwqF,EAAGxqF,WACHyqF,EAAGzqF,YAEEuU,CACT,CAQA,SAASqoD,GAAE2tB,EAAa5yD,EAAGC,EAAGq3C,GAO5B,OANAsb,EAAY3tF,GAAGggE,EACbjlC,EAAE33B,WACF43B,EAAE53B,WACFivE,EAAEjvE,WACFuqF,EAAYG,KAAKC,GAAG3qF,YAEfivE,CACT,CAEA,SAAS2b,GAAGL,EAAa5yD,EAAGC,EAAGq3C,GAO7B,OANAsb,EAAY3tF,GAAGguF,GACbjzD,EAAE33B,WACF43B,EAAE53B,WACFivE,EAAEjvE,WACFuqF,EAAYG,KAAKC,GAAG3qF,YAEfivE,CACT,CAGA,SAAU4b,GAASN,EAAaO,EAAMC,EAAMzyF,EAAO0yF,EAAIC,EAAaC,EAAeC,GAGjFZ,EAAYG,KAAKU,QAAQhuE,KAAK,GAC9B,MAAMwb,EAAI2xD,EAAYG,KAAKU,QAAQzsF,SAAS,EAAG,IAC/CsrF,GAAKrxD,EAAGkyD,EAAM,GACdb,GAAKrxD,EAAGmyD,EAAM,GACdd,GAAKrxD,EAAGtgC,EAAO,IACf2xF,GAAKrxD,EAAGoyD,EAAI,IACZf,GAAKrxD,EAAGqyD,EAAa,IACrBhB,GAAKrxD,EAAGuwD,GAAM,IAQd,IAAI,IAAI1xF,EAAI,EAAGA,GAAKyzF,EAAezzF,IAAK,CAEtCwyF,GAAKM,EAAYG,KAAKU,QAAS3zF,EAAGmhC,EAAErhC,QACpC,MAAM8zF,EAAKT,GAAGL,EAAaA,EAAYG,KAAKY,SAAUf,EAAYG,KAAKU,QAASb,EAAYG,KAAKa,OAKjG,IAAI,IAAIr8E,EAAU,IAANzX,EAAwB,EAAd0zF,EAAkB,EAAGj8E,EAAIm8E,EAAG9zF,OAAQ2X,GAAK,QACtDm8E,EAAG1sF,SAASuQ,EAAGA,EAAE,EAE9B,CACE,MAAO,EACT,CAmBA,MAAMs8E,GAAK,KACLC,GAAiB,GAAKD,GAEb,SAASE,GAASpvE,GAAQqvE,OAAEA,EAAQtwE,SAAUuwE,IAC3D,IAAKh2E,GAAgB,MAAU1e,MAAM,kCAErC,MAAM2hF,EAvBR,UAAwBjvE,KAAEA,EAAIyjC,QAAEA,EAAOzmB,UAAEA,EAAS0mB,SAAEA,EAAQlJ,KAAEA,EAAIynD,GAAEA,EAAEjiD,OAAEA,EAAMj/B,YAAEA,EAAW4iC,WAAEA,EAAU7iC,OAAEA,IACvG,MAAMohF,EAAe,CAACluF,EAAM1F,EAAOwjB,EAAKrd,KACtC,GAAInG,EAAQwjB,GAAOxjB,EAAQmG,EAAO,MAAUnH,MAAM,GAAG0G,4BAA+B8d,SAAWrd,UAAa,EAG9G,GAAIuL,IAASu/E,IAAQ97C,IAAY+7C,GAAS,MAAUlyF,MAAM,+BAS1D,OARA40F,EAAa,WAAYx+C,EAAUo8C,GAAmBD,IACtDqC,EAAa,OAAQ1nD,EAAMolD,GAAeD,IAC1CuC,EAAa,MAAOllE,EAAW0iE,GAAcD,IAC7CyC,EAAa,SAAUv+C,EAAY,EAAE5iC,EAAag/E,IAElDkC,GAAMC,EAAa,kBAAmBD,EAAI,EAAGjC,IAC7ChgD,GAAUkiD,EAAa,SAAUliD,EAAQ,EAAGigD,IAErC,CAAEjgF,OAAMyjC,UAASzmB,YAAW0mB,WAAUlJ,OAAMynD,KAAIjiD,SAAQmiD,MAAOphF,EAAa4iC,aAAY7iC,SACjG,CAQc0hC,CAAe,CAAExiC,KAAMu/E,GAAM97C,QAAS+7C,MAAY9sE,KAEtDsgD,EAAEovB,EAAOpB,GAAGqB,EAAQx+D,IAAIy+D,EAASC,MAAMC,GAAWR,EAAaS,QACjEC,EAAW,CAAE,EACbC,EAAS,CAAE,EACjBA,EAAO3vB,EAAIovB,EACXO,EAAO3B,GAAKqB,EACZM,EAAOjC,IAAM4B,EAGb,MAAMlB,EAAK,EAAInS,EAAIkT,MAAQ3tF,KAAK0P,MAAM+qE,EAAItrC,YAAc,EAAIsrC,EAAIkT,QAC1DS,EAAiBxB,EAAKlB,GAAoB,GAAK0B,GACrD,GAAIG,EAAO1sF,OAAOgB,WAAausF,EAAgB,CAC7C,MAAMljE,EAAUlrB,KAAKyQ,MAAM29E,EAAiBb,EAAO1sF,OAAOgB,YAAcwrF,IAGxEE,EAAOc,KAAKnjE,EAChB,CAEE,IAAI/a,EAAS,EAEb+9E,EAAS3B,GAAK,IAAIvzF,WAAWu0F,EAAO1sF,OAAQsP,EAAQu7E,IAAoBv7E,GAAS+9E,EAAS3B,GAAGpzF,OAC7F+0F,EAASf,MAAQ,IAAIn0F,WAAWu0F,EAAO1sF,OAAQsP,EAAQu7E,IAAoBv7E,GAAQ+9E,EAASf,MAAMh0F,OAClG+0F,EAASlB,QAAU,IAAIh0F,WAAWu0F,EAAO1sF,OAAQsP,EAAQu7E,IAAoBv7E,GAAQ+9E,EAASlB,QAAQ7zF,OACtG+0F,EAAShB,SAAW,IAAIl0F,WAAWu0F,EAAO1sF,OAAQsP,EAAQ,MAAOA,GAAQ+9E,EAAShB,SAAS/zF,OAE3F,MAAMm1F,EAAK,IAAI52E,YAAY61E,EAAO1sF,OAAQsP,EAAQ,GAAIA,GAAQm+E,EAAGn1F,OAASue,YAAYk6B,kBACtF,MAAMu6C,EAAc,CAAE3tF,GAAI2vF,EAAQ7B,KAAM4B,GAClCK,EAAW,IAAIv1F,WAAWu0F,EAAO1sF,OAAQsP,EAAQu7E,IAAoBv7E,GAAQo+E,EAASp1F,OAC5F,MAAMq1F,EAAc,IAAIx1F,WAAWu0F,EAAO1sF,OAAQsP,EAAQsqE,EAAItrC,WAAau8C,IACrE+C,EAAkB,IAAIz1F,WAAWu0F,EAAO1sF,OAAQ,EAAGsP,GAGnDu+E,EA4ER,SAAejU,GACb,MAAMhc,EAAIutB,GAAQL,IACZgD,EAAS,IAAI31F,WAAW,GACxBklB,EAAS,IAAIllB,WAAW,IAC9B4yF,GAAK1tE,EAAQu8D,EAAIkT,MAAO,GACxB/B,GAAK1tE,EAAQu8D,EAAIjyD,UAAW,GAC5BojE,GAAK1tE,EAAQu8D,EAAItrC,WAAY,GAC7By8C,GAAK1tE,EAAQu8D,EAAInuE,OAAQ,IACzBs/E,GAAK1tE,EAAQu8D,EAAIxrC,QAAS,IAC1B28C,GAAK1tE,EAAQu8D,EAAIjvE,KAAM,IAEvB,MAAMikC,EAAS,CAACvxB,GACZu8D,EAAIvrC,UACNO,EAAOp1C,KAAKuxF,GAAK,IAAI5yF,WAAW,GAAIyhF,EAAIvrC,SAAS/1C,OAAQ,IACzDs2C,EAAOp1C,KAAKogF,EAAIvrC,WAEhBO,EAAOp1C,KAAKs0F,GAGVlU,EAAIz0C,MACNyJ,EAAOp1C,KAAKuxF,GAAK,IAAI5yF,WAAW,GAAIyhF,EAAIz0C,KAAK7sC,OAAQ,IACrDs2C,EAAOp1C,KAAKogF,EAAIz0C,OAEhByJ,EAAOp1C,KAAKs0F,GAGVlU,EAAIjvC,QACNiE,EAAOp1C,KAAKuxF,GAAK,IAAI5yF,WAAW,GAAIyhF,EAAIjvC,OAAOryC,OAAQ,IACvDs2C,EAAOp1C,KAAKogF,EAAIjvC,SAGhBiE,EAAOp1C,KAAKs0F,GAGVlU,EAAIgT,IACNh+C,EAAOp1C,KAAKuxF,GAAK,IAAI5yF,WAAW,GAAIyhF,EAAIgT,GAAGt0F,OAAQ,IACnDs2C,EAAOp1C,KAAKogF,EAAIgT,KAEhBh+C,EAAOp1C,KAAKs0F,GAEdlwB,EAAE5iD,OAMJ,SAAsB3iB,GACpB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,KAAMH,EAAOG,aAAcL,YACvB,MAAUF,MAAM,0DAGpBM,GAAeF,EAAOG,GAAGF,MAC/B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAASC,IACZH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MAAM,IAGlBG,CACT,CA1BWs1F,CAAan/C,IAEtB,MAAMo/C,EAAepwB,EAAE3iD,SACvB,OAAO,IAAI9iB,WAAW61F,EACxB,CAxHaC,CAAMrU,GAIXv/D,EAAI0xE,EAAKnS,EAAIkT,MACbp6B,EAAQr8D,MAAMujF,EAAIkT,OAAO3uE,KAAK,MAAM9iB,KAAI,IAAUhF,MAAMgkB,KACxD6zE,EAAY,CAAC11F,EAAGqY,KACpB6hD,EAAEl6D,GAAGqY,GAAK88E,EAAYjuF,SAASlH,EAAE6hB,EAAE,KAAS,KAAFxJ,EAASrY,EAAE6hB,EAAE,KAAS,KAAFxJ,EAAUg6E,IACjEn4B,EAAEl6D,GAAGqY,IAGd,IAAK,IAAIrY,EAAI,EAAGA,EAAIohF,EAAIkT,MAAOt0F,IAAK,CAElC,MAAM0pB,EAAM,IAAI/pB,WAAW01F,EAAGv1F,OAAS,GAGvC4pB,EAAIrpB,IAAIg1F,GAAK9C,GAAK7oE,EAAK,EAAG2rE,EAAGv1F,QAASyyF,GAAK7oE,EAAK1pB,EAAGq1F,EAAGv1F,OAAS,GAC/D2yF,GAAGJ,GAAmB3oE,EAAKgsE,EAAU11F,EAAG,IAGxCuyF,GAAK7oE,EAAK,EAAG2rE,EAAGv1F,QAChB2yF,GAAGJ,GAAmB3oE,EAAKgsE,EAAU11F,EAAG,GAC5C,CAKE,MACMyzF,EAAgB5xE,EADX,EAEX,IAAK,IAAIwxE,EAAO,EAAGA,EAAOjS,EAAInuE,OAAQogF,IAEpC,IAAK,IAAIv0C,EAAK,EAAGA,EAJR,EAIiBA,IAAM,CAC9B,MAAM62C,EAA6B,IAATtC,GAAcv0C,GAAM,EAC9C,IAAK,IAAI9+C,EAAI,EAAGA,EAAIohF,EAAIkT,MAAOt0F,IAAK,CAElC,IAAI0zF,EAAuB,IAAP50C,GAAqB,IAATu0C,EAAa,EAAI,EAEjD,MAAMuC,EAAOD,EAAoBvC,GAASN,EAAaO,EAAMrzF,EAAG8+C,EAAIy0C,EAAInS,EAAInuE,OAAQwgF,EAAeC,GAAiB,KACpH,KAAoBA,EAAgBD,EAAeC,IAAiB,CAClE,MAAMr7E,EAAIymC,EAAK20C,EAAgBC,EACzBviE,EAAY9Y,EAAI,EAAI6hD,EAAEl6D,GAAGqY,EAAE,GAAK6hD,EAAEl6D,GAAG6hB,EAAE,GAGvCg0E,EAAOF,EAAoBC,EAAKE,OAAOr1F,MAAQ0wB,EAErDwjE,EAAOM,EAAG1sF,WAAYstF,EAAKttF,WAAYvI,EAAGohF,EAAIkT,MAAOjB,EAAMv0C,EAAI40C,EAlB5D,EAkB+ED,GAClF,MAAMnzD,EAAI20D,EAAG,GAAU/wD,EAAI+wD,EAAG,GAIjB,IAAT5B,GAAYqC,EAAU11F,EAAGqY,GAC7B8sD,GAAE2tB,EAAa3hE,EAAW+oC,EAAE55B,GAAG4D,GAAImvD,EAAO,EAAI6B,EAAWh7B,EAAEl6D,GAAGqY,IAG1Dg7E,EAAO,GAAGR,GAAIC,EAAa54B,EAAEl6D,GAAGqY,GAAI68E,EAAUh7B,EAAEl6D,GAAGqY,GACjE,CACA,CACA,CAKE,MAAMm6B,EAAI0nB,EAAE,GAAGr4C,EAAE,GACjB,IAAI,IAAI7hB,EAAI,EAAGA,EAAIohF,EAAIkT,MAAOt0F,IAC5B6yF,GAAIC,EAAatgD,EAAGA,EAAG0nB,EAAEl6D,GAAG6hB,EAAE,IAGhC,MAAM5F,EAAMw2E,GAAGrR,EAAIjyD,UAAWqjB,EAAG,IAAI7yC,WAAWyhF,EAAIjyD,YAKpD,OAHAimE,EAAgBzvE,KAAK,GACrBuuE,EAAOc,KAAK,GAEL/4E,CAET,CC3RA,IAAI85E,GAiBWv1F,eAAew1F,GAAUC,EAASC,GAC/C,MAAMhC,EAAS,IAAIiC,YAAYC,OAAO,CAGpCC,QAAS,KACTC,QAAS,QAELC,QAvBR/1F,eAA0B0zF,EAAQ+B,EAASC,GACzC,MAAMM,EAAe,CAAE1hF,IAAK,CAAEo/E,WAC9B,QAAwB5zF,IAApBy1F,GACF,IACE,MAAMU,QAAeR,EAAQO,GAE7B,OADAT,IAAkB,EACXU,CACR,CAAC,MAAMr0F,GACN2zF,IAAkB,CACxB,CAIE,OADeA,GAAkBE,EAAUC,GAC7BM,EAChB,CAS2BE,CAAWxC,EAAQ+B,EAASC,GAkBrD,OAFqBrxE,GAAWovE,GAASpvE,EAAQ,CAAEjB,SAAU2yE,EAAW3yE,SAAUswE,UAGpF,oSCzCiB1zF,SAAYw1F,IAC1BW,6wLAA4BA,KAC5BA,yyJAA+BA,OCuB9BC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS33F,GACvBhB,KAAKgB,OAASA,EACdhB,KAAK44F,UAAY,EACjB54F,KAAK64F,QAAU,EACf74F,KAAK84F,SAAU,CACjB,EAEAH,GAAU14F,UAAU84F,YAAc,WAC3B/4F,KAAK84F,UACR94F,KAAK64F,QAAU74F,KAAKgB,OAAO4I,WAC3B5J,KAAK84F,SAAU,EAEnB,EAGAH,GAAU14F,UAAUoC,KAAO,SAAS2Z,GAElC,IADA,IAAIja,EAAS,EACNia,EAAO,GAAG,CACfhc,KAAK+4F,cACL,IAAIhpE,EAAY,EAAI/vB,KAAK44F,UAEzB,GAAI58E,GAAQ+T,EACVhuB,IAAWguB,EACXhuB,GAAU22F,GAAQ3oE,GAAa/vB,KAAK64F,QACpC74F,KAAK84F,SAAU,EACf94F,KAAK44F,UAAY,EACjB58E,GAAQ+T,MACH,CACLhuB,IAAWia,EACX,IAAI7S,EAAQ4mB,EAAY/T,EACxBja,IAAW/B,KAAK64F,QAAWH,GAAQ18E,IAAS7S,IAAWA,EACvDnJ,KAAK44F,WAAa58E,EAClBA,EAAO,CACb,CACA,CACE,OAAOja,CACT,EAGA42F,GAAU14F,UAAU+4F,KAAO,SAASh3F,GAClC,IAAIi3F,EAAQj3F,EAAM,EACdk3F,GAAUl3F,EAAMi3F,GAAS,EAC7Bj5F,KAAK44F,UAAYK,EACjBj5F,KAAKgB,OAAOg4F,KAAKE,GACjBl5F,KAAK84F,SAAU,CACjB,EAGAH,GAAU14F,UAAUk5F,GAAK,WACvB,IAA6Br3F,EAAzB8c,EAAM,IAAInd,WAAW,GACzB,IAAKK,EAAI,EAAGA,EAAI8c,EAAIhd,OAAQE,IAC1B8c,EAAI9c,GAAK9B,KAAKqC,KAAK,GAErB,OAGF,SAAkBuc,GAChB,OAAOjf,MAAMM,UAAU0E,IAAI5D,KAAK6d,GAAKpD,IAAM,KAAOA,EAAEgF,SAAS,KAAK7d,OAAO,KAAID,KAAK,GACpF,CALS02F,CAASx6E,EAClB,EAMA,IAAAy6E,GAAiBV,GC3FbW,GAAS,WACb,EAIAA,GAAOr5F,UAAU2J,SAAW,WAC1B,MAAUrI,MAAM,6CAClB,EAGMg4F,GAACt5F,UAAUoC,KAAO,SAASiH,EAAQkwF,EAAW53F,GAElD,IADA,IAAI4G,EAAY,EACTA,EAAY5G,GAAQ,CACzB,IAAIuhB,EAAInjB,KAAK4J,WACb,GAAIuZ,EAAI,EACN,OAAoB,IAAZ3a,GAAkB,EAAIA,EAEhCc,EAAOkwF,KAAer2E,EACtB3a,GACJ,CACE,OAAOA,CACT,EACA8wF,GAAOr5F,UAAU+4F,KAAO,SAASS,GAC/B,MAAUl4F,MAAM,yCAClB,EAGA+3F,GAAOr5F,UAAUy5F,UAAY,SAASC,GACpC,MAAUp4F,MAAM,6CAClB,EACMg4F,GAACt5F,UAAU8C,MAAQ,SAASuG,EAAQkwF,EAAW53F,GACnD,IAAIE,EACJ,IAAKA,EAAE,EAAGA,EAAEF,EAAQE,IAClB9B,KAAK05F,UAAUpwF,EAAOkwF,MAExB,OAAO53F,CACT,EACA03F,GAAOr5F,UAAU+G,MAAQ,WACzB,EAEA,ICNM4yF,GDMN54F,GAAiBs4F,GCXjBO,IAKMD,GAAc,IAAIz5E,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKV/f,KAAK85F,OAAS,WACZ,OAAS/5E,IAAS,CACnB,EAMD/f,KAAK+5F,UAAY,SAASx3F,GACxBwd,EAAOA,GAAO,EAAK65E,GAAqC,KAAvB75E,IAAQ,GAAMxd,GAChD,EAODvC,KAAKg6F,aAAe,SAASz3F,EAAOw6B,GAClC,KAAOA,KAAU,GACfhd,EAAOA,GAAO,EAAK65E,GAAqC,KAAvB75E,IAAQ,GAAMxd,GAElD,CACF,GCrECo2F,GAAYsB,GACZX,GAASY,GACTC,GAAQC,GAaRC,GAAM,SAASt+E,EAAOmB,GACxB,IAAwBpb,EAApB4sB,EAAM3S,EAAMmB,GAChB,IAAKpb,EAAIob,EAAOpb,EAAI,EAAGA,IACrBia,EAAMja,GAAKia,EAAMja,EAAE,GAGrB,OADAia,EAAM,GAAK2S,EACJA,CACT,EAEI6iD,GAAM,CACR+oB,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,CAAE,EACtBA,GAAcxpB,GAAIgpB,YAAyB,oBAC3CQ,GAAcxpB,GAAIipB,eAAyB,gBAC3CO,GAAcxpB,GAAIkpB,sBAAyB,uBAC3CM,GAAcxpB,GAAImpB,uBAAyB,wBAC3CK,GAAcxpB,GAAIopB,YAAyB,aAC3CI,GAAcxpB,GAAIqpB,eAAyB,gBAC3CG,GAAcxpB,GAAIspB,gBAAkB,kDAEpC,IAAIG,GAAS,SAASC,EAAQC,GAC5B,IAAI3vE,EAAMwvE,GAAcE,IAAW,gBAC/BC,IAAa3vE,GAAO,KAAK2vE,GAC7B,IAAIh3F,EAAI,IAAIkmC,UAAU7e,GAEtB,MADArnB,EAAEi3F,UAAYF,EACR/2F,CACR,EAEIk3F,GAAS,SAASC,EAAaC,GACjCt7F,KAAKu7F,SAAWv7F,KAAKw7F,aAAex7F,KAAKy7F,WAAa,EAEtDz7F,KAAK07F,cAAcL,EAAaC,EAClC,EACAF,GAAOn7F,UAAU07F,YAAc,WAE7B,OADiB37F,KAAK47F,mBAKtB57F,KAAK67F,SAAW,IAAI1B,IACb,IAJLn6F,KAAKy7F,YAAc,GACZ,EAIX,EAEAL,GAAOn7F,UAAUy7F,cAAgB,SAASL,EAAaC,GAErD,IAAI18E,EAAM,IAAInd,WAAW,GACW,IAAhC45F,EAAYh5F,KAAKuc,EAAK,EAAG,IACuB,QAAhD5H,OAAOoD,aAAawE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1Co8E,GAAOzpB,GAAIipB,cAAe,aAE5B,IAAIn6C,EAAQzhC,EAAI,GAAK,IACjByhC,EAAQ,GAAKA,EAAQ,IACvB26C,GAAOzpB,GAAIipB,cAAe,sBAE5Bx6F,KAAK0D,OAAS,IAAIi1F,GAAU0C,GAI5Br7F,KAAK87F,SAAW,IAASz7C,EACzBrgD,KAAK+7F,WAAa,EAClB/7F,KAAKs7F,aAAeA,EACpBt7F,KAAKg8F,UAAY,CACnB,EACAZ,GAAOn7F,UAAU27F,gBAAkB,WACjC,IAAI95F,EAAGqY,EAAGZ,EACN7V,EAAS1D,KAAK0D,OAId6tB,EAAI7tB,EAAOy1F,KACf,GAjFW,iBAiFP5nE,EACF,OAAO,EAnFG,iBAqFRA,GACFypE,GAAOzpB,GAAIipB,eACbx6F,KAAKi8F,eAAiBv4F,EAAOrB,KAAK,MAAQ,EAC1CrC,KAAKg8F,WAAah8F,KAAKi8F,gBACHj8F,KAAKg8F,WAAa,EAAMh8F,KAAKg8F,YAAY,OAAU,EAInEt4F,EAAOrB,KAAK,IACd24F,GAAOzpB,GAAIspB,gBACb,IAAIqB,EAAcx4F,EAAOrB,KAAK,IAC1B65F,EAAcl8F,KAAK87F,UACrBd,GAAOzpB,GAAIopB,WAAY,kCAMzB,IAAIj/E,EAAIhY,EAAOrB,KAAK,IAChB85F,EAAY,IAAI16F,WAAW,KAAM26F,EAAW,EAChD,IAAKt6F,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAI4Z,EAAK,GAAM,GAAM5Z,EAAK,CACxB,IAAI8tB,EAAQ,GAAJ9tB,EAER,IADAyX,EAAI7V,EAAOrB,KAAK,IACX8X,EAAI,EAAGA,EAAI,GAAIA,IACdZ,EAAK,GAAM,GAAMY,IACnBgiF,EAAUC,KAAcxsE,EAAIzV,EACtC,CAIE,IAAIkiF,EAAa34F,EAAOrB,KAAK,IACzBg6F,EAzHW,GAyHgBA,EAxHhB,IAyHbrB,GAAOzpB,GAAIopB,YAKb,IAAI2B,EAAa54F,EAAOrB,KAAK,IACV,IAAfi6F,GACFtB,GAAOzpB,GAAIopB,YAEb,IAAI4B,EAAY,IAAI96F,WAAW,KAC/B,IAAKK,EAAI,EAAGA,EAAIu6F,EAAYv6F,IAC1By6F,EAAUz6F,GAAKA,EAEjB,IAAI06F,EAAY,IAAI/6F,WAAW66F,GAE/B,IAAKx6F,EAAI,EAAGA,EAAIw6F,EAAYx6F,IAAK,CAE/B,IAAKqY,EAAI,EAAGzW,EAAOrB,KAAK,GAAI8X,IACtBA,GAAKkiF,GAAYrB,GAAOzpB,GAAIopB,YAElC6B,EAAU16F,GAAKu4F,GAAIkC,EAAWpiF,EAClC,CAIE,IACiBsiF,EADbC,EAAWN,EAAW,EACtB/oC,EAAS,GACb,IAAKl5C,EAAI,EAAGA,EAAIkiF,EAAYliF,IAAK,CAC/B,IAqBI+/D,EAASyiB,EArBT/6F,EAAS,IAAIH,WAAWi7F,GAAWzT,EAAO,IAAIn8D,YAAY8vE,IAK9D,IADAlhF,EAAIhY,EAAOrB,KAAK,GACXP,EAAI,EAAGA,EAAI46F,EAAU56F,IAAK,CAC7B,MACM4Z,EAAI,GAAKA,EAjKE,KAiKoBs/E,GAAOzpB,GAAIopB,YAG1Cj3F,EAAOrB,KAAK,IAEZqB,EAAOrB,KAAK,GAGdqZ,IAFAA,IAIJ9Z,EAAOE,GAAK4Z,CAClB,CAKI,IADAw+D,EAASyiB,EAAS/6F,EAAO,GACpBE,EAAI,EAAGA,EAAI46F,EAAU56F,IACpBF,EAAOE,GAAK66F,EACdA,EAAS/6F,EAAOE,GACTF,EAAOE,GAAKo4E,IACnBA,EAASt4E,EAAOE,IAapB26F,EAAW,CAAE,EACbppC,EAAOvwD,KAAK25F,GACZA,EAASI,QAAU,IAAI/vE,YAnMT,KAoMd2vE,EAASK,MAAQ,IAAI38E,YAAYy8E,IACjCH,EAAShtB,KAAO,IAAItvD,YAAYy8E,IAChCH,EAASviB,OAASA,EAClBuiB,EAASE,OAASA,EAElB,IAAII,EAAK,EACT,IAAKj7F,EAAIo4E,EAAQp4E,GAAK66F,EAAQ76F,IAE5B,IADAmnF,EAAKnnF,GAAK26F,EAASK,MAAMh7F,GAAK,EACzB4Z,EAAI,EAAGA,EAAIghF,EAAUhhF,IACpB9Z,EAAO8Z,KAAO5Z,IAChB26F,EAASI,QAAQE,KAAQrhF,GAG/B,IAAK5Z,EAAI,EAAGA,EAAI46F,EAAU56F,IACxBmnF,EAAKrnF,EAAOE,MAMd,IADAi7F,EAAKrhF,EAAI,EACJ5Z,EAAIo4E,EAAQp4E,EAAI66F,EAAQ76F,IAC3Bi7F,GAAM9T,EAAKnnF,GAOX26F,EAASK,MAAMh7F,GAAKi7F,EAAK,EACzBA,IAAO,EACPrhF,GAAKutE,EAAKnnF,GACV26F,EAAShtB,KAAK3tE,EAAI,GAAKi7F,EAAKrhF,EAE9B+gF,EAASK,MAAMH,EAAS,GAAKv1E,OAAO41E,UACpCP,EAASK,MAAMH,GAAUI,EAAK9T,EAAK0T,GAAU,EAC7CF,EAAShtB,KAAKyK,GAAU,CAC5B,CAME,IAAI+iB,EAAY,IAAI98E,YAAY,KAChC,IAAKre,EAAI,EAAGA,EAAI,IAAKA,IACnBy6F,EAAUz6F,GAAKA,EAEjB,IAA6Co7F,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAOt9F,KAAKs9F,KAAO,IAAIn9E,YAAYngB,KAAK87F,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWa,GACPF,GAAYf,GAActB,GAAOzpB,GAAIopB,YACzC8B,EAAWppC,EAAOmpC,EAAUa,OAG9Bv7F,EAAI26F,EAASviB,OACb//D,EAAIzW,EAAOrB,KAAKP,GAEVA,EAAI26F,EAASE,QAAU3B,GAAOzpB,GAAIopB,cAClCxgF,GAAKsiF,EAASK,MAAMh7F,IAFnBA,IAILqY,EAAKA,GAAK,EAAKzW,EAAOrB,KAAK,KAG7B8X,GAAKsiF,EAAShtB,KAAK3tE,IACX,GAAKqY,GAvQC,MAuQmB6gF,GAAOzpB,GAAIopB,YAC5C,IAAI6C,EAAUf,EAASI,QAAQ1iF,GAK/B,GA5Qc,IA4QVqjF,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY1hF,EAAI1b,KAAK87F,UAAYd,GAAOzpB,GAAIopB,YAEhDsC,EADAC,EAAKf,EAAUI,EAAU,MACR7gF,EACVA,KACL4hF,EAAKF,KAAeF,EAGxB,GAAIM,EAAUpB,EACZ,MAQEgB,GAAap9F,KAAK87F,UAAYd,GAAOzpB,GAAIopB,YAK7CsC,EAFAC,EAAKf,EADLe,EAAK7C,GAAIkC,EADTz6F,EAAI07F,EAAU,OAKdF,EAAKF,KAAeF,CA7BxB,MAjBWC,IACHA,EAAS,EACTzhF,EAAI,GAUJA,GA1RU,IAyRR8hF,EACGL,EAEA,EAAIA,EACXA,IAAW,CAgCjB,CAUE,KAHIjB,EAAc,GAAKA,GAAekB,IAAapC,GAAOzpB,GAAIopB,YAE9DxgF,EAAI,EACCrY,EAAI,EAAGA,EAAI,IAAKA,IACnByX,EAAIY,EAAI8iF,EAAUn7F,GAClBm7F,EAAUn7F,GAAKqY,EACfA,EAAIZ,EAGN,IAAKzX,EAAI,EAAGA,EAAIs7F,EAAWt7F,IAEzBw7F,EAAKL,EADLC,EAAe,IAAVI,EAAKx7F,MACcA,GAAK,EAC7Bm7F,EAAUC,KAKZ,IAAIl7F,EAAM,EAAGy7F,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjBz7F,EAAMs7F,EAAKpB,IAEXl6F,IAAQ,EACR07F,GAAO,GAET19F,KAAKu7F,SAAWv5F,EAChBhC,KAAKw7F,aAAeiC,EACpBz9F,KAAKy7F,WAAa2B,EAClBp9F,KAAK29F,SAAWD,GAET,CACT,EAOAtC,GAAOn7F,UAAU29F,aAAe,SAAStG,EAAcjqE,GACnD,IAAIwwE,EAAQC,EAAUC,EAKxB,GAAI/9F,KAAKy7F,WAAa,EAAK,OAAO,EAGlC,IAAI6B,EAAOt9F,KAAKs9F,KAAMt7F,EAAMhC,KAAKu7F,SAAUkC,EAAUz9F,KAAKw7F,aACtD4B,EAAYp9F,KAAKy7F,WAAyBz7F,KAAKg+F,WAGnD,IAFA,IAAIN,EAAM19F,KAAK29F,SAERP,GAAW,CAehB,IAdAA,IACAU,EAAWL,EAEXA,EAAgB,KADhBz7F,EAAMs7F,EAAKt7F,IAEXA,IAAQ,EACM,GAAV07F,KACFG,EAASJ,EACTM,EAAUD,EACVL,GAAW,IAEXI,EAAS,EACTE,EAAUN,GAEZz9F,KAAK67F,SAAS7B,aAAa+D,EAASF,GAC7BA,KACL79F,KAAKs7F,aAAa5B,UAAUqE,GAC5B/9F,KAAK+7F,aAEH0B,GAAWK,IACbJ,EAAM,EACZ,CAQE,OAPA19F,KAAKy7F,WAAa2B,EAEdp9F,KAAK67F,SAAS/B,WAAa95F,KAAKi8F,gBAClCjB,GAAOzpB,GAAIopB,WAAY,sBACR36F,KAAK67F,SAAS/B,SAASt5E,SAAS,IACxC,aAAaxgB,KAAKi8F,eAAez7E,SAAS,IAAI,KAEhDxgB,KAAK+7F,UACd,EAEA,IAAIkC,GAAoB,SAAS19F,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAI86F,EAAc,IAAI/B,GAKtB,OAJA+B,EAAYr5F,IAAM,EAClBq5F,EAAYzxF,SAAW,WAAa,OAAOrJ,EAAMP,KAAKgC,MAAS,EAC/Dq5F,EAAYrC,KAAO,SAASh3F,GAAOhC,KAAKgC,IAAMA,CAAM,EACpDq5F,EAAY6C,IAAM,WAAa,OAAOl+F,KAAKgC,KAAOzB,EAAMqB,MAAS,EAC1Dy5F,CACT,EACI8C,GAAqB,SAASv3F,GAChC,IAAI00F,EAAe,IAAIhC,GACnB8E,GAAW,EACf,GAAIx3F,EACF,GAAqB,iBAAV,EACT00F,EAAahyF,OAAS,IAAI7H,WAAWmF,GACrCw3F,GAAW,MACN,IAAI,cAAex3F,EACxB,OAAOA,EAEP00F,EAAahyF,OAAS1C,EACtBw3F,GAAW,CACjB,MAEI9C,EAAahyF,OAAS,IAAI7H,WAAW,OAuBvC,OArBA65F,EAAat5F,IAAM,EACnBs5F,EAAa5B,UAAY,SAASC,GAChC,GAAIyE,GAAYp+F,KAAKgC,KAAOhC,KAAKsJ,OAAO1H,OAAQ,CAC9C,IAAIy8F,EAAY,IAAI58F,WAA8B,EAAnBzB,KAAKsJ,OAAO1H,QAC3Cy8F,EAAUl8F,IAAInC,KAAKsJ,QACnBtJ,KAAKsJ,OAAS+0F,CACpB,CACIr+F,KAAKsJ,OAAOtJ,KAAKgC,OAAS23F,CAC3B,EACD2B,EAAagD,UAAY,WAEvB,GAAIt+F,KAAKgC,MAAQhC,KAAKsJ,OAAO1H,OAAQ,CACnC,IAAKw8F,EACH,MAAM,IAAIh0D,UAAU,2CACtB,IAAIi0D,EAAY,IAAI58F,WAAWzB,KAAKgC,KACpCq8F,EAAUl8F,IAAInC,KAAKsJ,OAAON,SAAS,EAAGhJ,KAAKgC,MAC3ChC,KAAKsJ,OAAS+0F,CACpB,CACI,OAAOr+F,KAAKsJ,MACb,EACDgyF,EAAaiD,UAAW,EACjBjD,CACT,EAqGA,IAAAkD,GAAiB,CACfpD,UACA9B,UACA/nB,OACAz2D,OApGa,SAASva,EAAOqG,EAAQ63F,GAMrC,IAJA,IAAIpD,EAAc4C,GAAkB19F,GAChC+6F,EAAe6C,GAAmBv3F,GAElC83F,EAAK,IAAItD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAY6C,OACxC,GAAIQ,EAAG/C,cACL+C,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAGh7F,OAAOrB,KAAK,MAAQ,EAM7C,GALIs8F,IAAoBD,EAAG1C,WACzBhB,GAAOzpB,GAAIopB,WAAY,uBACR+D,EAAG1C,UAAUx7E,SAAS,IAC9B,aAAam+E,EAAgBn+E,SAAS,IAAI,MAE/Ci+E,KACA,QAASpD,IACRA,EAAY6C,MAGV,MADLQ,EAAGhD,cAAcL,EAAaC,EAEtC,CAEE,GAAI,cAAeA,EACjB,OAAOA,EAAagD,WACxB,EA0EEM,YAzEkB,SAASr+F,EAAOyB,EAAK4E,GAEvC,IAAIy0F,EAAc4C,GAAkB19F,GAChC+6F,EAAe6C,GAAmBv3F,GAClC83F,EAAK,IAAItD,GAAOC,EAAaC,GAejC,GAdAoD,EAAGh7F,OAAOs1F,KAAKh3F,GAEE08F,EAAG9C,oBAGlB8C,EAAG7C,SAAW,IAAI1B,GAGlBuE,EAAGG,YAAc,EAGjBH,EAAGd,gBAGD,cAAetC,EACjB,OAAOA,EAAagD,WACxB,EAqDEQ,MAhDY,SAASv+F,EAAO0rC,EAAUwyD,GAEtC,IAAIpD,EAAc,IAAI/B,GACtB+B,EAAY0D,SAAWd,GAAkB19F,GACzC86F,EAAYr5F,IAAM,EAClBq5F,EAAYzxF,SAAW,WAErB,OADA5J,KAAKgC,MACEhC,KAAK++F,SAASn1F,UACtB,EACGyxF,EAAY0D,SAASb,MACvB7C,EAAY6C,IAAM7C,EAAY0D,SAASb,IAAIv6F,KAAK03F,EAAY0D,WAE9D,IAAIzD,EAAe,IAAIhC,GACvBgC,EAAat5F,IAAM,EACnBs5F,EAAa5B,UAAY,WAAa15F,KAAKgC,KAAQ,EAInD,IAFA,IAAI08F,EAAK,IAAItD,GAAOC,EAAaC,GAC7Br4E,EAAYy7E,EAAG5C,WAEb,QAAST,KAAeA,EAAY6C,OAD7B,CAGX,IAAIc,EAA2B,EAAhB3D,EAAYr5F,IAAQ08F,EAAGh7F,OAAOk1F,UAG7C,GAFI8F,EAAGh7F,OAAOo1F,UAAWkG,GAAY,GAEjCN,EAAG/C,cAAe,CACpB,IAAIv3F,EAAQk3F,EAAat5F,IACzB08F,EAAGd,eACH3xD,EAAS+yD,EAAU1D,EAAat5F,IAAMoC,EAC5C,KAAW,CAEL,GADUs6F,EAAGh7F,OAAOrB,KAAK,KACrBo8F,KACA,QAASpD,IACRA,EAAY6C,MAKV,MAHLQ,EAAGhD,cAAcL,EAAaC,GAC9BzyF,QAAQo2F,OAAOP,EAAG5C,WAAa74E,EAChB,sDAEvB,CACA,CACA,sKC1iBA,MACE,cAAWlF,GACT,OAAOtT,EAAMkE,OAAOS,MACxB,CAOE,IAAA/M,CAAK8H,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,EAId,CAEE,KAAApH,GACE,OAAO,IAAItB,WAAW,CAAC,GAAM,GAAM,IACvC,4EC/BA,MACE,cAAWsc,GACT,OAAOtT,EAAMkE,OAAOkB,OACxB,CAEE,WAAAjQ,GACEI,KAAK6P,QAAU,IACnB,CAME,IAAAxN,CAAK8H,GAEP,CAME,KAAApH,GACE,OAAO/C,KAAK6P,OAChB,CAQE,mBAAMqvF,CAAct9F,GAClB5B,KAAK6P,cAAgBsM,GAAOw6B,OAAO/a,eAAeh6B,EACtD,wVCzCA,MACE,cAAWmc,GACT,OAAOtT,EAAMkE,OAAOW,KACxB,CAME,IAAAjN,GACE,MAAM,IAAIuqC,GAAiB,kCAC/B,CAEE,KAAA7pC,GACE,MAAM,IAAI6pC,GAAiB,kCAC/B,oH7CoLOtqC,gBAAsC0N,KAAEA,KAASmvF,IACtD,IAAKnvF,EACH,MAAUzO,MAAM,sEAElB,IAAKuV,EAAKC,SAAS/G,GACjB,MAAUzO,MAAM,yDAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,OAAO,IAAIiiE,GAAiB30D,EAC9B,kBDkqBO1N,gBAA6B0N,KAAEA,EAAID,OAAEA,EAAM6yC,SAAEA,EAAQD,KAAEA,EAAO,IAAI5qC,KAAM4mB,OAAEA,QAAkBv8B,IAAT4N,EAAqB,OAAS,aAAamvF,IACnI,MAAM5+F,OAAiB6B,IAAT4N,EAAqBA,EAAOD,EAC1C,QAAc3N,IAAV7B,EACF,MAAUgB,MAAM,yEAElB,GAAIyO,IAAS8G,EAAKC,SAAS/G,KAAU8G,EAAK7V,SAAS+O,GACjD,MAAUzO,MAAM,0DAElB,GAAIwO,IAAW+G,EAAKtV,aAAauO,KAAY+G,EAAK7V,SAAS8O,GACzD,MAAUxO,MAAM,gEAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,MAAM28F,EAAavoF,EAAK7V,SAASV,GAC3B+iE,EAAoB,IAAI5gB,GAAkBC,QACnCvgD,IAAT4N,EACFszD,EAAkBzgB,QAAQtiD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS6uB,IAE5D2kC,EAAkBtgB,SAASziD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS6uB,SAE9Cv8B,IAAbwgD,GACF0gB,EAAkBrgB,YAAYL,GAEhC,MAAM08C,EAAwB,IAAI92C,GAClC82C,EAAsBx8F,KAAKwgE,GAC3B,MAAM/vD,EAAU,IAAIusD,GAAQw/B,GAE5B,OADA/rF,EAAQq1C,WAAay2C,EACd9rF,CACT,YEvkBOjR,gBAAuBiR,QAAEA,EAAO4sD,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAW7H,iBAAEA,EAAgB+mC,aAAEA,GAAe,EAAK5gE,OAAEA,EAAS,OAAM9vB,UAAEA,EAAY,KAAI8zC,KAAEA,EAAO,IAAI5qC,YAAQ7D,KAAWirF,IAGxL,GAF0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC4wD,GAAavxD,GAAUilD,EAAmB6M,GAAQ7M,GAAmB2H,EAAiBkF,GAAQlF,GAAiBC,EAAYiF,GAAQjF,GAAYC,EAAcgF,GAAQhF,GACjK8+B,EAAK/hC,YAAa,MAAU77D,MAAM,iGACtC,GAAI49F,EAAKK,WAAY,MAAUj+F,MAAM,kGACrC,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IACE,MAAMwpD,QAAkB34C,EAAQ8a,QAAQ8xC,EAAgBC,EAAWC,EAAa1d,EAAMzuC,GACjFskD,IACHA,EAAmB,IAGrB,MAAMz2D,EAAS,CAAE,EAKjB,GAJAA,EAAOiyD,WAAanlD,QAAkBq9C,EAAU+X,eAAep1D,EAAW2pD,EAAkB7V,EAAMzuC,SAAgBg4C,EAAUxrB,OAAO83B,EAAkB7V,EAAMzuC,GAC3JnS,EAAO8E,KAAkB,WAAX83B,EAAsButB,EAAUyV,iBAAmBzV,EAAUpJ,UAC3E/gD,EAAO6gD,SAAWsJ,EAAUhJ,cAC5BqiB,GAAYxjE,EAAQwR,GAChBgsF,EAAc,CAChB,GAAgC,IAA5B/mC,EAAiB52D,OACnB,MAAUL,MAAM,+DAElB,GAAiC,IAA7BQ,EAAOiyD,WAAWpyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPo/C,GAAiB3jD,gBACTwU,EAAKkH,WAAWjc,EAAOiyD,WAAWrvD,KAAIkmC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADAxwC,EAAO8E,WAAay+D,GAAcvjE,EAAO8E,MAClC9E,CACR,CAAC,MAAOs0B,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,eAvMO/zB,gBAA0BkR,WAAEA,EAAU8jC,WAAEA,EAAYpjC,OAAAA,KAAWirF,IAC1Bj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkrF,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAAK8Q,EAAW0kD,YACd,MAAU32D,MAAM,+BAElB,MAAMk+F,EAAmBjsF,EAAW5Q,OAAM,GACpC88F,EAAc5oF,EAAKrW,QAAQ62C,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMp3C,QAAQ4E,IAAI26F,EAAiB/mC,UAAU/zD,KAAIgM,GAE/CmG,EAAKkH,WAAW0hF,EAAY/6F,KAAI2yC,GAAc3mC,EAAIk/C,UAAUxhC,QAAQipB,eAGhEmoD,EAAiBhtC,SAASv+C,GACzBurF,CACR,CAAC,MAAOppE,GAEP,MADAopE,EAAiBrtC,qBACXt7C,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,uBA2YO/zB,gBAAkCiR,QAAEA,EAAO4sD,eAAEA,EAAcC,UAAEA,EAASzd,KAAEA,EAAO,IAAI5qC,KAAQ7D,OAAAA,KAAWirF,IAG3G,GAF0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC4wD,GAAavxD,GAAU4sD,EAAiBkF,GAAQlF,GAAiBC,EAAYiF,GAAQjF,GACjF++B,EAAK/hC,YAAa,MAAU77D,MAAM,4GACtC,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAEE,aAD0B6Q,EAAQmtD,mBAAmBP,EAAgBC,OAAWh+D,EAAWugD,EAAMzuC,EAElG,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,gCAAiC0Y,EAC1D,CACA,YAhVO/zB,gBAAuBiR,QAAEA,EAAOquD,eAAEA,EAAc3J,YAAEA,EAAWmI,UAAEA,EAASnS,WAAEA,EAAUtvB,OAAEA,EAAS,UAAS9vB,UAAEA,EAAY,KAAIi1C,SAAEA,GAAW,EAAKsf,cAAEA,EAAgB,GAAEV,iBAAEA,EAAmB,GAAE/f,KAAEA,EAAO,IAAI5qC,KAAMsrD,eAAEA,EAAiB,GAAEs8B,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,GAAI1rF,OAAAA,KAAWirF,IAKlS,GAJ0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC4wD,GAAavxD,GAAUyxD,GAAyBrmC,GAChDijC,EAAiByD,GAAQzD,GAAiB3J,EAAcoN,GAAQpN,GAAcmI,EAAYiF,GAAQjF,GAClGgD,EAAgBiC,GAAQjC,GAAgBV,EAAmB2C,GAAQ3C,GAAmBW,EAAiBgC,GAAQhC,GAAiBs8B,EAAoBt6B,GAAQs6B,GAAoBC,EAAqBv6B,GAAQu6B,GACzMT,EAAKv0D,SACP,MAAUrpC,MAAM,+JAElB,GAAI49F,EAAKK,WAAY,MAAUj+F,MAAM,gGACrC,GAAI49F,EAAK/hC,YAAa,MAAU77D,MAAM,8FACtC,QAAmBa,IAAf+8F,EAAKhsF,MAAqB,MAAU5R,MAAM,oFAC9C,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAE3Hu1D,IACHA,EAAc,IAGhB,IASE,IARIA,EAAYr2D,QAAUiN,KACxB0E,QAAgBA,EAAQ4sB,KAAK83B,EAAa2J,EAAgB/yD,EAAWu0D,EAAezgB,EAAM0gB,EAAgBX,EAAkBk9B,EAAoB1rF,IAElJX,EAAUA,EAAQ02C,eT5Ff3nD,eAA2Ck0C,EAAO,GAAImM,EAAO,IAAI5qC,KAAQwnD,EAAU,GAAIrrD,EAASqD,GACrG,MAAM69C,EAAc3qD,EAAM6C,YAAYC,aAChC8nD,EAAsBnhD,EAAOG,8BAK7BwrF,QAA0B3/F,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,eAAeqO,EAAK7O,GACvE,MACMg+F,SAD0BnvF,EAAI4kD,wBAAwB5S,EAAM4c,EAAQz9D,GAAIoS,IACrCpC,+BACzC,QAASguF,GAAkBA,EAAer2F,QAAQ4rD,IAAwB,CAC9E,KACE,OAAOwqC,EAAkBxjE,MAAM6hC,SAAW7I,EAAsBD,CAClE,CSgFY2qC,CAA4Bn+B,EAAgBjf,EAAMg9C,EAAmBzrF,GAC3EA,GAEFX,QAAgBA,EAAQwa,QAAQ6zC,EAAgBxB,EAAWnS,EAAYnK,EAAU4e,EAAkB/f,EAAMg9C,EAAmBzrF,GAC7G,WAAXyqB,EAAqB,OAAOprB,EAEhC,MACM1M,EADmB,YAAX83B,EACOprB,EAAQJ,MAAMe,GAAUX,EAAQxQ,QACrD,aAAauiE,GAAcz+D,EAC5B,CAAC,MAAOwvB,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,eA7FO/zB,gBAA0BkR,WAAEA,EAAU8jC,WAAEA,EAAYpjC,OAAAA,KAAWirF,IAC1Bj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkrF,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAAK8Q,EAAW0kD,YACd,MAAU32D,MAAM,+BAElB,MAAMk+F,EAAmBjsF,EAAW5Q,OAAM,GAEpC4zC,EAAOipD,EAAiB/mC,UACxBgnC,EAAc5oF,EAAKrW,QAAQ62C,GAAcA,EAAiB33C,MAAM62C,EAAK50C,QAAQ6lB,KAAK6vB,GACxF,GAAIooD,EAAY99F,SAAW40C,EAAK50C,OAC9B,MAAUL,MAAM,0DAGlB,IAME,aALMrB,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,MAAOqO,EAAK7O,KACrC,MAAM+tD,UAAEA,GAAcl/C,QAChBk/C,EAAU9hC,QAAQ2xE,EAAY59F,GAAIoS,GACxC27C,EAAUuC,oBAAoB,KAEzBqtC,CACR,CAAC,MAAOppE,GAEP,MADAopE,EAAiBrtC,qBACXt7C,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,sBAmUO/zB,gBAAiCuE,KAAEA,EAAI6uC,UAAEA,EAAS8V,cAAEA,EAAaoW,eAAEA,EAAcxB,UAAEA,EAASzhC,OAAEA,EAAS,UAASmlB,SAAEA,GAAW,EAAK4e,iBAAEA,EAAmB,GAAE/f,KAAEA,EAAO,IAAI5qC,KAAM4nF,kBAAEA,EAAoB,GAAIzrF,OAAAA,KAAWirF,IAItN,GAH0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAgElC,SAAqBrN,GACnB,IAAKiQ,EAAKtV,aAAaqF,GACrB,MAAUtF,MAAM,8CAEpB,CAnEEy+F,CAAYn5F,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAK6O,EAAKC,SAASlQ,GACjB,MAAUtF,MAAM,gBAAmC,2BAEvD,CA9DqB0+F,CAAYvqD,EAAW,aAAcsvB,GAAyBrmC,GACjFijC,EAAiByD,GAAQzD,GAAiBxB,EAAYiF,GAAQjF,GAAYsC,EAAmB2C,GAAQ3C,GAAmBi9B,EAAoBt6B,GAAQs6B,GAChJR,EAAKK,WAAY,MAAUj+F,MAAM,0GACrC,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,KAAMk/D,GAA4C,IAA1BA,EAAehgE,QAAmBw+D,GAAkC,IAArBA,EAAUx+D,QAC/E,MAAUL,MAAM,6CAGlB,IAEE,OAAOikE,SADe1F,GAAQ8C,kBAAkB/7D,EAAM6uC,EAAW8V,EAAeoW,EAAgBxB,EAAWtc,EAAU4e,EAAkB/f,EAAMg9C,EAAmBzrF,GACnIyqB,EAAQzqB,EACtC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,0BA3gBO/zB,gBAA2Bi9D,QAAEA,EAAU,GAAEjoB,WAAEA,EAAUrjC,KAAEA,EAAIvJ,MAAEA,EAAKmpD,QAAEA,EAAU,KAAItiD,kBAAEA,EAAoB,EAACoxC,KAAEA,EAAO,IAAI5qC,KAAM8iD,QAAEA,EAAU,CAAC,CAAE,GAACl8B,OAAEA,EAAS,UAAWzqB,OAAAA,KAAWirF,IACxIj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAC3BD,GAASvJ,GAIZuJ,EAAOA,GAAQ,MACfvJ,EAAQA,GAAS,qBAJjBuJ,EAAOC,EAAOQ,OAAS,aAAe,MACtChK,EAAQ,oBAKV60D,EAAU8F,GAAQ9F,GAClB,MAAM6/B,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAuB,IAAnB68D,EAAQ39D,SAAiBsS,EAAOQ,OAClC,MAAUnT,MAAM,oCAElB,GAAa,QAAT0S,GAAkB4/C,EAAU3/C,EAAOkB,WACrC,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBy+C,KAG3E,MAAM/tD,EAAU,CAAEy5D,UAASjoB,aAAYrjC,OAAM4/C,UAASnpD,QAAO6G,oBAAmBoxC,OAAMkY,WAEtF,IACE,MAAMlqD,IAAEA,EAAGusD,sBAAEA,SHIV56D,eAAwBwD,EAASoO,GACtCpO,EAAQq6B,MAAO,GACfr6B,EAAUw4D,GAA0Bx4D,IAC5B+0D,QAAU/0D,EAAQ+0D,QAAQl2D,KAAI,CAAC+vD,EAAQx3C,IAAUohD,GAA0Bx4D,EAAQ+0D,QAAQ39C,GAAQpX,KAC3G,IAAImY,EAAW,CAACiiF,GAAyBp6F,EAASoO,IAClD+J,EAAWA,EAASzZ,OAAOsB,EAAQ+0D,QAAQl2D,KAAImB,GAAWy4D,GAA4Bz4D,EAASoO,MAC/F,MAAMw0C,QAAgBxoD,QAAQ4E,IAAImZ,GAE5BtN,QAAYiuD,GAAclW,EAAQ,GAAIA,EAAQ/lD,MAAM,GAAImD,EAASoO,GACjEgpD,QAA8BvsD,EAAIqsD,yBAAyBl3D,EAAQ68C,KAAMzuC,GAE/E,OADAvD,EAAIknD,qBAAuB,GACpB,CAAElnD,MAAKusD,wBAChB,CGhBiDjwB,CAASnnC,EAASoO,GAG/D,OAFAvD,EAAI+nD,UAAUz2D,SAAQ,EAAG4tD,eAAgByH,GAAqBzH,EAAW37C,KAElE,CACLV,WAAYgyD,GAAa70D,EAAKguB,EAAQzqB,GACtCnI,UAAWy5D,GAAa70D,EAAIgtD,WAAYh/B,EAAQzqB,GAChDgpD,wBAEH,CAAC,MAAO7mC,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,uBAwbO/zB,gBAAkCs/D,eAAEA,EAAcjf,KAAEA,EAAO,IAAI5qC,KAAM4nF,kBAAEA,EAAoB,GAAIzrF,OAAAA,KAAWirF,IAG/G,GAF0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC0tD,EAAiByD,GAAQzD,GAAiB+9B,EAAoBt6B,GAAQs6B,GAClER,EAAKK,WAAY,MAAUj+F,MAAM,2GACrC,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAEE,aAD0Bo9D,GAAQtQ,mBAAmBoS,EAAgBjf,EAAMg9C,EAAmBzrF,EAE/F,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,yBD/YO/zB,gBAAoC69F,iBAAEA,EAAgBjsF,OAAEA,KAAWirF,IAExE,GADAjrF,EAAS,IAAKqD,KAAkBrD,IAC3BisF,EACH,MAAU5+F,MAAM,gFAElB,IAAKuV,EAAKC,SAASopF,GACjB,MAAU5+F,MAAM,mEAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,MAAMnC,QAAc8gB,EAAQ8+E,GAC5B,GAAI5/F,EAAM0T,OAASxJ,EAAM0I,MAAMG,OAC7B,MAAU/R,MAAM,gCAElB,MAAMmyD,QAAmBlL,GAAWC,WAAWloD,EAAMsG,KAAMyhD,GAAgBp0C,IAY7E,SAAuB8M,EAAS0yC,GAC9B,MAAM0sC,EAAiB,SAASC,GAC9B,MAAMC,EAAQ3xF,GAAU8T,GAAQ9T,EAAOw1C,gBAAkB1hC,EAEzD,IAAK,IAAI3gB,EAAI,EAAGA,EAAI4xD,EAAW9xD,OAAQE,IACrC,GAAI4xD,EAAW5xD,GAAGlC,YAAYme,MAAQtT,EAAMkE,OAAOE,YAAcwxF,EAAU37F,KAAK47F,EAAM5sC,EAAW5xD,KAC/F,OAAO,EAGX,OAAO,CACR,EAEKu+F,EAAY,GAoBlB,GAnBAr/E,EAAQ/e,SAAQyd,IACd,MAAM6gF,EAAa7gF,EAAOC,MAAM,gBAChC,IAAI4gF,EAaF,MAAUh/F,MAAM,0DAbF,CACd,MAAMi/F,EAAgBD,EAAW,GAC9BjhF,QAAQ,MAAO,IACf7B,MAAM,KACN9Y,KAAIu7B,IACH,IACE,OAAOz1B,EAAM1H,MAAM0H,EAAMkD,KAAMuyB,EAASm0B,cACzC,CAAC,MAAOnwD,GACP,MAAU3C,MAAM,2CAA6C2+B,EAASm0B,cAClF,KAEMgsC,EAAUv9F,QAAQ09F,EACxB,CAEA,IAGMH,EAAUz+F,SAAWw+F,EAAeC,GACtC,MAAU9+F,MAAM,wDAEpB,CA9CEwf,CAAcxgB,EAAMygB,QAAS0yC,GAC7B,MAAM7kD,EAAY,IAAI4kD,GAAUC,GAChC,OAAO,IAAIiR,GAAiBpkE,EAAMyP,KAAMnB,EAC1C,YF6JOvM,gBAAuBm+F,WAAEA,EAAUC,UAAEA,EAAWxsF,OAAAA,KAAWirF,IAEhE,GADAjrF,EAAS,IAAKqD,KAAkBrD,IAC3BusF,IAAeC,EAClB,MAAUn/F,MAAM,4EAElB,GAAIk/F,IAAe3pF,EAAKC,SAAS0pF,GAC/B,MAAUl/F,MAAM,gDAElB,GAAIm/F,IAAc5pF,EAAKtV,aAAak/F,GAClC,MAAUn/F,MAAM,mDAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAAInC,EACJ,GAAIkgG,EAAY,CACd,MAAMxsF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQo/E,GACrC,GAAMxsF,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WAC3D,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,MACItG,EAAQmgG,EAEV,MAAMhtC,QAAmBlL,GAAWC,WAAWloD,EAAOm+D,GAAmBxqD,GACnEysF,EAAWjtC,EAAW/J,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB2xF,EAAS/+F,OACX,MAAUL,MAAM,uBAGlB,OAAOo9D,GADoBjL,EAAW/wD,MAAMg+F,EAAS,GAAIA,EAAS,IAEpE,aAyDOr+F,gBAAwBs+F,YAAEA,EAAWC,WAAEA,EAAY3sF,OAAAA,KAAWirF,IACnEjrF,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQqgG,GAAeC,EAC3B,IAAKtgG,EACH,MAAUgB,MAAM,+EAElB,GAAIq/F,IAAgB9pF,EAAKC,SAAS6pF,GAChC,MAAUr/F,MAAM,kDAElB,GAAIs/F,IAAe/pF,EAAKtV,aAAaq/F,GACnC,MAAUt/F,MAAM,qDAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAIk+F,EAAa,CACf,MAAM3sF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQu/E,GACrC,GAAI3sF,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WACzD,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,CACE,MAAM2vC,EAAO,GACPkd,QAAmBlL,GAAWC,WAAWloD,EAAOm+D,GAAmBxqD,GACnEysF,EAAWjtC,EAAW/J,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApB2xF,EAAS/+F,OACX,MAAUL,MAAM,uBAElB,IAAK,IAAIO,EAAI,EAAGA,EAAI6+F,EAAS/+F,OAAQE,IAAK,CACxC,MACMg/F,EAASniC,GADIjL,EAAW/wD,MAAMg+F,EAAS7+F,GAAI6+F,EAAS7+F,EAAI,KAE9D00C,EAAK1zC,KAAKg+F,EACd,CACE,OAAOtqD,CACT,gBCmaOl0C,gBAA2By+F,eAAEA,EAAcC,cAAEA,EAAe9sF,OAAAA,KAAWirF,IAC5EjrF,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQwgG,GAAkBC,EAC9B,IAAKzgG,EACH,MAAUgB,MAAM,wFAElB,GAAIw/F,IAAmBjqF,EAAKC,SAASgqF,KAAoBjqF,EAAK7V,SAAS8/F,GACrE,MAAUx/F,MAAM,kEAElB,GAAIy/F,IAAkBlqF,EAAKtV,aAAaw/F,KAAmBlqF,EAAK7V,SAAS+/F,GACvE,MAAUz/F,MAAM,qEAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,MAAM28F,EAAavoF,EAAK7V,SAASV,GACjC,GAAIwgG,EAAgB,CAClB,MAAM9sF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMI,QACvB,MAAUhS,MAAM,oCAElBhB,EAAQsG,CACZ,CACE,MAAM6sD,QAAmBlL,GAAWC,WAAWloD,EAAOo/D,GAAuBzrD,GACvEX,EAAU,IAAIusD,GAAQpM,GAE5B,OADAngD,EAAQq1C,WAAay2C,EACd9rF,CACT,mBD3gBOjR,gBAA8Bm+F,WAAEA,EAAUC,UAAEA,EAAWxsF,OAAAA,KAAWirF,IAEvE,GADAjrF,EAAS,IAAKqD,KAAkBrD,IAC3BusF,IAAeC,EAClB,MAAUn/F,MAAM,mFAElB,GAAIk/F,IAAe3pF,EAAKC,SAAS0pF,GAC/B,MAAUl/F,MAAM,uDAElB,GAAIm/F,IAAc5pF,EAAKtV,aAAak/F,GAClC,MAAUn/F,MAAM,0DAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IAAInC,EACJ,GAAIkgG,EAAY,CACd,MAAMxsF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQo/E,GACrC,GAAMxsF,IAASxJ,EAAM0I,MAAMK,WACzB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,MACItG,EAAQmgG,EAEV,MAAMhtC,QAAmBlL,GAAWC,WAAWloD,EAAOm+D,GAAmBxqD,GACnEysF,EAAWjtC,EAAW/J,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAI6+F,EAAS/+F,OAAQE,IAAK,CACxC,GAAI4xD,EAAWitC,EAAS7+F,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMk1F,EAAsBvtC,EAAW/wD,MAAMg+F,EAAS7+F,GAAI6+F,EAAS7+F,EAAI,IACvE,OAAO,IAAI87D,GAAWqjC,EAC1B,CACE,MAAU1/F,MAAM,6BAClB,oBAyDOe,gBAA+Bs+F,YAAEA,EAAWC,WAAEA,EAAU3sF,OAAEA,IAC/DA,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQqgG,GAAeC,EAC3B,IAAKtgG,EACH,MAAUgB,MAAM,sFAElB,GAAIq/F,IAAgB9pF,EAAKC,SAAS6pF,GAChC,MAAUr/F,MAAM,yDAElB,GAAIs/F,IAAe/pF,EAAKtV,aAAaq/F,GACnC,MAAUt/F,MAAM,4DAElB,GAAIq/F,EAAa,CACf,MAAM3sF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQu/E,GACrC,GAAI3sF,IAASxJ,EAAM0I,MAAMK,WACvB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,CACE,MAAM2vC,EAAO,GACPkd,QAAmBlL,GAAWC,WAAWloD,EAAOm+D,GAAmBxqD,GACnEysF,EAAWjtC,EAAW/J,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAI6+F,EAAS/+F,OAAQE,IAAK,CACxC,GAAI4xD,EAAWitC,EAAS7+F,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMm1F,EAAaxtC,EAAW/wD,MAAMg+F,EAAS7+F,GAAI6+F,EAAS7+F,EAAI,IACxDg/F,EAAS,IAAIljC,GAAWsjC,GAC9B1qD,EAAK1zC,KAAKg+F,EACd,CACE,GAAoB,IAAhBtqD,EAAK50C,OACP,MAAUL,MAAM,8BAElB,OAAOi1C,CACT,kBPzZOl0C,gBAA6B6+F,iBAAEA,EAAgBC,gBAAEA,EAAiBltF,OAAAA,KAAWirF,IAClFjrF,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQ4gG,GAAoBC,EAChC,IAAK7gG,EACH,MAAUgB,MAAM,8FAElB,GAAI4/F,IAAqBrqF,EAAKC,SAASoqF,GACrC,MAAU5/F,MAAM,4DAElB,GAAI6/F,IAAoBtqF,EAAKtV,aAAa4/F,GACxC,MAAU7/F,MAAM,+DAElB,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAIy+F,EAAkB,CACpB,MAAMltF,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMtE,UACvB,MAAUtN,MAAM,sCAElBhB,EAAQsG,CACZ,CACE,MAAM6sD,QAAmBlL,GAAWC,WAAWloD,EAAO+nD,GAAgBp0C,GACtE,OAAO,IAAIu/C,GAAUC,EACvB,gBUUOpxD,gBAA2BkR,WAAEA,EAAU+rD,QAAEA,EAAU,GAAEjoB,WAAEA,EAAU/lC,kBAAEA,EAAoB,EAACoxC,KAAEA,EAAIhkB,OAAEA,EAAS,UAAWzqB,OAAAA,KAAWirF,IAC1Fj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChCqrD,EAAU8F,GAAQ9F,GAClB,MAAM6/B,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAuB,IAAnB68D,EAAQ39D,QAAiD,IAAjC4R,EAAWq8C,UAAUnY,QAC/C,MAAUn2C,MAAM,oCAElB,MAAMuE,EAAU,CAAE0N,aAAY+rD,UAASjoB,aAAY/lC,oBAAmBoxC,QAEtE,IACE,MAAQhyC,IAAK0wF,EAAcnkC,sBAAEA,SHP1B56D,eAAwBwD,EAASoO,GACtCpO,EAAUw7F,EAASx7F,GACnB,MAAM0N,WAAEA,GAAe1N,EAEvB,IAAK0N,EAAW0kD,YACd,MAAU32D,MAAM,gCAGlB,GAAIiS,EAAWq8C,UAAUoC,UACvB,MAAU1wD,MAAM,2CAIlB,IADoBiS,EAAWklD,UAAUr8B,OAAM,EAAGwzB,eAAgBA,EAAUM,gBAE1E,MAAU5uD,MAAM,wBAGlB,MAAMquD,EAAkBp8C,EAAWq8C,UAE9B/pD,EAAQ+0D,UACX/0D,EAAQ+0D,cAAgB36D,QAAQ4E,IAAI0O,EAAWqnD,QAAQl2D,KAAIrC,UACzD,MAAM0uD,EAAqB0D,EAAO7E,UAC5BoE,EAAe,CAAEtjD,IAAKi/C,EAAiBjsD,KAAMqtD,GAC7C0I,QACJC,GAA+BjF,EAAO8E,kBAAmB5J,EAAiBnlD,EAAMoE,UAAU4B,cAAewjD,EAAc,KAAM//C,GAC7H7T,OAAM,KAAO,CAAE,KACjB,MAAO,CACL8/B,KAAMu5B,EAAiBvnD,UAAaunD,EAAiBvnD,SAAS,GAAK1H,EAAM0H,SAASU,SACnF,MAIL,MAAMgsD,EAAsBrrD,EAAWqnD,QAAQl2D,KAAI+vD,GAAUA,EAAO7E,YACpE,GAAI/pD,EAAQ+0D,QAAQj5D,SAAWi9D,EAAoBj9D,OACjD,MAAUL,MAAM,6DAGlBuE,EAAQ+0D,QAAU/0D,EAAQ+0D,QAAQl2D,KAAI86D,GAAiB6hC,EAAS7hC,EAAe35D,KAE/E,MAAM6K,QAAYiuD,GAAchP,EAAiBiP,EAAqB/4D,EAASoO,GACzEgpD,QAA8BvsD,EAAIqsD,yBAAyBl3D,EAAQ68C,KAAMzuC,GAE/E,OADAvD,EAAIknD,qBAAuB,GACpB,CAAElnD,MAAKusD,yBAEd,SAASokC,EAASx7F,EAASoxD,EAAiB,IAK1C,OAJApxD,EAAQyL,kBAAoBzL,EAAQyL,mBAAqB2lD,EAAe3lD,kBACxEzL,EAAQwxC,WAAaxgC,EAAKC,SAASjR,EAAQwxC,YAAcxxC,EAAQwxC,WAAa4f,EAAe5f,WAC7FxxC,EAAQ68C,KAAO78C,EAAQ68C,MAAQuU,EAAevU,KAEvC78C,CACX,CACA,CG5CiEy7F,CAASz7F,EAASoO,GAE/E,MAAO,CACLV,WAAYgyD,GAAa67B,EAAgB1iE,EAAQzqB,GACjDnI,UAAWy5D,GAAa67B,EAAe1jC,WAAYh/B,EAAQzqB,GAC3DgpD,wBAEH,CAAC,MAAO7mC,GACP,MAAMvf,EAAK6G,UAAU,6BAA8B0Y,EACvD,CACA,cAoBO/zB,gBAAyBqO,IAAEA,EAAGusD,sBAAEA,EAAqB7qD,oBAAEA,EAAmBswC,KAAEA,EAAO,IAAI5qC,KAAM4mB,OAAEA,EAAS,UAASzqB,OAAEA,KAAWirF,IACzFj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkrF,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,IACE,MAAM8+F,EAAatkC,QACXvsD,EAAIssD,2BAA2BC,EAAuBva,EAAMzuC,SAC5DvD,EAAIwoD,OAAO9mD,EAAqBswC,EAAMzuC,GAE9C,OAAOstF,EAAWtpC,YAAc,CAC9B1kD,WAAYgyD,GAAag8B,EAAY7iE,EAAQzqB,GAC7CnI,UAAWy5D,GAAag8B,EAAW7jC,WAAYh/B,EAAQzqB,IACrD,CACFV,WAAY,KACZzH,UAAWy5D,GAAag8B,EAAY7iE,EAAQzqB,GAE/C,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,qBAAsB0Y,EAC/C,CACA,SA+OO/zB,gBAAoBiR,QAAEA,EAAO0kD,YAAEA,EAAWlD,cAAEA,EAAgB,GAAEp2B,OAAEA,EAAS,UAASiM,SAAEA,GAAW,EAAKw4B,cAAEA,EAAgB,GAAEzgB,KAAEA,EAAO,IAAI5qC,KAAMsrD,eAAEA,EAAiB,GAAEpO,iBAAEA,EAAmB,GAAE2qC,mBAAEA,EAAqB,GAAE1rF,OAAEA,KAAWirF,IAKlO,GAJ0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC6wD,GAAwBxxD,GAAUyxD,GAAyBrmC,GAC3Ds5B,EAAcoN,GAAQpN,GAAcmL,EAAgBiC,GAAQjC,GAAgBC,EAAiBgC,GAAQhC,GAAiBtO,EAAgBsQ,GAAQtQ,GAAgBE,EAAmBoQ,GAAQpQ,GAAmB2qC,EAAqBv6B,GAAQu6B,GAErOT,EAAK/hC,YAAa,MAAU77D,MAAM,2FACtC,QAAmBa,IAAf+8F,EAAKhsF,MAAqB,MAAU5R,MAAM,iFAC9C,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAI6Q,aAAmBoxD,IAA+B,WAAXhmC,EAAqB,MAAUp9B,MAAM,2DAChF,GAAIgS,aAAmBoxD,IAAoB/5B,EAAU,MAAUrpC,MAAM,0CAErE,IAAK02D,GAAsC,IAAvBA,EAAYr2D,OAC9B,MAAUL,MAAM,4BAGlB,IACE,IAAIsN,EAMJ,GAJEA,EADE+7B,QACgBr3B,EAAQmwD,aAAazL,EAAalD,OAAe3yD,EAAWghE,EAAezgB,EAAM0gB,EAAgBpO,EAAkB2qC,EAAoB1rF,SAEvIX,EAAQ4sB,KAAK83B,EAAalD,OAAe3yD,EAAWghE,EAAezgB,EAAM0gB,EAAgBpO,EAAkB2qC,EAAoB1rF,GAEpI,WAAXyqB,EAAqB,OAAO9vB,EAYhC,OATAA,EADyB,YAAX8vB,EACM9vB,EAAUsE,MAAMe,GAAUrF,EAAU9L,QACpD6nC,IACF/7B,EAAY+S,EAAqBrO,EAAQm1C,QAAQ3lD,SAAST,MAAO4C,EAAUC,WACnEjF,QAAQ4E,IAAI,CAChByoD,EAAY1+C,EAAW1J,GACvB8c,EAAiB/c,GAAU7E,OAAM,UACjC,WAGOilE,GAAcz2D,EAC5B,CAAC,MAAOwnB,GACP,MAAMvf,EAAK6G,UAAU,wBAAyB0Y,EAClD,CACA,uBA8BO/zB,gBAAsBiR,QAAEA,EAAOilD,iBAAEA,EAAgB+mC,aAAEA,GAAe,EAAK5gE,OAAEA,EAAS,OAAM9vB,UAAEA,EAAY,KAAI8zC,KAAEA,EAAO,IAAI5qC,KAAM7D,OAAEA,KAAWirF,IAG/I,GAF0Cj6B,GAA1ChxD,EAAS,IAAKqD,KAAkBrD,IAChC6wD,GAAwBxxD,GAAUilD,EAAmB6M,GAAQ7M,GACzD2mC,EAAKK,WAAY,MAAUj+F,MAAM,iGACrC,MAAM69F,EAAiBt/F,OAAO02C,KAAK2oD,GAAO,GAAIC,EAAex9F,OAAS,EAAG,MAAUL,MAAM,mBAAmB69F,EAAe18F,KAAK,OAEhI,GAAI6Q,aAAmBoxD,IAA+B,WAAXhmC,EAAqB,MAAUp9B,MAAM,iDAChF,GAAIgS,aAAmBoxD,IAAoB91D,EAAW,MAAUtN,MAAM,6CAEtE,IACE,MAAMQ,EAAS,CAAE,EAQjB,GANEA,EAAOiyD,WADLnlD,QACwB0E,EAAQ0wD,eAAep1D,EAAW2pD,EAAkB7V,EAAMzuC,SAE1DX,EAAQmtB,OAAO83B,EAAkB7V,EAAMzuC,GAEnEnS,EAAO8E,KAAkB,WAAX83B,EAAsBprB,EAAQouD,iBAAmBpuD,EAAQuvC,UACnEvvC,EAAQq1C,aAAe/5C,GAAW02D,GAAYxjE,EAAQwR,GACtDgsF,EAAc,CAChB,GAAiC,IAA7Bx9F,EAAOiyD,WAAWpyD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPo/C,GAAiB3jD,gBACTwU,EAAKkH,WAAWjc,EAAOiyD,WAAWrvD,KAAIkmC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADAxwC,EAAO8E,WAAay+D,GAAcvjE,EAAO8E,MAClC9E,CACR,CAAC,MAAOs0B,GACP,MAAMvf,EAAK6G,UAAU,iCAAkC0Y,EAC3D,CACA","x_google_ignoreList":[0,1,2,3,12,13,14,15,28,29,52,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,111,112,114,115,116,117,118,119,120,121]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/openpgp.min.mjs b/app/node_modules/openpgp/dist/openpgp.min.mjs index e8efc8982..bd7693ed4 100644 --- a/app/node_modules/openpgp/dist/openpgp.min.mjs +++ b/app/node_modules/openpgp/dist/openpgp.min.mjs @@ -1,17 +1,16 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ -const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),n=Symbol("readingIndex");class a extends Array{constructor(){super(),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function s(e){return e&&e.getReader&&Array.isArray(e)}function o(e){if(!s(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}a.prototype.getReader=function(){return void 0===this[n]&&(this[n]=0),{read:async()=>(await this[t],this[n]===this.length?{value:void 0,done:!0}:{value:this[this[n]++],done:!1})}},a.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[n]));return this.length=0,r},a.prototype.clone=function(){const e=new a;return e[t]=this[t].then((()=>{e.push(...this)})),e},o.prototype.write=async function(e){this.stream.push(e)},o.prototype.close=async function(){this.stream[r]()},o.prototype.abort=async function(e){return this.stream[i](e),e},o.prototype.releaseLock=function(){};const c="object"==typeof e.process&&"object"==typeof e.process.versions,u=c&&void 0;function h(t){return s(t)?"array":e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t)?"web":k&&k.prototype.isPrototypeOf(t)?"ponyfill":u&&u.prototype.isPrototypeOf(t)?"node":!(!t||!t.getReader)&&"web-like"}function d(e){return Uint8Array.prototype.isPrototypeOf(e)}function f(e){if(1===e.length)return e[0];let t=0;for(let r=0;r{t||(l.isBuffer(i)&&(i=new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),r.enqueue(i),e.pause())})),e.on("end",(()=>{t||r.close()})),e.on("error",(e=>r.error(e)))},pull(){e.resume()},cancel(r){t=!0,e.destroy(r)}})};class e extends p{constructor(e,t){super(t),this._reader=C(e)}async _read(e){try{for(;;){const{done:e,value:t}=await this._reader.read();if(e){this.push(null);break}if(!this.push(t))break}}catch(e){this.destroy(e)}}async _destroy(e,t){this._reader.cancel(e).then(t,t)}}b=function(t,r){return new e(t,r)}}const m=new WeakSet,g=Symbol("externalBuffer");function w(e){if(this.stream=e,e[g]&&(this[g]=e[g].slice()),s(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=async()=>{})}let t=h(e);if("node"===t&&(e=y(e)),t){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let r=!1;this._read=async()=>r||m.has(e)?{value:void 0,done:!0}:(r=!0,{value:e,done:!1}),this._releaseLock=()=>{if(r)try{m.add(e)}catch(e){}}}w.prototype.read=async function(){if(this[g]&&this[g].length){return{done:!1,value:this[g].shift()}}return this._read()},w.prototype.releaseLock=function(){this[g]&&(this.stream[g]=this[g]),this._releaseLock()},w.prototype.cancel=function(e){return this._cancel(e)},w.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?K(t):void 0;const n=i.indexOf("\n")+1;n&&(e=K(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},w.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(L(t,1)),r},w.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?K(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=K(t);return this.unshift(L(r,e)),L(r,0,e)}}},w.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},w.prototype.unshift=function(...e){this[g]||(this[g]=[]),1===e.length&&d(e[0])&&this[g].length&&e[0].length&&this[g][0].byteOffset>=e[0].length?this[g][0]=new Uint8Array(this[g][0].buffer,this[g][0].byteOffset-e[0].length,this[g][0].byteLength+e[0].length):this[g].unshift(...e.filter((e=>e&&e.length)))},w.prototype.readToEnd=async function(e=K){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};let v,_,{ReadableStream:k,WritableStream:A,TransformStream:S}=e;async function E(){if(S)return;const[t,r]=await Promise.all([Promise.resolve().then((function(){return zp})),Promise.resolve().then((function(){return ny}))]);({ReadableStream:k,WritableStream:A,TransformStream:S}=t);const{createReadableStreamWrapper:i}=r;e.ReadableStream&&k!==e.ReadableStream&&(v=i(k),_=i(e.ReadableStream))}const P=c&&void 0;function x(e){let t=h(e);return"node"===t?y(e):"web"===t&&v?v(e):t?e:new k({start(t){t.enqueue(e),t.close()}})}function M(e){if(h(e))return e;const t=new a;return(async()=>{const r=D(t);await r.write(e),await r.close()})(),t}function K(e){return e.some((e=>h(e)&&!s(e)))?function(e){e=e.map(x);const t=I((async function(e){await Promise.all(i.map((t=>j(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>T(i,((i,a)=>(r=r.then((()=>U(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>s(e)))?function(e){const t=new a;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>U(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):P&&P.isBuffer(e[0])?P.concat(e):f(e)}function C(e){return new w(e)}function D(e){return new o(e)}async function U(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(h(e)&&!s(e)){e=x(e);try{if(e[g]){const r=D(t);for(let t=0;t{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function B(e,t=(()=>{}),r=(()=>{})){if(s(e)){const i=new a;return(async()=>{const n=D(i);try{const i=await N(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?K([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(h(e))return R(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?K([i,n]):void 0!==i?i:n}function T(e,t){if(h(e)&&!s(e)){let r;const i=new S({start(e){r=e}}),n=U(e,i.writable),a=I((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=M(e);const r=new a;return t(e,r),r}function z(e,t){let r;const i=T(e,((e,n)=>{const a=C(e);a.remainder=()=>(a.releaseLock(),U(e,n),i),r=t(a)}));return r}function q(e){if(s(e))return e.clone();if(h(e)){const t=function(e){if(s(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(h(e)){const t=x(e).tee();return t[0][g]=t[1][g]=e[g],t}return[L(e),L(e)]}(e);return O(e,t[0]),t[1]}return L(e)}function F(e){return s(e)?q(e):h(e)?new k({start(t){const r=T(e,(async(e,r)=>{const i=C(e),n=D(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));O(e,r)}}):L(e)}function O(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function L(e,t=0,r=1/0){if(s(e))throw Error("Not implemented");if(h(e)){if(t>=0&&r>=0){let i=0;return R(e,{transform(e,n){i=t&&n.enqueue(L(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return B(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>L(K(i),t,r)))}if(0===t&&r<0){let i;return B(e,(e=>{const n=i?K([i,e]):e;if(n.length>=-r)return i=L(n,r),L(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),H((async()=>L(await N(e),t,r)))}return e[g]&&(e=K(e[g].concat([e]))),!d(e)||P&&P.isBuffer(e)?e.slice(t,r):(r===1/0&&(r=e.length),e.subarray(t,r))}async function N(e,t=K){return s(e)?e.readToEnd(t):h(e)?C(e).readToEnd(t):e}async function j(e,t){if(h(e)){if(e.cancel)return e.cancel(t);if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function H(e){const t=new a;return(async()=>{const r=D(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}class W{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");if(e instanceof Uint8Array){const t=e,r=Array(t.length);for(let e=0;eBigInt(0);){const e=r&BigInt(1);r>>=BigInt(1);const a=n*i%t.value;n=e?a:n,i=i*i%t.value}return new W(n)}modInv(e){const{gcd:t,x:r}=this._egcd(e);if(!t.isOne())throw Error("Inverse does not exist");return r.add(e).mod(e)}_egcd(e){let t=BigInt(0),r=BigInt(1),i=BigInt(1),n=BigInt(0),a=this.value;for(e=e.value;e!==BigInt(0);){const s=a/e;let o=t;t=i-s*t,i=o,o=r,r=n-s*r,n=o,o=e,e=a%e,a=o}return{x:new W(i),y:new W(n),gcd:new W(a)}}gcd(e){let t=this.value;for(e=e.value;e!==BigInt(0);){const r=e;e=t%e,t=r}return new W(t)}ileftShift(e){return this.value<<=e.value,this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value>>=e.value,this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value===e.value}lt(e){return this.valuee.value}gte(e){return this.value>=e.value}isZero(){return this.value===BigInt(0)}isOne(){return this.value===BigInt(1)}isNegative(){return this.valueNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return e}getBit(e){return(this.value>>BigInt(e)&BigInt(1))===BigInt(0)?0:1}bitLength(){const e=new W(0),t=new W(1),r=new W(-1),i=this.isNegative()?r:e;let n=1;const a=this.clone();for(;!a.irightShift(t).equal(i);)n++;return n}byteLength(){const e=new W(0),t=new W(-1),r=this.isNegative()?t:e,i=new W(8);let n=1;const a=this.clone();for(;!a.irightShift(i).equal(r);)n++;return n}toUint8Array(e="be",t){let r=this.value.toString(16);r.length%2==1&&(r="0"+r);const i=r.length/2,n=new Uint8Array(t||i),a=t?t-i:0;let s=0;for(;s"undefined"!=typeof BigInt;const V=Symbol("byValue");var $={curve:{p256:"p256","P-256":"p256",secp256r1:"p256",prime256v1:"p256","1.2.840.10045.3.1.7":"p256","2a8648ce3d030107":"p256","2A8648CE3D030107":"p256",p384:"p384","P-384":"p384",secp384r1:"p384","1.3.132.0.34":"p384","2b81040022":"p384","2B81040022":"p384",p521:"p521","P-521":"p521",secp521r1:"p521","1.3.132.0.35":"p521","2b81040023":"p521","2B81040023":"p521",secp256k1:"secp256k1","1.3.132.0.10":"secp256k1","2b8104000a":"secp256k1","2B8104000A":"secp256k1",ed25519Legacy:"ed25519",ED25519:"ed25519",ed25519:"ed25519",Ed25519:"ed25519","1.3.6.1.4.1.11591.15.1":"ed25519","2b06010401da470f01":"ed25519","2B06010401DA470F01":"ed25519",curve25519Legacy:"curve25519",X25519:"curve25519",cv25519:"curve25519",curve25519:"curve25519",Curve25519:"curve25519","1.3.6.1.4.1.3029.1.5.1":"curve25519","2b060104019755010501":"curve25519","2B060104019755010501":"curve25519",brainpoolP256r1:"brainpoolP256r1","1.3.36.3.3.2.8.1.1.7":"brainpoolP256r1","2b2403030208010107":"brainpoolP256r1","2B2403030208010107":"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1","1.3.36.3.3.2.8.1.1.11":"brainpoolP384r1","2b240303020801010b":"brainpoolP384r1","2B240303020801010B":"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1","1.3.36.3.3.2.8.1.1.13":"brainpoolP512r1","2b240303020801010d":"brainpoolP512r1","2B240303020801010D":"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,ed25519Legacy:22,eddsa:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{plaintext:0,idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuer:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[V]||(e[V]=[],Object.entries(e).forEach((([t,r])=>{e[V][r]=t}))),void 0!==e[V][t])return e[V][t];throw Error("Invalid enum value.")}};const Z=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),X={isString:function(e){return"string"==typeof e||e instanceof String},isArray:function(e){return e instanceof Array},isUint8Array:d,isStream:h,readNumber:function(e){let t=0;for(let r=0;r>8*(t-i-1)&255;return r},readDate:function(e){const t=X.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return X.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return e.subarray(2,2+t)},leftPad(e,t){const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=X.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return X.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t=[],r=e.length;let i,n=0;for(;n{if(!X.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return B(e,r,(()=>r(new Uint8Array,!0)))},concat:K,concatUint8Array:f,equalsUint8Array:function(e,t){if(!X.isUint8Array(e)||!X.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){return void 0!==e&&e.crypto&&e.crypto.subtle},getBigInteger:async function(){if(G())return W;{const{default:e}=await Promise.resolve().then((function(){return uy}));return e}},getNodeCrypto:function(){},getNodeZlib:function(){},getNodeBuffer:function(){return{}.Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return(void 0).cpus().length},isEmailAddress:function(e){if(!X.isString(e))return!1;return/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/.test(e)},canonicalizeEOL:function(e){let t=!1;return B(e,(e=>{let r;t&&(e=X.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return B(e,(e=>{let r;13===(e=t&&10!==e[0]?X.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i{t=X.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=Q(t.subarray(0,n));for(let e=0;et.length?Q(t)+"\n":""))}function te(e){let t="";return B(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=J(t.substr(0,n));return t=t.substr(n),a}),(()=>J(t)))}function re(e){return te(e.replace(/-/g,"+").replace(/_/g,"/"))}function ie(e,t){let r=ee(e).replace(/[\r\n]/g,"");return t&&(r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,"")),r}Y?(Q=e=>Y.from(e).toString("base64"),J=e=>{const t=Y.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(Q=e=>btoa(X.uint8ArrayToString(e)),J=e=>X.stringToUint8Array(atob(e)));var ne={preferredHashAlgorithm:$.hash.sha256,preferredSymmetricAlgorithm:$.symmetric.aes256,preferredCompressionAlgorithm:$.compression.uncompressed,deflateLevel:6,aeadProtect:!1,preferredAEADAlgorithm:$.aead.eax,aeadChunkSizeByte:12,v5Keys:!1,s2kIterationCountByte:224,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,checksumRequired:!1,minRSABits:2047,passwordCollisionCheck:!1,revocationsExpire:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([$.symmetric.aes128,$.symmetric.aes192,$.symmetric.aes256]),minBytesForWebCrypto:1e3,ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 5.11.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],useIndutnyElliptic:!0,rejectHashAlgorithms:new Set([$.hash.md5,$.hash.ripemd]),rejectMessageHashAlgorithms:new Set([$.hash.md5,$.hash.ripemd,$.hash.sha1]),rejectPublicKeyAlgorithms:new Set([$.publicKey.elgamal,$.publicKey.dsa]),rejectCurves:new Set([$.curve.secp256k1])};function ae(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?$.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?$.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?$.armor.signed:/MESSAGE/.test(t[1])?$.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?$.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?$.armor.privateKey:/SIGNATURE/.test(t[1])?$.armor.signature:void 0}function se(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function oe(e){return ee(function(e){let t=13501623;return B(e,(e=>{const r=ue?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^ce[1][t>>16&255]^ce[2][t>>8&255]^ce[3][t>>0&255];for(let i=4*r;i>8^ce[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e))}const ce=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(0!=(8388608&t)?8801531:0);ce[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)ce[1][e]=ce[0][e]>>8^ce[0][255&ce[0][e]];for(let e=0;e<=255;e++)ce[2][e]=ce[1][e]>>8^ce[0][255&ce[1][e]];for(let e=0;e<=255;e++)ce[3][e]=ce[2][e]>>8^ce[0][255&ce[2][e]];const ue=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function he(e){for(let t=0;t=0&&i!==e.length-1&&(t=e.slice(0,i),r=e.slice(i+1).substr(0,4)),{body:t,checksum:r}}function fe(e,t=ne){return new Promise((async(r,i)=>{try{const n=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const o=[];let c,u,h,d=o,f=[],l=te(T(e,(async(e,t)=>{const p=C(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=X.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(c)u||2!==s||(n.test(e)?(f=f.join("\r\n"),u=!0,he(d),d=[],c=!1):f.push(e.replace(/^- /,"")));else if(n.test(e)&&i(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(he(d),c=!0,u||2!==s){r({text:f,data:l,headers:o,type:s});break}}else d.push(e);else n.test(e)&&(s=ae(e))}}catch(e){return void i(e)}const y=D(t);try{for(;;){await y.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=X.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=de(t[0].slice(0,-1));h=i.checksum,await y.write(i.body);break}await y.write(r)}await y.ready,await y.close()}catch(e){await y.abort(e)}})));l=T(l,(async(e,r)=>{const i=N(oe(F(e)));i.catch((()=>{})),await U(e,r,{preventClose:!0});const n=D(r);try{const e=(await i).replace("\n","");if(h!==e&&(h||t.checksumRequired))throw Error("Ascii armor integrity check failed");await n.ready,await n.close()}catch(e){await n.abort(e)}}))}catch(e){i(e)}})).then((async e=>(s(e.data)&&(e.data=await N(e.data)),e)))}function le(e,t,r,i,n,a=ne){let s,o;e===$.armor.signed&&(s=t.text,o=t.hash,t=t.data);const c=F(t),u=[];switch(e){case $.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case $.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case $.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push("Hash: "+o+"\n\n"),u.push(s.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP SIGNATURE-----\n");break;case $.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP MESSAGE-----\n");break;case $.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case $.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case $.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(se(n,a)),u.push(ee(t)),u.push("=",oe(c)),u.push("-----END PGP SIGNATURE-----\n")}return X.concat(u)}class pe{constructor(){this.bytes=""}read(e){return this.bytes=X.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return X.stringToUint8Array(this.bytes)}toHex(){return X.uint8ArrayToHex(X.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new pe;return t.read(X.hexToUint8Array(e)),t}static wildcard(){const e=new pe;return e.read(new Uint8Array(8)),e}}var ye=function(){var e,t,r=!1;function i(r,i){var n=e[(t[r]+t[i])%255];return 0!==r&&0!==i||(n=0),n}var n,a,s,o,c=!1;function u(){function u(r){var i,n,a;for(n=a=function(r){var i=e[255-t[r]];return 0===r&&(i=0),i}(r),i=0;i<4;i++)a^=n=255&(n<<1|n>>>7);return a^=99}r||function(){e=[],t=[];var i,n,a=1;for(i=0;i<255;i++)e[i]=a,n=128&a,a<<=1,a&=255,128===n&&(a^=27),a^=e[i],t[e[i]]=i;e[255]=e[0],t[0]=0,r=!0}(),n=[],a=[],s=[[],[],[],[]],o=[[],[],[],[]];for(var h=0;h<256;h++){var d=u(h);n[h]=d,a[d]=h,s[0][h]=i(2,d)<<24|d<<16|d<<8|i(3,d),o[0][d]=i(14,h)<<24|i(9,h)<<16|i(13,h)<<8|i(11,h);for(var f=1;f<4;f++)s[f][h]=s[f-1][h]>>>8|s[f-1][h]<<24,o[f][d]=o[f-1][d]>>>8|o[f-1][d]<<24}c=!0}var h=function(e,t){c||u();var r=new Uint32Array(t);r.set(n,512),r.set(a,768);for(var i=0;i<4;i++)r.set(s[i],4096+1024*i>>2),r.set(o[i],8192+1024*i>>2);var h=function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0;var S=new e.Uint32Array(r),E=new e.Uint8Array(r);function P(e,t,r,o,c,u,h,d){e=e|0;t=t|0;r=r|0;o=o|0;c=c|0;u=u|0;h=h|0;d=d|0;var f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;f=r|0x400,l=r|0x800,p=r|0xc00;c=c^S[(e|0)>>2],u=u^S[(e|4)>>2],h=h^S[(e|8)>>2],d=d^S[(e|12)>>2];for(w=16;(w|0)<=o<<4;w=w+16|0){y=S[(r|c>>22&1020)>>2]^S[(f|u>>14&1020)>>2]^S[(l|h>>6&1020)>>2]^S[(p|d<<2&1020)>>2]^S[(e|w|0)>>2],b=S[(r|u>>22&1020)>>2]^S[(f|h>>14&1020)>>2]^S[(l|d>>6&1020)>>2]^S[(p|c<<2&1020)>>2]^S[(e|w|4)>>2],m=S[(r|h>>22&1020)>>2]^S[(f|d>>14&1020)>>2]^S[(l|c>>6&1020)>>2]^S[(p|u<<2&1020)>>2]^S[(e|w|8)>>2],g=S[(r|d>>22&1020)>>2]^S[(f|c>>14&1020)>>2]^S[(l|u>>6&1020)>>2]^S[(p|h<<2&1020)>>2]^S[(e|w|12)>>2];c=y,u=b,h=m,d=g}i=S[(t|c>>22&1020)>>2]<<24^S[(t|u>>14&1020)>>2]<<16^S[(t|h>>6&1020)>>2]<<8^S[(t|d<<2&1020)>>2]^S[(e|w|0)>>2],n=S[(t|u>>22&1020)>>2]<<24^S[(t|h>>14&1020)>>2]<<16^S[(t|d>>6&1020)>>2]<<8^S[(t|c<<2&1020)>>2]^S[(e|w|4)>>2],a=S[(t|h>>22&1020)>>2]<<24^S[(t|d>>14&1020)>>2]<<16^S[(t|c>>6&1020)>>2]<<8^S[(t|u<<2&1020)>>2]^S[(e|w|8)>>2],s=S[(t|d>>22&1020)>>2]<<24^S[(t|c>>14&1020)>>2]<<16^S[(t|u>>6&1020)>>2]<<8^S[(t|h<<2&1020)>>2]^S[(e|w|12)>>2]}function x(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;P(0x0000,0x0800,0x1000,A,e,t,r,i)}function M(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var a=0;P(0x0400,0x0c00,0x2000,A,e,i,r,t);a=n,n=s,s=a}function K(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o^e,c^t,u^r,h^d);o=i,c=n,u=a,h=s}function C(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;var f=0;P(0x0400,0x0c00,0x2000,A,e,d,r,t);f=n,n=s,s=f;i=i^o,n=n^c,a=a^u,s=s^h;o=e,c=t,u=r,h=d}function D(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i=i^e,c=n=n^t,u=a=a^r,h=s=s^d}function U(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);i=i^e,n=n^t,a=a^r,s=s^d;o=e,c=t,u=r,h=d}function R(e,t,r,d){e=e|0;t=t|0;r=r|0;d=d|0;P(0x0000,0x0800,0x1000,A,o,c,u,h);o=i,c=n,u=a,h=s;i=i^e,n=n^t,a=a^r,s=s^d}function I(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;P(0x0000,0x0800,0x1000,A,d,f,l,p);p=~g&p|g&p+1;l=~m&l|m&l+((p|0)==0);f=~b&f|b&f+((l|0)==0);d=~y&d|y&d+((f|0)==0);i=i^e;n=n^t;a=a^r;s=s^o}function B(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;var n=0,a=0,s=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0;e=e^o,t=t^c,r=r^u,i=i^h;n=w|0,a=v|0,s=_|0,d=k|0;for(;(b|0)<128;b=b+1|0){if(n>>>31){f=f^e,l=l^t,p=p^r,y=y^i}n=n<<1|a>>>31,a=a<<1|s>>>31,s=s<<1|d>>>31,d=d<<1;m=i&1;i=i>>>1|r<<31,r=r>>>1|t<<31,t=t>>>1|e<<31,e=e>>>1;if(m)e=e^0xe1000000}o=f,c=l,u=p,h=y}function T(e){e=e|0;A=e}function z(e,t,r,o){e=e|0;t=t|0;r=r|0;o=o|0;i=e,n=t,a=r,s=o}function q(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;o=e,c=t,u=r,h=i}function F(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;d=e,f=t,l=r,p=i}function O(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;y=e,b=t,m=r,g=i}function L(e,t,r,i){e=e|0;t=t|0;r=r|0;i=i|0;p=~g&p|g&i,l=~m&l|m&r,f=~b&f|b&t,d=~y&d|y&e}function N(e){e=e|0;if(e&15)return-1;E[e|0]=i>>>24,E[e|1]=i>>>16&255,E[e|2]=i>>>8&255,E[e|3]=i&255,E[e|4]=n>>>24,E[e|5]=n>>>16&255,E[e|6]=n>>>8&255,E[e|7]=n&255,E[e|8]=a>>>24,E[e|9]=a>>>16&255,E[e|10]=a>>>8&255,E[e|11]=a&255,E[e|12]=s>>>24,E[e|13]=s>>>16&255,E[e|14]=s>>>8&255,E[e|15]=s&255;return 16}function j(e){e=e|0;if(e&15)return-1;E[e|0]=o>>>24,E[e|1]=o>>>16&255,E[e|2]=o>>>8&255,E[e|3]=o&255,E[e|4]=c>>>24,E[e|5]=c>>>16&255,E[e|6]=c>>>8&255,E[e|7]=c&255,E[e|8]=u>>>24,E[e|9]=u>>>16&255,E[e|10]=u>>>8&255,E[e|11]=u&255,E[e|12]=h>>>24,E[e|13]=h>>>16&255,E[e|14]=h>>>8&255,E[e|15]=h&255;return 16}function H(){x(0,0,0,0);w=i,v=n,_=a,k=s}function W(e,t,r){e=e|0;t=t|0;r=r|0;var o=0;if(t&15)return-1;while((r|0)>=16){V[e&7](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);E[t|0]=i>>>24,E[t|1]=i>>>16&255,E[t|2]=i>>>8&255,E[t|3]=i&255,E[t|4]=n>>>24,E[t|5]=n>>>16&255,E[t|6]=n>>>8&255,E[t|7]=n&255,E[t|8]=a>>>24,E[t|9]=a>>>16&255,E[t|10]=a>>>8&255,E[t|11]=a&255,E[t|12]=s>>>24,E[t|13]=s>>>16&255,E[t|14]=s>>>8&255,E[t|15]=s&255;o=o+16|0,t=t+16|0,r=r-16|0}return o|0}function G(e,t,r){e=e|0;t=t|0;r=r|0;var i=0;if(t&15)return-1;while((r|0)>=16){$[e&1](E[t|0]<<24|E[t|1]<<16|E[t|2]<<8|E[t|3],E[t|4]<<24|E[t|5]<<16|E[t|6]<<8|E[t|7],E[t|8]<<24|E[t|9]<<16|E[t|10]<<8|E[t|11],E[t|12]<<24|E[t|13]<<16|E[t|14]<<8|E[t|15]);i=i+16|0,t=t+16|0,r=r-16|0}return i|0}var V=[x,M,K,C,D,U,R,I];var $=[K,B];return{set_rounds:T,set_state:z,set_iv:q,set_nonce:F,set_mask:O,set_counter:L,get_state:N,get_iv:j,gcm_init:H,cipher:W,mac:G}}({Uint8Array,Uint32Array},e,t);return h.set_key=function(e,t,i,a,s,c,u,d,f){var l=r.subarray(0,60),p=r.subarray(256,316);l.set([t,i,a,s,c,u,d,f]);for(var y=e,b=1;y<4*e+28;y++){var m=l[y-1];(y%e==0||8===e&&y%e==4)&&(m=n[m>>>24]<<24^n[m>>>16&255]<<16^n[m>>>8&255]<<8^n[255&m]),y%e==0&&(m=m<<8^m>>>24^b<<24,b=b<<1^(128&b?27:0)),l[y]=l[y-e]^m}for(var g=0;g=y-4?m:o[0][n[m>>>24]]^o[1][n[m>>>16&255]]^o[2][n[m>>>8&255]]^o[3][n[255&m]]}h.set_rounds(e+5)},h};return h.ENC={ECB:0,CBC:2,CFB:4,OFB:6,CTR:7},h.DEC={ECB:1,CBC:3,CFB:5,OFB:6,CTR:7},h.MAC={CBC:0,GCM:1},h.HEAP_DATA=16384,h}();function be(e){return e instanceof Uint8Array}function me(e,t){const r=e?e.byteLength:t||65536;if(4095&r||r<=0)throw Error("heap size must be a positive integer and a multiple of 4096");return e=e||new Uint8Array(new ArrayBuffer(r))}function ge(e,t,r,i,n){const a=e.length-t,s=ae+t.length),0),r=new Uint8Array(t);let i=0;for(let t=0;t>2,n.getUint32(0),n.getUint32(4),n.getUint32(8),n.getUint32(12),i>16?n.getUint32(16):0,i>16?n.getUint32(20):0,i>24?n.getUint32(24):0,i>24?n.getUint32(28):0),void 0!==t){if(16!==t.length)throw new _e("illegal iv size");let e=new DataView(t.buffer,t.byteOffset,t.byteLength);r.set_iv(e.getUint32(0),e.getUint32(4),e.getUint32(8),e.getUint32(12))}else r.set_iv(0,0,0,0)}AES_Encrypt_process(e){if(!be(e))throw new TypeError("data isn't of expected type");let{heap:t,asm:r}=this.acquire_asm(),i=ye.ENC[this.mode],n=ye.HEAP_DATA,a=this.pos,s=this.len,o=0,c=e.length||0,u=0,h=0,d=new Uint8Array(s+c&-16);for(;c>0;)h=ge(t,a+s,e,o,c),s+=h,o+=h,c-=h,h=r.cipher(i,n+a,s),h&&d.set(t.subarray(a,a+h),u),u+=h,h0;)f=ge(t,a+s,e,o,c),s+=f,o+=f,c-=f,f=r.cipher(i,n+a,s-(c?0:d)),f&&l.set(t.subarray(a,a+f),u),u+=f,f0){if(a%16){if(this.hasOwnProperty("padding"))throw new _e("data length must be a multiple of the block size");a+=16-a%16}if(t.cipher(r,i+n,a),this.hasOwnProperty("padding")&&this.padding){let t=e[n+s-1];if(t<1||t>16||t>s)throw new ke("bad padding");let r=0;for(let i=t;i>1;i--)r|=t^e[n+s-i];if(r)throw new ke("bad padding");s-=t}}const o=new Uint8Array(s);return s>0&&o.set(e.subarray(n,n+s)),this.pos=0,this.len=0,this.release_asm(),o}}class Pe{static encrypt(e,t,r=!1){return new Pe(t,r).encrypt(e)}static decrypt(e,t,r=!1){return new Pe(t,r).decrypt(e)}constructor(e,t=!1,r){this.aes=r||new Ee(e,void 0,t,"ECB")}encrypt(e){return we(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return we(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}function xe(e){const t=function(e){const t=new Pe(e);this.encrypt=function(e){return t.encrypt(e)},this.decrypt=function(e){return t.decrypt(e)}};return t.blockSize=t.prototype.blockSize=16,t.keySize=t.prototype.keySize=e/8,t}function Me(e,t,r,i,n,a){const s=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],u=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],h=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],d=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],f=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],l=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let p,y,b,m,g,w,v,_,k,A,S,E,P,x,M=0,K=t.length;const C=32===e.length?3:9;_=3===C?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e,t){const r=8-e.length%8;let i;if(2===t&&r<8)i=32;else if(1===t)i=r;else{if(t||!(r<8)){if(8===r)return e;throw Error("des: invalid padding")}i=0}const n=new Uint8Array(e.length+r);for(let t=0;t>>4^v),v^=b,w^=b<<4,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,w=w<<1|w>>>31,v=v<<1|v>>>31,y=0;y>>4|v<<28)^e[p+1],b=w,w=v,v=b^(o[m>>>24&63]|u[m>>>16&63]|d[m>>>8&63]|l[63&m]|s[g>>>24&63]|c[g>>>16&63]|h[g>>>8&63]|f[63&g]);b=w,w=v,v=b}w=w>>>1|w<<31,v=v>>>1|v<<31,b=1431655765&(w>>>1^v),v^=b,w^=b<<1,b=16711935&(v>>>8^w),w^=b,v^=b<<8,b=858993459&(v>>>2^w),w^=b,v^=b<<2,b=65535&(w>>>16^v),v^=b,w^=b<<16,b=252645135&(w>>>4^v),v^=b,w^=b<<4,1===i&&(r?(k=w,S=v):(w^=A,v^=E)),D[U++]=w>>>24,D[U++]=w>>>16&255,D[U++]=w>>>8&255,D[U++]=255&w,D[U++]=v>>>24,D[U++]=v>>>16&255,D[U++]=v>>>8&255,D[U++]=255&v}return r||(D=function(e,t){let r,i=null;if(2===t)r=32;else if(1===t)i=e[e.length-1];else{if(t)throw Error("des: invalid padding");r=0}if(!i){for(i=1;e[e.length-i]===r;)i++;i--}return e.subarray(0,e.length-i)}(D,a)),D}function Ke(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],i=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],n=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],a=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],s=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],u=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],h=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],d=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],f=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],l=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],p=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],y=e.length>8?3:1,b=Array(32*y),m=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let g,w,v,_=0,k=0;for(let A=0;A>>4^A),A^=v,y^=v<<4,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=858993459&(y>>>2^A),A^=v,y^=v<<2,v=65535&(A>>>-16^y),y^=v,A^=v<<-16,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=16711935&(A>>>8^y),y^=v,A^=v<<8,v=1431655765&(y>>>1^A),A^=v,y^=v<<1,v=y<<8|A>>>20&240,y=A<<24|A<<8&16711680|A>>>8&65280|A>>>24&240,A=v;for(let e=0;e<16;e++)m[e]?(y=y<<2|y>>>26,A=A<<2|A>>>26):(y=y<<1|y>>>27,A=A<<1|A>>>27),y&=-15,A&=-15,g=t[y>>>28]|r[y>>>24&15]|i[y>>>20&15]|n[y>>>16&15]|a[y>>>12&15]|s[y>>>8&15]|o[y>>>4&15],w=c[A>>>28]|u[A>>>24&15]|h[A>>>20&15]|d[A>>>16&15]|f[A>>>12&15]|l[A>>>8&15]|p[A>>>4&15],v=65535&(w>>>16^g),b[k++]=g^v,b[k++]=w^v<<16}return b}function Ce(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Me(Ke(this.key[2]),Me(Ke(this.key[1]),Me(Ke(this.key[0]),e,!0,0,null,null),!1,0,null,null),!0,0,null,null)}}function De(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>>16&255,t[a+6]=o>>>8&255,t[a+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let a=0;a>>24&255,t[a+1]=c>>>16&255,t[a+2]=c>>>8&255,t[a+3]=255&c,t[a+4]=o>>>24&255,t[a+5]=o>>16&255,t[a+6]=o>>8&255,t[a+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const i=t+e,n=i<>>32-r;return(a[0][n>>>24]^a[1][n>>>16&255])-a[2][n>>>8&255]+a[3][255&n]}function i(e,t,r){const i=t^e,n=i<>>32-r;return a[0][n>>>24]-a[1][n>>>16&255]+a[2][n>>>8&255]^a[3][255&n]}function n(e,t,r){const i=t-e,n=i<>>32-r;return(a[0][n>>>24]+a[1][n>>>16&255]^a[2][n>>>8&255])-a[3][255&n]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const i=[,,,,,,,,],n=Array(32);let s;for(let e=0;e<4;e++)s=4*e,i[e]=r[s]<<24|r[s+1]<<16|r[s+2]<<8|r[s+3];const o=[6,7,4,5];let c,u=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(s=0;s<4;s++){const t=e[r][s];c=i[t[1]],c^=a[4][i[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=a[5][i[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=a[6][i[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=a[7][i[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=a[o[s]][i[t[6]>>>2]>>>24-8*(3&t[6])&255],i[t[0]]=c}for(s=0;s<4;s++){const e=t[r][s];c=a[4][i[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=a[5][i[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=a[6][i[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=a[7][i[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=a[4+s][i[e[4]>>>2]>>>24-8*(3&e[4])&255],n[u]=c,u++}}for(let e=0;e<16;e++)this.masking[e]=n[e],this.rotate[e]=31&n[16+e]};const a=[,,,,,,,,];a[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],a[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],a[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],a[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],a[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],a[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],a[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],a[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function Ue(e){this.cast5=new De,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}Ce.keySize=Ce.prototype.keySize=24,Ce.blockSize=Ce.prototype.blockSize=8,Ue.blockSize=Ue.prototype.blockSize=8,Ue.keySize=Ue.prototype.keySize=16;const Re=4294967295;function Ie(e,t){return(e<>>32-t)&Re}function Be(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function Te(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function ze(e,t){return e>>>8*t&255}function qe(e){this.tf=function(){let e=null,t=null,r=-1,i=[],n=[[],[],[],[]];function a(e){return n[0][ze(e,0)]^n[1][ze(e,1)]^n[2][ze(e,2)]^n[3][ze(e,3)]}function s(e){return n[0][ze(e,3)]^n[1][ze(e,0)]^n[2][ze(e,1)]^n[3][ze(e,2)]}function o(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Ie(t[2]^r+n+i[4*e+8]&Re,31),t[3]=Ie(t[3],1)^r+2*n+i[4*e+9]&Re,r=a(t[2]),n=s(t[3]),t[0]=Ie(t[0]^r+n+i[4*e+10]&Re,31),t[1]=Ie(t[1],1)^r+2*n+i[4*e+11]&Re}function c(e,t){let r=a(t[0]),n=s(t[1]);t[2]=Ie(t[2],1)^r+n+i[4*e+10]&Re,t[3]=Ie(t[3]^r+2*n+i[4*e+11]&Re,31),r=a(t[2]),n=s(t[3]),t[0]=Ie(t[0],1)^r+n+i[4*e+8]&Re,t[1]=Ie(t[1]^r+2*n+i[4*e+9]&Re,31)}return{name:"twofish",blocksize:16,open:function(t){let r,a,s,o,c;e=t;const u=[],h=[],d=[];let f;const l=[];let p,y,b;const m=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],g=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],w=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],v=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],_=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],k=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],A=[[],[]],S=[[],[],[],[]];function E(e){return e^e>>2^[0,90,180,238][3&e]}function P(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function x(e,t){let r,i,n;for(r=0;r<8;r++)i=t>>>24,t=t<<8&Re|e>>>24,e=e<<8&Re,n=i<<1,128&i&&(n^=333),t^=i^n<<16,n^=i>>>1,1&i&&(n^=166),t^=n<<24|n<<8;return t}function M(e,t){const r=t>>4,i=15&t,n=m[e][r^i],a=g[e][_[i]^k[r]];return v[e][_[a]^k[n]]<<4|w[e][n^a]}function K(e,t){let r=ze(e,0),i=ze(e,1),n=ze(e,2),a=ze(e,3);switch(f){case 4:r=A[1][r]^ze(t[3],0),i=A[0][i]^ze(t[3],1),n=A[0][n]^ze(t[3],2),a=A[1][a]^ze(t[3],3);case 3:r=A[1][r]^ze(t[2],0),i=A[1][i]^ze(t[2],1),n=A[0][n]^ze(t[2],2),a=A[0][a]^ze(t[2],3);case 2:r=A[0][A[0][r]^ze(t[1],0)]^ze(t[0],0),i=A[0][A[1][i]^ze(t[1],1)]^ze(t[0],1),n=A[1][A[0][n]^ze(t[1],2)]^ze(t[0],2),a=A[1][A[1][a]^ze(t[1],3)]^ze(t[0],3)}return S[0][r]^S[1][i]^S[2][n]^S[3][a]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Be(e,r);for(r=0;r<256;r++)A[0][r]=M(0,r),A[1][r]=M(1,r);for(r=0;r<256;r++)p=A[1][r],y=E(p),b=P(p),S[0][r]=p+(y<<8)+(b<<16)+(b<<24),S[2][r]=y+(b<<8)+(p<<16)+(b<<24),p=A[0][r],y=E(p),b=P(p),S[1][r]=b+(b<<8)+(y<<16)+(p<<24),S[3][r]=y+(p<<8)+(b<<16)+(y<<24);for(f=d.length/2,r=0;r=0;e--)c(e,a);Te(t,r,a[2]^i[0]),Te(t,r+4,a[3]^i[1]),Te(t,r+8,a[0]^i[2]),Te(t,r+12,a[1]^i[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Fe(){}function Oe(e){this.bf=new Fe,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}qe.keySize=qe.prototype.keySize=32,qe.blockSize=qe.prototype.blockSize=16,Fe.prototype.BLOCKSIZE=8,Fe.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Fe.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Fe.prototype.NN=16,Fe.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Fe.prototype._F=function(e){let t;const r=255&e,i=255&(e>>>=8),n=255&(e>>>=8),a=255&(e>>>=8);return t=this.sboxes[0][a]+this.sboxes[1][n],t^=this.sboxes[2][i],t+=this.sboxes[3][r],t},Fe.prototype._encryptBlock=function(e){let t,r=e[0],i=e[1];for(t=0;t>>24-8*t&255,n[t+i]=r[1]>>>24-8*t&255;return n},Fe.prototype._decryptBlock=function(e){let t,r=e[0],i=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],i=this._F(r)^i;const e=r;r=i,i=e}r^=this.parray[1],i^=this.parray[0],e[0]=this._clean(i),e[1]=this._clean(r)},Fe.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^i}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const i=[0,0];for(t=0;t>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=t+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=r+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=c+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=u+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=h+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=d+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=f+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=l+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=p+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=y+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=b+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=m+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=g+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=w+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;x=v+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=g^l^r^e;M=P<<1|P>>>31;x=M+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=w^p^c^t;K=P<<1|P>>>31;x=K+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=v^y^u^r;C=P<<1|P>>>31;x=C+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=M^b^h^c;D=P<<1|P>>>31;x=D+(_<<5|_>>>27)+E+(k&A|~k&S)+0x5a827999|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=K^m^d^u;U=P<<1|P>>>31;x=U+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=C^g^f^h;R=P<<1|P>>>31;x=R+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=D^w^l^d;I=P<<1|P>>>31;x=I+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=U^v^p^f;B=P<<1|P>>>31;x=B+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=R^M^y^l;T=P<<1|P>>>31;x=T+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=I^K^b^p;z=P<<1|P>>>31;x=z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=B^C^m^y;q=P<<1|P>>>31;x=q+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=T^D^g^b;F=P<<1|P>>>31;x=F+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=z^U^w^m;O=P<<1|P>>>31;x=O+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=q^R^v^g;L=P<<1|P>>>31;x=L+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=F^I^M^w;N=P<<1|P>>>31;x=N+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=O^B^K^v;j=P<<1|P>>>31;x=j+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=L^T^C^M;H=P<<1|P>>>31;x=H+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=N^z^D^K;W=P<<1|P>>>31;x=W+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=j^q^U^C;G=P<<1|P>>>31;x=G+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=H^F^R^D;V=P<<1|P>>>31;x=V+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=W^O^I^U;$=P<<1|P>>>31;x=$+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=G^L^B^R;Z=P<<1|P>>>31;x=Z+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=V^N^T^I;X=P<<1|P>>>31;x=X+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=$^j^z^B;Y=P<<1|P>>>31;x=Y+(_<<5|_>>>27)+E+(k^A^S)+0x6ed9eba1|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Z^H^q^T;Q=P<<1|P>>>31;x=Q+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=X^W^F^z;J=P<<1|P>>>31;x=J+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Y^G^O^q;ee=P<<1|P>>>31;x=ee+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Q^V^L^F;te=P<<1|P>>>31;x=te+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=J^$^N^O;re=P<<1|P>>>31;x=re+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ee^Z^j^L;ie=P<<1|P>>>31;x=ie+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=te^X^H^N;ne=P<<1|P>>>31;x=ne+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=re^Y^W^j;ae=P<<1|P>>>31;x=ae+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ie^Q^G^H;se=P<<1|P>>>31;x=se+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ne^J^V^W;oe=P<<1|P>>>31;x=oe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ae^ee^$^G;ce=P<<1|P>>>31;x=ce+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=se^te^Z^V;ue=P<<1|P>>>31;x=ue+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=oe^re^X^$;he=P<<1|P>>>31;x=he+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ce^ie^Y^Z;de=P<<1|P>>>31;x=de+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ue^ne^Q^X;fe=P<<1|P>>>31;x=fe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=he^ae^J^Y;le=P<<1|P>>>31;x=le+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=de^se^ee^Q;pe=P<<1|P>>>31;x=pe+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=fe^oe^te^J;ye=P<<1|P>>>31;x=ye+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=le^ce^re^ee;be=P<<1|P>>>31;x=be+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=pe^ue^ie^te;me=P<<1|P>>>31;x=me+(_<<5|_>>>27)+E+(k&A|k&S|A&S)-0x70e44324|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ye^he^ne^re;ge=P<<1|P>>>31;x=ge+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=be^de^ae^ie;we=P<<1|P>>>31;x=we+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=me^fe^se^ne;ve=P<<1|P>>>31;x=ve+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ge^le^oe^ae;_e=P<<1|P>>>31;x=_e+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=we^pe^ce^se;ke=P<<1|P>>>31;x=ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ve^ye^ue^oe;Ae=P<<1|P>>>31;x=Ae+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=_e^be^he^ce;Se=P<<1|P>>>31;x=Se+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=ke^me^de^ue;Ee=P<<1|P>>>31;x=Ee+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ae^ge^fe^he;Pe=P<<1|P>>>31;x=Pe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Se^we^le^de;xe=P<<1|P>>>31;x=xe+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ee^ve^pe^fe;Me=P<<1|P>>>31;x=Me+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Pe^_e^ye^le;Ke=P<<1|P>>>31;x=Ke+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=xe^ke^be^pe;Ce=P<<1|P>>>31;x=Ce+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Me^Ae^me^ye;De=P<<1|P>>>31;x=De+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ke^Se^ge^be;Ue=P<<1|P>>>31;x=Ue+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ce^Ee^we^me;Re=P<<1|P>>>31;x=Re+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=De^Pe^ve^ge;Ie=P<<1|P>>>31;x=Ie+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ue^xe^_e^we;Be=P<<1|P>>>31;x=Be+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Re^Me^ke^ve;Te=P<<1|P>>>31;x=Te+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;P=Ie^Ke^Ae^_e;ze=P<<1|P>>>31;x=ze+(_<<5|_>>>27)+E+(k^A^S)-0x359d3e2a|0;E=S;S=A;A=k<<30|k>>>2;k=_;_=x;i=i+_|0;n=n+k|0;a=a+A|0;s=s+S|0;o=o+E|0}function k(e){e=e|0;_(v[e|0]<<24|v[e|1]<<16|v[e|2]<<8|v[e|3],v[e|4]<<24|v[e|5]<<16|v[e|6]<<8|v[e|7],v[e|8]<<24|v[e|9]<<16|v[e|10]<<8|v[e|11],v[e|12]<<24|v[e|13]<<16|v[e|14]<<8|v[e|15],v[e|16]<<24|v[e|17]<<16|v[e|18]<<8|v[e|19],v[e|20]<<24|v[e|21]<<16|v[e|22]<<8|v[e|23],v[e|24]<<24|v[e|25]<<16|v[e|26]<<8|v[e|27],v[e|28]<<24|v[e|29]<<16|v[e|30]<<8|v[e|31],v[e|32]<<24|v[e|33]<<16|v[e|34]<<8|v[e|35],v[e|36]<<24|v[e|37]<<16|v[e|38]<<8|v[e|39],v[e|40]<<24|v[e|41]<<16|v[e|42]<<8|v[e|43],v[e|44]<<24|v[e|45]<<16|v[e|46]<<8|v[e|47],v[e|48]<<24|v[e|49]<<16|v[e|50]<<8|v[e|51],v[e|52]<<24|v[e|53]<<16|v[e|54]<<8|v[e|55],v[e|56]<<24|v[e|57]<<16|v[e|58]<<8|v[e|59],v[e|60]<<24|v[e|61]<<16|v[e|62]<<8|v[e|63])}function A(e){e=e|0;v[e|0]=i>>>24;v[e|1]=i>>>16&255;v[e|2]=i>>>8&255;v[e|3]=i&255;v[e|4]=n>>>24;v[e|5]=n>>>16&255;v[e|6]=n>>>8&255;v[e|7]=n&255;v[e|8]=a>>>24;v[e|9]=a>>>16&255;v[e|10]=a>>>8&255;v[e|11]=a&255;v[e|12]=s>>>24;v[e|13]=s>>>16&255;v[e|14]=s>>>8&255;v[e|15]=s&255;v[e|16]=o>>>24;v[e|17]=o>>>16&255;v[e|18]=o>>>8&255;v[e|19]=o&255}function S(){i=0x67452301;n=0xefcdab89;a=0x98badcfe;s=0x10325476;o=0xc3d2e1f0;c=u=0}function E(e,t,r,h,d,f,l){e=e|0;t=t|0;r=r|0;h=h|0;d=d|0;f=f|0;l=l|0;i=e;n=t;a=r;s=h;o=d;c=f;u=l}function P(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){k(e);e=e+64|0;t=t-64|0;r=r+64|0}c=c+r|0;if(c>>>0>>0)u=u+1|0;return r|0}function x(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=P(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;c=c+t|0;if(c>>>0>>0)u=u+1|0;v[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)v[e|n]=0x00;k(e);t=0;v[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)v[e|n]=0;v[e|56]=u>>>21&255;v[e|57]=u>>>13&255;v[e|58]=u>>>5&255;v[e|59]=u<<3&255|c>>>29;v[e|60]=c>>>21&255;v[e|61]=c>>>13&255;v[e|62]=c>>>5&255;v[e|63]=c<<3&255;k(e);if(~r)A(r);return i|0}function M(){i=h;n=d;a=f;s=l;o=p;c=64;u=0}function K(){i=y;n=b;a=m;s=g;o=w;c=64;u=0}function C(e,t,r,v,k,A,E,P,x,M,K,C,D,U,R,I){e=e|0;t=t|0;r=r|0;v=v|0;k=k|0;A=A|0;E=E|0;P=P|0;x=x|0;M=M|0;K=K|0;C=C|0;D=D|0;U=U|0;R=R|0;I=I|0;S();_(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,v^0x5c5c5c5c,k^0x5c5c5c5c,A^0x5c5c5c5c,E^0x5c5c5c5c,P^0x5c5c5c5c,x^0x5c5c5c5c,M^0x5c5c5c5c,K^0x5c5c5c5c,C^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,R^0x5c5c5c5c,I^0x5c5c5c5c);y=i;b=n;m=a;g=s;w=o;S();_(e^0x36363636,t^0x36363636,r^0x36363636,v^0x36363636,k^0x36363636,A^0x36363636,E^0x36363636,P^0x36363636,x^0x36363636,M^0x36363636,K^0x36363636,C^0x36363636,D^0x36363636,U^0x36363636,R^0x36363636,I^0x36363636);h=i;d=n;f=a;l=s;p=o;c=64;u=0}function D(e,t,r){e=e|0;t=t|0;r=r|0;var c=0,u=0,h=0,d=0,f=0,l=0;if(e&63)return-1;if(~r)if(r&31)return-1;l=x(e,t,-1)|0;c=i,u=n,h=a,d=s,f=o;K();_(c,u,h,d,f,0x80000000,0,0,0,0,0,0,0,0,0,672);if(~r)A(r);return l|0}function U(e,t,r,c,u){e=e|0;t=t|0;r=r|0;c=c|0;u=u|0;var h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;if(e&63)return-1;if(~u)if(u&31)return-1;v[e+t|0]=r>>>24;v[e+t+1|0]=r>>>16&255;v[e+t+2|0]=r>>>8&255;v[e+t+3|0]=r&255;D(e,t+4|0,-1)|0;h=y=i,d=b=n,f=m=a,l=g=s,p=w=o;c=c-1|0;while((c|0)>0){M();_(y,b,m,g,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,m=a,g=s,w=o;K();_(y,b,m,g,w,0x80000000,0,0,0,0,0,0,0,0,0,672);y=i,b=n,m=a,g=s,w=o;h=h^i;d=d^n;f=f^a;l=l^s;p=p^o;c=c-1|0}i=h;n=d;a=f;s=l;o=p;if(~u)A(u);return 0}return{reset:S,init:E,process:P,finish:x,hmac_reset:M,hmac_init:C,hmac_finish:D,pbkdf2_generate_block:U}};class Ve{constructor(){this.pos=0,this.len=0}reset(){const{asm:e}=this.acquire_asm();return this.result=null,this.pos=0,this.len=0,e.reset(),this}process(e){if(null!==this.result)throw new ve("state must be reset before processing new data");const{asm:t,heap:r}=this.acquire_asm();let i=this.pos,n=this.len,a=0,s=e.length,o=0;for(;s>0;)o=ge(r,i+n,e,a,s),n+=o,a+=o,s-=o,o=t.process(i,n),i+=o,n-=o,n||(i=0);return this.pos=i,this.len=n,this}finish(){if(null!==this.result)throw new ve("state must be reset before processing new data");const{asm:e,heap:t}=this.acquire_asm();return e.finish(this.pos,this.len,0),this.result=new Uint8Array(this.HASH_SIZE),this.result.set(t.subarray(0,this.HASH_SIZE)),this.pos=0,this.len=0,this.release_asm(),this}}const $e=[],Ze=[];class Xe extends Ve{constructor(){super(),this.NAME="sha1",this.BLOCK_SIZE=64,this.HASH_SIZE=20,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=$e.pop()||me(),this.asm=Ze.pop()||Ge({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&($e.push(this.heap),Ze.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new Xe).process(e).finish().result}}Xe.NAME="sha1",Xe.heap_pool=[],Xe.asm_pool=[],Xe.asm_function=Ge;const Ye=[],Qe=[];class Je extends Ve{constructor(){super(),this.NAME="sha256",this.BLOCK_SIZE=64,this.HASH_SIZE=32,this.acquire_asm()}acquire_asm(){return void 0!==this.heap&&void 0!==this.asm||(this.heap=Ye.pop()||me(),this.asm=Qe.pop()||function(e,t,r){"use asm";var i=0,n=0,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=new e.Uint8Array(r);function C(e,t,r,d,f,l,p,y,b,m,g,w,v,_,k,A){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;l=l|0;p=p|0;y=y|0;b=b|0;m=m|0;g=g|0;w=w|0;v=v|0;_=_|0;k=k|0;A=A|0;var S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0;S=i;E=n;P=a;x=s;M=o;K=c;C=u;D=h;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x428a2f98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x71374491|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb5c0fbcf|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xe9b5dba5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x3956c25b|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x59f111f1|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x923f82a4|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xab1c5ed5|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xd807aa98|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x12835b01|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x243185be|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x550c7dc3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x72be5d74|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x80deb1fe|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x9bdc06a7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc19bf174|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xe49b69c1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xefbe4786|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x0fc19dc6|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x240ca1cc|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x2de92c6f|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4a7484aa|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5cb0a9dc|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x76f988da|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x983e5152|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa831c66d|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xb00327c8|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xbf597fc7|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xc6e00bf3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd5a79147|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x06ca6351|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x14292967|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x27b70a85|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x2e1b2138|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x4d2c6dfc|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x53380d13|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x650a7354|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x766a0abb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x81c2c92e|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x92722c85|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0xa2bfe8a1|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0xa81a664b|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0xc24b8b70|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0xc76c51a3|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0xd192e819|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xd6990624|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xf40e3585|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x106aa070|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;e=(t>>>7^t>>>18^t>>>3^t<<25^t<<14)+(k>>>17^k>>>19^k>>>10^k<<15^k<<13)+e+m|0;D=e+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x19a4c116|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;t=(r>>>7^r>>>18^r>>>3^r<<25^r<<14)+(A>>>17^A>>>19^A>>>10^A<<15^A<<13)+t+g|0;C=t+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x1e376c08|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;r=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+r+w|0;K=r+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x2748774c|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;d=(f>>>7^f>>>18^f>>>3^f<<25^f<<14)+(t>>>17^t>>>19^t>>>10^t<<15^t<<13)+d+v|0;M=d+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x34b0bcb5|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;f=(l>>>7^l>>>18^l>>>3^l<<25^l<<14)+(r>>>17^r>>>19^r>>>10^r<<15^r<<13)+f+_|0;x=f+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x391c0cb3|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;l=(p>>>7^p>>>18^p>>>3^p<<25^p<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+l+k|0;P=l+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0x4ed8aa4a|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;p=(y>>>7^y>>>18^y>>>3^y<<25^y<<14)+(f>>>17^f>>>19^f>>>10^f<<15^f<<13)+p+A|0;E=p+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0x5b9cca4f|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;y=(b>>>7^b>>>18^b>>>3^b<<25^b<<14)+(l>>>17^l>>>19^l>>>10^l<<15^l<<13)+y+e|0;S=y+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0x682e6ff3|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;b=(m>>>7^m>>>18^m>>>3^m<<25^m<<14)+(p>>>17^p>>>19^p>>>10^p<<15^p<<13)+b+t|0;D=b+D+(M>>>6^M>>>11^M>>>25^M<<26^M<<21^M<<7)+(C^M&(K^C))+0x748f82ee|0;x=x+D|0;D=D+(S&E^P&(S^E))+(S>>>2^S>>>13^S>>>22^S<<30^S<<19^S<<10)|0;m=(g>>>7^g>>>18^g>>>3^g<<25^g<<14)+(y>>>17^y>>>19^y>>>10^y<<15^y<<13)+m+r|0;C=m+C+(x>>>6^x>>>11^x>>>25^x<<26^x<<21^x<<7)+(K^x&(M^K))+0x78a5636f|0;P=P+C|0;C=C+(D&S^E&(D^S))+(D>>>2^D>>>13^D>>>22^D<<30^D<<19^D<<10)|0;g=(w>>>7^w>>>18^w>>>3^w<<25^w<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+g+d|0;K=g+K+(P>>>6^P>>>11^P>>>25^P<<26^P<<21^P<<7)+(M^P&(x^M))+0x84c87814|0;E=E+K|0;K=K+(C&D^S&(C^D))+(C>>>2^C>>>13^C>>>22^C<<30^C<<19^C<<10)|0;w=(v>>>7^v>>>18^v>>>3^v<<25^v<<14)+(m>>>17^m>>>19^m>>>10^m<<15^m<<13)+w+f|0;M=w+M+(E>>>6^E>>>11^E>>>25^E<<26^E<<21^E<<7)+(x^E&(P^x))+0x8cc70208|0;S=S+M|0;M=M+(K&C^D&(K^C))+(K>>>2^K>>>13^K>>>22^K<<30^K<<19^K<<10)|0;v=(_>>>7^_>>>18^_>>>3^_<<25^_<<14)+(g>>>17^g>>>19^g>>>10^g<<15^g<<13)+v+l|0;x=v+x+(S>>>6^S>>>11^S>>>25^S<<26^S<<21^S<<7)+(P^S&(E^P))+0x90befffa|0;D=D+x|0;x=x+(M&K^C&(M^K))+(M>>>2^M>>>13^M>>>22^M<<30^M<<19^M<<10)|0;_=(k>>>7^k>>>18^k>>>3^k<<25^k<<14)+(w>>>17^w>>>19^w>>>10^w<<15^w<<13)+_+p|0;P=_+P+(D>>>6^D>>>11^D>>>25^D<<26^D<<21^D<<7)+(E^D&(S^E))+0xa4506ceb|0;C=C+P|0;P=P+(x&M^K&(x^M))+(x>>>2^x>>>13^x>>>22^x<<30^x<<19^x<<10)|0;k=(A>>>7^A>>>18^A>>>3^A<<25^A<<14)+(v>>>17^v>>>19^v>>>10^v<<15^v<<13)+k+y|0;E=k+E+(C>>>6^C>>>11^C>>>25^C<<26^C<<21^C<<7)+(S^C&(D^S))+0xbef9a3f7|0;K=K+E|0;E=E+(P&x^M&(P^x))+(P>>>2^P>>>13^P>>>22^P<<30^P<<19^P<<10)|0;A=(e>>>7^e>>>18^e>>>3^e<<25^e<<14)+(_>>>17^_>>>19^_>>>10^_<<15^_<<13)+A+b|0;S=A+S+(K>>>6^K>>>11^K>>>25^K<<26^K<<21^K<<7)+(D^K&(C^D))+0xc67178f2|0;M=M+S|0;S=S+(E&P^x&(E^P))+(E>>>2^E>>>13^E>>>22^E<<30^E<<19^E<<10)|0;i=i+S|0;n=n+E|0;a=a+P|0;s=s+x|0;o=o+M|0;c=c+K|0;u=u+C|0;h=h+D|0}function D(e){e=e|0;C(K[e|0]<<24|K[e|1]<<16|K[e|2]<<8|K[e|3],K[e|4]<<24|K[e|5]<<16|K[e|6]<<8|K[e|7],K[e|8]<<24|K[e|9]<<16|K[e|10]<<8|K[e|11],K[e|12]<<24|K[e|13]<<16|K[e|14]<<8|K[e|15],K[e|16]<<24|K[e|17]<<16|K[e|18]<<8|K[e|19],K[e|20]<<24|K[e|21]<<16|K[e|22]<<8|K[e|23],K[e|24]<<24|K[e|25]<<16|K[e|26]<<8|K[e|27],K[e|28]<<24|K[e|29]<<16|K[e|30]<<8|K[e|31],K[e|32]<<24|K[e|33]<<16|K[e|34]<<8|K[e|35],K[e|36]<<24|K[e|37]<<16|K[e|38]<<8|K[e|39],K[e|40]<<24|K[e|41]<<16|K[e|42]<<8|K[e|43],K[e|44]<<24|K[e|45]<<16|K[e|46]<<8|K[e|47],K[e|48]<<24|K[e|49]<<16|K[e|50]<<8|K[e|51],K[e|52]<<24|K[e|53]<<16|K[e|54]<<8|K[e|55],K[e|56]<<24|K[e|57]<<16|K[e|58]<<8|K[e|59],K[e|60]<<24|K[e|61]<<16|K[e|62]<<8|K[e|63])}function U(e){e=e|0;K[e|0]=i>>>24;K[e|1]=i>>>16&255;K[e|2]=i>>>8&255;K[e|3]=i&255;K[e|4]=n>>>24;K[e|5]=n>>>16&255;K[e|6]=n>>>8&255;K[e|7]=n&255;K[e|8]=a>>>24;K[e|9]=a>>>16&255;K[e|10]=a>>>8&255;K[e|11]=a&255;K[e|12]=s>>>24;K[e|13]=s>>>16&255;K[e|14]=s>>>8&255;K[e|15]=s&255;K[e|16]=o>>>24;K[e|17]=o>>>16&255;K[e|18]=o>>>8&255;K[e|19]=o&255;K[e|20]=c>>>24;K[e|21]=c>>>16&255;K[e|22]=c>>>8&255;K[e|23]=c&255;K[e|24]=u>>>24;K[e|25]=u>>>16&255;K[e|26]=u>>>8&255;K[e|27]=u&255;K[e|28]=h>>>24;K[e|29]=h>>>16&255;K[e|30]=h>>>8&255;K[e|31]=h&255}function R(){i=0x6a09e667;n=0xbb67ae85;a=0x3c6ef372;s=0xa54ff53a;o=0x510e527f;c=0x9b05688c;u=0x1f83d9ab;h=0x5be0cd19;d=f=0}function I(e,t,r,l,p,y,b,m,g,w){e=e|0;t=t|0;r=r|0;l=l|0;p=p|0;y=y|0;b=b|0;m=m|0;g=g|0;w=w|0;i=e;n=t;a=r;s=l;o=p;c=y;u=b;h=m;d=g;f=w}function B(e,t){e=e|0;t=t|0;var r=0;if(e&63)return-1;while((t|0)>=64){D(e);e=e+64|0;t=t-64|0;r=r+64|0}d=d+r|0;if(d>>>0>>0)f=f+1|0;return r|0}function T(e,t,r){e=e|0;t=t|0;r=r|0;var i=0,n=0;if(e&63)return-1;if(~r)if(r&31)return-1;if((t|0)>=64){i=B(e,t)|0;if((i|0)==-1)return-1;e=e+i|0;t=t-i|0}i=i+t|0;d=d+t|0;if(d>>>0>>0)f=f+1|0;K[e|t]=0x80;if((t|0)>=56){for(n=t+1|0;(n|0)<64;n=n+1|0)K[e|n]=0x00;D(e);t=0;K[e|0]=0}for(n=t+1|0;(n|0)<59;n=n+1|0)K[e|n]=0;K[e|56]=f>>>21&255;K[e|57]=f>>>13&255;K[e|58]=f>>>5&255;K[e|59]=f<<3&255|d>>>29;K[e|60]=d>>>21&255;K[e|61]=d>>>13&255;K[e|62]=d>>>5&255;K[e|63]=d<<3&255;D(e);if(~r)U(r);return i|0}function z(){i=l;n=p;a=y;s=b;o=m;c=g;u=w;h=v;d=64;f=0}function q(){i=_;n=k;a=A;s=S;o=E;c=P;u=x;h=M;d=64;f=0}function F(e,t,r,K,D,U,I,B,T,z,q,F,O,L,N,j){e=e|0;t=t|0;r=r|0;K=K|0;D=D|0;U=U|0;I=I|0;B=B|0;T=T|0;z=z|0;q=q|0;F=F|0;O=O|0;L=L|0;N=N|0;j=j|0;R();C(e^0x5c5c5c5c,t^0x5c5c5c5c,r^0x5c5c5c5c,K^0x5c5c5c5c,D^0x5c5c5c5c,U^0x5c5c5c5c,I^0x5c5c5c5c,B^0x5c5c5c5c,T^0x5c5c5c5c,z^0x5c5c5c5c,q^0x5c5c5c5c,F^0x5c5c5c5c,O^0x5c5c5c5c,L^0x5c5c5c5c,N^0x5c5c5c5c,j^0x5c5c5c5c);_=i;k=n;A=a;S=s;E=o;P=c;x=u;M=h;R();C(e^0x36363636,t^0x36363636,r^0x36363636,K^0x36363636,D^0x36363636,U^0x36363636,I^0x36363636,B^0x36363636,T^0x36363636,z^0x36363636,q^0x36363636,F^0x36363636,O^0x36363636,L^0x36363636,N^0x36363636,j^0x36363636);l=i;p=n;y=a;b=s;m=o;g=c;w=u;v=h;d=64;f=0}function O(e,t,r){e=e|0;t=t|0;r=r|0;var d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0;if(e&63)return-1;if(~r)if(r&31)return-1;w=T(e,t,-1)|0;d=i,f=n,l=a,p=s,y=o,b=c,m=u,g=h;q();C(d,f,l,p,y,b,m,g,0x80000000,0,0,0,0,0,0,768);if(~r)U(r);return w|0}function L(e,t,r,d,f){e=e|0;t=t|0;r=r|0;d=d|0;f=f|0;var l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0;if(e&63)return-1;if(~f)if(f&31)return-1;K[e+t|0]=r>>>24;K[e+t+1|0]=r>>>16&255;K[e+t+2|0]=r>>>8&255;K[e+t+3|0]=r&255;O(e,t+4|0,-1)|0;l=_=i,p=k=n,y=A=a,b=S=s,m=E=o,g=P=c,w=x=u,v=M=h;d=d-1|0;while((d|0)>0){z();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;q();C(_,k,A,S,E,P,x,M,0x80000000,0,0,0,0,0,0,768);_=i,k=n,A=a,S=s,E=o,P=c,x=u,M=h;l=l^i;p=p^n;y=y^a;b=b^s;m=m^o;g=g^c;w=w^u;v=v^h;d=d-1|0}i=l;n=p;a=y;s=b;o=m;c=g;u=w;h=v;if(~f)U(f);return 0}return{reset:R,init:I,process:B,finish:T,hmac_reset:z,hmac_init:F,hmac_finish:O,pbkdf2_generate_block:L}}({Uint8Array},null,this.heap.buffer),this.reset()),{heap:this.heap,asm:this.asm}}release_asm(){void 0!==this.heap&&void 0!==this.asm&&(Ye.push(this.heap),Qe.push(this.asm)),this.heap=void 0,this.asm=void 0}static bytes(e){return(new Je).process(e).finish().result}}Je.NAME="sha256";var et=tt;function tt(e,t){if(!e)throw Error(t||"Assertion failed")}tt.equal=function(e,t,r){if(e!=t)throw Error(r||"Assertion failed: "+e+" != "+t)};var rt=void 0!==e?e:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function it(e,t){return e(t={exports:{}},t.exports),t.exports}function nt(){throw Error("Dynamic requires are not currently supported by @rollup/plugin-commonjs")}var at=it((function(e){e.exports="function"==typeof Object.create?function(e,t){e.super_=t,e.prototype=Object.create(t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}})}:function(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}}));var st=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var r=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),i=0;i>8,s=255&n;a?r.push(a,s):r.push(s)}else for(i=0;i>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}var ut=function(e,t){for(var r="",i=0;i>>0}return a};var lt=function(e,t){for(var r=Array(4*e.length),i=0,n=0;i>>24,r[n+1]=a>>>16&255,r[n+2]=a>>>8&255,r[n+3]=255&a):(r[n+3]=a>>>24,r[n+2]=a>>>16&255,r[n+1]=a>>>8&255,r[n]=255&a)}return r};var pt={inherits:at,toArray:st,toHex:ot,htonl:ct,toHex32:ut,zero2:ht,zero8:dt,join32:ft,split32:lt,rotr32:function(e,t){return e>>>t|e<<32-t},rotl32:function(e,t){return e<>>32-t},sum32:function(e,t){return e+t>>>0},sum32_3:function(e,t,r){return e+t+r>>>0},sum32_4:function(e,t,r,i){return e+t+r+i>>>0},sum32_5:function(e,t,r,i,n){return e+t+r+i+n>>>0},sum64:function(e,t,r,i){var n=e[t],a=i+e[t+1]>>>0,s=(a>>0,e[t+1]=a},sum64_hi:function(e,t,r,i){return(t+i>>>0>>0},sum64_lo:function(e,t,r,i){return t+i>>>0},sum64_4_hi:function(e,t,r,i,n,a,s,o){var c=0,u=t;return c+=(u=u+i>>>0)>>0)>>0)>>0},sum64_4_lo:function(e,t,r,i,n,a,s,o){return t+i+a+o>>>0},sum64_5_hi:function(e,t,r,i,n,a,s,o,c,u){var h=0,d=t;return h+=(d=d+i>>>0)>>0)>>0)>>0)>>0},sum64_5_lo:function(e,t,r,i,n,a,s,o,c,u){return t+i+a+o+u>>>0},rotr64_hi:function(e,t,r){return(t<<32-r|e>>>r)>>>0},rotr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0},shr64_hi:function(e,t,r){return e>>>r},shr64_lo:function(e,t,r){return(e<<32-r|t>>>r)>>>0}};function yt(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}var bt=yt;yt.prototype.update=function(e,t){if(e=pt.toArray(e,t),this.pending?this.pending=this.pending.concat(e):this.pending=e,this.pendingTotal+=e.length,this.pending.length>=this._delta8){var r=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-r,e.length),0===this.pending.length&&(this.pending=null),e=pt.join32(e,0,e.length-r,this.endian);for(var i=0;i>>24&255,i[n++]=e>>>16&255,i[n++]=e>>>8&255,i[n++]=255&e}else for(i[n++]=255&e,i[n++]=e>>>8&255,i[n++]=e>>>16&255,i[n++]=e>>>24&255,i[n++]=0,i[n++]=0,i[n++]=0,i[n++]=0,a=8;a>>3},g1_256:function(e){return gt(e,17)^gt(e,19)^e>>>10}},St=pt.sum32,Et=pt.sum32_4,Pt=pt.sum32_5,xt=At.ch32,Mt=At.maj32,Kt=At.s0_256,Ct=At.s1_256,Dt=At.g0_256,Ut=At.g1_256,Rt=mt.BlockHash,It=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function Bt(){if(!(this instanceof Bt))return new Bt;Rt.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=It,this.W=Array(64)}pt.inherits(Bt,Rt);var Tt=Bt;function zt(){if(!(this instanceof zt))return new zt;Tt.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}Bt.blockSize=512,Bt.outSize=256,Bt.hmacStrength=192,Bt.padLength=64,Bt.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;i>>32-n,r)}function Dr(e,t,r,i,n,a,s){return Cr(t&r|~t&i,e,t,n,a,s)}function Ur(e,t,r,i,n,a,s){return Cr(t&i|r&~i,e,t,n,a,s)}function Rr(e,t,r,i,n,a,s){return Cr(t^r^i,e,t,n,a,s)}function Ir(e,t,r,i,n,a,s){return Cr(r^(t|~i),e,t,n,a,s)}function Br(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const Tr="0123456789abcdef".split("");function zr(e){let t="",r=0;for(;r<4;r++)t+=Tr[e>>8*r+4&15]+Tr[e>>8*r&15];return t}function qr(e,t){return e+t&4294967295}const Fr=X.getWebCrypto(),Or=X.getNodeCrypto(),Lr=Or&&Or.getHashes();function Nr(e){if(Or&&Lr.includes(e))return async function(t){const r=Or.createHash(e);return B(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function jr(e,t){return async function(r,i=ne){if(s(r)&&(r=await N(r)),!X.isStream(r)&&Fr&&t&&r.length>=i.minBytesForWebCrypto)return new Uint8Array(await Fr.digest(t,r));const n=e();return B(r,(e=>{n.update(e)}),(()=>new Uint8Array(n.digest())))}}function Hr(e,t){return async function(r,i=ne){if(s(r)&&(r=await N(r)),X.isStream(r)){const t=new e;return B(r,(e=>{t.process(e)}),(()=>t.finish().result))}return Fr&&t&&r.length>=i.minBytesForWebCrypto?new Uint8Array(await Fr.digest(t,r)):e.bytes(r)}}const Wr={md5:Nr("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let i;for(i=64;i<=e.length;i+=64)Kr(r,Br(e.substring(i-64,i)));e=e.substring(i-64);const n=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(i=0;i>2]|=e.charCodeAt(i)<<(i%4<<3);if(n[i>>2]|=128<<(i%4<<3),i>55)for(Kr(r,n),i=0;i<16;i++)n[i]=0;return n[14]=8*t,Kr(r,n),r}(X.uint8ArrayToString(e));return X.hexToUint8Array(function(e){for(let t=0;tnew Uint8Array(a.update(e))))}(e,t,r,i);if(X.isAES(e))return function(e,t,r,i,n){if(X.getWebCrypto()&&24!==t.length&&!X.isStream(r)&&r.length>=3e3*n.minBytesForWebCrypto)return async function(e,t,r,i){const n="AES-CBC",a=await Zr.importKey("raw",t,{name:n},!1,["encrypt"]),{blockSize:s}=$r(e),o=X.concatUint8Array([new Uint8Array(s),r]),c=new Uint8Array(await Zr.encrypt({name:n,iv:i},a,o)).subarray(0,r.length);return function(e,t){for(let r=0;ra.aes.AES_Encrypt_process(e)),(()=>a.aes.AES_Encrypt_finish()))}(e,t,r,i,n);const s=new($r(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=X.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;rnew Uint8Array(a.update(e))))}(e,t,r,i);if(X.isAES(e))return function(e,t,r,i){if(X.isStream(r)){const e=new Vr(t,i);return B(r,(t=>e.aes.AES_Decrypt_process(t)),(()=>e.aes.AES_Decrypt_finish()))}return Vr.decrypt(r,t,i)}(0,t,r,i);const a=new($r(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=X.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r48)throw new _e("illegal counter size");let e=Math.pow(2,r)-1;i.set_mask(0,0,e/4294967296|0,0|e)}else r=48,i.set_mask(0,0,65535,4294967295);if(void 0===e)throw Error("nonce is required");{let t=e.length;if(!t||t>16)throw new _e("illegal nonce size");let r=new DataView(new ArrayBuffer(16));new Uint8Array(r.buffer).set(e),i.set_nonce(r.getUint32(0),r.getUint32(4),r.getUint32(8),r.getUint32(12))}if(void 0!==t){if(t<0||t>=Math.pow(2,r))throw new _e("illegal counter value");i.set_counter(0,0,t/4294967296|0,0|t)}}}class ti{static encrypt(e,t,r=!0,i){return new ti(t,i,r).encrypt(e)}static decrypt(e,t,r=!0,i){return new ti(t,i,r).decrypt(e)}constructor(e,t,r=!0,i){this.aes=i||new Ee(e,t,r,"CBC")}encrypt(e){return we(this.aes.AES_Encrypt_process(e),this.aes.AES_Encrypt_finish())}decrypt(e){return we(this.aes.AES_Decrypt_process(e),this.aes.AES_Decrypt_finish())}}const ri=X.getWebCrypto(),ii=X.getNodeCrypto(),ni=16;function ai(e,t){const r=e.length-ni;for(let i=0;i>3),17+(u>>3)),8-(7&u)).subarray(1),l=new Uint8Array(vi),p=new Uint8Array(t.length+ki);let y,b=0;for(y=0;y16)throw new _e("illegal tagSize value");const o=t.length||0,c=new Uint8Array(16);12!==o?(this._gcm_mac_process(t),s[0]=0,s[1]=0,s[2]=0,s[3]=0,s[4]=0,s[5]=0,s[6]=0,s[7]=0,s[8]=0,s[9]=0,s[10]=0,s[11]=o>>>29,s[12]=o>>>21&255,s[13]=o>>>13&255,s[14]=o>>>5&255,s[15]=o<<3&255,a.mac(ye.MAC.GCM,ye.HEAP_DATA,16),a.get_iv(ye.HEAP_DATA),a.set_iv(0,0,0,0),c.set(s.subarray(0,16))):(c.set(t),c[15]=1);const u=new DataView(c.buffer);if(this.gamma0=u.getUint32(12),a.set_nonce(u.getUint32(0),u.getUint32(4),u.getUint32(8),0),a.set_mask(0,0,0,4294967295),void 0!==r){if(r.length>Ki)throw new _e("illegal adata length");r.length?(this.adata=r,this._gcm_mac_process(r)):this.adata=void 0}else this.adata=void 0;if(this.counter<1||this.counter>4294967295)throw new RangeError("counter must be a positive 32-bit integer");a.set_counter(0,0,0,this.gamma0+this.counter|0)}static encrypt(e,t,r,i,n){return new Ci(t,r,i,n).encrypt(e)}static decrypt(e,t,r,i,n){return new Ci(t,r,i,n).decrypt(e)}encrypt(e){return this.AES_GCM_encrypt(e)}decrypt(e){return this.AES_GCM_decrypt(e)}AES_GCM_Encrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.aes.pos,o=this.aes.len,c=0,u=o+r&-16,h=0;if((a-1<<4)+o+r>Ki)throw new RangeError("counter overflow");const d=new Uint8Array(u);for(;r>0;)h=ge(n,s+o,e,t,r),o+=h,t+=h,r-=h,h=i.cipher(ye.ENC.CTR,ye.HEAP_DATA+s,o),h=i.mac(ye.MAC.GCM,ye.HEAP_DATA+s,h),h&&d.set(n.subarray(s,s+h),c),a+=h>>>4,c+=h,h>>29,t[4]=u>>>21,t[5]=u>>>13&255,t[6]=u>>>5&255,t[7]=u<<3&255,t[8]=t[9]=t[10]=0,t[11]=h>>>29,t[12]=h>>>21&255,t[13]=h>>>13&255,t[14]=h>>>5&255,t[15]=h<<3&255,e.mac(ye.MAC.GCM,ye.HEAP_DATA,16),e.get_iv(ye.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(ye.ENC.CTR,ye.HEAP_DATA,16),o.set(t.subarray(0,i),s),this.counter=1,this.aes.pos=0,this.aes.len=0,o}AES_GCM_Decrypt_process(e){let t=0,r=e.length||0,{asm:i,heap:n}=this.aes.acquire_asm(),a=this.counter,s=this.tagSize,o=this.aes.pos,c=this.aes.len,u=0,h=c+r>s?c+r-s&-16:0,d=c+r-h,f=0;if((a-1<<4)+c+r>Ki)throw new RangeError("counter overflow");const l=new Uint8Array(h);for(;r>d;)f=ge(n,o+c,e,t,r-d),c+=f,t+=f,r-=f,f=i.mac(ye.MAC.GCM,ye.HEAP_DATA+o,f),f=i.cipher(ye.DEC.CTR,ye.HEAP_DATA+o,f),f&&l.set(n.subarray(o,o+f),u),a+=f>>>4,u+=f,o=0,c=0;return r>0&&(c+=ge(n,0,e,t,r)),this.counter=a,this.aes.pos=o,this.aes.len=c,l}AES_GCM_Decrypt_finish(){let{asm:e,heap:t}=this.aes.acquire_asm(),r=this.tagSize,i=this.adata,n=this.counter,a=this.aes.pos,s=this.aes.len,o=s-r;if(s>>29,t[4]=d>>>21,t[5]=d>>>13&255,t[6]=d>>>5&255,t[7]=d<<3&255,t[8]=t[9]=t[10]=0,t[11]=f>>>29,t[12]=f>>>21&255,t[13]=f>>>13&255,t[14]=f>>>5&255,t[15]=f<<3&255,e.mac(ye.MAC.GCM,ye.HEAP_DATA,16),e.get_iv(ye.HEAP_DATA),e.set_counter(0,0,0,this.gamma0),e.cipher(ye.ENC.CTR,ye.HEAP_DATA,16);let l=0;for(let e=0;e0;){for(a=ge(r,0,e,i,n),i+=a,n-=a;15&a;)r[a++]=0;t.mac(ye.MAC.GCM,ye.HEAP_DATA,a)}}}const Di=X.getWebCrypto(),Ui=X.getNodeCrypto(),Ri=X.getNodeBuffer(),Ii=16,Bi="AES-GCM";async function Ti(e,t){if(e!==$.symmetric.aes128&&e!==$.symmetric.aes192&&e!==$.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(X.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new Ui.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=Ri.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new Ui.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-Ii,e.length));const a=Ri.concat([n.update(e.slice(0,e.length-Ii)),n.final()]);return new Uint8Array(a)}};if(X.getWebCrypto()&&24!==t.length){const e=await Di.importKey("raw",t,{name:Bi},!1,["encrypt","decrypt"]);return{encrypt:async function(r,i,n=new Uint8Array){if(!r.length)return Ci.encrypt(r,t,i,n);const a=await Di.encrypt({name:Bi,iv:i,additionalData:n,tagLength:8*Ii},e,r);return new Uint8Array(a)},decrypt:async function(r,i,n=new Uint8Array){if(r.length===Ii)return Ci.decrypt(r,t,i,n);const a=await Di.decrypt({name:Bi,iv:i,additionalData:n,tagLength:8*Ii},e,r);return new Uint8Array(a)}}}return{encrypt:async function(e,r,i){return Ci.encrypt(e,t,r,i)},decrypt:async function(e,r,i){return Ci.decrypt(e,t,r,i)}}}Ti.getNonce=function(e,t){const r=e.slice();for(let e=0;e>>8)-1}(e,t,r,i,32)}function l(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function p(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function y(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function b(e,r){var i,n,a,s=t(),o=t();for(i=0;i<16;i++)o[i]=r[i];for(p(o),p(o),p(o),n=0;n<2;n++){for(s[0]=o[0]-65517,i=1;i<15;i++)s[i]=o[i]-65535-(s[i-1]>>16&1),s[i-1]&=65535;s[15]=o[15]-32767-(s[14]>>16&1),a=s[15]>>16&1,s[14]&=65535,y(o,s,1-a)}for(i=0;i<16;i++)e[2*i]=255&o[i],e[2*i+1]=o[i]>>8}function m(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return b(r,e),b(i,t),f(r,0,i,0)}function g(e){var t=new Uint8Array(32);return b(t,e),1&t[0]}function w(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function v(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function _(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function k(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,d=0,f=0,l=0,p=0,y=0,b=0,m=0,g=0,w=0,v=0,_=0,k=0,A=0,S=0,E=0,P=0,x=0,M=0,K=0,C=0,D=0,U=0,R=0,I=0,B=0,T=r[0],z=r[1],q=r[2],F=r[3],O=r[4],L=r[5],N=r[6],j=r[7],H=r[8],W=r[9],G=r[10],V=r[11],$=r[12],Z=r[13],X=r[14],Y=r[15];a+=(i=t[0])*T,s+=i*z,o+=i*q,c+=i*F,u+=i*O,h+=i*L,d+=i*N,f+=i*j,l+=i*H,p+=i*W,y+=i*G,b+=i*V,m+=i*$,g+=i*Z,w+=i*X,v+=i*Y,s+=(i=t[1])*T,o+=i*z,c+=i*q,u+=i*F,h+=i*O,d+=i*L,f+=i*N,l+=i*j,p+=i*H,y+=i*W,b+=i*G,m+=i*V,g+=i*$,w+=i*Z,v+=i*X,_+=i*Y,o+=(i=t[2])*T,c+=i*z,u+=i*q,h+=i*F,d+=i*O,f+=i*L,l+=i*N,p+=i*j,y+=i*H,b+=i*W,m+=i*G,g+=i*V,w+=i*$,v+=i*Z,_+=i*X,k+=i*Y,c+=(i=t[3])*T,u+=i*z,h+=i*q,d+=i*F,f+=i*O,l+=i*L,p+=i*N,y+=i*j,b+=i*H,m+=i*W,g+=i*G,w+=i*V,v+=i*$,_+=i*Z,k+=i*X,A+=i*Y,u+=(i=t[4])*T,h+=i*z,d+=i*q,f+=i*F,l+=i*O,p+=i*L,y+=i*N,b+=i*j,m+=i*H,g+=i*W,w+=i*G,v+=i*V,_+=i*$,k+=i*Z,A+=i*X,S+=i*Y,h+=(i=t[5])*T,d+=i*z,f+=i*q,l+=i*F,p+=i*O,y+=i*L,b+=i*N,m+=i*j,g+=i*H,w+=i*W,v+=i*G,_+=i*V,k+=i*$,A+=i*Z,S+=i*X,E+=i*Y,d+=(i=t[6])*T,f+=i*z,l+=i*q,p+=i*F,y+=i*O,b+=i*L,m+=i*N,g+=i*j,w+=i*H,v+=i*W,_+=i*G,k+=i*V,A+=i*$,S+=i*Z,E+=i*X,P+=i*Y,f+=(i=t[7])*T,l+=i*z,p+=i*q,y+=i*F,b+=i*O,m+=i*L,g+=i*N,w+=i*j,v+=i*H,_+=i*W,k+=i*G,A+=i*V,S+=i*$,E+=i*Z,P+=i*X,x+=i*Y,l+=(i=t[8])*T,p+=i*z,y+=i*q,b+=i*F,m+=i*O,g+=i*L,w+=i*N,v+=i*j,_+=i*H,k+=i*W,A+=i*G,S+=i*V,E+=i*$,P+=i*Z,x+=i*X,M+=i*Y,p+=(i=t[9])*T,y+=i*z,b+=i*q,m+=i*F,g+=i*O,w+=i*L,v+=i*N,_+=i*j,k+=i*H,A+=i*W,S+=i*G,E+=i*V,P+=i*$,x+=i*Z,M+=i*X,K+=i*Y,y+=(i=t[10])*T,b+=i*z,m+=i*q,g+=i*F,w+=i*O,v+=i*L,_+=i*N,k+=i*j,A+=i*H,S+=i*W,E+=i*G,P+=i*V,x+=i*$,M+=i*Z,K+=i*X,C+=i*Y,b+=(i=t[11])*T,m+=i*z,g+=i*q,w+=i*F,v+=i*O,_+=i*L,k+=i*N,A+=i*j,S+=i*H,E+=i*W,P+=i*G,x+=i*V,M+=i*$,K+=i*Z,C+=i*X,D+=i*Y,m+=(i=t[12])*T,g+=i*z,w+=i*q,v+=i*F,_+=i*O,k+=i*L,A+=i*N,S+=i*j,E+=i*H,P+=i*W,x+=i*G,M+=i*V,K+=i*$,C+=i*Z,D+=i*X,U+=i*Y,g+=(i=t[13])*T,w+=i*z,v+=i*q,_+=i*F,k+=i*O,A+=i*L,S+=i*N,E+=i*j,P+=i*H,x+=i*W,M+=i*G,K+=i*V,C+=i*$,D+=i*Z,U+=i*X,R+=i*Y,w+=(i=t[14])*T,v+=i*z,_+=i*q,k+=i*F,A+=i*O,S+=i*L,E+=i*N,P+=i*j,x+=i*H,M+=i*W,K+=i*G,C+=i*V,D+=i*$,U+=i*Z,R+=i*X,I+=i*Y,v+=(i=t[15])*T,s+=38*(k+=i*q),o+=38*(A+=i*F),c+=38*(S+=i*O),u+=38*(E+=i*L),h+=38*(P+=i*N),d+=38*(x+=i*j),f+=38*(M+=i*H),l+=38*(K+=i*W),p+=38*(C+=i*G),y+=38*(D+=i*V),b+=38*(U+=i*$),m+=38*(R+=i*Z),g+=38*(I+=i*X),w+=38*(B+=i*Y),a=(i=(a+=38*(_+=i*z))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),v=(i=v+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=d,e[7]=f,e[8]=l,e[9]=p,e[10]=y,e[11]=b,e[12]=m,e[13]=g,e[14]=w,e[15]=v}function A(e,t){k(e,t,t)}function S(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=253;i>=0;i--)A(n,n),2!==i&&4!==i&&k(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}function E(e,r,i){var n,a,o=new Uint8Array(32),c=new Float64Array(80),u=t(),h=t(),d=t(),f=t(),l=t(),p=t();for(a=0;a<31;a++)o[a]=r[a];for(o[31]=127&r[31]|64,o[0]&=248,w(c,i),a=0;a<16;a++)h[a]=c[a],f[a]=u[a]=d[a]=0;for(u[0]=f[0]=1,a=254;a>=0;--a)y(u,h,n=o[a>>>3]>>>(7&a)&1),y(d,f,n),v(l,u,d),_(u,u,d),v(d,h,f),_(h,h,f),A(f,l),A(p,u),k(u,d,u),k(d,h,l),v(l,u,d),_(u,u,d),A(h,u),_(d,f,p),k(u,d,s),v(u,u,f),k(d,d,u),k(u,f,p),k(f,h,c),A(h,l),y(u,h,n),y(d,f,n);for(a=0;a<16;a++)c[a+16]=u[a],c[a+32]=d[a],c[a+48]=h[a],c[a+64]=f[a];var m=c.subarray(32),g=c.subarray(16);return S(m,m),k(g,g,m),b(e,g),0}function P(e,t){return E(e,t,i)}function x(e,r){var i=t(),n=t(),a=t(),s=t(),o=t(),u=t(),h=t(),d=t(),f=t();_(i,e[1],e[0]),_(f,r[1],r[0]),k(i,i,f),v(n,e[0],e[1]),v(f,r[0],r[1]),k(n,n,f),k(a,e[3],r[3]),k(a,a,c),k(s,e[2],r[2]),v(s,s,s),_(o,n,i),_(u,s,a),v(h,s,a),v(d,n,i),k(e[0],o,u),k(e[1],d,h),k(e[2],h,u),k(e[3],o,d)}function M(e,t,r){var i;for(i=0;i<4;i++)y(e[i],t[i],r)}function K(e,r){var i=t(),n=t(),a=t();S(a,r[2]),k(i,r[0],a),k(n,r[1],a),b(e,n),e[31]^=g(i)<<7}function C(e,t,r){var i,s;for(l(e[0],n),l(e[1],a),l(e[2],a),l(e[3],n),s=255;s>=0;--s)M(e,t,i=r[s/8|0]>>(7&s)&1),x(t,e),x(e,e),M(e,t,i)}function D(e,r){var i=[t(),t(),t(),t()];l(i[0],u),l(i[1],h),l(i[2],a),k(i[3],u,h),C(e,i,r)}function U(i,n,a){var s,o,c=[t(),t(),t(),t()];for(a||r(n,32),(s=e.hash(n.subarray(0,32)))[0]&=248,s[31]&=127,s[31]|=64,D(c,s),K(i,c),o=0;o<32;o++)n[o+32]=i[o];return 0}var R=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function I(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n>4)*R[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*R[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function B(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;I(e,r)}function T(e,r){var i=t(),s=t(),c=t(),u=t(),h=t(),f=t(),p=t();return l(e[2],a),w(e[1],r),A(c,e[1]),k(u,c,o),_(c,c,e[2]),v(u,e[2],u),A(h,u),A(f,h),k(p,f,h),k(i,p,c),k(i,i,u),function(e,r){var i,n=t();for(i=0;i<16;i++)n[i]=r[i];for(i=250;i>=0;i--)A(n,n),1!==i&&k(n,n,r);for(i=0;i<16;i++)e[i]=n[i]}(i,i),k(i,i,c),k(i,i,u),k(i,i,u),k(e[0],i,u),A(s,e[0]),k(s,s,u),m(s,c)&&k(e[0],e[0],d),A(s,e[0]),k(s,s,u),m(s,c)?-1:(g(e[0])===r[31]>>7&&_(e[0],n,e[0]),k(e[3],e[0],e[1]),0)}var z=64;function q(){for(var e=0;e=0},e.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return U(e,t),{publicKey:e,secretKey:t}},e.sign.keyPair.fromSecretKey=function(e){if(q(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;re&&(c.imod(a.leftShift(n)).iadd(a),u=c.mod(s).toNumber())}while(!await Hi(c,t,r));return c}async function Hi(e,t,r){return!(t&&!e.dec().gcd(t).isOne())&&(!!await async function(e){const t=await X.getBigInteger();return Wi.every((r=>0!==e.mod(new t(r))))}(e)&&(!!await async function(e,t){const r=await X.getBigInteger();return t=t||new r(2),t.modExp(e.dec(),e).isOne()}(e)&&!!await async function(e,t,r){const i=await X.getBigInteger(),n=e.bitLength();t||(t=Math.max(1,n/48|0));const a=e.dec();let s=0;for(;!a.getBit(s);)s++;const o=e.rightShift(new i(s));for(;t>0;t--){let t,n=(r?r():await Li(new i(2),a)).modExp(o,e);if(!n.isOne()&&!n.equal(a)){for(t=1;tt-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!i;if(t)return X.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}async function Zi(e,t,r){let i;if(t.length!==Gr.getHashByteLength(e))throw Error("Invalid hash length");const n=new Uint8Array(Gi[e].length);for(i=0;i{Qi.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(en.decode(n,"der"))}))}));return{n:i.modulus.toArrayLike(Uint8Array),e:i.publicExponent.toArrayLike(Uint8Array),d:i.privateExponent.toArrayLike(Uint8Array),p:i.prime2.toArrayLike(Uint8Array),q:i.prime1.toArrayLike(Uint8Array),u:i.coefficient.toArrayLike(Uint8Array)}}let r,i,n;do{i=await ji(e-(e>>1),t,40),r=await ji(e>>1,t,40),n=r.mul(i)}while(n.bitLength()!==e);const a=r.dec().imul(i.dec());return i.lt(r)&&([r,i]=[i,r]),{n:n.toUint8Array(),e:t.toUint8Array(),d:t.modInv(a).toUint8Array(),p:r.toUint8Array(),q:i.toUint8Array(),u:r.modInv(i).toUint8Array()}},validateParams:async function(e,t,r,i,n,a){const s=await X.getBigInteger();if(e=new s(e),i=new s(i),n=new s(n),!i.mul(n).equal(e))return!1;const o=new s(2);if(a=new s(a),!i.mul(a).mod(n).isOne())return!1;t=new s(t),r=new s(r);const c=new s(Math.floor(e.bitLength()/3)),u=await Li(o,o.leftShift(c)),h=u.mul(r).mul(t);return!(!h.mod(i.dec()).equal(u)||!h.mod(n.dec()).equal(u))}});var nn=/*#__PURE__*/Object.freeze({__proto__:null,encrypt:async function(e,t,r,i){const n=await X.getBigInteger();t=new n(t),r=new n(r),i=new n(i);const a=new n(Vi(e,t.byteLength())),s=await Li(new n(1),t.dec());return{c1:r.modExp(s,t).toUint8Array(),c2:i.modExp(s,t).imul(a).imod(t).toUint8Array()}},decrypt:async function(e,t,r,i,n){const a=await X.getBigInteger();return e=new a(e),t=new a(t),r=new a(r),i=new a(i),$i(e.modExp(i,r).modInv(r).imul(t).imod(r).toUint8Array("be",r.byteLength()),n)},validateParams:async function(e,t,r,i){const n=await X.getBigInteger();e=new n(e),t=new n(t),r=new n(r);const a=new n(1);if(t.lte(a)||t.gte(e))return!1;const s=new n(e.bitLength()),o=new n(1023);if(s.lt(o))return!1;if(!t.modExp(e.dec(),e).isOne())return!1;let c=t;const u=new n(1),h=new n(2).leftShift(new n(17));for(;u.lt(h);){if(c=c.mul(t).imod(e),c.isOne())return!1;u.iinc()}i=new n(i);const d=new n(2),f=await Li(d.leftShift(s.dec()),d.leftShift(s)),l=e.dec().imul(f).iadd(i);return!!r.equal(t.modExp(l,e))}});class an{constructor(e){if(e instanceof an)this.oid=e.oid;else if(X.isArray(e)||X.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return X.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return X.uint8ArrayToHex(this.oid)}getName(){const e=this.toHex();if($.curve[e])return $.write($.curve,e);throw Error("Unknown curve object identifier.")}}function sn(e,t){return e.keyPair({priv:t})}function on(e,t){const r=e.keyPair({pub:t});if(!0!==r.validate().result)throw Error("Invalid elliptic public key");return r}async function cn(e){if(!ne.useIndutnyElliptic)throw Error("This curve is only supported in the full build of OpenPGP.js");const{default:t}=await Promise.resolve().then((function(){return Eb}));return new t.ec(e)}function un(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=X.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function hn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):X.concatUint8Array([new Uint8Array([255]),X.writeNumber(e,4)])}function dn(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function fn(e){return new Uint8Array([192|e])}function ln(e,t){return X.concatUint8Array([fn(e),hn(t)])}function pn(e){return[$.packet.literalData,$.packet.compressedData,$.packet.symmetricallyEncryptedData,$.packet.symEncryptedIntegrityProtectedData,$.packet.aeadEncryptedData].includes(e)}async function yn(e,t){const r=C(e);let i,n;try{const s=await r.peekBytes(2);if(!s||s.length<2||0==(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const o=await r.readByte();let c,u,h=-1,d=-1;d=0,0!=(64&o)&&(d=1),d?h=63&o:(h=(63&o)>>2,u=3&o);const f=pn(h);let l,p=null;if(f){if("array"===X.isStream(e)){const e=new a;i=D(e),p=e}else{const e=new S;i=D(e.writable),p=e.readable}n=t({tag:h,packet:p})}else p=[];do{if(d){const e=await r.readByte();if(l=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),l=!0,!f)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(u){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const a=c===1/0?n:n.subarray(0,c-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=c){r.unshift(n.subarray(c-e+n.length));break}}}}while(l);const y=await r.peekBytes(f?1/0:2);return i?(await i.ready,await i.close()):(p=X.concatUint8Array(p),await t({tag:h,packet:p})),!y||!y.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class bn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,bn),this.name="UnsupportedError"}}class mn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}const gn=X.getWebCrypto(),wn=X.getNodeCrypto(),vn={p256:"P-256",p384:"P-384",p521:"P-521"},_n=wn?wn.getCurves():[],kn=wn?{secp256k1:_n.includes("secp256k1")?"secp256k1":void 0,p256:_n.includes("prime256v1")?"prime256v1":void 0,p384:_n.includes("secp384r1")?"secp384r1":void 0,p521:_n.includes("secp521r1")?"secp521r1":void 0,ed25519:_n.includes("ED25519")?"ED25519":void 0,curve25519:_n.includes("X25519")?"X25519":void 0,brainpoolP256r1:_n.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,brainpoolP384r1:_n.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,brainpoolP512r1:_n.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},An={p256:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:kn.p256,web:vn.p256,payloadSize:32,sharedSize:256},p384:{oid:[6,5,43,129,4,0,34],keyType:$.publicKey.ecdsa,hash:$.hash.sha384,cipher:$.symmetric.aes192,node:kn.p384,web:vn.p384,payloadSize:48,sharedSize:384},p521:{oid:[6,5,43,129,4,0,35],keyType:$.publicKey.ecdsa,hash:$.hash.sha512,cipher:$.symmetric.aes256,node:kn.p521,web:vn.p521,payloadSize:66,sharedSize:528},secp256k1:{oid:[6,5,43,129,4,0,10],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:kn.secp256k1,payloadSize:32},ed25519:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:$.publicKey.eddsaLegacy,hash:$.hash.sha512,node:!1,payloadSize:32},curve25519:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:$.publicKey.ecdh,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:!1,payloadSize:32},brainpoolP256r1:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:$.publicKey.ecdsa,hash:$.hash.sha256,cipher:$.symmetric.aes128,node:kn.brainpoolP256r1,payloadSize:32},brainpoolP384r1:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:$.publicKey.ecdsa,hash:$.hash.sha384,cipher:$.symmetric.aes192,node:kn.brainpoolP384r1,payloadSize:48},brainpoolP512r1:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:$.publicKey.ecdsa,hash:$.hash.sha512,cipher:$.symmetric.aes256,node:kn.brainpoolP512r1,payloadSize:64}};class Sn{constructor(e,t){try{(X.isArray(e)||X.isUint8Array(e))&&(e=new an(e)),e instanceof an&&(e=e.getName()),this.name=$.write($.curve,e)}catch(e){throw new bn("Unknown curve")}t=t||An[this.name],this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node&&An[this.name],this.web=t.web&&An[this.name],this.payloadSize=t.payloadSize,this.web&&X.getWebCrypto()?this.type="web":this.node&&X.getNodeCrypto()?this.type="node":"curve25519"===this.name?this.type="curve25519":"ed25519"===this.name&&(this.type="ed25519")}async genKeyPair(){let e;switch(this.type){case"web":try{return await async function(e){const t=await gn.generateKey({name:"ECDSA",namedCurve:vn[e]},!0,["sign","verify"]),r=await gn.exportKey("jwk",t.privateKey),i=await gn.exportKey("jwk",t.publicKey);return{publicKey:Pn(i),privateKey:re(r.d)}}(this.name)}catch(e){X.printDebugError("Browser did not support generating ec key "+e.message);break}case"node":return async function(e){const t=wn.createECDH(kn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519":{const t=Oi(32);t[0]=127&t[0]|64,t[31]&=248;const r=t.slice().reverse();e=qi.box.keyPair.fromSecretKey(r);return{publicKey:X.concatUint8Array([new Uint8Array([64]),e.publicKey]),privateKey:t}}case"ed25519":{const e=Oi(32),t=qi.sign.keyPair.fromSeed(e);return{publicKey:X.concatUint8Array([new Uint8Array([64]),t.publicKey]),privateKey:e}}}const t=await cn(this.name);return e=await t.genKeyPair({entropy:X.uint8ArrayToString(Oi(32))}),{publicKey:new Uint8Array(e.getPublic("array",!1)),privateKey:e.getPrivate().toArrayLike(Uint8Array)}}}async function En(e,t,r,i){const n={p256:!0,p384:!0,p521:!0,secp256k1:!0,curve25519:e===$.publicKey.ecdh,brainpoolP256r1:!0,brainpoolP384r1:!0,brainpoolP512r1:!0},a=t.getName();if(!n[a])return!1;if("curve25519"===a){i=i.slice().reverse();const{publicKey:e}=qi.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!X.equalsUint8Array(t,r)}const s=await cn(a);try{r=on(s,r).getPublic()}catch(e){return!1}return!!sn(s,i).getPublic().eq(r)}function Pn(e){const t=re(e.x),r=re(e.y),i=new Uint8Array(t.length+r.length+1);return i[0]=4,i.set(t,1),i.set(r,t.length+1),i}function xn(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:ie(n,!0),y:ie(a,!0),ext:!0}}function Mn(e,t,r,i){const n=xn(e,t,r);return n.d=ie(i,!0),n}const Kn=X.getWebCrypto(),Cn=X.getNodeCrypto();async function Dn(e,t,r,i,n,a){const s=new Sn(e);if(r&&!X.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Mn(e.payloadSize,vn[e.name],i.publicKey,i.privateKey),s=await Kn.importKey("jwk",a,{name:"ECDSA",namedCurve:vn[e.name],hash:{name:$.read($.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Kn.sign({name:"ECDSA",namedCurve:vn[e.name],hash:{name:$.read($.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;X.printDebugError("Browser did not support signing: "+e.message)}break;case"node":{const i=await async function(e,t,r,i){const n=Cn.createSign($.read($.hash,t));n.write(r),n.end();const a=Bn.encode({version:1,parameters:e.oid,privateKey:Array.from(i.privateKey),publicKey:{unused:0,data:Array.from(i.publicKey)}},"pem",{label:"EC PRIVATE KEY"});return In.decode(n.sign(a),"der")}(s,t,r,e);return{r:i.r.toArrayLike(Uint8Array),s:i.s.toArrayLike(Uint8Array)}}}}return async function(e,t,r){const i=await cn(e.name),n=sn(i,r),a=n.sign(t);return{r:a.r.toArrayLike(Uint8Array),s:a.s.toArrayLike(Uint8Array)}}(s,a,n)}async function Un(e,t,r,i,n,a){const s=new Sn(e);if(i&&!X.isStream(i))switch(s.type){case"web":try{return await async function(e,t,{r,s:i},n,a){const s=xn(e.payloadSize,vn[e.name],a),o=await Kn.importKey("jwk",s,{name:"ECDSA",namedCurve:vn[e.name],hash:{name:$.read($.webHash,e.hash)}},!1,["verify"]),c=X.concatUint8Array([r,i]).buffer;return Kn.verify({name:"ECDSA",namedCurve:vn[e.name],hash:{name:$.read($.webHash,t)}},o,c,n)}(s,t,r,i,n)}catch(e){if("p521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;X.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":return async function(e,t,{r,s:i},n,a){const{default:s}=await Promise.resolve().then((function(){return sy})),o=Cn.createVerify($.read($.hash,t));o.write(n),o.end();const c=zn.encode({algorithm:{algorithm:[1,2,840,10045,2,1],parameters:e.oid},subjectPublicKey:{unused:0,data:Array.from(a)}},"pem",{label:"PUBLIC KEY"}),u=In.encode({r:new s(r),s:new s(i)},"der");try{return o.verify(c,u)}catch(e){return!1}}(s,t,r,i,n)}return async function(e,t,r,i){const n=await cn(e.name),a=on(n,i);return a.verify(r,t)}(s,r,void 0===t?i:a,n)}const Rn=void 0,In=Cn?Rn.define("ECDSASignature",(function(){this.seq().obj(this.key("r").int(),this.key("s").int())})):void 0,Bn=Cn?Rn.define("ECPrivateKey",(function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").explicit(0).optional().any(),this.key("publicKey").explicit(1).optional().bitstr())})):void 0,Tn=Cn?Rn.define("AlgorithmIdentifier",(function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional().any())})):void 0,zn=Cn?Rn.define("SubjectPublicKeyInfo",(function(){this.seq().obj(this.key("algorithm").use(Tn),this.key("subjectPublicKey").bitstr())})):void 0;var qn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Dn,verify:Un,validateParams:async function(e,t,r){const i=new Sn(e);if(i.keyType!==$.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=Oi(8),n=$.hash.sha256,a=await Gr.digest(n,i);try{const s=await Dn(e,n,i,t,r,a);return await Un(e,n,s,i,t,a)}catch(e){return!1}}default:return En($.publicKey.ecdsa,e,t,r)}}});qi.hash=e=>new Uint8Array(Jt().update(e).digest());var Fn=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){if(Gr.getHashByteLength(t)new Uint8Array(Jt().update(e).digest());var Ln=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===$.publicKey.ed25519){const e=Oi(32),{publicKey:t}=qi.sign.keyPair.fromSeed(e);return{A:t,seed:e}}throw Error("Unsupported EdDSA algorithm")},sign:async function(e,t,r,i,n,a){if(Gr.getHashByteLength(t)=0;--e)for(let t=o-1;t>=0;--t)c[1]=o*e+(t+1),u[0]=a[0]^c[0],u[1]=a[1]^c[1],u[2]=s[2*t],u[3]=s[2*t+1],u=Hn(r.decrypt(Wn(u))),a=u.subarray(0,2),s[2*t]=u[2],s[2*t+1]=u[3];if(a[0]===i[0]&&a[1]===i[1])return Wn(s);throw Error("Key Data Integrity failed")}function Hn(e){const{length:t}=e,r=function(e){if(X.isString(e)){const{length:t}=e,r=new ArrayBuffer(t),i=new Uint8Array(r);for(let r=0;r0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(X.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Zn=/*#__PURE__*/Object.freeze({__proto__:null,encode:Vn,decode:$n});const Xn=X.getWebCrypto(),Yn=X.getNodeCrypto();function Qn(e,t,r,i){return X.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),X.stringToUint8Array("Anonymous Sender "),i.subarray(0,20)])}async function Jn(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Gr.digest(e,X.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function ea(e,t){switch(e.type){case"curve25519":{const r=Oi(32),{secretKey:i,sharedKey:n}=await ta(e,t,null,r);let{publicKey:a}=qi.box.keyPair.fromSecretKey(i);return a=X.concatUint8Array([new Uint8Array([64]),a]),{publicKey:a,sharedKey:n}}case"web":if(e.web&&X.getWebCrypto())try{return await async function(e,t){const r=xn(e.payloadSize,e.web.web,t);let i=Xn.generateKey({name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]),n=Xn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=Xn.deriveBits({name:"ECDH",namedCurve:e.web.web,public:n},i.privateKey,e.web.sharedSize),s=Xn.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(Pn(s));return{publicKey:c,sharedKey:o}}(e,t)}catch(e){X.printDebugError(e)}break;case"node":return async function(e,t){const r=Yn.createECDH(e.node.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t)),n=new Uint8Array(r.getPublicKey());return{publicKey:n,sharedKey:i}}(e,t)}return async function(e,t){const r=await cn(e.name),i=await e.genKeyPair();t=on(r,t);const n=sn(r,i.privateKey),a=i.publicKey,s=n.derive(t.getPublic()),o=r.curve.p.byteLength(),c=s.toArrayLike(Uint8Array,"be",o);return{publicKey:a,sharedKey:c}}(e,t)}async function ta(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519":{const e=i.slice().reverse();return{secretKey:e,sharedKey:qi.scalarMult(e,t.subarray(1))}}case"web":if(e.web&&X.getWebCrypto())try{return await async function(e,t,r,i){const n=Mn(e.payloadSize,e.web.web,r,i);let a=Xn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web.web},!0,["deriveKey","deriveBits"]);const s=xn(e.payloadSize,e.web.web,t);let o=Xn.importKey("jwk",s,{name:"ECDH",namedCurve:e.web.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=Xn.deriveBits({name:"ECDH",namedCurve:e.web.web,public:o},a,e.web.sharedSize),u=Xn.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:re(u.d),sharedKey:h}}(e,t,r,i)}catch(e){X.printDebugError(e)}break;case"node":return async function(e,t,r){const i=Yn.createECDH(e.node.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i)}return async function(e,t,r){const i=await cn(e.name);t=on(i,t),r=sn(i,r);const n=new Uint8Array(r.getPrivate()),a=r.derive(t.getPublic()),s=i.curve.p.byteLength(),o=a.toArrayLike(Uint8Array,"be",s);return{secretKey:n,sharedKey:o}}(e,t,i)}var ra=/*#__PURE__*/Object.freeze({__proto__:null,validateParams:async function(e,t,r){return En($.publicKey.ecdh,e,t,r)},encrypt:async function(e,t,r,i,n){const a=Vn(r),s=new Sn(e),{publicKey:o,sharedKey:c}=await ea(s,i),u=Qn($.publicKey.ecdh,e,t,n),{keySize:h}=$r(t.cipher);return{publicKey:o,wrappedKey:Nn(await Jn(t.hash,c,h,u),a)}},decrypt:async function(e,t,r,i,n,a,s){const o=new Sn(e),{sharedKey:c}=await ta(o,r,n,a),u=Qn($.publicKey.ecdh,e,t,s),{keySize:h}=$r(t.cipher);let d;for(let e=0;e<3;e++)try{return $n(jn(await Jn(t.hash,c,h,u,1===e,2===e),i))}catch(e){d=e}throw d}});const ia=X.getWebCrypto(),na=X.getNodeCrypto(),aa=na&&na.webcrypto&&na.webcrypto.subtle;async function sa(e,t,r,i,n){const a=$.read($.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");if(ia||aa){const e=ia||aa,s=await e.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await e.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}if(na){const a=$.read($.hash,e),s=(e,t)=>na.createHmac(a,e).update(t).digest(),o=s(r,t),c=o.length,u=Math.ceil(n/c),h=new Uint8Array(u*c),d=new Uint8Array(c+i.length+1);d.set(i,c);for(let e=0;e0?d:d.subarray(c));d.set(t,0),h.set(t,e*c)}return h.subarray(0,n)}throw Error("No HKDF implementation available")}const oa={x25519:X.encodeUTF8("OpenPGP X25519")};var ca=/*#__PURE__*/Object.freeze({__proto__:null,generate:async function(e){if(e===$.publicKey.x25519){const e=Oi(32),{publicKey:t}=qi.box.keyPair.fromSecretKey(e);return{A:t,k:e}}throw Error("Unsupported ECDH algorithm")},validateParams:async function(e,t,r){if(e===$.publicKey.x25519){const{publicKey:e}=qi.box.keyPair.fromSecretKey(r);return X.equalsUint8Array(t,e)}return!1},encrypt:async function(e,t,r){if(e===$.publicKey.x25519){const e=Oi(32),i=qi.scalarMult(e,r),{publicKey:n}=qi.box.keyPair.fromSecretKey(e),a=X.concatUint8Array([n,r,i]),{keySize:s}=$r($.symmetric.aes128);return{ephemeralPublicKey:n,wrappedKey:Nn(await sa($.hash.sha256,a,new Uint8Array,oa.x25519,s),t)}}throw Error("Unsupported ECDH algorithm")},decrypt:async function(e,t,r,i,n){if(e===$.publicKey.x25519){const e=qi.scalarMult(n,t),a=X.concatUint8Array([t,i,e]),{keySize:s}=$r($.symmetric.aes128);return jn(await sa($.hash.sha256,a,new Uint8Array,oa.x25519,s),r)}throw Error("Unsupported ECDH algorithm")}}),ua=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Sn,ecdh:ra,ecdhX:ca,ecdsa:qn,eddsaLegacy:Fn,eddsa:Ln,generate:async function(e){const t=await X.getBigInteger();e=new Sn(e);const r=await e.genKeyPair(),i=new t(r.publicKey).toUint8Array(),n=new t(r.privateKey).toUint8Array("be",e.payloadSize);return{oid:e.oid,Q:i,secret:n,hash:e.hash,cipher:e.cipher}},getPreferredHashAlgo:function(e){return An[$.write($.curve,e.toHex())].hash}});var ha=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,i,n,a){const s=await X.getBigInteger(),o=new s(1);let c,u,h,d;i=new s(i),n=new s(n),r=new s(r),a=new s(a),r=r.mod(i),a=a.mod(n);const f=new s(t.subarray(0,n.byteLength())).mod(n);for(;;){if(c=await Li(o,n),u=r.modExp(c,i).imod(n),u.isZero())continue;const e=a.mul(u).imod(n);if(d=f.add(e).imod(n),h=c.modInv(n).imul(d).imod(n),!h.isZero())break}return{r:u.toUint8Array("be",n.byteLength()),s:h.toUint8Array("be",n.byteLength())}},verify:async function(e,t,r,i,n,a,s,o){const c=await X.getBigInteger(),u=new c(0);if(t=new c(t),r=new c(r),a=new c(a),s=new c(s),n=new c(n),o=new c(o),t.lte(u)||t.gte(s)||r.lte(u)||r.gte(s))return X.printDebug("invalid DSA Signature"),!1;const h=new c(i.subarray(0,s.byteLength())).imod(s),d=r.modInv(s);if(d.isZero())return X.printDebug("invalid DSA Signature"),!1;n=n.mod(a),o=o.mod(a);const f=h.mul(d).imod(s),l=t.mul(d).imod(s),p=n.modExp(f,a),y=o.modExp(l,a);return p.mul(y).imod(a).imod(s).equal(t)},validateParams:async function(e,t,r,i,n){const a=await X.getBigInteger();e=new a(e),t=new a(t),r=new a(r),i=new a(i);const s=new a(1);if(r.lte(s)||r.gte(e))return!1;if(!e.dec().mod(t).isZero())return!1;if(!r.modExp(t,e).isOne())return!1;const o=new a(t.bitLength()),c=new a(150);if(o.lt(c)||!await Hi(t,null,32))return!1;n=new a(n);const u=new a(2),h=await Li(u.leftShift(o.dec()),u.leftShift(o)),d=t.mul(h).add(n);return!!i.equal(r.modExp(d,e))}}),da={rsa:rn,elgamal:nn,elliptic:ua,dsa:ha,nacl:qi};var fa=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:return{s:X.readMPI(t.subarray(r))};case $.publicKey.dsa:case $.publicKey.ecdsa:{const e=X.readMPI(t.subarray(r));r+=e.length+2;return{r:e,s:X.readMPI(t.subarray(r))}}case $.publicKey.eddsaLegacy:{let e=X.readMPI(t.subarray(r));r+=e.length+2,e=X.leftPad(e,32);let i=X.readMPI(t.subarray(r));return i=X.leftPad(i,32),{r:e,s:i}}case $.publicKey.ed25519:{const e=t.subarray(r,r+64);return r+=e.length,{RS:e}}default:throw new bn("Unknown signature algorithm.")}},verify:async function(e,t,r,i,n,a){switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:{const{n:e,e:s}=i,o=X.leftPad(r.s,e.length);return da.rsa.verify(t,n,o,e,s,a)}case $.publicKey.dsa:{const{g:e,p:n,q:s,y:o}=i,{r:c,s:u}=r;return da.dsa.verify(t,c,u,a,e,n,s,o)}case $.publicKey.ecdsa:{const{oid:e,Q:s}=i,o=new da.elliptic.CurveWithOID(e).payloadSize,c=X.leftPad(r.r,o),u=X.leftPad(r.s,o);return da.elliptic.ecdsa.verify(e,t,{r:c,s:u},n,s,a)}case $.publicKey.eddsaLegacy:{const{oid:e,Q:s}=i;return da.elliptic.eddsaLegacy.verify(e,t,r,n,s,a)}case $.publicKey.ed25519:{const{A:s}=i;return da.elliptic.eddsa.verify(e,t,r,n,s,a)}default:throw Error("Unknown signature algorithm.")}},sign:async function(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:case $.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await da.rsa.sign(t,n,e,s,o,c,u,h,a)}}case $.publicKey.dsa:{const{g:e,p:n,q:s}=r,{x:o}=i;return da.dsa.sign(t,a,e,n,s,o)}case $.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case $.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return da.elliptic.ecdsa.sign(e,t,n,s,o,a)}case $.publicKey.eddsaLegacy:{const{oid:e,Q:s}=r,{seed:o}=i;return da.elliptic.eddsaLegacy.sign(e,t,n,s,o,a)}case $.publicKey.ed25519:{const{A:s}=r,{seed:o}=i;return da.elliptic.eddsa.sign(e,t,n,s,o,a)}default:throw Error("Unknown signature algorithm.")}}});class la{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return X.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class pa{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new bn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class ya{static fromObject({wrappedKey:e,algorithm:t}){const r=new ya;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=e.subarray(t,t+r),t+=r}write(){return X.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function ba(e){try{e.getName()}catch(e){throw new bn("Unknown curve OID")}}var ma=/*#__PURE__*/Object.freeze({__proto__:null,publicKeyEncrypt:async function(e,t,r,i,n){switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await da.rsa.encrypt(i,e,t)}}case $.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return da.elgamal.encrypt(i,e,t,n)}case $.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:a}=r,{publicKey:s,wrappedKey:o}=await da.elliptic.ecdh.encrypt(e,a,i,t,n);return{V:s,C:new la(o)}}case $.publicKey.x25519:{if(!X.isAES(t))throw Error("X25519 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:a,wrappedKey:s}=await da.elliptic.ecdhX.encrypt(e,i,n);return{ephemeralPublicKey:a,C:ya.fromObject({algorithm:t,wrappedKey:s})}}default:return[]}},publicKeyDecrypt:async function(e,t,r,i,n,a){switch(e){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return da.rsa.decrypt(e,n,s,o,c,u,h,a)}case $.publicKey.elgamal:{const{c1:e,c2:n}=i,s=t.p,o=r.x;return da.elgamal.decrypt(e,n,s,o,a)}case $.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return da.elliptic.ecdh.decrypt(e,s,c,u.data,a,o,n)}case $.publicKey.x25519:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(!X.isAES(o.algorithm))throw Error("AES session key expected");return da.elliptic.ecdhX.decrypt(e,s,o.wrappedKey,n,a)}default:throw Error("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const i=X.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case $.publicKey.dsa:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const i=X.readMPI(t.subarray(r));r+=i.length+2;const n=X.readMPI(t.subarray(r));r+=n.length+2;const a=X.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const i=X.readMPI(t.subarray(r));r+=i.length+2;const n=X.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case $.publicKey.ecdsa:{const e=new an;r+=e.read(t),ba(e);const i=X.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case $.publicKey.eddsaLegacy:{const e=new an;r+=e.read(t),ba(e);let i=X.readMPI(t.subarray(r));return r+=i.length+2,i=X.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case $.publicKey.ecdh:{const e=new an;r+=e.read(t),ba(e);const i=X.readMPI(t.subarray(r));r+=i.length+2;const n=new pa;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case $.publicKey.ed25519:case $.publicKey.x25519:{const e=t.subarray(r,r+32);return r+=e.length,{read:r,publicParams:{A:e}}}default:throw new bn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let i=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const e=X.readMPI(t.subarray(i));i+=e.length+2;const r=X.readMPI(t.subarray(i));i+=r.length+2;const n=X.readMPI(t.subarray(i));i+=n.length+2;const a=X.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case $.publicKey.dsa:case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case $.publicKey.ecdsa:case $.publicKey.ecdh:{const e=new Sn(r.oid);let n=X.readMPI(t.subarray(i));return i+=n.length+2,n=X.leftPad(n,e.payloadSize),{read:i,privateParams:{d:n}}}case $.publicKey.eddsaLegacy:{const e=new Sn(r.oid);let n=X.readMPI(t.subarray(i));return i+=n.length+2,n=X.leftPad(n,e.payloadSize),{read:i,privateParams:{seed:n}}}case $.publicKey.ed25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{seed:e}}}case $.publicKey.x25519:{const e=t.subarray(i,i+32);return i+=e.length,{read:i,privateParams:{k:e}}}default:throw new bn("Unknown public key encryption algorithm.")}},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:return{c:X.readMPI(t.subarray(r))};case $.publicKey.elgamal:{const e=X.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:X.readMPI(t.subarray(r))}}case $.publicKey.ecdh:{const e=X.readMPI(t.subarray(r));r+=e.length+2;const i=new la;return i.read(t.subarray(r)),{V:e,C:i}}case $.publicKey.x25519:{const e=t.subarray(r,r+32);r+=e.length;const i=new ya;return i.read(t.subarray(r)),{ephemeralPublicKey:e,C:i}}default:throw new bn("Unknown public key encryption algorithm.")}},serializeParams:function(e,t){const r=new Set([$.publicKey.ed25519,$.publicKey.x25519]),i=Object.keys(t).map((i=>{const n=t[i];return X.isUint8Array(n)?r.has(e)?n:X.uint8ArrayToMPI(n):n.write()}));return X.concatUint8Array(i)},generateParams:function(e,t,r){switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:return da.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case $.publicKey.ecdsa:return da.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new an(e),Q:t}})));case $.publicKey.eddsaLegacy:return da.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new an(e),Q:t}})));case $.publicKey.ecdh:return da.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new an(e),Q:t,kdfParams:new pa({hash:i,cipher:n})}})));case $.publicKey.ed25519:return da.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case $.publicKey.x25519:return da.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case $.publicKey.dsa:case $.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return da.rsa.validateParams(e,i,n,a,s,o)}case $.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return da.dsa.validateParams(e,i,n,a,s)}case $.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return da.elgamal.validateParams(e,i,n,a)}case $.publicKey.ecdsa:case $.publicKey.ecdh:{const i=da.elliptic[$.read($.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case $.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return da.elliptic.eddsaLegacy.validateParams(i,e,n)}case $.publicKey.ed25519:{const{A:i}=t,{seed:n}=r;return da.elliptic.eddsa.validateParams(e,i,n)}case $.publicKey.x25519:{const{A:i}=t,{k:n}=r;return da.elliptic.ecdhX.validateParams(e,i,n)}default:throw Error("Unknown public key algorithm.")}},getPrefixRandom:async function(e){const{blockSize:t}=$r(e),r=await Oi(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return X.concat([r,i])},generateSessionKey:function(e){const{keySize:t}=$r(e);return Oi(t)},getAEADMode:function(e){const t=$.read($.aead,e);return zi[t]},getCipher:$r,getPreferredCurveHashAlgo:function(e,t){switch(e){case $.publicKey.ecdsa:case $.publicKey.eddsaLegacy:return da.elliptic.getPreferredHashAlgo(t);case $.publicKey.ed25519:return da.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}}});const ga={cipher:We,hash:Gr,mode:zi,publicKey:da,signature:fa,random:Ni,pkcs1:Xi,pkcs5:Zn,aesKW:Gn};Object.assign(ga,ma);var wa="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function va(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)}const _a={arraySet:function(e,t,r,i,n){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+i),n);else for(let a=0;a=0;)e[t]=0}const Ya=0,Qa=1,Ja=2,es=29,ts=256,rs=ts+1+es,is=30,ns=19,as=2*rs+1,ss=15,os=16,cs=7,us=256,hs=16,ds=17,fs=18,ls=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],ps=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],ys=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],bs=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],ms=Array(2*(rs+2));Xa(ms);const gs=Array(2*is);Xa(gs);const ws=Array(512);Xa(ws);const vs=Array(256);Xa(vs);const _s=Array(es);Xa(_s);const ks=Array(is);function As(e,t,r,i,n){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=i,this.max_length=n,this.has_stree=e&&e.length}let Ss,Es,Ps;function xs(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function Ms(e){return e<256?ws[e]:ws[256+(e>>>7)]}function Ks(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function Cs(e,t,r){e.bi_valid>os-r?(e.bi_buf|=t<>os-e.bi_valid,e.bi_valid+=r-os):(e.bi_buf|=t<>>=1,r<<=1}while(--t>0);return r>>>1}function Rs(e,t,r){const i=Array(ss+1);let n,a,s=0;for(n=1;n<=ss;n++)i[n]=s=s+r[n-1]<<1;for(a=0;a<=t;a++){const t=e[2*a+1];0!==t&&(e[2*a]=Us(i[t]++,t))}}function Is(e){let t;for(t=0;t8?Ks(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function Ts(e,t,r,i){const n=2*t,a=2*r;return e[n]>1;s>=1;s--)zs(e,r,s);c=a;do{s=e.heap[1],e.heap[1]=e.heap[e.heap_len--],zs(e,r,1),o=e.heap[1],e.heap[--e.heap_max]=s,e.heap[--e.heap_max]=o,r[2*c]=r[2*s]+r[2*o],e.depth[c]=(e.depth[s]>=e.depth[o]?e.depth[s]:e.depth[o])+1,r[2*s+1]=r[2*o+1]=c,e.heap[1]=c++,zs(e,r,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){const r=t.dyn_tree,i=t.max_code,n=t.stat_desc.static_tree,a=t.stat_desc.has_stree,s=t.stat_desc.extra_bits,o=t.stat_desc.extra_base,c=t.stat_desc.max_length;let u,h,d,f,l,p,y=0;for(f=0;f<=ss;f++)e.bl_count[f]=0;for(r[2*e.heap[e.heap_max]+1]=0,u=e.heap_max+1;uc&&(f=c,y++),r[2*h+1]=f,h>i||(e.bl_count[f]++,l=0,h>=o&&(l=s[h-o]),p=r[2*h],e.opt_len+=p*(f+l),a&&(e.static_len+=p*(n[2*h+1]+l)));if(0!==y){do{for(f=c-1;0===e.bl_count[f];)f--;e.bl_count[f]--,e.bl_count[f+1]+=2,e.bl_count[c]--,y-=2}while(y>0);for(f=c;0!==f;f--)for(h=e.bl_count[f];0!==h;)d=e.heap[--u],d>i||(r[2*d+1]!==f&&(e.opt_len+=(f-r[2*d+1])*r[2*d],r[2*d+1]=f),h--)}}(e,t),Rs(r,u,e.bl_count)}function Os(e,t,r){let i,n,a=-1,s=t[1],o=0,c=7,u=4;for(0===s&&(c=138,u=3),t[2*(r+1)+1]=65535,i=0;i<=r;i++)n=s,s=t[2*(i+1)+1],++o>=7;i=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}function Gs(e,t,r,i){let n,a,s=0;e.level>0?(e.strm.data_type===$a&&(e.strm.data_type=function(e){let t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return Ga;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return Va;for(t=32;t=3&&0===e.bl_tree[2*bs[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),n=e.opt_len+3+7>>>3,a=e.static_len+3+7>>>3,a<=n&&(n=a)):n=a=r+5,r+4<=n&&-1!==t?Hs(e,t,r,i):e.strategy===Wa||a===n?(Cs(e,(Qa<<1)+(i?1:0),3),qs(e,ms,gs)):(Cs(e,(Ja<<1)+(i?1:0),3),function(e,t,r,i){let n;for(Cs(e,t-257,5),Cs(e,r-1,5),Cs(e,i-4,4),n=0;n>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(vs[r]+ts+1)]++,e.dyn_dtree[2*Ms(t)]++),e.last_lit===e.lit_bufsize-1}function $s(e,t,r,i){let n=65535&e|0,a=e>>>16&65535|0,s=0;for(;0!==r;){s=r>2e3?2e3:r,r-=s;do{n=n+t[i++]|0,a=a+n|0}while(--s);n%=65521,a%=65521}return n|a<<16|0}const Zs=function(){let e;const t=[];for(let r=0;r<256;r++){e=r;for(let t=0;t<8;t++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();function Xs(e,t,r,i){const n=Zs,a=i+r;e^=-1;for(let r=i;r>>8^n[255&(e^t[r])];return-1^e}var Ys={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"};const Qs=9,Js=3,eo=258,to=eo+Js+1,ro=32,io=42,no=69,ao=73,so=91,oo=103,co=113,uo=666,ho=1,fo=2,lo=3,po=4,yo=3;function bo(e,t){return e.msg=Ys[t],t}function mo(e){return(e<<1)-(e>4?9:0)}function go(e){let t=e.length;for(;--t>=0;)e[t]=0}function wo(e){const t=e.state;let r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(xa(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function vo(e,t){Gs(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,wo(e.strm)}function _o(e,t){e.pending_buf[e.pending++]=t}function ko(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function Ao(e,t,r,i){let n=e.avail_in;return n>i&&(n=i),0===n?0:(e.avail_in-=n,xa(t,e.input,e.next_in,n,r),1===e.state.wrap?e.adler=$s(e.adler,t,n,r):2===e.state.wrap&&(e.adler=Xs(e.adler,t,n,r)),e.next_in+=n,e.total_in+=n,n)}function So(e,t){let r,i,n=e.max_chain_length,a=e.strstart,s=e.prev_length,o=e.nice_match;const c=e.strstart>e.w_size-to?e.strstart-(e.w_size-to):0,u=e.window,h=e.w_mask,d=e.prev,f=e.strstart+eo;let l=u[a+s-1],p=u[a+s];e.prev_length>=e.good_match&&(n>>=2),o>e.lookahead&&(o=e.lookahead);do{if(r=t,u[r+s]===p&&u[r+s-1]===l&&u[r]===u[a]&&u[++r]===u[a+1]){a+=2,r++;do{}while(u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&u[++a]===u[++r]&&as){if(e.match_start=t,s=i,i>=o)break;l=u[a+s-1],p=u[a+s]}}}while((t=d[t&h])>c&&0!=--n);return s<=e.lookahead?s:e.lookahead}function Eo(e){const t=e.w_size;let r,i,n,a,s;do{if(a=e.window_size-e.lookahead-e.strstart,e.strstart>=t+(t-to)){xa(e.window,e.window,t,t,0),e.match_start-=t,e.strstart-=t,e.block_start-=t,i=e.hash_size,r=i;do{n=e.head[--r],e.head[r]=n>=t?n-t:0}while(--i);i=t,r=i;do{n=e.prev[--r],e.prev[r]=n>=t?n-t:0}while(--i);a+=t}if(0===e.strm.avail_in)break;if(i=Ao(e.strm,e.window,e.strstart+e.lookahead,a),e.lookahead+=i,e.lookahead+e.insert>=Js)for(s=e.strstart-e.insert,e.ins_h=e.window[s],e.ins_h=(e.ins_h<=Js&&(e.ins_h=(e.ins_h<=Js)if(i=Vs(e,e.strstart-e.match_start,e.match_length-Js),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=Js){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<=Js&&(e.ins_h=(e.ins_h<4096)&&(e.match_length=Js-1)),e.prev_length>=Js&&e.match_length<=e.prev_length){n=e.strstart+e.lookahead-Js,i=Vs(e,e.strstart-1-e.prev_match,e.prev_length-Js),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=n&&(e.ins_h=(e.ins_h<e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(Eo(e),0===e.lookahead&&t===Ma)return ho;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;const i=e.block_start+r;if((0===e.strstart||e.strstart>=i)&&(e.lookahead=e.strstart-i,e.strstart=i,vo(e,!1),0===e.strm.avail_out))return ho;if(e.strstart-e.block_start>=e.w_size-to&&(vo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ua?(vo(e,!0),0===e.strm.avail_out?lo:po):(e.strstart>e.block_start&&(vo(e,!1),e.strm.avail_out),ho)})),new Mo(4,4,8,4,Po),new Mo(4,5,16,8,Po),new Mo(4,6,32,32,Po),new Mo(4,4,16,16,xo),new Mo(8,16,32,32,xo),new Mo(8,16,128,128,xo),new Mo(8,32,128,256,xo),new Mo(32,128,258,1024,xo),new Mo(32,258,258,4096,xo)];class Co{constructor(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=Za,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new Sa(1146),this.dyn_dtree=new Sa(122),this.bl_tree=new Sa(78),go(this.dyn_ltree),go(this.dyn_dtree),go(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new Sa(16),this.heap=new Sa(573),go(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new Sa(573),go(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}}function Do(e){const t=function(e){let t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=$a,t=e.state,t.pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?io:co,e.adler=2===t.wrap?0:1,t.last_flush=Ma,js(t),Ba):bo(e,qa)}(e);return t===Ba&&function(e){e.window_size=2*e.w_size,go(e.head),e.max_lazy_match=Ko[e.level].max_lazy,e.good_match=Ko[e.level].good_length,e.nice_match=Ko[e.level].nice_length,e.max_chain_length=Ko[e.level].max_chain,e.strstart=0,e.block_start=0,e.lookahead=0,e.insert=0,e.match_length=e.prev_length=Js-1,e.match_available=0,e.ins_h=0}(e.state),t}function Uo(e,t){let r,i,n,a;if(!e||!e.state||t>Ra||t<0)return e?bo(e,qa):qa;if(i=e.state,!e.output||!e.input&&0!==e.avail_in||i.status===uo&&t!==Ua)return bo(e,0===e.avail_out?Oa:qa);if(i.strm=e,r=i.last_flush,i.last_flush=t,i.status===io)if(2===i.wrap)e.adler=0,_o(i,31),_o(i,139),_o(i,8),i.gzhead?(_o(i,(i.gzhead.text?1:0)+(i.gzhead.hcrc?2:0)+(i.gzhead.extra?4:0)+(i.gzhead.name?8:0)+(i.gzhead.comment?16:0)),_o(i,255&i.gzhead.time),_o(i,i.gzhead.time>>8&255),_o(i,i.gzhead.time>>16&255),_o(i,i.gzhead.time>>24&255),_o(i,9===i.level?2:i.strategy>=ja||i.level<2?4:0),_o(i,255&i.gzhead.os),i.gzhead.extra&&i.gzhead.extra.length&&(_o(i,255&i.gzhead.extra.length),_o(i,i.gzhead.extra.length>>8&255)),i.gzhead.hcrc&&(e.adler=Xs(e.adler,i.pending_buf,i.pending,0)),i.gzindex=0,i.status=no):(_o(i,0),_o(i,0),_o(i,0),_o(i,0),_o(i,0),_o(i,9===i.level?2:i.strategy>=ja||i.level<2?4:0),_o(i,yo),i.status=co);else{let t=Za+(i.w_bits-8<<4)<<8,r=-1;r=i.strategy>=ja||i.level<2?0:i.level<6?1:6===i.level?2:3,t|=r<<6,0!==i.strstart&&(t|=ro),t+=31-t%31,i.status=co,ko(i,t),0!==i.strstart&&(ko(i,e.adler>>>16),ko(i,65535&e.adler)),e.adler=1}if(i.status===no)if(i.gzhead.extra){for(n=i.pending;i.gzindex<(65535&i.gzhead.extra.length)&&(i.pending!==i.pending_buf_size||(i.gzhead.hcrc&&i.pending>n&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),wo(e),n=i.pending,i.pending!==i.pending_buf_size));)_o(i,255&i.gzhead.extra[i.gzindex]),i.gzindex++;i.gzhead.hcrc&&i.pending>n&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),i.gzindex===i.gzhead.extra.length&&(i.gzindex=0,i.status=ao)}else i.status=ao;if(i.status===ao)if(i.gzhead.name){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),wo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.gzindex=0,i.status=so)}else i.status=so;if(i.status===so)if(i.gzhead.comment){n=i.pending;do{if(i.pending===i.pending_buf_size&&(i.gzhead.hcrc&&i.pending>n&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),wo(e),n=i.pending,i.pending===i.pending_buf_size)){a=1;break}a=i.gzindexn&&(e.adler=Xs(e.adler,i.pending_buf,i.pending-n,n)),0===a&&(i.status=oo)}else i.status=oo;if(i.status===oo&&(i.gzhead.hcrc?(i.pending+2>i.pending_buf_size&&wo(e),i.pending+2<=i.pending_buf_size&&(_o(i,255&e.adler),_o(i,e.adler>>8&255),e.adler=0,i.status=co)):i.status=co),0!==i.pending){if(wo(e),0===e.avail_out)return i.last_flush=-1,Ba}else if(0===e.avail_in&&mo(t)<=mo(r)&&t!==Ua)return bo(e,Oa);if(i.status===uo&&0!==e.avail_in)return bo(e,Oa);if(0!==e.avail_in||0!==i.lookahead||t!==Ma&&i.status!==uo){var s=i.strategy===ja?function(e,t){let r;for(;;){if(0===e.lookahead&&(Eo(e),0===e.lookahead)){if(t===Ma)return ho;break}if(e.match_length=0,r=Vs(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(vo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ua?(vo(e,!0),0===e.strm.avail_out?lo:po):e.last_lit&&(vo(e,!1),0===e.strm.avail_out)?ho:fo}(i,t):i.strategy===Ha?function(e,t){let r,i,n,a;const s=e.window;for(;;){if(e.lookahead<=eo){if(Eo(e),e.lookahead<=eo&&t===Ma)return ho;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=Js&&e.strstart>0&&(n=e.strstart-1,i=s[n],i===s[++n]&&i===s[++n]&&i===s[++n])){a=e.strstart+eo;do{}while(i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&ne.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=Js?(r=Vs(e,1,e.match_length-Js),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=Vs(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(vo(e,!1),0===e.strm.avail_out))return ho}return e.insert=0,t===Ua?(vo(e,!0),0===e.strm.avail_out?lo:po):e.last_lit&&(vo(e,!1),0===e.strm.avail_out)?ho:fo}(i,t):Ko[i.level].func(i,t);if(s!==lo&&s!==po||(i.status=uo),s===ho||s===lo)return 0===e.avail_out&&(i.last_flush=-1),Ba;if(s===fo&&(t===Ka?Ws(i):t!==Ra&&(Hs(i,0,0,!1),t===Da&&(go(i.head),0===i.lookahead&&(i.strstart=0,i.block_start=0,i.insert=0))),wo(e),0===e.avail_out))return i.last_flush=-1,Ba}return t!==Ua?Ba:i.wrap<=0?Ta:(2===i.wrap?(_o(i,255&e.adler),_o(i,e.adler>>8&255),_o(i,e.adler>>16&255),_o(i,e.adler>>24&255),_o(i,255&e.total_in),_o(i,e.total_in>>8&255),_o(i,e.total_in>>16&255),_o(i,e.total_in>>24&255)):(ko(i,e.adler>>>16),ko(i,65535&e.adler)),wo(e),i.wrap>0&&(i.wrap=-i.wrap),0!==i.pending?Ba:Ta)}try{String.fromCharCode.call(null,0)}catch(e){}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){}const Ro=new Aa(256);for(let e=0;e<256;e++)Ro[e]=e>=252?6:e>=248?5:e>=240?4:e>=224?3:e>=192?2:1;function Io(e){let t,r,i,n,a=0;const s=e.length;for(i=0;i>>6,o[n++]=128|63&t):t<65536?(o[n++]=224|t>>>12,o[n++]=128|t>>>6&63,o[n++]=128|63&t):(o[n++]=240|t>>>18,o[n++]=128|t>>>12&63,o[n++]=128|t>>>6&63,o[n++]=128|63&t);return o}Ro[254]=Ro[254]=1;class Bo{constructor(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}}class To{constructor(e){this.options={level:La,method:Za,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,...e||{}};const t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Bo,this.strm.avail_out=0;var r,i,n=function(e,t,r,i,n,a){if(!e)return qa;let s=1;if(t===La&&(t=6),i<0?(s=0,i=-i):i>15&&(s=2,i-=16),n<1||n>Qs||r!==Za||i<8||i>15||t<0||t>9||a<0||a>Wa)return bo(e,qa);8===i&&(i=9);const o=new Co;return e.state=o,o.strm=e,o.wrap=s,o.gzhead=null,o.w_bits=i,o.w_size=1<=r.w_size&&(0===a&&(go(r.head),r.strstart=0,r.block_start=0,r.insert=0),u=new Aa(r.w_size),xa(u,t,h-r.w_size,r.w_size,0),t=u,h=r.w_size),s=e.avail_in,o=e.next_in,c=e.input,e.avail_in=h,e.next_in=0,e.input=t,Eo(r);r.lookahead>=Js;){i=r.strstart,n=r.lookahead-(Js-1);do{r.ins_h=(r.ins_h<0||0===r.avail_out)&&n!==Ta);return a===Ua?(n=function(e){let t;return e&&e.state?(t=e.state.status,t!==io&&t!==no&&t!==ao&&t!==so&&t!==oo&&t!==co&&t!==uo?bo(e,qa):(e.state=null,t===co?bo(e,Fa):Ba)):qa}(this.strm),this.onEnd(n),this.ended=!0,n===Ba):a!==Ca||(this.onEnd(Ba),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ba&&(this.result=Pa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}const zo=30,qo=12;function Fo(e,t){let r,i,n,a,s,o,c,u,h,d;const f=e.state;r=e.next_in;const l=e.input,p=r+(e.avail_in-5);i=e.next_out;const y=e.output,b=i-(t-e.avail_out),m=i+(e.avail_out-257),g=f.dmax,w=f.wsize,v=f.whave,_=f.wnext,k=f.window;n=f.hold,a=f.bits;const A=f.lencode,S=f.distcode,E=(1<>>24,n>>>=o,a-=o,o=s>>>16&255,0===o)y[i++]=65535&s;else{if(!(16&o)){if(0==(64&o)){s=A[(65535&s)+(n&(1<>>=o,a-=o),a<15&&(n+=l[r++]<>>24,n>>>=o,a-=o,o=s>>>16&255,!(16&o)){if(0==(64&o)){s=S[(65535&s)+(n&(1<g){e.msg="invalid distance too far back",f.mode=zo;break e}if(n>>>=o,a-=o,o=i-b,u>o){if(o=u-o,o>v&&f.sane){e.msg="invalid distance too far back",f.mode=zo;break e}if(h=0,d=k,0===_){if(h+=w-o,o2;)y[i++]=d[h++],y[i++]=d[h++],y[i++]=d[h++],c-=3;c&&(y[i++]=d[h++],c>1&&(y[i++]=d[h++]))}else{h=i-u;do{y[i++]=y[h++],y[i++]=y[h++],y[i++]=y[h++],c-=3}while(c>2);c&&(y[i++]=y[h++],c>1&&(y[i++]=y[h++]))}break}}break}}while(r>3,r-=c,a-=c<<3,n&=(1<=1&&0===P[m];m--);if(g>m&&(g=m),0===m)return n[a++]=20971520,n[a++]=20971520,o.bits=1,0;for(b=1;b0&&(e===jo||1!==m))return-1;for(x[1]=0,p=1;pLo||e===Wo&&k>No)return 1;for(;;){M=p-v,s[y]l?(K=D[U+s[y]],C=S[E+s[y]]):(K=96,C=0),u=1<>v)+h]=M<<24|K<<16|C|0}while(0!==h);for(u=1<>=1;if(0!==u?(A&=u-1,A+=u):A=0,y++,0==--P[p]){if(p===m)break;p=t[r+s[y]]}if(p>g&&(A&R)!==d){for(0===v&&(v=g),f+=b,w=p-v,_=1<Lo||e===Wo&&k>No)return 1;d=A&R,n[d]=g<<24|w<<16|f-a|0}}return 0!==A&&(n[f+A]=p-v<<24|64<<16|0),o.bits=g,0}const Yo=0,Qo=1,Jo=2,ec=1,tc=2,rc=3,ic=4,nc=5,ac=6,sc=7,oc=8,cc=9,uc=10,hc=11,dc=12,fc=13,lc=14,pc=15,yc=16,bc=17,mc=18,gc=19,wc=20,vc=21,_c=22,kc=23,Ac=24,Sc=25,Ec=26,Pc=27,xc=28,Mc=29,Kc=30,Cc=852,Dc=592;function Uc(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}class Rc{constructor(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Sa(320),this.work=new Sa(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}}function Ic(e){let t;return e&&e.state?(t=e.state,t.wsize=0,t.whave=0,t.wnext=0,function(e){let t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=ec,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new Ea(Cc),t.distcode=t.distdyn=new Ea(Dc),t.sane=1,t.back=-1,Ba):qa}(e)):qa}function Bc(e,t){let r,i;return e?(i=new Rc,e.state=i,i.window=null,r=function(e,t){let r,i;return e&&e.state?(i=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?qa:(null!==i.window&&i.wbits!==t&&(i.window=null),i.wrap=r,i.wbits=t,Ic(e))):qa}(e,t),r!==Ba&&(e.state=null),r):qa}let Tc,zc,qc=!0;function Fc(e){if(qc){let t;for(Tc=new Ea(512),zc=new Ea(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(Xo(Qo,e.lens,0,288,Tc,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;Xo(Jo,e.lens,0,32,zc,0,e.work,{bits:5}),qc=!1}e.lencode=Tc,e.lenbits=9,e.distcode=zc,e.distbits=5}function Oc(e,t,r,i){let n;const a=e.state;return null===a.window&&(a.wsize=1<=a.wsize?(xa(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):(n=a.wsize-a.wnext,n>i&&(n=i),xa(a.window,t,r-i,n,a.wnext),(i-=n)?(xa(a.window,t,r-i,i,0),a.wnext=i,a.whave=a.wsize):(a.wnext+=n,a.wnext===a.wsize&&(a.wnext=0),a.whave>>8&255,r.check=Xs(r.check,x,2,0),u=0,h=0,r.mode=tc;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&u)<<8)+(u>>8))%31){e.msg="incorrect header check",r.mode=Kc;break}if((15&u)!==Za){e.msg="unknown compression method",r.mode=Kc;break}if(u>>>=4,h-=4,k=8+(15&u),0===r.wbits)r.wbits=k;else if(k>r.wbits){e.msg="invalid window size",r.mode=Kc;break}r.dmax=1<>8&1),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=Xs(r.check,x,2,0)),u=0,h=0,r.mode=rc;case rc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>8&255,x[2]=u>>>16&255,x[3]=u>>>24&255,r.check=Xs(r.check,x,4,0)),u=0,h=0,r.mode=ic;case ic:for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>8),512&r.flags&&(x[0]=255&u,x[1]=u>>>8&255,r.check=Xs(r.check,x,2,0)),u=0,h=0,r.mode=nc;case nc:if(1024&r.flags){for(;h<16;){if(0===o)break e;o--,u+=i[a++]<>>8&255,r.check=Xs(r.check,x,2,0)),u=0,h=0}else r.head&&(r.head.extra=null);r.mode=ac;case ac:if(1024&r.flags&&(l=r.length,l>o&&(l=o),l&&(r.head&&(k=r.head.extra_len-r.length,r.head.extra||(r.head.extra=Array(r.head.extra_len)),xa(r.head.extra,i,a,l,k)),512&r.flags&&(r.check=Xs(r.check,i,l,a)),o-=l,a+=l,r.length-=l),r.length))break e;r.length=0,r.mode=sc;case sc:if(2048&r.flags){if(0===o)break e;l=0;do{k=i[a+l++],r.head&&k&&r.length<65536&&(r.head.name+=String.fromCharCode(k))}while(k&&l>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=dc;break;case uc:for(;h<32;){if(0===o)break e;o--,u+=i[a++]<>>=7&h,h-=7&h,r.mode=Pc;break}for(;h<3;){if(0===o)break e;o--,u+=i[a++]<>>=1,h-=1,3&u){case 0:r.mode=lc;break;case 1:if(Fc(r),r.mode=wc,t===Ia){u>>>=2,h-=2;break e}break;case 2:r.mode=bc;break;case 3:e.msg="invalid block type",r.mode=Kc}u>>>=2,h-=2;break;case lc:for(u>>>=7&h,h-=7&h;h<32;){if(0===o)break e;o--,u+=i[a++]<>>16^65535)){e.msg="invalid stored block lengths",r.mode=Kc;break}if(r.length=65535&u,u=0,h=0,r.mode=pc,t===Ia)break e;case pc:r.mode=yc;case yc:if(l=r.length,l){if(l>o&&(l=o),l>c&&(l=c),0===l)break e;xa(n,i,a,l,s),o-=l,a+=l,c-=l,s+=l,r.length-=l;break}r.mode=dc;break;case bc:for(;h<14;){if(0===o)break e;o--,u+=i[a++]<>>=5,h-=5,r.ndist=1+(31&u),u>>>=5,h-=5,r.ncode=4+(15&u),u>>>=4,h-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=Kc;break}r.have=0,r.mode=mc;case mc:for(;r.have>>=3,h-=3}for(;r.have<19;)r.lens[M[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,S={bits:r.lenbits},A=Xo(Yo,r.lens,0,19,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid code lengths set",r.mode=Kc;break}r.have=0,r.mode=gc;case gc:for(;r.have>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=b,h-=b,r.lens[r.have++]=g;else{if(16===g){for(E=b+2;h>>=b,h-=b,0===r.have){e.msg="invalid bit length repeat",r.mode=Kc;break}k=r.lens[r.have-1],l=3+(3&u),u>>>=2,h-=2}else if(17===g){for(E=b+3;h>>=b,h-=b,k=0,l=3+(7&u),u>>>=3,h-=3}else{for(E=b+7;h>>=b,h-=b,k=0,l=11+(127&u),u>>>=7,h-=7}if(r.have+l>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=Kc;break}for(;l--;)r.lens[r.have++]=k}}if(r.mode===Kc)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=Kc;break}if(r.lenbits=9,S={bits:r.lenbits},A=Xo(Qo,r.lens,0,r.nlen,r.lencode,0,r.work,S),r.lenbits=S.bits,A){e.msg="invalid literal/lengths set",r.mode=Kc;break}if(r.distbits=6,r.distcode=r.distdyn,S={bits:r.distbits},A=Xo(Jo,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,S),r.distbits=S.bits,A){e.msg="invalid distances set",r.mode=Kc;break}if(r.mode=wc,t===Ia)break e;case wc:r.mode=vc;case vc:if(o>=6&&c>=258){e.next_out=s,e.avail_out=c,e.next_in=a,e.avail_in=o,r.hold=u,r.bits=h,Fo(e,f),s=e.next_out,n=e.output,c=e.avail_out,a=e.next_in,i=e.input,o=e.avail_in,u=r.hold,h=r.bits,r.mode===dc&&(r.back=-1);break}for(r.back=0;P=r.lencode[u&(1<>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,m=P>>>16&255,g=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,r.length=g,0===m){r.mode=Ec;break}if(32&m){r.back=-1,r.mode=dc;break}if(64&m){e.msg="invalid literal/length code",r.mode=Kc;break}r.extra=15&m,r.mode=_c;case _c:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=kc;case kc:for(;P=r.distcode[u&(1<>>24,m=P>>>16&255,g=65535&P,!(b<=h);){if(0===o)break e;o--,u+=i[a++]<>w)],b=P>>>24,m=P>>>16&255,g=65535&P,!(w+b<=h);){if(0===o)break e;o--,u+=i[a++]<>>=w,h-=w,r.back+=w}if(u>>>=b,h-=b,r.back+=b,64&m){e.msg="invalid distance code",r.mode=Kc;break}r.offset=g,r.extra=15&m,r.mode=Ac;case Ac:if(r.extra){for(E=r.extra;h>>=r.extra,h-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=Kc;break}r.mode=Sc;case Sc:if(0===c)break e;if(l=f-c,r.offset>l){if(l=r.offset-l,l>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=Kc;break}l>r.wnext?(l-=r.wnext,p=r.wsize-l):p=r.wnext-l,l>r.length&&(l=r.length),y=r.window}else y=n,p=s-r.offset,l=r.length;l>c&&(l=c),c-=l,r.length-=l;do{n[s++]=y[p++]}while(--l);0===r.length&&(r.mode=vc);break;case Ec:if(0===c)break e;n[s++]=r.length,c--,r.mode=vc;break;case Pc:if(r.wrap){for(;h<32;){if(0===o)break e;o--,u|=i[a++]<=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new Bo,this.strm.avail_out=0;let r=Bc(this.strm,t.windowBits);if(r!==Ba)throw Error(Ys[r]);if(this.header=new jc,function(e,t){let r;e&&e.state&&(r=e.state,0==(2&r.wrap)||(r.head=t,t.done=!1))}(this.strm,this.header),t.dictionary&&("string"==typeof t.dictionary?t.dictionary=Io(t.dictionary):t.dictionary instanceof ArrayBuffer&&(t.dictionary=new Uint8Array(t.dictionary)),t.raw&&(r=Nc(this.strm,t.dictionary),r!==Ba)))throw Error(Ys[r])}push(e,t){const{strm:r,options:{chunkSize:i,dictionary:n}}=this;let a,s,o=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?Ua:Ma,"string"==typeof e?r.input=function(e){const t=new Aa(e.length);for(let r=0,i=t.length;r0||0===r.avail_out)&&a!==Ta);return a===Ta&&(s=Ua),s===Ua?(a=function(e){if(!e||!e.state)return qa;const t=e.state;return t.window&&(t.window=null),e.state=null,Ba}(this.strm),this.onEnd(a),this.ended=!0,a===Ba):s!==Ca||(this.onEnd(Ba),r.avail_out=0,!0)}onData(e){this.chunks.push(e)}onEnd(e){e===Ba&&(this.result=Pa(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg}}var Wc=[0,1,3,7,15,31,63,127,255],Gc=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};Gc.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},Gc.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Wc[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var i=r-e;t|=(this.curByte&Wc[e]<>i,this.bitOffset+=e,e=0}}return t},Gc.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},Gc.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var Vc=Gc,$c=function(){};$c.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},$c.prototype.read=function(e,t,r){for(var i=0;i>>0},this.updateCRC=function(t){e=e<<8^Zc[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^Zc[255&(e>>>24^t)]}}),Qc=function(e,t){var r,i=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=i,i},Jc={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},eu={};eu[Jc.LAST_BLOCK]="Bad file checksum",eu[Jc.NOT_BZIP_DATA]="Not bzip data",eu[Jc.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",eu[Jc.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",eu[Jc.DATA_ERROR]="Data error",eu[Jc.OUT_OF_MEMORY]="Out of memory",eu[Jc.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var tu=function(e,t){var r=eu[e]||"unknown error";t&&(r+=": "+t);var i=new TypeError(r);throw i.errorCode=e,i},ru=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};ru.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Yc,!0):(this.writeCount=-1,!1)},ru.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||tu(Jc.NOT_BZIP_DATA,"bad magic");var i=r[3]-48;(i<1||i>9)&&tu(Jc.NOT_BZIP_DATA,"level out of range"),this.reader=new Vc(e),this.dbufSize=1e5*i,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},ru.prototype._get_next_block=function(){var e,t,r,i=this.reader,n=i.pi();if("177245385090"===n)return!1;"314159265359"!==n&&tu(Jc.NOT_BZIP_DATA),this.targetBlockCRC=i.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,i.read(1)&&tu(Jc.OBSOLETE_INPUT);var a=i.read(24);a>this.dbufSize&&tu(Jc.DATA_ERROR,"initial position out of bounds");var s=i.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(s&1<<15-e){var u=16*e;for(r=i.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=u+t)}var h=i.read(3);(h<2||h>6)&&tu(Jc.DATA_ERROR);var d=i.read(15);0===d&&tu(Jc.DATA_ERROR);var f=new Uint8Array(256);for(e=0;e=h&&tu(Jc.DATA_ERROR);l[e]=Qc(f,t)}var p,y=c+2,b=[];for(t=0;t20)&&tu(Jc.DATA_ERROR),i.read(1);)i.read(1)?s--:s++;w[e]=s}for(m=g=w[0],e=1;eg?g=w[e]:w[e]=d&&tu(Jc.DATA_ERROR),p=b[l[P++]]),e=p.minLen,t=i.read(e);e>p.maxLen&&tu(Jc.DATA_ERROR),!(t<=p.limit[e]);e++)t=t<<1|i.read(1);((t-=p.base[e])<0||t>=258)&&tu(Jc.DATA_ERROR);var M=p.permute[t];if(0!==M&&1!==M){if(S)for(S=0,E+s>this.dbufSize&&tu(Jc.DATA_ERROR),k[A=o[f[0]]]+=s;s--;)x[E++]=A;if(M>c)break;E>=this.dbufSize&&tu(Jc.DATA_ERROR),k[A=o[A=Qc(f,e=M-1)]]++,x[E++]=A}else S||(S=1,s=0),s+=0===M?S:2*S,S<<=1}for((a<0||a>=E)&&tu(Jc.DATA_ERROR),t=0,e=0;e<256;e++)r=t+k[e],k[e]=t,t=r;for(e=0;e>=8,D=-1),this.writePos=K,this.writeCurrent=C,this.writeCount=E,this.writeRun=D,!0},ru.prototype._read_bunzip=function(e,t){var r,i,n;if(this.writeCount<0)return 0;var a=this.dbuf,s=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var u=this.writeRun;c;){for(c--,i=o,o=255&(s=a[s]),s>>=8,3==u++?(r=o,n=i,o=-1):(r=1,n=o),this.blockCRC.updateCRCRun(n,r);r--;)this.outputStream.writeByte(n),this.nextoutput++;o!=i&&(u=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&tu(Jc.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var iu=function(e){if("readByte"in e)return e;var t=new Xc;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},nu=function(e){var t=new Xc,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var au=function(e,t,r){for(var i=iu(e),n=nu(t),a=new ru(i,n);!("eof"in i)||!i.eof();)if(a._init_block())a._read_bunzip();else{var s=a.reader.read(32)>>>0;if(s!==a.streamCRC&&tu(Jc.DATA_ERROR,"Bad stream CRC (got "+a.streamCRC.toString(16)+" expected "+s.toString(16)+")"),!r||!("eof"in i)||i.eof())break;a._start_bunzip(i,n)}if("getBuffer"in n)return n.getBuffer()};class su{static get tag(){return $.packet.literalData}constructor(e=new Date){this.format=$.literal.utf8,this.date=X.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=$.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||X.isStream(this.text))&&(this.text=X.decodeUTF8(X.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=X.canonicalizeEOL(X.encodeUTF8(this.text))),e?F(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await z(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=X.decodeUTF8(await e.readBytes(r)),this.date=X.readDate(await e.readBytes(4));let i=e.remainder();s(i)&&(i=await N(i)),this.setBytes(i,t)}))}writeHeader(){const e=X.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=X.writeDate(this.date);return X.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return X.concat([e,t])}}const ou=Symbol("verified"),cu=new Set([$.signatureSubpacket.issuer,$.signatureSubpacket.issuerFingerprint,$.signatureSubpacket.embeddedSignature]);class uu{static get tag(){return $.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.signedHashValue=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new pe,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.revoked=null,this[ou]=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version)throw new bn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[t++],this.publicKeyAlgorithm=e[t++],this.hashAlgorithm=e[t++],t+=this.readSubPackets(e.subarray(t,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");this.signatureData=e.subarray(0,t),t+=this.readSubPackets(e.subarray(t,e.length),!1),this.signedHashValue=e.subarray(t,t+2),t+=2,this.params=ga.signature.parseSignatureParams(this.publicKeyAlgorithm,e.subarray(t,e.length))}writeParams(){return this.params instanceof Promise?H((async()=>ga.serializeParams(this.publicKeyAlgorithm,await this.params))):ga.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),e.push(this.writeParams()),X.concat(e)}async sign(e,t,r=new Date,i=!1){5===e.version?this.version=5:this.version=4;const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];this.created=X.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID(),n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=X.concat(n);const a=this.toHash(this.signatureType,t,i),s=await this.hash(this.signatureType,t,a,i);this.signedHashValue=L(q(s),0,2);const o=async()=>ga.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await N(s));X.isStream(s)?this.params=o():(this.params=await o(),this[ou]=!0)}writeHashedSubPackets(){const e=$.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(hu(e.signatureCreationTime,!0,X.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(hu(e.signatureExpirationTime,!0,X.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(hu(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(hu(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(hu(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(hu(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(hu(e.keyExpirationTime,!0,X.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(hu(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=X.concat([r,this.revocationKeyFingerprint]),t.push(hu(e.revocationKey,!1,r))),this.issuerKeyID.isNull()||5===this.issuerKeyVersion||t.push(hu(e.issuer,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=X.encodeUTF8(i);r.push(X.writeNumber(o.length,2)),r.push(X.writeNumber(n.length,2)),r.push(o),r.push(n),r=X.concat(r),t.push(hu(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(hu(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(hu(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.keyServerPreferences)),t.push(hu(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(hu(e.preferredKeyServer,!1,X.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(hu(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(hu(e.policyURI,!1,X.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.keyFlags)),t.push(hu(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(hu(e.signersUserID,!1,X.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=X.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(hu(e.reasonForRevocation,!0,r))),null!==this.features&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.features)),t.push(hu(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(X.stringToUint8Array(this.signatureTargetHash)),r=X.concat(r),t.push(hu(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(hu(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=X.concat(r),t.push(hu(e.issuerFingerprint,5===this.version,r))),null!==this.preferredAEADAlgorithms&&(r=X.stringToUint8Array(X.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(hu(e.preferredAEADAlgorithms,!1,r)));const i=X.concat(t),n=X.writeNumber(i.length,2);return X.concat([n,i])}writeUnhashedSubPackets(){const e=[];this.unhashedSubpackets.forEach((t=>{e.push(hn(t.length)),e.push(t)}));const t=X.concat(e),r=X.writeNumber(t.length,2);return X.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(t||(this.unhashedSubpackets.push(e.subarray(r,e.length)),cu.has(n)))switch(r++,n){case $.signatureSubpacket.signatureCreationTime:this.created=X.readDate(e.subarray(r,e.length));break;case $.signatureSubpacket.signatureExpirationTime:{const t=X.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case $.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case $.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case $.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case $.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case $.signatureSubpacket.keyExpirationTime:{const t=X.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case $.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case $.signatureSubpacket.issuer:this.issuerKeyID.read(e.subarray(r,e.length));break;case $.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=X.readNumber(e.subarray(r,r+2));r+=2;const a=X.readNumber(e.subarray(r,r+2));r+=2;const s=X.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=X.decodeUTF8(o));break}case $.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case $.signatureSubpacket.policyURI:this.policyURI=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.signersUserID:this.signersUserID=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=X.decodeUTF8(e.subarray(r,e.length));break;case $.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case $.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=ga.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=X.uint8ArrayToString(e.subarray(r,r+t));break}case $.signatureSubpacket.embeddedSignature:this.embeddedSignature=new uu,this.embeddedSignature.read(e.subarray(r,e.length));break;case $.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),5===this.issuerKeyVersion?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case $.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;default:{const e=Error("Unknown signature subpacket type "+n);if(i)throw e;X.printDebug(e)}}}readSubPackets(e,t=!0,r){const i=X.readNumber(e.subarray(0,2));let n=2;for(;n<2+i;){const i=un(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=$.signature;switch(e){case r.binary:return null!==t.text?X.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return X.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return X.concat([this.toSign(r.key,t),new Uint8Array([i]),X.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return X.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return B(q(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==$.signature.binary&&this.signatureType!==$.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(X.writeNumber(r,4)),X.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return X.concat([i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){return r||(r=this.toHash(e,t,i)),ga.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=ne){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===$.signature.binary||t===$.signature.text;if(!(this[ou]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await N(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[ou]=await ga.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,i,a),!this[ou])throw Error("Signature verification failed")}const o=X.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+$.read($.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[$.signature.binary,$.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+$.read($.hash,this.hashAlgorithm).toUpperCase());if(this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=X.normalizeDate(e);return null!==t&&!(this.created<=t&&tuu.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==$.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function fu(e,t){if(!t[e]){let t;try{t=$.read($.packet,e)}catch(t){throw new bn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}du.prototype.hash=uu.prototype.hash,du.prototype.toHash=uu.prototype.toHash,du.prototype.toSign=uu.prototype.toSign;class lu extends Array{static async fromBinary(e,t,r=ne){const i=new lu;return await i.read(e,t,r),i}async read(e,t,r=ne){r.additionalAllowedPackets.length&&(t={...t,...X.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=T(e,(async(e,i)=>{const n=D(i);try{for(;;){await n.ready;if(await yn(e,(async e=>{try{if(e.tag===$.packet.marker||e.tag===$.packet.trust)return;const i=fu(e.tag,t);i.packets=new lu,i.fromStream=X.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){const i=!r.ignoreUnsupportedPackets&&t instanceof bn,a=!(r.ignoreMalformedPackets||t instanceof bn);if(i||a||pn(e.tag))await n.abort(t);else{const t=new mn(e.tag,e.packet);await n.write(t)}X.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=C(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||pn(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=X.concat([dn(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>X.concat([hn(n)].concat(t)))))}else{if(X.isStream(i)){let t=0;e.push(B(q(i),(e=>{t+=e.length}),(()=>ln(r,t))))}else e.push(ln(r,i.length));e.push(i)}}return X.concat(e)}filterByTag(...e){const t=new lu,r=e=>t=>e===t;for(let i=0;it.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),X.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=ne){const t=$.read($.compression,this.algorithm),r=ku[t];if(!r)throw Error(t+" decompression not supported");this.packets=await lu.fromBinary(r(this.compressed),pu,e)}compress(){const e=$.read($.compression,this.algorithm),t=_u[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write(),this.deflateLevel)}}const bu=X.getNodeZlib();function mu(e){return e}function gu(e,t,r={}){return function(i){return!X.isStream(i)||s(i)?H((()=>N(i).then((t=>new Promise(((i,n)=>{e(t,r,((e,t)=>{if(e)return n(e);i(t)}))})))))):y(b(i).pipe(t(r)))}}function wu(e,t={}){return function(r){const i=new e(t);return B(r,(e=>{if(e.length)return i.push(e,Ca),i.result}),(()=>{if(e===To)return i.push([],Ua),i.result}))}}function vu(e){return function(t){return H((async()=>e(await N(t))))}}const _u=bu?{zip:/*#__PURE__*/(e,t)=>gu(bu.deflateRaw,bu.createDeflateRaw,{level:t})(e),zlib:/*#__PURE__*/(e,t)=>gu(bu.deflate,bu.createDeflate,{level:t})(e)}:{zip:/*#__PURE__*/(e,t)=>wu(To,{raw:!0,level:t})(e),zlib:/*#__PURE__*/(e,t)=>wu(To,{level:t})(e)},ku=bu?{uncompressed:mu,zip:/*#__PURE__*/gu(bu.inflateRaw,bu.createInflateRaw),zlib:/*#__PURE__*/gu(bu.inflate,bu.createInflate),bzip2:/*#__PURE__*/vu(au)}:{uncompressed:mu,zip:/*#__PURE__*/wu(Hc,{raw:!0}),zlib:/*#__PURE__*/wu(Hc),bzip2:/*#__PURE__*/vu(au)},Au=/*#__PURE__*/X.constructAllowedPackets([su,yu,du,uu]);class Su{static get tag(){return $.packet.symEncryptedIntegrityProtectedData}constructor(){this.version=1,this.encrypted=null,this.packets=null}async read(e){await z(e,(async e=>{const t=await e.readByte();if(1!==t)throw new bn(`Version ${t} of the SEIP packet is unsupported.`);this.encrypted=e.remainder()}))}write(){return X.concat([new Uint8Array([1]),this.encrypted])}async encrypt(e,t,r=ne){const{blockSize:i}=ga.getCipher(e);let n=this.packets.write();s(n)&&(n=await N(n));const a=await ga.getPrefixRandom(e),o=new Uint8Array([211,20]),c=X.concat([a,n,o]),u=await ga.hash.sha1(F(c)),h=X.concat([c,u]);return this.encrypted=await ga.mode.cfb.encrypt(e,t,h,new Uint8Array(i),r),!0}async decrypt(e,t,r=ne){const{blockSize:i}=ga.getCipher(e);let n=q(this.encrypted);s(n)&&(n=await N(n));const a=await ga.mode.cfb.decrypt(e,t,n,new Uint8Array(i)),o=L(F(a),-20),c=L(a,0,-20),u=Promise.all([N(await ga.hash.sha1(F(c))),N(o)]).then((([e,t])=>{if(!X.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),h=L(c,i+2);let d=L(h,0,-2);return d=K([d,H((()=>u))]),X.isStream(n)&&r.allowUnauthenticatedStream||(d=await N(d)),this.packets=await lu.fromBinary(d,Au,r),!0}}const Eu=/*#__PURE__*/X.constructAllowedPackets([su,yu,du,uu]);class Pu{static get tag(){return $.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=$.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await z(e,(async e=>{const t=await e.readByte();if(1!==t)throw new bn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=ga.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return X.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=ne){this.packets=await lu.fromBinary(await this.crypt("decrypt",t,q(this.encrypted)),Eu,r)}async encrypt(e,t,r=ne){this.cipherAlgorithm=e;const{ivLength:i}=ga.getAEADMode(this.aeadAlgorithm);this.iv=ga.random.getRandomBytes(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await this.crypt("encrypt",t,n)}async crypt(e,t,r){const i=ga.getAEADMode(this.aeadAlgorithm),n=await i(this.cipherAlgorithm,t),a="decrypt"===e?i.tagLength:0,s="encrypt"===e?i.tagLength:0,o=2**(this.chunkSizeByte+6)+a,c=new ArrayBuffer(21),u=new Uint8Array(c,0,13),h=new Uint8Array(c),d=new DataView(c),f=new Uint8Array(c,5,8);u.set([192|Pu.tag,this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte],0);let l=0,p=Promise.resolve(),y=0,b=0;const m=this.iv;return T(r,(async(t,r)=>{if("array"!==X.isStream(t)){const e=new S({},{highWaterMark:X.getHardwareConcurrency()*2**(this.chunkSizeByte+6),size:e=>e.length});U(e.readable,r),r=e.writable}const c=C(t),g=D(r);try{for(;;){let t=await c.readBytes(o+a)||new Uint8Array;const r=t.subarray(t.length-a);let w,v;if(t=t.subarray(0,t.length-a),!l||t.length?(c.unshift(r),w=n[e](t,i.getNonce(m,f),u),b+=t.length-a+s):(d.setInt32(17,y),w=n[e](r,i.getNonce(m,f),h),b+=s,v=!0),y+=t.length-a,p=p.then((()=>w)).then((async e=>{await g.ready,await g.write(e),b-=e.length})).catch((e=>g.abort(e))),(v||b>g.desiredSize)&&await p,v){await g.close();break}d.setInt32(9,++l)}}catch(e){await g.abort(e)}}))}}class xu{static get tag(){return $.packet.publicKeyEncryptedSessionKey}constructor(){this.version=3,this.publicKeyID=new pe,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}read(e){let t=0;if(this.version=e[t++],3!==this.version)throw new bn(`Version ${this.version} of the PKESK packet is unsupported.`);t+=this.publicKeyID.read(e.subarray(t)),this.publicKeyAlgorithm=e[t++],this.encrypted=ga.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t),this.version),this.publicKeyAlgorithm===$.publicKey.x25519&&(this.sessionKeyAlgorithm=$.write($.symmetric,this.encrypted.C.algorithm))}write(){const e=[new Uint8Array([this.version]),this.publicKeyID.write(),new Uint8Array([this.publicKeyAlgorithm]),ga.serializeParams(this.publicKeyAlgorithm,this.encrypted)];return X.concatUint8Array(e)}async encrypt(e){const t=$.write($.publicKey,this.publicKeyAlgorithm),r=Mu(this.version,t,this.sessionKeyAlgorithm,this.sessionKey);this.encrypted=await ga.publicKeyEncrypt(t,this.sessionKeyAlgorithm,e.publicParams,r,e.getFingerprintBytes())}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Mu(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=await ga.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,e.getFingerprintBytes(),r),{sessionKey:n,sessionKeyAlgorithm:a}=function(e,t,r,i){switch(t){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.elgamal:case $.publicKey.ecdh:{const e=r.subarray(0,r.length-2),t=r.subarray(r.length-2),n=X.writeChecksum(e.subarray(e.length%8)),a=n[0]===t[0]&n[1]===t[1],s={sessionKeyAlgorithm:e[0],sessionKey:e.subarray(1)};if(i){const e=a&s.sessionKeyAlgorithm===i.sessionKeyAlgorithm&s.sessionKey.length===i.sessionKey.length;return{sessionKey:X.selectUint8Array(e,s.sessionKey,i.sessionKey),sessionKeyAlgorithm:X.selectUint8(e,s.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(a&&$.read($.symmetric,s.sessionKeyAlgorithm))return s;throw Error("Decryption error")}case $.publicKey.x25519:return{sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);this.publicKeyAlgorithm!==$.publicKey.x25519&&(this.sessionKeyAlgorithm=a),this.sessionKey=n}}function Mu(e,t,r,i){switch(t){case $.publicKey.rsaEncrypt:case $.publicKey.rsaEncryptSign:case $.publicKey.elgamal:case $.publicKey.ecdh:return X.concatUint8Array([new Uint8Array([r]),i,X.writeChecksum(i.subarray(i.length%8))]);case $.publicKey.x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Ku{constructor(e=ne){this.algorithm=$.hash.sha256,this.type="iterated",this.c=e.s2kIterationCountByte,this.salt=null}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;try{this.type=$.read($.s2k,e[t++])}catch(e){throw new bn("Unknown S2K type.")}switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==X.uint8ArrayToString(e.subarray(t,t+3)))throw new bn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new bn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new bn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...X.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([$.write($.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return X.concatUint8Array(e)}async produceKey(e,t){e=X.encodeUTF8(e);const r=[];let i=0,n=0;for(;i{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function qu(e,t,r){const{keySize:i}=ga.getCipher(r);return e.produceKey(t,i)}var Fu=it((function(e){!function(t){function r(e){function t(){return Ae0&&(t.semantic=" "),t}}function b(e,t){return function(){var i,a,o,u,h;for(u=r(),i=s("star"),o=0,h=void 0===t?0:t;null!==(a=e());)o+=1,c(i,a);return o>=h?i:(n(u),null)}}function m(e){return e.charCodeAt(0)>=128}function g(){return o("cr",h("\r")())}function w(){return o("crlf",d(g,k)())}function v(){return o("dquote",h('"')())}function _(){return o("htab",h("\t")())}function k(){return o("lf",h("\n")())}function A(){return o("sp",h(" ")())}function S(){return o("vchar",u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i})))}function E(){return o("wsp",f(A,_)())}function P(){var e=o("quoted-pair",f(d(h("\\"),f(S,E)),ie)());return null===e?null:(e.semantic=e.semantic[1],e)}function x(){return o("fws",f(ae,d(l(d(b(E),p(w))),b(E,1)))())}function M(){return o("ctext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=39||42<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),te)())}function K(){return o("ccontent",f(M,P,C)())}function C(){return o("comment",d(h("("),b(d(l(x),K)),l(x),h(")"))())}function D(){return o("cfws",f(d(b(d(l(x),C),1),l(x)),x)())}function U(){return o("atext",u((function(t){var r="a"<=t&&t<="z"||"A"<=t&&t<="Z"||"0"<=t&&t<="9"||["!","#","$","%","&","'","*","+","-","/","=","?","^","_","`","{","|","}","~"].indexOf(t)>=0;return e.rfc6532&&(r=r||m(t)),r})))}function R(){return o("atom",d(y(l(D)),b(U,1),y(l(D)))())}function I(){var e,t;return null===(e=o("dot-atom-text",b(U,1)()))||null!==(t=b(d(h("."),b(U,1)))())&&c(e,t),e}function B(){return o("dot-atom",d(p(l(D)),I,p(l(D)))())}function T(){return o("qtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33===r||35<=r&&r<=91||93<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),re)())}function z(){return o("qcontent",f(T,P)())}function q(){return o("quoted-string",d(p(l(D)),p(v),b(d(l(y(x)),z)),l(p(x)),p(v),p(l(D)))())}function F(){return o("word",f(R,q)())}function O(){return o("address",f(L,H)())}function L(){return o("mailbox",f(N,J)())}function N(){return o("name-addr",d(l(W),j)())}function j(){return o("angle-addr",f(d(p(l(D)),h("<"),J,h(">"),p(l(D))),se)())}function H(){return o("group",d(W,h(":"),l($),h(";"),p(l(D)))())}function W(){return o("display-name",(null!==(e=o("phrase",f(ne,b(F,1))()))&&(e.semantic=function(e){return e.replace(/([ \t]|\r\n)+/g," ").replace(/^\s*/,"").replace(/\s*$/,"")}(e.semantic)),e));var e}function G(){return o("mailbox-list",f(d(L,b(d(h(","),L))),ue)())}function V(){return o("address-list",f(d(O,b(d(h(","),O))),he)())}function $(){return o("group-list",f(G,p(D),de)())}function Z(){return o("local-part",f(fe,B,q)())}function X(){return o("dtext",f((function(){return u((function(t){var r=t.charCodeAt(0),i=33<=r&&r<=90||94<=r&&r<=126;return e.rfc6532&&(i=i||m(t)),i}))}),pe)())}function Y(){return o("domain-literal",d(p(l(D)),h("["),b(d(l(x),X)),l(x),h("]"),p(l(D)))())}function Q(){return o("domain",(t=f(le,B,Y)(),e.rejectTLD&&t&&t.semantic&&t.semantic.indexOf(".")<0?null:(t&&(t.semantic=t.semantic.replace(/\s+/g,"")),t)));var t}function J(){return o("addr-spec",d(Z,h("@"),Q)())}function ee(){return e.strict?null:o("obs-NO-WS-CTL",u((function(e){var t=e.charCodeAt(0);return 1<=t&&t<=8||11===t||12===t||14<=t&&t<=31||127===t})))}function te(){return e.strict?null:o("obs-ctext",ee())}function re(){return e.strict?null:o("obs-qtext",ee())}function ie(){return e.strict?null:o("obs-qp",d(h("\\"),f(h("\0"),ee,k,g))())}function ne(){return e.strict?null:e.atInDisplayName?o("obs-phrase",d(F,b(f(F,h("."),h("@"),y(D))))()):o("obs-phrase",d(F,b(f(F,h("."),y(D))))())}function ae(){return e.strict?null:o("obs-FWS",b(d(p(l(w)),E),1)())}function se(){return e.strict?null:o("obs-angle-addr",d(p(l(D)),h("<"),oe,J,h(">"),p(l(D)))())}function oe(){return e.strict?null:o("obs-route",d(ce,h(":"))())}function ce(){return e.strict?null:o("obs-domain-list",d(b(f(p(D),h(","))),h("@"),Q,b(d(h(","),p(l(D)),l(d(h("@"),Q)))))())}function ue(){return e.strict?null:o("obs-mbox-list",d(b(d(p(l(D)),h(","))),L,b(d(h(","),l(d(L,p(D))))))())}function he(){return e.strict?null:o("obs-addr-list",d(b(d(p(l(D)),h(","))),O,b(d(h(","),l(d(O,p(D))))))())}function de(){return e.strict?null:o("obs-group-list",d(b(d(p(l(D)),h(",")),1),p(l(D)))())}function fe(){return e.strict?null:o("obs-local-part",d(F,b(d(h("."),F)))())}function le(){return e.strict?null:o("obs-domain",d(R,b(d(h("."),R)))())}function pe(){return e.strict?null:o("obs-dtext",f(ee,P)())}function ye(e,t){var r,i,n;if(null==t)return null;for(i=[t];i.length>0;){if((n=i.pop()).name===e)return n;for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r])}return null}function be(e,t){var r,i,n,a,s;if(null==t)return null;for(i=[t],a=[],s={},r=0;r0;)if((n=i.pop()).name in s)a.push(n);else for(r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}function me(t){var r,i,n,a,s;if(null===t)return null;for(r=[],i=be(["group","mailbox"],t),n=0;n1)return null;return t.addresses&&t.addresses[0]}(s):e.simple?s&&s.addresses:s}function ge(e){var t,r=ye("display-name",e),i=[],n=be(["mailbox"],e);for(t=0;t0;)for((n=i.pop()).name===e&&a.push(n),r=n.children.length-1;r>=0;r-=1)i.push(n.children[r]);return a}("cfws",e),n=be(["comment"],e),a=ye("local-part",r),s=ye("domain",r);return{node:e,parts:{name:t,address:r,local:a,domain:s,comments:i},type:e.name,name:ve(t),address:ve(r),local:ve(a),domain:ve(s),comments:_e(n),groupName:ve(e.groupName)}}function ve(e){return null!=e?e.semantic:null}function _e(e){var t="";if(e)for(var r=0;r`),t.userID=r.join(" "),t}read(e,t=ne){const r=X.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");try{const{name:e,address:t,comments:i}=Fu.parseOneAddress({input:r,atInDisplayName:!0});this.comment=i.replace(/^\(|\)$/g,""),this.name=e,this.email=t}catch(e){}this.userID=r}write(){return X.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Lu extends zu{static get tag(){return $.packet.secretSubkey}constructor(e=new Date,t=ne){super(e,t)}}class Nu{static get tag(){return $.packet.trust}read(){throw new bn("Trust packets are not supported")}write(){throw new bn("Trust packets are not supported")}}const ju=/*#__PURE__*/X.constructAllowedPackets([uu]);class Hu{constructor(e){this.packets=e||new lu}write(){return this.packets.write()}armor(e=ne){return le($.armor.signature,this.write(),void 0,void 0,void 0,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Wu({armoredSignature:e,binarySignature:t,config:r,...i}){r={...ne,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!X.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!X.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await fe(n,r);if(e!==$.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await lu.fromBinary(n,ju,r);return new Hu(s)}async function Gu(e,t){const r=new Lu(e.date,t);return r.packets=null,r.algorithm=$.write($.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function Vu(e,t){const r=new zu(e.date,t);return r.packets=null,r.algorithm=$.write($.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function $u(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw X.wrapError(`Could not find valid ${$.read($.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Zu(e,t,r=new Date){const i=X.normalizeDate(r);if(null!==i){const r=rh(e,t);return!(e.created<=i&&i0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await Ju(n,null,t,a,r.date,void 0,void 0,void 0,i)}async function Yu(e,t,r=new Date,i={},n){let a=n.preferredHashAlgorithm,s=a;if(e){const t=await e.getPrimaryUser(r,i,n);t.selfCertification.preferredHashAlgorithms&&([s]=t.selfCertification.preferredHashAlgorithms,a=ga.hash.getHashByteLength(a)<=ga.hash.getHashByteLength(s)?s:a)}switch(t.algorithm){case $.publicKey.ecdsa:case $.publicKey.eddsaLegacy:case $.publicKey.ed25519:s=ga.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid)}return ga.hash.getHashByteLength(a)<=ga.hash.getHashByteLength(s)?s:a}async function Qu(e,t=[],r=new Date,i=[],n=ne){const a={symmetric:$.symmetric.aes128,aead:$.aead.eax,compression:$.compression.uncompressed}[e],s={symmetric:n.preferredSymmetricAlgorithm,aead:n.preferredAEADAlgorithm,compression:n.preferredCompressionAlgorithm}[e],o={symmetric:"preferredSymmetricAlgorithms",aead:"preferredAEADAlgorithms",compression:"preferredCompressionAlgorithms"}[e],c=await Promise.all(t.map((async function(e,t){const a=(await e.getPrimaryUser(r,i[t],n)).selfCertification[o];return!!a&&a.indexOf(s)>=0})));return c.every(Boolean)?s:a}async function Ju(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new uu;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Yu(t,r,n,a,c),u.rawNotations=s,await u.sign(r,e,n,o),u}async function eh(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return X.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function th(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{n&&!e.issuerKeyID.equals(n.issuerKeyID)||(await e.verify(a,t,r,o.revocationsExpire?s:null,!1,o),c.push(e.issuerKeyID))}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function rh(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function ih(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=X.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=$.write($.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==$.curve.ed25519Legacy&&e.curve!==$.curve.curve25519Legacy||(e.curve=e.sign?$.curve.ed25519Legacy:$.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===$.curve.ed25519Legacy?$.publicKey.eddsaLegacy:$.publicKey.ecdsa:e.algorithm=$.publicKey.ecdh;break;case"rsa":e.algorithm=$.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function nh(e,t){const r=e.algorithm;return r!==$.publicKey.rsaEncrypt&&r!==$.publicKey.elgamal&&r!==$.publicKey.ecdh&&r!==$.publicKey.x25519&&(!t.keyFlags||0!=(t.keyFlags[0]&$.keyFlags.signData))}function ah(e,t){const r=e.algorithm;return r!==$.publicKey.dsa&&r!==$.publicKey.rsaSign&&r!==$.publicKey.ecdsa&&r!==$.publicKey.eddsaLegacy&&r!==$.publicKey.ed25519&&(!t.keyFlags||0!=(t.keyFlags[0]&$.keyFlags.encryptCommunication)||0!=(t.keyFlags[0]&$.keyFlags.encryptStorage))}function sh(e,t){return!!t.allowInsecureDecryptionWithSigningKeys||(!e.keyFlags||0!=(e.keyFlags[0]&$.keyFlags.encryptCommunication)||0!=(e.keyFlags[0]&$.keyFlags.encryptStorage))}function oh(e,t){const r=$.write($.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case $.publicKey.rsaEncryptSign:case $.publicKey.rsaSign:case $.publicKey.rsaEncrypt:if(i.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,$.signature.certGeneric,s,r,void 0,i)}catch(e){throw X.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,$.signature.certGeneric,n,e,void 0,t)}catch(e){throw X.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await eh(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,$.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await eh(e,this,"otherCertifications",t),await eh(e,this,"revocationSignatures",t,(function(e){return th(i,$.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=$.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=ne){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new ch(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await Ju(a,null,e,{signatureType:$.signature.certRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class uh{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new lu;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new uh(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=ne){const n=this.mainKey.keyPacket;return th(n,$.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=ne){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await $u(this.bindingSignatures,r,$.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Zu(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=ne){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await $u(this.bindingSignatures,r,$.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=rh(this.keyPacket,n),s=n.getExpirationTime();return an.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,$.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await eh(e,this,"revocationSignatures",t,(function(e){return th(i,$.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=$.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=ne){const a={key:e,bind:this.keyPacket},s=new uh(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Ju(a,null,e,{signatureType:$.signature.subkeyRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{uh.prototype[e]=function(){return this.keyPacket[e]()}}));const hh=/*#__PURE__*/X.constructAllowedPackets([uu]),dh=new Set([$.packet.publicKey,$.packet.privateKey]),fh=new Set([$.packet.publicKey,$.packet.privateKey,$.packet.publicSubkey,$.packet.privateSubkey]);class lh{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof mn){fh.has(s.tag)&&!a&&(a=dh.has(s.tag)?dh:fh);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case $.packet.publicKey:case $.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case $.packet.userID:case $.packet.userAttribute:r=new ch(s,this),this.users.push(r);break;case $.packet.publicSubkey:case $.packet.secretSubkey:r=null,n=new uh(s,this),this.subkeys.push(n);break;case $.packet.signature:switch(s.signatureType){case $.signature.certGeneric:case $.signature.certPersona:case $.signature.certCasual:case $.signature.certPositive:if(!r){X.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case $.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case $.signature.key:this.directSignatures.push(s);break;case $.signature.subkeyBinding:if(!n){X.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case $.signature.keyRevocation:this.revocationSignatures.push(s);break;case $.signature.subkeyRevocation:if(!n){X.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new lu;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=ne){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await $u(r.bindingSignatures,n,$.signature.subkeyBinding,e,t,i);if(!nh(r.keyPacket,a))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await $u([a.embeddedSignature],r.keyPacket,$.signature.keyBinding,e,t,i),oh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&nh(n,a.selfCertification))return oh(n,i),this}catch(e){s=e}throw X.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=ne){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket,a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await $u(r.bindingSignatures,n,$.signature.subkeyBinding,e,t,i);if(ah(r.keyPacket,a))return oh(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimaryUser(t,r,i);if((!e||n.getKeyID().equals(e))&&ah(n,a.selfCertification))return oh(n,i),this}catch(e){s=e}throw X.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=ne){return th(this.keyPacket,$.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=ne){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");const{selfCertification:n}=await this.getPrimaryUser(e,t,r);if(Zu(i,n,e))throw Error("Primary key is expired");const a=await $u(this.directSignatures,i,$.signature.key,{key:i},e,r).catch((()=>{}));if(a&&Zu(i,a,e))throw Error("Primary key is expired")}async getExpirationTime(e,t=ne){let r;try{const{selfCertification:i}=await this.getPrimaryUser(null,e,t),n=rh(this.keyPacket,i),a=i.getExpirationTime(),s=await $u(this.directSignatures,this.keyPacket,$.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=rh(this.keyPacket,s);r=Math.min(n,a,e)}else r=ne.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await eh(e,i,"revocationSignatures",t,(n=>th(i.keyPacket,$.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await eh(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=ne){const r={key:this.keyPacket},i=await $u(this.revocationSignatures,this.keyPacket,$.signature.keyRevocation,r,e,t),n=new lu;return n.push(i),le($.armor.publicKey,n.write(),null,null,"This is a revocation certificate")}async applyRevocationCertificate(e,t=new Date,r=ne){const i=await fe(e,r),n=(await lu.fromBinary(i.data,hh,r)).findPacket($.packet.signature);if(!n||n.signatureType!==$.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,$.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw X.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=ne){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=ne){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=ne){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=ne){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{lh.prototype[e]=uh.prototype[e]}));class ph extends lh{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([$.packet.secretKey,$.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=ne){return le($.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,e)}}class yh extends ph{constructor(e){if(super(),this.packetListToStructure(e,new Set([$.packet.publicKey,$.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new lu,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case $.packet.secretKey:{const t=Du.fromSecretKeyPacket(r);e.push(t);break}case $.packet.secretSubkey:{const t=Bu.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new ph(e)}armor(e=ne){return le($.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,e)}async getDecryptionKeys(e,t=new Date,r={},i=ne){const n=this.keyPacket,a=[];for(let r=0;re.isDecrypted()))}async validate(e=ne){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys(),t=e.map((e=>e.keyPacket.isDummy())).every(Boolean);if(t)throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=$.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=ne){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await Ju(n,null,this.keyPacket,{signatureType:$.signature.keyRevocation,reasonForRevocationFlag:$.write($.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...ne,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}const s=Ou.fromObject(t),o={};o.userID=s,o.key=e;const c={};c.signatureType=$.signature.certGeneric,c.keyFlags=[$.keyFlags.certifyKeys|$.keyFlags.signData],c.preferredSymmetricAlgorithms=a([$.symmetric.aes256,$.symmetric.aes128,$.symmetric.aes192],i.preferredSymmetricAlgorithm),i.aeadProtect&&(c.preferredAEADAlgorithms=a([$.aead.eax,$.aead.ocb],i.preferredAEADAlgorithm)),c.preferredHashAlgorithms=a([$.hash.sha256,$.hash.sha512],i.preferredHashAlgorithm),c.preferredCompressionAlgorithms=a([$.compression.zlib,$.compression.zip,$.compression.uncompressed],i.preferredCompressionAlgorithm),0===n&&(c.isPrimaryUserID=!0),c.features=[0],c.features[0]|=$.features.modificationDetection,i.aeadProtect&&(c.features[0]|=$.features.aead),i.v5Keys&&(c.features[0]|=$.features.v5Keys),r.keyExpirationTime>0&&(c.keyExpirationTime=r.keyExpirationTime,c.keyNeverExpires=!1);return{userIDPacket:s,signaturePacket:await Ju(o,null,e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await Xu(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const a={key:e};return n.push(await Ju(a,null,e,{signatureType:$.signature.keyRevocation,reasonForRevocationFlag:$.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new yh(n)}async function wh({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...ne,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!X.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!X.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await fe(e,r);if(t!==$.armor.publicKey&&t!==$.armor.privateKey)throw Error("Armored text not of type key");a=i}else a=t;return mh(await lu.fromBinary(a,bh,r))}async function vh({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...ne,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!X.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!X.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:i}=await fe(e,r);if(t!==$.armor.privateKey)throw Error("Armored text not of type private key");a=i}else a=t;const s=await lu.fromBinary(a,bh,r);return new yh(s)}async function _h({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...ne,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!X.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!X.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:i}=await fe(e,r);if(t!==$.armor.publicKey&&t!==$.armor.privateKey)throw Error("Armored text not of type key");n=i}const s=[],o=await lu.fromBinary(n,bh,r),c=o.indexOfTag($.packet.publicKey,$.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag($.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=ne){const a=r||await this.decryptSessionKeys(e,t,i,n),s=this.packets.filterByTag($.packet.symmetricallyEncryptedData,$.packet.symEncryptedIntegrityProtectedData,$.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const o=s[0];let c=null;const u=Promise.all(a.map((async({algorithm:e,data:t})=>{if(!X.isUint8Array(t)||!X.isString(e))throw Error("Invalid session key for decryption.");try{const r=$.write($.symmetric,e);await o.decrypt(r,t,n)}catch(e){X.printDebugError(e),c=e}})));if(j(o.encrypted),o.encrypted=null,await u,!o.packets||!o.packets.length)throw c||Error("Decryption failed.");const h=new Ph(o.packets);return o.packets=new lu,h}async decryptSessionKeys(e,t,r=new Date,i=ne){let n,a=[];if(t){const e=this.packets.filterByTag($.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await lu.fromBinary(e.write(),Sh,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){X.printDebugError(e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag($.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let s=[$.symmetric.aes256,$.symmetric.aes128,$.symmetric.tripledes,$.symmetric.cast5];try{const t=await e.getPrimaryUser(r,void 0,i);t.selfCertification.preferredSymmetricAlgorithms&&(s=s.concat(t.selfCertification.preferredSymmetricAlgorithms))}catch(e){}const o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket));await Promise.all(o.map((async function(e){if(!e||e.isDummy())return;if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===$.publicKey.rsaEncrypt||t.publicKeyAlgorithm===$.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===$.publicKey.rsaSign||t.publicKeyAlgorithm===$.publicKey.elgamal)){const r=t.write();await Promise.all(Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map((async t=>{const i=new xu;i.read(r);const s={sessionKeyAlgorithm:t,sessionKey:ga.generateSessionKey(t)};try{await i.decrypt(e,s),a.push(i)}catch(e){X.printDebugError(e),n=e}})))}else try{if(await t.decrypt(e),!s.includes($.write($.symmetric,t.sessionKeyAlgorithm)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){X.printDebugError(e),n=e}})))}))),j(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+X.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:$.read($.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket($.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=ne){const n=await Qu("symmetric",e,t,r,i),a=$.read($.symmetric,n),s=i.aeadProtect&&await async function(e,t=new Date,r=[],i=ne){let n=!0;return await Promise.all(e.map((async function(e,a){const s=await e.getPrimaryUser(t,r[a],i);s.selfCertification.features&&s.selfCertification.features[0]&$.features.aead||(n=!1)}))),n}(e,t,r,i)?$.read($.aead,await Qu("aead",e,t,r,i)):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&e.keyPacket.algorithm===$.publicKey.x25519&&!X.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ga.generateSessionKey(n),algorithm:a,aeadAlgorithm:s}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=ne){if(r){if(!X.isUint8Array(r.data)||!X.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ph.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ph.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,d=await Ph.encryptSessionKey(c,u,h,e,t,i,n,a,s,o);let f;h?(f=new Pu,f.aeadAlgorithm=$.write($.aead,h)):f=new Su,f.packets=this.packets;const l=$.write($.symmetric,u);return await f.encrypt(l,c,o),d.packets.push(f),f.packets=new lu,d}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=ne){const h=new lu,d=$.write($.symmetric,t),f=r&&$.write($.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=new xu;return n.publicKeyID=a?pe.wildcard():i.getKeyID(),n.publicKeyAlgorithm=i.keyPacket.algorithm,n.sessionKey=e,n.sessionKeyAlgorithm=d,await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new Cu(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,d,f,t))));h.push(...a)}return new Ph(h)}async sign(e=[],t=null,r=[],i=new Date,n=[],a=[],s=ne){const o=new lu,c=this.packets.findPacket($.packet.literalData);if(!c)throw Error("No literal data packet to sign.");let u,h;const d=null===c.text?$.signature.binary:$.signature.text;if(t)for(h=t.packets.filterByTag($.packet.signature),u=h.length-1;u>=0;u--){const t=h[u],r=new du;r.signatureType=t.signatureType,r.hashAlgorithm=t.hashAlgorithm,r.publicKeyAlgorithm=t.publicKeyAlgorithm,r.issuerKeyID=t.issuerKeyID,e.length||0!==u||(r.flags=1),o.push(r)}return await Promise.all(Array.from(e).reverse().map((async function(t,a){if(!t.isPrivate())throw Error("Need private key for signing");const o=r[e.length-1-a],c=await t.getSigningKey(o,i,n,s),u=new du;return u.signatureType=d,u.hashAlgorithm=await Yu(t,c.keyPacket,i,n,s),u.publicKeyAlgorithm=c.keyPacket.algorithm,u.issuerKeyID=c.getKeyID(),a===e.length-1&&(u.flags=1),u}))).then((e=>{e.forEach((e=>o.push(e)))})),o.push(c),o.push(...await xh(c,e,t,r,i,n,a,!1,s)),new Ph(o)}compress(e,t=ne){if(e===$.compression.uncompressed)return this;const r=new yu(t);r.algorithm=e,r.packets=this.packets;const i=new lu;return i.push(r),new Ph(i)}async signDetached(e=[],t=null,r=[],i=new Date,n=[],a=[],s=ne){const o=this.packets.findPacket($.packet.literalData);if(!o)throw Error("No literal data packet to sign.");return new Hu(await xh(o,e,t,r,i,n,a,!0,s))}async verify(e,t=new Date,r=ne){const i=this.unwrapCompressed(),n=i.packets.filterByTag($.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");s(i.packets.stream)&&i.packets.push(...await N(i.packets.stream,(e=>e||[])));const a=i.packets.filterByTag($.packet.onePassSignature).reverse(),o=i.packets.filterByTag($.packet.signature);return a.length&&!o.length&&X.isStream(i.packets.stream)&&!s(i.packets.stream)?(await Promise.all(a.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=H((async()=>(await e.correspondingSig).signatureData)),e.hashed=N(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=T(i.packets.stream,(async(e,t)=>{const r=C(e),i=D(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await i.abort(e)}})),Mh(a,n,e,t,!1,r)):Mh(o,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=ne){const n=this.unwrapCompressed().packets.filterByTag($.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return Mh(e.packets.filterByTag($.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag($.packet.compressedData);return e.length?new Ph(e[0].packets):this}async appendSignature(e,t=ne){await this.packets.read(X.isUint8Array(e)?e:(await fe(e)).data,Eh,t)}write(){return this.packets.write()}armor(e=ne){return le($.armor.message,this.write(),null,null,null,e)}}async function xh(e,t,r=null,i=[],n=new Date,a=[],s=[],o=!1,c=ne){const u=new lu,h=null===e.text?$.signature.binary:$.signature.text;if(await Promise.all(t.map((async(t,r)=>{const u=a[r];if(!t.isPrivate())throw Error("Need private key for signing");const d=await t.getSigningKey(i[r],n,u,c);return Ju(e,t,d.keyPacket,{signatureType:h},n,u,s,o,c)}))).then((e=>{u.push(...e)})),r){const e=r.packets.filterByTag($.packet.signature);u.push(...e)}return u}async function Mh(e,t,r,i=new Date,n=!1,a=ne){return Promise.all(e.filter((function(e){return["text","binary"].includes($.read($.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=ne){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof du?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new lu;return e&&t.push(e),new Hu(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}async function Kh({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...ne,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!X.isString(e)&&!X.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!X.isUint8Array(t)&&!X.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=X.isStream(n);if(s&&(await E(),n=x(n)),e){const{type:e,data:t}=await fe(n,r);if(e!==$.armor.message)throw Error("Armored text not of type message");n=t}const o=await lu.fromBinary(n,Ah,r),c=new Ph(o);return c.fromStream=s,c}async function Ch({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){let s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!X.isString(e)&&!X.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!X.isUint8Array(t)&&!X.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=X.isStream(s);c&&(await E(),s=x(s));const u=new su(i);void 0!==e?u.setText(s,$.write($.literal,n)):u.setBytes(s,$.write($.literal,n)),void 0!==r&&u.setFilename(r);const h=new lu;h.push(u);const d=new Ph(h);return d.fromStream=c,d}const Dh=/*#__PURE__*/X.constructAllowedPackets([uu]);class Uh{constructor(e,t){if(this.text=X.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Hu))throw Error("Invalid signature input");this.signature=t||new Hu(new lu)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=null,r=[],i=new Date,n=[],a=[],s=ne){const o=new su;o.setText(this.text);const c=new Hu(await xh(o,e,t,r,i,n,a,!0,s));return new Uh(this.text,c)}verify(e,t=new Date,r=ne){const i=this.signature.packets.filterByTag($.packet.signature),n=new su;return n.setText(this.text),Mh(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=ne){let t=this.signature.packets.map((function(e){return $.read($.hash,e.hashAlgorithm).toUpperCase()}));t=t.filter((function(e,t,r){return r.indexOf(e)===t}));const r={hash:t.join(),text:this.text,data:this.signature.packets.write()};return le($.armor.signed,r,void 0,void 0,void 0,e)}}async function Rh({cleartextMessage:e,config:t,...r}){if(t={...ne,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!X.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await fe(e);if(n.type!==$.armor.signed)throw Error("No cleartext signed message.");const a=await lu.fromBinary(n.data,Dh,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i0)throw Error("Unknown option: "+r.join(", "));return new Uh(e)}async function Bh({userIDs:e=[],passphrase:t,type:r="ecc",rsaBits:i=4096,curve:n="curve25519",keyExpirationTime:a=0,date:s=new Date,subkeys:o=[{}],format:c="armored",config:u,...h}){Yh(u={...ne,...u}),e=Qh(e);const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));if(0===e.length)throw Error("UserIDs are required for key generation");if("rsa"===r&&iih(e.subkeys[r],e)));let r=[Vu(e,t)];r=r.concat(e.subkeys.map((e=>Gu(e,t))));const i=await Promise.all(r),n=await gh(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(f,u);return e.getKeys().forEach((({keyPacket:e})=>oh(e,u))),{privateKey:td(e,c,u),publicKey:td(e.toPublic(),c,u),revocationCertificate:t}}catch(e){throw X.wrapError("Error generating keypair",e)}}async function Th({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Yh(s={...ne,...s}),t=Qh(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length)throw Error("UserIDs are required for key reformat");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await $u(e.bindingSignatures,i,$.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&$.keyFlags.signData}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await gh(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=X.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:td(e,a,s),publicKey:td(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw X.wrapError("Error reformatting keypair",e)}}async function zh({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Yh(a={...ne,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:td(s,n,a),publicKey:td(s.toPublic(),n,a)}:{privateKey:null,publicKey:td(s,n,a)}}catch(e){throw X.wrapError("Error revoking key",e)}}async function qh({privateKey:e,passphrase:t,config:r,...i}){Yh(r={...ne,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=X.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>X.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),X.wrapError("Error decrypting private key",e)}}async function Fh({privateKey:e,passphrase:t,config:r,...i}){Yh(r={...ne,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=X.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),X.wrapError("Error encrypting private key",e)}}async function Oh({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:d=[],encryptionUserIDs:f=[],signatureNotations:l=[],config:p,...y}){if(Yh(p={...ne,...p}),Vh(e),Zh(a),t=Qh(t),r=Qh(r),i=Qh(i),c=Qh(c),u=Qh(u),d=Qh(d),f=Qh(f),l=Qh(l),y.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(y.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(y.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==y.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const b=Object.keys(y);if(b.length>0)throw Error("Unknown option: "+b.join(", "));r||(r=[]);const m=e.fromStream;try{if((r.length||s)&&(e=await e.sign(r,s,c,h,d,l,p)),e=e.compress(await Qu("compression",t,h,f,p),p),e=await e.encrypt(t,i,n,o,u,h,f,p),"object"===a)return e;const y="armored"===a;return Jh(y?e.armor(p):e.write(),m,y?"utf8":"binary")}catch(e){throw X.wrapError("Error encrypting message",e)}}async function Lh({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Yh(u={...ne,...u}),Vh(e),n=Qh(n),t=Qh(t),r=Qh(r),i=Qh(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const d=Object.keys(h);if(d.length>0)throw Error("Unknown option: "+d.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const d={};if(d.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),d.data="binary"===s?h.getLiteralData():h.getText(),d.filename=h.getFilename(),ed(d,e),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===d.signatures.length)throw Error("Message is not signed");d.data=K([d.data,H((async()=>{await X.anyPromise(d.signatures.map((e=>e.verified)))}))])}return d.data=await Jh(d.data,e.fromStream,s),d}catch(e){throw X.wrapError("Error decrypting message",e)}}async function Nh({message:e,signingKeys:t,format:r="armored",detached:i=!1,signingKeyIDs:n=[],date:a=new Date,signingUserIDs:s=[],signatureNotations:o=[],config:c,...u}){if(Yh(c={...ne,...c}),$h(e),Zh(r),t=Qh(t),n=Qh(n),s=Qh(s),o=Qh(o),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==u.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const h=Object.keys(u);if(h.length>0)throw Error("Unknown option: "+h.join(", "));if(e instanceof Uh&&"binary"===r)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Uh&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let u;if(u=i?await e.signDetached(t,void 0,n,a,s,o,c):await e.sign(t,void 0,n,a,s,o,c),"object"===r)return u;const h="armored"===r;return u=h?u.armor(c):u.write(),i&&(u=T(e.packets.write(),(async(e,t)=>{await Promise.all([U(u,t),N(e).catch((()=>{}))])}))),Jh(u,e.fromStream,h?"utf8":"binary")}catch(e){throw X.wrapError("Error signing message",e)}}async function jh({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Yh(s={...ne,...s}),$h(e),t=Qh(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Uh&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Uh&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&ed(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=K([o.data,H((async()=>{await X.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await Jh(o.data,e.fromStream,i),o}catch(e){throw X.wrapError("Error verifying signed message",e)}}async function Hh({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Yh(i={...ne,...i}),e=Qh(e),r=Qh(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await Ph.generateSessionKey(e,t,r,i)}catch(e){throw X.wrapError("Error generating session key",e)}}async function Wh({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...d}){if(Yh(h={...ne,...h}),function(e,t){if(!X.isUint8Array(e))throw Error("Parameter ["+(t||"data")+"] must be of type Uint8Array")}(e),function(e,t){if(!X.isString(e))throw Error("Parameter ["+(t||"data")+"] must be of type String")}(t,"algorithm"),Zh(a),i=Qh(i),n=Qh(n),o=Qh(o),u=Qh(u),d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return td(await Ph.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw X.wrapError("Error encrypting session key",e)}}async function Gh({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Yh(n={...ne,...n}),Vh(e),t=Qh(t),r=Qh(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,i,n)}catch(e){throw X.wrapError("Error decrypting session keys",e)}}function Vh(e){if(!(e instanceof Ph))throw Error("Parameter [message] needs to be of type Message")}function $h(e){if(!(e instanceof Uh||e instanceof Ph))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Zh(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Xh=Object.keys(ne).length;function Yh(e){const t=Object.keys(e);if(t.length!==Xh)for(const e of t)if(void 0===ne[e])throw Error("Unknown config property: "+e)}function Qh(e){return e&&!X.isArray(e)&&(e=[e]),e}async function Jh(e,t,r="utf8"){const i=X.isStream(e);return"array"===i?N(e):"node"===t?(e=b(e),"binary"!==r&&e.setEncoding(r),e):"web"===t&&"ponyfill"===i?_(e):e}function ed(e,t){e.data=T(t.packets.stream,(async(t,r)=>{await U(e.data,r,{preventClose:!0});const i=D(r);try{await N(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function td(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const rd="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol:e=>`Symbol(${e})`;function id(){}const nd="undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:void 0;function ad(e){return"object"==typeof e&&null!==e||"function"==typeof e}const sd=id,od=Promise,cd=Promise.prototype.then,ud=Promise.resolve.bind(od),hd=Promise.reject.bind(od);function dd(e){return new od(e)}function fd(e){return ud(e)}function ld(e){return hd(e)}function pd(e,t,r){return cd.call(e,t,r)}function yd(e,t,r){pd(pd(e,t,r),void 0,sd)}function bd(e,t){yd(e,t)}function md(e,t){yd(e,void 0,t)}function gd(e,t,r){return pd(e,t,r)}function wd(e){pd(e,void 0,sd)}const vd=(()=>{const e=nd&&nd.queueMicrotask;if("function"==typeof e)return e;const t=fd(void 0);return e=>pd(t,e)})();function _d(e,t,r){if("function"!=typeof e)throw new TypeError("Argument is not a function");return Function.prototype.apply.call(e,t,r)}function kd(e,t,r){try{return fd(_d(e,t,r))}catch(e){return ld(e)}}class Ad{constructor(){this._cursor=0,this._size=0,this._front={_elements:[],_next:void 0},this._back=this._front,this._cursor=0,this._size=0}get length(){return this._size}push(e){const t=this._back;let r=t;16383===t._elements.length&&(r={_elements:[],_next:void 0}),t._elements.push(e),r!==t&&(this._back=r,t._next=r),++this._size}shift(){const e=this._front;let t=e;const r=this._cursor;let i=r+1;const n=e._elements,a=n[r];return 16384===i&&(t=e._next,i=0),--this._size,this._cursor=i,e!==t&&(this._front=t),n[r]=void 0,a}forEach(e){let t=this._cursor,r=this._front,i=r._elements;for(;!(t===i.length&&void 0===r._next||t===i.length&&(r=r._next,i=r._elements,t=0,0===i.length));)e(i[t]),++t}peek(){const e=this._front,t=this._cursor;return e._elements[t]}}function Sd(e,t){e._ownerReadableStream=t,t._reader=e,"readable"===t._state?Md(e):"closed"===t._state?function(e){Md(e),Dd(e)}(e):Kd(e,t._storedError)}function Ed(e,t){return up(e._ownerReadableStream,t)}function Pd(e){"readable"===e._ownerReadableStream._state?Cd(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")):function(e,t){Kd(e,t)}(e,new TypeError("Reader was released and can no longer be used to monitor the stream's closedness")),e._ownerReadableStream._reader=void 0,e._ownerReadableStream=void 0}function xd(e){return new TypeError("Cannot "+e+" a stream using a released reader")}function Md(e){e._closedPromise=dd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r}))}function Kd(e,t){Md(e),Cd(e,t)}function Cd(e,t){void 0!==e._closedPromise_reject&&(wd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}function Dd(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0)}const Ud=rd("[[AbortSteps]]"),Rd=rd("[[ErrorSteps]]"),Id=rd("[[CancelSteps]]"),Bd=rd("[[PullSteps]]"),Td=Number.isFinite||function(e){return"number"==typeof e&&isFinite(e)},zd=Math.trunc||function(e){return e<0?Math.ceil(e):Math.floor(e)};function qd(e,t){if(void 0!==e&&("object"!=typeof(r=e)&&"function"!=typeof r))throw new TypeError(t+" is not an object.");var r}function Fd(e,t){if("function"!=typeof e)throw new TypeError(t+" is not a function.")}function Od(e,t){if(!function(e){return"object"==typeof e&&null!==e||"function"==typeof e}(e))throw new TypeError(t+" is not an object.")}function Ld(e,t,r){if(void 0===e)throw new TypeError(`Parameter ${t} is required in '${r}'.`)}function Nd(e,t,r){if(void 0===e)throw new TypeError(`${t} is required in '${r}'.`)}function jd(e){return Number(e)}function Hd(e){return 0===e?0:e}function Wd(e,t){const r=Number.MAX_SAFE_INTEGER;let i=Number(e);if(i=Hd(i),!Td(i))throw new TypeError(t+" is not a finite number");if(i=function(e){return Hd(zd(e))}(i),i<0||i>r)throw new TypeError(`${t} is outside the accepted range of 0 to ${r}, inclusive`);return Td(i)&&0!==i?i:0}function Gd(e,t){if(!op(e))throw new TypeError(t+" is not a ReadableStream.")}function Vd(e){return new Qd(e)}function $d(e,t){e._reader._readRequests.push(t)}function Zd(e,t,r){const i=e._reader._readRequests.shift();r?i._closeSteps():i._chunkSteps(t)}function Xd(e){return e._reader._readRequests.length}function Yd(e){const t=e._reader;return void 0!==t&&!!Jd(t)}class Qd{constructor(e){if(Ld(e,1,"ReadableStreamDefaultReader"),Gd(e,"First parameter"),cp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");Sd(this,e),this._readRequests=new Ad}get closed(){return Jd(this)?this._closedPromise:ld(tf("closed"))}cancel(e=undefined){return Jd(this)?void 0===this._ownerReadableStream?ld(xd("cancel")):Ed(this,e):ld(tf("cancel"))}read(){if(!Jd(this))return ld(tf("read"));if(void 0===this._ownerReadableStream)return ld(xd("read from"));let e,t;const r=dd(((r,i)=>{e=r,t=i}));return ef(this,{_chunkSteps:t=>e({value:t,done:!1}),_closeSteps:()=>e({value:void 0,done:!0}),_errorSteps:e=>t(e)}),r}releaseLock(){if(!Jd(this))throw tf("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");Pd(this)}}}function Jd(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readRequests")}function ef(e,t){const r=e._ownerReadableStream;r._disturbed=!0,"closed"===r._state?t._closeSteps():"errored"===r._state?t._errorSteps(r._storedError):r._readableStreamController[Bd](t)}function tf(e){return new TypeError(`ReadableStreamDefaultReader.prototype.${e} can only be used on a ReadableStreamDefaultReader`)}let rf;Object.defineProperties(Qd.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(Qd.prototype,rd.toStringTag,{value:"ReadableStreamDefaultReader",configurable:!0}),"symbol"==typeof rd.asyncIterator&&(rf={[rd.asyncIterator](){return this}},Object.defineProperty(rf,rd.asyncIterator,{enumerable:!1}));class nf{constructor(e,t){this._ongoingPromise=void 0,this._isFinished=!1,this._reader=e,this._preventCancel=t}next(){const e=()=>this._nextSteps();return this._ongoingPromise=this._ongoingPromise?gd(this._ongoingPromise,e,e):e(),this._ongoingPromise}return(e){const t=()=>this._returnSteps(e);return this._ongoingPromise?gd(this._ongoingPromise,t,t):t()}_nextSteps(){if(this._isFinished)return Promise.resolve({value:void 0,done:!0});const e=this._reader;if(void 0===e._ownerReadableStream)return ld(xd("iterate"));let t,r;const i=dd(((e,i)=>{t=e,r=i}));return ef(e,{_chunkSteps:e=>{this._ongoingPromise=void 0,vd((()=>t({value:e,done:!1})))},_closeSteps:()=>{this._ongoingPromise=void 0,this._isFinished=!0,Pd(e),t({value:void 0,done:!0})},_errorSteps:t=>{this._ongoingPromise=void 0,this._isFinished=!0,Pd(e),r(t)}}),i}_returnSteps(e){if(this._isFinished)return Promise.resolve({value:e,done:!0});this._isFinished=!0;const t=this._reader;if(void 0===t._ownerReadableStream)return ld(xd("finish iterating"));if(!this._preventCancel){const r=Ed(t,e);return Pd(t),gd(r,(()=>({value:e,done:!0})))}return Pd(t),fd({value:e,done:!0})}}const af={next(){return sf(this)?this._asyncIteratorImpl.next():ld(of("next"))},return(e){return sf(this)?this._asyncIteratorImpl.return(e):ld(of("return"))}};function sf(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_asyncIteratorImpl")}function of(e){return new TypeError(`ReadableStreamAsyncIterator.${e} can only be used on a ReadableSteamAsyncIterator`)}void 0!==rf&&Object.setPrototypeOf(af,rf);const cf=Number.isNaN||function(e){return e!=e};function uf(e){return!!function(e){if("number"!=typeof e)return!1;if(cf(e))return!1;if(e<0)return!1;return!0}(e)&&e!==1/0}function hf(e){const t=e._queue.shift();return e._queueTotalSize-=t.size,e._queueTotalSize<0&&(e._queueTotalSize=0),t.value}function df(e,t,r){if(!uf(r=Number(r)))throw new RangeError("Size must be a finite, non-NaN, non-negative number.");e._queue.push({value:t,size:r}),e._queueTotalSize+=r}function ff(e){e._queue=new Ad,e._queueTotalSize=0}function lf(e){return e.slice()}class pf{constructor(){throw new TypeError("Illegal constructor")}get view(){if(!mf(this))throw Rf("view");return this._view}respond(e){if(!mf(this))throw Rf("respond");if(Ld(e,1,"respond"),e=Wd(e,"First parameter"),void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");this._view.buffer,function(e,t){if(t=Number(t),!uf(t))throw new RangeError("bytesWritten must be a finite");xf(e,t)}(this._associatedReadableByteStreamController,e)}respondWithNewView(e){if(!mf(this))throw Rf("respondWithNewView");if(Ld(e,1,"respondWithNewView"),!ArrayBuffer.isView(e))throw new TypeError("You can only respond with array buffer views");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(void 0===this._associatedReadableByteStreamController)throw new TypeError("This BYOB request has been invalidated");!function(e,t){const r=e._pendingPullIntos.peek();if(r.byteOffset+r.bytesFilled!==t.byteOffset)throw new RangeError("The region specified by view does not match byobRequest");if(r.byteLength!==t.byteLength)throw new RangeError("The buffer of view has different capacity than byobRequest");r.buffer=t.buffer,xf(e,t.byteLength)}(this._associatedReadableByteStreamController,e)}}Object.defineProperties(pf.prototype,{respond:{enumerable:!0},respondWithNewView:{enumerable:!0},view:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(pf.prototype,rd.toStringTag,{value:"ReadableStreamBYOBRequest",configurable:!0});class yf{constructor(){throw new TypeError("Illegal constructor")}get byobRequest(){if(!bf(this))throw If("byobRequest");if(null===this._byobRequest&&this._pendingPullIntos.length>0){const e=this._pendingPullIntos.peek(),t=new Uint8Array(e.buffer,e.byteOffset+e.bytesFilled,e.byteLength-e.bytesFilled),r=Object.create(pf.prototype);!function(e,t,r){e._associatedReadableByteStreamController=t,e._view=r}(r,this,t),this._byobRequest=r}return this._byobRequest}get desiredSize(){if(!bf(this))throw If("desiredSize");return Df(this)}close(){if(!bf(this))throw If("close");if(this._closeRequested)throw new TypeError("The stream has already been closed; do not close it again!");const e=this._controlledReadableByteStream._state;if("readable"!==e)throw new TypeError(`The stream (in ${e} state) is not in the readable state and cannot be closed`);!function(e){const t=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==t._state)return;if(e._queueTotalSize>0)return void(e._closeRequested=!0);if(e._pendingPullIntos.length>0){if(e._pendingPullIntos.peek().bytesFilled>0){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");throw Cf(e,t),t}}Kf(e),hp(t)}(this)}enqueue(e){if(!bf(this))throw If("enqueue");if(Ld(e,1,"enqueue"),!ArrayBuffer.isView(e))throw new TypeError("chunk must be an array buffer view");if(0===e.byteLength)throw new TypeError("chunk must have non-zero byteLength");if(0===e.buffer.byteLength)throw new TypeError("chunk's buffer must have non-zero byteLength");if(this._closeRequested)throw new TypeError("stream is closed or draining");const t=this._controlledReadableByteStream._state;if("readable"!==t)throw new TypeError(`The stream (in ${t} state) is not in the readable state and cannot be enqueued to`);!function(e,t){const r=e._controlledReadableByteStream;if(e._closeRequested||"readable"!==r._state)return;const i=t.buffer,n=t.byteOffset,a=t.byteLength,s=i;if(Yd(r))if(0===Xd(r))_f(e,s,n,a);else{Zd(r,new Uint8Array(s,n,a),!1)}else zf(r)?(_f(e,s,n,a),Pf(e)):_f(e,s,n,a);gf(e)}(this,e)}error(e=undefined){if(!bf(this))throw If("error");Cf(this,e)}[Id](e){if(this._pendingPullIntos.length>0){this._pendingPullIntos.peek().bytesFilled=0}ff(this);const t=this._cancelAlgorithm(e);return Kf(this),t}[Bd](e){const t=this._controlledReadableByteStream;if(this._queueTotalSize>0){const t=this._queue.shift();this._queueTotalSize-=t.byteLength,Sf(this);const r=new Uint8Array(t.buffer,t.byteOffset,t.byteLength);return void e._chunkSteps(r)}const r=this._autoAllocateChunkSize;if(void 0!==r){let t;try{t=new ArrayBuffer(r)}catch(t){return void e._errorSteps(t)}const i={buffer:t,byteOffset:0,byteLength:r,bytesFilled:0,elementSize:1,viewConstructor:Uint8Array,readerType:"default"};this._pendingPullIntos.push(i)}$d(t,e),gf(this)}}function bf(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableByteStream")}function mf(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_associatedReadableByteStreamController")}function gf(e){const t=function(e){const t=e._controlledReadableByteStream;if("readable"!==t._state)return!1;if(e._closeRequested)return!1;if(!e._started)return!1;if(Yd(t)&&Xd(t)>0)return!0;if(zf(t)&&Tf(t)>0)return!0;const r=Df(e);if(r>0)return!0;return!1}(e);if(!t)return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;yd(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,gf(e))}),(t=>{Cf(e,t)}))}function wf(e,t){let r=!1;"closed"===e._state&&(r=!0);const i=vf(t);"default"===t.readerType?Zd(e,i,r):function(e,t,r){const i=e._reader,n=i._readIntoRequests.shift();r?n._closeSteps(t):n._chunkSteps(t)}(e,i,r)}function vf(e){const t=e.bytesFilled,r=e.elementSize;return new e.viewConstructor(e.buffer,e.byteOffset,t/r)}function _f(e,t,r,i){e._queue.push({buffer:t,byteOffset:r,byteLength:i}),e._queueTotalSize+=i}function kf(e,t){const r=t.elementSize,i=t.bytesFilled-t.bytesFilled%r,n=Math.min(e._queueTotalSize,t.byteLength-t.bytesFilled),a=t.bytesFilled+n,s=a-a%r;let o=n,c=!1;s>i&&(o=s-t.bytesFilled,c=!0);const u=e._queue;for(;o>0;){const r=u.peek(),i=Math.min(o,r.byteLength),n=t.byteOffset+t.bytesFilled;h=t.buffer,d=n,f=r.buffer,l=r.byteOffset,p=i,new Uint8Array(h).set(new Uint8Array(f,l,p),d),r.byteLength===i?u.shift():(r.byteOffset+=i,r.byteLength-=i),e._queueTotalSize-=i,Af(e,i,t),o-=i}var h,d,f,l,p;return c}function Af(e,t,r){Ef(e),r.bytesFilled+=t}function Sf(e){0===e._queueTotalSize&&e._closeRequested?(Kf(e),hp(e._controlledReadableByteStream)):gf(e)}function Ef(e){null!==e._byobRequest&&(e._byobRequest._associatedReadableByteStreamController=void 0,e._byobRequest._view=null,e._byobRequest=null)}function Pf(e){for(;e._pendingPullIntos.length>0;){if(0===e._queueTotalSize)return;const t=e._pendingPullIntos.peek();kf(e,t)&&(Mf(e),wf(e._controlledReadableByteStream,t))}}function xf(e,t){const r=e._pendingPullIntos.peek();if("closed"===e._controlledReadableByteStream._state){if(0!==t)throw new TypeError("bytesWritten must be 0 when calling respond() on a closed stream");!function(e,t){t.buffer=t.buffer;const r=e._controlledReadableByteStream;if(zf(r))for(;Tf(r)>0;)wf(r,Mf(e))}(e,r)}else!function(e,t,r){if(r.bytesFilled+t>r.byteLength)throw new RangeError("bytesWritten out of range");if(Af(e,t,r),r.bytesFilled0){const t=r.byteOffset+r.bytesFilled,n=r.buffer.slice(t-i,t);_f(e,n,0,n.byteLength)}r.buffer=r.buffer,r.bytesFilled-=i,wf(e._controlledReadableByteStream,r),Pf(e)}(e,t,r);gf(e)}function Mf(e){const t=e._pendingPullIntos.shift();return Ef(e),t}function Kf(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0}function Cf(e,t){const r=e._controlledReadableByteStream;"readable"===r._state&&(!function(e){Ef(e),e._pendingPullIntos=new Ad}(e),ff(e),Kf(e),dp(r,t))}function Df(e){const t=e._controlledReadableByteStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Uf(e,t,r){const i=Object.create(yf.prototype);let n=()=>{},a=()=>fd(void 0),s=()=>fd(void 0);void 0!==t.start&&(n=()=>t.start(i)),void 0!==t.pull&&(a=()=>t.pull(i)),void 0!==t.cancel&&(s=e=>t.cancel(e));const o=t.autoAllocateChunkSize;if(0===o)throw new TypeError("autoAllocateChunkSize must be greater than 0");!function(e,t,r,i,n,a,s){t._controlledReadableByteStream=e,t._pullAgain=!1,t._pulling=!1,t._byobRequest=null,t._queue=t._queueTotalSize=void 0,ff(t),t._closeRequested=!1,t._started=!1,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,t._autoAllocateChunkSize=s,t._pendingPullIntos=new Ad,e._readableStreamController=t,yd(fd(r()),(()=>{t._started=!0,gf(t)}),(e=>{Cf(t,e)}))}(e,i,n,a,s,r,o)}function Rf(e){return new TypeError(`ReadableStreamBYOBRequest.prototype.${e} can only be used on a ReadableStreamBYOBRequest`)}function If(e){return new TypeError(`ReadableByteStreamController.prototype.${e} can only be used on a ReadableByteStreamController`)}function Bf(e,t){e._reader._readIntoRequests.push(t)}function Tf(e){return e._reader._readIntoRequests.length}function zf(e){const t=e._reader;return void 0!==t&&!!Ff(t)}Object.defineProperties(yf.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},byobRequest:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(yf.prototype,rd.toStringTag,{value:"ReadableByteStreamController",configurable:!0});class qf{constructor(e){if(Ld(e,1,"ReadableStreamBYOBReader"),Gd(e,"First parameter"),cp(e))throw new TypeError("This stream has already been locked for exclusive reading by another reader");if(!bf(e._readableStreamController))throw new TypeError("Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte source");Sd(this,e),this._readIntoRequests=new Ad}get closed(){return Ff(this)?this._closedPromise:ld(Of("closed"))}cancel(e=undefined){return Ff(this)?void 0===this._ownerReadableStream?ld(xd("cancel")):Ed(this,e):ld(Of("cancel"))}read(e){if(!Ff(this))return ld(Of("read"));if(!ArrayBuffer.isView(e))return ld(new TypeError("view must be an array buffer view"));if(0===e.byteLength)return ld(new TypeError("view must have non-zero byteLength"));if(0===e.buffer.byteLength)return ld(new TypeError("view's buffer must have non-zero byteLength"));if(void 0===this._ownerReadableStream)return ld(xd("read from"));let t,r;const i=dd(((e,i)=>{t=e,r=i}));return function(e,t,r){const i=e._ownerReadableStream;i._disturbed=!0,"errored"===i._state?r._errorSteps(i._storedError):function(e,t,r){const i=e._controlledReadableByteStream;let n=1;t.constructor!==DataView&&(n=t.constructor.BYTES_PER_ELEMENT);const a=t.constructor,s={buffer:t.buffer,byteOffset:t.byteOffset,byteLength:t.byteLength,bytesFilled:0,elementSize:n,viewConstructor:a,readerType:"byob"};if(e._pendingPullIntos.length>0)return e._pendingPullIntos.push(s),void Bf(i,r);if("closed"!==i._state){if(e._queueTotalSize>0){if(kf(e,s)){const t=vf(s);return Sf(e),void r._chunkSteps(t)}if(e._closeRequested){const t=new TypeError("Insufficient bytes to fill elements in the given buffer");return Cf(e,t),void r._errorSteps(t)}}e._pendingPullIntos.push(s),Bf(i,r),gf(e)}else{const e=new a(s.buffer,s.byteOffset,0);r._closeSteps(e)}}(i._readableStreamController,t,r)}(this,e,{_chunkSteps:e=>t({value:e,done:!1}),_closeSteps:e=>t({value:e,done:!0}),_errorSteps:e=>r(e)}),i}releaseLock(){if(!Ff(this))throw Of("releaseLock");if(void 0!==this._ownerReadableStream){if(this._readIntoRequests.length>0)throw new TypeError("Tried to release a reader lock when that reader has pending read() calls un-settled");Pd(this)}}}function Ff(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readIntoRequests")}function Of(e){return new TypeError(`ReadableStreamBYOBReader.prototype.${e} can only be used on a ReadableStreamBYOBReader`)}function Lf(e,t){const{highWaterMark:r}=e;if(void 0===r)return t;if(cf(r)||r<0)throw new RangeError("Invalid highWaterMark");return r}function Nf(e){const{size:t}=e;return t||(()=>1)}function jf(e,t){qd(e,t);const r=null==e?void 0:e.highWaterMark,i=null==e?void 0:e.size;return{highWaterMark:void 0===r?void 0:jd(r),size:void 0===i?void 0:Hf(i,t+" has member 'size' that")}}function Hf(e,t){return Fd(e,t),t=>jd(e(t))}function Wf(e,t,r){return Fd(e,r),r=>kd(e,t,[r])}function Gf(e,t,r){return Fd(e,r),()=>kd(e,t,[])}function Vf(e,t,r){return Fd(e,r),r=>_d(e,t,[r])}function $f(e,t,r){return Fd(e,r),(r,i)=>kd(e,t,[r,i])}function Zf(e,t){if(!Jf(e))throw new TypeError(t+" is not a WritableStream.")}Object.defineProperties(qf.prototype,{cancel:{enumerable:!0},read:{enumerable:!0},releaseLock:{enumerable:!0},closed:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(qf.prototype,rd.toStringTag,{value:"ReadableStreamBYOBReader",configurable:!0});class Xf{constructor(e={},t={}){void 0===e?e=null:Od(e,"First parameter");const r=jf(t,"Second parameter"),i=function(e,t){qd(e,t);const r=null==e?void 0:e.abort,i=null==e?void 0:e.close,n=null==e?void 0:e.start,a=null==e?void 0:e.type,s=null==e?void 0:e.write;return{abort:void 0===r?void 0:Wf(r,e,t+" has member 'abort' that"),close:void 0===i?void 0:Gf(i,e,t+" has member 'close' that"),start:void 0===n?void 0:Vf(n,e,t+" has member 'start' that"),write:void 0===s?void 0:$f(s,e,t+" has member 'write' that"),type:a}}(e,"First parameter");Qf(this);if(void 0!==i.type)throw new RangeError("Invalid type is specified");const n=Nf(r);!function(e,t,r,i){const n=Object.create(ml.prototype);let a=()=>{},s=()=>fd(void 0),o=()=>fd(void 0),c=()=>fd(void 0);void 0!==t.start&&(a=()=>t.start(n));void 0!==t.write&&(s=e=>t.write(e,n));void 0!==t.close&&(o=()=>t.close());void 0!==t.abort&&(c=e=>t.abort(e));gl(e,n,a,s,o,c,r,i)}(this,i,Lf(r,1),n)}get locked(){if(!Jf(this))throw El("locked");return el(this)}abort(e=undefined){return Jf(this)?el(this)?ld(new TypeError("Cannot abort a stream that already has a writer")):tl(this,e):ld(El("abort"))}close(){return Jf(this)?el(this)?ld(new TypeError("Cannot close a stream that already has a writer")):sl(this)?ld(new TypeError("Cannot close an already-closing stream")):rl(this):ld(El("close"))}getWriter(){if(!Jf(this))throw El("getWriter");return Yf(this)}}function Yf(e){return new ul(e)}function Qf(e){e._state="writable",e._storedError=void 0,e._writer=void 0,e._writableStreamController=void 0,e._writeRequests=new Ad,e._inFlightWriteRequest=void 0,e._closeRequest=void 0,e._inFlightCloseRequest=void 0,e._pendingAbortRequest=void 0,e._backpressure=!1}function Jf(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_writableStreamController")}function el(e){return void 0!==e._writer}function tl(e,t){const r=e._state;if("closed"===r||"errored"===r)return fd(void 0);if(void 0!==e._pendingAbortRequest)return e._pendingAbortRequest._promise;let i=!1;"erroring"===r&&(i=!0,t=void 0);const n=dd(((r,n)=>{e._pendingAbortRequest={_promise:void 0,_resolve:r,_reject:n,_reason:t,_wasAlreadyErroring:i}}));return e._pendingAbortRequest._promise=n,i||nl(e,t),n}function rl(e){const t=e._state;if("closed"===t||"errored"===t)return ld(new TypeError(`The stream (in ${t} state) is not in the writable state and cannot be closed`));const r=dd(((t,r)=>{const i={_resolve:t,_reject:r};e._closeRequest=i})),i=e._writer;var n;return void 0!==i&&e._backpressure&&"writable"===t&&Tl(i),df(n=e._writableStreamController,bl,0),_l(n),r}function il(e,t){"writable"!==e._state?al(e):nl(e,t)}function nl(e,t){const r=e._writableStreamController;e._state="erroring",e._storedError=t;const i=e._writer;void 0!==i&&ll(i,t),!function(e){if(void 0===e._inFlightWriteRequest&&void 0===e._inFlightCloseRequest)return!1;return!0}(e)&&r._started&&al(e)}function al(e){e._state="errored",e._writableStreamController[Rd]();const t=e._storedError;if(e._writeRequests.forEach((e=>{e._reject(t)})),e._writeRequests=new Ad,void 0===e._pendingAbortRequest)return void ol(e);const r=e._pendingAbortRequest;if(e._pendingAbortRequest=void 0,r._wasAlreadyErroring)return r._reject(t),void ol(e);yd(e._writableStreamController[Ud](r._reason),(()=>{r._resolve(),ol(e)}),(t=>{r._reject(t),ol(e)}))}function sl(e){return void 0!==e._closeRequest||void 0!==e._inFlightCloseRequest}function ol(e){void 0!==e._closeRequest&&(e._closeRequest._reject(e._storedError),e._closeRequest=void 0);const t=e._writer;void 0!==t&&Cl(t,e._storedError)}function cl(e,t){const r=e._writer;void 0!==r&&t!==e._backpressure&&(t?function(e){Ul(e)}(r):Tl(r)),e._backpressure=t}Object.defineProperties(Xf.prototype,{abort:{enumerable:!0},close:{enumerable:!0},getWriter:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(Xf.prototype,rd.toStringTag,{value:"WritableStream",configurable:!0});class ul{constructor(e){if(Ld(e,1,"WritableStreamDefaultWriter"),Zf(e,"First parameter"),el(e))throw new TypeError("This stream has already been locked for exclusive writing by another writer");this._ownerWritableStream=e,e._writer=this;const t=e._state;if("writable"===t)!sl(e)&&e._backpressure?Ul(this):Il(this),Ml(this);else if("erroring"===t)Rl(this,e._storedError),Ml(this);else if("closed"===t)Il(this),Ml(r=this),Dl(r);else{const t=e._storedError;Rl(this,t),Kl(this,t)}var r}get closed(){return hl(this)?this._closedPromise:ld(Pl("closed"))}get desiredSize(){if(!hl(this))throw Pl("desiredSize");if(void 0===this._ownerWritableStream)throw xl("desiredSize");return function(e){const t=e._ownerWritableStream,r=t._state;if("errored"===r||"erroring"===r)return null;if("closed"===r)return 0;return vl(t._writableStreamController)}(this)}get ready(){return hl(this)?this._readyPromise:ld(Pl("ready"))}abort(e=undefined){return hl(this)?void 0===this._ownerWritableStream?ld(xl("abort")):function(e,t){const r=e._ownerWritableStream;return tl(r,t)}(this,e):ld(Pl("abort"))}close(){if(!hl(this))return ld(Pl("close"));const e=this._ownerWritableStream;return void 0===e?ld(xl("close")):sl(e)?ld(new TypeError("Cannot close an already-closing stream")):dl(this)}releaseLock(){if(!hl(this))throw Pl("releaseLock");void 0!==this._ownerWritableStream&&pl(this)}write(e=undefined){return hl(this)?void 0===this._ownerWritableStream?ld(xl("write to")):yl(this,e):ld(Pl("write"))}}function hl(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_ownerWritableStream")}function dl(e){return rl(e._ownerWritableStream)}function fl(e,t){"pending"===e._closedPromiseState?Cl(e,t):function(e,t){Kl(e,t)}(e,t)}function ll(e,t){"pending"===e._readyPromiseState?Bl(e,t):function(e,t){Rl(e,t)}(e,t)}function pl(e){const t=e._ownerWritableStream,r=new TypeError("Writer was released and can no longer be used to monitor the stream's closedness");ll(e,r),fl(e,r),t._writer=void 0,e._ownerWritableStream=void 0}function yl(e,t){const r=e._ownerWritableStream,i=r._writableStreamController,n=function(e,t){try{return e._strategySizeAlgorithm(t)}catch(t){return kl(e,t),1}}(i,t);if(r!==e._ownerWritableStream)return ld(xl("write to"));const a=r._state;if("errored"===a)return ld(r._storedError);if(sl(r)||"closed"===a)return ld(new TypeError("The stream is closing or closed and cannot be written to"));if("erroring"===a)return ld(r._storedError);const s=function(e){return dd(((t,r)=>{const i={_resolve:t,_reject:r};e._writeRequests.push(i)}))}(r);return function(e,t,r){try{df(e,t,r)}catch(t){return void kl(e,t)}const i=e._controlledWritableStream;if(!sl(i)&&"writable"===i._state){cl(i,Al(e))}_l(e)}(i,t,n),s}Object.defineProperties(ul.prototype,{abort:{enumerable:!0},close:{enumerable:!0},releaseLock:{enumerable:!0},write:{enumerable:!0},closed:{enumerable:!0},desiredSize:{enumerable:!0},ready:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(ul.prototype,rd.toStringTag,{value:"WritableStreamDefaultWriter",configurable:!0});const bl={};class ml{constructor(){throw new TypeError("Illegal constructor")}error(e=undefined){if(!function(e){if(!ad(e))return!1;if(!Object.prototype.hasOwnProperty.call(e,"_controlledWritableStream"))return!1;return!0}(this))throw new TypeError("WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController");"writable"===this._controlledWritableStream._state&&Sl(this,e)}[Ud](e){const t=this._abortAlgorithm(e);return wl(this),t}[Rd](){ff(this)}}function gl(e,t,r,i,n,a,s,o){t._controlledWritableStream=e,e._writableStreamController=t,t._queue=void 0,t._queueTotalSize=void 0,ff(t),t._started=!1,t._strategySizeAlgorithm=o,t._strategyHWM=s,t._writeAlgorithm=i,t._closeAlgorithm=n,t._abortAlgorithm=a;const c=Al(t);cl(e,c);yd(fd(r()),(()=>{t._started=!0,_l(t)}),(r=>{t._started=!0,il(e,r)}))}function wl(e){e._writeAlgorithm=void 0,e._closeAlgorithm=void 0,e._abortAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function vl(e){return e._strategyHWM-e._queueTotalSize}function _l(e){const t=e._controlledWritableStream;if(!e._started)return;if(void 0!==t._inFlightWriteRequest)return;if("erroring"===t._state)return void al(t);if(0===e._queue.length)return;const r=e._queue.peek().value;r===bl?function(e){const t=e._controlledWritableStream;(function(e){e._inFlightCloseRequest=e._closeRequest,e._closeRequest=void 0})(t),hf(e);const r=e._closeAlgorithm();wl(e),yd(r,(()=>{!function(e){e._inFlightCloseRequest._resolve(void 0),e._inFlightCloseRequest=void 0,"erroring"===e._state&&(e._storedError=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._resolve(),e._pendingAbortRequest=void 0)),e._state="closed";const t=e._writer;void 0!==t&&Dl(t)}(t)}),(e=>{!function(e,t){e._inFlightCloseRequest._reject(t),e._inFlightCloseRequest=void 0,void 0!==e._pendingAbortRequest&&(e._pendingAbortRequest._reject(t),e._pendingAbortRequest=void 0),il(e,t)}(t,e)}))}(e):function(e,t){const r=e._controlledWritableStream;!function(e){e._inFlightWriteRequest=e._writeRequests.shift()}(r);const i=e._writeAlgorithm(t);yd(i,(()=>{!function(e){e._inFlightWriteRequest._resolve(void 0),e._inFlightWriteRequest=void 0}(r);const t=r._state;if(hf(e),!sl(r)&&"writable"===t){const t=Al(e);cl(r,t)}_l(e)}),(t=>{"writable"===r._state&&wl(e),function(e,t){e._inFlightWriteRequest._reject(t),e._inFlightWriteRequest=void 0,il(e,t)}(r,t)}))}(e,r)}function kl(e,t){"writable"===e._controlledWritableStream._state&&Sl(e,t)}function Al(e){return vl(e)<=0}function Sl(e,t){const r=e._controlledWritableStream;wl(e),nl(r,t)}function El(e){return new TypeError(`WritableStream.prototype.${e} can only be used on a WritableStream`)}function Pl(e){return new TypeError(`WritableStreamDefaultWriter.prototype.${e} can only be used on a WritableStreamDefaultWriter`)}function xl(e){return new TypeError("Cannot "+e+" a stream using a released writer")}function Ml(e){e._closedPromise=dd(((t,r)=>{e._closedPromise_resolve=t,e._closedPromise_reject=r,e._closedPromiseState="pending"}))}function Kl(e,t){Ml(e),Cl(e,t)}function Cl(e,t){void 0!==e._closedPromise_reject&&(wd(e._closedPromise),e._closedPromise_reject(t),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="rejected")}function Dl(e){void 0!==e._closedPromise_resolve&&(e._closedPromise_resolve(void 0),e._closedPromise_resolve=void 0,e._closedPromise_reject=void 0,e._closedPromiseState="resolved")}function Ul(e){e._readyPromise=dd(((t,r)=>{e._readyPromise_resolve=t,e._readyPromise_reject=r})),e._readyPromiseState="pending"}function Rl(e,t){Ul(e),Bl(e,t)}function Il(e){Ul(e),Tl(e)}function Bl(e,t){void 0!==e._readyPromise_reject&&(wd(e._readyPromise),e._readyPromise_reject(t),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="rejected")}function Tl(e){void 0!==e._readyPromise_resolve&&(e._readyPromise_resolve(void 0),e._readyPromise_resolve=void 0,e._readyPromise_reject=void 0,e._readyPromiseState="fulfilled")}Object.defineProperties(ml.prototype,{error:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(ml.prototype,rd.toStringTag,{value:"WritableStreamDefaultController",configurable:!0});const zl="undefined"!=typeof DOMException?DOMException:void 0;const ql=function(e){if("function"!=typeof e&&"object"!=typeof e)return!1;try{return new e,!0}catch(e){return!1}}(zl)?zl:function(){const e=function(e,t){this.message=e||"",this.name=t||"Error",Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)};return Object.defineProperty(e.prototype=Object.create(Error.prototype),"constructor",{value:e,writable:!0,configurable:!0}),e}();function Fl(e,t,r,i,n,a){const s=Vd(e),o=Yf(t);e._disturbed=!0;let c=!1,u=fd(void 0);return dd(((h,d)=>{let f;if(void 0!==a){if(f=()=>{const r=new ql("Aborted","AbortError"),a=[];i||a.push((()=>"writable"===t._state?tl(t,r):fd(void 0))),n||a.push((()=>"readable"===e._state?up(e,r):fd(void 0))),y((()=>Promise.all(a.map((e=>e())))),!0,r)},a.aborted)return void f();a.addEventListener("abort",f)}if(p(e,s._closedPromise,(e=>{i?b(!0,e):y((()=>tl(t,e)),!0,e)})),p(t,o._closedPromise,(t=>{n?b(!0,t):y((()=>up(e,t)),!0,t)})),function(e,t,r){"closed"===e._state?r():bd(t,r)}(e,s._closedPromise,(()=>{r?b():y((()=>function(e){const t=e._ownerWritableStream,r=t._state;return sl(t)||"closed"===r?fd(void 0):"errored"===r?ld(t._storedError):dl(e)}(o)))})),sl(t)||"closed"===t._state){const t=new TypeError("the destination writable stream closed before all data could be piped to it");n?b(!0,t):y((()=>up(e,t)),!0,t)}function l(){const e=u;return pd(u,(()=>e!==u?l():void 0))}function p(e,t,r){"errored"===e._state?r(e._storedError):md(t,r)}function y(e,r,i){function n(){yd(e(),(()=>m(r,i)),(e=>m(!0,e)))}c||(c=!0,"writable"!==t._state||sl(t)?n():bd(l(),n))}function b(e,r){c||(c=!0,"writable"!==t._state||sl(t)?m(e,r):bd(l(),(()=>m(e,r))))}function m(e,t){pl(o),Pd(s),void 0!==a&&a.removeEventListener("abort",f),e?d(t):h(void 0)}wd(dd(((e,t)=>{!function r(i){i?e():pd(c?fd(!0):pd(o._readyPromise,(()=>dd(((e,t)=>{ef(s,{_chunkSteps:t=>{u=pd(yl(o,t),void 0,id),e(!1)},_closeSteps:()=>e(!0),_errorSteps:t})})))),r,t)}(!1)})))}))}class Ol{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Ll(this))throw Yl("desiredSize");return $l(this)}close(){if(!Ll(this))throw Yl("close");if(!Zl(this))throw new TypeError("The stream is not in a state that permits close");Wl(this)}enqueue(e=undefined){if(!Ll(this))throw Yl("enqueue");if(!Zl(this))throw new TypeError("The stream is not in a state that permits enqueue");return Gl(this,e)}error(e=undefined){if(!Ll(this))throw Yl("error");Vl(this,e)}[Id](e){ff(this);const t=this._cancelAlgorithm(e);return Hl(this),t}[Bd](e){const t=this._controlledReadableStream;if(this._queue.length>0){const r=hf(this);this._closeRequested&&0===this._queue.length?(Hl(this),hp(t)):Nl(this),e._chunkSteps(r)}else $d(t,e),Nl(this)}}function Ll(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledReadableStream")}function Nl(e){if(!jl(e))return;if(e._pulling)return void(e._pullAgain=!0);e._pulling=!0;yd(e._pullAlgorithm(),(()=>{e._pulling=!1,e._pullAgain&&(e._pullAgain=!1,Nl(e))}),(t=>{Vl(e,t)}))}function jl(e){const t=e._controlledReadableStream;if(!Zl(e))return!1;if(!e._started)return!1;if(cp(t)&&Xd(t)>0)return!0;return $l(e)>0}function Hl(e){e._pullAlgorithm=void 0,e._cancelAlgorithm=void 0,e._strategySizeAlgorithm=void 0}function Wl(e){if(!Zl(e))return;const t=e._controlledReadableStream;e._closeRequested=!0,0===e._queue.length&&(Hl(e),hp(t))}function Gl(e,t){if(!Zl(e))return;const r=e._controlledReadableStream;if(cp(r)&&Xd(r)>0)Zd(r,t,!1);else{let r;try{r=e._strategySizeAlgorithm(t)}catch(t){throw Vl(e,t),t}try{df(e,t,r)}catch(t){throw Vl(e,t),t}}Nl(e)}function Vl(e,t){const r=e._controlledReadableStream;"readable"===r._state&&(ff(e),Hl(e),dp(r,t))}function $l(e){const t=e._controlledReadableStream._state;return"errored"===t?null:"closed"===t?0:e._strategyHWM-e._queueTotalSize}function Zl(e){const t=e._controlledReadableStream._state;return!e._closeRequested&&"readable"===t}function Xl(e,t,r,i,n,a,s){t._controlledReadableStream=e,t._queue=void 0,t._queueTotalSize=void 0,ff(t),t._started=!1,t._closeRequested=!1,t._pullAgain=!1,t._pulling=!1,t._strategySizeAlgorithm=s,t._strategyHWM=a,t._pullAlgorithm=i,t._cancelAlgorithm=n,e._readableStreamController=t;yd(fd(r()),(()=>{t._started=!0,Nl(t)}),(e=>{Vl(t,e)}))}function Yl(e){return new TypeError(`ReadableStreamDefaultController.prototype.${e} can only be used on a ReadableStreamDefaultController`)}function Ql(e,t,r){return Fd(e,r),r=>kd(e,t,[r])}function Jl(e,t,r){return Fd(e,r),r=>kd(e,t,[r])}function ep(e,t,r){return Fd(e,r),r=>_d(e,t,[r])}function tp(e,t){if("bytes"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamType`);return e}function rp(e,t){if("byob"!==(e=""+e))throw new TypeError(`${t} '${e}' is not a valid enumeration value for ReadableStreamReaderMode`);return e}function ip(e,t){qd(e,t);const r=null==e?void 0:e.preventAbort,i=null==e?void 0:e.preventCancel,n=null==e?void 0:e.preventClose,a=null==e?void 0:e.signal;return void 0!==a&&function(e,t){if(!function(e){if("object"!=typeof e||null===e)return!1;try{return"boolean"==typeof e.aborted}catch(e){return!1}}(e))throw new TypeError(t+" is not an AbortSignal.")}(a,t+" has member 'signal' that"),{preventAbort:!!r,preventCancel:!!i,preventClose:!!n,signal:a}}Object.defineProperties(Ol.prototype,{close:{enumerable:!0},enqueue:{enumerable:!0},error:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(Ol.prototype,rd.toStringTag,{value:"ReadableStreamDefaultController",configurable:!0});class np{constructor(e={},t={}){void 0===e?e=null:Od(e,"First parameter");const r=jf(t,"Second parameter"),i=function(e,t){qd(e,t);const r=e,i=null==r?void 0:r.autoAllocateChunkSize,n=null==r?void 0:r.cancel,a=null==r?void 0:r.pull,s=null==r?void 0:r.start,o=null==r?void 0:r.type;return{autoAllocateChunkSize:void 0===i?void 0:Wd(i,t+" has member 'autoAllocateChunkSize' that"),cancel:void 0===n?void 0:Ql(n,r,t+" has member 'cancel' that"),pull:void 0===a?void 0:Jl(a,r,t+" has member 'pull' that"),start:void 0===s?void 0:ep(s,r,t+" has member 'start' that"),type:void 0===o?void 0:tp(o,t+" has member 'type' that")}}(e,"First parameter");if(sp(this),"bytes"===i.type){if(void 0!==r.size)throw new RangeError("The strategy for a byte stream cannot have a size function");Uf(this,i,Lf(r,0))}else{const e=Nf(r);!function(e,t,r,i){const n=Object.create(Ol.prototype);let a=()=>{},s=()=>fd(void 0),o=()=>fd(void 0);void 0!==t.start&&(a=()=>t.start(n)),void 0!==t.pull&&(s=()=>t.pull(n)),void 0!==t.cancel&&(o=e=>t.cancel(e)),Xl(e,n,a,s,o,r,i)}(this,i,Lf(r,1),e)}}get locked(){if(!op(this))throw fp("locked");return cp(this)}cancel(e=undefined){return op(this)?cp(this)?ld(new TypeError("Cannot cancel a stream that already has a reader")):up(this,e):ld(fp("cancel"))}getReader(e=undefined){if(!op(this))throw fp("getReader");const t=function(e,t){qd(e,t);const r=null==e?void 0:e.mode;return{mode:void 0===r?void 0:rp(r,t+" has member 'mode' that")}}(e,"First parameter");return void 0===t.mode?Vd(this):function(e){return new qf(e)}(this)}pipeThrough(e,t={}){if(!op(this))throw fp("pipeThrough");Ld(e,1,"pipeThrough");const r=function(e,t){qd(e,t);const r=null==e?void 0:e.readable;Nd(r,"readable","ReadableWritablePair"),Gd(r,t+" has member 'readable' that");const i=null==e?void 0:e.writable;return Nd(i,"writable","ReadableWritablePair"),Zf(i,t+" has member 'writable' that"),{readable:r,writable:i}}(e,"First parameter"),i=ip(t,"Second parameter");if(cp(this))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream");if(el(r.writable))throw new TypeError("ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream");return wd(Fl(this,r.writable,i.preventClose,i.preventAbort,i.preventCancel,i.signal)),r.readable}pipeTo(e,t={}){if(!op(this))return ld(fp("pipeTo"));if(void 0===e)return ld("Parameter 1 is required in 'pipeTo'.");if(!Jf(e))return ld(new TypeError("ReadableStream.prototype.pipeTo's first argument must be a WritableStream"));let r;try{r=ip(t,"Second parameter")}catch(e){return ld(e)}return cp(this)?ld(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream")):el(e)?ld(new TypeError("ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream")):Fl(this,e,r.preventClose,r.preventAbort,r.preventCancel,r.signal)}tee(){if(!op(this))throw fp("tee");const e=function(e,t){const r=Vd(e);let i,n,a,s,o,c=!1,u=!1,h=!1;const d=dd((e=>{o=e}));function f(){return c||(c=!0,ef(r,{_chunkSteps:e=>{vd((()=>{c=!1;const t=e,r=e;u||Gl(a._readableStreamController,t),h||Gl(s._readableStreamController,r)}))},_closeSteps:()=>{c=!1,u||Wl(a._readableStreamController),h||Wl(s._readableStreamController),u&&h||o(void 0)},_errorSteps:()=>{c=!1}})),fd(void 0)}function l(){}return a=ap(l,f,(function(t){if(u=!0,i=t,h){const t=lf([i,n]),r=up(e,t);o(r)}return d})),s=ap(l,f,(function(t){if(h=!0,n=t,u){const t=lf([i,n]),r=up(e,t);o(r)}return d})),md(r._closedPromise,(e=>{Vl(a._readableStreamController,e),Vl(s._readableStreamController,e),u&&h||o(void 0)})),[a,s]}(this);return lf(e)}values(e=undefined){if(!op(this))throw fp("values");return function(e,t){const r=Vd(e),i=new nf(r,t),n=Object.create(af);return n._asyncIteratorImpl=i,n}(this,function(e,t){return qd(e,t),{preventCancel:!!(null==e?void 0:e.preventCancel)}}(e,"First parameter").preventCancel)}}function ap(e,t,r,i=1,n=(()=>1)){const a=Object.create(np.prototype);sp(a);return Xl(a,Object.create(Ol.prototype),e,t,r,i,n),a}function sp(e){e._state="readable",e._reader=void 0,e._storedError=void 0,e._disturbed=!1}function op(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_readableStreamController")}function cp(e){return void 0!==e._reader}function up(e,t){if(e._disturbed=!0,"closed"===e._state)return fd(void 0);if("errored"===e._state)return ld(e._storedError);hp(e);return gd(e._readableStreamController[Id](t),id)}function hp(e){e._state="closed";const t=e._reader;void 0!==t&&(Dd(t),Jd(t)&&(t._readRequests.forEach((e=>{e._closeSteps()})),t._readRequests=new Ad))}function dp(e,t){e._state="errored",e._storedError=t;const r=e._reader;void 0!==r&&(Cd(r,t),Jd(r)?(r._readRequests.forEach((e=>{e._errorSteps(t)})),r._readRequests=new Ad):(r._readIntoRequests.forEach((e=>{e._errorSteps(t)})),r._readIntoRequests=new Ad))}function fp(e){return new TypeError(`ReadableStream.prototype.${e} can only be used on a ReadableStream`)}function lp(e,t){qd(e,t);const r=null==e?void 0:e.highWaterMark;return Nd(r,"highWaterMark","QueuingStrategyInit"),{highWaterMark:jd(r)}}Object.defineProperties(np.prototype,{cancel:{enumerable:!0},getReader:{enumerable:!0},pipeThrough:{enumerable:!0},pipeTo:{enumerable:!0},tee:{enumerable:!0},values:{enumerable:!0},locked:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(np.prototype,rd.toStringTag,{value:"ReadableStream",configurable:!0}),"symbol"==typeof rd.asyncIterator&&Object.defineProperty(np.prototype,rd.asyncIterator,{value:np.prototype.values,writable:!0,configurable:!0});const pp=function(e){return e.byteLength};class yp{constructor(e){Ld(e,1,"ByteLengthQueuingStrategy"),e=lp(e,"First parameter"),this._byteLengthQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!mp(this))throw bp("highWaterMark");return this._byteLengthQueuingStrategyHighWaterMark}get size(){if(!mp(this))throw bp("size");return pp}}function bp(e){return new TypeError(`ByteLengthQueuingStrategy.prototype.${e} can only be used on a ByteLengthQueuingStrategy`)}function mp(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_byteLengthQueuingStrategyHighWaterMark")}Object.defineProperties(yp.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(yp.prototype,rd.toStringTag,{value:"ByteLengthQueuingStrategy",configurable:!0});const gp=function(){return 1};class wp{constructor(e){Ld(e,1,"CountQueuingStrategy"),e=lp(e,"First parameter"),this._countQueuingStrategyHighWaterMark=e.highWaterMark}get highWaterMark(){if(!_p(this))throw vp("highWaterMark");return this._countQueuingStrategyHighWaterMark}get size(){if(!_p(this))throw vp("size");return gp}}function vp(e){return new TypeError(`CountQueuingStrategy.prototype.${e} can only be used on a CountQueuingStrategy`)}function _p(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_countQueuingStrategyHighWaterMark")}function kp(e,t,r){return Fd(e,r),r=>kd(e,t,[r])}function Ap(e,t,r){return Fd(e,r),r=>_d(e,t,[r])}function Sp(e,t,r){return Fd(e,r),(r,i)=>kd(e,t,[r,i])}Object.defineProperties(wp.prototype,{highWaterMark:{enumerable:!0},size:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(wp.prototype,rd.toStringTag,{value:"CountQueuingStrategy",configurable:!0});class Ep{constructor(e={},t={},r={}){void 0===e&&(e=null);const i=jf(t,"Second parameter"),n=jf(r,"Third parameter"),a=function(e,t){qd(e,t);const r=null==e?void 0:e.flush,i=null==e?void 0:e.readableType,n=null==e?void 0:e.start,a=null==e?void 0:e.transform,s=null==e?void 0:e.writableType;return{flush:void 0===r?void 0:kp(r,e,t+" has member 'flush' that"),readableType:i,start:void 0===n?void 0:Ap(n,e,t+" has member 'start' that"),transform:void 0===a?void 0:Sp(a,e,t+" has member 'transform' that"),writableType:s}}(e,"First parameter");if(void 0!==a.readableType)throw new RangeError("Invalid readableType specified");if(void 0!==a.writableType)throw new RangeError("Invalid writableType specified");const s=Lf(n,0),o=Nf(n),c=Lf(i,1),u=Nf(i);let h;!function(e,t,r,i,n,a){function s(){return t}function o(t){return function(e,t){const r=e._transformStreamController;if(e._backpressure){return gd(e._backpressureChangePromise,(()=>{const i=e._writable;if("erroring"===i._state)throw i._storedError;return Ip(r,t)}))}return Ip(r,t)}(e,t)}function c(t){return function(e,t){return xp(e,t),fd(void 0)}(e,t)}function u(){return function(e){const t=e._readable,r=e._transformStreamController,i=r._flushAlgorithm();return Up(r),gd(i,(()=>{if("errored"===t._state)throw t._storedError;Wl(t._readableStreamController)}),(r=>{throw xp(e,r),t._storedError}))}(e)}function h(){return function(e){return Kp(e,!1),e._backpressureChangePromise}(e)}function d(t){return Mp(e,t),fd(void 0)}e._writable=function(e,t,r,i,n=1,a=(()=>1)){const s=Object.create(Xf.prototype);return Qf(s),gl(s,Object.create(ml.prototype),e,t,r,i,n,a),s}(s,o,u,c,r,i),e._readable=ap(s,h,d,n,a),e._backpressure=void 0,e._backpressureChangePromise=void 0,e._backpressureChangePromise_resolve=void 0,Kp(e,!0),e._transformStreamController=void 0}(this,dd((e=>{h=e})),c,u,s,o),function(e,t){const r=Object.create(Cp.prototype);let i=e=>{try{return Rp(r,e),fd(void 0)}catch(e){return ld(e)}},n=()=>fd(void 0);void 0!==t.transform&&(i=e=>t.transform(e,r));void 0!==t.flush&&(n=()=>t.flush(r));!function(e,t,r,i){t._controlledTransformStream=e,e._transformStreamController=t,t._transformAlgorithm=r,t._flushAlgorithm=i}(e,r,i,n)}(this,a),void 0!==a.start?h(a.start(this._transformStreamController)):h(void 0)}get readable(){if(!Pp(this))throw Tp("readable");return this._readable}get writable(){if(!Pp(this))throw Tp("writable");return this._writable}}function Pp(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_transformStreamController")}function xp(e,t){Vl(e._readable._readableStreamController,t),Mp(e,t)}function Mp(e,t){Up(e._transformStreamController),kl(e._writable._writableStreamController,t),e._backpressure&&Kp(e,!1)}function Kp(e,t){void 0!==e._backpressureChangePromise&&e._backpressureChangePromise_resolve(),e._backpressureChangePromise=dd((t=>{e._backpressureChangePromise_resolve=t})),e._backpressure=t}Object.defineProperties(Ep.prototype,{readable:{enumerable:!0},writable:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(Ep.prototype,rd.toStringTag,{value:"TransformStream",configurable:!0});class Cp{constructor(){throw new TypeError("Illegal constructor")}get desiredSize(){if(!Dp(this))throw Bp("desiredSize");return $l(this._controlledTransformStream._readable._readableStreamController)}enqueue(e=undefined){if(!Dp(this))throw Bp("enqueue");Rp(this,e)}error(e=undefined){if(!Dp(this))throw Bp("error");var t;t=e,xp(this._controlledTransformStream,t)}terminate(){if(!Dp(this))throw Bp("terminate");!function(e){const t=e._controlledTransformStream,r=t._readable._readableStreamController;Wl(r);Mp(t,new TypeError("TransformStream terminated"))}(this)}}function Dp(e){return!!ad(e)&&!!Object.prototype.hasOwnProperty.call(e,"_controlledTransformStream")}function Up(e){e._transformAlgorithm=void 0,e._flushAlgorithm=void 0}function Rp(e,t){const r=e._controlledTransformStream,i=r._readable._readableStreamController;if(!Zl(i))throw new TypeError("Readable side is not in a state that permits enqueue");try{Gl(i,t)}catch(e){throw Mp(r,e),r._readable._storedError}const n=function(e){return!jl(e)}(i);n!==r._backpressure&&Kp(r,!0)}function Ip(e,t){return gd(e._transformAlgorithm(t),void 0,(t=>{throw xp(e._controlledTransformStream,t),t}))}function Bp(e){return new TypeError(`TransformStreamDefaultController.prototype.${e} can only be used on a TransformStreamDefaultController`)}function Tp(e){return new TypeError(`TransformStream.prototype.${e} can only be used on a TransformStream`)}Object.defineProperties(Cp.prototype,{enqueue:{enumerable:!0},error:{enumerable:!0},terminate:{enumerable:!0},desiredSize:{enumerable:!0}}),"symbol"==typeof rd.toStringTag&&Object.defineProperty(Cp.prototype,rd.toStringTag,{value:"TransformStreamDefaultController",configurable:!0});var zp=/*#__PURE__*/Object.freeze({__proto__:null,ByteLengthQueuingStrategy:yp,CountQueuingStrategy:wp,ReadableByteStreamController:yf,ReadableStream:np,ReadableStreamBYOBReader:qf,ReadableStreamBYOBRequest:pf,ReadableStreamDefaultController:Ol,ReadableStreamDefaultReader:Qd,TransformStream:Ep,TransformStreamDefaultController:Cp,WritableStream:Xf,WritableStreamDefaultController:ml,WritableStreamDefaultWriter:ul}),qp=function(e,t){return qp=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},qp(e,t)}; -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */function Fp(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+t+" is not a constructor or null");function r(){this.constructor=e}qp(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}function Op(e){if(!e)throw new TypeError("Assertion failed")}function Lp(){}function Np(e){return"object"==typeof e&&null!==e||"function"==typeof e}function jp(e){if("function"!=typeof e)return!1;var t=!1;try{new e({start:function(){t=!0}})}catch(e){}return t}function Hp(e){return!!Np(e)&&"function"==typeof e.getReader}function Wp(e){return!!Np(e)&&"function"==typeof e.getWriter}function Gp(e){return!!Np(e)&&(!!Hp(e.readable)&&!!Wp(e.writable))}function Vp(e){try{return e.getReader({mode:"byob"}).releaseLock(),!0}catch(e){return!1}}function $p(e,t){var r=(void 0===t?{}:t).type;return Op(Hp(e)),Op(!1===e.locked),"bytes"===(r=Zp(r))?new Jp(e):new Yp(e)}function Zp(e){var t=e+"";if("bytes"===t)return t;if(void 0===e)return e;throw new RangeError("Invalid type is specified")}var Xp=function(){function e(e){this._underlyingReader=void 0,this._readerMode=void 0,this._readableStreamController=void 0,this._pendingRead=void 0,this._underlyingStream=e,this._attachDefaultReader()}return e.prototype.start=function(e){this._readableStreamController=e},e.prototype.cancel=function(e){return Op(void 0!==this._underlyingReader),this._underlyingReader.cancel(e)},e.prototype._attachDefaultReader=function(){if("default"!==this._readerMode){this._detachReader();var e=this._underlyingStream.getReader();this._readerMode="default",this._attachReader(e)}},e.prototype._attachReader=function(e){var t=this;Op(void 0===this._underlyingReader),this._underlyingReader=e;var r=this._underlyingReader.closed;r&&r.then((function(){return t._finishPendingRead()})).then((function(){e===t._underlyingReader&&t._readableStreamController.close()}),(function(r){e===t._underlyingReader&&t._readableStreamController.error(r)})).catch(Lp)},e.prototype._detachReader=function(){void 0!==this._underlyingReader&&(this._underlyingReader.releaseLock(),this._underlyingReader=void 0,this._readerMode=void 0)},e.prototype._pullWithDefaultReader=function(){var e=this;this._attachDefaultReader();var t=this._underlyingReader.read().then((function(t){var r=e._readableStreamController;t.done?e._tryClose():r.enqueue(t.value)}));return this._setPendingRead(t),t},e.prototype._tryClose=function(){try{this._readableStreamController.close()}catch(e){}},e.prototype._setPendingRead=function(e){var t,r=this,i=function(){r._pendingRead===t&&(r._pendingRead=void 0)};this._pendingRead=t=e.then(i,i)},e.prototype._finishPendingRead=function(){var e=this;if(this._pendingRead){var t=function(){return e._finishPendingRead()};return this._pendingRead.then(t,t)}},e}(),Yp=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return Fp(t,e),t.prototype.pull=function(){return this._pullWithDefaultReader()},t}(Xp);function Qp(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}var Jp=function(e){function t(t){var r=this,i=Vp(t);return(r=e.call(this,t)||this)._supportsByob=i,r}return Fp(t,e),Object.defineProperty(t.prototype,"type",{get:function(){return"bytes"},enumerable:!1,configurable:!0}),t.prototype._attachByobReader=function(){if("byob"!==this._readerMode){Op(this._supportsByob),this._detachReader();var e=this._underlyingStream.getReader({mode:"byob"});this._readerMode="byob",this._attachReader(e)}},t.prototype.pull=function(){if(this._supportsByob){var e=this._readableStreamController.byobRequest;if(e)return this._pullWithByobRequest(e)}return this._pullWithDefaultReader()},t.prototype._pullWithByobRequest=function(e){var t=this;this._attachByobReader();var r=new Uint8Array(e.view.byteLength),i=this._underlyingReader.read(r).then((function(r){var i,n,a;t._readableStreamController,r.done?(t._tryClose(),e.respond(0)):(i=r.value,n=e.view,a=Qp(i),Qp(n).set(a,0),e.respond(r.value.byteLength))}));return this._setPendingRead(i),i},t}(Xp);function ey(e){Op(Wp(e)),Op(!1===e.locked);var t=e.getWriter();return new ty(t)}var ty=function(){function e(e){var t=this;this._writableStreamController=void 0,this._pendingWrite=void 0,this._state="writable",this._storedError=void 0,this._underlyingWriter=e,this._errorPromise=new Promise((function(e,r){t._errorPromiseReject=r})),this._errorPromise.catch(Lp)}return e.prototype.start=function(e){var t=this;this._writableStreamController=e,this._underlyingWriter.closed.then((function(){t._state="closed"})).catch((function(e){return t._finishErroring(e)}))},e.prototype.write=function(e){var t=this,r=this._underlyingWriter;if(null===r.desiredSize)return r.ready;var i=r.write(e);i.catch((function(e){return t._finishErroring(e)})),r.ready.catch((function(e){return t._startErroring(e)}));var n=Promise.race([i,this._errorPromise]);return this._setPendingWrite(n),n},e.prototype.close=function(){var e=this;return void 0===this._pendingWrite?this._underlyingWriter.close():this._finishPendingWrite().then((function(){return e.close()}))},e.prototype.abort=function(e){if("errored"!==this._state)return this._underlyingWriter.abort(e)},e.prototype._setPendingWrite=function(e){var t,r=this,i=function(){r._pendingWrite===t&&(r._pendingWrite=void 0)};this._pendingWrite=t=e.then(i,i)},e.prototype._finishPendingWrite=function(){var e=this;if(void 0===this._pendingWrite)return Promise.resolve();var t=function(){return e._finishPendingWrite()};return this._pendingWrite.then(t,t)},e.prototype._startErroring=function(e){var t=this;if("writable"===this._state){this._state="erroring",this._storedError=e;var r=function(){return t._finishErroring(e)};void 0===this._pendingWrite?r():this._finishPendingWrite().then(r,r),this._writableStreamController.error(e)}},e.prototype._finishErroring=function(e){"writable"===this._state&&this._startErroring(e),"erroring"===this._state&&(this._state="errored",this._errorPromiseReject(this._storedError))},e}();function ry(e){Op(Gp(e));var t=e.readable,r=e.writable;Op(!1===t.locked),Op(!1===r.locked);var i,n=t.getReader();try{i=r.getWriter()}catch(e){throw n.releaseLock(),e}return new iy(n,i)}var iy=function(){function e(e,t){var r=this;this._transformStreamController=void 0,this._onRead=function(e){if(!e.done)return r._transformStreamController.enqueue(e.value),r._reader.read().then(r._onRead)},this._onError=function(e){r._flushReject(e),r._transformStreamController.error(e),r._reader.cancel(e).catch(Lp),r._writer.abort(e).catch(Lp)},this._onTerminate=function(){r._flushResolve(),r._transformStreamController.terminate();var e=new TypeError("TransformStream terminated");r._writer.abort(e).catch(Lp)},this._reader=e,this._writer=t,this._flushPromise=new Promise((function(e,t){r._flushResolve=e,r._flushReject=t}))}return e.prototype.start=function(e){this._transformStreamController=e,this._reader.read().then(this._onRead).then(this._onTerminate,this._onError);var t=this._reader.closed;t&&t.then(this._onTerminate,this._onError)},e.prototype.transform=function(e){return this._writer.write(e)},e.prototype.flush=function(){var e=this;return this._writer.close().then((function(){return e._flushPromise}))},e}(),ny=/*#__PURE__*/Object.freeze({__proto__:null,createReadableStreamWrapper:function(e){Op(function(e){return!!jp(e)&&!!Hp(new e)}(e));var t=function(e){try{return new e({type:"bytes"}),!0}catch(e){return!1}}(e);return function(r,i){var n=(void 0===i?{}:i).type;if("bytes"!==(n=Zp(n))||t||(n=void 0),r.constructor===e&&("bytes"!==n||Vp(r)))return r;if("bytes"===n){var a=$p(r,{type:n});return new e(a)}a=$p(r);return new e(a)}},createTransformStreamWrapper:function(e){return Op(function(e){return!!jp(e)&&!!Gp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=ry(t);return new e(r)}},createWrappingReadableSource:$p,createWrappingTransformer:ry,createWrappingWritableSink:ey,createWritableStreamWrapper:function(e){return Op(function(e){return!!jp(e)&&!!Wp(new e)}(e)),function(t){if(t.constructor===e)return t;var r=ey(t);return new e(r)}}}),ay=it((function(e){!function(e,t){function r(e,t){if(!e)throw Error(t||"Assertion failed")}function i(e,t){e.super_=t;var r=function(){};r.prototype=t.prototype,e.prototype=new r,e.prototype.constructor=e}function n(e,t,r){if(n.isBN(e))return e;this.negative=0,this.words=null,this.length=0,this.red=null,null!==e&&("le"!==t&&"be"!==t||(r=t,t=10),this._init(e||0,t||10,r||"be"))}var a;"object"==typeof e?e.exports=n:t.BN=n,n.BN=n,n.wordSize=26;try{a=void 0}catch(e){}function s(e,t,r){for(var i=0,n=Math.min(e.length,r),a=t;a=49&&s<=54?s-49+10:s>=17&&s<=22?s-17+10:15&s}return i}function o(e,t,r,i){for(var n=0,a=Math.min(e.length,r),s=t;s=49?o-49+10:o>=17?o-17+10:o}return n}n.isBN=function(e){return e instanceof n||null!==e&&"object"==typeof e&&e.constructor.wordSize===n.wordSize&&Array.isArray(e.words)},n.max=function(e,t){return e.cmp(t)>0?e:t},n.min=function(e,t){return e.cmp(t)<0?e:t},n.prototype._init=function(e,t,i){if("number"==typeof e)return this._initNumber(e,t,i);if("object"==typeof e)return this._initArray(e,t,i);"hex"===t&&(t=16),r(t===(0|t)&&t>=2&&t<=36);var n=0;"-"===(e=e.toString().replace(/\s+/g,""))[0]&&n++,16===t?this._parseHex(e,n):this._parseBase(e,t,n),"-"===e[0]&&(this.negative=1),this.strip(),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initNumber=function(e,t,i){e<0&&(this.negative=1,e=-e),e<67108864?(this.words=[67108863&e],this.length=1):e<4503599627370496?(this.words=[67108863&e,e/67108864&67108863],this.length=2):(r(e<9007199254740992),this.words=[67108863&e,e/67108864&67108863,1],this.length=3),"le"===i&&this._initArray(this.toArray(),t,i)},n.prototype._initArray=function(e,t,i){if(r("number"==typeof e.length),e.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(e.length/3),this.words=Array(this.length);for(var n=0;n=0;n-=3)s=e[n]|e[n-1]<<8|e[n-2]<<16,this.words[a]|=s<>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);else if("le"===i)for(n=0,a=0;n>>26-o&67108863,(o+=24)>=26&&(o-=26,a++);return this.strip()},n.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=Array(this.length);for(var r=0;r=t;r-=6)n=s(e,r,r+6),this.words[i]|=n<>>26-a&4194303,(a+=24)>=26&&(a-=26,i++);r+6!==t&&(n=s(e,t,r+6),this.words[i]|=n<>>26-a&4194303),this.strip()},n.prototype._parseBase=function(e,t,r){this.words=[0],this.length=1;for(var i=0,n=1;n<=67108863;n*=t)i++;i--,n=n/t|0;for(var a=e.length-r,s=a%i,c=Math.min(a,a-s)+r,u=0,h=r;h1&&0===this.words[this.length-1];)this.length--;return this._normSign()},n.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},n.prototype.inspect=function(){return(this.red?""};var c=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],u=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],h=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function d(e,t,r){r.negative=t.negative^e.negative;var i=e.length+t.length|0;r.length=i,i=i-1|0;var n=0|e.words[0],a=0|t.words[0],s=n*a,o=67108863&s,c=s/67108864|0;r.words[0]=o;for(var u=1;u>>26,d=67108863&c,f=Math.min(u,t.length-1),l=Math.max(0,u-e.length+1);l<=f;l++){var p=u-l|0;h+=(s=(n=0|e.words[p])*(a=0|t.words[l])+d)/67108864|0,d=67108863&s}r.words[u]=0|d,c=0|h}return 0!==c?r.words[u]=0|c:r.length--,r.strip()}n.prototype.toString=function(e,t){var i;if(t=0|t||1,16===(e=e||10)||"hex"===e){i="";for(var n=0,a=0,s=0;s>>24-n&16777215)||s!==this.length-1?c[6-d.length]+d+i:d+i,(n+=2)>=26&&(n-=26,s--)}for(0!==a&&(i=a.toString(16)+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}if(e===(0|e)&&e>=2&&e<=36){var f=u[e],l=h[e];i="";var p=this.clone();for(p.negative=0;!p.isZero();){var y=p.modn(l).toString(e);i=(p=p.idivn(l)).isZero()?y+i:c[f-y.length]+y+i}for(this.isZero()&&(i="0"+i);i.length%t!=0;)i="0"+i;return 0!==this.negative&&(i="-"+i),i}r(!1,"Base should be between 2 and 36")},n.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:this.length>2&&r(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-e:e},n.prototype.toJSON=function(){return this.toString(16)},n.prototype.toBuffer=function(e,t){return r(void 0!==a),this.toArrayLike(a,e,t)},n.prototype.toArray=function(e,t){return this.toArrayLike(Array,e,t)},n.prototype.toArrayLike=function(e,t,i){var n=this.byteLength(),a=i||Math.max(1,n);r(n<=a,"byte array longer than desired length"),r(a>0,"Requested array length <= 0"),this.strip();var s,o,c="le"===t,u=new e(a),h=this.clone();if(c){for(o=0;!h.isZero();o++)s=h.andln(255),h.iushrn(8),u[o]=s;for(;o=4096&&(r+=13,t>>>=13),t>=64&&(r+=7,t>>>=7),t>=8&&(r+=4,t>>>=4),t>=2&&(r+=2,t>>>=2),r+t},n.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,r=0;return 0==(8191&t)&&(r+=13,t>>>=13),0==(127&t)&&(r+=7,t>>>=7),0==(15&t)&&(r+=4,t>>>=4),0==(3&t)&&(r+=2,t>>>=2),0==(1&t)&&r++,r},n.prototype.bitLength=function(){var e=this.words[this.length-1],t=this._countBits(e);return 26*(this.length-1)+t},n.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},n.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},n.prototype.iuand=function(e){var t;t=this.length>e.length?e:this;for(var r=0;re.length?this.clone().iand(e):e.clone().iand(this)},n.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},n.prototype.iuxor=function(e){var t,r;this.length>e.length?(t=this,r=e):(t=e,r=this);for(var i=0;ie.length?this.clone().ixor(e):e.clone().ixor(this)},n.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},n.prototype.inotn=function(e){r("number"==typeof e&&e>=0);var t=0|Math.ceil(e/26),i=e%26;this._expand(t),i>0&&t--;for(var n=0;n0&&(this.words[n]=~this.words[n]&67108863>>26-i),this.strip()},n.prototype.notn=function(e){return this.clone().inotn(e)},n.prototype.setn=function(e,t){r("number"==typeof e&&e>=0);var i=e/26|0,n=e%26;return this._expand(i+1),this.words[i]=t?this.words[i]|1<e.length?(r=this,i=e):(r=e,i=this);for(var n=0,a=0;a>>26;for(;0!==n&&a>>26;if(this.length=r.length,0!==n)this.words[this.length]=n,this.length++;else if(r!==this)for(;ae.length?this.clone().iadd(e):e.clone().iadd(this)},n.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var r,i,n=this.cmp(e);if(0===n)return this.negative=0,this.length=1,this.words[0]=0,this;n>0?(r=this,i=e):(r=e,i=this);for(var a=0,s=0;s>26,this.words[s]=67108863&t;for(;0!==a&&s>26,this.words[s]=67108863&t;if(0===a&&s>>13,l=0|s[1],p=8191&l,y=l>>>13,b=0|s[2],m=8191&b,g=b>>>13,w=0|s[3],v=8191&w,_=w>>>13,k=0|s[4],A=8191&k,S=k>>>13,E=0|s[5],P=8191&E,x=E>>>13,M=0|s[6],K=8191&M,C=M>>>13,D=0|s[7],U=8191&D,R=D>>>13,I=0|s[8],B=8191&I,T=I>>>13,z=0|s[9],q=8191&z,F=z>>>13,O=0|o[0],L=8191&O,N=O>>>13,j=0|o[1],H=8191&j,W=j>>>13,G=0|o[2],V=8191&G,$=G>>>13,Z=0|o[3],X=8191&Z,Y=Z>>>13,Q=0|o[4],J=8191&Q,ee=Q>>>13,te=0|o[5],re=8191&te,ie=te>>>13,ne=0|o[6],ae=8191&ne,se=ne>>>13,oe=0|o[7],ce=8191&oe,ue=oe>>>13,he=0|o[8],de=8191&he,fe=he>>>13,le=0|o[9],pe=8191&le,ye=le>>>13;r.negative=e.negative^t.negative,r.length=19;var be=(u+(i=Math.imul(d,L))|0)+((8191&(n=(n=Math.imul(d,N))+Math.imul(f,L)|0))<<13)|0;u=((a=Math.imul(f,N))+(n>>>13)|0)+(be>>>26)|0,be&=67108863,i=Math.imul(p,L),n=(n=Math.imul(p,N))+Math.imul(y,L)|0,a=Math.imul(y,N);var me=(u+(i=i+Math.imul(d,H)|0)|0)+((8191&(n=(n=n+Math.imul(d,W)|0)+Math.imul(f,H)|0))<<13)|0;u=((a=a+Math.imul(f,W)|0)+(n>>>13)|0)+(me>>>26)|0,me&=67108863,i=Math.imul(m,L),n=(n=Math.imul(m,N))+Math.imul(g,L)|0,a=Math.imul(g,N),i=i+Math.imul(p,H)|0,n=(n=n+Math.imul(p,W)|0)+Math.imul(y,H)|0,a=a+Math.imul(y,W)|0;var ge=(u+(i=i+Math.imul(d,V)|0)|0)+((8191&(n=(n=n+Math.imul(d,$)|0)+Math.imul(f,V)|0))<<13)|0;u=((a=a+Math.imul(f,$)|0)+(n>>>13)|0)+(ge>>>26)|0,ge&=67108863,i=Math.imul(v,L),n=(n=Math.imul(v,N))+Math.imul(_,L)|0,a=Math.imul(_,N),i=i+Math.imul(m,H)|0,n=(n=n+Math.imul(m,W)|0)+Math.imul(g,H)|0,a=a+Math.imul(g,W)|0,i=i+Math.imul(p,V)|0,n=(n=n+Math.imul(p,$)|0)+Math.imul(y,V)|0,a=a+Math.imul(y,$)|0;var we=(u+(i=i+Math.imul(d,X)|0)|0)+((8191&(n=(n=n+Math.imul(d,Y)|0)+Math.imul(f,X)|0))<<13)|0;u=((a=a+Math.imul(f,Y)|0)+(n>>>13)|0)+(we>>>26)|0,we&=67108863,i=Math.imul(A,L),n=(n=Math.imul(A,N))+Math.imul(S,L)|0,a=Math.imul(S,N),i=i+Math.imul(v,H)|0,n=(n=n+Math.imul(v,W)|0)+Math.imul(_,H)|0,a=a+Math.imul(_,W)|0,i=i+Math.imul(m,V)|0,n=(n=n+Math.imul(m,$)|0)+Math.imul(g,V)|0,a=a+Math.imul(g,$)|0,i=i+Math.imul(p,X)|0,n=(n=n+Math.imul(p,Y)|0)+Math.imul(y,X)|0,a=a+Math.imul(y,Y)|0;var ve=(u+(i=i+Math.imul(d,J)|0)|0)+((8191&(n=(n=n+Math.imul(d,ee)|0)+Math.imul(f,J)|0))<<13)|0;u=((a=a+Math.imul(f,ee)|0)+(n>>>13)|0)+(ve>>>26)|0,ve&=67108863,i=Math.imul(P,L),n=(n=Math.imul(P,N))+Math.imul(x,L)|0,a=Math.imul(x,N),i=i+Math.imul(A,H)|0,n=(n=n+Math.imul(A,W)|0)+Math.imul(S,H)|0,a=a+Math.imul(S,W)|0,i=i+Math.imul(v,V)|0,n=(n=n+Math.imul(v,$)|0)+Math.imul(_,V)|0,a=a+Math.imul(_,$)|0,i=i+Math.imul(m,X)|0,n=(n=n+Math.imul(m,Y)|0)+Math.imul(g,X)|0,a=a+Math.imul(g,Y)|0,i=i+Math.imul(p,J)|0,n=(n=n+Math.imul(p,ee)|0)+Math.imul(y,J)|0,a=a+Math.imul(y,ee)|0;var _e=(u+(i=i+Math.imul(d,re)|0)|0)+((8191&(n=(n=n+Math.imul(d,ie)|0)+Math.imul(f,re)|0))<<13)|0;u=((a=a+Math.imul(f,ie)|0)+(n>>>13)|0)+(_e>>>26)|0,_e&=67108863,i=Math.imul(K,L),n=(n=Math.imul(K,N))+Math.imul(C,L)|0,a=Math.imul(C,N),i=i+Math.imul(P,H)|0,n=(n=n+Math.imul(P,W)|0)+Math.imul(x,H)|0,a=a+Math.imul(x,W)|0,i=i+Math.imul(A,V)|0,n=(n=n+Math.imul(A,$)|0)+Math.imul(S,V)|0,a=a+Math.imul(S,$)|0,i=i+Math.imul(v,X)|0,n=(n=n+Math.imul(v,Y)|0)+Math.imul(_,X)|0,a=a+Math.imul(_,Y)|0,i=i+Math.imul(m,J)|0,n=(n=n+Math.imul(m,ee)|0)+Math.imul(g,J)|0,a=a+Math.imul(g,ee)|0,i=i+Math.imul(p,re)|0,n=(n=n+Math.imul(p,ie)|0)+Math.imul(y,re)|0,a=a+Math.imul(y,ie)|0;var ke=(u+(i=i+Math.imul(d,ae)|0)|0)+((8191&(n=(n=n+Math.imul(d,se)|0)+Math.imul(f,ae)|0))<<13)|0;u=((a=a+Math.imul(f,se)|0)+(n>>>13)|0)+(ke>>>26)|0,ke&=67108863,i=Math.imul(U,L),n=(n=Math.imul(U,N))+Math.imul(R,L)|0,a=Math.imul(R,N),i=i+Math.imul(K,H)|0,n=(n=n+Math.imul(K,W)|0)+Math.imul(C,H)|0,a=a+Math.imul(C,W)|0,i=i+Math.imul(P,V)|0,n=(n=n+Math.imul(P,$)|0)+Math.imul(x,V)|0,a=a+Math.imul(x,$)|0,i=i+Math.imul(A,X)|0,n=(n=n+Math.imul(A,Y)|0)+Math.imul(S,X)|0,a=a+Math.imul(S,Y)|0,i=i+Math.imul(v,J)|0,n=(n=n+Math.imul(v,ee)|0)+Math.imul(_,J)|0,a=a+Math.imul(_,ee)|0,i=i+Math.imul(m,re)|0,n=(n=n+Math.imul(m,ie)|0)+Math.imul(g,re)|0,a=a+Math.imul(g,ie)|0,i=i+Math.imul(p,ae)|0,n=(n=n+Math.imul(p,se)|0)+Math.imul(y,ae)|0,a=a+Math.imul(y,se)|0;var Ae=(u+(i=i+Math.imul(d,ce)|0)|0)+((8191&(n=(n=n+Math.imul(d,ue)|0)+Math.imul(f,ce)|0))<<13)|0;u=((a=a+Math.imul(f,ue)|0)+(n>>>13)|0)+(Ae>>>26)|0,Ae&=67108863,i=Math.imul(B,L),n=(n=Math.imul(B,N))+Math.imul(T,L)|0,a=Math.imul(T,N),i=i+Math.imul(U,H)|0,n=(n=n+Math.imul(U,W)|0)+Math.imul(R,H)|0,a=a+Math.imul(R,W)|0,i=i+Math.imul(K,V)|0,n=(n=n+Math.imul(K,$)|0)+Math.imul(C,V)|0,a=a+Math.imul(C,$)|0,i=i+Math.imul(P,X)|0,n=(n=n+Math.imul(P,Y)|0)+Math.imul(x,X)|0,a=a+Math.imul(x,Y)|0,i=i+Math.imul(A,J)|0,n=(n=n+Math.imul(A,ee)|0)+Math.imul(S,J)|0,a=a+Math.imul(S,ee)|0,i=i+Math.imul(v,re)|0,n=(n=n+Math.imul(v,ie)|0)+Math.imul(_,re)|0,a=a+Math.imul(_,ie)|0,i=i+Math.imul(m,ae)|0,n=(n=n+Math.imul(m,se)|0)+Math.imul(g,ae)|0,a=a+Math.imul(g,se)|0,i=i+Math.imul(p,ce)|0,n=(n=n+Math.imul(p,ue)|0)+Math.imul(y,ce)|0,a=a+Math.imul(y,ue)|0;var Se=(u+(i=i+Math.imul(d,de)|0)|0)+((8191&(n=(n=n+Math.imul(d,fe)|0)+Math.imul(f,de)|0))<<13)|0;u=((a=a+Math.imul(f,fe)|0)+(n>>>13)|0)+(Se>>>26)|0,Se&=67108863,i=Math.imul(q,L),n=(n=Math.imul(q,N))+Math.imul(F,L)|0,a=Math.imul(F,N),i=i+Math.imul(B,H)|0,n=(n=n+Math.imul(B,W)|0)+Math.imul(T,H)|0,a=a+Math.imul(T,W)|0,i=i+Math.imul(U,V)|0,n=(n=n+Math.imul(U,$)|0)+Math.imul(R,V)|0,a=a+Math.imul(R,$)|0,i=i+Math.imul(K,X)|0,n=(n=n+Math.imul(K,Y)|0)+Math.imul(C,X)|0,a=a+Math.imul(C,Y)|0,i=i+Math.imul(P,J)|0,n=(n=n+Math.imul(P,ee)|0)+Math.imul(x,J)|0,a=a+Math.imul(x,ee)|0,i=i+Math.imul(A,re)|0,n=(n=n+Math.imul(A,ie)|0)+Math.imul(S,re)|0,a=a+Math.imul(S,ie)|0,i=i+Math.imul(v,ae)|0,n=(n=n+Math.imul(v,se)|0)+Math.imul(_,ae)|0,a=a+Math.imul(_,se)|0,i=i+Math.imul(m,ce)|0,n=(n=n+Math.imul(m,ue)|0)+Math.imul(g,ce)|0,a=a+Math.imul(g,ue)|0,i=i+Math.imul(p,de)|0,n=(n=n+Math.imul(p,fe)|0)+Math.imul(y,de)|0,a=a+Math.imul(y,fe)|0;var Ee=(u+(i=i+Math.imul(d,pe)|0)|0)+((8191&(n=(n=n+Math.imul(d,ye)|0)+Math.imul(f,pe)|0))<<13)|0;u=((a=a+Math.imul(f,ye)|0)+(n>>>13)|0)+(Ee>>>26)|0,Ee&=67108863,i=Math.imul(q,H),n=(n=Math.imul(q,W))+Math.imul(F,H)|0,a=Math.imul(F,W),i=i+Math.imul(B,V)|0,n=(n=n+Math.imul(B,$)|0)+Math.imul(T,V)|0,a=a+Math.imul(T,$)|0,i=i+Math.imul(U,X)|0,n=(n=n+Math.imul(U,Y)|0)+Math.imul(R,X)|0,a=a+Math.imul(R,Y)|0,i=i+Math.imul(K,J)|0,n=(n=n+Math.imul(K,ee)|0)+Math.imul(C,J)|0,a=a+Math.imul(C,ee)|0,i=i+Math.imul(P,re)|0,n=(n=n+Math.imul(P,ie)|0)+Math.imul(x,re)|0,a=a+Math.imul(x,ie)|0,i=i+Math.imul(A,ae)|0,n=(n=n+Math.imul(A,se)|0)+Math.imul(S,ae)|0,a=a+Math.imul(S,se)|0,i=i+Math.imul(v,ce)|0,n=(n=n+Math.imul(v,ue)|0)+Math.imul(_,ce)|0,a=a+Math.imul(_,ue)|0,i=i+Math.imul(m,de)|0,n=(n=n+Math.imul(m,fe)|0)+Math.imul(g,de)|0,a=a+Math.imul(g,fe)|0;var Pe=(u+(i=i+Math.imul(p,pe)|0)|0)+((8191&(n=(n=n+Math.imul(p,ye)|0)+Math.imul(y,pe)|0))<<13)|0;u=((a=a+Math.imul(y,ye)|0)+(n>>>13)|0)+(Pe>>>26)|0,Pe&=67108863,i=Math.imul(q,V),n=(n=Math.imul(q,$))+Math.imul(F,V)|0,a=Math.imul(F,$),i=i+Math.imul(B,X)|0,n=(n=n+Math.imul(B,Y)|0)+Math.imul(T,X)|0,a=a+Math.imul(T,Y)|0,i=i+Math.imul(U,J)|0,n=(n=n+Math.imul(U,ee)|0)+Math.imul(R,J)|0,a=a+Math.imul(R,ee)|0,i=i+Math.imul(K,re)|0,n=(n=n+Math.imul(K,ie)|0)+Math.imul(C,re)|0,a=a+Math.imul(C,ie)|0,i=i+Math.imul(P,ae)|0,n=(n=n+Math.imul(P,se)|0)+Math.imul(x,ae)|0,a=a+Math.imul(x,se)|0,i=i+Math.imul(A,ce)|0,n=(n=n+Math.imul(A,ue)|0)+Math.imul(S,ce)|0,a=a+Math.imul(S,ue)|0,i=i+Math.imul(v,de)|0,n=(n=n+Math.imul(v,fe)|0)+Math.imul(_,de)|0,a=a+Math.imul(_,fe)|0;var xe=(u+(i=i+Math.imul(m,pe)|0)|0)+((8191&(n=(n=n+Math.imul(m,ye)|0)+Math.imul(g,pe)|0))<<13)|0;u=((a=a+Math.imul(g,ye)|0)+(n>>>13)|0)+(xe>>>26)|0,xe&=67108863,i=Math.imul(q,X),n=(n=Math.imul(q,Y))+Math.imul(F,X)|0,a=Math.imul(F,Y),i=i+Math.imul(B,J)|0,n=(n=n+Math.imul(B,ee)|0)+Math.imul(T,J)|0,a=a+Math.imul(T,ee)|0,i=i+Math.imul(U,re)|0,n=(n=n+Math.imul(U,ie)|0)+Math.imul(R,re)|0,a=a+Math.imul(R,ie)|0,i=i+Math.imul(K,ae)|0,n=(n=n+Math.imul(K,se)|0)+Math.imul(C,ae)|0,a=a+Math.imul(C,se)|0,i=i+Math.imul(P,ce)|0,n=(n=n+Math.imul(P,ue)|0)+Math.imul(x,ce)|0,a=a+Math.imul(x,ue)|0,i=i+Math.imul(A,de)|0,n=(n=n+Math.imul(A,fe)|0)+Math.imul(S,de)|0,a=a+Math.imul(S,fe)|0;var Me=(u+(i=i+Math.imul(v,pe)|0)|0)+((8191&(n=(n=n+Math.imul(v,ye)|0)+Math.imul(_,pe)|0))<<13)|0;u=((a=a+Math.imul(_,ye)|0)+(n>>>13)|0)+(Me>>>26)|0,Me&=67108863,i=Math.imul(q,J),n=(n=Math.imul(q,ee))+Math.imul(F,J)|0,a=Math.imul(F,ee),i=i+Math.imul(B,re)|0,n=(n=n+Math.imul(B,ie)|0)+Math.imul(T,re)|0,a=a+Math.imul(T,ie)|0,i=i+Math.imul(U,ae)|0,n=(n=n+Math.imul(U,se)|0)+Math.imul(R,ae)|0,a=a+Math.imul(R,se)|0,i=i+Math.imul(K,ce)|0,n=(n=n+Math.imul(K,ue)|0)+Math.imul(C,ce)|0,a=a+Math.imul(C,ue)|0,i=i+Math.imul(P,de)|0,n=(n=n+Math.imul(P,fe)|0)+Math.imul(x,de)|0,a=a+Math.imul(x,fe)|0;var Ke=(u+(i=i+Math.imul(A,pe)|0)|0)+((8191&(n=(n=n+Math.imul(A,ye)|0)+Math.imul(S,pe)|0))<<13)|0;u=((a=a+Math.imul(S,ye)|0)+(n>>>13)|0)+(Ke>>>26)|0,Ke&=67108863,i=Math.imul(q,re),n=(n=Math.imul(q,ie))+Math.imul(F,re)|0,a=Math.imul(F,ie),i=i+Math.imul(B,ae)|0,n=(n=n+Math.imul(B,se)|0)+Math.imul(T,ae)|0,a=a+Math.imul(T,se)|0,i=i+Math.imul(U,ce)|0,n=(n=n+Math.imul(U,ue)|0)+Math.imul(R,ce)|0,a=a+Math.imul(R,ue)|0,i=i+Math.imul(K,de)|0,n=(n=n+Math.imul(K,fe)|0)+Math.imul(C,de)|0,a=a+Math.imul(C,fe)|0;var Ce=(u+(i=i+Math.imul(P,pe)|0)|0)+((8191&(n=(n=n+Math.imul(P,ye)|0)+Math.imul(x,pe)|0))<<13)|0;u=((a=a+Math.imul(x,ye)|0)+(n>>>13)|0)+(Ce>>>26)|0,Ce&=67108863,i=Math.imul(q,ae),n=(n=Math.imul(q,se))+Math.imul(F,ae)|0,a=Math.imul(F,se),i=i+Math.imul(B,ce)|0,n=(n=n+Math.imul(B,ue)|0)+Math.imul(T,ce)|0,a=a+Math.imul(T,ue)|0,i=i+Math.imul(U,de)|0,n=(n=n+Math.imul(U,fe)|0)+Math.imul(R,de)|0,a=a+Math.imul(R,fe)|0;var De=(u+(i=i+Math.imul(K,pe)|0)|0)+((8191&(n=(n=n+Math.imul(K,ye)|0)+Math.imul(C,pe)|0))<<13)|0;u=((a=a+Math.imul(C,ye)|0)+(n>>>13)|0)+(De>>>26)|0,De&=67108863,i=Math.imul(q,ce),n=(n=Math.imul(q,ue))+Math.imul(F,ce)|0,a=Math.imul(F,ue),i=i+Math.imul(B,de)|0,n=(n=n+Math.imul(B,fe)|0)+Math.imul(T,de)|0,a=a+Math.imul(T,fe)|0;var Ue=(u+(i=i+Math.imul(U,pe)|0)|0)+((8191&(n=(n=n+Math.imul(U,ye)|0)+Math.imul(R,pe)|0))<<13)|0;u=((a=a+Math.imul(R,ye)|0)+(n>>>13)|0)+(Ue>>>26)|0,Ue&=67108863,i=Math.imul(q,de),n=(n=Math.imul(q,fe))+Math.imul(F,de)|0,a=Math.imul(F,fe);var Re=(u+(i=i+Math.imul(B,pe)|0)|0)+((8191&(n=(n=n+Math.imul(B,ye)|0)+Math.imul(T,pe)|0))<<13)|0;u=((a=a+Math.imul(T,ye)|0)+(n>>>13)|0)+(Re>>>26)|0,Re&=67108863;var Ie=(u+(i=Math.imul(q,pe))|0)+((8191&(n=(n=Math.imul(q,ye))+Math.imul(F,pe)|0))<<13)|0;return u=((a=Math.imul(F,ye))+(n>>>13)|0)+(Ie>>>26)|0,Ie&=67108863,c[0]=be,c[1]=me,c[2]=ge,c[3]=we,c[4]=ve,c[5]=_e,c[6]=ke,c[7]=Ae,c[8]=Se,c[9]=Ee,c[10]=Pe,c[11]=xe,c[12]=Me,c[13]=Ke,c[14]=Ce,c[15]=De,c[16]=Ue,c[17]=Re,c[18]=Ie,0!==u&&(c[19]=u,r.length++),r};function l(e,t,r){return(new p).mulp(e,t,r)}function p(e,t){this.x=e,this.y=t}Math.imul||(f=d),n.prototype.mulTo=function(e,t){var r,i=this.length+e.length;return r=10===this.length&&10===e.length?f(this,e,t):i<63?d(this,e,t):i<1024?function(e,t,r){r.negative=t.negative^e.negative,r.length=e.length+t.length;for(var i=0,n=0,a=0;a>>26)|0)>>>26,s&=67108863}r.words[a]=o,i=s,s=n}return 0!==i?r.words[a]=i:r.length--,r.strip()}(this,e,t):l(this,e,t),r},p.prototype.makeRBT=function(e){for(var t=Array(e),r=n.prototype._countBits(e)-1,i=0;i>=1;return i},p.prototype.permute=function(e,t,r,i,n,a){for(var s=0;s>>=1)n++;return 1<>>=13,i[2*s+1]=8191&a,a>>>=13;for(s=2*t;s>=26,t+=n/67108864|0,t+=a>>>26,this.words[i]=67108863&a}return 0!==t&&(this.words[i]=t,this.length++),this},n.prototype.muln=function(e){return this.clone().imuln(e)},n.prototype.sqr=function(){return this.mul(this)},n.prototype.isqr=function(){return this.imul(this.clone())},n.prototype.pow=function(e){var t=function(e){for(var t=Array(e.bitLength()),r=0;r>>n}return t}(e);if(0===t.length)return new n(1);for(var r=this,i=0;i=0);var t,i=e%26,n=(e-i)/26,a=67108863>>>26-i<<26-i;if(0!==i){var s=0;for(t=0;t>>26-i}s&&(this.words[t]=s,this.length++)}if(0!==n){for(t=this.length-1;t>=0;t--)this.words[t+n]=this.words[t];for(t=0;t=0),n=t?(t-t%26)/26:0;var a=e%26,s=Math.min((e-a)/26,this.length),o=67108863^67108863>>>a<s)for(this.length-=s,u=0;u=0&&(0!==h||u>=n);u--){var d=0|this.words[u];this.words[u]=h<<26-a|d>>>a,h=d&o}return c&&0!==h&&(c.words[c.length++]=h),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},n.prototype.ishrn=function(e,t,i){return r(0===this.negative),this.iushrn(e,t,i)},n.prototype.shln=function(e){return this.clone().ishln(e)},n.prototype.ushln=function(e){return this.clone().iushln(e)},n.prototype.shrn=function(e){return this.clone().ishrn(e)},n.prototype.ushrn=function(e){return this.clone().iushrn(e)},n.prototype.testn=function(e){r("number"==typeof e&&e>=0);var t=e%26,i=(e-t)/26,n=1<=0);var t=e%26,i=(e-t)/26;if(r(0===this.negative,"imaskn works only with positive numbers"),this.length<=i)return this;if(0!==t&&i++,this.length=Math.min(i,this.length),0!==t){var n=67108863^67108863>>>t<=67108864;t++)this.words[t]-=67108864,t===this.length-1?this.words[t+1]=1:this.words[t+1]++;return this.length=Math.max(this.length,t+1),this},n.prototype.isubn=function(e){if(r("number"==typeof e),r(e<67108864),e<0)return this.iaddn(-e);if(0!==this.negative)return this.negative=0,this.iaddn(e),this.negative=1,this;if(this.words[0]-=e,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var t=0;t>26)-(c/67108864|0),this.words[n+i]=67108863&a}for(;n>26,this.words[n+i]=67108863&a;if(0===o)return this.strip();for(r(-1===o),o=0,n=0;n>26,this.words[n]=67108863&a;return this.negative=1,this.strip()},n.prototype._wordDiv=function(e,t){var r=(this.length,e.length),i=this.clone(),a=e,s=0|a.words[a.length-1];0!==(r=26-this._countBits(s))&&(a=a.ushln(r),i.iushln(r),s=0|a.words[a.length-1]);var o,c=i.length-a.length;if("mod"!==t){(o=new n(null)).length=c+1,o.words=Array(o.length);for(var u=0;u=0;d--){var f=67108864*(0|i.words[a.length+d])+(0|i.words[a.length+d-1]);for(f=Math.min(f/s|0,67108863),i._ishlnsubmul(a,f,d);0!==i.negative;)f--,i.negative=0,i._ishlnsubmul(a,1,d),i.isZero()||(i.negative^=1);o&&(o.words[d]=f)}return o&&o.strip(),i.strip(),"div"!==t&&0!==r&&i.iushrn(r),{div:o||null,mod:i}},n.prototype.divmod=function(e,t,i){return r(!e.isZero()),this.isZero()?{div:new n(0),mod:new n(0)}:0!==this.negative&&0===e.negative?(o=this.neg().divmod(e,t),"mod"!==t&&(a=o.div.neg()),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.iadd(e)),{div:a,mod:s}):0===this.negative&&0!==e.negative?(o=this.divmod(e.neg(),t),"mod"!==t&&(a=o.div.neg()),{div:a,mod:o.mod}):0!=(this.negative&e.negative)?(o=this.neg().divmod(e.neg(),t),"div"!==t&&(s=o.mod.neg(),i&&0!==s.negative&&s.isub(e)),{div:o.div,mod:s}):e.length>this.length||this.cmp(e)<0?{div:new n(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new n(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new n(this.modn(e.words[0]))}:this._wordDiv(e,t);var a,s,o},n.prototype.div=function(e){return this.divmod(e,"div",!1).div},n.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},n.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},n.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var r=0!==t.div.negative?t.mod.isub(e):t.mod,i=e.ushrn(1),n=e.andln(1),a=r.cmp(i);return a<0||1===n&&0===a?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},n.prototype.modn=function(e){r(e<=67108863);for(var t=(1<<26)%e,i=0,n=this.length-1;n>=0;n--)i=(t*i+(0|this.words[n]))%e;return i},n.prototype.idivn=function(e){r(e<=67108863);for(var t=0,i=this.length-1;i>=0;i--){var n=(0|this.words[i])+67108864*t;this.words[i]=n/e|0,t=n%e}return this.strip()},n.prototype.divn=function(e){return this.clone().idivn(e)},n.prototype.egcd=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a=new n(1),s=new n(0),o=new n(0),c=new n(1),u=0;t.isEven()&&i.isEven();)t.iushrn(1),i.iushrn(1),++u;for(var h=i.clone(),d=t.clone();!t.isZero();){for(var f=0,l=1;0==(t.words[0]&l)&&f<26;++f,l<<=1);if(f>0)for(t.iushrn(f);f-- >0;)(a.isOdd()||s.isOdd())&&(a.iadd(h),s.isub(d)),a.iushrn(1),s.iushrn(1);for(var p=0,y=1;0==(i.words[0]&y)&&p<26;++p,y<<=1);if(p>0)for(i.iushrn(p);p-- >0;)(o.isOdd()||c.isOdd())&&(o.iadd(h),c.isub(d)),o.iushrn(1),c.iushrn(1);t.cmp(i)>=0?(t.isub(i),a.isub(o),s.isub(c)):(i.isub(t),o.isub(a),c.isub(s))}return{a:o,b:c,gcd:i.iushln(u)}},n.prototype._invmp=function(e){r(0===e.negative),r(!e.isZero());var t=this,i=e.clone();t=0!==t.negative?t.umod(e):t.clone();for(var a,s=new n(1),o=new n(0),c=i.clone();t.cmpn(1)>0&&i.cmpn(1)>0;){for(var u=0,h=1;0==(t.words[0]&h)&&u<26;++u,h<<=1);if(u>0)for(t.iushrn(u);u-- >0;)s.isOdd()&&s.iadd(c),s.iushrn(1);for(var d=0,f=1;0==(i.words[0]&f)&&d<26;++d,f<<=1);if(d>0)for(i.iushrn(d);d-- >0;)o.isOdd()&&o.iadd(c),o.iushrn(1);t.cmp(i)>=0?(t.isub(i),s.isub(o)):(i.isub(t),o.isub(s))}return(a=0===t.cmpn(1)?s:o).cmpn(0)<0&&a.iadd(e),a},n.prototype.gcd=function(e){if(this.isZero())return e.abs();if(e.isZero())return this.abs();var t=this.clone(),r=e.clone();t.negative=0,r.negative=0;for(var i=0;t.isEven()&&r.isEven();i++)t.iushrn(1),r.iushrn(1);for(;;){for(;t.isEven();)t.iushrn(1);for(;r.isEven();)r.iushrn(1);var n=t.cmp(r);if(n<0){var a=t;t=r,r=a}else if(0===n||0===r.cmpn(1))break;t.isub(r)}return r.iushln(i)},n.prototype.invm=function(e){return this.egcd(e).a.umod(e)},n.prototype.isEven=function(){return 0==(1&this.words[0])},n.prototype.isOdd=function(){return 1==(1&this.words[0])},n.prototype.andln=function(e){return this.words[0]&e},n.prototype.bincn=function(e){r("number"==typeof e);var t=e%26,i=(e-t)/26,n=1<>>26,o&=67108863,this.words[s]=o}return 0!==a&&(this.words[s]=a,this.length++),this},n.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},n.prototype.cmpn=function(e){var t,i=e<0;if(0!==this.negative&&!i)return-1;if(0===this.negative&&i)return 1;if(this.strip(),this.length>1)t=1;else{i&&(e=-e),r(e<=67108863,"Number is too big");var n=0|this.words[0];t=n===e?0:ne.length)return 1;if(this.length=0;r--){var i=0|this.words[r],n=0|e.words[r];if(i!==n){in&&(t=1);break}}return t},n.prototype.gtn=function(e){return 1===this.cmpn(e)},n.prototype.gt=function(e){return 1===this.cmp(e)},n.prototype.gten=function(e){return this.cmpn(e)>=0},n.prototype.gte=function(e){return this.cmp(e)>=0},n.prototype.ltn=function(e){return-1===this.cmpn(e)},n.prototype.lt=function(e){return-1===this.cmp(e)},n.prototype.lten=function(e){return this.cmpn(e)<=0},n.prototype.lte=function(e){return this.cmp(e)<=0},n.prototype.eqn=function(e){return 0===this.cmpn(e)},n.prototype.eq=function(e){return 0===this.cmp(e)},n.red=function(e){return new _(e)},n.prototype.toRed=function(e){return r(!this.red,"Already a number in reduction context"),r(0===this.negative,"red works only with positives"),e.convertTo(this)._forceRed(e)},n.prototype.fromRed=function(){return r(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},n.prototype._forceRed=function(e){return this.red=e,this},n.prototype.forceRed=function(e){return r(!this.red,"Already a number in reduction context"),this._forceRed(e)},n.prototype.redAdd=function(e){return r(this.red,"redAdd works only with red numbers"),this.red.add(this,e)},n.prototype.redIAdd=function(e){return r(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,e)},n.prototype.redSub=function(e){return r(this.red,"redSub works only with red numbers"),this.red.sub(this,e)},n.prototype.redISub=function(e){return r(this.red,"redISub works only with red numbers"),this.red.isub(this,e)},n.prototype.redShl=function(e){return r(this.red,"redShl works only with red numbers"),this.red.shl(this,e)},n.prototype.redMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.mul(this,e)},n.prototype.redIMul=function(e){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,e),this.red.imul(this,e)},n.prototype.redSqr=function(){return r(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},n.prototype.redISqr=function(){return r(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},n.prototype.redSqrt=function(){return r(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},n.prototype.redInvm=function(){return r(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},n.prototype.redNeg=function(){return r(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},n.prototype.redPow=function(e){return r(this.red&&!e.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,e)};var y={k256:null,p224:null,p192:null,p25519:null};function b(e,t){this.name=e,this.p=new n(t,16),this.n=this.p.bitLength(),this.k=new n(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function m(){b.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function g(){b.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function w(){b.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function v(){b.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function _(e){if("string"==typeof e){var t=n._prime(e);this.m=t.p,this.prime=t}else r(e.gtn(1),"modulus must be greater than 1"),this.m=e,this.prime=null}function k(e){_.call(this,e),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new n(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}b.prototype._tmp=function(){var e=new n(null);return e.words=Array(Math.ceil(this.n/13)),e},b.prototype.ireduce=function(e){var t,r=e;do{this.split(r,this.tmp),t=(r=(r=this.imulK(r)).iadd(this.tmp)).bitLength()}while(t>this.n);var i=t0?r.isub(this.p):r.strip(),r},b.prototype.split=function(e,t){e.iushrn(this.n,0,t)},b.prototype.imulK=function(e){return e.imul(this.k)},i(m,b),m.prototype.split=function(e,t){for(var r=4194303,i=Math.min(e.length,9),n=0;n>>22,a=s}a>>>=22,e.words[n-10]=a,0===a&&e.length>10?e.length-=10:e.length-=9},m.prototype.imulK=function(e){e.words[e.length]=0,e.words[e.length+1]=0,e.length+=2;for(var t=0,r=0;r>>=26,e.words[r]=n,t=i}return 0!==t&&(e.words[e.length++]=t),e},n._prime=function(e){if(y[e])return y[e];var t;if("k256"===e)t=new m;else if("p224"===e)t=new g;else if("p192"===e)t=new w;else{if("p25519"!==e)throw Error("Unknown prime "+e);t=new v}return y[e]=t,t},_.prototype._verify1=function(e){r(0===e.negative,"red works only with positives"),r(e.red,"red works only with red numbers")},_.prototype._verify2=function(e,t){r(0==(e.negative|t.negative),"red works only with positives"),r(e.red&&e.red===t.red,"red works only with red numbers")},_.prototype.imod=function(e){return this.prime?this.prime.ireduce(e)._forceRed(this):e.umod(this.m)._forceRed(this)},_.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},_.prototype.add=function(e,t){this._verify2(e,t);var r=e.add(t);return r.cmp(this.m)>=0&&r.isub(this.m),r._forceRed(this)},_.prototype.iadd=function(e,t){this._verify2(e,t);var r=e.iadd(t);return r.cmp(this.m)>=0&&r.isub(this.m),r},_.prototype.sub=function(e,t){this._verify2(e,t);var r=e.sub(t);return r.cmpn(0)<0&&r.iadd(this.m),r._forceRed(this)},_.prototype.isub=function(e,t){this._verify2(e,t);var r=e.isub(t);return r.cmpn(0)<0&&r.iadd(this.m),r},_.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},_.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},_.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},_.prototype.isqr=function(e){return this.imul(e,e.clone())},_.prototype.sqr=function(e){return this.mul(e,e)},_.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(r(t%2==1),3===t){var i=this.m.add(new n(1)).iushrn(2);return this.pow(e,i)}for(var a=this.m.subn(1),s=0;!a.isZero()&&0===a.andln(1);)s++,a.iushrn(1);r(!a.isZero());var o=new n(1).toRed(this),c=o.redNeg(),u=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new n(2*h*h).toRed(this);0!==this.pow(h,u).cmp(c);)h.redIAdd(c);for(var d=this.pow(h,a),f=this.pow(e,a.addn(1).iushrn(1)),l=this.pow(e,a),p=s;0!==l.cmp(o);){for(var y=l,b=0;0!==y.cmp(o);b++)y=y.redSqr();r(b=0;i--){for(var u=t.words[i],h=c-1;h>=0;h--){var d=u>>h&1;a!==r[0]&&(a=this.sqr(a)),0!==d||0!==s?(s<<=1,s|=d,(4===++o||0===i&&0===h)&&(a=this.mul(a,r[s]),o=0,s=0)):o=0}c=26}return a},_.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},_.prototype.convertFrom=function(e){var t=e.clone();return t.red=null,t},n.mont=function(e){return new k(e)},i(k,_),k.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},k.prototype.convertFrom=function(e){var t=this.imod(e.mul(this.rinv));return t.red=null,t},k.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;var r=e.imul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),n=r.isub(i).iushrn(this.shift),a=n;return n.cmp(this.m)>=0?a=n.isub(this.m):n.cmpn(0)<0&&(a=n.iadd(this.m)),a._forceRed(this)},k.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new n(0)._forceRed(this);var r=e.mul(t),i=r.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),a=r.isub(i).iushrn(this.shift),s=a;return a.cmp(this.m)>=0?s=a.isub(this.m):a.cmpn(0)<0&&(s=a.iadd(this.m)),s._forceRed(this)},k.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(e,rt)})),sy=/*#__PURE__*/Object.freeze({__proto__:null,default:ay,__moduleExports:ay});class oy{constructor(e){if(void 0===e)throw Error("Invalid BigInteger input");this.value=new ay(e)}clone(){const e=new oy(null);return this.value.copy(e.value),e}iinc(){return this.value.iadd(new ay(1)),this}inc(){return this.clone().iinc()}idec(){return this.value.isub(new ay(1)),this}dec(){return this.clone().idec()}iadd(e){return this.value.iadd(e.value),this}add(e){return this.clone().iadd(e)}isub(e){return this.value.isub(e.value),this}sub(e){return this.clone().isub(e)}imul(e){return this.value.imul(e.value),this}mul(e){return this.clone().imul(e)}imod(e){return this.value=this.value.umod(e.value),this}mod(e){return this.clone().imod(e)}modExp(e,t){const r=t.isEven()?ay.red(t.value):ay.mont(t.value),i=this.clone();return i.value=i.value.toRed(r).redPow(e.value).fromRed(),i}modInv(e){if(!this.gcd(e).isOne())throw Error("Inverse does not exist");return new oy(this.value.invm(e.value))}gcd(e){return new oy(this.value.gcd(e.value))}ileftShift(e){return this.value.ishln(e.value.toNumber()),this}leftShift(e){return this.clone().ileftShift(e)}irightShift(e){return this.value.ishrn(e.value.toNumber()),this}rightShift(e){return this.clone().irightShift(e)}equal(e){return this.value.eq(e.value)}lt(e){return this.value.lt(e.value)}lte(e){return this.value.lte(e.value)}gt(e){return this.value.gt(e.value)}gte(e){return this.value.gte(e.value)}isZero(){return this.value.isZero()}isOne(){return this.value.eq(new ay(1))}isNegative(){return this.value.isNeg()}isEven(){return this.value.isEven()}abs(){const e=this.clone();return e.value=e.value.abs(),e}toString(){return this.value.toString()}toNumber(){return this.value.toNumber()}getBit(e){return this.value.testn(e)?1:0}bitLength(){return this.value.bitLength()}byteLength(){return this.value.byteLength()}toUint8Array(e="be",t){return this.value.toArrayLike(Uint8Array,e,t)}}var cy,uy=/*#__PURE__*/Object.freeze({__proto__:null,default:oy}),hy=it((function(e,t){var r=t;function i(e){return 1===e.length?"0"+e:e}function n(e){for(var t="",r=0;r>8,s=255&n;a?r.push(a,s):r.push(s)}return r},r.zero2=i,r.toHex=n,r.encode=function(e,t){return"hex"===t?n(e):e}})),dy=it((function(e,t){var r=t;r.assert=et,r.toArray=hy.toArray,r.zero2=hy.zero2,r.toHex=hy.toHex,r.encode=hy.encode,r.getNAF=function(e,t){for(var r=[],i=1<=0;){var a;if(n.isOdd()){var s=n.andln(i-1);a=s>(i>>1)-1?(i>>1)-s:s,n.isubn(a)}else a=0;r.push(a);for(var o=0!==n.cmpn(0)&&0===n.andln(i-1)?t+1:1,c=1;c0||t.cmpn(-n)>0;){var a,s,o,c=e.andln(3)+i&3,u=t.andln(3)+n&3;if(3===c&&(c=-1),3===u&&(u=-1),0==(1&c))a=0;else a=3!==(o=e.andln(7)+i&7)&&5!==o||2!==u?c:-c;if(r[0].push(a),0==(1&u))s=0;else s=3!==(o=t.andln(7)+n&7)&&5!==o||2!==c?u:-u;r[1].push(s),2*i===a+1&&(i=1-i),2*n===s+1&&(n=1-n),e.iushrn(1),t.iushrn(1)}return r},r.cachedProperty=function(e,t,r){var i="_"+t;e.prototype[t]=function(){return void 0!==this[i]?this[i]:this[i]=r.call(this)}},r.parseBytes=function(e){return"string"==typeof e?r.toArray(e,"hex"):e},r.intFromLE=function(e){return new ay(e,"hex","le")}})),fy=function(e){return cy||(cy=new ly(null)),cy.generate(e)};function ly(e){this.rand=e}var py=ly;if(ly.prototype.generate=function(e){return this._rand(e)},ly.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),r=0;r0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}var vy=wy;function _y(e,t){this.curve=e,this.type=t,this.precomputed=null}wy.prototype.point=function(){throw Error("Not implemented")},wy.prototype.validate=function(){throw Error("Not implemented")},wy.prototype._fixedNafMul=function(e,t){gy(e.precomputed);var r=e._getDoubles(),i=by(t,1),n=(1<=s;t--)o=(o<<1)+i[t];a.push(o)}for(var c=this.jpoint(null,null,null),u=this.jpoint(null,null,null),h=n;h>0;h--){for(s=0;s=0;o--){for(t=0;o>=0&&0===a[o];o--)t++;if(o>=0&&t++,s=s.dblp(t),o<0)break;var c=a[o];gy(0!==c),s="affine"===e.type?c>0?s.mixedAdd(n[c-1>>1]):s.mixedAdd(n[-c-1>>1].neg()):c>0?s.add(n[c-1>>1]):s.add(n[-c-1>>1].neg())}return"affine"===e.type?s.toP():s},wy.prototype._wnafMulAdd=function(e,t,r,i,n){for(var a=this._wnafT1,s=this._wnafT2,o=this._wnafT3,c=0,u=0;u=1;u-=2){var d=u-1,f=u;if(1===a[d]&&1===a[f]){var l=[t[d],null,null,t[f]];0===t[d].y.cmp(t[f].y)?(l[1]=t[d].add(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg())):0===t[d].y.cmp(t[f].y.redNeg())?(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].add(t[f].neg())):(l[1]=t[d].toJ().mixedAdd(t[f]),l[2]=t[d].toJ().mixedAdd(t[f].neg()));var p=[-3,-1,-5,-7,0,7,5,1,3],y=my(r[d],r[f]);c=Math.max(y[0].length,c),o[d]=Array(c),o[f]=Array(c);for(var b=0;b=0;u--){for(var _=0;u>=0;){var k=!0;for(b=0;b=0&&_++,w=w.dblp(_),u<0)break;for(b=0;b0?A=s[b][S-1>>1]:S<0&&(A=s[b][-S-1>>1].neg()),w="affine"===A.type?w.mixedAdd(A):w.add(A))}}for(u=0;u=Math.ceil((e.bitLength()+1)/t.step)},_y.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var r=[this],i=this,n=0;n=0&&(a=t,s=r),i.negative&&(i=i.neg(),n=n.neg()),a.negative&&(a=a.neg(),s=s.neg()),[{a:i,b:n},{a,b:s}]},Ay.prototype._endoSplit=function(e){var t=this.endo.basis,r=t[0],i=t[1],n=i.b.mul(e).divRound(this.n),a=r.b.neg().mul(e).divRound(this.n),s=n.mul(r.a),o=a.mul(i.a),c=n.mul(r.b),u=a.mul(i.b);return{k1:e.sub(s).sub(o),k2:c.add(u).neg()}},Ay.prototype.pointFromX=function(e,t){(e=new ay(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),i=r.redSqrt();if(0!==i.redSqr().redSub(r).cmp(this.zero))throw Error("invalid point");var n=i.fromRed().isOdd();return(t&&!n||!t&&n)&&(i=i.redNeg()),this.point(e,i)},Ay.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,r=e.y,i=this.a.redMul(t),n=t.redSqr().redMul(t).redIAdd(i).redIAdd(this.b);return 0===r.redSqr().redISub(n).cmpn(0)},Ay.prototype._endoWnafMulAdd=function(e,t,r){for(var i=this._endoWnafT1,n=this._endoWnafT2,a=0;a":""},Ey.prototype.isInfinity=function(){return this.inf},Ey.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y);0!==t.cmpn(0)&&(t=t.redMul(this.x.redSub(e.x).redInvm()));var r=t.redSqr().redISub(this.x).redISub(e.x),i=t.redMul(this.x.redSub(r)).redISub(this.y);return this.curve.point(r,i)},Ey.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,r=this.x.redSqr(),i=e.redInvm(),n=r.redAdd(r).redIAdd(r).redIAdd(t).redMul(i),a=n.redSqr().redISub(this.x.redAdd(this.x)),s=n.redMul(this.x.redSub(a)).redISub(this.y);return this.curve.point(a,s)},Ey.prototype.getX=function(){return this.x.fromRed()},Ey.prototype.getY=function(){return this.y.fromRed()},Ey.prototype.mul=function(e){return e=new ay(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},Ey.prototype.mulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n):this.curve._wnafMulAdd(1,i,n,2)},Ey.prototype.jmulAdd=function(e,t,r){var i=[this,t],n=[e,r];return this.curve.endo?this.curve._endoWnafMulAdd(i,n,!0):this.curve._wnafMulAdd(1,i,n,2,!0)},Ey.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},Ey.prototype.neg=function(e){if(this.inf)return this;var t=this.curve.point(this.x,this.y.redNeg());if(e&&this.precomputed){var r=this.precomputed,i=function(e){return e.neg()};t.precomputed={naf:r.naf&&{wnd:r.naf.wnd,points:r.naf.points.map(i)},doubles:r.doubles&&{step:r.doubles.step,points:r.doubles.points.map(i)}}}return t},Ey.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},at(Py,vy.BasePoint),Ay.prototype.jpoint=function(e,t,r){return new Py(this,e,t,r)},Py.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),r=this.x.redMul(t),i=this.y.redMul(t).redMul(e);return this.curve.point(r,i)},Py.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},Py.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),r=this.z.redSqr(),i=this.x.redMul(t),n=e.x.redMul(r),a=this.y.redMul(t.redMul(e.z)),s=e.y.redMul(r.redMul(this.z)),o=i.redSub(n),c=a.redSub(s);if(0===o.cmpn(0))return 0!==c.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var u=o.redSqr(),h=u.redMul(o),d=i.redMul(u),f=c.redSqr().redIAdd(h).redISub(d).redISub(d),l=c.redMul(d.redISub(f)).redISub(a.redMul(h)),p=this.z.redMul(e.z).redMul(o);return this.curve.jpoint(f,l,p)},Py.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),r=this.x,i=e.x.redMul(t),n=this.y,a=e.y.redMul(t).redMul(this.z),s=r.redSub(i),o=n.redSub(a);if(0===s.cmpn(0))return 0!==o.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var c=s.redSqr(),u=c.redMul(s),h=r.redMul(c),d=o.redSqr().redIAdd(u).redISub(h).redISub(h),f=o.redMul(h.redISub(d)).redISub(n.redMul(u)),l=this.z.redMul(s);return this.curve.jpoint(d,f,l)},Py.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,r=0;r=0)return!1;if(r.redIAdd(n),0===this.x.cmp(r))return!0}},Py.prototype.inspect=function(){return this.isInfinity()?"":""},Py.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},at(xy,vy);var My=xy;function Ky(e,t,r){vy.BasePoint.call(this,e,"projective"),null===t&&null===r?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new ay(t,16),this.z=new ay(r,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}xy.prototype.validate=function(e){var t=e.normalize().x,r=t.redSqr(),i=r.redMul(t).redAdd(r.redMul(this.a)).redAdd(t);return 0===i.redSqrt().redSqr().cmp(i)},at(Ky,vy.BasePoint),xy.prototype.decodePoint=function(e,t){if(33===(e=dy.toArray(e,t)).length&&64===e[0]&&(e=e.slice(1,33).reverse()),32!==e.length)throw Error("Unknown point compression format");return this.point(e,1)},xy.prototype.point=function(e,t){return new Ky(this,e,t)},xy.prototype.pointFromJSON=function(e){return Ky.fromJSON(this,e)},Ky.prototype.precompute=function(){},Ky.prototype._encode=function(e){var t=this.curve.p.byteLength();return e?[64].concat(this.getX().toArray("le",t)):this.getX().toArray("be",t)},Ky.fromJSON=function(e,t){return new Ky(e,t[0],t[1]||e.one)},Ky.prototype.inspect=function(){return this.isInfinity()?"":""},Ky.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},Ky.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),r=e.redSub(t),i=e.redMul(t),n=r.redMul(t.redAdd(this.curve.a24.redMul(r)));return this.curve.point(i,n)},Ky.prototype.add=function(){throw Error("Not supported on Montgomery curve")},Ky.prototype.diffAdd=function(e,t){var r=this.x.redAdd(this.z),i=this.x.redSub(this.z),n=e.x.redAdd(e.z),a=e.x.redSub(e.z).redMul(r),s=n.redMul(i),o=t.z.redMul(a.redAdd(s).redSqr()),c=t.x.redMul(a.redISub(s).redSqr());return this.curve.point(o,c)},Ky.prototype.mul=function(e){for(var t=(e=new ay(e,16)).clone(),r=this,i=this.curve.point(null,null),n=[];0!==t.cmpn(0);t.iushrn(1))n.push(t.andln(1));for(var a=n.length-1;a>=0;a--)0===n[a]?(r=r.diffAdd(i,this),i=i.dbl()):(i=r.diffAdd(i,this),r=r.dbl());return i},Ky.prototype.mulAdd=function(){throw Error("Not supported on Montgomery curve")},Ky.prototype.jumlAdd=function(){throw Error("Not supported on Montgomery curve")},Ky.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},Ky.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},Ky.prototype.getX=function(){return this.normalize(),this.x.fromRed()};var Cy=dy.assert;function Dy(e){this.twisted=1!=(0|e.a),this.mOneA=this.twisted&&-1==(0|e.a),this.extended=this.mOneA,vy.call(this,"edwards",e),this.a=new ay(e.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new ay(e.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new ay(e.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),Cy(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|e.c)}at(Dy,vy);var Uy=Dy;function Ry(e,t,r,i,n){vy.BasePoint.call(this,e,"projective"),null===t&&null===r&&null===i?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new ay(t,16),this.y=new ay(r,16),this.z=i?new ay(i,16):this.curve.one,this.t=n&&new ay(n,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}Dy.prototype._mulA=function(e){return this.mOneA?e.redNeg():this.a.redMul(e)},Dy.prototype._mulC=function(e){return this.oneC?e:this.c.redMul(e)},Dy.prototype.jpoint=function(e,t,r,i){return this.point(e,t,r,i)},Dy.prototype.pointFromX=function(e,t){(e=new ay(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=this.c2.redSub(this.a.redMul(r)),n=this.one.redSub(this.c2.redMul(this.d).redMul(r)),a=i.redMul(n.redInvm()),s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");var o=s.fromRed().isOdd();return(t&&!o||!t&&o)&&(s=s.redNeg()),this.point(e,s)},Dy.prototype.pointFromY=function(e,t){(e=new ay(e,16)).red||(e=e.toRed(this.red));var r=e.redSqr(),i=r.redSub(this.c2),n=r.redMul(this.d).redMul(this.c2).redSub(this.a),a=i.redMul(n.redInvm());if(0===a.cmp(this.zero)){if(t)throw Error("invalid point");return this.point(this.zero,e)}var s=a.redSqrt();if(0!==s.redSqr().redSub(a).cmp(this.zero))throw Error("invalid point");return s.fromRed().isOdd()!==t&&(s=s.redNeg()),this.point(s,e)},Dy.prototype.validate=function(e){if(e.isInfinity())return!0;e.normalize();var t=e.x.redSqr(),r=e.y.redSqr(),i=t.redMul(this.a).redAdd(r),n=this.c2.redMul(this.one.redAdd(this.d.redMul(t).redMul(r)));return 0===i.cmp(n)},at(Ry,vy.BasePoint),Dy.prototype.pointFromJSON=function(e){return Ry.fromJSON(this,e)},Dy.prototype.point=function(e,t,r,i){return new Ry(this,e,t,r,i)},Ry.fromJSON=function(e,t){return new Ry(e,t[0],t[1],t[2])},Ry.prototype.inspect=function(){return this.isInfinity()?"":""},Ry.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},Ry.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),r=this.z.redSqr();r=r.redIAdd(r);var i=this.curve._mulA(e),n=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),a=i.redAdd(t),s=a.redSub(r),o=i.redSub(t),c=n.redMul(s),u=a.redMul(o),h=n.redMul(o),d=s.redMul(a);return this.curve.point(c,u,d,h)},Ry.prototype._projDbl=function(){var e,t,r,i=this.x.redAdd(this.y).redSqr(),n=this.x.redSqr(),a=this.y.redSqr();if(this.curve.twisted){var s=(u=this.curve._mulA(n)).redAdd(a);if(this.zOne)e=i.redSub(n).redSub(a).redMul(s.redSub(this.curve.two)),t=s.redMul(u.redSub(a)),r=s.redSqr().redSub(s).redSub(s);else{var o=this.z.redSqr(),c=s.redSub(o).redISub(o);e=i.redSub(n).redISub(a).redMul(c),t=s.redMul(u.redSub(a)),r=s.redMul(c)}}else{var u=n.redAdd(a);o=this.curve._mulC(this.z).redSqr(),c=u.redSub(o).redSub(o);e=this.curve._mulC(i.redISub(u)).redMul(c),t=this.curve._mulC(u).redMul(n.redISub(a)),r=u.redMul(c)}return this.curve.point(e,t,r)},Ry.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},Ry.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),r=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),i=this.t.redMul(this.curve.dd).redMul(e.t),n=this.z.redMul(e.z.redAdd(e.z)),a=r.redSub(t),s=n.redSub(i),o=n.redAdd(i),c=r.redAdd(t),u=a.redMul(s),h=o.redMul(c),d=a.redMul(c),f=s.redMul(o);return this.curve.point(u,h,f,d)},Ry.prototype._projAdd=function(e){var t,r,i=this.z.redMul(e.z),n=i.redSqr(),a=this.x.redMul(e.x),s=this.y.redMul(e.y),o=this.curve.d.redMul(a).redMul(s),c=n.redSub(o),u=n.redAdd(o),h=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(a).redISub(s),d=i.redMul(c).redMul(h);return this.curve.twisted?(t=i.redMul(u).redMul(s.redSub(this.curve._mulA(a))),r=c.redMul(u)):(t=i.redMul(u).redMul(s.redSub(a)),r=this.curve._mulC(c).redMul(u)),this.curve.point(d,t,r)},Ry.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},Ry.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},Ry.prototype.mulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!1)},Ry.prototype.jmulAdd=function(e,t,r){return this.curve._wnafMulAdd(1,[this,t],[e,r],2,!0)},Ry.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},Ry.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},Ry.prototype.getX=function(){return this.normalize(),this.x.fromRed()},Ry.prototype.getY=function(){return this.normalize(),this.y.fromRed()},Ry.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},Ry.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var r=e.clone(),i=this.curve.redN.redMul(this.z);;){if(r.iadd(this.curve.n),r.cmp(this.curve.p)>=0)return!1;if(t.redIAdd(i),0===this.x.cmp(t))return!0}},Ry.prototype.toP=Ry.prototype.normalize,Ry.prototype.mixedAdd=Ry.prototype.add;var Iy=it((function(e,t){var r=t;r.base=vy,r.short=Sy,r.mont=My,r.edwards=Uy})),By=pt.rotl32,Ty=pt.sum32,zy=pt.sum32_5,qy=At.ft_1,Fy=mt.BlockHash,Oy=[1518500249,1859775393,2400959708,3395469782];function Ly(){if(!(this instanceof Ly))return new Ly;Fy.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=Array(80)}pt.inherits(Ly,Fy);var Ny=Ly;Ly.blockSize=512,Ly.outSize=160,Ly.hmacStrength=80,Ly.padLength=64,Ly.prototype._update=function(e,t){for(var r=this.W,i=0;i<16;i++)r[i]=e[t+i];for(;ithis.blockSize&&(e=(new this.Hash).update(e).digest()),et(e.length<=this.blockSize);for(var t=e.length;t=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,r,i)}var Xy=Zy;Zy.prototype._init=function(e,t,r){var i=e.concat(t).concat(r);this.K=Array(this.outLen/8),this.V=Array(this.outLen/8);for(var n=0;n=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(r||[])),this._reseed=1},Zy.prototype.generate=function(e,t,r,i){if(this._reseed>this.reseedInterval)throw Error("Reseed is required");"string"!=typeof t&&(i=r,r=t,t=null),r&&(r=hy.toArray(r,i||"hex"),this._update(r));for(var n=[];n.length"};var eb=dy.assert;function tb(e,t){if(e instanceof tb)return e;this._importDER(e,t)||(eb(e.r&&e.s,"Signature without r or s"),this.r=new ay(e.r,16),this.s=new ay(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}var rb=tb;function ib(){this.place=0}function nb(e,t){var r=e[t.place++];if(!(128&r))return r;for(var i=15&r,n=0,a=0,s=t.place;a>>3);for(e.push(128|r);--r;)e.push(t>>>(r<<3)&255);e.push(t)}}tb.prototype._importDER=function(e,t){e=dy.toArray(e,t);var r=new ib;if(48!==e[r.place++])return!1;if(nb(e,r)+r.place!==e.length)return!1;if(2!==e[r.place++])return!1;var i=nb(e,r),n=e.slice(r.place,i+r.place);if(r.place+=i,2!==e[r.place++])return!1;var a=nb(e,r);if(e.length!==a+r.place)return!1;var s=e.slice(r.place,a+r.place);return 0===n[0]&&128&n[1]&&(n=n.slice(1)),0===s[0]&&128&s[1]&&(s=s.slice(1)),this.r=new ay(n),this.s=new ay(s),this.recoveryParam=null,!0},tb.prototype.toDER=function(e){var t=this.r.toArray(),r=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&r[0]&&(r=[0].concat(r)),t=ab(t),r=ab(r);!(r[0]||128&r[1]);)r=r.slice(1);var i=[2];sb(i,t.length),(i=i.concat(t)).push(2),sb(i,r.length);var n=i.concat(r),a=[48];return sb(a,n.length),a=a.concat(n),dy.encode(a,e)};var ob=dy.assert;function cb(e){if(!(this instanceof cb))return new cb(e);"string"==typeof e&&(ob($y.hasOwnProperty(e),"Unknown curve "+e),e=$y[e]),e instanceof $y.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}var ub=cb;cb.prototype.keyPair=function(e){return new Jy(this,e)},cb.prototype.keyFromPrivate=function(e,t){return Jy.fromPrivate(this,e,t)},cb.prototype.keyFromPublic=function(e,t){return Jy.fromPublic(this,e,t)},cb.prototype.genKeyPair=function(e){e||(e={});var t=new Xy({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||fy(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()});if("mont"===this.curve.type){var r=new ay(t.generate(32));return this.keyFromPrivate(r)}for(var i=this.n.byteLength(),n=this.n.sub(new ay(2));;){if(!((r=new ay(t.generate(i))).cmp(n)>0))return r.iaddn(1),this.keyFromPrivate(r)}},cb.prototype._truncateToN=function(e,t,r){var i=(r=r||8*e.byteLength())-this.n.bitLength();return i>0&&(e=e.ushrn(i)),!t&&e.cmp(this.n)>=0?e.sub(this.n):e},cb.prototype.truncateMsg=function(e){var t;return e instanceof Uint8Array?(t=8*e.byteLength,e=this._truncateToN(new ay(e,16),!1,t)):"string"==typeof e?(t=4*e.length,e=this._truncateToN(new ay(e,16),!1,t)):e=this._truncateToN(new ay(e,16)),e},cb.prototype.sign=function(e,t,r,i){"object"==typeof r&&(i=r,r=null),i||(i={}),t=this.keyFromPrivate(t,r),e=this.truncateMsg(e);for(var n=this.n.byteLength(),a=t.getPrivate().toArray("be",n),s=e.toArray("be",n),o=new Xy({hash:this.hash,entropy:a,nonce:s,pers:i.pers,persEnc:i.persEnc||"utf8"}),c=this.n.sub(new ay(1)),u=0;;u++){var h=i.k?i.k(u):new ay(o.generate(this.n.byteLength()));if(!((h=this._truncateToN(h,!0)).cmpn(1)<=0||h.cmp(c)>=0)){var d=this.g.mul(h);if(!d.isInfinity()){var f=d.getX(),l=f.umod(this.n);if(0!==l.cmpn(0)){var p=h.invm(this.n).mul(l.mul(t.getPrivate()).iadd(e));if(0!==(p=p.umod(this.n)).cmpn(0)){var y=(d.getY().isOdd()?1:0)|(0!==f.cmp(l)?2:0);return i.canonical&&p.cmp(this.nh)>0&&(p=this.n.sub(p),y^=1),new rb({r:l,s:p,recoveryParam:y})}}}}}},cb.prototype.verify=function(e,t,r,i){return r=this.keyFromPublic(r,i),t=new rb(t,"hex"),this._verify(this.truncateMsg(e),t,r)||this._verify(this._truncateToN(new ay(e,16)),t,r)},cb.prototype._verify=function(e,t,r){var i=t.r,n=t.s;if(i.cmpn(1)<0||i.cmp(this.n)>=0)return!1;if(n.cmpn(1)<0||n.cmp(this.n)>=0)return!1;var a,s=n.invm(this.n),o=s.mul(e).umod(this.n),c=s.mul(i).umod(this.n);return this.curve._maxwellTrick?!(a=this.g.jmulAdd(o,r.getPublic(),c)).isInfinity()&&a.eqXToP(i):!(a=this.g.mulAdd(o,r.getPublic(),c)).isInfinity()&&0===a.getX().umod(this.n).cmp(i)},cb.prototype.recoverPubKey=function(e,t,r,i){ob((3&r)===r,"The recovery param is more than two bits"),t=new rb(t,i);var n=this.n,a=new ay(e),s=t.r,o=t.s,c=1&r,u=r>>1;if(s.cmp(this.curve.p.umod(this.curve.n))>=0&&u)throw Error("Unable to find sencond key candinate");s=u?this.curve.pointFromX(s.add(this.curve.n),c):this.curve.pointFromX(s,c);var h=t.r.invm(n),d=n.sub(a).mul(h).umod(n),f=o.mul(h).umod(n);return this.g.mulAdd(d,s,f)},cb.prototype.getKeyRecoveryParam=function(e,t,r,i){if(null!==(t=new rb(t,i)).recoveryParam)return t.recoveryParam;for(var n=0;n<4;n++){var a;try{a=this.recoverPubKey(e,t,n)}catch(e){continue}if(a.eq(r))return n}throw Error("Unable to find valid recovery factor")};var hb=dy.assert,db=dy.parseBytes,fb=dy.cachedProperty;function lb(e,t){if(this.eddsa=e,t.hasOwnProperty("secret")&&(this._secret=db(t.secret)),e.isPoint(t.pub))this._pub=t.pub;else if(this._pubBytes=db(t.pub),this._pubBytes&&33===this._pubBytes.length&&64===this._pubBytes[0]&&(this._pubBytes=this._pubBytes.slice(1,33)),this._pubBytes&&32!==this._pubBytes.length)throw Error("Unknown point compression format")}lb.fromPublic=function(e,t){return t instanceof lb?t:new lb(e,{pub:t})},lb.fromSecret=function(e,t){return t instanceof lb?t:new lb(e,{secret:t})},lb.prototype.secret=function(){return this._secret},fb(lb,"pubBytes",(function(){return this.eddsa.encodePoint(this.pub())})),fb(lb,"pub",(function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())})),fb(lb,"privBytes",(function(){var e=this.eddsa,t=this.hash(),r=e.encodingLength-1,i=t.slice(0,e.encodingLength);return i[0]&=248,i[r]&=127,i[r]|=64,i})),fb(lb,"priv",(function(){return this.eddsa.decodeInt(this.privBytes())})),fb(lb,"hash",(function(){return this.eddsa.hash().update(this.secret()).digest()})),fb(lb,"messagePrefix",(function(){return this.hash().slice(this.eddsa.encodingLength)})),lb.prototype.sign=function(e){return hb(this._secret,"KeyPair can only verify"),this.eddsa.sign(e,this)},lb.prototype.verify=function(e,t){return this.eddsa.verify(e,t,this)},lb.prototype.getSecret=function(e){return hb(this._secret,"KeyPair is public only"),dy.encode(this.secret(),e)},lb.prototype.getPublic=function(e,t){return dy.encode((t?[64]:[]).concat(this.pubBytes()),e)};var pb=lb,yb=dy.assert,bb=dy.cachedProperty,mb=dy.parseBytes;function gb(e,t){this.eddsa=e,"object"!=typeof t&&(t=mb(t)),Array.isArray(t)&&(t={R:t.slice(0,e.encodingLength),S:t.slice(e.encodingLength)}),yb(t.R&&t.S,"Signature without R or S"),e.isPoint(t.R)&&(this._R=t.R),t.S instanceof ay&&(this._S=t.S),this._Rencoded=Array.isArray(t.R)?t.R:t.Rencoded,this._Sencoded=Array.isArray(t.S)?t.S:t.Sencoded}bb(gb,"S",(function(){return this.eddsa.decodeInt(this.Sencoded())})),bb(gb,"R",(function(){return this.eddsa.decodePoint(this.Rencoded())})),bb(gb,"Rencoded",(function(){return this.eddsa.encodePoint(this.R())})),bb(gb,"Sencoded",(function(){return this.eddsa.encodeInt(this.S())})),gb.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},gb.prototype.toHex=function(){return dy.encode(this.toBytes(),"hex").toUpperCase()};var wb=gb,vb=dy.assert,_b=dy.parseBytes;function kb(e){if(vb("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof kb))return new kb(e);e=$y[e].curve;this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=Gy.sha512}var Ab=kb;kb.prototype.sign=function(e,t){e=_b(e);var r=this.keyFromSecret(t),i=this.hashInt(r.messagePrefix(),e),n=this.g.mul(i),a=this.encodePoint(n),s=this.hashInt(a,r.pubBytes(),e).mul(r.priv()),o=i.add(s).umod(this.curve.n);return this.makeSignature({R:n,S:o,Rencoded:a})},kb.prototype.verify=function(e,t,r){e=_b(e),t=this.makeSignature(t);var i=this.keyFromPublic(r),n=this.hashInt(t.Rencoded(),i.pubBytes(),e),a=this.g.mul(t.S());return t.R().add(i.pub().mul(n)).eq(a)},kb.prototype.hashInt=function(){for(var e=this.hash(),t=0;t{this[n]=e,this[i]=t})),this[r].catch((()=>{}))}}function o(e){return e&&e.getReader&&Array.isArray(e)}function c(e){if(!o(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function h(t){if(o(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function u(e){return Uint8Array.prototype.isPrototypeOf(e)}function l(e){if(1===e.length)return e[0];let t=0;for(let r=0;r(await this[r],this[s]===this.length?{value:void 0,done:!0}:{value:this[this[s]++],done:!1})}},a.prototype.readToEnd=async function(e){await this[r];const t=e(this.slice(this[s]));return this.length=0,t},a.prototype.clone=function(){const e=new a;return e[r]=this[r].then((()=>{e.push(...this)})),e},c.prototype.write=async function(e){this.stream.push(e)},c.prototype.close=async function(){this.stream[n]()},c.prototype.abort=async function(e){return this.stream[i](e),e},c.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const y=new WeakSet,f=Symbol("externalBuffer");function g(e){if(this.stream=e,e[f]&&(this[f]=e[f].slice()),o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(h(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||y.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{y.add(e)}catch(e){}}}function p(e){return h(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(h(e))return e;const t=new a;return(async()=>{const r=x(t);await r.write(e),await r.close()})(),t}function A(e){return e.some((e=>h(e)&&!o(e)))?function(e){e=e.map(p);const t=b((async function(e){await Promise.all(n.map((t=>D(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>E(n,((n,s)=>(r=r.then((()=>w(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>o(e)))?function(e){const t=new a;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>w(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):l(e)}async function w(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(h(e)&&!o(e)){e=p(e);try{if(e[f]){const r=x(t);for(let t=0;t{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function k(e,t=()=>{},r=()=>{}){if(o(e)){const n=new a;return(async()=>{const i=x(n);try{const n=await C(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?A([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(h(e))return m(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?A([n,i]):void 0!==n?n:i}function E(e,t){if(h(e)&&!o(e)){let r;const n=new TransformStream({start(e){r=e}}),i=w(e,n.writable),s=b((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=d(e);const r=new a;return t(e,r),r}function v(e,t){let r;const n=E(e,((e,i)=>{const s=U(e);s.remainder=()=>(s.releaseLock(),w(e,i),n),r=t(s)}));return r}function B(e){if(o(e))return e.clone();if(h(e)){const t=function(e){if(o(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(h(e)){const t=p(e).tee();return t[0][f]=t[1][f]=e[f],t}return[K(e),K(e)]}(e);return S(e,t[0]),t[1]}return K(e)}function I(e){return o(e)?B(e):h(e)?new ReadableStream({start(t){const r=E(e,(async(e,r)=>{const n=U(e),i=x(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));S(e,r)}}):K(e)}function S(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function K(e,t=0,r=1/0){if(o(e))throw Error("Not implemented");if(h(e)){if(t>=0&&r>=0){let n=0;return m(e,{transform(e,i){n=t&&i.enqueue(K(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return k(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>K(A(n),t,r)))}if(0===t&&r<0){let n;return k(e,(e=>{const i=n?A([n,e]):e;if(i.length>=-r)return n=K(i,r),K(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),P((async()=>K(await C(e),t,r)))}return e[f]&&(e=A(e[f].concat([e]))),u(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function C(e,t=A){return o(e)?e.readToEnd(t):h(e)?U(e).readToEnd(t):e}async function D(e,t){if(h(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function P(e){const t=new a;return(async()=>{const r=x(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function U(e){return new g(e)}function x(e){return new c(e)}g.prototype.read=async function(){if(this[f]&&this[f].length){return{done:!1,value:this[f].shift()}}return this._read()},g.prototype.releaseLock=function(){this[f]&&(this.stream[f]=this[f]),this._releaseLock()},g.prototype.cancel=function(e){return this._cancel(e)},g.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?A(t):void 0;const i=n.indexOf("\n")+1;i&&(e=A(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},g.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(K(t,1)),r},g.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?A(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=A(t);return this.unshift(K(r,e)),K(r,0,e)}}},g.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},g.prototype.unshift=function(...e){this[f]||(this[f]=[]),1===e.length&&u(e[0])&&this[f].length&&e[0].length&&this[f][0].byteOffset>=e[0].length?this[f][0]=new Uint8Array(this[f][0].buffer,this[f][0].byteOffset-e[0].length,this[f][0].byteLength+e[0].length):this[f].unshift(...e.filter((e=>e&&e.length)))},g.prototype.readToEnd=async function(e=A){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const Q=Symbol("byValue");var R={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[Q]||(e[Q]=[],Object.entries(e).forEach((([t,r])=>{e[Q][r]=t}))),void 0!==e[Q][t])return e[Q][t];throw Error("Invalid enum value.")}},L={preferredHashAlgorithm:R.hash.sha512,preferredSymmetricAlgorithm:R.symmetric.aes256,preferredCompressionAlgorithm:R.compression.uncompressed,aeadProtect:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:R.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:R.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([R.symmetric.aes128,R.symmetric.aes192,R.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.0.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([R.hash.md5,R.hash.ripemd]),rejectMessageHashAlgorithms:new Set([R.hash.md5,R.hash.ripemd,R.hash.sha1]),rejectPublicKeyAlgorithms:new Set([R.publicKey.elgamal,R.publicKey.dsa]),rejectCurves:new Set([R.curve.secp256k1])};const T=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),M={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:u,isStream:h,getNobleCurve:async(e,t)=>{if(!L.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return dl}));switch(e){case R.publicKey.ecdh:case R.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case R.publicKey.x448:return r.get("x448");case R.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r>8*(t-n-1)&255;return r},readDate:function(e){const t=M.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return M.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return M.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.lengtht)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=M.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return M.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t>1);for(let r=0;r>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return k(e,(e=>{if(!M.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;rr("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return k(e,r,(()=>r(new Uint8Array,!0)))},concat:A,concatUint8Array:l,equalsUint8Array:function(e,t){if(!M.isUint8Array(e)||!M.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!M.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return k(e,(e=>{let r;t&&(e=M.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;tt?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return k(e,(e=>{let r;13===(e=t&&10!==e[0]?M.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n{t=M.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=F(t.subarray(0,i));for(let e=0;et.length?F(t)+"\n":""))}function z(e){let t="";return k(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=H(t.substr(0,i));return t=t.substr(i),s}),(()=>H(t)))}function _(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function G(e,t){let r=O(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function j(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?R.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?R.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?R.armor.signed:/MESSAGE/.test(t[1])?R.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?R.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?R.armor.privateKey:/SIGNATURE/.test(t[1])?R.armor.signature:void 0}function q(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function V(e){const t=function(e){let t=13501623;return k(e,(e=>{const r=Y?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e>24&255]^J[1][t>>16&255]^J[2][t>>8&255]^J[3][255&t];for(let n=4*r;n>8^J[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return O(t)}N?(F=e=>N.from(e).toString("base64"),H=e=>{const t=N.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(F=e=>btoa(M.uint8ArrayToString(e)),H=e=>M.stringToUint8Array(atob(e)));const J=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);J[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)J[1][e]=J[0][e]>>8^J[0][255&J[0][e]];for(let e=0;e<=255;e++)J[2][e]=J[1][e]>>8^J[0][255&J[1][e]];for(let e=0;e<=255;e++)J[3][e]=J[2][e]>>8^J[0][255&J[2][e]];const Y=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function W(e){for(let t=0;t=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function $(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,h=a,u=[];const l=z(E(e,(async(e,y)=>{const f=U(e);try{for(;;){let e=await f.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=M.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==R.armor.signed||(n.test(e)?(u=u.join("\r\n"),c=!0,W(h),h=[],o=!1):u.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if(W(h),o=!0,c||s!==R.armor.signed){t({text:u,data:l,headers:a,type:s});break}}else h.push(e);else n.test(e)&&(s=j(e))}}catch(e){return void r(e)}const g=x(y);try{for(;;){await g.ready;const{done:e,value:t}=await f.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await f.readToEnd();e.length||(e=""),e=r+e,e=M.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=Z(t[0].slice(0,-1));await g.write(i);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(o(e.data)&&(e.data=await C(e.data)),e)))}function X(e,t,r,n,i,s=!1,a=L){let o,c;e===R.armor.signed&&(o=t.text,c=t.hash,t=t.data);const h=s&&I(t),u=[];switch(e){case R.armor.multipartSection:u.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case R.armor.multipartLast:u.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case R.armor.signed:u.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),u.push(c?`Hash: ${c}\n\n`:"\n"),u.push(o.replace(/^-/gm,"- -")),u.push("\n-----BEGIN PGP SIGNATURE-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP SIGNATURE-----\n");break;case R.armor.message:u.push("-----BEGIN PGP MESSAGE-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP MESSAGE-----\n");break;case R.armor.publicKey:u.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case R.armor.privateKey:u.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case R.armor.signature:u.push("-----BEGIN PGP SIGNATURE-----\n"),u.push(q(i,a)),u.push(O(t)),h&&u.push("=",V(h)),u.push("-----END PGP SIGNATURE-----\n")}return M.concat(u)}async function ee(e){switch(e){case R.symmetric.aes128:case R.symmetric.aes192:case R.symmetric.aes256:throw Error("Not a legacy cipher");case R.symmetric.cast5:case R.symmetric.blowfish:case R.symmetric.twofish:case R.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return Ul})),r=t.get(e);if(!r)throw Error("Unsupported cipher algorithm");return r}default:throw Error("Unsupported cipher algorithm")}}function te(e){switch(e){case R.symmetric.aes128:case R.symmetric.aes192:case R.symmetric.aes256:case R.symmetric.twofish:return 16;case R.symmetric.blowfish:case R.symmetric.cast5:case R.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function re(e){switch(e){case R.symmetric.aes128:case R.symmetric.blowfish:case R.symmetric.cast5:return 16;case R.symmetric.aes192:case R.symmetric.tripledes:return 24;case R.symmetric.aes256:case R.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function ne(e){return{keySize:re(e),blockSize:te(e)}}var ie=/*#__PURE__*/Object.freeze({__proto__:null,getCipherParams:ne,getLegacyCipher:ee});function se(e,t){let r=e[0],n=e[1],i=e[2],s=e[3];r=oe(r,n,i,s,t[0],7,-680876936),s=oe(s,r,n,i,t[1],12,-389564586),i=oe(i,s,r,n,t[2],17,606105819),n=oe(n,i,s,r,t[3],22,-1044525330),r=oe(r,n,i,s,t[4],7,-176418897),s=oe(s,r,n,i,t[5],12,1200080426),i=oe(i,s,r,n,t[6],17,-1473231341),n=oe(n,i,s,r,t[7],22,-45705983),r=oe(r,n,i,s,t[8],7,1770035416),s=oe(s,r,n,i,t[9],12,-1958414417),i=oe(i,s,r,n,t[10],17,-42063),n=oe(n,i,s,r,t[11],22,-1990404162),r=oe(r,n,i,s,t[12],7,1804603682),s=oe(s,r,n,i,t[13],12,-40341101),i=oe(i,s,r,n,t[14],17,-1502002290),n=oe(n,i,s,r,t[15],22,1236535329),r=ce(r,n,i,s,t[1],5,-165796510),s=ce(s,r,n,i,t[6],9,-1069501632),i=ce(i,s,r,n,t[11],14,643717713),n=ce(n,i,s,r,t[0],20,-373897302),r=ce(r,n,i,s,t[5],5,-701558691),s=ce(s,r,n,i,t[10],9,38016083),i=ce(i,s,r,n,t[15],14,-660478335),n=ce(n,i,s,r,t[4],20,-405537848),r=ce(r,n,i,s,t[9],5,568446438),s=ce(s,r,n,i,t[14],9,-1019803690),i=ce(i,s,r,n,t[3],14,-187363961),n=ce(n,i,s,r,t[8],20,1163531501),r=ce(r,n,i,s,t[13],5,-1444681467),s=ce(s,r,n,i,t[2],9,-51403784),i=ce(i,s,r,n,t[7],14,1735328473),n=ce(n,i,s,r,t[12],20,-1926607734),r=he(r,n,i,s,t[5],4,-378558),s=he(s,r,n,i,t[8],11,-2022574463),i=he(i,s,r,n,t[11],16,1839030562),n=he(n,i,s,r,t[14],23,-35309556),r=he(r,n,i,s,t[1],4,-1530992060),s=he(s,r,n,i,t[4],11,1272893353),i=he(i,s,r,n,t[7],16,-155497632),n=he(n,i,s,r,t[10],23,-1094730640),r=he(r,n,i,s,t[13],4,681279174),s=he(s,r,n,i,t[0],11,-358537222),i=he(i,s,r,n,t[3],16,-722521979),n=he(n,i,s,r,t[6],23,76029189),r=he(r,n,i,s,t[9],4,-640364487),s=he(s,r,n,i,t[12],11,-421815835),i=he(i,s,r,n,t[15],16,530742520),n=he(n,i,s,r,t[2],23,-995338651),r=ue(r,n,i,s,t[0],6,-198630844),s=ue(s,r,n,i,t[7],10,1126891415),i=ue(i,s,r,n,t[14],15,-1416354905),n=ue(n,i,s,r,t[5],21,-57434055),r=ue(r,n,i,s,t[12],6,1700485571),s=ue(s,r,n,i,t[3],10,-1894986606),i=ue(i,s,r,n,t[10],15,-1051523),n=ue(n,i,s,r,t[1],21,-2054922799),r=ue(r,n,i,s,t[8],6,1873313359),s=ue(s,r,n,i,t[15],10,-30611744),i=ue(i,s,r,n,t[6],15,-1560198380),n=ue(n,i,s,r,t[13],21,1309151649),r=ue(r,n,i,s,t[4],6,-145523070),s=ue(s,r,n,i,t[11],10,-1120210379),i=ue(i,s,r,n,t[2],15,718787259),n=ue(n,i,s,r,t[9],21,-343485551),e[0]=ge(r,e[0]),e[1]=ge(n,e[1]),e[2]=ge(i,e[2]),e[3]=ge(s,e[3])}function ae(e,t,r,n,i,s){return t=ge(ge(t,e),ge(n,s)),ge(t<>>32-i,r)}function oe(e,t,r,n,i,s,a){return ae(t&r|~t&n,e,t,i,s,a)}function ce(e,t,r,n,i,s,a){return ae(t&n|r&~n,e,t,i,s,a)}function he(e,t,r,n,i,s,a){return ae(t^r^n,e,t,i,s,a)}function ue(e,t,r,n,i,s,a){return ae(r^(t|~n),e,t,i,s,a)}function le(e){const t=[];let r;for(r=0;r<64;r+=4)t[r>>2]=e.charCodeAt(r)+(e.charCodeAt(r+1)<<8)+(e.charCodeAt(r+2)<<16)+(e.charCodeAt(r+3)<<24);return t}const ye="0123456789abcdef".split("");function fe(e){let t="",r=0;for(;r<4;r++)t+=ye[e>>8*r+4&15]+ye[e>>8*r&15];return t}function ge(e,t){return e+t&4294967295}const pe=M.getWebCrypto(),de=M.getNodeCrypto(),Ae=de&&de.getHashes();function we(e){if(de&&Ae.includes(e))return async function(t){const r=de.createHash(e);return k(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function me(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return Wl})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(o(e)&&(e=await C(e)),M.isStream(e)){const t=(await r()).create();return k(e,(e=>{t.update(e)}),(()=>t.digest()))}if(pe&&t)return new Uint8Array(await pe.digest(t,e));return(await r())(e)}}var be={md5:we("md5")||async function(e){const t=function(e){const t=e.length,r=[1732584193,-271733879,-1732584194,271733878];let n;for(n=64;n<=e.length;n+=64)se(r,le(e.substring(n-64,n)));e=e.substring(n-64);const i=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];for(n=0;n>2]|=e.charCodeAt(n)<<(n%4<<3);if(i[n>>2]|=128<<(n%4<<3),n>55)for(se(r,i),n=0;n<16;n++)i[n]=0;return i[14]=8*t,se(r,i),r}(M.uint8ArrayToString(e));return M.hexToUint8Array(function(e){for(let t=0;t0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function ve(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Be(e,t){Ee(e);const r=t.outputLen;if(e.lengthnew Uint8Array(e.buffer,e.byteOffset,e.byteLength),Se=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),Ke=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function Ce(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!ke(e))throw Error("Uint8Array expected, got "+typeof e);e=Qe(e)}return e}function De(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n(Object.assign(t,e),t);function Ue(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function xe(e){return e.byteOffset%4==0}function Qe(e){return Uint8Array.from(e)}function Re(...e){for(let t=0;t(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Fe{constructor(e,t){this.blockLen=Le,this.outputLen=Le,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Ee(e=Ce(e),16);const r=Ke(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Ne(n),s1:Ne(i),s2:Ne(s),s3:Ne(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(u=s)<<31|(l=a)>>>1,s2:(h=i)<<31|u>>>1,s1:(c=n)<<31|h>>>1,s0:c>>>1^225<<24&-(1&l)});var c,h,u,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const f=128/y,g=this.windowSize=2**y,p=[];for(let e=0;e>>y-a-1&1))continue;const{s0:c,s1:h,s2:u,s3:l}=o[y*e+a];r^=c,n^=h,i^=u,s^=l}p.push({s0:r,s1:n,s2:i,s3:s})}this.t=p}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,h=0,u=0;const l=(1<>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:f,s2:g,s3:p}=s[y*a+r];o^=n,c^=f,h^=g,u^=p,y+=1}}this.s0=o,this.s1=c,this.s2=h,this.s3=u}update(e){e=Ce(e),ve(this);const t=Se(e),r=Math.floor(e.length/Le),n=e.length%Le;for(let e=0;e>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Qe(e=Ce(e)));super(r,t),Re(r)}update(e){e=Ce(e),ve(this);const t=Se(e),r=e.length%Le,n=Math.floor(e.length/Le);for(let e=0;ee(r,t.length).update(Ce(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const ze=Oe(((e,t)=>new Fe(e,t)));Oe(((e,t)=>new He(e,t)));const _e=16,Ge=new Uint8Array(_e),je=283;function qe(e){return e<<1^je&-(e>>7)}function Ve(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=qe(e);return r}const Je=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=qe(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return Re(e),t})(),Ye=/* @__PURE__ */Je.map(((e,t)=>Je.indexOf(t))),We=e=>e<<24|e>>>8,Ze=e=>e<<8|e>>>24,$e=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xe(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map(Ze),i=n.map(Ze),s=i.map(Ze),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let h=0;h<256;h++){const u=256*t+h;a[u]=r[t]^n[h],o[u]=i[t]^s[h],c[u]=e[t]<<8|e[h]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const et=/* @__PURE__ */Xe(Je,(e=>Ve(e,3)<<24|e<<16|e<<8|Ve(e,2))),tt=/* @__PURE__ */Xe(Ye,(e=>Ve(e,11)<<24|Ve(e,13)<<16|Ve(e,9)<<8|Ve(e,14))),rt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=qe(r))e[t]=r;return e})();function nt(e){Ee(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=et,n=[];xe(e)||n.push(e=Qe(e));const i=Se(e),s=i.length,a=e=>at(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}return Re(...n),o}function it(e){const t=nt(e),r=t.slice(),n=t.length,{sbox2:i}=et,{T0:s,T1:a,T2:o,T3:c}=tt;for(let e=0;e>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function st(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function at(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function ot(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=et;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const h=e.length/4-2;for(let s=0;s=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:h,s3:u}=ot(e,a[0],a[1],a[2],a[3]))}const f=_e*Math.floor(l.length/4);if(f>>0,o.setUint32(u,y,t),({s0:f,s1:g,s2:p,s3:d}=ot(e,a[0],a[1],a[2],a[3]));const A=_e*Math.floor(c.length/4);if(Ar(e,t),decrypt:(e,t)=>r(e,t)}}));const ft=Pe({blockSize:16,nonceLength:16},(function(e,t,r={}){Ee(e),Ee(t,16);const n=!r.disablePadding;return{encrypt(r,i){const s=nt(e),{b:a,o,out:c}=function(e,t,r){Ee(e);let n=e.length;const i=n%_e;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");xe(e)||(e=Qe(e));const s=Se(e);if(t){let e=_e-i;e||(e=_e),n+=e}const a=ht(n,r);return{b:s,o:Se(a),out:a}}(r,n,i);let h=t;const u=[s];xe(h)||u.push(h=Qe(h));const l=Se(h);let y=l[0],f=l[1],g=l[2],p=l[3],d=0;for(;d+4<=a.length;)y^=a[d+0],f^=a[d+1],g^=a[d+2],p^=a[d+3],({s0:y,s1:f,s2:g,s3:p}=ot(s,y,f,g,p)),o[d++]=y,o[d++]=f,o[d++]=g,o[d++]=p;if(n){const e=function(e){const t=new Uint8Array(16),r=Se(t);t.set(e);const n=_e-e.length;for(let e=_e-n;e<_e;e++)t[e]=n;return r}(r.subarray(4*d));y^=e[0],f^=e[1],g^=e[2],p^=e[3],({s0:y,s1:f,s2:g,s3:p}=ot(s,y,f,g,p)),o[d++]=y,o[d++]=f,o[d++]=g,o[d++]=p}return Re(...u),c},decrypt(r,i){!function(e){if(Ee(e),e.length%_e!=0)throw Error("aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const s=it(e);let a=t;const o=[s];xe(a)||o.push(a=Qe(a));const c=Se(a),h=ht(r.length,i);xe(r)||o.push(r=Qe(r));const u=Se(r),l=Se(h);let y=c[0],f=c[1],g=c[2],p=c[3];for(let e=0;e+4<=u.length;){const t=y,r=f,n=g,i=p;y=u[e+0],f=u[e+1],g=u[e+2],p=u[e+3];const{s0:a,s1:o,s2:c,s3:h}=ct(s,y,f,g,p);l[e++]=a^t,l[e++]=o^r,l[e++]=c^n,l[e++]=h^i}return Re(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const n=e[r-1];if(n<=0||n>16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;tr(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const pt=Pe({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Ee(e),Ee(t),void 0!==r&&Ee(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const n=16;function i(e,t,n){const i=function(e,t,r,n,i){const s=null==i?0:i.length,a=e.create(r,n.length+s);i&&a.update(i),a.update(n);const o=new Uint8Array(16),c=Ke(o);i&&Ue(c,0,BigInt(8*s),t),Ue(c,8,BigInt(8*n.length),t),a.update(o);const h=a.digest();return Re(o),h}(ze,!1,e,n,r);for(let e=0;e=2**32)throw Error("plaintext should be less than 4gb");const r=nt(e);if(16===t.length)At(r,t);else{const e=Se(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t=2**32)throw Error("ciphertext should be less than 4gb");const r=it(e),n=t.length/8-1;if(1===n)wt(r,t);else{const e=Se(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=$e(a);const{s0:n,s1:o,s2:c,s3:h}=ct(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=h}e[0]=i,e[1]=s}r.fill(0)}},bt=new Uint8Array(8).fill(166),kt=Pe({blockSize:8},(e=>({encrypt(t){if(Ee(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await vt.importKey("raw",this.key,r,!1,["encrypt"]);const n=await vt.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=M.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return Dt(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),Dt(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Dt(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(M.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Dt(t,e),this.clearSensitiveData(),t}}class Ct{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=ne(t);this.key=Et.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=Pt(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=Pt(e),r=new Uint8Array(e.length),n=Pt(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=Et.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Dt(e,t){const r=Math.min(e.length,t.length);for(let n=0;nnew Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));var Ut=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n){const i=R.read(R.symmetric,e);if(Bt&&St[i])return function(e,t,r,n){const i=R.read(R.symmetric,e),s=new Bt.createDecipheriv(St[i],t,n);return k(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(M.isStream(r)){const i=new Ct(!1,e,t,n);return k(r,(e=>i.processChunk(e)),(()=>i.finish()))}return gt(t,n).decrypt(r)}(e,t,r,n);const s=new(await ee(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const h=e=>{e&&(c=M.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;rnew Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(vt&&await Kt.isSupported(e)){const i=new Kt(e,t,n);return M.isStream(r)?k(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(M.isStream(r)){const i=new Ct(!0,e,t,n);return k(r,(e=>i.processChunk(e)),(()=>i.finish()))}return gt(t,n).encrypt(r)}(e,t,r,n);const a=new(await ee(e))(t),o=a.blockSize,c=n.slice();let h=new Uint8Array;const u=e=>{e&&(h=M.concatUint8Array([h,e]));const t=new Uint8Array(h.length);let r,n=0;for(;e?h.length>=o:h.length;){const e=a.encrypt(c);for(r=0;ri.encrypt(e),a=e=>i.decrypt(e);let o;function c(e,t,r,i){const a=t.length/Zt|0;!function(e,t){const r=M.nbits(Math.max(e.length,t.length)/Zt|0)-1;for(let e=n+1;e<=r;e++)o[e]=M.double(o[e-1]);n=r}(t,i);const c=M.concatUint8Array([rr.subarray(0,15-r.length),nr,r]),h=63&c[15];c[15]&=192;const u=s(c),l=M.concatUint8Array([u,tr(u.subarray(0,8),u.subarray(1,9))]),y=M.shiftRight(l.subarray(0+(h>>3),17+(h>>3)),8-(7&h)).subarray(1),f=new Uint8Array(Zt),g=new Uint8Array(t.length+$t);let p,d=0;for(p=0;p{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function pr(e,t){const r=e%t;return ryr;){const e=n&fr;n>>=fr;s=e?s*i%r:s,i=i*i%r}return s}function Ar(e){return e>=yr?e:-e}function wr(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=Ar(e),o=Ar(t);const c=eNumber.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function br(e,t){return(e>>BigInt(t)&fr)===yr?0:1}function kr(e){const t=e>=fr)!==t;)r++;return r}function Er(e){const t=e>=r)!==t;)n++;return n}function vr(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;oe&&(a=pr(a,i<pr(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return dr(t,e-Cr,e)===Cr}(e)&&!!function(e,t){const r=kr(e);t||(t=Math.max(1,r/48|0));const n=e-Cr;let i=0;for(;!br(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=dr(Sr(BigInt(2),n),s,e);if(r!==Cr&&r!==n){for(t=1;tBigInt(e)));const xr=[];function Qr(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r=8&!n;if(t)return M.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Lr(e,t,r){let n;if(t.length!==be.getHashByteLength(e))throw Error("Invalid hash length");const i=new Uint8Array(xr[e].length);for(n=0;n=t)throw Error("Data too large.");const c=pr(n,s-Fr),h=pr(n,i-Fr),u=Sr(BigInt(2),t),l=dr(wr(u,t),r,t);e=pr(e*l,t);const y=dr(e,h,i),f=dr(e,c,s),g=pr(a*(f-y),s);let p=g*i+y;return p=pr(p*u,t),Rr(vr(p,"be",Er(t)),o)}(e,t,r,n,i,s,a,o)},encrypt:async function(e,t,r){return M.getNodeCrypto()?async function(e,t,r){const n=Or(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:Nr.constants.RSA_PKCS1_PADDING};return new Uint8Array(Nr.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=gr(t),e=gr(Qr(e,Er(t))),r=gr(r),e>=t)throw Error("Message size cannot exceed modulus size");return vr(dr(e,r,t),"be",Er(t))}(e,t,r)},generate:async function(e,t){if(t=BigInt(t),M.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:vr(t),hash:{name:"SHA-1"}},n=await Mr.generateKey(r,!0,["sign","verify"]);return zr(await Mr.exportKey("jwk",n.privateKey),t)}if(M.getNodeCrypto()){const r={modulusLength:e,publicExponent:mr(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{Nr.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return zr(n,t)}let r,n,i;do{n=Dr(e-(e>>1),t,40),r=Dr(e>>1,t,40),i=r*n}while(kr(i)!==e);const s=(r-Fr)*(n-Fr);return n=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!M.isStream(t))if(M.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await Hr(r,n,i,s,a,o),h={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},u=await Mr.importKey("jwk",c,h,!1,["sign"]);return new Uint8Array(await Mr.sign("RSASSA-PKCS1-v1_5",u,t))}(R.read(R.webHash,e),t,r,n,i,s,a,o)}catch(e){M.printDebugError(e)}else if(M.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=Nr.createSign(R.read(R.hash,e));c.write(t),c.end();const h=await Hr(r,n,i,s,a,o);return new Uint8Array(c.sign({key:h,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=gr(t);const i=gr(Lr(e,n,Er(t)));return r=gr(r),vr(dr(i,r,t),"be",Er(t))}(e,r,i,c)},validateParams:async function(e,t,r,n,i,s){if(e=gr(e),(n=gr(n))*(i=gr(i))!==e)return!1;const a=BigInt(2);if(pr(n*(s=gr(s)),i)!==BigInt(1))return!1;t=gr(t),r=gr(r);const o=Sr(a,a<=r)throw Error("Signature size cannot exceed modulus size");const s=vr(dr(t,n,r),"be",Er(r)),a=Lr(e,i,Er(r));return M.equalsUint8Array(s,a)}(e,r,n,i,s)}});const Gr=BigInt(1);var jr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i){return e=gr(e),t=gr(t),r=gr(r),Rr(vr(pr(wr(dr(e,n=gr(n),r),r)*t,r),"be",Er(r)),i)},encrypt:async function(e,t,r,n){t=gr(t),r=gr(r),n=gr(n);const i=gr(Qr(e,Er(t))),s=Sr(Gr,t-Gr);return{c1:vr(dr(r,s,t)),c2:vr(pr(dr(n,s,t)*i,t))}},validateParams:async function(e,t,r,n){if(e=gr(e),t=gr(t),r=gr(r),t<=Gr||t>=e)return!1;const i=BigInt(kr(e));if(i>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=n>>24&255,e[t+5]=n>>16&255,e[t+6]=n>>8&255,e[t+7]=255&n}function on(e,t,r,n){return function(e,t,r,n,i){var s,a=0;for(s=0;s>>8)-1}(e,t,r,n,32)}function cn(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function hn(e){var t,r,n=1;for(t=0;t<16;t++)r=e[t]+n+65535,n=Math.floor(r/65536),e[t]=r-65536*n;e[0]+=n-1+37*(n-1)}function un(e,t,r){for(var n,i=~(r-1),s=0;s<16;s++)n=i&(e[s]^t[s]),e[s]^=n,t[s]^=n}function ln(e,t){var r,n,i,s=Jr(),a=Jr();for(r=0;r<16;r++)a[r]=t[r];for(hn(a),hn(a),hn(a),n=0;n<2;n++){for(s[0]=a[0]-65517,r=1;r<15;r++)s[r]=a[r]-65535-(s[r-1]>>16&1),s[r-1]&=65535;s[15]=a[15]-32767-(s[14]>>16&1),i=s[15]>>16&1,s[14]&=65535,un(a,s,1-i)}for(r=0;r<16;r++)e[2*r]=255&a[r],e[2*r+1]=a[r]>>8}function yn(e,t){var r=new Uint8Array(32),n=new Uint8Array(32);return ln(r,e),ln(n,t),on(r,0,n,0)}function fn(e){var t=new Uint8Array(32);return ln(t,e),1&t[0]}function gn(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function pn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]+r[n]}function dn(e,t,r){for(var n=0;n<16;n++)e[n]=t[n]-r[n]}function An(e,t,r){var n,i,s=0,a=0,o=0,c=0,h=0,u=0,l=0,y=0,f=0,g=0,p=0,d=0,A=0,w=0,m=0,b=0,k=0,E=0,v=0,B=0,I=0,S=0,K=0,C=0,D=0,P=0,U=0,x=0,Q=0,R=0,L=0,T=r[0],M=r[1],N=r[2],F=r[3],H=r[4],O=r[5],z=r[6],_=r[7],G=r[8],j=r[9],q=r[10],V=r[11],J=r[12],Y=r[13],W=r[14],Z=r[15];s+=(n=t[0])*T,a+=n*M,o+=n*N,c+=n*F,h+=n*H,u+=n*O,l+=n*z,y+=n*_,f+=n*G,g+=n*j,p+=n*q,d+=n*V,A+=n*J,w+=n*Y,m+=n*W,b+=n*Z,a+=(n=t[1])*T,o+=n*M,c+=n*N,h+=n*F,u+=n*H,l+=n*O,y+=n*z,f+=n*_,g+=n*G,p+=n*j,d+=n*q,A+=n*V,w+=n*J,m+=n*Y,b+=n*W,k+=n*Z,o+=(n=t[2])*T,c+=n*M,h+=n*N,u+=n*F,l+=n*H,y+=n*O,f+=n*z,g+=n*_,p+=n*G,d+=n*j,A+=n*q,w+=n*V,m+=n*J,b+=n*Y,k+=n*W,E+=n*Z,c+=(n=t[3])*T,h+=n*M,u+=n*N,l+=n*F,y+=n*H,f+=n*O,g+=n*z,p+=n*_,d+=n*G,A+=n*j,w+=n*q,m+=n*V,b+=n*J,k+=n*Y,E+=n*W,v+=n*Z,h+=(n=t[4])*T,u+=n*M,l+=n*N,y+=n*F,f+=n*H,g+=n*O,p+=n*z,d+=n*_,A+=n*G,w+=n*j,m+=n*q,b+=n*V,k+=n*J,E+=n*Y,v+=n*W,B+=n*Z,u+=(n=t[5])*T,l+=n*M,y+=n*N,f+=n*F,g+=n*H,p+=n*O,d+=n*z,A+=n*_,w+=n*G,m+=n*j,b+=n*q,k+=n*V,E+=n*J,v+=n*Y,B+=n*W,I+=n*Z,l+=(n=t[6])*T,y+=n*M,f+=n*N,g+=n*F,p+=n*H,d+=n*O,A+=n*z,w+=n*_,m+=n*G,b+=n*j,k+=n*q,E+=n*V,v+=n*J,B+=n*Y,I+=n*W,S+=n*Z,y+=(n=t[7])*T,f+=n*M,g+=n*N,p+=n*F,d+=n*H,A+=n*O,w+=n*z,m+=n*_,b+=n*G,k+=n*j,E+=n*q,v+=n*V,B+=n*J,I+=n*Y,S+=n*W,K+=n*Z,f+=(n=t[8])*T,g+=n*M,p+=n*N,d+=n*F,A+=n*H,w+=n*O,m+=n*z,b+=n*_,k+=n*G,E+=n*j,v+=n*q,B+=n*V,I+=n*J,S+=n*Y,K+=n*W,C+=n*Z,g+=(n=t[9])*T,p+=n*M,d+=n*N,A+=n*F,w+=n*H,m+=n*O,b+=n*z,k+=n*_,E+=n*G,v+=n*j,B+=n*q,I+=n*V,S+=n*J,K+=n*Y,C+=n*W,D+=n*Z,p+=(n=t[10])*T,d+=n*M,A+=n*N,w+=n*F,m+=n*H,b+=n*O,k+=n*z,E+=n*_,v+=n*G,B+=n*j,I+=n*q,S+=n*V,K+=n*J,C+=n*Y,D+=n*W,P+=n*Z,d+=(n=t[11])*T,A+=n*M,w+=n*N,m+=n*F,b+=n*H,k+=n*O,E+=n*z,v+=n*_,B+=n*G,I+=n*j,S+=n*q,K+=n*V,C+=n*J,D+=n*Y,P+=n*W,U+=n*Z,A+=(n=t[12])*T,w+=n*M,m+=n*N,b+=n*F,k+=n*H,E+=n*O,v+=n*z,B+=n*_,I+=n*G,S+=n*j,K+=n*q,C+=n*V,D+=n*J,P+=n*Y,U+=n*W,x+=n*Z,w+=(n=t[13])*T,m+=n*M,b+=n*N,k+=n*F,E+=n*H,v+=n*O,B+=n*z,I+=n*_,S+=n*G,K+=n*j,C+=n*q,D+=n*V,P+=n*J,U+=n*Y,x+=n*W,Q+=n*Z,m+=(n=t[14])*T,b+=n*M,k+=n*N,E+=n*F,v+=n*H,B+=n*O,I+=n*z,S+=n*_,K+=n*G,C+=n*j,D+=n*q,P+=n*V,U+=n*J,x+=n*Y,Q+=n*W,R+=n*Z,b+=(n=t[15])*T,a+=38*(E+=n*N),o+=38*(v+=n*F),c+=38*(B+=n*H),h+=38*(I+=n*O),u+=38*(S+=n*z),l+=38*(K+=n*_),y+=38*(C+=n*G),f+=38*(D+=n*j),g+=38*(P+=n*q),p+=38*(U+=n*V),d+=38*(x+=n*J),A+=38*(Q+=n*Y),w+=38*(R+=n*W),m+=38*(L+=n*Z),s=(n=(s+=38*(k+=n*M))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s=(n=(s+=i-1+37*(i-1))+(i=1)+65535)-65536*(i=Math.floor(n/65536)),a=(n=a+i+65535)-65536*(i=Math.floor(n/65536)),o=(n=o+i+65535)-65536*(i=Math.floor(n/65536)),c=(n=c+i+65535)-65536*(i=Math.floor(n/65536)),h=(n=h+i+65535)-65536*(i=Math.floor(n/65536)),u=(n=u+i+65535)-65536*(i=Math.floor(n/65536)),l=(n=l+i+65535)-65536*(i=Math.floor(n/65536)),y=(n=y+i+65535)-65536*(i=Math.floor(n/65536)),f=(n=f+i+65535)-65536*(i=Math.floor(n/65536)),g=(n=g+i+65535)-65536*(i=Math.floor(n/65536)),p=(n=p+i+65535)-65536*(i=Math.floor(n/65536)),d=(n=d+i+65535)-65536*(i=Math.floor(n/65536)),A=(n=A+i+65535)-65536*(i=Math.floor(n/65536)),w=(n=w+i+65535)-65536*(i=Math.floor(n/65536)),m=(n=m+i+65535)-65536*(i=Math.floor(n/65536)),b=(n=b+i+65535)-65536*(i=Math.floor(n/65536)),s+=i-1+37*(i-1),e[0]=s,e[1]=a,e[2]=o,e[3]=c,e[4]=h,e[5]=u,e[6]=l,e[7]=y,e[8]=f,e[9]=g,e[10]=p,e[11]=d,e[12]=A,e[13]=w,e[14]=m,e[15]=b}function wn(e,t){An(e,t,t)}function mn(e,t){var r,n=Jr();for(r=0;r<16;r++)n[r]=t[r];for(r=253;r>=0;r--)wn(n,n),2!==r&&4!==r&&An(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}function bn(e,t,r){var n,i,s=new Uint8Array(32),a=new Float64Array(80),o=Jr(),c=Jr(),h=Jr(),u=Jr(),l=Jr(),y=Jr();for(i=0;i<31;i++)s[i]=t[i];for(s[31]=127&t[31]|64,s[0]&=248,gn(a,r),i=0;i<16;i++)c[i]=a[i],u[i]=o[i]=h[i]=0;for(o[0]=u[0]=1,i=254;i>=0;--i)un(o,c,n=s[i>>>3]>>>(7&i)&1),un(h,u,n),pn(l,o,h),dn(o,o,h),pn(h,c,u),dn(c,c,u),wn(u,l),wn(y,o),An(o,h,o),An(h,c,l),pn(l,o,h),dn(o,o,h),wn(c,o),dn(h,u,y),An(o,h,Xr),pn(o,o,u),An(h,h,o),An(o,u,y),An(u,c,a),wn(c,l),un(o,c,n),un(h,u,n);for(i=0;i<16;i++)a[i+16]=o[i],a[i+32]=h[i],a[i+48]=c[i],a[i+64]=u[i];var f=a.subarray(32),g=a.subarray(16);return mn(f,f),An(g,g,f),ln(e,g),0}function kn(e,t){return bn(e,t,Wr)}var En=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function vn(e,t,r,n){for(var i,s,a,o,c,h,u,l,y,f,g,p,d,A,w,m,b,k,E,v,B,I,S,K,C,D,P=new Int32Array(16),U=new Int32Array(16),x=e[0],Q=e[1],R=e[2],L=e[3],T=e[4],M=e[5],N=e[6],F=e[7],H=t[0],O=t[1],z=t[2],_=t[3],G=t[4],j=t[5],q=t[6],V=t[7],J=0;n>=128;){for(E=0;E<16;E++)v=8*E+J,P[E]=r[v+0]<<24|r[v+1]<<16|r[v+2]<<8|r[v+3],U[E]=r[v+4]<<24|r[v+5]<<16|r[v+6]<<8|r[v+7];for(E=0;E<80;E++)if(i=x,s=Q,a=R,o=L,c=T,h=M,u=N,F,y=H,f=O,g=z,p=_,d=G,A=j,w=q,V,S=65535&(I=V),K=I>>>16,C=65535&(B=F),D=B>>>16,S+=65535&(I=(G>>>14|T<<18)^(G>>>18|T<<14)^(T>>>9|G<<23)),K+=I>>>16,C+=65535&(B=(T>>>14|G<<18)^(T>>>18|G<<14)^(G>>>9|T<<23)),D+=B>>>16,S+=65535&(I=G&j^~G&q),K+=I>>>16,C+=65535&(B=T&M^~T&N),D+=B>>>16,B=En[2*E],S+=65535&(I=En[2*E+1]),K+=I>>>16,C+=65535&B,D+=B>>>16,B=P[E%16],K+=(I=U[E%16])>>>16,C+=65535&B,D+=B>>>16,C+=(K+=(S+=65535&I)>>>16)>>>16,S=65535&(I=k=65535&S|K<<16),K=I>>>16,C=65535&(B=b=65535&C|(D+=C>>>16)<<16),D=B>>>16,S+=65535&(I=(H>>>28|x<<4)^(x>>>2|H<<30)^(x>>>7|H<<25)),K+=I>>>16,C+=65535&(B=(x>>>28|H<<4)^(H>>>2|x<<30)^(H>>>7|x<<25)),D+=B>>>16,K+=(I=H&O^H&z^O&z)>>>16,C+=65535&(B=x&Q^x&R^Q&R),D+=B>>>16,l=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(D+=C>>>16)<<16,m=65535&S|K<<16,S=65535&(I=p),K=I>>>16,C=65535&(B=o),D=B>>>16,K+=(I=k)>>>16,C+=65535&(B=b),D+=B>>>16,Q=i,R=s,L=a,T=o=65535&(C+=(K+=(S+=65535&I)>>>16)>>>16)|(D+=C>>>16)<<16,M=c,N=h,F=u,x=l,O=y,z=f,_=g,G=p=65535&S|K<<16,j=d,q=A,V=w,H=m,E%16==15)for(v=0;v<16;v++)B=P[v],S=65535&(I=U[v]),K=I>>>16,C=65535&B,D=B>>>16,B=P[(v+9)%16],S+=65535&(I=U[(v+9)%16]),K+=I>>>16,C+=65535&B,D+=B>>>16,b=P[(v+1)%16],S+=65535&(I=((k=U[(v+1)%16])>>>1|b<<31)^(k>>>8|b<<24)^(k>>>7|b<<25)),K+=I>>>16,C+=65535&(B=(b>>>1|k<<31)^(b>>>8|k<<24)^b>>>7),D+=B>>>16,b=P[(v+14)%16],K+=(I=((k=U[(v+14)%16])>>>19|b<<13)^(b>>>29|k<<3)^(k>>>6|b<<26))>>>16,C+=65535&(B=(b>>>19|k<<13)^(k>>>29|b<<3)^b>>>6),D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,P[v]=65535&C|D<<16,U[v]=65535&S|K<<16;S=65535&(I=H),K=I>>>16,C=65535&(B=x),D=B>>>16,B=e[0],K+=(I=t[0])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[0]=x=65535&C|D<<16,t[0]=H=65535&S|K<<16,S=65535&(I=O),K=I>>>16,C=65535&(B=Q),D=B>>>16,B=e[1],K+=(I=t[1])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[1]=Q=65535&C|D<<16,t[1]=O=65535&S|K<<16,S=65535&(I=z),K=I>>>16,C=65535&(B=R),D=B>>>16,B=e[2],K+=(I=t[2])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[2]=R=65535&C|D<<16,t[2]=z=65535&S|K<<16,S=65535&(I=_),K=I>>>16,C=65535&(B=L),D=B>>>16,B=e[3],K+=(I=t[3])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[3]=L=65535&C|D<<16,t[3]=_=65535&S|K<<16,S=65535&(I=G),K=I>>>16,C=65535&(B=T),D=B>>>16,B=e[4],K+=(I=t[4])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[4]=T=65535&C|D<<16,t[4]=G=65535&S|K<<16,S=65535&(I=j),K=I>>>16,C=65535&(B=M),D=B>>>16,B=e[5],K+=(I=t[5])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[5]=M=65535&C|D<<16,t[5]=j=65535&S|K<<16,S=65535&(I=q),K=I>>>16,C=65535&(B=N),D=B>>>16,B=e[6],K+=(I=t[6])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[6]=N=65535&C|D<<16,t[6]=q=65535&S|K<<16,S=65535&(I=V),K=I>>>16,C=65535&(B=F),D=B>>>16,B=e[7],K+=(I=t[7])>>>16,C+=65535&B,D+=B>>>16,D+=(C+=(K+=(S+=65535&I)>>>16)>>>16)>>>16,e[7]=F=65535&C|D<<16,t[7]=V=65535&S|K<<16,J+=128,n-=128}return n}function Bn(e,t,r){var n,i=new Int32Array(8),s=new Int32Array(8),a=new Uint8Array(256),o=r;for(i[0]=1779033703,i[1]=3144134277,i[2]=1013904242,i[3]=2773480762,i[4]=1359893119,i[5]=2600822924,i[6]=528734635,i[7]=1541459225,s[0]=4089235720,s[1]=2227873595,s[2]=4271175723,s[3]=1595750129,s[4]=2917565137,s[5]=725511199,s[6]=4215389547,s[7]=327033209,vn(i,s,t,r),r%=128,n=0;n=0;--i)Sn(e,t,n=r[i/8|0]>>(7&i)&1),In(t,e),In(e,e),Sn(e,t,n)}function Dn(e,t){var r=[Jr(),Jr(),Jr(),Jr()];cn(r[0],rn),cn(r[1],nn),cn(r[2],$r),An(r[3],rn,nn),Cn(e,r,t)}function Pn(e,t,r){var n,i=new Uint8Array(64),s=[Jr(),Jr(),Jr(),Jr()];for(r||Yr(t,32),Bn(i,t,32),i[0]&=248,i[31]&=127,i[31]|=64,Dn(s,i),Kn(e,s),n=0;n<32;n++)t[n+32]=e[n];return 0}var Un=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function xn(e,t){var r,n,i,s;for(n=63;n>=32;--n){for(r=0,i=n-32,s=n-12;i>4)*Un[i],r=t[i]>>8,t[i]&=255;for(i=0;i<32;i++)t[i]-=r*Un[i];for(n=0;n<32;n++)t[n+1]+=t[n]>>8,e[n]=255&t[n]}function Qn(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;xn(e,r)}function Rn(e,t){var r=Jr(),n=Jr(),i=Jr(),s=Jr(),a=Jr(),o=Jr(),c=Jr();return cn(e[2],$r),gn(e[1],t),wn(i,e[1]),An(s,i,en),dn(i,i,e[2]),pn(s,e[2],s),wn(a,s),wn(o,a),An(c,o,a),An(r,c,i),An(r,r,s),function(e,t){var r,n=Jr();for(r=0;r<16;r++)n[r]=t[r];for(r=250;r>=0;r--)wn(n,n),1!==r&&An(n,n,t);for(r=0;r<16;r++)e[r]=n[r]}(r,r),An(r,r,i),An(r,r,s),An(r,r,s),An(e[0],r,s),wn(n,e[0]),An(n,n,s),yn(n,i)&&An(e[0],e[0],sn),wn(n,e[0]),An(n,n,s),yn(n,i)?-1:(fn(e[0])===t[31]>>7&&dn(e[0],Zr,e[0]),An(e[3],e[0],e[1]),0)}var Ln=64;function Tn(){for(var e=0;e=0},Vr.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Pn(e,t),{publicKey:e,secretKey:t}},Vr.sign.keyPair.fromSecretKey=function(e){if(Tn(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return M.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return M.uint8ArrayToHex(this.oid)}getName(){const e=Mn[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Fn(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=M.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Hn(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):M.concatUint8Array([new Uint8Array([255]),M.writeNumber(e,4)])}function On(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function zn(e){return new Uint8Array([192|e])}function _n(e,t){return M.concatUint8Array([zn(e),Hn(t)])}function Gn(e){return[R.packet.literalData,R.packet.compressedData,R.packet.symmetricallyEncryptedData,R.packet.symEncryptedIntegrityProtectedData,R.packet.aeadEncryptedData].includes(e)}async function jn(e,t){const r=U(e);let n,i;try{const s=await r.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const o=await r.readByte();let c,h,u=-1,l=-1;l=0,64&o&&(l=1),l?u=63&o:(u=(63&o)>>2,h=3&o);const y=Gn(u);let f,g=null;if(y){if("array"===M.isStream(e)){const e=new a;n=x(e),g=e}else{const e=new TransformStream;n=x(e.writable),g=e.readable}i=t({tag:u,packet:g})}else g=[];do{if(l){const e=await r.readByte();if(f=!1,e<192)c=e;else if(e>=192&&e<224)c=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(c=1<<(31&e),f=!0,!y)throw new TypeError("This packet type does not support partial lengths.")}else c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(h){case 0:c=await r.readByte();break;case 1:c=await r.readByte()<<8|await r.readByte();break;case 2:c=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:c=1/0}if(c>0){let e=0;for(;;){n&&await n.ready;const{done:t,value:i}=await r.read();if(t){if(c===1/0)break;throw Error("Unexpected end of packet")}const s=c===1/0?i:i.subarray(0,c-e);if(n?await n.write(s):g.push(s),e+=i.length,e>=c){r.unshift(i.subarray(c-e+i.length));break}}}}while(f);const p=await r.peekBytes(y?1/0:2);return n?(await n.ready,await n.close()):(g=M.concatUint8Array(g),await t({tag:u,packet:g})),!p||!p.length}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i,r.releaseLock()}}class qn extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,qn),this.name="UnsupportedError"}}class Vn extends qn{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,qn),this.name="UnknownPacketError"}}class Jn{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function Yn(e){switch(e){case R.publicKey.ed25519:try{const e=M.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(_(n.x)),seed:_(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=Ir($n(e)),{publicKey:n}=Vr.sign.keyPair.fromSeed(r);return{A:n,seed:r}}case R.publicKey.ed448:{const e=await M.getNobleCurve(R.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function Wn(e,t,r,n,i,s){if(be.getHashByteLength(t){if(e===R.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:G(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},ti=(e,t,r)=>{if(e===R.publicKey.ed25519){const n=ei(e,t);return n.d=G(r),n}throw Error("Unsupported EdDSA algorithm")};var ri=/*#__PURE__*/Object.freeze({__proto__:null,generate:Yn,getPayloadSize:$n,getPreferredHashAlgo:Xn,sign:Wn,validateParams:async function(e,t,r){switch(e){case R.publicKey.ed25519:{const{publicKey:e}=Vr.sign.keyPair.fromSeed(r);return M.equalsUint8Array(t,e)}case R.publicKey.ed448:{const e=(await M.getNobleCurve(R.publicKey.ed448)).getPublicKey(r);return M.equalsUint8Array(t,e)}default:return!1}},verify:Zn});const ni=M.getWebCrypto();async function ii(e,t,r){const{keySize:n}=ne(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await ni.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await ni.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await ni.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;M.printDebugError("Browser did not support operation: "+e.message)}return kt(t).encrypt(r)}async function si(e,t,r){const{keySize:n}=ne(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await ni.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return M.printDebugError("Browser did not support operation: "+e.message),kt(t).decrypt(r)}try{const e=await ni.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await ni.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}var ai=/*#__PURE__*/Object.freeze({__proto__:null,unwrap:si,wrap:ii});const oi=M.getWebCrypto();async function ci(e,t,r,n,i){const s=R.read(R.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const a=await oi.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await oi.deriveBits({name:"HKDF",hash:s,salt:r,info:n},a,8*i);return new Uint8Array(o)}const hi={x25519:M.encodeUTF8("OpenPGP X25519"),x448:M.encodeUTF8("OpenPGP X448")};async function ui(e){switch(e){case R.publicKey.x25519:{const e=Ir(32),{publicKey:t}=Vr.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case R.publicKey.x448:{const e=await M.getNobleCurve(R.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}function li(e){switch(e){case R.publicKey.x25519:return 32;case R.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function yi(e,t){switch(e){case R.publicKey.x25519:{const r=Ir(li(e)),n=Vr.scalarMult(r,t);gi(n);const{publicKey:i}=Vr.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:i,sharedSecret:n}}case R.publicKey.x448:{const e=await M.getNobleCurve(R.publicKey.x448),r=e.utils.randomPrivateKey(),n=e.getSharedSecret(r,t);gi(n);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:n}}default:throw Error("Unsupported ECDH algorithm")}}async function fi(e,t,r,n){switch(e){case R.publicKey.x25519:{const e=Vr.scalarMult(n,t);return gi(e),e}case R.publicKey.x448:{const e=(await M.getNobleCurve(R.publicKey.x448)).getSharedSecret(n,t);return gi(e),e}default:throw Error("Unsupported ECDH algorithm")}}function gi(e){let t=0;for(let r=0;r0===s[0]&&Qi(a,r,s.subarray(1),i);if(n&&!M.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=Ki(e.payloadSize,wi[e.name],s),o=await Di.importKey("jwk",a,{name:"ECDSA",namedCurve:wi[e.name],hash:{name:R.read(R.webHash,e.hash)}},!1,["verify"]),c=M.concatUint8Array([r,n]).buffer;return Di.verify({name:"ECDSA",namedCurve:wi[e.name],hash:{name:R.read(R.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;M.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=M.nodeRequire("eckey-utils"),o=M.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:bi[e.name],publicKey:o.from(s)}),h=Pi.createVerify(R.read(R.hash,t));h.write(i),h.end();const u=M.concatUint8Array([r,n]);try{return h.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},u)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await Qi(a,r,s,i)||o()}async function Qi(e,t,r,n){return(await M.getNobleCurve(R.publicKey.ecdsa,e.name)).verify(M.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var Ri=/*#__PURE__*/Object.freeze({__proto__:null,sign:Ui,validateParams:async function(e,t,r){const n=new Ei(e);if(n.keyType!==R.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=Ir(8),i=R.hash.sha256,s=await be.digest(i,n);try{const a=await Ui(e,i,n,t,r,s);return await xi(e,i,a,n,t,s)}catch(e){return!1}}default:return vi(R.publicKey.ecdsa,e,t,r)}},verify:xi});var Li=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){if(Bi(new Ei(e),n),be.getHashByteLength(t)0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(M.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}var Ni=/*#__PURE__*/Object.freeze({__proto__:null,decode:Mi,encode:Ti});const Fi=M.getWebCrypto(),Hi=M.getNodeCrypto();function Oi(e,t,r,n){return M.concatUint8Array([t.write(),new Uint8Array([e]),r.write(),M.stringToUint8Array("Anonymous Sender "),n])}async function zi(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await be.digest(e,M.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function _i(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await yi(R.publicKey.x25519,t.subarray(1));return{publicKey:M.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t){const r=Ki(e.payloadSize,e.web,t);let n=Fi.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),i=Fi.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[n,i]=await Promise.all([n,i]);let s=Fi.deriveBits({name:"ECDH",namedCurve:e.web,public:i},n.privateKey,e.sharedSize),a=Fi.exportKey("jwk",n.publicKey);[s,a]=await Promise.all([s,a]);const o=new Uint8Array(s),c=new Uint8Array(Si(a,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return M.printDebugError(r),qi(e,t)}break;case"node":return async function(e,t){const r=Hi.createECDH(e.node);r.generateKeys();const n=new Uint8Array(r.computeSecret(t)),i=new Uint8Array(r.getPublicKey());return{publicKey:i,sharedKey:n}}(e,t);default:return qi(e,t)}}async function Gi(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await fi(R.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t,r,n){const i=Ci(e.payloadSize,e.web,r,n);let s=Fi.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const a=Ki(e.payloadSize,e.web,t);let o=Fi.importKey("jwk",a,{name:"ECDH",namedCurve:e.web},!0,[]);[s,o]=await Promise.all([s,o]);let c=Fi.deriveBits({name:"ECDH",namedCurve:e.web,public:o},s,e.sharedSize),h=Fi.exportKey("jwk",s);[c,h]=await Promise.all([c,h]);const u=new Uint8Array(c);return{secretKey:_(h.d),sharedKey:u}}(e,t,r,n)}catch(r){return M.printDebugError(r),ji(e,t,n)}break;case"node":return async function(e,t,r){const n=Hi.createECDH(e.node);n.setPrivateKey(r);const i=new Uint8Array(n.computeSecret(t));return{secretKey:new Uint8Array(n.getPrivateKey()),sharedKey:i}}(e,t,n);default:return ji(e,t,n)}}async function ji(e,t,r){return{secretKey:r,sharedKey:(await M.getNobleCurve(R.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function qi(e,t){const r=await M.getNobleCurve(R.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var Vi=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:async function(e,t,r,n,i,s,a){const o=new Ei(e);Bi(o,i),Bi(o,r);const{sharedKey:c}=await Gi(o,r,i,s),h=Oi(R.publicKey.ecdh,e,t,a),{keySize:u}=ne(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await zi(t.hash,c,u,h,1===e,2===e);return Mi(await si(t.cipher,r,n))}catch(e){l=e}throw l},encrypt:async function(e,t,r,n,i){const s=Ti(r),a=new Ei(e);Bi(a,n);const{publicKey:o,sharedKey:c}=await _i(a,n),h=Oi(R.publicKey.ecdh,e,t,i),{keySize:u}=ne(t.cipher),l=await zi(t.hash,c,u,h);return{publicKey:o,wrappedKey:await ii(t.cipher,l,s)}},validateParams:async function(e,t,r){return vi(R.publicKey.ecdh,e,t,r)}}),Ji=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Ei,ecdh:Vi,ecdhX:pi,ecdsa:Ri,eddsa:ri,eddsaLegacy:Li,generate:async function(e){const t=new Ei(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:M.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}},getPreferredHashAlgo:function(e){return ki[e.getName()].hash}});const Yi=BigInt(0),Wi=BigInt(1);var Zi=/*#__PURE__*/Object.freeze({__proto__:null,sign:async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,h,u;n=gr(n),i=gr(i),r=gr(r),s=gr(s),r=pr(r,n),s=pr(s,i);const l=pr(gr(t.subarray(0,Er(i))),i);for(;;){if(o=Sr(Wi,i),c=pr(dr(r,o,n),i),c===a)continue;const e=pr(s*c,i);if(u=pr(l+e,i),h=pr(wr(o,i)*u,i),h!==a)break}return{r:vr(c,"be",Er(n)),s:vr(h,"be",Er(n))}},validateParams:async function(e,t,r,n,i){if(e=gr(e),t=gr(t),r=gr(r),n=gr(n),r<=Wi||r>=e)return!1;if(pr(e-Wi,t)!==Yi)return!1;if(dr(r,t,e)!==Wi)return!1;const s=BigInt(kr(t));if(s=a||r<=Yi||r>=a)return M.printDebug("invalid DSA Signature"),!1;const c=pr(gr(n.subarray(0,Er(a))),a),h=wr(r,a);if(h===Yi)return M.printDebug("invalid DSA Signature"),!1;i=pr(i,s),o=pr(o,s);const u=pr(c*h,a),l=pr(t*h,a);return pr(pr(dr(i,u,s)*dr(o,l,s),s),a)===t}}),$i={rsa:_r,elgamal:jr,elliptic:Ji,dsa:Zi};var Xi=/*#__PURE__*/Object.freeze({__proto__:null,parseSignatureParams:function(e,t){let r=0;switch(e){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:case R.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case R.publicKey.dsa:case R.publicKey.ecdsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case R.publicKey.eddsaLegacy:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case R.publicKey.ed25519:case R.publicKey.ed448:{const n=2*$i.elliptic.eddsa.getPayloadSize(e),i=M.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}default:throw new qn("Unknown signature algorithm.")}},sign:async function(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:case R.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:h,u}=n;return{s:await $i.rsa.sign(t,i,e,a,o,c,h,u,s)}}case R.publicKey.dsa:{const{g:e,p:i,q:a}=r,{x:o}=n;return $i.dsa.sign(t,s,e,i,a,o)}case R.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case R.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return $i.elliptic.ecdsa.sign(e,t,i,a,o,s)}case R.publicKey.eddsaLegacy:{const{oid:e,Q:a}=r,{seed:o}=n;return $i.elliptic.eddsaLegacy.sign(e,t,i,a,o,s)}case R.publicKey.ed25519:case R.publicKey.ed448:{const{A:a}=r,{seed:o}=n;return $i.elliptic.eddsa.sign(e,t,i,a,o,s)}default:throw Error("Unknown signature algorithm.")}},verify:async function(e,t,r,n,i,s){switch(e){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:case R.publicKey.rsaSign:{const{n:e,e:a}=n,o=M.leftPad(r.s,e.length);return $i.rsa.verify(t,i,o,e,a,s)}case R.publicKey.dsa:{const{g:e,p:i,q:a,y:o}=n,{r:c,s:h}=r;return $i.dsa.verify(t,c,h,s,e,i,a,o)}case R.publicKey.ecdsa:{const{oid:e,Q:a}=n,o=new $i.elliptic.CurveWithOID(e).payloadSize,c=M.leftPad(r.r,o),h=M.leftPad(r.s,o);return $i.elliptic.ecdsa.verify(e,t,{r:c,s:h},i,a,s)}case R.publicKey.eddsaLegacy:{const{oid:e,Q:a}=n,o=new $i.elliptic.CurveWithOID(e).payloadSize,c=M.leftPad(r.r,o),h=M.leftPad(r.s,o);return $i.elliptic.eddsaLegacy.verify(e,t,{r:c,s:h},i,a,s)}case R.publicKey.ed25519:case R.publicKey.ed448:{const{A:a}=n;return $i.elliptic.eddsa.verify(e,t,r,i,a,s)}default:throw Error("Unknown signature algorithm.")}}});class es{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return M.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class ts{constructor(e){if(e){const{hash:t,cipher:r}=e;this.hash=t,this.cipher=r}else this.hash=null,this.cipher=null}read(e){if(e.length<4||3!==e[0]||1!==e[1])throw new qn("Cannot read KDFParams");return this.hash=e[2],this.cipher=e[3],4}write(){return new Uint8Array([3,1,this.hash,this.cipher])}}class rs{static fromObject({wrappedKey:e,algorithm:t}){const r=new rs;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=M.readExactSubarray(e,t,t+r),t+=r}write(){return M.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}function ns(e){try{e.getName()}catch(e){throw new qn("Unknown curve OID")}}function is(e,t){switch(e){case R.publicKey.ecdsa:case R.publicKey.ecdh:case R.publicKey.eddsaLegacy:return new $i.elliptic.CurveWithOID(t).payloadSize;case R.publicKey.ed25519:case R.publicKey.ed448:return $i.elliptic.eddsa.getPayloadSize(e);case R.publicKey.x25519:case R.publicKey.x448:return $i.elliptic.ecdhX.getPayloadSize(e);default:throw Error("Unknown elliptic algo")}}var ss=/*#__PURE__*/Object.freeze({__proto__:null,generateParams:function(e,t,r){switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:return $i.rsa.generate(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case R.publicKey.ecdsa:return $i.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Nn(e),Q:t}})));case R.publicKey.eddsaLegacy:return $i.elliptic.generate(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Nn(e),Q:t}})));case R.publicKey.ecdh:return $i.elliptic.generate(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new Nn(e),Q:t,kdfParams:new ts({hash:n,cipher:i})}})));case R.publicKey.ed25519:case R.publicKey.ed448:return $i.elliptic.eddsa.generate(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case R.publicKey.x25519:case R.publicKey.x448:return $i.elliptic.ecdhX.generate(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case R.publicKey.dsa:case R.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}},generateSessionKey:function(e){const{keySize:t}=ne(e);return Ir(t)},getAEADMode:function(e){const t=R.read(R.aead,e);return lr[t]},getCipherParams:ne,getCurvePayloadSize:is,getPreferredCurveHashAlgo:function(e,t){switch(e){case R.publicKey.ecdsa:case R.publicKey.eddsaLegacy:return $i.elliptic.getPreferredHashAlgo(t);case R.publicKey.ed25519:case R.publicKey.ed448:return $i.elliptic.eddsa.getPreferredHashAlgo(e);default:throw Error("Unknown elliptic signing algo")}},getPrefixRandom:async function(e){const{blockSize:t}=ne(e),r=await Ir(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return M.concat([r,n])},parseEncSessionKeyParams:function(e,t){let r=0;switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:return{c:M.readMPI(t.subarray(r))};case R.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));r+=e.length+2;return{c1:e,c2:M.readMPI(t.subarray(r))}}case R.publicKey.ecdh:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=new es;return n.read(t.subarray(r)),{V:e,C:n}}case R.publicKey.x25519:case R.publicKey.x448:{const n=is(e),i=M.readExactSubarray(t,r,r+n);r+=i.length;const s=new rs;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}default:throw new qn("Unknown public key encryption algorithm.")}},parsePrivateKeyParams:function(e,t,r){let n=0;switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:{const e=M.readMPI(t.subarray(n));n+=e.length+2;const r=M.readMPI(t.subarray(n));n+=r.length+2;const i=M.readMPI(t.subarray(n));n+=i.length+2;const s=M.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case R.publicKey.dsa:case R.publicKey.elgamal:{const e=M.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case R.publicKey.ecdsa:case R.publicKey.ecdh:{const i=is(e,r.oid);let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{d:s}}}case R.publicKey.eddsaLegacy:{const i=is(e,r.oid);if(r.oid.getName()!==R.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{seed:s}}}case R.publicKey.ed25519:case R.publicKey.ed448:{const r=is(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case R.publicKey.x25519:case R.publicKey.x448:{const r=is(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}default:throw new qn("Unknown public key encryption algorithm.")}},parsePublicKeyParams:function(e,t){let r=0;switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case R.publicKey.dsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));r+=i.length+2;const s=M.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case R.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case R.publicKey.ecdsa:{const e=new Nn;r+=e.read(t),ns(e);const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case R.publicKey.eddsaLegacy:{const e=new Nn;if(r+=e.read(t),ns(e),e.getName()!==R.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=M.readMPI(t.subarray(r));return r+=n.length+2,n=M.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case R.publicKey.ecdh:{const e=new Nn;r+=e.read(t),ns(e);const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=new ts;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case R.publicKey.ed25519:case R.publicKey.ed448:case R.publicKey.x25519:case R.publicKey.x448:{const n=M.readExactSubarray(t,r,r+is(e));return r+=n.length,{read:r,publicParams:{A:n}}}default:throw new qn("Unknown public key encryption algorithm.")}},publicKeyDecrypt:async function(e,t,r,n,i,s){switch(e){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:h,u}=r;return $i.rsa.decrypt(e,i,a,o,c,h,u,s)}case R.publicKey.elgamal:{const{c1:e,c2:i}=n,a=t.p,o=r.x;return $i.elgamal.decrypt(e,i,a,o,s)}case R.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:h}=n;return $i.elliptic.ecdh.decrypt(e,a,c,h.data,s,o,i)}case R.publicKey.x25519:case R.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!M.isAES(o.algorithm))throw Error("AES session key expected");return $i.elliptic.ecdhX.decrypt(e,a,o.wrappedKey,i,s)}default:throw Error("Unknown public key encryption algorithm.")}},publicKeyEncrypt:async function(e,t,r,n,i){switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await $i.rsa.encrypt(n,e,t)}}case R.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return $i.elgamal.encrypt(n,e,t,i)}case R.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:s}=r,{publicKey:a,wrappedKey:o}=await $i.elliptic.ecdh.encrypt(e,s,n,t,i);return{V:a,C:new es(o)}}case R.publicKey.x25519:case R.publicKey.x448:{if(t&&!M.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:s,wrappedKey:a}=await $i.elliptic.ecdhX.encrypt(e,n,i);return{ephemeralPublicKey:s,C:rs.fromObject({algorithm:t,wrappedKey:a})}}default:return[]}},serializeParams:function(e,t){const r=new Set([R.publicKey.ed25519,R.publicKey.x25519,R.publicKey.ed448,R.publicKey.x448]),n=Object.keys(t).map((n=>{const i=t[n];return M.isUint8Array(i)?r.has(e)?i:M.uint8ArrayToMPI(i):i.write()}));return M.concatUint8Array(n)},validateParams:async function(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return $i.rsa.validateParams(e,n,i,s,a,o)}case R.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return $i.dsa.validateParams(e,n,i,s,a)}case R.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return $i.elgamal.validateParams(e,n,i,s)}case R.publicKey.ecdsa:case R.publicKey.ecdh:{const n=$i.elliptic[R.read(R.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case R.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return $i.elliptic.eddsaLegacy.validateParams(n,e,i)}case R.publicKey.ed25519:case R.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return $i.elliptic.eddsa.validateParams(e,n,i)}case R.publicKey.x25519:case R.publicKey.x448:{const{A:n}=t,{k:i}=r;return $i.elliptic.ecdhX.validateParams(e,n,i)}default:throw Error("Unknown public key algorithm.")}}});const as={cipher:ie,hash:be,mode:lr,publicKey:$i,signature:Xi,random:Kr,pkcs1:Tr,pkcs5:Ni,aesKW:ai};Object.assign(as,ss);class os extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,os),this.name="Argon2OutOfMemoryError"}}let cs,hs;class us{constructor(e=L){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=as.random.getRandomBytes(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([R.write(R.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return M.concatUint8Array(e)}async produceKey(e,t){const r=2<1048576&&(hs=cs(),hs.catch((()=>{}))),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new os("Could not allocate required memory for Argon2"):e}}}class ls{constructor(e,t=L){this.algorithm=R.hash.sha256,this.type=R.read(R.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=as.random.getRandomBytes(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==M.uint8ArrayToString(e.subarray(t,t+3)))throw new qn("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new qn("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new qn("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...M.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([R.write(R.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return M.concatUint8Array(e)}async produceKey(e,t){e=M.encodeUTF8(e);const r=[];let n=0,i=0;for(;n>>1|(21845&Ds)<<1;Ps=(61680&(Ps=(52428&Ps)>>>2|(13107&Ps)<<2))>>>4|(3855&Ps)<<4,Cs[Ds]=((65280&Ps)>>>8|(255&Ps)<<8)>>>1}var Us=function(e,t,r){for(var n=e.length,i=0,s=new ds(t);i>>c]=h}else for(a=new ds(n),i=0;i>>15-e[i]);return a},xs=new ps(288);for(Ds=0;Ds<144;++Ds)xs[Ds]=8;for(Ds=144;Ds<256;++Ds)xs[Ds]=9;for(Ds=256;Ds<280;++Ds)xs[Ds]=7;for(Ds=280;Ds<288;++Ds)xs[Ds]=8;var Qs=new ps(32);for(Ds=0;Ds<32;++Ds)Qs[Ds]=5;var Rs=/*#__PURE__*/Us(xs,9,0),Ls=/*#__PURE__*/Us(xs,9,1),Ts=/*#__PURE__*/Us(Qs,5,0),Ms=/*#__PURE__*/Us(Qs,5,1),Ns=function(e){for(var t=e[0],r=1;rt&&(t=e[r]);return t},Fs=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},Hs=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Os=function(e){return(e+7)/8|0},zs=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var n=new(2==e.BYTES_PER_ELEMENT?ds:4==e.BYTES_PER_ELEMENT?As:ps)(r-t);return n.set(e.subarray(t,r)),n},_s=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Gs=function(e,t,r){var n=Error(t||_s[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,Gs),!r)throw n;return n},js=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8},qs=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>>8,e[n+2]|=r>>>16},Vs=function(e,t){for(var r=[],n=0;ny&&(y=s[n].s);var f=new ds(y+1),g=Js(r[u-1],f,0);if(g>t){n=0;var p=0,d=g-t,A=1<t))break;p+=A-(1<>>=d;p>0;){var m=s[n].s;f[m]=0&&p;--n){var b=s[n].s;f[b]==t&&(--f[b],++p)}g=t}return[new ps(f),g]},Js=function(e,t,r){return-1==e.s?Math.max(Js(e.l,t,r+1),Js(e.r,t,r+1)):t[e.s]=r},Ys=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new ds(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return[r.subarray(0,n),t]},Ws=function(e,t){for(var r=0,n=0;n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s4&&!S[bs[C-1]];--C);var D,P,U,x,Q=h+5<<3,R=Ws(i,xs)+Ws(s,Qs)+a,L=Ws(i,y)+Ws(s,p)+a+14+3*C+Ws(v,S)+(2*v[16]+3*v[17]+7*v[18]);if(Q<=R&&Q<=L)return Zs(t,u,e.subarray(c,c+h));if(js(t,u,1+(L15&&(js(t,u,F[B]>>>5&127),u+=F[B]>>>12)}}}else D=Rs,P=xs,U=Ts,x=Qs;for(B=0;B255){H=n[B]>>>18&31;qs(t,u,D[H+257]),u+=P[H+257],H>7&&(js(t,u,n[B]>>>23&31),u+=ws[H]);var O=31&n[B];qs(t,u,U[O]),u+=x[O],O>3&&(qs(t,u,n[B]>>>5&8191),u+=ms[O])}else qs(t,u,D[n[B]]),u+=P[n[B]];return qs(t,u,D[256]),u+P[256]},Xs=/*#__PURE__*/new As([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),ea=/*#__PURE__*/new ps(0),ta=function(e,t,r,n,i){return function(e,t,r,n,i,s){var a=e.length,o=new ps(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),h=0;if(!t||a<8)for(var u=0;u<=a;u+=65535){var l=u+65535;l>=a&&(c[h>>3]=s),h=Zs(c,h+1,e.subarray(u,l))}else{for(var y=Xs[t-1],f=y>>>13,g=8191&y,p=(1<7e3||S>24576)&&x>423){h=$s(e,c,0,k,E,v,I,S,C,u-C,h),S=B=I=0,C=u;for(var Q=0;Q<286;++Q)E[Q]=0;for(Q=0;Q<30;++Q)v[Q]=0}var R=2,L=0,T=g,M=P-U&32767;if(x>2&&D==b(u-M))for(var N=Math.min(f,x)-1,F=Math.min(32767,u),H=Math.min(258,x);M<=F&&--T&&P!=U;){if(e[u+R]==e[u+R-M]){for(var O=0;OR){if(R=O,L=M,O>N)break;var z=Math.min(M,O-2),_=0;for(Q=0;Q_&&(_=j,U=G)}}}M+=(P=U)-(U=d[P])+32768&32767}if(L){k[S++]=268435456|Bs[R]<<18|Ks[L];var q=31&Bs[R],V=31&Ks[L];I+=ws[q]+ms[V],++E[257+q],++v[V],K=u+R,++B}else k[S++]=e[u],++E[e[u]]}}h=$s(e,c,s,k,E,v,I,S,C,u-C,h),!s&&7&h&&(h=Zs(c,h+1,ea))}return zs(o,0,n+Os(h)+i)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,n,!i)},ra=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(ta(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||Gs(5),this.d&&Gs(4),this.d=t,this.p(e,t||!1)},e}(),na=/*#__PURE__*/function(){function e(e){this.s={},this.p=new ps(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||Gs(5),this.d&&Gs(4);var t=this.p.length,r=new ps(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var n=e.length;if(!n||r&&r.f&&!r.l)return t||new ps(0);var i=!t||r,s=!r||r.i;r||(r={}),t||(t=new ps(3*n));var a=function(e){var r=t.length;if(e>r){var n=new ps(Math.max(2*r,e));n.set(t),t=n}},o=r.f||0,c=r.p||0,h=r.b||0,u=r.l,l=r.d,y=r.m,f=r.n,g=8*n;do{if(!u){o=Fs(e,c,1);var p=Fs(e,c+1,3);if(c+=3,!p){var d=e[(K=Os(c)+4)-4]|e[K-3]<<8,A=K+d;if(A>n){s&&Gs(0);break}i&&a(h+d),t.set(e.subarray(K,A),h),r.b=h+=d,r.p=c=8*A,r.f=o;continue}if(1==p)u=Ls,l=Ms,y=9,f=5;else if(2==p){var w=Fs(e,c,31)+257,m=Fs(e,c+10,15)+4,b=w+Fs(e,c+5,31)+1;c+=14;for(var k=new ps(b),E=new ps(19),v=0;v>>4)<16)k[v++]=K;else{var D=0,P=0;for(16==K?(P=3+Fs(e,c,3),c+=2,D=k[v-1]):17==K?(P=3+Fs(e,c,7),c+=3):18==K&&(P=11+Fs(e,c,127),c+=7);P--;)k[v++]=D}}var U=k.subarray(0,w),x=k.subarray(w);y=Ns(U),f=Ns(x),u=Us(U,y,1),l=Us(x,f,1)}else Gs(1);if(c>g){s&&Gs(0);break}}i&&a(h+131072);for(var Q=(1<>>4;if((c+=15&D)>g){s&&Gs(0);break}if(D||Gs(2),T<256)t[h++]=T;else{if(256==T){L=c,u=null;break}var M=T-254;if(T>264){var N=ws[v=T-257];M=Fs(e,c,(1<>>4;if(F||Gs(3),c+=15&F,x=Ss[H],H>3&&(N=ms[H],x+=Hs(e,c)&(1<g){s&&Gs(0);break}i&&a(h+131072);for(var O=h+M;h>16),i=(65535&i)+15*(i>>16)}r=t,n=i},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(n%=65521))<<8|n>>>8}}),this.v=1,ra.call(this,e,t)}return e.prototype.push=function(e,t){ra.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=ta(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=n<<6|(n?32-2*n:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),sa=/*#__PURE__*/function(){function e(e){this.v=1,na.call(this,e)}return e.prototype.push=function(e,t){if(na.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&Gs(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),na.prototype.c.call(this,t)},e}(),aa="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{aa.decode(ea,{stream:!0}),1}catch(e){}class oa{static get tag(){return R.packet.literalData}constructor(e=new Date){this.format=R.literal.utf8,this.date=M.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=R.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||M.isStream(this.text))&&(this.text=M.decodeUTF8(M.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=M.canonicalizeEOL(M.encodeUTF8(this.text))),e?I(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=M.decodeUTF8(await e.readBytes(r)),this.date=M.readDate(await e.readBytes(4));let n=e.remainder();o(n)&&(n=await C(n)),this.setBytes(n,t)}))}writeHeader(){const e=M.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=M.writeDate(this.date);return M.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return M.concat([e,t])}}class ca{constructor(){this.bytes=""}read(e){return this.bytes=M.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return M.stringToUint8Array(this.bytes)}toHex(){return M.uint8ArrayToHex(M.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ca;return t.read(M.hexToUint8Array(e)),t}static wildcard(){const e=new ca;return e.read(new Uint8Array(8)),e}}const ha=Symbol("verified"),ua="salt@notations.openpgpjs.org",la=new Set([R.signatureSubpacket.issuerKeyID,R.signatureSubpacket.issuerFingerprint,R.signatureSubpacket.embeddedSignature]);class ya{static get tag(){return R.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ca,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ha]=null}read(e,t=L){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new qn("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new qn(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=as.signature.parseSignatureParams(this.publicKeyAlgorithm,n);if(ias.serializeParams(this.publicKeyAlgorithm,await this.params))):as.serializeParams(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),M.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=M.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=ga(this.hashAlgorithm);if(null===this.salt)this.salt=as.random.getRandomBytes(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===ua)).length)throw Error("Unexpected existing salt notation");{const e=as.random.getRandomBytes(ga(this.hashAlgorithm));this.rawNotations.push({name:ua,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=M.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=K(B(o),0,2);const c=async()=>as.signature.sign(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await C(o));M.isStream(o)?this.params=c():(this.params=await c(),this[ha]=!0)}writeHashedSubPackets(){const e=R.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(fa(e.signatureCreationTime,!0,M.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(fa(e.signatureExpirationTime,!0,M.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(fa(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(fa(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(fa(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(fa(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(fa(e.keyExpirationTime,!0,M.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(fa(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=M.concat([r,this.revocationKeyFingerprint]),t.push(fa(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(fa(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=M.encodeUTF8(n);r.push(M.writeNumber(o.length,2)),r.push(M.writeNumber(i.length,2)),r.push(o),r.push(i),r=M.concat(r),t.push(fa(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(fa(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(fa(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyServerPreferences)),t.push(fa(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(fa(e.preferredKeyServer,!1,M.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(fa(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(fa(e.policyURI,!1,M.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyFlags)),t.push(fa(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(fa(e.signersUserID,!1,M.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=M.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(fa(e.reasonForRevocation,!0,r))),null!==this.features&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.features)),t.push(fa(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(M.stringToUint8Array(this.signatureTargetHash)),r=M.concat(r),t.push(fa(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(fa(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=M.concat(r),t.push(fa(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(fa(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(fa(e.preferredCipherSuites,!1,r)));const n=M.concat(t),i=M.writeNumber(n.length,6===this.version?4:2);return M.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>fa(e,t,r))),t=M.concat(e),r=M.writeNumber(t.length,6===this.version?4:2);return M.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),la.has(i)))switch(i){case R.signatureSubpacket.signatureCreationTime:this.created=M.readDate(e.subarray(r,e.length));break;case R.signatureSubpacket.signatureExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case R.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case R.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case R.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case R.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case R.signatureSubpacket.keyExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case R.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case R.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case R.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=M.readNumber(e.subarray(r,r+2));r+=2;const s=M.readNumber(e.subarray(r,r+2));r+=2;const a=M.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=M.decodeUTF8(o));break}case R.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=M.decodeUTF8(e.subarray(r,e.length));break;case R.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case R.signatureSubpacket.policyURI:this.policyURI=M.decodeUTF8(e.subarray(r,e.length));break;case R.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.signersUserID:this.signersUserID=M.decodeUTF8(e.subarray(r,e.length));break;case R.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=M.decodeUTF8(e.subarray(r,e.length));break;case R.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=as.getHashByteLength(this.signatureTargetHashAlgorithm);this.signatureTargetHash=M.uint8ArrayToString(e.subarray(r,r+t));break}case R.signatureSubpacket.embeddedSignature:this.embeddedSignature=new ya,this.embeddedSignature.read(e.subarray(r,e.length));break;case R.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case R.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case R.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==R.signature.binary&&this.signatureType!==R.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(M.writeNumber(r,4)),M.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return M.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==ga(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),as.hash.digest(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=L){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===R.signature.binary||t===R.signature.text;if(!(this[ha]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await C(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");if(this.params=await this.params,this[ha]=await as.signature.verify(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,n,s),!this[ha])throw Error("Signature verification failed")}const o=M.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+R.read(R.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[R.signature.binary,R.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+R.read(R.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=M.normalizeDate(e);return null!==t&&!(this.created<=t&&tya.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==R.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!M.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!M.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function da(e,t){if(!t[e]){let t;try{t=R.read(R.packet,e)}catch(t){throw new Vn("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}pa.prototype.hash=ya.prototype.hash,pa.prototype.toHash=ya.prototype.toHash,pa.prototype.toSign=ya.prototype.toSign;class Aa extends Array{static async fromBinary(e,t,r=L){const n=new Aa;return await n.read(e,t,r),n}async read(e,t,r=L){r.additionalAllowedPackets.length&&(t={...t,...M.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=E(e,(async(e,n)=>{const i=x(n);try{for(;;){await i.ready;if(await jn(e,(async e=>{try{if(e.tag===R.packet.marker||e.tag===R.packet.trust||e.tag===R.packet.padding)return;const n=da(e.tag,t);n.packets=new Aa,n.fromStream=M.isStream(e.packet),await n.read(e.packet,r),await i.write(n)}catch(t){if(t instanceof Vn){if(!(e.tag<=39))return;await i.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof qn,s=!(r.ignoreMalformedPackets||t instanceof qn);if(n||s||Gn(e.tag))await i.abort(t);else{const t=new Jn(e.tag,e.packet);await i.write(t)}M.printDebugError(t)}})))return await i.ready,void await i.close()}}catch(e){await i.abort(e)}}));const n=U(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||Gn(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=M.concat([On(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>M.concat([Hn(i)].concat(t)))))}else{if(M.isStream(n)){let t=0;e.push(k(B(n),(e=>{t+=e.length}),(()=>_n(r,t))))}else e.push(_n(r,n.length));e.push(n)}}return M.concat(e)}filterByTag(...e){const t=new Aa,r=e=>t=>e===t;for(let n=0;nt.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),M.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=L){const t=R.read(R.compression,this.algorithm),r=Ba[t];if(!r)throw Error(t+" decompression not supported");this.packets=await Aa.fromBinary(await r(this.compressed),wa,e)}compress(){const e=R.read(R.compression,this.algorithm),t=va[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ba(e,t){return r=>{if(!M.isStream(r)||o(r))return P((()=>C(r).then((e=>new Promise(((r,n)=>{const i=new t;i.ondata=e=>{r(e)};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function ka(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return Xy}));return P((async()=>t(await C(e))))}}const Ea=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),va={zip:/*#__PURE__*/ba(Ea("deflate-raw").compressor,ra),zlib:/*#__PURE__*/ba(Ea("deflate").compressor,ia)},Ba={uncompressed:e=>e,zip:/*#__PURE__*/ba(Ea("deflate-raw").decompressor,na),zlib:/*#__PURE__*/ba(Ea("deflate").decompressor,sa),bzip2:/*#__PURE__*/ka()},Ia=/*#__PURE__*/M.constructAllowedPackets([oa,ma,pa,ya]);class Sa{static get tag(){return R.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Sa;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new qn(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):M.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=L){const{blockSize:n,keySize:i}=as.getCipherParams(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(o(s)&&(s=await C(s)),2===this.version)this.cipherAlgorithm=e,this.salt=as.random.getRandomBytes(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Ka(this,"encrypt",t,s);else{const i=await as.getPrefixRandom(e),a=new Uint8Array([211,20]),o=M.concat([i,s,a]),c=await as.hash.sha1(I(o)),h=M.concat([o,c]);this.encrypted=await as.mode.cfb.encrypt(e,t,h,new Uint8Array(n),r)}return!0}async decrypt(e,t,r=L){if(t.length!==as.getCipherParams(e).keySize)throw Error("Unexpected session key size");let n,i=B(this.encrypted);if(o(i)&&(i=await C(i)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Ka(this,"decrypt",t,i)}else{const{blockSize:s}=as.getCipherParams(e),a=await as.mode.cfb.decrypt(e,t,i,new Uint8Array(s)),o=K(I(a),-20),c=K(a,0,-20),h=Promise.all([C(await as.hash.sha1(I(c))),C(o)]).then((([e,t])=>{if(!M.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),u=K(c,s+2);n=K(u,0,-2),n=A([n,P((()=>h))]),M.isStream(i)&&r.allowUnauthenticatedStream||(n=await C(n))}return this.packets=await Aa.fromBinary(n,Ia,r),!0}}async function Ka(e,t,r,n){const i=e instanceof Sa&&2===e.version,s=!i&&e.constructor.tag===R.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=as.getAEADMode(e.aeadAlgorithm),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,h=2**(e.chunkSizeByte+6)+o,u=s?8:0,l=new ArrayBuffer(13+u),y=new Uint8Array(l,0,5+u),f=new Uint8Array(l),g=new DataView(l),p=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let d,A,m=0,b=Promise.resolve(),k=0,v=0;if(i){const{keySize:t}=as.getCipherParams(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await ci(R.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),d=s.subarray(t),d.fill(0,d.length-8),A=new DataView(d.buffer,d.byteOffset,d.byteLength)}else d=e.iv;const B=await a(e.cipherAlgorithm,r);return E(n,(async(r,n)=>{if("array"!==M.isStream(r)){const t=new TransformStream({},{highWaterMark:M.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});w(t.readable,n),n=t.writable}const s=U(r),a=x(n);try{for(;;){let e=await s.readBytes(h+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,w;if(e=e.subarray(0,e.length-o),i)w=d;else{w=d.slice();for(let e=0;e<8;e++)w[d.length-8+e]^=p[e]}if(!m||e.length?(s.unshift(r),n=B[t](e,w,y),n.catch((()=>{})),v+=e.length-o+c):(g.setInt32(5+u+4,k),n=B[t](r,w,f),n.catch((()=>{})),v+=c,l=!0),k+=e.length-o,b=b.then((()=>n)).then((async e=>{await a.ready,await a.write(e),v-=e.length})).catch((e=>a.abort(e))),(l||v>a.desiredSize)&&await b,l){await a.close();break}i?A.setInt32(d.length-4,++m):g.setInt32(9,++m)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const Ca=/*#__PURE__*/M.constructAllowedPackets([oa,ma,pa,ya]);class Da{static get tag(){return R.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=R.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new qn(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=as.getAEADMode(this.aeadAlgorithm);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=L){this.packets=await Aa.fromBinary(await Ka(this,"decrypt",t,B(this.encrypted)),Ca,r)}async encrypt(e,t,r=L){this.cipherAlgorithm=e;const{ivLength:n}=as.getAEADMode(this.aeadAlgorithm);this.iv=as.random.getRandomBytes(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Ka(this,"encrypt",t,i)}}class Pa{static get tag(){return R.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new ca,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Pa;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?ca.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new qn(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=ca.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=as.parseEncSessionKeyParams(this.publicKeyAlgorithm,e.subarray(t)),this.publicKeyAlgorithm===R.publicKey.x25519||this.publicKeyAlgorithm===R.publicKey.x448)if(3===this.version)this.sessionKeyAlgorithm=R.write(R.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),as.serializeParams(this.publicKeyAlgorithm,this.encrypted)),M.concatUint8Array(e)}async encrypt(e){const t=R.write(R.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=Ua(this.version,t,r,this.sessionKey);this.encrypted=await as.publicKeyEncrypt(t,r,e.publicParams,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ua(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await as.publicKeyDecrypt(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.elgamal:case R.publicKey.ecdh:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=M.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:M.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:M.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||R.read(R.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case R.publicKey.x25519:case R.publicKey.x448:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=this.publicKeyAlgorithm!==R.publicKey.x25519&&this.publicKeyAlgorithm!==R.publicKey.x448;if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==as.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ua(e,t,r,n){switch(t){case R.publicKey.rsaEncrypt:case R.publicKey.rsaEncryptSign:case R.publicKey.elgamal:case R.publicKey.ecdh:return M.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,M.writeChecksum(n.subarray(n.length%8))]);case R.publicKey.x25519:case R.publicKey.x448:return n;default:throw Error("Unsupported public key algorithm")}}class xa{static get tag(){return R.packet.symEncryptedSessionKey}constructor(e=L){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=R.write(R.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new qn(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=fs(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=as.getAEADMode(this.aeadAlgorithm);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t=5){const e=as.getAEADMode(this.aeadAlgorithm),r=new Uint8Array([192|xa.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await ci(R.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await as.mode.cfb.decrypt(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=R.write(R.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==as.getCipherParams(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=L){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=gs(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=as.getCipherParams(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=as.generateSessionKey(this.sessionKeyAlgorithm)),this.version>=5){const e=as.getAEADMode(this.aeadAlgorithm);this.iv=as.random.getRandomBytes(e.ivLength);const t=new Uint8Array([192|xa.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await ci(R.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=M.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await as.mode.cfb.encrypt(r,s,e,new Uint8Array(n),t)}}}class Qa{static get tag(){return R.packet.publicKey}constructor(e=new Date,t=L){this.version=t.v6Keys?6:4,this.created=M.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Qa,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=L){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new qn("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=M.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=as.parsePublicKeyParams(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===R.curve.curve25519Legacy||n.oid.getName()===R.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new qn(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(M.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=as.serializeParams(this.algorithm,this.publicParams);return this.version>=5&&e.push(M.writeNumber(t.length,4)),e.push(t),M.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return M.concatUint8Array([new Uint8Array([r]),M.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new ca,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await as.hash.sha256(e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await as.hash.sha1(e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return M.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&M.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=R.read(R.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=M.uint8ArrayBitLength(t):this.publicParams.oid&&(e.curve=this.publicParams.oid.getName()),e}}Qa.prototype.readPublicKey=Qa.prototype.read,Qa.prototype.writePublicKey=Qa.prototype.write;const Ra=/*#__PURE__*/M.constructAllowedPackets([oa,ma,pa,ya]);class La{static get tag(){return R.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=L){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=as.getCipherParams(e),i=await C(B(this.encrypted)),s=await as.mode.cfb.decrypt(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await Aa.fromBinary(s,Ra,r)}async encrypt(e,t,r=L){const n=this.packets.write(),{blockSize:i}=as.getCipherParams(e),s=await as.getPrefixRandom(e),a=await as.mode.cfb.encrypt(e,t,s,new Uint8Array(i),r),o=await as.mode.cfb.encrypt(e,t,n,a.subarray(2),r);this.encrypted=M.concat([a,o])}}class Ta{static get tag(){return R.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Ma extends Qa{static get tag(){return R.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Ma,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Na{static get tag(){return R.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ha(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=as.getCipherParams(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const h=M.concatUint8Array([s,new Uint8Array([e,n,i])]);return ci(R.hash.sha256,c,new Uint8Array,h,o)}class Oa{static get tag(){return R.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(M.isString(e)||e.name&&!M.isString(e.name)||e.email&&!M.isEmailAddress(e.email)||e.comment&&!M.isString(e.comment))throw Error("Invalid user ID format");const t=new Oa;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=L){const r=M.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=/^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/.exec(r);if(null!==n){const{name:e,comment:t,email:r}=n.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return M.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class za extends Fa{static get tag(){return R.packet.secretSubkey}constructor(e=new Date,t=L){super(e,t)}}class _a{static get tag(){return R.packet.trust}read(){throw new qn("Trust packets are not supported")}write(){throw new qn("Trust packets are not supported")}}class Ga{static get tag(){return R.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await as.random.getRandomBytes(e)}}const ja=/*#__PURE__*/M.constructAllowedPackets([ya]);class qa{constructor(e){this.packets=e||new Aa}write(){return this.packets.write()}armor(e=L){const t=this.packets.some((e=>e.constructor.tag===ya.tag&&6!==e.version));return X(R.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Va({armoredSignature:e,binarySignature:t,config:r,...n}){r={...L,...r};let i=e||t;if(!i)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!M.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!M.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await $(i);if(e!==R.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await Aa.fromBinary(i,ja,r);return new qa(a)}async function Ja(e,t){const r=new za(e.date,t);return r.packets=null,r.algorithm=R.write(R.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve),await r.computeFingerprintAndKeyID(),r}async function Ya(e,t){const r=new Fa(e.date,t);return r.packets=null,r.algorithm=R.write(R.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.config),await r.computeFingerprintAndKeyID(),r}async function Wa(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw M.wrapError(`Could not find valid ${R.read(R.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Za(e,t,r=new Date){const n=M.normalizeDate(r);if(null!==n){const r=ro(e,t);return!(e.created<=n&&n0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await Xa(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function Xa(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const h=new ya;return Object.assign(h,n),h.publicKeyAlgorithm=r.algorithm,h.hashAlgorithm=await async function(e,t,r=new Date,n=[],i){const s=R.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms))),c=new Map;for(const e of o)for(const t of e)try{const e=R.write(R.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const h=t=>0===e.length||c.get(t)===e.length||t===s,u=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>h(e))).sort(((e,t)=>as.hash.getHashByteLength(e)-as.hash.getHashByteLength(t)))[0];return as.hash.getHashByteLength(e)>=as.hash.getHashByteLength(s)?e:s};if(new Set([R.publicKey.ecdsa,R.publicKey.eddsaLegacy,R.publicKey.ed25519,R.publicKey.ed448]).has(t.algorithm)){const e=as.getPreferredCurveHashAlgo(t.algorithm,t.publicParams.oid),r=h(a),n=as.hash.getHashByteLength(a)>=as.hash.getHashByteLength(e);if(r&&n)return a;{const t=u();return as.hash.getHashByteLength(t)>=as.hash.getHashByteLength(e)?t:e}}return h(a)?a:u()}(t,r,i,s,c),h.rawNotations=[...a],await h.sign(r,e,i,o,c),h}async function eo(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return M.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function to(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![R.reasonForRevocation.keyRetired,R.reasonForRevocation.keySuperseded,R.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function ro(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function no(e,t={}){switch(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.type){case"ecc":try{e.curve=R.write(R.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==R.curve.ed25519Legacy&&e.curve!==R.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?R.curve.ed25519Legacy:R.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===R.curve.ed25519Legacy?R.publicKey.eddsaLegacy:R.publicKey.ecdsa:e.algorithm=R.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?R.publicKey.ed25519:R.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?R.publicKey.ed448:R.publicKey.x448;break;case"rsa":e.algorithm=R.publicKey.rsaEncryptSign;break;default:throw Error("Unsupported key type "+e.type)}return e}function io(e,t,r){switch(e.algorithm){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:case R.publicKey.dsa:case R.publicKey.ecdsa:case R.publicKey.eddsaLegacy:case R.publicKey.ed25519:case R.publicKey.ed448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&R.keyFlags.signData);default:return!1}}function so(e,t,r){switch(e.algorithm){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:case R.publicKey.elgamal:case R.publicKey.ecdh:case R.publicKey.x25519:case R.publicKey.x448:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&R.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&R.keyFlags.encryptStorage);default:return!1}}function ao(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaEncrypt:case R.publicKey.elgamal:case R.publicKey.ecdh:case R.publicKey.x25519:case R.publicKey.x448:return!(!(!t.keyFlags||!!(t.keyFlags[0]&R.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&R.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&R.keyFlags.encryptStorage));default:return!1}}function oo(e,t){const r=R.write(R.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case R.publicKey.rsaEncryptSign:case R.publicKey.rsaSign:case R.publicKey.rsaEncrypt:if(n.bitse.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,R.signature.certGeneric,a,r,void 0,n)}catch(e){throw M.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,R.signature.certGeneric,i,e,void 0,t)}catch(e){throw M.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await eo(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,R.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await eo(e,this,"otherCertifications",t),await eo(e,this,"revocationSignatures",t,(function(e){return to(n,R.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=R.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=L){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new co(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await Xa(s,[],e,{signatureType:R.signature.certRevocation,reasonForRevocationFlag:R.write(R.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class ho{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Aa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ho(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=L){const i=this.mainKey.keyPacket;return to(i,R.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=L){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await Wa(this.bindingSignatures,r,R.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(Za(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=L){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await Wa(this.bindingSignatures,r,R.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=ro(this.keyPacket,i),a=i.getExpirationTime();return si.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,R.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await eo(e,this,"revocationSignatures",t,(function(e){return to(n,R.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=R.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=L){const s={key:e,bind:this.keyPacket},a=new ho(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await Xa(s,[],e,{signatureType:R.signature.subkeyRevocation,reasonForRevocationFlag:R.write(R.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ho.prototype[e]=function(){return this.keyPacket[e]()}}));const uo=/*#__PURE__*/M.constructAllowedPackets([ya]),lo=new Set([R.packet.publicKey,R.packet.privateKey]),yo=new Set([R.packet.publicKey,R.packet.privateKey,R.packet.publicSubkey,R.packet.privateSubkey]);class fo{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof Jn){yo.has(a.tag)&&!s&&(s=lo.has(a.tag)?lo:yo);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case R.packet.publicKey:case R.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case R.packet.userID:case R.packet.userAttribute:r=new co(a,this),this.users.push(r);break;case R.packet.publicSubkey:case R.packet.secretSubkey:r=null,i=new ho(a,this),this.subkeys.push(i);break;case R.packet.signature:switch(a.signatureType){case R.signature.certGeneric:case R.signature.certPersona:case R.signature.certCasual:case R.signature.certPositive:if(!r){M.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case R.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case R.signature.key:this.directSignatures.push(a);break;case R.signature.subkeyBinding:if(!i){M.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case R.signature.keyRevocation:this.revocationSignatures.push(a);break;case R.signature.subkeyRevocation:if(!i){M.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new Aa;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=L){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{oo(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Wa(r.bindingSignatures,i,R.signature.subkeyBinding,e,t,n);if(!io(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await Wa([s.embeddedSignature],r.keyPacket,R.signature.keyBinding,e,t,n),oo(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&io(i,s,n))return oo(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=L){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{oo(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await Wa(r.bindingSignatures,i,R.signature.subkeyBinding,e,t,n);if(so(r.keyPacket,s,n))return oo(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&so(i,s,n))return oo(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=L){return to(this.keyPacket,R.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=L){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Za(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await Wa(this.directSignatures,n,R.signature.key,{key:n},e,r).catch((()=>{}));if(t&&Za(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=L){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=ro(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await Wa(this.directSignatures,this.keyPacket,R.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=ro(this.keyPacket,a);r=Math.min(i,s,e)}else r=ie.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await eo(e,n,"revocationSignatures",t,(i=>to(n.keyPacket,R.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await eo(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=L){const r={key:this.keyPacket},n=await Wa(this.revocationSignatures,this.keyPacket,R.signature.keyRevocation,r,e,t),i=new Aa;i.push(n);const s=6!==this.keyPacket.version;return X(R.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=L){const n=await $(e),i=(await Aa.fromBinary(n.data,uo,r)).findPacket(R.packet.signature);if(!i||i.signatureType!==R.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,R.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw M.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=L){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=L){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=L){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=L){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{fo.prototype[e]=ho.prototype[e]}));class go extends fo{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([R.packet.secretKey,R.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=L){const t=6!==this.keyPacket.version;return X(R.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class po extends go{constructor(e){if(super(),this.packetListToStructure(e,new Set([R.packet.publicKey,R.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new Aa,t=this.toPacketList();for(const r of t)switch(r.constructor.tag){case R.packet.secretKey:{const t=Qa.fromSecretKeyPacket(r);e.push(t);break}case R.packet.secretSubkey:{const t=Ma.fromSecretSubkeyPacket(r);e.push(t);break}default:e.push(r)}return new go(e)}armor(e=L){const t=6!==this.keyPacket.version;return X(R.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=L){const i=this.keyPacket,s=[];let a=null;for(let r=0;re.isDecrypted()))}async validate(e=L){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=R.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=L){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await Xa(i,[],this.keyPacket,{signatureType:R.signature.keyRevocation,reasonForRevocationFlag:R.write(R.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...L,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBitse!==t))]}function a(){const e={};e.keyFlags=[R.keyFlags.certifyKeys|R.keyFlags.signData];const t=s([R.symmetric.aes256,R.symmetric.aes128],n.preferredSymmetricAlgorithm);if(e.preferredSymmetricAlgorithms=t,n.aeadProtect){const r=s([R.aead.gcm,R.aead.eax,R.aead.ocb],n.preferredAEADAlgorithm);e.preferredCipherSuites=r.flatMap((e=>t.map((t=>[t,e]))))}return e.preferredHashAlgorithms=s([R.hash.sha256,R.hash.sha512,R.hash.sha3_256,R.hash.sha3_512],n.preferredHashAlgorithm),e.preferredCompressionAlgorithms=s([R.compression.uncompressed,R.compression.zlib,R.compression.zip],n.preferredCompressionAlgorithm),e.features=[0],e.features[0]|=R.features.modificationDetection,n.aeadProtect&&(e.features[0]|=R.features.seipdv2),r.keyExpirationTime>0&&(e.keyExpirationTime=r.keyExpirationTime,e.keyNeverExpires=!1),e}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=R.signature.key;const o=await Xa(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=Oa.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=R.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await Xa(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await $a(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await Xa(o,[],e,{signatureType:R.signature.keyRevocation,reasonForRevocationFlag:R.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new po(i)}async function bo({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...L,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await $(e);if(t!==R.armor.publicKey&&t!==R.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await Aa.fromBinary(s,Ao,r),o=a.indexOfTag(R.packet.publicKey,R.packet.secretKey);if(0===o.length)throw Error("No key packet found");return wo(a.slice(o[0],o[1]))}async function ko({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...L,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await $(e);if(t!==R.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await Aa.fromBinary(s,Ao,r),o=a.indexOfTag(R.packet.publicKey,R.packet.secretKey);for(let e=0;e0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await $(e);if(t!==R.armor.publicKey&&t!==R.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await Aa.fromBinary(i,Ao,r),c=o.indexOfTag(R.packet.publicKey,R.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(R.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=L){const s=this.packets.filterByTag(R.packet.symmetricallyEncryptedData,R.packet.symEncryptedIntegrityProtectedData,R.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let h=null;const u=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!M.isUint8Array(t)||!a.cipherAlgorithm&&!M.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||R.write(R.symmetric,e);await a.decrypt(r,t,i)}catch(e){M.printDebugError(e),h=e}})));if(D(a.encrypted),a.encrypted=null,await u,!a.packets||!a.packets.length)throw h||Error("Decryption failed.");const l=new Ko(a.packets);return a.packets=new Aa,l}async decryptSessionKeys(e,t,r,n=new Date,i=L){let s,a=[];if(t){const e=this.packets.filterByTag(R.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await Aa.fromBinary(e.write(),Io,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){M.printDebugError(e),e instanceof os&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(R.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[R.symmetric.aes256,R.symmetric.aes128,R.symmetric.tripledes,R.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===R.publicKey.rsaEncrypt||t.publicKeyAlgorithm===R.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===R.publicKey.rsaSign||t.publicKeyAlgorithm===R.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Pa;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:as.generateSessionKey(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){M.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(R.write(R.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){M.printDebugError(e),s=e}})))}))),D(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+M.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&R.read(R.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(R.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(R.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(R.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=L){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=L){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?i.every((e=>e.features&&e.features[0]&R.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:R.symmetric.aes128,aeadAlgo:R.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:R.aead.ocb},{symmetricAlgo:R.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=R.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=R.read(R.symmetric,i),o=s?R.read(R.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===R.publicKey.x25519||e.keyPacket.algorithm===R.publicKey.x448)&&!o&&!M.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:as.generateSessionKey(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=L){if(r){if(!M.isUint8Array(r.data)||!M.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:h,aeadAlgorithm:u}=r,l=await Ko.encryptSessionKey(c,h,u,e,t,n,i,s,a,o),y=Sa.fromObject({version:u?2:1,aeadAlgorithm:u?R.write(R.aead,u):null});y.packets=this.packets;const f=R.write(R.symmetric,h);return await y.encrypt(f,c,o),l.packets.push(y),y.packets=new Aa,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],h=L){const u=new Aa,l=R.write(R.symmetric,t),y=r&&R.write(R.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,h),i=Pa.fromObject({version:y?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));u.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new xa(h);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,h),h.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,y,t))));u.push(...s)}return new Ko(u)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=L){const h=new Aa,u=this.packets.findPacket(R.packet.literalData);if(!u)throw Error("No literal data packet to sign.");const l=await Co(u,e,t,r,n,i,s,a,o,!1,c),y=l.map(((e,t)=>pa.fromSignaturePacket(e,0===t))).reverse();return h.push(...y),h.push(u),h.push(...l),new Ko(h)}compress(e,t=L){if(e===R.compression.uncompressed)return this;const r=new ma(t);r.algorithm=e,r.packets=this.packets;const n=new Aa;return n.push(r),new Ko(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=L){const h=this.packets.findPacket(R.packet.literalData);if(!h)throw Error("No literal data packet to sign.");return new qa(await Co(h,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=L){const n=this.unwrapCompressed(),i=n.packets.filterByTag(R.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");o(n.packets.stream)&&n.packets.push(...await C(n.packets.stream,(e=>e||[])));const s=n.packets.filterByTag(R.packet.onePassSignature).reverse(),a=n.packets.filterByTag(R.packet.signature);return s.length&&!a.length&&M.isStream(n.packets.stream)&&!o(n.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=P((async()=>(await e.correspondingSig).signatureData)),e.hashed=C(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),n.packets.stream=E(n.packets.stream,(async(e,t)=>{const r=U(e),n=x(t);try{for(let e=0;e{t.correspondingSigReject(e)})),await n.abort(e)}})),Do(s,i,e,t,!1,r)):Do(a,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=L){const i=this.unwrapCompressed().packets.filterByTag(R.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return Do(e.packets.filterByTag(R.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(R.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=L){await this.packets.read(M.isUint8Array(e)?e:(await $(e)).data,So,t)}write(){return this.packets.write()}armor(e=L){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Sa.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===ya.tag&&6!==e.version));return X(R.armor.message,this.write(),null,null,null,r,e)}}async function Co(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],h=!1,u=L){const l=new Aa,y=null===e.text?R.signature.binary:R.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const f=await t.getSigningKey(i[n],s,l,u);return Xa(e,r.length?r:[t],f.keyPacket,{signatureType:y},s,o,c,h,u)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(R.packet.signature);l.push(...e)}return l}async function Do(e,t,r,n=new Date,i=!1,s=L){return Promise.all(e.filter((function(e){return["text","binary"].includes(R.read(R.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=L){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof pa?e.correspondingSig:e,h={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new Aa;return e&&t.push(e),new qa(t)})()};return h.signature.catch((()=>{})),h.verified.catch((()=>{})),h}(e,t,r,n,i,s)})))}async function Po({armoredMessage:e,binaryMessage:t,config:r,...n}){r={...L,...r};let i=e||t;if(!i)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));const a=M.isStream(i);if(e){const{type:e,data:t}=await $(i);if(e!==R.armor.message)throw Error("Armored text not of type message");i=t}const o=await Aa.fromBinary(i,Bo,r),c=new Ko(o);return c.fromStream=a,c}async function Uo({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=M.isStream(a),h=new oa(n);void 0!==e?h.setText(a,R.write(R.literal,i)):h.setBytes(a,R.write(R.literal,i)),void 0!==r&&h.setFilename(r);const u=new Aa;u.push(h);const l=new Ko(u);return l.fromStream=c,l}const xo=/*#__PURE__*/M.constructAllowedPackets([ya]);class Qo{constructor(e,t){if(this.text=M.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof qa))throw Error("Invalid signature input");this.signature=t||new qa(new Aa)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=L){const h=new oa;h.setText(this.text);const u=new qa(await Co(h,e,t,r,n,i,s,a,o,!0,c));return new Qo(this.text,u)}verify(e,t=new Date,r=L){const n=this.signature.packets.filterByTag(R.packet.signature),i=new oa;return i.setText(this.text),Do(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=L){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>R.read(R.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return X(R.armor.signed,r,void 0,void 0,void 0,t,e)}}async function Ro({cleartextMessage:e,config:t,...r}){if(t={...L,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!M.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await $(e);if(i.type!==R.armor.signed)throw Error("No cleartext signed message.");const s=await Aa.fromBinary(i.data,xo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return R.write(R.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new qa(s);return new Qo(i.text,a)}async function Lo({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!M.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Qo(e)}async function To({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,keyExpirationTime:s=0,date:a=new Date,subkeys:o=[{}],format:c="armored",config:h,...u}){$o(h={...L,...h}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=h.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=Xo(e);const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));if(0===e.length&&!h.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&ino(e.subkeys[r],e)));let r=[Ya(e,t)];r=r.concat(e.subkeys.map((e=>Ja(e,t))));const n=await Promise.all(r),i=await mo(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(y,h);return e.getKeys().forEach((({keyPacket:e})=>oo(e,h))),{privateKey:rc(e,c,h),publicKey:rc(e.toPublic(),c,h),revocationCertificate:t}}catch(e){throw M.wrapError("Error generating keypair",e)}}async function Mo({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){$o(a={...L,...a}),t=Xo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const h={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await Wa(e.bindingSignatures,n,R.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&R.keyFlags.signData}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await mo(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(h,a);return{privateKey:rc(e,s,a),publicKey:rc(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw M.wrapError("Error reformatting keypair",e)}}async function No({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){$o(s={...L,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:rc(a,i,s),publicKey:rc(a.toPublic(),i,s)}:{privateKey:null,publicKey:rc(a,i,s)}}catch(e){throw M.wrapError("Error revoking key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...n}){$o(r={...L,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=M.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>M.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error decrypting private key",e)}}async function Ho({privateKey:e,passphrase:t,config:r,...n}){$o(r={...L,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=M.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error encrypting private key",e)}}async function Oo({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:h=[],date:u=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:f=[],config:g,...p}){if($o(g={...L,...g}),Jo(e),Wo(s),t=Xo(t),r=Xo(r),n=Xo(n),c=Xo(c),h=Xo(h),l=Xo(l),y=Xo(y),f=Xo(f),p.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(p.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(p.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==p.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const d=Object.keys(p);if(d.length>0)throw Error("Unknown option: "+d.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,u,l,h,f,g)),e=e.compress(await async function(e=[],t=new Date,r=[],n=L){const i=R.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,u,y,g),g),e=await e.encrypt(t,n,i,o,h,u,y,g),"object"===s)return e;const p="armored"===s?e.armor(g):e.write();return await ec(p)}catch(e){throw M.wrapError("Error encrypting message",e)}}async function zo({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:h,...u}){if($o(h={...L,...h}),Jo(e),i=Xo(i),t=Xo(t),r=Xo(r),n=Xo(n),u.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(u.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(u);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const u=await e.decrypt(t,r,n,c,h);i||(i=[]);const l={};if(l.signatures=o?await u.verifyDetached(o,i,c,h):await u.verify(i,c,h),l.data="binary"===a?u.getLiteralData():u.getText(),l.filename=u.getFilename(),tc(l,e),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=A([l.data,P((async()=>{await M.anyPromise(l.signatures.map((e=>e.verified)))}))])}return l.data=await ec(l.data),l}catch(e){throw M.wrapError("Error decrypting message",e)}}async function _o({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:h=[],config:u,...l}){if($o(u={...L,...u}),Yo(e),Wo(n),t=Xo(t),s=Xo(s),o=Xo(o),r=Xo(r),c=Xo(c),h=Xo(h),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Qo&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Qo&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,h,u):await e.sign(t,r,void 0,s,a,o,c,h,u),"object"===n)return l;return l="armored"===n?l.armor(u):l.write(),i&&(l=E(e.packets.write(),(async(e,t)=>{await Promise.all([w(l,t),C(e).catch((()=>{}))])}))),await ec(l)}catch(e){throw M.wrapError("Error signing message",e)}}async function Go({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if($o(a={...L,...a}),Yo(e),t=Xo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Qo&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Qo&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&tc(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=A([o.data,P((async()=>{await M.anyPromise(o.signatures.map((e=>e.verified)))}))])}return o.data=await ec(o.data),o}catch(e){throw M.wrapError("Error verifying signed message",e)}}async function jo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if($o(n={...L,...n}),e=Xo(e),r=Xo(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Ko.generateSessionKey(e,t,r,n)}catch(e){throw M.wrapError("Error generating session key",e)}}async function qo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:h=[],config:u,...l}){if($o(u={...L,...u}),function(e){if(!M.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!M.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Wo(s),n=Xo(n),i=Xo(i),o=Xo(o),h=Xo(h),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return rc(await Ko.encryptSessionKey(e,t,r,n,i,a,o,c,h,u),s,u)}catch(e){throw M.wrapError("Error encrypting session key",e)}}async function Vo({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if($o(i={...L,...i}),Jo(e),t=Xo(t),r=Xo(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw M.wrapError("Error decrypting session keys",e)}}function Jo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function Yo(e){if(!(e instanceof Qo||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Wo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Zo=Object.keys(L).length;function $o(e){const t=Object.keys(e);if(t.length!==Zo)for(const e of t)if(void 0===L[e])throw Error("Unknown config property: "+e)}function Xo(e){return e&&!M.isArray(e)&&(e=[e]),e}async function ec(e){return"array"===M.isStream(e)?C(e):e}function tc(e,t){e.data=E(t.packets.stream,(async(t,r)=>{await w(e.data,r,{preventClose:!0});const n=x(r);try{await C(t,(e=>e)),await n.close()}catch(e){await n.abort(e)}}))}function rc(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}function nc(e){if(!Number.isSafeInteger(e)||e<0)throw Error("positive integer expected, not "+e)}function ic(e,...t){if(!((r=e)instanceof Uint8Array||null!=r&&"object"==typeof r&&"Uint8Array"===r.constructor.name))throw Error("Uint8Array expected");var r;if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function sc(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function ac(e,t){ic(e);const r=t.outputLen;if(e.lengthnew DataView(e.buffer,e.byteOffset,e.byteLength),hc=(e,t)=>e<<32-t|e>>>t,uc=(e,t)=>e<>>32-t>>>0,lc=68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]; +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function yc(e){for(let r=0;r>>8&65280|t>>>24&255;var t}function fc(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}function gc(e){return"string"==typeof e&&(e=fc(e)),ic(e),e}function pc(...e){let t=0;for(let r=0;re().update(gc(t)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function wc(e=32){if(oc&&"function"==typeof oc.getRandomValues)return oc.getRandomValues(new Uint8Array(e));if(oc&&"function"==typeof oc.randomBytes)return oc.randomBytes(e);throw Error("crypto.getRandomValues must be defined")}const mc=(e,t,r)=>e&t^~e&r,bc=(e,t,r)=>e&t^e&r^t&r;class kc extends dc{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=cc(this.buffer)}update(e){sc(this);const{view:t,buffer:r,blockLen:n}=this,i=(e=gc(e)).length;for(let s=0;sn-s&&(this.process(r,0),s=0);for(let e=s;e>i&s),o=Number(r&s),c=n?4:0,h=n?0:4;e.setUint32(t+c,a,n),e.setUint32(t+h,o,n)}(r,n-8,BigInt(8*this.length),i),this.process(r,0);const a=cc(e),o=this.outputLen;if(o%4)throw Error("_sha2: outputLen should be aligned to 32bit");const c=o/4,h=this.get();if(c>h.length)throw Error("_sha2: outputLen bigger than state");for(let e=0;e>>3,i=hc(r,17)^hc(r,19)^r>>>10;Bc[e]=i+Bc[e-7]+n+Bc[e-16]|0}let{A:r,B:n,C:i,D:s,E:a,F:o,G:c,H:h}=this;for(let e=0;e<64;e++){const t=h+(hc(a,6)^hc(a,11)^hc(a,25))+mc(a,o,c)+Ec[e]+Bc[e]|0,u=(hc(r,2)^hc(r,13)^hc(r,22))+bc(r,n,i)|0;h=c,c=o,o=a,a=s+t|0,s=i,i=n,n=r,r=t+u|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,s=s+this.D|0,a=a+this.E|0,o=o+this.F|0,c=c+this.G|0,h=h+this.H|0,this.set(r,n,i,s,a,o,c,h)}roundClean(){Bc.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}}class Sc extends Ic{constructor(){super(),this.A=-1056596264,this.B=914150663,this.C=812702999,this.D=-150054599,this.E=-4191439,this.F=1750603025,this.G=1694076839,this.H=-1090891868,this.outputLen=28}}const Kc=/* @__PURE__ */Ac((()=>new Ic)),Cc=/* @__PURE__ */Ac((()=>new Sc));class Dc extends dc{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,function(e){if("function"!=typeof e||"function"!=typeof e.create)throw Error("Hash should be wrapped by utils.wrapConstructor");nc(e.outputLen),nc(e.blockLen)}(e);const r=gc(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const n=this.blockLen,i=new Uint8Array(n);i.set(r.length>n?e.create().update(r).digest():r);for(let e=0;enew Dc(e,t).update(r).digest();Pc.create=(e,t)=>new Dc(e,t) +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const Uc=/* @__PURE__ */BigInt(0),xc=/* @__PURE__ */BigInt(1),Qc=/* @__PURE__ */BigInt(2);function Rc(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Lc(e){if(!Rc(e))throw Error("Uint8Array expected")}function Tc(e,t){if("boolean"!=typeof t)throw Error(`${e} must be valid boolean, got "${t}".`)}const Mc=/* @__PURE__ */Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function Nc(e){Lc(e);let t="";for(let r=0;r=Oc._0&&e<=Oc._9?e-Oc._0:e>=Oc._A&&e<=Oc._F?e-(Oc._A-10):e>=Oc._a&&e<=Oc._f?e-(Oc._a-10):void 0}function _c(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);const t=e.length,r=t/2;if(t%2)throw Error("padded hex string expected, got unpadded hex of length "+t);const n=new Uint8Array(r);for(let t=0,i=0;t"bigint"==typeof e&&Uc<=e;function Zc(e,t,r){return Wc(e)&&Wc(t)&&Wc(r)&&t<=e&&eUc;e>>=xc,t+=1);return t}const eh=e=>(Qc<new Uint8Array(e),rh=e=>Uint8Array.from(e);function nh(e,t,r){if("number"!=typeof e||e<2)throw Error("hashLen must be a number");if("number"!=typeof t||t<2)throw Error("qByteLen must be a number");if("function"!=typeof r)throw Error("hmacFn must be a function");let n=th(e),i=th(e),s=0;const a=()=>{n.fill(1),i.fill(0),s=0},o=(...e)=>r(i,n,...e),c=(e=th())=>{i=o(rh([0]),e),n=o(),0!==e.length&&(i=o(rh([1]),e),n=o())},h=()=>{if(s++>=1e3)throw Error("drbg: tried 1000 values");let e=0;const r=[];for(;e{let r;for(a(),c(e);!(r=t(h()));)c();return a(),r}}const ih={bigint:e=>"bigint"==typeof e,function:e=>"function"==typeof e,boolean:e=>"boolean"==typeof e,string:e=>"string"==typeof e,stringOrUint8Array:e=>"string"==typeof e||Rc(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>"function"==typeof e&&Number.isSafeInteger(e.outputLen)};function sh(e,t,r={}){const n=(t,r,n)=>{const i=ih[r];if("function"!=typeof i)throw Error(`Invalid validator "${r}", expected function`);const s=e[t];if(!(n&&void 0===s||i(s,e)))throw Error(`Invalid param ${t+""}=${s} (${typeof s}), expected ${r}`)};for(const[e,r]of Object.entries(t))n(e,r,!1);for(const[e,t]of Object.entries(r))n(e,t,!0);return e}function ah(e){const t=new WeakMap;return(r,...n)=>{const i=t.get(r);if(void 0!==i)return i;const s=e(r,...n);return t.set(r,s),s}}var oh=/*#__PURE__*/Object.freeze({__proto__:null,aInRange:$c,abool:Tc,abytes:Lc,bitGet:function(e,t){return e>>BigInt(t)&xc},bitLen:Xc,bitMask:eh,bitSet:function(e,t,r){return e|(r?xc:Uc)<{throw Error("not implemented")},numberToBytesBE:qc,numberToBytesLE:Vc,numberToHexUnpadded:Fc,numberToVarBytesBE:function(e){return _c(Fc(e))},utf8ToBytes:function(e){if("string"!=typeof e)throw Error("utf8ToBytes expected string, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))},validateObject:sh}); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const ch=BigInt(0),hh=BigInt(1),uh=BigInt(2),lh=BigInt(3),yh=BigInt(4),fh=BigInt(5),gh=BigInt(8);function ph(e,t){const r=e%t;return r>=ch?r:t+r}function dh(e,t,r){if(r<=ch||t 0");if(r===hh)return ch;let n=hh;for(;t>ch;)t&hh&&(n=n*e%r),e=e*e%r,t>>=hh;return n}function Ah(e,t,r){let n=e;for(;t-- >ch;)n*=n,n%=r;return n}function wh(e,t){if(e===ch||t<=ch)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=ph(e,t),n=t,i=ch,s=hh;for(;r!==ch;){const e=n%r,t=i-s*(n/r);n=r,r=e,i=s,s=t}if(n!==hh)throw Error("invert: does not exist");return ph(i,t)}function mh(e){if(e%yh===lh){const t=(e+hh)/yh;return function(e,r){const n=e.pow(r,t);if(!e.eql(e.sqr(n),r))throw Error("Cannot find square root");return n}}if(e%gh===fh){const t=(e-fh)/gh;return function(e,r){const n=e.mul(r,uh),i=e.pow(n,t),s=e.mul(r,i),a=e.mul(e.mul(s,uh),i),o=e.mul(s,e.sub(a,e.ONE));if(!e.eql(e.sqr(o),r))throw Error("Cannot find square root");return o}}return function(e){const t=(e-hh)/uh;let r,n,i;for(r=e-hh,n=0;r%uh===ch;r/=uh,n++);for(i=uh;i 0, got "+e);const{nBitLength:i,nByteLength:s}=kh(e,t);if(s>2048)throw Error("Field lengths over 2048 bytes are not supported");const a=mh(e),o=Object.freeze({ORDER:e,BITS:i,BYTES:s,MASK:eh(i),ZERO:ch,ONE:hh,create:t=>ph(t,e),isValid:t=>{if("bigint"!=typeof t)throw Error("Invalid field element: expected bigint, got "+typeof t);return ch<=t&&te===ch,isOdd:e=>(e&hh)===hh,neg:t=>ph(-t,e),eql:(e,t)=>e===t,sqr:t=>ph(t*t,e),add:(t,r)=>ph(t+r,e),sub:(t,r)=>ph(t-r,e),mul:(t,r)=>ph(t*r,e),pow:(e,t)=>function(e,t,r){if(r 0");if(r===ch)return e.ONE;if(r===hh)return t;let n=e.ONE,i=t;for(;r>ch;)r&hh&&(n=e.mul(n,i)),i=e.sqr(i),r>>=hh;return n}(o,e,t),div:(t,r)=>ph(t*wh(r,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>wh(t,e),sqrt:n.sqrt||(e=>a(o,e)),invertBatch:e=>function(e,t){const r=Array(t.length),n=t.reduce(((t,n,i)=>e.is0(n)?t:(r[i]=t,e.mul(t,n))),e.ONE),i=e.inv(n);return t.reduceRight(((t,n,i)=>e.is0(n)?t:(r[i]=e.mul(t,r[i]),e.mul(t,n))),i),r}(o,e),cmov:(e,t,r)=>r?t:e,toBytes:e=>r?Vc(e,s):qc(e,s),fromBytes:e=>{if(e.length!==s)throw Error(`Fp.fromBytes: expected ${s}, got ${e.length}`);return r?jc(e):Gc(e)}});return Object.freeze(o)}function vh(e){if("bigint"!=typeof e)throw Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function Bh(e){const t=vh(e);return t+Math.ceil(t/2)} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const Ih=BigInt(0),Sh=BigInt(1),Kh=new WeakMap,Ch=new WeakMap;function Dh(e,t){const r=(e,t)=>{const r=t.negate();return e?r:t},n=e=>{if(!Number.isSafeInteger(e)||e<=0||e>t)throw Error(`Wrong window size=${e}, should be [1..${t}]`)},i=e=>{n(e);return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1)}};return{constTimeNegate:r,unsafeLadder(t,r){let n=e.ZERO,i=t;for(;r>Ih;)r&Sh&&(n=n.add(i)),i=i.double(),r>>=Sh;return n},precomputeWindow(e,t){const{windows:r,windowSize:n}=i(t),s=[];let a=e,o=a;for(let e=0;e>=y,i>o&&(i-=l,s+=Sh);const a=t,f=t+Math.abs(i)-1,g=e%2!=0,p=i<0;0===i?h=h.add(r(g,n[a])):c=c.add(r(p,n[f]))}return{p:c,f:h}},wNAFCached(e,t,r){const n=Ch.get(e)||1;let i=Kh.get(e);return i||(i=this.precomputeWindow(e,n),1!==n&&Kh.set(e,r(i))),this.wNAF(n,i,t)},setWindowSize(e,t){n(t),Ch.set(e,t),Kh.delete(e)}}}function Ph(e,t,r,n){if(!Array.isArray(r)||!Array.isArray(n)||n.length!==r.length)throw Error("arrays of points and scalars must have equal length");n.forEach(((e,r)=>{if(!t.isValid(e))throw Error("wrong scalar at index "+r)})),r.forEach(((t,r)=>{if(!(t instanceof e))throw Error("wrong point at index "+r)}));const i=Xc(BigInt(r.length)),s=i>12?i-3:i>4?i-2:i?2:1,a=(1<=0;t-=s){o.fill(e.ZERO);for(let e=0;e>BigInt(t)&BigInt(a));o[s]=o[s].add(r[e])}let i=e.ZERO;for(let t=o.length-1,r=e.ZERO;t>0;t--)r=r.add(o[t]),i=i.add(r);if(h=h.add(i),0!==t)for(let e=0;e(e[t]="function",e)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"})),sh(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...kh(e.n,e.nBitLength),...e,p:e.Fp.ORDER})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function xh(e){void 0!==e.lowS&&Tc("lowS",e.lowS),void 0!==e.prehash&&Tc("prehash",e.prehash)}const{bytesToNumberBE:Qh,hexToBytes:Rh}=oh,Lh={Err:class extends Error{constructor(e=""){super(e)}},_tlv:{encode:(e,t)=>{const{Err:r}=Lh;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(1&t.length)throw new r("tlv.encode: unpadded data");const n=t.length/2,i=Fc(n);if(i.length/2&128)throw new r("tlv.encode: long form length too big");const s=n>127?Fc(i.length/2|128):"";return`${Fc(e)}${s}${i}${t}`},decode(e,t){const{Err:r}=Lh;let n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");const i=t[n++];let s=0;if(!!(128&i)){const e=127&i;if(!e)throw new r("tlv.decode(long): indefinite length not supported");if(e>4)throw new r("tlv.decode(long): byte length is too big");const a=t.subarray(n,n+e);if(a.length!==e)throw new r("tlv.decode: length bytes not complete");if(0===a[0])throw new r("tlv.decode(long): zero leftmost byte");for(const e of a)s=s<<8|e;if(n+=e,s<128)throw new r("tlv.decode(long): not minimal encoding")}else s=i;const a=t.subarray(n,n+s);if(a.length!==s)throw new r("tlv.decode: wrong value length");return{v:a,l:t.subarray(n+s)}}},_int:{encode(e){const{Err:t}=Lh;if(e{const i=t.toAffine();return Yc(Uint8Array.from([4]),r.toBytes(i.x),r.toBytes(i.y))}),s=t.fromBytes||(e=>{const t=e.subarray(1);return{x:r.fromBytes(t.subarray(0,r.BYTES)),y:r.fromBytes(t.subarray(r.BYTES,2*r.BYTES))}});function a(e){const{a:n,b:i}=t,s=r.sqr(e),a=r.mul(s,e);return r.add(r.add(a,r.mul(e,n)),i)}if(!r.eql(r.sqr(t.Gy),a(t.Gx)))throw Error("bad generator point: equation left != right");function o(e){const{allowedPrivateKeyLengths:r,nByteLength:n,wrapPrivateKey:i,n:s}=t;if(r&&"bigint"!=typeof e){if(Rc(e)&&(e=Nc(e)),"string"!=typeof e||!r.includes(e.length))throw Error("Invalid key");e=e.padStart(2*n,"0")}let a;try{a="bigint"==typeof e?e:Gc(Jc("private key",e,n))}catch(t){throw Error(`private key must be ${n} bytes, hex or bigint, not ${typeof e}`)}return i&&(a=ph(a,s)),$c("private key",a,Mh,s),a}function c(e){if(!(e instanceof l))throw Error("ProjectivePoint expected")}const h=ah(((e,t)=>{const{px:n,py:i,pz:s}=e;if(r.eql(s,r.ONE))return{x:n,y:i};const a=e.is0();null==t&&(t=a?r.ONE:r.inv(s));const o=r.mul(n,t),c=r.mul(i,t),h=r.mul(s,t);if(a)return{x:r.ZERO,y:r.ZERO};if(!r.eql(h,r.ONE))throw Error("invZ was invalid");return{x:o,y:c}})),u=ah((e=>{if(e.is0()){if(t.allowInfinityPoint&&!r.is0(e.py))return;throw Error("bad point: ZERO")}const{x:n,y:i}=e.toAffine();if(!r.isValid(n)||!r.isValid(i))throw Error("bad point: x or y not FE");const s=r.sqr(i),o=a(n);if(!r.eql(s,o))throw Error("bad point: equation left != right");if(!e.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));class l{constructor(e,t,n){if(this.px=e,this.py=t,this.pz=n,null==e||!r.isValid(e))throw Error("x required");if(null==t||!r.isValid(t))throw Error("y required");if(null==n||!r.isValid(n))throw Error("z required");Object.freeze(this)}static fromAffine(e){const{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw Error("invalid affine point");if(e instanceof l)throw Error("projective point not allowed");const i=e=>r.eql(e,r.ZERO);return i(t)&&i(n)?l.ZERO:new l(t,n,r.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.pz)));return e.map(((e,r)=>e.toAffine(t[r]))).map(l.fromAffine)}static fromHex(e){const t=l.fromAffine(s(Jc("pointHex",e)));return t.assertValidity(),t}static fromPrivateKey(e){return l.BASE.multiply(o(e))}static msm(e,t){return Ph(l,n,e,t)}_setWindowSize(e){f.setWindowSize(this,e)}assertValidity(){u(this)}hasEvenY(){const{y:e}=this.toAffine();if(r.isOdd)return!r.isOdd(e);throw Error("Field doesn't support isOdd")}equals(e){c(e);const{px:t,py:n,pz:i}=this,{px:s,py:a,pz:o}=e,h=r.eql(r.mul(t,o),r.mul(s,i)),u=r.eql(r.mul(n,o),r.mul(a,i));return h&&u}negate(){return new l(this.px,r.neg(this.py),this.pz)}double(){const{a:e,b:n}=t,i=r.mul(n,Nh),{px:s,py:a,pz:o}=this;let c=r.ZERO,h=r.ZERO,u=r.ZERO,y=r.mul(s,s),f=r.mul(a,a),g=r.mul(o,o),p=r.mul(s,a);return p=r.add(p,p),u=r.mul(s,o),u=r.add(u,u),c=r.mul(e,u),h=r.mul(i,g),h=r.add(c,h),c=r.sub(f,h),h=r.add(f,h),h=r.mul(c,h),c=r.mul(p,c),u=r.mul(i,u),g=r.mul(e,g),p=r.sub(y,g),p=r.mul(e,p),p=r.add(p,u),u=r.add(y,y),y=r.add(u,y),y=r.add(y,g),y=r.mul(y,p),h=r.add(h,y),g=r.mul(a,o),g=r.add(g,g),y=r.mul(g,p),c=r.sub(c,y),u=r.mul(g,f),u=r.add(u,u),u=r.add(u,u),new l(c,h,u)}add(e){c(e);const{px:n,py:i,pz:s}=this,{px:a,py:o,pz:h}=e;let u=r.ZERO,y=r.ZERO,f=r.ZERO;const g=t.a,p=r.mul(t.b,Nh);let d=r.mul(n,a),A=r.mul(i,o),w=r.mul(s,h),m=r.add(n,i),b=r.add(a,o);m=r.mul(m,b),b=r.add(d,A),m=r.sub(m,b),b=r.add(n,s);let k=r.add(a,h);return b=r.mul(b,k),k=r.add(d,w),b=r.sub(b,k),k=r.add(i,s),u=r.add(o,h),k=r.mul(k,u),u=r.add(A,w),k=r.sub(k,u),f=r.mul(g,b),u=r.mul(p,w),f=r.add(u,f),u=r.sub(A,f),f=r.add(A,f),y=r.mul(u,f),A=r.add(d,d),A=r.add(A,d),w=r.mul(g,w),b=r.mul(p,b),A=r.add(A,w),w=r.sub(d,w),w=r.mul(g,w),b=r.add(b,w),d=r.mul(A,b),y=r.add(y,d),d=r.mul(k,b),u=r.mul(m,u),u=r.sub(u,d),d=r.mul(m,A),f=r.mul(k,f),f=r.add(f,d),new l(u,y,f)}subtract(e){return this.add(e.negate())}is0(){return this.equals(l.ZERO)}wNAF(e){return f.wNAFCached(this,e,l.normalizeZ)}multiplyUnsafe(e){$c("scalar",e,Th,t.n);const n=l.ZERO;if(e===Th)return n;if(e===Mh)return this;const{endo:i}=t;if(!i)return f.unsafeLadder(this,e);let{k1neg:s,k1:a,k2neg:o,k2:c}=i.splitScalar(e),h=n,u=n,y=this;for(;a>Th||c>Th;)a&Mh&&(h=h.add(y)),c&Mh&&(u=u.add(y)),y=y.double(),a>>=Mh,c>>=Mh;return s&&(h=h.negate()),o&&(u=u.negate()),u=new l(r.mul(u.px,i.beta),u.py,u.pz),h.add(u)}multiply(e){const{endo:n,n:i}=t;let s,a;if($c("scalar",e,Mh,i),n){const{k1neg:t,k1:i,k2neg:o,k2:c}=n.splitScalar(e);let{p:h,f:u}=this.wNAF(i),{p:y,f:g}=this.wNAF(c);h=f.constTimeNegate(t,h),y=f.constTimeNegate(o,y),y=new l(r.mul(y.px,n.beta),y.py,y.pz),s=h.add(y),a=u.add(g)}else{const{p:t,f:r}=this.wNAF(e);s=t,a=r}return l.normalizeZ([s,a])[0]}multiplyAndAddUnsafe(e,t,r){const n=l.BASE,i=(e,t)=>t!==Th&&t!==Mh&&e.equals(n)?e.multiply(t):e.multiplyUnsafe(t),s=i(this,t).add(i(e,r));return s.is0()?void 0:s}toAffine(e){return h(this,e)}isTorsionFree(){const{h:e,isTorsionFree:r}=t;if(e===Mh)return!0;if(r)return r(l,this);throw Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:e,clearCofactor:r}=t;return e===Mh?this:r?r(l,this):this.multiplyUnsafe(t.h)}toRawBytes(e=!0){return Tc("isCompressed",e),this.assertValidity(),i(l,this,e)}toHex(e=!0){return Tc("isCompressed",e),Nc(this.toRawBytes(e))}}l.BASE=new l(t.Gx,t.Gy,r.ONE),l.ZERO=new l(r.ZERO,r.ONE,r.ZERO);const y=t.nBitLength,f=Dh(l,t.endo?Math.ceil(y/2):y);return{CURVE:t,ProjectivePoint:l,normPrivateKeyToScalar:o,weierstrassEquation:a,isWithinCurveOrder:function(e){return Zc(e,Mh,t.n)}}}function Hh(e){const t=function(e){const t=Uh(e);return sh(t,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...t})}(e),{Fp:r,n}=t,i=r.BYTES+1,s=2*r.BYTES+1;function a(e){return ph(e,n)}function o(e){return wh(e,n)}const{ProjectivePoint:c,normPrivateKeyToScalar:h,weierstrassEquation:u,isWithinCurveOrder:l}=Fh({...t,toBytes(e,t,n){const i=t.toAffine(),s=r.toBytes(i.x),a=Yc;return Tc("isCompressed",n),n?a(Uint8Array.from([t.hasEvenY()?2:3]),s):a(Uint8Array.from([4]),s,r.toBytes(i.y))},fromBytes(e){const t=e.length,n=e[0],a=e.subarray(1);if(t!==i||2!==n&&3!==n){if(t===s&&4===n){return{x:r.fromBytes(a.subarray(0,r.BYTES)),y:r.fromBytes(a.subarray(r.BYTES,2*r.BYTES))}}throw Error(`Point of length ${t} was invalid. Expected ${i} compressed bytes or ${s} uncompressed bytes`)}{const e=Gc(a);if(!Zc(e,Mh,r.ORDER))throw Error("Point is not on curve");const t=u(e);let i;try{i=r.sqrt(t)}catch(e){const t=e instanceof Error?": "+e.message:"";throw Error("Point is not on curve"+t)}return!(1&~n)!==((i&Mh)===Mh)&&(i=r.neg(i)),{x:e,y:i}}}}),y=e=>Nc(qc(e,t.nByteLength));function f(e){return e>n>>Mh}const g=(e,t,r)=>Gc(e.slice(t,r));class p{constructor(e,t,r){this.r=e,this.s=t,this.recovery=r,this.assertValidity()}static fromCompact(e){const r=t.nByteLength;return e=Jc("compactSignature",e,2*r),new p(g(e,0,r),g(e,r,2*r))}static fromDER(e){const{r:t,s:r}=Lh.toSig(Jc("DER",e));return new p(t,r)}assertValidity(){$c("r",this.r,Mh,n),$c("s",this.s,Mh,n)}addRecoveryBit(e){return new p(this.r,this.s,e)}recoverPublicKey(e){const{r:n,s:i,recovery:s}=this,h=m(Jc("msgHash",e));if(null==s||![0,1,2,3].includes(s))throw Error("recovery id invalid");const u=2===s||3===s?n+t.n:n;if(u>=r.ORDER)throw Error("recovery id 2 or 3 invalid");const l=1&s?"03":"02",f=c.fromHex(l+y(u)),g=o(u),p=a(-h*g),d=a(i*g),A=c.BASE.multiplyAndAddUnsafe(f,p,d);if(!A)throw Error("point at infinify");return A.assertValidity(),A}hasHighS(){return f(this.s)}normalizeS(){return this.hasHighS()?new p(this.r,a(-this.s),this.recovery):this}toDERRawBytes(){return _c(this.toDERHex())}toDERHex(){return Lh.hexFromSig({r:this.r,s:this.s})}toCompactRawBytes(){return _c(this.toCompactHex())}toCompactHex(){return y(this.r)+y(this.s)}}const d={isValidPrivateKey(e){try{return h(e),!0}catch(e){return!1}},normPrivateKeyToScalar:h,randomPrivateKey:()=>{const e=Bh(t.n);return function(e,t,r=!1){const n=e.length,i=vh(t),s=Bh(t);if(n<16||n1024)throw Error(`expected ${s}-1024 bytes of input, got ${n}`);const a=ph(r?Gc(e):jc(e),t-hh)+hh;return r?Vc(a,i):qc(a,i)}(t.randomBytes(e),t.n)},precompute:(e=8,t=c.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)};function A(e){const t=Rc(e),r="string"==typeof e,n=(t||r)&&e.length;return t?n===i||n===s:r?n===2*i||n===2*s:e instanceof c}const w=t.bits2int||function(e){const r=Gc(e),n=8*e.length-t.nBitLength;return n>0?r>>BigInt(n):r},m=t.bits2int_modN||function(e){return a(w(e))},b=eh(t.nBitLength);function k(e){return $c("num < 2^"+t.nBitLength,e,Th,b),qc(e,t.nByteLength)}function E(e,n,i=v){if(["recovered","canonical"].some((e=>e in i)))throw Error("sign() legacy options not supported");const{hash:s,randomBytes:u}=t;let{lowS:y,prehash:g,extraEntropy:d}=i;null==y&&(y=!0),e=Jc("msgHash",e),xh(i),g&&(e=Jc("prehashed msgHash",s(e)));const A=m(e),b=h(n),E=[k(b),k(A)];if(null!=d&&!1!==d){const e=!0===d?u(r.BYTES):d;E.push(Jc("extraEntropy",e))}const B=Yc(...E),I=A;return{seed:B,k2sig:function(e){const t=w(e);if(!l(t))return;const r=o(t),n=c.BASE.multiply(t).toAffine(),i=a(n.x);if(i===Th)return;const s=a(r*a(I+i*b));if(s===Th)return;let h=(n.x===i?0:2)|Number(n.y&Mh),u=s;return y&&f(s)&&(u=function(e){return f(e)?a(-e):e}(s),h^=1),new p(i,u,h)}}}const v={lowS:t.lowS,prehash:!1},B={lowS:t.lowS,prehash:!1};return c.BASE._setWindowSize(8),{CURVE:t,getPublicKey:function(e,t=!0){return c.fromPrivateKey(e).toRawBytes(t)},getSharedSecret:function(e,t,r=!0){if(A(e))throw Error("first arg must be private key");if(!A(t))throw Error("second arg must be public key");return c.fromHex(t).multiply(h(e)).toRawBytes(r)},sign:function(e,r,n=v){const{seed:i,k2sig:s}=E(e,r,n),a=t;return nh(a.hash.outputLen,a.nByteLength,a.hmac)(i,s)},verify:function(e,r,n,i=B){const s=e;if(r=Jc("msgHash",r),n=Jc("publicKey",n),"strict"in i)throw Error("options.strict was renamed to lowS");xh(i);const{lowS:h,prehash:u}=i;let l,y;try{if("string"==typeof s||Rc(s))try{l=p.fromDER(s)}catch(e){if(!(e instanceof Lh.Err))throw e;l=p.fromCompact(s)}else{if("object"!=typeof s||"bigint"!=typeof s.r||"bigint"!=typeof s.s)throw Error("PARSE");{const{r:e,s:t}=s;l=new p(e,t)}}y=c.fromHex(n)}catch(e){if("PARSE"===e.message)throw Error("signature must be Signature instance, Uint8Array or hex string");return!1}if(h&&l.hasHighS())return!1;u&&(r=t.hash(r));const{r:f,s:g}=l,d=m(r),A=o(g),w=a(d*A),b=a(f*A),k=c.BASE.multiplyAndAddUnsafe(y,w,b)?.toAffine();return!!k&&a(k.x)===f},ProjectivePoint:c,Signature:p,utils:d}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Oh(e){return{hash:e,hmac:(t,...r)=>Pc(e,t,pc(...r)),randomBytes:wc}}function zh(e,t){const r=t=>Hh({...e,...Oh(t)});return Object.freeze({...r(t),create:r})} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */BigInt(4);const _h=Eh(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff")),Gh=zh({a:_h.create(BigInt("-3")),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Fp:_h,n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),h:BigInt(1),lowS:!1},Kc),jh=/* @__PURE__ */BigInt(2**32-1),qh=/* @__PURE__ */BigInt(32);function Vh(e,t=!1){return t?{h:Number(e&jh),l:Number(e>>qh&jh)}:{h:0|Number(e>>qh&jh),l:0|Number(e&jh)}}function Jh(e,t=!1){let r=new Uint32Array(e.length),n=new Uint32Array(e.length);for(let i=0;ie<>>32-r,Wh=(e,t,r)=>t<>>32-r,Zh=(e,t,r)=>t<>>64-r,$h=(e,t,r)=>e<>>64-r;const Xh={fromBig:Vh,split:Jh,toBig:(e,t)=>BigInt(e>>>0)<>>0),shrSH:(e,t,r)=>e>>>r,shrSL:(e,t,r)=>e<<32-r|t>>>r,rotrSH:(e,t,r)=>e>>>r|t<<32-r,rotrSL:(e,t,r)=>e<<32-r|t>>>r,rotrBH:(e,t,r)=>e<<64-r|t>>>r-32,rotrBL:(e,t,r)=>e>>>r-32|t<<64-r,rotr32H:(e,t)=>t,rotr32L:(e,t)=>e,rotlSH:Yh,rotlSL:Wh,rotlBH:Zh,rotlBL:$h,add:function(e,t,r,n){const i=(t>>>0)+(n>>>0);return{h:e+r+(i/2**32|0)|0,l:0|i}},add3L:(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),add3H:(e,t,r,n)=>t+r+n+(e/2**32|0)|0,add4L:(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),add4H:(e,t,r,n,i)=>t+r+n+i+(e/2**32|0)|0,add5H:(e,t,r,n,i,s)=>t+r+n+i+s+(e/2**32|0)|0,add5L:(e,t,r,n,i)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(i>>>0)},[eu,tu]=/* @__PURE__ */(()=>Xh.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((e=>BigInt(e)))))(),ru=/* @__PURE__ */new Uint32Array(80),nu=/* @__PURE__ */new Uint32Array(80);class iu extends kc{constructor(){super(128,64,16,!1),this.Ah=1779033703,this.Al=-205731576,this.Bh=-1150833019,this.Bl=-2067093701,this.Ch=1013904242,this.Cl=-23791573,this.Dh=-1521486534,this.Dl=1595750129,this.Eh=1359893119,this.El=-1377402159,this.Fh=-1694144372,this.Fl=725511199,this.Gh=528734635,this.Gl=-79577749,this.Hh=1541459225,this.Hl=327033209}get(){const{Ah:e,Al:t,Bh:r,Bl:n,Ch:i,Cl:s,Dh:a,Dl:o,Eh:c,El:h,Fh:u,Fl:l,Gh:y,Gl:f,Hh:g,Hl:p}=this;return[e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p]}set(e,t,r,n,i,s,a,o,c,h,u,l,y,f,g,p){this.Ah=0|e,this.Al=0|t,this.Bh=0|r,this.Bl=0|n,this.Ch=0|i,this.Cl=0|s,this.Dh=0|a,this.Dl=0|o,this.Eh=0|c,this.El=0|h,this.Fh=0|u,this.Fl=0|l,this.Gh=0|y,this.Gl=0|f,this.Hh=0|g,this.Hl=0|p}process(e,t){for(let r=0;r<16;r++,t+=4)ru[r]=e.getUint32(t),nu[r]=e.getUint32(t+=4);for(let e=16;e<80;e++){const t=0|ru[e-15],r=0|nu[e-15],n=Xh.rotrSH(t,r,1)^Xh.rotrSH(t,r,8)^Xh.shrSH(t,r,7),i=Xh.rotrSL(t,r,1)^Xh.rotrSL(t,r,8)^Xh.shrSL(t,r,7),s=0|ru[e-2],a=0|nu[e-2],o=Xh.rotrSH(s,a,19)^Xh.rotrBH(s,a,61)^Xh.shrSH(s,a,6),c=Xh.rotrSL(s,a,19)^Xh.rotrBL(s,a,61)^Xh.shrSL(s,a,6),h=Xh.add4L(i,c,nu[e-7],nu[e-16]),u=Xh.add4H(h,n,o,ru[e-7],ru[e-16]);ru[e]=0|u,nu[e]=0|h}let{Ah:r,Al:n,Bh:i,Bl:s,Ch:a,Cl:o,Dh:c,Dl:h,Eh:u,El:l,Fh:y,Fl:f,Gh:g,Gl:p,Hh:d,Hl:A}=this;for(let e=0;e<80;e++){const t=Xh.rotrSH(u,l,14)^Xh.rotrSH(u,l,18)^Xh.rotrBH(u,l,41),w=Xh.rotrSL(u,l,14)^Xh.rotrSL(u,l,18)^Xh.rotrBL(u,l,41),m=u&y^~u&g,b=l&f^~l&p,k=Xh.add5L(A,w,b,tu[e],nu[e]),E=Xh.add5H(k,d,t,m,eu[e],ru[e]),v=0|k,B=Xh.rotrSH(r,n,28)^Xh.rotrBH(r,n,34)^Xh.rotrBH(r,n,39),I=Xh.rotrSL(r,n,28)^Xh.rotrBL(r,n,34)^Xh.rotrBL(r,n,39),S=r&i^r&a^i&a,K=n&s^n&o^s&o;d=0|g,A=0|p,g=0|y,p=0|f,y=0|u,f=0|l,({h:u,l}=Xh.add(0|c,0|h,0|E,0|v)),c=0|a,h=0|o,a=0|i,o=0|s,i=0|r,s=0|n;const C=Xh.add3L(v,I,K);r=Xh.add3H(C,E,B,S),n=0|C}({h:r,l:n}=Xh.add(0|this.Ah,0|this.Al,0|r,0|n)),({h:i,l:s}=Xh.add(0|this.Bh,0|this.Bl,0|i,0|s)),({h:a,l:o}=Xh.add(0|this.Ch,0|this.Cl,0|a,0|o)),({h:c,l:h}=Xh.add(0|this.Dh,0|this.Dl,0|c,0|h)),({h:u,l}=Xh.add(0|this.Eh,0|this.El,0|u,0|l)),({h:y,l:f}=Xh.add(0|this.Fh,0|this.Fl,0|y,0|f)),({h:g,l:p}=Xh.add(0|this.Gh,0|this.Gl,0|g,0|p)),({h:d,l:A}=Xh.add(0|this.Hh,0|this.Hl,0|d,0|A)),this.set(r,n,i,s,a,o,c,h,u,l,y,f,g,p,d,A)}roundClean(){ru.fill(0),nu.fill(0)}destroy(){this.buffer.fill(0),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class su extends iu{constructor(){super(),this.Ah=-876896931,this.Al=-1056596264,this.Bh=1654270250,this.Bl=914150663,this.Ch=-1856437926,this.Cl=812702999,this.Dh=355462360,this.Dl=-150054599,this.Eh=1731405415,this.El=-4191439,this.Fh=-1900787065,this.Fl=1750603025,this.Gh=-619958771,this.Gl=1694076839,this.Hh=1203062813,this.Hl=-1090891868,this.outputLen=48}}const au=/* @__PURE__ */Ac((()=>new iu)),ou=/* @__PURE__ */Ac((()=>new su)),cu=Eh(BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff")),hu=zh({a:cu.create(BigInt("-3")),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Fp:cu,n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),h:BigInt(1),lowS:!1},ou),uu=Eh(BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")),lu={a:uu.create(BigInt("-3")),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Fp:uu,n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"),h:BigInt(1)},yu=zh({a:lu.a,b:lu.b,Fp:uu,n:lu.n,Gx:lu.Gx,Gy:lu.Gy,h:lu.h,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},au),fu=[],gu=[],pu=[],du=/* @__PURE__ */BigInt(0),Au=/* @__PURE__ */BigInt(1),wu=/* @__PURE__ */BigInt(2),mu=/* @__PURE__ */BigInt(7),bu=/* @__PURE__ */BigInt(256),ku=/* @__PURE__ */BigInt(113);for(let e=0,t=Au,r=1,n=0;e<24;e++){[r,n]=[n,(2*r+3*n)%5],fu.push(2*(5*n+r)),gu.push((e+1)*(e+2)/2%64);let i=du;for(let e=0;e<7;e++)t=(t<>mu)*ku)%bu,t&wu&&(i^=Au<<(Au<r>32?Zh(e,t,r):Yh(e,t,r),Iu=(e,t,r)=>r>32?$h(e,t,r):Wh(e,t,r);class Su extends dc{constructor(e,t,r,n=!1,i=24){if(super(),this.blockLen=e,this.suffix=t,this.outputLen=r,this.enableXOF=n,this.rounds=i,this.pos=0,this.posOut=0,this.finished=!1,this.destroyed=!1,nc(r),0>=this.blockLen||this.blockLen>=200)throw Error("Sha3 supports only keccak-f1600 function");var s;this.state=new Uint8Array(200),this.state32=(s=this.state,new Uint32Array(s.buffer,s.byteOffset,Math.floor(s.byteLength/4)))}keccak(){lc||yc(this.state32),function(e,t=24){const r=new Uint32Array(10);for(let n=24-t;n<24;n++){for(let t=0;t<10;t++)r[t]=e[t]^e[t+10]^e[t+20]^e[t+30]^e[t+40];for(let t=0;t<10;t+=2){const n=(t+8)%10,i=(t+2)%10,s=r[i],a=r[i+1],o=Bu(s,a,1)^r[n],c=Iu(s,a,1)^r[n+1];for(let r=0;r<50;r+=10)e[t+r]^=o,e[t+r+1]^=c}let t=e[2],i=e[3];for(let r=0;r<24;r++){const n=gu[r],s=Bu(t,i,n),a=Iu(t,i,n),o=fu[r];t=e[o],i=e[o+1],e[o]=s,e[o+1]=a}for(let t=0;t<50;t+=10){for(let n=0;n<10;n++)r[n]=e[t+n];for(let n=0;n<10;n++)e[t+n]^=~r[(n+2)%10]&r[(n+4)%10]}e[0]^=Eu[n],e[1]^=vu[n]}r.fill(0)}(this.state32,this.rounds),lc||yc(this.state32),this.posOut=0,this.pos=0}update(e){sc(this);const{blockLen:t,state:r}=this,n=(e=gc(e)).length;for(let i=0;i=r&&this.keccak();const s=Math.min(r-this.posOut,i-n);e.set(t.subarray(this.posOut,this.posOut+s),n),this.posOut+=s,n+=s}return e}xofInto(e){if(!this.enableXOF)throw Error("XOF is not possible for this instance");return this.writeInto(e)}xof(e){return nc(e),this.xofInto(new Uint8Array(e))}digestInto(e){if(ac(e,this),this.finished)throw Error("digest() was already called");return this.writeInto(e),this.destroy(),e}digest(){return this.digestInto(new Uint8Array(this.outputLen))}destroy(){this.destroyed=!0,this.state.fill(0)}_cloneInto(e){const{blockLen:t,suffix:r,outputLen:n,rounds:i,enableXOF:s}=this;return e||(e=new Su(t,r,n,s,i)),e.state32.set(this.state32),e.pos=this.pos,e.posOut=this.posOut,e.finished=this.finished,e.rounds=i,e.suffix=r,e.outputLen=n,e.enableXOF=s,e.destroyed=this.destroyed,e}}const Ku=(e,t,r)=>Ac((()=>new Su(t,e,r))),Cu=/* @__PURE__ */Ku(6,136,32),Du=/* @__PURE__ */Ku(6,72,64),Pu=/* @__PURE__ */((e,t,r)=>function(e){const t=(t,r)=>e(r).update(gc(t)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=t=>e(t),t}(((n={})=>new Su(t,e,void 0===n.dkLen?r:n.dkLen,!0))))(31,136,32),Uu=BigInt(0),xu=BigInt(1),Qu=BigInt(2),Ru=BigInt(8),Lu={zip215:!0};function Tu(e){const t=function(e){const t=Uh(e);return sh(e,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...t})}(e),{Fp:r,n,prehash:i,hash:s,randomBytes:a,nByteLength:o,h:c}=t,h=Qu<{try{return{isValid:!0,value:r.sqrt(e*r.inv(t))}}catch(e){return{isValid:!1,value:Uu}}}),f=t.adjustScalarBytes||(e=>e),g=t.domain||((e,t,r)=>{if(Tc("phflag",r),t.length||r)throw Error("Contexts/pre-hash are not supported");return e});function p(e,t){$c("coordinate "+e,t,Uu,h)}function d(e){if(!(e instanceof m))throw Error("ExtendedPoint expected")}const A=ah(((e,t)=>{const{ex:n,ey:i,ez:s}=e,a=e.is0();null==t&&(t=a?Ru:r.inv(s));const o=u(n*t),c=u(i*t),h=u(s*t);if(a)return{x:Uu,y:xu};if(h!==xu)throw Error("invZ was invalid");return{x:o,y:c}})),w=ah((e=>{const{a:r,d:n}=t;if(e.is0())throw Error("bad point: ZERO");const{ex:i,ey:s,ez:a,et:o}=e,c=u(i*i),h=u(s*s),l=u(a*a),y=u(l*l),f=u(c*r);if(u(l*u(f+h))!==u(y+u(n*u(c*h))))throw Error("bad point: equation left != right (1)");if(u(i*s)!==u(a*o))throw Error("bad point: equation left != right (2)");return!0}));class m{constructor(e,t,r,n){this.ex=e,this.ey=t,this.ez=r,this.et=n,p("x",e),p("y",t),p("z",r),p("t",n),Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(e){if(e instanceof m)throw Error("extended point not allowed");const{x:t,y:r}=e||{};return p("x",t),p("y",r),new m(t,r,xu,u(t*r))}static normalizeZ(e){const t=r.invertBatch(e.map((e=>e.ez)));return e.map(((e,r)=>e.toAffine(t[r]))).map(m.fromAffine)}static msm(e,t){return Ph(m,l,e,t)}_setWindowSize(e){E.setWindowSize(this,e)}assertValidity(){w(this)}equals(e){d(e);const{ex:t,ey:r,ez:n}=this,{ex:i,ey:s,ez:a}=e,o=u(t*a),c=u(i*n),h=u(r*a),l=u(s*n);return o===c&&h===l}is0(){return this.equals(m.ZERO)}negate(){return new m(u(-this.ex),this.ey,this.ez,u(-this.et))}double(){const{a:e}=t,{ex:r,ey:n,ez:i}=this,s=u(r*r),a=u(n*n),o=u(Qu*u(i*i)),c=u(e*s),h=r+n,l=u(u(h*h)-s-a),y=c+a,f=y-o,g=c-a,p=u(l*f),d=u(y*g),A=u(l*g),w=u(f*y);return new m(p,d,w,A)}add(e){d(e);const{a:r,d:n}=t,{ex:i,ey:s,ez:a,et:o}=this,{ex:c,ey:h,ez:l,et:y}=e;if(r===BigInt(-1)){const e=u((s-i)*(h+c)),t=u((s+i)*(h-c)),r=u(t-e);if(r===Uu)return this.double();const n=u(a*Qu*y),f=u(o*Qu*l),g=f+n,p=t+e,d=f-n,A=u(g*r),w=u(p*d),b=u(g*d),k=u(r*p);return new m(A,w,k,b)}const f=u(i*c),g=u(s*h),p=u(o*n*y),A=u(a*l),w=u((i+s)*(c+h)-f-g),b=A-p,k=A+p,E=u(g-r*f),v=u(w*b),B=u(k*E),I=u(w*E),S=u(b*k);return new m(v,B,S,I)}subtract(e){return this.add(e.negate())}wNAF(e){return E.wNAFCached(this,e,m.normalizeZ)}multiply(e){const t=e;$c("scalar",t,xu,n);const{p:r,f:i}=this.wNAF(t);return m.normalizeZ([r,i])[0]}multiplyUnsafe(e){const t=e;return $c("scalar",t,Uu,n),t===Uu?k:this.equals(k)||t===xu?this:this.equals(b)?this.wNAF(t).p:E.unsafeLadder(this,t)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}isTorsionFree(){return E.unsafeLadder(this,n).is0()}toAffine(e){return A(this,e)}clearCofactor(){const{h:e}=t;return e===xu?this:this.multiplyUnsafe(e)}static fromHex(e,n=!1){const{d:i,a:s}=t,a=r.BYTES;e=Jc("pointHex",e,a),Tc("zip215",n);const o=e.slice(),c=e[a-1];o[a-1]=-129&c;const l=jc(o),f=n?h:r.ORDER;$c("pointHex.y",l,Uu,f);const g=u(l*l),p=u(g-xu),d=u(i*g-s);let{isValid:A,value:w}=y(p,d);if(!A)throw Error("Point.fromHex: invalid y coordinate");const b=(w&xu)===xu,k=!!(128&c);if(!n&&w===Uu&&k)throw Error("Point.fromHex: x=0 and x_0=1");return k!==b&&(w=u(-w)),m.fromAffine({x:w,y:l})}static fromPrivateKey(e){return I(e).point}toRawBytes(){const{x:e,y:t}=this.toAffine(),n=Vc(t,r.BYTES);return n[n.length-1]|=e&xu?128:0,n}toHex(){return Nc(this.toRawBytes())}}m.BASE=new m(t.Gx,t.Gy,xu,u(t.Gx*t.Gy)),m.ZERO=new m(Uu,xu,xu,Uu);const{BASE:b,ZERO:k}=m,E=Dh(m,8*o);function v(e){return ph(e,n)}function B(e){return v(jc(e))}function I(e){const t=o;e=Jc("private key",e,t);const r=Jc("hashed private key",s(e),2*t),n=f(r.slice(0,t)),i=r.slice(t,2*t),a=B(n),c=b.multiply(a),h=c.toRawBytes();return{head:n,prefix:i,scalar:a,point:c,pointBytes:h}}function S(e=new Uint8Array,...t){const r=Yc(...t);return B(s(g(r,Jc("context",e),!!i)))}const K=Lu;b._setWindowSize(8);return{CURVE:t,getPublicKey:function(e){return I(e).pointBytes},sign:function(e,t,s={}){e=Jc("message",e),i&&(e=i(e));const{prefix:a,scalar:c,pointBytes:h}=I(t),u=S(s.context,a,e),l=b.multiply(u).toRawBytes(),y=v(u+S(s.context,l,h,e)*c);return $c("signature.s",y,Uu,n),Jc("result",Yc(l,Vc(y,r.BYTES)),2*o)},verify:function(e,t,n,s=K){const{context:a,zip215:o}=s,c=r.BYTES;e=Jc("signature",e,2*c),t=Jc("message",t),void 0!==o&&Tc("zip215",o),i&&(t=i(t));const h=jc(e.slice(c,2*c));let u,l,y;try{u=m.fromHex(n,o),l=m.fromHex(e.slice(0,c),o),y=b.multiplyUnsafe(h)}catch(e){return!1}if(!o&&u.isSmallOrder())return!1;const f=S(a,l.toRawBytes(),u.toRawBytes(),t);return l.add(u.multiplyUnsafe(f)).subtract(y).clearCofactor().equals(m.ZERO)},ExtendedPoint:m,utils:{getExtendedPublicKey:I,randomPrivateKey:()=>a(r.BYTES),precompute:(e=8,t=m.BASE)=>(t._setWindowSize(e),t.multiply(BigInt(3)),t)}}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Mu=BigInt(0),Nu=BigInt(1);function Fu(e){const t=(sh(r=e,{a:"bigint"},{montgomeryBits:"isSafeInteger",nByteLength:"isSafeInteger",adjustScalarBytes:"function",domain:"function",powPminus2:"function",Gu:"bigint"}),Object.freeze({...r}));var r;const{P:n}=t,i=e=>ph(e,n),s=t.montgomeryBits,a=Math.ceil(s/8),o=t.nByteLength,c=t.adjustScalarBytes||(e=>e),h=t.powPminus2||(e=>dh(e,n-BigInt(2),n));function u(e,t,r){const n=i(e*(t-r));return[t=i(t-n),r=i(r+n)]}const l=(t.a-BigInt(2))/BigInt(4);function y(e){return Vc(i(e),a)}function f(e,t){const r=function(e){const t=Jc("u coordinate",e,a);return 32===o&&(t[31]&=127),jc(t)}(t),f=function(e){const t=Jc("scalar",e),r=t.length;if(r!==a&&r!==o)throw Error(`Expected ${a} or ${o} bytes, got ${r}`);return jc(c(t))}(e),g=function(e,t){$c("u",e,Mu,n),$c("scalar",t,Mu,n);const r=t,a=e;let o,c=Nu,y=Mu,f=e,g=Nu,p=Mu;for(let e=BigInt(s-1);e>=Mu;e--){const t=r>>eΝp^=t,o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1],p=t;const n=c+y,s=i(n*n),h=c-y,d=i(h*h),A=s-d,w=f+g,m=i((f-g)*n),b=i(w*h),k=m+b,E=m-b;f=i(k*k),g=i(a*i(E*E)),c=i(s*d),y=i(A*(s+i(l*A)))}o=u(p,c,f),c=o[0],f=o[1],o=u(p,y,g),y=o[0],g=o[1];const d=h(y);return i(c*d)}(r,f);if(g===Mu)throw Error("Invalid private or public key received");return y(g)}const g=y(t.Gu);function p(e){return f(e,g)}return{scalarMult:f,scalarMultBase:p,getSharedSecret:(e,t)=>f(e,t),getPublicKey:e=>p(e),utils:{randomPrivateKey:()=>t.randomBytes(t.nByteLength)},GuBytes:g}} +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Hu=Ac((()=>Pu.create({dkLen:114}))),Ou=(Ac((()=>Pu.create({dkLen:64}))),BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439")),zu=BigInt(1),_u=BigInt(2),Gu=BigInt(3);BigInt(4);const ju=BigInt(11),qu=BigInt(22),Vu=BigInt(44),Ju=BigInt(88),Yu=BigInt(223);function Wu(e){const t=Ou,r=e*e*e%t,n=r*r*e%t,i=Ah(n,Gu,t)*n%t,s=Ah(i,Gu,t)*n%t,a=Ah(s,_u,t)*r%t,o=Ah(a,ju,t)*a%t,c=Ah(o,qu,t)*o%t,h=Ah(c,Vu,t)*c%t,u=Ah(h,Ju,t)*h%t,l=Ah(u,Vu,t)*c%t,y=Ah(l,_u,t)*r%t,f=Ah(y,zu,t)*e%t;return Ah(f,Yu,t)*y%t}function Zu(e){return e[0]&=252,e[55]|=128,e[56]=0,e}const $u=Eh(Ou,456,!0),Xu={a:BigInt(1),d:BigInt("726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358"),Fp:$u,n:BigInt("181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779"),nBitLength:456,h:BigInt(4),Gx:BigInt("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710"),Gy:BigInt("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660"),hash:Hu,randomBytes:wc,adjustScalarBytes:Zu,domain:(e,t,r)=>{if(t.length>255)throw Error("Context is too big: "+t.length);return pc(fc("SigEd448"),new Uint8Array([r?1:0,t.length]),t,e)},uvRatio:function(e,t){const r=Ou,n=ph(e*e*t,r),i=ph(n*e,r),s=ph(i*n*t,r),a=ph(i*Wu(s),r),o=ph(a*a,r);return{isValid:ph(o*t,r)===e,value:a}}},el=/* @__PURE__ */Tu(Xu),tl=/* @__PURE__ */(()=>Fu({a:BigInt(156326),montgomeryBits:448,nByteLength:56,P:Ou,Gu:BigInt(5),powPminus2:e=>{const t=Ou;return ph(Ah(Wu(e),BigInt(2),t)*e,t)},adjustScalarBytes:Zu,randomBytes:wc}))();$u.ORDER,BigInt(3),BigInt(4),BigInt(156326),BigInt("39082"),BigInt("78163"),BigInt("98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214"),BigInt("315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716"),BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const rl=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),nl=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),il=BigInt(1),sl=BigInt(2),al=(e,t)=>(e+t/sl)/t;const ol=Eh(rl,void 0,void 0,{sqrt:function(e){const t=rl,r=BigInt(3),n=BigInt(6),i=BigInt(11),s=BigInt(22),a=BigInt(23),o=BigInt(44),c=BigInt(88),h=e*e*e%t,u=h*h*e%t,l=Ah(u,r,t)*u%t,y=Ah(l,r,t)*u%t,f=Ah(y,sl,t)*h%t,g=Ah(f,i,t)*f%t,p=Ah(g,s,t)*g%t,d=Ah(p,o,t)*p%t,A=Ah(d,c,t)*d%t,w=Ah(A,o,t)*p%t,m=Ah(w,r,t)*u%t,b=Ah(m,a,t)*g%t,k=Ah(b,n,t)*h%t,E=Ah(k,sl,t);if(!ol.eql(ol.sqr(E),e))throw Error("Cannot find square root");return E}}),cl=zh({a:BigInt(0),b:BigInt(7),Fp:ol,n:nl,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const t=nl,r=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),n=-il*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=r,a=BigInt("0x100000000000000000000000000000000"),o=al(s*e,t),c=al(-n*e,t);let h=ph(e-o*r-c*i,t),u=ph(-o*n-c*s,t);const l=h>a,y=u>a;if(l&&(h=t-h),y&&(u=t-u),h>a||u>a)throw Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:l,k1:h,k2neg:y,k2:u}}}},Kc);BigInt(0),cl.ProjectivePoint;const hl=Eh(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),ul=zh({a:hl.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:hl,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},Kc),ll=Eh(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),yl=zh({a:ll.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:ll,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},ou),fl=Eh(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),gl=zh({a:fl.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:fl,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},au),pl=new Map(Object.entries({nistP256:Gh,nistP384:hu,nistP521:yu,brainpoolP256r1:ul,brainpoolP384r1:yl,brainpoolP512r1:gl,secp256k1:cl,x448:tl,ed448:el}));var dl=/*#__PURE__*/Object.freeze({__proto__:null,nobleCurves:pl});function Al(e,t,r,n,i,s){const a=[16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756],o=[-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344],c=[520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584],h=[8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928],u=[256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080],l=[536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312],y=[2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154],f=[268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696];let g,p,d,A,w,m,b,k,E,v,B=0,I=t.length;const S=32===e.length?3:9;k=3===S?r?[0,32,2]:[30,-2,-2]:r?[0,32,2,62,30,-2,64,96,2]:[94,62,-2,32,64,2,30,-2,-2],r&&(t=function(e){const t=8-e.length%8;let r;if(!(t<8)){if(8===t)return e;throw Error("des: invalid padding")}r=0;const n=new Uint8Array(e.length+t);for(let t=0;t>>4^b),b^=d,m^=d<<4,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,m=m<<1|m>>>31,b=b<<1|b>>>31,p=0;p>>4|b<<28)^e[g+1],d=m,m=b,b=d^(o[A>>>24&63]|h[A>>>16&63]|l[A>>>8&63]|f[63&A]|a[w>>>24&63]|c[w>>>16&63]|u[w>>>8&63]|y[63&w]);d=m,m=b,b=d}m=m>>>1|m<<31,b=b>>>1|b<<31,d=1431655765&(m>>>1^b),b^=d,m^=d<<1,d=16711935&(b>>>8^m),m^=d,b^=d<<8,d=858993459&(b>>>2^m),m^=d,b^=d<<2,d=65535&(m>>>16^b),b^=d,m^=d<<16,d=252645135&(m>>>4^b),b^=d,m^=d<<4,K[C++]=m>>>24,K[C++]=m>>>16&255,K[C++]=m>>>8&255,K[C++]=255&m,K[C++]=b>>>24,K[C++]=b>>>16&255,K[C++]=b>>>8&255,K[C++]=255&b}return r||(K=function(e){let t,r=null;if(t=0,!r){for(r=1;e[e.length-r]===t;)r++;r--}return e.subarray(0,e.length-r)}(K)),K}function wl(e){const t=[0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964],r=[0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697],n=[0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272],i=[0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144],s=[0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256],a=[0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488],o=[0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746],c=[0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568],h=[0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578],u=[0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488],l=[0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800],y=[0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744],f=[0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128],g=[0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261],p=e.length>8?3:1,d=Array(32*p),A=[0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0];let w,m,b,k=0,E=0;for(let v=0;v>>4^v),v^=b,p^=b<<4,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=858993459&(p>>>2^v),v^=b,p^=b<<2,b=65535&(v>>>-16^p),p^=b,v^=b<<-16,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=16711935&(v>>>8^p),p^=b,v^=b<<8,b=1431655765&(p>>>1^v),v^=b,p^=b<<1,b=p<<8|v>>>20&240,p=v<<24|v<<8&16711680|v>>>8&65280|v>>>24&240,v=b;for(let e=0;e<16;e++)A[e]?(p=p<<2|p>>>26,v=v<<2|v>>>26):(p=p<<1|p>>>27,v=v<<1|v>>>27),p&=-15,v&=-15,w=t[p>>>28]|r[p>>>24&15]|n[p>>>20&15]|i[p>>>16&15]|s[p>>>12&15]|a[p>>>8&15]|o[p>>>4&15],m=c[v>>>28]|h[v>>>24&15]|u[v>>>20&15]|l[v>>>16&15]|y[v>>>12&15]|f[v>>>8&15]|g[v>>>4&15],b=65535&(m>>>16^w),d[E++]=w^b,d[E++]=m^b<<16}return d}function ml(e){this.key=[];for(let t=0;t<3;t++)this.key.push(new Uint8Array(e.subarray(8*t,8*t+8)));this.encrypt=function(e){return Al(wl(this.key[2]),Al(wl(this.key[1]),Al(wl(this.key[0]),e,!0),!1),!0)}}function bl(){this.BlockSize=8,this.KeySize=16,this.setKey=function(e){if(this.masking=Array(16),this.rotate=Array(16),this.reset(),e.length!==this.KeySize)throw Error("CAST-128: keys must be 16 bytes");return this.keySchedule(e),!0},this.reset=function(){for(let e=0;e<16;e++)this.masking[e]=0,this.rotate[e]=0},this.getBlockSize=function(){return this.BlockSize},this.encrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>>16&255,t[s+6]=o>>>8&255,t[s+7]=255&o}return t},this.decrypt=function(e){const t=Array(e.length);for(let s=0;s>>24&255,t[s+1]=c>>>16&255,t[s+2]=c>>>8&255,t[s+3]=255&c,t[s+4]=o>>>24&255,t[s+5]=o>>16&255,t[s+6]=o>>8&255,t[s+7]=255&o}return t};const e=[,,,,];e[0]=[,,,,],e[0][0]=[4,0,13,15,12,14,8],e[0][1]=[5,2,16,18,17,19,10],e[0][2]=[6,3,23,22,21,20,9],e[0][3]=[7,1,26,25,27,24,11],e[1]=[,,,,],e[1][0]=[0,6,21,23,20,22,16],e[1][1]=[1,4,0,2,1,3,18],e[1][2]=[2,5,7,6,5,4,17],e[1][3]=[3,7,10,9,11,8,19],e[2]=[,,,,],e[2][0]=[4,0,13,15,12,14,8],e[2][1]=[5,2,16,18,17,19,10],e[2][2]=[6,3,23,22,21,20,9],e[2][3]=[7,1,26,25,27,24,11],e[3]=[,,,,],e[3][0]=[0,6,21,23,20,22,16],e[3][1]=[1,4,0,2,1,3,18],e[3][2]=[2,5,7,6,5,4,17],e[3][3]=[3,7,10,9,11,8,19];const t=[,,,,];function r(e,t,r){const n=t+e,i=n<>>32-r;return(s[0][i>>>24]^s[1][i>>>16&255])-s[2][i>>>8&255]+s[3][255&i]}function n(e,t,r){const n=t^e,i=n<>>32-r;return s[0][i>>>24]-s[1][i>>>16&255]+s[2][i>>>8&255]^s[3][255&i]}function i(e,t,r){const n=t-e,i=n<>>32-r;return(s[0][i>>>24]+s[1][i>>>16&255]^s[2][i>>>8&255])-s[3][255&i]}t[0]=[,,,,],t[0][0]=[24,25,23,22,18],t[0][1]=[26,27,21,20,22],t[0][2]=[28,29,19,18,25],t[0][3]=[30,31,17,16,28],t[1]=[,,,,],t[1][0]=[3,2,12,13,8],t[1][1]=[1,0,14,15,13],t[1][2]=[7,6,8,9,3],t[1][3]=[5,4,10,11,7],t[2]=[,,,,],t[2][0]=[19,18,28,29,25],t[2][1]=[17,16,30,31,28],t[2][2]=[23,22,24,25,18],t[2][3]=[21,20,26,27,22],t[3]=[,,,,],t[3][0]=[8,9,7,6,3],t[3][1]=[10,11,5,4,7],t[3][2]=[12,13,3,2,8],t[3][3]=[14,15,1,0,13],this.keySchedule=function(r){const n=[,,,,,,,,],i=Array(32);let a;for(let e=0;e<4;e++)a=4*e,n[e]=r[a]<<24|r[a+1]<<16|r[a+2]<<8|r[a+3];const o=[6,7,4,5];let c,h=0;for(let r=0;r<2;r++)for(let r=0;r<4;r++){for(a=0;a<4;a++){const t=e[r][a];c=n[t[1]],c^=s[4][n[t[2]>>>2]>>>24-8*(3&t[2])&255],c^=s[5][n[t[3]>>>2]>>>24-8*(3&t[3])&255],c^=s[6][n[t[4]>>>2]>>>24-8*(3&t[4])&255],c^=s[7][n[t[5]>>>2]>>>24-8*(3&t[5])&255],c^=s[o[a]][n[t[6]>>>2]>>>24-8*(3&t[6])&255],n[t[0]]=c}for(a=0;a<4;a++){const e=t[r][a];c=s[4][n[e[0]>>>2]>>>24-8*(3&e[0])&255],c^=s[5][n[e[1]>>>2]>>>24-8*(3&e[1])&255],c^=s[6][n[e[2]>>>2]>>>24-8*(3&e[2])&255],c^=s[7][n[e[3]>>>2]>>>24-8*(3&e[3])&255],c^=s[4+a][n[e[4]>>>2]>>>24-8*(3&e[4])&255],i[h]=c,h++}}for(let e=0;e<16;e++)this.masking[e]=i[e],this.rotate[e]=31&i[16+e]};const s=[,,,,,,,,];s[0]=[821772500,2678128395,1810681135,1059425402,505495343,2617265619,1610868032,3483355465,3218386727,2294005173,3791863952,2563806837,1852023008,365126098,3269944861,584384398,677919599,3229601881,4280515016,2002735330,1136869587,3744433750,2289869850,2731719981,2714362070,879511577,1639411079,575934255,717107937,2857637483,576097850,2731753936,1725645e3,2810460463,5111599,767152862,2543075244,1251459544,1383482551,3052681127,3089939183,3612463449,1878520045,1510570527,2189125840,2431448366,582008916,3163445557,1265446783,1354458274,3529918736,3202711853,3073581712,3912963487,3029263377,1275016285,4249207360,2905708351,3304509486,1442611557,3585198765,2712415662,2731849581,3248163920,2283946226,208555832,2766454743,1331405426,1447828783,3315356441,3108627284,2957404670,2981538698,3339933917,1669711173,286233437,1465092821,1782121619,3862771680,710211251,980974943,1651941557,430374111,2051154026,704238805,4128970897,3144820574,2857402727,948965521,3333752299,2227686284,718756367,2269778983,2731643755,718440111,2857816721,3616097120,1113355533,2478022182,410092745,1811985197,1944238868,2696854588,1415722873,1682284203,1060277122,1998114690,1503841958,82706478,2315155686,1068173648,845149890,2167947013,1768146376,1993038550,3566826697,3390574031,940016341,3355073782,2328040721,904371731,1205506512,4094660742,2816623006,825647681,85914773,2857843460,1249926541,1417871568,3287612,3211054559,3126306446,1975924523,1353700161,2814456437,2438597621,1800716203,722146342,2873936343,1151126914,4160483941,2877670899,458611604,2866078500,3483680063,770352098,2652916994,3367839148,3940505011,3585973912,3809620402,718646636,2504206814,2914927912,3631288169,2857486607,2860018678,575749918,2857478043,718488780,2069512688,3548183469,453416197,1106044049,3032691430,52586708,3378514636,3459808877,3211506028,1785789304,218356169,3571399134,3759170522,1194783844,1523787992,3007827094,1975193539,2555452411,1341901877,3045838698,3776907964,3217423946,2802510864,2889438986,1057244207,1636348243,3761863214,1462225785,2632663439,481089165,718503062,24497053,3332243209,3344655856,3655024856,3960371065,1195698900,2971415156,3710176158,2115785917,4027663609,3525578417,2524296189,2745972565,3564906415,1372086093,1452307862,2780501478,1476592880,3389271281,18495466,2378148571,901398090,891748256,3279637769,3157290713,2560960102,1447622437,4284372637,216884176,2086908623,1879786977,3588903153,2242455666,2938092967,3559082096,2810645491,758861177,1121993112,215018983,642190776,4169236812,1196255959,2081185372,3508738393,941322904,4124243163,2877523539,1848581667,2205260958,3180453958,2589345134,3694731276,550028657,2519456284,3789985535,2973870856,2093648313,443148163,46942275,2734146937,1117713533,1115362972,1523183689,3717140224,1551984063],s[1]=[522195092,4010518363,1776537470,960447360,4267822970,4005896314,1435016340,1929119313,2913464185,1310552629,3579470798,3724818106,2579771631,1594623892,417127293,2715217907,2696228731,1508390405,3994398868,3925858569,3695444102,4019471449,3129199795,3770928635,3520741761,990456497,4187484609,2783367035,21106139,3840405339,631373633,3783325702,532942976,396095098,3548038825,4267192484,2564721535,2011709262,2039648873,620404603,3776170075,2898526339,3612357925,4159332703,1645490516,223693667,1567101217,3362177881,1029951347,3470931136,3570957959,1550265121,119497089,972513919,907948164,3840628539,1613718692,3594177948,465323573,2659255085,654439692,2575596212,2699288441,3127702412,277098644,624404830,4100943870,2717858591,546110314,2403699828,3655377447,1321679412,4236791657,1045293279,4010672264,895050893,2319792268,494945126,1914543101,2777056443,3894764339,2219737618,311263384,4275257268,3458730721,669096869,3584475730,3835122877,3319158237,3949359204,2005142349,2713102337,2228954793,3769984788,569394103,3855636576,1425027204,108000370,2736431443,3671869269,3043122623,1750473702,2211081108,762237499,3972989403,2798899386,3061857628,2943854345,867476300,964413654,1591880597,1594774276,2179821409,552026980,3026064248,3726140315,2283577634,3110545105,2152310760,582474363,1582640421,1383256631,2043843868,3322775884,1217180674,463797851,2763038571,480777679,2718707717,2289164131,3118346187,214354409,200212307,3810608407,3025414197,2674075964,3997296425,1847405948,1342460550,510035443,4080271814,815934613,833030224,1620250387,1945732119,2703661145,3966000196,1388869545,3456054182,2687178561,2092620194,562037615,1356438536,3409922145,3261847397,1688467115,2150901366,631725691,3840332284,549916902,3455104640,394546491,837744717,2114462948,751520235,2221554606,2415360136,3999097078,2063029875,803036379,2702586305,821456707,3019566164,360699898,4018502092,3511869016,3677355358,2402471449,812317050,49299192,2570164949,3259169295,2816732080,3331213574,3101303564,2156015656,3705598920,3546263921,143268808,3200304480,1638124008,3165189453,3341807610,578956953,2193977524,3638120073,2333881532,807278310,658237817,2969561766,1641658566,11683945,3086995007,148645947,1138423386,4158756760,1981396783,2401016740,3699783584,380097457,2680394679,2803068651,3334260286,441530178,4016580796,1375954390,761952171,891809099,2183123478,157052462,3683840763,1592404427,341349109,2438483839,1417898363,644327628,2233032776,2353769706,2201510100,220455161,1815641738,182899273,2995019788,3627381533,3702638151,2890684138,1052606899,588164016,1681439879,4038439418,2405343923,4229449282,167996282,1336969661,1688053129,2739224926,1543734051,1046297529,1138201970,2121126012,115334942,1819067631,1902159161,1941945968,2206692869,1159982321],s[2]=[2381300288,637164959,3952098751,3893414151,1197506559,916448331,2350892612,2932787856,3199334847,4009478890,3905886544,1373570990,2450425862,4037870920,3778841987,2456817877,286293407,124026297,3001279700,1028597854,3115296800,4208886496,2691114635,2188540206,1430237888,1218109995,3572471700,308166588,570424558,2187009021,2455094765,307733056,1310360322,3135275007,1384269543,2388071438,863238079,2359263624,2801553128,3380786597,2831162807,1470087780,1728663345,4072488799,1090516929,532123132,2389430977,1132193179,2578464191,3051079243,1670234342,1434557849,2711078940,1241591150,3314043432,3435360113,3091448339,1812415473,2198440252,267246943,796911696,3619716990,38830015,1526438404,2806502096,374413614,2943401790,1489179520,1603809326,1920779204,168801282,260042626,2358705581,1563175598,2397674057,1356499128,2217211040,514611088,2037363785,2186468373,4022173083,2792511869,2913485016,1173701892,4200428547,3896427269,1334932762,2455136706,602925377,2835607854,1613172210,41346230,2499634548,2457437618,2188827595,41386358,4172255629,1313404830,2405527007,3801973774,2217704835,873260488,2528884354,2478092616,4012915883,2555359016,2006953883,2463913485,575479328,2218240648,2099895446,660001756,2341502190,3038761536,3888151779,3848713377,3286851934,1022894237,1620365795,3449594689,1551255054,15374395,3570825345,4249311020,4151111129,3181912732,310226346,1133119310,530038928,136043402,2476768958,3107506709,2544909567,1036173560,2367337196,1681395281,1758231547,3641649032,306774401,1575354324,3716085866,1990386196,3114533736,2455606671,1262092282,3124342505,2768229131,4210529083,1833535011,423410938,660763973,2187129978,1639812e3,3508421329,3467445492,310289298,272797111,2188552562,2456863912,310240523,677093832,1013118031,901835429,3892695601,1116285435,3036471170,1337354835,243122523,520626091,277223598,4244441197,4194248841,1766575121,594173102,316590669,742362309,3536858622,4176435350,3838792410,2501204839,1229605004,3115755532,1552908988,2312334149,979407927,3959474601,1148277331,176638793,3614686272,2083809052,40992502,1340822838,2731552767,3535757508,3560899520,1354035053,122129617,7215240,2732932949,3118912700,2718203926,2539075635,3609230695,3725561661,1928887091,2882293555,1988674909,2063640240,2491088897,1459647954,4189817080,2302804382,1113892351,2237858528,1927010603,4002880361,1856122846,1594404395,2944033133,3855189863,3474975698,1643104450,4054590833,3431086530,1730235576,2984608721,3084664418,2131803598,4178205752,267404349,1617849798,1616132681,1462223176,736725533,2327058232,551665188,2945899023,1749386277,2575514597,1611482493,674206544,2201269090,3642560800,728599968,1680547377,2620414464,1388111496,453204106,4156223445,1094905244,2754698257,2201108165,3757000246,2704524545,3922940700,3996465027],s[3]=[2645754912,532081118,2814278639,3530793624,1246723035,1689095255,2236679235,4194438865,2116582143,3859789411,157234593,2045505824,4245003587,1687664561,4083425123,605965023,672431967,1336064205,3376611392,214114848,4258466608,3232053071,489488601,605322005,3998028058,264917351,1912574028,756637694,436560991,202637054,135989450,85393697,2152923392,3896401662,2895836408,2145855233,3535335007,115294817,3147733898,1922296357,3464822751,4117858305,1037454084,2725193275,2127856640,1417604070,1148013728,1827919605,642362335,2929772533,909348033,1346338451,3547799649,297154785,1917849091,4161712827,2883604526,3968694238,1469521537,3780077382,3375584256,1763717519,136166297,4290970789,1295325189,2134727907,2798151366,1566297257,3672928234,2677174161,2672173615,965822077,2780786062,289653839,1133871874,3491843819,35685304,1068898316,418943774,672553190,642281022,2346158704,1954014401,3037126780,4079815205,2030668546,3840588673,672283427,1776201016,359975446,3750173538,555499703,2769985273,1324923,69110472,152125443,3176785106,3822147285,1340634837,798073664,1434183902,15393959,216384236,1303690150,3881221631,3711134124,3960975413,106373927,2578434224,1455997841,1801814300,1578393881,1854262133,3188178946,3258078583,2302670060,1539295533,3505142565,3078625975,2372746020,549938159,3278284284,2620926080,181285381,2865321098,3970029511,68876850,488006234,1728155692,2608167508,836007927,2435231793,919367643,3339422534,3655756360,1457871481,40520939,1380155135,797931188,234455205,2255801827,3990488299,397000196,739833055,3077865373,2871719860,4022553888,772369276,390177364,3853951029,557662966,740064294,1640166671,1699928825,3535942136,622006121,3625353122,68743880,1742502,219489963,1664179233,1577743084,1236991741,410585305,2366487942,823226535,1050371084,3426619607,3586839478,212779912,4147118561,1819446015,1911218849,530248558,3486241071,3252585495,2886188651,3410272728,2342195030,20547779,2982490058,3032363469,3631753222,312714466,1870521650,1493008054,3491686656,615382978,4103671749,2534517445,1932181,2196105170,278426614,6369430,3274544417,2913018367,697336853,2143000447,2946413531,701099306,1558357093,2805003052,3500818408,2321334417,3567135975,216290473,3591032198,23009561,1996984579,3735042806,2024298078,3739440863,569400510,2339758983,3016033873,3097871343,3639523026,3844324983,3256173865,795471839,2951117563,4101031090,4091603803,3603732598,971261452,534414648,428311343,3389027175,2844869880,694888862,1227866773,2456207019,3043454569,2614353370,3749578031,3676663836,459166190,4132644070,1794958188,51825668,2252611902,3084671440,2036672799,3436641603,1099053433,2469121526,3059204941,1323291266,2061838604,1018778475,2233344254,2553501054,334295216,3556750194,1065731521,183467730],s[4]=[2127105028,745436345,2601412319,2788391185,3093987327,500390133,1155374404,389092991,150729210,3891597772,3523549952,1935325696,716645080,946045387,2901812282,1774124410,3869435775,4039581901,3293136918,3438657920,948246080,363898952,3867875531,1286266623,1598556673,68334250,630723836,1104211938,1312863373,613332731,2377784574,1101634306,441780740,3129959883,1917973735,2510624549,3238456535,2544211978,3308894634,1299840618,4076074851,1756332096,3977027158,297047435,3790297736,2265573040,3621810518,1311375015,1667687725,47300608,3299642885,2474112369,201668394,1468347890,576830978,3594690761,3742605952,1958042578,1747032512,3558991340,1408974056,3366841779,682131401,1033214337,1545599232,4265137049,206503691,103024618,2855227313,1337551222,2428998917,2963842932,4015366655,3852247746,2796956967,3865723491,3747938335,247794022,3755824572,702416469,2434691994,397379957,851939612,2314769512,218229120,1380406772,62274761,214451378,3170103466,2276210409,3845813286,28563499,446592073,1693330814,3453727194,29968656,3093872512,220656637,2470637031,77972100,1667708854,1358280214,4064765667,2395616961,325977563,4277240721,4220025399,3605526484,3355147721,811859167,3069544926,3962126810,652502677,3075892249,4132761541,3498924215,1217549313,3250244479,3858715919,3053989961,1538642152,2279026266,2875879137,574252750,3324769229,2651358713,1758150215,141295887,2719868960,3515574750,4093007735,4194485238,1082055363,3417560400,395511885,2966884026,179534037,3646028556,3738688086,1092926436,2496269142,257381841,3772900718,1636087230,1477059743,2499234752,3811018894,2675660129,3285975680,90732309,1684827095,1150307763,1723134115,3237045386,1769919919,1240018934,815675215,750138730,2239792499,1234303040,1995484674,138143821,675421338,1145607174,1936608440,3238603024,2345230278,2105974004,323969391,779555213,3004902369,2861610098,1017501463,2098600890,2628620304,2940611490,2682542546,1171473753,3656571411,3687208071,4091869518,393037935,159126506,1662887367,1147106178,391545844,3452332695,1891500680,3016609650,1851642611,546529401,1167818917,3194020571,2848076033,3953471836,575554290,475796850,4134673196,450035699,2351251534,844027695,1080539133,86184846,1554234488,3692025454,1972511363,2018339607,1491841390,1141460869,1061690759,4244549243,2008416118,2351104703,2868147542,1598468138,722020353,1027143159,212344630,1387219594,1725294528,3745187956,2500153616,458938280,4129215917,1828119673,544571780,3503225445,2297937496,1241802790,267843827,2694610800,1397140384,1558801448,3782667683,1806446719,929573330,2234912681,400817706,616011623,4121520928,3603768725,1761550015,1968522284,4053731006,4192232858,4005120285,872482584,3140537016,3894607381,2287405443,1963876937,3663887957,1584857e3,2975024454,1833426440,4025083860],s[5]=[4143615901,749497569,1285769319,3795025788,2514159847,23610292,3974978748,844452780,3214870880,3751928557,2213566365,1676510905,448177848,3730751033,4086298418,2307502392,871450977,3222878141,4110862042,3831651966,2735270553,1310974780,2043402188,1218528103,2736035353,4274605013,2702448458,3936360550,2693061421,162023535,2827510090,687910808,23484817,3784910947,3371371616,779677500,3503626546,3473927188,4157212626,3500679282,4248902014,2466621104,3899384794,1958663117,925738300,1283408968,3669349440,1840910019,137959847,2679828185,1239142320,1315376211,1547541505,1690155329,739140458,3128809933,3933172616,3876308834,905091803,1548541325,4040461708,3095483362,144808038,451078856,676114313,2861728291,2469707347,993665471,373509091,2599041286,4025009006,4170239449,2149739950,3275793571,3749616649,2794760199,1534877388,572371878,2590613551,1753320020,3467782511,1405125690,4270405205,633333386,3026356924,3475123903,632057672,2846462855,1404951397,3882875879,3915906424,195638627,2385783745,3902872553,1233155085,3355999740,2380578713,2702246304,2144565621,3663341248,3894384975,2502479241,4248018925,3094885567,1594115437,572884632,3385116731,767645374,1331858858,1475698373,3793881790,3532746431,1321687957,619889600,1121017241,3440213920,2070816767,2833025776,1933951238,4095615791,890643334,3874130214,859025556,360630002,925594799,1764062180,3920222280,4078305929,979562269,2810700344,4087740022,1949714515,546639971,1165388173,3069891591,1495988560,922170659,1291546247,2107952832,1813327274,3406010024,3306028637,4241950635,153207855,2313154747,1608695416,1150242611,1967526857,721801357,1220138373,3691287617,3356069787,2112743302,3281662835,1111556101,1778980689,250857638,2298507990,673216130,2846488510,3207751581,3562756981,3008625920,3417367384,2198807050,529510932,3547516680,3426503187,2364944742,102533054,2294910856,1617093527,1204784762,3066581635,1019391227,1069574518,1317995090,1691889997,3661132003,510022745,3238594800,1362108837,1817929911,2184153760,805817662,1953603311,3699844737,120799444,2118332377,207536705,2282301548,4120041617,145305846,2508124933,3086745533,3261524335,1877257368,2977164480,3160454186,2503252186,4221677074,759945014,254147243,2767453419,3801518371,629083197,2471014217,907280572,3900796746,940896768,2751021123,2625262786,3161476951,3661752313,3260732218,1425318020,2977912069,1496677566,3988592072,2140652971,3126511541,3069632175,977771578,1392695845,1698528874,1411812681,1369733098,1343739227,3620887944,1142123638,67414216,3102056737,3088749194,1626167401,2546293654,3941374235,697522451,33404913,143560186,2595682037,994885535,1247667115,3859094837,2699155541,3547024625,4114935275,2968073508,3199963069,2732024527,1237921620,951448369,1898488916,1211705605,2790989240,2233243581,3598044975],s[6]=[2246066201,858518887,1714274303,3485882003,713916271,2879113490,3730835617,539548191,36158695,1298409750,419087104,1358007170,749914897,2989680476,1261868530,2995193822,2690628854,3443622377,3780124940,3796824509,2976433025,4259637129,1551479e3,512490819,1296650241,951993153,2436689437,2460458047,144139966,3136204276,310820559,3068840729,643875328,1969602020,1680088954,2185813161,3283332454,672358534,198762408,896343282,276269502,3014846926,84060815,197145886,376173866,3943890818,3813173521,3545068822,1316698879,1598252827,2633424951,1233235075,859989710,2358460855,3503838400,3409603720,1203513385,1193654839,2792018475,2060853022,207403770,1144516871,3068631394,1121114134,177607304,3785736302,326409831,1929119770,2983279095,4183308101,3474579288,3200513878,3228482096,119610148,1170376745,3378393471,3163473169,951863017,3337026068,3135789130,2907618374,1183797387,2015970143,4045674555,2182986399,2952138740,3928772205,384012900,2454997643,10178499,2879818989,2596892536,111523738,2995089006,451689641,3196290696,235406569,1441906262,3890558523,3013735005,4158569349,1644036924,376726067,1006849064,3664579700,2041234796,1021632941,1374734338,2566452058,371631263,4007144233,490221539,206551450,3140638584,1053219195,1853335209,3412429660,3562156231,735133835,1623211703,3104214392,2738312436,4096837757,3366392578,3110964274,3956598718,3196820781,2038037254,3877786376,2339753847,300912036,3766732888,2372630639,1516443558,4200396704,1574567987,4069441456,4122592016,2699739776,146372218,2748961456,2043888151,35287437,2596680554,655490400,1132482787,110692520,1031794116,2188192751,1324057718,1217253157,919197030,686247489,3261139658,1028237775,3135486431,3059715558,2460921700,986174950,2661811465,4062904701,2752986992,3709736643,367056889,1353824391,731860949,1650113154,1778481506,784341916,357075625,3608602432,1074092588,2480052770,3811426202,92751289,877911070,3600361838,1231880047,480201094,3756190983,3094495953,434011822,87971354,363687820,1717726236,1901380172,3926403882,2481662265,400339184,1490350766,2661455099,1389319756,2558787174,784598401,1983468483,30828846,3550527752,2716276238,3841122214,1765724805,1955612312,1277890269,1333098070,1564029816,2704417615,1026694237,3287671188,1260819201,3349086767,1016692350,1582273796,1073413053,1995943182,694588404,1025494639,3323872702,3551898420,4146854327,453260480,1316140391,1435673405,3038941953,3486689407,1622062951,403978347,817677117,950059133,4246079218,3278066075,1486738320,1417279718,481875527,2549965225,3933690356,760697757,1452955855,3897451437,1177426808,1702951038,4085348628,2447005172,1084371187,3516436277,3068336338,1073369276,1027665953,3284188590,1230553676,1368340146,2226246512,267243139,2274220762,4070734279,2497715176,2423353163,2504755875],s[7]=[3793104909,3151888380,2817252029,895778965,2005530807,3871412763,237245952,86829237,296341424,3851759377,3974600970,2475086196,709006108,1994621201,2972577594,937287164,3734691505,168608556,3189338153,2225080640,3139713551,3033610191,3025041904,77524477,185966941,1208824168,2344345178,1721625922,3354191921,1066374631,1927223579,1971335949,2483503697,1551748602,2881383779,2856329572,3003241482,48746954,1398218158,2050065058,313056748,4255789917,393167848,1912293076,940740642,3465845460,3091687853,2522601570,2197016661,1727764327,364383054,492521376,1291706479,3264136376,1474851438,1685747964,2575719748,1619776915,1814040067,970743798,1561002147,2925768690,2123093554,1880132620,3151188041,697884420,2550985770,2607674513,2659114323,110200136,1489731079,997519150,1378877361,3527870668,478029773,2766872923,1022481122,431258168,1112503832,897933369,2635587303,669726182,3383752315,918222264,163866573,3246985393,3776823163,114105080,1903216136,761148244,3571337562,1690750982,3166750252,1037045171,1888456500,2010454850,642736655,616092351,365016990,1185228132,4174898510,1043824992,2023083429,2241598885,3863320456,3279669087,3674716684,108438443,2132974366,830746235,606445527,4173263986,2204105912,1844756978,2532684181,4245352700,2969441100,3796921661,1335562986,4061524517,2720232303,2679424040,634407289,885462008,3294724487,3933892248,2094100220,339117932,4048830727,3202280980,1458155303,2689246273,1022871705,2464987878,3714515309,353796843,2822958815,4256850100,4052777845,551748367,618185374,3778635579,4020649912,1904685140,3069366075,2670879810,3407193292,2954511620,4058283405,2219449317,3135758300,1120655984,3447565834,1474845562,3577699062,550456716,3466908712,2043752612,881257467,869518812,2005220179,938474677,3305539448,3850417126,1315485940,3318264702,226533026,965733244,321539988,1136104718,804158748,573969341,3708209826,937399083,3290727049,2901666755,1461057207,4013193437,4066861423,3242773476,2421326174,1581322155,3028952165,786071460,3900391652,3918438532,1485433313,4023619836,3708277595,3678951060,953673138,1467089153,1930354364,1533292819,2492563023,1346121658,1685000834,1965281866,3765933717,4190206607,2052792609,3515332758,690371149,3125873887,2180283551,2903598061,3933952357,436236910,289419410,14314871,1242357089,2904507907,1616633776,2666382180,585885352,3471299210,2699507360,1432659641,277164553,3354103607,770115018,2303809295,3741942315,3177781868,2853364978,2269453327,3774259834,987383833,1290892879,225909803,1741533526,890078084,1496906255,1111072499,916028167,243534141,1252605537,2204162171,531204876,290011180,3916834213,102027703,237315147,209093447,1486785922,220223953,2758195998,4175039106,82940208,3127791296,2569425252,518464269,1353887104,3941492737,2377294467,3935040926]}function kl(e){this.cast5=new bl,this.cast5.setKey(e),this.encrypt=function(e){return this.cast5.encrypt(e)}}ml.keySize=ml.prototype.keySize=24,ml.blockSize=ml.prototype.blockSize=8,kl.blockSize=kl.prototype.blockSize=8,kl.keySize=kl.prototype.keySize=16;const El=4294967295;function vl(e,t){return(e<>>32-t)&El}function Bl(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function Il(e,t,r){e.splice(t,4,255&r,r>>>8&255,r>>>16&255,r>>>24&255)}function Sl(e,t){return e>>>8*t&255}function Kl(e){this.tf=function(){let e=null,t=null,r=-1,n=[],i=[[],[],[],[]];function s(e){return i[0][Sl(e,0)]^i[1][Sl(e,1)]^i[2][Sl(e,2)]^i[3][Sl(e,3)]}function a(e){return i[0][Sl(e,3)]^i[1][Sl(e,0)]^i[2][Sl(e,1)]^i[3][Sl(e,2)]}function o(e,t){let r=s(t[0]),i=a(t[1]);t[2]=vl(t[2]^r+i+n[4*e+8]&El,31),t[3]=vl(t[3],1)^r+2*i+n[4*e+9]&El,r=s(t[2]),i=a(t[3]),t[0]=vl(t[0]^r+i+n[4*e+10]&El,31),t[1]=vl(t[1],1)^r+2*i+n[4*e+11]&El}function c(e,t){let r=s(t[0]),i=a(t[1]);t[2]=vl(t[2],1)^r+i+n[4*e+10]&El,t[3]=vl(t[3]^r+2*i+n[4*e+11]&El,31),r=s(t[2]),i=a(t[3]),t[0]=vl(t[0],1)^r+i+n[4*e+8]&El,t[1]=vl(t[1]^r+2*i+n[4*e+9]&El,31)}return{name:"twofish",blocksize:16,open:function(t){let r,s,a,o,c;e=t;const h=[],u=[],l=[];let y;const f=[];let g,p,d;const A=[[8,1,7,13,6,15,3,2,0,11,5,9,14,12,10,4],[2,8,11,13,15,7,6,14,3,1,9,4,0,10,12,5]],w=[[14,12,11,8,1,2,3,5,15,4,10,6,7,0,9,13],[1,14,2,11,4,12,3,7,6,13,10,5,15,9,0,8]],m=[[11,10,5,14,6,13,9,0,12,8,15,3,2,4,7,1],[4,12,7,5,1,6,9,10,0,14,13,8,2,11,3,15]],b=[[13,7,15,4,1,2,6,14,9,11,3,0,8,5,12,10],[11,9,5,1,12,3,13,14,6,4,7,15,2,0,8,10]],k=[0,8,1,9,2,10,3,11,4,12,5,13,6,14,7,15],E=[0,9,2,11,4,13,6,15,8,1,10,3,12,5,14,7],v=[[],[]],B=[[],[],[],[]];function I(e){return e^e>>2^[0,90,180,238][3&e]}function S(e){return e^e>>1^e>>2^[0,238,180,90][3&e]}function K(e,t){let r,n,i;for(r=0;r<8;r++)n=t>>>24,t=t<<8&El|e>>>24,e=e<<8&El,i=n<<1,128&n&&(i^=333),t^=n^i<<16,i^=n>>>1,1&n&&(i^=166),t^=i<<24|i<<8;return t}function C(e,t){const r=t>>4,n=15&t,i=A[e][r^n],s=w[e][k[n]^E[r]];return b[e][k[s]^E[i]]<<4|m[e][i^s]}function D(e,t){let r=Sl(e,0),n=Sl(e,1),i=Sl(e,2),s=Sl(e,3);switch(y){case 4:r=v[1][r]^Sl(t[3],0),n=v[0][n]^Sl(t[3],1),i=v[0][i]^Sl(t[3],2),s=v[1][s]^Sl(t[3],3);case 3:r=v[1][r]^Sl(t[2],0),n=v[1][n]^Sl(t[2],1),i=v[0][i]^Sl(t[2],2),s=v[0][s]^Sl(t[2],3);case 2:r=v[0][v[0][r]^Sl(t[1],0)]^Sl(t[0],0),n=v[0][v[1][n]^Sl(t[1],1)]^Sl(t[0],1),i=v[1][v[0][i]^Sl(t[1],2)]^Sl(t[0],2),s=v[1][v[1][s]^Sl(t[1],3)]^Sl(t[0],3)}return B[0][r]^B[1][n]^B[2][i]^B[3][s]}for(e=e.slice(0,32),r=e.length;16!==r&&24!==r&&32!==r;)e[r++]=0;for(r=0;r>2]=Bl(e,r);for(r=0;r<256;r++)v[0][r]=C(0,r),v[1][r]=C(1,r);for(r=0;r<256;r++)g=v[1][r],p=I(g),d=S(g),B[0][r]=g+(p<<8)+(d<<16)+(d<<24),B[2][r]=p+(d<<8)+(g<<16)+(d<<24),g=v[0][r],p=I(g),d=S(g),B[1][r]=d+(d<<8)+(p<<16)+(g<<24),B[3][r]=p+(g<<8)+(d<<16)+(p<<24);for(y=l.length/2,r=0;r=0;e--)c(e,s);Il(t,r,s[2]^n[0]),Il(t,r+4,s[3]^n[1]),Il(t,r+8,s[0]^n[2]),Il(t,r+12,s[1]^n[3]),r+=16},finalize:function(){return t}}}(),this.tf.open(Array.from(e),0),this.encrypt=function(e){return this.tf.encrypt(Array.from(e),0)}}function Cl(){}function Dl(e){this.bf=new Cl,this.bf.init(e),this.encrypt=function(e){return this.bf.encryptBlock(e)}}Kl.keySize=Kl.prototype.keySize=32,Kl.blockSize=Kl.prototype.blockSize=16,Cl.prototype.BLOCKSIZE=8,Cl.prototype.SBOXES=[[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946],[1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055],[3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504],[976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462]],Cl.prototype.PARRAY=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],Cl.prototype.NN=16,Cl.prototype._clean=function(e){if(e<0){e=(2147483647&e)+2147483648}return e},Cl.prototype._F=function(e){let t;const r=255&e,n=255&(e>>>=8),i=255&(e>>>=8),s=255&(e>>>=8);return t=this.sboxes[0][s]+this.sboxes[1][i],t^=this.sboxes[2][n],t+=this.sboxes[3][r],t},Cl.prototype._encryptBlock=function(e){let t,r=e[0],n=e[1];for(t=0;t>>24-8*t&255,i[t+n]=r[1]>>>24-8*t&255;return i},Cl.prototype._decryptBlock=function(e){let t,r=e[0],n=e[1];for(t=this.NN+1;t>1;--t){r^=this.parray[t],n=this._F(r)^n;const e=r;r=n,n=e}r^=this.parray[1],n^=this.parray[0],e[0]=this._clean(n),e[1]=this._clean(r)},Cl.prototype.init=function(e){let t,r=0;for(this.parray=[],t=0;t=e.length&&(r=0);this.parray[t]=this.PARRAY[t]^n}for(this.sboxes=[],t=0;t<4;++t)for(this.sboxes[t]=[],r=0;r<256;++r)this.sboxes[t][r]=this.SBOXES[t][r];const n=[0,0];for(t=0;tnew Rl)),Tl=/* @__PURE__ */new Uint8Array([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),Ml=/* @__PURE__ */new Uint8Array(Array(16).fill(0).map(((e,t)=>t))),Nl=/* @__PURE__ */Ml.map((e=>(9*e+5)%16));let Fl=[Ml],Hl=[Nl];for(let e=0;e<4;e++)for(let t of[Fl,Hl])t.push(t[e].map((e=>Tl[e])));const Ol=/* @__PURE__ */[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map((e=>new Uint8Array(e))),zl=/* @__PURE__ */Fl.map(((e,t)=>e.map((e=>Ol[t][e])))),_l=/* @__PURE__ */Hl.map(((e,t)=>e.map((e=>Ol[t][e])))),Gl=/* @__PURE__ */new Uint32Array([0,1518500249,1859775393,2400959708,2840853838]),jl=/* @__PURE__ */new Uint32Array([1352829926,1548603684,1836072691,2053994217,0]);function ql(e,t,r,n){return 0===e?t^r^n:1===e?t&r|~t&n:2===e?(t|~r)^n:3===e?t&n|r&~n:t^(r|~n)}const Vl=/* @__PURE__ */new Uint32Array(16);class Jl extends kc{constructor(){super(64,20,8,!0),this.h0=1732584193,this.h1=-271733879,this.h2=-1732584194,this.h3=271733878,this.h4=-1009589776}get(){const{h0:e,h1:t,h2:r,h3:n,h4:i}=this;return[e,t,r,n,i]}set(e,t,r,n,i){this.h0=0|e,this.h1=0|t,this.h2=0|r,this.h3=0|n,this.h4=0|i}process(e,t){for(let r=0;r<16;r++,t+=4)Vl[r]=e.getUint32(t,!0);let r=0|this.h0,n=r,i=0|this.h1,s=i,a=0|this.h2,o=a,c=0|this.h3,h=c,u=0|this.h4,l=u;for(let e=0;e<5;e++){const t=4-e,y=Gl[e],f=jl[e],g=Fl[e],p=Hl[e],d=zl[e],A=_l[e];for(let t=0;t<16;t++){const n=uc(r+ql(e,i,a,c)+Vl[g[t]]+y,d[t])+u|0;r=u,u=c,c=0|uc(a,10),a=i,i=n}for(let e=0;e<16;e++){const r=uc(n+ql(t,s,o,h)+Vl[p[e]]+f,A[e])+l|0;n=l,l=h,h=0|uc(o,10),o=s,s=r}}this.set(this.h1+a+h|0,this.h2+c+l|0,this.h3+u+n|0,this.h4+r+s|0,this.h0+i+o|0)}roundClean(){Vl.fill(0)}destroy(){this.destroyed=!0,this.buffer.fill(0),this.set(0,0,0,0,0)}}const Yl=new Map(Object.entries({sha1:Ll,sha224:Cc,sha256:Kc,sha384:ou,sha512:au,sha3_256:Cu,sha3_512:Du,ripemd160:/* @__PURE__ */Ac((()=>new Jl))}));var Wl=/*#__PURE__*/Object.freeze({__proto__:null,nobleHashes:Yl});function Zl(e,t,r,n){e[t]+=r[n],e[t+1]+=r[n+1]+(e[t]>>24^h<<8,e[n+1]=h>>>24^c<<8,Zl(e,r,e,n),Zl(e,r,t,o),c=e[s]^e[r],h=e[s+1]^e[r+1],e[s]=c>>>16^h<<16,e[s+1]=h>>>16^c<<16,Zl(e,i,e,s),c=e[n]^e[i],h=e[n+1]^e[i+1],e[n]=h>>>31^c<<1,e[n+1]=c>>>31^h<<1}const ey=new Uint32Array([4089235720,1779033703,2227873595,3144134277,4271175723,1013904242,1595750129,2773480762,2917565137,1359893119,725511199,2600822924,4215389547,528734635,327033209,1541459225]),ty=new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3].map((e=>2*e)));function ry(e,t){const r=new Uint32Array(32),n=new Uint32Array(e.b.buffer,e.b.byteOffset,32);for(let t=0;t<16;t++)r[t]=e.h[t],r[t+16]=ey[t];r[24]^=e.t0[0],r[25]^=e.t0[1];const i=t?4294967295:0;r[28]^=i,r[29]^=i;for(let e=0;e<12;e++){const t=e<<4;Xl(r,n,0,8,16,24,ty[t+0],ty[t+1]),Xl(r,n,2,10,18,26,ty[t+2],ty[t+3]),Xl(r,n,4,12,20,28,ty[t+4],ty[t+5]),Xl(r,n,6,14,22,30,ty[t+6],ty[t+7]),Xl(r,n,0,10,20,30,ty[t+8],ty[t+9]),Xl(r,n,2,12,22,24,ty[t+10],ty[t+11]),Xl(r,n,4,14,16,26,ty[t+12],ty[t+13]),Xl(r,n,6,8,18,28,ty[t+14],ty[t+15])}for(let t=0;t<16;t++)e.h[t]^=r[t]^r[t+16]}class ny{constructor(e,t,r,n){const i=new Uint8Array(64);this.S={b:new Uint8Array(ay),h:new Uint32Array(sy/4),t0:new Uint32Array(2),c:0,outlen:e},i[0]=e,t&&(i[1]=t.length),i[2]=1,i[3]=1,r&&i.set(r,32),n&&i.set(n,48);const s=new Uint32Array(i.buffer,i.byteOffset,i.length/Uint32Array.BYTES_PER_ELEMENT);for(let e=0;e<16;e++)this.S.h[e]=ey[e]^s[e];if(t){const e=new Uint8Array(ay);e.set(t),this.update(e)}}update(e){if(!(e instanceof Uint8Array))throw Error("Input must be Uint8Array or Buffer");let t=0;for(;t>2]>>8*(3&e);return this.S.h=null,t.buffer}}function iy(e,t,r,n){if(e>sy)throw Error(`outlen must be at most ${sy} (given: ${e})`);return new ny(e,t,r,n)}const sy=64,ay=128,oy=2,cy=19,hy=4294967295,uy=4,ly=4294967295,yy=8,fy=4294967295,gy=8,py=4294967295,dy=4294967295,Ay=32,wy=1024,my=64,by=205===new Uint8Array(new Uint16Array([43981]).buffer)[0];function ky(e,t,r){return e[r+0]=t,e[r+1]=t>>8,e[r+2]=t>>16,e[r+3]=t>>24,e}function Ey(e,t,r){if(t>Number.MAX_SAFE_INTEGER)throw Error("LE64: large numbers unsupported");let n=t;for(let t=r;t{if(tn)throw Error(`${e} size should be between ${r} and ${n} bytes`)};if(e!==oy||t!==cy)throw Error("Unsupported type or version");return u("password",n,gy,fy),u("salt",i,yy,ly),u("tag",r,uy,hy),u("memory",c,8*o,py),s&&u("associated data",s,0,dy),a&&u("secret",a,0,Ay),{type:e,version:t,tagLength:r,password:n,salt:i,ad:s,secret:a,lanes:o,memorySize:c,passes:h}}({type:oy,version:cy,...e}),{G:i,G2:s,xor:a,getLZ:o}=r.exports,c={},h={};h.G=i,h.G2=s,h.XOR=a;const u=4*n.lanes*Math.floor(n.memorySize/(4*n.lanes)),l=u*wy+10*Cy;if(t.buffer.byteLength{r.set(e,n),n+=e.length})),r}(i));const s=t.digest();return new Uint8Array(s)}(n),m=u/n.lanes,b=Array(n.lanes).fill(null).map((()=>Array(m))),k=(e,t)=>(b[e][t]=d.subarray(e*m*1024+1024*t,e*m*1024+1024*t+wy),b[e][t]);for(let e=0;e0?b[i][c-1]:b[i][m-1],u=r?a.next().value:h;o(f.byteOffset,u.byteOffset,i,n.lanes,e,t,s,4,E);const l=f[0],y=f[1];0===e&&k(i,c),Iy(g,h,b[l][y],e>0?p:b[i][c]),e>0&&By(g,b[i][c],p,b[i][c])}}}const v=b[0][m-1];for(let e=1;ePy(e,{instance:n.instance,memory:r})}function Qy(t,r,n,i){var s=null,a=e.atob(n),o=a.length;s=new Uint8Array(new ArrayBuffer(o));for(var c=0;cxy((e=>Qy(0,0,"AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL",e)),(e=>Qy(0,0,"AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==",e)))}),Ly=[0,1,3,7,15,31,63,127,255],Ty=function(e){this.stream=e,this.bitOffset=0,this.curByte=0,this.hasByte=!1};Ty.prototype._ensureByte=function(){this.hasByte||(this.curByte=this.stream.readByte(),this.hasByte=!0)},Ty.prototype.read=function(e){for(var t=0;e>0;){this._ensureByte();var r=8-this.bitOffset;if(e>=r)t<<=r,t|=Ly[r]&this.curByte,this.hasByte=!1,this.bitOffset=0,e-=r;else{t<<=e;var n=r-e;t|=(this.curByte&Ly[e]<>n,this.bitOffset+=e,e=0}}return t},Ty.prototype.seek=function(e){var t=e%8,r=(e-t)/8;this.bitOffset=t,this.stream.seek(r),this.hasByte=!1},Ty.prototype.pi=function(){var e,t=new Uint8Array(6);for(e=0;e("00"+e.toString(16)).slice(-2))).join("")}(t)};var My=Ty,Ny=function(){};Ny.prototype.readByte=function(){throw Error("abstract method readByte() not implemented")},Ny.prototype.read=function(e,t,r){for(var n=0;n>>0},this.updateCRC=function(t){e=e<<8^Fy[255&(e>>>24^t)]},this.updateCRCRun=function(t,r){for(;r-- >0;)e=e<<8^Fy[255&(e>>>24^t)]}}),zy=My,_y=Hy,Gy=Oy,jy=function(e,t){var r,n=e[t];for(r=t;r>0;r--)e[r]=e[r-1];return e[0]=n,n},qy={OK:0,LAST_BLOCK:-1,NOT_BZIP_DATA:-2,UNEXPECTED_INPUT_EOF:-3,UNEXPECTED_OUTPUT_EOF:-4,DATA_ERROR:-5,OUT_OF_MEMORY:-6,OBSOLETE_INPUT:-7,END_OF_BLOCK:-8},Vy={};Vy[qy.LAST_BLOCK]="Bad file checksum",Vy[qy.NOT_BZIP_DATA]="Not bzip data",Vy[qy.UNEXPECTED_INPUT_EOF]="Unexpected input EOF",Vy[qy.UNEXPECTED_OUTPUT_EOF]="Unexpected output EOF",Vy[qy.DATA_ERROR]="Data error",Vy[qy.OUT_OF_MEMORY]="Out of memory",Vy[qy.OBSOLETE_INPUT]="Obsolete (pre 0.9.5) bzip format not supported.";var Jy=function(e,t){var r=Vy[e]||"unknown error";t&&(r+=": "+t);var n=new TypeError(r);throw n.errorCode=e,n},Yy=function(e,t){this.writePos=this.writeCurrent=this.writeCount=0,this._start_bunzip(e,t)};Yy.prototype._init_block=function(){return this._get_next_block()?(this.blockCRC=new Gy,!0):(this.writeCount=-1,!1)},Yy.prototype._start_bunzip=function(e,t){var r=new Uint8Array(4);4===e.read(r,0,4)&&"BZh"===String.fromCharCode(r[0],r[1],r[2])||Jy(qy.NOT_BZIP_DATA,"bad magic");var n=r[3]-48;(n<1||n>9)&&Jy(qy.NOT_BZIP_DATA,"level out of range"),this.reader=new zy(e),this.dbufSize=1e5*n,this.nextoutput=0,this.outputStream=t,this.streamCRC=0},Yy.prototype._get_next_block=function(){var e,t,r,n=this.reader,i=n.pi();if("177245385090"===i)return!1;"314159265359"!==i&&Jy(qy.NOT_BZIP_DATA),this.targetBlockCRC=n.read(32)>>>0,this.streamCRC=(this.targetBlockCRC^(this.streamCRC<<1|this.streamCRC>>>31))>>>0,n.read(1)&&Jy(qy.OBSOLETE_INPUT);var s=n.read(24);s>this.dbufSize&&Jy(qy.DATA_ERROR,"initial position out of bounds");var a=n.read(16),o=new Uint8Array(256),c=0;for(e=0;e<16;e++)if(a&1<<15-e){var h=16*e;for(r=n.read(16),t=0;t<16;t++)r&1<<15-t&&(o[c++]=h+t)}var u=n.read(3);(u<2||u>6)&&Jy(qy.DATA_ERROR);var l=n.read(15);0===l&&Jy(qy.DATA_ERROR);var y=new Uint8Array(256);for(e=0;e=u&&Jy(qy.DATA_ERROR);f[e]=jy(y,t)}var g,p=c+2,d=[];for(t=0;t20)&&Jy(qy.DATA_ERROR),n.read(1);)n.read(1)?a--:a++;m[e]=a}for(A=w=m[0],e=1;ew?w=m[e]:m[e]=l&&Jy(qy.DATA_ERROR),g=d[f[S++]]),e=g.minLen,t=n.read(e);e>g.maxLen&&Jy(qy.DATA_ERROR),!(t<=g.limit[e]);e++)t=t<<1|n.read(1);((t-=g.base[e])<0||t>=258)&&Jy(qy.DATA_ERROR);var C=g.permute[t];if(0!==C&&1!==C){if(B)for(B=0,I+a>this.dbufSize&&Jy(qy.DATA_ERROR),E[v=o[y[0]]]+=a;a--;)K[I++]=v;if(C>c)break;I>=this.dbufSize&&Jy(qy.DATA_ERROR),E[v=o[v=jy(y,e=C-1)]]++,K[I++]=v}else B||(B=1,a=0),a+=0===C?B:2*B,B<<=1}for((s<0||s>=I)&&Jy(qy.DATA_ERROR),t=0,e=0;e<256;e++)r=t+E[e],E[e]=t,t=r;for(e=0;e>=8,U=-1),this.writePos=D,this.writeCurrent=P,this.writeCount=I,this.writeRun=U,!0},Yy.prototype._read_bunzip=function(e,t){var r,n,i;if(this.writeCount<0)return 0;var s=this.dbuf,a=this.writePos,o=this.writeCurrent,c=this.writeCount;this.outputsize;for(var h=this.writeRun;c;){for(c--,n=o,o=255&(a=s[a]),a>>=8,3==h++?(r=o,i=n,o=-1):(r=1,i=o),this.blockCRC.updateCRCRun(i,r);r--;)this.outputStream.writeByte(i),this.nextoutput++;o!=n&&(h=0)}return this.writeCount=c,this.blockCRC.getCRC()!==this.targetBlockCRC&&Jy(qy.DATA_ERROR,"Bad block CRC (got "+this.blockCRC.getCRC().toString(16)+" expected "+this.targetBlockCRC.toString(16)+")"),this.nextoutput};var Wy=function(e){if("readByte"in e)return e;var t=new _y;return t.pos=0,t.readByte=function(){return e[this.pos++]},t.seek=function(e){this.pos=e},t.eof=function(){return this.pos>=e.length},t},Zy=function(e){var t=new _y,r=!0;if(e)if("number"==typeof e)t.buffer=new Uint8Array(e),r=!1;else{if("writeByte"in e)return e;t.buffer=e,r=!1}else t.buffer=new Uint8Array(16384);return t.pos=0,t.writeByte=function(e){if(r&&this.pos>=this.buffer.length){var t=new Uint8Array(2*this.buffer.length);t.set(this.buffer),this.buffer=t}this.buffer[this.pos++]=e},t.getBuffer=function(){if(this.pos!==this.buffer.length){if(!r)throw new TypeError("outputsize does not match decoded input");var e=new Uint8Array(this.pos);e.set(this.buffer.subarray(0,this.pos)),this.buffer=e}return this.buffer},t._coerced=!0,t};var $y={Bunzip:Yy,Stream:_y,Err:qy,decode:function(e,t,r){for(var n=Wy(e),i=Zy(t),s=new Yy(n,i);!("eof"in n)||!n.eof();)if(s._init_block())s._read_bunzip();else{var a=s.reader.read(32)>>>0;if(a!==s.streamCRC&&Jy(qy.DATA_ERROR,"Bad stream CRC (got "+s.streamCRC.toString(16)+" expected "+a.toString(16)+")"),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i)}if("getBuffer"in i)return i.getBuffer()},decodeBlock:function(e,t,r){var n=Wy(e),i=Zy(r),s=new Yy(n,i);if(s.reader.seek(t),s._get_next_block()&&(s.blockCRC=new Gy,s.writeCopies=0,s._read_bunzip()),"getBuffer"in i)return i.getBuffer()},table:function(e,t,r){var n=new _y;n.delegate=Wy(e),n.pos=0,n.readByte=function(){return this.pos++,this.delegate.readByte()},n.delegate.eof&&(n.eof=n.delegate.eof.bind(n.delegate));var i=new _y;i.pos=0,i.writeByte=function(){this.pos++};for(var s=new Yy(n,i),a=s.dbufSize;!("eof"in n)||!n.eof();){var o=8*n.pos+s.reader.bitOffset;if(s.reader.hasByte&&(o-=8),s._init_block()){var c=i.pos;s._read_bunzip(),t(o,i.pos-c)}else{if(s.reader.read(32),!r||!("eof"in n)||n.eof())break;s._start_bunzip(n,i),console.assert(s.dbufSize===a,"shouldn't change block size within multistream file")}}}},Xy=/*#__PURE__*/t({__proto__:null},[$y]);export{Da as AEADEncryptedDataPacket,Qo as CleartextMessage,ma as CompressedDataPacket,oa as LiteralDataPacket,Ta as MarkerPacket,Ko as Message,pa as OnePassSignaturePacket,Aa as PacketList,Ga as PaddingPacket,po as PrivateKey,go as PublicKey,Pa as PublicKeyEncryptedSessionKeyPacket,Qa as PublicKeyPacket,Ma as PublicSubkeyPacket,Fa as SecretKeyPacket,za as SecretSubkeyPacket,qa as Signature,ya as SignaturePacket,ho as Subkey,Sa as SymEncryptedIntegrityProtectedDataPacket,xa as SymEncryptedSessionKeyPacket,La as SymmetricallyEncryptedDataPacket,_a as TrustPacket,Jn as UnparseablePacket,Na as UserAttributePacket,Oa as UserIDPacket,X as armor,L as config,Lo as createCleartextMessage,Uo as createMessage,zo as decrypt,Fo as decryptKey,Vo as decryptSessionKeys,Oo as encrypt,Ho as encryptKey,qo as encryptSessionKey,R as enums,To as generateKey,jo as generateSessionKey,Ro as readCleartextMessage,bo as readKey,Eo as readKeys,Po as readMessage,ko as readPrivateKey,vo as readPrivateKeys,Va as readSignature,Mo as reformatKey,No as revokeKey,_o as sign,$ as unarmor,Go as verify}; //# sourceMappingURL=openpgp.min.mjs.map diff --git a/app/node_modules/openpgp/dist/openpgp.min.mjs.map b/app/node_modules/openpgp/dist/openpgp.min.mjs.map index 7339f5647..f1fe36e80 100644 --- a/app/node_modules/openpgp/dist/openpgp.min.mjs.map +++ b/app/node_modules/openpgp/dist/openpgp.min.mjs.map @@ -1 +1 @@ -{"version":3,"file":"openpgp.min.mjs","sources":["../node_modules/@openpgp/web-stream-tools/lib/writer.js","../node_modules/@openpgp/web-stream-tools/lib/util.js","../node_modules/@openpgp/web-stream-tools/lib/node-conversions.js","../node_modules/@openpgp/web-stream-tools/lib/reader.js","../node_modules/@openpgp/web-stream-tools/lib/streams.js","../src/biginteger/native.interface.js","../src/biginteger/index.js","../src/enums.js","../src/util.js","../src/encoding/base64.js","../src/config/config.js","../src/encoding/armor.js","../src/type/keyid.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.asm.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/other/utils.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/other/errors.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/aes.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ecb.js","../src/crypto/cipher/aes.js","../src/crypto/cipher/des.js","../src/crypto/cipher/cast5.js","../src/crypto/cipher/twofish.js","../src/crypto/cipher/blowfish.js","../src/crypto/cipher/index.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.asm.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/hash.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256.asm.js","../node_modules/minimalistic-assert/index.js","../node_modules/inherits/inherits_browser.js","../node_modules/hash.js/lib/hash/utils.js","../node_modules/hash.js/lib/hash/common.js","../node_modules/hash.js/lib/hash/sha/common.js","../node_modules/hash.js/lib/hash/sha/256.js","../node_modules/hash.js/lib/hash/sha/224.js","../node_modules/hash.js/lib/hash/sha/512.js","../node_modules/hash.js/lib/hash/sha/384.js","../node_modules/hash.js/lib/hash/ripemd.js","../src/crypto/hash/md5.js","../src/crypto/hash/index.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cfb.js","../src/crypto/cipher/getCipher.js","../src/crypto/mode/cfb.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/ctr.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/cbc.js","../src/crypto/cmac.js","../src/crypto/mode/eax.js","../src/crypto/mode/ocb.js","../node_modules/@openpgp/asmcrypto.js/dist_es8/aes/gcm.js","../src/crypto/mode/gcm.js","../src/crypto/mode/index.js","../node_modules/@openpgp/tweetnacl/nacl-fast-light.js","../src/crypto/random.js","../src/crypto/public_key/prime.js","../src/crypto/pkcs1.js","../src/crypto/public_key/rsa.js","../src/crypto/public_key/elgamal.js","../src/type/oid.js","../src/crypto/public_key/elliptic/indutnyKey.js","../src/packet/packet.js","../src/crypto/public_key/elliptic/oid_curves.js","../src/crypto/public_key/elliptic/ecdsa.js","../src/crypto/public_key/elliptic/eddsa_legacy.js","../src/crypto/public_key/elliptic/eddsa.js","../src/crypto/aes_kw.js","../src/crypto/pkcs5.js","../src/crypto/public_key/elliptic/ecdh.js","../src/crypto/hkdf.js","../src/crypto/public_key/elliptic/ecdh_x.js","../src/crypto/public_key/dsa.js","../src/crypto/public_key/index.js","../src/crypto/signature.js","../src/type/ecdh_symkey.js","../src/type/kdf_params.js","../src/type/ecdh_x_symkey.js","../src/crypto/crypto.js","../src/crypto/index.js","../node_modules/@openpgp/pako/lib/utils/common.js","../node_modules/@openpgp/pako/lib/zlib/constants.js","../node_modules/@openpgp/pako/lib/zlib/trees.js","../node_modules/@openpgp/pako/lib/zlib/adler32.js","../node_modules/@openpgp/pako/lib/zlib/crc32.js","../node_modules/@openpgp/pako/lib/zlib/messages.js","../node_modules/@openpgp/pako/lib/zlib/deflate.js","../node_modules/@openpgp/pako/lib/utils/strings.js","../node_modules/@openpgp/pako/lib/zlib/zstream.js","../node_modules/@openpgp/pako/lib/deflate.js","../node_modules/@openpgp/pako/lib/zlib/inffast.js","../node_modules/@openpgp/pako/lib/zlib/inftrees.js","../node_modules/@openpgp/pako/lib/zlib/inflate.js","../node_modules/@openpgp/pako/lib/zlib/gzheader.js","../node_modules/@openpgp/pako/lib/inflate.js","../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../node_modules/@openpgp/seek-bzip/lib/stream.js","../node_modules/@openpgp/seek-bzip/lib/crc32.js","../node_modules/@openpgp/seek-bzip/lib/index.js","../src/packet/literal_data.js","../src/packet/signature.js","../src/packet/one_pass_signature.js","../src/packet/packetlist.js","../src/packet/compressed_data.js","../src/packet/sym_encrypted_integrity_protected_data.js","../src/packet/aead_encrypted_data.js","../src/packet/public_key_encrypted_session_key.js","../src/type/s2k.js","../src/packet/sym_encrypted_session_key.js","../src/packet/public_key.js","../src/packet/symmetrically_encrypted_data.js","../src/packet/marker.js","../src/packet/public_subkey.js","../src/packet/user_attribute.js","../src/packet/secret_key.js","../node_modules/email-addresses/lib/email-addresses.js","../src/packet/userid.js","../src/packet/secret_subkey.js","../src/packet/trust.js","../src/signature.js","../src/key/helper.js","../src/key/user.js","../src/key/subkey.js","../src/key/key.js","../src/key/public_key.js","../src/key/private_key.js","../src/key/factory.js","../src/message.js","../src/cleartext.js","../src/openpgp.js","../node_modules/@openpgp/web-stream-tools/node_modules/web-streams-polyfill/dist/ponyfill.es6.mjs","../node_modules/@mattiasbuelens/web-streams-adapter/dist/web-streams-adapter.mjs","../node_modules/bn.js/lib/bn.js","../src/biginteger/bn.interface.js","../node_modules/brorand/index.js","../node_modules/minimalistic-crypto-utils/lib/utils.js","../node_modules/@openpgp/elliptic/lib/elliptic/utils.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/base.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/short.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/mont.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/edwards.js","../node_modules/@openpgp/elliptic/lib/elliptic/curve/index.js","../node_modules/hash.js/lib/hash/sha/1.js","../node_modules/hash.js/lib/hash/sha.js","../node_modules/hash.js/lib/hash/hmac.js","../node_modules/hash.js/lib/hash.js","../node_modules/@openpgp/elliptic/lib/elliptic/precomputed/secp256k1.js","../node_modules/@openpgp/elliptic/lib/elliptic/curves.js","../node_modules/hmac-drbg/lib/hmac-drbg.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/key.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/signature.js","../node_modules/@openpgp/elliptic/lib/elliptic/ec/index.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/key.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/signature.js","../node_modules/@openpgp/elliptic/lib/elliptic/eddsa/index.js","../node_modules/@openpgp/elliptic/lib/elliptic.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","import * as streams from './streams';\nimport { isArrayStream } from './writer';\n\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n if (streams.ReadableStream && streams.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'ponyfill';\n }\n if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) {\n return 'node';\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isNode } from './util';\nimport * as streams from './streams';\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\nconst NodeReadableStream = isNode && require('stream').Readable;\n\n/**\n * Web / node stream conversion functions\n * From https://github.com/gwicke/node-web-streams\n */\n\nlet nodeToWeb;\nlet webToNode;\n\nif (NodeReadableStream) {\n\n /**\n * Convert a Node Readable Stream to a Web ReadableStream\n * @param {Readable} nodeStream\n * @returns {ReadableStream}\n */\n nodeToWeb = function(nodeStream) {\n let canceled = false;\n return new streams.ReadableStream({\n start(controller) {\n nodeStream.pause();\n nodeStream.on('data', chunk => {\n if (canceled) {\n return;\n }\n if (NodeBuffer.isBuffer(chunk)) {\n chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength);\n }\n controller.enqueue(chunk);\n nodeStream.pause();\n });\n nodeStream.on('end', () => {\n if (canceled) {\n return;\n }\n controller.close();\n });\n nodeStream.on('error', e => controller.error(e));\n },\n pull() {\n nodeStream.resume();\n },\n cancel(reason) {\n canceled = true;\n nodeStream.destroy(reason);\n }\n });\n };\n\n\n class NodeReadable extends NodeReadableStream {\n constructor(webStream, options) {\n super(options);\n this._reader = streams.getReader(webStream);\n }\n\n async _read(size) {\n try {\n while (true) {\n const { done, value } = await this._reader.read();\n if (done) {\n this.push(null);\n break;\n }\n if (!this.push(value)) {\n break;\n }\n }\n } catch (e) {\n this.destroy(e);\n }\n }\n\n async _destroy(error, callback) {\n this._reader.cancel(error).then(callback, callback);\n }\n }\n\n /**\n * Convert a Web ReadableStream to a Node Readable Stream\n * @param {ReadableStream} webStream\n * @param {Object} options\n * @returns {Readable}\n */\n webToNode = function(webStream, options) {\n return new NodeReadable(webStream, options);\n };\n\n}\n\nexport { nodeToWeb, webToNode };\n","import * as streams from './streams';\nimport { isUint8Array } from './util';\n\nconst doneReadingSet = new WeakSet();\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (streams.isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = async () => {};\n return;\n }\n let streamType = streams.isStream(input);\n if (streamType === 'node') {\n input = streams.nodeToWeb(input);\n }\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array } from './util';\nimport { nodeToWeb, webToNode } from './node-conversions';\nimport { Reader, externalBuffer } from './reader';\nimport { ArrayStream, Writer } from './writer';\n\nlet { ReadableStream, WritableStream, TransformStream } = globalThis;\n\nlet toPonyfillReadable, toNativeReadable;\n\nasync function loadStreamsPonyfill() {\n if (TransformStream) {\n return;\n }\n\n const [ponyfill, adapter] = await Promise.all([\n import('web-streams-polyfill/ponyfill/es6'),\n import('@mattiasbuelens/web-streams-adapter')\n ]);\n\n ({ ReadableStream, WritableStream, TransformStream } = ponyfill);\n\n const { createReadableStreamWrapper } = adapter;\n\n if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) {\n toPonyfillReadable = createReadableStreamWrapper(ReadableStream);\n toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream);\n }\n}\n\nconst NodeBuffer = isNode && require('buffer').Buffer;\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType === 'node') {\n return nodeToWeb(input);\n }\n if (streamType === 'web' && toPonyfillReadable) {\n return toPonyfillReadable(input);\n }\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert data to ArrayStream\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n if (NodeBuffer && NodeBuffer.isBuffer(list[0])) {\n return NodeBuffer.concat(list);\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n } else {\n lastBytes = returnValue;\n }\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input) && !(NodeBuffer && NodeBuffer.isBuffer(input))) {\n if (end === Infinity) end = input.length;\n return input.subarray(begin, end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n return input.cancel(reason);\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n\nexport { ReadableStream, WritableStream, TransformStream, ArrayStream, loadStreamsPonyfill, isStream, isArrayStream, isUint8Array, toStream, toPonyfillReadable, toNativeReadable, concatUint8Array, concatStream, concat, getReader, getWriter, pipe, transformRaw, transform, transformPair, parse, clone, passiveClone, slice, readToEnd, cancel, fromAsync, nodeToWeb, webToNode };\n","/* eslint-disable new-cap */\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * that wraps the native BigInt library.\n * Operations are not constant time,\n * but we try and limit timing leakage where we can\n * @module biginteger/native\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on null or undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n if (n instanceof Uint8Array) {\n const bytes = n;\n const hex = new Array(bytes.length);\n for (let i = 0; i < bytes.length; i++) {\n const hexByte = bytes[i].toString(16);\n hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte;\n }\n this.value = BigInt('0x0' + hex.join(''));\n } else {\n this.value = BigInt(n);\n }\n }\n\n clone() {\n return new BigInteger(this.value);\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value++;\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value--;\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value += x.value;\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value -= x.value;\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value *= x.value;\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value %= m.value;\n if (this.isNegative()) {\n this.iadd(m);\n }\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation using square and multiply\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n if (n.isZero()) throw Error('Modulo cannot be zero');\n if (n.isOne()) return new BigInteger(0);\n if (e.isNegative()) throw Error('Unsopported negative exponent');\n\n let exp = e.value;\n let x = this.value;\n\n x %= n.value;\n let r = BigInt(1);\n while (exp > BigInt(0)) {\n const lsb = exp & BigInt(1);\n exp >>= BigInt(1); // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n.value;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n.value; // Square\n }\n return new BigInteger(r);\n }\n\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n const { gcd, x } = this._egcd(n);\n if (!gcd.isOne()) {\n throw new Error('Inverse does not exist');\n }\n return x.add(n).mod(n);\n }\n\n /**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b)\n * @param {BigInteger} b - Second operand\n * @returns {{ gcd, x, y: BigInteger }}\n */\n _egcd(b) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n let a = this.value;\n b = b.value;\n\n while (b !== BigInt(0)) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: new BigInteger(xPrev),\n y: new BigInteger(yPrev),\n gcd: new BigInteger(a)\n };\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} b - Operand\n * @returns {BigInteger} gcd\n */\n gcd(b) {\n let a = this.value;\n b = b.value;\n while (b !== BigInt(0)) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return new BigInteger(a);\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value <<= x.value;\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value >>= x.value;\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value === x.value;\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value < x.value;\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value <= x.value;\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value > x.value;\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value >= x.value;\n }\n\n isZero() {\n return this.value === BigInt(0);\n }\n\n isOne() {\n return this.value === BigInt(1);\n }\n\n isNegative() {\n return this.value < BigInt(0);\n }\n\n isEven() {\n return !(this.value & BigInt(1));\n }\n\n abs() {\n const res = this.clone();\n if (this.isNegative()) {\n res.value = -res.value;\n }\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n const number = Number(this.value);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n const bit = (this.value >> BigInt(i)) & BigInt(1);\n return (bit === BigInt(0)) ? 0 : 1;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n const zero = new BigInteger(0);\n const one = new BigInteger(1);\n const negOne = new BigInteger(-1);\n\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = this.isNegative() ? negOne : zero;\n let bitlen = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(one).equal(target)) {\n bitlen++;\n }\n return bitlen;\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n const zero = new BigInteger(0);\n const negOne = new BigInteger(-1);\n\n const target = this.isNegative() ? negOne : zero;\n const eight = new BigInteger(8);\n let len = 1;\n const tmp = this.clone();\n while (!tmp.irightShift(eight).equal(target)) {\n len++;\n }\n return len;\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = this.value.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? (length - rawLength) : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n }\n}\n","import BigInteger from './native.interface';\n\nconst detectBigInt = () => typeof BigInt !== 'undefined';\n\nasync function getBigInteger() {\n if (detectBigInt()) {\n return BigInteger;\n } else {\n const { default: BigInteger } = await import('./bn.interface');\n return BigInteger;\n }\n}\n\nexport { getBigInteger };\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'p256': 'p256',\n 'P-256': 'p256',\n 'secp256r1': 'p256',\n 'prime256v1': 'p256',\n '1.2.840.10045.3.1.7': 'p256',\n '2a8648ce3d030107': 'p256',\n '2A8648CE3D030107': 'p256',\n\n /** NIST P-384 Curve */\n 'p384': 'p384',\n 'P-384': 'p384',\n 'secp384r1': 'p384',\n '1.3.132.0.34': 'p384',\n '2b81040022': 'p384',\n '2B81040022': 'p384',\n\n /** NIST P-521 Curve */\n 'p521': 'p521',\n 'P-521': 'p521',\n 'secp521r1': 'p521',\n '1.3.132.0.35': 'p521',\n '2b81040023': 'p521',\n '2B81040023': 'p521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n '1.3.132.0.10': 'secp256k1',\n '2b8104000a': 'secp256k1',\n '2B8104000A': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519',\n 'ED25519': 'ed25519',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519',\n 'Ed25519': 'ed25519',\n '1.3.6.1.4.1.11591.15.1': 'ed25519',\n '2b06010401da470f01': 'ed25519',\n '2B06010401DA470F01': 'ed25519',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519',\n 'X25519': 'curve25519',\n 'cv25519': 'curve25519',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519',\n 'Curve25519': 'curve25519',\n '1.3.6.1.4.1.3029.1.5.1': 'curve25519',\n '2b060104019755010501': 'curve25519',\n '2B060104019755010501': 'curve25519',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',\n '2b2403030208010107': 'brainpoolP256r1',\n '2B2403030208010107': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',\n '2b240303020801010b': 'brainpoolP384r1',\n '2B240303020801010B': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1',\n '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',\n '2b240303020801010d': 'brainpoolP512r1',\n '2B240303020801010D': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility\n /** @deprecated use `eddsaLegacy` instead */\n ed25519Legacy: 22,\n /** @deprecated use `eddsaLegacy` instead */\n eddsa: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n plaintext: 0,\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuer: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { getBigInteger } from './biginteger';\nimport enums from './enums';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n return bytes.subarray(2, 2 + bytelen);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const r = [];\n const e = bytes.length;\n let c = 0;\n let h;\n while (c < e) {\n h = bytes[c++].toString(16);\n while (h.length < 2) {\n h = '0' + h;\n }\n r.push('' + h);\n }\n return r.join('');\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography api, only the current version of the spec.\n * @returns {Object} The SubtleCrypto api or 'undefined'.\n */\n getWebCrypto: function() {\n return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n },\n\n /**\n * Get BigInteger class\n * It wraps the native BigInt type if it's available\n * Otherwise it relies on bn.js\n * @returns {BigInteger}\n * @async\n */\n getBigInteger,\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return require('crypto');\n },\n\n getNodeZlib: function() {\n return require('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (require('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = require('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^(([^<>()[\\]\\\\.,;:\\s@\"]+(\\.[^<>()[\\]\\\\.,;:\\s@\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\\-0-9]+)))$/;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha256,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * @memberof module:config\n * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9\n */\n deflateLevel: 6,\n\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.eax,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use V5 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v5Keys\n */\n v5Keys: false,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:\n * Iteration Count Byte for S2K (String to Key)\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * @memberof module:config\n * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum\n */\n checksumRequired: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * @memberof module:config\n * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored\n */\n revocationsExpire: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n\n /**\n * @memberof module:config\n * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available\n */\n minBytesForWebCrypto: 1000,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * Note: the indutny/elliptic curve library is not designed to be constant time.\n * @memberof module:config\n * @property {Boolean} useIndutnyElliptic\n */\n useIndutnyElliptic: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n } else\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n } else\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n } else\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n } else\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n } else\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n } else\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Splits a message into two parts, the body and the checksum. This is an internal function\n * @param {String} text - OpenPGP armored message part\n * @returns {Object} An object with attribute \"body\" containing the body.\n * and an attribute \"checksum\" containing the checksum.\n * @private\n */\nfunction splitChecksum(text) {\n let body = text;\n let checksum = '';\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n checksum = text.slice(lastEquals + 1).substr(0, 4);\n }\n\n return { body: body, checksum: checksum };\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input, config = defaultConfig) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n let checksum;\n let data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== 2) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === 2) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const split = splitChecksum(parts[0].slice(0, -1));\n checksum = split.checksum;\n await writer.write(split.body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n data = stream.transformPair(data, async (readable, writable) => {\n const checksumVerified = stream.readToEnd(getCheckSum(stream.passiveClone(readable)));\n checksumVerified.catch(() => {});\n await stream.pipe(readable, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n const checksumVerifiedString = (await checksumVerified).replace('\\n', '');\n if (checksum !== checksumVerifiedString && (checksum || config.checksumRequired)) {\n throw new Error('Ascii armor integrity check failed');\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n const bodyClone = stream.passiveClone(body);\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push('Hash: ' + hash + '\\n\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n result.push('=', getCheckSum(bodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n * @private\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","/**\n * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}.\n * @author Artem S Vybornov \n * @license MIT\n */\nexport var AES_asm = function () {\n \"use strict\";\n\n /**\n * Galois Field stuff init flag\n */\n var ginit_done = false;\n\n /**\n * Galois Field exponentiation and logarithm tables for 3 (the generator)\n */\n var gexp3, glog3;\n\n /**\n * Init Galois Field tables\n */\n function ginit() {\n gexp3 = [],\n glog3 = [];\n\n var a = 1, c, d;\n for (c = 0; c < 255; c++) {\n gexp3[c] = a;\n\n // Multiply by three\n d = a & 0x80, a <<= 1, a &= 255;\n if (d === 0x80) a ^= 0x1b;\n a ^= gexp3[c];\n\n // Set the log table value\n glog3[gexp3[c]] = c;\n }\n gexp3[255] = gexp3[0];\n glog3[0] = 0;\n\n ginit_done = true;\n }\n\n /**\n * Galois Field multiplication\n * @param {number} a\n * @param {number} b\n * @return {number}\n */\n function gmul(a, b) {\n var c = gexp3[(glog3[a] + glog3[b]) % 255];\n if (a === 0 || b === 0) c = 0;\n return c;\n }\n\n /**\n * Galois Field reciprocal\n * @param {number} a\n * @return {number}\n */\n function ginv(a) {\n var i = gexp3[255 - glog3[a]];\n if (a === 0) i = 0;\n return i;\n }\n\n /**\n * AES stuff init flag\n */\n var aes_init_done = false;\n\n /**\n * Encryption, Decryption, S-Box and KeyTransform tables\n *\n * @type {number[]}\n */\n var aes_sbox;\n\n /**\n * @type {number[]}\n */\n var aes_sinv;\n\n /**\n * @type {number[][]}\n */\n var aes_enc;\n\n /**\n * @type {number[][]}\n */\n var aes_dec;\n\n /**\n * Init AES tables\n */\n function aes_init() {\n if (!ginit_done) ginit();\n\n // Calculates AES S-Box value\n function _s(a) {\n var c, s, x;\n s = x = ginv(a);\n for (c = 0; c < 4; c++) {\n s = ((s << 1) | (s >>> 7)) & 255;\n x ^= s;\n }\n x ^= 99;\n return x;\n }\n\n // Tables\n aes_sbox = [],\n aes_sinv = [],\n aes_enc = [[], [], [], []],\n aes_dec = [[], [], [], []];\n\n for (var i = 0; i < 256; i++) {\n var s = _s(i);\n\n // S-Box and its inverse\n aes_sbox[i] = s;\n aes_sinv[s] = i;\n\n // Ecryption and Decryption tables\n aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s);\n aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i);\n // Rotate tables\n for (var t = 1; t < 4; t++) {\n aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24);\n aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24);\n }\n }\n\n aes_init_done = true;\n }\n\n /**\n * Asm.js module constructor.\n *\n *

\n * Heap buffer layout by offset:\n * 

\n   * 0x0000   encryption key schedule\n   * 0x0400   decryption key schedule\n   * 0x0800   sbox\n   * 0x0c00   inv sbox\n   * 0x1000   encryption tables\n   * 0x2000   decryption tables\n   * 0x3000   reserved (future GCM multiplication lookup table)\n   * 0x4000   data\n   *
\n * Don't touch anything before 0x400.\n *

\n *\n * @alias AES_asm\n * @class\n * @param foreign - ignored\n * @param buffer - heap buffer to link with\n */\n var wrapper = function (foreign, buffer) {\n // Init AES stuff for the first time\n if (!aes_init_done) aes_init();\n\n // Fill up AES tables\n var heap = new Uint32Array(buffer);\n heap.set(aes_sbox, 0x0800 >> 2);\n heap.set(aes_sinv, 0x0c00 >> 2);\n for (var i = 0; i < 4; i++) {\n heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2);\n heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2);\n }\n\n /**\n * Calculate AES key schedules.\n * @instance\n * @memberof AES_asm\n * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly)\n * @param {number} k0 - key vector components\n * @param {number} k1 - key vector components\n * @param {number} k2 - key vector components\n * @param {number} k3 - key vector components\n * @param {number} k4 - key vector components\n * @param {number} k5 - key vector components\n * @param {number} k6 - key vector components\n * @param {number} k7 - key vector components\n */\n function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) {\n var ekeys = heap.subarray(0x000, 60),\n dkeys = heap.subarray(0x100, 0x100 + 60);\n\n // Encryption key schedule\n ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]);\n for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) {\n var k = ekeys[i - 1];\n if ((i % ks === 0) || (ks === 8 && i % ks === 4)) {\n k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255];\n }\n if (i % ks === 0) {\n k = (k << 8) ^ (k >>> 24) ^ (rcon << 24);\n rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0);\n }\n ekeys[i] = ekeys[i - ks] ^ k;\n }\n\n // Decryption key schedule\n for (var j = 0; j < i; j += 4) {\n for (var jj = 0; jj < 4; jj++) {\n var k = ekeys[i - (4 + j) + (4 - jj) % 4];\n if (j < 4 || j >= i - 4) {\n dkeys[j + jj] = k;\n } else {\n dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]]\n ^ aes_dec[1][aes_sbox[k >>> 16 & 255]]\n ^ aes_dec[2][aes_sbox[k >>> 8 & 255]]\n ^ aes_dec[3][aes_sbox[k & 255]];\n }\n }\n }\n\n // Set rounds number\n asm.set_rounds(ks + 5);\n }\n\n // create library object with necessary properties\n var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array};\n\n var asm = function (stdlib, foreign, buffer) {\n \"use asm\";\n\n var S0 = 0, S1 = 0, S2 = 0, S3 = 0,\n I0 = 0, I1 = 0, I2 = 0, I3 = 0,\n N0 = 0, N1 = 0, N2 = 0, N3 = 0,\n M0 = 0, M1 = 0, M2 = 0, M3 = 0,\n H0 = 0, H1 = 0, H2 = 0, H3 = 0,\n R = 0;\n\n var HEAP = new stdlib.Uint32Array(buffer),\n DATA = new stdlib.Uint8Array(buffer);\n\n /**\n * AES core\n * @param {number} k - precomputed key schedule offset\n * @param {number} s - precomputed sbox table offset\n * @param {number} t - precomputed round table offset\n * @param {number} r - number of inner rounds to perform\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _core(k, s, t, r, x0, x1, x2, x3) {\n k = k | 0;\n s = s | 0;\n t = t | 0;\n r = r | 0;\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t1 = 0, t2 = 0, t3 = 0,\n y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n i = 0;\n\n t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00;\n\n // round 0\n x0 = x0 ^ HEAP[(k | 0) >> 2],\n x1 = x1 ^ HEAP[(k | 4) >> 2],\n x2 = x2 ^ HEAP[(k | 8) >> 2],\n x3 = x3 ^ HEAP[(k | 12) >> 2];\n\n // round 1..r\n for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) {\n y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n x0 = y0, x1 = y1, x2 = y2, x3 = y3;\n }\n\n // final round\n S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2],\n S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2],\n S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2],\n S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2];\n }\n\n /**\n * ECB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n x0,\n x1,\n x2,\n x3\n );\n }\n\n /**\n * ECB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ecb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n }\n\n\n /**\n * CBC mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0 ^ x0,\n I1 ^ x1,\n I2 ^ x2,\n I3 ^ x3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n }\n\n /**\n * CBC mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cbc_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var t = 0;\n\n _core(\n 0x0400, 0x0c00, 0x2000,\n R,\n x0,\n x3,\n x2,\n x1\n );\n\n t = S1, S1 = S3, S3 = t;\n\n S0 = S0 ^ I0,\n S1 = S1 ^ I1,\n S2 = S2 ^ I2,\n S3 = S3 ^ I3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * CFB mode encryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_enc(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0 = S0 ^ x0,\n I1 = S1 = S1 ^ x1,\n I2 = S2 = S2 ^ x2,\n I3 = S3 = S3 ^ x3;\n }\n\n\n /**\n * CFB mode decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _cfb_dec(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n\n I0 = x0,\n I1 = x1,\n I2 = x2,\n I3 = x3;\n }\n\n /**\n * OFB mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ofb(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n I0,\n I1,\n I2,\n I3\n );\n\n I0 = S0,\n I1 = S1,\n I2 = S2,\n I3 = S3;\n\n S0 = S0 ^ x0,\n S1 = S1 ^ x1,\n S2 = S2 ^ x2,\n S3 = S3 ^ x3;\n }\n\n /**\n * CTR mode encryption / decryption\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _ctr(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n _core(\n 0x0000, 0x0800, 0x1000,\n R,\n N0,\n N1,\n N2,\n N3\n );\n\n N3 = (~M3 & N3) | M3 & (N3 + 1);\n N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0));\n N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0));\n N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0));\n\n S0 = S0 ^ x0;\n S1 = S1 ^ x1;\n S2 = S2 ^ x2;\n S3 = S3 ^ x3;\n }\n\n /**\n * GCM mode MAC calculation\n * @param {number} x0 - 128-bit input block vector\n * @param {number} x1 - 128-bit input block vector\n * @param {number} x2 - 128-bit input block vector\n * @param {number} x3 - 128-bit input block vector\n */\n function _gcm_mac(x0, x1, x2, x3) {\n x0 = x0 | 0;\n x1 = x1 | 0;\n x2 = x2 | 0;\n x3 = x3 | 0;\n\n var y0 = 0, y1 = 0, y2 = 0, y3 = 0,\n z0 = 0, z1 = 0, z2 = 0, z3 = 0,\n i = 0, c = 0;\n\n x0 = x0 ^ I0,\n x1 = x1 ^ I1,\n x2 = x2 ^ I2,\n x3 = x3 ^ I3;\n\n y0 = H0 | 0,\n y1 = H1 | 0,\n y2 = H2 | 0,\n y3 = H3 | 0;\n\n for (; (i | 0) < 128; i = (i + 1) | 0) {\n if (y0 >>> 31) {\n z0 = z0 ^ x0,\n z1 = z1 ^ x1,\n z2 = z2 ^ x2,\n z3 = z3 ^ x3;\n }\n\n y0 = (y0 << 1) | (y1 >>> 31),\n y1 = (y1 << 1) | (y2 >>> 31),\n y2 = (y2 << 1) | (y3 >>> 31),\n y3 = (y3 << 1);\n\n c = x3 & 1;\n\n x3 = (x3 >>> 1) | (x2 << 31),\n x2 = (x2 >>> 1) | (x1 << 31),\n x1 = (x1 >>> 1) | (x0 << 31),\n x0 = (x0 >>> 1);\n\n if (c) x0 = x0 ^ 0xe1000000;\n }\n\n I0 = z0,\n I1 = z1,\n I2 = z2,\n I3 = z3;\n }\n\n /**\n * Set the internal rounds number.\n * @instance\n * @memberof AES_asm\n * @param {number} r - number if inner AES rounds\n */\n function set_rounds(r) {\n r = r | 0;\n R = r;\n }\n\n /**\n * Populate the internal state of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} s0 - state vector\n * @param {number} s1 - state vector\n * @param {number} s2 - state vector\n * @param {number} s3 - state vector\n */\n function set_state(s0, s1, s2, s3) {\n s0 = s0 | 0;\n s1 = s1 | 0;\n s2 = s2 | 0;\n s3 = s3 | 0;\n\n S0 = s0,\n S1 = s1,\n S2 = s2,\n S3 = s3;\n }\n\n /**\n * Populate the internal iv of the module.\n * @instance\n * @memberof AES_asm\n * @param {number} i0 - iv vector\n * @param {number} i1 - iv vector\n * @param {number} i2 - iv vector\n * @param {number} i3 - iv vector\n */\n function set_iv(i0, i1, i2, i3) {\n i0 = i0 | 0;\n i1 = i1 | 0;\n i2 = i2 | 0;\n i3 = i3 | 0;\n\n I0 = i0,\n I1 = i1,\n I2 = i2,\n I3 = i3;\n }\n\n /**\n * Set nonce for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} n0 - nonce vector\n * @param {number} n1 - nonce vector\n * @param {number} n2 - nonce vector\n * @param {number} n3 - nonce vector\n */\n function set_nonce(n0, n1, n2, n3) {\n n0 = n0 | 0;\n n1 = n1 | 0;\n n2 = n2 | 0;\n n3 = n3 | 0;\n\n N0 = n0,\n N1 = n1,\n N2 = n2,\n N3 = n3;\n }\n\n /**\n * Set counter mask for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} m0 - counter mask vector\n * @param {number} m1 - counter mask vector\n * @param {number} m2 - counter mask vector\n * @param {number} m3 - counter mask vector\n */\n function set_mask(m0, m1, m2, m3) {\n m0 = m0 | 0;\n m1 = m1 | 0;\n m2 = m2 | 0;\n m3 = m3 | 0;\n\n M0 = m0,\n M1 = m1,\n M2 = m2,\n M3 = m3;\n }\n\n /**\n * Set counter for CTR-family modes.\n * @instance\n * @memberof AES_asm\n * @param {number} c0 - counter vector\n * @param {number} c1 - counter vector\n * @param {number} c2 - counter vector\n * @param {number} c3 - counter vector\n */\n function set_counter(c0, c1, c2, c3) {\n c0 = c0 | 0;\n c1 = c1 | 0;\n c2 = c2 | 0;\n c3 = c3 | 0;\n\n N3 = (~M3 & N3) | M3 & c3,\n N2 = (~M2 & N2) | M2 & c2,\n N1 = (~M1 & N1) | M1 & c1,\n N0 = (~M0 & N0) | M0 & c0;\n }\n\n /**\n * Store the internal state vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_state(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n return 16;\n }\n\n /**\n * Store the internal iv vector into the heap.\n * @instance\n * @memberof AES_asm\n * @param {number} pos - offset where to put the data\n * @return {number} The number of bytes have been written into the heap, always 16.\n */\n function get_iv(pos) {\n pos = pos | 0;\n\n if (pos & 15) return -1;\n\n DATA[pos | 0] = I0 >>> 24,\n DATA[pos | 1] = I0 >>> 16 & 255,\n DATA[pos | 2] = I0 >>> 8 & 255,\n DATA[pos | 3] = I0 & 255,\n DATA[pos | 4] = I1 >>> 24,\n DATA[pos | 5] = I1 >>> 16 & 255,\n DATA[pos | 6] = I1 >>> 8 & 255,\n DATA[pos | 7] = I1 & 255,\n DATA[pos | 8] = I2 >>> 24,\n DATA[pos | 9] = I2 >>> 16 & 255,\n DATA[pos | 10] = I2 >>> 8 & 255,\n DATA[pos | 11] = I2 & 255,\n DATA[pos | 12] = I3 >>> 24,\n DATA[pos | 13] = I3 >>> 16 & 255,\n DATA[pos | 14] = I3 >>> 8 & 255,\n DATA[pos | 15] = I3 & 255;\n\n return 16;\n }\n\n /**\n * GCM initialization.\n * @instance\n * @memberof AES_asm\n */\n function gcm_init() {\n _ecb_enc(0, 0, 0, 0);\n H0 = S0,\n H1 = S1,\n H2 = S2,\n H3 = S3;\n }\n\n /**\n * Perform ciphering operation on the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function cipher(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _cipher_modes[mode & 7](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n DATA[pos | 0] = S0 >>> 24,\n DATA[pos | 1] = S0 >>> 16 & 255,\n DATA[pos | 2] = S0 >>> 8 & 255,\n DATA[pos | 3] = S0 & 255,\n DATA[pos | 4] = S1 >>> 24,\n DATA[pos | 5] = S1 >>> 16 & 255,\n DATA[pos | 6] = S1 >>> 8 & 255,\n DATA[pos | 7] = S1 & 255,\n DATA[pos | 8] = S2 >>> 24,\n DATA[pos | 9] = S2 >>> 16 & 255,\n DATA[pos | 10] = S2 >>> 8 & 255,\n DATA[pos | 11] = S2 & 255,\n DATA[pos | 12] = S3 >>> 24,\n DATA[pos | 13] = S3 >>> 16 & 255,\n DATA[pos | 14] = S3 >>> 8 & 255,\n DATA[pos | 15] = S3 & 255;\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * Calculates MAC of the supplied data.\n * @instance\n * @memberof AES_asm\n * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants)\n * @param {number} pos - offset of the data being processed\n * @param {number} len - length of the data being processed\n * @return {number} Actual amount of data have been processed.\n */\n function mac(mode, pos, len) {\n mode = mode | 0;\n pos = pos | 0;\n len = len | 0;\n\n var ret = 0;\n\n if (pos & 15) return -1;\n\n while ((len | 0) >= 16) {\n _mac_modes[mode & 1](\n DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3],\n DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7],\n DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11],\n DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15]\n );\n\n ret = (ret + 16) | 0,\n pos = (pos + 16) | 0,\n len = (len - 16) | 0;\n }\n\n return ret | 0;\n }\n\n /**\n * AES cipher modes table (virual methods)\n */\n var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr];\n\n /**\n * AES MAC modes table (virual methods)\n */\n var _mac_modes = [_cbc_enc, _gcm_mac];\n\n /**\n * Asm.js module exports\n */\n return {\n set_rounds: set_rounds,\n set_state: set_state,\n set_iv: set_iv,\n set_nonce: set_nonce,\n set_mask: set_mask,\n set_counter: set_counter,\n get_state: get_state,\n get_iv: get_iv,\n gcm_init: gcm_init,\n cipher: cipher,\n mac: mac,\n };\n }(stdlib, foreign, buffer);\n\n asm.set_key = set_key;\n\n return asm;\n };\n\n /**\n * AES enciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.ENC = {\n ECB: 0,\n CBC: 2,\n CFB: 4,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES deciphering mode constants\n * @enum {number}\n * @const\n */\n wrapper.DEC = {\n ECB: 1,\n CBC: 3,\n CFB: 5,\n OFB: 6,\n CTR: 7,\n },\n\n /**\n * AES MAC mode constants\n * @enum {number}\n * @const\n */\n wrapper.MAC = {\n CBC: 0,\n GCM: 1,\n };\n\n /**\n * Heap data offset\n * @type {number}\n * @const\n */\n wrapper.HEAP_DATA = 0x4000;\n\n return wrapper;\n}();\n","const local_atob = typeof atob === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'base64').toString('binary') : atob;\nconst local_btoa = typeof btoa === 'undefined' ? (str) => require('buffer').Buffer.from(str, 'binary').toString('base64') : btoa;\nexport function string_to_bytes(str, utf8 = false) {\n var len = str.length, bytes = new Uint8Array(utf8 ? 4 * len : len);\n for (var i = 0, j = 0; i < len; i++) {\n var c = str.charCodeAt(i);\n if (utf8 && 0xd800 <= c && c <= 0xdbff) {\n if (++i >= len)\n throw new Error('Malformed string, low surrogate expected at position ' + i);\n c = ((c ^ 0xd800) << 10) | 0x10000 | (str.charCodeAt(i) ^ 0xdc00);\n }\n else if (!utf8 && c >>> 8) {\n throw new Error('Wide characters are not allowed.');\n }\n if (!utf8 || c <= 0x7f) {\n bytes[j++] = c;\n }\n else if (c <= 0x7ff) {\n bytes[j++] = 0xc0 | (c >> 6);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else if (c <= 0xffff) {\n bytes[j++] = 0xe0 | (c >> 12);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n else {\n bytes[j++] = 0xf0 | (c >> 18);\n bytes[j++] = 0x80 | ((c >> 12) & 0x3f);\n bytes[j++] = 0x80 | ((c >> 6) & 0x3f);\n bytes[j++] = 0x80 | (c & 0x3f);\n }\n }\n return bytes.subarray(0, j);\n}\nexport function hex_to_bytes(str) {\n var len = str.length;\n if (len & 1) {\n str = '0' + str;\n len++;\n }\n var bytes = new Uint8Array(len >> 1);\n for (var i = 0; i < len; i += 2) {\n bytes[i >> 1] = parseInt(str.substr(i, 2), 16);\n }\n return bytes;\n}\nexport function base64_to_bytes(str) {\n return string_to_bytes(local_atob(str));\n}\nexport function bytes_to_string(bytes, utf8 = false) {\n var len = bytes.length, chars = new Array(len);\n for (var i = 0, j = 0; i < len; i++) {\n var b = bytes[i];\n if (!utf8 || b < 128) {\n chars[j++] = b;\n }\n else if (b >= 192 && b < 224 && i + 1 < len) {\n chars[j++] = ((b & 0x1f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 224 && b < 240 && i + 2 < len) {\n chars[j++] = ((b & 0xf) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n }\n else if (b >= 240 && b < 248 && i + 3 < len) {\n var c = ((b & 7) << 18) | ((bytes[++i] & 0x3f) << 12) | ((bytes[++i] & 0x3f) << 6) | (bytes[++i] & 0x3f);\n if (c <= 0xffff) {\n chars[j++] = c;\n }\n else {\n c ^= 0x10000;\n chars[j++] = 0xd800 | (c >> 10);\n chars[j++] = 0xdc00 | (c & 0x3ff);\n }\n }\n else {\n throw new Error('Malformed UTF8 character at byte offset ' + i);\n }\n }\n var str = '', bs = 16384;\n for (var i = 0; i < j; i += bs) {\n str += String.fromCharCode.apply(String, chars.slice(i, i + bs <= j ? i + bs : j));\n }\n return str;\n}\nexport function bytes_to_hex(arr) {\n var str = '';\n for (var i = 0; i < arr.length; i++) {\n var h = (arr[i] & 0xff).toString(16);\n if (h.length < 2)\n str += '0';\n str += h;\n }\n return str;\n}\nexport function bytes_to_base64(arr) {\n return local_btoa(bytes_to_string(arr));\n}\nexport function pow2_ceil(a) {\n a -= 1;\n a |= a >>> 1;\n a |= a >>> 2;\n a |= a >>> 4;\n a |= a >>> 8;\n a |= a >>> 16;\n a += 1;\n return a;\n}\nexport function is_number(a) {\n return typeof a === 'number';\n}\nexport function is_string(a) {\n return typeof a === 'string';\n}\nexport function is_buffer(a) {\n return a instanceof ArrayBuffer;\n}\nexport function is_bytes(a) {\n return a instanceof Uint8Array;\n}\nexport function is_typed_array(a) {\n return (a instanceof Int8Array ||\n a instanceof Uint8Array ||\n a instanceof Int16Array ||\n a instanceof Uint16Array ||\n a instanceof Int32Array ||\n a instanceof Uint32Array ||\n a instanceof Float32Array ||\n a instanceof Float64Array);\n}\nexport function _heap_init(heap, heapSize) {\n const size = heap ? heap.byteLength : heapSize || 65536;\n if (size & 0xfff || size <= 0)\n throw new Error('heap size must be a positive integer and a multiple of 4096');\n heap = heap || new Uint8Array(new ArrayBuffer(size));\n return heap;\n}\nexport function _heap_write(heap, hpos, data, dpos, dlen) {\n const hlen = heap.length - hpos;\n const wlen = hlen < dlen ? hlen : dlen;\n heap.set(data.subarray(dpos, dpos + wlen), hpos);\n return wlen;\n}\nexport function joinBytes(...arg) {\n const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0);\n const ret = new Uint8Array(totalLenght);\n let cursor = 0;\n for (let i = 0; i < arg.length; i++) {\n ret.set(arg[i], cursor);\n cursor += arg[i].length;\n }\n return ret;\n}\n","export class IllegalStateError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalStateError' } });\n }\n}\nexport class IllegalArgumentError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'IllegalArgumentError' } });\n }\n}\nexport class SecurityError extends Error {\n constructor(...args) {\n super(...args);\n Object.create(Error.prototype, { name: { value: 'SecurityError' } });\n }\n}\n","import { AES_asm } from './aes.asm';\nimport { _heap_init, _heap_write, is_bytes } from '../other/utils';\nimport { IllegalArgumentError, SecurityError } from '../other/errors';\nconst heap_pool = [];\nconst asm_pool = [];\nexport class AES {\n constructor(key, iv, padding = true, mode, heap, asm) {\n this.pos = 0;\n this.len = 0;\n this.mode = mode;\n // The AES object state\n this.pos = 0;\n this.len = 0;\n this.key = key;\n this.iv = iv;\n this.padding = padding;\n // The AES \"worker\"\n this.acquire_asm(heap, asm);\n }\n acquire_asm(heap, asm) {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA);\n this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer);\n this.reset(this.key, this.iv);\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n reset(key, iv) {\n const { asm } = this.acquire_asm();\n // Key\n const keylen = key.length;\n if (keylen !== 16 && keylen !== 24 && keylen !== 32)\n throw new IllegalArgumentError('illegal key size');\n const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength);\n asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0);\n // IV\n if (iv !== undefined) {\n if (iv.length !== 16)\n throw new IllegalArgumentError('illegal iv size');\n let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12));\n }\n else {\n asm.set_iv(0, 0, 0, 0);\n }\n }\n AES_Encrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n let result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Encrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.ENC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let plen = 16 - (len % 16);\n let rlen = len;\n if (this.hasOwnProperty('padding')) {\n if (this.padding) {\n for (let p = 0; p < plen; ++p) {\n heap[pos + len + p] = plen;\n }\n len += plen;\n rlen = len;\n }\n else if (len % 16) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n }\n else {\n len += plen;\n }\n const result = new Uint8Array(rlen);\n if (len)\n asm.cipher(amode, hpos + pos, len);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n AES_Decrypt_process(data) {\n if (!is_bytes(data))\n throw new TypeError(\"data isn't of expected type\");\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let dpos = 0;\n let dlen = data.length || 0;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let plen = 0;\n let wlen = 0;\n if (this.padding) {\n plen = len + dlen - rlen || 16;\n rlen -= plen;\n }\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0));\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.pos = pos;\n this.len = len;\n return result;\n }\n AES_Decrypt_finish() {\n let { heap, asm } = this.acquire_asm();\n let amode = AES_asm.DEC[this.mode];\n let hpos = AES_asm.HEAP_DATA;\n let pos = this.pos;\n let len = this.len;\n let rlen = len;\n if (len > 0) {\n if (len % 16) {\n if (this.hasOwnProperty('padding')) {\n throw new IllegalArgumentError('data length must be a multiple of the block size');\n }\n else {\n len += 16 - (len % 16);\n }\n }\n asm.cipher(amode, hpos + pos, len);\n if (this.hasOwnProperty('padding') && this.padding) {\n let pad = heap[pos + rlen - 1];\n if (pad < 1 || pad > 16 || pad > rlen)\n throw new SecurityError('bad padding');\n let pcheck = 0;\n for (let i = pad; i > 1; i--)\n pcheck |= pad ^ heap[pos + rlen - i];\n if (pcheck)\n throw new SecurityError('bad padding');\n rlen -= pad;\n }\n }\n const result = new Uint8Array(rlen);\n if (rlen > 0) {\n result.set(heap.subarray(pos, pos + rlen));\n }\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return result;\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_ECB {\n static encrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).encrypt(data);\n }\n static decrypt(data, key, padding = false) {\n return new AES_ECB(key, padding).decrypt(data);\n }\n constructor(key, padding = false, aes) {\n this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import { AES_ECB } from '@openpgp/asmcrypto.js/dist_es8/aes/ecb';\n\n/**\n * Javascript AES implementation.\n * This is used as fallback if the native Crypto APIs are not available.\n */\nfunction aes(length) {\n const C = function(key) {\n const aesECB = new AES_ECB(key);\n\n this.encrypt = function(block) {\n return aesECB.encrypt(block);\n };\n\n this.decrypt = function(block) {\n return aesECB.decrypt(block);\n };\n };\n\n C.blockSize = C.prototype.blockSize = 16;\n C.keySize = C.prototype.keySize = length / 8;\n\n return C;\n}\n\nexport default aes;\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * @fileoverview Symmetric cryptography functions\n * @module crypto/cipher\n * @private\n */\n\nimport aes from './aes';\nimport { DES, TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TF from './twofish';\nimport BF from './blowfish';\n\n/**\n * AES-128 encryption and decryption (ID 7)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes128 = aes(128);\n/**\n * AES-128 Block Cipher (ID 8)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes192 = aes(192);\n/**\n * AES-128 Block Cipher (ID 9)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197}\n * @returns {Object}\n */\nexport const aes256 = aes(256);\n// Not in OpenPGP specifications\nexport const des = DES;\n/**\n * Triple DES Block Cipher (ID 2)\n * @function\n * @param {String} key - 192-bit key\n * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67}\n * @returns {Object}\n */\nexport const tripledes = TripleDES;\n/**\n * CAST-128 Block Cipher (ID 3)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm}\n * @returns {Object}\n */\nexport const cast5 = CAST5;\n/**\n * Twofish Block Cipher (ID 10)\n * @function\n * @param {String} key - 256-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH}\n * @returns {Object}\n */\nexport const twofish = TF;\n/**\n * Blowfish Block Cipher (ID 4)\n * @function\n * @param {String} key - 128-bit key\n * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH}\n * @returns {Object}\n */\nexport const blowfish = BF;\n/**\n * Not implemented\n * @function\n * @throws {Error}\n */\nexport const idea = function() {\n throw new Error('IDEA symmetric-key algorithm not implemented');\n};\n","export var sha1_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0,\n w16 = 0, w17 = 0, w18 = 0, w19 = 0,\n w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0,\n w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0,\n w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0,\n w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0,\n w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0,\n w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n\n // 0\n t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 1\n t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 2\n t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 3\n t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 4\n t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 5\n t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 6\n t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 7\n t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 8\n t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 9\n t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 10\n t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 11\n t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 12\n t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 13\n t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 14\n t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 15\n t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 16\n n = w13 ^ w8 ^ w2 ^ w0;\n w16 = (n << 1) | (n >>> 31);\n t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 17\n n = w14 ^ w9 ^ w3 ^ w1;\n w17 = (n << 1) | (n >>> 31);\n t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 18\n n = w15 ^ w10 ^ w4 ^ w2;\n w18 = (n << 1) | (n >>> 31);\n t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 19\n n = w16 ^ w11 ^ w5 ^ w3;\n w19 = (n << 1) | (n >>> 31);\n t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 20\n n = w17 ^ w12 ^ w6 ^ w4;\n w20 = (n << 1) | (n >>> 31);\n t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 21\n n = w18 ^ w13 ^ w7 ^ w5;\n w21 = (n << 1) | (n >>> 31);\n t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 22\n n = w19 ^ w14 ^ w8 ^ w6;\n w22 = (n << 1) | (n >>> 31);\n t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 23\n n = w20 ^ w15 ^ w9 ^ w7;\n w23 = (n << 1) | (n >>> 31);\n t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 24\n n = w21 ^ w16 ^ w10 ^ w8;\n w24 = (n << 1) | (n >>> 31);\n t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 25\n n = w22 ^ w17 ^ w11 ^ w9;\n w25 = (n << 1) | (n >>> 31);\n t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 26\n n = w23 ^ w18 ^ w12 ^ w10;\n w26 = (n << 1) | (n >>> 31);\n t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 27\n n = w24 ^ w19 ^ w13 ^ w11;\n w27 = (n << 1) | (n >>> 31);\n t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 28\n n = w25 ^ w20 ^ w14 ^ w12;\n w28 = (n << 1) | (n >>> 31);\n t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 29\n n = w26 ^ w21 ^ w15 ^ w13;\n w29 = (n << 1) | (n >>> 31);\n t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 30\n n = w27 ^ w22 ^ w16 ^ w14;\n w30 = (n << 1) | (n >>> 31);\n t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 31\n n = w28 ^ w23 ^ w17 ^ w15;\n w31 = (n << 1) | (n >>> 31);\n t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 32\n n = w29 ^ w24 ^ w18 ^ w16;\n w32 = (n << 1) | (n >>> 31);\n t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 33\n n = w30 ^ w25 ^ w19 ^ w17;\n w33 = (n << 1) | (n >>> 31);\n t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 34\n n = w31 ^ w26 ^ w20 ^ w18;\n w34 = (n << 1) | (n >>> 31);\n t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 35\n n = w32 ^ w27 ^ w21 ^ w19;\n w35 = (n << 1) | (n >>> 31);\n t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 36\n n = w33 ^ w28 ^ w22 ^ w20;\n w36 = (n << 1) | (n >>> 31);\n t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 37\n n = w34 ^ w29 ^ w23 ^ w21;\n w37 = (n << 1) | (n >>> 31);\n t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 38\n n = w35 ^ w30 ^ w24 ^ w22;\n w38 = (n << 1) | (n >>> 31);\n t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 39\n n = w36 ^ w31 ^ w25 ^ w23;\n w39 = (n << 1) | (n >>> 31);\n t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 40\n n = w37 ^ w32 ^ w26 ^ w24;\n w40 = (n << 1) | (n >>> 31);\n t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 41\n n = w38 ^ w33 ^ w27 ^ w25;\n w41 = (n << 1) | (n >>> 31);\n t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 42\n n = w39 ^ w34 ^ w28 ^ w26;\n w42 = (n << 1) | (n >>> 31);\n t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 43\n n = w40 ^ w35 ^ w29 ^ w27;\n w43 = (n << 1) | (n >>> 31);\n t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 44\n n = w41 ^ w36 ^ w30 ^ w28;\n w44 = (n << 1) | (n >>> 31);\n t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 45\n n = w42 ^ w37 ^ w31 ^ w29;\n w45 = (n << 1) | (n >>> 31);\n t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 46\n n = w43 ^ w38 ^ w32 ^ w30;\n w46 = (n << 1) | (n >>> 31);\n t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 47\n n = w44 ^ w39 ^ w33 ^ w31;\n w47 = (n << 1) | (n >>> 31);\n t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 48\n n = w45 ^ w40 ^ w34 ^ w32;\n w48 = (n << 1) | (n >>> 31);\n t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 49\n n = w46 ^ w41 ^ w35 ^ w33;\n w49 = (n << 1) | (n >>> 31);\n t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 50\n n = w47 ^ w42 ^ w36 ^ w34;\n w50 = (n << 1) | (n >>> 31);\n t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 51\n n = w48 ^ w43 ^ w37 ^ w35;\n w51 = (n << 1) | (n >>> 31);\n t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 52\n n = w49 ^ w44 ^ w38 ^ w36;\n w52 = (n << 1) | (n >>> 31);\n t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 53\n n = w50 ^ w45 ^ w39 ^ w37;\n w53 = (n << 1) | (n >>> 31);\n t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 54\n n = w51 ^ w46 ^ w40 ^ w38;\n w54 = (n << 1) | (n >>> 31);\n t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 55\n n = w52 ^ w47 ^ w41 ^ w39;\n w55 = (n << 1) | (n >>> 31);\n t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 56\n n = w53 ^ w48 ^ w42 ^ w40;\n w56 = (n << 1) | (n >>> 31);\n t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 57\n n = w54 ^ w49 ^ w43 ^ w41;\n w57 = (n << 1) | (n >>> 31);\n t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 58\n n = w55 ^ w50 ^ w44 ^ w42;\n w58 = (n << 1) | (n >>> 31);\n t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 59\n n = w56 ^ w51 ^ w45 ^ w43;\n w59 = (n << 1) | (n >>> 31);\n t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 60\n n = w57 ^ w52 ^ w46 ^ w44;\n w60 = (n << 1) | (n >>> 31);\n t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 61\n n = w58 ^ w53 ^ w47 ^ w45;\n w61 = (n << 1) | (n >>> 31);\n t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 62\n n = w59 ^ w54 ^ w48 ^ w46;\n w62 = (n << 1) | (n >>> 31);\n t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 63\n n = w60 ^ w55 ^ w49 ^ w47;\n w63 = (n << 1) | (n >>> 31);\n t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 64\n n = w61 ^ w56 ^ w50 ^ w48;\n w64 = (n << 1) | (n >>> 31);\n t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 65\n n = w62 ^ w57 ^ w51 ^ w49;\n w65 = (n << 1) | (n >>> 31);\n t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 66\n n = w63 ^ w58 ^ w52 ^ w50;\n w66 = (n << 1) | (n >>> 31);\n t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 67\n n = w64 ^ w59 ^ w53 ^ w51;\n w67 = (n << 1) | (n >>> 31);\n t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 68\n n = w65 ^ w60 ^ w54 ^ w52;\n w68 = (n << 1) | (n >>> 31);\n t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 69\n n = w66 ^ w61 ^ w55 ^ w53;\n w69 = (n << 1) | (n >>> 31);\n t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 70\n n = w67 ^ w62 ^ w56 ^ w54;\n w70 = (n << 1) | (n >>> 31);\n t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 71\n n = w68 ^ w63 ^ w57 ^ w55;\n w71 = (n << 1) | (n >>> 31);\n t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 72\n n = w69 ^ w64 ^ w58 ^ w56;\n w72 = (n << 1) | (n >>> 31);\n t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 73\n n = w70 ^ w65 ^ w59 ^ w57;\n w73 = (n << 1) | (n >>> 31);\n t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 74\n n = w71 ^ w66 ^ w60 ^ w58;\n w74 = (n << 1) | (n >>> 31);\n t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 75\n n = w72 ^ w67 ^ w61 ^ w59;\n w75 = (n << 1) | (n >>> 31);\n t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 76\n n = w73 ^ w68 ^ w62 ^ w60;\n w76 = (n << 1) | (n >>> 31);\n t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 77\n n = w74 ^ w69 ^ w63 ^ w61;\n w77 = (n << 1) | (n >>> 31);\n t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 78\n n = w75 ^ w70 ^ w64 ^ w62;\n w78 = (n << 1) | (n >>> 31);\n t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n // 79\n n = w76 ^ w71 ^ w65 ^ w63;\n w79 = (n << 1) | (n >>> 31);\n t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0;\n e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n }\n\n function reset () {\n H0 = 0x67452301;\n H1 = 0xefcdab89;\n H2 = 0x98badcfe;\n H3 = 0x10325476;\n H4 = 0xc3d2e1f0;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA1\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA1\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA1\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","import { _heap_write } from '../other/utils';\nimport { IllegalStateError } from '../other/errors';\nexport class Hash {\n constructor() {\n this.pos = 0;\n this.len = 0;\n }\n reset() {\n const { asm } = this.acquire_asm();\n this.result = null;\n this.pos = 0;\n this.len = 0;\n asm.reset();\n return this;\n }\n process(data) {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n let hpos = this.pos;\n let hlen = this.len;\n let dpos = 0;\n let dlen = data.length;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen);\n hlen += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.process(hpos, hlen);\n hpos += wlen;\n hlen -= wlen;\n if (!hlen)\n hpos = 0;\n }\n this.pos = hpos;\n this.len = hlen;\n return this;\n }\n finish() {\n if (this.result !== null)\n throw new IllegalStateError('state must be reset before processing new data');\n const { asm, heap } = this.acquire_asm();\n asm.finish(this.pos, this.len, 0);\n this.result = new Uint8Array(this.HASH_SIZE);\n this.result.set(heap.subarray(0, this.HASH_SIZE));\n this.pos = 0;\n this.len = 0;\n this.release_asm();\n return this;\n }\n}\n","import { sha1_asm } from './sha1.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha1_block_size = 64;\nexport const _sha1_hash_size = 20;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha1 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha1';\n this.BLOCK_SIZE = _sha1_block_size;\n this.HASH_SIZE = _sha1_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha1().process(data).finish().result;\n }\n}\nSha1.NAME = 'sha1';\nSha1.heap_pool = [];\nSha1.asm_pool = [];\nSha1.asm_function = sha1_asm;\n","import { sha256_asm } from './sha256.asm';\nimport { Hash } from '../hash';\nimport { _heap_init } from '../../other/utils';\nexport const _sha256_block_size = 64;\nexport const _sha256_hash_size = 32;\nconst heap_pool = [];\nconst asm_pool = [];\nexport class Sha256 extends Hash {\n constructor() {\n super();\n this.NAME = 'sha256';\n this.BLOCK_SIZE = _sha256_block_size;\n this.HASH_SIZE = _sha256_hash_size;\n this.acquire_asm();\n }\n acquire_asm() {\n if (this.heap === undefined || this.asm === undefined) {\n this.heap = heap_pool.pop() || _heap_init();\n this.asm = asm_pool.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer);\n this.reset();\n }\n return { heap: this.heap, asm: this.asm };\n }\n release_asm() {\n if (this.heap !== undefined && this.asm !== undefined) {\n heap_pool.push(this.heap);\n asm_pool.push(this.asm);\n }\n this.heap = undefined;\n this.asm = undefined;\n }\n static bytes(data) {\n return new Sha256().process(data).finish().result;\n }\n}\nSha256.NAME = 'sha256';\n","export var sha256_asm = function ( stdlib, foreign, buffer ) {\n \"use asm\";\n\n // SHA256 state\n var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0,\n TOTAL0 = 0, TOTAL1 = 0;\n\n // HMAC state\n var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0,\n O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;\n\n // I/O buffer\n var HEAP = new stdlib.Uint8Array(buffer);\n\n function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) {\n w0 = w0|0;\n w1 = w1|0;\n w2 = w2|0;\n w3 = w3|0;\n w4 = w4|0;\n w5 = w5|0;\n w6 = w6|0;\n w7 = w7|0;\n w8 = w8|0;\n w9 = w9|0;\n w10 = w10|0;\n w11 = w11|0;\n w12 = w12|0;\n w13 = w13|0;\n w14 = w14|0;\n w15 = w15|0;\n\n var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0;\n\n a = H0;\n b = H1;\n c = H2;\n d = H3;\n e = H4;\n f = H5;\n g = H6;\n h = H7;\n \n // 0\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 1\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 2\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 3\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 4\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 5\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 6\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 7\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 8\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 9\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 10\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 11\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 12\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 13\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 14\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 15\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 16\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 17\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 18\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 19\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 20\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 21\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 22\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 23\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 24\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 25\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 26\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 27\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 28\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 29\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 30\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 31\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 32\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 33\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 34\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 35\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 36\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 37\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 38\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 39\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 40\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 41\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 42\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 43\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 44\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 45\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 46\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 47\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 48\n w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0;\n h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 49\n w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0;\n g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 50\n w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0;\n f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 51\n w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0;\n e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 52\n w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0;\n d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 53\n w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0;\n c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 54\n w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0;\n b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 55\n w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0;\n a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n // 56\n w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0;\n h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0;\n d = ( d + h )|0;\n h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0;\n\n // 57\n w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0;\n g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0;\n c = ( c + g )|0;\n g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0;\n\n // 58\n w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0;\n f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0;\n b = ( b + f )|0;\n f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0;\n\n // 59\n w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0;\n e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0;\n a = ( a + e )|0;\n e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0;\n\n // 60\n w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0;\n d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0;\n h = ( h + d )|0;\n d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0;\n\n // 61\n w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0;\n c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0;\n g = ( g + c )|0;\n c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0;\n\n // 62\n w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0;\n b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0;\n f = ( f + b )|0;\n b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0;\n\n // 63\n w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0;\n a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0;\n e = ( e + a )|0;\n a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0;\n\n H0 = ( H0 + a )|0;\n H1 = ( H1 + b )|0;\n H2 = ( H2 + c )|0;\n H3 = ( H3 + d )|0;\n H4 = ( H4 + e )|0;\n H5 = ( H5 + f )|0;\n H6 = ( H6 + g )|0;\n H7 = ( H7 + h )|0;\n }\n\n function _core_heap ( offset ) {\n offset = offset|0;\n\n _core(\n HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3],\n HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7],\n HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11],\n HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15],\n HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19],\n HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23],\n HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27],\n HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31],\n HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35],\n HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39],\n HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43],\n HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47],\n HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51],\n HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55],\n HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59],\n HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63]\n );\n }\n\n // offset — multiple of 32\n function _state_to_heap ( output ) {\n output = output|0;\n\n HEAP[output|0] = H0>>>24;\n HEAP[output|1] = H0>>>16&255;\n HEAP[output|2] = H0>>>8&255;\n HEAP[output|3] = H0&255;\n HEAP[output|4] = H1>>>24;\n HEAP[output|5] = H1>>>16&255;\n HEAP[output|6] = H1>>>8&255;\n HEAP[output|7] = H1&255;\n HEAP[output|8] = H2>>>24;\n HEAP[output|9] = H2>>>16&255;\n HEAP[output|10] = H2>>>8&255;\n HEAP[output|11] = H2&255;\n HEAP[output|12] = H3>>>24;\n HEAP[output|13] = H3>>>16&255;\n HEAP[output|14] = H3>>>8&255;\n HEAP[output|15] = H3&255;\n HEAP[output|16] = H4>>>24;\n HEAP[output|17] = H4>>>16&255;\n HEAP[output|18] = H4>>>8&255;\n HEAP[output|19] = H4&255;\n HEAP[output|20] = H5>>>24;\n HEAP[output|21] = H5>>>16&255;\n HEAP[output|22] = H5>>>8&255;\n HEAP[output|23] = H5&255;\n HEAP[output|24] = H6>>>24;\n HEAP[output|25] = H6>>>16&255;\n HEAP[output|26] = H6>>>8&255;\n HEAP[output|27] = H6&255;\n HEAP[output|28] = H7>>>24;\n HEAP[output|29] = H7>>>16&255;\n HEAP[output|30] = H7>>>8&255;\n HEAP[output|31] = H7&255;\n }\n\n function reset () {\n H0 = 0x6a09e667;\n H1 = 0xbb67ae85;\n H2 = 0x3c6ef372;\n H3 = 0xa54ff53a;\n H4 = 0x510e527f;\n H5 = 0x9b05688c;\n H6 = 0x1f83d9ab;\n H7 = 0x5be0cd19;\n TOTAL0 = TOTAL1 = 0;\n }\n\n function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) {\n h0 = h0|0;\n h1 = h1|0;\n h2 = h2|0;\n h3 = h3|0;\n h4 = h4|0;\n h5 = h5|0;\n h6 = h6|0;\n h7 = h7|0;\n total0 = total0|0;\n total1 = total1|0;\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n TOTAL0 = total0;\n TOTAL1 = total1;\n }\n\n // offset — multiple of 64\n function process ( offset, length ) {\n offset = offset|0;\n length = length|0;\n\n var hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n while ( (length|0) >= 64 ) {\n _core_heap(offset);\n\n offset = ( offset + 64 )|0;\n length = ( length - 64 )|0;\n\n hashed = ( hashed + 64 )|0;\n }\n\n TOTAL0 = ( TOTAL0 + hashed )|0;\n if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n return hashed|0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var hashed = 0,\n i = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n if ( (length|0) >= 64 ) {\n hashed = process( offset, length )|0;\n if ( (hashed|0) == -1 )\n return -1;\n\n offset = ( offset + hashed )|0;\n length = ( length - hashed )|0;\n }\n\n hashed = ( hashed + length )|0;\n TOTAL0 = ( TOTAL0 + length )|0;\n if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0;\n\n HEAP[offset|length] = 0x80;\n\n if ( (length|0) >= 56 ) {\n for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 )\n HEAP[offset|i] = 0x00;\n\n _core_heap(offset);\n\n length = 0;\n\n HEAP[offset|0] = 0;\n }\n\n for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 )\n HEAP[offset|i] = 0;\n\n HEAP[offset|56] = TOTAL1>>>21&255;\n HEAP[offset|57] = TOTAL1>>>13&255;\n HEAP[offset|58] = TOTAL1>>>5&255;\n HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29;\n HEAP[offset|60] = TOTAL0>>>21&255;\n HEAP[offset|61] = TOTAL0>>>13&255;\n HEAP[offset|62] = TOTAL0>>>5&255;\n HEAP[offset|63] = TOTAL0<<3&255;\n _core_heap(offset);\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n function hmac_reset () {\n H0 = I0;\n H1 = I1;\n H2 = I2;\n H3 = I3;\n H4 = I4;\n H5 = I5;\n H6 = I6;\n H7 = I7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function _hmac_opad () {\n H0 = O0;\n H1 = O1;\n H2 = O2;\n H3 = O3;\n H4 = O4;\n H5 = O5;\n H6 = O6;\n H7 = O7;\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) {\n p0 = p0|0;\n p1 = p1|0;\n p2 = p2|0;\n p3 = p3|0;\n p4 = p4|0;\n p5 = p5|0;\n p6 = p6|0;\n p7 = p7|0;\n p8 = p8|0;\n p9 = p9|0;\n p10 = p10|0;\n p11 = p11|0;\n p12 = p12|0;\n p13 = p13|0;\n p14 = p14|0;\n p15 = p15|0;\n\n // opad\n reset();\n _core(\n p0 ^ 0x5c5c5c5c,\n p1 ^ 0x5c5c5c5c,\n p2 ^ 0x5c5c5c5c,\n p3 ^ 0x5c5c5c5c,\n p4 ^ 0x5c5c5c5c,\n p5 ^ 0x5c5c5c5c,\n p6 ^ 0x5c5c5c5c,\n p7 ^ 0x5c5c5c5c,\n p8 ^ 0x5c5c5c5c,\n p9 ^ 0x5c5c5c5c,\n p10 ^ 0x5c5c5c5c,\n p11 ^ 0x5c5c5c5c,\n p12 ^ 0x5c5c5c5c,\n p13 ^ 0x5c5c5c5c,\n p14 ^ 0x5c5c5c5c,\n p15 ^ 0x5c5c5c5c\n );\n O0 = H0;\n O1 = H1;\n O2 = H2;\n O3 = H3;\n O4 = H4;\n O5 = H5;\n O6 = H6;\n O7 = H7;\n\n // ipad\n reset();\n _core(\n p0 ^ 0x36363636,\n p1 ^ 0x36363636,\n p2 ^ 0x36363636,\n p3 ^ 0x36363636,\n p4 ^ 0x36363636,\n p5 ^ 0x36363636,\n p6 ^ 0x36363636,\n p7 ^ 0x36363636,\n p8 ^ 0x36363636,\n p9 ^ 0x36363636,\n p10 ^ 0x36363636,\n p11 ^ 0x36363636,\n p12 ^ 0x36363636,\n p13 ^ 0x36363636,\n p14 ^ 0x36363636,\n p15 ^ 0x36363636\n );\n I0 = H0;\n I1 = H1;\n I2 = H2;\n I3 = H3;\n I4 = H4;\n I5 = H5;\n I6 = H6;\n I7 = H7;\n\n TOTAL0 = 64;\n TOTAL1 = 0;\n }\n\n // offset — multiple of 64\n // output — multiple of 32\n function hmac_finish ( offset, length, output ) {\n offset = offset|0;\n length = length|0;\n output = output|0;\n\n var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n hashed = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n hashed = finish( offset, length, -1 )|0;\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n\n if ( ~output )\n _state_to_heap(output);\n\n return hashed|0;\n }\n\n // salt is assumed to be already processed\n // offset — multiple of 64\n // output — multiple of 32\n function pbkdf2_generate_block ( offset, length, block, count, output ) {\n offset = offset|0;\n length = length|0;\n block = block|0;\n count = count|0;\n output = output|0;\n\n var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;\n\n if ( offset & 63 )\n return -1;\n\n if ( ~output )\n if ( output & 31 )\n return -1;\n\n // pad block number into heap\n // FIXME probable OOB write\n HEAP[(offset+length)|0] = block>>>24;\n HEAP[(offset+length+1)|0] = block>>>16&255;\n HEAP[(offset+length+2)|0] = block>>>8&255;\n HEAP[(offset+length+3)|0] = block&255;\n\n // finish first iteration\n hmac_finish( offset, (length+4)|0, -1 )|0;\n h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7;\n count = (count-1)|0;\n\n // perform the rest iterations\n while ( (count|0) > 0 ) {\n hmac_reset();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n _hmac_opad();\n _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 );\n t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;\n\n h0 = h0 ^ H0;\n h1 = h1 ^ H1;\n h2 = h2 ^ H2;\n h3 = h3 ^ H3;\n h4 = h4 ^ H4;\n h5 = h5 ^ H5;\n h6 = h6 ^ H6;\n h7 = h7 ^ H7;\n\n count = (count-1)|0;\n }\n\n H0 = h0;\n H1 = h1;\n H2 = h2;\n H3 = h3;\n H4 = h4;\n H5 = h5;\n H6 = h6;\n H7 = h7;\n\n if ( ~output )\n _state_to_heap(output);\n\n return 0;\n }\n\n return {\n // SHA256\n reset: reset,\n init: init,\n process: process,\n finish: finish,\n\n // HMAC-SHA256\n hmac_reset: hmac_reset,\n hmac_init: hmac_init,\n hmac_finish: hmac_finish,\n\n // PBKDF2-HMAC-SHA256\n pbkdf2_generate_block: pbkdf2_generate_block\n }\n}\n","module.exports = assert;\n\nfunction assert(val, msg) {\n if (!val)\n throw new Error(msg || 'Assertion failed');\n}\n\nassert.equal = function assertEqual(l, r, msg) {\n if (l != r)\n throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));\n};\n","if (typeof Object.create === 'function') {\n // implementation from standard node.js 'util' module\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n ctor.prototype = Object.create(superCtor.prototype, {\n constructor: {\n value: ctor,\n enumerable: false,\n writable: true,\n configurable: true\n }\n });\n };\n} else {\n // old school shim for old browsers\n module.exports = function inherits(ctor, superCtor) {\n ctor.super_ = superCtor\n var TempCtor = function () {}\n TempCtor.prototype = superCtor.prototype\n ctor.prototype = new TempCtor()\n ctor.prototype.constructor = ctor\n }\n}\n","'use strict';\n\nvar assert = require('minimalistic-assert');\nvar inherits = require('inherits');\n\nexports.inherits = inherits;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg === 'string') {\n if (!enc) {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n } else if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n }\n } else {\n for (i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n }\n return res;\n}\nexports.toArray = toArray;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nexports.toHex = toHex;\n\nfunction htonl(w) {\n var res = (w >>> 24) |\n ((w >>> 8) & 0xff00) |\n ((w << 8) & 0xff0000) |\n ((w & 0xff) << 24);\n return res >>> 0;\n}\nexports.htonl = htonl;\n\nfunction toHex32(msg, endian) {\n var res = '';\n for (var i = 0; i < msg.length; i++) {\n var w = msg[i];\n if (endian === 'little')\n w = htonl(w);\n res += zero8(w.toString(16));\n }\n return res;\n}\nexports.toHex32 = toHex32;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nexports.zero2 = zero2;\n\nfunction zero8(word) {\n if (word.length === 7)\n return '0' + word;\n else if (word.length === 6)\n return '00' + word;\n else if (word.length === 5)\n return '000' + word;\n else if (word.length === 4)\n return '0000' + word;\n else if (word.length === 3)\n return '00000' + word;\n else if (word.length === 2)\n return '000000' + word;\n else if (word.length === 1)\n return '0000000' + word;\n else\n return word;\n}\nexports.zero8 = zero8;\n\nfunction join32(msg, start, end, endian) {\n var len = end - start;\n assert(len % 4 === 0);\n var res = new Array(len / 4);\n for (var i = 0, k = start; i < res.length; i++, k += 4) {\n var w;\n if (endian === 'big')\n w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];\n else\n w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];\n res[i] = w >>> 0;\n }\n return res;\n}\nexports.join32 = join32;\n\nfunction split32(msg, endian) {\n var res = new Array(msg.length * 4);\n for (var i = 0, k = 0; i < msg.length; i++, k += 4) {\n var m = msg[i];\n if (endian === 'big') {\n res[k] = m >>> 24;\n res[k + 1] = (m >>> 16) & 0xff;\n res[k + 2] = (m >>> 8) & 0xff;\n res[k + 3] = m & 0xff;\n } else {\n res[k + 3] = m >>> 24;\n res[k + 2] = (m >>> 16) & 0xff;\n res[k + 1] = (m >>> 8) & 0xff;\n res[k] = m & 0xff;\n }\n }\n return res;\n}\nexports.split32 = split32;\n\nfunction rotr32(w, b) {\n return (w >>> b) | (w << (32 - b));\n}\nexports.rotr32 = rotr32;\n\nfunction rotl32(w, b) {\n return (w << b) | (w >>> (32 - b));\n}\nexports.rotl32 = rotl32;\n\nfunction sum32(a, b) {\n return (a + b) >>> 0;\n}\nexports.sum32 = sum32;\n\nfunction sum32_3(a, b, c) {\n return (a + b + c) >>> 0;\n}\nexports.sum32_3 = sum32_3;\n\nfunction sum32_4(a, b, c, d) {\n return (a + b + c + d) >>> 0;\n}\nexports.sum32_4 = sum32_4;\n\nfunction sum32_5(a, b, c, d, e) {\n return (a + b + c + d + e) >>> 0;\n}\nexports.sum32_5 = sum32_5;\n\nfunction sum64(buf, pos, ah, al) {\n var bh = buf[pos];\n var bl = buf[pos + 1];\n\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n buf[pos] = hi >>> 0;\n buf[pos + 1] = lo;\n}\nexports.sum64 = sum64;\n\nfunction sum64_hi(ah, al, bh, bl) {\n var lo = (al + bl) >>> 0;\n var hi = (lo < al ? 1 : 0) + ah + bh;\n return hi >>> 0;\n}\nexports.sum64_hi = sum64_hi;\n\nfunction sum64_lo(ah, al, bh, bl) {\n var lo = al + bl;\n return lo >>> 0;\n}\nexports.sum64_lo = sum64_lo;\n\nfunction sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n\n var hi = ah + bh + ch + dh + carry;\n return hi >>> 0;\n}\nexports.sum64_4_hi = sum64_4_hi;\n\nfunction sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {\n var lo = al + bl + cl + dl;\n return lo >>> 0;\n}\nexports.sum64_4_lo = sum64_4_lo;\n\nfunction sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var carry = 0;\n var lo = al;\n lo = (lo + bl) >>> 0;\n carry += lo < al ? 1 : 0;\n lo = (lo + cl) >>> 0;\n carry += lo < cl ? 1 : 0;\n lo = (lo + dl) >>> 0;\n carry += lo < dl ? 1 : 0;\n lo = (lo + el) >>> 0;\n carry += lo < el ? 1 : 0;\n\n var hi = ah + bh + ch + dh + eh + carry;\n return hi >>> 0;\n}\nexports.sum64_5_hi = sum64_5_hi;\n\nfunction sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {\n var lo = al + bl + cl + dl + el;\n\n return lo >>> 0;\n}\nexports.sum64_5_lo = sum64_5_lo;\n\nfunction rotr64_hi(ah, al, num) {\n var r = (al << (32 - num)) | (ah >>> num);\n return r >>> 0;\n}\nexports.rotr64_hi = rotr64_hi;\n\nfunction rotr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.rotr64_lo = rotr64_lo;\n\nfunction shr64_hi(ah, al, num) {\n return ah >>> num;\n}\nexports.shr64_hi = shr64_hi;\n\nfunction shr64_lo(ah, al, num) {\n var r = (ah << (32 - num)) | (al >>> num);\n return r >>> 0;\n}\nexports.shr64_lo = shr64_lo;\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction BlockHash() {\n this.pending = null;\n this.pendingTotal = 0;\n this.blockSize = this.constructor.blockSize;\n this.outSize = this.constructor.outSize;\n this.hmacStrength = this.constructor.hmacStrength;\n this.padLength = this.constructor.padLength / 8;\n this.endian = 'big';\n\n this._delta8 = this.blockSize / 8;\n this._delta32 = this.blockSize / 32;\n}\nexports.BlockHash = BlockHash;\n\nBlockHash.prototype.update = function update(msg, enc) {\n // Convert message to array, pad it, and join into 32bit blocks\n msg = utils.toArray(msg, enc);\n if (!this.pending)\n this.pending = msg;\n else\n this.pending = this.pending.concat(msg);\n this.pendingTotal += msg.length;\n\n // Enough data, try updating\n if (this.pending.length >= this._delta8) {\n msg = this.pending;\n\n // Process pending data in blocks\n var r = msg.length % this._delta8;\n this.pending = msg.slice(msg.length - r, msg.length);\n if (this.pending.length === 0)\n this.pending = null;\n\n msg = utils.join32(msg, 0, msg.length - r, this.endian);\n for (var i = 0; i < msg.length; i += this._delta32)\n this._update(msg, i, i + this._delta32);\n }\n\n return this;\n};\n\nBlockHash.prototype.digest = function digest(enc) {\n this.update(this._pad());\n assert(this.pending === null);\n\n return this._digest(enc);\n};\n\nBlockHash.prototype._pad = function pad() {\n var len = this.pendingTotal;\n var bytes = this._delta8;\n var k = bytes - ((len + this.padLength) % bytes);\n var res = new Array(k + this.padLength);\n res[0] = 0x80;\n for (var i = 1; i < k; i++)\n res[i] = 0;\n\n // Append length\n len <<= 3;\n if (this.endian === 'big') {\n for (var t = 8; t < this.padLength; t++)\n res[i++] = 0;\n\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = len & 0xff;\n } else {\n res[i++] = len & 0xff;\n res[i++] = (len >>> 8) & 0xff;\n res[i++] = (len >>> 16) & 0xff;\n res[i++] = (len >>> 24) & 0xff;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n res[i++] = 0;\n\n for (t = 8; t < this.padLength; t++)\n res[i++] = 0;\n }\n\n return res;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar rotr32 = utils.rotr32;\n\nfunction ft_1(s, x, y, z) {\n if (s === 0)\n return ch32(x, y, z);\n if (s === 1 || s === 3)\n return p32(x, y, z);\n if (s === 2)\n return maj32(x, y, z);\n}\nexports.ft_1 = ft_1;\n\nfunction ch32(x, y, z) {\n return (x & y) ^ ((~x) & z);\n}\nexports.ch32 = ch32;\n\nfunction maj32(x, y, z) {\n return (x & y) ^ (x & z) ^ (y & z);\n}\nexports.maj32 = maj32;\n\nfunction p32(x, y, z) {\n return x ^ y ^ z;\n}\nexports.p32 = p32;\n\nfunction s0_256(x) {\n return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);\n}\nexports.s0_256 = s0_256;\n\nfunction s1_256(x) {\n return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);\n}\nexports.s1_256 = s1_256;\n\nfunction g0_256(x) {\n return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);\n}\nexports.g0_256 = g0_256;\n\nfunction g1_256(x) {\n return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);\n}\nexports.g1_256 = g1_256;\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\nvar assert = require('minimalistic-assert');\n\nvar sum32 = utils.sum32;\nvar sum32_4 = utils.sum32_4;\nvar sum32_5 = utils.sum32_5;\nvar ch32 = shaCommon.ch32;\nvar maj32 = shaCommon.maj32;\nvar s0_256 = shaCommon.s0_256;\nvar s1_256 = shaCommon.s1_256;\nvar g0_256 = shaCommon.g0_256;\nvar g1_256 = shaCommon.g1_256;\n\nvar BlockHash = common.BlockHash;\n\nvar sha256_K = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n];\n\nfunction SHA256() {\n if (!(this instanceof SHA256))\n return new SHA256();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,\n 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n ];\n this.k = sha256_K;\n this.W = new Array(64);\n}\nutils.inherits(SHA256, BlockHash);\nmodule.exports = SHA256;\n\nSHA256.blockSize = 512;\nSHA256.outSize = 256;\nSHA256.hmacStrength = 192;\nSHA256.padLength = 64;\n\nSHA256.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i++)\n W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n var f = this.h[5];\n var g = this.h[6];\n var h = this.h[7];\n\n assert(this.k.length === W.length);\n for (i = 0; i < W.length; i++) {\n var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);\n var T2 = sum32(s0_256(a), maj32(a, b, c));\n h = g;\n g = f;\n f = e;\n e = sum32(d, T1);\n d = c;\n c = b;\n b = a;\n a = sum32(T1, T2);\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n this.h[5] = sum32(this.h[5], f);\n this.h[6] = sum32(this.h[6], g);\n this.h[7] = sum32(this.h[7], h);\n};\n\nSHA256.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar SHA256 = require('./256');\n\nfunction SHA224() {\n if (!(this instanceof SHA224))\n return new SHA224();\n\n SHA256.call(this);\n this.h = [\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,\n 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];\n}\nutils.inherits(SHA224, SHA256);\nmodule.exports = SHA224;\n\nSHA224.blockSize = 512;\nSHA224.outSize = 224;\nSHA224.hmacStrength = 192;\nSHA224.padLength = 64;\n\nSHA224.prototype._digest = function digest(enc) {\n // Just truncate output\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 7), 'big');\n else\n return utils.split32(this.h.slice(0, 7), 'big');\n};\n\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar assert = require('minimalistic-assert');\n\nvar rotr64_hi = utils.rotr64_hi;\nvar rotr64_lo = utils.rotr64_lo;\nvar shr64_hi = utils.shr64_hi;\nvar shr64_lo = utils.shr64_lo;\nvar sum64 = utils.sum64;\nvar sum64_hi = utils.sum64_hi;\nvar sum64_lo = utils.sum64_lo;\nvar sum64_4_hi = utils.sum64_4_hi;\nvar sum64_4_lo = utils.sum64_4_lo;\nvar sum64_5_hi = utils.sum64_5_hi;\nvar sum64_5_lo = utils.sum64_5_lo;\n\nvar BlockHash = common.BlockHash;\n\nvar sha512_K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction SHA512() {\n if (!(this instanceof SHA512))\n return new SHA512();\n\n BlockHash.call(this);\n this.h = [\n 0x6a09e667, 0xf3bcc908,\n 0xbb67ae85, 0x84caa73b,\n 0x3c6ef372, 0xfe94f82b,\n 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1,\n 0x9b05688c, 0x2b3e6c1f,\n 0x1f83d9ab, 0xfb41bd6b,\n 0x5be0cd19, 0x137e2179 ];\n this.k = sha512_K;\n this.W = new Array(160);\n}\nutils.inherits(SHA512, BlockHash);\nmodule.exports = SHA512;\n\nSHA512.blockSize = 1024;\nSHA512.outSize = 512;\nSHA512.hmacStrength = 192;\nSHA512.padLength = 128;\n\nSHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {\n var W = this.W;\n\n // 32 x 32bit words\n for (var i = 0; i < 32; i++)\n W[i] = msg[start + i];\n for (; i < W.length; i += 2) {\n var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2\n var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);\n var c1_hi = W[i - 14]; // i - 7\n var c1_lo = W[i - 13];\n var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15\n var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);\n var c3_hi = W[i - 32]; // i - 16\n var c3_lo = W[i - 31];\n\n W[i] = sum64_4_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n W[i + 1] = sum64_4_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo);\n }\n};\n\nSHA512.prototype._update = function _update(msg, start) {\n this._prepareBlock(msg, start);\n\n var W = this.W;\n\n var ah = this.h[0];\n var al = this.h[1];\n var bh = this.h[2];\n var bl = this.h[3];\n var ch = this.h[4];\n var cl = this.h[5];\n var dh = this.h[6];\n var dl = this.h[7];\n var eh = this.h[8];\n var el = this.h[9];\n var fh = this.h[10];\n var fl = this.h[11];\n var gh = this.h[12];\n var gl = this.h[13];\n var hh = this.h[14];\n var hl = this.h[15];\n\n assert(this.k.length === W.length);\n for (var i = 0; i < W.length; i += 2) {\n var c0_hi = hh;\n var c0_lo = hl;\n var c1_hi = s1_512_hi(eh, el);\n var c1_lo = s1_512_lo(eh, el);\n var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);\n var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);\n var c3_hi = this.k[i];\n var c3_lo = this.k[i + 1];\n var c4_hi = W[i];\n var c4_lo = W[i + 1];\n\n var T1_hi = sum64_5_hi(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n var T1_lo = sum64_5_lo(\n c0_hi, c0_lo,\n c1_hi, c1_lo,\n c2_hi, c2_lo,\n c3_hi, c3_lo,\n c4_hi, c4_lo);\n\n c0_hi = s0_512_hi(ah, al);\n c0_lo = s0_512_lo(ah, al);\n c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);\n c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);\n\n var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);\n var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);\n\n hh = gh;\n hl = gl;\n\n gh = fh;\n gl = fl;\n\n fh = eh;\n fl = el;\n\n eh = sum64_hi(dh, dl, T1_hi, T1_lo);\n el = sum64_lo(dl, dl, T1_hi, T1_lo);\n\n dh = ch;\n dl = cl;\n\n ch = bh;\n cl = bl;\n\n bh = ah;\n bl = al;\n\n ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);\n al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);\n }\n\n sum64(this.h, 0, ah, al);\n sum64(this.h, 2, bh, bl);\n sum64(this.h, 4, ch, cl);\n sum64(this.h, 6, dh, dl);\n sum64(this.h, 8, eh, el);\n sum64(this.h, 10, fh, fl);\n sum64(this.h, 12, gh, gl);\n sum64(this.h, 14, hh, hl);\n};\n\nSHA512.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n\nfunction ch64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ ((~xh) & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction ch64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ ((~xl) & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_hi(xh, xl, yh, yl, zh) {\n var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction maj64_lo(xh, xl, yh, yl, zh, zl) {\n var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 28);\n var c1_hi = rotr64_hi(xl, xh, 2); // 34\n var c2_hi = rotr64_hi(xl, xh, 7); // 39\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 28);\n var c1_lo = rotr64_lo(xl, xh, 2); // 34\n var c2_lo = rotr64_lo(xl, xh, 7); // 39\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 14);\n var c1_hi = rotr64_hi(xh, xl, 18);\n var c2_hi = rotr64_hi(xl, xh, 9); // 41\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction s1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 14);\n var c1_lo = rotr64_lo(xh, xl, 18);\n var c2_lo = rotr64_lo(xl, xh, 9); // 41\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 1);\n var c1_hi = rotr64_hi(xh, xl, 8);\n var c2_hi = shr64_hi(xh, xl, 7);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g0_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 1);\n var c1_lo = rotr64_lo(xh, xl, 8);\n var c2_lo = shr64_lo(xh, xl, 7);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_hi(xh, xl) {\n var c0_hi = rotr64_hi(xh, xl, 19);\n var c1_hi = rotr64_hi(xl, xh, 29); // 61\n var c2_hi = shr64_hi(xh, xl, 6);\n\n var r = c0_hi ^ c1_hi ^ c2_hi;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n\nfunction g1_512_lo(xh, xl) {\n var c0_lo = rotr64_lo(xh, xl, 19);\n var c1_lo = rotr64_lo(xl, xh, 29); // 61\n var c2_lo = shr64_lo(xh, xl, 6);\n\n var r = c0_lo ^ c1_lo ^ c2_lo;\n if (r < 0)\n r += 0x100000000;\n return r;\n}\n","'use strict';\n\nvar utils = require('../utils');\n\nvar SHA512 = require('./512');\n\nfunction SHA384() {\n if (!(this instanceof SHA384))\n return new SHA384();\n\n SHA512.call(this);\n this.h = [\n 0xcbbb9d5d, 0xc1059ed8,\n 0x629a292a, 0x367cd507,\n 0x9159015a, 0x3070dd17,\n 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31,\n 0x8eb44a87, 0x68581511,\n 0xdb0c2e0d, 0x64f98fa7,\n 0x47b5481d, 0xbefa4fa4 ];\n}\nutils.inherits(SHA384, SHA512);\nmodule.exports = SHA384;\n\nSHA384.blockSize = 1024;\nSHA384.outSize = 384;\nSHA384.hmacStrength = 192;\nSHA384.padLength = 128;\n\nSHA384.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h.slice(0, 12), 'big');\n else\n return utils.split32(this.h.slice(0, 12), 'big');\n};\n","'use strict';\n\nvar utils = require('./utils');\nvar common = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_3 = utils.sum32_3;\nvar sum32_4 = utils.sum32_4;\nvar BlockHash = common.BlockHash;\n\nfunction RIPEMD160() {\n if (!(this instanceof RIPEMD160))\n return new RIPEMD160();\n\n BlockHash.call(this);\n\n this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];\n this.endian = 'little';\n}\nutils.inherits(RIPEMD160, BlockHash);\nexports.ripemd160 = RIPEMD160;\n\nRIPEMD160.blockSize = 512;\nRIPEMD160.outSize = 160;\nRIPEMD160.hmacStrength = 192;\nRIPEMD160.padLength = 64;\n\nRIPEMD160.prototype._update = function update(msg, start) {\n var A = this.h[0];\n var B = this.h[1];\n var C = this.h[2];\n var D = this.h[3];\n var E = this.h[4];\n var Ah = A;\n var Bh = B;\n var Ch = C;\n var Dh = D;\n var Eh = E;\n for (var j = 0; j < 80; j++) {\n var T = sum32(\n rotl32(\n sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),\n s[j]),\n E);\n A = E;\n E = D;\n D = rotl32(C, 10);\n C = B;\n B = T;\n T = sum32(\n rotl32(\n sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),\n sh[j]),\n Eh);\n Ah = Eh;\n Eh = Dh;\n Dh = rotl32(Ch, 10);\n Ch = Bh;\n Bh = T;\n }\n T = sum32_3(this.h[1], C, Dh);\n this.h[1] = sum32_3(this.h[2], D, Eh);\n this.h[2] = sum32_3(this.h[3], E, Ah);\n this.h[3] = sum32_3(this.h[4], A, Bh);\n this.h[4] = sum32_3(this.h[0], B, Ch);\n this.h[0] = T;\n};\n\nRIPEMD160.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'little');\n else\n return utils.split32(this.h, 'little');\n};\n\nfunction f(j, x, y, z) {\n if (j <= 15)\n return x ^ y ^ z;\n else if (j <= 31)\n return (x & y) | ((~x) & z);\n else if (j <= 47)\n return (x | (~y)) ^ z;\n else if (j <= 63)\n return (x & z) | (y & (~z));\n else\n return x ^ (y | (~z));\n}\n\nfunction K(j) {\n if (j <= 15)\n return 0x00000000;\n else if (j <= 31)\n return 0x5a827999;\n else if (j <= 47)\n return 0x6ed9eba1;\n else if (j <= 63)\n return 0x8f1bbcdc;\n else\n return 0xa953fd4e;\n}\n\nfunction Kh(j) {\n if (j <= 15)\n return 0x50a28be6;\n else if (j <= 31)\n return 0x5c4dd124;\n else if (j <= 47)\n return 0x6d703ef3;\n else if (j <= 63)\n return 0x7a6d76e9;\n else\n return 0x00000000;\n}\n\nvar r = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,\n 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,\n 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,\n 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13\n];\n\nvar rh = [\n 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,\n 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,\n 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,\n 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,\n 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11\n];\n\nvar s = [\n 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,\n 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,\n 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,\n 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,\n 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6\n];\n\nvar sh = [\n 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,\n 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,\n 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,\n 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,\n 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11\n];\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n * @private\n */\n\nimport { Sha1 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha1/sha1';\nimport { Sha256 } from '@openpgp/asmcrypto.js/dist_es8/hash/sha256/sha256';\nimport sha224 from 'hash.js/lib/hash/sha/224';\nimport sha384 from 'hash.js/lib/hash/sha/384';\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport { ripemd160 } from 'hash.js/lib/hash/ripemd';\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport defaultConfig from '../../config';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction hashjsHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n }\n const hashInstance = hash();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => new Uint8Array(hashInstance.digest()));\n };\n}\n\nfunction asmcryptoHash(hash, webCryptoHash) {\n return async function(data, config = defaultConfig) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hashInstance = new hash();\n return stream.transform(data, value => {\n hashInstance.process(value);\n }, () => hashInstance.finish().result);\n } else if (webCrypto && webCryptoHash && data.length >= config.minBytesForWebCrypto) {\n return new Uint8Array(await webCrypto.digest(webCryptoHash, data));\n } else {\n return hash.bytes(data);\n }\n };\n}\n\nconst hashFunctions = {\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'),\n sha224: nodeHash('sha224') || hashjsHash(sha224),\n sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'),\n sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),\n sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.\n ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)\n};\n\nexport default {\n\n /** @see module:md5 */\n md5: hashFunctions.md5,\n /** @see asmCrypto */\n sha1: hashFunctions.sha1,\n /** @see hash.js */\n sha224: hashFunctions.sha224,\n /** @see asmCrypto */\n sha256: hashFunctions.sha256,\n /** @see hash.js */\n sha384: hashFunctions.sha384,\n /** @see asmCrypto */\n sha512: hashFunctions.sha512,\n /** @see hash.js */\n ripemd: hashFunctions.ripemd,\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n default:\n throw new Error('Invalid hash function.');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CFB {\n static encrypt(data, key, iv) {\n return new AES_CFB(key, iv).encrypt(data);\n }\n static decrypt(data, key, iv) {\n return new AES_CFB(key, iv).decrypt(data);\n }\n constructor(key, iv, aes) {\n this.aes = aes ? aes : new AES(key, iv, true, 'CFB');\n delete this.aes.padding;\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","import * as cipher from '.';\nimport enums from '../../enums';\n\n/**\n * Get implementation of the given cipher\n * @param {enums.symmetric} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport default function getCipher(algo) {\n const algoName = enums.read(enums.symmetric, algo);\n return cipher[algoName];\n}\n","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n * @private\n */\n\nimport { AES_CFB } from '@openpgp/asmcrypto.js/dist_es8/aes/cfb';\nimport * as stream from '@openpgp/web-stream-tools';\nimport getCipher from '../cipher/getCipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const Cipher = getCipher(algo);\n const cipherfn = new Cipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nfunction aesEncrypt(algo, key, pt, iv, config) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support\n !util.isStream(pt) &&\n pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2\n ) { // Web Crypto\n return webEncrypt(algo, key, pt, iv);\n }\n // asm.js fallback\n const cfb = new AES_CFB(key, iv);\n return stream.transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish());\n}\n\nfunction aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new AES_CFB(key, iv);\n return stream.transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish());\n }\n return AES_CFB.decrypt(ct, key, iv);\n}\n\nfunction xorMut(a, b) {\n for (let i = 0; i < a.length; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nasync function webEncrypt(algo, key, pt, iv) {\n const ALGO = 'AES-CBC';\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']);\n const { blockSize } = getCipher(algo);\n const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]);\n const ct = new Uint8Array(await webCrypto.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length);\n xorMut(ct, pt);\n return ct;\n}\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","import { AES } from './aes';\nimport { IllegalArgumentError } from '../other/errors';\nimport { joinBytes } from '../other/utils';\nexport class AES_CTR {\n static encrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n static decrypt(data, key, nonce) {\n return new AES_CTR(key, nonce).encrypt(data);\n }\n constructor(key, nonce, aes) {\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n delete this.aes.padding;\n this.AES_CTR_set_options(nonce);\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n AES_CTR_set_options(nonce, counter, size) {\n let { asm } = this.aes.acquire_asm();\n if (size !== undefined) {\n if (size < 8 || size > 48)\n throw new IllegalArgumentError('illegal counter size');\n let mask = Math.pow(2, size) - 1;\n asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0);\n }\n else {\n size = 48;\n asm.set_mask(0, 0, 0xffff, 0xffffffff);\n }\n if (nonce !== undefined) {\n let len = nonce.length;\n if (!len || len > 16)\n throw new IllegalArgumentError('illegal nonce size');\n let view = new DataView(new ArrayBuffer(16));\n new Uint8Array(view.buffer).set(nonce);\n asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12));\n }\n else {\n throw new Error('nonce is required');\n }\n if (counter !== undefined) {\n if (counter < 0 || counter >= Math.pow(2, size))\n throw new IllegalArgumentError('illegal counter value');\n asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0);\n }\n }\n}\n","import { AES } from './aes';\nimport { joinBytes } from '../other/utils';\nexport class AES_CBC {\n static encrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).encrypt(data);\n }\n static decrypt(data, key, padding = true, iv) {\n return new AES_CBC(key, iv, padding).decrypt(data);\n }\n constructor(key, iv, padding = true, aes) {\n this.aes = aes ? aes : new AES(key, iv, padding, 'CBC');\n }\n encrypt(data) {\n const r1 = this.aes.AES_Encrypt_process(data);\n const r2 = this.aes.AES_Encrypt_finish();\n return joinBytes(r1, r2);\n }\n decrypt(data) {\n const r1 = this.aes.AES_Decrypt_process(data);\n const r2 = this.aes.AES_Decrypt_finish();\n return joinBytes(r1, r2);\n }\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n * @private\n */\n\nimport { AES_CBC } from '@openpgp/asmcrypto.js/dist_es8/aes/cbc';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt) {\n return AES_CBC.encrypt(pt, key, false, zeroBlock);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n * @private\n */\n\nimport { AES_CTR } from '@openpgp/asmcrypto.js/dist_es8/aes/ctr';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (\n util.getWebCrypto() &&\n key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n ) {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct);\n };\n }\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n // asm.js fallback\n return async function(pt, iv) {\n return AES_CTR.encrypt(pt, key, iv);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n * @private\n */\n\nimport * as ciphers from '../cipher';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n\n let maxNtz = 0;\n let encipher;\n let decipher;\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables(cipher, key) {\n const cipherName = enums.read(enums.symmetric, cipher);\n const aes = new ciphers[cipherName](key);\n encipher = aes.encrypt.bind(aes);\n decipher = aes.decrypt.bind(aes);\n\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","import { IllegalArgumentError, IllegalStateError, SecurityError } from '../other/errors';\nimport { _heap_write } from '../other/utils';\nimport { AES } from './aes';\nimport { AES_asm } from './aes.asm';\nconst _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5\nexport class AES_GCM {\n constructor(key, nonce, adata, tagSize = 16, aes) {\n this.tagSize = tagSize;\n this.gamma0 = 0;\n this.counter = 1;\n this.aes = aes ? aes : new AES(key, undefined, false, 'CTR');\n let { asm, heap } = this.aes.acquire_asm();\n // Init GCM\n asm.gcm_init();\n // Tag size\n if (this.tagSize < 4 || this.tagSize > 16)\n throw new IllegalArgumentError('illegal tagSize value');\n // Nonce\n const noncelen = nonce.length || 0;\n const noncebuf = new Uint8Array(16);\n if (noncelen !== 12) {\n this._gcm_mac_process(nonce);\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = 0;\n heap[4] = 0;\n heap[5] = 0;\n heap[6] = 0;\n heap[7] = 0;\n heap[8] = 0;\n heap[9] = 0;\n heap[10] = 0;\n heap[11] = noncelen >>> 29;\n heap[12] = (noncelen >>> 21) & 255;\n heap[13] = (noncelen >>> 13) & 255;\n heap[14] = (noncelen >>> 5) & 255;\n heap[15] = (noncelen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_iv(0, 0, 0, 0);\n noncebuf.set(heap.subarray(0, 16));\n }\n else {\n noncebuf.set(nonce);\n noncebuf[15] = 1;\n }\n const nonceview = new DataView(noncebuf.buffer);\n this.gamma0 = nonceview.getUint32(12);\n asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0);\n asm.set_mask(0, 0, 0, 0xffffffff);\n // Associated data\n if (adata !== undefined) {\n if (adata.length > _AES_GCM_data_maxLength)\n throw new IllegalArgumentError('illegal adata length');\n if (adata.length) {\n this.adata = adata;\n this._gcm_mac_process(adata);\n }\n else {\n this.adata = undefined;\n }\n }\n else {\n this.adata = undefined;\n }\n // Counter\n if (this.counter < 1 || this.counter > 0xffffffff)\n throw new RangeError('counter must be a positive 32-bit integer');\n asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0);\n }\n static encrypt(cleartext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext);\n }\n static decrypt(ciphertext, key, nonce, adata, tagsize) {\n return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext);\n }\n encrypt(data) {\n return this.AES_GCM_encrypt(data);\n }\n decrypt(data) {\n return this.AES_GCM_decrypt(data);\n }\n AES_GCM_Encrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = (len + dlen) & -16;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > 0) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len);\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n if (wlen < len) {\n pos += wlen;\n len -= wlen;\n }\n else {\n pos = 0;\n len = 0;\n }\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Encrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let adata = this.adata;\n let pos = this.aes.pos;\n let len = this.aes.len;\n const result = new Uint8Array(len + tagSize);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16);\n if (len)\n result.set(heap.subarray(pos, pos + len));\n let i = len;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n result.set(heap.subarray(0, tagSize), len);\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_Decrypt_process(data) {\n let dpos = 0;\n let dlen = data.length || 0;\n let { asm, heap } = this.aes.acquire_asm();\n let counter = this.counter;\n let tagSize = this.tagSize;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rpos = 0;\n let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0;\n let tlen = len + dlen - rlen;\n let wlen = 0;\n if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength)\n throw new RangeError('counter overflow');\n const result = new Uint8Array(rlen);\n while (dlen > tlen) {\n wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen);\n len += wlen;\n dpos += wlen;\n dlen -= wlen;\n wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen);\n wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen);\n if (wlen)\n result.set(heap.subarray(pos, pos + wlen), rpos);\n counter += wlen >>> 4;\n rpos += wlen;\n pos = 0;\n len = 0;\n }\n if (dlen > 0) {\n len += _heap_write(heap, 0, data, dpos, dlen);\n }\n this.counter = counter;\n this.aes.pos = pos;\n this.aes.len = len;\n return result;\n }\n AES_GCM_Decrypt_finish() {\n let { asm, heap } = this.aes.acquire_asm();\n let tagSize = this.tagSize;\n let adata = this.adata;\n let counter = this.counter;\n let pos = this.aes.pos;\n let len = this.aes.len;\n let rlen = len - tagSize;\n if (len < tagSize)\n throw new IllegalStateError('authentication tag not found');\n const result = new Uint8Array(rlen);\n const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));\n let i = rlen;\n for (; i & 15; i++)\n heap[pos + i] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i);\n asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i);\n if (rlen)\n result.set(heap.subarray(pos, pos + rlen));\n const alen = adata !== undefined ? adata.length : 0;\n const clen = ((counter - 1) << 4) + len - tagSize;\n heap[0] = 0;\n heap[1] = 0;\n heap[2] = 0;\n heap[3] = alen >>> 29;\n heap[4] = alen >>> 21;\n heap[5] = (alen >>> 13) & 255;\n heap[6] = (alen >>> 5) & 255;\n heap[7] = (alen << 3) & 255;\n heap[8] = heap[9] = heap[10] = 0;\n heap[11] = clen >>> 29;\n heap[12] = (clen >>> 21) & 255;\n heap[13] = (clen >>> 13) & 255;\n heap[14] = (clen >>> 5) & 255;\n heap[15] = (clen << 3) & 255;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16);\n asm.get_iv(AES_asm.HEAP_DATA);\n asm.set_counter(0, 0, 0, this.gamma0);\n asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16);\n let acheck = 0;\n for (let i = 0; i < tagSize; ++i)\n acheck |= atag[i] ^ heap[i];\n if (acheck)\n throw new SecurityError('data integrity check failed');\n this.counter = 1;\n this.aes.pos = 0;\n this.aes.len = 0;\n return result;\n }\n AES_GCM_decrypt(data) {\n const result1 = this.AES_GCM_Decrypt_process(data);\n const result2 = this.AES_GCM_Decrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n AES_GCM_encrypt(data) {\n const result1 = this.AES_GCM_Encrypt_process(data);\n const result2 = this.AES_GCM_Encrypt_finish();\n const result = new Uint8Array(result1.length + result2.length);\n if (result1.length)\n result.set(result1);\n if (result2.length)\n result.set(result2, result1.length);\n return result;\n }\n _gcm_mac_process(data) {\n let { asm, heap } = this.aes.acquire_asm();\n let dpos = 0;\n let dlen = data.length || 0;\n let wlen = 0;\n while (dlen > 0) {\n wlen = _heap_write(heap, 0, data, dpos, dlen);\n dpos += wlen;\n dlen -= wlen;\n while (wlen & 15)\n heap[wlen++] = 0;\n asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen);\n }\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n * @private\n */\n\nimport { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.encrypt(pt, key, iv, adata);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (ct.length === tagLength) { // iOS does not support GCM-en/decrypting empty messages\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n }\n };\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return AES_GCM.encrypt(pt, key, iv, adata);\n },\n\n decrypt: async function(ct, iv, adata) {\n return AES_GCM.decrypt(ct, key, iv, adata);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n * @private\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","/*jshint bitwise: false*/\n\n(function(nacl) {\n'use strict';\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d;\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d, h, r;\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n d = nacl.hash(sk.subarray(0, 32));\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n r = nacl.hash(sm.subarray(32, smlen));\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n h = nacl.hash(sm.subarray(0, smlen));\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h;\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n h = nacl.hash(m.subarray(0, n));\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;\n if (crypto && crypto.getRandomValues) {\n // Browsers.\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n } else if (typeof require !== 'undefined') {\n // Node.js.\n crypto = require('crypto');\n if (crypto && crypto.randomBytes) {\n nacl.setPRNG(function(x, n) {\n var i, v = crypto.randomBytes(n);\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n }\n})();\n\n})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {}));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n * @private\n */\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const buf = new Uint8Array(length);\n if (nodeCrypto) {\n const bytes = nodeCrypto.randomBytes(buf.length);\n buf.set(bytes);\n } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n return buf;\n}\n\n/**\n * Create a secure random BigInteger that is greater than or equal to min and less than max.\n * @param {module:BigInteger} min - Lower bound, included\n * @param {module:BigInteger} max - Upper bound, excluded\n * @returns {Promise} Random BigInteger.\n * @async\n */\nexport async function getRandomBigInteger(min, max) {\n const BigInteger = await util.getBigInteger();\n\n if (max.lt(min)) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max.sub(min);\n const bytes = modulus.byteLength();\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = new BigInteger(await getRandomBytes(bytes + 8));\n return r.mod(modulus).add(min);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\n\n/**\n * Generate a probably prime random number\n * @param {Integer} bits - Bit length of the prime\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns BigInteger\n * @async\n */\nexport async function randomProbablePrime(bits, e, k) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n const min = one.leftShift(new BigInteger(bits - 1));\n const thirty = new BigInteger(30);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n const n = await getRandomBigInteger(min, min.leftShift(one));\n let i = n.mod(thirty).toNumber();\n\n do {\n n.iadd(new BigInteger(adds[i]));\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (n.bitLength() > bits) {\n n.imod(min.leftShift(one)).iadd(min);\n i = n.mod(thirty).toNumber();\n }\n } while (!await isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} e - Optional RSA exponent to check against the prime\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @returns {boolean}\n * @async\n */\nexport async function isProbablePrime(n, e, k) {\n if (e && !n.dec().gcd(e).isOne()) {\n return false;\n }\n if (!await divisionTest(n)) {\n return false;\n }\n if (!await fermat(n)) {\n return false;\n }\n if (!await millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param {BigInteger} n - Number to test\n * @param {BigInteger} b - Optional Fermat test base\n * @returns {boolean}\n */\nexport async function fermat(n, b) {\n const BigInteger = await util.getBigInteger();\n b = b || new BigInteger(2);\n return b.modExp(n.dec(), n).isOne();\n}\n\nexport async function divisionTest(n) {\n const BigInteger = await util.getBigInteger();\n return smallPrimes.every(m => {\n return n.mod(new BigInteger(m)) !== 0;\n });\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n];\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param {BigInteger} n - Number to test\n * @param {Integer} k - Optional number of iterations of Miller-Rabin test\n * @param {Function} rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport async function millerRabin(n, k, rand) {\n const BigInteger = await util.getBigInteger();\n const len = n.bitLength();\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n.dec(); // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!n1.getBit(s)) { s++; }\n const d = n.rightShift(new BigInteger(s));\n\n for (; k > 0; k--) {\n const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);\n\n let x = a.modExp(d, n);\n if (x.isOne() || x.equal(n1)) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = x.mul(x).mod(n);\n\n if (x.isOne()) {\n return false;\n }\n if (x.equal(n1)) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n * @private\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport async function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n * @private\n */\n\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\n/* eslint-disable no-invalid-this */\nconst RSAPrivateKey = nodeCrypto ? asn1.define('RSAPrivateKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('version').int(), // 0\n this.key('modulus').int(), // n\n this.key('publicExponent').int(), // e\n this.key('privateExponent').int(), // d\n this.key('prime1').int(), // p\n this.key('prime2').int(), // q\n this.key('exponent1').int(), // dp\n this.key('exponent2').int(), // dq\n this.key('coefficient').int() // u\n );\n}) : undefined;\n\nconst RSAPublicKey = nodeCrypto ? asn1.define('RSAPubliceKey', function () {\n this.seq().obj( // used for native NodeJS crypto\n this.key('modulus').int(), // n\n this.key('publicExponent').int() // e\n );\n}) : undefined;\n/* eslint-enable no-invalid-this */\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n const BigInteger = await util.getBigInteger();\n\n e = new BigInteger(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return {\n n: b64ToUint8Array(jwk.n),\n e: e.toUint8Array(),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n } else if (util.getNodeCrypto() && nodeCrypto.generateKeyPair && RSAPrivateKey) {\n const opts = {\n modulusLength: bits,\n publicExponent: e.toNumber(),\n publicKeyEncoding: { type: 'pkcs1', format: 'der' },\n privateKeyEncoding: { type: 'pkcs1', format: 'der' }\n };\n const prv = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, der) => {\n if (err) {\n reject(err);\n } else {\n resolve(RSAPrivateKey.decode(der, 'der'));\n }\n });\n });\n /**\n * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`.\n * @link https://tools.ietf.org/html/rfc3447#section-3.2\n * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1\n */\n return {\n n: prv.modulus.toArrayLike(Uint8Array),\n e: prv.publicExponent.toArrayLike(Uint8Array),\n d: prv.privateExponent.toArrayLike(Uint8Array),\n // switch p and q\n p: prv.prime2.toArrayLike(Uint8Array),\n q: prv.prime1.toArrayLike(Uint8Array),\n // Since p and q are switched in places, we can keep u as defined by DER\n u: prv.coefficient.toArrayLike(Uint8Array)\n };\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = await randomProbablePrime(bits - (bits >> 1), e, 40);\n p = await randomProbablePrime(bits >> 1, e, 40);\n n = p.mul(q);\n } while (n.bitLength() !== bits);\n\n const phi = p.dec().imul(q.dec());\n\n if (q.lt(p)) {\n [p, q] = [q, p];\n }\n\n return {\n n: n.toUint8Array(),\n e: e.toUint8Array(),\n d: e.modInv(phi).toUint8Array(),\n p: p.toUint8Array(),\n q: q.toUint8Array(),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: p.modInv(q).toUint8Array()\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n p = new BigInteger(p);\n q = new BigInteger(q);\n\n // expect pq = n\n if (!p.mul(q).equal(n)) {\n return false;\n }\n\n const two = new BigInteger(2);\n // expect p*u = 1 mod q\n u = new BigInteger(u);\n if (!p.mul(u).mod(q).isOne()) {\n return false;\n }\n\n e = new BigInteger(e);\n d = new BigInteger(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));\n const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r.mul(d).mul(e);\n\n const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));\n d = new BigInteger(d);\n if (m.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return m.modExp(d, n).toUint8Array('be', n.byteLength());\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPrivateKey.encode(keyObject, 'der');\n return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' }));\n }\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n return new Uint8Array(sign.sign(pem));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n s = new BigInteger(s);\n e = new BigInteger(e);\n if (s.gte(n)) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());\n const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1' };\n } else {\n key = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n }\n try {\n return await verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const { default: BN } = await import('bn.js');\n\n const keyObject = {\n modulus: new BN(n),\n publicExponent: new BN(e)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPublicKey.encode(keyObject, 'der');\n key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPublicKey.encode(keyObject, 'pem', {\n label: 'RSA PUBLIC KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n const BigInteger = await util.getBigInteger();\n n = new BigInteger(n);\n data = new BigInteger(emeEncode(data, n.byteLength()));\n e = new BigInteger(e);\n if (data.gte(n)) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return data.modExp(e, n).toUint8Array('be', n.byteLength());\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const { default: BN } = await import('bn.js');\n\n const pBNum = new BN(p);\n const qBNum = new BN(q);\n const dBNum = new BN(d);\n const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1)\n const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1)\n const keyObject = {\n version: 0,\n modulus: new BN(n),\n publicExponent: new BN(e),\n privateExponent: new BN(d),\n // switch p and q\n prime1: new BN(q),\n prime2: new BN(p),\n // switch dp and dq\n exponent1: dq,\n exponent2: dp,\n coefficient: new BN(u)\n };\n let key;\n if (typeof nodeCrypto.createPrivateKey !== 'undefined') {\n const der = RSAPrivateKey.encode(keyObject, 'der');\n key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n } else {\n const pem = RSAPrivateKey.encode(keyObject, 'pem', {\n label: 'RSA PRIVATE KEY'\n });\n key = { key: pem, padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n }\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n const BigInteger = await util.getBigInteger();\n data = new BigInteger(data);\n n = new BigInteger(n);\n e = new BigInteger(e);\n d = new BigInteger(d);\n p = new BigInteger(p);\n q = new BigInteger(q);\n u = new BigInteger(u);\n if (data.gte(n)) {\n throw new Error('Data too large.');\n }\n const dq = d.mod(q.dec()); // d mod (q-1)\n const dp = d.mod(p.dec()); // d mod (p-1)\n\n const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);\n const blinder = unblinder.modInv(n).modExp(e, n);\n data = data.mul(blinder).mod(n);\n\n\n const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p\n const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q\n const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h.mul(p).add(mp); // result < n due to relations above\n\n result = result.mul(unblinder).mod(n);\n\n\n return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const BigInteger = await util.getBigInteger();\n const pNum = new BigInteger(p);\n const qNum = new BigInteger(q);\n const dNum = new BigInteger(d);\n\n let dq = dNum.mod(qNum.dec()); // d mod (q-1)\n let dp = dNum.mod(pNum.dec()); // d mod (p-1)\n dp = dp.toUint8Array();\n dq = dq.toUint8Array();\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n * @private\n */\n\nimport util from '../../util';\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const padded = emeEncode(data, p.byteLength());\n const m = new BigInteger(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = await getRandomBigInteger(new BigInteger(1), p.dec());\n return {\n c1: g.modExp(k, p).toUint8Array(),\n c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n const BigInteger = await util.getBigInteger();\n c1 = new BigInteger(c1);\n c2 = new BigInteger(c2);\n p = new BigInteger(p);\n x = new BigInteger(x);\n\n const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);\n return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = new BigInteger(p.bitLength());\n const n1023 = new BigInteger(1023);\n if (pSize.lt(n1023)) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (!g.modExp(p.dec(), p).isOne()) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n const i = new BigInteger(1);\n const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold\n while (i.lt(threshold)) {\n res = res.mul(g).imod(p);\n if (res.isOne()) {\n return false;\n }\n i.iinc();\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1\n const rqx = p.dec().imul(r).iadd(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n * @private\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {string} String with the canonical name of the curve.\n */\n getName() {\n const hex = this.toHex();\n if (enums.curve[hex]) {\n return enums.write(enums.curve, hex);\n } else {\n throw new Error('Unknown curve object identifier.');\n }\n }\n}\n\nexport default OID;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library\n * @module crypto/public_key/elliptic/indutnyKey\n * @private\n */\n\nimport config from '../../../config';\n\nexport function keyFromPrivate(indutnyCurve, priv) {\n const keyPair = indutnyCurve.keyPair({ priv: priv });\n return keyPair;\n}\n\nexport function keyFromPublic(indutnyCurve, pub) {\n const keyPair = indutnyCurve.keyPair({ pub: pub });\n if (keyPair.validate().result !== true) {\n throw new Error('Invalid elliptic public key');\n }\n return keyPair;\n}\n\nexport async function getIndutnyCurve(name) {\n if (!config.useIndutnyElliptic) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n const { default: elliptic } = await import('@openpgp/elliptic');\n return new elliptic.ec(name);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n * @private\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new stream.TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { getRandomBytes } from '../../random';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport { UnsupportedError } from '../../../packet/packet';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n 'p256': 'P-256',\n 'p384': 'P-384',\n 'p521': 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined,\n brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n p256: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.p256,\n web: webCurves.p256,\n payloadSize: 32,\n sharedSize: 256\n },\n p384: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.p384,\n web: webCurves.p384,\n payloadSize: 48,\n sharedSize: 384\n },\n p521: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.p521,\n web: webCurves.p521,\n payloadSize: 66,\n sharedSize: 528\n },\n secp256k1: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.secp256k1,\n payloadSize: 32\n },\n ed25519: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32\n },\n curve25519: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32\n },\n brainpoolP256r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves.brainpoolP256r1,\n payloadSize: 32\n },\n brainpoolP384r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves.brainpoolP384r1,\n payloadSize: 48\n },\n brainpoolP512r1: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves.brainpoolP512r1,\n payloadSize: 64\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName, params) {\n try {\n if (util.isArray(oidOrName) ||\n util.isUint8Array(oidOrName)) {\n // by oid byte array\n oidOrName = new OID(oidOrName);\n }\n if (oidOrName instanceof OID) {\n // by curve OID\n oidOrName = oidOrName.getName();\n }\n // by curve name or oid string\n this.name = enums.write(enums.curve, oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n params = params || curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node && curves[this.name];\n this.web = params.web && curves[this.name];\n this.payloadSize = params.payloadSize;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === 'curve25519') {\n this.type = 'curve25519';\n } else if (this.name === 'ed25519') {\n this.type = 'ed25519';\n }\n }\n\n async genKeyPair() {\n let keyPair;\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n break;\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519': {\n const privateKey = getRandomBytes(32);\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const secretKey = privateKey.slice().reverse();\n keyPair = nacl.box.keyPair.fromSecretKey(secretKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n case 'ed25519': {\n const privateKey = getRandomBytes(32);\n const keyPair = nacl.sign.keyPair.fromSeed(privateKey);\n const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]);\n return { publicKey, privateKey };\n }\n }\n const indutnyCurve = await getIndutnyCurve(this.name);\n keyPair = await indutnyCurve.genKeyPair({\n entropy: util.uint8ArrayToString(getRandomBytes(32))\n });\n return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) };\n }\n}\n\nasync function generate(curve) {\n const BigInteger = await util.getBigInteger();\n\n curve = new CurveWithOID(curve);\n const keyPair = await curve.genKeyPair();\n const Q = new BigInteger(keyPair.publicKey).toUint8Array();\n const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize);\n return {\n oid: curve.oid,\n Q,\n secret,\n hash: curve.hash,\n cipher: curve.cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[enums.write(enums.curve, oid.toHex())].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n p256: true,\n p384: true,\n p521: true,\n secp256k1: true,\n curve25519: algo === enums.publicKey.ecdh,\n brainpoolP256r1: true,\n brainpoolP384r1: true,\n brainpoolP512r1: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === 'curve25519') {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const curve = await getIndutnyCurve(curveName);\n try {\n // Parse Q and check that it is on the curve but not at infinity\n Q = keyFromPublic(curve, Q).getPublic();\n } catch (validationErrors) {\n return false;\n }\n\n /**\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = keyFromPrivate(curve, d).getPublic();\n if (!dG.eq(Q)) {\n return false;\n }\n\n return true;\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nasync function webGenKeyPair(name) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = 0x04;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n * @private\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams } from './oid_curves';\nimport { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web': {\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n }\n case 'node': {\n const signature = await nodeSign(curve, hashAlgo, message, keyPair);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n }\n }\n }\n return ellipticSign(curve, hashed, privateKey);\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n return await webVerify(curve, hashAlgo, signature, message, publicKey);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support p521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node':\n return nodeVerify(curve, hashAlgo, signature, message, publicKey);\n }\n }\n const digest = (typeof hashAlgo === 'undefined') ? message : hashed;\n return ellipticVerify(curve, signature, digest, publicKey);\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\nasync function ellipticSign(curve, hashed, privateKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPrivate(indutnyCurve, privateKey);\n const signature = key.sign(hashed);\n return {\n r: signature.r.toArrayLike(Uint8Array),\n s: signature.s.toArrayLike(Uint8Array)\n };\n}\n\nasync function ellipticVerify(curve, signature, digest, publicKey) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const key = keyFromPublic(indutnyCurve, publicKey);\n return key.verify(digest, signature);\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, keyPair) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n const key = ECPrivateKey.encode({\n version: 1,\n parameters: curve.oid,\n privateKey: Array.from(keyPair.privateKey),\n publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }\n }, 'pem', {\n label: 'EC PRIVATE KEY'\n });\n\n return ECDSASignature.decode(sign.sign(key), 'der');\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const { default: BN } = await import('bn.js');\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n const key = SubjectPublicKeyInfo.encode({\n algorithm: {\n algorithm: [1, 2, 840, 10045, 2, 1],\n parameters: curve.oid\n },\n subjectPublicKey: { unused: 0, data: Array.from(publicKey) }\n }, 'pem', {\n label: 'PUBLIC KEY'\n });\n const signature = ECDSASignature.encode({\n r: new BN(r), s: new BN(s)\n }, 'der');\n\n try {\n return verify.verify(key, signature);\n } catch (err) {\n return false;\n }\n}\n\n// Originally written by Owen Smith https://github.com/omsmith\n// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/\n\n/* eslint-disable no-invalid-this */\n\nconst asn1 = nodeCrypto ? require('asn1.js') : undefined;\n\nconst ECDSASignature = nodeCrypto ?\n asn1.define('ECDSASignature', function() {\n this.seq().obj(\n this.key('r').int(),\n this.key('s').int()\n );\n }) : undefined;\n\nconst ECPrivateKey = nodeCrypto ?\n asn1.define('ECPrivateKey', function() {\n this.seq().obj(\n this.key('version').int(),\n this.key('privateKey').octstr(),\n this.key('parameters').explicit(0).optional().any(),\n this.key('publicKey').explicit(1).optional().bitstr()\n );\n }) : undefined;\n\nconst AlgorithmIdentifier = nodeCrypto ?\n asn1.define('AlgorithmIdentifier', function() {\n this.seq().obj(\n this.key('algorithm').objid(),\n this.key('parameters').optional().any()\n );\n }) : undefined;\n\nconst SubjectPublicKeyInfo = nodeCrypto ?\n asn1.define('SubjectPublicKeyInfo', function() {\n this.seq().obj(\n this.key('algorithm').use(AlgorithmIdentifier),\n this.key('subjectPublicKey').bitstr()\n );\n }) : undefined;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);\n const signature = nacl.sign.detached(hashed, secretKey);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const signature = util.concatUint8Array([r, s]);\n return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== 'ed25519') {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n * @private\n */\n\nimport sha512 from 'hash.js/lib/hash/sha/512';\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\n\nnacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const seed = getRandomBytes(32);\n const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = nacl.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519: {\n return nacl.sign.detached.verify(hashed, RS, publicKey);\n }\n case enums.publicKey.ed448:\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: // unsupported\n default:\n return false;\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n * @private\n */\n\nimport * as cipher from './cipher';\nimport util from '../util';\n\n/**\n * AES key wrap\n * @function\n * @param {Uint8Array} key\n * @param {Uint8Array} data\n * @returns {Uint8Array}\n */\nexport function wrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const P = unpack(data);\n let A = IV;\n const R = P;\n const n = P.length / 2;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 0; j <= 5; ++j) {\n for (let i = 0; i < n; ++i) {\n t[1] = n * j + (1 + i);\n // B = A\n B[0] = A[0];\n B[1] = A[1];\n // B = A || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES(K, B)\n B = unpack(aes.encrypt(pack(B)));\n // A = MSB(64, B) ^ t\n A = B.subarray(0, 2);\n A[0] ^= t[0];\n A[1] ^= t[1];\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n return pack(A, R);\n}\n\n/**\n * AES key unwrap\n * @function\n * @param {String} key\n * @param {String} data\n * @returns {Uint8Array}\n * @throws {Error}\n */\nexport function unwrap(key, data) {\n const aes = new cipher['aes' + (key.length * 8)](key);\n const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]);\n const C = unpack(data);\n let A = C.subarray(0, 2);\n const R = C.subarray(2);\n const n = C.length / 2 - 1;\n const t = new Uint32Array([0, 0]);\n let B = new Uint32Array(4);\n for (let j = 5; j >= 0; --j) {\n for (let i = n - 1; i >= 0; --i) {\n t[1] = n * j + (i + 1);\n // B = A ^ t\n B[0] = A[0] ^ t[0];\n B[1] = A[1] ^ t[1];\n // B = (A ^ t) || R[i]\n B[2] = R[2 * i];\n B[3] = R[2 * i + 1];\n // B = AES-1(B)\n B = unpack(aes.decrypt(pack(B)));\n // A = MSB(64, B)\n A = B.subarray(0, 2);\n // R[i] = LSB(64, B)\n R[2 * i] = B[2];\n R[2 * i + 1] = B[3];\n }\n }\n if (A[0] === IV[0] && A[1] === IV[1]) {\n return pack(R);\n }\n throw new Error('Key Data Integrity failed');\n}\n\nfunction createArrayBuffer(data) {\n if (util.isString(data)) {\n const { length } = data;\n const buffer = new ArrayBuffer(length);\n const view = new Uint8Array(buffer);\n for (let j = 0; j < length; ++j) {\n view[j] = data.charCodeAt(j);\n }\n return buffer;\n }\n return new Uint8Array(data).buffer;\n}\n\nfunction unpack(data) {\n const { length } = data;\n const buffer = createArrayBuffer(data);\n const view = new DataView(buffer);\n const arr = new Uint32Array(length / 4);\n for (let i = 0; i < length / 4; ++i) {\n arr[i] = view.getUint32(4 * i);\n }\n return arr;\n}\n\nfunction pack() {\n let length = 0;\n for (let k = 0; k < arguments.length; ++k) {\n length += 4 * arguments[k].length;\n }\n const buffer = new ArrayBuffer(length);\n const view = new DataView(buffer);\n let offset = 0;\n for (let i = 0; i < arguments.length; ++i) {\n for (let j = 0; j < arguments[i].length; ++j) {\n view.setUint32(offset + 4 * j, arguments[i][j]);\n }\n offset += 4 * arguments[i].length;\n }\n return new Uint8Array(buffer);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { keyFromPublic, keyFromPrivate, getIndutnyCurve } from './indutnyKey';\nimport getCipher from '../../cipher/getCipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint.subarray(0, 20)\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519': {\n const d = getRandomBytes(32);\n const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d);\n let { publicKey } = nacl.box.keyPair.fromSecretKey(secretKey);\n publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n }\n return ellipticPublicEphemeralKey(curve, Q);\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = aesKW.wrap(Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519': {\n const secretKey = d.slice().reverse();\n const sharedKey = nacl.scalarMult(secretKey, V.subarray(1));\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n }\n return ellipticPrivateEphemeralKey(curve, V, d);\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipher(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(aesKW.unwrap(Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: sender\n },\n privateKey,\n curve.web.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.web.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPrivateEphemeralKey(curve, V, d) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n V = keyFromPublic(indutnyCurve, V);\n d = keyFromPrivate(indutnyCurve, d);\n const secretKey = new Uint8Array(d.getPrivate());\n const S = d.derive(V.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function ellipticPublicEphemeralKey(curve, Q) {\n const indutnyCurve = await getIndutnyCurve(curve.name);\n const v = await curve.genKeyPair();\n Q = keyFromPublic(indutnyCurve, Q);\n const V = keyFromPrivate(indutnyCurve, v.privateKey);\n const publicKey = v.publicKey;\n const S = V.derive(Q.getPublic());\n const len = indutnyCurve.curve.p.byteLength();\n const sharedKey = S.toArrayLike(Uint8Array, 'be', len);\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle;\n\nexport default async function HKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n if (webCrypto || nodeSubtleCrypto) {\n const crypto = webCrypto || nodeSubtleCrypto;\n const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n }\n\n if (nodeCrypto) {\n const hashAlgoName = enums.read(enums.hash, hashAlgo);\n // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869\n\n const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest();\n // Step 1: Extract\n // PRK = HMAC-Hash(salt, IKM)\n const pseudoRandomKey = computeHMAC(salt, inputKey);\n\n const hashLen = pseudoRandomKey.length;\n\n // Step 2: Expand\n // HKDF-Expand(PRK, info, L) -> OKM\n const n = Math.ceil(outLen / hashLen);\n const outputKeyingMaterial = new Uint8Array(n * hashLen);\n\n // HMAC input buffer updated at each iteration\n const roundInput = new Uint8Array(hashLen + info.length + 1);\n // T_i and last byte are updated at each iteration, but `info` remains constant\n roundInput.set(info, hashLen);\n\n for (let i = 0; i < n; i++) {\n // T(0) = empty string (zero length)\n // T(i) = HMAC-Hash(PRK, T(i-1) | info | i)\n roundInput[roundInput.length - 1] = i + 1;\n // t = T(i+1)\n const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen));\n roundInput.set(t, 0);\n\n outputKeyingMaterial.set(t, i * hashLen);\n }\n\n return outputKeyingMaterial.subarray(0, outLen);\n }\n\n throw new Error('No HKDF implementation available');\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport getCipher from '../../cipher/getCipher';\nimport computeHKDF from '../../hkdf';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = nacl.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(32);\n const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA);\n const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = aesKW.wrap(encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n const { keySize } = getCipher(enums.symmetric.aes128);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n * @private\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const BigInteger = await util.getBigInteger();\n const one = new BigInteger(1);\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n x = new BigInteger(x);\n\n let k;\n let r;\n let s;\n let t;\n g = g.mod(p);\n x = x.mod(q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = await getRandomBigInteger(one, q); // returns in [1, q-1]\n r = g.modExp(k, p).imod(q); // (g**k mod p) mod q\n if (r.isZero()) {\n continue;\n }\n const xr = x.mul(r).imod(q);\n t = h.add(xr).imod(q); // H(m) + x*r mod q\n s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q\n if (s.isZero()) {\n continue;\n }\n break;\n }\n return {\n r: r.toUint8Array('be', q.byteLength()),\n s: s.toUint8Array('be', q.byteLength())\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n const BigInteger = await util.getBigInteger();\n const zero = new BigInteger(0);\n r = new BigInteger(r);\n s = new BigInteger(s);\n\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n\n if (r.lte(zero) || r.gte(q) ||\n s.lte(zero) || s.gte(q)) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);\n const w = s.modInv(q); // s**-1 mod q\n if (w.isZero()) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = g.mod(p);\n y = y.mod(p);\n const u1 = h.mul(w).imod(q); // H(m) * w mod q\n const u2 = r.mul(w).imod(q); // r * w mod q\n const t1 = g.modExp(u1, p); // g**u1 mod p\n const t2 = y.modExp(u2, p); // y**u2 mod p\n const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q\n return v.equal(r);\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n const BigInteger = await util.getBigInteger();\n p = new BigInteger(p);\n q = new BigInteger(q);\n g = new BigInteger(g);\n y = new BigInteger(y);\n const one = new BigInteger(1);\n // Check that 1 < g < p\n if (g.lte(one) || g.gte(p)) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (!p.dec().mod(q).isZero()) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (!g.modExp(q, p).isOne()) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = new BigInteger(q.bitLength());\n const n150 = new BigInteger(150);\n if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = new BigInteger(x);\n const two = new BigInteger(2);\n const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q\n const rqx = q.mul(r).add(x);\n if (!y.equal(g.modExp(rqx, p))) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n * @private\n */\n\nimport nacl from '@openpgp/tweetnacl/nacl-fast-light';\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa,\n /** @see tweetnacl */\n nacl: nacl\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n * @private\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read));\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { s };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read));\n return { r, s };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n let r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n r = util.leftPad(r, 32);\n let s = util.readMPI(signature.subarray(read));\n s = util.leftPad(s, 32);\n return { r, s };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n case enums.publicKey.ed25519: {\n const RS = signature.subarray(read, read + 64); read += RS.length;\n return { RS };\n }\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n // signature already padded on parsing\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal: {\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n * @private\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n * @private\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport getCipher from './cipher/getCipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { CurveWithOID } from './public_key/elliptic/oid_curves';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519: {\n if (!util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (!util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.x25519: {\n const A = bytes.subarray(read, read + 32); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const curve = new CurveWithOID(publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, curve.payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const curve = new CurveWithOID(publicParams.oid);\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, curve.payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519: {\n const seed = bytes.subarray(read, read + 32); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519: {\n const k = bytes.subarray(read, read + 32); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key.\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519: {\n const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n }\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipher(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipher(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\nexport { getCipher };\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get preferred hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n * @private\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","\n\n\nvar TYPED_OK = typeof Uint8Array !== \"undefined\" &&\n typeof Uint16Array !== \"undefined\" &&\n typeof Int32Array !== \"undefined\";\n\nfunction _has(obj, key) {\n return Object.prototype.hasOwnProperty.call(obj, key);\n}\n\nexport function assign(obj /*...args obj, from1, from2, from3, ...*/) {\n var sources = Array.prototype.slice.call(arguments, 1);\n while (sources.length) {\n var source = sources.shift();\n if (!source) {\n continue; \n }\n\n if (typeof source !== \"object\") {\n throw new TypeError(source + \"must be non-object\");\n }\n\n for (var p in source) {\n if (_has(source, p)) {\n obj[p] = source[p];\n }\n }\n }\n\n return obj;\n //return Object.assign(...args);\n}\n\n\n// reduce buffer size, avoiding mem copy\nexport function shrinkBuf(buf, size) {\n if (buf.length === size) {\n return buf; \n }\n if (buf.subarray) {\n return buf.subarray(0, size); \n }\n buf.length = size;\n return buf;\n}\n\n\nconst fnTyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n if (src.subarray && dest.subarray) {\n dest.set(src.subarray(src_offs, src_offs + len), dest_offs);\n return;\n }\n // Fallback to ordinary array\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n let i, l, len, pos, chunk;\n\n // calculate data length\n len = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n len += chunks[i].length;\n }\n\n // join chunks\n const result = new Uint8Array(len);\n pos = 0;\n for (i = 0, l = chunks.length; i < l; i++) {\n chunk = chunks[i];\n result.set(chunk, pos);\n pos += chunk.length;\n }\n\n return result;\n }\n};\n\nconst fnUntyped = {\n arraySet: function (dest, src, src_offs, len, dest_offs) {\n for (let i = 0; i < len; i++) {\n dest[dest_offs + i] = src[src_offs + i];\n }\n },\n // Join array of chunks to single array.\n flattenChunks: function (chunks) {\n return [].concat.apply([], chunks);\n }\n};\n\n\n// Enable/Disable typed arrays use, for testing\n//\n\nexport let Buf8 = TYPED_OK ? Uint8Array : Array;\nexport let Buf16 = TYPED_OK ? Uint16Array : Array;\nexport let Buf32 = TYPED_OK ? Int32Array : Array;\nexport let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks;\nexport let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet;\nexport function setTyped(on) {\n if (on) {\n Buf8 = Uint8Array;\n Buf16 = Uint16Array;\n Buf32 = Int32Array;\n ({ flattenChunks, arraySet } = fnTyped);\n } else {\n Buf8 = Array;\n Buf16 = Array;\n Buf32 = Array;\n ({ flattenChunks, arraySet } = fnUntyped);\n }\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* Allowed flush values; see deflate() and inflate() below for details */\nexport const Z_NO_FLUSH = 0;\nexport const Z_PARTIAL_FLUSH = 1;\nexport const Z_SYNC_FLUSH = 2;\nexport const Z_FULL_FLUSH = 3;\nexport const Z_FINISH = 4;\nexport const Z_BLOCK = 5;\nexport const Z_TREES = 6;\n\n/* Return codes for the compression/decompression functions. Negative values\n * are errors, positive values are used for special but normal events.\n */\nexport const Z_OK = 0;\nexport const Z_STREAM_END = 1;\nexport const Z_NEED_DICT = 2;\nexport const Z_ERRNO = -1;\nexport const Z_STREAM_ERROR = -2;\nexport const Z_DATA_ERROR = -3;\n//export const Z_MEM_ERROR = -4;\nexport const Z_BUF_ERROR = -5;\n//export const Z_VERSION_ERROR = -6;\n\n /* compression levels */\nexport const Z_NO_COMPRESSION = 0;\nexport const Z_BEST_SPEED = 1;\nexport const Z_BEST_COMPRESSION = 9;\nexport const Z_DEFAULT_COMPRESSION = -1;\n\n\nexport const Z_FILTERED = 1;\nexport const Z_HUFFMAN_ONLY = 2;\nexport const Z_RLE = 3;\nexport const Z_FIXED = 4;\nexport const Z_DEFAULT_STRATEGY = 0;\n\n/* Possible values of the data_type field (though see inflate()) */\nexport const Z_BINARY = 0;\nexport const Z_TEXT = 1;\n//export const Z_ASCII = 1; // = Z_TEXT (deprecated)\nexport const Z_UNKNOWN = 2;\n\n/* The deflate compression method */\nexport const Z_DEFLATED = 8;\n//export const Z_NULL = null // Use -1 or null inline, depending on var type\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n/* eslint-disable space-unary-ops */\n\nimport * as utils from \"../utils/common.js\";\nimport {\n Z_FIXED,\n Z_BINARY,\n Z_TEXT,\n Z_UNKNOWN\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nfunction zero(buf) {\n let len = buf.length; while (--len >= 0) {\n buf[len] = 0; \n } \n}\n\n// From zutil.h\n\nconst STORED_BLOCK = 0;\nconst STATIC_TREES = 1;\nconst DYN_TREES = 2;\n/* The three kinds of block type */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\n/* The minimum and maximum match lengths */\n\n// From deflate.h\n/* ===========================================================================\n * Internal compression state.\n */\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\n\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\n\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\n\nconst D_CODES = 30;\n/* number of distance codes */\n\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\n\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\n\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst Buf_size = 16;\n/* size of bit buffer in bi_buf */\n\n\n/* ===========================================================================\n * Constants\n */\n\nconst MAX_BL_BITS = 7;\n/* Bit length codes must not exceed MAX_BL_BITS bits */\n\nconst END_BLOCK = 256;\n/* end of block literal code */\n\nconst REP_3_6 = 16;\n/* repeat previous bit length 3-6 times (2 bits of repeat count) */\n\nconst REPZ_3_10 = 17;\n/* repeat a zero length 3-10 times (3 bits of repeat count) */\n\nconst REPZ_11_138 = 18;\n/* repeat a zero length 11-138 times (7 bits of repeat count) */\n\n/* eslint-disable comma-spacing,array-bracket-spacing */\nconst extra_lbits = /* extra bits for each length code */\n [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0];\n\nconst extra_dbits = /* extra bits for each distance code */\n [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13];\n\nconst extra_blbits = /* extra bits for each bit length code */\n [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7];\n\nconst bl_order =\n [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];\n/* eslint-enable comma-spacing,array-bracket-spacing */\n\n/* The lengths of the bit length codes are sent in order of decreasing\n * probability, to avoid transmitting the lengths for unused bit length codes.\n */\n\n/* ===========================================================================\n * Local data. These are initialized only once.\n */\n\n// We pre-fill arrays with 0 to avoid uninitialized gaps\n\nconst DIST_CODE_LEN = 512; /* see definition of array dist_code below */\n\n// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1\nconst static_ltree = new Array((L_CODES + 2) * 2);\nzero(static_ltree);\n/* The static literal tree. Since the bit lengths are imposed, there is no\n * need for the L_CODES extra codes used during heap construction. However\n * The codes 286 and 287 are needed to build a canonical tree (see _tr_init\n * below).\n */\n\nconst static_dtree = new Array(D_CODES * 2);\nzero(static_dtree);\n/* The static distance tree. (Actually a trivial tree since all codes use\n * 5 bits.)\n */\n\nconst _dist_code = new Array(DIST_CODE_LEN);\nzero(_dist_code);\n/* Distance codes. The first 256 values correspond to the distances\n * 3 .. 258, the last 256 values correspond to the top 8 bits of\n * the 15 bit distances.\n */\n\nconst _length_code = new Array(MAX_MATCH - MIN_MATCH + 1);\nzero(_length_code);\n/* length code for each normalized match length (0 == MIN_MATCH) */\n\nconst base_length = new Array(LENGTH_CODES);\nzero(base_length);\n/* First normalized length for each code (0 = MIN_MATCH) */\n\nconst base_dist = new Array(D_CODES);\nzero(base_dist);\n/* First normalized distance for each code (0 = distance of 1) */\n\n\nfunction StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) {\n\n this.static_tree = static_tree; /* static tree or NULL */\n this.extra_bits = extra_bits; /* extra bits for each code or NULL */\n this.extra_base = extra_base; /* base index for extra_bits */\n this.elems = elems; /* max number of elements in the tree */\n this.max_length = max_length; /* max bit length for the codes */\n\n // show if `static_tree` has data or dummy - needed for monomorphic objects\n this.has_stree = static_tree && static_tree.length;\n}\n\n\nlet static_l_desc;\nlet static_d_desc;\nlet static_bl_desc;\n\n\nfunction TreeDesc(dyn_tree, stat_desc) {\n this.dyn_tree = dyn_tree; /* the dynamic tree */\n this.max_code = 0; /* largest code with non zero frequency */\n this.stat_desc = stat_desc; /* the corresponding static tree */\n}\n\n\n\nfunction d_code(dist) {\n return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)];\n}\n\n\n/* ===========================================================================\n * Output a short LSB first on the stream.\n * IN assertion: there is enough room in pendingBuf.\n */\nfunction put_short(s, w) {\n// put_byte(s, (uch)((w) & 0xff));\n// put_byte(s, (uch)((ush)(w) >> 8));\n s.pending_buf[s.pending++] = w & 0xff;\n s.pending_buf[s.pending++] = w >>> 8 & 0xff;\n}\n\n\n/* ===========================================================================\n * Send a value on a given number of bits.\n * IN assertion: length <= 16 and value fits in length bits.\n */\nfunction send_bits(s, value, length) {\n if (s.bi_valid > Buf_size - length) {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n put_short(s, s.bi_buf);\n s.bi_buf = value >> Buf_size - s.bi_valid;\n s.bi_valid += length - Buf_size;\n } else {\n s.bi_buf |= value << s.bi_valid & 0xffff;\n s.bi_valid += length;\n }\n}\n\n\nfunction send_code(s, c, tree) {\n send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/);\n}\n\n\n/* ===========================================================================\n * Reverse the first len bits of a code, using straightforward code (a faster\n * method would use a table)\n * IN assertion: 1 <= len <= 15\n */\nfunction bi_reverse(code, len) {\n let res = 0;\n do {\n res |= code & 1;\n code >>>= 1;\n res <<= 1;\n } while (--len > 0);\n return res >>> 1;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer, keeping at most 7 bits in it.\n */\nfunction bi_flush(s) {\n if (s.bi_valid === 16) {\n put_short(s, s.bi_buf);\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n } else if (s.bi_valid >= 8) {\n s.pending_buf[s.pending++] = s.bi_buf & 0xff;\n s.bi_buf >>= 8;\n s.bi_valid -= 8;\n }\n}\n\n\n/* ===========================================================================\n * Compute the optimal bit lengths for a tree and update the total bit length\n * for the current block.\n * IN assertion: the fields freq and dad are set, heap[heap_max] and\n * above are the tree nodes sorted by increasing frequency.\n * OUT assertions: the field len is set to the optimal bit length, the\n * array bl_count contains the frequencies for each bit length.\n * The length opt_len is updated; static_len is also updated if stree is\n * not null.\n */\nfunction gen_bitlen(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const max_code = desc.max_code;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const extra = desc.stat_desc.extra_bits;\n const base = desc.stat_desc.extra_base;\n const max_length = desc.stat_desc.max_length;\n let h; /* heap index */\n let n, m; /* iterate over the tree elements */\n let bits; /* bit length */\n let xbits; /* extra bits */\n let f; /* frequency */\n let overflow = 0; /* number of elements with bit length too large */\n\n for (bits = 0; bits <= MAX_BITS; bits++) {\n s.bl_count[bits] = 0;\n }\n\n /* In a first pass, compute the optimal bit lengths (which may\n * overflow in the case of the bit length tree).\n */\n tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */\n\n for (h = s.heap_max + 1; h < HEAP_SIZE; h++) {\n n = s.heap[h];\n bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1;\n if (bits > max_length) {\n bits = max_length;\n overflow++;\n }\n tree[n * 2 + 1]/*.Len*/ = bits;\n /* We overwrite tree[n].Dad which is no longer needed */\n\n if (n > max_code) {\n continue; \n } /* not a leaf node */\n\n s.bl_count[bits]++;\n xbits = 0;\n if (n >= base) {\n xbits = extra[n - base];\n }\n f = tree[n * 2]/*.Freq*/;\n s.opt_len += f * (bits + xbits);\n if (has_stree) {\n s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits);\n }\n }\n if (overflow === 0) {\n return; \n }\n\n // Trace((stderr,\"\\nbit length overflow\\n\"));\n /* This happens for example on obj2 and pic of the Calgary corpus */\n\n /* Find the first bit length which could increase: */\n do {\n bits = max_length - 1;\n while (s.bl_count[bits] === 0) {\n bits--; \n }\n s.bl_count[bits]--; /* move one leaf down the tree */\n s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */\n s.bl_count[max_length]--;\n /* The brother of the overflow item also moves one step up,\n * but this does not affect bl_count[max_length]\n */\n overflow -= 2;\n } while (overflow > 0);\n\n /* Now recompute all bit lengths, scanning in increasing frequency.\n * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all\n * lengths instead of fixing only the wrong ones. This idea is taken\n * from 'ar' written by Haruhiko Okumura.)\n */\n for (bits = max_length; bits !== 0; bits--) {\n n = s.bl_count[bits];\n while (n !== 0) {\n m = s.heap[--h];\n if (m > max_code) {\n continue; \n }\n if (tree[m * 2 + 1]/*.Len*/ !== bits) {\n // Trace((stderr,\"code %d bits %d->%d\\n\", m, tree[m].Len, bits));\n s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/;\n tree[m * 2 + 1]/*.Len*/ = bits;\n }\n n--;\n }\n }\n}\n\n\n/* ===========================================================================\n * Generate the codes for a given tree and bit counts (which need not be\n * optimal).\n * IN assertion: the array bl_count contains the bit length statistics for\n * the given tree and the field len is set for all tree elements.\n * OUT assertion: the field code is set for all tree elements of non\n * zero code length.\n */\nfunction gen_codes(tree, max_code, bl_count)\n// ct_data *tree; /* the tree to decorate */\n// int max_code; /* largest code with non zero frequency */\n// ushf *bl_count; /* number of codes at each bit length */\n{\n const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */\n let code = 0; /* running code value */\n let bits; /* bit index */\n let n; /* code index */\n\n /* The distribution counts are first used to generate the code values\n * without bit reversal.\n */\n for (bits = 1; bits <= MAX_BITS; bits++) {\n next_code[bits] = code = code + bl_count[bits - 1] << 1;\n }\n /* Check that the bit counts in bl_count are consistent. The last code\n * must be all ones.\n */\n //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */\n length = 0;\n for (code = 0; code < LENGTH_CODES - 1; code++) {\n base_length[code] = length;\n for (n = 0; n < 1 << extra_lbits[code]; n++) {\n _length_code[length++] = code;\n }\n }\n //Assert (length == 256, \"tr_static_init: length != 256\");\n /* Note that the length 255 (match length 258) can be represented\n * in two different ways: code 284 + 5 bits or code 285, so we\n * overwrite length_code[255] to use the best encoding:\n */\n _length_code[length - 1] = code;\n\n /* Initialize the mapping dist (0..32K) -> dist code (0..29) */\n dist = 0;\n for (code = 0; code < 16; code++) {\n base_dist[code] = dist;\n for (n = 0; n < 1 << extra_dbits[code]; n++) {\n _dist_code[dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: dist != 256\");\n dist >>= 7; /* from now on, all distances are divided by 128 */\n for (; code < D_CODES; code++) {\n base_dist[code] = dist << 7;\n for (n = 0; n < 1 << extra_dbits[code] - 7; n++) {\n _dist_code[256 + dist++] = code;\n }\n }\n //Assert (dist == 256, \"tr_static_init: 256+dist != 512\");\n\n /* Construct the codes of the static literal tree */\n for (bits = 0; bits <= MAX_BITS; bits++) {\n bl_count[bits] = 0;\n }\n\n n = 0;\n while (n <= 143) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n while (n <= 255) {\n static_ltree[n * 2 + 1]/*.Len*/ = 9;\n n++;\n bl_count[9]++;\n }\n while (n <= 279) {\n static_ltree[n * 2 + 1]/*.Len*/ = 7;\n n++;\n bl_count[7]++;\n }\n while (n <= 287) {\n static_ltree[n * 2 + 1]/*.Len*/ = 8;\n n++;\n bl_count[8]++;\n }\n /* Codes 286 and 287 do not exist, but we must include them in the\n * tree construction to get a canonical Huffman tree (longest code\n * all ones)\n */\n gen_codes(static_ltree, L_CODES + 1, bl_count);\n\n /* The static distance tree is trivial: */\n for (n = 0; n < D_CODES; n++) {\n static_dtree[n * 2 + 1]/*.Len*/ = 5;\n static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5);\n }\n\n // Now data ready and we can init static trees\n static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS);\n static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS);\n static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS);\n\n //static_init_done = true;\n}\n\n\n/* ===========================================================================\n * Initialize a new block.\n */\nfunction init_block(s) {\n let n; /* iterates over tree elements */\n\n /* Initialize the trees. */\n for (n = 0; n < L_CODES; n++) {\n s.dyn_ltree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < D_CODES; n++) {\n s.dyn_dtree[n * 2]/*.Freq*/ = 0; \n }\n for (n = 0; n < BL_CODES; n++) {\n s.bl_tree[n * 2]/*.Freq*/ = 0; \n }\n\n s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1;\n s.opt_len = s.static_len = 0;\n s.last_lit = s.matches = 0;\n}\n\n\n/* ===========================================================================\n * Flush the bit buffer and align the output on a byte boundary\n */\nfunction bi_windup(s) {\n if (s.bi_valid > 8) {\n put_short(s, s.bi_buf);\n } else if (s.bi_valid > 0) {\n //put_byte(s, (Byte)s->bi_buf);\n s.pending_buf[s.pending++] = s.bi_buf;\n }\n s.bi_buf = 0;\n s.bi_valid = 0;\n}\n\n/* ===========================================================================\n * Copy a stored block, storing first the length and its\n * one's complement if requested.\n */\nfunction copy_block(s, buf, len, header)\n//DeflateState *s;\n//charf *buf; /* the input data */\n//unsigned len; /* its length */\n//int header; /* true if block header must be written */\n{\n bi_windup(s); /* align on byte boundary */\n\n if (header) {\n put_short(s, len);\n put_short(s, ~len);\n }\n // while (len--) {\n // put_byte(s, *buf++);\n // }\n utils.arraySet(s.pending_buf, s.window, buf, len, s.pending);\n s.pending += len;\n}\n\n/* ===========================================================================\n * Compares to subtrees, using the tree depth as tie breaker when\n * the subtrees have equal frequency. This minimizes the worst case length.\n */\nfunction smaller(tree, n, m, depth) {\n const _n2 = n * 2;\n const _m2 = m * 2;\n return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ ||\n tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m];\n}\n\n/* ===========================================================================\n * Restore the heap property by moving down the tree starting at node k,\n * exchanging a node with the smallest of its two sons if necessary, stopping\n * when the heap property is re-established (each father smaller than its\n * two sons).\n */\nfunction pqdownheap(s, tree, k)\n// deflate_state *s;\n// ct_data *tree; /* the tree to restore */\n// int k; /* node to move down */\n{\n const v = s.heap[k];\n let j = k << 1; /* left son of k */\n while (j <= s.heap_len) {\n /* Set j to the smallest of the two sons: */\n if (j < s.heap_len &&\n smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) {\n j++;\n }\n /* Exit if v is smaller than both sons */\n if (smaller(tree, v, s.heap[j], s.depth)) {\n break; \n }\n\n /* Exchange v with the smallest son */\n s.heap[k] = s.heap[j];\n k = j;\n\n /* And continue down the tree, setting j to the left son of k */\n j <<= 1;\n }\n s.heap[k] = v;\n}\n\n\n// inlined manually\n// var SMALLEST = 1;\n\n/* ===========================================================================\n * Send the block data compressed using the given Huffman trees\n */\nfunction compress_block(s, ltree, dtree)\n// deflate_state *s;\n// const ct_data *ltree; /* literal tree */\n// const ct_data *dtree; /* distance tree */\n{\n let dist; /* distance of matched string */\n let lc; /* match length or unmatched char (if dist == 0) */\n let lx = 0; /* running index in l_buf */\n let code; /* the code to send */\n let extra; /* number of extra bits to send */\n\n if (s.last_lit !== 0) {\n do {\n dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1];\n lc = s.pending_buf[s.l_buf + lx];\n lx++;\n\n if (dist === 0) {\n send_code(s, lc, ltree); /* send a literal byte */\n //Tracecv(isgraph(lc), (stderr,\" '%c' \", lc));\n } else {\n /* Here, lc is the match length - MIN_MATCH */\n code = _length_code[lc];\n send_code(s, code + LITERALS + 1, ltree); /* send the length code */\n extra = extra_lbits[code];\n if (extra !== 0) {\n lc -= base_length[code];\n send_bits(s, lc, extra); /* send the extra length bits */\n }\n dist--; /* dist is now the match distance - 1 */\n code = d_code(dist);\n //Assert (code < D_CODES, \"bad d_code\");\n\n send_code(s, code, dtree); /* send the distance code */\n extra = extra_dbits[code];\n if (extra !== 0) {\n dist -= base_dist[code];\n send_bits(s, dist, extra); /* send the extra distance bits */\n }\n } /* literal or match pair ? */\n\n /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */\n //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,\n // \"pendingBuf overflow\");\n\n } while (lx < s.last_lit);\n }\n\n send_code(s, END_BLOCK, ltree);\n}\n\n\n/* ===========================================================================\n * Construct one Huffman tree and assigns the code bit strings and lengths.\n * Update the total bit length for the current block.\n * IN assertion: the field freq is set for all tree elements.\n * OUT assertions: the fields len and code are set to the optimal bit length\n * and corresponding code. The length opt_len is updated; static_len is\n * also updated if stree is not null. The field max_code is set.\n */\nfunction build_tree(s, desc)\n// deflate_state *s;\n// tree_desc *desc; /* the tree descriptor */\n{\n const tree = desc.dyn_tree;\n const stree = desc.stat_desc.static_tree;\n const has_stree = desc.stat_desc.has_stree;\n const elems = desc.stat_desc.elems;\n let n, m; /* iterate over heap elements */\n let max_code = -1; /* largest code with non zero frequency */\n let node; /* new node being created */\n\n /* Construct the initial heap, with least frequent element in\n * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].\n * heap[0] is not used.\n */\n s.heap_len = 0;\n s.heap_max = HEAP_SIZE;\n\n for (n = 0; n < elems; n++) {\n if (tree[n * 2]/*.Freq*/ !== 0) {\n s.heap[++s.heap_len] = max_code = n;\n s.depth[n] = 0;\n\n } else {\n tree[n * 2 + 1]/*.Len*/ = 0;\n }\n }\n\n /* The pkzip format requires that at least one distance code exists,\n * and that at least one bit should be sent even if there is only one\n * possible code. So to avoid special checks later on we force at least\n * two codes of non zero frequency.\n */\n while (s.heap_len < 2) {\n node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0;\n tree[node * 2]/*.Freq*/ = 1;\n s.depth[node] = 0;\n s.opt_len--;\n\n if (has_stree) {\n s.static_len -= stree[node * 2 + 1]/*.Len*/;\n }\n /* node is 0 or 1 so it does not have extra bits */\n }\n desc.max_code = max_code;\n\n /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,\n * establish sub-heaps of increasing lengths:\n */\n for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) {\n pqdownheap(s, tree, n); \n }\n\n /* Construct the Huffman tree by repeatedly combining the least two\n * frequent nodes.\n */\n node = elems; /* next internal node of the tree */\n do {\n //pqremove(s, tree, n); /* n = node of least frequency */\n /*** pqremove ***/\n n = s.heap[1/*SMALLEST*/];\n s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--];\n pqdownheap(s, tree, 1/*SMALLEST*/);\n /***/\n\n m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */\n\n s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */\n s.heap[--s.heap_max] = m;\n\n /* Create a new node father of n and m */\n tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/;\n s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1;\n tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node;\n\n /* and insert the new node in the heap */\n s.heap[1/*SMALLEST*/] = node++;\n pqdownheap(s, tree, 1/*SMALLEST*/);\n\n } while (s.heap_len >= 2);\n\n s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/];\n\n /* At this point, the fields freq and dad are set. We can now\n * generate the bit lengths.\n */\n gen_bitlen(s, desc);\n\n /* The field len is now set, we can generate the bit codes */\n gen_codes(tree, max_code, s.bl_count);\n}\n\n\n/* ===========================================================================\n * Scan a literal or distance tree to determine the frequencies of the codes\n * in the bit length tree.\n */\nfunction scan_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n s.bl_tree[curlen * 2]/*.Freq*/ += count;\n\n } else if (curlen !== 0) {\n\n if (curlen !== prevlen) {\n s.bl_tree[curlen * 2]/*.Freq*/++; \n }\n s.bl_tree[REP_3_6 * 2]/*.Freq*/++;\n\n } else if (count <= 10) {\n s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++;\n\n } else {\n s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++;\n }\n\n count = 0;\n prevlen = curlen;\n\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Send a literal or distance tree in compressed form, using the codes in\n * bl_tree.\n */\nfunction send_tree(s, tree, max_code)\n// deflate_state *s;\n// ct_data *tree; /* the tree to be scanned */\n// int max_code; /* and its largest code of non zero frequency */\n{\n let n; /* iterates over all tree elements */\n let prevlen = -1; /* last emitted length */\n let curlen; /* length of current code */\n\n let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */\n\n let count = 0; /* repeat count of the current code */\n let max_count = 7; /* max repeat count */\n let min_count = 4; /* min repeat count */\n\n /* tree[max_code+1].Len = -1; */ /* guard already set */\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n }\n\n for (n = 0; n <= max_code; n++) {\n curlen = nextlen;\n nextlen = tree[(n + 1) * 2 + 1]/*.Len*/;\n\n if (++count < max_count && curlen === nextlen) {\n continue;\n\n } else if (count < min_count) {\n do {\n send_code(s, curlen, s.bl_tree); \n } while (--count !== 0);\n\n } else if (curlen !== 0) {\n if (curlen !== prevlen) {\n send_code(s, curlen, s.bl_tree);\n count--;\n }\n //Assert(count >= 3 && count <= 6, \" 3_6?\");\n send_code(s, REP_3_6, s.bl_tree);\n send_bits(s, count - 3, 2);\n\n } else if (count <= 10) {\n send_code(s, REPZ_3_10, s.bl_tree);\n send_bits(s, count - 3, 3);\n\n } else {\n send_code(s, REPZ_11_138, s.bl_tree);\n send_bits(s, count - 11, 7);\n }\n\n count = 0;\n prevlen = curlen;\n if (nextlen === 0) {\n max_count = 138;\n min_count = 3;\n\n } else if (curlen === nextlen) {\n max_count = 6;\n min_count = 3;\n\n } else {\n max_count = 7;\n min_count = 4;\n }\n }\n}\n\n\n/* ===========================================================================\n * Construct the Huffman tree for the bit lengths and return the index in\n * bl_order of the last bit length code to send.\n */\nfunction build_bl_tree(s) {\n let max_blindex; /* index of last bit length code of non zero freq */\n\n /* Determine the bit length frequencies for literal and distance trees */\n scan_tree(s, s.dyn_ltree, s.l_desc.max_code);\n scan_tree(s, s.dyn_dtree, s.d_desc.max_code);\n\n /* Build the bit length tree: */\n build_tree(s, s.bl_desc);\n /* opt_len now includes the length of the tree representations, except\n * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.\n */\n\n /* Determine the number of bit length codes to send. The pkzip format\n * requires that at least 4 bit length codes be sent. (appnote.txt says\n * 3 but the actual value used is 4.)\n */\n for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) {\n if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) {\n break;\n }\n }\n /* Update opt_len to include the bit length tree and counts */\n s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;\n //Tracev((stderr, \"\\ndyn trees: dyn %ld, stat %ld\",\n // s->opt_len, s->static_len));\n\n return max_blindex;\n}\n\n\n/* ===========================================================================\n * Send the header for a block using dynamic Huffman trees: the counts, the\n * lengths of the bit length codes, the literal tree and the distance tree.\n * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.\n */\nfunction send_all_trees(s, lcodes, dcodes, blcodes)\n// deflate_state *s;\n// int lcodes, dcodes, blcodes; /* number of codes for each tree */\n{\n let rank; /* index in bl_order */\n\n //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, \"not enough codes\");\n //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,\n // \"too many codes\");\n //Tracev((stderr, \"\\nbl counts: \"));\n send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */\n send_bits(s, dcodes - 1, 5);\n send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */\n for (rank = 0; rank < blcodes; rank++) {\n //Tracev((stderr, \"\\nbl code %2d \", bl_order[rank]));\n send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3);\n }\n //Tracev((stderr, \"\\nbl tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */\n //Tracev((stderr, \"\\nlit tree: sent %ld\", s->bits_sent));\n\n send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */\n //Tracev((stderr, \"\\ndist tree: sent %ld\", s->bits_sent));\n}\n\n\n/* ===========================================================================\n * Check if the data type is TEXT or BINARY, using the following algorithm:\n * - TEXT if the two conditions below are satisfied:\n * a) There are no non-portable control characters belonging to the\n * \"black list\" (0..6, 14..25, 28..31).\n * b) There is at least one printable character belonging to the\n * \"white list\" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).\n * - BINARY otherwise.\n * - The following partially-portable control characters form a\n * \"gray list\" that is ignored in this detection algorithm:\n * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).\n * IN assertion: the fields Freq of dyn_ltree are set.\n */\nfunction detect_data_type(s) {\n /* black_mask is the bit mask of black-listed bytes\n * set bits 0..6, 14..25, and 28..31\n * 0xf3ffc07f = binary 11110011111111111100000001111111\n */\n let black_mask = 0xf3ffc07f;\n let n;\n\n /* Check for non-textual (\"black-listed\") bytes. */\n for (n = 0; n <= 31; n++, black_mask >>>= 1) {\n if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_BINARY;\n }\n }\n\n /* Check for textual (\"white-listed\") bytes. */\n if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||\n s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n for (n = 32; n < LITERALS; n++) {\n if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) {\n return Z_TEXT;\n }\n }\n\n /* There are no \"black-listed\" or \"white-listed\" bytes:\n * this stream either is empty or has tolerated (\"gray-listed\") bytes only.\n */\n return Z_BINARY;\n}\n\n\nlet static_init_done = false;\n\n/* ===========================================================================\n * Initialize the tree data structures for a new zlib stream.\n */\nfunction _tr_init(s) {\n\n if (!static_init_done) {\n tr_static_init();\n static_init_done = true;\n }\n\n s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc);\n s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc);\n s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc);\n\n s.bi_buf = 0;\n s.bi_valid = 0;\n\n /* Initialize the first block of the first file: */\n init_block(s);\n}\n\n\n/* ===========================================================================\n * Send a stored block\n */\nfunction _tr_stored_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */\n copy_block(s, buf, stored_len, true); /* with header */\n}\n\n\n/* ===========================================================================\n * Send one empty static block to give enough lookahead for inflate.\n * This takes 10 bits, of which 7 may remain in the bit buffer.\n */\nfunction _tr_align(s) {\n send_bits(s, STATIC_TREES << 1, 3);\n send_code(s, END_BLOCK, static_ltree);\n bi_flush(s);\n}\n\n\n/* ===========================================================================\n * Determine the best encoding for the current block: dynamic trees, static\n * trees or store, and output the encoded block to the zip file.\n */\nfunction _tr_flush_block(s, buf, stored_len, last)\n//DeflateState *s;\n//charf *buf; /* input block, or NULL if too old */\n//ulg stored_len; /* length of input block */\n//int last; /* one if this is the last block for a file */\n{\n let opt_lenb, static_lenb; /* opt_len and static_len in bytes */\n let max_blindex = 0; /* index of last bit length code of non zero freq */\n\n /* Build the Huffman trees unless a stored block is forced */\n if (s.level > 0) {\n\n /* Check if the file is binary or text */\n if (s.strm.data_type === Z_UNKNOWN) {\n s.strm.data_type = detect_data_type(s);\n }\n\n /* Construct the literal and distance trees */\n build_tree(s, s.l_desc);\n // Tracev((stderr, \"\\nlit data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n\n build_tree(s, s.d_desc);\n // Tracev((stderr, \"\\ndist data: dyn %ld, stat %ld\", s->opt_len,\n // s->static_len));\n /* At this point, opt_len and static_len are the total bit lengths of\n * the compressed block data, excluding the tree representations.\n */\n\n /* Build the bit length tree for the above two trees, and get the index\n * in bl_order of the last bit length code to send.\n */\n max_blindex = build_bl_tree(s);\n\n /* Determine the best encoding. Compute the block lengths in bytes. */\n opt_lenb = s.opt_len + 3 + 7 >>> 3;\n static_lenb = s.static_len + 3 + 7 >>> 3;\n\n // Tracev((stderr, \"\\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u \",\n // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,\n // s->last_lit));\n\n if (static_lenb <= opt_lenb) {\n opt_lenb = static_lenb; \n }\n\n } else {\n // Assert(buf != (char*)0, \"lost buf\");\n opt_lenb = static_lenb = stored_len + 5; /* force a stored block */\n }\n\n if (stored_len + 4 <= opt_lenb && buf !== -1) {\n /* 4: two words for the lengths */\n\n /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.\n * Otherwise we can't have processed more than WSIZE input bytes since\n * the last block flush, because compression would have been\n * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to\n * transform a block into a stored block.\n */\n _tr_stored_block(s, buf, stored_len, last);\n\n } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) {\n\n send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3);\n compress_block(s, static_ltree, static_dtree);\n\n } else {\n send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3);\n send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1);\n compress_block(s, s.dyn_ltree, s.dyn_dtree);\n }\n // Assert (s->compressed_len == s->bits_sent, \"bad compressed size\");\n /* The above check is made mod 2^32, for files larger than 512 MB\n * and uLong implemented on 32 bits.\n */\n init_block(s);\n\n if (last) {\n bi_windup(s);\n }\n // Tracev((stderr,\"\\ncomprlen %lu(%lu) \", s->compressed_len>>3,\n // s->compressed_len-7*last));\n}\n\n/* ===========================================================================\n * Save the match info and tally the frequency counts. Return true if\n * the current block must be flushed.\n */\nfunction _tr_tally(s, dist, lc)\n// deflate_state *s;\n// unsigned dist; /* distance of matched string */\n// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */\n{\n //var out_length, in_length, dcode;\n\n s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff;\n s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff;\n\n s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff;\n s.last_lit++;\n\n if (dist === 0) {\n /* lc is the unmatched char */\n s.dyn_ltree[lc * 2]/*.Freq*/++;\n } else {\n s.matches++;\n /* Here, lc is the match length - MIN_MATCH */\n dist--; /* dist = match distance - 1 */\n //Assert((ush)dist < (ush)MAX_DIST(s) &&\n // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&\n // (ush)d_code(dist) < (ush)D_CODES, \"_tr_tally: bad match\");\n\n s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++;\n s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n\n //#ifdef TRUNCATE_BLOCK\n // /* Try to guess if it is profitable to stop the current block here */\n // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) {\n // /* Compute an upper bound for the compressed length */\n // out_length = s.last_lit*8;\n // in_length = s.strstart - s.block_start;\n //\n // for (dcode = 0; dcode < D_CODES; dcode++) {\n // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]);\n // }\n // out_length >>>= 3;\n // //Tracev((stderr,\"\\nlast_lit %u, in %ld, out ~%ld(%ld%%) \",\n // // s->last_lit, in_length, out_length,\n // // 100L - out_length*100L/in_length));\n // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) {\n // return true;\n // }\n // }\n //#endif\n\n return s.last_lit === s.lit_bufsize - 1;\n /* We avoid equality with lit_bufsize because of wraparound at 64K\n * on 16 bit machines and because stored blocks are restricted to\n * 64K-1 bytes.\n */\n}\n\nexport {\n _tr_init,\n _tr_stored_block,\n _tr_flush_block,\n _tr_tally,\n _tr_align\n};","\n\n// Note: adler32 takes 12% for level 0 and 2% for level 6.\n// It isn't worth it to make additional optimizations as in original.\n// Small size is preferable.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default function adler32(adler, buf, len, pos) {\n let s1 = adler & 0xffff |0,\n s2 = adler >>> 16 & 0xffff |0,\n n = 0;\n\n while (len !== 0) {\n // Set limit ~ twice less than 5552, to keep\n // s2 in 31-bits, because we force signed ints.\n // in other case %= will fail.\n n = len > 2000 ? 2000 : len;\n len -= n;\n\n do {\n s1 = s1 + buf[pos++] |0;\n s2 = s2 + s1 |0;\n } while (--n);\n\n s1 %= 65521;\n s2 %= 65521;\n }\n\n return s1 | s2 << 16 |0;\n}\n","\n\n// Note: we can't get significant speed boost here.\n// So write code to minimize size - no pregenerated tables\n// and array tools dependencies.\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// Use ordinary array, since untyped makes no boost here\nfunction makeTable() {\n let c;\n const table = [];\n\n for (let n = 0; n < 256; n++) {\n c = n;\n for (let k = 0; k < 8; k++) {\n c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1;\n }\n table[n] = c;\n }\n\n return table;\n}\n\n// Create table on load. Just 255 signed longs. Not a problem.\nconst crcTable = makeTable();\n\n\nexport default function crc32(crc, buf, len, pos) {\n const t = crcTable,\n end = pos + len;\n\n crc ^= -1;\n\n for (let i = pos; i < end; i++) {\n crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF];\n }\n\n return crc ^ -1; // >>> 0;\n}","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default {\n 2: \"need dictionary\", /* Z_NEED_DICT 2 */\n 1: \"stream end\", /* Z_STREAM_END 1 */\n 0: \"\", /* Z_OK 0 */\n \"-1\": \"file error\", /* Z_ERRNO (-1) */\n \"-2\": \"stream error\", /* Z_STREAM_ERROR (-2) */\n \"-3\": \"data error\", /* Z_DATA_ERROR (-3) */\n \"-4\": \"insufficient memory\", /* Z_MEM_ERROR (-4) */\n \"-5\": \"buffer error\", /* Z_BUF_ERROR (-5) */\n \"-6\": \"incompatible version\" /* Z_VERSION_ERROR (-6) */\n};\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport * as trees from \"./trees.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport msg from \"./messages.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_NO_FLUSH,\n Z_PARTIAL_FLUSH,\n Z_FULL_FLUSH,\n Z_FINISH,\n Z_BLOCK,\n Z_OK,\n Z_STREAM_END,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFAULT_COMPRESSION,\n Z_FILTERED,\n Z_HUFFMAN_ONLY,\n Z_RLE,\n Z_FIXED,\n Z_DEFAULT_STRATEGY,\n Z_UNKNOWN,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/*============================================================================*/\n\n\nconst MAX_MEM_LEVEL = 9;\n/* Maximum value for memLevel in deflateInit2 */\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_MEM_LEVEL = 8;\n\n\nconst LENGTH_CODES = 29;\n/* number of length codes, not counting the special END_BLOCK code */\nconst LITERALS = 256;\n/* number of literal bytes 0..255 */\nconst L_CODES = LITERALS + 1 + LENGTH_CODES;\n/* number of Literal or Length codes, including the END_BLOCK code */\nconst D_CODES = 30;\n/* number of distance codes */\nconst BL_CODES = 19;\n/* number of codes used to transfer the bit lengths */\nconst HEAP_SIZE = 2 * L_CODES + 1;\n/* maximum heap size */\nconst MAX_BITS = 15;\n/* All codes must not exceed MAX_BITS bits */\n\nconst MIN_MATCH = 3;\nconst MAX_MATCH = 258;\nconst MIN_LOOKAHEAD = (MAX_MATCH + MIN_MATCH + 1);\n\nconst PRESET_DICT = 0x20;\n\nconst INIT_STATE = 42;\nconst EXTRA_STATE = 69;\nconst NAME_STATE = 73;\nconst COMMENT_STATE = 91;\nconst HCRC_STATE = 103;\nconst BUSY_STATE = 113;\nconst FINISH_STATE = 666;\n\nconst BS_NEED_MORE = 1; /* block not completed, need more input or more output */\nconst BS_BLOCK_DONE = 2; /* block flush performed */\nconst BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */\nconst BS_FINISH_DONE = 4; /* finish done, accept no more input or output */\n\nconst OS_CODE = 0x03; // Unix :) . Don't detect, use this default.\n\nfunction err(strm, errorCode) {\n strm.msg = msg[errorCode];\n return errorCode;\n}\n\nfunction rank(f) {\n return ((f) << 1) - ((f) > 4 ? 9 : 0);\n}\n\nfunction zero(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } }\n\n\n/* =========================================================================\n * Flush as much pending output as possible. All deflate() output goes\n * through this function so some applications may wish to modify it\n * to avoid allocating a large strm->output buffer and copying into it.\n * (See also read_buf()).\n */\nfunction flush_pending(strm) {\n const s = strm.state;\n\n //_tr_flush_bits(s);\n let len = s.pending;\n if (len > strm.avail_out) {\n len = strm.avail_out;\n }\n if (len === 0) { return; }\n\n utils.arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out);\n strm.next_out += len;\n s.pending_out += len;\n strm.total_out += len;\n strm.avail_out -= len;\n s.pending -= len;\n if (s.pending === 0) {\n s.pending_out = 0;\n }\n}\n\n\nfunction flush_block_only(s, last) {\n trees._tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last);\n s.block_start = s.strstart;\n flush_pending(s.strm);\n}\n\n\nfunction put_byte(s, b) {\n s.pending_buf[s.pending++] = b;\n}\n\n\n/* =========================================================================\n * Put a short in the pending buffer. The 16-bit value is put in MSB order.\n * IN assertion: the stream state is correct and there is enough room in\n * pending_buf.\n */\nfunction putShortMSB(s, b) {\n // put_byte(s, (Byte)(b >> 8));\n // put_byte(s, (Byte)(b & 0xff));\n s.pending_buf[s.pending++] = (b >>> 8) & 0xff;\n s.pending_buf[s.pending++] = b & 0xff;\n}\n\n\n/* ===========================================================================\n * Read a new buffer from the current input stream, update the adler32\n * and total number of bytes read. All deflate() input goes through\n * this function so some applications may wish to modify it to avoid\n * allocating a large strm->input buffer and copying from it.\n * (See also flush_pending()).\n */\nfunction read_buf(strm, buf, start, size) {\n let len = strm.avail_in;\n\n if (len > size) { len = size; }\n if (len === 0) { return 0; }\n\n strm.avail_in -= len;\n\n // zmemcpy(buf, strm->next_in, len);\n utils.arraySet(buf, strm.input, strm.next_in, len, start);\n if (strm.state.wrap === 1) {\n strm.adler = adler32(strm.adler, buf, len, start);\n }\n\n else if (strm.state.wrap === 2) {\n strm.adler = crc32(strm.adler, buf, len, start);\n }\n\n strm.next_in += len;\n strm.total_in += len;\n\n return len;\n}\n\n\n/* ===========================================================================\n * Set match_start to the longest match starting at the given string and\n * return its length. Matches shorter or equal to prev_length are discarded,\n * in which case the result is equal to prev_length and match_start is\n * garbage.\n * IN assertions: cur_match is the head of the hash chain for the current\n * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1\n * OUT assertion: the match length is not greater than s->lookahead.\n */\nfunction longest_match(s, cur_match) {\n let chain_length = s.max_chain_length; /* max hash chain length */\n let scan = s.strstart; /* current string */\n let match; /* matched string */\n let len; /* length of current match */\n let best_len = s.prev_length; /* best match length so far */\n let nice_match = s.nice_match; /* stop if match long enough */\n const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ?\n s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/;\n\n const _win = s.window; // shortcut\n\n const wmask = s.w_mask;\n const prev = s.prev;\n\n /* Stop when cur_match becomes <= limit. To simplify the code,\n * we prevent matches with the string of window index 0.\n */\n\n const strend = s.strstart + MAX_MATCH;\n let scan_end1 = _win[scan + best_len - 1];\n let scan_end = _win[scan + best_len];\n\n /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.\n * It is easy to get rid of this optimization if necessary.\n */\n // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, \"Code too clever\");\n\n /* Do not waste too much time if we already have a good match: */\n if (s.prev_length >= s.good_match) {\n chain_length >>= 2;\n }\n /* Do not look for matches beyond the end of the input. This is necessary\n * to make deflate deterministic.\n */\n if (nice_match > s.lookahead) { nice_match = s.lookahead; }\n\n // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, \"need lookahead\");\n\n do {\n // Assert(cur_match < s->strstart, \"no future\");\n match = cur_match;\n\n /* Skip to next match if the match length cannot increase\n * or if the match length is less than 2. Note that the checks below\n * for insufficient lookahead only occur occasionally for performance\n * reasons. Therefore uninitialized memory will be accessed, and\n * conditional jumps will be made that depend on those values.\n * However the length of the match is limited to the lookahead, so\n * the output of deflate is not affected by the uninitialized values.\n */\n\n if (_win[match + best_len] !== scan_end ||\n _win[match + best_len - 1] !== scan_end1 ||\n _win[match] !== _win[scan] ||\n _win[++match] !== _win[scan + 1]) {\n continue;\n }\n\n /* The check at best_len-1 can be removed because it will be made\n * again later. (This heuristic is not always a win.)\n * It is not necessary to compare scan[2] and match[2] since they\n * are always equal when the other bytes match, given that\n * the hash keys are equal and that HASH_BITS >= 8.\n */\n scan += 2;\n match++;\n // Assert(*scan == *match, \"match[2]?\");\n\n /* We check for insufficient lookahead only every 8th comparison;\n * the 256th check will be made at strstart+258.\n */\n do {\n /*jshint noempty:false*/\n } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n _win[++scan] === _win[++match] && _win[++scan] === _win[++match] &&\n scan < strend);\n\n // Assert(scan <= s->window+(unsigned)(s->window_size-1), \"wild scan\");\n\n len = MAX_MATCH - (strend - scan);\n scan = strend - MAX_MATCH;\n\n if (len > best_len) {\n s.match_start = cur_match;\n best_len = len;\n if (len >= nice_match) {\n break;\n }\n scan_end1 = _win[scan + best_len - 1];\n scan_end = _win[scan + best_len];\n }\n } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0);\n\n if (best_len <= s.lookahead) {\n return best_len;\n }\n return s.lookahead;\n}\n\n\n/* ===========================================================================\n * Fill the window when the lookahead becomes insufficient.\n * Updates strstart and lookahead.\n *\n * IN assertion: lookahead < MIN_LOOKAHEAD\n * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD\n * At least one byte has been read, or avail_in == 0; reads are\n * performed for at least two bytes (required for the zip translate_eol\n * option -- not supported here).\n */\nfunction fill_window(s) {\n const _w_size = s.w_size;\n let p, n, m, more, str;\n\n //Assert(s->lookahead < MIN_LOOKAHEAD, \"already enough lookahead\");\n\n do {\n more = s.window_size - s.lookahead - s.strstart;\n\n // JS ints have 32 bit, block below not needed\n /* Deal with !@#$% 64K limit: */\n //if (sizeof(int) <= 2) {\n // if (more == 0 && s->strstart == 0 && s->lookahead == 0) {\n // more = wsize;\n //\n // } else if (more == (unsigned)(-1)) {\n // /* Very unlikely, but possible on 16 bit machine if\n // * strstart == 0 && lookahead == 1 (input done a byte at time)\n // */\n // more--;\n // }\n //}\n\n\n /* If the window is almost full and there is insufficient lookahead,\n * move the upper half to the lower one to make room in the upper half.\n */\n if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) {\n\n utils.arraySet(s.window, s.window, _w_size, _w_size, 0);\n s.match_start -= _w_size;\n s.strstart -= _w_size;\n /* we now have strstart >= MAX_DIST */\n s.block_start -= _w_size;\n\n /* Slide the hash table (could be avoided with 32 bit values\n at the expense of memory usage). We slide even when level == 0\n to keep the hash table consistent if we switch back to level > 0\n later. (Using level 0 permanently is not an optimal usage of\n zlib, so we don't care about this pathological case.)\n */\n\n n = s.hash_size;\n p = n;\n do {\n m = s.head[--p];\n s.head[p] = (m >= _w_size ? m - _w_size : 0);\n } while (--n);\n\n n = _w_size;\n p = n;\n do {\n m = s.prev[--p];\n s.prev[p] = (m >= _w_size ? m - _w_size : 0);\n /* If n is not on any hash chain, prev[n] is garbage but\n * its value will never be used.\n */\n } while (--n);\n\n more += _w_size;\n }\n if (s.strm.avail_in === 0) {\n break;\n }\n\n /* If there was no sliding:\n * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&\n * more == window_size - lookahead - strstart\n * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)\n * => more >= window_size - 2*WSIZE + 2\n * In the BIG_MEM or MMAP case (not yet supported),\n * window_size == input_size + MIN_LOOKAHEAD &&\n * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.\n * Otherwise, window_size == 2*WSIZE so more >= 2.\n * If there was sliding, more >= WSIZE. So in all cases, more >= 2.\n */\n //Assert(more >= 2, \"more < 2\");\n n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more);\n s.lookahead += n;\n\n /* Initialize the hash value now that we have some input: */\n if (s.lookahead + s.insert >= MIN_MATCH) {\n str = s.strstart - s.insert;\n s.ins_h = s.window[str];\n\n /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask;\n //#if MIN_MATCH != 3\n // Call update_hash() MIN_MATCH-3 more times\n //#endif\n while (s.insert) {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = str;\n str++;\n s.insert--;\n if (s.lookahead + s.insert < MIN_MATCH) {\n break;\n }\n }\n }\n /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,\n * but this is not important since only literal bytes will be emitted.\n */\n\n } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0);\n\n /* If the WIN_INIT bytes after the end of the current data have never been\n * written, then zero those bytes in order to avoid memory check reports of\n * the use of uninitialized (or uninitialised as Julian writes) bytes by\n * the longest match routines. Update the high water mark for the next\n * time through here. WIN_INIT is set to MAX_MATCH since the longest match\n * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.\n */\n // if (s.high_water < s.window_size) {\n // var curr = s.strstart + s.lookahead;\n // var init = 0;\n //\n // if (s.high_water < curr) {\n // /* Previous high water mark below current data -- zero WIN_INIT\n // * bytes or up to end of window, whichever is less.\n // */\n // init = s.window_size - curr;\n // if (init > WIN_INIT)\n // init = WIN_INIT;\n // zmemzero(s->window + curr, (unsigned)init);\n // s->high_water = curr + init;\n // }\n // else if (s->high_water < (ulg)curr + WIN_INIT) {\n // /* High water mark at or above current data, but below current data\n // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up\n // * to end of window, whichever is less.\n // */\n // init = (ulg)curr + WIN_INIT - s->high_water;\n // if (init > s->window_size - s->high_water)\n // init = s->window_size - s->high_water;\n // zmemzero(s->window + s->high_water, (unsigned)init);\n // s->high_water += init;\n // }\n // }\n //\n // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,\n // \"not enough room for search\");\n}\n\n/* ===========================================================================\n * Copy without compression as much as possible from the input stream, return\n * the current block state.\n * This function does not insert new strings in the dictionary since\n * uncompressible data is probably not useful. This function is used\n * only for the level=0 compression option.\n * NOTE: this function should be optimized to avoid extra copying from\n * window to pending_buf.\n */\nfunction deflate_stored(s, flush) {\n /* Stored blocks are limited to 0xffff bytes, pending_buf is limited\n * to pending_buf_size, and each stored block has a 5 byte header:\n */\n let max_block_size = 0xffff;\n\n if (max_block_size > s.pending_buf_size - 5) {\n max_block_size = s.pending_buf_size - 5;\n }\n\n /* Copy as much as possible from input to output: */\n for (; ;) {\n /* Fill the window as much as possible: */\n if (s.lookahead <= 1) {\n\n //Assert(s->strstart < s->w_size+MAX_DIST(s) ||\n // s->block_start >= (long)s->w_size, \"slide too late\");\n // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) ||\n // s.block_start >= s.w_size)) {\n // throw new Error(\"slide too late\");\n // }\n\n fill_window(s);\n if (s.lookahead === 0 && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n\n if (s.lookahead === 0) {\n break;\n }\n /* flush the current block */\n }\n //Assert(s->block_start >= 0L, \"block gone\");\n // if (s.block_start < 0) throw new Error(\"block gone\");\n\n s.strstart += s.lookahead;\n s.lookahead = 0;\n\n /* Emit a stored block if pending_buf will be full: */\n const max_start = s.block_start + max_block_size;\n\n if (s.strstart === 0 || s.strstart >= max_start) {\n /* strstart == 0 is possible when wraparound on 16-bit machine */\n s.lookahead = s.strstart - max_start;\n s.strstart = max_start;\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n\n\n }\n /* Flush if we may have to slide, otherwise block_start may become\n * negative and the data will be gone:\n */\n if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n\n s.insert = 0;\n\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n\n if (s.strstart > s.block_start) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_NEED_MORE;\n}\n\n/* ===========================================================================\n * Compress as much as possible from the input stream, return the current\n * block state.\n * This function does not perform lazy evaluation of matches and inserts\n * new strings in the dictionary only for unmatched strings or for short\n * matches. It is used only for the fast compression options.\n */\nfunction deflate_fast(s, flush) {\n let hash_head; /* head of the hash chain */\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) {\n break; /* flush the current block */\n }\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n * At this point we have always match_length < MIN_MATCH\n */\n if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n }\n if (s.match_length >= MIN_MATCH) {\n // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only\n\n /*** _tr_tally_dist(s, s.strstart - s.match_start,\n s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n\n /* Insert new strings in the hash table only if the match length\n * is not too large. This saves time but degrades compression.\n */\n if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH) {\n s.match_length--; /* string at strstart already in table */\n do {\n s.strstart++;\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n /* strstart never exceeds WSIZE-MAX_MATCH, so there are\n * always MIN_MATCH bytes ahead.\n */\n } while (--s.match_length !== 0);\n s.strstart++;\n } else {\n s.strstart += s.match_length;\n s.match_length = 0;\n s.ins_h = s.window[s.strstart];\n /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask;\n\n //#if MIN_MATCH != 3\n // Call UPDATE_HASH() MIN_MATCH-3 more times\n //#endif\n /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not\n * matter since it will be recomputed at next deflate call.\n */\n }\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s.window[s.strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = ((s.strstart < (MIN_MATCH - 1)) ? s.strstart : MIN_MATCH - 1);\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * Same as above, but achieves better compression. We use a lazy\n * evaluation for matches: a match is finally adopted only if there is\n * no better match at the next window position.\n */\nfunction deflate_slow(s, flush) {\n let hash_head; /* head of hash chain */\n let bflush; /* set if current block must be flushed */\n\n let max_insert;\n\n /* Process the input block. */\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the next match, plus MIN_MATCH bytes to insert the\n * string following the next match.\n */\n if (s.lookahead < MIN_LOOKAHEAD) {\n fill_window(s);\n if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* Insert the string window[strstart .. strstart+2] in the\n * dictionary, and set hash_head to the head of the hash chain:\n */\n hash_head = 0/*NIL*/;\n if (s.lookahead >= MIN_MATCH) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n\n /* Find the longest match, discarding those <= prev_length.\n */\n s.prev_length = s.match_length;\n s.prev_match = s.match_start;\n s.match_length = MIN_MATCH - 1;\n\n if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match &&\n s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) {\n /* To simplify the code, we prevent matches with the string\n * of window index 0 (in particular we have to avoid a match\n * of the string with itself at the start of the input file).\n */\n s.match_length = longest_match(s, hash_head);\n /* longest_match() sets match_start */\n\n if (s.match_length <= 5 &&\n (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH && s.strstart - s.match_start > 4096/*TOO_FAR*/))) {\n\n /* If prev_match is also MIN_MATCH, match_start is garbage\n * but we will ignore the current match anyway.\n */\n s.match_length = MIN_MATCH - 1;\n }\n }\n /* If there was a match at the previous step and the current\n * match is not better, output the previous match:\n */\n if (s.prev_length >= MIN_MATCH && s.match_length <= s.prev_length) {\n max_insert = s.strstart + s.lookahead - MIN_MATCH;\n /* Do not insert strings in hash table beyond this. */\n\n //check_match(s, s.strstart-1, s.prev_match, s.prev_length);\n\n /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match,\n s.prev_length - MIN_MATCH, bflush);***/\n bflush = trees._tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH);\n /* Insert in hash table all strings up to the end of the match.\n * strstart-1 and strstart are already inserted. If there is not\n * enough lookahead, the last two strings are not inserted in\n * the hash table.\n */\n s.lookahead -= s.prev_length - 1;\n s.prev_length -= 2;\n do {\n if (++s.strstart <= max_insert) {\n /*** INSERT_STRING(s, s.strstart, hash_head); ***/\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH - 1]) & s.hash_mask;\n hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h];\n s.head[s.ins_h] = s.strstart;\n /***/\n }\n } while (--s.prev_length !== 0);\n s.match_available = 0;\n s.match_length = MIN_MATCH - 1;\n s.strstart++;\n\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n } else if (s.match_available) {\n /* If there was no match at the previous position, output a\n * single literal. If there was a match but the current match\n * is longer, truncate the previous match to a single literal.\n */\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n if (bflush) {\n /*** FLUSH_BLOCK_ONLY(s, 0) ***/\n flush_block_only(s, false);\n /***/\n }\n s.strstart++;\n s.lookahead--;\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n } else {\n /* There is no previous match to compare with, wait for\n * the next step to decide.\n */\n s.match_available = 1;\n s.strstart++;\n s.lookahead--;\n }\n }\n //Assert (flush != Z_NO_FLUSH, \"no flush?\");\n if (s.match_available) {\n //Tracevv((stderr,\"%c\", s->window[s->strstart-1]));\n /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart - 1]);\n\n s.match_available = 0;\n }\n s.insert = s.strstart < MIN_MATCH - 1 ? s.strstart : MIN_MATCH - 1;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n\n return BS_BLOCK_DONE;\n}\n\n\n/* ===========================================================================\n * For Z_RLE, simply look for runs of bytes, generate matches only of distance\n * one. Do not maintain a hash table. (It will be regenerated if this run of\n * deflate switches away from Z_RLE.)\n */\nfunction deflate_rle(s, flush) {\n let bflush; /* set if current block must be flushed */\n let prev; /* byte at distance one to match */\n let scan, strend; /* scan goes up to strend for length of run */\n\n const _win = s.window;\n\n for (; ;) {\n /* Make sure that we always have enough lookahead, except\n * at the end of the input file. We need MAX_MATCH bytes\n * for the longest run, plus one for the unrolled loop.\n */\n if (s.lookahead <= MAX_MATCH) {\n fill_window(s);\n if (s.lookahead <= MAX_MATCH && flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n if (s.lookahead === 0) { break; } /* flush the current block */\n }\n\n /* See how many times the previous byte repeats */\n s.match_length = 0;\n if (s.lookahead >= MIN_MATCH && s.strstart > 0) {\n scan = s.strstart - 1;\n prev = _win[scan];\n if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) {\n strend = s.strstart + MAX_MATCH;\n do {\n /*jshint noempty:false*/\n } while (prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n prev === _win[++scan] && prev === _win[++scan] &&\n scan < strend);\n s.match_length = MAX_MATCH - (strend - scan);\n if (s.match_length > s.lookahead) {\n s.match_length = s.lookahead;\n }\n }\n //Assert(scan <= s->window+(uInt)(s->window_size-1), \"wild scan\");\n }\n\n /* Emit match if have run of MIN_MATCH or longer, else emit literal */\n if (s.match_length >= MIN_MATCH) {\n //check_match(s, s.strstart, s.strstart - 1, s.match_length);\n\n /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/\n bflush = trees._tr_tally(s, 1, s.match_length - MIN_MATCH);\n\n s.lookahead -= s.match_length;\n s.strstart += s.match_length;\n s.match_length = 0;\n } else {\n /* No match, output a literal byte */\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n\n s.lookahead--;\n s.strstart++;\n }\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* ===========================================================================\n * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table.\n * (It will be regenerated if this run of deflate switches away from Huffman.)\n */\nfunction deflate_huff(s, flush) {\n let bflush; /* set if current block must be flushed */\n\n for (; ;) {\n /* Make sure that we have a literal to write. */\n if (s.lookahead === 0) {\n fill_window(s);\n if (s.lookahead === 0) {\n if (flush === Z_NO_FLUSH) {\n return BS_NEED_MORE;\n }\n break; /* flush the current block */\n }\n }\n\n /* Output a literal byte */\n s.match_length = 0;\n //Tracevv((stderr,\"%c\", s->window[s->strstart]));\n /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/\n bflush = trees._tr_tally(s, 0, s.window[s.strstart]);\n s.lookahead--;\n s.strstart++;\n if (bflush) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n }\n s.insert = 0;\n if (flush === Z_FINISH) {\n /*** FLUSH_BLOCK(s, 1); ***/\n flush_block_only(s, true);\n if (s.strm.avail_out === 0) {\n return BS_FINISH_STARTED;\n }\n /***/\n return BS_FINISH_DONE;\n }\n if (s.last_lit) {\n /*** FLUSH_BLOCK(s, 0); ***/\n flush_block_only(s, false);\n if (s.strm.avail_out === 0) {\n return BS_NEED_MORE;\n }\n /***/\n }\n return BS_BLOCK_DONE;\n}\n\n/* Values for max_lazy_match, good_match and max_chain_length, depending on\n * the desired pack level (0..9). The values given below have been tuned to\n * exclude worst case performance for pathological files. Better values may be\n * found for specific files.\n */\nclass Config {\n constructor(good_length, max_lazy, nice_length, max_chain, func) {\n this.good_length = good_length;\n this.max_lazy = max_lazy;\n this.nice_length = nice_length;\n this.max_chain = max_chain;\n this.func = func;\n }\n};\n\nconst configuration_table = [\n /* good lazy nice chain */\n new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */\n new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */\n new Config(4, 5, 16, 8, deflate_fast), /* 2 */\n new Config(4, 6, 32, 32, deflate_fast), /* 3 */\n\n new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */\n new Config(8, 16, 32, 32, deflate_slow), /* 5 */\n new Config(8, 16, 128, 128, deflate_slow), /* 6 */\n new Config(8, 32, 128, 256, deflate_slow), /* 7 */\n new Config(32, 128, 258, 1024, deflate_slow), /* 8 */\n new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */\n];\n\n\n/* ===========================================================================\n * Initialize the \"longest match\" routines for a new zlib stream\n */\nfunction lm_init(s) {\n s.window_size = 2 * s.w_size;\n\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n\n /* Set the default configuration parameters:\n */\n s.max_lazy_match = configuration_table[s.level].max_lazy;\n s.good_match = configuration_table[s.level].good_length;\n s.nice_match = configuration_table[s.level].nice_length;\n s.max_chain_length = configuration_table[s.level].max_chain;\n\n s.strstart = 0;\n s.block_start = 0;\n s.lookahead = 0;\n s.insert = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n s.ins_h = 0;\n}\n\nclass DeflateState {\n constructor() {\n this.strm = null; /* pointer back to this zlib stream */\n this.status = 0; /* as the name implies */\n this.pending_buf = null; /* output still pending */\n this.pending_buf_size = 0; /* size of pending_buf */\n this.pending_out = 0; /* next pending byte to output to the stream */\n this.pending = 0; /* nb of bytes in the pending buffer */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.gzhead = null; /* gzip header information to write */\n this.gzindex = 0; /* where in extra, name, or comment */\n this.method = Z_DEFLATED; /* can only be DEFLATED */\n this.last_flush = -1; /* value of flush param for previous deflate call */\n\n this.w_size = 0; /* LZ77 window size (32K by default) */\n this.w_bits = 0; /* log2(w_size) (8..16) */\n this.w_mask = 0; /* w_size - 1 */\n\n this.window = null;\n /* Sliding window. Input bytes are read into the second half of the window,\n * and move to the first half later to keep a dictionary of at least wSize\n * bytes. With this organization, matches are limited to a distance of\n * wSize-MAX_MATCH bytes, but this ensures that IO is always\n * performed with a length multiple of the block size.\n */\n\n this.window_size = 0;\n /* Actual size of window: 2*wSize, except when the user input buffer\n * is directly used as sliding window.\n */\n\n this.prev = null;\n /* Link to older string with same hash index. To limit the size of this\n * array to 64K, this link is maintained only for the last 32K strings.\n * An index in this array is thus a window index modulo 32K.\n */\n\n this.head = null; /* Heads of the hash chains or NIL. */\n\n this.ins_h = 0; /* hash index of string to be inserted */\n this.hash_size = 0; /* number of elements in hash table */\n this.hash_bits = 0; /* log2(hash_size) */\n this.hash_mask = 0; /* hash_size-1 */\n\n this.hash_shift = 0;\n /* Number of bits by which ins_h must be shifted at each input\n * step. It must be such that after MIN_MATCH steps, the oldest\n * byte no longer takes part in the hash key, that is:\n * hash_shift * MIN_MATCH >= hash_bits\n */\n\n this.block_start = 0;\n /* Window position at the beginning of the current output block. Gets\n * negative when the window is moved backwards.\n */\n\n this.match_length = 0; /* length of best match */\n this.prev_match = 0; /* previous match */\n this.match_available = 0; /* set if previous match exists */\n this.strstart = 0; /* start of string to insert */\n this.match_start = 0; /* start of matching string */\n this.lookahead = 0; /* number of valid bytes ahead in window */\n\n this.prev_length = 0;\n /* Length of the best match at previous step. Matches not greater than this\n * are discarded. This is used in the lazy match evaluation.\n */\n\n this.max_chain_length = 0;\n /* To speed up deflation, hash chains are never searched beyond this\n * length. A higher limit improves compression ratio but degrades the\n * speed.\n */\n\n this.max_lazy_match = 0;\n /* Attempt to find a better match only when the current match is strictly\n * smaller than this value. This mechanism is used only for compression\n * levels >= 4.\n */\n // That's alias to max_lazy_match, don't use directly\n //this.max_insert_length = 0;\n /* Insert new strings in the hash table only if the match length is not\n * greater than this length. This saves time but degrades compression.\n * max_insert_length is used only for compression levels <= 3.\n */\n\n this.level = 0; /* compression level (1..9) */\n this.strategy = 0; /* favor or force Huffman coding*/\n\n this.good_match = 0;\n /* Use a faster search when the previous match is longer than this */\n\n this.nice_match = 0; /* Stop searching when current match exceeds this */\n\n /* used by trees.c: */\n\n /* Didn't use ct_data typedef below to suppress compiler warning */\n\n // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */\n // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */\n // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */\n\n // Use flat array of DOUBLE size, with interleaved fata,\n // because JS does not support effective\n this.dyn_ltree = new utils.Buf16(HEAP_SIZE * 2);\n this.dyn_dtree = new utils.Buf16((2 * D_CODES + 1) * 2);\n this.bl_tree = new utils.Buf16((2 * BL_CODES + 1) * 2);\n zero(this.dyn_ltree);\n zero(this.dyn_dtree);\n zero(this.bl_tree);\n\n this.l_desc = null; /* desc. for literal tree */\n this.d_desc = null; /* desc. for distance tree */\n this.bl_desc = null; /* desc. for bit length tree */\n\n //ush bl_count[MAX_BITS+1];\n this.bl_count = new utils.Buf16(MAX_BITS + 1);\n /* number of codes at each bit length for an optimal tree */\n\n //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */\n this.heap = new utils.Buf16(2 * L_CODES + 1); /* heap used to build the Huffman trees */\n zero(this.heap);\n\n this.heap_len = 0; /* number of elements in the heap */\n this.heap_max = 0; /* element of largest frequency */\n /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.\n * The same heap array is used to build all trees.\n */\n\n this.depth = new utils.Buf16(2 * L_CODES + 1); //uch depth[2*L_CODES+1];\n zero(this.depth);\n /* Depth of each subtree used as tie breaker for trees of equal frequency\n */\n\n this.l_buf = 0; /* buffer index for literals or lengths */\n\n this.lit_bufsize = 0;\n /* Size of match buffer for literals/lengths. There are 4 reasons for\n * limiting lit_bufsize to 64K:\n * - frequencies can be kept in 16 bit counters\n * - if compression is not successful for the first block, all input\n * data is still in the window so we can still emit a stored block even\n * when input comes from standard input. (This can also be done for\n * all blocks if lit_bufsize is not greater than 32K.)\n * - if compression is not successful for a file smaller than 64K, we can\n * even emit a stored file instead of a stored block (saving 5 bytes).\n * This is applicable only for zip (not gzip or zlib).\n * - creating new Huffman trees less frequently may not provide fast\n * adaptation to changes in the input data statistics. (Take for\n * example a binary file with poorly compressible code followed by\n * a highly compressible string table.) Smaller buffer sizes give\n * fast adaptation but have of course the overhead of transmitting\n * trees more frequently.\n * - I can't count above 4\n */\n\n this.last_lit = 0; /* running index in l_buf */\n\n this.d_buf = 0;\n /* Buffer index for distances. To simplify the code, d_buf and l_buf have\n * the same number of elements. To use different lengths, an extra flag\n * array would be necessary.\n */\n\n this.opt_len = 0; /* bit length of current block with optimal trees */\n this.static_len = 0; /* bit length of current block with static trees */\n this.matches = 0; /* number of string matches in current block */\n this.insert = 0; /* bytes at end of window left to insert */\n\n\n this.bi_buf = 0;\n /* Output buffer. bits are inserted starting at the bottom (least\n * significant bits).\n */\n this.bi_valid = 0;\n /* Number of valid bits in bi_buf. All bits above the last valid bit\n * are always zero.\n */\n\n // Used for window memory init. We safely ignore it for JS. That makes\n // sense only for pointers and memory check tools.\n //this.high_water = 0;\n /* High water mark offset in window for initialized bytes -- bytes above\n * this are set to zero in order to avoid memory check warnings when\n * longest match routines access bytes past the input. This is then\n * updated to the new high water mark.\n */\n }\n}\n\nfunction deflateResetKeep(strm) {\n let s;\n\n if (!strm || !strm.state) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.total_in = strm.total_out = 0;\n strm.data_type = Z_UNKNOWN;\n\n s = strm.state;\n s.pending = 0;\n s.pending_out = 0;\n\n if (s.wrap < 0) {\n s.wrap = -s.wrap;\n /* was made negative by deflate(..., Z_FINISH); */\n }\n s.status = (s.wrap ? INIT_STATE : BUSY_STATE);\n strm.adler = (s.wrap === 2) ?\n 0 // crc32(0, Z_NULL, 0)\n :\n 1; // adler32(0, Z_NULL, 0)\n s.last_flush = Z_NO_FLUSH;\n trees._tr_init(s);\n return Z_OK;\n}\n\n\nfunction deflateReset(strm) {\n const ret = deflateResetKeep(strm);\n if (ret === Z_OK) {\n lm_init(strm.state);\n }\n return ret;\n}\n\n\nfunction deflateSetHeader(strm, head) {\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; }\n strm.state.gzhead = head;\n return Z_OK;\n}\n\n\nfunction deflateInit2(strm, level, method, windowBits, memLevel, strategy) {\n if (!strm) { // === Z_NULL\n return Z_STREAM_ERROR;\n }\n let wrap = 1;\n\n if (level === Z_DEFAULT_COMPRESSION) {\n level = 6;\n }\n\n if (windowBits < 0) { /* suppress zlib wrapper */\n wrap = 0;\n windowBits = -windowBits;\n }\n\n else if (windowBits > 15) {\n wrap = 2; /* write gzip wrapper instead */\n windowBits -= 16;\n }\n\n\n if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED ||\n windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||\n strategy < 0 || strategy > Z_FIXED) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n\n if (windowBits === 8) {\n windowBits = 9;\n }\n /* until 256-byte window bug fixed */\n\n const s = new DeflateState();\n\n strm.state = s;\n s.strm = strm;\n\n s.wrap = wrap;\n s.gzhead = null;\n s.w_bits = windowBits;\n s.w_size = 1 << s.w_bits;\n s.w_mask = s.w_size - 1;\n\n s.hash_bits = memLevel + 7;\n s.hash_size = 1 << s.hash_bits;\n s.hash_mask = s.hash_size - 1;\n s.hash_shift = ~~((s.hash_bits + MIN_MATCH - 1) / MIN_MATCH);\n s.window = new utils.Buf8(s.w_size * 2);\n s.head = new utils.Buf16(s.hash_size);\n s.prev = new utils.Buf16(s.w_size);\n\n // Don't need mem init magic for JS.\n //s.high_water = 0; /* nothing written to s->window yet */\n\n s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */\n\n s.pending_buf_size = s.lit_bufsize * 4;\n\n //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);\n //s->pending_buf = (uchf *) overlay;\n s.pending_buf = new utils.Buf8(s.pending_buf_size);\n\n // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`)\n //s->d_buf = overlay + s->lit_bufsize/sizeof(ush);\n s.d_buf = 1 * s.lit_bufsize;\n\n //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;\n s.l_buf = (1 + 2) * s.lit_bufsize;\n\n s.level = level;\n s.strategy = strategy;\n s.method = method;\n\n return deflateReset(strm);\n}\n\nfunction deflateInit(strm, level) {\n return deflateInit2(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);\n}\n\n\nfunction deflate(strm, flush) {\n let old_flush, s;\n let beg, val; // for gzip header write only\n\n if (!strm || !strm.state ||\n flush > Z_BLOCK || flush < 0) {\n return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR;\n }\n\n s = strm.state;\n\n if (!strm.output ||\n (!strm.input && strm.avail_in !== 0) ||\n (s.status === FINISH_STATE && flush !== Z_FINISH)) {\n return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR);\n }\n\n s.strm = strm; /* just in case */\n old_flush = s.last_flush;\n s.last_flush = flush;\n\n /* Write the header */\n if (s.status === INIT_STATE) {\n\n if (s.wrap === 2) { // GZIP header\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n put_byte(s, 31);\n put_byte(s, 139);\n put_byte(s, 8);\n if (!s.gzhead) { // s->gzhead == Z_NULL\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, 0);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, OS_CODE);\n s.status = BUSY_STATE;\n }\n else {\n put_byte(s, (s.gzhead.text ? 1 : 0) +\n (s.gzhead.hcrc ? 2 : 0) +\n (!s.gzhead.extra ? 0 : 4) +\n (!s.gzhead.name ? 0 : 8) +\n (!s.gzhead.comment ? 0 : 16)\n );\n put_byte(s, s.gzhead.time & 0xff);\n put_byte(s, (s.gzhead.time >> 8) & 0xff);\n put_byte(s, (s.gzhead.time >> 16) & 0xff);\n put_byte(s, (s.gzhead.time >> 24) & 0xff);\n put_byte(s, s.level === 9 ? 2 :\n (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ?\n 4 : 0));\n put_byte(s, s.gzhead.os & 0xff);\n if (s.gzhead.extra && s.gzhead.extra.length) {\n put_byte(s, s.gzhead.extra.length & 0xff);\n put_byte(s, (s.gzhead.extra.length >> 8) & 0xff);\n }\n if (s.gzhead.hcrc) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0);\n }\n s.gzindex = 0;\n s.status = EXTRA_STATE;\n }\n }\n else // DEFLATE header\n {\n let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8;\n let level_flags = -1;\n\n if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) {\n level_flags = 0;\n } else if (s.level < 6) {\n level_flags = 1;\n } else if (s.level === 6) {\n level_flags = 2;\n } else {\n level_flags = 3;\n }\n header |= (level_flags << 6);\n if (s.strstart !== 0) { header |= PRESET_DICT; }\n header += 31 - (header % 31);\n\n s.status = BUSY_STATE;\n putShortMSB(s, header);\n\n /* Save the adler32 of the preset dictionary: */\n if (s.strstart !== 0) {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n strm.adler = 1; // adler32(0L, Z_NULL, 0);\n }\n }\n\n //#ifdef GZIP\n if (s.status === EXTRA_STATE) {\n if (s.gzhead.extra/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n\n while (s.gzindex < (s.gzhead.extra.length & 0xffff)) {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n break;\n }\n }\n put_byte(s, s.gzhead.extra[s.gzindex] & 0xff);\n s.gzindex++;\n }\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (s.gzindex === s.gzhead.extra.length) {\n s.gzindex = 0;\n s.status = NAME_STATE;\n }\n }\n else {\n s.status = NAME_STATE;\n }\n }\n if (s.status === NAME_STATE) {\n if (s.gzhead.name/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.name.length) {\n val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.gzindex = 0;\n s.status = COMMENT_STATE;\n }\n }\n else {\n s.status = COMMENT_STATE;\n }\n }\n if (s.status === COMMENT_STATE) {\n if (s.gzhead.comment/* != Z_NULL*/) {\n beg = s.pending; /* start of bytes to update crc */\n //int val;\n\n do {\n if (s.pending === s.pending_buf_size) {\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n flush_pending(strm);\n beg = s.pending;\n if (s.pending === s.pending_buf_size) {\n val = 1;\n break;\n }\n }\n // JS specific: little magic to add zero terminator to end of string\n if (s.gzindex < s.gzhead.comment.length) {\n val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff;\n } else {\n val = 0;\n }\n put_byte(s, val);\n } while (val !== 0);\n\n if (s.gzhead.hcrc && s.pending > beg) {\n strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg);\n }\n if (val === 0) {\n s.status = HCRC_STATE;\n }\n }\n else {\n s.status = HCRC_STATE;\n }\n }\n if (s.status === HCRC_STATE) {\n if (s.gzhead.hcrc) {\n if (s.pending + 2 > s.pending_buf_size) {\n flush_pending(strm);\n }\n if (s.pending + 2 <= s.pending_buf_size) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n strm.adler = 0; //crc32(0L, Z_NULL, 0);\n s.status = BUSY_STATE;\n }\n }\n else {\n s.status = BUSY_STATE;\n }\n }\n //#endif\n\n /* Flush as much pending output as possible */\n if (s.pending !== 0) {\n flush_pending(strm);\n if (strm.avail_out === 0) {\n /* Since avail_out is 0, deflate will be called again with\n * more output space, but possibly with both pending and\n * avail_in equal to zero. There won't be anything to do,\n * but this is not an error situation so make sure we\n * return OK instead of BUF_ERROR at next call of deflate:\n */\n s.last_flush = -1;\n return Z_OK;\n }\n\n /* Make sure there is something to do and avoid duplicate consecutive\n * flushes. For repeated and useless calls with Z_FINISH, we keep\n * returning Z_STREAM_END instead of Z_BUF_ERROR.\n */\n } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) &&\n flush !== Z_FINISH) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* User must not provide more input after the first FINISH: */\n if (s.status === FINISH_STATE && strm.avail_in !== 0) {\n return err(strm, Z_BUF_ERROR);\n }\n\n /* Start a new block or continue the current one.\n */\n if (strm.avail_in !== 0 || s.lookahead !== 0 ||\n (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) {\n var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) :\n (s.strategy === Z_RLE ? deflate_rle(s, flush) :\n configuration_table[s.level].func(s, flush));\n\n if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) {\n s.status = FINISH_STATE;\n }\n if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) {\n if (strm.avail_out === 0) {\n s.last_flush = -1;\n /* avoid BUF_ERROR next call, see above */\n }\n return Z_OK;\n /* If flush != Z_NO_FLUSH && avail_out == 0, the next call\n * of deflate should use the same flush parameter to make sure\n * that the flush is complete. So we don't have to output an\n * empty block here, this will be done at next call. This also\n * ensures that for a very small output buffer, we emit at most\n * one empty block.\n */\n }\n if (bstate === BS_BLOCK_DONE) {\n if (flush === Z_PARTIAL_FLUSH) {\n trees._tr_align(s);\n }\n else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */\n\n trees._tr_stored_block(s, 0, 0, false);\n /* For a full flush, this empty block will be recognized\n * as a special marker by inflate_sync().\n */\n if (flush === Z_FULL_FLUSH) {\n /*** CLEAR_HASH(s); ***/ /* forget history */\n zero(s.head); // Fill with NIL (= 0);\n\n if (s.lookahead === 0) {\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n }\n }\n flush_pending(strm);\n if (strm.avail_out === 0) {\n s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */\n return Z_OK;\n }\n }\n }\n //Assert(strm->avail_out > 0, \"bug2\");\n //if (strm.avail_out <= 0) { throw new Error(\"bug2\");}\n\n if (flush !== Z_FINISH) { return Z_OK; }\n if (s.wrap <= 0) { return Z_STREAM_END; }\n\n /* Write the trailer */\n if (s.wrap === 2) {\n put_byte(s, strm.adler & 0xff);\n put_byte(s, (strm.adler >> 8) & 0xff);\n put_byte(s, (strm.adler >> 16) & 0xff);\n put_byte(s, (strm.adler >> 24) & 0xff);\n put_byte(s, strm.total_in & 0xff);\n put_byte(s, (strm.total_in >> 8) & 0xff);\n put_byte(s, (strm.total_in >> 16) & 0xff);\n put_byte(s, (strm.total_in >> 24) & 0xff);\n }\n else {\n putShortMSB(s, strm.adler >>> 16);\n putShortMSB(s, strm.adler & 0xffff);\n }\n\n flush_pending(strm);\n /* If avail_out is zero, the application will call deflate again\n * to flush the rest.\n */\n if (s.wrap > 0) { s.wrap = -s.wrap; }\n /* write the trailer only once! */\n return s.pending !== 0 ? Z_OK : Z_STREAM_END;\n}\n\nfunction deflateEnd(strm) {\n let status;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n status = strm.state.status;\n if (status !== INIT_STATE &&\n status !== EXTRA_STATE &&\n status !== NAME_STATE &&\n status !== COMMENT_STATE &&\n status !== HCRC_STATE &&\n status !== BUSY_STATE &&\n status !== FINISH_STATE\n ) {\n return err(strm, Z_STREAM_ERROR);\n }\n\n strm.state = null;\n\n return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK;\n}\n\n\n/* =========================================================================\n * Initializes the compression dictionary from the given byte\n * sequence without producing any compressed output.\n */\nfunction deflateSetDictionary(strm, dictionary) {\n let dictLength = dictionary.length;\n\n let s;\n let str, n;\n let wrap;\n let avail;\n let next;\n let input;\n let tmpDict;\n\n if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) {\n return Z_STREAM_ERROR;\n }\n\n s = strm.state;\n wrap = s.wrap;\n\n if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) {\n return Z_STREAM_ERROR;\n }\n\n /* when using zlib wrappers, compute Adler-32 for provided dictionary */\n if (wrap === 1) {\n /* adler32(strm->adler, dictionary, dictLength); */\n strm.adler = adler32(strm.adler, dictionary, dictLength, 0);\n }\n\n s.wrap = 0; /* avoid computing Adler-32 in read_buf */\n\n /* if dictionary would fill window, just replace the history */\n if (dictLength >= s.w_size) {\n if (wrap === 0) { /* already empty otherwise */\n /*** CLEAR_HASH(s); ***/\n zero(s.head); // Fill with NIL (= 0);\n s.strstart = 0;\n s.block_start = 0;\n s.insert = 0;\n }\n /* use the tail */\n // dictionary = dictionary.slice(dictLength - s.w_size);\n tmpDict = new utils.Buf8(s.w_size);\n utils.arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0);\n dictionary = tmpDict;\n dictLength = s.w_size;\n }\n /* insert dictionary into window and hash */\n avail = strm.avail_in;\n next = strm.next_in;\n input = strm.input;\n strm.avail_in = dictLength;\n strm.next_in = 0;\n strm.input = dictionary;\n fill_window(s);\n while (s.lookahead >= MIN_MATCH) {\n str = s.strstart;\n n = s.lookahead - (MIN_MATCH - 1);\n do {\n /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */\n s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH - 1]) & s.hash_mask;\n\n s.prev[str & s.w_mask] = s.head[s.ins_h];\n\n s.head[s.ins_h] = str;\n str++;\n } while (--n);\n s.strstart = str;\n s.lookahead = MIN_MATCH - 1;\n fill_window(s);\n }\n s.strstart += s.lookahead;\n s.block_start = s.strstart;\n s.insert = s.lookahead;\n s.lookahead = 0;\n s.match_length = s.prev_length = MIN_MATCH - 1;\n s.match_available = 0;\n strm.next_in = next;\n strm.input = input;\n strm.avail_in = avail;\n s.wrap = wrap;\n return Z_OK;\n}\n\nconst deflateInfo = 'pako deflate (from Nodeca project)';\nexport {\n deflateInit,\n deflateInit2,\n deflateReset,\n deflateResetKeep,\n deflateSetHeader,\n deflate,\n deflateEnd,\n deflateSetDictionary,\n deflateInfo\n};\n\n/* Not implemented\nexports.deflateBound = deflateBound;\nexports.deflateCopy = deflateCopy;\nexports.deflateParams = deflateParams;\nexports.deflatePending = deflatePending;\nexports.deflatePrime = deflatePrime;\nexports.deflateTune = deflateTune;\n*/\n","// String encode/decode helpers\n\n\n\nimport * as utils from \"./common.js\";\n\n\n// Quick check if we can use fast array to bin string conversion\n//\n// - apply(Array) can fail on Android 2.2\n// - apply(Uint8Array) can fail on iOS 5.1 Safari\n//\nlet STR_APPLY_OK = true;\nlet STR_APPLY_UIA_OK = true;\n\ntry {\n String.fromCharCode.apply(null, [ 0 ]); \n} catch (__) {\n STR_APPLY_OK = false; \n}\ntry {\n String.fromCharCode.apply(null, new Uint8Array(1)); \n} catch (__) {\n STR_APPLY_UIA_OK = false; \n}\n\n\n// Table with utf8 lengths (calculated by first byte of sequence)\n// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,\n// because max possible codepoint is 0x10ffff\nconst _utf8len = new utils.Buf8(256);\nfor (let q = 0; q < 256; q++) {\n _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1;\n}\n_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start\n\n\n// convert string to array (typed, when possible)\nexport function string2buf (str) {\n let c, c2, m_pos, i, buf_len = 0;\n const str_len = str.length;\n\n // count binary size\n for (m_pos = 0; m_pos < str_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;\n }\n\n // allocate buffer\n const buf = new utils.Buf8(buf_len);\n\n // convert\n for (i = 0, m_pos = 0; i < buf_len; m_pos++) {\n c = str.charCodeAt(m_pos);\n if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) {\n c2 = str.charCodeAt(m_pos + 1);\n if ((c2 & 0xfc00) === 0xdc00) {\n c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00);\n m_pos++;\n }\n }\n if (c < 0x80) {\n /* one byte */\n buf[i++] = c;\n } else if (c < 0x800) {\n /* two bytes */\n buf[i++] = 0xC0 | c >>> 6;\n buf[i++] = 0x80 | c & 0x3f;\n } else if (c < 0x10000) {\n /* three bytes */\n buf[i++] = 0xE0 | c >>> 12;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n } else {\n /* four bytes */\n buf[i++] = 0xf0 | c >>> 18;\n buf[i++] = 0x80 | c >>> 12 & 0x3f;\n buf[i++] = 0x80 | c >>> 6 & 0x3f;\n buf[i++] = 0x80 | c & 0x3f;\n }\n }\n\n return buf;\n}\n\n// Helper (used in 2 places)\nfunction _buf2binstring(buf, len) {\n // On Chrome, the arguments in a function call that are allowed is `65534`.\n // If the length of the buffer is smaller than that, we can use this optimization,\n // otherwise we will take a slower path.\n if (len < 65534) {\n if (buf.subarray && STR_APPLY_UIA_OK || !buf.subarray && STR_APPLY_OK) {\n return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));\n }\n }\n\n let result = \"\";\n for (let i = 0; i < len; i++) {\n result += String.fromCharCode(buf[i]);\n }\n return result;\n}\n\n\n// Convert byte array to binary string\nexport function buf2binstring (buf) {\n return _buf2binstring(buf, buf.length);\n}\n\n\n// Convert binary string (typed, when possible)\nexport function binstring2buf (str) {\n const buf = new utils.Buf8(str.length);\n for (let i = 0, len = buf.length; i < len; i++) {\n buf[i] = str.charCodeAt(i);\n }\n return buf;\n}\n\n\n// convert array to string\nexport function buf2string (buf, max) {\n let i, out, c, c_len;\n const len = max || buf.length;\n\n // Reserve max possible length (2 words per char)\n // NB: by unknown reasons, Array is significantly faster for\n // String.fromCharCode.apply than Uint16Array.\n // var utf16buf = new Array(len * 2);\n // try Uint16Array\n const utf16buf = new Uint16Array(len * 2);\n\n for (out = 0, i = 0; i < len;) {\n c = buf[i++];\n // quick process ascii\n if (c < 0x80) {\n utf16buf[out++] = c; continue; \n }\n\n c_len = _utf8len[c];\n // skip 5 & 6 byte codes\n if (c_len > 4) {\n utf16buf[out++] = 0xfffd; i += c_len - 1; continue; \n }\n\n // apply mask on first byte\n c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;\n // join the rest\n while (c_len > 1 && i < len) {\n c = c << 6 | buf[i++] & 0x3f;\n c_len--;\n }\n\n // terminated by end of string?\n if (c_len > 1) {\n utf16buf[out++] = 0xfffd; continue; \n }\n\n if (c < 0x10000) {\n utf16buf[out++] = c;\n } else {\n c -= 0x10000;\n utf16buf[out++] = 0xd800 | c >> 10 & 0x3ff;\n utf16buf[out++] = 0xdc00 | c & 0x3ff;\n }\n }\n\n return _buf2binstring(utf16buf, out);\n}\n\n\n// Calculate max possible position in utf8 buffer,\n// that will not break sequence. If that's not possible\n// - (very small limits) return max size as is.\n//\n// buf[] - utf8 bytes array\n// max - length limit (mandatory);\nexport function utf8border (buf, max) {\n let pos;\n\n max = max || buf.length;\n if (max > buf.length) {\n max = buf.length; \n }\n\n // go back from last position, until start of sequence found\n pos = max - 1;\n while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) {\n pos--; \n }\n\n // Very small and broken sequence,\n // return max, because we should return something anyway.\n if (pos < 0) {\n return max; \n }\n\n // If we came to start of buffer - that means buffer is too small,\n // return max too.\n if (pos === 0) {\n return max; \n }\n\n return pos + _utf8len[buf[pos]] > max ? pos : max;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class ZStream {\n constructor() {\n /* next input byte */\n this.input = null; // JS specific, because we have no pointers\n this.next_in = 0;\n /* number of bytes available at input */\n this.avail_in = 0;\n /* total number of input bytes read so far */\n this.total_in = 0;\n /* next output byte should be put there */\n this.output = null; // JS specific, because we have no pointers\n this.next_out = 0;\n /* remaining free space at output */\n this.avail_out = 0;\n /* total number of bytes output so far */\n this.total_out = 0;\n /* last error message, NULL if no error */\n this.msg = ''/*Z_NULL*/;\n /* not visible by applications */\n this.state = null;\n /* best guess about the data type: binary or text */\n this.data_type = 2/*Z_UNKNOWN*/;\n /* adler32 value of the uncompressed data */\n this.adler = 0;\n }\n}","'use strict';\n\nimport * as zlib_deflate from \"./zlib/deflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\nimport { Z_NO_FLUSH, Z_FINISH,\n Z_OK, Z_STREAM_END, Z_SYNC_FLUSH,\n Z_DEFAULT_COMPRESSION,\n Z_DEFAULT_STRATEGY,\n Z_DEFLATED } from \"./zlib/constants.js\"\n\n/* ===========================================================================*/\n\n\n/**\n * class Deflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[deflate]],\n * [[deflateRaw]] and [[gzip]].\n **/\n\n/* internal\n * Deflate.chunks -> Array\n *\n * Chunks of output data, if [[Deflate#onData]] not overridden.\n **/\n\n/**\n * Deflate.result -> Uint8Array|Array\n *\n * Compressed result, generated by default [[Deflate#onData]]\n * and [[Deflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Deflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Deflate.err -> Number\n *\n * Error code after deflate finished. 0 (Z_OK) on success.\n * You will not need it in real life, because deflate errors\n * are possible only on wrong options or bad `onData` / `onEnd`\n * custom handlers.\n **/\n\n/**\n * Deflate.msg -> String\n *\n * Error message, if [[Deflate.err]] != 0\n **/\n\n\n/**\n * new Deflate(options)\n * - options (Object): zlib deflate options.\n *\n * Creates new deflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `level`\n * - `windowBits`\n * - `memLevel`\n * - `strategy`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw deflate\n * - `gzip` (Boolean) - create gzip wrapper\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n * - `header` (Object) - custom header for gzip\n * - `text` (Boolean) - true if compressed data believed to be text\n * - `time` (Number) - modification time, unix timestamp\n * - `os` (Number) - operation system code\n * - `extra` (Array) - array of bytes with extra data (max 65536)\n * - `name` (String) - file name (binary string)\n * - `comment` (String) - comment (binary string)\n * - `hcrc` (Boolean) - true if header crc should be added\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var deflate = new pako.Deflate({ level: 3});\n *\n * deflate.push(chunk1, false);\n * deflate.push(chunk2, true); // true -> last chunk\n *\n * if (deflate.err) { throw new Error(deflate.err); }\n *\n * console.log(deflate.result);\n * ```\n **/\n\nclass Deflate {\n constructor(options) {\n this.options = {\n level: Z_DEFAULT_COMPRESSION,\n method: Z_DEFLATED,\n chunkSize: 16384,\n windowBits: 15,\n memLevel: 8,\n strategy: Z_DEFAULT_STRATEGY,\n ...(options || {})\n };\n\n const opt = this.options;\n\n if (opt.raw && (opt.windowBits > 0)) {\n opt.windowBits = -opt.windowBits;\n }\n\n else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) {\n opt.windowBits += 16;\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n var status = zlib_deflate.deflateInit2(\n this.strm,\n opt.level,\n opt.method,\n opt.windowBits,\n opt.memLevel,\n opt.strategy\n );\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n if (opt.header) {\n zlib_deflate.deflateSetHeader(this.strm, opt.header);\n }\n\n if (opt.dictionary) {\n let dict;\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n // If we need to compress text, change encoding to utf8.\n dict = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n dict = new Uint8Array(opt.dictionary);\n } else {\n dict = opt.dictionary;\n }\n\n status = zlib_deflate.deflateSetDictionary(this.strm, dict);\n\n if (status !== Z_OK) {\n throw new Error(msg[status]);\n }\n\n this._dict_set = true;\n }\n }\n\n /**\n * Deflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be\n * converted to utf8 byte sequence.\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with\n * new compressed chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the compression context.\n *\n * On fail call [[Deflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * array format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize } } = this;\n var status, _mode;\n\n if (this.ended) { return false; }\n\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // If we need to compress text, change encoding to utf8.\n strm.input = strings.string2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n status = zlib_deflate.deflate(strm, _mode); /* no bad return value */\n\n if (status !== Z_STREAM_END && status !== Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END);\n\n // Finalize on the last chunk.\n if (_mode === Z_FINISH) {\n status = zlib_deflate.deflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === Z_SYNC_FLUSH) {\n this.onEnd(Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n /**\n * Deflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n /**\n * Deflate#onEnd(status) -> Void\n * - status (Number): deflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called once after you tell deflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n\n\n\n/**\n * deflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * Compress `data` with deflate algorithm and `options`.\n *\n * Supported options are:\n *\n * - level\n * - windowBits\n * - memLevel\n * - strategy\n * - dictionary\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be \"binary string\"\n * (each char code [0..255])\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , data = Uint8Array([1,2,3,4,5,6,7,8,9]);\n *\n * console.log(pako.deflate(data));\n * ```\n **/\nfunction deflate(input, options) {\n const deflator = new Deflate(options);\n\n deflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (deflator.err) { throw new Error(deflator.msg || msg[deflator.err]); }\n\n return deflator.result;\n}\n\n\n/**\n * deflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction deflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return deflate(input, options);\n}\n\n\n/**\n * gzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to compress.\n * - options (Object): zlib deflate options.\n *\n * The same as [[deflate]], but create gzip wrapper instead of\n * deflate one.\n **/\nfunction gzip(input, options) {\n options = options || {};\n options.gzip = true;\n return deflate(input, options);\n}\n\nexport { Deflate, deflate, deflateRaw, gzip };\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\n// See state defs from inflate.js\nconst BAD = 30; /* got a data error -- remain here until reset */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\n\n/*\n Decode literal, length, and distance codes and write out the resulting\n literal and match bytes until either not enough input or output is\n available, an end-of-block is encountered, or a data error is encountered.\n When large enough input and output buffers are supplied to inflate(), for\n example, a 16K input buffer and a 64K output buffer, more than 95% of the\n inflate execution time is spent in this routine.\n\n Entry assumptions:\n\n state.mode === LEN\n strm.avail_in >= 6\n strm.avail_out >= 258\n start >= strm.avail_out\n state.bits < 8\n\n On return, state.mode is one of:\n\n LEN -- ran out of enough output space or enough available input\n TYPE -- reached end of block code, inflate() to interpret next block\n BAD -- error in block data\n\n Notes:\n\n - The maximum input bits used by a length/distance pair is 15 bits for the\n length code, 5 bits for the length extra, 15 bits for the distance code,\n and 13 bits for the distance extra. This totals 48 bits, or six bytes.\n Therefore if strm.avail_in >= 6, then there is enough input to avoid\n checking for available input while decoding.\n\n - The maximum bytes that a single length/distance pair can output is 258\n bytes, which is the maximum length that can be coded. inflate_fast()\n requires strm.avail_out >= 258 for each loop to avoid checking for\n output space.\n */\nexport default function inflate_fast(strm, start) {\n let _in; /* local strm.input */\n let _out; /* local strm.output */\n // Use `s_window` instead `window`, avoid conflict with instrumentation tools\n let hold; /* local strm.hold */\n let bits; /* local strm.bits */\n let here; /* retrieved table entry */\n let op; /* code bits, operation, extra bits, or */\n /* window position, window bytes to copy */\n let len; /* match length, unused bytes */\n let dist; /* match distance */\n let from; /* where to copy match from */\n let from_source;\n\n\n\n /* copy state to local variables */\n const state = strm.state;\n //here = state.here;\n _in = strm.next_in;\n const input = strm.input;\n const last = _in + (strm.avail_in - 5);\n _out = strm.next_out;\n const output = strm.output;\n const beg = _out - (start - strm.avail_out);\n const end = _out + (strm.avail_out - 257);\n //#ifdef INFLATE_STRICT\n const dmax = state.dmax;\n //#endif\n const wsize = state.wsize;\n const whave = state.whave;\n const wnext = state.wnext;\n const s_window = state.window;\n hold = state.hold;\n bits = state.bits;\n const lcode = state.lencode;\n const dcode = state.distcode;\n const lmask = (1 << state.lenbits) - 1;\n const dmask = (1 << state.distbits) - 1;\n\n\n /* decode literals and length/distances until end-of-block or not enough\n input data or output space */\n\n top:\n do {\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n\n here = lcode[hold & lmask];\n\n dolen:\n for (;;) { // Goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n if (op === 0) { /* literal */\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n output[_out++] = here & 0xffff/*here.val*/;\n } else if (op & 16) { /* length base */\n len = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (op) {\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n len += hold & (1 << op) - 1;\n hold >>>= op;\n bits -= op;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", len));\n if (bits < 15) {\n hold += input[_in++] << bits;\n bits += 8;\n hold += input[_in++] << bits;\n bits += 8;\n }\n here = dcode[hold & dmask];\n\n dodist:\n for (;;) { // goto emulation\n op = here >>> 24/*here.bits*/;\n hold >>>= op;\n bits -= op;\n op = here >>> 16 & 0xff/*here.op*/;\n\n if (op & 16) { /* distance base */\n dist = here & 0xffff/*here.val*/;\n op &= 15; /* number of extra bits */\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n if (bits < op) {\n hold += input[_in++] << bits;\n bits += 8;\n }\n }\n dist += hold & (1 << op) - 1;\n //#ifdef INFLATE_STRICT\n if (dist > dmax) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n //#endif\n hold >>>= op;\n bits -= op;\n //Tracevv((stderr, \"inflate: distance %u\\n\", dist));\n op = _out - beg; /* max distance in output */\n if (dist > op) { /* see if copy from window */\n op = dist - op; /* distance back in window */\n if (op > whave) {\n if (state.sane) {\n strm.msg = \"invalid distance too far back\";\n state.mode = BAD;\n break top;\n }\n\n // (!) This block is disabled in zlib defaults,\n // don't enable it for binary compatibility\n //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n // if (len <= op - whave) {\n // do {\n // output[_out++] = 0;\n // } while (--len);\n // continue top;\n // }\n // len -= op - whave;\n // do {\n // output[_out++] = 0;\n // } while (--op > whave);\n // if (op === 0) {\n // from = _out - dist;\n // do {\n // output[_out++] = output[from++];\n // } while (--len);\n // continue top;\n // }\n //#endif\n }\n from = 0; // window index\n from_source = s_window;\n if (wnext === 0) { /* very common case */\n from += wsize - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n } else if (wnext < op) { /* wrap around window */\n from += wsize + wnext - op;\n op -= wnext;\n if (op < len) { /* some from end of window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = 0;\n if (wnext < len) { /* some from start of window */\n op = wnext;\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n } else { /* contiguous in window */\n from += wnext - op;\n if (op < len) { /* some from window */\n len -= op;\n do {\n output[_out++] = s_window[from++];\n } while (--op);\n from = _out - dist; /* rest from output */\n from_source = output;\n }\n }\n while (len > 2) {\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n output[_out++] = from_source[from++];\n len -= 3;\n }\n if (len) {\n output[_out++] = from_source[from++];\n if (len > 1) {\n output[_out++] = from_source[from++];\n }\n }\n } else {\n from = _out - dist; /* copy direct from output */\n do { /* minimum length is three */\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n output[_out++] = output[from++];\n len -= 3;\n } while (len > 2);\n if (len) {\n output[_out++] = output[from++];\n if (len > 1) {\n output[_out++] = output[from++];\n }\n }\n }\n } else if ((op & 64) === 0) { /* 2nd level distance code */\n here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dodist;\n } else {\n strm.msg = \"invalid distance code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } else if ((op & 64) === 0) { /* 2nd level length code */\n here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)];\n continue dolen;\n } else if (op & 32) { /* end-of-block */\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.mode = TYPE;\n break top;\n } else {\n strm.msg = \"invalid literal/length code\";\n state.mode = BAD;\n break top;\n }\n\n break; // need to emulate goto via \"continue\"\n }\n } while (_in < last && _out < end);\n\n /* return unused bytes (on entry, bits < 8, so in won't go too far back) */\n len = bits >> 3;\n _in -= len;\n bits -= len << 3;\n hold &= (1 << bits) - 1;\n\n /* update state and return */\n strm.next_in = _in;\n strm.next_out = _out;\n strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last);\n strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end);\n state.hold = hold;\n state.bits = bits;\n return;\n}\n","\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\n\nconst MAXBITS = 15;\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\nconst lbase = [ /* Length codes 257..285 base */\n 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,\n 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0\n];\n\nconst lext = [ /* Length codes 257..285 extra */\n 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,\n 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78\n];\n\nconst dbase = [ /* Distance codes 0..29 base */\n 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,\n 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,\n 8193, 12289, 16385, 24577, 0, 0\n];\n\nconst dext = [ /* Distance codes 0..29 extra */\n 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,\n 23, 23, 24, 24, 25, 25, 26, 26, 27, 27,\n 28, 28, 29, 29, 64, 64\n];\n\nexport default function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) {\n const bits = opts.bits;\n //here = opts.here; /* table entry for duplication */\n\n let len = 0; /* a code's length in bits */\n let sym = 0; /* index of code symbols */\n let min = 0, max = 0; /* minimum and maximum code lengths */\n let root = 0; /* number of index bits for root table */\n let curr = 0; /* number of index bits for current table */\n let drop = 0; /* code bits to drop for sub-table */\n let left = 0; /* number of prefix codes available */\n let used = 0; /* code entries in table used */\n let huff = 0; /* Huffman code */\n let incr; /* for incrementing code, index */\n let fill; /* index for replicating entries */\n let low; /* low bits for current root entry */\n let next; /* next available space in table */\n let base = null; /* base value table to use */\n let base_index = 0;\n // var shoextra; /* extra bits table to use */\n let end; /* use base and extra for symbol > end */\n const count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */\n const offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */\n let extra = null;\n let extra_index = 0;\n\n let here_bits, here_op, here_val;\n\n /*\n Process a set of code lengths to create a canonical Huffman code. The\n code lengths are lens[0..codes-1]. Each length corresponds to the\n symbols 0..codes-1. The Huffman code is generated by first sorting the\n symbols by length from short to long, and retaining the symbol order\n for codes with equal lengths. Then the code starts with all zero bits\n for the first code of the shortest length, and the codes are integer\n increments for the same length, and zeros are appended as the length\n increases. For the deflate format, these bits are stored backwards\n from their more natural integer increment ordering, and so when the\n decoding tables are built in the large loop below, the integer codes\n are incremented backwards.\n\n This routine assumes, but does not check, that all of the entries in\n lens[] are in the range 0..MAXBITS. The caller must assure this.\n 1..MAXBITS is interpreted as that code length. zero means that that\n symbol does not occur in this code.\n\n The codes are sorted by computing a count of codes for each length,\n creating from that a table of starting indices for each length in the\n sorted table, and then entering the symbols in order in the sorted\n table. The sorted table is work[], with that space being provided by\n the caller.\n\n The length counts are used for other purposes as well, i.e. finding\n the minimum and maximum length codes, determining if there are any\n codes at all, checking for a valid set of lengths, and looking ahead\n at length counts to determine sub-table sizes when building the\n decoding tables.\n */\n\n /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */\n for (len = 0; len <= MAXBITS; len++) {\n count[len] = 0;\n }\n for (sym = 0; sym < codes; sym++) {\n count[lens[lens_index + sym]]++;\n }\n\n /* bound code lengths, force root to be within code lengths */\n root = bits;\n for (max = MAXBITS; max >= 1; max--) {\n if (count[max] !== 0) {\n break; \n }\n }\n if (root > max) {\n root = max;\n }\n if (max === 0) { /* no symbols to code at all */\n //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */\n //table.bits[opts.table_index] = 1; //here.bits = (var char)1;\n //table.val[opts.table_index++] = 0; //here.val = (var short)0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n\n //table.op[opts.table_index] = 64;\n //table.bits[opts.table_index] = 1;\n //table.val[opts.table_index++] = 0;\n table[table_index++] = 1 << 24 | 64 << 16 | 0;\n\n opts.bits = 1;\n return 0; /* no symbols, but wait for decoding to report error */\n }\n for (min = 1; min < max; min++) {\n if (count[min] !== 0) {\n break; \n }\n }\n if (root < min) {\n root = min;\n }\n\n /* check for an over-subscribed or incomplete set of lengths */\n left = 1;\n for (len = 1; len <= MAXBITS; len++) {\n left <<= 1;\n left -= count[len];\n if (left < 0) {\n return -1;\n } /* over-subscribed */\n }\n if (left > 0 && (type === CODES || max !== 1)) {\n return -1; /* incomplete set */\n }\n\n /* generate offsets into symbol table for each length for sorting */\n offs[1] = 0;\n for (len = 1; len < MAXBITS; len++) {\n offs[len + 1] = offs[len] + count[len];\n }\n\n /* sort symbols by length, by symbol order within each length */\n for (sym = 0; sym < codes; sym++) {\n if (lens[lens_index + sym] !== 0) {\n work[offs[lens[lens_index + sym]]++] = sym;\n }\n }\n\n /*\n Create and fill in decoding tables. In this loop, the table being\n filled is at next and has curr index bits. The code being used is huff\n with length len. That code is converted to an index by dropping drop\n bits off of the bottom. For codes where len is less than drop + curr,\n those top drop + curr - len bits are incremented through all values to\n fill the table with replicated entries.\n\n root is the number of index bits for the root table. When len exceeds\n root, sub-tables are created pointed to by the root entry with an index\n of the low root bits of huff. This is saved in low to check for when a\n new sub-table should be started. drop is zero when the root table is\n being filled, and drop is root when sub-tables are being filled.\n\n When a new sub-table is needed, it is necessary to look ahead in the\n code lengths to determine what size sub-table is needed. The length\n counts are used for this, and so count[] is decremented as codes are\n entered in the tables.\n\n used keeps track of how many table entries have been allocated from the\n provided *table space. It is checked for LENS and DIST tables against\n the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in\n the initial root table size constants. See the comments in inftrees.h\n for more information.\n\n sym increments through all symbols, and the loop terminates when\n all codes of length max, i.e. all codes, have been processed. This\n routine permits incomplete codes, so another loop after this one fills\n in the rest of the decoding tables with invalid code markers.\n */\n\n /* set up for code type */\n // poor man optimization - use if-else instead of switch,\n // to avoid deopts in old v8\n if (type === CODES) {\n base = extra = work; /* dummy value--not used */\n end = 19;\n\n } else if (type === LENS) {\n base = lbase;\n base_index -= 257;\n extra = lext;\n extra_index -= 257;\n end = 256;\n\n } else { /* DISTS */\n base = dbase;\n extra = dext;\n end = -1;\n }\n\n /* initialize opts for loop */\n huff = 0; /* starting code */\n sym = 0; /* starting code symbol */\n len = min; /* starting code length */\n next = table_index; /* current table to fill in */\n curr = root; /* current table index bits */\n drop = 0; /* current bits to drop from code for index */\n low = -1; /* trigger new sub-table when len > root */\n used = 1 << root; /* use root table entries */\n const mask = used - 1; /* mask for comparing low */\n\n /* check available table space */\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* process all codes and make table entries */\n for (;;) {\n /* create table entry */\n here_bits = len - drop;\n if (work[sym] < end) {\n here_op = 0;\n here_val = work[sym];\n } else if (work[sym] > end) {\n here_op = extra[extra_index + work[sym]];\n here_val = base[base_index + work[sym]];\n } else {\n here_op = 32 + 64; /* end of block */\n here_val = 0;\n }\n\n /* replicate for those indices with low len bits equal to huff */\n incr = 1 << len - drop;\n fill = 1 << curr;\n min = fill; /* save offset to next table */\n do {\n fill -= incr;\n table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0;\n } while (fill !== 0);\n\n /* backwards increment the len-bit code huff */\n incr = 1 << len - 1;\n while (huff & incr) {\n incr >>= 1;\n }\n if (incr !== 0) {\n huff &= incr - 1;\n huff += incr;\n } else {\n huff = 0;\n }\n\n /* go to next symbol, update count, len */\n sym++;\n if (--count[len] === 0) {\n if (len === max) {\n break; \n }\n len = lens[lens_index + work[sym]];\n }\n\n /* create new sub-table if needed */\n if (len > root && (huff & mask) !== low) {\n /* if first time, transition to sub-tables */\n if (drop === 0) {\n drop = root;\n }\n\n /* increment past last table */\n next += min; /* here min is 1 << curr */\n\n /* determine length of next table */\n curr = len - drop;\n left = 1 << curr;\n while (curr + drop < max) {\n left -= count[curr + drop];\n if (left <= 0) {\n break; \n }\n curr++;\n left <<= 1;\n }\n\n /* check for enough space */\n used += 1 << curr;\n if (type === LENS && used > ENOUGH_LENS ||\n type === DISTS && used > ENOUGH_DISTS) {\n return 1;\n }\n\n /* point entry in root table to sub-table */\n low = huff & mask;\n /*table.op[low] = curr;\n table.bits[low] = root;\n table.val[low] = next - opts.table_index;*/\n table[low] = root << 24 | curr << 16 | next - table_index |0;\n }\n }\n\n /* fill in remaining table entry if code is incomplete (guaranteed to have\n at most one remaining entry, since if the code is incomplete, the\n maximum code length that was allowed to get this far is one bit) */\n if (huff !== 0) {\n //table.op[next + huff] = 64; /* invalid code marker */\n //table.bits[next + huff] = len - drop;\n //table.val[next + huff] = 0;\n table[next + huff] = len - drop << 24 | 64 << 16 |0;\n }\n\n /* set return parameters */\n //opts.table_index += used;\n opts.bits = root;\n return 0;\n}\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nimport * as utils from \"../utils/common.js\";\nimport adler32 from \"./adler32.js\";\nimport crc32 from \"./crc32.js\";\nimport inflate_fast from \"./inffast.js\";\nimport inflate_table from \"./inftrees.js\";\n\nconst CODES = 0;\nconst LENS = 1;\nconst DISTS = 2;\n\n/* Public constants ==========================================================*/\n/* ===========================================================================*/\n\nimport {\n Z_FINISH,\n Z_BLOCK,\n Z_TREES,\n Z_OK,\n Z_STREAM_END,\n Z_NEED_DICT,\n Z_STREAM_ERROR,\n Z_DATA_ERROR,\n Z_BUF_ERROR,\n Z_DEFLATED\n} from \"./constants.js\";\n\n/* STATES ====================================================================*/\n/* ===========================================================================*/\n\n\nconst HEAD = 1; /* i: waiting for magic header */\nconst FLAGS = 2; /* i: waiting for method and flags (gzip) */\nconst TIME = 3; /* i: waiting for modification time (gzip) */\nconst OS = 4; /* i: waiting for extra flags and operating system (gzip) */\nconst EXLEN = 5; /* i: waiting for extra length (gzip) */\nconst EXTRA = 6; /* i: waiting for extra bytes (gzip) */\nconst NAME = 7; /* i: waiting for end of file name (gzip) */\nconst COMMENT = 8; /* i: waiting for end of comment (gzip) */\nconst HCRC = 9; /* i: waiting for header crc (gzip) */\nconst DICTID = 10; /* i: waiting for dictionary check value */\nconst DICT = 11; /* waiting for inflateSetDictionary() call */\nconst TYPE = 12; /* i: waiting for type bits, including last-flag bit */\nconst TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */\nconst STORED = 14; /* i: waiting for stored size (length and complement) */\nconst COPY_ = 15; /* i/o: same as COPY below, but only first time in */\nconst COPY = 16; /* i/o: waiting for input or output to copy stored block */\nconst TABLE = 17; /* i: waiting for dynamic block table lengths */\nconst LENLENS = 18; /* i: waiting for code length code lengths */\nconst CODELENS = 19; /* i: waiting for length/lit and distance code lengths */\nconst LEN_ = 20; /* i: same as LEN below, but only first time in */\nconst LEN = 21; /* i: waiting for length/lit/eob code */\nconst LENEXT = 22; /* i: waiting for length extra bits */\nconst DIST = 23; /* i: waiting for distance code */\nconst DISTEXT = 24; /* i: waiting for distance extra bits */\nconst MATCH = 25; /* o: waiting for output space to copy string */\nconst LIT = 26; /* o: waiting for output space to write literal */\nconst CHECK = 27; /* i: waiting for 32-bit check value */\nconst LENGTH = 28; /* i: waiting for 32-bit length (gzip) */\nconst DONE = 29; /* finished check, done -- remain here until reset */\nconst BAD = 30; /* got a data error -- remain here until reset */\n//const MEM = 31; /* got an inflate() memory error -- remain here until reset */\nconst SYNC = 32; /* looking for synchronization bytes to restart inflate() */\n\n/* ===========================================================================*/\n\n\n\nconst ENOUGH_LENS = 852;\nconst ENOUGH_DISTS = 592;\n//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);\n\nconst MAX_WBITS = 15;\n/* 32K LZ77 window */\nconst DEF_WBITS = MAX_WBITS;\n\n\nfunction zswap32(q) {\n return (((q >>> 24) & 0xff) +\n ((q >>> 8) & 0xff00) +\n ((q & 0xff00) << 8) +\n ((q & 0xff) << 24));\n}\n\n\nclass InflateState {\n constructor() {\n this.mode = 0; /* current inflate mode */\n this.last = false; /* true if processing last block */\n this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */\n this.havedict = false; /* true if dictionary provided */\n this.flags = 0; /* gzip header method and flags (0 if zlib) */\n this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */\n this.check = 0; /* protected copy of check value */\n this.total = 0; /* protected copy of output count */\n // TODO: may be {}\n this.head = null; /* where to save gzip header information */\n\n /* sliding window */\n this.wbits = 0; /* log base 2 of requested window size */\n this.wsize = 0; /* window size or zero if not using window */\n this.whave = 0; /* valid bytes in the window */\n this.wnext = 0; /* window write index */\n this.window = null; /* allocated sliding window, if needed */\n\n /* bit accumulator */\n this.hold = 0; /* input bit accumulator */\n this.bits = 0; /* number of bits in \"in\" */\n\n /* for string and stored block copying */\n this.length = 0; /* literal or length of data to copy */\n this.offset = 0; /* distance back to copy string from */\n\n /* for table and code decoding */\n this.extra = 0; /* extra bits needed */\n\n /* fixed and dynamic code tables */\n this.lencode = null; /* starting table for length/literal codes */\n this.distcode = null; /* starting table for distance codes */\n this.lenbits = 0; /* index bits for lencode */\n this.distbits = 0; /* index bits for distcode */\n\n /* dynamic table building */\n this.ncode = 0; /* number of code length code lengths */\n this.nlen = 0; /* number of length code lengths */\n this.ndist = 0; /* number of distance code lengths */\n this.have = 0; /* number of code lengths in lens[] */\n this.next = null; /* next available space in codes[] */\n\n this.lens = new utils.Buf16(320); /* temporary storage for code lengths */\n this.work = new utils.Buf16(288); /* work area for code table building */\n\n /*\n because we don't have pointers in js, we use lencode and distcode directly\n as buffers so we don't need codes\n */\n //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */\n this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */\n this.distdyn = null; /* dynamic table for distance codes (JS specific) */\n this.sane = 0; /* if false, allow invalid distance too far */\n this.back = 0; /* bits back of last unprocessed length/lit */\n this.was = 0; /* initial length of match */\n }\n}\n\nfunction inflateResetKeep(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n strm.total_in = strm.total_out = state.total = 0;\n strm.msg = ''; /*Z_NULL*/\n if (state.wrap) { /* to support ill-conceived Java test suite */\n strm.adler = state.wrap & 1;\n }\n state.mode = HEAD;\n state.last = 0;\n state.havedict = 0;\n state.dmax = 32768;\n state.head = null/*Z_NULL*/;\n state.hold = 0;\n state.bits = 0;\n //state.lencode = state.distcode = state.next = state.codes;\n state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);\n state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);\n\n state.sane = 1;\n state.back = -1;\n //Tracev((stderr, \"inflate: reset\\n\"));\n return Z_OK;\n}\n\nfunction inflateReset(strm) {\n let state;\n\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n state.wsize = 0;\n state.whave = 0;\n state.wnext = 0;\n return inflateResetKeep(strm);\n\n}\n\nfunction inflateReset2(strm, windowBits) {\n let wrap;\n let state;\n\n /* get the state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n /* extract wrap request from windowBits parameter */\n if (windowBits < 0) {\n wrap = 0;\n windowBits = -windowBits;\n }\n else {\n wrap = (windowBits >> 4) + 1;\n if (windowBits < 48) {\n windowBits &= 15;\n }\n }\n\n /* set number of window bits, free window if different */\n if (windowBits && (windowBits < 8 || windowBits > 15)) {\n return Z_STREAM_ERROR;\n }\n if (state.window !== null && state.wbits !== windowBits) {\n state.window = null;\n }\n\n /* update state and reset the rest of it */\n state.wrap = wrap;\n state.wbits = windowBits;\n return inflateReset(strm);\n}\n\nfunction inflateInit2(strm, windowBits) {\n let ret;\n let state;\n\n if (!strm) { return Z_STREAM_ERROR; }\n //strm.msg = Z_NULL; /* in case we return an error */\n\n state = new InflateState();\n\n //if (state === Z_NULL) return Z_MEM_ERROR;\n //Tracev((stderr, \"inflate: allocated\\n\"));\n strm.state = state;\n state.window = null/*Z_NULL*/;\n ret = inflateReset2(strm, windowBits);\n if (ret !== Z_OK) {\n strm.state = null/*Z_NULL*/;\n }\n return ret;\n}\n\nfunction inflateInit(strm) {\n return inflateInit2(strm, DEF_WBITS);\n}\n\n\n/*\n Return state with length and distance decoding tables and index sizes set to\n fixed code decoding. Normally this returns fixed tables from inffixed.h.\n If BUILDFIXED is defined, then instead this routine builds the tables the\n first time it's called, and returns those tables the first time and\n thereafter. This reduces the size of the code by about 2K bytes, in\n exchange for a little execution time. However, BUILDFIXED should not be\n used for threaded applications, since the rewriting of the tables and virgin\n may not be thread-safe.\n */\nlet virgin = true;\n\nlet lenfix, distfix; // We have no pointers in JS, so keep tables separate\n\nfunction fixedtables(state) {\n /* build fixed huffman tables if first call (may not be thread safe) */\n if (virgin) {\n let sym;\n\n lenfix = new utils.Buf32(512);\n distfix = new utils.Buf32(32);\n\n /* literal/length table */\n sym = 0;\n while (sym < 144) { state.lens[sym++] = 8; }\n while (sym < 256) { state.lens[sym++] = 9; }\n while (sym < 280) { state.lens[sym++] = 7; }\n while (sym < 288) { state.lens[sym++] = 8; }\n\n inflate_table(LENS, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 });\n\n /* distance table */\n sym = 0;\n while (sym < 32) { state.lens[sym++] = 5; }\n\n inflate_table(DISTS, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 });\n\n /* do this just once */\n virgin = false;\n }\n\n state.lencode = lenfix;\n state.lenbits = 9;\n state.distcode = distfix;\n state.distbits = 5;\n}\n\n\n/*\n Update the window with the last wsize (normally 32K) bytes written before\n returning. If window does not exist yet, create it. This is only called\n when a window is already in use, or when output has been written during this\n inflate call, but the end of the deflate stream has not been reached yet.\n It is also called to create a window for dictionary data when a dictionary\n is loaded.\n\n Providing output buffers larger than 32K to inflate() should provide a speed\n advantage, since only the last 32K of output is copied to the sliding window\n upon return from inflate(), and since all distances after the first 32K of\n output will fall in the output data, making match copies simpler and faster.\n The advantage may be dependent on the size of the processor's data caches.\n */\nfunction updatewindow(strm, src, end, copy) {\n let dist;\n const state = strm.state;\n\n /* if it hasn't been done already, allocate space for the window */\n if (state.window === null) {\n state.wsize = 1 << state.wbits;\n state.wnext = 0;\n state.whave = 0;\n\n state.window = new utils.Buf8(state.wsize);\n }\n\n /* copy state->wsize or less output bytes into the circular window */\n if (copy >= state.wsize) {\n utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);\n state.wnext = 0;\n state.whave = state.wsize;\n }\n else {\n dist = state.wsize - state.wnext;\n if (dist > copy) {\n dist = copy;\n }\n //zmemcpy(state->window + state->wnext, end - copy, dist);\n utils.arraySet(state.window, src, end - copy, dist, state.wnext);\n copy -= dist;\n if (copy) {\n //zmemcpy(state->window, end - copy, copy);\n utils.arraySet(state.window, src, end - copy, copy, 0);\n state.wnext = copy;\n state.whave = state.wsize;\n }\n else {\n state.wnext += dist;\n if (state.wnext === state.wsize) { state.wnext = 0; }\n if (state.whave < state.wsize) { state.whave += dist; }\n }\n }\n return 0;\n}\n\nfunction inflate(strm, flush) {\n let state;\n let input, output; // input/output buffers\n let next; /* next input INDEX */\n let put; /* next output INDEX */\n let have, left; /* available input and output */\n let hold; /* bit buffer */\n let bits; /* bits in bit buffer */\n let _in, _out; /* save starting available input and output */\n let copy; /* number of stored or match bytes to copy */\n let from; /* where to copy match bytes from */\n let from_source;\n let here = 0; /* current decoding table entry */\n let here_bits, here_op, here_val; // paked \"here\" denormalized (JS specific)\n //var last; /* parent table entry */\n let last_bits, last_op, last_val; // paked \"last\" denormalized (JS specific)\n let len; /* length to copy for repeats, bits to drop */\n let ret; /* return code */\n let hbuf = new utils.Buf8(4); /* buffer for gzip header crc calculation */\n let opts;\n\n let n; // temporary var for NEED_BITS\n\n const order = /* permutation of code lengths */\n [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];\n\n\n if (!strm || !strm.state || !strm.output ||\n (!strm.input && strm.avail_in !== 0)) {\n return Z_STREAM_ERROR;\n }\n\n state = strm.state;\n if (state.mode === TYPE) { state.mode = TYPEDO; } /* skip check */\n\n\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n _in = have;\n _out = left;\n ret = Z_OK;\n\n inf_leave: // goto emulation\n for (;;) {\n switch (state.mode) {\n case HEAD:\n if (state.wrap === 0) {\n state.mode = TYPEDO;\n break;\n }\n //=== NEEDBITS(16);\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */\n state.check = 0/*crc32(0L, Z_NULL, 0)*/;\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = FLAGS;\n break;\n }\n state.flags = 0; /* expect zlib header */\n if (state.head) {\n state.head.done = false;\n }\n if (!(state.wrap & 1) || /* check if zlib header allowed */\n (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {\n strm.msg = 'incorrect header check';\n state.mode = BAD;\n break;\n }\n if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n len = (hold & 0x0f)/*BITS(4)*/ + 8;\n if (state.wbits === 0) {\n state.wbits = len;\n }\n else if (len > state.wbits) {\n strm.msg = 'invalid window size';\n state.mode = BAD;\n break;\n }\n state.dmax = 1 << len;\n //Tracev((stderr, \"inflate: zlib header ok\\n\"));\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = hold & 0x200 ? DICTID : TYPE;\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n break;\n case FLAGS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.flags = hold;\n if ((state.flags & 0xff) !== Z_DEFLATED) {\n strm.msg = 'unknown compression method';\n state.mode = BAD;\n break;\n }\n if (state.flags & 0xe000) {\n strm.msg = 'unknown header flags set';\n state.mode = BAD;\n break;\n }\n if (state.head) {\n state.head.text = ((hold >> 8) & 1);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = TIME;\n /* falls through */\n case TIME:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.time = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC4(state.check, hold)\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n hbuf[2] = (hold >>> 16) & 0xff;\n hbuf[3] = (hold >>> 24) & 0xff;\n state.check = crc32(state.check, hbuf, 4, 0);\n //===\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = OS;\n /* falls through */\n case OS:\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (state.head) {\n state.head.xflags = (hold & 0xff);\n state.head.os = (hold >> 8);\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = EXLEN;\n /* falls through */\n case EXLEN:\n if (state.flags & 0x0400) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length = hold;\n if (state.head) {\n state.head.extra_len = hold;\n }\n if (state.flags & 0x0200) {\n //=== CRC2(state.check, hold);\n hbuf[0] = hold & 0xff;\n hbuf[1] = (hold >>> 8) & 0xff;\n state.check = crc32(state.check, hbuf, 2, 0);\n //===//\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n else if (state.head) {\n state.head.extra = null/*Z_NULL*/;\n }\n state.mode = EXTRA;\n /* falls through */\n case EXTRA:\n if (state.flags & 0x0400) {\n copy = state.length;\n if (copy > have) { copy = have; }\n if (copy) {\n if (state.head) {\n len = state.head.extra_len - state.length;\n if (!state.head.extra) {\n // Use untyped array for more convenient processing later\n state.head.extra = new Array(state.head.extra_len);\n }\n utils.arraySet(\n state.head.extra,\n input,\n next,\n // extra field is limited to 65536 bytes\n // - no need for additional size check\n copy,\n /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/\n len\n );\n //zmemcpy(state.head.extra + len, next,\n // len + copy > state.head.extra_max ?\n // state.head.extra_max - len : copy);\n }\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n state.length -= copy;\n }\n if (state.length) { break inf_leave; }\n }\n state.length = 0;\n state.mode = NAME;\n /* falls through */\n case NAME:\n if (state.flags & 0x0800) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n // TODO: 2 or 1 bytes?\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.name_max*/)) {\n state.head.name += String.fromCharCode(len);\n }\n } while (len && copy < have);\n\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.name = null;\n }\n state.length = 0;\n state.mode = COMMENT;\n /* falls through */\n case COMMENT:\n if (state.flags & 0x1000) {\n if (have === 0) { break inf_leave; }\n copy = 0;\n do {\n len = input[next + copy++];\n /* use constant limit because in js we should not preallocate memory */\n if (state.head && len &&\n (state.length < 65536 /*state.head.comm_max*/)) {\n state.head.comment += String.fromCharCode(len);\n }\n } while (len && copy < have);\n if (state.flags & 0x0200) {\n state.check = crc32(state.check, input, copy, next);\n }\n have -= copy;\n next += copy;\n if (len) { break inf_leave; }\n }\n else if (state.head) {\n state.head.comment = null;\n }\n state.mode = HCRC;\n /* falls through */\n case HCRC:\n if (state.flags & 0x0200) {\n //=== NEEDBITS(16); */\n while (bits < 16) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.check & 0xffff)) {\n strm.msg = 'header crc mismatch';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n }\n if (state.head) {\n state.head.hcrc = ((state.flags >> 9) & 1);\n state.head.done = true;\n }\n strm.adler = state.check = 0;\n state.mode = TYPE;\n break;\n case DICTID:\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n strm.adler = state.check = zswap32(hold);\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = DICT;\n /* falls through */\n case DICT:\n if (state.havedict === 0) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n return Z_NEED_DICT;\n }\n strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;\n state.mode = TYPE;\n /* falls through */\n case TYPE:\n if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case TYPEDO:\n if (state.last) {\n //--- BYTEBITS() ---//\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n state.mode = CHECK;\n break;\n }\n //=== NEEDBITS(3); */\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.last = (hold & 0x01)/*BITS(1)*/;\n //--- DROPBITS(1) ---//\n hold >>>= 1;\n bits -= 1;\n //---//\n\n switch ((hold & 0x03)/*BITS(2)*/) {\n case 0: /* stored block */\n //Tracev((stderr, \"inflate: stored block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = STORED;\n break;\n case 1: /* fixed block */\n fixedtables(state);\n //Tracev((stderr, \"inflate: fixed codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = LEN_; /* decode codes */\n if (flush === Z_TREES) {\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break inf_leave;\n }\n break;\n case 2: /* dynamic block */\n //Tracev((stderr, \"inflate: dynamic codes block%s\\n\",\n // state.last ? \" (last)\" : \"\"));\n state.mode = TABLE;\n break;\n case 3:\n strm.msg = 'invalid block type';\n state.mode = BAD;\n }\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n break;\n case STORED:\n //--- BYTEBITS() ---// /* go to byte boundary */\n hold >>>= bits & 7;\n bits -= bits & 7;\n //---//\n //=== NEEDBITS(32); */\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {\n strm.msg = 'invalid stored block lengths';\n state.mode = BAD;\n break;\n }\n state.length = hold & 0xffff;\n //Tracev((stderr, \"inflate: stored length %u\\n\",\n // state.length));\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n state.mode = COPY_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case COPY_:\n state.mode = COPY;\n /* falls through */\n case COPY:\n copy = state.length;\n if (copy) {\n if (copy > have) { copy = have; }\n if (copy > left) { copy = left; }\n if (copy === 0) { break inf_leave; }\n //--- zmemcpy(put, next, copy); ---\n utils.arraySet(output, input, next, copy, put);\n //---//\n have -= copy;\n next += copy;\n left -= copy;\n put += copy;\n state.length -= copy;\n break;\n }\n //Tracev((stderr, \"inflate: stored end\\n\"));\n state.mode = TYPE;\n break;\n case TABLE:\n //=== NEEDBITS(14); */\n while (bits < 14) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;\n //--- DROPBITS(5) ---//\n hold >>>= 5;\n bits -= 5;\n //---//\n state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;\n //--- DROPBITS(4) ---//\n hold >>>= 4;\n bits -= 4;\n //---//\n//#ifndef PKZIP_BUG_WORKAROUND\n if (state.nlen > 286 || state.ndist > 30) {\n strm.msg = 'too many length or distance symbols';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracev((stderr, \"inflate: table sizes ok\\n\"));\n state.have = 0;\n state.mode = LENLENS;\n /* falls through */\n case LENLENS:\n while (state.have < state.ncode) {\n //=== NEEDBITS(3);\n while (bits < 3) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n while (state.have < 19) {\n state.lens[order[state.have++]] = 0;\n }\n // We have separate tables & no pointers. 2 commented lines below not needed.\n //state.next = state.codes;\n //state.lencode = state.next;\n // Switch to use dynamic table\n state.lencode = state.lendyn;\n state.lenbits = 7;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);\n state.lenbits = opts.bits;\n\n if (ret) {\n strm.msg = 'invalid code lengths set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, \"inflate: code lengths ok\\n\"));\n state.have = 0;\n state.mode = CODELENS;\n /* falls through */\n case CODELENS:\n while (state.have < state.nlen + state.ndist) {\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_val < 16) {\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.lens[state.have++] = here_val;\n }\n else {\n if (here_val === 16) {\n //=== NEEDBITS(here.bits + 2);\n n = here_bits + 2;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n if (state.have === 0) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n len = state.lens[state.have - 1];\n copy = 3 + (hold & 0x03);//BITS(2);\n //--- DROPBITS(2) ---//\n hold >>>= 2;\n bits -= 2;\n //---//\n }\n else if (here_val === 17) {\n //=== NEEDBITS(here.bits + 3);\n n = here_bits + 3;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 3 + (hold & 0x07);//BITS(3);\n //--- DROPBITS(3) ---//\n hold >>>= 3;\n bits -= 3;\n //---//\n }\n else {\n //=== NEEDBITS(here.bits + 7);\n n = here_bits + 7;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n len = 0;\n copy = 11 + (hold & 0x7f);//BITS(7);\n //--- DROPBITS(7) ---//\n hold >>>= 7;\n bits -= 7;\n //---//\n }\n if (state.have + copy > state.nlen + state.ndist) {\n strm.msg = 'invalid bit length repeat';\n state.mode = BAD;\n break;\n }\n while (copy--) {\n state.lens[state.have++] = len;\n }\n }\n }\n\n /* handle error breaks in while */\n if (state.mode === BAD) { break; }\n\n /* check for end-of-block code (better have one) */\n if (state.lens[256] === 0) {\n strm.msg = 'invalid code -- missing end-of-block';\n state.mode = BAD;\n break;\n }\n\n /* build code tables -- note: do not change the lenbits or distbits\n values here (9 and 6) without reading the comments in inftrees.h\n concerning the ENOUGH constants, which depend on those values */\n state.lenbits = 9;\n\n opts = { bits: state.lenbits };\n ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.lenbits = opts.bits;\n // state.lencode = state.next;\n\n if (ret) {\n strm.msg = 'invalid literal/lengths set';\n state.mode = BAD;\n break;\n }\n\n state.distbits = 6;\n //state.distcode.copy(state.codes);\n // Switch to use dynamic table\n state.distcode = state.distdyn;\n opts = { bits: state.distbits };\n ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);\n // We have separate tables & no pointers. 2 commented lines below not needed.\n // state.next_index = opts.table_index;\n state.distbits = opts.bits;\n // state.distcode = state.next;\n\n if (ret) {\n strm.msg = 'invalid distances set';\n state.mode = BAD;\n break;\n }\n //Tracev((stderr, 'inflate: codes ok\\n'));\n state.mode = LEN_;\n if (flush === Z_TREES) { break inf_leave; }\n /* falls through */\n case LEN_:\n state.mode = LEN;\n /* falls through */\n case LEN:\n if (have >= 6 && left >= 258) {\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n inflate_fast(strm, _out);\n //--- LOAD() ---\n put = strm.next_out;\n output = strm.output;\n left = strm.avail_out;\n next = strm.next_in;\n input = strm.input;\n have = strm.avail_in;\n hold = state.hold;\n bits = state.bits;\n //---\n\n if (state.mode === TYPE) {\n state.back = -1;\n }\n break;\n }\n state.back = 0;\n for (;;) {\n here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if (here_bits <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if (here_op && (here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.lencode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n state.length = here_val;\n if (here_op === 0) {\n //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?\n // \"inflate: literal '%c'\\n\" :\n // \"inflate: literal 0x%02x\\n\", here.val));\n state.mode = LIT;\n break;\n }\n if (here_op & 32) {\n //Tracevv((stderr, \"inflate: end of block\\n\"));\n state.back = -1;\n state.mode = TYPE;\n break;\n }\n if (here_op & 64) {\n strm.msg = 'invalid literal/length code';\n state.mode = BAD;\n break;\n }\n state.extra = here_op & 15;\n state.mode = LENEXT;\n /* falls through */\n case LENEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n //Tracevv((stderr, \"inflate: length %u\\n\", state.length));\n state.was = state.length;\n state.mode = DIST;\n /* falls through */\n case DIST:\n for (;;) {\n here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n if ((here_op & 0xf0) === 0) {\n last_bits = here_bits;\n last_op = here_op;\n last_val = here_val;\n for (;;) {\n here = state.distcode[last_val +\n ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];\n here_bits = here >>> 24;\n here_op = (here >>> 16) & 0xff;\n here_val = here & 0xffff;\n\n if ((last_bits + here_bits) <= bits) { break; }\n //--- PULLBYTE() ---//\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n //---//\n }\n //--- DROPBITS(last.bits) ---//\n hold >>>= last_bits;\n bits -= last_bits;\n //---//\n state.back += last_bits;\n }\n //--- DROPBITS(here.bits) ---//\n hold >>>= here_bits;\n bits -= here_bits;\n //---//\n state.back += here_bits;\n if (here_op & 64) {\n strm.msg = 'invalid distance code';\n state.mode = BAD;\n break;\n }\n state.offset = here_val;\n state.extra = (here_op) & 15;\n state.mode = DISTEXT;\n /* falls through */\n case DISTEXT:\n if (state.extra) {\n //=== NEEDBITS(state.extra);\n n = state.extra;\n while (bits < n) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;\n //--- DROPBITS(state.extra) ---//\n hold >>>= state.extra;\n bits -= state.extra;\n //---//\n state.back += state.extra;\n }\n//#ifdef INFLATE_STRICT\n if (state.offset > state.dmax) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n//#endif\n //Tracevv((stderr, \"inflate: distance %u\\n\", state.offset));\n state.mode = MATCH;\n /* falls through */\n case MATCH:\n if (left === 0) { break inf_leave; }\n copy = _out - left;\n if (state.offset > copy) { /* copy from window */\n copy = state.offset - copy;\n if (copy > state.whave) {\n if (state.sane) {\n strm.msg = 'invalid distance too far back';\n state.mode = BAD;\n break;\n }\n// (!) This block is disabled in zlib defaults,\n// don't enable it for binary compatibility\n//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR\n// Trace((stderr, \"inflate.c too far\\n\"));\n// copy -= state.whave;\n// if (copy > state.length) { copy = state.length; }\n// if (copy > left) { copy = left; }\n// left -= copy;\n// state.length -= copy;\n// do {\n// output[put++] = 0;\n// } while (--copy);\n// if (state.length === 0) { state.mode = LEN; }\n// break;\n//#endif\n }\n if (copy > state.wnext) {\n copy -= state.wnext;\n from = state.wsize - copy;\n }\n else {\n from = state.wnext - copy;\n }\n if (copy > state.length) { copy = state.length; }\n from_source = state.window;\n }\n else { /* copy from output */\n from_source = output;\n from = put - state.offset;\n copy = state.length;\n }\n if (copy > left) { copy = left; }\n left -= copy;\n state.length -= copy;\n do {\n output[put++] = from_source[from++];\n } while (--copy);\n if (state.length === 0) { state.mode = LEN; }\n break;\n case LIT:\n if (left === 0) { break inf_leave; }\n output[put++] = state.length;\n left--;\n state.mode = LEN;\n break;\n case CHECK:\n if (state.wrap) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n // Use '|' instead of '+' to make sure that result is signed\n hold |= input[next++] << bits;\n bits += 8;\n }\n //===//\n _out -= left;\n strm.total_out += _out;\n state.total += _out;\n if (_out) {\n strm.adler = state.check =\n /*UPDATE(state.check, put - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));\n\n }\n _out = left;\n // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too\n if ((state.flags ? hold : zswap32(hold)) !== state.check) {\n strm.msg = 'incorrect data check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: check matches trailer\\n\"));\n }\n state.mode = LENGTH;\n /* falls through */\n case LENGTH:\n if (state.wrap && state.flags) {\n //=== NEEDBITS(32);\n while (bits < 32) {\n if (have === 0) { break inf_leave; }\n have--;\n hold += input[next++] << bits;\n bits += 8;\n }\n //===//\n if (hold !== (state.total & 0xffffffff)) {\n strm.msg = 'incorrect length check';\n state.mode = BAD;\n break;\n }\n //=== INITBITS();\n hold = 0;\n bits = 0;\n //===//\n //Tracev((stderr, \"inflate: length matches trailer\\n\"));\n }\n state.mode = DONE;\n /* falls through */\n case DONE:\n ret = Z_STREAM_END;\n break inf_leave;\n case BAD:\n ret = Z_DATA_ERROR;\n break inf_leave;\n // case MEM:\n // return Z_MEM_ERROR;\n case SYNC:\n /* falls through */\n default:\n return Z_STREAM_ERROR;\n }\n }\n\n // inf_leave <- here is real place for \"goto inf_leave\", emulated via \"break inf_leave\"\n\n /*\n Return from inflate(), updating the total counts and the check value.\n If there was no progress during the inflate() call, return a buffer\n error. Call updatewindow() to create and/or update the window state.\n Note: a memory error from inflate() is non-recoverable.\n */\n\n //--- RESTORE() ---\n strm.next_out = put;\n strm.avail_out = left;\n strm.next_in = next;\n strm.avail_in = have;\n state.hold = hold;\n state.bits = bits;\n //---\n\n if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&\n (state.mode < CHECK || flush !== Z_FINISH))) {\n if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n }\n }\n _in -= strm.avail_in;\n _out -= strm.avail_out;\n strm.total_in += _in;\n strm.total_out += _out;\n state.total += _out;\n if (state.wrap && _out) {\n strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/\n (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));\n }\n strm.data_type = state.bits + (state.last ? 64 : 0) +\n (state.mode === TYPE ? 128 : 0) +\n (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);\n if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {\n ret = Z_BUF_ERROR;\n }\n return ret;\n}\n\nfunction inflateEnd(strm) {\n\n if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {\n return Z_STREAM_ERROR;\n }\n\n const state = strm.state;\n if (state.window) {\n state.window = null;\n }\n strm.state = null;\n return Z_OK;\n}\n\nfunction inflateGetHeader(strm, head) {\n let state;\n\n /* check state */\n if (!strm || !strm.state) { return Z_STREAM_ERROR; }\n state = strm.state;\n if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }\n\n /* save header structure */\n state.head = head;\n head.done = false;\n return Z_OK;\n}\n\nfunction inflateSetDictionary(strm, dictionary) {\n const dictLength = dictionary.length;\n\n let state;\n let dictid;\n let ret;\n\n /* check state */\n if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }\n state = strm.state;\n\n if (state.wrap !== 0 && state.mode !== DICT) {\n return Z_STREAM_ERROR;\n }\n\n /* check for correct dictionary identifier */\n if (state.mode === DICT) {\n dictid = 1; /* adler32(0, null, 0)*/\n /* dictid = adler32(dictid, dictionary, dictLength); */\n dictid = adler32(dictid, dictionary, dictLength, 0);\n if (dictid !== state.check) {\n return Z_DATA_ERROR;\n }\n }\n /* copy dictionary to window using updatewindow(), which will amend the\n existing dictionary if appropriate */\n ret = updatewindow(strm, dictionary, dictLength, dictLength);\n // if (ret) {\n // state.mode = MEM;\n // return Z_MEM_ERROR;\n // }\n state.havedict = 1;\n // Tracev((stderr, \"inflate: dictionary set\\n\"));\n return Z_OK;\n}\n\nconst inflateInfo = 'pako inflate (from Nodeca project)';\n\nexport {\n inflateReset,\n inflateReset2,\n inflateResetKeep,\n inflateInit,\n inflateInit2,\n inflate,\n inflateEnd,\n inflateGetHeader,\n inflateSetDictionary,\n inflateInfo\n};\n\n/* Not implemented\nexports.inflateCopy = inflateCopy;\nexports.inflateGetDictionary = inflateGetDictionary;\nexports.inflateMark = inflateMark;\nexports.inflatePrime = inflatePrime;\nexports.inflateSync = inflateSync;\nexports.inflateSyncPoint = inflateSyncPoint;\nexports.inflateUndermine = inflateUndermine;\n*/\n","'use strict';\n\n// (C) 1995-2013 Jean-loup Gailly and Mark Adler\n// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin\n//\n// This software is provided 'as-is', without any express or implied\n// warranty. In no event will the authors be held liable for any damages\n// arising from the use of this software.\n//\n// Permission is granted to anyone to use this software for any purpose,\n// including commercial applications, and to alter it and redistribute it\n// freely, subject to the following restrictions:\n//\n// 1. The origin of this software must not be misrepresented; you must not\n// claim that you wrote the original software. If you use this software\n// in a product, an acknowledgment in the product documentation would be\n// appreciated but is not required.\n// 2. Altered source versions must be plainly marked as such, and must not be\n// misrepresented as being the original software.\n// 3. This notice may not be removed or altered from any source distribution.\n\nexport default class GZheader {\n constructor() {\n /* true if compressed data believed to be text */\n this.text = 0;\n /* modification time */\n this.time = 0;\n /* extra flags (not used when writing a gzip file) */\n this.xflags = 0;\n /* operating system */\n this.os = 0;\n /* pointer to extra field or Z_NULL if none */\n this.extra = null;\n /* extra field length (valid if extra != Z_NULL) */\n this.extra_len = 0; // Actually, we don't need it in JS,\n // but leave for few code modifications\n\n //\n // Setup limits is not necessary because in js we should not preallocate memory\n // for inflate use constant limit in 65536 bytes\n //\n\n /* space at extra (only when reading header) */\n // this.extra_max = 0;\n /* pointer to zero-terminated file name or Z_NULL */\n this.name = '';\n /* space at name (only when reading header) */\n // this.name_max = 0;\n /* pointer to zero-terminated comment or Z_NULL */\n this.comment = '';\n /* space at comment (only when reading header) */\n // this.comm_max = 0;\n /* true if there was or will be a header crc */\n this.hcrc = 0;\n /* true when done reading gzip header (not used when writing a gzip file) */\n this.done = false;\n }\n}","'use strict';\n\nimport * as zlib_inflate from \"./zlib/inflate.js\";\nimport * as utils from \"./utils/common.js\";\nimport * as strings from \"./utils/strings.js\";\nimport * as c from \"./zlib/constants.js\";\nimport msg from \"./zlib/messages.js\";\nimport ZStream from \"./zlib/zstream.js\";\nimport GZheader from \"./zlib/gzheader.js\";\n\n/**\n * class Inflate\n *\n * Generic JS-style wrapper for zlib calls. If you don't need\n * streaming behaviour - use more simple functions: [[inflate]]\n * and [[inflateRaw]].\n **/\n\n/* internal\n * inflate.chunks -> Array\n *\n * Chunks of output data, if [[Inflate#onData]] not overridden.\n **/\n\n/**\n * Inflate.result -> Uint8Array|Array|String\n *\n * Uncompressed result, generated by default [[Inflate#onData]]\n * and [[Inflate#onEnd]] handlers. Filled after you push last chunk\n * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you\n * push a chunk with explicit flush (call [[Inflate#push]] with\n * `Z_SYNC_FLUSH` param).\n **/\n\n/**\n * Inflate.err -> Number\n *\n * Error code after inflate finished. 0 (Z_OK) on success.\n * Should be checked if broken data possible.\n **/\n\n/**\n * Inflate.msg -> String\n *\n * Error message, if [[Inflate.err]] != 0\n **/\n\n\n/**\n * new Inflate(options)\n * - options (Object): zlib inflate options.\n *\n * Creates new inflator instance with specified params. Throws exception\n * on bad params. Supported options:\n *\n * - `windowBits`\n * - `dictionary`\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information on these.\n *\n * Additional options, for internal needs:\n *\n * - `chunkSize` - size of generated data chunks (16K by default)\n * - `raw` (Boolean) - do raw inflate\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n * By default, when no options set, autodetect deflate/gzip data format via\n * wrapper header.\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])\n * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);\n *\n * var inflate = new pako.Inflate({ level: 3});\n *\n * inflate.push(chunk1, false);\n * inflate.push(chunk2, true); // true -> last chunk\n *\n * if (inflate.err) { throw new Error(inflate.err); }\n *\n * console.log(inflate.result);\n * ```\n **/\nclass Inflate {\n constructor(options) {\n this.options = {\n chunkSize: 16384,\n windowBits: 0,\n ...(options || {})\n };\n\n const opt = this.options;\n\n // Force window size for `raw` data, if not set directly,\n // because we have no header for autodetect.\n if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {\n opt.windowBits = -opt.windowBits;\n if (opt.windowBits === 0) { opt.windowBits = -15; }\n }\n\n // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate\n if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&\n !(options && options.windowBits)) {\n opt.windowBits += 32;\n }\n\n // Gzip header has no info about windows size, we can do autodetect only\n // for deflate. So, if window size not set, force it to max when gzip possible\n if ((opt.windowBits > 15) && (opt.windowBits < 48)) {\n // bit 3 (16) -> gzipped data\n // bit 4 (32) -> autodetect gzip/deflate\n if ((opt.windowBits & 15) === 0) {\n opt.windowBits |= 15;\n }\n }\n\n this.err = 0; // error code, if happens (0 = Z_OK)\n this.msg = ''; // error message\n this.ended = false; // used to avoid multiple onEnd() calls\n this.chunks = []; // chunks of compressed data\n\n this.strm = new ZStream();\n this.strm.avail_out = 0;\n\n let status = zlib_inflate.inflateInit2(\n this.strm,\n opt.windowBits\n );\n\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n\n this.header = new GZheader();\n\n zlib_inflate.inflateGetHeader(this.strm, this.header);\n\n // Setup dictionary\n if (opt.dictionary) {\n // Convert data if needed\n if (typeof opt.dictionary === 'string') {\n opt.dictionary = strings.string2buf(opt.dictionary);\n } else if (opt.dictionary instanceof ArrayBuffer) {\n opt.dictionary = new Uint8Array(opt.dictionary);\n }\n if (opt.raw) { //In raw mode we need to set the dictionary early\n status = zlib_inflate.inflateSetDictionary(this.strm, opt.dictionary);\n if (status !== c.Z_OK) {\n throw new Error(msg[status]);\n }\n }\n }\n }\n /**\n * Inflate#push(data[, mode]) -> Boolean\n * - data (Uint8Array|Array|ArrayBuffer|String): input data\n * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.\n * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH.\n *\n * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with\n * new output chunks. Returns `true` on success. The last data block must have\n * mode Z_FINISH (or `true`). That will flush internal pending buffers and call\n * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you\n * can use mode Z_SYNC_FLUSH, keeping the decompression context.\n *\n * On fail call [[Inflate#onEnd]] with error code and return false.\n *\n * We strongly recommend to use `Uint8Array` on input for best speed (output\n * format is detected automatically). Also, don't skip last param and always\n * use the same type in your code (boolean or number). That will improve JS speed.\n *\n * For regular `Array`-s make sure all elements are [0..255].\n *\n * ##### Example\n *\n * ```javascript\n * push(chunk, false); // push one of data chunks\n * ...\n * push(chunk, true); // push last chunk\n * ```\n **/\n push(data, mode) {\n const { strm, options: { chunkSize, dictionary } } = this;\n let status, _mode;\n let next_out_utf8, tail, utf8str;\n\n // Flag to properly process Z_BUF_ERROR on testing inflate call\n // when we check that all output data was flushed.\n let allowBufError = false;\n\n if (this.ended) { return false; }\n _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);\n\n // Convert data if needed\n if (typeof data === 'string') {\n // Only binary strings can be decompressed on practice\n strm.input = strings.binstring2buf(data);\n } else if (data instanceof ArrayBuffer) {\n strm.input = new Uint8Array(data);\n } else {\n strm.input = data;\n }\n\n strm.next_in = 0;\n strm.avail_in = strm.input.length;\n\n do {\n if (strm.avail_out === 0) {\n strm.output = new utils.Buf8(chunkSize);\n strm.next_out = 0;\n strm.avail_out = chunkSize;\n }\n\n status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH); /* no bad return value */\n\n if (status === c.Z_NEED_DICT && dictionary) {\n status = zlib_inflate.inflateSetDictionary(this.strm, dictionary);\n }\n\n if (status === c.Z_BUF_ERROR && allowBufError === true) {\n status = c.Z_OK;\n allowBufError = false;\n }\n\n if (status !== c.Z_STREAM_END && status !== c.Z_OK) {\n this.onEnd(status);\n this.ended = true;\n return false;\n }\n\n if (strm.next_out) {\n if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {\n this.onData(utils.shrinkBuf(strm.output, strm.next_out));\n }\n }\n\n // When no more input data, we should check that internal inflate buffers\n // are flushed. The only way to do it when avail_out = 0 - run one more\n // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.\n // Here we set flag to process this error properly.\n //\n // NOTE. Deflate does not return error in this case and does not needs such\n // logic.\n if (strm.avail_in === 0 && strm.avail_out === 0) {\n allowBufError = true;\n }\n\n } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);\n\n if (status === c.Z_STREAM_END) {\n _mode = c.Z_FINISH;\n }\n\n // Finalize on the last chunk.\n if (_mode === c.Z_FINISH) {\n status = zlib_inflate.inflateEnd(this.strm);\n this.onEnd(status);\n this.ended = true;\n return status === c.Z_OK;\n }\n\n // callback interim results if Z_SYNC_FLUSH.\n if (_mode === c.Z_SYNC_FLUSH) {\n this.onEnd(c.Z_OK);\n strm.avail_out = 0;\n return true;\n }\n\n return true;\n };\n\n /**\n * Inflate#onData(chunk) -> Void\n * - chunk (Uint8Array|Array|String): output data. Type of array depends\n * on js engine support. When string output requested, each chunk\n * will be string.\n *\n * By default, stores data blocks in `chunks[]` property and glue\n * those in `onEnd`. Override this handler, if you need another behaviour.\n **/\n onData(chunk) {\n this.chunks.push(chunk);\n };\n\n\n\n /**\n * Inflate#onEnd(status) -> Void\n * - status (Number): inflate status. 0 (Z_OK) on success,\n * other if not.\n *\n * Called either after you tell inflate that the input stream is\n * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)\n * or if an error happened. By default - join collected chunks,\n * free memory and fill `results` / `err` properties.\n **/\n onEnd(status) {\n // On success - join\n if (status === c.Z_OK) {\n this.result = utils.flattenChunks(this.chunks);\n }\n this.chunks = [];\n this.err = status;\n this.msg = this.strm.msg;\n };\n}\n\n/**\n * inflate(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Decompress `data` with inflate/ungzip and `options`. Autodetect\n * format via wrapper header by default. That's why we don't provide\n * separate `ungzip` method.\n *\n * Supported options are:\n *\n * - windowBits\n *\n * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)\n * for more information.\n *\n * Sugar (options):\n *\n * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify\n * negative windowBits implicitly.\n * - `to` (String) - if equal to 'string', then result will be converted\n * from utf8 to utf16 (javascript) string. When string output requested,\n * chunk length can differ from `chunkSize`, depending on content.\n *\n *\n * ##### Example:\n *\n * ```javascript\n * var pako = require('pako')\n * , input = pako.deflate([1,2,3,4,5,6,7,8,9])\n * , output;\n *\n * try {\n * output = pako.inflate(input);\n * } catch (err)\n * console.log(err);\n * }\n * ```\n **/\nfunction inflate(input, options) {\n const inflator = new Inflate(options);\n\n inflator.push(input, true);\n\n // That will never happens, if you don't cheat with options :)\n if (inflator.err) { throw new Error(inflator.msg || msg[inflator.err]); }\n\n return inflator.result;\n}\n\n\n/**\n * inflateRaw(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * The same as [[inflate]], but creates raw data, without wrapper\n * (header and adler32 crc).\n **/\nfunction inflateRaw(input, options) {\n options = options || {};\n options.raw = true;\n return inflate(input, options);\n}\n\n\n/**\n * ungzip(data[, options]) -> Uint8Array|Array|String\n * - data (Uint8Array|Array|String): input data to decompress.\n * - options (Object): zlib inflate options.\n *\n * Just shortcut to [[inflate]], because it autodetects format\n * by header.content. Done for convenience.\n **/\n\nexport { Inflate, inflate, inflateRaw, inflate as ungzip };\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuer,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.signedHashValue = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n this.params = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length));\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false) {\n if (key.version === 5) {\n this.version = 5;\n } else {\n this.version = 4;\n }\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = [];\n this.unhashedSubpackets.forEach(data => {\n arr.push(writeSimpleLength(data.length));\n arr.push(data);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, 2);\n\n return util.concat([length, result]);\n }\n\n // V4 signature sub packets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n if (!hashed) {\n this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n mypos++;\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuer:\n // Issuer\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion === 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n default: {\n const err = new Error(`Unknown signature subpacket type ${type}`);\n if (critical) {\n throw err;\n } else {\n util.printDebug(err);\n }\n }\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, 2));\n\n let i = 2;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n constructor() {\n /** A one-octet version number. The current version is 3. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** An eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current version is 3.\n this.version = bytes[mypos++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n // An eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]);\n\n const end = new Uint8Array([this.flags]);\n\n return util.concatUint8Array([start, this.issuerKeyID.write(), end]);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID)\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnsupportedError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Deflate } from '@openpgp/pako/lib/deflate';\nimport { Inflate } from '@openpgp/pako/lib/inflate';\nimport { Z_SYNC_FLUSH, Z_FINISH } from '@openpgp/pako/lib/zlib/constants';\nimport { decode as BunzipDecode } from '@openpgp/seek-bzip';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n\n /**\n * zip/zlib compression level, between 1 and 9\n */\n this.deflateLevel = config.deflateLevel;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName];\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write(), this.deflateLevel);\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\nconst nodeZlib = util.getNodeZlib();\n\nfunction uncompressed(data) {\n return data;\n}\n\nfunction node_zlib(func, create, options = {}) {\n return function (data) {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(data => {\n return new Promise((resolve, reject) => {\n func(data, options, (err, result) => {\n if (err) return reject(err);\n resolve(result);\n });\n });\n }));\n }\n return stream.nodeToWeb(stream.webToNode(data).pipe(create(options)));\n };\n}\n\nfunction pako_zlib(constructor, options = {}) {\n return function(data) {\n const obj = new constructor(options);\n return stream.transform(data, value => {\n if (value.length) {\n obj.push(value, Z_SYNC_FLUSH);\n return obj.result;\n }\n }, () => {\n if (constructor === Deflate) {\n obj.push([], Z_FINISH);\n return obj.result;\n }\n });\n };\n}\n\nfunction bzip2(func) {\n return function(data) {\n return stream.fromAsync(async () => func(await stream.readToEnd(data)));\n };\n}\n\nconst compress_fns = nodeZlib ? {\n zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed)\n} : {\n zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed),\n zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed)\n};\n\nconst decompress_fns = nodeZlib ? {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw),\n zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n} : {\n uncompressed: uncompressed,\n zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }),\n zlib: /*#__PURE__*/ pako_zlib(Inflate),\n bzip2: /*#__PURE__*/ bzip2(BunzipDecode)\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n constructor() {\n this.version = VERSION;\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n // - A one-octet version number. The only currently defined value is 1.\n if (version !== VERSION) {\n throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`);\n }\n\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n return util.concat([new Uint8Array([VERSION]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n let packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await this.crypt('decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await this.crypt('encrypt', key, data);\n }\n\n /**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\n async crypt(fn, key, data) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const modeInstance = await mode(this.cipherAlgorithm, key);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const adataBuffer = new ArrayBuffer(21);\n const adataArray = new Uint8Array(adataBuffer, 0, 13);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n const iv = this.iv;\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new stream.TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray);\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...)\n cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray);\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\nconst VERSION = 3;\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = 3;\n\n this.publicKeyID = new KeyID();\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version !== VERSION) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n i += this.publicKeyID.read(bytes.subarray(i));\n this.publicKeyAlgorithm = bytes[i++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version);\n if (this.publicKeyAlgorithm === enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version]),\n this.publicKeyID.write(),\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n // v3 Montgomery curves have cleartext cipher algo\n if (this.publicKeyAlgorithm !== enums.publicKey.x25519) {\n this.sessionKeyAlgorithm = sessionKeyAlgorithm;\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // add checksum\n return util.concatUint8Array([\n new Uint8Array([cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n }\n case enums.publicKey.x25519:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm);\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n return {\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n * @private\n */\n\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport { UnsupportedError } from '../packet/packet';\nimport util from '../util';\n\nclass S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = 'iterated';\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n try {\n this.type = enums.read(enums.s2k, bytes[i++]);\n } catch (err) {\n throw new UnsupportedError('Unknown S2K type.');\n }\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport S2K from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 5 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = enums.symmetric.aes256;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number. The only currently defined version is 4.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version === 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n this.s2k = new S2K();\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version === 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, key);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n } else {\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n\n const { blockSize, keySize } = crypto.getCipher(algo);\n const encryptionKey = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version === 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v5Keys ? 5 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes) {\n let pos = 0;\n // A one-octet version number (3, 4 or 5).\n this.version = bytes[pos++];\n\n if (this.version === 4 || this.version === 5) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version === 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version === 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n if (version === 5) {\n return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]);\n }\n return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version === 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version === 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipher(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport S2K from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n this.s2k = new S2K();\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipher(this.symmetric).blockSize\n );\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n const cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...this.s2k.write());\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = new S2K(config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = new S2K(config);\n this.s2k.salt = crypto.random.getRandomBytes(8);\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n\n const { blockSize } = crypto.getCipher(this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = enums.aead.eax;\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } else {\n this.s2kUsage = 254;\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array());\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\nasync function produceEncryptionKey(s2k, passphrase, algorithm) {\n const { keySize } = crypto.getCipher(algorithm);\n return s2k.produceKey(passphrase, keySize);\n}\n\nexport default SecretKeyPacket;\n","\n// email-addresses.js - RFC 5322 email address parser\n// v 3.1.0\n//\n// http://tools.ietf.org/html/rfc5322\n//\n// This library does not validate email addresses.\n// emailAddresses attempts to parse addresses using the (fairly liberal)\n// grammar specified in RFC 5322.\n//\n// email-addresses returns {\n// ast: ,\n// addresses: [{\n// node: ,\n// name: ,\n// address: ,\n// local: ,\n// domain: \n// }, ...]\n// }\n//\n// emailAddresses.parseOneAddress and emailAddresses.parseAddressList\n// work as you might expect. Try it out.\n//\n// Many thanks to Dominic Sayers and his documentation on the is_email function,\n// http://code.google.com/p/isemail/ , which helped greatly in writing this parser.\n\n(function (global) {\n\"use strict\";\n\nfunction parse5322(opts) {\n\n // tokenizing functions\n\n function inStr() { return pos < len; }\n function curTok() { return parseString[pos]; }\n function getPos() { return pos; }\n function setPos(i) { pos = i; }\n function nextTok() { pos += 1; }\n function initialize() {\n pos = 0;\n len = parseString.length;\n }\n\n // parser helper functions\n\n function o(name, value) {\n return {\n name: name,\n tokens: value || \"\",\n semantic: value || \"\",\n children: []\n };\n }\n\n function wrap(name, ast) {\n var n;\n if (ast === null) { return null; }\n n = o(name);\n n.tokens = ast.tokens;\n n.semantic = ast.semantic;\n n.children.push(ast);\n return n;\n }\n\n function add(parent, child) {\n if (child !== null) {\n parent.tokens += child.tokens;\n parent.semantic += child.semantic;\n }\n parent.children.push(child);\n return parent;\n }\n\n function compareToken(fxnCompare) {\n var tok;\n if (!inStr()) { return null; }\n tok = curTok();\n if (fxnCompare(tok)) {\n nextTok();\n return o('token', tok);\n }\n return null;\n }\n\n function literal(lit) {\n return function literalFunc() {\n return wrap('literal', compareToken(function (tok) {\n return tok === lit;\n }));\n };\n }\n\n function and() {\n var args = arguments;\n return function andFunc() {\n var i, s, result, start;\n start = getPos();\n s = o('and');\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result === null) {\n setPos(start);\n return null;\n }\n add(s, result);\n }\n return s;\n };\n }\n\n function or() {\n var args = arguments;\n return function orFunc() {\n var i, result, start;\n start = getPos();\n for (i = 0; i < args.length; i += 1) {\n result = args[i]();\n if (result !== null) {\n return result;\n }\n setPos(start);\n }\n return null;\n };\n }\n\n function opt(prod) {\n return function optFunc() {\n var result, start;\n start = getPos();\n result = prod();\n if (result !== null) {\n return result;\n }\n else {\n setPos(start);\n return o('opt');\n }\n };\n }\n\n function invis(prod) {\n return function invisFunc() {\n var result = prod();\n if (result !== null) {\n result.semantic = \"\";\n }\n return result;\n };\n }\n\n function colwsp(prod) {\n return function collapseSemanticWhitespace() {\n var result = prod();\n if (result !== null && result.semantic.length > 0) {\n result.semantic = \" \";\n }\n return result;\n };\n }\n\n function star(prod, minimum) {\n return function starFunc() {\n var s, result, count, start, min;\n start = getPos();\n s = o('star');\n count = 0;\n min = minimum === undefined ? 0 : minimum;\n while ((result = prod()) !== null) {\n count = count + 1;\n add(s, result);\n }\n if (count >= min) {\n return s;\n }\n else {\n setPos(start);\n return null;\n }\n };\n }\n\n // One expects names to get normalized like this:\n // \" First Last \" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n // \"First Last\" -> \"First Last\"\n function collapseWhitespace(s) {\n return s.replace(/([ \\t]|\\r\\n)+/g, ' ').replace(/^\\s*/, '').replace(/\\s*$/, '');\n }\n\n // UTF-8 pseudo-production (RFC 6532)\n // RFC 6532 extends RFC 5322 productions to include UTF-8\n // using the following productions:\n // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4\n // UTF8-2 = \n // UTF8-3 = \n // UTF8-4 = \n //\n // For reference, the extended RFC 5322 productions are:\n // VCHAR =/ UTF8-non-ascii\n // ctext =/ UTF8-non-ascii\n // atext =/ UTF8-non-ascii\n // qtext =/ UTF8-non-ascii\n // dtext =/ UTF8-non-ascii\n function isUTF8NonAscii(tok) {\n // In JavaScript, we just deal directly with Unicode code points,\n // so we aren't checking individual bytes for UTF-8 encoding.\n // Just check that the character is non-ascii.\n return tok.charCodeAt(0) >= 128;\n }\n\n\n // common productions (RFC 5234)\n // http://tools.ietf.org/html/rfc5234\n // B.1. Core Rules\n\n // CR = %x0D\n // ; carriage return\n function cr() { return wrap('cr', literal('\\r')()); }\n\n // CRLF = CR LF\n // ; Internet standard newline\n function crlf() { return wrap('crlf', and(cr, lf)()); }\n\n // DQUOTE = %x22\n // ; \" (Double Quote)\n function dquote() { return wrap('dquote', literal('\"')()); }\n\n // HTAB = %x09\n // ; horizontal tab\n function htab() { return wrap('htab', literal('\\t')()); }\n\n // LF = %x0A\n // ; linefeed\n function lf() { return wrap('lf', literal('\\n')()); }\n\n // SP = %x20\n function sp() { return wrap('sp', literal(' ')()); }\n\n // VCHAR = %x21-7E\n // ; visible (printing) characters\n function vchar() {\n return wrap('vchar', compareToken(function vcharFunc(tok) {\n var code = tok.charCodeAt(0);\n var accept = (0x21 <= code && code <= 0x7E);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // WSP = SP / HTAB\n // ; white space\n function wsp() { return wrap('wsp', or(sp, htab)()); }\n\n\n // email productions (RFC 5322)\n // http://tools.ietf.org/html/rfc5322\n // 3.2.1. Quoted characters\n\n // quoted-pair = (\"\\\" (VCHAR / WSP)) / obs-qp\n function quotedPair() {\n var qp = wrap('quoted-pair',\n or(\n and(literal('\\\\'), or(vchar, wsp)),\n obsQP\n )());\n if (qp === null) { return null; }\n // a quoted pair will be two characters, and the \"\\\" character\n // should be semantically \"invisible\" (RFC 5322 3.2.1)\n qp.semantic = qp.semantic[1];\n return qp;\n }\n\n // 3.2.2. Folding White Space and Comments\n\n // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS\n function fws() {\n return wrap('fws', or(\n obsFws,\n and(\n opt(and(\n star(wsp),\n invis(crlf)\n )),\n star(wsp, 1)\n )\n )());\n }\n\n // ctext = %d33-39 / ; Printable US-ASCII\n // %d42-91 / ; characters not including\n // %d93-126 / ; \"(\", \")\", or \"\\\"\n // obs-ctext\n function ctext() {\n return wrap('ctext', or(\n function ctextFunc1() {\n return compareToken(function ctextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 39) ||\n (42 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsCtext\n )());\n }\n\n // ccontent = ctext / quoted-pair / comment\n function ccontent() {\n return wrap('ccontent', or(ctext, quotedPair, comment)());\n }\n\n // comment = \"(\" *([FWS] ccontent) [FWS] \")\"\n function comment() {\n return wrap('comment', and(\n literal('('),\n star(and(opt(fws), ccontent)),\n opt(fws),\n literal(')')\n )());\n }\n\n // CFWS = (1*([FWS] comment) [FWS]) / FWS\n function cfws() {\n return wrap('cfws', or(\n and(\n star(\n and(opt(fws), comment),\n 1\n ),\n opt(fws)\n ),\n fws\n )());\n }\n\n // 3.2.3. Atom\n\n //atext = ALPHA / DIGIT / ; Printable US-ASCII\n // \"!\" / \"#\" / ; characters not including\n // \"$\" / \"%\" / ; specials. Used for atoms.\n // \"&\" / \"'\" /\n // \"*\" / \"+\" /\n // \"-\" / \"/\" /\n // \"=\" / \"?\" /\n // \"^\" / \"_\" /\n // \"`\" / \"{\" /\n // \"|\" / \"}\" /\n // \"~\"\n function atext() {\n return wrap('atext', compareToken(function atextFunc(tok) {\n var accept =\n ('a' <= tok && tok <= 'z') ||\n ('A' <= tok && tok <= 'Z') ||\n ('0' <= tok && tok <= '9') ||\n (['!', '#', '$', '%', '&', '\\'', '*', '+', '-', '/',\n '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n }));\n }\n\n // atom = [CFWS] 1*atext [CFWS]\n function atom() {\n return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))());\n }\n\n // dot-atom-text = 1*atext *(\".\" 1*atext)\n function dotAtomText() {\n var s, maybeText;\n s = wrap('dot-atom-text', star(atext, 1)());\n if (s === null) { return s; }\n maybeText = star(and(literal('.'), star(atext, 1)))();\n if (maybeText !== null) {\n add(s, maybeText);\n }\n return s;\n }\n\n // dot-atom = [CFWS] dot-atom-text [CFWS]\n function dotAtom() {\n return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))());\n }\n\n // 3.2.4. Quoted Strings\n\n // qtext = %d33 / ; Printable US-ASCII\n // %d35-91 / ; characters not including\n // %d93-126 / ; \"\\\" or the quote character\n // obs-qtext\n function qtext() {\n return wrap('qtext', or(\n function qtextFunc1() {\n return compareToken(function qtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 === code) ||\n (35 <= code && code <= 91) ||\n (93 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsQtext\n )());\n }\n\n // qcontent = qtext / quoted-pair\n function qcontent() {\n return wrap('qcontent', or(qtext, quotedPair)());\n }\n\n // quoted-string = [CFWS]\n // DQUOTE *([FWS] qcontent) [FWS] DQUOTE\n // [CFWS]\n function quotedString() {\n return wrap('quoted-string', and(\n invis(opt(cfws)),\n invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote),\n invis(opt(cfws))\n )());\n }\n\n // 3.2.5 Miscellaneous Tokens\n\n // word = atom / quoted-string\n function word() {\n return wrap('word', or(atom, quotedString)());\n }\n\n // phrase = 1*word / obs-phrase\n function phrase() {\n return wrap('phrase', or(obsPhrase, star(word, 1))());\n }\n\n // 3.4. Address Specification\n // address = mailbox / group\n function address() {\n return wrap('address', or(mailbox, group)());\n }\n\n // mailbox = name-addr / addr-spec\n function mailbox() {\n return wrap('mailbox', or(nameAddr, addrSpec)());\n }\n\n // name-addr = [display-name] angle-addr\n function nameAddr() {\n return wrap('name-addr', and(opt(displayName), angleAddr)());\n }\n\n // angle-addr = [CFWS] \"<\" addr-spec \">\" [CFWS] /\n // obs-angle-addr\n function angleAddr() {\n return wrap('angle-addr', or(\n and(\n invis(opt(cfws)),\n literal('<'),\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n ),\n obsAngleAddr\n )());\n }\n\n // group = display-name \":\" [group-list] \";\" [CFWS]\n function group() {\n return wrap('group', and(\n displayName,\n literal(':'),\n opt(groupList),\n literal(';'),\n invis(opt(cfws))\n )());\n }\n\n // display-name = phrase\n function displayName() {\n return wrap('display-name', function phraseFixedSemantic() {\n var result = phrase();\n if (result !== null) {\n result.semantic = collapseWhitespace(result.semantic);\n }\n return result;\n }());\n }\n\n // mailbox-list = (mailbox *(\",\" mailbox)) / obs-mbox-list\n function mailboxList() {\n return wrap('mailbox-list', or(\n and(\n mailbox,\n star(and(literal(','), mailbox))\n ),\n obsMboxList\n )());\n }\n\n // address-list = (address *(\",\" address)) / obs-addr-list\n function addressList() {\n return wrap('address-list', or(\n and(\n address,\n star(and(literal(','), address))\n ),\n obsAddrList\n )());\n }\n\n // group-list = mailbox-list / CFWS / obs-group-list\n function groupList() {\n return wrap('group-list', or(\n mailboxList,\n invis(cfws),\n obsGroupList\n )());\n }\n\n // 3.4.1 Addr-Spec Specification\n\n // local-part = dot-atom / quoted-string / obs-local-part\n function localPart() {\n // note: quoted-string, dotAtom are proper subsets of obs-local-part\n // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree\n return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)());\n }\n\n // dtext = %d33-90 / ; Printable US-ASCII\n // %d94-126 / ; characters not including\n // obs-dtext ; \"[\", \"]\", or \"\\\"\n function dtext() {\n return wrap('dtext', or(\n function dtextFunc1() {\n return compareToken(function dtextFunc2(tok) {\n var code = tok.charCodeAt(0);\n var accept =\n (33 <= code && code <= 90) ||\n (94 <= code && code <= 126);\n if (opts.rfc6532) {\n accept = accept || isUTF8NonAscii(tok);\n }\n return accept;\n });\n },\n obsDtext\n )()\n );\n }\n\n // domain-literal = [CFWS] \"[\" *([FWS] dtext) [FWS] \"]\" [CFWS]\n function domainLiteral() {\n return wrap('domain-literal', and(\n invis(opt(cfws)),\n literal('['),\n star(and(opt(fws), dtext)),\n opt(fws),\n literal(']'),\n invis(opt(cfws))\n )());\n }\n\n // domain = dot-atom / domain-literal / obs-domain\n function domain() {\n return wrap('domain', function domainCheckTLD() {\n var result = or(obsDomain, dotAtom, domainLiteral)();\n if (opts.rejectTLD) {\n if (result && result.semantic && result.semantic.indexOf('.') < 0) {\n return null;\n }\n }\n // strip all whitespace from domains\n if (result) {\n result.semantic = result.semantic.replace(/\\s+/g, '');\n }\n return result;\n }());\n }\n\n // addr-spec = local-part \"@\" domain\n function addrSpec() {\n return wrap('addr-spec', and(\n localPart, literal('@'), domain\n )());\n }\n\n // 3.6.2 Originator Fields\n // Below we only parse the field body, not the name of the field\n // like \"From:\", \"Sender:\", or \"Reply-To:\". Other libraries that\n // parse email headers can parse those and defer to these productions\n // for the \"RFC 5322\" part.\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // from = \"From:\" (mailbox-list / address-list) CRLF\n function fromSpec() {\n return wrap('from', or(\n mailboxList,\n addressList\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // sender = \"Sender:\" (mailbox / address) CRLF\n function senderSpec() {\n return wrap('sender', or(\n mailbox,\n address\n )());\n }\n\n // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields\n // reply-to = \"Reply-To:\" address-list CRLF\n function replyToSpec() {\n return wrap('reply-to', addressList());\n }\n\n // 4.1. Miscellaneous Obsolete Tokens\n\n // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control\n // %d11 / ; characters that do not\n // %d12 / ; include the carriage\n // %d14-31 / ; return, line feed, and\n // %d127 ; white space characters\n function obsNoWsCtl() {\n return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) {\n var code = tok.charCodeAt(0);\n return ((1 <= code && code <= 8) ||\n (11 === code || 12 === code) ||\n (14 <= code && code <= 31) ||\n (127 === code));\n }));\n }\n\n // obs-ctext = obs-NO-WS-CTL\n function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); }\n\n // obs-qtext = obs-NO-WS-CTL\n function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); }\n\n // obs-qp = \"\\\" (%d0 / obs-NO-WS-CTL / LF / CR)\n function obsQP() {\n return opts.strict ? null : wrap('obs-qp', and(\n literal('\\\\'),\n or(literal('\\0'), obsNoWsCtl, lf, cr)\n )());\n }\n\n // obs-phrase = word *(word / \".\" / CFWS)\n function obsPhrase() {\n if (opts.strict ) return null;\n return opts.atInDisplayName ? wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), literal('@'), colwsp(cfws)))\n )()) :\n wrap('obs-phrase', and(\n word,\n star(or(word, literal('.'), colwsp(cfws)))\n )());\n }\n\n // 4.2. Obsolete Folding White Space\n\n // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908\n // obs-FWS = 1*([CRLF] WSP)\n function obsFws() {\n return opts.strict ? null : wrap('obs-FWS', star(\n and(invis(opt(crlf)), wsp),\n 1\n )());\n }\n\n // 4.4. Obsolete Addressing\n\n // obs-angle-addr = [CFWS] \"<\" obs-route addr-spec \">\" [CFWS]\n function obsAngleAddr() {\n return opts.strict ? null : wrap('obs-angle-addr', and(\n invis(opt(cfws)),\n literal('<'),\n obsRoute,\n addrSpec,\n literal('>'),\n invis(opt(cfws))\n )());\n }\n\n // obs-route = obs-domain-list \":\"\n function obsRoute() {\n return opts.strict ? null : wrap('obs-route', and(\n obsDomainList,\n literal(':')\n )());\n }\n\n // obs-domain-list = *(CFWS / \",\") \"@\" domain\n // *(\",\" [CFWS] [\"@\" domain])\n function obsDomainList() {\n return opts.strict ? null : wrap('obs-domain-list', and(\n star(or(invis(cfws), literal(','))),\n literal('@'),\n domain,\n star(and(\n literal(','),\n invis(opt(cfws)),\n opt(and(literal('@'), domain))\n ))\n )());\n }\n\n // obs-mbox-list = *([CFWS] \",\") mailbox *(\",\" [mailbox / CFWS])\n function obsMboxList() {\n return opts.strict ? null : wrap('obs-mbox-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n mailbox,\n star(and(\n literal(','),\n opt(and(\n mailbox,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-addr-list = *([CFWS] \",\") address *(\",\" [address / CFWS])\n function obsAddrList() {\n return opts.strict ? null : wrap('obs-addr-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n )),\n address,\n star(and(\n literal(','),\n opt(and(\n address,\n invis(cfws)\n ))\n ))\n )());\n }\n\n // obs-group-list = 1*([CFWS] \",\") [CFWS]\n function obsGroupList() {\n return opts.strict ? null : wrap('obs-group-list', and(\n star(and(\n invis(opt(cfws)),\n literal(',')\n ), 1),\n invis(opt(cfws))\n )());\n }\n\n // obs-local-part = word *(\".\" word)\n function obsLocalPart() {\n return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))());\n }\n\n // obs-domain = atom *(\".\" atom)\n function obsDomain() {\n return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))());\n }\n\n // obs-dtext = obs-NO-WS-CTL / quoted-pair\n function obsDtext() {\n return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)());\n }\n\n /////////////////////////////////////////////////////\n\n // ast analysis\n\n function findNode(name, root) {\n var i, stack, node;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n return node;\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return null;\n }\n\n function findAllNodes(name, root) {\n var i, stack, node, result;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name === name) {\n result.push(node);\n }\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n return result;\n }\n\n function findAllNodesNoChildren(names, root) {\n var i, stack, node, result, namesLookup;\n if (root === null || root === undefined) { return null; }\n stack = [root];\n result = [];\n namesLookup = {};\n for (i = 0; i < names.length; i += 1) {\n namesLookup[names[i]] = true;\n }\n\n while (stack.length > 0) {\n node = stack.pop();\n if (node.name in namesLookup) {\n result.push(node);\n // don't look at children (hence findAllNodesNoChildren)\n } else {\n for (i = node.children.length - 1; i >= 0; i -= 1) {\n stack.push(node.children[i]);\n }\n }\n }\n return result;\n }\n\n function giveResult(ast) {\n var addresses, groupsAndMailboxes, i, groupOrMailbox, result;\n if (ast === null) {\n return null;\n }\n addresses = [];\n\n // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'.\n groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast);\n for (i = 0; i < groupsAndMailboxes.length; i += 1) {\n groupOrMailbox = groupsAndMailboxes[i];\n if (groupOrMailbox.name === 'group') {\n addresses.push(giveResultGroup(groupOrMailbox));\n } else if (groupOrMailbox.name === 'mailbox') {\n addresses.push(giveResultMailbox(groupOrMailbox));\n }\n }\n\n result = {\n ast: ast,\n addresses: addresses,\n };\n if (opts.simple) {\n result = simplifyResult(result);\n }\n if (opts.oneResult) {\n return oneResult(result);\n }\n if (opts.simple) {\n return result && result.addresses;\n } else {\n return result;\n }\n }\n\n function giveResultGroup(group) {\n var i;\n var groupName = findNode('display-name', group);\n var groupResultMailboxes = [];\n var mailboxes = findAllNodesNoChildren(['mailbox'], group);\n for (i = 0; i < mailboxes.length; i += 1) {\n groupResultMailboxes.push(giveResultMailbox(mailboxes[i]));\n }\n return {\n node: group,\n parts: {\n name: groupName,\n },\n type: group.name, // 'group'\n name: grabSemantic(groupName),\n addresses: groupResultMailboxes,\n };\n }\n\n function giveResultMailbox(mailbox) {\n var name = findNode('display-name', mailbox);\n var aspec = findNode('addr-spec', mailbox);\n var cfws = findAllNodes('cfws', mailbox);\n var comments = findAllNodesNoChildren(['comment'], mailbox);\n\n\n var local = findNode('local-part', aspec);\n var domain = findNode('domain', aspec);\n return {\n node: mailbox,\n parts: {\n name: name,\n address: aspec,\n local: local,\n domain: domain,\n comments: cfws\n },\n type: mailbox.name, // 'mailbox'\n name: grabSemantic(name),\n address: grabSemantic(aspec),\n local: grabSemantic(local),\n domain: grabSemantic(domain),\n comments: concatComments(comments),\n groupName: grabSemantic(mailbox.groupName),\n };\n }\n\n function grabSemantic(n) {\n return n !== null && n !== undefined ? n.semantic : null;\n }\n\n function simplifyResult(result) {\n var i;\n if (result && result.addresses) {\n for (i = 0; i < result.addresses.length; i += 1) {\n delete result.addresses[i].node;\n }\n }\n return result;\n }\n\n function concatComments(comments) {\n var result = '';\n if (comments) {\n for (var i = 0; i < comments.length; i += 1) {\n result += grabSemantic(comments[i]);\n }\n }\n return result;\n }\n\n function oneResult(result) {\n if (!result) { return null; }\n if (!opts.partial && result.addresses.length > 1) { return null; }\n return result.addresses && result.addresses[0];\n }\n\n /////////////////////////////////////////////////////\n\n var parseString, pos, len, parsed, startProduction;\n\n opts = handleOpts(opts, {});\n if (opts === null) { return null; }\n\n parseString = opts.input;\n\n startProduction = {\n 'address': address,\n 'address-list': addressList,\n 'angle-addr': angleAddr,\n 'from': fromSpec,\n 'group': group,\n 'mailbox': mailbox,\n 'mailbox-list': mailboxList,\n 'reply-to': replyToSpec,\n 'sender': senderSpec,\n }[opts.startAt] || addressList;\n\n if (!opts.strict) {\n initialize();\n opts.strict = true;\n parsed = startProduction(parseString);\n if (opts.partial || !inStr()) {\n return giveResult(parsed);\n }\n opts.strict = false;\n }\n\n initialize();\n parsed = startProduction(parseString);\n if (!opts.partial && inStr()) { return null; }\n return giveResult(parsed);\n}\n\nfunction parseOneAddressSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseAddressListSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'address-list',\n }));\n}\n\nfunction parseFromSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'from',\n }));\n}\n\nfunction parseSenderSimple(opts) {\n return parse5322(handleOpts(opts, {\n oneResult: true,\n rfc6532: true,\n simple: true,\n startAt: 'sender',\n }));\n}\n\nfunction parseReplyToSimple(opts) {\n return parse5322(handleOpts(opts, {\n rfc6532: true,\n simple: true,\n startAt: 'reply-to',\n }));\n}\n\nfunction handleOpts(opts, defs) {\n function isString(str) {\n return Object.prototype.toString.call(str) === '[object String]';\n }\n\n function isObject(o) {\n return o === Object(o);\n }\n\n function isNullUndef(o) {\n return o === null || o === undefined;\n }\n\n var defaults, o;\n\n if (isString(opts)) {\n opts = { input: opts };\n } else if (!isObject(opts)) {\n return null;\n }\n\n if (!isString(opts.input)) { return null; }\n if (!defs) { return null; }\n\n defaults = {\n oneResult: false,\n partial: false,\n rejectTLD: false,\n rfc6532: false,\n simple: false,\n startAt: 'address-list',\n strict: false,\n atInDisplayName: false\n };\n\n for (o in defaults) {\n if (isNullUndef(opts[o])) {\n opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o];\n }\n }\n return opts;\n}\n\nparse5322.parseOneAddress = parseOneAddressSimple;\nparse5322.parseAddressList = parseAddressListSimple;\nparse5322.parseFrom = parseFromSimple;\nparse5322.parseSender = parseSenderSimple;\nparse5322.parseReplyTo = parseReplyToSimple;\n\nif (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {\n module.exports = parse5322;\n} else {\n global.emailAddresses = parse5322;\n}\n\n}(this));\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport emailAddresses from 'email-addresses';\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n try {\n const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true });\n this.comment = comments.replace(/^\\(|\\)$/g, '');\n this.name = name;\n this.email = email;\n } catch (e) {}\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n * @private\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm of a key\n * @param {Key} [key] - The key to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userID = {}, config) {\n let hashAlgo = config.preferredHashAlgorithm;\n let prefAlgo = hashAlgo;\n if (key) {\n const primaryUser = await key.getPrimaryUser(date, userID, config);\n if (primaryUser.selfCertification.preferredHashAlgorithms) {\n [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms;\n hashAlgo = crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n }\n }\n switch (keyPacket.algorithm) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n prefAlgo = crypto.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid);\n }\n return crypto.hash.getHashByteLength(hashAlgo) <= crypto.hash.getHashByteLength(prefAlgo) ?\n prefAlgo : hashAlgo;\n}\n\n/**\n * Returns the preferred symmetric/aead/compression algorithm for a set of keys\n * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred algorithm\n * @async\n */\nexport async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = { // these are all must-implement in rfc4880bis\n 'symmetric': enums.symmetric.aes128,\n 'aead': enums.aead.eax,\n 'compression': enums.compression.uncompressed\n }[type];\n const preferredSenderAlgo = {\n 'symmetric': config.preferredSymmetricAlgorithm,\n 'aead': config.preferredAEADAlgorithm,\n 'compression': config.preferredCompressionAlgorithm\n }[type];\n const prefPropertyName = {\n 'symmetric': 'preferredSymmetricAlgorithms',\n 'aead': 'preferredAEADAlgorithms',\n 'compression': 'preferredCompressionAlgorithms'\n }[type];\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n const recipientPrefs = primaryUser.selfCertification[prefPropertyName];\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {PrivateKey} privateKey - key to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userID, config);\n signaturePacket.rawNotations = notations;\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n await revocationSignature.verify(\n key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\n/**\n * Returns whether aead is supported by all keys in the set\n * @param {Array} keys - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function isAEADSupported(keys, date = new Date(), userIDs = [], config = defaultConfig) {\n let supported = true;\n // TODO replace when Promise.some or Promise.any are implemented\n await Promise.all(keys.map(async function(key, i) {\n const primaryUser = await key.getPrimaryUser(date, userIDs[i], config);\n if (!primaryUser.selfCertification.features ||\n !(primaryUser.selfCertification.features[0] & enums.features.aead)) {\n supported = false;\n }\n }));\n return supported;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc':\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) {\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function isValidSigningKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.rsaEncrypt &&\n keyAlgo !== enums.publicKey.elgamal &&\n keyAlgo !== enums.publicKey.ecdh &&\n keyAlgo !== enums.publicKey.x25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0);\n}\n\nexport function isValidEncryptionKeyPacket(keyPacket, signature) {\n const keyAlgo = keyPacket.algorithm;\n return keyAlgo !== enums.publicKey.dsa &&\n keyAlgo !== enums.publicKey.rsaSign &&\n keyAlgo !== enums.publicKey.ecdsa &&\n keyAlgo !== enums.publicKey.eddsaLegacy &&\n keyAlgo !== enums.publicKey.ed25519 &&\n (!signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0);\n}\n\nexport function isValidDecryptionKeyPacket(signature, config) {\n if (config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n * @private\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n * @private\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n // check for expiration time in direct signatures\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const { selfCertification } = await this.getPrimaryUser(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate');\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {}\n }\n }\n\n // evaluate primary key\n const primaryUser = await this.getPrimaryUser(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) &&\n helper.isValidDecryptionKeyPacket(primaryUser.selfCertification, config)) {\n keys.push(this);\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n const keyPacket = await helper.generateSecretSubkey(options);\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {};\n dataToSign.userID = userIDPacket;\n dataToSign.key = secretKeyPacket;\n\n const signatureProperties = {};\n signatureProperties.signatureType = enums.signature.certGeneric;\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128,\n enums.symmetric.aes192\n ], config.preferredSymmetricAlgorithm);\n if (config.aeadProtect) {\n signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.zlib,\n enums.compression.zip,\n enums.compression.uncompressed\n ], config.preferredCompressionAlgorithm);\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.aead;\n }\n if (config.v5Keys) {\n signatureProperties.features[0] |= enums.features.v5Keys;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return createKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No secret key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport KeyID from './type/keyid';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config);\n\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || !util.isString(algorithmName)) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config); // TODO: Pass userID from somewhere.\n if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n // do not check key expiration to allow decryption of old messages\n const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {\n return;\n }\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config);\n const algorithmName = enums.read(enums.symmetric, algo);\n const aeadAlgorithmName = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?\n enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :\n undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) {\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(algo);\n return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n let symEncryptedPacket;\n if (aeadAlgorithmName) {\n symEncryptedPacket = new AEADEncryptedDataPacket();\n symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName);\n } else {\n symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket();\n }\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const algorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();\n pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();\n pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;\n pkESKeyPacket.sessionKey = sessionKey;\n pkESKeyPacket.sessionKeyAlgorithm = algorithm;\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n let i;\n let existingSigPacketlist;\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n if (signature) {\n existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n for (i = existingSigPacketlist.length - 1; i >= 0; i--) {\n const signaturePacket = existingSigPacketlist[i];\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n if (!signingKeys.length && i === 0) {\n onePassSig.flags = 1;\n }\n packetlist.push(onePassSig);\n }\n }\n\n await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];\n const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.signatureType = signatureType;\n onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);\n onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;\n onePassSig.issuerKeyID = signingKey.getKeyID();\n if (i === signingKeys.length - 1) {\n onePassSig.flags = 1;\n }\n return onePassSig;\n })).then(onePassSignatureList => {\n onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig));\n });\n\n packetlist.push(literalDataPacket);\n packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config)));\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n return armor(enums.armor.message, this.write(), null, null, null, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const userID = userIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);\n return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n let input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (streamType) {\n await stream.loadStreamsPonyfill();\n input = stream.toStream(input);\n }\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} privateKeys - private keys with decrypted secret key data for signing\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n let hashes = this.signature.packets.map(function(packet) {\n return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();\n });\n hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });\n const body = {\n hash: hashes.join(),\n text: this.text,\n data: this.signature.packets.write()\n };\n return armor(enums.armor.signed, body, undefined, undefined, undefined, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n let oneHeader = null;\n let hashAlgos = [];\n headers.forEach(function(header) {\n oneHeader = header.match(/^Hash: (.+)$/); // get header value\n if (oneHeader) {\n oneHeader = oneHeader[1].replace(/\\s/g, ''); // remove whitespace\n oneHeader = oneHeader.split(',');\n oneHeader = oneHeader.map(function(hash) {\n hash = hash.toLowerCase();\n try {\n return enums.write(enums.hash, hash);\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hash);\n }\n });\n hashAlgos = hashAlgos.concat(oneHeader);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {\n throw new Error('If no \"Hash\" header in cleartext signed message, then only MD5 signatures allowed');\n } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:\n * curve25519 (default), p256, p384, p521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key generation');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0) {\n throw new Error('UserIDs are required for key reformat');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n const streaming = message.fromStream;\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return convertStream(data, streaming, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary');\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data, message.fromStream, format);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type\n * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data, streaming, encoding = 'utf8') {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n if (streaming === 'node') {\n data = stream.webToNode(data);\n if (encoding !== 'binary') data.setEncoding(encoding);\n return data;\n }\n if (streaming === 'web' && streamType === 'ponyfill') {\n return stream.toNativeReadable(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","/**\n * web-streams-polyfill v3.0.3\n */\n/// \nconst SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ?\n Symbol :\n description => `Symbol(${description})`;\n\n/// \nfunction noop() {\n return undefined;\n}\nfunction getGlobals() {\n if (typeof self !== 'undefined') {\n return self;\n }\n else if (typeof window !== 'undefined') {\n return window;\n }\n else if (typeof global !== 'undefined') {\n return global;\n }\n return undefined;\n}\nconst globals = getGlobals();\n\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nconst rethrowAssertionErrorRejection = noop;\n\nconst originalPromise = Promise;\nconst originalPromiseThen = Promise.prototype.then;\nconst originalPromiseResolve = Promise.resolve.bind(originalPromise);\nconst originalPromiseReject = Promise.reject.bind(originalPromise);\nfunction newPromise(executor) {\n return new originalPromise(executor);\n}\nfunction promiseResolvedWith(value) {\n return originalPromiseResolve(value);\n}\nfunction promiseRejectedWith(reason) {\n return originalPromiseReject(reason);\n}\nfunction PerformPromiseThen(promise, onFulfilled, onRejected) {\n // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an\n // approximation.\n return originalPromiseThen.call(promise, onFulfilled, onRejected);\n}\nfunction uponPromise(promise, onFulfilled, onRejected) {\n PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection);\n}\nfunction uponFulfillment(promise, onFulfilled) {\n uponPromise(promise, onFulfilled);\n}\nfunction uponRejection(promise, onRejected) {\n uponPromise(promise, undefined, onRejected);\n}\nfunction transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) {\n return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler);\n}\nfunction setPromiseIsHandledToTrue(promise) {\n PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection);\n}\nconst queueMicrotask = (() => {\n const globalQueueMicrotask = globals && globals.queueMicrotask;\n if (typeof globalQueueMicrotask === 'function') {\n return globalQueueMicrotask;\n }\n const resolvedPromise = promiseResolvedWith(undefined);\n return (fn) => PerformPromiseThen(resolvedPromise, fn);\n})();\nfunction reflectCall(F, V, args) {\n if (typeof F !== 'function') {\n throw new TypeError('Argument is not a function');\n }\n return Function.prototype.apply.call(F, V, args);\n}\nfunction promiseCall(F, V, args) {\n try {\n return promiseResolvedWith(reflectCall(F, V, args));\n }\n catch (value) {\n return promiseRejectedWith(value);\n }\n}\n\n// Original from Chromium\n// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js\nconst QUEUE_MAX_ARRAY_SIZE = 16384;\n/**\n * Simple queue structure.\n *\n * Avoids scalability issues with using a packed array directly by using\n * multiple arrays in a linked list and keeping the array size bounded.\n */\nclass SimpleQueue {\n constructor() {\n this._cursor = 0;\n this._size = 0;\n // _front and _back are always defined.\n this._front = {\n _elements: [],\n _next: undefined\n };\n this._back = this._front;\n // The cursor is used to avoid calling Array.shift().\n // It contains the index of the front element of the array inside the\n // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE).\n this._cursor = 0;\n // When there is only one node, size === elements.length - cursor.\n this._size = 0;\n }\n get length() {\n return this._size;\n }\n // For exception safety, this method is structured in order:\n // 1. Read state\n // 2. Calculate required state mutations\n // 3. Perform state mutations\n push(element) {\n const oldBack = this._back;\n let newBack = oldBack;\n if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) {\n newBack = {\n _elements: [],\n _next: undefined\n };\n }\n // push() is the mutation most likely to throw an exception, so it\n // goes first.\n oldBack._elements.push(element);\n if (newBack !== oldBack) {\n this._back = newBack;\n oldBack._next = newBack;\n }\n ++this._size;\n }\n // Like push(), shift() follows the read -> calculate -> mutate pattern for\n // exception safety.\n shift() { // must not be called on an empty queue\n const oldFront = this._front;\n let newFront = oldFront;\n const oldCursor = this._cursor;\n let newCursor = oldCursor + 1;\n const elements = oldFront._elements;\n const element = elements[oldCursor];\n if (newCursor === QUEUE_MAX_ARRAY_SIZE) {\n newFront = oldFront._next;\n newCursor = 0;\n }\n // No mutations before this point.\n --this._size;\n this._cursor = newCursor;\n if (oldFront !== newFront) {\n this._front = newFront;\n }\n // Permit shifted element to be garbage collected.\n elements[oldCursor] = undefined;\n return element;\n }\n // The tricky thing about forEach() is that it can be called\n // re-entrantly. The queue may be mutated inside the callback. It is easy to\n // see that push() within the callback has no negative effects since the end\n // of the queue is checked for on every iteration. If shift() is called\n // repeatedly within the callback then the next iteration may return an\n // element that has been removed. In this case the callback will be called\n // with undefined values until we either \"catch up\" with elements that still\n // exist or reach the back of the queue.\n forEach(callback) {\n let i = this._cursor;\n let node = this._front;\n let elements = node._elements;\n while (i !== elements.length || node._next !== undefined) {\n if (i === elements.length) {\n node = node._next;\n elements = node._elements;\n i = 0;\n if (elements.length === 0) {\n break;\n }\n }\n callback(elements[i]);\n ++i;\n }\n }\n // Return the element that would be returned if shift() was called now,\n // without modifying the queue.\n peek() { // must not be called on an empty queue\n const front = this._front;\n const cursor = this._cursor;\n return front._elements[cursor];\n }\n}\n\nfunction ReadableStreamReaderGenericInitialize(reader, stream) {\n reader._ownerReadableStream = stream;\n stream._reader = reader;\n if (stream._state === 'readable') {\n defaultReaderClosedPromiseInitialize(reader);\n }\n else if (stream._state === 'closed') {\n defaultReaderClosedPromiseInitializeAsResolved(reader);\n }\n else {\n defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError);\n }\n}\n// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state\n// check.\nfunction ReadableStreamReaderGenericCancel(reader, reason) {\n const stream = reader._ownerReadableStream;\n return ReadableStreamCancel(stream, reason);\n}\nfunction ReadableStreamReaderGenericRelease(reader) {\n if (reader._ownerReadableStream._state === 'readable') {\n defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n else {\n defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`));\n }\n reader._ownerReadableStream._reader = undefined;\n reader._ownerReadableStream = undefined;\n}\n// Helper functions for the readers.\nfunction readerLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released reader');\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderClosedPromiseInitialize(reader) {\n reader._closedPromise = newPromise((resolve, reject) => {\n reader._closedPromise_resolve = resolve;\n reader._closedPromise_reject = reject;\n });\n}\nfunction defaultReaderClosedPromiseInitializeAsRejected(reader, reason) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseReject(reader, reason);\n}\nfunction defaultReaderClosedPromiseInitializeAsResolved(reader) {\n defaultReaderClosedPromiseInitialize(reader);\n defaultReaderClosedPromiseResolve(reader);\n}\nfunction defaultReaderClosedPromiseReject(reader, reason) {\n if (reader._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(reader._closedPromise);\n reader._closedPromise_reject(reason);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\nfunction defaultReaderClosedPromiseResetToRejected(reader, reason) {\n defaultReaderClosedPromiseInitializeAsRejected(reader, reason);\n}\nfunction defaultReaderClosedPromiseResolve(reader) {\n if (reader._closedPromise_resolve === undefined) {\n return;\n }\n reader._closedPromise_resolve(undefined);\n reader._closedPromise_resolve = undefined;\n reader._closedPromise_reject = undefined;\n}\n\nconst AbortSteps = SymbolPolyfill('[[AbortSteps]]');\nconst ErrorSteps = SymbolPolyfill('[[ErrorSteps]]');\nconst CancelSteps = SymbolPolyfill('[[CancelSteps]]');\nconst PullSteps = SymbolPolyfill('[[PullSteps]]');\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill\nconst NumberIsFinite = Number.isFinite || function (x) {\n return typeof x === 'number' && isFinite(x);\n};\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill\nconst MathTrunc = Math.trunc || function (v) {\n return v < 0 ? Math.ceil(v) : Math.floor(v);\n};\n\n// https://heycam.github.io/webidl/#idl-dictionaries\nfunction isDictionary(x) {\n return typeof x === 'object' || typeof x === 'function';\n}\nfunction assertDictionary(obj, context) {\n if (obj !== undefined && !isDictionary(obj)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-callback-functions\nfunction assertFunction(x, context) {\n if (typeof x !== 'function') {\n throw new TypeError(`${context} is not a function.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-object\nfunction isObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\nfunction assertObject(x, context) {\n if (!isObject(x)) {\n throw new TypeError(`${context} is not an object.`);\n }\n}\nfunction assertRequiredArgument(x, position, context) {\n if (x === undefined) {\n throw new TypeError(`Parameter ${position} is required in '${context}'.`);\n }\n}\nfunction assertRequiredField(x, field, context) {\n if (x === undefined) {\n throw new TypeError(`${field} is required in '${context}'.`);\n }\n}\n// https://heycam.github.io/webidl/#idl-unrestricted-double\nfunction convertUnrestrictedDouble(value) {\n return Number(value);\n}\nfunction censorNegativeZero(x) {\n return x === 0 ? 0 : x;\n}\nfunction integerPart(x) {\n return censorNegativeZero(MathTrunc(x));\n}\n// https://heycam.github.io/webidl/#idl-unsigned-long-long\nfunction convertUnsignedLongLongWithEnforceRange(value, context) {\n const lowerBound = 0;\n const upperBound = Number.MAX_SAFE_INTEGER;\n let x = Number(value);\n x = censorNegativeZero(x);\n if (!NumberIsFinite(x)) {\n throw new TypeError(`${context} is not a finite number`);\n }\n x = integerPart(x);\n if (x < lowerBound || x > upperBound) {\n throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`);\n }\n if (!NumberIsFinite(x) || x === 0) {\n return 0;\n }\n // TODO Use BigInt if supported?\n // let xBigInt = BigInt(integerPart(x));\n // xBigInt = BigInt.asUintN(64, xBigInt);\n // return Number(xBigInt);\n return x;\n}\n\nfunction assertReadableStream(x, context) {\n if (!IsReadableStream(x)) {\n throw new TypeError(`${context} is not a ReadableStream.`);\n }\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamDefaultReader(stream) {\n return new ReadableStreamDefaultReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadRequest(stream, readRequest) {\n stream._reader._readRequests.push(readRequest);\n}\nfunction ReadableStreamFulfillReadRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readRequest = reader._readRequests.shift();\n if (done) {\n readRequest._closeSteps();\n }\n else {\n readRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadRequests(stream) {\n return stream._reader._readRequests.length;\n}\nfunction ReadableStreamHasDefaultReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamDefaultReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A default reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamDefaultReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed,\n * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Returns a promise that allows access to the next chunk from the stream's internal queue, if available.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read() {\n if (!IsReadableStreamDefaultReader(this)) {\n return promiseRejectedWith(defaultReaderBrandCheckException('read'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: () => resolvePromise({ value: undefined, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamDefaultReaderRead(this, readRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamDefaultReader(this)) {\n throw defaultReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamDefaultReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamDefaultReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultReaderRead(reader, readRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'closed') {\n readRequest._closeSteps();\n }\n else if (stream._state === 'errored') {\n readRequest._errorSteps(stream._storedError);\n }\n else {\n stream._readableStreamController[PullSteps](readRequest);\n }\n}\n// Helper functions for the ReadableStreamDefaultReader.\nfunction defaultReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`);\n}\n\n/// \nlet AsyncIteratorPrototype;\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n // We're running inside a ES2018+ environment, but we're compiling to an older syntax.\n // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it.\n AsyncIteratorPrototype = {\n // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( )\n // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator\n [SymbolPolyfill.asyncIterator]() {\n return this;\n }\n };\n Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false });\n}\n\n/// \nclass ReadableStreamAsyncIteratorImpl {\n constructor(reader, preventCancel) {\n this._ongoingPromise = undefined;\n this._isFinished = false;\n this._reader = reader;\n this._preventCancel = preventCancel;\n }\n next() {\n const nextSteps = () => this._nextSteps();\n this._ongoingPromise = this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) :\n nextSteps();\n return this._ongoingPromise;\n }\n return(value) {\n const returnSteps = () => this._returnSteps(value);\n return this._ongoingPromise ?\n transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) :\n returnSteps();\n }\n _nextSteps() {\n if (this._isFinished) {\n return Promise.resolve({ value: undefined, done: true });\n }\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('iterate'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readRequest = {\n _chunkSteps: chunk => {\n this._ongoingPromise = undefined;\n // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test.\n // FIXME Is this a bug in the specification, or in the test?\n queueMicrotask(() => resolvePromise({ value: chunk, done: false }));\n },\n _closeSteps: () => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n resolvePromise({ value: undefined, done: true });\n },\n _errorSteps: reason => {\n this._ongoingPromise = undefined;\n this._isFinished = true;\n ReadableStreamReaderGenericRelease(reader);\n rejectPromise(reason);\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promise;\n }\n _returnSteps(value) {\n if (this._isFinished) {\n return Promise.resolve({ value, done: true });\n }\n this._isFinished = true;\n const reader = this._reader;\n if (reader._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('finish iterating'));\n }\n if (!this._preventCancel) {\n const result = ReadableStreamReaderGenericCancel(reader, value);\n ReadableStreamReaderGenericRelease(reader);\n return transformPromiseWith(result, () => ({ value, done: true }));\n }\n ReadableStreamReaderGenericRelease(reader);\n return promiseResolvedWith({ value, done: true });\n }\n}\nconst ReadableStreamAsyncIteratorPrototype = {\n next() {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next'));\n }\n return this._asyncIteratorImpl.next();\n },\n return(value) {\n if (!IsReadableStreamAsyncIterator(this)) {\n return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return'));\n }\n return this._asyncIteratorImpl.return(value);\n }\n};\nif (AsyncIteratorPrototype !== undefined) {\n Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype);\n}\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamAsyncIterator(stream, preventCancel) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel);\n const iterator = Object.create(ReadableStreamAsyncIteratorPrototype);\n iterator._asyncIteratorImpl = impl;\n return iterator;\n}\nfunction IsReadableStreamAsyncIterator(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) {\n return false;\n }\n return true;\n}\n// Helper functions for the ReadableStream.\nfunction streamAsyncIteratorBrandCheckException(name) {\n return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`);\n}\n\n/// \n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill\nconst NumberIsNaN = Number.isNaN || function (x) {\n // eslint-disable-next-line no-self-compare\n return x !== x;\n};\n\nfunction IsFiniteNonNegativeNumber(v) {\n if (!IsNonNegativeNumber(v)) {\n return false;\n }\n if (v === Infinity) {\n return false;\n }\n return true;\n}\nfunction IsNonNegativeNumber(v) {\n if (typeof v !== 'number') {\n return false;\n }\n if (NumberIsNaN(v)) {\n return false;\n }\n if (v < 0) {\n return false;\n }\n return true;\n}\n\nfunction DequeueValue(container) {\n const pair = container._queue.shift();\n container._queueTotalSize -= pair.size;\n if (container._queueTotalSize < 0) {\n container._queueTotalSize = 0;\n }\n return pair.value;\n}\nfunction EnqueueValueWithSize(container, value, size) {\n size = Number(size);\n if (!IsFiniteNonNegativeNumber(size)) {\n throw new RangeError('Size must be a finite, non-NaN, non-negative number.');\n }\n container._queue.push({ value, size });\n container._queueTotalSize += size;\n}\nfunction PeekQueueValue(container) {\n const pair = container._queue.peek();\n return pair.value;\n}\nfunction ResetQueue(container) {\n container._queue = new SimpleQueue();\n container._queueTotalSize = 0;\n}\n\nfunction CreateArrayFromList(elements) {\n // We use arrays to represent lists, so this is basically a no-op.\n // Do a slice though just in case we happen to depend on the unique-ness.\n return elements.slice();\n}\nfunction CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) {\n new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset);\n}\n// Not implemented correctly\nfunction TransferArrayBuffer(O) {\n return O;\n}\n// Not implemented correctly\nfunction IsDetachedBuffer(O) {\n return false;\n}\n\n/**\n * A pull-into request in a {@link ReadableByteStreamController}.\n *\n * @public\n */\nclass ReadableStreamBYOBRequest {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the view for writing in to, or `null` if the BYOB request has already been responded to.\n */\n get view() {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('view');\n }\n return this._view;\n }\n respond(bytesWritten) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respond');\n }\n assertRequiredArgument(bytesWritten, 1, 'respond');\n bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter');\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n if (IsDetachedBuffer(this._view.buffer)) ;\n ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten);\n }\n respondWithNewView(view) {\n if (!IsReadableStreamBYOBRequest(this)) {\n throw byobRequestBrandCheckException('respondWithNewView');\n }\n assertRequiredArgument(view, 1, 'respondWithNewView');\n if (!ArrayBuffer.isView(view)) {\n throw new TypeError('You can only respond with array buffer views');\n }\n if (view.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (view.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._associatedReadableByteStreamController === undefined) {\n throw new TypeError('This BYOB request has been invalidated');\n }\n ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view);\n }\n}\nObject.defineProperties(ReadableStreamBYOBRequest.prototype, {\n respond: { enumerable: true },\n respondWithNewView: { enumerable: true },\n view: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBRequest',\n configurable: true\n });\n}\n/**\n * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableByteStreamController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the current BYOB pull request, or `null` if there isn't one.\n */\n get byobRequest() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('byobRequest');\n }\n if (this._byobRequest === null && this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled);\n const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype);\n SetUpReadableStreamBYOBRequest(byobRequest, this, view);\n this._byobRequest = byobRequest;\n }\n return this._byobRequest;\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('desiredSize');\n }\n return ReadableByteStreamControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('close');\n }\n if (this._closeRequested) {\n throw new TypeError('The stream has already been closed; do not close it again!');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`);\n }\n ReadableByteStreamControllerClose(this);\n }\n enqueue(chunk) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('enqueue');\n }\n assertRequiredArgument(chunk, 1, 'enqueue');\n if (!ArrayBuffer.isView(chunk)) {\n throw new TypeError('chunk must be an array buffer view');\n }\n if (chunk.byteLength === 0) {\n throw new TypeError('chunk must have non-zero byteLength');\n }\n if (chunk.buffer.byteLength === 0) {\n throw new TypeError(`chunk's buffer must have non-zero byteLength`);\n }\n if (this._closeRequested) {\n throw new TypeError('stream is closed or draining');\n }\n const state = this._controlledReadableByteStream._state;\n if (state !== 'readable') {\n throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`);\n }\n ReadableByteStreamControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableByteStreamController(this)) {\n throw byteStreamControllerBrandCheckException('error');\n }\n ReadableByteStreamControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n if (this._pendingPullIntos.length > 0) {\n const firstDescriptor = this._pendingPullIntos.peek();\n firstDescriptor.bytesFilled = 0;\n }\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableByteStreamControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableByteStream;\n if (this._queueTotalSize > 0) {\n const entry = this._queue.shift();\n this._queueTotalSize -= entry.byteLength;\n ReadableByteStreamControllerHandleQueueDrain(this);\n const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength);\n readRequest._chunkSteps(view);\n return;\n }\n const autoAllocateChunkSize = this._autoAllocateChunkSize;\n if (autoAllocateChunkSize !== undefined) {\n let buffer;\n try {\n buffer = new ArrayBuffer(autoAllocateChunkSize);\n }\n catch (bufferE) {\n readRequest._errorSteps(bufferE);\n return;\n }\n const pullIntoDescriptor = {\n buffer,\n byteOffset: 0,\n byteLength: autoAllocateChunkSize,\n bytesFilled: 0,\n elementSize: 1,\n viewConstructor: Uint8Array,\n readerType: 'default'\n };\n this._pendingPullIntos.push(pullIntoDescriptor);\n }\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableByteStreamControllerCallPullIfNeeded(this);\n }\n}\nObject.defineProperties(ReadableByteStreamController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n byobRequest: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableByteStreamController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableByteStreamController.\nfunction IsReadableByteStreamController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamBYOBRequest(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) {\n return false;\n }\n return true;\n}\nfunction ReadableByteStreamControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableByteStreamControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n // TODO: Test controller argument\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableByteStreamControllerError(controller, e);\n });\n}\nfunction ReadableByteStreamControllerClearPendingPullIntos(controller) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n controller._pendingPullIntos = new SimpleQueue();\n}\nfunction ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) {\n let done = false;\n if (stream._state === 'closed') {\n done = true;\n }\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n if (pullIntoDescriptor.readerType === 'default') {\n ReadableStreamFulfillReadRequest(stream, filledView, done);\n }\n else {\n ReadableStreamFulfillReadIntoRequest(stream, filledView, done);\n }\n}\nfunction ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) {\n const bytesFilled = pullIntoDescriptor.bytesFilled;\n const elementSize = pullIntoDescriptor.elementSize;\n return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize);\n}\nfunction ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) {\n controller._queue.push({ buffer, byteOffset, byteLength });\n controller._queueTotalSize += byteLength;\n}\nfunction ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) {\n const elementSize = pullIntoDescriptor.elementSize;\n const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize;\n const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled);\n const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy;\n const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize;\n let totalBytesToCopyRemaining = maxBytesToCopy;\n let ready = false;\n if (maxAlignedBytes > currentAlignedBytes) {\n totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled;\n ready = true;\n }\n const queue = controller._queue;\n while (totalBytesToCopyRemaining > 0) {\n const headOfQueue = queue.peek();\n const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength);\n const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy);\n if (headOfQueue.byteLength === bytesToCopy) {\n queue.shift();\n }\n else {\n headOfQueue.byteOffset += bytesToCopy;\n headOfQueue.byteLength -= bytesToCopy;\n }\n controller._queueTotalSize -= bytesToCopy;\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor);\n totalBytesToCopyRemaining -= bytesToCopy;\n }\n return ready;\n}\nfunction ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) {\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n pullIntoDescriptor.bytesFilled += size;\n}\nfunction ReadableByteStreamControllerHandleQueueDrain(controller) {\n if (controller._queueTotalSize === 0 && controller._closeRequested) {\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(controller._controlledReadableByteStream);\n }\n else {\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }\n}\nfunction ReadableByteStreamControllerInvalidateBYOBRequest(controller) {\n if (controller._byobRequest === null) {\n return;\n }\n controller._byobRequest._associatedReadableByteStreamController = undefined;\n controller._byobRequest._view = null;\n controller._byobRequest = null;\n}\nfunction ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) {\n while (controller._pendingPullIntos.length > 0) {\n if (controller._queueTotalSize === 0) {\n return;\n }\n const pullIntoDescriptor = controller._pendingPullIntos.peek();\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) {\n const stream = controller._controlledReadableByteStream;\n let elementSize = 1;\n if (view.constructor !== DataView) {\n elementSize = view.constructor.BYTES_PER_ELEMENT;\n }\n const ctor = view.constructor;\n const buffer = TransferArrayBuffer(view.buffer);\n const pullIntoDescriptor = {\n buffer,\n byteOffset: view.byteOffset,\n byteLength: view.byteLength,\n bytesFilled: 0,\n elementSize,\n viewConstructor: ctor,\n readerType: 'byob'\n };\n if (controller._pendingPullIntos.length > 0) {\n controller._pendingPullIntos.push(pullIntoDescriptor);\n // No ReadableByteStreamControllerCallPullIfNeeded() call since:\n // - No change happens on desiredSize\n // - The source has already been notified of that there's at least 1 pending read(view)\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n return;\n }\n if (stream._state === 'closed') {\n const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0);\n readIntoRequest._closeSteps(emptyView);\n return;\n }\n if (controller._queueTotalSize > 0) {\n if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) {\n const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor);\n ReadableByteStreamControllerHandleQueueDrain(controller);\n readIntoRequest._chunkSteps(filledView);\n return;\n }\n if (controller._closeRequested) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n readIntoRequest._errorSteps(e);\n return;\n }\n }\n controller._pendingPullIntos.push(pullIntoDescriptor);\n ReadableStreamAddReadIntoRequest(stream, readIntoRequest);\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) {\n firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer);\n const stream = controller._controlledReadableByteStream;\n if (ReadableStreamHasBYOBReader(stream)) {\n while (ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller);\n ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor);\n }\n }\n}\nfunction ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) {\n if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) {\n throw new RangeError('bytesWritten out of range');\n }\n ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor);\n if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) {\n // TODO: Figure out whether we should detach the buffer or not here.\n return;\n }\n ReadableByteStreamControllerShiftPendingPullInto(controller);\n const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize;\n if (remainderSize > 0) {\n const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled;\n const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end);\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength);\n }\n pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer);\n pullIntoDescriptor.bytesFilled -= remainderSize;\n ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n}\nfunction ReadableByteStreamControllerRespondInternal(controller, bytesWritten) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n const state = controller._controlledReadableByteStream._state;\n if (state === 'closed') {\n if (bytesWritten !== 0) {\n throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream');\n }\n ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor);\n }\n else {\n ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerShiftPendingPullInto(controller) {\n const descriptor = controller._pendingPullIntos.shift();\n ReadableByteStreamControllerInvalidateBYOBRequest(controller);\n return descriptor;\n}\nfunction ReadableByteStreamControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return false;\n }\n if (controller._closeRequested) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableByteStreamControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n}\n// A client of ReadableByteStreamController may use these functions directly to bypass state check.\nfunction ReadableByteStreamControllerClose(controller) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n if (controller._queueTotalSize > 0) {\n controller._closeRequested = true;\n return;\n }\n if (controller._pendingPullIntos.length > 0) {\n const firstPendingPullInto = controller._pendingPullIntos.peek();\n if (firstPendingPullInto.bytesFilled > 0) {\n const e = new TypeError('Insufficient bytes to fill elements in the given buffer');\n ReadableByteStreamControllerError(controller, e);\n throw e;\n }\n }\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n}\nfunction ReadableByteStreamControllerEnqueue(controller, chunk) {\n const stream = controller._controlledReadableByteStream;\n if (controller._closeRequested || stream._state !== 'readable') {\n return;\n }\n const buffer = chunk.buffer;\n const byteOffset = chunk.byteOffset;\n const byteLength = chunk.byteLength;\n const transferredBuffer = TransferArrayBuffer(buffer);\n if (ReadableStreamHasDefaultReader(stream)) {\n if (ReadableStreamGetNumReadRequests(stream) === 0) {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n else {\n const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength);\n ReadableStreamFulfillReadRequest(stream, transferredView, false);\n }\n }\n else if (ReadableStreamHasBYOBReader(stream)) {\n // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully.\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller);\n }\n else {\n ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength);\n }\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n}\nfunction ReadableByteStreamControllerError(controller, e) {\n const stream = controller._controlledReadableByteStream;\n if (stream._state !== 'readable') {\n return;\n }\n ReadableByteStreamControllerClearPendingPullIntos(controller);\n ResetQueue(controller);\n ReadableByteStreamControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableByteStreamControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableByteStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction ReadableByteStreamControllerRespond(controller, bytesWritten) {\n bytesWritten = Number(bytesWritten);\n if (!IsFiniteNonNegativeNumber(bytesWritten)) {\n throw new RangeError('bytesWritten must be a finite');\n }\n ReadableByteStreamControllerRespondInternal(controller, bytesWritten);\n}\nfunction ReadableByteStreamControllerRespondWithNewView(controller, view) {\n const firstDescriptor = controller._pendingPullIntos.peek();\n if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) {\n throw new RangeError('The region specified by view does not match byobRequest');\n }\n if (firstDescriptor.byteLength !== view.byteLength) {\n throw new RangeError('The buffer of view has different capacity than byobRequest');\n }\n firstDescriptor.buffer = view.buffer;\n ReadableByteStreamControllerRespondInternal(controller, view.byteLength);\n}\nfunction SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) {\n controller._controlledReadableByteStream = stream;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._byobRequest = null;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._closeRequested = false;\n controller._started = false;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n controller._autoAllocateChunkSize = autoAllocateChunkSize;\n controller._pendingPullIntos = new SimpleQueue();\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableByteStreamControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableByteStreamControllerError(controller, r);\n });\n}\nfunction SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) {\n const controller = Object.create(ReadableByteStreamController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingByteSource.start !== undefined) {\n startAlgorithm = () => underlyingByteSource.start(controller);\n }\n if (underlyingByteSource.pull !== undefined) {\n pullAlgorithm = () => underlyingByteSource.pull(controller);\n }\n if (underlyingByteSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingByteSource.cancel(reason);\n }\n const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize;\n if (autoAllocateChunkSize === 0) {\n throw new TypeError('autoAllocateChunkSize must be greater than 0');\n }\n SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize);\n}\nfunction SetUpReadableStreamBYOBRequest(request, controller, view) {\n request._associatedReadableByteStreamController = controller;\n request._view = view;\n}\n// Helper functions for the ReadableStreamBYOBRequest.\nfunction byobRequestBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`);\n}\n// Helper functions for the ReadableByteStreamController.\nfunction byteStreamControllerBrandCheckException(name) {\n return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`);\n}\n\n// Abstract operations for the ReadableStream.\nfunction AcquireReadableStreamBYOBReader(stream) {\n return new ReadableStreamBYOBReader(stream);\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamAddReadIntoRequest(stream, readIntoRequest) {\n stream._reader._readIntoRequests.push(readIntoRequest);\n}\nfunction ReadableStreamFulfillReadIntoRequest(stream, chunk, done) {\n const reader = stream._reader;\n const readIntoRequest = reader._readIntoRequests.shift();\n if (done) {\n readIntoRequest._closeSteps(chunk);\n }\n else {\n readIntoRequest._chunkSteps(chunk);\n }\n}\nfunction ReadableStreamGetNumReadIntoRequests(stream) {\n return stream._reader._readIntoRequests.length;\n}\nfunction ReadableStreamHasBYOBReader(stream) {\n const reader = stream._reader;\n if (reader === undefined) {\n return false;\n }\n if (!IsReadableStreamBYOBReader(reader)) {\n return false;\n }\n return true;\n}\n/**\n * A BYOB reader vended by a {@link ReadableStream}.\n *\n * @public\n */\nclass ReadableStreamBYOBReader {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader');\n assertReadableStream(stream, 'First parameter');\n if (IsReadableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive reading by another reader');\n }\n if (!IsReadableByteStreamController(stream._readableStreamController)) {\n throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' +\n 'source');\n }\n ReadableStreamReaderGenericInitialize(this, stream);\n this._readIntoRequests = new SimpleQueue();\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the reader's lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}.\n */\n cancel(reason = undefined) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('cancel'));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('cancel'));\n }\n return ReadableStreamReaderGenericCancel(this, reason);\n }\n /**\n * Attempts to reads bytes into view, and returns a promise resolved with the result.\n *\n * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source.\n */\n read(view) {\n if (!IsReadableStreamBYOBReader(this)) {\n return promiseRejectedWith(byobReaderBrandCheckException('read'));\n }\n if (!ArrayBuffer.isView(view)) {\n return promiseRejectedWith(new TypeError('view must be an array buffer view'));\n }\n if (view.byteLength === 0) {\n return promiseRejectedWith(new TypeError('view must have non-zero byteLength'));\n }\n if (view.buffer.byteLength === 0) {\n return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`));\n }\n if (this._ownerReadableStream === undefined) {\n return promiseRejectedWith(readerLockException('read from'));\n }\n let resolvePromise;\n let rejectPromise;\n const promise = newPromise((resolve, reject) => {\n resolvePromise = resolve;\n rejectPromise = reject;\n });\n const readIntoRequest = {\n _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }),\n _closeSteps: chunk => resolvePromise({ value: chunk, done: true }),\n _errorSteps: e => rejectPromise(e)\n };\n ReadableStreamBYOBReaderRead(this, view, readIntoRequest);\n return promise;\n }\n /**\n * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active.\n * If the associated stream is errored when the lock is released, the reader will appear errored in the same way\n * from now on; otherwise, the reader will appear closed.\n *\n * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by\n * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to\n * do so will throw a `TypeError` and leave the reader locked to the stream.\n */\n releaseLock() {\n if (!IsReadableStreamBYOBReader(this)) {\n throw byobReaderBrandCheckException('releaseLock');\n }\n if (this._ownerReadableStream === undefined) {\n return;\n }\n if (this._readIntoRequests.length > 0) {\n throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled');\n }\n ReadableStreamReaderGenericRelease(this);\n }\n}\nObject.defineProperties(ReadableStreamBYOBReader.prototype, {\n cancel: { enumerable: true },\n read: { enumerable: true },\n releaseLock: { enumerable: true },\n closed: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamBYOBReader',\n configurable: true\n });\n}\n// Abstract operations for the readers.\nfunction IsReadableStreamBYOBReader(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) {\n const stream = reader._ownerReadableStream;\n stream._disturbed = true;\n if (stream._state === 'errored') {\n readIntoRequest._errorSteps(stream._storedError);\n }\n else {\n ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest);\n }\n}\n// Helper functions for the ReadableStreamBYOBReader.\nfunction byobReaderBrandCheckException(name) {\n return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`);\n}\n\nfunction ExtractHighWaterMark(strategy, defaultHWM) {\n const { highWaterMark } = strategy;\n if (highWaterMark === undefined) {\n return defaultHWM;\n }\n if (NumberIsNaN(highWaterMark) || highWaterMark < 0) {\n throw new RangeError('Invalid highWaterMark');\n }\n return highWaterMark;\n}\nfunction ExtractSizeAlgorithm(strategy) {\n const { size } = strategy;\n if (!size) {\n return () => 1;\n }\n return size;\n}\n\nfunction convertQueuingStrategy(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n const size = init === null || init === void 0 ? void 0 : init.size;\n return {\n highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark),\n size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`)\n };\n}\nfunction convertQueuingStrategySize(fn, context) {\n assertFunction(fn, context);\n return chunk => convertUnrestrictedDouble(fn(chunk));\n}\n\nfunction convertUnderlyingSink(original, context) {\n assertDictionary(original, context);\n const abort = original === null || original === void 0 ? void 0 : original.abort;\n const close = original === null || original === void 0 ? void 0 : original.close;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n const write = original === null || original === void 0 ? void 0 : original.write;\n return {\n abort: abort === undefined ?\n undefined :\n convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`),\n close: close === undefined ?\n undefined :\n convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`),\n write: write === undefined ?\n undefined :\n convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`),\n type\n };\n}\nfunction convertUnderlyingSinkAbortCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSinkCloseCallback(fn, original, context) {\n assertFunction(fn, context);\n return () => promiseCall(fn, original, []);\n}\nfunction convertUnderlyingSinkStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSinkWriteCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\nfunction assertWritableStream(x, context) {\n if (!IsWritableStream(x)) {\n throw new TypeError(`${context} is not a WritableStream.`);\n }\n}\n\n/**\n * A writable stream represents a destination for data, into which you can write.\n *\n * @public\n */\nclass WritableStream {\n constructor(rawUnderlyingSink = {}, rawStrategy = {}) {\n if (rawUnderlyingSink === undefined) {\n rawUnderlyingSink = null;\n }\n else {\n assertObject(rawUnderlyingSink, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter');\n InitializeWritableStream(this);\n const type = underlyingSink.type;\n if (type !== undefined) {\n throw new RangeError('Invalid type is specified');\n }\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm);\n }\n /**\n * Returns whether or not the writable stream is locked to a writer.\n */\n get locked() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('locked');\n }\n return IsWritableStreamLocked(this);\n }\n /**\n * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be\n * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort\n * mechanism of the underlying sink.\n *\n * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled\n * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel\n * the stream) if the stream is currently locked.\n */\n abort(reason = undefined) {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('abort'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer'));\n }\n return WritableStreamAbort(this, reason);\n }\n /**\n * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its\n * close behavior. During this time any further attempts to write will fail (without erroring the stream).\n *\n * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream\n * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with\n * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked.\n */\n close() {\n if (!IsWritableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$2('close'));\n }\n if (IsWritableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer'));\n }\n if (WritableStreamCloseQueuedOrInFlight(this)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamClose(this);\n }\n /**\n * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream\n * is locked, no other writer can be acquired until this one is released.\n *\n * This functionality is especially useful for creating abstractions that desire the ability to write to a stream\n * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at\n * the same time, which would cause the resulting written data to be unpredictable and probably useless.\n */\n getWriter() {\n if (!IsWritableStream(this)) {\n throw streamBrandCheckException$2('getWriter');\n }\n return AcquireWritableStreamDefaultWriter(this);\n }\n}\nObject.defineProperties(WritableStream.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n getWriter: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStream',\n configurable: true\n });\n}\n// Abstract operations for the WritableStream.\nfunction AcquireWritableStreamDefaultWriter(stream) {\n return new WritableStreamDefaultWriter(stream);\n}\n// Throws if and only if startAlgorithm throws.\nfunction CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(WritableStream.prototype);\n InitializeWritableStream(stream);\n const controller = Object.create(WritableStreamDefaultController.prototype);\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeWritableStream(stream) {\n stream._state = 'writable';\n // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is\n // 'erroring' or 'errored'. May be set to an undefined value.\n stream._storedError = undefined;\n stream._writer = undefined;\n // Initialize to undefined first because the constructor of the controller checks this\n // variable to validate the caller.\n stream._writableStreamController = undefined;\n // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data\n // producer without waiting for the queued writes to finish.\n stream._writeRequests = new SimpleQueue();\n // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents\n // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here.\n stream._inFlightWriteRequest = undefined;\n // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer\n // has been detached.\n stream._closeRequest = undefined;\n // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it\n // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here.\n stream._inFlightCloseRequest = undefined;\n // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached.\n stream._pendingAbortRequest = undefined;\n // The backpressure signal set by the controller.\n stream._backpressure = false;\n}\nfunction IsWritableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsWritableStreamLocked(stream) {\n if (stream._writer === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamAbort(stream, reason) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseResolvedWith(undefined);\n }\n if (stream._pendingAbortRequest !== undefined) {\n return stream._pendingAbortRequest._promise;\n }\n let wasAlreadyErroring = false;\n if (state === 'erroring') {\n wasAlreadyErroring = true;\n // reason will not be used, so don't keep a reference to it.\n reason = undefined;\n }\n const promise = newPromise((resolve, reject) => {\n stream._pendingAbortRequest = {\n _promise: undefined,\n _resolve: resolve,\n _reject: reject,\n _reason: reason,\n _wasAlreadyErroring: wasAlreadyErroring\n };\n });\n stream._pendingAbortRequest._promise = promise;\n if (!wasAlreadyErroring) {\n WritableStreamStartErroring(stream, reason);\n }\n return promise;\n}\nfunction WritableStreamClose(stream) {\n const state = stream._state;\n if (state === 'closed' || state === 'errored') {\n return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`));\n }\n const promise = newPromise((resolve, reject) => {\n const closeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._closeRequest = closeRequest;\n });\n const writer = stream._writer;\n if (writer !== undefined && stream._backpressure && state === 'writable') {\n defaultWriterReadyPromiseResolve(writer);\n }\n WritableStreamDefaultControllerClose(stream._writableStreamController);\n return promise;\n}\n// WritableStream API exposed for controllers.\nfunction WritableStreamAddWriteRequest(stream) {\n const promise = newPromise((resolve, reject) => {\n const writeRequest = {\n _resolve: resolve,\n _reject: reject\n };\n stream._writeRequests.push(writeRequest);\n });\n return promise;\n}\nfunction WritableStreamDealWithRejection(stream, error) {\n const state = stream._state;\n if (state === 'writable') {\n WritableStreamStartErroring(stream, error);\n return;\n }\n WritableStreamFinishErroring(stream);\n}\nfunction WritableStreamStartErroring(stream, reason) {\n const controller = stream._writableStreamController;\n stream._state = 'erroring';\n stream._storedError = reason;\n const writer = stream._writer;\n if (writer !== undefined) {\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason);\n }\n if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) {\n WritableStreamFinishErroring(stream);\n }\n}\nfunction WritableStreamFinishErroring(stream) {\n stream._state = 'errored';\n stream._writableStreamController[ErrorSteps]();\n const storedError = stream._storedError;\n stream._writeRequests.forEach(writeRequest => {\n writeRequest._reject(storedError);\n });\n stream._writeRequests = new SimpleQueue();\n if (stream._pendingAbortRequest === undefined) {\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const abortRequest = stream._pendingAbortRequest;\n stream._pendingAbortRequest = undefined;\n if (abortRequest._wasAlreadyErroring) {\n abortRequest._reject(storedError);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n return;\n }\n const promise = stream._writableStreamController[AbortSteps](abortRequest._reason);\n uponPromise(promise, () => {\n abortRequest._resolve();\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n }, (reason) => {\n abortRequest._reject(reason);\n WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream);\n });\n}\nfunction WritableStreamFinishInFlightWrite(stream) {\n stream._inFlightWriteRequest._resolve(undefined);\n stream._inFlightWriteRequest = undefined;\n}\nfunction WritableStreamFinishInFlightWriteWithError(stream, error) {\n stream._inFlightWriteRequest._reject(error);\n stream._inFlightWriteRequest = undefined;\n WritableStreamDealWithRejection(stream, error);\n}\nfunction WritableStreamFinishInFlightClose(stream) {\n stream._inFlightCloseRequest._resolve(undefined);\n stream._inFlightCloseRequest = undefined;\n const state = stream._state;\n if (state === 'erroring') {\n // The error was too late to do anything, so it is ignored.\n stream._storedError = undefined;\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._resolve();\n stream._pendingAbortRequest = undefined;\n }\n }\n stream._state = 'closed';\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseResolve(writer);\n }\n}\nfunction WritableStreamFinishInFlightCloseWithError(stream, error) {\n stream._inFlightCloseRequest._reject(error);\n stream._inFlightCloseRequest = undefined;\n // Never execute sink abort() after sink close().\n if (stream._pendingAbortRequest !== undefined) {\n stream._pendingAbortRequest._reject(error);\n stream._pendingAbortRequest = undefined;\n }\n WritableStreamDealWithRejection(stream, error);\n}\n// TODO(ricea): Fix alphabetical order.\nfunction WritableStreamCloseQueuedOrInFlight(stream) {\n if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamHasOperationMarkedInFlight(stream) {\n if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) {\n return false;\n }\n return true;\n}\nfunction WritableStreamMarkCloseRequestInFlight(stream) {\n stream._inFlightCloseRequest = stream._closeRequest;\n stream._closeRequest = undefined;\n}\nfunction WritableStreamMarkFirstWriteRequestInFlight(stream) {\n stream._inFlightWriteRequest = stream._writeRequests.shift();\n}\nfunction WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) {\n if (stream._closeRequest !== undefined) {\n stream._closeRequest._reject(stream._storedError);\n stream._closeRequest = undefined;\n }\n const writer = stream._writer;\n if (writer !== undefined) {\n defaultWriterClosedPromiseReject(writer, stream._storedError);\n }\n}\nfunction WritableStreamUpdateBackpressure(stream, backpressure) {\n const writer = stream._writer;\n if (writer !== undefined && backpressure !== stream._backpressure) {\n if (backpressure) {\n defaultWriterReadyPromiseReset(writer);\n }\n else {\n defaultWriterReadyPromiseResolve(writer);\n }\n }\n stream._backpressure = backpressure;\n}\n/**\n * A default writer vended by a {@link WritableStream}.\n *\n * @public\n */\nclass WritableStreamDefaultWriter {\n constructor(stream) {\n assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter');\n assertWritableStream(stream, 'First parameter');\n if (IsWritableStreamLocked(stream)) {\n throw new TypeError('This stream has already been locked for exclusive writing by another writer');\n }\n this._ownerWritableStream = stream;\n stream._writer = this;\n const state = stream._state;\n if (state === 'writable') {\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) {\n defaultWriterReadyPromiseInitialize(this);\n }\n else {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n }\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'erroring') {\n defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError);\n defaultWriterClosedPromiseInitialize(this);\n }\n else if (state === 'closed') {\n defaultWriterReadyPromiseInitializeAsResolved(this);\n defaultWriterClosedPromiseInitializeAsResolved(this);\n }\n else {\n const storedError = stream._storedError;\n defaultWriterReadyPromiseInitializeAsRejected(this, storedError);\n defaultWriterClosedPromiseInitializeAsRejected(this, storedError);\n }\n }\n /**\n * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or\n * the writer’s lock is released before the stream finishes closing.\n */\n get closed() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('closed'));\n }\n return this._closedPromise;\n }\n /**\n * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full.\n * A producer can use this information to determine the right amount of data to write.\n *\n * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort\n * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when\n * the writer’s lock is released.\n */\n get desiredSize() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('desiredSize');\n }\n if (this._ownerWritableStream === undefined) {\n throw defaultWriterLockException('desiredSize');\n }\n return WritableStreamDefaultWriterGetDesiredSize(this);\n }\n /**\n * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions\n * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips\n * back to zero or below, the getter will return a new promise that stays pending until the next transition.\n *\n * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become\n * rejected.\n */\n get ready() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('ready'));\n }\n return this._readyPromise;\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}.\n */\n abort(reason = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('abort'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('abort'));\n }\n return WritableStreamDefaultWriterAbort(this, reason);\n }\n /**\n * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}.\n */\n close() {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('close'));\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('close'));\n }\n if (WritableStreamCloseQueuedOrInFlight(stream)) {\n return promiseRejectedWith(new TypeError('Cannot close an already-closing stream'));\n }\n return WritableStreamDefaultWriterClose(this);\n }\n /**\n * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active.\n * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from\n * now on; otherwise, the writer will appear closed.\n *\n * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the\n * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled).\n * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents\n * other producers from writing in an interleaved manner.\n */\n releaseLock() {\n if (!IsWritableStreamDefaultWriter(this)) {\n throw defaultWriterBrandCheckException('releaseLock');\n }\n const stream = this._ownerWritableStream;\n if (stream === undefined) {\n return;\n }\n WritableStreamDefaultWriterRelease(this);\n }\n write(chunk = undefined) {\n if (!IsWritableStreamDefaultWriter(this)) {\n return promiseRejectedWith(defaultWriterBrandCheckException('write'));\n }\n if (this._ownerWritableStream === undefined) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n return WritableStreamDefaultWriterWrite(this, chunk);\n }\n}\nObject.defineProperties(WritableStreamDefaultWriter.prototype, {\n abort: { enumerable: true },\n close: { enumerable: true },\n releaseLock: { enumerable: true },\n write: { enumerable: true },\n closed: { enumerable: true },\n desiredSize: { enumerable: true },\n ready: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultWriter',\n configurable: true\n });\n}\n// Abstract operations for the WritableStreamDefaultWriter.\nfunction IsWritableStreamDefaultWriter(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) {\n return false;\n }\n return true;\n}\n// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check.\nfunction WritableStreamDefaultWriterAbort(writer, reason) {\n const stream = writer._ownerWritableStream;\n return WritableStreamAbort(stream, reason);\n}\nfunction WritableStreamDefaultWriterClose(writer) {\n const stream = writer._ownerWritableStream;\n return WritableStreamClose(stream);\n}\nfunction WritableStreamDefaultWriterCloseWithErrorPropagation(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n return WritableStreamDefaultWriterClose(writer);\n}\nfunction WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) {\n if (writer._closedPromiseState === 'pending') {\n defaultWriterClosedPromiseReject(writer, error);\n }\n else {\n defaultWriterClosedPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) {\n if (writer._readyPromiseState === 'pending') {\n defaultWriterReadyPromiseReject(writer, error);\n }\n else {\n defaultWriterReadyPromiseResetToRejected(writer, error);\n }\n}\nfunction WritableStreamDefaultWriterGetDesiredSize(writer) {\n const stream = writer._ownerWritableStream;\n const state = stream._state;\n if (state === 'errored' || state === 'erroring') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController);\n}\nfunction WritableStreamDefaultWriterRelease(writer) {\n const stream = writer._ownerWritableStream;\n const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`);\n WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError);\n // The state transitions to \"errored\" before the sink abort() method runs, but the writer.closed promise is not\n // rejected until afterwards. This means that simply testing state will not work.\n WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError);\n stream._writer = undefined;\n writer._ownerWritableStream = undefined;\n}\nfunction WritableStreamDefaultWriterWrite(writer, chunk) {\n const stream = writer._ownerWritableStream;\n const controller = stream._writableStreamController;\n const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk);\n if (stream !== writer._ownerWritableStream) {\n return promiseRejectedWith(defaultWriterLockException('write to'));\n }\n const state = stream._state;\n if (state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') {\n return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to'));\n }\n if (state === 'erroring') {\n return promiseRejectedWith(stream._storedError);\n }\n const promise = WritableStreamAddWriteRequest(stream);\n WritableStreamDefaultControllerWrite(controller, chunk, chunkSize);\n return promise;\n}\nconst closeSentinel = {};\n/**\n * Allows control of a {@link WritableStream | writable stream}'s state and internal queue.\n *\n * @public\n */\nclass WritableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`.\n *\n * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying\n * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the\n * normal lifecycle of interactions with the underlying sink.\n */\n error(e = undefined) {\n if (!IsWritableStreamDefaultController(this)) {\n throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController');\n }\n const state = this._controlledWritableStream._state;\n if (state !== 'writable') {\n // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so\n // just treat it as a no-op.\n return;\n }\n WritableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [AbortSteps](reason) {\n const result = this._abortAlgorithm(reason);\n WritableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [ErrorSteps]() {\n ResetQueue(this);\n }\n}\nObject.defineProperties(WritableStreamDefaultController.prototype, {\n error: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'WritableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations implementing interface required by the WritableStream.\nfunction IsWritableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledWritableStream = stream;\n stream._writableStreamController = controller;\n // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly.\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._writeAlgorithm = writeAlgorithm;\n controller._closeAlgorithm = closeAlgorithm;\n controller._abortAlgorithm = abortAlgorithm;\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n const startResult = startAlgorithm();\n const startPromise = promiseResolvedWith(startResult);\n uponPromise(startPromise, () => {\n controller._started = true;\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, r => {\n controller._started = true;\n WritableStreamDealWithRejection(stream, r);\n });\n}\nfunction SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(WritableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let writeAlgorithm = () => promiseResolvedWith(undefined);\n let closeAlgorithm = () => promiseResolvedWith(undefined);\n let abortAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSink.start !== undefined) {\n startAlgorithm = () => underlyingSink.start(controller);\n }\n if (underlyingSink.write !== undefined) {\n writeAlgorithm = chunk => underlyingSink.write(chunk, controller);\n }\n if (underlyingSink.close !== undefined) {\n closeAlgorithm = () => underlyingSink.close();\n }\n if (underlyingSink.abort !== undefined) {\n abortAlgorithm = reason => underlyingSink.abort(reason);\n }\n SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls.\nfunction WritableStreamDefaultControllerClearAlgorithms(controller) {\n controller._writeAlgorithm = undefined;\n controller._closeAlgorithm = undefined;\n controller._abortAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\nfunction WritableStreamDefaultControllerClose(controller) {\n EnqueueValueWithSize(controller, closeSentinel, 0);\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\nfunction WritableStreamDefaultControllerGetChunkSize(controller, chunk) {\n try {\n return controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE);\n return 1;\n }\n}\nfunction WritableStreamDefaultControllerGetDesiredSize(controller) {\n return controller._strategyHWM - controller._queueTotalSize;\n}\nfunction WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) {\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE);\n return;\n }\n const stream = controller._controlledWritableStream;\n if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n}\n// Abstract operations for the WritableStreamDefaultController.\nfunction WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) {\n const stream = controller._controlledWritableStream;\n if (!controller._started) {\n return;\n }\n if (stream._inFlightWriteRequest !== undefined) {\n return;\n }\n const state = stream._state;\n if (state === 'erroring') {\n WritableStreamFinishErroring(stream);\n return;\n }\n if (controller._queue.length === 0) {\n return;\n }\n const value = PeekQueueValue(controller);\n if (value === closeSentinel) {\n WritableStreamDefaultControllerProcessClose(controller);\n }\n else {\n WritableStreamDefaultControllerProcessWrite(controller, value);\n }\n}\nfunction WritableStreamDefaultControllerErrorIfNeeded(controller, error) {\n if (controller._controlledWritableStream._state === 'writable') {\n WritableStreamDefaultControllerError(controller, error);\n }\n}\nfunction WritableStreamDefaultControllerProcessClose(controller) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkCloseRequestInFlight(stream);\n DequeueValue(controller);\n const sinkClosePromise = controller._closeAlgorithm();\n WritableStreamDefaultControllerClearAlgorithms(controller);\n uponPromise(sinkClosePromise, () => {\n WritableStreamFinishInFlightClose(stream);\n }, reason => {\n WritableStreamFinishInFlightCloseWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerProcessWrite(controller, chunk) {\n const stream = controller._controlledWritableStream;\n WritableStreamMarkFirstWriteRequestInFlight(stream);\n const sinkWritePromise = controller._writeAlgorithm(chunk);\n uponPromise(sinkWritePromise, () => {\n WritableStreamFinishInFlightWrite(stream);\n const state = stream._state;\n DequeueValue(controller);\n if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') {\n const backpressure = WritableStreamDefaultControllerGetBackpressure(controller);\n WritableStreamUpdateBackpressure(stream, backpressure);\n }\n WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller);\n }, reason => {\n if (stream._state === 'writable') {\n WritableStreamDefaultControllerClearAlgorithms(controller);\n }\n WritableStreamFinishInFlightWriteWithError(stream, reason);\n });\n}\nfunction WritableStreamDefaultControllerGetBackpressure(controller) {\n const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller);\n return desiredSize <= 0;\n}\n// A client of WritableStreamDefaultController may use these functions directly to bypass state check.\nfunction WritableStreamDefaultControllerError(controller, error) {\n const stream = controller._controlledWritableStream;\n WritableStreamDefaultControllerClearAlgorithms(controller);\n WritableStreamStartErroring(stream, error);\n}\n// Helper functions for the WritableStream.\nfunction streamBrandCheckException$2(name) {\n return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`);\n}\n// Helper functions for the WritableStreamDefaultWriter.\nfunction defaultWriterBrandCheckException(name) {\n return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`);\n}\nfunction defaultWriterLockException(name) {\n return new TypeError('Cannot ' + name + ' a stream using a released writer');\n}\nfunction defaultWriterClosedPromiseInitialize(writer) {\n writer._closedPromise = newPromise((resolve, reject) => {\n writer._closedPromise_resolve = resolve;\n writer._closedPromise_reject = reject;\n writer._closedPromiseState = 'pending';\n });\n}\nfunction defaultWriterClosedPromiseInitializeAsRejected(writer, reason) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseReject(writer, reason);\n}\nfunction defaultWriterClosedPromiseInitializeAsResolved(writer) {\n defaultWriterClosedPromiseInitialize(writer);\n defaultWriterClosedPromiseResolve(writer);\n}\nfunction defaultWriterClosedPromiseReject(writer, reason) {\n if (writer._closedPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._closedPromise);\n writer._closedPromise_reject(reason);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'rejected';\n}\nfunction defaultWriterClosedPromiseResetToRejected(writer, reason) {\n defaultWriterClosedPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterClosedPromiseResolve(writer) {\n if (writer._closedPromise_resolve === undefined) {\n return;\n }\n writer._closedPromise_resolve(undefined);\n writer._closedPromise_resolve = undefined;\n writer._closedPromise_reject = undefined;\n writer._closedPromiseState = 'resolved';\n}\nfunction defaultWriterReadyPromiseInitialize(writer) {\n writer._readyPromise = newPromise((resolve, reject) => {\n writer._readyPromise_resolve = resolve;\n writer._readyPromise_reject = reject;\n });\n writer._readyPromiseState = 'pending';\n}\nfunction defaultWriterReadyPromiseInitializeAsRejected(writer, reason) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseReject(writer, reason);\n}\nfunction defaultWriterReadyPromiseInitializeAsResolved(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n defaultWriterReadyPromiseResolve(writer);\n}\nfunction defaultWriterReadyPromiseReject(writer, reason) {\n if (writer._readyPromise_reject === undefined) {\n return;\n }\n setPromiseIsHandledToTrue(writer._readyPromise);\n writer._readyPromise_reject(reason);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'rejected';\n}\nfunction defaultWriterReadyPromiseReset(writer) {\n defaultWriterReadyPromiseInitialize(writer);\n}\nfunction defaultWriterReadyPromiseResetToRejected(writer, reason) {\n defaultWriterReadyPromiseInitializeAsRejected(writer, reason);\n}\nfunction defaultWriterReadyPromiseResolve(writer) {\n if (writer._readyPromise_resolve === undefined) {\n return;\n }\n writer._readyPromise_resolve(undefined);\n writer._readyPromise_resolve = undefined;\n writer._readyPromise_reject = undefined;\n writer._readyPromiseState = 'fulfilled';\n}\n\nfunction isAbortSignal(value) {\n if (typeof value !== 'object' || value === null) {\n return false;\n }\n try {\n return typeof value.aborted === 'boolean';\n }\n catch (_a) {\n // AbortSignal.prototype.aborted throws if its brand check fails\n return false;\n }\n}\n\n/// \nconst NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined;\n\n/// \nfunction isDOMExceptionConstructor(ctor) {\n if (!(typeof ctor === 'function' || typeof ctor === 'object')) {\n return false;\n }\n try {\n new ctor();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction createDOMExceptionPolyfill() {\n // eslint-disable-next-line no-shadow\n const ctor = function DOMException(message, name) {\n this.message = message || '';\n this.name = name || 'Error';\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n };\n ctor.prototype = Object.create(Error.prototype);\n Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true });\n return ctor;\n}\n// eslint-disable-next-line no-redeclare\nconst DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill();\n\nfunction ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) {\n const reader = AcquireReadableStreamDefaultReader(source);\n const writer = AcquireWritableStreamDefaultWriter(dest);\n source._disturbed = true;\n let shuttingDown = false;\n // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown.\n let currentWrite = promiseResolvedWith(undefined);\n return newPromise((resolve, reject) => {\n let abortAlgorithm;\n if (signal !== undefined) {\n abortAlgorithm = () => {\n const error = new DOMException$1('Aborted', 'AbortError');\n const actions = [];\n if (!preventAbort) {\n actions.push(() => {\n if (dest._state === 'writable') {\n return WritableStreamAbort(dest, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n if (!preventCancel) {\n actions.push(() => {\n if (source._state === 'readable') {\n return ReadableStreamCancel(source, error);\n }\n return promiseResolvedWith(undefined);\n });\n }\n shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error);\n };\n if (signal.aborted) {\n abortAlgorithm();\n return;\n }\n signal.addEventListener('abort', abortAlgorithm);\n }\n // Using reader and writer, read all chunks from this and write them to dest\n // - Backpressure must be enforced\n // - Shutdown must stop all activity\n function pipeLoop() {\n return newPromise((resolveLoop, rejectLoop) => {\n function next(done) {\n if (done) {\n resolveLoop();\n }\n else {\n // Use `PerformPromiseThen` instead of `uponPromise` to avoid\n // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers\n PerformPromiseThen(pipeStep(), next, rejectLoop);\n }\n }\n next(false);\n });\n }\n function pipeStep() {\n if (shuttingDown) {\n return promiseResolvedWith(true);\n }\n return PerformPromiseThen(writer._readyPromise, () => {\n return newPromise((resolveRead, rejectRead) => {\n ReadableStreamDefaultReaderRead(reader, {\n _chunkSteps: chunk => {\n currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop);\n resolveRead(false);\n },\n _closeSteps: () => resolveRead(true),\n _errorSteps: rejectRead\n });\n });\n });\n }\n // Errors must be propagated forward\n isOrBecomesErrored(source, reader._closedPromise, storedError => {\n if (!preventAbort) {\n shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Errors must be propagated backward\n isOrBecomesErrored(dest, writer._closedPromise, storedError => {\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError);\n }\n else {\n shutdown(true, storedError);\n }\n });\n // Closing must be propagated forward\n isOrBecomesClosed(source, reader._closedPromise, () => {\n if (!preventClose) {\n shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer));\n }\n else {\n shutdown();\n }\n });\n // Closing must be propagated backward\n if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') {\n const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it');\n if (!preventCancel) {\n shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed);\n }\n else {\n shutdown(true, destClosed);\n }\n }\n setPromiseIsHandledToTrue(pipeLoop());\n function waitForWritesToFinish() {\n // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait\n // for that too.\n const oldCurrentWrite = currentWrite;\n return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined);\n }\n function isOrBecomesErrored(stream, promise, action) {\n if (stream._state === 'errored') {\n action(stream._storedError);\n }\n else {\n uponRejection(promise, action);\n }\n }\n function isOrBecomesClosed(stream, promise, action) {\n if (stream._state === 'closed') {\n action();\n }\n else {\n uponFulfillment(promise, action);\n }\n }\n function shutdownWithAction(action, originalIsError, originalError) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), doTheRest);\n }\n else {\n doTheRest();\n }\n function doTheRest() {\n uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError));\n }\n }\n function shutdown(isError, error) {\n if (shuttingDown) {\n return;\n }\n shuttingDown = true;\n if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) {\n uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error));\n }\n else {\n finalize(isError, error);\n }\n }\n function finalize(isError, error) {\n WritableStreamDefaultWriterRelease(writer);\n ReadableStreamReaderGenericRelease(reader);\n if (signal !== undefined) {\n signal.removeEventListener('abort', abortAlgorithm);\n }\n if (isError) {\n reject(error);\n }\n else {\n resolve(undefined);\n }\n }\n });\n}\n\n/**\n * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue.\n *\n * @public\n */\nclass ReadableStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is\n * over-full. An underlying source ought to use this information to determine when and how to apply backpressure.\n */\n get desiredSize() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('desiredSize');\n }\n return ReadableStreamDefaultControllerGetDesiredSize(this);\n }\n /**\n * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from\n * the stream, but once those are read, the stream will become closed.\n */\n close() {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('close');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits close');\n }\n ReadableStreamDefaultControllerClose(this);\n }\n enqueue(chunk = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('enqueue');\n }\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) {\n throw new TypeError('The stream is not in a state that permits enqueue');\n }\n return ReadableStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`.\n */\n error(e = undefined) {\n if (!IsReadableStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException$1('error');\n }\n ReadableStreamDefaultControllerError(this, e);\n }\n /** @internal */\n [CancelSteps](reason) {\n ResetQueue(this);\n const result = this._cancelAlgorithm(reason);\n ReadableStreamDefaultControllerClearAlgorithms(this);\n return result;\n }\n /** @internal */\n [PullSteps](readRequest) {\n const stream = this._controlledReadableStream;\n if (this._queue.length > 0) {\n const chunk = DequeueValue(this);\n if (this._closeRequested && this._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(this);\n ReadableStreamClose(stream);\n }\n else {\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n readRequest._chunkSteps(chunk);\n }\n else {\n ReadableStreamAddReadRequest(stream, readRequest);\n ReadableStreamDefaultControllerCallPullIfNeeded(this);\n }\n }\n}\nObject.defineProperties(ReadableStreamDefaultController.prototype, {\n close: { enumerable: true },\n enqueue: { enumerable: true },\n error: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStreamDefaultController',\n configurable: true\n });\n}\n// Abstract operations for the ReadableStreamDefaultController.\nfunction IsReadableStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCallPullIfNeeded(controller) {\n const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller);\n if (!shouldPull) {\n return;\n }\n if (controller._pulling) {\n controller._pullAgain = true;\n return;\n }\n controller._pulling = true;\n const pullPromise = controller._pullAlgorithm();\n uponPromise(pullPromise, () => {\n controller._pulling = false;\n if (controller._pullAgain) {\n controller._pullAgain = false;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }\n }, e => {\n ReadableStreamDefaultControllerError(controller, e);\n });\n}\nfunction ReadableStreamDefaultControllerShouldCallPull(controller) {\n const stream = controller._controlledReadableStream;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return false;\n }\n if (!controller._started) {\n return false;\n }\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n return true;\n }\n const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller);\n if (desiredSize > 0) {\n return true;\n }\n return false;\n}\nfunction ReadableStreamDefaultControllerClearAlgorithms(controller) {\n controller._pullAlgorithm = undefined;\n controller._cancelAlgorithm = undefined;\n controller._strategySizeAlgorithm = undefined;\n}\n// A client of ReadableStreamDefaultController may use these functions directly to bypass state check.\nfunction ReadableStreamDefaultControllerClose(controller) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n controller._closeRequested = true;\n if (controller._queue.length === 0) {\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamClose(stream);\n }\n}\nfunction ReadableStreamDefaultControllerEnqueue(controller, chunk) {\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) {\n return;\n }\n const stream = controller._controlledReadableStream;\n if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) {\n ReadableStreamFulfillReadRequest(stream, chunk, false);\n }\n else {\n let chunkSize;\n try {\n chunkSize = controller._strategySizeAlgorithm(chunk);\n }\n catch (chunkSizeE) {\n ReadableStreamDefaultControllerError(controller, chunkSizeE);\n throw chunkSizeE;\n }\n try {\n EnqueueValueWithSize(controller, chunk, chunkSize);\n }\n catch (enqueueE) {\n ReadableStreamDefaultControllerError(controller, enqueueE);\n throw enqueueE;\n }\n }\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n}\nfunction ReadableStreamDefaultControllerError(controller, e) {\n const stream = controller._controlledReadableStream;\n if (stream._state !== 'readable') {\n return;\n }\n ResetQueue(controller);\n ReadableStreamDefaultControllerClearAlgorithms(controller);\n ReadableStreamError(stream, e);\n}\nfunction ReadableStreamDefaultControllerGetDesiredSize(controller) {\n const state = controller._controlledReadableStream._state;\n if (state === 'errored') {\n return null;\n }\n if (state === 'closed') {\n return 0;\n }\n return controller._strategyHWM - controller._queueTotalSize;\n}\n// This is used in the implementation of TransformStream.\nfunction ReadableStreamDefaultControllerHasBackpressure(controller) {\n if (ReadableStreamDefaultControllerShouldCallPull(controller)) {\n return false;\n }\n return true;\n}\nfunction ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) {\n const state = controller._controlledReadableStream._state;\n if (!controller._closeRequested && state === 'readable') {\n return true;\n }\n return false;\n}\nfunction SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) {\n controller._controlledReadableStream = stream;\n controller._queue = undefined;\n controller._queueTotalSize = undefined;\n ResetQueue(controller);\n controller._started = false;\n controller._closeRequested = false;\n controller._pullAgain = false;\n controller._pulling = false;\n controller._strategySizeAlgorithm = sizeAlgorithm;\n controller._strategyHWM = highWaterMark;\n controller._pullAlgorithm = pullAlgorithm;\n controller._cancelAlgorithm = cancelAlgorithm;\n stream._readableStreamController = controller;\n const startResult = startAlgorithm();\n uponPromise(promiseResolvedWith(startResult), () => {\n controller._started = true;\n ReadableStreamDefaultControllerCallPullIfNeeded(controller);\n }, r => {\n ReadableStreamDefaultControllerError(controller, r);\n });\n}\nfunction SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) {\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n let startAlgorithm = () => undefined;\n let pullAlgorithm = () => promiseResolvedWith(undefined);\n let cancelAlgorithm = () => promiseResolvedWith(undefined);\n if (underlyingSource.start !== undefined) {\n startAlgorithm = () => underlyingSource.start(controller);\n }\n if (underlyingSource.pull !== undefined) {\n pullAlgorithm = () => underlyingSource.pull(controller);\n }\n if (underlyingSource.cancel !== undefined) {\n cancelAlgorithm = reason => underlyingSource.cancel(reason);\n }\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n}\n// Helper functions for the ReadableStreamDefaultController.\nfunction defaultControllerBrandCheckException$1(name) {\n return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`);\n}\n\nfunction ReadableStreamTee(stream, cloneForBranch2) {\n const reader = AcquireReadableStreamDefaultReader(stream);\n let reading = false;\n let canceled1 = false;\n let canceled2 = false;\n let reason1;\n let reason2;\n let branch1;\n let branch2;\n let resolveCancelPromise;\n const cancelPromise = newPromise(resolve => {\n resolveCancelPromise = resolve;\n });\n function pullAlgorithm() {\n if (reading) {\n return promiseResolvedWith(undefined);\n }\n reading = true;\n const readRequest = {\n _chunkSteps: value => {\n // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using\n // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let\n // successful synchronously-available reads get ahead of asynchronously-available errors.\n queueMicrotask(() => {\n reading = false;\n const value1 = value;\n const value2 = value;\n // There is no way to access the cloning code right now in the reference implementation.\n // If we add one then we'll need an implementation for serializable objects.\n // if (!canceled2 && cloneForBranch2) {\n // value2 = StructuredDeserialize(StructuredSerialize(value2));\n // }\n if (!canceled1) {\n ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2);\n }\n });\n },\n _closeSteps: () => {\n reading = false;\n if (!canceled1) {\n ReadableStreamDefaultControllerClose(branch1._readableStreamController);\n }\n if (!canceled2) {\n ReadableStreamDefaultControllerClose(branch2._readableStreamController);\n }\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n },\n _errorSteps: () => {\n reading = false;\n }\n };\n ReadableStreamDefaultReaderRead(reader, readRequest);\n return promiseResolvedWith(undefined);\n }\n function cancel1Algorithm(reason) {\n canceled1 = true;\n reason1 = reason;\n if (canceled2) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function cancel2Algorithm(reason) {\n canceled2 = true;\n reason2 = reason;\n if (canceled1) {\n const compositeReason = CreateArrayFromList([reason1, reason2]);\n const cancelResult = ReadableStreamCancel(stream, compositeReason);\n resolveCancelPromise(cancelResult);\n }\n return cancelPromise;\n }\n function startAlgorithm() {\n // do nothing\n }\n branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm);\n branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm);\n uponRejection(reader._closedPromise, (r) => {\n ReadableStreamDefaultControllerError(branch1._readableStreamController, r);\n ReadableStreamDefaultControllerError(branch2._readableStreamController, r);\n if (!canceled1 || !canceled2) {\n resolveCancelPromise(undefined);\n }\n });\n return [branch1, branch2];\n}\n\nfunction convertUnderlyingDefaultOrByteSource(source, context) {\n assertDictionary(source, context);\n const original = source;\n const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize;\n const cancel = original === null || original === void 0 ? void 0 : original.cancel;\n const pull = original === null || original === void 0 ? void 0 : original.pull;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const type = original === null || original === void 0 ? void 0 : original.type;\n return {\n autoAllocateChunkSize: autoAllocateChunkSize === undefined ?\n undefined :\n convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`),\n cancel: cancel === undefined ?\n undefined :\n convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`),\n pull: pull === undefined ?\n undefined :\n convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`),\n start: start === undefined ?\n undefined :\n convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`),\n type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`)\n };\n}\nfunction convertUnderlyingSourceCancelCallback(fn, original, context) {\n assertFunction(fn, context);\n return (reason) => promiseCall(fn, original, [reason]);\n}\nfunction convertUnderlyingSourcePullCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertUnderlyingSourceStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertReadableStreamType(type, context) {\n type = `${type}`;\n if (type !== 'bytes') {\n throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`);\n }\n return type;\n}\n\nfunction convertReaderOptions(options, context) {\n assertDictionary(options, context);\n const mode = options === null || options === void 0 ? void 0 : options.mode;\n return {\n mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`)\n };\n}\nfunction convertReadableStreamReaderMode(mode, context) {\n mode = `${mode}`;\n if (mode !== 'byob') {\n throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`);\n }\n return mode;\n}\n\nfunction convertIteratorOptions(options, context) {\n assertDictionary(options, context);\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n return { preventCancel: Boolean(preventCancel) };\n}\n\nfunction convertPipeOptions(options, context) {\n assertDictionary(options, context);\n const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort;\n const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel;\n const preventClose = options === null || options === void 0 ? void 0 : options.preventClose;\n const signal = options === null || options === void 0 ? void 0 : options.signal;\n if (signal !== undefined) {\n assertAbortSignal(signal, `${context} has member 'signal' that`);\n }\n return {\n preventAbort: Boolean(preventAbort),\n preventCancel: Boolean(preventCancel),\n preventClose: Boolean(preventClose),\n signal\n };\n}\nfunction assertAbortSignal(signal, context) {\n if (!isAbortSignal(signal)) {\n throw new TypeError(`${context} is not an AbortSignal.`);\n }\n}\n\nfunction convertReadableWritablePair(pair, context) {\n assertDictionary(pair, context);\n const readable = pair === null || pair === void 0 ? void 0 : pair.readable;\n assertRequiredField(readable, 'readable', 'ReadableWritablePair');\n assertReadableStream(readable, `${context} has member 'readable' that`);\n const writable = pair === null || pair === void 0 ? void 0 : pair.writable;\n assertRequiredField(writable, 'writable', 'ReadableWritablePair');\n assertWritableStream(writable, `${context} has member 'writable' that`);\n return { readable, writable };\n}\n\n/**\n * A readable stream represents a source of data, from which you can read.\n *\n * @public\n */\nclass ReadableStream {\n constructor(rawUnderlyingSource = {}, rawStrategy = {}) {\n if (rawUnderlyingSource === undefined) {\n rawUnderlyingSource = null;\n }\n else {\n assertObject(rawUnderlyingSource, 'First parameter');\n }\n const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter');\n const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter');\n InitializeReadableStream(this);\n if (underlyingSource.type === 'bytes') {\n if (strategy.size !== undefined) {\n throw new RangeError('The strategy for a byte stream cannot have a size function');\n }\n const highWaterMark = ExtractHighWaterMark(strategy, 0);\n SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark);\n }\n else {\n const sizeAlgorithm = ExtractSizeAlgorithm(strategy);\n const highWaterMark = ExtractHighWaterMark(strategy, 1);\n SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm);\n }\n }\n /**\n * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}.\n */\n get locked() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('locked');\n }\n return IsReadableStreamLocked(this);\n }\n /**\n * Cancels the stream, signaling a loss of interest in the stream by a consumer.\n *\n * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()}\n * method, which might or might not use it.\n */\n cancel(reason = undefined) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('cancel'));\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader'));\n }\n return ReadableStreamCancel(this, reason);\n }\n getReader(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('getReader');\n }\n const options = convertReaderOptions(rawOptions, 'First parameter');\n if (options.mode === undefined) {\n return AcquireReadableStreamDefaultReader(this);\n }\n return AcquireReadableStreamBYOBReader(this);\n }\n pipeThrough(rawTransform, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('pipeThrough');\n }\n assertRequiredArgument(rawTransform, 1, 'pipeThrough');\n const transform = convertReadableWritablePair(rawTransform, 'First parameter');\n const options = convertPipeOptions(rawOptions, 'Second parameter');\n if (IsReadableStreamLocked(this)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream');\n }\n if (IsWritableStreamLocked(transform.writable)) {\n throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream');\n }\n const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n setPromiseIsHandledToTrue(promise);\n return transform.readable;\n }\n pipeTo(destination, rawOptions = {}) {\n if (!IsReadableStream(this)) {\n return promiseRejectedWith(streamBrandCheckException$1('pipeTo'));\n }\n if (destination === undefined) {\n return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`);\n }\n if (!IsWritableStream(destination)) {\n return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`));\n }\n let options;\n try {\n options = convertPipeOptions(rawOptions, 'Second parameter');\n }\n catch (e) {\n return promiseRejectedWith(e);\n }\n if (IsReadableStreamLocked(this)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream'));\n }\n if (IsWritableStreamLocked(destination)) {\n return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream'));\n }\n return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal);\n }\n /**\n * Tees this readable stream, returning a two-element array containing the two resulting branches as\n * new {@link ReadableStream} instances.\n *\n * Teeing a stream will lock it, preventing any other consumer from acquiring a reader.\n * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be\n * propagated to the stream's underlying source.\n *\n * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable,\n * this could allow interference between the two branches.\n */\n tee() {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('tee');\n }\n const branches = ReadableStreamTee(this);\n return CreateArrayFromList(branches);\n }\n values(rawOptions = undefined) {\n if (!IsReadableStream(this)) {\n throw streamBrandCheckException$1('values');\n }\n const options = convertIteratorOptions(rawOptions, 'First parameter');\n return AcquireReadableStreamAsyncIterator(this, options.preventCancel);\n }\n}\nObject.defineProperties(ReadableStream.prototype, {\n cancel: { enumerable: true },\n getReader: { enumerable: true },\n pipeThrough: { enumerable: true },\n pipeTo: { enumerable: true },\n tee: { enumerable: true },\n values: { enumerable: true },\n locked: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'ReadableStream',\n configurable: true\n });\n}\nif (typeof SymbolPolyfill.asyncIterator === 'symbol') {\n Object.defineProperty(ReadableStream.prototype, SymbolPolyfill.asyncIterator, {\n value: ReadableStream.prototype.values,\n writable: true,\n configurable: true\n });\n}\n// Abstract operations for the ReadableStream.\n// Throws if and only if startAlgorithm throws.\nfunction CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) {\n const stream = Object.create(ReadableStream.prototype);\n InitializeReadableStream(stream);\n const controller = Object.create(ReadableStreamDefaultController.prototype);\n SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm);\n return stream;\n}\nfunction InitializeReadableStream(stream) {\n stream._state = 'readable';\n stream._reader = undefined;\n stream._storedError = undefined;\n stream._disturbed = false;\n}\nfunction IsReadableStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) {\n return false;\n }\n return true;\n}\nfunction IsReadableStreamLocked(stream) {\n if (stream._reader === undefined) {\n return false;\n }\n return true;\n}\n// ReadableStream API exposed for controllers.\nfunction ReadableStreamCancel(stream, reason) {\n stream._disturbed = true;\n if (stream._state === 'closed') {\n return promiseResolvedWith(undefined);\n }\n if (stream._state === 'errored') {\n return promiseRejectedWith(stream._storedError);\n }\n ReadableStreamClose(stream);\n const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason);\n return transformPromiseWith(sourceCancelPromise, noop);\n}\nfunction ReadableStreamClose(stream) {\n stream._state = 'closed';\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseResolve(reader);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._closeSteps();\n });\n reader._readRequests = new SimpleQueue();\n }\n}\nfunction ReadableStreamError(stream, e) {\n stream._state = 'errored';\n stream._storedError = e;\n const reader = stream._reader;\n if (reader === undefined) {\n return;\n }\n defaultReaderClosedPromiseReject(reader, e);\n if (IsReadableStreamDefaultReader(reader)) {\n reader._readRequests.forEach(readRequest => {\n readRequest._errorSteps(e);\n });\n reader._readRequests = new SimpleQueue();\n }\n else {\n reader._readIntoRequests.forEach(readIntoRequest => {\n readIntoRequest._errorSteps(e);\n });\n reader._readIntoRequests = new SimpleQueue();\n }\n}\n// Helper functions for the ReadableStream.\nfunction streamBrandCheckException$1(name) {\n return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`);\n}\n\nfunction convertQueuingStrategyInit(init, context) {\n assertDictionary(init, context);\n const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark;\n assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit');\n return {\n highWaterMark: convertUnrestrictedDouble(highWaterMark)\n };\n}\n\nconst byteLengthSizeFunction = function size(chunk) {\n return chunk.byteLength;\n};\n/**\n * A queuing strategy that counts the number of bytes in each chunk.\n *\n * @public\n */\nclass ByteLengthQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('highWaterMark');\n }\n return this._byteLengthQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by returning the value of its `byteLength` property.\n */\n get size() {\n if (!IsByteLengthQueuingStrategy(this)) {\n throw byteLengthBrandCheckException('size');\n }\n return byteLengthSizeFunction;\n }\n}\nObject.defineProperties(ByteLengthQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'ByteLengthQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the ByteLengthQueuingStrategy.\nfunction byteLengthBrandCheckException(name) {\n return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`);\n}\nfunction IsByteLengthQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nconst countSizeFunction = function size() {\n return 1;\n};\n/**\n * A queuing strategy that counts the number of chunks.\n *\n * @public\n */\nclass CountQueuingStrategy {\n constructor(options) {\n assertRequiredArgument(options, 1, 'CountQueuingStrategy');\n options = convertQueuingStrategyInit(options, 'First parameter');\n this._countQueuingStrategyHighWaterMark = options.highWaterMark;\n }\n /**\n * Returns the high water mark provided to the constructor.\n */\n get highWaterMark() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('highWaterMark');\n }\n return this._countQueuingStrategyHighWaterMark;\n }\n /**\n * Measures the size of `chunk` by always returning 1.\n * This ensures that the total queue size is a count of the number of chunks in the queue.\n */\n get size() {\n if (!IsCountQueuingStrategy(this)) {\n throw countBrandCheckException('size');\n }\n return countSizeFunction;\n }\n}\nObject.defineProperties(CountQueuingStrategy.prototype, {\n highWaterMark: { enumerable: true },\n size: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, {\n value: 'CountQueuingStrategy',\n configurable: true\n });\n}\n// Helper functions for the CountQueuingStrategy.\nfunction countBrandCheckException(name) {\n return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`);\n}\nfunction IsCountQueuingStrategy(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) {\n return false;\n }\n return true;\n}\n\nfunction convertTransformer(original, context) {\n assertDictionary(original, context);\n const flush = original === null || original === void 0 ? void 0 : original.flush;\n const readableType = original === null || original === void 0 ? void 0 : original.readableType;\n const start = original === null || original === void 0 ? void 0 : original.start;\n const transform = original === null || original === void 0 ? void 0 : original.transform;\n const writableType = original === null || original === void 0 ? void 0 : original.writableType;\n return {\n flush: flush === undefined ?\n undefined :\n convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`),\n readableType,\n start: start === undefined ?\n undefined :\n convertTransformerStartCallback(start, original, `${context} has member 'start' that`),\n transform: transform === undefined ?\n undefined :\n convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`),\n writableType\n };\n}\nfunction convertTransformerFlushCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => promiseCall(fn, original, [controller]);\n}\nfunction convertTransformerStartCallback(fn, original, context) {\n assertFunction(fn, context);\n return (controller) => reflectCall(fn, original, [controller]);\n}\nfunction convertTransformerTransformCallback(fn, original, context) {\n assertFunction(fn, context);\n return (chunk, controller) => promiseCall(fn, original, [chunk, controller]);\n}\n\n// Class TransformStream\n/**\n * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream},\n * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side.\n * In a manner specific to the transform stream in question, writes to the writable side result in new data being\n * made available for reading from the readable side.\n *\n * @public\n */\nclass TransformStream {\n constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) {\n if (rawTransformer === undefined) {\n rawTransformer = null;\n }\n const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter');\n const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter');\n const transformer = convertTransformer(rawTransformer, 'First parameter');\n if (transformer.readableType !== undefined) {\n throw new RangeError('Invalid readableType specified');\n }\n if (transformer.writableType !== undefined) {\n throw new RangeError('Invalid writableType specified');\n }\n const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0);\n const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy);\n const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1);\n const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy);\n let startPromise_resolve;\n const startPromise = newPromise(resolve => {\n startPromise_resolve = resolve;\n });\n InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n SetUpTransformStreamDefaultControllerFromTransformer(this, transformer);\n if (transformer.start !== undefined) {\n startPromise_resolve(transformer.start(this._transformStreamController));\n }\n else {\n startPromise_resolve(undefined);\n }\n }\n /**\n * The readable side of the transform stream.\n */\n get readable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('readable');\n }\n return this._readable;\n }\n /**\n * The writable side of the transform stream.\n */\n get writable() {\n if (!IsTransformStream(this)) {\n throw streamBrandCheckException('writable');\n }\n return this._writable;\n }\n}\nObject.defineProperties(TransformStream.prototype, {\n readable: { enumerable: true },\n writable: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStream.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStream',\n configurable: true\n });\n}\nfunction InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) {\n function startAlgorithm() {\n return startPromise;\n }\n function writeAlgorithm(chunk) {\n return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk);\n }\n function abortAlgorithm(reason) {\n return TransformStreamDefaultSinkAbortAlgorithm(stream, reason);\n }\n function closeAlgorithm() {\n return TransformStreamDefaultSinkCloseAlgorithm(stream);\n }\n stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm);\n function pullAlgorithm() {\n return TransformStreamDefaultSourcePullAlgorithm(stream);\n }\n function cancelAlgorithm(reason) {\n TransformStreamErrorWritableAndUnblockWrite(stream, reason);\n return promiseResolvedWith(undefined);\n }\n stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm);\n // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure.\n stream._backpressure = undefined;\n stream._backpressureChangePromise = undefined;\n stream._backpressureChangePromise_resolve = undefined;\n TransformStreamSetBackpressure(stream, true);\n stream._transformStreamController = undefined;\n}\nfunction IsTransformStream(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) {\n return false;\n }\n return true;\n}\n// This is a no-op if both sides are already errored.\nfunction TransformStreamError(stream, e) {\n ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e);\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n}\nfunction TransformStreamErrorWritableAndUnblockWrite(stream, e) {\n TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController);\n WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e);\n if (stream._backpressure) {\n // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure()\n // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time\n // _backpressure is set.\n TransformStreamSetBackpressure(stream, false);\n }\n}\nfunction TransformStreamSetBackpressure(stream, backpressure) {\n // Passes also when called during construction.\n if (stream._backpressureChangePromise !== undefined) {\n stream._backpressureChangePromise_resolve();\n }\n stream._backpressureChangePromise = newPromise(resolve => {\n stream._backpressureChangePromise_resolve = resolve;\n });\n stream._backpressure = backpressure;\n}\n// Class TransformStreamDefaultController\n/**\n * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}.\n *\n * @public\n */\nclass TransformStreamDefaultController {\n constructor() {\n throw new TypeError('Illegal constructor');\n }\n /**\n * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full.\n */\n get desiredSize() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('desiredSize');\n }\n const readableController = this._controlledTransformStream._readable._readableStreamController;\n return ReadableStreamDefaultControllerGetDesiredSize(readableController);\n }\n enqueue(chunk = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('enqueue');\n }\n TransformStreamDefaultControllerEnqueue(this, chunk);\n }\n /**\n * Errors both the readable side and the writable side of the controlled transform stream, making all future\n * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded.\n */\n error(reason = undefined) {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('error');\n }\n TransformStreamDefaultControllerError(this, reason);\n }\n /**\n * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the\n * transformer only needs to consume a portion of the chunks written to the writable side.\n */\n terminate() {\n if (!IsTransformStreamDefaultController(this)) {\n throw defaultControllerBrandCheckException('terminate');\n }\n TransformStreamDefaultControllerTerminate(this);\n }\n}\nObject.defineProperties(TransformStreamDefaultController.prototype, {\n enqueue: { enumerable: true },\n error: { enumerable: true },\n terminate: { enumerable: true },\n desiredSize: { enumerable: true }\n});\nif (typeof SymbolPolyfill.toStringTag === 'symbol') {\n Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, {\n value: 'TransformStreamDefaultController',\n configurable: true\n });\n}\n// Transform Stream Default Controller Abstract Operations\nfunction IsTransformStreamDefaultController(x) {\n if (!typeIsObject(x)) {\n return false;\n }\n if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) {\n return false;\n }\n return true;\n}\nfunction SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) {\n controller._controlledTransformStream = stream;\n stream._transformStreamController = controller;\n controller._transformAlgorithm = transformAlgorithm;\n controller._flushAlgorithm = flushAlgorithm;\n}\nfunction SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) {\n const controller = Object.create(TransformStreamDefaultController.prototype);\n let transformAlgorithm = (chunk) => {\n try {\n TransformStreamDefaultControllerEnqueue(controller, chunk);\n return promiseResolvedWith(undefined);\n }\n catch (transformResultE) {\n return promiseRejectedWith(transformResultE);\n }\n };\n let flushAlgorithm = () => promiseResolvedWith(undefined);\n if (transformer.transform !== undefined) {\n transformAlgorithm = chunk => transformer.transform(chunk, controller);\n }\n if (transformer.flush !== undefined) {\n flushAlgorithm = () => transformer.flush(controller);\n }\n SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm);\n}\nfunction TransformStreamDefaultControllerClearAlgorithms(controller) {\n controller._transformAlgorithm = undefined;\n controller._flushAlgorithm = undefined;\n}\nfunction TransformStreamDefaultControllerEnqueue(controller, chunk) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) {\n throw new TypeError('Readable side is not in a state that permits enqueue');\n }\n // We throttle transform invocations based on the backpressure of the ReadableStream, but we still\n // accept TransformStreamDefaultControllerEnqueue() calls.\n try {\n ReadableStreamDefaultControllerEnqueue(readableController, chunk);\n }\n catch (e) {\n // This happens when readableStrategy.size() throws.\n TransformStreamErrorWritableAndUnblockWrite(stream, e);\n throw stream._readable._storedError;\n }\n const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController);\n if (backpressure !== stream._backpressure) {\n TransformStreamSetBackpressure(stream, true);\n }\n}\nfunction TransformStreamDefaultControllerError(controller, e) {\n TransformStreamError(controller._controlledTransformStream, e);\n}\nfunction TransformStreamDefaultControllerPerformTransform(controller, chunk) {\n const transformPromise = controller._transformAlgorithm(chunk);\n return transformPromiseWith(transformPromise, undefined, r => {\n TransformStreamError(controller._controlledTransformStream, r);\n throw r;\n });\n}\nfunction TransformStreamDefaultControllerTerminate(controller) {\n const stream = controller._controlledTransformStream;\n const readableController = stream._readable._readableStreamController;\n ReadableStreamDefaultControllerClose(readableController);\n const error = new TypeError('TransformStream terminated');\n TransformStreamErrorWritableAndUnblockWrite(stream, error);\n}\n// TransformStreamDefaultSink Algorithms\nfunction TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) {\n const controller = stream._transformStreamController;\n if (stream._backpressure) {\n const backpressureChangePromise = stream._backpressureChangePromise;\n return transformPromiseWith(backpressureChangePromise, () => {\n const writable = stream._writable;\n const state = writable._state;\n if (state === 'erroring') {\n throw writable._storedError;\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n });\n }\n return TransformStreamDefaultControllerPerformTransform(controller, chunk);\n}\nfunction TransformStreamDefaultSinkAbortAlgorithm(stream, reason) {\n // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already\n // errored.\n TransformStreamError(stream, reason);\n return promiseResolvedWith(undefined);\n}\nfunction TransformStreamDefaultSinkCloseAlgorithm(stream) {\n // stream._readable cannot change after construction, so caching it across a call to user code is safe.\n const readable = stream._readable;\n const controller = stream._transformStreamController;\n const flushPromise = controller._flushAlgorithm();\n TransformStreamDefaultControllerClearAlgorithms(controller);\n // Return a promise that is fulfilled with undefined on success.\n return transformPromiseWith(flushPromise, () => {\n if (readable._state === 'errored') {\n throw readable._storedError;\n }\n ReadableStreamDefaultControllerClose(readable._readableStreamController);\n }, r => {\n TransformStreamError(stream, r);\n throw readable._storedError;\n });\n}\n// TransformStreamDefaultSource Algorithms\nfunction TransformStreamDefaultSourcePullAlgorithm(stream) {\n // Invariant. Enforced by the promises returned by start() and pull().\n TransformStreamSetBackpressure(stream, false);\n // Prevent the next pull() call until there is backpressure.\n return stream._backpressureChangePromise;\n}\n// Helper functions for the TransformStreamDefaultController.\nfunction defaultControllerBrandCheckException(name) {\n return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`);\n}\n// Helper functions for the TransformStream.\nfunction streamBrandCheckException(name) {\n return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`);\n}\n\nexport { ByteLengthQueuingStrategy, CountQueuingStrategy, ReadableByteStreamController, ReadableStream, ReadableStreamBYOBReader, ReadableStreamBYOBRequest, ReadableStreamDefaultController, ReadableStreamDefaultReader, TransformStream, TransformStreamDefaultController, WritableStream, WritableStreamDefaultController, WritableStreamDefaultWriter };\n//# sourceMappingURL=ponyfill.es6.mjs.map\n","/*! *****************************************************************************\nCopyright (c) Microsoft Corporation.\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\nPERFORMANCE OF THIS SOFTWARE.\n***************************************************************************** */\n/* global Reflect, Promise */\n\nvar extendStatics = function(d, b) {\n extendStatics = Object.setPrototypeOf ||\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\n return extendStatics(d, b);\n};\n\nfunction __extends(d, b) {\n if (typeof b !== \"function\" && b !== null)\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\n extendStatics(d, b);\n function __() { this.constructor = d; }\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\n}\n\nfunction assert(test) {\n if (!test) {\n throw new TypeError('Assertion failed');\n }\n}\n\nfunction noop() {\n return;\n}\nfunction typeIsObject(x) {\n return (typeof x === 'object' && x !== null) || typeof x === 'function';\n}\n\nfunction isStreamConstructor(ctor) {\n if (typeof ctor !== 'function') {\n return false;\n }\n var startCalled = false;\n try {\n new ctor({\n start: function () {\n startCalled = true;\n }\n });\n }\n catch (e) {\n // ignore\n }\n return startCalled;\n}\nfunction isReadableStream(readable) {\n if (!typeIsObject(readable)) {\n return false;\n }\n if (typeof readable.getReader !== 'function') {\n return false;\n }\n return true;\n}\nfunction isReadableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isReadableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isWritableStream(writable) {\n if (!typeIsObject(writable)) {\n return false;\n }\n if (typeof writable.getWriter !== 'function') {\n return false;\n }\n return true;\n}\nfunction isWritableStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isWritableStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction isTransformStream(transform) {\n if (!typeIsObject(transform)) {\n return false;\n }\n if (!isReadableStream(transform.readable)) {\n return false;\n }\n if (!isWritableStream(transform.writable)) {\n return false;\n }\n return true;\n}\nfunction isTransformStreamConstructor(ctor) {\n if (!isStreamConstructor(ctor)) {\n return false;\n }\n if (!isTransformStream(new ctor())) {\n return false;\n }\n return true;\n}\nfunction supportsByobReader(readable) {\n try {\n var reader = readable.getReader({ mode: 'byob' });\n reader.releaseLock();\n return true;\n }\n catch (_a) {\n return false;\n }\n}\nfunction supportsByteSource(ctor) {\n try {\n new ctor({ type: 'bytes' });\n return true;\n }\n catch (_a) {\n return false;\n }\n}\n\nfunction createReadableStreamWrapper(ctor) {\n assert(isReadableStreamConstructor(ctor));\n var byteSourceSupported = supportsByteSource(ctor);\n return function (readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n type = parseReadableType(type);\n if (type === 'bytes' && !byteSourceSupported) {\n type = undefined;\n }\n if (readable.constructor === ctor) {\n if (type !== 'bytes' || supportsByobReader(readable)) {\n return readable;\n }\n }\n if (type === 'bytes') {\n var source = createWrappingReadableSource(readable, { type: type });\n return new ctor(source);\n }\n else {\n var source = createWrappingReadableSource(readable);\n return new ctor(source);\n }\n };\n}\nfunction createWrappingReadableSource(readable, _a) {\n var _b = _a === void 0 ? {} : _a, type = _b.type;\n assert(isReadableStream(readable));\n assert(readable.locked === false);\n type = parseReadableType(type);\n var source;\n if (type === 'bytes') {\n source = new WrappingReadableByteStreamSource(readable);\n }\n else {\n source = new WrappingReadableStreamDefaultSource(readable);\n }\n return source;\n}\nfunction parseReadableType(type) {\n var typeString = String(type);\n if (typeString === 'bytes') {\n return typeString;\n }\n else if (type === undefined) {\n return type;\n }\n else {\n throw new RangeError('Invalid type is specified');\n }\n}\nvar AbstractWrappingReadableStreamSource = /** @class */ (function () {\n function AbstractWrappingReadableStreamSource(underlyingStream) {\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n this._readableStreamController = undefined;\n this._pendingRead = undefined;\n this._underlyingStream = underlyingStream;\n // always keep a reader attached to detect close/error\n this._attachDefaultReader();\n }\n AbstractWrappingReadableStreamSource.prototype.start = function (controller) {\n this._readableStreamController = controller;\n };\n AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) {\n assert(this._underlyingReader !== undefined);\n return this._underlyingReader.cancel(reason);\n };\n AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () {\n if (this._readerMode === \"default\" /* DEFAULT */) {\n return;\n }\n this._detachReader();\n var reader = this._underlyingStream.getReader();\n this._readerMode = \"default\" /* DEFAULT */;\n this._attachReader(reader);\n };\n AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) {\n var _this = this;\n assert(this._underlyingReader === undefined);\n this._underlyingReader = reader;\n var closed = this._underlyingReader.closed;\n if (!closed) {\n return;\n }\n closed\n .then(function () { return _this._finishPendingRead(); })\n .then(function () {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.close();\n }\n }, function (reason) {\n if (reader === _this._underlyingReader) {\n _this._readableStreamController.error(reason);\n }\n })\n .catch(noop);\n };\n AbstractWrappingReadableStreamSource.prototype._detachReader = function () {\n if (this._underlyingReader === undefined) {\n return;\n }\n this._underlyingReader.releaseLock();\n this._underlyingReader = undefined;\n this._readerMode = undefined;\n };\n AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () {\n var _this = this;\n this._attachDefaultReader();\n // TODO Backpressure?\n var read = this._underlyingReader.read()\n .then(function (result) {\n var controller = _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n }\n else {\n controller.enqueue(result.value);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n AbstractWrappingReadableStreamSource.prototype._tryClose = function () {\n try {\n this._readableStreamController.close();\n }\n catch (_a) {\n // already errored or closed\n }\n };\n AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) {\n var _this = this;\n var pendingRead;\n var finishRead = function () {\n if (_this._pendingRead === pendingRead) {\n _this._pendingRead = undefined;\n }\n };\n this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead);\n };\n AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () {\n var _this = this;\n if (!this._pendingRead) {\n return undefined;\n }\n var afterRead = function () { return _this._finishPendingRead(); };\n return this._pendingRead.then(afterRead, afterRead);\n };\n return AbstractWrappingReadableStreamSource;\n}());\nvar WrappingReadableStreamDefaultSource = /** @class */ (function (_super) {\n __extends(WrappingReadableStreamDefaultSource, _super);\n function WrappingReadableStreamDefaultSource() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n WrappingReadableStreamDefaultSource.prototype.pull = function () {\n return this._pullWithDefaultReader();\n };\n return WrappingReadableStreamDefaultSource;\n}(AbstractWrappingReadableStreamSource));\nfunction toUint8Array(view) {\n return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);\n}\nfunction copyArrayBufferView(from, to) {\n var fromArray = toUint8Array(from);\n var toArray = toUint8Array(to);\n toArray.set(fromArray, 0);\n}\nvar WrappingReadableByteStreamSource = /** @class */ (function (_super) {\n __extends(WrappingReadableByteStreamSource, _super);\n function WrappingReadableByteStreamSource(underlyingStream) {\n var _this = this;\n var supportsByob = supportsByobReader(underlyingStream);\n _this = _super.call(this, underlyingStream) || this;\n _this._supportsByob = supportsByob;\n return _this;\n }\n Object.defineProperty(WrappingReadableByteStreamSource.prototype, \"type\", {\n get: function () {\n return 'bytes';\n },\n enumerable: false,\n configurable: true\n });\n WrappingReadableByteStreamSource.prototype._attachByobReader = function () {\n if (this._readerMode === \"byob\" /* BYOB */) {\n return;\n }\n assert(this._supportsByob);\n this._detachReader();\n var reader = this._underlyingStream.getReader({ mode: 'byob' });\n this._readerMode = \"byob\" /* BYOB */;\n this._attachReader(reader);\n };\n WrappingReadableByteStreamSource.prototype.pull = function () {\n if (this._supportsByob) {\n var byobRequest = this._readableStreamController.byobRequest;\n if (byobRequest) {\n return this._pullWithByobRequest(byobRequest);\n }\n }\n return this._pullWithDefaultReader();\n };\n WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) {\n var _this = this;\n this._attachByobReader();\n // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly\n // create a separate buffer to read into, then copy that to byobRequest.view\n var buffer = new Uint8Array(byobRequest.view.byteLength);\n // TODO Backpressure?\n var read = this._underlyingReader.read(buffer)\n .then(function (result) {\n _this._readableStreamController;\n if (result.done) {\n _this._tryClose();\n byobRequest.respond(0);\n }\n else {\n copyArrayBufferView(result.value, byobRequest.view);\n byobRequest.respond(result.value.byteLength);\n }\n });\n this._setPendingRead(read);\n return read;\n };\n return WrappingReadableByteStreamSource;\n}(AbstractWrappingReadableStreamSource));\n\nfunction createWritableStreamWrapper(ctor) {\n assert(isWritableStreamConstructor(ctor));\n return function (writable) {\n if (writable.constructor === ctor) {\n return writable;\n }\n var sink = createWrappingWritableSink(writable);\n return new ctor(sink);\n };\n}\nfunction createWrappingWritableSink(writable) {\n assert(isWritableStream(writable));\n assert(writable.locked === false);\n var writer = writable.getWriter();\n return new WrappingWritableStreamSink(writer);\n}\nvar WrappingWritableStreamSink = /** @class */ (function () {\n function WrappingWritableStreamSink(underlyingWriter) {\n var _this = this;\n this._writableStreamController = undefined;\n this._pendingWrite = undefined;\n this._state = \"writable\" /* WRITABLE */;\n this._storedError = undefined;\n this._underlyingWriter = underlyingWriter;\n this._errorPromise = new Promise(function (resolve, reject) {\n _this._errorPromiseReject = reject;\n });\n this._errorPromise.catch(noop);\n }\n WrappingWritableStreamSink.prototype.start = function (controller) {\n var _this = this;\n this._writableStreamController = controller;\n this._underlyingWriter.closed\n .then(function () {\n _this._state = \"closed\" /* CLOSED */;\n })\n .catch(function (reason) { return _this._finishErroring(reason); });\n };\n WrappingWritableStreamSink.prototype.write = function (chunk) {\n var _this = this;\n var writer = this._underlyingWriter;\n // Detect past errors\n if (writer.desiredSize === null) {\n return writer.ready;\n }\n var writeRequest = writer.write(chunk);\n // Detect future errors\n writeRequest.catch(function (reason) { return _this._finishErroring(reason); });\n writer.ready.catch(function (reason) { return _this._startErroring(reason); });\n // Reject write when errored\n var write = Promise.race([writeRequest, this._errorPromise]);\n this._setPendingWrite(write);\n return write;\n };\n WrappingWritableStreamSink.prototype.close = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return this._underlyingWriter.close();\n }\n return this._finishPendingWrite().then(function () { return _this.close(); });\n };\n WrappingWritableStreamSink.prototype.abort = function (reason) {\n if (this._state === \"errored\" /* ERRORED */) {\n return undefined;\n }\n var writer = this._underlyingWriter;\n return writer.abort(reason);\n };\n WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) {\n var _this = this;\n var pendingWrite;\n var finishWrite = function () {\n if (_this._pendingWrite === pendingWrite) {\n _this._pendingWrite = undefined;\n }\n };\n this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite);\n };\n WrappingWritableStreamSink.prototype._finishPendingWrite = function () {\n var _this = this;\n if (this._pendingWrite === undefined) {\n return Promise.resolve();\n }\n var afterWrite = function () { return _this._finishPendingWrite(); };\n return this._pendingWrite.then(afterWrite, afterWrite);\n };\n WrappingWritableStreamSink.prototype._startErroring = function (reason) {\n var _this = this;\n if (this._state === \"writable\" /* WRITABLE */) {\n this._state = \"erroring\" /* ERRORING */;\n this._storedError = reason;\n var afterWrite = function () { return _this._finishErroring(reason); };\n if (this._pendingWrite === undefined) {\n afterWrite();\n }\n else {\n this._finishPendingWrite().then(afterWrite, afterWrite);\n }\n this._writableStreamController.error(reason);\n }\n };\n WrappingWritableStreamSink.prototype._finishErroring = function (reason) {\n if (this._state === \"writable\" /* WRITABLE */) {\n this._startErroring(reason);\n }\n if (this._state === \"erroring\" /* ERRORING */) {\n this._state = \"errored\" /* ERRORED */;\n this._errorPromiseReject(this._storedError);\n }\n };\n return WrappingWritableStreamSink;\n}());\n\nfunction createTransformStreamWrapper(ctor) {\n assert(isTransformStreamConstructor(ctor));\n return function (transform) {\n if (transform.constructor === ctor) {\n return transform;\n }\n var transformer = createWrappingTransformer(transform);\n return new ctor(transformer);\n };\n}\nfunction createWrappingTransformer(transform) {\n assert(isTransformStream(transform));\n var readable = transform.readable, writable = transform.writable;\n assert(readable.locked === false);\n assert(writable.locked === false);\n var reader = readable.getReader();\n var writer;\n try {\n writer = writable.getWriter();\n }\n catch (e) {\n reader.releaseLock(); // do not leak reader\n throw e;\n }\n return new WrappingTransformStreamTransformer(reader, writer);\n}\nvar WrappingTransformStreamTransformer = /** @class */ (function () {\n function WrappingTransformStreamTransformer(reader, writer) {\n var _this = this;\n this._transformStreamController = undefined;\n this._onRead = function (result) {\n if (result.done) {\n return;\n }\n _this._transformStreamController.enqueue(result.value);\n return _this._reader.read().then(_this._onRead);\n };\n this._onError = function (reason) {\n _this._flushReject(reason);\n _this._transformStreamController.error(reason);\n _this._reader.cancel(reason).catch(noop);\n _this._writer.abort(reason).catch(noop);\n };\n this._onTerminate = function () {\n _this._flushResolve();\n _this._transformStreamController.terminate();\n var error = new TypeError('TransformStream terminated');\n _this._writer.abort(error).catch(noop);\n };\n this._reader = reader;\n this._writer = writer;\n this._flushPromise = new Promise(function (resolve, reject) {\n _this._flushResolve = resolve;\n _this._flushReject = reject;\n });\n }\n WrappingTransformStreamTransformer.prototype.start = function (controller) {\n this._transformStreamController = controller;\n this._reader.read()\n .then(this._onRead)\n .then(this._onTerminate, this._onError);\n var readerClosed = this._reader.closed;\n if (readerClosed) {\n readerClosed\n .then(this._onTerminate, this._onError);\n }\n };\n WrappingTransformStreamTransformer.prototype.transform = function (chunk) {\n return this._writer.write(chunk);\n };\n WrappingTransformStreamTransformer.prototype.flush = function () {\n var _this = this;\n return this._writer.close()\n .then(function () { return _this._flushPromise; });\n };\n return WrappingTransformStreamTransformer;\n}());\n\nexport { createReadableStreamWrapper, createTransformStreamWrapper, createWrappingReadableSource, createWrappingTransformer, createWrappingWritableSink, createWritableStreamWrapper };\n//# sourceMappingURL=web-streams-adapter.mjs.map\n","(function (module, exports) {\n 'use strict';\n\n // Utils\n function assert (val, msg) {\n if (!val) throw new Error(msg || 'Assertion failed');\n }\n\n // Could use `inherits` module, but don't want to move from single file\n // architecture yet.\n function inherits (ctor, superCtor) {\n ctor.super_ = superCtor;\n var TempCtor = function () {};\n TempCtor.prototype = superCtor.prototype;\n ctor.prototype = new TempCtor();\n ctor.prototype.constructor = ctor;\n }\n\n // BN\n\n function BN (number, base, endian) {\n if (BN.isBN(number)) {\n return number;\n }\n\n this.negative = 0;\n this.words = null;\n this.length = 0;\n\n // Reduction context\n this.red = null;\n\n if (number !== null) {\n if (base === 'le' || base === 'be') {\n endian = base;\n base = 10;\n }\n\n this._init(number || 0, base || 10, endian || 'be');\n }\n }\n if (typeof module === 'object') {\n module.exports = BN;\n } else {\n exports.BN = BN;\n }\n\n BN.BN = BN;\n BN.wordSize = 26;\n\n var Buffer;\n try {\n Buffer = require('buffer').Buffer;\n } catch (e) {\n }\n\n BN.isBN = function isBN (num) {\n if (num instanceof BN) {\n return true;\n }\n\n return num !== null && typeof num === 'object' &&\n num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);\n };\n\n BN.max = function max (left, right) {\n if (left.cmp(right) > 0) return left;\n return right;\n };\n\n BN.min = function min (left, right) {\n if (left.cmp(right) < 0) return left;\n return right;\n };\n\n BN.prototype._init = function init (number, base, endian) {\n if (typeof number === 'number') {\n return this._initNumber(number, base, endian);\n }\n\n if (typeof number === 'object') {\n return this._initArray(number, base, endian);\n }\n\n if (base === 'hex') {\n base = 16;\n }\n assert(base === (base | 0) && base >= 2 && base <= 36);\n\n number = number.toString().replace(/\\s+/g, '');\n var start = 0;\n if (number[0] === '-') {\n start++;\n }\n\n if (base === 16) {\n this._parseHex(number, start);\n } else {\n this._parseBase(number, base, start);\n }\n\n if (number[0] === '-') {\n this.negative = 1;\n }\n\n this.strip();\n\n if (endian !== 'le') return;\n\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initNumber = function _initNumber (number, base, endian) {\n if (number < 0) {\n this.negative = 1;\n number = -number;\n }\n if (number < 0x4000000) {\n this.words = [ number & 0x3ffffff ];\n this.length = 1;\n } else if (number < 0x10000000000000) {\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff\n ];\n this.length = 2;\n } else {\n assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)\n this.words = [\n number & 0x3ffffff,\n (number / 0x4000000) & 0x3ffffff,\n 1\n ];\n this.length = 3;\n }\n\n if (endian !== 'le') return;\n\n // Reverse the bytes\n this._initArray(this.toArray(), base, endian);\n };\n\n BN.prototype._initArray = function _initArray (number, base, endian) {\n // Perhaps a Uint8Array\n assert(typeof number.length === 'number');\n if (number.length <= 0) {\n this.words = [ 0 ];\n this.length = 1;\n return this;\n }\n\n this.length = Math.ceil(number.length / 3);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n var off = 0;\n if (endian === 'be') {\n for (i = number.length - 1, j = 0; i >= 0; i -= 3) {\n w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n } else if (endian === 'le') {\n for (i = 0, j = 0; i < number.length; i += 3) {\n w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n }\n return this.strip();\n };\n\n function parseHex (str, start, end) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r <<= 4;\n\n // 'a' - 'f'\n if (c >= 49 && c <= 54) {\n r |= c - 49 + 0xa;\n\n // 'A' - 'F'\n } else if (c >= 17 && c <= 22) {\n r |= c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r |= c & 0xf;\n }\n }\n return r;\n }\n\n BN.prototype._parseHex = function _parseHex (number, start) {\n // Create possibly bigger array to ensure that it fits the number\n this.length = Math.ceil((number.length - start) / 6);\n this.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n this.words[i] = 0;\n }\n\n var j, w;\n // Scan 24-bit chunks and add them to the number\n var off = 0;\n for (i = number.length - 6, j = 0; i >= start; i -= 6) {\n w = parseHex(number, i, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n off += 24;\n if (off >= 26) {\n off -= 26;\n j++;\n }\n }\n if (i + 6 !== start) {\n w = parseHex(number, start, i + 6);\n this.words[j] |= (w << off) & 0x3ffffff;\n this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;\n }\n this.strip();\n };\n\n function parseBase (str, start, end, mul) {\n var r = 0;\n var len = Math.min(str.length, end);\n for (var i = start; i < len; i++) {\n var c = str.charCodeAt(i) - 48;\n\n r *= mul;\n\n // 'a'\n if (c >= 49) {\n r += c - 49 + 0xa;\n\n // 'A'\n } else if (c >= 17) {\n r += c - 17 + 0xa;\n\n // '0' - '9'\n } else {\n r += c;\n }\n }\n return r;\n }\n\n BN.prototype._parseBase = function _parseBase (number, base, start) {\n // Initialize as zero\n this.words = [ 0 ];\n this.length = 1;\n\n // Find length of limb in base\n for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {\n limbLen++;\n }\n limbLen--;\n limbPow = (limbPow / base) | 0;\n\n var total = number.length - start;\n var mod = total % limbLen;\n var end = Math.min(total, total - mod) + start;\n\n var word = 0;\n for (var i = start; i < end; i += limbLen) {\n word = parseBase(number, i, i + limbLen, base);\n\n this.imuln(limbPow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n\n if (mod !== 0) {\n var pow = 1;\n word = parseBase(number, i, number.length, base);\n\n for (i = 0; i < mod; i++) {\n pow *= base;\n }\n\n this.imuln(pow);\n if (this.words[0] + word < 0x4000000) {\n this.words[0] += word;\n } else {\n this._iaddn(word);\n }\n }\n };\n\n BN.prototype.copy = function copy (dest) {\n dest.words = new Array(this.length);\n for (var i = 0; i < this.length; i++) {\n dest.words[i] = this.words[i];\n }\n dest.length = this.length;\n dest.negative = this.negative;\n dest.red = this.red;\n };\n\n BN.prototype.clone = function clone () {\n var r = new BN(null);\n this.copy(r);\n return r;\n };\n\n BN.prototype._expand = function _expand (size) {\n while (this.length < size) {\n this.words[this.length++] = 0;\n }\n return this;\n };\n\n // Remove leading `0` from `this`\n BN.prototype.strip = function strip () {\n while (this.length > 1 && this.words[this.length - 1] === 0) {\n this.length--;\n }\n return this._normSign();\n };\n\n BN.prototype._normSign = function _normSign () {\n // -0 = 0\n if (this.length === 1 && this.words[0] === 0) {\n this.negative = 0;\n }\n return this;\n };\n\n BN.prototype.inspect = function inspect () {\n return (this.red ? '';\n };\n\n /*\n\n var zeros = [];\n var groupSizes = [];\n var groupBases = [];\n\n var s = '';\n var i = -1;\n while (++i < BN.wordSize) {\n zeros[i] = s;\n s += '0';\n }\n groupSizes[0] = 0;\n groupSizes[1] = 0;\n groupBases[0] = 0;\n groupBases[1] = 0;\n var base = 2 - 1;\n while (++base < 36 + 1) {\n var groupSize = 0;\n var groupBase = 1;\n while (groupBase < (1 << BN.wordSize) / base) {\n groupBase *= base;\n groupSize += 1;\n }\n groupSizes[base] = groupSize;\n groupBases[base] = groupBase;\n }\n\n */\n\n var zeros = [\n '',\n '0',\n '00',\n '000',\n '0000',\n '00000',\n '000000',\n '0000000',\n '00000000',\n '000000000',\n '0000000000',\n '00000000000',\n '000000000000',\n '0000000000000',\n '00000000000000',\n '000000000000000',\n '0000000000000000',\n '00000000000000000',\n '000000000000000000',\n '0000000000000000000',\n '00000000000000000000',\n '000000000000000000000',\n '0000000000000000000000',\n '00000000000000000000000',\n '000000000000000000000000',\n '0000000000000000000000000'\n ];\n\n var groupSizes = [\n 0, 0,\n 25, 16, 12, 11, 10, 9, 8,\n 8, 7, 7, 7, 7, 6, 6,\n 6, 6, 6, 6, 6, 5, 5,\n 5, 5, 5, 5, 5, 5, 5,\n 5, 5, 5, 5, 5, 5, 5\n ];\n\n var groupBases = [\n 0, 0,\n 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,\n 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,\n 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,\n 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,\n 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176\n ];\n\n BN.prototype.toString = function toString (base, padding) {\n base = base || 10;\n padding = padding | 0 || 1;\n\n var out;\n if (base === 16 || base === 'hex') {\n out = '';\n var off = 0;\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = this.words[i];\n var word = (((w << off) | carry) & 0xffffff).toString(16);\n carry = (w >>> (24 - off)) & 0xffffff;\n if (carry !== 0 || i !== this.length - 1) {\n out = zeros[6 - word.length] + word + out;\n } else {\n out = word + out;\n }\n off += 2;\n if (off >= 26) {\n off -= 26;\n i--;\n }\n }\n if (carry !== 0) {\n out = carry.toString(16) + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n if (base === (base | 0) && base >= 2 && base <= 36) {\n // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));\n var groupSize = groupSizes[base];\n // var groupBase = Math.pow(base, groupSize);\n var groupBase = groupBases[base];\n out = '';\n var c = this.clone();\n c.negative = 0;\n while (!c.isZero()) {\n var r = c.modn(groupBase).toString(base);\n c = c.idivn(groupBase);\n\n if (!c.isZero()) {\n out = zeros[groupSize - r.length] + r + out;\n } else {\n out = r + out;\n }\n }\n if (this.isZero()) {\n out = '0' + out;\n }\n while (out.length % padding !== 0) {\n out = '0' + out;\n }\n if (this.negative !== 0) {\n out = '-' + out;\n }\n return out;\n }\n\n assert(false, 'Base should be between 2 and 36');\n };\n\n BN.prototype.toNumber = function toNumber () {\n var ret = this.words[0];\n if (this.length === 2) {\n ret += this.words[1] * 0x4000000;\n } else if (this.length === 3 && this.words[2] === 0x01) {\n // NOTE: at this stage it is known that the top bit is set\n ret += 0x10000000000000 + (this.words[1] * 0x4000000);\n } else if (this.length > 2) {\n assert(false, 'Number can only safely store up to 53 bits');\n }\n return (this.negative !== 0) ? -ret : ret;\n };\n\n BN.prototype.toJSON = function toJSON () {\n return this.toString(16);\n };\n\n BN.prototype.toBuffer = function toBuffer (endian, length) {\n assert(typeof Buffer !== 'undefined');\n return this.toArrayLike(Buffer, endian, length);\n };\n\n BN.prototype.toArray = function toArray (endian, length) {\n return this.toArrayLike(Array, endian, length);\n };\n\n BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {\n var byteLength = this.byteLength();\n var reqLength = length || Math.max(1, byteLength);\n assert(byteLength <= reqLength, 'byte array longer than desired length');\n assert(reqLength > 0, 'Requested array length <= 0');\n\n this.strip();\n var littleEndian = endian === 'le';\n var res = new ArrayType(reqLength);\n\n var b, i;\n var q = this.clone();\n if (!littleEndian) {\n // Assume big-endian\n for (i = 0; i < reqLength - byteLength; i++) {\n res[i] = 0;\n }\n\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[reqLength - i - 1] = b;\n }\n } else {\n for (i = 0; !q.isZero(); i++) {\n b = q.andln(0xff);\n q.iushrn(8);\n\n res[i] = b;\n }\n\n for (; i < reqLength; i++) {\n res[i] = 0;\n }\n }\n\n return res;\n };\n\n if (Math.clz32) {\n BN.prototype._countBits = function _countBits (w) {\n return 32 - Math.clz32(w);\n };\n } else {\n BN.prototype._countBits = function _countBits (w) {\n var t = w;\n var r = 0;\n if (t >= 0x1000) {\n r += 13;\n t >>>= 13;\n }\n if (t >= 0x40) {\n r += 7;\n t >>>= 7;\n }\n if (t >= 0x8) {\n r += 4;\n t >>>= 4;\n }\n if (t >= 0x02) {\n r += 2;\n t >>>= 2;\n }\n return r + t;\n };\n }\n\n BN.prototype._zeroBits = function _zeroBits (w) {\n // Short-cut\n if (w === 0) return 26;\n\n var t = w;\n var r = 0;\n if ((t & 0x1fff) === 0) {\n r += 13;\n t >>>= 13;\n }\n if ((t & 0x7f) === 0) {\n r += 7;\n t >>>= 7;\n }\n if ((t & 0xf) === 0) {\n r += 4;\n t >>>= 4;\n }\n if ((t & 0x3) === 0) {\n r += 2;\n t >>>= 2;\n }\n if ((t & 0x1) === 0) {\n r++;\n }\n return r;\n };\n\n // Return number of used bits in a BN\n BN.prototype.bitLength = function bitLength () {\n var w = this.words[this.length - 1];\n var hi = this._countBits(w);\n return (this.length - 1) * 26 + hi;\n };\n\n function toBitArray (num) {\n var w = new Array(num.bitLength());\n\n for (var bit = 0; bit < w.length; bit++) {\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;\n }\n\n return w;\n }\n\n // Number of trailing zero bits\n BN.prototype.zeroBits = function zeroBits () {\n if (this.isZero()) return 0;\n\n var r = 0;\n for (var i = 0; i < this.length; i++) {\n var b = this._zeroBits(this.words[i]);\n r += b;\n if (b !== 26) break;\n }\n return r;\n };\n\n BN.prototype.byteLength = function byteLength () {\n return Math.ceil(this.bitLength() / 8);\n };\n\n BN.prototype.toTwos = function toTwos (width) {\n if (this.negative !== 0) {\n return this.abs().inotn(width).iaddn(1);\n }\n return this.clone();\n };\n\n BN.prototype.fromTwos = function fromTwos (width) {\n if (this.testn(width - 1)) {\n return this.notn(width).iaddn(1).ineg();\n }\n return this.clone();\n };\n\n BN.prototype.isNeg = function isNeg () {\n return this.negative !== 0;\n };\n\n // Return negative clone of `this`\n BN.prototype.neg = function neg () {\n return this.clone().ineg();\n };\n\n BN.prototype.ineg = function ineg () {\n if (!this.isZero()) {\n this.negative ^= 1;\n }\n\n return this;\n };\n\n // Or `num` with `this` in-place\n BN.prototype.iuor = function iuor (num) {\n while (this.length < num.length) {\n this.words[this.length++] = 0;\n }\n\n for (var i = 0; i < num.length; i++) {\n this.words[i] = this.words[i] | num.words[i];\n }\n\n return this.strip();\n };\n\n BN.prototype.ior = function ior (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuor(num);\n };\n\n // Or `num` with `this`\n BN.prototype.or = function or (num) {\n if (this.length > num.length) return this.clone().ior(num);\n return num.clone().ior(this);\n };\n\n BN.prototype.uor = function uor (num) {\n if (this.length > num.length) return this.clone().iuor(num);\n return num.clone().iuor(this);\n };\n\n // And `num` with `this` in-place\n BN.prototype.iuand = function iuand (num) {\n // b = min-length(num, this)\n var b;\n if (this.length > num.length) {\n b = num;\n } else {\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = this.words[i] & num.words[i];\n }\n\n this.length = b.length;\n\n return this.strip();\n };\n\n BN.prototype.iand = function iand (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuand(num);\n };\n\n // And `num` with `this`\n BN.prototype.and = function and (num) {\n if (this.length > num.length) return this.clone().iand(num);\n return num.clone().iand(this);\n };\n\n BN.prototype.uand = function uand (num) {\n if (this.length > num.length) return this.clone().iuand(num);\n return num.clone().iuand(this);\n };\n\n // Xor `num` with `this` in-place\n BN.prototype.iuxor = function iuxor (num) {\n // a.length > b.length\n var a;\n var b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n for (var i = 0; i < b.length; i++) {\n this.words[i] = a.words[i] ^ b.words[i];\n }\n\n if (this !== a) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = a.length;\n\n return this.strip();\n };\n\n BN.prototype.ixor = function ixor (num) {\n assert((this.negative | num.negative) === 0);\n return this.iuxor(num);\n };\n\n // Xor `num` with `this`\n BN.prototype.xor = function xor (num) {\n if (this.length > num.length) return this.clone().ixor(num);\n return num.clone().ixor(this);\n };\n\n BN.prototype.uxor = function uxor (num) {\n if (this.length > num.length) return this.clone().iuxor(num);\n return num.clone().iuxor(this);\n };\n\n // Not ``this`` with ``width`` bitwidth\n BN.prototype.inotn = function inotn (width) {\n assert(typeof width === 'number' && width >= 0);\n\n var bytesNeeded = Math.ceil(width / 26) | 0;\n var bitsLeft = width % 26;\n\n // Extend the buffer with leading zeroes\n this._expand(bytesNeeded);\n\n if (bitsLeft > 0) {\n bytesNeeded--;\n }\n\n // Handle complete words\n for (var i = 0; i < bytesNeeded; i++) {\n this.words[i] = ~this.words[i] & 0x3ffffff;\n }\n\n // Handle the residue\n if (bitsLeft > 0) {\n this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));\n }\n\n // And remove leading zeroes\n return this.strip();\n };\n\n BN.prototype.notn = function notn (width) {\n return this.clone().inotn(width);\n };\n\n // Set `bit` of `this`\n BN.prototype.setn = function setn (bit, val) {\n assert(typeof bit === 'number' && bit >= 0);\n\n var off = (bit / 26) | 0;\n var wbit = bit % 26;\n\n this._expand(off + 1);\n\n if (val) {\n this.words[off] = this.words[off] | (1 << wbit);\n } else {\n this.words[off] = this.words[off] & ~(1 << wbit);\n }\n\n return this.strip();\n };\n\n // Add `num` to `this` in-place\n BN.prototype.iadd = function iadd (num) {\n var r;\n\n // negative + positive\n if (this.negative !== 0 && num.negative === 0) {\n this.negative = 0;\n r = this.isub(num);\n this.negative ^= 1;\n return this._normSign();\n\n // positive + negative\n } else if (this.negative === 0 && num.negative !== 0) {\n num.negative = 0;\n r = this.isub(num);\n num.negative = 1;\n return r._normSign();\n }\n\n // a.length > b.length\n var a, b;\n if (this.length > num.length) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) + (b.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n this.words[i] = r & 0x3ffffff;\n carry = r >>> 26;\n }\n\n this.length = a.length;\n if (carry !== 0) {\n this.words[this.length] = carry;\n this.length++;\n // Copy the rest of the words\n } else if (a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n return this;\n };\n\n // Add `num` to `this`\n BN.prototype.add = function add (num) {\n var res;\n if (num.negative !== 0 && this.negative === 0) {\n num.negative = 0;\n res = this.sub(num);\n num.negative ^= 1;\n return res;\n } else if (num.negative === 0 && this.negative !== 0) {\n this.negative = 0;\n res = num.sub(this);\n this.negative = 1;\n return res;\n }\n\n if (this.length > num.length) return this.clone().iadd(num);\n\n return num.clone().iadd(this);\n };\n\n // Subtract `num` from `this` in-place\n BN.prototype.isub = function isub (num) {\n // this - (-num) = this + num\n if (num.negative !== 0) {\n num.negative = 0;\n var r = this.iadd(num);\n num.negative = 1;\n return r._normSign();\n\n // -this - num = -(this + num)\n } else if (this.negative !== 0) {\n this.negative = 0;\n this.iadd(num);\n this.negative = 1;\n return this._normSign();\n }\n\n // At this point both numbers are positive\n var cmp = this.cmp(num);\n\n // Optimization - zeroify\n if (cmp === 0) {\n this.negative = 0;\n this.length = 1;\n this.words[0] = 0;\n return this;\n }\n\n // a > b\n var a, b;\n if (cmp > 0) {\n a = this;\n b = num;\n } else {\n a = num;\n b = this;\n }\n\n var carry = 0;\n for (var i = 0; i < b.length; i++) {\n r = (a.words[i] | 0) - (b.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n for (; carry !== 0 && i < a.length; i++) {\n r = (a.words[i] | 0) + carry;\n carry = r >> 26;\n this.words[i] = r & 0x3ffffff;\n }\n\n // Copy rest of the words\n if (carry === 0 && i < a.length && a !== this) {\n for (; i < a.length; i++) {\n this.words[i] = a.words[i];\n }\n }\n\n this.length = Math.max(this.length, i);\n\n if (a !== this) {\n this.negative = 1;\n }\n\n return this.strip();\n };\n\n // Subtract `num` from `this`\n BN.prototype.sub = function sub (num) {\n return this.clone().isub(num);\n };\n\n function smallMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n var len = (self.length + num.length) | 0;\n out.length = len;\n len = (len - 1) | 0;\n\n // Peel one iteration (compiler can't do it, because of code complexity)\n var a = self.words[0] | 0;\n var b = num.words[0] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n var carry = (r / 0x4000000) | 0;\n out.words[0] = lo;\n\n for (var k = 1; k < len; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = carry >>> 26;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = (k - j) | 0;\n a = self.words[i] | 0;\n b = num.words[j] | 0;\n r = a * b + rword;\n ncarry += (r / 0x4000000) | 0;\n rword = r & 0x3ffffff;\n }\n out.words[k] = rword | 0;\n carry = ncarry | 0;\n }\n if (carry !== 0) {\n out.words[k] = carry | 0;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n // TODO(indutny): it may be reasonable to omit it for users who don't need\n // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit\n // multiplication (like elliptic secp256k1).\n var comb10MulTo = function comb10MulTo (self, num, out) {\n var a = self.words;\n var b = num.words;\n var o = out.words;\n var c = 0;\n var lo;\n var mid;\n var hi;\n var a0 = a[0] | 0;\n var al0 = a0 & 0x1fff;\n var ah0 = a0 >>> 13;\n var a1 = a[1] | 0;\n var al1 = a1 & 0x1fff;\n var ah1 = a1 >>> 13;\n var a2 = a[2] | 0;\n var al2 = a2 & 0x1fff;\n var ah2 = a2 >>> 13;\n var a3 = a[3] | 0;\n var al3 = a3 & 0x1fff;\n var ah3 = a3 >>> 13;\n var a4 = a[4] | 0;\n var al4 = a4 & 0x1fff;\n var ah4 = a4 >>> 13;\n var a5 = a[5] | 0;\n var al5 = a5 & 0x1fff;\n var ah5 = a5 >>> 13;\n var a6 = a[6] | 0;\n var al6 = a6 & 0x1fff;\n var ah6 = a6 >>> 13;\n var a7 = a[7] | 0;\n var al7 = a7 & 0x1fff;\n var ah7 = a7 >>> 13;\n var a8 = a[8] | 0;\n var al8 = a8 & 0x1fff;\n var ah8 = a8 >>> 13;\n var a9 = a[9] | 0;\n var al9 = a9 & 0x1fff;\n var ah9 = a9 >>> 13;\n var b0 = b[0] | 0;\n var bl0 = b0 & 0x1fff;\n var bh0 = b0 >>> 13;\n var b1 = b[1] | 0;\n var bl1 = b1 & 0x1fff;\n var bh1 = b1 >>> 13;\n var b2 = b[2] | 0;\n var bl2 = b2 & 0x1fff;\n var bh2 = b2 >>> 13;\n var b3 = b[3] | 0;\n var bl3 = b3 & 0x1fff;\n var bh3 = b3 >>> 13;\n var b4 = b[4] | 0;\n var bl4 = b4 & 0x1fff;\n var bh4 = b4 >>> 13;\n var b5 = b[5] | 0;\n var bl5 = b5 & 0x1fff;\n var bh5 = b5 >>> 13;\n var b6 = b[6] | 0;\n var bl6 = b6 & 0x1fff;\n var bh6 = b6 >>> 13;\n var b7 = b[7] | 0;\n var bl7 = b7 & 0x1fff;\n var bh7 = b7 >>> 13;\n var b8 = b[8] | 0;\n var bl8 = b8 & 0x1fff;\n var bh8 = b8 >>> 13;\n var b9 = b[9] | 0;\n var bl9 = b9 & 0x1fff;\n var bh9 = b9 >>> 13;\n\n out.negative = self.negative ^ num.negative;\n out.length = 19;\n /* k = 0 */\n lo = Math.imul(al0, bl0);\n mid = Math.imul(al0, bh0);\n mid = (mid + Math.imul(ah0, bl0)) | 0;\n hi = Math.imul(ah0, bh0);\n var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;\n w0 &= 0x3ffffff;\n /* k = 1 */\n lo = Math.imul(al1, bl0);\n mid = Math.imul(al1, bh0);\n mid = (mid + Math.imul(ah1, bl0)) | 0;\n hi = Math.imul(ah1, bh0);\n lo = (lo + Math.imul(al0, bl1)) | 0;\n mid = (mid + Math.imul(al0, bh1)) | 0;\n mid = (mid + Math.imul(ah0, bl1)) | 0;\n hi = (hi + Math.imul(ah0, bh1)) | 0;\n var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;\n w1 &= 0x3ffffff;\n /* k = 2 */\n lo = Math.imul(al2, bl0);\n mid = Math.imul(al2, bh0);\n mid = (mid + Math.imul(ah2, bl0)) | 0;\n hi = Math.imul(ah2, bh0);\n lo = (lo + Math.imul(al1, bl1)) | 0;\n mid = (mid + Math.imul(al1, bh1)) | 0;\n mid = (mid + Math.imul(ah1, bl1)) | 0;\n hi = (hi + Math.imul(ah1, bh1)) | 0;\n lo = (lo + Math.imul(al0, bl2)) | 0;\n mid = (mid + Math.imul(al0, bh2)) | 0;\n mid = (mid + Math.imul(ah0, bl2)) | 0;\n hi = (hi + Math.imul(ah0, bh2)) | 0;\n var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;\n w2 &= 0x3ffffff;\n /* k = 3 */\n lo = Math.imul(al3, bl0);\n mid = Math.imul(al3, bh0);\n mid = (mid + Math.imul(ah3, bl0)) | 0;\n hi = Math.imul(ah3, bh0);\n lo = (lo + Math.imul(al2, bl1)) | 0;\n mid = (mid + Math.imul(al2, bh1)) | 0;\n mid = (mid + Math.imul(ah2, bl1)) | 0;\n hi = (hi + Math.imul(ah2, bh1)) | 0;\n lo = (lo + Math.imul(al1, bl2)) | 0;\n mid = (mid + Math.imul(al1, bh2)) | 0;\n mid = (mid + Math.imul(ah1, bl2)) | 0;\n hi = (hi + Math.imul(ah1, bh2)) | 0;\n lo = (lo + Math.imul(al0, bl3)) | 0;\n mid = (mid + Math.imul(al0, bh3)) | 0;\n mid = (mid + Math.imul(ah0, bl3)) | 0;\n hi = (hi + Math.imul(ah0, bh3)) | 0;\n var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;\n w3 &= 0x3ffffff;\n /* k = 4 */\n lo = Math.imul(al4, bl0);\n mid = Math.imul(al4, bh0);\n mid = (mid + Math.imul(ah4, bl0)) | 0;\n hi = Math.imul(ah4, bh0);\n lo = (lo + Math.imul(al3, bl1)) | 0;\n mid = (mid + Math.imul(al3, bh1)) | 0;\n mid = (mid + Math.imul(ah3, bl1)) | 0;\n hi = (hi + Math.imul(ah3, bh1)) | 0;\n lo = (lo + Math.imul(al2, bl2)) | 0;\n mid = (mid + Math.imul(al2, bh2)) | 0;\n mid = (mid + Math.imul(ah2, bl2)) | 0;\n hi = (hi + Math.imul(ah2, bh2)) | 0;\n lo = (lo + Math.imul(al1, bl3)) | 0;\n mid = (mid + Math.imul(al1, bh3)) | 0;\n mid = (mid + Math.imul(ah1, bl3)) | 0;\n hi = (hi + Math.imul(ah1, bh3)) | 0;\n lo = (lo + Math.imul(al0, bl4)) | 0;\n mid = (mid + Math.imul(al0, bh4)) | 0;\n mid = (mid + Math.imul(ah0, bl4)) | 0;\n hi = (hi + Math.imul(ah0, bh4)) | 0;\n var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;\n w4 &= 0x3ffffff;\n /* k = 5 */\n lo = Math.imul(al5, bl0);\n mid = Math.imul(al5, bh0);\n mid = (mid + Math.imul(ah5, bl0)) | 0;\n hi = Math.imul(ah5, bh0);\n lo = (lo + Math.imul(al4, bl1)) | 0;\n mid = (mid + Math.imul(al4, bh1)) | 0;\n mid = (mid + Math.imul(ah4, bl1)) | 0;\n hi = (hi + Math.imul(ah4, bh1)) | 0;\n lo = (lo + Math.imul(al3, bl2)) | 0;\n mid = (mid + Math.imul(al3, bh2)) | 0;\n mid = (mid + Math.imul(ah3, bl2)) | 0;\n hi = (hi + Math.imul(ah3, bh2)) | 0;\n lo = (lo + Math.imul(al2, bl3)) | 0;\n mid = (mid + Math.imul(al2, bh3)) | 0;\n mid = (mid + Math.imul(ah2, bl3)) | 0;\n hi = (hi + Math.imul(ah2, bh3)) | 0;\n lo = (lo + Math.imul(al1, bl4)) | 0;\n mid = (mid + Math.imul(al1, bh4)) | 0;\n mid = (mid + Math.imul(ah1, bl4)) | 0;\n hi = (hi + Math.imul(ah1, bh4)) | 0;\n lo = (lo + Math.imul(al0, bl5)) | 0;\n mid = (mid + Math.imul(al0, bh5)) | 0;\n mid = (mid + Math.imul(ah0, bl5)) | 0;\n hi = (hi + Math.imul(ah0, bh5)) | 0;\n var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;\n w5 &= 0x3ffffff;\n /* k = 6 */\n lo = Math.imul(al6, bl0);\n mid = Math.imul(al6, bh0);\n mid = (mid + Math.imul(ah6, bl0)) | 0;\n hi = Math.imul(ah6, bh0);\n lo = (lo + Math.imul(al5, bl1)) | 0;\n mid = (mid + Math.imul(al5, bh1)) | 0;\n mid = (mid + Math.imul(ah5, bl1)) | 0;\n hi = (hi + Math.imul(ah5, bh1)) | 0;\n lo = (lo + Math.imul(al4, bl2)) | 0;\n mid = (mid + Math.imul(al4, bh2)) | 0;\n mid = (mid + Math.imul(ah4, bl2)) | 0;\n hi = (hi + Math.imul(ah4, bh2)) | 0;\n lo = (lo + Math.imul(al3, bl3)) | 0;\n mid = (mid + Math.imul(al3, bh3)) | 0;\n mid = (mid + Math.imul(ah3, bl3)) | 0;\n hi = (hi + Math.imul(ah3, bh3)) | 0;\n lo = (lo + Math.imul(al2, bl4)) | 0;\n mid = (mid + Math.imul(al2, bh4)) | 0;\n mid = (mid + Math.imul(ah2, bl4)) | 0;\n hi = (hi + Math.imul(ah2, bh4)) | 0;\n lo = (lo + Math.imul(al1, bl5)) | 0;\n mid = (mid + Math.imul(al1, bh5)) | 0;\n mid = (mid + Math.imul(ah1, bl5)) | 0;\n hi = (hi + Math.imul(ah1, bh5)) | 0;\n lo = (lo + Math.imul(al0, bl6)) | 0;\n mid = (mid + Math.imul(al0, bh6)) | 0;\n mid = (mid + Math.imul(ah0, bl6)) | 0;\n hi = (hi + Math.imul(ah0, bh6)) | 0;\n var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;\n w6 &= 0x3ffffff;\n /* k = 7 */\n lo = Math.imul(al7, bl0);\n mid = Math.imul(al7, bh0);\n mid = (mid + Math.imul(ah7, bl0)) | 0;\n hi = Math.imul(ah7, bh0);\n lo = (lo + Math.imul(al6, bl1)) | 0;\n mid = (mid + Math.imul(al6, bh1)) | 0;\n mid = (mid + Math.imul(ah6, bl1)) | 0;\n hi = (hi + Math.imul(ah6, bh1)) | 0;\n lo = (lo + Math.imul(al5, bl2)) | 0;\n mid = (mid + Math.imul(al5, bh2)) | 0;\n mid = (mid + Math.imul(ah5, bl2)) | 0;\n hi = (hi + Math.imul(ah5, bh2)) | 0;\n lo = (lo + Math.imul(al4, bl3)) | 0;\n mid = (mid + Math.imul(al4, bh3)) | 0;\n mid = (mid + Math.imul(ah4, bl3)) | 0;\n hi = (hi + Math.imul(ah4, bh3)) | 0;\n lo = (lo + Math.imul(al3, bl4)) | 0;\n mid = (mid + Math.imul(al3, bh4)) | 0;\n mid = (mid + Math.imul(ah3, bl4)) | 0;\n hi = (hi + Math.imul(ah3, bh4)) | 0;\n lo = (lo + Math.imul(al2, bl5)) | 0;\n mid = (mid + Math.imul(al2, bh5)) | 0;\n mid = (mid + Math.imul(ah2, bl5)) | 0;\n hi = (hi + Math.imul(ah2, bh5)) | 0;\n lo = (lo + Math.imul(al1, bl6)) | 0;\n mid = (mid + Math.imul(al1, bh6)) | 0;\n mid = (mid + Math.imul(ah1, bl6)) | 0;\n hi = (hi + Math.imul(ah1, bh6)) | 0;\n lo = (lo + Math.imul(al0, bl7)) | 0;\n mid = (mid + Math.imul(al0, bh7)) | 0;\n mid = (mid + Math.imul(ah0, bl7)) | 0;\n hi = (hi + Math.imul(ah0, bh7)) | 0;\n var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;\n w7 &= 0x3ffffff;\n /* k = 8 */\n lo = Math.imul(al8, bl0);\n mid = Math.imul(al8, bh0);\n mid = (mid + Math.imul(ah8, bl0)) | 0;\n hi = Math.imul(ah8, bh0);\n lo = (lo + Math.imul(al7, bl1)) | 0;\n mid = (mid + Math.imul(al7, bh1)) | 0;\n mid = (mid + Math.imul(ah7, bl1)) | 0;\n hi = (hi + Math.imul(ah7, bh1)) | 0;\n lo = (lo + Math.imul(al6, bl2)) | 0;\n mid = (mid + Math.imul(al6, bh2)) | 0;\n mid = (mid + Math.imul(ah6, bl2)) | 0;\n hi = (hi + Math.imul(ah6, bh2)) | 0;\n lo = (lo + Math.imul(al5, bl3)) | 0;\n mid = (mid + Math.imul(al5, bh3)) | 0;\n mid = (mid + Math.imul(ah5, bl3)) | 0;\n hi = (hi + Math.imul(ah5, bh3)) | 0;\n lo = (lo + Math.imul(al4, bl4)) | 0;\n mid = (mid + Math.imul(al4, bh4)) | 0;\n mid = (mid + Math.imul(ah4, bl4)) | 0;\n hi = (hi + Math.imul(ah4, bh4)) | 0;\n lo = (lo + Math.imul(al3, bl5)) | 0;\n mid = (mid + Math.imul(al3, bh5)) | 0;\n mid = (mid + Math.imul(ah3, bl5)) | 0;\n hi = (hi + Math.imul(ah3, bh5)) | 0;\n lo = (lo + Math.imul(al2, bl6)) | 0;\n mid = (mid + Math.imul(al2, bh6)) | 0;\n mid = (mid + Math.imul(ah2, bl6)) | 0;\n hi = (hi + Math.imul(ah2, bh6)) | 0;\n lo = (lo + Math.imul(al1, bl7)) | 0;\n mid = (mid + Math.imul(al1, bh7)) | 0;\n mid = (mid + Math.imul(ah1, bl7)) | 0;\n hi = (hi + Math.imul(ah1, bh7)) | 0;\n lo = (lo + Math.imul(al0, bl8)) | 0;\n mid = (mid + Math.imul(al0, bh8)) | 0;\n mid = (mid + Math.imul(ah0, bl8)) | 0;\n hi = (hi + Math.imul(ah0, bh8)) | 0;\n var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;\n w8 &= 0x3ffffff;\n /* k = 9 */\n lo = Math.imul(al9, bl0);\n mid = Math.imul(al9, bh0);\n mid = (mid + Math.imul(ah9, bl0)) | 0;\n hi = Math.imul(ah9, bh0);\n lo = (lo + Math.imul(al8, bl1)) | 0;\n mid = (mid + Math.imul(al8, bh1)) | 0;\n mid = (mid + Math.imul(ah8, bl1)) | 0;\n hi = (hi + Math.imul(ah8, bh1)) | 0;\n lo = (lo + Math.imul(al7, bl2)) | 0;\n mid = (mid + Math.imul(al7, bh2)) | 0;\n mid = (mid + Math.imul(ah7, bl2)) | 0;\n hi = (hi + Math.imul(ah7, bh2)) | 0;\n lo = (lo + Math.imul(al6, bl3)) | 0;\n mid = (mid + Math.imul(al6, bh3)) | 0;\n mid = (mid + Math.imul(ah6, bl3)) | 0;\n hi = (hi + Math.imul(ah6, bh3)) | 0;\n lo = (lo + Math.imul(al5, bl4)) | 0;\n mid = (mid + Math.imul(al5, bh4)) | 0;\n mid = (mid + Math.imul(ah5, bl4)) | 0;\n hi = (hi + Math.imul(ah5, bh4)) | 0;\n lo = (lo + Math.imul(al4, bl5)) | 0;\n mid = (mid + Math.imul(al4, bh5)) | 0;\n mid = (mid + Math.imul(ah4, bl5)) | 0;\n hi = (hi + Math.imul(ah4, bh5)) | 0;\n lo = (lo + Math.imul(al3, bl6)) | 0;\n mid = (mid + Math.imul(al3, bh6)) | 0;\n mid = (mid + Math.imul(ah3, bl6)) | 0;\n hi = (hi + Math.imul(ah3, bh6)) | 0;\n lo = (lo + Math.imul(al2, bl7)) | 0;\n mid = (mid + Math.imul(al2, bh7)) | 0;\n mid = (mid + Math.imul(ah2, bl7)) | 0;\n hi = (hi + Math.imul(ah2, bh7)) | 0;\n lo = (lo + Math.imul(al1, bl8)) | 0;\n mid = (mid + Math.imul(al1, bh8)) | 0;\n mid = (mid + Math.imul(ah1, bl8)) | 0;\n hi = (hi + Math.imul(ah1, bh8)) | 0;\n lo = (lo + Math.imul(al0, bl9)) | 0;\n mid = (mid + Math.imul(al0, bh9)) | 0;\n mid = (mid + Math.imul(ah0, bl9)) | 0;\n hi = (hi + Math.imul(ah0, bh9)) | 0;\n var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;\n w9 &= 0x3ffffff;\n /* k = 10 */\n lo = Math.imul(al9, bl1);\n mid = Math.imul(al9, bh1);\n mid = (mid + Math.imul(ah9, bl1)) | 0;\n hi = Math.imul(ah9, bh1);\n lo = (lo + Math.imul(al8, bl2)) | 0;\n mid = (mid + Math.imul(al8, bh2)) | 0;\n mid = (mid + Math.imul(ah8, bl2)) | 0;\n hi = (hi + Math.imul(ah8, bh2)) | 0;\n lo = (lo + Math.imul(al7, bl3)) | 0;\n mid = (mid + Math.imul(al7, bh3)) | 0;\n mid = (mid + Math.imul(ah7, bl3)) | 0;\n hi = (hi + Math.imul(ah7, bh3)) | 0;\n lo = (lo + Math.imul(al6, bl4)) | 0;\n mid = (mid + Math.imul(al6, bh4)) | 0;\n mid = (mid + Math.imul(ah6, bl4)) | 0;\n hi = (hi + Math.imul(ah6, bh4)) | 0;\n lo = (lo + Math.imul(al5, bl5)) | 0;\n mid = (mid + Math.imul(al5, bh5)) | 0;\n mid = (mid + Math.imul(ah5, bl5)) | 0;\n hi = (hi + Math.imul(ah5, bh5)) | 0;\n lo = (lo + Math.imul(al4, bl6)) | 0;\n mid = (mid + Math.imul(al4, bh6)) | 0;\n mid = (mid + Math.imul(ah4, bl6)) | 0;\n hi = (hi + Math.imul(ah4, bh6)) | 0;\n lo = (lo + Math.imul(al3, bl7)) | 0;\n mid = (mid + Math.imul(al3, bh7)) | 0;\n mid = (mid + Math.imul(ah3, bl7)) | 0;\n hi = (hi + Math.imul(ah3, bh7)) | 0;\n lo = (lo + Math.imul(al2, bl8)) | 0;\n mid = (mid + Math.imul(al2, bh8)) | 0;\n mid = (mid + Math.imul(ah2, bl8)) | 0;\n hi = (hi + Math.imul(ah2, bh8)) | 0;\n lo = (lo + Math.imul(al1, bl9)) | 0;\n mid = (mid + Math.imul(al1, bh9)) | 0;\n mid = (mid + Math.imul(ah1, bl9)) | 0;\n hi = (hi + Math.imul(ah1, bh9)) | 0;\n var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;\n w10 &= 0x3ffffff;\n /* k = 11 */\n lo = Math.imul(al9, bl2);\n mid = Math.imul(al9, bh2);\n mid = (mid + Math.imul(ah9, bl2)) | 0;\n hi = Math.imul(ah9, bh2);\n lo = (lo + Math.imul(al8, bl3)) | 0;\n mid = (mid + Math.imul(al8, bh3)) | 0;\n mid = (mid + Math.imul(ah8, bl3)) | 0;\n hi = (hi + Math.imul(ah8, bh3)) | 0;\n lo = (lo + Math.imul(al7, bl4)) | 0;\n mid = (mid + Math.imul(al7, bh4)) | 0;\n mid = (mid + Math.imul(ah7, bl4)) | 0;\n hi = (hi + Math.imul(ah7, bh4)) | 0;\n lo = (lo + Math.imul(al6, bl5)) | 0;\n mid = (mid + Math.imul(al6, bh5)) | 0;\n mid = (mid + Math.imul(ah6, bl5)) | 0;\n hi = (hi + Math.imul(ah6, bh5)) | 0;\n lo = (lo + Math.imul(al5, bl6)) | 0;\n mid = (mid + Math.imul(al5, bh6)) | 0;\n mid = (mid + Math.imul(ah5, bl6)) | 0;\n hi = (hi + Math.imul(ah5, bh6)) | 0;\n lo = (lo + Math.imul(al4, bl7)) | 0;\n mid = (mid + Math.imul(al4, bh7)) | 0;\n mid = (mid + Math.imul(ah4, bl7)) | 0;\n hi = (hi + Math.imul(ah4, bh7)) | 0;\n lo = (lo + Math.imul(al3, bl8)) | 0;\n mid = (mid + Math.imul(al3, bh8)) | 0;\n mid = (mid + Math.imul(ah3, bl8)) | 0;\n hi = (hi + Math.imul(ah3, bh8)) | 0;\n lo = (lo + Math.imul(al2, bl9)) | 0;\n mid = (mid + Math.imul(al2, bh9)) | 0;\n mid = (mid + Math.imul(ah2, bl9)) | 0;\n hi = (hi + Math.imul(ah2, bh9)) | 0;\n var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;\n w11 &= 0x3ffffff;\n /* k = 12 */\n lo = Math.imul(al9, bl3);\n mid = Math.imul(al9, bh3);\n mid = (mid + Math.imul(ah9, bl3)) | 0;\n hi = Math.imul(ah9, bh3);\n lo = (lo + Math.imul(al8, bl4)) | 0;\n mid = (mid + Math.imul(al8, bh4)) | 0;\n mid = (mid + Math.imul(ah8, bl4)) | 0;\n hi = (hi + Math.imul(ah8, bh4)) | 0;\n lo = (lo + Math.imul(al7, bl5)) | 0;\n mid = (mid + Math.imul(al7, bh5)) | 0;\n mid = (mid + Math.imul(ah7, bl5)) | 0;\n hi = (hi + Math.imul(ah7, bh5)) | 0;\n lo = (lo + Math.imul(al6, bl6)) | 0;\n mid = (mid + Math.imul(al6, bh6)) | 0;\n mid = (mid + Math.imul(ah6, bl6)) | 0;\n hi = (hi + Math.imul(ah6, bh6)) | 0;\n lo = (lo + Math.imul(al5, bl7)) | 0;\n mid = (mid + Math.imul(al5, bh7)) | 0;\n mid = (mid + Math.imul(ah5, bl7)) | 0;\n hi = (hi + Math.imul(ah5, bh7)) | 0;\n lo = (lo + Math.imul(al4, bl8)) | 0;\n mid = (mid + Math.imul(al4, bh8)) | 0;\n mid = (mid + Math.imul(ah4, bl8)) | 0;\n hi = (hi + Math.imul(ah4, bh8)) | 0;\n lo = (lo + Math.imul(al3, bl9)) | 0;\n mid = (mid + Math.imul(al3, bh9)) | 0;\n mid = (mid + Math.imul(ah3, bl9)) | 0;\n hi = (hi + Math.imul(ah3, bh9)) | 0;\n var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;\n w12 &= 0x3ffffff;\n /* k = 13 */\n lo = Math.imul(al9, bl4);\n mid = Math.imul(al9, bh4);\n mid = (mid + Math.imul(ah9, bl4)) | 0;\n hi = Math.imul(ah9, bh4);\n lo = (lo + Math.imul(al8, bl5)) | 0;\n mid = (mid + Math.imul(al8, bh5)) | 0;\n mid = (mid + Math.imul(ah8, bl5)) | 0;\n hi = (hi + Math.imul(ah8, bh5)) | 0;\n lo = (lo + Math.imul(al7, bl6)) | 0;\n mid = (mid + Math.imul(al7, bh6)) | 0;\n mid = (mid + Math.imul(ah7, bl6)) | 0;\n hi = (hi + Math.imul(ah7, bh6)) | 0;\n lo = (lo + Math.imul(al6, bl7)) | 0;\n mid = (mid + Math.imul(al6, bh7)) | 0;\n mid = (mid + Math.imul(ah6, bl7)) | 0;\n hi = (hi + Math.imul(ah6, bh7)) | 0;\n lo = (lo + Math.imul(al5, bl8)) | 0;\n mid = (mid + Math.imul(al5, bh8)) | 0;\n mid = (mid + Math.imul(ah5, bl8)) | 0;\n hi = (hi + Math.imul(ah5, bh8)) | 0;\n lo = (lo + Math.imul(al4, bl9)) | 0;\n mid = (mid + Math.imul(al4, bh9)) | 0;\n mid = (mid + Math.imul(ah4, bl9)) | 0;\n hi = (hi + Math.imul(ah4, bh9)) | 0;\n var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;\n w13 &= 0x3ffffff;\n /* k = 14 */\n lo = Math.imul(al9, bl5);\n mid = Math.imul(al9, bh5);\n mid = (mid + Math.imul(ah9, bl5)) | 0;\n hi = Math.imul(ah9, bh5);\n lo = (lo + Math.imul(al8, bl6)) | 0;\n mid = (mid + Math.imul(al8, bh6)) | 0;\n mid = (mid + Math.imul(ah8, bl6)) | 0;\n hi = (hi + Math.imul(ah8, bh6)) | 0;\n lo = (lo + Math.imul(al7, bl7)) | 0;\n mid = (mid + Math.imul(al7, bh7)) | 0;\n mid = (mid + Math.imul(ah7, bl7)) | 0;\n hi = (hi + Math.imul(ah7, bh7)) | 0;\n lo = (lo + Math.imul(al6, bl8)) | 0;\n mid = (mid + Math.imul(al6, bh8)) | 0;\n mid = (mid + Math.imul(ah6, bl8)) | 0;\n hi = (hi + Math.imul(ah6, bh8)) | 0;\n lo = (lo + Math.imul(al5, bl9)) | 0;\n mid = (mid + Math.imul(al5, bh9)) | 0;\n mid = (mid + Math.imul(ah5, bl9)) | 0;\n hi = (hi + Math.imul(ah5, bh9)) | 0;\n var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;\n w14 &= 0x3ffffff;\n /* k = 15 */\n lo = Math.imul(al9, bl6);\n mid = Math.imul(al9, bh6);\n mid = (mid + Math.imul(ah9, bl6)) | 0;\n hi = Math.imul(ah9, bh6);\n lo = (lo + Math.imul(al8, bl7)) | 0;\n mid = (mid + Math.imul(al8, bh7)) | 0;\n mid = (mid + Math.imul(ah8, bl7)) | 0;\n hi = (hi + Math.imul(ah8, bh7)) | 0;\n lo = (lo + Math.imul(al7, bl8)) | 0;\n mid = (mid + Math.imul(al7, bh8)) | 0;\n mid = (mid + Math.imul(ah7, bl8)) | 0;\n hi = (hi + Math.imul(ah7, bh8)) | 0;\n lo = (lo + Math.imul(al6, bl9)) | 0;\n mid = (mid + Math.imul(al6, bh9)) | 0;\n mid = (mid + Math.imul(ah6, bl9)) | 0;\n hi = (hi + Math.imul(ah6, bh9)) | 0;\n var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;\n w15 &= 0x3ffffff;\n /* k = 16 */\n lo = Math.imul(al9, bl7);\n mid = Math.imul(al9, bh7);\n mid = (mid + Math.imul(ah9, bl7)) | 0;\n hi = Math.imul(ah9, bh7);\n lo = (lo + Math.imul(al8, bl8)) | 0;\n mid = (mid + Math.imul(al8, bh8)) | 0;\n mid = (mid + Math.imul(ah8, bl8)) | 0;\n hi = (hi + Math.imul(ah8, bh8)) | 0;\n lo = (lo + Math.imul(al7, bl9)) | 0;\n mid = (mid + Math.imul(al7, bh9)) | 0;\n mid = (mid + Math.imul(ah7, bl9)) | 0;\n hi = (hi + Math.imul(ah7, bh9)) | 0;\n var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;\n w16 &= 0x3ffffff;\n /* k = 17 */\n lo = Math.imul(al9, bl8);\n mid = Math.imul(al9, bh8);\n mid = (mid + Math.imul(ah9, bl8)) | 0;\n hi = Math.imul(ah9, bh8);\n lo = (lo + Math.imul(al8, bl9)) | 0;\n mid = (mid + Math.imul(al8, bh9)) | 0;\n mid = (mid + Math.imul(ah8, bl9)) | 0;\n hi = (hi + Math.imul(ah8, bh9)) | 0;\n var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;\n w17 &= 0x3ffffff;\n /* k = 18 */\n lo = Math.imul(al9, bl9);\n mid = Math.imul(al9, bh9);\n mid = (mid + Math.imul(ah9, bl9)) | 0;\n hi = Math.imul(ah9, bh9);\n var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;\n c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;\n w18 &= 0x3ffffff;\n o[0] = w0;\n o[1] = w1;\n o[2] = w2;\n o[3] = w3;\n o[4] = w4;\n o[5] = w5;\n o[6] = w6;\n o[7] = w7;\n o[8] = w8;\n o[9] = w9;\n o[10] = w10;\n o[11] = w11;\n o[12] = w12;\n o[13] = w13;\n o[14] = w14;\n o[15] = w15;\n o[16] = w16;\n o[17] = w17;\n o[18] = w18;\n if (c !== 0) {\n o[19] = c;\n out.length++;\n }\n return out;\n };\n\n // Polyfill comb\n if (!Math.imul) {\n comb10MulTo = smallMulTo;\n }\n\n function bigMulTo (self, num, out) {\n out.negative = num.negative ^ self.negative;\n out.length = self.length + num.length;\n\n var carry = 0;\n var hncarry = 0;\n for (var k = 0; k < out.length - 1; k++) {\n // Sum all words with the same `i + j = k` and accumulate `ncarry`,\n // note that ncarry could be >= 0x3ffffff\n var ncarry = hncarry;\n hncarry = 0;\n var rword = carry & 0x3ffffff;\n var maxJ = Math.min(k, num.length - 1);\n for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {\n var i = k - j;\n var a = self.words[i] | 0;\n var b = num.words[j] | 0;\n var r = a * b;\n\n var lo = r & 0x3ffffff;\n ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;\n lo = (lo + rword) | 0;\n rword = lo & 0x3ffffff;\n ncarry = (ncarry + (lo >>> 26)) | 0;\n\n hncarry += ncarry >>> 26;\n ncarry &= 0x3ffffff;\n }\n out.words[k] = rword;\n carry = ncarry;\n ncarry = hncarry;\n }\n if (carry !== 0) {\n out.words[k] = carry;\n } else {\n out.length--;\n }\n\n return out.strip();\n }\n\n function jumboMulTo (self, num, out) {\n var fftm = new FFTM();\n return fftm.mulp(self, num, out);\n }\n\n BN.prototype.mulTo = function mulTo (num, out) {\n var res;\n var len = this.length + num.length;\n if (this.length === 10 && num.length === 10) {\n res = comb10MulTo(this, num, out);\n } else if (len < 63) {\n res = smallMulTo(this, num, out);\n } else if (len < 1024) {\n res = bigMulTo(this, num, out);\n } else {\n res = jumboMulTo(this, num, out);\n }\n\n return res;\n };\n\n // Cooley-Tukey algorithm for FFT\n // slightly revisited to rely on looping instead of recursion\n\n function FFTM (x, y) {\n this.x = x;\n this.y = y;\n }\n\n FFTM.prototype.makeRBT = function makeRBT (N) {\n var t = new Array(N);\n var l = BN.prototype._countBits(N) - 1;\n for (var i = 0; i < N; i++) {\n t[i] = this.revBin(i, l, N);\n }\n\n return t;\n };\n\n // Returns binary-reversed representation of `x`\n FFTM.prototype.revBin = function revBin (x, l, N) {\n if (x === 0 || x === N - 1) return x;\n\n var rb = 0;\n for (var i = 0; i < l; i++) {\n rb |= (x & 1) << (l - i - 1);\n x >>= 1;\n }\n\n return rb;\n };\n\n // Performs \"tweedling\" phase, therefore 'emulating'\n // behaviour of the recursive algorithm\n FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {\n for (var i = 0; i < N; i++) {\n rtws[i] = rws[rbt[i]];\n itws[i] = iws[rbt[i]];\n }\n };\n\n FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {\n this.permute(rbt, rws, iws, rtws, itws, N);\n\n for (var s = 1; s < N; s <<= 1) {\n var l = s << 1;\n\n var rtwdf = Math.cos(2 * Math.PI / l);\n var itwdf = Math.sin(2 * Math.PI / l);\n\n for (var p = 0; p < N; p += l) {\n var rtwdf_ = rtwdf;\n var itwdf_ = itwdf;\n\n for (var j = 0; j < s; j++) {\n var re = rtws[p + j];\n var ie = itws[p + j];\n\n var ro = rtws[p + j + s];\n var io = itws[p + j + s];\n\n var rx = rtwdf_ * ro - itwdf_ * io;\n\n io = rtwdf_ * io + itwdf_ * ro;\n ro = rx;\n\n rtws[p + j] = re + ro;\n itws[p + j] = ie + io;\n\n rtws[p + j + s] = re - ro;\n itws[p + j + s] = ie - io;\n\n /* jshint maxdepth : false */\n if (j !== l) {\n rx = rtwdf * rtwdf_ - itwdf * itwdf_;\n\n itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;\n rtwdf_ = rx;\n }\n }\n }\n }\n };\n\n FFTM.prototype.guessLen13b = function guessLen13b (n, m) {\n var N = Math.max(m, n) | 1;\n var odd = N & 1;\n var i = 0;\n for (N = N / 2 | 0; N; N = N >>> 1) {\n i++;\n }\n\n return 1 << i + 1 + odd;\n };\n\n FFTM.prototype.conjugate = function conjugate (rws, iws, N) {\n if (N <= 1) return;\n\n for (var i = 0; i < N / 2; i++) {\n var t = rws[i];\n\n rws[i] = rws[N - i - 1];\n rws[N - i - 1] = t;\n\n t = iws[i];\n\n iws[i] = -iws[N - i - 1];\n iws[N - i - 1] = -t;\n }\n };\n\n FFTM.prototype.normalize13b = function normalize13b (ws, N) {\n var carry = 0;\n for (var i = 0; i < N / 2; i++) {\n var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +\n Math.round(ws[2 * i] / N) +\n carry;\n\n ws[i] = w & 0x3ffffff;\n\n if (w < 0x4000000) {\n carry = 0;\n } else {\n carry = w / 0x4000000 | 0;\n }\n }\n\n return ws;\n };\n\n FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {\n var carry = 0;\n for (var i = 0; i < len; i++) {\n carry = carry + (ws[i] | 0);\n\n rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;\n rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;\n }\n\n // Pad with zeroes\n for (i = 2 * len; i < N; ++i) {\n rws[i] = 0;\n }\n\n assert(carry === 0);\n assert((carry & ~0x1fff) === 0);\n };\n\n FFTM.prototype.stub = function stub (N) {\n var ph = new Array(N);\n for (var i = 0; i < N; i++) {\n ph[i] = 0;\n }\n\n return ph;\n };\n\n FFTM.prototype.mulp = function mulp (x, y, out) {\n var N = 2 * this.guessLen13b(x.length, y.length);\n\n var rbt = this.makeRBT(N);\n\n var _ = this.stub(N);\n\n var rws = new Array(N);\n var rwst = new Array(N);\n var iwst = new Array(N);\n\n var nrws = new Array(N);\n var nrwst = new Array(N);\n var niwst = new Array(N);\n\n var rmws = out.words;\n rmws.length = N;\n\n this.convert13b(x.words, x.length, rws, N);\n this.convert13b(y.words, y.length, nrws, N);\n\n this.transform(rws, _, rwst, iwst, N, rbt);\n this.transform(nrws, _, nrwst, niwst, N, rbt);\n\n for (var i = 0; i < N; i++) {\n var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];\n iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];\n rwst[i] = rx;\n }\n\n this.conjugate(rwst, iwst, N);\n this.transform(rwst, iwst, rmws, _, N, rbt);\n this.conjugate(rmws, _, N);\n this.normalize13b(rmws, N);\n\n out.negative = x.negative ^ y.negative;\n out.length = x.length + y.length;\n return out.strip();\n };\n\n // Multiply `this` by `num`\n BN.prototype.mul = function mul (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return this.mulTo(num, out);\n };\n\n // Multiply employing FFT\n BN.prototype.mulf = function mulf (num) {\n var out = new BN(null);\n out.words = new Array(this.length + num.length);\n return jumboMulTo(this, num, out);\n };\n\n // In-place Multiplication\n BN.prototype.imul = function imul (num) {\n return this.clone().mulTo(num, this);\n };\n\n BN.prototype.imuln = function imuln (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n\n // Carry\n var carry = 0;\n for (var i = 0; i < this.length; i++) {\n var w = (this.words[i] | 0) * num;\n var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);\n carry >>= 26;\n carry += (w / 0x4000000) | 0;\n // NOTE: lo is 27bit maximum\n carry += lo >>> 26;\n this.words[i] = lo & 0x3ffffff;\n }\n\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n\n return this;\n };\n\n BN.prototype.muln = function muln (num) {\n return this.clone().imuln(num);\n };\n\n // `this` * `this`\n BN.prototype.sqr = function sqr () {\n return this.mul(this);\n };\n\n // `this` * `this` in-place\n BN.prototype.isqr = function isqr () {\n return this.imul(this.clone());\n };\n\n // Math.pow(`this`, `num`)\n BN.prototype.pow = function pow (num) {\n var w = toBitArray(num);\n if (w.length === 0) return new BN(1);\n\n // Skip leading zeroes\n var res = this;\n for (var i = 0; i < w.length; i++, res = res.sqr()) {\n if (w[i] !== 0) break;\n }\n\n if (++i < w.length) {\n for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {\n if (w[i] === 0) continue;\n\n res = res.mul(q);\n }\n }\n\n return res;\n };\n\n // Shift-left in-place\n BN.prototype.iushln = function iushln (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);\n var i;\n\n if (r !== 0) {\n var carry = 0;\n\n for (i = 0; i < this.length; i++) {\n var newCarry = this.words[i] & carryMask;\n var c = ((this.words[i] | 0) - newCarry) << r;\n this.words[i] = c | carry;\n carry = newCarry >>> (26 - r);\n }\n\n if (carry) {\n this.words[i] = carry;\n this.length++;\n }\n }\n\n if (s !== 0) {\n for (i = this.length - 1; i >= 0; i--) {\n this.words[i + s] = this.words[i];\n }\n\n for (i = 0; i < s; i++) {\n this.words[i] = 0;\n }\n\n this.length += s;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishln = function ishln (bits) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushln(bits);\n };\n\n // Shift-right in-place\n // NOTE: `hint` is a lowest bit before trailing zeroes\n // NOTE: if `extended` is present - it will be filled with destroyed bits\n BN.prototype.iushrn = function iushrn (bits, hint, extended) {\n assert(typeof bits === 'number' && bits >= 0);\n var h;\n if (hint) {\n h = (hint - (hint % 26)) / 26;\n } else {\n h = 0;\n }\n\n var r = bits % 26;\n var s = Math.min((bits - r) / 26, this.length);\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n var maskedWords = extended;\n\n h -= s;\n h = Math.max(0, h);\n\n // Extended mode, copy masked part\n if (maskedWords) {\n for (var i = 0; i < s; i++) {\n maskedWords.words[i] = this.words[i];\n }\n maskedWords.length = s;\n }\n\n if (s === 0) {\n // No-op, we should not move anything at all\n } else if (this.length > s) {\n this.length -= s;\n for (i = 0; i < this.length; i++) {\n this.words[i] = this.words[i + s];\n }\n } else {\n this.words[0] = 0;\n this.length = 1;\n }\n\n var carry = 0;\n for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {\n var word = this.words[i] | 0;\n this.words[i] = (carry << (26 - r)) | (word >>> r);\n carry = word & mask;\n }\n\n // Push carried bits as a mask\n if (maskedWords && carry !== 0) {\n maskedWords.words[maskedWords.length++] = carry;\n }\n\n if (this.length === 0) {\n this.words[0] = 0;\n this.length = 1;\n }\n\n return this.strip();\n };\n\n BN.prototype.ishrn = function ishrn (bits, hint, extended) {\n // TODO(indutny): implement me\n assert(this.negative === 0);\n return this.iushrn(bits, hint, extended);\n };\n\n // Shift-left\n BN.prototype.shln = function shln (bits) {\n return this.clone().ishln(bits);\n };\n\n BN.prototype.ushln = function ushln (bits) {\n return this.clone().iushln(bits);\n };\n\n // Shift-right\n BN.prototype.shrn = function shrn (bits) {\n return this.clone().ishrn(bits);\n };\n\n BN.prototype.ushrn = function ushrn (bits) {\n return this.clone().iushrn(bits);\n };\n\n // Test if n bit is set\n BN.prototype.testn = function testn (bit) {\n assert(typeof bit === 'number' && bit >= 0);\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) return false;\n\n // Check bit and return\n var w = this.words[s];\n\n return !!(w & q);\n };\n\n // Return only lowers bits of number (in-place)\n BN.prototype.imaskn = function imaskn (bits) {\n assert(typeof bits === 'number' && bits >= 0);\n var r = bits % 26;\n var s = (bits - r) / 26;\n\n assert(this.negative === 0, 'imaskn works only with positive numbers');\n\n if (this.length <= s) {\n return this;\n }\n\n if (r !== 0) {\n s++;\n }\n this.length = Math.min(s, this.length);\n\n if (r !== 0) {\n var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);\n this.words[this.length - 1] &= mask;\n }\n\n return this.strip();\n };\n\n // Return only lowers bits of number\n BN.prototype.maskn = function maskn (bits) {\n return this.clone().imaskn(bits);\n };\n\n // Add plain number `num` to `this`\n BN.prototype.iaddn = function iaddn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.isubn(-num);\n\n // Possible sign change\n if (this.negative !== 0) {\n if (this.length === 1 && (this.words[0] | 0) < num) {\n this.words[0] = num - (this.words[0] | 0);\n this.negative = 0;\n return this;\n }\n\n this.negative = 0;\n this.isubn(num);\n this.negative = 1;\n return this;\n }\n\n // Add without checks\n return this._iaddn(num);\n };\n\n BN.prototype._iaddn = function _iaddn (num) {\n this.words[0] += num;\n\n // Carry\n for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {\n this.words[i] -= 0x4000000;\n if (i === this.length - 1) {\n this.words[i + 1] = 1;\n } else {\n this.words[i + 1]++;\n }\n }\n this.length = Math.max(this.length, i + 1);\n\n return this;\n };\n\n // Subtract plain number `num` from `this`\n BN.prototype.isubn = function isubn (num) {\n assert(typeof num === 'number');\n assert(num < 0x4000000);\n if (num < 0) return this.iaddn(-num);\n\n if (this.negative !== 0) {\n this.negative = 0;\n this.iaddn(num);\n this.negative = 1;\n return this;\n }\n\n this.words[0] -= num;\n\n if (this.length === 1 && this.words[0] < 0) {\n this.words[0] = -this.words[0];\n this.negative = 1;\n } else {\n // Carry\n for (var i = 0; i < this.length && this.words[i] < 0; i++) {\n this.words[i] += 0x4000000;\n this.words[i + 1] -= 1;\n }\n }\n\n return this.strip();\n };\n\n BN.prototype.addn = function addn (num) {\n return this.clone().iaddn(num);\n };\n\n BN.prototype.subn = function subn (num) {\n return this.clone().isubn(num);\n };\n\n BN.prototype.iabs = function iabs () {\n this.negative = 0;\n\n return this;\n };\n\n BN.prototype.abs = function abs () {\n return this.clone().iabs();\n };\n\n BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {\n var len = num.length + shift;\n var i;\n\n this._expand(len);\n\n var w;\n var carry = 0;\n for (i = 0; i < num.length; i++) {\n w = (this.words[i + shift] | 0) + carry;\n var right = (num.words[i] | 0) * mul;\n w -= right & 0x3ffffff;\n carry = (w >> 26) - ((right / 0x4000000) | 0);\n this.words[i + shift] = w & 0x3ffffff;\n }\n for (; i < this.length - shift; i++) {\n w = (this.words[i + shift] | 0) + carry;\n carry = w >> 26;\n this.words[i + shift] = w & 0x3ffffff;\n }\n\n if (carry === 0) return this.strip();\n\n // Subtraction overflow\n assert(carry === -1);\n carry = 0;\n for (i = 0; i < this.length; i++) {\n w = -(this.words[i] | 0) + carry;\n carry = w >> 26;\n this.words[i] = w & 0x3ffffff;\n }\n this.negative = 1;\n\n return this.strip();\n };\n\n BN.prototype._wordDiv = function _wordDiv (num, mode) {\n var shift = this.length - num.length;\n\n var a = this.clone();\n var b = num;\n\n // Normalize\n var bhi = b.words[b.length - 1] | 0;\n var bhiBits = this._countBits(bhi);\n shift = 26 - bhiBits;\n if (shift !== 0) {\n b = b.ushln(shift);\n a.iushln(shift);\n bhi = b.words[b.length - 1] | 0;\n }\n\n // Initialize quotient\n var m = a.length - b.length;\n var q;\n\n if (mode !== 'mod') {\n q = new BN(null);\n q.length = m + 1;\n q.words = new Array(q.length);\n for (var i = 0; i < q.length; i++) {\n q.words[i] = 0;\n }\n }\n\n var diff = a.clone()._ishlnsubmul(b, 1, m);\n if (diff.negative === 0) {\n a = diff;\n if (q) {\n q.words[m] = 1;\n }\n }\n\n for (var j = m - 1; j >= 0; j--) {\n var qj = (a.words[b.length + j] | 0) * 0x4000000 +\n (a.words[b.length + j - 1] | 0);\n\n // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max\n // (0x7ffffff)\n qj = Math.min((qj / bhi) | 0, 0x3ffffff);\n\n a._ishlnsubmul(b, qj, j);\n while (a.negative !== 0) {\n qj--;\n a.negative = 0;\n a._ishlnsubmul(b, 1, j);\n if (!a.isZero()) {\n a.negative ^= 1;\n }\n }\n if (q) {\n q.words[j] = qj;\n }\n }\n if (q) {\n q.strip();\n }\n a.strip();\n\n // Denormalize\n if (mode !== 'div' && shift !== 0) {\n a.iushrn(shift);\n }\n\n return {\n div: q || null,\n mod: a\n };\n };\n\n // NOTE: 1) `mode` can be set to `mod` to request mod only,\n // to `div` to request div only, or be absent to\n // request both div & mod\n // 2) `positive` is true if unsigned mod is requested\n BN.prototype.divmod = function divmod (num, mode, positive) {\n assert(!num.isZero());\n\n if (this.isZero()) {\n return {\n div: new BN(0),\n mod: new BN(0)\n };\n }\n\n var div, mod, res;\n if (this.negative !== 0 && num.negative === 0) {\n res = this.neg().divmod(num, mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.iadd(num);\n }\n }\n\n return {\n div: div,\n mod: mod\n };\n }\n\n if (this.negative === 0 && num.negative !== 0) {\n res = this.divmod(num.neg(), mode);\n\n if (mode !== 'mod') {\n div = res.div.neg();\n }\n\n return {\n div: div,\n mod: res.mod\n };\n }\n\n if ((this.negative & num.negative) !== 0) {\n res = this.neg().divmod(num.neg(), mode);\n\n if (mode !== 'div') {\n mod = res.mod.neg();\n if (positive && mod.negative !== 0) {\n mod.isub(num);\n }\n }\n\n return {\n div: res.div,\n mod: mod\n };\n }\n\n // Both numbers are positive at this point\n\n // Strip both numbers to approximate shift value\n if (num.length > this.length || this.cmp(num) < 0) {\n return {\n div: new BN(0),\n mod: this\n };\n }\n\n // Very short reduction\n if (num.length === 1) {\n if (mode === 'div') {\n return {\n div: this.divn(num.words[0]),\n mod: null\n };\n }\n\n if (mode === 'mod') {\n return {\n div: null,\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return {\n div: this.divn(num.words[0]),\n mod: new BN(this.modn(num.words[0]))\n };\n }\n\n return this._wordDiv(num, mode);\n };\n\n // Find `this` / `num`\n BN.prototype.div = function div (num) {\n return this.divmod(num, 'div', false).div;\n };\n\n // Find `this` % `num`\n BN.prototype.mod = function mod (num) {\n return this.divmod(num, 'mod', false).mod;\n };\n\n BN.prototype.umod = function umod (num) {\n return this.divmod(num, 'mod', true).mod;\n };\n\n // Find Round(`this` / `num`)\n BN.prototype.divRound = function divRound (num) {\n var dm = this.divmod(num);\n\n // Fast case - exact division\n if (dm.mod.isZero()) return dm.div;\n\n var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;\n\n var half = num.ushrn(1);\n var r2 = num.andln(1);\n var cmp = mod.cmp(half);\n\n // Round down\n if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;\n\n // Round up\n return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);\n };\n\n BN.prototype.modn = function modn (num) {\n assert(num <= 0x3ffffff);\n var p = (1 << 26) % num;\n\n var acc = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n acc = (p * acc + (this.words[i] | 0)) % num;\n }\n\n return acc;\n };\n\n // In-place division by number\n BN.prototype.idivn = function idivn (num) {\n assert(num <= 0x3ffffff);\n\n var carry = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var w = (this.words[i] | 0) + carry * 0x4000000;\n this.words[i] = (w / num) | 0;\n carry = w % num;\n }\n\n return this.strip();\n };\n\n BN.prototype.divn = function divn (num) {\n return this.clone().idivn(num);\n };\n\n BN.prototype.egcd = function egcd (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var x = this;\n var y = p.clone();\n\n if (x.negative !== 0) {\n x = x.umod(p);\n } else {\n x = x.clone();\n }\n\n // A * x + B * y = x\n var A = new BN(1);\n var B = new BN(0);\n\n // C * x + D * y = y\n var C = new BN(0);\n var D = new BN(1);\n\n var g = 0;\n\n while (x.isEven() && y.isEven()) {\n x.iushrn(1);\n y.iushrn(1);\n ++g;\n }\n\n var yp = y.clone();\n var xp = x.clone();\n\n while (!x.isZero()) {\n for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n x.iushrn(i);\n while (i-- > 0) {\n if (A.isOdd() || B.isOdd()) {\n A.iadd(yp);\n B.isub(xp);\n }\n\n A.iushrn(1);\n B.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n y.iushrn(j);\n while (j-- > 0) {\n if (C.isOdd() || D.isOdd()) {\n C.iadd(yp);\n D.isub(xp);\n }\n\n C.iushrn(1);\n D.iushrn(1);\n }\n }\n\n if (x.cmp(y) >= 0) {\n x.isub(y);\n A.isub(C);\n B.isub(D);\n } else {\n y.isub(x);\n C.isub(A);\n D.isub(B);\n }\n }\n\n return {\n a: C,\n b: D,\n gcd: y.iushln(g)\n };\n };\n\n // This is reduced incarnation of the binary EEA\n // above, designated to invert members of the\n // _prime_ fields F(p) at a maximal speed\n BN.prototype._invmp = function _invmp (p) {\n assert(p.negative === 0);\n assert(!p.isZero());\n\n var a = this;\n var b = p.clone();\n\n if (a.negative !== 0) {\n a = a.umod(p);\n } else {\n a = a.clone();\n }\n\n var x1 = new BN(1);\n var x2 = new BN(0);\n\n var delta = b.clone();\n\n while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {\n for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);\n if (i > 0) {\n a.iushrn(i);\n while (i-- > 0) {\n if (x1.isOdd()) {\n x1.iadd(delta);\n }\n\n x1.iushrn(1);\n }\n }\n\n for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);\n if (j > 0) {\n b.iushrn(j);\n while (j-- > 0) {\n if (x2.isOdd()) {\n x2.iadd(delta);\n }\n\n x2.iushrn(1);\n }\n }\n\n if (a.cmp(b) >= 0) {\n a.isub(b);\n x1.isub(x2);\n } else {\n b.isub(a);\n x2.isub(x1);\n }\n }\n\n var res;\n if (a.cmpn(1) === 0) {\n res = x1;\n } else {\n res = x2;\n }\n\n if (res.cmpn(0) < 0) {\n res.iadd(p);\n }\n\n return res;\n };\n\n BN.prototype.gcd = function gcd (num) {\n if (this.isZero()) return num.abs();\n if (num.isZero()) return this.abs();\n\n var a = this.clone();\n var b = num.clone();\n a.negative = 0;\n b.negative = 0;\n\n // Remove common factor of two\n for (var shift = 0; a.isEven() && b.isEven(); shift++) {\n a.iushrn(1);\n b.iushrn(1);\n }\n\n do {\n while (a.isEven()) {\n a.iushrn(1);\n }\n while (b.isEven()) {\n b.iushrn(1);\n }\n\n var r = a.cmp(b);\n if (r < 0) {\n // Swap `a` and `b` to make `a` always bigger than `b`\n var t = a;\n a = b;\n b = t;\n } else if (r === 0 || b.cmpn(1) === 0) {\n break;\n }\n\n a.isub(b);\n } while (true);\n\n return b.iushln(shift);\n };\n\n // Invert number in the field F(num)\n BN.prototype.invm = function invm (num) {\n return this.egcd(num).a.umod(num);\n };\n\n BN.prototype.isEven = function isEven () {\n return (this.words[0] & 1) === 0;\n };\n\n BN.prototype.isOdd = function isOdd () {\n return (this.words[0] & 1) === 1;\n };\n\n // And first word and num\n BN.prototype.andln = function andln (num) {\n return this.words[0] & num;\n };\n\n // Increment at the bit position in-line\n BN.prototype.bincn = function bincn (bit) {\n assert(typeof bit === 'number');\n var r = bit % 26;\n var s = (bit - r) / 26;\n var q = 1 << r;\n\n // Fast case: bit is much higher than all existing words\n if (this.length <= s) {\n this._expand(s + 1);\n this.words[s] |= q;\n return this;\n }\n\n // Add bit and propagate, if needed\n var carry = q;\n for (var i = s; carry !== 0 && i < this.length; i++) {\n var w = this.words[i] | 0;\n w += carry;\n carry = w >>> 26;\n w &= 0x3ffffff;\n this.words[i] = w;\n }\n if (carry !== 0) {\n this.words[i] = carry;\n this.length++;\n }\n return this;\n };\n\n BN.prototype.isZero = function isZero () {\n return this.length === 1 && this.words[0] === 0;\n };\n\n BN.prototype.cmpn = function cmpn (num) {\n var negative = num < 0;\n\n if (this.negative !== 0 && !negative) return -1;\n if (this.negative === 0 && negative) return 1;\n\n this.strip();\n\n var res;\n if (this.length > 1) {\n res = 1;\n } else {\n if (negative) {\n num = -num;\n }\n\n assert(num <= 0x3ffffff, 'Number is too big');\n\n var w = this.words[0] | 0;\n res = w === num ? 0 : w < num ? -1 : 1;\n }\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Compare two numbers and return:\n // 1 - if `this` > `num`\n // 0 - if `this` == `num`\n // -1 - if `this` < `num`\n BN.prototype.cmp = function cmp (num) {\n if (this.negative !== 0 && num.negative === 0) return -1;\n if (this.negative === 0 && num.negative !== 0) return 1;\n\n var res = this.ucmp(num);\n if (this.negative !== 0) return -res | 0;\n return res;\n };\n\n // Unsigned comparison\n BN.prototype.ucmp = function ucmp (num) {\n // At this point both numbers have the same sign\n if (this.length > num.length) return 1;\n if (this.length < num.length) return -1;\n\n var res = 0;\n for (var i = this.length - 1; i >= 0; i--) {\n var a = this.words[i] | 0;\n var b = num.words[i] | 0;\n\n if (a === b) continue;\n if (a < b) {\n res = -1;\n } else if (a > b) {\n res = 1;\n }\n break;\n }\n return res;\n };\n\n BN.prototype.gtn = function gtn (num) {\n return this.cmpn(num) === 1;\n };\n\n BN.prototype.gt = function gt (num) {\n return this.cmp(num) === 1;\n };\n\n BN.prototype.gten = function gten (num) {\n return this.cmpn(num) >= 0;\n };\n\n BN.prototype.gte = function gte (num) {\n return this.cmp(num) >= 0;\n };\n\n BN.prototype.ltn = function ltn (num) {\n return this.cmpn(num) === -1;\n };\n\n BN.prototype.lt = function lt (num) {\n return this.cmp(num) === -1;\n };\n\n BN.prototype.lten = function lten (num) {\n return this.cmpn(num) <= 0;\n };\n\n BN.prototype.lte = function lte (num) {\n return this.cmp(num) <= 0;\n };\n\n BN.prototype.eqn = function eqn (num) {\n return this.cmpn(num) === 0;\n };\n\n BN.prototype.eq = function eq (num) {\n return this.cmp(num) === 0;\n };\n\n //\n // A reduce context, could be using montgomery or something better, depending\n // on the `m` itself.\n //\n BN.red = function red (num) {\n return new Red(num);\n };\n\n BN.prototype.toRed = function toRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n assert(this.negative === 0, 'red works only with positives');\n return ctx.convertTo(this)._forceRed(ctx);\n };\n\n BN.prototype.fromRed = function fromRed () {\n assert(this.red, 'fromRed works only with numbers in reduction context');\n return this.red.convertFrom(this);\n };\n\n BN.prototype._forceRed = function _forceRed (ctx) {\n this.red = ctx;\n return this;\n };\n\n BN.prototype.forceRed = function forceRed (ctx) {\n assert(!this.red, 'Already a number in reduction context');\n return this._forceRed(ctx);\n };\n\n BN.prototype.redAdd = function redAdd (num) {\n assert(this.red, 'redAdd works only with red numbers');\n return this.red.add(this, num);\n };\n\n BN.prototype.redIAdd = function redIAdd (num) {\n assert(this.red, 'redIAdd works only with red numbers');\n return this.red.iadd(this, num);\n };\n\n BN.prototype.redSub = function redSub (num) {\n assert(this.red, 'redSub works only with red numbers');\n return this.red.sub(this, num);\n };\n\n BN.prototype.redISub = function redISub (num) {\n assert(this.red, 'redISub works only with red numbers');\n return this.red.isub(this, num);\n };\n\n BN.prototype.redShl = function redShl (num) {\n assert(this.red, 'redShl works only with red numbers');\n return this.red.shl(this, num);\n };\n\n BN.prototype.redMul = function redMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.mul(this, num);\n };\n\n BN.prototype.redIMul = function redIMul (num) {\n assert(this.red, 'redMul works only with red numbers');\n this.red._verify2(this, num);\n return this.red.imul(this, num);\n };\n\n BN.prototype.redSqr = function redSqr () {\n assert(this.red, 'redSqr works only with red numbers');\n this.red._verify1(this);\n return this.red.sqr(this);\n };\n\n BN.prototype.redISqr = function redISqr () {\n assert(this.red, 'redISqr works only with red numbers');\n this.red._verify1(this);\n return this.red.isqr(this);\n };\n\n // Square root over p\n BN.prototype.redSqrt = function redSqrt () {\n assert(this.red, 'redSqrt works only with red numbers');\n this.red._verify1(this);\n return this.red.sqrt(this);\n };\n\n BN.prototype.redInvm = function redInvm () {\n assert(this.red, 'redInvm works only with red numbers');\n this.red._verify1(this);\n return this.red.invm(this);\n };\n\n // Return negative clone of `this` % `red modulo`\n BN.prototype.redNeg = function redNeg () {\n assert(this.red, 'redNeg works only with red numbers');\n this.red._verify1(this);\n return this.red.neg(this);\n };\n\n BN.prototype.redPow = function redPow (num) {\n assert(this.red && !num.red, 'redPow(normalNum)');\n this.red._verify1(this);\n return this.red.pow(this, num);\n };\n\n // Prime numbers with efficient reduction\n var primes = {\n k256: null,\n p224: null,\n p192: null,\n p25519: null\n };\n\n // Pseudo-Mersenne prime\n function MPrime (name, p) {\n // P = 2 ^ N - K\n this.name = name;\n this.p = new BN(p, 16);\n this.n = this.p.bitLength();\n this.k = new BN(1).iushln(this.n).isub(this.p);\n\n this.tmp = this._tmp();\n }\n\n MPrime.prototype._tmp = function _tmp () {\n var tmp = new BN(null);\n tmp.words = new Array(Math.ceil(this.n / 13));\n return tmp;\n };\n\n MPrime.prototype.ireduce = function ireduce (num) {\n // Assumes that `num` is less than `P^2`\n // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)\n var r = num;\n var rlen;\n\n do {\n this.split(r, this.tmp);\n r = this.imulK(r);\n r = r.iadd(this.tmp);\n rlen = r.bitLength();\n } while (rlen > this.n);\n\n var cmp = rlen < this.n ? -1 : r.ucmp(this.p);\n if (cmp === 0) {\n r.words[0] = 0;\n r.length = 1;\n } else if (cmp > 0) {\n r.isub(this.p);\n } else {\n r.strip();\n }\n\n return r;\n };\n\n MPrime.prototype.split = function split (input, out) {\n input.iushrn(this.n, 0, out);\n };\n\n MPrime.prototype.imulK = function imulK (num) {\n return num.imul(this.k);\n };\n\n function K256 () {\n MPrime.call(\n this,\n 'k256',\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');\n }\n inherits(K256, MPrime);\n\n K256.prototype.split = function split (input, output) {\n // 256 = 9 * 26 + 22\n var mask = 0x3fffff;\n\n var outLen = Math.min(input.length, 9);\n for (var i = 0; i < outLen; i++) {\n output.words[i] = input.words[i];\n }\n output.length = outLen;\n\n if (input.length <= 9) {\n input.words[0] = 0;\n input.length = 1;\n return;\n }\n\n // Shift by 9 limbs\n var prev = input.words[9];\n output.words[output.length++] = prev & mask;\n\n for (i = 10; i < input.length; i++) {\n var next = input.words[i] | 0;\n input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);\n prev = next;\n }\n prev >>>= 22;\n input.words[i - 10] = prev;\n if (prev === 0 && input.length > 10) {\n input.length -= 10;\n } else {\n input.length -= 9;\n }\n };\n\n K256.prototype.imulK = function imulK (num) {\n // K = 0x1000003d1 = [ 0x40, 0x3d1 ]\n num.words[num.length] = 0;\n num.words[num.length + 1] = 0;\n num.length += 2;\n\n // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390\n var lo = 0;\n for (var i = 0; i < num.length; i++) {\n var w = num.words[i] | 0;\n lo += w * 0x3d1;\n num.words[i] = lo & 0x3ffffff;\n lo = w * 0x40 + ((lo / 0x4000000) | 0);\n }\n\n // Fast length reduction\n if (num.words[num.length - 1] === 0) {\n num.length--;\n if (num.words[num.length - 1] === 0) {\n num.length--;\n }\n }\n return num;\n };\n\n function P224 () {\n MPrime.call(\n this,\n 'p224',\n 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');\n }\n inherits(P224, MPrime);\n\n function P192 () {\n MPrime.call(\n this,\n 'p192',\n 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');\n }\n inherits(P192, MPrime);\n\n function P25519 () {\n // 2 ^ 255 - 19\n MPrime.call(\n this,\n '25519',\n '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');\n }\n inherits(P25519, MPrime);\n\n P25519.prototype.imulK = function imulK (num) {\n // K = 0x13\n var carry = 0;\n for (var i = 0; i < num.length; i++) {\n var hi = (num.words[i] | 0) * 0x13 + carry;\n var lo = hi & 0x3ffffff;\n hi >>>= 26;\n\n num.words[i] = lo;\n carry = hi;\n }\n if (carry !== 0) {\n num.words[num.length++] = carry;\n }\n return num;\n };\n\n // Exported mostly for testing purposes, use plain name instead\n BN._prime = function prime (name) {\n // Cached version of prime\n if (primes[name]) return primes[name];\n\n var prime;\n if (name === 'k256') {\n prime = new K256();\n } else if (name === 'p224') {\n prime = new P224();\n } else if (name === 'p192') {\n prime = new P192();\n } else if (name === 'p25519') {\n prime = new P25519();\n } else {\n throw new Error('Unknown prime ' + name);\n }\n primes[name] = prime;\n\n return prime;\n };\n\n //\n // Base reduction engine\n //\n function Red (m) {\n if (typeof m === 'string') {\n var prime = BN._prime(m);\n this.m = prime.p;\n this.prime = prime;\n } else {\n assert(m.gtn(1), 'modulus must be greater than 1');\n this.m = m;\n this.prime = null;\n }\n }\n\n Red.prototype._verify1 = function _verify1 (a) {\n assert(a.negative === 0, 'red works only with positives');\n assert(a.red, 'red works only with red numbers');\n };\n\n Red.prototype._verify2 = function _verify2 (a, b) {\n assert((a.negative | b.negative) === 0, 'red works only with positives');\n assert(a.red && a.red === b.red,\n 'red works only with red numbers');\n };\n\n Red.prototype.imod = function imod (a) {\n if (this.prime) return this.prime.ireduce(a)._forceRed(this);\n return a.umod(this.m)._forceRed(this);\n };\n\n Red.prototype.neg = function neg (a) {\n if (a.isZero()) {\n return a.clone();\n }\n\n return this.m.sub(a)._forceRed(this);\n };\n\n Red.prototype.add = function add (a, b) {\n this._verify2(a, b);\n\n var res = a.add(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.iadd = function iadd (a, b) {\n this._verify2(a, b);\n\n var res = a.iadd(b);\n if (res.cmp(this.m) >= 0) {\n res.isub(this.m);\n }\n return res;\n };\n\n Red.prototype.sub = function sub (a, b) {\n this._verify2(a, b);\n\n var res = a.sub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res._forceRed(this);\n };\n\n Red.prototype.isub = function isub (a, b) {\n this._verify2(a, b);\n\n var res = a.isub(b);\n if (res.cmpn(0) < 0) {\n res.iadd(this.m);\n }\n return res;\n };\n\n Red.prototype.shl = function shl (a, num) {\n this._verify1(a);\n return this.imod(a.ushln(num));\n };\n\n Red.prototype.imul = function imul (a, b) {\n this._verify2(a, b);\n return this.imod(a.imul(b));\n };\n\n Red.prototype.mul = function mul (a, b) {\n this._verify2(a, b);\n return this.imod(a.mul(b));\n };\n\n Red.prototype.isqr = function isqr (a) {\n return this.imul(a, a.clone());\n };\n\n Red.prototype.sqr = function sqr (a) {\n return this.mul(a, a);\n };\n\n Red.prototype.sqrt = function sqrt (a) {\n if (a.isZero()) return a.clone();\n\n var mod3 = this.m.andln(3);\n assert(mod3 % 2 === 1);\n\n // Fast case\n if (mod3 === 3) {\n var pow = this.m.add(new BN(1)).iushrn(2);\n return this.pow(a, pow);\n }\n\n // Tonelli-Shanks algorithm (Totally unoptimized and slow)\n //\n // Find Q and S, that Q * 2 ^ S = (P - 1)\n var q = this.m.subn(1);\n var s = 0;\n while (!q.isZero() && q.andln(1) === 0) {\n s++;\n q.iushrn(1);\n }\n assert(!q.isZero());\n\n var one = new BN(1).toRed(this);\n var nOne = one.redNeg();\n\n // Find quadratic non-residue\n // NOTE: Max is such because of generalized Riemann hypothesis.\n var lpow = this.m.subn(1).iushrn(1);\n var z = this.m.bitLength();\n z = new BN(2 * z * z).toRed(this);\n\n while (this.pow(z, lpow).cmp(nOne) !== 0) {\n z.redIAdd(nOne);\n }\n\n var c = this.pow(z, q);\n var r = this.pow(a, q.addn(1).iushrn(1));\n var t = this.pow(a, q);\n var m = s;\n while (t.cmp(one) !== 0) {\n var tmp = t;\n for (var i = 0; tmp.cmp(one) !== 0; i++) {\n tmp = tmp.redSqr();\n }\n assert(i < m);\n var b = this.pow(c, new BN(1).iushln(m - i - 1));\n\n r = r.redMul(b);\n c = b.redSqr();\n t = t.redMul(c);\n m = i;\n }\n\n return r;\n };\n\n Red.prototype.invm = function invm (a) {\n var inv = a._invmp(this.m);\n if (inv.negative !== 0) {\n inv.negative = 0;\n return this.imod(inv).redNeg();\n } else {\n return this.imod(inv);\n }\n };\n\n Red.prototype.pow = function pow (a, num) {\n if (num.isZero()) return new BN(1).toRed(this);\n if (num.cmpn(1) === 0) return a.clone();\n\n var windowSize = 4;\n var wnd = new Array(1 << windowSize);\n wnd[0] = new BN(1).toRed(this);\n wnd[1] = a;\n for (var i = 2; i < wnd.length; i++) {\n wnd[i] = this.mul(wnd[i - 1], a);\n }\n\n var res = wnd[0];\n var current = 0;\n var currentLen = 0;\n var start = num.bitLength() % 26;\n if (start === 0) {\n start = 26;\n }\n\n for (i = num.length - 1; i >= 0; i--) {\n var word = num.words[i];\n for (var j = start - 1; j >= 0; j--) {\n var bit = (word >> j) & 1;\n if (res !== wnd[0]) {\n res = this.sqr(res);\n }\n\n if (bit === 0 && current === 0) {\n currentLen = 0;\n continue;\n }\n\n current <<= 1;\n current |= bit;\n currentLen++;\n if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;\n\n res = this.mul(res, wnd[current]);\n currentLen = 0;\n current = 0;\n }\n start = 26;\n }\n\n return res;\n };\n\n Red.prototype.convertTo = function convertTo (num) {\n var r = num.umod(this.m);\n\n return r === num ? r.clone() : r;\n };\n\n Red.prototype.convertFrom = function convertFrom (num) {\n var res = num.clone();\n res.red = null;\n return res;\n };\n\n //\n // Montgomery method engine\n //\n\n BN.mont = function mont (num) {\n return new Mont(num);\n };\n\n function Mont (m) {\n Red.call(this, m);\n\n this.shift = this.m.bitLength();\n if (this.shift % 26 !== 0) {\n this.shift += 26 - (this.shift % 26);\n }\n\n this.r = new BN(1).iushln(this.shift);\n this.r2 = this.imod(this.r.sqr());\n this.rinv = this.r._invmp(this.m);\n\n this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);\n this.minv = this.minv.umod(this.r);\n this.minv = this.r.sub(this.minv);\n }\n inherits(Mont, Red);\n\n Mont.prototype.convertTo = function convertTo (num) {\n return this.imod(num.ushln(this.shift));\n };\n\n Mont.prototype.convertFrom = function convertFrom (num) {\n var r = this.imod(num.mul(this.rinv));\n r.red = null;\n return r;\n };\n\n Mont.prototype.imul = function imul (a, b) {\n if (a.isZero() || b.isZero()) {\n a.words[0] = 0;\n a.length = 1;\n return a;\n }\n\n var t = a.imul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.mul = function mul (a, b) {\n if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);\n\n var t = a.mul(b);\n var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);\n var u = t.isub(c).iushrn(this.shift);\n var res = u;\n if (u.cmp(this.m) >= 0) {\n res = u.isub(this.m);\n } else if (u.cmpn(0) < 0) {\n res = u.iadd(this.m);\n }\n\n return res._forceRed(this);\n };\n\n Mont.prototype.invm = function invm (a) {\n // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R\n var res = this.imod(a._invmp(this.m).mul(this.r2));\n return res._forceRed(this);\n };\n})(typeof module === 'undefined' || module, this);\n","import BN from 'bn.js';\n\n/**\n * @fileoverview\n * BigInteger implementation of basic operations\n * Wrapper of bn.js library (wwww.github.com/indutny/bn.js)\n * @module biginteger/bn\n * @private\n */\n\n/**\n * @private\n */\nexport default class BigInteger {\n /**\n * Get a BigInteger (input must be big endian for strings and arrays)\n * @param {Number|String|Uint8Array} n - Value to convert\n * @throws {Error} on undefined input\n */\n constructor(n) {\n if (n === undefined) {\n throw new Error('Invalid BigInteger input');\n }\n\n this.value = new BN(n);\n }\n\n clone() {\n const clone = new BigInteger(null);\n this.value.copy(clone.value);\n return clone;\n }\n\n /**\n * BigInteger increment in place\n */\n iinc() {\n this.value.iadd(new BN(1));\n return this;\n }\n\n /**\n * BigInteger increment\n * @returns {BigInteger} this + 1.\n */\n inc() {\n return this.clone().iinc();\n }\n\n /**\n * BigInteger decrement in place\n */\n idec() {\n this.value.isub(new BN(1));\n return this;\n }\n\n /**\n * BigInteger decrement\n * @returns {BigInteger} this - 1.\n */\n dec() {\n return this.clone().idec();\n }\n\n\n /**\n * BigInteger addition in place\n * @param {BigInteger} x - Value to add\n */\n iadd(x) {\n this.value.iadd(x.value);\n return this;\n }\n\n /**\n * BigInteger addition\n * @param {BigInteger} x - Value to add\n * @returns {BigInteger} this + x.\n */\n add(x) {\n return this.clone().iadd(x);\n }\n\n /**\n * BigInteger subtraction in place\n * @param {BigInteger} x - Value to subtract\n */\n isub(x) {\n this.value.isub(x.value);\n return this;\n }\n\n /**\n * BigInteger subtraction\n * @param {BigInteger} x - Value to subtract\n * @returns {BigInteger} this - x.\n */\n sub(x) {\n return this.clone().isub(x);\n }\n\n /**\n * BigInteger multiplication in place\n * @param {BigInteger} x - Value to multiply\n */\n imul(x) {\n this.value.imul(x.value);\n return this;\n }\n\n /**\n * BigInteger multiplication\n * @param {BigInteger} x - Value to multiply\n * @returns {BigInteger} this * x.\n */\n mul(x) {\n return this.clone().imul(x);\n }\n\n /**\n * Compute value modulo m, in place\n * @param {BigInteger} m - Modulo\n */\n imod(m) {\n this.value = this.value.umod(m.value);\n return this;\n }\n\n /**\n * Compute value modulo m\n * @param {BigInteger} m - Modulo\n * @returns {BigInteger} this mod m.\n */\n mod(m) {\n return this.clone().imod(m);\n }\n\n /**\n * Compute modular exponentiation\n * Much faster than this.exp(e).mod(n)\n * @param {BigInteger} e - Exponent\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} this ** e mod n.\n */\n modExp(e, n) {\n // We use either Montgomery or normal reduction context\n // Montgomery requires coprime n and R (montogmery multiplier)\n // bn.js picks R as power of 2, so n must be odd\n const nred = n.isEven() ? BN.red(n.value) : BN.mont(n.value);\n const x = this.clone();\n x.value = x.value.toRed(nred).redPow(e.value).fromRed();\n return x;\n }\n\n /**\n * Compute the inverse of this value modulo n\n * Note: this and and n must be relatively prime\n * @param {BigInteger} n - Modulo\n * @returns {BigInteger} x such that this*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\n modInv(n) {\n // invm returns a wrong result if the inverse does not exist\n if (!this.gcd(n).isOne()) {\n throw new Error('Inverse does not exist');\n }\n return new BigInteger(this.value.invm(n.value));\n }\n\n /**\n * Compute greatest common divisor between this and n\n * @param {BigInteger} n - Operand\n * @returns {BigInteger} gcd\n */\n gcd(n) {\n return new BigInteger(this.value.gcd(n.value));\n }\n\n /**\n * Shift this to the left by x, in place\n * @param {BigInteger} x - Shift value\n */\n ileftShift(x) {\n this.value.ishln(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the left by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this << x.\n */\n leftShift(x) {\n return this.clone().ileftShift(x);\n }\n\n /**\n * Shift this to the right by x, in place\n * @param {BigInteger} x - Shift value\n */\n irightShift(x) {\n this.value.ishrn(x.value.toNumber());\n return this;\n }\n\n /**\n * Shift this to the right by x\n * @param {BigInteger} x - Shift value\n * @returns {BigInteger} this >> x.\n */\n rightShift(x) {\n return this.clone().irightShift(x);\n }\n\n /**\n * Whether this value is equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n equal(x) {\n return this.value.eq(x.value);\n }\n\n /**\n * Whether this value is less than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lt(x) {\n return this.value.lt(x.value);\n }\n\n /**\n * Whether this value is less than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n lte(x) {\n return this.value.lte(x.value);\n }\n\n /**\n * Whether this value is greater than x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gt(x) {\n return this.value.gt(x.value);\n }\n\n /**\n * Whether this value is greater than or equal to x\n * @param {BigInteger} x\n * @returns {Boolean}\n */\n gte(x) {\n return this.value.gte(x.value);\n }\n\n isZero() {\n return this.value.isZero();\n }\n\n isOne() {\n return this.value.eq(new BN(1));\n }\n\n isNegative() {\n return this.value.isNeg();\n }\n\n isEven() {\n return this.value.isEven();\n }\n\n abs() {\n const res = this.clone();\n res.value = res.value.abs();\n return res;\n }\n\n /**\n * Get this value as a string\n * @returns {String} this value.\n */\n toString() {\n return this.value.toString();\n }\n\n /**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\n toNumber() {\n return this.value.toNumber();\n }\n\n /**\n * Get value of i-th bit\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\n getBit(i) {\n return this.value.testn(i) ? 1 : 0;\n }\n\n /**\n * Compute bit length\n * @returns {Number} Bit length.\n */\n bitLength() {\n return this.value.bitLength();\n }\n\n /**\n * Compute byte length\n * @returns {Number} Byte length.\n */\n byteLength() {\n return this.value.byteLength();\n }\n\n /**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\n toUint8Array(endian = 'be', length) {\n return this.value.toArrayLike(Uint8Array, endian, length);\n }\n}\n","var r;\n\nmodule.exports = function rand(len) {\n if (!r)\n r = new Rand(null);\n\n return r.generate(len);\n};\n\nfunction Rand(rand) {\n this.rand = rand;\n}\nmodule.exports.Rand = Rand;\n\nRand.prototype.generate = function generate(len) {\n return this._rand(len);\n};\n\n// Emulate crypto API using randy\nRand.prototype._rand = function _rand(n) {\n if (this.rand.getBytes)\n return this.rand.getBytes(n);\n\n var res = new Uint8Array(n);\n for (var i = 0; i < res.length; i++)\n res[i] = this.rand.getByte();\n return res;\n};\n\nif (typeof self === 'object') {\n if (self.crypto && self.crypto.getRandomValues) {\n // Modern browsers\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.crypto.getRandomValues(arr);\n return arr;\n };\n } else if (self.msCrypto && self.msCrypto.getRandomValues) {\n // IE\n Rand.prototype._rand = function _rand(n) {\n var arr = new Uint8Array(n);\n self.msCrypto.getRandomValues(arr);\n return arr;\n };\n\n // Safari's WebWorkers do not have `crypto`\n } else if (typeof window === 'object') {\n // Old junk\n Rand.prototype._rand = function() {\n throw new Error('Not implemented yet');\n };\n }\n} else {\n // Node.js or Web worker with no crypto support\n try {\n var crypto = require('crypto');\n if (typeof crypto.randomBytes !== 'function')\n throw new Error('Not supported');\n\n Rand.prototype._rand = function _rand(n) {\n return crypto.randomBytes(n);\n };\n } catch (e) {\n }\n}\n","'use strict';\n\nvar utils = exports;\n\nfunction toArray(msg, enc) {\n if (Array.isArray(msg))\n return msg.slice();\n if (!msg)\n return [];\n var res = [];\n if (typeof msg !== 'string') {\n for (var i = 0; i < msg.length; i++)\n res[i] = msg[i] | 0;\n return res;\n }\n if (enc === 'hex') {\n msg = msg.replace(/[^a-z0-9]+/ig, '');\n if (msg.length % 2 !== 0)\n msg = '0' + msg;\n for (var i = 0; i < msg.length; i += 2)\n res.push(parseInt(msg[i] + msg[i + 1], 16));\n } else {\n for (var i = 0; i < msg.length; i++) {\n var c = msg.charCodeAt(i);\n var hi = c >> 8;\n var lo = c & 0xff;\n if (hi)\n res.push(hi, lo);\n else\n res.push(lo);\n }\n }\n return res;\n}\nutils.toArray = toArray;\n\nfunction zero2(word) {\n if (word.length === 1)\n return '0' + word;\n else\n return word;\n}\nutils.zero2 = zero2;\n\nfunction toHex(msg) {\n var res = '';\n for (var i = 0; i < msg.length; i++)\n res += zero2(msg[i].toString(16));\n return res;\n}\nutils.toHex = toHex;\n\nutils.encode = function encode(arr, enc) {\n if (enc === 'hex')\n return toHex(arr);\n else\n return arr;\n};\n","'use strict';\n\nvar utils = exports;\nvar BN = require('bn.js');\nvar minAssert = require('minimalistic-assert');\nvar minUtils = require('minimalistic-crypto-utils');\n\nutils.assert = minAssert;\nutils.toArray = minUtils.toArray;\nutils.zero2 = minUtils.zero2;\nutils.toHex = minUtils.toHex;\nutils.encode = minUtils.encode;\n\n// Represent num in a w-NAF form\nfunction getNAF(num, w) {\n var naf = [];\n var ws = 1 << (w + 1);\n var k = num.clone();\n while (k.cmpn(1) >= 0) {\n var z;\n if (k.isOdd()) {\n var mod = k.andln(ws - 1);\n if (mod > (ws >> 1) - 1)\n z = (ws >> 1) - mod;\n else\n z = mod;\n k.isubn(z);\n } else {\n z = 0;\n }\n naf.push(z);\n\n // Optimization, shift by word if possible\n var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;\n for (var i = 1; i < shift; i++)\n naf.push(0);\n k.iushrn(shift);\n }\n\n return naf;\n}\nutils.getNAF = getNAF;\n\n// Represent k1, k2 in a Joint Sparse Form\nfunction getJSF(k1, k2) {\n var jsf = [\n [],\n []\n ];\n\n k1 = k1.clone();\n k2 = k2.clone();\n var d1 = 0;\n var d2 = 0;\n while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {\n\n // First phase\n var m14 = (k1.andln(3) + d1) & 3;\n var m24 = (k2.andln(3) + d2) & 3;\n if (m14 === 3)\n m14 = -1;\n if (m24 === 3)\n m24 = -1;\n var u1;\n if ((m14 & 1) === 0) {\n u1 = 0;\n } else {\n var m8 = (k1.andln(7) + d1) & 7;\n if ((m8 === 3 || m8 === 5) && m24 === 2)\n u1 = -m14;\n else\n u1 = m14;\n }\n jsf[0].push(u1);\n\n var u2;\n if ((m24 & 1) === 0) {\n u2 = 0;\n } else {\n var m8 = (k2.andln(7) + d2) & 7;\n if ((m8 === 3 || m8 === 5) && m14 === 2)\n u2 = -m24;\n else\n u2 = m24;\n }\n jsf[1].push(u2);\n\n // Second phase\n if (2 * d1 === u1 + 1)\n d1 = 1 - d1;\n if (2 * d2 === u2 + 1)\n d2 = 1 - d2;\n k1.iushrn(1);\n k2.iushrn(1);\n }\n\n return jsf;\n}\nutils.getJSF = getJSF;\n\nfunction cachedProperty(obj, name, computer) {\n var key = '_' + name;\n obj.prototype[name] = function cachedProperty() {\n return this[key] !== undefined ? this[key] :\n this[key] = computer.call(this);\n };\n}\nutils.cachedProperty = cachedProperty;\n\nfunction parseBytes(bytes) {\n return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :\n bytes;\n}\nutils.parseBytes = parseBytes;\n\nfunction intFromLE(bytes) {\n return new BN(bytes, 'hex', 'le');\n}\nutils.intFromLE = intFromLE;\n\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar getNAF = utils.getNAF;\nvar getJSF = utils.getJSF;\nvar assert = utils.assert;\n\nfunction BaseCurve(type, conf) {\n this.type = type;\n this.p = new BN(conf.p, 16);\n\n // Use Montgomery, when there is no fast reduction for the prime\n this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);\n\n // Useful for many curves\n this.zero = new BN(0).toRed(this.red);\n this.one = new BN(1).toRed(this.red);\n this.two = new BN(2).toRed(this.red);\n\n // Curve configuration, optional\n this.n = conf.n && new BN(conf.n, 16);\n this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);\n\n // Temporary arrays\n this._wnafT1 = new Array(4);\n this._wnafT2 = new Array(4);\n this._wnafT3 = new Array(4);\n this._wnafT4 = new Array(4);\n\n // Generalized Greg Maxwell's trick\n var adjustCount = this.n && this.p.div(this.n);\n if (!adjustCount || adjustCount.cmpn(100) > 0) {\n this.redN = null;\n } else {\n this._maxwellTrick = true;\n this.redN = this.n.toRed(this.red);\n }\n}\nmodule.exports = BaseCurve;\n\nBaseCurve.prototype.point = function point() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype.validate = function validate() {\n throw new Error('Not implemented');\n};\n\nBaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {\n assert(p.precomputed);\n var doubles = p._getDoubles();\n\n var naf = getNAF(k, 1);\n var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);\n I /= 3;\n\n // Translate into more windowed form\n var repr = [];\n for (var j = 0; j < naf.length; j += doubles.step) {\n var nafW = 0;\n for (var k = j + doubles.step - 1; k >= j; k--)\n nafW = (nafW << 1) + naf[k];\n repr.push(nafW);\n }\n\n var a = this.jpoint(null, null, null);\n var b = this.jpoint(null, null, null);\n for (var i = I; i > 0; i--) {\n for (var j = 0; j < repr.length; j++) {\n var nafW = repr[j];\n if (nafW === i)\n b = b.mixedAdd(doubles.points[j]);\n else if (nafW === -i)\n b = b.mixedAdd(doubles.points[j].neg());\n }\n a = a.add(b);\n }\n return a.toP();\n};\n\nBaseCurve.prototype._wnafMul = function _wnafMul(p, k) {\n var w = 4;\n\n // Precompute window\n var nafPoints = p._getNAFPoints(w);\n w = nafPoints.wnd;\n var wnd = nafPoints.points;\n\n // Get NAF form\n var naf = getNAF(k, w);\n\n // Add `this`*(N+1) for every w-NAF index\n var acc = this.jpoint(null, null, null);\n for (var i = naf.length - 1; i >= 0; i--) {\n // Count zeroes\n for (var k = 0; i >= 0 && naf[i] === 0; i--)\n k++;\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n\n if (i < 0)\n break;\n var z = naf[i];\n assert(z !== 0);\n if (p.type === 'affine') {\n // J +- P\n if (z > 0)\n acc = acc.mixedAdd(wnd[(z - 1) >> 1]);\n else\n acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());\n } else {\n // J +- J\n if (z > 0)\n acc = acc.add(wnd[(z - 1) >> 1]);\n else\n acc = acc.add(wnd[(-z - 1) >> 1].neg());\n }\n }\n return p.type === 'affine' ? acc.toP() : acc;\n};\n\nBaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,\n points,\n coeffs,\n len,\n jacobianResult) {\n var wndWidth = this._wnafT1;\n var wnd = this._wnafT2;\n var naf = this._wnafT3;\n\n // Fill all arrays\n var max = 0;\n for (var i = 0; i < len; i++) {\n var p = points[i];\n var nafPoints = p._getNAFPoints(defW);\n wndWidth[i] = nafPoints.wnd;\n wnd[i] = nafPoints.points;\n }\n\n // Comb small window NAFs\n for (var i = len - 1; i >= 1; i -= 2) {\n var a = i - 1;\n var b = i;\n if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {\n naf[a] = getNAF(coeffs[a], wndWidth[a]);\n naf[b] = getNAF(coeffs[b], wndWidth[b]);\n max = Math.max(naf[a].length, max);\n max = Math.max(naf[b].length, max);\n continue;\n }\n\n var comb = [\n points[a], /* 1 */\n null, /* 3 */\n null, /* 5 */\n points[b] /* 7 */\n ];\n\n // Try to avoid Projective points, if possible\n if (points[a].y.cmp(points[b].y) === 0) {\n comb[1] = points[a].add(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].add(points[b].neg());\n } else {\n comb[1] = points[a].toJ().mixedAdd(points[b]);\n comb[2] = points[a].toJ().mixedAdd(points[b].neg());\n }\n\n var index = [\n -3, /* -1 -1 */\n -1, /* -1 0 */\n -5, /* -1 1 */\n -7, /* 0 -1 */\n 0, /* 0 0 */\n 7, /* 0 1 */\n 5, /* 1 -1 */\n 1, /* 1 0 */\n 3 /* 1 1 */\n ];\n\n var jsf = getJSF(coeffs[a], coeffs[b]);\n max = Math.max(jsf[0].length, max);\n naf[a] = new Array(max);\n naf[b] = new Array(max);\n for (var j = 0; j < max; j++) {\n var ja = jsf[0][j] | 0;\n var jb = jsf[1][j] | 0;\n\n naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];\n naf[b][j] = 0;\n wnd[a] = comb;\n }\n }\n\n var acc = this.jpoint(null, null, null);\n var tmp = this._wnafT4;\n for (var i = max; i >= 0; i--) {\n var k = 0;\n\n while (i >= 0) {\n var zero = true;\n for (var j = 0; j < len; j++) {\n tmp[j] = naf[j][i] | 0;\n if (tmp[j] !== 0)\n zero = false;\n }\n if (!zero)\n break;\n k++;\n i--;\n }\n if (i >= 0)\n k++;\n acc = acc.dblp(k);\n if (i < 0)\n break;\n\n for (var j = 0; j < len; j++) {\n var z = tmp[j];\n var p;\n if (z === 0)\n continue;\n else if (z > 0)\n p = wnd[j][(z - 1) >> 1];\n else if (z < 0)\n p = wnd[j][(-z - 1) >> 1].neg();\n\n if (p.type === 'affine')\n acc = acc.mixedAdd(p);\n else\n acc = acc.add(p);\n }\n }\n // Zeroify references\n for (var i = 0; i < len; i++)\n wnd[i] = null;\n\n if (jacobianResult)\n return acc;\n else\n return acc.toP();\n};\n\nfunction BasePoint(curve, type) {\n this.curve = curve;\n this.type = type;\n this.precomputed = null;\n}\nBaseCurve.BasePoint = BasePoint;\n\nBasePoint.prototype.eq = function eq(/*other*/) {\n throw new Error('Not implemented');\n};\n\nBasePoint.prototype.validate = function validate() {\n return this.curve.validate(this);\n};\n\nBaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n bytes = utils.toArray(bytes, enc);\n\n var len = this.p.byteLength();\n\n // uncompressed, hybrid-odd, hybrid-even\n if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&\n bytes.length - 1 === 2 * len) {\n if (bytes[0] === 0x06)\n assert(bytes[bytes.length - 1] % 2 === 0);\n else if (bytes[0] === 0x07)\n assert(bytes[bytes.length - 1] % 2 === 1);\n\n var res = this.point(bytes.slice(1, 1 + len),\n bytes.slice(1 + len, 1 + 2 * len));\n\n return res;\n } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&\n bytes.length - 1 === len) {\n return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);\n }\n throw new Error('Unknown point format');\n};\n\nBasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {\n return this.encode(enc, true);\n};\n\nBasePoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n var x = this.getX().toArray('be', len);\n\n if (compact)\n return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);\n\n return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;\n};\n\nBasePoint.prototype.encode = function encode(enc, compact) {\n return utils.encode(this._encode(compact), enc);\n};\n\nBasePoint.prototype.precompute = function precompute(power) {\n if (this.precomputed)\n return this;\n\n var precomputed = {\n doubles: null,\n naf: null,\n beta: null\n };\n precomputed.naf = this._getNAFPoints(8);\n precomputed.doubles = this._getDoubles(4, power);\n precomputed.beta = this._getBeta();\n this.precomputed = precomputed;\n\n return this;\n};\n\nBasePoint.prototype._hasDoubles = function _hasDoubles(k) {\n if (!this.precomputed)\n return false;\n\n var doubles = this.precomputed.doubles;\n if (!doubles)\n return false;\n\n return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);\n};\n\nBasePoint.prototype._getDoubles = function _getDoubles(step, power) {\n if (this.precomputed && this.precomputed.doubles)\n return this.precomputed.doubles;\n\n var doubles = [ this ];\n var acc = this;\n for (var i = 0; i < power; i += step) {\n for (var j = 0; j < step; j++)\n acc = acc.dbl();\n doubles.push(acc);\n }\n return {\n step: step,\n points: doubles\n };\n};\n\nBasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {\n if (this.precomputed && this.precomputed.naf)\n return this.precomputed.naf;\n\n var res = [ this ];\n var max = (1 << wnd) - 1;\n var dbl = max === 1 ? null : this.dbl();\n for (var i = 1; i < max; i++)\n res[i] = res[i - 1].add(dbl);\n return {\n wnd: wnd,\n points: res\n };\n};\n\nBasePoint.prototype._getBeta = function _getBeta() {\n return null;\n};\n\nBasePoint.prototype.dblp = function dblp(k) {\n var r = this;\n for (var i = 0; i < k; i++)\n r = r.dbl();\n return r;\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction ShortCurve(conf) {\n Base.call(this, 'short', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.tinv = this.two.redInvm();\n\n this.zeroA = this.a.fromRed().cmpn(0) === 0;\n this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;\n\n // If the curve is endomorphic, precalculate beta and lambda\n this.endo = this._getEndomorphism(conf);\n this._endoWnafT1 = new Array(4);\n this._endoWnafT2 = new Array(4);\n}\ninherits(ShortCurve, Base);\nmodule.exports = ShortCurve;\n\nShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {\n // No efficient endomorphism\n if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)\n return;\n\n // Compute beta and lambda, that lambda * P = (beta * Px; Py)\n var beta;\n var lambda;\n if (conf.beta) {\n beta = new BN(conf.beta, 16).toRed(this.red);\n } else {\n var betas = this._getEndoRoots(this.p);\n // Choose the smallest beta\n beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];\n beta = beta.toRed(this.red);\n }\n if (conf.lambda) {\n lambda = new BN(conf.lambda, 16);\n } else {\n // Choose the lambda that is matching selected beta\n var lambdas = this._getEndoRoots(this.n);\n if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {\n lambda = lambdas[0];\n } else {\n lambda = lambdas[1];\n assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);\n }\n }\n\n // Get basis vectors, used for balanced length-two representation\n var basis;\n if (conf.basis) {\n basis = conf.basis.map(function(vec) {\n return {\n a: new BN(vec.a, 16),\n b: new BN(vec.b, 16)\n };\n });\n } else {\n basis = this._getEndoBasis(lambda);\n }\n\n return {\n beta: beta,\n lambda: lambda,\n basis: basis\n };\n};\n\nShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {\n // Find roots of for x^2 + x + 1 in F\n // Root = (-1 +- Sqrt(-3)) / 2\n //\n var red = num === this.p ? this.red : BN.mont(num);\n var tinv = new BN(2).toRed(red).redInvm();\n var ntinv = tinv.redNeg();\n\n var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);\n\n var l1 = ntinv.redAdd(s).fromRed();\n var l2 = ntinv.redSub(s).fromRed();\n return [ l1, l2 ];\n};\n\nShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {\n // aprxSqrt >= sqrt(this.n)\n var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));\n\n // 3.74\n // Run EGCD, until r(L + 1) < aprxSqrt\n var u = lambda;\n var v = this.n.clone();\n var x1 = new BN(1);\n var y1 = new BN(0);\n var x2 = new BN(0);\n var y2 = new BN(1);\n\n // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)\n var a0;\n var b0;\n // First vector\n var a1;\n var b1;\n // Second vector\n var a2;\n var b2;\n\n var prevR;\n var i = 0;\n var r;\n var x;\n while (u.cmpn(0) !== 0) {\n var q = v.div(u);\n r = v.sub(q.mul(u));\n x = x2.sub(q.mul(x1));\n var y = y2.sub(q.mul(y1));\n\n if (!a1 && r.cmp(aprxSqrt) < 0) {\n a0 = prevR.neg();\n b0 = x1;\n a1 = r.neg();\n b1 = x;\n } else if (a1 && ++i === 2) {\n break;\n }\n prevR = r;\n\n v = u;\n u = r;\n x2 = x1;\n x1 = x;\n y2 = y1;\n y1 = y;\n }\n a2 = r.neg();\n b2 = x;\n\n var len1 = a1.sqr().add(b1.sqr());\n var len2 = a2.sqr().add(b2.sqr());\n if (len2.cmp(len1) >= 0) {\n a2 = a0;\n b2 = b0;\n }\n\n // Normalize signs\n if (a1.negative) {\n a1 = a1.neg();\n b1 = b1.neg();\n }\n if (a2.negative) {\n a2 = a2.neg();\n b2 = b2.neg();\n }\n\n return [\n { a: a1, b: b1 },\n { a: a2, b: b2 }\n ];\n};\n\nShortCurve.prototype._endoSplit = function _endoSplit(k) {\n var basis = this.endo.basis;\n var v1 = basis[0];\n var v2 = basis[1];\n\n var c1 = v2.b.mul(k).divRound(this.n);\n var c2 = v1.b.neg().mul(k).divRound(this.n);\n\n var p1 = c1.mul(v1.a);\n var p2 = c2.mul(v2.a);\n var q1 = c1.mul(v1.b);\n var q2 = c2.mul(v2.b);\n\n // Calculate answer\n var k1 = k.sub(p1).sub(p2);\n var k2 = q1.add(q2).neg();\n return { k1: k1, k2: k2 };\n};\n\nShortCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n // XXX Is there any way to tell if the number is odd without converting it\n // to non-red form?\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nShortCurve.prototype.validate = function validate(point) {\n if (point.inf)\n return true;\n\n var x = point.x;\n var y = point.y;\n\n var ax = this.a.redMul(x);\n var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);\n return y.redSqr().redISub(rhs).cmpn(0) === 0;\n};\n\nShortCurve.prototype._endoWnafMulAdd =\n function _endoWnafMulAdd(points, coeffs, jacobianResult) {\n var npoints = this._endoWnafT1;\n var ncoeffs = this._endoWnafT2;\n for (var i = 0; i < points.length; i++) {\n var split = this._endoSplit(coeffs[i]);\n var p = points[i];\n var beta = p._getBeta();\n\n if (split.k1.negative) {\n split.k1.ineg();\n p = p.neg(true);\n }\n if (split.k2.negative) {\n split.k2.ineg();\n beta = beta.neg(true);\n }\n\n npoints[i * 2] = p;\n npoints[i * 2 + 1] = beta;\n ncoeffs[i * 2] = split.k1;\n ncoeffs[i * 2 + 1] = split.k2;\n }\n var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);\n\n // Clean-up references to points and coefficients\n for (var j = 0; j < i * 2; j++) {\n npoints[j] = null;\n ncoeffs[j] = null;\n }\n return res;\n};\n\nfunction Point(curve, x, y, isRed) {\n Base.BasePoint.call(this, curve, 'affine');\n if (x === null && y === null) {\n this.x = null;\n this.y = null;\n this.inf = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n // Force redgomery representation when loading from JSON\n if (isRed) {\n this.x.forceRed(this.curve.red);\n this.y.forceRed(this.curve.red);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n this.inf = false;\n }\n}\ninherits(Point, Base.BasePoint);\n\nShortCurve.prototype.point = function point(x, y, isRed) {\n return new Point(this, x, y, isRed);\n};\n\nShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {\n return Point.fromJSON(this, obj, red);\n};\n\nPoint.prototype._getBeta = function _getBeta() {\n if (!this.curve.endo)\n return;\n\n var pre = this.precomputed;\n if (pre && pre.beta)\n return pre.beta;\n\n var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);\n if (pre) {\n var curve = this.curve;\n var endoMul = function(p) {\n return curve.point(p.x.redMul(curve.endo.beta), p.y);\n };\n pre.beta = beta;\n beta.precomputed = {\n beta: null,\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(endoMul)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(endoMul)\n }\n };\n }\n return beta;\n};\n\nPoint.prototype.toJSON = function toJSON() {\n if (!this.precomputed)\n return [ this.x, this.y ];\n\n return [ this.x, this.y, this.precomputed && {\n doubles: this.precomputed.doubles && {\n step: this.precomputed.doubles.step,\n points: this.precomputed.doubles.points.slice(1)\n },\n naf: this.precomputed.naf && {\n wnd: this.precomputed.naf.wnd,\n points: this.precomputed.naf.points.slice(1)\n }\n } ];\n};\n\nPoint.fromJSON = function fromJSON(curve, obj, red) {\n if (typeof obj === 'string')\n obj = JSON.parse(obj);\n var res = curve.point(obj[0], obj[1], red);\n if (!obj[2])\n return res;\n\n function obj2point(obj) {\n return curve.point(obj[0], obj[1], red);\n }\n\n var pre = obj[2];\n res.precomputed = {\n beta: null,\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: [ res ].concat(pre.doubles.points.map(obj2point))\n },\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: [ res ].concat(pre.naf.points.map(obj2point))\n }\n };\n return res;\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n return this.inf;\n};\n\nPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.inf)\n return p;\n\n // P + O = P\n if (p.inf)\n return this;\n\n // P + P = 2P\n if (this.eq(p))\n return this.dbl();\n\n // P + (-P) = O\n if (this.neg().eq(p))\n return this.curve.point(null, null);\n\n // P + Q = O\n if (this.x.cmp(p.x) === 0)\n return this.curve.point(null, null);\n\n var c = this.y.redSub(p.y);\n if (c.cmpn(0) !== 0)\n c = c.redMul(this.x.redSub(p.x).redInvm());\n var nx = c.redSqr().redISub(this.x).redISub(p.x);\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.inf)\n return this;\n\n // 2P = O\n var ys1 = this.y.redAdd(this.y);\n if (ys1.cmpn(0) === 0)\n return this.curve.point(null, null);\n\n var a = this.curve.a;\n\n var x2 = this.x.redSqr();\n var dyinv = ys1.redInvm();\n var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);\n\n var nx = c.redSqr().redISub(this.x.redAdd(this.x));\n var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);\n return this.curve.point(nx, ny);\n};\n\nPoint.prototype.getX = function getX() {\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n return this.y.fromRed();\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n if (this.isInfinity())\n return this;\n else if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else if (this.curve.endo)\n return this.curve._endoWnafMulAdd([ this ], [ k ]);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {\n var points = [ this, p2 ];\n var coeffs = [ k1, k2 ];\n if (this.curve.endo)\n return this.curve._endoWnafMulAdd(points, coeffs, true);\n else\n return this.curve._wnafMulAdd(1, points, coeffs, 2, true);\n};\n\nPoint.prototype.eq = function eq(p) {\n return this === p ||\n this.inf === p.inf &&\n (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);\n};\n\nPoint.prototype.neg = function neg(_precompute) {\n if (this.inf)\n return this;\n\n var res = this.curve.point(this.x, this.y.redNeg());\n if (_precompute && this.precomputed) {\n var pre = this.precomputed;\n var negate = function(p) {\n return p.neg();\n };\n res.precomputed = {\n naf: pre.naf && {\n wnd: pre.naf.wnd,\n points: pre.naf.points.map(negate)\n },\n doubles: pre.doubles && {\n step: pre.doubles.step,\n points: pre.doubles.points.map(negate)\n }\n };\n }\n return res;\n};\n\nPoint.prototype.toJ = function toJ() {\n if (this.inf)\n return this.curve.jpoint(null, null, null);\n\n var res = this.curve.jpoint(this.x, this.y, this.curve.one);\n return res;\n};\n\nfunction JPoint(curve, x, y, z) {\n Base.BasePoint.call(this, curve, 'jacobian');\n if (x === null && y === null && z === null) {\n this.x = this.curve.one;\n this.y = this.curve.one;\n this.z = new BN(0);\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = new BN(z, 16);\n }\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n\n this.zOne = this.z === this.curve.one;\n}\ninherits(JPoint, Base.BasePoint);\n\nShortCurve.prototype.jpoint = function jpoint(x, y, z) {\n return new JPoint(this, x, y, z);\n};\n\nJPoint.prototype.toP = function toP() {\n if (this.isInfinity())\n return this.curve.point(null, null);\n\n var zinv = this.z.redInvm();\n var zinv2 = zinv.redSqr();\n var ax = this.x.redMul(zinv2);\n var ay = this.y.redMul(zinv2).redMul(zinv);\n\n return this.curve.point(ax, ay);\n};\n\nJPoint.prototype.neg = function neg() {\n return this.curve.jpoint(this.x, this.y.redNeg(), this.z);\n};\n\nJPoint.prototype.add = function add(p) {\n // O + P = P\n if (this.isInfinity())\n return p;\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 12M + 4S + 7A\n var pz2 = p.z.redSqr();\n var z2 = this.z.redSqr();\n var u1 = this.x.redMul(pz2);\n var u2 = p.x.redMul(z2);\n var s1 = this.y.redMul(pz2.redMul(p.z));\n var s2 = p.y.redMul(z2.redMul(this.z));\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(p.z).redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mixedAdd = function mixedAdd(p) {\n // O + P = P\n if (this.isInfinity())\n return p.toJ();\n\n // P + O = P\n if (p.isInfinity())\n return this;\n\n // 8M + 3S + 7A\n var z2 = this.z.redSqr();\n var u1 = this.x;\n var u2 = p.x.redMul(z2);\n var s1 = this.y;\n var s2 = p.y.redMul(z2).redMul(this.z);\n\n var h = u1.redSub(u2);\n var r = s1.redSub(s2);\n if (h.cmpn(0) === 0) {\n if (r.cmpn(0) !== 0)\n return this.curve.jpoint(null, null, null);\n else\n return this.dbl();\n }\n\n var h2 = h.redSqr();\n var h3 = h2.redMul(h);\n var v = u1.redMul(h2);\n\n var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);\n var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));\n var nz = this.z.redMul(h);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.dblp = function dblp(pow) {\n if (pow === 0)\n return this;\n if (this.isInfinity())\n return this;\n if (!pow)\n return this.dbl();\n\n if (this.curve.zeroA || this.curve.threeA) {\n var r = this;\n for (var i = 0; i < pow; i++)\n r = r.dbl();\n return r;\n }\n\n // 1M + 2S + 1A + N * (4S + 5M + 8A)\n // N = 1 => 6M + 6S + 9A\n var a = this.curve.a;\n var tinv = this.curve.tinv;\n\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n // Reuse results\n var jyd = jy.redAdd(jy);\n for (var i = 0; i < pow; i++) {\n var jx2 = jx.redSqr();\n var jyd2 = jyd.redSqr();\n var jyd4 = jyd2.redSqr();\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var t1 = jx.redMul(jyd2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n var dny = c.redMul(t2);\n dny = dny.redIAdd(dny).redISub(jyd4);\n var nz = jyd.redMul(jz);\n if (i + 1 < pow)\n jz4 = jz4.redMul(jyd4);\n\n jx = nx;\n jz = nz;\n jyd = dny;\n }\n\n return this.curve.jpoint(jx, jyd.redMul(tinv), jz);\n};\n\nJPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n if (this.curve.zeroA)\n return this._zeroDbl();\n else if (this.curve.threeA)\n return this._threeDbl();\n else\n return this._dbl();\n};\n\nJPoint.prototype._zeroDbl = function _zeroDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 14A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // T = M ^ 2 - 2*S\n var t = m.redSqr().redISub(s).redISub(s);\n\n // 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2*Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html\n // #doubling-dbl-2009-l\n // 2M + 5S + 13A\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = B^2\n var c = b.redSqr();\n // D = 2 * ((X1 + B)^2 - A - C)\n var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);\n d = d.redIAdd(d);\n // E = 3 * A\n var e = a.redAdd(a).redIAdd(a);\n // F = E^2\n var f = e.redSqr();\n\n // 8 * C\n var c8 = c.redIAdd(c);\n c8 = c8.redIAdd(c8);\n c8 = c8.redIAdd(c8);\n\n // X3 = F - 2 * D\n nx = f.redISub(d).redISub(d);\n // Y3 = E * (D - X3) - 8 * C\n ny = e.redMul(d.redISub(nx)).redISub(c8);\n // Z3 = 2 * Y1 * Z1\n nz = this.y.redMul(this.z);\n nz = nz.redIAdd(nz);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._threeDbl = function _threeDbl() {\n var nx;\n var ny;\n var nz;\n // Z = 1\n if (this.zOne) {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html\n // #doubling-mdbl-2007-bl\n // 1M + 5S + 15A\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // S = 2 * ((X1 + YY)^2 - XX - YYYY)\n var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n s = s.redIAdd(s);\n // M = 3 * XX + a\n var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);\n // T = M^2 - 2 * S\n var t = m.redSqr().redISub(s).redISub(s);\n // X3 = T\n nx = t;\n // Y3 = M * (S - T) - 8 * YYYY\n var yyyy8 = yyyy.redIAdd(yyyy);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n yyyy8 = yyyy8.redIAdd(yyyy8);\n ny = m.redMul(s.redISub(t)).redISub(yyyy8);\n // Z3 = 2 * Y1\n nz = this.y.redAdd(this.y);\n } else {\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b\n // 3M + 5S\n\n // delta = Z1^2\n var delta = this.z.redSqr();\n // gamma = Y1^2\n var gamma = this.y.redSqr();\n // beta = X1 * gamma\n var beta = this.x.redMul(gamma);\n // alpha = 3 * (X1 - delta) * (X1 + delta)\n var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));\n alpha = alpha.redAdd(alpha).redIAdd(alpha);\n // X3 = alpha^2 - 8 * beta\n var beta4 = beta.redIAdd(beta);\n beta4 = beta4.redIAdd(beta4);\n var beta8 = beta4.redAdd(beta4);\n nx = alpha.redSqr().redISub(beta8);\n // Z3 = (Y1 + Z1)^2 - gamma - delta\n nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);\n // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2\n var ggamma8 = gamma.redSqr();\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ggamma8 = ggamma8.redIAdd(ggamma8);\n ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);\n }\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype._dbl = function _dbl() {\n var a = this.curve.a;\n\n // 4M + 6S + 10A\n var jx = this.x;\n var jy = this.y;\n var jz = this.z;\n var jz4 = jz.redSqr().redSqr();\n\n var jx2 = jx.redSqr();\n var jy2 = jy.redSqr();\n\n var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));\n\n var jxd4 = jx.redAdd(jx);\n jxd4 = jxd4.redIAdd(jxd4);\n var t1 = jxd4.redMul(jy2);\n var nx = c.redSqr().redISub(t1.redAdd(t1));\n var t2 = t1.redISub(nx);\n\n var jyd8 = jy2.redSqr();\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n jyd8 = jyd8.redIAdd(jyd8);\n var ny = c.redMul(t2).redISub(jyd8);\n var nz = jy.redAdd(jy).redMul(jz);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.trpl = function trpl() {\n if (!this.curve.zeroA)\n return this.dbl().add(this);\n\n // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl\n // 5M + 10S + ...\n\n // XX = X1^2\n var xx = this.x.redSqr();\n // YY = Y1^2\n var yy = this.y.redSqr();\n // ZZ = Z1^2\n var zz = this.z.redSqr();\n // YYYY = YY^2\n var yyyy = yy.redSqr();\n // M = 3 * XX + a * ZZ2; a = 0\n var m = xx.redAdd(xx).redIAdd(xx);\n // MM = M^2\n var mm = m.redSqr();\n // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM\n var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);\n e = e.redIAdd(e);\n e = e.redAdd(e).redIAdd(e);\n e = e.redISub(mm);\n // EE = E^2\n var ee = e.redSqr();\n // T = 16*YYYY\n var t = yyyy.redIAdd(yyyy);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n t = t.redIAdd(t);\n // U = (M + E)^2 - MM - EE - T\n var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);\n // X3 = 4 * (X1 * EE - 4 * YY * U)\n var yyu4 = yy.redMul(u);\n yyu4 = yyu4.redIAdd(yyu4);\n yyu4 = yyu4.redIAdd(yyu4);\n var nx = this.x.redMul(ee).redISub(yyu4);\n nx = nx.redIAdd(nx);\n nx = nx.redIAdd(nx);\n // Y3 = 8 * Y1 * (U * (T - U) - E * EE)\n var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n ny = ny.redIAdd(ny);\n // Z3 = (Z1 + E)^2 - ZZ - EE\n var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);\n\n return this.curve.jpoint(nx, ny, nz);\n};\n\nJPoint.prototype.mul = function mul(k, kbase) {\n k = new BN(k, kbase);\n\n return this.curve._wnafMul(this, k);\n};\n\nJPoint.prototype.eq = function eq(p) {\n if (p.type === 'affine')\n return this.eq(p.toJ());\n\n if (this === p)\n return true;\n\n // x1 * z2^2 == x2 * z1^2\n var z2 = this.z.redSqr();\n var pz2 = p.z.redSqr();\n if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)\n return false;\n\n // y1 * z2^3 == y2 * z1^3\n var z3 = z2.redMul(this.z);\n var pz3 = pz2.redMul(p.z);\n return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;\n};\n\nJPoint.prototype.eqXToP = function eqXToP(x) {\n var zs = this.z.redSqr();\n var rx = x.toRed(this.curve.red).redMul(zs);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(zs);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\nJPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nJPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar utils = require('../utils');\n\nfunction MontCurve(conf) {\n Base.call(this, 'mont', conf);\n\n this.a = new BN(conf.a, 16).toRed(this.red);\n this.b = new BN(conf.b, 16).toRed(this.red);\n this.i4 = new BN(4).toRed(this.red).redInvm();\n this.two = new BN(2).toRed(this.red);\n // Note: this implementation is according to the original paper\n // by P. Montgomery, NOT the one by D. J. Bernstein.\n this.a24 = this.i4.redMul(this.a.redAdd(this.two));\n}\ninherits(MontCurve, Base);\nmodule.exports = MontCurve;\n\nMontCurve.prototype.validate = function validate(point) {\n var x = point.normalize().x;\n var x2 = x.redSqr();\n var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);\n var y = rhs.redSqrt();\n\n return y.redSqr().cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, z) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && z === null) {\n this.x = this.curve.one;\n this.z = this.curve.zero;\n } else {\n this.x = new BN(x, 16);\n this.z = new BN(z, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n }\n}\ninherits(Point, Base.BasePoint);\n\nMontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {\n var bytes = utils.toArray(bytes, enc);\n\n // TODO Curve448\n // Montgomery curve points must be represented in the compressed format\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (bytes.length === 33 && bytes[0] === 0x40)\n bytes = bytes.slice(1, 33).reverse(); // point must be little-endian\n if (bytes.length !== 32)\n throw new Error('Unknown point compression format');\n return this.point(bytes, 1);\n};\n\nMontCurve.prototype.point = function point(x, z) {\n return new Point(this, x, z);\n};\n\nMontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nPoint.prototype.precompute = function precompute() {\n // No-op\n};\n\nPoint.prototype._encode = function _encode(compact) {\n var len = this.curve.p.byteLength();\n\n // Note: the output should always be little-endian\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n if (compact) {\n return [ 0x40 ].concat(this.getX().toArray('le', len));\n } else {\n return this.getX().toArray('be', len);\n }\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1] || curve.one);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.z.cmpn(0) === 0;\n};\n\nPoint.prototype.dbl = function dbl() {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3\n // 2M + 2S + 4A\n\n // A = X1 + Z1\n var a = this.x.redAdd(this.z);\n // AA = A^2\n var aa = a.redSqr();\n // B = X1 - Z1\n var b = this.x.redSub(this.z);\n // BB = B^2\n var bb = b.redSqr();\n // C = AA - BB\n var c = aa.redSub(bb);\n // X3 = AA * BB\n var nx = aa.redMul(bb);\n // Z3 = C * (BB + A24 * C)\n var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.add = function add() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.diffAdd = function diffAdd(p, diff) {\n // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3\n // 4M + 2S + 6A\n\n // A = X2 + Z2\n var a = this.x.redAdd(this.z);\n // B = X2 - Z2\n var b = this.x.redSub(this.z);\n // C = X3 + Z3\n var c = p.x.redAdd(p.z);\n // D = X3 - Z3\n var d = p.x.redSub(p.z);\n // DA = D * A\n var da = d.redMul(a);\n // CB = C * B\n var cb = c.redMul(b);\n // X5 = Z1 * (DA + CB)^2\n var nx = diff.z.redMul(da.redAdd(cb).redSqr());\n // Z5 = X1 * (DA - CB)^2\n var nz = diff.x.redMul(da.redISub(cb).redSqr());\n return this.curve.point(nx, nz);\n};\n\nPoint.prototype.mul = function mul(k) {\n k = new BN(k, 16);\n\n var t = k.clone();\n var a = this; // (N / 2) * Q + Q\n var b = this.curve.point(null, null); // (N / 2) * Q\n var c = this; // Q\n\n for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))\n bits.push(t.andln(1));\n\n for (var i = bits.length - 1; i >= 0; i--) {\n if (bits[i] === 0) {\n // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q\n a = a.diffAdd(b, c);\n // N * Q = 2 * ((N / 2) * Q + Q))\n b = b.dbl();\n } else {\n // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)\n b = a.diffAdd(b, c);\n // N * Q + Q = 2 * ((N / 2) * Q + Q)\n a = a.dbl();\n }\n }\n return b;\n};\n\nPoint.prototype.mulAdd = function mulAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.jumlAdd = function jumlAdd() {\n throw new Error('Not supported on Montgomery curve');\n};\n\nPoint.prototype.eq = function eq(other) {\n return this.getX().cmp(other.getX()) === 0;\n};\n\nPoint.prototype.normalize = function normalize() {\n this.x = this.x.redMul(this.z.redInvm());\n this.z = this.curve.one;\n return this;\n};\n\nPoint.prototype.getX = function getX() {\n // Normalize coordinates\n this.normalize();\n\n return this.x.fromRed();\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar BN = require('bn.js');\nvar inherits = require('inherits');\nvar Base = require('./base');\n\nvar assert = utils.assert;\n\nfunction EdwardsCurve(conf) {\n // NOTE: Important as we are creating point in Base.call()\n this.twisted = (conf.a | 0) !== 1;\n this.mOneA = this.twisted && (conf.a | 0) === -1;\n this.extended = this.mOneA;\n\n Base.call(this, 'edwards', conf);\n\n this.a = new BN(conf.a, 16).umod(this.red.m);\n this.a = this.a.toRed(this.red);\n this.c = new BN(conf.c, 16).toRed(this.red);\n this.c2 = this.c.redSqr();\n this.d = new BN(conf.d, 16).toRed(this.red);\n this.dd = this.d.redAdd(this.d);\n\n assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);\n this.oneC = (conf.c | 0) === 1;\n}\ninherits(EdwardsCurve, Base);\nmodule.exports = EdwardsCurve;\n\nEdwardsCurve.prototype._mulA = function _mulA(num) {\n if (this.mOneA)\n return num.redNeg();\n else\n return this.a.redMul(num);\n};\n\nEdwardsCurve.prototype._mulC = function _mulC(num) {\n if (this.oneC)\n return num;\n else\n return this.c.redMul(num);\n};\n\n// Just for compatibility with Short curve\nEdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {\n return this.point(x, y, z, t);\n};\n\nEdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {\n x = new BN(x, 16);\n if (!x.red)\n x = x.toRed(this.red);\n\n var x2 = x.redSqr();\n var rhs = this.c2.redSub(this.a.redMul(x2));\n var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));\n\n var y2 = rhs.redMul(lhs.redInvm());\n var y = y2.redSqrt();\n if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n var isOdd = y.fromRed().isOdd();\n if (odd && !isOdd || !odd && isOdd)\n y = y.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {\n y = new BN(y, 16);\n if (!y.red)\n y = y.toRed(this.red);\n\n // x^2 = (y^2 - c^2) / (c^2 d y^2 - a)\n var y2 = y.redSqr();\n var lhs = y2.redSub(this.c2);\n var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a);\n var x2 = lhs.redMul(rhs.redInvm());\n\n if (x2.cmp(this.zero) === 0) {\n if (odd)\n throw new Error('invalid point');\n else\n return this.point(this.zero, y);\n }\n\n var x = x2.redSqrt();\n if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)\n throw new Error('invalid point');\n\n if (x.fromRed().isOdd() !== odd)\n x = x.redNeg();\n\n return this.point(x, y);\n};\n\nEdwardsCurve.prototype.validate = function validate(point) {\n if (point.isInfinity())\n return true;\n\n // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)\n point.normalize();\n\n var x2 = point.x.redSqr();\n var y2 = point.y.redSqr();\n var lhs = x2.redMul(this.a).redAdd(y2);\n var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));\n\n return lhs.cmp(rhs) === 0;\n};\n\nfunction Point(curve, x, y, z, t) {\n Base.BasePoint.call(this, curve, 'projective');\n if (x === null && y === null && z === null) {\n this.x = this.curve.zero;\n this.y = this.curve.one;\n this.z = this.curve.one;\n this.t = this.curve.zero;\n this.zOne = true;\n } else {\n this.x = new BN(x, 16);\n this.y = new BN(y, 16);\n this.z = z ? new BN(z, 16) : this.curve.one;\n this.t = t && new BN(t, 16);\n if (!this.x.red)\n this.x = this.x.toRed(this.curve.red);\n if (!this.y.red)\n this.y = this.y.toRed(this.curve.red);\n if (!this.z.red)\n this.z = this.z.toRed(this.curve.red);\n if (this.t && !this.t.red)\n this.t = this.t.toRed(this.curve.red);\n this.zOne = this.z === this.curve.one;\n\n // Use extended coordinates\n if (this.curve.extended && !this.t) {\n this.t = this.x.redMul(this.y);\n if (!this.zOne)\n this.t = this.t.redMul(this.z.redInvm());\n }\n }\n}\ninherits(Point, Base.BasePoint);\n\nEdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {\n return Point.fromJSON(this, obj);\n};\n\nEdwardsCurve.prototype.point = function point(x, y, z, t) {\n return new Point(this, x, y, z, t);\n};\n\nPoint.fromJSON = function fromJSON(curve, obj) {\n return new Point(curve, obj[0], obj[1], obj[2]);\n};\n\nPoint.prototype.inspect = function inspect() {\n if (this.isInfinity())\n return '';\n return '';\n};\n\nPoint.prototype.isInfinity = function isInfinity() {\n // XXX This code assumes that zero is always zero in red\n return this.x.cmpn(0) === 0 &&\n (this.y.cmp(this.z) === 0 ||\n (this.zOne && this.y.cmp(this.curve.c) === 0));\n};\n\nPoint.prototype._extDbl = function _extDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #doubling-dbl-2008-hwcd\n // 4M + 4S\n\n // A = X1^2\n var a = this.x.redSqr();\n // B = Y1^2\n var b = this.y.redSqr();\n // C = 2 * Z1^2\n var c = this.z.redSqr();\n c = c.redIAdd(c);\n // D = a * A\n var d = this.curve._mulA(a);\n // E = (X1 + Y1)^2 - A - B\n var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);\n // G = D + B\n var g = d.redAdd(b);\n // F = G - C\n var f = g.redSub(c);\n // H = D - B\n var h = d.redSub(b);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projDbl = function _projDbl() {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #doubling-dbl-2008-bbjlp\n // #doubling-dbl-2007-bl\n // and others\n // Generally 3M + 4S or 2M + 4S\n\n // B = (X1 + Y1)^2\n var b = this.x.redAdd(this.y).redSqr();\n // C = X1^2\n var c = this.x.redSqr();\n // D = Y1^2\n var d = this.y.redSqr();\n\n var nx;\n var ny;\n var nz;\n if (this.curve.twisted) {\n // E = a * C\n var e = this.curve._mulA(c);\n // F = E + D\n var f = e.redAdd(d);\n if (this.zOne) {\n // X3 = (B - C - D) * (F - 2)\n nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F^2 - 2 * F\n nz = f.redSqr().redSub(f).redSub(f);\n } else {\n // H = Z1^2\n var h = this.z.redSqr();\n // J = F - 2 * H\n var j = f.redSub(h).redISub(h);\n // X3 = (B-C-D)*J\n nx = b.redSub(c).redISub(d).redMul(j);\n // Y3 = F * (E - D)\n ny = f.redMul(e.redSub(d));\n // Z3 = F * J\n nz = f.redMul(j);\n }\n } else {\n // E = C + D\n var e = c.redAdd(d);\n // H = (c * Z1)^2\n var h = this.curve._mulC(this.z).redSqr();\n // J = E - 2 * H\n var j = e.redSub(h).redSub(h);\n // X3 = c * (B - E) * J\n nx = this.curve._mulC(b.redISub(e)).redMul(j);\n // Y3 = c * E * (C - D)\n ny = this.curve._mulC(e).redMul(c.redISub(d));\n // Z3 = E * J\n nz = e.redMul(j);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.dbl = function dbl() {\n if (this.isInfinity())\n return this;\n\n // Double in extended coordinates\n if (this.curve.extended)\n return this._extDbl();\n else\n return this._projDbl();\n};\n\nPoint.prototype._extAdd = function _extAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html\n // #addition-add-2008-hwcd-3\n // 8M\n\n // A = (Y1 - X1) * (Y2 - X2)\n var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));\n // B = (Y1 + X1) * (Y2 + X2)\n var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));\n // C = T1 * k * T2\n var c = this.t.redMul(this.curve.dd).redMul(p.t);\n // D = Z1 * 2 * Z2\n var d = this.z.redMul(p.z.redAdd(p.z));\n // E = B - A\n var e = b.redSub(a);\n // F = D - C\n var f = d.redSub(c);\n // G = D + C\n var g = d.redAdd(c);\n // H = B + A\n var h = b.redAdd(a);\n // X3 = E * F\n var nx = e.redMul(f);\n // Y3 = G * H\n var ny = g.redMul(h);\n // T3 = E * H\n var nt = e.redMul(h);\n // Z3 = F * G\n var nz = f.redMul(g);\n return this.curve.point(nx, ny, nz, nt);\n};\n\nPoint.prototype._projAdd = function _projAdd(p) {\n // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html\n // #addition-add-2008-bbjlp\n // #addition-add-2007-bl\n // 10M + 1S\n\n // A = Z1 * Z2\n var a = this.z.redMul(p.z);\n // B = A^2\n var b = a.redSqr();\n // C = X1 * X2\n var c = this.x.redMul(p.x);\n // D = Y1 * Y2\n var d = this.y.redMul(p.y);\n // E = d * C * D\n var e = this.curve.d.redMul(c).redMul(d);\n // F = B - E\n var f = b.redSub(e);\n // G = B + E\n var g = b.redAdd(e);\n // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)\n var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);\n var nx = a.redMul(f).redMul(tmp);\n var ny;\n var nz;\n if (this.curve.twisted) {\n // Y3 = A * G * (D - a * C)\n ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));\n // Z3 = F * G\n nz = f.redMul(g);\n } else {\n // Y3 = A * G * (D - C)\n ny = a.redMul(g).redMul(d.redSub(c));\n // Z3 = c * F * G\n nz = this.curve._mulC(f).redMul(g);\n }\n return this.curve.point(nx, ny, nz);\n};\n\nPoint.prototype.add = function add(p) {\n if (this.isInfinity())\n return p;\n if (p.isInfinity())\n return this;\n\n if (this.curve.extended)\n return this._extAdd(p);\n else\n return this._projAdd(p);\n};\n\nPoint.prototype.mul = function mul(k) {\n if (this._hasDoubles(k))\n return this.curve._fixedNafMul(this, k);\n else\n return this.curve._wnafMul(this, k);\n};\n\nPoint.prototype.mulAdd = function mulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);\n};\n\nPoint.prototype.jmulAdd = function jmulAdd(k1, p, k2) {\n return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);\n};\n\nPoint.prototype.normalize = function normalize() {\n if (this.zOne)\n return this;\n\n // Normalize coordinates\n var zi = this.z.redInvm();\n this.x = this.x.redMul(zi);\n this.y = this.y.redMul(zi);\n if (this.t)\n this.t = this.t.redMul(zi);\n this.z = this.curve.one;\n this.zOne = true;\n return this;\n};\n\nPoint.prototype.neg = function neg() {\n return this.curve.point(this.x.redNeg(),\n this.y,\n this.z,\n this.t && this.t.redNeg());\n};\n\nPoint.prototype.getX = function getX() {\n this.normalize();\n return this.x.fromRed();\n};\n\nPoint.prototype.getY = function getY() {\n this.normalize();\n return this.y.fromRed();\n};\n\nPoint.prototype.eq = function eq(other) {\n return this === other ||\n this.getX().cmp(other.getX()) === 0 &&\n this.getY().cmp(other.getY()) === 0;\n};\n\nPoint.prototype.eqXToP = function eqXToP(x) {\n var rx = x.toRed(this.curve.red).redMul(this.z);\n if (this.x.cmp(rx) === 0)\n return true;\n\n var xc = x.clone();\n var t = this.curve.redN.redMul(this.z);\n for (;;) {\n xc.iadd(this.curve.n);\n if (xc.cmp(this.curve.p) >= 0)\n return false;\n\n rx.redIAdd(t);\n if (this.x.cmp(rx) === 0)\n return true;\n }\n};\n\n// Compatibility with BaseCurve\nPoint.prototype.toP = Point.prototype.normalize;\nPoint.prototype.mixedAdd = Point.prototype.add;\n","'use strict';\n\nvar curve = exports;\n\ncurve.base = require('./base');\ncurve.short = require('./short');\ncurve.mont = require('./mont');\ncurve.edwards = require('./edwards');\n","'use strict';\n\nvar utils = require('../utils');\nvar common = require('../common');\nvar shaCommon = require('./common');\n\nvar rotl32 = utils.rotl32;\nvar sum32 = utils.sum32;\nvar sum32_5 = utils.sum32_5;\nvar ft_1 = shaCommon.ft_1;\nvar BlockHash = common.BlockHash;\n\nvar sha1_K = [\n 0x5A827999, 0x6ED9EBA1,\n 0x8F1BBCDC, 0xCA62C1D6\n];\n\nfunction SHA1() {\n if (!(this instanceof SHA1))\n return new SHA1();\n\n BlockHash.call(this);\n this.h = [\n 0x67452301, 0xefcdab89, 0x98badcfe,\n 0x10325476, 0xc3d2e1f0 ];\n this.W = new Array(80);\n}\n\nutils.inherits(SHA1, BlockHash);\nmodule.exports = SHA1;\n\nSHA1.blockSize = 512;\nSHA1.outSize = 160;\nSHA1.hmacStrength = 80;\nSHA1.padLength = 64;\n\nSHA1.prototype._update = function _update(msg, start) {\n var W = this.W;\n\n for (var i = 0; i < 16; i++)\n W[i] = msg[start + i];\n\n for(; i < W.length; i++)\n W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);\n\n var a = this.h[0];\n var b = this.h[1];\n var c = this.h[2];\n var d = this.h[3];\n var e = this.h[4];\n\n for (i = 0; i < W.length; i++) {\n var s = ~~(i / 20);\n var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);\n e = d;\n d = c;\n c = rotl32(b, 30);\n b = a;\n a = t;\n }\n\n this.h[0] = sum32(this.h[0], a);\n this.h[1] = sum32(this.h[1], b);\n this.h[2] = sum32(this.h[2], c);\n this.h[3] = sum32(this.h[3], d);\n this.h[4] = sum32(this.h[4], e);\n};\n\nSHA1.prototype._digest = function digest(enc) {\n if (enc === 'hex')\n return utils.toHex32(this.h, 'big');\n else\n return utils.split32(this.h, 'big');\n};\n","'use strict';\n\nexports.sha1 = require('./sha/1');\nexports.sha224 = require('./sha/224');\nexports.sha256 = require('./sha/256');\nexports.sha384 = require('./sha/384');\nexports.sha512 = require('./sha/512');\n","'use strict';\n\nvar utils = require('./utils');\nvar assert = require('minimalistic-assert');\n\nfunction Hmac(hash, key, enc) {\n if (!(this instanceof Hmac))\n return new Hmac(hash, key, enc);\n this.Hash = hash;\n this.blockSize = hash.blockSize / 8;\n this.outSize = hash.outSize / 8;\n this.inner = null;\n this.outer = null;\n\n this._init(utils.toArray(key, enc));\n}\nmodule.exports = Hmac;\n\nHmac.prototype._init = function init(key) {\n // Shorten key, if needed\n if (key.length > this.blockSize)\n key = new this.Hash().update(key).digest();\n assert(key.length <= this.blockSize);\n\n // Add padding to key\n for (var i = key.length; i < this.blockSize; i++)\n key.push(0);\n\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x36;\n this.inner = new this.Hash().update(key);\n\n // 0x36 ^ 0x5c = 0x6a\n for (i = 0; i < key.length; i++)\n key[i] ^= 0x6a;\n this.outer = new this.Hash().update(key);\n};\n\nHmac.prototype.update = function update(msg, enc) {\n this.inner.update(msg, enc);\n return this;\n};\n\nHmac.prototype.digest = function digest(enc) {\n this.outer.update(this.inner.digest());\n return this.outer.digest(enc);\n};\n","var hash = exports;\n\nhash.utils = require('./hash/utils');\nhash.common = require('./hash/common');\nhash.sha = require('./hash/sha');\nhash.ripemd = require('./hash/ripemd');\nhash.hmac = require('./hash/hmac');\n\n// Proxy hash functions to the main object\nhash.sha1 = hash.sha.sha1;\nhash.sha256 = hash.sha.sha256;\nhash.sha224 = hash.sha.sha224;\nhash.sha384 = hash.sha.sha384;\nhash.sha512 = hash.sha.sha512;\nhash.ripemd160 = hash.ripemd.ripemd160;\n","module.exports = {\n doubles: {\n step: 4,\n points: [\n [\n 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',\n 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'\n ],\n [\n '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',\n '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'\n ],\n [\n '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',\n 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'\n ],\n [\n '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',\n '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'\n ],\n [\n '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',\n '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'\n ],\n [\n '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',\n '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'\n ],\n [\n 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',\n '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'\n ],\n [\n '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',\n 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'\n ],\n [\n 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',\n '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'\n ],\n [\n 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',\n 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'\n ],\n [\n 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',\n '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'\n ],\n [\n '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',\n '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'\n ],\n [\n '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',\n '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'\n ],\n [\n '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',\n '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'\n ],\n [\n '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',\n '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'\n ],\n [\n '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',\n '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'\n ],\n [\n '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',\n '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'\n ],\n [\n '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',\n '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'\n ],\n [\n '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',\n 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'\n ],\n [\n 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',\n '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'\n ],\n [\n 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',\n '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'\n ],\n [\n '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',\n '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'\n ],\n [\n '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',\n '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'\n ],\n [\n 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',\n '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'\n ],\n [\n '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',\n 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'\n ],\n [\n 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',\n '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'\n ],\n [\n 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',\n 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'\n ],\n [\n 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',\n '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'\n ],\n [\n 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',\n 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'\n ],\n [\n 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',\n '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'\n ],\n [\n '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',\n 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'\n ],\n [\n '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',\n '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'\n ],\n [\n 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',\n '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'\n ],\n [\n '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',\n 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'\n ],\n [\n 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',\n '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'\n ],\n [\n 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',\n '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'\n ],\n [\n 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',\n 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'\n ],\n [\n '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',\n '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'\n ],\n [\n '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',\n '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'\n ],\n [\n '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',\n 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'\n ],\n [\n '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',\n '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'\n ],\n [\n 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',\n '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'\n ],\n [\n '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',\n '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'\n ],\n [\n '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',\n 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'\n ],\n [\n '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',\n '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'\n ],\n [\n 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',\n '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'\n ],\n [\n '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',\n 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'\n ],\n [\n 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',\n 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'\n ],\n [\n 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',\n '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'\n ],\n [\n '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',\n 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'\n ],\n [\n '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',\n 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'\n ],\n [\n 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',\n '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'\n ],\n [\n 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',\n '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'\n ],\n [\n 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',\n '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'\n ],\n [\n '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',\n 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'\n ],\n [\n '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',\n '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'\n ],\n [\n 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',\n 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'\n ],\n [\n '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',\n 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'\n ],\n [\n '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',\n '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'\n ],\n [\n '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',\n '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'\n ],\n [\n 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',\n 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'\n ],\n [\n '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',\n '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'\n ],\n [\n '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',\n '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'\n ],\n [\n 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',\n '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'\n ],\n [\n 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',\n 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'\n ]\n ]\n },\n naf: {\n wnd: 7,\n points: [\n [\n 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',\n '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'\n ],\n [\n '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',\n 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'\n ],\n [\n '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',\n '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'\n ],\n [\n 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',\n 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'\n ],\n [\n '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',\n 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'\n ],\n [\n 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',\n 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'\n ],\n [\n 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',\n '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'\n ],\n [\n 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',\n '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'\n ],\n [\n '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',\n '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'\n ],\n [\n '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',\n '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'\n ],\n [\n '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',\n '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'\n ],\n [\n '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',\n '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'\n ],\n [\n 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',\n 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'\n ],\n [\n 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',\n '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'\n ],\n [\n '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',\n 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'\n ],\n [\n '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',\n 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'\n ],\n [\n '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',\n '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'\n ],\n [\n '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',\n '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'\n ],\n [\n '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',\n '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'\n ],\n [\n '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',\n 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'\n ],\n [\n 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',\n 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'\n ],\n [\n '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',\n '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'\n ],\n [\n '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',\n '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'\n ],\n [\n 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',\n 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'\n ],\n [\n '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',\n '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'\n ],\n [\n 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',\n 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'\n ],\n [\n 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',\n 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'\n ],\n [\n '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',\n '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'\n ],\n [\n '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',\n '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'\n ],\n [\n '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',\n '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'\n ],\n [\n 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',\n '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'\n ],\n [\n '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',\n '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'\n ],\n [\n 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',\n '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'\n ],\n [\n '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',\n 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'\n ],\n [\n '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',\n 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'\n ],\n [\n 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',\n 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'\n ],\n [\n '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',\n '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'\n ],\n [\n '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',\n 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'\n ],\n [\n 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',\n 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'\n ],\n [\n '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',\n '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'\n ],\n [\n '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',\n 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'\n ],\n [\n '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',\n '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'\n ],\n [\n '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',\n 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'\n ],\n [\n 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',\n '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'\n ],\n [\n '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',\n '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'\n ],\n [\n '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',\n 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'\n ],\n [\n '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',\n 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'\n ],\n [\n 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',\n 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'\n ],\n [\n 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',\n 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'\n ],\n [\n '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',\n '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'\n ],\n [\n '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',\n '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'\n ],\n [\n 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',\n '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'\n ],\n [\n 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',\n 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'\n ],\n [\n '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',\n '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'\n ],\n [\n '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',\n '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'\n ],\n [\n 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',\n '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'\n ],\n [\n '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',\n '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'\n ],\n [\n 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',\n 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'\n ],\n [\n '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',\n 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'\n ],\n [\n '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',\n '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'\n ],\n [\n 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',\n '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'\n ],\n [\n 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',\n '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'\n ],\n [\n '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',\n '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'\n ],\n [\n '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',\n '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'\n ],\n [\n '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',\n 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'\n ],\n [\n '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',\n 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'\n ],\n [\n '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',\n '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'\n ],\n [\n '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',\n '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'\n ],\n [\n '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',\n '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'\n ],\n [\n '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',\n 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'\n ],\n [\n 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',\n 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'\n ],\n [\n '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',\n 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'\n ],\n [\n 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',\n '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'\n ],\n [\n 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',\n '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'\n ],\n [\n 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',\n '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'\n ],\n [\n 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',\n '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'\n ],\n [\n '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',\n 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'\n ],\n [\n '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',\n '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'\n ],\n [\n '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',\n 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'\n ],\n [\n 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',\n 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'\n ],\n [\n 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',\n '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'\n ],\n [\n 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',\n 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'\n ],\n [\n 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',\n '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'\n ],\n [\n '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',\n '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'\n ],\n [\n 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',\n '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'\n ],\n [\n 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',\n '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'\n ],\n [\n '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',\n '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'\n ],\n [\n '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',\n 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'\n ],\n [\n 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',\n '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'\n ],\n [\n 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',\n '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'\n ],\n [\n 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',\n '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'\n ],\n [\n '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',\n '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'\n ],\n [\n 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',\n 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'\n ],\n [\n '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',\n 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'\n ],\n [\n 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',\n 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'\n ],\n [\n 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',\n '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'\n ],\n [\n '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',\n 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'\n ],\n [\n 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',\n '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'\n ],\n [\n 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',\n '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'\n ],\n [\n 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',\n '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'\n ],\n [\n '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',\n 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'\n ],\n [\n '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',\n 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'\n ],\n [\n 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',\n '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'\n ],\n [\n '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',\n 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'\n ],\n [\n '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',\n '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'\n ],\n [\n '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',\n 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'\n ],\n [\n 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',\n 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'\n ],\n [\n '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',\n 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'\n ],\n [\n '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',\n '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'\n ],\n [\n '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',\n 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'\n ],\n [\n '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',\n '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'\n ],\n [\n 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',\n 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'\n ],\n [\n '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',\n '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'\n ],\n [\n 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',\n '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'\n ],\n [\n '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',\n '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'\n ],\n [\n 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',\n 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'\n ],\n [\n 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',\n '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'\n ],\n [\n 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',\n 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'\n ],\n [\n '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',\n 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'\n ],\n [\n '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',\n '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'\n ],\n [\n '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',\n 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'\n ],\n [\n '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',\n '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'\n ],\n [\n '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',\n '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'\n ],\n [\n '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',\n 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'\n ],\n [\n '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',\n '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'\n ],\n [\n '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',\n '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'\n ],\n [\n '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',\n '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'\n ]\n ]\n }\n};\n","'use strict';\n\nvar curves = exports;\n\nvar hash = require('hash.js');\nvar curve = require('./curve');\nvar utils = require('./utils');\n\nvar assert = utils.assert;\n\nfunction PresetCurve(options) {\n if (options.type === 'short')\n this.curve = new curve.short(options);\n else if (options.type === 'edwards')\n this.curve = new curve.edwards(options);\n else if (options.type === 'mont')\n this.curve = new curve.mont(options);\n else throw new Error('Unknown curve type.');\n this.g = this.curve.g;\n this.n = this.curve.n;\n this.hash = options.hash;\n\n assert(this.g.validate(), 'Invalid curve');\n assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O');\n}\ncurves.PresetCurve = PresetCurve;\n\nfunction defineCurve(name, options) {\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n get: function() {\n var curve = new PresetCurve(options);\n Object.defineProperty(curves, name, {\n configurable: true,\n enumerable: true,\n value: curve\n });\n return curve;\n }\n });\n}\n\ndefineCurve('p192', {\n type: 'short',\n prime: 'p192',\n p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',\n b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',\n n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',\n hash: hash.sha256,\n gRed: false,\n g: [\n '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',\n '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'\n ]\n});\n\ndefineCurve('p224', {\n type: 'short',\n prime: 'p224',\n p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',\n a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',\n b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',\n n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',\n hash: hash.sha256,\n gRed: false,\n g: [\n 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',\n 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'\n ]\n});\n\ndefineCurve('p256', {\n type: 'short',\n prime: null,\n p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',\n a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',\n b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',\n n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',\n hash: hash.sha256,\n gRed: false,\n g: [\n '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',\n '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'\n ]\n});\n\ndefineCurve('p384', {\n type: 'short',\n prime: null,\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 ffffffff',\n a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'fffffffe ffffffff 00000000 00000000 fffffffc',\n b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +\n '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',\n n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +\n 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',\n hash: hash.sha384,\n gRed: false,\n g: [\n 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +\n '5502f25d bf55296c 3a545e38 72760ab7',\n '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +\n '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'\n ]\n});\n\ndefineCurve('p521', {\n type: 'short',\n prime: null,\n p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff',\n a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff ffffffff ffffffff fffffffc',\n b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +\n '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +\n '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',\n n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +\n 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +\n 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',\n hash: hash.sha512,\n gRed: false,\n g: [\n '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +\n '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +\n 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',\n '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +\n '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +\n '3fad0761 353c7086 a272c240 88be9476 9fd16650'\n ]\n});\n\n// https://tools.ietf.org/html/rfc7748#section-4.1\ndefineCurve('curve25519', {\n type: 'mont',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '76d06',\n b: '1',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '9'\n ]\n});\n\ndefineCurve('ed25519', {\n type: 'edwards',\n prime: 'p25519',\n p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',\n a: '-1',\n c: '1',\n // -121665 * (121666^(-1)) (mod P)\n d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',\n n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',\n cofactor: '8',\n hash: hash.sha256,\n gRed: false,\n g: [\n '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',\n // 4/5\n '6666666666666666666666666666666666666666666666666666666666666658'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.4\ndefineCurve('brainpoolP256r1', {\n type: 'short',\n prime: null,\n p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377',\n a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9',\n b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6',\n n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7',\n hash: hash.sha256, // or 384, or 512\n gRed: false,\n g: [\n '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262',\n '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.6\ndefineCurve('brainpoolP384r1', {\n type: 'short',\n prime: null,\n p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' +\n 'ACD3A729 901D1A71 87470013 3107EC53',\n a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' +\n '8AA5814A 503AD4EB 04A8C7DD 22CE2826',\n b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' +\n '7CB43902 95DBC994 3AB78696 FA504C11',\n n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' +\n 'CF3AB6AF 6B7FC310 3B883202 E9046565',\n hash: hash.sha384, // or 512\n gRed: false,\n g: [\n '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' +\n 'E8E826E03436D646AAEF87B2E247D4AF1E',\n '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' +\n '280E4646217791811142820341263C5315'\n ]\n});\n\n// https://tools.ietf.org/html/rfc5639#section-3.7\ndefineCurve('brainpoolP512r1', {\n type: 'short',\n prime: null,\n p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' +\n '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3',\n a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' +\n '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA',\n b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' +\n '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723',\n n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' +\n '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069',\n hash: hash.sha512,\n gRed: false,\n g: [\n '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' +\n '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822',\n '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' +\n '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892'\n ]\n});\n\n// https://en.bitcoin.it/wiki/Secp256k1\nvar pre;\ntry {\n pre = require('./precomputed/secp256k1');\n} catch (e) {\n pre = undefined;\n}\n\ndefineCurve('secp256k1', {\n type: 'short',\n prime: 'k256',\n p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',\n a: '0',\n b: '7',\n n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',\n h: '1',\n hash: hash.sha256,\n\n // Precomputed endomorphism\n beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',\n lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',\n basis: [\n {\n a: '3086d221a7d46bcde86c90e49284eb15',\n b: '-e4437ed6010e88286f547fa90abfe4c3'\n },\n {\n a: '114ca50f7a8e2f3f657c1108d9d44cfd8',\n b: '3086d221a7d46bcde86c90e49284eb15'\n }\n ],\n\n gRed: false,\n g: [\n '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',\n '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',\n pre\n ]\n});\n","'use strict';\n\nvar hash = require('hash.js');\nvar utils = require('minimalistic-crypto-utils');\nvar assert = require('minimalistic-assert');\n\nfunction HmacDRBG(options) {\n if (!(this instanceof HmacDRBG))\n return new HmacDRBG(options);\n this.hash = options.hash;\n this.predResist = !!options.predResist;\n\n this.outLen = this.hash.outSize;\n this.minEntropy = options.minEntropy || this.hash.hmacStrength;\n\n this._reseed = null;\n this.reseedInterval = null;\n this.K = null;\n this.V = null;\n\n var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');\n var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');\n var pers = utils.toArray(options.pers, options.persEnc || 'hex');\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n this._init(entropy, nonce, pers);\n}\nmodule.exports = HmacDRBG;\n\nHmacDRBG.prototype._init = function init(entropy, nonce, pers) {\n var seed = entropy.concat(nonce).concat(pers);\n\n this.K = new Array(this.outLen / 8);\n this.V = new Array(this.outLen / 8);\n for (var i = 0; i < this.V.length; i++) {\n this.K[i] = 0x00;\n this.V[i] = 0x01;\n }\n\n this._update(seed);\n this._reseed = 1;\n this.reseedInterval = 0x1000000000000; // 2^48\n};\n\nHmacDRBG.prototype._hmac = function hmac() {\n return new hash.hmac(this.hash, this.K);\n};\n\nHmacDRBG.prototype._update = function update(seed) {\n var kmac = this._hmac()\n .update(this.V)\n .update([ 0x00 ]);\n if (seed)\n kmac = kmac.update(seed);\n this.K = kmac.digest();\n this.V = this._hmac().update(this.V).digest();\n if (!seed)\n return;\n\n this.K = this._hmac()\n .update(this.V)\n .update([ 0x01 ])\n .update(seed)\n .digest();\n this.V = this._hmac().update(this.V).digest();\n};\n\nHmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {\n // Optional entropy enc\n if (typeof entropyEnc !== 'string') {\n addEnc = add;\n add = entropyEnc;\n entropyEnc = null;\n }\n\n entropy = utils.toArray(entropy, entropyEnc);\n add = utils.toArray(add, addEnc);\n\n assert(entropy.length >= (this.minEntropy / 8),\n 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');\n\n this._update(entropy.concat(add || []));\n this._reseed = 1;\n};\n\nHmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {\n if (this._reseed > this.reseedInterval)\n throw new Error('Reseed is required');\n\n // Optional encoding\n if (typeof enc !== 'string') {\n addEnc = add;\n add = enc;\n enc = null;\n }\n\n // Optional additional data\n if (add) {\n add = utils.toArray(add, addEnc || 'hex');\n this._update(add);\n }\n\n var temp = [];\n while (temp.length < len) {\n this.V = this._hmac().update(this.V).digest();\n temp = temp.concat(this.V);\n }\n\n var res = temp.slice(0, len);\n this._update(add);\n this._reseed++;\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction KeyPair(ec, options) {\n this.ec = ec;\n this.priv = null;\n this.pub = null;\n\n // KeyPair(ec, { priv: ..., pub: ... })\n if (options.priv)\n this._importPrivate(options.priv, options.privEnc);\n if (options.pub)\n this._importPublic(options.pub, options.pubEnc);\n}\nmodule.exports = KeyPair;\n\nKeyPair.fromPublic = function fromPublic(ec, pub, enc) {\n if (pub instanceof KeyPair)\n return pub;\n\n return new KeyPair(ec, {\n pub: pub,\n pubEnc: enc\n });\n};\n\nKeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {\n if (priv instanceof KeyPair)\n return priv;\n\n return new KeyPair(ec, {\n priv: priv,\n privEnc: enc\n });\n};\n\n// TODO: should not validate for X25519\nKeyPair.prototype.validate = function validate() {\n var pub = this.getPublic();\n\n if (pub.isInfinity())\n return { result: false, reason: 'Invalid public key' };\n if (!pub.validate())\n return { result: false, reason: 'Public key is not a point' };\n if (!pub.mul(this.ec.curve.n).isInfinity())\n return { result: false, reason: 'Public key * N != O' };\n\n return { result: true, reason: null };\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n if (!this.pub)\n this.pub = this.ec.g.mul(this.priv);\n\n if (!enc)\n return this.pub;\n\n return this.pub.encode(enc, compact);\n};\n\nKeyPair.prototype.getPrivate = function getPrivate(enc) {\n if (enc === 'hex')\n return this.priv.toString(16, 2);\n else\n return this.priv;\n};\n\nKeyPair.prototype._importPrivate = function _importPrivate(key, enc) {\n this.priv = new BN(key, enc || 16);\n\n // For Curve25519/Curve448 we have a specific procedure.\n // TODO Curve448\n if (this.ec.curve.type === 'mont') {\n var one = this.ec.curve.one;\n var mask = one.ushln(255 - 3).sub(one).ushln(3);\n this.priv = this.priv.or(one.ushln(255 - 1));\n this.priv = this.priv.and(mask);\n } else\n // Ensure that the priv won't be bigger than n, otherwise we may fail\n // in fixed multiplication method\n this.priv = this.priv.umod(this.ec.curve.n);\n};\n\nKeyPair.prototype._importPublic = function _importPublic(key, enc) {\n if (key.x || key.y) {\n // Montgomery points only have an `x` coordinate.\n // Weierstrass/Edwards points on the other hand have both `x` and\n // `y` coordinates.\n if (this.ec.curve.type === 'mont') {\n assert(key.x, 'Need x coordinate');\n } else if (this.ec.curve.type === 'short' ||\n this.ec.curve.type === 'edwards') {\n assert(key.x && key.y, 'Need both x and y coordinate');\n }\n this.pub = this.ec.curve.point(key.x, key.y);\n return;\n }\n this.pub = this.ec.curve.decodePoint(key, enc);\n};\n\n// ECDH\nKeyPair.prototype.derive = function derive(pub) {\n return pub.mul(this.priv).getX();\n};\n\n// ECDSA\nKeyPair.prototype.sign = function sign(msg, enc, options) {\n return this.ec.sign(msg, this, enc, options);\n};\n\nKeyPair.prototype.verify = function verify(msg, signature) {\n return this.ec.verify(msg, signature, this);\n};\n\nKeyPair.prototype.inspect = function inspect() {\n return '';\n};\n","'use strict';\n\nvar BN = require('bn.js');\n\nvar utils = require('../utils');\nvar assert = utils.assert;\n\nfunction Signature(options, enc) {\n if (options instanceof Signature)\n return options;\n\n if (this._importDER(options, enc))\n return;\n\n assert(options.r && options.s, 'Signature without r or s');\n this.r = new BN(options.r, 16);\n this.s = new BN(options.s, 16);\n if (options.recoveryParam === undefined)\n this.recoveryParam = null;\n else\n this.recoveryParam = options.recoveryParam;\n}\nmodule.exports = Signature;\n\nfunction Position() {\n this.place = 0;\n}\n\nfunction getLength(buf, p) {\n var initial = buf[p.place++];\n if (!(initial & 0x80)) {\n return initial;\n }\n var octetLen = initial & 0xf;\n var val = 0;\n for (var i = 0, off = p.place; i < octetLen; i++, off++) {\n val <<= 8;\n val |= buf[off];\n }\n p.place = off;\n return val;\n}\n\nfunction rmPadding(buf) {\n var i = 0;\n var len = buf.length - 1;\n while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {\n i++;\n }\n if (i === 0) {\n return buf;\n }\n return buf.slice(i);\n}\n\nSignature.prototype._importDER = function _importDER(data, enc) {\n data = utils.toArray(data, enc);\n var p = new Position();\n if (data[p.place++] !== 0x30) {\n return false;\n }\n var len = getLength(data, p);\n if ((len + p.place) !== data.length) {\n return false;\n }\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var rlen = getLength(data, p);\n var r = data.slice(p.place, rlen + p.place);\n p.place += rlen;\n if (data[p.place++] !== 0x02) {\n return false;\n }\n var slen = getLength(data, p);\n if (data.length !== slen + p.place) {\n return false;\n }\n var s = data.slice(p.place, slen + p.place);\n if (r[0] === 0 && (r[1] & 0x80)) {\n r = r.slice(1);\n }\n if (s[0] === 0 && (s[1] & 0x80)) {\n s = s.slice(1);\n }\n\n this.r = new BN(r);\n this.s = new BN(s);\n this.recoveryParam = null;\n\n return true;\n};\n\nfunction constructLength(arr, len) {\n if (len < 0x80) {\n arr.push(len);\n return;\n }\n var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);\n arr.push(octets | 0x80);\n while (--octets) {\n arr.push((len >>> (octets << 3)) & 0xff);\n }\n arr.push(len);\n}\n\nSignature.prototype.toDER = function toDER(enc) {\n var r = this.r.toArray();\n var s = this.s.toArray();\n\n // Pad values\n if (r[0] & 0x80)\n r = [ 0 ].concat(r);\n // Pad values\n if (s[0] & 0x80)\n s = [ 0 ].concat(s);\n\n r = rmPadding(r);\n s = rmPadding(s);\n\n while (!s[0] && !(s[1] & 0x80)) {\n s = s.slice(1);\n }\n var arr = [ 0x02 ];\n constructLength(arr, r.length);\n arr = arr.concat(r);\n arr.push(0x02);\n constructLength(arr, s.length);\n var backHalf = arr.concat(s);\n var res = [ 0x30 ];\n constructLength(res, backHalf.length);\n res = res.concat(backHalf);\n return utils.encode(res, enc);\n};\n","'use strict';\n\nvar BN = require('bn.js');\nvar HmacDRBG = require('hmac-drbg');\nvar utils = require('../utils');\nvar curves = require('../curves');\nvar rand = require('brorand');\nvar assert = utils.assert;\n\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EC(options) {\n if (!(this instanceof EC))\n return new EC(options);\n\n // Shortcut `elliptic.ec(curve-name)`\n if (typeof options === 'string') {\n assert(curves.hasOwnProperty(options), 'Unknown curve ' + options);\n\n options = curves[options];\n }\n\n // Shortcut for `elliptic.ec(elliptic.curves.curveName)`\n if (options instanceof curves.PresetCurve)\n options = { curve: options };\n\n this.curve = options.curve.curve;\n this.n = this.curve.n;\n this.nh = this.n.ushrn(1);\n this.g = this.curve.g;\n\n // Point on curve\n this.g = options.curve.g;\n this.g.precompute(options.curve.n.bitLength() + 1);\n\n // Hash function for DRBG\n this.hash = options.hash || options.curve.hash;\n}\nmodule.exports = EC;\n\nEC.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {\n return KeyPair.fromPrivate(this, priv, enc);\n};\n\nEC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {\n return KeyPair.fromPublic(this, pub, enc);\n};\n\nEC.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.n.toArray()\n });\n\n // Key generation for curve25519 is simpler\n if (this.curve.type === 'mont') {\n var priv = new BN(drbg.generate(32));\n return this.keyFromPrivate(priv);\n }\n\n var bytes = this.n.byteLength();\n var ns2 = this.n.sub(new BN(2));\n do {\n var priv = new BN(drbg.generate(bytes));\n if (priv.cmp(ns2) > 0)\n continue;\n\n priv.iaddn(1);\n return this.keyFromPrivate(priv);\n } while (true);\n};\n\nEC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) {\n bitSize = bitSize || msg.byteLength() * 8;\n var delta = bitSize - this.n.bitLength();\n if (delta > 0)\n msg = msg.ushrn(delta);\n if (!truncOnly && msg.cmp(this.n) >= 0)\n return msg.sub(this.n);\n else\n return msg;\n};\n\nEC.prototype.truncateMsg = function truncateMSG(msg) {\n // Bit size is only determined correctly for Uint8Arrays and hex strings\n var bitSize;\n if (msg instanceof Uint8Array) {\n bitSize = msg.byteLength * 8;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else if (typeof msg === 'string') {\n bitSize = msg.length * 4;\n msg = this._truncateToN(new BN(msg, 16), false, bitSize);\n } else {\n msg = this._truncateToN(new BN(msg, 16));\n }\n return msg;\n}\n\nEC.prototype.sign = function sign(msg, key, enc, options) {\n if (typeof enc === 'object') {\n options = enc;\n enc = null;\n }\n if (!options)\n options = {};\n\n key = this.keyFromPrivate(key, enc);\n msg = this.truncateMsg(msg);\n\n // Zero-extend key to provide enough entropy\n var bytes = this.n.byteLength();\n var bkey = key.getPrivate().toArray('be', bytes);\n\n // Zero-extend nonce to have the same byte size as N\n var nonce = msg.toArray('be', bytes);\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n entropy: bkey,\n nonce: nonce,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8'\n });\n\n // Number of bytes to generate\n var ns1 = this.n.sub(new BN(1));\n\n for (var iter = 0; true; iter++) {\n var k = options.k ?\n options.k(iter) :\n new BN(drbg.generate(this.n.byteLength()));\n k = this._truncateToN(k, true);\n if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)\n continue;\n\n var kp = this.g.mul(k);\n if (kp.isInfinity())\n continue;\n\n var kpX = kp.getX();\n var r = kpX.umod(this.n);\n if (r.cmpn(0) === 0)\n continue;\n\n var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));\n s = s.umod(this.n);\n if (s.cmpn(0) === 0)\n continue;\n\n var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |\n (kpX.cmp(r) !== 0 ? 2 : 0);\n\n // Use complement of `s`, if it is > `n / 2`\n if (options.canonical && s.cmp(this.nh) > 0) {\n s = this.n.sub(s);\n recoveryParam ^= 1;\n }\n\n return new Signature({ r: r, s: s, recoveryParam: recoveryParam });\n }\n};\n\nEC.prototype.verify = function verify(msg, signature, key, enc) {\n key = this.keyFromPublic(key, enc);\n signature = new Signature(signature, 'hex');\n // Fallback to the old code\n var ret = this._verify(this.truncateMsg(msg), signature, key) ||\n this._verify(this._truncateToN(new BN(msg, 16)), signature, key);\n return ret;\n};\n\nEC.prototype._verify = function _verify(msg, signature, key) {\n // Perform primitive values validation\n var r = signature.r;\n var s = signature.s;\n if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)\n return false;\n if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)\n return false;\n\n // Validate signature\n var sinv = s.invm(this.n);\n var u1 = sinv.mul(msg).umod(this.n);\n var u2 = sinv.mul(r).umod(this.n);\n\n if (!this.curve._maxwellTrick) {\n var p = this.g.mulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n return p.getX().umod(this.n).cmp(r) === 0;\n }\n\n // NOTE: Greg Maxwell's trick, inspired by:\n // https://git.io/vad3K\n\n var p = this.g.jmulAdd(u1, key.getPublic(), u2);\n if (p.isInfinity())\n return false;\n\n // Compare `p.x` of Jacobian point with `r`,\n // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the\n // inverse of `p.z^2`\n return p.eqXToP(r);\n};\n\nEC.prototype.recoverPubKey = function(msg, signature, j, enc) {\n assert((3 & j) === j, 'The recovery param is more than two bits');\n signature = new Signature(signature, enc);\n\n var n = this.n;\n var e = new BN(msg);\n var r = signature.r;\n var s = signature.s;\n\n // A set LSB signifies that the y-coordinate is odd\n var isYOdd = j & 1;\n var isSecondKey = j >> 1;\n if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)\n throw new Error('Unable to find sencond key candinate');\n\n // 1.1. Let x = r + jn.\n if (isSecondKey)\n r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);\n else\n r = this.curve.pointFromX(r, isYOdd);\n\n var rInv = signature.r.invm(n);\n var s1 = n.sub(e).mul(rInv).umod(n);\n var s2 = s.mul(rInv).umod(n);\n\n // 1.6.1 Compute Q = r^-1 (sR - eG)\n // Q = r^-1 (sR + -eG)\n return this.g.mulAdd(s1, r, s2);\n};\n\nEC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {\n signature = new Signature(signature, enc);\n if (signature.recoveryParam !== null)\n return signature.recoveryParam;\n\n for (var i = 0; i < 4; i++) {\n var Qprime;\n try {\n Qprime = this.recoverPubKey(e, signature, i);\n } catch (e) {\n continue;\n }\n\n if (Qprime.eq(Q))\n return i;\n }\n throw new Error('Unable to find valid recovery factor');\n};\n","'use strict';\n\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar cachedProperty = utils.cachedProperty;\n\n/**\n* @param {EDDSA} eddsa - instance\n* @param {Object} params - public/private key parameters\n*\n* @param {Array} [params.secret] - secret seed bytes\n* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)\n* @param {Array} [params.pub] - public key point encoded as bytes\n*\n*/\nfunction KeyPair(eddsa, params) {\n this.eddsa = eddsa;\n if (params.hasOwnProperty('secret'))\n this._secret = parseBytes(params.secret);\n if (eddsa.isPoint(params.pub))\n this._pub = params.pub;\n else {\n this._pubBytes = parseBytes(params.pub);\n if (this._pubBytes && this._pubBytes.length === 33 &&\n this._pubBytes[0] === 0x40)\n this._pubBytes = this._pubBytes.slice(1, 33);\n if (this._pubBytes && this._pubBytes.length !== 32)\n throw new Error('Unknown point compression format');\n }\n}\n\nKeyPair.fromPublic = function fromPublic(eddsa, pub) {\n if (pub instanceof KeyPair)\n return pub;\n return new KeyPair(eddsa, { pub: pub });\n};\n\nKeyPair.fromSecret = function fromSecret(eddsa, secret) {\n if (secret instanceof KeyPair)\n return secret;\n return new KeyPair(eddsa, { secret: secret });\n};\n\nKeyPair.prototype.secret = function secret() {\n return this._secret;\n};\n\ncachedProperty(KeyPair, 'pubBytes', function pubBytes() {\n return this.eddsa.encodePoint(this.pub());\n});\n\ncachedProperty(KeyPair, 'pub', function pub() {\n if (this._pubBytes)\n return this.eddsa.decodePoint(this._pubBytes);\n return this.eddsa.g.mul(this.priv());\n});\n\ncachedProperty(KeyPair, 'privBytes', function privBytes() {\n var eddsa = this.eddsa;\n var hash = this.hash();\n var lastIx = eddsa.encodingLength - 1;\n\n // https://tools.ietf.org/html/rfc8032#section-5.1.5\n var a = hash.slice(0, eddsa.encodingLength);\n a[0] &= 248;\n a[lastIx] &= 127;\n a[lastIx] |= 64;\n\n return a;\n});\n\ncachedProperty(KeyPair, 'priv', function priv() {\n return this.eddsa.decodeInt(this.privBytes());\n});\n\ncachedProperty(KeyPair, 'hash', function hash() {\n return this.eddsa.hash().update(this.secret()).digest();\n});\n\ncachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {\n return this.hash().slice(this.eddsa.encodingLength);\n});\n\nKeyPair.prototype.sign = function sign(message) {\n assert(this._secret, 'KeyPair can only verify');\n return this.eddsa.sign(message, this);\n};\n\nKeyPair.prototype.verify = function verify(message, sig) {\n return this.eddsa.verify(message, sig, this);\n};\n\nKeyPair.prototype.getSecret = function getSecret(enc) {\n assert(this._secret, 'KeyPair is public only');\n return utils.encode(this.secret(), enc);\n};\n\nKeyPair.prototype.getPublic = function getPublic(enc, compact) {\n return utils.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc);\n};\n\nmodule.exports = KeyPair;\n","'use strict';\n\nvar BN = require('bn.js');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar cachedProperty = utils.cachedProperty;\nvar parseBytes = utils.parseBytes;\n\n/**\n* @param {EDDSA} eddsa - eddsa instance\n* @param {Array|Object} sig -\n* @param {Array|Point} [sig.R] - R point as Point or bytes\n* @param {Array|bn} [sig.S] - S scalar as bn or bytes\n* @param {Array} [sig.Rencoded] - R point encoded\n* @param {Array} [sig.Sencoded] - S scalar encoded\n*/\nfunction Signature(eddsa, sig) {\n this.eddsa = eddsa;\n\n if (typeof sig !== 'object')\n sig = parseBytes(sig);\n\n if (Array.isArray(sig)) {\n sig = {\n R: sig.slice(0, eddsa.encodingLength),\n S: sig.slice(eddsa.encodingLength)\n };\n }\n\n assert(sig.R && sig.S, 'Signature without R or S');\n\n if (eddsa.isPoint(sig.R))\n this._R = sig.R;\n if (sig.S instanceof BN)\n this._S = sig.S;\n\n this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;\n this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;\n}\n\ncachedProperty(Signature, 'S', function S() {\n return this.eddsa.decodeInt(this.Sencoded());\n});\n\ncachedProperty(Signature, 'R', function R() {\n return this.eddsa.decodePoint(this.Rencoded());\n});\n\ncachedProperty(Signature, 'Rencoded', function Rencoded() {\n return this.eddsa.encodePoint(this.R());\n});\n\ncachedProperty(Signature, 'Sencoded', function Sencoded() {\n return this.eddsa.encodeInt(this.S());\n});\n\nSignature.prototype.toBytes = function toBytes() {\n return this.Rencoded().concat(this.Sencoded());\n};\n\nSignature.prototype.toHex = function toHex() {\n return utils.encode(this.toBytes(), 'hex').toUpperCase();\n};\n\nmodule.exports = Signature;\n","'use strict';\n\nvar hash = require('hash.js');\nvar HmacDRBG = require('hmac-drbg');\nvar rand = require('brorand');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n if (!(this instanceof EDDSA))\n return new EDDSA(curve);\n\n var curve = curves[curve].curve;\n this.curve = curve;\n this.g = curve.g;\n this.g.precompute(curve.n.bitLength() + 1);\n\n this.pointClass = curve.point().constructor;\n this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n message = parseBytes(message);\n var key = this.keyFromSecret(secret);\n var r = this.hashInt(key.messagePrefix(), message);\n var R = this.g.mul(r);\n var Rencoded = this.encodePoint(R);\n var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n .mul(key.priv());\n var S = r.add(s_).umod(this.curve.n);\n return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n message = parseBytes(message);\n sig = this.makeSignature(sig);\n var key = this.keyFromPublic(pub);\n var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n var SG = this.g.mul(sig.S());\n var RplusAh = sig.R().add(key.pub().mul(h));\n return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n var hash = this.hash();\n for (var i = 0; i < arguments.length; i++)\n hash.update(arguments[i]);\n return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyPair = function keyPair(options) {\n return new KeyPair(this, options);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.genKeyPair = function genKeyPair(options) {\n if (!options)\n options = {};\n\n // Instantiate Hmac_DRBG\n var drbg = new HmacDRBG({\n hash: this.hash,\n pers: options.pers,\n persEnc: options.persEnc || 'utf8',\n entropy: options.entropy || rand(this.hash.hmacStrength),\n entropyEnc: options.entropy && options.entropyEnc || 'utf8',\n nonce: this.curve.n.toArray()\n });\n\n return this.keyFromSecret(drbg.generate(32));\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n if (sig instanceof Signature)\n return sig;\n return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n var enc = point.getY().toArray('le', this.encodingLength);\n enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n bytes = utils.parseBytes(bytes);\n\n var lastIx = bytes.length - 1;\n var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n var y = utils.intFromLE(normed);\n return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n return val instanceof this.pointClass;\n};\n","'use strict';\n\nvar elliptic = exports;\n\nelliptic.utils = require('./elliptic/utils');\nelliptic.rand = require('brorand');\nelliptic.curve = require('./elliptic/curve');\nelliptic.curves = require('./elliptic/curves');\n\n// Protocols\nelliptic.ec = require('./elliptic/ec');\nelliptic.eddsa = require('./elliptic/eddsa');\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","this","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","prototype","undefined","read","async","length","value","done","readToEnd","join","result","slice","clone","then","push","write","chunk","close","abort","reason","isNode","globalThis","process","versions","NodeReadableStream","isStream","ReadableStream","isPrototypeOf","streams.ReadableStream","isUint8Array","Uint8Array","concatUint8Array","arrays","totalLength","i","Error","pos","forEach","element","set","NodeBuffer","nodeToWeb","webToNode","nodeStream","canceled","start","controller","pause","on","isBuffer","buffer","byteOffset","byteLength","enqueue","e","error","pull","resume","cancel","destroy","NodeReadable","webStream","options","_reader","streams.getReader","size","callback","doneReadingSet","WeakSet","externalBuffer","Reader","streams.isArrayStream","reader","_read","bind","_releaseLock","_cancel","streamType","streams.isStream","streams.nodeToWeb","doneReading","has","add","shift","readLine","returnVal","streams.concat","lineEndIndex","indexOf","concat","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","filter","toPonyfillReadable","toNativeReadable","WritableStream","TransformStream","loadStreamsPonyfill","ponyfill","adapter","all","createReadableStreamWrapper","toStream","toArrayStream","list","some","map","transform","transformWithCancel","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","transformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","highWaterMark","finish","output","data","result1","result2","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","Object","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","arrayStream","BigInteger","n","hex","hexByte","toString","BigInt","iinc","inc","idec","dec","iadd","x","isub","sub","imul","mul","imod","m","isNegative","mod","modExp","isZero","isOne","exp","r","lsb","rx","modInv","gcd","_egcd","b","y","xPrev","yPrev","a","q","tmp","ileftShift","leftShift","irightShift","rightShift","equal","lt","lte","gt","gte","isEven","abs","res","toNumber","number","Number","MAX_SAFE_INTEGER","getBit","bitLength","zero","one","negOne","bitlen","eight","len","toUint8Array","endian","rawLength","offset","parseInt","reverse","detectBigInt","byValue","curve","p256","secp256r1","prime256v1","p384","secp384r1","p521","secp521r1","secp256k1","ed25519Legacy","ED25519","ed25519","Ed25519","curve25519Legacy","X25519","cv25519","curve25519","Curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","eddsa","aedh","aedsa","x25519","x448","ed448","symmetric","plaintext","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","webHash","aead","eax","ocb","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuer","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","type","debugMode","env","NODE_ENV","util","isString","String","stream.isUint8Array","stream.isStream","readNumber","writeNumber","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","leftPad","padded","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","k","uint8ArrayToHex","h","c","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","s","printDebug","log","printDebugError","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","crypto","subtle","getBigInteger","default","getNodeCrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","selectUint8","isAES","cipherAlgo","enums","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","from","btoa","atob","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","deflateLevel","aeadProtect","preferredAEADAlgorithm","aeadChunkSizeByte","s2kIterationCountByte","allowUnauthenticatedMessages","allowUnauthenticatedStream","checksumRequired","minRSABits","passwordCollisionCheck","revocationsExpire","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","minBytesForWebCrypto","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","useIndutnyElliptic","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","getType","header","match","addheader","customComment","config","getCheckSum","base64.encode","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","splitChecksum","body","checksum","lastEquals","lastIndexOf","unarmor","defaultConfig","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","checksumVerified","stream.readToEnd","stream.passiveClone","stream.pipe","checksumVerifiedString","stream.isArrayStream","messageType","partIndex","partTotal","bodyClone","KeyID","toHex","equals","keyID","matchWildcard","isWildcard","isNull","static","AES_asm","gexp3","glog3","ginit_done","gmul","aes_sbox","aes_sinv","aes_enc","aes_dec","aes_init_done","aes_init","_s","ginv","d","ginit","wrapper","foreign","heap","asm","stdlib","S0","S1","S2","S3","I0","I1","I2","I3","N0","N1","N2","N3","M0","M1","M2","M3","H0","H1","H2","H3","R","HEAP","DATA","_core","x0","x1","x2","x3","t1","t2","t3","y0","y1","y2","y3","_ecb_enc","_ecb_dec","_cbc_enc","_cbc_dec","_cfb_enc","_cfb_dec","_ofb","_ctr","_gcm_mac","z0","z1","z2","z3","set_rounds","set_state","s0","s1","s2","s3","set_iv","i0","i1","i2","i3","set_nonce","n0","n1","n2","n3","set_mask","m0","m1","m2","m3","set_counter","c0","c1","c2","c3","get_state","get_iv","gcm_init","cipher","mode","ret","_cipher_modes","mac","_mac_modes","set_key","ks","k0","k1","k2","k3","k4","k5","k6","k7","ekeys","dkeys","rcon","jj","ENC","ECB","CBC","CFB","OFB","CTR","DEC","MAC","GCM","HEAP_DATA","is_bytes","_heap_init","heapSize","_heap_write","hpos","dpos","dlen","hlen","wlen","joinBytes","arg","totalLenght","reduce","sum","curr","cursor","IllegalStateError","args","IllegalArgumentError","SecurityError","heap_pool","asm_pool","AES","iv","padding","acquire_asm","pop","reset","release_asm","keylen","keyview","getUint32","ivview","AES_Encrypt_process","TypeError","amode","rpos","AES_Encrypt_finish","plen","rlen","hasOwnProperty","p","AES_Decrypt_process","AES_Decrypt_finish","pad","pcheck","AES_ECB","encrypt","decrypt","aes","C","aesECB","block","blockSize","keySize","des","keys","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","left","right","looping","cbcleft","cbcleft2","cbcright","cbcright2","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","src","dst","l","f1","f2","f3","scheduleA","scheduleB","I","sBox","inn","w","ki","half","round","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","u","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","init","encryptBlock","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","_F","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","ii","dataL","dataR","parray","vector","off","_decryptBlock","kk","sha1_asm","H4","TOTAL0","TOTAL1","I4","O0","O1","O2","O3","O4","w0","w1","w2","w3","w4","w5","w6","w7","w8","w9","w10","w11","w12","w13","w14","w15","w16","w17","w18","w19","w20","w21","w22","w23","w24","w25","w26","w27","w28","w29","w30","w31","w32","w33","w34","w35","w36","w37","w38","w39","w40","w41","w42","w43","w44","w45","w46","w47","w48","w49","w50","w51","w52","w53","w54","w55","w56","w57","w58","w59","w60","w61","w62","w63","w64","w65","w66","w67","w68","w69","w70","w71","w72","w73","w74","w75","w76","w77","w78","w79","_core_heap","_state_to_heap","h0","h1","h2","h3","h4","total0","total1","hashed","hmac_reset","_hmac_opad","hmac_init","p0","p1","p2","p3","p4","p5","p6","p7","p8","p9","p10","p11","p12","p13","p14","p15","hmac_finish","t0","t4","pbkdf2_generate_block","count","Hash","HASH_SIZE","Sha1","NAME","BLOCK_SIZE","asm_function","Sha256","H5","H6","H7","I5","I6","I7","O5","O6","O7","f","g","h5","h6","h7","t5","t6","t7","sha256_asm","assert","val","msg","module","create","ctor","superCtor","super_","enumerable","configurable","TempCtor","enc","hi","lo","zero2","htonl","zero8","word","inherits","ah","al","bh","bl","ch","cl","dh","dl","carry","eh","el","num","BlockHash","pending","pendingTotal","outSize","hmacStrength","_delta8","_delta32","update","utils","toArray","join32","_update","digest","_pad","_digest","rotr32","z","ch32","p32","maj32","sum32","sum32_4","sum32_5","shaCommon","s0_256","s1_256","g0_256","g1_256","common","sha256_K","SHA256","W","SHA224","T1","T2","toHex32","split32","rotr64_hi","rotr64_lo","shr64_hi","shr64_lo","sum64","sum64_hi","sum64_lo","sum64_4_hi","sum64_4_lo","sum64_5_hi","sum64_5_lo","sha512_K","SHA512","ch64_hi","xh","xl","yh","yl","zh","ch64_lo","zl","maj64_hi","maj64_lo","s0_512_hi","s0_512_lo","s1_512_hi","s1_512_lo","g0_512_hi","g0_512_lo","g1_512_hi","g1_512_lo","SHA384","_prepareBlock","c0_hi","c0_lo","c1_hi","c1_lo","c2_hi","c2_lo","c3_hi","c3_lo","fh","fl","gh","gl","hh","hl","c4_hi","c4_lo","T1_hi","T1_lo","T2_hi","T2_lo","rotl32","sum32_3","RIPEMD160","K","Kh","A","B","D","E","Ah","Bh","Ch","Dh","Eh","T","rh","sh","md5cycle","ff","gg","add32","cmn","md5blk","md5blks","hex_chr","rhex","webCrypto","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","hashjsHash","webCryptoHash","hashInstance","asmcryptoHash","hashFunctions","entree","state","substring","tail","md51","ripemd160","algo","getHashByteLength","AES_CFB","getCipher","algoName","knownAlgos","getCiphers","nodeAlgos","pt","cipherObj","createCipheriv","nodeEncrypt","ALGO","_key","importKey","cbc_pt","ct","xorMut","webEncrypt","cfb","aesEncrypt","cipherfn","block_size","blockc","ciphertext","encblock","decipherObj","createDecipheriv","nodeDecrypt","aesDecrypt","blockp","decblock","AES_CTR","nonce","AES_CTR_set_options","counter","mask","pow","view","AES_CBC","blockLength","rightXORMut","zeroBlock","CMAC","cbc","padding2","ivLength","tagLength","two","OMAC","cmac","en","final","EAX","omac","ctr","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","xor","OCB","encipher","decipher","maxNtz","crypt","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","xorInput","$","cipherInput","cipherName","ciphers","mask_x","mask_$","constructKeyVariables","crypted","_AES_GCM_data_maxLength","AES_GCM","tagSize","gamma0","noncelen","noncebuf","_gcm_mac_process","nonceview","RangeError","cleartext","tagsize","AES_GCM_encrypt","AES_GCM_decrypt","AES_GCM_Encrypt_process","AES_GCM_Encrypt_finish","alen","clen","AES_GCM_Decrypt_process","tlen","AES_GCM_Decrypt_finish","atag","acheck","setAAD","getAuthTag","de","setAuthTag","additionalData","gcm","nacl","gf","Float64Array","randombytes","_9","gf0","gf1","_121665","D2","X","Y","crypto_verify_32","xi","yi","vn","set25519","car25519","o","v","sel25519","pack25519","neq25519","par25519","unpack25519","Z","M","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","x32","x16","crypto_scalarmult_base","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","cleanup","arr","scalarMult","box","keyPair","fromSecretKey","sign","signedMsg","sm","smlen","crypto_sign","detached","sig","verify","crypto_sign_open","fromSeed","seed","setPRNG","self","msCrypto","getRandomValues","min","require","randomBytes","exports","getRandomBytes","getRandomBigInteger","modulus","randomProbablePrime","thirty","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","rand","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","emLen","hashPrefix","tLen","fill","EM","asn1","RSAPrivateKey","define","seq","obj","int","RSAPublicKey","hashAlgo","hashName","jwk","pNum","qNum","dNum","dq","dp","kty","qi","ext","privateToJWK","webSign","err","BN","pBNum","qBNum","dBNum","subn","createSign","keyObject","version","publicExponent","privateExponent","prime1","prime2","exponent1","exponent2","coefficient","createPrivateKey","der","format","pem","label","nodeSign","bnSign","publicToJWK","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","constants","RSA_PKCS1_PADDING","publicEncrypt","bnEncrypt","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","keyGenOpt","modulusLength","generateKey","exportKey","generateKeyPair","opts","publicKeyEncoding","privateKeyEncoding","prv","_","toArrayLike","phi","nSizeOver3","rde","pSize","n1023","threshold","rqx","OID","oid","getName","keyFromPrivate","indutnyCurve","priv","keyFromPublic","pub","validate","getIndutnyCurve","elliptic","ec","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","stream.TransformStream","lengthByte","nextPacket","UnsupportedError","params","captureStackTrace","UnparseablePacket","rawContent","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","CurveWithOID","oidOrName","webCryptoKey","namedCurve","jwkToRawPublic","webGenKeyPair","createECDH","generateKeys","getPublicKey","getPrivateKey","nodeGenKeyPair","genKeyPair","entropy","getPublic","getPrivate","validateStandardParams","Q","supportedCurves","curveName","dG","validationErrors","eq","bufX","bufY","rawPublicToJWK","crv","ECPrivateKey","parameters","unused","ECDSASignature","ellipticSign","SubjectPublicKeyInfo","algorithm","subjectPublicKey","ellipticVerify","octstr","explicit","optional","any","bitstr","AlgorithmIdentifier","objid","use","getPreferredHashAlgo","RS","wrap","IV","P","unpack","unwrap","createArrayBuffer","setUint32","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","genPrivateEphemeralKey","recipient","deriveBits","public","webPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","V","derive","ellipticPublicEphemeralKey","secret","webPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","ellipticPrivateEphemeralKey","pkcs5.encode","wrappedKey","aesKW.wrap","pkcs5.decode","aesKW.unwrap","nodeSubtleCrypto","webcrypto","HKDF","inputKey","salt","info","outLen","importedKey","hashAlgoName","computeHMAC","hmacKey","hmacMessage","createHmac","pseudoRandomKey","hashLen","outputKeyingMaterial","roundInput","HKDF_INFO","recipientA","ephemeralSecretKey","sharedSecret","ephemeralPublicKey","hkdfInput","computeHKDF","xr","u1","u2","qSize","n150","rsa","publicParams","curveSize","publicKeyParams","privateKeyParams","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","instance","followLength","checkSupportedCurve","keyAlgo","symmetricAlgo","ECDHSymkey","ecdhX","fromObject","sessionKeyParams","privateParams","algosWithNativeRepresentation","orderedParams","generate","validateParams","algoModule","prefixrandom","repeat","random","pkcs1","pkcs5","aesKW","assign","TYPED_OK","Uint16Array","Int32Array","shrinkBuf","fnTyped","arraySet","dest","src_offs","dest_offs","flattenChunks","chunks","fnUntyped","Buf8","Buf16","Buf32","Z_NO_FLUSH","Z_PARTIAL_FLUSH","Z_SYNC_FLUSH","Z_FULL_FLUSH","Z_FINISH","Z_BLOCK","Z_TREES","Z_OK","Z_STREAM_END","Z_NEED_DICT","Z_STREAM_ERROR","Z_DATA_ERROR","Z_BUF_ERROR","Z_DEFAULT_COMPRESSION","Z_FILTERED","Z_HUFFMAN_ONLY","Z_RLE","Z_FIXED","Z_BINARY","Z_TEXT","Z_UNKNOWN","Z_DEFLATED","STORED_BLOCK","STATIC_TREES","DYN_TREES","LENGTH_CODES","LITERALS","L_CODES","D_CODES","BL_CODES","HEAP_SIZE","MAX_BITS","Buf_size","MAX_BL_BITS","END_BLOCK","REP_3_6","REPZ_3_10","REPZ_11_138","extra_lbits","extra_dbits","extra_blbits","bl_order","static_ltree","static_dtree","_dist_code","_length_code","MAX_MATCH","base_length","base_dist","StaticTreeDesc","static_tree","extra_bits","extra_base","elems","max_length","has_stree","static_l_desc","static_d_desc","static_bl_desc","TreeDesc","dyn_tree","stat_desc","max_code","d_code","dist","put_short","pending_buf","send_bits","bi_valid","bi_buf","send_code","tree","bi_reverse","code","gen_codes","bl_count","next_code","init_block","dyn_ltree","dyn_dtree","bl_tree","opt_len","static_len","last_lit","matches","bi_windup","smaller","depth","_n2","_m2","pqdownheap","heap_len","compress_block","ltree","dtree","lc","extra","lx","d_buf","l_buf","build_tree","desc","stree","heap_max","base","xbits","overflow","gen_bitlen","scan_tree","curlen","prevlen","nextlen","max_count","min_count","send_tree","static_init_done","_tr_init","tr_static_init","l_desc","d_desc","bl_desc","_tr_stored_block","stored_len","utils.arraySet","window","copy_block","_tr_align","bi_flush","_tr_flush_block","opt_lenb","static_lenb","max_blindex","level","strm","data_type","black_mask","detect_data_type","build_bl_tree","strategy","lcodes","dcodes","blcodes","rank","send_all_trees","_tr_tally","lit_bufsize","adler32","adler","crcTable","table","makeTable","crc32","MAX_MEM_LEVEL","MIN_MATCH","MIN_LOOKAHEAD","PRESET_DICT","INIT_STATE","EXTRA_STATE","NAME_STATE","COMMENT_STATE","HCRC_STATE","BUSY_STATE","FINISH_STATE","BS_NEED_MORE","BS_BLOCK_DONE","BS_FINISH_STARTED","BS_FINISH_DONE","OS_CODE","errorCode","flush_pending","avail_out","pending_out","next_out","total_out","flush_block_only","trees._tr_flush_block","block_start","strstart","put_byte","putShortMSB","read_buf","avail_in","next_in","total_in","longest_match","cur_match","chain_length","max_chain_length","scan","best_len","prev_length","nice_match","limit","w_size","_win","wmask","w_mask","strend","scan_end1","scan_end","good_match","lookahead","match_start","fill_window","_w_size","more","window_size","hash_size","head","insert","ins_h","hash_shift","hash_mask","deflate_fast","flush","hash_head","bflush","match_length","trees._tr_tally","max_lazy_match","deflate_slow","max_insert","prev_match","match_available","Config","good_length","max_lazy","nice_length","max_chain","func","configuration_table","max_block_size","pending_buf_size","max_start","DeflateState","status","gzhead","gzindex","method","last_flush","w_bits","hash_bits","utils.Buf16","deflateReset","trees._tr_init","deflateResetKeep","lm_init","deflate","old_flush","beg","hcrc","comment","os","level_flags","bstate","deflate_huff","deflate_rle","trees._tr_align","trees._tr_stored_block","__","_utf8len","utils.Buf8","string2buf","m_pos","buf_len","str_len","ZStream","Deflate","chunkSize","windowBits","memLevel","opt","raw","gzip","ended","zlib_deflate.deflateInit2","dictionary","dict","strings.string2buf","avail","next","tmpDict","dictLength","zlib_deflate.deflateSetDictionary","_dict_set","_mode","zlib_deflate.deflate","onEnd","onData","utils.shrinkBuf","zlib_deflate.deflateEnd","utils.flattenChunks","BAD","TYPE","inflate_fast","_in","_out","hold","here","op","from_source","dmax","wsize","whave","wnext","s_window","lcode","lencode","dcode","distcode","lmask","lenbits","dmask","distbits","top","dolen","dodist","sane","MAXBITS","ENOUGH_LENS","ENOUGH_DISTS","CODES","LENS","DISTS","lbase","lext","dbase","dext","inflate_table","lens","lens_index","codes","table_index","work","incr","low","sym","root","drop","used","huff","base_index","offs","here_bits","here_op","here_val","extra_index","HEAD","FLAGS","TIME","OS","EXLEN","EXTRA","COMMENT","HCRC","DICTID","DICT","TYPEDO","STORED","COPY_","COPY","TABLE","LENLENS","CODELENS","LEN_","LEN","LENEXT","DIST","DISTEXT","MATCH","LIT","CHECK","LENGTH","DONE","zswap32","InflateState","havedict","flags","check","total","wbits","ncode","nlen","ndist","have","lendyn","distdyn","back","was","inflateReset","utils.Buf32","inflateResetKeep","inflateInit2","inflateReset2","lenfix","distfix","virgin","fixedtables","updatewindow","copy","inflate","put","last_bits","last_op","last_val","hbuf","order","inf_leave","xflags","extra_len","inflateSetDictionary","dictid","GZheader","Inflate","zlib_inflate.inflateInit2","c.Z_OK","zlib_inflate.inflateGetHeader","zlib_inflate.inflateSetDictionary","allowBufError","c.Z_FINISH","c.Z_NO_FLUSH","strings.binstring2buf","zlib_inflate.inflate","c.Z_NEED_DICT","c.Z_BUF_ERROR","c.Z_STREAM_END","c.Z_SYNC_FLUSH","zlib_inflate.inflateEnd","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","remaining","seek","n_bit","n_byte","pi","bufToHex","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","getCRC","updateCRC","updateCRCRun","mtf","Err","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","optDetail","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","CRC32","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","groups","minLen","maxLen","MAX_HUFCODE_BITS","permute","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","outputBuffer","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","multistream","bz","targetStreamCRC","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","verified","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","issuerKeyID","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","writeHashedSubPackets","toHash","stream.slice","stream.clone","writeSubPacket","humanReadable","critical","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","fromBinary","compressionFn","compress_fns","nodeZlib","node_zlib","stream.nodeToWeb","stream.webToNode","pako_zlib","deflateRaw","createDeflateRaw","createDeflate","inflateRaw","createInflateRaw","createInflate","BunzipDecode","SymEncryptedIntegrityProtectedDataPacket","encrypted","sessionKeyAlgorithm","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","AEADEncryptedDataPacket","cipherAlgorithm","aeadAlgorithm","chunkSizeByte","getAEADMode","modeInstance","tagLengthIfDecrypting","tagLengthIfEncrypting","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","latestPromise","cryptedBytes","queuedBytes","finalChunk","cryptedPromise","setInt32","desiredSize","PublicKeyEncryptedSessionKeyPacket","publicKeyID","sessionKey","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","sessionKeyData","S2K","getCount","passphrase","numBytes","rlength","prefixlen","datalen","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","produceKey","encryptionKey","generateSessionKey","associatedData","toEncrypt","PublicKeyPacket","expirationTimeV3","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","startOfSecretKeyData","unparseableKeyMaterial","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","produceEncryptionKey","cleartextWithHash","validParams","generateParams","global","parse5322","inStr","getPos","setPos","initialize","parseString","tokens","semantic","children","ast","parent","child","compareToken","fxnCompare","tok","lit","and","or","prod","invis","colwsp","star","minimum","isUTF8NonAscii","cr","crlf","lf","dquote","htab","sp","vchar","accept","rfc6532","wsp","quotedPair","obsQP","fws","obsFws","ctext","obsCtext","ccontent","cfws","atext","atom","dotAtomText","maybeText","dotAtom","qtext","obsQtext","qcontent","quotedString","address","mailbox","group","nameAddr","addrSpec","displayName","angleAddr","obsAngleAddr","groupList","obsPhrase","collapseWhitespace","mailboxList","obsMboxList","addressList","obsAddrList","obsGroupList","localPart","obsLocalPart","dtext","obsDtext","domainLiteral","domain","obsDomain","rejectTLD","obsNoWsCtl","strict","atInDisplayName","obsRoute","obsDomainList","findNode","stack","findAllNodesNoChildren","names","namesLookup","giveResult","addresses","groupsAndMailboxes","groupOrMailbox","giveResultGroup","giveResultMailbox","simplifyResult","oneResult","partial","groupName","groupResultMailboxes","mailboxes","grabSemantic","aspec","findAllNodes","comments","local","concatComments","startProduction","handleOpts","startAt","defs","isNullUndef","defaults","isObject","parseOneAddress","parseAddressList","parseFrom","parseSender","parseReplyTo","UserIDPacket","email","components","emailAddresses","otherUserID","SecretSubkeyPacket","TrustPacket","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","prefAlgo","primaryUser","getPrimaryUser","selfCertification","getPreferredCurveHashAlgo","getPreferredAlgo","userIDs","defaultAlgo","preferredSenderAlgo","prefPropertyName","senderAlgoSupport","recipientPrefs","Boolean","signingKeyPacket","signaturePacket","mergeSignatures","source","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","sanitizeKeyOptions","subkeyDefaults","isValidSigningKeyPacket","isValidEncryptionKeyPacket","isValidDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","signingKeys","isPrivate","signingKey","getSigningKey","certificate","verificationKeys","issuerKeys","getKeys","isRevoked","certifications","certification","valid","verifyCertificate","sourceUser","srcSelfSig","srcRevSig","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","sort","helper.isValidSigningKeyPacket","helper.checkKeyRequirements","helper.isValidEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","revocationCertificate","privateKeys","userSign","certify","verifyAllCertifications","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","fromSecretKeyPacket","pubSubkeyPacket","fromSecretSubkeyPacket","helper.isValidDecryptionKeyPacket","allDummies","defaultOptions","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","readPrivateKey","readKeys","armoredKeys","binaryKeys","keyIndex","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","sessionKeyObjects","decryptSessionKeys","symEncryptedPacketlist","symEncryptedPacket","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","password","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","getDecryptionKeys","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgorithmName","supported","isAEADSupported","getEncryptionKey","maybeKey","wildcard","encryptionKeyIDs","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","literalDataPacket","existingSigPacketlist","onePassSig","signingKeyID","onePassSignatureList","createSignaturePackets","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","detachedSignature","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","stream.loadStreamsPonyfill","stream.toStream","createMessage","literalDataPacketlist","CleartextMessage","newSignature","hashes","ar","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","oneHeader","createCleartextMessage","checkConfig","helper.generateSecretKey","getRevocationCertificate","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","applyRevocationCertificate","revoke","decryptKey","clonedPrivateKey","passphrases","encryptKey","signingUserIDs","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","streaming","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","signDetached","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","encoding","setEncoding","stream.toNativeReadable","object","SymbolPolyfill","iterator","description","noop","globals","typeIsObject","rethrowAssertionErrorRejection","originalPromise","originalPromiseThen","originalPromiseResolve","originalPromiseReject","newPromise","executor","promiseResolvedWith","promiseRejectedWith","PerformPromiseThen","onFulfilled","onRejected","uponPromise","uponFulfillment","uponRejection","transformPromiseWith","fulfillmentHandler","rejectionHandler","setPromiseIsHandledToTrue","queueMicrotask","globalQueueMicrotask","resolvedPromise","reflectCall","F","Function","promiseCall","SimpleQueue","_cursor","_size","_front","_elements","_next","_back","oldBack","newBack","QUEUE_MAX_ARRAY_SIZE","oldFront","newFront","oldCursor","newCursor","elements","peek","front","ReadableStreamReaderGenericInitialize","_ownerReadableStream","_state","defaultReaderClosedPromiseInitialize","defaultReaderClosedPromiseResolve","defaultReaderClosedPromiseInitializeAsResolved","defaultReaderClosedPromiseInitializeAsRejected","_storedError","ReadableStreamReaderGenericCancel","ReadableStreamCancel","ReadableStreamReaderGenericRelease","defaultReaderClosedPromiseReject","defaultReaderClosedPromiseResetToRejected","readerLockException","_closedPromise","_closedPromise_resolve","_closedPromise_reject","AbortSteps","ErrorSteps","CancelSteps","PullSteps","NumberIsFinite","isFinite","MathTrunc","trunc","assertDictionary","context","assertFunction","assertObject","assertRequiredArgument","position","assertRequiredField","field","convertUnrestrictedDouble","censorNegativeZero","convertUnsignedLongLongWithEnforceRange","upperBound","integerPart","assertReadableStream","IsReadableStream","AcquireReadableStreamDefaultReader","ReadableStreamDefaultReader","ReadableStreamAddReadRequest","readRequest","_readRequests","ReadableStreamFulfillReadRequest","_closeSteps","_chunkSteps","ReadableStreamGetNumReadRequests","ReadableStreamHasDefaultReader","IsReadableStreamDefaultReader","IsReadableStreamLocked","defaultReaderBrandCheckException","resolvePromise","rejectPromise","ReadableStreamDefaultReaderRead","_errorSteps","_disturbed","_readableStreamController","AsyncIteratorPrototype","defineProperties","toStringTag","asyncIterator","ReadableStreamAsyncIteratorImpl","_ongoingPromise","_isFinished","_preventCancel","nextSteps","_nextSteps","return","returnSteps","_returnSteps","ReadableStreamAsyncIteratorPrototype","IsReadableStreamAsyncIterator","_asyncIteratorImpl","streamAsyncIteratorBrandCheckException","setPrototypeOf","NumberIsNaN","isNaN","IsFiniteNonNegativeNumber","IsNonNegativeNumber","DequeueValue","container","pair","_queue","_queueTotalSize","EnqueueValueWithSize","ResetQueue","CreateArrayFromList","ReadableStreamBYOBRequest","IsReadableStreamBYOBRequest","byobRequestBrandCheckException","_view","respond","bytesWritten","_associatedReadableByteStreamController","ReadableByteStreamControllerRespondInternal","ReadableByteStreamControllerRespond","respondWithNewView","isView","firstDescriptor","_pendingPullIntos","bytesFilled","ReadableByteStreamControllerRespondWithNewView","ReadableByteStreamController","byobRequest","IsReadableByteStreamController","byteStreamControllerBrandCheckException","_byobRequest","request","SetUpReadableStreamBYOBRequest","ReadableByteStreamControllerGetDesiredSize","_closeRequested","_controlledReadableByteStream","ReadableByteStreamControllerError","ReadableByteStreamControllerClearAlgorithms","ReadableStreamClose","ReadableByteStreamControllerClose","transferredBuffer","ReadableByteStreamControllerEnqueueChunkToQueue","ReadableStreamHasBYOBReader","ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue","ReadableByteStreamControllerCallPullIfNeeded","ReadableByteStreamControllerEnqueue","_cancelAlgorithm","entry","ReadableByteStreamControllerHandleQueueDrain","autoAllocateChunkSize","_autoAllocateChunkSize","bufferE","pullIntoDescriptor","elementSize","viewConstructor","readerType","shouldPull","_started","ReadableStreamGetNumReadIntoRequests","ReadableByteStreamControllerShouldCallPull","_pulling","_pullAgain","_pullAlgorithm","ReadableByteStreamControllerCommitPullIntoDescriptor","filledView","ReadableByteStreamControllerConvertPullIntoDescriptor","readIntoRequest","_readIntoRequests","ReadableStreamFulfillReadIntoRequest","ReadableByteStreamControllerFillPullIntoDescriptorFromQueue","currentAlignedBytes","maxBytesToCopy","maxBytesFilled","maxAlignedBytes","totalBytesToCopyRemaining","queue","headOfQueue","bytesToCopy","destStart","destOffset","srcOffset","ReadableByteStreamControllerFillHeadPullIntoDescriptor","ReadableByteStreamControllerInvalidateBYOBRequest","ReadableByteStreamControllerShiftPendingPullInto","ReadableByteStreamControllerRespondInClosedState","remainderSize","ReadableByteStreamControllerRespondInReadableState","ReadableByteStreamControllerClearPendingPullIntos","ReadableStreamError","_strategyHWM","SetUpReadableByteStreamControllerFromUnderlyingSource","underlyingByteSource","startAlgorithm","pullAlgorithm","cancelAlgorithm","SetUpReadableByteStreamController","ReadableStreamAddReadIntoRequest","IsReadableStreamBYOBReader","ReadableStreamBYOBReader","byobReaderBrandCheckException","BYTES_PER_ELEMENT","emptyView","ReadableByteStreamControllerPullInto","ReadableStreamBYOBReaderRead","ExtractHighWaterMark","defaultHWM","ExtractSizeAlgorithm","convertQueuingStrategy","convertQueuingStrategySize","convertUnderlyingSinkAbortCallback","original","convertUnderlyingSinkCloseCallback","convertUnderlyingSinkStartCallback","convertUnderlyingSinkWriteCallback","assertWritableStream","IsWritableStream","rawUnderlyingSink","rawStrategy","underlyingSink","convertUnderlyingSink","InitializeWritableStream","sizeAlgorithm","WritableStreamDefaultController","writeAlgorithm","closeAlgorithm","abortAlgorithm","SetUpWritableStreamDefaultController","SetUpWritableStreamDefaultControllerFromUnderlyingSink","locked","streamBrandCheckException$2","IsWritableStreamLocked","WritableStreamAbort","WritableStreamCloseQueuedOrInFlight","WritableStreamClose","AcquireWritableStreamDefaultWriter","WritableStreamDefaultWriter","_writer","_writableStreamController","_writeRequests","_inFlightWriteRequest","_closeRequest","_inFlightCloseRequest","_pendingAbortRequest","_backpressure","_promise","wasAlreadyErroring","_resolve","_reject","_reason","_wasAlreadyErroring","WritableStreamStartErroring","closeRequest","defaultWriterReadyPromiseResolve","closeSentinel","WritableStreamDefaultControllerAdvanceQueueIfNeeded","WritableStreamDealWithRejection","WritableStreamFinishErroring","WritableStreamDefaultWriterEnsureReadyPromiseRejected","WritableStreamHasOperationMarkedInFlight","storedError","writeRequest","WritableStreamRejectCloseAndClosedPromiseIfNeeded","abortRequest","defaultWriterClosedPromiseReject","WritableStreamUpdateBackpressure","backpressure","defaultWriterReadyPromiseInitialize","defaultWriterReadyPromiseReset","_ownerWritableStream","defaultWriterReadyPromiseInitializeAsResolved","defaultWriterClosedPromiseInitialize","defaultWriterReadyPromiseInitializeAsRejected","defaultWriterClosedPromiseResolve","defaultWriterClosedPromiseInitializeAsRejected","IsWritableStreamDefaultWriter","defaultWriterBrandCheckException","defaultWriterLockException","WritableStreamDefaultControllerGetDesiredSize","WritableStreamDefaultWriterGetDesiredSize","_readyPromise","WritableStreamDefaultWriterAbort","WritableStreamDefaultWriterClose","WritableStreamDefaultWriterRelease","WritableStreamDefaultWriterWrite","WritableStreamDefaultWriterEnsureClosedPromiseRejected","_closedPromiseState","defaultWriterClosedPromiseResetToRejected","_readyPromiseState","defaultWriterReadyPromiseReject","defaultWriterReadyPromiseResetToRejected","releasedError","_strategySizeAlgorithm","chunkSizeE","WritableStreamDefaultControllerErrorIfNeeded","WritableStreamDefaultControllerGetChunkSize","WritableStreamAddWriteRequest","enqueueE","_controlledWritableStream","WritableStreamDefaultControllerGetBackpressure","WritableStreamDefaultControllerWrite","IsWritableStreamDefaultController","WritableStreamDefaultControllerError","_abortAlgorithm","WritableStreamDefaultControllerClearAlgorithms","_writeAlgorithm","_closeAlgorithm","WritableStreamMarkCloseRequestInFlight","sinkClosePromise","WritableStreamFinishInFlightClose","WritableStreamFinishInFlightCloseWithError","WritableStreamDefaultControllerProcessClose","WritableStreamMarkFirstWriteRequestInFlight","sinkWritePromise","WritableStreamFinishInFlightWrite","WritableStreamFinishInFlightWriteWithError","WritableStreamDefaultControllerProcessWrite","_readyPromise_resolve","_readyPromise_reject","NativeDOMException","DOMException","DOMException$1","_a","isDOMExceptionConstructor","createDOMExceptionPolyfill","ReadableStreamPipeTo","signal","shuttingDown","currentWrite","actions","shutdownWithAction","action","aborted","addEventListener","isOrBecomesErrored","shutdown","isOrBecomesClosed","WritableStreamDefaultWriterCloseWithErrorPropagation","destClosed","waitForWritesToFinish","oldCurrentWrite","originalIsError","originalError","doTheRest","newError","isError","removeEventListener","resolveLoop","rejectLoop","resolveRead","rejectRead","ReadableStreamDefaultController","IsReadableStreamDefaultController","defaultControllerBrandCheckException$1","ReadableStreamDefaultControllerGetDesiredSize","ReadableStreamDefaultControllerCanCloseOrEnqueue","ReadableStreamDefaultControllerClose","ReadableStreamDefaultControllerEnqueue","ReadableStreamDefaultControllerError","ReadableStreamDefaultControllerClearAlgorithms","_controlledReadableStream","ReadableStreamDefaultControllerCallPullIfNeeded","ReadableStreamDefaultControllerShouldCallPull","SetUpReadableStreamDefaultController","convertUnderlyingSourceCancelCallback","convertUnderlyingSourcePullCallback","convertUnderlyingSourceStartCallback","convertReadableStreamType","convertReadableStreamReaderMode","convertPipeOptions","isAbortSignal","assertAbortSignal","rawUnderlyingSource","underlyingSource","convertUnderlyingDefaultOrByteSource","InitializeReadableStream","SetUpReadableStreamDefaultControllerFromUnderlyingSource","streamBrandCheckException$1","rawOptions","convertReaderOptions","AcquireReadableStreamBYOBReader","pipeThrough","rawTransform","convertReadableWritablePair","destination","branches","cloneForBranch2","reason1","reason2","branch1","branch2","resolveCancelPromise","reading","canceled1","canceled2","cancelPromise","value1","value2","CreateReadableStream","compositeReason","cancelResult","ReadableStreamTee","impl","AcquireReadableStreamAsyncIterator","convertIteratorOptions","convertQueuingStrategyInit","byteLengthSizeFunction","ByteLengthQueuingStrategy","_byteLengthQueuingStrategyHighWaterMark","IsByteLengthQueuingStrategy","byteLengthBrandCheckException","countSizeFunction","CountQueuingStrategy","_countQueuingStrategyHighWaterMark","IsCountQueuingStrategy","countBrandCheckException","convertTransformerFlushCallback","convertTransformerStartCallback","convertTransformerTransformCallback","rawTransformer","rawWritableStrategy","rawReadableStrategy","writableStrategy","readableStrategy","transformer","readableType","writableType","convertTransformer","readableHighWaterMark","readableSizeAlgorithm","writableHighWaterMark","writableSizeAlgorithm","startPromise_resolve","startPromise","_transformStreamController","_backpressureChangePromise","_writable","TransformStreamDefaultControllerPerformTransform","TransformStreamDefaultSinkWriteAlgorithm","TransformStreamError","TransformStreamDefaultSinkAbortAlgorithm","_readable","flushPromise","_flushAlgorithm","TransformStreamDefaultControllerClearAlgorithms","TransformStreamDefaultSinkCloseAlgorithm","TransformStreamSetBackpressure","TransformStreamDefaultSourcePullAlgorithm","TransformStreamErrorWritableAndUnblockWrite","CreateWritableStream","_backpressureChangePromise_resolve","InitializeTransformStream","TransformStreamDefaultController","transformAlgorithm","TransformStreamDefaultControllerEnqueue","transformResultE","flushAlgorithm","_controlledTransformStream","_transformAlgorithm","SetUpTransformStreamDefaultController","SetUpTransformStreamDefaultControllerFromTransformer","IsTransformStream","streamBrandCheckException","IsTransformStreamDefaultController","defaultControllerBrandCheckException","readableController","TransformStreamDefaultControllerTerminate","ReadableStreamDefaultControllerHasBackpressure","extendStatics","__proto__","__extends","isStreamConstructor","startCalled","isReadableStream","isWritableStream","isTransformStream","supportsByobReader","createWrappingReadableSource","parseReadableType","WrappingReadableByteStreamSource","WrappingReadableStreamDefaultSource","typeString","AbstractWrappingReadableStreamSource","underlyingStream","_underlyingReader","_readerMode","_pendingRead","_underlyingStream","_attachDefaultReader","_detachReader","_attachReader","_this","_finishPendingRead","_pullWithDefaultReader","_tryClose","_setPendingRead","readPromise","pendingRead","finishRead","afterRead","_super","supportsByob","_supportsByob","_attachByobReader","_pullWithByobRequest","to","fromArray","createWrappingWritableSink","WrappingWritableStreamSink","underlyingWriter","_pendingWrite","_underlyingWriter","_errorPromise","_errorPromiseReject","_finishErroring","_startErroring","race","_setPendingWrite","_finishPendingWrite","writePromise","pendingWrite","finishWrite","afterWrite","createWrappingTransformer","WrappingTransformStreamTransformer","_onRead","_onError","_flushReject","_onTerminate","_flushResolve","_flushPromise","readerClosed","isReadableStreamConstructor","byteSourceSupported","supportsByteSource","isTransformStreamConstructor","isWritableStreamConstructor","sink","isBN","negative","words","red","_init","wordSize","parseHex","parseBase","cmp","_initNumber","_initArray","_parseHex","_parseBase","strip","limbLen","limbPow","imuln","_iaddn","_expand","_normSign","inspect","zeros","groupSizes","groupBases","smallMulTo","out","ncarry","rword","maxJ","groupSize","groupBase","modn","idivn","toJSON","toBuffer","ArrayType","reqLength","littleEndian","andln","iushrn","_countBits","clz32","_zeroBits","zeroBits","toTwos","width","inotn","iaddn","fromTwos","testn","notn","ineg","isNeg","neg","iuor","ior","uor","iuand","iand","uand","iuxor","ixor","uxor","bytesNeeded","bitsLeft","setn","bit","wbit","comb10MulTo","mid","a0","al0","ah0","a1","al1","ah1","a2","al2","ah2","a3","al3","ah3","a4","al4","ah4","a5","al5","ah5","a6","al6","ah6","a7","al7","ah7","a8","al8","ah8","a9","al9","ah9","bl0","bh0","bl1","bh1","bl2","bh2","bl3","bh3","bl4","bh4","bl5","bh5","bl6","bh6","bl7","bh7","bl8","bh8","bl9","bh9","jumboMulTo","FFTM","mulp","mulTo","hncarry","bigMulTo","makeRBT","N","revBin","rb","rbt","rws","iws","rtws","itws","rtwdf","cos","PI","itwdf","sin","rtwdf_","itwdf_","re","ie","ro","io","guessLen13b","odd","conjugate","normalize13b","ws","convert13b","stub","ph","rwst","iwst","nrws","nrwst","niwst","rmws","mulf","muln","sqr","isqr","toBitArray","iushln","carryMask","newCarry","ishln","hint","extended","maskedWords","ishrn","shln","ushln","shrn","ushrn","imaskn","maskn","isubn","addn","iabs","_ishlnsubmul","_wordDiv","bhi","diff","qj","div","divmod","positive","divn","umod","divRound","dm","r2","acc","egcd","yp","xp","im","isOdd","jm","_invmp","delta","cmpn","invm","bincn","ucmp","gtn","gten","ltn","lten","eqn","Red","toRed","ctx","convertTo","_forceRed","fromRed","convertFrom","forceRed","redAdd","redIAdd","redSub","redISub","redShl","shl","redMul","_verify2","redIMul","redSqr","_verify1","redISqr","redSqrt","sqrt","redInvm","redNeg","redPow","primes","k256","p224","p192","p25519","MPrime","_tmp","K256","P224","P192","P25519","prime","_prime","Mont","rinv","minv","ireduce","imulK","mod3","nOne","lpow","inv","wnd","currentLen","mont","nred","minAssert","minUtils","getNAF","naf","getJSF","jsf","d1","d2","m8","m14","m24","cachedProperty","computer","parseBytes","intFromLE","Rand","_rand","getByte","BaseCurve","conf","pointFromJSON","gRed","_wnafT1","_wnafT2","_wnafT3","_wnafT4","adjustCount","redN","_maxwellTrick","BasePoint","precomputed","point","_fixedNafMul","doubles","_getDoubles","step","repr","nafW","jpoint","mixedAdd","points","toP","_wnafMul","nafPoints","_getNAFPoints","dblp","_wnafMulAdd","defW","coeffs","jacobianResult","wndWidth","comb","toJ","ja","jb","decodePoint","pointFromX","encodeCompressed","_encode","compact","getX","getY","precompute","beta","_getBeta","_hasDoubles","dbl","ShortCurve","Base","tinv","zeroA","threeA","endo","_getEndomorphism","_endoWnafT1","_endoWnafT2","Point","isRed","inf","JPoint","zOne","MontCurve","i4","a24","lambda","betas","_getEndoRoots","lambdas","basis","vec","_getEndoBasis","ntinv","prevR","aprxSqrt","len1","_endoSplit","v1","v2","ax","rhs","_endoWnafMulAdd","npoints","ncoeffs","fromJSON","pre","endoMul","JSON","obj2point","isInfinity","nx","ny","ys1","dyinv","mulAdd","jmulAdd","_precompute","negate","zinv","zinv2","ay","pz2","nz","jx","jy","jz","jz4","jyd","jx2","jyd2","jyd4","dny","_zeroDbl","_threeDbl","_dbl","yyyy","yyyy8","c8","gamma","alpha","beta4","beta8","ggamma8","jy2","jxd4","jyd8","trpl","zz","mm","ee","yyu4","kbase","pz3","eqXToP","zs","xc","normalize","diffAdd","da","cb","jumlAdd","EdwardsCurve","twisted","mOneA","oneC","_mulA","_mulC","lhs","pointFromY","_extDbl","nt","_projDbl","_extAdd","_projAdd","require$$0","short","require$$1","require$$2","edwards","require$$3","ft_1","sha1_K","SHA1","require$$4","Hmac","inner","outer","sha","hmac","PresetCurve","defineCurve","cofactor","HmacDRBG","predResist","minEntropy","_reseed","reseedInterval","entropyEnc","nonceEnc","pers","persEnc","_hmac","kmac","reseed","addEnc","KeyPair","_importPrivate","privEnc","_importPublic","pubEnc","fromPublic","fromPrivate","_importDER","recoveryParam","Position","place","getLength","initial","octetLen","rmPadding","constructLength","octets","slen","toDER","backHalf","EC","nh","drbg","ns2","_truncateToN","truncOnly","truncateMsg","bkey","ns1","iter","kp","kpX","canonical","_verify","sinv","recoverPubKey","isYOdd","isSecondKey","rInv","getKeyRecoveryParam","Qprime","_secret","isPoint","_pub","_pubBytes","fromSecret","encodePoint","lastIx","encodingLength","decodeInt","privBytes","getSecret","pubBytes","_R","_S","_Rencoded","Rencoded","_Sencoded","Sencoded","encodeInt","toBytes","EDDSA","pointClass","keyFromSecret","hashInt","messagePrefix","s_","makeSignature","SG","normed","xIsOdd","require$$5"],"mappings":";6GAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxBC,cACEC,QACAC,KAAKT,GAAsB,IAAIU,SAAQ,CAACC,EAASC,KAC/CH,KAAKP,GAAsBS,EAC3BF,KAAKN,GAAqBS,CAAM,IAElCH,KAAKT,GAAoBa,OAAM,UAuCnC,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAaV,MAAMW,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,EAETV,KAAKe,OAAST,CAChB,CAvDAV,EAAYoB,UAAUT,UAAY,WAIhC,YAH2BU,IAAvBjB,KAAKL,KACPK,KAAKL,GAAgB,GAEhB,CACLuB,KAAMC,gBACEnB,KAAKT,GACPS,KAAKL,KAAkBK,KAAKoB,OACvB,CAAEC,WAAOJ,EAAWK,MAAM,GAE5B,CAAED,MAAOrB,KAAKA,KAAKL,MAAkB2B,MAAM,IAGxD,EAEA1B,EAAYoB,UAAUO,UAAYJ,eAAeK,SACzCxB,KAAKT,GACX,MAAMkC,EAASD,EAAKxB,KAAK0B,MAAM1B,KAAKL,KAEpC,OADAK,KAAKoB,OAAS,EACPK,CACT,EAEA7B,EAAYoB,UAAUW,MAAQ,WAC5B,MAAMA,EAAQ,IAAI/B,EAIlB,OAHA+B,EAAMpC,GAAsBS,KAAKT,GAAoBqC,MAAK,KACxDD,EAAME,QAAQ7B,KAAK,IAEd2B,CACT,EAkCAlB,EAAOO,UAAUc,MAAQX,eAAeY,GACtC/B,KAAKe,OAAOc,KAAKE,EACnB,EAOAtB,EAAOO,UAAUgB,MAAQb,iBACvBnB,KAAKe,OAAOtB,IACd,EAOAgB,EAAOO,UAAUiB,MAAQd,eAAee,GAEtC,OADAlC,KAAKe,OAAOrB,GAAmBwC,GACxBA,CACT,EAOAzB,EAAOO,UAAUJ,YAAc,aCxG/B,MAAMuB,EAAuC,iBAAvBC,EAAWC,SACQ,iBAAhCD,EAAWC,QAAQC,SAEtBC,EAAqBJ,QAAU,EAOrC,SAASK,EAASlC,GAChB,OAAID,EAAcC,GACT,QAEL8B,EAAWK,gBAAkBL,EAAWK,eAAezB,UAAU0B,cAAcpC,GAC1E,MAELqC,GAA0BA,EAAuB3B,UAAU0B,cAAcpC,GACpE,WAELiC,GAAsBA,EAAmBvB,UAAU0B,cAAcpC,GAC5D,UAELA,IAASA,EAAMC,YACV,UAGX,CAOA,SAASqC,EAAatC,GACpB,OAAOuC,WAAW7B,UAAU0B,cAAcpC,EAC5C,CAOA,SAASwC,EAAiBC,GACxB,GAAsB,IAAlBA,EAAO3B,OAAc,OAAO2B,EAAO,GAEvC,IAAIC,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIF,EAAO3B,OAAQ6B,IAAK,CACtC,IAAKL,EAAaG,EAAOE,IACvB,MAAUC,MAAM,8DAGlBF,GAAeD,EAAOE,GAAG7B,OAG3B,MAAMK,EAAS,IAAIoB,WAAWG,GAC9B,IAAIG,EAAM,EAMV,OALAJ,EAAOK,SAAQ,SAAUC,GACvB5B,EAAO6B,IAAID,EAASF,GACpBA,GAAOE,EAAQjC,UAGVK,CACT,CC/DA,MAAM8B,EAAapB,QAAU,EACvBI,EAAqBJ,QAAU,EAOrC,IAAIqB,EACAC,EAEJ,GAAIlB,EAAoB,CAOtBiB,EAAY,SAASE,GACnB,IAAIC,GAAW,EACf,OAAO,IAAIhB,EAAuB,CAChCiB,MAAMC,GACJH,EAAWI,QACXJ,EAAWK,GAAG,QAAQhC,IAChB4B,IAGAJ,EAAWS,SAASjC,KACtBA,EAAQ,IAAIc,WAAWd,EAAMkC,OAAQlC,EAAMmC,WAAYnC,EAAMoC,aAE/DN,EAAWO,QAAQrC,GACnB2B,EAAWI,QAAO,IAEpBJ,EAAWK,GAAG,OAAO,KACfJ,GAGJE,EAAW7B,OAAO,IAEpB0B,EAAWK,GAAG,SAASM,GAAKR,EAAWS,MAAMD,MAE/CE,OACEb,EAAWc,UAEbC,OAAOvC,GACLyB,GAAW,EACXD,EAAWgB,QAAQxC,OAMzB,MAAMyC,UAAqBpC,EACzBzC,YAAY8E,EAAWC,GACrB9E,MAAM8E,GACN7E,KAAK8E,QAAUC,EAAkBH,GAGnCzD,YAAY6D,GACV,IACE,OAAa,CACX,MAAM1D,KAAEA,EAAID,MAAEA,SAAgBrB,KAAK8E,QAAQ5D,OAC3C,GAAII,EAAM,CACRtB,KAAK6B,KAAK,MACV,MAEF,IAAK7B,KAAK6B,KAAKR,GACb,OAGJ,MAAOgD,GACPrE,KAAK0E,QAAQL,IAIjBlD,eAAemD,EAAOW,GACpBjF,KAAK8E,QAAQL,OAAOH,GAAO1C,KAAKqD,EAAUA,IAU9CxB,EAAY,SAASmB,EAAWC,GAC9B,OAAO,IAAIF,EAAaC,EAAWC,GAGvC,CC1FA,MAAMK,EAAiB,IAAIC,QACrBC,EAAiB5F,OAAO,kBAS9B,SAAS6F,EAAO/E,GAKd,GAJAN,KAAKe,OAAST,EACVA,EAAM8E,KACRpF,KAAKoF,GAAkB9E,EAAM8E,GAAgB1D,SAE3C4D,EAAsBhF,GAAQ,CAChC,MAAMiF,EAASjF,EAAMC,YAIrB,OAHAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,YACpB1F,KAAK2F,QAAUxE,aAGjB,IAAIyE,EAAaC,EAAiBvF,GAIlC,GAHmB,SAAfsF,IACFtF,EAAQwF,EAAkBxF,IAExBsF,EAAY,CACd,MAAML,EAASjF,EAAMC,YAOrB,OANAP,KAAKwF,MAAQD,EAAOrE,KAAKuE,KAAKF,GAC9BvF,KAAK0F,aAAe,KAClBH,EAAO1E,OAAOT,OAAM,eACpBmF,EAAO3E,aAAa,OAEtBZ,KAAK2F,QAAUJ,EAAOd,OAAOgB,KAAKF,IAGpC,IAAIQ,GAAc,EAClB/F,KAAKwF,MAAQrE,SACP4E,GAAeb,EAAec,IAAI1F,GAC7B,CAAEe,WAAOJ,EAAWK,MAAM,IAEnCyE,GAAc,EACP,CAAE1E,MAAOf,EAAOgB,MAAM,IAE/BtB,KAAK0F,aAAe,KAClB,GAAIK,EACF,IACEb,EAAee,IAAI3F,GACnB,MAAM+D,KAGd,CAOAgB,EAAOrE,UAAUE,KAAOC,iBACtB,GAAInB,KAAKoF,IAAmBpF,KAAKoF,GAAgBhE,OAAQ,CAEvD,MAAO,CAAEE,MAAM,EAAOD,MADRrB,KAAKoF,GAAgBc,SAGrC,OAAOlG,KAAKwF,OACd,EAKAH,EAAOrE,UAAUJ,YAAc,WACzBZ,KAAKoF,KACPpF,KAAKe,OAAOqE,GAAkBpF,KAAKoF,IAErCpF,KAAK0F,cACP,EAKAL,EAAOrE,UAAUyD,OAAS,SAASvC,GACjC,OAAOlC,KAAK2F,QAAQzD,EACtB,EAOAmD,EAAOrE,UAAUmF,SAAWhF,iBAC1B,IACIiF,EADAnC,EAAS,GAEb,MAAQmC,GAAW,CACjB,IAAI9E,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OAEjC,GADAG,GAAS,GACLC,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAEF,MAAMqC,EAAejF,EAAMkF,QAAQ,MAAQ,EACvCD,IACFF,EAAYC,EAAepC,EAAOuC,OAAOnF,EAAMoF,OAAO,EAAGH,KACzDrC,EAAS,IAEPqC,IAAiBjF,EAAMD,QACzB6C,EAAOpC,KAAKR,EAAMoF,OAAOH,IAI7B,OADAtG,KAAK0G,WAAWzC,GACTmC,CACT,EAOAf,EAAOrE,UAAU2F,SAAWxF,iBAC1B,MAAMG,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,OACV,MAAMsF,EAAOvF,EAAM,GAEnB,OADArB,KAAK0G,QAAQG,EAAcxF,EAAO,IAC3BuF,CACT,EAOAvB,EAAOrE,UAAU8F,UAAY3F,eAAeC,GAC1C,MAAM6C,EAAS,GACf,IAAI8C,EAAe,EACnB,OAAa,CACX,MAAMzF,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EACF,OAAI2C,EAAO7C,OAAeiF,EAAepC,QACzC,EAIF,GAFAA,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgB3F,EAAQ,CAC1B,MAAM4F,EAAeX,EAAepC,GAEpC,OADAjE,KAAK0G,QAAQG,EAAcG,EAAc5F,IAClCyF,EAAcG,EAAc,EAAG5F,IAG5C,EAOAiE,EAAOrE,UAAUiG,UAAY9F,eAAeC,GAC1C,MAAM8F,QAAclH,KAAK8G,UAAU1F,GAEnC,OADApB,KAAK0G,QAAQQ,GACNA,CACT,EAOA7B,EAAOrE,UAAU0F,QAAU,YAAYS,GAChCnH,KAAKoF,KACRpF,KAAKoF,GAAkB,IAGL,IAAlB+B,EAAO/F,QAAgBwB,EAAauE,EAAO,KAC3CnH,KAAKoF,GAAgBhE,QAAU+F,EAAO,GAAG/F,QACzCpB,KAAKoF,GAAgB,GAAGlB,YAAciD,EAAO,GAAG/F,OAEhDpB,KAAKoF,GAAgB,GAAK,IAAIvC,WAC5B7C,KAAKoF,GAAgB,GAAGnB,OACxBjE,KAAKoF,GAAgB,GAAGlB,WAAaiD,EAAO,GAAG/F,OAC/CpB,KAAKoF,GAAgB,GAAGjB,WAAagD,EAAO,GAAG/F,QAInDpB,KAAKoF,GAAgBsB,WAAWS,EAAOC,QAAO/F,GAASA,GAASA,EAAMD,SACxE,EAQAiE,EAAOrE,UAAUO,UAAYJ,eAAeK,EAAK6E,GAC/C,MAAM5E,EAAS,GACf,OAAa,CACX,MAAMH,KAAEA,EAAID,MAAEA,SAAgBrB,KAAKkB,OACnC,GAAII,EAAM,MACVG,EAAOI,KAAKR,GAEd,OAAOG,EAAKC,EACd,ECnMA,IAEI4F,EAAoBC,GAFpB7E,eAAEA,EAAc8E,eAAEA,EAAcC,gBAAEA,GAAoBpF,EAI1DjB,eAAesG,IACb,GAAID,EACF,OAGF,MAAOE,EAAUC,SAAiB1H,QAAQ2H,IAAI,CAC5C3H,gDACAA,oDAGCwC,iBAAgB8E,iBAAgBC,mBAAoBE,GAEvD,MAAMG,4BAAEA,GAAgCF,EAEpCvF,EAAWK,gBAAkBA,IAAmBL,EAAWK,iBAC7D4E,EAAqBQ,EAA4BpF,GACjD6E,EAAmBO,EAA4BzF,EAAWK,gBAE9D,CAEA,MAAMc,EAAapB,QAAU,EAO7B,SAAS2F,EAASxH,GAChB,IAAIsF,EAAapD,EAASlC,GAC1B,MAAmB,SAAfsF,EACKpC,EAAUlD,GAEA,QAAfsF,GAAwByB,EACnBA,EAAmB/G,GAExBsF,EACKtF,EAEF,IAAImC,EAAe,CACxBmB,MAAMC,GACJA,EAAWO,QAAQ9D,GACnBuD,EAAW7B,UAGjB,CAOA,SAAS+F,EAAczH,GACrB,GAAIkC,EAASlC,GACX,OAAOA,EAET,MAAMS,EAAS,IAAInB,EAMnB,MALA,WACE,MAAMc,EAASC,EAAUI,SACnBL,EAAOoB,MAAMxB,SACbI,EAAOsB,OACd,EAJD,GAKOjB,CACT,CAQA,SAASyF,EAAOwB,GACd,OAAIA,EAAKC,MAAKlH,GAAUyB,EAASzB,KAAYV,EAAcU,KAoB7D,SAAsBiH,GACpBA,EAAOA,EAAKE,IAAIJ,GAChB,MAAMK,EAAYC,GAAoBjH,eAAee,SAC7CjC,QAAQ2H,IAAIS,EAAWH,KAAInH,GAAU0D,EAAO1D,EAAQmB,SAE5D,IAAIoG,EAAOrI,QAAQC,UACnB,MAAMmI,EAAaL,EAAKE,KAAI,CAACnH,EAAQkC,IAAMsF,EAAcxH,GAAQ,CAACyH,EAAUC,KAC1EH,EAAOA,EAAK1G,MAAK,IAAM8G,EAAKF,EAAUL,EAAUM,SAAU,CACxDE,aAAc1F,IAAM+E,EAAK5G,OAAS,MAE7BkH,OAET,OAAOH,EAAUK,QACnB,CAhCWI,CAAaZ,GAElBA,EAAKC,MAAKlH,GAAUV,EAAcU,KAqCxC,SAA2BiH,GACzB,MAAMvG,EAAS,IAAI7B,EACnB,IAAI0I,EAAOrI,QAAQC,UAOnB,OANA8H,EAAK5E,SAAQ,CAACrC,EAAQkC,KACpBqF,EAAOA,EAAK1G,MAAK,IAAM8G,EAAK3H,EAAQU,EAAQ,CAC1CkH,aAAc1F,IAAM+E,EAAK5G,OAAS,MAE7BkH,KAEF7G,CACT,CA9CWoH,CAAkBb,GAEJ,iBAAZA,EAAK,GACPA,EAAKxG,KAAK,IAEf+B,GAAcA,EAAWS,SAASgE,EAAK,IAClCzE,EAAWiD,OAAOwB,GAEpBlF,EAAiBkF,EAC1B,CA4CA,SAASzH,EAAUD,GACjB,OAAO,IAAI+E,EAAO/E,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CAUAa,eAAeuH,EAAKpI,EAAOwI,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIxG,EAASlC,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQwH,EAASxH,GACjB,IACE,GAAIA,EAAM8E,GAAiB,CACzB,MAAM1E,EAASC,EAAUmI,GACzB,IAAK,IAAI7F,EAAI,EAAGA,EAAI3C,EAAM8E,GAAgBhE,OAAQ6B,UAC1CvC,EAAOuI,YACPvI,EAAOoB,MAAMxB,EAAM8E,GAAgBnC,IAE3CvC,EAAOE,oBAEHN,EAAM4I,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,kBAEF,MAAM3E,IACR,OAGF,MAAMkB,EAAShF,EADfD,EAAQyH,EAAczH,IAEhBI,EAASC,EAAUmI,GACzB,IACE,OAAa,OACLpI,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACHqH,SAAoBjI,EAAOsB,QAChC,YAEItB,EAAOoB,MAAMT,IAErB,MAAOgD,GACF0E,SAAoBrI,EAAOuB,MAAMoC,WAEtCkB,EAAO3E,cACPF,EAAOE,cAEX,CAQA,SAASuI,EAAa7I,EAAOuE,GAC3B,MAAMuE,EAAkB,IAAI5B,EAAgB3C,GAE5C,OADA6D,EAAKpI,EAAO8I,EAAgBX,UACrBW,EAAgBZ,QACzB,CAOA,SAASJ,EAAoBiB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLlB,SAAU,IAAI/F,EAAe,CAC3BmB,MAAMC,GACJ2F,EAAmB3F,GAErBU,OACM+E,EACFA,IAEAG,GAAS,GAGbtI,aAAae,GACXwH,GAAY,EACRL,SACIA,EAAanH,GAEjBqH,GACFA,EAAgCrH,KAGnC,CAACyH,cAAe,IACnBlB,SAAU,IAAIlB,EAAe,CAC3BzF,MAAOX,eAAeY,GACpB,GAAI2H,EACF,MAAUxG,MAAM,uBAElBsG,EAAiBpF,QAAQrC,GACpB0H,EAQHA,GAAS,SAPH,IAAIxJ,SAAQ,CAACC,EAASC,KAC1BmJ,EAAmCpJ,EACnCqJ,EAAkCpJ,CAAM,IAE1CmJ,EAAmC,KACnCC,EAAkC,OAKtCvH,MAAOwH,EAAiBxH,MAAMyD,KAAK+D,GACnCvH,MAAOuH,EAAiBlF,MAAMmB,KAAK+D,KAGzC,CASA,SAASrB,EAAU7H,EAAO+B,EAAU,MAAe,GAAEuH,EAAS,MAAe,IAC3E,GAAIvJ,EAAcC,GAAQ,CACxB,MAAMuJ,EAAS,IAAIjK,EAgBnB,MAfA,WACE,MAAMc,EAASC,EAAUkJ,GACzB,IACE,MAAMC,QAAavI,EAAUjB,GACvByJ,EAAU1H,EAAQyH,GAClBE,EAAUJ,IAChB,IAAInI,EACgDA,OAApCR,IAAZ8I,QAAqC9I,IAAZ+I,EAAgCxD,EAAO,CAACuD,EAASC,SACpD/I,IAAZ8I,EAAwBA,EAAUC,QAC1CtJ,EAAOoB,MAAML,SACbf,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EAdD,GAeOwF,EAET,GAAIrH,EAASlC,GACX,OAAO6I,EAAa7I,EAAO,CACzBa,gBAAgBE,EAAOwC,GACrB,IACE,MAAMpC,QAAeY,EAAQhB,QACdJ,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,KAGrBlD,YAAY0C,GACV,IACE,MAAMpC,QAAemI,SACN3I,IAAXQ,GAAsBoC,EAAWO,QAAQ3C,GAC7C,MAAM4C,GACNR,EAAWS,MAAMD,OAKzB,MAAM0F,EAAU1H,EAAQ/B,GAClB0J,EAAUJ,IAChB,YAAgB3I,IAAZ8I,QAAqC9I,IAAZ+I,EAA8BxD,EAAO,CAACuD,EAASC,SACzD/I,IAAZ8I,EAAwBA,EAAUC,CAC3C,CAWA,SAASzB,EAAcjI,EAAO2J,GAC5B,GAAIzH,EAASlC,KAAWD,EAAcC,GAAQ,CAC5C,IAAI4J,EACJ,MAAMC,EAAW,IAAI3C,EAAgB,CACnC5D,MAAMC,GACJqG,EAA8BrG,KAI5BuG,EAAkB1B,EAAKpI,EAAO6J,EAAS1B,UAEvC4B,EAAWjC,GAAoBjH,eAAee,GAClDgI,EAA4B5F,MAAMpC,SAC5BkI,QACA,IAAInK,QAAQqK,eAGpB,OADAL,EAAGE,EAAS3B,SAAU6B,EAAS5B,UACxB4B,EAAS7B,SAElBlI,EAAQyH,EAAczH,GACtB,MAAMuJ,EAAS,IAAIjK,EAEnB,OADAqK,EAAG3J,EAAOuJ,GACHA,CACT,CAWA,SAASU,EAAMjK,EAAO2J,GACpB,IAAIO,EACJ,MAAMC,EAAclC,EAAcjI,GAAO,CAACkI,EAAUC,KAClD,MAAMlD,EAAShF,EAAUiI,GACzBjD,EAAOmF,UAAY,KACjBnF,EAAO3E,cACP8H,EAAKF,EAAUC,GACRgC,GAETD,EAAcP,EAAG1E,EAAO,IAE1B,OAAOiF,CACT,CA4BA,SAAS7I,EAAMrB,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqB,QAEf,GAAIa,EAASlC,GAAQ,CACnB,MAAMqK,EAxBV,SAAarK,GACX,GAAID,EAAcC,GAChB,MAAU4C,MAAM,qDAElB,GAAIV,EAASlC,GAAQ,CACnB,MAAMqK,EAAO7C,EAASxH,GAAOsK,MAE7B,OADAD,EAAK,GAAGvF,GAAkBuF,EAAK,GAAGvF,GAAkB9E,EAAM8E,GACnDuF,EAET,MAAO,CAACjJ,EAAMpB,GAAQoB,EAAMpB,GAC9B,CAciBsK,CAAItK,GAEjB,OADAuK,EAAUvK,EAAOqK,EAAK,IACfA,EAAK,GAEd,OAAOjJ,EAAMpB,EACf,CAUA,SAASwK,EAAaxK,GACpB,OAAID,EAAcC,GACTqB,EAAMrB,GAEXkC,EAASlC,GACJ,IAAImC,EAAe,CACxBmB,MAAMC,GACJ,MAAM4G,EAAclC,EAAcjI,GAAOa,MAAOqH,EAAUC,KACxD,MAAMlD,EAAShF,EAAUiI,GACnB9H,EAASC,EAAU8H,GACzB,IACE,OAAa,OACL/H,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,IAAMuC,EAAW7B,QAAW,MAAMqC,IAElC,kBADM3D,EAAOsB,QAGf,IAAM6B,EAAWO,QAAQ/C,GAAU,MAAMgD,UACnC3D,EAAOoB,MAAMT,IAErB,MAAMgD,GACNR,EAAWS,MAAMD,SACX3D,EAAOuB,MAAMoC,OAGvBwG,EAAUvK,EAAOmK,MAIhB/I,EAAMpB,EACf,CAQA,SAASuK,EAAUvK,EAAOqB,GAExBoJ,OAAOC,QAAQD,OAAOE,0BAA0B3K,EAAMR,YAAYkB,YAAYoC,SAAQ,EAAE8H,EAAMC,MAC/E,gBAATD,IAGAC,EAAW9J,MACb8J,EAAW9J,MAAQ8J,EAAW9J,MAAMoE,KAAK9D,GAEzCwJ,EAAWC,IAAMD,EAAWC,IAAI3F,KAAK9D,GAEvCoJ,OAAOM,eAAe/K,EAAO4K,EAAMC,GAAW,GAElD,CAOA,SAASzJ,EAAMpB,EAAOgL,EAAM,EAAGC,EAAIC,KACjC,GAAInL,EAAcC,GAChB,MAAU4C,MAAM,mBAElB,GAAIV,EAASlC,GAAQ,CACnB,GAAIgL,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAOtC,EAAa7I,EAAO,CACzB6H,UAAU9G,EAAOwC,GACX4H,EAAYF,GACVE,EAAYpK,EAAMD,QAAUkK,GAC9BzH,EAAWO,QAAQ1C,EAAML,EAAOqK,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAapK,EAAMD,QAEnByC,EAAW+H,eAKnB,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAO1D,EAAU7H,GAAOe,IAClBA,EAAMD,SAAWkK,EAAOO,EAAY,CAACxK,GACpCwK,EAAUhK,KAAKR,EAAM,IACzB,IAAMK,EAAM8E,EAAOqF,GAAYP,EAAOC,KAE3C,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAO1D,EAAU7H,GAAOe,IACtB,MAAMmJ,EAAcqB,EAAYrF,EAAO,CAACqF,EAAWxK,IAAUA,EAC7D,GAAImJ,EAAYpJ,SAAWmK,EAEzB,OADAM,EAAYnK,EAAM8I,EAAae,GACxB7J,EAAM8I,EAAac,EAAOC,GAEjCM,EAAYrB,KAKlB,OADAsB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAU7K,SAAYO,QAAYH,EAAUjB,GAAQgL,EAAOC,KAKpE,OAHIjL,EAAM8E,KACR9E,EAAQkG,EAAOlG,EAAM8E,GAAgBoB,OAAO,CAAClG,OAE3CsC,EAAatC,IAAYiD,GAAcA,EAAWS,SAAS1D,GAIxDA,EAAMoB,MAAM4J,EAAOC,IAHpBA,IAAQC,MAAUD,EAAMjL,EAAMc,QAC3Bd,EAAM2L,SAASX,EAAOC,GAGjC,CASApK,eAAeI,EAAUjB,EAAOkB,EAAKgF,GACnC,OAAInG,EAAcC,GACTA,EAAMiB,UAAUC,GAErBgB,EAASlC,GACJC,EAAUD,GAAOiB,UAAUC,GAE7BlB,CACT,CASAa,eAAesD,EAAOnE,EAAO4B,GAC3B,GAAIM,EAASlC,GAAQ,CACnB,GAAIA,EAAMmE,OACR,OAAOnE,EAAMmE,OAAOvC,GAEtB,GAAI5B,EAAMoE,QAGR,OAFApE,EAAMoE,QAAQxC,SACR,IAAIjC,QAAQqK,YACXpI,EAGb,CAOA,SAAS8J,EAAU/B,GACjB,MAAMiC,EAAc,IAAItM,EAUxB,MATA,WACE,MAAMc,EAASC,EAAUuL,GACzB,UACQxL,EAAOoB,YAAYmI,WACnBvJ,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,GAEtB,EARD,GASO6H,CACT,CCjkBe,MAAMC,EAMnBrM,YAAYsM,GACV,QAAUnL,IAANmL,EACF,MAAUlJ,MAAM,4BAGlB,GAAIkJ,aAAavJ,WAAY,CAC3B,MAAMqE,EAAQkF,EACRC,EAAUxM,MAAMqH,EAAM9F,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAAK,CACrC,MAAMqJ,EAAUpF,EAAMjE,GAAGsJ,SAAS,IAClCF,EAAIpJ,GAAMiE,EAAMjE,IAAM,GAAQ,IAAMqJ,EAAWA,EAEjDtM,KAAKqB,MAAQmL,OAAO,MAAQH,EAAI7K,KAAK,UAErCxB,KAAKqB,MAAQmL,OAAOJ,GAIxBzK,QACE,OAAO,IAAIwK,EAAWnM,KAAKqB,OAM7BoL,OAEE,OADAzM,KAAKqB,QACErB,KAOT0M,MACE,OAAO1M,KAAK2B,QAAQ8K,OAMtBE,OAEE,OADA3M,KAAKqB,QACErB,KAOT4M,MACE,OAAO5M,KAAK2B,QAAQgL,OAOtBE,KAAKC,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTiG,IAAI6G,GACF,OAAO9M,KAAK2B,QAAQkL,KAAKC,GAO3BC,KAAKD,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTgN,IAAIF,GACF,OAAO9M,KAAK2B,QAAQoL,KAAKD,GAO3BG,KAAKH,GAEH,OADA9M,KAAKqB,OAASyL,EAAEzL,MACTrB,KAQTkN,IAAIJ,GACF,OAAO9M,KAAK2B,QAAQsL,KAAKH,GAO3BK,KAAKC,GAKH,OAJApN,KAAKqB,OAAS+L,EAAE/L,MACZrB,KAAKqN,cACPrN,KAAK6M,KAAKO,GAELpN,KAQTsN,IAAIF,GACF,OAAOpN,KAAK2B,QAAQwL,KAAKC,GAS3BG,OAAOlJ,EAAG+H,GACR,GAAIA,EAAEoB,SAAU,MAAMtK,MAAM,yBAC5B,GAAIkJ,EAAEqB,QAAS,OAAO,IAAItB,EAAW,GACrC,GAAI9H,EAAEgJ,aAAc,MAAMnK,MAAM,iCAEhC,IAAIwK,EAAMrJ,EAAEhD,MACRyL,EAAI9M,KAAKqB,MAEbyL,GAAKV,EAAE/K,MACP,IAAIsM,EAAInB,OAAO,GACf,KAAOkB,EAAMlB,OAAO,IAAI,CACtB,MAAMoB,EAAMF,EAAMlB,OAAO,GACzBkB,IAAQlB,OAAO,GAEf,MAAMqB,EAAMF,EAAIb,EAAKV,EAAE/K,MAEvBsM,EAAIC,EAAMC,EAAKF,EACfb,EAAKA,EAAIA,EAAKV,EAAE/K,MAElB,OAAO,IAAI8K,EAAWwB,GAWxBG,OAAO1B,GACL,MAAM2B,IAAEA,EAAGjB,EAAEA,GAAM9M,KAAKgO,MAAM5B,GAC9B,IAAK2B,EAAIN,QACP,MAAUvK,MAAM,0BAElB,OAAO4J,EAAE7G,IAAImG,GAAGkB,IAAIlB,GAStB4B,MAAMC,GACJ,IAAInB,EAAIN,OAAO,GACX0B,EAAI1B,OAAO,GACX2B,EAAQ3B,OAAO,GACf4B,EAAQ5B,OAAO,GAEf6B,EAAIrO,KAAKqB,MAGb,IAFA4M,EAAIA,EAAE5M,MAEC4M,IAAMzB,OAAO,IAAI,CACtB,MAAM8B,EAAID,EAAIJ,EACd,IAAIM,EAAMzB,EACVA,EAAIqB,EAAQG,EAAIxB,EAChBqB,EAAQI,EAERA,EAAML,EACNA,EAAIE,EAAQE,EAAIJ,EAChBE,EAAQG,EAERA,EAAMN,EACNA,EAAII,EAAIJ,EACRI,EAAIE,EAGN,MAAO,CACLzB,EAAG,IAAIX,EAAWgC,GAClBD,EAAG,IAAI/B,EAAWiC,GAClBL,IAAK,IAAI5B,EAAWkC,IASxBN,IAAIE,GACF,IAAII,EAAIrO,KAAKqB,MAEb,IADA4M,EAAIA,EAAE5M,MACC4M,IAAMzB,OAAO,IAAI,CACtB,MAAM+B,EAAMN,EACZA,EAAII,EAAIJ,EACRI,EAAIE,EAEN,OAAO,IAAIpC,EAAWkC,GAOxBG,WAAW1B,GAET,OADA9M,KAAKqB,QAAUyL,EAAEzL,MACVrB,KAQTyO,UAAU3B,GACR,OAAO9M,KAAK2B,QAAQ6M,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADA9M,KAAKqB,QAAUyL,EAAEzL,MACVrB,KAQT2O,WAAW7B,GACT,OAAO9M,KAAK2B,QAAQ+M,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAO9M,KAAKqB,QAAUyL,EAAEzL,MAQ1BwN,GAAG/B,GACD,OAAO9M,KAAKqB,MAAQyL,EAAEzL,MAQxByN,IAAIhC,GACF,OAAO9M,KAAKqB,OAASyL,EAAEzL,MAQzB0N,GAAGjC,GACD,OAAO9M,KAAKqB,MAAQyL,EAAEzL,MAQxB2N,IAAIlC,GACF,OAAO9M,KAAKqB,OAASyL,EAAEzL,MAGzBmM,SACE,OAAOxN,KAAKqB,QAAUmL,OAAO,GAG/BiB,QACE,OAAOzN,KAAKqB,QAAUmL,OAAO,GAG/Ba,aACE,OAAOrN,KAAKqB,MAAQmL,OAAO,GAG7ByC,SACE,QAASjP,KAAKqB,MAAQmL,OAAO,IAG/B0C,MACE,MAAMC,EAAMnP,KAAK2B,QAIjB,OAHI3B,KAAKqN,eACP8B,EAAI9N,OAAS8N,EAAI9N,OAEZ8N,EAOT5C,WACE,OAAOvM,KAAKqB,MAAMkL,WAQpB6C,WACE,MAAMC,EAASC,OAAOtP,KAAKqB,OAC3B,GAAIgO,EAASC,OAAOC,iBAElB,MAAUrM,MAAM,8CAElB,OAAOmM,EAQTG,OAAOvM,GAEL,OADajD,KAAKqB,OAASmL,OAAOvJ,GAAMuJ,OAAO,MAC/BA,OAAO,GAAM,EAAI,EAOnCiD,YACE,MAAMC,EAAO,IAAIvD,EAAW,GACtBwD,EAAM,IAAIxD,EAAW,GACrByD,EAAS,IAAIzD,GAAY,GAIzBrD,EAAS9I,KAAKqN,aAAeuC,EAASF,EAC5C,IAAIG,EAAS,EACb,MAAMtB,EAAMvO,KAAK2B,QACjB,MAAQ4M,EAAIG,YAAYiB,GAAKf,MAAM9F,IACjC+G,IAEF,OAAOA,EAOT1L,aACE,MAAMuL,EAAO,IAAIvD,EAAW,GACtByD,EAAS,IAAIzD,GAAY,GAEzBrD,EAAS9I,KAAKqN,aAAeuC,EAASF,EACtCI,EAAQ,IAAI3D,EAAW,GAC7B,IAAI4D,EAAM,EACV,MAAMxB,EAAMvO,KAAK2B,QACjB,MAAQ4M,EAAIG,YAAYoB,GAAOlB,MAAM9F,IACnCiH,IAEF,OAAOA,EASTC,aAAaC,EAAS,KAAM7O,GAG1B,IAAIiL,EAAMrM,KAAKqB,MAAMkL,SAAS,IAC1BF,EAAIjL,OAAS,GAAM,IACrBiL,EAAM,IAAMA,GAGd,MAAM6D,EAAY7D,EAAIjL,OAAS,EACzB8F,EAAQ,IAAIrE,WAAWzB,GAAU8O,GAEjCC,EAAS/O,EAAUA,EAAS8O,EAAa,EAC/C,IAAIjN,EAAI,EACR,KAAOA,EAAIiN,GACThJ,EAAMjE,EAAIkN,GAAUC,SAAS/D,EAAI3K,MAAM,EAAIuB,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAXgN,GACF/I,EAAMmJ,UAGDnJ,GChcX,MAAMoJ,EAAe,IAAwB,oBAAX9D,OCElC,MAAM+D,EAAU/Q,OAAO,WAEvB,MAAe,CAObgR,MAAO,CAELC,KAAuB,OACvB,QAAuB,OACvBC,UAAuB,OACvBC,WAAuB,OACvB,sBAAuB,OACvB,mBAAuB,OACvB,mBAAuB,OAGvBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,KAAgB,OAChB,QAAgB,OAChBC,UAAgB,OAChB,eAAgB,OAChB,aAAgB,OAChB,aAAgB,OAGhBC,UAAgB,YAChB,eAAgB,YAChB,aAAgB,YAChB,aAAgB,YAGhBC,cAA0B,UAC1BC,QAA0B,UAE1BC,QAA0B,UAC1BC,QAA0B,UAC1B,yBAA0B,UAC1B,qBAA0B,UAC1B,qBAA0B,UAG1BC,iBAA0B,aAC1BC,OAA0B,aAC1BC,QAA0B,aAE1BC,WAA0B,aAC1BC,WAA0B,aAC1B,yBAA0B,aAC1B,uBAA0B,aAC1B,uBAA0B,aAG1BC,gBAAyB,kBACzB,uBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,kBAGzBC,gBAAyB,kBACzB,wBAAyB,kBACzB,qBAAyB,kBACzB,qBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbzB,cAAe,GAEf0B,MAAO,GAEPC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAEN5B,QAAS,GAET6B,MAAO,IAOTC,UAAW,CACTC,UAAW,EAEXC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,IAOVC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXhD,UAAW,EACXiD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,IAOrBC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRpB,UAAW,CAETiB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,OAAQ,GACRC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,IAO3BP,SAAU,CAERQ,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTrH,UAAW,EACXsH,WAAY,EACZzE,UAAW,GAObuD,oBAAqB,CAEnBmB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBtB,SAAU,CAERuB,sBAAuB,EAGvBrF,KAAM,EAGNsF,OAAQ,GAUVjY,MAAO,SAASkY,EAAM3V,GAKpB,GAJiB,iBAANA,IACTA,EAAIrE,KAAKkB,KAAK8Y,EAAM3V,SAGNpD,IAAZ+Y,EAAK3V,GACP,OAAO2V,EAAK3V,GAGd,MAAUnB,MAAM,wBAUlBhC,KAAM,SAAS8Y,EAAM3V,GAQnB,GAPK2V,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChBxF,OAAOC,QAAQgP,GAAM5W,SAAQ,EAAEwT,EAAKvV,MAClC2Y,EAAKzJ,GAASlP,GAASuV,CAAG,UAIL3V,IAArB+Y,EAAKzJ,GAASlM,GAChB,OAAO2V,EAAKzJ,GAASlM,GAGvB,MAAUnB,MAAM,yBC3dpB,MAAM+W,EAAY,MAChB,IACE,MAAgC,gBAAzB5X,QAAQ6X,IAAIC,SACnB,MAAO9V,IACT,OAAO,CACR,EALiB,GAOZ+V,EAAO,CACXC,SAAU,SAASvQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBwQ,QAGrD9Z,QAAS,SAASsJ,GAChB,OAAOA,aAAgBjK,OAGzB+C,aAAc2X,EAEd/X,SAAUgY,EAEVC,WAAY,SAAUvT,GACpB,IAAIkF,EAAI,EACR,IAAK,IAAInJ,EAAI,EAAGA,EAAIiE,EAAM9F,OAAQ6B,IAChCmJ,GAAM,KAAOnJ,EAAKiE,EAAMA,EAAM9F,OAAS,EAAI6B,GAE7C,OAAOmJ,GAGTsO,YAAa,SAAUtO,EAAGlF,GACxB,MAAM+G,EAAI,IAAIpL,WAAWqE,GACzB,IAAK,IAAIjE,EAAI,EAAGA,EAAIiE,EAAOjE,IACzBgL,EAAEhL,GAAMmJ,GAAM,GAAKlF,EAAQjE,EAAI,GAAO,IAGxC,OAAOgL,GAGT0M,SAAU,SAAUzT,GAClB,MAAMkF,EAAIgO,EAAKK,WAAWvT,GAE1B,OADU,IAAI0T,KAAS,IAAJxO,IAIrByO,UAAW,SAAUC,GACnB,MAAMC,EAAUrP,KAAKsP,MAAMF,EAAKG,UAAY,KAE5C,OAAOb,EAAKM,YAAYK,EAAS,IAGnCG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAStP,IAAWsP,EAAO,IAAIF,KAAgC,IAA3BlP,KAAKsP,OAAOF,EAAO,OAQjFM,QAAS,SAAUlU,GACjB,MACMmU,GADQnU,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAC/B,OAAOA,EAAM+E,SAAS,EAAG,EAAIoP,IAS/BC,QAAQpU,EAAO9F,GACb,MAAMma,EAAS,IAAI1Y,WAAWzB,GACxB+O,EAAS/O,EAAS8F,EAAM9F,OAE9B,OADAma,EAAOjY,IAAI4D,EAAOiJ,GACXoL,GAQTC,gBAAiB,SAAUC,GACzB,MAAMC,EAAUtB,EAAKuB,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUxY,MAAM,YAElB,MAAM0Y,EAAWH,EAAIxP,SAASwP,EAAIra,OAASsK,KAAKmQ,KAAKH,EAAU,IACzDI,EAAS,IAAIjZ,WAAW,EAAY,MAAV6Y,IAAqB,EAAa,IAAVA,IACxD,OAAOtB,EAAKtX,iBAAiB,CAACgZ,EAAQF,KAQxCD,oBAAqB,SAAUF,GAC7B,IAAIxY,EACJ,IAAKA,EAAI,EAAGA,EAAIwY,EAAIra,QAA4B,IAAXqa,EAAIxY,GAAbA,KAC5B,GAAIA,IAAMwY,EAAIra,OACZ,OAAO,EAET,MAAMwa,EAAWH,EAAIxP,SAAShJ,GAC9B,OAA+B,GAAvB2Y,EAASxa,OAAS,GAASgZ,EAAK2B,MAAMH,EAAS,KAQzDI,gBAAiB,SAAU3P,GACzB,MAAM5K,EAAS,IAAIoB,WAAWwJ,EAAIjL,QAAU,GAC5C,IAAK,IAAI6a,EAAI,EAAGA,EAAI5P,EAAIjL,QAAU,EAAG6a,IACnCxa,EAAOwa,GAAK7L,SAAS/D,EAAI5F,OAAOwV,GAAK,EAAG,GAAI,IAE9C,OAAOxa,GAQTya,gBAAiB,SAAUhV,GACzB,MAAMyG,EAAI,GACJtJ,EAAI6C,EAAM9F,OAChB,IACI+a,EADAC,EAAI,EAER,KAAOA,EAAI/X,GAAG,CAEZ,IADA8X,EAAIjV,EAAMkV,KAAK7P,SAAS,IACjB4P,EAAE/a,OAAS,GAChB+a,EAAI,IAAMA,EAEZxO,EAAE9L,KAAK,GAAKsa,GAEd,OAAOxO,EAAEnM,KAAK,KAQhB6a,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKlC,EAAKC,SAASiC,GACjB,MAAUpZ,MAAM,4DAGlB,MAAMzB,EAAS,IAAIoB,WAAWyZ,EAAIlb,QAClC,IAAK,IAAI6B,EAAI,EAAGA,EAAIqZ,EAAIlb,OAAQ6B,IAC9BxB,EAAOwB,GAAKqZ,EAAIE,WAAWvZ,GAE7B,OAAOxB,CAAM,KASjBgb,mBAAoB,SAAUvV,GAE5B,MAAMzF,EAAS,GACTib,EAAK,MACLC,GAHNzV,EAAQ,IAAIrE,WAAWqE,IAGP9F,OAEhB,IAAK,IAAI6B,EAAI,EAAGA,EAAI0Z,EAAG1Z,GAAKyZ,EAC1Bjb,EAAOI,KAAKyY,OAAOsC,aAAaC,MAAMvC,OAAQpT,EAAM+E,SAAShJ,EAAGA,EAAIyZ,EAAKC,EAAI1Z,EAAIyZ,EAAKC,KAExF,OAAOlb,EAAOD,KAAK,KAQrBsb,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAAS3a,EAAQhB,EAAO4b,GAAY,GAClC,OAAOF,EAAQG,OAAO7b,EAAO,CAAEN,QAASkc,IAE1C,OAAOV,EAAiBD,EAAKja,GAAS,IAAMA,EAAQ,IAAI,MAQ1D8a,WAAY,SAAUjH,GACpB,MAAMkH,EAAU,IAAIC,YAAY,SAEhC,SAAShb,EAAQhB,EAAO4b,GAAY,GAClC,OAAOG,EAAQE,OAAOjc,EAAO,CAAEN,QAASkc,IAE1C,OAAOV,EAAiBrG,EAAM7T,GAAS,IAAMA,EAAQ,IAAIQ,YAAc,MASzE2D,OAAQ+W,EAORza,iBAAkB0a,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKvD,EAAKxX,aAAa8a,KAAYtD,EAAKxX,aAAa+a,GACnD,MAAUza,MAAM,4CAGlB,GAAIwa,EAAOtc,SAAWuc,EAAOvc,OAC3B,OAAO,EAGT,IAAK,IAAI6B,EAAI,EAAGA,EAAIya,EAAOtc,OAAQ6B,IACjC,GAAIya,EAAOza,KAAO0a,EAAO1a,GACvB,OAAO,EAGX,OAAO,GAST2a,cAAe,SAAU3H,GACvB,IAAI4H,EAAI,EACR,IAAK,IAAI5a,EAAI,EAAGA,EAAIgT,EAAK7U,OAAQ6B,IAC/B4a,EAAKA,EAAI5H,EAAKhT,GAAM,MAEtB,OAAOmX,EAAKM,YAAYmD,EAAG,IAQ7BC,WAAY,SAAUxB,GAChBrC,GACFnO,QAAQiS,IAAI,qBAAsBzB,IAStC0B,gBAAiB,SAAU1Z,GACrB2V,GACFnO,QAAQxH,MAAM,qBAAsBA,IAKxCyX,MAAO,SAAUjP,GACf,IAAIa,EAAI,EACJsQ,EAAInR,IAAM,GAyBd,OAxBU,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,IAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEPsQ,EAAInR,GAAK,EACC,IAANmR,IACFnR,EAAImR,EACJtQ,GAAK,GAEAA,GAYTuQ,OAAQ,SAASpU,GACf,MAAMqU,EAAY,IAAItb,WAAWiH,EAAK1I,QAChCgd,EAAOtU,EAAK1I,OAAS,EAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAImb,EAAMnb,IACxBkb,EAAUlb,GAAM6G,EAAK7G,IAAM,EAAM6G,EAAK7G,EAAI,IAAM,EAGlD,OADAkb,EAAUC,GAAStU,EAAKsU,IAAS,EAAuB,KAAhBtU,EAAK,IAAM,GAC5CqU,GAUTE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAItb,EAAIqb,EAAMld,OAAS,EAAG6B,GAAK,EAAGA,IACrCqb,EAAMrb,KAAOsb,EACTtb,EAAI,IACNqb,EAAMrb,IAAOqb,EAAMrb,EAAI,IAAO,EAAIsb,GAIxC,OAAOD,GAOTE,aAAc,WACZ,YAA6B,IAAfpc,GAA8BA,EAAWqc,QAAUrc,EAAWqc,OAAOC,QAUrFC,cFnYFxd,iBACE,GAAImP,IACF,OAAOnE,EACF,CACL,MAAQyS,QAASzS,SAAqBlM,gDACtC,OAAOkM,EAEX,EEkYE0S,cAAe,aAIfC,YAAa,aASbC,cAAe,WACb,MAAO,CAAwB,EAAEC,QAGnCC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,YADW,GACDC,OAAOhe,QAGnBie,eAAgB,SAASvV,GACvB,IAAKsQ,EAAKC,SAASvQ,GACjB,OAAO,EAGT,MADW,mLACDwV,KAAKxV,IAOjByV,gBAAiB,SAASzV,GAGxB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM5C,IAY5B,IAAIuY,EAXAD,IACFtY,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,KAN9C,KASLA,EAAMA,EAAM9F,OAAS,IACvBoe,GAAc,EACdtY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIzc,EAAI,EACXwc,EAAQvY,EAAMX,QAlBP,GAkBmBtD,GAAK,EAC3Bwc,EAFYxc,EAAIwc,EAlBb,KAqBDvY,EAAMuY,EAAQ,IAAWC,EAAQ7d,KAAK4d,GAK9C,IAAKC,EAAQte,OACX,OAAO8F,EAGT,MAAMyY,EAAa,IAAI9c,WAAWqE,EAAM9F,OAASse,EAAQte,QACzD,IAAIub,EAAI,EACR,IAAK,IAAI1Z,EAAI,EAAGA,EAAIyc,EAAQte,OAAQ6B,IAAK,CACvC,MAAM+J,EAAM9F,EAAM+E,SAASyT,EAAQzc,EAAI,IAAM,EAAGyc,EAAQzc,IACxD0c,EAAWrc,IAAI0J,EAAK2P,GACpBA,GAAK3P,EAAI5L,OACTue,EAAWhD,EAAI,GApCR,GAqCPgD,EAAWhD,GApCJ,GAqCPA,IAGF,OADAgD,EAAWrc,IAAI4D,EAAM+E,SAASyT,EAAQA,EAAQte,OAAS,IAAM,GAAIub,GAC1DgD,CAAU,IAChB,IAAOH,EAAc,IAAI3c,WAAW,CA1C5B,UA0CoC5B,KAOjD2e,UAAW,SAAS9V,GAGlB,IAAI0V,GAAc,EAElB,OAAOjD,EAAiBzS,GAAM5C,IAc5B,IAAIuY,EAlBK,MAMPvY,EADEsY,GAJK,KAIUtY,EAAM,GACfkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8CqE,IAE7C,IAAIrE,WAAWqE,IAGfA,EAAM9F,OAAS,IACvBoe,GAAc,EACdtY,EAAQA,EAAM+E,SAAS,GAAI,IAE3BuT,GAAc,EAIhB,IAAI7C,EAAI,EACR,IAAK,IAAI1Z,EAAI,EAAGA,IAAMiE,EAAM9F,OAAQ6B,EAAIwc,EAAO,CAC7CA,EAAQvY,EAAMX,QArBP,GAqBmBtD,GAAK,EAC1Bwc,IAAOA,EAAQvY,EAAM9F,QAC1B,MAAMgd,EAAOqB,GAtBN,KAsBevY,EAAMuY,GAAgB,EAAI,GAC5Cxc,GAAGiE,EAAM2Y,WAAWlD,EAAG1Z,EAAGmb,GAC9BzB,GAAKyB,EAAOnb,EAEd,OAAOiE,EAAM+E,SAAS,EAAG0Q,EAAE,IAC1B,IAAO6C,EAAc,IAAI3c,WAAW,CA5B5B,UA4BoC5B,KAMjD6e,qBAAsB,SAAS7J,GAC7B,OAAOA,EAAK8J,MAAM,MAAM7X,KAAI8X,IAC1B,IAAI/c,EAAI+c,EAAK5e,OAAS,EACtB,KAAO6B,GAAK,IAAkB,MAAZ+c,EAAK/c,IAA0B,OAAZ+c,EAAK/c,IAA2B,OAAZ+c,EAAK/c,IAAcA,KAC5E,OAAO+c,EAAKvZ,OAAO,EAAGxD,EAAI,EAAE,IAC3BzB,KAAK,OAGVye,UAAW,SAAS1G,EAASjV,GAC3B,IAAKA,EACH,OAAWpB,MAAMqW,GAInB,IACEjV,EAAMiV,QAAUA,EAAU,KAAOjV,EAAMiV,QACvC,MAAOlV,IAET,OAAOC,GAST4b,wBAAyB,SAASC,GAChC,MAAMjY,EAAM,GAOZ,OANAiY,EAAe/c,SAAQgd,IACrB,IAAKA,EAAYC,IACf,MAAUnd,MAAM,0CAElBgF,EAAIkY,EAAYC,KAAOD,CAAW,IAE7BlY,GAWToY,WAAY,SAASC,GAEnB,OAAO,IAAItgB,SAAQkB,MAAOjB,EAASC,KACjC,IAAIqgB,QACEvgB,QAAQ2H,IAAI2Y,EAASrY,KAAI/G,UAC7B,IACEjB,QAAcugB,GACd,MAAOpc,GACPmc,EAAYnc,OAGhBlE,EAAOqgB,EAAU,KAWrBE,iBAAkB,SAASC,EAAMtS,EAAGJ,GAClC,MAAM7M,EAASsK,KAAKC,IAAI0C,EAAEjN,OAAQ6M,EAAE7M,QAC9BK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAImK,EAAM,EACV,IAAK,IAAItI,EAAI,EAAGA,EAAIxB,EAAOL,OAAQ6B,IACjCxB,EAAOwB,GAAMoL,EAAEpL,GAAM,IAAM0d,EAAU1S,EAAEhL,GAAM,IAAM0d,EACnDpV,GAAQoV,EAAO1d,EAAIoL,EAAEjN,OAAY,EAAIuf,EAAQ1d,EAAIgL,EAAE7M,OAErD,OAAOK,EAAOwK,SAAS,EAAGV,IAU5BqV,YAAa,SAASD,EAAMtS,EAAGJ,GAC7B,OAAQI,EAAK,IAAMsS,EAAU1S,EAAK,IAAM0S,GAK1CE,MAAO,SAASC,GACd,OAAOA,IAAeC,EAAM9N,UAAUM,QAAUuN,IAAeC,EAAM9N,UAAUO,QAAUsN,IAAeC,EAAM9N,UAAUQ,SChlBtHuL,EAAS5E,EAAK2E,gBAEpB,IAAIiC,EACAC,EAkBG,SAAS/D,GAAOpT,GACrB,IAAIoX,EAAM,IAAIre,WACd,OAAO0Z,EAAiBzS,GAAMzI,IAC5B6f,EAAM9G,EAAKtX,iBAAiB,CAACoe,EAAK7f,IAClC,MAAMsM,EAAI,GAEJwT,EAAQzV,KAAKsP,MAAMkG,EAAI9f,OADR,IAEf8F,EAFe,GAEPia,EACRC,EAAUJ,EAAYE,EAAIjV,SAAS,EAAG/E,IAC5C,IAAK,IAAIjE,EAAI,EAAGA,EAAIke,EAAOle,IACzB0K,EAAE9L,KAAKuf,EAAQ3a,OAAW,GAAJxD,EAAQ,KAC9B0K,EAAE9L,KAAK,MAGT,OADAqf,EAAMA,EAAIjV,SAAS/E,GACZyG,EAAEnM,KAAK,GAAG,IAChB,IAAO0f,EAAI9f,OAAS4f,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS5D,GAAOxT,GACrB,IAAIoX,EAAM,GACV,OAAO3E,EAAiBzS,GAAMzI,IAC5B6f,GAAO7f,EAGP,IAAIggB,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIre,EAAI,EAAGA,EAAIqe,EAAWlgB,OAAQ6B,IAAK,CAC1C,MAAMse,EAAYD,EAAWre,GAC7B,IAAK,IAAIE,EAAM+d,EAAI3a,QAAQgb,IAAqB,IAATpe,EAAYA,EAAM+d,EAAI3a,QAAQgb,EAAWpe,EAAM,GACpFke,IAMJ,IAAIjgB,EAAS8f,EAAI9f,OACjB,KAAOA,EAAS,IAAMA,EAASigB,GAAU,GAAM,EAAGjgB,IAC5CkgB,EAAWE,SAASN,EAAI9f,KAAUigB,IAGxC,MAAMI,EAAUR,EAAYC,EAAIza,OAAO,EAAGrF,IAE1C,OADA8f,EAAMA,EAAIza,OAAOrF,GACVqgB,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,GAAgBC,GAC9B,OAAOrE,GAAOqE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,GAAgB3a,EAAO4a,GACrC,IAAIV,EAAUlE,GAAOhW,GAAO0a,QAAQ,UAAW,IAI/C,OAHIE,IACFV,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAEvER,CACT,CA5FIpC,GACFgC,EAAcE,GAAOlC,EAAO+C,KAAKb,GAAK3U,SAAS,UAC/C0U,EAAc3E,IACZ,MAAMrO,EAAI+Q,EAAO+C,KAAKzF,EAAK,UAC3B,OAAO,IAAIzZ,WAAWoL,EAAEhK,OAAQgK,EAAE/J,WAAY+J,EAAE9J,WAAW,IAG7D6c,EAAcE,GAAOc,KAAK5H,EAAKqC,mBAAmByE,IAClDD,EAAc3E,GAAOlC,EAAKiC,mBAAmB4F,KAAK3F,KCVpD,OAAe,CAKb4F,uBAAwBnB,EAAM/M,KAAKI,OAKnC+N,4BAA6BpB,EAAM9N,UAAUQ,OAK7C2O,8BAA+BrB,EAAMpN,YAAYC,aAKjDyO,aAAc,EAUdC,aAAa,EAObC,uBAAwBxB,EAAMtM,KAAKC,IAQnC8N,kBAAmB,GAQnBzI,QAAQ,EAOR0I,sBAAuB,IASvBC,8BAA8B,EAU9BC,4BAA4B,EAK5BC,kBAAkB,EAOlBC,WAAY,KAOZC,wBAAwB,EAKxBC,mBAAmB,EAQnBC,wCAAwC,EASxCC,8CAA8C,EAW9CC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAACrC,EAAM9N,UAAUM,OAAQwN,EAAM9N,UAAUO,OAAQuN,EAAM9N,UAAUQ,SAMlI4P,qBAAsB,IAKtBC,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,oBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,oBAAoB,EAMpBC,qBAAsB,IAAIZ,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,SAM1D8P,4BAA6B,IAAIb,IAAI,CAACrC,EAAM/M,KAAKC,IAAK8M,EAAM/M,KAAKG,OAAQ4M,EAAM/M,KAAKE,OAMpFgQ,0BAA2B,IAAId,IAAI,CAACrC,EAAM7O,UAAUI,QAASyO,EAAM7O,UAAUK,MAM7E4R,aAAc,IAAIf,IAAI,CAACrC,EAAMvQ,MAAMQ,aCzNrC,SAASoT,GAAQnO,GACf,MAEMoO,EAASpO,EAAKqO,MAFH,yIAIjB,IAAKD,EACH,MAAUnhB,MAAM,4BAMlB,MAAI,yBAAyBoc,KAAK+E,EAAO,IAChCtD,EAAM5H,MAAMC,iBAMjB,oBAAoBkG,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAME,cAGjB,iBAAiBiG,KAAK+E,EAAO,IACxBtD,EAAM5H,MAAMG,OAIjB,UAAUgG,KAAK+E,EAAO,IACjBtD,EAAM5H,MAAMI,QAIjB,mBAAmB+F,KAAK+E,EAAO,IAC1BtD,EAAM5H,MAAMjH,UAIjB,oBAAoBoN,KAAK+E,EAAO,IAC3BtD,EAAM5H,MAAMK,WAMjB,YAAY8F,KAAK+E,EAAO,IACnBtD,EAAM5H,MAAMpE,eADrB,CAGF,CAWA,SAASwP,GAAUC,EAAeC,GAChC,IAAIhjB,EAAS,GAWb,OAVIgjB,EAAOhB,cACThiB,GAAU,YAAcgjB,EAAOd,cAAgB,MAE7Cc,EAAOf,cACTjiB,GAAU,YAAcgjB,EAAOb,cAAgB,MAE7CY,IACF/iB,GAAU,YAAc+iB,EAAgB,MAE1C/iB,GAAU,KACHA,CACT,CASA,SAASijB,GAAY5a,GAEnB,OAAO6a,GA8CT,SAAqBrkB,GACnB,IAAIskB,EAAM,SACV,OAAOrI,EAAiBjc,GAAOe,IAC7B,MAAMwjB,EAAQC,GAAiBpZ,KAAKsP,MAAM3Z,EAAMD,OAAS,GAAK,EACxD2jB,EAAQ,IAAIC,YAAY3jB,EAAM4C,OAAQ5C,EAAM6C,WAAY2gB,GAC9D,IAAK,IAAI5hB,EAAI,EAAGA,EAAI4hB,EAAO5hB,IACzB2hB,GAAOG,EAAM9hB,GACb2hB,EACEK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,GAAM,KAC3BK,GAAU,GAAIL,GAAO,EAAK,KAC1BK,GAAU,GAAIL,GAAO,EAAK,KAE9B,IAAK,IAAI3hB,EAAY,EAAR4hB,EAAW5hB,EAAI5B,EAAMD,OAAQ6B,IACxC2hB,EAAOA,GAAO,EAAKK,GAAU,GAAU,IAANL,EAAcvjB,EAAM4B,OAEtD,IAAM,IAAIJ,WAAW,CAAC+hB,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYpb,GAE1B,CAIA,MAAMmb,GAAY,CACZplB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAIoD,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAI2hB,EAAM3hB,GAAK,GACf,IAAK,IAAI0Z,EAAI,EAAGA,EAAI,EAAGA,IACrBiI,EAAOA,GAAO,GAA2B,IAAd,QAANA,GAAwB,QAAW,GAE1DK,GAAU,GAAGhiB,IACH,SAAN2hB,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAI3hB,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBgiB,GAAU,GAAGhiB,GAAMgiB,GAAU,GAAGhiB,IAAM,EAAKgiB,GAAU,GAAqB,IAAlBA,GAAU,GAAGhiB,IAIvE,MAAM6hB,GAAkB,WACtB,MAAM7gB,EAAS,IAAIkhB,YAAY,GAG/B,OAFA,IAAIC,SAASnhB,GAAQohB,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWrhB,GAAQ,EAChC,IAmCA,SAASshB,GAAcC,GACrB,IAAK,IAAIviB,EAAI,EAAGA,EAAIuiB,EAAQpkB,OAAQ6B,IAC7B,mCAAmCqc,KAAKkG,EAAQviB,KACnDmX,EAAK4D,gBAAoB9a,MAAM,sCAAwCsiB,EAAQviB,KAE5E,iDAAiDqc,KAAKkG,EAAQviB,KACjEmX,EAAK4D,gBAAoB9a,MAAM,mBAAqBsiB,EAAQviB,IAGlE,CASA,SAASwiB,GAAcxP,GACrB,IAAIyP,EAAOzP,EACP0P,EAAW,GAEf,MAAMC,EAAa3P,EAAK4P,YAAY,KAOpC,OALID,GAAc,GAAKA,IAAe3P,EAAK7U,OAAS,IAClDskB,EAAOzP,EAAKvU,MAAM,EAAGkkB,GACrBD,EAAW1P,EAAKvU,MAAMkkB,EAAa,GAAGnf,OAAO,EAAG,IAG3C,CAAEif,KAAMA,EAAMC,SAAUA,EACjC,CAWO,SAASG,GAAQxlB,EAAOmkB,EAASsB,IAEtC,OAAO,IAAI9lB,SAAQkB,MAAOjB,EAASC,KACjC,IACE,MAAM6lB,EAAU,qBACVC,EAAc,oDAEpB,IAAIjM,EACJ,MAAMwL,EAAU,GAChB,IACIU,EAEAC,EACAR,EAJAS,EAAcZ,EAEdvP,EAAO,GAGPnM,EAAOuc,GAAcC,EAAqBhmB,GAAOa,MAAOqH,EAAUC,KACpE,MAAMlD,EAASghB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAIwX,QAAaza,EAAOY,WACxB,QAAalF,IAAT+e,EACF,MAAU9c,MAAM,0BAIlB,GADA8c,EAAO5F,EAAK0F,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpD5H,EAIE,GAAKkM,EAcAC,GAAqB,IAATnM,IACjBgM,EAAQ1G,KAAKU,IAIhB/J,EAAOA,EAAKzU,KAAK,QACjB2kB,GAAW,EACXZ,GAAca,GACdA,EAAc,GACdF,GAAc,GANdjQ,EAAKpU,KAAKme,EAAK4B,QAAQ,MAAO,WAbhC,GAHIoE,EAAQ1G,KAAKU,IACf7f,EAAW+C,MAAM,sEAEd+iB,EAAY3G,KAAKU,IAKpB,GAFAuF,GAAca,GACdF,GAAc,EACVC,GAAqB,IAATnM,EAAY,CAC1B9Z,EAAQ,CAAE+V,OAAMnM,OAAM0b,UAASxL,SAC/B,YANFoM,EAAYvkB,KAAKme,QARfgG,EAAQ1G,KAAKU,KACfhG,EAAOoK,GAAQpE,KA6BrB,MAAO3b,GAEP,YADAlE,EAAOkE,GAGT,MAAM3D,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,OACL/H,EAAOuI,MACb,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EACF,MAAU4B,MAAM,0BAElB,MAAM8c,EAAO3e,EAAQ,GACrB,IAA2B,IAAvB2e,EAAKzZ,QAAQ,OAAsC,IAAvByZ,EAAKzZ,QAAQ,KAEtC,CACL,IAAImE,QAAkBnF,EAAOhE,YACxBmJ,EAAUtJ,SAAQsJ,EAAY,IACnCA,EAAYsV,EAAOtV,EACnBA,EAAY0P,EAAK0F,qBAAqBpV,EAAUkX,QAAQ,MAAO,KAC/D,MAAM6E,EAAQ/b,EAAUqV,MAAMiG,GAC9B,GAAqB,IAAjBS,EAAMrlB,OACR,MAAU8B,MAAM,0BAElB,MAAM6c,EAAQ0F,GAAcgB,EAAM,GAAG/kB,MAAM,GAAI,IAC/CikB,EAAW5F,EAAM4F,eACXjlB,EAAOoB,MAAMie,EAAM2F,MACzB,YAbMhlB,EAAOoB,MAAMke,SAgBjBtf,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,QAGvByF,EAAOwc,EAAqBxc,GAAM3I,MAAOqH,EAAUC,KACjD,MAAMie,EAAmBC,EAAiBjC,GAAYkC,EAAoBpe,KAC1Eke,EAAiBtmB,OAAM,eACjBymB,EAAYre,EAAUC,EAAU,CACpCE,cAAc,IAEhB,MAAMjI,EAAS8lB,EAAiB/d,GAChC,IACE,MAAMqe,SAAgCJ,GAAkB9E,QAAQ,KAAM,IACtE,GAAI+D,IAAamB,IAA2BnB,GAAYlB,EAAO7B,kBAC7D,MAAU1f,MAAM,4CAEZxC,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAGvB,MAAOA,GACPlE,EAAOkE,OAERzC,MAAKT,UACF4lB,EAAqBtlB,EAAOqI,QAC9BrI,EAAOqI,WAAa6c,EAAiBllB,EAAOqI,OAEvCrI,IAEX,CAaO,SAAS0X,GAAM6N,EAAatB,EAAMuB,EAAWC,EAAW1C,EAAeC,EAASsB,IACrF,IAAI9P,EACAjC,EACAgT,IAAgBjG,EAAM5H,MAAMG,SAC9BrD,EAAOyP,EAAKzP,KACZjC,EAAO0R,EAAK1R,KACZ0R,EAAOA,EAAK5b,MAEd,MAAMqd,EAAYP,EAAoBlB,GAChCjkB,EAAS,GACf,OAAQulB,GACN,KAAKjG,EAAM5H,MAAMC,iBACf3X,EAAOI,KAAK,gCAAkColB,EAAY,IAAMC,EAAY,WAC5EzlB,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,8BAAgColB,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAKnG,EAAM5H,MAAME,cACf5X,EAAOI,KAAK,gCAAkColB,EAAY,WAC1DxlB,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,8BAAgColB,EAAY,WACxD,MACF,KAAKlG,EAAM5H,MAAMG,OACf7X,EAAOI,KAAK,wCACZJ,EAAOI,KAAK,SAAWmS,EAAO,QAC9BvS,EAAOI,KAAKoU,EAAK2L,QAAQ,OAAQ,QACjCngB,EAAOI,KAAK,qCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,iCACZ,MACF,KAAKkf,EAAM5H,MAAMI,QACf9X,EAAOI,KAAK,iCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,+BACZ,MACF,KAAKkf,EAAM5H,MAAMjH,UACfzQ,EAAOI,KAAK,0CACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,wCACZ,MACF,KAAKkf,EAAM5H,MAAMK,WACf/X,EAAOI,KAAK,2CACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,yCACZ,MACF,KAAKkf,EAAM5H,MAAMpE,UACftT,EAAOI,KAAK,mCACZJ,EAAOI,KAAK0iB,GAAUC,EAAeC,IACrChjB,EAAOI,KAAK8iB,GAAce,IAC1BjkB,EAAOI,KAAK,IAAK6iB,GAAYyC,IAC7B1lB,EAAOI,KAAK,iCAIhB,OAAOuY,EAAK5T,OAAO/E,EACrB,CC5YA,MAAM2lB,GACJtnB,cACEE,KAAKkH,MAAQ,GAOfhG,KAAKgG,GAEH,OADAlH,KAAKkH,MAAQkT,EAAKqC,mBAAmBvV,EAAM+E,SAAS,EAAG,IAChDjM,KAAKkH,MAAM9F,OAOpBU,QACE,OAAOsY,EAAKiC,mBAAmBrc,KAAKkH,OAOtCmgB,QACE,OAAOjN,EAAK8B,gBAAgB9B,EAAKiC,mBAAmBrc,KAAKkH,QAQ3DogB,OAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgBznB,KAAKynB,eAAkBznB,KAAKkH,QAAUqgB,EAAMrgB,MAO9FwgB,SACE,MAAsB,KAAf1nB,KAAKkH,MAOdugB,aACE,MAAO,OAAOnI,KAAKtf,KAAKqnB,SAG1BM,gBAAgBJ,GACd,OAAOA,EAAMF,QAGfM,cAActb,GACZ,MAAMkb,EAAQ,IAAIH,GAElB,OADAG,EAAMrmB,KAAKkZ,EAAK4B,gBAAgB3P,IACzBkb,EAGTI,kBACE,MAAMJ,EAAQ,IAAIH,GAElB,OADAG,EAAMrmB,KAAK,IAAI2B,WAAW,IACnB0kB,GChGJ,IAAIK,GAAU,WAMnB,IAKIC,EAAOC,EALPC,GAAa,EAsCjB,SAASC,EAAK3Z,EAAGJ,GACf,IAAImO,EAAIyL,GAAOC,EAAMzZ,GAAKyZ,EAAM7Z,IAAM,KAEtC,OADU,IAANI,GAAiB,IAANJ,IAASmO,EAAI,GACrBA,EAiBT,IAOI6L,EAKAC,EAKAC,EAKAC,EAtBAC,GAAgB,EA2BpB,SAASC,IAIP,SAASC,EAAGla,GACV,IAAI+N,EAAGyB,EAAG/Q,EAEV,IADA+Q,EAAI/Q,EA1CR,SAAcuB,GACZ,IAAIpL,EAAI4kB,EAAM,IAAMC,EAAMzZ,IAE1B,OADU,IAANA,IAASpL,EAAI,GACVA,EAuCGulB,CAAKna,GACR+N,EAAI,EAAGA,EAAI,EAAGA,IAEjBtP,GADA+Q,EAA6B,KAAvBA,GAAK,EAAMA,IAAM,GAIzB,OADA/Q,GAAK,GAVFib,GA5EP,WACEF,EAAQ,GACNC,EAAQ,GAEV,IAAW1L,EAAGqM,EAAVpa,EAAI,EACR,IAAK+N,EAAI,EAAGA,EAAI,IAAKA,IACnByL,EAAMzL,GAAK/N,EAGXoa,EAAQ,IAAJpa,EAAUA,IAAM,EAAGA,GAAK,IAClB,MAANoa,IAAYpa,GAAK,IACrBA,GAAKwZ,EAAMzL,GAGX0L,EAAMD,EAAMzL,IAAMA,EAEpByL,EAAM,KAAOA,EAAM,GACnBC,EAAM,GAAK,EAEXC,GAAa,EAyDIW,GAejBT,EAAW,GACTC,EAAW,GACXC,EAAU,CAAC,GAAI,GAAI,GAAI,IACvBC,EAAU,CAAC,GAAI,GAAI,GAAI,IAEzB,IAAK,IAAInlB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC5B,IAAI4a,EAAI0K,EAAGtlB,GAGXglB,EAAShlB,GAAK4a,EACdqK,EAASrK,GAAK5a,EAGdklB,EAAQ,GAAGllB,GAAM+kB,EAAK,EAAGnK,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKmK,EAAK,EAAGnK,GACpEuK,EAAQ,GAAGvK,GAAMmK,EAAK,GAAI/kB,IAAM,GAAO+kB,EAAK,EAAG/kB,IAAM,GAAO+kB,EAAK,GAAI/kB,IAAM,EAAK+kB,EAAK,GAAI/kB,GAEzF,IAAK,IAAIgb,EAAI,EAAGA,EAAI,EAAGA,IACrBkK,EAAQlK,GAAGhb,GAAMklB,EAAQlK,EAAI,GAAGhb,KAAO,EAAMklB,EAAQlK,EAAI,GAAGhb,IAAM,GAClEmlB,EAAQnK,GAAGJ,GAAMuK,EAAQnK,EAAI,GAAGJ,KAAO,EAAMuK,EAAQnK,EAAI,GAAGJ,IAAM,GAItEwK,GAAgB,EA0BlB,IAAIM,EAAU,SAAUC,EAAS3kB,GAE1BokB,GAAeC,IAGpB,IAAIO,EAAO,IAAI7D,YAAY/gB,GAC3B4kB,EAAKvlB,IAAI2kB,EAAU,KACnBY,EAAKvlB,IAAI4kB,EAAU,KACnB,IAAK,IAAIjlB,EAAI,EAAGA,EAAI,EAAGA,IACrB4lB,EAAKvlB,IAAI6kB,EAAQllB,GAAK,KAAS,KAAQA,GAAM,GAC7C4lB,EAAKvlB,IAAI8kB,EAAQnlB,GAAK,KAAS,KAAQA,GAAM,GAuD/C,IAEI6lB,EAAM,SAAUC,EAAQH,EAAS3kB,GACnC,UAEA,IAAI+kB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BC,EAAI,EAEN,IAAIC,EAAO,IAAItB,EAAO/D,YAAY/gB,GAChCqmB,EAAO,IAAIvB,EAAOlmB,WAAWoB,GAa/B,SAASsmB,EAAMtO,EAAG4B,EAAGI,EAAGtQ,EAAG6c,EAAIC,EAAIC,EAAIC,GACrC1O,EAAIA,EAAI,EACR4B,EAAIA,EAAI,EACRI,EAAIA,EAAI,EACRtQ,EAAIA,EAAI,EACR6c,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAIC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACvBC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7BjoB,EAAI,EAEN2nB,EAAK3M,EAAI,MAAO4M,EAAK5M,EAAI,MAAO6M,EAAK7M,EAAI,MAGzCuM,EAAKA,EAAKH,GAAMpO,EAAI,IAAM,GACxBwO,EAAKA,EAAKJ,GAAMpO,EAAI,IAAM,GAC1ByO,EAAKA,EAAKL,GAAMpO,EAAI,IAAM,GAC1B0O,EAAKA,EAAKN,GAAMpO,EAAI,KAAO,GAG7B,IAAKhZ,EAAI,IAAKA,EAAI,IAAO0K,GAAK,EAAI1K,EAAKA,EAAI,GAAM,EAAG,CAClD8nB,EAAKV,GAAMpM,EAAIuM,GAAM,GAAK,OAAS,GAAKH,GAAMO,EAAKH,GAAM,GAAK,OAAS,GAAKJ,GAAMQ,EAAKH,GAAM,EAAI,OAAS,GAAKL,GAAMS,EAAKH,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIhZ,EAAI,IAAM,GACpK+nB,EAAKX,GAAMpM,EAAIwM,GAAM,GAAK,OAAS,GAAKJ,GAAMO,EAAKF,GAAM,GAAK,OAAS,GAAKL,GAAMQ,EAAKF,GAAM,EAAI,OAAS,GAAKN,GAAMS,EAAKN,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIhZ,EAAI,IAAM,GACtKgoB,EAAKZ,GAAMpM,EAAIyM,GAAM,GAAK,OAAS,GAAKL,GAAMO,EAAKD,GAAM,GAAK,OAAS,GAAKN,GAAMQ,EAAKL,GAAM,EAAI,OAAS,GAAKH,GAAMS,EAAKL,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIhZ,EAAI,IAAM,GACtKioB,EAAKb,GAAMpM,EAAI0M,GAAM,GAAK,OAAS,GAAKN,GAAMO,EAAKJ,GAAM,GAAK,OAAS,GAAKH,GAAMQ,EAAKJ,GAAM,EAAI,OAAS,GAAKJ,GAAMS,EAAKJ,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIhZ,EAAI,KAAO,GACzKunB,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAAIN,EAAKO,EAIlClC,EAAKqB,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,IAAM,EAAIL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,GAAKN,GAAMpO,EAAIhZ,EAAI,IAAM,GAClLgmB,EAAKoB,GAAMxM,EAAI4M,GAAM,GAAK,OAAS,IAAM,GAAKJ,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,EAAI,OAAS,IAAM,EAAIN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,GAAKH,GAAMpO,EAAIhZ,EAAI,IAAM,GACpLimB,EAAKmB,GAAMxM,EAAI6M,GAAM,GAAK,OAAS,IAAM,GAAKL,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,EAAI,OAAS,IAAM,EAAIH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,GAAKJ,GAAMpO,EAAIhZ,EAAI,IAAM,GACpLkmB,EAAKkB,GAAMxM,EAAI8M,GAAM,GAAK,OAAS,IAAM,GAAKN,GAAMxM,EAAI2M,GAAM,GAAK,OAAS,IAAM,GAAKH,GAAMxM,EAAI4M,GAAM,EAAI,OAAS,IAAM,EAAIJ,GAAMxM,EAAI6M,GAAM,EAAI,OAAS,GAAKL,GAAMpO,EAAIhZ,EAAI,KAAO,GAUzL,SAASkoB,EAASX,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAC,EACAC,EACAC,GAWJ,SAASS,EAASZ,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAWxB,SAASoN,EAASb,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,GAGPvB,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAUT,SAASmC,EAASd,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAI1M,EAAI,EAERsM,EACE,OAAQ,OAAQ,OAChBH,EACAI,EACAG,EACAD,EACAD,GAGFxM,EAAIgL,EAAIA,EAAKE,EAAIA,EAAKlL,EAEtB+K,EAAKA,EAAKI,EACRH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EACVH,EAAKA,EAAKI,EAEZH,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASY,EAASf,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EAAKA,EAAKwB,EACbnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EACfnB,EAAKJ,EAAKA,EAAKwB,EAWnB,SAASa,EAAShB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFP,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAEZvB,EAAKoB,EACHnB,EAAKoB,EACLnB,EAAKoB,EACLnB,EAAKoB,EAUT,SAASc,EAAKjB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAhB,EACAC,EACAC,EACAC,GAGFH,EAAKJ,EACHK,EAAKJ,EACLK,EAAKJ,EACLK,EAAKJ,EAEPH,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASe,EAAKlB,EAAIC,EAAIC,EAAIC,GACxBH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVJ,EACE,OAAQ,OAAQ,OAChBH,EACAZ,EACAC,EACAC,EACAC,GAGFA,GAAOI,EAAKJ,EAAMI,EAAMJ,EAAK,EAC3BD,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAC1CF,GAAOI,EAAKJ,EAAMI,EAAMJ,IAAOC,EAAK,IAAM,GAE5CT,EAAKA,EAAKwB,EACRvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EACVvB,EAAKA,EAAKwB,EAUd,SAASgB,EAASnB,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV,IAAII,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC/BU,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7B9oB,EAAI,EAAGmZ,EAAI,EAEboO,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAEZwB,EAAKf,EAAK,EACRgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EACVgB,EAAKf,EAAK,EAEZ,MAAQlnB,EAAI,GAAK,IAAKA,EAAKA,EAAI,EAAK,EAAG,CACrC,GAAI8nB,IAAO,GAAI,CACba,EAAKA,EAAKpB,EACRqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EACVqB,EAAKA,EAAKpB,EAGdI,EAAMA,GAAM,EAAMC,IAAO,GACvBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAAMC,IAAO,GACzBA,EAAMA,GAAM,EAEd9O,EAAIuO,EAAK,EAETA,EAAMA,IAAO,EAAMD,GAAM,GACvBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAAMD,GAAM,GACzBA,EAAMA,IAAO,EAEf,GAAIpO,EAAGoO,EAAKA,EAAK,WAGnBpB,EAAKwC,EACHvC,EAAKwC,EACLvC,EAAKwC,EACLvC,EAAKwC,EAST,SAASC,EAAWre,GAClBA,EAAIA,EAAI,EACRyc,EAAIzc,EAYN,SAASse,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVrD,EAAKkD,EACHjD,EAAKkD,EACLjD,EAAKkD,EACLjD,EAAKkD,EAYT,SAASC,EAAOC,EAAIC,EAAIC,EAAIC,GAC1BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVtD,EAAKmD,EACHlD,EAAKmD,EACLlD,EAAKmD,EACLlD,EAAKmD,EAYT,SAASC,EAAUC,EAAIC,EAAIC,EAAIC,GAC7BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVvD,EAAKoD,EACHnD,EAAKoD,EACLnD,EAAKoD,EACLnD,EAAKoD,EAYT,SAASC,EAASC,EAAIC,EAAIC,EAAIC,GAC5BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEVxD,EAAKqD,EACHpD,EAAKqD,EACLpD,EAAKqD,EACLpD,EAAKqD,EAYT,SAASC,EAAYC,EAAIC,EAAIC,EAAIC,GAC/BH,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EACVC,EAAKA,EAAK,EAEV9D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACrB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EACvB/D,GAAOI,EAAKJ,EAAMI,EAAK0D,EAU3B,SAASI,EAAUvqB,GACjBA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBmnB,EAAKnnB,EAAM,GAAK6lB,IAAO,GACrBsB,EAAKnnB,EAAM,GAAK6lB,IAAO,GAAK,IAC5BsB,EAAKnnB,EAAM,GAAK6lB,IAAO,EAAI,IAC3BsB,EAAKnnB,EAAM,GAAK6lB,EAAK,IACrBsB,EAAKnnB,EAAM,GAAK8lB,IAAO,GACvBqB,EAAKnnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BqB,EAAKnnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BqB,EAAKnnB,EAAM,GAAK8lB,EAAK,IACrBqB,EAAKnnB,EAAM,GAAK+lB,IAAO,GACvBoB,EAAKnnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,IAAO,EAAI,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,EAAK,IACtBoB,EAAKnnB,EAAM,IAAMgmB,IAAO,GACxBmB,EAAKnnB,EAAM,IAAMgmB,IAAO,GAAK,IAC7BmB,EAAKnnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BmB,EAAKnnB,EAAM,IAAMgmB,EAAK,IAExB,OAAO,GAUT,SAASwE,EAAOxqB,GACdA,EAAMA,EAAM,EAEZ,GAAIA,EAAM,GAAI,OAAQ,EAEtBmnB,EAAKnnB,EAAM,GAAKimB,IAAO,GACrBkB,EAAKnnB,EAAM,GAAKimB,IAAO,GAAK,IAC5BkB,EAAKnnB,EAAM,GAAKimB,IAAO,EAAI,IAC3BkB,EAAKnnB,EAAM,GAAKimB,EAAK,IACrBkB,EAAKnnB,EAAM,GAAKkmB,IAAO,GACvBiB,EAAKnnB,EAAM,GAAKkmB,IAAO,GAAK,IAC5BiB,EAAKnnB,EAAM,GAAKkmB,IAAO,EAAI,IAC3BiB,EAAKnnB,EAAM,GAAKkmB,EAAK,IACrBiB,EAAKnnB,EAAM,GAAKmmB,IAAO,GACvBgB,EAAKnnB,EAAM,GAAKmmB,IAAO,GAAK,IAC5BgB,EAAKnnB,EAAM,IAAMmmB,IAAO,EAAI,IAC5BgB,EAAKnnB,EAAM,IAAMmmB,EAAK,IACtBgB,EAAKnnB,EAAM,IAAMomB,IAAO,GACxBe,EAAKnnB,EAAM,IAAMomB,IAAO,GAAK,IAC7Be,EAAKnnB,EAAM,IAAMomB,IAAO,EAAI,IAC5Be,EAAKnnB,EAAM,IAAMomB,EAAK,IAExB,OAAO,GAQT,SAASqE,IACPzC,EAAS,EAAG,EAAG,EAAG,GAClBnB,EAAKhB,EACHiB,EAAKhB,EACLiB,EAAKhB,EACLiB,EAAKhB,EAYT,SAAS0E,EAAOC,EAAM3qB,EAAK4M,GACzB+d,EAAOA,EAAO,EACd3qB,EAAMA,EAAM,EACZ4M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI5qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ4M,EAAM,IAAM,GAAI,CACtBie,EAAcF,EAAO,GACnBxD,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,IAC7EmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,KAGjFmnB,EAAKnnB,EAAM,GAAK6lB,IAAO,GACrBsB,EAAKnnB,EAAM,GAAK6lB,IAAO,GAAK,IAC5BsB,EAAKnnB,EAAM,GAAK6lB,IAAO,EAAI,IAC3BsB,EAAKnnB,EAAM,GAAK6lB,EAAK,IACrBsB,EAAKnnB,EAAM,GAAK8lB,IAAO,GACvBqB,EAAKnnB,EAAM,GAAK8lB,IAAO,GAAK,IAC5BqB,EAAKnnB,EAAM,GAAK8lB,IAAO,EAAI,IAC3BqB,EAAKnnB,EAAM,GAAK8lB,EAAK,IACrBqB,EAAKnnB,EAAM,GAAK+lB,IAAO,GACvBoB,EAAKnnB,EAAM,GAAK+lB,IAAO,GAAK,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,IAAO,EAAI,IAC5BoB,EAAKnnB,EAAM,IAAM+lB,EAAK,IACtBoB,EAAKnnB,EAAM,IAAMgmB,IAAO,GACxBmB,EAAKnnB,EAAM,IAAMgmB,IAAO,GAAK,IAC7BmB,EAAKnnB,EAAM,IAAMgmB,IAAO,EAAI,IAC5BmB,EAAKnnB,EAAM,IAAMgmB,EAAK,IAExB4E,EAAOA,EAAM,GAAM,EACjB5qB,EAAOA,EAAM,GAAM,EACnB4M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAYf,SAASE,EAAIH,EAAM3qB,EAAK4M,GACtB+d,EAAOA,EAAO,EACd3qB,EAAMA,EAAM,EACZ4M,EAAMA,EAAM,EAEZ,IAAIge,EAAM,EAEV,GAAI5qB,EAAM,GAAI,OAAQ,EAEtB,OAAQ4M,EAAM,IAAM,GAAI,CACtBme,EAAWJ,EAAO,GAChBxD,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,EAAImnB,EAAKnnB,EAAM,GAC5EmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,IAAM,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,IAC7EmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,GAAKmnB,EAAKnnB,EAAM,KAAO,EAAImnB,EAAKnnB,EAAM,KAGjF4qB,EAAOA,EAAM,GAAM,EACjB5qB,EAAOA,EAAM,GAAM,EACnB4M,EAAOA,EAAM,GAAM,EAGvB,OAAOge,EAAM,EAMf,IAAIC,EAAgB,CAAC7C,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAUC,EAAMC,GAKvF,IAAIwC,EAAa,CAAC7C,EAAUM,GAK5B,MAAO,CACLK,WAAYA,EACZC,UAAWA,EACXK,OAAQA,EACRK,UAAWA,EACXK,SAAUA,EACVK,YAAaA,EACbK,UAAWA,EACXC,OAAQA,EACRC,SAAUA,EACVC,OAAQA,EACRI,IAAKA,GAxpBC,CAFG,CAACprB,WAAwBmiB,aA4pB5B4D,EAAS3kB,GAInB,OAFA6kB,EAAIqF,QApsBJ,SAAiBC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/C,IAAIC,EAAQhG,EAAK5c,SAAS,EAAO,IAC/B6iB,EAAQjG,EAAK5c,SAAS,IAAO,KAG/B4iB,EAAMvrB,IAAI,CAAC+qB,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,IACvC,IAAK,IAAI3rB,EAAImrB,EAAIW,EAAO,EAAG9rB,EAAI,EAAImrB,EAAK,GAAInrB,IAAK,CAC/C,IAAIgZ,EAAI4S,EAAM5rB,EAAI,IACbA,EAAImrB,GAAO,GAAc,IAAPA,GAAYnrB,EAAImrB,GAAO,KAC5CnS,EAAIgM,EAAShM,IAAM,KAAO,GAAKgM,EAAShM,IAAM,GAAK,MAAQ,GAAKgM,EAAShM,IAAM,EAAI,MAAQ,EAAIgM,EAAa,IAAJhM,IAEtGhZ,EAAImrB,GAAO,IACbnS,EAAKA,GAAK,EAAMA,IAAM,GAAO8S,GAAQ,GACrCA,EAAQA,GAAQ,GAAc,IAAPA,EAAe,GAAO,IAE/CF,EAAM5rB,GAAK4rB,EAAM5rB,EAAImrB,GAAMnS,EAI7B,IAAK,IAAIU,EAAI,EAAGA,EAAI1Z,EAAG0Z,GAAK,EAC1B,IAAK,IAAIqS,EAAK,EAAGA,EAAK,EAAGA,IAAM,CACzB/S,EAAI4S,EAAM5rB,GAAK,EAAI0Z,IAAM,EAAIqS,GAAM,GAErCF,EAAMnS,EAAIqS,GADRrS,EAAI,GAAKA,GAAK1Z,EAAI,EACJgZ,EAEAmM,EAAQ,GAAGH,EAAShM,IAAM,KACtCmM,EAAQ,GAAGH,EAAShM,IAAM,GAAK,MAC/BmM,EAAQ,GAAGH,EAAShM,IAAM,EAAI,MAC9BmM,EAAQ,GAAGH,EAAa,IAAJhM,IAM9B6M,EAAIkD,WAAWoC,EAAK,IAoqBftF,GA8CT,OAtCAH,EAAQsG,IAAM,CACZC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQL3G,EAAQ4G,IAAM,CACZL,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,IAAK,GAQP3G,EAAQ6G,IAAM,CACZL,IAAK,EACLM,IAAK,GAQT9G,EAAQ+G,UAAY,MAEb/G,CACT,CA36BqB,GC+Gd,SAASgH,GAASthB,GACrB,OAAOA,aAAaxL,UACxB,CAWO,SAAS+sB,GAAW/G,EAAMgH,GAC7B,MAAM7qB,EAAO6jB,EAAOA,EAAK1kB,WAAa0rB,GAAY,MAClD,GAAW,KAAP7qB,GAAgBA,GAAQ,EACxB,MAAU9B,MAAM,+DAEpB,OADA2lB,EAAOA,GAAQ,IAAIhmB,WAAW,IAAIsiB,YAAYngB,GAElD,CACO,SAAS8qB,GAAYjH,EAAMkH,EAAMjmB,EAAMkmB,EAAMC,GAChD,MAAMC,EAAOrH,EAAKznB,OAAS2uB,EACrBI,EAAOD,EAAOD,EAAOC,EAAOD,EAElC,OADApH,EAAKvlB,IAAIwG,EAAKmC,SAAS+jB,EAAMA,EAAOG,GAAOJ,GACpCI,CACX,CACO,SAASC,MAAaC,GACzB,MAAMC,EAAcD,EAAIE,QAAO,CAACC,EAAKC,IAASD,EAAMC,EAAKrvB,QAAQ,GAC3D2sB,EAAM,IAAIlrB,WAAWytB,GAC3B,IAAII,EAAS,EACb,IAAK,IAAIztB,EAAI,EAAGA,EAAIotB,EAAIjvB,OAAQ6B,IAC5B8qB,EAAIzqB,IAAI+sB,EAAIptB,GAAIytB,GAChBA,GAAUL,EAAIptB,GAAG7B,OAErB,OAAO2sB,CACX,CCvJO,MAAM4C,WAA0BztB,MACnCpD,eAAe8wB,GACX7wB,SAAS6wB,IAIV,MAAMC,WAA6B3tB,MACtCpD,eAAe8wB,GACX7wB,SAAS6wB,IAIV,MAAME,WAAsB5tB,MAC/BpD,eAAe8wB,GACX7wB,SAAS6wB,ICXjB,MAAMG,GAAY,GACZC,GAAW,GACV,MAAMC,GACTnxB,YAAY8W,EAAKsa,EAAIC,GAAU,EAAMrD,EAAMjF,EAAMC,GAC7C9oB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAK8tB,KAAOA,EAEZ9tB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAK4W,IAAMA,EACX5W,KAAKkxB,GAAKA,EACVlxB,KAAKmxB,QAAUA,EAEfnxB,KAAKoxB,YAAYvI,EAAMC,GAE3BsI,YAAYvI,EAAMC,GAMd,YALkB7nB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOA,GAAQkI,GAAUM,OAASzB,KAAa3jB,SAAS2b,GAAQ8H,WACrE1vB,KAAK8oB,IAAMA,GAAOkI,GAASK,OAAS,IAAIzJ,GAAQ,KAAM5nB,KAAK6oB,KAAK5kB,QAChEjE,KAAKsxB,MAAMtxB,KAAK4W,IAAK5W,KAAKkxB,KAEvB,CAAErI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEfqwB,MAAM1a,EAAKsa,GACP,MAAMpI,IAAEA,GAAQ9oB,KAAKoxB,cAEfI,EAAS5a,EAAIxV,OACnB,GAAe,KAAXowB,GAA4B,KAAXA,GAA4B,KAAXA,EAClC,MAAM,IAAIX,GAAqB,oBACnC,MAAMY,EAAU,IAAIrM,SAASxO,EAAI3S,OAAQ2S,EAAI1S,WAAY0S,EAAIzS,YAG7D,GAFA2kB,EAAIqF,QAAQqD,GAAU,EAAGC,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,GAAID,EAAQC,UAAU,IAAKF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,EAAGF,EAAS,GAAKC,EAAQC,UAAU,IAAM,QAExQzwB,IAAPiwB,EAAkB,CAClB,GAAkB,KAAdA,EAAG9vB,OACH,MAAM,IAAIyvB,GAAqB,mBACnC,IAAIc,EAAS,IAAIvM,SAAS8L,EAAGjtB,OAAQitB,EAAGhtB,WAAYgtB,EAAG/sB,YACvD2kB,EAAIwD,OAAOqF,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,GAAIC,EAAOD,UAAU,UAG3F5I,EAAIwD,OAAO,EAAG,EAAG,EAAG,GAG5BsF,oBAAoB9nB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQqH,IAAIjvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXigB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB2wB,EAAO,EAEP5B,EAAO,EACP1uB,EAAS,IAAIoB,WAFLkN,EAAMkgB,GAAS,IAG3B,KAAOA,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GACjCogB,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAKd,OAFA/P,KAAKmD,IAAMA,EACXnD,KAAK+P,IAAMA,EACJtO,EAEXuwB,qBACI,IAAInJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQqH,IAAIjvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXkiB,EAAO,GAAMliB,EAAM,GACnBmiB,EAAOniB,EACX,GAAI/P,KAAKmyB,eAAe,YACpB,GAAInyB,KAAKmxB,QAAS,CACd,IAAK,IAAIiB,EAAI,EAAGA,EAAIH,IAAQG,EACxBvJ,EAAK1lB,EAAM4M,EAAMqiB,GAAKH,EAE1BliB,GAAOkiB,EACPC,EAAOniB,OAEN,GAAIA,EAAM,GACX,MAAM,IAAI8gB,GAAqB,yDAInC9gB,GAAOkiB,EAEX,MAAMxwB,EAAS,IAAIoB,WAAWqvB,GAQ9B,OAPIniB,GACA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAC9BmiB,GACAzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IACxClyB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACE9vB,EAEX4wB,oBAAoBvoB,GAChB,IAAK6lB,GAAS7lB,GACV,MAAM,IAAI+nB,UAAU,+BACxB,IAAIhJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQ2H,IAAIvvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXigB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB2wB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBgC,EAAO,EACP9B,EAAO,EACPnwB,KAAKmxB,UACLc,EAAOliB,EAAMkgB,EAAOiC,GAAQ,GAC5BA,GAAQD,GAEZ,MAAMxwB,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAAQkgB,EAAc,EAAPgC,IAChD9B,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/CA,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAKd,OAFA/P,KAAKmD,IAAMA,EACXnD,KAAK+P,IAAMA,EACJtO,EAEX6wB,qBACI,IAAIzJ,KAAEA,EAAIC,IAAEA,GAAQ9oB,KAAKoxB,cACrBU,EAAQlK,GAAQ2H,IAAIvvB,KAAK8tB,MACzBiC,EAAOnI,GAAQ8H,UACfvsB,EAAMnD,KAAKmD,IACX4M,EAAM/P,KAAK+P,IACXmiB,EAAOniB,EACX,GAAIA,EAAM,EAAG,CACT,GAAIA,EAAM,GAAI,CACV,GAAI/P,KAAKmyB,eAAe,WACpB,MAAM,IAAItB,GAAqB,oDAG/B9gB,GAAO,GAAMA,EAAM,GAI3B,GADA+Y,EAAI+E,OAAOiE,EAAO/B,EAAO5sB,EAAK4M,GAC1B/P,KAAKmyB,eAAe,YAAcnyB,KAAKmxB,QAAS,CAChD,IAAIoB,EAAM1J,EAAK1lB,EAAM+uB,EAAO,GAC5B,GAAIK,EAAM,GAAKA,EAAM,IAAMA,EAAML,EAC7B,MAAM,IAAIpB,GAAc,eAC5B,IAAI0B,EAAS,EACb,IAAK,IAAIvvB,EAAIsvB,EAAKtvB,EAAI,EAAGA,IACrBuvB,GAAUD,EAAM1J,EAAK1lB,EAAM+uB,EAAOjvB,GACtC,GAAIuvB,EACA,MAAM,IAAI1B,GAAc,eAC5BoB,GAAQK,GAGhB,MAAM9wB,EAAS,IAAIoB,WAAWqvB,GAO9B,OANIA,EAAO,GACPzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IAExClyB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACE9vB,GCtMR,MAAMgxB,GACT9K,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASuB,QAAQ5oB,GAE7C6d,eAAe7d,EAAM8M,EAAKua,GAAU,GAChC,OAAO,IAAIsB,GAAQ7b,EAAKua,GAASwB,QAAQ7oB,GAE7ChK,YAAY8W,EAAKua,GAAU,EAAOyB,GAC9B5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,EAAWkwB,EAAS,OAE5DuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCb5B,SAASM,GAAIxxB,GACX,MAAMyxB,EAAI,SAASjc,GACjB,MAAMkc,EAAS,IAAIL,GAAQ7b,GAE3B5W,KAAK0yB,QAAU,SAASK,GACtB,OAAOD,EAAOJ,QAAQK,IAGxB/yB,KAAK2yB,QAAU,SAASI,GACtB,OAAOD,EAAOH,QAAQI,KAO1B,OAHAF,EAAEG,UAAYH,EAAE7xB,UAAUgyB,UAAY,GACtCH,EAAEI,QAAUJ,EAAE7xB,UAAUiyB,QAAU7xB,EAAS,EAEpCyxB,CACT,CCAA,SAASK,GAAIC,EAAM5Z,EAASmZ,EAAS5E,EAAMoD,EAAIC,GAE7C,MAAMiC,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACI1wB,EACA0Z,EACAiX,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAdAnnB,EAAI,EAeJ2C,EAAMwJ,EAAQnY,OAGlB,MAAMozB,EAA6B,KAAhBrB,EAAK/xB,OAAgB,EAAI,EAE1C6yB,EADiB,IAAfO,EACQ9B,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFnZ,EAqQJ,SAAuBA,EAAS4X,GAC9B,MAAMsD,EAAY,EAAKlb,EAAQnY,OAAS,EAExC,IAAImxB,EACJ,GAAgB,IAAZpB,GAAkBsD,EAAY,EAChClC,EAAM,QACD,GAAgB,IAAZpB,EACToB,EAAMkC,MACD,IAAKtD,KAAYsD,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOlb,EAEP,MAAUrW,MAAM,wBAJhBqvB,EAAM,EAOR,MAAMmC,EAAgB,IAAI7xB,WAAW0W,EAAQnY,OAASqzB,GACtD,IAAK,IAAIxxB,EAAI,EAAGA,EAAIsW,EAAQnY,OAAQ6B,IAClCyxB,EAAczxB,GAAKsW,EAAQtW,GAE7B,IAAK,IAAI0Z,EAAI,EAAGA,EAAI8X,EAAW9X,IAC7B+X,EAAcnb,EAAQnY,OAASub,GAAK4V,EAGtC,OAAOmC,CACT,CA9RcC,CAAcpb,EAAS4X,GACjCphB,EAAMwJ,EAAQnY,QAIhB,IAAIK,EAAS,IAAIoB,WAAWkN,GACxBkM,EAAI,EASR,IAPa,IAAT6R,IACFoG,EAAWhD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KAClEgnB,EAAYlD,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,GAAO8jB,EAAG9jB,MAAQ,EAAK8jB,EAAG9jB,KACnEA,EAAI,GAICA,EAAI2C,GAAK,CAsCd,IArCAgkB,EAAQxa,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KACnF4mB,EAASza,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,GAAOmM,EAAQnM,MAAQ,EAAKmM,EAAQnM,KAGvE,IAAT0gB,IACE4E,GACFqB,GAAQG,EACRF,GAASI,IAETD,EAAWD,EACXG,EAAYD,EACZF,EAAUH,EACVK,EAAWJ,IAKfJ,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAEjBG,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAG9BrX,EAAI,EAAGA,EAAI6X,EAAY7X,GAAK,EAAG,CAIlC,IAHA2X,EAAUL,EAAQtX,EAAI,GACtB4X,EAAUN,EAAQtX,EAAI,GAEjB1Z,EAAIgxB,EAAQtX,GAAI1Z,IAAMqxB,EAASrxB,GAAKsxB,EACvCV,EAASG,EAAQb,EAAKlwB,GACtB6wB,GAAWE,IAAU,EAAMA,GAAS,IAAOb,EAAKlwB,EAAI,GAEpD2wB,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOG,EACPA,EAAOC,EACPA,EAAQJ,EAIVG,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCJ,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,WAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAiC,OAAxBG,IAAS,GAAMC,GACxBA,GAASJ,EACTG,GAASH,GAAQ,GACjBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGJ,IAAT9F,IACE4E,GACFwB,EAAUH,EACVK,EAAWJ,IAEXD,GAAQI,EACRH,GAASK,IAIb5yB,EAAOwa,KAAQ8X,IAAS,GACxBtyB,EAAOwa,KAAS8X,IAAS,GAAM,IAC/BtyB,EAAOwa,KAAS8X,IAAS,EAAK,IAC9BtyB,EAAOwa,KAAe,IAAP8X,EACftyB,EAAOwa,KAAQ+X,IAAU,GACzBvyB,EAAOwa,KAAS+X,IAAU,GAAM,IAChCvyB,EAAOwa,KAAS+X,IAAU,EAAK,IAC/BvyB,EAAOwa,KAAgB,IAAR+X,EAQjB,OAJKtB,IACHjxB,EA4KJ,SAA0B8X,EAAS4X,GACjC,IACIoB,EADAkC,EAAY,KAEhB,GAAgB,IAAZtD,EACFoB,EAAM,QACD,GAAgB,IAAZpB,EACTsD,EAAYlb,EAAQA,EAAQnY,OAAS,OAChC,IAAK+vB,EAGV,MAAUjuB,MAAM,wBAFhBqvB,EAAM,EAKR,IAAKkC,EAAW,CAEd,IADAA,EAAY,EACLlb,EAAQA,EAAQnY,OAASqzB,KAAelC,GAC7CkC,IAEFA,IAGF,OAAOlb,EAAQtN,SAAS,EAAGsN,EAAQnY,OAASqzB,EAC9C,CAlMaG,CAAiBnzB,EAAQ0vB,IAG7B1vB,CACT,CAOA,SAASozB,GAAcje,GAErB,MAAMke,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAa5d,EAAIxV,OAAS,EAAI,EAAI,EAElC+xB,EAAWtzB,MAAM,GAAK20B,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGAlC,EAFAxmB,EAAI,EACJhB,EAAI,EAGR,IAAK,IAAIuQ,EAAI,EAAGA,EAAI6X,EAAY7X,IAAK,CACnC,IAAIoX,EAAQnd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KACnE4mB,EAASpd,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,GAAOwJ,EAAIxJ,MAAQ,EAAKwJ,EAAIxJ,KAExEwmB,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,WAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAkC,OAAzBI,KAAW,GAAMD,GAC1BA,GAAQH,EACRI,GAAUJ,IAAS,GACnBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EACjBA,EAAgC,UAAvBI,IAAU,EAAKD,GACxBA,GAAQH,EACRI,GAAUJ,GAAQ,EAClBA,EAAgC,YAAvBG,IAAS,EAAKC,GACvBA,GAASJ,EACTG,GAASH,GAAQ,EAGjBA,EAAQG,GAAQ,EAAOC,IAAU,GAAM,IAEvCD,EAAQC,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQJ,EAGR,IAAK,IAAI3wB,EAAI,EAAGA,EAAI2yB,GAAe3yB,IAE7B2yB,EAAO3yB,IACT8wB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,IAAS,GACTC,IAAU,GAMV6B,EAAWf,EAAUf,IAAS,IAAMgB,EAAWhB,IAAS,GAAM,IAAOiB,EAAWjB,IAAS,GAAM,IAAOkB,EACpGlB,IAAS,GAAM,IAAOmB,EAAWnB,IAAS,GAAM,IAAOoB,EAAWpB,IAAS,EAAK,IAAOqB,EAAWrB,IAAS,EAC3G,IACF+B,EAAYT,EAAUrB,IAAU,IAAMsB,EAAWtB,IAAU,GAAM,IAAOuB,EAAWvB,IAAU,GAAM,IACjGwB,EAAYxB,IAAU,GAAM,IAAOyB,EAAYzB,IAAU,GAAM,IAAO0B,EAAY1B,IAAU,EAAK,IACjG2B,EAAY3B,IAAU,EAAK,IAC7BJ,EAAyC,OAAhCkC,IAAc,GAAMD,GAC7B1C,EAAK/mB,KAAOypB,EAAWjC,EACvBT,EAAK/mB,KAAO0pB,EAAalC,GAAQ,GAIrC,OAAOT,CACT,CAwDO,SAAS4C,GAAUnf,GACxB5W,KAAK4W,IAAM,GAEX,IAAK,IAAI3T,EAAI,EAAGA,EAAI,EAAGA,IACrBjD,KAAK4W,IAAI/U,KAAK,IAAIgB,WAAW+T,EAAI3K,SAAa,EAAJhJ,EAAY,EAAJA,EAAS,KAG7DjD,KAAK0yB,QAAU,SAASK,GACtB,OAAOG,GACL2B,GAAc70B,KAAK4W,IAAI,IACvBsc,GACE2B,GAAc70B,KAAK4W,IAAI,IACvBsc,GACE2B,GAAc70B,KAAK4W,IAAI,IACvBmc,GAAO,EAAM,EAAG,KAAM,OAExB,EAAO,EAAG,KAAM,OACf,EAAM,EAAG,KAAM,MAGxB,CCtbA,SAASiD,KACPh2B,KAAKi2B,UAAY,EACjBj2B,KAAKk2B,QAAU,GAEfl2B,KAAKm2B,OAAS,SAASvf,GAMrB,GALA5W,KAAKo2B,QAAcv2B,MAAM,IACzBG,KAAKq2B,OAAax2B,MAAM,IAExBG,KAAKsxB,QAED1a,EAAIxV,SAAWpB,KAAKk2B,QAGtB,MAAUhzB,MAAM,mCAElB,OAJElD,KAAKs2B,YAAY1f,IAIZ,GAGT5W,KAAKsxB,MAAQ,WACX,IAAK,IAAIruB,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKo2B,QAAQnzB,GAAK,EAClBjD,KAAKq2B,OAAOpzB,GAAK,GAIrBjD,KAAKu2B,aAAe,WAClB,OAAOv2B,KAAKi2B,WAGdj2B,KAAK0yB,QAAU,SAAS8D,GACtB,MAAMC,EAAU52B,MAAM22B,EAAIp1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIuzB,EAAIp1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIgb,EAFAyY,EAAKF,EAAIvzB,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GACtE0K,EAAK6oB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GAG9Egb,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJwY,EAAIxzB,GAAM0K,IAAM,GAAM,IACtB8oB,EAAIxzB,EAAI,GAAM0K,IAAM,GAAM,IAC1B8oB,EAAIxzB,EAAI,GAAM0K,IAAM,EAAK,IACzB8oB,EAAIxzB,EAAI,GAAS,IAAJ0K,EACb8oB,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,IAAM,EAAK,IACzBD,EAAIxzB,EAAI,GAAS,IAAJyzB,EAGf,OAAOD,GAGTz2B,KAAK2yB,QAAU,SAAS6D,GACtB,MAAMC,EAAU52B,MAAM22B,EAAIp1B,QAE1B,IAAK,IAAI6B,EAAI,EAAGA,EAAIuzB,EAAIp1B,OAAQ6B,GAAK,EAAG,CACtC,IAEIgb,EAFAyY,EAAKF,EAAIvzB,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GACtE0K,EAAK6oB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,GAAOuzB,EAAIvzB,EAAI,IAAM,EAAKuzB,EAAIvzB,EAAI,GAG9Egb,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,IAAKp2B,KAAKq2B,OAAO,KAC5CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIG,EAAGlpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIE,EAAGjpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EACJA,EAAItQ,EACJA,EAAI+oB,EAAIC,EAAGhpB,EAAG3N,KAAKo2B,QAAQ,GAAIp2B,KAAKq2B,OAAO,IAC3CK,EAAIzY,EAEJwY,EAAIxzB,GAAM0K,IAAM,GAAM,IACtB8oB,EAAIxzB,EAAI,GAAM0K,IAAM,GAAM,IAC1B8oB,EAAIxzB,EAAI,GAAM0K,IAAM,EAAK,IACzB8oB,EAAIxzB,EAAI,GAAS,IAAJ0K,EACb8oB,EAAIxzB,EAAI,GAAMyzB,IAAM,GAAM,IAC1BD,EAAIxzB,EAAI,GAAMyzB,GAAK,GAAM,IACzBD,EAAIxzB,EAAI,GAAMyzB,GAAK,EAAK,IACxBD,EAAIxzB,EAAI,GAAS,IAAJyzB,EAGf,OAAOD,GAET,MAAMK,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAGlO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,MAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASJ,EAAGnO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,KAAQC,EAAK,GAAO,IAAJD,GAGhG,SAASH,EAAGpO,EAAGrb,EAAGO,GAChB,MAAMsQ,EAAI7Q,EAAIqb,EACRuO,EAAK/Y,GAAKtQ,EAAMsQ,IAAO,GAAKtQ,EAClC,OAASspB,EAAK,GAAGD,IAAM,IAAMC,EAAK,GAAID,IAAM,GAAM,KAAQC,EAAK,GAAID,IAAM,EAAK,MAAQC,EAAK,GAAO,IAAJD,GA7FhGD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnC/2B,KAAKs2B,YAAc,SAASY,GAC1B,MAAMjZ,aACAhC,EAAQpc,MAAM,IAEpB,IAAI8c,EAEJ,IAAK,IAAI1Z,EAAI,EAAGA,EAAI,EAAGA,IACrB0Z,EAAQ,EAAJ1Z,EACJgb,EAAEhb,GAAMi0B,EAAIva,IAAM,GAAOua,EAAIva,EAAI,IAAM,GAAOua,EAAIva,EAAI,IAAM,EAAKua,EAAIva,EAAI,GAG3E,MAAM7P,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACIqqB,EADAC,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIC,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAK3a,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtO,EAAIyoB,EAAUQ,GAAO3a,GAC3Bwa,EAAIlZ,EAAE5P,EAAE,IAER8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAK,GAAIhZ,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD8oB,GAAKF,EAAKnqB,EAAE6P,IAAKsB,EAAE5P,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D4P,EAAE5P,EAAE,IAAM8oB,EAGZ,IAAKxa,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAM1O,EAAI8oB,EAAUO,GAAO3a,GAC3Bwa,EAAIF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,GAAIhZ,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDkpB,GAAKF,EAAK,EAAIta,GAAIsB,EAAEhQ,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7DgO,EAAEmb,GAAMD,EACRC,KAKN,IAAK,IAAIn0B,EAAI,EAAGA,EAAI,GAAIA,IACtBjD,KAAKo2B,QAAQnzB,GAAKgZ,EAAEhZ,GACpBjD,KAAKq2B,OAAOpzB,GAAiB,GAAZgZ,EAAE,GAAKhZ,IAwB5B,MAAMg0B,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASM,GAAM3gB,GACb5W,KAAKqT,MAAQ,IAAI2iB,GACjBh2B,KAAKqT,MAAM8iB,OAAOvf,GAElB5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAKqT,MAAMqf,QAAQK,GAE9B,CDpJAgD,GAAU9C,QAAU8C,GAAU/0B,UAAUiyB,QAAU,GAClD8C,GAAU/C,UAAY+C,GAAU/0B,UAAUgyB,UAAY,ECqJtDuE,GAAMvE,UAAYuE,GAAMv2B,UAAUgyB,UAAY,EAC9CuE,GAAMtE,QAAUsE,GAAMv2B,UAAUiyB,QAAU,GCpkB1C,MAAMuE,GAAS,WAEf,SAASC,GAAKN,EAAG/qB,GACf,OAAQ+qB,GAAK/qB,EAAI+qB,IAAO,GAAK/qB,GAAMorB,EACrC,CAEA,SAASE,GAAKrpB,EAAGpL,GACf,OAAOoL,EAAEpL,GAAKoL,EAAEpL,EAAI,IAAM,EAAIoL,EAAEpL,EAAI,IAAM,GAAKoL,EAAEpL,EAAI,IAAM,EAC7D,CAEA,SAAS00B,GAAKtpB,EAAGpL,EAAGk0B,GAClB9oB,EAAEupB,OAAO30B,EAAG,EAAO,IAAJk0B,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAASU,GAAK/qB,EAAGV,GACf,OAAQU,IAAW,EAAJV,EAAU,GAC3B,CAkSA,SAAS0rB,GAAGlhB,GACV5W,KAAK+3B,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAMvrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASwrB,EAAMxrB,GACb,OAAOsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAAMsrB,EAAK,GAAGP,GAAK/qB,EAAG,IAG3F,SAASyrB,EAAQ5qB,EAAG6qB,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,GAAM6pB,GAC7DnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIxqB,EAAI,IAAO6pB,GAGhE,SAASiB,EAAQx1B,EAAGu1B,GAClB,IAAInqB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,IAAOu0B,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,IAAOu0B,GAAQ,IAClEnpB,EAAIgqB,EAAMG,EAAI,IACdvqB,EAAIqqB,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMnqB,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,GAAMu0B,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMnqB,EAAI,EAAIJ,EAAIkqB,EAAO,EAAIl1B,EAAI,GAAMu0B,GAAQ,IAsDnE,MAAO,CACLtsB,KAAM,UACNwtB,UAAW,GACXC,KAhQF,SAAiB/hB,GAEf,IAAI3T,EACAoL,EACAJ,EACAmO,EACAqM,EALJuP,EAAWphB,EAMX,MAAMgiB,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3DnrB,EAAI,CACR,GACA,IAEIlB,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASssB,EAAM5sB,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,GAG1C,SAAS6sB,EAAM7sB,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,GAGrD,SAAS8sB,EAAOxH,EAAG9jB,GACjB,IAAIrL,EACAgb,EACA4b,EACJ,IAAK52B,EAAI,EAAGA,EAAI,EAAGA,IACjBgb,EAAI3P,IAAM,GACVA,EAAMA,GAAK,EAAKkpB,GAAUpF,IAAM,GAChCA,EAAKA,GAAK,EAAKoF,GACfqC,EAAI5b,GAAK,EACD,IAAJA,IACF4b,GAAK,KAEPvrB,GAAK2P,EAAK4b,GAAK,GACfA,GAAK5b,IAAM,EACH,EAAJA,IACF4b,GAAK,KAEPvrB,GAAKurB,GAAK,GAAKA,GAAK,EAEtB,OAAOvrB,EAGT,SAASwrB,EAAG1tB,EAAGU,GACb,MAAMuB,EAAIvB,GAAK,EACTmB,EAAQ,GAAJnB,EACJsP,EAAIgd,EAAGhtB,GAAGiC,EAAIJ,GACdwa,EAAI4Q,EAAGjtB,GAAGotB,EAAKvrB,GAAKwrB,EAAKprB,IAC/B,OAAOkrB,EAAGntB,GAAGotB,EAAK/Q,GAAKgR,EAAKrd,KAAO,EAAIkd,EAAGltB,GAAGgQ,EAAIqM,GAGnD,SAASsR,EAAKjtB,EAAG8J,GACf,IAAIvI,EAAIwpB,GAAK/qB,EAAG,GACZmB,EAAI4pB,GAAK/qB,EAAG,GACZsP,EAAIyb,GAAK/qB,EAAG,GACZ2b,EAAIoP,GAAK/qB,EAAG,GAChB,OAAQisB,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,GAC3B3I,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,GAC3BwF,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,GAC3B6R,EAAIna,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,GAC7B,KAAK,EACHvI,EAAIC,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD3I,EAAIK,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnDwF,EAAI9N,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GACnD6R,EAAIna,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKjhB,EAAI,GAAI,IAAMihB,GAAKjhB,EAAI,GAAI,GAEvD,OAAOxJ,EAAE,GAAGiB,GAAKjB,EAAE,GAAGa,GAAKb,EAAE,GAAGgP,GAAKhP,EAAE,GAAGqb,GAK5C,IAFAuP,EAAWA,EAASt2B,MAAM,EAAG,IAC7BuB,EAAI+0B,EAAS52B,OACA,KAAN6B,GAAkB,KAANA,GAAkB,KAANA,GAC7B+0B,EAAS/0B,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAI+0B,EAAS52B,OAAQ6B,GAAK,EACpC61B,EAAM71B,GAAK,GAAKy0B,GAAKM,EAAU/0B,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBqL,EAAE,GAAGrL,GAAK62B,EAAG,EAAG72B,GAChBqL,EAAE,GAAGrL,GAAK62B,EAAG,EAAG72B,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBg2B,EAAM3qB,EAAE,GAAGrL,GACXi2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGnK,GAAKg2B,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnD/rB,EAAE,GAAGnK,GAAKi2B,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAM3qB,EAAE,GAAGrL,GACXi2B,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ7rB,EAAE,GAAGnK,GAAKk2B,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD7rB,EAAE,GAAGnK,GAAKi2B,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAM13B,OAAS,EACjB6B,EAAI,EAAGA,EAAI81B,EAAM91B,IACpBoL,EAAIyqB,EAAM71B,EAAIA,GACd21B,EAAM31B,GAAKoL,EACXJ,EAAI6qB,EAAM71B,EAAIA,EAAI,GAClB41B,EAAM51B,GAAKgL,EACX+qB,EAAKD,EAAO91B,EAAI,GAAK22B,EAAOvrB,EAAGJ,GAEjC,IAAKhL,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBoL,EAAI,SAAYpL,EAChBgL,EAAII,EAAI,SACRA,EAAI0rB,EAAK1rB,EAAGuqB,GACZ3qB,EAAIwpB,GAAKsC,EAAK9rB,EAAG4qB,GAAQ,GACzBV,EAAOl1B,GAAMoL,EAAIJ,EAAKupB,GACtBW,EAAOl1B,EAAI,GAAKw0B,GAAKppB,EAAI,EAAIJ,EAAG,GAElC,IAAKhL,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAoL,EAAIJ,EAAImO,EAAIqM,EAAIxlB,EACR81B,GACN,KAAK,EACH1qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH3qB,EAAIC,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,GAC5B/qB,EAAIK,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,GAC5B5c,EAAI9N,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,GAC5BvQ,EAAIna,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGD,GAAKwpB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGL,GAAK4pB,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAG8N,GAAKyb,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGn1B,GAAKmK,EAAE,GAAGkB,EAAE,GAAGA,EAAE,GAAGma,GAAKoP,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,MA0FzEh3B,MAvDF,WACEm2B,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,KAkDF1F,QA9CF,SAAoB5oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,EAAI,EAAGA,IACrB4b,EAAQ5b,EAAG6b,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,GAgCPtF,QA7BF,SAAoB7oB,EAAMqG,GACxB8nB,EAAYnuB,EACZouB,EAAa/nB,EACb,MAAMqoB,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIxb,EAAI,EAAGA,GAAK,EAAGA,IACtB8b,EAAQ9b,EAAG6b,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,IAiBd8B,SAZF,WACE,OAAO/B,GAaX,CAKYgC,GACVj6B,KAAK+3B,GAAGY,KAAK94B,MAAMkiB,KAAKnL,GAAM,GAE9B5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAK+3B,GAAGrF,QAAQ7yB,MAAMkiB,KAAKgR,GAAQ,GAE9C,CCxUA,SAASmH,MAqXT,SAASC,GAAGvjB,GACV5W,KAAKo6B,GAAK,IAAIF,GACdl6B,KAAKo6B,GAAGC,KAAKzjB,GAEb5W,KAAK0yB,QAAU,SAASK,GACtB,OAAO/yB,KAAKo6B,GAAGE,aAAavH,GAEhC,CDlDA+E,GAAG7E,QAAU6E,GAAG92B,UAAUiyB,QAAU,GACpC6E,GAAG9E,UAAY8E,GAAG92B,UAAUgyB,UAAY,GCrUxCkH,GAASl5B,UAAUu5B,UAAY,EAK/BL,GAASl5B,UAAUw5B,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCN,GAASl5B,UAAUy5B,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DP,GAASl5B,UAAU05B,GAAK,GASxBR,GAASl5B,UAAU25B,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,WAEZ,OAAOA,CACT,EAKAV,GAASl5B,UAAU65B,GAAK,SAASD,GAC/B,IAAIE,EAEJ,MAAMC,EAAU,IAALH,EAELI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAGFM,EAAU,KADhBN,KAAQ,GAOR,OAJAE,EAAK96B,KAAKm7B,OAAO,GAAGD,GAAMl7B,KAAKm7B,OAAO,GAAGF,GACzCH,GAAM96B,KAAKm7B,OAAO,GAAGH,GACrBF,GAAM96B,KAAKm7B,OAAO,GAAGJ,GAEdD,CACT,EAMAZ,GAASl5B,UAAUo6B,cAAgB,SAASC,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAK,EAAGA,EAAKt7B,KAAK06B,KAAMY,EAAI,CAC/BC,GAASv7B,KAAKy7B,OAAOH,GACrBE,EAAQx7B,KAAK66B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASv7B,KAAKy7B,OAAOz7B,KAAK06B,GAAK,GAC/Bc,GAASx7B,KAAKy7B,OAAOz7B,KAAK06B,GAAK,GAE/BW,EAAK,GAAKr7B,KAAK26B,OAAOa,GACtBH,EAAK,GAAKr7B,KAAK26B,OAAOY,EACxB,EAWArB,GAASl5B,UAAUs5B,aAAe,SAASoB,GACzC,IAAIJ,EACJ,MAAMD,EAAO,CAAC,EAAG,GACXM,EAAM37B,KAAKu6B,UAAY,EAC7B,IAAKe,EAAK,EAAGA,EAAKt7B,KAAKu6B,UAAY,IAAKe,EACtCD,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBK,EAAOJ,EAAK,GACxCD,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBK,EAAOJ,EAAKK,GAG1C37B,KAAKo7B,cAAcC,GAEnB,MAAMtN,EAAM,GACZ,IAAKuN,EAAK,EAAGA,EAAKt7B,KAAKu6B,UAAY,IAAKe,EACtCvN,EAAIuN,EAAK,GAAOD,EAAK,KAAQ,GAAK,IAAa,IAC/CtN,EAAIuN,EAAKK,GAASN,EAAK,KAAQ,GAAK,IAAa,IAKnD,OAAOtN,CACT,EAMAmM,GAASl5B,UAAU46B,cAAgB,SAASP,GAC1C,IAGIC,EAHAC,EAAQF,EAAK,GACbG,EAAQH,EAAK,GAIjB,IAAKC,EAAKt7B,KAAK06B,GAAK,EAAGY,EAAK,IAAKA,EAAI,CACnCC,GAASv7B,KAAKy7B,OAAOH,GACrBE,EAAQx7B,KAAK66B,GAAGU,GAASC,EAEzB,MAAMjtB,EAAMgtB,EACZA,EAAQC,EACRA,EAAQjtB,EAGVgtB,GAASv7B,KAAKy7B,OAAO,GACrBD,GAASx7B,KAAKy7B,OAAO,GAErBJ,EAAK,GAAKr7B,KAAK26B,OAAOa,GACtBH,EAAK,GAAKr7B,KAAK26B,OAAOY,EACxB,EAMArB,GAASl5B,UAAUq5B,KAAO,SAASzjB,GACjC,IAAI0kB,EACAtM,EAAK,EAGT,IADAhvB,KAAKy7B,OAAS,GACTH,EAAK,EAAGA,EAAKt7B,KAAK06B,GAAK,IAAKY,EAAI,CACnC,IAAIxxB,EAAO,EACX,IAAK,IAAI+xB,EAAK,EAAGA,EAAK,IAAKA,EACzB/xB,EAAQA,GAAQ,EAAgB,IAAV8M,EAAIoY,KACpBA,GAAMpY,EAAIxV,SACd4tB,EAAK,GAGThvB,KAAKy7B,OAAOH,GAAMt7B,KAAKy6B,OAAOa,GAAMxxB,EAItC,IADA9J,KAAKm7B,OAAS,GACTG,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAt7B,KAAKm7B,OAAOG,GAAM,GACbtM,EAAK,EAAGA,EAAK,MAAOA,EACvBhvB,KAAKm7B,OAAOG,GAAItM,GAAMhvB,KAAKw6B,OAAOc,GAAItM,GAI1C,MAAMqM,EAAO,CAAC,EAAY,GAE1B,IAAKC,EAAK,EAAGA,EAAKt7B,KAAK06B,GAAK,EAAGY,GAAM,EACnCt7B,KAAKo7B,cAAcC,GACnBr7B,KAAKy7B,OAAOH,EAAK,GAAKD,EAAK,GAC3Br7B,KAAKy7B,OAAOH,EAAK,GAAKD,EAAK,GAG7B,IAAKC,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKtM,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BhvB,KAAKo7B,cAAcC,GACnBr7B,KAAKm7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,GAC/Br7B,KAAKm7B,OAAOG,GAAItM,EAAK,GAAKqM,EAAK,EAGrC,EAYAlB,GAAGlH,QAAUkH,GAAGn5B,UAAUiyB,QAAU,GACpCkH,GAAGnH,UAAYmH,GAAGn5B,UAAUgyB,UAAY,ECvXjC,MAAMzf,GAASqf,GAAI,KASbpf,GAASof,GAAI,KASbnf,GAASmf,GAAI,KAEbM,GJqaN,SAAatc,GAClB5W,KAAK4W,IAAMA,EAEX5W,KAAK0yB,QAAU,SAASK,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc70B,KAAK4W,KACfmc,GAAO,EAAM,EAAG,KAAM5B,IAGzCnxB,KAAK2yB,QAAU,SAASI,EAAO5B,GAE7B,OAAO+B,GADM2B,GAAc70B,KAAK4W,KACfmc,GAAO,EAAO,EAAG,KAAM5B,GAE5C,mGIzayB4E,SAQJwB,WAQEO,YAQCqC,QAMJ,WAClB,MAAUj3B,MAAM,+CAClB,IChFW44B,GAAW,SAAW/S,EAAQH,EAAS3kB,GAC9C,UAGA,IAAI+lB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EACrCC,EAAS,EAAGC,EAAS,EAGzB,IAAI7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EACrCC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAGzC,IAAIlS,EAAO,IAAItB,EAAOlmB,WAAWoB,GAEjC,SAASsmB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGpkB,EAAI,EAAG+H,EAAI,EAAG6R,EAAI,EAC9Cuf,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACjCC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACvFC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACvFC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAE3FlzB,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ9lB,EAAI03B,EAGJ9d,EAAMue,GAAOnuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMwe,GAAOpuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMye,GAAOruB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM0e,GAAOtuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM2e,GAAOvuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM4e,GAAOxuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM6e,GAAOzuB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM8e,GAAO1uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAM+e,GAAO3uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMgf,GAAO5uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMif,GAAQ7uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMkf,GAAQ9uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMmf,GAAQ/uB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMof,GAAQhvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMqf,GAAQjvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpDA,EAAMsf,GAAQlvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC9EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIixB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOpxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuf,GAAQnvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkxB,EAAML,EAAKN,EAAKF,EACpBgB,EAAOrxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwf,GAAQpvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOtxB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyf,GAAQrvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOvxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0f,GAAQtvB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,GAAOnO,EAAIwa,GAAM,WAAa,EAC7EpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOxxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2f,GAAQvvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAOzxB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4f,GAAQxvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO1xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6f,GAAQzvB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwxB,EAAML,EAAMN,EAAKF,EACrBgB,EAAO3xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8f,GAAQ1vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyxB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5xB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+f,GAAQ3vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKggB,GAAQ5vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO9xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKigB,GAAQ7vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO/xB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkgB,GAAQ9vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOhyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmgB,GAAQ/vB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOjyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKogB,GAAQhwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+xB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOlyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqgB,GAAQjwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOnyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKsgB,GAAQlwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIiyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOpyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKugB,GAAQnwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOryB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwgB,GAAQpwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOtyB,GAAK,EAAMA,IAAM,GACxB6R,EAAKygB,GAAQrwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIoyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOvyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0gB,GAAQtwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOxyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2gB,GAAQvwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIsyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAOzyB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4gB,GAAQxwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO1yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6gB,GAAQzwB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO3yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8gB,GAAQ1wB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyyB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO5yB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+gB,GAAQ3wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0yB,EAAML,EAAMN,EAAMF,EACtBgB,EAAO7yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKghB,GAAQ5wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO9yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKihB,IAAQ7wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAO/yB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkhB,IAAQ9wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6yB,EAAML,EAAMN,EAAMF,EACtBgB,GAAOhzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKmhB,IAAQ/wB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOjzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKohB,IAAQhxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+yB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOlzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKqhB,IAAQjxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIgzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOnzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKshB,IAAQlxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIizB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOpzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKuhB,IAAQnxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIkzB,GAAML,EAAMN,EAAMF,EACtBgB,GAAOrzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKwhB,IAAQpxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAImzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOtzB,GAAK,EAAMA,IAAM,GACxB6R,EAAKyhB,IAAQrxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIozB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOvzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK0hB,IAAQtxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIqzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOxzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK2hB,IAAQvxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIszB,GAAML,GAAMN,EAAMF,EACtBgB,GAAOzzB,GAAK,EAAMA,IAAM,GACxB6R,EAAK4hB,IAAQxxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIuzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO1zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK6hB,IAAQzxB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIwzB,GAAML,GAAMN,EAAMF,EACtBgB,GAAO3zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK8hB,IAAQ1xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIyzB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO5zB,GAAK,EAAMA,IAAM,GACxB6R,EAAK+hB,IAAQ3xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI0zB,GAAML,GAAMN,GAAMF,EACtBgB,GAAO7zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKgiB,IAAQ5xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI2zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO9zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKiiB,IAAQ7xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI4zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/zB,GAAK,EAAMA,IAAM,GACxB6R,EAAKkiB,IAAQ9xB,GAAK,EAAMA,IAAM,IAAOhK,GAAM4J,EAAImO,EAAMnO,EAAIwa,EAAMrM,EAAIqM,GAAM,WAAa,EACtFpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI6zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmiB,IAAQ/xB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI8zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKoiB,IAAQhyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+zB,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqiB,IAAQjyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsiB,IAAQlyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIi0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOp0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKuiB,IAAQnyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIk0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOr0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKwiB,IAAQpyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIm0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOt0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKyiB,IAAQryB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIo0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOv0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK0iB,IAAQtyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIq0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOx0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK2iB,IAAQvyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIs0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOz0B,GAAK,EAAMA,IAAM,GACxB6R,EAAK4iB,IAAQxyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIu0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO10B,GAAK,EAAMA,IAAM,GACxB6R,EAAK6iB,IAAQzyB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIw0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO30B,GAAK,EAAMA,IAAM,GACxB6R,EAAK8iB,IAAQ1yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIy0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO50B,GAAK,EAAMA,IAAM,GACxB6R,EAAK+iB,IAAQ3yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI00B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO70B,GAAK,EAAMA,IAAM,GACxB6R,EAAKgjB,IAAQ5yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI20B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO90B,GAAK,EAAMA,IAAM,GACxB6R,EAAKijB,IAAQ7yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI40B,GAAML,GAAMN,GAAMF,GACtBgB,GAAO/0B,GAAK,EAAMA,IAAM,GACxB6R,EAAKkjB,IAAQ9yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI60B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOh1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKmjB,IAAQ/yB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI80B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOj1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKojB,IAAQhzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAI+0B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOl1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKqjB,IAAQjzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAGpD7R,EAAIg1B,GAAML,GAAMN,GAAMF,GACtBgB,GAAOn1B,GAAK,EAAMA,IAAM,GACxB6R,EAAKsjB,IAAQlzB,GAAK,EAAMA,IAAM,IAAOhK,GAAK4J,EAAImO,EAAIqM,GAAK,WAAa,EACpEpkB,EAAIokB,EAAGA,EAAIrM,EAAGA,EAAKnO,GAAK,GAAOA,IAAM,EAAIA,EAAII,EAAGA,EAAI4P,EAEpD+L,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK13B,EAAI,EAIpB,SAASm9B,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IAGzB,SAASzK,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLC,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAQC,GACxCN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACL9F,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS3/B,EAAU8N,EAAQ/O,GACvB+O,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAEhB,IAAI6gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAS/O,EAAO,IAAM,GAAK,CACvBogC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzB/O,EAAWA,EAAS,GAAK,EAEzB6gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQ/O,EAAQyI,GAC9BsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTh/B,EAAI,EAER,GAAKkN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAMzI,EAAO,IAAM,GAAK,CACpB6gC,EAAS5/B,EAAS8N,EAAQ/O,GAAS,EACnC,IAAM6gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B7gC,EAAWA,EAAS6gC,EAAS,EAGjCA,EAAWA,EAAS7gC,EAAS,EAC7B46B,EAAWA,EAAS56B,EAAS,EAC7B,GAAK46B,IAAS,EAAI56B,IAAS,EAAI66B,EAAUA,EAAS,EAAG,EAErD5R,EAAKla,EAAO/O,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,KACrBu+B,EAAWrxB,GAEX/O,EAAS,EAETipB,EAAKla,EAAO,GAAK,EAGrB,IAAMlN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,EAErBonB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACLF,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACLP,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EAGLzK,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EAELC,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQ/O,EAAQyI,GACnCsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGtB,EAAS,EAErD,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQ/O,GAAS,GAAI,EACtCkiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAElE,IAAM15B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQ/O,EAAQ2xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChB2xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACrCwB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAEzC,GAAKpzB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAO/O,EAAQ,GAAO2xB,IAAQ,GACpC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,EAAM,IAGlCsQ,EAAalzB,EAAS/O,EAAO,EAAG,GAAI,GAAI,EACxCsgC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAClE0H,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzCoG,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAClED,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAEzC2F,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EAEV0H,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EAEL,IAAMj4B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNh4B,QAASA,EACTuH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,EC/1BO,MAAME,GACT5jC,cACIE,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EAEfuhB,QACI,MAAMxI,IAAEA,GAAQ9oB,KAAKoxB,cAKrB,OAJApxB,KAAKyB,OAAS,KACdzB,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX+Y,EAAIwI,QACGtxB,KAEXqC,QAAQyH,GACJ,GAAoB,OAAhB9J,KAAKyB,OACL,MAAM,IAAIkvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAKoxB,cAC3B,IAAIrB,EAAO/vB,KAAKmD,IACZ+sB,EAAOlwB,KAAK+P,IACZigB,EAAO,EACPC,EAAOnmB,EAAK1I,OACZ+uB,EAAO,EACX,KAAOF,EAAO,GACVE,EAAOL,GAAYjH,EAAMkH,EAAOG,EAAMpmB,EAAMkmB,EAAMC,GAClDC,GAAQC,EACRH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAIzmB,QAAQ0tB,EAAMG,GACzBH,GAAQI,EACRD,GAAQC,EACHD,IACDH,EAAO,GAIf,OAFA/vB,KAAKmD,IAAM4sB,EACX/vB,KAAK+P,IAAMmgB,EACJlwB,KAEX4J,SACI,GAAoB,OAAhB5J,KAAKyB,OACL,MAAM,IAAIkvB,GAAkB,kDAChC,MAAM7H,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAKoxB,cAO3B,OANAtI,EAAIlf,OAAO5J,KAAKmD,IAAKnD,KAAK+P,IAAK,GAC/B/P,KAAKyB,OAAS,IAAIoB,WAAW7C,KAAK2jC,WAClC3jC,KAAKyB,OAAO6B,IAAIulB,EAAK5c,SAAS,EAAGjM,KAAK2jC,YACtC3jC,KAAKmD,IAAM,EACXnD,KAAK+P,IAAM,EACX/P,KAAKuxB,cACEvxB,MC9CR,MAED+wB,GAAY,GACZC,GAAW,GACV,MAAM4S,WAAaF,GACtB5jC,cACIC,QACAC,KAAK6jC,KAAO,OACZ7jC,KAAK8jC,WARmB,GASxB9jC,KAAK2jC,UARkB,GASvB3jC,KAAKoxB,cAETA,cAMI,YALkBnwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOkI,GAAUM,OAASzB,KAC/B5vB,KAAK8oB,IAAMkI,GAASK,OAASyK,GAAS,CAAEj5B,YAA0B,KAAM7C,KAAK6oB,KAAK5kB,QAClFjE,KAAKsxB,SAEF,CAAEzI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEf0mB,aAAa7d,GACT,OAAO,IAAI85B,IAAOvhC,QAAQyH,GAAMF,SAASnI,QAGjDmiC,GAAKC,KAAO,OACZD,GAAK7S,UAAY,GACjB6S,GAAK5S,SAAW,GAChB4S,GAAKG,aAAejI,GCnCb,MAED/K,GAAY,GACZC,GAAW,GACV,MAAMgT,WAAeN,GACxB5jC,cACIC,QACAC,KAAK6jC,KAAO,SACZ7jC,KAAK8jC,WARqB,GAS1B9jC,KAAK2jC,UARoB,GASzB3jC,KAAKoxB,cAETA,cAMI,YALkBnwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChC9oB,KAAK6oB,KAAOkI,GAAUM,OAASzB,KAC/B5vB,KAAK8oB,IAAMkI,GAASK,OClBR,SAAWtI,EAAQH,EAAS3kB,GAChD,UAGA,IAAI+lB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG4R,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAS,EAAGC,EAAS,EAGrB7S,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG2S,EAAK,EAAGkI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DnI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGgI,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAG7Dpa,EAAO,IAAItB,EAAOlmB,WAAWoB,GAEjC,SAASsmB,EAAQiS,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAC9Ef,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAEV,IAAIlvB,EAAI,EAAGJ,EAAI,EAAGmO,EAAI,EAAGqM,EAAI,EAAGpkB,EAAI,EAAGqgC,EAAI,EAAGC,EAAI,EAAGxoB,EAAI,EAEzD9N,EAAI2b,EACJ/b,EAAIgc,EACJ7N,EAAI8N,EACJzB,EAAI0B,EACJ9lB,EAAI03B,EACJ2I,EAAIT,EACJU,EAAIT,EACJ/nB,EAAIgoB,EAGJhoB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtgC,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGkO,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGs2B,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuoB,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtgC,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGjc,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+X,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxa,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG/N,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGuuB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAK,EAC9H9gB,EAAMqgB,EAAKrgB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGouB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOd,EAAKS,EAAM,EAC/HyH,EAAMlI,EAAKkI,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGugB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HuH,EAAMhI,EAAKgI,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACtG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGhI,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H/4B,EAAMs4B,EAAKt4B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACtGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG9H,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1H5U,EAAMmU,EAAKnU,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACtGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGw4B,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HlhB,EAAMygB,EAAKzgB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACtG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGqU,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKS,EAAM,EAC1HtvB,EAAM6uB,EAAK7uB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACtGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG2gB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHnuB,EAAM0uB,EAAK1uB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACtG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+uB,GAASC,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EACzHtgB,EAAM6gB,EAAK7gB,GAAM9X,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASsgC,EAAItgC,GAAKqgC,EAAEC,IAAO,WAAa,EACtGlc,EAAMA,EAAItM,EAAI,EACdA,EAAMA,GAAO9N,EAAIJ,EAAOmO,GAAK/N,EAAIJ,KAAWI,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG4uB,GAASC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAKP,EAAK,EAC9HiI,EAAM1H,EAAK0H,GAAMlc,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASic,EAAIjc,GAAKpkB,EAAEqgC,IAAO,WAAa,EACtGtoB,EAAMA,EAAIuoB,EAAI,EACdA,EAAMA,GAAOxoB,EAAI9N,EAAOJ,GAAKkO,EAAI9N,KAAW8N,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG+gB,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChI+H,EAAMxH,EAAMwH,GAAMtoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS/X,EAAI+X,GAAKqM,EAAEpkB,IAAO,WAAa,EACvG4J,EAAMA,EAAIy2B,EAAI,EACdA,EAAMA,GAAOC,EAAIxoB,EAAO9N,GAAKs2B,EAAIxoB,KAAWwoB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGxH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAK,GAAKA,IAAK,GAAKA,IAAK,GAAKA,GAAI,GAAKA,GAAI,IAAOE,EAAMP,EAAK,EAChIv4B,EAAM84B,EAAM94B,GAAM4J,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASwa,EAAIxa,GAAKmO,EAAEqM,IAAO,WAAa,EACvGpa,EAAMA,EAAIhK,EAAI,EACdA,EAAMA,GAAOqgC,EAAIC,EAAOxoB,GAAKuoB,EAAIC,KAAWD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGtH,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrIpU,EAAM2U,EAAM3U,GAAMpa,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAS+N,EAAI/N,GAAKJ,EAAEmO,IAAO,WAAa,EACvGD,EAAMA,EAAIsM,EAAI,EACdA,EAAMA,GAAOpkB,EAAIqgC,EAAOC,GAAKtgC,EAAIqgC,KAAWrgC,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGg5B,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI1gB,EAAMihB,EAAMjhB,GAAMD,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASlO,EAAIkO,GAAK9N,EAAEJ,IAAO,WAAa,EACvG02B,EAAMA,EAAIvoB,EAAI,EACdA,EAAMA,GAAOqM,EAAIpkB,EAAOqgC,GAAKjc,EAAIpkB,KAAWokB,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhG6U,GAAUC,IAAM,EAAKA,IAAM,GAAKA,IAAM,EAAKA,GAAK,GAAKA,GAAK,KAASH,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EACrI9uB,EAAMqvB,EAAMrvB,GAAM02B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASt2B,EAAIs2B,GAAKxoB,EAAE9N,IAAO,WAAa,EACvGq2B,EAAMA,EAAIz2B,EAAI,EACdA,EAAMA,GAAOmO,EAAIqM,EAAOpkB,GAAK+X,EAAIqM,KAAWrM,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAGhGmhB,GAAUf,IAAK,EAAKA,IAAK,GAAKA,IAAK,EAAKA,GAAI,GAAKA,GAAI,KAASa,IAAM,GAAKA,IAAM,GAAKA,IAAM,GAAKA,GAAK,GAAKA,GAAK,IAAOE,EAAMP,EAAK,EAChI3uB,EAAMkvB,EAAMlvB,GAAMq2B,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAASvoB,EAAIuoB,GAAKC,EAAExoB,IAAO,WAAa,EACvG9X,EAAMA,EAAIgK,EAAI,EACdA,EAAMA,GAAOJ,EAAImO,EAAOqM,GAAKxa,EAAImO,KAAWnO,IAAI,EAAIA,IAAI,GAAKA,IAAI,GAAKA,GAAG,GAAKA,GAAG,GAAKA,GAAG,IAAO,EAEhG+b,EAAOA,EAAK3b,EAAI,EAChB4b,EAAOA,EAAKhc,EAAI,EAChBic,EAAOA,EAAK9N,EAAI,EAChB+N,EAAOA,EAAK1B,EAAI,EAChBsT,EAAOA,EAAK13B,EAAI,EAChB4/B,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKS,EAAI,EAChBR,EAAOA,EAAKhoB,EAAI,EAGpB,SAASqlB,EAAarxB,GAClBA,EAASA,EAAO,EAEhBoa,EACIF,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,EAAIka,EAAKla,EAAO,GAC1Eka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,IAAI,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC3Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,IAC7Eka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,GAAKka,EAAKla,EAAO,KAAK,EAAIka,EAAKla,EAAO,KAKrF,SAASsxB,EAAiB53B,GACtBA,EAASA,EAAO,EAEhBwgB,EAAKxgB,EAAO,GAAKmgB,IAAK,GACtBK,EAAKxgB,EAAO,GAAKmgB,IAAK,GAAG,IACzBK,EAAKxgB,EAAO,GAAKmgB,IAAK,EAAE,IACxBK,EAAKxgB,EAAO,GAAKmgB,EAAG,IACpBK,EAAKxgB,EAAO,GAAKogB,IAAK,GACtBI,EAAKxgB,EAAO,GAAKogB,IAAK,GAAG,IACzBI,EAAKxgB,EAAO,GAAKogB,IAAK,EAAE,IACxBI,EAAKxgB,EAAO,GAAKogB,EAAG,IACpBI,EAAKxgB,EAAO,GAAKqgB,IAAK,GACtBG,EAAKxgB,EAAO,GAAKqgB,IAAK,GAAG,IACzBG,EAAKxgB,EAAO,IAAMqgB,IAAK,EAAE,IACzBG,EAAKxgB,EAAO,IAAMqgB,EAAG,IACrBG,EAAKxgB,EAAO,IAAMsgB,IAAK,GACvBE,EAAKxgB,EAAO,IAAMsgB,IAAK,GAAG,IAC1BE,EAAKxgB,EAAO,IAAMsgB,IAAK,EAAE,IACzBE,EAAKxgB,EAAO,IAAMsgB,EAAG,IACrBE,EAAKxgB,EAAO,IAAMkyB,IAAK,GACvB1R,EAAKxgB,EAAO,IAAMkyB,IAAK,GAAG,IAC1B1R,EAAKxgB,EAAO,IAAMkyB,IAAK,EAAE,IACzB1R,EAAKxgB,EAAO,IAAMkyB,EAAG,IACrB1R,EAAKxgB,EAAO,IAAMo6B,IAAK,GACvB5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,GAAG,IAC1B5Z,EAAKxgB,EAAO,IAAMo6B,IAAK,EAAE,IACzB5Z,EAAKxgB,EAAO,IAAMo6B,EAAG,IACrB5Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GACvB7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,GAAG,IAC1B7Z,EAAKxgB,EAAO,IAAMq6B,IAAK,EAAE,IACzB7Z,EAAKxgB,EAAO,IAAMq6B,EAAG,IACrB7Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GACvB9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,GAAG,IAC1B9Z,EAAKxgB,EAAO,IAAMs6B,IAAK,EAAE,IACzB9Z,EAAKxgB,EAAO,IAAMs6B,EAAG,IAGzB,SAAS7S,IACLtH,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACL4R,EAAK,WACLkI,EAAK,WACLC,EAAK,WACLC,EAAK,WACLnI,EAASC,EAAS,EAGtB,SAAS5B,EAAOqH,EAAIC,EAAIC,EAAIC,EAAIC,EAAI8C,EAAIC,EAAIC,EAAI/C,EAAQC,GACpDN,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR8C,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACR/C,EAASA,EAAO,EAChBC,EAASA,EAAO,EAEhBhY,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EACL9I,EAAS+F,EACT9F,EAAS+F,EAIb,SAAS3/B,EAAU8N,EAAQ/O,GACvB+O,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAEhB,IAAI6gC,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,OAAS/O,EAAO,IAAM,GAAK,CACvBogC,EAAWrxB,GAEXA,EAAWA,EAAS,GAAK,EACzB/O,EAAWA,EAAS,GAAK,EAEzB6gC,EAAWA,EAAS,GAAK,EAG7BjG,EAAWA,EAASiG,EAAS,EAC7B,GAAKjG,IAAS,EAAIiG,IAAS,EAAIhG,EAAWA,EAAS,EAAI,EAEvD,OAAOgG,EAAO,EAKlB,SAASr4B,EAASuG,EAAQ/O,EAAQyI,GAC9BsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIo4B,EAAS,EACTh/B,EAAI,EAER,GAAKkN,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhB,IAAMzI,EAAO,IAAM,GAAK,CACpB6gC,EAAS5/B,EAAS8N,EAAQ/O,GAAS,EACnC,IAAM6gC,EAAO,KAAO,EAChB,OAAQ,EAEZ9xB,EAAWA,EAAS8xB,EAAS,EAC7B7gC,EAAWA,EAAS6gC,EAAS,EAGjCA,EAAWA,EAAS7gC,EAAS,EAC7B46B,EAAWA,EAAS56B,EAAS,EAC7B,GAAK46B,IAAS,EAAI56B,IAAS,EAAI66B,EAAWA,EAAS,EAAI,EAEvD5R,EAAKla,EAAO/O,GAAU,KAEtB,IAAMA,EAAO,IAAM,GAAK,CACpB,IAAM6B,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,KAErBu+B,EAAWrxB,GAEX/O,EAAS,EAETipB,EAAKla,EAAO,GAAK,EAGrB,IAAMlN,EAAK7B,EAAO,EAAG,GAAI6B,EAAE,GAAK,GAAIA,EAAKA,EAAE,EAAG,EAC1ConB,EAAKla,EAAOlN,GAAK,EAErBonB,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,GAAG,IAC9B5R,EAAKla,EAAO,IAAM8rB,IAAS,EAAE,IAC7B5R,EAAKla,EAAO,IAAM8rB,GAAQ,EAAE,IAAMD,IAAS,GAC3C3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,GAAG,IAC9B3R,EAAKla,EAAO,IAAM6rB,IAAS,EAAE,IAC7B3R,EAAKla,EAAO,IAAM6rB,GAAQ,EAAE,IAC5BwF,EAAWrxB,GAEX,IAAMtG,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAGlB,SAASC,IACLlY,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLa,EAAKZ,EACLwS,EAAKG,EACL+H,EAAKG,EACLF,EAAKG,EACLF,EAAKG,EACLtI,EAAS,GACTC,EAAS,EAGb,SAASkG,IACLnY,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLlS,EAAKmS,EACLP,EAAKQ,EACL0H,EAAKM,EACLL,EAAKM,EACLL,EAAKM,EACLzI,EAAS,GACTC,EAAS,EAGb,SAASmG,EAAYC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,GAClFf,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAKA,EAAG,EACRC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EACVC,EAAMA,EAAI,EAGV9R,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVjH,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKnS,EACLoS,EAAKR,EACLwI,EAAKN,EACLO,EAAKN,EACLO,EAAKN,EAGL7S,IACA/G,EACI8X,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAK,WACLC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,WACNC,EAAM,YAEVha,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACLX,EAAKY,EACL+R,EAAKH,EACLqI,EAAKH,EACLI,EAAKH,EACLI,EAAKH,EAELnI,EAAS,GACTC,EAAS,EAKb,SAASoH,EAAclzB,EAAQ/O,EAAQyI,GACnCsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChByI,EAASA,EAAO,EAEhB,IAAIy5B,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DhD,EAAS,EAEb,GAAK9xB,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAEhBo4B,EAASr4B,EAAQuG,EAAQ/O,GAAS,GAAI,EACtCkiC,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAErE,IAAMp7B,EACF43B,EAAe53B,GAEnB,OAAOo4B,EAAO,EAMlB,SAASuB,EAAwBrzB,EAAQ/O,EAAQ2xB,EAAO0Q,EAAO55B,GAC3DsG,EAASA,EAAO,EAChB/O,EAASA,EAAO,EAChB2xB,EAAQA,EAAM,EACd0Q,EAAQA,EAAM,EACd55B,EAASA,EAAO,EAEhB,IAAI63B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAG8C,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAC7DxB,EAAK,EAAG1Y,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGyY,EAAK,EAAGwB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAEjE,GAAK90B,EAAS,GACV,OAAQ,EAEZ,IAAMtG,EACF,GAAKA,EAAS,GACV,OAAQ,EAIhBwgB,EAAMla,EAAO/O,EAAQ,GAAO2xB,IAAQ,GACpC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,GAAG,IACvC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,IAAQ,EAAE,IACtC1I,EAAMla,EAAO/O,EAAO,EAAG,GAAK2xB,EAAM,IAGlCsQ,EAAalzB,EAAS/O,EAAO,EAAG,GAAI,GAAI,EACxCsgC,EAAK4B,EAAKtZ,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAK/W,EAAKX,EAAI2X,EAAKyB,EAAKxH,EAAI6I,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAAIY,EAAKG,EAAKd,EAC5GV,EAASA,EAAM,EAAG,EAGlB,OAASA,EAAM,GAAK,EAAI,CACpBvB,IACA3X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEhC,IACA5X,EAAO+Y,EAAI1Y,EAAIC,EAAIC,EAAIyY,EAAIwB,EAAIC,EAAIC,EAAI,WAAY,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KACrE3B,EAAKtZ,EAAIY,EAAKX,EAAIY,EAAKX,EAAIY,EAAKX,EAAIoZ,EAAKxH,EAAIgJ,EAAKd,EAAIe,EAAKd,EAAIe,EAAKd,EAEpEzC,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK1X,EACV2X,EAAKA,EAAK/F,EACV6I,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EACVY,EAAKA,EAAKX,EAEVV,EAASA,EAAM,EAAG,EAGtBzZ,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACLzX,EAAK0X,EACL9F,EAAK+F,EACLmC,EAAKW,EACLV,EAAKW,EACLV,EAAKW,EAEL,IAAMj7B,EACF43B,EAAe53B,GAEnB,OAAO,EAGX,MAAO,CAELynB,MAAOA,EACP+I,KAAMA,EACNh4B,QAASA,EACTuH,OAAQA,EAGRs4B,WAAYA,EACZE,UAAWA,EACXiB,YAAaA,EAGbG,sBAAuBA,EAE7B,CDtyByC0B,CAAW,CAAEriC,YAA0B,KAAM7C,KAAK6oB,KAAK5kB,QACpFjE,KAAKsxB,SAEF,CAAEzI,KAAM7oB,KAAK6oB,KAAMC,IAAK9oB,KAAK8oB,KAExCyI,mBACsBtwB,IAAdjB,KAAK6oB,WAAmC5nB,IAAbjB,KAAK8oB,MAChCiI,GAAUlvB,KAAK7B,KAAK6oB,MACpBmI,GAASnvB,KAAK7B,KAAK8oB,MAEvB9oB,KAAK6oB,UAAO5nB,EACZjB,KAAK8oB,SAAM7nB,EAEf0mB,aAAa7d,GACT,OAAO,IAAIk6B,IAAS3hC,QAAQyH,GAAMF,SAASnI,QAGnDuiC,GAAOH,KAAO,SEnCd,OAAiBsB,GAEjB,SAASA,GAAOC,EAAKC,GACnB,IAAKD,EACH,MAAUliC,MAAMmiC,GAAO,mBAC3B,CAEAF,GAAOv2B,MAAQ,SAAqB8nB,EAAG/oB,EAAG03B,GACxC,GAAI3O,GAAK/oB,EACP,MAAUzK,MAAMmiC,GAAQ,qBAAuB3O,EAAI,OAAS/oB,EAChE,qTCRE23B,UAF2B,mBAAlBv6B,OAAOw6B,OAEC,SAAkBC,EAAMC,GACvCD,EAAKE,OAASD,EACdD,EAAKxkC,UAAY+J,OAAOw6B,OAAOE,EAAUzkC,UAAW,CAClDlB,YAAa,CACXuB,MAAOmkC,EACPG,YAAY,EACZl9B,UAAU,EACVm9B,cAAc,MAMH,SAAkBJ,EAAMC,GACvCD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAAS7kC,UAAYykC,EAAUzkC,UAC/BwkC,EAAKxkC,UAAY,IAAI6kC,EACrBL,EAAKxkC,UAAUlB,YAAc0lC,MCiBjC,OA9BA,SAAiBH,EAAKS,GACpB,GAAIjmC,MAAMW,QAAQ6kC,GAChB,OAAOA,EAAI3jC,QACb,IAAK2jC,EACH,MAAO,GACT,IAAIl2B,EAAM,GACV,GAAmB,iBAARk2B,EACT,GAAKS,GAUE,GAAY,QAARA,EAIT,KAHAT,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1BxgB,OAAS,GAAM,IACrBikC,EAAM,IAAMA,GACTpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAK,EAC/BkM,EAAItN,KAAKuO,SAASi1B,EAAIpiC,GAAKoiC,EAAIpiC,EAAI,GAAI,UAdzC,IAAK,IAAIA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAImZ,EAAIipB,EAAI7oB,WAAWvZ,GACnB8iC,EAAK3pB,GAAK,EACV4pB,EAAS,IAAJ5pB,EACL2pB,EACF52B,EAAItN,KAAKkkC,EAAIC,GAEb72B,EAAItN,KAAKmkC,QAUf,IAAK/iC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC1BkM,EAAIlM,GAAc,EAAToiC,EAAIpiC,GAEjB,OAAOkM,CACT,EASA,OANA,SAAek2B,GAEb,IADA,IAAIl2B,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,GAAO82B,GAAMZ,EAAIpiC,GAAGsJ,SAAS,KAC/B,OAAO4C,CACT,EAGA,SAAS+2B,GAAM/O,GAKb,OAJWA,IAAM,GACLA,IAAM,EAAK,MACXA,GAAK,EAAK,UACN,IAAJA,IAAa,MACV,CACjB,CAaA,OAVA,SAAiBkO,EAAKp1B,GAEpB,IADA,IAAId,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAIk0B,EAAIkO,EAAIpiC,GACG,WAAXgN,IACFknB,EAAI+O,GAAM/O,IACZhoB,GAAOg3B,GAAMhP,EAAE5qB,SAAS,KAE1B,OAAO4C,CACT,EAGA,SAAS82B,GAAMG,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EAENA,CACX,CAGA,SAASD,GAAMC,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EACU,IAAhBA,EAAKhlC,OACL,KAAOglC,EACS,IAAhBA,EAAKhlC,OACL,MAAQglC,EACQ,IAAhBA,EAAKhlC,OACL,OAASglC,EACO,IAAhBA,EAAKhlC,OACL,QAAUglC,EACM,IAAhBA,EAAKhlC,OACL,SAAWglC,EACK,IAAhBA,EAAKhlC,OACL,UAAYglC,EAEZA,CACX,CAiBA,OAdA,SAAgBf,EAAKzhC,EAAO2H,EAAK0E,GAC/B,IAAIF,EAAMxE,EAAM3H,EAChBuhC,GAAOp1B,EAAM,GAAM,GAEnB,IADA,IAAIZ,EAAUtP,MAAMkQ,EAAM,GACjB9M,EAAI,EAAGgZ,EAAIrY,EAAOX,EAAIkM,EAAI/N,OAAQ6B,IAAKgZ,GAAK,EAAG,CACtD,IAAIkb,EAEFA,EADa,QAAXlnB,EACGo1B,EAAIppB,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,EAAI,GAEjEopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,GAAOopB,EAAIppB,EAAI,IAAM,EAAKopB,EAAIppB,GACxE9M,EAAIlM,GAAKk0B,IAAM,EAEjB,OAAOhoB,CACT,EAqBA,OAlBA,SAAiBk2B,EAAKp1B,GAEpB,IADA,IAAId,EAAUtP,MAAmB,EAAbwlC,EAAIjkC,QACf6B,EAAI,EAAGgZ,EAAI,EAAGhZ,EAAIoiC,EAAIjkC,OAAQ6B,IAAKgZ,GAAK,EAAG,CAClD,IAAI7O,EAAIi4B,EAAIpiC,GACG,QAAXgN,GACFd,EAAI8M,GAAK7O,IAAM,GACf+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,EAAI,GAAS,IAAJ7O,IAEb+B,EAAI8M,EAAI,GAAK7O,IAAM,GACnB+B,EAAI8M,EAAI,GAAM7O,IAAM,GAAM,IAC1B+B,EAAI8M,EAAI,GAAM7O,IAAM,EAAK,IACzB+B,EAAI8M,GAAS,IAAJ7O,GAGb,OAAO+B,CACT,EA2HA,iBAvPmBk3B,6BAiDHH,oBAoBAD,SAoBAE,+BAsChB,SAAgBhP,EAAGlpB,GACjB,OAAQkpB,IAAMlpB,EAAMkpB,GAAM,GAAKlpB,CACjC,SAGA,SAAgBkpB,EAAGlpB,GACjB,OAAQkpB,GAAKlpB,EAAMkpB,IAAO,GAAKlpB,CACjC,QAGA,SAAeI,EAAGJ,GAChB,OAAQI,EAAIJ,IAAO,CACrB,UAGA,SAAiBI,EAAGJ,EAAGmO,GACrB,OAAQ/N,EAAIJ,EAAImO,IAAO,CACzB,UAGA,SAAiB/N,EAAGJ,EAAGmO,EAAGqM,GACxB,OAAQpa,EAAIJ,EAAImO,EAAIqM,IAAO,CAC7B,UAGA,SAAiBpa,EAAGJ,EAAGmO,EAAGqM,EAAGpkB,GAC3B,OAAQgK,EAAIJ,EAAImO,EAAIqM,EAAIpkB,IAAO,CACjC,QAGA,SAAe6c,EAAK/d,EAAKmjC,EAAIC,GAC3B,IAAIC,EAAKtlB,EAAI/d,GAGT6iC,EAAMO,EAFDrlB,EAAI/d,EAAM,KAEI,EACnB4iC,GAAMC,EAAKO,EAAK,EAAI,GAAKD,EAAKE,EAClCtlB,EAAI/d,GAAO4iC,IAAO,EAClB7kB,EAAI/d,EAAM,GAAK6iC,CACjB,WAGA,SAAkBM,EAAIC,EAAIC,EAAIC,GAG5B,OAFUF,EAAKE,IAAQ,EACRF,EAAK,EAAI,GAAKD,EAAKE,IACpB,CAChB,WAGA,SAAkBF,EAAIC,EAAIC,EAAIC,GAE5B,OADSF,EAAKE,IACA,CAChB,aAGA,SAAoBH,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC9C,IAAIC,EAAQ,EACRd,EAAKO,EAST,OAPAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAIdL,EAAKE,EAAKE,EAAKE,GAFxBE,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAE9C,OADSN,EAAKE,EAAKE,EAAKE,IACV,CAChB,aAGA,SAAoBP,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GACtD,IAAIF,EAAQ,EACRd,EAAKO,EAWT,OATAO,IADAd,EAAMA,EAAKS,IAAQ,GACLF,EAAK,EAAI,EAEvBO,IADAd,EAAMA,EAAKW,IAAQ,GACLA,EAAK,EAAI,EAEvBG,IADAd,EAAMA,EAAKa,IAAQ,GACLA,EAAK,EAAI,EAIdP,EAAKE,EAAKE,EAAKE,EAAKG,GAF7BD,IADAd,EAAMA,EAAKgB,IAAQ,GACLA,EAAK,EAAI,KAGT,CAChB,aAGA,SAAoBV,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,EAAIC,GAGtD,OAFST,EAAKE,EAAKE,EAAKE,EAAKG,IAEf,CAChB,YAGA,SAAmBV,EAAIC,EAAIU,GAEzB,OADSV,GAAO,GAAKU,EAASX,IAAOW,KACxB,CACf,YAGA,SAAmBX,EAAIC,EAAIU,GAEzB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,WAGA,SAAkBX,EAAIC,EAAIU,GACxB,OAAOX,IAAOW,CAChB,WAGA,SAAkBX,EAAIC,EAAIU,GAExB,OADSX,GAAO,GAAKW,EAASV,IAAOU,KACxB,CACf,GCtPA,SAASC,KACPlnC,KAAKmnC,QAAU,KACfnnC,KAAKonC,aAAe,EACpBpnC,KAAKgzB,UAAYhzB,KAAKF,YAAYkzB,UAClChzB,KAAKqnC,QAAUrnC,KAAKF,YAAYunC,QAChCrnC,KAAKsnC,aAAetnC,KAAKF,YAAYwnC,aACrCtnC,KAAKy0B,UAAYz0B,KAAKF,YAAY20B,UAAY,EAC9Cz0B,KAAKiQ,OAAS,MAEdjQ,KAAKunC,QAAUvnC,KAAKgzB,UAAY,EAChChzB,KAAKwnC,SAAWxnC,KAAKgzB,UAAY,EACnC,CACA,OAAoBkU,GAEpBA,GAAUlmC,UAAUymC,OAAS,SAAgBpC,EAAKS,GAUhD,GARAT,EAAMqC,GAAMC,QAAQtC,EAAKS,GACpB9lC,KAAKmnC,QAGRnnC,KAAKmnC,QAAUnnC,KAAKmnC,QAAQ3gC,OAAO6+B,GAFnCrlC,KAAKmnC,QAAU9B,EAGjBrlC,KAAKonC,cAAgB/B,EAAIjkC,OAGrBpB,KAAKmnC,QAAQ/lC,QAAUpB,KAAKunC,QAAS,CAIvC,IAAI55B,GAHJ03B,EAAMrlC,KAAKmnC,SAGC/lC,OAASpB,KAAKunC,QAC1BvnC,KAAKmnC,QAAU9B,EAAI3jC,MAAM2jC,EAAIjkC,OAASuM,EAAG03B,EAAIjkC,QACjB,IAAxBpB,KAAKmnC,QAAQ/lC,SACfpB,KAAKmnC,QAAU,MAEjB9B,EAAMqC,GAAME,OAAOvC,EAAK,EAAGA,EAAIjkC,OAASuM,EAAG3N,KAAKiQ,QAChD,IAAK,IAAIhN,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAKjD,KAAKwnC,SACxCxnC,KAAK6nC,QAAQxC,EAAKpiC,EAAGA,EAAIjD,KAAKwnC,UAGlC,OAAOxnC,IACT,EAEAknC,GAAUlmC,UAAU8mC,OAAS,SAAgBhC,GAI3C,OAHA9lC,KAAKynC,OAAOznC,KAAK+nC,QACjB5C,GAAwB,OAAjBnlC,KAAKmnC,SAELnnC,KAAKgoC,QAAQlC,EACtB,EAEAoB,GAAUlmC,UAAU+mC,KAAO,WACzB,IAAIh4B,EAAM/P,KAAKonC,aACXlgC,EAAQlH,KAAKunC,QACbtrB,EAAI/U,GAAU6I,EAAM/P,KAAKy0B,WAAavtB,EACtCiI,EAAUtP,MAAMoc,EAAIjc,KAAKy0B,WAC7BtlB,EAAI,GAAK,IACT,IAAK,IAAIlM,EAAI,EAAGA,EAAIgZ,EAAGhZ,IACrBkM,EAAIlM,GAAK,EAIX,GADA8M,IAAQ,EACY,QAAhB/P,KAAKiQ,OAAkB,CACzB,IAAK,IAAIgO,EAAI,EAAGA,EAAIje,KAAKy0B,UAAWxW,IAClC9O,EAAIlM,KAAO,EAEbkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,EAAK,IACzBZ,EAAIlM,KAAa,IAAN8M,OAWX,IATAZ,EAAIlM,KAAa,IAAN8M,EACXZ,EAAIlM,KAAQ8M,IAAQ,EAAK,IACzBZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAQ8M,IAAQ,GAAM,IAC1BZ,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EACXkM,EAAIlM,KAAO,EAENgb,EAAI,EAAGA,EAAIje,KAAKy0B,UAAWxW,IAC9B9O,EAAIlM,KAAO,EAGf,OAAOkM,CACT,wBCxFI84B,GAASP,GAAMO,OAUnB,OARA,SAAcpqB,EAAG/Q,EAAGoB,EAAGg6B,GACrB,OAAU,IAANrqB,EACKsqB,GAAKr7B,EAAGoB,EAAGg6B,GACV,IAANrqB,GAAiB,IAANA,EACNuqB,GAAIt7B,EAAGoB,EAAGg6B,GACT,IAANrqB,EACKwqB,GAAMv7B,EAAGoB,EAAGg6B,QADrB,CAEF,EAGA,SAASC,GAAKr7B,EAAGoB,EAAGg6B,GAClB,OAAQp7B,EAAIoB,GAAQpB,EAAKo7B,CAC3B,CAGA,SAASG,GAAMv7B,EAAGoB,EAAGg6B,GACnB,OAAQp7B,EAAIoB,EAAMpB,EAAIo7B,EAAMh6B,EAAIg6B,CAClC,CAGA,SAASE,GAAIt7B,EAAGoB,EAAGg6B,GACjB,OAAOp7B,EAAIoB,EAAIg6B,CACjB,CAqBA,qBA9BeC,SAKCE,OAKFD,UAEd,SAAgBt7B,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,GAClD,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,GAAKm7B,GAAOn7B,EAAG,IAAOA,IAAM,CAC/C,SAGA,SAAgBA,GACd,OAAOm7B,GAAOn7B,EAAG,IAAMm7B,GAAOn7B,EAAG,IAAOA,IAAM,EAChD,GCxCIw7B,GAAQZ,GAAMY,MACdC,GAAUb,GAAMa,QAChBC,GAAUd,GAAMc,QAChBL,GAAOM,GAAUN,KACjBE,GAAQI,GAAUJ,MAClBK,GAASD,GAAUC,OACnBC,GAASF,GAAUE,OACnBC,GAASH,GAAUG,OACnBC,GAASJ,GAAUI,OAEnB3B,GAAY4B,GAAO5B,UAEnB6B,GAAW,CACb,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,YAGtC,SAASC,KACP,KAAMhpC,gBAAgBgpC,IACpB,OAAO,IAAIA,GAEb9B,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,YAEtCnc,KAAKic,EAAI8sB,GACT/oC,KAAKipC,EAAQppC,MAAM,GACrB,CACA6nC,GAAMrB,SAAS2C,GAAQ9B,IACvB,OAAiB8B,GC9CjB,SAASE,KACP,KAAMlpC,gBAAgBkpC,IACpB,OAAO,IAAIA,GAEbF,GAAOloC,KAAKd,MACZA,KAAKmc,EAAI,CACP,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACxC,CDwCA6sB,GAAOhW,UAAY,IACnBgW,GAAO3B,QAAU,IACjB2B,GAAO1B,aAAe,IACtB0B,GAAOvU,UAAY,GAEnBuU,GAAOhoC,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAG/C,IAFA,IAAIqlC,EAAIjpC,KAAKipC,EAEJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GACrB,KAAOA,EAAIgmC,EAAE7nC,OAAQ6B,IACnBgmC,EAAEhmC,GAAKslC,GAAQM,GAAOI,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,GAAI2lC,GAAOK,EAAEhmC,EAAI,KAAMgmC,EAAEhmC,EAAI,KAEtE,IAAIoL,EAAIrO,KAAKmc,EAAE,GACXlO,EAAIjO,KAAKmc,EAAE,GACXC,EAAIpc,KAAKmc,EAAE,GACXsM,EAAIzoB,KAAKmc,EAAE,GACX9X,EAAIrE,KAAKmc,EAAE,GACXuoB,EAAI1kC,KAAKmc,EAAE,GACXwoB,EAAI3kC,KAAKmc,EAAE,GACXA,EAAInc,KAAKmc,EAAE,GAGf,IADAgpB,GAAOnlC,KAAKic,EAAE7a,SAAW6nC,EAAE7nC,QACtB6B,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,IAAK,CAC7B,IAAIkmC,EAAKX,GAAQrsB,EAAGwsB,GAAOtkC,GAAI8jC,GAAK9jC,EAAGqgC,EAAGC,GAAI3kC,KAAKic,EAAEhZ,GAAIgmC,EAAEhmC,IACvDmmC,EAAKd,GAAMI,GAAOr6B,GAAIg6B,GAAMh6B,EAAGJ,EAAGmO,IACtCD,EAAIwoB,EACJA,EAAID,EACJA,EAAIrgC,EACJA,EAAIikC,GAAM7f,EAAG0gB,GACb1gB,EAAIrM,EACJA,EAAInO,EACJA,EAAII,EACJA,EAAIi6B,GAAMa,EAAIC,GAGhBppC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9N,GAC7BrO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIlO,GAC7BjO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIC,GAC7Bpc,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIsM,GAC7BzoB,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9X,GAC7BrE,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIuoB,GAC7B1kC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIwoB,GAC7B3kC,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIA,EAC/B,EAEA6sB,GAAOhoC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,EC1FAurB,GAAMrB,SAAS6C,GAAQF,IACvB,OAAiBE,GAEjBA,GAAOlW,UAAY,IACnBkW,GAAO7B,QAAU,IACjB6B,GAAO5B,aAAe,IACtB4B,GAAOzU,UAAY,GAEnByU,GAAOloC,UAAUgnC,QAAU,SAAgBlC,GAEzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAEza,MAAM,EAAG,GAAI,OAElCgmC,GAAM4B,QAAQtpC,KAAKmc,EAAEza,MAAM,EAAG,GAAI,MAC7C,ECtBA,IAAI6nC,GAAY7B,GAAM6B,UAClBC,GAAY9B,GAAM8B,UAClBC,GAAW/B,GAAM+B,SACjBC,GAAWhC,GAAMgC,SACjBC,GAAQjC,GAAMiC,MACdC,GAAWlC,GAAMkC,SACjBC,GAAWnC,GAAMmC,SACjBC,GAAapC,GAAMoC,WACnBC,GAAarC,GAAMqC,WACnBC,GAAatC,GAAMsC,WACnBC,GAAavC,GAAMuC,WAEnB/C,GAAY4B,GAAO5B,UAEnBgD,GAAW,CACb,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,KACP,KAAMnqC,gBAAgBmqC,IACpB,OAAO,IAAIA,GAEbjD,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACdnc,KAAKic,EAAIiuB,GACTlqC,KAAKipC,EAAQppC,MAAM,IACrB,CACA6nC,GAAMrB,SAAS8D,GAAQjD,IACvB,OAAiBiD,GAsIjB,SAASC,GAAQC,EAAIC,EAAIC,EAAIC,EAAIC,GAC/B,IAAI98B,EAAK08B,EAAKE,GAASF,EAAMI,EAG7B,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS+8B,GAAQL,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACnC,IAAIh9B,EAAK28B,EAAKE,GAASF,EAAMK,EAG7B,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASi9B,GAASP,EAAIC,EAAIC,EAAIC,EAAIC,GAChC,IAAI98B,EAAK08B,EAAKE,EAAOF,EAAKI,EAAOF,EAAKE,EAGtC,OAFI98B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASk9B,GAASR,EAAIC,EAAIC,EAAIC,EAAIC,EAAIE,GACpC,IAAIh9B,EAAK28B,EAAKE,EAAOF,EAAKK,EAAOH,EAAKG,EAGtC,OAFIh9B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASm9B,GAAUT,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAClBd,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASo9B,GAAUV,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAClBb,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASq9B,GAAUX,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASs9B,GAAUZ,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,GAK9B,OAFI18B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASu9B,GAAUb,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,GAClBf,GAAUc,EAAIC,EAAI,GAClBb,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASw9B,GAAUd,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,GAClBd,GAAUa,EAAIC,EAAI,GAClBZ,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAASy9B,GAAUf,EAAIC,GACrB,IAII38B,EAJQ47B,GAAUc,EAAIC,EAAI,IAClBf,GAAUe,EAAID,EAAI,IAClBZ,GAASY,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CAEA,SAAS09B,GAAUhB,EAAIC,GACrB,IAII38B,EAJQ67B,GAAUa,EAAIC,EAAI,IAClBd,GAAUc,EAAID,EAAI,IAClBX,GAASW,EAAIC,EAAI,GAK7B,OAFI38B,EAAI,IACNA,GAAK,YACAA,CACT,CCnUA,SAAS29B,KACP,KAAMtrC,gBAAgBsrC,IACpB,OAAO,IAAIA,GAEbnB,GAAOrpC,KAAKd,MACZA,KAAKmc,EAAI,CACP,WAAY,WACZ,WAAY,UACZ,WAAY,UACZ,UAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WACZ,WAAY,WAChB,CD+DAguB,GAAOnX,UAAY,KACnBmX,GAAO9C,QAAU,IACjB8C,GAAO7C,aAAe,IACtB6C,GAAO1V,UAAY,IAEnB0V,GAAOnpC,UAAUuqC,cAAgB,SAAuBlG,EAAKzhC,GAI3D,IAHA,IAAIqlC,EAAIjpC,KAAKipC,EAGJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GACrB,KAAOA,EAAIgmC,EAAE7nC,OAAQ6B,GAAK,EAAG,CAC3B,IAAIuoC,EAAQJ,GAAUnC,EAAEhmC,EAAI,GAAIgmC,EAAEhmC,EAAI,IAClCwoC,EAAQJ,GAAUpC,EAAEhmC,EAAI,GAAIgmC,EAAEhmC,EAAI,IAClCyoC,EAAQzC,EAAEhmC,EAAI,IACd0oC,EAAQ1C,EAAEhmC,EAAI,IACd2oC,EAAQV,GAAUjC,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,KACnC4oC,EAAQV,GAAUlC,EAAEhmC,EAAI,IAAKgmC,EAAEhmC,EAAI,KACnC6oC,EAAQ7C,EAAEhmC,EAAI,IACd8oC,EAAQ9C,EAAEhmC,EAAI,IAElBgmC,EAAEhmC,GAAK6mC,GACL0B,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GACT9C,EAAEhmC,EAAI,GAAK8mC,GACTyB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,GAEb,EAEA5B,GAAOnpC,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAC/C5D,KAAKurC,cAAclG,EAAKzhC,GAExB,IAAIqlC,EAAIjpC,KAAKipC,EAET3C,EAAKtmC,KAAKmc,EAAE,GACZoqB,EAAKvmC,KAAKmc,EAAE,GACZqqB,EAAKxmC,KAAKmc,EAAE,GACZsqB,EAAKzmC,KAAKmc,EAAE,GACZuqB,EAAK1mC,KAAKmc,EAAE,GACZwqB,EAAK3mC,KAAKmc,EAAE,GACZyqB,EAAK5mC,KAAKmc,EAAE,GACZ0qB,EAAK7mC,KAAKmc,EAAE,GACZ4qB,EAAK/mC,KAAKmc,EAAE,GACZ6qB,EAAKhnC,KAAKmc,EAAE,GACZ6vB,EAAKhsC,KAAKmc,EAAE,IACZ8vB,EAAKjsC,KAAKmc,EAAE,IACZ+vB,EAAKlsC,KAAKmc,EAAE,IACZgwB,EAAKnsC,KAAKmc,EAAE,IACZiwB,EAAKpsC,KAAKmc,EAAE,IACZkwB,EAAKrsC,KAAKmc,EAAE,IAEhBgpB,GAAOnlC,KAAKic,EAAE7a,SAAW6nC,EAAE7nC,QAC3B,IAAK,IAAI6B,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,GAAK,EAAG,CACpC,IAAIuoC,EAAQY,EACRX,EAAQY,EACRX,EAAQV,GAAUjE,EAAIC,GACtB2E,EAAQV,GAAUlE,EAAIC,GACtB4E,EAAQxB,GAAQrD,EAAIC,EAAIgF,EAAIC,EAAIC,GAChCL,EAAQnB,GAAQ3D,EAAIC,EAAIgF,EAAIC,EAAIC,EAAIC,GACpCL,EAAQ9rC,KAAKic,EAAEhZ,GACf8oC,EAAQ/rC,KAAKic,EAAEhZ,EAAI,GACnBqpC,EAAQrD,EAAEhmC,GACVspC,EAAQtD,EAAEhmC,EAAI,GAEdupC,EAAQxC,GACVwB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GACLE,EAAQxC,GACVuB,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPO,EAAOC,GAETf,EAAQV,GAAUxE,EAAIC,GACtBkF,EAAQV,GAAUzE,EAAIC,GACtBmF,EAAQd,GAAStE,EAAIC,EAAIC,EAAIC,EAAIC,GACjCiF,EAAQd,GAASvE,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAErC,IAAI+F,EAAQ9C,GAAS4B,EAAOC,EAAOC,EAAOC,GACtCgB,EAAQ9C,GAAS2B,EAAOC,EAAOC,EAAOC,GAE1CS,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKjF,EACLkF,EAAKjF,EAELD,EAAK6C,GAAShD,EAAIC,EAAI2F,EAAOC,GAC7BzF,EAAK6C,GAAShD,EAAIA,EAAI2F,EAAOC,GAE7B7F,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKF,EACLG,EAAKF,EAELD,EAAKsD,GAAS4C,EAAOC,EAAOC,EAAOC,GACnCpG,EAAKsD,GAAS2C,EAAOC,EAAOC,EAAOC,GAGrChD,GAAM3pC,KAAKmc,EAAG,EAAGmqB,EAAIC,GACrBoD,GAAM3pC,KAAKmc,EAAG,EAAGqqB,EAAIC,GACrBkD,GAAM3pC,KAAKmc,EAAG,EAAGuqB,EAAIC,GACrBgD,GAAM3pC,KAAKmc,EAAG,EAAGyqB,EAAIC,GACrB8C,GAAM3pC,KAAKmc,EAAG,EAAG4qB,EAAIC,GACrB2C,GAAM3pC,KAAKmc,EAAG,GAAI6vB,EAAIC,GACtBtC,GAAM3pC,KAAKmc,EAAG,GAAI+vB,EAAIC,GACtBxC,GAAM3pC,KAAKmc,EAAG,GAAIiwB,EAAIC,EACxB,EAEAlC,GAAOnpC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,EChMAurB,GAAMrB,SAASiF,GAAQnB,IACvB,OAAiBmB,GAEjBA,GAAOtY,UAAY,KACnBsY,GAAOjE,QAAU,IACjBiE,GAAOhE,aAAe,IACtBgE,GAAO7W,UAAY,IAEnB6W,GAAOtqC,UAAUgnC,QAAU,SAAgBlC,GACzC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAEza,MAAM,EAAG,IAAK,OAEnCgmC,GAAM4B,QAAQtpC,KAAKmc,EAAEza,MAAM,EAAG,IAAK,MAC9C,EC7BA,IAAIkrC,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACduE,GAAUnF,GAAMmF,QAChBtE,GAAUb,GAAMa,QAChBrB,GAAY4B,GAAO5B,UAEvB,SAAS4F,KACP,KAAM9sC,gBAAgB8sC,IACpB,OAAO,IAAIA,GAEb5F,GAAUpmC,KAAKd,MAEfA,KAAKmc,EAAI,CAAE,WAAY,WAAY,WAAY,UAAY,YAC3Dnc,KAAKiQ,OAAS,QAChB,CACAy3B,GAAMrB,SAASyG,GAAW5F,IAC1B,OAAoB4F,GAuDpB,SAASpI,GAAE/nB,EAAG7P,EAAGoB,EAAGg6B,GAClB,OAAIvrB,GAAK,GACA7P,EAAIoB,EAAIg6B,EACRvrB,GAAK,GACJ7P,EAAIoB,GAAQpB,EAAKo7B,EAClBvrB,GAAK,IACJ7P,GAAMoB,GAAMg6B,EACbvrB,GAAK,GACJ7P,EAAIo7B,EAAMh6B,GAAMg6B,EAEjBp7B,GAAKoB,GAAMg6B,EACtB,CAEA,SAAS6E,GAAEpwB,GACT,OAAIA,GAAK,GACA,EACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,UACX,CAEA,SAASqwB,GAAGrwB,GACV,OAAIA,GAAK,GACA,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WACAA,GAAK,GACL,WAEA,CACX,CA1FAmwB,GAAU9Z,UAAY,IACtB8Z,GAAUzF,QAAU,IACpByF,GAAUxF,aAAe,IACzBwF,GAAUrY,UAAY,GAEtBqY,GAAU9rC,UAAU6mC,QAAU,SAAgBxC,EAAKzhC,GAWjD,IAVA,IAAIqpC,EAAIjtC,KAAKmc,EAAE,GACX+wB,EAAIltC,KAAKmc,EAAE,GACX0W,EAAI7yB,KAAKmc,EAAE,GACXgxB,EAAIntC,KAAKmc,EAAE,GACXixB,EAAIptC,KAAKmc,EAAE,GACXkxB,EAAKJ,EACLK,EAAKJ,EACLK,EAAK1a,EACL2a,EAAKL,EACLM,EAAKL,EACAzwB,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAC3B,IAAI+wB,EAAIpF,GACNsE,GACErE,GAAQ0E,EAAGvI,GAAE/nB,EAAGuwB,EAAGra,EAAGsa,GAAI9H,EAAI13B,GAAEgP,GAAK/Y,GAAQmpC,GAAEpwB,IAC/CkB,GAAElB,IACJywB,GACFH,EAAIG,EACJA,EAAID,EACJA,EAAIP,GAAO/Z,EAAG,IACdA,EAAIqa,EACJA,EAAIQ,EACJA,EAAIpF,GACFsE,GACErE,GAAQ8E,EAAI3I,GAAE,GAAK/nB,EAAG2wB,EAAIC,EAAIC,GAAKnI,EAAIsI,GAAGhxB,GAAK/Y,GAAQopC,GAAGrwB,IAC1DixB,GAAGjxB,IACL8wB,GACFJ,EAAKI,EACLA,EAAKD,EACLA,EAAKZ,GAAOW,EAAI,IAChBA,EAAKD,EACLA,EAAKI,EAEPA,EAAIb,GAAQ7sC,KAAKmc,EAAE,GAAI0W,EAAG2a,GAC1BxtC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAIgxB,EAAGM,GAClCztC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAIixB,EAAGC,GAClCrtC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAI8wB,EAAGK,GAClCttC,KAAKmc,EAAE,GAAK0wB,GAAQ7sC,KAAKmc,EAAE,GAAI+wB,EAAGK,GAClCvtC,KAAKmc,EAAE,GAAKuxB,CACd,EAEAZ,GAAU9rC,UAAUgnC,QAAU,SAAgBlC,GAC5C,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,UAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,SACjC,EAyCA,IAAIxO,GAAI,CACN,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,IAGhDggC,GAAK,CACP,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAClD,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAClD,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,IAGhD9vB,GAAI,CACN,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EACrD,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GACpD,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GACpD,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,GAGnD+vB,GAAK,CACP,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EACrD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GACpD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,GAAI,EAAG,EACrD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EACrD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,sBC1HtD,SAASC,GAAS/gC,EAAGmP,GACnB,IAAI5N,EAAIvB,EAAE,GACNmB,EAAInB,EAAE,GACNsP,EAAItP,EAAE,GACN2b,EAAI3b,EAAE,GAEVuB,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,OAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAIy/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAIqlB,GAAGrlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAI0xB,GAAG1xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAI6/B,GAAG7/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAE9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,EAAG,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,WAC/BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAC9B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,WAC5BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,GAAI,YAC9BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,YAC7B5N,EAAI0/B,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,GAAI,YAC9BwM,EAAIslB,GAAGtlB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,UAC7BG,EAAI2xB,GAAG3xB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,YAC7BhO,EAAI8/B,GAAG9/B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAE/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,QAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,YAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,UAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,YAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,IAAK,YAC/B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,WAC9BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,GAAI,UAC7B5N,EAAI+9B,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI2jB,GAAG3jB,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,WAC/BG,EAAIgwB,GAAGhwB,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,GAAI,WAC9BhO,EAAIm+B,GAAGn+B,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,GAAI,YAC7BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,YAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,UAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,IAAK,EAAG,YAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,GAAI,IAAK,YAC9BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,IAAK,IAAK,SAC/BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,EAAG,YAC5BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,UAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,IAAK,YAC9BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,IAAK,GAAI,YAC9B5N,EAAIitB,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAGxM,EAAE,GAAI,GAAI,WAC7BwM,EAAI6S,GAAG7S,EAAGpa,EAAGJ,EAAGmO,EAAGH,EAAE,IAAK,IAAK,YAC/BG,EAAIkf,GAAGlf,EAAGqM,EAAGpa,EAAGJ,EAAGgO,EAAE,GAAI,GAAI,WAC7BhO,EAAIqtB,GAAGrtB,EAAGmO,EAAGqM,EAAGpa,EAAG4N,EAAE,GAAI,IAAK,WAE9BnP,EAAE,GAAKkhC,GAAM3/B,EAAGvB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM//B,EAAGnB,EAAE,IAClBA,EAAE,GAAKkhC,GAAM5xB,EAAGtP,EAAE,IAClBA,EAAE,GAAKkhC,GAAMvlB,EAAG3b,EAAE,GACpB,CAEA,SAASmhC,GAAI3/B,EAAGD,EAAGJ,EAAGnB,EAAG+Q,EAAGI,GAE1B,OADA5P,EAAI2/B,GAAMA,GAAM3/B,EAAGC,GAAI0/B,GAAMlhC,EAAGmR,IACzB+vB,GAAO3/B,GAAKwP,EAAMxP,IAAO,GAAKwP,EAAK5P,EAC5C,CAEA,SAAS6/B,GAAGz/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAImO,GAAQnO,EAAKwa,EAAIpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAAS8vB,GAAG1/B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAKhgC,EAAIwa,EAAMrM,GAAMqM,EAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EAC/C,CAEA,SAASmuB,GAAG/9B,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAIhgC,EAAImO,EAAIqM,EAAGpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACpC,CAEA,SAASqd,GAAGjtB,EAAGJ,EAAGmO,EAAGqM,EAAG3b,EAAG+Q,EAAGI,GAC5B,OAAOgwB,GAAI7xB,GAAKnO,GAAMwa,GAAKpa,EAAGJ,EAAGnB,EAAG+Q,EAAGI,EACzC,CAyCA,SAASiwB,GAAOrwB,GACd,MAAMswB,EAAU,GAChB,IAAIlrC,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBkrC,EAAQlrC,GAAK,GAAK4a,EAAErB,WAAWvZ,IAAM4a,EAAErB,WAAWvZ,EAAI,IAAM,IAAM4a,EAAErB,WAAWvZ,EAAI,IAAM,KAAO4a,EAAErB,WAAWvZ,EAAI,IAC/G,IAEJ,OAAOkrC,CACT,CAEA,MAAMC,GAAU,mBAAmBruB,MAAM,IAEzC,SAASsuB,GAAKjiC,GACZ,IAAIyR,EAAI,GACJlB,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZkB,GAAKuwB,GAAShiC,GAAU,EAAJuQ,EAAQ,EAAM,IAAQyxB,GAAShiC,GAAU,EAAJuQ,EAAU,IAErE,OAAOkB,CACT,CAeA,SAASmwB,GAAM3/B,EAAGJ,GAChB,OAAQI,EAAIJ,EAAK,UACnB,CClLA,MAAMqgC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClB2vB,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAAS10B,GAChB,GAAKu0B,IAAeC,GAAiBhtB,SAASxH,GAG9C,OAAO7Y,eAAgB2I,GACrB,MAAM6kC,EAASJ,GAAWK,WAAW50B,GACrC,OAAOuC,EAAiBzS,GAAMzI,IAC5BstC,EAAOlH,OAAOpmC,EAAM,IACnB,IAAM,IAAIwB,WAAW8rC,EAAO7G,YAEnC,CAEA,SAAS+G,GAAW76B,EAAM86B,GACxB,OAAO3tC,eAAe2I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,KAE3BsQ,EAAK5X,SAASsH,IAASwkC,IAAaQ,GAAiBhlC,EAAK1I,QAAUqjB,EAAOpB,qBAC9E,OAAO,IAAIxgB,iBAAiByrC,GAAUxG,OAAOgH,EAAehlC,IAE9D,MAAMilC,EAAe/6B,IACrB,OAAOuI,EAAiBzS,GAAMzI,IAC5B0tC,EAAatH,OAAOpmC,EAAM,IACzB,IAAM,IAAIwB,WAAWksC,EAAajH,YAEzC,CAEA,SAASkH,GAAch7B,EAAM86B,GAC3B,OAAO3tC,eAAe2I,EAAM2a,EAASsB,IAInC,GAHIgB,EAAqBjd,KACvBA,QAAa6c,EAAiB7c,IAE5BsQ,EAAK5X,SAASsH,GAAO,CACvB,MAAMilC,EAAe,IAAI/6B,EACzB,OAAOuI,EAAiBzS,GAAMzI,IAC5B0tC,EAAa1sC,QAAQhB,EAAM,IAC1B,IAAM0tC,EAAanlC,SAASnI,SAC1B,OAAI6sC,IAAaQ,GAAiBhlC,EAAK1I,QAAUqjB,EAAOpB,qBACtD,IAAIxgB,iBAAiByrC,GAAUxG,OAAOgH,EAAehlC,IAErDkK,EAAK9M,MAAM4C,GAGxB,CAEA,MAAMmlC,GAAgB,CACpBh7B,IAAKy6B,GAAS,QDrDhBvtC,eAAmB+tC,GACjB,MAAMpH,EAyGR,SAAcjqB,GACZ,MAAMzR,EAAIyR,EAAEzc,OACN+tC,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIlsC,EACJ,IAAKA,EAAI,GAAIA,GAAK4a,EAAEzc,OAAQ6B,GAAK,GAC/B4qC,GAASsB,EAAOjB,GAAOrwB,EAAEuxB,UAAUnsC,EAAI,GAAIA,KAE7C4a,EAAIA,EAAEuxB,UAAUnsC,EAAI,IACpB,MAAMosC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKpsC,EAAI,EAAGA,EAAI4a,EAAEzc,OAAQ6B,IACxBosC,EAAKpsC,GAAK,IAAM4a,EAAErB,WAAWvZ,KAAQA,EAAI,GAAM,GAGjD,GADAosC,EAAKpsC,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADA4qC,GAASsB,EAAOE,GACXpsC,EAAI,EAAGA,EAAI,GAAIA,IAClBosC,EAAKpsC,GAAK,EAKd,OAFAosC,EAAK,IAAU,EAAJjjC,EACXyhC,GAASsB,EAAOE,GACTF,CACT,CA/HiBG,CAAKl1B,EAAKqC,mBAAmByyB,IAC5C,OAAO90B,EAAK4B,gBAoKd,SAAalP,GACX,IAAK,IAAI7J,EAAI,EAAGA,EAAI6J,EAAE1L,OAAQ6B,IAC5B6J,EAAE7J,GAAKorC,GAAKvhC,EAAE7J,IAEhB,OAAO6J,EAAEtL,KAAK,GAChB,CAzK8B6K,CAAIy7B,GAClC,ECmDE5zB,KAAMw6B,GAAS,SAAWM,GAAcpL,GAAM,SAC9CrvB,OAAQm6B,GAAS,WAAaG,GAAWt6B,IACzCH,OAAQs6B,GAAS,WAAaM,GAAchL,GAAQ,WACpD3vB,OAAQq6B,GAAS,WAAaG,GAAWx6B,GAAQ,WACjDC,OAAQo6B,GAAS,WAAaG,GAAWv6B,GAAQ,WACjDH,OAAQu6B,GAAS,cAAgBG,GAAWU,KAG9C,OAAe,CAGbt7B,IAAKg7B,GAAch7B,IAEnBC,KAAM+6B,GAAc/6B,KAEpBK,OAAQ06B,GAAc16B,OAEtBH,OAAQ66B,GAAc76B,OAEtBC,OAAQ46B,GAAc56B,OAEtBC,OAAQ26B,GAAc36B,OAEtBH,OAAQ86B,GAAc96B,OAQtB2zB,OAAQ,SAAS0H,EAAM1lC,GACrB,OAAQ0lC,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAOjU,KAAKiU,IAAInK,GAClB,KAAKiX,EAAM/M,KAAKE,KACd,OAAOlU,KAAKkU,KAAKpK,GACnB,KAAKiX,EAAM/M,KAAKG,OACd,OAAOnU,KAAKmU,OAAOrK,GACrB,KAAKiX,EAAM/M,KAAKI,OACd,OAAOpU,KAAKoU,OAAOtK,GACrB,KAAKiX,EAAM/M,KAAKK,OACd,OAAOrU,KAAKqU,OAAOvK,GACrB,KAAKiX,EAAM/M,KAAKM,OACd,OAAOtU,KAAKsU,OAAOxK,GACrB,KAAKiX,EAAM/M,KAAKO,OACd,OAAOvU,KAAKuU,OAAOzK,GACrB,QACE,MAAU5G,MAAM,4BAStBusC,kBAAmB,SAASD,GAC1B,OAAQA,GACN,KAAKzuB,EAAM/M,KAAKC,IACd,OAAO,GACT,KAAK8M,EAAM/M,KAAKE,KAChB,KAAK6M,EAAM/M,KAAKG,OACd,OAAO,GACT,KAAK4M,EAAM/M,KAAKI,OACd,OAAO,GACT,KAAK2M,EAAM/M,KAAKK,OACd,OAAO,GACT,KAAK0M,EAAM/M,KAAKM,OACd,OAAO,GACT,KAAKyM,EAAM/M,KAAKO,OACd,OAAO,GACT,QACE,MAAUrR,MAAM,8BC9IjB,MAAMwsC,GACT/nB,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIwB,QAAQ5oB,GAExC6d,eAAe7d,EAAM8M,EAAKsa,GACtB,OAAO,IAAIwe,GAAQ94B,EAAKsa,GAAIyB,QAAQ7oB,GAExChK,YAAY8W,EAAKsa,EAAI0B,GACjB5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,GAAI,EAAM,cACvClxB,KAAK4yB,IAAIzB,QAEpBuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCXb,SAASqd,GAAUH,GAChC,MAAMI,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,OAAO3hB,GAAO+hB,EAChB,CCkBA,MAAMtB,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBgxB,GAAatB,GAAaA,GAAWuB,aAAe,GACpDC,GAAY,CAChB58B,KAAM08B,GAAWruB,SAAS,YAAc,gBAAavgB,EACrDmS,UAAWy8B,GAAWruB,SAAS,gBAAkB,oBAAiBvgB,EAClEoS,MAAOw8B,GAAWruB,SAAS,aAAe,iBAAcvgB,EACxDqS,SAAUu8B,GAAWruB,SAAS,UAAY,cAAWvgB,EACrDsS,OAAQs8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,EAC7DuS,OAAQq8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,EAC7DwS,OAAQo8B,GAAWruB,SAAS,eAAiB,mBAAgBvgB,6DAaxDE,eAAuBquC,EAAM54B,EAAK1D,EAAWge,EAAIzM,GACtD,MAAMmrB,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OAiHJ,SAAqBJ,EAAM54B,EAAKo5B,EAAI9e,GAClC,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GACvCS,EAAY,IAAI1B,GAAW2B,eAAeH,GAAUH,GAAWh5B,EAAKsa,GAC1E,OAAO3U,EAAiByzB,GAAI3uC,GAAS,IAAIwB,WAAWotC,EAAUxI,OAAOpmC,KACvE,CArHW8uC,CAAYX,EAAM54B,EAAK1D,EAAWge,GAE3C,GAAI9W,EAAKyG,MAAM2uB,GACb,OAwEJ,SAAoBA,EAAM54B,EAAKo5B,EAAI9e,EAAIzM,GACrC,GACErK,EAAKoE,gBACU,KAAf5H,EAAIxV,SACHgZ,EAAK5X,SAASwtC,IACfA,EAAG5uC,QAAU,IAAOqjB,EAAOpB,qBAE3B,OAqBJliB,eAA0BquC,EAAM54B,EAAKo5B,EAAI9e,GACvC,MAAMkf,EAAO,UACPC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,IAAQ,EAAO,CAAC,aACrEpd,UAAEA,GAAc2c,GAAUH,GAC1Be,EAASn2B,EAAKtX,iBAAiB,CAAC,IAAID,WAAWmwB,GAAYgd,IAC3DQ,EAAK,IAAI3tC,iBAAiByrC,GAAU5b,QAAQ,CAAExnB,KAAMklC,EAAMlf,MAAMmf,EAAME,IAAStkC,SAAS,EAAG+jC,EAAG5uC,QAEpG,OAbF,SAAgBiN,EAAGJ,GACjB,IAAK,IAAIhL,EAAI,EAAGA,EAAIoL,EAAEjN,OAAQ6B,IAC5BoL,EAAEpL,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAEpB,CAQEwtC,CAAOD,EAAIR,GACJQ,CACT,CA7BWE,CAAWlB,EAAM54B,EAAKo5B,EAAI9e,GAGnC,MAAMyf,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiByzB,GAAI3uC,GAASsvC,EAAI/d,IAAIhB,oBAAoBvwB,KAAQ,IAAMsvC,EAAI/d,IAAIZ,sBACzF,CApFW4e,CAAWpB,EAAM54B,EAAK1D,EAAWge,EAAIzM,GAG9C,MACMosB,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAEtB+d,EAAS7f,EAAGxvB,QAClB,IAAIsuC,EAAK,IAAIntC,WACb,MAAMR,EAAUN,IACVA,IACFiuC,EAAK51B,EAAKtX,iBAAiB,CAACktC,EAAIjuC,KAElC,MAAMivC,EAAa,IAAInuC,WAAWmtC,EAAG5uC,QACrC,IAAI6B,EACA0Z,EAAI,EACR,KAAO5a,EAAQiuC,EAAG5uC,QAAU0vC,EAAad,EAAG5uC,QAAQ,CAClD,MAAM6vC,EAAWJ,EAASne,QAAQqe,GAClC,IAAK9tC,EAAI,EAAGA,EAAI6tC,EAAY7tC,IAC1B8tC,EAAO9tC,GAAK+sC,EAAG/sC,GAAKguC,EAAShuC,GAC7B+tC,EAAWr0B,KAAOo0B,EAAO9tC,GAE3B+sC,EAAKA,EAAG/jC,SAAS6kC,GAEnB,OAAOE,EAAW/kC,SAAS,EAAG0Q,EAAE,EAElC,OAAOJ,EAAiBrJ,EAAW7Q,EAASA,EAC9C,UAUOlB,eAAuBquC,EAAM54B,EAAKo6B,EAAY9f,GACnD,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC7C,GAAIp1B,EAAKyE,iBAAmBkxB,GAAUH,GACpC,OA4EJ,SAAqBJ,EAAM54B,EAAK45B,EAAItf,GAClC,MAAM0e,EAAW7uB,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GACvC0B,EAAc,IAAI3C,GAAW4C,iBAAiBpB,GAAUH,GAAWh5B,EAAKsa,GAC9E,OAAO3U,EAAiBi0B,GAAInvC,GAAS,IAAIwB,WAAWquC,EAAYzJ,OAAOpmC,KACzE,CAhFW+vC,CAAY5B,EAAM54B,EAAKo6B,EAAY9f,GAE5C,GAAI9W,EAAKyG,MAAM2uB,GACb,OA2CJ,SAAoBA,EAAM54B,EAAK45B,EAAItf,GACjC,GAAI9W,EAAK5X,SAASguC,GAAK,CACrB,MAAMG,EAAM,IAAIjB,GAAQ94B,EAAKsa,GAC7B,OAAO3U,EAAiBi0B,GAAInvC,GAASsvC,EAAI/d,IAAIP,oBAAoBhxB,KAAQ,IAAMsvC,EAAI/d,IAAIN,uBAEzF,OAAOod,GAAQ/c,QAAQ6d,EAAI55B,EAAKsa,EAClC,CAjDWmgB,CAAW7B,EAAM54B,EAAKo6B,EAAY9f,GAG3C,MACM2f,EAAW,IADFlB,GAAUH,GACR,CAAW54B,GACtBk6B,EAAaD,EAAS7d,UAE5B,IAAIse,EAASpgB,EACTsf,EAAK,IAAI3tC,WACb,MAAMR,EAAUN,IACVA,IACFyuC,EAAKp2B,EAAKtX,iBAAiB,CAAC0tC,EAAIzuC,KAElC,MAAMmR,EAAY,IAAIrQ,WAAW2tC,EAAGpvC,QACpC,IAAI6B,EACA0Z,EAAI,EACR,KAAO5a,EAAQyuC,EAAGpvC,QAAU0vC,EAAaN,EAAGpvC,QAAQ,CAClD,MAAMmwC,EAAWV,EAASne,QAAQ4e,GAElC,IADAA,EAASd,EAAGvkC,SAAS,EAAG6kC,GACnB7tC,EAAI,EAAGA,EAAI6tC,EAAY7tC,IAC1BiQ,EAAUyJ,KAAO20B,EAAOruC,GAAKsuC,EAAStuC,GAExCutC,EAAKA,EAAGvkC,SAAS6kC,GAEnB,OAAO59B,EAAUjH,SAAS,EAAG0Q,EAAE,EAEjC,OAAOJ,EAAiBy0B,EAAY3uC,EAASA,EAC/C,IC/HO,MAAMmvC,GACT7pB,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3C6d,eAAe7d,EAAM8M,EAAK66B,GACtB,OAAO,IAAID,GAAQ56B,EAAK66B,GAAO/e,QAAQ5oB,GAE3ChK,YAAY8W,EAAK66B,EAAO7e,GACpB5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,GAAW,EAAO,cAC/CjB,KAAK4yB,IAAIzB,QAChBnxB,KAAK0xC,oBAAoBD,GAE7B/e,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxB0f,oBAAoBD,EAAOE,EAAS3sC,GAChC,IAAI8jB,IAAEA,GAAQ9oB,KAAK4yB,IAAIxB,cACvB,QAAanwB,IAAT+D,EAAoB,CACpB,GAAIA,EAAO,GAAKA,EAAO,GACnB,MAAM,IAAI6rB,GAAqB,wBACnC,IAAI+gB,EAAOlmC,KAAKmmC,IAAI,EAAG7sC,GAAQ,EAC/B8jB,EAAIkE,SAAS,EAAG,EAAI4kB,EAAO,WAAe,EAAU,EAAPA,QAG7C5sC,EAAO,GACP8jB,EAAIkE,SAAS,EAAG,EAAG,MAAQ,YAE/B,QAAc/rB,IAAVwwC,EASA,MAAUvuC,MAAM,qBATK,CACrB,IAAI6M,EAAM0hC,EAAMrwC,OAChB,IAAK2O,GAAOA,EAAM,GACd,MAAM,IAAI8gB,GAAqB,sBACnC,IAAIihB,EAAO,IAAI1sB,SAAS,IAAID,YAAY,KACxC,IAAItiB,WAAWivC,EAAK7tC,QAAQX,IAAImuC,GAChC3oB,EAAI6D,UAAUmlB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,GAAIogB,EAAKpgB,UAAU,KAK1F,QAAgBzwB,IAAZ0wC,EAAuB,CACvB,GAAIA,EAAU,GAAKA,GAAWjmC,KAAKmmC,IAAI,EAAG7sC,GACtC,MAAM,IAAI6rB,GAAqB,yBACnC/H,EAAIuE,YAAY,EAAG,EAAIskB,EAAU,WAAe,EAAa,EAAVA,KCjDxD,MAAMI,GACTpqB,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASuB,QAAQ5oB,GAEjD6d,eAAe7d,EAAM8M,EAAKua,GAAU,EAAMD,GACtC,OAAO,IAAI6gB,GAAQn7B,EAAKsa,EAAIC,GAASwB,QAAQ7oB,GAEjDhK,YAAY8W,EAAKsa,EAAIC,GAAU,EAAMyB,GACjC5yB,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,EAAKsa,EAAIC,EAAS,OAErDuB,QAAQ5oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIhB,oBAAoB9nB,GAC7B9J,KAAK4yB,IAAIZ,sBAGxBW,QAAQ7oB,GAGJ,OAAOsmB,GAFIpwB,KAAK4yB,IAAIP,oBAAoBvoB,GAC7B9J,KAAK4yB,IAAIN,uBCT5B,MAAMgc,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBlBmzB,GAAc,GAWpB,SAASC,GAAYnoC,EAAMqnB,GACzB,MAAMhhB,EAASrG,EAAK1I,OAAS4wC,GAC7B,IAAK,IAAI/uC,EAAI,EAAGA,EAAI+uC,GAAa/uC,IAC/B6G,EAAK7G,EAAIkN,IAAWghB,EAAQluB,GAE9B,OAAO6G,CACT,CAeA,MAAMooC,GAAY,IAAIrvC,WAAWmvC,IAElB7wC,eAAegxC,GAAKv7B,GACjC,MAAMw7B,QAYRjxC,eAAmByV,GACjB,GAAIwD,EAAKoE,gBAAiC,KAAf5H,EAAIxV,OAE7B,OADAwV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW9J,OAAqB,EAAbwV,EAAIxV,SAAc,EAAO,CAAC,YAC1FD,eAAe6uC,GACpB,MAAMQ,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWgmB,GAAIghB,GAAW9wC,OAAsB,EAAd4wC,IAAmBp7B,EAAKo5B,GACrG,OAAO,IAAIntC,WAAW2tC,GAAIvkC,SAAS,EAAGukC,EAAGrsC,WAAa6tC,KAG1D,GAAI53B,EAAKyE,gBACP,OAAO1d,eAAe6uC,GACpB,MACMQ,EADK,IAAIjC,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKs7B,IACpEzK,OAAOuI,GACrB,OAAO,IAAIntC,WAAW2tC,IAI1B,OAAOrvC,eAAe6uC,GACpB,OAAO+B,GAAQrf,QAAQsd,EAAIp5B,GAAK,EAAOs7B,IAE3C,CA/BoB/iB,CAAIvY,GAGhBua,EAAU/W,EAAK8D,aAAak0B,EAAIF,KAChCG,EAAWj4B,EAAK8D,OAAOiT,GAE7B,OAAOhwB,eAAe2I,GAEpB,aAAcsoC,EAxBlB,SAAatoC,EAAMqnB,EAASkhB,GAE1B,GAAIvoC,EAAK1I,QAAU0I,EAAK1I,OAAS4wC,IAAgB,EAE/C,OAAOC,GAAYnoC,EAAMqnB,GAG3B,MAAM5V,EAAS,IAAI1Y,WAAWiH,EAAK1I,QAAU4wC,GAAeloC,EAAK1I,OAAS4wC,KAG1E,OAFAz2B,EAAOjY,IAAIwG,GACXyR,EAAOzR,EAAK1I,QAAU,IACf6wC,GAAY12B,EAAQ82B,EAC7B,CAasB9f,CAAIzoB,EAAMqnB,EAASkhB,KAAYpmC,UAAU+lC,IAE/D,CC3CA,MAAM1D,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAGdizB,GAAc,GACdM,GAAWN,GACXO,GAAYP,GAEZtiC,GAAO,IAAI7M,WAAWmvC,IACtBriC,GAAM,IAAI9M,WAAWmvC,IAAcriC,GAAIqiC,GAAc,GAAK,EAChE,MAAMQ,GAAM,IAAI3vC,WAAWmvC,IAE3B7wC,eAAesxC,GAAK77B,GAClB,MAAM87B,QAAaP,GAAKv7B,GACxB,OAAO,SAASqH,EAAG1E,GACjB,OAAOm5B,EAAKt4B,EAAKtX,iBAAiB,CAACmb,EAAG1E,KAE1C,CAEApY,eAAemuB,GAAI1Y,GACjB,OACEwD,EAAKoE,gBACU,KAAf5H,EAAIxV,QAEJwV,QAAY03B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAM,UAAW9J,OAAqB,EAAbwV,EAAIxV,SAAc,EAAO,CAAC,YAC1FD,eAAe6uC,EAAI9e,GACxB,MAAMsf,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAM,UAAWymC,QAASzgB,EAAI9vB,OAAsB,EAAd4wC,IAAmBp7B,EAAKo5B,GACnG,OAAO,IAAIntC,WAAW2tC,KAGtBp2B,EAAKyE,gBACA1d,eAAe6uC,EAAI9e,GACxB,MAAMyhB,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKsa,GAC5Esf,EAAKxxB,GAAOxY,OAAO,CAACmsC,EAAGlL,OAAOuI,GAAK2C,EAAGC,UAC5C,OAAO,IAAI/vC,WAAW2tC,IAInBrvC,eAAe6uC,EAAI9e,GACxB,OAAOsgB,GAAQ9e,QAAQsd,EAAIp5B,EAAKsa,GAEpC,CAQA/vB,eAAe0xC,GAAIhlB,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUvQ,MAAM,qCAGlB,MACE4vC,EACAC,SACQ9yC,QAAQ2H,IAAI,CACpB6qC,GAAK77B,GACL0Y,GAAI1Y,KAGN,MAAO,CAQL8b,QAASvxB,eAAe+R,EAAWu+B,EAAOuB,GACxC,MACEC,EACAC,SACQjzC,QAAQ2H,IAAI,CACpBkrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,KAENG,QAAiBJ,EAAI7/B,EAAW+/B,GAEhC5yB,QADqByyB,EAAKN,GAAKW,GAErC,IAAK,IAAIlwC,EAAI,EAAGA,EAAIsvC,GAAWtvC,IAC7Bod,EAAIpd,IAAMiwC,EAAUjwC,GAAKgwC,EAAUhwC,GAErC,OAAOmX,EAAKtX,iBAAiB,CAACqwC,EAAU9yB,KAU1CsS,QAASxxB,eAAe6vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW5vC,OAASmxC,GAAW,MAAUrvC,MAAM,0BACnD,MAAMiwC,EAAWnC,EAAW/kC,SAAS,GAAIsmC,IACnCa,EAAQpC,EAAW/kC,UAAUsmC,KAEjCU,EACAC,EACAG,SACQpzC,QAAQ2H,IAAI,CACpBkrC,EAAKpjC,GAAM+hC,GACXqB,EAAKnjC,GAAKqjC,GACVF,EAAKN,GAAKW,KAEN9yB,EAAMgzB,EACZ,IAAK,IAAIpwC,EAAI,EAAGA,EAAIsvC,GAAWtvC,IAC7Bod,EAAIpd,IAAMiwC,EAAUjwC,GAAKgwC,EAAUhwC,GAErC,IAAKmX,EAAKqD,iBAAiB21B,EAAO/yB,GAAM,MAAUnd,MAAM,+BAExD,aADwB6vC,EAAII,EAAUF,IAI5C,CA5GyCT,GAAIR,GAAc,GAAK,EAoHhEa,GAAIS,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAoB,GAAIb,YAAcA,GAClBa,GAAIP,SAAWA,GACfO,GAAIN,UAAYA,GC3IhB,MAAMP,GAAc,GACdM,GAAW,GAMXC,GAAY,GAGlB,SAASiB,GAAIpnC,GACX,IAAIonC,EAAM,EACV,IAAK,IAAIvwC,EAAI,EAAe,IAAXmJ,EAAInJ,GAAUA,IAAM,EACnCuwC,IAEF,OAAOA,CACT,CAEA,SAAS/C,GAAOgD,EAAG/F,GACjB,IAAK,IAAIzqC,EAAI,EAAGA,EAAIwwC,EAAEryC,OAAQ6B,IAC5BwwC,EAAExwC,IAAMyqC,EAAEzqC,GAEZ,OAAOwwC,CACT,CAEA,SAASC,GAAID,EAAG/F,GACd,OAAO+C,GAAOgD,EAAE/xC,QAASgsC,EAC3B,CAEA,MAAMwE,GAAY,IAAIrvC,WAAWmvC,IAC3BriC,GAAM,IAAI9M,WAAW,CAAC,IAO5B1B,eAAewyC,GAAI9lB,EAAQjX,GAEzB,IACIg9B,EACAC,EACAjC,EAHAkC,EAAS,EA2Eb,SAASC,EAAM9pC,EAAIgM,EAAMw7B,EAAOuB,GAI9B,MAAM5lC,EAAI6I,EAAK7U,OAAS4wC,GAAc,GAxDxC,SAA4B/7B,EAAM+8B,GAChC,MAAMgB,EAAY55B,EAAK2B,MAAMrQ,KAAKC,IAAIsK,EAAK7U,OAAQ4xC,EAAM5xC,QAAU4wC,GAAc,GAAK,EACtF,IAAK,IAAI/uC,EAAI6wC,EAAS,EAAG7wC,GAAK+wC,EAAW/wC,IACvC2uC,EAAK3uC,GAAKmX,EAAK8D,OAAO0zB,EAAK3uC,EAAI,IAEjC6wC,EAASE,EAwDTC,CAAmBh+B,EAAM+8B,GAOzB,MAAMkB,EAAc95B,EAAKtX,iBAAiB,CAACovC,GAAUjmC,SAAS,EAAGqmC,GAAWb,EAAMrwC,QAASuO,GAAK8hC,IAE1F0C,EAAwC,GAA/BD,EAAYlC,GAAc,GAEzCkC,EAAYlC,GAAc,IAAM,IAChC,MAAMoC,EAAOR,EAASM,GAEhBG,EAAYj6B,EAAKtX,iBAAiB,CAACsxC,EAAMV,GAAIU,EAAKnoC,SAAS,EAAG,GAAImoC,EAAKnoC,SAAS,EAAG,MAEnFkE,EAASiK,EAAKiE,WAAWg2B,EAAUpoC,SAAS,GAAKkoC,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAaloC,SAAS,GAE/G0Z,EAAW,IAAI9iB,WAAWmvC,IAE1BxB,EAAK,IAAI3tC,WAAWoT,EAAK7U,OAASmxC,IAKxC,IAAItvC,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAImK,EAAGnK,IAEjBwtC,GAAOtgC,EAAQyhC,EAAK4B,GAAIvwC,EAAI,KAG5ButC,EAAGltC,IAAImtC,GAAOxmC,EAAGypC,GAAIvjC,EAAQ8F,IAAQ9F,GAAShN,GAE9CstC,GAAO9qB,EAAU1b,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS9I,IAEtD8S,EAAOA,EAAKhK,SAAS+lC,IACrB7uC,GAAO6uC,GAMT,GAAI/7B,EAAK7U,OAAQ,CAEfqvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAMqkB,EAAUyiB,EAASzjC,GAEzBqgC,EAAGltC,IAAIowC,GAAIz9B,EAAMkb,GAAUhuB,GAG3B,MAAMmxC,EAAW,IAAIzxC,WAAWmvC,IAChCsC,EAAShxC,IAAI2G,IAAO2pC,EAAW39B,EAAOu6B,EAAGvkC,SAAS9I,GAAMovC,IAAY,GACpE+B,EAASr+B,EAAK7U,QAAU,IACxBqvC,GAAO9qB,EAAU2uB,GACjBnxC,GAAO8S,EAAK7U,OAGd,MAAMif,EAAMowB,GAAOmD,EAASnD,GAAOA,GAAO9qB,EAAUxV,GAASyhC,EAAK2C,IAhHpE,SAAcvB,GACZ,IAAKA,EAAM5xC,OAET,OAAO8wC,GAMT,MAAM9kC,EAAI4lC,EAAM5xC,OAAS4wC,GAAc,EAEjC7hC,EAAS,IAAItN,WAAWmvC,IACxBxhB,EAAM,IAAI3tB,WAAWmvC,IAC3B,IAAK,IAAI/uC,EAAI,EAAGA,EAAImK,EAAGnK,IACrBwtC,GAAOtgC,EAAQyhC,EAAK4B,GAAIvwC,EAAI,KAC5BwtC,GAAOjgB,EAAKojB,EAASF,GAAIvjC,EAAQ6iC,KACjCA,EAAQA,EAAM/mC,SAAS+lC,IAMzB,GAAIgB,EAAM5xC,OAAQ,CAChBqvC,GAAOtgC,EAAQyhC,EAAK9kC,GAEpB,MAAM0nC,EAAc,IAAI3xC,WAAWmvC,IACnCwC,EAAYlxC,IAAI0vC,EAAO,GACvBwB,EAAYxB,EAAM5xC,QAAU,IAC5BqvC,GAAO+D,EAAarkC,GAEpBsgC,GAAOjgB,EAAKojB,EAASY,IAGvB,OAAOhkB,EA+EgExc,CAAKg/B,IAO5E,OADAxC,EAAGltC,IAAI+c,EAAKld,GACLqtC,EAIT,OAnJA,SAA+B3iB,EAAQjX,GACrC,MAAM69B,EAAa1zB,EAAM7f,KAAK6f,EAAM9N,UAAW4a,GACzC+E,EAAM,IAAI8hB,GAAQD,GAAY79B,GACpCg9B,EAAWhhB,EAAIF,QAAQjtB,KAAKmtB,GAC5BihB,EAAWjhB,EAAID,QAAQltB,KAAKmtB,GAE5B,MAAM+hB,EAASf,EAAS1B,IAClB0C,EAASx6B,EAAK8D,OAAOy2B,GAC3B/C,EAAO,GACPA,EAAK,GAAKx3B,EAAK8D,OAAO02B,GAGtBhD,EAAK9kC,EAAI6nC,EACT/C,EAAK2C,EAAIK,EAfXC,CAAsBhnB,EAAQjX,GAqJvB,CAQL8b,QAASvxB,eAAe+R,EAAWu+B,EAAOuB,GACxC,OAAOe,EAAMH,EAAU1gC,EAAWu+B,EAAOuB,IAU3CrgB,QAASxxB,eAAe6vC,EAAYS,EAAOuB,GACzC,GAAIhC,EAAW5vC,OAASmxC,GAAW,MAAUrvC,MAAM,0BAEnD,MAAMmd,EAAM2wB,EAAW/kC,UAAUsmC,IACjCvB,EAAaA,EAAW/kC,SAAS,GAAIsmC,IAErC,MAAMuC,EAAUf,EAAMF,EAAU7C,EAAYS,EAAOuB,GAEnD,GAAI54B,EAAKqD,iBAAiB4C,EAAKy0B,EAAQ7oC,UAAUsmC,KAC/C,OAAOuC,EAAQ7oC,SAAS,GAAIsmC,IAE9B,MAAUrvC,MAAM,gCAGtB,CAQAywC,GAAIL,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAkC,GAAI3B,YAAcA,GAClB2B,GAAIrB,SAAWA,GACfqB,GAAIpB,UAAYA,GC3QhB,MAAMwC,GAA0B,YACzB,MAAMC,GACTl1C,YAAY8W,EAAK66B,EAAOuB,EAAOiC,EAAU,GAAIriB,GACzC5yB,KAAKi1C,QAAUA,EACfj1C,KAAKk1C,OAAS,EACdl1C,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAMA,GAAY,IAAI3B,GAAIra,OAAK3V,GAAW,EAAO,OACtD,IAAI6nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cAI7B,GAFAtI,EAAI8E,WAEA5tB,KAAKi1C,QAAU,GAAKj1C,KAAKi1C,QAAU,GACnC,MAAM,IAAIpkB,GAAqB,yBAEnC,MAAMskB,EAAW1D,EAAMrwC,QAAU,EAC3Bg0C,EAAW,IAAIvyC,WAAW,IACf,KAAbsyC,GACAn1C,KAAKq1C,iBAAiB5D,GACtB5oB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,IAAM,EACXA,EAAK,IAAMssB,IAAa,GACxBtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,GAAM,IAC/BtsB,EAAK,IAAOssB,IAAa,EAAK,IAC9BtsB,EAAK,IAAOssB,GAAY,EAAK,IAC7BrsB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIwD,OAAO,EAAG,EAAG,EAAG,GACpB8oB,EAAS9xC,IAAIulB,EAAK5c,SAAS,EAAG,OAG9BmpC,EAAS9xC,IAAImuC,GACb2D,EAAS,IAAM,GAEnB,MAAME,EAAY,IAAIlwB,SAASgwB,EAASnxC,QAKxC,GAJAjE,KAAKk1C,OAASI,EAAU5jB,UAAU,IAClC5I,EAAI6D,UAAU2oB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI4jB,EAAU5jB,UAAU,GAAI,GACtF5I,EAAIkE,SAAS,EAAG,EAAG,EAAG,iBAER/rB,IAAV+xC,EAAqB,CACrB,GAAIA,EAAM5xC,OAAS2zC,GACf,MAAM,IAAIlkB,GAAqB,wBAC/BmiB,EAAM5xC,QACNpB,KAAKgzC,MAAQA,EACbhzC,KAAKq1C,iBAAiBrC,IAGtBhzC,KAAKgzC,WAAQ/xC,OAIjBjB,KAAKgzC,WAAQ/xC,EAGjB,GAAIjB,KAAK2xC,QAAU,GAAK3xC,KAAK2xC,QAAU,WACnC,MAAM,IAAI4D,WAAW,6CACzBzsB,EAAIuE,YAAY,EAAG,EAAG,EAAIrtB,KAAKk1C,OAASl1C,KAAK2xC,QAAW,GAE5DhqB,eAAe6tB,EAAW5+B,EAAK66B,EAAOuB,EAAOyC,GACzC,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS/iB,QAAQ8iB,GAE3D7tB,eAAeqpB,EAAYp6B,EAAK66B,EAAOuB,EAAOyC,GAC1C,OAAO,IAAIT,GAAQp+B,EAAK66B,EAAOuB,EAAOyC,GAAS9iB,QAAQqe,GAE3Dte,QAAQ5oB,GACJ,OAAO9J,KAAK01C,gBAAgB5rC,GAEhC6oB,QAAQ7oB,GACJ,OAAO9J,KAAK21C,gBAAgB7rC,GAEhC8rC,wBAAwB9rC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,GACtB0nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfxuC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAQniB,EAAMkgB,GAAS,GACvBE,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM9zC,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAO,GACVE,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,GAChDlgB,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYvsB,EAAK4M,GAC5DogB,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKgtB,GACrDA,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACJA,EAAOpgB,GACP5M,GAAOgtB,EACPpgB,GAAOogB,IAGPhtB,EAAM,EACN4M,EAAM,GAMd,OAHA/P,KAAK2xC,QAAUA,EACf3xC,KAAK4yB,IAAIzvB,IAAMA,EACfnD,KAAK4yB,IAAI7iB,IAAMA,EACRtO,EAEXo0C,yBACI,IAAI/sB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfsD,EAAUj1C,KAAKi1C,QACfjC,EAAQhzC,KAAKgzC,MACb7vC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACnB,MAAMtO,EAAS,IAAIoB,WAAWkN,EAAMklC,GACpCnsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAYvsB,EAAM4M,EAAM,IAAO,IAC/DA,GACAtO,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM4M,IACxC,IAAI9M,EAAI8M,EACR,KAAW,GAAJ9M,EAAQA,IACX4lB,EAAK1lB,EAAMF,GAAK,EACpB6lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKF,GAClD,MAAM6yC,OAAiB70C,IAAV+xC,EAAsBA,EAAM5xC,OAAS,EAC5C20C,GAASpE,EAAU,GAAM,GAAK5hC,EAuBpC,OAtBA8Y,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGrtB,KAAKk1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/CjuB,EAAO6B,IAAIulB,EAAK5c,SAAS,EAAGgpC,GAAUllC,GACtC/P,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAIzvB,IAAM,EACfnD,KAAK4yB,IAAI7iB,IAAM,EACRtO,EAEXu0C,wBAAwBlsC,GACpB,IAAIkmB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,GACtB0nB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBugB,EAAU3xC,KAAK2xC,QACfsD,EAAUj1C,KAAKi1C,QACf9xC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfgiB,EAAO,EACPG,EAAOniB,EAAMkgB,EAAOglB,EAAWllC,EAAMkgB,EAAOglB,GAAY,GAAK,EAC7DgB,EAAOlmC,EAAMkgB,EAAOiC,EACpB/B,EAAO,EACX,IAAMwhB,EAAU,GAAM,GAAK5hC,EAAMkgB,EAAO8kB,GACpC,MAAM,IAAIQ,WAAW,oBACzB,MAAM9zC,EAAS,IAAIoB,WAAWqvB,GAC9B,KAAOjC,EAAOgmB,GACV9lB,EAAOL,GAAYjH,EAAM1lB,EAAM4M,EAAKjG,EAAMkmB,EAAMC,EAAOgmB,GACvDlmC,GAAOogB,EACPH,GAAQG,EACRF,GAAQE,EACRA,EAAOrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKgtB,GACzDA,EAAOrH,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYvsB,EAAKgtB,GACxDA,GACA1uB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAMgtB,GAAO4B,GAC/C4f,GAAWxhB,IAAS,EACpB4B,GAAQ5B,EACRhtB,EAAM,EACN4M,EAAM,EAQV,OANIkgB,EAAO,IACPlgB,GAAO+f,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,IAE5CjwB,KAAK2xC,QAAUA,EACf3xC,KAAK4yB,IAAIzvB,IAAMA,EACfnD,KAAK4yB,IAAI7iB,IAAMA,EACRtO,EAEXy0C,yBACI,IAAIptB,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzB6jB,EAAUj1C,KAAKi1C,QACfjC,EAAQhzC,KAAKgzC,MACbrB,EAAU3xC,KAAK2xC,QACfxuC,EAAMnD,KAAK4yB,IAAIzvB,IACf4M,EAAM/P,KAAK4yB,IAAI7iB,IACfmiB,EAAOniB,EAAMklC,EACjB,GAAIllC,EAAMklC,EACN,MAAM,IAAItkB,GAAkB,gCAChC,MAAMlvB,EAAS,IAAIoB,WAAWqvB,GACxBikB,EAAO,IAAItzC,WAAWgmB,EAAK5c,SAAS9I,EAAM+uB,EAAM/uB,EAAM4M,IAC5D,IAAI9M,EAAIivB,EACR,KAAW,GAAJjvB,EAAQA,IACX4lB,EAAK1lB,EAAMF,GAAK,EACpB6lB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAYvsB,EAAKF,GAClD6lB,EAAI+E,OAAOjG,GAAQ2H,IAAID,IAAK1H,GAAQ8H,UAAYvsB,EAAKF,GACjDivB,GACAzwB,EAAO6B,IAAIulB,EAAK5c,SAAS9I,EAAKA,EAAM+uB,IACxC,MAAM4jB,OAAiB70C,IAAV+xC,EAAsBA,EAAM5xC,OAAS,EAC5C20C,GAASpE,EAAU,GAAM,GAAK5hC,EAAMklC,EAC1CpsB,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAK,EACVA,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAKitB,IAAS,GACnBjtB,EAAK,GAAMitB,IAAS,GAAM,IAC1BjtB,EAAK,GAAMitB,IAAS,EAAK,IACzBjtB,EAAK,GAAMitB,GAAQ,EAAK,IACxBjtB,EAAK,GAAKA,EAAK,GAAKA,EAAK,IAAM,EAC/BA,EAAK,IAAMktB,IAAS,GACpBltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,GAAM,IAC3BltB,EAAK,IAAOktB,IAAS,EAAK,IAC1BltB,EAAK,IAAOktB,GAAQ,EAAK,IACzBjtB,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAW,IAC5C5G,EAAI6E,OAAO/F,GAAQ8H,WACnB5G,EAAIuE,YAAY,EAAG,EAAG,EAAGrtB,KAAKk1C,QAC9BpsB,EAAI+E,OAAOjG,GAAQqH,IAAIK,IAAK1H,GAAQ8H,UAAW,IAC/C,IAAI0mB,EAAS,EACb,IAAK,IAAInzC,EAAI,EAAGA,EAAIgyC,IAAWhyC,EAC3BmzC,GAAUD,EAAKlzC,GAAK4lB,EAAK5lB,GAC7B,GAAImzC,EACA,MAAM,IAAItlB,GAAc,+BAI5B,OAHA9wB,KAAK2xC,QAAU,EACf3xC,KAAK4yB,IAAIzvB,IAAM,EACfnD,KAAK4yB,IAAI7iB,IAAM,EACRtO,EAEXk0C,gBAAgB7rC,GACZ,MAAMC,EAAU/J,KAAKg2C,wBAAwBlsC,GACvCE,EAAUhK,KAAKk2C,yBACfz0C,EAAS,IAAIoB,WAAWkH,EAAQ3I,OAAS4I,EAAQ5I,QAKvD,OAJI2I,EAAQ3I,QACRK,EAAO6B,IAAIyG,GACXC,EAAQ5I,QACRK,EAAO6B,IAAI0G,EAASD,EAAQ3I,QACzBK,EAEXi0C,gBAAgB5rC,GACZ,MAAMC,EAAU/J,KAAK41C,wBAAwB9rC,GACvCE,EAAUhK,KAAK61C,yBACfp0C,EAAS,IAAIoB,WAAWkH,EAAQ3I,OAAS4I,EAAQ5I,QAKvD,OAJI2I,EAAQ3I,QACRK,EAAO6B,IAAIyG,GACXC,EAAQ5I,QACRK,EAAO6B,IAAI0G,EAASD,EAAQ3I,QACzBK,EAEX4zC,iBAAiBvrC,GACb,IAAIgf,IAAEA,EAAGD,KAAEA,GAAS7oB,KAAK4yB,IAAIxB,cACzBpB,EAAO,EACPC,EAAOnmB,EAAK1I,QAAU,EACtB+uB,EAAO,EACX,KAAOF,EAAO,GAAG,CAIb,IAHAE,EAAOL,GAAYjH,EAAM,EAAG/e,EAAMkmB,EAAMC,GACxCD,GAAQG,EACRF,GAAQE,EACM,GAAPA,GACHtH,EAAKsH,KAAU,EACnBrH,EAAImF,IAAIrG,GAAQ4H,IAAIC,IAAK7H,GAAQ8H,UAAWS,KC3PxD,MAAMme,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBG,GAAS5E,EAAK2E,gBAIdwzB,GAAY,GACZnC,GAAO,UAObjvC,eAAesuB,GAAI5B,EAAQjX,GACzB,GAAIiX,IAAW9M,EAAM9N,UAAUM,QAC7Bsa,IAAW9M,EAAM9N,UAAUO,QAC3Bqa,IAAW9M,EAAM9N,UAAUQ,OAC3B,MAAUvQ,MAAM,qCAGlB,GAAIkX,EAAKyE,gBACP,MAAO,CACL6T,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,EAAQ,IAAInwC,YAC1C,MAAM8vC,EAAK,IAAIpE,GAAW2B,eAAe,OAAuB,EAAbt5B,EAAIxV,OAAc,OAAQwV,EAAKsa,GAClFyhB,EAAG0D,OAAOrD,GACV,MAAMxC,EAAKxxB,GAAOxY,OAAO,CAACmsC,EAAGlL,OAAOuI,GAAK2C,EAAGC,QAASD,EAAG2D,eACxD,OAAO,IAAIzzC,WAAW2tC,IAGxB7d,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,EAAQ,IAAInwC,YAC1C,MAAM0zC,EAAK,IAAIhI,GAAW4C,iBAAiB,OAAuB,EAAbv6B,EAAIxV,OAAc,OAAQwV,EAAKsa,GACpFqlB,EAAGF,OAAOrD,GACVuD,EAAGC,WAAWhG,EAAG9uC,MAAM8uC,EAAGpvC,OAASmxC,GAAW/B,EAAGpvC,SACjD,MAAM4uC,EAAKhxB,GAAOxY,OAAO,CAAC+vC,EAAG9O,OAAO+I,EAAG9uC,MAAM,EAAG8uC,EAAGpvC,OAASmxC,KAAagE,EAAG3D,UAC5E,OAAO,IAAI/vC,WAAWmtC,KAK5B,GAAI51B,EAAKoE,gBAAiC,KAAf5H,EAAIxV,OAAe,CAC5C,MAAMivC,QAAa/B,GAAUgC,UAAU,MAAO15B,EAAK,CAAE1L,KAAMklC,KAAQ,EAAO,CAAC,UAAW,YAEtF,MAAO,CACL1d,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,EAAQ,IAAInwC,YAC1C,IAAKmtC,EAAG5uC,OACN,OAAO4zC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,GAEtC,MAAMxC,QAAWlC,GAAU5b,QAAQ,CAAExnB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAML,GAC9G,OAAO,IAAIntC,WAAW2tC,IAGxB7d,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,EAAQ,IAAInwC,YAC1C,GAAI2tC,EAAGpvC,SAAWmxC,GAChB,OAAOyC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,GAEtC,MAAMhD,QAAW1B,GAAU3b,QAAQ,CAAEznB,KAAMklC,GAAMlf,KAAIulB,eAAgBzD,EAAOT,UAAuB,EAAZA,IAAiBlC,EAAMG,GAC9G,OAAO,IAAI3tC,WAAWmtC,KAK5B,MAAO,CACLtd,QAASvxB,eAAe6uC,EAAI9e,EAAI8hB,GAC9B,OAAOgC,GAAQtiB,QAAQsd,EAAIp5B,EAAKsa,EAAI8hB,IAGtCrgB,QAASxxB,eAAeqvC,EAAItf,EAAI8hB,GAC9B,OAAOgC,GAAQriB,QAAQ6d,EAAI55B,EAAKsa,EAAI8hB,IAG1C,CAWAvjB,GAAI6jB,SAAW,SAASpiB,EAAIqiB,GAC1B,MAAM9B,EAAQvgB,EAAGxvB,QACjB,IAAK,IAAIuB,EAAI,EAAGA,EAAIswC,EAAWnyC,OAAQ6B,IACrCwuC,EAAM,EAAIxuC,IAAMswC,EAAWtwC,GAE7B,OAAOwuC,CACT,EAEAhiB,GAAIuiB,YAtFgB,GAuFpBviB,GAAI6iB,SAtFa,GAuFjB7iB,GAAI8iB,UAAYA,GC7GhB,OAAe,CAEb5B,IAAKA,GAEL+F,IAAKA,GACL9hC,gBAAiB8hC,GAEjBhiC,IAAKA,GAELC,IAAKA,wBClBP,SAAUgiC,GASV,IAAIC,EAAK,SAASvc,GAChB,IAAIp3B,EAAG0K,EAAI,IAAIkpC,aAAa,IAC5B,GAAIxc,EAAM,IAAKp3B,EAAI,EAAGA,EAAIo3B,EAAKj5B,OAAQ6B,IAAK0K,EAAE1K,GAAKo3B,EAAKp3B,GACxD,OAAO0K,CACT,EAGImpC,EAAc,WAAuB,MAAU5zC,MAAM,YAErD6zC,EAAK,IAAIl0C,WAAW,IAAKk0C,EAAG,GAAK,EAErC,IAAIC,EAAMJ,IACNK,EAAML,EAAG,CAAC,IACVM,EAAUN,EAAG,CAAC,MAAQ,IACtBzJ,EAAIyJ,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIO,EAAKP,EAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIQ,EAAIR,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIS,EAAIT,EAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChI5f,EAAI4f,EAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAQpI,SAASU,EAAiBxqC,EAAGyqC,EAAIrpC,EAAGspC,GAClC,OAPF,SAAY1qC,EAAGyqC,EAAIrpC,EAAGspC,EAAIprC,GACxB,IAAInJ,EAAEwlB,EAAI,EACV,IAAKxlB,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKwlB,GAAK3b,EAAEyqC,EAAGt0C,GAAGiL,EAAEspC,EAAGv0C,GAC1C,OAAQ,EAAMwlB,EAAI,IAAO,GAAM,CACjC,CAGSgvB,CAAG3qC,EAAEyqC,EAAGrpC,EAAEspC,EAAG,GACtB,CAEA,SAASE,EAAS/pC,EAAGU,GACnB,IAAIpL,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0K,EAAE1K,GAAU,EAALoL,EAAEpL,EACpC,CAEA,SAAS00C,EAASC,GAChB,IAAI30C,EAAG40C,EAAGz7B,EAAI,EACd,IAAKnZ,EAAI,EAAGA,EAAI,GAAIA,IAClB40C,EAAID,EAAE30C,GAAKmZ,EAAI,MACfA,EAAI1Q,KAAKsP,MAAM68B,EAAI,OACnBD,EAAE30C,GAAK40C,EAAQ,MAAJz7B,EAEbw7B,EAAE,IAAMx7B,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAAS07B,EAAS1lB,EAAG9jB,EAAGL,GAEtB,IADA,IAAIgQ,EAAG7B,IAAMnO,EAAE,GACNhL,EAAI,EAAGA,EAAI,GAAIA,IACtBgb,EAAI7B,GAAKgW,EAAEnvB,GAAKqL,EAAErL,IAClBmvB,EAAEnvB,IAAMgb,EACR3P,EAAErL,IAAMgb,CAEZ,CAEA,SAAS85B,EAAUH,EAAGxrC,GACpB,IAAInJ,EAAG0Z,EAAG1O,EACNb,EAAIwpC,IAAM34B,EAAI24B,IAClB,IAAK3zC,EAAI,EAAGA,EAAI,GAAIA,IAAKgb,EAAEhb,GAAKmJ,EAAEnJ,GAIlC,IAHA00C,EAAS15B,GACT05B,EAAS15B,GACT05B,EAAS15B,GACJtB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAvP,EAAE,GAAK6Q,EAAE,GAAK,MACThb,EAAI,EAAGA,EAAI,GAAIA,IAClBmK,EAAEnK,GAAKgb,EAAEhb,GAAK,OAAWmK,EAAEnK,EAAE,IAAI,GAAM,GACvCmK,EAAEnK,EAAE,IAAM,MAEZmK,EAAE,IAAM6Q,EAAE,IAAM,OAAW7Q,EAAE,KAAK,GAAM,GACxCa,EAAKb,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACT0qC,EAAS75B,EAAG7Q,EAAG,EAAEa,GAEnB,IAAKhL,EAAI,EAAGA,EAAI,GAAIA,IAClB20C,EAAE,EAAE30C,GAAY,IAAPgb,EAAEhb,GACX20C,EAAE,EAAE30C,EAAE,GAAKgb,EAAEhb,IAAI,CAErB,CAEA,SAAS+0C,EAAS3pC,EAAGJ,GACnB,IAAImO,EAAI,IAAIvZ,WAAW,IAAK4lB,EAAI,IAAI5lB,WAAW,IAG/C,OAFAk1C,EAAU37B,EAAG/N,GACb0pC,EAAUtvB,EAAGxa,GACNqpC,EAAiBl7B,EAAG,EAAGqM,EAAG,EACnC,CAEA,SAASwvB,EAAS5pC,GAChB,IAAIoa,EAAI,IAAI5lB,WAAW,IAEvB,OADAk1C,EAAUtvB,EAAGpa,GACC,EAAPoa,EAAE,EACX,CAEA,SAASyvB,EAAYN,EAAGxrC,GACtB,IAAInJ,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKmJ,EAAE,EAAEnJ,IAAMmJ,EAAE,EAAEnJ,EAAE,IAAM,GACtD20C,EAAE,KAAO,KACX,CAEA,SAAS3K,EAAE2K,EAAGvpC,EAAGJ,GACf,IAAK,IAAIhL,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAC/C,CAEA,SAASk1C,EAAEP,EAAGvpC,EAAGJ,GACf,IAAK,IAAIhL,EAAI,EAAGA,EAAI,GAAIA,IAAK20C,EAAE30C,GAAKoL,EAAEpL,GAAKgL,EAAEhL,EAC/C,CAEA,SAASm1C,EAAER,EAAGvpC,EAAGJ,GACf,IAAI4pC,EAAGz7B,EACJknB,EAAK,EAAI1Y,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIyY,EAAK,EAAIwB,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEoT,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAK3rC,EAAE,GACP4rC,EAAK5rC,EAAE,GACP6rC,EAAK7rC,EAAE,GACP8rC,EAAK9rC,EAAE,GACP+rC,EAAK/rC,EAAE,GACPgsC,EAAKhsC,EAAE,GACPisC,EAAKjsC,EAAE,GACPksC,EAAKlsC,EAAE,GACPmsC,EAAKnsC,EAAE,GACPosC,EAAKpsC,EAAE,GACPqsC,EAAMrsC,EAAE,IACRssC,EAAMtsC,EAAE,IACRusC,EAAMvsC,EAAE,IACRwsC,EAAMxsC,EAAE,IACRysC,EAAMzsC,EAAE,IACR0sC,EAAM1sC,EAAE,IAGVq1B,IADAuU,EAAIxpC,EAAE,IACIurC,EACVhvB,GAAMitB,EAAIgC,EACVhvB,GAAMgtB,EAAIiC,EACVhvB,GAAM+sB,EAAIkC,EACVxW,GAAMsU,EAAImC,EACVjV,GAAM8S,EAAIoC,EACVjV,GAAM6S,EAAIqC,EACVjV,GAAM4S,EAAIsC,EACV9B,GAAMR,EAAIuC,EACV9B,GAAMT,EAAIwC,EACV9B,GAAOV,EAAIyC,EACX9B,GAAOX,EAAI0C,EACX9B,GAAOZ,EAAI2C,EACX9B,GAAOb,EAAI4C,EACX9B,GAAOd,EAAI6C,EACX9B,GAAOf,EAAI8C,EAEX/vB,IADAitB,EAAIxpC,EAAE,IACIurC,EACV/uB,GAAMgtB,EAAIgC,EACV/uB,GAAM+sB,EAAIiC,EACVvW,GAAMsU,EAAIkC,EACVhV,GAAM8S,EAAImC,EACVhV,GAAM6S,EAAIoC,EACVhV,GAAM4S,EAAIqC,EACV7B,GAAMR,EAAIsC,EACV7B,GAAMT,EAAIuC,EACV7B,GAAOV,EAAIwC,EACX7B,GAAOX,EAAIyC,EACX7B,GAAOZ,EAAI0C,EACX7B,GAAOb,EAAI2C,EACX7B,GAAOd,EAAI4C,EACX7B,GAAOf,EAAI6C,EACX7B,GAAOhB,EAAI8C,EAEX9vB,IADAgtB,EAAIxpC,EAAE,IACIurC,EACV9uB,GAAM+sB,EAAIgC,EACVtW,GAAMsU,EAAIiC,EACV/U,GAAM8S,EAAIkC,EACV/U,GAAM6S,EAAImC,EACV/U,GAAM4S,EAAIoC,EACV5B,GAAMR,EAAIqC,EACV5B,GAAMT,EAAIsC,EACV5B,GAAOV,EAAIuC,EACX5B,GAAOX,EAAIwC,EACX5B,GAAOZ,EAAIyC,EACX5B,GAAOb,EAAI0C,EACX5B,GAAOd,EAAI2C,EACX5B,GAAOf,EAAI4C,EACX5B,GAAOhB,EAAI6C,EACX5B,GAAOjB,EAAI8C,EAEX7vB,IADA+sB,EAAIxpC,EAAE,IACIurC,EACVrW,GAAMsU,EAAIgC,EACV9U,GAAM8S,EAAIiC,EACV9U,GAAM6S,EAAIkC,EACV9U,GAAM4S,EAAImC,EACV3B,GAAMR,EAAIoC,EACV3B,GAAMT,EAAIqC,EACV3B,GAAOV,EAAIsC,EACX3B,GAAOX,EAAIuC,EACX3B,GAAOZ,EAAIwC,EACX3B,GAAOb,EAAIyC,EACX3B,GAAOd,EAAI0C,EACX3B,GAAOf,EAAI2C,EACX3B,GAAOhB,EAAI4C,EACX3B,GAAOjB,EAAI6C,EACX3B,GAAOlB,EAAI8C,EAEXpX,IADAsU,EAAIxpC,EAAE,IACIurC,EACV7U,GAAM8S,EAAIgC,EACV7U,GAAM6S,EAAIiC,EACV7U,GAAM4S,EAAIkC,EACV1B,GAAMR,EAAImC,EACV1B,GAAMT,EAAIoC,EACV1B,GAAOV,EAAIqC,EACX1B,GAAOX,EAAIsC,EACX1B,GAAOZ,EAAIuC,EACX1B,GAAOb,EAAIwC,EACX1B,GAAOd,EAAIyC,EACX1B,GAAOf,EAAI0C,EACX1B,GAAOhB,EAAI2C,EACX1B,GAAOjB,EAAI4C,EACX1B,GAAOlB,EAAI6C,EACX1B,GAAOnB,EAAI8C,EAEX5V,IADA8S,EAAIxpC,EAAE,IACIurC,EACV5U,GAAM6S,EAAIgC,EACV5U,GAAM4S,EAAIiC,EACVzB,GAAMR,EAAIkC,EACVzB,GAAMT,EAAImC,EACVzB,GAAOV,EAAIoC,EACXzB,GAAOX,EAAIqC,EACXzB,GAAOZ,EAAIsC,EACXzB,GAAOb,EAAIuC,EACXzB,GAAOd,EAAIwC,EACXzB,GAAOf,EAAIyC,EACXzB,GAAOhB,EAAI0C,EACXzB,GAAOjB,EAAI2C,EACXzB,GAAOlB,EAAI4C,EACXzB,GAAOnB,EAAI6C,EACXzB,GAAOpB,EAAI8C,EAEX3V,IADA6S,EAAIxpC,EAAE,IACIurC,EACV3U,GAAM4S,EAAIgC,EACVxB,GAAMR,EAAIiC,EACVxB,GAAMT,EAAIkC,EACVxB,GAAOV,EAAImC,EACXxB,GAAOX,EAAIoC,EACXxB,GAAOZ,EAAIqC,EACXxB,GAAOb,EAAIsC,EACXxB,GAAOd,EAAIuC,EACXxB,GAAOf,EAAIwC,EACXxB,GAAOhB,EAAIyC,EACXxB,GAAOjB,EAAI0C,EACXxB,GAAOlB,EAAI2C,EACXxB,GAAOnB,EAAI4C,EACXxB,GAAOpB,EAAI6C,EACXxB,GAAOrB,EAAI8C,EAEX1V,IADA4S,EAAIxpC,EAAE,IACIurC,EACVvB,GAAMR,EAAIgC,EACVvB,GAAMT,EAAIiC,EACVvB,GAAOV,EAAIkC,EACXvB,GAAOX,EAAImC,EACXvB,GAAOZ,EAAIoC,EACXvB,GAAOb,EAAIqC,EACXvB,GAAOd,EAAIsC,EACXvB,GAAOf,EAAIuC,EACXvB,GAAOhB,EAAIwC,EACXvB,GAAOjB,EAAIyC,EACXvB,GAAOlB,EAAI0C,EACXvB,GAAOnB,EAAI2C,EACXvB,GAAOpB,EAAI4C,EACXvB,GAAOrB,EAAI6C,EACXvB,GAAOtB,EAAI8C,EAEXtC,IADAR,EAAIxpC,EAAE,IACIurC,EACVtB,GAAMT,EAAIgC,EACVtB,GAAOV,EAAIiC,EACXtB,GAAOX,EAAIkC,EACXtB,GAAOZ,EAAImC,EACXtB,GAAOb,EAAIoC,EACXtB,GAAOd,EAAIqC,EACXtB,GAAOf,EAAIsC,EACXtB,GAAOhB,EAAIuC,EACXtB,GAAOjB,EAAIwC,EACXtB,GAAOlB,EAAIyC,EACXtB,GAAOnB,EAAI0C,EACXtB,GAAOpB,EAAI2C,EACXtB,GAAOrB,EAAI4C,EACXtB,GAAOtB,EAAI6C,EACXtB,GAAOvB,EAAI8C,EAEXrC,IADAT,EAAIxpC,EAAE,IACIurC,EACVrB,GAAOV,EAAIgC,EACXrB,GAAOX,EAAIiC,EACXrB,GAAOZ,EAAIkC,EACXrB,GAAOb,EAAImC,EACXrB,GAAOd,EAAIoC,EACXrB,GAAOf,EAAIqC,EACXrB,GAAOhB,EAAIsC,EACXrB,GAAOjB,EAAIuC,EACXrB,GAAOlB,EAAIwC,EACXrB,GAAOnB,EAAIyC,EACXrB,GAAOpB,EAAI0C,EACXrB,GAAOrB,EAAI2C,EACXrB,GAAOtB,EAAI4C,EACXrB,GAAOvB,EAAI6C,EACXrB,GAAOxB,EAAI8C,EAEXpC,IADAV,EAAIxpC,EAAE,KACKurC,EACXpB,GAAOX,EAAIgC,EACXpB,GAAOZ,EAAIiC,EACXpB,GAAOb,EAAIkC,EACXpB,GAAOd,EAAImC,EACXpB,GAAOf,EAAIoC,EACXpB,GAAOhB,EAAIqC,EACXpB,GAAOjB,EAAIsC,EACXpB,GAAOlB,EAAIuC,EACXpB,GAAOnB,EAAIwC,EACXpB,GAAOpB,EAAIyC,EACXpB,GAAOrB,EAAI0C,EACXpB,GAAOtB,EAAI2C,EACXpB,GAAOvB,EAAI4C,EACXpB,GAAOxB,EAAI6C,EACXpB,GAAOzB,EAAI8C,EAEXnC,IADAX,EAAIxpC,EAAE,KACKurC,EACXnB,GAAOZ,EAAIgC,EACXnB,GAAOb,EAAIiC,EACXnB,GAAOd,EAAIkC,EACXnB,GAAOf,EAAImC,EACXnB,GAAOhB,EAAIoC,EACXnB,GAAOjB,EAAIqC,EACXnB,GAAOlB,EAAIsC,EACXnB,GAAOnB,EAAIuC,EACXnB,GAAOpB,EAAIwC,EACXnB,GAAOrB,EAAIyC,EACXnB,GAAOtB,EAAI0C,EACXnB,GAAOvB,EAAI2C,EACXnB,GAAOxB,EAAI4C,EACXnB,GAAOzB,EAAI6C,EACXnB,GAAO1B,EAAI8C,EAEXlC,IADAZ,EAAIxpC,EAAE,KACKurC,EACXlB,GAAOb,EAAIgC,EACXlB,GAAOd,EAAIiC,EACXlB,GAAOf,EAAIkC,EACXlB,GAAOhB,EAAImC,EACXlB,GAAOjB,EAAIoC,EACXlB,GAAOlB,EAAIqC,EACXlB,GAAOnB,EAAIsC,EACXlB,GAAOpB,EAAIuC,EACXlB,GAAOrB,EAAIwC,EACXlB,GAAOtB,EAAIyC,EACXlB,GAAOvB,EAAI0C,EACXlB,GAAOxB,EAAI2C,EACXlB,GAAOzB,EAAI4C,EACXlB,GAAO1B,EAAI6C,EACXlB,GAAO3B,EAAI8C,EAEXjC,IADAb,EAAIxpC,EAAE,KACKurC,EACXjB,GAAOd,EAAIgC,EACXjB,GAAOf,EAAIiC,EACXjB,GAAOhB,EAAIkC,EACXjB,GAAOjB,EAAImC,EACXjB,GAAOlB,EAAIoC,EACXjB,GAAOnB,EAAIqC,EACXjB,GAAOpB,EAAIsC,EACXjB,GAAOrB,EAAIuC,EACXjB,GAAOtB,EAAIwC,EACXjB,GAAOvB,EAAIyC,EACXjB,GAAOxB,EAAI0C,EACXjB,GAAOzB,EAAI2C,EACXjB,GAAO1B,EAAI4C,EACXjB,GAAO3B,EAAI6C,EACXjB,GAAO5B,EAAI8C,EAEXhC,IADAd,EAAIxpC,EAAE,KACKurC,EACXhB,GAAOf,EAAIgC,EACXhB,GAAOhB,EAAIiC,EACXhB,GAAOjB,EAAIkC,EACXhB,GAAOlB,EAAImC,EACXhB,GAAOnB,EAAIoC,EACXhB,GAAOpB,EAAIqC,EACXhB,GAAOrB,EAAIsC,EACXhB,GAAOtB,EAAIuC,EACXhB,GAAOvB,EAAIwC,EACXhB,GAAOxB,EAAIyC,EACXhB,GAAOzB,EAAI0C,EACXhB,GAAO1B,EAAI2C,EACXhB,GAAO3B,EAAI4C,EACXhB,GAAO5B,EAAI6C,EACXhB,GAAO7B,EAAI8C,EAEX/B,IADAf,EAAIxpC,EAAE,KACKurC,EAkBXhvB,GAAO,IAhBPkuB,GAAOjB,EAAIiC,GAiBXjvB,GAAO,IAhBPkuB,GAAOlB,EAAIkC,GAiBXjvB,GAAO,IAhBPkuB,GAAOnB,EAAImC,GAiBXzW,GAAO,IAhBP0V,GAAOpB,EAAIoC,GAiBXlV,GAAO,IAhBPmU,GAAOrB,EAAIqC,GAiBXlV,GAAO,IAhBPmU,GAAOtB,EAAIsC,GAiBXlV,GAAO,IAhBPmU,GAAOvB,EAAIuC,GAiBX/B,GAAO,IAhBPgB,GAAOxB,EAAIwC,GAiBX/B,GAAO,IAhBPgB,GAAOzB,EAAIyC,GAiBX/B,GAAO,IAhBPgB,GAAO1B,EAAI0C,GAiBX/B,GAAO,IAhBPgB,GAAO3B,EAAI2C,GAiBX/B,GAAO,IAhBPgB,GAAO5B,EAAI4C,GAiBX/B,GAAO,IAhBPgB,GAAO7B,EAAI6C,GAiBX/B,GAAO,IAhBPgB,GAAO9B,EAAI8C,GAqBsCrX,GAAjDuU,GAnBAvU,GAAO,IAhBPuV,GAAOhB,EAAIgC,KAkCXz9B,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QAKSvU,GAAjDuU,GAJAvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSjtB,GAAjDitB,EAAKjtB,EAAKxO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACShtB,GAAjDgtB,EAAKhtB,EAAKzO,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS/sB,GAAjD+sB,EAAK/sB,EAAK1O,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACStU,GAAjDsU,EAAKtU,EAAKnnB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS9S,GAAjD8S,EAAK9S,EAAK3oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS7S,GAAjD6S,EAAK7S,EAAK5oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACS5S,GAAjD4S,EAAK5S,EAAK7oB,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSQ,GAAjDR,EAAKQ,EAAKj8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACSS,GAAjDT,EAAKS,EAAKl8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQU,GAAhDV,EAAIU,EAAMn8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQW,GAAhDX,EAAIW,EAAMp8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQY,GAAhDZ,EAAIY,EAAMr8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQa,GAAhDb,EAAIa,EAAMt8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQc,GAAhDd,EAAIc,EAAMv8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACQe,GAAhDf,EAAIe,EAAMx8B,EAAI,OAAgD,OAAzCA,EAAI1Q,KAAKsP,MAAM68B,EAAI,QACxCvU,GAAMlnB,EAAE,EAAI,IAAMA,EAAE,GAEpBw7B,EAAG,GAAKtU,EACRsU,EAAG,GAAKhtB,EACRgtB,EAAG,GAAK/sB,EACR+sB,EAAG,GAAK9sB,EACR8sB,EAAG,GAAKrU,EACRqU,EAAG,GAAK7S,EACR6S,EAAG,GAAK5S,EACR4S,EAAG,GAAK3S,EACR2S,EAAG,GAAKS,EACRT,EAAG,GAAKU,EACRV,EAAE,IAAMW,EACRX,EAAE,IAAMY,EACRZ,EAAE,IAAMa,EACRb,EAAE,IAAMc,EACRd,EAAE,IAAMe,EACRf,EAAE,IAAMgB,CACV,CAEA,SAASnF,EAAEmE,EAAGvpC,GACZ+pC,EAAER,EAAGvpC,EAAGA,EACV,CAEA,SAASusC,EAAShD,EAAG30C,GACnB,IACIoL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKpL,EAAEoL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAiB,IAANA,GAAS+pC,EAAEh8B,EAAGA,EAAGnZ,GAEjC,IAAKoL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CAaA,SAASwsC,EAAkBvsC,EAAGlC,EAAGgmB,GAC/B,IAC8BzkB,EAAG1K,EAD7BilC,EAAI,IAAIrlC,WAAW,IACnBiK,EAAI,IAAI+pC,aAAa,IACrBxoC,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMvyC,EAAIuyC,IAAMlS,EAAIkS,IAC5B,IAAK3zC,EAAI,EAAGA,EAAI,GAAIA,IAAKilC,EAAEjlC,GAAKmJ,EAAEnJ,GAIlC,IAHAilC,EAAE,IAAW,IAAN97B,EAAE,IAAS,GAClB87B,EAAE,IAAI,IACNgQ,EAAYprC,EAAEslB,GACTnvB,EAAI,EAAGA,EAAI,GAAIA,IAClBgL,EAAEhL,GAAG6J,EAAE7J,GACPwlB,EAAExlB,GAAGoL,EAAEpL,GAAGmZ,EAAEnZ,GAAG,EAGjB,IADAoL,EAAE,GAAGoa,EAAE,GAAG,EACLxlB,EAAE,IAAKA,GAAG,IAAKA,EAElB60C,EAASzpC,EAAEJ,EADXN,EAAGu6B,EAAEjlC,IAAI,MAAQ,EAAFA,GAAM,GAErB60C,EAAS17B,EAAEqM,EAAE9a,GACbs/B,EAAE5oC,EAAEgK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACN6wB,EAAE7wB,EAAEnO,EAAEwa,GACN0vB,EAAElqC,EAAEA,EAAEwa,GACNgrB,EAAEhrB,EAAEpkB,GACJovC,EAAE/O,EAAEr2B,GACJ+pC,EAAE/pC,EAAE+N,EAAE/N,GACN+pC,EAAEh8B,EAAEnO,EAAE5J,GACN4oC,EAAE5oC,EAAEgK,EAAE+N,GACN+7B,EAAE9pC,EAAEA,EAAE+N,GACNq3B,EAAExlC,EAAEI,GACJ8pC,EAAE/7B,EAAEqM,EAAEic,GACN0T,EAAE/pC,EAAE+N,EAAE86B,GACNjK,EAAE5+B,EAAEA,EAAEoa,GACN2vB,EAAEh8B,EAAEA,EAAE/N,GACN+pC,EAAE/pC,EAAEoa,EAAEic,GACN0T,EAAE3vB,EAAExa,EAAEnB,GACN2mC,EAAExlC,EAAE5J,GACJyzC,EAASzpC,EAAEJ,EAAEN,GACbmqC,EAAS17B,EAAEqM,EAAE9a,GAEf,IAAK1K,EAAI,EAAGA,EAAI,GAAIA,IAClB6J,EAAE7J,EAAE,IAAIoL,EAAEpL,GACV6J,EAAE7J,EAAE,IAAImZ,EAAEnZ,GACV6J,EAAE7J,EAAE,IAAIgL,EAAEhL,GACV6J,EAAE7J,EAAE,IAAIwlB,EAAExlB,GAEZ,IAAI63C,EAAMhuC,EAAEb,SAAS,IACjB8uC,EAAMjuC,EAAEb,SAAS,IAIrB,OAHA2uC,EAASE,EAAIA,GACb1C,EAAE2C,EAAIA,EAAID,GACV/C,EAAUzpC,EAAEysC,GACL,CACT,CAEA,SAASC,EAAuB1sC,EAAGlC,GACjC,OAAOyuC,EAAkBvsC,EAAGlC,EAAG2qC,EACjC,CAOA,SAAS9wC,EAAImsB,EAAG9jB,GACd,IAAID,EAAIuoC,IAAM3oC,EAAI2oC,IAAMx6B,EAAIw6B,IACxBnuB,EAAImuB,IAAMvyC,EAAIuyC,IAAMlS,EAAIkS,IACxBjS,EAAIiS,IAAMz6B,EAAIy6B,IAAM34B,EAAI24B,IAE5BuB,EAAE9pC,EAAG+jB,EAAE,GAAIA,EAAE,IACb+lB,EAAEl6B,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAE/pC,EAAGA,EAAG4P,GACRgvB,EAAEh/B,EAAGmkB,EAAE,GAAIA,EAAE,IACb6a,EAAEhvB,EAAG3P,EAAE,GAAIA,EAAE,IACb8pC,EAAEnqC,EAAGA,EAAGgQ,GACRm6B,EAAEh8B,EAAGgW,EAAE,GAAI9jB,EAAE,IACb8pC,EAAEh8B,EAAGA,EAAG+6B,GACRiB,EAAE3vB,EAAG2J,EAAE,GAAI9jB,EAAE,IACb2+B,EAAExkB,EAAGA,EAAGA,GACR0vB,EAAE9zC,EAAG4J,EAAGI,GACR8pC,EAAEzT,EAAGjc,EAAGrM,GACR6wB,EAAEtI,EAAGlc,EAAGrM,GACR6wB,EAAE9wB,EAAGlO,EAAGI,GAER+pC,EAAEhmB,EAAE,GAAI/tB,EAAGqgC,GACX0T,EAAEhmB,EAAE,GAAIjW,EAAGwoB,GACXyT,EAAEhmB,EAAE,GAAIuS,EAAGD,GACX0T,EAAEhmB,EAAE,GAAI/tB,EAAG8X,EACb,CAEA,SAAS8+B,EAAM7oB,EAAG9jB,EAAGL,GACnB,IAAIhL,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB60C,EAAS1lB,EAAEnvB,GAAIqL,EAAErL,GAAIgL,EAEzB,CAEA,SAASitC,EAAKvtC,EAAGykB,GACf,IAAI+oB,EAAKvE,IAAMwE,EAAKxE,IAAMyE,EAAKzE,IAC/BgE,EAASS,EAAIjpB,EAAE,IACfgmB,EAAE+C,EAAI/oB,EAAE,GAAIipB,GACZjD,EAAEgD,EAAIhpB,EAAE,GAAIipB,GACZtD,EAAUpqC,EAAGytC,GACbztC,EAAE,KAAOsqC,EAASkD,IAAO,CAC3B,CAEA,SAASG,EAAWlpB,EAAG9jB,EAAGuP,GACxB,IAAI5P,EAAGhL,EAKP,IAJAy0C,EAAStlB,EAAE,GAAI4kB,GACfU,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI6kB,GACfS,EAAStlB,EAAE,GAAI4kB,GACV/zC,EAAI,IAAKA,GAAK,IAAKA,EAEtBg4C,EAAM7oB,EAAG9jB,EADTL,EAAK4P,EAAG5a,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BgD,EAAIqI,EAAG8jB,GACPnsB,EAAImsB,EAAGA,GACP6oB,EAAM7oB,EAAG9jB,EAAGL,EAEhB,CAEA,SAASstC,EAAWnpB,EAAGvU,GACrB,IAAIvP,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAC3Bc,EAASppC,EAAE,GAAI8oC,GACfM,EAASppC,EAAE,GAAI+oC,GACfK,EAASppC,EAAE,GAAI2oC,GACfmB,EAAE9pC,EAAE,GAAI8oC,EAAGC,GACXiE,EAAWlpB,EAAG9jB,EAAGuP,EACnB,CAEA,SAAS29B,EAAoBC,EAAIC,EAAIC,GACnC,IAAIlzB,EAEAxlB,EADAmvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KAY3B,IATK+E,GAAQ7E,EAAY4E,EAAI,KAC7BjzB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8yB,EAAWnpB,EAAG3J,GACdyyB,EAAKO,EAAIrpB,GAEJnvB,EAAI,EAAGA,EAAI,GAAIA,IAAKy4C,EAAGz4C,EAAE,IAAMw4C,EAAGx4C,GACvC,OAAO,CACT,CAEA,IAAI24C,EAAI,IAAI/E,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgF,EAAKluC,EAAGb,GACf,IAAIg6B,EAAO7jC,EAAG0Z,EAAGV,EACjB,IAAKhZ,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADA6jC,EAAQ,EACHnqB,EAAI1Z,EAAI,GAAIgZ,EAAIhZ,EAAI,GAAI0Z,EAAIV,IAAKU,EACpC7P,EAAE6P,IAAMmqB,EAAQ,GAAKh6B,EAAE7J,GAAK24C,EAAEj/B,GAAK1Z,EAAI,KACvC6jC,EAAQp7B,KAAKsP,OAAOlO,EAAE6P,GAAK,KAAO,KAClC7P,EAAE6P,IAAc,IAARmqB,EAEVh6B,EAAE6P,IAAMmqB,EACRh6B,EAAE7J,GAAK,EAGT,IADA6jC,EAAQ,EACHnqB,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE6P,IAAMmqB,GAASh6B,EAAE,KAAO,GAAK8uC,EAAEj/B,GACjCmqB,EAAQh6B,EAAE6P,IAAM,EAChB7P,EAAE6P,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK7P,EAAE6P,IAAMmqB,EAAQ8U,EAAEj/B,GAC3C,IAAK1Z,EAAI,EAAGA,EAAI,GAAIA,IAClB6J,EAAE7J,EAAE,IAAM6J,EAAE7J,IAAM,EAClB0K,EAAE1K,GAAY,IAAP6J,EAAE7J,EAEb,CAEA,SAASstB,EAAO5iB,GACd,IAA8B1K,EAA1B6J,EAAI,IAAI+pC,aAAa,IACzB,IAAK5zC,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK0K,EAAE1K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0K,EAAE1K,GAAK,EAChC44C,EAAKluC,EAAGb,EACV,CAsCA,SAASgvC,EAAUnuC,EAAGykB,GACpB,IAAInU,EAAI24B,IAAMmF,EAAMnF,IAAM3P,EAAM2P,IAC5BoF,EAAMpF,IAAMqF,EAAOrF,IAAMsF,EAAOtF,IAChCuF,EAAOvF,IA2BX,OAzBAc,EAAS/pC,EAAE,GAAIspC,GACfiB,EAAYvqC,EAAE,GAAIykB,GAClBqhB,EAAExM,EAAKt5B,EAAE,IACTyqC,EAAE4D,EAAK/U,EAAKkG,GACZgL,EAAElR,EAAKA,EAAKt5B,EAAE,IACds/B,EAAE+O,EAAKruC,EAAE,GAAIquC,GAEbvI,EAAEwI,EAAMD,GACRvI,EAAEyI,EAAMD,GACR7D,EAAE+D,EAAMD,EAAMD,GACd7D,EAAEn6B,EAAGk+B,EAAMlV,GACXmR,EAAEn6B,EAAGA,EAAG+9B,GAnPV,SAAiBpE,EAAG30C,GAClB,IACIoL,EADA+N,EAAIw6B,IAER,IAAKvoC,EAAI,EAAGA,EAAI,GAAIA,IAAK+N,EAAE/N,GAAKpL,EAAEoL,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBolC,EAAEr3B,EAAGA,GACI,IAAN/N,GAAS+pC,EAAEh8B,EAAGA,EAAGnZ,GAExB,IAAKoL,EAAI,EAAGA,EAAI,GAAIA,IAAKupC,EAAEvpC,GAAK+N,EAAE/N,EACpC,CA4OE+tC,CAAQn+B,EAAGA,GACXm6B,EAAEn6B,EAAGA,EAAGgpB,GACRmR,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEn6B,EAAGA,EAAG+9B,GACR5D,EAAEzqC,EAAE,GAAIsQ,EAAG+9B,GAEXvI,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAMmR,EAAEzqC,EAAE,GAAIA,EAAE,GAAIqpB,GAEtCyc,EAAEsI,EAAKpuC,EAAE,IACTyqC,EAAE2D,EAAKA,EAAKC,GACRhE,EAAS+D,EAAK9U,IAAc,GAE5BgR,EAAStqC,EAAE,MAASykB,EAAE,KAAK,GAAI+lB,EAAExqC,EAAE,GAAIqpC,EAAKrpC,EAAE,IAElDyqC,EAAEzqC,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAII0uC,EAAoB,GAKxB,SAASC,IACP,IAAK,IAAIr5C,EAAI,EAAGA,EAAIs5C,UAAUn7C,OAAQ6B,IACpC,KAAMs5C,UAAUt5C,aAAcJ,YAC5B,MAAM,IAAIgvB,UAAU,kCAE1B,CAEA,SAAS2qB,EAAQC,GACf,IAAK,IAAIx5C,EAAI,EAAGA,EAAIw5C,EAAIr7C,OAAQ6B,IAAKw5C,EAAIx5C,GAAK,CAChD,CAEA0zC,EAAK+F,WAAa,SAAStwC,EAAGgmB,GAE5B,GADAkqB,EAAgBlwC,EAAGgmB,GApBe,KAqB9BhmB,EAAEhL,OAA0C,MAAU8B,MAAM,cAChE,GAvB4B,KAuBxBkvB,EAAEhxB,OAAoC,MAAU8B,MAAM,cAC1D,IAAIoL,EAAI,IAAIzL,WAxBgB,IA0B5B,OADAg4C,EAAkBvsC,EAAGlC,EAAGgmB,GACjB9jB,CACT,EAEAqoC,EAAKgG,IAAM,GAEXhG,EAAKgG,IAAIC,QAAU,WACjB,IAnQ0B1uC,EAAGpB,EAmQzB2uC,EAAK,IAAI54C,WA9BiB,IA+B1B64C,EAAK,IAAI74C,WA9BiB,IAgC9B,OAtQ0BqL,EAqQPutC,EApQnB3E,EAD6BhqC,EAqQN4uC,EApQR,IACRV,EAAuB9sC,EAAGpB,GAoQ1B,CAACoF,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKgG,IAAIC,QAAQC,cAAgB,SAAS3nC,GAExC,GADAonC,EAAgBpnC,GApCc,KAqC1BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAClB,IAAIu4C,EAAK,IAAI54C,WAxCiB,IA0C9B,OADAm4C,EAAuBS,EAAIvmC,GACpB,CAAChD,UAAWupC,EAAIvmC,UAAW,IAAIrS,WAAWqS,GACnD,EAEAyhC,EAAKmG,KAAO,SAASzX,EAAKnwB,GAExB,GADAonC,EAAgBjX,EAAKnwB,GA1CU,KA2C3BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAClB,IAAI65C,EAAY,IAAIl6C,WAAWw5C,EAAkBhX,EAAIjkC,QAErD,OA5JF,SAAqB47C,EAAI5vC,EAAGhB,EAAGsvC,GAC7B,IAAIjzB,EAAGtM,EAAGxO,EACN1K,EAAG0Z,EAAG7P,EAAI,IAAI+pC,aAAa,IAC3BzkB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,MAE3BnuB,EAAIkuB,EAAK3iC,KAAK0nC,EAAGzvC,SAAS,EAAG,MAC3B,IAAM,IACRwc,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIw0B,EAAQ7wC,EAAI,GAChB,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK+5C,EAAG,GAAK/5C,GAAKmK,EAAEnK,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK+5C,EAAG,GAAK/5C,GAAKwlB,EAAE,GAAKxlB,GAO7C,IAJAstB,EADA5iB,EAAIgpC,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,GAAIgxC,KAE9B1B,EAAWnpB,EAAGzkB,GACdutC,EAAK8B,EAAI5qB,GAEJnvB,EAAI,GAAIA,EAAI,GAAIA,IAAK+5C,EAAG/5C,GAAKy4C,EAAGz4C,GAIrC,IAFAstB,EADApU,EAAIw6B,EAAK3iC,KAAKgpC,EAAG/wC,SAAS,EAAGgxC,KAGxBh6C,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK6J,EAAE7J,GAAK0K,EAAE1K,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAK0Z,EAAI,EAAGA,EAAI,GAAIA,IAClB7P,EAAE7J,EAAE0Z,IAAMR,EAAElZ,GAAKwlB,EAAE9L,GAIvBk/B,EAAKmB,EAAG/wC,SAAS,IAAKa,EAExB,CA0HEowC,CAAYH,EAAW1X,EAAKA,EAAIjkC,OAAQ8T,GACjC6nC,CACT,EAEApG,EAAKmG,KAAKK,SAAW,SAAS9X,EAAKnwB,GAGjC,IAFA,IAAI6nC,EAAYpG,EAAKmG,KAAKzX,EAAKnwB,GAC3BkoC,EAAM,IAAIv6C,WAAWw5C,GAChBp5C,EAAI,EAAGA,EAAIm6C,EAAIh8C,OAAQ6B,IAAKm6C,EAAIn6C,GAAK85C,EAAU95C,GACxD,OAAOm6C,CACT,EAEAzG,EAAKmG,KAAKK,SAASE,OAAS,SAAShY,EAAK+X,EAAKlrC,GAE7C,GADAoqC,EAAgBjX,EAAK+X,EAAKlrC,GACtBkrC,EAAIh8C,SAAWi7C,EACjB,MAAUn5C,MAAM,sBAClB,GA9D+B,KA8D3BgP,EAAU9Q,OACZ,MAAU8B,MAAM,uBAClB,IAEID,EAFA+5C,EAAK,IAAIn6C,WAAWw5C,EAAoBhX,EAAIjkC,QAC5CgM,EAAI,IAAIvK,WAAWw5C,EAAoBhX,EAAIjkC,QAE/C,IAAK6B,EAAI,EAAGA,EAAIo5C,EAAmBp5C,IAAK+5C,EAAG/5C,GAAKm6C,EAAIn6C,GACpD,IAAKA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK+5C,EAAG/5C,EAAEo5C,GAAqBhX,EAAIpiC,GAC/D,OAxGF,SAA0BmK,EAAG4vC,EAAI5wC,EAAGqvC,GAClC,IAAIx4C,EACwBkZ,EAAxB8B,EAAI,IAAIpb,WAAW,IACnBuvB,EAAI,CAACwkB,IAAMA,IAAMA,IAAMA,KACvBtoC,EAAI,CAACsoC,IAAMA,IAAMA,IAAMA,KAE3B,GAAIxqC,EAAI,GAAI,OAAQ,EAEpB,GAAI0vC,EAAUxtC,EAAGmtC,GAAK,OAAQ,EAE9B,IAAKx4C,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK+5C,EAAG/5C,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKmK,EAAEnK,EAAE,IAAMw4C,EAAGx4C,GAUtC,GARAstB,EADApU,EAAIw6B,EAAK3iC,KAAK5G,EAAEnB,SAAS,EAAGG,KAE5BkvC,EAAWlpB,EAAG9jB,EAAG6N,GAEjBo/B,EAAWjtC,EAAG0uC,EAAG/wC,SAAS,KAC1BhG,EAAImsB,EAAG9jB,GACP4sC,EAAKj9B,EAAGmU,GAERhmB,GAAK,GACDkrC,EAAiB0F,EAAI,EAAG/+B,EAAG,GAAI,CACjC,IAAKhb,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK,EAC/B,OAAQ,EAGV,IAAKA,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAKmK,EAAEnK,GAAK+5C,EAAG/5C,EAAI,IACtC,OAAOmJ,CACT,CA4EUkxC,CAAiBlwC,EAAG4vC,EAAIA,EAAG57C,OAAQ8Q,IAAc,CAC3D,EAEAykC,EAAKmG,KAAKF,QAAU,WAClB,IAAInB,EAAK,IAAI54C,WAzEkB,IA0E3B64C,EAAK,IAAI74C,WAzEkB,IA2E/B,OADA24C,EAAoBC,EAAIC,GACjB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAKmG,KAAKF,QAAQC,cAAgB,SAAS3nC,GAEzC,GADAonC,EAAgBpnC,GA/Ee,KAgF3BA,EAAU9T,OACZ,MAAU8B,MAAM,uBAElB,IADA,IAAIu4C,EAAK,IAAI54C,WAnFkB,IAoFtBI,EAAI,EAAGA,EAAIw4C,EAAGr6C,OAAQ6B,IAAKw4C,EAAGx4C,GAAKiS,EAAU,GAAGjS,GACzD,MAAO,CAACiP,UAAWupC,EAAIvmC,UAAW,IAAIrS,WAAWqS,GACnD,EAEAyhC,EAAKmG,KAAKF,QAAQW,SAAW,SAASC,GAEpC,GADAlB,EAAgBkB,GAvFU,KAwFtBA,EAAKp8C,OACP,MAAU8B,MAAM,iBAGlB,IAFA,IAAIu4C,EAAK,IAAI54C,WA5FkB,IA6F3B64C,EAAK,IAAI74C,WA5FkB,IA6FtBI,EAAI,EAAGA,EAAI,GAAIA,IAAKy4C,EAAGz4C,GAAKu6C,EAAKv6C,GAE1C,OADAu4C,EAAoBC,EAAIC,GAAI,GACrB,CAACxpC,UAAWupC,EAAIvmC,UAAWwmC,EACpC,EAEA/E,EAAK8G,QAAU,SAASxzC,GACtB6sC,EAAc7sC,CAChB,EAEA,WAGE,IAAIwU,EAAyB,oBAATi/B,KAAwBA,KAAKj/B,QAAUi/B,KAAKC,SAAY,KAC5E,GAAIl/B,GAAUA,EAAOm/B,gBAAiB,CAGpCjH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAInJ,EAAG40C,EAAI,IAAIh1C,WAAWuJ,GAC1B,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,GAHT,MAIRwb,EAAOm/B,gBAAgB/F,EAAE5rC,SAAShJ,EAAGA,EAAIyI,KAAKmyC,IAAIzxC,EAAInJ,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK6J,EAAE7J,GAAK40C,EAAE50C,GACjCu5C,EAAQ3E,gBAEkB,IAAZiG,KAEhBr/B,OAAS,IACKA,EAAOs/B,aACnBpH,EAAK8G,SAAQ,SAAS3wC,EAAGV,GACvB,IAAInJ,EAAG40C,EAAIp5B,EAAOs/B,YAAY3xC,GAC9B,IAAKnJ,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK6J,EAAE7J,GAAK40C,EAAE50C,GACjCu5C,EAAQ3E,KAIf,CA1BD,EA4BC,CAn6BD,CAm6BoCvS,EAAO0Y,QAAU1Y,EAAO0Y,QAAWN,KAAK/G,KAAO+G,KAAK/G,MAAQ,OC34BhG,MAAMpI,GAAan0B,EAAKyE,gBAOjB,SAASo/B,GAAe78C,GAC7B,MAAM8f,EAAM,IAAIre,WAAWzB,GAC3B,GAAImtC,GAAY,CACd,MAAMrnC,EAAQqnC,GAAWwP,YAAY78B,EAAI9f,QACzC8f,EAAI5d,IAAI4D,OACH,IAAsB,oBAAXuX,SAA0BA,OAAOm/B,gBAGjD,MAAU16C,MAAM,gDAFhBub,OAAOm/B,gBAAgB18B,GAIzB,OAAOA,CACT,CASO/f,eAAe+8C,GAAoBL,EAAKlyC,GAC7C,MAAMQ,QAAmBiO,EAAKuE,gBAE9B,GAAIhT,EAAIkD,GAAGgvC,GACT,MAAU36C,MAAM,uCAGlB,MAAMi7C,EAAUxyC,EAAIqB,IAAI6wC,GAClB32C,EAAQi3C,EAAQh6C,aAMtB,OADU,IAAIgI,QAAiB8xC,GAAe/2C,EAAQ,IAC7CoG,IAAI6wC,GAASl4C,IAAI43C,EAC5B,8FClCO18C,eAAei9C,GAAoB7/B,EAAMla,EAAG4X,GACjD,MAAM9P,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GACrB0xC,EAAMluC,EAAIlB,UAAU,IAAItC,EAAWoS,EAAO,IAC1C8/B,EAAS,IAAIlyC,EAAW,IAOxBmyC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE/FlyC,QAAU8xC,GAAoBL,EAAKA,EAAIpvC,UAAUkB,IACvD,IAAI1M,EAAImJ,EAAEkB,IAAI+wC,GAAQjvC,WAEtB,GACEhD,EAAES,KAAK,IAAIV,EAAWmyC,EAAKr7C,KAC3BA,GAAKA,EAAIq7C,EAAKr7C,IAAMq7C,EAAKl9C,OAErBgL,EAAEqD,YAAc8O,IAClBnS,EAAEe,KAAK0wC,EAAIpvC,UAAUkB,IAAM9C,KAAKgxC,GAChC56C,EAAImJ,EAAEkB,IAAI+wC,GAAQjvC,yBAENmvC,GAAgBnyC,EAAG/H,EAAG4X,IACtC,OAAO7P,CACT,CAUOjL,eAAeo9C,GAAgBnyC,EAAG/H,EAAG4X,GAC1C,QAAI5X,IAAM+H,EAAEQ,MAAMmB,IAAI1J,GAAGoJ,mBA8BpBtM,eAA4BiL,GACjC,MAAMD,QAAmBiO,EAAKuE,gBAC9B,OAAO6/B,GAAYC,OAAMrxC,GACa,IAA7BhB,EAAEkB,IAAI,IAAInB,EAAWiB,KAEhC,CAhCasxC,CAAatyC,aAqBnBjL,eAAsBiL,EAAG6B,GAC9B,MAAM9B,QAAmBiO,EAAKuE,gBAE9B,OADA1Q,EAAIA,GAAK,IAAI9B,EAAW,GACjB8B,EAAEV,OAAOnB,EAAEQ,MAAOR,GAAGqB,OAC9B,CAtBakxC,CAAOvyC,YAyJbjL,eAA2BiL,EAAG6P,EAAG2iC,GACtC,MAAMzyC,QAAmBiO,EAAKuE,gBACxB5O,EAAM3D,EAAEqD,YAETwM,IACHA,EAAIvQ,KAAKC,IAAI,EAAIoE,EAAM,GAAM,IAG/B,MAAM8c,EAAKzgB,EAAEQ,MAGb,IAAIiR,EAAI,EACR,MAAQgP,EAAGrd,OAAOqO,IAAMA,IACxB,MAAM4K,EAAIrc,EAAEuC,WAAW,IAAIxC,EAAW0R,IAEtC,KAAO5B,EAAI,EAAGA,IAAK,CAGjB,IAKIhZ,EALA6J,GAFM8xC,EAAOA,UAAeV,GAAoB,IAAI/xC,EAAW,GAAI0gB,IAE7Dtf,OAAOkb,EAAGrc,GACpB,IAAIU,EAAEW,UAAWX,EAAE8B,MAAMie,GAAzB,CAKA,IAAK5pB,EAAI,EAAGA,EAAI4a,EAAG5a,IAAK,CAGtB,GAFA6J,EAAIA,EAAEI,IAAIJ,GAAGQ,IAAIlB,GAEbU,EAAEW,QACJ,OAAO,EAET,GAAIX,EAAE8B,MAAMie,GACV,MAIJ,GAAI5pB,IAAM4a,EACR,OAAO,GAIX,OAAO,CACT,CA/LaghC,CAAYzyC,EAAG6P,IAM5B,CAuBA,MAAMuiC,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MC1JtC,MAAMM,GAAe,GAyCd,SAASC,GAAUxlC,EAASylC,GACjC,MAAMC,EAAU1lC,EAAQnY,OAExB,GAAI69C,EAAUD,EAAY,GACxB,MAAU97C,MAAM,oBAIlB,MAAMg8C,EA7BR,SAAyB99C,GACvB,MAAMK,EAAS,IAAIoB,WAAWzB,GAC9B,IAAIqiC,EAAQ,EACZ,KAAOA,EAAQriC,GAAQ,CACrB,MAAM28C,EAAcE,GAAe78C,EAASqiC,GAC5C,IAAK,IAAIxgC,EAAI,EAAGA,EAAI86C,EAAY38C,OAAQ6B,IACf,IAAnB86C,EAAY96C,KACdxB,EAAOgiC,KAAWsa,EAAY96C,IAIpC,OAAOxB,CACT,CAiBa09C,CAAgBH,EAAYC,EAAU,GAG3C79B,EAAU,IAAIve,WAAWm8C,GAM/B,OAJA59B,EAAQ,GAAK,EACbA,EAAQ9d,IAAI47C,EAAI,GAEhB99B,EAAQ9d,IAAIiW,EAASylC,EAAYC,GAC1B79B,CACT,CAUO,SAASg+B,GAAUh+B,EAASi+B,GAEjC,IAAIlvC,EAAS,EACTmvC,EAAoB,EACxB,IAAK,IAAI3iC,EAAIxM,EAAQwM,EAAIyE,EAAQhgB,OAAQub,IACvC2iC,GAAoC,IAAfl+B,EAAQzE,GAC7BxM,GAAUmvC,EAGZ,MAAMC,EAAQpvC,EAAS,EACjBqvC,EAAUp+B,EAAQnV,SAASkE,EAAS,GACpCsvC,EAAgC,IAAfr+B,EAAQ,GAA0B,IAAfA,EAAQ,GAAWm+B,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOjlC,EAAKsG,iBAAiB++B,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAUt8C,MAAM,mBAClB,CAUO/B,eAAeu+C,GAAWlQ,EAAMvN,EAAQ0d,GAC7C,IAAI18C,EACJ,GAAIg/B,EAAO7gC,SAAW4S,GAAKy7B,kBAAkBD,GAC3C,MAAUtsC,MAAM,uBAIlB,MAAM08C,EAAa,IAAI/8C,WAAWi8C,GAAatP,GAAMpuC,QACrD,IAAK6B,EAAI,EAAGA,EAAI67C,GAAatP,GAAMpuC,OAAQ6B,IACzC28C,EAAW38C,GAAK67C,GAAatP,GAAMvsC,GAGrC,MAAM48C,EAAOD,EAAWx+C,OAAS6gC,EAAO7gC,OACxC,GAAIu+C,EAAQE,EAAO,GACjB,MAAU38C,MAAM,6CAIlB,MAAMg8C,EAAK,IAAIr8C,WAAW88C,EAAQE,EAAO,GAAGC,KAAK,KAI3CC,EAAK,IAAIl9C,WAAW88C,GAK1B,OAJAI,EAAG,GAAK,EACRA,EAAGz8C,IAAI47C,EAAI,GACXa,EAAGz8C,IAAIs8C,EAAYD,EAAQE,GAC3BE,EAAGz8C,IAAI2+B,EAAQ0d,EAAQ1d,EAAO7gC,QACvB2+C,CACT,CAhIAjB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGChBd,MAAMxQ,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBmhC,QAAoB,EAGpBC,GAAgB1R,GAAayR,GAAKE,OAAO,iBAAiB,WAC9DlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,kBAAkBypC,MAC3BrgD,KAAK4W,IAAI,mBAAmBypC,MAC5BrgD,KAAK4W,IAAI,UAAUypC,MACnBrgD,KAAK4W,IAAI,UAAUypC,MACnBrgD,KAAK4W,IAAI,aAAaypC,MACtBrgD,KAAK4W,IAAI,aAAaypC,MACtBrgD,KAAK4W,IAAI,eAAeypC,MAE5B,SAAKp/C,EAECq/C,GAAe/R,GAAayR,GAAKE,OAAO,iBAAiB,WAC7DlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,kBAAkBypC,MAE/B,SAAKp/C,yDAgBEE,eAAoBo/C,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,GAC3D,GAAIn4B,IAASsQ,EAAK5X,SAASsH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aAyPRrd,eAAuBq/C,EAAU12C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAQpD,MAAM4mB,QAyMRt/C,eAA4BiL,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACzC,MAAM1tB,QAAmBiO,EAAKuE,gBACxB+hC,EAAO,IAAIv0C,EAAWimB,GACtBuuB,EAAO,IAAIx0C,EAAWmC,GACtBsyC,EAAO,IAAIz0C,EAAWsc,GAE5B,IAAIo4B,EAAKD,EAAKtzC,IAAIqzC,EAAK/zC,OACnBk0C,EAAKF,EAAKtzC,IAAIozC,EAAK9zC,OAGvB,OAFAk0C,EAAKA,EAAG9wC,eACR6wC,EAAKA,EAAG7wC,eACD,CACL+wC,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtB/H,EAAGwd,GAAgBxd,GAAG,GACtBokB,EAAG5G,GAAgB4G,GAAG,GAEtB2J,EAAGvQ,GAAgBvT,GAAG,GACtBA,EAAGuT,GAAgBuQ,GAAG,GAEtB0uB,GAAIj/B,GAAgBg/B,GAAI,GACxBA,GAAIh/B,GAAgBi/B,GAAI,GACxBE,GAAIn/B,GAAgBgY,GAAG,GACvBonB,KAAK,EAET,CAjOoBC,CAAa90C,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACxC2V,EAAO,CACXtkC,KAAM,oBACN8I,KAAM,CAAE9I,KAAMs1C,IAEV5pC,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAKjR,GAAM,EAAO,CAAC,SAChE,OAAO,IAAI3sC,iBAAiByrC,GAAUwO,KAAK,oBAAqBlmC,EAAK9M,GACvE,CAxQqBq3C,CAAQpgC,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GAAWz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC/E,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAqQN1d,eAAwBo/C,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GACrD,MAAQjb,QAASyiC,SAAaphD,gDACxBqhD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1B3E,EAAOvO,GAAWmT,WAAW3gC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC1DzD,EAAKh7C,MAAMgI,GACXgzC,EAAKvxC,MACL,MAAMo2C,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,GACvBy9C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,QAA2C,IAAhC0U,GAAW6T,iBAAkC,CACtD,MAAMC,EAAMpC,GAAc/iC,OAAOykC,EAAW,OAC5C,OAAO,IAAI9+C,WAAWi6C,EAAKA,KAAK,CAAElmC,IAAKyrC,EAAKC,OAAQ,MAAOtoC,KAAM,WAEnE,MAAMuoC,EAAMtC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAET,OAAO,IAAI3/C,WAAWi6C,EAAKA,KAAKyF,GAClC,CApSaE,CAASlC,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAGnD,OAsOF14B,eAAsBo/C,EAAUn0C,EAAGqc,EAAGwZ,GACpC,MAAM91B,QAAmBiO,EAAKuE,gBAC9BvS,EAAI,IAAID,EAAWC,GACnB,MAAMgB,EAAI,IAAIjB,QAAiBuzC,GAAWa,EAAUte,EAAQ71B,EAAEjI,eAE9D,GADAskB,EAAI,IAAItc,EAAWsc,GACfrb,EAAE4B,IAAI5C,GACR,MAAUlJ,MAAM,2CAElB,OAAOkK,EAAEG,OAAOkb,EAAGrc,GAAG4D,aAAa,KAAM5D,EAAEjI,aAC7C,CA/OSu+C,CAAOnC,EAAUn0C,EAAGqc,EAAGwZ,EAChC,SAaO9gC,eAAsBo/C,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,EAAG49B,GACpD,GAAIn4B,IAASsQ,EAAK5X,SAASsH,GACzB,GAAIsQ,EAAKoE,eACP,IACE,aA8RRrd,eAAyBq/C,EAAU12C,EAAM+T,EAAGzR,EAAG/H,GAC7C,MAAMo8C,EAiLR,SAAqBr0C,EAAG/H,GACtB,MAAO,CACL08C,IAAK,MACL30C,EAAGyV,GAAgBzV,GAAG,GACtB/H,EAAGwd,GAAgBxd,GAAG,GACtB48C,KAAK,EAET,CAxLc0B,CAAYv2C,EAAG/H,GACrBuS,QAAY03B,GAAUgC,UAAU,MAAOmQ,EAAK,CAChDv1C,KAAM,oBACN8I,KAAM,CAAE9I,KAAOs1C,KACd,EAAO,CAAC,WACX,OAAOlS,GAAU+O,OAAO,oBAAqBzmC,EAAKiH,EAAG/T,EACvD,CArSqB84C,CAAU7hC,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GAAWz2C,EAAM+T,EAAGzR,EAAG/H,GACxE,MAAO+8C,GACPhnC,EAAK4D,gBAAgBojC,QAElB,GAAIhnC,EAAKyE,gBACd,OAkSN1d,eAA0Bo/C,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,GAC9C,MAAQua,QAASyiC,SAAaphD,gDAExBo9C,EAAS9O,GAAWsU,aAAa9hC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC9DlD,EAAOv7C,MAAMgI,GACbuzC,EAAO9xC,MACP,MAAMo2C,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,cAEvCpD,EAAM0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAC1Ca,MAAO,mBAGX,IACE,aAAanF,EAAOA,OAAOzmC,EAAKiH,GAChC,MAAOujC,GACP,OAAO,EAEX,CA1Ta0B,CAAWvC,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,GAG5C,OAyQFlD,eAAwBo/C,EAAU1iC,EAAGzR,EAAG/H,EAAG49B,GACzC,MAAM91B,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnByR,EAAI,IAAI1R,EAAW0R,GACnBxZ,EAAI,IAAI8H,EAAW9H,GACfwZ,EAAE7O,IAAI5C,GACR,MAAUlJ,MAAM,6CAElB,MAAM6/C,EAAMllC,EAAEtQ,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,cAC1C6+C,QAAYtD,GAAWa,EAAUte,EAAQ71B,EAAEjI,cACjD,OAAOiW,EAAKqD,iBAAiBslC,EAAKC,EACpC,CApRSC,CAAS1C,EAAU1iC,EAAGzR,EAAG/H,EAAG49B,EACrC,UAUO9gC,eAAuB2I,EAAMsC,EAAG/H,GACrC,OAAI+V,EAAKyE,gBA6SX1d,eAA2B2I,EAAMsC,EAAG/H,GAClC,MAAQua,QAASyiC,SAAaphD,gDAExB0hD,EAAY,CAChBxD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,IAEzB,IAAIuS,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADI0pC,GAAapjC,OAAOykC,EAAW,OACzBW,OAAQ,MAAOtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBACzE,CAILvsC,EAAM,CAAEA,IAHI0pC,GAAapjC,OAAOykC,EAAW,MAAO,CAChDa,MAAO,mBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,OAAO,IAAItgD,WAAW0rC,GAAW6U,cAAcxsC,EAAK9M,GACtD,CA9TWqmC,CAAYrmC,EAAMsC,EAAG/H,GAgUhClD,eAAyB2I,EAAMsC,EAAG/H,GAChC,MAAM8H,QAAmBiO,EAAKuE,gBAI9B,GAHAvS,EAAI,IAAID,EAAWC,GACnBtC,EAAO,IAAIqC,EAAW4yC,GAAUj1C,EAAMsC,EAAEjI,eACxCE,EAAI,IAAI8H,EAAW9H,GACfyF,EAAKkF,IAAI5C,GACX,MAAUlJ,MAAM,2CAElB,OAAO4G,EAAKyD,OAAOlJ,EAAG+H,GAAG4D,aAAa,KAAM5D,EAAEjI,aAChD,CAvUSk/C,CAAUv5C,EAAMsC,EAAG/H,EAC5B,UAiBOlD,eAAuB2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAIpD,GAAIjlC,EAAKyE,kBAAoBwgC,EAC3B,IACE,aAiTNl+C,eAA2B2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAQjb,QAASyiC,SAAaphD,gDAExBqhD,EAAQ,IAAID,EAAGjvB,GACfmvB,EAAQ,IAAIF,EAAG/yC,GACfkzC,EAAQ,IAAIH,EAAG54B,GACfo4B,EAAKW,EAAMl0C,IAAIi0C,EAAME,KAAK,IAC1BX,EAAKU,EAAMl0C,IAAIg0C,EAAMG,KAAK,IAC1BE,EAAY,CAChBC,QAAS,EACTzD,QAAS,IAAIkD,EAAGj1C,GAChBy1C,eAAgB,IAAIR,EAAGh9C,GACvBy9C,gBAAiB,IAAIT,EAAG54B,GAExBs5B,OAAQ,IAAIV,EAAG/yC,GACf0zC,OAAQ,IAAIX,EAAGjvB,GAEf6vB,UAAWpB,EACXqB,UAAWpB,EACXqB,YAAa,IAAId,EAAGxnB,IAEtB,IAAIjjB,EACJ,QAA2C,IAAhC23B,GAAW6T,iBAAkC,CAEtDxrC,EAAM,CAAEA,IADIqpC,GAAc/iC,OAAOykC,EAAW,OAC1BW,OAAQ,MAAQtoC,KAAM,QAASmX,QAASod,GAAW2U,UAAUC,uBAC1E,CAILvsC,EAAM,CAAEA,IAHIqpC,GAAc/iC,OAAOykC,EAAW,MAAO,CACjDa,MAAO,oBAESrxB,QAASod,GAAW2U,UAAUC,mBAElD,IACE,OAAO,IAAItgD,WAAW0rC,GAAW+U,eAAe1sC,EAAK9M,IACrD,MAAOs3C,GACP,MAAUl+C,MAAM,oBAEpB,CArVmBkuC,CAAYtnC,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAC9C,MAAOunB,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,OAkVFjgD,eAAyB2I,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAC/C,MAAMlzC,QAAmBiO,EAAKuE,gBAQ9B,GAPA7U,EAAO,IAAIqC,EAAWrC,GACtBsC,EAAI,IAAID,EAAWC,GACnB/H,EAAI,IAAI8H,EAAW9H,GACnBokB,EAAI,IAAItc,EAAWsc,GACnB2J,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBurB,EAAI,IAAI1tB,EAAW0tB,GACf/vB,EAAKkF,IAAI5C,GACX,MAAUlJ,MAAM,mBAElB,MAAM29C,EAAKp4B,EAAEnb,IAAIgB,EAAE1B,OACbk0C,EAAKr4B,EAAEnb,IAAI8kB,EAAExlB,OAEb22C,SAAmBrF,GAAoB,IAAI/xC,EAAW,GAAIC,IAAIkB,IAAIlB,GAClEo3C,EAAUD,EAAUz1C,OAAO1B,GAAGmB,OAAOlJ,EAAG+H,GAC9CtC,EAAOA,EAAKoD,IAAIs2C,GAASl2C,IAAIlB,GAG7B,MAAMq3C,EAAK35C,EAAKyD,OAAOuzC,EAAI1uB,GACrBsxB,EAAK55C,EAAKyD,OAAOszC,EAAIvyC,GACrB6N,EAAI0d,EAAE3sB,IAAIw2C,EAAG12C,IAAIy2C,IAAKn2C,IAAIgB,GAEhC,IAAI7M,EAAS0a,EAAEjP,IAAIklB,GAAGnsB,IAAIw9C,GAK1B,OAHAhiD,EAASA,EAAOyL,IAAIq2C,GAAWj2C,IAAIlB,GAG5BgzC,GAAU39C,EAAOuO,aAAa,KAAM5D,EAAEjI,cAAek7C,EAC9D,CAhXSsE,CAAU75C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,EAC3C,WAeOl+C,eAAwBod,EAAMla,GAMnC,GAHAA,EAAI,UAFqB+V,EAAKuE,iBAEXta,GAGf+V,EAAKoE,eAAgB,CACvB,MAAMolC,EAAY,CAChB14C,KAAM,oBACN24C,cAAetlC,EACfsjC,eAAgBx9C,EAAE2L,eAClBgE,KAAM,CACJ9I,KAAM,UAGJ0xC,QAAgBtO,GAAUwV,YAAYF,GAAW,EAAM,CAAC,OAAQ,WAIhEnD,QAAYnS,GAAUyV,UAAU,MAAOnH,EAAQpjC,YAErD,MAAO,CACLpN,EAAGsV,GAAgB++B,EAAIr0C,GACvB/H,EAAGA,EAAE2L,eACLyY,EAAG/G,GAAgB++B,EAAIh4B,GAEvB2J,EAAG1Q,GAAgB++B,EAAInyC,GACvBA,EAAGoT,GAAgB++B,EAAIruB,GAEvByH,EAAGnY,GAAgB++B,EAAIO,KAEpB,GAAI5mC,EAAKyE,iBAAmB0vB,GAAWyV,iBAAmB/D,GAAe,CAC9E,MAAMgE,EAAO,CACXJ,cAAetlC,EACfsjC,eAAgBx9C,EAAE+K,WAClB80C,kBAAmB,CAAElqC,KAAM,QAASsoC,OAAQ,OAC5C6B,mBAAoB,CAAEnqC,KAAM,QAASsoC,OAAQ,QAEzC8B,QAAY,IAAInkD,SAAQ,CAACC,EAASC,KACtCouC,GAAWyV,gBAAgB,MAAOC,GAAM,CAAC7C,EAAKiD,EAAGhC,KAC3CjB,EACFjhD,EAAOihD,GAEPlhD,EAAQ+/C,GAAc3iC,OAAO+kC,EAAK,UAEpC,IAOJ,MAAO,CACLj2C,EAAGg4C,EAAIjG,QAAQmG,YAAYzhD,YAC3BwB,EAAG+/C,EAAIvC,eAAeyC,YAAYzhD,YAClC4lB,EAAG27B,EAAItC,gBAAgBwC,YAAYzhD,YAEnCuvB,EAAGgyB,EAAIpC,OAAOsC,YAAYzhD,YAC1ByL,EAAG81C,EAAIrC,OAAOuC,YAAYzhD,YAE1Bg3B,EAAGuqB,EAAIjC,YAAYmC,YAAYzhD,aAOnC,IAAIuvB,EACA9jB,EACAlC,EACJ,GACEkC,QAAU8vC,GAAoB7/B,GAAQA,GAAQ,GAAIla,EAAG,IACrD+tB,QAAUgsB,GAAoB7/B,GAAQ,EAAGla,EAAG,IAC5C+H,EAAIgmB,EAAEllB,IAAIoB,SACHlC,EAAEqD,cAAgB8O,GAE3B,MAAMgmC,EAAMnyB,EAAExlB,MAAMK,KAAKqB,EAAE1B,OAM3B,OAJI0B,EAAEO,GAAGujB,MACNA,EAAG9jB,GAAK,CAACA,EAAG8jB,IAGR,CACLhmB,EAAGA,EAAE4D,eACL3L,EAAGA,EAAE2L,eACLyY,EAAGpkB,EAAEyJ,OAAOy2C,GAAKv0C,eACjBoiB,EAAGA,EAAEpiB,eACL1B,EAAGA,EAAE0B,eAGL6pB,EAAGzH,EAAEtkB,OAAOQ,GAAG0B,eAEnB,iBAaO7O,eAA8BiL,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAClD,MAAM1tB,QAAmBiO,EAAKuE,gBAM9B,GALAvS,EAAI,IAAID,EAAWC,GACnBgmB,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,IAGd8jB,EAAEllB,IAAIoB,GAAGM,MAAMxC,GAClB,OAAO,EAGT,MAAMomC,EAAM,IAAIrmC,EAAW,GAG3B,GADA0tB,EAAI,IAAI1tB,EAAW0tB,IACdzH,EAAEllB,IAAI2sB,GAAGvsB,IAAIgB,GAAGb,QACnB,OAAO,EAGTpJ,EAAI,IAAI8H,EAAW9H,GACnBokB,EAAI,IAAItc,EAAWsc,GAQnB,MAAM+7B,EAAa,IAAIr4C,EAAWT,KAAKsP,MAAM5O,EAAEqD,YAAc,IACvD9B,QAAUuwC,GAAoB1L,EAAKA,EAAI/jC,UAAU+1C,IACjDC,EAAM92C,EAAET,IAAIub,GAAGvb,IAAI7I,GAGzB,SADoBogD,EAAIn3C,IAAI8kB,EAAExlB,OAAOgC,MAAMjB,KAAM82C,EAAIn3C,IAAIgB,EAAE1B,OAAOgC,MAAMjB,GAM1E,8DCjROxM,eAAuB2I,EAAMsoB,EAAGuS,EAAGz2B,GACxC,MAAM/B,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MACMd,EAAI,IAAIjB,EADC4yC,GAAUj1C,EAAMsoB,EAAEjuB,eAK3B8X,QAAUiiC,GAAoB,IAAI/xC,EAAW,GAAIimB,EAAExlB,OACzD,MAAO,CACL2gB,GAAIoX,EAAEp3B,OAAO0O,EAAGmW,GAAGpiB,eACnBwd,GAAItf,EAAEX,OAAO0O,EAAGmW,GAAGnlB,KAAKG,GAAGD,KAAKilB,GAAGpiB,eAEvC,UAcO7O,eAAuBosB,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAC1C,MAAMlzC,QAAmBiO,EAAKuE,gBAO9B,OANA4O,EAAK,IAAIphB,EAAWohB,GACpBC,EAAK,IAAIrhB,EAAWqhB,GACpB4E,EAAI,IAAIjmB,EAAWimB,GACnBtlB,EAAI,IAAIX,EAAWW,GAGZsyC,GADQ7xB,EAAGhgB,OAAOT,EAAGslB,GAAGtkB,OAAOskB,GAAGnlB,KAAKugB,GAAIrgB,KAAKilB,GAC/BpiB,aAAa,KAAMoiB,EAAEjuB,cAAek7C,EAC9D,iBAWOl+C,eAA8BixB,EAAGuS,EAAGz2B,EAAGpB,GAC5C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnBuS,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAIT,MAAMsyB,EAAQ,IAAIv4C,EAAWimB,EAAE3iB,aACzBk1C,EAAQ,IAAIx4C,EAAW,MAC7B,GAAIu4C,EAAM71C,GAAG81C,GACX,OAAO,EAOT,IAAKhgB,EAAEp3B,OAAO6kB,EAAExlB,MAAOwlB,GAAG3kB,QACxB,OAAO,EAST,IAAI0B,EAAMw1B,EACV,MAAM1hC,EAAI,IAAIkJ,EAAW,GACnBy4C,EAAY,IAAIz4C,EAAW,GAAGsC,UAAU,IAAItC,EAAW,KAC7D,KAAOlJ,EAAE4L,GAAG+1C,IAAY,CAEtB,GADAz1C,EAAMA,EAAIjC,IAAIy3B,GAAGx3B,KAAKilB,GAClBjjB,EAAI1B,QACN,OAAO,EAETxK,EAAEwJ,OASJK,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUi2C,EAAM93C,OAAQ4lC,EAAI/jC,UAAUi2C,IACxEG,EAAMzyB,EAAExlB,MAAMK,KAAKU,GAAGd,KAAKC,GACjC,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,IC5GA,MAAM0yB,GACJhlD,YAAYilD,GACV,GAAIA,aAAeD,GACjB9kD,KAAK+kD,IAAMA,EAAIA,SACV,GAAI3qC,EAAK5Z,QAAQukD,IACb3qC,EAAKxX,aAAamiD,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAIliD,WAAWkiD,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAI3jD,OAAS,EAC1B,MAAU8B,MAAM,sCAElB6hD,EAAMA,EAAI94C,SAAS,GAErBjM,KAAK+kD,IAAMA,OAEX/kD,KAAK+kD,IAAM,GASf7jD,KAAKZ,GACH,GAAIA,EAAMc,QAAU,EAAG,CACrB,MAAMA,EAASd,EAAM,GACrB,GAAIA,EAAMc,QAAU,EAAIA,EAEtB,OADApB,KAAK+kD,IAAMzkD,EAAM2L,SAAS,EAAG,EAAI7K,GAC1B,EAAIpB,KAAK+kD,IAAI3jD,OAGxB,MAAU8B,MAAM,eAOlBpB,QACE,OAAOsY,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK+kD,IAAI3jD,SAAUpB,KAAK+kD,MAOxE19B,QACE,OAAOjN,EAAK8B,gBAAgBlc,KAAK+kD,KAOnCC,UACE,MAAM34C,EAAMrM,KAAKqnB,QACjB,GAAItG,EAAMvQ,MAAMnE,GACd,OAAO0U,EAAMjf,MAAMif,EAAMvQ,MAAOnE,GAEhC,MAAUnJ,MAAM,qCCzEf,SAAS+hD,GAAeC,EAAcC,GAE3C,OADgBD,EAAatI,QAAQ,CAAEuI,KAAMA,GAE/C,CAEO,SAASC,GAAcF,EAAcG,GAC1C,MAAMzI,EAAUsI,EAAatI,QAAQ,CAAEyI,IAAKA,IAC5C,IAAkC,IAA9BzI,EAAQ0I,WAAW7jD,OACrB,MAAUyB,MAAM,+BAElB,OAAO05C,CACT,CAEOz7C,eAAeokD,GAAgBr6C,GACpC,IAAKuZ,GAAOV,mBACV,MAAU7gB,MAAM,gEAElB,MAAQ0b,QAAS4mC,SAAmBvlD,gDACpC,OAAO,IAAIulD,EAASC,GAAGv6C,EACzB,CCjBO,SAASw6C,GAAiBx+C,GAC/B,IACIiJ,EADAJ,EAAM,EAEV,MAAMiK,EAAO9S,EAAM,GAcnB,OAXI8S,EAAO,MACRjK,GAAO7I,EACRiJ,EAAS,GACA6J,EAAO,KAChBjK,GAAQ7I,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CiJ,EAAS,GACS,MAAT6J,IACTjK,EAAMqK,EAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IACxCkE,EAAS,GAGJ,CACLJ,IAAKA,EACLI,OAAQA,EAEZ,CASO,SAASw1C,GAAkBvkD,GAChC,OAAIA,EAAS,IACJ,IAAIyB,WAAW,CAACzB,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIyB,WAAW,CAAyB,KAAtBzB,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEgZ,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOuX,EAAKM,YAAYtZ,EAAQ,IAChF,CAEO,SAASwkD,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAU3iD,MAAM,iDAElB,OAAO,IAAIL,WAAW,CAAC,IAAMgjD,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIljD,WAAW,CAAC,IAAOkjD,GAChC,CAUO,SAASC,GAAYD,EAAU3kD,GAEpC,OAAOgZ,EAAKtX,iBAAiB,CAACgjD,GAASC,GAAWJ,GAAkBvkD,IACtE,CAOO,SAAS6kD,GAAkB5lC,GAChC,MAAO,CACLU,EAAMlM,OAAOU,YACbwL,EAAMlM,OAAOO,eACb2L,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBACb0L,SAASnB,EACb,CASOlf,eAAe+kD,GAAY5lD,EAAO2E,GACvC,MAAMM,EAASghB,EAAiBjmB,GAChC,IAAII,EACAylD,EACJ,IACE,MAAMC,QAAoB7gD,EAAO0B,UAAU,GAE3C,IAAKm/C,GAAeA,EAAYhlD,OAAS,GAAiC,IAAV,IAAjBglD,EAAY,IACzD,MAAUljD,MAAM,iGAElB,MAAMmjD,QAAmB9gD,EAAOoB,WAChC,IAEI2/C,EAOAC,EATAlmC,GAAO,EACPiiC,GAAU,EAGdA,EAAS,EACmB,IAAV,GAAb+D,KACH/D,EAAS,GAIPA,EAEFjiC,EAAmB,GAAbgmC,GAGNhmC,GAAoB,GAAbgmC,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BP,GAAkB5lC,GAClD,IAiBIomC,EAjBA5xC,EAAS,KACb,GAAI2xC,EAAyB,CAC3B,GAA6B,UAAzBpsC,EAAK5X,SAASlC,GAAoB,CACpC,MAAM4L,EAAc,IAAIw6C,EACxBhmD,EAAS8lB,EAAiBta,GAC1B2I,EAAS3I,MACJ,CACL,MAAM/D,EAAY,IAAIw+C,EACtBjmD,EAAS8lB,EAAiBre,EAAUM,UACpCoM,EAAS1M,EAAUK,SAGrB29C,EAAmBlhD,EAAS,CAAEob,MAAKxL,gBAEnCA,EAAS,GAIX,EAAG,CACD,GAAKytC,EAiCE,CAEL,MAAMsE,QAAmBrhD,EAAOoB,WAEhC,GADA8/C,GAAmB,EACfG,EAAa,IACfN,EAAeM,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CN,GAAiBM,EAAa,KAAQ,SAAYrhD,EAAOoB,WAAc,SAElE,GAAIigD,EAAa,KAAOA,EAAa,KAG1C,GAFAN,EAAe,IAAmB,GAAbM,GACrBH,GAAmB,GACdD,EACH,MAAM,IAAI30B,UAAU,2DAItBy0B,QAAsB/gD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,gBAlDtB,OAAQ4/C,GACN,KAAK,EAGHD,QAAqB/gD,EAAOoB,WAC5B,MACF,KAAK,EAGH2/C,QAAsB/gD,EAAOoB,YAAc,QAAWpB,EAAOoB,WAC7D,MACF,KAAK,EAGH2/C,QAAsB/gD,EAAOoB,YAAc,SAAapB,EAAOoB,YAAc,SAAapB,EAAOoB,YAC/F,QAAWpB,EAAOoB,WACpB,MACF,QAWE2/C,EAAe96C,IAyBrB,GAAI86C,EAAe,EAAG,CACpB,IAAI76C,EAAY,EAChB,OAAa,CACP/K,SAAcA,EAAOuI,MACzB,MAAM3H,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OACrC,GAAII,EAAM,CACR,GAAIglD,IAAiB96C,IAAU,MAC/B,MAAUtI,MAAM,4BAElB,MAAMnB,EAAQukD,IAAiB96C,IAAWnK,EAAQA,EAAM4K,SAAS,EAAGq6C,EAAe76C,GAInF,GAHI/K,QAAcA,EAAOoB,MAAMC,GAC1B8S,EAAOhT,KAAKE,GACjB0J,GAAapK,EAAMD,OACfqK,GAAa66C,EAAc,CAC7B/gD,EAAOmB,QAAQrF,EAAM4K,SAASq6C,EAAe76C,EAAYpK,EAAMD,SAC/D,eAICqlD,GAiCT,MAAMI,QAAmBthD,EAAO0B,UAAUu/C,EAA0Bh7C,IAAW,GAS/E,OARI9K,SACIA,EAAOuI,YACPvI,EAAOsB,UAEb6S,EAASuF,EAAKtX,iBAAiB+R,SAEzB5P,EAAS,CAAEob,MAAKxL,aAEhBgyC,IAAeA,EAAWzlD,OAClC,MAAOiD,GACP,GAAI3D,EAEF,aADMA,EAAOuB,MAAMoC,IACZ,EAEP,MAAMA,UAGJ3D,SACIylD,EAER5gD,EAAO3E,cAEX,CAEO,MAAMkmD,WAAyB5jD,MACpCpD,eAAeinD,GACbhnD,SAASgnD,GAEL7jD,MAAM8jD,mBACR9jD,MAAM8jD,kBAAkBhnD,KAAM8mD,IAGhC9mD,KAAKkL,KAAO,oBAIT,MAAM+7C,GACXnnD,YAAYugB,EAAK6mC,GACflnD,KAAKqgB,IAAMA,EACXrgB,KAAKknD,WAAaA,EAGpBplD,QACE,OAAO9B,KAAKknD,YC9RhB,MAAM5Y,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAElBsoC,GAAY,CAChB12C,KAAQ,QACRG,KAAQ,QACRE,KAAQ,SAEJs2C,GAAc7Y,GAAaA,GAAW8Y,YAAc,GACpDC,GAAa/Y,GAAa,CAC9Bv9B,UAAWo2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EAC7DwP,KAAM22C,GAAY5lC,SAAS,cAAgB,kBAAevgB,EAC1D2P,KAAMw2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EACxD6P,KAAMs2C,GAAY5lC,SAAS,aAAe,iBAAcvgB,EACxDkQ,QAASi2C,GAAY5lC,SAAS,WAAa,eAAYvgB,EACvDuQ,WAAY41C,GAAY5lC,SAAS,UAAY,cAAWvgB,EACxDyQ,gBAAiB01C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,EAC/E0Q,gBAAiBy1C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,EAC/E2Q,gBAAiBw1C,GAAY5lC,SAAS,mBAAqB,uBAAoBvgB,GAC7E,GAEEsmD,GAAS,CACb92C,KAAM,CACJs0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5DyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW72C,KACjBi3C,IAAKP,GAAU12C,KACfk3C,YAAa,GACbC,WAAY,KAEdh3C,KAAM,CACJm0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW12C,KACjB82C,IAAKP,GAAUv2C,KACf+2C,YAAa,GACbC,WAAY,KAEd92C,KAAM,CACJi0C,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAWx2C,KACjB42C,IAAKP,GAAUr2C,KACf62C,YAAa,GACbC,WAAY,KAEd52C,UAAW,CACT+zC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1CyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAWt2C,UACjB22C,YAAa,IAEfx2C,QAAS,CACP4zC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClEyC,QAASzmC,EAAM7O,UAAUQ,YACzBsB,KAAM+M,EAAM/M,KAAKM,OACjBmzC,MAAM,EACNE,YAAa,IAEfn2C,WAAY,CACVuzC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxEyC,QAASzmC,EAAM7O,UAAUM,KACzBwB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,MAAM,EACNE,YAAa,IAEfj2C,gBAAiB,CACfqzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKI,OACjByZ,OAAQ9M,EAAM9N,UAAUM,OACxBk0C,KAAMH,GAAW51C,gBACjBi2C,YAAa,IAEfh2C,gBAAiB,CACfozC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKK,OACjBwZ,OAAQ9M,EAAM9N,UAAUO,OACxBi0C,KAAMH,GAAW31C,gBACjBg2C,YAAa,IAEf/1C,gBAAiB,CACfmzC,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClEyC,QAASzmC,EAAM7O,UAAUO,MACzBuB,KAAM+M,EAAM/M,KAAKM,OACjBuZ,OAAQ9M,EAAM9N,UAAUQ,OACxBg0C,KAAMH,GAAW11C,gBACjB+1C,YAAa,KAIjB,MAAME,GACJ/nD,YAAYgoD,EAAWf,GACrB,KACM3sC,EAAK5Z,QAAQsnD,IACb1tC,EAAKxX,aAAaklD,MAEpBA,EAAY,IAAIhD,GAAIgD,IAElBA,aAAqBhD,KAEvBgD,EAAYA,EAAU9C,WAGxBhlD,KAAKkL,KAAO6V,EAAMjf,MAAMif,EAAMvQ,MAAOs3C,GACrC,MAAO1G,GACP,MAAM,IAAI0F,GAAiB,iBAE7BC,EAASA,GAAUQ,GAAOvnD,KAAKkL,MAE/BlL,KAAKwnD,QAAUT,EAAOS,QAEtBxnD,KAAK+kD,IAAMgC,EAAOhC,IAClB/kD,KAAKgU,KAAO+yC,EAAO/yC,KACnBhU,KAAK6tB,OAASk5B,EAAOl5B,OACrB7tB,KAAKynD,KAAOV,EAAOU,MAAQF,GAAOvnD,KAAKkL,MACvClL,KAAK0nD,IAAMX,EAAOW,KAAOH,GAAOvnD,KAAKkL,MACrClL,KAAK2nD,YAAcZ,EAAOY,YACtB3nD,KAAK0nD,KAAOttC,EAAKoE,eACnBxe,KAAKga,KAAO,MACHha,KAAKynD,MAAQrtC,EAAKyE,gBAC3B7e,KAAKga,KAAO,OACW,eAAdha,KAAKkL,KACdlL,KAAKga,KAAO,aACW,YAAdha,KAAKkL,OACdlL,KAAKga,KAAO,WAIhB7Y,mBACE,IAAIy7C,EACJ,OAAQ58C,KAAKga,MACX,IAAK,MACH,IACE,aAiIV7Y,eAA6B+J,GAE3B,MAAM68C,QAAqBzZ,GAAUwV,YAAY,CAAE54C,KAAM,QAAS88C,WAAYb,GAAUj8C,KAAS,EAAM,CAAC,OAAQ,WAE1GsO,QAAmB80B,GAAUyV,UAAU,MAAOgE,EAAavuC,YAC3DtH,QAAkBo8B,GAAUyV,UAAU,MAAOgE,EAAa71C,WAEhE,MAAO,CACLA,UAAW+1C,GAAe/1C,GAC1BsH,WAAYkI,GAAgBlI,EAAWiP,GAE3C,CA5IuBy/B,CAAcloD,KAAKkL,MAChC,MAAOk2C,GACPhnC,EAAK4D,gBAAgB,6CAA+CojC,EAAI7nC,SACxE,MAEJ,IAAK,OACH,OAwIRpY,eAA8B+J,GAE5B,MAAMsH,EAAO+7B,GAAW4Z,WAAWb,GAAWp8C,IAE9C,aADMsH,EAAK41C,eACJ,CACLl2C,UAAW,IAAIrP,WAAW2P,EAAK61C,gBAC/B7uC,WAAY,IAAI3W,WAAW2P,EAAK81C,iBAEpC,CAhJeC,CAAevoD,KAAKkL,MAC7B,IAAK,aAAc,CACjB,MAAMsO,EAAaykC,GAAe,IAClCzkC,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAClB,MAAMtE,EAAYsE,EAAW9X,QAAQ2O,UACrCusC,EAAUjG,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEzC,MAAO,CAAEhD,UADSkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQ+5C,EAAQ1qC,YACrDsH,cAEtB,IAAK,UAAW,CACd,MAAMA,EAAaykC,GAAe,IAC5BrB,EAAUjG,GAAKmG,KAAKF,QAAQW,SAAS/jC,GAE3C,MAAO,CAAEtH,UADSkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQ+5C,EAAQ1qC,YACrDsH,eAGxB,MAAM0rC,QAAqBK,GAAgBvlD,KAAKkL,MAIhD,OAHA0xC,QAAgBsI,EAAasD,WAAW,CACtCC,QAASruC,EAAKqC,mBAAmBwhC,GAAe,OAE3C,CAAE/rC,UAAW,IAAIrP,WAAW+5C,EAAQ8L,UAAU,SAAS,IAASlvC,WAAYojC,EAAQ+L,aAAarE,YAAYzhD,cAuCxH1B,eAAeynD,GAAuBpZ,EAAMuV,EAAK8D,EAAGpgC,GAClD,MAAMqgC,EAAkB,CACtBr4C,MAAM,EACNG,MAAM,EACNE,MAAM,EACNE,WAAW,EACXQ,WAAYg+B,IAASzuB,EAAM7O,UAAUM,KACrCd,iBAAiB,EACjBC,iBAAiB,EACjBC,iBAAiB,GAIbm3C,EAAYhE,EAAIC,UACtB,IAAK8D,EAAgBC,GACnB,OAAO,EAGT,GAAkB,eAAdA,EAA4B,CAC9BtgC,EAAIA,EAAE/mB,QAAQ2O,UAEd,MAAM6B,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAcp0B,GAErDogC,EAAI,IAAIhmD,WAAWgmD,GACnB,MAAMG,EAAK,IAAInmD,WAAW,CAAC,MAASqP,IACpC,QAAKkI,EAAKqD,iBAAiBurC,EAAIH,GAOjC,MAAMr4C,QAAc+0C,GAAgBwD,GACpC,IAEEF,EAAIzD,GAAc50C,EAAOq4C,GAAGH,YAC5B,MAAOO,GACP,OAAO,EAQT,QADWhE,GAAez0C,EAAOiY,GAAGigC,YAC5BQ,GAAGL,EAKb,CA+CA,SAASZ,GAAexH,GACtB,MAAM0I,EAAOznC,GAAgB++B,EAAI3zC,GAC3Bs8C,EAAO1nC,GAAgB++B,EAAIvyC,GAC3BgE,EAAY,IAAIrP,WAAWsmD,EAAK/nD,OAASgoD,EAAKhoD,OAAS,GAI7D,OAHA8Q,EAAU,GAAK,EACfA,EAAU5O,IAAI6lD,EAAM,GACpBj3C,EAAU5O,IAAI8lD,EAAMD,EAAK/nD,OAAS,GAC3B8Q,CACT,CASA,SAASm3C,GAAe1B,EAAaz8C,EAAMgH,GACzC,MAAMnC,EAAM43C,EACNwB,EAAOj3C,EAAUxQ,MAAM,EAAGqO,EAAM,GAChCq5C,EAAOl3C,EAAUxQ,MAAMqO,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgxC,IAAK,KACLuI,IAAKp+C,EACL4B,EAAG+U,GAAgBsnC,GAAM,GACzBj7C,EAAG2T,GAAgBunC,GAAM,GACzBnI,KAAK,EAGT,CAUA,SAASC,GAAayG,EAAaz8C,EAAMgH,EAAWsH,GAClD,MAAMinC,EAAM4I,GAAe1B,EAAaz8C,EAAMgH,GAE9C,OADAuuC,EAAIh4B,EAAI5G,GAAgBrI,GAAY,GAC7BinC,CACT,CCjWA,MAAMnS,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAgBjB1d,eAAe27C,GAAKiI,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK5X,SAAS+W,GAAU,CACtC,MAAMqjC,EAAU,CAAE1qC,YAAWsH,cAC7B,OAAQhJ,EAAMwJ,MACZ,IAAK,MAEH,IAEE,aAwHV7Y,eAAuBqP,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAM7sC,EAAMS,EAAMm3C,YACZlH,EAAMS,GAAa1wC,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAO0xC,EAAQ1qC,UAAW0qC,EAAQpjC,YACxF5C,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,SAGGe,EAAY,IAAIlS,iBAAiByrC,GAAUwO,KAC/C,CACE5xC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,KAE5C3pC,EACA2C,IAGF,MAAO,CACL5L,EAAGoH,EAAUrT,MAAM,EAAGqO,GACtB8N,EAAG9I,EAAUrT,MAAMqO,EAAKA,GAAO,GAEnC,CArJuBoxC,CAAQ3wC,EAAO+vC,EAAUhnC,EAASqjC,GAC/C,MAAOwE,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,oCAAsCojC,EAAI7nC,SAEjE,MAEF,IAAK,OAAQ,CACX,MAAMxE,QAsKd5T,eAAwBqP,EAAO+vC,EAAUhnC,EAASqjC,GAChD,MAAME,EAAOvO,GAAWmT,WAAW3gC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC1DzD,EAAKh7C,MAAMyX,GACXujC,EAAKvxC,MACL,MAAMqL,EAAM2yC,GAAarsC,OAAO,CAC9B0kC,QAAS,EACT4H,WAAYh5C,EAAMu0C,IAClBvrC,WAAY3Z,MAAMkiB,KAAK66B,EAAQpjC,YAC/BtH,UAAW,CAAEu3C,OAAQ,EAAG3/C,KAAMjK,MAAMkiB,KAAK66B,EAAQ1qC,aAChD,MAAO,CACRswC,MAAO,mBAGT,OAAOkH,GAAepsC,OAAOw/B,EAAKA,KAAKlmC,GAAM,MAC/C,CApLgC6rC,CAASjyC,EAAO+vC,EAAUhnC,EAASqjC,GAC3D,MAAO,CACLjvC,EAAGoH,EAAUpH,EAAE22C,YAAYzhD,YAC3Bgb,EAAG9I,EAAU8I,EAAEymC,YAAYzhD,eAKnC,OAmFF1B,eAA4BqP,EAAOyxB,EAAQzoB,GACzC,MAAM0rC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMquC,GAAeC,EAAc1rC,GACnCzE,EAAY6B,EAAIkmC,KAAK7a,GAC3B,MAAO,CACLt0B,EAAGoH,EAAUpH,EAAE22C,YAAYzhD,YAC3Bgb,EAAG9I,EAAU8I,EAAEymC,YAAYzhD,YAE/B,CA3FS8mD,CAAan5C,EAAOyxB,EAAQzoB,EACrC,CAcOrY,eAAek8C,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASrH,EAAW+vB,GACzE,MAAMzxB,EAAQ,IAAIq3C,GAAa9C,GAC/B,GAAIxrC,IAAYa,EAAK5X,SAAS+W,GAC5B,OAAQ/I,EAAMwJ,MACZ,IAAK,MACH,IAEE,aA4GV7Y,eAAyBqP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC3D,MAAMuuC,EAAM4I,GAAe74C,EAAMm3C,YAAaR,GAAU32C,EAAMtF,MAAOgH,GAC/D0E,QAAY03B,GAAUgC,UAC1B,MACAmQ,EACA,CACEv1C,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAShE,EAAMwD,SAElD,EACA,CAAC,WAGGe,EAAYqF,EAAKtX,iBAAiB,CAAC6K,EAAGkQ,IAAI5Z,OAEhD,OAAOqqC,GAAU+O,OACf,CACEnyC,KAAQ,QACR88C,WAAcb,GAAU32C,EAAMtF,MAC9B8I,KAAQ,CAAE9I,KAAM6V,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,KAE5C3pC,EACA7B,EACAwE,EAEJ,CAtIuBqpC,CAAUpyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAC5D,MAAOkvC,GAIP,GAAmB,SAAf5wC,EAAMtF,OAAiC,cAAbk2C,EAAIl2C,MAAqC,mBAAbk2C,EAAIl2C,MAC5D,MAAMk2C,EAERhnC,EAAK4D,gBAAgB,sCAAwCojC,EAAI7nC,SAEnE,MACF,IAAK,OACH,OA4IRpY,eAA0BqP,EAAO+vC,GAAU5yC,EAAGkQ,EAAEA,GAAKtE,EAASrH,GAC5D,MAAQ0M,QAASyiC,SAAaphD,gDAExBo9C,EAAS9O,GAAWsU,aAAa9hC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,IAC9DlD,EAAOv7C,MAAMyX,GACb8jC,EAAO9xC,MACP,MAAMqL,EAAMgzC,GAAqB1sC,OAAO,CACtC2sC,UAAW,CACTA,UAAW,CAAC,EAAG,EAAG,IAAK,MAAO,EAAG,GACjCL,WAAYh5C,EAAMu0C,KAEpB+E,iBAAkB,CAAEL,OAAQ,EAAG3/C,KAAMjK,MAAMkiB,KAAK7P,KAC/C,MAAO,CACRswC,MAAO,eAEHztC,EAAY20C,GAAexsC,OAAO,CACtCvP,EAAG,IAAI0zC,EAAG1zC,GAAIkQ,EAAG,IAAIwjC,EAAGxjC,IACvB,OAEH,IACE,OAAOw/B,EAAOA,OAAOzmC,EAAK7B,GAC1B,MAAOqsC,GACP,OAAO,EAEX,CApKe0B,CAAWtyC,EAAO+vC,EAAUxrC,EAAWwE,EAASrH,GAI7D,OAuDF/Q,eAA8BqP,EAAOuE,EAAW+yB,EAAQ51B,GACtD,MAAMgzC,QAAqBK,GAAgB/0C,EAAMtF,MAC3C0L,EAAMwuC,GAAcF,EAAchzC,GACxC,OAAO0E,EAAIymC,OAAOvV,EAAQ/yB,EAC5B,CA3DSg1C,CAAev5C,EAAOuE,OADO,IAAbwrC,EAA4BhnC,EAAU0oB,EACb/vB,EAClD,CAsKA,MAAM8tC,QAAoB,EAEpB0J,GAAiBnb,GACrByR,GAAKE,OAAO,kBAAkB,WAC5BlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,KAAKypC,MACdrgD,KAAK4W,IAAI,KAAKypC,eAEbp/C,EAEDsoD,GAAehb,GACnByR,GAAKE,OAAO,gBAAgB,WAC1BlgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,WAAWypC,MACpBrgD,KAAK4W,IAAI,cAAcozC,SACvBhqD,KAAK4W,IAAI,cAAcqzC,SAAS,GAAGC,WAAWC,MAC9CnqD,KAAK4W,IAAI,aAAaqzC,SAAS,GAAGC,WAAWE,kBAE5CnpD,EAEDopD,GAAsB9b,GAC1ByR,GAAKE,OAAO,uBAAuB,WACjClgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,aAAa0zC,QACtBtqD,KAAK4W,IAAI,cAAcszC,WAAWC,eAEjClpD,EAED2oD,GAAuBrb,GAC3ByR,GAAKE,OAAO,wBAAwB,WAClClgD,KAAKmgD,MAAMC,IACTpgD,KAAK4W,IAAI,aAAa2zC,IAAIF,IAC1BrqD,KAAK4W,IAAI,oBAAoBwzC,kBAE5BnpD,qFA9LAE,eAA8B4jD,EAAK8D,EAAGpgC,GAC3C,MAAMjY,EAAQ,IAAIq3C,GAAa9C,GAE/B,GAAIv0C,EAAMg3C,UAAYzmC,EAAM7O,UAAUO,MACpC,OAAO,EAKT,OAAQjC,EAAMwJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMT,EAAU0kC,GAAe,GACzBsC,EAAWx/B,EAAM/M,KAAKI,OACtB6tB,QAAejuB,GAAK8zB,OAAOyY,EAAUhnC,GAC3C,IACE,MAAMxE,QAAkB+nC,GAAKiI,EAAKxE,EAAUhnC,EAASsvC,EAAGpgC,EAAGwZ,GAC3D,aAAaob,GAAO0H,EAAKxE,EAAUxrC,EAAWwE,EAASsvC,EAAG5mB,GAC1D,MAAOmf,GACP,OAAO,GAGX,QACE,OAAOwH,GAAuB7nC,EAAM7O,UAAUO,MAAOsyC,EAAK8D,EAAGpgC,GAEnE,ICzHAkuB,GAAK3iC,KAAO9M,GAAS,IAAIrE,WAAWyR,KAASmzB,OAAOvgC,GAAO4gC,iEAgBpD3mC,eAAoB4jD,EAAKxE,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACxE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QAEvE,MAAUlR,MAAM,sCAElB,MAAMgS,EAAYkF,EAAKtX,iBAAiB,CAAC0W,EAAYtH,EAAUjG,SAAS,KAClE8I,EAAY4hC,GAAKmG,KAAKK,SAASlb,EAAQ/sB,GAE7C,MAAO,CACLvH,EAAGoH,EAAU9I,SAAS,EAAG,IACzB4R,EAAG9I,EAAU9I,SAAS,IAE1B,SAcO9K,eAAsB4jD,EAAKxE,GAAU5yC,EAAGkQ,EAAEA,GAAKzQ,EAAG8E,EAAW+vB,GAClE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB1uB,EAAM/M,KAAKI,QACvE,MAAUlR,MAAM,sCAElB,MAAM6R,EAAYqF,EAAKtX,iBAAiB,CAAC6K,EAAGkQ,IAC5C,OAAO84B,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQltB,EAAW7C,EAAUjG,SAAS,GACzE,iBASO9K,eAA8B4jD,EAAK8D,EAAG5sC,GAE3C,GAAsB,YAAlB8oC,EAAIC,UACN,OAAO,EAOT,MAAM9yC,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASthC,GAC3C+sC,EAAK,IAAInmD,WAAW,CAAC,MAASqP,IACpC,OAAOkI,EAAKqD,iBAAiBorC,EAAGG,EAElC,IC4BO,SAASwB,GAAqBhb,GACnC,GAAQA,IACDzuB,EAAM7O,UAAUf,QACnB,OAAO4P,EAAM/M,KAAKI,OAElB,MAAUlR,MAAM,qBAEtB,CA1GAyzC,GAAK3iC,KAAO9M,GAAS,IAAIrE,WAAWyR,KAASmzB,OAAOvgC,GAAO4gC,qEAOpD3mC,eAAwBquC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOS,GAAe,KACpB/rC,UAAW+6B,GAAM0J,GAAKmG,KAAKF,QAAQW,SAASC,GACpD,MAAO,CAAEvQ,IAAGuQ,QAGZ,MAAUt6C,MAAM,8BAEtB,OAeO/B,eAAoBquC,EAAM+Q,EAAUhnC,EAASrH,EAAWsH,EAAYyoB,GACzE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUtsC,MAAM,sCAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM+D,EAAYkF,EAAKtX,iBAAiB,CAAC0W,EAAYtH,IAErD,MAAO,CAAEu4C,GADS9T,GAAKmG,KAAKK,SAASlb,EAAQ/sB,IAG/C,KAAK6L,EAAM7O,UAAUc,MACrB,QACE,MAAU9P,MAAM,+BAGtB,SAaO/B,eAAsBquC,EAAM+Q,GAAUkK,GAAEA,GAAMr9C,EAAG8E,EAAW+vB,GACjE,GAAIjuB,GAAKy7B,kBAAkB8Q,GAAYvsC,GAAKy7B,kBAAkB+a,GAAqBhb,IACjF,MAAUtsC,MAAM,sCAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUf,QACnB,OAAOwlC,GAAKmG,KAAKK,SAASE,OAAOpb,EAAQwoB,EAAIv4C,GAE/C,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,MAAU9P,MAAM,+BAEtB,iBAUO/B,eAA8BquC,EAAMvC,EAAGuQ,GAC5C,OAAQhO,GACN,KAAKzuB,EAAM7O,UAAUf,QAAS,CAK5B,MAAMe,UAAEA,GAAcykC,GAAKmG,KAAKF,QAAQW,SAASC,GACjD,OAAOpjC,EAAKqD,iBAAiBwvB,EAAG/6B,GAGlC,KAAK6O,EAAM7O,UAAUc,MACrB,QACE,OAAO,EAEb,4BC7FO,SAAS03C,GAAK9zC,EAAK9M,GACxB,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIxV,QAAawV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC4lC,EAAIC,GAAO/gD,GACjB,IAAImjC,EAAI0d,EACR,MAAMvgC,EAAIwgC,EACJx+C,EAAIw+C,EAAExpD,OAAS,EACf6c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI1Z,EAAI,EAAGA,EAAImJ,IAAKnJ,EACvBgb,EAAE,GAAK7R,EAAIuQ,GAAK,EAAI1Z,GAEpBiqC,EAAE,GAAKD,EAAE,GACTC,EAAE,GAAKD,EAAE,GAETC,EAAE,GAAK9iB,EAAE,EAAInnB,GACbiqC,EAAE,GAAK9iB,EAAE,EAAInnB,EAAI,GAEjBiqC,EAAI2d,GAAOj4B,EAAIF,QAAQwoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAClBghC,EAAE,IAAMhvB,EAAE,GACVgvB,EAAE,IAAMhvB,EAAE,GAEVmM,EAAE,EAAInnB,GAAKiqC,EAAE,GACb9iB,EAAE,EAAInnB,EAAI,GAAKiqC,EAAE,GAGrB,OAAOgO,GAAKjO,EAAG7iB,EACjB,CAUO,SAAS0gC,GAAOl0C,EAAK9M,GAC1B,MAAM8oB,EAAM,IAAI/E,GAAO,MAAsB,EAAbjX,EAAIxV,QAAawV,GAC3C+zC,EAAK,IAAI3lC,YAAY,CAAC,WAAY,aAClC6N,EAAIg4B,GAAO/gD,GACjB,IAAImjC,EAAIpa,EAAE5mB,SAAS,EAAG,GACtB,MAAMme,EAAIyI,EAAE5mB,SAAS,GACfG,EAAIymB,EAAEzxB,OAAS,EAAI,EACnB6c,EAAI,IAAI+G,YAAY,CAAC,EAAG,IAC9B,IAAIkoB,EAAI,IAAIloB,YAAY,GACxB,IAAK,IAAIrI,EAAI,EAAGA,GAAK,IAAKA,EACxB,IAAK,IAAI1Z,EAAImJ,EAAI,EAAGnJ,GAAK,IAAKA,EAC5Bgb,EAAE,GAAK7R,EAAIuQ,GAAK1Z,EAAI,GAEpBiqC,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAChBivB,EAAE,GAAKD,EAAE,GAAKhvB,EAAE,GAEhBivB,EAAE,GAAK9iB,EAAE,EAAInnB,GACbiqC,EAAE,GAAK9iB,EAAE,EAAInnB,EAAI,GAEjBiqC,EAAI2d,GAAOj4B,EAAID,QAAQuoB,GAAKhO,KAE5BD,EAAIC,EAAEjhC,SAAS,EAAG,GAElBme,EAAE,EAAInnB,GAAKiqC,EAAE,GACb9iB,EAAE,EAAInnB,EAAI,GAAKiqC,EAAE,GAGrB,GAAID,EAAE,KAAO0d,EAAG,IAAM1d,EAAE,KAAO0d,EAAG,GAChC,OAAOzP,GAAK9wB,GAEd,MAAUlnB,MAAM,4BAClB,CAeA,SAAS2nD,GAAO/gD,GACd,MAAM1I,OAAEA,GAAW0I,EACb7F,EAfR,SAA2B6F,GACzB,GAAIsQ,EAAKC,SAASvQ,GAAO,CACvB,MAAM1I,OAAEA,GAAW0I,EACb7F,EAAS,IAAIkhB,YAAY/jB,GACzB0wC,EAAO,IAAIjvC,WAAWoB,GAC5B,IAAK,IAAI0Y,EAAI,EAAGA,EAAIvb,IAAUub,EAC5Bm1B,EAAKn1B,GAAK7S,EAAK0S,WAAWG,GAE5B,OAAO1Y,EAET,OAAO,IAAIpB,WAAWiH,GAAM7F,MAC9B,CAIiB8mD,CAAkBjhD,GAC3BgoC,EAAO,IAAI1sB,SAASnhB,GACpBw4C,EAAM,IAAIz3B,YAAY5jB,EAAS,GACrC,IAAK,IAAI6B,EAAI,EAAGA,EAAI7B,EAAS,IAAK6B,EAChCw5C,EAAIx5C,GAAK6uC,EAAKpgB,UAAU,EAAIzuB,GAE9B,OAAOw5C,CACT,CAEA,SAASvB,KACP,IAAI95C,EAAS,EACb,IAAK,IAAI6a,EAAI,EAAGA,EAAIsgC,UAAUn7C,SAAU6a,EACtC7a,GAAU,EAAIm7C,UAAUtgC,GAAG7a,OAE7B,MAAM6C,EAAS,IAAIkhB,YAAY/jB,GACzB0wC,EAAO,IAAI1sB,SAASnhB,GAC1B,IAAIkM,EAAS,EACb,IAAK,IAAIlN,EAAI,EAAGA,EAAIs5C,UAAUn7C,SAAU6B,EAAG,CACzC,IAAK,IAAI0Z,EAAI,EAAGA,EAAI4/B,UAAUt5C,GAAG7B,SAAUub,EACzCm1B,EAAKkZ,UAAU76C,EAAS,EAAIwM,EAAG4/B,UAAUt5C,GAAG0Z,IAE9CxM,GAAU,EAAIosC,UAAUt5C,GAAG7B,OAE7B,OAAO,IAAIyB,WAAWoB,EACxB,uECnHO,SAASiZ,GAAO3D,GACrB,MAAM6C,EAAI,EAAK7C,EAAQnY,OAAS,EAC1Bma,EAAS,IAAI1Y,WAAW0W,EAAQnY,OAASgb,GAAG0jC,KAAK1jC,GAEvD,OADAb,EAAOjY,IAAIiW,GACJgC,CACT,CAOO,SAAS+B,GAAO/D,GACrB,MAAMxJ,EAAMwJ,EAAQnY,OACpB,GAAI2O,EAAM,EAAG,CACX,MAAMqM,EAAI7C,EAAQxJ,EAAM,GACxB,GAAIqM,GAAK,EAAG,CACV,MAAM6uC,EAAW1xC,EAAQtN,SAAS8D,EAAMqM,GAClC8uC,EAAW,IAAIroD,WAAWuZ,GAAG0jC,KAAK1jC,GACxC,GAAIhC,EAAKqD,iBAAiBwtC,EAAUC,GAClC,OAAO3xC,EAAQtN,SAAS,EAAG8D,EAAMqM,IAIvC,MAAUlZ,MAAM,kBAClB,yECrBA,MAAMorC,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAexB,SAASssC,GAAeC,EAAarG,EAAKsG,EAAWC,GACnD,OAAOlxC,EAAKtX,iBAAiB,CAC3BiiD,EAAIjjD,QACJ,IAAIe,WAAW,CAACuoD,IAChBC,EAAUvpD,QACVsY,EAAKiC,mBAAmB,wBACxBivC,EAAYr/C,SAAS,EAAG,KAE5B,CAGA9K,eAAeoqD,GAAIhL,EAAUnJ,EAAGh2C,EAAQoqD,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAIzoD,EACJ,GAAIwoD,EAAc,CAEhB,IAAKxoD,EAAI,EAAGA,EAAIm0C,EAAEh2C,QAAmB,IAATg2C,EAAEn0C,GAAUA,KACxCm0C,EAAIA,EAAEnrC,SAAShJ,GAEjB,GAAIyoD,EAAe,CAEjB,IAAKzoD,EAAIm0C,EAAEh2C,OAAS,EAAG6B,GAAK,GAAc,IAATm0C,EAAEn0C,GAAUA,KAC7Cm0C,EAAIA,EAAEnrC,SAAS,EAAGhJ,EAAI,GAOxB,aALqB+Q,GAAK8zB,OAAOyY,EAAUnmC,EAAKtX,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBu0C,EACAoU,MAEYv/C,SAAS,EAAG7K,EAC5B,CAUAD,eAAewqD,GAAsBn7C,EAAOq4C,GAC1C,OAAQr4C,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAMyO,EAAIw1B,GAAe,KACnB/oC,UAAEA,EAAS02C,UAAEA,SAAoBC,GAAuBr7C,EAAOq4C,EAAG,KAAMpgC,GAC9E,IAAIvW,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc3nC,GAEnD,OADAhD,EAAYkI,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,KAAQqP,IACpD,CAAEA,YAAW05C,aAEtB,IAAK,MACH,GAAIp7C,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAoKVrd,eAAqCqP,EAAOq4C,GAC1C,MAAMpI,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,GAC7D,IAAIjM,EAAUtO,GAAUwV,YACtB,CACE54C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEZoE,EAAYxd,GAAUgC,UACxB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAED9K,EAASkP,SAAmB7rD,QAAQ2H,IAAI,CAACg1C,EAASkP,IACnD,IAAIjuC,EAAIywB,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQF,GAEVlP,EAAQpjC,WACRhJ,EAAMk3C,IAAIE,YAERx1B,EAAIkc,GAAUyV,UAChB,MACAnH,EAAQ1qC,YAET2L,EAAGuU,SAAWnyB,QAAQ2H,IAAI,CAACiW,EAAGuU,IAC/B,MAAMw5B,EAAY,IAAI/oD,WAAWgb,GAC3B3L,EAAY,IAAIrP,WAAWolD,GAAe71B,IAChD,MAAO,CAAElgB,YAAW05C,YACtB,CA1MuBK,CAAsBz7C,EAAOq4C,GAC1C,MAAOzH,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OAsQNjgD,eAAsCqP,EAAOq4C,GAC3C,MAAMqD,EAAS3d,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MAChDyE,EAAO9D,eACP,MAAMwD,EAAY,IAAI/oD,WAAWqpD,EAAOC,cAActD,IAChD32C,EAAY,IAAIrP,WAAWqpD,EAAO7D,gBACxC,MAAO,CAAEn2C,YAAW05C,YACtB,CA5QaQ,CAAuB57C,EAAOq4C,GAEzC,OA+NF1nD,eAA0CqP,EAAOq4C,GAC/C,MAAM3D,QAAqBK,GAAgB/0C,EAAMtF,MAC3C2sC,QAAUrnC,EAAMg4C,aACtBK,EAAIzD,GAAcF,EAAc2D,GAChC,MAAMwD,EAAIpH,GAAeC,EAAcrN,EAAEr+B,YACnCtH,EAAY2lC,EAAE3lC,UACduhC,EAAI4Y,EAAEC,OAAOzD,EAAEH,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEjuB,aAC3BynD,EAAYnY,EAAE6Q,YAAYzhD,WAAY,KAAMkN,GAClD,MAAO,CAAEmC,YAAW05C,YACtB,CAzOSW,CAA2B/7C,EAAOq4C,EAC3C,CAmCA1nD,eAAe0qD,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GACjD,GAAIA,EAAErnB,SAAWoP,EAAMm3C,YAAa,CAClC,MAAMnuC,EAAa,IAAI3W,WAAW2N,EAAMm3C,aACxCnuC,EAAWlW,IAAImlB,EAAGjY,EAAMm3C,YAAcl/B,EAAErnB,QACxCqnB,EAAIjP,EAEN,OAAQhJ,EAAMwJ,MACZ,IAAK,aAAc,CACjB,MAAM9E,EAAYuT,EAAE/mB,QAAQ2O,UAE5B,MAAO,CAAE6E,YAAW02C,UADFjV,GAAK+F,WAAWxnC,EAAWm3C,EAAEpgD,SAAS,KAG1D,IAAK,MACH,GAAIuE,EAAMk3C,KAAOttC,EAAKoE,eACpB,IACE,aAqDVrd,eAAsCqP,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAMqjC,EAAY5K,GAAa1wC,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAKmB,EAAGpgC,GACpE,IAAIjP,EAAa80B,GAAUgC,UACzB,MACAwb,EACA,CACE5gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,CAAC,YAAa,eAEhB,MAAMjH,EAAM4I,GAAe74C,EAAMm3C,YAAan3C,EAAMk3C,IAAIA,IAAK2E,GAC7D,IAAIH,EAAS5d,GAAUgC,UACrB,MACAmQ,EACA,CACEv1C,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,MAExB,EACA,KAEDluC,EAAY0yC,SAAgBjsD,QAAQ2H,IAAI,CAAC4R,EAAY0yC,IACtD,IAAIzY,EAAInF,GAAUyd,WAChB,CACE7gD,KAAM,OACN88C,WAAYx3C,EAAMk3C,IAAIA,IACtBsE,OAAQE,GAEV1yC,EACAhJ,EAAMk3C,IAAIE,YAER4E,EAASle,GAAUyV,UACrB,MACAvqC,IAEDi6B,EAAG+Y,SAAgBvsD,QAAQ2H,IAAI,CAAC6rC,EAAG+Y,IACpC,MAAMZ,EAAY,IAAI/oD,WAAW4wC,GAEjC,MAAO,CAAEv+B,UADSwM,GAAgB8qC,EAAO/jC,GACrBmjC,YACtB,CA9FuBa,CAAuBj8C,EAAO67C,EAAGxD,EAAGpgC,GACjD,MAAO24B,GACPhnC,EAAK4D,gBAAgBojC,GAGzB,MACF,IAAK,OACH,OA0LNjgD,eAAuCqP,EAAO67C,EAAG5jC,GAC/C,MAAMqjC,EAAYvd,GAAW4Z,WAAW33C,EAAMi3C,KAAKA,MACnDqE,EAAUY,cAAcjkC,GACxB,MAAMmjC,EAAY,IAAI/oD,WAAWipD,EAAUK,cAAcE,IAEzD,MAAO,CAAEn3C,UADS,IAAIrS,WAAWipD,EAAUxD,iBACvBsD,YACtB,CAhMae,CAAwBn8C,EAAO67C,EAAG5jC,GAE7C,OAgJFtnB,eAA2CqP,EAAO67C,EAAG5jC,GACnD,MAAMy8B,QAAqBK,GAAgB/0C,EAAMtF,MACjDmhD,EAAIjH,GAAcF,EAAcmH,GAChC5jC,EAAIw8B,GAAeC,EAAcz8B,GACjC,MAAMvT,EAAY,IAAIrS,WAAW4lB,EAAEkgC,cAC7BlV,EAAIhrB,EAAE6jC,OAAOD,EAAE3D,aACf34C,EAAMm1C,EAAa10C,MAAM4hB,EAAEjuB,aAC3BynD,EAAYnY,EAAE6Q,YAAYzhD,WAAY,KAAMkN,GAClD,MAAO,CAAEmF,YAAW02C,YACtB,CAzJSgB,CAA4Bp8C,EAAO67C,EAAG5jC,EAC/C,kEAjIOtnB,eAA8B4jD,EAAK8D,EAAGpgC,GAC3C,OAAOmgC,GAAuB7nC,EAAM7O,UAAUM,KAAMuyC,EAAK8D,EAAGpgC,EAC9D,UAgFOtnB,eAAuB4jD,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GACrD,MAAMl+C,EAAIy/C,GAAa/iD,GAEjB0G,EAAQ,IAAIq3C,GAAa9C,IACzB7yC,UAAEA,EAAS05C,UAAEA,SAAoBD,GAAsBn7C,EAAOq4C,GAC9D2C,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QAGxC,MAAO,CAAE3b,YAAW46C,WADDC,SADHxB,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,GACvBp+C,GAEnC,UAoDOjM,eAAuB4jD,EAAKsG,EAAWgB,EAAGx5B,EAAGg2B,EAAGpgC,EAAG6iC,GACxD,MAAM96C,EAAQ,IAAIq3C,GAAa9C,IACzB6G,UAAEA,SAAoBC,GAAuBr7C,EAAO67C,EAAGxD,EAAGpgC,GAC1D+iC,EAAQL,GAAepqC,EAAM7O,UAAUM,KAAMuyC,EAAKsG,EAAWC,IAC7Dr4B,QAAEA,GAAY0c,GAAU0b,EAAUx9B,QACxC,IAAIuzB,EACJ,IAAK,IAAIn+C,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAGE,OAAO+pD,GAAaC,SADJ1B,GAAIF,EAAUr3C,KAAM43C,EAAW34B,EAASu4B,EAAa,IAANvoD,EAAe,IAANA,GACpC4vB,IACpC,MAAOxuB,GACP+8C,EAAM/8C,EAGV,MAAM+8C,CACR,ICrMA,MAAM9S,GAAYl0B,EAAKoE,eACjB+vB,GAAan0B,EAAKyE,gBAClBquC,GAAmB3e,IAAcA,GAAW4e,WAAa5e,GAAW4e,UAAUzuC,OAErEvd,eAAeisD,GAAK7M,EAAU8M,EAAUC,EAAMC,EAAMC,GACjE,MAAMx5C,EAAO+M,EAAM7f,KAAK6f,EAAMvM,QAAS+rC,GACvC,IAAKvsC,EAAM,MAAU9Q,MAAM,qCAE3B,GAAIorC,IAAa4e,GAAkB,CACjC,MAAMzuC,EAAS6vB,IAAa4e,GACtBO,QAAoBhvC,EAAO6xB,UAAU,MAAO+c,EAAU,QAAQ,EAAO,CAAC,eACtE9uC,QAAaE,EAAOstC,WAAW,CAAE7gD,KAAM,OAAQ8I,OAAMs5C,OAAMC,QAAQE,EAAsB,EAATD,GACtF,OAAO,IAAI3qD,WAAW0b,GAGxB,GAAIgwB,GAAY,CACd,MAAMmf,EAAe3sC,EAAM7f,KAAK6f,EAAM/M,KAAMusC,GAGtCoN,EAAc,CAACC,EAASC,IAAgBtf,GAAWuf,WAAWJ,EAAcE,GAASnmB,OAAOomB,GAAa/lB,SAGzGimB,EAAkBJ,EAAYL,EAAMD,GAEpCW,EAAUD,EAAgB3sD,OAI1BgL,EAAIV,KAAKmQ,KAAK2xC,EAASQ,GACvBC,EAAuB,IAAIprD,WAAWuJ,EAAI4hD,GAG1CE,EAAa,IAAIrrD,WAAWmrD,EAAUT,EAAKnsD,OAAS,GAE1D8sD,EAAW5qD,IAAIiqD,EAAMS,GAErB,IAAK,IAAI/qD,EAAI,EAAGA,EAAImJ,EAAGnJ,IAAK,CAG1BirD,EAAWA,EAAW9sD,OAAS,GAAK6B,EAAI,EAExC,MAAMgb,EAAI0vC,EAAYI,EAAiB9qD,EAAI,EAAIirD,EAAaA,EAAWjiD,SAAS+hD,IAChFE,EAAW5qD,IAAI2a,EAAG,GAElBgwC,EAAqB3qD,IAAI2a,EAAGhb,EAAI+qD,GAGlC,OAAOC,EAAqBhiD,SAAS,EAAGuhD,GAG1C,MAAUtqD,MAAM,mCAClB,CC7CA,MAAMirD,GAAY,CAChBr7C,OAAQsH,EAAK0C,WAAW,8EAQnB3b,eAAwBquC,GAC7B,GAAQA,IACDzuB,EAAM7O,UAAUY,OAAQ,CAE3B,MAAMmJ,EAAIgiC,GAAe,KACjB/rC,UAAW+6B,GAAM0J,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACxD,MAAO,CAAEgxB,IAAGhxB,KAGZ,MAAU/Y,MAAM,6BAEtB,iBAUO/B,eAA8BquC,EAAMvC,EAAGhxB,GAC5C,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAK3B,MAAMZ,UAAEA,GAAcykC,GAAKgG,IAAIC,QAAQC,cAAc5gC,GACrD,OAAO7B,EAAKqD,iBAAiBwvB,EAAG/6B,GAIhC,OAAO,CAEb,UAcO/Q,eAAuBquC,EAAM1lC,EAAMskD,GACxC,GAAQ5e,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMu7C,EAAqBpQ,GAAe,IACpCqQ,EAAe3X,GAAK+F,WAAW2R,EAAoBD,IACjDl8C,UAAWq8C,GAAuB5X,GAAKgG,IAAIC,QAAQC,cAAcwR,GACnEG,EAAYp0C,EAAKtX,iBAAiB,CACtCyrD,EACAH,EACAE,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAG9C,MAAO,CAAEg7C,qBAAoBzB,WADVC,SADS0B,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI3rD,WAAcsrD,GAAUr7C,OAAQmgB,GAC7DnpB,IAK7C,MAAU5G,MAAM,6BAEtB,UAaO/B,eAAuBquC,EAAM+e,EAAoBzB,EAAY7f,EAAGhxB,GACrE,GAAQuzB,IACDzuB,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMw7C,EAAe3X,GAAK+F,WAAWzgC,EAAGsyC,GAClCC,EAAYp0C,EAAKtX,iBAAiB,CACtCyrD,EACAthB,EACAqhB,KAEIr7B,QAAEA,GAAY0c,GAAU5uB,EAAM9N,UAAUM,QAE9C,OAAO05C,SADqBwB,GAAY1tC,EAAM/M,KAAKI,OAAQo6C,EAAW,IAAI3rD,WAAcsrD,GAAUr7C,OAAQmgB,GACvE65B,GAGnC,MAAU5pD,MAAM,6BAEtB,6HRqFA/B,eAAwBqP,GACtB,MAAMrE,QAAmBiO,EAAKuE,gBAE9BnO,EAAQ,IAAIq3C,GAAar3C,GACzB,MAAMosC,QAAgBpsC,EAAMg4C,aACtBK,EAAI,IAAI18C,EAAWywC,EAAQ1qC,WAAWlC,eACtCw8C,EAAS,IAAIrgD,EAAWywC,EAAQpjC,YAAYxJ,aAAa,KAAMQ,EAAMm3C,aAC3E,MAAO,CACL5C,IAAKv0C,EAAMu0C,IACX8D,IACA2D,SACAx4C,KAAMxD,EAAMwD,KACZ6Z,OAAQrd,EAAMqd,OAElB,uBAOA,SAA8Bk3B,GAC5B,OAAOwC,GAAOxmC,EAAMjf,MAAMif,EAAMvQ,MAAOu0C,EAAI19B,UAAUrT,IACvD,2DS3LO7S,eAAoBo/C,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GACpD,MAAMX,QAAmBiO,EAAKuE,gBACxBhP,EAAM,IAAIxD,EAAW,GAM3B,IAAI8P,EACAtO,EACAkQ,EACAI,EARJmU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnB73B,EAAI,IAAIX,EAAWW,GAMnB63B,EAAIA,EAAEr3B,IAAI8kB,GACVtlB,EAAIA,EAAEQ,IAAIgB,GAMV,MAAM6N,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEnK,eAAemJ,IAAIgB,GAMjE,OAAa,CAIX,GAFA2N,QAAUiiC,GAAoBvuC,EAAKrB,GACnCX,EAAIg3B,EAAEp3B,OAAO0O,EAAGmW,GAAGjlB,KAAKmB,GACpBX,EAAEH,SACJ,SAEF,MAAMkhD,EAAK5hD,EAAEI,IAAIS,GAAGR,KAAKmB,GAGzB,GAFA2P,EAAI9B,EAAElW,IAAIyoD,GAAIvhD,KAAKmB,GACnBuP,EAAI5B,EAAEnO,OAAOQ,GAAGrB,KAAKgR,GAAG9Q,KAAKmB,IACzBuP,EAAErQ,SAGN,MAEF,MAAO,CACLG,EAAGA,EAAEqC,aAAa,KAAM1B,EAAEnK,cAC1B0Z,EAAGA,EAAE7N,aAAa,KAAM1B,EAAEnK,cAE9B,SAeOhD,eAAsBo/C,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAC5D,MAAM/B,QAAmBiO,EAAKuE,gBACxBjP,EAAO,IAAIvD,EAAW,GAS5B,GARAwB,EAAI,IAAIxB,EAAWwB,GACnBkQ,EAAI,IAAI1R,EAAW0R,GAEnBuU,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GAEfP,EAAEmB,IAAIY,IAAS/B,EAAEqB,IAAIV,IACrBuP,EAAE/O,IAAIY,IAASmO,EAAE7O,IAAIV,GAEvB,OADA8L,EAAK0D,WAAW,0BACT,EAET,MAAM3B,EAAI,IAAIhQ,EAAW81B,EAAOh2B,SAAS,EAAGqC,EAAEnK,eAAegJ,KAAKmB,GAC5D6oB,EAAItZ,EAAE/P,OAAOQ,GACnB,GAAI6oB,EAAE3pB,SAEJ,OADA4M,EAAK0D,WAAW,0BACT,EAGT6mB,EAAIA,EAAEr3B,IAAI8kB,GACVlkB,EAAIA,EAAEZ,IAAI8kB,GACV,MAAMu8B,EAAKxyC,EAAEjP,IAAIiqB,GAAGhqB,KAAKmB,GACnBsgD,EAAKjhD,EAAET,IAAIiqB,GAAGhqB,KAAKmB,GACnBsc,EAAK+Z,EAAEp3B,OAAOohD,EAAIv8B,GAClBvH,EAAK3c,EAAEX,OAAOqhD,EAAIx8B,GAExB,OADUxH,EAAG1d,IAAI2d,GAAI1d,KAAKilB,GAAGjlB,KAAKmB,GACzBM,MAAMjB,EACjB,iBAYOxM,eAA8BixB,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAC/C,MAAMX,QAAmBiO,EAAKuE,gBAC9ByT,EAAI,IAAIjmB,EAAWimB,GACnB9jB,EAAI,IAAInC,EAAWmC,GACnBq2B,EAAI,IAAIx4B,EAAWw4B,GACnBz2B,EAAI,IAAI/B,EAAW+B,GACnB,MAAMyB,EAAM,IAAIxD,EAAW,GAE3B,GAAIw4B,EAAE71B,IAAIa,IAAQg1B,EAAE31B,IAAIojB,GACtB,OAAO,EAMT,IAAKA,EAAExlB,MAAMU,IAAIgB,GAAGd,SAClB,OAAO,EAOT,IAAKm3B,EAAEp3B,OAAOe,EAAG8jB,GAAG3kB,QAClB,OAAO,EAMT,MAAMohD,EAAQ,IAAI1iD,EAAWmC,EAAEmB,aACzBq/C,EAAO,IAAI3iD,EAAW,KAC5B,GAAI0iD,EAAMhgD,GAAGigD,WAAiBvQ,GAAgBjwC,EAAG,KAAM,IACrD,OAAO,EASTxB,EAAI,IAAIX,EAAWW,GACnB,MAAM0lC,EAAM,IAAIrmC,EAAW,GACrBwB,QAAUuwC,GAAoB1L,EAAI/jC,UAAUogD,EAAMjiD,OAAQ4lC,EAAI/jC,UAAUogD,IACxEhK,EAAMv2C,EAAEpB,IAAIS,GAAG1H,IAAI6G,GACzB,QAAKoB,EAAEU,MAAM+1B,EAAEp3B,OAAOs3C,EAAKzyB,GAK7B,OCxLe,CAEb28B,IAAKA,GAELz8C,QAASA,GAETkzC,SAAUA,GAEVjzC,IAAKA,GAELokC,KAAMA,2ECAD,SAA8BnH,EAAMz6B,GACzC,IAAI7T,EAAO,EACX,OAAQsuC,GAGN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAInB,MAAO,CAAEwL,EAHCzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,KAQ5C,KAAK6f,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUO,MACrB,CACE,MAAM9E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAAQA,GAAQyM,EAAEvM,OAAS,EAErE,MAAO,CAAEuM,IAAGkQ,EADFzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,KAM5C,KAAK6f,EAAM7O,UAAUQ,YAAa,CAGhC,IAAI/E,EAAIyM,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAAQA,GAAQyM,EAAEvM,OAAS,EACnEuM,EAAIyM,EAAKkB,QAAQ3N,EAAG,IACpB,IAAIkQ,EAAIzD,EAAKgB,QAAQrG,EAAU9I,SAAS/K,IAExC,OADA2c,EAAIzD,EAAKkB,QAAQuC,EAAG,IACb,CAAElQ,IAAGkQ,KAId,KAAKkD,EAAM7O,UAAUf,QAAS,CAC5B,MAAMs5C,EAAK11C,EAAU9I,SAAS/K,EAAMA,EAAO,IAC3C,OADgDA,GAAQupD,EAAGrpD,OACpD,CAAEqpD,MAEX,QACE,MAAM,IAAI3D,GAAiB,gCAEjC,SAgBO3lD,eAAsBquC,EAAM+Q,EAAUxrC,EAAWi6C,EAAcllD,EAAMm4B,GAC1E,OAAQuN,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM2qD,EACXnxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGzR,EAAEhL,QACtC,OAAO8Q,GAAU68C,IAAI1R,OAAOkD,EAAUz2C,EAAM+T,EAAGzR,EAAG/H,EAAG49B,GAEvD,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,EAACJ,EAAEA,GAAM8gD,GACjBrhD,EAAEA,EAACkQ,EAAEA,GAAM9I,EACjB,OAAO7C,GAAUK,IAAI8qC,OAAOkD,EAAU5yC,EAAGkQ,EAAGokB,EAAQ0C,EAAGvS,EAAG9jB,EAAGJ,GAE/D,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EACbC,EAAY,IAAI/8C,GAAUszC,SAASqC,aAAa9C,GAAK4C,YAErDh6C,EAAIyM,EAAKkB,QAAQvG,EAAUpH,EAAGshD,GAC9BpxC,EAAIzD,EAAKkB,QAAQvG,EAAU8I,EAAGoxC,GACpC,OAAO/8C,GAAUszC,SAAS/yC,MAAM4qC,OAAO0H,EAAKxE,EAAU,CAAE5yC,IAAGkQ,KAAK/T,EAAM++C,EAAG5mB,GAE3E,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMmG,EAEnB,OAAO98C,GAAUszC,SAAS9yC,YAAY2qC,OAAO0H,EAAKxE,EAAUxrC,EAAWjL,EAAM++C,EAAG5mB,GAElF,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,EACd,OAAO98C,GAAUszC,SAAS7yC,MAAM0qC,OAAO7N,EAAM+Q,EAAUxrC,EAAWjL,EAAMmjC,EAAGhL,GAE7E,QACE,MAAU/+B,MAAM,gCAEtB,OAgBO/B,eAAoBquC,EAAM+Q,EAAU2O,EAAiBC,EAAkBrlD,EAAMm4B,GAClF,IAAKitB,IAAoBC,EACvB,MAAUjsD,MAAM,0BAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM6qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMs1B,EAEvB,MAAO,CAAEtxC,QADO3L,GAAU68C,IAAIjS,KAAKyD,EAAUz2C,EAAMsC,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGoI,IAGvE,KAAKlhB,EAAM7O,UAAUK,IAAK,CACxB,MAAMoyB,EAAEA,EAACvS,EAAEA,EAAC9jB,EAAEA,GAAM4gD,GACdpiD,EAAEA,GAAMqiD,EACd,OAAOj9C,GAAUK,IAAIuqC,KAAKyD,EAAUte,EAAQ0C,EAAGvS,EAAG9jB,EAAGxB,GAEvD,KAAKiU,EAAM7O,UAAUI,QACnB,MAAUpP,MAAM,gEAElB,KAAK6d,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACbzmC,EAAEA,GAAM0mC,EACd,OAAOj9C,GAAUszC,SAAS/yC,MAAMqqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGpgC,EAAGwZ,GAElE,KAAKlhB,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,IAAEA,EAAG8D,EAAEA,GAAMqG,GACb1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS9yC,YAAYoqC,KAAKiI,EAAKxE,EAAUz2C,EAAM++C,EAAGrL,EAAMvb,GAE3E,KAAKlhB,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAMiiB,GACR1R,KAAEA,GAAS2R,EACjB,OAAOj9C,GAAUszC,SAAS7yC,MAAMmqC,KAAKtN,EAAM+Q,EAAUz2C,EAAMmjC,EAAGuQ,EAAMvb,GAEtE,QACE,MAAU/+B,MAAM,gCAEtB,ICjJA,MAAMksD,GACJtvD,YAAYgK,GACNA,IACF9J,KAAK8J,KAAOA,GAWhB5I,KAAKgG,GACH,GAAIA,EAAM9F,QAAU,EAAG,CACrB,MAAMA,EAAS8F,EAAM,GACrB,GAAIA,EAAM9F,QAAU,EAAIA,EAEtB,OADApB,KAAK8J,KAAO5C,EAAM+E,SAAS,EAAG,EAAI7K,GAC3B,EAAIpB,KAAK8J,KAAK1I,OAGzB,MAAU8B,MAAM,yBAOlBpB,QACE,OAAOsY,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK8J,KAAK1I,SAAUpB,KAAK8J,QCzB3E,MAAMulD,GAKJvvD,YAAYgK,GACV,GAAIA,EAAM,CACR,MAAMkK,KAAEA,EAAI6Z,OAAEA,GAAW/jB,EACzB9J,KAAKgU,KAAOA,EACZhU,KAAK6tB,OAASA,OAEd7tB,KAAKgU,KAAO,KACZhU,KAAK6tB,OAAS,KASlB3sB,KAAKZ,GACH,GAAIA,EAAMc,OAAS,GAAkB,IAAbd,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIwmD,GAAiB,yBAI7B,OAFA9mD,KAAKgU,KAAO1T,EAAM,GAClBN,KAAK6tB,OAASvtB,EAAM,GACb,EAOTwB,QACE,OAAO,IAAIe,WAAW,CAAC,EAAG,EAAG7C,KAAKgU,KAAMhU,KAAK6tB,UCxDjD,MAAMyhC,GACJ3nC,mBAAkBmlC,WAAEA,EAAUjD,UAAEA,IAC9B,MAAM0F,EAAW,IAAID,GAGrB,OAFAC,EAASzC,WAAaA,EACtByC,EAAS1F,UAAYA,EACd0F,EASTruD,KAAKgG,GACH,IAAIhG,EAAO,EACPsuD,EAAetoD,EAAMhG,KACzBlB,KAAK6pD,UAAY2F,EAAe,EAAItoD,EAAMhG,KAAU,KACpDsuD,GAAgBA,EAAe,EAC/BxvD,KAAK8sD,WAAa5lD,EAAM+E,SAAS/K,EAAMA,EAAOsuD,GAAetuD,GAAQsuD,EAOvE1tD,QACE,OAAOsY,EAAKtX,iBAAiB,CAC3B9C,KAAK6pD,UACH,IAAIhnD,WAAW,CAAC7C,KAAK8sD,WAAW1rD,OAAS,EAAGpB,KAAK6pD,YACjD,IAAIhnD,WAAW,CAAC7C,KAAK8sD,WAAW1rD,SAClCpB,KAAK8sD,cCsaX,SAAS2C,GAAoB1K,GAC3B,IACEA,EAAIC,UACJ,MAAO3gD,GACP,MAAM,IAAIyiD,GAAiB,qBAE/B,oEAnaO3lD,eAAgCuuD,EAASC,EAAeX,EAAcllD,EAAMwhD,GACjF,OAAQoE,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAAgB,CACnC,MAAM/F,EAAEA,EAAC/H,EAAEA,GAAM2qD,EAEjB,MAAO,CAAE5yC,QADOlK,GAAU68C,IAAIr8B,QAAQ5oB,EAAMsC,EAAG/H,IAGjD,KAAK0c,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,EACpB,OAAO98C,GAAUI,QAAQogB,QAAQ5oB,EAAMsoB,EAAGuS,EAAGz2B,GAE/C,KAAK6S,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc2D,GACtB98C,UAAWm6C,EAAGS,WAAYj6B,SAAY3gB,GAAUszC,SAAShzC,KAAKkgB,QACpEqyB,EAAKsG,EAAWvhD,EAAM++C,EAAGyC,GAC3B,MAAO,CAAEe,IAAGx5B,EAAG,IAAI+8B,GAAW/8B,IAEhC,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,IAAKsH,EAAKyG,MAAM8uC,GAEd,MAAUzsD,MAAM,iDAElB,MAAM+pC,EAAEA,GAAM+hB,GACRT,mBAAEA,EAAkBzB,WAAEA,SAAqB56C,GAAUszC,SAASqK,MAAMn9B,QACxEg9B,EAAS5lD,EAAMmjC,GAEjB,MAAO,CAAEshB,qBAAoB17B,EADnBy8B,GAAkBQ,WAAW,CAAEjG,UAAW8F,EAAe7C,gBAGrE,QACE,MAAO,GAEb,mBAgBO3rD,eAAgCquC,EAAM0f,EAAiBC,EAAkBY,EAAkBzE,EAAajM,GAC7G,OAAQ7P,GACN,KAAKzuB,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUE,WAAY,CAC/B,MAAMgK,EAAEA,GAAM2zC,GACR3jD,EAAG/H,EAAEA,GAAM6qD,GACXzmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMs1B,EACvB,OAAOj9C,GAAU68C,IAAIp8B,QAAQvW,EAAGhQ,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,EAAGwlB,GAEpD,KAAKt+B,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,GAAEA,EAAEC,GAAEA,GAAOuiC,EACb39B,EAAI88B,EAAgB98B,EACpBtlB,EAAIqiD,EAAiBriD,EAC3B,OAAOoF,GAAUI,QAAQqgB,QAAQpF,EAAIC,EAAI4E,EAAGtlB,EAAGuyC,GAEjD,KAAKt+B,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,IAAEA,EAAG8D,EAAEA,EAACwC,UAAEA,GAAc6D,GACxBzmC,EAAEA,GAAM0mC,GACR9C,EAAEA,EAACx5B,EAAEA,GAAMk9B,EACjB,OAAO79C,GAAUszC,SAAShzC,KAAKmgB,QAC7BoyB,EAAKsG,EAAWgB,EAAGx5B,EAAE/oB,KAAM++C,EAAGpgC,EAAG6iC,GAErC,KAAKvqC,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAMiiB,GACRjzC,EAAEA,GAAMkzC,GACRZ,mBAAEA,EAAkB17B,EAAEA,GAAMk9B,EAClC,IAAK31C,EAAKyG,MAAMgS,EAAEg3B,WAChB,MAAU3mD,MAAM,4BAElB,OAAOgP,GAAUszC,SAASqK,MAAMl9B,QAC9B6c,EAAM+e,EAAoB17B,EAAEi6B,WAAY7f,EAAGhxB,GAE/C,QACE,MAAU/Y,MAAM,4CAEtB,uBAQO,SAA8BssC,EAAMtoC,GACzC,IAAIhG,EAAO,EACX,OAAQsuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAIgO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkL,EAAEhL,OAAS,EACjE,MAAMiD,EAAI+V,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQmD,EAAEjD,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE5iD,IAAG/H,MAEpC,KAAK0c,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMkN,EAAI8L,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQoN,EAAElN,OAAS,EACjE,MAAMujC,EAAIvqB,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQyjC,EAAEvjC,OAAS,EACjE,MAAM8M,EAAIkM,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQgN,EAAE9M,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE58B,IAAG9jB,IAAGq2B,IAAGz2B,MAE1C,KAAK6S,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMujC,EAAIvqB,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQyjC,EAAEvjC,OAAS,EACjE,MAAM8M,EAAIkM,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQgN,EAAE9M,OAAS,EAC1D,CAAEF,OAAM8tD,aAAc,CAAE58B,IAAGuS,IAAGz2B,MAEvC,KAAK6S,EAAM7O,UAAUO,MAAO,CAC1B,MAAMsyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ2nD,EAAEznD,OAAS,EAC1D,CAAEF,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUQ,YAAa,CAChC,MAAMqyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,IAAI8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEpC,OAF4CA,GAAQ2nD,EAAEznD,OAAS,EAC/DynD,EAAIzuC,EAAKkB,QAAQutC,EAAG,IACb,CAAE3nD,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,MAE5C,KAAK9nC,EAAM7O,UAAUM,KAAM,CACzB,MAAMuyC,EAAM,IAAID,GAAO5jD,GAAQ6jD,EAAI7jD,KAAKgG,GACxCuoD,GAAoB1K,GACpB,MAAM8D,EAAIzuC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQ2nD,EAAEznD,OAAS,EACjE,MAAMiqD,EAAY,IAAIgE,GACtB,OADmCnuD,GAAQmqD,EAAUnqD,KAAKgG,EAAM+E,SAAS/K,IAClE,CAAEA,KAAMA,EAAM8tD,aAAc,CAAEjK,MAAK8D,IAAGwC,cAE/C,KAAKtqC,EAAM7O,UAAUf,QACrB,KAAK4P,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAI/lC,EAAM+E,SAAS/K,EAAMA,EAAO,IACtC,OAD2CA,GAAQ+rC,EAAE7rC,OAC9C,CAAEF,OAAM8tD,aAAc,CAAE/hB,MAEjC,QACE,MAAM,IAAI6Z,GAAiB,4CAEjC,wBASO,SAA+BtX,EAAMtoC,EAAO8nD,GACjD,IAAI9tD,EAAO,EACX,OAAQsuC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMoW,EAAIrO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQunB,EAAErnB,OAAS,EACjE,MAAMgxB,EAAIhY,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQkxB,EAAEhxB,OAAS,EACjE,MAAMkN,EAAI8L,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQoN,EAAElN,OAAS,EACjE,MAAMy4B,EAAIzf,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ24B,EAAEz4B,OAAS,EAC1D,CAAEF,OAAM8uD,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,MAE3C,KAAK9Y,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QAAS,CAC5B,MAAMxF,EAAIsN,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IACtC,OAD8CA,GAAQ4L,EAAE1L,OAAS,EAC1D,CAAEF,OAAM8uD,cAAe,CAAEljD,MAElC,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAMhC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIt8B,EAAIrO,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEpC,OAF4CA,GAAQunB,EAAErnB,OAAS,EAC/DqnB,EAAIrO,EAAKkB,QAAQmN,EAAGjY,EAAMm3C,aACnB,CAAEzmD,OAAM8uD,cAAe,CAAEvnC,MAElC,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMlC,EAAQ,IAAIq3C,GAAamH,EAAajK,KAC5C,IAAIvH,EAAOpjC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAEvC,OAF+CA,GAAQs8C,EAAKp8C,OAAS,EACrEo8C,EAAOpjC,EAAKkB,QAAQkiC,EAAMhtC,EAAMm3C,aACzB,CAAEzmD,OAAM8uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAMqsC,EAAOt2C,EAAM+E,SAAS/K,EAAMA,EAAO,IACzC,OAD8CA,GAAQs8C,EAAKp8C,OACpD,CAAEF,OAAM8uD,cAAe,CAAExS,SAElC,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMmJ,EAAI/U,EAAM+E,SAAS/K,EAAMA,EAAO,IACtC,OAD2CA,GAAQ+a,EAAE7a,OAC9C,CAAEF,OAAM8uD,cAAe,CAAE/zC,MAElC,QACE,MAAM,IAAI6qC,GAAiB,4CAEjC,2BAOO,SAAkCtX,EAAMtoC,GAC7C,IAAIhG,EAAO,EACX,OAAQsuC,GAGN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eAEnB,MAAO,CAAEiK,EADChC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,KAOxC,KAAK6f,EAAM7O,UAAUI,QAAS,CAC5B,MAAMib,EAAKnT,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQqsB,EAAGnsB,OAAS,EAEnE,MAAO,CAAEmsB,KAAIC,GADFpT,EAAKgB,QAAQlU,EAAM+E,SAAS/K,KAMzC,KAAK6f,EAAM7O,UAAUM,KAAM,CACzB,MAAM65C,EAAIjyC,EAAKgB,QAAQlU,EAAM+E,SAAS/K,IAAQA,GAAQmrD,EAAEjrD,OAAS,EACjE,MAAMyxB,EAAI,IAAI+8B,GACd,OAD4B/8B,EAAE3xB,KAAKgG,EAAM+E,SAAS/K,IAC3C,CAAEmrD,IAAGx5B,KAOd,KAAK9R,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMy7C,EAAqBrnD,EAAM+E,SAAS/K,EAAMA,EAAO,IAAKA,GAAQqtD,EAAmBntD,OACvF,MAAMyxB,EAAI,IAAIy8B,GACd,OADmCz8B,EAAE3xB,KAAKgG,EAAM+E,SAAS/K,IAClD,CAAEqtD,qBAAoB17B,KAE/B,QACE,MAAM,IAAIi0B,GAAiB,4CAEjC,kBAQO,SAAyBtX,EAAMuX,GAEpC,MAAMkJ,EAAgC,IAAI7sC,IAAI,CAACrC,EAAM7O,UAAUf,QAAS4P,EAAM7O,UAAUY,SAClFo9C,EAAgBnlD,OAAOooB,KAAK4zB,GAAQ7+C,KAAIgD,IAC5C,MAAMsgD,EAAQzE,EAAO77C,GACrB,OAAKkP,EAAKxX,aAAa4oD,GAChByE,EAA8BjqD,IAAIwpC,GAAQgc,EAAQpxC,EAAKoB,gBAAgBgwC,GADxCA,EAAM1pD,OACwC,IAEtF,OAAOsY,EAAKtX,iBAAiBotD,EAC/B,iBAUO,SAAwB1gB,EAAMjxB,EAAMwmC,GACzC,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACnB,OAAOH,GAAU68C,IAAIoB,SAAS5xC,EAAM,OAAO3c,MAAK,EAAGwK,IAAG/H,IAAGokB,IAAG2J,IAAG9jB,IAAGurB,SAChEm2B,cAAe,CAAEvnC,IAAG2J,IAAG9jB,IAAGurB,KAC1Bm1B,aAAc,CAAE5iD,IAAG/H,SAGvB,KAAK0c,EAAM7O,UAAUO,MACnB,OAAOP,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,cACtDwD,cAAe,CAAExS,KAAMgP,GACvBwC,aAAc,CAAEjK,IAAK,IAAID,GAAIC,GAAM8D,SAEvC,KAAK9nC,EAAM7O,UAAUM,KACnB,OAAON,GAAUszC,SAAS2K,SAASpL,GAAKnjD,MAAK,EAAGmjD,MAAK8D,IAAG2D,SAAQx4C,OAAM6Z,cACpEmiC,cAAe,CAAEvnC,EAAG+jC,GACpBwC,aAAc,CACZjK,IAAK,IAAID,GAAIC,GACb8D,IACAwC,UAAW,IAAIgE,GAAU,CAAEr7C,OAAM6Z,gBAGvC,KAAK9M,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAMw9C,SAAS3gB,GAAM5tC,MAAK,EAAGqrC,IAAGuQ,YACxDwS,cAAe,CAAExS,QACjBwR,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUY,OACnB,OAAOZ,GAAUszC,SAASqK,MAAMM,SAAS3gB,GAAM5tC,MAAK,EAAGqrC,IAAGhxB,SACxD+zC,cAAe,CAAE/zC,KACjB+yC,aAAc,CAAE/hB,SAEpB,KAAKlsB,EAAM7O,UAAUK,IACrB,KAAKwO,EAAM7O,UAAUI,QACnB,MAAUpP,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,iBAUO/B,eAA8BquC,EAAMwf,EAAcgB,GACvD,IAAKhB,IAAiBgB,EACpB,MAAU9sD,MAAM,0BAElB,OAAQssC,GACN,KAAKzuB,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QAAS,CAC5B,MAAMjG,EAAEA,EAAC/H,EAAEA,GAAM2qD,GACXvmC,EAAEA,EAAC2J,EAAEA,EAAC9jB,EAAEA,EAACurB,EAAEA,GAAMm2B,EACvB,OAAO99C,GAAU68C,IAAIqB,eAAehkD,EAAG/H,EAAGokB,EAAG2J,EAAG9jB,EAAGurB,GAErD,KAAK9Y,EAAM7O,UAAUK,IAAK,CACxB,MAAM6f,EAAEA,EAAC9jB,EAAEA,EAACq2B,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACjBliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUK,IAAI69C,eAAeh+B,EAAG9jB,EAAGq2B,EAAGz2B,EAAGpB,GAElD,KAAKiU,EAAM7O,UAAUI,QAAS,CAC5B,MAAM8f,EAAEA,EAACuS,EAAEA,EAACz2B,EAAEA,GAAM8gD,GACdliD,EAAEA,GAAMkjD,EACd,OAAO99C,GAAUI,QAAQ89C,eAAeh+B,EAAGuS,EAAGz2B,EAAGpB,GAEnD,KAAKiU,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUM,KAAM,CACzB,MAAM69C,EAAan+C,GAAUszC,SAASzkC,EAAM7f,KAAK6f,EAAM7O,UAAWs9B,KAC5DuV,IAAEA,EAAG8D,EAAEA,GAAMmG,GACbvmC,EAAEA,GAAMunC,EACd,OAAOK,EAAWD,eAAerL,EAAK8D,EAAGpgC,GAE3C,KAAK1H,EAAM7O,UAAUQ,YAAa,CAChC,MAAMm2C,EAAEA,EAAC9D,IAAEA,GAAQiK,GACbxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS9yC,YAAY09C,eAAerL,EAAK8D,EAAGrL,GAE/D,KAAKz8B,EAAM7O,UAAUf,QAAS,CAC5B,MAAM87B,EAAEA,GAAM+hB,GACRxR,KAAEA,GAASwS,EACjB,OAAO99C,GAAUszC,SAAS7yC,MAAMy9C,eAAe5gB,EAAMvC,EAAGuQ,GAE1D,KAAKz8B,EAAM7O,UAAUY,OAAQ,CAC3B,MAAMm6B,EAAEA,GAAM+hB,GACR/yC,EAAEA,GAAM+zC,EACd,OAAO99C,GAAUszC,SAASqK,MAAMO,eAAe5gB,EAAMvC,EAAGhxB,GAE1D,QACE,MAAU/Y,MAAM,iCAEtB,kBASO/B,eAA+BquC,GACpC,MAAMxc,UAAEA,GAAc2c,GAAUH,GAC1B8gB,QAAqBrS,GAAejrB,GACpCu9B,EAAS,IAAI1tD,WAAW,CAACytD,EAAaA,EAAalvD,OAAS,GAAIkvD,EAAaA,EAAalvD,OAAS,KACzG,OAAOgZ,EAAK5T,OAAO,CAAC8pD,EAAcC,GACpC,qBAQO,SAA4B/gB,GACjC,MAAMvc,QAAEA,GAAY0c,GAAUH,GAC9B,OAAOyO,GAAehrB,EACxB,cAQO,SAAqBuc,GAC1B,MAAMI,EAAW7uB,EAAM7f,KAAK6f,EAAMtM,KAAM+6B,GACxC,OAAO1hB,GAAK8hB,EACd,yCAsBO,SAAmCJ,EAAMuV,GAC9C,OAAQvV,GACN,KAAKzuB,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACnB,OAAOR,GAAUszC,SAASgF,qBAAqBzF,GACjD,KAAKhkC,EAAM7O,UAAUf,QACnB,OAAOe,GAAUszC,SAAS7yC,MAAM63C,qBAAqBhb,GACvD,QACE,MAAUtsC,MAAM,iCAEtB,IC9cA,MAAMoK,GAAM,CAEVugB,OAAQA,GAER7Z,KAAMA,GAEN8Z,KAAMA,GAEN5b,UAAWA,GAEX6C,UAAWA,GAEXy7C,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGT5lD,OAAO6lD,OAAOtjD,GAAKmR,IC1CnB,IAAIoyC,GAAiC,oBAAfhuD,YACG,oBAAhBiuD,aACe,oBAAfC,WA+BF,SAASC,GAAU9vC,EAAKlc,GAC3B,OAAIkc,EAAI9f,SAAW4D,EACRkc,EAEPA,EAAIjV,SACGiV,EAAIjV,SAAS,EAAGjH,IAE3Bkc,EAAI9f,OAAS4D,EACNkc,EACX,CAGA,MAAM+vC,GAAU,CACZC,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,GAAI76B,EAAIvqB,UAAYklD,EAAKllD,SACrBklD,EAAK7tD,IAAIkzB,EAAIvqB,SAASmlD,EAAUA,EAAWrhD,GAAMshD,QAIrD,IAAK,IAAIpuD,EAAI,EAAGA,EAAI8M,EAAK9M,IACrBkuD,EAAKE,EAAYpuD,GAAKuzB,EAAI46B,EAAWnuD,IAI7CquD,cAAe,SAAUC,GACrB,IAAItuD,EAAGyzB,EAAG3mB,EAAK5M,EAAKpB,EAIpB,IADAgO,EAAM,EACD9M,EAAI,EAAGyzB,EAAI66B,EAAOnwD,OAAQ6B,EAAIyzB,EAAGzzB,IAClC8M,GAAOwhD,EAAOtuD,GAAG7B,OAIrB,MAAMK,EAAS,IAAIoB,WAAWkN,GAE9B,IADA5M,EAAM,EACDF,EAAI,EAAGyzB,EAAI66B,EAAOnwD,OAAQ6B,EAAIyzB,EAAGzzB,IAClClB,EAAQwvD,EAAOtuD,GACfxB,EAAO6B,IAAIvB,EAAOoB,GAClBA,GAAOpB,EAAMX,OAGjB,OAAOK,IAIT+vD,GAAY,CACdN,SAAU,SAAUC,EAAM36B,EAAK46B,EAAUrhD,EAAKshD,GAC1C,IAAK,IAAIpuD,EAAI,EAAGA,EAAI8M,EAAK9M,IACrBkuD,EAAKE,EAAYpuD,GAAKuzB,EAAI46B,EAAWnuD,IAI7CquD,cAAe,SAAUC,GACrB,MAAO,GAAG/qD,OAAOqW,MAAM,GAAI00C,KAQ5B,IAAIE,GAAOZ,GAAWhuD,WAAahD,MAC/B6xD,GAAQb,GAAWC,YAAcjxD,MACjC8xD,GAAQd,GAAWE,WAAalxD,MAChCyxD,GAAgBT,GAAWI,GAAQK,cAAgBE,GAAUF,cAC7DJ,GAAWL,GAAWI,GAAQC,SAAWM,GAAUN,SChFvD,MAAMU,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAKrBC,GAAqB,EACrBC,GAAqB,EACrBC,GAAqB,EAErBC,IAAqB,EACrBC,IAAqB,EAErBC,IAAqB,EAOrBC,IAA2B,EAG3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAC3BC,GAA2B,EAI3BC,GAA2B,EAC3BC,GAA2B,EAE3BC,GAA2B,EAG3BC,GAA2B,EC7BxC,SAASvjD,GAAKwR,GACV,IAAInR,EAAMmR,EAAI9f,OAAQ,OAAS2O,GAAO,GAClCmR,EAAInR,GAAO,CAEnB,CAIA,MAAMmjD,GAAe,EACfC,GAAe,EACfC,GAAe,EAYfC,GAAgB,GAGhBC,GAAgB,IAGhBC,GAAgBD,GAAW,EAAID,GAG/BG,GAAgB,GAGhBC,GAAgB,GAGhBC,GAAgB,EAAIH,GAAU,EAG9BI,GAAgB,GAGhBC,GAAgB,GAQhBC,GAAc,EAGdC,GAAc,IAGdC,GAAc,GAGdC,GAAc,GAGdC,GAAc,GAIdC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAErDC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAE9DC,GACJ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAEjCC,GACJ,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAgBzCC,GAAoBz0D,MAAsB,GAAf0zD,GAAU,IAC3C7jD,GAAK4kD,IAOL,MAAMC,GAAoB10D,MAAgB,EAAV2zD,IAChC9jD,GAAK6kD,IAKL,MAAMC,GAAoB30D,MAjBJ,KAkBtB6P,GAAK8kD,IAML,MAAMC,GAAoB50D,MAAM60D,KAChChlD,GAAK+kD,IAGL,MAAME,GAAoB90D,MAAMwzD,IAChC3jD,GAAKilD,IAGL,MAAMC,GAAoB/0D,MAAM2zD,IAKhC,SAASqB,GAAeC,EAAaC,EAAYC,EAAYC,EAAOC,GAEhEl1D,KAAK80D,YAAeA,EACpB90D,KAAK+0D,WAAeA,EACpB/0D,KAAKg1D,WAAeA,EACpBh1D,KAAKi1D,MAAeA,EACpBj1D,KAAKk1D,WAAeA,EAGpBl1D,KAAKm1D,UAAeL,GAAeA,EAAY1zD,MACnD,CAGA,IAAIg0D,GACAC,GACAC,GAGJ,SAASC,GAASC,EAAUC,GACxBz1D,KAAKw1D,SAAWA,EAChBx1D,KAAK01D,SAAW,EAChB11D,KAAKy1D,UAAYA,CACrB,CAIA,SAASE,GAAOC,GACZ,OAAOA,EAAO,IAAMpB,GAAWoB,GAAQpB,GAAW,KAAOoB,IAAS,GACtE,CAOA,SAASC,GAAUh4C,EAAGsZ,GAGlBtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJhQ,EAC7BtZ,EAAEi4C,YAAYj4C,EAAEspB,WAAahQ,IAAM,EAAI,GAC3C,CAOA,SAAS4+B,GAAUl4C,EAAGxc,EAAOD,GACrByc,EAAEm4C,SAAWpC,GAAWxyD,GACxByc,EAAEo4C,QAAU50D,GAASwc,EAAEm4C,SAAW,MAClCH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS50D,GAASuyD,GAAW/1C,EAAEm4C,SACjCn4C,EAAEm4C,UAAY50D,EAASwyD,KAEvB/1C,EAAEo4C,QAAU50D,GAASwc,EAAEm4C,SAAW,MAClCn4C,EAAEm4C,UAAY50D,EAEtB,CAGA,SAAS80D,GAAUr4C,EAAGzB,EAAG+5C,GACrBJ,GAAUl4C,EAAGs4C,EAAS,EAAJ/5C,GAAiB+5C,EAAS,EAAJ/5C,EAAQ,GACpD,CAQA,SAASg6C,GAAWC,EAAMtmD,GACtB,IAAIZ,EAAM,EACV,GACIA,GAAc,EAAPknD,EACPA,KAAU,EACVlnD,IAAQ,UACDY,EAAM,GACjB,OAAOZ,IAAQ,CACnB,CAuIA,SAASmnD,GAAUH,EAAMT,EAAUa,GAK/B,MAAMC,EAAgB32D,MAAM8zD,GAAW,GACvC,IACIp1C,EACAnS,EAFAiqD,EAAO,EAOX,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bi4C,EAAUj4C,GAAQ83C,EAAOA,EAAOE,EAASh4C,EAAO,IAAM,EAS1D,IAAKnS,EAAI,EAAIA,GAAKspD,EAAUtpD,IAAK,CAC7B,MAAM2D,EAAMomD,EAAS,EAAJ/pD,EAAQ,GACb,IAAR2D,IAIJomD,EAAS,EAAJ/pD,GAAkBgqD,GAAWI,EAAUzmD,KAAQA,IAK5D,CA8GA,SAAS0mD,GAAW54C,GAChB,IAAIzR,EAGJ,IAAKA,EAAI,EAAGA,EAAImnD,GAAUnnD,IACtByR,EAAE64C,UAAc,EAAJtqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIonD,GAAUpnD,IACtByR,EAAE84C,UAAc,EAAJvqD,GAAkB,EAElC,IAAKA,EAAI,EAAGA,EAAIqnD,GAAUrnD,IACtByR,EAAE+4C,QAAY,EAAJxqD,GAAkB,EAGhCyR,EAAE64C,UAAsB,EAAZ5C,IAA0B,EACtCj2C,EAAEg5C,QAAUh5C,EAAEi5C,WAAa,EAC3Bj5C,EAAEk5C,SAAWl5C,EAAEm5C,QAAU,CAC7B,CAMA,SAASC,GAAUp5C,GACXA,EAAEm4C,SAAW,EACbH,GAAUh4C,EAAGA,EAAEo4C,QACRp4C,EAAEm4C,SAAW,IAEpBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAatpB,EAAEo4C,QAEnCp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,CACjB,CA6BA,SAASkB,GAAQf,EAAM/pD,EAAGgB,EAAG+pD,GACzB,MAAMC,EAAU,EAAJhrD,EACNirD,EAAU,EAAJjqD,EACZ,OAAO+oD,EAAKiB,GAAgBjB,EAAKkB,IAC5BlB,EAAKiB,KAAkBjB,EAAKkB,IAAiBF,EAAM/qD,IAAM+qD,EAAM/pD,EACxE,CAQA,SAASkqD,GAAWz5C,EAAGs4C,EAAMl6C,GAKzB,MAAM47B,EAAIh6B,EAAEgL,KAAK5M,GACjB,IAAIU,EAAIV,GAAK,EACb,KAAOU,GAAKkB,EAAE05C,WAEN56C,EAAIkB,EAAE05C,UACZL,GAAQf,EAAMt4C,EAAEgL,KAAKlM,EAAI,GAAIkB,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,QACpCx6C,KAGAu6C,GAAQf,EAAMte,EAAGh6B,EAAEgL,KAAKlM,GAAIkB,EAAEs5C,SAKlCt5C,EAAEgL,KAAK5M,GAAK4B,EAAEgL,KAAKlM,GACnBV,EAAIU,EAGJA,IAAM,EAEVkB,EAAEgL,KAAK5M,GAAK47B,CAChB,CASA,SAAS2f,GAAe35C,EAAG45C,EAAOC,GAK9B,IAAI9B,EACA+B,EAEAtB,EACAuB,EAFAC,EAAK,EAIT,GAAmB,IAAfh6C,EAAEk5C,SACF,GACInB,EAAO/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,IAAW,EAAIh6C,EAAEi4C,YAAYj4C,EAAEi6C,MAAa,EAALD,EAAS,GAC/EF,EAAK95C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQF,GAC7BA,IAEa,IAATjC,EACAM,GAAUr4C,EAAG85C,EAAIF,IAIjBpB,EAAO5B,GAAakD,GACpBzB,GAAUr4C,EAAGw4C,EAAO/C,GAAW,EAAGmE,GAClCG,EAAQ1D,GAAYmC,GACN,IAAVuB,IACAD,GAAMhD,GAAY0B,GAClBN,GAAUl4C,EAAG85C,EAAIC,IAErBhC,IACAS,EAAOV,GAAOC,GAGdM,GAAUr4C,EAAGw4C,EAAMqB,GACnBE,EAAQzD,GAAYkC,GACN,IAAVuB,IACAhC,GAAQhB,GAAUyB,GAClBN,GAAUl4C,EAAG+3C,EAAMgC,WAQtBC,EAAKh6C,EAAEk5C,UAGpBb,GAAUr4C,EAAGi2C,GAAW2D,EAC5B,CAWA,SAASO,GAAWn6C,EAAGo6C,GAInB,MAAM9B,EAAW8B,EAAKzC,SAChB0C,EAAWD,EAAKxC,UAAUX,YAC1BK,EAAY8C,EAAKxC,UAAUN,UAC3BF,EAAWgD,EAAKxC,UAAUR,MAChC,IAAI7oD,EAAGgB,EAEHq6C,EADAiO,GAAY,EAUhB,IAHA73C,EAAE05C,SAAW,EACb15C,EAAEs6C,SAAWzE,GAERtnD,EAAI,EAAGA,EAAI6oD,EAAO7oD,IACU,IAAzB+pD,EAAS,EAAJ/pD,IACLyR,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAWtpD,EAClCyR,EAAEs5C,MAAM/qD,GAAK,GAGb+pD,EAAS,EAAJ/pD,EAAQ,GAAa,EASlC,KAAOyR,EAAE05C,SAAW,GAChB9P,EAAO5pC,EAAEgL,OAAOhL,EAAE05C,UAAY7B,EAAW,IAAMA,EAAW,EAC1DS,EAAY,EAAP1O,GAAqB,EAC1B5pC,EAAEs5C,MAAM1P,GAAQ,EAChB5pC,EAAEg5C,UAEE1B,IACAt3C,EAAEi5C,YAAcoB,EAAa,EAAPzQ,EAAW,IASzC,IALAwQ,EAAKvC,SAAWA,EAKXtpD,EAAIyR,EAAE05C,UAAY,EAAanrD,GAAK,EAAGA,IACxCkrD,GAAWz5C,EAAGs4C,EAAM/pD,GAMxBq7C,EAAOwN,EACP,GAGI7oD,EAAIyR,EAAEgL,KAAK,GACXhL,EAAEgL,KAAK,GAAiBhL,EAAEgL,KAAKhL,EAAE05C,YACjCD,GAAWz5C,EAAGs4C,EAAM,GAGpB/oD,EAAIyQ,EAAEgL,KAAK,GAEXhL,EAAEgL,OAAOhL,EAAEs6C,UAAY/rD,EACvByR,EAAEgL,OAAOhL,EAAEs6C,UAAY/qD,EAGvB+oD,EAAY,EAAP1O,GAAqB0O,EAAS,EAAJ/pD,GAAkB+pD,EAAS,EAAJ/oD,GACtDyQ,EAAEs5C,MAAM1P,IAAS5pC,EAAEs5C,MAAM/qD,IAAMyR,EAAEs5C,MAAM/pD,GAAKyQ,EAAEs5C,MAAM/qD,GAAKyR,EAAEs5C,MAAM/pD,IAAM,EACvE+oD,EAAS,EAAJ/pD,EAAQ,GAAa+pD,EAAS,EAAJ/oD,EAAQ,GAAaq6C,EAGpD5pC,EAAEgL,KAAK,GAAiB4+B,IACxB6P,GAAWz5C,EAAGs4C,EAAM,SAEft4C,EAAE05C,UAAY,GAEvB15C,EAAEgL,OAAOhL,EAAEs6C,UAAYt6C,EAAEgL,KAAK,GApflC,SAAoBhL,EAAGo6C,GAInB,MAAM9B,EAAkB8B,EAAKzC,SACvBE,EAAkBuC,EAAKvC,SACvBwC,EAAkBD,EAAKxC,UAAUX,YACjCK,EAAkB8C,EAAKxC,UAAUN,UACjCyC,EAAkBK,EAAKxC,UAAUV,WACjCqD,EAAkBH,EAAKxC,UAAUT,WACjCE,EAAkB+C,EAAKxC,UAAUP,WACvC,IAAI/4C,EACA/P,EAAGgB,EACHmR,EACA85C,EACA3zB,EACA4zB,EAAW,EAEf,IAAK/5C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7BV,EAAE04C,SAASh4C,GAAQ,EAQvB,IAFA43C,EAA0B,EAArBt4C,EAAEgL,KAAKhL,EAAEs6C,UAAgB,GAAa,EAEtCh8C,EAAI0B,EAAEs6C,SAAW,EAAGh8C,EAAIu3C,GAAWv3C,IACpC/P,EAAIyR,EAAEgL,KAAK1M,GACXoC,EAAO43C,EAA+B,EAA1BA,EAAS,EAAJ/pD,EAAQ,GAAiB,GAAa,EACnDmS,EAAO22C,IACP32C,EAAO22C,EACPoD,KAEJnC,EAAS,EAAJ/pD,EAAQ,GAAamS,EAGtBnS,EAAIspD,IAIR73C,EAAE04C,SAASh4C,KACX85C,EAAQ,EACJjsD,GAAKgsD,IACLC,EAAQT,EAAMxrD,EAAIgsD,IAEtB1zB,EAAIyxB,EAAS,EAAJ/pD,GACTyR,EAAEg5C,SAAWnyB,GAAKnmB,EAAO85C,GACrBlD,IACAt3C,EAAEi5C,YAAcpyB,GAAKwzB,EAAU,EAAJ9rD,EAAQ,GAAaisD,KAGxD,GAAiB,IAAbC,EAAJ,CAQA,EAAG,CAEC,IADA/5C,EAAO22C,EAAa,EACQ,IAArBr3C,EAAE04C,SAASh4C,IACdA,IAEJV,EAAE04C,SAASh4C,KACXV,EAAE04C,SAASh4C,EAAO,IAAM,EACxBV,EAAE04C,SAASrB,KAIXoD,GAAY,QACPA,EAAW,GAOpB,IAAK/5C,EAAO22C,EAAqB,IAAT32C,EAAYA,IAEhC,IADAnS,EAAIyR,EAAE04C,SAASh4C,GACF,IAANnS,GACHgB,EAAIyQ,EAAEgL,OAAO1M,GACT/O,EAAIsoD,IAGJS,EAAS,EAAJ/oD,EAAQ,KAAemR,IAE5BV,EAAEg5C,UAAYt4C,EAAO43C,EAAS,EAAJ/oD,EAAQ,IAAc+oD,EAAS,EAAJ/oD,GACrD+oD,EAAS,EAAJ/oD,EAAQ,GAAamR,GAE9BnS,KAGZ,CA2ZImsD,CAAW16C,EAAGo6C,GAGd3B,GAAUH,EAAMT,EAAU73C,EAAE04C,SAChC,CAOA,SAASiC,GAAU36C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IANgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAEhB1C,EAAsB,GAAhBT,EAAW,GAAS,GAAa,MAElCtpD,EAAI,EAAGA,GAAKspD,EAAUtpD,IACvBqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,KAEvBq3B,EAAQm1B,GAAaH,IAAWE,IAG3Bl1B,EAAQo1B,EACfh7C,EAAE+4C,QAAiB,EAAT6B,IAAwBh1B,EAEhB,IAAXg1B,GAEHA,IAAWC,GACX76C,EAAE+4C,QAAiB,EAAT6B,KAEd56C,EAAE+4C,QAAkB,EAAV7C,OAEHtwB,GAAS,GAChB5lB,EAAE+4C,QAAoB,EAAZ5C,MAGVn2C,EAAE+4C,QAAsB,EAAd3C,MAGdxwB,EAAQ,EACRi1B,EAAUD,EAEM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CAOA,SAASC,GAAUj7C,EAAGs4C,EAAMT,GAKxB,IAAItpD,EAEAqsD,EADAC,GAAW,EAGXC,EAAUxC,EAAK,GAEf1yB,EAAQ,EACRm1B,EAAY,EACZC,EAAY,EAQhB,IALgB,IAAZF,IACAC,EAAY,IACZC,EAAY,GAGXzsD,EAAI,EAAGA,GAAKspD,EAAUtpD,IAIvB,GAHAqsD,EAASE,EACTA,EAAUxC,EAAe,GAAT/pD,EAAI,GAAS,OAEvBq3B,EAAQm1B,GAAaH,IAAWE,GAAtC,CAGO,GAAIl1B,EAAQo1B,EACf,GACI3C,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,eACN,KAAVnzB,QAEO,IAAXg1B,GACHA,IAAWC,IACXxC,GAAUr4C,EAAG46C,EAAQ56C,EAAE+4C,SACvBnzB,KAGJyyB,GAAUr4C,EAAGk2C,GAASl2C,EAAE+4C,SACxBb,GAAUl4C,EAAG4lB,EAAQ,EAAG,IAEjBA,GAAS,IAChByyB,GAAUr4C,EAAGm2C,GAAWn2C,EAAE+4C,SAC1Bb,GAAUl4C,EAAG4lB,EAAQ,EAAG,KAGxByyB,GAAUr4C,EAAGo2C,GAAap2C,EAAE+4C,SAC5Bb,GAAUl4C,EAAG4lB,EAAQ,GAAI,IAG7BA,EAAQ,EACRi1B,EAAUD,EACM,IAAZE,GACAC,EAAY,IACZC,EAAY,GAELJ,IAAWE,GAClBC,EAAY,EACZC,EAAY,IAGZD,EAAY,EACZC,EAAY,GAGxB,CA1vBAnpD,GAAKklD,IA82BL,IAAImE,IAAmB,EAKvB,SAASC,GAASn7C,GAETk7C,MApnBT,WACI,IAAI3sD,EACAmS,EACAnd,EACAi1D,EACAT,EACJ,MAAMW,EAAe12D,MAAM8zD,GAAW,GAiBtC,IADAvyD,EAAS,EACJi1D,EAAO,EAAGA,EAAOhD,GAAe,EAAGgD,IAEpC,IADA1B,GAAY0B,GAAQj1D,EACfgL,EAAI,EAAGA,EAAI,GAAK8nD,GAAYmC,GAAOjqD,IACpCqoD,GAAarzD,KAAYi1D,EAYjC,IAJA5B,GAAarzD,EAAS,GAAKi1D,EAG3BT,EAAO,EACFS,EAAO,EAAGA,EAAO,GAAIA,IAEtB,IADAzB,GAAUyB,GAAQT,EACbxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAOjqD,IACpCooD,GAAWoB,KAAUS,EAK7B,IADAT,IAAS,EACFS,EAAO7C,GAAS6C,IAEnB,IADAzB,GAAUyB,GAAQT,GAAQ,EACrBxpD,EAAI,EAAGA,EAAI,GAAK+nD,GAAYkC,GAAQ,EAAGjqD,IACxCooD,GAAW,IAAMoB,KAAUS,EAMnC,IAAK93C,EAAO,EAAGA,GAAQo1C,GAAUp1C,IAC7Bg4C,EAASh4C,GAAQ,EAIrB,IADAnS,EAAI,EACGA,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KAEb,KAAOnqD,GAAK,KACRkoD,GAAiB,EAAJloD,EAAQ,GAAa,EAClCA,IACAmqD,EAAS,KASb,IAHAD,GAAUhC,GAAcf,GAAU,EAAGgD,GAGhCnqD,EAAI,EAAGA,EAAIonD,GAASpnD,IACrBmoD,GAAiB,EAAJnoD,EAAQ,GAAa,EAClCmoD,GAAiB,EAAJnoD,GAAkBgqD,GAAWhqD,EAAG,GAIjDgpD,GAAgB,IAAIP,GAAeP,GAAcJ,GAAaZ,GAAW,EAAGC,GAASI,IACrF0B,GAAgB,IAAIR,GAAeN,GAAcJ,GAAa,EAAYX,GAASG,IACnF2B,GAAiB,IAAIT,MAA6BT,GAAc,EAAWX,GAAUI,GAGzF,CAmhBQoF,GACAF,IAAmB,GAGvBl7C,EAAEq7C,OAAU,IAAI3D,GAAS13C,EAAE64C,UAAWtB,IACtCv3C,EAAEs7C,OAAU,IAAI5D,GAAS13C,EAAE84C,UAAWtB,IACtCx3C,EAAEu7C,QAAU,IAAI7D,GAAS13C,EAAE+4C,QAAStB,IAEpCz3C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,EAGbS,GAAW54C,EACf,CAMA,SAASw7C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAM1C23C,GAAUl4C,GAAIq1C,IAAgB,IAAM90C,EAAO,EAAI,GAAI,GAhgBvD,SAAoBP,EAAGqD,EAAKnR,EAAKsU,GAM7B4yC,GAAUp5C,GAENwG,IACAwxC,GAAUh4C,EAAG9N,GACb8lD,GAAUh4C,GAAI9N,IAKlBwpD,GAAe17C,EAAEi4C,YAAaj4C,EAAE27C,OAAQt4C,EAAKnR,EAAK8N,EAAEspB,SACpDtpB,EAAEspB,SAAWp3B,CACjB,CAgfI0pD,CAAW57C,EAAGqD,EAAKo4C,GAAY,EACnC,CAOA,SAASI,GAAU77C,GACfk4C,GAAUl4C,EAAGs1C,IAAgB,EAAG,GAChC+C,GAAUr4C,EAAGi2C,GAAWQ,IAl0B5B,SAAkBz2C,GACK,KAAfA,EAAEm4C,UACFH,GAAUh4C,EAAGA,EAAEo4C,QACfp4C,EAAEo4C,OAAS,EACXp4C,EAAEm4C,SAAW,GAENn4C,EAAEm4C,UAAY,IACrBn4C,EAAEi4C,YAAYj4C,EAAEspB,WAAwB,IAAXtpB,EAAEo4C,OAC/Bp4C,EAAEo4C,SAAW,EACbp4C,EAAEm4C,UAAY,EAEtB,CAwzBI2D,CAAS97C,EACb,CAOA,SAAS+7C,GAAgB/7C,EAAGqD,EAAKo4C,EAAYl7C,GAMzC,IAAIy7C,EAAUC,EACVC,EAAc,EAGdl8C,EAAEm8C,MAAQ,GAGNn8C,EAAEo8C,KAAKC,YAAclH,KACrBn1C,EAAEo8C,KAAKC,UApGnB,SAA0Br8C,GAKtB,IACIzR,EADA+tD,EAAa,WAIjB,IAAK/tD,EAAI,EAAGA,GAAK,GAAIA,IAAK+tD,KAAgB,EACtC,GAAiB,EAAbA,GAAkD,IAAhCt8C,EAAE64C,UAAc,EAAJtqD,GAC9B,OAAO0mD,GAKf,GAAoC,IAAhCj1C,EAAE64C,UAAU,KAA0D,IAAjC74C,EAAE64C,UAAU,KAClB,IAAjC74C,EAAE64C,UAAU,IACV,OAAO3D,GAEX,IAAK3mD,EAAI,GAAIA,EAAIknD,GAAUlnD,IACvB,GAAoC,IAAhCyR,EAAE64C,UAAc,EAAJtqD,GACZ,OAAO2mD,GAOf,OAAOD,EACX,CAsE+BsH,CAAiBv8C,IAIxCm6C,GAAWn6C,EAAGA,EAAEq7C,QAIhBlB,GAAWn6C,EAAGA,EAAEs7C,QAUhBY,EAlMR,SAAuBl8C,GACnB,IAAIk8C,EAgBJ,IAbAvB,GAAU36C,EAAGA,EAAE64C,UAAW74C,EAAEq7C,OAAOxD,UACnC8C,GAAU36C,EAAGA,EAAE84C,UAAW94C,EAAEs7C,OAAOzD,UAGnCsC,GAAWn6C,EAAGA,EAAEu7C,SASXW,EAActG,GAAW,EAAGsG,GAAe,GACa,IAArDl8C,EAAE+4C,QAAgC,EAAxBvC,GAAS0F,GAAmB,GADKA,KAUnD,OAJAl8C,EAAEg5C,SAAW,GAAKkD,EAAc,GAAK,EAAI,EAAI,EAItCA,CACX,CAsKsBM,CAAcx8C,GAG5Bg8C,EAAWh8C,EAAEg5C,QAAU,EAAI,IAAM,EACjCiD,EAAcj8C,EAAEi5C,WAAa,EAAI,IAAM,EAMnCgD,GAAeD,IACfA,EAAWC,IAKfD,EAAWC,EAAcR,EAAa,EAGtCA,EAAa,GAAKO,IAAqB,IAAT34C,EAS9Bm4C,GAAiBx7C,EAAGqD,EAAKo4C,EAAYl7C,GAE9BP,EAAEy8C,WAAazH,IAAWiH,IAAgBD,GAEjD9D,GAAUl4C,GAAIs1C,IAAgB,IAAM/0C,EAAO,EAAI,GAAI,GACnDo5C,GAAe35C,EAAGy2C,GAAcC,MAGhCwB,GAAUl4C,GAAIu1C,IAAa,IAAMh1C,EAAO,EAAI,GAAI,GAlMxD,SAAwBP,EAAG08C,EAAQC,EAAQC,GAIvC,IAAIC,EASJ,IAHA3E,GAAUl4C,EAAG08C,EAAS,IAAK,GAC3BxE,GAAUl4C,EAAG28C,EAAS,EAAK,GAC3BzE,GAAUl4C,EAAG48C,EAAU,EAAI,GACtBC,EAAO,EAAGA,EAAOD,EAASC,IAE3B3E,GAAUl4C,EAAGA,EAAE+4C,QAAyB,EAAjBvC,GAASqG,GAAY,GAAY,GAI5D5B,GAAUj7C,EAAGA,EAAE64C,UAAW6D,EAAS,GAGnCzB,GAAUj7C,EAAGA,EAAE84C,UAAW6D,EAAS,EAEvC,CA2KQG,CAAe98C,EAAGA,EAAEq7C,OAAOxD,SAAW,EAAG73C,EAAEs7C,OAAOzD,SAAW,EAAGqE,EAAc,GAC9EvC,GAAe35C,EAAGA,EAAE64C,UAAW74C,EAAE84C,YAMrCF,GAAW54C,GAEPO,GACA64C,GAAUp5C,EAIlB,CAMA,SAAS+8C,GAAU/8C,EAAG+3C,EAAM+B,GAmDxB,OA5CA95C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,UAAoBnB,IAAS,EAAI,IAC3D/3C,EAAEi4C,YAAYj4C,EAAEi6C,MAAqB,EAAbj6C,EAAEk5C,SAAe,GAAY,IAAPnB,EAE9C/3C,EAAEi4C,YAAYj4C,EAAEk6C,MAAQl6C,EAAEk5C,UAAiB,IAALY,EACtC95C,EAAEk5C,WAEW,IAATnB,EAEA/3C,EAAE64C,UAAe,EAALiB,MAEZ95C,EAAEm5C,UAEFpB,IAKA/3C,EAAE64C,UAA8C,GAAnCjC,GAAakD,GAAMrE,GAAW,MAC3Cz1C,EAAE84C,UAAyB,EAAfhB,GAAOC,OA0BhB/3C,EAAEk5C,WAAal5C,EAAEg9C,YAAc,CAK1C,CCxrCe,SAASC,GAAQC,EAAO75C,EAAKnR,EAAK5M,GAC7C,IAAIgpB,EAAa,MAAR4uC,EAAgB,EACrB3uC,EAAK2uC,IAAU,GAAK,MAAQ,EAC5B3uD,EAAI,EAER,KAAe,IAAR2D,GAAW,CAId3D,EAAI2D,EAAM,IAAO,IAAOA,EACxBA,GAAO3D,EAEP,GACI+f,EAAKA,EAAKjL,EAAI/d,KAAQ,EACtBipB,EAAKA,EAAKD,EAAI,UACP/f,GAEX+f,GAAM,MACNC,GAAM,MAGV,OAAOD,EAAKC,GAAM,GAAI,CAC1B,CCLA,MAAM4uC,GAhBN,WACI,IAAI5+C,EACJ,MAAM6+C,EAAQ,GAEd,IAAK,IAAI7uD,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1BgQ,EAAIhQ,EACJ,IAAK,IAAI6P,EAAI,EAAGA,EAAI,EAAGA,IACnBG,EAAQ,EAAJA,EAAQ,WAAaA,IAAM,EAAIA,IAAM,EAE7C6+C,EAAM7uD,GAAKgQ,EAGf,OAAO6+C,CACX,CAGiBC,GAGF,SAASC,GAAMv2C,EAAK1D,EAAKnR,EAAK5M,GACzC,MAAM8a,EAAI+8C,GACNzvD,EAAMpI,EAAM4M,EAEhB6U,IAAQ,EAER,IAAK,IAAI3hB,EAAIE,EAAKF,EAAIsI,EAAKtI,IACvB2hB,EAAMA,IAAQ,EAAI3G,EAAmB,KAAhB2G,EAAM1D,EAAIje,KAGnC,OAAc,EAAP2hB,CACX,CCnCA,OAAe,CACX,EAAQ,kBACR,EAAQ,aACR,EAAQ,GACR,KAAQ,aACR,KAAQ,eACR,KAAQ,aACR,KAAQ,sBACR,KAAQ,eACR,KAAQ,wBCwBZ,MAAMw2C,GAAgB,EAsBhBC,GAAY,EACZ3G,GAAY,IACZ4G,GAAiB5G,GAAY2G,GAAY,EAEzCE,GAAc,GAEdC,GAAa,GACbC,GAAc,GACdC,GAAa,GACbC,GAAgB,GAChBC,GAAa,IACbC,GAAa,IACbC,GAAe,IAEfC,GAAe,EACfC,GAAgB,EAChBC,GAAoB,EACpBC,GAAiB,EAEjBC,GAAU,EAEhB,SAAS/a,GAAI6Y,EAAMmC,GAEjB,OADAnC,EAAK50B,IAAMA,GAAI+2B,GACRA,CACT,CAEA,SAAS1B,GAAKh2B,GACZ,OAAQ,GAAO,IAAM,EAAM,EAAI,EAAI,EACrC,CAEA,SAASh1B,GAAKwR,GAAO,IAAInR,EAAMmR,EAAI9f,OAAQ,OAAS2O,GAAO,GAAKmR,EAAInR,GAAO,EAS3E,SAASssD,GAAcpC,GACrB,MAAMp8C,EAAIo8C,EAAK9qB,MAGf,IAAIp/B,EAAM8N,EAAEspB,QACRp3B,EAAMkqD,EAAKqC,YACbvsD,EAAMkqD,EAAKqC,WAED,IAARvsD,IAEJwpD,GAAeU,EAAKpwD,OAAQgU,EAAEi4C,YAAaj4C,EAAE0+C,YAAaxsD,EAAKkqD,EAAKuC,UACpEvC,EAAKuC,UAAYzsD,EACjB8N,EAAE0+C,aAAexsD,EACjBkqD,EAAKwC,WAAa1sD,EAClBkqD,EAAKqC,WAAavsD,EAClB8N,EAAEspB,SAAWp3B,EACK,IAAd8N,EAAEspB,UACJtpB,EAAE0+C,YAAc,GAEpB,CAGA,SAASG,GAAiB7+C,EAAGO,GAC3Bu+C,GAAsB9+C,EAAIA,EAAE++C,aAAe,EAAI/+C,EAAE++C,aAAe,EAAI/+C,EAAEg/C,SAAWh/C,EAAE++C,YAAax+C,GAChGP,EAAE++C,YAAc/+C,EAAEg/C,SAClBR,GAAcx+C,EAAEo8C,KAClB,CAGA,SAAS6C,GAASj/C,EAAG5P,GACnB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAal5B,CAC/B,CAQA,SAAS8uD,GAAYl/C,EAAG5P,GAGtB4P,EAAEi4C,YAAYj4C,EAAEspB,WAAcl5B,IAAM,EAAK,IACzC4P,EAAEi4C,YAAYj4C,EAAEspB,WAAiB,IAAJl5B,CAC/B,CAUA,SAAS+uD,GAAS/C,EAAM/4C,EAAKtd,EAAOoB,GAClC,IAAI+K,EAAMkqD,EAAKgD,SAGf,OADIltD,EAAM/K,IAAQ+K,EAAM/K,GACZ,IAAR+K,EAAoB,GAExBkqD,EAAKgD,UAAYltD,EAGjBwpD,GAAer4C,EAAK+4C,EAAK35D,MAAO25D,EAAKiD,QAASntD,EAAKnM,GAC3B,IAApBq2D,EAAK9qB,MAAMub,KACbuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAO75C,EAAKnR,EAAKnM,GAGhB,IAApBq2D,EAAK9qB,MAAMub,OAClBuP,EAAKc,MAAQI,GAAMlB,EAAKc,MAAO75C,EAAKnR,EAAKnM,IAG3Cq2D,EAAKiD,SAAWntD,EAChBkqD,EAAKkD,UAAYptD,EAEVA,EACT,CAYA,SAASqtD,GAAcv/C,EAAGw/C,GACxB,IAEI/4C,EACAvU,EAHAutD,EAAez/C,EAAE0/C,iBACjBC,EAAO3/C,EAAEg/C,SAGTY,EAAW5/C,EAAE6/C,YACbC,EAAa9/C,EAAE8/C,WACnB,MAAMC,EAAS//C,EAAEg/C,SAAYh/C,EAAEggD,OAASvC,GACtCz9C,EAAEg/C,UAAYh/C,EAAEggD,OAASvC,IAAiB,EAEtCwC,EAAOjgD,EAAE27C,OAETuE,EAAQlgD,EAAEmgD,OACV11D,EAAOuV,EAAEvV,KAMT21D,EAASpgD,EAAEg/C,SAAWnI,GAC5B,IAAIwJ,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,GAQvB5/C,EAAE6/C,aAAe7/C,EAAEugD,aACrBd,IAAiB,GAKfK,EAAa9/C,EAAEwgD,YAAaV,EAAa9/C,EAAEwgD,WAI/C,GAaE,GAXA/5C,EAAQ+4C,EAWJS,EAAKx5C,EAAQm5C,KAAcU,GAC7BL,EAAKx5C,EAAQm5C,EAAW,KAAOS,GAC/BJ,EAAKx5C,KAAWw5C,EAAKN,IACrBM,IAAOx5C,KAAWw5C,EAAKN,EAAO,GAHhC,CAaAA,GAAQ,EACRl5C,IAMA,UAESw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACnEw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IAC1Dw5C,IAAON,KAAUM,IAAOx5C,IAAUw5C,IAAON,KAAUM,IAAOx5C,IACxDk5C,EAAOS,GAOT,GAHAluD,EAAM2kD,IAAauJ,EAAST,GAC5BA,EAAOS,EAASvJ,GAEZ3kD,EAAM0tD,EAAU,CAGlB,GAFA5/C,EAAEygD,YAAcjB,EAChBI,EAAW1tD,EACPA,GAAO4tD,EACT,MAEFO,EAAYJ,EAAKN,EAAOC,EAAW,GACnCU,EAAWL,EAAKN,EAAOC,YAEjBJ,EAAY/0D,EAAK+0D,EAAYU,IAAUH,GAA4B,KAAjBN,GAE5D,OAAIG,GAAY5/C,EAAEwgD,UACTZ,EAEF5/C,EAAEwgD,SACX,CAaA,SAASE,GAAY1gD,GACnB,MAAM2gD,EAAU3gD,EAAEggD,OAClB,IAAIzrC,EAAGhmB,EAAGgB,EAAGqxD,EAAMniD,EAInB,EAAG,CAqBD,GApBAmiD,EAAO5gD,EAAE6gD,YAAc7gD,EAAEwgD,UAAYxgD,EAAEg/C,SAoBnCh/C,EAAEg/C,UAAY2B,GAAWA,EAAUlD,IAAgB,CAErD/B,GAAe17C,EAAE27C,OAAQ37C,EAAE27C,OAAQgF,EAASA,EAAS,GACrD3gD,EAAEygD,aAAeE,EACjB3gD,EAAEg/C,UAAY2B,EAEd3gD,EAAE++C,aAAe4B,EASjBpyD,EAAIyR,EAAE8gD,UACNvsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAE+gD,OAAOxsC,GACbvU,EAAE+gD,KAAKxsC,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UACjCpyD,GAEXA,EAAIoyD,EACJpsC,EAAIhmB,EACJ,GACEgB,EAAIyQ,EAAEvV,OAAO8pB,GACbvU,EAAEvV,KAAK8pB,GAAMhlB,GAAKoxD,EAAUpxD,EAAIoxD,EAAU,UAIjCpyD,GAEXqyD,GAAQD,EAEV,GAAwB,IAApB3gD,EAAEo8C,KAAKgD,SACT,MAmBF,GAJA7wD,EAAI4wD,GAASn/C,EAAEo8C,KAAMp8C,EAAE27C,OAAQ37C,EAAEg/C,SAAWh/C,EAAEwgD,UAAWI,GACzD5gD,EAAEwgD,WAAajyD,EAGXyR,EAAEwgD,UAAYxgD,EAAEghD,QAAUxD,GAS5B,IARA/+C,EAAMuB,EAAEg/C,SAAWh/C,EAAEghD,OACrBhhD,EAAEihD,MAAQjhD,EAAE27C,OAAOl9C,GAGnBuB,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM,IAAMuB,EAAEmhD,UAIvDnhD,EAAEghD,SAEPhhD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAClCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,IACAuB,EAAEghD,WACEhhD,EAAEwgD,UAAYxgD,EAAEghD,OAASxD,cAS1Bx9C,EAAEwgD,UAAY/C,IAAqC,IAApBz9C,EAAEo8C,KAAKgD,SAsCjD,CA6GA,SAASgC,GAAaphD,EAAGqhD,GACvB,IAAIC,EACAC,EAEJ,OAAU,CAMR,GAAIvhD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MA2BJ,GApBAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAOJ,IAAdsC,GAA4BthD,EAAEg/C,SAAWsC,GAAethD,EAAEggD,OAASvC,KAKrEz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,IAGhCthD,EAAEwhD,cAAgBhE,GAYpB,GAPA+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAWh/C,EAAEygD,YAAazgD,EAAEwhD,aAAehE,IAEzEx9C,EAAEwgD,WAAaxgD,EAAEwhD,aAKbxhD,EAAEwhD,cAAgBxhD,EAAE0hD,gBAAuC1hD,EAAEwgD,WAAahD,GAAW,CACvFx9C,EAAEwhD,eACF,GACExhD,EAAEg/C,WAEFh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,eAKQ,KAAnBh/C,EAAEwhD,cACbxhD,EAAEg/C,gBAEFh/C,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,EACjBxhD,EAAEihD,MAAQjhD,EAAE27C,OAAO37C,EAAEg/C,UAErBh/C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAAMh/C,EAAEmhD,eAavEI,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WAEJ,GAAIuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAWhhD,EAAEg/C,SAAYxB,GAAY,EAAMx9C,EAAEg/C,SAAWxB,GAAY,EAClE6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAOA,SAASwD,GAAa3hD,EAAGqhD,GACvB,IAAIC,EACAC,EAEAK,EAGJ,OAAU,CAMR,GAAI5hD,EAAEwgD,UAAY/C,GAAe,CAE/B,GADAiD,GAAY1gD,GACRA,EAAEwgD,UAAY/C,IAAiB4D,IAAUtN,GAC3C,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MA0C3B,GApCAc,EAAY,EACRthD,EAAEwgD,WAAahD,KAEjBx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,UAMtBh/C,EAAE6/C,YAAc7/C,EAAEwhD,aAClBxhD,EAAE6hD,WAAa7hD,EAAEygD,YACjBzgD,EAAEwhD,aAAehE,GAAY,EAEX,IAAd8D,GAA0BthD,EAAE6/C,YAAc7/C,EAAE0hD,gBAC9C1hD,EAAEg/C,SAAWsC,GAActhD,EAAEggD,OAASvC,KAKtCz9C,EAAEwhD,aAAejC,GAAcv/C,EAAGshD,GAG9BthD,EAAEwhD,cAAgB,IACnBxhD,EAAEy8C,WAAa5H,IAAe70C,EAAEwhD,eAAiBhE,IAAax9C,EAAEg/C,SAAWh/C,EAAEygD,YAAc,QAK5FzgD,EAAEwhD,aAAehE,GAAY,IAM7Bx9C,EAAE6/C,aAAerC,IAAax9C,EAAEwhD,cAAgBxhD,EAAE6/C,YAAa,CACjE+B,EAAa5hD,EAAEg/C,SAAWh/C,EAAEwgD,UAAYhD,GAOxC+D,EAASE,GAAgBzhD,EAAGA,EAAEg/C,SAAW,EAAIh/C,EAAE6hD,WAAY7hD,EAAE6/C,YAAcrC,IAM3Ex9C,EAAEwgD,WAAaxgD,EAAE6/C,YAAc,EAC/B7/C,EAAE6/C,aAAe,EACjB,KACQ7/C,EAAEg/C,UAAY4C,IAElB5hD,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAO37C,EAAEg/C,SAAWxB,GAAY,IAAMx9C,EAAEmhD,UACjFG,EAAYthD,EAAEvV,KAAKuV,EAAEg/C,SAAWh/C,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OACrDjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASjhD,EAAEg/C,gBAGK,KAAlBh/C,EAAE6/C,aAKb,GAJA7/C,EAAE8hD,gBAAkB,EACpB9hD,EAAEwhD,aAAehE,GAAY,EAC7Bx9C,EAAEg/C,WAEEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,QAKN,GAAIl+C,EAAE8hD,iBAgBX,GATAP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAEjDuC,GAEF1C,GAAiB7+C,GAAG,GAGtBA,EAAEg/C,WACFh/C,EAAEwgD,YACuB,IAArBxgD,EAAEo8C,KAAKqC,UACT,OAAOP,QAMTl+C,EAAE8hD,gBAAkB,EACpB9hD,EAAEg/C,WACFh/C,EAAEwgD,YAYN,OARIxgD,EAAE8hD,kBAGJP,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,SAAW,IAErDh/C,EAAE8hD,gBAAkB,GAEtB9hD,EAAEghD,OAAShhD,EAAEg/C,SAAWxB,GAAY,EAAIx9C,EAAEg/C,SAAWxB,GAAY,EAC7D6D,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAKJC,EACT,CAgKA,MAAM4D,GACJ9/D,YAAY+/D,EAAaC,EAAUC,EAAaC,EAAWC,GACzDjgE,KAAK6/D,YAAcA,EACnB7/D,KAAK8/D,SAAWA,EAChB9/D,KAAK+/D,YAAcA,EACnB//D,KAAKggE,UAAYA,EACjBhgE,KAAKigE,KAAOA,GAIhB,MAAMC,GAAsB,CAE1B,IAAIN,GAAO,EAAG,EAAG,EAAG,GAviBtB,SAAwB/hD,EAAGqhD,GAIzB,IAAIiB,EAAiB,MAOrB,IALIA,EAAiBtiD,EAAEuiD,iBAAmB,IACxCD,EAAiBtiD,EAAEuiD,iBAAmB,KAI9B,CAER,GAAIviD,EAAEwgD,WAAa,EAAG,CAUpB,GADAE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAmBa,IAAUtN,GACjC,OAAOmK,GAGT,GAAoB,IAAhBl+C,EAAEwgD,UACJ,MAOJxgD,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAEwgD,UAAY,EAGd,MAAMgC,EAAYxiD,EAAE++C,YAAcuD,EAElC,IAAmB,IAAftiD,EAAEg/C,UAAkBh/C,EAAEg/C,UAAYwD,KAEpCxiD,EAAEwgD,UAAYxgD,EAAEg/C,SAAWwD,EAC3BxiD,EAAEg/C,SAAWwD,EAEb3D,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GASX,GAAIl+C,EAAEg/C,SAAWh/C,EAAE++C,aAAgB/+C,EAAEggD,OAASvC,KAE5CoB,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAQb,OAFAl+C,EAAEghD,OAAS,EAEPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,KAGLr+C,EAAEg/C,SAAWh/C,EAAE++C,cAEjBF,GAAiB7+C,GAAG,GAChBA,EAAEo8C,KAAKqC,WACFP,GAMb,IA+cE,IAAI6D,GAAO,EAAG,EAAG,EAAG,EAAGX,IACvB,IAAIW,GAAO,EAAG,EAAG,GAAI,EAAGX,IACxB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIX,IAEzB,IAAIW,GAAO,EAAG,EAAG,GAAI,GAAIJ,IACzB,IAAII,GAAO,EAAG,GAAI,GAAI,GAAIJ,IAC1B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,EAAG,GAAI,IAAK,IAAKJ,IAC5B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,IAC/B,IAAII,GAAO,GAAI,IAAK,IAAK,KAAMJ,KA6BjC,MAAMc,GACJxgE,cACEE,KAAKi6D,KAAO,KACZj6D,KAAKugE,OAAS,EACdvgE,KAAK81D,YAAc,KACnB91D,KAAKogE,iBAAmB,EACxBpgE,KAAKu8D,YAAc,EACnBv8D,KAAKmnC,QAAU,EACfnnC,KAAK0qD,KAAO,EACZ1qD,KAAKwgE,OAAS,KACdxgE,KAAKygE,QAAU,EACfzgE,KAAK0gE,OAASzN,GACdjzD,KAAK2gE,YAAc,EAEnB3gE,KAAK69D,OAAS,EACd79D,KAAK4gE,OAAS,EACd5gE,KAAKg+D,OAAS,EAEdh+D,KAAKw5D,OAAS,KAQdx5D,KAAK0+D,YAAc,EAKnB1+D,KAAKsI,KAAO,KAMZtI,KAAK4+D,KAAO,KAEZ5+D,KAAK8+D,MAAQ,EACb9+D,KAAK2+D,UAAY,EACjB3+D,KAAK6gE,UAAY,EACjB7gE,KAAKg/D,UAAY,EAEjBh/D,KAAK++D,WAAa,EAOlB/+D,KAAK48D,YAAc,EAKnB58D,KAAKq/D,aAAe,EACpBr/D,KAAK0/D,WAAa,EAClB1/D,KAAK2/D,gBAAkB,EACvB3/D,KAAK68D,SAAW,EAChB78D,KAAKs+D,YAAc,EACnBt+D,KAAKq+D,UAAY,EAEjBr+D,KAAK09D,YAAc,EAKnB19D,KAAKu9D,iBAAmB,EAMxBv9D,KAAKu/D,eAAiB,EAYtBv/D,KAAKg6D,MAAQ,EACbh6D,KAAKs6D,SAAW,EAEhBt6D,KAAKo+D,WAAa,EAGlBp+D,KAAK29D,WAAa,EAYlB39D,KAAK02D,UAAa,IAAIoK,GAAYpN,MAClC1zD,KAAK22D,UAAa,IAAImK,GAAY,KAClC9gE,KAAK42D,QAAa,IAAIkK,GAAY,IAClCpxD,GAAK1P,KAAK02D,WACVhnD,GAAK1P,KAAK22D,WACVjnD,GAAK1P,KAAK42D,SAEV52D,KAAKk5D,OAAW,KAChBl5D,KAAKm5D,OAAW,KAChBn5D,KAAKo5D,QAAW,KAGhBp5D,KAAKu2D,SAAW,IAAIuK,GAAYnN,IAIhC3zD,KAAK6oB,KAAO,IAAIi4C,GAAY,KAC5BpxD,GAAK1P,KAAK6oB,MAEV7oB,KAAKu3D,SAAW,EAChBv3D,KAAKm4D,SAAW,EAKhBn4D,KAAKm3D,MAAQ,IAAI2J,GAAY,KAC7BpxD,GAAK1P,KAAKm3D,OAIVn3D,KAAK+3D,MAAQ,EAEb/3D,KAAK66D,YAAc,EAoBnB76D,KAAK+2D,SAAW,EAEhB/2D,KAAK83D,MAAQ,EAMb93D,KAAK62D,QAAU,EACf72D,KAAK82D,WAAa,EAClB92D,KAAKg3D,QAAU,EACfh3D,KAAK6+D,OAAS,EAGd7+D,KAAKi2D,OAAS,EAIdj2D,KAAKg2D,SAAW,GA6CpB,SAAS+K,GAAa9G,GACpB,MAAMlsC,EA9BR,SAA0BksC,GACxB,IAAIp8C,EAEJ,OAAKo8C,GAASA,EAAK9qB,OAInB8qB,EAAKkD,SAAWlD,EAAKwC,UAAY,EACjCxC,EAAKC,UAAYlH,GAEjBn1C,EAAIo8C,EAAK9qB,MACTtxB,EAAEspB,QAAU,EACZtpB,EAAE0+C,YAAc,EAEZ1+C,EAAE6sC,KAAO,IACX7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAGd7sC,EAAE0iD,OAAU1iD,EAAE6sC,KAAO8Q,GAAaK,GAClC5B,EAAKc,MAAoB,IAAXl9C,EAAE6sC,KACd,EAEA,EACF7sC,EAAE8iD,WAAa/O,GACfoP,GAAenjD,GACRs0C,IArBE/Q,GAAI6Y,EAAM3H,GAsBrB,CAIc2O,CAAiBhH,GAI7B,OAHIlsC,IAAQokC,IAnPd,SAAiBt0C,GACfA,EAAE6gD,YAAc,EAAI7gD,EAAEggD,OAGtBnuD,GAAKmO,EAAE+gD,MAIP/gD,EAAE0hD,eAAiBW,GAAoBriD,EAAEm8C,OAAO8F,SAChDjiD,EAAEugD,WAAa8B,GAAoBriD,EAAEm8C,OAAO6F,YAC5ChiD,EAAE8/C,WAAauC,GAAoBriD,EAAEm8C,OAAO+F,YAC5CliD,EAAE0/C,iBAAmB2C,GAAoBriD,EAAEm8C,OAAOgG,UAElDniD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEwgD,UAAY,EACdxgD,EAAEghD,OAAS,EACXhhD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB9hD,EAAEihD,MAAQ,CACZ,CAgOIoC,CAAQjH,EAAK9qB,OAERphB,CACT,CA6FA,SAASozC,GAAQlH,EAAMiF,GACrB,IAAIkC,EAAWvjD,EACXwjD,EAAKj8B,EAET,IAAK60B,IAASA,EAAK9qB,OACjB+vB,EAAQjN,IAAWiN,EAAQ,EAC3B,OAAOjF,EAAO7Y,GAAI6Y,EAAM3H,IAAkBA,GAK5C,GAFAz0C,EAAIo8C,EAAK9qB,OAEJ8qB,EAAKpwD,SACNowD,EAAK35D,OAA2B,IAAlB25D,EAAKgD,UACpBp/C,EAAE0iD,SAAWzE,IAAgBoD,IAAUlN,GACxC,OAAO5Q,GAAI6Y,EAA0B,IAAnBA,EAAKqC,UAAmB9J,GAAcF,IAQ1D,GALAz0C,EAAEo8C,KAAOA,EACTmH,EAAYvjD,EAAE8iD,WACd9iD,EAAE8iD,WAAazB,EAGXrhD,EAAE0iD,SAAW/E,GAEf,GAAe,IAAX39C,EAAE6sC,KACJuP,EAAKc,MAAQ,EACb+B,GAASj/C,EAAG,IACZi/C,GAASj/C,EAAG,KACZi/C,GAASj/C,EAAG,GACPA,EAAE2iD,QAaL1D,GAASj/C,GAAIA,EAAE2iD,OAAOvqD,KAAO,EAAI,IAC9B4H,EAAE2iD,OAAOc,KAAO,EAAI,IACnBzjD,EAAE2iD,OAAO5I,MAAY,EAAJ,IACjB/5C,EAAE2iD,OAAOt1D,KAAW,EAAJ,IAChB2S,EAAE2iD,OAAOe,QAAc,GAAJ,IAEvBzE,GAASj/C,EAAmB,IAAhBA,EAAE2iD,OAAO1lD,MACrBgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,EAAK,KACnCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAIA,EAAE2iD,OAAO1lD,MAAQ,GAAM,KACpCgiD,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAiB,IAAdA,EAAE2iD,OAAOgB,IACjB3jD,EAAE2iD,OAAO5I,OAAS/5C,EAAE2iD,OAAO5I,MAAMx2D,SACnC07D,GAASj/C,EAA2B,IAAxBA,EAAE2iD,OAAO5I,MAAMx2D,QAC3B07D,GAASj/C,EAAIA,EAAE2iD,OAAO5I,MAAMx2D,QAAU,EAAK,MAEzCyc,EAAE2iD,OAAOc,OACXrH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAS,IAE3DtpB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS9E,KAlCXqB,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAG,GACZi/C,GAASj/C,EAAe,IAAZA,EAAEm8C,MAAc,EACzBn8C,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EACzC,EAAI,GACR8C,GAASj/C,EAAGs+C,IACZt+C,EAAE0iD,OAAS1E,QA6Bf,CACE,IAAIx3C,EAAU4uC,IAAep1C,EAAE+iD,OAAS,GAAM,IAAO,EACjDa,GAAe,EAGjBA,EADE5jD,EAAEy8C,UAAY3H,IAAkB90C,EAAEm8C,MAAQ,EAC9B,EACLn8C,EAAEm8C,MAAQ,EACL,EACO,IAAZn8C,EAAEm8C,MACG,EAEA,EAEhB31C,GAAWo9C,GAAe,EACP,IAAf5jD,EAAEg/C,WAAkBx4C,GAAUk3C,IAClCl3C,GAAU,GAAMA,EAAS,GAEzBxG,EAAE0iD,OAAS1E,GACXkB,GAAYl/C,EAAGwG,GAGI,IAAfxG,EAAEg/C,WACJE,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAEtBd,EAAKc,MAAQ,EAKjB,GAAIl9C,EAAE0iD,SAAW9E,GACf,GAAI59C,EAAE2iD,OAAO5I,MAAqB,CAGhC,IAFAyJ,EAAMxjD,EAAEspB,QAEDtpB,EAAE4iD,SAAmC,MAAxB5iD,EAAE2iD,OAAO5I,MAAMx2D,UAC7Byc,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,oBAItBtD,GAASj/C,EAA+B,IAA5BA,EAAE2iD,OAAO5I,MAAM/5C,EAAE4iD,UAC7B5iD,EAAE4iD,UAEA5iD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAE7DxjD,EAAE4iD,UAAY5iD,EAAE2iD,OAAO5I,MAAMx2D,SAC/Byc,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS7E,SAIb79C,EAAE0iD,OAAS7E,GAGf,GAAI79C,EAAE0iD,SAAW7E,GACf,GAAI79C,EAAE2iD,OAAOt1D,KAAoB,CAC/Bm2D,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOt1D,KAAK9J,OACkB,IAAxCyc,EAAE2iD,OAAOt1D,KAAKsR,WAAWqB,EAAE4iD,WAE3B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE4iD,QAAU,EACZ5iD,EAAE0iD,OAAS5E,SAIb99C,EAAE0iD,OAAS5E,GAGf,GAAI99C,EAAE0iD,SAAW5E,GACf,GAAI99C,EAAE2iD,OAAOe,QAAuB,CAClCF,EAAMxjD,EAAEspB,QAGR,EAAG,CACD,GAAItpB,EAAEspB,UAAYtpB,EAAEuiD,mBACdviD,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAEjEhF,GAAcpC,GACdoH,EAAMxjD,EAAEspB,QACJtpB,EAAEspB,UAAYtpB,EAAEuiD,kBAAkB,CACpCh7B,EAAM,EACN,MAKFA,EADEvnB,EAAE4iD,QAAU5iD,EAAE2iD,OAAOe,QAAQngE,OACkB,IAA3Cyc,EAAE2iD,OAAOe,QAAQ/kD,WAAWqB,EAAE4iD,WAE9B,EAER3D,GAASj/C,EAAGunB,SACG,IAARA,GAELvnB,EAAE2iD,OAAOc,MAAQzjD,EAAEspB,QAAUk6B,IAC/BpH,EAAKc,MAAQI,GAAMlB,EAAKc,MAAOl9C,EAAEi4C,YAAaj4C,EAAEspB,QAAUk6B,EAAKA,IAErD,IAARj8B,IACFvnB,EAAE0iD,OAAS3E,SAIb/9C,EAAE0iD,OAAS3E,GAsBf,GAnBI/9C,EAAE0iD,SAAW3E,KACX/9C,EAAE2iD,OAAOc,MACPzjD,EAAEspB,QAAU,EAAItpB,EAAEuiD,kBACpB/D,GAAcpC,GAEZp8C,EAAEspB,QAAU,GAAKtpB,EAAEuiD,mBACrBtD,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChCd,EAAKc,MAAQ,EACbl9C,EAAE0iD,OAAS1E,KAIbh+C,EAAE0iD,OAAS1E,IAMG,IAAdh+C,EAAEspB,SAEJ,GADAk1B,GAAcpC,GACS,IAAnBA,EAAKqC,UAQP,OADAz+C,EAAE8iD,YAAc,EACTxO,QAOJ,GAAsB,IAAlB8H,EAAKgD,UAAkBvC,GAAKwE,IAAUxE,GAAK0G,IACpDlC,IAAUlN,GACV,OAAO5Q,GAAI6Y,EAAMzH,IAInB,GAAI30C,EAAE0iD,SAAWzE,IAAkC,IAAlB7B,EAAKgD,SACpC,OAAO7b,GAAI6Y,EAAMzH,IAKnB,GAAsB,IAAlByH,EAAKgD,UAAkC,IAAhBp/C,EAAEwgD,WAC1Ba,IAAUtN,IAAc/zC,EAAE0iD,SAAWzE,GAAe,CACrD,IAAI4F,EAAU7jD,EAAEy8C,WAAa3H,GAvqBjC,SAAsB90C,EAAGqhD,GACvB,IAAIE,EAEJ,OAAU,CAER,GAAoB,IAAhBvhD,EAAEwgD,YACJE,GAAY1gD,GACQ,IAAhBA,EAAEwgD,WAAiB,CACrB,GAAIa,IAAUtN,GACZ,OAAOmK,GAET,MAWJ,GANAl+C,EAAEwhD,aAAe,EAGjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAC1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,WACEuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CAqnBmD2F,CAAa9jD,EAAGqhD,GAC5DrhD,EAAEy8C,WAAa1H,GAvwBtB,SAAqB/0C,EAAGqhD,GACtB,IAAIE,EACA92D,EACAk1D,EAAMS,EAEV,MAAMH,EAAOjgD,EAAE27C,OAEf,OAAU,CAKR,GAAI37C,EAAEwgD,WAAa3J,GAAW,CAE5B,GADA6J,GAAY1gD,GACRA,EAAEwgD,WAAa3J,IAAawK,IAAUtN,GACxC,OAAOmK,GAET,GAAoB,IAAhBl+C,EAAEwgD,UAAmB,MAK3B,GADAxgD,EAAEwhD,aAAe,EACbxhD,EAAEwgD,WAAahD,IAAax9C,EAAEg/C,SAAW,IAC3CW,EAAO3/C,EAAEg/C,SAAW,EACpBv0D,EAAOw1D,EAAKN,GACRl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAAO,CAC3ES,EAASpgD,EAAEg/C,SAAWnI,GACtB,UAESpsD,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IAClDl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACzCl1D,IAASw1D,IAAON,IAASl1D,IAASw1D,IAAON,IACvCA,EAAOS,GACTpgD,EAAEwhD,aAAe3K,IAAauJ,EAAST,GACnC3/C,EAAEwhD,aAAexhD,EAAEwgD,YACrBxgD,EAAEwhD,aAAexhD,EAAEwgD,WAyBzB,GAlBIxgD,EAAEwhD,cAAgBhE,IAIpB+D,EAASE,GAAgBzhD,EAAG,EAAGA,EAAEwhD,aAAehE,IAEhDx9C,EAAEwgD,WAAaxgD,EAAEwhD,aACjBxhD,EAAEg/C,UAAYh/C,EAAEwhD,aAChBxhD,EAAEwhD,aAAe,IAKjBD,EAASE,GAAgBzhD,EAAG,EAAGA,EAAE27C,OAAO37C,EAAEg/C,WAE1Ch/C,EAAEwgD,YACFxgD,EAAEg/C,YAEAuC,IAEF1C,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACT,OAAOP,GAMb,OADAl+C,EAAEghD,OAAS,EACPK,IAAUlN,IAEZ0K,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,UACFL,GAGFC,IAELr+C,EAAEk5C,WAEJ2F,GAAiB7+C,GAAG,GACK,IAArBA,EAAEo8C,KAAKqC,WACFP,GAIJC,EACT,CA8qB8B4F,CAAY/jD,EAAGqhD,GACrCgB,GAAoBriD,EAAEm8C,OAAOiG,KAAKpiD,EAAGqhD,GAKzC,GAHIwC,IAAWzF,IAAqByF,IAAWxF,KAC7Cr+C,EAAE0iD,OAASzE,IAET4F,IAAW3F,IAAgB2F,IAAWzF,GAKxC,OAJuB,IAAnBhC,EAAKqC,YACPz+C,EAAE8iD,YAAc,GAGXxO,GAST,GAAIuP,IAAW1F,KACTkD,IAAUrN,GACZgQ,GAAgBhkD,GAETqhD,IAAUjN,KAEjB6P,GAAuBjkD,EAAG,EAAG,GAAG,GAI5BqhD,IAAUnN,KAEZriD,GAAKmO,EAAE+gD,MAEa,IAAhB/gD,EAAEwgD,YACJxgD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,KAIjBxC,GAAcpC,GACS,IAAnBA,EAAKqC,WAEP,OADAz+C,EAAE8iD,YAAc,EACTxO,GAOb,OAAI+M,IAAUlN,GAAmBG,GAC7Bt0C,EAAE6sC,MAAQ,EAAY0H,IAGX,IAAXv0C,EAAE6sC,MACJoS,GAASj/C,EAAgB,IAAbo8C,EAAKc,OACjB+B,GAASj/C,EAAIo8C,EAAKc,OAAS,EAAK,KAChC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAIo8C,EAAKc,OAAS,GAAM,KACjC+B,GAASj/C,EAAmB,IAAhBo8C,EAAKkD,UACjBL,GAASj/C,EAAIo8C,EAAKkD,UAAY,EAAK,KACnCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,KACpCL,GAASj/C,EAAIo8C,EAAKkD,UAAY,GAAM,OAGpCJ,GAAYl/C,EAAGo8C,EAAKc,QAAU,IAC9BgC,GAAYl/C,EAAgB,MAAbo8C,EAAKc,QAGtBsB,GAAcpC,GAIVp8C,EAAE6sC,KAAO,IAAK7sC,EAAE6sC,MAAQ7sC,EAAE6sC,MAET,IAAd7sC,EAAEspB,QAAgBgrB,GAAOC,GAClC,CChqDA,IACI93C,OAAOsC,aAAaC,KAAM,KAAQ,EACtC,CAAE,MAAOklD,GAET,CACA,IACIznD,OAAOsC,aAAaC,MAAM,KAAM,IAAIha,WAAW,GACnD,CAAE,MAAOk/D,GAET,CAMA,MAAMC,GAAW,IAAIC,GAAW,KAChC,IAAK,IAAI3zD,EAAI,EAAGA,EAAI,IAAKA,IACrB0zD,GAAS1zD,GAAKA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAIA,GAAK,IAAM,EAAI,EAMtF,SAAS4zD,GAAY5lD,GACxB,IAAIF,EAAGoR,EAAI20C,EAAOl/D,EAAGm/D,EAAU,EAC/B,MAAMC,EAAU/lD,EAAIlb,OAGpB,IAAK+gE,EAAQ,EAAGA,EAAQE,EAASF,IAC7B/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGRC,GAAWhmD,EAAI,IAAO,EAAIA,EAAI,KAAQ,EAAIA,EAAI,MAAU,EAAI,EAIhE,MAAM8E,EAAM,IAAI+gD,GAAWG,GAG3B,IAAKn/D,EAAI,EAAGk/D,EAAQ,EAAGl/D,EAAIm/D,EAASD,IAChC/lD,EAAIE,EAAIE,WAAW2lD,GACE,QAAZ,MAAJ/lD,IAA0B+lD,EAAQ,EAAIE,IACvC70C,EAAKlR,EAAIE,WAAW2lD,EAAQ,GACN,QAAZ,MAAL30C,KACDpR,EAAI,OAAWA,EAAI,OAAU,KAAOoR,EAAK,OACzC20C,MAGJ/lD,EAAI,IAEJ8E,EAAIje,KAAOmZ,EACJA,EAAI,MAEX8E,EAAIje,KAAO,IAAOmZ,IAAM,EACxB8E,EAAIje,KAAO,IAAW,GAAJmZ,GACXA,EAAI,OAEX8E,EAAIje,KAAO,IAAOmZ,IAAM,GACxB8E,EAAIje,KAAO,IAAOmZ,IAAM,EAAI,GAC5B8E,EAAIje,KAAO,IAAW,GAAJmZ,IAGlB8E,EAAIje,KAAO,IAAOmZ,IAAM,GACxB8E,EAAIje,KAAO,IAAOmZ,IAAM,GAAK,GAC7B8E,EAAIje,KAAO,IAAOmZ,IAAM,EAAI,GAC5B8E,EAAIje,KAAO,IAAW,GAAJmZ,GAI1B,OAAO8E,CACX,CAxDA8gD,GAAS,KAAOA,GAAS,KAAO,ECbjB,MAAMM,GACnBxiE,cAEEE,KAAKM,MAAQ,KACbN,KAAKk9D,QAAU,EAEfl9D,KAAKi9D,SAAW,EAEhBj9D,KAAKm9D,SAAW,EAEhBn9D,KAAK6J,OAAS,KACd7J,KAAKw8D,SAAW,EAEhBx8D,KAAKs8D,UAAY,EAEjBt8D,KAAKy8D,UAAY,EAEjBz8D,KAAKqlC,IAAM,GAEXrlC,KAAKmvC,MAAQ,KAEbnvC,KAAKk6D,UAAY,EAEjBl6D,KAAK+6D,MAAQ,GCiEjB,MAAMwH,GACJziE,YAAY+E,GACV7E,KAAK6E,QAAU,CACbm1D,MAAOvH,GACPiO,OAAQzN,GACRuP,UAAW,MACXC,WAAY,GACZC,SAAU,EACVpI,SR/DkC,KQgE9Bz1D,GAAW,IAGjB,MAAM89D,EAAM3iE,KAAK6E,QAEb89D,EAAIC,KAAQD,EAAIF,WAAa,EAC/BE,EAAIF,YAAcE,EAAIF,WAGfE,EAAIE,MAASF,EAAIF,WAAa,GAAOE,EAAIF,WAAa,KAC7DE,EAAIF,YAAc,IAGpBziE,KAAKohD,IAAS,EACdphD,KAAKqlC,IAAS,GACdrlC,KAAK8iE,OAAS,EACd9iE,KAAKuxD,OAAS,GAEdvxD,KAAKi6D,KAAO,IAAIqI,GAChBtiE,KAAKi6D,KAAKqC,UAAY,EAEtB,IH+nCsBrC,EAAM2E,EG/nCxB2B,EHuoCR,SAAsBtG,EAAMD,EAAO0G,EAAQ+B,EAAYC,EAAUpI,GAC/D,IAAKL,EACH,OAAO3H,GAET,IAAI5H,EAAO,EAiBX,GAfIsP,IAAUvH,KACZuH,EAAQ,GAGNyI,EAAa,GACf/X,EAAO,EACP+X,GAAcA,GAGPA,EAAa,KACpB/X,EAAO,EACP+X,GAAc,IAIZC,EAAW,GAAKA,EAAWtH,IAAiBsF,IAAWzN,IACzDwP,EAAa,GAAKA,EAAa,IAAMzI,EAAQ,GAAKA,EAAQ,GAC1DM,EAAW,GAAKA,EAAWzH,GAC3B,OAAOzR,GAAI6Y,EAAM3H,IAIA,IAAfmQ,IACFA,EAAa,GAIf,MAAM5kD,EAAI,IAAIyiD,GAyCd,OAvCArG,EAAK9qB,MAAQtxB,EACbA,EAAEo8C,KAAOA,EAETp8C,EAAE6sC,KAAOA,EACT7sC,EAAE2iD,OAAS,KACX3iD,EAAE+iD,OAAS6B,EACX5kD,EAAEggD,OAAS,GAAKhgD,EAAE+iD,OAClB/iD,EAAEmgD,OAASngD,EAAEggD,OAAS,EAEtBhgD,EAAEgjD,UAAY6B,EAAW,EACzB7kD,EAAE8gD,UAAY,GAAK9gD,EAAEgjD,UACrBhjD,EAAEmhD,UAAYnhD,EAAE8gD,UAAY,EAC5B9gD,EAAEkhD,eAAiBlhD,EAAEgjD,UAAYxF,GAAY,GAAKA,IAClDx9C,EAAE27C,OAAS,IAAIyI,GAAsB,EAAXpkD,EAAEggD,QAC5BhgD,EAAE+gD,KAAO,IAAIkC,GAAYjjD,EAAE8gD,WAC3B9gD,EAAEvV,KAAO,IAAIw4D,GAAYjjD,EAAEggD,QAK3BhgD,EAAEg9C,YAAc,GAAM6H,EAAW,EAEjC7kD,EAAEuiD,iBAAmC,EAAhBviD,EAAEg9C,YAIvBh9C,EAAEi4C,YAAc,IAAImM,GAAWpkD,EAAEuiD,kBAIjCviD,EAAEi6C,MAAQ,EAAIj6C,EAAEg9C,YAGhBh9C,EAAEk6C,MAAQ,EAAUl6C,EAAEg9C,YAEtBh9C,EAAEm8C,MAAQA,EACVn8C,EAAEy8C,SAAWA,EACbz8C,EAAE6iD,OAASA,EAEJK,GAAa9G,EACtB,CGltCiB8I,CACX/iE,KAAKi6D,KACL0I,EAAI3I,MACJ2I,EAAIjC,OACJiC,EAAIF,WACJE,EAAID,SACJC,EAAIrI,UAGN,GAAIiG,IAAWpO,GACb,MAAUjvD,MAAMmiC,GAAIk7B,IAOtB,GAJIoC,EAAIt+C,SHknCc41C,EGjnCUj6D,KAAKi6D,KHinCT2E,EGjnCe+D,EAAIt+C,OHknC5C41C,GAASA,EAAK9qB,QACK,IAApB8qB,EAAK9qB,MAAMub,OACfuP,EAAK9qB,MAAMqxB,OAAS5B,KGjnCd+D,EAAIK,WAAY,CAClB,IAAIC,EAaJ,GATEA,EAF4B,iBAAnBN,EAAIK,WAENE,GAAmBP,EAAIK,YACrBL,EAAIK,sBAAsB79C,YAC5B,IAAItiB,WAAW8/D,EAAIK,YAEnBL,EAAIK,WAGbzC,EHsiDN,SAA8BtG,EAAM+I,GAClC,IAEInlD,EACAvB,EAAKlQ,EACLs+C,EACAyY,EACAC,EACA9iE,EACA+iE,EARAC,EAAaN,EAAW5hE,OAU5B,IAAK64D,IAAsBA,EAAK9qB,MAC9B,OAAOmjB,GAMT,GAHAz0C,EAAIo8C,EAAK9qB,MACTub,EAAO7sC,EAAE6sC,KAEI,IAATA,GAAwB,IAATA,GAAc7sC,EAAE0iD,SAAW/E,IAAe39C,EAAEwgD,UAC7D,OAAO/L,GAmCT,IA/Ba,IAAT5H,IAEFuP,EAAKc,MAAQD,GAAQb,EAAKc,MAAOiI,EAAYM,EAAY,IAG3DzlD,EAAE6sC,KAAO,EAGL4Y,GAAczlD,EAAEggD,SACL,IAATnT,IAEFh7C,GAAKmO,EAAE+gD,MACP/gD,EAAEg/C,SAAW,EACbh/C,EAAE++C,YAAc,EAChB/+C,EAAEghD,OAAS,GAIbwE,EAAU,IAAIpB,GAAWpkD,EAAEggD,QAC3BtE,GAAe8J,EAASL,EAAYM,EAAazlD,EAAEggD,OAAQhgD,EAAEggD,OAAQ,GACrEmF,EAAaK,EACbC,EAAazlD,EAAEggD,QAGjBsF,EAAQlJ,EAAKgD,SACbmG,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACb25D,EAAKgD,SAAWqG,EAChBrJ,EAAKiD,QAAU,EACfjD,EAAK35D,MAAQ0iE,EACbzE,GAAY1gD,GACLA,EAAEwgD,WAAahD,IAAW,CAC/B/+C,EAAMuB,EAAEg/C,SACRzwD,EAAIyR,EAAEwgD,WAAahD,GAAY,GAC/B,GAEEx9C,EAAEihD,OAAUjhD,EAAEihD,OAASjhD,EAAEkhD,WAAclhD,EAAE27C,OAAOl9C,EAAM++C,GAAY,IAAMx9C,EAAEmhD,UAE1EnhD,EAAEvV,KAAKgU,EAAMuB,EAAEmgD,QAAUngD,EAAE+gD,KAAK/gD,EAAEihD,OAElCjhD,EAAE+gD,KAAK/gD,EAAEihD,OAASxiD,EAClBA,YACSlQ,GACXyR,EAAEg/C,SAAWvgD,EACbuB,EAAEwgD,UAAYhD,GAAY,EAC1BkD,GAAY1gD,GAYd,OAVAA,EAAEg/C,UAAYh/C,EAAEwgD,UAChBxgD,EAAE++C,YAAc/+C,EAAEg/C,SAClBh/C,EAAEghD,OAAShhD,EAAEwgD,UACbxgD,EAAEwgD,UAAY,EACdxgD,EAAEwhD,aAAexhD,EAAE6/C,YAAcrC,GAAY,EAC7Cx9C,EAAE8hD,gBAAkB,EACpB1F,EAAKiD,QAAUkG,EACfnJ,EAAK35D,MAAQA,EACb25D,EAAKgD,SAAWkG,EAChBtlD,EAAE6sC,KAAOA,EACFyH,EACT,CGvnDeoR,CAAkCvjE,KAAKi6D,KAAMgJ,GAElD1C,IAAWpO,GACb,MAAUjvD,MAAMmiC,GAAIk7B,IAGtBvgE,KAAKwjE,WAAY,GAiCrB3hE,KAAKiI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMp1D,SAAS29D,UAAEA,IAAgBxiE,KACzC,IAAIugE,EAAQkD,EAEZ,GAAIzjE,KAAK8iE,MAAS,OAAO,EAEzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBkkC,GAAWJ,GAG7C,iBAAT9nD,EAETmwD,EAAK35D,MAAQ4iE,GAAmBp5D,GACvBA,aAAgBqb,YACzB80C,EAAK35D,MAAQ,IAAIuC,WAAWiH,GAE5BmwD,EAAK35D,MAAQwJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK35D,MAAMc,OAE3B,EAAG,CAQD,GAPuB,IAAnB64D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,IAEnBjC,EAASmD,GAAqBzJ,EAAMwJ,MAErBrR,IAAgBmO,IAAWpO,GAGxC,OAFAnyD,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,GACN,EAEc,IAAnB7I,EAAKqC,YAAsC,IAAlBrC,EAAKgD,UAAmBwG,IAAUzR,IAAYyR,IAAU3R,KACnF9xD,KAAK4jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,kBAExCvC,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAWnO,IAGnE,OAAIqR,IAAUzR,IACZuO,EHy7CN,SAAoBtG,GAClB,IAAIsG,EAEJ,OAAKtG,GAAsBA,EAAK9qB,OAIhCoxB,EAAStG,EAAK9qB,MAAMoxB,OAChBA,IAAW/E,IACb+E,IAAW9E,IACX8E,IAAW7E,IACX6E,IAAW5E,IACX4E,IAAW3E,IACX2E,IAAW1E,IACX0E,IAAWzE,GAEJ1a,GAAI6Y,EAAM3H,KAGnB2H,EAAK9qB,MAAQ,KAENoxB,IAAW1E,GAAaza,GAAI6Y,EAAM1H,IAAgBJ,KAjBhDG,EAkBX,CG/8CewR,CAAwB9jE,KAAKi6D,MACtCj6D,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,EACNvC,IAAWpO,IAIhBsR,IAAU3R,KACZ9xD,KAAK2jE,MAAMxR,IACX8H,EAAKqC,UAAY,GACV,GAcXsH,OAAO7hE,GACL/B,KAAKuxD,OAAO1vD,KAAKE,GAanB4hE,MAAMpD,GAEAA,IAAWpO,KACbnyD,KAAKyB,OAASsiE,GAAoB/jE,KAAKuxD,SAEzCvxD,KAAKuxD,OAAS,GACdvxD,KAAKohD,IAAMmf,EACXvgE,KAAKqlC,IAAMrlC,KAAKi6D,KAAK50B,KC/QzB,MAAM2+B,GAAM,GACNC,GAAO,GAqCE,SAASC,GAAajK,EAAMr2D,GACvC,IAAIugE,EACAC,EAEAC,EACA9lD,EACA+lD,EACAC,EAEAx0D,EACA6lD,EACA7zC,EACAyiD,EAKJ,MAAMr1B,EAAQ8qB,EAAK9qB,MAEnBg1B,EAAMlK,EAAKiD,QACX,MAAM58D,EAAQ25D,EAAK35D,MACb8d,EAAO+lD,GAAOlK,EAAKgD,SAAW,GACpCmH,EAAOnK,EAAKuC,SACZ,MAAM3yD,EAASowD,EAAKpwD,OACdw3D,EAAM+C,GAAQxgE,EAAQq2D,EAAKqC,WAC3B/wD,EAAM64D,GAAQnK,EAAKqC,UAAY,KAE/BmI,EAAOt1B,EAAMs1B,KAEbC,EAAQv1B,EAAMu1B,MACdC,EAAQx1B,EAAMw1B,MACdC,EAAQz1B,EAAMy1B,MACdC,EAAW11B,EAAMqqB,OACvB6K,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KACb,MAAMumD,EAAQ31B,EAAM41B,QACdC,EAAQ71B,EAAM81B,SACdC,GAAS,GAAK/1B,EAAMg2B,SAAW,EAC/BC,GAAS,GAAKj2B,EAAMk2B,UAAY,EAMtCC,EACA,EAAG,CACK/mD,EAAO,KACP8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAGZ+lD,EAAOQ,EAAMT,EAAOa,GAEpBK,EACA,OAAS,CAKL,GAJAhB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,IACR,IAAPC,EAIA16D,EAAOu6D,KAAiB,MAAPE,MACd,MAAS,GAALC,GAkKJ,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOQ,GAAc,MAAPR,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASgB,EACN,GAAS,GAALhB,EAAS,CAEhBp1B,EAAMrhB,KAAOm2C,GACb,MAAMqB,EAENrL,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA3KNv1D,EAAa,MAAPu0D,EACNC,GAAM,GACFA,IACIhmD,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAEZxO,GAAOs0D,GAAQ,GAAKE,GAAM,EAC1BF,KAAUE,EACVhmD,GAAQgmD,GAGRhmD,EAAO,KACP8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACR8lD,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,GAEZ+lD,EAAOU,EAAMX,EAAOe,GAEpBI,EACA,OAAS,CAML,GALAjB,EAAKD,IAAS,GACdD,KAAUE,EACVhmD,GAAQgmD,EACRA,EAAKD,IAAS,GAAK,MAEV,GAALC,GA2HG,IAAkB,IAAR,GAALA,GAAgB,CACxBD,EAAOU,GAAc,MAAPV,IAA8BD,GAAQ,GAAKE,GAAM,IAC/D,SAASiB,EAETvL,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EApHN,GAZA1P,EAAc,MAAP0O,EACPC,GAAM,GACFhmD,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,EACJA,EAAOgmD,IACPF,GAAQ/jE,EAAM6jE,MAAU5lD,EACxBA,GAAQ,IAGhBq3C,GAAQyO,GAAQ,GAAKE,GAAM,EAEvB3O,EAAO6O,EAAM,CACbxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EAOV,GAJAjB,KAAUE,EACVhmD,GAAQgmD,EAERA,EAAKH,EAAO/C,EACRzL,EAAO2O,EAAI,CAEX,GADAA,EAAK3O,EAAO2O,EACRA,EAAKI,GACDx1B,EAAMs2B,KAAM,CACZxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAAMsB,EA2Bd,GAFAvjD,EAAO,EACPyiD,EAAcK,EACA,IAAVD,GAEA,GADA7iD,GAAQ2iD,EAAQH,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,QAEf,GAAI+6D,EAAQL,GAGf,GAFAxiD,GAAQ2iD,EAAQE,EAAQL,EACxBA,GAAMK,EACFL,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GAEX,GADAxiD,EAAO,EACH6iD,EAAQ70D,EAAK,CACbw0D,EAAKK,EACL70D,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,SAKtB,GADAkY,GAAQ6iD,EAAQL,EACZA,EAAKx0D,EAAK,CACVA,GAAOw0D,EACP,GACI16D,EAAOu6D,KAAUS,EAAS9iD,aACnBwiD,GACXxiD,EAAOqiD,EAAOxO,EACd4O,EAAc36D,EAGtB,KAAOkG,EAAM,GACTlG,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BlY,EAAOu6D,KAAUI,EAAYziD,KAC7BhS,GAAO,EAEPA,IACAlG,EAAOu6D,KAAUI,EAAYziD,KACzBhS,EAAM,IACNlG,EAAOu6D,KAAUI,EAAYziD,WAGlC,CACHA,EAAOqiD,EAAOxO,EACd,GACI/rD,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBlY,EAAOu6D,KAAUv6D,EAAOkY,KACxBhS,GAAO,QACFA,EAAM,GACXA,IACAlG,EAAOu6D,KAAUv6D,EAAOkY,KACpBhS,EAAM,IACNlG,EAAOu6D,KAAUv6D,EAAOkY,OAaxC,OAeR,aAECoiD,EAAM/lD,GAAQgmD,EAAO74D,GAG9BwE,EAAMwO,GAAQ,EACd4lD,GAAOp0D,EACPwO,GAAQxO,GAAO,EACfs0D,IAAS,GAAK9lD,GAAQ,EAGtB07C,EAAKiD,QAAUiH,EACflK,EAAKuC,SAAW4H,EAChBnK,EAAKgD,SAAWkH,EAAM/lD,EAAYA,EAAO+lD,EAAZ,EAAmB,GAAKA,EAAM/lD,GAC3D67C,EAAKqC,UAAY8H,EAAO74D,EAAaA,EAAM64D,EAAb,IAAqB,KAAOA,EAAO74D,GACjE4jC,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,CAEjB,CCxSA,MAAMmnD,GAAU,GACVC,GAAc,IACdC,GAAe,IAGfC,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAERC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACrD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,EAAG,GAG3DC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAGtDC,GAAQ,CACV,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAAK,IACtD,IAAK,IAAK,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KAClD,KAAM,MAAO,MAAO,MAAO,EAAG,GAG5BC,GAAO,CACT,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAC5D,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACpC,GAAI,GAAI,GAAI,GAAI,GAAI,IAGT,SAASC,GAAcpsD,EAAMqsD,EAAMC,EAAYC,EAAOtL,EAAOuL,EAAaC,EAAMxiB,GAC3F,MAAM1lC,EAAO0lC,EAAK1lC,KAGlB,IASImoD,EACA5mB,EACA6mB,EACAvD,EAIA73D,EAhBAwE,EAAM,EACN62D,EAAM,EACN/oB,EAAM,EAAGlyC,EAAM,EACfk7D,EAAO,EACPp2C,EAAO,EACPq2C,EAAO,EACP/yC,EAAO,EACPgzC,EAAO,EACPC,EAAO,EAKP5O,EAAO,KACP6O,EAAa,EAGjB,MAAMxjC,EAAQ,IAAIq9B,GAAY4E,GAAU,GAClCwB,EAAO,IAAIpG,GAAY4E,GAAU,GACvC,IAGIyB,EAAWC,EAASC,EAHpBzP,EAAQ,KACR0P,EAAc,EAoClB,IAAKv3D,EAAM,EAAGA,GAAO21D,GAAS31D,IAC1B0zB,EAAM1zB,GAAO,EAEjB,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACvBnjC,EAAM4iC,EAAKC,EAAaM,MAK5B,IADAC,EAAOtoD,EACF5S,EAAM+5D,GAAS/5D,GAAO,GACJ,IAAf83B,EAAM93B,GADgBA,KAQ9B,GAHIk7D,EAAOl7D,IACPk7D,EAAOl7D,GAEC,IAARA,EAaA,OATAsvD,EAAMuL,KAAiB,SAMvBvL,EAAMuL,KAAiB,SAEvBviB,EAAK1lC,KAAO,EACL,EAEX,IAAKs/B,EAAM,EAAGA,EAAMlyC,GACG,IAAf83B,EAAMoa,GADWA,KAWzB,IANIgpB,EAAOhpB,IACPgpB,EAAOhpB,GAIX9pB,EAAO,EACFhkB,EAAM,EAAGA,GAAO21D,GAAS31D,IAG1B,GAFAgkB,IAAS,EACTA,GAAQ0P,EAAM1zB,GACVgkB,EAAO,EACP,OAAQ,EAGhB,GAAIA,EAAO,IAAM/Z,IAAS6rD,IAAiB,IAARl6D,GAC/B,OAAQ,EAKZ,IADAu7D,EAAK,GAAK,EACLn3D,EAAM,EAAGA,EAAM21D,GAAS31D,IACzBm3D,EAAKn3D,EAAM,GAAKm3D,EAAKn3D,GAAO0zB,EAAM1zB,GAItC,IAAK62D,EAAM,EAAGA,EAAML,EAAOK,IACQ,IAA3BP,EAAKC,EAAaM,KAClBH,EAAKS,EAAKb,EAAKC,EAAaM,OAAWA,GAsC3C5sD,IAAS6rD,IACTzN,EAAOR,EAAQ6O,EACfl7D,EAAM,IAECyO,IAAS8rD,IAChB1N,EAAO4N,GACPiB,GAAc,IACdrP,EAAQqO,GACRqB,GAAe,IACf/7D,EAAM,MAGN6sD,EAAO8N,GACPtO,EAAQuO,GACR56D,GAAO,GAIXy7D,EAAO,EACPJ,EAAM,EACN72D,EAAM8tC,EACNulB,EAAOoD,EACP/1C,EAAOo2C,EACPC,EAAO,EACPH,GAAO,EACPI,EAAO,GAAKF,EACZ,MAAMj1B,EAAOm1B,EAAO,EAGpB,GAAI/sD,IAAS8rD,IAAQiB,EAAOpB,IAC5B3rD,IAAS+rD,IAASgB,EAAOnB,GACrB,OAAO,EAIX,OAAS,CAELuB,EAAYp3D,EAAM+2D,EACdL,EAAKG,GAAOr7D,GACZ67D,EAAU,EACVC,EAAWZ,EAAKG,IACTH,EAAKG,GAAOr7D,GACnB67D,EAAUxP,EAAM0P,EAAcb,EAAKG,IACnCS,EAAWjP,EAAK6O,EAAaR,EAAKG,MAElCQ,EAAU,GACVC,EAAW,GAIfX,EAAO,GAAK32D,EAAM+2D,EAClBhnB,EAAO,GAAKrvB,EACZotB,EAAMiC,EACN,GACIA,GAAQ4mB,EACRzL,EAAMmI,GAAQ4D,GAAQF,GAAQhnB,GAAQqnB,GAAa,GAAKC,GAAW,GAAKC,EAAU,QACpE,IAATvnB,GAIT,IADA4mB,EAAO,GAAK32D,EAAM,EACXi3D,EAAON,GACVA,IAAS,EAWb,GATa,IAATA,GACAM,GAAQN,EAAO,EACfM,GAAQN,GAERM,EAAO,EAIXJ,IACqB,KAAfnjC,EAAM1zB,GAAY,CACpB,GAAIA,IAAQpE,EACR,MAEJoE,EAAMs2D,EAAKC,EAAaG,EAAKG,IAIjC,GAAI72D,EAAM82D,IAASG,EAAOp1B,KAAU+0B,EAAK,CAYrC,IAVa,IAATG,IACAA,EAAOD,GAIXzD,GAAQvlB,EAGRptB,EAAO1gB,EAAM+2D,EACb/yC,EAAO,GAAKtD,EACLA,EAAOq2C,EAAOn7D,IACjBooB,GAAQ0P,EAAMhT,EAAOq2C,KACjB/yC,GAAQ,KAGZtD,IACAsD,IAAS,EAKb,GADAgzC,GAAQ,GAAKt2C,EACTzW,IAAS8rD,IAAQiB,EAAOpB,IAChC3rD,IAAS+rD,IAASgB,EAAOnB,GACjB,OAAO,EAIXe,EAAMK,EAAOp1B,EAIbqpB,EAAM0L,GAAOE,GAAQ,GAAKp2C,GAAQ,GAAK2yC,EAAOoD,EAAa,GAiBnE,OAVa,IAATQ,IAIA/L,EAAMmI,EAAO4D,GAAQj3D,EAAM+2D,GAAQ,GAAK,IAAM,GAAI,GAKtD7iB,EAAK1lC,KAAOsoD,EACL,CACX,CC/TA,MAAMhB,GAAQ,EACRC,GAAO,EACPC,GAAQ,EAsBLwB,GAAO,EACPC,GAAQ,EACRC,GAAO,EACPC,GAAK,EACLC,GAAQ,EACRC,GAAQ,EACR/jC,GAAO,EACPgkC,GAAU,EACVC,GAAO,EACPC,GAAS,GACTC,GAAO,GACH/D,GAAO,GACPgE,GAAS,GACTC,GAAS,GACTC,GAAQ,GACRC,GAAO,GACPC,GAAQ,GACRC,GAAU,GACVC,GAAW,GACPC,GAAO,GACPC,GAAM,GACNC,GAAS,GACTC,GAAO,GACPC,GAAU,GACVC,GAAQ,GACRC,GAAM,GACdC,GAAQ,GACRC,GAAS,GACTC,GAAO,GACPjF,GAAM,GAQT2B,GAAc,IACdC,GAAe,IAQrB,SAASsD,GAAQ56D,GACf,OAAWA,IAAM,GAAM,MACbA,IAAM,EAAK,SACP,MAAJA,IAAe,KACX,IAAJA,IAAa,GACzB,CAGA,MAAM66D,GACJrpE,cACEE,KAAK8tB,KAAO,EACZ9tB,KAAKoe,MAAO,EACZpe,KAAK0qD,KAAO,EACZ1qD,KAAKopE,UAAW,EAChBppE,KAAKqpE,MAAQ,EACbrpE,KAAKykE,KAAO,EACZzkE,KAAKspE,MAAQ,EACbtpE,KAAKupE,MAAQ,EAEbvpE,KAAK4+D,KAAO,KAGZ5+D,KAAKwpE,MAAQ,EACbxpE,KAAK0kE,MAAQ,EACb1kE,KAAK2kE,MAAQ,EACb3kE,KAAK4kE,MAAQ,EACb5kE,KAAKw5D,OAAS,KAGdx5D,KAAKqkE,KAAO,EACZrkE,KAAKue,KAAO,EAGZve,KAAKoB,OAAS,EACdpB,KAAKmQ,OAAS,EAGdnQ,KAAK43D,MAAQ,EAGb53D,KAAK+kE,QAAU,KACf/kE,KAAKilE,SAAW,KAChBjlE,KAAKmlE,QAAU,EACfnlE,KAAKqlE,SAAW,EAGhBrlE,KAAKypE,MAAQ,EACbzpE,KAAK0pE,KAAO,EACZ1pE,KAAK2pE,MAAQ,EACb3pE,KAAK4pE,KAAO,EACZ5pE,KAAKojE,KAAO,KAEZpjE,KAAKqmE,KAAO,IAAIvF,GAAY,KAC5B9gE,KAAKymE,KAAO,IAAI3F,GAAY,KAO5B9gE,KAAK6pE,OAAS,KACd7pE,KAAK8pE,QAAU,KACf9pE,KAAKylE,KAAO,EACZzlE,KAAK+pE,KAAO,EACZ/pE,KAAKgqE,IAAM,GA+Bf,SAASC,GAAahQ,GACpB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACbA,EAAMu1B,MAAQ,EACdv1B,EAAMw1B,MAAQ,EACdx1B,EAAMy1B,MAAQ,EAlChB,SAA0B3K,GACxB,IAAI9qB,EAEJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MACb8qB,EAAKkD,SAAWlD,EAAKwC,UAAYttB,EAAMo6B,MAAQ,EAC/CtP,EAAK50B,IAAM,GACP8J,EAAMub,OACRuP,EAAKc,MAAqB,EAAb5rB,EAAMub,MAErBvb,EAAMrhB,KAAOy5C,GACbp4B,EAAM/wB,KAAO,EACb+wB,EAAMi6B,SAAW,EACjBj6B,EAAMs1B,KAAO,MACbt1B,EAAMyvB,KAAO,KACbzvB,EAAMk1B,KAAO,EACbl1B,EAAM5wB,KAAO,EAEb4wB,EAAM41B,QAAU51B,EAAM06B,OAAS,IAAIK,GAAYvE,IAC/Cx2B,EAAM81B,SAAW91B,EAAM26B,QAAU,IAAII,GAAYtE,IAEjDz2B,EAAMs2B,KAAO,EACbt2B,EAAM46B,MAAQ,EAEP5X,IArB4BG,EAsBrC,CAUS6X,CAAiBlQ,IALW3H,EAOrC,CAoCA,SAAS8X,GAAanQ,EAAMwI,GAC1B,IAAI10C,EACAohB,EAEJ,OAAK8qB,GAGL9qB,EAAQ,IAAIg6B,GAIZlP,EAAK9qB,MAAQA,EACbA,EAAMqqB,OAAS,KACfzrC,EA/CF,SAAuBksC,EAAMwI,GAC3B,IAAI/X,EACAvb,EAGJ,OAAK8qB,GAASA,EAAK9qB,OACnBA,EAAQ8qB,EAAK9qB,MAGTszB,EAAa,GACf/X,EAAO,EACP+X,GAAcA,IAGd/X,EAA2B,GAAnB+X,GAAc,GAClBA,EAAa,KACfA,GAAc,KAKdA,IAAeA,EAAa,GAAKA,EAAa,IACzCnQ,IAEY,OAAjBnjB,EAAMqqB,QAAmBrqB,EAAMq6B,QAAU/G,IAC3CtzB,EAAMqqB,OAAS,MAIjBrqB,EAAMub,KAAOA,EACbvb,EAAMq6B,MAAQ/G,EACPwH,GAAahQ,KA1Be3H,EA2BrC,CAeQ+X,CAAcpQ,EAAMwI,GACtB10C,IAAQokC,KACV8H,EAAK9qB,MAAQ,MAERphB,GAbaukC,EActB,CAiBA,IAEIgY,GAAQC,GAFRC,IAAS,EAIb,SAASC,GAAYt7B,GAEnB,GAAIq7B,GAAQ,CACV,IAAI5D,EAOJ,IALA0D,GAAS,IAAIJ,GAAY,KACzBK,GAAU,IAAIL,GAAY,IAG1BtD,EAAM,EACCA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EACxC,KAAOA,EAAM,KAAOz3B,EAAMk3B,KAAKO,KAAS,EAMxC,IAJAR,GAAcN,GAAO32B,EAAMk3B,KAAM,EAAG,IAAKiE,GAAU,EAAGn7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EqoD,EAAM,EACCA,EAAM,IAAMz3B,EAAMk3B,KAAKO,KAAS,EAEvCR,GAAcL,GAAO52B,EAAMk3B,KAAM,EAAG,GAAMkE,GAAS,EAAGp7B,EAAMs3B,KAAM,CAAEloD,KAAM,IAG1EisD,IAAS,EAGXr7B,EAAM41B,QAAUuF,GAChBn7B,EAAMg2B,QAAU,EAChBh2B,EAAM81B,SAAWsF,GACjBp7B,EAAMk2B,SAAW,CACnB,CAiBA,SAASqF,GAAazQ,EAAMzjC,EAAKjrB,EAAKo/D,GACpC,IAAI/U,EACJ,MAAMzmB,EAAQ8qB,EAAK9qB,MAqCnB,OAlCqB,OAAjBA,EAAMqqB,SACRrqB,EAAMu1B,MAAQ,GAAKv1B,EAAMq6B,MACzBr6B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQ,EAEdx1B,EAAMqqB,OAAS,IAAIyI,GAAW9yB,EAAMu1B,QAIlCiG,GAAQx7B,EAAMu1B,OAChBnL,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAM4jC,EAAMu1B,MAAOv1B,EAAMu1B,MAAO,GAClEv1B,EAAMy1B,MAAQ,EACdz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpB9O,EAAOzmB,EAAMu1B,MAAQv1B,EAAMy1B,MACvBhP,EAAO+U,IACT/U,EAAO+U,GAGTpR,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAM/U,EAAMzmB,EAAMy1B,QAC1D+F,GAAQ/U,IAGN2D,GAAepqB,EAAMqqB,OAAQhjC,EAAKjrB,EAAMo/D,EAAMA,EAAM,GACpDx7B,EAAMy1B,MAAQ+F,EACdx7B,EAAMw1B,MAAQx1B,EAAMu1B,QAGpBv1B,EAAMy1B,OAAShP,EACXzmB,EAAMy1B,QAAUz1B,EAAMu1B,QAASv1B,EAAMy1B,MAAQ,GAC7Cz1B,EAAMw1B,MAAQx1B,EAAMu1B,QAASv1B,EAAMw1B,OAAS/O,KAG7C,CACT,CAEA,SAASgV,GAAQ3Q,EAAMiF,GACrB,IAAI/vB,EACA7uC,EAAOuJ,EACPu5D,EACAyH,EACAjB,EAAM71C,EACNswC,EACA9lD,EACA4lD,EAAKC,EACLuG,EACA5oD,EACAyiD,EAEA2C,EAAWC,EAASC,EAEpByD,EAAWC,EAASC,EACpBj7D,EACAge,EAEAk2B,EAEA73C,EATAk4D,EAAO,EAMP2G,EAAO,IAAIhJ,GAAW,GAK1B,MAAMiJ,EACJ,CAAE,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAGlE,IAAKjR,IAASA,EAAK9qB,QAAU8qB,EAAKpwD,SAC5BowD,EAAK35D,OAA2B,IAAlB25D,EAAKgD,SACvB,OAAO3K,GAGTnjB,EAAQ8qB,EAAK9qB,MACTA,EAAMrhB,OAASm2C,KAAQ90B,EAAMrhB,KAAOm6C,IAIxC4C,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACbspE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGb4lD,EAAMyF,EACNxF,EAAOrwC,EACPhG,EAAMokC,GAENgZ,EACA,OACE,OAAQh8B,EAAMrhB,MACZ,KAAKy5C,GACH,GAAmB,IAAfp4B,EAAMub,KAAY,CACpBvb,EAAMrhB,KAAOm6C,GACb,MAGF,KAAO1pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAkB,EAAb4wB,EAAMub,MAAsB,QAAT2Z,EAAiB,CACvCl1B,EAAMm6B,MAAQ,EAEd2B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,GAI1C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO05C,GACb,MAMF,GAJAr4B,EAAMk6B,MAAQ,EACVl6B,EAAMyvB,OACRzvB,EAAMyvB,KAAKt9D,MAAO,KAED,EAAb6tC,EAAMub,UACA,IAAP2Z,IAA2B,IAAMA,GAAQ,IAAM,GAAI,CACtDpK,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,IAAY,GAAPK,KAA4BpR,GAAY,CAC3CgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAOF,GAJAK,KAAU,EACV9lD,GAAQ,EAERxO,EAAiC,GAAnB,GAAPs0D,GACa,IAAhBl1B,EAAMq6B,MACRr6B,EAAMq6B,MAAQz5D,OAEX,GAAIA,EAAMo/B,EAAMq6B,MAAO,CAC1BvP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMs1B,KAAO,GAAK10D,EAElBkqD,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAc,IAAPu2C,EAAe0D,GAAS9D,GAErCI,EAAO,EACP9lD,EAAO,EAEP,MACF,KAAKipD,GAEH,KAAOjpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV,GADA4wB,EAAMk6B,MAAQhF,GACK,IAAdl1B,EAAMk6B,SAAkBpW,GAAY,CACvCgH,EAAK50B,IAAM,6BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,GAAkB,MAAd70B,EAAMk6B,MAAgB,CACxBpP,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAEE70B,EAAMyvB,OACRzvB,EAAMyvB,KAAK3oD,KAASouD,GAAQ,EAAK,GAEjB,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO25C,GAEf,KAAKA,GAEH,KAAOlpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK9jD,KAAOupD,GAEF,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzB4G,EAAK,GAAM5G,IAAS,GAAM,IAC1B4G,EAAK,GAAM5G,IAAS,GAAM,IAC1Bl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO45C,GAEf,KAAKA,GAEH,KAAOnpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGN4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAKwM,OAAiB,IAAP/G,EACrBl1B,EAAMyvB,KAAK4C,GAAM6C,GAAQ,GAET,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAO65C,GAEf,KAAKA,GACH,GAAkB,KAAdx4B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAM/tC,OAASijE,EACXl1B,EAAMyvB,OACRzvB,EAAMyvB,KAAKyM,UAAYhH,GAEP,IAAdl1B,EAAMk6B,QAER4B,EAAK,GAAY,IAAP5G,EACV4G,EAAK,GAAM5G,IAAS,EAAK,IACzBl1B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAO2B,EAAM,EAAG,IAI5C5G,EAAO,EACP9lD,EAAO,OAGA4wB,EAAMyvB,OACbzvB,EAAMyvB,KAAKhH,MAAQ,MAErBzoB,EAAMrhB,KAAO85C,GAEf,KAAKA,GACH,GAAkB,KAAdz4B,EAAMk6B,QACRsB,EAAOx7B,EAAM/tC,OACTupE,EAAOf,IAAQe,EAAOf,GACtBe,IACEx7B,EAAMyvB,OACR7uD,EAAMo/B,EAAMyvB,KAAKyM,UAAYl8B,EAAM/tC,OAC9B+tC,EAAMyvB,KAAKhH,QAEdzoB,EAAMyvB,KAAKhH,MAAY/3D,MAAMsvC,EAAMyvB,KAAKyM,YAE1C9R,GACEpqB,EAAMyvB,KAAKhH,MACXt3D,EACA8iE,EAGAuH,EAEA56D,IAMc,IAAdo/B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACRx7B,EAAM/tC,QAAUupE,GAEdx7B,EAAM/tC,QAAU,MAAM+pE,EAE5Bh8B,EAAM/tC,OAAS,EACf+tC,EAAMrhB,KAAO+V,GAEf,KAAKA,GACH,GAAkB,KAAdsL,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GAEE56D,EAAMzP,EAAM8iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAM/tC,OAAS,QAClB+tC,EAAMyvB,KAAK1zD,MAAQoP,OAAOsC,aAAa7M,UAElCA,GAAO46D,EAAOf,GAOvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK1zD,KAAO,MAEpBikC,EAAM/tC,OAAS,EACf+tC,EAAMrhB,KAAO+5C,GAEf,KAAKA,GACH,GAAkB,KAAd14B,EAAMk6B,MAAgB,CACxB,GAAa,IAATO,EAAc,MAAMuB,EACxBR,EAAO,EACP,GACE56D,EAAMzP,EAAM8iE,EAAOuH,KAEfx7B,EAAMyvB,MAAQ7uD,GACbo/B,EAAM/tC,OAAS,QAClB+tC,EAAMyvB,KAAK2C,SAAWjnD,OAAOsC,aAAa7M,UAErCA,GAAO46D,EAAOf,GAMvB,GALkB,IAAdz6B,EAAMk6B,QACRl6B,EAAMm6B,MAAQnO,GAAMhsB,EAAMm6B,MAAOhpE,EAAOqqE,EAAMvH,IAEhDwG,GAAQe,EACRvH,GAAQuH,EACJ56D,EAAO,MAAMo7D,OAEVh8B,EAAMyvB,OACbzvB,EAAMyvB,KAAK2C,QAAU,MAEvBpyB,EAAMrhB,KAAOg6C,GAEf,KAAKA,GACH,GAAkB,IAAd34B,EAAMk6B,MAAgB,CAExB,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,MAAdl1B,EAAMm6B,OAAiB,CACnCrP,EAAK50B,IAAM,sBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAGL4wB,EAAMyvB,OACRzvB,EAAMyvB,KAAK0C,KAASnyB,EAAMk6B,OAAS,EAAK,EACxCl6B,EAAMyvB,KAAKt9D,MAAO,GAEpB24D,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GACb,MACF,KAAK8D,GAEH,KAAOxpD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV07C,EAAKc,MAAQ5rB,EAAMm6B,MAAQJ,GAAQ7E,GAEnCA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOk6C,GAEf,KAAKA,GACH,GAAuB,IAAnB74B,EAAMi6B,SASR,OAPAnP,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEN8zC,GAET4H,EAAKc,MAAQ5rB,EAAMm6B,MAAQ,EAC3Bn6B,EAAMrhB,KAAOm2C,GAEf,KAAKA,GACH,GAAI/E,IAAUjN,IAAWiN,IAAUhN,GAAW,MAAMiZ,EAEtD,KAAKlD,GACH,GAAI94B,EAAM/wB,KAAM,CAEdimD,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAER4wB,EAAMrhB,KAAOi7C,GACb,MAGF,KAAOxqD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EASV,OANA4wB,EAAM/wB,KAAe,EAAPimD,EAEdA,KAAU,EACV9lD,GAAQ,EAGQ,EAAP8lD,GACP,KAAK,EAGHl1B,EAAMrhB,KAAOo6C,GACb,MACF,KAAK,EAKH,GAJAuC,GAAYt7B,GAGZA,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAS,CAErBmS,KAAU,EACV9lD,GAAQ,EAER,MAAM4sD,EAER,MACF,KAAK,EAGHh8B,EAAMrhB,KAAOu6C,GACb,MACF,KAAK,EACHpO,EAAK50B,IAAM,qBACX8J,EAAMrhB,KAAOk2C,GAGjBK,KAAU,EACV9lD,GAAQ,EAER,MACF,KAAK2pD,GAMH,IAJA7D,KAAiB,EAAP9lD,EACVA,GAAe,EAAPA,EAGDA,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,IAAY,MAAP8lD,KAAqBA,IAAS,GAAM,OAAS,CAChDpK,EAAK50B,IAAM,+BACX8J,EAAMrhB,KAAOk2C,GACb,MAUF,GARA70B,EAAM/tC,OAAgB,MAAPijE,EAIfA,EAAO,EACP9lD,EAAO,EAEP4wB,EAAMrhB,KAAOq6C,GACTjJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAKhD,GACHh5B,EAAMrhB,KAAOs6C,GAEf,KAAKA,GAEH,GADAuC,EAAOx7B,EAAM/tC,OACTupE,EAAM,CAGR,GAFIA,EAAOf,IAAQe,EAAOf,GACtBe,EAAO52C,IAAQ42C,EAAO52C,GACb,IAAT42C,EAAc,MAAMQ,EAExB5R,GAAe1vD,EAAQvJ,EAAO8iE,EAAMuH,EAAME,GAE1CjB,GAAQe,EACRvH,GAAQuH,EACR52C,GAAQ42C,EACRE,GAAOF,EACPx7B,EAAM/tC,QAAUupE,EAChB,MAGFx7B,EAAMrhB,KAAOm2C,GACb,MACF,KAAKoE,GAEH,KAAO9pD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAmBV,GAhBA4wB,EAAMu6B,KAAkC,KAAnB,GAAPrF,GAEdA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMw6B,MAAmC,GAAnB,GAAPtF,GAEfA,KAAU,EACV9lD,GAAQ,EAER4wB,EAAMs6B,MAAmC,GAAnB,GAAPpF,GAEfA,KAAU,EACV9lD,GAAQ,EAGJ4wB,EAAMu6B,KAAO,KAAOv6B,EAAMw6B,MAAQ,GAAI,CACxC1P,EAAK50B,IAAM,sCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOw6C,GAEf,KAAKA,GACH,KAAOn5B,EAAMy6B,KAAOz6B,EAAMs6B,OAAO,CAE/B,KAAOlrD,EAAO,GAAG,CACf,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAmB,EAAPvF,EAEnCA,KAAU,EACV9lD,GAAQ,EAGV,KAAO4wB,EAAMy6B,KAAO,IAClBz6B,EAAMk3B,KAAK6E,EAAM/7B,EAAMy6B,SAAW,EAapC,GAPAz6B,EAAM41B,QAAU51B,EAAM06B,OACtB16B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcP,GAAO12B,EAAMk3B,KAAM,EAAG,GAAIl3B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAC5E9U,EAAMg2B,QAAUlhB,EAAK1lC,KAEjBwP,EAAK,CACPksC,EAAK50B,IAAM,2BACX8J,EAAMrhB,KAAOk2C,GACb,MAGF70B,EAAMy6B,KAAO,EACbz6B,EAAMrhB,KAAOy6C,GAEf,KAAKA,GACH,KAAOp5B,EAAMy6B,KAAOz6B,EAAMu6B,KAAOv6B,EAAMw6B,OAAO,CAC5C,KACErF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8oD,EAAW,GAEbhD,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAMk3B,KAAKl3B,EAAMy6B,QAAUvC,MAExB,CACH,GAAiB,KAAbA,EAAiB,CAGnB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAOV,GAHA8lD,KAAU8C,EACV5oD,GAAQ4oD,EAEW,IAAfh4B,EAAMy6B,KAAY,CACpB3P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEFj0D,EAAMo/B,EAAMk3B,KAAKl3B,EAAMy6B,KAAO,GAC9Be,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,OAGL,GAAiB,KAAb8oD,EAAiB,CAGxB,IADAj7D,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,GAAY,EAAPtG,GAEZA,KAAU,EACV9lD,GAAQ,MAGL,CAGH,IADAnS,EAAI+6D,EAAY,EACT5oD,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAU8C,EACV5oD,GAAQ4oD,EAERp3D,EAAM,EACN46D,EAAO,IAAa,IAAPtG,GAEbA,KAAU,EACV9lD,GAAQ,EAGV,GAAI4wB,EAAMy6B,KAAOe,EAAOx7B,EAAMu6B,KAAOv6B,EAAMw6B,MAAO,CAChD1P,EAAK50B,IAAM,4BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF,KAAO2G,KACLx7B,EAAMk3B,KAAKl3B,EAAMy6B,QAAU75D,GAMjC,GAAIo/B,EAAMrhB,OAASk2C,GAAO,MAG1B,GAAwB,IAApB70B,EAAMk3B,KAAK,KAAY,CACzBpM,EAAK50B,IAAM,uCACX8J,EAAMrhB,KAAOk2C,GACb,MAeF,GATA70B,EAAMg2B,QAAU,EAEhBlhB,EAAO,CAAE1lC,KAAM4wB,EAAMg2B,SACrBp3C,EAAMq4C,GAAcN,GAAM32B,EAAMk3B,KAAM,EAAGl3B,EAAMu6B,KAAMv6B,EAAM41B,QAAS,EAAG51B,EAAMs3B,KAAMxiB,GAGnF9U,EAAMg2B,QAAUlhB,EAAK1lC,KAGjBwP,EAAK,CACPksC,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAcF,GAXA70B,EAAMk2B,SAAW,EAGjBl2B,EAAM81B,SAAW91B,EAAM26B,QACvB7lB,EAAO,CAAE1lC,KAAM4wB,EAAMk2B,UACrBt3C,EAAMq4C,GAAcL,GAAO52B,EAAMk3B,KAAMl3B,EAAMu6B,KAAMv6B,EAAMw6B,MAAOx6B,EAAM81B,SAAU,EAAG91B,EAAMs3B,KAAMxiB,GAG/F9U,EAAMk2B,SAAWphB,EAAK1lC,KAGlBwP,EAAK,CACPksC,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAIF,GADA70B,EAAMrhB,KAAO06C,GACTtJ,IAAUhN,GAAW,MAAMiZ,EAEjC,KAAK3C,GACHr5B,EAAMrhB,KAAO26C,GAEf,KAAKA,GACH,GAAImB,GAAQ,GAAK71C,GAAQ,IAAK,CAE5BkmC,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,EAEb2lD,GAAajK,EAAMmK,GAEnByG,EAAM5Q,EAAKuC,SACX3yD,EAASowD,EAAKpwD,OACdkqB,EAAOkmC,EAAKqC,UACZ8G,EAAOnJ,EAAKiD,QACZ58D,EAAQ25D,EAAK35D,MACbspE,EAAO3P,EAAKgD,SACZoH,EAAOl1B,EAAMk1B,KACb9lD,EAAO4wB,EAAM5wB,KAGT4wB,EAAMrhB,OAASm2C,KACjB90B,EAAM46B,MAAQ,GAEhB,MAGF,IADA56B,EAAM46B,KAAO,EAEXzF,EAAOn1B,EAAM41B,QAAQV,GAAS,GAAKl1B,EAAMg2B,SAAW,GACpDgC,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP6C,GAAa5oD,IANV,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI6oD,GAAgC,IAAV,IAAVA,GAAuB,CAIrC,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM41B,QAAQiG,IACX3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAQhB,GALAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACdh4B,EAAM/tC,OAASimE,EACC,IAAZD,EAAe,CAIjBj4B,EAAMrhB,KAAOg7C,GACb,MAEF,GAAc,GAAV1B,EAAc,CAEhBj4B,EAAM46B,MAAQ,EACd56B,EAAMrhB,KAAOm2C,GACb,MAEF,GAAc,GAAVmD,EAAc,CAChBnN,EAAK50B,IAAM,8BACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMyoB,MAAkB,GAAVwP,EACdj4B,EAAMrhB,KAAO46C,GAEf,KAAKA,GACH,GAAIv5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAM/tC,QAAUijE,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtBzoB,EAAM66B,IAAM76B,EAAM/tC,OAClB+tC,EAAMrhB,KAAO66C,GAEf,KAAKA,GACH,KACErE,EAAOn1B,EAAM81B,SAASZ,GAAS,GAAKl1B,EAAMk2B,UAAY,GACtD8B,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAEP,GAAe/lD,IANZ,CAQP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAyB,IAAV,IAAV6oD,GAAuB,CAI1B,IAHA0D,EAAY3D,EACZ4D,EAAU3D,EACV4D,EAAW3D,EAET/C,EAAOn1B,EAAM81B,SAAS+F,IACZ3G,GAAS,GAAMyG,EAAYC,GAAY,IAAoCD,IACrF3D,EAAY7C,IAAS,GACrB8C,EAAW9C,IAAS,GAAM,IAC1B+C,EAAkB,MAAP/C,IAENwG,EAAY3D,GAAc5oD,IAPxB,CASP,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAIV8lD,KAAUyG,EACVvsD,GAAQusD,EAER37B,EAAM46B,MAAQe,EAOhB,GAJAzG,KAAU8C,EACV5oD,GAAQ4oD,EAERh4B,EAAM46B,MAAQ5C,EACA,GAAVC,EAAc,CAChBnN,EAAK50B,IAAM,wBACX8J,EAAMrhB,KAAOk2C,GACb,MAEF70B,EAAMh/B,OAASk3D,EACfl4B,EAAMyoB,MAAoB,GAAZ,EACdzoB,EAAMrhB,KAAO86C,GAEf,KAAKA,GACH,GAAIz5B,EAAMyoB,MAAO,CAGf,IADAxrD,EAAI+iC,EAAMyoB,MACHr5C,EAAOnS,GAAG,CACf,GAAa,IAATw9D,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV4wB,EAAMh/B,QAAUk0D,GAAS,GAAKl1B,EAAMyoB,OAAS,EAE7CyM,KAAUl1B,EAAMyoB,MAChBr5C,GAAQ4wB,EAAMyoB,MAEdzoB,EAAM46B,MAAQ56B,EAAMyoB,MAGtB,GAAIzoB,EAAMh/B,OAASg/B,EAAMs1B,KAAM,CAC7BxK,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAIF70B,EAAMrhB,KAAO+6C,GAEf,KAAKA,GACH,GAAa,IAAT90C,EAAc,MAAMo3C,EAExB,GADAR,EAAOvG,EAAOrwC,EACVob,EAAMh/B,OAASw6D,EAAM,CAEvB,GADAA,EAAOx7B,EAAMh/B,OAASw6D,EAClBA,EAAOx7B,EAAMw1B,OACXx1B,EAAMs2B,KAAM,CACdxL,EAAK50B,IAAM,gCACX8J,EAAMrhB,KAAOk2C,GACb,MAkBA2G,EAAOx7B,EAAMy1B,OACf+F,GAAQx7B,EAAMy1B,MACd7iD,EAAOotB,EAAMu1B,MAAQiG,GAGrB5oD,EAAOotB,EAAMy1B,MAAQ+F,EAEnBA,EAAOx7B,EAAM/tC,SAAUupE,EAAOx7B,EAAM/tC,QACxCojE,EAAcr1B,EAAMqqB,YAGpBgL,EAAc36D,EACdkY,EAAO8oD,EAAM17B,EAAMh/B,OACnBw6D,EAAOx7B,EAAM/tC,OAEXupE,EAAO52C,IAAQ42C,EAAO52C,GAC1BA,GAAQ42C,EACRx7B,EAAM/tC,QAAUupE,EAChB,GACE9gE,EAAOghE,KAASrG,EAAYziD,aACnB4oD,GACU,IAAjBx7B,EAAM/tC,SAAgB+tC,EAAMrhB,KAAO26C,IACvC,MACF,KAAKK,GACH,GAAa,IAAT/0C,EAAc,MAAMo3C,EACxBthE,EAAOghE,KAAS17B,EAAM/tC,OACtB2yB,IACAob,EAAMrhB,KAAO26C,GACb,MACF,KAAKM,GACH,GAAI55B,EAAMub,KAAM,CAEd,KAAOnsC,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IAEAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAcV,GAXA6lD,GAAQrwC,EACRkmC,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXA,IACFnK,EAAKc,MAAQ5rB,EAAMm6B,MAEdn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMyG,EAAMzG,IAG7GA,EAAOrwC,GAEFob,EAAMk6B,MAAQhF,EAAO6E,GAAQ7E,MAAWl1B,EAAMm6B,MAAO,CACxDrP,EAAK50B,IAAM,uBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOk7C,GAEf,KAAKA,GACH,GAAI75B,EAAMub,MAAQvb,EAAMk6B,MAAO,CAE7B,KAAO9qD,EAAO,IAAI,CAChB,GAAa,IAATqrD,EAAc,MAAMuB,EACxBvB,IACAvF,GAAQ/jE,EAAM8iE,MAAW7kD,EACzBA,GAAQ,EAGV,GAAI8lD,KAAwB,WAAdl1B,EAAMo6B,OAAqB,CACvCtP,EAAK50B,IAAM,yBACX8J,EAAMrhB,KAAOk2C,GACb,MAGFK,EAAO,EACP9lD,EAAO,EAIT4wB,EAAMrhB,KAAOm7C,GAEf,KAAKA,GACHl7C,EAAMqkC,GACN,MAAM+Y,EACR,KAAKnH,GACHj2C,EAAMwkC,GACN,MAAM4Y,EAKR,QACE,OAAO7Y,GA4Cb,OA9BA2H,EAAKuC,SAAWqO,EAChB5Q,EAAKqC,UAAYvoC,EACjBkmC,EAAKiD,QAAUkG,EACfnJ,EAAKgD,SAAW2M,EAChBz6B,EAAMk1B,KAAOA,EACbl1B,EAAM5wB,KAAOA,GAGT4wB,EAAMu1B,OAAUN,IAASnK,EAAKqC,WAAantB,EAAMrhB,KAAOk2C,KACvC70B,EAAMrhB,KAAOi7C,IAAS7J,IAAUlN,MAC/C0Y,GAAazQ,EAAMA,EAAKpwD,OAAQowD,EAAKuC,SAAU4H,EAAOnK,EAAKqC,WAKjE6H,GAAOlK,EAAKgD,SACZmH,GAAQnK,EAAKqC,UACbrC,EAAKkD,UAAYgH,EACjBlK,EAAKwC,WAAa2H,EAClBj1B,EAAMo6B,OAASnF,EACXj1B,EAAMub,MAAQ0Z,IAChBnK,EAAKc,MAAQ5rB,EAAMm6B,MAChBn6B,EAAMk6B,MAAQlO,GAAMhsB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,GAAQtJ,GAAQ3rB,EAAMm6B,MAAOz/D,EAAQu6D,EAAMnK,EAAKuC,SAAW4H,IAE/HnK,EAAKC,UAAY/qB,EAAM5wB,MAAQ4wB,EAAM/wB,KAAO,GAAK,IAC9B+wB,EAAMrhB,OAASm2C,GAAO,IAAM,IAC5B90B,EAAMrhB,OAAS06C,IAAQr5B,EAAMrhB,OAASq6C,GAAQ,IAAM,IACzD,IAARhE,GAAsB,IAATC,GAAelF,IAAUlN,KAAajkC,IAAQokC,KAC/DpkC,EAAMykC,IAEDzkC,CACT,CA8BA,SAASu9C,GAAqBrR,EAAM+I,GAClC,MAAMM,EAAaN,EAAW5hE,OAE9B,IAAI+tC,EACAo8B,EAIJ,OAAKtR,GAAyBA,EAAK9qB,OACnCA,EAAQ8qB,EAAK9qB,MAEM,IAAfA,EAAMub,MAAcvb,EAAMrhB,OAASk6C,GAC9B1V,GAILnjB,EAAMrhB,OAASk6C,KACjBuD,EAAS,EAETA,EAASzQ,GAAQyQ,EAAQvI,EAAYM,EAAY,GAC7CiI,IAAWp8B,EAAMm6B,OACZ/W,IAKLmY,GAAazQ,EAAM+I,EAAYM,EAAYA,GAKjDn0B,EAAMi6B,SAAW,EAEVjX,KAzB4DG,EA0BrE,CC59Ce,MAAMkZ,GACnB1rE,cAEEE,KAAKiW,KAAa,EAElBjW,KAAK8a,KAAa,EAElB9a,KAAKorE,OAAa,EAElBprE,KAAKwhE,GAAa,EAElBxhE,KAAK43D,MAAa,KAElB53D,KAAKqrE,UAAa,EAWlBrrE,KAAKkL,KAAa,GAIlBlL,KAAKuhE,QAAa,GAIlBvhE,KAAKshE,KAAa,EAElBthE,KAAKsB,MAAa,GCkCtB,MAAMmqE,GACJ3rE,YAAY+E,GACV7E,KAAK6E,QAAU,CACb29D,UAAW,MACXC,WAAY,KACR59D,GAAW,IAGjB,MAAM89D,EAAM3iE,KAAK6E,QAIb89D,EAAIC,KAAQD,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KACxDE,EAAIF,YAAcE,EAAIF,WACC,IAAnBE,EAAIF,aAAoBE,EAAIF,YAAc,OAI3CE,EAAIF,YAAc,GAAOE,EAAIF,WAAa,KAC3C59D,GAAWA,EAAQ49D,aACrBE,EAAIF,YAAc,IAKfE,EAAIF,WAAa,IAAQE,EAAIF,WAAa,IAGf,IAAR,GAAjBE,EAAIF,cACPE,EAAIF,YAAc,IAItBziE,KAAKohD,IAAS,EACdphD,KAAKqlC,IAAS,GACdrlC,KAAK8iE,OAAS,EACd9iE,KAAKuxD,OAAS,GAEdvxD,KAAKi6D,KAAS,IAAIqI,GAClBtiE,KAAKi6D,KAAKqC,UAAY,EAEtB,IAAIiE,EAASmL,GACX1rE,KAAKi6D,KACL0I,EAAIF,YAGN,GAAIlC,IAAWoL,GACb,MAAUzoE,MAAMmiC,GAAIk7B,IAQtB,GALAvgE,KAAKqkB,OAAS,IAAImnD,GFszCtB,SAA0BvR,EAAM2E,GAC9B,IAAIzvB,EAGC8qB,GAASA,EAAK9qB,QACnBA,EAAQ8qB,EAAK9qB,MACY,IAAP,EAAbA,EAAMub,QAGXvb,EAAMyvB,KAAOA,EACbA,EAAKt9D,MAAO,GAEd,CEh0CIsqE,CAA8B5rE,KAAKi6D,KAAMj6D,KAAKqkB,QAG1Cs+C,EAAIK,aAEwB,iBAAnBL,EAAIK,WACbL,EAAIK,WAAaE,GAAmBP,EAAIK,YAC/BL,EAAIK,sBAAsB79C,cACnCw9C,EAAIK,WAAa,IAAIngE,WAAW8/D,EAAIK,aAElCL,EAAIC,MACNrC,EAASsL,GAAkC7rE,KAAKi6D,KAAM0I,EAAIK,YACtDzC,IAAWoL,KACb,MAAUzoE,MAAMmiC,GAAIk7B,IAiC5B1+D,KAAKiI,EAAMgkB,GACT,MAAMmsC,KAAEA,EAAMp1D,SAAS29D,UAAEA,EAASQ,WAAEA,IAAiBhjE,KACrD,IAAIugE,EAAQkD,EAKRqI,GAAgB,EAEpB,GAAI9rE,KAAK8iE,MAAS,OAAO,EACzBW,EAAS31C,MAAWA,EAAQA,GAAkB,IAATA,EAAiBi+C,GAAaC,GAG/C,iBAATliE,EAETmwD,EAAK35D,MPpFJ,SAAwBgc,GAC3B,MAAM4E,EAAM,IAAI+gD,GAAW3lD,EAAIlb,QAC/B,IAAK,IAAI6B,EAAI,EAAG8M,EAAMmR,EAAI9f,OAAQ6B,EAAI8M,EAAK9M,IACvCie,EAAIje,GAAKqZ,EAAIE,WAAWvZ,GAE5B,OAAOie,CACX,CO8EmB+qD,CAAsBniE,GAC1BA,aAAgBqb,YACzB80C,EAAK35D,MAAQ,IAAIuC,WAAWiH,GAE5BmwD,EAAK35D,MAAQwJ,EAGfmwD,EAAKiD,QAAU,EACfjD,EAAKgD,SAAWhD,EAAK35D,MAAMc,OAE3B,EAAG,CAkBD,GAjBuB,IAAnB64D,EAAKqC,YACPrC,EAAKpwD,OAAS,IAAIo4D,GAAWO,GAC7BvI,EAAKuC,SAAW,EAChBvC,EAAKqC,UAAYkG,GAGnBjC,EAAS2L,GAAqBjS,EAAM+R,IAEhCzL,IAAW4L,IAAiBnJ,IAC9BzC,EAASsL,GAAkC7rE,KAAKi6D,KAAM+I,IAGpDzC,IAAW6L,KAAmC,IAAlBN,IAC9BvL,EAASoL,GACTG,GAAgB,GAGdvL,IAAW8L,IAAkB9L,IAAWoL,GAG1C,OAFA3rE,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,GACN,EAGL7I,EAAKuC,WACgB,IAAnBvC,EAAKqC,WAAmBiE,IAAW8L,KAAqC,IAAlBpS,EAAKgD,UAAmBwG,IAAUsI,IAActI,IAAU6I,KAClHtsE,KAAK4jE,OAAOC,GAAgB5J,EAAKpwD,OAAQowD,EAAKuC,YAW5B,IAAlBvC,EAAKgD,UAAqC,IAAnBhD,EAAKqC,YAC9BwP,GAAgB,UAGV7R,EAAKgD,SAAW,GAAwB,IAAnBhD,EAAKqC,YAAoBiE,IAAW8L,IAOnE,OALI9L,IAAW8L,KACb5I,EAAQsI,IAINtI,IAAUsI,IACZxL,EF8qCN,SAAoBtG,GAElB,IAAKA,IAASA,EAAK9qB,MACjB,OAAOmjB,GAGT,MAAMnjB,EAAQ8qB,EAAK9qB,MAKnB,OAJIA,EAAMqqB,SACRrqB,EAAMqqB,OAAS,MAEjBS,EAAK9qB,MAAQ,KACNgjB,EACT,CE1rCeoa,CAAwBvsE,KAAKi6D,MACtCj6D,KAAK2jE,MAAMpD,GACXvgE,KAAK8iE,OAAQ,EACNvC,IAAWoL,IAIhBlI,IAAU6I,KACZtsE,KAAK2jE,MAAMgI,IACX1R,EAAKqC,UAAY,GACV,GAeXsH,OAAO7hE,GACL/B,KAAKuxD,OAAO1vD,KAAKE,GAenB4hE,MAAMpD,GAEAA,IAAWoL,KACb3rE,KAAKyB,OAASsiE,GAAoB/jE,KAAKuxD,SAEzCvxD,KAAKuxD,OAAS,GACdvxD,KAAKohD,IAAMmf,EACXvgE,KAAKqlC,IAAMrlC,KAAKi6D,KAAK50B,KCxRzB,IAAImnC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAAS1rE,GACvBf,KAAKe,OAASA,EACdf,KAAK0sE,UAAY,EACjB1sE,KAAK2sE,QAAU,EACf3sE,KAAK4sE,SAAU,CACjB,EAEAH,GAAUzrE,UAAU6rE,YAAc,WAC3B7sE,KAAK4sE,UACR5sE,KAAK2sE,QAAU3sE,KAAKe,OAAO4F,WAC3B3G,KAAK4sE,SAAU,EAEnB,EAGAH,GAAUzrE,UAAUE,KAAO,SAASqd,GAElC,IADA,IAAI9c,EAAS,EACN8c,EAAO,GAAG,CACfve,KAAK6sE,cACL,IAAIC,EAAY,EAAI9sE,KAAK0sE,UAEzB,GAAInuD,GAAQuuD,EACVrrE,IAAWqrE,EACXrrE,GAAU+qE,GAAQM,GAAa9sE,KAAK2sE,QACpC3sE,KAAK4sE,SAAU,EACf5sE,KAAK0sE,UAAY,EACjBnuD,GAAQuuD,MACH,CACLrrE,IAAW8c,EACX,IAAIrY,EAAQ4mE,EAAYvuD,EACxB9c,IAAWzB,KAAK2sE,QAAWH,GAAQjuD,IAASrY,IAAWA,EACvDlG,KAAK0sE,WAAanuD,EAClBA,EAAO,GAGX,OAAO9c,CACT,EAGAgrE,GAAUzrE,UAAU+rE,KAAO,SAAS5pE,GAClC,IAAI6pE,EAAQ7pE,EAAM,EACd8pE,GAAU9pE,EAAM6pE,GAAS,EAC7BhtE,KAAK0sE,UAAYM,EACjBhtE,KAAKe,OAAOgsE,KAAKE,GACjBjtE,KAAK4sE,SAAU,CACjB,EAGAH,GAAUzrE,UAAUksE,GAAK,WACvB,IAA6BjqE,EAAzBie,EAAM,IAAIre,WAAW,GACzB,IAAKI,EAAI,EAAGA,EAAIie,EAAI9f,OAAQ6B,IAC1Bie,EAAIje,GAAKjD,KAAKkB,KAAK,GAErB,OAGF,SAAkBggB,GAChB,OAAOrhB,MAAMmB,UAAUkH,IAAIpH,KAAKogB,GAAKpU,IAAM,KAAOA,EAAEP,SAAS,KAAK7K,OAAO,KAAIF,KAAK,GACpF,CALS2rE,CAASjsD,EAClB,EAMA,OAAiBurD,GC3FbW,GAAS,WACb,EAIAA,GAAOpsE,UAAU2F,SAAW,WAC1B,MAAUzD,MAAM,6CAClB,EAGAkqE,GAAOpsE,UAAUE,KAAO,SAAS+C,EAAQopE,EAAWjsE,GAElD,IADA,IAAIqK,EAAY,EACTA,EAAYrK,GAAQ,CACzB,IAAIgb,EAAIpc,KAAK2G,WACb,GAAIyV,EAAI,EACN,OAAoB,IAAZ3Q,GAAkB,EAAIA,EAEhCxH,EAAOopE,KAAejxD,EACtB3Q,IAEF,OAAOA,CACT,EACA2hE,GAAOpsE,UAAU+rE,KAAO,SAASO,GAC/B,MAAUpqE,MAAM,yCAClB,EAGAkqE,GAAOpsE,UAAUusE,UAAY,SAASC,GACpC,MAAUtqE,MAAM,6CAClB,EACAkqE,GAAOpsE,UAAUc,MAAQ,SAASmC,EAAQopE,EAAWjsE,GACnD,IAAI6B,EACJ,IAAKA,EAAE,EAAGA,EAAE7B,EAAQ6B,IAClBjD,KAAKutE,UAAUtpE,EAAOopE,MAExB,OAAOjsE,CACT,EACAgsE,GAAOpsE,UAAUk+D,MAAQ,WACzB,EAEA,ICNMuO,MDMWL,OCNXK,GAAc,IAAIzoD,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKV5kB,KAAK0tE,OAAS,WACZ,OAAS9oD,IAAS,GAOpB5kB,KAAK2tE,UAAY,SAAStsE,GACxBujB,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMvjB,KAQjDrB,KAAK4tE,aAAe,SAASvsE,EAAOoiC,GAClC,KAAOA,KAAU,GACf7e,EAAOA,GAAO,EAAK6oD,GAAqC,KAAvB7oD,IAAQ,GAAMvjB,OCnDnDwsE,GAAM,SAASvvD,EAAOmB,GACxB,IAAwBxc,EAApBuzB,EAAMlY,EAAMmB,GAChB,IAAKxc,EAAIwc,EAAOxc,EAAI,EAAGA,IACrBqb,EAAMrb,GAAKqb,EAAMrb,EAAE,GAGrB,OADAqb,EAAM,GAAKkY,EACJA,CACT,EAEIs3C,GAAM,CACRC,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,GACpBA,GAAcV,GAAIE,YAAyB,oBAC3CQ,GAAcV,GAAIG,eAAyB,gBAC3CO,GAAcV,GAAII,sBAAyB,uBAC3CM,GAAcV,GAAIK,uBAAyB,wBAC3CK,GAAcV,GAAIM,YAAyB,aAC3CI,GAAcV,GAAIO,eAAyB,gBAC3CG,GAAcV,GAAIQ,gBAAkB,kDAEpC,IAAIG,GAAS,SAASlO,EAAQmO,GAC5B,IAAIrpC,EAAMmpC,GAAcjO,IAAW,gBAC/BmO,IAAarpC,GAAO,KAAKqpC,GAC7B,IAAIrqE,EAAI,IAAIwtB,UAAUwT,GAEtB,MADAhhC,EAAE+3D,UAAYmE,EACRl8D,CACR,EAEIsqE,GAAS,SAASC,EAAaC,GACjC7uE,KAAK8uE,SAAW9uE,KAAK+uE,aAAe/uE,KAAKgvE,WAAa,EAEtDhvE,KAAKivE,cAAcL,EAAaC,EAClC,EACAF,GAAO3tE,UAAUkuE,YAAc,WAE7B,OADiBlvE,KAAKmvE,mBAKtBnvE,KAAKovE,SAAW,IAAIC,IACb,IAJLrvE,KAAKgvE,YAAc,GACZ,EAIX,EAEAL,GAAO3tE,UAAUiuE,cAAgB,SAASL,EAAaC,GAErD,IAAI3tD,EAAM,IAAIre,WAAW,GACW,IAAhC+rE,EAAY1tE,KAAKggB,EAAK,EAAG,IACuB,QAAhD5G,OAAOsC,aAAasE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1CutD,GAAOX,GAAIG,cAAe,aAE5B,IAAIjU,EAAQ94C,EAAI,GAAK,IACjB84C,EAAQ,GAAKA,EAAQ,IACvByU,GAAOX,GAAIG,cAAe,sBAE5BjuE,KAAKuF,OAAS,IAAIknE,GAAUmC,GAI5B5uE,KAAKsvE,SAAW,IAAStV,EACzBh6D,KAAKuvE,WAAa,EAClBvvE,KAAK6uE,aAAeA,EACpB7uE,KAAKwvE,UAAY,CACnB,EACAb,GAAO3tE,UAAUmuE,gBAAkB,WACjC,IAAIlsE,EAAG0Z,EAAGV,EACN1W,EAASvF,KAAKuF,OAId4W,EAAI5W,EAAO2nE,KACf,GAjFW,iBAiFP/wD,EACF,OAAO,EAnFG,iBAqFRA,GACFsyD,GAAOX,GAAIG,eACbjuE,KAAKyvE,eAAiBlqE,EAAOrE,KAAK,MAAQ,EAC1ClB,KAAKwvE,WAAaxvE,KAAKyvE,gBACHzvE,KAAKwvE,WAAa,EAAMxvE,KAAKwvE,YAAY,OAAU,EAInEjqE,EAAOrE,KAAK,IACdutE,GAAOX,GAAIQ,gBACb,IAAIoB,EAAcnqE,EAAOrE,KAAK,IAC1BwuE,EAAc1vE,KAAKsvE,UACrBb,GAAOX,GAAIM,WAAY,kCAMzB,IAAInwD,EAAI1Y,EAAOrE,KAAK,IAChByuE,EAAY,IAAI9sE,WAAW,KAAM+sE,EAAW,EAChD,IAAK3sE,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAIgb,EAAK,GAAM,GAAMhb,EAAK,CACxB,IAAI20C,EAAQ,GAAJ30C,EAER,IADAgZ,EAAI1W,EAAOrE,KAAK,IACXyb,EAAI,EAAGA,EAAI,GAAIA,IACdV,EAAK,GAAM,GAAMU,IACnBgzD,EAAUC,KAAch4B,EAAIj7B,GAKpC,IAAIkzD,EAAatqE,EAAOrE,KAAK,IACzB2uE,EAzHW,GAyHgBA,EAxHhB,IAyHbpB,GAAOX,GAAIM,YAKb,IAAI0B,EAAavqE,EAAOrE,KAAK,IACV,IAAf4uE,GACFrB,GAAOX,GAAIM,YAEb,IAAI2B,EAAY,IAAIltE,WAAW,KAC/B,IAAKI,EAAI,EAAGA,EAAI4sE,EAAY5sE,IAC1B8sE,EAAU9sE,GAAKA,EAEjB,IAAI+sE,EAAY,IAAIntE,WAAWitE,GAE/B,IAAK7sE,EAAI,EAAGA,EAAI6sE,EAAY7sE,IAAK,CAE/B,IAAK0Z,EAAI,EAAGpX,EAAOrE,KAAK,GAAIyb,IACtBA,GAAKkzD,GAAYpB,GAAOX,GAAIM,YAElC4B,EAAU/sE,GAAK4qE,GAAIkC,EAAWpzD,GAKhC,IACiBszD,EADbC,EAAWN,EAAW,EACtBO,EAAS,GACb,IAAKxzD,EAAI,EAAGA,EAAIkzD,EAAYlzD,IAAK,CAC/B,IAqBIyzD,EAASC,EArBTjvE,EAAS,IAAIyB,WAAWqtE,GAAWt8C,EAAO,IAAIk9B,YAAYwf,IAK9D,IADAryD,EAAI1Y,EAAOrE,KAAK,GACX+B,EAAI,EAAGA,EAAIitE,EAAUjtE,IAAK,CAC7B,MACMgb,EAAI,GAAKA,EAjKE,KAiKoBwwD,GAAOX,GAAIM,YAG1C7oE,EAAOrE,KAAK,IAEZqE,EAAOrE,KAAK,GAGd+c,IAFAA,IAIJ7c,EAAO6B,GAAKgb,EAMd,IADAmyD,EAASC,EAASjvE,EAAO,GACpB6B,EAAI,EAAGA,EAAIitE,EAAUjtE,IACpB7B,EAAO6B,GAAKotE,EACdA,EAASjvE,EAAO6B,GACT7B,EAAO6B,GAAKmtE,IACnBA,EAAShvE,EAAO6B,IAapBgtE,EAAW,GACXE,EAAOtuE,KAAKouE,GACZA,EAASM,QAAU,IAAIzf,YAnMT,KAoMdmf,EAASrS,MAAQ,IAAI54C,YAAYsrD,IACjCL,EAAS7X,KAAO,IAAIpzC,YAAYsrD,IAChCL,EAASG,OAASA,EAClBH,EAASI,OAASA,EAElB,IAAIG,EAAK,EACT,IAAKvtE,EAAImtE,EAAQntE,GAAKotE,EAAQptE,IAE5B,IADA2wB,EAAK3wB,GAAKgtE,EAASrS,MAAM36D,GAAK,EACzBgb,EAAI,EAAGA,EAAIiyD,EAAUjyD,IACpB7c,EAAO6c,KAAOhb,IAChBgtE,EAASM,QAAQC,KAAQvyD,GAG/B,IAAKhb,EAAI,EAAGA,EAAIitE,EAAUjtE,IACxB2wB,EAAKxyB,EAAO6B,MAMd,IADAutE,EAAKvyD,EAAI,EACJhb,EAAImtE,EAAQntE,EAAIotE,EAAQptE,IAC3ButE,GAAM58C,EAAK3wB,GAOXgtE,EAASrS,MAAM36D,GAAKutE,EAAK,EACzBA,IAAO,EACPvyD,GAAK2V,EAAK3wB,GACVgtE,EAAS7X,KAAKn1D,EAAI,GAAKutE,EAAKvyD,EAE9BgyD,EAASrS,MAAMyS,EAAS,GAAK/gE,OAAOmhE,UACpCR,EAASrS,MAAMyS,GAAUG,EAAK58C,EAAKy8C,GAAU,EAC7CJ,EAAS7X,KAAKgY,GAAU,EAO1B,IAAIM,EAAY,IAAI1rD,YAAY,KAChC,IAAK/hB,EAAI,EAAGA,EAAI,IAAKA,IACnB8sE,EAAU9sE,GAAKA,EAEjB,IAA6C0tE,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAO/wE,KAAK+wE,KAAO,IAAI/rD,YAAYhlB,KAAKsvE,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWc,GACPF,GAAYhB,GAAcrB,GAAOX,GAAIM,YACzC6B,EAAWE,EAAOH,EAAUc,OAG9B7tE,EAAIgtE,EAASG,OACbzzD,EAAIpX,EAAOrE,KAAK+B,GAEVA,EAAIgtE,EAASI,QAAU5B,GAAOX,GAAIM,cAClCzxD,GAAKszD,EAASrS,MAAM36D,IAFnBA,IAIL0Z,EAAKA,GAAK,EAAKpX,EAAOrE,KAAK,KAG7Byb,GAAKszD,EAAS7X,KAAKn1D,IACX,GAAK0Z,GAvQC,MAuQmB8xD,GAAOX,GAAIM,YAC5C,IAAI6C,EAAUhB,EAASM,QAAQ5zD,GAK/B,GA5Qc,IA4QVs0D,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAY5yD,EAAIje,KAAKsvE,UAAYb,GAAOX,GAAIM,YAEhDsC,EADAC,EAAKhB,EAAUI,EAAU,MACR9xD,EACVA,KACL8yD,EAAKF,KAAeF,EAGxB,GAAIM,EAAUrB,EACZ,MAQEiB,GAAa7wE,KAAKsvE,UAAYb,GAAOX,GAAIM,YAK7CsC,EAFAC,EAAKhB,EADLgB,EAAK9C,GAAIkC,EADT9sE,EAAIguE,EAAU,OAKdF,EAAKF,KAAeF,OA9CbC,IACHA,EAAS,EACT3yD,EAAI,GAUJA,GA1RU,IAyRRgzD,EACGL,EAEA,EAAIA,EACXA,IAAW,EA0Cf,KAHIlB,EAAc,GAAKA,GAAemB,IAAapC,GAAOX,GAAIM,YAE9DzxD,EAAI,EACC1Z,EAAI,EAAGA,EAAI,IAAKA,IACnBgZ,EAAIU,EAAI+zD,EAAUztE,GAClBytE,EAAUztE,GAAK0Z,EACfA,EAAIV,EAGN,IAAKhZ,EAAI,EAAGA,EAAI4tE,EAAW5tE,IAEzB8tE,EAAKL,EADLC,EAAe,IAAVI,EAAK9tE,MACcA,GAAK,EAC7BytE,EAAUC,KAKZ,IAAIxtE,EAAM,EAAG+tE,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjB/tE,EAAM4tE,EAAKrB,IAEXvsE,IAAQ,EACRguE,GAAO,GAETnxE,KAAK8uE,SAAW3rE,EAChBnD,KAAK+uE,aAAemC,EACpBlxE,KAAKgvE,WAAa6B,EAClB7wE,KAAKoxE,SAAWD,GAET,CACT,EAOAxC,GAAO3tE,UAAUqwE,aAAe,SAASC,EAAcvhE,GACnD,IAAIwhE,EAAQC,EAAUC,EAKxB,GAAIzxE,KAAKgvE,WAAa,EAAK,OAAO,EAGlC,IAAI+B,EAAO/wE,KAAK+wE,KAAM5tE,EAAMnD,KAAK8uE,SAAUoC,EAAUlxE,KAAK+uE,aACtD8B,EAAY7wE,KAAKgvE,WAAyBhvE,KAAK0xE,WAGnD,IAFA,IAAIP,EAAMnxE,KAAKoxE,SAERP,GAAW,CAehB,IAdAA,IACAW,EAAWN,EAEXA,EAAgB,KADhB/tE,EAAM4tE,EAAK5tE,IAEXA,IAAQ,EACM,GAAVguE,KACFI,EAASL,EACTO,EAAUD,EACVN,GAAW,IAEXK,EAAS,EACTE,EAAUP,GAEZlxE,KAAKovE,SAASxB,aAAa6D,EAASF,GAC7BA,KACLvxE,KAAK6uE,aAAatB,UAAUkE,GAC5BzxE,KAAKuvE,aAEH2B,GAAWM,IACbL,EAAM,GASV,OAPAnxE,KAAKgvE,WAAa6B,EAEd7wE,KAAKovE,SAAS1B,WAAa1tE,KAAKyvE,gBAClChB,GAAOX,GAAIM,WAAY,sBACRpuE,KAAKovE,SAAS1B,SAASnhE,SAAS,IACxC,aAAavM,KAAKyvE,eAAeljE,SAAS,IAAI,KAEhDvM,KAAKuvE,UACd,EAEA,IAAIoC,GAAoB,SAASrxE,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIsuE,EAAc,IAAIxB,GAKtB,OAJAwB,EAAYzrE,IAAM,EAClByrE,EAAYjoE,SAAW,WAAa,OAAOrG,EAAMN,KAAKmD,QACtDyrE,EAAY7B,KAAO,SAAS5pE,GAAOnD,KAAKmD,IAAMA,GAC9CyrE,EAAYgD,IAAM,WAAa,OAAO5xE,KAAKmD,KAAO7C,EAAMc,QACjDwtE,CACT,EACIiD,GAAqB,SAAShoE,GAChC,IAAIglE,EAAe,IAAIzB,GACnB0E,GAAW,EACf,GAAIjoE,EACF,GAAqB,mBACnBglE,EAAa5qE,OAAS,IAAIpB,WAAWgH,GACrCioE,GAAW,MACN,IAAI,cAAejoE,EACxB,OAAOA,EAEPglE,EAAa5qE,OAAS4F,EACtBioE,GAAW,OAGbjD,EAAa5qE,OAAS,IAAIpB,WAAW,OAuBvC,OArBAgsE,EAAa1rE,IAAM,EACnB0rE,EAAatB,UAAY,SAASC,GAChC,GAAIsE,GAAY9xE,KAAKmD,KAAOnD,KAAKiE,OAAO7C,OAAQ,CAC9C,IAAI2wE,EAAY,IAAIlvE,WAA8B,EAAnB7C,KAAKiE,OAAO7C,QAC3C2wE,EAAUzuE,IAAItD,KAAKiE,QACnBjE,KAAKiE,OAAS8tE,EAEhB/xE,KAAKiE,OAAOjE,KAAKmD,OAASqqE,GAE5BqB,EAAamD,UAAY,WAEvB,GAAIhyE,KAAKmD,MAAQnD,KAAKiE,OAAO7C,OAAQ,CACnC,IAAK0wE,EACH,MAAM,IAAIjgD,UAAU,2CACtB,IAAIkgD,EAAY,IAAIlvE,WAAW7C,KAAKmD,KACpC4uE,EAAUzuE,IAAItD,KAAKiE,OAAOgI,SAAS,EAAGjM,KAAKmD,MAC3CnD,KAAKiE,OAAS8tE,EAEhB,OAAO/xE,KAAKiE,QAEd4qE,EAAaoD,UAAW,EACjBpD,CACT,EAqGA,OAhGe,SAASvuE,EAAOuJ,EAAQqoE,GAMrC,IAJA,IAAItD,EAAc+C,GAAkBrxE,GAChCuuE,EAAegD,GAAmBhoE,GAElCsoE,EAAK,IAAIxD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAYgD,OACxC,GAAIO,EAAGjD,cACLiD,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAG5sE,OAAOrE,KAAK,MAAQ,EAM7C,GALIkxE,IAAoBD,EAAG3C,WACzBf,GAAOX,GAAIM,WAAY,uBACR+D,EAAG3C,UAAUjjE,SAAS,IAC9B,aAAa6lE,EAAgB7lE,SAAS,IAAI,MAE/C2lE,KACA,QAAStD,IACRA,EAAYgD,MAGV,MADLO,EAAGlD,cAAcL,EAAaC,GAIpC,GAAI,cAAeA,EACjB,OAAOA,EAAamD,WACxB,EC/eA,MAAMK,GACOhyD,iBACT,OAAOU,EAAMlM,OAAOU,YAMtBzV,YAAYwyE,EAAO,IAAI13D,MACrB5a,KAAKsiD,OAASvhC,EAAMhL,QAAQG,KAC5BlW,KAAKsyE,KAAOl4D,EAAKc,cAAco3D,GAC/BtyE,KAAKiW,KAAO,KACZjW,KAAK8J,KAAO,KACZ9J,KAAKuyE,SAAW,GASlBC,QAAQv8D,EAAMqsC,EAASvhC,EAAMhL,QAAQG,MACnClW,KAAKsiD,OAASA,EACdtiD,KAAKiW,KAAOA,EACZjW,KAAK8J,KAAO,KASd2oE,QAAQ9wE,GAAQ,GAId,OAHkB,OAAd3B,KAAKiW,MAAiBmE,EAAK5X,SAASxC,KAAKiW,SAC3CjW,KAAKiW,KAAOmE,EAAK+C,WAAW/C,EAAKwF,UAAU5f,KAAK0yE,SAAS/wE,MAEpD3B,KAAKiW,KAQd08D,SAASzrE,EAAOo7C,GACdtiD,KAAKsiD,OAASA,EACdtiD,KAAK8J,KAAO5C,EACZlH,KAAKiW,KAAO,KASdy8D,SAAS/wE,GAAQ,GAKf,OAJkB,OAAd3B,KAAK8J,OAEP9J,KAAK8J,KAAOsQ,EAAKmF,gBAAgBnF,EAAK0C,WAAW9c,KAAKiW,QAEpDtU,EACKilB,EAAoB5mB,KAAK8J,MAE3B9J,KAAK8J,KAQd8oE,YAAYL,GACVvyE,KAAKuyE,SAAWA,EAQlBM,cACE,OAAO7yE,KAAKuyE,SAUdpxE,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UAExB,MAAMmhD,QAAe/8C,EAAOoB,WAEtBosE,QAAqBxtE,EAAOoB,WAClC3G,KAAKuyE,SAAWn4D,EAAK+C,iBAAiB5X,EAAOuB,UAAUisE,IAEvD/yE,KAAKsyE,KAAOl4D,EAAKO,eAAepV,EAAOuB,UAAU,IAEjD,IAAIgD,EAAOvE,EAAOmF,YACdqc,EAAqBjd,KAAOA,QAAa6c,EAAiB7c,IAC9D9J,KAAK2yE,SAAS7oE,EAAMw4C,EAAO,IAS/B0D,cACE,MAAMusB,EAAWn4D,EAAK0C,WAAW9c,KAAKuyE,UAChCS,EAAkB,IAAInwE,WAAW,CAAC0vE,EAASnxE,SAE3CkhD,EAAS,IAAIz/C,WAAW,CAAC7C,KAAKsiD,SAC9BgwB,EAAOl4D,EAAKS,UAAU7a,KAAKsyE,MAEjC,OAAOl4D,EAAKtX,iBAAiB,CAACw/C,EAAQ0wB,EAAiBT,EAAUD,IAQnExwE,QACE,MAAMuiB,EAASrkB,KAAKgmD,cACdl8C,EAAO9J,KAAK0yE,WAElB,OAAOt4D,EAAK5T,OAAO,CAAC6d,EAAQva,KCxIhC,MAAMmpE,GAAWzzE,OAAO,YAKlB0zE,GAA4B,IAAI9vD,IAAI,CACxCrC,EAAM9J,mBAAmBW,OACzBmJ,EAAM9J,mBAAmByB,kBACzBqI,EAAM9J,mBAAmBwB,oBAW3B,MAAM06D,GACO9yD,iBACT,OAAOU,EAAMlM,OAAOE,UAGtBjV,cACEE,KAAK4hD,QAAU,KAEf5hD,KAAKozE,cAAgB,KAErBpzE,KAAKqzE,cAAgB,KAErBrzE,KAAKszE,mBAAqB,KAE1BtzE,KAAKuzE,cAAgB,KACrBvzE,KAAKwzE,mBAAqB,GAC1BxzE,KAAKyzE,gBAAkB,KAEvBzzE,KAAK0zE,QAAU,KACf1zE,KAAKmX,wBAA0B,KAC/BnX,KAAK2zE,uBAAwB,EAC7B3zE,KAAK4zE,WAAa,KAClB5zE,KAAK6zE,WAAa,KAClB7zE,KAAK8zE,YAAc,KACnB9zE,KAAKsX,kBAAoB,KACzBtX,KAAKuX,UAAY,KACjBvX,KAAKwX,kBAAoB,KACzBxX,KAAK+zE,gBAAkB,KACvB/zE,KAAK0X,6BAA+B,KACpC1X,KAAKg0E,mBAAqB,KAC1Bh0E,KAAKi0E,uBAAyB,KAC9Bj0E,KAAKk0E,yBAA2B,KAChCl0E,KAAKm0E,YAAc,IAAI/sD,GACvBpnB,KAAKo0E,aAAe,GACpBp0E,KAAKq0E,UAAY,GACjBr0E,KAAK8X,wBAA0B,KAC/B9X,KAAK+X,+BAAiC,KACtC/X,KAAKgY,qBAAuB,KAC5BhY,KAAKiY,mBAAqB,KAC1BjY,KAAKs0E,gBAAkB,KACvBt0E,KAAKmY,UAAY,KACjBnY,KAAKoY,SAAW,KAChBpY,KAAKqY,cAAgB,KACrBrY,KAAKu0E,wBAA0B,KAC/Bv0E,KAAKw0E,0BAA4B,KACjCx0E,KAAKuY,SAAW,KAChBvY,KAAKy0E,kCAAoC,KACzCz0E,KAAK00E,6BAA+B,KACpC10E,KAAK20E,oBAAsB,KAC3B30E,KAAKyY,kBAAoB,KACzBzY,KAAK40E,iBAAmB,KACxB50E,KAAK0Y,kBAAoB,KACzB1Y,KAAK2Y,wBAA0B,KAE/B3Y,KAAK60E,QAAU,KACf70E,KAAKizE,IAAY,KAQnB/xE,KAAKgG,GACH,IAAIjE,EAAI,EAGR,GAFAjD,KAAK4hD,QAAU16C,EAAMjE,KAEA,IAAjBjD,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,mDAS7C,GANA5hD,KAAKozE,cAAgBlsE,EAAMjE,KAC3BjD,KAAKszE,mBAAqBpsE,EAAMjE,KAChCjD,KAAKqzE,cAAgBnsE,EAAMjE,KAG3BA,GAAKjD,KAAK80E,eAAe5tE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAAS,IACrDpB,KAAK0zE,QACR,MAAUxwE,MAAM,8CASlBlD,KAAKuzE,cAAgBrsE,EAAM+E,SAAS,EAAGhJ,GAGvCA,GAAKjD,KAAK80E,eAAe5tE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAAS,GAG1DpB,KAAKyzE,gBAAkBvsE,EAAM+E,SAAShJ,EAAGA,EAAI,GAC7CA,GAAK,EAELjD,KAAK+mD,OAAStoC,GAAO1J,UAAUggE,qBAAqB/0E,KAAKszE,mBAAoBpsE,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAMvG4zE,cACE,OAAIh1E,KAAK+mD,kBAAkB9mD,QAClBg1E,GACL9zE,SAAYsd,GAAOy2D,gBAAgBl1E,KAAKszE,yBAA0BtzE,KAAK+mD,UAGpEtoC,GAAOy2D,gBAAgBl1E,KAAKszE,mBAAoBtzE,KAAK+mD,QAG9DjlD,QACE,MAAM26C,EAAM,GAKZ,OAJAA,EAAI56C,KAAK7B,KAAKuzE,eACd92B,EAAI56C,KAAK7B,KAAKm1E,2BACd14B,EAAI56C,KAAK7B,KAAKyzE,iBACdh3B,EAAI56C,KAAK7B,KAAKg1E,eACP56D,EAAK5T,OAAOi2C,GAYrBt7C,WAAWyV,EAAK9M,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,GAC9B,IAAhBvmC,EAAIgrC,QACN5hD,KAAK4hD,QAAU,EAEf5hD,KAAK4hD,QAAU,EAEjB,MAAMnF,EAAM,CAAC,IAAI55C,WAAW,CAAC7C,KAAK4hD,QAAS5hD,KAAKozE,cAAepzE,KAAKszE,mBAAoBtzE,KAAKqzE,iBAE7FrzE,KAAK0zE,QAAUt5D,EAAKc,cAAco3D,GAClCtyE,KAAK40E,iBAAmBh+D,EAAIgrC,QAC5B5hD,KAAK0Y,kBAAoB9B,EAAIw+D,sBAC7Bp1E,KAAKm0E,YAAcv9D,EAAIy+D,WAGvB54B,EAAI56C,KAAK7B,KAAKs1E,yBAKdt1E,KAAKwzE,mBAAqB,GAE1BxzE,KAAKuzE,cAAgBn5D,EAAK5T,OAAOi2C,GAEjC,MAAM84B,EAASv1E,KAAKu1E,OAAOv1E,KAAKozE,cAAetpE,EAAMqzC,GAC/CnpC,QAAahU,KAAKgU,KAAKhU,KAAKozE,cAAetpE,EAAMyrE,EAAQp4B,GAE/Dn9C,KAAKyzE,gBAAkB+B,EAAaC,EAAazhE,GAAO,EAAG,GAC3D,MAAMsF,EAASnY,SAAYsd,GAAO1J,UAAU+nC,KAC1C98C,KAAKszE,mBAAoBtzE,KAAKqzE,cAAez8D,EAAIo4C,aAAcp4C,EAAIo5C,cAAeulB,QAAc5uD,EAAiB3S,IAE/GoG,EAAK5X,SAASwR,GAChBhU,KAAK+mD,OAASztC,KAEdtZ,KAAK+mD,aAAeztC,IAMpBtZ,KAAKizE,KAAY,GAQrBqC,wBACE,MAAMtoE,EAAM+T,EAAM9J,mBACZwlC,EAAM,GACZ,IAAIv1C,EACJ,GAAqB,OAAjBlH,KAAK0zE,QACP,MAAUxwE,MAAM,mCAElBu5C,EAAI56C,KAAK6zE,GAAe1oE,EAAIkK,uBAAuB,EAAMkD,EAAKS,UAAU7a,KAAK0zE,WACxC,OAAjC1zE,KAAKmX,yBACPslC,EAAI56C,KAAK6zE,GAAe1oE,EAAImK,yBAAyB,EAAMiD,EAAKM,YAAY1a,KAAKmX,wBAAyB,KAEpF,OAApBnX,KAAK4zE,YACPn3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIoK,yBAAyB,EAAM,IAAIvU,WAAW,CAAC7C,KAAK4zE,WAAa,EAAI,MAE3E,OAApB5zE,KAAK6zE,aACP3sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAK6zE,WAAY7zE,KAAK8zE,cAC9Cr3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIqK,gBAAgB,EAAMnQ,KAErB,OAA3BlH,KAAKsX,mBACPmlC,EAAI56C,KAAK6zE,GAAe1oE,EAAIsK,mBAAmB,EAAMtX,KAAKsX,oBAErC,OAAnBtX,KAAKuX,WACPklC,EAAI56C,KAAK6zE,GAAe1oE,EAAIuK,WAAW,EAAM,IAAI1U,WAAW,CAAC7C,KAAKuX,UAAY,EAAI,MAErD,OAA3BvX,KAAKwX,mBACPilC,EAAI56C,KAAK6zE,GAAe1oE,EAAIwK,mBAAmB,EAAM4C,EAAKM,YAAY1a,KAAKwX,kBAAmB,KAEtD,OAAtCxX,KAAK0X,+BACPxQ,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK0X,+BAC7D+kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI0K,8BAA8B,EAAOxQ,KAEnC,OAA5BlH,KAAKg0E,qBACP9sE,EAAQ,IAAIrE,WAAW,CAAC7C,KAAKg0E,mBAAoBh0E,KAAKi0E,yBACtD/sE,EAAQkT,EAAK5T,OAAO,CAACU,EAAOlH,KAAKk0E,2BACjCz3B,EAAI56C,KAAK6zE,GAAe1oE,EAAI2K,eAAe,EAAOzQ,KAE/ClH,KAAKm0E,YAAYzsD,UAAsC,IAA1B1nB,KAAK40E,kBAGrCn4B,EAAI56C,KAAK6zE,GAAe1oE,EAAI4K,QAAQ,EAAM5X,KAAKm0E,YAAYryE,UAE7D9B,KAAKo0E,aAAahxE,SAAQ,EAAG8H,OAAM7J,QAAOs0E,gBAAeC,eACvD1uE,EAAQ,CAAC,IAAIrE,WAAW,CAAC8yE,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAME,EAAcz7D,EAAK0C,WAAW5R,GAEpChE,EAAMrF,KAAKuY,EAAKM,YAAYm7D,EAAYz0E,OAAQ,IAEhD8F,EAAMrF,KAAKuY,EAAKM,YAAYrZ,EAAMD,OAAQ,IAC1C8F,EAAMrF,KAAKg0E,GACX3uE,EAAMrF,KAAKR,GACX6F,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAI6K,aAAc+9D,EAAU1uE,GAAO,IAExB,OAAjClH,KAAK8X,0BACP5Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK8X,0BAC7D2kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI8K,yBAAyB,EAAO5Q,KAElB,OAAxClH,KAAK+X,iCACP7Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK+X,iCAC7D0kC,EAAI56C,KAAK6zE,GAAe1oE,EAAI+K,gCAAgC,EAAO7Q,KAEnC,OAA9BlH,KAAKgY,uBACP9Q,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKgY,uBAC7DykC,EAAI56C,KAAK6zE,GAAe1oE,EAAIgL,sBAAsB,EAAO9Q,KAE3B,OAA5BlH,KAAKiY,oBACPwkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIiL,oBAAoB,EAAOmC,EAAK0C,WAAW9c,KAAKiY,sBAEjD,OAAzBjY,KAAKs0E,iBACP73B,EAAI56C,KAAK6zE,GAAe1oE,EAAIkL,eAAe,EAAO,IAAIrV,WAAW,CAAC7C,KAAKs0E,gBAAkB,EAAI,MAExE,OAAnBt0E,KAAKmY,WACPskC,EAAI56C,KAAK6zE,GAAe1oE,EAAImL,WAAW,EAAOiC,EAAK0C,WAAW9c,KAAKmY,aAE/C,OAAlBnY,KAAKoY,WACPlR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKoY,WAC7DqkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIoL,UAAU,EAAMlR,KAEnB,OAAvBlH,KAAKqY,eACPokC,EAAI56C,KAAK6zE,GAAe1oE,EAAIqL,eAAe,EAAO+B,EAAK0C,WAAW9c,KAAKqY,iBAEpC,OAAjCrY,KAAKu0E,0BACPrtE,EAAQkT,EAAKiC,mBAAmB/B,OAAOsC,aAAa5c,KAAKu0E,yBAA2Bv0E,KAAKw0E,2BACzF/3B,EAAI56C,KAAK6zE,GAAe1oE,EAAIsL,qBAAqB,EAAMpR,KAEnC,OAAlBlH,KAAKuY,WACPrR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAKuY,WAC7DkkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIuL,UAAU,EAAOrR,KAEA,OAA3ClH,KAAKy0E,oCACPvtE,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAKy0E,kCAAmCz0E,KAAK00E,gCACtExtE,EAAMrF,KAAKuY,EAAKiC,mBAAmBrc,KAAK20E,sBACxCztE,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAIwL,iBAAiB,EAAMtR,KAEtB,OAA3BlH,KAAKyY,mBACPgkC,EAAI56C,KAAK6zE,GAAe1oE,EAAIyL,mBAAmB,EAAMzY,KAAKyY,kBAAkB3W,UAE/C,OAA3B9B,KAAK0Y,oBACPxR,EAAQ,CAAC,IAAIrE,WAAW,CAAC7C,KAAK40E,mBAAoB50E,KAAK0Y,mBACvDxR,EAAQkT,EAAK5T,OAAOU,GACpBu1C,EAAI56C,KAAK6zE,GAAe1oE,EAAI0L,kBAAoC,IAAjB1Y,KAAK4hD,QAAe16C,KAEhC,OAAjClH,KAAK2Y,0BACPzR,EAAQkT,EAAKiC,mBAAmBjC,EAAKqC,mBAAmBzc,KAAK2Y,0BAC7D8jC,EAAI56C,KAAK6zE,GAAe1oE,EAAI2L,yBAAyB,EAAOzR,KAG9D,MAAMzF,EAAS2Y,EAAK5T,OAAOi2C,GACrBr7C,EAASgZ,EAAKM,YAAYjZ,EAAOL,OAAQ,GAE/C,OAAOgZ,EAAK5T,OAAO,CAACpF,EAAQK,IAO9B0zE,0BACE,MAAM14B,EAAM,GACZz8C,KAAKwzE,mBAAmBpwE,SAAQ0G,IAC9B2yC,EAAI56C,KAAK8jD,GAAkB77C,EAAK1I,SAChCq7C,EAAI56C,KAAKiI,EAAK,IAGhB,MAAMrI,EAAS2Y,EAAK5T,OAAOi2C,GACrBr7C,EAASgZ,EAAKM,YAAYjZ,EAAOL,OAAQ,GAE/C,OAAOgZ,EAAK5T,OAAO,CAACpF,EAAQK,IAI9Bq0E,cAAc5uE,EAAO+6B,GAAS,GAC5B,IAAI8zC,EAAQ,EAGZ,MAAMH,KAA6B,IAAf1uE,EAAM6uE,IACpB/7D,EAAsB,IAAf9S,EAAM6uE,GAEnB,GAAK9zC,IACHjiC,KAAKwzE,mBAAmB3xE,KAAKqF,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACpD8xE,GAA0BltE,IAAIgU,IAQrC,OAHA+7D,IAGQ/7D,GACN,KAAK+G,EAAM9J,mBAAmBC,sBAE5BlX,KAAK0zE,QAAUt5D,EAAKO,SAASzT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACzD,MACF,KAAK2f,EAAM9J,mBAAmBE,wBAAyB,CAErD,MAAM6+D,EAAU57D,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAE5DpB,KAAK2zE,sBAAoC,IAAZqC,EAC7Bh2E,KAAKmX,wBAA0B6+D,EAE/B,MAEF,KAAKj1D,EAAM9J,mBAAmBG,wBAE5BpX,KAAK4zE,WAAgC,IAAnB1sE,EAAM6uE,KACxB,MACF,KAAKh1D,EAAM9J,mBAAmBI,eAE5BrX,KAAK6zE,WAAa3sE,EAAM6uE,KACxB/1E,KAAK8zE,YAAc5sE,EAAM6uE,KACzB,MACF,KAAKh1D,EAAM9J,mBAAmBK,kBAE5BtX,KAAKsX,kBAAoBpQ,EAAM6uE,GAC/B,MACF,KAAKh1D,EAAM9J,mBAAmBM,UAE5BvX,KAAKuX,UAA+B,IAAnBrQ,EAAM6uE,KACvB,MACF,KAAKh1D,EAAM9J,mBAAmBO,kBAAmB,CAE/C,MAAMw+D,EAAU57D,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAE5DpB,KAAKwX,kBAAoBw+D,EACzBh2E,KAAK+zE,gBAA8B,IAAZiC,EAEvB,MAEF,KAAKj1D,EAAM9J,mBAAmBS,6BAE5B1X,KAAK0X,6BAA+B,IAAIxQ,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACpE,MACF,KAAK2f,EAAM9J,mBAAmBU,cAK5B3X,KAAKg0E,mBAAqB9sE,EAAM6uE,KAChC/1E,KAAKi0E,uBAAyB/sE,EAAM6uE,KACpC/1E,KAAKk0E,yBAA2BhtE,EAAM+E,SAAS8pE,EAAOA,EAAQ,IAC9D,MAEF,KAAKh1D,EAAM9J,mBAAmBW,OAE5B5X,KAAKm0E,YAAYjzE,KAAKgG,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAClD,MAEF,KAAK2f,EAAM9J,mBAAmBY,aAAc,CAE1C,MAAM89D,KAAkC,IAAfzuE,EAAM6uE,IAG/BA,GAAS,EACT,MAAM3oE,EAAIgN,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAM3pE,EAAIgO,EAAKK,WAAWvT,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM7qE,EAAOkP,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAOA,EAAQ3oE,IACrD/L,EAAQ6F,EAAM+E,SAAS8pE,EAAQ3oE,EAAG2oE,EAAQ3oE,EAAIhB,GAEpDpM,KAAKo0E,aAAavyE,KAAK,CAAEqJ,OAAMyqE,gBAAet0E,QAAOu0E,aAEjDD,IACF31E,KAAKq0E,UAAUnpE,GAAQkP,EAAK+C,WAAW9b,IAEzC,MAEF,KAAK0f,EAAM9J,mBAAmBa,wBAE5B9X,KAAK8X,wBAA0B,IAAI5Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC/D,MACF,KAAK2f,EAAM9J,mBAAmBc,+BAE5B/X,KAAK+X,+BAAiC,IAAI7Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACtE,MACF,KAAK2f,EAAM9J,mBAAmBe,qBAE5BhY,KAAKgY,qBAAuB,IAAI9Q,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC5D,MACF,KAAK2f,EAAM9J,mBAAmBgB,mBAE5BjY,KAAKiY,mBAAqBmC,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACtE,MACF,KAAK2f,EAAM9J,mBAAmBiB,cAE5BlY,KAAKs0E,gBAAqC,IAAnBptE,EAAM6uE,KAC7B,MACF,KAAKh1D,EAAM9J,mBAAmBkB,UAE5BnY,KAAKmY,UAAYiC,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC7D,MACF,KAAK2f,EAAM9J,mBAAmBmB,SAE5BpY,KAAKoY,SAAW,IAAIlR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAChD,MACF,KAAK2f,EAAM9J,mBAAmBoB,cAE5BrY,KAAKqY,cAAgB+B,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACjE,MACF,KAAK2f,EAAM9J,mBAAmBqB,oBAE5BtY,KAAKu0E,wBAA0BrtE,EAAM6uE,KACrC/1E,KAAKw0E,0BAA4Bp6D,EAAK+C,WAAWjW,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC7E,MACF,KAAK2f,EAAM9J,mBAAmBsB,SAE5BvY,KAAKuY,SAAW,IAAIrR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAChD,MACF,KAAK2f,EAAM9J,mBAAmBuB,gBAAiB,CAG7CxY,KAAKy0E,kCAAoCvtE,EAAM6uE,KAC/C/1E,KAAK00E,6BAA+BxtE,EAAM6uE,KAE1C,MAAMhmE,EAAM0O,GAAOgxB,kBAAkBzvC,KAAK00E,8BAE1C10E,KAAK20E,oBAAsBv6D,EAAKqC,mBAAmBvV,EAAM+E,SAAS8pE,EAAOA,EAAQhmE,IACjF,MAEF,KAAKgR,EAAM9J,mBAAmBwB,kBAE5BzY,KAAKyY,kBAAoB,IAAI06D,GAC7BnzE,KAAKyY,kBAAkBvX,KAAKgG,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SACxD,MACF,KAAK2f,EAAM9J,mBAAmByB,kBAE5B1Y,KAAK40E,iBAAmB1tE,EAAM6uE,KAC9B/1E,KAAK0Y,kBAAoBxR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,QACvB,IAA1BpB,KAAK40E,iBACP50E,KAAKm0E,YAAYjzE,KAAKlB,KAAK0Y,mBAE3B1Y,KAAKm0E,YAAYjzE,KAAKlB,KAAK0Y,kBAAkBzM,UAAU,IAEzD,MACF,KAAK8U,EAAM9J,mBAAmB0B,wBAE5B3Y,KAAK2Y,wBAA0B,IAAIzR,EAAM+E,SAAS8pE,EAAO7uE,EAAM9F,SAC/D,MACF,QAAS,CACP,MAAMggD,EAAUl+C,MAAM,oCAAoC8W,GAC1D,GAAI47D,EACF,MAAMx0B,EAENhnC,EAAK0D,WAAWsjC,KAMxB0zB,eAAe5tE,EAAO+uE,GAAU,EAAMxxD,GAEpC,MAAMyxD,EAAkB97D,EAAKK,WAAWvT,EAAM+E,SAAS,EAAG,IAE1D,IAAIhJ,EAAI,EAGR,KAAOA,EAAI,EAAIizE,GAAiB,CAC9B,MAAMnmE,EAAM21C,GAAiBx+C,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SACrD6B,GAAK8M,EAAII,OAETnQ,KAAK81E,cAAc5uE,EAAM+E,SAAShJ,EAAGA,EAAI8M,EAAIA,KAAMkmE,EAASxxD,GAE5DxhB,GAAK8M,EAAIA,IAGX,OAAO9M,EAITkzE,OAAOn8D,EAAMlQ,GACX,MAAMmU,EAAI8C,EAAMhM,UAEhB,OAAQiF,GACN,KAAKiE,EAAEjI,OACL,OAAkB,OAAdlM,EAAKmM,KACAmE,EAAK0C,WAAWhT,EAAK2oE,SAAQ,IAE/B3oE,EAAK4oE,UAAS,GAEvB,KAAKz0D,EAAEhI,KAAM,CACX,MAAM/O,EAAQ4C,EAAK4oE,UAAS,GAE5B,OAAOt4D,EAAKmF,gBAAgBrY,GAE9B,KAAK+W,EAAE7H,WACL,OAAO,IAAIvT,WAAW,GAExB,KAAKob,EAAE5H,YACP,KAAK4H,EAAE3H,YACP,KAAK2H,EAAE1H,WACP,KAAK0H,EAAEzH,aACP,KAAKyH,EAAExH,eAAgB,CACrB,IAAI5B,EACAwL,EAEJ,GAAIvW,EAAK2L,OACP4K,EAAM,IACNxL,EAAS/K,EAAK2L,WACT,KAAI3L,EAAK6L,cAId,MAAUzS,MAAM,mFAHhBmd,EAAM,IACNxL,EAAS/K,EAAK6L,cAMhB,MAAMzO,EAAQ2N,EAAO/S,QAErB,OAAOsY,EAAK5T,OAAO,CAACxG,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GACrC,IAAIjH,WAAW,CAACwd,IAChBjG,EAAKM,YAAYxT,EAAM9F,OAAQ,GAC/B8F,IAEJ,KAAK+W,EAAEvH,cACP,KAAKuH,EAAEnH,iBACP,KAAKmH,EAAEtH,WACL,OAAOyD,EAAK5T,OAAO,CAACxG,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GAAO9J,KAAKm2E,OAAOl4D,EAAErH,IAAK,CAC/DA,IAAK9M,EAAKrE,SAGd,KAAKwY,EAAErH,IACL,QAAiB3V,IAAb6I,EAAK8M,IACP,MAAU1T,MAAM,8CAElB,OAAO4G,EAAK8M,IAAIw/D,aAAap2E,KAAK4hD,SAEpC,KAAK3jC,EAAEpH,cACL,OAAO7W,KAAKm2E,OAAOl4D,EAAErH,IAAK9M,GAC5B,KAAKmU,EAAElH,UACL,OAAO,IAAIlU,WAAW,GACxB,KAAKob,EAAEjH,WACL,MAAU9T,MAAM,mBAClB,QACE,MAAUA,MAAM,4BAItBmzE,iBAAiBvsE,EAAMqzC,GACrB,IAAI/7C,EAAS,EACb,OAAOmb,EAAiBk5D,EAAaz1E,KAAKuzE,gBAAgBlyE,IACxDD,GAAUC,EAAMD,MAAM,IACrB,KACD,MAAMq7C,EAAM,GAeZ,OAdqB,IAAjBz8C,KAAK4hD,SAAkB5hD,KAAKozE,gBAAkBryD,EAAMhM,UAAUiB,QAAUhW,KAAKozE,gBAAkBryD,EAAMhM,UAAUkB,OAC7GknC,EACFV,EAAI56C,KAAK,IAAIgB,WAAW,IAExB45C,EAAI56C,KAAKiI,EAAKk8C,gBAGlBvJ,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK4hD,QAAS,OAClB,IAAjB5hD,KAAK4hD,SACPnF,EAAI56C,KAAK,IAAIgB,WAAW,IAE1B45C,EAAI56C,KAAKuY,EAAKM,YAAYtZ,EAAQ,IAG3BgZ,EAAK5T,OAAOi2C,EAAI,IAI3B84B,OAAOnC,EAAetpE,EAAMqzC,GAAW,GACrC,MAAMj2C,EAAQlH,KAAKm2E,OAAO/C,EAAetpE,GAEzC,OAAOsQ,EAAK5T,OAAO,CAACU,EAAOlH,KAAKuzE,cAAevzE,KAAKq2E,iBAAiBvsE,EAAMqzC,KAG7Eh8C,WAAWiyE,EAAetpE,EAAMyrE,EAAQp4B,GAAW,GAEjD,OADKo4B,IAAQA,EAASv1E,KAAKu1E,OAAOnC,EAAetpE,EAAMqzC,IAChD1+B,GAAOzK,KAAK8zB,OAAO9nC,KAAKqzE,cAAekC,GAehDp0E,aAAayV,EAAKw8D,EAAetpE,EAAMwoE,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IACnF,IAAK/lB,KAAKm0E,YAAY7sD,OAAO1Q,EAAIy+D,YAC/B,MAAUnyE,MAAM,oDAElB,GAAIlD,KAAKszE,qBAAuB18D,EAAIizC,UAClC,MAAU3mD,MAAM,oFAGlB,MAAMozE,EAAqBlD,IAAkBryD,EAAMhM,UAAUiB,QAAUo9D,IAAkBryD,EAAMhM,UAAUkB,KAIzG,KADmBjW,KAAKizE,MAAcqD,GACrB,CACf,IAAIf,EACAvhE,EAQJ,GAPIhU,KAAKiiC,OACPjuB,QAAahU,KAAKiiC,QAElBszC,EAASv1E,KAAKu1E,OAAOnC,EAAetpE,EAAMqzC,GAC1CnpC,QAAahU,KAAKgU,KAAKo/D,EAAetpE,EAAMyrE,IAE9CvhE,QAAa2S,EAAiB3S,GAC1BhU,KAAKyzE,gBAAgB,KAAOz/D,EAAK,IACjChU,KAAKyzE,gBAAgB,KAAOz/D,EAAK,GACnC,MAAU9Q,MAAM,+BAUlB,GAPAlD,KAAK+mD,aAAe/mD,KAAK+mD,OAEzB/mD,KAAKizE,UAAkBx0D,GAAO1J,UAAUsoC,OACtCr9C,KAAKszE,mBAAoBtzE,KAAKqzE,cAAerzE,KAAK+mD,OAAQnwC,EAAIo4C,aAC9DumB,EAAQvhE,IAGLhU,KAAKizE,IACR,MAAU/vE,MAAM,iCAIpB,MAAMqzE,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAIiE,GAAYv2E,KAAK0zE,QAAU6C,EAC7B,MAAUrzE,MAAM,4CAElB,GAAIqzE,GAAYA,GAAYv2E,KAAKw2E,oBAC/B,MAAUtzE,MAAM,wBAElB,GAAIuhB,EAAOT,qBAAqBhe,IAAIhG,KAAKqzE,eACvC,MAAUnwE,MAAM,4BAA8B6d,EAAM7f,KAAK6f,EAAM/M,KAAMhU,KAAKqzE,eAAeoD,eAE3F,GAAIhyD,EAAOR,4BAA4Bje,IAAIhG,KAAKqzE,gBAC9C,CAACtyD,EAAMhM,UAAUiB,OAAQ+K,EAAMhM,UAAUkB,MAAMuL,SAASxhB,KAAKozE,eAC7D,MAAUlwE,MAAM,oCAAsC6d,EAAM7f,KAAK6f,EAAM/M,KAAMhU,KAAKqzE,eAAeoD,eAOnG,GALAz2E,KAAKo0E,aAAahxE,SAAQ,EAAG8H,OAAM0qE,eACjC,GAAIA,GAAanxD,EAAOX,eAAevd,QAAQ2E,GAAQ,EACrD,MAAUhI,MAAM,8BAA8BgI,MAGlB,OAA5BlL,KAAKg0E,mBACP,MAAU9wE,MAAM,iGASpBwzE,UAAUpE,EAAO,IAAI13D,MACnB,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,OAAiB,OAAbiE,KACOv2E,KAAK0zE,SAAW6C,GAAYA,EAAWv2E,KAAKw2E,qBASzDA,oBACE,OAAOx2E,KAAK2zE,sBAAwBnoE,IAAW,IAAIoP,KAAK5a,KAAK0zE,QAAQz4D,UAA2C,IAA/Bjb,KAAKmX,0BAgB1F,SAASu+D,GAAe17D,EAAM47D,EAAU9rE,GACtC,MAAM2yC,EAAM,GAIZ,OAHAA,EAAI56C,KAAK8jD,GAAkB77C,EAAK1I,OAAS,IACzCq7C,EAAI56C,KAAK,IAAIgB,WAAW,EAAE+yE,EAAW,IAAO,GAAK57D,KACjDyiC,EAAI56C,KAAKiI,GACFsQ,EAAK5T,OAAOi2C,EACrB,CC9tBA,MAAMk6B,GACOt2D,iBACT,OAAOU,EAAMlM,OAAOI,iBAGtBnV,cAEEE,KAAK4hD,QAAU,KAQf5hD,KAAKozE,cAAgB,KAMrBpzE,KAAKqzE,cAAgB,KAMrBrzE,KAAKszE,mBAAqB,KAE1BtzE,KAAKm0E,YAAc,KAMnBn0E,KAAKqpE,MAAQ,KAQfnoE,KAAKgG,GACH,IAAI6uE,EAAQ,EAGZ,GADA/1E,KAAK4hD,QAAU16C,EAAM6uE,KA1DT,IA2DR/1E,KAAK4hD,QACP,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,4DAuB7C,OAlBA5hD,KAAKozE,cAAgBlsE,EAAM6uE,KAG3B/1E,KAAKqzE,cAAgBnsE,EAAM6uE,KAG3B/1E,KAAKszE,mBAAqBpsE,EAAM6uE,KAGhC/1E,KAAKm0E,YAAc,IAAI/sD,GACvBpnB,KAAKm0E,YAAYjzE,KAAKgG,EAAM+E,SAAS8pE,EAAOA,EAAQ,IACpDA,GAAS,EAMT/1E,KAAKqpE,MAAQniE,EAAM6uE,KACZ/1E,KAOT8B,QACE,MAAM8B,EAAQ,IAAIf,WAAW,CA3FjB,EA2F2B7C,KAAKozE,cAAepzE,KAAKqzE,cAAerzE,KAAKszE,qBAE9E/nE,EAAM,IAAI1I,WAAW,CAAC7C,KAAKqpE,QAEjC,OAAOjvD,EAAKtX,iBAAiB,CAACc,EAAO5D,KAAKm0E,YAAYryE,QAASyJ,IAGjE8qE,oBAAoBzlD,GAClB,OAAOqkD,GAAiB9zE,SAAYgyE,GAAgBnyE,UAAUq1E,iBAAiBx5D,YAAY7c,KAAK42E,iBAAkBhmD,KAGpHzvB,eACE,MAAMy1E,QAAyB52E,KAAK42E,iBACpC,IAAKA,GAAoBA,EAAiB92E,YAAYugB,MAAQU,EAAMlM,OAAOE,UACzE,MAAU7R,MAAM,0CAElB,GACE0zE,EAAiBxD,gBAAkBpzE,KAAKozE,eACxCwD,EAAiBvD,gBAAkBrzE,KAAKqzE,eACxCuD,EAAiBtD,qBAAuBtzE,KAAKszE,qBAC5CsD,EAAiBzC,YAAY7sD,OAAOtnB,KAAKm0E,aAE1C,MAAUjxE,MAAM,2EAGlB,OADA0zE,EAAiB30C,OAASjiC,KAAKiiC,OACxB20C,EAAiBv5B,OAAOxgC,MAAM+5D,EAAkBr6B,YCxHpD,SAASs6B,GAAiBx2D,EAAKy2D,GACpC,IAAKA,EAAez2D,GAAM,CAExB,IAAI02D,EACJ,IACEA,EAAah2D,EAAM7f,KAAK6f,EAAMlM,OAAQwL,GACtC,MAAOhc,GACP,MAAM,IAAIyiD,GAAiB,iCAAiCzmC,GAE9D,MAAUnd,MAAM,uCAAuC6zE,GAEzD,OAAO,IAAID,EAAez2D,EAC5B,CDgHAs2D,GAAuB31E,UAAUgT,KAAOm/D,GAAgBnyE,UAAUgT,KAClE2iE,GAAuB31E,UAAUu0E,OAASpC,GAAgBnyE,UAAUu0E,OACpEoB,GAAuB31E,UAAUm1E,OAAShD,GAAgBnyE,UAAUm1E,OC1GpE,MAAMa,WAAmBn3E,MAWvB8nB,wBAAwBzgB,EAAO4vE,EAAgBryD,EAASsB,IACtD,MAAMkxD,EAAU,IAAID,GAEpB,aADMC,EAAQ/1E,KAAKgG,EAAO4vE,EAAgBryD,GACnCwyD,EAWT91E,WAAW+F,EAAO4vE,EAAgBryD,EAASsB,IACrCtB,EAAOjB,yBAAyBpiB,SAClC01E,EAAiB,IAAKA,KAAmB18D,EAAK8F,wBAAwBuE,EAAOjB,4BAE/ExjB,KAAKe,OAASulB,EAAqBpf,GAAO/F,MAAOqH,EAAUC,KACzD,MAAM/H,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,OACL/H,EAAOuI,MA6Bb,SA5BmBi9C,GAAY19C,GAAUrH,UACvC,IACE,GAAI+1E,EAAO72D,MAAQU,EAAMlM,OAAOS,QAAU4hE,EAAO72D,MAAQU,EAAMlM,OAAOW,MAIpE,OAEF,MAAMX,EAASgiE,GAAiBK,EAAO72D,IAAKy2D,GAC5CjiE,EAAOoiE,QAAU,IAAID,GACrBniE,EAAOsiE,WAAa/8D,EAAK5X,SAAS00E,EAAOriE,cACnCA,EAAO3T,KAAKg2E,EAAOriE,OAAQ4P,SAC3B/jB,EAAOoB,MAAM+S,GACnB,MAAOxQ,GACP,MAAM+yE,GAAyB3yD,EAAOnB,0BAA4Bjf,aAAayiD,GACzEuwB,IAAuB5yD,EAAOlB,wBAA4Blf,aAAayiD,IAC7E,GAAIswB,GAAyBC,GAAuBpxB,GAAkBixB,EAAO72D,WAIrE3f,EAAOuB,MAAMoC,OACd,CACL,MAAMizE,EAAiB,IAAIrwB,GAAkBiwB,EAAO72D,IAAK62D,EAAOriE,cAC1DnU,EAAOoB,MAAMw1E,GAErBl9D,EAAK4D,gBAAgB3Z,OAMvB,aAFM3D,EAAOuI,iBACPvI,EAAOsB,SAIjB,MAAOqC,SACD3D,EAAOuB,MAAMoC,OAKvB,MAAMkB,EAASghB,EAAiBvmB,KAAKe,QACrC,OAAa,CACX,MAAMO,KAAEA,EAAID,MAAEA,SAAgBkE,EAAOrE,OAMrC,GALKI,EAGHtB,KAAKe,OAAS,KAFdf,KAAK6B,KAAKR,GAIRC,GAAQ2kD,GAAkB5kD,EAAMvB,YAAYugB,KAC9C,MAGJ9a,EAAO3E,cAQTkB,QACE,MAAM26C,EAAM,GAEZ,IAAK,IAAIx5C,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,MAAMod,EAAMrgB,KAAKiD,aAAcgkD,GAAoBjnD,KAAKiD,GAAGod,IAAMrgB,KAAKiD,GAAGnD,YAAYugB,IAC/Ek3D,EAAcv3E,KAAKiD,GAAGnB,QAC5B,GAAIsY,EAAK5X,SAAS+0E,IAAgBtxB,GAAkBjmD,KAAKiD,GAAGnD,YAAYugB,KAAM,CAC5E,IAAIpc,EAAS,GACT8C,EAAe,EACnB,MAAMywE,EAAY,IAClB/6B,EAAI56C,KAAKikD,GAASzlC,IAClBo8B,EAAI56C,KAAK0a,EAAiBg7D,GAAal2E,IAGrC,GAFA4C,EAAOpC,KAAKR,GACZ0F,GAAgB1F,EAAMD,OAClB2F,GAAgBywE,EAAW,CAC7B,MAAMC,EAAW/rE,KAAKmyC,IAAInyC,KAAKqS,IAAIhX,GAAgB2E,KAAKgsE,IAAM,EAAG,IAC3DlV,EAAY,GAAKiV,EACjBzwE,EAAeoT,EAAK5T,OAAO,CAACo/C,GAAmB6xB,IAAWjxE,OAAOvC,IAGvE,OAFAA,EAAS,CAAC+C,EAAaiF,SAAS,EAAIu2D,IACpCz7D,EAAe9C,EAAO,GAAG7C,OAClB4F,EAAaiF,SAAS,EAAG,EAAIu2D,OAErC,IAAMpoD,EAAK5T,OAAO,CAACm/C,GAAkB5+C,IAAeP,OAAOvC,WACzD,CACL,GAAImW,EAAK5X,SAAS+0E,GAAc,CAC9B,IAAIn2E,EAAS,EACbq7C,EAAI56C,KAAK0a,EAAiBk5D,EAAa8B,IAAcl2E,IACnDD,GAAUC,EAAMD,MAAM,IACrB,IAAM4kD,GAAY3lC,EAAKjf,WAE1Bq7C,EAAI56C,KAAKmkD,GAAY3lC,EAAKk3D,EAAYn2E,SAExCq7C,EAAI56C,KAAK01E,IAIb,OAAOn9D,EAAK5T,OAAOi2C,GAQrBk7B,eAAeC,GACb,MAAMC,EAAW,IAAIb,GAEfc,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI9zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B20E,EAAK3vE,KAAK6vE,EAAO93E,KAAKiD,GAAGnD,YAAYugB,OACvCw3D,EAASh2E,KAAK7B,KAAKiD,IAIvB,OAAO40E,EAQTE,WAAW13D,GACT,OAAOrgB,KAAKg4E,MAAKnjE,GAAUA,EAAO/U,YAAYugB,MAAQA,IAQxD43D,cAAcL,GACZ,MAAMM,EAAW,GACXC,EAAOn4E,KAEP83E,EAASz3D,GAAO02D,GAAc12D,IAAQ02D,EAE5C,IAAK,IAAI9zE,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3B20E,EAAK3vE,KAAK6vE,EAAOK,EAAKl1E,GAAGnD,YAAYugB,OACvC63D,EAASr2E,KAAKoB,GAGlB,OAAOi1E,GCzLX,MAAMpB,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACAsE,GACAxD,KAWF,MAAMiF,GACO/3D,iBACT,OAAOU,EAAMlM,OAAOO,eAMtBtV,YAAY2kB,EAASsB,IAKnB/lB,KAAKi3E,QAAU,KAKfj3E,KAAK6pD,UAAYplC,EAAOrC,8BAMxBpiB,KAAKq4E,WAAa,KAKlBr4E,KAAKqiB,aAAeoC,EAAOpC,aAQ7BlhB,WAAW+F,EAAOud,EAASsB,UACnB+sD,EAAa5rE,GAAO/F,UAGxBnB,KAAK6pD,gBAAkBtkD,EAAOoB,WAG9B3G,KAAKq4E,WAAa9yE,EAAOmF,kBAEnB1K,KAAKs4E,WAAW7zD,EAAO,IASjC3iB,QAKE,OAJwB,OAApB9B,KAAKq4E,YACPr4E,KAAKu4E,WAGAn+D,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK6pD,YAAa7pD,KAAKq4E,aAS7Dl3E,iBAAiBsjB,EAASsB,IACxB,MAAMyyD,EAAkBz3D,EAAM7f,KAAK6f,EAAMpN,YAAa3T,KAAK6pD,WACrD4uB,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAUv1E,MAASs1E,EAAH,gCAGlBx4E,KAAKi3E,cAAgBD,GAAW2B,WAAWF,EAAgBz4E,KAAKq4E,YAAavB,GAAgBryD,GAM/F8zD,WACE,MAAMC,EAAkBz3D,EAAM7f,KAAK6f,EAAMpN,YAAa3T,KAAK6pD,WACrD+uB,EAAgBC,GAAaL,GACnC,IAAKI,EACH,MAAU11E,MAASs1E,EAAH,8BAGlBx4E,KAAKq4E,WAAaO,EAAc54E,KAAKi3E,QAAQn1E,QAAS9B,KAAKqiB,eAa/D,MAAMy2D,GAAW1+D,EAAK0E,cAEtB,SAASlL,GAAa9J,GACpB,OAAOA,CACT,CAEA,SAASivE,GAAU9Y,EAAM16B,EAAQ1gC,EAAU,IACzC,OAAO,SAAUiF,GACf,OAAKsQ,EAAK5X,SAASsH,IAASid,EAAqBjd,GACxCmrE,GAAiB,IAAMtuD,EAAiB7c,GAAMlI,MAAKkI,GACjD,IAAI7J,SAAQ,CAACC,EAASC,KAC3B8/D,EAAKn2D,EAAMjF,GAAS,CAACu8C,EAAK3/C,KACxB,GAAI2/C,EAAK,OAAOjhD,EAAOihD,GACvBlhD,EAAQuB,EAAO,GACf,QAIDu3E,EAAiBC,EAAiBnvE,GAAMpB,KAAK68B,EAAO1gC,KAE/D,CAEA,SAASq0E,GAAUp5E,EAAa+E,EAAU,IACxC,OAAO,SAASiF,GACd,MAAMs2C,EAAM,IAAItgD,EAAY+E,GAC5B,OAAO0X,EAAiBzS,GAAMzI,IAC5B,GAAIA,EAAMD,OAER,OADAg/C,EAAIv+C,KAAKR,EAAOywD,IACT1R,EAAI3+C,UAEZ,KACD,GAAI3B,IAAgByiE,GAElB,OADAniB,EAAIv+C,KAAK,GAAImwD,IACN5R,EAAI3+C,UAInB,CAEA,SAASsS,GAAMksD,GACb,OAAO,SAASn2D,GACd,OAAOmrE,GAAiB9zE,SAAY8+D,QAAWt5C,EAAiB7c,MAEpE,CAEA,MAAM+uE,GAAeC,GAAW,CAC9BjlE,iBAAmB,CAACwkE,EAAYre,IAAU+e,GAAUD,GAASK,WAAYL,GAASM,iBAAkB,CAAEpf,SAA5D+e,CAAqEV,GAC/GvkE,kBAAoB,CAACukE,EAAYre,IAAU+e,GAAUD,GAAS3X,QAAS2X,GAASO,cAAe,CAAErf,SAAtD+e,CAA+DV,IACxG,CACFxkE,iBAAmB,CAACwkE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEK,KAAK,EAAM5I,SAAhCkf,CAAyCb,GACnFvkE,kBAAoB,CAACukE,EAAYre,IAAUkf,GAAU3W,GAAS,CAAEvI,SAArBkf,CAA8Bb,IAGrEK,GAAiBI,GAAW,CAChCllE,aAAcA,GACdC,iBAAmBklE,GAAUD,GAASQ,WAAYR,GAASS,kBAC3DzlE,kBAAoBilE,GAAUD,GAASlO,QAASkO,GAASU,eACzDzlE,mBAAqBA,GAAM0lE,KACzB,CACF7lE,aAAcA,GACdC,iBAAmBqlE,GAAUzN,GAAS,CAAE7I,KAAK,IAC7C9uD,kBAAoBolE,GAAUzN,IAC9B13D,mBAAqBA,GAAM0lE,KCnLvB3C,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAeF,MAAMuG,GACOr5D,iBACT,OAAOU,EAAMlM,OAAOe,mCAGtB9V,cACEE,KAAK4hD,QAlBO,EAmBZ5hD,KAAK25E,UAAY,KACjB35E,KAAKi3E,QAAU,KAGjB91E,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UACxB,MAAMygD,QAAgBr8C,EAAOoB,WAE7B,GA3BU,IA2BNi7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,wCAMxC5hD,KAAK25E,UAAYp0E,EAAOmF,WAAW,IAIvC5I,QACE,OAAOsY,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAvCvB,IAuCmC7C,KAAK25E,YAYtDx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEvC,IAAI1yE,EAAQlH,KAAKi3E,QAAQn1E,QACrBilB,EAAqB7f,KAAQA,QAAcyf,EAAiBzf,IAChE,MAAM4U,QAAe2C,GAAOo7D,gBAAgBD,GACtCE,EAAM,IAAIj3E,WAAW,CAAC,IAAM,KAE5Bk3E,EAAS3/D,EAAK5T,OAAO,CAACsV,EAAQ5U,EAAO4yE,IACrC9lE,QAAayK,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,IAClD7mE,EAAYkH,EAAK5T,OAAO,CAACuzE,EAAQ/lE,IAGvC,OADAhU,KAAK25E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK1D,EAAW,IAAIrQ,WAAWmwB,GAAYvO,IACxG,EAYTtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMiN,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACvC,IAAID,EAAYlE,EAAaz1E,KAAK25E,WAC9B5yD,EAAqB4yD,KAAYA,QAAkBhzD,EAAiBgzD,IACxE,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EAAK+iE,EAAW,IAAI92E,WAAWmwB,IAI9FinD,EAAWzE,EAAa5uD,EAAoBozD,IAAa,IACzDD,EAASvE,EAAawE,EAAW,GAAI,IACrCE,EAAaj6E,QAAQ2H,IAAI,CAC7B+e,QAAuBlI,GAAOzK,KAAKE,KAAK0S,EAAoBmzD,KAC5DpzD,EAAiBszD,KAChBr4E,MAAK,EAAEoS,EAAM8lE,MACd,IAAK1/D,EAAKqD,iBAAiBzJ,EAAM8lE,GAC/B,MAAU52E,MAAM,0BAElB,OAAO,IAAIL,UAAY,IAEnBqE,EAAQsuE,EAAauE,EAAQ/mD,EAAY,GAC/C,IAAIukD,EAAc/B,EAAatuE,EAAO,GAAI,GAM1C,OALAqwE,EAAch6D,EAAc,CAACg6D,EAAatC,GAAiB,IAAMiF,MAC5D9/D,EAAK5X,SAASm3E,IAAel1D,EAAO9B,6BACvC40D,QAAoB5wD,EAAiB4wD,IAEvCv3E,KAAKi3E,cAAgBD,GAAW2B,WAAWpB,EAAaT,GAAgBryD,IACjE,GC7GX,MAAMqyD,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAYF,MAAMgH,GACO95D,iBACT,OAAOU,EAAMlM,OAAOiB,kBAGtBhW,cACEE,KAAK4hD,QAfO,EAiBZ5hD,KAAKo6E,gBAAkB,KAEvBp6E,KAAKq6E,cAAgBt5D,EAAMtM,KAAKC,IAChC1U,KAAKs6E,cAAgB,KACrBt6E,KAAKkxB,GAAK,KACVlxB,KAAK25E,UAAY,KACjB35E,KAAKi3E,QAAU,KAQjB91E,WAAW+F,SACH4rE,EAAa5rE,GAAO/F,UACxB,MAAMygD,QAAgBr8C,EAAOoB,WAC7B,GAlCU,IAkCNi7C,EACF,MAAM,IAAIkF,GAAiB,WAAWlF,yDAExC5hD,KAAKo6E,sBAAwB70E,EAAOoB,WACpC3G,KAAKq6E,oBAAsB90E,EAAOoB,WAClC3G,KAAKs6E,oBAAsB/0E,EAAOoB,WAElC,MAAMmnB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eACrCr6E,KAAKkxB,SAAW3rB,EAAOuB,UAAUgnB,EAAKwkB,UACtCtyC,KAAK25E,UAAYp0E,EAAOmF,WAAW,IAQvC5I,QACE,OAAOsY,EAAK5T,OAAO,CAAC,IAAI3D,WAAW,CAAC7C,KAAK4hD,QAAS5hD,KAAKo6E,gBAAiBp6E,KAAKq6E,cAAer6E,KAAKs6E,gBAAiBt6E,KAAKkxB,GAAIlxB,KAAK25E,YAWlIx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C/lB,KAAKi3E,cAAgBD,GAAW2B,iBACxB34E,KAAK+zC,MAAM,UAAWn9B,EAAK6+D,EAAaz1E,KAAK25E,YACnD7C,GACAryD,GAYJtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C/lB,KAAKo6E,gBAAkBR,EAEvB,MAAMtnC,SAAEA,GAAa7zB,GAAO87D,YAAYv6E,KAAKq6E,eAC7Cr6E,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAe3L,GACvCtyC,KAAKs6E,cAAgB71D,EAAOjC,kBAC5B,MAAM1Y,EAAO9J,KAAKi3E,QAAQn1E,QAC1B9B,KAAK25E,gBAAkB35E,KAAK+zC,MAAM,UAAWn9B,EAAK9M,GAWpD3I,YAAY8I,EAAI2M,EAAK9M,GACnB,MAAMgkB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAC/BG,QAAqB1sD,EAAK9tB,KAAKo6E,gBAAiBxjE,GAChD6jE,EAA+B,YAAPxwE,EAAmB6jB,EAAKykB,UAAY,EAC5DmoC,EAA+B,YAAPzwE,EAAmB6jB,EAAKykB,UAAY,EAC5DiwB,EAAY,IAAMxiE,KAAKs6E,cAAgB,GAAKG,EAC5CE,EAAc,IAAIx1D,YAAY,IAC9By1D,EAAa,IAAI/3E,WAAW83E,EAAa,EAAG,IAC5CE,EAAgB,IAAIh4E,WAAW83E,GAC/BG,EAAY,IAAI11D,SAASu1D,GACzBI,EAAkB,IAAIl4E,WAAW83E,EAAa,EAAG,GACvDC,EAAWt3E,IAAI,CAAC,IAAO62E,GAAwB95D,IAAKrgB,KAAK4hD,QAAS5hD,KAAKo6E,gBAAiBp6E,KAAKq6E,cAAer6E,KAAKs6E,eAAgB,GACjI,IAAI/mC,EAAa,EACbynC,EAAgB/6E,QAAQC,UACxB+6E,EAAe,EACfC,EAAc,EAClB,MAAMhqD,EAAKlxB,KAAKkxB,GAChB,OAAO5K,EAAqBxc,GAAM3I,MAAOqH,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK5X,SAASgG,GAAuB,CACvC,MAAMvE,EAAS,IAAI0iD,EAAuB,GAAI,CAC5Ch9C,cAAeyQ,EAAK6E,yBAA2B,IAAMjf,KAAKs6E,cAAgB,GAC1Et1E,KAAMsZ,GAASA,EAAMld,SAEvBylB,EAAY5iB,EAAOuE,SAAUC,GAC7BA,EAAWxE,EAAOwE,SAEpB,MAAMlD,EAASghB,EAAiB/d,GAC1B9H,EAAS8lB,EAAiB/d,GAChC,IACE,OAAa,CACX,IAAI1G,QAAcwD,EAAOuB,UAAU07D,EAAYiY,IAA0B,IAAI53E,WAC7E,MAAMs4E,EAAap5E,EAAMkK,SAASlK,EAAMX,OAASq5E,GAEjD,IAAIW,EACA95E,EAwBJ,GA1BAS,EAAQA,EAAMkK,SAAS,EAAGlK,EAAMX,OAASq5E,IAGpClnC,GAAcxxC,EAAMX,QACvBmE,EAAOmB,QAAQy0E,GACfC,EAAiBZ,EAAavwE,GAAIlI,EAAO+rB,EAAKwlB,SAASpiB,EAAI6pD,GAAkBH,GAC7EM,GAAen5E,EAAMX,OAASq5E,EAAwBC,IAKtDI,EAAUO,SAAS,GAAQJ,GAC3BG,EAAiBZ,EAAavwE,GAAIkxE,EAAYrtD,EAAKwlB,SAASpiB,EAAI6pD,GAAkBF,GAClFK,GAAeR,EACfp5E,GAAO,GAET25E,GAAgBl5E,EAAMX,OAASq5E,EAE/BO,EAAgBA,EAAcp5E,MAAK,IAAMw5E,IAAgBx5E,MAAKT,gBACtDT,EAAOuI,YACPvI,EAAOoB,MAAMgzC,GACnBomC,GAAepmC,EAAQ1zC,MAAM,IAC5BhB,OAAMghD,GAAO1gD,EAAOuB,MAAMm/C,MACzB9/C,GAAQ45E,EAAcx6E,EAAO46E,oBACzBN,EAEH15E,EAEE,OACCZ,EAAOsB,QACb,MAHA84E,EAAUO,SAAS,IAAS9nC,IAMhC,MAAOlvC,SACD3D,EAAOuB,MAAMoC,QChK3B,MAAMk3E,GACOl7D,iBACT,OAAOU,EAAMlM,OAAOC,6BAGtBhV,cACEE,KAAK4hD,QAAU,EAEf5hD,KAAKw7E,YAAc,IAAIp0D,GACvBpnB,KAAKszE,mBAAqB,KAE1BtzE,KAAKy7E,WAAa,KAKlBz7E,KAAK45E,oBAAsB,KAG3B55E,KAAK25E,UAAY,GAQnBz4E,KAAKgG,GACH,IAAIjE,EAAI,EAER,GADAjD,KAAK4hD,QAAU16C,EAAMjE,KA/CT,IAgDRjD,KAAK4hD,QACP,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,+CAE7C3+C,GAAKjD,KAAKw7E,YAAYt6E,KAAKgG,EAAM+E,SAAShJ,IAC1CjD,KAAKszE,mBAAqBpsE,EAAMjE,KAChCjD,KAAK25E,UAAYl7D,GAAOi9D,yBAAyB17E,KAAKszE,mBAAoBpsE,EAAM+E,SAAShJ,GAAIjD,KAAK4hD,SAC9F5hD,KAAKszE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C9S,KAAK45E,oBAAsB74D,EAAMjf,MAAMif,EAAM9N,UAAWjT,KAAK25E,UAAU9mD,EAAEg3B,YAS7E/nD,QACE,MAAM26C,EAAM,CACV,IAAI55C,WAAW,CAAC7C,KAAK4hD,UACrB5hD,KAAKw7E,YAAY15E,QACjB,IAAIe,WAAW,CAAC7C,KAAKszE,qBACrB70D,GAAOy2D,gBAAgBl1E,KAAKszE,mBAAoBtzE,KAAK25E,YAGvD,OAAOv/D,EAAKtX,iBAAiB25C,GAS/Bt7C,cAAcyV,GACZ,MAAM44B,EAAOzuB,EAAMjf,MAAMif,EAAM7O,UAAWlS,KAAKszE,oBACzClyD,EAAUu6D,GAAiB37E,KAAK4hD,QAASpS,EAAMxvC,KAAK45E,oBAAqB55E,KAAKy7E,YACpFz7E,KAAK25E,gBAAkBl7D,GAAOm9D,iBAC5BpsC,EAAMxvC,KAAK45E,oBAAqBhjE,EAAIo4C,aAAc5tC,EAASxK,EAAIw+D,uBAWnEj0E,cAAcyV,EAAKilE,GAEjB,GAAI77E,KAAKszE,qBAAuB18D,EAAIizC,UAClC,MAAU3mD,MAAM,oBAGlB,MAAMm8C,EAAgBw8B,EACpBF,GAAiB37E,KAAK4hD,QAAS5hD,KAAKszE,mBAAoBuI,EAAiBjC,oBAAqBiC,EAAiBJ,YAC/G,KACIK,QAAsBr9D,GAAOs9D,iBAAiB/7E,KAAKszE,mBAAoB18D,EAAIo4C,aAAcp4C,EAAIo5C,cAAehwD,KAAK25E,UAAW/iE,EAAIw+D,sBAAuB/1B,IAEvJo8B,WAAEA,EAAU7B,oBAAEA,GAkCxB,SAA0Bh4B,EAAS8N,EAASosB,EAAeD,GACzD,OAAQnsB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAAM,CAEzB,MAAM/Q,EAASq6E,EAAc7vE,SAAS,EAAG6vE,EAAc16E,OAAS,GAC1DukB,EAAWm2D,EAAc7vE,SAAS6vE,EAAc16E,OAAS,GACzD46E,EAAmB5hE,EAAKwD,cAAcnc,EAAOwK,SAASxK,EAAOL,OAAS,IACtE66E,EAAkBD,EAAiB,KAAOr2D,EAAS,GAAKq2D,EAAiB,KAAOr2D,EAAS,GACzFu2D,EAAsB,CAAEtC,oBAAqBn4E,EAAO,GAAIg6E,WAAYh6E,EAAOwK,SAAS,IAC1F,GAAI4vE,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBtC,sBAAwBiC,EAAiBjC,oBAC7DsC,EAAoBT,WAAWr6E,SAAWy6E,EAAiBJ,WAAWr6E,OACxE,MAAO,CACLq6E,WAAYrhE,EAAKsG,iBAAiBy7D,EAAgBD,EAAoBT,WAAYI,EAAiBJ,YACnG7B,oBAAqBx/D,EAAKwG,YACxBu7D,EACAD,EAAoBtC,oBACpBiC,EAAiBjC,sBAKrB,GADuBqC,GAAmBl7D,EAAM7f,KAAK6f,EAAM9N,UAAWipE,EAAoBtC,qBAExF,OAAOsC,EAEP,MAAUh5E,MAAM,oBAItB,KAAK6d,EAAM7O,UAAUY,OACnB,MAAO,CACL2oE,WAAYK,GAEhB,QACE,MAAU54E,MAAM,oCAEtB,CA5EgDk5E,CAAiBp8E,KAAK4hD,QAAS5hD,KAAKszE,mBAAoBwI,EAAeD,GAG/G77E,KAAKszE,qBAAuBvyD,EAAM7O,UAAUY,SAC9C9S,KAAK45E,oBAAsBA,GAE7B55E,KAAKy7E,WAAaA,GAOtB,SAASE,GAAiB/5B,EAAS8N,EAAS5uC,EAAYu7D,GACtD,OAAQ3sB,GACN,KAAK3uC,EAAM7O,UAAUE,WACrB,KAAK2O,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUI,QACrB,KAAKyO,EAAM7O,UAAUM,KAEnB,OAAO4H,EAAKtX,iBAAiB,CAC3B,IAAID,WAAW,CAACie,IAChBu7D,EACAjiE,EAAKwD,cAAcy+D,EAAepwE,SAASowE,EAAej7E,OAAS,MAGvE,KAAK2f,EAAM7O,UAAUY,OACnB,OAAOupE,EACT,QACE,MAAUn5E,MAAM,oCAEtB,CC7HA,MAAMo5E,GAIJx8E,YAAY2kB,EAASsB,IAKnB/lB,KAAK6pD,UAAY9oC,EAAM/M,KAAKI,OAK5BpU,KAAKga,KAAO,WAEZha,KAAKoc,EAAIqI,EAAOhC,sBAIhBziB,KAAKstD,KAAO,KAGdivB,WAIE,OAAQ,IAAe,GAATv8E,KAAKoc,IAFH,GAEiBpc,KAAKoc,GAAK,GAQ7Clb,KAAKgG,GACH,IAAIjE,EAAI,EACR,IACEjD,KAAKga,KAAO+G,EAAM7f,KAAK6f,EAAMlP,IAAK3K,EAAMjE,MACxC,MAAOm+C,GACP,MAAM,IAAI0F,GAAiB,qBAI7B,OAFA9mD,KAAK6pD,UAAY3iD,EAAMjE,KAEfjD,KAAKga,MACX,IAAK,SACH,MAEF,IAAK,SACHha,KAAKstD,KAAOpmD,EAAM+E,SAAShJ,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACHjD,KAAKstD,KAAOpmD,EAAM+E,SAAShJ,EAAGA,EAAI,GAClCA,GAAK,EAGLjD,KAAKoc,EAAIlV,EAAMjE,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDmX,EAAKqC,mBAAmBvV,EAAM+E,SAAShJ,EAAGA,EAAI,IAUhD,MAAM,IAAI6jD,GAAiB,qBAT3B7jD,GAAK,EAEL,GAAmB,OADA,IAAOiE,EAAMjE,KAK9B,MAAM,IAAI6jD,GAAiB,oCAH3B9mD,KAAKga,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI8sC,GAAiB,qBAG/B,OAAO7jD,EAOTnB,QACE,GAAkB,cAAd9B,KAAKga,KACP,OAAO,IAAInX,WAAW,CAAC,IAAK,KAAMuX,EAAKiC,mBAAmB,OAAQ,IAEpE,MAAMogC,EAAM,CAAC,IAAI55C,WAAW,CAACke,EAAMjf,MAAMif,EAAMlP,IAAK7R,KAAKga,MAAOha,KAAK6pD,aAErE,OAAQ7pD,KAAKga,MACX,IAAK,SACH,MACF,IAAK,SACHyiC,EAAI56C,KAAK7B,KAAKstD,MACd,MACF,IAAK,WACH7Q,EAAI56C,KAAK7B,KAAKstD,MACd7Q,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAKoc,KAC9B,MACF,IAAK,MACH,MAAUlZ,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOkX,EAAKtX,iBAAiB25C,GAW/Bt7C,iBAAiBq7E,EAAYC,GAC3BD,EAAapiE,EAAK0C,WAAW0/D,GAE7B,MAAM//B,EAAM,GACZ,IAAIigC,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIlH,EACJ,OAAQv1E,KAAKga,MACX,IAAK,SACHu7D,EAASn7D,EAAKtX,iBAAiB,CAAC,IAAID,WAAW85E,GAAYH,IAC3D,MACF,IAAK,SACHjH,EAASn7D,EAAKtX,iBAAiB,CAAC,IAAID,WAAW85E,GAAY38E,KAAKstD,KAAMkvB,IACtE,MACF,IAAK,WAAY,CACf,MAAM1yE,EAAOsQ,EAAKtX,iBAAiB,CAAC9C,KAAKstD,KAAMkvB,IAC/C,IAAII,EAAU9yE,EAAK1I,OACnB,MAAMqiC,EAAQ/3B,KAAKC,IAAI3L,KAAKu8E,WAAYK,GACxCrH,EAAS,IAAI1yE,WAAW85E,EAAYl5C,GACpC8xC,EAAOjyE,IAAIwG,EAAM6yE,GACjB,IAAK,IAAIx5E,EAAMw5E,EAAYC,EAASz5E,EAAMsgC,EAAOtgC,GAAOy5E,EAASA,GAAW,EAC1ErH,EAAO11D,WAAW1c,EAAKw5E,EAAWx5E,GAEpC,MAEF,IAAK,MACH,MAAUD,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMzB,QAAegd,GAAOzK,KAAK8zB,OAAO9nC,KAAK6pD,UAAW0rB,GACxD94B,EAAI56C,KAAKJ,GACTi7E,GAAWj7E,EAAOL,OAClBu7E,IAGF,OAAOviE,EAAKtX,iBAAiB25C,GAAKxwC,SAAS,EAAGwwE,IC7JlD,MAAMI,GACOx8D,iBACT,OAAOU,EAAMlM,OAAOG,uBAMtBlV,YAAY2kB,EAASsB,IACnB/lB,KAAK4hD,QAAUn9B,EAAOnC,YAAc,EAAI,EACxCtiB,KAAKy7E,WAAa,KAKlBz7E,KAAK88E,8BAAgC,KAKrC98E,KAAK45E,oBAAsB74D,EAAM9N,UAAUQ,OAK3CzT,KAAKq6E,cAAgBt5D,EAAMjf,MAAMif,EAAMtM,KAAMgQ,EAAOlC,wBACpDviB,KAAK25E,UAAY,KACjB35E,KAAK6R,IAAM,KACX7R,KAAKkxB,GAAK,KAQZhwB,KAAKgG,GACH,IAAIiJ,EAAS,EAIb,GADAnQ,KAAK4hD,QAAU16C,EAAMiJ,KACA,IAAjBnQ,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAC7B,MAAM,IAAIkF,GAAiB,WAAW9mD,KAAK4hD,+CAI7C,MAAMpS,EAAOtoC,EAAMiJ,KAWnB,GATqB,IAAjBnQ,KAAK4hD,UAEP5hD,KAAKq6E,cAAgBnzE,EAAMiJ,MAI7BnQ,KAAK6R,IAAM,IAAIyqE,GACfnsE,GAAUnQ,KAAK6R,IAAI3Q,KAAKgG,EAAM+E,SAASkE,EAAQjJ,EAAM9F,SAEhC,IAAjBpB,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAIrCr6E,KAAKkxB,GAAKhqB,EAAM+E,SAASkE,EAAQA,GAAU2d,EAAKwkB,UAK7B,IAAjBtyC,KAAK4hD,SAAiBzxC,EAASjJ,EAAM9F,QACvCpB,KAAK25E,UAAYzyE,EAAM+E,SAASkE,EAAQjJ,EAAM9F,QAC9CpB,KAAK88E,8BAAgCttC,GAErCxvC,KAAK45E,oBAAsBpqC,EAS/B1tC,QACE,MAAM0tC,EAA0B,OAAnBxvC,KAAK25E,UAChB35E,KAAK45E,oBACL55E,KAAK88E,8BAEP,IAAI51E,EAYJ,OAVqB,IAAjBlH,KAAK4hD,QACP16C,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK4hD,QAASpS,EAAMxvC,KAAKq6E,gBAAiBr6E,KAAK6R,IAAI/P,QAAS9B,KAAKkxB,GAAIlxB,KAAK25E,aAEzHzyE,EAAQkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC7C,KAAK4hD,QAASpS,IAAQxvC,KAAK6R,IAAI/P,UAEvD,OAAnB9B,KAAK25E,YACPzyE,EAAQkT,EAAKtX,iBAAiB,CAACoE,EAAOlH,KAAK25E,cAIxCzyE,EAST/F,cAAcq7E,GACZ,MAAMhtC,EAA8C,OAAvCxvC,KAAK88E,8BAChB98E,KAAK88E,8BACL98E,KAAK45E,qBAED5mD,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1C54B,QAAY5W,KAAK6R,IAAIkrE,WAAWP,EAAYvpD,GAElD,GAAqB,IAAjBjzB,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eAC/BrnC,EAAQ,IAAInwC,WAAW,CAAC,IAAOg6E,GAA6Bx8D,IAAKrgB,KAAK4hD,QAAS5hD,KAAK88E,8BAA+B98E,KAAKq6E,gBACxHG,QAAqB1sD,EAAK0hB,EAAM54B,GACtC5W,KAAKy7E,iBAAmBjB,EAAa7nD,QAAQ3yB,KAAK25E,UAAW35E,KAAKkxB,GAAI8hB,QACjE,GAAuB,OAAnBhzC,KAAK25E,UAAoB,CAClC,MAAMK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQ6c,EAAM54B,EAAK5W,KAAK25E,UAAW,IAAI92E,WAAWmwB,IAE1FhzB,KAAK45E,oBAAsB74D,EAAMjf,MAAMif,EAAM9N,UAAW+mE,EAAU,IAClEh6E,KAAKy7E,WAAazB,EAAU/tE,SAAS,EAAG+tE,EAAU54E,aAElDpB,KAAKy7E,WAAa7kE,EAWtBzV,cAAcq7E,EAAY/3D,EAASsB,IACjC,MAAMypB,EAA8C,OAAvCxvC,KAAK88E,8BAChB98E,KAAK88E,8BACL98E,KAAK45E,oBAEP55E,KAAK88E,8BAAgCttC,EAErCxvC,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAE7C,MAAMjrB,UAAEA,EAASC,QAAEA,GAAYxU,GAAOkxB,UAAUH,GAC1CwtC,QAAsBh9E,KAAK6R,IAAIkrE,WAAWP,EAAYvpD,GAM5D,GAJwB,OAApBjzB,KAAKy7E,aACPz7E,KAAKy7E,WAAah9D,GAAOw+D,mBAAmBj9E,KAAK45E,sBAG9B,IAAjB55E,KAAK4hD,QAAe,CACtB,MAAM9zB,EAAOrP,GAAO87D,YAAYv6E,KAAKq6E,eACrCr6E,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAenwB,EAAKwkB,UAC5C,MAAM4qC,EAAiB,IAAIr6E,WAAW,CAAC,IAAOg6E,GAA6Bx8D,IAAKrgB,KAAK4hD,QAAS5hD,KAAK88E,8BAA+B98E,KAAKq6E,gBACjIG,QAAqB1sD,EAAK0hB,EAAMwtC,GACtCh9E,KAAK25E,gBAAkBa,EAAa9nD,QAAQ1yB,KAAKy7E,WAAYz7E,KAAKkxB,GAAIgsD,OACjE,CACL,MAAMC,EAAY/iE,EAAKtX,iBAAiB,CACtC,IAAID,WAAW,CAAC7C,KAAK45E,sBACrB55E,KAAKy7E,aAEPz7E,KAAK25E,gBAAkBl7D,GAAOqP,KAAK6iB,IAAIje,QAAQ8c,EAAMwtC,EAAeG,EAAW,IAAIt6E,WAAWmwB,GAAYvO,KCtKhH,MAAM24D,GACO/8D,iBACT,OAAOU,EAAMlM,OAAO3C,UAOtBpS,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAKtC/lB,KAAK4hD,QAAUn9B,EAAO1K,OAAS,EAAI,EAKnC/Z,KAAK0zE,QAAUt5D,EAAKc,cAAco3D,GAKlCtyE,KAAK6pD,UAAY,KAKjB7pD,KAAKgvD,aAAe,KAKpBhvD,KAAKq9E,iBAAmB,EAKxBr9E,KAAKsrD,YAAc,KAKnBtrD,KAAKunB,MAAQ,KASfI,2BAA2B21D,GACzB,MAAMC,EAAY,IAAIH,IAChBx7B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBgyB,EAO1E,OANAC,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,EASTp8E,WAAW+F,GACT,IAAI/D,EAAM,EAIV,GAFAnD,KAAK4hD,QAAU16C,EAAM/D,KAEA,IAAjBnD,KAAK4hD,SAAkC,IAAjB5hD,KAAK4hD,QAAe,CAE5C5hD,KAAK0zE,QAAUt5D,EAAKO,SAASzT,EAAM+E,SAAS9I,EAAKA,EAAM,IACvDA,GAAO,EAGPnD,KAAK6pD,UAAY3iD,EAAM/D,KAEF,IAAjBnD,KAAK4hD,UAEPz+C,GAAO,GAIT,MAAMjC,KAAEA,EAAI8tD,aAAEA,GAAiBvwC,GAAO++D,qBAAqBx9E,KAAK6pD,UAAW3iD,EAAM+E,SAAS9I,IAM1F,OALAnD,KAAKgvD,aAAeA,EACpB7rD,GAAOjC,QAGDlB,KAAKy9E,6BACJt6E,EAET,MAAM,IAAI2jD,GAAiB,WAAW9mD,KAAK4hD,6CAO7C9/C,QACE,MAAM26C,EAAM,GAEZA,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK4hD,WAC9BnF,EAAI56C,KAAKuY,EAAKS,UAAU7a,KAAK0zE,UAE7Bj3B,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAK6pD,aAE9B,MAAM9C,EAAStoC,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgvD,cAO3D,OANqB,IAAjBhvD,KAAK4hD,SAEPnF,EAAI56C,KAAKuY,EAAKM,YAAYqsC,EAAO3lD,OAAQ,IAG3Cq7C,EAAI56C,KAAKklD,GACF3sC,EAAKtX,iBAAiB25C,GAO/B25B,aAAax0B,GACX,MAAM16C,EAAQlH,KAAK09E,iBAEnB,OAAgB,IAAZ97B,EACKxnC,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQuX,EAAKM,YAAYxT,EAAM9F,OAAQ,GAAI8F,IAEpFkT,EAAKtX,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAQuX,EAAKM,YAAYxT,EAAM9F,OAAQ,GAAI8F,IAO3Fy2E,cACE,OAAO,KAOTC,kBACE,OAAO59E,KAAK0zE,QAOd2B,WACE,OAAOr1E,KAAKunB,MAOdpmB,mCAIE,SAHMnB,KAAK69E,qBACX79E,KAAKunB,MAAQ,IAAIH,GAEI,IAAjBpnB,KAAK4hD,QACP5hD,KAAKunB,MAAMrmB,KAAKlB,KAAKsrD,YAAYr/C,SAAS,EAAG,QACxC,IAAqB,IAAjBjM,KAAK4hD,QAGd,MAAU1+C,MAAM,2BAFhBlD,KAAKunB,MAAMrmB,KAAKlB,KAAKsrD,YAAYr/C,SAAS,GAAI,MASlD9K,2BACE,MAAMo0E,EAASv1E,KAAKo2E,aAAap2E,KAAK4hD,SAEtC,GAAqB,IAAjB5hD,KAAK4hD,QACP5hD,KAAKsrD,kBAAoB7sC,GAAOzK,KAAKI,OAAOmhE,OACvC,IAAqB,IAAjBv1E,KAAK4hD,QAGd,MAAU1+C,MAAM,2BAFhBlD,KAAKsrD,kBAAoB7sC,GAAOzK,KAAKE,KAAKqhE,IAU9CH,sBACE,OAAOp1E,KAAKsrD,YAOdwyB,iBACE,OAAO1jE,EAAK8B,gBAAgBlc,KAAKo1E,uBAOnC2I,qBAAqBC,GACnB,OAAOh+E,KAAK4hD,UAAYo8B,EAAMp8B,SAAWxnC,EAAKqD,iBAAiBzd,KAAK09E,iBAAkBM,EAAMN,kBAO9FO,mBACE,MAAMx8E,EAAS,GACfA,EAAOooD,UAAY9oC,EAAM7f,KAAK6f,EAAM7O,UAAWlS,KAAK6pD,WAEpD,MAAMq0B,EAASl+E,KAAKgvD,aAAa5iD,GAAKpM,KAAKgvD,aAAa58B,EAMxD,OALI8rD,EACFz8E,EAAO8c,KAAOnE,EAAKuB,oBAAoBuiE,GAC9Bl+E,KAAKgvD,aAAajK,MAC3BtjD,EAAO+O,MAAQxQ,KAAKgvD,aAAajK,IAAIC,WAEhCvjD,GAQX27E,GAAgBp8E,UAAUm9E,cAAgBf,GAAgBp8E,UAAUE,KAMpEk8E,GAAgBp8E,UAAU08E,eAAiBN,GAAgBp8E,UAAUc,MCzPrE,MAAMg1E,gBAA+B18D,EAAK8F,wBAAwB,CAChEmyD,GACA+F,GACAzB,GACAxD,KAaF,MAAMiL,GACO/9D,iBACT,OAAOU,EAAMlM,OAAOQ,2BAGtBvV,cAIEE,KAAK25E,UAAY,KAKjB35E,KAAKi3E,QAAU,KAGjB/1E,KAAKgG,GACHlH,KAAK25E,UAAYzyE,EAGnBpF,QACE,OAAO9B,KAAK25E,UAadx4E,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAE/C,IAAKtB,EAAO/B,6BACV,MAAUxf,MAAM,iCAGlB,MAAM8vB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GACjCD,QAAkBhzD,EAAiB8uD,EAAaz1E,KAAK25E,YACrDK,QAAkBv7D,GAAOqP,KAAK6iB,IAAIhe,QAAQinD,EAAqBhjE,EACnE+iE,EAAU1tE,SAAS+mB,EAAY,GAC/B2mD,EAAU1tE,SAAS,EAAG+mB,EAAY,IAGpChzB,KAAKi3E,cAAgBD,GAAW2B,WAAWqB,EAAWlD,GAAgBryD,GAYxEtjB,cAAcy4E,EAAqBhjE,EAAK6N,EAASsB,IAC/C,MAAMjc,EAAO9J,KAAKi3E,QAAQn1E,SACpBkxB,UAAEA,GAAcvU,GAAOkxB,UAAUiqC,GAEjC99D,QAAe2C,GAAOo7D,gBAAgBD,GACtCyE,QAAY5/D,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAKkF,EAAQ,IAAIjZ,WAAWmwB,GAAYvO,GACjGusB,QAAmBvyB,GAAOqP,KAAK6iB,IAAIje,QAAQknD,EAAqBhjE,EAAK9M,EAAMu0E,EAAIpyE,SAAS,GAAIwY,GAClGzkB,KAAK25E,UAAYv/D,EAAK5T,OAAO,CAAC63E,EAAKrtC,KC9EvC,MAAMstC,GACOj+D,iBACT,OAAOU,EAAMlM,OAAOS,OAQtBpU,KAAKgG,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,GAMZpF,QACE,OAAO,IAAIe,WAAW,CAAC,GAAM,GAAM,MC5BvC,MAAM07E,WAA2BnB,GACpB/8D,iBACT,OAAOU,EAAMlM,OAAOa,aAQtB5V,YAAYwyE,EAAM7tD,GAChB1kB,MAAMuyE,EAAM7tD,GASdkD,8BAA8B62D,GAC5B,MAAMjB,EAAY,IAAIgB,IAChB38B,QAAEA,EAAO8xB,QAAEA,EAAO7pB,UAAEA,EAASmF,aAAEA,EAAYznC,MAAEA,EAAK+jC,YAAEA,GAAgBkzB,EAO1E,OANAjB,EAAU37B,QAAUA,EACpB27B,EAAU7J,QAAUA,EACpB6J,EAAU1zB,UAAYA,EACtB0zB,EAAUvuB,aAAeA,EACzBuuB,EAAUh2D,MAAQA,EAClBg2D,EAAUjyB,YAAcA,EACjBiyB,GCnBX,MAAMkB,GACOp+D,iBACT,OAAOU,EAAMlM,OAAOc,cAGtB7V,cACEE,KAAK0+E,WAAa,GAOpBx9E,KAAKgG,GACH,IAAIjE,EAAI,EACR,KAAOA,EAAIiE,EAAM9F,QAAQ,CACvB,MAAM2O,EAAM21C,GAAiBx+C,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SACrD6B,GAAK8M,EAAII,OAETnQ,KAAK0+E,WAAW78E,KAAKuY,EAAKqC,mBAAmBvV,EAAM+E,SAAShJ,EAAGA,EAAI8M,EAAIA,OACvE9M,GAAK8M,EAAIA,KAQbjO,QACE,MAAM26C,EAAM,GACZ,IAAK,IAAIx5C,EAAI,EAAGA,EAAIjD,KAAK0+E,WAAWt9E,OAAQ6B,IAC1Cw5C,EAAI56C,KAAK8jD,GAAkB3lD,KAAK0+E,WAAWz7E,GAAG7B,SAC9Cq7C,EAAI56C,KAAKuY,EAAKiC,mBAAmBrc,KAAK0+E,WAAWz7E,KAEnD,OAAOmX,EAAKtX,iBAAiB25C,GAQ/Bn1B,OAAOq3D,GACL,SAAKA,GAAaA,aAAmBF,KAG9Bz+E,KAAK0+E,WAAWjgC,OAAM,SAASmgC,EAAMn/D,GAC1C,OAAOm/D,IAASD,EAAQD,WAAWj/D,OCtDzC,MAAMo/D,WAAwBzB,GACjB/8D,iBACT,OAAOU,EAAMlM,OAAOK,UAOtBpV,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtChmB,MAAMuyE,EAAM7tD,GAIZzkB,KAAK8+E,YAAc,KAInB9+E,KAAK++E,YAAc,KAKnB/+E,KAAKg/E,SAAW,EAKhBh/E,KAAK6R,IAAM,KAKX7R,KAAKiT,UAAY,KAKjBjT,KAAKyU,KAAO,KAKZzU,KAAKgwD,cAAgB,KAWvB7uD,WAAW+F,GAET,IAAIjE,QAAUjD,KAAKm+E,cAAcj3E,GACjC,MAAM+3E,EAAuBh8E,EAM7BjD,KAAKg/E,SAAW93E,EAAMjE,KAID,IAAjBjD,KAAK4hD,SACP3+C,IAGF,IAGE,GAAsB,MAAlBjD,KAAKg/E,UAAsC,MAAlBh/E,KAAKg/E,UAAsC,MAAlBh/E,KAAKg/E,UAezD,GAdAh/E,KAAKiT,UAAY/L,EAAMjE,KAID,MAAlBjD,KAAKg/E,WACPh/E,KAAKyU,KAAOvN,EAAMjE,MAMpBjD,KAAK6R,IAAM,IAAIyqE,GACfr5E,GAAKjD,KAAK6R,IAAI3Q,KAAKgG,EAAM+E,SAAShJ,EAAGiE,EAAM9F,SAErB,cAAlBpB,KAAK6R,IAAImI,KACX,YAEOha,KAAKg/E,WACdh/E,KAAKiT,UAAYjT,KAAKg/E,UAMpBh/E,KAAKg/E,WACPh/E,KAAKkxB,GAAKhqB,EAAM+E,SACdhJ,EACAA,EAAIwb,GAAOkxB,UAAU3vC,KAAKiT,WAAW+f,WAGvC/vB,GAAKjD,KAAKkxB,GAAG9vB,QAEf,MAAOiD,GAEP,IAAKrE,KAAKg/E,SAAU,MAAM36E,EAC1BrE,KAAKk/E,uBAAyBh4E,EAAM+E,SAASgzE,GAC7Cj/E,KAAK++E,aAAc,EAerB,GAVqB,IAAjB/+E,KAAK4hD,UACP3+C,GAAK,GAMPjD,KAAK8+E,YAAc53E,EAAM+E,SAAShJ,GAClCjD,KAAK++E,cAAgB/+E,KAAKg/E,UAErBh/E,KAAK++E,YAAa,CACrB,MAAMvpC,EAAYx1C,KAAK8+E,YAAY7yE,SAAS,GAAI,GAChD,IAAKmO,EAAKqD,iBAAiBrD,EAAKwD,cAAc43B,GAAYx1C,KAAK8+E,YAAY7yE,UAAU,IACnF,MAAU/I,MAAM,yBAElB,IACE,MAAM8sD,cAAEA,GAAkBvxC,GAAO0gE,sBAAsBn/E,KAAK6pD,UAAWrU,EAAWx1C,KAAKgvD,cACvFhvD,KAAKgwD,cAAgBA,EACrB,MAAO5O,GACP,GAAIA,aAAe0F,GAAkB,MAAM1F,EAE3C,MAAUl+C,MAAM,wBAStBpB,QACE,MAAMs9E,EAAsBp/E,KAAK09E,iBACjC,GAAI19E,KAAKk/E,uBACP,OAAO9kE,EAAKtX,iBAAiB,CAC3Bs8E,EACAp/E,KAAKk/E,yBAIT,MAAMziC,EAAM,CAAC2iC,GACb3iC,EAAI56C,KAAK,IAAIgB,WAAW,CAAC7C,KAAKg/E,YAE9B,MAAMK,EAAoB,GA6C1B,OA1CsB,MAAlBr/E,KAAKg/E,UAAsC,MAAlBh/E,KAAKg/E,UAAsC,MAAlBh/E,KAAKg/E,WACzDK,EAAkBx9E,KAAK7B,KAAKiT,WAIN,MAAlBjT,KAAKg/E,UACPK,EAAkBx9E,KAAK7B,KAAKyU,MAM9B4qE,EAAkBx9E,QAAQ7B,KAAK6R,IAAI/P,UAMjC9B,KAAKg/E,UAA8B,cAAlBh/E,KAAK6R,IAAImI,MAC5BqlE,EAAkBx9E,QAAQ7B,KAAKkxB,IAGZ,IAAjBlxB,KAAK4hD,SACPnF,EAAI56C,KAAK,IAAIgB,WAAW,CAACw8E,EAAkBj+E,UAE7Cq7C,EAAI56C,KAAK,IAAIgB,WAAWw8E,IAEnBr/E,KAAKs/E,YACHt/E,KAAKg/E,WACRh/E,KAAK8+E,YAAcrgE,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgwD,gBAG5C,IAAjBhwD,KAAK4hD,SACPnF,EAAI56C,KAAKuY,EAAKM,YAAY1a,KAAK8+E,YAAY19E,OAAQ,IAErDq7C,EAAI56C,KAAK7B,KAAK8+E,aAET9+E,KAAKg/E,UACRviC,EAAI56C,KAAKuY,EAAKwD,cAAc5d,KAAK8+E,eAI9B1kE,EAAKtX,iBAAiB25C,GAQ/BkhC,cACE,OAA4B,IAArB39E,KAAK++E,YAWdQ,6BACE,YAAuCt+E,IAAhCjB,KAAKk/E,wBAAwCl/E,KAAKs/E,UAO3DA,UACE,SAAUt/E,KAAK6R,KAAyB,cAAlB7R,KAAK6R,IAAImI,MAQjCwlE,UAAU/6D,EAASsB,IACb/lB,KAAKs/E,YAGLt/E,KAAK29E,eACP39E,KAAKy/E,4BAEAz/E,KAAKk/E,uBACZl/E,KAAK++E,YAAc,KACnB/+E,KAAK8+E,YAAc,KACnB9+E,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIg4C,UAAY,EACrB7pD,KAAK6R,IAAIuK,EAAI,EACbpc,KAAK6R,IAAImI,KAAO,YAChBha,KAAKg/E,SAAW,IAChBh/E,KAAKiT,UAAY8N,EAAM9N,UAAUQ,QAanCtS,cAAcq7E,EAAY/3D,EAASsB,IACjC,GAAI/lB,KAAKs/E,UACP,OAGF,IAAKt/E,KAAK29E,cACR,MAAUz6E,MAAM,mCAGlB,IAAKs5E,EACH,MAAUt5E,MAAM,0DAGlBlD,KAAK6R,IAAM,IAAIyqE,GAAI73D,GACnBzkB,KAAK6R,IAAIy7C,KAAO7uC,GAAO+xC,OAAOvS,eAAe,GAC7C,MAAMzI,EAAY/2B,GAAOy2D,gBAAgBl1E,KAAK6pD,UAAW7pD,KAAKgwD,eAC9DhwD,KAAKiT,UAAY8N,EAAM9N,UAAUQ,OACjC,MAAMmD,QAAY8oE,GAAqB1/E,KAAK6R,IAAK2qE,EAAYx8E,KAAKiT,YAE5D+f,UAAEA,GAAcvU,GAAOkxB,UAAU3vC,KAAKiT,WAG5C,GAFAjT,KAAKkxB,GAAKzS,GAAO+xC,OAAOvS,eAAejrB,GAEnCvO,EAAOnC,YAAa,CACtBtiB,KAAKg/E,SAAW,IAChBh/E,KAAKyU,KAAOsM,EAAMtM,KAAKC,IACvB,MAAMoZ,EAAOrP,GAAO87D,YAAYv6E,KAAKyU,MAC/B+lE,QAAqB1sD,EAAK9tB,KAAKiT,UAAW2D,GAChD5W,KAAK8+E,kBAAoBtE,EAAa9nD,QAAQ8iB,EAAWx1C,KAAKkxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAIzvC,iBAEjG7C,KAAKg/E,SAAW,IAChBh/E,KAAK8+E,kBAAoBrgE,GAAOqP,KAAK6iB,IAAIje,QAAQ1yB,KAAKiT,UAAW2D,EAAKwD,EAAKtX,iBAAiB,CAC1F0yC,QACM/2B,GAAOzK,KAAKE,KAAKshC,EAAW/wB,KAChCzkB,KAAKkxB,GAAIzM,GAajBtjB,cAAcq7E,GACZ,GAAIx8E,KAAKs/E,UACP,OAAO,EAGT,GAAIt/E,KAAKk/E,uBACP,MAAUh8E,MAAM,kEAGlB,GAAIlD,KAAK29E,cACP,MAAUz6E,MAAM,oCAGlB,IAAI0T,EASA4+B,EARJ,GAAsB,MAAlBx1C,KAAKg/E,UAAsC,MAAlBh/E,KAAKg/E,SAE3B,MAAsB,MAAlBh/E,KAAKg/E,SACJ97E,MAAM,0EAENA,MAAM,yEAIlB,GARE0T,QAAY8oE,GAAqB1/E,KAAK6R,IAAK2qE,EAAYx8E,KAAKiT,WAQxC,MAAlBjT,KAAKg/E,SAAkB,CACzB,MAAMlxD,EAAOrP,GAAO87D,YAAYv6E,KAAKyU,MAC/B+lE,QAAqB1sD,EAAK9tB,KAAKiT,UAAW2D,GAChD,IACE4+B,QAAkBglC,EAAa7nD,QAAQ3yB,KAAK8+E,YAAa9+E,KAAKkxB,GAAGjlB,SAAS,EAAG6hB,EAAKwkB,UAAW,IAAIzvC,YACjG,MAAOu+C,GACP,GAAoB,gCAAhBA,EAAI7nC,QACN,MAAUrW,MAAM,6BAA+Bk+C,EAAI7nC,SAErD,MAAM6nC,OAEH,CACL,MAAMu+B,QAA0BlhE,GAAOqP,KAAK6iB,IAAIhe,QAAQ3yB,KAAKiT,UAAW2D,EAAK5W,KAAK8+E,YAAa9+E,KAAKkxB,IAEpGskB,EAAYmqC,EAAkB1zE,SAAS,GAAI,IAC3C,MAAM+H,QAAayK,GAAOzK,KAAKE,KAAKshC,GAEpC,IAAKp7B,EAAKqD,iBAAiBzJ,EAAM2rE,EAAkB1zE,UAAU,KAC3D,MAAU/I,MAAM,4BAIpB,IACE,MAAM8sD,cAAEA,GAAkBvxC,GAAO0gE,sBAAsBn/E,KAAK6pD,UAAWrU,EAAWx1C,KAAKgvD,cACvFhvD,KAAKgwD,cAAgBA,EACrB,MAAO5O,GACP,MAAUl+C,MAAM,sBAElBlD,KAAK++E,aAAc,EACnB/+E,KAAK8+E,YAAc,KACnB9+E,KAAKg/E,SAAW,EAQlB79E,iBACE,GAAInB,KAAKs/E,UACP,OAGF,IAAKt/E,KAAK29E,cACR,MAAUz6E,MAAM,wBAGlB,IAAI08E,EACJ,IAEEA,QAAoBnhE,GAAO2xC,eAAepwD,KAAK6pD,UAAW7pD,KAAKgvD,aAAchvD,KAAKgwD,eAClF,MAAO3L,GACPu7B,GAAc,EAEhB,IAAKA,EACH,MAAU18E,MAAM,kBAIpB/B,eAAeod,EAAM/N,GACnB,MAAMw/C,cAAEA,EAAahB,aAAEA,SAAuBvwC,GAAOohE,eAAe7/E,KAAK6pD,UAAWtrC,EAAM/N,GAC1FxQ,KAAKgwD,cAAgBA,EACrBhwD,KAAKgvD,aAAeA,EACpBhvD,KAAK++E,aAAc,EAMrBU,qBACMz/E,KAAKu/E,+BAITx0E,OAAOooB,KAAKnzB,KAAKgwD,eAAe5sD,SAAQ8H,IACxBlL,KAAKgwD,cAAc9kD,GAC3B40C,KAAK,UACJ9/C,KAAKgwD,cAAc9kD,EAAK,IAEjClL,KAAKgwD,cAAgB,KACrBhwD,KAAK++E,aAAc,IAIvB59E,eAAeu+E,GAAqB7tE,EAAK2qE,EAAY3yB,GACnD,MAAM52B,QAAEA,GAAYxU,GAAOkxB,UAAUka,GACrC,OAAOh4C,EAAIkrE,WAAWP,EAAYvpD,EACpC,yBC5aC,SAAU6sD,GAGX,SAASC,EAAU97B,GAIf,SAAS+7B,IAAU,OAAO78E,GAAM4M,GAEhC,SAASkwE,IAAW,OAAO98E,GAC3B,SAAS+8E,EAAOj9E,GAAKE,GAAMF,EAE3B,SAASk9E,IACLh9E,GAAM,EACN4M,GAAMqwE,GAAYh/E,OAKtB,SAASw2C,EAAE1sC,EAAM7J,GACb,MAAO,CACH6J,KAAMA,EACNm1E,OAAQh/E,GAAS,GACjBi/E,SAAUj/E,GAAS,GACnBk/E,SAAU,IAIlB,SAAS71B,EAAKx/C,EAAMs1E,GAChB,IAAIp0E,EACJ,OAAY,OAARo0E,EAAuB,OAC3Bp0E,EAAIwrC,EAAE1sC,IACJm1E,OAASG,EAAIH,OACfj0E,EAAEk0E,SAAWE,EAAIF,SACjBl0E,EAAEm0E,SAAS1+E,KAAK2+E,GACTp0E,GAGX,SAASnG,EAAIw6E,EAAQC,GAMjB,OALc,OAAVA,IACAD,EAAOJ,QAAUK,EAAML,OACvBI,EAAOH,UAAYI,EAAMJ,UAE7BG,EAAOF,SAAS1+E,KAAK6+E,GACdD,EAGX,SAASE,EAAaC,GAClB,IAAIC,EACJ,OAAKb,KAEDY,EADJC,EA1CuBT,GAAYj9E,MAGlBA,IAAO,EA0Cby0C,EAAE,QAASipC,IAJC,KAS3B,SAAS9qE,EAAQ+qE,GACb,OAAO,WACH,OAAOp2B,EAAK,UAAWi2B,GAAa,SAAUE,GAC1C,OAAOA,IAAQC,OAK3B,SAASC,IACL,IAAInwD,EAAO2rB,UACX,OAAO,WACH,IAAIt5C,EAAG4a,EAAGpc,EAAQmC,EAGlB,IAFAA,EAAQq8E,IACRpiE,EAAI+5B,EAAE,OACD30C,EAAI,EAAGA,EAAI2tB,EAAKxvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASmvB,EAAK3tB,MAGV,OADAi9E,EAAOt8E,GACA,KAEXqC,EAAI4X,EAAGpc,GAEX,OAAOoc,GAIf,SAASmjE,IACL,IAAIpwD,EAAO2rB,UACX,OAAO,WACH,IAAIt5C,EAAGxB,EAAQmC,EAEf,IADAA,EAAQq8E,IACHh9E,EAAI,EAAGA,EAAI2tB,EAAKxvB,OAAQ6B,GAAK,EAAG,CAEjC,GAAe,QADfxB,EAASmvB,EAAK3tB,MAEV,OAAOxB,EAEXy+E,EAAOt8E,GAEX,OAAO,MAIf,SAAS++D,EAAIse,GACT,OAAO,WACH,IAAIx/E,EAAQmC,EAGZ,OAFAA,EAAQq8E,IAEO,QADfx+E,EAASw/E,KAEEx/E,GAGPy+E,EAAOt8E,GACAg0C,EAAE,SAKrB,SAASspC,EAAMD,GACX,OAAO,WACH,IAAIx/E,EAASw/E,IAIb,OAHe,OAAXx/E,IACAA,EAAO6+E,SAAW,IAEf7+E,GAIf,SAAS0/E,EAAOF,GACZ,OAAO,WACH,IAAIx/E,EAASw/E,IAIb,OAHe,OAAXx/E,GAAmBA,EAAO6+E,SAASl/E,OAAS,IAC5CK,EAAO6+E,SAAW,KAEf7+E,GAIf,SAAS2/E,EAAKH,EAAMI,GAChB,OAAO,WACH,IAAIxjE,EAAGpc,EAAQgiC,EAAO7/B,EAAOi6C,EAK7B,IAJAj6C,EAAQq8E,IACRpiE,EAAI+5B,EAAE,QACNnU,EAAQ,EACRoa,OAAkB58C,IAAZogF,EAAwB,EAAIA,EACL,QAArB5/E,EAASw/E,MACbx9C,GAAgB,EAChBx9B,EAAI4X,EAAGpc,GAEX,OAAIgiC,GAASoa,EACFhgC,GAGPqiE,EAAOt8E,GACA,OA2BnB,SAAS09E,EAAeT,GAIpB,OAAOA,EAAIrkE,WAAW,IAAM,IAUhC,SAAS+kE,IAAO,OAAO72B,EAAK,KAAM30C,EAAQ,KAARA,IAIlC,SAASyrE,IAAS,OAAO92B,EAAK,OAAQq2B,EAAIQ,EAAIE,EAARV,IAItC,SAASW,IAAW,OAAOh3B,EAAK,SAAU30C,EAAQ,IAARA,IAI1C,SAAS4rE,IAAS,OAAOj3B,EAAK,OAAQ30C,EAAQ,KAARA,IAItC,SAAS0rE,IAAO,OAAO/2B,EAAK,KAAM30C,EAAQ,KAARA,IAGlC,SAAS6rE,IAAO,OAAOl3B,EAAK,KAAM30C,EAAQ,IAARA,IAIlC,SAAS8rE,IACL,OAAOn3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EAAU,IAAQzrB,GAAQA,GAAQ,IAItC,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAMf,SAASE,IAAQ,OAAOt3B,EAAK,MAAOs2B,EAAGY,EAAID,EAAPX,IAQpC,SAASiB,IACL,IAAInoD,EAAK4wB,EAAK,cACds2B,EACID,EAAIhrE,EAAQ,MAAOirE,EAAGa,EAAOG,IAC7BE,GAFJlB,IAIA,OAAW,OAAPlnD,EAAsB,MAG1BA,EAAGwmD,SAAWxmD,EAAGwmD,SAAS,GACnBxmD,GAMX,SAASqoD,IACL,OAAOz3B,EAAK,MAAOs2B,EACfoB,GACArB,EACIpe,EAAIoe,EACAK,EAAKY,GACLd,EAAMM,KAEVJ,EAAKY,EAAK,IAPChB,IAgBvB,SAASqB,IACL,OAAO33B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfQ,GAdiBtB,IAmBzB,SAASuB,IACL,OAAO73B,EAAK,WAAYs2B,EAAGqB,EAAOJ,EAAY1gB,EAAtByf,IAI5B,SAASzf,IACL,OAAO7W,EAAK,UAAWq2B,EACnBhrE,EAAQ,KACRqrE,EAAKL,EAAIpe,EAAIwf,GAAMI,IACnB5f,EAAIwf,GACJpsE,EAAQ,KAJWgrE,IAS3B,SAASyB,IACL,OAAO93B,EAAK,OAAQs2B,EAChBD,EACIK,EACIL,EAAIpe,EAAIwf,GAAM5gB,GACd,GAEJoB,EAAIwf,IAERA,EARgBnB,IAyBxB,SAASyB,IACL,OAAO/3B,EAAK,QAASi2B,GAAa,SAAmBE,GACjD,IAAIiB,EACC,KAAOjB,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,KAAOA,GAAOA,GAAO,KACrB,CAAC,IAAK,IAAK,IAAK,IAAK,IAAK,IAAM,IAAK,IAAK,IAAK,IAC9C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,KAAKt6E,QAAQs6E,IAAQ,EAInE,OAHI58B,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,MAKf,SAASY,IACL,OAAOh4B,EAAK,OAAQq2B,EAAII,EAAOxe,EAAI6f,IAAQpB,EAAKqB,EAAO,GAAItB,EAAOxe,EAAI6f,IAAlDzB,IAIxB,SAAS4B,IACL,IAAI9kE,EAAG+kE,EAEP,OAAU,QADV/kE,EAAI6sC,EAAK,gBAAiB02B,EAAKqB,EAAO,EAAZrB,MAGR,QADlBwB,EAAYxB,EAAKL,EAAIhrE,EAAQ,KAAMqrE,EAAKqB,EAAO,IAAnCrB,KAERn7E,EAAI4X,EAAG+kE,GAHc/kE,EAS7B,SAASglE,IACL,OAAOn4B,EAAK,WAAYq2B,EAAIG,EAAMve,EAAI6f,IAAQG,EAAazB,EAAMve,EAAI6f,IAA7CzB,IAS5B,SAAS+B,IACL,OAAOp4B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,KAAOzrB,GACP,IAAMA,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfiB,GAdiB/B,IAmBzB,SAASgC,IACL,OAAOt4B,EAAK,WAAYs2B,EAAG8B,EAAOb,EAAVjB,IAM5B,SAASiC,IACL,OAAOv4B,EAAK,gBAAiBq2B,EACzBG,EAAMve,EAAI6f,IACVtB,EAAMQ,GAASN,EAAKL,EAAIpe,EAAIwe,EAAOgB,IAAOa,IAAYrgB,EAAIue,EAAMiB,IAAOjB,EAAMQ,GAC7ER,EAAMve,EAAI6f,IAHezB,IAUjC,SAAS36C,IACL,OAAOskB,EAAK,OAAQs2B,EAAG0B,EAAMO,EAATjC,IAUxB,SAASkC,IACL,OAAOx4B,EAAK,UAAWs2B,EAAGmC,EAASC,EAAZpC,IAI3B,SAASmC,IACL,OAAOz4B,EAAK,UAAWs2B,EAAGqC,EAAUC,EAAbtC,IAI3B,SAASqC,IACL,OAAO34B,EAAK,YAAaq2B,EAAIpe,EAAI4gB,GAAcC,EAAtBzC,IAK7B,SAASyC,IACL,OAAO94B,EAAK,aAAcs2B,EACtBD,EACIG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACRutE,EACAvtE,EAAQ,KACRmrE,EAAMve,EAAI6f,KAEdiB,GARsBzC,IAa9B,SAASoC,IACL,OAAO14B,EAAK,QAASq2B,EACjBwC,EACAxtE,EAAQ,KACR4sD,EAAI+gB,GACJ3tE,EAAQ,KACRmrE,EAAMve,EAAI6f,IALOzB,IAUzB,SAASwC,IACL,OAAO74B,EAAK,gBAEO,QADXjpD,EAhDDipD,EAAK,SAAUs2B,EAAG2C,GAAWvC,EAAKh7C,EAAM,GAAzB46C,OAkDdv/E,EAAO6+E,SAnTnB,SAA4BziE,GACxB,OAAOA,EAAE+D,QAAQ,iBAAkB,KAAKA,QAAQ,OAAQ,IAAIA,QAAQ,OAAQ,IAkTlDgiE,CAAmBniF,EAAO6+E,WAEzC7+E,IALiB,IACpBA,EASZ,SAASoiF,IACL,OAAOn5B,EAAK,eAAgBs2B,EACxBD,EACIoC,EACA/B,EAAKL,EAAIhrE,EAAQ,KAAMotE,KAE3BW,GALwB9C,IAUhC,SAAS+C,IACL,OAAOr5B,EAAK,eAAgBs2B,EACxBD,EACImC,EACA9B,EAAKL,EAAIhrE,EAAQ,KAAMmtE,KAE3Bc,GALwBhD,IAUhC,SAAS0C,IACL,OAAOh5B,EAAK,aAAcs2B,EACtB6C,EACA3C,EAAMsB,GACNyB,GAHsBjD,IAU9B,SAASkD,IAGL,OAAOx5B,EAAK,aAAcs2B,EAAGmD,GAActB,EAASI,EAA1BjC,IAM9B,SAASoD,IACL,OAAO15B,EAAK,QAASs2B,GACjB,WACI,OAAOL,GAAa,SAAoBE,GACpC,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GACtBslE,EACC,IAAMzrB,GAAQA,GAAQ,IACtB,IAAMA,GAAQA,GAAQ,IAI3B,OAHIpS,EAAK89B,UACLD,EAASA,GAAUR,EAAeT,IAE/BiB,OAGfuC,GAbiBrD,IAmBzB,SAASsD,IACL,OAAO55B,EAAK,iBAAkBq2B,EAC1BG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACRqrE,EAAKL,EAAIpe,EAAIwf,GAAMiC,IACnBzhB,EAAIwf,GACJpsE,EAAQ,KACRmrE,EAAMve,EAAI6f,IANgBzB,IAWlC,SAASwD,IACL,OAAO75B,EAAK,UACJjpD,EAASu/E,EAAGwD,GAAW3B,EAASyB,EAAvBtD,GACT/8B,EAAKwgC,WACDhjF,GAAUA,EAAO6+E,UAAY7+E,EAAO6+E,SAAS/5E,QAAQ,KAAO,EACrD,MAIX9E,IACAA,EAAO6+E,SAAW7+E,EAAO6+E,SAAS1+D,QAAQ,OAAQ,KAE/CngB,KAXW,IACdA,EAeZ,SAAS6hF,IACL,OAAO54B,EAAK,YAAaq2B,EACrBmD,EAAWnuE,EAAQ,KAAMwuE,EADJxD,IA0C7B,SAAS2D,KACL,OAAOzgC,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBi2B,GAAa,SAAUE,GACrE,IAAIxqB,EAAOwqB,EAAIrkE,WAAW,GAC1B,OAAS,GAAK65C,GAAQA,GAAQ,GACrB,KAAOA,GAAQ,KAAOA,GACtB,IAAMA,GAAQA,GAAQ,IACtB,MAAQA,MAKzB,SAASisB,KAAa,OAAOr+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAAS3B,KAAa,OAAO9+B,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAag6B,MAGpE,SAASxC,KACL,OAAOj+B,EAAK0gC,OAAS,KAAOj6B,EAAK,SAAUq2B,EACvChrE,EAAQ,MACRirE,EAAGjrE,EAAQ,MAAO2uE,GAAYjD,EAAIF,GAFKR,IAO/C,SAAS4C,KACL,OAAI1/B,EAAK0gC,OAAgB,KAClB1gC,EAAK2gC,gBAAkBl6B,EAAK,aAAcq2B,EAC7C36C,EACAg7C,EAAKJ,EAAG56C,EAAMrwB,EAAQ,KAAMA,EAAQ,KAAMorE,EAAOqB,KAFJzB,IAIjDr2B,EAAK,aAAcq2B,EACf36C,EACAg7C,EAAKJ,EAAG56C,EAAMrwB,EAAQ,KAAMorE,EAAOqB,KAFpBzB,IAUvB,SAASqB,KACL,OAAOn+B,EAAK0gC,OAAS,KAAOj6B,EAAK,UAAW02B,EACxCL,EAAIG,EAAMve,EAAI6e,IAAQQ,GACtB,EAFwCZ,IAShD,SAASqC,KACL,OAAOx/B,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CG,EAAMve,EAAI6f,IACVzsE,EAAQ,KACR8uE,GACAvB,EACAvtE,EAAQ,KACRmrE,EAAMve,EAAI6f,IANqCzB,IAWvD,SAAS8D,KACL,OAAO5gC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAaq2B,EAC1C+D,GACA/uE,EAAQ,KAFkCgrE,IAQlD,SAAS+D,KACL,OAAO7gC,EAAK0gC,OAAS,KAAOj6B,EAAK,kBAAmBq2B,EAChDK,EAAKJ,EAAGE,EAAMsB,GAAOzsE,EAAQ,OAC7BA,EAAQ,KACRwuE,EACAnD,EAAKL,EACDhrE,EAAQ,KACRmrE,EAAMve,EAAI6f,IACV7f,EAAIoe,EAAIhrE,EAAQ,KAAMwuE,MAPsBxD,IAaxD,SAAS+C,KACL,OAAO7/B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,OAEZotE,EACA/B,EAAKL,EACDhrE,EAAQ,KACR4sD,EAAIoe,EACAoC,EACAjC,EAAMsB,OAVgCzB,IAiBtD,SAASiD,KACL,OAAO//B,EAAK0gC,OAAS,KAAOj6B,EAAK,gBAAiBq2B,EAC9CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,OAEZmtE,EACA9B,EAAKL,EACDhrE,EAAQ,KACR4sD,EAAIoe,EACAmC,EACAhC,EAAMsB,OAVgCzB,IAiBtD,SAASkD,KACL,OAAOhgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAC/CK,EAAKL,EACDG,EAAMve,EAAI6f,IACVzsE,EAAQ,MACT,GACHmrE,EAAMve,EAAI6f,IALqCzB,IAUvD,SAASoD,KACL,OAAOlgC,EAAK0gC,OAAS,KAAOj6B,EAAK,iBAAkBq2B,EAAI36C,EAAMg7C,EAAKL,EAAIhrE,EAAQ,KAAMqwB,IAAjC26C,IAIvD,SAASyD,KACL,OAAOvgC,EAAK0gC,OAAS,KAAOj6B,EAAK,aAAcq2B,EAAI2B,EAAMtB,EAAKL,EAAIhrE,EAAQ,KAAM2sE,IAAjC3B,IAInD,SAASsD,KACL,OAAOpgC,EAAK0gC,OAAS,KAAOj6B,EAAK,YAAas2B,EAAG0D,GAAYzC,EAAfjB,IAOlD,SAAS+D,GAAS75E,EAAM27D,GACpB,IAAI5jE,EAAG+hF,EAAOv9B,EACd,GAAIof,QAAuC,OAAO,KAElD,IADAme,EAAQ,CAACne,GACFme,EAAM5jF,OAAS,GAAG,CAErB,IADAqmD,EAAOu9B,EAAM3zD,OACJnmB,OAASA,EACd,OAAOu8C,EAEX,IAAKxkD,EAAIwkD,EAAK84B,SAASn/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C+hF,EAAMnjF,KAAK4lD,EAAK84B,SAASt9E,IAGjC,OAAO,KAoBX,SAASgiF,GAAuBC,EAAOre,GACnC,IAAI5jE,EAAG+hF,EAAOv9B,EAAMhmD,EAAQ0jF,EAC5B,GAAIte,QAAuC,OAAO,KAIlD,IAHAme,EAAQ,CAACne,GACTplE,EAAS,GACT0jF,EAAc,GACTliF,EAAI,EAAGA,EAAIiiF,EAAM9jF,OAAQ6B,GAAK,EAC/BkiF,EAAYD,EAAMjiF,KAAM,EAG5B,KAAO+hF,EAAM5jF,OAAS,GAElB,IADAqmD,EAAOu9B,EAAM3zD,OACJnmB,QAAQi6E,EACb1jF,EAAOI,KAAK4lD,QAGZ,IAAKxkD,EAAIwkD,EAAK84B,SAASn/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C+hF,EAAMnjF,KAAK4lD,EAAK84B,SAASt9E,IAIrC,OAAOxB,EAGX,SAAS2jF,GAAW5E,GAChB,IAAI6E,EAAWC,EAAoBriF,EAAGsiF,EAAgB9jF,EACtD,GAAY,OAAR++E,EACA,OAAO,KAMX,IAJA6E,EAAY,GAGZC,EAAqBL,GAAuB,CAAC,QAAS,WAAYzE,GAC7Dv9E,EAAI,EAAGA,EAAKqiF,EAAmBlkF,OAAQ6B,GAAK,EAEjB,WAD5BsiF,EAAiBD,EAAmBriF,IACjBiI,KACfm6E,EAAUxjF,KAAK2jF,GAAgBD,IACA,YAAxBA,EAAer6E,MACtBm6E,EAAUxjF,KAAK4jF,GAAkBF,IAWzC,OAPA9jF,EAAS,CACL++E,IAAKA,EACL6E,UAAWA,GAEXphC,EAAKnyC,SACLrQ,EA+DR,SAAwBA,GACpB,IAAIwB,EACJ,GAAIxB,GAAUA,EAAO4jF,UACjB,IAAKpiF,EAAI,EAAGA,EAAIxB,EAAO4jF,UAAUjkF,OAAQ6B,GAAK,SACnCxB,EAAO4jF,UAAUpiF,GAAGwkD,KAGnC,OAAOhmD,EAtEMikF,CAAejkF,IAExBwiD,EAAK0hC,UAiFb,SAAmBlkF,GACf,IAAKA,EAAU,OAAO,KACtB,IAAKwiD,EAAK2hC,SAAWnkF,EAAO4jF,UAAUjkF,OAAS,EAAK,OAAO,KAC3D,OAAOK,EAAO4jF,WAAa5jF,EAAO4jF,UAAU,GAnFjCM,CAAUlkF,GAEjBwiD,EAAKnyC,OACErQ,GAAUA,EAAO4jF,UAEjB5jF,EAIf,SAAS+jF,GAAgBpC,GACrB,IAAIngF,EACA4iF,EAAYd,GAAS,eAAgB3B,GACrC0C,EAAuB,GACvBC,EAAYd,GAAuB,CAAC,WAAY7B,GACpD,IAAKngF,EAAI,EAAGA,EAAI8iF,EAAU3kF,OAAQ6B,GAAK,EACnC6iF,EAAqBjkF,KAAK4jF,GAAkBM,EAAU9iF,KAE1D,MAAO,CACHwkD,KAAM27B,EACN38D,MAAO,CACHvb,KAAM26E,GAEV7rE,KAAMopE,EAAMl4E,KACZA,KAAM86E,GAAaH,GACnBR,UAAWS,GAInB,SAASL,GAAkBtC,GACvB,IAAIj4E,EAAO65E,GAAS,eAAgB5B,GAChC8C,EAAQlB,GAAS,YAAa5B,GAC9BX,EAlGR,SAAsBt3E,EAAM27D,GACxB,IAAI5jE,EAAG+hF,EAAOv9B,EAAMhmD,EACpB,GAAIolE,QAAuC,OAAO,KAGlD,IAFAme,EAAQ,CAACne,GACTplE,EAAS,GACFujF,EAAM5jF,OAAS,GAKlB,KAJAqmD,EAAOu9B,EAAM3zD,OACJnmB,OAASA,GACdzJ,EAAOI,KAAK4lD,GAEXxkD,EAAIwkD,EAAK84B,SAASn/E,OAAS,EAAG6B,GAAK,EAAGA,GAAK,EAC5C+hF,EAAMnjF,KAAK4lD,EAAK84B,SAASt9E,IAGjC,OAAOxB,EAoFIykF,CAAa,OAAQ/C,GAC5BgD,EAAWlB,GAAuB,CAAC,WAAY9B,GAG/CiD,EAAQrB,GAAS,aAAckB,GAC/B1B,EAASQ,GAAS,SAAUkB,GAChC,MAAO,CACHx+B,KAAM07B,EACN18D,MAAO,CACHvb,KAAMA,EACNg4E,QAAS+C,EACTG,MAAOA,EACP7B,OAAQA,EACR4B,SAAU3D,GAEdxoE,KAAMmpE,EAAQj4E,KACdA,KAAM86E,GAAa96E,GACnBg4E,QAAS8C,GAAaC,GACtBG,MAAOJ,GAAaI,GACpB7B,OAAQyB,GAAazB,GACrB4B,SAAUE,GAAeF,GACzBN,UAAWG,GAAa7C,EAAQ0C,YAIxC,SAASG,GAAa55E,GAClB,OAAOA,QAAgCA,EAAEk0E,SAAW,KAaxD,SAAS+F,GAAeF,GACpB,IAAI1kF,EAAS,GACb,GAAI0kF,EACA,IAAK,IAAIljF,EAAI,EAAGA,EAAIkjF,EAAS/kF,OAAQ6B,GAAK,EACtCxB,GAAUukF,GAAaG,EAASljF,IAGxC,OAAOxB,EAWX,IAAI2+E,GAAaj9E,GAAK4M,GAAKmnE,GAAQoP,GAGnC,GAAa,QADbriC,EAAOsiC,EAAWtiC,EAAM,KACH,OAAO,KAgB5B,GAdAm8B,GAAcn8B,EAAK3jD,MAEnBgmF,GAAkB,CACdpD,QAAWA,EACX,eAAgBa,EAChB,aAAcP,EACdzhE,KA1WJ,WACI,OAAO2oC,EAAK,OAAQs2B,EAChB6C,EACAE,EAFgB/C,KA0WpBoC,MAASA,EACTD,QAAWA,EACX,eAAgBU,EAChB,WA5VJ,WACI,OAAOn5B,EAAK,WAAYq5B,MA4VxB73B,OAtWJ,WACI,OAAOxB,EAAK,SAAUs2B,EAClBmC,EACAD,EAFkBlC,MAsWxB/8B,EAAKuiC,UAAYzC,GAEd9/B,EAAK0gC,OAAQ,CAId,GAHAxE,IACAl8B,EAAK0gC,QAAS,EACdzN,GAASoP,GAAgBlG,IACrBn8B,EAAK2hC,UAAY5F,IACjB,OAAOoF,GAAWlO,IAEtBjzB,EAAK0gC,QAAS,EAKlB,OAFAxE,IACAjJ,GAASoP,GAAgBlG,KACpBn8B,EAAK2hC,SAAW5F,IAAkB,KAChCoF,GAAWlO,GACtB,CA4CA,SAASqP,EAAWtiC,EAAMwiC,GACtB,SAASpsE,EAASiC,GACd,MAA+C,oBAAxCvR,OAAO/J,UAAUuL,SAASzL,KAAKwb,GAO1C,SAASoqE,EAAY9uC,GACjB,OAAOA,QAGX,IAAI+uC,EAAU/uC,EAEd,GAAIv9B,EAAS4pC,GACTA,EAAO,CAAE3jD,MAAO2jD,QACb,IAZP,SAAkBrM,GACd,OAAOA,IAAM7sC,OAAO6sC,GAWZgvC,CAAS3iC,GACjB,OAAO,KAGX,IAAK5pC,EAAS4pC,EAAK3jD,OAAU,OAAO,KACpC,IAAKmmF,EAAQ,OAAO,KAapB,IAAK7uC,KAXL+uC,EAAW,CACPhB,WAAW,EACXC,SAAS,EACTnB,WAAW,EACX1C,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,eACT7B,QAAQ,EACRC,iBAAiB,GAIb8B,EAAYziC,EAAKrM,MACjBqM,EAAKrM,GAAM8uC,EAAYD,EAAK7uC,IAAgB+uC,EAAS/uC,GAAnB6uC,EAAK7uC,IAG/C,OAAOqM,CACX,CAEA87B,EAAU8G,gBArFV,SAA+B5iC,GAC3B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EA+EAzG,EAAU+G,iBA7EV,SAAgC7iC,GAC5B,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,iBAEjB,EAwEAzG,EAAUgH,UAtEV,SAAyB9iC,GACrB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,SAEjB,EAiEAzG,EAAUiH,YA/DV,SAA2B/iC,GACvB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B0hC,WAAW,EACX5D,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,WAEjB,EAyDAzG,EAAUkH,aAvDV,SAA4BhjC,GACxB,OAAO87B,EAAUwG,EAAWtiC,EAAM,CAC9B89B,SAAS,EACTjwE,QAAQ,EACR00E,QAAS,aAEjB,EAoDIlhD,UAAiBy6C,CAKrB,CAtiCA,MCKA,MAAMmH,GACO7mE,iBACT,OAAOU,EAAMlM,OAAOY,OAGtB3V,cAKEE,KAAKyV,OAAS,GAEdzV,KAAKkL,KAAO,GACZlL,KAAKmnF,MAAQ,GACbnnF,KAAKuhE,QAAU,GASjB55C,kBAAkBlS,GAChB,GAAI2E,EAAKC,SAAS5E,IACfA,EAAOvK,OAASkP,EAAKC,SAAS5E,EAAOvK,OACrCuK,EAAO0xE,QAAU/sE,EAAKiF,eAAe5J,EAAO0xE,QAC5C1xE,EAAO8rD,UAAYnnD,EAAKC,SAAS5E,EAAO8rD,SACzC,MAAUr+D,MAAM,0BAElB,MAAM2R,EAAS,IAAIqyE,GACnBn8E,OAAO6lD,OAAO/7C,EAAQY,GACtB,MAAM2xE,EAAa,GAKnB,OAJIvyE,EAAO3J,MAAMk8E,EAAWvlF,KAAKgT,EAAO3J,MACpC2J,EAAO0sD,SAAS6lB,EAAWvlF,KAAK,IAAIgT,EAAO0sD,YAC3C1sD,EAAOsyE,OAAOC,EAAWvlF,KAAK,IAAIgT,EAAOsyE,UAC7CtyE,EAAOY,OAAS2xE,EAAW5lF,KAAK,KACzBqT,EAOT3T,KAAKgG,EAAOud,EAASsB,IACnB,MAAMtQ,EAAS2E,EAAK+C,WAAWjW,GAC/B,GAAIuO,EAAOrU,OAASqjB,EAAOZ,gBACzB,MAAU3gB,MAAM,8BAElB,IACE,MAAMgI,KAAEA,EAAMg4E,QAASiE,EAAKhB,SAAEA,GAAakB,GAAeR,gBAAgB,CAAEvmF,MAAOmV,EAAQmvE,iBAAiB,IAC5G5kF,KAAKuhE,QAAU4kB,EAASvkE,QAAQ,WAAY,IAC5C5hB,KAAKkL,KAAOA,EACZlL,KAAKmnF,MAAQA,EACb,MAAO9iF,IACTrE,KAAKyV,OAASA,EAOhB3T,QACE,OAAOsY,EAAK0C,WAAW9c,KAAKyV,QAG9B6R,OAAOggE,GACL,OAAOA,GAAeA,EAAY7xE,SAAWzV,KAAKyV,QCzEtD,MAAM8xE,WAA2B1I,GACpBx+D,iBACT,OAAOU,EAAMlM,OAAOM,aAOtBrV,YAAYwyE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtChmB,MAAMuyE,EAAM7tD,IClBhB,MAAM+iE,GACOnnE,iBACT,OAAOU,EAAMlM,OAAOW,MAOtBtU,OACE,MAAM,IAAI4lD,GAAiB,mCAG7BhlD,QACE,MAAM,IAAIglD,GAAiB,oCCR/B,MAAMgwB,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAK5D,MAAMsU,GAIX3nF,YAAY4nF,GACV1nF,KAAKi3E,QAAUyQ,GAAc,IAAI1Q,GAOnCl1E,QACE,OAAO9B,KAAKi3E,QAAQn1E,QAQtBqX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMpE,UAAW/U,KAAK8B,aAASb,OAAWA,OAAWA,EAAWwjB,GAOrFkjE,mBACE,OAAO3nF,KAAKi3E,QAAQ/uE,KAAI2M,GAAUA,EAAOs/D,eActChzE,eAAeymF,IAAcC,iBAAEA,EAAgBC,gBAAEA,SAAiBrjE,KAAWsjE,IAClFtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQunF,GAAoBC,EAChC,IAAKxnF,EACH,MAAU4C,MAAM,8FAElB,GAAI2kF,IAAqBztE,EAAKC,SAASwtE,GACrC,MAAU3kF,MAAM,4DAElB,GAAI4kF,IAAoB1tE,EAAKxX,aAAaklF,GACxC,MAAU5kF,MAAM,+DAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAIqmF,EAAkB,CACpB,MAAM7tE,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQxlB,EAAOmkB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMpE,UACvB,MAAU7R,MAAM,sCAElB5C,EAAQwJ,EAEV,MAAM49E,QAAmB1Q,GAAW2B,WAAWr4E,EAAOw2E,GAAgBryD,GACtE,OAAO,IAAIgjE,GAAUC,EACvB,CChFOvmF,eAAe8mF,GAAqBpjF,EAAS4f,GAClD,MAAM+5D,EAAqB,IAAI+I,GAAmB1iF,EAAQytE,KAAM7tD,GAKhE,OAJA+5D,EAAmBvH,QAAU,KAC7BuH,EAAmB30B,UAAY9oC,EAAMjf,MAAMif,EAAM7O,UAAWrN,EAAQglD,iBAC9D20B,EAAmBruB,SAAStrD,EAAQqjF,QAASrjF,EAAQ2L,aACrDguE,EAAmBf,6BAClBe,CACT,CAEOr9E,eAAegnF,GAAkBtjF,EAAS4f,GAC/C,MAAM64D,EAAkB,IAAIuB,GAAgBh6E,EAAQytE,KAAM7tD,GAK1D,OAJA64D,EAAgBrG,QAAU,KAC1BqG,EAAgBzzB,UAAY9oC,EAAMjf,MAAMif,EAAM7O,UAAWrN,EAAQglD,iBAC3DyzB,EAAgBntB,SAAStrD,EAAQqjF,QAASrjF,EAAQ2L,MAAO3L,EAAQ4f,cACjE64D,EAAgBG,6BACfH,CACT,CAWOn8E,eAAeinF,GAAwBC,EAAYn2E,EAAWkhE,EAAekV,EAAchW,EAAO,IAAI13D,KAAQ6J,GACnH,IAAI8jE,EACA/nE,EACJ,IAAK,IAAIvd,EAAIolF,EAAWjnF,OAAS,EAAG6B,GAAK,EAAGA,IAC1C,MAEMslF,GAAeF,EAAWplF,GAAGywE,SAAW6U,EAAY7U,iBAEhD2U,EAAWplF,GAAGo6C,OAAOnrC,EAAWkhE,EAAekV,EAAchW,OAAMrxE,EAAWwjB,GACpF8jE,EAAcF,EAAWplF,IAE3B,MAAOoB,GACPmc,EAAYnc,EAGhB,IAAKkkF,EACH,MAAMnuE,EAAK6F,UACT,wBAAwBc,EAAM7f,KAAK6f,EAAMhM,UAAWq+D,uBAAmClhE,EAAUmjE,WAAWhuD,UACzGzF,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAACyiC,EAAGmkC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3DloE,GAEJ,OAAO+nE,CACT,CAEO,SAASI,GAAcpL,EAAWxoE,EAAWu9D,EAAO,IAAI13D,MAC7D,MAAM27D,EAAWn8D,EAAKc,cAAco3D,GACpC,GAAiB,OAAbiE,EAAmB,CACrB,MAAMqS,EAAiBC,GAAqBtL,EAAWxoE,GACvD,QAASwoE,EAAU7J,SAAW6C,GAAYA,EAAWqS,GAEvD,OAAO,CACT,CASOznF,eAAe2nF,GAAuBC,EAAQC,EAAYnkF,EAAS4f,GACxE,MAAMwkE,EAAa,GACnBA,EAAWryE,IAAMoyE,EACjBC,EAAWxjF,KAAOsjF,EAClB,MAAMG,EAAsB,CAAE9V,cAAeryD,EAAMhM,UAAU2B,eACzD7R,EAAQi4C,MACVosC,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASS,UAC/CqwE,EAAoBzwE,wBAA0B0wE,GAAsBF,EAAY,KAAMF,EAAQ,CAC5F3V,cAAeryD,EAAMhM,UAAU4B,YAC9B9R,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,IAElDykE,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASU,qBAAuBiI,EAAM3I,SAASW,gBAEnFlU,EAAQ2S,kBAAoB,IAC9B0xE,EAAoB1xE,kBAAoB3S,EAAQ2S,kBAChD0xE,EAAoBnV,iBAAkB,GAGxC,aADoCoV,GAAsBF,EAAY,KAAMD,EAAYE,EAAqBrkF,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,EAE9J,CAYOtjB,eAAeqpD,GAAqB5zC,EAAK2mE,EAAWjL,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,GACzF,IAAI87B,EAAW97B,EAAOvC,uBAClBknE,EAAW7oC,EACf,GAAI3pC,EAAK,CACP,MAAMyyE,QAAoBzyE,EAAI0yE,eAAehX,EAAM78D,EAAQgP,GACvD4kE,EAAYE,kBAAkBzxE,2BAC/BsxE,GAAYC,EAAYE,kBAAkBzxE,wBAC3CyoC,EAAW9hC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkB25C,GAClFA,EAAW7oC,GAGjB,OAAQg9B,EAAU1zB,WAChB,KAAK9oC,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUf,QACnBi4E,EAAW3qE,GAAO+qE,0BAA0BjM,EAAU1zB,UAAW0zB,EAAUvuB,aAAajK,KAE5F,OAAOtmC,GAAOzK,KAAKy7B,kBAAkB8Q,IAAa9hC,GAAOzK,KAAKy7B,kBAAkB25C,GAC9EA,EAAW7oC,CACf,CAYOp/C,eAAesoF,GAAiBzvE,EAAMmZ,EAAO,GAAIm/C,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IAChG,MAAM4jE,EAAc,CAClB12E,UAAa8N,EAAM9N,UAAUM,OAC7BkB,KAAQsM,EAAMtM,KAAKC,IACnBf,YAAeoN,EAAMpN,YAAYC,cACjCoG,GACI4vE,EAAsB,CAC1B32E,UAAawR,EAAOtC,4BACpB1N,KAAQgQ,EAAOlC,uBACf5O,YAAe8Q,EAAOrC,+BACtBpI,GACI6vE,EAAmB,CACvB52E,UAAa,+BACbwB,KAAQ,0BACRd,YAAe,kCACfqG,GAKI8vE,QAA0B7pF,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,eAAeyV,EAAK3T,GACvE,MACM8mF,SADoBnzE,EAAI0yE,eAAehX,EAAMoX,EAAQzmF,GAAIwhB,IAC5B8kE,kBAAkBM,GACrD,QAASE,GAAkBA,EAAexjF,QAAQqjF,IAAwB,MAE5E,OAAOE,EAAkBrrC,MAAMurC,SAAWJ,EAAsBD,CAClE,CAgBOxoF,eAAegoF,GAAsBF,EAAYzvE,EAAYywE,EAAkBf,EAAqB5W,EAAM78D,EAAQ4+D,EAAY,GAAIl3B,GAAW,EAAO14B,GACzJ,GAAIwlE,EAAiB3K,UACnB,MAAUp8E,MAAM,qCAElB,IAAK+mF,EAAiBtM,cACpB,MAAUz6E,MAAM,iCAElB,MAAMgnF,EAAkB,IAAI/W,GAM5B,OALApoE,OAAO6lD,OAAOs5B,EAAiBhB,GAC/BgB,EAAgB5W,mBAAqB2W,EAAiBpgC,UACtDqgC,EAAgB7W,oBAAsB7oB,GAAqBhxC,EAAYywE,EAAkB3X,EAAM78D,EAAQgP,GACvGylE,EAAgB9V,aAAeC,QACzB6V,EAAgBptC,KAAKmtC,EAAkBhB,EAAY3W,EAAMn1B,GACxD+sC,CACT,CAUO/oF,eAAegpF,GAAgBC,EAAQj5B,EAAMytB,EAAMtM,EAAO,IAAI13D,KAAQyvE,IAC3ED,EAASA,EAAOxL,MAETztB,EAAKytB,GAAMx9E,aAGRnB,QAAQ2H,IAAIwiF,EAAOliF,KAAI/G,eAAempF,GACrCA,EAAU5T,UAAUpE,IAAW+X,UAAiBA,EAAQC,IACxDn5B,EAAKytB,GAAM32E,MAAK,SAASsiF,GACxB,OAAOnwE,EAAKqD,iBAAiB8sE,EAAQvV,cAAesV,EAAUtV,mBAElE7jB,EAAKytB,GAAM/8E,KAAKyoF,OAPpBn5B,EAAKytB,GAAQwL,EAYnB,CAkBOjpF,eAAeqpF,GAAcxB,EAAY5V,EAAekV,EAAcmC,EAAa11E,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,GAC3H7N,EAAMA,GAAOoyE,EACb,MAAM0B,EAAmB,GAwBzB,aAvBMzqF,QAAQ2H,IAAI6iF,EAAYviF,KAAI/G,eAAewpF,GAC/C,IAUK51E,IAAa41E,EAAoBxW,YAAY7sD,OAAOvS,EAAUo/D,qBAEzDwW,EAAoBttC,OACxBzmC,EAAKw8D,EAAekV,EAAc7jE,EAAO1B,kBAAoBuvD,EAAO,MAAM,EAAO7tD,GAInFimE,EAAiB7oF,KAAK8oF,EAAoBxW,cAE5C,MAAO9vE,SAGP0Q,GACFA,EAAU8/D,UAAU6V,EAAiBziF,MAAKsf,GAASA,EAAMD,OAAOvS,EAAUo/D,iBACxEp/D,EAAU8/D,UAAW,GAChB9/D,EAAU8/D,SAEZ6V,EAAiBtpF,OAAS,CACnC,CASO,SAASynF,GAAqBtL,EAAWxoE,GAC9C,IAAI6zE,EAKJ,OAHkC,IAA9B7zE,EAAUg/D,kBACZ6U,EAAiBrL,EAAU7J,QAAQz4D,UAA0C,IAA9BlG,EAAUyC,mBAEpDoxE,EAAiB,IAAIhuE,KAAKguE,GAAkBp9E,GACrD,CAwBO,SAASo/E,GAAmB/lF,EAASgmF,EAAiB,IAU3D,OATAhmF,EAAQmV,KAAOnV,EAAQmV,MAAQ6wE,EAAe7wE,KAC9CnV,EAAQ2L,MAAQ3L,EAAQ2L,OAASq6E,EAAer6E,MAChD3L,EAAQqjF,QAAUrjF,EAAQqjF,SAAW2C,EAAe3C,QACpDrjF,EAAQ2S,uBAAkDvW,IAA9B4D,EAAQ2S,kBAAkC3S,EAAQ2S,kBAAoBqzE,EAAerzE,kBACjH3S,EAAQ23E,WAAapiE,EAAKC,SAASxV,EAAQ23E,YAAc33E,EAAQ23E,WAAaqO,EAAerO,WAC7F33E,EAAQytE,KAAOztE,EAAQytE,MAAQuY,EAAevY,KAE9CztE,EAAQi4C,KAAOj4C,EAAQi4C,OAAQ,EAEvBj4C,EAAQmV,MACd,IAAK,MACH,IACEnV,EAAQ2L,MAAQuQ,EAAMjf,MAAMif,EAAMvQ,MAAO3L,EAAQ2L,OACjD,MAAOnM,GACP,MAAUnB,MAAM,iBAEd2B,EAAQ2L,QAAUuQ,EAAMvQ,MAAMS,eAAiBpM,EAAQ2L,QAAUuQ,EAAMvQ,MAAMa,mBAC/ExM,EAAQ2L,MAAQ3L,EAAQi4C,KAAO/7B,EAAMvQ,MAAMS,cAAgB8P,EAAMvQ,MAAMa,kBAErExM,EAAQi4C,KACVj4C,EAAQglD,UAAYhlD,EAAQ2L,QAAUuQ,EAAMvQ,MAAMS,cAAgB8P,EAAM7O,UAAUQ,YAAcqO,EAAM7O,UAAUO,MAEhH5N,EAAQglD,UAAY9oC,EAAM7O,UAAUM,KAEtC,MACF,IAAK,MACH3N,EAAQglD,UAAY9oC,EAAM7O,UAAUC,eACpC,MACF,QACE,MAAUjP,MAAM,wBAAwB2B,EAAQmV,MAEpD,OAAOnV,CACT,CAEO,SAASimF,GAAwBvN,EAAWxoE,GACjD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUE,YACjCs9C,IAAY3uC,EAAM7O,UAAUI,SAC5Bo9C,IAAY3uC,EAAM7O,UAAUM,MAC5Bk9C,IAAY3uC,EAAM7O,UAAUY,UAC1BiC,EAAUqD,UAC4C,IAArDrD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASS,UAC9C,CAEO,SAASkyE,GAA2BxN,EAAWxoE,GACpD,MAAM26C,EAAU6tB,EAAU1zB,UAC1B,OAAO6F,IAAY3uC,EAAM7O,UAAUK,KACjCm9C,IAAY3uC,EAAM7O,UAAUG,SAC5Bq9C,IAAY3uC,EAAM7O,UAAUO,OAC5Bi9C,IAAY3uC,EAAM7O,UAAUQ,aAC5Bg9C,IAAY3uC,EAAM7O,UAAUf,WAC1B4D,EAAUqD,UACwD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC9C,CAEO,SAASiyE,GAA2Bj2E,EAAW0P,GACpD,QAAIA,EAAOzB,0CAKHjO,EAAUqD,UACkD,IAAjErD,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASU,uBACoB,IAA3D/D,EAAUqD,SAAS,GAAK2I,EAAM3I,SAASW,gBAC5C,CASO,SAASkyE,GAAqB1N,EAAW94D,GAC9C,MAAMirC,EAAU3uC,EAAMjf,MAAMif,EAAM7O,UAAWqrE,EAAU1zB,WACjDqhC,EAAW3N,EAAUU,mBAC3B,GAAIx5D,EAAOP,0BAA0Ble,IAAI0pD,GACvC,MAAUxsD,MAASgoF,EAASrhC,UAAZ,kCAElB,OAAQ6F,GACN,KAAK3uC,EAAM7O,UAAUC,eACrB,KAAK4O,EAAM7O,UAAUG,QACrB,KAAK0O,EAAM7O,UAAUE,WACnB,GAAI84E,EAAS3sE,KAAOkG,EAAO5B,WACzB,MAAU3f,MAAM,yBAAyBuhB,EAAO5B,4CAElD,MACF,KAAK9B,EAAM7O,UAAUO,MACrB,KAAKsO,EAAM7O,UAAUQ,YACrB,KAAKqO,EAAM7O,UAAUM,KACnB,GAAIiS,EAAON,aAAane,IAAIklF,EAAS16E,OACnC,MAAUtN,MAAM,eAAegoF,EAASrhC,8BAA8BqhC,EAAS16E,sBAMvF,CCjZA,MAAM26E,GACJrrF,YAAYsrF,EAAYC,GACtBrrF,KAAKyV,OAAS21E,EAAWtrF,YAAYugB,MAAQU,EAAMlM,OAAOY,OAAS21E,EAAa,KAChFprF,KAAK2V,cAAgBy1E,EAAWtrF,YAAYugB,MAAQU,EAAMlM,OAAOc,cAAgBy1E,EAAa,KAC9FprF,KAAKsrF,mBAAqB,GAC1BtrF,KAAKurF,oBAAsB,GAC3BvrF,KAAKwrF,qBAAuB,GAC5BxrF,KAAKqrF,QAAUA,EAOjBI,eACE,MAAM/D,EAAa,IAAI1Q,GAKvB,OAJA0Q,EAAW7lF,KAAK7B,KAAKyV,QAAUzV,KAAK2V,eACpC+xE,EAAW7lF,QAAQ7B,KAAKwrF,sBACxB9D,EAAW7lF,QAAQ7B,KAAKsrF,oBACxB5D,EAAW7lF,QAAQ7B,KAAKurF,qBACjB7D,EAOT/lF,QACE,MAAM+pF,EAAO,IAAIP,GAAKnrF,KAAKyV,QAAUzV,KAAK2V,cAAe3V,KAAKqrF,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAItrF,KAAKsrF,oBACnCI,EAAKH,oBAAsB,IAAIvrF,KAAKurF,qBACpCG,EAAKF,qBAAuB,IAAIxrF,KAAKwrF,sBAC9BE,EAWTvqF,cAAcwqF,EAAarZ,EAAM7tD,GAC/B,MAAMukE,EAAahpF,KAAKqrF,QAAQ9N,UAC1B0L,EAAa,CACjBxzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAKoyE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWxzE,QAAUwzE,EAAWtzE,cAAe3V,KAAKqrF,SAgB1E,OAfAK,EAAKH,0BAA4BtrF,QAAQ2H,IAAI+jF,EAAYzjF,KAAI/G,eAAeqY,GAC1E,IAAKA,EAAWoyE,YACd,MAAU1oF,MAAM,gCAElB,GAAIsW,EAAWukE,qBAAqBiL,GAClC,MAAU9lF,MAAM,+DAElB,MAAM2oF,QAAmBryE,EAAWsyE,mBAAc7qF,EAAWqxE,OAAMrxE,EAAWwjB,GAC9E,OAAO0kE,GAAsBF,EAAYzvE,EAAYqyE,EAAWtO,UAAW,CAEzEnK,cAAeryD,EAAMhM,UAAUsB,YAC/B+B,SAAU,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,WACtDy5D,OAAMrxE,OAAWA,OAAWA,EAAWwjB,aAEtCinE,EAAKjkD,OAAOznC,KAAMsyE,EAAM7tD,GACvBinE,EAeTvqF,gBAAgB4qF,EAAaxO,EAAWjL,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClE,MAAMijE,EAAahpF,KAAKqrF,QAAQ9N,UAChC,OAAOiN,GAAcxB,EAAYjoE,EAAMhM,UAAU0B,eAAgB,CAC/DG,IAAKoyE,EACLvzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,eACnB3V,KAAKwrF,qBAAsBO,EAAaxO,EAAWjL,EAAM7tD,GAa9DtjB,wBAAwB4qF,EAAaC,EAAkB1Z,EAAO,IAAI13D,KAAQ6J,GACxE,MAAM0zD,EAAOn4E,KACPgpF,EAAahpF,KAAKqrF,QAAQ9N,UAC1B+K,EAAe,CACnB7yE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAKoyE,IAED7U,YAAEA,GAAgB4X,EAClBE,EAAaD,EAAiB5kF,QAAOwP,GAAOA,EAAIs1E,QAAQ/X,GAAa/yE,OAAS,IACpF,OAA0B,IAAtB6qF,EAAW7qF,OACN,YAEHnB,QAAQ2H,IAAIqkF,EAAW/jF,KAAI/G,UAC/B,MAAM0qF,QAAmBj1E,EAAIk1E,cAAc3X,EAAa4X,EAAYrY,aAASzyE,EAAWwjB,GACxF,GAAIsnE,EAAYlX,eAAiBsD,EAAKgU,UAAUJ,EAAaF,EAAWtO,UAAWjL,EAAM7tD,GACvF,MAAUvhB,MAAM,+BAElB,UACQ6oF,EAAY1uC,OAAOwuC,EAAWtO,UAAWx8D,EAAMhM,UAAUsB,YAAaiyE,EAAchW,OAAMrxE,EAAWwjB,GAC3G,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,8BAA+B5b,SAGjD,GAeTlD,8BAA8B6qF,EAAkB1Z,EAAO,IAAI13D,KAAQ6J,GACjE,MAAM0zD,EAAOn4E,KACPosF,EAAiBpsF,KAAKsrF,mBAAmB9kF,OAAOxG,KAAKurF,qBAC3D,OAAOtrF,QAAQ2H,IAAIwkF,EAAelkF,KAAI/G,WACpComB,MAAO8kE,EAAclY,YACrBmY,YAAanU,EAAKoU,kBAAkBF,EAAeL,EAAkB1Z,EAAM7tD,GAAQrkB,OAAM,KAAM,SAanGe,aAAamxE,EAAO,IAAI13D,KAAQ6J,GAC9B,IAAKzkB,KAAKsrF,mBAAmBlqF,OAC3B,MAAU8B,MAAM,gCAElB,MAAMi1E,EAAOn4E,KACPgpF,EAAahpF,KAAKqrF,QAAQ9N,UAC1B+K,EAAe,CACnB7yE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAKoyE,GAGP,IAAIxoE,EACJ,IAAK,IAAIvd,EAAIjD,KAAKsrF,mBAAmBlqF,OAAS,EAAG6B,GAAK,EAAGA,IACvD,IACE,MAAMsmF,EAAoBvpF,KAAKsrF,mBAAmBroF,GAClD,GAAIsmF,EAAkB1U,eAAiBsD,EAAKgU,UAAU5C,OAAmBtoF,EAAWqxE,EAAM7tD,GACxF,MAAUvhB,MAAM,iCAElB,UACQqmF,EAAkBlsC,OAAO2rC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,OAAMrxE,EAAWwjB,GACvG,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,gCAAiC5b,GAExD,OAAO,EACP,MAAOA,GACPmc,EAAYnc,EAGhB,MAAMmc,EAWRrf,aAAaqrF,EAAYla,EAAM7tD,GAC7B,MAAMukE,EAAahpF,KAAKqrF,QAAQ9N,UAC1B+K,EAAe,CACnB7yE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAKoyE,SAGDmB,GAAgBqC,EAAYxsF,KAAM,qBAAsBsyE,GAAMnxE,eAAesrF,GACjF,IAEE,aADMA,EAAWpvC,OAAO2rC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,GAAM,EAAO7tD,IACrF,EACP,MAAOpgB,GACP,OAAO,YAIL8lF,GAAgBqC,EAAYxsF,KAAM,sBAAuBsyE,SAEzD6X,GAAgBqC,EAAYxsF,KAAM,uBAAwBsyE,GAAM,SAASoa,GAC7E,OAAOlC,GAAcxB,EAAYjoE,EAAMhM,UAAU0B,eAAgB6xE,EAAc,CAACoE,QAAYzrF,OAAWA,EAAWqxE,EAAM7tD,MAe5HtjB,aACE6nF,GAEE2D,KAAMpY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DmzE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAMkjE,EAAa,CACjBxzE,OAAQzV,KAAKyV,OACbE,cAAe3V,KAAK2V,cACpBiB,IAAKoyE,GAED0C,EAAO,IAAIP,GAAKlC,EAAWxzE,QAAUwzE,EAAWtzE,cAAe3V,KAAKqrF,SAO1E,OANAK,EAAKF,qBAAqB3pF,WAAWsnF,GAAsBF,EAAY,KAAMD,EAAY,CACvF5V,cAAeryD,EAAMhM,UAAU0B,eAC/B89D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,GAAW,EAAOwjB,UAChCinE,EAAKjkD,OAAOznC,MACX0rF,GC1PX,MAAMmB,GAKJ/sF,YAAYgtF,EAAczB,GACxBrrF,KAAKu9E,UAAYuP,EACjB9sF,KAAK+sF,kBAAoB,GACzB/sF,KAAKwrF,qBAAuB,GAC5BxrF,KAAKqrF,QAAUA,EAOjBI,eACE,MAAM/D,EAAa,IAAI1Q,GAIvB,OAHA0Q,EAAW7lF,KAAK7B,KAAKu9E,WACrBmK,EAAW7lF,QAAQ7B,KAAKwrF,sBACxB9D,EAAW7lF,QAAQ7B,KAAK+sF,mBACjBrF,EAOT/lF,QACE,MAAMonF,EAAS,IAAI8D,GAAO7sF,KAAKu9E,UAAWv9E,KAAKqrF,SAG/C,OAFAtC,EAAOgE,kBAAoB,IAAI/sF,KAAK+sF,mBACpChE,EAAOyC,qBAAuB,IAAIxrF,KAAKwrF,sBAChCzC,EAeT5nF,gBAAgB4T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAMijE,EAAahpF,KAAKqrF,QAAQ9N,UAChC,OAAOyP,GACLhE,EAAYjoE,EAAMhM,UAAU+B,iBAAkB,CAC5CF,IAAKoyE,EACLvjF,KAAMzF,KAAKu9E,WACVv9E,KAAKwrF,qBAAsBz2E,EAAW6B,EAAK07D,EAAM7tD,GAaxDtjB,aAAamxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAMijE,EAAahpF,KAAKqrF,QAAQ9N,UAC1B+K,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAMzF,KAAKu9E,WAE7C0P,QAAyBC,GAA+BltF,KAAK+sF,kBAAmB/D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAErJ,GAAIwoE,EAAiBpY,eAAiB70E,KAAKmsF,UAAUc,EAAkB,KAAM3a,EAAM7tD,GACjF,MAAUvhB,MAAM,qBAGlB,GAAIiqF,GAAqBntF,KAAKu9E,UAAW0P,EAAkB3a,GACzD,MAAUpvE,MAAM,qBAElB,OAAO+pF,EAWT9rF,wBAAwBmxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,MAAMijE,EAAahpF,KAAKqrF,QAAQ9N,UAC1B+K,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAMzF,KAAKu9E,WACnD,IAAI0P,EACJ,IACEA,QAAyBC,GAA+BltF,KAAK+sF,kBAAmB/D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAC/I,MAAOpgB,GACP,OAAO,KAET,MAAM+oF,EAAYC,GAA4BrtF,KAAKu9E,UAAW0P,GACxDK,EAAYL,EAAiBzW,oBACnC,OAAO4W,EAAYE,EAAYF,EAAYE,EAW7CnsF,aAAa4nF,EAAQzW,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC/C,MAAMijE,EAAahpF,KAAKqrF,QAAQ9N,UAChC,IAAKv9E,KAAK+9E,qBAAqBgL,GAC7B,MAAU7lF,MAAM,2DAGdlD,KAAKu9E,UAAUz9E,YAAYugB,MAAQU,EAAMlM,OAAOa,cAChDqzE,EAAOxL,UAAUz9E,YAAYugB,MAAQU,EAAMlM,OAAOM,eACpDnV,KAAKu9E,UAAYwL,EAAOxL,WAG1B,MAAMpF,EAAOn4E,KACPsoF,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAM0yE,EAAKoF,iBAC7CgQ,GAAuBxE,EAAQ/oF,KAAM,oBAAqBsyE,GAAMnxE,eAAeqsF,GACnF,IAAK,IAAIvqF,EAAI,EAAGA,EAAIk1E,EAAK4U,kBAAkB3rF,OAAQ6B,IACjD,GAAIk1E,EAAK4U,kBAAkB9pF,GAAGkxE,YAAY7sD,OAAOkmE,EAAWrZ,aAI1D,OAHIqZ,EAAW9Z,QAAUyE,EAAK4U,kBAAkB9pF,GAAGywE,UACjDyE,EAAK4U,kBAAkB9pF,GAAKuqF,IAEvB,EAGX,IAEE,aADMA,EAAWnwC,OAAO2rC,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,OAAMrxE,EAAWwjB,IAC3F,EACP,MAAOpgB,GACP,OAAO,YAILkpF,GAAuBxE,EAAQ/oF,KAAM,uBAAwBsyE,GAAM,SAASoa,GAChF,OAAOM,GAAqBhE,EAAYjoE,EAAMhM,UAAU+B,iBAAkBwxE,EAAc,CAACoE,QAAYzrF,OAAWA,EAAWqxE,EAAM7tD,MAerItjB,aACE6nF,GAEE2D,KAAMpY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DmzE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,MAAMkjE,EAAa,CAAEryE,IAAKoyE,EAAYvjF,KAAMzF,KAAKu9E,WAC3CwL,EAAS,IAAI8D,GAAO7sF,KAAKu9E,UAAWv9E,KAAKqrF,SAO/C,OANAtC,EAAOyC,qBAAqB3pF,WAAW4rF,GAA6BxE,EAAY,KAAMD,EAAY,CAChG5V,cAAeryD,EAAMhM,UAAU+B,iBAC/By9D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,GAAW,EAAOwjB,UAChCskE,EAAOthD,OAAOznC,MACb+oF,EAGThL,qBAAqBC,GACnB,OAAOh+E,KAAKu9E,UAAUQ,qBAAqBC,EAAMT,WAAaS,IAIlE,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAe56E,SAAQ8H,IAC3F2hF,GAAO7rF,UAAUkK,GACf,WACE,OAAOlL,KAAKu9E,UAAUryE,KACvB,IC/KL,MAAMwiF,gBAAyCtzE,EAAK8F,wBAAwB,CAACizD,KACvEwa,GAAoB,IAAIvqE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,aAClEo0E,GAAgB,IAAIxqE,IAAI,CAC5BrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAO2E,WACrCuH,EAAMlM,OAAOa,aAAcqL,EAAMlM,OAAOg5E,gBAY1C,MAAMC,GAMJC,sBAAsBrG,EAAYsG,EAAoB,IAAI5qE,KACxD,IAAIsoE,EACAuC,EACAlF,EACAmF,EAEJ,IAAK,MAAMr5E,KAAU6yE,EAAY,CAE/B,GAAI7yE,aAAkBoyC,GAAmB,CACR2mC,GAAc5nF,IAAI6O,EAAOwL,OACzB6tE,IAI3BA,EADEP,GAAkB3nF,IAAI6O,EAAOwL,KACjBstE,GAEAC,IAGlB,SAGF,MAAMvtE,EAAMxL,EAAO/U,YAAYugB,IAC/B,GAAI6tE,EAAa,CACf,IAAKA,EAAYloF,IAAIqa,GAAM,SAC3B6tE,EAAc,KAEhB,GAAIF,EAAkBhoF,IAAIqa,GACxB,MAAUnd,MAAM,2BAA2Bmd,GAE7C,OAAQA,GACN,KAAKU,EAAMlM,OAAO3C,UAClB,KAAK6O,EAAMlM,OAAOK,UAChB,GAAIlV,KAAKu9E,UACP,MAAUr6E,MAAM,oCAIlB,GAFAlD,KAAKu9E,UAAY1oE,EACjBo5E,EAAejuF,KAAKq1E,YACf4Y,EACH,MAAU/qF,MAAM,kBAElB,MACF,KAAK6d,EAAMlM,OAAOY,OAClB,KAAKsL,EAAMlM,OAAOc,cAChB+1E,EAAO,IAAIP,GAAKt2E,EAAQ7U,MACxBA,KAAKmuF,MAAMtsF,KAAK6pF,GAChB,MACF,KAAK3qE,EAAMlM,OAAOa,aAClB,KAAKqL,EAAMlM,OAAOM,aAChBu2E,EAAO,KACP3C,EAAS,IAAI8D,GAAOh4E,EAAQ7U,MAC5BA,KAAKouF,QAAQvsF,KAAKknF,GAClB,MACF,KAAKhoE,EAAMlM,OAAOE,UAChB,OAAQF,EAAOu+D,eACb,KAAKryD,EAAMhM,UAAUsB,YACrB,KAAK0K,EAAMhM,UAAUuB,YACrB,KAAKyK,EAAMhM,UAAUwB,WACrB,KAAKwK,EAAMhM,UAAUyB,aACnB,IAAKk1E,EAAM,CACTtxE,EAAK0D,WAAW,mEAChB,SAEEjJ,EAAOs/D,YAAY7sD,OAAO2mE,GAC5BvC,EAAKJ,mBAAmBzpF,KAAKgT,GAE7B62E,EAAKH,oBAAoB1pF,KAAKgT,GAEhC,MACF,KAAKkM,EAAMhM,UAAU0B,eACfi1E,EACFA,EAAKF,qBAAqB3pF,KAAKgT,GAE/B7U,KAAKquF,iBAAiBxsF,KAAKgT,GAE7B,MACF,KAAKkM,EAAMhM,UAAU6B,IACnB5W,KAAKquF,iBAAiBxsF,KAAKgT,GAC3B,MACF,KAAKkM,EAAMhM,UAAU2B,cACnB,IAAKqyE,EAAQ,CACX3uE,EAAK0D,WAAW,qEAChB,SAEFirE,EAAOgE,kBAAkBlrF,KAAKgT,GAC9B,MACF,KAAKkM,EAAMhM,UAAU8B,cACnB7W,KAAKwrF,qBAAqB3pF,KAAKgT,GAC/B,MACF,KAAKkM,EAAMhM,UAAU+B,iBACnB,IAAKiyE,EAAQ,CACX3uE,EAAK0D,WAAW,wEAChB,SAEFirE,EAAOyC,qBAAqB3pF,KAAKgT,MAY7C42E,eACE,MAAM/D,EAAa,IAAI1Q,GAMvB,OALA0Q,EAAW7lF,KAAK7B,KAAKu9E,WACrBmK,EAAW7lF,QAAQ7B,KAAKwrF,sBACxB9D,EAAW7lF,QAAQ7B,KAAKquF,kBACxBruF,KAAKmuF,MAAMjmF,KAAIwjF,GAAQhE,EAAW7lF,QAAQ6pF,EAAKD,kBAC/CzrF,KAAKouF,QAAQlmF,KAAI6gF,GAAUrB,EAAW7lF,QAAQknF,EAAO0C,kBAC9C/D,EAQT/lF,MAAM2sF,GAAqB,GACzB,MAAM13E,EAAM,IAAI5W,KAAKF,YAAYE,KAAKyrF,gBAiBtC,OAhBI6C,GACF13E,EAAIs1E,UAAU9oF,SAAQ6Y,IAMpB,GAJAA,EAAEshE,UAAYxyE,OAAOw6B,OACnBx6B,OAAOwjF,eAAetyE,EAAEshE,WACxBxyE,OAAOE,0BAA0BgR,EAAEshE,aAEhCthE,EAAEshE,UAAUI,cAAe,OAEhC,MAAM3tB,EAAgB,GACtBjlD,OAAOooB,KAAKlX,EAAEshE,UAAUvtB,eAAe5sD,SAAQ8H,IAC7C8kD,EAAc9kD,GAAQ,IAAIrI,WAAWoZ,EAAEshE,UAAUvtB,cAAc9kD,GAAM,IAEvE+Q,EAAEshE,UAAUvtB,cAAgBA,CAAa,IAGtCp5C,EAST43E,WAAWjnE,EAAQ,MAIjB,OAHgBvnB,KAAKouF,QAAQhnF,QAAO2hF,IACjCxhE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GAAO,KAW9C2kE,QAAQ3kE,EAAQ,MACd,MAAM4L,EAAO,GAIb,OAHK5L,IAASvnB,KAAKq1E,WAAW/tD,OAAOC,GAAO,IAC1C4L,EAAKtxB,KAAK7B,MAELmzB,EAAK3sB,OAAOxG,KAAKwuF,WAAWjnE,IAOrCknE,YACE,OAAOzuF,KAAKksF,UAAUhkF,KAAI0O,GAAOA,EAAIy+D,aAOvCqZ,aACE,OAAO1uF,KAAKmuF,MAAMjmF,KAAIwjF,GACbA,EAAKj2E,OAASi2E,EAAKj2E,OAAOA,OAAS,OACzCrO,QAAOqO,GAAqB,OAAXA,IAOtB3T,QACE,OAAO9B,KAAKyrF,eAAe3pF,QAa7BX,oBAAoBomB,EAAQ,KAAM+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UACnE/lB,KAAK2uF,iBAAiBrc,EAAM78D,EAAQgP,GAC1C,MAAMukE,EAAahpF,KAAKu9E,UAClB6Q,EAAUpuF,KAAKouF,QAAQ1sF,QAAQktF,MAAK,CAACvgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUqF,EACnB,IAAK7mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAMsjF,EAAOxL,WAC/C0P,QAAyBC,GAC7BnE,EAAOgE,kBAAmB/D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GAE3F,IAAKoqE,GAA+B9F,EAAOxL,UAAW0P,GACpD,SAEF,IAAKA,EAAiBx0E,kBACpB,MAAUvV,MAAM,8BAOlB,aAJMgqF,GACJ,CAACD,EAAiBx0E,mBAAoBswE,EAAOxL,UAAWx8D,EAAMhM,UAAU4B,WAAY2xE,EAAchW,EAAM7tD,GAE1GqqE,GAA4B/F,EAAOxL,UAAW94D,GACvCskE,EACP,MAAO1kF,GACPmc,EAAYnc,EAKlB,IACE,MAAMglF,QAAoBrpF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCsnE,GAA+B7F,EAAYK,EAAYE,mBAEzD,OADAuF,GAA4B9F,EAAYvkE,GACjCzkB,KAET,MAAOqE,GACPmc,EAAYnc,EAEd,MAAM+V,EAAK6F,UAAU,kDAAoDjgB,KAAKq1E,WAAWhuD,QAAS7G,GAapGrf,uBAAuBomB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,UAC/D/lB,KAAK2uF,iBAAiBrc,EAAM78D,EAAQgP,GAC1C,MAAMukE,EAAahpF,KAAKu9E,UAElB6Q,EAAUpuF,KAAKouF,QAAQ1sF,QAAQktF,MAAK,CAACvgF,EAAGJ,IAAMA,EAAEsvE,UAAU7J,QAAUrlE,EAAEkvE,UAAU7J,UACtF,IAAIlzD,EACJ,IAAK,MAAMuoE,KAAUqF,EACnB,IAAK7mE,GAASwhE,EAAO1T,WAAW/tD,OAAOC,GACrC,UACQwhE,EAAO1rC,OAAOi1B,EAAM7tD,GAC1B,MAAM6jE,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAMsjF,EAAOxL,WAC/C0P,QAAyBC,GAA+BnE,EAAOgE,kBAAmB/D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GACvJ,GAAIsqE,GAAkChG,EAAOxL,UAAW0P,GAEtD,OADA6B,GAA4B/F,EAAOxL,UAAW94D,GACvCskE,EAET,MAAO1kF,GACPmc,EAAYnc,EAKlB,IAEE,MAAMglF,QAAoBrpF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAC5D,KAAM8C,GAASyhE,EAAW3T,WAAW/tD,OAAOC,KACxCwnE,GAAkC/F,EAAYK,EAAYE,mBAE5D,OADAuF,GAA4B9F,EAAYvkE,GACjCzkB,KAET,MAAOqE,GACPmc,EAAYnc,EAEd,MAAM+V,EAAK6F,UAAU,qDAAuDjgB,KAAKq1E,WAAWhuD,QAAS7G,GAevGrf,gBAAgB4T,EAAW6B,EAAK07D,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,OAAOinE,GACLhtF,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK5W,KAAKu9E,WAAav9E,KAAKwrF,qBAAsBz2E,EAAW6B,EAAK07D,EAAM7tD,GAa7HtjB,uBAAuBmxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC9D,MAAMijE,EAAahpF,KAAKu9E,UAExB,SAAUv9E,KAAKmsF,UAAU,KAAM,KAAM7Z,EAAM7tD,GACzC,MAAUvhB,MAAM,0BAGlB,MAAMqmF,kBAAEA,SAA4BvpF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAEtE,GAAI0oE,GAAqBnE,EAAYO,EAAmBjX,GACtD,MAAUpvE,MAAM,0BAGlB,MAAM8rF,QAAwB9B,GAC5BltF,KAAKquF,iBAAkBrF,EAAYjoE,EAAMhM,UAAU6B,IAAK,CAAEA,IAAKoyE,GAAc1W,EAAM7tD,GACnFrkB,OAAM,SAER,GAAI4uF,GAAmB7B,GAAqBnE,EAAYgG,EAAiB1c,GACvE,MAAUpvE,MAAM,0BAYpB/B,wBAAwBsU,EAAQgP,EAASsB,IACvC,IAAIkpE,EACJ,IACE,MAAM1F,kBAAEA,SAA4BvpF,KAAKspF,eAAe,KAAM7zE,EAAQgP,GAChEyqE,EAAmB7B,GAA4BrtF,KAAKu9E,UAAWgM,GAC/D4F,EAAgB5F,EAAkB/S,oBAClCwY,QAAwB9B,GAC5BltF,KAAKquF,iBAAkBruF,KAAKu9E,UAAWx8D,EAAMhM,UAAU6B,IAAK,CAAEA,IAAK5W,KAAKu9E,WAAa,KAAM94D,GAC3FrkB,OAAM,SACR,GAAI4uF,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4BrtF,KAAKu9E,UAAWyR,GAGvEC,EAAmBvjF,KAAKmyC,IAAIqxC,EAAkBC,EAAeC,QAE7DH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,EAE3E,MAAO9qF,GACP4qF,EAAmB,KAGrB,OAAO70E,EAAKc,cAAc+zE,GAiB5B9tF,qBAAqBmxE,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IAC5D,MAAMijE,EAAahpF,KAAKu9E,UAClB4Q,EAAQ,GACd,IAAI3tE,EACJ,IAAK,IAAIvd,EAAI,EAAGA,EAAIjD,KAAKmuF,MAAM/sF,OAAQ6B,IACrC,IACE,MAAMyoF,EAAO1rF,KAAKmuF,MAAMlrF,GACxB,IAAKyoF,EAAKj2E,OACR,SAEF,QACmBxU,IAAhBwU,EAAOvK,MAAsBwgF,EAAKj2E,OAAOvK,OAASuK,EAAOvK,WACxCjK,IAAjBwU,EAAO0xE,OAAuBuE,EAAKj2E,OAAO0xE,QAAU1xE,EAAO0xE,YACxClmF,IAAnBwU,EAAO8rD,SAAyBmqB,EAAKj2E,OAAO8rD,UAAY9rD,EAAO8rD,QAEhE,MAAUr+D,MAAM,iDAElB,MAAMolF,EAAe,CAAE7yE,OAAQi2E,EAAKj2E,OAAQmB,IAAKoyE,GAC3CO,QAA0B2D,GAA+BxB,EAAKJ,mBAAoBtC,EAAYjoE,EAAMhM,UAAUsB,YAAaiyE,EAAchW,EAAM7tD,GACrJ0pE,EAAMtsF,KAAK,CAAE4d,MAAOxc,EAAGyoF,OAAMnC,sBAC7B,MAAOllF,GACPmc,EAAYnc,EAGhB,IAAK8pF,EAAM/sF,OACT,MAAMof,GAAiBtd,MAAM,qCAEzBjD,QAAQ2H,IAAIumF,EAAMjmF,KAAI/G,eAAgBkN,GAC1C,OAAOA,EAAEk7E,kBAAkB1U,SAAWxmE,EAAEq9E,KAAKS,UAAU99E,EAAEk7E,kBAAmB,KAAMjX,EAAM7tD,OAG1F,MAAM4kE,EAAc8E,EAAMS,MAAK,SAASvgF,EAAGJ,GACzC,MAAMg/B,EAAI5+B,EAAEk7E,kBACNr8C,EAAIj/B,EAAEs7E,kBACZ,OAAOr8C,EAAE2nC,QAAU5nC,EAAE4nC,SAAW5nC,EAAEqnC,gBAAkBpnC,EAAEonC,iBAAmBrnC,EAAEymC,QAAUxmC,EAAEwmC,WACtFriD,OACGq6D,KAAEA,EAAMnC,kBAAmB8F,GAAShG,EAC1C,GAAIgG,EAAKxa,eAAiB6W,EAAKS,UAAUkD,EAAM,KAAM/c,EAAM7tD,GACzD,MAAUvhB,MAAM,2BAElB,OAAOmmF,EAgBTloF,aAAamuF,EAAWhd,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClD,IAAK/lB,KAAK+9E,qBAAqBuR,GAC7B,MAAUpsF,MAAM,4DAElB,IAAKlD,KAAK4rF,aAAe0D,EAAU1D,YAAa,CAQ9C,KANe5rF,KAAKouF,QAAQhtF,SAAWkuF,EAAUlB,QAAQhtF,QAClDpB,KAAKouF,QAAQ3vC,OAAM8wC,GACXD,EAAUlB,QAAQnmF,MAAKunF,GACrBD,EAAWxR,qBAAqByR,QAI/C,MAAUtsF,MAAM,iEAGlB,OAAOosF,EAAU7nD,OAAOznC,KAAMykB,GAMhC,MAAMgrE,EAAazvF,KAAK2B,QA0CxB,aAxCM4rF,GAAuB+B,EAAWG,EAAY,uBAAwBnd,GAAMoa,GACzEM,GAAqByC,EAAWlS,UAAWx8D,EAAMhM,UAAU8B,cAAe44E,EAAY,CAAC/C,GAAY,KAAM4C,EAAU/R,UAAWjL,EAAM7tD,WAGvI8oE,GAAuB+B,EAAWG,EAAY,mBAAoBnd,SAElEryE,QAAQ2H,IAAI0nF,EAAUnB,MAAMjmF,KAAI/G,UAGpC,MAAMuuF,EAAgBD,EAAWtB,MAAM/mF,QAAOuoF,GAC3CC,EAAQn6E,QAAUm6E,EAAQn6E,OAAO6R,OAAOqoE,EAAQl6E,SAChDm6E,EAAQj6E,eAAiBi6E,EAAQj6E,cAAc2R,OAAOqoE,EAAQh6E,iBAEjE,GAAI+5E,EAActuF,OAAS,QACnBnB,QAAQ2H,IACZ8nF,EAAcxnF,KAAI2nF,GAAgBA,EAAapoD,OAAOmoD,EAAStd,EAAM7tD,UAElE,CACL,MAAMqrE,EAAUF,EAAQjuF,QACxBmuF,EAAQzE,QAAUoE,EAClBA,EAAWtB,MAAMtsF,KAAKiuF,cAIpB7vF,QAAQ2H,IAAI0nF,EAAUlB,QAAQlmF,KAAI/G,UAEtC,MAAM4uF,EAAkBN,EAAWrB,QAAQhnF,QAAO4oF,GAChDA,EAAUjS,qBAAqByR,KAEjC,GAAIO,EAAgB3uF,OAAS,QACrBnB,QAAQ2H,IACZmoF,EAAgB7nF,KAAI+nF,GAAkBA,EAAexoD,OAAO+nD,EAAWld,EAAM7tD,UAE1E,CACL,MAAMyrE,EAAYV,EAAU7tF,QAC5BuuF,EAAU7E,QAAUoE,EACpBA,EAAWrB,QAAQvsF,KAAKquF,QAIrBT,EAWTtuF,+BAA+BmxE,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMuiE,EAAe,CAAE1xE,IAAK5W,KAAKu9E,WAC3BoN,QAA4BuC,GAA+BltF,KAAKwrF,qBAAsBxrF,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAeyxE,EAAchW,EAAM7tD,GACzJijE,EAAa,IAAI1Q,GAEvB,OADA0Q,EAAW7lF,KAAK8oF,GACTxxE,GAAM4H,EAAM5H,MAAMjH,UAAWw1E,EAAW5lF,QAAS,KAAM,KAAM,oCAatEX,iCAAiCgvF,EAAuB7d,EAAO,IAAI13D,KAAQ6J,EAASsB,IAClF,MAAMzlB,QAAcwlB,GAAQqqE,EAAuB1rE,GAE7CkmE,SADmB3T,GAAW2B,WAAWr4E,EAAMwJ,KAAM4jF,GAA0BjpE,IAC9CszD,WAAWh3D,EAAMlM,OAAOE,WAC/D,IAAK41E,GAAuBA,EAAoBvX,gBAAkBryD,EAAMhM,UAAU8B,cAChF,MAAU3T,MAAM,8CAElB,IAAKynF,EAAoBxW,YAAY7sD,OAAOtnB,KAAKq1E,YAC/C,MAAUnyE,MAAM,2CAElB,UACQynF,EAAoBttC,OAAOr9C,KAAKu9E,UAAWx8D,EAAMhM,UAAU8B,cAAe,CAAED,IAAK5W,KAAKu9E,WAAajL,OAAMrxE,EAAWwjB,GAC1H,MAAOpgB,GACP,MAAM+V,EAAK6F,UAAU,wCAAyC5b,GAEhE,MAAMuS,EAAM5W,KAAK2B,QAEjB,OADAiV,EAAI40E,qBAAqB3pF,KAAK8oF,GACvB/zE,EAYTzV,sBAAsBivF,EAAa9d,EAAM78D,EAAQgP,EAASsB,IACxD,MAAMtG,MAAEA,EAAKisE,KAAEA,SAAe1rF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAC1D4rE,QAAiB3E,EAAK4E,QAAQF,EAAa9d,EAAM7tD,GACjD7N,EAAM5W,KAAK2B,QAEjB,OADAiV,EAAIu3E,MAAM1uE,GAAS4wE,EACZz5E,EAWTzV,mBAAmBivF,EAAa9d,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC1D,MAAMnP,EAAM5W,KAAK2B,QAIjB,OAHAiV,EAAIu3E,YAAcluF,QAAQ2H,IAAI5H,KAAKmuF,MAAMjmF,KAAI,SAASwjF,GACpD,OAAOA,EAAK4E,QAAQF,EAAa9d,EAAM7tD,OAElC7N,EAkBTzV,wBAAwB6qF,EAAkB1Z,EAAO,IAAI13D,KAAQnF,EAAQgP,EAASsB,IAC5E,MAAMijE,EAAahpF,KAAKu9E,WAClBmO,KAAEA,SAAe1rF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAIzD,OAHgBunE,QACRN,EAAK6E,wBAAwBvE,EAAkB1Z,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYiX,YAAaZ,EAAKruC,OAAOi1B,EAAM7tD,GAAQrkB,OAAM,KAAM,MAmBxFe,qBAAqB6qF,EAAkB1Z,EAAO,IAAI13D,KAAQ6J,EAASsB,IACjE,MAAMijE,EAAahpF,KAAKu9E,UAClBiT,EAAU,GAehB,aAdMvwF,QAAQ2H,IAAI5H,KAAKmuF,MAAMjmF,KAAI/G,UAC/B,MAAMknF,EAAa2D,QACXN,EAAK6E,wBAAwBvE,EAAkB1Z,EAAM7tD,GAC3D,CAAC,CAAE8C,MAAOyhE,EAAW3T,WAAYiX,YAAaZ,EAAKruC,OAAOi1B,EAAM7tD,GAAQrkB,OAAM,KAAM,MAEtFowF,EAAQ3uF,QAAQwmF,EAAWngF,KACzB6M,KACEU,OAAQi2E,EAAKj2E,OAASi2E,EAAKj2E,OAAOA,OAAS,KAC3CE,cAAe+1E,EAAK/1E,cACpB4R,MAAOxS,EAAUwS,MACjB+kE,MAAOv3E,EAAUu3E,UAEpB,KAEIkE,GAIX,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBptF,SAAQ8H,IACpG4iF,GAAI9sF,UAAUkK,GACd2hF,GAAO7rF,UAAUkK,EAAK,IC7qBxB,MAAMulF,WAAkB3C,GAItBhuF,YAAY4nF,GAOV,GANA3nF,QACAC,KAAKu9E,UAAY,KACjBv9E,KAAKwrF,qBAAuB,GAC5BxrF,KAAKquF,iBAAmB,GACxBruF,KAAKmuF,MAAQ,GACbnuF,KAAKouF,QAAU,GACX1G,IACF1nF,KAAK+tF,sBAAsBrG,EAAY,IAAItkE,IAAI,CAACrC,EAAMlM,OAAOK,UAAW6L,EAAMlM,OAAOM,iBAChFnV,KAAKu9E,WACR,MAAUr6E,MAAM,0CAStB0oF,YACE,OAAO,EAOT8E,WACE,OAAO1wF,KAQTmZ,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMjH,UAAWlS,KAAKyrF,eAAe3pF,aAASb,OAAWA,OAAWA,EAAWwjB,ICjDtG,MAAMksE,WAAmBF,GAIvB3wF,YAAY4nF,GAGV,GAFA3nF,QACAC,KAAK+tF,sBAAsBrG,EAAY,IAAItkE,IAAI,CAACrC,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOa,iBAChF1V,KAAKu9E,UACR,MAAUr6E,MAAM,2CAQpB0oF,YACE,OAAO,EAOT8E,WACE,MAAMhJ,EAAa,IAAI1Q,GACjB4Z,EAAa5wF,KAAKyrF,eACxB,IAAK,MAAMlO,KAAaqT,EACtB,OAAQrT,EAAUz9E,YAAYugB,KAC5B,KAAKU,EAAMlM,OAAOK,UAAW,CAC3B,MAAM27E,EAAezT,GAAgB0T,oBAAoBvT,GACzDmK,EAAW7lF,KAAKgvF,GAChB,MAEF,KAAK9vE,EAAMlM,OAAOM,aAAc,CAC9B,MAAM47E,EAAkBxS,GAAmByS,uBAAuBzT,GAClEmK,EAAW7lF,KAAKkvF,GAChB,MAEF,QACErJ,EAAW7lF,KAAK07E,GAGtB,OAAO,IAAIkT,GAAU/I,GAQvBvuE,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMK,WAAYxZ,KAAKyrF,eAAe3pF,aAASb,OAAWA,OAAWA,EAAWwjB,GAarGtjB,wBAAwBomB,EAAO+qD,EAAO,IAAI13D,KAAQnF,EAAS,GAAIgP,EAASsB,IACtE,MAAMijE,EAAahpF,KAAKu9E,UAClBpqD,EAAO,GACb,IAAK,IAAIlwB,EAAI,EAAGA,EAAIjD,KAAKouF,QAAQhtF,OAAQ6B,IACvC,IAAKskB,GAASvnB,KAAKouF,QAAQnrF,GAAGoyE,WAAW/tD,OAAOC,GAAO,GACrD,IACE,MAAM+gE,EAAe,CAAE1xE,IAAKoyE,EAAYvjF,KAAMzF,KAAKouF,QAAQnrF,GAAGs6E,WAE1D0T,SAD2B/D,GAA+BltF,KAAKouF,QAAQnrF,GAAG8pF,kBAAmB/D,EAAYjoE,EAAMhM,UAAU2B,cAAe4xE,EAAchW,EAAM7tD,GACxGA,IACtD0O,EAAKtxB,KAAK7B,KAAKouF,QAAQnrF,IAEzB,MAAOoB,IAKb,MAAMglF,QAAoBrpF,KAAKspF,eAAehX,EAAM78D,EAAQgP,GAM5D,OALM8C,IAASyhE,EAAW3T,WAAW/tD,OAAOC,GAAO,KAC/C0pE,GAAkC5H,EAAYE,kBAAmB9kE,IACnE0O,EAAKtxB,KAAK7B,MAGLmzB,EAOTwqD,cACE,OAAO39E,KAAKksF,UAAUjkF,MAAK,EAAGs1E,eAAgBA,EAAUI,gBAa1Dx8E,eAAesjB,EAASsB,IACtB,IAAK/lB,KAAK4rF,YACR,MAAU1oF,MAAM,gCAGlB,IAAI+mF,EACJ,GAAKjqF,KAAKu9E,UAAU+B,UAEb,CAKL,MAAMuM,QAAmB7rF,KAAK8rF,cAAc,KAAM,UAAM7qF,EAAW,IAAKwjB,EAAQP,0BAA2B,IAAId,IAAOP,WAAY,IAE9HgpE,IAAeA,EAAWtO,UAAU+B,YACtC2K,EAAmB4B,EAAWtO,gBAThC0M,EAAmBjqF,KAAKu9E,UAa1B,GAAI0M,EACF,OAAOA,EAAiB3kC,WACnB,CACL,MAAMnyB,EAAOnzB,KAAKksF,UACZgF,EAAa/9D,EAAKjrB,KAAI0O,GAAOA,EAAI2mE,UAAU+B,YAAW7gC,MAAMurC,SAClE,GAAIkH,EACF,MAAUhuF,MAAM,wCAGlB,OAAOjD,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,SAAayV,EAAI2mE,UAAUj4B,eAO3Dm6B,qBACEz/E,KAAKksF,UAAU9oF,SAAQ,EAAGm6E,gBACpBA,EAAUI,eACZJ,EAAUkC,wBAehBt+E,cAEIwrF,KAAMpY,EAA0BxzD,EAAMzI,oBAAoBmB,SAC1DmzE,OAAQpY,EAA4B,IAClC,GACJlC,EAAO,IAAI13D,KACX6J,EAASsB,IAET,IAAK/lB,KAAK4rF,YACR,MAAU1oF,MAAM,iCAElB,MAAM+lF,EAAa,CAAEryE,IAAK5W,KAAKu9E,WACzB3mE,EAAM5W,KAAK2B,QAMjB,OALAiV,EAAI40E,qBAAqB3pF,WAAW4rF,GAA6BxE,EAAY,KAAMjpF,KAAKu9E,UAAW,CACjGnK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMjf,MAAMif,EAAMzI,oBAAqBi8D,GAChEC,6BACClC,OAAMrxE,OAAWA,OAAWA,EAAWwjB,IACnC7N,EAiBTzV,gBAAgB0D,EAAU,IACxB,MAAM4f,EAAS,IAAKsB,MAAkBlhB,EAAQ4f,QAC9C,GAAI5f,EAAQ23E,WACV,MAAUt5E,MAAM,gEAElB,GAAI2B,EAAQqjF,QAAUzjE,EAAO5B,WAC3B,MAAU3f,MAAM,8BAA8BuhB,EAAO5B,oBAAoBhe,EAAQqjF,WAEnF,MAAM5K,EAAkBt9E,KAAKu9E,UAC7B,GAAID,EAAgBgC,UAClB,MAAUp8E,MAAM,8CAElB,IAAKo6E,EAAgBK,cACnB,MAAUz6E,MAAM,wBAElB,MAAMiuF,EAAiB7T,EAAgBW,mBACvCkT,EAAen3E,KAAOm3E,EAAe3gF,MAAQ,MAAQ,MACrD2gF,EAAejJ,QAAUiJ,EAAe5yE,MAAQ,KAChD4yE,EAAe3gF,MAAQ2gF,EAAe3gF,OAAS,aAC/C3L,EAAUusF,GAA0BvsF,EAASssF,GAC7C,MAAM5T,QAAkB8T,GAA4BxsF,GACpDiqF,GAA4BvR,EAAW94D,GACvC,MAAMwoE,QAAyBqE,GAA8B/T,EAAWD,EAAiBz4E,EAAS4f,GAC5F8sE,EAAavxF,KAAKyrF,eAExB,OADA8F,EAAW1vF,KAAK07E,EAAW0P,GACpB,IAAI0D,GAAWY,ICxM1B,MAAMC,gBAAkCp3E,EAAK8F,wBAAwB,CACnEk9D,GACAmB,GACAM,GACA0I,GACAL,GACAzI,GACAtL,KASF,SAASse,GAAU/J,GACjB,IAAK,MAAM7yE,KAAU6yE,EACnB,OAAQ7yE,EAAO/U,YAAYugB,KACzB,KAAKU,EAAMlM,OAAOK,UAChB,OAAO,IAAIy7E,GAAWjJ,GACxB,KAAK3mE,EAAMlM,OAAO3C,UAChB,OAAO,IAAIu+E,GAAU/I,GAG3B,MAAUxkF,MAAM,sBAClB,CAgHA/B,eAAeuwF,GAAcpU,EAAiBqU,EAAqB9sF,EAAS4f,GAEtE5f,EAAQ23E,kBACJc,EAAgB5qD,QAAQ7tB,EAAQ23E,WAAY/3D,SAG9CxkB,QAAQ2H,IAAI+pF,EAAoBzpF,KAAI/G,eAAeq9E,EAAoB/+D,GAC3E,MAAMmyE,EAAmB/sF,EAAQupF,QAAQ3uE,GAAO+8D,WAC5CoV,SACIpT,EAAmB9rD,QAAQk/D,EAAkBntE,OAIvD,MAAMijE,EAAa,IAAI1Q,GACvB0Q,EAAW7lF,KAAKy7E,SAEVr9E,QAAQ2H,IAAI/C,EAAQ6kF,QAAQxhF,KAAI/G,eAAesU,EAAQgK,GAC3D,SAASoyE,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAM1qF,QAAOooC,GAAQA,IAASuiD,KAG1D,MAAMC,EAAe9K,GAAap3B,WAAWr6C,GACvCwzE,EAAa,GACnBA,EAAWxzE,OAASu8E,EACpB/I,EAAWryE,IAAM0mE,EAEjB,MAAM4L,EAAsB,GAC5BA,EAAoB9V,cAAgBryD,EAAMhM,UAAUsB,YACpD6yE,EAAoB9wE,SAAW,CAAC2I,EAAM3I,SAASQ,YAAcmI,EAAM3I,SAASS,UAC5EqwE,EAAoBxxE,6BAA+Bm6E,EAAqB,CAEtE9wE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUO,QACfiR,EAAOtC,6BACNsC,EAAOnC,cACT4mE,EAAoBvwE,wBAA0Bk5E,EAAqB,CACjE9wE,EAAMtM,KAAKC,IACXqM,EAAMtM,KAAKE,KACV8P,EAAOlC,yBAEZ2mE,EAAoBpxE,wBAA0B+5E,EAAqB,CAEjE9wE,EAAM/M,KAAKI,OACX2M,EAAM/M,KAAKM,QACVmQ,EAAOvC,wBACVgnE,EAAoBnxE,+BAAiC85E,EAAqB,CACxE9wE,EAAMpN,YAAYG,KAClBiN,EAAMpN,YAAYE,IAClBkN,EAAMpN,YAAYC,cACjB6Q,EAAOrC,+BACI,IAAV3C,IACFypE,EAAoB5U,iBAAkB,GAGxC4U,EAAoB3wE,SAAW,CAAC,GAChC2wE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAASuB,sBAC9C2K,EAAOnC,cACT4mE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAAS9D,MAEhDgQ,EAAO1K,SACTmvE,EAAoB3wE,SAAS,IAAMwI,EAAMxI,SAASwB,QAEhDlV,EAAQ2S,kBAAoB,IAC9B0xE,EAAoB1xE,kBAAoB3S,EAAQ2S,kBAChD0xE,EAAoBnV,iBAAkB,GAKxC,MAAO,CAAEie,eAAc9H,sBAFOuD,GAA6BxE,EAAY,KAAM3L,EAAiB4L,EAAqBrkF,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,QAGhK7iB,MAAKoG,IACPA,EAAK5E,SAAQ,EAAG4uF,eAAc9H,sBAC5BxC,EAAW7lF,KAAKmwF,GAChBtK,EAAW7lF,KAAKqoF,EAAgB,GAChC,UAGEjqF,QAAQ2H,IAAI+pF,EAAoBzpF,KAAI/G,eAAeq9E,EAAoB/+D,GAC3E,MAAMwyE,EAAgBptF,EAAQupF,QAAQ3uE,GAEtC,MAAO,CAAE++D,qBAAoB0T,4BADOZ,GAA8B9S,EAAoBlB,EAAiB2U,EAAextE,QAEpH7iB,MAAKq1E,IACPA,EAAQ7zE,SAAQ,EAAGo7E,qBAAoB0T,4BACrCxK,EAAW7lF,KAAK28E,GAChBkJ,EAAW7lF,KAAKqwF,EAAsB,GACtC,IAKJ,MAAMjJ,EAAa,CAAEryE,IAAK0mE,GAkB1B,OAjBAoK,EAAW7lF,WAAW4rF,GAA6BxE,EAAY,KAAM3L,EAAiB,CACpFlK,cAAeryD,EAAMhM,UAAU8B,cAC/B09D,wBAAyBxzD,EAAMzI,oBAAoBmB,SACnD+6D,0BAA2B,IAC1B3vE,EAAQytE,UAAMrxE,OAAWA,OAAWA,EAAWwjB,IAE9C5f,EAAQ23E,YACVc,EAAgBmC,2BAGZx/E,QAAQ2H,IAAI+pF,EAAoBzpF,KAAI/G,eAAeq9E,EAAoB/+D,GAClD5a,EAAQupF,QAAQ3uE,GAAO+8D,YAE9CgC,EAAmBiB,yBAIhB,IAAIkR,GAAWjJ,EACxB,CAYOvmF,eAAegxF,IAAQC,WAAEA,EAAUC,UAAEA,SAAW5tE,KAAWsjE,IAEhE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3B2tE,IAAeC,EAClB,MAAUnvF,MAAM,4EAElB,GAAIkvF,IAAeh4E,EAAKC,SAAS+3E,GAC/B,MAAUlvF,MAAM,gDAElB,GAAImvF,IAAcj4E,EAAKxX,aAAayvF,GAClC,MAAUnvF,MAAM,mDAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAAIlB,EACJ,GAAI8xF,EAAY,CACd,MAAMp4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQssE,EAAY3tE,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WAC3D,MAAUtW,MAAM,gCAElB5C,EAAQwJ,OAERxJ,EAAQ+xF,EAGV,OAAOZ,SADkBza,GAAW2B,WAAWr4E,EAAOkxF,GAAmB/sE,GAE3E,CAYOtjB,eAAemxF,IAAeF,WAAEA,EAAUC,UAAEA,SAAW5tE,KAAWsjE,IAEvE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3B2tE,IAAeC,EAClB,MAAUnvF,MAAM,mFAElB,GAAIkvF,IAAeh4E,EAAKC,SAAS+3E,GAC/B,MAAUlvF,MAAM,uDAElB,GAAImvF,IAAcj4E,EAAKxX,aAAayvF,GAClC,MAAUnvF,MAAM,0DAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAAIlB,EACJ,GAAI8xF,EAAY,CACd,MAAMp4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQssE,EAAY3tE,GACjD,GAAMzK,IAAS+G,EAAM5H,MAAMK,WACzB,MAAUtW,MAAM,wCAElB5C,EAAQwJ,OAERxJ,EAAQ+xF,EAEV,MAAM3K,QAAmB1Q,GAAW2B,WAAWr4E,EAAOkxF,GAAmB/sE,GACzE,OAAO,IAAIksE,GAAWjJ,EACxB,CAYOvmF,eAAeoxF,IAASC,YAAEA,EAAWC,WAAEA,SAAYhuE,KAAWsjE,IACnEtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQkyF,GAAeC,EAC3B,IAAKnyF,EACH,MAAU4C,MAAM,+EAElB,GAAIsvF,IAAgBp4E,EAAKC,SAASm4E,GAChC,MAAUtvF,MAAM,kDAElB,GAAIuvF,IAAer4E,EAAKxX,aAAa6vF,GACnC,MAAUvvF,MAAM,qDAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAIgxF,EAAa,CACf,MAAMx4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQ0sE,EAAa/tE,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMjH,WAAa8H,IAAS+G,EAAM5H,MAAMK,WACzD,MAAUtW,MAAM,gCAElB5C,EAAQwJ,EAEV,MAAMqpB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAWr4E,EAAOkxF,GAAmB/sE,GACnEiuE,EAAWhL,EAAWzP,WAAWl3D,EAAMlM,OAAO3C,UAAW6O,EAAMlM,OAAOK,WAC5E,GAAwB,IAApBw9E,EAAStxF,OACX,MAAU8B,MAAM,uBAElB,IAAK,IAAID,EAAI,EAAGA,EAAIyvF,EAAStxF,OAAQ6B,IAAK,CACxC,MACM0vF,EAASlB,GADI/J,EAAWhmF,MAAMgxF,EAASzvF,GAAIyvF,EAASzvF,EAAI,KAE9DkwB,EAAKtxB,KAAK8wF,GAEZ,OAAOx/D,CACT,CAYOhyB,eAAeyxF,IAAgBJ,YAAEA,EAAWC,WAAEA,SAAYhuE,IAC/DA,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQkyF,GAAeC,EAC3B,IAAKnyF,EACH,MAAU4C,MAAM,sFAElB,GAAIsvF,IAAgBp4E,EAAKC,SAASm4E,GAChC,MAAUtvF,MAAM,yDAElB,GAAIuvF,IAAer4E,EAAKxX,aAAa6vF,GACnC,MAAUvvF,MAAM,4DAElB,GAAIsvF,EAAa,CACf,MAAMx4E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQ0sE,EAAa/tE,GAClD,GAAIzK,IAAS+G,EAAM5H,MAAMK,WACvB,MAAUtW,MAAM,wCAElB5C,EAAQwJ,EAEV,MAAMqpB,EAAO,GACPu0D,QAAmB1Q,GAAW2B,WAAWr4E,EAAOkxF,GAAmB/sE,GACnEiuE,EAAWhL,EAAWzP,WAAWl3D,EAAMlM,OAAOK,WACpD,GAAwB,IAApBw9E,EAAStxF,OACX,MAAU8B,MAAM,8BAElB,IAAK,IAAID,EAAI,EAAGA,EAAIyvF,EAAStxF,OAAQ6B,IAAK,CACxC,MAAM4vF,EAAanL,EAAWhmF,MAAMgxF,EAASzvF,GAAIyvF,EAASzvF,EAAI,IACxD0vF,EAAS,IAAIhC,GAAWkC,GAC9B1/D,EAAKtxB,KAAK8wF,GAEZ,OAAOx/D,CACT,CCtZA,MAAM2/D,gBAAsC14E,EAAK8F,wBAAwB,CACvEmyD,GACA+F,GACA+B,GACAT,GACA0E,GACA7C,GACAsB,GACAlG,GACAxD,KAGI4f,gBAA4C34E,EAAK8F,wBAAwB,CAAC28D,KAE1EmW,gBAAgD54E,EAAK8F,wBAAwB,CAACizD,KAO7E,MAAM8f,GAIXnzF,YAAY4nF,GACV1nF,KAAKi3E,QAAUyQ,GAAc,IAAI1Q,GAOnCkc,sBACE,MAAMC,EAAS,GAKf,OAJ0BnzF,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC9C1R,SAAQ,SAASyR,GACjCs+E,EAAOtxF,KAAKgT,EAAO2mE,gBAEd2X,EAOTxL,mBACE,MAAMtiD,EAAMrlC,KAAKozF,mBAEXC,EAAiBhuD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAC5D,GAAIo+E,EAAejyF,OAAS,EAC1B,OAAOiyF,EAAenrF,KAAI2M,GAAUA,EAAOs/D,cAI7C,OADsB9uC,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WACtC7M,KAAI2M,GAAUA,EAAOs/D,cAa5ChzE,cAAcmyF,EAAgBC,EAAWC,EAAalhB,EAAO,IAAI13D,KAAQ6J,EAASsB,IAChF,MAAM0tE,EAAoBD,SAAqBxzF,KAAK0zF,mBAAmBJ,EAAgBC,EAAWjhB,EAAM7tD,GAElGkvE,EAAyB3zF,KAAKi3E,QAAQU,YAC1C52D,EAAMlM,OAAOQ,2BACb0L,EAAMlM,OAAOe,mCACbmL,EAAMlM,OAAOiB,mBAGf,GAAsC,IAAlC69E,EAAuBvyF,OACzB,MAAU8B,MAAM,2BAGlB,MAAM0wF,EAAqBD,EAAuB,GAClD,IAAInzE,EAAY,KAChB,MAAMqzE,EAAmB5zF,QAAQ2H,IAAI6rF,EAAkBvrF,KAAI/G,OAAS0oD,UAAWiqC,EAAehqF,WAC5F,IAAKsQ,EAAKxX,aAAakH,KAAUsQ,EAAKC,SAASy5E,GAC7C,MAAU5wF,MAAM,uCAGlB,IACE,MAAMssC,EAAOzuB,EAAMjf,MAAMif,EAAM9N,UAAW6gF,SACpCF,EAAmBjhE,QAAQ6c,EAAM1lC,EAAM2a,GAC7C,MAAOpgB,GACP+V,EAAK4D,gBAAgB3Z,GACrBmc,EAAYnc,OAQhB,GAJA0vF,EAAcH,EAAmBja,WACjCia,EAAmBja,UAAY,WACzBka,GAEDD,EAAmB3c,UAAY2c,EAAmB3c,QAAQ71E,OAC7D,MAAMof,GAAiBtd,MAAM,sBAG/B,MAAM8wF,EAAY,IAAIf,GAAQW,EAAmB3c,SAGjD,OAFA2c,EAAmB3c,QAAU,IAAID,GAE1Bgd,EAeT7yF,yBAAyBmyF,EAAgBC,EAAWjhB,EAAO,IAAI13D,KAAQ6J,EAASsB,IAC9E,IAEIvF,EAFAyzE,EAA6B,GAGjC,GAAIV,EAAW,CACb,MAAMW,EAAel0F,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOG,wBAC3D,GAA4B,IAAxBk/E,EAAa9yF,OACf,MAAU8B,MAAM,8DAEZjD,QAAQ2H,IAAI2rF,EAAUrrF,KAAI/G,eAAegzF,EAAUlxF,GACvD,IAAIg0E,EAEFA,EADEh0E,QACc+zE,GAAW2B,WAAWub,EAAapyF,QAASixF,GAA6BtuE,GAE/EyvE,QAENj0F,QAAQ2H,IAAIqvE,EAAQ/uE,KAAI/G,eAAeizF,GAC3C,UACQA,EAAYzhE,QAAQwhE,GAC1BF,EAA2BpyF,KAAKuyF,GAChC,MAAOhzC,GACPhnC,EAAK4D,gBAAgBojC,gBAItB,KAAIkyC,EAqFT,MAAUpwF,MAAM,iCArFS,CACzB,MAAMmxF,EAAer0F,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOC,8BAC3D,GAA4B,IAAxBu/E,EAAajzF,OACf,MAAU8B,MAAM,2DAEZjD,QAAQ2H,IAAIysF,EAAansF,KAAI/G,eAAemzF,SAC1Cr0F,QAAQ2H,IAAI0rF,EAAeprF,KAAI/G,eAAeozF,GAClD,IAAIzC,EAAQ,CACV/wE,EAAM9N,UAAUQ,OAChBsN,EAAM9N,UAAUM,OAChBwN,EAAM9N,UAAUG,UAChB2N,EAAM9N,UAAUI,OAElB,IACE,MAAMg2E,QAAoBkL,EAAcjL,eAAehX,OAAMrxE,EAAWwjB,GACpE4kE,EAAYE,kBAAkB7xE,+BAChCo6E,EAAQA,EAAMtrF,OAAO6iF,EAAYE,kBAAkB7xE,+BAErD,MAAOrT,IAGT,MAAMmwF,SAA8BD,EAAcE,kBAAkBH,EAAY9Y,YAAa,UAAMv6E,EAAWwjB,IAASvc,KAAI0O,GAAOA,EAAI2mE,kBAChIt9E,QAAQ2H,IAAI4sF,EAAqBtsF,KAAI/G,eAAeuzF,GACxD,IAAKA,GAAuBA,EAAoBpV,UAC9C,OAEF,IAAKoV,EAAoB/W,cACvB,MAAUz6E,MAAM,oCAWlB,GAPiCuhB,EAAOvB,8BACtCoxE,EAAYhhB,qBAAuBvyD,EAAM7O,UAAUE,YACnDkiF,EAAYhhB,qBAAuBvyD,EAAM7O,UAAUC,gBACnDmiF,EAAYhhB,qBAAuBvyD,EAAM7O,UAAUG,SACnDiiF,EAAYhhB,qBAAuBvyD,EAAM7O,UAAUI,SAGvB,CAW5B,MAAMqiF,EAAkBL,EAAYxyF,cAC9B7B,QAAQ2H,IAAI/H,MAAMkiB,KAAK0C,EAAOtB,yDAAyDjb,KAAI/G,UAC/F,MAAMyzF,EAAkB,IAAIrZ,GAC5BqZ,EAAgB1zF,KAAKyzF,GACrB,MAAM9Y,EAAmB,CACvBjC,sBACA6B,WAAYh9D,GAAOw+D,mBAAmBrD,IAExC,UACQgb,EAAgBjiE,QAAQ+hE,EAAqB7Y,GACnDoY,EAA2BpyF,KAAK+yF,GAChC,MAAOxzC,GAEPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,YAKhB,IAEE,SADMkzC,EAAY3hE,QAAQ+hE,IACrB5C,EAAMtwE,SAAST,EAAMjf,MAAMif,EAAM9N,UAAWqhF,EAAY1a,sBAC3D,MAAU12E,MAAM,iDAElB+wF,EAA2BpyF,KAAKyyF,GAChC,MAAOlzC,GACPhnC,EAAK4D,gBAAgBojC,GACrB5gC,EAAY4gC,WAKpB2yC,EAAcO,EAAY3a,WAC1B2a,EAAY3a,UAAY,UAM5B,GAAIsa,EAA2B7yF,OAAS,EAAG,CAEzC,GAAI6yF,EAA2B7yF,OAAS,EAAG,CACzC,MAAMyzF,EAAO,IAAIzxE,IACjB6wE,EAA6BA,EAA2B7sF,QAAO0tF,IAC7D,MAAM74E,EAAI64E,EAAKlb,oBAAsBx/D,EAAKqC,mBAAmBq4E,EAAKrZ,YAClE,OAAIoZ,EAAK7uF,IAAIiW,KAGb44E,EAAK5uF,IAAIgW,IACF,EAAI,IAIf,OAAOg4E,EAA2B/rF,KAAI2M,KACpC/K,KAAM+K,EAAO4mE,WACb5xB,UAAW9oC,EAAM7f,KAAK6f,EAAM9N,UAAW4B,EAAO+kE,yBAGlD,MAAMp5D,GAAiBtd,MAAM,kCAO/B6xF,iBACE,MACMh/E,EADM/V,KAAKozF,mBACGnc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ28D,YAAe,KAO5CG,cACE,MACM98D,EADM/V,KAAKozF,mBACGnc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAQQ,GAAWA,EAAQ88D,eAAkB,KAO/CJ,UACE,MACM18D,EADM/V,KAAKozF,mBACGnc,QAAQc,WAAWh3D,EAAMlM,OAAOU,aACpD,OAAIQ,EACKA,EAAQ08D,UAEV,KAYT9qD,gCAAgCqtE,EAAiB,GAAI1iB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IAC7F,MAAMypB,QAAai6C,GAAiB,YAAauL,EAAgB1iB,EAAMoX,EAASjlE,GAC1EqvE,EAAgB/yE,EAAM7f,KAAK6f,EAAM9N,UAAWu8B,GAC5CylD,EAAoBxwE,EAAOnC,mBPtC9BnhB,eAA+BgyB,EAAMm/C,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACpF,IAAImvE,GAAY,EAShB,aAPMj1F,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,eAAeyV,EAAK3T,GAC7C,MAAMomF,QAAoBzyE,EAAI0yE,eAAehX,EAAMoX,EAAQzmF,GAAIwhB,GAC1D4kE,EAAYE,kBAAkBhxE,UAC7B8wE,EAAYE,kBAAkBhxE,SAAS,GAAKwI,EAAMxI,SAAS9D,OAC/DygF,GAAY,OAGTA,CACT,CO2B0DC,CAAgBH,EAAgB1iB,EAAMoX,EAASjlE,GACnG1D,EAAM7f,KAAK6f,EAAMtM,WAAYg1E,GAAiB,OAAQuL,EAAgB1iB,EAAMoX,EAASjlE,SACrFxjB,QAEIhB,QAAQ2H,IAAIotF,EAAe9sF,KAAI0O,GAAOA,EAAIw+E,mBAC7Ch1F,OAAM,IAAM,OACZwB,MAAKyzF,IACJ,GAAIA,GAAaA,EAAS9X,UAAU1zB,YAAc9oC,EAAM7O,UAAUY,SAAYsH,EAAKyG,MAAM2uB,GACvF,MAAUtsC,MAAM,yMAMtB,MAAO,CAAE4G,KADc2U,GAAOw+D,mBAAmBztC,GAClBqa,UAAWiqC,EAAezZ,cAAe4a,GAgB1E9zF,cAAc6zF,EAAgBzB,EAAW9X,EAAY6Z,GAAW,EAAOC,EAAmB,GAAIjjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACtI,GAAI01D,GACF,IAAKrhE,EAAKxX,aAAa64E,EAAW3xE,QAAUsQ,EAAKC,SAASohE,EAAW5xB,WACnE,MAAU3mD,MAAM,4CAEb,GAAI8xF,GAAkBA,EAAe5zF,OAC1Cq6E,QAAmBwX,GAAQhW,mBAAmB+X,EAAgB1iB,EAAMoX,EAASjlE,OACxE,KAAI8uE,IAAaA,EAAUnyF,OAGhC,MAAU8B,MAAM,gDAFhBu4E,QAAmBwX,GAAQhW,wBAAmBh8E,OAAWA,OAAWA,EAAWwjB,GAKjF,MAAQ3a,KAAMuyE,EAAgBxyB,UAAWiqC,EAAezZ,cAAe4a,GAAsBxZ,EAEvFp2C,QAAY4tD,GAAQuC,kBAAkBnZ,EAAgByX,EAAemB,EAAmBD,EAAgBzB,EAAW+B,EAAUC,EAAkBjjB,EAAMoX,EAASjlE,GAEpK,IAAImvE,EACAqB,GACFrB,EAAqB,IAAIzZ,GACzByZ,EAAmBvZ,cAAgBt5D,EAAMjf,MAAMif,EAAMtM,KAAMwgF,IAE3DrB,EAAqB,IAAIla,GAE3Bka,EAAmB3c,QAAUj3E,KAAKi3E,QAElC,MAAMptB,EAAY9oC,EAAMjf,MAAMif,EAAM9N,UAAW6gF,GAK/C,aAJMF,EAAmBlhE,QAAQm3B,EAAWwyB,EAAgB53D,GAE5D4gB,EAAI4xC,QAAQp1E,KAAK+xF,GACjBA,EAAmB3c,QAAU,IAAID,GAC1B3xC,EAkBT1d,+BAA+B8zD,EAAYqY,EAAemB,EAAmBD,EAAgBzB,EAAW+B,GAAW,EAAOC,EAAmB,GAAIjjB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIjlE,EAASsB,IACzL,MAAM2hE,EAAa,IAAI1Q,GACjBntB,EAAY9oC,EAAMjf,MAAMif,EAAM9N,UAAW6gF,GACzCzZ,EAAgB4a,GAAqBl0E,EAAMjf,MAAMif,EAAMtM,KAAMwgF,GAEnE,GAAID,EAAgB,CAClB,MAAMxE,QAAgBvwF,QAAQ2H,IAAIotF,EAAe9sF,KAAI/G,eAAe6nF,EAAY/lF,GAC9E,MAAM+5E,QAAsBgM,EAAWoM,iBAAiBG,EAAiBtyF,GAAIqvE,EAAMoX,EAASjlE,GACtFgxE,EAAgB,IAAIla,GAO1B,OANAka,EAAcja,YAAc8Z,EAAWluE,GAAMkuE,WAAatY,EAAc3H,WACxEogB,EAAcniB,mBAAqB0J,EAAcO,UAAU1zB,UAC3D4rC,EAAcha,WAAaA,EAC3Bga,EAAc7b,oBAAsB/vB,QAC9B4rC,EAAc/iE,QAAQsqD,EAAcO,kBACnCkY,EAAcha,WACdga,MAET/N,EAAW7lF,QAAQ2uF,GAErB,GAAI+C,EAAW,CACb,MAAMmC,EAAcv0F,eAAeo8E,EAAW4W,GAC5C,IAEE,aADM5W,EAAU5qD,QAAQwhE,GACjB,EACP,MAAO9vF,GACP,OAAO,IAILmsB,EAAM,CAACmlE,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkB10F,eAAes6E,EAAY5xB,EAAWwwB,EAAe8Z,GAC3E,MAAM2B,EAA+B,IAAIjZ,GAA6Bp4D,GAQtE,GAPAqxE,EAA6Bra,WAAaA,EAC1Cqa,EAA6Blc,oBAAsB/vB,EAC/CwwB,IACFyb,EAA6Bzb,cAAgBA,SAEzCyb,EAA6BpjE,QAAQyhE,EAAU1vE,GAEjDA,EAAO3B,uBAAwB,CAEjC,GAA4B,WADN7iB,QAAQ2H,IAAI2rF,EAAUrrF,KAAI6tF,GAAOL,EAAYI,EAA8BC,OACrFxlE,OAAOC,GACjB,OAAOqlE,EAAgBpa,EAAY5xB,EAAWsqC,GAKlD,cADO2B,EAA6Bra,WAC7Bqa,GAGHtF,QAAgBvwF,QAAQ2H,IAAI2rF,EAAUrrF,KAAI6tF,GAAOF,EAAgBpa,EAAY5xB,EAAWwwB,EAAe0b,MAC7GrO,EAAW7lF,QAAQ2uF,GAGrB,OAAO,IAAIyC,GAAQvL,GAerBvmF,WAAWwqF,EAAc,GAAI52E,EAAY,KAAMihF,EAAgB,GAAI1jB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IAC3H,MAAM2hE,EAAa,IAAI1Q,GAEjBif,EAAoBj2F,KAAKi3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAK0gF,EACH,MAAU/yF,MAAM,mCAGlB,IAAID,EACAizF,EAEJ,MAAM9iB,EAA2C,OAA3B6iB,EAAkBhgF,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAE3C,GAAIlB,EAEF,IADAmhF,EAAwBnhF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC9D9R,EAAIizF,EAAsB90F,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACtD,MAAMinF,EAAkBgM,EAAsBjzF,GACxCkzF,EAAa,IAAIxf,GACvBwf,EAAW/iB,cAAgB8W,EAAgB9W,cAC3C+iB,EAAW9iB,cAAgB6W,EAAgB7W,cAC3C8iB,EAAW7iB,mBAAqB4W,EAAgB5W,mBAChD6iB,EAAWhiB,YAAc+V,EAAgB/V,YACpCwX,EAAYvqF,QAAgB,IAAN6B,IACzBkzF,EAAW9sB,MAAQ,GAErBqe,EAAW7lF,KAAKs0F,GA0BpB,aAtBMl2F,QAAQ2H,IAAI/H,MAAMkiB,KAAK4pE,GAAat7E,UAAUnI,KAAI/G,eAAgB6nF,EAAY/lF,GAClF,IAAK+lF,EAAW4C,YACd,MAAU1oF,MAAM,gCAElB,MAAMkzF,EAAeJ,EAAcrK,EAAYvqF,OAAS,EAAI6B,GACtD4oF,QAAmB7C,EAAW8C,cAAcsK,EAAc9jB,EAAMoX,EAASjlE,GACzE0xE,EAAa,IAAIxf,GAQvB,OAPAwf,EAAW/iB,cAAgBA,EAC3B+iB,EAAW9iB,oBAAsB7oB,GAAqBw+B,EAAY6C,EAAWtO,UAAWjL,EAAMoX,EAASjlE,GACvG0xE,EAAW7iB,mBAAqBuY,EAAWtO,UAAU1zB,UACrDssC,EAAWhiB,YAAc0X,EAAWxW,WAChCpyE,IAAM0oF,EAAYvqF,OAAS,IAC7B+0F,EAAW9sB,MAAQ,GAEd8sB,MACLv0F,MAAKy0F,IACPA,EAAqBjzF,SAAQ+yF,GAAczO,EAAW7lF,KAAKs0F,IAAY,IAGzEzO,EAAW7lF,KAAKo0F,GAChBvO,EAAW7lF,cAAey0F,GAAuBL,EAAmBtK,EAAa52E,EAAWihF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAO5vD,IAErI,IAAIwuE,GAAQvL,GASrBnP,SAAS/oC,EAAM/qB,EAASsB,IACtB,GAAIypB,IAASzuB,EAAMpN,YAAYC,aAC7B,OAAO5T,KAGT,MAAMq4E,EAAa,IAAID,GAAqB3zD,GAC5C4zD,EAAWxuB,UAAYra,EACvB6oC,EAAWpB,QAAUj3E,KAAKi3E,QAE1B,MAAMsa,EAAa,IAAIva,GAGvB,OAFAua,EAAW1vF,KAAKw2E,GAET,IAAI4a,GAAQ1B,GAerBpwF,mBAAmBwqF,EAAc,GAAI52E,EAAY,KAAMihF,EAAgB,GAAI1jB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACnI,MAAMkwE,EAAoBj2F,KAAKi3E,QAAQc,WAAWh3D,EAAMlM,OAAOU,aAC/D,IAAK0gF,EACH,MAAU/yF,MAAM,mCAElB,OAAO,IAAIukF,SAAgB6O,GAAuBL,EAAmBtK,EAAa52E,EAAWihF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAe9ItjB,aAAa6qF,EAAkB1Z,EAAO,IAAI13D,KAAQ6J,EAASsB,IACzD,MAAMsf,EAAMrlC,KAAKozF,mBACXmD,EAAkBlxD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3BghF,EAAgBn1F,OAClB,MAAU8B,MAAM,yDAEd6jB,EAAqBse,EAAI4xC,QAAQl2E,SACnCskC,EAAI4xC,QAAQp1E,cAAc8kB,EAAiB0e,EAAI4xC,QAAQl2E,QAAQsjD,GAAKA,GAAK,MAE3E,MAAMgvC,EAAiBhuD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOI,kBAAkB5E,UACxEmmF,EAAgBnxD,EAAI4xC,QAAQU,YAAY52D,EAAMlM,OAAOE,WAC3D,OAAIs+E,EAAejyF,SAAWo1F,EAAcp1F,QAAUgZ,EAAK5X,SAAS6iC,EAAI4xC,QAAQl2E,UAAYgmB,EAAqBse,EAAI4xC,QAAQl2E,eACrHd,QAAQ2H,IAAIyrF,EAAenrF,KAAI/G,UACnCg1F,EAAWvf,iBAAmB,IAAI32E,SAAQ,CAACC,EAASC,KAClDg2F,EAAWM,wBAA0Bv2F,EACrCi2F,EAAWO,uBAAyBv2F,CAAM,IAE5Cg2F,EAAW5iB,cAAgB0B,GAAiB9zE,gBAAmBg1F,EAAWvf,kBAAkBrD,gBAC5F4iB,EAAWl0D,OAAStb,QAAuBwvE,EAAWniF,KAAKmiF,EAAW/iB,cAAemjB,EAAgB,QAAIt1F,GAAW,IACpHk1F,EAAWl0D,OAAO7hC,OAAM,QAAS,KAEnCilC,EAAI4xC,QAAQl2E,OAASulB,EAAqB+e,EAAI4xC,QAAQl2E,QAAQI,MAAOqH,EAAUC,KAC7E,MAAMlD,EAASghB,EAAiB/d,GAC1B9H,EAAS8lB,EAAiB/d,GAChC,IACE,IAAK,IAAIxF,EAAI,EAAGA,EAAIowF,EAAejyF,OAAQ6B,IAAK,CAC9C,MAAQ5B,MAAO0T,SAAoBxP,EAAOrE,OAC1CmyF,EAAepwF,GAAGwzF,wBAAwB1hF,SAEtCxP,EAAOhE,kBACPb,EAAOuI,YACPvI,EAAOsB,QACb,MAAOqC,GACPgvF,EAAejwF,SAAQ+yF,IACrBA,EAAWO,uBAAuBryF,EAAE,UAEhC3D,EAAOuB,MAAMoC,OAGhBsyF,GAA0BtD,EAAgBkD,EAAiBvK,EAAkB1Z,GAAM,EAAO7tD,IAE5FkyE,GAA0BH,EAAeD,EAAiBvK,EAAkB1Z,GAAM,EAAO7tD,GAgBlGmyE,eAAe7hF,EAAWi3E,EAAkB1Z,EAAO,IAAI13D,KAAQ6J,EAASsB,IACtE,MACMwwE,EADMv2F,KAAKozF,mBACWnc,QAAQU,YAAY52D,EAAMlM,OAAOU,aAC7D,GAA+B,IAA3BghF,EAAgBn1F,OAClB,MAAU8B,MAAM,yDAGlB,OAAOyzF,GADe5hF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACjBwhF,EAAiBvK,EAAkB1Z,GAAM,EAAM7tD,GAOjG2uE,mBACE,MAAM/a,EAAar4E,KAAKi3E,QAAQU,YAAY52D,EAAMlM,OAAOO,gBACzD,OAAIijE,EAAWj3E,OACN,IAAI6xF,GAAQ5a,EAAW,GAAGpB,SAE5Bj3E,KAQTmB,sBAAsB01F,EAAmBpyE,EAASsB,UAC1C/lB,KAAKi3E,QAAQ/1E,KACjBkZ,EAAKxX,aAAai0F,GAAqBA,SAA2B/wE,GAAQ+wE,IAAoB/sF,KAC9FkpF,GACAvuE,GAQJ3iB,QACE,OAAO9B,KAAKi3E,QAAQn1E,QAQtBqX,MAAMsL,EAASsB,IACb,OAAO5M,GAAM4H,EAAM5H,MAAMI,QAASvZ,KAAK8B,QAAS,KAAM,KAAM,KAAM2iB,IAmB/DtjB,eAAem1F,GAAuBL,EAAmBtK,EAAa52E,EAAY,KAAMihF,EAAgB,GAAI1jB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAIl3B,GAAW,EAAO14B,EAASsB,IAC7L,MAAM2hE,EAAa,IAAI1Q,GAGjB5D,EAA2C,OAA3B6iB,EAAkBhgF,KACtC8K,EAAMhM,UAAUiB,OAAS+K,EAAMhM,UAAUkB,KAa3C,SAXMhW,QAAQ2H,IAAI+jF,EAAYzjF,KAAI/G,MAAO6nF,EAAY/lF,KACnD,MAAMwS,EAASi0E,EAAQzmF,GACvB,IAAK+lF,EAAW4C,YACd,MAAU1oF,MAAM,gCAElB,MAAM2oF,QAAmB7C,EAAW8C,cAAckK,EAAc/yF,GAAIqvE,EAAM78D,EAAQgP,GAClF,OAAO0kE,GAAsB8M,EAAmBjN,EAAY6C,EAAWtO,UAAW,CAAEnK,iBAAiBd,EAAM78D,EAAQ4+D,EAAWl3B,EAAU14B,EAAO,KAC7I7iB,MAAK40F,IACP9O,EAAW7lF,QAAQ20F,EAAc,IAG/BzhF,EAAW,CACb,MAAMmhF,EAAwBnhF,EAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WACzE2yE,EAAW7lF,QAAQq0F,GAErB,OAAOxO,CACT,CAkGOvmF,eAAew1F,GAA0BH,EAAeD,EAAiBvK,EAAkB1Z,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAC9I,OAAO9lB,QAAQ2H,IAAI4uF,EAAcpvF,QAAO,SAAS2N,GAC/C,MAAO,CAAC,OAAQ,UAAUyM,SAAST,EAAM7f,KAAK6f,EAAMhM,UAAWA,EAAUq+D,mBACxElrE,KAAI/G,eAAe4T,GACpB,OApFJ5T,eAAwC4T,EAAWwhF,EAAiBvK,EAAkB1Z,EAAO,IAAI13D,KAAQuiC,GAAW,EAAO14B,EAASsB,IAClI,IAAIijE,EACA8N,EAEJ,IAAK,MAAMlgF,KAAOo1E,EAAkB,CAClC,MAAMC,EAAar1E,EAAIs1E,QAAQn3E,EAAUo/D,aACzC,GAAI8X,EAAW7qF,OAAS,EAAG,CACzB4nF,EAAapyE,EACbkgF,EAAuB7K,EAAW,GAClC,OAIJ,MACM8K,EADqBhiF,aAAqB4hE,GACI5hE,EAAU6hE,iBAAmB7hE,EAE3EiiF,EAAc,CAClBzvE,MAAOxS,EAAUo/D,YACjBlB,SAAU,WACR,IAAK6jB,EACH,MAAU5zF,MAAM,0CAA0C6R,EAAUo/D,YAAY9sD,eAG5EtS,EAAUsoC,OAAOy5C,EAAqBvZ,UAAWxoE,EAAUq+D,cAAemjB,EAAgB,GAAIjkB,EAAMn1B,EAAU14B,GACpH,MAAMylE,QAAwB6M,EAC9B,GAAID,EAAqBlZ,kBAAoBsM,EAAgBxW,QAC3D,MAAUxwE,MAAM,mCAIlB,UACQ8lF,EAAW8C,cAAcgL,EAAqBzhB,WAAY6U,EAAgBxW,aAASzyE,EAAWwjB,GACpG,MAAOpgB,GAKP,IAAIogB,EAAOxB,+CAAgD5e,EAAEkV,QAAQ+K,MAAM,4CAGzE,MAAMjgB,QAFA2kF,EAAW8C,cAAcgL,EAAqBzhB,WAAY/C,OAAMrxE,EAAWwjB,GAKrF,OAAO,CACR,EA1BS,GA2BV1P,UAAW,WACT,MAAMm1E,QAAwB6M,EACxBrP,EAAa,IAAI1Q,GAEvB,OADAkT,GAAmBxC,EAAW7lF,KAAKqoF,GAC5B,IAAIzC,GAAUC,EACtB,EALU,IAeb,OAHAsP,EAAYjiF,UAAU3U,OAAM,SAC5B42F,EAAY/jB,SAAS7yE,OAAM,SAEpB42F,CACT,CAuBWC,CAAyBliF,EAAWwhF,EAAiBvK,EAAkB1Z,EAAMn1B,EAAU14B,MAElG,CAYOtjB,eAAe+1F,IAAYC,eAAEA,EAAcC,cAAEA,SAAe3yE,KAAWsjE,IAC5EtjE,EAAS,IAAKsB,MAAkBtB,GAChC,IAAInkB,EAAQ62F,GAAkBC,EAC9B,IAAK92F,EACH,MAAU4C,MAAM,wFAElB,GAAIi0F,IAAmB/8E,EAAKC,SAAS88E,KAAoB/8E,EAAK5X,SAAS20F,GACrE,MAAUj0F,MAAM,kEAElB,GAAIk0F,IAAkBh9E,EAAKxX,aAAaw0F,KAAmBh9E,EAAK5X,SAAS40F,GACvE,MAAUl0F,MAAM,qEAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,MAAMoE,EAAawU,EAAK5X,SAASlC,GAKjC,GAJIsF,UACIyxF,IACN/2F,EAAQg3F,EAAgBh3F,IAEtB62F,EAAgB,CAClB,MAAMn9E,KAAEA,EAAIlQ,KAAEA,SAAegc,GAAQxlB,EAAOmkB,GAC5C,GAAIzK,IAAS+G,EAAM5H,MAAMI,QACvB,MAAUrW,MAAM,oCAElB5C,EAAQwJ,EAEV,MAAM49E,QAAmB1Q,GAAW2B,WAAWr4E,EAAOwyF,GAAuBruE,GACvElL,EAAU,IAAI05E,GAAQvL,GAE5B,OADAnuE,EAAQ49D,WAAavxE,EACd2T,CACT,CAcOpY,eAAeo2F,IAActhF,KAAEA,EAAID,OAAEA,EAAMu8D,SAAEA,EAAQD,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,QAAkBrhD,IAATgV,EAAqB,OAAS,aAAa8xE,IACnI,IAAIznF,OAAiBW,IAATgV,EAAqBA,EAAOD,EACxC,QAAc/U,IAAVX,EACF,MAAU4C,MAAM,yEAElB,GAAI+S,IAASmE,EAAKC,SAASpE,KAAUmE,EAAK5X,SAASyT,GACjD,MAAU/S,MAAM,0DAElB,GAAI8S,IAAWoE,EAAKxX,aAAaoT,KAAYoE,EAAK5X,SAASwT,GACzD,MAAU9S,MAAM,gEAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,MAAMoE,EAAawU,EAAK5X,SAASlC,GAC7BsF,UACIyxF,IACN/2F,EAAQg3F,EAAgBh3F,IAE1B,MAAM21F,EAAoB,IAAI5jB,GAAkBC,QACnCrxE,IAATgV,EACFggF,EAAkBzjB,QAAQlyE,EAAOygB,EAAMjf,MAAMif,EAAMhL,QAASusC,IAE5D2zC,EAAkBtjB,SAASryE,EAAOygB,EAAMjf,MAAMif,EAAMhL,QAASusC,SAE9CrhD,IAAbsxE,GACF0jB,EAAkBrjB,YAAYL,GAEhC,MAAMilB,EAAwB,IAAIxgB,GAClCwgB,EAAsB31F,KAAKo0F,GAC3B,MAAM18E,EAAU,IAAI05E,GAAQuE,GAE5B,OADAj+E,EAAQ49D,WAAavxE,EACd2T,CACT,CCl5BA,MAAMu9D,gBAA+B18D,EAAK8F,wBAAwB,CAACizD,KAM5D,MAAMskB,GAKX33F,YAAYmW,EAAMlB,GAGhB,GADA/U,KAAKiW,KAAOmE,EAAK0F,qBAAqB7J,GAAM2L,QAAQ,SAAU,QAC1D7M,KAAeA,aAAqB0yE,IACtC,MAAUvkF,MAAM,2BAElBlD,KAAK+U,UAAYA,GAAa,IAAI0yE,GAAU,IAAIzQ,IAOlD2Q,mBACE,MAAMwL,EAAS,GAKf,OAJsBnzF,KAAK+U,UAAUkiE,QACvB7zE,SAAQ,SAASyR,GAC7Bs+E,EAAOtxF,KAAKgT,EAAOs/D,gBAEdgf,EAeThyF,WAAWivF,EAAar7E,EAAY,KAAMihF,EAAgB,GAAI1jB,EAAO,IAAI13D,KAAQ8uE,EAAU,GAAIrV,EAAY,GAAI5vD,EAASsB,IACtH,MAAMkwE,EAAoB,IAAI5jB,GAC9B4jB,EAAkBzjB,QAAQxyE,KAAKiW,MAC/B,MAAMyhF,EAAe,IAAIjQ,SAAgB6O,GAAuBL,EAAmB7F,EAAar7E,EAAWihF,EAAe1jB,EAAMoX,EAASrV,GAAW,EAAM5vD,IAC1J,OAAO,IAAIgzE,GAAiBz3F,KAAKiW,KAAMyhF,GAezCr6C,OAAOlqB,EAAMm/C,EAAO,IAAI13D,KAAQ6J,EAASsB,IACvC,MAAMywE,EAAgBx2F,KAAK+U,UAAUkiE,QAAQU,YAAY52D,EAAMlM,OAAOE,WAChEkhF,EAAoB,IAAI5jB,GAG9B,OADA4jB,EAAkBzjB,QAAQxyE,KAAKiW,MACxB0gF,GAA0BH,EAAe,CAACP,GAAoB9iE,EAAMm/C,GAAM,EAAM7tD,GAOzFguD,UAEE,OAAOzyE,KAAKiW,KAAK2L,QAAQ,QAAS,MAQpCzI,MAAMsL,EAASsB,IACb,IAAI4xE,EAAS33F,KAAK+U,UAAUkiE,QAAQ/uE,KAAI,SAAS2M,GAC/C,OAAOkM,EAAM7f,KAAK6f,EAAM/M,KAAMa,EAAOw+D,eAAeoD,iBAEtDkhB,EAASA,EAAOvwF,QAAO,SAAS0tF,EAAM7xF,EAAG20F,GAAM,OAAOA,EAAGrxF,QAAQuuF,KAAU7xF,KAC3E,MAAMyiB,EAAO,CACX1R,KAAM2jF,EAAOn2F,OACbyU,KAAMjW,KAAKiW,KACXnM,KAAM9J,KAAK+U,UAAUkiE,QAAQn1E,SAE/B,OAAOqX,GAAM4H,EAAM5H,MAAMG,OAAQoM,OAAMzkB,OAAWA,OAAWA,EAAWwjB,IAarEtjB,eAAe02F,IAAqBC,iBAAEA,SAAkBrzE,KAAWsjE,IAExE,GADAtjE,EAAS,IAAKsB,MAAkBtB,IAC3BqzE,EACH,MAAU50F,MAAM,gFAElB,IAAKkX,EAAKC,SAASy9E,GACjB,MAAU50F,MAAM,mEAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,MAAMlB,QAAcwlB,GAAQgyE,GAC5B,GAAIx3F,EAAM0Z,OAAS+G,EAAM5H,MAAMG,OAC7B,MAAUpW,MAAM,gCAElB,MAAMwkF,QAAmB1Q,GAAW2B,WAAWr4E,EAAMwJ,KAAMgtE,GAAgBryD,IAY7E,SAAuBe,EAASkiE,GAC9B,MAAMqQ,EAAiB,SAASC,GAC9B,MAAM1uB,EAAQz0D,GAAU26B,GAAQ36B,EAAOw+D,gBAAkB7jC,EAEzD,IAAK,IAAIvsC,EAAI,EAAGA,EAAIykF,EAAWtmF,OAAQ6B,IACrC,GAAIykF,EAAWzkF,GAAGnD,YAAYugB,MAAQU,EAAMlM,OAAOE,YAAcijF,EAAU/vF,KAAKqhE,EAAMoe,EAAWzkF,KAC/F,OAAO,EAGX,OAAO,GAGT,IAAIg1F,EAAY,KACZD,EAAY,GAoBhB,GAnBAxyE,EAAQpiB,SAAQ,SAASihB,GAEvB,GADA4zE,EAAY5zE,EAAOC,MAAM,iBACrB2zE,EAaF,MAAU/0F,MAAM,0DAZhB+0F,EAAYA,EAAU,GAAGr2E,QAAQ,MAAO,IACxCq2E,EAAYA,EAAUl4E,MAAM,KAC5Bk4E,EAAYA,EAAU/vF,KAAI,SAAS8L,GACjCA,EAAOA,EAAK00E,cACZ,IACE,OAAO3nE,EAAMjf,MAAMif,EAAM/M,KAAMA,GAC/B,MAAO3P,GACP,MAAUnB,MAAM,2CAA6C8Q,OAGjEgkF,EAAYA,EAAUxxF,OAAOyxF,OAM5BD,EAAU52F,SAAW22F,EAAe,CAACh3E,EAAM/M,KAAKC,MACnD,MAAU/Q,MAAM,qFACX,GAAI80F,EAAU52F,SAAW22F,EAAeC,GAC7C,MAAU90F,MAAM,wDAEpB,CAjDEqiB,CAAcjlB,EAAMklB,QAASkiE,GAC7B,MAAM3yE,EAAY,IAAI0yE,GAAUC,GAChC,OAAO,IAAI+P,GAAiBn3F,EAAM2V,KAAMlB,EAC1C,CAuDO5T,eAAe+2F,IAAuBjiF,KAAEA,KAAS8xE,IACtD,IAAK9xE,EACH,MAAU/S,MAAM,sEAElB,IAAKkX,EAAKC,SAASpE,GACjB,MAAU/S,MAAM,yDAElB,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,OAAO,IAAIi2F,GAAiBxhF,EAC9B,CCnKO9U,eAAe2iD,IAAY4lC,QAAEA,EAAU,GAAElN,WAAEA,EAAUxiE,KAAEA,EAAO,MAAKkuE,QAAEA,EAAU,KAAI13E,MAAEA,EAAQ,aAAYgH,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAO,IAAI13D,KAAMwzE,QAAEA,EAAU,CAAC,IAAG9rC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC/JoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAuB,IAAnBkoF,EAAQtoF,OACV,MAAU8B,MAAM,2CAElB,GAAa,QAAT8W,GAAkBkuE,EAAUzjE,EAAO5B,WACrC,MAAU3f,MAAM,8BAA8BuhB,EAAO5B,oBAAoBqlE,KAG3E,MAAMrjF,EAAU,CAAE6kF,UAASlN,aAAYxiE,OAAMkuE,UAAS13E,QAAOgH,oBAAmB86D,OAAM8b,WAEtF,IACE,MAAMx3E,IAAEA,EAAGu5E,sBAAEA,SHaVhvF,eAAwB0D,EAAS4f,GACtC5f,EAAQi4C,MAAO,GACfj4C,EAAUusF,GAA0BvsF,IAC5BupF,QAAUvpF,EAAQupF,QAAQlmF,KAAI,CAAC6gF,EAAQtpE,IAAU2xE,GAA0BvsF,EAAQupF,QAAQ3uE,GAAQ5a,KAC3G,IAAI0b,EAAW,CAAC63E,GAAyBvzF,EAAS4f,IAClDlE,EAAWA,EAAS/Z,OAAO3B,EAAQupF,QAAQlmF,KAAIrD,GAAWwsF,GAA4BxsF,EAAS4f,MAC/F,MAAMwyD,QAAgBh3E,QAAQ2H,IAAI2Y,GAE5B3J,QAAY86E,GAAcza,EAAQ,GAAIA,EAAQv1E,MAAM,GAAImD,EAAS4f,GACjE0rE,QAA8Bv5E,EAAIyhF,yBAAyBxzF,EAAQytE,KAAM7tD,GAE/E,OADA7N,EAAI40E,qBAAuB,GACpB,CAAE50E,MAAKu5E,wBAChB,CGzBiDhgC,CAAStrD,EAAS4f,GAG/D,OAFA7N,EAAIs1E,UAAU9oF,SAAQ,EAAGm6E,eAAgB0N,GAAqB1N,EAAW94D,KAElE,CACLjL,WAAY8+E,GAAa1hF,EAAK0rC,EAAQ79B,GACtCvS,UAAWomF,GAAa1hF,EAAI85E,WAAYpuC,EAAQ79B,GAChD0rE,yBAEF,MAAO/uC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CAkBOjgD,eAAeo3F,IAAY/+E,WAAEA,EAAUkwE,QAAEA,EAAU,GAAElN,WAAEA,EAAUhlE,kBAAEA,EAAoB,EAAC86D,KAAEA,EAAIhwB,OAAEA,EAAS,iBAAW79B,KAAWsjE,IAC1FoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCilE,EAAU/hD,GAAQ+hD,GAClB,MAAM1B,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAuB,IAAnBkoF,EAAQtoF,OACV,MAAU8B,MAAM,yCAElB,MAAM2B,EAAU,CAAE2U,aAAYkwE,UAASlN,aAAYhlE,oBAAmB86D,QAEtE,IACE,MAAQ17D,IAAK4hF,EAAcrI,sBAAEA,SHE1BhvF,eAAwB0D,EAAS4f,GACtC5f,EAAU4zF,EAAS5zF,GACnB,MAAM2U,WAAEA,GAAe3U,EAEvB,IAAK2U,EAAWoyE,YACd,MAAU1oF,MAAM,gCAGlB,GAAIsW,EAAW+jE,UAAU+B,UACvB,MAAUp8E,MAAM,2CAIlB,IADoBsW,EAAW0yE,UAAUztC,OAAM,EAAG8+B,eAAgBA,EAAUI,gBAE1E,MAAUz6E,MAAM,wBAGlB,MAAMo6E,EAAkB9jE,EAAW+jE,UAE9B14E,EAAQupF,UACXvpF,EAAQupF,cAAgBnuF,QAAQ2H,IAAI4R,EAAW40E,QAAQlmF,KAAI/G,UACzD,MAAMq9E,EAAqBuK,EAAOxL,UAC5B+K,EAAe,CAAE1xE,IAAK0mE,EAAiB73E,KAAM+4E,GAC7CyO,QACJC,GAA+BnE,EAAOgE,kBAAmBzP,EAAiBv8D,EAAMhM,UAAU2B,cAAe4xE,EAAc,KAAM7jE,GAC7HrkB,OAAM,MAAS,KACjB,MAAO,CACL08C,KAAMmwC,EAAiB70E,UAAa60E,EAAiB70E,SAAS,GAAK2I,EAAM3I,SAASS,SACnF,MAIL,MAAM84E,EAAsBn4E,EAAW40E,QAAQlmF,KAAI6gF,GAAUA,EAAOxL,YACpE,GAAI14E,EAAQupF,QAAQhtF,SAAWuwF,EAAoBvwF,OACjD,MAAU8B,MAAM,6DAGlB2B,EAAQupF,QAAUvpF,EAAQupF,QAAQlmF,KAAI+pF,GAAiBwG,EAASxG,EAAeptF,KAE/E,MAAM+R,QAAY86E,GAAcpU,EAAiBqU,EAAqB9sF,EAAS4f,GACzE0rE,QAA8Bv5E,EAAIyhF,yBAAyBxzF,EAAQytE,KAAM7tD,GAE/E,OADA7N,EAAI40E,qBAAuB,GACpB,CAAE50E,MAAKu5E,yBAEd,SAASsI,EAAS5zF,EAASgmF,EAAiB,IAK1C,OAJAhmF,EAAQ2S,kBAAoB3S,EAAQ2S,mBAAqBqzE,EAAerzE,kBACxE3S,EAAQ23E,WAAapiE,EAAKC,SAASxV,EAAQ23E,YAAc33E,EAAQ23E,WAAaqO,EAAerO,WAC7F33E,EAAQytE,KAAOztE,EAAQytE,MAAQuY,EAAevY,KAEvCztE,EAEX,CGrDiE6zF,CAAS7zF,EAAS4f,GAE/E,MAAO,CACLjL,WAAY8+E,GAAaE,EAAgBl2C,EAAQ79B,GACjDvS,UAAWomF,GAAaE,EAAe9H,WAAYpuC,EAAQ79B,GAC3D0rE,yBAEF,MAAO/uC,GACP,MAAMhnC,EAAK6F,UAAU,6BAA8BmhC,GAEvD,CAoBOjgD,eAAew3F,IAAU/hF,IAAEA,EAAGu5E,sBAAEA,EAAqB73E,oBAAEA,EAAmBg6D,KAAEA,EAAO,IAAI13D,KAAM0nC,OAAEA,EAAS,iBAAW79B,KAAWsjE,IACzFoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IACE,MAAMo3F,EAAazI,QACXv5E,EAAIiiF,2BAA2B1I,EAAuB7d,EAAM7tD,SAC5D7N,EAAIkiF,OAAOxgF,EAAqBg6D,EAAM7tD,GAE9C,OAAOm0E,EAAWhN,YAAc,CAC9BpyE,WAAY8+E,GAAaM,EAAYt2C,EAAQ79B,GAC7CvS,UAAWomF,GAAaM,EAAWlI,WAAYpuC,EAAQ79B,IACrD,CACFjL,WAAY,KACZtH,UAAWomF,GAAaM,EAAYt2C,EAAQ79B,IAE9C,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,qBAAsBmhC,GAE/C,CAYOjgD,eAAe43F,IAAWv/E,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAWsjE,IAC1BoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAAKgY,EAAWoyE,YACd,MAAU1oF,MAAM,+BAElB,MAAM81F,EAAmBx/E,EAAW7X,OAAM,GACpCs3F,EAAc7+E,EAAK5Z,QAAQg8E,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMv8E,QAAQ2H,IAAIoxF,EAAiB9M,UAAUhkF,KAAI0O,GAE/CwD,EAAKkG,WAAW24E,EAAY/wF,KAAIs0E,GAAc5lE,EAAI2mE,UAAU5qD,QAAQ6pD,eAGhEwc,EAAiB1zC,SAAS7gC,GACzBu0E,EACP,MAAO53C,GAEP,MADA43C,EAAiBvZ,qBACXrlE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAYOjgD,eAAe+3F,IAAW1/E,WAAEA,EAAUgjE,WAAEA,SAAY/3D,KAAWsjE,IAC1BoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC,MAAMujE,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAAKgY,EAAWoyE,YACd,MAAU1oF,MAAM,+BAElB,MAAM81F,EAAmBx/E,EAAW7X,OAAM,GAEpCwxB,EAAO6lE,EAAiB9M,UACxB+M,EAAc7+E,EAAK5Z,QAAQg8E,GAAcA,EAAiB38E,MAAMszB,EAAK/xB,QAAQ0+C,KAAK08B,GACxF,GAAIyc,EAAY73F,SAAW+xB,EAAK/xB,OAC9B,MAAU8B,MAAM,0DAGlB,IAME,aALMjD,QAAQ2H,IAAIurB,EAAKjrB,KAAI/G,MAAOyV,EAAK3T,KACrC,MAAMs6E,UAAEA,GAAc3mE,QAChB2mE,EAAU7qD,QAAQumE,EAAYh2F,GAAIwhB,GACxC84D,EAAUkC,oBAAoB,KAEzBuZ,EACP,MAAO53C,GAEP,MADA43C,EAAiBvZ,qBACXrlE,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAiCOjgD,eAAeuxB,IAAQnZ,QAAEA,EAAOy7E,eAAEA,EAAcrJ,YAAEA,EAAW4H,UAAEA,EAAS9X,WAAEA,EAAUn5B,OAAEA,EAAS,UAASvtC,UAAEA,EAAY,KAAIugF,SAAEA,GAAW,EAAKU,cAAEA,EAAgB,GAAET,iBAAEA,EAAmB,GAAEjjB,KAAEA,EAAO,IAAI13D,KAAMu+E,eAAEA,EAAiB,GAAEC,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,UAAI50E,KAAWsjE,IAKlS,GAJ0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAa//E,GAAUggF,GAAyBj3C,GAChD0yC,EAAiBrtD,GAAQqtD,GAAiBrJ,EAAchkD,GAAQgkD,GAAc4H,EAAY5rD,GAAQ4rD,GAClGyC,EAAgBruD,GAAQquD,GAAgBT,EAAmB5tD,GAAQ4tD,GAAmB4D,EAAiBxxD,GAAQwxD,GAAiBC,EAAoBzxD,GAAQyxD,GAAoBC,EAAqB1xD,GAAQ0xD,GACzMtR,EAAK5qC,SACP,MAAUj6C,MAAM,+JAElB,GAAI6kF,EAAKyR,WAAY,MAAUt2F,MAAM,gGACrC,GAAI6kF,EAAKqI,YAAa,MAAUltF,MAAM,8FACtC,QAAmBjC,IAAf8mF,EAAK5uE,MAAqB,MAAUjW,MAAM,oFAC9C,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAE3HmqF,IACHA,EAAc,IAEhB,MAAM8N,EAAYlgF,EAAQ49D,WAC1B,IASE,IARIwU,EAAYvqF,QAAU2T,KACxBwE,QAAgBA,EAAQujC,KAAK6uC,EAAa52E,EAAWihF,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,IAEhHlL,EAAUA,EAAQg/D,eACVkR,GAAiB,cAAeuL,EAAgB1iB,EAAM8mB,EAAmB30E,GAC/EA,GAEFlL,QAAgBA,EAAQmZ,QAAQsiE,EAAgBzB,EAAW9X,EAAY6Z,EAAUC,EAAkBjjB,EAAM8mB,EAAmB30E,GAC7G,WAAX69B,EAAqB,OAAO/oC,EAEhC,MAAMJ,EAAmB,YAAXmpC,EAEd,OAAOo3C,GADMvgF,EAAQI,EAAQJ,MAAMsL,GAAUlL,EAAQzX,QAC1B23F,EAAWtgF,EAAQ,OAAS,UACvD,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CAmCOjgD,eAAewxB,IAAQpZ,QAAEA,EAAO+5E,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWxH,iBAAEA,EAAgB2N,aAAEA,GAAe,EAAKr3C,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAGxL,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAa//E,GAAUyyE,EAAmBrkD,GAAQqkD,GAAmBsH,EAAiB3rD,GAAQ2rD,GAAiBC,EAAY5rD,GAAQ4rD,GAAYC,EAAc7rD,GAAQ6rD,GACjKzL,EAAKqI,YAAa,MAAUltF,MAAM,iGACtC,GAAI6kF,EAAKyR,WAAY,MAAUt2F,MAAM,kGACrC,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IACE,MAAMw4E,QAAkBzgE,EAAQoZ,QAAQ2gE,EAAgBC,EAAWC,EAAalhB,EAAM7tD,GACjFunE,IACHA,EAAmB,IAGrB,MAAMvqF,EAAS,GAKf,GAJAA,EAAO4mF,WAAatzE,QAAkBilE,EAAU4c,eAAe7hF,EAAWi3E,EAAkB1Z,EAAM7tD,SAAgBu1D,EAAU38B,OAAO2uC,EAAkB1Z,EAAM7tD,GAC3JhjB,EAAOqI,KAAkB,WAAXw4C,EAAsB03B,EAAU+a,iBAAmB/a,EAAUvH,UAC3EhxE,EAAO8wE,SAAWyH,EAAUnH,cAC5B+mB,GAAYn4F,EAAQ8X,GAChBogF,EAAc,CAChB,GAAgC,IAA5B3N,EAAiB5qF,OACnB,MAAU8B,MAAM,+DAElB,GAAiC,IAA7BzB,EAAO4mF,WAAWjnF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOqI,KAAOyT,EAAc,CAC1B9b,EAAOqI,KACPmrE,GAAiB9zE,gBACTiZ,EAAKkG,WAAW7e,EAAO4mF,WAAWngF,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAxxE,EAAOqI,WAAa4vF,GAAcj4F,EAAOqI,KAAMyP,EAAQ49D,WAAY70B,GAC5D7gD,EACP,MAAO2/C,GACP,MAAMhnC,EAAK6F,UAAU,2BAA4BmhC,GAErD,CA0BOjgD,eAAe27C,IAAKvjC,QAAEA,EAAOoyE,YAAEA,EAAWrpC,OAAEA,EAAS,UAASnF,SAAEA,GAAW,EAAK64C,cAAEA,EAAgB,GAAE1jB,KAAEA,EAAO,IAAI13D,KAAMu+E,eAAEA,EAAiB,GAAEE,mBAAEA,EAAqB,UAAI50E,KAAWsjE,IAKvL,GAJ0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCo1E,GAAwBtgF,GAAUggF,GAAyBj3C,GAC3DqpC,EAAchkD,GAAQgkD,GAAcqK,EAAgBruD,GAAQquD,GAAgBmD,EAAiBxxD,GAAQwxD,GAAiBE,EAAqB1xD,GAAQ0xD,GAE/ItR,EAAKqI,YAAa,MAAUltF,MAAM,2FACtC,QAAmBjC,IAAf8mF,EAAK5uE,MAAqB,MAAUjW,MAAM,iFAC9C,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAI+X,aAAmBk+E,IAA+B,WAAXn1C,EAAqB,MAAUp/C,MAAM,2DAChF,GAAIqW,aAAmBk+E,IAAoBt6C,EAAU,MAAUj6C,MAAM,0CAErE,IAAKyoF,GAAsC,IAAvBA,EAAYvqF,OAC9B,MAAU8B,MAAM,4BAGlB,IACE,IAAI6R,EAMJ,GAJEA,EADEooC,QACgB5jC,EAAQugF,aAAanO,OAAa1qF,EAAW+0F,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,SAEtGlL,EAAQujC,KAAK6uC,OAAa1qF,EAAW+0F,EAAe1jB,EAAM6mB,EAAgBE,EAAoB50E,GAEnG,WAAX69B,EAAqB,OAAOvtC,EAEhC,MAAMoE,EAAmB,YAAXmpC,EAUd,OATAvtC,EAAYoE,EAAQpE,EAAUoE,MAAMsL,GAAU1P,EAAUjT,QACpDq7C,IACFpoC,EAAYuR,EAAqB/M,EAAQ09D,QAAQn1E,SAASX,MAAOqH,EAAUC,WACnExI,QAAQ2H,IAAI,CAChBif,EAAY9R,EAAWtM,GACvBke,EAAiBne,GAAUpI,OAAM,UACjC,KAGCs5F,GAAc3kF,EAAWwE,EAAQ49D,WAAYh+D,EAAQ,OAAS,UACrE,MAAOioC,GACP,MAAMhnC,EAAK6F,UAAU,wBAAyBmhC,GAElD,CA8BOjgD,eAAek8C,IAAO9jC,QAAEA,EAAOyyE,iBAAEA,EAAgB2N,aAAEA,GAAe,EAAKr3C,OAAEA,EAAS,OAAMvtC,UAAEA,EAAY,KAAIu9D,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAG/I,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCo1E,GAAwBtgF,GAAUyyE,EAAmBrkD,GAAQqkD,GACzDjE,EAAKyR,WAAY,MAAUt2F,MAAM,iGACrC,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,GAAI+X,aAAmBk+E,IAA+B,WAAXn1C,EAAqB,MAAUp/C,MAAM,iDAChF,GAAIqW,aAAmBk+E,IAAoB1iF,EAAW,MAAU7R,MAAM,6CAEtE,IACE,MAAMzB,EAAS,GAQf,GANEA,EAAO4mF,WADLtzE,QACwBwE,EAAQq9E,eAAe7hF,EAAWi3E,EAAkB1Z,EAAM7tD,SAE1DlL,EAAQ8jC,OAAO2uC,EAAkB1Z,EAAM7tD,GAEnEhjB,EAAOqI,KAAkB,WAAXw4C,EAAsB/oC,EAAQw7E,iBAAmBx7E,EAAQk5D,UACnEl5D,EAAQ49D,aAAepiE,GAAW6kF,GAAYn4F,EAAQ8X,GACtDogF,EAAc,CAChB,GAAiC,IAA7Bl4F,EAAO4mF,WAAWjnF,OACpB,MAAU8B,MAAM,yBAElBzB,EAAOqI,KAAOyT,EAAc,CAC1B9b,EAAOqI,KACPmrE,GAAiB9zE,gBACTiZ,EAAKkG,WAAW7e,EAAO4mF,WAAWngF,KAAIk1C,GAAOA,EAAI61B,WAAU,MAKvE,OADAxxE,EAAOqI,WAAa4vF,GAAcj4F,EAAOqI,KAAMyP,EAAQ49D,WAAY70B,GAC5D7gD,EACP,MAAO2/C,GACP,MAAMhnC,EAAK6F,UAAU,iCAAkCmhC,GAE3D,CAoBOjgD,eAAe87E,IAAmB+X,eAAEA,EAAc1iB,KAAEA,EAAO,IAAI13D,KAAMw+E,kBAAEA,EAAoB,UAAI30E,KAAWsjE,IAG/G,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChCuwE,EAAiBrtD,GAAQqtD,GAAiBoE,EAAoBzxD,GAAQyxD,GAClErR,EAAKyR,WAAY,MAAUt2F,MAAM,2GACrC,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAEE,aAD0ByxF,GAAQhW,mBAAmB+X,EAAgB1iB,EAAM8mB,EAAmB30E,GAE9F,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAqBOjgD,eAAeq0F,IAAkB1rF,KAAEA,EAAI+/C,UAAEA,EAASwwB,cAAEA,EAAa2a,eAAEA,EAAczB,UAAEA,EAASjxC,OAAEA,EAAS,UAASgzC,SAAEA,GAAW,EAAKC,iBAAEA,EAAmB,GAAEjjB,KAAEA,EAAO,IAAI13D,KAAMw+E,kBAAEA,EAAoB,UAAI30E,KAAWsjE,IAItN,GAH0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAgElC,SAAqB3a,EAAMoB,GACzB,IAAKkP,EAAKxX,aAAakH,GACrB,MAAU5G,MAAM,eAAiBgI,GAAQ,QAAU,+BAEvD,CAnEE6uF,CAAYjwF,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAKkP,EAAKC,SAASvQ,GACjB,MAAU5G,MAAM,eAAiBgI,GAAQ,QAAU,2BAEvD,CA9DqB8uF,CAAYnwC,EAAW,aAAc0vC,GAAyBj3C,GACjF0yC,EAAiBrtD,GAAQqtD,GAAiBzB,EAAY5rD,GAAQ4rD,GAAYgC,EAAmB5tD,GAAQ4tD,GAAmB6D,EAAoBzxD,GAAQyxD,GAChJrR,EAAKyR,WAAY,MAAUt2F,MAAM,0GACrC,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,KAAMwzF,GAA4C,IAA1BA,EAAe5zF,QAAmBmyF,GAAkC,IAArBA,EAAUnyF,QAC/E,MAAU8B,MAAM,6CAGlB,IAEE,OAAOo1F,SADerF,GAAQuC,kBAAkB1rF,EAAM+/C,EAAWwwB,EAAe2a,EAAgBzB,EAAW+B,EAAUC,EAAkBjjB,EAAM8mB,EAAmB30E,GACnI69B,EAAQ79B,GACrC,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,+BAAgCmhC,GAEzD,CAiBOjgD,eAAeuyF,IAAmBn6E,QAAEA,EAAO+5E,eAAEA,EAAcC,UAAEA,EAASjhB,KAAEA,EAAO,IAAI13D,YAAQ6J,KAAWsjE,IAG3G,GAF0CoQ,GAA1C1zE,EAAS,IAAKsB,MAAkBtB,IAChC60E,GAAa//E,GAAU+5E,EAAiB3rD,GAAQ2rD,GAAiBC,EAAY5rD,GAAQ4rD,GACjFxL,EAAKqI,YAAa,MAAUltF,MAAM,4GACtC,MAAM8kF,EAAiBj9E,OAAOooB,KAAK40D,GAAO,GAAIC,EAAe5mF,OAAS,EAAG,MAAU8B,MAAM,mBAAmB8kF,EAAexmF,KAAK,OAEhI,IAEE,aAD0B+X,EAAQm6E,mBAAmBJ,EAAgBC,EAAWjhB,EAAM7tD,GAEtF,MAAO28B,GACP,MAAMhnC,EAAK6F,UAAU,gCAAiCmhC,GAE1D,CAwBA,SAASk4C,GAAa//E,GACpB,KAAMA,aAAmB05E,IACvB,MAAU/vF,MAAM,kDAEpB,CACA,SAAS22F,GAAwBtgF,GAC/B,KAAMA,aAAmBk+E,IAAuBl+E,aAAmB05E,IACjE,MAAU/vF,MAAM,sEAEpB,CACA,SAASq2F,GAAyBj3C,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUp/C,MAAM,sBAAsBo/C,EAE1C,CACA,MAAM23C,GAA0BlvF,OAAOooB,KAAKpN,IAAe3kB,OAC3D,SAAS+2F,GAAY1zE,GACnB,MAAMy1E,EAAmBnvF,OAAOooB,KAAK1O,GACrC,GAAIy1E,EAAiB94F,SAAW64F,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiCj5F,IAA7B8kB,GAAco0E,GAChB,MAAUj3F,MAAM,4BAA4Bi3F,EAIpD,CAQA,SAASxyD,GAAQ6jB,GAIf,OAHIA,IAAUpxC,EAAK5Z,QAAQgrD,KACzBA,EAAQ,CAACA,IAEJA,CACT,CAWArqD,eAAeu4F,GAAc5vF,EAAM2vF,EAAWW,EAAW,QACvD,MAAMx0F,EAAawU,EAAK5X,SAASsH,GACjC,MAAmB,UAAflE,EACK+gB,EAAiB7c,GAER,SAAd2vF,GACF3vF,EAAOmvE,EAAiBnvE,GACP,WAAbswF,GAAuBtwF,EAAKuwF,YAAYD,GACrCtwF,GAES,QAAd2vF,GAAsC,aAAf7zF,EAClB00F,EAAwBxwF,GAE1BA,CACT,CAUA,SAAS8vF,GAAYn4F,EAAQ8X,GAC3B9X,EAAOqI,KAAOwc,EAAqB/M,EAAQ09D,QAAQl2E,QAAQI,MAAOqH,EAAUC,WACpEoe,EAAYplB,EAAOqI,KAAMrB,EAAU,CACvCE,cAAc,IAEhB,MAAMjI,EAAS8lB,EAAiB/d,GAChC,UAEQke,EAAiBne,GAAU67C,GAAKA,UAChC3jD,EAAOsB,QACb,MAAOqC,SACD3D,EAAOuB,MAAMoC,MAGzB,CASA,SAASi0F,GAAaiC,EAAQj4C,EAAQ79B,GACpC,OAAQ69B,GACN,IAAK,SACH,OAAOi4C,EACT,IAAK,UACH,OAAOA,EAAOphF,MAAMsL,GACtB,IAAK,SACH,OAAO81E,EAAOz4F,QAChB,QACE,MAAUoB,MAAM,sBAAsBo/C,GAE5C,CCrtBA,MAAMk4C,GAAmC,mBAAXh7F,QAAoD,iBAApBA,OAAOi7F,SACjEj7F,OACAk7F,GAAe,UAAUA,KAG7B,SAASC,KAET,CAaA,MAAMC,GAXkB,oBAATl9C,KACAA,KAEgB,oBAAX8b,OACLA,OAEgB,oBAAXsmB,OACLA,YADN,EAOT,SAAS+a,GAAa/tF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CACA,MAAMguF,GAAiCH,GAEjCI,GAAkB96F,QAClB+6F,GAAsB/6F,QAAQe,UAAUY,KACxCq5F,GAAyBh7F,QAAQC,QAAQuF,KAAKs1F,IAC9CG,GAAwBj7F,QAAQE,OAAOsF,KAAKs1F,IAClD,SAASI,GAAWC,GAChB,OAAO,IAAIL,GAAgBK,EAC/B,CACA,SAASC,GAAoBh6F,GACzB,OAAO45F,GAAuB55F,EAClC,CACA,SAASi6F,GAAoBp5F,GACzB,OAAOg5F,GAAsBh5F,EACjC,CACA,SAASq5F,GAAmB96E,EAAS+6E,EAAaC,GAG9C,OAAOT,GAAoBl6F,KAAK2f,EAAS+6E,EAAaC,EAC1D,CACA,SAASC,GAAYj7E,EAAS+6E,EAAaC,GACvCF,GAAmBA,GAAmB96E,EAAS+6E,EAAaC,QAAax6F,EAAW65F,GACxF,CACA,SAASa,GAAgBl7E,EAAS+6E,GAC9BE,GAAYj7E,EAAS+6E,EACzB,CACA,SAASI,GAAcn7E,EAASg7E,GAC5BC,GAAYj7E,OAASxf,EAAWw6F,EACpC,CACA,SAASI,GAAqBp7E,EAASq7E,EAAoBC,GACvD,OAAOR,GAAmB96E,EAASq7E,EAAoBC,EAC3D,CACA,SAASC,GAA0Bv7E,GAC/B86E,GAAmB96E,OAASxf,EAAW65F,GAC3C,CACA,MAAMmB,GAAiB,MACnB,MAAMC,EAAuBtB,IAAWA,GAAQqB,eAChD,GAAoC,mBAAzBC,EACP,OAAOA,EAEX,MAAMC,EAAkBd,QAAoBp6F,GAC5C,OAAQgJ,GAAOsxF,GAAmBY,EAAiBlyF,EACtD,EAPsB,GAQvB,SAASmyF,GAAYC,EAAGhwC,EAAGz7B,GACvB,GAAiB,mBAANyrE,EACP,MAAM,IAAIxqE,UAAU,8BAExB,OAAOyqE,SAASt7F,UAAU6b,MAAM/b,KAAKu7F,EAAGhwC,EAAGz7B,EAC/C,CACA,SAAS2rE,GAAYF,EAAGhwC,EAAGz7B,GACvB,IACI,OAAOyqE,GAAoBe,GAAYC,EAAGhwC,EAAGz7B,IAEjD,MAAOvvB,GACH,OAAOi6F,GAAoBj6F,GAEnC,CAWA,MAAMm7F,GACF18F,cACIE,KAAKy8F,QAAU,EACfz8F,KAAK08F,MAAQ,EAEb18F,KAAK28F,OAAS,CACVC,UAAW,GACXC,WAAO57F,GAEXjB,KAAK88F,MAAQ98F,KAAK28F,OAIlB38F,KAAKy8F,QAAU,EAEfz8F,KAAK08F,MAAQ,EAEbt7F,aACA,OAAOpB,KAAK08F,MAMhB76F,KAAKwB,GACD,MAAM05F,EAAU/8F,KAAK88F,MACrB,IAAIE,EAAUD,EACmBE,QAA7BF,EAAQH,UAAUx7F,SAClB47F,EAAU,CACNJ,UAAW,GACXC,WAAO57F,IAKf87F,EAAQH,UAAU/6F,KAAKwB,GACnB25F,IAAYD,IACZ/8F,KAAK88F,MAAQE,EACbD,EAAQF,MAAQG,KAElBh9F,KAAK08F,MAIXx2F,QACI,MAAMg3F,EAAWl9F,KAAK28F,OACtB,IAAIQ,EAAWD,EACf,MAAME,EAAYp9F,KAAKy8F,QACvB,IAAIY,EAAYD,EAAY,EAC5B,MAAME,EAAWJ,EAASN,UACpBv5F,EAAUi6F,EAASF,GAazB,OAtEqB,QA0DjBC,IACAF,EAAWD,EAASL,MACpBQ,EAAY,KAGdr9F,KAAK08F,MACP18F,KAAKy8F,QAAUY,EACXH,IAAaC,IACbn9F,KAAK28F,OAASQ,GAGlBG,EAASF,QAAan8F,EACfoC,EAUXD,QAAQ6B,GACJ,IAAIhC,EAAIjD,KAAKy8F,QACTh1C,EAAOznD,KAAK28F,OACZW,EAAW71C,EAAKm1C,UACpB,OAAO35F,IAAMq6F,EAASl8F,aAAyBH,IAAfwmD,EAAKo1C,OAC7B55F,IAAMq6F,EAASl8F,SACfqmD,EAAOA,EAAKo1C,MACZS,EAAW71C,EAAKm1C,UAChB35F,EAAI,EACoB,IAApBq6F,EAASl8F,UAIjB6D,EAASq4F,EAASr6F,MAChBA,EAKVs6F,OACI,MAAMC,EAAQx9F,KAAK28F,OACbjsE,EAAS1wB,KAAKy8F,QACpB,OAAOe,EAAMZ,UAAUlsE,IAI/B,SAAS+sE,GAAsCl4F,EAAQxE,GACnDwE,EAAOm4F,qBAAuB38F,EAC9BA,EAAO+D,QAAUS,EACK,aAAlBxE,EAAO48F,OACPC,GAAqCr4F,GAEd,WAAlBxE,EAAO48F,OAsCpB,SAAwDp4F,GACpDq4F,GAAqCr4F,GACrCs4F,GAAkCt4F,EACtC,CAxCQu4F,CAA+Cv4F,GAG/Cw4F,GAA+Cx4F,EAAQxE,EAAOi9F,aAEtE,CAGA,SAASC,GAAkC14F,EAAQrD,GAE/C,OAAOg8F,GADQ34F,EAAOm4F,qBACcx7F,EACxC,CACA,SAASi8F,GAAmC54F,GACG,aAAvCA,EAAOm4F,qBAAqBC,OAC5BS,GAAiC74F,EAAQ,IAAIssB,UAAU,qFAoC/D,SAAmDtsB,EAAQrD,GACvD67F,GAA+Cx4F,EAAQrD,EAC3D,CAnCQm8F,CAA0C94F,EAAQ,IAAIssB,UAAU,qFAEpEtsB,EAAOm4F,qBAAqB54F,aAAU7D,EACtCsE,EAAOm4F,0BAAuBz8F,CAClC,CAEA,SAASq9F,GAAoBpzF,GACzB,OAAO,IAAI2mB,UAAU,UAAY3mB,EAAO,oCAC5C,CAEA,SAAS0yF,GAAqCr4F,GAC1CA,EAAOg5F,eAAiBpD,IAAW,CAACj7F,EAASC,KACzCoF,EAAOi5F,uBAAyBt+F,EAChCqF,EAAOk5F,sBAAwBt+F,CAAM,GAE7C,CACA,SAAS49F,GAA+Cx4F,EAAQrD,GAC5D07F,GAAqCr4F,GACrC64F,GAAiC74F,EAAQrD,EAC7C,CAKA,SAASk8F,GAAiC74F,EAAQrD,QACTjB,IAAjCsE,EAAOk5F,wBAGXzC,GAA0Bz2F,EAAOg5F,gBACjCh5F,EAAOk5F,sBAAsBv8F,GAC7BqD,EAAOi5F,4BAAyBv9F,EAChCsE,EAAOk5F,2BAAwBx9F,EACnC,CAIA,SAAS48F,GAAkCt4F,QACDtE,IAAlCsE,EAAOi5F,yBAGXj5F,EAAOi5F,4BAAuBv9F,GAC9BsE,EAAOi5F,4BAAyBv9F,EAChCsE,EAAOk5F,2BAAwBx9F,EACnC,CAEA,MAAMy9F,GAAalE,GAAe,kBAC5BmE,GAAanE,GAAe,kBAC5BoE,GAAcpE,GAAe,mBAC7BqE,GAAYrE,GAAe,iBAI3BsE,GAAiBxvF,OAAOyvF,UAAY,SAAUjyF,GAChD,MAAoB,iBAANA,GAAkBiyF,SAASjyF,EAC7C,EAIMkyF,GAAYtzF,KAAKuzF,OAAS,SAAUpnD,GACtC,OAAOA,EAAI,EAAInsC,KAAKmQ,KAAKg8B,GAAKnsC,KAAKsP,MAAM68B,EAC7C,EAMA,SAASqnD,GAAiB9+C,EAAK++C,GAC3B,QAAYl+F,IAARm/C,IAHgB,iBADFtzC,EAIqBszC,IAHM,mBAANtzC,GAInC,MAAM,IAAI+kB,UAAastE,EAAH,sBAL5B,IAAsBryF,CAOtB,CAEA,SAASsyF,GAAetyF,EAAGqyF,GACvB,GAAiB,mBAANryF,EACP,MAAM,IAAI+kB,UAAastE,EAAH,sBAE5B,CAKA,SAASE,GAAavyF,EAAGqyF,GACrB,IAJJ,SAAkBryF,GACd,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAES85E,CAAS95E,GACV,MAAM,IAAI+kB,UAAastE,EAAH,qBAE5B,CACA,SAASG,GAAuBxyF,EAAGyyF,EAAUJ,GACzC,QAAUl+F,IAAN6L,EACA,MAAM,IAAI+kB,UAAU,aAAa0tE,qBAA4BJ,MAErE,CACA,SAASK,GAAoB1yF,EAAG2yF,EAAON,GACnC,QAAUl+F,IAAN6L,EACA,MAAM,IAAI+kB,UAAU,GAAG4tE,qBAAyBN,MAExD,CAEA,SAASO,GAA0Br+F,GAC/B,OAAOiO,OAAOjO,EAClB,CACA,SAASs+F,GAAmB7yF,GACxB,OAAa,IAANA,EAAU,EAAIA,CACzB,CAKA,SAAS8yF,GAAwCv+F,EAAO89F,GACpD,MACMU,EAAavwF,OAAOC,iBAC1B,IAAIzC,EAAIwC,OAAOjO,GAEf,GADAyL,EAAI6yF,GAAmB7yF,IAClBgyF,GAAehyF,GAChB,MAAM,IAAI+kB,UAAastE,EAAH,2BAGxB,GADAryF,EAZJ,SAAqBA,GACjB,OAAO6yF,GAAmBX,GAAUlyF,GACxC,CAUQgzF,CAAYhzF,GACZA,EARe,GAQGA,EAAI+yF,EACtB,MAAM,IAAIhuE,UAAU,GAAGstE,2CAA6DU,gBAExF,OAAKf,GAAehyF,IAAY,IAANA,EAOnBA,EANI,CAOf,CAEA,SAASizF,GAAqBjzF,EAAGqyF,GAC7B,IAAKa,GAAiBlzF,GAClB,MAAM,IAAI+kB,UAAastE,EAAH,4BAE5B,CAGA,SAASc,GAAmCl/F,GACxC,OAAO,IAAIm/F,GAA4Bn/F,EAC3C,CAEA,SAASo/F,GAA6Bp/F,EAAQq/F,GAC1Cr/F,EAAO+D,QAAQu7F,cAAcx+F,KAAKu+F,EACtC,CACA,SAASE,GAAiCv/F,EAAQgB,EAAOT,GACrD,MACM8+F,EADSr/F,EAAO+D,QACKu7F,cAAcn6F,QACrC5E,EACA8+F,EAAYG,cAGZH,EAAYI,YAAYz+F,EAEhC,CACA,SAAS0+F,GAAiC1/F,GACtC,OAAOA,EAAO+D,QAAQu7F,cAAcj/F,MACxC,CACA,SAASs/F,GAA+B3/F,GACpC,MAAMwE,EAASxE,EAAO+D,QACtB,YAAe7D,IAAXsE,KAGCo7F,GAA8Bp7F,EAIvC,CAMA,MAAM26F,GACFpgG,YAAYiB,GAGR,GAFAu+F,GAAuBv+F,EAAQ,EAAG,+BAClCg/F,GAAqBh/F,EAAQ,mBACzB6/F,GAAuB7/F,GACvB,MAAM,IAAI8wB,UAAU,+EAExB4rE,GAAsCz9F,KAAMe,GAC5Cf,KAAKqgG,cAAgB,IAAI7D,GAMzB37F,aACA,OAAK8/F,GAA8B3gG,MAG5BA,KAAKu+F,eAFDjD,GAAoBuF,GAAiC,WAOpEp8F,OAAOvC,EAASjB,WACZ,OAAK0/F,GAA8B3gG,WAGDiB,IAA9BjB,KAAK09F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCj+F,KAAMkC,GALpCo5F,GAAoBuF,GAAiC,WAYpE3/F,OACI,IAAKy/F,GAA8B3gG,MAC/B,OAAOs7F,GAAoBuF,GAAiC,SAEhE,QAAkC5/F,IAA9BjB,KAAK09F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACj7F,EAASC,KACjC2gG,EAAiB5gG,EACjB6gG,EAAgB5gG,CAAM,IAQ1B,OADA6gG,GAAgChhG,KALZ,CAChBwgG,YAAaz+F,GAAS++F,EAAe,CAAEz/F,MAAOU,EAAOT,MAAM,IAC3Di/F,YAAa,IAAMO,EAAe,CAAEz/F,WAAOJ,EAAWK,MAAM,IAC5D2/F,YAAa58F,GAAK08F,EAAc18F,KAG7Boc,EAWX7f,cACI,IAAK+/F,GAA8B3gG,MAC/B,MAAM6gG,GAAiC,eAE3C,QAAkC5/F,IAA9BjB,KAAK09F,qBAAT,CAGA,GAAI19F,KAAKqgG,cAAcj/F,OAAS,EAC5B,MAAM,IAAIywB,UAAU,uFAExBssE,GAAmCn+F,QAgB3C,SAAS2gG,GAA8B7zF,GACnC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,gBAIjD,CACA,SAASk0F,GAAgCz7F,EAAQ66F,GAC7C,MAAMr/F,EAASwE,EAAOm4F,qBACtB38F,EAAOmgG,YAAa,EACE,WAAlBngG,EAAO48F,OACPyC,EAAYG,cAEW,YAAlBx/F,EAAO48F,OACZyC,EAAYa,YAAYlgG,EAAOi9F,cAG/Bj9F,EAAOogG,0BAA0BtC,IAAWuB,EAEpD,CAEA,SAASS,GAAiC31F,GACtC,OAAO,IAAI2mB,UAAU,yCAAyC3mB,sDAClE,CAGA,IAAIk2F,GAzCJr2F,OAAOs2F,iBAAiBnB,GAA4Bl/F,UAAW,CAC3DyD,OAAQ,CAAEkhC,YAAY,GACtBzkC,KAAM,CAAEykC,YAAY,GACpB/kC,YAAa,CAAE+kC,YAAY,GAC3B9kC,OAAQ,CAAE8kC,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe60F,GAA4Bl/F,UAAWw5F,GAAe8G,YAAa,CACrFjgG,MAAO,8BACPukC,cAAc,IAiCsB,iBAAjC40D,GAAe+G,gBAGtBH,GAAyB,CAGrB,CAAC5G,GAAe+G,iBACZ,OAAOvhG,OAGf+K,OAAOM,eAAe+1F,GAAwB5G,GAAe+G,cAAe,CAAE57D,YAAY,KAI9F,MAAM67D,GACF1hG,YAAYyF,EAAQyD,GAChBhJ,KAAKyhG,qBAAkBxgG,EACvBjB,KAAK0hG,aAAc,EACnB1hG,KAAK8E,QAAUS,EACfvF,KAAK2hG,eAAiB34F,EAE1Bo6D,OACI,MAAMw+B,EAAY,IAAM5hG,KAAK6hG,aAI7B,OAHA7hG,KAAKyhG,gBAAkBzhG,KAAKyhG,gBACxB5F,GAAqB77F,KAAKyhG,gBAAiBG,EAAWA,GACtDA,IACG5hG,KAAKyhG,gBAEhBK,OAAOzgG,GACH,MAAM0gG,EAAc,IAAM/hG,KAAKgiG,aAAa3gG,GAC5C,OAAOrB,KAAKyhG,gBACR5F,GAAqB77F,KAAKyhG,gBAAiBM,EAAaA,GACxDA,IAERF,aACI,GAAI7hG,KAAK0hG,YACL,OAAOzhG,QAAQC,QAAQ,CAAEmB,WAAOJ,EAAWK,MAAM,IAErD,MAAMiE,EAASvF,KAAK8E,QACpB,QAAoC7D,IAAhCsE,EAAOm4F,qBACP,OAAOpC,GAAoBgD,GAAoB,YAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACj7F,EAASC,KACjC2gG,EAAiB5gG,EACjB6gG,EAAgB5gG,CAAM,IAuB1B,OADA6gG,GAAgCz7F,EApBZ,CAChBi7F,YAAaz+F,IACT/B,KAAKyhG,qBAAkBxgG,EAGvBg7F,IAAe,IAAM6E,EAAe,CAAEz/F,MAAOU,EAAOT,MAAM,KAAS,EAEvEi/F,YAAa,KACTvgG,KAAKyhG,qBAAkBxgG,EACvBjB,KAAK0hG,aAAc,EACnBvD,GAAmC54F,GACnCu7F,EAAe,CAAEz/F,WAAOJ,EAAWK,MAAM,GAAO,EAEpD2/F,YAAa/+F,IACTlC,KAAKyhG,qBAAkBxgG,EACvBjB,KAAK0hG,aAAc,EACnBvD,GAAmC54F,GACnCw7F,EAAc7+F,EAAO,IAItBue,EAEXuhF,aAAa3gG,GACT,GAAIrB,KAAK0hG,YACL,OAAOzhG,QAAQC,QAAQ,CAAEmB,QAAOC,MAAM,IAE1CtB,KAAK0hG,aAAc,EACnB,MAAMn8F,EAASvF,KAAK8E,QACpB,QAAoC7D,IAAhCsE,EAAOm4F,qBACP,OAAOpC,GAAoBgD,GAAoB,qBAEnD,IAAKt+F,KAAK2hG,eAAgB,CACtB,MAAMlgG,EAASw8F,GAAkC14F,EAAQlE,GAEzD,OADA88F,GAAmC54F,GAC5Bs2F,GAAqBp6F,GAAQ,MAASJ,QAAOC,MAAM,MAG9D,OADA68F,GAAmC54F,GAC5B81F,GAAoB,CAAEh6F,QAAOC,MAAM,KAGlD,MAAM2gG,GAAuC,CACzC7+B,OACI,OAAK8+B,GAA8BliG,MAG5BA,KAAKmiG,mBAAmB/+B,OAFpBk4B,GAAoB8G,GAAuC,UAI1EN,OAAOzgG,GACH,OAAK6gG,GAA8BliG,MAG5BA,KAAKmiG,mBAAmBL,OAAOzgG,GAF3Bi6F,GAAoB8G,GAAuC,aAgB9E,SAASF,GAA8Bp1F,GACnC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,qBAIjD,CAEA,SAASs1F,GAAuCl3F,GAC5C,OAAO,IAAI2mB,UAAU,+BAA+B3mB,qDACxD,MAvB+BjK,IAA3BmgG,IACAr2F,OAAOs3F,eAAeJ,GAAsCb,IA0BhE,MAAMkB,GAAchzF,OAAOizF,OAAS,SAAUz1F,GAE1C,OAAOA,GAAMA,CACjB,EAEA,SAAS01F,GAA0B3qD,GAC/B,QAQJ,SAA6BA,GACzB,GAAiB,iBAANA,EACP,OAAO,EAEX,GAAIyqD,GAAYzqD,GACZ,OAAO,EAEX,GAAIA,EAAI,EACJ,OAAO,EAEX,OAAO,CACX,CAnBS4qD,CAAoB5qD,IAGrBA,IAAMrsC,GAId,CAcA,SAASk3F,GAAaC,GAClB,MAAMC,EAAOD,EAAUE,OAAO38F,QAK9B,OAJAy8F,EAAUG,iBAAmBF,EAAK59F,KAC9B29F,EAAUG,gBAAkB,IAC5BH,EAAUG,gBAAkB,GAEzBF,EAAKvhG,KAChB,CACA,SAAS0hG,GAAqBJ,EAAWthG,EAAO2D,GAE5C,IAAKw9F,GADLx9F,EAAOsK,OAAOtK,IAEV,MAAM,IAAIuwC,WAAW,wDAEzBotD,EAAUE,OAAOhhG,KAAK,CAAER,QAAO2D,SAC/B29F,EAAUG,iBAAmB99F,CACjC,CAKA,SAASg+F,GAAWL,GAChBA,EAAUE,OAAS,IAAIrG,GACvBmG,EAAUG,gBAAkB,CAChC,CAEA,SAASG,GAAoB3F,GAGzB,OAAOA,EAAS57F,OACpB,CAkBA,MAAMwhG,GACFpjG,cACI,MAAM,IAAI+xB,UAAU,uBAKpBigB,WACA,IAAKqxD,GAA4BnjG,MAC7B,MAAMojG,GAA+B,QAEzC,OAAOpjG,KAAKqjG,MAEhBC,QAAQC,GACJ,IAAKJ,GAA4BnjG,MAC7B,MAAMojG,GAA+B,WAIzC,GAFA9D,GAAuBiE,EAAc,EAAG,WACxCA,EAAe3D,GAAwC2D,EAAc,wBAChBtiG,IAAjDjB,KAAKwjG,wCACL,MAAM,IAAI3xE,UAAU,0CAEH7xB,KAAKqjG,MAAMp/F,OAufxC,SAA6CJ,EAAY0/F,GAErD,GADAA,EAAej0F,OAAOi0F,IACjBf,GAA0Be,GAC3B,MAAM,IAAIhuD,WAAW,iCAEzBkuD,GAA4C5/F,EAAY0/F,EAC5D,CA5fQG,CAAoC1jG,KAAKwjG,wCAAyCD,GAEtFI,mBAAmB7xD,GACf,IAAKqxD,GAA4BnjG,MAC7B,MAAMojG,GAA+B,sBAGzC,GADA9D,GAAuBxtD,EAAM,EAAG,uBAC3B3sB,YAAYy+E,OAAO9xD,GACpB,MAAM,IAAIjgB,UAAU,gDAExB,GAAwB,IAApBigB,EAAK3tC,WACL,MAAM,IAAI0tB,UAAU,uCAExB,GAA+B,IAA3BigB,EAAK7tC,OAAOE,WACZ,MAAM,IAAI0tB,UAAU,gDAExB,QAAqD5wB,IAAjDjB,KAAKwjG,wCACL,MAAM,IAAI3xE,UAAU,2CA4ehC,SAAwDhuB,EAAYiuC,GAChE,MAAM+xD,EAAkBhgG,EAAWigG,kBAAkBvG,OACrD,GAAIsG,EAAgB3/F,WAAa2/F,EAAgBE,cAAgBjyD,EAAK5tC,WAClE,MAAM,IAAIqxC,WAAW,2DAEzB,GAAIsuD,EAAgB1/F,aAAe2tC,EAAK3tC,WACpC,MAAM,IAAIoxC,WAAW,8DAEzBsuD,EAAgB5/F,OAAS6tC,EAAK7tC,OAC9Bw/F,GAA4C5/F,EAAYiuC,EAAK3tC,WACjE,CApfQ6/F,CAA+ChkG,KAAKwjG,wCAAyC1xD,IAGrG/mC,OAAOs2F,iBAAiB6B,GAA0BliG,UAAW,CACzDsiG,QAAS,CAAE39D,YAAY,GACvBg+D,mBAAoB,CAAEh+D,YAAY,GAClCmM,KAAM,CAAEnM,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe63F,GAA0BliG,UAAWw5F,GAAe8G,YAAa,CACnFjgG,MAAO,4BACPukC,cAAc,IAQtB,MAAMq+D,GACFnkG,cACI,MAAM,IAAI+xB,UAAU,uBAKpBqyE,kBACA,IAAKC,GAA+BnkG,MAChC,MAAMokG,GAAwC,eAElD,GAA0B,OAAtBpkG,KAAKqkG,cAAyBrkG,KAAK8jG,kBAAkB1iG,OAAS,EAAG,CACjE,MAAMyiG,EAAkB7jG,KAAK8jG,kBAAkBvG,OACzCzrD,EAAO,IAAIjvC,WAAWghG,EAAgB5/F,OAAQ4/F,EAAgB3/F,WAAa2/F,EAAgBE,YAAaF,EAAgB1/F,WAAa0/F,EAAgBE,aACrJG,EAAcn5F,OAAOw6B,OAAO29D,GAA0BliG,YAggBxE,SAAwCsjG,EAASzgG,EAAYiuC,GACzDwyD,EAAQd,wCAA0C3/F,EAClDygG,EAAQjB,MAAQvxD,CACpB,CAlgBYyyD,CAA+BL,EAAalkG,KAAM8xC,GAClD9xC,KAAKqkG,aAAeH,EAExB,OAAOlkG,KAAKqkG,aAMZ/oB,kBACA,IAAK6oB,GAA+BnkG,MAChC,MAAMokG,GAAwC,eAElD,OAAOI,GAA2CxkG,MAMtDgC,QACI,IAAKmiG,GAA+BnkG,MAChC,MAAMokG,GAAwC,SAElD,GAAIpkG,KAAKykG,gBACL,MAAM,IAAI5yE,UAAU,8DAExB,MAAMsd,EAAQnvC,KAAK0kG,8BAA8B/G,OACjD,GAAc,aAAVxuD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,+DAiWlD,SAA2CtrC,GACvC,MAAM9C,EAAS8C,EAAW6gG,8BAC1B,GAAI7gG,EAAW4gG,iBAAqC,aAAlB1jG,EAAO48F,OACrC,OAEJ,GAAI95F,EAAWi/F,gBAAkB,EAE7B,YADAj/F,EAAW4gG,iBAAkB,GAGjC,GAAI5gG,EAAWigG,kBAAkB1iG,OAAS,EAAG,CAEzC,GAD6ByC,EAAWigG,kBAAkBvG,OACjCwG,YAAc,EAAG,CACtC,MAAM1/F,EAAI,IAAIwtB,UAAU,2DAExB,MADA8yE,GAAkC9gG,EAAYQ,GACxCA,GAGdugG,GAA4C/gG,GAC5CghG,GAAoB9jG,EACxB,CAlXQ+jG,CAAkC9kG,MAEtCoE,QAAQrC,GACJ,IAAKoiG,GAA+BnkG,MAChC,MAAMokG,GAAwC,WAGlD,GADA9E,GAAuBv9F,EAAO,EAAG,YAC5BojB,YAAYy+E,OAAO7hG,GACpB,MAAM,IAAI8vB,UAAU,sCAExB,GAAyB,IAArB9vB,EAAMoC,WACN,MAAM,IAAI0tB,UAAU,uCAExB,GAAgC,IAA5B9vB,EAAMkC,OAAOE,WACb,MAAM,IAAI0tB,UAAU,gDAExB,GAAI7xB,KAAKykG,gBACL,MAAM,IAAI5yE,UAAU,gCAExB,MAAMsd,EAAQnvC,KAAK0kG,8BAA8B/G,OACjD,GAAc,aAAVxuD,EACA,MAAM,IAAItd,UAAU,kBAAkBsd,oEA8VlD,SAA6CtrC,EAAY9B,GACrD,MAAMhB,EAAS8C,EAAW6gG,8BAC1B,GAAI7gG,EAAW4gG,iBAAqC,aAAlB1jG,EAAO48F,OACrC,OAEJ,MAAM15F,EAASlC,EAAMkC,OACfC,EAAanC,EAAMmC,WACnBC,EAAapC,EAAMoC,WACnB4gG,EAAwC9gG,EAC9C,GAAIy8F,GAA+B3/F,GAC/B,GAAiD,IAA7C0/F,GAAiC1/F,GACjCikG,GAAgDnhG,EAAYkhG,EAAmB7gG,EAAYC,OAE1F,CAEDm8F,GAAiCv/F,EADT,IAAI8B,WAAWkiG,EAAmB7gG,EAAYC,IACZ,QAGzD8gG,GAA4BlkG,IAEjCikG,GAAgDnhG,EAAYkhG,EAAmB7gG,EAAYC,GAC3F+gG,GAAiErhG,IAGjEmhG,GAAgDnhG,EAAYkhG,EAAmB7gG,EAAYC,GAE/FghG,GAA6CthG,EACjD,CAvXQuhG,CAAoCplG,KAAM+B,GAK9CuC,MAAMD,EAAIpD,WACN,IAAKkjG,GAA+BnkG,MAChC,MAAMokG,GAAwC,SAElDO,GAAkC3kG,KAAMqE,GAG5Cu6F,CAACA,IAAa18F,GACV,GAAIlC,KAAK8jG,kBAAkB1iG,OAAS,EAAG,CACXpB,KAAK8jG,kBAAkBvG,OAC/BwG,YAAc,EAElCf,GAAWhjG,MACX,MAAMyB,EAASzB,KAAKqlG,iBAAiBnjG,GAErC,OADA0iG,GAA4C5kG,MACrCyB,EAGXo9F,CAACA,IAAWuB,GACR,MAAMr/F,EAASf,KAAK0kG,8BACpB,GAAI1kG,KAAK8iG,gBAAkB,EAAG,CAC1B,MAAMwC,EAAQtlG,KAAK6iG,OAAO38F,QAC1BlG,KAAK8iG,iBAAmBwC,EAAMnhG,WAC9BohG,GAA6CvlG,MAC7C,MAAM8xC,EAAO,IAAIjvC,WAAWyiG,EAAMrhG,OAAQqhG,EAAMphG,WAAYohG,EAAMnhG,YAElE,YADAi8F,EAAYI,YAAY1uD,GAG5B,MAAM0zD,EAAwBxlG,KAAKylG,uBACnC,QAA8BxkG,IAA1BukG,EAAqC,CACrC,IAAIvhG,EACJ,IACIA,EAAS,IAAIkhB,YAAYqgF,GAE7B,MAAOE,GAEH,YADAtF,EAAYa,YAAYyE,GAG5B,MAAMC,EAAqB,CACvB1hG,SACAC,WAAY,EACZC,WAAYqhG,EACZzB,YAAa,EACb6B,YAAa,EACbC,gBAAiBhjG,WACjBijG,WAAY,WAEhB9lG,KAAK8jG,kBAAkBjiG,KAAK8jG,GAEhCxF,GAA6Bp/F,EAAQq/F,GACrC+E,GAA6CnlG,OAiBrD,SAASmkG,GAA+Br3F,GACpC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,gCAIjD,CACA,SAASq2F,GAA4Br2F,GACjC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,0CAIjD,CACA,SAASq4F,GAA6CthG,GAClD,MAAMkiG,EAiNV,SAAoDliG,GAChD,MAAM9C,EAAS8C,EAAW6gG,8BAC1B,GAAsB,aAAlB3jG,EAAO48F,OACP,OAAO,EAEX,GAAI95F,EAAW4gG,gBACX,OAAO,EAEX,IAAK5gG,EAAWmiG,SACZ,OAAO,EAEX,GAAItF,GAA+B3/F,IAAW0/F,GAAiC1/F,GAAU,EACrF,OAAO,EAEX,GAAIkkG,GAA4BlkG,IAAWklG,GAAqCllG,GAAU,EACtF,OAAO,EAEX,MAAMu6E,EAAckpB,GAA2C3gG,GAC/D,GAAIy3E,EAAc,EACd,OAAO,EAEX,OAAO,CACX,CAvOuB4qB,CAA2CriG,GAC9D,IAAKkiG,EACD,OAEJ,GAAIliG,EAAWsiG,SAEX,YADAtiG,EAAWuiG,YAAa,GAG5BviG,EAAWsiG,UAAW,EAGtBzK,GADoB73F,EAAWwiG,kBACN,KACrBxiG,EAAWsiG,UAAW,EAClBtiG,EAAWuiG,aACXviG,EAAWuiG,YAAa,EACxBjB,GAA6CthG,OAElDQ,IACCsgG,GAAkC9gG,EAAYQ,EAAE,GAExD,CAKA,SAASiiG,GAAqDvlG,EAAQ4kG,GAClE,IAAIrkG,GAAO,EACW,WAAlBP,EAAO48F,SACPr8F,GAAO,GAEX,MAAMilG,EAAaC,GAAsDb,GACnC,YAAlCA,EAAmBG,WACnBxF,GAAiCv/F,EAAQwlG,EAAYjlG,GAoW7D,SAA8CP,EAAQgB,EAAOT,GACzD,MAAMiE,EAASxE,EAAO+D,QAChB2hG,EAAkBlhG,EAAOmhG,kBAAkBxgG,QAC7C5E,EACAmlG,EAAgBlG,YAAYx+F,GAG5B0kG,EAAgBjG,YAAYz+F,EAEpC,CA1WQ4kG,CAAqC5lG,EAAQwlG,EAAYjlG,EAEjE,CACA,SAASklG,GAAsDb,GAC3D,MAAM5B,EAAc4B,EAAmB5B,YACjC6B,EAAcD,EAAmBC,YACvC,OAAO,IAAID,EAAmBE,gBAAgBF,EAAmB1hG,OAAQ0hG,EAAmBzhG,WAAY6/F,EAAc6B,EAC1H,CACA,SAASZ,GAAgDnhG,EAAYI,EAAQC,EAAYC,GACrFN,EAAWg/F,OAAOhhG,KAAK,CAAEoC,SAAQC,aAAYC,eAC7CN,EAAWi/F,iBAAmB3+F,CAClC,CACA,SAASyiG,GAA4D/iG,EAAY8hG,GAC7E,MAAMC,EAAcD,EAAmBC,YACjCiB,EAAsBlB,EAAmB5B,YAAc4B,EAAmB5B,YAAc6B,EACxFkB,EAAiBp7F,KAAKmyC,IAAIh6C,EAAWi/F,gBAAiB6C,EAAmBxhG,WAAawhG,EAAmB5B,aACzGgD,EAAiBpB,EAAmB5B,YAAc+C,EAClDE,EAAkBD,EAAiBA,EAAiBnB,EAC1D,IAAIqB,EAA4BH,EAC5B79F,GAAQ,EACR+9F,EAAkBH,IAClBI,EAA4BD,EAAkBrB,EAAmB5B,YACjE96F,GAAQ,GAEZ,MAAMi+F,EAAQrjG,EAAWg/F,OACzB,KAAOoE,EAA4B,GAAG,CAClC,MAAME,EAAcD,EAAM3J,OACpB6J,EAAc17F,KAAKmyC,IAAIopD,EAA2BE,EAAYhjG,YAC9DkjG,EAAY1B,EAAmBzhG,WAAayhG,EAAmB5B,YA5SjD5yC,EA6SDw0C,EAAmB1hG,OA7SZqjG,EA6SoBD,EA7SR7wE,EA6SmB2wE,EAAYljG,OA7S1BsjG,EA6SkCJ,EAAYjjG,WA7SnCkI,EA6S+Cg7F,EA5SzG,IAAIvkG,WAAWsuD,GAAM7tD,IAAI,IAAIT,WAAW2zB,EAAK+wE,EAAWn7F,GAAIk7F,GA6SpDH,EAAYhjG,aAAeijG,EAC3BF,EAAMhhG,SAGNihG,EAAYjjG,YAAckjG,EAC1BD,EAAYhjG,YAAcijG,GAE9BvjG,EAAWi/F,iBAAmBsE,EAC9BI,GAAuD3jG,EAAYujG,EAAazB,GAChFsB,GAA6BG,EAvTrC,IAA4Bj2C,EAAMm2C,EAAY9wE,EAAK+wE,EAAWn7F,EAyT1D,OAAOnD,CACX,CACA,SAASu+F,GAAuD3jG,EAAYmB,EAAM2gG,GAC9E8B,GAAkD5jG,GAClD8hG,EAAmB5B,aAAe/+F,CACtC,CACA,SAASugG,GAA6C1hG,GACf,IAA/BA,EAAWi/F,iBAAyBj/F,EAAW4gG,iBAC/CG,GAA4C/gG,GAC5CghG,GAAoBhhG,EAAW6gG,gCAG/BS,GAA6CthG,EAErD,CACA,SAAS4jG,GAAkD5jG,GACvB,OAA5BA,EAAWwgG,eAGfxgG,EAAWwgG,aAAab,6CAA0CviG,EAClE4C,EAAWwgG,aAAahB,MAAQ,KAChCx/F,EAAWwgG,aAAe,KAC9B,CACA,SAASa,GAAiErhG,GACtE,KAAOA,EAAWigG,kBAAkB1iG,OAAS,GAAG,CAC5C,GAAmC,IAA/ByC,EAAWi/F,gBACX,OAEJ,MAAM6C,EAAqB9hG,EAAWigG,kBAAkBvG,OACpDqJ,GAA4D/iG,EAAY8hG,KACxE+B,GAAiD7jG,GACjDyiG,GAAqDziG,EAAW6gG,8BAA+BiB,IAG3G,CAgFA,SAASlC,GAA4C5/F,EAAY0/F,GAC7D,MAAMM,EAAkBhgG,EAAWigG,kBAAkBvG,OAErD,GAAc,WADA15F,EAAW6gG,8BAA8B/G,OAC/B,CACpB,GAAqB,IAAjB4F,EACA,MAAM,IAAI1xE,UAAU,qEApChC,SAA0DhuB,EAAYggG,GAClEA,EAAgB5/F,OAA6B4/F,EAAgB5/F,OAC7D,MAAMlD,EAAS8C,EAAW6gG,8BAC1B,GAAIO,GAA4BlkG,GAC5B,KAAOklG,GAAqCllG,GAAU,GAElDulG,GAAqDvlG,EAD1B2mG,GAAiD7jG,GAIxF,CA6BQ8jG,CAAiD9jG,EAAYggG,QA5BrE,SAA4DhgG,EAAY0/F,EAAcoC,GAClF,GAAIA,EAAmB5B,YAAcR,EAAeoC,EAAmBxhG,WACnE,MAAM,IAAIoxC,WAAW,6BAGzB,GADAiyD,GAAuD3jG,EAAY0/F,EAAcoC,GAC7EA,EAAmB5B,YAAc4B,EAAmBC,YAEpD,OAEJ8B,GAAiD7jG,GACjD,MAAM+jG,EAAgBjC,EAAmB5B,YAAc4B,EAAmBC,YAC1E,GAAIgC,EAAgB,EAAG,CACnB,MAAMr8F,EAAMo6F,EAAmBzhG,WAAayhG,EAAmB5B,YACzDr5F,EAAYi7F,EAAmB1hG,OAAOvC,MAAM6J,EAAMq8F,EAAer8F,GACvEy5F,GAAgDnhG,EAAY6G,EAAW,EAAGA,EAAUvG,YAExFwhG,EAAmB1hG,OAA6B0hG,EAAmB1hG,OACnE0hG,EAAmB5B,aAAe6D,EAClCtB,GAAqDziG,EAAW6gG,8BAA+BiB,GAC/FT,GAAiErhG,EACrE,CAWQgkG,CAAmDhkG,EAAY0/F,EAAcM,GAEjFsB,GAA6CthG,EACjD,CACA,SAAS6jG,GAAiD7jG,GACtD,MAAMsH,EAAatH,EAAWigG,kBAAkB59F,QAEhD,OADAuhG,GAAkD5jG,GAC3CsH,CACX,CAwBA,SAASy5F,GAA4C/gG,GACjDA,EAAWwiG,oBAAiBplG,EAC5B4C,EAAWwhG,sBAAmBpkG,CAClC,CAkDA,SAAS0jG,GAAkC9gG,EAAYQ,GACnD,MAAMtD,EAAS8C,EAAW6gG,8BACJ,aAAlB3jG,EAAO48F,UA1Qf,SAA2D95F,GACvD4jG,GAAkD5jG,GAClDA,EAAWigG,kBAAoB,IAAItH,EACvC,CA0QIsL,CAAkDjkG,GAClDm/F,GAAWn/F,GACX+gG,GAA4C/gG,GAC5CkkG,GAAoBhnG,EAAQsD,GAChC,CACA,SAASmgG,GAA2C3gG,GAChD,MAAMsrC,EAAQtrC,EAAW6gG,8BAA8B/G,OACvD,MAAc,YAAVxuD,EACO,KAEG,WAAVA,EACO,EAEJtrC,EAAWmkG,aAAenkG,EAAWi/F,eAChD,CA2CA,SAASmF,GAAsDlnG,EAAQmnG,EAAsBv+F,GACzF,MAAM9F,EAAakH,OAAOw6B,OAAO0+D,GAA6BjjG,WAC9D,IAAImnG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBp6F,GAC1ConG,EAAkB,IAAMhN,QAAoBp6F,QACbA,IAA/BinG,EAAqBtkG,QACrBukG,EAAiB,IAAMD,EAAqBtkG,MAAMC,SAEpB5C,IAA9BinG,EAAqB3jG,OACrB6jG,EAAgB,IAAMF,EAAqB3jG,KAAKV,SAEhB5C,IAAhCinG,EAAqBzjG,SACrB4jG,EAAkBnmG,GAAUgmG,EAAqBzjG,OAAOvC,IAE5D,MAAMsjG,EAAwB0C,EAAqB1C,sBACnD,GAA8B,IAA1BA,EACA,MAAM,IAAI3zE,UAAU,iDAxC5B,SAA2C9wB,EAAQ8C,EAAYskG,EAAgBC,EAAeC,EAAiB1+F,EAAe67F,GAC1H3hG,EAAW6gG,8BAAgC3jG,EAC3C8C,EAAWuiG,YAAa,EACxBviG,EAAWsiG,UAAW,EACtBtiG,EAAWwgG,aAAe,KAE1BxgG,EAAWg/F,OAASh/F,EAAWi/F,qBAAkB7hG,EACjD+hG,GAAWn/F,GACXA,EAAW4gG,iBAAkB,EAC7B5gG,EAAWmiG,UAAW,EACtBniG,EAAWmkG,aAAer+F,EAC1B9F,EAAWwiG,eAAiB+B,EAC5BvkG,EAAWwhG,iBAAmBgD,EAC9BxkG,EAAW4hG,uBAAyBD,EACpC3hG,EAAWigG,kBAAoB,IAAItH,GACnCz7F,EAAOogG,0BAA4Bt9F,EAEnC63F,GAAYL,GADQ8M,MAC0B,KAC1CtkG,EAAWmiG,UAAW,EACtBb,GAA6CthG,EAAW,IACzD8J,IACCg3F,GAAkC9gG,EAAY8J,EAAE,GAExD,CAmBI26F,CAAkCvnG,EAAQ8C,EAAYskG,EAAgBC,EAAeC,EAAiB1+F,EAAe67F,EACzH,CAMA,SAASpC,GAA+Bl4F,GACpC,OAAO,IAAI2mB,UAAU,uCAAuC3mB,oDAChE,CAEA,SAASk5F,GAAwCl5F,GAC7C,OAAO,IAAI2mB,UAAU,0CAA0C3mB,uDACnE,CAOA,SAASq9F,GAAiCxnG,EAAQ0lG,GAC9C1lG,EAAO+D,QAAQ4hG,kBAAkB7kG,KAAK4kG,EAC1C,CAWA,SAASR,GAAqCllG,GAC1C,OAAOA,EAAO+D,QAAQ4hG,kBAAkBtlG,MAC5C,CACA,SAAS6jG,GAA4BlkG,GACjC,MAAMwE,EAASxE,EAAO+D,QACtB,YAAe7D,IAAXsE,KAGCijG,GAA2BjjG,EAIpC,CA3bAwF,OAAOs2F,iBAAiB4C,GAA6BjjG,UAAW,CAC5DgB,MAAO,CAAE2jC,YAAY,GACrBvhC,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrBu+D,YAAa,CAAEv+D,YAAY,GAC3B21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe44F,GAA6BjjG,UAAWw5F,GAAe8G,YAAa,CACtFjgG,MAAO,+BACPukC,cAAc,IAubtB,MAAM6iE,GACF3oG,YAAYiB,GAGR,GAFAu+F,GAAuBv+F,EAAQ,EAAG,4BAClCg/F,GAAqBh/F,EAAQ,mBACzB6/F,GAAuB7/F,GACvB,MAAM,IAAI8wB,UAAU,+EAExB,IAAKsyE,GAA+BpjG,EAAOogG,2BACvC,MAAM,IAAItvE,UAAU,+FAGxB4rE,GAAsCz9F,KAAMe,GAC5Cf,KAAK0mG,kBAAoB,IAAIlK,GAM7B37F,aACA,OAAK2nG,GAA2BxoG,MAGzBA,KAAKu+F,eAFDjD,GAAoBoN,GAA8B,WAOjEjkG,OAAOvC,EAASjB,WACZ,OAAKunG,GAA2BxoG,WAGEiB,IAA9BjB,KAAK09F,qBACEpC,GAAoBgD,GAAoB,WAE5CL,GAAkCj+F,KAAMkC,GALpCo5F,GAAoBoN,GAA8B,WAYjExnG,KAAK4wC,GACD,IAAK02D,GAA2BxoG,MAC5B,OAAOs7F,GAAoBoN,GAA8B,SAE7D,IAAKvjF,YAAYy+E,OAAO9xD,GACpB,OAAOwpD,GAAoB,IAAIzpE,UAAU,sCAE7C,GAAwB,IAApBigB,EAAK3tC,WACL,OAAOm3F,GAAoB,IAAIzpE,UAAU,uCAE7C,GAA+B,IAA3BigB,EAAK7tC,OAAOE,WACZ,OAAOm3F,GAAoB,IAAIzpE,UAAU,gDAE7C,QAAkC5wB,IAA9BjB,KAAK09F,qBACL,OAAOpC,GAAoBgD,GAAoB,cAEnD,IAAIwC,EACAC,EACJ,MAAMtgF,EAAU06E,IAAW,CAACj7F,EAASC,KACjC2gG,EAAiB5gG,EACjB6gG,EAAgB5gG,CAAM,IAQ1B,OA8CR,SAAsCoF,EAAQusC,EAAM20D,GAChD,MAAM1lG,EAASwE,EAAOm4F,qBACtB38F,EAAOmgG,YAAa,EACE,YAAlBngG,EAAO48F,OACP8I,EAAgBxF,YAAYlgG,EAAOi9F,cAxa3C,SAA8Cn6F,EAAYiuC,EAAM20D,GAC5D,MAAM1lG,EAAS8C,EAAW6gG,8BAC1B,IAAIkB,EAAc,EACd9zD,EAAKhyC,cAAgBslB,WACrBwgF,EAAc9zD,EAAKhyC,YAAY6oG,mBAEnC,MAAMnjE,EAAOsM,EAAKhyC,YAEZ6lG,EAAqB,CACvB1hG,OAF+B6tC,EAAK7tC,OAGpCC,WAAY4tC,EAAK5tC,WACjBC,WAAY2tC,EAAK3tC,WACjB4/F,YAAa,EACb6B,cACAC,gBAAiBrgE,EACjBsgE,WAAY,QAEhB,GAAIjiG,EAAWigG,kBAAkB1iG,OAAS,EAMtC,OALAyC,EAAWigG,kBAAkBjiG,KAAK8jG,QAIlC4C,GAAiCxnG,EAAQ0lG,GAG7C,GAAsB,WAAlB1lG,EAAO48F,OAAX,CAKA,GAAI95F,EAAWi/F,gBAAkB,EAAG,CAChC,GAAI8D,GAA4D/iG,EAAY8hG,GAAqB,CAC7F,MAAMY,EAAaC,GAAsDb,GAGzE,OAFAJ,GAA6C1hG,QAC7C4iG,EAAgBjG,YAAY+F,GAGhC,GAAI1iG,EAAW4gG,gBAAiB,CAC5B,MAAMpgG,EAAI,IAAIwtB,UAAU,2DAGxB,OAFA8yE,GAAkC9gG,EAAYQ,QAC9CoiG,EAAgBxF,YAAY58F,IAIpCR,EAAWigG,kBAAkBjiG,KAAK8jG,GAClC4C,GAAiCxnG,EAAQ0lG,GACzCtB,GAA6CthG,OArB7C,CACI,MAAM+kG,EAAY,IAAIpjE,EAAKmgE,EAAmB1hG,OAAQ0hG,EAAmBzhG,WAAY,GACrFuiG,EAAgBlG,YAAYqI,GAoBpC,CA4XQC,CAAqC9nG,EAAOogG,0BAA2BrvD,EAAM20D,EAErF,CAxDQqC,CAA6B9oG,KAAM8xC,EALX,CACpB0uD,YAAaz+F,GAAS++F,EAAe,CAAEz/F,MAAOU,EAAOT,MAAM,IAC3Di/F,YAAax+F,GAAS++F,EAAe,CAAEz/F,MAAOU,EAAOT,MAAM,IAC3D2/F,YAAa58F,GAAK08F,EAAc18F,KAG7Boc,EAWX7f,cACI,IAAK4nG,GAA2BxoG,MAC5B,MAAM0oG,GAA8B,eAExC,QAAkCznG,IAA9BjB,KAAK09F,qBAAT,CAGA,GAAI19F,KAAK0mG,kBAAkBtlG,OAAS,EAChC,MAAM,IAAIywB,UAAU,uFAExBssE,GAAmCn+F,QAgB3C,SAASwoG,GAA2B17F,GAChC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,oBAIjD,CAYA,SAAS47F,GAA8Bx9F,GACnC,OAAO,IAAI2mB,UAAU,sCAAsC3mB,mDAC/D,CAEA,SAAS69F,GAAqBzuC,EAAU0uC,GACpC,MAAMr/F,cAAEA,GAAkB2wD,EAC1B,QAAsBr5D,IAAlB0I,EACA,OAAOq/F,EAEX,GAAI1G,GAAY34F,IAAkBA,EAAgB,EAC9C,MAAM,IAAI4rC,WAAW,yBAEzB,OAAO5rC,CACX,CACA,SAASs/F,GAAqB3uC,GAC1B,MAAMt1D,KAAEA,GAASs1D,EACjB,OAAKt1D,GACM,KAAM,EAGrB,CAEA,SAASkkG,GAAuB7uE,EAAM8kE,GAClCD,GAAiB7kE,EAAM8kE,GACvB,MAAMx1F,EAAgB0wB,aAAmC,EAASA,EAAK1wB,cACjE3E,EAAOq1B,aAAmC,EAASA,EAAKr1B,KAC9D,MAAO,CACH2E,mBAAiC1I,IAAlB0I,OAA8B1I,EAAYy+F,GAA0B/1F,GACnF3E,UAAe/D,IAAT+D,OAAqB/D,EAAYkoG,GAA2BnkG,EAASm6F,EAAH,2BAEhF,CACA,SAASgK,GAA2Bl/F,EAAIk1F,GAEpC,OADAC,GAAen1F,EAAIk1F,GACZp9F,GAAS29F,GAA0Bz1F,EAAGlI,GACjD,CAyBA,SAASqnG,GAAmCn/F,EAAIo/F,EAAUlK,GAEtD,OADAC,GAAen1F,EAAIk1F,GACXj9F,GAAWq6F,GAAYtyF,EAAIo/F,EAAU,CAACnnG,GAClD,CACA,SAASonG,GAAmCr/F,EAAIo/F,EAAUlK,GAEtD,OADAC,GAAen1F,EAAIk1F,GACZ,IAAM5C,GAAYtyF,EAAIo/F,EAAU,GAC3C,CACA,SAASE,GAAmCt/F,EAAIo/F,EAAUlK,GAEtD,OADAC,GAAen1F,EAAIk1F,GACXt7F,GAAeu4F,GAAYnyF,EAAIo/F,EAAU,CAACxlG,GACtD,CACA,SAAS2lG,GAAmCv/F,EAAIo/F,EAAUlK,GAEtD,OADAC,GAAen1F,EAAIk1F,GACZ,CAACp9F,EAAO8B,IAAe04F,GAAYtyF,EAAIo/F,EAAU,CAACtnG,EAAO8B,GACpE,CAEA,SAAS4lG,GAAqB38F,EAAGqyF,GAC7B,IAAKuK,GAAiB58F,GAClB,MAAM,IAAI+kB,UAAastE,EAAH,4BAE5B,CAjHAp0F,OAAOs2F,iBAAiBoH,GAAyBznG,UAAW,CACxDyD,OAAQ,CAAEkhC,YAAY,GACtBzkC,KAAM,CAAEykC,YAAY,GACpB/kC,YAAa,CAAE+kC,YAAY,GAC3B9kC,OAAQ,CAAE8kC,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAeo9F,GAAyBznG,UAAWw5F,GAAe8G,YAAa,CAClFjgG,MAAO,2BACPukC,cAAc,IA+GtB,MAAMr+B,GACFzH,YAAY6pG,EAAoB,GAAIC,EAAc,SACpB3oG,IAAtB0oG,EACAA,EAAoB,KAGpBtK,GAAasK,EAAmB,mBAEpC,MAAMrvC,EAAW4uC,GAAuBU,EAAa,oBAC/CC,EA5Dd,SAA+BR,EAAUlK,GACrCD,GAAiBmK,EAAUlK,GAC3B,MAAMl9F,EAAQonG,aAA2C,EAASA,EAASpnG,MACrED,EAAQqnG,aAA2C,EAASA,EAASrnG,MACrE4B,EAAQylG,aAA2C,EAASA,EAASzlG,MACrEoW,EAAOqvF,aAA2C,EAASA,EAASrvF,KACpElY,EAAQunG,aAA2C,EAASA,EAASvnG,MAC3E,MAAO,CACHG,WAAiBhB,IAAVgB,OACHhB,EACAmoG,GAAmCnnG,EAAOonG,EAAalK,EAAH,4BACxDn9F,WAAiBf,IAAVe,OACHf,EACAqoG,GAAmCtnG,EAAOqnG,EAAalK,EAAH,4BACxDv7F,WAAiB3C,IAAV2C,OACH3C,EACAsoG,GAAmC3lG,EAAOylG,EAAalK,EAAH,4BACxDr9F,WAAiBb,IAAVa,OACHb,EACAuoG,GAAmC1nG,EAAOunG,EAAalK,EAAH,4BACxDnlF,OAER,CAsC+B8vF,CAAsBH,EAAmB,mBAChEI,GAAyB/pG,MAEzB,QAAaiB,IADA4oG,EAAe7vF,KAExB,MAAM,IAAIu7B,WAAW,6BAEzB,MAAMy0D,EAAgBf,GAAqB3uC,IAioBnD,SAAgEv5D,EAAQ8oG,EAAgBlgG,EAAeqgG,GACnG,MAAMnmG,EAAakH,OAAOw6B,OAAO0kE,GAAgCjpG,WACjE,IAAImnG,EAAiB,KAAe,EAChC+B,EAAiB,IAAM7O,QAAoBp6F,GAC3CkpG,EAAiB,IAAM9O,QAAoBp6F,GAC3CmpG,EAAiB,IAAM/O,QAAoBp6F,QAClBA,IAAzB4oG,EAAejmG,QACfukG,EAAiB,IAAM0B,EAAejmG,MAAMC,SAEnB5C,IAAzB4oG,EAAe/nG,QACfooG,EAAiBnoG,GAAS8nG,EAAe/nG,MAAMC,EAAO8B,SAE7B5C,IAAzB4oG,EAAe7nG,QACfmoG,EAAiB,IAAMN,EAAe7nG,cAEbf,IAAzB4oG,EAAe5nG,QACfmoG,EAAiBloG,GAAU2nG,EAAe5nG,MAAMC,IAEpDmoG,GAAqCtpG,EAAQ8C,EAAYskG,EAAgB+B,EAAgBC,EAAgBC,EAAgBzgG,EAAeqgG,EAC5I,CAlpBQM,CAAuDtqG,KAAM6pG,EADvCd,GAAqBzuC,EAAU,GACuC0vC,GAK5FO,aACA,IAAKb,GAAiB1pG,MAClB,MAAMwqG,GAA4B,UAEtC,OAAOC,GAAuBzqG,MAWlCiC,MAAMC,EAASjB,WACX,OAAKyoG,GAAiB1pG,MAGlByqG,GAAuBzqG,MAChBs7F,GAAoB,IAAIzpE,UAAU,oDAEtC64E,GAAoB1qG,KAAMkC,GALtBo5F,GAAoBkP,GAA4B,UAe/DxoG,QACI,OAAK0nG,GAAiB1pG,MAGlByqG,GAAuBzqG,MAChBs7F,GAAoB,IAAIzpE,UAAU,oDAEzC84E,GAAoC3qG,MAC7Bs7F,GAAoB,IAAIzpE,UAAU,2CAEtC+4E,GAAoB5qG,MARhBs7F,GAAoBkP,GAA4B,UAkB/D7pG,YACI,IAAK+oG,GAAiB1pG,MAClB,MAAMwqG,GAA4B,aAEtC,OAAOK,GAAmC7qG,OAgBlD,SAAS6qG,GAAmC9pG,GACxC,OAAO,IAAI+pG,GAA4B/pG,EAC3C,CASA,SAASgpG,GAAyBhpG,GAC9BA,EAAO48F,OAAS,WAGhB58F,EAAOi9F,kBAAe/8F,EACtBF,EAAOgqG,aAAU9pG,EAGjBF,EAAOiqG,+BAA4B/pG,EAGnCF,EAAOkqG,eAAiB,IAAIzO,GAG5Bz7F,EAAOmqG,2BAAwBjqG,EAG/BF,EAAOoqG,mBAAgBlqG,EAGvBF,EAAOqqG,2BAAwBnqG,EAE/BF,EAAOsqG,0BAAuBpqG,EAE9BF,EAAOuqG,eAAgB,CAC3B,CACA,SAAS5B,GAAiB58F,GACtB,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAAS29F,GAAuB1pG,GAC5B,YAAuBE,IAAnBF,EAAOgqG,OAIf,CACA,SAASL,GAAoB3pG,EAAQmB,GACjC,MAAMitC,EAAQpuC,EAAO48F,OACrB,GAAc,WAAVxuD,GAAgC,YAAVA,EACtB,OAAOksD,QAAoBp6F,GAE/B,QAAoCA,IAAhCF,EAAOsqG,qBACP,OAAOtqG,EAAOsqG,qBAAqBE,SAEvC,IAAIC,GAAqB,EACX,aAAVr8D,IACAq8D,GAAqB,EAErBtpG,OAASjB,GAEb,MAAMwf,EAAU06E,IAAW,CAACj7F,EAASC,KACjCY,EAAOsqG,qBAAuB,CAC1BE,cAAUtqG,EACVwqG,SAAUvrG,EACVwrG,QAASvrG,EACTwrG,QAASzpG,EACT0pG,oBAAqBJ,EACxB,IAML,OAJAzqG,EAAOsqG,qBAAqBE,SAAW9qF,EAClC+qF,GACDK,GAA4B9qG,EAAQmB,GAEjCue,CACX,CACA,SAASmqF,GAAoB7pG,GACzB,MAAMouC,EAAQpuC,EAAO48F,OACrB,GAAc,WAAVxuD,GAAgC,YAAVA,EACtB,OAAOmsD,GAAoB,IAAIzpE,UAAU,kBAAkBsd,+DAE/D,MAAM1uB,EAAU06E,IAAW,CAACj7F,EAASC,KACjC,MAAM2rG,EAAe,CACjBL,SAAUvrG,EACVwrG,QAASvrG,GAEbY,EAAOoqG,cAAgBW,CAAY,IAEjCprG,EAASK,EAAOgqG,QAgf1B,IAA8ClnG,EA3e1C,YAJe5C,IAAXP,GAAwBK,EAAOuqG,eAA2B,aAAVn8D,GAChD48D,GAAiCrrG,GA+erCqiG,GAD0Cl/F,EA5eL9C,EAAOiqG,0BA6eXgB,GAAe,GAChDC,GAAoDpoG,GA7e7C4c,CACX,CAYA,SAASyrF,GAAgCnrG,EAAQuD,GAE/B,aADAvD,EAAO48F,OAKrBwO,GAA6BprG,GAHzB8qG,GAA4B9qG,EAAQuD,EAI5C,CACA,SAASunG,GAA4B9qG,EAAQmB,GACzC,MAAM2B,EAAa9C,EAAOiqG,0BAC1BjqG,EAAO48F,OAAS,WAChB58F,EAAOi9F,aAAe97F,EACtB,MAAMxB,EAASK,EAAOgqG,aACP9pG,IAAXP,GACA0rG,GAAsD1rG,EAAQwB,IA8EtE,SAAkDnB,GAC9C,QAAqCE,IAAjCF,EAAOmqG,4BAAwEjqG,IAAjCF,EAAOqqG,sBACrD,OAAO,EAEX,OAAO,CACX,CAjFSiB,CAAyCtrG,IAAW8C,EAAWmiG,UAChEmG,GAA6BprG,EAErC,CACA,SAASorG,GAA6BprG,GAClCA,EAAO48F,OAAS,UAChB58F,EAAOiqG,0BAA0BrM,MACjC,MAAM2N,EAAcvrG,EAAOi9F,aAK3B,GAJAj9F,EAAOkqG,eAAe7nG,SAAQmpG,IAC1BA,EAAab,QAAQY,EAAY,IAErCvrG,EAAOkqG,eAAiB,IAAIzO,QACQv7F,IAAhCF,EAAOsqG,qBAEP,YADAmB,GAAkDzrG,GAGtD,MAAM0rG,EAAe1rG,EAAOsqG,qBAE5B,GADAtqG,EAAOsqG,0BAAuBpqG,EAC1BwrG,EAAab,oBAGb,OAFAa,EAAaf,QAAQY,QACrBE,GAAkDzrG,GAItD26F,GADgB36F,EAAOiqG,0BAA0BtM,IAAY+N,EAAad,UACrD,KACjBc,EAAahB,WACbe,GAAkDzrG,EAAO,IACzDmB,IACAuqG,EAAaf,QAAQxpG,GACrBsqG,GAAkDzrG,EAAO,GAEjE,CAuCA,SAAS4pG,GAAoC5pG,GACzC,YAA6BE,IAAzBF,EAAOoqG,oBAAgElqG,IAAjCF,EAAOqqG,qBAIrD,CAcA,SAASoB,GAAkDzrG,QAC1BE,IAAzBF,EAAOoqG,gBACPpqG,EAAOoqG,cAAcO,QAAQ3qG,EAAOi9F,cACpCj9F,EAAOoqG,mBAAgBlqG,GAE3B,MAAMP,EAASK,EAAOgqG,aACP9pG,IAAXP,GACAgsG,GAAiChsG,EAAQK,EAAOi9F,aAExD,CACA,SAAS2O,GAAiC5rG,EAAQ6rG,GAC9C,MAAMlsG,EAASK,EAAOgqG,aACP9pG,IAAXP,GAAwBksG,IAAiB7rG,EAAOuqG,gBAC5CsB,EAwhBZ,SAAwClsG,GACpCmsG,GAAoCnsG,EACxC,CAzhBYosG,CAA+BpsG,GAG/BqrG,GAAiCrrG,IAGzCK,EAAOuqG,cAAgBsB,CAC3B,CA1PA7hG,OAAOs2F,iBAAiB95F,GAAevG,UAAW,CAC9CiB,MAAO,CAAE0jC,YAAY,GACrB3jC,MAAO,CAAE2jC,YAAY,GACrBhlC,UAAW,CAAEglC,YAAY,GACzB4kE,OAAQ,CAAE5kE,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe9D,GAAevG,UAAWw5F,GAAe8G,YAAa,CACxEjgG,MAAO,iBACPukC,cAAc,IAuPtB,MAAMklE,GACFhrG,YAAYiB,GAGR,GAFAu+F,GAAuBv+F,EAAQ,EAAG,+BAClC0oG,GAAqB1oG,EAAQ,mBACzB0pG,GAAuB1pG,GACvB,MAAM,IAAI8wB,UAAU,+EAExB7xB,KAAK+sG,qBAAuBhsG,EAC5BA,EAAOgqG,QAAU/qG,KACjB,MAAMmvC,EAAQpuC,EAAO48F,OACrB,GAAc,aAAVxuD,GACKw7D,GAAoC5pG,IAAWA,EAAOuqG,cACvDuB,GAAoC7sG,MAGpCgtG,GAA8ChtG,MAElDitG,GAAqCjtG,WAEpC,GAAc,aAAVmvC,EACL+9D,GAA8CltG,KAAMe,EAAOi9F,cAC3DiP,GAAqCjtG,WAEpC,GAAc,WAAVmvC,EACL69D,GAA8ChtG,MAgctDitG,GADoDvsG,EA9bGV,MAgcvDmtG,GAAkCzsG,OA9bzB,CACD,MAAM4rG,EAAcvrG,EAAOi9F,aAC3BkP,GAA8CltG,KAAMssG,GACpDc,GAA+CptG,KAAMssG,GAybjE,IAAwD5rG,EAlbhDG,aACA,OAAKwsG,GAA8BrtG,MAG5BA,KAAKu+F,eAFDjD,GAAoBgS,GAAiC,WAYhEhyB,kBACA,IAAK+xB,GAA8BrtG,MAC/B,MAAMstG,GAAiC,eAE3C,QAAkCrsG,IAA9BjB,KAAK+sG,qBACL,MAAMQ,GAA2B,eAErC,OAuIR,SAAmD7sG,GAC/C,MAAMK,EAASL,EAAOqsG,qBAChB59D,EAAQpuC,EAAO48F,OACrB,GAAc,YAAVxuD,GAAiC,aAAVA,EACvB,OAAO,KAEX,GAAc,WAAVA,EACA,OAAO,EAEX,OAAOq+D,GAA8CzsG,EAAOiqG,0BAChE,CAjJeyC,CAA0CztG,MAUjDiJ,YACA,OAAKokG,GAA8BrtG,MAG5BA,KAAK0tG,cAFDpS,GAAoBgS,GAAiC,UAOpErrG,MAAMC,EAASjB,WACX,OAAKosG,GAA8BrtG,WAGDiB,IAA9BjB,KAAK+sG,qBACEzR,GAAoBiS,GAA2B,UA4ElE,SAA0C7sG,EAAQwB,GAC9C,MAAMnB,EAASL,EAAOqsG,qBACtB,OAAOrC,GAAoB3pG,EAAQmB,EACvC,CA7EeyrG,CAAiC3tG,KAAMkC,GALnCo5F,GAAoBgS,GAAiC,UAUpEtrG,QACI,IAAKqrG,GAA8BrtG,MAC/B,OAAOs7F,GAAoBgS,GAAiC,UAEhE,MAAMvsG,EAASf,KAAK+sG,qBACpB,YAAe9rG,IAAXF,EACOu6F,GAAoBiS,GAA2B,UAEtD5C,GAAoC5pG,GAC7Bu6F,GAAoB,IAAIzpE,UAAU,2CAEtC+7E,GAAiC5tG,MAY5CY,cACI,IAAKysG,GAA8BrtG,MAC/B,MAAMstG,GAAiC,oBAG5BrsG,IADAjB,KAAK+sG,sBAIpBc,GAAmC7tG,MAEvC8B,MAAMC,EAAQd,WACV,OAAKosG,GAA8BrtG,WAGDiB,IAA9BjB,KAAK+sG,qBACEzR,GAAoBiS,GAA2B,aAEnDO,GAAiC9tG,KAAM+B,GALnCu5F,GAAoBgS,GAAiC,WAwBxE,SAASD,GAA8BvgG,GACnC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,uBAIjD,CAMA,SAAS8gG,GAAiCltG,GAEtC,OAAOkqG,GADQlqG,EAAOqsG,qBAE1B,CAYA,SAASgB,GAAuDrtG,EAAQ4D,GACjC,YAA/B5D,EAAOstG,oBACPtB,GAAiChsG,EAAQ4D,GAkTjD,SAAmD5D,EAAQwB,GACvDkrG,GAA+C1sG,EAAQwB,EAC3D,CAjTQ+rG,CAA0CvtG,EAAQ4D,EAE1D,CACA,SAAS8nG,GAAsD1rG,EAAQ4D,GACjC,YAA9B5D,EAAOwtG,mBACPC,GAAgCztG,EAAQ4D,GAkVhD,SAAkD5D,EAAQwB,GACtDgrG,GAA8CxsG,EAAQwB,EAC1D,CAjVQksG,CAAyC1tG,EAAQ4D,EAEzD,CAYA,SAASupG,GAAmCntG,GACxC,MAAMK,EAASL,EAAOqsG,qBAChBsB,EAAgB,IAAIx8E,UAAU,oFACpCu6E,GAAsD1rG,EAAQ2tG,GAG9DN,GAAuDrtG,EAAQ2tG,GAC/DttG,EAAOgqG,aAAU9pG,EACjBP,EAAOqsG,0BAAuB9rG,CAClC,CACA,SAAS6sG,GAAiCptG,EAAQqB,GAC9C,MAAMhB,EAASL,EAAOqsG,qBAChBlpG,EAAa9C,EAAOiqG,0BACpBxoC,EAqIV,SAAqD3+D,EAAY9B,GAC7D,IACI,OAAO8B,EAAWyqG,uBAAuBvsG,GAE7C,MAAOwsG,GAEH,OADAC,GAA6C3qG,EAAY0qG,GAClD,EAEf,CA7IsBE,CAA4C5qG,EAAY9B,GAC1E,GAAIhB,IAAWL,EAAOqsG,qBAClB,OAAOzR,GAAoBiS,GAA2B,aAE1D,MAAMp+D,EAAQpuC,EAAO48F,OACrB,GAAc,YAAVxuD,EACA,OAAOmsD,GAAoBv6F,EAAOi9F,cAEtC,GAAI2M,GAAoC5pG,IAAqB,WAAVouC,EAC/C,OAAOmsD,GAAoB,IAAIzpE,UAAU,6DAE7C,GAAc,aAAVsd,EACA,OAAOmsD,GAAoBv6F,EAAOi9F,cAEtC,MAAMv9E,EArXV,SAAuC1f,GAQnC,OAPgBo6F,IAAW,CAACj7F,EAASC,KACjC,MAAMosG,EAAe,CACjBd,SAAUvrG,EACVwrG,QAASvrG,GAEbY,EAAOkqG,eAAeppG,KAAK0qG,EAAa,GAGhD,CA4WoBmC,CAA8B3tG,GAE9C,OAiIJ,SAA8C8C,EAAY9B,EAAOygE,GAC7D,IACIugC,GAAqBl/F,EAAY9B,EAAOygE,GAE5C,MAAOmsC,GAEH,YADAH,GAA6C3qG,EAAY8qG,GAG7D,MAAM5tG,EAAS8C,EAAW+qG,0BAC1B,IAAKjE,GAAoC5pG,IAA6B,aAAlBA,EAAO48F,OAAuB,CAE9EgP,GAAiC5rG,EADZ8tG,GAA+ChrG,IAGxEooG,GAAoDpoG,EACxD,CAhJIirG,CAAqCjrG,EAAY9B,EAAOygE,GACjD/hD,CACX,CAtGA1V,OAAOs2F,iBAAiByJ,GAA4B9pG,UAAW,CAC3DiB,MAAO,CAAE0jC,YAAY,GACrB3jC,MAAO,CAAE2jC,YAAY,GACrB/kC,YAAa,CAAE+kC,YAAY,GAC3B7jC,MAAO,CAAE6jC,YAAY,GACrB9kC,OAAQ,CAAE8kC,YAAY,GACtB21C,YAAa,CAAE31C,YAAY,GAC3B18B,MAAO,CAAE08B,YAAY,KAEiB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAey/F,GAA4B9pG,UAAWw5F,GAAe8G,YAAa,CACrFjgG,MAAO,8BACPukC,cAAc,IA2FtB,MAAMomE,GAAgB,GAMtB,MAAM/B,GACFnqG,cACI,MAAM,IAAI+xB,UAAU,uBASxBvtB,MAAMD,EAAIpD,WACN,IAgCR,SAA2C6L,GACvC,IAAK+tF,GAAa/tF,GACd,OAAO,EAEX,IAAK/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BACzC,OAAO,EAEX,OAAO,CACX,CAxCaiiG,CAAkC/uG,MACnC,MAAM,IAAI6xB,UAAU,yGAGV,aADA7xB,KAAK4uG,0BAA0BjR,QAM7CqR,GAAqChvG,KAAMqE,GAG/Cq6F,CAACA,IAAYx8F,GACT,MAAMT,EAASzB,KAAKivG,gBAAgB/sG,GAEpC,OADAgtG,GAA+ClvG,MACxCyB,EAGXk9F,CAACA,MACGqE,GAAWhjG,OAsBnB,SAASqqG,GAAqCtpG,EAAQ8C,EAAYskG,EAAgB+B,EAAgBC,EAAgBC,EAAgBzgG,EAAeqgG,GAC7InmG,EAAW+qG,0BAA4B7tG,EACvCA,EAAOiqG,0BAA4BnnG,EAEnCA,EAAWg/F,YAAS5hG,EACpB4C,EAAWi/F,qBAAkB7hG,EAC7B+hG,GAAWn/F,GACXA,EAAWmiG,UAAW,EACtBniG,EAAWyqG,uBAAyBtE,EACpCnmG,EAAWmkG,aAAer+F,EAC1B9F,EAAWsrG,gBAAkBjF,EAC7BrmG,EAAWurG,gBAAkBjF,EAC7BtmG,EAAWorG,gBAAkB7E,EAC7B,MAAMwC,EAAeiC,GAA+ChrG,GACpE8oG,GAAiC5rG,EAAQ6rG,GAGzClR,GADqBL,GADD8M,MAEM,KACtBtkG,EAAWmiG,UAAW,EACtBiG,GAAoDpoG,EAAW,IAChE8J,IACC9J,EAAWmiG,UAAW,EACtBkG,GAAgCnrG,EAAQ4M,EAAE,GAElD,CAsBA,SAASuhG,GAA+CrrG,GACpDA,EAAWsrG,qBAAkBluG,EAC7B4C,EAAWurG,qBAAkBnuG,EAC7B4C,EAAWorG,qBAAkBhuG,EAC7B4C,EAAWyqG,4BAAyBrtG,CACxC,CAcA,SAASusG,GAA8C3pG,GACnD,OAAOA,EAAWmkG,aAAenkG,EAAWi/F,eAChD,CAiBA,SAASmJ,GAAoDpoG,GACzD,MAAM9C,EAAS8C,EAAW+qG,0BAC1B,IAAK/qG,EAAWmiG,SACZ,OAEJ,QAAqC/kG,IAAjCF,EAAOmqG,sBACP,OAGJ,GAAc,aADAnqG,EAAO48F,OAGjB,YADAwO,GAA6BprG,GAGjC,GAAiC,IAA7B8C,EAAWg/F,OAAOzhG,OAClB,OAEJ,MAAMC,EAAuBwC,EA1kDNg/F,OAAOtF,OAClBl8F,MA0kDRA,IAAU2qG,GAYlB,SAAqDnoG,GACjD,MAAM9C,EAAS8C,EAAW+qG,2BA1b9B,SAAgD7tG,GAC5CA,EAAOqqG,sBAAwBrqG,EAAOoqG,cACtCpqG,EAAOoqG,mBAAgBlqG,CAC3B,EAwbIouG,CAAuCtuG,GACvC2hG,GAAa7+F,GACb,MAAMyrG,EAAmBzrG,EAAWurG,kBACpCF,GAA+CrrG,GAC/C63F,GAAY4T,GAAkB,MAxelC,SAA2CvuG,GACvCA,EAAOqqG,sBAAsBK,cAASxqG,GACtCF,EAAOqqG,2BAAwBnqG,EAEjB,aADAF,EAAO48F,SAGjB58F,EAAOi9F,kBAAe/8F,OACcA,IAAhCF,EAAOsqG,uBACPtqG,EAAOsqG,qBAAqBI,WAC5B1qG,EAAOsqG,0BAAuBpqG,IAGtCF,EAAO48F,OAAS,SAChB,MAAMj9F,EAASK,EAAOgqG,aACP9pG,IAAXP,GACAysG,GAAkCzsG,EAE1C,CAwdQ6uG,CAAkCxuG,EAAO,IAC1CmB,KAxdP,SAAoDnB,EAAQuD,GACxDvD,EAAOqqG,sBAAsBM,QAAQpnG,GACrCvD,EAAOqqG,2BAAwBnqG,OAEKA,IAAhCF,EAAOsqG,uBACPtqG,EAAOsqG,qBAAqBK,QAAQpnG,GACpCvD,EAAOsqG,0BAAuBpqG,GAElCirG,GAAgCnrG,EAAQuD,EAC5C,CAgdQkrG,CAA2CzuG,EAAQmB,EAAO,GAElE,CAtBQutG,CAA4C5rG,GAuBpD,SAAqDA,EAAY9B,GAC7D,MAAMhB,EAAS8C,EAAW+qG,2BAlc9B,SAAqD7tG,GACjDA,EAAOmqG,sBAAwBnqG,EAAOkqG,eAAe/kG,OACzD,CAicIwpG,CAA4C3uG,GAC5C,MAAM4uG,EAAmB9rG,EAAWsrG,gBAAgBptG,GACpD25F,GAAYiU,GAAkB,MA3flC,SAA2C5uG,GACvCA,EAAOmqG,sBAAsBO,cAASxqG,GACtCF,EAAOmqG,2BAAwBjqG,CACnC,CAyfQ2uG,CAAkC7uG,GAClC,MAAMouC,EAAQpuC,EAAO48F,OAErB,GADA+E,GAAa7+F,IACR8mG,GAAoC5pG,IAAqB,aAAVouC,EAAsB,CACtE,MAAMy9D,EAAeiC,GAA+ChrG,GACpE8oG,GAAiC5rG,EAAQ6rG,GAE7CX,GAAoDpoG,EAAW,IAChE3B,IACuB,aAAlBnB,EAAO48F,QACPuR,GAA+CrrG,GAlgB3D,SAAoD9C,EAAQuD,GACxDvD,EAAOmqG,sBAAsBQ,QAAQpnG,GACrCvD,EAAOmqG,2BAAwBjqG,EAC/BirG,GAAgCnrG,EAAQuD,EAC5C,CAggBQurG,CAA2C9uG,EAAQmB,EAAO,GAElE,CAvCQ4tG,CAA4CjsG,EAAYxC,EAEhE,CACA,SAASmtG,GAA6C3qG,EAAYS,GACV,aAAhDT,EAAW+qG,0BAA0BjR,QACrCqR,GAAqCnrG,EAAYS,EAEzD,CAiCA,SAASuqG,GAA+ChrG,GAEpD,OADoB2pG,GAA8C3pG,IAC5C,CAC1B,CAEA,SAASmrG,GAAqCnrG,EAAYS,GACtD,MAAMvD,EAAS8C,EAAW+qG,0BAC1BM,GAA+CrrG,GAC/CgoG,GAA4B9qG,EAAQuD,EACxC,CAEA,SAASkmG,GAA4Bt/F,GACjC,OAAO,IAAI2mB,UAAU,4BAA4B3mB,yCACrD,CAEA,SAASoiG,GAAiCpiG,GACtC,OAAO,IAAI2mB,UAAU,yCAAyC3mB,sDAClE,CACA,SAASqiG,GAA2BriG,GAChC,OAAO,IAAI2mB,UAAU,UAAY3mB,EAAO,oCAC5C,CACA,SAAS+hG,GAAqCvsG,GAC1CA,EAAO69F,eAAiBpD,IAAW,CAACj7F,EAASC,KACzCO,EAAO89F,uBAAyBt+F,EAChCQ,EAAO+9F,sBAAwBt+F,EAC/BO,EAAOstG,oBAAsB,SAAS,GAE9C,CACA,SAASZ,GAA+C1sG,EAAQwB,GAC5D+qG,GAAqCvsG,GACrCgsG,GAAiChsG,EAAQwB,EAC7C,CAKA,SAASwqG,GAAiChsG,EAAQwB,QACTjB,IAAjCP,EAAO+9F,wBAGXzC,GAA0Bt7F,EAAO69F,gBACjC79F,EAAO+9F,sBAAsBv8F,GAC7BxB,EAAO89F,4BAAyBv9F,EAChCP,EAAO+9F,2BAAwBx9F,EAC/BP,EAAOstG,oBAAsB,WACjC,CAIA,SAASb,GAAkCzsG,QACDO,IAAlCP,EAAO89F,yBAGX99F,EAAO89F,4BAAuBv9F,GAC9BP,EAAO89F,4BAAyBv9F,EAChCP,EAAO+9F,2BAAwBx9F,EAC/BP,EAAOstG,oBAAsB,WACjC,CACA,SAASnB,GAAoCnsG,GACzCA,EAAOgtG,cAAgBvS,IAAW,CAACj7F,EAASC,KACxCO,EAAOqvG,sBAAwB7vG,EAC/BQ,EAAOsvG,qBAAuB7vG,CAAM,IAExCO,EAAOwtG,mBAAqB,SAChC,CACA,SAAShB,GAA8CxsG,EAAQwB,GAC3D2qG,GAAoCnsG,GACpCytG,GAAgCztG,EAAQwB,EAC5C,CACA,SAAS8qG,GAA8CtsG,GACnDmsG,GAAoCnsG,GACpCqrG,GAAiCrrG,EACrC,CACA,SAASytG,GAAgCztG,EAAQwB,QACTjB,IAAhCP,EAAOsvG,uBAGXhU,GAA0Bt7F,EAAOgtG,eACjChtG,EAAOsvG,qBAAqB9tG,GAC5BxB,EAAOqvG,2BAAwB9uG,EAC/BP,EAAOsvG,0BAAuB/uG,EAC9BP,EAAOwtG,mBAAqB,WAChC,CAOA,SAASnC,GAAiCrrG,QACDO,IAAjCP,EAAOqvG,wBAGXrvG,EAAOqvG,2BAAsB9uG,GAC7BP,EAAOqvG,2BAAwB9uG,EAC/BP,EAAOsvG,0BAAuB/uG,EAC9BP,EAAOwtG,mBAAqB,YAChC,CArQAnjG,OAAOs2F,iBAAiB4I,GAAgCjpG,UAAW,CAC/DsD,MAAO,CAAEqhC,YAAY,KAEiB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe4+F,GAAgCjpG,UAAWw5F,GAAe8G,YAAa,CACzFjgG,MAAO,kCACPukC,cAAc,IA+QtB,MAAMqqE,GAA6C,oBAAjBC,aAA+BA,kBAAejvG,EA6BhF,MAAMkvG,GA1BN,SAAmC3qE,GAC/B,GAAsB,mBAATA,GAAuC,iBAATA,EACvC,OAAO,EAEX,IAEI,OADA,IAAIA,GACG,EAEX,MAAO4qE,GACH,OAAO,EAEf,CAeuBC,CAA0BJ,IAAsBA,GAdvE,WAEI,MAAMzqE,EAAO,SAAsBjsB,EAASrO,GACxClL,KAAKuZ,QAAUA,GAAW,GAC1BvZ,KAAKkL,KAAOA,GAAQ,QAChBhI,MAAM8jD,mBACN9jD,MAAM8jD,kBAAkBhnD,KAAMA,KAAKF,cAK3C,OADAiL,OAAOM,eADPm6B,EAAKxkC,UAAY+J,OAAOw6B,OAAOriC,MAAMlC,WACC,cAAe,CAAEK,MAAOmkC,EAAM/8B,UAAU,EAAMm9B,cAAc,IAC3FJ,CACX,CAE4F8qE,GAE5F,SAASC,GAAqBnmB,EAAQj5B,EAAMxoD,EAAcI,EAAcC,EAAewnG,GACnF,MAAMjrG,EAAS06F,GAAmC7V,GAC5C1pF,EAASmqG,GAAmC15C,GAClDi5B,EAAO8W,YAAa,EACpB,IAAIuP,GAAe,EAEfC,EAAerV,QAAoBp6F,GACvC,OAAOk6F,IAAW,CAACj7F,EAASC,KACxB,IAAIiqG,EACJ,QAAenpG,IAAXuvG,EAAsB,CAsBtB,GArBApG,EAAiB,KACb,MAAM9lG,EAAQ,IAAI6rG,GAAe,UAAW,cACtCQ,EAAU,GACX5nG,GACD4nG,EAAQ9uG,MAAK,IACW,aAAhBsvD,EAAKwsC,OACE+M,GAAoBv5C,EAAM7sD,GAE9B+2F,QAAoBp6F,KAG9B+H,GACD2nG,EAAQ9uG,MAAK,IACa,aAAlBuoF,EAAOuT,OACAO,GAAqB9T,EAAQ9lF,GAEjC+2F,QAAoBp6F,KAGnC2vG,GAAmB,IAAM3wG,QAAQ2H,IAAI+oG,EAAQzoG,KAAI2oG,GAAUA,SAAY,EAAMvsG,EAAM,EAEnFksG,EAAOM,QAEP,YADA1G,IAGJoG,EAAOO,iBAAiB,QAAS3G,GAiErC,GA3BA4G,EAAmB5mB,EAAQ7kF,EAAOg5F,gBAAgB+N,IACzCvjG,EAIDkoG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAMlG,GAAoBv5C,EAAMm7C,KAAc,EAAMA,MAO/E0E,EAAmB7/C,EAAMzwD,EAAO69F,gBAAgB+N,IACvCtjG,EAIDioG,GAAS,EAAM3E,GAHfsE,GAAmB,IAAM1S,GAAqB9T,EAAQkiB,KAAc,EAAMA,MAwClF,SAA2BvrG,EAAQ0f,EAASowF,GAClB,WAAlB9vG,EAAO48F,OACPkT,IAGAlV,GAAgBl7E,EAASowF,GAtCjCK,CAAkB9mB,EAAQ7kF,EAAOg5F,gBAAgB,KACxC51F,EAIDsoG,IAHAL,GAAmB,IA9fnC,SAA8DlwG,GAC1D,MAAMK,EAASL,EAAOqsG,qBAChB59D,EAAQpuC,EAAO48F,OACrB,OAAIgN,GAAoC5pG,IAAqB,WAAVouC,EACxCksD,QAAoBp6F,GAEjB,YAAVkuC,EACOmsD,GAAoBv6F,EAAOi9F,cAE/B4P,GAAiCltG,EAC5C,CAofyCywG,CAAqDzwG,QAOlFiqG,GAAoCx5C,IAAyB,WAAhBA,EAAKwsC,OAAqB,CACvE,MAAMyT,EAAa,IAAIv/E,UAAU,+EAC5B7oB,EAIDioG,GAAS,EAAMG,GAHfR,GAAmB,IAAM1S,GAAqB9T,EAAQgnB,KAAa,EAAMA,GAOjF,SAASC,IAGL,MAAMC,EAAkBZ,EACxB,OAAOnV,GAAmBmV,GAAc,IAAMY,IAAoBZ,EAAeW,SAA0BpwG,IAE/G,SAAS+vG,EAAmBjwG,EAAQ0f,EAASowF,GACnB,YAAlB9vG,EAAO48F,OACPkT,EAAO9vG,EAAOi9F,cAGdpC,GAAcn7E,EAASowF,GAW/B,SAASD,EAAmBC,EAAQU,EAAiBC,GAWjD,SAASC,IACL/V,GAAYmV,KAAU,IAAM72E,EAASu3E,EAAiBC,KAAgBE,GAAY13E,GAAS,EAAM03E,KAXjGjB,IAGJA,GAAe,EACK,aAAhBt/C,EAAKwsC,QAA0BgN,GAAoCx5C,GAInEsgD,IAHA9V,GAAgB0V,IAAyBI,IASjD,SAASR,EAASU,EAASrtG,GACnBmsG,IAGJA,GAAe,EACK,aAAhBt/C,EAAKwsC,QAA0BgN,GAAoCx5C,GAInEn3B,EAAS23E,EAASrtG,GAHlBq3F,GAAgB0V,KAAyB,IAAMr3E,EAAS23E,EAASrtG,MAMzE,SAAS01B,EAAS23E,EAASrtG,GACvBupG,GAAmCntG,GACnCy9F,GAAmC54F,QACpBtE,IAAXuvG,GACAA,EAAOoB,oBAAoB,QAASxH,GAEpCuH,EACAxxG,EAAOmE,GAGPpE,OAAQe,GA5DhB+6F,GApEWb,IAAW,CAAC0W,EAAaC,MAC5B,SAAS1uC,EAAK9hE,GACNA,EACAuwG,IAKAtW,GAORkV,EACOpV,IAAoB,GAExBE,GAAmB76F,EAAOgtG,eAAe,IACrCvS,IAAW,CAAC4W,EAAaC,KAC5BhR,GAAgCz7F,EAAQ,CACpCi7F,YAAaz+F,IACT2uG,EAAenV,GAAmBuS,GAAiCptG,EAAQqB,QAAQd,EAAW05F,IAC9FoX,GAAY,EAAM,EAEtBxR,YAAa,IAAMwR,GAAY,GAC/B9Q,YAAa+Q,GACf,MAnBiC5uC,EAAM0uC,GAG7C1uC,EAAK,EAAM,OAyH3B,CAOA,MAAM6uC,GACFnyG,cACI,MAAM,IAAI+xB,UAAU,uBAMpBypD,kBACA,IAAK42B,GAAkClyG,MACnC,MAAMmyG,GAAuC,eAEjD,OAAOC,GAA8CpyG,MAMzDgC,QACI,IAAKkwG,GAAkClyG,MACnC,MAAMmyG,GAAuC,SAEjD,IAAKE,GAAiDryG,MAClD,MAAM,IAAI6xB,UAAU,mDAExBygF,GAAqCtyG,MAEzCoE,QAAQrC,EAAQd,WACZ,IAAKixG,GAAkClyG,MACnC,MAAMmyG,GAAuC,WAEjD,IAAKE,GAAiDryG,MAClD,MAAM,IAAI6xB,UAAU,qDAExB,OAAO0gF,GAAuCvyG,KAAM+B,GAKxDuC,MAAMD,EAAIpD,WACN,IAAKixG,GAAkClyG,MACnC,MAAMmyG,GAAuC,SAEjDK,GAAqCxyG,KAAMqE,GAG/Cu6F,CAACA,IAAa18F,GACV8gG,GAAWhjG,MACX,MAAMyB,EAASzB,KAAKqlG,iBAAiBnjG,GAErC,OADAuwG,GAA+CzyG,MACxCyB,EAGXo9F,CAACA,IAAWuB,GACR,MAAMr/F,EAASf,KAAK0yG,0BACpB,GAAI1yG,KAAK6iG,OAAOzhG,OAAS,EAAG,CACxB,MAAMW,EAAQ2gG,GAAa1iG,MACvBA,KAAKykG,iBAA0C,IAAvBzkG,KAAK6iG,OAAOzhG,QACpCqxG,GAA+CzyG,MAC/C6kG,GAAoB9jG,IAGpB4xG,GAAgD3yG,MAEpDogG,EAAYI,YAAYz+F,QAGxBo+F,GAA6Bp/F,EAAQq/F,GACrCuS,GAAgD3yG,OAiB5D,SAASkyG,GAAkCplG,GACvC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAAS6lG,GAAgD9uG,GAErD,IADmB+uG,GAA8C/uG,GAE7D,OAEJ,GAAIA,EAAWsiG,SAEX,YADAtiG,EAAWuiG,YAAa,GAG5BviG,EAAWsiG,UAAW,EAEtBzK,GADoB73F,EAAWwiG,kBACN,KACrBxiG,EAAWsiG,UAAW,EAClBtiG,EAAWuiG,aACXviG,EAAWuiG,YAAa,EACxBuM,GAAgD9uG,OAErDQ,IACCmuG,GAAqC3uG,EAAYQ,EAAE,GAE3D,CACA,SAASuuG,GAA8C/uG,GACnD,MAAM9C,EAAS8C,EAAW6uG,0BAC1B,IAAKL,GAAiDxuG,GAClD,OAAO,EAEX,IAAKA,EAAWmiG,SACZ,OAAO,EAEX,GAAIpF,GAAuB7/F,IAAW0/F,GAAiC1/F,GAAU,EAC7E,OAAO,EAGX,OADoBqxG,GAA8CvuG,GAChD,CAItB,CACA,SAAS4uG,GAA+C5uG,GACpDA,EAAWwiG,oBAAiBplG,EAC5B4C,EAAWwhG,sBAAmBpkG,EAC9B4C,EAAWyqG,4BAAyBrtG,CACxC,CAEA,SAASqxG,GAAqCzuG,GAC1C,IAAKwuG,GAAiDxuG,GAClD,OAEJ,MAAM9C,EAAS8C,EAAW6uG,0BAC1B7uG,EAAW4gG,iBAAkB,EACI,IAA7B5gG,EAAWg/F,OAAOzhG,SAClBqxG,GAA+C5uG,GAC/CghG,GAAoB9jG,GAE5B,CACA,SAASwxG,GAAuC1uG,EAAY9B,GACxD,IAAKswG,GAAiDxuG,GAClD,OAEJ,MAAM9C,EAAS8C,EAAW6uG,0BAC1B,GAAI9R,GAAuB7/F,IAAW0/F,GAAiC1/F,GAAU,EAC7Eu/F,GAAiCv/F,EAAQgB,GAAO,OAE/C,CACD,IAAIygE,EACJ,IACIA,EAAY3+D,EAAWyqG,uBAAuBvsG,GAElD,MAAOwsG,GAEH,MADAiE,GAAqC3uG,EAAY0qG,GAC3CA,EAEV,IACIxL,GAAqBl/F,EAAY9B,EAAOygE,GAE5C,MAAOmsC,GAEH,MADA6D,GAAqC3uG,EAAY8qG,GAC3CA,GAGdgE,GAAgD9uG,EACpD,CACA,SAAS2uG,GAAqC3uG,EAAYQ,GACtD,MAAMtD,EAAS8C,EAAW6uG,0BACJ,aAAlB3xG,EAAO48F,SAGXqF,GAAWn/F,GACX4uG,GAA+C5uG,GAC/CkkG,GAAoBhnG,EAAQsD,GAChC,CACA,SAAS+tG,GAA8CvuG,GACnD,MAAMsrC,EAAQtrC,EAAW6uG,0BAA0B/U,OACnD,MAAc,YAAVxuD,EACO,KAEG,WAAVA,EACO,EAEJtrC,EAAWmkG,aAAenkG,EAAWi/F,eAChD,CAQA,SAASuP,GAAiDxuG,GACtD,MAAMsrC,EAAQtrC,EAAW6uG,0BAA0B/U,OACnD,OAAK95F,EAAW4gG,iBAA6B,aAAVt1D,CAIvC,CACA,SAAS0jE,GAAqC9xG,EAAQ8C,EAAYskG,EAAgBC,EAAeC,EAAiB1+F,EAAeqgG,GAC7HnmG,EAAW6uG,0BAA4B3xG,EACvC8C,EAAWg/F,YAAS5hG,EACpB4C,EAAWi/F,qBAAkB7hG,EAC7B+hG,GAAWn/F,GACXA,EAAWmiG,UAAW,EACtBniG,EAAW4gG,iBAAkB,EAC7B5gG,EAAWuiG,YAAa,EACxBviG,EAAWsiG,UAAW,EACtBtiG,EAAWyqG,uBAAyBtE,EACpCnmG,EAAWmkG,aAAer+F,EAC1B9F,EAAWwiG,eAAiB+B,EAC5BvkG,EAAWwhG,iBAAmBgD,EAC9BtnG,EAAOogG,0BAA4Bt9F,EAEnC63F,GAAYL,GADQ8M,MAC0B,KAC1CtkG,EAAWmiG,UAAW,EACtB2M,GAAgD9uG,EAAW,IAC5D8J,IACC6kG,GAAqC3uG,EAAY8J,EAAE,GAE3D,CAkBA,SAASwkG,GAAuCjnG,GAC5C,OAAO,IAAI2mB,UAAU,6CAA6C3mB,0DACtE,CAwHA,SAAS4nG,GAAsC7oG,EAAIo/F,EAAUlK,GAEzD,OADAC,GAAen1F,EAAIk1F,GACXj9F,GAAWq6F,GAAYtyF,EAAIo/F,EAAU,CAACnnG,GAClD,CACA,SAAS6wG,GAAoC9oG,EAAIo/F,EAAUlK,GAEvD,OADAC,GAAen1F,EAAIk1F,GACXt7F,GAAe04F,GAAYtyF,EAAIo/F,EAAU,CAACxlG,GACtD,CACA,SAASmvG,GAAqC/oG,EAAIo/F,EAAUlK,GAExD,OADAC,GAAen1F,EAAIk1F,GACXt7F,GAAeu4F,GAAYnyF,EAAIo/F,EAAU,CAACxlG,GACtD,CACA,SAASovG,GAA0Bj5F,EAAMmlF,GAErC,GAAa,WADbnlF,EAAO,GAAGA,GAEN,MAAM,IAAI6X,UAAU,GAAGstE,MAAYnlF,8DAEvC,OAAOA,CACX,CASA,SAASk5F,GAAgCplF,EAAMqxE,GAE3C,GAAa,UADbrxE,EAAO,GAAGA,GAEN,MAAM,IAAI+D,UAAU,GAAGstE,MAAYrxE,oEAEvC,OAAOA,CACX,CAQA,SAASqlF,GAAmBtuG,EAASs6F,GACjCD,GAAiBr6F,EAASs6F,GAC1B,MAAMp2F,EAAelE,aAAyC,EAASA,EAAQkE,aACzEC,EAAgBnE,aAAyC,EAASA,EAAQmE,cAC1EL,EAAe9D,aAAyC,EAASA,EAAQ8D,aACzE6nG,EAAS3rG,aAAyC,EAASA,EAAQ2rG,OAIzE,YAHevvG,IAAXuvG,GAUR,SAA2BA,EAAQrR,GAC/B,IA7oBJ,SAAuB99F,GACnB,GAAqB,iBAAVA,GAAgC,OAAVA,EAC7B,OAAO,EAEX,IACI,MAAgC,kBAAlBA,EAAMyvG,QAExB,MAAOV,GAEH,OAAO,EAEf,CAkoBSgD,CAAc5C,GACf,MAAM,IAAI3+E,UAAastE,EAAH,0BAE5B,CAbQkU,CAAkB7C,EAAWrR,EAAH,6BAEvB,CACHp2F,eAAsBA,EACtBC,gBAAuBA,EACvBL,eAAsBA,EACtB6nG,SAER,CAlWAzlG,OAAOs2F,iBAAiB4Q,GAAgCjxG,UAAW,CAC/DgB,MAAO,CAAE2jC,YAAY,GACrBvhC,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe4mG,GAAgCjxG,UAAWw5F,GAAe8G,YAAa,CACzFjgG,MAAO,kCACPukC,cAAc,IAgXtB,MAAMnjC,GACF3C,YAAYwzG,EAAsB,GAAI1J,EAAc,SACpB3oG,IAAxBqyG,EACAA,EAAsB,KAGtBjU,GAAaiU,EAAqB,mBAEtC,MAAMh5C,EAAW4uC,GAAuBU,EAAa,oBAC/C2J,EAhHd,SAA8CnpB,EAAQ+U,GAClDD,GAAiB9U,EAAQ+U,GACzB,MAAMkK,EAAWjf,EACXob,EAAwB6D,aAA2C,EAASA,EAAS7D,sBACrF/gG,EAAS4kG,aAA2C,EAASA,EAAS5kG,OACtEF,EAAO8kG,aAA2C,EAASA,EAAS9kG,KACpEX,EAAQylG,aAA2C,EAASA,EAASzlG,MACrEoW,EAAOqvF,aAA2C,EAASA,EAASrvF,KAC1E,MAAO,CACHwrF,2BAAiDvkG,IAA1BukG,OACnBvkG,EACA2+F,GAAwC4F,EAA0BrG,EAAH,4CACnE16F,YAAmBxD,IAAXwD,OACJxD,EACA6xG,GAAsCruG,EAAQ4kG,EAAalK,EAAH,6BAC5D56F,UAAetD,IAATsD,OACFtD,EACA8xG,GAAoCxuG,EAAM8kG,EAAalK,EAAH,2BACxDv7F,WAAiB3C,IAAV2C,OACH3C,EACA+xG,GAAqCpvG,EAAOylG,EAAalK,EAAH,4BAC1DnlF,UAAe/Y,IAAT+Y,OAAqB/Y,EAAYgyG,GAA0Bj5F,EAASmlF,EAAH,2BAE/E,CAyFiCqU,CAAqCF,EAAqB,mBAEnF,GADAG,GAAyBzzG,MACK,UAA1BuzG,EAAiBv5F,KAAkB,CACnC,QAAsB/Y,IAAlBq5D,EAASt1D,KACT,MAAM,IAAIuwC,WAAW,8DAGzB0yD,GAAsDjoG,KAAMuzG,EADtCxK,GAAqBzuC,EAAU,QAGpD,CACD,MAAM0vC,EAAgBf,GAAqB3uC,IA7OvD,SAAkEv5D,EAAQwyG,EAAkB5pG,EAAeqgG,GACvG,MAAMnmG,EAAakH,OAAOw6B,OAAO0sE,GAAgCjxG,WACjE,IAAImnG,EAAiB,KAAe,EAChCC,EAAgB,IAAM/M,QAAoBp6F,GAC1ConG,EAAkB,IAAMhN,QAAoBp6F,QACjBA,IAA3BsyG,EAAiB3vG,QACjBukG,EAAiB,IAAMoL,EAAiB3vG,MAAMC,SAEpB5C,IAA1BsyG,EAAiBhvG,OACjB6jG,EAAgB,IAAMmL,EAAiBhvG,KAAKV,SAEhB5C,IAA5BsyG,EAAiB9uG,SACjB4jG,EAAkBnmG,GAAUqxG,EAAiB9uG,OAAOvC,IAExD2wG,GAAqC9xG,EAAQ8C,EAAYskG,EAAgBC,EAAeC,EAAiB1+F,EAAeqgG,EAC5H,CAgOY0J,CAAyD1zG,KAAMuzG,EADzCxK,GAAqBzuC,EAAU,GAC2C0vC,IAMpGO,aACA,IAAKvK,GAAiBhgG,MAClB,MAAM2zG,GAA4B,UAEtC,OAAO/S,GAAuB5gG,MAQlCyE,OAAOvC,EAASjB,WACZ,OAAK++F,GAAiBhgG,MAGlB4gG,GAAuB5gG,MAChBs7F,GAAoB,IAAIzpE,UAAU,qDAEtCqsE,GAAqBl+F,KAAMkC,GALvBo5F,GAAoBqY,GAA4B,WAO/DpzG,UAAUqzG,EAAa3yG,WACnB,IAAK++F,GAAiBhgG,MAClB,MAAM2zG,GAA4B,aAEtC,MAAM9uG,EA/Gd,SAA8BA,EAASs6F,GACnCD,GAAiBr6F,EAASs6F,GAC1B,MAAMrxE,EAAOjpB,aAAyC,EAASA,EAAQipB,KACvE,MAAO,CACHA,UAAe7sB,IAAT6sB,OAAqB7sB,EAAYiyG,GAAgCplF,EAASqxE,EAAH,2BAErF,CAyGwB0U,CAAqBD,EAAY,mBACjD,YAAqB3yG,IAAjB4D,EAAQipB,KACDmyE,GAAmCjgG,MA3zDtD,SAAyCe,GACrC,OAAO,IAAI0nG,GAAyB1nG,EACxC,CA2zDe+yG,CAAgC9zG,MAE3C+zG,YAAYC,EAAcJ,EAAa,IACnC,IAAK5T,GAAiBhgG,MAClB,MAAM2zG,GAA4B,eAEtCrU,GAAuB0U,EAAc,EAAG,eACxC,MAAM7rG,EA/Ed,SAAqCy6F,EAAMzD,GACvCD,GAAiB0D,EAAMzD,GACvB,MAAM32F,EAAWo6F,aAAmC,EAASA,EAAKp6F,SAClEg3F,GAAoBh3F,EAAU,WAAY,wBAC1Cu3F,GAAqBv3F,EAAa22F,EAAH,+BAC/B,MAAM12F,EAAWm6F,aAAmC,EAASA,EAAKn6F,SAGlE,OAFA+2F,GAAoB/2F,EAAU,WAAY,wBAC1CghG,GAAqBhhG,EAAa02F,EAAH,+BACxB,CAAE32F,WAAUC,WACvB,CAsE0BwrG,CAA4BD,EAAc,mBACtDnvG,EAAUsuG,GAAmBS,EAAY,oBAC/C,GAAIhT,GAAuB5gG,MACvB,MAAM,IAAI6xB,UAAU,kFAExB,GAAI44E,GAAuBtiG,EAAUM,UACjC,MAAM,IAAIopB,UAAU,kFAIxB,OADAmqE,GADgBuU,GAAqBvwG,KAAMmI,EAAUM,SAAU5D,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQ2rG,SAEnIroG,EAAUK,SAErBU,OAAOgrG,EAAaN,EAAa,IAC7B,IAAK5T,GAAiBhgG,MAClB,OAAOs7F,GAAoBqY,GAA4B,WAE3D,QAAoB1yG,IAAhBizG,EACA,OAAO5Y,GAAoB,wCAE/B,IAAKoO,GAAiBwK,GAClB,OAAO5Y,GAAoB,IAAIzpE,UAAU,8EAE7C,IAAIhtB,EACJ,IACIA,EAAUsuG,GAAmBS,EAAY,oBAE7C,MAAOvvG,GACH,OAAOi3F,GAAoBj3F,GAE/B,OAAIu8F,GAAuB5gG,MAChBs7F,GAAoB,IAAIzpE,UAAU,8EAEzC44E,GAAuByJ,GAChB5Y,GAAoB,IAAIzpE,UAAU,8EAEtC0+E,GAAqBvwG,KAAMk0G,EAAarvG,EAAQ8D,aAAc9D,EAAQkE,aAAclE,EAAQmE,cAAenE,EAAQ2rG,QAa9H5lG,MACI,IAAKo1F,GAAiBhgG,MAClB,MAAM2zG,GAA4B,OAEtC,MAAMQ,EAxTd,SAA2BpzG,EAAQqzG,GAC/B,MAAM7uG,EAAS06F,GAAmCl/F,GAClD,IAGIszG,EACAC,EACAC,EACAC,EACAC,EAPAC,GAAU,EACVC,GAAY,EACZC,GAAY,EAMhB,MAAMC,EAAgB1Z,IAAWj7F,IAC7Bu0G,EAAuBv0G,CAAO,IAElC,SAASkoG,IACL,OAAIsM,IAGJA,GAAU,EAuCV1T,GAAgCz7F,EAtCZ,CAChBi7F,YAAan/F,IAIT46F,IAAe,KACXyY,GAAU,EACV,MAAMI,EAASzzG,EACT0zG,EAAS1zG,EAMVszG,GACDpC,GAAuCgC,EAAQpT,0BAA2B2T,GAEzEF,GACDrC,GAAuCiC,EAAQrT,0BAA2B4T,KAEhF,EAENxU,YAAa,KACTmU,GAAU,EACLC,GACDrC,GAAqCiC,EAAQpT,2BAE5CyT,GACDtC,GAAqCkC,EAAQrT,2BAE5CwT,GAAcC,GACfH,OAAqBxzG,IAG7BggG,YAAa,KACTyT,GAAU,CAAK,KAtCZrZ,QAAoBp6F,GAgEnC,SAASknG,KAYT,OATAoM,EAAUS,GAAqB7M,EAAgBC,GAvB/C,SAA0BlmG,GAGtB,GAFAyyG,GAAY,EACZN,EAAUnyG,EACN0yG,EAAW,CACX,MAAMK,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBn9F,EAAQk0G,GAClDR,EAAqBS,GAEzB,OAAOL,KAgBXL,EAAUQ,GAAqB7M,EAAgBC,GAd/C,SAA0BlmG,GAGtB,GAFA0yG,GAAY,EACZN,EAAUpyG,EACNyyG,EAAW,CACX,MAAMM,EAAkBhS,GAAoB,CAACoR,EAASC,IAChDY,EAAehX,GAAqBn9F,EAAQk0G,GAClDR,EAAqBS,GAEzB,OAAOL,KAOXjZ,GAAcr2F,EAAOg5F,gBAAiB5wF,IAClC6kG,GAAqC+B,EAAQpT,0BAA2BxzF,GACxE6kG,GAAqCgC,EAAQrT,0BAA2BxzF,GACnEgnG,GAAcC,GACfH,OAAqBxzG,MAGtB,CAACszG,EAASC,EACrB,CA4NyBW,CAAkBn1G,MACnC,OAAOijG,GAAoBkR,GAE/BhtG,OAAOysG,EAAa3yG,WAChB,IAAK++F,GAAiBhgG,MAClB,MAAM2zG,GAA4B,UAGtC,OA1jFR,SAA4C5yG,EAAQiI,GAChD,MAAMzD,EAAS06F,GAAmCl/F,GAC5Cq0G,EAAO,IAAI5T,GAAgCj8F,EAAQyD,GACnDyxF,EAAW1vF,OAAOw6B,OAAO08D,IAE/B,OADAxH,EAAS0H,mBAAqBiT,EACvB3a,CACX,CAojFe4a,CAAmCr1G,KAvKlD,SAAgC6E,EAASs6F,GAGrC,OAFAD,GAAiBr6F,EAASs6F,GAEnB,CAAEn2F,iBADanE,aAAyC,EAASA,EAAQmE,eAEpF,CAkKwBssG,CAAuB1B,EAAY,mBACK5qG,gBA2BhE,SAASgsG,GAAqB7M,EAAgBC,EAAeC,EAAiB1+F,EAAgB,EAAGqgG,EAAgB,KAAM,IACnH,MAAMjpG,EAASgK,OAAOw6B,OAAO9iC,GAAezB,WAC5CyyG,GAAyB1yG,GAGzB,OADA8xG,GAAqC9xG,EADlBgK,OAAOw6B,OAAO0sE,GAAgCjxG,WACRmnG,EAAgBC,EAAeC,EAAiB1+F,EAAeqgG,GACjHjpG,CACX,CACA,SAAS0yG,GAAyB1yG,GAC9BA,EAAO48F,OAAS,WAChB58F,EAAO+D,aAAU7D,EACjBF,EAAOi9F,kBAAe/8F,EACtBF,EAAOmgG,YAAa,CACxB,CACA,SAASlB,GAAiBlzF,GACtB,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,4BAIjD,CACA,SAAS8zF,GAAuB7/F,GAC5B,YAAuBE,IAAnBF,EAAO+D,OAIf,CAEA,SAASo5F,GAAqBn9F,EAAQmB,GAElC,GADAnB,EAAOmgG,YAAa,EACE,WAAlBngG,EAAO48F,OACP,OAAOtC,QAAoBp6F,GAE/B,GAAsB,YAAlBF,EAAO48F,OACP,OAAOrC,GAAoBv6F,EAAOi9F,cAEtC6G,GAAoB9jG,GAEpB,OAAO86F,GADqB96F,EAAOogG,0BAA0BvC,IAAa18F,GACzBy4F,GACrD,CACA,SAASkK,GAAoB9jG,GACzBA,EAAO48F,OAAS,SAChB,MAAMp4F,EAASxE,EAAO+D,aACP7D,IAAXsE,IAGJs4F,GAAkCt4F,GAC9Bo7F,GAA8Bp7F,KAC9BA,EAAO86F,cAAcj9F,SAAQg9F,IACzBA,EAAYG,aAAa,IAE7Bh7F,EAAO86F,cAAgB,IAAI7D,IAEnC,CACA,SAASuL,GAAoBhnG,EAAQsD,GACjCtD,EAAO48F,OAAS,UAChB58F,EAAOi9F,aAAe35F,EACtB,MAAMkB,EAASxE,EAAO+D,aACP7D,IAAXsE,IAGJ64F,GAAiC74F,EAAQlB,GACrCs8F,GAA8Bp7F,IAC9BA,EAAO86F,cAAcj9F,SAAQg9F,IACzBA,EAAYa,YAAY58F,EAAE,IAE9BkB,EAAO86F,cAAgB,IAAI7D,KAG3Bj3F,EAAOmhG,kBAAkBtjG,SAAQqjG,IAC7BA,EAAgBxF,YAAY58F,EAAE,IAElCkB,EAAOmhG,kBAAoB,IAAIlK,IAEvC,CAEA,SAASmX,GAA4BzoG,GACjC,OAAO,IAAI2mB,UAAU,4BAA4B3mB,yCACrD,CAEA,SAASqqG,GAA2Bl7E,EAAM8kE,GACtCD,GAAiB7kE,EAAM8kE,GACvB,MAAMx1F,EAAgB0wB,aAAmC,EAASA,EAAK1wB,cAEvE,OADA61F,GAAoB71F,EAAe,gBAAiB,uBAC7C,CACHA,cAAe+1F,GAA0B/1F,GAEjD,CAhHAoB,OAAOs2F,iBAAiB5+F,GAAezB,UAAW,CAC9CyD,OAAQ,CAAEkhC,YAAY,GACtBplC,UAAW,CAAEolC,YAAY,GACzBouE,YAAa,CAAEpuE,YAAY,GAC3Bz8B,OAAQ,CAAEy8B,YAAY,GACtB/6B,IAAK,CAAE+6B,YAAY,GACnBx+B,OAAQ,CAAEw+B,YAAY,GACtB4kE,OAAQ,CAAE5kE,YAAY,KAEgB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe5I,GAAezB,UAAWw5F,GAAe8G,YAAa,CACxEjgG,MAAO,iBACPukC,cAAc,IAGsB,iBAAjC40D,GAAe+G,eACtBx2F,OAAOM,eAAe5I,GAAezB,UAAWw5F,GAAe+G,cAAe,CAC1ElgG,MAAOoB,GAAezB,UAAUmG,OAChCsB,UAAU,EACVm9B,cAAc,IA+FtB,MAAM4vE,GAAyB,SAAczzG,GACzC,OAAOA,EAAMoC,UACjB,EAMA,MAAMsxG,GACF31G,YAAY+E,GACRy6F,GAAuBz6F,EAAS,EAAG,6BACnCA,EAAU0wG,GAA2B1wG,EAAS,mBAC9C7E,KAAK01G,wCAA0C7wG,EAAQ8E,cAKvDA,oBACA,IAAKgsG,GAA4B31G,MAC7B,MAAM41G,GAA8B,iBAExC,OAAO51G,KAAK01G,wCAKZ1wG,WACA,IAAK2wG,GAA4B31G,MAC7B,MAAM41G,GAA8B,QAExC,OAAOJ,IAcf,SAASI,GAA8B1qG,GACnC,OAAO,IAAI2mB,UAAU,uCAAuC3mB,oDAChE,CACA,SAASyqG,GAA4B7oG,GACjC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,0CAIjD,CAtBA/B,OAAOs2F,iBAAiBoU,GAA0Bz0G,UAAW,CACzD2I,cAAe,CAAEg8B,YAAY,GAC7B3gC,KAAM,CAAE2gC,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAeoqG,GAA0Bz0G,UAAWw5F,GAAe8G,YAAa,CACnFjgG,MAAO,4BACPukC,cAAc,IAiBtB,MAAMiwE,GAAoB,WACtB,OAAO,CACX,EAMA,MAAMC,GACFh2G,YAAY+E,GACRy6F,GAAuBz6F,EAAS,EAAG,wBACnCA,EAAU0wG,GAA2B1wG,EAAS,mBAC9C7E,KAAK+1G,mCAAqClxG,EAAQ8E,cAKlDA,oBACA,IAAKqsG,GAAuBh2G,MACxB,MAAMi2G,GAAyB,iBAEnC,OAAOj2G,KAAK+1G,mCAMZ/wG,WACA,IAAKgxG,GAAuBh2G,MACxB,MAAMi2G,GAAyB,QAEnC,OAAOJ,IAcf,SAASI,GAAyB/qG,GAC9B,OAAO,IAAI2mB,UAAU,kCAAkC3mB,+CAC3D,CACA,SAAS8qG,GAAuBlpG,GAC5B,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,qCAIjD,CAuBA,SAASopG,GAAgCjsG,EAAIo/F,EAAUlK,GAEnD,OADAC,GAAen1F,EAAIk1F,GACXt7F,GAAe04F,GAAYtyF,EAAIo/F,EAAU,CAACxlG,GACtD,CACA,SAASsyG,GAAgClsG,EAAIo/F,EAAUlK,GAEnD,OADAC,GAAen1F,EAAIk1F,GACXt7F,GAAeu4F,GAAYnyF,EAAIo/F,EAAU,CAACxlG,GACtD,CACA,SAASuyG,GAAoCnsG,EAAIo/F,EAAUlK,GAEvD,OADAC,GAAen1F,EAAIk1F,GACZ,CAACp9F,EAAO8B,IAAe04F,GAAYtyF,EAAIo/F,EAAU,CAACtnG,EAAO8B,GACpE,CAxDAkH,OAAOs2F,iBAAiByU,GAAqB90G,UAAW,CACpD2I,cAAe,CAAEg8B,YAAY,GAC7B3gC,KAAM,CAAE2gC,YAAY,KAEkB,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAeyqG,GAAqB90G,UAAWw5F,GAAe8G,YAAa,CAC9EjgG,MAAO,uBACPukC,cAAc,IA4DtB,MAAMp+B,GACF1H,YAAYu2G,EAAiB,GAAIC,EAAsB,GAAIC,EAAsB,SACtDt1G,IAAnBo1G,IACAA,EAAiB,MAErB,MAAMG,EAAmBtN,GAAuBoN,EAAqB,oBAC/DG,EAAmBvN,GAAuBqN,EAAqB,mBAC/DG,EAlDd,SAA4BrN,EAAUlK,GAClCD,GAAiBmK,EAAUlK,GAC3B,MAAMjgC,EAAQmqC,aAA2C,EAASA,EAASnqC,MACrEy3C,EAAetN,aAA2C,EAASA,EAASsN,aAC5E/yG,EAAQylG,aAA2C,EAASA,EAASzlG,MACrEuE,EAAYkhG,aAA2C,EAASA,EAASlhG,UACzEyuG,EAAevN,aAA2C,EAASA,EAASuN,aAClF,MAAO,CACH13C,WAAiBj+D,IAAVi+D,OACHj+D,EACAi1G,GAAgCh3C,EAAOmqC,EAAalK,EAAH,4BACrDwX,eACA/yG,WAAiB3C,IAAV2C,OACH3C,EACAk1G,GAAgCvyG,EAAOylG,EAAalK,EAAH,4BACrDh3F,eAAyBlH,IAAdkH,OACPlH,EACAm1G,GAAoCjuG,EAAWkhG,EAAalK,EAAH,gCAC7DyX,eAER,CA8B4BC,CAAmBR,EAAgB,mBACvD,QAAiCp1G,IAA7By1G,EAAYC,aACZ,MAAM,IAAIphE,WAAW,kCAEzB,QAAiCt0C,IAA7By1G,EAAYE,aACZ,MAAM,IAAIrhE,WAAW,kCAEzB,MAAMuhE,EAAwB/N,GAAqB0N,EAAkB,GAC/DM,EAAwB9N,GAAqBwN,GAC7CO,EAAwBjO,GAAqByN,EAAkB,GAC/DS,EAAwBhO,GAAqBuN,GACnD,IAAIU,GA0CZ,SAAmCn2G,EAAQo2G,EAAcH,EAAuBC,EAAuBH,EAAuBC,GAC1H,SAAS5O,IACL,OAAOgP,EAEX,SAASjN,EAAenoG,GACpB,OAoMR,SAAkDhB,EAAQgB,GACtD,MAAM8B,EAAa9C,EAAOq2G,2BAC1B,GAAIr2G,EAAOuqG,cAAe,CAEtB,OAAOzP,GAD2B96F,EAAOs2G,4BACc,KACnD,MAAM5uG,EAAW1H,EAAOu2G,UAExB,GAAc,aADA7uG,EAASk1F,OAEnB,MAAMl1F,EAASu1F,aAEnB,OAAOuZ,GAAiD1zG,EAAY9B,EAAM,IAGlF,OAAOw1G,GAAiD1zG,EAAY9B,EACxE,CAlNey1G,CAAyCz2G,EAAQgB,GAE5D,SAASqoG,EAAeloG,GACpB,OAgNR,SAAkDnB,EAAQmB,GAItD,OADAu1G,GAAqB12G,EAAQmB,GACtBm5F,QAAoBp6F,EAC/B,CArNey2G,CAAyC32G,EAAQmB,GAE5D,SAASioG,IACL,OAmNR,SAAkDppG,GAE9C,MAAMyH,EAAWzH,EAAO42G,UAClB9zG,EAAa9C,EAAOq2G,2BACpBQ,EAAe/zG,EAAWg0G,kBAGhC,OAFAC,GAAgDj0G,GAEzCg4F,GAAqB+b,GAAc,KACtC,GAAwB,YAApBpvG,EAASm1F,OACT,MAAMn1F,EAASw1F,aAEnBsU,GAAqC9pG,EAAS24F,0BAA0B,IACzExzF,IAEC,MADA8pG,GAAqB12G,EAAQ4M,GACvBnF,EAASw1F,YAAY,GAEnC,CAnOe+Z,CAAyCh3G,GAGpD,SAASqnG,IACL,OAiOR,SAAmDrnG,GAI/C,OAFAi3G,GAA+Bj3G,GAAQ,GAEhCA,EAAOs2G,0BAClB,CAtOeY,CAA0Cl3G,GAErD,SAASsnG,EAAgBnmG,GAErB,OADAg2G,GAA4Cn3G,EAAQmB,GAC7Cm5F,QAAoBp6F,GAN/BF,EAAOu2G,UAl4DX,SAA8BnP,EAAgB+B,EAAgBC,EAAgBC,EAAgBzgG,EAAgB,EAAGqgG,EAAgB,KAAM,IACnI,MAAMjpG,EAASgK,OAAOw6B,OAAOh+B,GAAevG,WAI5C,OAHA+oG,GAAyBhpG,GAEzBspG,GAAqCtpG,EADlBgK,OAAOw6B,OAAO0kE,GAAgCjpG,WACRmnG,EAAgB+B,EAAgBC,EAAgBC,EAAgBzgG,EAAeqgG,GACjIjpG,CACX,CA43DuBo3G,CAAqBhQ,EAAgB+B,EAAgBC,EAAgBC,EAAgB4M,EAAuBC,GAQ/Hl2G,EAAO42G,UAAY3C,GAAqB7M,EAAgBC,EAAeC,EAAiByO,EAAuBC,GAE/Gh2G,EAAOuqG,mBAAgBrqG,EACvBF,EAAOs2G,gCAA6Bp2G,EACpCF,EAAOq3G,wCAAqCn3G,EAC5C+2G,GAA+Bj3G,GAAQ,GACvCA,EAAOq2G,gCAA6Bn2G,CACxC,CAlEQo3G,CAA0Br4G,KAHLm7F,IAAWj7F,IAC5Bg3G,EAAuBh3G,CAAO,IAEY82G,EAAuBC,EAAuBH,EAAuBC,GAgL3H,SAA8Dh2G,EAAQ21G,GAClE,MAAM7yG,EAAakH,OAAOw6B,OAAO+yE,GAAiCt3G,WAClE,IAAIu3G,EAAsBx2G,IACtB,IAEI,OADAy2G,GAAwC30G,EAAY9B,GAC7Cs5F,QAAoBp6F,GAE/B,MAAOw3G,GACH,OAAOnd,GAAoBmd,KAG/BC,EAAiB,IAAMrd,QAAoBp6F,QACjBA,IAA1By1G,EAAYvuG,YACZowG,EAAqBx2G,GAAS20G,EAAYvuG,UAAUpG,EAAO8B,SAErC5C,IAAtBy1G,EAAYx3C,QACZw5C,EAAiB,IAAMhC,EAAYx3C,MAAMr7D,KAtBjD,SAA+C9C,EAAQ8C,EAAY00G,EAAoBG,GACnF70G,EAAW80G,2BAA6B53G,EACxCA,EAAOq2G,2BAA6BvzG,EACpCA,EAAW+0G,oBAAsBL,EACjC10G,EAAWg0G,gBAAkBa,CACjC,CAmBIG,CAAsC93G,EAAQ8C,EAAY00G,EAAoBG,EAClF,CAlMQI,CAAqD94G,KAAM02G,QACjCz1G,IAAtBy1G,EAAY9yG,MACZszG,EAAqBR,EAAY9yG,MAAM5D,KAAKo3G,6BAG5CF,OAAqBj2G,GAMzBuH,eACA,IAAKuwG,GAAkB/4G,MACnB,MAAMg5G,GAA0B,YAEpC,OAAOh5G,KAAK23G,UAKZlvG,eACA,IAAKswG,GAAkB/4G,MACnB,MAAMg5G,GAA0B,YAEpC,OAAOh5G,KAAKs3G,WA0CpB,SAASyB,GAAkBjsG,GACvB,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BAIjD,CAEA,SAAS2qG,GAAqB12G,EAAQsD,GAClCmuG,GAAqCzxG,EAAO42G,UAAUxW,0BAA2B98F,GACjF6zG,GAA4Cn3G,EAAQsD,EACxD,CACA,SAAS6zG,GAA4Cn3G,EAAQsD,GACzDyzG,GAAgD/2G,EAAOq2G,4BACvD5I,GAA6CztG,EAAOu2G,UAAUtM,0BAA2B3mG,GACrFtD,EAAOuqG,eAIP0M,GAA+Bj3G,GAAQ,EAE/C,CACA,SAASi3G,GAA+Bj3G,EAAQ6rG,QAEF3rG,IAAtCF,EAAOs2G,4BACPt2G,EAAOq3G,qCAEXr3G,EAAOs2G,2BAA6Blc,IAAWj7F,IAC3Ca,EAAOq3G,mCAAqCl4G,CAAO,IAEvDa,EAAOuqG,cAAgBsB,CAC3B,CAxEA7hG,OAAOs2F,iBAAiB75F,GAAgBxG,UAAW,CAC/CwH,SAAU,CAAEm9B,YAAY,GACxBl9B,SAAU,CAAEk9B,YAAY,KAEc,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAe7D,GAAgBxG,UAAWw5F,GAAe8G,YAAa,CACzEjgG,MAAO,kBACPukC,cAAc,IAwEtB,MAAM0yE,GACFx4G,cACI,MAAM,IAAI+xB,UAAU,uBAKpBypD,kBACA,IAAK29B,GAAmCj5G,MACpC,MAAMk5G,GAAqC,eAG/C,OAAO9G,GADoBpyG,KAAK24G,2BAA2BhB,UAAUxW,2BAGzE/8F,QAAQrC,EAAQd,WACZ,IAAKg4G,GAAmCj5G,MACpC,MAAMk5G,GAAqC,WAE/CV,GAAwCx4G,KAAM+B,GAMlDuC,MAAMpC,EAASjB,WACX,IAAKg4G,GAAmCj5G,MACpC,MAAMk5G,GAAqC,SAwFvD,IAA2D70G,IAtFPnC,EAuFhDu1G,GAvF0Cz3G,KAuFV24G,2BAA4Bt0G,GAjF5DuH,YACI,IAAKqtG,GAAmCj5G,MACpC,MAAMk5G,GAAqC,cAwFvD,SAAmDr1G,GAC/C,MAAM9C,EAAS8C,EAAW80G,2BACpBQ,EAAqBp4G,EAAO42G,UAAUxW,0BAC5CmR,GAAqC6G,GAErCjB,GAA4Cn3G,EAD9B,IAAI8wB,UAAU,8BAEhC,CA5FQunF,CAA0Cp5G,OAgBlD,SAASi5G,GAAmCnsG,GACxC,QAAK+tF,GAAa/tF,MAGb/B,OAAO/J,UAAUmxB,eAAerxB,KAAKgM,EAAG,6BAIjD,CA2BA,SAASgrG,GAAgDj0G,GACrDA,EAAW+0G,yBAAsB33G,EACjC4C,EAAWg0G,qBAAkB52G,CACjC,CACA,SAASu3G,GAAwC30G,EAAY9B,GACzD,MAAMhB,EAAS8C,EAAW80G,2BACpBQ,EAAqBp4G,EAAO42G,UAAUxW,0BAC5C,IAAKkR,GAAiD8G,GAClD,MAAM,IAAItnF,UAAU,wDAIxB,IACI0gF,GAAuC4G,EAAoBp3G,GAE/D,MAAOsC,GAGH,MADA6zG,GAA4Cn3G,EAAQsD,GAC9CtD,EAAO42G,UAAU3Z,aAE3B,MAAM4O,EAz3BV,SAAwD/oG,GACpD,OAAI+uG,GAA8C/uG,EAItD,CAo3ByBw1G,CAA+CF,GAChEvM,IAAiB7rG,EAAOuqG,eACxB0M,GAA+Bj3G,GAAQ,EAE/C,CAIA,SAASw2G,GAAiD1zG,EAAY9B,GAElE,OAAO85F,GADkBh4F,EAAW+0G,oBAAoB72G,QACVd,GAAW0M,IAErD,MADA8pG,GAAqB5zG,EAAW80G,2BAA4BhrG,GACtDA,CAAC,GAEf,CAuDA,SAASurG,GAAqChuG,GAC1C,OAAO,IAAI2mB,UAAU,8CAA8C3mB,2DACvE,CAEA,SAAS8tG,GAA0B9tG,GAC/B,OAAO,IAAI2mB,UAAU,6BAA6B3mB,0CACtD,CA/IAH,OAAOs2F,iBAAiBiX,GAAiCt3G,UAAW,CAChEoD,QAAS,CAAEuhC,YAAY,GACvBrhC,MAAO,CAAEqhC,YAAY,GACrB/5B,UAAW,CAAE+5B,YAAY,GACzB21C,YAAa,CAAE31C,YAAY,KAEW,iBAA/B60D,GAAe8G,aACtBv2F,OAAOM,eAAeitG,GAAiCt3G,UAAWw5F,GAAe8G,YAAa,CAC1FjgG,MAAO,mCACPukC,cAAc,qaC3lHlB0zE,GAAgB,SAAS7wF,EAAGxa,GAI5B,OAHAqrG,GAAgBvuG,OAAOs3F,gBAClB,CAAEkX,UAAW,cAAgB15G,OAAS,SAAU4oB,EAAGxa,GAAKwa,EAAE8wF,UAAYtrG,IACvE,SAAUwa,EAAGxa,GAAK,IAAK,IAAImkB,KAAKnkB,EAAOlD,OAAO/J,UAAUmxB,eAAerxB,KAAKmN,EAAGmkB,KAAI3J,EAAE2J,GAAKnkB,EAAEmkB,KACzFknF,GAAc7wF,EAAGxa,EAC5B;;;;;;;;;;;;;;gFAEA,SAASurG,GAAU/wF,EAAGxa,GAClB,GAAiB,mBAANA,GAA0B,OAANA,EAC3B,MAAM,IAAI4jB,UAAU,uBAAgC5jB,EAAK,iCAE7D,SAAS8zD,IAAO/hE,KAAKF,YAAc2oB,EADnC6wF,GAAc7wF,EAAGxa,GAEjBwa,EAAEznB,UAAkB,OAANiN,EAAalD,OAAOw6B,OAAOt3B,IAAM8zD,EAAG/gE,UAAYiN,EAAEjN,UAAW,IAAI+gE,EACnF,CAEA,SAAS58B,GAAO7lB,GACZ,IAAKA,EACD,MAAM,IAAIuS,UAAU,mBAE5B,CAEA,SAAS8oE,KAET,CACA,SAASE,GAAa/tF,GAClB,MAAqB,iBAANA,GAAwB,OAANA,GAA4B,mBAANA,CAC3D,CAEA,SAAS2sG,GAAoBj0E,GACzB,GAAoB,mBAATA,EACP,OAAO,EAEX,IAAIk0E,GAAc,EAClB,IACI,IAAIl0E,EAAK,CACL5hC,MAAO,WACH81G,GAAc,KAI1B,MAAOr1G,IAGP,OAAOq1G,CACX,CACA,SAASC,GAAiBnxG,GACtB,QAAKqyF,GAAaryF,IAGgB,mBAAvBA,EAASjI,SAIxB,CAUA,SAASq5G,GAAiBnxG,GACtB,QAAKoyF,GAAapyF,IAGgB,mBAAvBA,EAAS9H,SAIxB,CAUA,SAASk5G,GAAkB1xG,GACvB,QAAK0yF,GAAa1yF,OAGbwxG,GAAiBxxG,EAAUK,aAG3BoxG,GAAiBzxG,EAAUM,UAIpC,CAUA,SAASqxG,GAAmBtxG,GACxB,IAGI,OAFaA,EAASjI,UAAU,CAAEutB,KAAM,SACjCltB,eACA,EAEX,MAAOwvG,GACH,OAAO,EAEf,CAmCA,SAAS2J,GAA6BvxG,EAAU4nG,GAC5C,IAAkCp2F,QAAlB,IAAPo2F,EAAgB,GAAKA,GAAcp2F,KAW5C,OAVAmrB,GAAOw0E,GAAiBnxG,IACxB28B,IAA2B,IAApB38B,EAAS+hG,QAGH,WAFbvwF,EAAOggG,GAAkBhgG,IAGZ,IAAIigG,GAAiCzxG,GAGrC,IAAI0xG,GAAoC1xG,EAGzD,CACA,SAASwxG,GAAkBhgG,GACvB,IAAImgG,EAAoBngG,EAAPM,GACjB,GAAmB,UAAf6/F,EACA,OAAOA,EAEN,QAAal5G,IAAT+Y,EACL,OAAOA,EAGP,MAAM,IAAIu7B,WAAW,4BAE7B,CACA,IAAI6kE,GAAsD,WACtD,SAASA,EAAqCC,GAC1Cr6G,KAAKs6G,uBAAoBr5G,EACzBjB,KAAKu6G,iBAAct5G,EACnBjB,KAAKmhG,+BAA4BlgG,EACjCjB,KAAKw6G,kBAAev5G,EACpBjB,KAAKy6G,kBAAoBJ,EAEzBr6G,KAAK06G,uBA0FT,OAxFAN,EAAqCp5G,UAAU4C,MAAQ,SAAUC,GAC7D7D,KAAKmhG,0BAA4Bt9F,GAErCu2G,EAAqCp5G,UAAUyD,OAAS,SAAUvC,GAE9D,OADAijC,QAAkClkC,IAA3BjB,KAAKs6G,mBACLt6G,KAAKs6G,kBAAkB71G,OAAOvC,IAEzCk4G,EAAqCp5G,UAAU05G,qBAAuB,WAClE,GAAyB,YAArB16G,KAAKu6G,YAAT,CAGAv6G,KAAK26G,gBACL,IAAIp1G,EAASvF,KAAKy6G,kBAAkBl6G,YACpCP,KAAKu6G,YAAc,UACnBv6G,KAAK46G,cAAcr1G,KAEvB60G,EAAqCp5G,UAAU45G,cAAgB,SAAUr1G,GACrE,IAAIs1G,EAAQ76G,KACZmlC,QAAkClkC,IAA3BjB,KAAKs6G,mBACZt6G,KAAKs6G,kBAAoB/0G,EACzB,IAAI1E,EAASb,KAAKs6G,kBAAkBz5G,OAC/BA,GAGLA,EACKe,MAAK,WAAc,OAAOi5G,EAAMC,wBAChCl5G,MAAK,WACF2D,IAAWs1G,EAAMP,mBACjBO,EAAM1Z,0BAA0Bn/F,WAErC,SAAUE,GACLqD,IAAWs1G,EAAMP,mBACjBO,EAAM1Z,0BAA0B78F,MAAMpC,MAGzC9B,MAAMu6F,KAEfyf,EAAqCp5G,UAAU25G,cAAgB,gBAC5B15G,IAA3BjB,KAAKs6G,oBAGTt6G,KAAKs6G,kBAAkB15G,cACvBZ,KAAKs6G,uBAAoBr5G,EACzBjB,KAAKu6G,iBAAct5G,IAEvBm5G,EAAqCp5G,UAAU+5G,uBAAyB,WACpE,IAAIF,EAAQ76G,KACZA,KAAK06G,uBAEL,IAAIx5G,EAAOlB,KAAKs6G,kBAAkBp5G,OAC7BU,MAAK,SAAUH,GAChB,IAAIoC,EAAag3G,EAAM1Z,0BACnB1/F,EAAOH,KACPu5G,EAAMG,YAGNn3G,EAAWO,QAAQ3C,EAAOJ,UAIlC,OADArB,KAAKi7G,gBAAgB/5G,GACdA,GAEXk5G,EAAqCp5G,UAAUg6G,UAAY,WACvD,IACIh7G,KAAKmhG,0BAA0Bn/F,QAEnC,MAAOouG,MAIXgK,EAAqCp5G,UAAUi6G,gBAAkB,SAAUC,GACvE,IACIC,EADAN,EAAQ76G,KAERo7G,EAAa,WACTP,EAAML,eAAiBW,IACvBN,EAAML,kBAAev5G,IAG7BjB,KAAKw6G,aAAeW,EAAcD,EAAYt5G,KAAKw5G,EAAYA,IAEnEhB,EAAqCp5G,UAAU85G,mBAAqB,WAChE,IAAID,EAAQ76G,KACZ,GAAKA,KAAKw6G,aAAV,CAGA,IAAIa,EAAY,WAAc,OAAOR,EAAMC,sBAC3C,OAAO96G,KAAKw6G,aAAa54G,KAAKy5G,EAAWA,KAEtCjB,CACX,IACIF,GAAqD,SAAUoB,GAE/D,SAASpB,IACL,OAAkB,OAAXoB,GAAmBA,EAAOz+F,MAAM7c,KAAMu8C,YAAcv8C,KAK/D,OAPAw5G,GAAUU,EAAqCoB,GAI/CpB,EAAoCl5G,UAAUuD,KAAO,WACjD,OAAOvE,KAAK+6G,0BAETb,CACX,EAAEE,IACF,SAASpqG,GAAa8hC,GAClB,OAAO,IAAIjvC,WAAWivC,EAAK7tC,OAAQ6tC,EAAK5tC,WAAY4tC,EAAK3tC,WAC7D,CAMA,IAAI81G,GAAkD,SAAUqB,GAE5D,SAASrB,EAAiCI,GACtC,IAAIQ,EAAQ76G,KACRu7G,EAAezB,GAAmBO,GAGtC,OAFAQ,EAAQS,EAAOx6G,KAAKd,KAAMq6G,IAAqBr6G,MACzCw7G,cAAgBD,EACfV,EAkDX,OAxDArB,GAAUS,EAAkCqB,GAQ5CvwG,OAAOM,eAAe4uG,EAAiCj5G,UAAW,OAAQ,CACtEoK,IAAK,WACD,MAAO,SAEXu6B,YAAY,EACZC,cAAc,IAElBq0E,EAAiCj5G,UAAUy6G,kBAAoB,WAC3D,GAAyB,SAArBz7G,KAAKu6G,YAAT,CAGAp1E,GAAOnlC,KAAKw7G,eACZx7G,KAAK26G,gBACL,IAAIp1G,EAASvF,KAAKy6G,kBAAkBl6G,UAAU,CAAEutB,KAAM,SACtD9tB,KAAKu6G,YAAc,OACnBv6G,KAAK46G,cAAcr1G,KAEvB00G,EAAiCj5G,UAAUuD,KAAO,WAC9C,GAAIvE,KAAKw7G,cAAe,CACpB,IAAItX,EAAclkG,KAAKmhG,0BAA0B+C,YACjD,GAAIA,EACA,OAAOlkG,KAAK07G,qBAAqBxX,GAGzC,OAAOlkG,KAAK+6G,0BAEhBd,EAAiCj5G,UAAU06G,qBAAuB,SAAUxX,GACxE,IAAI2W,EAAQ76G,KACZA,KAAKy7G,oBAGL,IAAIx3G,EAAS,IAAIpB,WAAWqhG,EAAYpyD,KAAK3tC,YAEzCjD,EAAOlB,KAAKs6G,kBAAkBp5G,KAAK+C,GAClCrC,MAAK,SAAUH,GAhD5B,IAA6BsgB,EAAM45F,EAC3BC,EAgDIf,EAAM1Z,0BACF1/F,EAAOH,MACPu5G,EAAMG,YACN9W,EAAYZ,QAAQ,KApDPvhF,EAuDOtgB,EAAOJ,MAvDRs6G,EAuDezX,EAAYpyD,KAtDtD8pE,EAAY5rG,GAAa+R,GACf/R,GAAa2rG,GACnBr4G,IAAIs4G,EAAW,GAqDX1X,EAAYZ,QAAQ7hG,EAAOJ,MAAM8C,gBAIzC,OADAnE,KAAKi7G,gBAAgB/5G,GACdA,GAEJ+4G,CACX,EAAEG,IAYF,SAASyB,GAA2BpzG,GAChC08B,GAAOy0E,GAAiBnxG,IACxB08B,IAA2B,IAApB18B,EAAS8hG,QAChB,IAAI7pG,EAAS+H,EAAS9H,YACtB,OAAO,IAAIm7G,GAA2Bp7G,EAC1C,CACA,IAAIo7G,GAA4C,WAC5C,SAASA,EAA2BC,GAChC,IAAIlB,EAAQ76G,KACZA,KAAKgrG,+BAA4B/pG,EACjCjB,KAAKg8G,mBAAgB/6G,EACrBjB,KAAK29F,OAAS,WACd39F,KAAKg+F,kBAAe/8F,EACpBjB,KAAKi8G,kBAAoBF,EACzB/7G,KAAKk8G,cAAgB,IAAIj8G,SAAQ,SAAUC,EAASC,GAChD06G,EAAMsB,oBAAsBh8G,KAEhCH,KAAKk8G,cAAc97G,MAAMu6F,IAmF7B,OAjFAmhB,EAA2B96G,UAAU4C,MAAQ,SAAUC,GACnD,IAAIg3G,EAAQ76G,KACZA,KAAKgrG,0BAA4BnnG,EACjC7D,KAAKi8G,kBAAkBp7G,OAClBe,MAAK,WACNi5G,EAAMld,OAAS,YAEdv9F,OAAM,SAAU8B,GAAU,OAAO24G,EAAMuB,gBAAgBl6G,OAEhE45G,EAA2B96G,UAAUc,MAAQ,SAAUC,GACnD,IAAI84G,EAAQ76G,KACRU,EAASV,KAAKi8G,kBAElB,GAA2B,OAAvBv7G,EAAO46E,YACP,OAAO56E,EAAOuI,MAElB,IAAIsjG,EAAe7rG,EAAOoB,MAAMC,GAEhCwqG,EAAansG,OAAM,SAAU8B,GAAU,OAAO24G,EAAMuB,gBAAgBl6G,MACpExB,EAAOuI,MAAM7I,OAAM,SAAU8B,GAAU,OAAO24G,EAAMwB,eAAen6G,MAEnE,IAAIJ,EAAQ7B,QAAQq8G,KAAK,CAAC/P,EAAcvsG,KAAKk8G,gBAE7C,OADAl8G,KAAKu8G,iBAAiBz6G,GACfA,GAEXg6G,EAA2B96G,UAAUgB,MAAQ,WACzC,IAAI64G,EAAQ76G,KACZ,YAA2BiB,IAAvBjB,KAAKg8G,cACEh8G,KAAKi8G,kBAAkBj6G,QAE3BhC,KAAKw8G,sBAAsB56G,MAAK,WAAc,OAAOi5G,EAAM74G,YAEtE85G,EAA2B96G,UAAUiB,MAAQ,SAAUC,GACnD,GAAoB,YAAhBlC,KAAK29F,OAIT,OADa39F,KAAKi8G,kBACJh6G,MAAMC,IAExB45G,EAA2B96G,UAAUu7G,iBAAmB,SAAUE,GAC9D,IACIC,EADA7B,EAAQ76G,KAER28G,EAAc,WACV9B,EAAMmB,gBAAkBU,IACxB7B,EAAMmB,mBAAgB/6G,IAG9BjB,KAAKg8G,cAAgBU,EAAeD,EAAa76G,KAAK+6G,EAAaA,IAEvEb,EAA2B96G,UAAUw7G,oBAAsB,WACvD,IAAI3B,EAAQ76G,KACZ,QAA2BiB,IAAvBjB,KAAKg8G,cACL,OAAO/7G,QAAQC,UAEnB,IAAI08G,EAAa,WAAc,OAAO/B,EAAM2B,uBAC5C,OAAOx8G,KAAKg8G,cAAcp6G,KAAKg7G,EAAYA,IAE/Cd,EAA2B96G,UAAUq7G,eAAiB,SAAUn6G,GAC5D,IAAI24G,EAAQ76G,KACZ,GAAoB,aAAhBA,KAAK29F,OAAsC,CAC3C39F,KAAK29F,OAAS,WACd39F,KAAKg+F,aAAe97F,EACpB,IAAI06G,EAAa,WAAc,OAAO/B,EAAMuB,gBAAgBl6G,SACjCjB,IAAvBjB,KAAKg8G,cACLY,IAGA58G,KAAKw8G,sBAAsB56G,KAAKg7G,EAAYA,GAEhD58G,KAAKgrG,0BAA0B1mG,MAAMpC,KAG7C45G,EAA2B96G,UAAUo7G,gBAAkB,SAAUl6G,GACzC,aAAhBlC,KAAK29F,QACL39F,KAAKq8G,eAAen6G,GAEJ,aAAhBlC,KAAK29F,SACL39F,KAAK29F,OAAS,UACd39F,KAAKm8G,oBAAoBn8G,KAAKg+F,gBAG/B8d,CACX,IAYA,SAASe,GAA0B10G,GAC/Bg9B,GAAO00E,GAAkB1xG,IACzB,IAAIK,EAAWL,EAAUK,SAAUC,EAAWN,EAAUM,SACxD08B,IAA2B,IAApB38B,EAAS+hG,QAChBplE,IAA2B,IAApB18B,EAAS8hG,QAChB,IACI7pG,EADA6E,EAASiD,EAASjI,YAEtB,IACIG,EAAS+H,EAAS9H,YAEtB,MAAO0D,GAEH,MADAkB,EAAO3E,cACDyD,EAEV,OAAO,IAAIy4G,GAAmCv3G,EAAQ7E,EAC1D,CACA,IAAIo8G,GAAoD,WACpD,SAASA,EAAmCv3G,EAAQ7E,GAChD,IAAIm6G,EAAQ76G,KACZA,KAAKo3G,gCAA6Bn2G,EAClCjB,KAAK+8G,QAAU,SAAUt7G,GACrB,IAAIA,EAAOH,KAIX,OADAu5G,EAAMzD,2BAA2BhzG,QAAQ3C,EAAOJ,OACzCw5G,EAAM/1G,QAAQ5D,OAAOU,KAAKi5G,EAAMkC,UAE3C/8G,KAAKg9G,SAAW,SAAU96G,GACtB24G,EAAMoC,aAAa/6G,GACnB24G,EAAMzD,2BAA2B9yG,MAAMpC,GACvC24G,EAAM/1G,QAAQL,OAAOvC,GAAQ9B,MAAMu6F,IACnCkgB,EAAM9P,QAAQ9oG,MAAMC,GAAQ9B,MAAMu6F,KAEtC36F,KAAKk9G,aAAe,WAChBrC,EAAMsC,gBACNtC,EAAMzD,2BAA2BxrG,YACjC,IAAItH,EAAQ,IAAIutB,UAAU,8BAC1BgpF,EAAM9P,QAAQ9oG,MAAMqC,GAAOlE,MAAMu6F,KAErC36F,KAAK8E,QAAUS,EACfvF,KAAK+qG,QAAUrqG,EACfV,KAAKo9G,cAAgB,IAAIn9G,SAAQ,SAAUC,EAASC,GAChD06G,EAAMsC,cAAgBj9G,EACtB26G,EAAMoC,aAAe98G,KAsB7B,OAnBA28G,EAAmC97G,UAAU4C,MAAQ,SAAUC,GAC3D7D,KAAKo3G,2BAA6BvzG,EAClC7D,KAAK8E,QAAQ5D,OACRU,KAAK5B,KAAK+8G,SACVn7G,KAAK5B,KAAKk9G,aAAcl9G,KAAKg9G,UAClC,IAAIK,EAAer9G,KAAK8E,QAAQjE,OAC5Bw8G,GACAA,EACKz7G,KAAK5B,KAAKk9G,aAAcl9G,KAAKg9G,WAG1CF,EAAmC97G,UAAUmH,UAAY,SAAUpG,GAC/D,OAAO/B,KAAK+qG,QAAQjpG,MAAMC,IAE9B+6G,EAAmC97G,UAAUk+D,MAAQ,WACjD,IAAI27C,EAAQ76G,KACZ,OAAOA,KAAK+qG,QAAQ/oG,QACfJ,MAAK,WAAc,OAAOi5G,EAAMuC,kBAElCN,CACX,8EAjaA,SAAqCt3E,GACjCL,GArEJ,SAAqCK,GACjC,QAAKi0E,GAAoBj0E,MAGpBm0E,GAAiB,IAAIn0E,EAI9B,CA6DW83E,CAA4B93E,IACnC,IAAI+3E,EAZR,SAA4B/3E,GACxB,IAEI,OADA,IAAIA,EAAK,CAAExrB,KAAM,WACV,EAEX,MAAOo2F,GACH,OAAO,EAEf,CAI8BoN,CAAmBh4E,GAC7C,OAAO,SAAUh9B,EAAU4nG,GACvB,IAAkCp2F,QAAlB,IAAPo2F,EAAgB,GAAKA,GAAcp2F,KAK5C,GAHa,WADbA,EAAOggG,GAAkBhgG,KACAujG,IACrBvjG,OAAO/Y,GAEPuH,EAAS1I,cAAgB0lC,IACZ,UAATxrB,GAAoB8/F,GAAmBtxG,IACvC,OAAOA,EAGf,GAAa,UAATwR,EAAkB,CAClB,IAAIowE,EAAS2vB,GAA6BvxG,EAAU,CAAEwR,KAAMA,IAC5D,OAAO,IAAIwrB,EAAK4kD,GAGZA,EAAS2vB,GAA6BvxG,GAC1C,OAAO,IAAIg9B,EAAK4kD,GAG5B,+BA8TA,SAAsC5kD,GAElC,OADAL,GAnXJ,SAAsCK,GAClC,QAAKi0E,GAAoBj0E,MAGpBq0E,GAAkB,IAAIr0E,EAI/B,CA2WWi4E,CAA6Bj4E,IAC7B,SAAUr9B,GACb,GAAIA,EAAUrI,cAAgB0lC,EAC1B,OAAOr9B,EAEX,IAAIuuG,EAAcmG,GAA0B10G,GAC5C,OAAO,IAAIq9B,EAAKkxE,GAExB,yHA1HA,SAAqClxE,GAEjC,OADAL,GAvRJ,SAAqCK,GACjC,QAAKi0E,GAAoBj0E,MAGpBo0E,GAAiB,IAAIp0E,EAI9B,CA+QWk4E,CAA4Bl4E,IAC5B,SAAU/8B,GACb,GAAIA,EAAS3I,cAAgB0lC,EACzB,OAAO/8B,EAEX,IAAIk1G,EAAO9B,GAA2BpzG,GACtC,OAAO,IAAI+8B,EAAKm4E,GAExB,wBCvXA,SAAWr4E,EAAQ0Y,GAIjB,SAAS7Y,EAAQC,EAAKC,GACpB,IAAKD,EAAK,MAAUliC,MAAMmiC,GAAO,oBAKnC,SAASgB,EAAUb,EAAMC,GACvBD,EAAKE,OAASD,EACd,IAAII,EAAW,aACfA,EAAS7kC,UAAYykC,EAAUzkC,UAC/BwkC,EAAKxkC,UAAY,IAAI6kC,EACrBL,EAAKxkC,UAAUlB,YAAc0lC,EAK/B,SAAS6b,EAAIhyC,EAAQ+oD,EAAMnoD,GACzB,GAAIoxC,EAAGu8D,KAAKvuG,GACV,OAAOA,EAGTrP,KAAK69G,SAAW,EAChB79G,KAAK89G,MAAQ,KACb99G,KAAKoB,OAAS,EAGdpB,KAAK+9G,IAAM,KAEI,OAAX1uG,IACW,OAAT+oD,GAA0B,OAATA,IACnBnoD,EAASmoD,EACTA,EAAO,IAGTp4D,KAAKg+G,MAAM3uG,GAAU,EAAG+oD,GAAQ,GAAInoD,GAAU,OAYlD,IAAI+O,EATkB,iBAAXsmB,EACTA,EAAO0Y,QAAUqD,EAEjBrD,EAAQqD,GAAKA,EAGfA,EAAGA,GAAKA,EACRA,EAAG48D,SAAW,GAGd,IACEj/F,OAAS,EACT,MAAO3a,IAoIT,SAAS65G,EAAU5hG,EAAK1Y,EAAO2H,GAG7B,IAFA,IAAIoC,EAAI,EACJoC,EAAMrE,KAAKmyC,IAAIvhC,EAAIlb,OAAQmK,GACtBtI,EAAIW,EAAOX,EAAI8M,EAAK9M,IAAK,CAChC,IAAImZ,EAAIE,EAAIE,WAAWvZ,GAAK,GAE5B0K,IAAM,EAIJA,GADEyO,GAAK,IAAMA,GAAK,GACbA,EAAI,GAAK,GAGLA,GAAK,IAAMA,GAAK,GACpBA,EAAI,GAAK,GAIL,GAAJA,EAGT,OAAOzO,EAiCT,SAASwwG,EAAW7hG,EAAK1Y,EAAO2H,EAAK2B,GAGnC,IAFA,IAAIS,EAAI,EACJoC,EAAMrE,KAAKmyC,IAAIvhC,EAAIlb,OAAQmK,GACtBtI,EAAIW,EAAOX,EAAI8M,EAAK9M,IAAK,CAChC,IAAImZ,EAAIE,EAAIE,WAAWvZ,GAAK,GAE5B0K,GAAKT,EAIHS,GADEyO,GAAK,GACFA,EAAI,GAAK,GAGLA,GAAK,GACTA,EAAI,GAAK,GAITA,EAGT,OAAOzO,EA5MT0zC,EAAGu8D,KAAO,SAAe32E,GACvB,OAAIA,aAAeoa,GAIJ,OAARpa,GAA+B,iBAARA,GAC5BA,EAAInnC,YAAYm+G,WAAa58D,EAAG48D,UAAYp+G,MAAMW,QAAQymC,EAAI62E,QAGlEz8D,EAAG11C,IAAM,SAAcooB,EAAMC,GAC3B,OAAID,EAAKqqF,IAAIpqF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGxD,IAAM,SAAc9pB,EAAMC,GAC3B,OAAID,EAAKqqF,IAAIpqF,GAAS,EAAUD,EACzBC,GAGTqtB,EAAGrgD,UAAUg9G,MAAQ,SAAe3uG,EAAQ+oD,EAAMnoD,GAChD,GAAsB,iBAAXZ,EACT,OAAOrP,KAAKq+G,YAAYhvG,EAAQ+oD,EAAMnoD,GAGxC,GAAsB,iBAAXZ,EACT,OAAOrP,KAAKs+G,WAAWjvG,EAAQ+oD,EAAMnoD,GAG1B,QAATmoD,IACFA,EAAO,IAETjzB,EAAOizB,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,IAGnD,IAAIx0D,EAAQ,EACM,OAFlByL,EAASA,EAAO9C,WAAWqV,QAAQ,OAAQ,KAEhC,IACThe,IAGW,KAATw0D,EACFp4D,KAAKu+G,UAAUlvG,EAAQzL,GAEvB5D,KAAKw+G,WAAWnvG,EAAQ+oD,EAAMx0D,GAGd,MAAdyL,EAAO,KACTrP,KAAK69G,SAAW,GAGlB79G,KAAKy+G,QAEU,OAAXxuG,GAEJjQ,KAAKs+G,WAAWt+G,KAAK2nC,UAAWywB,EAAMnoD,IAGxCoxC,EAAGrgD,UAAUq9G,YAAc,SAAsBhvG,EAAQ+oD,EAAMnoD,GACzDZ,EAAS,IACXrP,KAAK69G,SAAW,EAChBxuG,GAAUA,GAERA,EAAS,UACXrP,KAAK89G,MAAQ,CAAW,SAATzuG,GACfrP,KAAKoB,OAAS,GACLiO,EAAS,kBAClBrP,KAAK89G,MAAQ,CACF,SAATzuG,EACCA,EAAS,SAAa,UAEzBrP,KAAKoB,OAAS,IAEd+jC,EAAO91B,EAAS,kBAChBrP,KAAK89G,MAAQ,CACF,SAATzuG,EACCA,EAAS,SAAa,SACvB,GAEFrP,KAAKoB,OAAS,GAGD,OAAX6O,GAGJjQ,KAAKs+G,WAAWt+G,KAAK2nC,UAAWywB,EAAMnoD,IAGxCoxC,EAAGrgD,UAAUs9G,WAAa,SAAqBjvG,EAAQ+oD,EAAMnoD,GAG3D,GADAk1B,EAAgC,iBAAlB91B,EAAOjO,QACjBiO,EAAOjO,QAAU,EAGnB,OAFApB,KAAK89G,MAAQ,CAAE,GACf99G,KAAKoB,OAAS,EACPpB,KAGTA,KAAKoB,OAASsK,KAAKmQ,KAAKxM,EAAOjO,OAAS,GACxCpB,KAAK89G,MAAYj+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BjD,KAAK89G,MAAM76G,GAAK,EAGlB,IAAI0Z,EAAGwa,EACHwE,EAAM,EACV,GAAe,OAAX1rB,EACF,IAAKhN,EAAIoM,EAAOjO,OAAS,EAAGub,EAAI,EAAG1Z,GAAK,EAAGA,GAAK,EAC9Ck0B,EAAI9nB,EAAOpM,GAAMoM,EAAOpM,EAAI,IAAM,EAAMoM,EAAOpM,EAAI,IAAM,GACzDjD,KAAK89G,MAAMnhG,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAK89G,MAAMnhG,EAAI,GAAMwa,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPhf,UAGC,GAAe,OAAX1M,EACT,IAAKhN,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAIoM,EAAOjO,OAAQ6B,GAAK,EACzCk0B,EAAI9nB,EAAOpM,GAAMoM,EAAOpM,EAAI,IAAM,EAAMoM,EAAOpM,EAAI,IAAM,GACzDjD,KAAK89G,MAAMnhG,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAK89G,MAAMnhG,EAAI,GAAMwa,IAAO,GAAKwE,EAAQ,UACzCA,GAAO,KACI,KACTA,GAAO,GACPhf,KAIN,OAAO3c,KAAKy+G,SA2Bdp9D,EAAGrgD,UAAUu9G,UAAY,SAAoBlvG,EAAQzL,GAEnD5D,KAAKoB,OAASsK,KAAKmQ,MAAMxM,EAAOjO,OAASwC,GAAS,GAClD5D,KAAK89G,MAAYj+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BjD,KAAK89G,MAAM76G,GAAK,EAGlB,IAAI0Z,EAAGwa,EAEHwE,EAAM,EACV,IAAK14B,EAAIoM,EAAOjO,OAAS,EAAGub,EAAI,EAAG1Z,GAAKW,EAAOX,GAAK,EAClDk0B,EAAI+mF,EAAS7uG,EAAQpM,EAAGA,EAAI,GAC5BjD,KAAK89G,MAAMnhG,IAAOwa,GAAKwE,EAAO,SAE9B37B,KAAK89G,MAAMnhG,EAAI,IAAMwa,IAAO,GAAKwE,EAAO,SACxCA,GAAO,KACI,KACTA,GAAO,GACPhf,KAGA1Z,EAAI,IAAMW,IACZuzB,EAAI+mF,EAAS7uG,EAAQzL,EAAOX,EAAI,GAChCjD,KAAK89G,MAAMnhG,IAAOwa,GAAKwE,EAAO,SAC9B37B,KAAK89G,MAAMnhG,EAAI,IAAMwa,IAAO,GAAKwE,EAAO,SAE1C37B,KAAKy+G,SA2BPp9D,EAAGrgD,UAAUw9G,WAAa,SAAqBnvG,EAAQ+oD,EAAMx0D,GAE3D5D,KAAK89G,MAAQ,CAAE,GACf99G,KAAKoB,OAAS,EAGd,IAAK,IAAIs9G,EAAU,EAAGC,EAAU,EAAGA,GAAW,SAAWA,GAAWvmD,EAClEsmD,IAEFA,IACAC,EAAWA,EAAUvmD,EAAQ,EAO7B,IALA,IAAImR,EAAQl6D,EAAOjO,OAASwC,EACxB0J,EAAMi8D,EAAQm1C,EACdnzG,EAAMG,KAAKmyC,IAAI0rB,EAAOA,EAAQj8D,GAAO1J,EAErCwiC,EAAO,EACFnjC,EAAIW,EAAOX,EAAIsI,EAAKtI,GAAKy7G,EAChCt4E,EAAO+3E,EAAU9uG,EAAQpM,EAAGA,EAAIy7G,EAAStmD,GAEzCp4D,KAAK4+G,MAAMD,GACP3+G,KAAK89G,MAAM,GAAK13E,EAAO,SACzBpmC,KAAK89G,MAAM,IAAM13E,EAEjBpmC,KAAK6+G,OAAOz4E,GAIhB,GAAY,IAAR94B,EAAW,CACb,IAAIukC,EAAM,EAGV,IAFAzL,EAAO+3E,EAAU9uG,EAAQpM,EAAGoM,EAAOjO,OAAQg3D,GAEtCn1D,EAAI,EAAGA,EAAIqK,EAAKrK,IACnB4uC,GAAOumB,EAGTp4D,KAAK4+G,MAAM/sE,GACP7xC,KAAK89G,MAAM,GAAK13E,EAAO,SACzBpmC,KAAK89G,MAAM,IAAM13E,EAEjBpmC,KAAK6+G,OAAOz4E,KAKlBib,EAAGrgD,UAAU2pE,KAAO,SAAexZ,GACjCA,EAAK2sD,MAAYj+G,MAAMG,KAAKoB,QAC5B,IAAK,IAAI6B,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC/BkuD,EAAK2sD,MAAM76G,GAAKjD,KAAK89G,MAAM76G,GAE7BkuD,EAAK/vD,OAASpB,KAAKoB,OACnB+vD,EAAK0sD,SAAW79G,KAAK69G,SACrB1sD,EAAK4sD,IAAM/9G,KAAK+9G,KAGlB18D,EAAGrgD,UAAUW,MAAQ,WACnB,IAAIgM,EAAI,IAAI0zC,EAAG,MAEf,OADArhD,KAAK2qE,KAAKh9D,GACHA,GAGT0zC,EAAGrgD,UAAU89G,QAAU,SAAkB95G,GACvC,KAAOhF,KAAKoB,OAAS4D,GACnBhF,KAAK89G,MAAM99G,KAAKoB,UAAY,EAE9B,OAAOpB,MAITqhD,EAAGrgD,UAAUy9G,MAAQ,WACnB,KAAOz+G,KAAKoB,OAAS,GAAqC,IAAhCpB,KAAK89G,MAAM99G,KAAKoB,OAAS,IACjDpB,KAAKoB,SAEP,OAAOpB,KAAK++G,aAGd19D,EAAGrgD,UAAU+9G,UAAY,WAKvB,OAHoB,IAAhB/+G,KAAKoB,QAAkC,IAAlBpB,KAAK89G,MAAM,KAClC99G,KAAK69G,SAAW,GAEX79G,MAGTqhD,EAAGrgD,UAAUg+G,QAAU,WACrB,OAAQh/G,KAAK+9G,IAAM,UAAY,SAAW/9G,KAAKuM,SAAS,IAAM,KAiChE,IAAI0yG,EAAQ,CACV,GACA,IACA,KACA,MACA,OACA,QACA,SACA,UACA,WACA,YACA,aACA,cACA,eACA,gBACA,iBACA,kBACA,mBACA,oBACA,qBACA,sBACA,uBACA,wBACA,yBACA,0BACA,2BACA,6BAGEC,EAAa,CACf,EAAG,EACH,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,EACvB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAClB,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAGhBC,EAAa,CACf,EAAG,EACH,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAC5D,SAAU,IAAU,SAAU,SAAU,SAAU,QAAS,SAC3D,SAAU,SAAU,SAAU,SAAU,KAAU,QAAS,QAC3D,QAAS,QAAS,QAAS,SAAU,SAAU,SAAU,SACzD,MAAU,SAAU,SAAU,SAAU,SAAU,SAAU,UAsjB9D,SAASC,EAAY1hE,EAAMzW,EAAKo4E,GAC9BA,EAAIxB,SAAW52E,EAAI42E,SAAWngE,EAAKmgE,SACnC,IAAI9tG,EAAO2tC,EAAKt8C,OAAS6lC,EAAI7lC,OAAU,EACvCi+G,EAAIj+G,OAAS2O,EACbA,EAAOA,EAAM,EAAK,EAGlB,IAAI1B,EAAoB,EAAhBqvC,EAAKogE,MAAM,GACf7vG,EAAmB,EAAfg5B,EAAI62E,MAAM,GACdnwG,EAAIU,EAAIJ,EAER+3B,EAAS,SAAJr4B,EACLm5B,EAASn5B,EAAI,SAAa,EAC9B0xG,EAAIvB,MAAM,GAAK93E,EAEf,IAAK,IAAI/pB,EAAI,EAAGA,EAAIlM,EAAKkM,IAAK,CAM5B,IAHA,IAAIqjG,EAASx4E,IAAU,GACnBy4E,EAAgB,SAARz4E,EACR04E,EAAO9zG,KAAKmyC,IAAI5hC,EAAGgrB,EAAI7lC,OAAS,GAC3Bub,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAIyhC,EAAKt8C,OAAS,GAAIub,GAAK6iG,EAAM7iG,IAAK,CAC7D,IAAI1Z,EAAKgZ,EAAIU,EAAK,EAIlB2iG,IADA3xG,GAFAU,EAAoB,EAAhBqvC,EAAKogE,MAAM76G,KACfgL,EAAmB,EAAfg5B,EAAI62E,MAAMnhG,IACF4iG,GACG,SAAa,EAC5BA,EAAY,SAAJ5xG,EAEV0xG,EAAIvB,MAAM7hG,GAAa,EAARsjG,EACfz4E,EAAiB,EAATw4E,EAQV,OANc,IAAVx4E,EACFu4E,EAAIvB,MAAM7hG,GAAa,EAAR6qB,EAEfu4E,EAAIj+G,SAGCi+G,EAAIZ,QAzlBbp9D,EAAGrgD,UAAUuL,SAAW,SAAmB6rD,EAAMjnC,GAI/C,IAAIkuF,EACJ,GAHAluF,EAAoB,EAAVA,GAAe,EAGZ,MAJbinC,EAAOA,GAAQ,KAIa,QAATA,EAAgB,CACjCinD,EAAM,GAGN,IAFA,IAAI1jF,EAAM,EACNmL,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIk0B,EAAIn3B,KAAK89G,MAAM76G,GACfmjC,GAA+B,UAArBjP,GAAKwE,EAAOmL,IAAmBv6B,SAAS,IAGpD8yG,EADY,KADdv4E,EAAS3P,IAAO,GAAKwE,EAAQ,WACV14B,IAAMjD,KAAKoB,OAAS,EAC/B69G,EAAM,EAAI74E,EAAKhlC,QAAUglC,EAAOi5E,EAEhCj5E,EAAOi5E,GAEf1jF,GAAO,IACI,KACTA,GAAO,GACP14B,KAMJ,IAHc,IAAV6jC,IACFu4E,EAAMv4E,EAAMv6B,SAAS,IAAM8yG,GAEtBA,EAAIj+G,OAAS+vB,GAAY,GAC9BkuF,EAAM,IAAMA,EAKd,OAHsB,IAAlBr/G,KAAK69G,WACPwB,EAAM,IAAMA,GAEPA,EAGT,GAAIjnD,KAAiB,EAAPA,IAAaA,GAAQ,GAAKA,GAAQ,GAAI,CAElD,IAAIqnD,EAAYP,EAAW9mD,GAEvBsnD,EAAYP,EAAW/mD,GAC3BinD,EAAM,GACN,IAAIjjG,EAAIpc,KAAK2B,QAEb,IADAya,EAAEyhG,SAAW,GACLzhG,EAAE5O,UAAU,CAClB,IAAIG,EAAIyO,EAAEujG,KAAKD,GAAWnzG,SAAS6rD,GAMjCinD,GALFjjG,EAAIA,EAAEwjG,MAAMF,IAELlyG,SAGCG,EAAI0xG,EAFJJ,EAAMQ,EAAY9xG,EAAEvM,QAAUuM,EAAI0xG,EAQ5C,IAHIr/G,KAAKwN,WACP6xG,EAAM,IAAMA,GAEPA,EAAIj+G,OAAS+vB,GAAY,GAC9BkuF,EAAM,IAAMA,EAKd,OAHsB,IAAlBr/G,KAAK69G,WACPwB,EAAM,IAAMA,GAEPA,EAGTl6E,GAAO,EAAO,oCAGhBkc,EAAGrgD,UAAUoO,SAAW,WACtB,IAAI2e,EAAM/tB,KAAK89G,MAAM,GASrB,OARoB,IAAhB99G,KAAKoB,OACP2sB,GAAuB,SAAhB/tB,KAAK89G,MAAM,GACO,IAAhB99G,KAAKoB,QAAkC,IAAlBpB,KAAK89G,MAAM,GAEzC/vF,GAAO,iBAAoC,SAAhB/tB,KAAK89G,MAAM,GAC7B99G,KAAKoB,OAAS,GACvB+jC,GAAO,EAAO,8CAEU,IAAlBnlC,KAAK69G,UAAmB9vF,EAAMA,GAGxCszB,EAAGrgD,UAAU6+G,OAAS,WACpB,OAAO7/G,KAAKuM,SAAS,KAGvB80C,EAAGrgD,UAAU8+G,SAAW,SAAmB7vG,EAAQ7O,GAEjD,OADA+jC,OAAyB,IAAXnmB,GACPhf,KAAKskD,YAAYtlC,EAAQ/O,EAAQ7O,IAG1CigD,EAAGrgD,UAAU2mC,QAAU,SAAkB13B,EAAQ7O,GAC/C,OAAOpB,KAAKskD,YAAYzkD,MAAOoQ,EAAQ7O,IAGzCigD,EAAGrgD,UAAUsjD,YAAc,SAAsBy7D,EAAW9vG,EAAQ7O,GAClE,IAAI+C,EAAanE,KAAKmE,aAClB67G,EAAY5+G,GAAUsK,KAAKC,IAAI,EAAGxH,GACtCghC,EAAOhhC,GAAc67G,EAAW,yCAChC76E,EAAO66E,EAAY,EAAG,+BAEtBhgH,KAAKy+G,QACL,IAGIxwG,EAAGhL,EAHHg9G,EAA0B,OAAXhwG,EACfd,EAAM,IAAI4wG,EAAUC,GAGpB1xG,EAAItO,KAAK2B,QACb,GAAKs+G,EAYE,CACL,IAAKh9G,EAAI,GAAIqL,EAAEd,SAAUvK,IACvBgL,EAAIK,EAAE4xG,MAAM,KACZ5xG,EAAE6xG,OAAO,GAEThxG,EAAIlM,GAAKgL,EAGX,KAAOhL,EAAI+8G,EAAW/8G,IACpBkM,EAAIlM,GAAK,MArBM,CAEjB,IAAKA,EAAI,EAAGA,EAAI+8G,EAAY77G,EAAYlB,IACtCkM,EAAIlM,GAAK,EAGX,IAAKA,EAAI,GAAIqL,EAAEd,SAAUvK,IACvBgL,EAAIK,EAAE4xG,MAAM,KACZ5xG,EAAE6xG,OAAO,GAEThxG,EAAI6wG,EAAY/8G,EAAI,GAAKgL,EAe7B,OAAOkB,GAIPkyC,EAAGrgD,UAAUo/G,WADX10G,KAAK20G,MACmB,SAAqBlpF,GAC7C,OAAO,GAAKzrB,KAAK20G,MAAMlpF,IAGC,SAAqBA,GAC7C,IAAIlZ,EAAIkZ,EACJxpB,EAAI,EAiBR,OAhBIsQ,GAAK,OACPtQ,GAAK,GACLsQ,KAAO,IAELA,GAAK,KACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAELA,GAAK,IACPtQ,GAAK,EACLsQ,KAAO,GAEFtQ,EAAIsQ,GAIfojC,EAAGrgD,UAAUs/G,UAAY,SAAoBnpF,GAE3C,GAAU,IAANA,EAAS,OAAO,GAEpB,IAAIlZ,EAAIkZ,EACJxpB,EAAI,EAoBR,OAnBqB,IAAZ,KAAJsQ,KACHtQ,GAAK,GACLsQ,KAAO,IAEU,IAAV,IAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,GAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,KACHtQ,GAAK,EACLsQ,KAAO,GAES,IAAT,EAAJA,IACHtQ,IAEKA,GAIT0zC,EAAGrgD,UAAUyO,UAAY,WACvB,IAAI0nB,EAAIn3B,KAAK89G,MAAM99G,KAAKoB,OAAS,GAC7B2kC,EAAK/lC,KAAKogH,WAAWjpF,GACzB,OAA2B,IAAnBn3B,KAAKoB,OAAS,GAAU2kC,GAiBlCsb,EAAGrgD,UAAUu/G,SAAW,WACtB,GAAIvgH,KAAKwN,SAAU,OAAO,EAG1B,IADA,IAAIG,EAAI,EACC1K,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIgL,EAAIjO,KAAKsgH,UAAUtgH,KAAK89G,MAAM76G,IAElC,GADA0K,GAAKM,EACK,KAANA,EAAU,MAEhB,OAAON,GAGT0zC,EAAGrgD,UAAUmD,WAAa,WACxB,OAAOuH,KAAKmQ,KAAK7b,KAAKyP,YAAc,IAGtC4xC,EAAGrgD,UAAUw/G,OAAS,SAAiBC,GACrC,OAAsB,IAAlBzgH,KAAK69G,SACA79G,KAAKkP,MAAMwxG,MAAMD,GAAOE,MAAM,GAEhC3gH,KAAK2B,SAGd0/C,EAAGrgD,UAAU4/G,SAAW,SAAmBH,GACzC,OAAIzgH,KAAK6gH,MAAMJ,EAAQ,GACdzgH,KAAK8gH,KAAKL,GAAOE,MAAM,GAAGI,OAE5B/gH,KAAK2B,SAGd0/C,EAAGrgD,UAAUggH,MAAQ,WACnB,OAAyB,IAAlBhhH,KAAK69G,UAIdx8D,EAAGrgD,UAAUigH,IAAM,WACjB,OAAOjhH,KAAK2B,QAAQo/G,QAGtB1/D,EAAGrgD,UAAU+/G,KAAO,WAKlB,OAJK/gH,KAAKwN,WACRxN,KAAK69G,UAAY,GAGZ79G,MAITqhD,EAAGrgD,UAAUkgH,KAAO,SAAej6E,GACjC,KAAOjnC,KAAKoB,OAAS6lC,EAAI7lC,QACvBpB,KAAK89G,MAAM99G,KAAKoB,UAAY,EAG9B,IAAK,IAAI6B,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAC9BjD,KAAK89G,MAAM76G,GAAKjD,KAAK89G,MAAM76G,GAAKgkC,EAAI62E,MAAM76G,GAG5C,OAAOjD,KAAKy+G,SAGdp9D,EAAGrgD,UAAUmgH,IAAM,SAAcl6E,GAE/B,OADA9B,EAA0C,IAAlCnlC,KAAK69G,SAAW52E,EAAI42E,WACrB79G,KAAKkhH,KAAKj6E,IAInBoa,EAAGrgD,UAAUggF,GAAK,SAAa/5C,GAC7B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQw/G,IAAIl6E,GAC/CA,EAAItlC,QAAQw/G,IAAInhH,OAGzBqhD,EAAGrgD,UAAUogH,IAAM,SAAcn6E,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQu/G,KAAKj6E,GAChDA,EAAItlC,QAAQu/G,KAAKlhH,OAI1BqhD,EAAGrgD,UAAUqgH,MAAQ,SAAgBp6E,GAEnC,IAAIh5B,EAEFA,EADEjO,KAAKoB,OAAS6lC,EAAI7lC,OAChB6lC,EAEAjnC,KAGN,IAAK,IAAIiD,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5BjD,KAAK89G,MAAM76G,GAAKjD,KAAK89G,MAAM76G,GAAKgkC,EAAI62E,MAAM76G,GAK5C,OAFAjD,KAAKoB,OAAS6M,EAAE7M,OAETpB,KAAKy+G,SAGdp9D,EAAGrgD,UAAUsgH,KAAO,SAAer6E,GAEjC,OADA9B,EAA0C,IAAlCnlC,KAAK69G,SAAW52E,EAAI42E,WACrB79G,KAAKqhH,MAAMp6E,IAIpBoa,EAAGrgD,UAAU+/E,IAAM,SAAc95C,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQ2/G,KAAKr6E,GAChDA,EAAItlC,QAAQ2/G,KAAKthH,OAG1BqhD,EAAGrgD,UAAUugH,KAAO,SAAet6E,GACjC,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQ0/G,MAAMp6E,GACjDA,EAAItlC,QAAQ0/G,MAAMrhH,OAI3BqhD,EAAGrgD,UAAUwgH,MAAQ,SAAgBv6E,GAEnC,IAAI54B,EACAJ,EACAjO,KAAKoB,OAAS6lC,EAAI7lC,QACpBiN,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAGN,IAAK,IAAIiD,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5BjD,KAAK89G,MAAM76G,GAAKoL,EAAEyvG,MAAM76G,GAAKgL,EAAE6vG,MAAM76G,GAGvC,GAAIjD,OAASqO,EACX,KAAOpL,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAK89G,MAAM76G,GAAKoL,EAAEyvG,MAAM76G,GAM5B,OAFAjD,KAAKoB,OAASiN,EAAEjN,OAETpB,KAAKy+G,SAGdp9D,EAAGrgD,UAAUygH,KAAO,SAAex6E,GAEjC,OADA9B,EAA0C,IAAlCnlC,KAAK69G,SAAW52E,EAAI42E,WACrB79G,KAAKwhH,MAAMv6E,IAIpBoa,EAAGrgD,UAAU0yC,IAAM,SAAczM,GAC/B,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQ8/G,KAAKx6E,GAChDA,EAAItlC,QAAQ8/G,KAAKzhH,OAG1BqhD,EAAGrgD,UAAU0gH,KAAO,SAAez6E,GACjC,OAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQ6/G,MAAMv6E,GACjDA,EAAItlC,QAAQ6/G,MAAMxhH,OAI3BqhD,EAAGrgD,UAAU0/G,MAAQ,SAAgBD,GACnCt7E,EAAwB,iBAAVs7E,GAAsBA,GAAS,GAE7C,IAAIkB,EAAsC,EAAxBj2G,KAAKmQ,KAAK4kG,EAAQ,IAChCmB,EAAWnB,EAAQ,GAGvBzgH,KAAK8+G,QAAQ6C,GAETC,EAAW,GACbD,IAIF,IAAK,IAAI1+G,EAAI,EAAGA,EAAI0+G,EAAa1+G,IAC/BjD,KAAK89G,MAAM76G,GAAsB,UAAhBjD,KAAK89G,MAAM76G,GAS9B,OALI2+G,EAAW,IACb5hH,KAAK89G,MAAM76G,IAAMjD,KAAK89G,MAAM76G,GAAM,UAAc,GAAK2+G,GAIhD5hH,KAAKy+G,SAGdp9D,EAAGrgD,UAAU8/G,KAAO,SAAeL,GACjC,OAAOzgH,KAAK2B,QAAQ++G,MAAMD,IAI5Bp/D,EAAGrgD,UAAU6gH,KAAO,SAAeC,EAAK18E,GACtCD,EAAsB,iBAAR28E,GAAoBA,GAAO,GAEzC,IAAInmF,EAAOmmF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAUjB,OARA9hH,KAAK8+G,QAAQnjF,EAAM,GAGjB37B,KAAK89G,MAAMniF,GADTyJ,EACgBplC,KAAK89G,MAAMniF,GAAQ,GAAKomF,EAExB/hH,KAAK89G,MAAMniF,KAAS,GAAKomF,GAGtC/hH,KAAKy+G,SAIdp9D,EAAGrgD,UAAU6L,KAAO,SAAeo6B,GACjC,IAAIt5B,EAkBAU,EAAGJ,EAfP,GAAsB,IAAlBjO,KAAK69G,UAAmC,IAAjB52E,EAAI42E,SAI7B,OAHA79G,KAAK69G,SAAW,EAChBlwG,EAAI3N,KAAK+M,KAAKk6B,GACdjnC,KAAK69G,UAAY,EACV79G,KAAK++G,YAGP,GAAsB,IAAlB/+G,KAAK69G,UAAmC,IAAjB52E,EAAI42E,SAIpC,OAHA52E,EAAI42E,SAAW,EACflwG,EAAI3N,KAAK+M,KAAKk6B,GACdA,EAAI42E,SAAW,EACRlwG,EAAEoxG,YAKP/+G,KAAKoB,OAAS6lC,EAAI7lC,QACpBiN,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAIN,IADA,IAAI8mC,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAC5B0K,GAAkB,EAAbU,EAAEyvG,MAAM76G,KAAwB,EAAbgL,EAAE6vG,MAAM76G,IAAU6jC,EAC1C9mC,KAAK89G,MAAM76G,GAAS,SAAJ0K,EAChBm5B,EAAQn5B,IAAM,GAEhB,KAAiB,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,OAAQ6B,IAClC0K,GAAkB,EAAbU,EAAEyvG,MAAM76G,IAAU6jC,EACvB9mC,KAAK89G,MAAM76G,GAAS,SAAJ0K,EAChBm5B,EAAQn5B,IAAM,GAIhB,GADA3N,KAAKoB,OAASiN,EAAEjN,OACF,IAAV0lC,EACF9mC,KAAK89G,MAAM99G,KAAKoB,QAAU0lC,EAC1B9mC,KAAKoB,cAEA,GAAIiN,IAAMrO,KACf,KAAOiD,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAK89G,MAAM76G,GAAKoL,EAAEyvG,MAAM76G,GAI5B,OAAOjD,MAITqhD,EAAGrgD,UAAUiF,IAAM,SAAcghC,GAC/B,IAAI93B,EACJ,OAAqB,IAAjB83B,EAAI42E,UAAoC,IAAlB79G,KAAK69G,UAC7B52E,EAAI42E,SAAW,EACf1uG,EAAMnP,KAAKgN,IAAIi6B,GACfA,EAAI42E,UAAY,EACT1uG,GACmB,IAAjB83B,EAAI42E,UAAoC,IAAlB79G,KAAK69G,UACpC79G,KAAK69G,SAAW,EAChB1uG,EAAM83B,EAAIj6B,IAAIhN,MACdA,KAAK69G,SAAW,EACT1uG,GAGLnP,KAAKoB,OAAS6lC,EAAI7lC,OAAepB,KAAK2B,QAAQkL,KAAKo6B,GAEhDA,EAAItlC,QAAQkL,KAAK7M,OAI1BqhD,EAAGrgD,UAAU+L,KAAO,SAAek6B,GAEjC,GAAqB,IAAjBA,EAAI42E,SAAgB,CACtB52E,EAAI42E,SAAW,EACf,IAAIlwG,EAAI3N,KAAK6M,KAAKo6B,GAElB,OADAA,EAAI42E,SAAW,EACRlwG,EAAEoxG,YAGJ,GAAsB,IAAlB/+G,KAAK69G,SAId,OAHA79G,KAAK69G,SAAW,EAChB79G,KAAK6M,KAAKo6B,GACVjnC,KAAK69G,SAAW,EACT79G,KAAK++G,YAId,IAWI1wG,EAAGJ,EAXHmwG,EAAMp+G,KAAKo+G,IAAIn3E,GAGnB,GAAY,IAARm3E,EAIF,OAHAp+G,KAAK69G,SAAW,EAChB79G,KAAKoB,OAAS,EACdpB,KAAK89G,MAAM,GAAK,EACT99G,KAKLo+G,EAAM,GACR/vG,EAAIrO,KACJiO,EAAIg5B,IAEJ54B,EAAI44B,EACJh5B,EAAIjO,MAIN,IADA,IAAI8mC,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgL,EAAE7M,OAAQ6B,IAE5B6jC,GADAn5B,GAAkB,EAAbU,EAAEyvG,MAAM76G,KAAwB,EAAbgL,EAAE6vG,MAAM76G,IAAU6jC,IAC7B,GACb9mC,KAAK89G,MAAM76G,GAAS,SAAJ0K,EAElB,KAAiB,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,OAAQ6B,IAElC6jC,GADAn5B,GAAkB,EAAbU,EAAEyvG,MAAM76G,IAAU6jC,IACV,GACb9mC,KAAK89G,MAAM76G,GAAS,SAAJ0K,EAIlB,GAAc,IAAVm5B,GAAe7jC,EAAIoL,EAAEjN,QAAUiN,IAAMrO,KACvC,KAAOiD,EAAIoL,EAAEjN,OAAQ6B,IACnBjD,KAAK89G,MAAM76G,GAAKoL,EAAEyvG,MAAM76G,GAU5B,OANAjD,KAAKoB,OAASsK,KAAKC,IAAI3L,KAAKoB,OAAQ6B,GAEhCoL,IAAMrO,OACRA,KAAK69G,SAAW,GAGX79G,KAAKy+G,SAIdp9D,EAAGrgD,UAAUgM,IAAM,SAAci6B,GAC/B,OAAOjnC,KAAK2B,QAAQoL,KAAKk6B,IA+C3B,IAAI+6E,EAAc,SAAsBtkE,EAAMzW,EAAKo4E,GACjD,IAIIr5E,EACAi8E,EACAl8E,EANA13B,EAAIqvC,EAAKogE,MACT7vG,EAAIg5B,EAAI62E,MACRlmE,EAAIynE,EAAIvB,MACR1hG,EAAI,EAIJ8lG,EAAY,EAAP7zG,EAAE,GACP8zG,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPh0G,EAAE,GACPi0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPn0G,EAAE,GACPo0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPt0G,EAAE,GACPu0G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPz0G,EAAE,GACP00G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP50G,EAAE,GACP60G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAP/0G,EAAE,GACPg1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPl1G,EAAE,GACPm1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPr1G,EAAE,GACPs1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbG,EAAY,EAAPx1G,EAAE,GACPy1G,EAAW,KAALD,EACNE,EAAMF,IAAO,GACbjqE,EAAY,EAAP3rC,EAAE,GACP+1G,EAAW,KAALpqE,EACNqqE,EAAMrqE,IAAO,GACbC,EAAY,EAAP5rC,EAAE,GACPi2G,EAAW,KAALrqE,EACNsqE,EAAMtqE,IAAO,GACbC,EAAY,EAAP7rC,EAAE,GACPm2G,EAAW,KAALtqE,EACNuqE,EAAMvqE,IAAO,GACbC,EAAY,EAAP9rC,EAAE,GACPq2G,EAAW,KAALvqE,EACNwqE,EAAMxqE,IAAO,GACbC,EAAY,EAAP/rC,EAAE,GACPu2G,EAAW,KAALxqE,EACNyqE,GAAMzqE,IAAO,GACbC,GAAY,EAAPhsC,EAAE,GACPy2G,GAAW,KAALzqE,GACN0qE,GAAM1qE,KAAO,GACbC,GAAY,EAAPjsC,EAAE,GACP22G,GAAW,KAAL1qE,GACN2qE,GAAM3qE,KAAO,GACbC,GAAY,EAAPlsC,EAAE,GACP62G,GAAW,KAAL3qE,GACN4qE,GAAM5qE,KAAO,GACbC,GAAY,EAAPnsC,EAAE,GACP+2G,GAAW,KAAL5qE,GACN6qE,GAAM7qE,KAAO,GACbC,GAAY,EAAPpsC,EAAE,GACPi3G,GAAW,KAAL7qE,GACN8qE,GAAM9qE,KAAO,GAEjBglE,EAAIxB,SAAWngE,EAAKmgE,SAAW52E,EAAI42E,SACnCwB,EAAIj+G,OAAS,GAMb,IAAIo7B,IAAQpgB,GAJZ4pB,EAAKt6B,KAAKuB,KAAKk1G,EAAK6B,IAIE,KAAa,MAFnC/B,GADAA,EAAMv2G,KAAKuB,KAAKk1G,EAAK8B,IACRv4G,KAAKuB,KAAKm1G,EAAK4B,GAAQ,KAEU,IAAO,EACrD5nG,IAFA2pB,EAAKr6B,KAAKuB,KAAKm1G,EAAK6B,KAEPhC,IAAQ,IAAO,IAAMzlF,KAAO,IAAO,EAChDA,IAAM,SAENwJ,EAAKt6B,KAAKuB,KAAKq1G,EAAK0B,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAKq1G,EAAK2B,IACRv4G,KAAKuB,KAAKs1G,EAAKyB,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAKs1G,EAAK0B,GAKpB,IAAIxnF,IAAQrgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAK+B,GAAQ,GAIZ,KAAa,MAFnCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKgC,GAAQ,GACvBz4G,KAAKuB,KAAKm1G,EAAK8B,GAAQ,KAEU,IAAO,EACrD9nG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAK+B,GAAQ,IAErBlC,IAAQ,IAAO,IAAMxlF,KAAO,IAAO,EAChDA,IAAM,SAENuJ,EAAKt6B,KAAKuB,KAAKw1G,EAAKuB,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAKw1G,EAAKwB,IACRv4G,KAAKuB,KAAKy1G,EAAKsB,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAKy1G,EAAKuB,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAK4B,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAK6B,GAAQ,GACvBz4G,KAAKuB,KAAKs1G,EAAK2B,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAK4B,GAAQ,EAKlC,IAAIznF,IAAQtgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAKiC,GAAQ,GAIZ,KAAa,MAFnCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKkC,GAAQ,GACvB34G,KAAKuB,KAAKm1G,EAAKgC,GAAQ,KAEU,IAAO,EACrDhoG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAKiC,GAAQ,IAErBpC,IAAQ,IAAO,IAAMvlF,KAAO,IAAO,EAChDA,IAAM,SAENsJ,EAAKt6B,KAAKuB,KAAK21G,EAAKoB,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAK21G,EAAKqB,IACRv4G,KAAKuB,KAAK41G,EAAKmB,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAK41G,EAAKoB,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKyB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAK0B,GAAQ,GACvBz4G,KAAKuB,KAAKy1G,EAAKwB,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKyB,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAK8B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAK+B,GAAQ,GACvB34G,KAAKuB,KAAKs1G,EAAK6B,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAK8B,GAAQ,EAKlC,IAAI1nF,IAAQvgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAKmC,GAAQ,GAIZ,KAAa,MAFnCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKoC,GAAQ,GACvB74G,KAAKuB,KAAKm1G,EAAKkC,GAAQ,KAEU,IAAO,EACrDloG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAKmC,GAAQ,IAErBtC,IAAQ,IAAO,IAAMtlF,KAAO,IAAO,EAChDA,IAAM,SAENqJ,EAAKt6B,KAAKuB,KAAK81G,EAAKiB,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAK81G,EAAKkB,IACRv4G,KAAKuB,KAAK+1G,EAAKgB,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAK+1G,EAAKiB,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKsB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKuB,GAAQ,GACvBz4G,KAAKuB,KAAK41G,EAAKqB,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKsB,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAK2B,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAK4B,GAAQ,GACvB34G,KAAKuB,KAAKy1G,EAAK0B,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAK2B,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAKgC,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAKiC,GAAQ,GACvB74G,KAAKuB,KAAKs1G,EAAK+B,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAKgC,GAAQ,EAKlC,IAAI3nF,IAAQxgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAKqC,GAAQ,GAIZ,KAAa,MAFnCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKsC,IAAQ,GACvB/4G,KAAKuB,KAAKm1G,EAAKoC,GAAQ,KAEU,IAAO,EACrDpoG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAKqC,IAAQ,IAErBxC,IAAQ,IAAO,IAAMrlF,KAAO,IAAO,EAChDA,IAAM,SAENoJ,EAAKt6B,KAAKuB,KAAKi2G,EAAKc,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAKi2G,EAAKe,IACRv4G,KAAKuB,KAAKk2G,EAAKa,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAKk2G,EAAKc,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKmB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKoB,GAAQ,GACvBz4G,KAAKuB,KAAK+1G,EAAKkB,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKmB,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKwB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKyB,GAAQ,GACvB34G,KAAKuB,KAAK41G,EAAKuB,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKwB,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAK6B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAK8B,GAAQ,GACvB74G,KAAKuB,KAAKy1G,EAAK4B,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAK6B,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAKkC,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAKmC,IAAQ,GACvB/4G,KAAKuB,KAAKs1G,EAAKiC,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAKkC,IAAQ,EAKlC,IAAI5nF,IAAQzgB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAKuC,IAAQ,GAIZ,KAAa,MAFnCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKwC,IAAQ,GACvBj5G,KAAKuB,KAAKm1G,EAAKsC,IAAQ,KAEU,IAAO,EACrDtoG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAKuC,IAAQ,IAErB1C,IAAQ,IAAO,IAAMplF,KAAO,IAAO,EAChDA,IAAM,SAENmJ,EAAKt6B,KAAKuB,KAAKo2G,EAAKW,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAKo2G,EAAKY,IACRv4G,KAAKuB,KAAKq2G,EAAKU,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAKq2G,EAAKW,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKgB,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKiB,GAAQ,GACvBz4G,KAAKuB,KAAKk2G,EAAKe,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKgB,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKqB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKsB,GAAQ,GACvB34G,KAAKuB,KAAK+1G,EAAKoB,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKqB,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAK0B,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAK2B,GAAQ,GACvB74G,KAAKuB,KAAK41G,EAAKyB,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAK0B,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAK+B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAKgC,IAAQ,GACvB/4G,KAAKuB,KAAKy1G,EAAK8B,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAK+B,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAKoC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAKqC,IAAQ,GACvBj5G,KAAKuB,KAAKs1G,EAAKmC,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAKoC,IAAQ,EAKlC,IAAI7nF,IAAQ1gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAKyC,IAAQ,GAIZ,KAAa,MAFnC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAK0C,IAAQ,GACvBn5G,KAAKuB,KAAKm1G,EAAKwC,IAAQ,KAEU,IAAO,EACrDxoG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAKyC,IAAQ,IAErB5C,IAAQ,IAAO,IAAMnlF,KAAO,IAAO,EAChDA,IAAM,SAENkJ,EAAKt6B,KAAKuB,KAAKu2G,EAAKQ,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAKu2G,EAAKS,IACRv4G,KAAKuB,KAAKw2G,EAAKO,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAKw2G,EAAKQ,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKa,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKc,GAAQ,GACvBz4G,KAAKuB,KAAKq2G,EAAKY,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKa,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKkB,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKmB,GAAQ,GACvB34G,KAAKuB,KAAKk2G,EAAKiB,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKkB,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKuB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKwB,GAAQ,GACvB74G,KAAKuB,KAAK+1G,EAAKsB,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKuB,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAK4B,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAK6B,IAAQ,GACvB/4G,KAAKuB,KAAK41G,EAAK2B,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAK4B,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKiC,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAKkC,IAAQ,GACvBj5G,KAAKuB,KAAKy1G,EAAKgC,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKiC,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAKsC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAKuC,IAAQ,GACvBn5G,KAAKuB,KAAKs1G,EAAKqC,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAKsC,IAAQ,EAKlC,IAAI9nF,IAAQ3gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAK2C,IAAQ,GAIZ,KAAa,MAFnC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAK4C,IAAQ,GACvBr5G,KAAKuB,KAAKm1G,EAAK0C,IAAQ,KAEU,IAAO,EACrD1oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAK2C,IAAQ,IAErB9C,IAAQ,IAAO,IAAMllF,KAAO,IAAO,EAChDA,IAAM,SAENiJ,EAAKt6B,KAAKuB,KAAK02G,EAAKK,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAK02G,EAAKM,IACRv4G,KAAKuB,KAAK22G,EAAKI,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAK22G,EAAKK,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKU,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKW,GAAQ,GACvBz4G,KAAKuB,KAAKw2G,EAAKS,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKU,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKe,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKgB,GAAQ,GACvB34G,KAAKuB,KAAKq2G,EAAKc,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKe,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKoB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKqB,GAAQ,GACvB74G,KAAKuB,KAAKk2G,EAAKmB,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKoB,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKyB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAK0B,IAAQ,GACvB/4G,KAAKuB,KAAK+1G,EAAKwB,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKyB,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAK8B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAK+B,IAAQ,GACvBj5G,KAAKuB,KAAK41G,EAAK6B,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAK8B,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKmC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAKoC,IAAQ,GACvBn5G,KAAKuB,KAAKy1G,EAAKkC,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKmC,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAKwC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAKyC,IAAQ,GACvBr5G,KAAKuB,KAAKs1G,EAAKuC,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAKwC,IAAQ,EAKlC,IAAI/nF,IAAQ5gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAK6C,IAAQ,GAIZ,KAAa,MAFnC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAK8C,IAAQ,GACvBv5G,KAAKuB,KAAKm1G,EAAK4C,IAAQ,KAEU,IAAO,EACrD5oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAK6C,IAAQ,IAErBhD,IAAQ,IAAO,IAAMjlF,KAAO,IAAO,EAChDA,IAAM,SAENgJ,EAAKt6B,KAAKuB,KAAK62G,EAAKE,GAEpB/B,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKG,IACRv4G,KAAKuB,KAAK82G,EAAKC,GAAQ,EACpCj+E,EAAKr6B,KAAKuB,KAAK82G,EAAKE,GACpBj+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKO,GAAQ,EAElCjC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKQ,GAAQ,GACvBz4G,KAAKuB,KAAK22G,EAAKM,GAAQ,EACpCn+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKO,GAAQ,EAClCn+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKY,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKa,GAAQ,GACvB34G,KAAKuB,KAAKw2G,EAAKW,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKY,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKiB,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKkB,GAAQ,GACvB74G,KAAKuB,KAAKq2G,EAAKgB,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKiB,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKsB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKuB,IAAQ,GACvB/4G,KAAKuB,KAAKk2G,EAAKqB,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKsB,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAK2B,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAK4B,IAAQ,GACvBj5G,KAAKuB,KAAK+1G,EAAK0B,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAK2B,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKgC,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKiC,IAAQ,GACvBn5G,KAAKuB,KAAK41G,EAAK+B,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKgC,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKqC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAKsC,IAAQ,GACvBr5G,KAAKuB,KAAKy1G,EAAKoC,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKqC,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAK0C,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAK2C,IAAQ,GACvBv5G,KAAKuB,KAAKs1G,EAAKyC,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAK0C,IAAQ,EAKlC,IAAIhoF,IAAQ7gB,GAJZ4pB,EAAMA,EAAKt6B,KAAKuB,KAAKk1G,EAAK+C,IAAQ,GAIZ,KAAa,MAFnCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKk1G,EAAKgD,IAAQ,GACvBz5G,KAAKuB,KAAKm1G,EAAK8C,IAAQ,KAEU,IAAO,EACrD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKm1G,EAAK+C,IAAQ,IAErBlD,IAAQ,IAAO,IAAMhlF,KAAO,IAAO,EAChDA,IAAM,SAEN+I,EAAKt6B,KAAKuB,KAAK62G,EAAKI,GAEpBjC,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKK,IACRz4G,KAAKuB,KAAK82G,EAAKG,GAAQ,EACpCn+E,EAAKr6B,KAAKuB,KAAK82G,EAAKI,GACpBn+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKS,GAAQ,EAElCnC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKU,GAAQ,GACvB34G,KAAKuB,KAAK22G,EAAKQ,GAAQ,EACpCr+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKS,GAAQ,EAClCr+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKc,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKe,GAAQ,GACvB74G,KAAKuB,KAAKw2G,EAAKa,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKc,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKmB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKoB,IAAQ,GACvB/4G,KAAKuB,KAAKq2G,EAAKkB,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKmB,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKwB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKyB,IAAQ,GACvBj5G,KAAKuB,KAAKk2G,EAAKuB,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKwB,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAK6B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAK8B,IAAQ,GACvBn5G,KAAKuB,KAAK+1G,EAAK4B,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAK6B,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKkC,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKmC,IAAQ,GACvBr5G,KAAKuB,KAAK41G,EAAKiC,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKkC,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKuC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAKwC,IAAQ,GACvBv5G,KAAKuB,KAAKy1G,EAAKsC,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKuC,IAAQ,EAKlC,IAAI/nF,IAAS9gB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKq1G,EAAK4C,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKq1G,EAAK6C,IAAQ,GACvBz5G,KAAKuB,KAAKs1G,EAAK2C,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKs1G,EAAK4C,IAAQ,IAErBlD,IAAQ,IAAO,IAAM/kF,KAAQ,IAAO,EACjDA,IAAO,SAEP8I,EAAKt6B,KAAKuB,KAAK62G,EAAKM,GAEpBnC,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKO,IACR34G,KAAKuB,KAAK82G,EAAKK,GAAQ,EACpCr+E,EAAKr6B,KAAKuB,KAAK82G,EAAKM,GACpBr+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKW,GAAQ,EAElCrC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKY,GAAQ,GACvB74G,KAAKuB,KAAK22G,EAAKU,GAAQ,EACpCv+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKW,GAAQ,EAClCv+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKgB,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKiB,IAAQ,GACvB/4G,KAAKuB,KAAKw2G,EAAKe,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKgB,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKqB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKsB,IAAQ,GACvBj5G,KAAKuB,KAAKq2G,EAAKoB,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKqB,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAK0B,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAK2B,IAAQ,GACvBn5G,KAAKuB,KAAKk2G,EAAKyB,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAK0B,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAK+B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKgC,IAAQ,GACvBr5G,KAAKuB,KAAK+1G,EAAK8B,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAK+B,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKoC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKqC,IAAQ,GACvBv5G,KAAKuB,KAAK41G,EAAKmC,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKoC,IAAQ,EAKlC,IAAI9nF,IAAS/gB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKw1G,EAAKyC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKw1G,EAAK0C,IAAQ,GACvBz5G,KAAKuB,KAAKy1G,EAAKwC,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKy1G,EAAKyC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM9kF,KAAQ,IAAO,EACjDA,IAAO,SAEP6I,EAAKt6B,KAAKuB,KAAK62G,EAAKQ,GAEpBrC,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKS,IACR74G,KAAKuB,KAAK82G,EAAKO,GAAQ,EACpCv+E,EAAKr6B,KAAKuB,KAAK82G,EAAKQ,GACpBv+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKa,GAAQ,EAElCvC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKc,IAAQ,GACvB/4G,KAAKuB,KAAK22G,EAAKY,GAAQ,EACpCz+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKa,IAAQ,EAClCz+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKkB,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKmB,IAAQ,GACvBj5G,KAAKuB,KAAKw2G,EAAKiB,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKkB,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKuB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAKwB,IAAQ,GACvBn5G,KAAKuB,KAAKq2G,EAAKsB,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKuB,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAK4B,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAK6B,IAAQ,GACvBr5G,KAAKuB,KAAKk2G,EAAK2B,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAK4B,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKiC,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKkC,IAAQ,GACvBv5G,KAAKuB,KAAK+1G,EAAKgC,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKiC,IAAQ,EAKlC,IAAI7nF,IAAShhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAK21G,EAAKsC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK21G,EAAKuC,IAAQ,GACvBz5G,KAAKuB,KAAK41G,EAAKqC,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK41G,EAAKsC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM7kF,KAAQ,IAAO,EACjDA,IAAO,SAEP4I,EAAKt6B,KAAKuB,KAAK62G,EAAKU,GAEpBvC,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKW,KACR/4G,KAAKuB,KAAK82G,EAAKS,GAAQ,EACpCz+E,EAAKr6B,KAAKuB,KAAK82G,EAAKU,IACpBz+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKe,IAAQ,EAElCzC,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKgB,IAAQ,GACvBj5G,KAAKuB,KAAK22G,EAAKc,IAAQ,EACpC3+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKe,IAAQ,EAClC3+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKoB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKqB,IAAQ,GACvBn5G,KAAKuB,KAAKw2G,EAAKmB,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKoB,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAKyB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAK0B,IAAQ,GACvBr5G,KAAKuB,KAAKq2G,EAAKwB,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAKyB,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAK8B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAK+B,IAAQ,GACvBv5G,KAAKuB,KAAKk2G,EAAK6B,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAK8B,IAAQ,EAKlC,IAAI5nF,IAASjhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAK81G,EAAKmC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK81G,EAAKoC,IAAQ,GACvBz5G,KAAKuB,KAAK+1G,EAAKkC,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK+1G,EAAKmC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM5kF,KAAQ,IAAO,EACjDA,IAAO,SAEP2I,EAAKt6B,KAAKuB,KAAK62G,EAAKY,IAEpBzC,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKa,KACRj5G,KAAKuB,KAAK82G,EAAKW,IAAQ,EACpC3+E,EAAKr6B,KAAKuB,KAAK82G,EAAKY,IACpB3+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKiB,IAAQ,EAElC3C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKkB,IAAQ,GACvBn5G,KAAKuB,KAAK22G,EAAKgB,IAAQ,EACpC7+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKiB,IAAQ,EAClC7+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKsB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKuB,IAAQ,GACvBr5G,KAAKuB,KAAKw2G,EAAKqB,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKsB,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAK2B,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAK4B,IAAQ,GACvBv5G,KAAKuB,KAAKq2G,EAAK0B,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAK2B,IAAQ,EAKlC,IAAI3nF,IAASlhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKi2G,EAAKgC,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKi2G,EAAKiC,IAAQ,GACvBz5G,KAAKuB,KAAKk2G,EAAK+B,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKk2G,EAAKgC,IAAQ,IAErBlD,IAAQ,IAAO,IAAM3kF,KAAQ,IAAO,EACjDA,IAAO,SAEP0I,EAAKt6B,KAAKuB,KAAK62G,EAAKc,IAEpB3C,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKe,KACRn5G,KAAKuB,KAAK82G,EAAKa,IAAQ,EACpC7+E,EAAKr6B,KAAKuB,KAAK82G,EAAKc,IACpB7+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKmB,IAAQ,EAElC7C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKoB,IAAQ,GACvBr5G,KAAKuB,KAAK22G,EAAKkB,IAAQ,EACpC/+E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKmB,IAAQ,EAClC/+E,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAKwB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAKyB,IAAQ,GACvBv5G,KAAKuB,KAAKw2G,EAAKuB,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAKwB,IAAQ,EAKlC,IAAI1nF,IAASnhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKo2G,EAAK6B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKo2G,EAAK8B,IAAQ,GACvBz5G,KAAKuB,KAAKq2G,EAAK4B,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKq2G,EAAK6B,IAAQ,IAErBlD,IAAQ,IAAO,IAAM1kF,KAAQ,IAAO,EACjDA,IAAO,SAEPyI,EAAKt6B,KAAKuB,KAAK62G,EAAKgB,IAEpB7C,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKiB,KACRr5G,KAAKuB,KAAK82G,EAAKe,IAAQ,EACpC/+E,EAAKr6B,KAAKuB,KAAK82G,EAAKgB,IACpB/+E,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKqB,IAAQ,EAElC/C,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKsB,IAAQ,GACvBv5G,KAAKuB,KAAK22G,EAAKoB,IAAQ,EACpCj/E,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKqB,IAAQ,EAKlC,IAAIznF,IAASphB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAKu2G,EAAK0B,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAKu2G,EAAK2B,IAAQ,GACvBz5G,KAAKuB,KAAKw2G,EAAKyB,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAKw2G,EAAK0B,IAAQ,IAErBlD,IAAQ,IAAO,IAAMzkF,KAAQ,IAAO,EACjDA,IAAO,SAEPwI,EAAKt6B,KAAKuB,KAAK62G,EAAKkB,IAEpB/C,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKmB,KACRv5G,KAAKuB,KAAK82G,EAAKiB,IAAQ,EACpCj/E,EAAKr6B,KAAKuB,KAAK82G,EAAKkB,IAKpB,IAAIxnF,IAASrhB,GAJb4pB,EAAMA,EAAKt6B,KAAKuB,KAAK02G,EAAKuB,IAAQ,GAIX,KAAa,MAFpCjD,GADAA,EAAOA,EAAMv2G,KAAKuB,KAAK02G,EAAKwB,IAAQ,GACvBz5G,KAAKuB,KAAK22G,EAAKsB,IAAQ,KAEW,IAAO,EACtD9oG,IAFA2pB,EAAMA,EAAKr6B,KAAKuB,KAAK22G,EAAKuB,IAAQ,IAErBlD,IAAQ,IAAO,IAAMxkF,KAAQ,IAAO,EACjDA,IAAO,SAMP,IAAIC,IAASthB,GAJb4pB,EAAKt6B,KAAKuB,KAAK62G,EAAKoB,KAIG,KAAa,MAFpCjD,GADAA,EAAMv2G,KAAKuB,KAAK62G,EAAKqB,KACRz5G,KAAKuB,KAAK82G,EAAKmB,IAAQ,KAEW,IAAO,EA0BtD,OAzBA9oG,IAFA2pB,EAAKr6B,KAAKuB,KAAK82G,EAAKoB,MAEPlD,IAAQ,IAAO,IAAMvkF,KAAQ,IAAO,EACjDA,IAAO,SACPka,EAAE,GAAKpb,GACPob,EAAE,GAAKnb,GACPmb,EAAE,GAAKlb,GACPkb,EAAE,GAAKjb,GACPib,EAAE,GAAKhb,GACPgb,EAAE,GAAK/a,GACP+a,EAAE,GAAK9a,GACP8a,EAAE,GAAK7a,GACP6a,EAAE,GAAK5a,GACP4a,EAAE,GAAK3a,GACP2a,EAAE,IAAM1a,GACR0a,EAAE,IAAMza,GACRya,EAAE,IAAMxa,GACRwa,EAAE,IAAMva,GACRua,EAAE,IAAMta,GACRsa,EAAE,IAAMra,GACRqa,EAAE,IAAMpa,GACRoa,EAAE,IAAMna,GACRma,EAAE,IAAMla,GACE,IAANthB,IACFw7B,EAAE,IAAMx7B,EACRijG,EAAIj+G,UAECi+G,GAiDT,SAAS+F,EAAY1nE,EAAMzW,EAAKo4E,GAE9B,OADW,IAAIgG,GACHC,KAAK5nE,EAAMzW,EAAKo4E,GAsB9B,SAASgG,EAAMv4G,EAAGoB,GAChBlO,KAAK8M,EAAIA,EACT9M,KAAKkO,EAAIA,EAvENxC,KAAKuB,OACR+0G,EAAc5C,GAiDhB/9D,EAAGrgD,UAAUukH,MAAQ,SAAgBt+E,EAAKo4E,GACxC,IAAIlwG,EACAY,EAAM/P,KAAKoB,OAAS6lC,EAAI7lC,OAW5B,OATE+N,EADkB,KAAhBnP,KAAKoB,QAAgC,KAAf6lC,EAAI7lC,OACtB4gH,EAAYhiH,KAAMinC,EAAKo4E,GACpBtvG,EAAM,GACTqvG,EAAWp/G,KAAMinC,EAAKo4E,GACnBtvG,EAAM,KArDnB,SAAmB2tC,EAAMzW,EAAKo4E,GAC5BA,EAAIxB,SAAW52E,EAAI42E,SAAWngE,EAAKmgE,SACnCwB,EAAIj+G,OAASs8C,EAAKt8C,OAAS6lC,EAAI7lC,OAI/B,IAFA,IAAI0lC,EAAQ,EACR0+E,EAAU,EACLvpG,EAAI,EAAGA,EAAIojG,EAAIj+G,OAAS,EAAG6a,IAAK,CAGvC,IAAIqjG,EAASkG,EACbA,EAAU,EAGV,IAFA,IAAIjG,EAAgB,SAARz4E,EACR04E,EAAO9zG,KAAKmyC,IAAI5hC,EAAGgrB,EAAI7lC,OAAS,GAC3Bub,EAAIjR,KAAKC,IAAI,EAAGsQ,EAAIyhC,EAAKt8C,OAAS,GAAIub,GAAK6iG,EAAM7iG,IAAK,CAC7D,IAAI1Z,EAAIgZ,EAAIU,EAGRhP,GAFoB,EAAhB+vC,EAAKogE,MAAM76G,KACI,EAAfgkC,EAAI62E,MAAMnhG,IAGdqpB,EAAS,SAAJr4B,EAGT4xG,EAAa,UADbv5E,EAAMA,EAAKu5E,EAAS,GAIpBiG,IAFAlG,GAHAA,EAAUA,GAAW3xG,EAAI,SAAa,GAAM,IAGxBq4B,IAAO,IAAO,KAEZ,GACtBs5E,GAAU,SAEZD,EAAIvB,MAAM7hG,GAAKsjG,EACfz4E,EAAQw4E,EACRA,EAASkG,EAQX,OANc,IAAV1+E,EACFu4E,EAAIvB,MAAM7hG,GAAK6qB,EAEfu4E,EAAIj+G,SAGCi+G,EAAIZ,QAgBHgH,CAASzlH,KAAMinC,EAAKo4E,GAEpB+F,EAAWplH,KAAMinC,EAAKo4E,GAGvBlwG,GAWTk2G,EAAKrkH,UAAU0kH,QAAU,SAAkBC,GAGzC,IAFA,IAAI1nG,EAAQpe,MAAM8lH,GACdjvF,EAAI2qB,EAAGrgD,UAAUo/G,WAAWuF,GAAK,EAC5B1iH,EAAI,EAAGA,EAAI0iH,EAAG1iH,IACrBgb,EAAEhb,GAAKjD,KAAK4lH,OAAO3iH,EAAGyzB,EAAGivF,GAG3B,OAAO1nG,GAITonG,EAAKrkH,UAAU4kH,OAAS,SAAiB94G,EAAG4pB,EAAGivF,GAC7C,GAAU,IAAN74G,GAAWA,IAAM64G,EAAI,EAAG,OAAO74G,EAGnC,IADA,IAAI+4G,EAAK,EACA5iH,EAAI,EAAGA,EAAIyzB,EAAGzzB,IACrB4iH,IAAW,EAAJ/4G,IAAW4pB,EAAIzzB,EAAI,EAC1B6J,IAAM,EAGR,OAAO+4G,GAKTR,EAAKrkH,UAAUuvE,QAAU,SAAkBu1C,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GACpE,IAAK,IAAI1iH,EAAI,EAAGA,EAAI0iH,EAAG1iH,IACrBgjH,EAAKhjH,GAAK8iH,EAAID,EAAI7iH,IAClBijH,EAAKjjH,GAAK+iH,EAAIF,EAAI7iH,KAItBoiH,EAAKrkH,UAAUmH,UAAY,SAAoB49G,EAAKC,EAAKC,EAAMC,EAAMP,EAAGG,GACtE9lH,KAAKuwE,QAAQu1C,EAAKC,EAAKC,EAAKC,EAAMC,EAAMP,GAExC,IAAK,IAAI9nG,EAAI,EAAGA,EAAI8nG,EAAG9nG,IAAM,EAM3B,IALA,IAAI6Y,EAAI7Y,GAAK,EAETsoG,EAAQz6G,KAAK06G,IAAI,EAAI16G,KAAK26G,GAAK3vF,GAC/B4vF,EAAQ56G,KAAK66G,IAAI,EAAI76G,KAAK26G,GAAK3vF,GAE1BtE,EAAI,EAAGA,EAAIuzF,EAAGvzF,GAAKsE,EAI1B,IAHA,IAAI8vF,EAASL,EACTM,EAASH,EAEJ3pG,EAAI,EAAGA,EAAIkB,EAAGlB,IAAK,CAC1B,IAAI+pG,EAAKT,EAAK7zF,EAAIzV,GACdgqG,EAAKT,EAAK9zF,EAAIzV,GAEdiqG,EAAKX,EAAK7zF,EAAIzV,EAAIkB,GAClBgpG,EAAKX,EAAK9zF,EAAIzV,EAAIkB,GAElBhQ,EAAK24G,EAASI,EAAKH,EAASI,EAEhCA,EAAKL,EAASK,EAAKJ,EAASG,EAC5BA,EAAK/4G,EAELo4G,EAAK7zF,EAAIzV,GAAK+pG,EAAKE,EACnBV,EAAK9zF,EAAIzV,GAAKgqG,EAAKE,EAEnBZ,EAAK7zF,EAAIzV,EAAIkB,GAAK6oG,EAAKE,EACvBV,EAAK9zF,EAAIzV,EAAIkB,GAAK8oG,EAAKE,EAGnBlqG,IAAM+Z,IACR7oB,EAAKs4G,EAAQK,EAASF,EAAQG,EAE9BA,EAASN,EAAQM,EAASH,EAAQE,EAClCA,EAAS34G,KAOnBw3G,EAAKrkH,UAAU8lH,YAAc,SAAsB16G,EAAGgB,GACpD,IAAIu4G,EAAqB,EAAjBj6G,KAAKC,IAAIyB,EAAGhB,GAChB26G,EAAU,EAAJpB,EACN1iH,EAAI,EACR,IAAK0iH,EAAIA,EAAI,EAAI,EAAGA,EAAGA,KAAU,EAC/B1iH,IAGF,OAAO,GAAKA,EAAI,EAAI8jH,GAGtB1B,EAAKrkH,UAAUgmH,UAAY,SAAoBjB,EAAKC,EAAKL,GACvD,KAAIA,GAAK,GAET,IAAK,IAAI1iH,EAAI,EAAGA,EAAI0iH,EAAI,EAAG1iH,IAAK,CAC9B,IAAIgb,EAAI8nG,EAAI9iH,GAEZ8iH,EAAI9iH,GAAK8iH,EAAIJ,EAAI1iH,EAAI,GACrB8iH,EAAIJ,EAAI1iH,EAAI,GAAKgb,EAEjBA,EAAI+nG,EAAI/iH,GAER+iH,EAAI/iH,IAAM+iH,EAAIL,EAAI1iH,EAAI,GACtB+iH,EAAIL,EAAI1iH,EAAI,IAAMgb,IAItBonG,EAAKrkH,UAAUimH,aAAe,SAAuBC,EAAIvB,GAEvD,IADA,IAAI7+E,EAAQ,EACH7jC,EAAI,EAAGA,EAAI0iH,EAAI,EAAG1iH,IAAK,CAC9B,IAAIk0B,EAAoC,KAAhCzrB,KAAK4rB,MAAM4vF,EAAG,EAAIjkH,EAAI,GAAK0iH,GACjCj6G,KAAK4rB,MAAM4vF,EAAG,EAAIjkH,GAAK0iH,GACvB7+E,EAEFogF,EAAGjkH,GAAS,SAAJk0B,EAGN2P,EADE3P,EAAI,SACE,EAEAA,EAAI,SAAY,EAI5B,OAAO+vF,GAGT7B,EAAKrkH,UAAUmmH,WAAa,SAAqBD,EAAIn3G,EAAKg2G,EAAKJ,GAE7D,IADA,IAAI7+E,EAAQ,EACH7jC,EAAI,EAAGA,EAAI8M,EAAK9M,IACvB6jC,GAAyB,EAARogF,EAAGjkH,GAEpB8iH,EAAI,EAAI9iH,GAAa,KAAR6jC,EAAgBA,KAAkB,GAC/Ci/E,EAAI,EAAI9iH,EAAI,GAAa,KAAR6jC,EAAgBA,KAAkB,GAIrD,IAAK7jC,EAAI,EAAI8M,EAAK9M,EAAI0iH,IAAK1iH,EACzB8iH,EAAI9iH,GAAK,EAGXkiC,EAAiB,IAAV2B,GACP3B,EAA6B,KAAb,KAAR2B,KAGVu+E,EAAKrkH,UAAUomH,KAAO,SAAezB,GAEnC,IADA,IAAI0B,EAASxnH,MAAM8lH,GACV1iH,EAAI,EAAGA,EAAI0iH,EAAG1iH,IACrBokH,EAAGpkH,GAAK,EAGV,OAAOokH,GAGThC,EAAKrkH,UAAUskH,KAAO,SAAex4G,EAAGoB,EAAGmxG,GACzC,IAAIsG,EAAI,EAAI3lH,KAAK8mH,YAAYh6G,EAAE1L,OAAQ8M,EAAE9M,QAErC0kH,EAAM9lH,KAAK0lH,QAAQC,GAEnBthE,EAAIrkD,KAAKonH,KAAKzB,GAEdI,EAAUlmH,MAAM8lH,GAChB2B,EAAWznH,MAAM8lH,GACjB4B,EAAW1nH,MAAM8lH,GAEjB6B,EAAW3nH,MAAM8lH,GACjB8B,EAAY5nH,MAAM8lH,GAClB+B,EAAY7nH,MAAM8lH,GAElBgC,EAAOtI,EAAIvB,MACf6J,EAAKvmH,OAASukH,EAEd3lH,KAAKmnH,WAAWr6G,EAAEgxG,MAAOhxG,EAAE1L,OAAQ2kH,EAAKJ,GACxC3lH,KAAKmnH,WAAWj5G,EAAE4vG,MAAO5vG,EAAE9M,OAAQomH,EAAM7B,GAEzC3lH,KAAKmI,UAAU49G,EAAK1hE,EAAGijE,EAAMC,EAAM5B,EAAGG,GACtC9lH,KAAKmI,UAAUq/G,EAAMnjE,EAAGojE,EAAOC,EAAO/B,EAAGG,GAEzC,IAAK,IAAI7iH,EAAI,EAAGA,EAAI0iH,EAAG1iH,IAAK,CAC1B,IAAI4K,EAAKy5G,EAAKrkH,GAAKwkH,EAAMxkH,GAAKskH,EAAKtkH,GAAKykH,EAAMzkH,GAC9CskH,EAAKtkH,GAAKqkH,EAAKrkH,GAAKykH,EAAMzkH,GAAKskH,EAAKtkH,GAAKwkH,EAAMxkH,GAC/CqkH,EAAKrkH,GAAK4K,EAUZ,OAPA7N,KAAKgnH,UAAUM,EAAMC,EAAM5B,GAC3B3lH,KAAKmI,UAAUm/G,EAAMC,EAAMI,EAAMtjE,EAAGshE,EAAGG,GACvC9lH,KAAKgnH,UAAUW,EAAMtjE,EAAGshE,GACxB3lH,KAAKinH,aAAaU,EAAMhC,GAExBtG,EAAIxB,SAAW/wG,EAAE+wG,SAAW3vG,EAAE2vG,SAC9BwB,EAAIj+G,OAAS0L,EAAE1L,OAAS8M,EAAE9M,OACnBi+G,EAAIZ,SAIbp9D,EAAGrgD,UAAUkM,IAAM,SAAc+5B,GAC/B,IAAIo4E,EAAM,IAAIh+D,EAAG,MAEjB,OADAg+D,EAAIvB,MAAYj+G,MAAMG,KAAKoB,OAAS6lC,EAAI7lC,QACjCpB,KAAKulH,MAAMt+E,EAAKo4E,IAIzBh+D,EAAGrgD,UAAU4mH,KAAO,SAAe3gF,GACjC,IAAIo4E,EAAM,IAAIh+D,EAAG,MAEjB,OADAg+D,EAAIvB,MAAYj+G,MAAMG,KAAKoB,OAAS6lC,EAAI7lC,QACjCgkH,EAAWplH,KAAMinC,EAAKo4E,IAI/Bh+D,EAAGrgD,UAAUiM,KAAO,SAAeg6B,GACjC,OAAOjnC,KAAK2B,QAAQ4jH,MAAMt+E,EAAKjnC,OAGjCqhD,EAAGrgD,UAAU49G,MAAQ,SAAgB33E,GACnC9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UAIb,IADA,IAAIH,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACpC,IAAIk0B,GAAqB,EAAhBn3B,KAAK89G,MAAM76G,IAAUgkC,EAC1BjB,GAAU,SAAJ7O,IAA0B,SAAR2P,GAC5BA,IAAU,GACVA,GAAU3P,EAAI,SAAa,EAE3B2P,GAASd,IAAO,GAChBhmC,KAAK89G,MAAM76G,GAAU,SAAL+iC,EAQlB,OALc,IAAVc,IACF9mC,KAAK89G,MAAM76G,GAAK6jC,EAChB9mC,KAAKoB,UAGApB,MAGTqhD,EAAGrgD,UAAU6mH,KAAO,SAAe5gF,GACjC,OAAOjnC,KAAK2B,QAAQi9G,MAAM33E,IAI5Boa,EAAGrgD,UAAU8mH,IAAM,WACjB,OAAO9nH,KAAKkN,IAAIlN,OAIlBqhD,EAAGrgD,UAAU+mH,KAAO,WAClB,OAAO/nH,KAAKiN,KAAKjN,KAAK2B,UAIxB0/C,EAAGrgD,UAAU6wC,IAAM,SAAc5K,GAC/B,IAAI9P,EAxxCN,SAAqB8P,GAGnB,IAFA,IAAI9P,EAAQt3B,MAAMonC,EAAIx3B,aAEbqyG,EAAM,EAAGA,EAAM3qF,EAAE/1B,OAAQ0gH,IAAO,CACvC,IAAInmF,EAAOmmF,EAAM,GAAM,EACnBC,EAAOD,EAAM,GAEjB3qF,EAAE2qF,IAAQ76E,EAAI62E,MAAMniF,GAAQ,GAAKomF,KAAWA,EAG9C,OAAO5qF,EA8wCC6wF,CAAW/gF,GACnB,GAAiB,IAAb9P,EAAE/1B,OAAc,OAAO,IAAIigD,EAAG,GAIlC,IADA,IAAIlyC,EAAMnP,KACDiD,EAAI,EAAGA,EAAIk0B,EAAE/1B,QACP,IAAT+1B,EAAEl0B,GADsBA,IAAKkM,EAAMA,EAAI24G,OAI7C,KAAM7kH,EAAIk0B,EAAE/1B,OACV,IAAK,IAAIkN,EAAIa,EAAI24G,MAAO7kH,EAAIk0B,EAAE/1B,OAAQ6B,IAAKqL,EAAIA,EAAEw5G,MAClC,IAAT3wF,EAAEl0B,KAENkM,EAAMA,EAAIjC,IAAIoB,IAIlB,OAAOa,GAITkyC,EAAGrgD,UAAUinH,OAAS,SAAiB1pG,GACrC4mB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAC3C,IAGItb,EAHA0K,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GACjBu6G,EAAa,WAAe,GAAKv6G,GAAQ,GAAKA,EAGlD,GAAU,IAANA,EAAS,CACX,IAAIm5B,EAAQ,EAEZ,IAAK7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAAK,CAChC,IAAIklH,EAAWnoH,KAAK89G,MAAM76G,GAAKilH,EAC3B9rG,GAAsB,EAAhBpc,KAAK89G,MAAM76G,IAAUklH,GAAax6G,EAC5C3N,KAAK89G,MAAM76G,GAAKmZ,EAAI0qB,EACpBA,EAAQqhF,IAAc,GAAKx6G,EAGzBm5B,IACF9mC,KAAK89G,MAAM76G,GAAK6jC,EAChB9mC,KAAKoB,UAIT,GAAU,IAANyc,EAAS,CACX,IAAK5a,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAChCjD,KAAK89G,MAAM76G,EAAI4a,GAAK7d,KAAK89G,MAAM76G,GAGjC,IAAKA,EAAI,EAAGA,EAAI4a,EAAG5a,IACjBjD,KAAK89G,MAAM76G,GAAK,EAGlBjD,KAAKoB,QAAUyc,EAGjB,OAAO7d,KAAKy+G,SAGdp9D,EAAGrgD,UAAUonH,MAAQ,SAAgB7pG,GAGnC,OADA4mB,EAAyB,IAAlBnlC,KAAK69G,UACL79G,KAAKioH,OAAO1pG,IAMrB8iC,EAAGrgD,UAAUm/G,OAAS,SAAiB5hG,EAAM8pG,EAAMC,GAEjD,IAAInsG,EADJgpB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAGzCpC,EADEksG,GACGA,EAAQA,EAAO,IAAO,GAEvB,EAGN,IAAI16G,EAAI4Q,EAAO,GACXV,EAAInS,KAAKmyC,KAAKt/B,EAAO5Q,GAAK,GAAI3N,KAAKoB,QACnCwwC,EAAO,SAAc,WAAcjkC,GAAMA,EACzC46G,EAAcD,EAMlB,GAHAnsG,EAAIzQ,KAAKC,IAAI,EADbwQ,GAAK0B,GAID0qG,EAAa,CACf,IAAK,IAAItlH,EAAI,EAAGA,EAAI4a,EAAG5a,IACrBslH,EAAYzK,MAAM76G,GAAKjD,KAAK89G,MAAM76G,GAEpCslH,EAAYnnH,OAASyc,EAGvB,GAAU,IAANA,QAEG,GAAI7d,KAAKoB,OAASyc,EAEvB,IADA7d,KAAKoB,QAAUyc,EACV5a,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAC3BjD,KAAK89G,MAAM76G,GAAKjD,KAAK89G,MAAM76G,EAAI4a,QAGjC7d,KAAK89G,MAAM,GAAK,EAChB99G,KAAKoB,OAAS,EAGhB,IAAI0lC,EAAQ,EACZ,IAAK7jC,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,IAAgB,IAAV6jC,GAAe7jC,GAAKkZ,GAAIlZ,IAAK,CAChE,IAAImjC,EAAuB,EAAhBpmC,KAAK89G,MAAM76G,GACtBjD,KAAK89G,MAAM76G,GAAM6jC,GAAU,GAAKn5B,EAAOy4B,IAASz4B,EAChDm5B,EAAQV,EAAOwL,EAajB,OATI22E,GAAyB,IAAVzhF,IACjByhF,EAAYzK,MAAMyK,EAAYnnH,UAAY0lC,GAGxB,IAAhB9mC,KAAKoB,SACPpB,KAAK89G,MAAM,GAAK,EAChB99G,KAAKoB,OAAS,GAGTpB,KAAKy+G,SAGdp9D,EAAGrgD,UAAUwnH,MAAQ,SAAgBjqG,EAAM8pG,EAAMC,GAG/C,OADAnjF,EAAyB,IAAlBnlC,KAAK69G,UACL79G,KAAKmgH,OAAO5hG,EAAM8pG,EAAMC,IAIjCjnE,EAAGrgD,UAAUynH,KAAO,SAAelqG,GACjC,OAAOve,KAAK2B,QAAQymH,MAAM7pG,IAG5B8iC,EAAGrgD,UAAU0nH,MAAQ,SAAgBnqG,GACnC,OAAOve,KAAK2B,QAAQsmH,OAAO1pG,IAI7B8iC,EAAGrgD,UAAU2nH,KAAO,SAAepqG,GACjC,OAAOve,KAAK2B,QAAQ6mH,MAAMjqG,IAG5B8iC,EAAGrgD,UAAU4nH,MAAQ,SAAgBrqG,GACnC,OAAOve,KAAK2B,QAAQw+G,OAAO5hG,IAI7B8iC,EAAGrgD,UAAU6/G,MAAQ,SAAgBiB,GACnC38E,EAAsB,iBAAR28E,GAAoBA,GAAO,GACzC,IAAIn0G,EAAIm0G,EAAM,GACVjkG,GAAKikG,EAAMn0G,GAAK,GAChBW,EAAI,GAAKX,EAGb,QAAI3N,KAAKoB,QAAUyc,OAGX7d,KAAK89G,MAAMjgG,GAELvP,IAIhB+yC,EAAGrgD,UAAU6nH,OAAS,SAAiBtqG,GACrC4mB,EAAuB,iBAAT5mB,GAAqBA,GAAQ,GAC3C,IAAI5Q,EAAI4Q,EAAO,GACXV,GAAKU,EAAO5Q,GAAK,GAIrB,GAFAw3B,EAAyB,IAAlBnlC,KAAK69G,SAAgB,2CAExB79G,KAAKoB,QAAUyc,EACjB,OAAO7d,KAQT,GALU,IAAN2N,GACFkQ,IAEF7d,KAAKoB,OAASsK,KAAKmyC,IAAIhgC,EAAG7d,KAAKoB,QAErB,IAANuM,EAAS,CACX,IAAIikC,EAAO,SAAc,WAAcjkC,GAAMA,EAC7C3N,KAAK89G,MAAM99G,KAAKoB,OAAS,IAAMwwC,EAGjC,OAAO5xC,KAAKy+G,SAIdp9D,EAAGrgD,UAAU8nH,MAAQ,SAAgBvqG,GACnC,OAAOve,KAAK2B,QAAQknH,OAAOtqG,IAI7B8iC,EAAGrgD,UAAU2/G,MAAQ,SAAgB15E,GAGnC,OAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAUjnC,KAAK+oH,OAAO9hF,GAGV,IAAlBjnC,KAAK69G,SACa,IAAhB79G,KAAKoB,SAAiC,EAAhBpB,KAAK89G,MAAM,IAAU72E,GAC7CjnC,KAAK89G,MAAM,GAAK72E,GAAuB,EAAhBjnC,KAAK89G,MAAM,IAClC99G,KAAK69G,SAAW,EACT79G,OAGTA,KAAK69G,SAAW,EAChB79G,KAAK+oH,MAAM9hF,GACXjnC,KAAK69G,SAAW,EACT79G,MAIFA,KAAK6+G,OAAO53E,IAGrBoa,EAAGrgD,UAAU69G,OAAS,SAAiB53E,GACrCjnC,KAAK89G,MAAM,IAAM72E,EAGjB,IAAK,IAAIhkC,EAAI,EAAGA,EAAIjD,KAAKoB,QAAUpB,KAAK89G,MAAM76G,IAAM,SAAWA,IAC7DjD,KAAK89G,MAAM76G,IAAM,SACbA,IAAMjD,KAAKoB,OAAS,EACtBpB,KAAK89G,MAAM76G,EAAI,GAAK,EAEpBjD,KAAK89G,MAAM76G,EAAI,KAKnB,OAFAjD,KAAKoB,OAASsK,KAAKC,IAAI3L,KAAKoB,OAAQ6B,EAAI,GAEjCjD,MAITqhD,EAAGrgD,UAAU+nH,MAAQ,SAAgB9hF,GAGnC,GAFA9B,EAAsB,iBAAR8B,GACd9B,EAAO8B,EAAM,UACTA,EAAM,EAAG,OAAOjnC,KAAK2gH,OAAO15E,GAEhC,GAAsB,IAAlBjnC,KAAK69G,SAIP,OAHA79G,KAAK69G,SAAW,EAChB79G,KAAK2gH,MAAM15E,GACXjnC,KAAK69G,SAAW,EACT79G,KAKT,GAFAA,KAAK89G,MAAM,IAAM72E,EAEG,IAAhBjnC,KAAKoB,QAAgBpB,KAAK89G,MAAM,GAAK,EACvC99G,KAAK89G,MAAM,IAAM99G,KAAK89G,MAAM,GAC5B99G,KAAK69G,SAAW,OAGhB,IAAK,IAAI56G,EAAI,EAAGA,EAAIjD,KAAKoB,QAAUpB,KAAK89G,MAAM76G,GAAK,EAAGA,IACpDjD,KAAK89G,MAAM76G,IAAM,SACjBjD,KAAK89G,MAAM76G,EAAI,IAAM,EAIzB,OAAOjD,KAAKy+G,SAGdp9D,EAAGrgD,UAAUgoH,KAAO,SAAe/hF,GACjC,OAAOjnC,KAAK2B,QAAQg/G,MAAM15E,IAG5Boa,EAAGrgD,UAAUygD,KAAO,SAAexa,GACjC,OAAOjnC,KAAK2B,QAAQonH,MAAM9hF,IAG5Boa,EAAGrgD,UAAUioH,KAAO,WAGlB,OAFAjpH,KAAK69G,SAAW,EAET79G,MAGTqhD,EAAGrgD,UAAUkO,IAAM,WACjB,OAAOlP,KAAK2B,QAAQsnH,QAGtB5nE,EAAGrgD,UAAUkoH,aAAe,SAAuBjiF,EAAK/5B,EAAKhH,GAC3D,IACIjD,EAIAk0B,EALApnB,EAAMk3B,EAAI7lC,OAAS8E,EAGvBlG,KAAK8+G,QAAQ/uG,GAGb,IAAI+2B,EAAQ,EACZ,IAAK7jC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CAC/Bk0B,GAA6B,EAAxBn3B,KAAK89G,MAAM76G,EAAIiD,IAAc4gC,EAClC,IAAI9S,GAAwB,EAAfiT,EAAI62E,MAAM76G,IAAUiK,EAEjC45B,IADA3P,GAAa,SAARnD,IACS,KAAQA,EAAQ,SAAa,GAC3Ch0B,KAAK89G,MAAM76G,EAAIiD,GAAa,SAAJixB,EAE1B,KAAOl0B,EAAIjD,KAAKoB,OAAS8E,EAAOjD,IAE9B6jC,GADA3P,GAA6B,EAAxBn3B,KAAK89G,MAAM76G,EAAIiD,IAAc4gC,IACrB,GACb9mC,KAAK89G,MAAM76G,EAAIiD,GAAa,SAAJixB,EAG1B,GAAc,IAAV2P,EAAa,OAAO9mC,KAAKy+G,QAK7B,IAFAt5E,GAAkB,IAAX2B,GACPA,EAAQ,EACH7jC,EAAI,EAAGA,EAAIjD,KAAKoB,OAAQ6B,IAE3B6jC,GADA3P,IAAsB,EAAhBn3B,KAAK89G,MAAM76G,IAAU6jC,IACd,GACb9mC,KAAK89G,MAAM76G,GAAS,SAAJk0B,EAIlB,OAFAn3B,KAAK69G,SAAW,EAET79G,KAAKy+G,SAGdp9D,EAAGrgD,UAAUmoH,SAAW,SAAmBliF,EAAKnZ,GAC9C,IAAI5nB,GAAQlG,KAAKoB,OAAS6lC,EAAI7lC,QAE1BiN,EAAIrO,KAAK2B,QACTsM,EAAIg5B,EAGJmiF,EAA8B,EAAxBn7G,EAAE6vG,MAAM7vG,EAAE7M,OAAS,GAGf,KADd8E,EAAQ,GADMlG,KAAKogH,WAAWgJ,MAG5Bn7G,EAAIA,EAAEy6G,MAAMxiH,GACZmI,EAAE45G,OAAO/hH,GACTkjH,EAA8B,EAAxBn7G,EAAE6vG,MAAM7vG,EAAE7M,OAAS,IAI3B,IACIkN,EADAlB,EAAIiB,EAAEjN,OAAS6M,EAAE7M,OAGrB,GAAa,QAAT0sB,EAAgB,EAClBxf,EAAI,IAAI+yC,EAAG,OACTjgD,OAASgM,EAAI,EACfkB,EAAEwvG,MAAYj+G,MAAMyO,EAAElN,QACtB,IAAK,IAAI6B,EAAI,EAAGA,EAAIqL,EAAElN,OAAQ6B,IAC5BqL,EAAEwvG,MAAM76G,GAAK,EAIjB,IAAIomH,EAAOh7G,EAAE1M,QAAQunH,aAAaj7G,EAAG,EAAGb,GAClB,IAAlBi8G,EAAKxL,WACPxvG,EAAIg7G,EACA/6G,IACFA,EAAEwvG,MAAM1wG,GAAK,IAIjB,IAAK,IAAIuP,EAAIvP,EAAI,EAAGuP,GAAK,EAAGA,IAAK,CAC/B,IAAI2sG,EAAmC,UAAL,EAAxBj7G,EAAEyvG,MAAM7vG,EAAE7M,OAASub,KACE,EAA5BtO,EAAEyvG,MAAM7vG,EAAE7M,OAASub,EAAI,IAO1B,IAHA2sG,EAAK59G,KAAKmyC,IAAKyrE,EAAKF,EAAO,EAAG,UAE9B/6G,EAAE66G,aAAaj7G,EAAGq7G,EAAI3sG,GACA,IAAftO,EAAEwvG,UACPyL,IACAj7G,EAAEwvG,SAAW,EACbxvG,EAAE66G,aAAaj7G,EAAG,EAAG0O,GAChBtO,EAAEb,WACLa,EAAEwvG,UAAY,GAGdvvG,IACFA,EAAEwvG,MAAMnhG,GAAK2sG,GAajB,OAVIh7G,GACFA,EAAEmwG,QAEJpwG,EAAEowG,QAGW,QAAT3wF,GAA4B,IAAV5nB,GACpBmI,EAAE8xG,OAAOj6G,GAGJ,CACLqjH,IAAKj7G,GAAK,KACVhB,IAAKe,IAQTgzC,EAAGrgD,UAAUwoH,OAAS,SAAiBviF,EAAKnZ,EAAM27F,GAGhD,OAFAtkF,GAAQ8B,EAAIz5B,UAERxN,KAAKwN,SACA,CACL+7G,IAAK,IAAIloE,EAAG,GACZ/zC,IAAK,IAAI+zC,EAAG,IAKM,IAAlBrhD,KAAK69G,UAAmC,IAAjB52E,EAAI42E,UAC7B1uG,EAAMnP,KAAKihH,MAAMuI,OAAOviF,EAAKnZ,GAEhB,QAATA,IACFy7F,EAAMp6G,EAAIo6G,IAAItI,OAGH,QAATnzF,IACFxgB,EAAM6B,EAAI7B,IAAI2zG,MACVwI,GAA6B,IAAjBn8G,EAAIuwG,UAClBvwG,EAAIT,KAAKo6B,IAIN,CACLsiF,IAAKA,EACLj8G,IAAKA,IAIa,IAAlBtN,KAAK69G,UAAmC,IAAjB52E,EAAI42E,UAC7B1uG,EAAMnP,KAAKwpH,OAAOviF,EAAIg6E,MAAOnzF,GAEhB,QAATA,IACFy7F,EAAMp6G,EAAIo6G,IAAItI,OAGT,CACLsI,IAAKA,EACLj8G,IAAK6B,EAAI7B,MAI0B,IAAlCtN,KAAK69G,SAAW52E,EAAI42E,WACvB1uG,EAAMnP,KAAKihH,MAAMuI,OAAOviF,EAAIg6E,MAAOnzF,GAEtB,QAATA,IACFxgB,EAAM6B,EAAI7B,IAAI2zG,MACVwI,GAA6B,IAAjBn8G,EAAIuwG,UAClBvwG,EAAIP,KAAKk6B,IAIN,CACLsiF,IAAKp6G,EAAIo6G,IACTj8G,IAAKA,IAOL25B,EAAI7lC,OAASpB,KAAKoB,QAAUpB,KAAKo+G,IAAIn3E,GAAO,EACvC,CACLsiF,IAAK,IAAIloE,EAAG,GACZ/zC,IAAKtN,MAKU,IAAfinC,EAAI7lC,OACO,QAAT0sB,EACK,CACLy7F,IAAKvpH,KAAK0pH,KAAKziF,EAAI62E,MAAM,IACzBxwG,IAAK,MAII,QAATwgB,EACK,CACLy7F,IAAK,KACLj8G,IAAK,IAAI+zC,EAAGrhD,KAAK2/G,KAAK14E,EAAI62E,MAAM,MAI7B,CACLyL,IAAKvpH,KAAK0pH,KAAKziF,EAAI62E,MAAM,IACzBxwG,IAAK,IAAI+zC,EAAGrhD,KAAK2/G,KAAK14E,EAAI62E,MAAM,MAI7B99G,KAAKmpH,SAASliF,EAAKnZ,GAlF1B,IAAIy7F,EAAKj8G,EAAK6B,GAsFhBkyC,EAAGrgD,UAAUuoH,IAAM,SAActiF,GAC/B,OAAOjnC,KAAKwpH,OAAOviF,EAAK,OAAO,GAAOsiF,KAIxCloE,EAAGrgD,UAAUsM,IAAM,SAAc25B,GAC/B,OAAOjnC,KAAKwpH,OAAOviF,EAAK,OAAO,GAAO35B,KAGxC+zC,EAAGrgD,UAAU2oH,KAAO,SAAe1iF,GACjC,OAAOjnC,KAAKwpH,OAAOviF,EAAK,OAAO,GAAM35B,KAIvC+zC,EAAGrgD,UAAU4oH,SAAW,SAAmB3iF,GACzC,IAAI4iF,EAAK7pH,KAAKwpH,OAAOviF,GAGrB,GAAI4iF,EAAGv8G,IAAIE,SAAU,OAAOq8G,EAAGN,IAE/B,IAAIj8G,EAA0B,IAApBu8G,EAAGN,IAAI1L,SAAiBgM,EAAGv8G,IAAIP,KAAKk6B,GAAO4iF,EAAGv8G,IAEpD+pB,EAAO4P,EAAI2hF,MAAM,GACjBkB,EAAK7iF,EAAIi5E,MAAM,GACf9B,EAAM9wG,EAAI8wG,IAAI/mF,GAGlB,OAAI+mF,EAAM,GAAY,IAAP0L,GAAoB,IAAR1L,EAAkByL,EAAGN,IAGrB,IAApBM,EAAGN,IAAI1L,SAAiBgM,EAAGN,IAAIR,MAAM,GAAKc,EAAGN,IAAI5I,MAAM,IAGhEt/D,EAAGrgD,UAAU2+G,KAAO,SAAe14E,GACjC9B,EAAO8B,GAAO,UAId,IAHA,IAAI7U,GAAK,GAAK,IAAM6U,EAEhB8iF,EAAM,EACD9mH,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IACpC8mH,GAAO33F,EAAI23F,GAAuB,EAAhB/pH,KAAK89G,MAAM76G,KAAWgkC,EAG1C,OAAO8iF,GAIT1oE,EAAGrgD,UAAU4+G,MAAQ,SAAgB34E,GACnC9B,EAAO8B,GAAO,UAGd,IADA,IAAIH,EAAQ,EACH7jC,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACzC,IAAIk0B,GAAqB,EAAhBn3B,KAAK89G,MAAM76G,IAAkB,SAAR6jC,EAC9B9mC,KAAK89G,MAAM76G,GAAMk0B,EAAI8P,EAAO,EAC5BH,EAAQ3P,EAAI8P,EAGd,OAAOjnC,KAAKy+G,SAGdp9D,EAAGrgD,UAAU0oH,KAAO,SAAeziF,GACjC,OAAOjnC,KAAK2B,QAAQi+G,MAAM34E,IAG5Boa,EAAGrgD,UAAUgpH,KAAO,SAAe53F,GACjC+S,EAAsB,IAAf/S,EAAEyrF,UACT14E,GAAQ/S,EAAE5kB,UAEV,IAAIV,EAAI9M,KACJkO,EAAIkkB,EAAEzwB,QAGRmL,EADiB,IAAfA,EAAE+wG,SACA/wG,EAAE68G,KAAKv3F,GAEPtlB,EAAEnL,QAaR,IATA,IAAIsrC,EAAI,IAAIoU,EAAG,GACXnU,EAAI,IAAImU,EAAG,GAGXxuB,EAAI,IAAIwuB,EAAG,GACXlU,EAAI,IAAIkU,EAAG,GAEX1c,EAAI,EAED73B,EAAEmC,UAAYf,EAAEe,UACrBnC,EAAEqzG,OAAO,GACTjyG,EAAEiyG,OAAO,KACPx7E,EAMJ,IAHA,IAAIslF,EAAK/7G,EAAEvM,QACPuoH,EAAKp9G,EAAEnL,SAEHmL,EAAEU,UAAU,CAClB,IAAK,IAAIvK,EAAI,EAAGknH,EAAK,EAAyB,IAArBr9G,EAAEgxG,MAAM,GAAKqM,IAAalnH,EAAI,KAAMA,EAAGknH,IAAO,GACvE,GAAIlnH,EAAI,EAEN,IADA6J,EAAEqzG,OAAOl9G,GACFA,KAAM,IACPgqC,EAAEm9E,SAAWl9E,EAAEk9E,WACjBn9E,EAAEpgC,KAAKo9G,GACP/8E,EAAEngC,KAAKm9G,IAGTj9E,EAAEkzE,OAAO,GACTjzE,EAAEizE,OAAO,GAIb,IAAK,IAAIxjG,EAAI,EAAG0tG,EAAK,EAAyB,IAArBn8G,EAAE4vG,MAAM,GAAKuM,IAAa1tG,EAAI,KAAMA,EAAG0tG,IAAO,GACvE,GAAI1tG,EAAI,EAEN,IADAzO,EAAEiyG,OAAOxjG,GACFA,KAAM,IACPkW,EAAEu3F,SAAWj9E,EAAEi9E,WACjBv3F,EAAEhmB,KAAKo9G,GACP98E,EAAEpgC,KAAKm9G,IAGTr3F,EAAEstF,OAAO,GACThzE,EAAEgzE,OAAO,GAITrzG,EAAEsxG,IAAIlwG,IAAM,GACdpB,EAAEC,KAAKmB,GACP++B,EAAElgC,KAAK8lB,GACPqa,EAAEngC,KAAKogC,KAEPj/B,EAAEnB,KAAKD,GACP+lB,EAAE9lB,KAAKkgC,GACPE,EAAEpgC,KAAKmgC,IAIX,MAAO,CACL7+B,EAAGwkB,EACH5kB,EAAGk/B,EACHp/B,IAAKG,EAAE+5G,OAAOtjF,KAOlB0c,EAAGrgD,UAAUspH,OAAS,SAAiBl4F,GACrC+S,EAAsB,IAAf/S,EAAEyrF,UACT14E,GAAQ/S,EAAE5kB,UAEV,IAAIa,EAAIrO,KACJiO,EAAImkB,EAAEzwB,QAGR0M,EADiB,IAAfA,EAAEwvG,SACAxvG,EAAEs7G,KAAKv3F,GAEP/jB,EAAE1M,QAQR,IALA,IAuCIwN,EAvCAsb,EAAK,IAAI42B,EAAG,GACZ32B,EAAK,IAAI22B,EAAG,GAEZkpE,EAAQt8G,EAAEtM,QAEP0M,EAAEm8G,KAAK,GAAK,GAAKv8G,EAAEu8G,KAAK,GAAK,GAAG,CACrC,IAAK,IAAIvnH,EAAI,EAAGknH,EAAK,EAAyB,IAArB97G,EAAEyvG,MAAM,GAAKqM,IAAalnH,EAAI,KAAMA,EAAGknH,IAAO,GACvE,GAAIlnH,EAAI,EAEN,IADAoL,EAAE8xG,OAAOl9G,GACFA,KAAM,GACPwnB,EAAG2/F,SACL3/F,EAAG5d,KAAK09G,GAGV9/F,EAAG01F,OAAO,GAId,IAAK,IAAIxjG,EAAI,EAAG0tG,EAAK,EAAyB,IAArBp8G,EAAE6vG,MAAM,GAAKuM,IAAa1tG,EAAI,KAAMA,EAAG0tG,IAAO,GACvE,GAAI1tG,EAAI,EAEN,IADA1O,EAAEkyG,OAAOxjG,GACFA,KAAM,GACP+N,EAAG0/F,SACL1/F,EAAG7d,KAAK09G,GAGV7/F,EAAGy1F,OAAO,GAIV9xG,EAAE+vG,IAAInwG,IAAM,GACdI,EAAEtB,KAAKkB,GACPwc,EAAG1d,KAAK2d,KAERzc,EAAElB,KAAKsB,GACPqc,EAAG3d,KAAK0d,IAeZ,OATEtb,EADgB,IAAdd,EAAEm8G,KAAK,GACH//F,EAEAC,GAGA8/F,KAAK,GAAK,GAChBr7G,EAAItC,KAAKulB,GAGJjjB,GAGTkyC,EAAGrgD,UAAU+M,IAAM,SAAck5B,GAC/B,GAAIjnC,KAAKwN,SAAU,OAAOy5B,EAAI/3B,MAC9B,GAAI+3B,EAAIz5B,SAAU,OAAOxN,KAAKkP,MAE9B,IAAIb,EAAIrO,KAAK2B,QACTsM,EAAIg5B,EAAItlC,QACZ0M,EAAEwvG,SAAW,EACb5vG,EAAE4vG,SAAW,EAGb,IAAK,IAAI33G,EAAQ,EAAGmI,EAAEY,UAAYhB,EAAEgB,SAAU/I,IAC5CmI,EAAE8xG,OAAO,GACTlyG,EAAEkyG,OAAO,GAGX,OAAG,CACD,KAAO9xG,EAAEY,UACPZ,EAAE8xG,OAAO,GAEX,KAAOlyG,EAAEgB,UACPhB,EAAEkyG,OAAO,GAGX,IAAIxyG,EAAIU,EAAE+vG,IAAInwG,GACd,GAAIN,EAAI,EAAG,CAET,IAAIsQ,EAAI5P,EACRA,EAAIJ,EACJA,EAAIgQ,OACC,GAAU,IAANtQ,GAAyB,IAAdM,EAAEu8G,KAAK,GAC3B,MAGFn8G,EAAEtB,KAAKkB,GAGT,OAAOA,EAAEg6G,OAAO/hH,IAIlBm7C,EAAGrgD,UAAUypH,KAAO,SAAexjF,GACjC,OAAOjnC,KAAKgqH,KAAK/iF,GAAK54B,EAAEs7G,KAAK1iF,IAG/Boa,EAAGrgD,UAAUiO,OAAS,WACpB,OAA+B,IAAP,EAAhBjP,KAAK89G,MAAM,KAGrBz8D,EAAGrgD,UAAUopH,MAAQ,WACnB,OAA+B,IAAP,EAAhBpqH,KAAK89G,MAAM,KAIrBz8D,EAAGrgD,UAAUk/G,MAAQ,SAAgBj5E,GACnC,OAAOjnC,KAAK89G,MAAM,GAAK72E,GAIzBoa,EAAGrgD,UAAU0pH,MAAQ,SAAgB5I,GACnC38E,EAAsB,iBAAR28E,GACd,IAAIn0G,EAAIm0G,EAAM,GACVjkG,GAAKikG,EAAMn0G,GAAK,GAChBW,EAAI,GAAKX,EAGb,GAAI3N,KAAKoB,QAAUyc,EAGjB,OAFA7d,KAAK8+G,QAAQjhG,EAAI,GACjB7d,KAAK89G,MAAMjgG,IAAMvP,EACVtO,KAKT,IADA,IAAI8mC,EAAQx4B,EACHrL,EAAI4a,EAAa,IAAVipB,GAAe7jC,EAAIjD,KAAKoB,OAAQ6B,IAAK,CACnD,IAAIk0B,EAAoB,EAAhBn3B,KAAK89G,MAAM76G,GAEnB6jC,GADA3P,GAAK2P,KACS,GACd3P,GAAK,SACLn3B,KAAK89G,MAAM76G,GAAKk0B,EAMlB,OAJc,IAAV2P,IACF9mC,KAAK89G,MAAM76G,GAAK6jC,EAChB9mC,KAAKoB,UAEApB,MAGTqhD,EAAGrgD,UAAUwM,OAAS,WACpB,OAAuB,IAAhBxN,KAAKoB,QAAkC,IAAlBpB,KAAK89G,MAAM,IAGzCz8D,EAAGrgD,UAAUwpH,KAAO,SAAevjF,GACjC,IAOI93B,EAPA0uG,EAAW52E,EAAM,EAErB,GAAsB,IAAlBjnC,KAAK69G,WAAmBA,EAAU,OAAQ,EAC9C,GAAsB,IAAlB79G,KAAK69G,UAAkBA,EAAU,OAAO,EAK5C,GAHA79G,KAAKy+G,QAGDz+G,KAAKoB,OAAS,EAChB+N,EAAM,MACD,CACD0uG,IACF52E,GAAOA,GAGT9B,EAAO8B,GAAO,SAAW,qBAEzB,IAAI9P,EAAoB,EAAhBn3B,KAAK89G,MAAM,GACnB3uG,EAAMgoB,IAAM8P,EAAM,EAAI9P,EAAI8P,GAAO,EAAI,EAEvC,OAAsB,IAAlBjnC,KAAK69G,SAA8B,GAAN1uG,EAC1BA,GAOTkyC,EAAGrgD,UAAUo9G,IAAM,SAAcn3E,GAC/B,GAAsB,IAAlBjnC,KAAK69G,UAAmC,IAAjB52E,EAAI42E,SAAgB,OAAQ,EACvD,GAAsB,IAAlB79G,KAAK69G,UAAmC,IAAjB52E,EAAI42E,SAAgB,OAAO,EAEtD,IAAI1uG,EAAMnP,KAAK2qH,KAAK1jF,GACpB,OAAsB,IAAlBjnC,KAAK69G,SAA8B,GAAN1uG,EAC1BA,GAITkyC,EAAGrgD,UAAU2pH,KAAO,SAAe1jF,GAEjC,GAAIjnC,KAAKoB,OAAS6lC,EAAI7lC,OAAQ,OAAO,EACrC,GAAIpB,KAAKoB,OAAS6lC,EAAI7lC,OAAQ,OAAQ,EAGtC,IADA,IAAI+N,EAAM,EACDlM,EAAIjD,KAAKoB,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CACzC,IAAIoL,EAAoB,EAAhBrO,KAAK89G,MAAM76G,GACfgL,EAAmB,EAAfg5B,EAAI62E,MAAM76G,GAElB,GAAIoL,IAAMJ,EAAV,CACII,EAAIJ,EACNkB,GAAO,EACEd,EAAIJ,IACbkB,EAAM,GAER,OAEF,OAAOA,GAGTkyC,EAAGrgD,UAAU4pH,IAAM,SAAc3jF,GAC/B,OAA0B,IAAnBjnC,KAAKwqH,KAAKvjF,IAGnBoa,EAAGrgD,UAAU+N,GAAK,SAAak4B,GAC7B,OAAyB,IAAlBjnC,KAAKo+G,IAAIn3E,IAGlBoa,EAAGrgD,UAAU6pH,KAAO,SAAe5jF,GACjC,OAAOjnC,KAAKwqH,KAAKvjF,IAAQ,GAG3Boa,EAAGrgD,UAAUgO,IAAM,SAAci4B,GAC/B,OAAOjnC,KAAKo+G,IAAIn3E,IAAQ,GAG1Boa,EAAGrgD,UAAU8pH,IAAM,SAAc7jF,GAC/B,OAA2B,IAApBjnC,KAAKwqH,KAAKvjF,IAGnBoa,EAAGrgD,UAAU6N,GAAK,SAAao4B,GAC7B,OAA0B,IAAnBjnC,KAAKo+G,IAAIn3E,IAGlBoa,EAAGrgD,UAAU+pH,KAAO,SAAe9jF,GACjC,OAAOjnC,KAAKwqH,KAAKvjF,IAAQ,GAG3Boa,EAAGrgD,UAAU8N,IAAM,SAAcm4B,GAC/B,OAAOjnC,KAAKo+G,IAAIn3E,IAAQ,GAG1Boa,EAAGrgD,UAAUgqH,IAAM,SAAc/jF,GAC/B,OAA0B,IAAnBjnC,KAAKwqH,KAAKvjF,IAGnBoa,EAAGrgD,UAAUkoD,GAAK,SAAajiB,GAC7B,OAAyB,IAAlBjnC,KAAKo+G,IAAIn3E,IAOlBoa,EAAG08D,IAAM,SAAc92E,GACrB,OAAO,IAAIgkF,EAAIhkF,IAGjBoa,EAAGrgD,UAAUkqH,MAAQ,SAAgBC,GAGnC,OAFAhmF,GAAQnlC,KAAK+9G,IAAK,yCAClB54E,EAAyB,IAAlBnlC,KAAK69G,SAAgB,iCACrBsN,EAAIC,UAAUprH,MAAMqrH,UAAUF,IAGvC9pE,EAAGrgD,UAAUsqH,QAAU,WAErB,OADAnmF,EAAOnlC,KAAK+9G,IAAK,wDACV/9G,KAAK+9G,IAAIwN,YAAYvrH,OAG9BqhD,EAAGrgD,UAAUqqH,UAAY,SAAoBF,GAE3C,OADAnrH,KAAK+9G,IAAMoN,EACJnrH,MAGTqhD,EAAGrgD,UAAUwqH,SAAW,SAAmBL,GAEzC,OADAhmF,GAAQnlC,KAAK+9G,IAAK,yCACX/9G,KAAKqrH,UAAUF,IAGxB9pE,EAAGrgD,UAAUyqH,OAAS,SAAiBxkF,GAErC,OADA9B,EAAOnlC,KAAK+9G,IAAK,sCACV/9G,KAAK+9G,IAAI93G,IAAIjG,KAAMinC,IAG5Boa,EAAGrgD,UAAU0qH,QAAU,SAAkBzkF,GAEvC,OADA9B,EAAOnlC,KAAK+9G,IAAK,uCACV/9G,KAAK+9G,IAAIlxG,KAAK7M,KAAMinC,IAG7Boa,EAAGrgD,UAAU2qH,OAAS,SAAiB1kF,GAErC,OADA9B,EAAOnlC,KAAK+9G,IAAK,sCACV/9G,KAAK+9G,IAAI/wG,IAAIhN,KAAMinC,IAG5Boa,EAAGrgD,UAAU4qH,QAAU,SAAkB3kF,GAEvC,OADA9B,EAAOnlC,KAAK+9G,IAAK,uCACV/9G,KAAK+9G,IAAIhxG,KAAK/M,KAAMinC,IAG7Boa,EAAGrgD,UAAU6qH,OAAS,SAAiB5kF,GAErC,OADA9B,EAAOnlC,KAAK+9G,IAAK,sCACV/9G,KAAK+9G,IAAI+N,IAAI9rH,KAAMinC,IAG5Boa,EAAGrgD,UAAU+qH,OAAS,SAAiB9kF,GAGrC,OAFA9B,EAAOnlC,KAAK+9G,IAAK,sCACjB/9G,KAAK+9G,IAAIiO,SAAShsH,KAAMinC,GACjBjnC,KAAK+9G,IAAI7wG,IAAIlN,KAAMinC,IAG5Boa,EAAGrgD,UAAUirH,QAAU,SAAkBhlF,GAGvC,OAFA9B,EAAOnlC,KAAK+9G,IAAK,sCACjB/9G,KAAK+9G,IAAIiO,SAAShsH,KAAMinC,GACjBjnC,KAAK+9G,IAAI9wG,KAAKjN,KAAMinC,IAG7Boa,EAAGrgD,UAAUkrH,OAAS,WAGpB,OAFA/mF,EAAOnlC,KAAK+9G,IAAK,sCACjB/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAI+J,IAAI9nH,OAGtBqhD,EAAGrgD,UAAUorH,QAAU,WAGrB,OAFAjnF,EAAOnlC,KAAK+9G,IAAK,uCACjB/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAIgK,KAAK/nH,OAIvBqhD,EAAGrgD,UAAUqrH,QAAU,WAGrB,OAFAlnF,EAAOnlC,KAAK+9G,IAAK,uCACjB/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAIuO,KAAKtsH,OAGvBqhD,EAAGrgD,UAAUurH,QAAU,WAGrB,OAFApnF,EAAOnlC,KAAK+9G,IAAK,uCACjB/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAI0M,KAAKzqH,OAIvBqhD,EAAGrgD,UAAUwrH,OAAS,WAGpB,OAFArnF,EAAOnlC,KAAK+9G,IAAK,sCACjB/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAIkD,IAAIjhH,OAGtBqhD,EAAGrgD,UAAUyrH,OAAS,SAAiBxlF,GAGrC,OAFA9B,EAAOnlC,KAAK+9G,MAAQ92E,EAAI82E,IAAK,qBAC7B/9G,KAAK+9G,IAAIoO,SAASnsH,MACXA,KAAK+9G,IAAIlsE,IAAI7xC,KAAMinC,IAI5B,IAAIylF,EAAS,CACXC,KAAM,KACNC,KAAM,KACNC,KAAM,KACNC,OAAQ,MAIV,SAASC,EAAQ7hH,EAAMknB,GAErBpyB,KAAKkL,KAAOA,EACZlL,KAAKoyB,EAAI,IAAIivB,EAAGjvB,EAAG,IACnBpyB,KAAKoM,EAAIpM,KAAKoyB,EAAE3iB,YAChBzP,KAAKic,EAAI,IAAIolC,EAAG,GAAG4mE,OAAOjoH,KAAKoM,GAAGW,KAAK/M,KAAKoyB,GAE5CpyB,KAAKuO,IAAMvO,KAAKgtH,OA2ClB,SAASC,IACPF,EAAOjsH,KACLd,KACA,OACA,2EA+DJ,SAASktH,IACPH,EAAOjsH,KACLd,KACA,OACA,kEAIJ,SAASmtH,IACPJ,EAAOjsH,KACLd,KACA,OACA,yDAIJ,SAASotH,IAEPL,EAAOjsH,KACLd,KACA,QACA,uEA8CJ,SAASirH,EAAK79G,GACZ,GAAiB,iBAANA,EAAgB,CACzB,IAAIigH,EAAQhsE,EAAGisE,OAAOlgH,GACtBpN,KAAKoN,EAAIigH,EAAMj7F,EACfpyB,KAAKqtH,MAAQA,OAEbloF,EAAO/3B,EAAEw9G,IAAI,GAAI,kCACjB5qH,KAAKoN,EAAIA,EACTpN,KAAKqtH,MAAQ,KAkOjB,SAASE,EAAMngH,GACb69G,EAAInqH,KAAKd,KAAMoN,GAEfpN,KAAKkG,MAAQlG,KAAKoN,EAAEqC,YAChBzP,KAAKkG,MAAQ,IAAO,IACtBlG,KAAKkG,OAAS,GAAMlG,KAAKkG,MAAQ,IAGnClG,KAAK2N,EAAI,IAAI0zC,EAAG,GAAG4mE,OAAOjoH,KAAKkG,OAC/BlG,KAAK8pH,GAAK9pH,KAAKmN,KAAKnN,KAAK2N,EAAEm6G,OAC3B9nH,KAAKwtH,KAAOxtH,KAAK2N,EAAE28G,OAAOtqH,KAAKoN,GAE/BpN,KAAKytH,KAAOztH,KAAKwtH,KAAKtgH,IAAIlN,KAAK2N,GAAGo7G,MAAM,GAAGQ,IAAIvpH,KAAKoN,GACpDpN,KAAKytH,KAAOztH,KAAKytH,KAAK9D,KAAK3pH,KAAK2N,GAChC3N,KAAKytH,KAAOztH,KAAK2N,EAAEX,IAAIhN,KAAKytH,MAta9BV,EAAO/rH,UAAUgsH,KAAO,WACtB,IAAIz+G,EAAM,IAAI8yC,EAAG,MAEjB,OADA9yC,EAAIuvG,MAAYj+G,MAAM6L,KAAKmQ,KAAK7b,KAAKoM,EAAI,KAClCmC,GAGTw+G,EAAO/rH,UAAU0sH,QAAU,SAAkBzmF,GAG3C,IACI/U,EADAvkB,EAAIs5B,EAGR,GACEjnC,KAAK+f,MAAMpS,EAAG3N,KAAKuO,KAGnB2jB,GADAvkB,GADAA,EAAI3N,KAAK2tH,MAAMhgH,IACTd,KAAK7M,KAAKuO,MACPkB,kBACFyiB,EAAOlyB,KAAKoM,GAErB,IAAIgyG,EAAMlsF,EAAOlyB,KAAKoM,GAAK,EAAIuB,EAAEg9G,KAAK3qH,KAAKoyB,GAU3C,OATY,IAARgsF,GACFzwG,EAAEmwG,MAAM,GAAK,EACbnwG,EAAEvM,OAAS,GACFg9G,EAAM,EACfzwG,EAAEZ,KAAK/M,KAAKoyB,GAEZzkB,EAAE8wG,QAGG9wG,GAGTo/G,EAAO/rH,UAAU+e,MAAQ,SAAgBzf,EAAO++G,GAC9C/+G,EAAM6/G,OAAOngH,KAAKoM,EAAG,EAAGizG,IAG1B0N,EAAO/rH,UAAU2sH,MAAQ,SAAgB1mF,GACvC,OAAOA,EAAIh6B,KAAKjN,KAAKic,IASvBoqB,EAAS4mF,EAAMF,GAEfE,EAAKjsH,UAAU+e,MAAQ,SAAgBzf,EAAOuJ,GAK5C,IAHA,IAAI+nC,EAAO,QAEP4b,EAAS9hD,KAAKmyC,IAAIv9C,EAAMc,OAAQ,GAC3B6B,EAAI,EAAGA,EAAIuqD,EAAQvqD,IAC1B4G,EAAOi0G,MAAM76G,GAAK3C,EAAMw9G,MAAM76G,GAIhC,GAFA4G,EAAOzI,OAASosD,EAEZltD,EAAMc,QAAU,EAGlB,OAFAd,EAAMw9G,MAAM,GAAK,OACjBx9G,EAAMc,OAAS,GAKjB,IAAIkH,EAAOhI,EAAMw9G,MAAM,GAGvB,IAFAj0G,EAAOi0G,MAAMj0G,EAAOzI,UAAYkH,EAAOspC,EAElC3uC,EAAI,GAAIA,EAAI3C,EAAMc,OAAQ6B,IAAK,CAClC,IAAImgE,EAAwB,EAAjB9iE,EAAMw9G,MAAM76G,GACvB3C,EAAMw9G,MAAM76G,EAAI,KAAQmgE,EAAOxxB,IAAS,EAAMtpC,IAAS,GACvDA,EAAO86D,EAET96D,KAAU,GACVhI,EAAMw9G,MAAM76G,EAAI,IAAMqF,EACT,IAATA,GAAchI,EAAMc,OAAS,GAC/Bd,EAAMc,QAAU,GAEhBd,EAAMc,QAAU,GAIpB6rH,EAAKjsH,UAAU2sH,MAAQ,SAAgB1mF,GAErCA,EAAI62E,MAAM72E,EAAI7lC,QAAU,EACxB6lC,EAAI62E,MAAM72E,EAAI7lC,OAAS,GAAK,EAC5B6lC,EAAI7lC,QAAU,EAId,IADA,IAAI4kC,EAAK,EACA/iC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CACnC,IAAIk0B,EAAmB,EAAf8P,EAAI62E,MAAM76G,GAClB+iC,GAAU,IAAJ7O,EACN8P,EAAI62E,MAAM76G,GAAU,SAAL+iC,EACfA,EAAS,GAAJ7O,GAAa6O,EAAK,SAAa,GAUtC,OANkC,IAA9BiB,EAAI62E,MAAM72E,EAAI7lC,OAAS,KACzB6lC,EAAI7lC,SAC8B,IAA9B6lC,EAAI62E,MAAM72E,EAAI7lC,OAAS,IACzB6lC,EAAI7lC,UAGD6lC,GASTZ,EAAS6mF,EAAMH,GAQf1mF,EAAS8mF,EAAMJ,GASf1mF,EAAS+mF,EAAQL,GAEjBK,EAAOpsH,UAAU2sH,MAAQ,SAAgB1mF,GAGvC,IADA,IAAIH,EAAQ,EACH7jC,EAAI,EAAGA,EAAIgkC,EAAI7lC,OAAQ6B,IAAK,CACnC,IAAI8iC,EAA0B,IAAL,EAAfkB,EAAI62E,MAAM76G,IAAiB6jC,EACjCd,EAAU,SAALD,EACTA,KAAQ,GAERkB,EAAI62E,MAAM76G,GAAK+iC,EACfc,EAAQf,EAKV,OAHc,IAAVe,IACFG,EAAI62E,MAAM72E,EAAI7lC,UAAY0lC,GAErBG,GAIToa,EAAGisE,OAAS,SAAgBpiH,GAE1B,GAAIwhH,EAAOxhH,GAAO,OAAOwhH,EAAOxhH,GAEhC,IAAImiH,EACJ,GAAa,SAATniH,EACFmiH,EAAQ,IAAIJ,OACP,GAAa,SAAT/hH,EACTmiH,EAAQ,IAAIH,OACP,GAAa,SAAThiH,EACTmiH,EAAQ,IAAIF,MACP,IAAa,WAATjiH,EAGT,MAAUhI,MAAM,iBAAmBgI,GAFnCmiH,EAAQ,IAAID,EAMd,OAFAV,EAAOxhH,GAAQmiH,EAERA,GAkBTpC,EAAIjqH,UAAUmrH,SAAW,SAAmB99G,GAC1C82B,EAAsB,IAAf92B,EAAEwvG,SAAgB,iCACzB14E,EAAO92B,EAAE0vG,IAAK,oCAGhBkN,EAAIjqH,UAAUgrH,SAAW,SAAmB39G,EAAGJ,GAC7Ck3B,EAAqC,IAA7B92B,EAAEwvG,SAAW5vG,EAAE4vG,UAAiB,iCACxC14E,EAAO92B,EAAE0vG,KAAO1vG,EAAE0vG,MAAQ9vG,EAAE8vG,IAC1B,oCAGJkN,EAAIjqH,UAAUmM,KAAO,SAAekB,GAClC,OAAIrO,KAAKqtH,MAAcrtH,KAAKqtH,MAAMK,QAAQr/G,GAAGg9G,UAAUrrH,MAChDqO,EAAEs7G,KAAK3pH,KAAKoN,GAAGi+G,UAAUrrH,OAGlCirH,EAAIjqH,UAAUigH,IAAM,SAAc5yG,GAChC,OAAIA,EAAEb,SACGa,EAAE1M,QAGJ3B,KAAKoN,EAAEJ,IAAIqB,GAAGg9G,UAAUrrH,OAGjCirH,EAAIjqH,UAAUiF,IAAM,SAAcoI,EAAGJ,GACnCjO,KAAKgsH,SAAS39G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEpI,IAAIgI,GAIhB,OAHIkB,EAAIivG,IAAIp+G,KAAKoN,IAAM,GACrB+B,EAAIpC,KAAK/M,KAAKoN,GAET+B,EAAIk8G,UAAUrrH,OAGvBirH,EAAIjqH,UAAU6L,KAAO,SAAewB,EAAGJ,GACrCjO,KAAKgsH,SAAS39G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAExB,KAAKoB,GAIjB,OAHIkB,EAAIivG,IAAIp+G,KAAKoN,IAAM,GACrB+B,EAAIpC,KAAK/M,KAAKoN,GAET+B,GAGT87G,EAAIjqH,UAAUgM,IAAM,SAAcqB,EAAGJ,GACnCjO,KAAKgsH,SAAS39G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAErB,IAAIiB,GAIhB,OAHIkB,EAAIq7G,KAAK,GAAK,GAChBr7G,EAAItC,KAAK7M,KAAKoN,GAET+B,EAAIk8G,UAAUrrH,OAGvBirH,EAAIjqH,UAAU+L,KAAO,SAAesB,EAAGJ,GACrCjO,KAAKgsH,SAAS39G,EAAGJ,GAEjB,IAAIkB,EAAMd,EAAEtB,KAAKkB,GAIjB,OAHIkB,EAAIq7G,KAAK,GAAK,GAChBr7G,EAAItC,KAAK7M,KAAKoN,GAET+B,GAGT87G,EAAIjqH,UAAU8qH,IAAM,SAAcz9G,EAAG44B,GAEnC,OADAjnC,KAAKmsH,SAAS99G,GACPrO,KAAKmN,KAAKkB,EAAEq6G,MAAMzhF,KAG3BgkF,EAAIjqH,UAAUiM,KAAO,SAAeoB,EAAGJ,GAErC,OADAjO,KAAKgsH,SAAS39G,EAAGJ,GACVjO,KAAKmN,KAAKkB,EAAEpB,KAAKgB,KAG1Bg9G,EAAIjqH,UAAUkM,IAAM,SAAcmB,EAAGJ,GAEnC,OADAjO,KAAKgsH,SAAS39G,EAAGJ,GACVjO,KAAKmN,KAAKkB,EAAEnB,IAAIe,KAGzBg9G,EAAIjqH,UAAU+mH,KAAO,SAAe15G,GAClC,OAAOrO,KAAKiN,KAAKoB,EAAGA,EAAE1M,UAGxBspH,EAAIjqH,UAAU8mH,IAAM,SAAcz5G,GAChC,OAAOrO,KAAKkN,IAAImB,EAAGA,IAGrB48G,EAAIjqH,UAAUsrH,KAAO,SAAej+G,GAClC,GAAIA,EAAEb,SAAU,OAAOa,EAAE1M,QAEzB,IAAIisH,EAAO5tH,KAAKoN,EAAE8yG,MAAM,GAIxB,GAHA/6E,EAAOyoF,EAAO,GAAM,GAGP,IAATA,EAAY,CACd,IAAI/7E,EAAM7xC,KAAKoN,EAAEnH,IAAI,IAAIo7C,EAAG,IAAI8+D,OAAO,GACvC,OAAOngH,KAAK6xC,IAAIxjC,EAAGwjC,GAQrB,IAFA,IAAIvjC,EAAItO,KAAKoN,EAAEq0C,KAAK,GAChB5jC,EAAI,GACAvP,EAAEd,UAA2B,IAAfc,EAAE4xG,MAAM,IAC5BriG,IACAvP,EAAE6xG,OAAO,GAEXh7E,GAAQ72B,EAAEd,UAEV,IAAImC,EAAM,IAAI0xC,EAAG,GAAG6pE,MAAMlrH,MACtB6tH,EAAOl+G,EAAI68G,SAIXsB,EAAO9tH,KAAKoN,EAAEq0C,KAAK,GAAG0+D,OAAO,GAC7Bj4E,EAAIloC,KAAKoN,EAAEqC,YAGf,IAFAy4B,EAAI,IAAImZ,EAAG,EAAInZ,EAAIA,GAAGgjF,MAAMlrH,MAEW,IAAhCA,KAAK6xC,IAAI3J,EAAG4lF,GAAM1P,IAAIyP,IAC3B3lF,EAAEwjF,QAAQmC,GAOZ,IAJA,IAAIzxG,EAAIpc,KAAK6xC,IAAI3J,EAAG55B,GAChBX,EAAI3N,KAAK6xC,IAAIxjC,EAAGC,EAAE06G,KAAK,GAAG7I,OAAO,IACjCliG,EAAIje,KAAK6xC,IAAIxjC,EAAGC,GAChBlB,EAAIyQ,EACc,IAAfI,EAAEmgG,IAAIzuG,IAAY,CAEvB,IADA,IAAIpB,EAAM0P,EACDhb,EAAI,EAAoB,IAAjBsL,EAAI6vG,IAAIzuG,GAAY1M,IAClCsL,EAAMA,EAAI29G,SAEZ/mF,EAAOliC,EAAImK,GACX,IAAIa,EAAIjO,KAAK6xC,IAAIz1B,EAAG,IAAIilC,EAAG,GAAG4mE,OAAO76G,EAAInK,EAAI,IAE7C0K,EAAIA,EAAEo+G,OAAO99G,GACbmO,EAAInO,EAAEi+G,SACNjuG,EAAIA,EAAE8tG,OAAO3vG,GACbhP,EAAInK,EAGN,OAAO0K,GAGTs9G,EAAIjqH,UAAUypH,KAAO,SAAep8G,GAClC,IAAI0/G,EAAM1/G,EAAEi8G,OAAOtqH,KAAKoN,GACxB,OAAqB,IAAjB2gH,EAAIlQ,UACNkQ,EAAIlQ,SAAW,EACR79G,KAAKmN,KAAK4gH,GAAKvB,UAEfxsH,KAAKmN,KAAK4gH,IAIrB9C,EAAIjqH,UAAU6wC,IAAM,SAAcxjC,EAAG44B,GACnC,GAAIA,EAAIz5B,SAAU,OAAO,IAAI6zC,EAAG,GAAG6pE,MAAMlrH,MACzC,GAAoB,IAAhBinC,EAAIujF,KAAK,GAAU,OAAOn8G,EAAE1M,QAEhC,IACIqsH,EAAUnuH,MAAM,IACpBmuH,EAAI,GAAK,IAAI3sE,EAAG,GAAG6pE,MAAMlrH,MACzBguH,EAAI,GAAK3/G,EACT,IAAK,IAAIpL,EAAI,EAAGA,EAAI+qH,EAAI5sH,OAAQ6B,IAC9B+qH,EAAI/qH,GAAKjD,KAAKkN,IAAI8gH,EAAI/qH,EAAI,GAAIoL,GAGhC,IAAIc,EAAM6+G,EAAI,GACV98C,EAAU,EACV+8C,EAAa,EACbrqH,EAAQqjC,EAAIx3B,YAAc,GAK9B,IAJc,IAAV7L,IACFA,EAAQ,IAGLX,EAAIgkC,EAAI7lC,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CAEpC,IADA,IAAImjC,EAAOa,EAAI62E,MAAM76G,GACZ0Z,EAAI/Y,EAAQ,EAAG+Y,GAAK,EAAGA,IAAK,CACnC,IAAImlG,EAAO17E,GAAQzpB,EAAK,EACpBxN,IAAQ6+G,EAAI,KACd7+G,EAAMnP,KAAK8nH,IAAI34G,IAGL,IAAR2yG,GAAyB,IAAZ5wC,GAKjBA,IAAY,EACZA,GAAW4wC,GA9BE,MA+BbmM,GACwC,IAANhrH,GAAiB,IAAN0Z,KAE7CxN,EAAMnP,KAAKkN,IAAIiC,EAAK6+G,EAAI98C,IACxB+8C,EAAa,EACb/8C,EAAU,IAXR+8C,EAAa,EAajBrqH,EAAQ,GAGV,OAAOuL,GAGT87G,EAAIjqH,UAAUoqH,UAAY,SAAoBnkF,GAC5C,IAAIt5B,EAAIs5B,EAAI0iF,KAAK3pH,KAAKoN,GAEtB,OAAOO,IAAMs5B,EAAMt5B,EAAEhM,QAAUgM,GAGjCs9G,EAAIjqH,UAAUuqH,YAAc,SAAsBtkF,GAChD,IAAI93B,EAAM83B,EAAItlC,QAEd,OADAwN,EAAI4uG,IAAM,KACH5uG,GAOTkyC,EAAG6sE,KAAO,SAAejnF,GACvB,OAAO,IAAIsmF,EAAKtmF,IAmBlBZ,EAASknF,EAAMtC,GAEfsC,EAAKvsH,UAAUoqH,UAAY,SAAoBnkF,GAC7C,OAAOjnC,KAAKmN,KAAK85B,EAAIyhF,MAAM1oH,KAAKkG,SAGlCqnH,EAAKvsH,UAAUuqH,YAAc,SAAsBtkF,GACjD,IAAIt5B,EAAI3N,KAAKmN,KAAK85B,EAAI/5B,IAAIlN,KAAKwtH,OAE/B,OADA7/G,EAAEowG,IAAM,KACDpwG,GAGT4/G,EAAKvsH,UAAUiM,KAAO,SAAeoB,EAAGJ,GACtC,GAAII,EAAEb,UAAYS,EAAET,SAGlB,OAFAa,EAAEyvG,MAAM,GAAK,EACbzvG,EAAEjN,OAAS,EACJiN,EAGT,IAAI4P,EAAI5P,EAAEpB,KAAKgB,GACXmO,EAAI6B,EAAE6qG,MAAM9oH,KAAKkG,OAAOgH,IAAIlN,KAAKytH,MAAM5E,OAAO7oH,KAAKkG,OAAOgH,IAAIlN,KAAKoN,GACnEysB,EAAI5b,EAAElR,KAAKqP,GAAG+jG,OAAOngH,KAAKkG,OAC1BiJ,EAAM0qB,EAQV,OANIA,EAAEukF,IAAIp+G,KAAKoN,IAAM,EACnB+B,EAAM0qB,EAAE9sB,KAAK/M,KAAKoN,GACTysB,EAAE2wF,KAAK,GAAK,IACrBr7G,EAAM0qB,EAAEhtB,KAAK7M,KAAKoN,IAGb+B,EAAIk8G,UAAUrrH,OAGvButH,EAAKvsH,UAAUkM,IAAM,SAAcmB,EAAGJ,GACpC,GAAII,EAAEb,UAAYS,EAAET,SAAU,OAAO,IAAI6zC,EAAG,GAAGgqE,UAAUrrH,MAEzD,IAAIie,EAAI5P,EAAEnB,IAAIe,GACVmO,EAAI6B,EAAE6qG,MAAM9oH,KAAKkG,OAAOgH,IAAIlN,KAAKytH,MAAM5E,OAAO7oH,KAAKkG,OAAOgH,IAAIlN,KAAKoN,GACnEysB,EAAI5b,EAAElR,KAAKqP,GAAG+jG,OAAOngH,KAAKkG,OAC1BiJ,EAAM0qB,EAOV,OANIA,EAAEukF,IAAIp+G,KAAKoN,IAAM,EACnB+B,EAAM0qB,EAAE9sB,KAAK/M,KAAKoN,GACTysB,EAAE2wF,KAAK,GAAK,IACrBr7G,EAAM0qB,EAAEhtB,KAAK7M,KAAKoN,IAGb+B,EAAIk8G,UAAUrrH,OAGvButH,EAAKvsH,UAAUypH,KAAO,SAAep8G,GAGnC,OADUrO,KAAKmN,KAAKkB,EAAEi8G,OAAOtqH,KAAKoN,GAAGF,IAAIlN,KAAK8pH,KACnCuB,UAAUrrH,MAExB,CAl2GD,CAk2GoCslC,EAAQtlC,qFCr1G7B,MAAMmM,GAMnBrM,YAAYsM,GACV,QAAUnL,IAANmL,EACF,MAAUlJ,MAAM,4BAGlBlD,KAAKqB,MAAQ,IAAIggD,GAAGj1C,GAGtBzK,QACE,MAAMA,EAAQ,IAAIwK,GAAW,MAE7B,OADAnM,KAAKqB,MAAMspE,KAAKhpE,EAAMN,OACfM,EAMT8K,OAEE,OADAzM,KAAKqB,MAAMwL,KAAK,IAAIw0C,GAAG,IAChBrhD,KAOT0M,MACE,OAAO1M,KAAK2B,QAAQ8K,OAMtBE,OAEE,OADA3M,KAAKqB,MAAM0L,KAAK,IAAIs0C,GAAG,IAChBrhD,KAOT4M,MACE,OAAO5M,KAAK2B,QAAQgL,OAQtBE,KAAKC,GAEH,OADA9M,KAAKqB,MAAMwL,KAAKC,EAAEzL,OACXrB,KAQTiG,IAAI6G,GACF,OAAO9M,KAAK2B,QAAQkL,KAAKC,GAO3BC,KAAKD,GAEH,OADA9M,KAAKqB,MAAM0L,KAAKD,EAAEzL,OACXrB,KAQTgN,IAAIF,GACF,OAAO9M,KAAK2B,QAAQoL,KAAKD,GAO3BG,KAAKH,GAEH,OADA9M,KAAKqB,MAAM4L,KAAKH,EAAEzL,OACXrB,KAQTkN,IAAIJ,GACF,OAAO9M,KAAK2B,QAAQsL,KAAKH,GAO3BK,KAAKC,GAEH,OADApN,KAAKqB,MAAQrB,KAAKqB,MAAMsoH,KAAKv8G,EAAE/L,OACxBrB,KAQTsN,IAAIF,GACF,OAAOpN,KAAK2B,QAAQwL,KAAKC,GAU3BG,OAAOlJ,EAAG+H,GAIR,MAAM+hH,EAAO/hH,EAAE6C,SAAWoyC,GAAG08D,IAAI3xG,EAAE/K,OAASggD,GAAG6sE,KAAK9hH,EAAE/K,OAChDyL,EAAI9M,KAAK2B,QAEf,OADAmL,EAAEzL,MAAQyL,EAAEzL,MAAM6pH,MAAMiD,GAAM1B,OAAOpoH,EAAEhD,OAAOiqH,UACvCx+G,EAUTgB,OAAO1B,GAEL,IAAKpM,KAAK+N,IAAI3B,GAAGqB,QACf,MAAUvK,MAAM,0BAElB,OAAO,IAAIiJ,GAAWnM,KAAKqB,MAAMopH,KAAKr+G,EAAE/K,QAQ1C0M,IAAI3B,GACF,OAAO,IAAID,GAAWnM,KAAKqB,MAAM0M,IAAI3B,EAAE/K,QAOzCmN,WAAW1B,GAET,OADA9M,KAAKqB,MAAM+mH,MAAMt7G,EAAEzL,MAAM+N,YAClBpP,KAQTyO,UAAU3B,GACR,OAAO9M,KAAK2B,QAAQ6M,WAAW1B,GAOjC4B,YAAY5B,GAEV,OADA9M,KAAKqB,MAAMmnH,MAAM17G,EAAEzL,MAAM+N,YAClBpP,KAQT2O,WAAW7B,GACT,OAAO9M,KAAK2B,QAAQ+M,YAAY5B,GAQlC8B,MAAM9B,GACJ,OAAO9M,KAAKqB,MAAM6nD,GAAGp8C,EAAEzL,OAQzBwN,GAAG/B,GACD,OAAO9M,KAAKqB,MAAMwN,GAAG/B,EAAEzL,OAQzByN,IAAIhC,GACF,OAAO9M,KAAKqB,MAAMyN,IAAIhC,EAAEzL,OAQ1B0N,GAAGjC,GACD,OAAO9M,KAAKqB,MAAM0N,GAAGjC,EAAEzL,OAQzB2N,IAAIlC,GACF,OAAO9M,KAAKqB,MAAM2N,IAAIlC,EAAEzL,OAG1BmM,SACE,OAAOxN,KAAKqB,MAAMmM,SAGpBC,QACE,OAAOzN,KAAKqB,MAAM6nD,GAAG,IAAI7H,GAAG,IAG9Bh0C,aACE,OAAOrN,KAAKqB,MAAM2/G,QAGpB/xG,SACE,OAAOjP,KAAKqB,MAAM4N,SAGpBC,MACE,MAAMC,EAAMnP,KAAK2B,QAEjB,OADAwN,EAAI9N,MAAQ8N,EAAI9N,MAAM6N,MACfC,EAOT5C,WACE,OAAOvM,KAAKqB,MAAMkL,WAQpB6C,WACE,OAAOpP,KAAKqB,MAAM+N,WAQpBI,OAAOvM,GACL,OAAOjD,KAAKqB,MAAMw/G,MAAM59G,GAAK,EAAI,EAOnCwM,YACE,OAAOzP,KAAKqB,MAAMoO,YAOpBtL,aACE,OAAOnE,KAAKqB,MAAM8C,aASpB6L,aAAaC,EAAS,KAAM7O,GAC1B,OAAOpB,KAAKqB,MAAMijD,YAAYzhD,WAAYoN,EAAQ7O,QC3UlDuM,mFCEJ,IAAI+5B,EAAQsW,EAkCZ,SAAS/X,EAAMG,GACb,OAAoB,IAAhBA,EAAKhlC,OACA,IAAMglC,EAENA,CACX,CAGA,SAAS/e,EAAMge,GAEb,IADA,IAAIl2B,EAAM,GACDlM,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,GAAO82B,EAAMZ,EAAIpiC,GAAGsJ,SAAS,KAC/B,OAAO4C,CACT,CAfAu4B,EAAMC,QA9BN,SAAiBtC,EAAKS,GACpB,GAAIjmC,MAAMW,QAAQ6kC,GAChB,OAAOA,EAAI3jC,QACb,IAAK2jC,EACH,MAAO,GACT,IAAIl2B,EAAM,GACV,GAAmB,iBAARk2B,EAAkB,CAC3B,IAAK,IAAIpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAC9BkM,EAAIlM,GAAc,EAAToiC,EAAIpiC,GACf,OAAOkM,EAET,GAAY,QAAR22B,EAAe,EACjBT,EAAMA,EAAIzjB,QAAQ,eAAgB,KAC1BxgB,OAAS,GAAM,IACrBikC,EAAM,IAAMA,GACd,IAASpiC,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,GAAK,EACnCkM,EAAItN,KAAKuO,SAASi1B,EAAIpiC,GAAKoiC,EAAIpiC,EAAI,GAAI,UAEzC,IAASA,EAAI,EAAGA,EAAIoiC,EAAIjkC,OAAQ6B,IAAK,CACnC,IAAImZ,EAAIipB,EAAI7oB,WAAWvZ,GACnB8iC,EAAK3pB,GAAK,EACV4pB,EAAS,IAAJ5pB,EACL2pB,EACF52B,EAAItN,KAAKkkC,EAAIC,GAEb72B,EAAItN,KAAKmkC,GAGf,OAAO72B,CACT,EASAu4B,EAAMzB,MAAQA,EAQdyB,EAAMrgB,MAAQA,EAEdqgB,EAAMxqB,OAAS,SAAgBu/B,EAAK3W,GAClC,MAAY,QAARA,EACKze,EAAMo1B,GAENA,CACX,0BCvDA,IAAI/U,EAAQsW,EAKZtW,EAAMvC,OAASipF,GACf1mF,EAAMC,QAAU0mF,GAAS1mF,QACzBD,EAAMzB,MAAQooF,GAASpoF,MACvByB,EAAMrgB,MAAQgnG,GAAShnG,MACvBqgB,EAAMxqB,OAASmxG,GAASnxG,OA8BxBwqB,EAAM4mF,OA3BN,SAAgBrnF,EAAK9P,GAInB,IAHA,IAAIo3F,EAAM,GACNrH,EAAK,GAAM/vF,EAAI,EACflb,EAAIgrB,EAAItlC,QACLsa,EAAEuuG,KAAK,IAAM,GAAG,CACrB,IAAItiF,EACJ,GAAIjsB,EAAEmuG,QAAS,CACb,IAAI98G,EAAM2O,EAAEikG,MAAMgH,EAAK,GAErBh/E,EADE56B,GAAO45G,GAAM,GAAK,GACfA,GAAM,GAAK55G,EAEZA,EACN2O,EAAE8sG,MAAM7gF,QAERA,EAAI,EAENqmF,EAAI1sH,KAAKqmC,GAIT,IADA,IAAIhiC,EAAuB,IAAd+V,EAAEuuG,KAAK,IAAgC,IAApBvuG,EAAEikG,MAAMgH,EAAK,GAAa/vF,EAAI,EAAK,EAC1Dl0B,EAAI,EAAGA,EAAIiD,EAAOjD,IACzBsrH,EAAI1sH,KAAK,GACXoa,EAAEkkG,OAAOj6G,GAGX,OAAOqoH,CACT,EA0DA7mF,EAAM8mF,OAtDN,SAAgBlgG,EAAIC,GAClB,IAAIkgG,EAAM,CACR,GACA,IAGFngG,EAAKA,EAAG3sB,QACR4sB,EAAKA,EAAG5sB,QAGR,IAFA,IAAI+sH,EAAK,EACLC,EAAK,EACFrgG,EAAGk8F,MAAMkE,GAAM,GAAKngG,EAAGi8F,MAAMmE,GAAM,GAAG,CAG3C,IAMIhgE,EAYAC,EAIEggE,EAtBFC,EAAOvgG,EAAG4xF,MAAM,GAAKwO,EAAM,EAC3BI,EAAOvgG,EAAG2xF,MAAM,GAAKyO,EAAM,EAM/B,GALY,IAARE,IACFA,GAAO,GACG,IAARC,IACFA,GAAO,GAES,IAAP,EAAND,GACHlgE,EAAK,OAMHA,EAHU,KADRigE,EAAMtgG,EAAG4xF,MAAM,GAAKwO,EAAM,IACN,IAAPE,GAAqB,IAARE,EAGvBD,GAFCA,EAOV,GAHAJ,EAAI,GAAG5sH,KAAK8sD,GAGM,IAAP,EAANmgE,GACHlgE,EAAK,OAMHA,EAHU,KADRggE,EAAMrgG,EAAG2xF,MAAM,GAAKyO,EAAM,IACN,IAAPC,GAAqB,IAARC,EAGvBC,GAFCA,EAIVL,EAAI,GAAG5sH,KAAK+sD,GAGR,EAAI8/D,IAAO//D,EAAK,IAClB+/D,EAAK,EAAIA,GACP,EAAIC,IAAO//D,EAAK,IAClB+/D,EAAK,EAAIA,GACXrgG,EAAG6xF,OAAO,GACV5xF,EAAG4xF,OAAO,GAGZ,OAAOsO,CACT,EAUA/mF,EAAMqnF,eAPN,SAAwB3uE,EAAKl1C,EAAM8jH,GACjC,IAAIp4G,EAAM,IAAM1L,EAChBk1C,EAAIp/C,UAAUkK,GAAQ,WACpB,YAAqBjK,IAAdjB,KAAK4W,GAAqB5W,KAAK4W,GAC/B5W,KAAK4W,GAAOo4G,EAASluH,KAAKd,MAErC,EAOA0nC,EAAMunF,WAJN,SAAoB/nH,GAClB,MAAwB,iBAAVA,EAAqBwgC,EAAMC,QAAQzgC,EAAO,OACrBA,CACrC,EAMAwgC,EAAMwnF,UAHN,SAAmBhoH,GACjB,OAAO,IAAIm6C,GAAGn6C,EAAO,MAAO,KAC9B,QFnHiB,SAAc6I,GAI7B,OAHKpC,KACHA,GAAI,IAAIwhH,GAAK,OAERxhH,GAAEwiD,SAASpgD,EACpB,EAEA,SAASo/G,GAAKvwE,GACZ5+C,KAAK4+C,KAAOA,CACd,CACA,OAAsBuwE,GAiBtB,GAfAA,GAAKnuH,UAAUmvD,SAAW,SAAkBpgD,GAC1C,OAAO/P,KAAKovH,MAAMr/G,EACpB,EAGAo/G,GAAKnuH,UAAUouH,MAAQ,SAAehjH,GACpC,GAAIpM,KAAK4+C,KAAK8zB,SACZ,OAAO1yE,KAAK4+C,KAAK8zB,SAAStmE,GAG5B,IADA,IAAI+C,EAAM,IAAItM,WAAWuJ,GAChBnJ,EAAI,EAAGA,EAAIkM,EAAI/N,OAAQ6B,IAC9BkM,EAAIlM,GAAKjD,KAAK4+C,KAAKywE,UACrB,OAAOlgH,CACT,EAEoB,iBAATuuC,KACLA,KAAKj/B,QAAUi/B,KAAKj/B,OAAOm/B,gBAE7BuxE,GAAKnuH,UAAUouH,MAAQ,SAAehjH,GACpC,IAAIqwC,EAAM,IAAI55C,WAAWuJ,GAEzB,OADAsxC,KAAKj/B,OAAOm/B,gBAAgBnB,GACrBA,GAEAiB,KAAKC,UAAYD,KAAKC,SAASC,gBAExCuxE,GAAKnuH,UAAUouH,MAAQ,SAAehjH,GACpC,IAAIqwC,EAAM,IAAI55C,WAAWuJ,GAEzB,OADAsxC,KAAKC,SAASC,gBAAgBnB,GACvBA,GAIkB,iBAAX+c,SAEhB21D,GAAKnuH,UAAUouH,MAAQ,WACrB,MAAUlsH,MAAM,8BAKpB,IACE,IAAIub,QAAS,EACb,GAAkC,mBAAvBA,GAAOs/B,YAChB,MAAU76C,MAAM,iBAElBisH,GAAKnuH,UAAUouH,MAAQ,SAAehjH,GACpC,OAAOqS,GAAOs/B,YAAY3xC,IAE5B,MAAO/H,eG1DX,IAAIiqH,GAAS5mF,GAAM4mF,OACfE,GAAS9mF,GAAM8mF,OACfrpF,GAASuC,GAAMvC,OAEnB,SAASmqF,GAAUt1G,EAAMu1G,GACvBvvH,KAAKga,KAAOA,EACZha,KAAKoyB,EAAI,IAAIivB,GAAGkuE,EAAKn9F,EAAG,IAGxBpyB,KAAK+9G,IAAMwR,EAAKlC,MAAQhsE,GAAG08D,IAAIwR,EAAKlC,OAAShsE,GAAG6sE,KAAKluH,KAAKoyB,GAG1DpyB,KAAK0P,KAAO,IAAI2xC,GAAG,GAAG6pE,MAAMlrH,KAAK+9G,KACjC/9G,KAAK2P,IAAM,IAAI0xC,GAAG,GAAG6pE,MAAMlrH,KAAK+9G,KAChC/9G,KAAKwyC,IAAM,IAAI6O,GAAG,GAAG6pE,MAAMlrH,KAAK+9G,KAGhC/9G,KAAKoM,EAAImjH,EAAKnjH,GAAK,IAAIi1C,GAAGkuE,EAAKnjH,EAAG,IAClCpM,KAAK2kC,EAAI4qF,EAAK5qF,GAAK3kC,KAAKwvH,cAAcD,EAAK5qF,EAAG4qF,EAAKE,MAGnDzvH,KAAK0vH,eACL1vH,KAAK2vH,eACL3vH,KAAK4vH,eACL5vH,KAAK6vH,eAGL,IAAIC,EAAc9vH,KAAKoM,GAAKpM,KAAKoyB,EAAEm3F,IAAIvpH,KAAKoM,IACvC0jH,GAAeA,EAAYtF,KAAK,KAAO,EAC1CxqH,KAAK+vH,KAAO,MAEZ/vH,KAAKgwH,eAAgB,EACrBhwH,KAAK+vH,KAAO/vH,KAAKoM,EAAE8+G,MAAMlrH,KAAK+9G,KAElC,CACA,OAAiBuR,GAgNjB,SAASW,GAAUz/G,EAAOwJ,GACxBha,KAAKwQ,MAAQA,EACbxQ,KAAKga,KAAOA,EACZha,KAAKkwH,YAAc,IACrB,CAlNAZ,GAAUtuH,UAAUmvH,MAAQ,WAC1B,MAAUjtH,MAAM,kBAClB,EAEAosH,GAAUtuH,UAAUskD,SAAW,WAC7B,MAAUpiD,MAAM,kBAClB,EAEAosH,GAAUtuH,UAAUovH,aAAe,SAAsBh+F,EAAGnW,GAC1DkpB,GAAO/S,EAAE89F,aACT,IAAIG,EAAUj+F,EAAEk+F,cAEZ/B,EAAMD,GAAOryG,EAAG,GAChB+a,GAAK,GAAMq5F,EAAQE,KAAO,IAAOF,EAAQE,KAAO,GAAM,EAAI,EAAI,GAClEv5F,GAAK,EAIL,IADA,IAAIw5F,EAAO,GACF7zG,EAAI,EAAGA,EAAI4xG,EAAIntH,OAAQub,GAAK0zG,EAAQE,KAAM,CACjD,IAAIE,EAAO,EACX,IAASx0G,EAAIU,EAAI0zG,EAAQE,KAAO,EAAGt0G,GAAKU,EAAGV,IACzCw0G,GAAQA,GAAQ,GAAKlC,EAAItyG,GAC3Bu0G,EAAK3uH,KAAK4uH,GAKZ,IAFA,IAAIpiH,EAAIrO,KAAK0wH,OAAO,KAAM,KAAM,MAC5BziH,EAAIjO,KAAK0wH,OAAO,KAAM,KAAM,MACvBztH,EAAI+zB,EAAG/zB,EAAI,EAAGA,IAAK,CAC1B,IAAS0Z,EAAI,EAAGA,EAAI6zG,EAAKpvH,OAAQub,IAAK,EAChC8zG,EAAOD,EAAK7zG,MACH1Z,EACXgL,EAAIA,EAAE0iH,SAASN,EAAQO,OAAOj0G,IACvB8zG,KAAUxtH,IACjBgL,EAAIA,EAAE0iH,SAASN,EAAQO,OAAOj0G,GAAGskG,QAErC5yG,EAAIA,EAAEpI,IAAIgI,GAEZ,OAAOI,EAAEwiH,KACX,EAEAvB,GAAUtuH,UAAU8vH,SAAW,SAAkB1+F,EAAGnW,GAClD,IAAIkb,EAAI,EAGJ45F,EAAY3+F,EAAE4+F,cAAc75F,GAChCA,EAAI45F,EAAU/C,IAQd,IAPA,IAAIA,EAAM+C,EAAUH,OAGhBrC,EAAMD,GAAOryG,EAAGkb,GAGhB4yF,EAAM/pH,KAAK0wH,OAAO,KAAM,KAAM,MACzBztH,EAAIsrH,EAAIntH,OAAS,EAAG6B,GAAK,EAAGA,IAAK,CAExC,IAASgZ,EAAI,EAAGhZ,GAAK,GAAgB,IAAXsrH,EAAItrH,GAAUA,IACtCgZ,IAKF,GAJIhZ,GAAK,GACPgZ,IACF8tG,EAAMA,EAAIkH,KAAKh1G,GAEXhZ,EAAI,EACN,MACF,IAAIilC,EAAIqmF,EAAItrH,GACZkiC,GAAa,IAAN+C,GAIH6hF,EAHW,WAAX33F,EAAEpY,KAEAkuB,EAAI,EACA6hF,EAAI4G,SAAS3C,EAAK9lF,EAAI,GAAM,IAE5B6hF,EAAI4G,SAAS3C,GAAM9lF,EAAI,GAAM,GAAG+4E,OAGpC/4E,EAAI,EACA6hF,EAAI9jH,IAAI+nH,EAAK9lF,EAAI,GAAM,IAEvB6hF,EAAI9jH,IAAI+nH,GAAM9lF,EAAI,GAAM,GAAG+4E,OAGvC,MAAkB,WAAX7uF,EAAEpY,KAAoB+vG,EAAI8G,MAAQ9G,CAC3C,EAEAuF,GAAUtuH,UAAUkwH,YAAc,SAAqBC,EACAP,EACAQ,EACArhH,EACAshH,GAOrD,IANA,IAAIC,EAAWtxH,KAAK0vH,QAChB1B,EAAMhuH,KAAK2vH,QACXpB,EAAMvuH,KAAK4vH,QAGXjkH,EAAM,EACD1I,EAAI,EAAGA,EAAI8M,EAAK9M,IAAK,CAC5B,IACI8tH,GADA3+F,EAAIw+F,EAAO3tH,IACG+tH,cAAcG,GAChCG,EAASruH,GAAK8tH,EAAU/C,IACxBA,EAAI/qH,GAAK8tH,EAAUH,OAIrB,IAAS3tH,EAAI8M,EAAM,EAAG9M,GAAK,EAAGA,GAAK,EAAG,CACpC,IAAIoL,EAAIpL,EAAI,EACRgL,EAAIhL,EACR,GAAoB,IAAhBquH,EAASjjH,IAA4B,IAAhBijH,EAASrjH,GAAlC,CAQA,IAAIsjH,EAAO,CACTX,EAAOviH,GACP,KACA,KACAuiH,EAAO3iH,IAI4B,IAAjC2iH,EAAOviH,GAAGH,EAAEkwG,IAAIwS,EAAO3iH,GAAGC,IAC5BqjH,EAAK,GAAKX,EAAOviH,GAAGpI,IAAI2qH,EAAO3iH,IAC/BsjH,EAAK,GAAKX,EAAOviH,GAAGmjH,MAAMb,SAASC,EAAO3iH,GAAGgzG,QACM,IAA1C2P,EAAOviH,GAAGH,EAAEkwG,IAAIwS,EAAO3iH,GAAGC,EAAEs+G,WACrC+E,EAAK,GAAKX,EAAOviH,GAAGmjH,MAAMb,SAASC,EAAO3iH,IAC1CsjH,EAAK,GAAKX,EAAOviH,GAAGpI,IAAI2qH,EAAO3iH,GAAGgzG,SAElCsQ,EAAK,GAAKX,EAAOviH,GAAGmjH,MAAMb,SAASC,EAAO3iH,IAC1CsjH,EAAK,GAAKX,EAAOviH,GAAGmjH,MAAMb,SAASC,EAAO3iH,GAAGgzG,QAG/C,IAAIxhG,EAAQ,EACT,GACA,GACA,GACA,EACD,EACA,EACA,EACA,EACA,GAGEgvG,EAAMD,GAAO4C,EAAO/iH,GAAI+iH,EAAOnjH,IACnCtC,EAAMD,KAAKC,IAAI8iH,EAAI,GAAGrtH,OAAQuK,GAC9B4iH,EAAIlgH,GAASxO,MAAM8L,GACnB4iH,EAAItgH,GAASpO,MAAM8L,GACnB,IAAK,IAAIgR,EAAI,EAAGA,EAAIhR,EAAKgR,IAAK,CAC5B,IAAI80G,EAAiB,EAAZhD,EAAI,GAAG9xG,GACZ+0G,EAAiB,EAAZjD,EAAI,GAAG9xG,GAEhB4xG,EAAIlgH,GAAGsO,GAAK8C,EAAiB,GAAVgyG,EAAK,IAAUC,EAAK,IACvCnD,EAAItgH,GAAG0O,GAAK,EACZqxG,EAAI3/G,GAAKkjH,QAhDThD,EAAIlgH,GAAKigH,GAAO8C,EAAO/iH,GAAIijH,EAASjjH,IACpCkgH,EAAItgH,GAAKqgH,GAAO8C,EAAOnjH,GAAIqjH,EAASrjH,IACpCtC,EAAMD,KAAKC,IAAI4iH,EAAIlgH,GAAGjN,OAAQuK,GAC9BA,EAAMD,KAAKC,IAAI4iH,EAAItgH,GAAG7M,OAAQuK,GAiDlC,IAAIo+G,EAAM/pH,KAAK0wH,OAAO,KAAM,KAAM,MAC9BniH,EAAMvO,KAAK6vH,QACf,IAAS5sH,EAAI0I,EAAK1I,GAAK,EAAGA,IAAK,CAG7B,IAFA,IAAIgZ,EAAI,EAEDhZ,GAAK,GAAG,CACb,IAAIyM,GAAO,EACX,IAASiN,EAAI,EAAGA,EAAI5M,EAAK4M,IACvBpO,EAAIoO,GAAiB,EAAZ4xG,EAAI5xG,GAAG1Z,GACD,IAAXsL,EAAIoO,KACNjN,GAAO,GAEX,IAAKA,EACH,MACFuM,IACAhZ,IAKF,GAHIA,GAAK,GACPgZ,IACF8tG,EAAMA,EAAIkH,KAAKh1G,GACXhZ,EAAI,EACN,MAEF,IAAS0Z,EAAI,EAAGA,EAAI5M,EAAK4M,IAAK,CAC5B,IACIyV,EADA8V,EAAI35B,EAAIoO,GAEF,IAANurB,IAEKA,EAAI,EACX9V,EAAI47F,EAAIrxG,GAAIurB,EAAI,GAAM,GACfA,EAAI,IACX9V,EAAI47F,EAAIrxG,IAAKurB,EAAI,GAAM,GAAG+4E,OAG1B8I,EADa,WAAX33F,EAAEpY,KACE+vG,EAAI4G,SAASv+F,GAEb23F,EAAI9jH,IAAImsB,KAIpB,IAASnvB,EAAI,EAAGA,EAAI8M,EAAK9M,IACvB+qH,EAAI/qH,GAAK,KAEX,OAAIouH,EACKtH,EAEAA,EAAI8G,KACf,EAOAvB,GAAUW,UAAYA,GAEtBA,GAAUjvH,UAAUkoD,GAAK,WACvB,MAAUhmD,MAAM,kBAClB,EAEA+sH,GAAUjvH,UAAUskD,SAAW,WAC7B,OAAOtlD,KAAKwQ,MAAM80C,SAAStlD,KAC7B,EAEAsvH,GAAUtuH,UAAU2wH,YAAc,SAAqBzqH,EAAO4+B,GAC5D5+B,EAAQwgC,GAAMC,QAAQzgC,EAAO4+B,GAE7B,IAAI/1B,EAAM/P,KAAKoyB,EAAEjuB,aAGjB,IAAkB,IAAb+C,EAAM,IAA4B,IAAbA,EAAM,IAA4B,IAAbA,EAAM,KACjDA,EAAM9F,OAAS,GAAM,EAAI2O,EAS3B,OARiB,IAAb7I,EAAM,GACRi+B,GAAOj+B,EAAMA,EAAM9F,OAAS,GAAK,GAAM,GACnB,IAAb8F,EAAM,IACbi+B,GAAOj+B,EAAMA,EAAM9F,OAAS,GAAK,GAAM,GAE9BpB,KAAKmwH,MAAMjpH,EAAMxF,MAAM,EAAG,EAAIqO,GACnB7I,EAAMxF,MAAM,EAAIqO,EAAK,EAAI,EAAIA,IAG9C,IAAkB,IAAb7I,EAAM,IAA4B,IAAbA,EAAM,KAC3BA,EAAM9F,OAAS,IAAM2O,EAC/B,OAAO/P,KAAK4xH,WAAW1qH,EAAMxF,MAAM,EAAG,EAAIqO,GAAmB,IAAb7I,EAAM,IAExD,MAAUhE,MAAM,uBAClB,EAEA+sH,GAAUjvH,UAAU6wH,iBAAmB,SAA0B/rF,GAC/D,OAAO9lC,KAAKkd,OAAO4oB,GAAK,EAC1B,EAEAmqF,GAAUjvH,UAAU8wH,QAAU,SAAiBC,GAC7C,IAAIhiH,EAAM/P,KAAKwQ,MAAM4hB,EAAEjuB,aACnB2I,EAAI9M,KAAKgyH,OAAOrqF,QAAQ,KAAM53B,GAElC,OAAIgiH,EACK,CAAE/xH,KAAKiyH,OAAOhjH,SAAW,EAAO,GAAOzI,OAAOsG,GAEhD,CAAE,GAAOtG,OAAOsG,EAAG9M,KAAKiyH,OAAOtqF,QAAQ,KAAM53B,GACtD,EAEAkgH,GAAUjvH,UAAUkc,OAAS,SAAgB4oB,EAAKisF,GAChD,OAAOrqF,GAAMxqB,OAAOld,KAAK8xH,QAAQC,GAAUjsF,EAC7C,EAEAmqF,GAAUjvH,UAAUkxH,WAAa,SAAoBrsE,GACnD,GAAI7lD,KAAKkwH,YACP,OAAOlwH,KAET,IAAIkwH,EAAc,CAChBG,QAAS,KACT9B,IAAK,KACL4D,KAAM,MAOR,OALAjC,EAAY3B,IAAMvuH,KAAKgxH,cAAc,GACrCd,EAAYG,QAAUrwH,KAAKswH,YAAY,EAAGzqE,GAC1CqqE,EAAYiC,KAAOnyH,KAAKoyH,WACxBpyH,KAAKkwH,YAAcA,EAEZlwH,IACT,EAEAiwH,GAAUjvH,UAAUqxH,YAAc,SAAqBp2G,GACrD,IAAKjc,KAAKkwH,YACR,OAAO,EAET,IAAIG,EAAUrwH,KAAKkwH,YAAYG,QAC/B,QAAKA,GAGEA,EAAQO,OAAOxvH,QAAUsK,KAAKmQ,MAAMI,EAAExM,YAAc,GAAK4gH,EAAQE,KAC1E,EAEAN,GAAUjvH,UAAUsvH,YAAc,SAAqBC,EAAM1qE,GAC3D,GAAI7lD,KAAKkwH,aAAelwH,KAAKkwH,YAAYG,QACvC,OAAOrwH,KAAKkwH,YAAYG,QAI1B,IAFA,IAAIA,EAAU,CAAErwH,MACZ+pH,EAAM/pH,KACDiD,EAAI,EAAGA,EAAI4iD,EAAO5iD,GAAKstH,EAAM,CACpC,IAAK,IAAI5zG,EAAI,EAAGA,EAAI4zG,EAAM5zG,IACxBotG,EAAMA,EAAIuI,MACZjC,EAAQxuH,KAAKkoH,GAEf,MAAO,CACLwG,KAAMA,EACNK,OAAQP,EAEZ,EAEAJ,GAAUjvH,UAAUgwH,cAAgB,SAAuBhD,GACzD,GAAIhuH,KAAKkwH,aAAelwH,KAAKkwH,YAAY3B,IACvC,OAAOvuH,KAAKkwH,YAAY3B,IAK1B,IAHA,IAAIp/G,EAAM,CAAEnP,MACR2L,GAAO,GAAKqiH,GAAO,EACnBsE,EAAc,IAAR3mH,EAAY,KAAO3L,KAAKsyH,MACzBrvH,EAAI,EAAGA,EAAI0I,EAAK1I,IACvBkM,EAAIlM,GAAKkM,EAAIlM,EAAI,GAAGgD,IAAIqsH,GAC1B,MAAO,CACLtE,IAAKA,EACL4C,OAAQzhH,EAEZ,EAEA8gH,GAAUjvH,UAAUoxH,SAAW,WAC7B,OAAO,IACT,EAEAnC,GAAUjvH,UAAUiwH,KAAO,SAAch1G,GAEvC,IADA,IAAItO,EAAI3N,KACCiD,EAAI,EAAGA,EAAIgZ,EAAGhZ,IACrB0K,EAAIA,EAAE2kH,MACR,OAAO3kH,CACT,EC9WA,IAAIw3B,GAASuC,GAAMvC,OAEnB,SAASotF,GAAWhD,GAClBiD,GAAK1xH,KAAKd,KAAM,QAASuvH,GAEzBvvH,KAAKqO,EAAI,IAAIgzC,GAAGkuE,EAAKlhH,EAAG,IAAI68G,MAAMlrH,KAAK+9G,KACvC/9G,KAAKiO,EAAI,IAAIozC,GAAGkuE,EAAKthH,EAAG,IAAIi9G,MAAMlrH,KAAK+9G,KACvC/9G,KAAKyyH,KAAOzyH,KAAKwyC,IAAI+5E,UAErBvsH,KAAK0yH,MAAqC,IAA7B1yH,KAAKqO,EAAEi9G,UAAUd,KAAK,GACnCxqH,KAAK2yH,OAAmD,IAA1C3yH,KAAKqO,EAAEi9G,UAAUt+G,IAAIhN,KAAKoyB,GAAGo4F,MAAM,GAGjDxqH,KAAK4yH,KAAO5yH,KAAK6yH,iBAAiBtD,GAClCvvH,KAAK8yH,mBACL9yH,KAAK+yH,kBACP,CACA1sF,GAASksF,GAAYC,IACrB,OAAiBD,GAiOjB,SAASS,GAAMxiH,EAAO1D,EAAGoB,EAAG+kH,GAC1BT,GAAKvC,UAAUnvH,KAAKd,KAAMwQ,EAAO,UACvB,OAAN1D,GAAoB,OAANoB,GAChBlO,KAAK8M,EAAI,KACT9M,KAAKkO,EAAI,KACTlO,KAAKkzH,KAAM,IAEXlzH,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IAEf+kH,IACFjzH,KAAK8M,EAAE0+G,SAASxrH,KAAKwQ,MAAMutG,KAC3B/9G,KAAKkO,EAAEs9G,SAASxrH,KAAKwQ,MAAMutG,MAExB/9G,KAAK8M,EAAEixG,MACV/9G,KAAK8M,EAAI9M,KAAK8M,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkO,EAAE6vG,MACV/9G,KAAKkO,EAAIlO,KAAKkO,EAAEg9G,MAAMlrH,KAAKwQ,MAAMutG,MACnC/9G,KAAKkzH,KAAM,EAEf,CA2NA,SAASC,GAAO3iH,EAAO1D,EAAGoB,EAAGg6B,GAC3BsqF,GAAKvC,UAAUnvH,KAAKd,KAAMwQ,EAAO,YACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANg6B,GAC9BloC,KAAK8M,EAAI9M,KAAKwQ,MAAMb,IACpB3P,KAAKkO,EAAIlO,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAI,IAAImZ,GAAG,KAEhBrhD,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IACnBlO,KAAKkoC,EAAI,IAAImZ,GAAGnZ,EAAG,KAEhBloC,KAAK8M,EAAEixG,MACV/9G,KAAK8M,EAAI9M,KAAK8M,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkO,EAAE6vG,MACV/9G,KAAKkO,EAAIlO,KAAKkO,EAAEg9G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkoC,EAAE61E,MACV/9G,KAAKkoC,EAAIloC,KAAKkoC,EAAEgjF,MAAMlrH,KAAKwQ,MAAMutG,MAEnC/9G,KAAKozH,KAAOpzH,KAAKkoC,IAAMloC,KAAKwQ,MAAMb,GACpC,CCpfA,SAAS0jH,GAAU9D,GACjBiD,GAAK1xH,KAAKd,KAAM,OAAQuvH,GAExBvvH,KAAKqO,EAAI,IAAIgzC,GAAGkuE,EAAKlhH,EAAG,IAAI68G,MAAMlrH,KAAK+9G,KACvC/9G,KAAKiO,EAAI,IAAIozC,GAAGkuE,EAAKthH,EAAG,IAAIi9G,MAAMlrH,KAAK+9G,KACvC/9G,KAAKszH,GAAK,IAAIjyE,GAAG,GAAG6pE,MAAMlrH,KAAK+9G,KAAKwO,UACpCvsH,KAAKwyC,IAAM,IAAI6O,GAAG,GAAG6pE,MAAMlrH,KAAK+9G,KAGhC/9G,KAAKuzH,IAAMvzH,KAAKszH,GAAGvH,OAAO/rH,KAAKqO,EAAEo9G,OAAOzrH,KAAKwyC,KAC/C,CDSA+/E,GAAWvxH,UAAU6xH,iBAAmB,SAA0BtD,GAEhE,GAAKvvH,KAAK0yH,OAAU1yH,KAAK2kC,GAAM3kC,KAAKoM,GAAwB,IAAnBpM,KAAKoyB,EAAEutF,KAAK,GAArD,CAIA,IAAIwS,EACAqB,EACJ,GAAIjE,EAAK4C,KACPA,EAAO,IAAI9wE,GAAGkuE,EAAK4C,KAAM,IAAIjH,MAAMlrH,KAAK+9G,SACnC,CACL,IAAI0V,EAAQzzH,KAAK0zH,cAAc1zH,KAAKoyB,GAGpC+/F,GADAA,EAAOsB,EAAM,GAAGrV,IAAIqV,EAAM,IAAM,EAAIA,EAAM,GAAKA,EAAM,IACzCvI,MAAMlrH,KAAK+9G,KAEzB,GAAIwR,EAAKiE,OACPA,EAAS,IAAInyE,GAAGkuE,EAAKiE,OAAQ,QACxB,CAEL,IAAIG,EAAU3zH,KAAK0zH,cAAc1zH,KAAKoM,GACsB,IAAxDpM,KAAK2kC,EAAEz3B,IAAIymH,EAAQ,IAAI7mH,EAAEsxG,IAAIp+G,KAAK2kC,EAAE73B,EAAEi/G,OAAOoG,IAC/CqB,EAASG,EAAQ,IAEjBH,EAASG,EAAQ,GACjBxuF,GAA2D,IAApDnlC,KAAK2kC,EAAEz3B,IAAIsmH,GAAQ1mH,EAAEsxG,IAAIp+G,KAAK2kC,EAAE73B,EAAEi/G,OAAOoG,MAiBpD,MAAO,CACLA,KAAMA,EACNqB,OAAQA,EACRI,MAdErE,EAAKqE,MACCrE,EAAKqE,MAAM1rH,KAAI,SAAS2rH,GAC9B,MAAO,CACLxlH,EAAG,IAAIgzC,GAAGwyE,EAAIxlH,EAAG,IACjBJ,EAAG,IAAIozC,GAAGwyE,EAAI5lH,EAAG,QAIbjO,KAAK8zH,cAAcN,IAQ/B,EAEAjB,GAAWvxH,UAAU0yH,cAAgB,SAAuBzsF,GAI1D,IAAI82E,EAAM92E,IAAQjnC,KAAKoyB,EAAIpyB,KAAK+9G,IAAM18D,GAAG6sE,KAAKjnF,GAC1CwrF,EAAO,IAAIpxE,GAAG,GAAG6pE,MAAMnN,GAAKwO,UAC5BwH,EAAQtB,EAAKjG,SAEb3uG,EAAI,IAAIwjC,GAAG,GAAG6pE,MAAMnN,GAAKyO,SAASH,UAAUN,OAAO0G,GAIvD,MAAO,CAFEsB,EAAMtI,OAAO5tG,GAAGytG,UAChByI,EAAMpI,OAAO9tG,GAAGytG,UAE3B,EAEAiH,GAAWvxH,UAAU8yH,cAAgB,SAAuBN,GA2B1D,IAzBA,IAYItR,EACAtoE,EAEAyoE,EACAxoE,EAEA2oE,EACA1oE,EAEAk6E,EAEArmH,EACAb,EAxBAmnH,EAAWj0H,KAAKoM,EAAEw8G,MAAMl9G,KAAKsP,MAAMhb,KAAKoM,EAAEqD,YAAc,IAIxDoqB,EAAI25F,EACJ37E,EAAI73C,KAAKoM,EAAEzK,QACX8oB,EAAK,IAAI42B,GAAG,GACZr2B,EAAK,IAAIq2B,GAAG,GACZ32B,EAAK,IAAI22B,GAAG,GACZp2B,EAAK,IAAIo2B,GAAG,GAaZp+C,EAAI,EAGa,IAAd42B,EAAE2wF,KAAK,IAAU,CACtB,IAAIl8G,EAAIupC,EAAE0xE,IAAI1vF,GACdlsB,EAAIkqC,EAAE7qC,IAAIsB,EAAEpB,IAAI2sB,IAChB/sB,EAAI4d,EAAG1d,IAAIsB,EAAEpB,IAAIud,IACjB,IAAIvc,EAAI+c,EAAGje,IAAIsB,EAAEpB,IAAI8d,IAErB,IAAKq3F,GAAM10G,EAAEywG,IAAI6V,GAAY,EAC3B/R,EAAK8R,EAAM/S,MACXrnE,EAAKnvB,EACL43F,EAAK10G,EAAEszG,MACPpnE,EAAK/sC,OACA,GAAIu1G,GAAc,KAANp/G,EACjB,MAEF+wH,EAAQrmH,EAERkqC,EAAIhe,EACJA,EAAIlsB,EACJ+c,EAAKD,EACLA,EAAK3d,EACLme,EAAKD,EACLA,EAAK9c,EAEPs0G,EAAK70G,EAAEszG,MACPnnE,EAAKhtC,EAEL,IAAIonH,EAAO7R,EAAGyF,MAAM7hH,IAAI4zC,EAAGiuE,OAiB3B,OAhBWtF,EAAGsF,MAAM7hH,IAAI6zC,EAAGguE,OAClB1J,IAAI8V,IAAS,IACpB1R,EAAKN,EACLpoE,EAAKF,GAIHyoE,EAAGxE,WACLwE,EAAKA,EAAGpB,MACRpnE,EAAKA,EAAGonE,OAENuB,EAAG3E,WACL2E,EAAKA,EAAGvB,MACRnnE,EAAKA,EAAGmnE,OAGH,CACL,CAAE5yG,EAAGg0G,EAAIp0G,EAAG4rC,GACZ,CAAExrC,EAAOJ,EAAG6rC,GAEhB,EAEAy4E,GAAWvxH,UAAUmzH,WAAa,SAAoBl4G,GACpD,IAAI23G,EAAQ5zH,KAAK4yH,KAAKgB,MAClBQ,EAAKR,EAAM,GACXS,EAAKT,EAAM,GAEXrmG,EAAK8mG,EAAGpmH,EAAEf,IAAI+O,GAAG2tG,SAAS5pH,KAAKoM,GAC/BohB,EAAK4mG,EAAGnmH,EAAEgzG,MAAM/zG,IAAI+O,GAAG2tG,SAAS5pH,KAAKoM,GAErCk2B,EAAK/U,EAAGrgB,IAAIknH,EAAG/lH,GACfk0B,EAAK/U,EAAGtgB,IAAImnH,EAAGhmH,GACfgrB,EAAK9L,EAAGrgB,IAAIknH,EAAGnmH,GACfqrB,EAAK9L,EAAGtgB,IAAImnH,EAAGpmH,GAKnB,MAAO,CAAEqgB,GAFArS,EAAEjP,IAAIs1B,GAAIt1B,IAAIu1B,GAENhU,GADR8K,EAAGpzB,IAAIqzB,GAAI2nF,MAEtB,EAEAsR,GAAWvxH,UAAU4wH,WAAa,SAAoB9kH,EAAGi6G,IACvDj6G,EAAI,IAAIu0C,GAAGv0C,EAAG,KACPixG,MACLjxG,EAAIA,EAAEo+G,MAAMlrH,KAAK+9G,MAEnB,IAAI9yF,EAAKne,EAAEo/G,SAASH,OAAOj/G,GAAG4+G,QAAQ5+G,EAAEi/G,OAAO/rH,KAAKqO,IAAIq9G,QAAQ1rH,KAAKiO,GACjEC,EAAI+c,EAAGohG,UACX,GAA6C,IAAzCn+G,EAAEg+G,SAASP,OAAO1gG,GAAImzF,IAAIp+G,KAAK0P,MACjC,MAAUxM,MAAM,iBAIlB,IAAIknH,EAAQl8G,EAAEo9G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3Bl8G,EAAIA,EAAEs+G,UAEDxsH,KAAKmwH,MAAMrjH,EAAGoB,EACvB,EAEAqkH,GAAWvxH,UAAUskD,SAAW,SAAkB6qE,GAChD,GAAIA,EAAM+C,IACR,OAAO,EAET,IAAIpmH,EAAIqjH,EAAMrjH,EACVoB,EAAIiiH,EAAMjiH,EAEVomH,EAAKt0H,KAAKqO,EAAE09G,OAAOj/G,GACnBynH,EAAMznH,EAAEo/G,SAASH,OAAOj/G,GAAG4+G,QAAQ4I,GAAI5I,QAAQ1rH,KAAKiO,GACxD,OAA2C,IAApCC,EAAEg+G,SAASN,QAAQ2I,GAAK/J,KAAK,EACtC,EAEA+H,GAAWvxH,UAAUwzH,gBACjB,SAAyB5D,EAAQQ,EAAQC,GAG3C,IAFA,IAAIoD,EAAUz0H,KAAK8yH,YACf4B,EAAU10H,KAAK+yH,YACV9vH,EAAI,EAAGA,EAAI2tH,EAAOxvH,OAAQ6B,IAAK,CACtC,IAAI8c,EAAQ/f,KAAKm0H,WAAW/C,EAAOnuH,IAC/BmvB,EAAIw+F,EAAO3tH,GACXkvH,EAAO//F,EAAEggG,WAETryG,EAAMuO,GAAGuvF,WACX99F,EAAMuO,GAAGyyF,OACT3uF,EAAIA,EAAE6uF,KAAI,IAERlhG,EAAMwO,GAAGsvF,WACX99F,EAAMwO,GAAGwyF,OACToR,EAAOA,EAAKlR,KAAI,IAGlBwT,EAAY,EAAJxxH,GAASmvB,EACjBqiG,EAAY,EAAJxxH,EAAQ,GAAKkvH,EACrBuC,EAAY,EAAJzxH,GAAS8c,EAAMuO,GACvBomG,EAAY,EAAJzxH,EAAQ,GAAK8c,EAAMwO,GAK7B,IAHA,IAAIpf,EAAMnP,KAAKkxH,YAAY,EAAGuD,EAASC,EAAa,EAAJzxH,EAAOouH,GAG9C10G,EAAI,EAAGA,EAAQ,EAAJ1Z,EAAO0Z,IACzB83G,EAAQ93G,GAAK,KACb+3G,EAAQ/3G,GAAK,KAEf,OAAOxN,CACT,EAuBAk3B,GAAS2sF,GAAOR,GAAKvC,WAErBsC,GAAWvxH,UAAUmvH,MAAQ,SAAerjH,EAAGoB,EAAG+kH,GAChD,OAAO,IAAID,GAAMhzH,KAAM8M,EAAGoB,EAAG+kH,EAC/B,EAEAV,GAAWvxH,UAAUwuH,cAAgB,SAAuBpvE,EAAK29D,GAC/D,OAAOiV,GAAM2B,SAAS30H,KAAMogD,EAAK29D,EACnC,EAEAiV,GAAMhyH,UAAUoxH,SAAW,WACzB,GAAKpyH,KAAKwQ,MAAMoiH,KAAhB,CAGA,IAAIgC,EAAM50H,KAAKkwH,YACf,GAAI0E,GAAOA,EAAIzC,KACb,OAAOyC,EAAIzC,KAEb,IAAIA,EAAOnyH,KAAKwQ,MAAM2/G,MAAMnwH,KAAK8M,EAAEi/G,OAAO/rH,KAAKwQ,MAAMoiH,KAAKT,MAAOnyH,KAAKkO,GACtE,GAAI0mH,EAAK,CACP,IAAIpkH,EAAQxQ,KAAKwQ,MACbqkH,EAAU,SAASziG,GACrB,OAAO5hB,EAAM2/G,MAAM/9F,EAAEtlB,EAAEi/G,OAAOv7G,EAAMoiH,KAAKT,MAAO//F,EAAElkB,IAEpD0mH,EAAIzC,KAAOA,EACXA,EAAKjC,YAAc,CACjBiC,KAAM,KACN5D,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAO1oH,IAAI2sH,IAE7BxE,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAO1oH,IAAI2sH,KAIrC,OAAO1C,EACT,EAEAa,GAAMhyH,UAAU6+G,OAAS,WACvB,OAAK7/G,KAAKkwH,YAGH,CAAElwH,KAAK8M,EAAG9M,KAAKkO,EAAGlO,KAAKkwH,aAAe,CAC3CG,QAASrwH,KAAKkwH,YAAYG,SAAW,CACnCE,KAAMvwH,KAAKkwH,YAAYG,QAAQE,KAC/BK,OAAQ5wH,KAAKkwH,YAAYG,QAAQO,OAAOlvH,MAAM,IAEhD6sH,IAAKvuH,KAAKkwH,YAAY3B,KAAO,CAC3BP,IAAKhuH,KAAKkwH,YAAY3B,IAAIP,IAC1B4C,OAAQ5wH,KAAKkwH,YAAY3B,IAAIqC,OAAOlvH,MAAM,MATrC,CAAE1B,KAAK8M,EAAG9M,KAAKkO,EAY1B,EAEA8kH,GAAM2B,SAAW,SAAkBnkH,EAAO4vC,EAAK29D,GAC1B,iBAAR39D,IACTA,EAAM00E,KAAKvqH,MAAM61C,IACnB,IAAIjxC,EAAMqB,EAAM2/G,MAAM/vE,EAAI,GAAIA,EAAI,GAAI29D,GACtC,IAAK39D,EAAI,GACP,OAAOjxC,EAET,SAAS4lH,EAAU30E,GACjB,OAAO5vC,EAAM2/G,MAAM/vE,EAAI,GAAIA,EAAI,GAAI29D,GAGrC,IAAI6W,EAAMx0E,EAAI,GAYd,OAXAjxC,EAAI+gH,YAAc,CAChBiC,KAAM,KACN9B,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQ,CAAEzhH,GAAM3I,OAAOouH,EAAIvE,QAAQO,OAAO1oH,IAAI6sH,KAEhDxG,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQ,CAAEzhH,GAAM3I,OAAOouH,EAAIrG,IAAIqC,OAAO1oH,IAAI6sH,MAGvC5lH,CACT,EAEA6jH,GAAMhyH,UAAUg+G,QAAU,WACxB,OAAIh/G,KAAKg1H,aACA,sBACF,gBAAkBh1H,KAAK8M,EAAEw+G,UAAU/+G,SAAS,GAAI,GACnD,OAASvM,KAAKkO,EAAEo9G,UAAU/+G,SAAS,GAAI,GAAK,GAClD,EAEAymH,GAAMhyH,UAAUg0H,WAAa,WAC3B,OAAOh1H,KAAKkzH,GACd,EAEAF,GAAMhyH,UAAUiF,IAAM,SAAamsB,GAEjC,GAAIpyB,KAAKkzH,IACP,OAAO9gG,EAGT,GAAIA,EAAE8gG,IACJ,OAAOlzH,KAGT,GAAIA,KAAKkpD,GAAG92B,GACV,OAAOpyB,KAAKsyH,MAGd,GAAItyH,KAAKihH,MAAM/3D,GAAG92B,GAChB,OAAOpyB,KAAKwQ,MAAM2/G,MAAM,KAAM,MAGhC,GAAwB,IAApBnwH,KAAK8M,EAAEsxG,IAAIhsF,EAAEtlB,GACf,OAAO9M,KAAKwQ,MAAM2/G,MAAM,KAAM,MAEhC,IAAI/zG,EAAIpc,KAAKkO,EAAEy9G,OAAOv5F,EAAElkB,GACN,IAAdkO,EAAEouG,KAAK,KACTpuG,EAAIA,EAAE2vG,OAAO/rH,KAAK8M,EAAE6+G,OAAOv5F,EAAEtlB,GAAGy/G,YAClC,IAAI0I,EAAK74G,EAAE8vG,SAASN,QAAQ5rH,KAAK8M,GAAG8+G,QAAQx5F,EAAEtlB,GAC1CooH,EAAK94G,EAAE2vG,OAAO/rH,KAAK8M,EAAE6+G,OAAOsJ,IAAKrJ,QAAQ5rH,KAAKkO,GAClD,OAAOlO,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMhyH,UAAUsxH,IAAM,WACpB,GAAItyH,KAAKkzH,IACP,OAAOlzH,KAGT,IAAIm1H,EAAMn1H,KAAKkO,EAAEu9G,OAAOzrH,KAAKkO,GAC7B,GAAoB,IAAhBinH,EAAI3K,KAAK,GACX,OAAOxqH,KAAKwQ,MAAM2/G,MAAM,KAAM,MAEhC,IAAI9hH,EAAIrO,KAAKwQ,MAAMnC,EAEfqc,EAAK1qB,KAAK8M,EAAEo/G,SACZkJ,EAAQD,EAAI5I,UACZnwG,EAAIsO,EAAG+gG,OAAO/gG,GAAIghG,QAAQhhG,GAAIghG,QAAQr9G,GAAG09G,OAAOqJ,GAEhDH,EAAK74G,EAAE8vG,SAASN,QAAQ5rH,KAAK8M,EAAE2+G,OAAOzrH,KAAK8M,IAC3CooH,EAAK94G,EAAE2vG,OAAO/rH,KAAK8M,EAAE6+G,OAAOsJ,IAAKrJ,QAAQ5rH,KAAKkO,GAClD,OAAOlO,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAC9B,EAEAlC,GAAMhyH,UAAUgxH,KAAO,WACrB,OAAOhyH,KAAK8M,EAAEw+G,SAChB,EAEA0H,GAAMhyH,UAAUixH,KAAO,WACrB,OAAOjyH,KAAKkO,EAAEo9G,SAChB,EAEA0H,GAAMhyH,UAAUkM,IAAM,SAAa+O,GAEjC,OADAA,EAAI,IAAIolC,GAAGplC,EAAG,IACVjc,KAAKg1H,aACAh1H,KACAA,KAAKqyH,YAAYp2G,GACjBjc,KAAKwQ,MAAM4/G,aAAapwH,KAAMic,GAC9Bjc,KAAKwQ,MAAMoiH,KACX5yH,KAAKwQ,MAAMgkH,gBAAgB,CAAEx0H,MAAQ,CAAEic,IAEvCjc,KAAKwQ,MAAMsgH,SAAS9wH,KAAMic,EACrC,EAEA+2G,GAAMhyH,UAAUq0H,OAAS,SAAgB/mG,EAAIiU,EAAIhU,GAC/C,IAAIqiG,EAAS,CAAE5wH,KAAMuiC,GACjB6uF,EAAS,CAAE9iG,EAAIC,GACnB,OAAIvuB,KAAKwQ,MAAMoiH,KACN5yH,KAAKwQ,MAAMgkH,gBAAgB5D,EAAQQ,GAEnCpxH,KAAKwQ,MAAM0gH,YAAY,EAAGN,EAAQQ,EAAQ,EACrD,EAEA4B,GAAMhyH,UAAUs0H,QAAU,SAAiBhnG,EAAIiU,EAAIhU,GACjD,IAAIqiG,EAAS,CAAE5wH,KAAMuiC,GACjB6uF,EAAS,CAAE9iG,EAAIC,GACnB,OAAIvuB,KAAKwQ,MAAMoiH,KACN5yH,KAAKwQ,MAAMgkH,gBAAgB5D,EAAQQ,GAAQ,GAE3CpxH,KAAKwQ,MAAM0gH,YAAY,EAAGN,EAAQQ,EAAQ,GAAG,EACxD,EAEA4B,GAAMhyH,UAAUkoD,GAAK,SAAY92B,GAC/B,OAAOpyB,OAASoyB,GACTpyB,KAAKkzH,MAAQ9gG,EAAE8gG,MACVlzH,KAAKkzH,KAA2B,IAApBlzH,KAAK8M,EAAEsxG,IAAIhsF,EAAEtlB,IAAgC,IAApB9M,KAAKkO,EAAEkwG,IAAIhsF,EAAElkB,GAChE,EAEA8kH,GAAMhyH,UAAUigH,IAAM,SAAasU,GACjC,GAAIv1H,KAAKkzH,IACP,OAAOlzH,KAET,IAAImP,EAAMnP,KAAKwQ,MAAM2/G,MAAMnwH,KAAK8M,EAAG9M,KAAKkO,EAAEs+G,UAC1C,GAAI+I,GAAev1H,KAAKkwH,YAAa,CACnC,IAAI0E,EAAM50H,KAAKkwH,YACXsF,EAAS,SAASpjG,GACpB,OAAOA,EAAE6uF,OAEX9xG,EAAI+gH,YAAc,CAChB3B,IAAKqG,EAAIrG,KAAO,CACdP,IAAK4G,EAAIrG,IAAIP,IACb4C,OAAQgE,EAAIrG,IAAIqC,OAAO1oH,IAAIstH,IAE7BnF,QAASuE,EAAIvE,SAAW,CACtBE,KAAMqE,EAAIvE,QAAQE,KAClBK,OAAQgE,EAAIvE,QAAQO,OAAO1oH,IAAIstH,KAIrC,OAAOrmH,CACT,EAEA6jH,GAAMhyH,UAAUwwH,IAAM,WACpB,OAAIxxH,KAAKkzH,IACAlzH,KAAKwQ,MAAMkgH,OAAO,KAAM,KAAM,MAE7B1wH,KAAKwQ,MAAMkgH,OAAO1wH,KAAK8M,EAAG9M,KAAKkO,EAAGlO,KAAKwQ,MAAMb,IAEzD,EAsBA02B,GAAS8sF,GAAQX,GAAKvC,WAEtBsC,GAAWvxH,UAAU0vH,OAAS,SAAgB5jH,EAAGoB,EAAGg6B,GAClD,OAAO,IAAIirF,GAAOnzH,KAAM8M,EAAGoB,EAAGg6B,EAChC,EAEAirF,GAAOnyH,UAAU6vH,IAAM,WACrB,GAAI7wH,KAAKg1H,aACP,OAAOh1H,KAAKwQ,MAAM2/G,MAAM,KAAM,MAEhC,IAAIsF,EAAOz1H,KAAKkoC,EAAEqkF,UACdmJ,EAAQD,EAAKvJ,SACboI,EAAKt0H,KAAK8M,EAAEi/G,OAAO2J,GACnBC,EAAK31H,KAAKkO,EAAE69G,OAAO2J,GAAO3J,OAAO0J,GAErC,OAAOz1H,KAAKwQ,MAAM2/G,MAAMmE,EAAIqB,EAC9B,EAEAxC,GAAOnyH,UAAUigH,IAAM,WACrB,OAAOjhH,KAAKwQ,MAAMkgH,OAAO1wH,KAAK8M,EAAG9M,KAAKkO,EAAEs+G,SAAUxsH,KAAKkoC,EACzD,EAEAirF,GAAOnyH,UAAUiF,IAAM,SAAamsB,GAElC,GAAIpyB,KAAKg1H,aACP,OAAO5iG,EAGT,GAAIA,EAAE4iG,aACJ,OAAOh1H,KAGT,IAAI41H,EAAMxjG,EAAE8V,EAAEgkF,SACVpgG,EAAK9rB,KAAKkoC,EAAEgkF,SACZv9D,EAAK3uD,KAAK8M,EAAEi/G,OAAO6J,GACnBhnE,EAAKx8B,EAAEtlB,EAAEi/G,OAAOjgG,GAChBK,EAAKnsB,KAAKkO,EAAE69G,OAAO6J,EAAI7J,OAAO35F,EAAE8V,IAChC9b,EAAKgG,EAAElkB,EAAE69G,OAAOjgG,EAAGigG,OAAO/rH,KAAKkoC,IAE/B/rB,EAAIwyC,EAAGg9D,OAAO/8D,GACdjhD,EAAIwe,EAAGw/F,OAAOv/F,GAClB,GAAkB,IAAdjQ,EAAEquG,KAAK,GACT,OAAkB,IAAd78G,EAAE68G,KAAK,GACFxqH,KAAKwQ,MAAMkgH,OAAO,KAAM,KAAM,MAE9B1wH,KAAKsyH,MAGhB,IAAI1wF,EAAKzlB,EAAE+vG,SACPrqF,EAAKD,EAAGmqF,OAAO5vG,GACf07B,EAAI8W,EAAGo9D,OAAOnqF,GAEdqzF,EAAKtnH,EAAEu+G,SAASR,QAAQ7pF,GAAI+pF,QAAQ/zE,GAAG+zE,QAAQ/zE,GAC/Cq9E,EAAKvnH,EAAEo+G,OAAOl0E,EAAE+zE,QAAQqJ,IAAKrJ,QAAQz/F,EAAG4/F,OAAOlqF,IAC/Cg0F,EAAK71H,KAAKkoC,EAAE6jF,OAAO35F,EAAE8V,GAAG6jF,OAAO5vG,GAEnC,OAAOnc,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAU2vH,SAAW,SAAkBv+F,GAE5C,GAAIpyB,KAAKg1H,aACP,OAAO5iG,EAAEo/F,MAGX,GAAIp/F,EAAE4iG,aACJ,OAAOh1H,KAGT,IAAI8rB,EAAK9rB,KAAKkoC,EAAEgkF,SACZv9D,EAAK3uD,KAAK8M,EACV8hD,EAAKx8B,EAAEtlB,EAAEi/G,OAAOjgG,GAChBK,EAAKnsB,KAAKkO,EACVke,EAAKgG,EAAElkB,EAAE69G,OAAOjgG,GAAIigG,OAAO/rH,KAAKkoC,GAEhC/rB,EAAIwyC,EAAGg9D,OAAO/8D,GACdjhD,EAAIwe,EAAGw/F,OAAOv/F,GAClB,GAAkB,IAAdjQ,EAAEquG,KAAK,GACT,OAAkB,IAAd78G,EAAE68G,KAAK,GACFxqH,KAAKwQ,MAAMkgH,OAAO,KAAM,KAAM,MAE9B1wH,KAAKsyH,MAGhB,IAAI1wF,EAAKzlB,EAAE+vG,SACPrqF,EAAKD,EAAGmqF,OAAO5vG,GACf07B,EAAI8W,EAAGo9D,OAAOnqF,GAEdqzF,EAAKtnH,EAAEu+G,SAASR,QAAQ7pF,GAAI+pF,QAAQ/zE,GAAG+zE,QAAQ/zE,GAC/Cq9E,EAAKvnH,EAAEo+G,OAAOl0E,EAAE+zE,QAAQqJ,IAAKrJ,QAAQz/F,EAAG4/F,OAAOlqF,IAC/Cg0F,EAAK71H,KAAKkoC,EAAE6jF,OAAO5vG,GAEvB,OAAOnc,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAUiwH,KAAO,SAAcp/E,GACpC,GAAY,IAARA,EACF,OAAO7xC,KACT,GAAIA,KAAKg1H,aACP,OAAOh1H,KACT,IAAK6xC,EACH,OAAO7xC,KAAKsyH,MAEd,GAAItyH,KAAKwQ,MAAMkiH,OAAS1yH,KAAKwQ,MAAMmiH,OAAQ,CAEzC,IADA,IAAIhlH,EAAI3N,KACCiD,EAAI,EAAGA,EAAI4uC,EAAK5uC,IACvB0K,EAAIA,EAAE2kH,MACR,OAAO3kH,EAKT,IAAIU,EAAIrO,KAAKwQ,MAAMnC,EACfokH,EAAOzyH,KAAKwQ,MAAMiiH,KAElBqD,EAAK91H,KAAK8M,EACVipH,EAAK/1H,KAAKkO,EACV8nH,EAAKh2H,KAAKkoC,EACV+tF,EAAMD,EAAG9J,SAASA,SAGlBgK,EAAMH,EAAGtK,OAAOsK,GACpB,IAAS9yH,EAAI,EAAGA,EAAI4uC,EAAK5uC,IAAK,CAC5B,IAAIkzH,EAAML,EAAG5J,SACTkK,EAAOF,EAAIhK,SACXmK,EAAOD,EAAKlK,SACZ9vG,EAAI+5G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQr9G,EAAE09G,OAAOkK,IAElDrrG,EAAKkrG,EAAG/J,OAAOqK,GACfnB,EAAK74G,EAAE8vG,SAASN,QAAQhhG,EAAG6gG,OAAO7gG,IAClCC,EAAKD,EAAGghG,QAAQqJ,GAChBqB,EAAMl6G,EAAE2vG,OAAOlhG,GACnByrG,EAAMA,EAAI5K,QAAQ4K,GAAK1K,QAAQyK,GAC/B,IAAIR,EAAKK,EAAInK,OAAOiK,GAChB/yH,EAAI,EAAI4uC,IACVokF,EAAMA,EAAIlK,OAAOsK,IAEnBP,EAAKb,EACLe,EAAKH,EACLK,EAAMI,EAGR,OAAOt2H,KAAKwQ,MAAMkgH,OAAOoF,EAAII,EAAInK,OAAO0G,GAAOuD,EACjD,EAEA7C,GAAOnyH,UAAUsxH,IAAM,WACrB,OAAItyH,KAAKg1H,aACAh1H,KAELA,KAAKwQ,MAAMkiH,MACN1yH,KAAKu2H,WACLv2H,KAAKwQ,MAAMmiH,OACX3yH,KAAKw2H,YAELx2H,KAAKy2H,MAChB,EAEAtD,GAAOnyH,UAAUu1H,SAAW,WAC1B,IAAItB,EACAC,EACAW,EAEJ,GAAI71H,KAAKozH,KAAM,CAMb,IAAIx4F,EAAK56B,KAAK8M,EAAEo/G,SAEZpxF,EAAK96B,KAAKkO,EAAEg+G,SAEZwK,EAAO57F,EAAGoxF,SAEVruG,EAAI7d,KAAK8M,EAAE2+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GACvD74G,EAAIA,EAAE6tG,QAAQ7tG,GAEd,IAAIzQ,EAAIwtB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAE1B3c,EAAI7Q,EAAE8+G,SAASN,QAAQ/tG,GAAG+tG,QAAQ/tG,GAGlC84G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GAGtB1B,EAAKh3G,EAELi3G,EAAK9nH,EAAE2+G,OAAOluG,EAAE+tG,QAAQ3tG,IAAI2tG,QAAQ+K,GAEpCd,EAAK71H,KAAKkO,EAAEu9G,OAAOzrH,KAAKkO,OACnB,CAML,IAAIG,EAAIrO,KAAK8M,EAAEo/G,SAEXj+G,EAAIjO,KAAKkO,EAAEg+G,SAEX9vG,EAAInO,EAAEi+G,SAENzjG,EAAIzoB,KAAK8M,EAAE2+G,OAAOx9G,GAAGi+G,SAASN,QAAQv9G,GAAGu9G,QAAQxvG,GACrDqM,EAAIA,EAAEijG,QAAQjjG,GAEd,IAAIpkB,EAAIgK,EAAEo9G,OAAOp9G,GAAGq9G,QAAQr9G,GAExBq2B,EAAIrgC,EAAE6nH,SAGN0K,EAAKx6G,EAAEsvG,QAAQtvG,GAEnBw6G,GADAA,EAAKA,EAAGlL,QAAQkL,IACRlL,QAAQkL,GAGhB3B,EAAKvwF,EAAEknF,QAAQnjG,GAAGmjG,QAAQnjG,GAE1BysG,EAAK7wH,EAAE0nH,OAAOtjG,EAAEmjG,QAAQqJ,IAAKrJ,QAAQgL,GAGrCf,GADAA,EAAK71H,KAAKkO,EAAE69G,OAAO/rH,KAAKkoC,IAChBwjF,QAAQmK,GAGlB,OAAO71H,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAUw1H,UAAY,WAC3B,IAAIvB,EACAC,EACAW,EAEJ,GAAI71H,KAAKozH,KAAM,CAMb,IAAIx4F,EAAK56B,KAAK8M,EAAEo/G,SAEZpxF,EAAK96B,KAAKkO,EAAEg+G,SAEZwK,EAAO57F,EAAGoxF,SAEVruG,EAAI7d,KAAK8M,EAAE2+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GACvD74G,EAAIA,EAAE6tG,QAAQ7tG,GAEd,IAAIzQ,EAAIwtB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAAI8wF,QAAQ1rH,KAAKwQ,MAAMnC,GAEjD4P,EAAI7Q,EAAE8+G,SAASN,QAAQ/tG,GAAG+tG,QAAQ/tG,GAEtCo3G,EAAKh3G,EAEL,IAAI04G,EAAQD,EAAKhL,QAAQgL,GAEzBC,GADAA,EAAQA,EAAMjL,QAAQiL,IACRjL,QAAQiL,GACtBzB,EAAK9nH,EAAE2+G,OAAOluG,EAAE+tG,QAAQ3tG,IAAI2tG,QAAQ+K,GAEpCd,EAAK71H,KAAKkO,EAAEu9G,OAAOzrH,KAAKkO,OACnB,CAKL,IAAIq8G,EAAQvqH,KAAKkoC,EAAEgkF,SAEf2K,EAAQ72H,KAAKkO,EAAEg+G,SAEfiG,EAAOnyH,KAAK8M,EAAEi/G,OAAO8K,GAErBC,EAAQ92H,KAAK8M,EAAE6+G,OAAOpB,GAAOwB,OAAO/rH,KAAK8M,EAAE2+G,OAAOlB,IACtDuM,EAAQA,EAAMrL,OAAOqL,GAAOpL,QAAQoL,GAEpC,IAAIC,EAAQ5E,EAAKzG,QAAQyG,GAErB6E,GADJD,EAAQA,EAAMrL,QAAQqL,IACJtL,OAAOsL,GACzB9B,EAAK6B,EAAM5K,SAASN,QAAQoL,GAE5BnB,EAAK71H,KAAKkO,EAAEu9G,OAAOzrH,KAAKkoC,GAAGgkF,SAASN,QAAQiL,GAAOjL,QAAQrB,GAE3D,IAAI0M,EAAUJ,EAAM3K,SAGpB+K,GADAA,GADAA,EAAUA,EAAQvL,QAAQuL,IACRvL,QAAQuL,IACRvL,QAAQuL,GAC1B/B,EAAK4B,EAAM/K,OAAOgL,EAAMnL,QAAQqJ,IAAKrJ,QAAQqL,GAG/C,OAAOj3H,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAUy1H,KAAO,WACtB,IAAIpoH,EAAIrO,KAAKwQ,MAAMnC,EAGfynH,EAAK91H,KAAK8M,EACVipH,EAAK/1H,KAAKkO,EACV8nH,EAAKh2H,KAAKkoC,EACV+tF,EAAMD,EAAG9J,SAASA,SAElBiK,EAAML,EAAG5J,SACTgL,EAAMnB,EAAG7J,SAET9vG,EAAI+5G,EAAI1K,OAAO0K,GAAKzK,QAAQyK,GAAKzK,QAAQr9G,EAAE09G,OAAOkK,IAElDkB,EAAOrB,EAAGrK,OAAOqK,GAEjBlrG,GADJusG,EAAOA,EAAKzL,QAAQyL,IACNpL,OAAOmL,GACjBjC,EAAK74G,EAAE8vG,SAASN,QAAQhhG,EAAG6gG,OAAO7gG,IAClCC,EAAKD,EAAGghG,QAAQqJ,GAEhBmC,EAAOF,EAAIhL,SAGfkL,GADAA,GADAA,EAAOA,EAAK1L,QAAQ0L,IACR1L,QAAQ0L,IACR1L,QAAQ0L,GACpB,IAAIlC,EAAK94G,EAAE2vG,OAAOlhG,GAAI+gG,QAAQwL,GAC1BvB,EAAKE,EAAGtK,OAAOsK,GAAIhK,OAAOiK,GAE9B,OAAOh2H,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAUq2H,KAAO,WACtB,IAAKr3H,KAAKwQ,MAAMkiH,MACd,OAAO1yH,KAAKsyH,MAAMrsH,IAAIjG,MAMxB,IAAI46B,EAAK56B,KAAK8M,EAAEo/G,SAEZpxF,EAAK96B,KAAKkO,EAAEg+G,SAEZoL,EAAKt3H,KAAKkoC,EAAEgkF,SAEZwK,EAAO57F,EAAGoxF,SAEV9+G,EAAIwtB,EAAG6wF,OAAO7wF,GAAI8wF,QAAQ9wF,GAE1B28F,EAAKnqH,EAAE8+G,SAEP7nH,EAAIrE,KAAK8M,EAAE2+G,OAAO3wF,GAAIoxF,SAASN,QAAQhxF,GAAIgxF,QAAQ8K,GAKnDc,GAFJnzH,GADAA,GADAA,EAAIA,EAAEqnH,QAAQrnH,IACRonH,OAAOpnH,GAAGqnH,QAAQrnH,IAClBunH,QAAQ2L,IAEHrL,SAEPjuG,EAAIy4G,EAAKhL,QAAQgL,GAGrBz4G,GADAA,GADAA,EAAIA,EAAEytG,QAAQztG,IACRytG,QAAQztG,IACRytG,QAAQztG,GAEd,IAAI4b,EAAIzsB,EAAEs+G,QAAQrnH,GAAG6nH,SAASN,QAAQ2L,GAAI3L,QAAQ4L,GAAI5L,QAAQ3tG,GAE1Dw5G,EAAO38F,EAAGixF,OAAOlyF,GAErB49F,GADAA,EAAOA,EAAK/L,QAAQ+L,IACR/L,QAAQ+L,GACpB,IAAIxC,EAAKj1H,KAAK8M,EAAEi/G,OAAOyL,GAAI5L,QAAQ6L,GAEnCxC,GADAA,EAAKA,EAAGvJ,QAAQuJ,IACRvJ,QAAQuJ,GAEhB,IAAIC,EAAKl1H,KAAKkO,EAAE69G,OAAOlyF,EAAEkyF,OAAO9tG,EAAE2tG,QAAQ/xF,IAAI+xF,QAAQvnH,EAAE0nH,OAAOyL,KAG/DtC,GADAA,GADAA,EAAKA,EAAGxJ,QAAQwJ,IACRxJ,QAAQwJ,IACRxJ,QAAQwJ,GAEhB,IAAIW,EAAK71H,KAAKkoC,EAAEujF,OAAOpnH,GAAG6nH,SAASN,QAAQ0L,GAAI1L,QAAQ4L,GAEvD,OAAOx3H,KAAKwQ,MAAMkgH,OAAOuE,EAAIC,EAAIW,EACnC,EAEA1C,GAAOnyH,UAAUkM,IAAM,SAAa+O,EAAGy7G,GAGrC,OAFAz7G,EAAI,IAAIolC,GAAGplC,EAAGy7G,GAEP13H,KAAKwQ,MAAMsgH,SAAS9wH,KAAMic,EACnC,EAEAk3G,GAAOnyH,UAAUkoD,GAAK,SAAY92B,GAChC,GAAe,WAAXA,EAAEpY,KACJ,OAAOha,KAAKkpD,GAAG92B,EAAEo/F,OAEnB,GAAIxxH,OAASoyB,EACX,OAAO,EAGT,IAAItG,EAAK9rB,KAAKkoC,EAAEgkF,SACZ0J,EAAMxjG,EAAE8V,EAAEgkF,SACd,GAA2D,IAAvDlsH,KAAK8M,EAAEi/G,OAAO6J,GAAKhK,QAAQx5F,EAAEtlB,EAAEi/G,OAAOjgG,IAAK0+F,KAAK,GAClD,OAAO,EAGT,IAAIz+F,EAAKD,EAAGigG,OAAO/rH,KAAKkoC,GACpByvF,EAAM/B,EAAI7J,OAAO35F,EAAE8V,GACvB,OAA8D,IAAvDloC,KAAKkO,EAAE69G,OAAO4L,GAAK/L,QAAQx5F,EAAElkB,EAAE69G,OAAOhgG,IAAKy+F,KAAK,EACzD,EAEA2I,GAAOnyH,UAAU42H,OAAS,SAAgB9qH,GACxC,IAAI+qH,EAAK73H,KAAKkoC,EAAEgkF,SACZr+G,EAAKf,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,KAAKgO,OAAO8L,GACxC,GAAuB,IAAnB73H,KAAK8M,EAAEsxG,IAAIvwG,GACb,OAAO,EAIT,IAFA,IAAIiqH,EAAKhrH,EAAEnL,QACPsc,EAAIje,KAAKwQ,MAAMu/G,KAAKhE,OAAO8L,KACtB,CAEP,GADAC,EAAGjrH,KAAK7M,KAAKwQ,MAAMpE,GACf0rH,EAAG1Z,IAAIp+G,KAAKwQ,MAAM4hB,IAAM,EAC1B,OAAO,EAGT,GADAvkB,EAAG69G,QAAQztG,GACY,IAAnBje,KAAK8M,EAAEsxG,IAAIvwG,GACb,OAAO,EAEb,EAEAslH,GAAOnyH,UAAUg+G,QAAU,WACzB,OAAIh/G,KAAKg1H,aACA,uBACF,iBAAmBh1H,KAAK8M,EAAEP,SAAS,GAAI,GAC1C,OAASvM,KAAKkO,EAAE3B,SAAS,GAAI,GAC7B,OAASvM,KAAKkoC,EAAE37B,SAAS,GAAI,GAAK,GACxC,EAEA4mH,GAAOnyH,UAAUg0H,WAAa,WAE5B,OAA0B,IAAnBh1H,KAAKkoC,EAAEsiF,KAAK,EACrB,ECr5BAnkF,GAASgtF,GAAWb,IACpB,OAAiBa,GAWjB,SAASL,GAAMxiH,EAAO1D,EAAGo7B,GACvBsqF,GAAKvC,UAAUnvH,KAAKd,KAAMwQ,EAAO,cACvB,OAAN1D,GAAoB,OAANo7B,GAChBloC,KAAK8M,EAAI9M,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAIloC,KAAKwQ,MAAMd,OAEpB1P,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkoC,EAAI,IAAImZ,GAAGnZ,EAAG,IACdloC,KAAK8M,EAAEixG,MACV/9G,KAAK8M,EAAI9M,KAAK8M,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkoC,EAAE61E,MACV/9G,KAAKkoC,EAAIloC,KAAKkoC,EAAEgjF,MAAMlrH,KAAKwQ,MAAMutG,MAEvC,CAtBAsV,GAAUryH,UAAUskD,SAAW,SAAkB6qE,GAC/C,IAAIrjH,EAAIqjH,EAAM4H,YAAYjrH,EACtB4d,EAAK5d,EAAEo/G,SACPqI,EAAM7pG,EAAGqhG,OAAOj/G,GAAG2+G,OAAO/gG,EAAGqhG,OAAO/rH,KAAKqO,IAAIo9G,OAAO3+G,GAGxD,OAA+B,IAFvBynH,EAAIlI,UAEHH,SAAS9N,IAAImW,EACxB,EAgBAluF,GAAS2sF,GAAOR,GAAKvC,WAErBoD,GAAUryH,UAAU2wH,YAAc,SAAqBzqH,EAAO4+B,GAQ5D,GAFqB,MALjB5+B,EAAQwgC,GAAMC,QAAQzgC,EAAO4+B,IAKvB1kC,QAA8B,KAAb8F,EAAM,KAC/BA,EAAQA,EAAMxF,MAAM,EAAG,IAAI2O,WACR,KAAjBnJ,EAAM9F,OACR,MAAU8B,MAAM,oCAClB,OAAOlD,KAAKmwH,MAAMjpH,EAAO,EAC3B,EAEAmsH,GAAUryH,UAAUmvH,MAAQ,SAAerjH,EAAGo7B,GAC5C,OAAO,IAAI8qF,GAAMhzH,KAAM8M,EAAGo7B,EAC5B,EAEAmrF,GAAUryH,UAAUwuH,cAAgB,SAAuBpvE,GACzD,OAAO4yE,GAAM2B,SAAS30H,KAAMogD,EAC9B,EAEA4yE,GAAMhyH,UAAUkxH,WAAa,WAE7B,EAEAc,GAAMhyH,UAAU8wH,QAAU,SAAiBC,GACzC,IAAIhiH,EAAM/P,KAAKwQ,MAAM4hB,EAAEjuB,aAIvB,OAAI4tH,EACK,CAAE,IAAOvrH,OAAOxG,KAAKgyH,OAAOrqF,QAAQ,KAAM53B,IAE1C/P,KAAKgyH,OAAOrqF,QAAQ,KAAM53B,EAErC,EAEAijH,GAAM2B,SAAW,SAAkBnkH,EAAO4vC,GACxC,OAAO,IAAI4yE,GAAMxiH,EAAO4vC,EAAI,GAAIA,EAAI,IAAM5vC,EAAMb,IAClD,EAEAqjH,GAAMhyH,UAAUg+G,QAAU,WACxB,OAAIh/G,KAAKg1H,aACA,sBACF,gBAAkBh1H,KAAK8M,EAAEw+G,UAAU/+G,SAAS,GAAI,GACnD,OAASvM,KAAKkoC,EAAEojF,UAAU/+G,SAAS,GAAI,GAAK,GAClD,EAEAymH,GAAMhyH,UAAUg0H,WAAa,WAE3B,OAA0B,IAAnBh1H,KAAKkoC,EAAEsiF,KAAK,EACrB,EAEAwI,GAAMhyH,UAAUsxH,IAAM,WAKpB,IAEIp3F,EAFIl7B,KAAK8M,EAAE2+G,OAAOzrH,KAAKkoC,GAEhBgkF,SAIPjxF,EAFIj7B,KAAK8M,EAAE6+G,OAAO3rH,KAAKkoC,GAEhBgkF,SAEP9vG,EAAI8e,EAAGywF,OAAO1wF,GAEdg6F,EAAK/5F,EAAG6wF,OAAO9wF,GAEf46F,EAAKz5G,EAAE2vG,OAAO9wF,EAAGwwF,OAAOzrH,KAAKwQ,MAAM+iH,IAAIxH,OAAO3vG,KAClD,OAAOpc,KAAKwQ,MAAM2/G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMhyH,UAAUiF,IAAM,WACpB,MAAU/C,MAAM,oCAClB,EAEA8vH,GAAMhyH,UAAUg3H,QAAU,SAAiB5lG,EAAGi3F,GAK5C,IAAIh7G,EAAIrO,KAAK8M,EAAE2+G,OAAOzrH,KAAKkoC,GAEvBj6B,EAAIjO,KAAK8M,EAAE6+G,OAAO3rH,KAAKkoC,GAEvB9rB,EAAIgW,EAAEtlB,EAAE2+G,OAAOr5F,EAAE8V,GAIjB+vF,EAFI7lG,EAAEtlB,EAAE6+G,OAAOv5F,EAAE8V,GAEV6jF,OAAO19G,GAEd6pH,EAAK97G,EAAE2vG,OAAO99G,GAEdgnH,EAAK5L,EAAKnhF,EAAE6jF,OAAOkM,EAAGxM,OAAOyM,GAAIhM,UAEjC2J,EAAKxM,EAAKv8G,EAAEi/G,OAAOkM,EAAGrM,QAAQsM,GAAIhM,UACtC,OAAOlsH,KAAKwQ,MAAM2/G,MAAM8E,EAAIY,EAC9B,EAEA7C,GAAMhyH,UAAUkM,IAAM,SAAa+O,GAQjC,IALA,IAAIgC,GAFJhC,EAAI,IAAIolC,GAAGplC,EAAG,KAEJta,QACN0M,EAAIrO,KACJiO,EAAIjO,KAAKwQ,MAAM2/G,MAAM,KAAM,MAGtB5xG,EAAO,GAAkB,IAAdN,EAAEusG,KAAK,GAAUvsG,EAAEkiG,OAAO,GAC5C5hG,EAAK1c,KAAKoc,EAAEiiG,MAAM,IAEpB,IAAK,IAAIj9G,EAAIsb,EAAKnd,OAAS,EAAG6B,GAAK,EAAGA,IACpB,IAAZsb,EAAKtb,IAEPoL,EAAIA,EAAE2pH,QAAQ/pH,EARVjO,MAUJiO,EAAIA,EAAEqkH,QAGNrkH,EAAII,EAAE2pH,QAAQ/pH,EAbVjO,MAeJqO,EAAIA,EAAEikH,OAGV,OAAOrkH,CACT,EAEA+kH,GAAMhyH,UAAUq0H,OAAS,WACvB,MAAUnyH,MAAM,oCAClB,EAEA8vH,GAAMhyH,UAAUm3H,QAAU,WACxB,MAAUj1H,MAAM,oCAClB,EAEA8vH,GAAMhyH,UAAUkoD,GAAK,SAAY80B,GAC/B,OAAyC,IAAlCh+E,KAAKgyH,OAAO5T,IAAIpgC,EAAMg0C,OAC/B,EAEAgB,GAAMhyH,UAAU+2H,UAAY,WAG1B,OAFA/3H,KAAK8M,EAAI9M,KAAK8M,EAAEi/G,OAAO/rH,KAAKkoC,EAAEqkF,WAC9BvsH,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACb3P,IACT,EAEAgzH,GAAMhyH,UAAUgxH,KAAO,WAIrB,OAFAhyH,KAAK+3H,YAEE/3H,KAAK8M,EAAEw+G,SAChB,EC/LA,IAAInmF,GAASuC,GAAMvC,OAEnB,SAASizF,GAAa7I,GAEpBvvH,KAAKq4H,QAA2B,IAAP,EAAT9I,EAAKlhH,GACrBrO,KAAKs4H,MAAQt4H,KAAKq4H,UAA6B,IAAR,EAAT9I,EAAKlhH,GACnCrO,KAAKsoH,SAAWtoH,KAAKs4H,MAErB9F,GAAK1xH,KAAKd,KAAM,UAAWuvH,GAE3BvvH,KAAKqO,EAAI,IAAIgzC,GAAGkuE,EAAKlhH,EAAG,IAAIs7G,KAAK3pH,KAAK+9G,IAAI3wG,GAC1CpN,KAAKqO,EAAIrO,KAAKqO,EAAE68G,MAAMlrH,KAAK+9G,KAC3B/9G,KAAKoc,EAAI,IAAIilC,GAAGkuE,EAAKnzG,EAAG,IAAI8uG,MAAMlrH,KAAK+9G,KACvC/9G,KAAKwtB,GAAKxtB,KAAKoc,EAAE8vG,SACjBlsH,KAAKyoB,EAAI,IAAI44B,GAAGkuE,EAAK9mG,EAAG,IAAIyiG,MAAMlrH,KAAK+9G,KACvC/9G,KAAK+6B,GAAK/6B,KAAKyoB,EAAEgjG,OAAOzrH,KAAKyoB,GAE7B0c,IAAQnlC,KAAKq4H,SAAwC,IAA7Br4H,KAAKoc,EAAEkvG,UAAUd,KAAK,IAC9CxqH,KAAKu4H,KAAwB,IAAP,EAAThJ,EAAKnzG,EACpB,CACAiqB,GAAS+xF,GAAc5F,IACvB,OAAiB4F,GAqFjB,SAASpF,GAAMxiH,EAAO1D,EAAGoB,EAAGg6B,EAAGjqB,GAC7Bu0G,GAAKvC,UAAUnvH,KAAKd,KAAMwQ,EAAO,cACvB,OAAN1D,GAAoB,OAANoB,GAAoB,OAANg6B,GAC9BloC,KAAK8M,EAAI9M,KAAKwQ,MAAMd,KACpB1P,KAAKkO,EAAIlO,KAAKwQ,MAAMb,IACpB3P,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACpB3P,KAAKie,EAAIje,KAAKwQ,MAAMd,KACpB1P,KAAKozH,MAAO,IAEZpzH,KAAK8M,EAAI,IAAIu0C,GAAGv0C,EAAG,IACnB9M,KAAKkO,EAAI,IAAImzC,GAAGnzC,EAAG,IACnBlO,KAAKkoC,EAAIA,EAAI,IAAImZ,GAAGnZ,EAAG,IAAMloC,KAAKwQ,MAAMb,IACxC3P,KAAKie,EAAIA,GAAK,IAAIojC,GAAGpjC,EAAG,IACnBje,KAAK8M,EAAEixG,MACV/9G,KAAK8M,EAAI9M,KAAK8M,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkO,EAAE6vG,MACV/9G,KAAKkO,EAAIlO,KAAKkO,EAAEg9G,MAAMlrH,KAAKwQ,MAAMutG,MAC9B/9G,KAAKkoC,EAAE61E,MACV/9G,KAAKkoC,EAAIloC,KAAKkoC,EAAEgjF,MAAMlrH,KAAKwQ,MAAMutG,MAC/B/9G,KAAKie,IAAMje,KAAKie,EAAE8/F,MACpB/9G,KAAKie,EAAIje,KAAKie,EAAEitG,MAAMlrH,KAAKwQ,MAAMutG,MACnC/9G,KAAKozH,KAAOpzH,KAAKkoC,IAAMloC,KAAKwQ,MAAMb,IAG9B3P,KAAKwQ,MAAM83G,WAAatoH,KAAKie,IAC/Bje,KAAKie,EAAIje,KAAK8M,EAAEi/G,OAAO/rH,KAAKkO,GACvBlO,KAAKozH,OACRpzH,KAAKie,EAAIje,KAAKie,EAAE8tG,OAAO/rH,KAAKkoC,EAAEqkF,aAGtC,CAjHA6L,GAAap3H,UAAUw3H,MAAQ,SAAevxF,GAC5C,OAAIjnC,KAAKs4H,MACArxF,EAAIulF,SAEJxsH,KAAKqO,EAAE09G,OAAO9kF,EACzB,EAEAmxF,GAAap3H,UAAUy3H,MAAQ,SAAexxF,GAC5C,OAAIjnC,KAAKu4H,KACAtxF,EAEAjnC,KAAKoc,EAAE2vG,OAAO9kF,EACzB,EAGAmxF,GAAap3H,UAAU0vH,OAAS,SAAgB5jH,EAAGoB,EAAGg6B,EAAGjqB,GACvD,OAAOje,KAAKmwH,MAAMrjH,EAAGoB,EAAGg6B,EAAGjqB,EAC7B,EAEAm6G,GAAap3H,UAAU4wH,WAAa,SAAoB9kH,EAAGi6G,IACzDj6G,EAAI,IAAIu0C,GAAGv0C,EAAG,KACPixG,MACLjxG,EAAIA,EAAEo+G,MAAMlrH,KAAK+9G,MAEnB,IAAIrzF,EAAK5d,EAAEo/G,SACPqI,EAAMv0H,KAAKwtB,GAAGm+F,OAAO3rH,KAAKqO,EAAE09G,OAAOrhG,IACnCguG,EAAM14H,KAAK2P,IAAIg8G,OAAO3rH,KAAKwtB,GAAGu+F,OAAO/rH,KAAKyoB,GAAGsjG,OAAOrhG,IAEpDO,EAAKspG,EAAIxI,OAAO2M,EAAInM,WACpBr+G,EAAI+c,EAAGohG,UACX,GAA6C,IAAzCn+G,EAAEg+G,SAASP,OAAO1gG,GAAImzF,IAAIp+G,KAAK0P,MACjC,MAAUxM,MAAM,iBAElB,IAAIknH,EAAQl8G,EAAEo9G,UAAUlB,QAIxB,OAHIrD,IAAQqD,IAAUrD,GAAOqD,KAC3Bl8G,EAAIA,EAAEs+G,UAEDxsH,KAAKmwH,MAAMrjH,EAAGoB,EACvB,EAEAkqH,GAAap3H,UAAU23H,WAAa,SAAoBzqH,EAAG64G,IACzD74G,EAAI,IAAImzC,GAAGnzC,EAAG,KACP6vG,MACL7vG,EAAIA,EAAEg9G,MAAMlrH,KAAK+9G,MAGnB,IAAI9yF,EAAK/c,EAAEg+G,SACPwM,EAAMztG,EAAG0gG,OAAO3rH,KAAKwtB,IACrB+mG,EAAMtpG,EAAG8gG,OAAO/rH,KAAKyoB,GAAGsjG,OAAO/rH,KAAKwtB,IAAIm+F,OAAO3rH,KAAKqO,GACpDqc,EAAKguG,EAAI3M,OAAOwI,EAAIhI,WAExB,GAA0B,IAAtB7hG,EAAG0zF,IAAIp+G,KAAK0P,MAAa,CAC3B,GAAIq3G,EACF,MAAU7jH,MAAM,iBAEhB,OAAOlD,KAAKmwH,MAAMnwH,KAAK0P,KAAMxB,GAGjC,IAAIpB,EAAI4d,EAAG2hG,UACX,GAA6C,IAAzCv/G,EAAEo/G,SAASP,OAAOjhG,GAAI0zF,IAAIp+G,KAAK0P,MACjC,MAAUxM,MAAM,iBAKlB,OAHI4J,EAAEw+G,UAAUlB,UAAYrD,IAC1Bj6G,EAAIA,EAAE0/G,UAEDxsH,KAAKmwH,MAAMrjH,EAAGoB,EACvB,EAEAkqH,GAAap3H,UAAUskD,SAAW,SAAkB6qE,GAClD,GAAIA,EAAM6E,aACR,OAAO,EAGT7E,EAAM4H,YAEN,IAAIrtG,EAAKylG,EAAMrjH,EAAEo/G,SACbjhG,EAAKklG,EAAMjiH,EAAEg+G,SACbwM,EAAMhuG,EAAGqhG,OAAO/rH,KAAKqO,GAAGo9G,OAAOxgG,GAC/BspG,EAAMv0H,KAAKwtB,GAAGu+F,OAAO/rH,KAAK2P,IAAI87G,OAAOzrH,KAAKyoB,EAAEsjG,OAAOrhG,GAAIqhG,OAAO9gG,KAElE,OAAwB,IAAjBytG,EAAIta,IAAImW,EACjB,EAiCAluF,GAAS2sF,GAAOR,GAAKvC,WAErBmI,GAAap3H,UAAUwuH,cAAgB,SAAuBpvE,GAC5D,OAAO4yE,GAAM2B,SAAS30H,KAAMogD,EAC9B,EAEAg4E,GAAap3H,UAAUmvH,MAAQ,SAAerjH,EAAGoB,EAAGg6B,EAAGjqB,GACrD,OAAO,IAAI+0G,GAAMhzH,KAAM8M,EAAGoB,EAAGg6B,EAAGjqB,EAClC,EAEA+0G,GAAM2B,SAAW,SAAkBnkH,EAAO4vC,GACxC,OAAO,IAAI4yE,GAAMxiH,EAAO4vC,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAC9C,EAEA4yE,GAAMhyH,UAAUg+G,QAAU,WACxB,OAAIh/G,KAAKg1H,aACA,sBACF,gBAAkBh1H,KAAK8M,EAAEw+G,UAAU/+G,SAAS,GAAI,GACnD,OAASvM,KAAKkO,EAAEo9G,UAAU/+G,SAAS,GAAI,GACvC,OAASvM,KAAKkoC,EAAEojF,UAAU/+G,SAAS,GAAI,GAAK,GAClD,EAEAymH,GAAMhyH,UAAUg0H,WAAa,WAE3B,OAA0B,IAAnBh1H,KAAK8M,EAAE09G,KAAK,KACO,IAAvBxqH,KAAKkO,EAAEkwG,IAAIp+G,KAAKkoC,IAChBloC,KAAKozH,MAAqC,IAA7BpzH,KAAKkO,EAAEkwG,IAAIp+G,KAAKwQ,MAAM4L,GACxC,EAEA42G,GAAMhyH,UAAU43H,QAAU,WAMxB,IAAIvqH,EAAIrO,KAAK8M,EAAEo/G,SAEXj+G,EAAIjO,KAAKkO,EAAEg+G,SAEX9vG,EAAIpc,KAAKkoC,EAAEgkF,SACf9vG,EAAIA,EAAEsvG,QAAQtvG,GAEd,IAAIqM,EAAIzoB,KAAKwQ,MAAMgoH,MAAMnqH,GAErBhK,EAAIrE,KAAK8M,EAAE2+G,OAAOzrH,KAAKkO,GAAGg+G,SAASN,QAAQv9G,GAAGu9G,QAAQ39G,GAEtD02B,EAAIlc,EAAEgjG,OAAOx9G,GAEby2B,EAAIC,EAAEgnF,OAAOvvG,GAEbD,EAAIsM,EAAEkjG,OAAO19G,GAEbgnH,EAAK5wH,EAAE0nH,OAAOrnF,GAEdwwF,EAAKvwF,EAAEonF,OAAO5vG,GAEd08G,EAAKx0H,EAAE0nH,OAAO5vG,GAEd05G,EAAKnxF,EAAEqnF,OAAOpnF,GAClB,OAAO3kC,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMhyH,UAAU83H,SAAW,WAQzB,IAMI7D,EACAC,EACAW,EARA5nH,EAAIjO,KAAK8M,EAAE2+G,OAAOzrH,KAAKkO,GAAGg+G,SAE1B9vG,EAAIpc,KAAK8M,EAAEo/G,SAEXzjG,EAAIzoB,KAAKkO,EAAEg+G,SAKf,GAAIlsH,KAAKwQ,MAAM6nH,QAAS,CAEtB,IAEI3zF,GAFArgC,EAAIrE,KAAKwQ,MAAMgoH,MAAMp8G,IAEfqvG,OAAOhjG,GACjB,GAAIzoB,KAAKozH,KAEP6B,EAAKhnH,EAAE09G,OAAOvvG,GAAGuvG,OAAOljG,GAAGsjG,OAAOrnF,EAAEinF,OAAO3rH,KAAKwQ,MAAMgiC,MAEtD0iF,EAAKxwF,EAAEqnF,OAAO1nH,EAAEsnH,OAAOljG,IAEvBotG,EAAKnxF,EAAEwnF,SAASP,OAAOjnF,GAAGinF,OAAOjnF,OAC5B,CAEL,IAAIvoB,EAAInc,KAAKkoC,EAAEgkF,SAEXvvG,EAAI+nB,EAAEinF,OAAOxvG,GAAGyvG,QAAQzvG,GAE5B84G,EAAKhnH,EAAE09G,OAAOvvG,GAAGwvG,QAAQnjG,GAAGsjG,OAAOpvG,GAEnCu4G,EAAKxwF,EAAEqnF,OAAO1nH,EAAEsnH,OAAOljG,IAEvBotG,EAAKnxF,EAAEqnF,OAAOpvG,QAEX,CAEL,IAAItY,EAAI+X,EAAEqvG,OAAOhjG,GAEbtM,EAAInc,KAAKwQ,MAAMioH,MAAMz4H,KAAKkoC,GAAGgkF,SAE7BvvG,EAAItY,EAAEsnH,OAAOxvG,GAAGwvG,OAAOxvG,GAE3B84G,EAAKj1H,KAAKwQ,MAAMioH,MAAMxqH,EAAE29G,QAAQvnH,IAAI0nH,OAAOpvG,GAE3Cu4G,EAAKl1H,KAAKwQ,MAAMioH,MAAMp0H,GAAG0nH,OAAO3vG,EAAEwvG,QAAQnjG,IAE1CotG,EAAKxxH,EAAE0nH,OAAOpvG,GAEhB,OAAO3c,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMhyH,UAAUsxH,IAAM,WACpB,OAAItyH,KAAKg1H,aACAh1H,KAGLA,KAAKwQ,MAAM83G,SACNtoH,KAAK44H,UAEL54H,KAAK84H,UAChB,EAEA9F,GAAMhyH,UAAU+3H,QAAU,SAAiB3mG,GAMzC,IAAI/jB,EAAIrO,KAAKkO,EAAEy9G,OAAO3rH,KAAK8M,GAAGi/G,OAAO35F,EAAElkB,EAAEy9G,OAAOv5F,EAAEtlB,IAE9CmB,EAAIjO,KAAKkO,EAAEu9G,OAAOzrH,KAAK8M,GAAGi/G,OAAO35F,EAAElkB,EAAEu9G,OAAOr5F,EAAEtlB,IAE9CsP,EAAIpc,KAAKie,EAAE8tG,OAAO/rH,KAAKwQ,MAAMuqB,IAAIgxF,OAAO35F,EAAEnU,GAE1CwK,EAAIzoB,KAAKkoC,EAAE6jF,OAAO35F,EAAE8V,EAAEujF,OAAOr5F,EAAE8V,IAE/B7jC,EAAI4J,EAAE09G,OAAOt9G,GAEbq2B,EAAIjc,EAAEkjG,OAAOvvG,GAEbuoB,EAAIlc,EAAEgjG,OAAOrvG,GAEbD,EAAIlO,EAAEw9G,OAAOp9G,GAEb4mH,EAAK5wH,EAAE0nH,OAAOrnF,GAEdwwF,EAAKvwF,EAAEonF,OAAO5vG,GAEd08G,EAAKx0H,EAAE0nH,OAAO5vG,GAEd05G,EAAKnxF,EAAEqnF,OAAOpnF,GAClB,OAAO3kC,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAAIW,EAAIgD,EACtC,EAEA7F,GAAMhyH,UAAUg4H,SAAW,SAAkB5mG,GAO3C,IAgBI8iG,EACAW,EAjBAxnH,EAAIrO,KAAKkoC,EAAE6jF,OAAO35F,EAAE8V,GAEpBj6B,EAAII,EAAE69G,SAEN9vG,EAAIpc,KAAK8M,EAAEi/G,OAAO35F,EAAEtlB,GAEpB2b,EAAIzoB,KAAKkO,EAAE69G,OAAO35F,EAAElkB,GAEpB7J,EAAIrE,KAAKwQ,MAAMiY,EAAEsjG,OAAO3vG,GAAG2vG,OAAOtjG,GAElCic,EAAIz2B,EAAE09G,OAAOtnH,GAEbsgC,EAAI12B,EAAEw9G,OAAOpnH,GAEbkK,EAAMvO,KAAK8M,EAAE2+G,OAAOzrH,KAAKkO,GAAG69G,OAAO35F,EAAEtlB,EAAE2+G,OAAOr5F,EAAElkB,IAAI09G,QAAQxvG,GAAGwvG,QAAQnjG,GACvEwsG,EAAK5mH,EAAE09G,OAAOrnF,GAAGqnF,OAAOx9G,GAc5B,OAXIvO,KAAKwQ,MAAM6nH,SAEbnD,EAAK7mH,EAAE09G,OAAOpnF,GAAGonF,OAAOtjG,EAAEkjG,OAAO3rH,KAAKwQ,MAAMgoH,MAAMp8G,KAElDy5G,EAAKnxF,EAAEqnF,OAAOpnF,KAGduwF,EAAK7mH,EAAE09G,OAAOpnF,GAAGonF,OAAOtjG,EAAEkjG,OAAOvvG,IAEjCy5G,EAAK71H,KAAKwQ,MAAMioH,MAAM/zF,GAAGqnF,OAAOpnF,IAE3B3kC,KAAKwQ,MAAM2/G,MAAM8E,EAAIC,EAAIW,EAClC,EAEA7C,GAAMhyH,UAAUiF,IAAM,SAAamsB,GACjC,OAAIpyB,KAAKg1H,aACA5iG,EACLA,EAAE4iG,aACGh1H,KAELA,KAAKwQ,MAAM83G,SACNtoH,KAAK+4H,QAAQ3mG,GAEbpyB,KAAKg5H,SAAS5mG,EACzB,EAEA4gG,GAAMhyH,UAAUkM,IAAM,SAAa+O,GACjC,OAAIjc,KAAKqyH,YAAYp2G,GACZjc,KAAKwQ,MAAM4/G,aAAapwH,KAAMic,GAE9Bjc,KAAKwQ,MAAMsgH,SAAS9wH,KAAMic,EACrC,EAEA+2G,GAAMhyH,UAAUq0H,OAAS,SAAgB/mG,EAAI8D,EAAG7D,GAC9C,OAAOvuB,KAAKwQ,MAAM0gH,YAAY,EAAG,CAAElxH,KAAMoyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAykG,GAAMhyH,UAAUs0H,QAAU,SAAiBhnG,EAAI8D,EAAG7D,GAChD,OAAOvuB,KAAKwQ,MAAM0gH,YAAY,EAAG,CAAElxH,KAAMoyB,GAAK,CAAE9D,EAAIC,GAAM,GAAG,EAC/D,EAEAykG,GAAMhyH,UAAU+2H,UAAY,WAC1B,GAAI/3H,KAAKozH,KACP,OAAOpzH,KAGT,IAAIq7C,EAAKr7C,KAAKkoC,EAAEqkF,UAOhB,OANAvsH,KAAK8M,EAAI9M,KAAK8M,EAAEi/G,OAAO1wE,GACvBr7C,KAAKkO,EAAIlO,KAAKkO,EAAE69G,OAAO1wE,GACnBr7C,KAAKie,IACPje,KAAKie,EAAIje,KAAKie,EAAE8tG,OAAO1wE,IACzBr7C,KAAKkoC,EAAIloC,KAAKwQ,MAAMb,IACpB3P,KAAKozH,MAAO,EACLpzH,IACT,EAEAgzH,GAAMhyH,UAAUigH,IAAM,WACpB,OAAOjhH,KAAKwQ,MAAM2/G,MAAMnwH,KAAK8M,EAAE0/G,SACPxsH,KAAKkO,EACLlO,KAAKkoC,EACLloC,KAAKie,GAAKje,KAAKie,EAAEuuG,SAC3C,EAEAwG,GAAMhyH,UAAUgxH,KAAO,WAErB,OADAhyH,KAAK+3H,YACE/3H,KAAK8M,EAAEw+G,SAChB,EAEA0H,GAAMhyH,UAAUixH,KAAO,WAErB,OADAjyH,KAAK+3H,YACE/3H,KAAKkO,EAAEo9G,SAChB,EAEA0H,GAAMhyH,UAAUkoD,GAAK,SAAY80B,GAC/B,OAAOh+E,OAASg+E,GACyB,IAAlCh+E,KAAKgyH,OAAO5T,IAAIpgC,EAAMg0C,SACY,IAAlChyH,KAAKiyH,OAAO7T,IAAIpgC,EAAMi0C,OAC/B,EAEAe,GAAMhyH,UAAU42H,OAAS,SAAgB9qH,GACvC,IAAIe,EAAKf,EAAEo+G,MAAMlrH,KAAKwQ,MAAMutG,KAAKgO,OAAO/rH,KAAKkoC,GAC7C,GAAuB,IAAnBloC,KAAK8M,EAAEsxG,IAAIvwG,GACb,OAAO,EAIT,IAFA,IAAIiqH,EAAKhrH,EAAEnL,QACPsc,EAAIje,KAAKwQ,MAAMu/G,KAAKhE,OAAO/rH,KAAKkoC,KAC3B,CAEP,GADA4vF,EAAGjrH,KAAK7M,KAAKwQ,MAAMpE,GACf0rH,EAAG1Z,IAAIp+G,KAAKwQ,MAAM4hB,IAAM,EAC1B,OAAO,EAGT,GADAvkB,EAAG69G,QAAQztG,GACY,IAAnBje,KAAK8M,EAAEsxG,IAAIvwG,GACb,OAAO,EAEb,EAGAmlH,GAAMhyH,UAAU6vH,IAAMmC,GAAMhyH,UAAU+2H,UACtC/E,GAAMhyH,UAAU2vH,SAAWqC,GAAMhyH,UAAUiF,6BC7a3C,IAAIuK,EAAQwtC,EAEZxtC,EAAM4nD,KAAO6gE,GACbzoH,EAAM0oH,MAAQC,GACd3oH,EAAM09G,KAAOkL,GACb5oH,EAAM6oH,QAAUC,MCDZ1sF,GAASlF,GAAMkF,OACftE,GAAQZ,GAAMY,MACdE,GAAUd,GAAMc,QAChB+wF,GAAO9wF,GAAU8wF,KACjBryF,GAAY4B,GAAO5B,UAEnBsyF,GAAS,CACX,WAAY,WACZ,WAAY,YAGd,SAASC,KACP,KAAMz5H,gBAAgBy5H,IACpB,OAAO,IAAIA,GAEbvyF,GAAUpmC,KAAKd,MACfA,KAAKmc,EAAI,CACP,WAAY,WAAY,WACxB,UAAY,YACdnc,KAAKipC,EAAQppC,MAAM,GACrB,CAEA6nC,GAAMrB,SAASozF,GAAMvyF,IACrB,OAAiBuyF,GAEjBA,GAAKzmG,UAAY,IACjBymG,GAAKpyF,QAAU,IACfoyF,GAAKnyF,aAAe,GACpBmyF,GAAKhlG,UAAY,GAEjBglG,GAAKz4H,UAAU6mC,QAAU,SAAiBxC,EAAKzhC,GAG7C,IAFA,IAAIqlC,EAAIjpC,KAAKipC,EAEJhmC,EAAI,EAAGA,EAAI,GAAIA,IACtBgmC,EAAEhmC,GAAKoiC,EAAIzhC,EAAQX,GAErB,KAAMA,EAAIgmC,EAAE7nC,OAAQ6B,IAClBgmC,EAAEhmC,GAAK2pC,GAAO3D,EAAEhmC,EAAI,GAAKgmC,EAAEhmC,EAAI,GAAKgmC,EAAEhmC,EAAI,IAAMgmC,EAAEhmC,EAAI,IAAK,GAE7D,IAAIoL,EAAIrO,KAAKmc,EAAE,GACXlO,EAAIjO,KAAKmc,EAAE,GACXC,EAAIpc,KAAKmc,EAAE,GACXsM,EAAIzoB,KAAKmc,EAAE,GACX9X,EAAIrE,KAAKmc,EAAE,GAEf,IAAKlZ,EAAI,EAAGA,EAAIgmC,EAAE7nC,OAAQ6B,IAAK,CAC7B,IAAI4a,KAAO5a,EAAI,IACXgb,EAAIuqB,GAAQoE,GAAOv+B,EAAG,GAAIkrH,GAAK17G,EAAG5P,EAAGmO,EAAGqM,GAAIpkB,EAAG4kC,EAAEhmC,GAAIu2H,GAAO37G,IAChExZ,EAAIokB,EACJA,EAAIrM,EACJA,EAAIwwB,GAAO3+B,EAAG,IACdA,EAAII,EACJA,EAAI4P,EAGNje,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9N,GAC7BrO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIlO,GAC7BjO,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIC,GAC7Bpc,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAIsM,GAC7BzoB,KAAKmc,EAAE,GAAKmsB,GAAMtoC,KAAKmc,EAAE,GAAI9X,EAC/B,EAEAo1H,GAAKz4H,UAAUgnC,QAAU,SAAgBlC,GACvC,MAAY,QAARA,EACK4B,GAAM2B,QAAQrpC,KAAKmc,EAAG,OAEtBurB,GAAM4B,QAAQtpC,KAAKmc,EAAG,MACjC,ECvEA,aAAe88G,UACEE,UACAC,UACAE,UACAI,ICDjB,SAASC,GAAK3lH,EAAM4C,EAAKkvB,GACvB,KAAM9lC,gBAAgB25H,IACpB,OAAO,IAAIA,GAAK3lH,EAAM4C,EAAKkvB,GAC7B9lC,KAAK0jC,KAAO1vB,EACZhU,KAAKgzB,UAAYhf,EAAKgf,UAAY,EAClChzB,KAAKqnC,QAAUrzB,EAAKqzB,QAAU,EAC9BrnC,KAAK45H,MAAQ,KACb55H,KAAK65H,MAAQ,KAEb75H,KAAKg+G,MAAMt2E,GAAMC,QAAQ/wB,EAAKkvB,GAChC,CACA,OAAiB6zF,GAEjBA,GAAK34H,UAAUg9G,MAAQ,SAAcpnG,GAE/BA,EAAIxV,OAASpB,KAAKgzB,YACpBpc,GAAM,IAAI5W,KAAK0jC,MAAO+D,OAAO7wB,GAAKkxB,UACpC3C,GAAOvuB,EAAIxV,QAAUpB,KAAKgzB,WAG1B,IAAK,IAAI/vB,EAAI2T,EAAIxV,OAAQ6B,EAAIjD,KAAKgzB,UAAW/vB,IAC3C2T,EAAI/U,KAAK,GAEX,IAAKoB,EAAI,EAAGA,EAAI2T,EAAIxV,OAAQ6B,IAC1B2T,EAAI3T,IAAM,GAIZ,IAHAjD,KAAK45H,OAAQ,IAAI55H,KAAK0jC,MAAO+D,OAAO7wB,GAG/B3T,EAAI,EAAGA,EAAI2T,EAAIxV,OAAQ6B,IAC1B2T,EAAI3T,IAAM,IACZjD,KAAK65H,OAAQ,IAAI75H,KAAK0jC,MAAO+D,OAAO7wB,EACtC,EAEA+iH,GAAK34H,UAAUymC,OAAS,SAAgBpC,EAAKS,GAE3C,OADA9lC,KAAK45H,MAAMnyF,OAAOpC,EAAKS,GAChB9lC,IACT,EAEA25H,GAAK34H,UAAU8mC,OAAS,SAAgBhC,GAEtC,OADA9lC,KAAK65H,MAAMpyF,OAAOznC,KAAK45H,MAAM9xF,UACtB9nC,KAAK65H,MAAM/xF,OAAOhC,EAC3B,2BC9CA,IAAI9xB,EAAOgqC,EAEXhqC,EAAK0zB,MAAQuxF,GACbjlH,EAAK80B,OAASqwF,GACdnlH,EAAK8lH,IAAMV,GACXplH,EAAKG,OAASmlH,GACdtlH,EAAK+lH,KAAOL,GAGZ1lH,EAAKE,KAAOF,EAAK8lH,IAAI5lH,KACrBF,EAAKI,OAASJ,EAAK8lH,IAAI1lH,OACvBJ,EAAKO,OAASP,EAAK8lH,IAAIvlH,OACvBP,EAAKK,OAASL,EAAK8lH,IAAIzlH,OACvBL,EAAKM,OAASN,EAAK8lH,IAAIxlH,OACvBN,EAAKu7B,UAAYv7B,EAAKG,OAAOo7B,gBCdZ,CACf8gF,QAAS,CACPE,KAAM,EACNK,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,kEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,sEAINrC,IAAK,CACHP,IAAK,EACL4C,OAAQ,CACN,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,iEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,kEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,mEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,oEAEF,CACE,mEACA,4FCrwBR,IAsOIgE,EAtOArtE,EAASvJ,EAMT7Y,EAASuC,GAAMvC,OAEnB,SAAS60F,EAAYn1H,GACnB,GAAqB,UAAjBA,EAAQmV,KACVha,KAAKwQ,MAAQ,IAAIA,GAAM0oH,MAAMr0H,QAC1B,GAAqB,YAAjBA,EAAQmV,KACfha,KAAKwQ,MAAQ,IAAIA,GAAM6oH,QAAQx0H,OAC5B,IAAqB,SAAjBA,EAAQmV,KAEZ,MAAU9W,MAAM,uBADnBlD,KAAKwQ,MAAQ,IAAIA,GAAM09G,KAAKrpH,EACa,CAC3C7E,KAAK2kC,EAAI3kC,KAAKwQ,MAAMm0B,EACpB3kC,KAAKoM,EAAIpM,KAAKwQ,MAAMpE,EACpBpM,KAAKgU,KAAOnP,EAAQmP,KAEpBmxB,EAAOnlC,KAAK2kC,EAAE2gB,WAAY,iBAC1BngB,EAAOnlC,KAAK2kC,EAAEz3B,IAAIlN,KAAKoM,GAAG4oH,aAAc,0BAC1C,CAGA,SAASiF,EAAY/uH,EAAMrG,GACzBkG,OAAOM,eAAek8C,EAAQr8C,EAAM,CAClC06B,cAAc,EACdD,YAAY,EACZv6B,IAAK,WACH,IAAIoF,EAAQ,IAAIwpH,EAAYn1H,GAM5B,OALAkG,OAAOM,eAAek8C,EAAQr8C,EAAM,CAClC06B,cAAc,EACdD,YAAY,EACZtkC,MAAOmP,IAEFA,IAGb,CAhBA+2C,EAAOyyE,YAAcA,EAkBrBC,EAAY,OAAQ,CAClBjgH,KAAM,QACNqzG,MAAO,OACPj7F,EAAG,wDACH/jB,EAAG,wDACHJ,EAAG,wDACH7B,EAAG,wDACH4H,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,wDACA,2DAIJs1F,EAAY,OAAQ,CAClBjgH,KAAM,QACNqzG,MAAO,OACPj7F,EAAG,iEACH/jB,EAAG,iEACHJ,EAAG,iEACH7B,EAAG,iEACH4H,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,iEACA,oEAIJs1F,EAAY,OAAQ,CAClBjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,0EACH/jB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,0EACA,6EAIJs1F,EAAY,OAAQ,CAClBjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,8GAEH/jB,EAAG,8GAEHJ,EAAG,8GAEH7B,EAAG,8GAEH4H,KAAMA,GAAKK,OACXo7G,MAAM,EACN9qF,EAAG,CACD,8GAEA,iHAKJs1F,EAAY,OAAQ,CAClBjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,2JAGH/jB,EAAG,2JAGHJ,EAAG,2JAGH7B,EAAG,2JAGH4H,KAAMA,GAAKM,OACXm7G,MAAM,EACN9qF,EAAG,CACD,2JAGA,8JAOJs1F,EAAY,aAAc,CACxBjgH,KAAM,OACNqzG,MAAO,SACPj7F,EAAG,sEACH/jB,EAAG,QACHJ,EAAG,IACH7B,EAAG,sEACH8tH,SAAU,IACVlmH,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,OAIJs1F,EAAY,UAAW,CACrBjgH,KAAM,UACNqzG,MAAO,SACPj7F,EAAG,sEACH/jB,EAAG,KACH+N,EAAG,IAEHqM,EAAG,sEACHrc,EAAG,sEACH8tH,SAAU,IACVlmH,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,mEAEA,sEAKJs1F,EAAY,kBAAmB,CAC7BjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,0EACH/jB,EAAG,0EACHJ,EAAG,0EACH7B,EAAG,0EACH4H,KAAMA,GAAKI,OACXq7G,MAAM,EACN9qF,EAAG,CACD,mEACA,sEAKJs1F,EAAY,kBAAmB,CAC7BjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,6GAEH/jB,EAAG,6GAEHJ,EAAG,6GAEH7B,EAAG,6GAEH4H,KAAMA,GAAKK,OACXo7G,MAAM,EACN9qF,EAAG,CACD,mGAEA,sGAMJs1F,EAAY,kBAAmB,CAC7BjgH,KAAM,QACNqzG,MAAO,KACPj7F,EAAG,iJAEH/jB,EAAG,iJAEHJ,EAAG,iJAEH7B,EAAG,iJAEH4H,KAAMA,GAAKM,OACXm7G,MAAM,EACN9qF,EAAG,CACD,mIAEA,sIAOJ,IACEiwF,EAAMqE,EACR,CAAE,MAAO50H,GACPuwH,OAAM3zH,CACR,CAEAg5H,EAAY,YAAa,CACvBjgH,KAAM,QACNqzG,MAAO,OACPj7F,EAAG,0EACH/jB,EAAG,IACHJ,EAAG,IACH7B,EAAG,0EACH+P,EAAG,IACHnI,KAAMA,GAAKI,OAGX+9G,KAAM,mEACNqB,OAAQ,mEACRI,MAAO,CACL,CACEvlH,EAAG,mCACHJ,EAAG,qCAEL,CACEI,EAAG,oCACHJ,EAAG,qCAIPwhH,MAAM,EACN9qF,EAAG,CACD,mEACA,mEACAiwF,QCrQJ,SAASuF,GAASt1H,GAChB,KAAM7E,gBAAgBm6H,IACpB,OAAO,IAAIA,GAASt1H,GACtB7E,KAAKgU,KAAOnP,EAAQmP,KACpBhU,KAAKo6H,aAAev1H,EAAQu1H,WAE5Bp6H,KAAKwtD,OAASxtD,KAAKgU,KAAKqzB,QACxBrnC,KAAKq6H,WAAax1H,EAAQw1H,YAAcr6H,KAAKgU,KAAKszB,aAElDtnC,KAAKs6H,QAAU,KACft6H,KAAKu6H,eAAiB,KACtBv6H,KAAK+sC,EAAI,KACT/sC,KAAKqsD,EAAI,KAET,IAAI5D,EAAU/gB,GAAMC,QAAQ9iC,EAAQ4jD,QAAS5jD,EAAQ21H,YAAc,OAC/D/oF,EAAQ/J,GAAMC,QAAQ9iC,EAAQ4sC,MAAO5sC,EAAQ41H,UAAY,OACzDC,EAAOhzF,GAAMC,QAAQ9iC,EAAQ61H,KAAM71H,EAAQ81H,SAAW,OAC1Dx1F,GAAOsjB,EAAQrnD,QAAWpB,KAAKq6H,WAAa,EACrC,mCAAqCr6H,KAAKq6H,WAAa,SAC9Dr6H,KAAKg+G,MAAMv1D,EAAShX,EAAOipF,EAC7B,CACA,OAAiBP,GAEjBA,GAASn5H,UAAUg9G,MAAQ,SAAcv1D,EAAShX,EAAOipF,GACvD,IAAIl9E,EAAOiL,EAAQjiD,OAAOirC,GAAOjrC,OAAOk0H,GAExC16H,KAAK+sC,EAAQltC,MAAMG,KAAKwtD,OAAS,GACjCxtD,KAAKqsD,EAAQxsD,MAAMG,KAAKwtD,OAAS,GACjC,IAAK,IAAIvqD,EAAI,EAAGA,EAAIjD,KAAKqsD,EAAEjrD,OAAQ6B,IACjCjD,KAAK+sC,EAAE9pC,GAAK,EACZjD,KAAKqsD,EAAEppD,GAAK,EAGdjD,KAAK6nC,QAAQ2V,GACbx9C,KAAKs6H,QAAU,EACft6H,KAAKu6H,eAAiB,eACxB,EAEAJ,GAASn5H,UAAU45H,MAAQ,WACzB,OAAO,IAAI5mH,GAAK+lH,KAAK/5H,KAAKgU,KAAMhU,KAAK+sC,EACvC,EAEAotF,GAASn5H,UAAU6mC,QAAU,SAAgB2V,GAC3C,IAAIq9E,EAAO76H,KAAK46H,QACAnzF,OAAOznC,KAAKqsD,GACZ5kB,OAAO,CAAE,IACrB+V,IACFq9E,EAAOA,EAAKpzF,OAAO+V,IACrBx9C,KAAK+sC,EAAI8tF,EAAK/yF,SACd9nC,KAAKqsD,EAAIrsD,KAAK46H,QAAQnzF,OAAOznC,KAAKqsD,GAAGvkB,SAChC0V,IAGLx9C,KAAK+sC,EAAI/sC,KAAK46H,QACAnzF,OAAOznC,KAAKqsD,GACZ5kB,OAAO,CAAE,IACTA,OAAO+V,GACP1V,SACd9nC,KAAKqsD,EAAIrsD,KAAK46H,QAAQnzF,OAAOznC,KAAKqsD,GAAGvkB,SACvC,EAEAqyF,GAASn5H,UAAU85H,OAAS,SAAgBryE,EAAS+xE,EAAYv0H,EAAK80H,GAE1C,iBAAfP,IACTO,EAAS90H,EACTA,EAAMu0H,EACNA,EAAa,MAGf/xE,EAAU/gB,GAAMC,QAAQ8gB,EAAS+xE,GACjCv0H,EAAMyhC,GAAMC,QAAQ1hC,EAAK80H,GAEzB51F,GAAOsjB,EAAQrnD,QAAWpB,KAAKq6H,WAAa,EACrC,mCAAqCr6H,KAAKq6H,WAAa,SAE9Dr6H,KAAK6nC,QAAQ4gB,EAAQjiD,OAAOP,GAAO,KACnCjG,KAAKs6H,QAAU,CACjB,EAEAH,GAASn5H,UAAUmvD,SAAW,SAAkBpgD,EAAK+1B,EAAK7/B,EAAK80H,GAC7D,GAAI/6H,KAAKs6H,QAAUt6H,KAAKu6H,eACtB,MAAUr3H,MAAM,sBAGC,iBAAR4iC,IACTi1F,EAAS90H,EACTA,EAAM6/B,EACNA,EAAM,MAIJ7/B,IACFA,EAAMyhC,GAAMC,QAAQ1hC,EAAK80H,GAAU,OACnC/6H,KAAK6nC,QAAQ5hC,IAIf,IADA,IAAI2tB,EAAO,GACJA,EAAKxyB,OAAS2O,GACnB/P,KAAKqsD,EAAIrsD,KAAK46H,QAAQnzF,OAAOznC,KAAKqsD,GAAGvkB,SACrClU,EAAOA,EAAKptB,OAAOxG,KAAKqsD,GAG1B,IAAIl9C,EAAMykB,EAAKlyB,MAAM,EAAGqO,GAGxB,OAFA/P,KAAK6nC,QAAQ5hC,GACbjG,KAAKs6H,UACE5yF,GAAMxqB,OAAO/N,EAAK22B,EAC3B,EC5GA,IAAIX,GAASuC,GAAMvC,OAEnB,SAAS61F,GAAQv1E,EAAI5gD,GACnB7E,KAAKylD,GAAKA,EACVzlD,KAAKmlD,KAAO,KACZnlD,KAAKqlD,IAAM,KAGPxgD,EAAQsgD,MACVnlD,KAAKi7H,eAAep2H,EAAQsgD,KAAMtgD,EAAQq2H,SACxCr2H,EAAQwgD,KACVrlD,KAAKm7H,cAAct2H,EAAQwgD,IAAKxgD,EAAQu2H,OAC5C,CACA,OAAiBJ,GAEjBA,GAAQK,WAAa,SAAoB51E,EAAIJ,EAAKvf,GAChD,OAAIuf,aAAe21E,GACV31E,EAEF,IAAI21E,GAAQv1E,EAAI,CACrBJ,IAAKA,EACL+1E,OAAQt1F,GAEZ,EAEAk1F,GAAQM,YAAc,SAAqB71E,EAAIN,EAAMrf,GACnD,OAAIqf,aAAgB61E,GACX71E,EAEF,IAAI61E,GAAQv1E,EAAI,CACrBN,KAAMA,EACN+1E,QAASp1F,GAEb,EAGAk1F,GAAQh6H,UAAUskD,SAAW,WAC3B,IAAID,EAAMrlD,KAAK0oD,YAEf,OAAIrD,EAAI2vE,aACC,CAAEvzH,QAAQ,EAAOS,OAAQ,sBAC7BmjD,EAAIC,WAEJD,EAAIn4C,IAAIlN,KAAKylD,GAAGj1C,MAAMpE,GAAG4oH,aAGvB,CAAEvzH,QAAQ,EAAMS,OAAQ,MAFtB,CAAET,QAAQ,EAAOS,OAAQ,uBAFzB,CAAET,QAAQ,EAAOS,OAAQ,4BAKpC,EAEA84H,GAAQh6H,UAAU0nD,UAAY,SAAmB5iB,EAAKisF,GAIpD,OAHK/xH,KAAKqlD,MACRrlD,KAAKqlD,IAAMrlD,KAAKylD,GAAG9gB,EAAEz3B,IAAIlN,KAAKmlD,OAE3Brf,EAGE9lC,KAAKqlD,IAAInoC,OAAO4oB,EAAKisF,GAFnB/xH,KAAKqlD,GAGhB,EAEA21E,GAAQh6H,UAAU2nD,WAAa,SAAoB7iB,GACjD,MAAY,QAARA,EACK9lC,KAAKmlD,KAAK54C,SAAS,GAAI,GAEvBvM,KAAKmlD,IAChB,EAEA61E,GAAQh6H,UAAUi6H,eAAiB,SAAwBrkH,EAAKkvB,GAK9D,GAJA9lC,KAAKmlD,KAAO,IAAI9D,GAAGzqC,EAAKkvB,GAAO,IAIJ,SAAvB9lC,KAAKylD,GAAGj1C,MAAMwJ,KAAiB,CACjC,IAAIrK,EAAM3P,KAAKylD,GAAGj1C,MAAMb,IACpBiiC,EAAOjiC,EAAI+4G,MAAM,KAAS17G,IAAI2C,GAAK+4G,MAAM,GAC7C1oH,KAAKmlD,KAAOnlD,KAAKmlD,KAAK67B,GAAGrxE,EAAI+4G,MAAM,MACnC1oH,KAAKmlD,KAAOnlD,KAAKmlD,KAAK47B,IAAInvC,QAI1B5xC,KAAKmlD,KAAOnlD,KAAKmlD,KAAKwkE,KAAK3pH,KAAKylD,GAAGj1C,MAAMpE,EAC7C,EAEA4uH,GAAQh6H,UAAUm6H,cAAgB,SAAuBvkH,EAAKkvB,GAC5D,GAAIlvB,EAAI9J,GAAK8J,EAAI1I,EAWf,MAP2B,SAAvBlO,KAAKylD,GAAGj1C,MAAMwJ,KAChBmrB,GAAOvuB,EAAI9J,EAAG,qBACkB,UAAvB9M,KAAKylD,GAAGj1C,MAAMwJ,MACS,YAAvBha,KAAKylD,GAAGj1C,MAAMwJ,MACvBmrB,GAAOvuB,EAAI9J,GAAK8J,EAAI1I,EAAG,qCAEzBlO,KAAKqlD,IAAMrlD,KAAKylD,GAAGj1C,MAAM2/G,MAAMv5G,EAAI9J,EAAG8J,EAAI1I,IAG5ClO,KAAKqlD,IAAMrlD,KAAKylD,GAAGj1C,MAAMmhH,YAAY/6G,EAAKkvB,EAC5C,EAGAk1F,GAAQh6H,UAAUsrD,OAAS,SAAgBjH,GACzC,OAAOA,EAAIn4C,IAAIlN,KAAKmlD,MAAM6sE,MAC5B,EAGAgJ,GAAQh6H,UAAU87C,KAAO,SAAczX,EAAKS,EAAKjhC,GAC/C,OAAO7E,KAAKylD,GAAG3I,KAAKzX,EAAKrlC,KAAM8lC,EAAKjhC,EACtC,EAEAm2H,GAAQh6H,UAAUq8C,OAAS,SAAgBhY,EAAKtwB,GAC9C,OAAO/U,KAAKylD,GAAGpI,OAAOhY,EAAKtwB,EAAW/U,KACxC,EAEAg7H,GAAQh6H,UAAUg+G,QAAU,WAC1B,MAAO,eAAiBh/G,KAAKmlD,MAAQnlD,KAAKmlD,KAAK54C,SAAS,GAAI,IACrD,UAAYvM,KAAKqlD,KAAOrlD,KAAKqlD,IAAI25D,WAAa,IACvD,ECnHA,IAAI75E,GAASuC,GAAMvC,OAEnB,SAASsiD,GAAU5iF,EAASihC,GAC1B,GAAIjhC,aAAmB4iF,GACrB,OAAO5iF,EAEL7E,KAAKu7H,WAAW12H,EAASihC,KAG7BX,GAAOtgC,EAAQ8I,GAAK9I,EAAQgZ,EAAG,4BAC/B7d,KAAK2N,EAAI,IAAI0zC,GAAGx8C,EAAQ8I,EAAG,IAC3B3N,KAAK6d,EAAI,IAAIwjC,GAAGx8C,EAAQgZ,EAAG,SACG5c,IAA1B4D,EAAQ22H,cACVx7H,KAAKw7H,cAAgB,KAErBx7H,KAAKw7H,cAAgB32H,EAAQ22H,cACjC,CACA,OAAiB/zC,GAEjB,SAASg0C,KACPz7H,KAAK07H,MAAQ,CACf,CAEA,SAASC,GAAUz6G,EAAKkR,GACtB,IAAIwpG,EAAU16G,EAAIkR,EAAEspG,SACpB,KAAgB,IAAVE,GACJ,OAAOA,EAIT,IAFA,IAAIC,EAAqB,GAAVD,EACXx2F,EAAM,EACDniC,EAAI,EAAG04B,EAAMvJ,EAAEspG,MAAOz4H,EAAI44H,EAAU54H,IAAK04B,IAChDyJ,IAAQ,EACRA,GAAOlkB,EAAIya,GAGb,OADAvJ,EAAEspG,MAAQ//F,EACHyJ,CACT,CAEA,SAAS02F,GAAU56G,GAGjB,IAFA,IAAIje,EAAI,EACJ8M,EAAMmR,EAAI9f,OAAS,GACf8f,EAAIje,MAAqB,IAAbie,EAAIje,EAAI,KAAcA,EAAI8M,GAC5C9M,IAEF,OAAU,IAANA,EACKie,EAEFA,EAAIxf,MAAMuB,EACnB,CAwCA,SAAS84H,GAAgBt/E,EAAK1sC,GAC5B,GAAIA,EAAM,IACR0sC,EAAI56C,KAAKkO,OADX,CAIA,IAAIisH,EAAS,GAAKtwH,KAAKqS,IAAIhO,GAAOrE,KAAKgsE,MAAQ,GAE/C,IADAj7B,EAAI56C,KAAc,IAATm6H,KACAA,GACPv/E,EAAI56C,KAAMkO,KAASisH,GAAU,GAAM,KAErCv/E,EAAI56C,KAAKkO,GACX,CAjDA03E,GAAUzmF,UAAUu6H,WAAa,SAAoBzxH,EAAMg8B,GACzDh8B,EAAO49B,GAAMC,QAAQ79B,EAAMg8B,GAC3B,IAAI1T,EAAI,IAAIqpG,GACZ,GAAwB,KAApB3xH,EAAKsoB,EAAEspG,SACT,OAAO,EAGT,GADUC,GAAU7xH,EAAMsoB,GACfA,EAAEspG,QAAW5xH,EAAK1I,OAC3B,OAAO,EAET,GAAwB,IAApB0I,EAAKsoB,EAAEspG,SACT,OAAO,EAET,IAAIxpG,EAAOypG,GAAU7xH,EAAMsoB,GACvBzkB,EAAI7D,EAAKpI,MAAM0wB,EAAEspG,MAAOxpG,EAAOE,EAAEspG,OAErC,GADAtpG,EAAEspG,OAASxpG,EACa,IAApBpoB,EAAKsoB,EAAEspG,SACT,OAAO,EAET,IAAIO,EAAON,GAAU7xH,EAAMsoB,GAC3B,GAAItoB,EAAK1I,SAAW66H,EAAO7pG,EAAEspG,MAC3B,OAAO,EAET,IAAI79G,EAAI/T,EAAKpI,MAAM0wB,EAAEspG,MAAOO,EAAO7pG,EAAEspG,OAYrC,OAXa,IAAT/tH,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEjM,MAAM,IAED,IAATmc,EAAE,IAAoB,IAAPA,EAAE,KACnBA,EAAIA,EAAEnc,MAAM,IAGd1B,KAAK2N,EAAI,IAAI0zC,GAAG1zC,GAChB3N,KAAK6d,EAAI,IAAIwjC,GAAGxjC,GAChB7d,KAAKw7H,cAAgB,MAEd,CACT,EAeA/zC,GAAUzmF,UAAUk7H,MAAQ,SAAep2F,GACzC,IAAIn4B,EAAI3N,KAAK2N,EAAEg6B,UACX9pB,EAAI7d,KAAK6d,EAAE8pB,UAYf,IATW,IAAPh6B,EAAE,KACJA,EAAI,CAAE,GAAInH,OAAOmH,IAER,IAAPkQ,EAAE,KACJA,EAAI,CAAE,GAAIrX,OAAOqX,IAEnBlQ,EAAImuH,GAAUnuH,GACdkQ,EAAIi+G,GAAUj+G,KAENA,EAAE,IAAe,IAAPA,EAAE,KAClBA,EAAIA,EAAEnc,MAAM,GAEd,IAAI+6C,EAAM,CAAE,GACZs/E,GAAgBt/E,EAAK9uC,EAAEvM,SACvBq7C,EAAMA,EAAIj2C,OAAOmH,IACb9L,KAAK,GACTk6H,GAAgBt/E,EAAK5+B,EAAEzc,QACvB,IAAI+6H,EAAW1/E,EAAIj2C,OAAOqX,GACtB1O,EAAM,CAAE,IAGZ,OAFA4sH,GAAgB5sH,EAAKgtH,EAAS/6H,QAC9B+N,EAAMA,EAAI3I,OAAO21H,GACVz0F,GAAMxqB,OAAO/N,EAAK22B,EAC3B,EC9HA,IAAIX,GAASuC,GAAMvC,OAKnB,SAASi3F,GAAGv3H,GACV,KAAM7E,gBAAgBo8H,IACpB,OAAO,IAAIA,GAAGv3H,GAGO,iBAAZA,IACTsgC,GAAOoiB,GAAOp1B,eAAettB,GAAU,iBAAmBA,GAE1DA,EAAU0iD,GAAO1iD,IAIfA,aAAmB0iD,GAAOyyE,cAC5Bn1H,EAAU,CAAE2L,MAAO3L,IAErB7E,KAAKwQ,MAAQ3L,EAAQ2L,MAAMA,MAC3BxQ,KAAKoM,EAAIpM,KAAKwQ,MAAMpE,EACpBpM,KAAKq8H,GAAKr8H,KAAKoM,EAAEw8G,MAAM,GACvB5oH,KAAK2kC,EAAI3kC,KAAKwQ,MAAMm0B,EAGpB3kC,KAAK2kC,EAAI9/B,EAAQ2L,MAAMm0B,EACvB3kC,KAAK2kC,EAAEutF,WAAWrtH,EAAQ2L,MAAMpE,EAAEqD,YAAc,GAGhDzP,KAAKgU,KAAOnP,EAAQmP,MAAQnP,EAAQ2L,MAAMwD,IAC5C,CACA,OAAiBooH,GAEjBA,GAAGp7H,UAAU47C,QAAU,SAAiB/3C,GACtC,OAAO,IAAIm2H,GAAQh7H,KAAM6E,EAC3B,EAEAu3H,GAAGp7H,UAAUikD,eAAiB,SAAwBE,EAAMrf,GAC1D,OAAOk1F,GAAQM,YAAYt7H,KAAMmlD,EAAMrf,EACzC,EAEAs2F,GAAGp7H,UAAUokD,cAAgB,SAAuBC,EAAKvf,GACvD,OAAOk1F,GAAQK,WAAWr7H,KAAMqlD,EAAKvf,EACvC,EAEAs2F,GAAGp7H,UAAUwnD,WAAa,SAAoB3jD,GACvCA,IACHA,EAAU,IAGZ,IAAIy3H,EAAO,IAAInC,GAAS,CACtBnmH,KAAMhU,KAAKgU,KACX0mH,KAAM71H,EAAQ61H,KACdC,QAAS91H,EAAQ81H,SAAW,OAC5BlyE,QAAS5jD,EAAQ4jD,SAAW7J,GAAK5+C,KAAKgU,KAAKszB,cAC3CkzF,WAAY31H,EAAQ4jD,SAAW5jD,EAAQ21H,YAAc,OACrD/oF,MAAOzxC,KAAKoM,EAAEu7B,YAIhB,GAAwB,SAApB3nC,KAAKwQ,MAAMwJ,KAAiB,CAC9B,IAAImrC,EAAO,IAAI9D,GAAGi7E,EAAKnsE,SAAS,KAChC,OAAOnwD,KAAKilD,eAAeE,GAK7B,IAFA,IAAIj+C,EAAQlH,KAAKoM,EAAEjI,aACfo4H,EAAMv8H,KAAKoM,EAAEY,IAAI,IAAIq0C,GAAG,MACzB,CAED,MADI8D,EAAO,IAAI9D,GAAGi7E,EAAKnsE,SAASjpD,KACvBk3G,IAAIme,GAAO,GAIpB,OADAp3E,EAAKw7D,MAAM,GACJ3gH,KAAKilD,eAAeE,GAE/B,EAEAi3E,GAAGp7H,UAAUw7H,aAAe,SAAqBn3F,EAAKo3F,EAAW/gH,GAE/D,IAAI6uG,GADJ7uG,EAAUA,GAA8B,EAAnB2pB,EAAIlhC,cACHnE,KAAKoM,EAAEqD,YAG7B,OAFI86G,EAAQ,IACVllF,EAAMA,EAAIujF,MAAM2B,KACbkS,GAAap3F,EAAI+4E,IAAIp+G,KAAKoM,IAAM,EAC5Bi5B,EAAIr4B,IAAIhN,KAAKoM,GAEbi5B,CACX,EAEA+2F,GAAGp7H,UAAU07H,YAAe,SAAqBr3F,GAE/C,IAAI3pB,EAUJ,OATI2pB,aAAexiC,YACjB6Y,EAA2B,EAAjB2pB,EAAIlhC,WACdkhC,EAAMrlC,KAAKw8H,aAAa,IAAIn7E,GAAGhc,EAAK,KAAK,EAAO3pB,IACxB,iBAAR2pB,GAChB3pB,EAAuB,EAAb2pB,EAAIjkC,OACdikC,EAAMrlC,KAAKw8H,aAAa,IAAIn7E,GAAGhc,EAAK,KAAK,EAAO3pB,IAEhD2pB,EAAMrlC,KAAKw8H,aAAa,IAAIn7E,GAAGhc,EAAK,KAE/BA,CACT,EAEA+2F,GAAGp7H,UAAU87C,KAAO,SAAczX,EAAKzuB,EAAKkvB,EAAKjhC,GAC5B,iBAARihC,IACTjhC,EAAUihC,EACVA,EAAM,MAEHjhC,IACHA,EAAU,IAEZ+R,EAAM5W,KAAKilD,eAAeruC,EAAKkvB,GAC/BT,EAAMrlC,KAAK08H,YAAYr3F,GAqBvB,IAlBA,IAAIn+B,EAAQlH,KAAKoM,EAAEjI,aACfw4H,EAAO/lH,EAAI+xC,aAAahhB,QAAQ,KAAMzgC,GAGtCuqC,EAAQpM,EAAIsC,QAAQ,KAAMzgC,GAG1Bo1H,EAAO,IAAInC,GAAS,CACtBnmH,KAAMhU,KAAKgU,KACXy0C,QAASk0E,EACTlrF,MAAOA,EACPipF,KAAM71H,EAAQ61H,KACdC,QAAS91H,EAAQ81H,SAAW,SAI1BiC,EAAM58H,KAAKoM,EAAEY,IAAI,IAAIq0C,GAAG,IAEnBw7E,EAAO,GAASA,IAAQ,CAC/B,IAAI5gH,EAAIpX,EAAQoX,EACZpX,EAAQoX,EAAE4gH,GACV,IAAIx7E,GAAGi7E,EAAKnsE,SAASnwD,KAAKoM,EAAEjI,eAEhC,MADA8X,EAAIjc,KAAKw8H,aAAavgH,GAAG,IACnBuuG,KAAK,IAAM,GAAKvuG,EAAEmiG,IAAIwe,IAAQ,GAApC,CAGA,IAAIE,EAAK98H,KAAK2kC,EAAEz3B,IAAI+O,GACpB,IAAI6gH,EAAG9H,aAAP,CAGA,IAAI+H,EAAMD,EAAG9K,OACTrkH,EAAIovH,EAAIpT,KAAK3pH,KAAKoM,GACtB,GAAkB,IAAduB,EAAE68G,KAAK,GAAX,CAGA,IAAI3sG,EAAI5B,EAAEwuG,KAAKzqH,KAAKoM,GAAGc,IAAIS,EAAET,IAAI0J,EAAI+xC,cAAc97C,KAAKw4B,IAExD,GAAkB,KADlBxnB,EAAIA,EAAE8rG,KAAK3pH,KAAKoM,IACVo+G,KAAK,GAAX,CAGA,IAAIgR,GAAiBsB,EAAG7K,OAAO7H,QAAU,EAAI,IACT,IAAf2S,EAAI3e,IAAIzwG,GAAW,EAAI,GAQ5C,OALI9I,EAAQm4H,WAAan/G,EAAEugG,IAAIp+G,KAAKq8H,IAAM,IACxCx+G,EAAI7d,KAAKoM,EAAEY,IAAI6Q,GACf29G,GAAiB,GAGZ,IAAI/zC,GAAU,CAAE95E,EAAGA,EAAGkQ,EAAGA,EAAG29G,cAAeA,QAEtD,EAEAY,GAAGp7H,UAAUq8C,OAAS,SAAgBhY,EAAKtwB,EAAW6B,EAAKkvB,GAMzD,OALAlvB,EAAM5W,KAAKolD,cAAcxuC,EAAKkvB,GAC9B/wB,EAAY,IAAI0yE,GAAU1yE,EAAW,OAE3B/U,KAAKi9H,QAAQj9H,KAAK08H,YAAYr3F,GAAMtwB,EAAW6B,IACzD5W,KAAKi9H,QAAQj9H,KAAKw8H,aAAa,IAAIn7E,GAAGhc,EAAK,KAAMtwB,EAAW6B,EAE9D,EAEAwlH,GAAGp7H,UAAUi8H,QAAU,SAAiB53F,EAAKtwB,EAAW6B,GAEtD,IAAIjJ,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAClB,GAAIlQ,EAAE68G,KAAK,GAAK,GAAK78G,EAAEywG,IAAIp+G,KAAKoM,IAAM,EACpC,OAAO,EACT,GAAIyR,EAAE2sG,KAAK,GAAK,GAAK3sG,EAAEugG,IAAIp+G,KAAKoM,IAAM,EACpC,OAAO,EAGT,IAeIgmB,EAfA8qG,EAAOr/G,EAAE4sG,KAAKzqH,KAAKoM,GACnBuiD,EAAKuuE,EAAKhwH,IAAIm4B,GAAKskF,KAAK3pH,KAAKoM,GAC7BwiD,EAAKsuE,EAAKhwH,IAAIS,GAAGg8G,KAAK3pH,KAAKoM,GAE/B,OAAKpM,KAAKwQ,MAAMw/G,gBAWZ59F,EAAIpyB,KAAK2kC,EAAE2wF,QAAQ3mE,EAAI/3C,EAAI8xC,YAAakG,IACtComE,cAMC5iG,EAAEwlG,OAAOjqH,KAjBVykB,EAAIpyB,KAAK2kC,EAAE0wF,OAAO1mE,EAAI/3C,EAAI8xC,YAAakG,IACrComE,cAGkC,IAAjC5iG,EAAE4/F,OAAOrI,KAAK3pH,KAAKoM,GAAGgyG,IAAIzwG,EAcrC,EAEAyuH,GAAGp7H,UAAUm8H,cAAgB,SAAS93F,EAAKtwB,EAAW4H,EAAGmpB,GACvDX,IAAQ,EAAIxoB,KAAOA,EAAG,4CACtB5H,EAAY,IAAI0yE,GAAU1yE,EAAW+wB,GAErC,IAAI15B,EAAIpM,KAAKoM,EACT/H,EAAI,IAAIg9C,GAAGhc,GACX13B,EAAIoH,EAAUpH,EACdkQ,EAAI9I,EAAU8I,EAGdu/G,EAAa,EAAJzgH,EACT0gH,EAAc1gH,GAAK,EACvB,GAAIhP,EAAEywG,IAAIp+G,KAAKwQ,MAAM4hB,EAAEu3F,KAAK3pH,KAAKwQ,MAAMpE,KAAO,GAAKixH,EACjD,MAAUn6H,MAAM,wCAIhByK,EADE0vH,EACEr9H,KAAKwQ,MAAMohH,WAAWjkH,EAAE1H,IAAIjG,KAAKwQ,MAAMpE,GAAIgxH,GAE3Cp9H,KAAKwQ,MAAMohH,WAAWjkH,EAAGyvH,GAE/B,IAAIE,EAAOvoH,EAAUpH,EAAE88G,KAAKr+G,GACxB+f,EAAK/f,EAAEY,IAAI3I,GAAG6I,IAAIowH,GAAM3T,KAAKv9G,GAC7BggB,EAAKvO,EAAE3Q,IAAIowH,GAAM3T,KAAKv9G,GAI1B,OAAOpM,KAAK2kC,EAAE0wF,OAAOlpG,EAAIxe,EAAGye,EAC9B,EAEAgwG,GAAGp7H,UAAUu8H,oBAAsB,SAASl5H,EAAG0Q,EAAW8zC,EAAG/iB,GAE3D,GAAgC,QADhC/wB,EAAY,IAAI0yE,GAAU1yE,EAAW+wB,IACvB01F,cACZ,OAAOzmH,EAAUymH,cAEnB,IAAK,IAAIv4H,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAC1B,IAAIu6H,EACJ,IACEA,EAASx9H,KAAKm9H,cAAc94H,EAAG0Q,EAAW9R,GAC1C,MAAOoB,GACP,SAGF,GAAIm5H,EAAOt0E,GAAGL,GACZ,OAAO5lD,EAEX,MAAUC,MAAM,uCAClB,ECxQA,IAAIiiC,GAASuC,GAAMvC,OACf8pF,GAAavnF,GAAMunF,WACnBF,GAAiBrnF,GAAMqnF,eAW3B,SAASiM,GAAQroH,EAAOo0C,GAItB,GAHA/mD,KAAK2S,MAAQA,EACTo0C,EAAO50B,eAAe,YACxBnyB,KAAKy9H,QAAUxO,GAAWloE,EAAOyF,SAC/B75C,EAAM+qH,QAAQ32E,EAAO1B,KACvBrlD,KAAK29H,KAAO52E,EAAO1B,SAMnB,GAJArlD,KAAK49H,UAAY3O,GAAWloE,EAAO1B,KAC/BrlD,KAAK49H,WAAuC,KAA1B59H,KAAK49H,UAAUx8H,QACX,KAAtBpB,KAAK49H,UAAU,KACjB59H,KAAK49H,UAAY59H,KAAK49H,UAAUl8H,MAAM,EAAG,KACvC1B,KAAK49H,WAAuC,KAA1B59H,KAAK49H,UAAUx8H,OACnC,MAAU8B,MAAM,mCAEtB,CAEA83H,GAAQK,WAAa,SAAoB1oH,EAAO0yC,GAC9C,OAAIA,aAAe21E,GACV31E,EACF,IAAI21E,GAAQroH,EAAO,CAAE0yC,IAAKA,GACnC,EAEA21E,GAAQ6C,WAAa,SAAoBlrH,EAAO65C,GAC9C,OAAIA,aAAkBwuE,GACbxuE,EACF,IAAIwuE,GAAQroH,EAAO,CAAE65C,OAAQA,GACtC,EAEAwuE,GAAQh6H,UAAUwrD,OAAS,WACzB,OAAOxsD,KAAKy9H,OACd,EAEA1O,GAAeiM,GAAS,YAAY,WAClC,OAAOh7H,KAAK2S,MAAMmrH,YAAY99H,KAAKqlD,MACrC,IAEA0pE,GAAeiM,GAAS,OAAO,WAC7B,OAAIh7H,KAAK49H,UACA59H,KAAK2S,MAAMg/G,YAAY3xH,KAAK49H,WAC9B59H,KAAK2S,MAAMgyB,EAAEz3B,IAAIlN,KAAKmlD,OAC/B,IAEA4pE,GAAeiM,GAAS,aAAa,WACnC,IAAIroH,EAAQ3S,KAAK2S,MACbqB,EAAOhU,KAAKgU,OACZ+pH,EAASprH,EAAMqrH,eAAiB,EAGhC3vH,EAAI2F,EAAKtS,MAAM,EAAGiR,EAAMqrH,gBAK5B,OAJA3vH,EAAE,IAAM,IACRA,EAAE0vH,IAAW,IACb1vH,EAAE0vH,IAAW,GAEN1vH,CACT,IAEA0gH,GAAeiM,GAAS,QAAQ,WAC9B,OAAOh7H,KAAK2S,MAAMsrH,UAAUj+H,KAAKk+H,YACnC,IAEAnP,GAAeiM,GAAS,QAAQ,WAC9B,OAAOh7H,KAAK2S,MAAMqB,OAAOyzB,OAAOznC,KAAKwsD,UAAU1kB,QACjD,IAEAinF,GAAeiM,GAAS,iBAAiB,WACvC,OAAOh7H,KAAKgU,OAAOtS,MAAM1B,KAAK2S,MAAMqrH,eACtC,IAEAhD,GAAQh6H,UAAU87C,KAAO,SAAcvjC,GAErC,OADA4rB,GAAOnlC,KAAKy9H,QAAS,2BACdz9H,KAAK2S,MAAMmqC,KAAKvjC,EAASvZ,KAClC,EAEAg7H,GAAQh6H,UAAUq8C,OAAS,SAAgB9jC,EAAS6jC,GAClD,OAAOp9C,KAAK2S,MAAM0qC,OAAO9jC,EAAS6jC,EAAKp9C,KACzC,EAEAg7H,GAAQh6H,UAAUm9H,UAAY,SAAmBr4F,GAE/C,OADAX,GAAOnlC,KAAKy9H,QAAS,0BACd/1F,GAAMxqB,OAAOld,KAAKwsD,SAAU1mB,EACrC,EAEAk1F,GAAQh6H,UAAU0nD,UAAY,SAAmB5iB,EAAKisF,GACpD,OAAOrqF,GAAMxqB,QAAQ60G,EAAU,CAAE,IAAS,IAAIvrH,OAAOxG,KAAKo+H,YAAat4F,EACzE,EAEA,OAAiBk1F,GClGb71F,GAASuC,GAAMvC,OACf4pF,GAAiBrnF,GAAMqnF,eACvBE,GAAavnF,GAAMunF,WAUvB,SAASxnC,GAAU90E,EAAOyqC,GACxBp9C,KAAK2S,MAAQA,EAEM,iBAARyqC,IACTA,EAAM6xE,GAAW7xE,IAEfv9C,MAAMW,QAAQ48C,KAChBA,EAAM,CACJhzB,EAAGgzB,EAAI17C,MAAM,EAAGiR,EAAMqrH,gBACtBvqF,EAAG2J,EAAI17C,MAAMiR,EAAMqrH,kBAIvB74F,GAAOiY,EAAIhzB,GAAKgzB,EAAI3J,EAAG,4BAEnB9gC,EAAM+qH,QAAQtgF,EAAIhzB,KACpBpqB,KAAKq+H,GAAKjhF,EAAIhzB,GACZgzB,EAAI3J,aAAa4N,KACnBrhD,KAAKs+H,GAAKlhF,EAAI3J,GAEhBzzC,KAAKu+H,UAAY1+H,MAAMW,QAAQ48C,EAAIhzB,GAAKgzB,EAAIhzB,EAAIgzB,EAAIohF,SACpDx+H,KAAKy+H,UAAY5+H,MAAMW,QAAQ48C,EAAI3J,GAAK2J,EAAI3J,EAAI2J,EAAIshF,QACtD,CAEA3P,GAAetnC,GAAW,KAAK,WAC7B,OAAOznF,KAAK2S,MAAMsrH,UAAUj+H,KAAK0+H,WACnC,IAEA3P,GAAetnC,GAAW,KAAK,WAC7B,OAAOznF,KAAK2S,MAAMg/G,YAAY3xH,KAAKw+H,WACrC,IAEAzP,GAAetnC,GAAW,YAAY,WACpC,OAAOznF,KAAK2S,MAAMmrH,YAAY99H,KAAKoqB,IACrC,IAEA2kG,GAAetnC,GAAW,YAAY,WACpC,OAAOznF,KAAK2S,MAAMgsH,UAAU3+H,KAAKyzC,IACnC,IAEAg0C,GAAUzmF,UAAU49H,QAAU,WAC5B,OAAO5+H,KAAKw+H,WAAWh4H,OAAOxG,KAAK0+H,WACrC,EAEAj3C,GAAUzmF,UAAUqmB,MAAQ,WAC1B,OAAOqgB,GAAMxqB,OAAOld,KAAK4+H,UAAW,OAAOnoD,aAC7C,EAEA,OAAiBgR,GCzDbtiD,GAASuC,GAAMvC,OACf8pF,GAAavnF,GAAMunF,WAIvB,SAAS4P,GAAMruH,GAGb,GAFA20B,GAAiB,YAAV30B,EAAqB,qCAEtBxQ,gBAAgB6+H,IACpB,OAAO,IAAIA,GAAMruH,GAEfA,EAAQ+2C,GAAO/2C,GAAOA,MAC1BxQ,KAAKwQ,MAAQA,EACbxQ,KAAK2kC,EAAIn0B,EAAMm0B,EACf3kC,KAAK2kC,EAAEutF,WAAW1hH,EAAMpE,EAAEqD,YAAc,GAExCzP,KAAK8+H,WAAatuH,EAAM2/G,QAAQrwH,YAChCE,KAAKg+H,eAAiBtyH,KAAKmQ,KAAKrL,EAAMpE,EAAEqD,YAAc,GACtDzP,KAAKgU,KAAOA,GAAKM,MACnB,CAEA,OAAiBuqH,GAOjBA,GAAM79H,UAAU87C,KAAO,SAAcvjC,EAASizC,GAC5CjzC,EAAU01G,GAAW11G,GACrB,IAAI3C,EAAM5W,KAAK++H,cAAcvyE,GACzB7+C,EAAI3N,KAAKg/H,QAAQpoH,EAAIqoH,gBAAiB1lH,GACtC6Q,EAAIpqB,KAAK2kC,EAAEz3B,IAAIS,GACf6wH,EAAWx+H,KAAK89H,YAAY1zG,GAC5B80G,EAAKl/H,KAAKg/H,QAAQR,EAAU5nH,EAAIwnH,WAAY7kH,GAClCrM,IAAI0J,EAAIuuC,QAClB1R,EAAI9lC,EAAE1H,IAAIi5H,GAAIvV,KAAK3pH,KAAKwQ,MAAMpE,GAClC,OAAOpM,KAAKm/H,cAAc,CAAE/0G,EAAGA,EAAGqpB,EAAGA,EAAG+qF,SAAUA,GACpD,EAQAK,GAAM79H,UAAUq8C,OAAS,SAAgB9jC,EAAS6jC,EAAKiI,GACrD9rC,EAAU01G,GAAW11G,GACrB6jC,EAAMp9C,KAAKm/H,cAAc/hF,GACzB,IAAIxmC,EAAM5W,KAAKolD,cAAcC,GACzBlpC,EAAInc,KAAKg/H,QAAQ5hF,EAAIohF,WAAY5nH,EAAIwnH,WAAY7kH,GACjD6lH,EAAKp/H,KAAK2kC,EAAEz3B,IAAIkwC,EAAI3J,KAExB,OADc2J,EAAIhzB,IAAInkB,IAAI2Q,EAAIyuC,MAAMn4C,IAAIiP,IACzB+sC,GAAGk2E,EACpB,EAEAP,GAAM79H,UAAUg+H,QAAU,WAExB,IADA,IAAIhrH,EAAOhU,KAAKgU,OACP/Q,EAAI,EAAGA,EAAIs5C,UAAUn7C,OAAQ6B,IACpC+Q,EAAKyzB,OAAO8U,UAAUt5C,IACxB,OAAOykC,GAAMwnF,UAAUl7G,EAAK8zB,UAAU6hF,KAAK3pH,KAAKwQ,MAAMpE,EACxD,EAEAyyH,GAAM79H,UAAU47C,QAAU,SAAiB/3C,GACzC,OAAO,IAAIm2H,GAAQh7H,KAAM6E,EAC3B,EAEAg6H,GAAM79H,UAAUokD,cAAgB,SAAuBC,GACrD,OAAO21E,GAAQK,WAAWr7H,KAAMqlD,EAClC,EAEAw5E,GAAM79H,UAAU+9H,cAAgB,SAAuBvyE,GACrD,OAAOwuE,GAAQ6C,WAAW79H,KAAMwsD,EAClC,EAEAqyE,GAAM79H,UAAUwnD,WAAa,SAAoB3jD,GAC1CA,IACHA,EAAU,IAGZ,IAAIy3H,EAAO,IAAInC,GAAS,CACtBnmH,KAAMhU,KAAKgU,KACX0mH,KAAM71H,EAAQ61H,KACdC,QAAS91H,EAAQ81H,SAAW,OAC5BlyE,QAAS5jD,EAAQ4jD,SAAW7J,GAAK5+C,KAAKgU,KAAKszB,cAC3CkzF,WAAY31H,EAAQ4jD,SAAW5jD,EAAQ21H,YAAc,OACrD/oF,MAAOzxC,KAAKwQ,MAAMpE,EAAEu7B,YAGtB,OAAO3nC,KAAK++H,cAAczC,EAAKnsE,SAAS,IAC1C,EAEA0uE,GAAM79H,UAAUm+H,cAAgB,SAAuB/hF,GACrD,OAAIA,aAAeqqC,GACVrqC,EACF,IAAIqqC,GAAUznF,KAAMo9C,EAC7B,EAUAyhF,GAAM79H,UAAU88H,YAAc,SAAqB3N,GACjD,IAAIrqF,EAAMqqF,EAAM8B,OAAOtqF,QAAQ,KAAM3nC,KAAKg+H,gBAE1C,OADAl4F,EAAI9lC,KAAKg+H,eAAiB,IAAM7N,EAAM6B,OAAO5H,QAAU,IAAO,EACvDtkF,CACT,EAEA+4F,GAAM79H,UAAU2wH,YAAc,SAAqBzqH,GAGjD,IAAI62H,GAFJ72H,EAAQwgC,GAAMunF,WAAW/nH,IAEN9F,OAAS,EACxBi+H,EAASn4H,EAAMxF,MAAM,EAAGq8H,GAAQv3H,QAAuB,IAAhBU,EAAM62H,IAC7CuB,EAAoC,IAAV,IAAhBp4H,EAAM62H,IAEhB7vH,EAAIw5B,GAAMwnF,UAAUmQ,GACxB,OAAOr/H,KAAKwQ,MAAMmoH,WAAWzqH,EAAGoxH,EAClC,EAEAT,GAAM79H,UAAU29H,UAAY,SAAmB13F,GAC7C,OAAOA,EAAIU,QAAQ,KAAM3nC,KAAKg+H,eAChC,EAEAa,GAAM79H,UAAUi9H,UAAY,SAAmB/2H,GAC7C,OAAOwgC,GAAMwnF,UAAUhoH,EACzB,EAEA23H,GAAM79H,UAAU08H,QAAU,SAAiBt4F,GACzC,OAAOA,aAAeplC,KAAK8+H,UAC7B,2BC1IA,IAAIt5E,EAAWxH,EAEfwH,EAAS9d,MAAQuxF,GACjBzzE,EAAS5G,KAAOu6E,GAChB3zE,EAASh1C,MAAQ4oH,GACjB5zE,EAAS+B,OAAS+xE,GAGlB9zE,EAASC,GAAKi0E,GACdl0E,EAAS7yC,MAAQ4sH"} \ No newline at end of file +{"version":3,"file":"openpgp.min.mjs","sources":["../node_modules/@openpgp/web-stream-tools/lib/writer.js","../node_modules/@openpgp/web-stream-tools/lib/util.js","../node_modules/@openpgp/web-stream-tools/lib/reader.js","../node_modules/@openpgp/web-stream-tools/lib/streams.js","../src/enums.js","../src/config/config.js","../src/util.js","../src/encoding/base64.js","../src/encoding/armor.js","../src/crypto/cipher/index.js","../src/crypto/hash/md5.js","../src/crypto/hash/index.js","../node_modules/@noble/ciphers/esm/_assert.js","../node_modules/@noble/ciphers/esm/utils.js","../node_modules/@noble/ciphers/esm/_polyval.js","../node_modules/@noble/ciphers/esm/aes.js","../src/crypto/mode/cfb.js","../src/crypto/cmac.js","../src/crypto/mode/eax.js","../src/crypto/mode/ocb.js","../src/crypto/mode/gcm.js","../src/crypto/mode/index.js","../../../src/crypto/biginteger.ts","../src/crypto/random.js","../../../src/crypto/public_key/prime.ts","../src/crypto/pkcs1.js","../src/crypto/public_key/rsa.js","../src/crypto/public_key/elgamal.js","../node_modules/@openpgp/tweetnacl/cryptoBrowser.js","../node_modules/@openpgp/tweetnacl/nacl-fast.js","../src/type/oid.js","../src/packet/packet.js","../src/crypto/public_key/elliptic/eddsa.js","../src/crypto/aes_kw.js","../src/crypto/hkdf.js","../src/crypto/public_key/elliptic/ecdh_x.js","../src/crypto/public_key/elliptic/oid_curves.js","../src/crypto/public_key/elliptic/ecdsa.js","../src/crypto/public_key/elliptic/eddsa_legacy.js","../src/crypto/pkcs5.js","../src/crypto/public_key/elliptic/ecdh.js","../src/crypto/public_key/dsa.js","../src/crypto/public_key/index.js","../src/crypto/signature.js","../src/type/ecdh_symkey.js","../src/type/kdf_params.js","../src/type/ecdh_x_symkey.js","../src/crypto/crypto.js","../src/crypto/index.js","../src/type/s2k/argon2.js","../src/type/s2k/generic.js","../src/type/s2k/index.js","../node_modules/fflate/esm/browser.js","../src/packet/literal_data.js","../src/type/keyid.js","../src/packet/signature.js","../src/packet/one_pass_signature.js","../src/packet/packetlist.js","../src/packet/compressed_data.js","../src/packet/sym_encrypted_integrity_protected_data.js","../src/packet/aead_encrypted_data.js","../src/packet/public_key_encrypted_session_key.js","../src/packet/sym_encrypted_session_key.js","../src/packet/public_key.js","../src/packet/symmetrically_encrypted_data.js","../src/packet/marker.js","../src/packet/public_subkey.js","../src/packet/user_attribute.js","../src/packet/secret_key.js","../src/packet/userid.js","../src/packet/secret_subkey.js","../src/packet/trust.js","../src/packet/padding.js","../src/signature.js","../src/key/helper.js","../src/key/user.js","../src/key/subkey.js","../src/key/key.js","../src/key/public_key.js","../src/key/private_key.js","../src/key/factory.js","../src/message.js","../src/cleartext.js","../src/openpgp.js","../node_modules/@noble/hashes/esm/_assert.js","../node_modules/@noble/hashes/esm/crypto.js","../node_modules/@noble/hashes/esm/utils.js","../node_modules/@noble/hashes/esm/_md.js","../node_modules/@noble/hashes/esm/sha256.js","../node_modules/@noble/hashes/esm/hmac.js","../node_modules/@noble/curves/esm/abstract/utils.js","../node_modules/@noble/curves/esm/abstract/modular.js","../node_modules/@noble/curves/esm/abstract/curve.js","../node_modules/@noble/curves/esm/abstract/weierstrass.js","../node_modules/@noble/curves/esm/_shortw_utils.js","../node_modules/@noble/curves/esm/p256.js","../node_modules/@noble/hashes/esm/_u64.js","../node_modules/@noble/hashes/esm/sha512.js","../node_modules/@noble/curves/esm/p384.js","../node_modules/@noble/curves/esm/p521.js","../node_modules/@noble/hashes/esm/sha3.js","../node_modules/@noble/curves/esm/abstract/edwards.js","../node_modules/@noble/curves/esm/abstract/montgomery.js","../node_modules/@noble/curves/esm/ed448.js","../node_modules/@noble/curves/esm/secp256k1.js","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP256r1.ts","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP384r1.ts","../../../src/crypto/public_key/elliptic/brainpool/brainpoolP512r1.ts","../src/crypto/public_key/elliptic/noble_curves.js","../src/crypto/cipher/des.js","../src/crypto/cipher/cast5.js","../src/crypto/cipher/twofish.js","../src/crypto/cipher/blowfish.js","../src/crypto/cipher/legacy_ciphers.js","../node_modules/@noble/hashes/esm/sha1.js","../node_modules/@noble/hashes/esm/ripemd160.js","../src/crypto/hash/noble_hashes.js","../node_modules/argon2id/lib/blake2b.js","../node_modules/argon2id/lib/argon2id.js","../node_modules/argon2id/lib/setup.js","../node_modules/argon2id/index.js","../node_modules/@openpgp/seek-bzip/lib/bitreader.js","../node_modules/@openpgp/seek-bzip/lib/stream.js","../node_modules/@openpgp/seek-bzip/lib/crc32.js","../node_modules/@openpgp/seek-bzip/lib/index.js"],"sourcesContent":["const doneWritingPromise = Symbol('doneWritingPromise');\nconst doneWritingResolve = Symbol('doneWritingResolve');\nconst doneWritingReject = Symbol('doneWritingReject');\n\nconst readingIndex = Symbol('readingIndex');\n\nclass ArrayStream extends Array {\n constructor() {\n super();\n // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work\n Object.setPrototypeOf(this, ArrayStream.prototype);\n\n this[doneWritingPromise] = new Promise((resolve, reject) => {\n this[doneWritingResolve] = resolve;\n this[doneWritingReject] = reject;\n });\n this[doneWritingPromise].catch(() => {});\n }\n}\n\nArrayStream.prototype.getReader = function() {\n if (this[readingIndex] === undefined) {\n this[readingIndex] = 0;\n }\n return {\n read: async () => {\n await this[doneWritingPromise];\n if (this[readingIndex] === this.length) {\n return { value: undefined, done: true };\n }\n return { value: this[this[readingIndex]++], done: false };\n }\n };\n};\n\nArrayStream.prototype.readToEnd = async function(join) {\n await this[doneWritingPromise];\n const result = join(this.slice(this[readingIndex]));\n this.length = 0;\n return result;\n};\n\nArrayStream.prototype.clone = function() {\n const clone = new ArrayStream();\n clone[doneWritingPromise] = this[doneWritingPromise].then(() => {\n clone.push(...this);\n });\n return clone;\n};\n\n/**\n * Check whether data is an ArrayStream\n * @param {Any} input data to check\n * @returns {boolean}\n */\nfunction isArrayStream(input) {\n return input && input.getReader && Array.isArray(input);\n}\n\n/**\n * A wrapper class over the native WritableStreamDefaultWriter.\n * It also lets you \"write data to\" array streams instead of streams.\n * @class\n */\nfunction Writer(input) {\n if (!isArrayStream(input)) {\n const writer = input.getWriter();\n const releaseLock = writer.releaseLock;\n writer.releaseLock = () => {\n writer.closed.catch(function() {});\n releaseLock.call(writer);\n };\n return writer;\n }\n this.stream = input;\n}\n\n/**\n * Write a chunk of data.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.write = async function(chunk) {\n this.stream.push(chunk);\n};\n\n/**\n * Close the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.close = async function() {\n this.stream[doneWritingResolve]();\n};\n\n/**\n * Error the stream.\n * @returns {Promise}\n * @async\n */\nWriter.prototype.abort = async function(reason) {\n this.stream[doneWritingReject](reason);\n return reason;\n};\n\n/**\n * Release the writer's lock.\n * @returns {undefined}\n * @async\n */\nWriter.prototype.releaseLock = function() {};\n\nexport { ArrayStream, isArrayStream, Writer, doneWritingPromise };\n","/* eslint-disable no-prototype-builtins */\nimport { isArrayStream } from './writer.js';\nconst isNode = typeof globalThis.process === 'object' &&\n typeof globalThis.process.versions === 'object';\n\n/**\n * Check whether data is a Stream, and if so of which type\n * @param {Any} input data to check\n * @returns {'web'|'node'|'array'|'web-like'|false}\n */\nfunction isStream(input) {\n if (isArrayStream(input)) {\n return 'array';\n }\n if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) {\n return 'web';\n }\n // try and detect a node native stream without having to import its class\n if (input &&\n !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) &&\n typeof input._read === 'function' && typeof input._readableState === 'object') {\n throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`');\n }\n if (input && input.getReader) {\n return 'web-like';\n }\n return false;\n}\n\n/**\n * Check whether data is a Uint8Array\n * @param {Any} input data to check\n * @returns {Boolean}\n */\nfunction isUint8Array(input) {\n return Uint8Array.prototype.isPrototypeOf(input);\n}\n\n/**\n * Concat Uint8Arrays\n * @param {Array} Array of Uint8Arrays to concatenate\n * @returns {Uint8array} Concatenated array\n */\nfunction concatUint8Array(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!isUint8Array(arrays[i])) {\n throw new Error('concatUint8Array: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach(function (element) {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n\nexport { isNode, isStream, isArrayStream, isUint8Array, concatUint8Array };\n","import { isUint8Array, isStream, isArrayStream } from './util.js';\nimport * as streams from './streams.js';\n\nconst doneReadingSet = new WeakSet();\n/**\n * The external buffer is used to store values that have been peeked or unshifted from the original stream.\n * Because of how streams are implemented, such values cannot be \"put back\" in the original stream,\n * but they need to be returned first when reading from the input again.\n */\nconst externalBuffer = Symbol('externalBuffer');\n\n/**\n * A wrapper class over the native ReadableStreamDefaultReader.\n * This additionally implements pushing back data on the stream, which\n * lets us implement peeking and a host of convenience functions.\n * It also lets you read data other than streams, such as a Uint8Array.\n * @class\n */\nfunction Reader(input) {\n this.stream = input;\n if (input[externalBuffer]) {\n this[externalBuffer] = input[externalBuffer].slice();\n }\n if (isArrayStream(input)) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {};\n this._cancel = () => {};\n return;\n }\n let streamType = isStream(input);\n if (streamType) {\n const reader = input.getReader();\n this._read = reader.read.bind(reader);\n this._releaseLock = () => {\n reader.closed.catch(function() {});\n reader.releaseLock();\n };\n this._cancel = reader.cancel.bind(reader);\n return;\n }\n let doneReading = false;\n this._read = async () => {\n if (doneReading || doneReadingSet.has(input)) {\n return { value: undefined, done: true };\n }\n doneReading = true;\n return { value: input, done: false };\n };\n this._releaseLock = () => {\n if (doneReading) {\n try {\n doneReadingSet.add(input);\n } catch(e) {}\n }\n };\n}\n\n/**\n * Read a chunk of data.\n * @returns {Promise} Either { done: false, value: Uint8Array | String } or { done: true, value: undefined }\n * @async\n */\nReader.prototype.read = async function() {\n if (this[externalBuffer] && this[externalBuffer].length) {\n const value = this[externalBuffer].shift();\n return { done: false, value };\n }\n return this._read();\n};\n\n/**\n * Allow others to read the stream.\n */\nReader.prototype.releaseLock = function() {\n if (this[externalBuffer]) {\n this.stream[externalBuffer] = this[externalBuffer];\n }\n this._releaseLock();\n};\n\n/**\n * Cancel the stream.\n */\nReader.prototype.cancel = function(reason) {\n return this._cancel(reason);\n};\n\n/**\n * Read up to and including the first \\n character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readLine = async function() {\n let buffer = [];\n let returnVal;\n while (!returnVal) {\n let { done, value } = await this.read();\n value += '';\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n const lineEndIndex = value.indexOf('\\n') + 1;\n if (lineEndIndex) {\n returnVal = streams.concat(buffer.concat(value.substr(0, lineEndIndex)));\n buffer = [];\n }\n if (lineEndIndex !== value.length) {\n buffer.push(value.substr(lineEndIndex));\n }\n }\n this.unshift(...buffer);\n return returnVal;\n};\n\n/**\n * Read a single byte/character.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readByte = async function() {\n const { done, value } = await this.read();\n if (done) return;\n const byte = value[0];\n this.unshift(streams.slice(value, 1));\n return byte;\n};\n\n/**\n * Read a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.readBytes = async function(length) {\n const buffer = [];\n let bufferLength = 0;\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) {\n if (buffer.length) return streams.concat(buffer);\n return;\n }\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= length) {\n const bufferConcat = streams.concat(buffer);\n this.unshift(streams.slice(bufferConcat, length));\n return streams.slice(bufferConcat, 0, length);\n }\n }\n};\n\n/**\n * Peek (look ahead) a specific amount of bytes/characters, unless the stream ends before that amount.\n * @returns {Promise}\n * @async\n */\nReader.prototype.peekBytes = async function(length) {\n const bytes = await this.readBytes(length);\n this.unshift(bytes);\n return bytes;\n};\n\n/**\n * Push data to the front of the stream.\n * Data must have been read in the last call to read*.\n * @param {...(Uint8Array|String|Undefined)} values\n */\nReader.prototype.unshift = function(...values) {\n if (!this[externalBuffer]) {\n this[externalBuffer] = [];\n }\n if (\n values.length === 1 && isUint8Array(values[0]) &&\n this[externalBuffer].length && values[0].length &&\n this[externalBuffer][0].byteOffset >= values[0].length\n ) {\n this[externalBuffer][0] = new Uint8Array(\n this[externalBuffer][0].buffer,\n this[externalBuffer][0].byteOffset - values[0].length,\n this[externalBuffer][0].byteLength + values[0].length\n );\n return;\n }\n this[externalBuffer].unshift(...values.filter(value => value && value.length));\n};\n\n/**\n * Read the stream to the end and return its contents, concatenated by the join function (defaults to streams.concat).\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nReader.prototype.readToEnd = async function(join=streams.concat) {\n const result = [];\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const { done, value } = await this.read();\n if (done) break;\n result.push(value);\n }\n return join(result);\n};\n\nexport { Reader, externalBuffer };\n","import { isStream, isArrayStream, isUint8Array, concatUint8Array } from './util.js';\nimport { Reader, externalBuffer } from './reader.js';\nimport { ArrayStream, Writer } from './writer.js';\n\n/**\n * Convert data to Stream\n * @param {ReadableStream|Uint8array|String} input data to convert\n * @returns {ReadableStream} Converted data\n */\nfunction toStream(input) {\n let streamType = isStream(input);\n if (streamType) {\n return input;\n }\n return new ReadableStream({\n start(controller) {\n controller.enqueue(input);\n controller.close();\n }\n });\n}\n\n/**\n * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream.\n * @param {Object} input data to convert\n * @returns {ArrayStream} Converted data\n */\nfunction toArrayStream(input) {\n if (isStream(input)) {\n return input;\n }\n const stream = new ArrayStream();\n (async () => {\n const writer = getWriter(stream);\n await writer.write(input);\n await writer.close();\n })();\n return stream;\n}\n\n/**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller should not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8array|String|ReadableStream} Concatenated array\n */\nfunction concat(list) {\n if (list.some(stream => isStream(stream) && !isArrayStream(stream))) {\n return concatStream(list);\n }\n if (list.some(stream => isArrayStream(stream))) {\n return concatArrayStream(list);\n }\n if (typeof list[0] === 'string') {\n return list.join('');\n }\n return concatUint8Array(list);\n}\n\n/**\n * Concat a list of Streams\n * @param {Array} list Array of Uint8Arrays/Strings/Streams to concatenate\n * @returns {ReadableStream} Concatenated list\n */\nfunction concatStream(list) {\n list = list.map(toStream);\n const transform = transformWithCancel(async function(reason) {\n await Promise.all(transforms.map(stream => cancel(stream, reason)));\n });\n let prev = Promise.resolve();\n const transforms = list.map((stream, i) => transformPair(stream, (readable, writable) => {\n prev = prev.then(() => pipe(readable, transform.writable, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n }));\n return transform.readable;\n}\n\n/**\n * Concat a list of ArrayStreams\n * @param {Array} list Array of Uint8Arrays/Strings/ArrayStreams to concatenate\n * @returns {ArrayStream} Concatenated streams\n */\nfunction concatArrayStream(list) {\n const result = new ArrayStream();\n let prev = Promise.resolve();\n list.forEach((stream, i) => {\n prev = prev.then(() => pipe(stream, result, {\n preventClose: i !== list.length - 1\n }));\n return prev;\n });\n return result;\n}\n\n/**\n * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {WritableStream} target\n * @param {Object} (optional) options\n * @returns {Promise} Promise indicating when piping has finished (input stream closed or errored)\n * @async\n */\nasync function pipe(input, target, {\n preventClose = false,\n preventAbort = false,\n preventCancel = false\n} = {}) {\n if (isStream(input) && !isArrayStream(input)) {\n input = toStream(input);\n try {\n if (input[externalBuffer]) {\n const writer = getWriter(target);\n for (let i = 0; i < input[externalBuffer].length; i++) {\n await writer.ready;\n await writer.write(input[externalBuffer][i]);\n }\n writer.releaseLock();\n }\n await input.pipeTo(target, {\n preventClose,\n preventAbort,\n preventCancel\n });\n } catch(e) {}\n return;\n }\n input = toArrayStream(input);\n const reader = getReader(input);\n const writer = getWriter(target);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (!preventClose) await writer.close();\n break;\n }\n await writer.write(value);\n }\n } catch (e) {\n if (!preventAbort) await writer.abort(e);\n } finally {\n reader.releaseLock();\n writer.releaseLock();\n }\n}\n\n/**\n * Pipe a readable stream through a transform stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Object} (optional) options\n * @returns {ReadableStream} transformed stream\n */\nfunction transformRaw(input, options) {\n const transformStream = new TransformStream(options);\n pipe(input, transformStream.writable);\n return transformStream.readable;\n}\n\n/**\n * Create a cancelable TransformStream.\n * @param {Function} cancel\n * @returns {TransformStream}\n */\nfunction transformWithCancel(customCancel) {\n let pulled = false;\n let cancelled = false;\n let backpressureChangePromiseResolve, backpressureChangePromiseReject;\n let outputController;\n return {\n readable: new ReadableStream({\n start(controller) {\n outputController = controller;\n },\n pull() {\n if (backpressureChangePromiseResolve) {\n backpressureChangePromiseResolve();\n } else {\n pulled = true;\n }\n },\n async cancel(reason) {\n cancelled = true;\n if (customCancel) {\n await customCancel(reason);\n }\n if (backpressureChangePromiseReject) {\n backpressureChangePromiseReject(reason);\n }\n }\n }, {highWaterMark: 0}),\n writable: new WritableStream({\n write: async function(chunk) {\n if (cancelled) {\n throw new Error('Stream is cancelled');\n }\n outputController.enqueue(chunk);\n if (!pulled) {\n await new Promise((resolve, reject) => {\n backpressureChangePromiseResolve = resolve;\n backpressureChangePromiseReject = reject;\n });\n backpressureChangePromiseResolve = null;\n backpressureChangePromiseReject = null;\n } else {\n pulled = false;\n }\n },\n close: outputController.close.bind(outputController),\n abort: outputController.error.bind(outputController)\n })\n };\n}\n\n/**\n * Transform a stream using helper functions which are called on each chunk, and on stream close, respectively.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} process\n * @param {Function} finish\n * @returns {ReadableStream|Uint8array|String}\n */\nfunction transform(input, process = () => undefined, finish = () => undefined) {\n if (isArrayStream(input)) {\n const output = new ArrayStream();\n (async () => {\n const writer = getWriter(output);\n try {\n const data = await readToEnd(input);\n const result1 = process(data);\n const result2 = finish();\n let result;\n if (result1 !== undefined && result2 !== undefined) result = concat([result1, result2]);\n else result = result1 !== undefined ? result1 : result2;\n await writer.write(result);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return output;\n }\n if (isStream(input)) {\n return transformRaw(input, {\n async transform(value, controller) {\n try {\n const result = await process(value);\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n },\n async flush(controller) {\n try {\n const result = await finish();\n if (result !== undefined) controller.enqueue(result);\n } catch(e) {\n controller.error(e);\n }\n }\n });\n }\n const result1 = process(input);\n const result2 = finish();\n if (result1 !== undefined && result2 !== undefined) return concat([result1, result2]);\n return result1 !== undefined ? result1 : result2;\n}\n\n/**\n * Transform a stream using a helper function which is passed a readable and a writable stream.\n * This function also maintains the possibility to cancel the input stream,\n * and does so on cancelation of the output stream, despite cancelation\n * normally being impossible when the input stream is being read from.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {ReadableStream}\n */\nfunction transformPair(input, fn) {\n if (isStream(input) && !isArrayStream(input)) {\n let incomingTransformController;\n const incoming = new TransformStream({\n start(controller) {\n incomingTransformController = controller;\n }\n });\n\n const pipeDonePromise = pipe(input, incoming.writable);\n\n const outgoing = transformWithCancel(async function(reason) {\n incomingTransformController.error(reason);\n await pipeDonePromise;\n await new Promise(setTimeout);\n });\n fn(incoming.readable, outgoing.writable);\n return outgoing.readable;\n }\n input = toArrayStream(input);\n const output = new ArrayStream();\n fn(input, output);\n return output;\n}\n\n/**\n * Parse a stream using a helper function which is passed a Reader.\n * The reader additionally has a remainder() method which returns a\n * stream pointing to the remainder of input, and is linked to input\n * for cancelation.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} fn\n * @returns {Any} the return value of fn()\n */\nfunction parse(input, fn) {\n let returnValue;\n const transformed = transformPair(input, (readable, writable) => {\n const reader = getReader(readable);\n reader.remainder = () => {\n reader.releaseLock();\n pipe(readable, writable);\n return transformed;\n };\n returnValue = fn(reader);\n });\n return returnValue;\n}\n\n/**\n * Tee a Stream for reading it twice. The input stream can no longer be read after tee()ing.\n * Reading either of the two returned streams will pull from the input stream.\n * The input stream will only be canceled if both of the returned streams are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Array} array containing two copies of input\n */\nfunction tee(input) {\n if (isArrayStream(input)) {\n throw new Error('ArrayStream cannot be tee()d, use clone() instead');\n }\n if (isStream(input)) {\n const teed = toStream(input).tee();\n teed[0][externalBuffer] = teed[1][externalBuffer] = input[externalBuffer];\n return teed;\n }\n return [slice(input), slice(input)];\n}\n\n/**\n * Clone a Stream for reading it twice. The input stream can still be read after clone()ing.\n * Reading from the clone will pull from the input stream.\n * The input stream will only be canceled if both the clone and the input stream are canceled.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction clone(input) {\n if (isArrayStream(input)) {\n return input.clone();\n }\n if (isStream(input)) {\n const teed = tee(input);\n overwrite(input, teed[0]);\n return teed[1];\n }\n return slice(input);\n}\n\n/**\n * Clone a Stream for reading it twice. Data will arrive at the same rate as the input stream is being read.\n * Reading from the clone will NOT pull from the input stream. Data only arrives when reading the input stream.\n * The input stream will NOT be canceled if the clone is canceled, only if the input stream are canceled.\n * If the input stream is canceled, the clone will be errored.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} cloned input\n */\nfunction passiveClone(input) {\n if (isArrayStream(input)) {\n return clone(input);\n }\n if (isStream(input)) {\n return new ReadableStream({\n start(controller) {\n const transformed = transformPair(input, async (readable, writable) => {\n const reader = getReader(readable);\n const writer = getWriter(writable);\n try {\n // eslint-disable-next-line no-constant-condition\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n try { controller.close(); } catch(e) {}\n await writer.close();\n return;\n }\n try { controller.enqueue(value); } catch(e) {}\n await writer.write(value);\n }\n } catch(e) {\n controller.error(e);\n await writer.abort(e);\n }\n });\n overwrite(input, transformed);\n }\n });\n }\n return slice(input);\n}\n\n/**\n * Modify a stream object to point to a different stream object.\n * This is used internally by clone() and passiveClone() to provide an abstraction over tee().\n * @param {ReadableStream} input\n * @param {ReadableStream} clone\n */\nfunction overwrite(input, clone) {\n // Overwrite input.getReader, input.locked, etc to point to clone\n Object.entries(Object.getOwnPropertyDescriptors(input.constructor.prototype)).forEach(([name, descriptor]) => {\n if (name === 'constructor') {\n return;\n }\n if (descriptor.value) {\n descriptor.value = descriptor.value.bind(clone);\n } else {\n descriptor.get = descriptor.get.bind(clone);\n }\n Object.defineProperty(input, name, descriptor);\n });\n}\n\n/**\n * Return a stream pointing to a part of the input stream.\n * @param {ReadableStream|Uint8array|String} input\n * @returns {ReadableStream|Uint8array|String} clone\n */\nfunction slice(input, begin=0, end=Infinity) {\n if (isArrayStream(input)) {\n throw new Error('Not implemented');\n }\n if (isStream(input)) {\n if (begin >= 0 && end >= 0) {\n let bytesRead = 0;\n return transformRaw(input, {\n transform(value, controller) {\n if (bytesRead < end) {\n if (bytesRead + value.length >= begin) {\n controller.enqueue(slice(value, Math.max(begin - bytesRead, 0), end - bytesRead));\n }\n bytesRead += value.length;\n } else {\n controller.terminate();\n }\n }\n });\n }\n if (begin < 0 && (end < 0 || end === Infinity)) {\n let lastBytes = [];\n return transform(input, value => {\n if (value.length >= -begin) lastBytes = [value];\n else lastBytes.push(value);\n }, () => slice(concat(lastBytes), begin, end));\n }\n if (begin === 0 && end < 0) {\n let lastBytes;\n return transform(input, value => {\n const returnValue = lastBytes ? concat([lastBytes, value]) : value;\n if (returnValue.length >= -end) {\n lastBytes = slice(returnValue, end);\n return slice(returnValue, begin, end);\n }\n lastBytes = returnValue;\n });\n }\n console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`);\n return fromAsync(async () => slice(await readToEnd(input), begin, end));\n }\n if (input[externalBuffer]) {\n input = concat(input[externalBuffer].concat([input]));\n }\n if (isUint8Array(input)) {\n return input.subarray(begin, end === Infinity ? input.length : end);\n }\n return input.slice(begin, end);\n}\n\n/**\n * Read a stream to the end and return its contents, concatenated by the join function (defaults to concat).\n * @param {ReadableStream|Uint8array|String} input\n * @param {Function} join\n * @returns {Promise} the return value of join()\n * @async\n */\nasync function readToEnd(input, join=concat) {\n if (isArrayStream(input)) {\n return input.readToEnd(join);\n }\n if (isStream(input)) {\n return getReader(input).readToEnd(join);\n }\n return input;\n}\n\n/**\n * Cancel a stream.\n * @param {ReadableStream|Uint8array|String} input\n * @param {Any} reason\n * @returns {Promise} indicates when the stream has been canceled\n * @async\n */\nasync function cancel(input, reason) {\n if (isStream(input)) {\n if (input.cancel) {\n const cancelled = await input.cancel(reason);\n // the stream is not always cancelled at this point, so we wait some more\n await new Promise(setTimeout);\n return cancelled;\n }\n if (input.destroy) {\n input.destroy(reason);\n await new Promise(setTimeout);\n return reason;\n }\n }\n}\n\n/**\n * Convert an async function to an ArrayStream. When the function returns, its return value is written to the stream.\n * @param {Function} fn\n * @returns {ArrayStream}\n */\nfunction fromAsync(fn) {\n const arrayStream = new ArrayStream();\n (async () => {\n const writer = getWriter(arrayStream);\n try {\n await writer.write(await fn());\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n })();\n return arrayStream;\n}\n\n/**\n * Get a Reader\n * @param {ReadableStream|Uint8array|String} input\n * @returns {Reader}\n */\nfunction getReader(input) {\n return new Reader(input);\n}\n\n/**\n * Get a Writer\n * @param {WritableStream} input\n * @returns {Writer}\n */\nfunction getWriter(input) {\n return new Writer(input);\n}\n\n\nexport {\n ArrayStream,\n toStream,\n concatStream,\n concat,\n getReader,\n getWriter,\n pipe,\n transformRaw,\n transform,\n transformPair,\n parse,\n clone,\n passiveClone,\n slice,\n readToEnd,\n cancel,\n fromAsync\n};\n","/**\n * @module enums\n */\n\nconst byValue = Symbol('byValue');\n\nexport default {\n\n /** Maps curve names under various standards to one\n * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki}\n * @enum {String}\n * @readonly\n */\n curve: {\n /** NIST P-256 Curve */\n 'nistP256': 'nistP256',\n /** @deprecated use `nistP256` instead */\n 'p256': 'nistP256',\n\n /** NIST P-384 Curve */\n 'nistP384': 'nistP384',\n /** @deprecated use `nistP384` instead */\n 'p384': 'nistP384',\n\n /** NIST P-521 Curve */\n 'nistP521': 'nistP521',\n /** @deprecated use `nistP521` instead */\n 'p521': 'nistP521',\n\n /** SECG SECP256k1 Curve */\n 'secp256k1': 'secp256k1',\n\n /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */\n 'ed25519Legacy': 'ed25519Legacy',\n /** @deprecated use `ed25519Legacy` instead */\n 'ed25519': 'ed25519Legacy',\n\n /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */\n 'curve25519Legacy': 'curve25519Legacy',\n /** @deprecated use `curve25519Legacy` instead */\n 'curve25519': 'curve25519Legacy',\n\n /** BrainpoolP256r1 Curve */\n 'brainpoolP256r1': 'brainpoolP256r1',\n\n /** BrainpoolP384r1 Curve */\n 'brainpoolP384r1': 'brainpoolP384r1',\n\n /** BrainpoolP512r1 Curve */\n 'brainpoolP512r1': 'brainpoolP512r1'\n },\n\n /** A string to key specifier type\n * @enum {Integer}\n * @readonly\n */\n s2k: {\n simple: 0,\n salted: 1,\n iterated: 3,\n argon2: 4,\n gnu: 101\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1}\n * @enum {Integer}\n * @readonly\n */\n publicKey: {\n /** RSA (Encrypt or Sign) [HAC] */\n rsaEncryptSign: 1,\n /** RSA (Encrypt only) [HAC] */\n rsaEncrypt: 2,\n /** RSA (Sign only) [HAC] */\n rsaSign: 3,\n /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */\n elgamal: 16,\n /** DSA (Sign only) [FIPS186] [HAC] */\n dsa: 17,\n /** ECDH (Encrypt only) [RFC6637] */\n ecdh: 18,\n /** ECDSA (Sign only) [RFC6637] */\n ecdsa: 19,\n /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)\n * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */\n eddsaLegacy: 22,\n /** Reserved for AEDH */\n aedh: 23,\n /** Reserved for AEDSA */\n aedsa: 24,\n /** X25519 (Encrypt only) */\n x25519: 25,\n /** X448 (Encrypt only) */\n x448: 26,\n /** Ed25519 (Sign only) */\n ed25519: 27,\n /** Ed448 (Sign only) */\n ed448: 28\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}\n * @enum {Integer}\n * @readonly\n */\n symmetric: {\n /** Not implemented! */\n idea: 1,\n tripledes: 2,\n cast5: 3,\n blowfish: 4,\n aes128: 7,\n aes192: 8,\n aes256: 9,\n twofish: 10\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}\n * @enum {Integer}\n * @readonly\n */\n compression: {\n uncompressed: 0,\n /** RFC1951 */\n zip: 1,\n /** RFC1950 */\n zlib: 2,\n bzip2: 3\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}\n * @enum {Integer}\n * @readonly\n */\n hash: {\n md5: 1,\n sha1: 2,\n ripemd: 3,\n sha256: 8,\n sha384: 9,\n sha512: 10,\n sha224: 11,\n sha3_256: 12,\n sha3_512: 14\n },\n\n /** A list of hash names as accepted by webCrypto functions.\n * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}\n * @enum {String}\n */\n webHash: {\n 'SHA-1': 2,\n 'SHA-256': 8,\n 'SHA-384': 9,\n 'SHA-512': 10\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}\n * @enum {Integer}\n * @readonly\n */\n aead: {\n eax: 1,\n ocb: 2,\n gcm: 3,\n experimentalGCM: 100 // Private algorithm\n },\n\n /** A list of packet types and numeric tags associated with them.\n * @enum {Integer}\n * @readonly\n */\n packet: {\n publicKeyEncryptedSessionKey: 1,\n signature: 2,\n symEncryptedSessionKey: 3,\n onePassSignature: 4,\n secretKey: 5,\n publicKey: 6,\n secretSubkey: 7,\n compressedData: 8,\n symmetricallyEncryptedData: 9,\n marker: 10,\n literalData: 11,\n trust: 12,\n userID: 13,\n publicSubkey: 14,\n userAttribute: 17,\n symEncryptedIntegrityProtectedData: 18,\n modificationDetectionCode: 19,\n aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1\n padding: 21\n },\n\n /** Data types in the literal packet\n * @enum {Integer}\n * @readonly\n */\n literal: {\n /** Binary data 'b' */\n binary: 'b'.charCodeAt(),\n /** Text data 't' */\n text: 't'.charCodeAt(),\n /** Utf8 data 'u' */\n utf8: 'u'.charCodeAt(),\n /** MIME message body part 'm' */\n mime: 'm'.charCodeAt()\n },\n\n\n /** One pass signature packet type\n * @enum {Integer}\n * @readonly\n */\n signature: {\n /** 0x00: Signature of a binary document. */\n binary: 0,\n /** 0x01: Signature of a canonical text document.\n *\n * Canonicalyzing the document by converting line endings. */\n text: 1,\n /** 0x02: Standalone signature.\n *\n * This signature is a signature of only its own subpacket contents.\n * It is calculated identically to a signature over a zero-lengh\n * binary document. Note that it doesn't make sense to have a V3\n * standalone signature. */\n standalone: 2,\n /** 0x10: Generic certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification does not make any particular\n * assertion as to how well the certifier has checked that the owner\n * of the key is in fact the person described by the User ID. */\n certGeneric: 16,\n /** 0x11: Persona certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has not done any verification of\n * the claim that the owner of this key is the User ID specified. */\n certPersona: 17,\n /** 0x12: Casual certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done some casual\n * verification of the claim of identity. */\n certCasual: 18,\n /** 0x13: Positive certification of a User ID and Public-Key packet.\n *\n * The issuer of this certification has done substantial\n * verification of the claim of identity.\n *\n * Most OpenPGP implementations make their \"key signatures\" as 0x10\n * certifications. Some implementations can issue 0x11-0x13\n * certifications, but few differentiate between the types. */\n certPositive: 19,\n /** 0x30: Certification revocation signature\n *\n * This signature revokes an earlier User ID certification signature\n * (signature class 0x10 through 0x13) or direct-key signature\n * (0x1F). It should be issued by the same key that issued the\n * revoked signature or an authorized revocation key. The signature\n * is computed over the same data as the certificate that it\n * revokes, and should have a later creation date than that\n * certificate. */\n certRevocation: 48,\n /** 0x18: Subkey Binding Signature\n *\n * This signature is a statement by the top-level signing key that\n * indicates that it owns the subkey. This signature is calculated\n * directly on the primary key and subkey, and not on any User ID or\n * other packets. A signature that binds a signing subkey MUST have\n * an Embedded Signature subpacket in this binding signature that\n * contains a 0x19 signature made by the signing subkey on the\n * primary key and subkey. */\n subkeyBinding: 24,\n /** 0x19: Primary Key Binding Signature\n *\n * This signature is a statement by a signing subkey, indicating\n * that it is owned by the primary key and subkey. This signature\n * is calculated the same way as a 0x18 signature: directly on the\n * primary key and subkey, and not on any User ID or other packets.\n *\n * When a signature is made over a key, the hash data starts with the\n * octet 0x99, followed by a two-octet length of the key, and then body\n * of the key packet. (Note that this is an old-style packet header for\n * a key packet with two-octet length.) A subkey binding signature\n * (type 0x18) or primary key binding signature (type 0x19) then hashes\n * the subkey using the same format as the main key (also using 0x99 as\n * the first octet). */\n keyBinding: 25,\n /** 0x1F: Signature directly on a key\n *\n * This signature is calculated directly on a key. It binds the\n * information in the Signature subpackets to the key, and is\n * appropriate to be used for subpackets that provide information\n * about the key, such as the Revocation Key subpacket. It is also\n * appropriate for statements that non-self certifiers want to make\n * about the key itself, rather than the binding between a key and a\n * name. */\n key: 31,\n /** 0x20: Key revocation signature\n *\n * The signature is calculated directly on the key being revoked. A\n * revoked key is not to be used. Only revocation signatures by the\n * key being revoked, or by an authorized revocation key, should be\n * considered valid revocation signatures.a */\n keyRevocation: 32,\n /** 0x28: Subkey revocation signature\n *\n * The signature is calculated directly on the subkey being revoked.\n * A revoked subkey is not to be used. Only revocation signatures\n * by the top-level signature key that is bound to this subkey, or\n * by an authorized revocation key, should be considered valid\n * revocation signatures.\n *\n * Key revocation signatures (types 0x20 and 0x28)\n * hash only the key being revoked. */\n subkeyRevocation: 40,\n /** 0x40: Timestamp signature.\n * This signature is only meaningful for the timestamp contained in\n * it. */\n timestamp: 64,\n /** 0x50: Third-Party Confirmation signature.\n *\n * This signature is a signature over some other OpenPGP Signature\n * packet(s). It is analogous to a notary seal on the signed data.\n * A third-party signature SHOULD include Signature Target\n * subpacket(s) to give easy identification. Note that we really do\n * mean SHOULD. There are plausible uses for this (such as a blind\n * party that only sees the signature, not the key or source\n * document) that cannot include a target subpacket. */\n thirdParty: 80\n },\n\n /** Signature subpacket type\n * @enum {Integer}\n * @readonly\n */\n signatureSubpacket: {\n signatureCreationTime: 2,\n signatureExpirationTime: 3,\n exportableCertification: 4,\n trustSignature: 5,\n regularExpression: 6,\n revocable: 7,\n keyExpirationTime: 9,\n placeholderBackwardsCompatibility: 10,\n preferredSymmetricAlgorithms: 11,\n revocationKey: 12,\n issuerKeyID: 16,\n notationData: 20,\n preferredHashAlgorithms: 21,\n preferredCompressionAlgorithms: 22,\n keyServerPreferences: 23,\n preferredKeyServer: 24,\n primaryUserID: 25,\n policyURI: 26,\n keyFlags: 27,\n signersUserID: 28,\n reasonForRevocation: 29,\n features: 30,\n signatureTarget: 31,\n embeddedSignature: 32,\n issuerFingerprint: 33,\n preferredAEADAlgorithms: 34,\n preferredCipherSuites: 39\n },\n\n /** Key flags\n * @enum {Integer}\n * @readonly\n */\n keyFlags: {\n /** 0x01 - This key may be used to certify other keys. */\n certifyKeys: 1,\n /** 0x02 - This key may be used to sign data. */\n signData: 2,\n /** 0x04 - This key may be used to encrypt communications. */\n encryptCommunication: 4,\n /** 0x08 - This key may be used to encrypt storage. */\n encryptStorage: 8,\n /** 0x10 - The private component of this key may have been split\n * by a secret-sharing mechanism. */\n splitPrivateKey: 16,\n /** 0x20 - This key may be used for authentication. */\n authentication: 32,\n /** 0x80 - The private component of this key may be in the\n * possession of more than one person. */\n sharedPrivateKey: 128\n },\n\n /** Armor type\n * @enum {Integer}\n * @readonly\n */\n armor: {\n multipartSection: 0,\n multipartLast: 1,\n signed: 2,\n message: 3,\n publicKey: 4,\n privateKey: 5,\n signature: 6\n },\n\n /** {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.23|RFC4880, section 5.2.3.23}\n * @enum {Integer}\n * @readonly\n */\n reasonForRevocation: {\n /** No reason specified (key revocations or cert revocations) */\n noReason: 0,\n /** Key is superseded (key revocations) */\n keySuperseded: 1,\n /** Key material has been compromised (key revocations) */\n keyCompromised: 2,\n /** Key is retired and no longer used (key revocations) */\n keyRetired: 3,\n /** User ID information is no longer valid (cert revocations) */\n userIDInvalid: 32\n },\n\n /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.2.3.25|RFC4880bis-04, section 5.2.3.25}\n * @enum {Integer}\n * @readonly\n */\n features: {\n /** 0x01 - Modification Detection (packets 18 and 19) */\n modificationDetection: 1,\n /** 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5\n * Symmetric-Key Encrypted Session Key Packets (packet 3) */\n aead: 2,\n /** 0x04 - Version 5 Public-Key Packet format and corresponding new\n * fingerprint format */\n v5Keys: 4,\n seipdv2: 8\n },\n\n /**\n * Asserts validity of given value and converts from string/integer to integer.\n * @param {Object} type target enum type\n * @param {String|Integer} e value to check and/or convert\n * @returns {Integer} enum value if it exists\n * @throws {Error} if the value is invalid\n */\n write: function(type, e) {\n if (typeof e === 'number') {\n e = this.read(type, e);\n }\n\n if (type[e] !== undefined) {\n return type[e];\n }\n\n throw new Error('Invalid enum value.');\n },\n\n /**\n * Converts enum integer value to the corresponding string, if it exists.\n * @param {Object} type target enum type\n * @param {Integer} e value to convert\n * @returns {String} name of enum value if it exists\n * @throws {Error} if the value is invalid\n */\n read: function(type, e) {\n if (!type[byValue]) {\n type[byValue] = [];\n Object.entries(type).forEach(([key, value]) => {\n type[byValue][value] = key;\n });\n }\n\n if (type[byValue][e] !== undefined) {\n return type[byValue][e];\n }\n\n throw new Error('Invalid enum value.');\n }\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Global configuration values.\n */\n\nimport enums from '../enums';\n\nexport default {\n /**\n * @memberof module:config\n * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}\n */\n preferredHashAlgorithm: enums.hash.sha512,\n /**\n * @memberof module:config\n * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}\n */\n preferredSymmetricAlgorithm: enums.symmetric.aes256,\n /**\n * @memberof module:config\n * @property {Integer} compression Default compression algorithm {@link module:enums.compression}\n */\n preferredCompressionAlgorithm: enums.compression.uncompressed,\n /**\n * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.\n * This option is applicable to:\n * - key generation (encryption key preferences),\n * - password-based message encryption, and\n * - private key encryption.\n * In the case of message encryption using public keys, the encryption key preferences are respected instead.\n * Note: not all OpenPGP implementations are compatible with this option.\n * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}\n * @memberof module:config\n * @property {Boolean} aeadProtect\n */\n aeadProtect: false,\n /**\n * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)\n * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,\n * this option must be set, otherwise key parsing and/or key decryption will fail.\n * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys\n * will be processed incorrectly.\n */\n parseAEADEncryptedV4KeysAsLegacy: false,\n /**\n * Default Authenticated Encryption with Additional Data (AEAD) encryption mode\n * Only has an effect when aeadProtect is set to true.\n * @memberof module:config\n * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}\n */\n preferredAEADAlgorithm: enums.aead.gcm,\n /**\n * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode\n * Only has an effect when aeadProtect is set to true.\n * Must be an integer value from 0 to 56.\n * @memberof module:config\n * @property {Integer} aeadChunkSizeByte\n */\n aeadChunkSizeByte: 12,\n /**\n * Use v6 keys.\n * Note: not all OpenPGP implementations are compatible with this option.\n * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**\n * @memberof module:config\n * @property {Boolean} v6Keys\n */\n v6Keys: false,\n /**\n * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet).\n * These are non-standard entities, which in the crypto-refresh have been superseded\n * by v6 keys and v6 signatures, respectively.\n * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries,\n * hence parsing them might be necessary in some cases.\n */\n enableParsingV5Entities: false,\n /**\n * S2K (String to Key) type, used for key derivation in the context of secret key encryption\n * and password-encrypted data. Weaker s2k options are not allowed.\n * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it\n * (pending standardisation).\n * @memberof module:config\n * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}\n */\n s2kType: enums.s2k.iterated,\n /**\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:\n * Iteration Count Byte for Iterated and Salted S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.\n * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).\n * @memberof module:config\n * @property {Integer} s2kIterationCountByte\n */\n s2kIterationCountByte: 224,\n /**\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:\n * Argon2 parameters for S2K (String to Key).\n * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.\n * Default settings correspond to the second recommendation from RFC9106 (\"uniformly safe option\"),\n * to ensure compatibility with memory-constrained environments.\n * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.\n * @memberof module:config\n * @property {Object} params\n * @property {Integer} params.passes - number of iterations t\n * @property {Integer} params.parallelism - degree of parallelism p\n * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.\n */\n s2kArgon2Params: {\n passes: 3,\n parallelism: 4, // lanes\n memoryExponent: 16 // 64 MiB of RAM\n },\n /**\n * Allow decryption of messages without integrity protection.\n * This is an **insecure** setting:\n * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.\n * - it enables downgrade attacks against integrity-protected messages.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedMessages\n */\n allowUnauthenticatedMessages: false,\n /**\n * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to\n * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible\n * and deferring checking their integrity until the decrypted stream has been read in full.\n *\n * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:\n * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL\n * (see https://efail.de/).\n * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.\n *\n * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.\n * @memberof module:config\n * @property {Boolean} allowUnauthenticatedStream\n */\n allowUnauthenticatedStream: false,\n /**\n * Minimum RSA key size allowed for key generation and message signing, verification and encryption.\n * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.\n * @memberof module:config\n * @property {Number} minRSABits\n */\n minRSABits: 2047,\n /**\n * Work-around for rare GPG decryption bug when encrypting with multiple passwords.\n * **Slower and slightly less secure**\n * @memberof module:config\n * @property {Boolean} passwordCollisionCheck\n */\n passwordCollisionCheck: false,\n /**\n * Allow decryption using RSA keys without `encrypt` flag.\n * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug\n * where key flags were ignored when selecting a key for encryption.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureDecryptionWithSigningKeys: false,\n /**\n * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.\n * Instead, a verification key will also be consider valid as long as it is valid at the current time.\n * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,\n * and have self-signature's creation date that does not match the primary key creation date.\n * @memberof module:config\n * @property {Boolean} allowInsecureDecryptionWithSigningKeys\n */\n allowInsecureVerificationWithReformattedKeys: false,\n /**\n * Allow using keys that do not have any key flags set.\n * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages\n * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).\n * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.\n * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.\n */\n allowMissingKeyFlags: false,\n /**\n * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).\n * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:\n * - new/incoming messages are automatically decrypted (without user interaction);\n * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).\n * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.\n * @memberof module:config\n * @property {Boolean} constantTimePKCS1Decryption\n */\n constantTimePKCS1Decryption: false,\n /**\n * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.\n * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.\n * However, the more algorithms are added, the slower the decryption procedure becomes.\n * @memberof module:config\n * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}\n */\n constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),\n /**\n * @memberof module:config\n * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error\n */\n ignoreUnsupportedPackets: true,\n /**\n * @memberof module:config\n * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error\n */\n ignoreMalformedPackets: false,\n /**\n * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only\n * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable\n * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).\n * @memberof module:config\n * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]\n */\n additionalAllowedPackets: [],\n /**\n * @memberof module:config\n * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages\n */\n showVersion: false,\n /**\n * @memberof module:config\n * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages\n */\n showComment: false,\n /**\n * @memberof module:config\n * @property {String} versionString A version string to be included in armored messages\n */\n versionString: 'OpenPGP.js VERSION',\n /**\n * @memberof module:config\n * @property {String} commentString A comment string to be included in armored messages\n */\n commentString: 'https://openpgpjs.org',\n\n /**\n * Max userID string length (used for parsing)\n * @memberof module:config\n * @property {Integer} maxUserIDLength\n */\n maxUserIDLength: 1024 * 5,\n /**\n * Contains notatations that are considered \"known\". Known notations do not trigger\n * validation error when the notation is marked as critical.\n * @memberof module:config\n * @property {Array} knownNotations\n */\n knownNotations: [],\n /**\n * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design).\n * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur\n * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of\n * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.\n * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases.\n */\n nonDeterministicSignaturesViaNotation: true,\n /**\n * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.\n * When false, certain standard curves will not be supported (depending on the platform).\n * @memberof module:config\n * @property {Boolean} useEllipticFallback\n */\n useEllipticFallback: true,\n /**\n * Reject insecure hash algorithms\n * @memberof module:config\n * @property {Set} rejectHashAlgorithms {@link module:enums.hash}\n */\n rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),\n /**\n * Reject insecure message hash algorithms\n * @memberof module:config\n * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash}\n */\n rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),\n /**\n * Reject insecure public key algorithms for key generation and message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey}\n */\n rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),\n /**\n * Reject non-standard curves for key generation, message encryption, signing or verification\n * @memberof module:config\n * @property {Set} rejectCurves {@link module:enums.curve}\n */\n rejectCurves: new Set([enums.curve.secp256k1])\n};\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/* eslint-disable no-console */\n\n/**\n * This object contains utility functions\n * @module util\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { createRequire } from 'module'; // Must be stripped in browser built\nimport enums from './enums';\nimport defaultConfig from './config';\n\nconst debugMode = (() => {\n try {\n return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env\n } catch (e) {}\n return false;\n})();\n\nconst util = {\n isString: function(data) {\n return typeof data === 'string' || data instanceof String;\n },\n\n nodeRequire: createRequire(import.meta.url),\n\n isArray: function(data) {\n return data instanceof Array;\n },\n\n isUint8Array: stream.isUint8Array,\n\n isStream: stream.isStream,\n\n /**\n * Load noble-curves lib on demand and return the requested curve function\n * @param {enums.publicKey} publicKeyAlgo\n * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA)\n * @returns curve implementation\n * @throws on unrecognized curve, or curve not implemented by noble-curve\n */\n getNobleCurve: async (publicKeyAlgo, curveName) => {\n if (!defaultConfig.useEllipticFallback) {\n throw new Error('This curve is only supported in the full build of OpenPGP.js');\n }\n\n const { nobleCurves } = await import('./crypto/public_key/elliptic/noble_curves');\n switch (publicKeyAlgo) {\n case enums.publicKey.ecdh:\n case enums.publicKey.ecdsa: {\n const curve = nobleCurves.get(curveName);\n if (!curve) throw new Error('Unsupported curve');\n return curve;\n }\n case enums.publicKey.x448:\n return nobleCurves.get('x448');\n case enums.publicKey.ed448:\n return nobleCurves.get('ed448');\n default:\n throw new Error('Unsupported curve');\n }\n },\n\n readNumber: function (bytes) {\n let n = 0;\n for (let i = 0; i < bytes.length; i++) {\n n += (256 ** i) * bytes[bytes.length - 1 - i];\n }\n return n;\n },\n\n writeNumber: function (n, bytes) {\n const b = new Uint8Array(bytes);\n for (let i = 0; i < bytes; i++) {\n b[i] = (n >> (8 * (bytes - i - 1))) & 0xFF;\n }\n\n return b;\n },\n\n readDate: function (bytes) {\n const n = util.readNumber(bytes);\n const d = new Date(n * 1000);\n return d;\n },\n\n writeDate: function (time) {\n const numeric = Math.floor(time.getTime() / 1000);\n\n return util.writeNumber(numeric, 4);\n },\n\n normalizeDate: function (time = Date.now()) {\n return time === null || time === Infinity ? time : new Date(Math.floor(+time / 1000) * 1000);\n },\n\n /**\n * Read one MPI from bytes in input\n * @param {Uint8Array} bytes - Input data to parse\n * @returns {Uint8Array} Parsed MPI.\n */\n readMPI: function (bytes) {\n const bits = (bytes[0] << 8) | bytes[1];\n const bytelen = (bits + 7) >>> 3;\n // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures,\n // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed\n // has not been authenticated (yet).\n // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues.\n // Also, AEAD is also not affected.\n return util.readExactSubarray(bytes, 2, 2 + bytelen);\n },\n\n /**\n * Read exactly `end - start` bytes from input.\n * This is a stricter version of `.subarray`.\n * @param {Uint8Array} input - Input data to parse\n * @returns {Uint8Array} subarray of size always equal to `end - start`\n * @throws if the input array is too short.\n */\n readExactSubarray: function (input, start, end) {\n if (input.length < (end - start)) {\n throw new Error('Input array too short');\n }\n return input.subarray(start, end);\n },\n\n /**\n * Left-pad Uint8Array to length by adding 0x0 bytes\n * @param {Uint8Array} bytes - Data to pad\n * @param {Number} length - Padded length\n * @returns {Uint8Array} Padded bytes.\n */\n leftPad(bytes, length) {\n if (bytes.length > length) {\n throw new Error('Input array too long');\n }\n const padded = new Uint8Array(length);\n const offset = length - bytes.length;\n padded.set(bytes, offset);\n return padded;\n },\n\n /**\n * Convert a Uint8Array to an MPI-formatted Uint8Array.\n * @param {Uint8Array} bin - An array of 8-bit integers to convert\n * @returns {Uint8Array} MPI-formatted Uint8Array.\n */\n uint8ArrayToMPI: function (bin) {\n const bitSize = util.uint8ArrayBitLength(bin);\n if (bitSize === 0) {\n throw new Error('Zero MPI');\n }\n const stripped = bin.subarray(bin.length - Math.ceil(bitSize / 8));\n const prefix = new Uint8Array([(bitSize & 0xFF00) >> 8, bitSize & 0xFF]);\n return util.concatUint8Array([prefix, stripped]);\n },\n\n /**\n * Return bit length of the input data\n * @param {Uint8Array} bin input data (big endian)\n * @returns bit length\n */\n uint8ArrayBitLength: function (bin) {\n let i; // index of leading non-zero byte\n for (i = 0; i < bin.length; i++) if (bin[i] !== 0) break;\n if (i === bin.length) {\n return 0;\n }\n const stripped = bin.subarray(i);\n return (stripped.length - 1) * 8 + util.nbits(stripped[0]);\n },\n\n /**\n * Convert a hex string to an array of 8-bit integers\n * @param {String} hex - A hex string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n hexToUint8Array: function (hex) {\n const result = new Uint8Array(hex.length >> 1);\n for (let k = 0; k < hex.length >> 1; k++) {\n result[k] = parseInt(hex.substr(k << 1, 2), 16);\n }\n return result;\n },\n\n /**\n * Convert an array of 8-bit integers to a hex string\n * @param {Uint8Array} bytes - Array of 8-bit integers to convert\n * @returns {String} Hexadecimal representation of the array.\n */\n uint8ArrayToHex: function (bytes) {\n const hexAlphabet = '0123456789abcdef';\n let s = '';\n bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; });\n return s;\n },\n\n /**\n * Convert a string to an array of 8-bit integers\n * @param {String} str - String to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\n stringToUint8Array: function (str) {\n return stream.transform(str, str => {\n if (!util.isString(str)) {\n throw new Error('stringToUint8Array: Data must be in the form of a string');\n }\n\n const result = new Uint8Array(str.length);\n for (let i = 0; i < str.length; i++) {\n result[i] = str.charCodeAt(i);\n }\n return result;\n });\n },\n\n /**\n * Convert an array of 8-bit integers to a string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @returns {String} String representation of the array.\n */\n uint8ArrayToString: function (bytes) {\n bytes = new Uint8Array(bytes);\n const result = [];\n const bs = 1 << 14;\n const j = bytes.length;\n\n for (let i = 0; i < j; i += bs) {\n result.push(String.fromCharCode.apply(String, bytes.subarray(i, i + bs < j ? i + bs : j)));\n }\n return result.join('');\n },\n\n /**\n * Convert a native javascript string to a Uint8Array of utf8 bytes\n * @param {String|ReadableStream} str - The string to convert\n * @returns {Uint8Array|ReadableStream} A valid squence of utf8 bytes.\n */\n encodeUTF8: function (str) {\n const encoder = new TextEncoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return encoder.encode(value, { stream: !lastChunk });\n }\n return stream.transform(str, process, () => process('', true));\n },\n\n /**\n * Convert a Uint8Array of utf8 bytes to a native javascript string\n * @param {Uint8Array|ReadableStream} utf8 - A valid squence of utf8 bytes\n * @returns {String|ReadableStream} A native javascript string.\n */\n decodeUTF8: function (utf8) {\n const decoder = new TextDecoder('utf-8');\n // eslint-disable-next-line no-inner-declarations\n function process(value, lastChunk = false) {\n return decoder.decode(value, { stream: !lastChunk });\n }\n return stream.transform(utf8, process, () => process(new Uint8Array(), true));\n },\n\n /**\n * Concat a list of Uint8Arrays, Strings or Streams\n * The caller must not mix Uint8Arrays with Strings, but may mix Streams with non-Streams.\n * @param {Array} Array - Of Uint8Arrays/Strings/Streams to concatenate\n * @returns {Uint8Array|String|ReadableStream} Concatenated array.\n */\n concat: stream.concat,\n\n /**\n * Concat Uint8Arrays\n * @param {Array} Array - Of Uint8Arrays to concatenate\n * @returns {Uint8Array} Concatenated array.\n */\n concatUint8Array: stream.concatUint8Array,\n\n /**\n * Check Uint8Array equality\n * @param {Uint8Array} array1 - First array\n * @param {Uint8Array} array2 - Second array\n * @returns {Boolean} Equality.\n */\n equalsUint8Array: function (array1, array2) {\n if (!util.isUint8Array(array1) || !util.isUint8Array(array2)) {\n throw new Error('Data must be in the form of a Uint8Array');\n }\n\n if (array1.length !== array2.length) {\n return false;\n }\n\n for (let i = 0; i < array1.length; i++) {\n if (array1[i] !== array2[i]) {\n return false;\n }\n }\n return true;\n },\n\n /**\n * Calculates a 16bit sum of a Uint8Array by adding each character\n * codes modulus 65535\n * @param {Uint8Array} Uint8Array - To create a sum of\n * @returns {Uint8Array} 2 bytes containing the sum of all charcodes % 65535.\n */\n writeChecksum: function (text) {\n let s = 0;\n for (let i = 0; i < text.length; i++) {\n s = (s + text[i]) & 0xFFFF;\n }\n return util.writeNumber(s, 2);\n },\n\n /**\n * Helper function to print a debug message. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebug: function (str) {\n if (debugMode) {\n console.log('[OpenPGP.js debug]', str);\n }\n },\n\n /**\n * Helper function to print a debug error. Debug\n * messages are only printed if\n * @param {String} str - String of the debug message\n */\n printDebugError: function (error) {\n if (debugMode) {\n console.error('[OpenPGP.js debug]', error);\n }\n },\n\n // returns bit length of the integer x\n nbits: function (x) {\n let r = 1;\n let t = x >>> 16;\n if (t !== 0) {\n x = t;\n r += 16;\n }\n t = x >> 8;\n if (t !== 0) {\n x = t;\n r += 8;\n }\n t = x >> 4;\n if (t !== 0) {\n x = t;\n r += 4;\n }\n t = x >> 2;\n if (t !== 0) {\n x = t;\n r += 2;\n }\n t = x >> 1;\n if (t !== 0) {\n x = t;\n r += 1;\n }\n return r;\n },\n\n /**\n * If S[1] == 0, then double(S) == (S[2..128] || 0);\n * otherwise, double(S) == (S[2..128] || 0) xor\n * (zeros(120) || 10000111).\n *\n * Both OCB and EAX (through CMAC) require this function to be constant-time.\n *\n * @param {Uint8Array} data\n */\n double: function(data) {\n const doubleVar = new Uint8Array(data.length);\n const last = data.length - 1;\n for (let i = 0; i < last; i++) {\n doubleVar[i] = (data[i] << 1) ^ (data[i + 1] >> 7);\n }\n doubleVar[last] = (data[last] << 1) ^ ((data[0] >> 7) * 0x87);\n return doubleVar;\n },\n\n /**\n * Shift a Uint8Array to the right by n bits\n * @param {Uint8Array} array - The array to shift\n * @param {Integer} bits - Amount of bits to shift (MUST be smaller\n * than 8)\n * @returns {String} Resulting array.\n */\n shiftRight: function (array, bits) {\n if (bits) {\n for (let i = array.length - 1; i >= 0; i--) {\n array[i] >>= bits;\n if (i > 0) {\n array[i] |= (array[i - 1] << (8 - bits));\n }\n }\n }\n return array;\n },\n\n /**\n * Get native Web Cryptography API.\n * @returns {Object} The SubtleCrypto API\n * @throws if the API is not available\n */\n getWebCrypto: function() {\n const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle;\n // Fallback for Node 16, which does not expose WebCrypto as a global\n const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle;\n if (!webCrypto) {\n throw new Error('The WebCrypto API is not available');\n }\n return webCrypto;\n },\n\n /**\n * Get native Node.js crypto api.\n * @returns {Object} The crypto module or 'undefined'.\n */\n getNodeCrypto: function() {\n return this.nodeRequire('crypto');\n },\n\n getNodeZlib: function() {\n return this.nodeRequire('zlib');\n },\n\n /**\n * Get native Node.js Buffer constructor. This should be used since\n * Buffer is not available under browserify.\n * @returns {Function} The Buffer constructor or 'undefined'.\n */\n getNodeBuffer: function() {\n return (this.nodeRequire('buffer') || {}).Buffer;\n },\n\n getHardwareConcurrency: function() {\n if (typeof navigator !== 'undefined') {\n return navigator.hardwareConcurrency || 1;\n }\n\n const os = this.nodeRequire('os'); // Assume we're on Node.js.\n return os.cpus().length;\n },\n\n /**\n * Test email format to ensure basic compliance:\n * - must include a single @\n * - no control or space unicode chars allowed\n * - no backslash and square brackets (as the latter can mess with the userID parsing)\n * - cannot end with a punctuation char\n * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation,\n * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)).\n */\n isEmailAddress: function(data) {\n if (!util.isString(data)) {\n return false;\n }\n const re = /^[^\\p{C}\\p{Z}@<>\\\\]+@[^\\p{C}\\p{Z}@<>\\\\]+[^\\p{C}\\p{Z}\\p{P}]$/u;\n return re.test(data);\n },\n\n /**\n * Normalize line endings to \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n canonicalizeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n const indices = [];\n for (let i = 0; ; i = index) {\n index = bytes.indexOf(LF, i) + 1;\n if (index) {\n if (bytes[index - 2] !== CR) indices.push(index);\n } else {\n break;\n }\n }\n if (!indices.length) {\n return bytes;\n }\n\n const normalized = new Uint8Array(bytes.length + indices.length);\n let j = 0;\n for (let i = 0; i < indices.length; i++) {\n const sub = bytes.subarray(indices[i - 1] || 0, indices[i]);\n normalized.set(sub, j);\n j += sub.length;\n normalized[j - 1] = CR;\n normalized[j] = LF;\n j++;\n }\n normalized.set(bytes.subarray(indices[indices.length - 1] || 0), j);\n return normalized;\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Convert line endings from canonicalized to native \n * Support any encoding where CR=0x0D, LF=0x0A\n */\n nativeEOL: function(data) {\n const CR = 13;\n const LF = 10;\n let carryOverCR = false;\n\n return stream.transform(data, bytes => {\n if (carryOverCR && bytes[0] !== LF) {\n bytes = util.concatUint8Array([new Uint8Array([CR]), bytes]);\n } else {\n bytes = new Uint8Array(bytes); // Don't mutate passed bytes\n }\n\n if (bytes[bytes.length - 1] === CR) {\n carryOverCR = true;\n bytes = bytes.subarray(0, -1);\n } else {\n carryOverCR = false;\n }\n\n let index;\n let j = 0;\n for (let i = 0; i !== bytes.length; i = index) {\n index = bytes.indexOf(CR, i) + 1;\n if (!index) index = bytes.length;\n const last = index - (bytes[index] === LF ? 1 : 0);\n if (i) bytes.copyWithin(j, i, last);\n j += last - i;\n }\n return bytes.subarray(0, j);\n }, () => (carryOverCR ? new Uint8Array([CR]) : undefined));\n },\n\n /**\n * Remove trailing spaces, carriage returns and tabs from each line\n */\n removeTrailingSpaces: function(text) {\n return text.split('\\n').map(line => {\n let i = line.length - 1;\n for (; i >= 0 && (line[i] === ' ' || line[i] === '\\t' || line[i] === '\\r'); i--);\n return line.substr(0, i + 1);\n }).join('\\n');\n },\n\n wrapError: function(message, error) {\n if (!error) {\n return new Error(message);\n }\n\n // update error message\n try {\n error.message = message + ': ' + error.message;\n } catch (e) {}\n\n return error;\n },\n\n /**\n * Map allowed packet tags to corresponding classes\n * Meant to be used to format `allowedPacket` for Packetlist.read\n * @param {Array} allowedClasses\n * @returns {Object} map from enum.packet to corresponding *Packet class\n */\n constructAllowedPackets: function(allowedClasses) {\n const map = {};\n allowedClasses.forEach(PacketClass => {\n if (!PacketClass.tag) {\n throw new Error('Invalid input: expected a packet class');\n }\n map[PacketClass.tag] = PacketClass;\n });\n return map;\n },\n\n /**\n * Return a Promise that will resolve as soon as one of the promises in input resolves\n * or will reject if all input promises all rejected\n * (similar to Promise.any, but with slightly different error handling)\n * @param {Array} promises\n * @return {Promise} Promise resolving to the result of the fastest fulfilled promise\n * or rejected with the Error of the last resolved Promise (if all promises are rejected)\n */\n anyPromise: function(promises) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n let exception;\n await Promise.all(promises.map(async promise => {\n try {\n resolve(await promise);\n } catch (e) {\n exception = e;\n }\n }));\n reject(exception);\n });\n },\n\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * @param {Boolean} cond\n * @param {Uint8Array} a\n * @param {Uint8Array} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8Array: function(cond, a, b) {\n const length = Math.max(a.length, b.length);\n const result = new Uint8Array(length);\n let end = 0;\n for (let i = 0; i < result.length; i++) {\n result[i] = (a[i] & (256 - cond)) | (b[i] & (255 + cond));\n end += (cond & i < a.length) | ((1 - cond) & i < b.length);\n }\n return result.subarray(0, end);\n },\n /**\n * Return either `a` or `b` based on `cond`, in algorithmic constant time.\n * NB: it only supports `a, b` with values between 0-255.\n * @param {Boolean} cond\n * @param {Uint8} a\n * @param {Uint8} b\n * @returns `a` if `cond` is true, `b` otherwise\n */\n selectUint8: function(cond, a, b) {\n return (a & (256 - cond)) | (b & (255 + cond));\n },\n /**\n * @param {module:enums.symmetric} cipherAlgo\n */\n isAES: function(cipherAlgo) {\n return cipherAlgo === enums.symmetric.aes128 || cipherAlgo === enums.symmetric.aes192 || cipherAlgo === enums.symmetric.aes256;\n }\n};\n\nexport default util;\n","/* OpenPGP radix-64/base64 string encoding/decoding\n * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de\n * version 1.0, check www.haneWIN.de for the latest version\n *\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other materials\n * provided with the application or distribution.\n */\n\n/**\n * @module encoding/base64\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../util';\n\nconst Buffer = util.getNodeBuffer();\n\nlet encodeChunk;\nlet decodeChunk;\nif (Buffer) {\n encodeChunk = buf => Buffer.from(buf).toString('base64');\n decodeChunk = str => {\n const b = Buffer.from(str, 'base64');\n return new Uint8Array(b.buffer, b.byteOffset, b.byteLength);\n };\n} else {\n encodeChunk = buf => btoa(util.uint8ArrayToString(buf));\n decodeChunk = str => util.stringToUint8Array(atob(str));\n}\n\n/**\n * Convert binary array to radix-64\n * @param {Uint8Array | ReadableStream} data - Uint8Array to convert\n * @returns {String | ReadableStream} Radix-64 version of input string.\n * @static\n */\nexport function encode(data) {\n let buf = new Uint8Array();\n return stream.transform(data, value => {\n buf = util.concatUint8Array([buf, value]);\n const r = [];\n const bytesPerLine = 45; // 60 chars per line * (3 bytes / 4 chars of base64).\n const lines = Math.floor(buf.length / bytesPerLine);\n const bytes = lines * bytesPerLine;\n const encoded = encodeChunk(buf.subarray(0, bytes));\n for (let i = 0; i < lines; i++) {\n r.push(encoded.substr(i * 60, 60));\n r.push('\\n');\n }\n buf = buf.subarray(bytes);\n return r.join('');\n }, () => (buf.length ? encodeChunk(buf) + '\\n' : ''));\n}\n\n/**\n * Convert radix-64 to binary array\n * @param {String | ReadableStream} data - Radix-64 string to convert\n * @returns {Uint8Array | ReadableStream} Binary array version of input string.\n * @static\n */\nexport function decode(data) {\n let buf = '';\n return stream.transform(data, value => {\n buf += value;\n\n // Count how many whitespace characters there are in buf\n let spaces = 0;\n const spacechars = [' ', '\\t', '\\r', '\\n'];\n for (let i = 0; i < spacechars.length; i++) {\n const spacechar = spacechars[i];\n for (let pos = buf.indexOf(spacechar); pos !== -1; pos = buf.indexOf(spacechar, pos + 1)) {\n spaces++;\n }\n }\n\n // Backtrack until we have 4n non-whitespace characters\n // that we can safely base64-decode\n let length = buf.length;\n for (; length > 0 && (length - spaces) % 4 !== 0; length--) {\n if (spacechars.includes(buf[length])) spaces--;\n }\n\n const decoded = decodeChunk(buf.substr(0, length));\n buf = buf.substr(length);\n return decoded;\n }, () => decodeChunk(buf));\n}\n\n/**\n * Convert a Base-64 encoded string an array of 8-bit integer\n *\n * Note: accepts both Radix-64 and URL-safe strings\n * @param {String} base64 - Base-64 encoded string to convert\n * @returns {Uint8Array} An array of 8-bit integers.\n */\nexport function b64ToUint8Array(base64) {\n return decode(base64.replace(/-/g, '+').replace(/_/g, '/'));\n}\n\n/**\n * Convert an array of 8-bit integer to a Base-64 encoded string\n * @param {Uint8Array} bytes - An array of 8-bit integers to convert\n * @param {bool} url - If true, output is URL-safe\n * @returns {String} Base-64 encoded string.\n */\nexport function uint8ArrayToB64(bytes, url) {\n let encoded = encode(bytes).replace(/[\\r\\n]/g, '');\n if (url) {\n encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');\n }\n return encoded;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport * as base64 from './base64';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Finds out which Ascii Armoring type is used. Throws error if unknown type.\n * @param {String} text - ascii armored text\n * @returns {Integer} 0 = MESSAGE PART n of m.\n * 1 = MESSAGE PART n\n * 2 = SIGNED MESSAGE\n * 3 = PGP MESSAGE\n * 4 = PUBLIC KEY BLOCK\n * 5 = PRIVATE KEY BLOCK\n * 6 = SIGNATURE\n * @private\n */\nfunction getType(text) {\n const reHeader = /^-----BEGIN PGP (MESSAGE, PART \\d+\\/\\d+|MESSAGE, PART \\d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m;\n\n const header = text.match(reHeader);\n\n if (!header) {\n throw new Error('Unknown ASCII armor type');\n }\n\n // BEGIN PGP MESSAGE, PART X/Y\n // Used for multi-part messages, where the armor is split amongst Y\n // parts, and this is the Xth part out of Y.\n if (/MESSAGE, PART \\d+\\/\\d+/.test(header[1])) {\n return enums.armor.multipartSection;\n }\n // BEGIN PGP MESSAGE, PART X\n // Used for multi-part messages, where this is the Xth part of an\n // unspecified number of parts. Requires the MESSAGE-ID Armor\n // Header to be used.\n if (/MESSAGE, PART \\d+/.test(header[1])) {\n return enums.armor.multipartLast;\n }\n // BEGIN PGP SIGNED MESSAGE\n if (/SIGNED MESSAGE/.test(header[1])) {\n return enums.armor.signed;\n }\n // BEGIN PGP MESSAGE\n // Used for signed, encrypted, or compressed files.\n if (/MESSAGE/.test(header[1])) {\n return enums.armor.message;\n }\n // BEGIN PGP PUBLIC KEY BLOCK\n // Used for armoring public keys.\n if (/PUBLIC KEY BLOCK/.test(header[1])) {\n return enums.armor.publicKey;\n }\n // BEGIN PGP PRIVATE KEY BLOCK\n // Used for armoring private keys.\n if (/PRIVATE KEY BLOCK/.test(header[1])) {\n return enums.armor.privateKey;\n }\n // BEGIN PGP SIGNATURE\n // Used for detached signatures, OpenPGP/MIME signatures, and\n // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE\n // for detached signatures.\n if (/SIGNATURE/.test(header[1])) {\n return enums.armor.signature;\n }\n}\n\n/**\n * Add additional information to the armor version of an OpenPGP binary\n * packet block.\n * @author Alex\n * @version 2011-12-16\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @returns {String} The header information.\n * @private\n */\nfunction addheader(customComment, config) {\n let result = '';\n if (config.showVersion) {\n result += 'Version: ' + config.versionString + '\\n';\n }\n if (config.showComment) {\n result += 'Comment: ' + config.commentString + '\\n';\n }\n if (customComment) {\n result += 'Comment: ' + customComment + '\\n';\n }\n result += '\\n';\n return result;\n}\n\n/**\n * Calculates a checksum over the given data and returns it base64 encoded\n * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for\n * @returns {String | ReadableStream} Base64 encoded checksum.\n * @private\n */\nfunction getCheckSum(data) {\n const crc = createcrc24(data);\n return base64.encode(crc);\n}\n\n// https://create.stephan-brumme.com/crc32/#slicing-by-8-overview\n\nconst crc_table = [\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF),\n new Array(0xFF)\n];\n\nfor (let i = 0; i <= 0xFF; i++) {\n let crc = i << 16;\n for (let j = 0; j < 8; j++) {\n crc = (crc << 1) ^ ((crc & 0x800000) !== 0 ? 0x864CFB : 0);\n }\n crc_table[0][i] =\n ((crc & 0xFF0000) >> 16) |\n (crc & 0x00FF00) |\n ((crc & 0x0000FF) << 16);\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[1][i] = (crc_table[0][i] >> 8) ^ crc_table[0][crc_table[0][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[2][i] = (crc_table[1][i] >> 8) ^ crc_table[0][crc_table[1][i] & 0xFF];\n}\nfor (let i = 0; i <= 0xFF; i++) {\n crc_table[3][i] = (crc_table[2][i] >> 8) ^ crc_table[0][crc_table[2][i] & 0xFF];\n}\n\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness\nconst isLittleEndian = (function() {\n const buffer = new ArrayBuffer(2);\n new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */);\n // Int16Array uses the platform's endianness.\n return new Int16Array(buffer)[0] === 0xFF;\n}());\n\n/**\n * Internal function to calculate a CRC-24 checksum over a given string (data)\n * @param {String | ReadableStream} input - Data to create a CRC-24 checksum for\n * @returns {Uint8Array | ReadableStream} The CRC-24 checksum.\n * @private\n */\nfunction createcrc24(input) {\n let crc = 0xCE04B7;\n return stream.transform(input, value => {\n const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0;\n const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32);\n for (let i = 0; i < len32; i++) {\n crc ^= arr32[i];\n crc =\n crc_table[0][(crc >> 24) & 0xFF] ^\n crc_table[1][(crc >> 16) & 0xFF] ^\n crc_table[2][(crc >> 8) & 0xFF] ^\n crc_table[3][(crc >> 0) & 0xFF];\n }\n for (let i = len32 * 4; i < value.length; i++) {\n crc = (crc >> 8) ^ crc_table[0][(crc & 0xFF) ^ value[i]];\n }\n }, () => new Uint8Array([crc, crc >> 8, crc >> 16]));\n}\n\n/**\n * Verify armored headers. crypto-refresh-06, section 6.2:\n * \"An OpenPGP implementation may consider improperly formatted Armor\n * Headers to be corruption of the ASCII Armor, but SHOULD make an\n * effort to recover.\"\n * @private\n * @param {Array} headers - Armor headers\n */\nfunction verifyHeaders(headers) {\n for (let i = 0; i < headers.length; i++) {\n if (!/^([^\\s:]|[^\\s:][^:]*[^\\s:]): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));\n }\n if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {\n util.printDebugError(new Error('Unknown header: ' + headers[i]));\n }\n }\n}\n\n/**\n * Remove the (optional) checksum from an armored message.\n * @param {String} text - OpenPGP armored message\n * @returns {String} The body of the armored message.\n * @private\n */\nfunction removeChecksum(text) {\n let body = text;\n\n const lastEquals = text.lastIndexOf('=');\n\n if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum\n body = text.slice(0, lastEquals);\n }\n\n return body;\n}\n\n/**\n * Dearmor an OpenPGP armored message; verify the checksum and return\n * the encoded bytes\n * @param {String} input - OpenPGP armored message\n * @returns {Promise} An object with attribute \"text\" containing the message text,\n * an attribute \"data\" containing a stream of bytes and \"type\" for the ASCII armor type\n * @async\n * @static\n */\nexport function unarmor(input) {\n // eslint-disable-next-line no-async-promise-executor\n return new Promise(async (resolve, reject) => {\n try {\n const reSplit = /^-----[^-]+-----$/m;\n const reEmptyLine = /^[ \\f\\r\\t\\u00a0\\u2000-\\u200a\\u202f\\u205f\\u3000]*$/;\n\n let type;\n const headers = [];\n let lastHeaders = headers;\n let headersDone;\n let text = [];\n let textDone;\n const data = base64.decode(stream.transformPair(input, async (readable, writable) => {\n const reader = stream.getReader(readable);\n try {\n while (true) {\n let line = await reader.readLine();\n if (line === undefined) {\n throw new Error('Misformed armored text');\n }\n // remove trailing whitespace at end of lines\n line = util.removeTrailingSpaces(line.replace(/[\\r\\n]/g, ''));\n if (!type) {\n if (reSplit.test(line)) {\n type = getType(line);\n }\n } else if (!headersDone) {\n if (reSplit.test(line)) {\n reject(new Error('Mandatory blank line missing between armor headers and armor data'));\n }\n if (!reEmptyLine.test(line)) {\n lastHeaders.push(line);\n } else {\n verifyHeaders(lastHeaders);\n headersDone = true;\n if (textDone || type !== enums.armor.signed) {\n resolve({ text, data, headers, type });\n break;\n }\n }\n } else if (!textDone && type === enums.armor.signed) {\n if (!reSplit.test(line)) {\n // Reverse dash-escaping for msg\n text.push(line.replace(/^- /, ''));\n } else {\n text = text.join('\\r\\n');\n textDone = true;\n verifyHeaders(lastHeaders);\n lastHeaders = [];\n headersDone = false;\n }\n }\n }\n } catch (e) {\n reject(e);\n return;\n }\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n throw new Error('Misformed armored text');\n }\n const line = value + '';\n if (line.indexOf('=') === -1 && line.indexOf('-') === -1) {\n await writer.write(line);\n } else {\n let remainder = await reader.readToEnd();\n if (!remainder.length) remainder = '';\n remainder = line + remainder;\n remainder = util.removeTrailingSpaces(remainder.replace(/\\r/g, ''));\n const parts = remainder.split(reSplit);\n if (parts.length === 1) {\n throw new Error('Misformed armored text');\n }\n const body = removeChecksum(parts[0].slice(0, -1));\n await writer.write(body);\n break;\n }\n }\n await writer.ready;\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n }));\n } catch (e) {\n reject(e);\n }\n }).then(async result => {\n if (stream.isArrayStream(result.data)) {\n result.data = await stream.readToEnd(result.data);\n }\n return result;\n });\n}\n\n\n/**\n * Armor an OpenPGP binary packet block\n * @param {module:enums.armor} messageType - Type of the message\n * @param {Uint8Array | ReadableStream} body - The message body to armor\n * @param {Integer} [partIndex]\n * @param {Integer} [partTotal]\n * @param {String} [customComment] - Additional comment to add to the armored string\n * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum\n * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} Armored text.\n * @static\n */\nexport function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) {\n let text;\n let hash;\n if (messageType === enums.armor.signed) {\n text = body.text;\n hash = body.hash;\n body = body.data;\n }\n // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug\n // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)\n const maybeBodyClone = emitChecksum && stream.passiveClone(body);\n\n const result = [];\n switch (messageType) {\n case enums.armor.multipartSection:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\\n');\n break;\n case enums.armor.multipartLast:\n result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\\n');\n break;\n case enums.armor.signed:\n result.push('-----BEGIN PGP SIGNED MESSAGE-----\\n');\n result.push(hash ? `Hash: ${hash}\\n\\n` : '\\n');\n result.push(text.replace(/^-/mg, '- -'));\n result.push('\\n-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n case enums.armor.message:\n result.push('-----BEGIN PGP MESSAGE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP MESSAGE-----\\n');\n break;\n case enums.armor.publicKey:\n result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PUBLIC KEY BLOCK-----\\n');\n break;\n case enums.armor.privateKey:\n result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP PRIVATE KEY BLOCK-----\\n');\n break;\n case enums.armor.signature:\n result.push('-----BEGIN PGP SIGNATURE-----\\n');\n result.push(addheader(customComment, config));\n result.push(base64.encode(body));\n maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone));\n result.push('-----END PGP SIGNATURE-----\\n');\n break;\n }\n\n return util.concat(result);\n}\n","import enums from '../../enums';\n\nexport async function getLegacyCipher(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n throw new Error('Not a legacy cipher');\n case enums.symmetric.cast5:\n case enums.symmetric.blowfish:\n case enums.symmetric.twofish:\n case enums.symmetric.tripledes: {\n const { legacyCiphers } = await import('./legacy_ciphers');\n const cipher = legacyCiphers.get(algo);\n if (!cipher) {\n throw new Error('Unsupported cipher algorithm');\n }\n return cipher;\n }\n default:\n throw new Error('Unsupported cipher algorithm');\n }\n}\n\n/**\n * Get block size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherBlockSize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.aes192:\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 16;\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n case enums.symmetric.tripledes:\n return 8;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nfunction getCipherKeySize(algo) {\n switch (algo) {\n case enums.symmetric.aes128:\n case enums.symmetric.blowfish:\n case enums.symmetric.cast5:\n return 16;\n case enums.symmetric.aes192:\n case enums.symmetric.tripledes:\n return 24;\n case enums.symmetric.aes256:\n case enums.symmetric.twofish:\n return 32;\n default:\n throw new Error('Unsupported cipher');\n }\n}\n\n/**\n * Get block and key size for given cipher algo\n * @param {module:enums.symmetric} algo - alrogithm identifier\n */\nexport function getCipherParams(algo) {\n return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) };\n}\n","/**\n * A fast MD5 JavaScript implementation\n * Copyright (c) 2012 Joseph Myers\n * http://www.myersdaily.org/joseph/javascript/md5-text.html\n *\n * Permission to use, copy, modify, and distribute this software\n * and its documentation for any purposes and without\n * fee is hereby granted provided that this copyright notice\n * appears in all copies.\n *\n * Of course, this soft is provided \"as is\" without express or implied\n * warranty of any kind.\n */\n\nimport util from '../../util';\n\n// MD5 Digest\nasync function md5(entree) {\n const digest = md51(util.uint8ArrayToString(entree));\n return util.hexToUint8Array(hex(digest));\n}\n\nfunction md5cycle(x, k) {\n let a = x[0];\n let b = x[1];\n let c = x[2];\n let d = x[3];\n\n a = ff(a, b, c, d, k[0], 7, -680876936);\n d = ff(d, a, b, c, k[1], 12, -389564586);\n c = ff(c, d, a, b, k[2], 17, 606105819);\n b = ff(b, c, d, a, k[3], 22, -1044525330);\n a = ff(a, b, c, d, k[4], 7, -176418897);\n d = ff(d, a, b, c, k[5], 12, 1200080426);\n c = ff(c, d, a, b, k[6], 17, -1473231341);\n b = ff(b, c, d, a, k[7], 22, -45705983);\n a = ff(a, b, c, d, k[8], 7, 1770035416);\n d = ff(d, a, b, c, k[9], 12, -1958414417);\n c = ff(c, d, a, b, k[10], 17, -42063);\n b = ff(b, c, d, a, k[11], 22, -1990404162);\n a = ff(a, b, c, d, k[12], 7, 1804603682);\n d = ff(d, a, b, c, k[13], 12, -40341101);\n c = ff(c, d, a, b, k[14], 17, -1502002290);\n b = ff(b, c, d, a, k[15], 22, 1236535329);\n\n a = gg(a, b, c, d, k[1], 5, -165796510);\n d = gg(d, a, b, c, k[6], 9, -1069501632);\n c = gg(c, d, a, b, k[11], 14, 643717713);\n b = gg(b, c, d, a, k[0], 20, -373897302);\n a = gg(a, b, c, d, k[5], 5, -701558691);\n d = gg(d, a, b, c, k[10], 9, 38016083);\n c = gg(c, d, a, b, k[15], 14, -660478335);\n b = gg(b, c, d, a, k[4], 20, -405537848);\n a = gg(a, b, c, d, k[9], 5, 568446438);\n d = gg(d, a, b, c, k[14], 9, -1019803690);\n c = gg(c, d, a, b, k[3], 14, -187363961);\n b = gg(b, c, d, a, k[8], 20, 1163531501);\n a = gg(a, b, c, d, k[13], 5, -1444681467);\n d = gg(d, a, b, c, k[2], 9, -51403784);\n c = gg(c, d, a, b, k[7], 14, 1735328473);\n b = gg(b, c, d, a, k[12], 20, -1926607734);\n\n a = hh(a, b, c, d, k[5], 4, -378558);\n d = hh(d, a, b, c, k[8], 11, -2022574463);\n c = hh(c, d, a, b, k[11], 16, 1839030562);\n b = hh(b, c, d, a, k[14], 23, -35309556);\n a = hh(a, b, c, d, k[1], 4, -1530992060);\n d = hh(d, a, b, c, k[4], 11, 1272893353);\n c = hh(c, d, a, b, k[7], 16, -155497632);\n b = hh(b, c, d, a, k[10], 23, -1094730640);\n a = hh(a, b, c, d, k[13], 4, 681279174);\n d = hh(d, a, b, c, k[0], 11, -358537222);\n c = hh(c, d, a, b, k[3], 16, -722521979);\n b = hh(b, c, d, a, k[6], 23, 76029189);\n a = hh(a, b, c, d, k[9], 4, -640364487);\n d = hh(d, a, b, c, k[12], 11, -421815835);\n c = hh(c, d, a, b, k[15], 16, 530742520);\n b = hh(b, c, d, a, k[2], 23, -995338651);\n\n a = ii(a, b, c, d, k[0], 6, -198630844);\n d = ii(d, a, b, c, k[7], 10, 1126891415);\n c = ii(c, d, a, b, k[14], 15, -1416354905);\n b = ii(b, c, d, a, k[5], 21, -57434055);\n a = ii(a, b, c, d, k[12], 6, 1700485571);\n d = ii(d, a, b, c, k[3], 10, -1894986606);\n c = ii(c, d, a, b, k[10], 15, -1051523);\n b = ii(b, c, d, a, k[1], 21, -2054922799);\n a = ii(a, b, c, d, k[8], 6, 1873313359);\n d = ii(d, a, b, c, k[15], 10, -30611744);\n c = ii(c, d, a, b, k[6], 15, -1560198380);\n b = ii(b, c, d, a, k[13], 21, 1309151649);\n a = ii(a, b, c, d, k[4], 6, -145523070);\n d = ii(d, a, b, c, k[11], 10, -1120210379);\n c = ii(c, d, a, b, k[2], 15, 718787259);\n b = ii(b, c, d, a, k[9], 21, -343485551);\n\n x[0] = add32(a, x[0]);\n x[1] = add32(b, x[1]);\n x[2] = add32(c, x[2]);\n x[3] = add32(d, x[3]);\n}\n\nfunction cmn(q, a, b, x, s, t) {\n a = add32(add32(a, q), add32(x, t));\n return add32((a << s) | (a >>> (32 - s)), b);\n}\n\nfunction ff(a, b, c, d, x, s, t) {\n return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\n\nfunction gg(a, b, c, d, x, s, t) {\n return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\n\nfunction hh(a, b, c, d, x, s, t) {\n return cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction ii(a, b, c, d, x, s, t) {\n return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\n\nfunction md51(s) {\n const n = s.length;\n const state = [1732584193, -271733879, -1732584194, 271733878];\n let i;\n for (i = 64; i <= s.length; i += 64) {\n md5cycle(state, md5blk(s.substring(i - 64, i)));\n }\n s = s.substring(i - 64);\n const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];\n for (i = 0; i < s.length; i++) {\n tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);\n }\n tail[i >> 2] |= 0x80 << ((i % 4) << 3);\n if (i > 55) {\n md5cycle(state, tail);\n for (i = 0; i < 16; i++) {\n tail[i] = 0;\n }\n }\n tail[14] = n * 8;\n md5cycle(state, tail);\n return state;\n}\n\n/* there needs to be support for Unicode here,\n * unless we pretend that we can redefine the MD-5\n * algorithm for multi-byte characters (perhaps\n * by adding every four 16-bit characters and\n * shortening the sum to 32 bits). Otherwise\n * I suggest performing MD-5 as if every character\n * was two bytes--e.g., 0040 0025 = @%--but then\n * how will an ordinary MD-5 sum be matched?\n * There is no way to standardize text to something\n * like UTF-8 before transformation; speed cost is\n * utterly prohibitive. The JavaScript standard\n * itself needs to look at this: it should start\n * providing access to strings as preformed UTF-8\n * 8-bit unsigned value arrays.\n */\nfunction md5blk(s) { /* I figured global was faster. */\n const md5blks = [];\n let i; /* Andy King said do it this way. */\n for (i = 0; i < 64; i += 4) {\n md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<\n 24);\n }\n return md5blks;\n}\n\nconst hex_chr = '0123456789abcdef'.split('');\n\nfunction rhex(n) {\n let s = '';\n let j = 0;\n for (; j < 4; j++) {\n s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];\n }\n return s;\n}\n\nfunction hex(x) {\n for (let i = 0; i < x.length; i++) {\n x[i] = rhex(x[i]);\n }\n return x.join('');\n}\n\n/* this function is much faster,\nso if possible we use it. Some IEs\nare the only ones I know of that\nneed the idiotic second function,\ngenerated by an if clause. */\n\nfunction add32(a, b) {\n return (a + b) & 0xFFFFFFFF;\n}\n\nexport default md5;\n","/**\n * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.\n * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}\n * @see {@link https://github.com/indutny/hash.js|hash.js}\n * @module crypto/hash\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport md5 from './md5';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes();\n\nfunction nodeHash(type) {\n if (!nodeCrypto || !nodeCryptoHashes.includes(type)) {\n return;\n }\n return async function (data) {\n const shasum = nodeCrypto.createHash(type);\n return stream.transform(data, value => {\n shasum.update(value);\n }, () => new Uint8Array(shasum.digest()));\n };\n}\n\nfunction nobleHash(nobleHashName, webCryptoHashName) {\n const getNobleHash = async () => {\n const { nobleHashes } = await import('./noble_hashes');\n const hash = nobleHashes.get(nobleHashName);\n if (!hash) throw new Error('Unsupported hash');\n return hash;\n };\n\n return async function(data) {\n if (stream.isArrayStream(data)) {\n data = await stream.readToEnd(data);\n }\n if (util.isStream(data)) {\n const hash = await getNobleHash();\n\n const hashInstance = hash.create();\n return stream.transform(data, value => {\n hashInstance.update(value);\n }, () => hashInstance.digest());\n } else if (webCrypto && webCryptoHashName) {\n return new Uint8Array(await webCrypto.digest(webCryptoHashName, data));\n } else {\n const hash = await getNobleHash();\n\n return hash(data);\n }\n };\n}\n\nexport default {\n\n /** @see module:md5 */\n md5: nodeHash('md5') || md5,\n sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),\n sha224: nodeHash('sha224') || nobleHash('sha224'),\n sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),\n sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),\n sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),\n ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),\n sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),\n sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),\n\n /**\n * Create a hash on the specified data using the specified algorithm\n * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @param {Uint8Array} data - Data to be hashed\n * @returns {Promise} Hash value.\n */\n digest: function(algo, data) {\n switch (algo) {\n case enums.hash.md5:\n return this.md5(data);\n case enums.hash.sha1:\n return this.sha1(data);\n case enums.hash.ripemd:\n return this.ripemd(data);\n case enums.hash.sha256:\n return this.sha256(data);\n case enums.hash.sha384:\n return this.sha384(data);\n case enums.hash.sha512:\n return this.sha512(data);\n case enums.hash.sha224:\n return this.sha224(data);\n case enums.hash.sha3_256:\n return this.sha3_256(data);\n case enums.hash.sha3_512:\n return this.sha3_512(data);\n default:\n throw new Error('Unsupported hash function');\n }\n },\n\n /**\n * Returns the hash size in bytes of the specified hash algorithm type\n * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})\n * @returns {Integer} Size in bytes of the resulting hash.\n */\n getHashByteLength: function(algo) {\n switch (algo) {\n case enums.hash.md5:\n return 16;\n case enums.hash.sha1:\n case enums.hash.ripemd:\n return 20;\n case enums.hash.sha256:\n return 32;\n case enums.hash.sha384:\n return 48;\n case enums.hash.sha512:\n return 64;\n case enums.hash.sha224:\n return 28;\n case enums.hash.sha3_256:\n return 32;\n case enums.hash.sha3_512:\n return 64;\n default:\n throw new Error('Invalid hash algorithm.');\n }\n }\n};\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(hash) {\n if (typeof hash !== 'function' || typeof hash.create !== 'function')\n throw new Error('hash must be wrapped by utils.wrapConstructor');\n number(hash.outputLen);\n number(hash.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\nimport { bytes as abytes, isBytes } from './_assert.js';\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u16 = (arr) => new Uint16Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 2));\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// big-endian hardware is rare. Just in case someone still decides to run ciphers:\n// early-throw an error because we don't support BE yet.\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\nif (!isLE)\n throw new Error('Non little-endian hardware is not supported');\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`string expected, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n else if (isBytes(data))\n data = copyBytes(data);\n else\n throw new Error(`Uint8Array expected, got ${typeof data}`);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n// For runtime check if class implements interface\nexport class Hash {\n}\n/**\n * @__NO_SIDE_EFFECTS__\n */\nexport const wrapCipher = (params, c) => {\n Object.assign(c, params);\n return c;\n};\n// Polyfill for Safari 14\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\nexport function u64Lengths(ciphertext, AAD) {\n const num = new Uint8Array(16);\n const view = createView(num);\n setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);\n setBigUint64(view, 8, BigInt(ciphertext.length), true);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n//# sourceMappingURL=utils.js.map","import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';\nimport { clean, copyBytes, createView, toBytes, u32 } from './utils.js';\n// GHash from AES-GCM and its little-endian \"mirror image\" Polyval from AES-SIV.\n// Implemented in terms of GHash with conversion function for keys\n// GCM GHASH from NIST SP800-38d, SIV from RFC 8452.\n// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf\n// GHASH modulo: x^128 + x^7 + x^2 + x + 1\n// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1\nconst BLOCK_SIZE = 16;\n// TODO: rewrite\n// temporary padding buffer\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\nconst ZEROS32 = u32(ZEROS16);\nconst POLY = 0xe1; // v = 2*v % POLY\n// v = 2*v % POLY\n// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x\n// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor)\nconst mul2 = (s0, s1, s2, s3) => {\n const hiBit = s3 & 1;\n return {\n s3: (s2 << 31) | (s3 >>> 1),\n s2: (s1 << 31) | (s2 >>> 1),\n s1: (s0 << 31) | (s1 >>> 1),\n s0: (s0 >>> 1) ^ ((POLY << 24) & -(hiBit & 1)), // reduce % poly\n };\n};\nconst swapLE = (n) => (((n >>> 0) & 0xff) << 24) |\n (((n >>> 8) & 0xff) << 16) |\n (((n >>> 16) & 0xff) << 8) |\n ((n >>> 24) & 0xff) |\n 0;\n/**\n * `mulX_POLYVAL(ByteReverse(H))` from spec\n * @param k mutated in place\n */\nexport function _toGHASHKey(k) {\n k.reverse();\n const hiBit = k[15] & 1;\n // k >>= 1\n let carry = 0;\n for (let i = 0; i < k.length; i++) {\n const t = k[i];\n k[i] = (t >>> 1) | carry;\n carry = (t & 1) << 7;\n }\n k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000;\n return k;\n}\nconst estimateWindow = (bytes) => {\n if (bytes > 64 * 1024)\n return 8;\n if (bytes > 1024)\n return 4;\n return 2;\n};\nclass GHASH {\n // We select bits per window adaptively based on expectedLength\n constructor(key, expectedLength) {\n this.blockLen = BLOCK_SIZE;\n this.outputLen = BLOCK_SIZE;\n this.s0 = 0;\n this.s1 = 0;\n this.s2 = 0;\n this.s3 = 0;\n this.finished = false;\n key = toBytes(key);\n abytes(key, 16);\n const kView = createView(key);\n let k0 = kView.getUint32(0, false);\n let k1 = kView.getUint32(4, false);\n let k2 = kView.getUint32(8, false);\n let k3 = kView.getUint32(12, false);\n // generate table of doubled keys (half of montgomery ladder)\n const doubles = [];\n for (let i = 0; i < 128; i++) {\n doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });\n ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));\n }\n const W = estimateWindow(expectedLength || 1024);\n if (![1, 2, 4, 8].includes(W))\n throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);\n this.W = W;\n const bits = 128; // always 128 bits;\n const windows = bits / W;\n const windowSize = (this.windowSize = 2 ** W);\n const items = [];\n // Create precompute table for window of W bits\n for (let w = 0; w < windows; w++) {\n // truth table: 00, 01, 10, 11\n for (let byte = 0; byte < windowSize; byte++) {\n // prettier-ignore\n let s0 = 0, s1 = 0, s2 = 0, s3 = 0;\n for (let j = 0; j < W; j++) {\n const bit = (byte >>> (W - j - 1)) & 1;\n if (!bit)\n continue;\n const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];\n (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3);\n }\n items.push({ s0, s1, s2, s3 });\n }\n }\n this.t = items;\n }\n _updateBlock(s0, s1, s2, s3) {\n (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3);\n const { W, t, windowSize } = this;\n // prettier-ignore\n let o0 = 0, o1 = 0, o2 = 0, o3 = 0;\n const mask = (1 << W) - 1; // 2**W will kill performance.\n let w = 0;\n for (const num of [s0, s1, s2, s3]) {\n for (let bytePos = 0; bytePos < 4; bytePos++) {\n const byte = (num >>> (8 * bytePos)) & 0xff;\n for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {\n const bit = (byte >>> (W * bitPos)) & mask;\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];\n (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3);\n w += 1;\n }\n }\n }\n this.s0 = o0;\n this.s1 = o1;\n this.s2 = o2;\n this.s3 = o3;\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n const left = data.length % BLOCK_SIZE;\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);\n clean(ZEROS32); // clean tmp buffer\n }\n return this;\n }\n destroy() {\n const { t } = this;\n // clean precompute table\n for (const elm of t) {\n (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0);\n }\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out;\n }\n digest() {\n const res = new Uint8Array(BLOCK_SIZE);\n this.digestInto(res);\n this.destroy();\n return res;\n }\n}\nclass Polyval extends GHASH {\n constructor(key, expectedLength) {\n key = toBytes(key);\n const ghKey = _toGHASHKey(copyBytes(key));\n super(ghKey, expectedLength);\n clean(ghKey);\n }\n update(data) {\n data = toBytes(data);\n aexists(this);\n const b32 = u32(data);\n const left = data.length % BLOCK_SIZE;\n const blocks = Math.floor(data.length / BLOCK_SIZE);\n for (let i = 0; i < blocks; i++) {\n this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));\n }\n if (left) {\n ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));\n this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));\n clean(ZEROS32);\n }\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // tmp ugly hack\n const { s0, s1, s2, s3 } = this;\n const o32 = u32(out);\n o32[0] = s0;\n o32[1] = s1;\n o32[2] = s2;\n o32[3] = s3;\n return out.reverse();\n }\n}\nfunction wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes(msg)).digest();\n const tmp = hashCons(new Uint8Array(16), 0);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key, expectedLength) => hashCons(key, expectedLength);\n return hashC;\n}\nexport const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));\nexport const polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));\n//# sourceMappingURL=_polyval.js.map","// prettier-ignore\nimport { bytes as abytes } from './_assert.js';\nimport { ghash, polyval } from './_polyval.js';\nimport { clean, concatBytes, copyBytes, createView, equalBytes, isAligned32, setBigUint64, u32, u8, wrapCipher, } from './utils.js';\n/*\nAES (Advanced Encryption Standard) aka Rijndael block cipher.\n\nData is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round:\n1. **S-box**, table substitution\n2. **Shift rows**, cyclic shift left of all rows of data array\n3. **Mix columns**, multiplying every column by fixed polynomial\n4. **Add round key**, round_key xor i-th column of array\n\nResources:\n- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf\n- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf\n*/\nconst BLOCK_SIZE = 16;\nconst BLOCK_SIZE32 = 4;\nconst EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE);\nconst POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8\n// TODO: remove multiplication, binary ops only\nfunction mul2(n) {\n return (n << 1) ^ (POLY & -(n >> 7));\n}\nfunction mul(a, b) {\n let res = 0;\n for (; b > 0; b >>= 1) {\n // Montgomery ladder\n res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time).\n a = mul2(a); // a = 2*a\n }\n return res;\n}\n// AES S-box is generated using finite field inversion,\n// an affine transform, and xor of a constant 0x63.\nconst sbox = /* @__PURE__ */ (() => {\n const t = new Uint8Array(256);\n for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x))\n t[i] = x;\n const box = new Uint8Array(256);\n box[0] = 0x63; // first elm\n for (let i = 0; i < 255; i++) {\n let x = t[255 - i];\n x |= x << 8;\n box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff;\n }\n clean(t);\n return box;\n})();\n// Inverted S-box\nconst invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));\n// Rotate u32 by 8\nconst rotr32_8 = (n) => (n << 24) | (n >>> 8);\nconst rotl32_8 = (n) => (n << 8) | (n >>> 24);\n// The byte swap operation for uint32 (LE<->BE)\nconst byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes:\n// - LE instead of BE\n// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23;\n// so index is u16, instead of u8. This speeds up things, unexpectedly\nfunction genTtable(sbox, fn) {\n if (sbox.length !== 256)\n throw new Error('Wrong sbox length');\n const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j]));\n const T1 = T0.map(rotl32_8);\n const T2 = T1.map(rotl32_8);\n const T3 = T2.map(rotl32_8);\n const T01 = new Uint32Array(256 * 256);\n const T23 = new Uint32Array(256 * 256);\n const sbox2 = new Uint16Array(256 * 256);\n for (let i = 0; i < 256; i++) {\n for (let j = 0; j < 256; j++) {\n const idx = i * 256 + j;\n T01[idx] = T0[i] ^ T1[j];\n T23[idx] = T2[i] ^ T3[j];\n sbox2[idx] = (sbox[i] << 8) | sbox[j];\n }\n }\n return { sbox, sbox2, T0, T1, T2, T3, T01, T23 };\n}\nconst tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2));\nconst tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14));\nconst xPowers = /* @__PURE__ */ (() => {\n const p = new Uint8Array(16);\n for (let i = 0, x = 1; i < 16; i++, x = mul2(x))\n p[i] = x;\n return p;\n})();\nexport function expandKeyLE(key) {\n abytes(key);\n const len = key.length;\n if (![16, 24, 32].includes(len))\n throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);\n const { sbox2 } = tableEncoding;\n const toClean = [];\n if (!isAligned32(key))\n toClean.push((key = copyBytes(key)));\n const k32 = u32(key);\n const Nk = k32.length;\n const subByte = (n) => applySbox(sbox2, n, n, n, n);\n const xk = new Uint32Array(len + 28); // expanded key\n xk.set(k32);\n // 4.3.1 Key expansion\n for (let i = Nk; i < xk.length; i++) {\n let t = xk[i - 1];\n if (i % Nk === 0)\n t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1];\n else if (Nk > 6 && i % Nk === 4)\n t = subByte(t);\n xk[i] = xk[i - Nk] ^ t;\n }\n clean(...toClean);\n return xk;\n}\nexport function expandKeyDecLE(key) {\n const encKey = expandKeyLE(key);\n const xk = encKey.slice();\n const Nk = encKey.length;\n const { sbox2 } = tableEncoding;\n const { T0, T1, T2, T3 } = tableDecoding;\n // Inverse key by chunks of 4 (rounds)\n for (let i = 0; i < Nk; i += 4) {\n for (let j = 0; j < 4; j++)\n xk[i + j] = encKey[Nk - i - 4 + j];\n }\n clean(encKey);\n // apply InvMixColumn except first & last round\n for (let i = 4; i < Nk - 4; i++) {\n const x = xk[i];\n const w = applySbox(sbox2, x, x, x, x);\n xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24];\n }\n return xk;\n}\n// Apply tables\nfunction apply0123(T01, T23, s0, s1, s2, s3) {\n return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^\n T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]);\n}\nfunction applySbox(sbox2, s0, s1, s2, s3) {\n return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] |\n (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16));\n}\nfunction encrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableEncoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // last round (without mixcolumns, so using SBOX2 table)\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\n// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different\nfunction decrypt(xk, s0, s1, s2, s3) {\n const { sbox2, T01, T23 } = tableDecoding;\n let k = 0;\n (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]);\n const rounds = xk.length / 4 - 2;\n for (let i = 0; i < rounds; i++) {\n const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);\n const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);\n const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);\n const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);\n (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3);\n }\n // Last round\n const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);\n const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);\n const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);\n const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);\n return { s0: t0, s1: t1, s2: t2, s3: t3 };\n}\nfunction getDst(len, dst) {\n if (dst === undefined)\n return new Uint8Array(len);\n abytes(dst);\n if (dst.length < len)\n throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);\n if (!isAligned32(dst))\n throw new Error('unaligned dst');\n return dst;\n}\n// TODO: investigate merging with ctr32\nfunction ctrCounter(xk, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const ctr = nonce;\n const c32 = u32(ctr);\n // Fill block (empty, ctr=0)\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n const src32 = u32(src);\n const dst32 = u32(dst);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n // Full 128 bit counter with wrap around\n let carry = 1;\n for (let i = ctr.length - 1; i >= 0; i--) {\n carry = (carry + (ctr[i] & 0xff)) | 0;\n ctr[i] = carry & 0xff;\n carry >>>= 8;\n }\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than block)\n // It's possible to handle > u32 fast, but is it worth it?\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n// AES CTR with overflowing 32 bit counter\n// It's possible to do 32le significantly simpler (and probably faster) by using u32.\n// But, we need both, and perf bottleneck is in ghash anyway.\nfunction ctr32(xk, isLE, nonce, src, dst) {\n abytes(nonce, BLOCK_SIZE);\n abytes(src);\n dst = getDst(src.length, dst);\n const ctr = nonce; // write new value to nonce, so it can be re-used\n const c32 = u32(ctr);\n const view = createView(ctr);\n const src32 = u32(src);\n const dst32 = u32(dst);\n const ctrPos = isLE ? 0 : 12;\n const srcLen = src.length;\n // Fill block (empty, ctr=0)\n let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value\n let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);\n // process blocks\n for (let i = 0; i + 4 <= src32.length; i += 4) {\n dst32[i + 0] = src32[i + 0] ^ s0;\n dst32[i + 1] = src32[i + 1] ^ s1;\n dst32[i + 2] = src32[i + 2] ^ s2;\n dst32[i + 3] = src32[i + 3] ^ s3;\n ctrNum = (ctrNum + 1) >>> 0; // u32 wrap\n view.setUint32(ctrPos, ctrNum, isLE);\n ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));\n }\n // leftovers (less than a block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n const b32 = new Uint32Array([s0, s1, s2, s3]);\n const buf = u8(b32);\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(b32);\n }\n return dst;\n}\n/**\n * CTR: counter mode. Creates stream cipher.\n * Requires good IV. Parallelizable. OK, but no MAC.\n */\nexport const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) {\n abytes(key);\n abytes(nonce, BLOCK_SIZE);\n function processCtr(buf, dst) {\n abytes(buf);\n if (dst !== undefined) {\n abytes(dst);\n if (!isAligned32(dst))\n throw new Error('unaligned destination');\n }\n const xk = expandKeyLE(key);\n const n = copyBytes(nonce); // align + avoid changing\n const toClean = [xk, n];\n if (!isAligned32(buf))\n toClean.push((buf = copyBytes(buf)));\n const out = ctrCounter(xk, n, buf, dst);\n clean(...toClean);\n return out;\n }\n return {\n encrypt: (plaintext, dst) => processCtr(plaintext, dst),\n decrypt: (ciphertext, dst) => processCtr(ciphertext, dst),\n };\n});\nfunction validateBlockDecrypt(data) {\n abytes(data);\n if (data.length % BLOCK_SIZE !== 0) {\n throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`);\n }\n}\nfunction validateBlockEncrypt(plaintext, pcks5, dst) {\n abytes(plaintext);\n let outLen = plaintext.length;\n const remaining = outLen % BLOCK_SIZE;\n if (!pcks5 && remaining !== 0)\n throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding');\n if (!isAligned32(plaintext))\n plaintext = copyBytes(plaintext);\n const b = u32(plaintext);\n if (pcks5) {\n let left = BLOCK_SIZE - remaining;\n if (!left)\n left = BLOCK_SIZE; // if no bytes left, create empty padding block\n outLen = outLen + left;\n }\n const out = getDst(outLen, dst);\n const o = u32(out);\n return { b, o, out };\n}\nfunction validatePCKS(data, pcks5) {\n if (!pcks5)\n return data;\n const len = data.length;\n if (!len)\n throw new Error('aes/pcks5: empty ciphertext not allowed');\n const lastByte = data[len - 1];\n if (lastByte <= 0 || lastByte > 16)\n throw new Error('aes/pcks5: wrong padding');\n const out = data.subarray(0, -lastByte);\n for (let i = 0; i < lastByte; i++)\n if (data[len - i - 1] !== lastByte)\n throw new Error('aes/pcks5: wrong padding');\n return out;\n}\nfunction padPCKS(left) {\n const tmp = new Uint8Array(16);\n const tmp32 = u32(tmp);\n tmp.set(left);\n const paddingByte = BLOCK_SIZE - left.length;\n for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++)\n tmp[i] = paddingByte;\n return tmp32;\n}\n/**\n * ECB: Electronic CodeBook. Simple deterministic replacement.\n * Dangerous: always map x to y. See [AES Penguin](https://words.filippo.io/the-ecb-penguin/).\n */\nexport const ecb = wrapCipher({ blockSize: 16 }, function ecb(key, opts = {}) {\n abytes(key);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n const xk = expandKeyLE(key);\n let i = 0;\n for (; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = encrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(xk);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n const out = getDst(ciphertext.length, dst);\n const toClean = [xk];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n for (let i = 0; i + 4 <= b.length;) {\n const { s0, s1, s2, s3 } = decrypt(xk, b[i + 0], b[i + 1], b[i + 2], b[i + 3]);\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CBC: Cipher-Block-Chaining. Key is previous round’s block.\n * Fragile: needs proper padding. Unauthenticated: needs MAC.\n */\nexport const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) {\n abytes(key);\n abytes(iv, 16);\n const pcks5 = !opts.disablePadding;\n return {\n encrypt(plaintext, dst) {\n const xk = expandKeyLE(key);\n const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n let i = 0;\n for (; i + 4 <= b.length;) {\n (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n if (pcks5) {\n const tmp32 = padPCKS(plaintext.subarray(i * 4));\n (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]);\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3);\n }\n clean(...toClean);\n return _out;\n },\n decrypt(ciphertext, dst) {\n validateBlockDecrypt(ciphertext);\n const xk = expandKeyDecLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n const n32 = u32(_iv);\n const out = getDst(ciphertext.length, dst);\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const b = u32(ciphertext);\n const o = u32(out);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= b.length;) {\n // prettier-ignore\n const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;\n (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]);\n const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);\n (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3);\n }\n clean(...toClean);\n return validatePCKS(out, pcks5);\n },\n };\n});\n/**\n * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output.\n * Unauthenticated: needs MAC.\n */\nexport const cfb = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) {\n abytes(key);\n abytes(iv, 16);\n function processCfb(src, isEncrypt, dst) {\n abytes(src);\n const srcLen = src.length;\n dst = getDst(srcLen, dst);\n const xk = expandKeyLE(key);\n let _iv = iv;\n const toClean = [xk];\n if (!isAligned32(_iv))\n toClean.push((_iv = copyBytes(_iv)));\n if (!isAligned32(src))\n toClean.push((src = copyBytes(src)));\n const src32 = u32(src);\n const dst32 = u32(dst);\n const next32 = isEncrypt ? dst32 : src32;\n const n32 = u32(_iv);\n // prettier-ignore\n let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];\n for (let i = 0; i + 4 <= src32.length;) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt(xk, s0, s1, s2, s3);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]);\n }\n // leftovers (less than block)\n const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32);\n if (start < srcLen) {\n ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));\n const buf = u8(new Uint32Array([s0, s1, s2, s3]));\n for (let i = start, pos = 0; i < srcLen; i++, pos++)\n dst[i] = src[i] ^ buf[pos];\n clean(buf);\n }\n clean(...toClean);\n return dst;\n }\n return {\n encrypt: (plaintext, dst) => processCfb(plaintext, true, dst),\n decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst),\n };\n});\n// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen\nfunction computeTag(fn, isLE, key, data, AAD) {\n const aadLength = AAD == null ? 0 : AAD.length;\n const h = fn.create(key, data.length + aadLength);\n if (AAD)\n h.update(AAD);\n h.update(data);\n const num = new Uint8Array(16);\n const view = createView(num);\n if (AAD)\n setBigUint64(view, 0, BigInt(aadLength * 8), isLE);\n setBigUint64(view, 8, BigInt(data.length * 8), isLE);\n h.update(num);\n const res = h.digest();\n clean(num);\n return res;\n}\n/**\n * GCM: Galois/Counter Mode.\n * Modern, parallel version of CTR, with MAC.\n * Be careful: MACs can be forged.\n * Unsafe to use random nonces under the same key, due to collision chance.\n * As for nonce size, prefer 12-byte, instead of 8-byte.\n */\nexport const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) {\n abytes(key);\n abytes(nonce);\n if (AAD !== undefined)\n abytes(AAD);\n // NIST 800-38d doesn't enforce minimum nonce length.\n // We enforce 8 bytes for compat with openssl.\n // 12 bytes are recommended. More than 12 bytes would be converted into 12.\n if (nonce.length < 8)\n throw new Error('aes/gcm: invalid nonce length');\n const tagLength = 16;\n function _computeTag(authKey, tagMask, data) {\n const tag = computeTag(ghash, false, authKey, data, AAD);\n for (let i = 0; i < tagMask.length; i++)\n tag[i] ^= tagMask[i];\n return tag;\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const authKey = EMPTY_BLOCK.slice();\n const counter = EMPTY_BLOCK.slice();\n ctr32(xk, false, counter, counter, authKey);\n // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces\n if (nonce.length === 12) {\n counter.set(nonce);\n }\n else {\n const nonceLen = EMPTY_BLOCK.slice();\n const view = createView(nonceLen);\n setBigUint64(view, 8, BigInt(nonce.length * 8), false);\n // ghash(nonce || u64be(0) || u64be(nonceLen*8))\n const g = ghash.create(authKey).update(nonce).update(nonceLen);\n g.digestInto(counter); // digestInto doesn't trigger '.destroy'\n g.destroy();\n }\n const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);\n return { xk, authKey, counter, tagMask };\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const out = new Uint8Array(plaintext.length + tagLength);\n const toClean = [xk, authKey, counter, tagMask];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n ctr32(xk, false, counter, plaintext, out);\n const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));\n toClean.push(tag);\n out.set(tag, plaintext.length);\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n if (ciphertext.length < tagLength)\n throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);\n const { xk, authKey, counter, tagMask } = deriveKeys();\n const toClean = [xk, authKey, tagMask, counter];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = _computeTag(authKey, tagMask, data);\n toClean.push(tag);\n if (!equalBytes(tag, passedTag))\n throw new Error('aes/gcm: invalid ghash tag');\n const out = ctr32(xk, false, counter, data);\n clean(...toClean);\n return out;\n },\n };\n});\nconst limit = (name, min, max) => (value) => {\n if (!Number.isSafeInteger(value) || min > value || value > max)\n throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);\n};\n/**\n * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.\n * Guarantees that, when a nonce is repeated, the only security loss is that identical\n * plaintexts will produce identical ciphertexts.\n * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452\n */\nexport const siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv(key, nonce, AAD) {\n const tagLength = 16;\n // From RFC 8452: Section 6\n const AAD_LIMIT = limit('AAD', 0, 2 ** 36);\n const PLAIN_LIMIT = limit('plaintext', 0, 2 ** 36);\n const NONCE_LIMIT = limit('nonce', 12, 12);\n const CIPHER_LIMIT = limit('ciphertext', 16, 2 ** 36 + 16);\n abytes(key, 16, 24, 32);\n abytes(nonce);\n NONCE_LIMIT(nonce.length);\n if (AAD !== undefined) {\n abytes(AAD);\n AAD_LIMIT(AAD.length);\n }\n function deriveKeys() {\n const xk = expandKeyLE(key);\n const encKey = new Uint8Array(key.length);\n const authKey = new Uint8Array(16);\n const toClean = [xk, encKey];\n let _nonce = nonce;\n if (!isAligned32(_nonce))\n toClean.push((_nonce = copyBytes(_nonce)));\n const n32 = u32(_nonce);\n // prettier-ignore\n let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];\n let counter = 0;\n for (const derivedKey of [authKey, encKey].map(u32)) {\n const d32 = u32(derivedKey);\n for (let i = 0; i < d32.length; i += 2) {\n // aes(u32le(0) || nonce)[:8] || aes(u32le(1) || nonce)[:8] ...\n const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);\n d32[i + 0] = o0;\n d32[i + 1] = o1;\n s0 = ++counter; // increment counter inside state\n }\n }\n const res = { authKey, encKey: expandKeyLE(encKey) };\n // Cleanup\n clean(...toClean);\n return res;\n }\n function _computeTag(encKey, authKey, data) {\n const tag = computeTag(polyval, true, authKey, data, AAD);\n // Compute the expected tag by XORing S_s and the nonce, clearing the\n // most significant bit of the last byte and encrypting with the\n // message-encryption key.\n for (let i = 0; i < 12; i++)\n tag[i] ^= nonce[i];\n tag[15] &= 0x7f; // Clear the highest bit\n // encrypt tag as block\n const t32 = u32(tag);\n // prettier-ignore\n let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];\n ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));\n (t32[0] = s0), (t32[1] = s1), (t32[2] = s2), (t32[3] = s3);\n return tag;\n }\n // actual decrypt/encrypt of message.\n function processSiv(encKey, tag, input) {\n let block = copyBytes(tag);\n block[15] |= 0x80; // Force highest bit\n const res = ctr32(encKey, true, block, input);\n // Cleanup\n clean(block);\n return res;\n }\n return {\n encrypt(plaintext) {\n abytes(plaintext);\n PLAIN_LIMIT(plaintext.length);\n const { encKey, authKey } = deriveKeys();\n const tag = _computeTag(encKey, authKey, plaintext);\n const toClean = [encKey, authKey, tag];\n if (!isAligned32(plaintext))\n toClean.push((plaintext = copyBytes(plaintext)));\n const out = new Uint8Array(plaintext.length + tagLength);\n out.set(tag, plaintext.length);\n out.set(processSiv(encKey, tag, plaintext));\n // Cleanup\n clean(...toClean);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n CIPHER_LIMIT(ciphertext.length);\n const tag = ciphertext.subarray(-tagLength);\n const { encKey, authKey } = deriveKeys();\n const toClean = [encKey, authKey];\n if (!isAligned32(ciphertext))\n toClean.push((ciphertext = copyBytes(ciphertext)));\n const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));\n const expectedTag = _computeTag(encKey, authKey, plaintext);\n toClean.push(expectedTag);\n if (!equalBytes(tag, expectedTag)) {\n clean(...toClean);\n throw new Error('invalid polyval tag');\n }\n // Cleanup\n clean(...toClean);\n return plaintext;\n },\n };\n});\nfunction isBytes32(a) {\n return (a != null &&\n typeof a === 'object' &&\n (a instanceof Uint32Array || a.constructor.name === 'Uint32Array'));\n}\nfunction encryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_encryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = encrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\nfunction decryptBlock(xk, block) {\n abytes(block, 16);\n if (!isBytes32(xk))\n throw new Error('_decryptBlock accepts result of expandKeyLE');\n const b32 = u32(block);\n let { s0, s1, s2, s3 } = decrypt(xk, b32[0], b32[1], b32[2], b32[3]);\n (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3);\n return block;\n}\n/**\n * AES-W (base for AESKW/AESKWP).\n * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf),\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/).\n */\nconst AESW = {\n /*\n High-level pseudocode:\n ```\n A: u64 = IV\n out = []\n for (let i=0, ctr = 0; i<6; i++) {\n for (const chunk of chunks(plaintext, 8)) {\n A ^= swapEndianess(ctr++)\n [A, res] = chunks(encrypt(A || chunk), 8);\n out ||= res\n }\n }\n out = A || out\n ```\n Decrypt is the same, but reversed.\n */\n encrypt(kek, out) {\n // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints.\n // If you need it larger, open an issue.\n if (out.length >= 2 ** 32)\n throw new Error('plaintext should be less than 4gb');\n const xk = expandKeyLE(kek);\n if (out.length === 16)\n encryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = 1; j < 6; j++) {\n for (let pos = 2; pos < o32.length; pos += 2, ctr++) {\n const { s0, s1, s2, s3 } = encrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n // A = MSB(64, B) ^ t where t = (n*j)+i\n (a0 = s0), (a1 = s1 ^ byteSwap(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1); // out = A || out\n }\n xk.fill(0);\n },\n decrypt(kek, out) {\n if (out.length - 8 >= 2 ** 32)\n throw new Error('ciphertext should be less than 4gb');\n const xk = expandKeyDecLE(kek);\n const chunks = out.length / 8 - 1; // first chunk is IV\n if (chunks === 1)\n decryptBlock(xk, out);\n else {\n const o32 = u32(out);\n // prettier-ignore\n let a0 = o32[0], a1 = o32[1]; // A\n for (let j = 0, ctr = chunks * 6; j < 6; j++) {\n for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) {\n a1 ^= byteSwap(ctr);\n const { s0, s1, s2, s3 } = decrypt(xk, a0, a1, o32[pos], o32[pos + 1]);\n (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3);\n }\n }\n (o32[0] = a0), (o32[1] = a1);\n }\n xk.fill(0);\n },\n};\nconst AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6\n/**\n * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times.\n * Reduces block size from 16 to 8 bytes.\n * For padded version, use aeskwp.\n * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/),\n * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf).\n */\nexport const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length || plaintext.length % 8 !== 0)\n throw new Error('invalid plaintext length');\n if (plaintext.length === 8)\n throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead');\n const out = concatBytes(AESKW_IV, plaintext);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // ciphertext must be at least 24 bytes and a multiple of 8 bytes\n // 24 because should have at least two block (1 iv + 2).\n // Replace with 16 to enable '8-byte keys'\n if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n AESW.decrypt(kek, out);\n if (!equalBytes(out.subarray(0, 8), AESKW_IV))\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8);\n },\n}));\n/*\nWe don't support 8-byte keys. The rabbit hole:\n\n- Wycheproof says: \"NIST SP 800-38F does not define the wrapping of 8 byte keys.\n RFC 3394 Section 2 on the other hand specifies that 8 byte keys are wrapped\n by directly encrypting one block with AES.\"\n - https://github.com/C2SP/wycheproof/blob/master/doc/key_wrap.md\n - \"RFC 3394 specifies in Section 2, that the input for the key wrap\n algorithm must be at least two blocks and otherwise the constant\n field and key are simply encrypted with ECB as a single block\"\n- What RFC 3394 actually says (in Section 2):\n - \"Before being wrapped, the key data is parsed into n blocks of 64 bits.\n The only restriction the key wrap algorithm places on n is that n be\n at least two\"\n - \"For key data with length less than or equal to 64 bits, the constant\n field used in this specification and the key data form a single\n 128-bit codebook input making this key wrap unnecessary.\"\n- Which means \"assert(n >= 2)\" and \"use something else for 8 byte keys\"\n- NIST SP800-38F actually prohibits 8-byte in \"5.3.1 Mandatory Limits\".\n It states that plaintext for KW should be \"2 to 2^54 -1 semiblocks\".\n- So, where does \"directly encrypt single block with AES\" come from?\n - Not RFC 3394. Pseudocode of key wrap in 2.2 explicitly uses\n loop of 6 for any code path\n - There is a weird W3C spec:\n https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#kw-aes128\n - This spec is outdated, as admitted by Wycheproof authors\n - There is RFC 5649 for padded key wrap, which is padding construction on\n top of AESKW. In '4.1.2' it says: \"If the padded plaintext contains exactly\n eight octets, then prepend the AIV as defined in Section 3 above to P[1] and\n encrypt the resulting 128-bit block using AES in ECB mode [Modes] with key\n K (the KEK). In this case, the output is two 64-bit blocks C[0] and C[1]:\"\n - Browser subtle crypto is actually crashes on wrapping keys less than 16 bytes:\n `Error: error:1C8000E6:Provider routines::invalid input length] { opensslErrorStack: [ 'error:030000BD:digital envelope routines::update error' ]`\n\nIn the end, seems like a bug in Wycheproof.\nThe 8-byte check can be easily disabled inside of AES_W.\n*/\nconst AESKWP_IV = 0xa65959a6; // single u32le value\n/**\n * AES-KW, but with padding and allows random keys.\n * Second u32 of IV is used as counter for length.\n * [RFC 5649](https://www.rfc-editor.org/rfc/rfc5649)\n */\nexport const aeskwp = wrapCipher({ blockSize: 8 }, (kek) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n if (!plaintext.length)\n throw new Error('invalid plaintext length');\n const padded = Math.ceil(plaintext.length / 8) * 8;\n const out = new Uint8Array(8 + padded);\n out.set(plaintext, 8);\n const out32 = u32(out);\n out32[0] = AESKWP_IV;\n out32[1] = byteSwap(plaintext.length);\n AESW.encrypt(kek, out);\n return out;\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n // 16 because should have at least one block\n if (ciphertext.length < 16)\n throw new Error('invalid ciphertext length');\n const out = copyBytes(ciphertext);\n const o32 = u32(out);\n AESW.decrypt(kek, out);\n const len = byteSwap(o32[1]) >>> 0;\n const padded = Math.ceil(len / 8) * 8;\n if (o32[0] !== AESKWP_IV || out.length - 8 !== padded)\n throw new Error('integrity check failed');\n for (let i = len; i < padded; i++)\n if (out[8 + i] !== 0)\n throw new Error('integrity check failed');\n out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway\n return out.subarray(8, 8 + len);\n },\n}));\n// Private, unsafe low-level methods. Can change at any time.\nexport const unsafe = {\n expandKeyLE,\n expandKeyDecLE,\n encrypt,\n decrypt,\n encryptBlock,\n decryptBlock,\n ctrCounter,\n ctr32,\n};\n//# sourceMappingURL=aes.js.map","// Modified by ProtonTech AG\n\n// Modified by Recurity Labs GmbH\n\n// modified version of https://www.hanewin.net/encrypt/PGdecode.js:\n\n/* OpenPGP encryption using RSA/AES\n * Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de\n * version 2.0, check www.haneWIN.de for the latest version\n\n * This software is provided as-is, without express or implied warranty.\n * Permission to use, copy, modify, distribute or sell this software, with or\n * without fee, for any purpose and by any individual or organization, is hereby\n * granted, provided that the above copyright notice and this paragraph appear\n * in all copies. Distribution as a part of an application or binary must\n * include the above copyright notice in the documentation and/or other\n * materials provided with the application or distribution.\n */\n\n/**\n * @module crypto/mode/cfb\n */\n\nimport { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport util from '../../util';\nimport enums from '../../enums';\nimport { getLegacyCipher, getCipherParams } from '../cipher';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst knownAlgos = nodeCrypto ? nodeCrypto.getCiphers() : [];\nconst nodeAlgos = {\n idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */\n tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined,\n cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined,\n blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined,\n aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined,\n aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined,\n aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined\n /* twofish is not implemented in OpenSSL */\n};\n\n/**\n * CFB encryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} plaintext\n * @param {Uint8Array} iv\n * @param {Object} config - full configuration, defaults to openpgp.config\n * @returns MaybeStream\n */\nexport async function encrypt(algo, key, plaintext, iv, config) {\n const algoName = enums.read(enums.symmetric, algo);\n if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library.\n return nodeEncrypt(algo, key, plaintext, iv);\n }\n if (util.isAES(algo)) {\n return aesEncrypt(algo, key, plaintext, iv, config);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n const blockc = iv.slice();\n let pt = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n pt = util.concatUint8Array([pt, chunk]);\n }\n const ciphertext = new Uint8Array(pt.length);\n let i;\n let j = 0;\n while (chunk ? pt.length >= block_size : pt.length) {\n const encblock = cipherfn.encrypt(blockc);\n for (i = 0; i < block_size; i++) {\n blockc[i] = pt[i] ^ encblock[i];\n ciphertext[j++] = blockc[i];\n }\n pt = pt.subarray(block_size);\n }\n return ciphertext.subarray(0, j);\n };\n return stream.transform(plaintext, process, process);\n}\n\n/**\n * CFB decryption\n * @param {enums.symmetric} algo - block cipher algorithm\n * @param {Uint8Array} key\n * @param {MaybeStream} ciphertext\n * @param {Uint8Array} iv\n * @returns MaybeStream\n */\nexport async function decrypt(algo, key, ciphertext, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n if (nodeCrypto && nodeAlgos[algoName]) { // Node crypto library.\n return nodeDecrypt(algo, key, ciphertext, iv);\n }\n if (util.isAES(algo)) {\n return aesDecrypt(algo, key, ciphertext, iv);\n }\n\n const LegacyCipher = await getLegacyCipher(algo);\n const cipherfn = new LegacyCipher(key);\n const block_size = cipherfn.blockSize;\n\n let blockp = iv;\n let ct = new Uint8Array();\n const process = chunk => {\n if (chunk) {\n ct = util.concatUint8Array([ct, chunk]);\n }\n const plaintext = new Uint8Array(ct.length);\n let i;\n let j = 0;\n while (chunk ? ct.length >= block_size : ct.length) {\n const decblock = cipherfn.encrypt(blockp);\n blockp = ct.subarray(0, block_size);\n for (i = 0; i < block_size; i++) {\n plaintext[j++] = blockp[i] ^ decblock[i];\n }\n ct = ct.subarray(block_size);\n }\n return plaintext.subarray(0, j);\n };\n return stream.transform(ciphertext, process, process);\n}\n\nclass WebCryptoEncryptor {\n constructor(algo, key, iv) {\n const { blockSize } = getCipherParams(algo);\n this.key = key;\n this.prevBlock = iv;\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n this.zeroBlock = new Uint8Array(this.blockSize);\n }\n\n static async isSupported(algo) {\n const { keySize } = getCipherParams(algo);\n return webCrypto.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt'])\n .then(() => true, () => false);\n }\n\n async _runCBC(plaintext, nonZeroIV) {\n const mode = 'AES-CBC';\n this.keyRef = this.keyRef || await webCrypto.importKey('raw', this.key, mode, false, ['encrypt']);\n const ciphertext = await webCrypto.encrypt(\n { name: mode, iv: nonZeroIV || this.zeroBlock },\n this.keyRef,\n plaintext\n );\n return new Uint8Array(ciphertext).subarray(0, plaintext.length);\n }\n\n async encryptChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const plaintext = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n const toEncrypt = util.concatUint8Array([\n this.prevBlock,\n plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block \"early\", since we only need to xor the plaintext and pass it over as prevBlock\n ]);\n\n const encryptedBlocks = await this._runCBC(toEncrypt);\n xorMut(encryptedBlocks, plaintext);\n this.prevBlock = encryptedBlocks.slice(-this.blockSize);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return encryptedBlocks;\n }\n\n this.i += added.length;\n let encryptedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n const curBlock = this.nextBlock;\n encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n this.prevBlock = encryptedBlock.slice();\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n encryptedBlock = new Uint8Array();\n }\n\n return encryptedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n this.nextBlock = this.nextBlock.subarray(0, this.i);\n const curBlock = this.nextBlock;\n const encryptedBlock = await this._runCBC(this.prevBlock);\n xorMut(encryptedBlock, curBlock);\n result = encryptedBlock.subarray(0, curBlock.length);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.keyRef = null;\n this.key = null;\n }\n\n async encrypt(plaintext) {\n // plaintext is internally padded to block length before encryption\n const encryptedWithPadding = await this._runCBC(\n util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]),\n this.iv\n );\n // drop encrypted padding\n const ct = encryptedWithPadding.subarray(0, plaintext.length);\n xorMut(ct, plaintext);\n this.clearSensitiveData();\n return ct;\n }\n}\n\nclass NobleStreamProcessor {\n constructor(forEncryption, algo, key, iv) {\n this.forEncryption = forEncryption;\n const { blockSize } = getCipherParams(algo);\n this.key = nobleAesHelpers.expandKeyLE(key);\n\n if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers\n this.prevBlock = getUint32Array(iv);\n this.nextBlock = new Uint8Array(blockSize);\n this.i = 0; // pointer inside next block\n this.blockSize = blockSize;\n }\n\n _runCFB(src) {\n const src32 = getUint32Array(src);\n const dst = new Uint8Array(src.length);\n const dst32 = getUint32Array(dst);\n for (let i = 0; i + 4 <= dst32.length; i += 4) {\n const { s0: e0, s1: e1, s2: e2, s3: e3 } = nobleAesHelpers.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]);\n dst32[i + 0] = src32[i + 0] ^ e0;\n dst32[i + 1] = src32[i + 1] ^ e1;\n dst32[i + 2] = src32[i + 2] ^ e2;\n dst32[i + 3] = src32[i + 3] ^ e3;\n this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4);\n }\n return dst;\n }\n\n async processChunk(value) {\n const missing = this.nextBlock.length - this.i;\n const added = value.subarray(0, missing);\n this.nextBlock.set(added, this.i);\n\n if ((this.i + value.length) >= (2 * this.blockSize)) {\n const leftover = (value.length - missing) % this.blockSize;\n const toProcess = util.concatUint8Array([\n this.nextBlock,\n value.subarray(missing, value.length - leftover)\n ]);\n\n const processedBlocks = this._runCFB(toProcess);\n\n // take care of leftover data\n if (leftover > 0) this.nextBlock.set(value.subarray(-leftover));\n this.i = leftover;\n\n return processedBlocks;\n }\n\n this.i += added.length;\n\n let processedBlock;\n if (this.i === this.nextBlock.length) { // block ready to be encrypted\n processedBlock = this._runCFB(this.nextBlock);\n this.i = 0;\n\n const remaining = value.subarray(added.length);\n this.nextBlock.set(remaining, this.i);\n this.i += remaining.length;\n } else {\n processedBlock = new Uint8Array();\n }\n\n return processedBlock;\n }\n\n async finish() {\n let result;\n if (this.i === 0) { // nothing more to encrypt\n result = new Uint8Array();\n } else {\n const processedBlock = this._runCFB(this.nextBlock);\n\n result = processedBlock.subarray(0, this.i);\n }\n\n this.clearSensitiveData();\n return result;\n }\n\n clearSensitiveData() {\n this.nextBlock.fill(0);\n this.prevBlock.fill(0);\n this.key.fill(0);\n }\n}\n\n\nasync function aesEncrypt(algo, key, pt, iv) {\n if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys\n const cfb = new WebCryptoEncryptor(algo, key, iv);\n return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);\n } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream\n const cfb = new NobleStreamProcessor(true, algo, key, iv);\n return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).encrypt(pt);\n}\n\nasync function aesDecrypt(algo, key, ct, iv) {\n if (util.isStream(ct)) {\n const cfb = new NobleStreamProcessor(false, algo, key, iv);\n return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());\n }\n return nobleAesCfb(key, iv).decrypt(ct);\n}\n\nfunction xorMut(a, b) {\n const aLength = Math.min(a.length, b.length);\n for (let i = 0; i < aLength; i++) {\n a[i] = a[i] ^ b[i];\n }\n}\n\nconst getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\nfunction nodeEncrypt(algo, key, pt, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));\n}\n\nfunction nodeDecrypt(algo, key, ct, iv) {\n const algoName = enums.read(enums.symmetric, algo);\n const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);\n return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));\n}\n","/**\n * @fileoverview This module implements AES-CMAC on top of\n * native AES-CBC using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/cmac\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n\n/**\n * This implementation of CMAC is based on the description of OMAC in\n * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that\n * document:\n *\n * We have made a small modification to the OMAC algorithm as it was\n * originally presented, changing one of its two constants.\n * Specifically, the constant 4 at line 85 was the constant 1/2 (the\n * multiplicative inverse of 2) in the original definition of OMAC [14].\n * The OMAC authors indicate that they will promulgate this modification\n * [15], which slightly simplifies implementations.\n */\n\nconst blockLength = 16;\n\n\n/**\n * xor `padding` into the end of `data`. This function implements \"the\n * operation xor→ [which] xors the shorter string into the end of longer\n * one\". Since data is always as least as long as padding, we can\n * simplify the implementation.\n * @param {Uint8Array} data\n * @param {Uint8Array} padding\n */\nfunction rightXORMut(data, padding) {\n const offset = data.length - blockLength;\n for (let i = 0; i < blockLength; i++) {\n data[i + offset] ^= padding[i];\n }\n return data;\n}\n\nfunction pad(data, padding, padding2) {\n // if |M| in {n, 2n, 3n, ...}\n if (data.length && data.length % blockLength === 0) {\n // then return M xor→ B,\n return rightXORMut(data, padding);\n }\n // else return (M || 10^(n−1−(|M| mod n))) xor→ P\n const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength)));\n padded.set(data);\n padded[data.length] = 0b10000000;\n return rightXORMut(padded, padding2);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\n\nexport default async function CMAC(key) {\n const cbc = await CBC(key);\n\n // L ← E_K(0^n); B ← 2L; P ← 4L\n const padding = util.double(await cbc(zeroBlock));\n const padding2 = util.double(padding);\n\n return async function(data) {\n // return CBC_K(pad(M; B, P))\n return (await cbc(pad(data, padding, padding2))).subarray(-blockLength);\n };\n}\n\nasync function CBC(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock);\n const ct = en.update(pt);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n key = await webCrypto.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt) {\n const ct = await webCrypto.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt);\n return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt) {\n return nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(pt);\n };\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-EAX en/decryption on top of\n * native AES-CTR using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/mode/eax\n */\n\nimport { ctr as nobleAesCtr } from '@noble/ciphers/aes';\nimport CMAC from '../cmac';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\n\nconst blockLength = 16;\nconst ivLength = blockLength;\nconst tagLength = blockLength;\n\nconst zero = new Uint8Array(blockLength);\nconst one = new Uint8Array(blockLength); one[blockLength - 1] = 1;\nconst two = new Uint8Array(blockLength); two[blockLength - 1] = 2;\n\nasync function OMAC(key) {\n const cmac = await CMAC(key);\n return function(t, message) {\n return cmac(util.concatUint8Array([t, message]));\n };\n}\n\nasync function CTR(key) {\n if (util.getNodeCrypto()) { // Node crypto library\n return async function(pt, iv) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv);\n const ct = Buffer.concat([en.update(pt), en.final()]);\n return new Uint8Array(ct);\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const keyRef = await webCrypto.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']);\n return async function(pt, iv) {\n const ct = await webCrypto.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength * 8 }, keyRef, pt);\n return new Uint8Array(ct);\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return async function(pt, iv) {\n return nobleAesCtr(key, iv).encrypt(pt);\n };\n}\n\n\n/**\n * Class to en/decrypt using EAX mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function EAX(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('EAX mode supports only AES cipher');\n }\n\n const [\n omac,\n ctr\n ] = await Promise.all([\n OMAC(key),\n CTR(key)\n ]);\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n const [\n omacNonce,\n omacAdata\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata)\n ]);\n const ciphered = await ctr(plaintext, omacNonce);\n const omacCiphered = await omac(two, ciphered);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n return util.concatUint8Array([ciphered, tag]);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (16 bytes)\n * @param {Uint8Array} adata - Associated data to verify\n * @returns {Promise} The plaintext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext');\n const ciphered = ciphertext.subarray(0, -tagLength);\n const ctTag = ciphertext.subarray(-tagLength);\n const [\n omacNonce,\n omacAdata,\n omacCiphered\n ] = await Promise.all([\n omac(zero, nonce),\n omac(one, adata),\n omac(two, ciphered)\n ]);\n const tag = omacCiphered; // Assumes that omac(*).length === tagLength.\n for (let i = 0; i < tagLength; i++) {\n tag[i] ^= omacAdata[i] ^ omacNonce[i];\n }\n if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch');\n const plaintext = await ctr(ciphered, omacNonce);\n return plaintext;\n }\n };\n}\n\n\n/**\n * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}.\n * @param {Uint8Array} iv - The initialization vector (16 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nEAX.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[8 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nEAX.blockLength = blockLength;\nEAX.ivLength = ivLength;\nEAX.tagLength = tagLength;\n\nexport default EAX;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 ProtonTech AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module implements AES-OCB en/decryption.\n * @module crypto/mode/ocb\n */\n\nimport { cbc as nobleAesCbc } from '@noble/ciphers/aes';\nimport { getCipherParams } from '../cipher';\nimport util from '../../util';\n\nconst blockLength = 16;\nconst ivLength = 15;\n\n// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2:\n// While OCB [RFC7253] allows the authentication tag length to be of any\n// number up to 128 bits long, this document requires a fixed\n// authentication tag length of 128 bits (16 octets) for simplicity.\nconst tagLength = 16;\n\n\nfunction ntz(n) {\n let ntz = 0;\n for (let i = 1; (n & i) === 0; i <<= 1) {\n ntz++;\n }\n return ntz;\n}\n\nfunction xorMut(S, T) {\n for (let i = 0; i < S.length; i++) {\n S[i] ^= T[i];\n }\n return S;\n}\n\nfunction xor(S, T) {\n return xorMut(S.slice(), T);\n}\n\nconst zeroBlock = new Uint8Array(blockLength);\nconst one = new Uint8Array([1]);\n\n/**\n * Class to en/decrypt using OCB mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function OCB(cipher, key) {\n const { keySize } = getCipherParams(cipher);\n // sanity checks\n if (!util.isAES(cipher) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let maxNtz = 0;\n\n // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,\n // hence its execution cannot be broken up.\n // As a result, WebCrypto cannot currently be used for `encipher`.\n const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });\n const encipher = block => aes.encrypt(block);\n const decipher = block => aes.decrypt(block);\n let mask;\n\n constructKeyVariables(cipher, key);\n\n function constructKeyVariables() {\n const mask_x = encipher(zeroBlock);\n const mask_$ = util.double(mask_x);\n mask = [];\n mask[0] = util.double(mask_$);\n\n\n mask.x = mask_x;\n mask.$ = mask_$;\n }\n\n function extendKeyVariables(text, adata) {\n const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength | 0) - 1;\n for (let i = maxNtz + 1; i <= newMaxNtz; i++) {\n mask[i] = util.double(mask[i - 1]);\n }\n maxNtz = newMaxNtz;\n }\n\n function hash(adata) {\n if (!adata.length) {\n // Fast path\n return zeroBlock;\n }\n\n //\n // Consider A as a sequence of 128-bit blocks\n //\n const m = adata.length / blockLength | 0;\n\n const offset = new Uint8Array(blockLength);\n const sum = new Uint8Array(blockLength);\n for (let i = 0; i < m; i++) {\n xorMut(offset, mask[ntz(i + 1)]);\n xorMut(sum, encipher(xor(offset, adata)));\n adata = adata.subarray(blockLength);\n }\n\n //\n // Process any final partial block; compute final hash value\n //\n if (adata.length) {\n xorMut(offset, mask.x);\n\n const cipherInput = new Uint8Array(blockLength);\n cipherInput.set(adata, 0);\n cipherInput[adata.length] = 0b10000000;\n xorMut(cipherInput, offset);\n\n xorMut(sum, encipher(cipherInput));\n }\n\n return sum;\n }\n\n /**\n * Encrypt/decrypt data.\n * @param {encipher|decipher} fn - Encryption/decryption block cipher function\n * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases.\n */\n function crypt(fn, text, nonce, adata) {\n //\n // Consider P as a sequence of 128-bit blocks\n //\n const m = text.length / blockLength | 0;\n\n //\n // Key-dependent variables\n //\n extendKeyVariables(text, adata);\n\n //\n // Nonce-dependent and per-encryption variables\n //\n // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N\n // Note: We assume here that tagLength mod 16 == 0.\n const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength - nonce.length), one, nonce]);\n // bottom = str2num(Nonce[123..128])\n const bottom = paddedNonce[blockLength - 1] & 0b111111;\n // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))\n paddedNonce[blockLength - 1] &= 0b11000000;\n const kTop = encipher(paddedNonce);\n // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72])\n const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]);\n // Offset_0 = Stretch[1+bottom..128+bottom]\n const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1);\n // Checksum_0 = zeros(128)\n const checksum = new Uint8Array(blockLength);\n\n const ct = new Uint8Array(text.length + tagLength);\n\n //\n // Process any whole blocks\n //\n let i;\n let pos = 0;\n for (i = 0; i < m; i++) {\n // Offset_i = Offset_{i-1} xor L_{ntz(i)}\n xorMut(offset, mask[ntz(i + 1)]);\n // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i)\n // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i)\n ct.set(xorMut(fn(xor(offset, text)), offset), pos);\n // Checksum_i = Checksum_{i-1} xor P_i\n xorMut(checksum, fn === encipher ? text : ct.subarray(pos));\n\n text = text.subarray(blockLength);\n pos += blockLength;\n }\n\n //\n // Process any final partial block and compute raw tag\n //\n if (text.length) {\n // Offset_* = Offset_m xor L_*\n xorMut(offset, mask.x);\n // Pad = ENCIPHER(K, Offset_*)\n const padding = encipher(offset);\n // C_* = P_* xor Pad[1..bitlen(P_*)]\n ct.set(xor(text, padding), pos);\n\n // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*)))\n const xorInput = new Uint8Array(blockLength);\n xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength), 0);\n xorInput[text.length] = 0b10000000;\n xorMut(checksum, xorInput);\n pos += text.length;\n }\n // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)\n const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata));\n\n //\n // Assemble ciphertext\n //\n // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN]\n ct.set(tag, pos);\n return ct;\n }\n\n\n return {\n /**\n * Encrypt plaintext input.\n * @param {Uint8Array} plaintext - The cleartext input to be encrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n encrypt: async function(plaintext, nonce, adata) {\n return crypt(encipher, plaintext, nonce, adata);\n },\n\n /**\n * Decrypt ciphertext input.\n * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted\n * @param {Uint8Array} nonce - The nonce (15 bytes)\n * @param {Uint8Array} adata - Associated data to sign\n * @returns {Promise} The ciphertext output.\n */\n decrypt: async function(ciphertext, nonce, adata) {\n if (ciphertext.length < tagLength) throw new Error('Invalid OCB ciphertext');\n\n const tag = ciphertext.subarray(-tagLength);\n ciphertext = ciphertext.subarray(0, -tagLength);\n\n const crypted = crypt(decipher, ciphertext, nonce, adata);\n // if (Tag[1..TAGLEN] == T)\n if (util.equalsUint8Array(tag, crypted.subarray(-tagLength))) {\n return crypted.subarray(0, -tagLength);\n }\n throw new Error('Authentication tag mismatch');\n }\n };\n}\n\n\n/**\n * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}.\n * @param {Uint8Array} iv - The initialization vector (15 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nOCB.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[7 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nOCB.blockLength = blockLength;\nOCB.ivLength = ivLength;\nOCB.tagLength = tagLength;\n\nexport default OCB;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview This module wraps native AES-GCM en/decryption for both\n * the WebCrypto api as well as node.js' crypto api.\n * @module crypto/mode/gcm\n */\n\nimport { gcm as nobleAesGcm } from '@noble/ciphers/aes';\nimport util from '../../util';\nimport enums from '../../enums';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst Buffer = util.getNodeBuffer();\n\nconst blockLength = 16;\nconst ivLength = 12; // size of the IV in bytes\nconst tagLength = 16; // size of the tag in bytes\nconst ALGO = 'AES-GCM';\n\n/**\n * Class to en/decrypt using GCM mode.\n * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use\n * @param {Uint8Array} key - The encryption key\n */\nasync function GCM(cipher, key) {\n if (cipher !== enums.symmetric.aes128 &&\n cipher !== enums.symmetric.aes192 &&\n cipher !== enums.symmetric.aes256) {\n throw new Error('GCM mode supports only AES cipher');\n }\n\n if (util.getNodeCrypto()) { // Node crypto library\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n en.setAAD(adata);\n const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);\n de.setAAD(adata);\n de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext\n const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);\n return new Uint8Array(pt);\n }\n };\n }\n\n if (util.getWebCrypto()) {\n try {\n const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);\n // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages\n const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\\/13\\.\\d(\\.\\d)* Safari/) ||\n navigator.userAgent.match(/Version\\/(13|14)\\.\\d(\\.\\d)* Mobile\\/\\S* Safari/);\n return {\n encrypt: async function(pt, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && !pt.length) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n }\n const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);\n return new Uint8Array(ct);\n },\n\n decrypt: async function(ct, iv, adata = new Uint8Array()) {\n if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n try {\n const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);\n return new Uint8Array(pt);\n } catch (e) {\n if (e.name === 'OperationError') {\n throw new Error('Authentication tag mismatch');\n }\n }\n }\n };\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n }\n\n return {\n encrypt: async function(pt, iv, adata) {\n return nobleAesGcm(key, iv, adata).encrypt(pt);\n },\n\n decrypt: async function(ct, iv, adata) {\n return nobleAesGcm(key, iv, adata).decrypt(ct);\n }\n };\n}\n\n\n/**\n * Get GCM nonce. Note: this operation is not defined by the standard.\n * A future version of the standard may define GCM mode differently,\n * hopefully under a different ID (we use Private/Experimental algorithm\n * ID 100) so that we can maintain backwards compatibility.\n * @param {Uint8Array} iv - The initialization vector (12 bytes)\n * @param {Uint8Array} chunkIndex - The chunk index (8 bytes)\n */\nGCM.getNonce = function(iv, chunkIndex) {\n const nonce = iv.slice();\n for (let i = 0; i < chunkIndex.length; i++) {\n nonce[4 + i] ^= chunkIndex[i];\n }\n return nonce;\n};\n\nGCM.blockLength = blockLength;\nGCM.ivLength = ivLength;\nGCM.tagLength = tagLength;\n\nexport default GCM;\n","/**\n * @fileoverview Cipher modes\n * @module crypto/mode\n */\n\nimport * as cfb from './cfb';\nimport eax from './eax';\nimport ocb from './ocb';\nimport gcm from './gcm';\n\nexport default {\n /** @see module:crypto/mode/cfb */\n cfb: cfb,\n /** @see module:crypto/mode/gcm */\n gcm: gcm,\n experimentalGCM: gcm,\n /** @see module:crypto/mode/eax */\n eax: eax,\n /** @see module:crypto/mode/ocb */\n ocb: ocb\n};\n","// Operations are not constant time, but we try and limit timing leakage where we can\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\nexport function uint8ArrayToBigInt(bytes: Uint8Array) {\n const hexAlphabet = '0123456789ABCDEF';\n let s = '';\n bytes.forEach(v => {\n s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];\n });\n return BigInt('0x0' + s);\n}\n\nexport function mod(a: bigint, m: bigint) {\n const reduced = a % m;\n return reduced < _0n ? reduced + m : reduced;\n}\n\n/**\n * Compute modular exponentiation using square and multiply\n * @param {BigInt} a - Base\n * @param {BigInt} e - Exponent\n * @param {BigInt} n - Modulo\n * @returns {BigInt} b ** e mod n.\n */\nexport function modExp(b: bigint, e: bigint, n: bigint) {\n if (n === _0n) throw Error('Modulo cannot be zero');\n if (n === _1n) return BigInt(0);\n if (e < _0n) throw Error('Unsopported negative exponent');\n\n let exp = e;\n let x = b;\n\n x %= n;\n let r = BigInt(1);\n while (exp > _0n) {\n const lsb = exp & _1n;\n exp >>= _1n; // e / 2\n // Always compute multiplication step, to reduce timing leakage\n const rx = (r * x) % n;\n // Update r only if lsb is 1 (odd exponent)\n r = lsb ? rx : r;\n x = (x * x) % n; // Square\n }\n return r;\n}\n\n\nfunction abs(x: bigint) {\n return x >= _0n ? x : -x;\n}\n\n/**\n * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)\n * Given a and b, compute (x, y) such that ax + by = gdc(a, b).\n * Negative numbers are also supported.\n * @param {BigInt} a - First operand\n * @param {BigInt} b - Second operand\n * @returns {{ gcd, x, y: bigint }}\n */\nfunction _egcd(aInput: bigint, bInput: bigint) {\n let x = BigInt(0);\n let y = BigInt(1);\n let xPrev = BigInt(1);\n let yPrev = BigInt(0);\n\n // Deal with negative numbers: run algo over absolute values,\n // and \"move\" the sign to the returned x and/or y.\n // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers\n let a = abs(aInput);\n let b = abs(bInput);\n const aNegated = aInput < _0n;\n const bNegated = bInput < _0n;\n\n while (b !== _0n) {\n const q = a / b;\n let tmp = x;\n x = xPrev - q * x;\n xPrev = tmp;\n\n tmp = y;\n y = yPrev - q * y;\n yPrev = tmp;\n\n tmp = b;\n b = a % b;\n a = tmp;\n }\n\n return {\n x: aNegated ? -xPrev : xPrev,\n y: bNegated ? -yPrev : yPrev,\n gcd: a\n };\n}\n\n/**\n * Compute the inverse of `a` modulo `n`\n * Note: `a` and and `n` must be relatively prime\n * @param {BigInt} a\n * @param {BigInt} n - Modulo\n * @returns {BigInt} x such that a*x = 1 mod n\n * @throws {Error} if the inverse does not exist\n */\nexport function modInv(a: bigint, n: bigint) {\n const { gcd, x } = _egcd(a, n);\n if (gcd !== _1n) {\n throw new Error('Inverse does not exist');\n }\n return mod(x + n, n);\n}\n\n/**\n * Compute greatest common divisor between this and n\n * @param {BigInt} aInput - Operand\n * @param {BigInt} bInput - Operand\n * @returns {BigInt} gcd\n */\nexport function gcd(aInput: bigint, bInput: bigint) {\n let a = aInput;\n let b = bInput;\n while (b !== _0n) {\n const tmp = b;\n b = a % b;\n a = tmp;\n }\n return a;\n}\n\n/**\n * Get this value as an exact Number (max 53 bits)\n * Fails if this value is too large\n * @returns {Number}\n */\nexport function bigIntToNumber(x: bigint) {\n const number = Number(x);\n if (number > Number.MAX_SAFE_INTEGER) {\n // We throw and error to conform with the bn.js implementation\n throw new Error('Number can only safely store up to 53 bits');\n }\n return number;\n}\n\n/**\n * Get value of i-th bit\n * @param {BigInt} x\n * @param {Number} i - Bit index\n * @returns {Number} Bit value.\n */\nexport function getBit(x:bigint, i: number) {\n const bit = (x >> BigInt(i)) & _1n;\n return bit === _0n ? 0 : 1;\n}\n\n/**\n * Compute bit length\n */\nexport function bitLength(x: bigint) {\n // -1n >> -1n is -1n\n // 1n >> 1n is 0n\n const target = x < _0n ? BigInt(-1) : _0n;\n let bitlen = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _1n) !== target) {\n bitlen++;\n }\n return bitlen;\n}\n\n/**\n * Compute byte length\n */\nexport function byteLength(x: bigint) {\n const target = x < _0n ? BigInt(-1) : _0n;\n const _8n = BigInt(8);\n let len = 1;\n let tmp = x;\n // eslint-disable-next-line no-cond-assign\n while ((tmp >>= _8n) !== target) {\n len++;\n }\n return len;\n}\n\n/**\n * Get Uint8Array representation of this number\n * @param {String} endian - Endianess of output array (defaults to 'be')\n * @param {Number} length - Of output array\n * @returns {Uint8Array}\n */\nexport function bigIntToUint8Array(x: bigint, endian = 'be', length: number) {\n // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)\n // this is faster than shift+mod iterations\n let hex = x.toString(16);\n if (hex.length % 2 === 1) {\n hex = '0' + hex;\n }\n\n const rawLength = hex.length / 2;\n const bytes = new Uint8Array(length || rawLength);\n // parse hex\n const offset = length ? length - rawLength : 0;\n let i = 0;\n while (i < rawLength) {\n bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);\n i++;\n }\n\n if (endian !== 'be') {\n bytes.reverse();\n }\n\n return bytes;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js\n * @module crypto/random\n */\nimport { byteLength, mod, uint8ArrayToBigInt } from './biginteger';\nimport util from '../util';\n\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Retrieve secure random byte array of the specified length\n * @param {Integer} length - Length in bytes to generate\n * @returns {Uint8Array} Random byte array.\n */\nexport function getRandomBytes(length) {\n const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto?.webcrypto;\n if (webcrypto?.getRandomValues) {\n const buf = new Uint8Array(length);\n return webcrypto.getRandomValues(buf);\n } else {\n throw new Error('No secure random number generator available.');\n }\n}\n\n/**\n * Create a secure random BigInt that is greater than or equal to min and less than max.\n * @param {bigint} min - Lower bound, included\n * @param {bigint} max - Upper bound, excluded\n * @returns {bigint} Random BigInt.\n * @async\n */\nexport function getRandomBigInteger(min, max) {\n if (max < min) {\n throw new Error('Illegal parameter value: max <= min');\n }\n\n const modulus = max - min;\n const bytes = byteLength(modulus);\n\n // Using a while loop is necessary to avoid bias introduced by the mod operation.\n // However, we request 64 extra random bits so that the bias is negligible.\n // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));\n return mod(r, modulus) + min;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Algorithms for probabilistic random prime generation\n * @module crypto/public_key/prime\n */\nimport { bigIntToNumber, bitLength, gcd, getBit, mod, modExp } from '../biginteger';\nimport { getRandomBigInteger } from '../random';\n\nconst _1n = BigInt(1);\n\n/**\n * Generate a probably prime random number\n * @param bits - Bit length of the prime\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function randomProbablePrime(bits: number, e: bigint, k: number) {\n const _30n = BigInt(30);\n const min = _1n << BigInt(bits - 1);\n /*\n * We can avoid any multiples of 3 and 5 by looking at n mod 30\n * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29\n * the next possible prime is mod 30:\n * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1\n */\n const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];\n\n let n = getRandomBigInteger(min, min << _1n);\n let i = bigIntToNumber(mod(n, _30n));\n\n do {\n n += BigInt(adds[i]);\n i = (i + adds[i]) % adds.length;\n // If reached the maximum, go back to the minimum.\n if (bitLength(n) > bits) {\n n = mod(n, min << _1n); n += min;\n i = bigIntToNumber(mod(n, _30n));\n }\n } while (!isProbablePrime(n, e, k));\n return n;\n}\n\n/**\n * Probabilistic primality testing\n * @param n - Number to test\n * @param e - Optional RSA exponent to check against the prime\n * @param k - Optional number of iterations of Miller-Rabin test\n */\nexport function isProbablePrime(n: bigint, e: bigint, k: number) {\n if (e && gcd(n - _1n, e) !== _1n) {\n return false;\n }\n if (!divisionTest(n)) {\n return false;\n }\n if (!fermat(n)) {\n return false;\n }\n if (!millerRabin(n, k)) {\n return false;\n }\n // TODO implement the Lucas test\n // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n return true;\n}\n\n/**\n * Tests whether n is probably prime or not using Fermat's test with b = 2.\n * Fails if b^(n-1) mod n != 1.\n * @param n - Number to test\n * @param b - Optional Fermat test base\n */\nexport function fermat(n: bigint, b = BigInt(2)) {\n return modExp(b, n - _1n, n) === _1n;\n}\n\nexport function divisionTest(n: bigint) {\n const _0n = BigInt(0);\n return smallPrimes.every(m => mod(n, m) !== _0n);\n}\n\n// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c\nconst smallPrimes = [\n 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,\n 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,\n 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,\n 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,\n 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,\n 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,\n 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,\n 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,\n 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,\n 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,\n 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,\n 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,\n 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,\n 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,\n 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,\n 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,\n 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,\n 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,\n 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,\n 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,\n 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,\n 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,\n 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,\n 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,\n 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,\n 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,\n 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,\n 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,\n 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,\n 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,\n 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,\n 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,\n 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,\n 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,\n 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,\n 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,\n 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,\n 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,\n 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,\n 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,\n 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,\n 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,\n 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,\n 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,\n 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,\n 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,\n 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,\n 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,\n 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,\n 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,\n 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,\n 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,\n 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,\n 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,\n 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,\n 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,\n 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,\n 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,\n 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,\n 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,\n 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,\n 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,\n 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,\n 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,\n 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,\n 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,\n 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,\n 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,\n 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,\n 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,\n 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,\n 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,\n 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,\n 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,\n 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,\n 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,\n 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,\n 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,\n 4957, 4967, 4969, 4973, 4987, 4993, 4999\n].map(n => BigInt(n));\n\n\n// Miller-Rabin - Miller Rabin algorithm for primality test\n// Copyright Fedor Indutny, 2014.\n//\n// This software is licensed under the MIT License.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a\n// copy of this software and associated documentation files (the\n// \"Software\"), to deal in the Software without restriction, including\n// without limitation the rights to use, copy, modify, merge, publish,\n// distribute, sublicense, and/or sell copies of the Software, and to permit\n// persons to whom the Software is furnished to do so, subject to the\n// following conditions:\n//\n// The above copyright notice and this permission notice shall be included\n// in all copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\n// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\n// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\n// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\n// USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin\n\n// Sample syntax for Fixed-Base Miller-Rabin:\n// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))\n\n/**\n * Tests whether n is probably prime or not using the Miller-Rabin test.\n * See HAC Remark 4.28.\n * @param n - Number to test\n * @param k - Optional number of iterations of Miller-Rabin test\n * @param rand - Optional function to generate potential witnesses\n * @returns {boolean}\n * @async\n */\nexport function millerRabin(n: bigint, k: number, rand?: () => bigint) {\n const len = bitLength(n);\n\n if (!k) {\n k = Math.max(1, (len / 48) | 0);\n }\n\n const n1 = n - _1n; // n - 1\n\n // Find d and s, (n - 1) = (2 ^ s) * d;\n let s = 0;\n while (!getBit(n1, s)) { s++; }\n const d = n >> BigInt(s);\n\n for (; k > 0; k--) {\n const a = rand ? rand() : getRandomBigInteger(BigInt(2), n1);\n\n let x = modExp(a, d, n);\n if (x === _1n || x === n1) {\n continue;\n }\n\n let i;\n for (i = 1; i < s; i++) {\n x = mod(x * x, n);\n\n if (x === _1n) {\n return false;\n }\n if (x === n1) {\n break;\n }\n }\n\n if (i === s) {\n return false;\n }\n }\n\n return true;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Provides EME-PKCS1-v1_5 encoding and decoding and EMSA-PKCS1-v1_5 encoding function\n * @see module:crypto/public_key/rsa\n * @see module:crypto/public_key/elliptic/ecdh\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs1\n */\n\nimport { getRandomBytes } from './random';\nimport hash from './hash';\nimport util from '../util';\n\n/**\n * ASN1 object identifiers for hashes\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2}\n */\nconst hash_headers = [];\nhash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04,\n 0x10];\nhash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14];\nhash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14];\nhash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,\n 0x04, 0x20];\nhash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00,\n 0x04, 0x30];\nhash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,\n 0x00, 0x04, 0x40];\nhash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,\n 0x00, 0x04, 0x1C];\n\n/**\n * Create padding with secure random data\n * @private\n * @param {Integer} length - Length of the padding in bytes\n * @returns {Uint8Array} Random padding.\n */\nfunction getPKCS1Padding(length) {\n const result = new Uint8Array(length);\n let count = 0;\n while (count < length) {\n const randomBytes = getRandomBytes(length - count);\n for (let i = 0; i < randomBytes.length; i++) {\n if (randomBytes[i] !== 0) {\n result[count++] = randomBytes[i];\n }\n }\n }\n return result;\n}\n\n/**\n * Create a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}\n * @param {Uint8Array} message - Message to be encoded\n * @param {Integer} keyLength - The length in octets of the key modulus\n * @returns {Uint8Array} EME-PKCS1 padded message.\n */\nexport function emeEncode(message, keyLength) {\n const mLength = message.length;\n // length checking\n if (mLength > keyLength - 11) {\n throw new Error('Message too long');\n }\n // Generate an octet string PS of length k - mLen - 3 consisting of\n // pseudo-randomly generated nonzero octets\n const PS = getPKCS1Padding(keyLength - mLength - 3);\n // Concatenate PS, the message M, and other padding to form an\n // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.\n const encoded = new Uint8Array(keyLength);\n // 0x00 byte\n encoded[1] = 2;\n encoded.set(PS, 2);\n // 0x00 bytes\n encoded.set(message, keyLength - mLength);\n return encoded;\n}\n\n/**\n * Decode a EME-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}\n * @param {Uint8Array} encoded - Encoded message bytes\n * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing)\n * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given)\n * @throws {Error} on decoding failure, unless `randomPayload` is provided\n */\nexport function emeDecode(encoded, randomPayload) {\n // encoded format: 0x00 0x02 0x00 \n let offset = 2;\n let separatorNotFound = 1;\n for (let j = offset; j < encoded.length; j++) {\n separatorNotFound &= encoded[j] !== 0;\n offset += separatorNotFound;\n }\n\n const psLen = offset - 2;\n const payload = encoded.subarray(offset + 1); // discard the 0x00 separator\n const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound;\n\n if (randomPayload) {\n return util.selectUint8Array(isValidPadding, payload, randomPayload);\n }\n\n if (isValidPadding) {\n return payload;\n }\n\n throw new Error('Decryption error');\n}\n\n/**\n * Create a EMSA-PKCS1-v1_5 padded message\n * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}\n * @param {Integer} algo - Hash algorithm type used\n * @param {Uint8Array} hashed - Message to be encoded\n * @param {Integer} emLen - Intended length in octets of the encoded message\n * @returns {Uint8Array} Encoded message.\n */\nexport function emsaEncode(algo, hashed, emLen) {\n let i;\n if (hashed.length !== hash.getHashByteLength(algo)) {\n throw new Error('Invalid hash length');\n }\n // produce an ASN.1 DER value for the hash function used.\n // Let T be the full hash prefix\n const hashPrefix = new Uint8Array(hash_headers[algo].length);\n for (i = 0; i < hash_headers[algo].length; i++) {\n hashPrefix[i] = hash_headers[algo][i];\n }\n // and let tLen be the length in octets prefix and hashed data\n const tLen = hashPrefix.length + hashed.length;\n if (emLen < tLen + 11) {\n throw new Error('Intended encoded message length too short');\n }\n // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF\n // The length of PS will be at least 8 octets\n const PS = new Uint8Array(emLen - tLen - 3).fill(0xff);\n\n // Concatenate PS, the hash prefix, hashed data, and other padding to form the\n // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed\n const EM = new Uint8Array(emLen);\n EM[1] = 0x01;\n EM.set(PS, 2);\n EM.set(hashPrefix, emLen - tLen);\n EM.set(hashed, emLen - hashed.length);\n return EM;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview RSA implementation\n * @module crypto/public_key/rsa\n */\nimport { randomProbablePrime } from './prime';\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../encoding/base64';\nimport { emsaEncode, emeEncode, emeDecode } from '../pkcs1';\nimport enums from '../../enums';\nimport { bigIntToNumber, bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\nimport hash from '../hash';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\nconst _1n = BigInt(1);\n\n/** Create signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Promise} RSA Signature.\n * @async\n */\nexport async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) {\n if (hash.getHashByteLength(hashAlgo) >= n.length) {\n // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error\n // e.g. if a 512-bit RSA key is used with a SHA-512 digest.\n // The size limit is actually slightly different but here we only care about throwing\n // on common key sizes.\n throw new Error('Digest size cannot exceed key modulus size');\n }\n\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeSign(hashAlgo, data, n, e, d, p, q, u);\n }\n }\n return bnSign(hashAlgo, n, d, hashed);\n}\n\n/**\n * Verify signature\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} s - Signature\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} hashed - Hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(hashAlgo, data, s, n, e, hashed) {\n if (data && !util.isStream(data)) {\n if (util.getWebCrypto()) {\n try {\n return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e);\n } catch (err) {\n util.printDebugError(err);\n }\n } else if (util.getNodeCrypto()) {\n return nodeVerify(hashAlgo, data, s, n, e);\n }\n }\n return bnVerify(hashAlgo, s, n, e, hashed);\n}\n\n/**\n * Encrypt message\n * @param {Uint8Array} data - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @returns {Promise} RSA Ciphertext.\n * @async\n */\nexport async function encrypt(data, n, e) {\n if (util.getNodeCrypto()) {\n return nodeEncrypt(data, n, e);\n }\n return bnEncrypt(data, n, e);\n}\n\n/**\n * Decrypt RSA message\n * @param {Uint8Array} m - Message\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA private coefficient\n * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} RSA Plaintext.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(data, n, e, d, p, q, u, randomPayload) {\n // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,\n // and we want to avoid checking the error type to decide if the random payload\n // should indeed be returned.\n if (util.getNodeCrypto() && !randomPayload) {\n try {\n return await nodeDecrypt(data, n, e, d, p, q, u);\n } catch (err) {\n util.printDebugError(err);\n }\n }\n return bnDecrypt(data, n, e, d, p, q, u, randomPayload);\n}\n\n/**\n * Generate a new random private key B bits long with public exponent E.\n *\n * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using\n * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.\n * @see module:crypto/public_key/prime\n * @param {Integer} bits - RSA bit length\n * @param {Integer} e - RSA public exponent\n * @returns {{n, e, d,\n * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent,\n * RSA private prime p, RSA private prime q, u = p ** -1 mod q\n * @async\n */\nexport async function generate(bits, e) {\n e = BigInt(e);\n\n // Native RSA keygen using Web Crypto\n if (util.getWebCrypto()) {\n const keyGenOpt = {\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits, // the specified keysize in bits\n publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent\n hash: {\n name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'\n }\n };\n const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);\n\n // export the generated keys as JsonWebKey (JWK)\n // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33\n const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);\n // map JWK parameters to corresponding OpenPGP names\n return jwkToPrivate(jwk, e);\n } else if (util.getNodeCrypto()) {\n const opts = {\n modulusLength: bits,\n publicExponent: bigIntToNumber(e),\n publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },\n privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }\n };\n const jwk = await new Promise((resolve, reject) => {\n nodeCrypto.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => {\n if (err) {\n reject(err);\n } else {\n resolve(jwkPrivateKey);\n }\n });\n });\n return jwkToPrivate(jwk, e);\n }\n\n // RSA keygen fallback using 40 iterations of the Miller-Rabin test\n // See https://stackoverflow.com/a/6330138 for justification\n // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST\n let p;\n let q;\n let n;\n do {\n q = randomProbablePrime(bits - (bits >> 1), e, 40);\n p = randomProbablePrime(bits >> 1, e, 40);\n n = p * q;\n } while (bitLength(n) !== bits);\n\n const phi = (p - _1n) * (q - _1n);\n\n if (q < p) {\n [p, q] = [q, p];\n }\n\n return {\n n: bigIntToUint8Array(n),\n e: bigIntToUint8Array(e),\n d: bigIntToUint8Array(modInv(e, phi)),\n p: bigIntToUint8Array(p),\n q: bigIntToUint8Array(q),\n // dp: d.mod(p.subn(1)),\n // dq: d.mod(q.subn(1)),\n u: bigIntToUint8Array(modInv(p, q))\n };\n}\n\n/**\n * Validate RSA parameters\n * @param {Uint8Array} n - RSA public modulus\n * @param {Uint8Array} e - RSA public exponent\n * @param {Uint8Array} d - RSA private exponent\n * @param {Uint8Array} p - RSA private prime p\n * @param {Uint8Array} q - RSA private prime q\n * @param {Uint8Array} u - RSA inverse of p w.r.t. q\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(n, e, d, p, q, u) {\n n = uint8ArrayToBigInt(n);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n\n // expect pq = n\n if ((p * q) !== n) {\n return false;\n }\n\n const _2n = BigInt(2);\n // expect p*u = 1 mod q\n u = uint8ArrayToBigInt(u);\n if (mod(p * u, q) !== BigInt(1)) {\n return false;\n }\n\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n /**\n * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)\n * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]\n * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)]\n *\n * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)\n */\n const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));\n const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q\n const rde = r * d * e;\n\n const areInverses = mod(rde, p - _1n) === r && mod(rde, q - _1n) === r;\n if (!areInverses) {\n return false;\n }\n\n return true;\n}\n\nasync function bnSign(hashAlgo, n, d, hashed) {\n n = uint8ArrayToBigInt(n);\n const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));\n d = uint8ArrayToBigInt(d);\n return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));\n}\n\nasync function webSign(hashName, data, n, e, d, p, q, u) {\n /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q.\n * We swap them in privateToJWK, so it usually works out, but nevertheless,\n * not all OpenPGP keys are compatible with this requirement.\n * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still\n * does if the underlying Web Crypto does so (though the tested implementations\n * don't do so).\n */\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n };\n const key = await webCrypto.importKey('jwk', jwk, algo, false, ['sign']);\n return new Uint8Array(await webCrypto.sign('RSASSA-PKCS1-v1_5', key, data));\n}\n\nasync function nodeSign(hashAlgo, data, n, e, d, p, q, u) {\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(data);\n sign.end();\n\n const jwk = await privateToJWK(n, e, d, p, q, u);\n return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' }));\n}\n\nasync function bnVerify(hashAlgo, s, n, e, hashed) {\n n = uint8ArrayToBigInt(n);\n s = uint8ArrayToBigInt(s);\n e = uint8ArrayToBigInt(e);\n if (s >= n) {\n throw new Error('Signature size cannot exceed modulus size');\n }\n const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));\n const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));\n return util.equalsUint8Array(EM1, EM2);\n}\n\nasync function webVerify(hashName, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = await webCrypto.importKey('jwk', jwk, {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: hashName }\n }, false, ['verify']);\n return webCrypto.verify('RSASSA-PKCS1-v1_5', key, s, data);\n}\n\nasync function nodeVerify(hashAlgo, data, s, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1' };\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(data);\n verify.end();\n\n try {\n return verify.verify(key, s);\n } catch (err) {\n return false;\n }\n}\n\nasync function nodeEncrypt(data, n, e) {\n const jwk = publicToJWK(n, e);\n const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n return new Uint8Array(nodeCrypto.publicEncrypt(key, data));\n}\n\nasync function bnEncrypt(data, n, e) {\n n = uint8ArrayToBigInt(n);\n data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));\n e = uint8ArrayToBigInt(e);\n if (data >= n) {\n throw new Error('Message size cannot exceed modulus size');\n }\n return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));\n}\n\nasync function nodeDecrypt(data, n, e, d, p, q, u) {\n const jwk = await privateToJWK(n, e, d, p, q, u);\n const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto.constants.RSA_PKCS1_PADDING };\n\n try {\n return new Uint8Array(nodeCrypto.privateDecrypt(key, data));\n } catch (err) {\n throw new Error('Decryption error');\n }\n}\n\nasync function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {\n data = uint8ArrayToBigInt(data);\n n = uint8ArrayToBigInt(n);\n e = uint8ArrayToBigInt(e);\n d = uint8ArrayToBigInt(d);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n u = uint8ArrayToBigInt(u);\n if (data >= n) {\n throw new Error('Data too large.');\n }\n const dq = mod(d, q - _1n); // d mod (q-1)\n const dp = mod(d, p - _1n); // d mod (p-1)\n\n const unblinder = getRandomBigInteger(BigInt(2), n);\n const blinder = modExp(modInv(unblinder, n), e, n);\n data = mod(data * blinder, n);\n\n const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p\n const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q\n const h = mod(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)\n\n let result = h * p + mp; // result < n due to relations above\n\n result = mod(result * unblinder, n);\n\n return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);\n}\n\n/** Convert Openpgp private key params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n * @param {Uint8Array} d\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} u\n */\nasync function privateToJWK(n, e, d, p, q, u) {\n const pNum = uint8ArrayToBigInt(p);\n const qNum = uint8ArrayToBigInt(q);\n const dNum = uint8ArrayToBigInt(d);\n\n let dq = mod(dNum, qNum - _1n); // d mod (q-1)\n let dp = mod(dNum, pNum - _1n); // d mod (p-1)\n dp = bigIntToUint8Array(dp);\n dq = bigIntToUint8Array(dq);\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n d: uint8ArrayToB64(d, true),\n // switch p and q\n p: uint8ArrayToB64(q, true),\n q: uint8ArrayToB64(p, true),\n // switch dp and dq\n dp: uint8ArrayToB64(dq, true),\n dq: uint8ArrayToB64(dp, true),\n qi: uint8ArrayToB64(u, true),\n ext: true\n };\n}\n\n/** Convert Openpgp key public params to jwk key according to\n * @link https://tools.ietf.org/html/rfc7517\n * @param {String} hashAlgo\n * @param {Uint8Array} n\n * @param {Uint8Array} e\n */\nfunction publicToJWK(n, e) {\n return {\n kty: 'RSA',\n n: uint8ArrayToB64(n, true),\n e: uint8ArrayToB64(e, true),\n ext: true\n };\n}\n\n/** Convert JWK private key to OpenPGP private key params */\nfunction jwkToPrivate(jwk, e) {\n return {\n n: b64ToUint8Array(jwk.n),\n e: bigIntToUint8Array(e),\n d: b64ToUint8Array(jwk.d),\n // switch p and q\n p: b64ToUint8Array(jwk.q),\n q: b64ToUint8Array(jwk.p),\n // Since p and q are switched in places, u is the inverse of jwk.q\n u: b64ToUint8Array(jwk.qi)\n };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview ElGamal implementation\n * @module crypto/public_key/elgamal\n */\nimport { getRandomBigInteger } from '../random';\nimport { emeEncode, emeDecode } from '../pkcs1';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\nconst _1n = BigInt(1);\n\n/**\n * ElGamal Encryption function\n * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)\n * @param {Uint8Array} data - To be padded and encrypted\n * @param {Uint8Array} p\n * @param {Uint8Array} g\n * @param {Uint8Array} y\n * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>}\n * @async\n */\nexport async function encrypt(data, p, g, y) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n const padded = emeEncode(data, byteLength(p));\n const m = uint8ArrayToBigInt(padded);\n\n // OpenPGP uses a \"special\" version of ElGamal where g is generator of the full group Z/pZ*\n // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]\n const k = getRandomBigInteger(_1n, p - _1n);\n return {\n c1: bigIntToUint8Array(modExp(g, k, p)),\n c2: bigIntToUint8Array(mod(modExp(y, k, p) * m, p))\n };\n}\n\n/**\n * ElGamal Encryption function\n * @param {Uint8Array} c1\n * @param {Uint8Array} c2\n * @param {Uint8Array} p\n * @param {Uint8Array} x\n * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing\n * (needed for constant-time processing)\n * @returns {Promise} Unpadded message.\n * @throws {Error} on decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function decrypt(c1, c2, p, x, randomPayload) {\n c1 = uint8ArrayToBigInt(c1);\n c2 = uint8ArrayToBigInt(c2);\n p = uint8ArrayToBigInt(p);\n x = uint8ArrayToBigInt(x);\n\n const padded = mod(modInv(modExp(c1, x, p), p) * c2, p);\n return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);\n}\n\n/**\n * Validate ElGamal parameters\n * @param {Uint8Array} p - ElGamal prime\n * @param {Uint8Array} g - ElGamal group generator\n * @param {Uint8Array} y - ElGamal public key\n * @param {Uint8Array} x - ElGamal private exponent\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, g, y, x) {\n p = uint8ArrayToBigInt(p);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n // Expect p-1 to be large\n const pSize = BigInt(bitLength(p));\n const _1023n = BigInt(1023);\n if (pSize < _1023n) {\n return false;\n }\n\n /**\n * g should have order p-1\n * Check that g ** (p-1) = 1 mod p\n */\n if (modExp(g, p - _1n, p) !== _1n) {\n return false;\n }\n\n /**\n * Since p-1 is not prime, g might have a smaller order that divides p-1\n * We want to make sure that the order is large enough to hinder a small subgroup attack\n *\n * We just check g**i != 1 for all i up to a threshold\n */\n let res = g;\n let i = BigInt(1);\n const _2n = BigInt(2);\n const threshold = _2n << BigInt(17); // we want order > threshold\n while (i < threshold) {\n res = mod(res * g, p);\n if (res === _1n) {\n return false;\n }\n i++;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{r(p-1) + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const r = getRandomBigInteger(_2n << (pSize - _1n), _2n << pSize); // draw r of same size as p-1\n const rqx = (p - _1n) * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","// declare const globalThis: Record | undefined;\nexport const crypto =\n typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n","import { crypto } from './crypto.js';\n\n'use strict';\nconst nacl = {};\nexport default nacl;\n\n// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n//\n// Implementation derived from TweetNaCl version 20140427.\n// See for details: http://tweetnacl.cr.yp.to/\n\nvar gf = function(init) {\n var i, r = new Float64Array(16);\n if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\n return r;\n};\n\n// Pluggable, initialized in high-level API below.\nvar randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\n\nvar _9 = new Uint8Array(32); _9[0] = 9;\n\nvar gf0 = gf(),\n gf1 = gf([1]),\n _121665 = gf([0xdb41, 1]),\n D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),\n D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),\n X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\n Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\n I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\nfunction ts64(x, i, h, l) {\n x[i] = (h >> 24) & 0xff;\n x[i+1] = (h >> 16) & 0xff;\n x[i+2] = (h >> 8) & 0xff;\n x[i+3] = h & 0xff;\n x[i+4] = (l >> 24) & 0xff;\n x[i+5] = (l >> 16) & 0xff;\n x[i+6] = (l >> 8) & 0xff;\n x[i+7] = l & 0xff;\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i,d = 0;\n for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x,xi,y,yi,32);\n}\n\nfunction set25519(r, a) {\n var i;\n for (i = 0; i < 16; i++) r[i] = a[i]|0;\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for (i = 0; i < 16; i++) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c-1 + 37 * (c-1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b-1);\n for (var i = 0; i < 16; i++) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for (i = 0; i < 16; i++) t[i] = n[i];\n car25519(t);\n car25519(t);\n car25519(t);\n for (j = 0; j < 2; j++) {\n m[0] = t[0] - 0xffed;\n for (i = 1; i < 15; i++) {\n m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);\n b = (m[15]>>16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1-b);\n }\n for (i = 0; i < 16; i++) {\n o[2*i] = t[i] & 0xff;\n o[2*i+1] = t[i]>>8;\n }\n}\n\nfunction neq25519(a, b) {\n var c = new Uint8Array(32), d = new Uint8Array(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction par25519(a) {\n var d = new Uint8Array(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\n o[15] &= 0x7fff;\n}\n\nfunction A(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\n}\n\nfunction Z(o, a, b) {\n for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 253; a >= 0; a--) {\n S(c, c);\n if(a !== 2 && a !== 4) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for (a = 0; a < 16; a++) c[a] = i[a];\n for (a = 250; a >= 0; a--) {\n S(c, c);\n if(a !== 1) M(c, c, i);\n }\n for (a = 0; a < 16; a++) o[a] = c[a];\n}\n\nfunction crypto_scalarmult(q, n, p) {\n var z = new Uint8Array(32);\n var x = new Float64Array(80), r, i;\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf();\n for (i = 0; i < 31; i++) z[i] = n[i];\n z[31]=(n[31]&127)|64;\n z[0]&=248;\n unpack25519(x,p);\n for (i = 0; i < 16; i++) {\n b[i]=x[i];\n d[i]=a[i]=c[i]=0;\n }\n a[0]=d[0]=1;\n for (i=254; i>=0; --i) {\n r=(z[i>>>3]>>>(i&7))&1;\n sel25519(a,b,r);\n sel25519(c,d,r);\n A(e,a,c);\n Z(a,a,c);\n A(c,b,d);\n Z(b,b,d);\n S(d,e);\n S(f,a);\n M(a,c,a);\n M(c,b,e);\n A(e,a,c);\n Z(a,a,c);\n S(b,a);\n Z(c,d,f);\n M(a,c,_121665);\n A(a,a,d);\n M(c,c,a);\n M(a,d,f);\n M(d,b,x);\n S(b,e);\n sel25519(a,b,r);\n sel25519(c,d,r);\n }\n for (i = 0; i < 16; i++) {\n x[i+16]=a[i];\n x[i+32]=c[i];\n x[i+48]=b[i];\n x[i+64]=d[i];\n }\n var x32 = x.subarray(32);\n var x16 = x.subarray(16);\n inv25519(x32,x32);\n M(x16,x16,x32);\n pack25519(q,x16);\n return 0;\n}\n\nfunction crypto_scalarmult_base(q, n) {\n return crypto_scalarmult(q, n, _9);\n}\n\nfunction crypto_box_keypair(y, x) {\n randombytes(x, 32);\n return crypto_scalarmult_base(y, x);\n}\n\nvar K = [\n 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\n 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\n 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,\n 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,\n 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,\n 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,\n 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,\n 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,\n 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,\n 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,\n 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,\n 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,\n 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,\n 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,\n 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,\n 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,\n 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,\n 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,\n 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,\n 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,\n 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,\n 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,\n 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,\n 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,\n 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,\n 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,\n 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,\n 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,\n 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,\n 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,\n 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,\n 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,\n 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,\n 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,\n 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,\n 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,\n 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,\n 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,\n 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\n 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\n];\n\nfunction crypto_hashblocks_hl(hh, hl, m, n) {\n var wh = new Int32Array(16), wl = new Int32Array(16),\n bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\n bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\n th, tl, i, j, h, l, a, b, c, d;\n\n var ah0 = hh[0],\n ah1 = hh[1],\n ah2 = hh[2],\n ah3 = hh[3],\n ah4 = hh[4],\n ah5 = hh[5],\n ah6 = hh[6],\n ah7 = hh[7],\n\n al0 = hl[0],\n al1 = hl[1],\n al2 = hl[2],\n al3 = hl[3],\n al4 = hl[4],\n al5 = hl[5],\n al6 = hl[6],\n al7 = hl[7];\n\n var pos = 0;\n while (n >= 128) {\n for (i = 0; i < 16; i++) {\n j = 8 * i + pos;\n wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];\n wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];\n }\n for (i = 0; i < 80; i++) {\n bh0 = ah0;\n bh1 = ah1;\n bh2 = ah2;\n bh3 = ah3;\n bh4 = ah4;\n bh5 = ah5;\n bh6 = ah6;\n bh7 = ah7;\n\n bl0 = al0;\n bl1 = al1;\n bl2 = al2;\n bl3 = al3;\n bl4 = al4;\n bl5 = al5;\n bl6 = al6;\n bl7 = al7;\n\n // add\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma1\n h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\n l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Ch\n h = (ah4 & ah5) ^ (~ah4 & ah6);\n l = (al4 & al5) ^ (~al4 & al6);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // K\n h = K[i*2];\n l = K[i*2+1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // w\n h = wh[i%16];\n l = wl[i%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n th = c & 0xffff | d << 16;\n tl = a & 0xffff | b << 16;\n\n // add\n h = th;\n l = tl;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n // Sigma0\n h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\n l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // Maj\n h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\n l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh7 = (c & 0xffff) | (d << 16);\n bl7 = (a & 0xffff) | (b << 16);\n\n // add\n h = bh3;\n l = bl3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = th;\n l = tl;\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n bh3 = (c & 0xffff) | (d << 16);\n bl3 = (a & 0xffff) | (b << 16);\n\n ah1 = bh0;\n ah2 = bh1;\n ah3 = bh2;\n ah4 = bh3;\n ah5 = bh4;\n ah6 = bh5;\n ah7 = bh6;\n ah0 = bh7;\n\n al1 = bl0;\n al2 = bl1;\n al3 = bl2;\n al4 = bl3;\n al5 = bl4;\n al6 = bl5;\n al7 = bl6;\n al0 = bl7;\n\n if (i%16 === 15) {\n for (j = 0; j < 16; j++) {\n // add\n h = wh[j];\n l = wl[j];\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = wh[(j+9)%16];\n l = wl[(j+9)%16];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma0\n th = wh[(j+1)%16];\n tl = wl[(j+1)%16];\n h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\n l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n // sigma1\n th = wh[(j+14)%16];\n tl = wl[(j+14)%16];\n h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\n l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n wh[j] = (c & 0xffff) | (d << 16);\n wl[j] = (a & 0xffff) | (b << 16);\n }\n }\n }\n\n // add\n h = ah0;\n l = al0;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[0];\n l = hl[0];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[0] = ah0 = (c & 0xffff) | (d << 16);\n hl[0] = al0 = (a & 0xffff) | (b << 16);\n\n h = ah1;\n l = al1;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[1];\n l = hl[1];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[1] = ah1 = (c & 0xffff) | (d << 16);\n hl[1] = al1 = (a & 0xffff) | (b << 16);\n\n h = ah2;\n l = al2;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[2];\n l = hl[2];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[2] = ah2 = (c & 0xffff) | (d << 16);\n hl[2] = al2 = (a & 0xffff) | (b << 16);\n\n h = ah3;\n l = al3;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[3];\n l = hl[3];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[3] = ah3 = (c & 0xffff) | (d << 16);\n hl[3] = al3 = (a & 0xffff) | (b << 16);\n\n h = ah4;\n l = al4;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[4];\n l = hl[4];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[4] = ah4 = (c & 0xffff) | (d << 16);\n hl[4] = al4 = (a & 0xffff) | (b << 16);\n\n h = ah5;\n l = al5;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[5];\n l = hl[5];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[5] = ah5 = (c & 0xffff) | (d << 16);\n hl[5] = al5 = (a & 0xffff) | (b << 16);\n\n h = ah6;\n l = al6;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[6];\n l = hl[6];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[6] = ah6 = (c & 0xffff) | (d << 16);\n hl[6] = al6 = (a & 0xffff) | (b << 16);\n\n h = ah7;\n l = al7;\n\n a = l & 0xffff; b = l >>> 16;\n c = h & 0xffff; d = h >>> 16;\n\n h = hh[7];\n l = hl[7];\n\n a += l & 0xffff; b += l >>> 16;\n c += h & 0xffff; d += h >>> 16;\n\n b += a >>> 16;\n c += b >>> 16;\n d += c >>> 16;\n\n hh[7] = ah7 = (c & 0xffff) | (d << 16);\n hl[7] = al7 = (a & 0xffff) | (b << 16);\n\n pos += 128;\n n -= 128;\n }\n\n return n;\n}\n\nfunction crypto_hash(out, m, n) {\n var hh = new Int32Array(8),\n hl = new Int32Array(8),\n x = new Uint8Array(256),\n i, b = n;\n\n hh[0] = 0x6a09e667;\n hh[1] = 0xbb67ae85;\n hh[2] = 0x3c6ef372;\n hh[3] = 0xa54ff53a;\n hh[4] = 0x510e527f;\n hh[5] = 0x9b05688c;\n hh[6] = 0x1f83d9ab;\n hh[7] = 0x5be0cd19;\n\n hl[0] = 0xf3bcc908;\n hl[1] = 0x84caa73b;\n hl[2] = 0xfe94f82b;\n hl[3] = 0x5f1d36f1;\n hl[4] = 0xade682d1;\n hl[5] = 0x2b3e6c1f;\n hl[6] = 0xfb41bd6b;\n hl[7] = 0x137e2179;\n\n crypto_hashblocks_hl(hh, hl, m, n);\n n %= 128;\n\n for (i = 0; i < n; i++) x[i] = m[b-n+i];\n x[n] = 128;\n\n n = 256-128*(n<112?1:0);\n x[n-9] = 0;\n ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\n crypto_hashblocks_hl(hh, hl, x, n);\n\n for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\n\n return 0;\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n var i;\n for (i = 0; i < 4; i++) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for (i = 255; i >= 0; --i) {\n b = (s[(i/8)|0] >> (i&7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction crypto_sign_keypair(pk, sk, seeded) {\n var d = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n if (!seeded) randombytes(sk, 32);\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for (i = 0; i < 32; i++) sk[i+32] = pk[i];\n return 0;\n}\n\nvar L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for (i = 63; i >= 32; --i) {\n carry = 0;\n for (j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = Math.floor((x[j] + 128) / 256);\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for (j = 0; j < 32; j++) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for (j = 0; j < 32; j++) x[j] -= carry * L[j];\n for (i = 0; i < 32; i++) {\n x[i+1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64), i;\n for (i = 0; i < 64; i++) x[i] = r[i];\n for (i = 0; i < 64; i++) r[i] = 0;\n modL(r, x);\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n crypto_hash(d, sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for (i = 0; i < n; i++) sm[64 + i] = m[i];\n for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\n\n crypto_hash(r, sm.subarray(32), n+32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for (i = 32; i < 64; i++) sm[i] = sk[i];\n crypto_hash(h, sm, n + 64);\n reduce(h);\n\n for (i = 0; i < 64; i++) x[i] = 0;\n for (i = 0; i < 32; i++) x[i] = r[i];\n for (i = 0; i < 32; i++) {\n for (j = 0; j < 32; j++) {\n x[i+j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) M(r[0], r[0], I);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if (neq25519(chk, num)) return -1;\n\n if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i;\n var t = new Uint8Array(32), h = new Uint8Array(64);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n if (n < 64) return -1;\n\n if (unpackneg(q, pk)) return -1;\n\n for (i = 0; i < n; i++) m[i] = sm[i];\n for (i = 0; i < 32; i++) m[i+32] = pk[i];\n crypto_hash(h, m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if (crypto_verify_32(sm, 0, t, 0)) {\n for (i = 0; i < n; i++) m[i] = 0;\n return -1;\n }\n\n for (i = 0; i < n; i++) m[i] = sm[i + 64];\n return n;\n}\n\nvar crypto_scalarmult_BYTES = 32,\n crypto_scalarmult_SCALARBYTES = 32,\n crypto_box_PUBLICKEYBYTES = 32,\n crypto_box_SECRETKEYBYTES = 32,\n crypto_sign_BYTES = 64,\n crypto_sign_PUBLICKEYBYTES = 32,\n crypto_sign_SECRETKEYBYTES = 64,\n crypto_sign_SEEDBYTES = 32;\n\nfunction checkArrayTypes() {\n for (var i = 0; i < arguments.length; i++) {\n if (!(arguments[i] instanceof Uint8Array))\n throw new TypeError('unexpected type, use Uint8Array');\n }\n}\n\nfunction cleanup(arr) {\n for (var i = 0; i < arr.length; i++) arr[i] = 0;\n}\n\nnacl.scalarMult = function(n, p) {\n checkArrayTypes(n, p);\n if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\n if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');\n var q = new Uint8Array(crypto_scalarmult_BYTES);\n crypto_scalarmult(q, n, p);\n return q;\n};\n\nnacl.box = {};\n\nnacl.box.keyPair = function() {\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\n crypto_box_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.box.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_box_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\n crypto_scalarmult_base(pk, secretKey);\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign = function(msg, secretKey) {\n checkArrayTypes(msg, secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);\n crypto_sign(signedMsg, msg, msg.length, secretKey);\n return signedMsg;\n};\n\nnacl.sign.detached = function(msg, secretKey) {\n var signedMsg = nacl.sign(msg, secretKey);\n var sig = new Uint8Array(crypto_sign_BYTES);\n for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\n return sig;\n};\n\nnacl.sign.detached.verify = function(msg, sig, publicKey) {\n checkArrayTypes(msg, sig, publicKey);\n if (sig.length !== crypto_sign_BYTES)\n throw new Error('bad signature size');\n if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\n throw new Error('bad public key size');\n var sm = new Uint8Array(crypto_sign_BYTES + msg.length);\n var m = new Uint8Array(crypto_sign_BYTES + msg.length);\n var i;\n for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];\n for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nnacl.sign.keyPair = function() {\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.sign.keyPair.fromSecretKey = function(secretKey) {\n checkArrayTypes(secretKey);\n if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\n throw new Error('bad secret key size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\n return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\n};\n\nnacl.sign.keyPair.fromSeed = function(seed) {\n checkArrayTypes(seed);\n if (seed.length !== crypto_sign_SEEDBYTES)\n throw new Error('bad seed size');\n var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\n var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\n for (var i = 0; i < 32; i++) sk[i] = seed[i];\n crypto_sign_keypair(pk, sk, true);\n return {publicKey: pk, secretKey: sk};\n};\n\nnacl.setPRNG = function(fn) {\n randombytes = fn;\n};\n\n(function() {\n // Initialize PRNG if environment provides CSPRNG.\n // If not, methods calling randombytes will throw.\n if (crypto && crypto.getRandomValues) {\n // Browsers and Node v16+\n var QUOTA = 65536;\n nacl.setPRNG(function(x, n) {\n var i, v = new Uint8Array(n);\n for (i = 0; i < n; i += QUOTA) {\n crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));\n }\n for (i = 0; i < n; i++) x[i] = v[i];\n cleanup(v);\n });\n }\n})();\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Wrapper to an OID value\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-11|RFC6637, section 11}:\n * The sequence of octets in the third column is the result of applying\n * the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier\n * with subsequent truncation. The truncation removes the two fields of\n * encoded Object Identifier. The first omitted field is one octet\n * representing the Object Identifier tag, and the second omitted field\n * is the length of the Object Identifier body. For example, the\n * complete ASN.1 DER encoding for the NIST P-256 curve OID is \"06 08 2A\n * 86 48 CE 3D 03 01 07\", from which the first entry in the table above\n * is constructed by omitting the first two octets. Only the truncated\n * sequence of octets is the valid representation of a curve OID.\n * @module type/oid\n */\n\nimport util from '../util';\nimport enums from '../enums';\n\nconst knownOIDs = {\n '2a8648ce3d030107': enums.curve.nistP256,\n '2b81040022': enums.curve.nistP384,\n '2b81040023': enums.curve.nistP521,\n '2b8104000a': enums.curve.secp256k1,\n '2b06010401da470f01': enums.curve.ed25519Legacy,\n '2b060104019755010501': enums.curve.curve25519Legacy,\n '2b2403030208010107': enums.curve.brainpoolP256r1,\n '2b240303020801010b': enums.curve.brainpoolP384r1,\n '2b240303020801010d': enums.curve.brainpoolP512r1\n};\n\nclass OID {\n constructor(oid) {\n if (oid instanceof OID) {\n this.oid = oid.oid;\n } else if (util.isArray(oid) ||\n util.isUint8Array(oid)) {\n oid = new Uint8Array(oid);\n if (oid[0] === 0x06) { // DER encoded oid byte array\n if (oid[1] !== oid.length - 2) {\n throw new Error('Length mismatch in DER encoded oid');\n }\n oid = oid.subarray(2);\n }\n this.oid = oid;\n } else {\n this.oid = '';\n }\n }\n\n /**\n * Method to read an OID object\n * @param {Uint8Array} input - Where to read the OID from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length >= 1) {\n const length = input[0];\n if (input.length >= 1 + length) {\n this.oid = input.subarray(1, 1 + length);\n return 1 + this.oid.length;\n }\n }\n throw new Error('Invalid oid');\n }\n\n /**\n * Serialize an OID object\n * @returns {Uint8Array} Array with the serialized value the OID.\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]);\n }\n\n /**\n * Serialize an OID object as a hex string\n * @returns {string} String with the hex value of the OID.\n */\n toHex() {\n return util.uint8ArrayToHex(this.oid);\n }\n\n /**\n * If a known curve object identifier, return the canonical name of the curve\n * @returns {enums.curve} String with the canonical name of the curve\n * @throws if unknown\n */\n getName() {\n const name = knownOIDs[this.toHex()];\n if (!name) {\n throw new Error('Unknown curve object identifier.');\n }\n\n return name;\n }\n}\n\nexport default OID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Functions for reading and writing packets\n * @module packet/packet\n */\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\nexport function readSimpleLength(bytes) {\n let len = 0;\n let offset;\n const type = bytes[0];\n\n\n if (type < 192) {\n [len] = bytes;\n offset = 1;\n } else if (type < 255) {\n len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;\n offset = 2;\n } else if (type === 255) {\n len = util.readNumber(bytes.subarray(1, 1 + 4));\n offset = 5;\n }\n\n return {\n len: len,\n offset: offset\n };\n}\n\n/**\n * Encodes a given integer of length to the openpgp length specifier to a\n * string\n *\n * @param {Integer} length - The length to encode\n * @returns {Uint8Array} String with openpgp length representation.\n */\nexport function writeSimpleLength(length) {\n if (length < 192) {\n return new Uint8Array([length]);\n } else if (length > 191 && length < 8384) {\n /*\n * let a = (total data packet length) - 192 let bc = two octet\n * representation of a let d = b + 192\n */\n return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);\n }\n return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);\n}\n\nexport function writePartialLength(power) {\n if (power < 0 || power > 30) {\n throw new Error('Partial Length power must be between 1 and 30');\n }\n return new Uint8Array([224 + power]);\n}\n\nexport function writeTag(tag_type) {\n /* we're only generating v4 packet headers here */\n return new Uint8Array([0xC0 | tag_type]);\n}\n\n/**\n * Writes a packet header version 4 with the given tag_type and length to a\n * string\n *\n * @param {Integer} tag_type - Tag type\n * @param {Integer} length - Length of the payload\n * @returns {String} String of the header.\n */\nexport function writeHeader(tag_type, length) {\n /* we're only generating v4 packet headers here */\n return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]);\n}\n\n/**\n * Whether the packet type supports partial lengths per RFC4880\n * @param {Integer} tag - Tag type\n * @returns {Boolean} String of the header.\n */\nexport function supportsStreaming(tag) {\n return [\n enums.packet.literalData,\n enums.packet.compressedData,\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n ].includes(tag);\n}\n\n/**\n * Generic static Packet Parser function\n *\n * @param {Uint8Array | ReadableStream} input - Input stream as string\n * @param {Function} callback - Function to call with the parsed packet\n * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.\n */\nexport async function readPackets(input, callback) {\n const reader = stream.getReader(input);\n let writer;\n let callbackReturned;\n try {\n const peekedBytes = await reader.peekBytes(2);\n // some sanity checks\n if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {\n throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.');\n }\n const headerByte = await reader.readByte();\n let tag = -1;\n let format = -1;\n let packetLength;\n\n format = 0; // 0 = old format; 1 = new format\n if ((headerByte & 0x40) !== 0) {\n format = 1;\n }\n\n let packetLengthType;\n if (format) {\n // new format header\n tag = headerByte & 0x3F; // bit 5-0\n } else {\n // old format header\n tag = (headerByte & 0x3F) >> 2; // bit 5-2\n packetLengthType = headerByte & 0x03; // bit 1-0\n }\n\n const packetSupportsStreaming = supportsStreaming(tag);\n let packet = null;\n if (packetSupportsStreaming) {\n if (util.isStream(input) === 'array') {\n const arrayStream = new stream.ArrayStream();\n writer = stream.getWriter(arrayStream);\n packet = arrayStream;\n } else {\n const transform = new TransformStream();\n writer = stream.getWriter(transform.writable);\n packet = transform.readable;\n }\n // eslint-disable-next-line callback-return\n callbackReturned = callback({ tag, packet });\n } else {\n packet = [];\n }\n\n let wasPartialLength;\n do {\n if (!format) {\n // 4.2.1. Old Format Packet Lengths\n switch (packetLengthType) {\n case 0:\n // The packet has a one-octet length. The header is 2 octets\n // long.\n packetLength = await reader.readByte();\n break;\n case 1:\n // The packet has a two-octet length. The header is 3 octets\n // long.\n packetLength = (await reader.readByte() << 8) | await reader.readByte();\n break;\n case 2:\n // The packet has a four-octet length. The header is 5\n // octets long.\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n break;\n default:\n // 3 - The packet is of indeterminate length. The header is 1\n // octet long, and the implementation must determine how long\n // the packet is. If the packet is in a file, this means that\n // the packet extends until the end of the file. In general,\n // an implementation SHOULD NOT use indeterminate-length\n // packets except where the end of the data will be clear\n // from the context, and even then it is better to use a\n // definite length, or a new format header. The new format\n // headers described below have a mechanism for precisely\n // encoding data of indeterminate length.\n packetLength = Infinity;\n break;\n }\n } else { // 4.2.2. New Format Packet Lengths\n // 4.2.2.1. One-Octet Lengths\n const lengthByte = await reader.readByte();\n wasPartialLength = false;\n if (lengthByte < 192) {\n packetLength = lengthByte;\n // 4.2.2.2. Two-Octet Lengths\n } else if (lengthByte >= 192 && lengthByte < 224) {\n packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;\n // 4.2.2.4. Partial Body Lengths\n } else if (lengthByte > 223 && lengthByte < 255) {\n packetLength = 1 << (lengthByte & 0x1F);\n wasPartialLength = true;\n if (!packetSupportsStreaming) {\n throw new TypeError('This packet type does not support partial lengths.');\n }\n // 4.2.2.3. Five-Octet Lengths\n } else {\n packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<\n 8) | await reader.readByte();\n }\n }\n if (packetLength > 0) {\n let bytesRead = 0;\n while (true) {\n if (writer) await writer.ready;\n const { done, value } = await reader.read();\n if (done) {\n if (packetLength === Infinity) break;\n throw new Error('Unexpected end of packet');\n }\n const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead);\n if (writer) await writer.write(chunk);\n else packet.push(chunk);\n bytesRead += value.length;\n if (bytesRead >= packetLength) {\n reader.unshift(value.subarray(packetLength - bytesRead + value.length));\n break;\n }\n }\n }\n } while (wasPartialLength);\n\n // If this was not a packet that \"supports streaming\", we peek to check\n // whether it is the last packet in the message. We peek 2 bytes instead\n // of 1 because the beginning of this function also peeks 2 bytes, and we\n // want to cut a `subarray` of the correct length into `web-stream-tools`'\n // `externalBuffer` as a tiny optimization here.\n //\n // If it *was* a streaming packet (i.e. the data packets), we peek at the\n // entire remainder of the stream, in order to forward errors in the\n // remainder of the stream to the packet data. (Note that this means we\n // read/peek at all signature packets before closing the literal data\n // packet, for example.) This forwards MDC errors to the literal data\n // stream, for example, so that they don't get lost / forgotten on\n // decryptedMessage.packets.stream, which we never look at.\n //\n // An example of what we do when stream-parsing a message containing\n // [ one-pass signature packet, literal data packet, signature packet ]:\n // 1. Read the one-pass signature packet\n // 2. Peek 2 bytes of the literal data packet\n // 3. Parse the one-pass signature packet\n //\n // 4. Read the literal data packet, simultaneously stream-parsing it\n // 5. Peek until the end of the message\n // 6. Finish parsing the literal data packet\n //\n // 7. Read the signature packet again (we already peeked at it in step 5)\n // 8. Peek at the end of the stream again (`peekBytes` returns undefined)\n // 9. Parse the signature packet\n //\n // Note that this means that if there's an error in the very end of the\n // stream, such as an MDC error, we throw in step 5 instead of in step 8\n // (or never), which is the point of this exercise.\n const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2);\n if (writer) {\n await writer.ready;\n await writer.close();\n } else {\n packet = util.concatUint8Array(packet);\n // eslint-disable-next-line callback-return\n await callback({ tag, packet });\n }\n return !nextPacket || !nextPacket.length;\n } catch (e) {\n if (writer) {\n await writer.abort(e);\n return true;\n } else {\n throw e;\n }\n } finally {\n if (writer) {\n await callbackReturned;\n }\n reader.releaseLock();\n }\n}\n\nexport class UnsupportedError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnsupportedError';\n }\n}\n\n// unknown packet types are handled differently depending on the packet criticality\nexport class UnknownPacketError extends UnsupportedError {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, UnsupportedError);\n }\n\n this.name = 'UnknownPacketError';\n }\n}\n\nexport class UnparseablePacket {\n constructor(tag, rawContent) {\n this.tag = tag;\n this.rawContent = rawContent;\n }\n\n write() {\n return this.rawContent;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP\n * @module crypto/public_key/elliptic/eddsa\n */\n\nimport ed25519 from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { getRandomBytes } from '../../random';\nimport { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';\n\n\n/**\n * Generate (non-legacy) EdDSA key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n A: new Uint8Array(b64ToUint8Array(publicKey.x)),\n seed: b64ToUint8Array(privateKey.d, true)\n };\n } catch (err) {\n if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux\n throw err;\n }\n const seed = getRandomBytes(getPayloadSize(algo));\n const { publicKey: A } = ed25519.sign.keyPair.fromSeed(seed);\n return { A, seed };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const seed = ed448.utils.randomPrivateKey();\n const A = ed448.getPublicKey(seed);\n return { A, seed };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\n/**\n * Sign a message using the provided key\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * RS: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = privateKeyToJWK(algo, publicKey, privateKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']);\n\n const signature = new Uint8Array(\n await webCrypto.sign('Ed25519', key, hashed)\n );\n\n return { RS: signature };\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n const secretKey = util.concatUint8Array([privateKey, publicKey]);\n const signature = ed25519.sign.detached(hashed, secretKey);\n return { RS: signature };\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n const signature = ed448.sign(hashed, privateKey);\n return { RS: signature };\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{ RS: Uint8Array }} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {\n // Enforce digest sizes:\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n switch (algo) {\n case enums.publicKey.ed25519:\n try {\n const webCrypto = util.getWebCrypto();\n const jwk = publicKeyToJWK(algo, publicKey);\n const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']);\n const verified = await webCrypto.verify('Ed25519', key, RS, hashed);\n return verified;\n } catch (err) {\n if (err.name !== 'NotSupportedError') {\n throw err;\n }\n return ed25519.sign.detached.verify(hashed, RS, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n return ed448.verify(RS, hashed, publicKey);\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n/**\n * Validate (non-legacy) EdDSA parameters\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} A - EdDSA public point\n * @param {Uint8Array} seed - EdDSA secret seed\n * @param {Uint8Array} oid - (legacy only) EdDSA OID\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(algo, A, seed) {\n switch (algo) {\n case enums.publicKey.ed25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented\n */\n const { publicKey } = ed25519.sign.keyPair.fromSeed(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n\n case enums.publicKey.ed448: {\n const ed448 = await util.getNobleCurve(enums.publicKey.ed448);\n\n const publicKey = ed448.getPublicKey(seed);\n return util.equalsUint8Array(A, publicKey);\n }\n default:\n return false;\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return 32;\n\n case enums.publicKey.ed448:\n return 57;\n\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n}\n\nexport function getPreferredHashAlgo(algo) {\n switch (algo) {\n case enums.publicKey.ed25519:\n return enums.hash.sha256;\n case enums.publicKey.ed448:\n return enums.hash.sha512;\n default:\n throw new Error('Unknown EdDSA algo');\n }\n}\n\nconst publicKeyToJWK = (algo, publicKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = {\n kty: 'OKP',\n crv: 'Ed25519',\n x: uint8ArrayToB64(publicKey, true),\n ext: true\n };\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n\nconst privateKeyToJWK = (algo, publicKey, privateKey) => {\n switch (algo) {\n case enums.publicKey.ed25519: {\n const jwk = publicKeyToJWK(algo, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n }\n default:\n throw new Error('Unsupported EdDSA algorithm');\n }\n};\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of RFC 3394 AES Key Wrap & Key Unwrap funcions\n * @see module:crypto/public_key/elliptic/ecdh\n * @module crypto/aes_kw\n */\n\nimport { aeskw as nobleAesKW } from '@noble/ciphers/aes';\nimport { getCipherParams } from './cipher';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n/**\n * AES key wrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} dataToWrap\n * @returns {Uint8Array} wrapped key\n */\nexport async function wrap(algo, key, dataToWrap) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n try {\n const wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']);\n // Import data as HMAC key, as it has no key length requirements\n const keyToWrap = await webCrypto.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n const wrapped = await webCrypto.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' });\n return new Uint8Array(wrapped);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n }\n\n return nobleAesKW(key).encrypt(dataToWrap);\n}\n\n/**\n * AES key unwrap\n * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo\n * @param {Uint8Array} key - wrapping key\n * @param {Uint8Array} wrappedData\n * @returns {Uint8Array} unwrapped data\n */\nexport async function unwrap(algo, key, wrappedData) {\n const { keySize } = getCipherParams(algo);\n // sanity checks, since WebCrypto does not use the `algo` input\n if (!util.isAES(algo) || key.length !== keySize) {\n throw new Error('Unexpected algorithm or key size');\n }\n\n let wrappingKey;\n try {\n wrappingKey = await webCrypto.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']);\n } catch (err) {\n // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support\n if (err.name !== 'NotSupportedError' &&\n !(key.length === 24 && err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support operation: ' + err.message);\n return nobleAesKW(key).decrypt(wrappedData);\n }\n\n try {\n const unwrapped = await webCrypto.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']);\n return new Uint8Array(await webCrypto.exportKey('raw', unwrapped));\n } catch (err) {\n if (err.name === 'OperationError') {\n throw new Error('Key Data Integrity failed');\n }\n throw err;\n }\n}\n","/**\n * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API.\n * @module crypto/hkdf\n */\n\nimport enums from '../enums';\nimport util from '../util';\n\nconst webCrypto = util.getWebCrypto();\n\nexport default async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) {\n const hash = enums.read(enums.webHash, hashAlgo);\n if (!hash) throw new Error('Hash algo not supported with HKDF');\n\n const importedKey = await webCrypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']);\n const bits = await webCrypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8);\n return new Uint8Array(bits);\n}\n","/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport x25519 from '@openpgp/tweetnacl';\nimport * as aesKW from '../../aes_kw';\nimport { getRandomBytes } from '../../random';\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport computeHKDF from '../../hkdf';\nimport { getCipherParams } from '../../cipher';\n\nconst HKDF_INFO = {\n x25519: util.encodeUTF8('OpenPGP X25519'),\n x448: util.encodeUTF8('OpenPGP X448')\n};\n\n/**\n * Generate ECDH key for Montgomery curves\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>}\n */\nexport async function generate(algo) {\n switch (algo) {\n case enums.publicKey.x25519: {\n // k stays in little-endian, unlike legacy ECDH over curve25519\n const k = getRandomBytes(32);\n const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);\n return { A, k };\n }\n\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const k = x448.utils.randomPrivateKey();\n const A = x448.getPublicKey(k);\n return { A, k };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n* Validate ECDH parameters\n* @param {module:enums.publicKey} algo - Algorithm identifier\n* @param {Uint8Array} A - ECDH public point\n* @param {Uint8Array} k - ECDH secret scalar\n* @returns {Promise} Whether params are valid.\n* @async\n*/\nexport async function validateParams(algo, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const { publicKey } = x25519.box.keyPair.fromSecretKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n /**\n * Derive public point A' from private key\n * and expect A == A'\n */\n const publicKey = x448.getPublicKey(k);\n return util.equalsUint8Array(A, publicKey);\n }\n\n default:\n return false;\n }\n}\n\n/**\n * Wrap and encrypt a session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} data - session key data to be encrypted\n * @param {Uint8Array} recipientA - Recipient public key (K_B)\n * @returns {Promise<{\n * ephemeralPublicKey: Uint8Array,\n * wrappedKey: Uint8Array\n * }>} ephemeral public key (K_A) and encrypted key\n * @async\n */\nexport async function encrypt(algo, data, recipientA) {\n const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n recipientA,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n const wrappedKey = await aesKW.wrap(cipherAlgo, encryptionKey, data);\n return { ephemeralPublicKey, wrappedKey };\n }\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Decrypt and unwrap the session key\n *\n * @param {module:enums.publicKey} algo - Algorithm identifier\n * @param {Uint8Array} ephemeralPublicKey - (K_A)\n * @param {Uint8Array} wrappedKey,\n * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF\n * @param {Uint8Array} k - Recipient secret key (b)\n * @returns {Promise} decrypted session key data\n * @async\n */\nexport async function decrypt(algo, ephemeralPublicKey, wrappedKey, A, k) {\n const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k);\n const hkdfInput = util.concatUint8Array([\n ephemeralPublicKey,\n A,\n sharedSecret\n ]);\n switch (algo) {\n case enums.publicKey.x25519: {\n const cipherAlgo = enums.symmetric.aes128;\n const { keySize } = getCipherParams(cipherAlgo);\n const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n case enums.publicKey.x448: {\n const cipherAlgo = enums.symmetric.aes256;\n const { keySize } = getCipherParams(enums.symmetric.aes256);\n const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize);\n return aesKW.unwrap(cipherAlgo, encryptionKey, wrappedKey);\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport function getPayloadSize(algo) {\n switch (algo) {\n case enums.publicKey.x25519:\n return 32;\n\n case enums.publicKey.x448:\n return 56;\n\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * Generate shared secret and ephemeral public key for encryption\n * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret\n * @async\n */\nexport async function generateEphemeralEncryptionMaterial(algo, recipientA) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));\n const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const ephemeralSecretKey = x448.utils.randomPrivateKey();\n const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA);\n assertNonZeroArray(sharedSecret);\n const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey);\n return { ephemeralPublicKey, sharedSecret };\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\nexport async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {\n switch (algo) {\n case enums.publicKey.x25519: {\n const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n case enums.publicKey.x448: {\n const x448 = await util.getNobleCurve(enums.publicKey.x448);\n const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);\n assertNonZeroArray(sharedSecret);\n return sharedSecret;\n }\n default:\n throw new Error('Unsupported ECDH algorithm');\n }\n}\n\n/**\n * x25519 and x448 produce an all-zero value when given as input a point with small order.\n * This does not lead to a security issue in the context of ECDH, but it is still unexpected,\n * hence we throw.\n * @param {Uint8Array} sharedSecret\n */\nfunction assertNonZeroArray(sharedSecret) {\n let acc = 0;\n for (let i = 0; i < sharedSecret.length; i++) {\n acc |= sharedSecret[i];\n }\n if (acc === 0) {\n throw new Error('Unexpected low order point');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Wrapper of an instance of an Elliptic Curve\n * @module crypto/public_key/elliptic/curve\n */\nimport nacl from '@openpgp/tweetnacl';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';\nimport OID from '../../../type/oid';\nimport { UnsupportedError } from '../../../packet/packet';\nimport { generate as eddsaGenerate } from './eddsa';\nimport { generate as ecdhXGenerate } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\nconst webCurves = {\n [enums.curve.nistP256]: 'P-256',\n [enums.curve.nistP384]: 'P-384',\n [enums.curve.nistP521]: 'P-521'\n};\nconst knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];\nconst nodeCurves = nodeCrypto ? {\n [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,\n [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,\n [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,\n [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,\n [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,\n [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,\n [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,\n [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined,\n [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined\n} : {};\n\nconst curves = {\n [enums.curve.nistP256]: {\n oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.nistP256],\n web: webCurves[enums.curve.nistP256],\n payloadSize: 32,\n sharedSize: 256,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP384]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.nistP384],\n web: webCurves[enums.curve.nistP384],\n payloadSize: 48,\n sharedSize: 384,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.nistP521]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.nistP521],\n web: webCurves[enums.curve.nistP521],\n payloadSize: 66,\n sharedSize: 528,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.secp256k1]: {\n oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.secp256k1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.ed25519Legacy]: {\n oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01],\n keyType: enums.publicKey.eddsaLegacy,\n hash: enums.hash.sha512,\n node: false, // nodeCurves.ed25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.curve25519Legacy]: {\n oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01],\n keyType: enums.publicKey.ecdh,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: false, // nodeCurves.curve25519 TODO\n payloadSize: 32,\n wireFormatLeadingByte: 0x40\n },\n [enums.curve.brainpoolP256r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha256,\n cipher: enums.symmetric.aes128,\n node: nodeCurves[enums.curve.brainpoolP256r1],\n payloadSize: 32,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP384r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha384,\n cipher: enums.symmetric.aes192,\n node: nodeCurves[enums.curve.brainpoolP384r1],\n payloadSize: 48,\n wireFormatLeadingByte: 0x04\n },\n [enums.curve.brainpoolP512r1]: {\n oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D],\n keyType: enums.publicKey.ecdsa,\n hash: enums.hash.sha512,\n cipher: enums.symmetric.aes256,\n node: nodeCurves[enums.curve.brainpoolP512r1],\n payloadSize: 64,\n wireFormatLeadingByte: 0x04\n }\n};\n\nclass CurveWithOID {\n constructor(oidOrName) {\n try {\n this.name = oidOrName instanceof OID ?\n oidOrName.getName() :\n enums.write(enums.curve,oidOrName);\n } catch (err) {\n throw new UnsupportedError('Unknown curve');\n }\n const params = curves[this.name];\n\n this.keyType = params.keyType;\n\n this.oid = params.oid;\n this.hash = params.hash;\n this.cipher = params.cipher;\n this.node = params.node;\n this.web = params.web;\n this.payloadSize = params.payloadSize;\n this.sharedSize = params.sharedSize;\n this.wireFormatLeadingByte = params.wireFormatLeadingByte;\n if (this.web && util.getWebCrypto()) {\n this.type = 'web';\n } else if (this.node && util.getNodeCrypto()) {\n this.type = 'node';\n } else if (this.name === enums.curve.curve25519Legacy) {\n this.type = 'curve25519Legacy';\n } else if (this.name === enums.curve.ed25519Legacy) {\n this.type = 'ed25519Legacy';\n }\n }\n\n async genKeyPair() {\n switch (this.type) {\n case 'web':\n try {\n return await webGenKeyPair(this.name, this.wireFormatLeadingByte);\n } catch (err) {\n util.printDebugError('Browser did not support generating ec key ' + err.message);\n return jsGenKeyPair(this.name);\n }\n case 'node':\n return nodeGenKeyPair(this.name);\n case 'curve25519Legacy': {\n // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3\n const { k, A } = await ecdhXGenerate(enums.publicKey.x25519);\n const privateKey = k.slice().reverse();\n privateKey[0] = (privateKey[0] & 127) | 64;\n privateKey[31] &= 248;\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n case 'ed25519Legacy': {\n const { seed: privateKey, A } = await eddsaGenerate(enums.publicKey.ed25519);\n const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]);\n return { publicKey, privateKey };\n }\n default:\n return jsGenKeyPair(this.name);\n }\n }\n}\n\nasync function generate(curveName) {\n const curve = new CurveWithOID(curveName);\n const { oid, hash, cipher } = curve;\n const keyPair = await curve.genKeyPair();\n return {\n oid,\n Q: keyPair.publicKey,\n secret: util.leftPad(keyPair.privateKey, curve.payloadSize),\n hash,\n cipher\n };\n}\n\n/**\n * Get preferred hash algo to use with the given curve\n * @param {module:type/oid} oid - curve oid\n * @returns {enums.hash} hash algorithm\n */\nfunction getPreferredHashAlgo(oid) {\n return curves[oid.getName()].hash;\n}\n\n/**\n * Validate ECDH and ECDSA parameters\n * Not suitable for EdDSA (different secret key format)\n * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves\n * @param {module:type/oid} oid - EC object identifier\n * @param {Uint8Array} Q - EC public point\n * @param {Uint8Array} d - EC secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nasync function validateStandardParams(algo, oid, Q, d) {\n const supportedCurves = {\n [enums.curve.nistP256]: true,\n [enums.curve.nistP384]: true,\n [enums.curve.nistP521]: true,\n [enums.curve.secp256k1]: true,\n [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh,\n [enums.curve.brainpoolP256r1]: true,\n [enums.curve.brainpoolP384r1]: true,\n [enums.curve.brainpoolP512r1]: true\n };\n\n // Check whether the given curve is supported\n const curveName = oid.getName();\n if (!supportedCurves[curveName]) {\n return false;\n }\n\n if (curveName === enums.curve.curve25519Legacy) {\n d = d.slice().reverse();\n // Re-derive public point Q'\n const { publicKey } = nacl.box.keyPair.fromSecretKey(d);\n\n Q = new Uint8Array(Q);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n /*\n * Re-derive public point Q' = dG from private key\n * Expect Q == Q'\n */\n const dG = nobleCurve.getPublicKey(d, false);\n if (!util.equalsUint8Array(dG, Q)) {\n return false;\n }\n\n return true;\n}\n\n/**\n * Check whether the public point has a valid encoding.\n * NB: this function does not check e.g. whether the point belongs to the curve.\n */\nfunction checkPublicPointEnconding(curve, V) {\n const { payloadSize, wireFormatLeadingByte, name: curveName } = curve;\n\n const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2;\n\n if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) {\n throw new Error('Invalid point encoding');\n }\n}\n\nexport {\n CurveWithOID, curves, webCurves, nodeCurves, generate, getPreferredHashAlgo, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding\n};\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\nasync function jsGenKeyPair(name) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves\n const privateKey = nobleCurve.utils.randomPrivateKey();\n const publicKey = nobleCurve.getPublicKey(privateKey, false);\n return { publicKey, privateKey };\n}\n\nasync function webGenKeyPair(name, wireFormatLeadingByte) {\n // Note: keys generated with ECDSA and ECDH are structurally equivalent\n const webCryptoKey = await webCrypto.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']);\n\n const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);\n const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);\n\n return {\n publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte),\n privateKey: b64ToUint8Array(privateKey.d, true)\n };\n}\n\nasync function nodeGenKeyPair(name) {\n // Note: ECDSA and ECDH key generation is structurally equivalent\n const ecdh = nodeCrypto.createECDH(nodeCurves[name]);\n await ecdh.generateKeys();\n return {\n publicKey: new Uint8Array(ecdh.getPublicKey()),\n privateKey: new Uint8Array(ecdh.getPrivateKey())\n };\n}\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * @param {JsonWebKey} jwk - key for conversion\n *\n * @returns {Uint8Array} Raw public key.\n */\nfunction jwkToRawPublic(jwk, wireFormatLeadingByte) {\n const bufX = b64ToUint8Array(jwk.x);\n const bufY = b64ToUint8Array(jwk.y);\n const publicKey = new Uint8Array(bufX.length + bufY.length + 1);\n publicKey[0] = wireFormatLeadingByte;\n publicKey.set(bufX, 1);\n publicKey.set(bufY, bufX.length + 1);\n return publicKey;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n *\n * @returns {JsonWebKey} Public key in jwk format.\n */\nfunction rawPublicToJWK(payloadSize, name, publicKey) {\n const len = payloadSize;\n const bufX = publicKey.slice(1, len + 1);\n const bufY = publicKey.slice(len + 1, len * 2 + 1);\n // https://www.rfc-editor.org/rfc/rfc7518.txt\n const jwk = {\n kty: 'EC',\n crv: name,\n x: uint8ArrayToB64(bufX, true),\n y: uint8ArrayToB64(bufY, true),\n ext: true\n };\n return jwk;\n}\n\n/**\n * @param {Integer} payloadSize - ec payload size\n * @param {String} name - curve name\n * @param {Uint8Array} publicKey - public key\n * @param {Uint8Array} privateKey - private key\n *\n * @returns {JsonWebKey} Private key in jwk format.\n */\nfunction privateToJWK(payloadSize, name, publicKey, privateKey) {\n const jwk = rawPublicToJWK(payloadSize, name, publicKey);\n jwk.d = uint8ArrayToB64(privateKey, true);\n return jwk;\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs\n * @module crypto/public_key/elliptic/ecdsa\n */\n\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { getRandomBytes } from '../../random';\nimport hash from '../../hash';\nimport { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';\nimport { bigIntToUint8Array } from '../../biginteger';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Sign a message using the provided key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (message && !util.isStream(message)) {\n const keyPair = { publicKey, privateKey };\n switch (curve.type) {\n case 'web':\n // If browser doesn't support a curve, we'll catch it\n try {\n // Need to await to make sure browser succeeds\n return await webSign(curve, hashAlgo, message, keyPair);\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunaley Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support signing: ' + err.message);\n }\n break;\n case 'node':\n return nodeSign(curve, hashAlgo, message, privateKey);\n }\n }\n\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });\n return {\n r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),\n s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)\n };\n}\n\n/**\n * Verifies if a signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify\n * @param {Uint8Array} message - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, signature, message, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n // See https://github.com/openpgpjs/openpgpjs/pull/948.\n // NB: the impact was more likely limited to Brainpool curves, since thanks\n // to WebCrypto availability, NIST curve should not have been affected.\n // Similarly, secp256k1 should have been used rarely enough.\n // However, we implement the fix for all curves, since it's only needed in case of\n // verification failure, which is unexpected, hence a minor slowdown is acceptable.\n const tryFallbackVerificationForOldBug = async () => (\n hashed[0] === 0 ?\n jsVerify(curve, signature, hashed.subarray(1), publicKey) :\n false\n );\n\n if (message && !util.isStream(message)) {\n switch (curve.type) {\n case 'web':\n try {\n // Need to await to make sure browser succeeds\n const verified = await webVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n } catch (err) {\n // We do not fallback if the error is related to key integrity\n // Unfortunately Safari does not support nistP521 and throws a DataError when using it\n // So we need to always fallback for that curve\n if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {\n throw err;\n }\n util.printDebugError('Browser did not support verifying: ' + err.message);\n }\n break;\n case 'node': {\n const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n }\n }\n }\n\n const verified = await jsVerify(curve, signature, hashed, publicKey);\n return verified || tryFallbackVerificationForOldBug();\n}\n\n/**\n * Validate ECDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDSA public point\n * @param {Uint8Array} d - ECDSA secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n const curve = new CurveWithOID(oid);\n // Reject curves x25519 and ed25519\n if (curve.keyType !== enums.publicKey.ecdsa) {\n return false;\n }\n\n // To speed up the validation, we try to use node- or webcrypto when available\n // and sign + verify a random message\n switch (curve.type) {\n case 'web':\n case 'node': {\n const message = getRandomBytes(8);\n const hashAlgo = enums.hash.sha256;\n const hashed = await hash.digest(hashAlgo, message);\n try {\n const signature = await sign(oid, hashAlgo, message, Q, d, hashed);\n // eslint-disable-next-line @typescript-eslint/return-await\n return await verify(oid, hashAlgo, signature, message, Q, hashed);\n } catch (err) {\n return false;\n }\n }\n default:\n return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Fallback javascript implementation of ECDSA verification.\n * To be used if no native implementation is available for the given curve/operation.\n */\nasync function jsVerify(curve, signature, hashed, publicKey) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name);\n // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch\n return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false });\n}\n\nasync function webSign(curve, hashAlgo, message, keyPair) {\n const len = curve.payloadSize;\n const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['sign']\n );\n\n const signature = new Uint8Array(await webCrypto.sign(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n message\n ));\n\n return {\n r: signature.slice(0, len),\n s: signature.slice(len, len << 1)\n };\n}\n\nasync function webVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey);\n const key = await webCrypto.importKey(\n 'jwk',\n jwk,\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, curve.hash) }\n },\n false,\n ['verify']\n );\n\n const signature = util.concatUint8Array([r, s]).buffer;\n\n return webCrypto.verify(\n {\n 'name': 'ECDSA',\n 'namedCurve': webCurves[curve.name],\n 'hash': { name: enums.read(enums.webHash, hashAlgo) }\n },\n key,\n signature,\n message\n );\n}\n\nasync function nodeSign(curve, hashAlgo, message, privateKey) {\n // JWT encoding cannot be used for now, as Brainpool curves are not supported\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n privateKey: nodeBuffer.from(privateKey)\n });\n\n const sign = nodeCrypto.createSign(enums.read(enums.hash, hashAlgo));\n sign.write(message);\n sign.end();\n\n const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' }));\n const len = curve.payloadSize;\n\n return {\n r: signature.subarray(0, len),\n s: signature.subarray(len, len << 1)\n };\n}\n\nasync function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) {\n const ecKeyUtils = util.nodeRequire('eckey-utils');\n const nodeBuffer = util.getNodeBuffer();\n const { publicKey: derPublicKey } = ecKeyUtils.generateDer({\n curveName: nodeCurves[curve.name],\n publicKey: nodeBuffer.from(publicKey)\n });\n\n const verify = nodeCrypto.createVerify(enums.read(enums.hash, hashAlgo));\n verify.write(message);\n verify.end();\n\n const signature = util.concatUint8Array([r, s]);\n\n try {\n return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature);\n } catch (err) {\n return false;\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2018 Proton Technologies AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP.\n * This key type has been deprecated by the crypto-refresh RFC.\n * @module crypto/public_key/elliptic/eddsa_legacy\n */\n\nimport nacl from '@openpgp/tweetnacl';\nimport util from '../../../util';\nimport enums from '../../../enums';\nimport hash from '../../hash';\nimport { CurveWithOID, checkPublicPointEnconding } from './oid_curves';\nimport { sign as eddsaSign, verify as eddsaVerify } from './eddsa';\n\n/**\n * Sign a message using the provided legacy EdDSA key\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger)\n * @param {Uint8Array} message - Message to sign\n * @param {Uint8Array} publicKey - Public key\n * @param {Uint8Array} privateKey - Private key used to sign the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Promise<{\n * r: Uint8Array,\n * s: Uint8Array\n * }>} Signature of the message\n * @async\n */\nexport async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const { RS: signature } = await eddsaSign(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed);\n // EdDSA signature params are returned in little-endian format\n return {\n r: signature.subarray(0, 32),\n s: signature.subarray(32)\n };\n}\n\n/**\n * Verifies if a legacy EdDSA signature is valid for a message\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature\n * @param {{r: Uint8Array,\n s: Uint8Array}} signature Signature to verify the message\n * @param {Uint8Array} m - Message to verify\n * @param {Uint8Array} publicKey - Public key used to verify the message\n * @param {Uint8Array} hashed - The hashed message\n * @returns {Boolean}\n * @async\n */\nexport async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, publicKey);\n if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {\n // Enforce digest sizes, since the constraint was already present in RFC4880bis:\n // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2\n // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n throw new Error('Hash algorithm too weak for EdDSA.');\n }\n const RS = util.concatUint8Array([r, s]);\n return eddsaVerify(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed);\n}\n/**\n * Validate legacy EdDSA parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - EdDSA public point\n * @param {Uint8Array} k - EdDSA secret seed\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, k) {\n // Check whether the given curve is supported\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n return false;\n }\n\n /**\n * Derive public point Q' = dG from private key\n * and expect Q == Q'\n */\n const { publicKey } = nacl.sign.keyPair.fromSeed(k);\n const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix\n return util.equalsUint8Array(Q, dG);\n\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport util from '../util';\n\n/**\n * @fileoverview Functions to add and remove PKCS5 padding\n * @see PublicKeyEncryptedSessionKeyPacket\n * @module crypto/pkcs5\n * @private\n */\n\n/**\n * Add pkcs5 padding to a message\n * @param {Uint8Array} message - message to pad\n * @returns {Uint8Array} Padded message.\n */\nexport function encode(message) {\n const c = 8 - (message.length % 8);\n const padded = new Uint8Array(message.length + c).fill(c);\n padded.set(message);\n return padded;\n}\n\n/**\n * Remove pkcs5 padding from a message\n * @param {Uint8Array} message - message to remove padding from\n * @returns {Uint8Array} Message without padding.\n */\nexport function decode(message) {\n const len = message.length;\n if (len > 0) {\n const c = message[len - 1];\n if (c >= 1) {\n const provided = message.subarray(len - c);\n const computed = new Uint8Array(c).fill(c);\n if (util.equalsUint8Array(provided, computed)) {\n return message.subarray(0, len - c);\n }\n }\n }\n throw new Error('Invalid padding');\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview Key encryption and decryption for RFC 6637 ECDH\n * @module crypto/public_key/elliptic/ecdh\n */\n\nimport { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';\nimport * as aesKW from '../../aes_kw';\nimport hash from '../../hash';\nimport enums from '../../../enums';\nimport util from '../../../util';\nimport { b64ToUint8Array } from '../../../encoding/base64';\nimport * as pkcs5 from '../../pkcs5';\nimport { getCipherParams } from '../../cipher';\nimport { generateEphemeralEncryptionMaterial as ecdhXGenerateEphemeralEncryptionMaterial, recomputeSharedSecret as ecdhXRecomputeSharedSecret } from './ecdh_x';\n\nconst webCrypto = util.getWebCrypto();\nconst nodeCrypto = util.getNodeCrypto();\n\n/**\n * Validate ECDH parameters\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {Uint8Array} Q - ECDH public point\n * @param {Uint8Array} d - ECDH secret scalar\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(oid, Q, d) {\n return validateStandardParams(enums.publicKey.ecdh, oid, Q, d);\n}\n\n// Build Param for ECDH algorithm (RFC 6637)\nfunction buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {\n return util.concatUint8Array([\n oid.write(),\n new Uint8Array([public_algo]),\n kdfParams.write(),\n util.stringToUint8Array('Anonymous Sender '),\n fingerprint\n ]);\n}\n\n// Key Derivation Function (RFC 6637)\nasync function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) {\n // Note: X is little endian for Curve25519, big-endian for all others.\n // This is not ideal, but the RFC's are unclear\n // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B\n let i;\n if (stripLeading) {\n // Work around old go crypto bug\n for (i = 0; i < X.length && X[i] === 0; i++);\n X = X.subarray(i);\n }\n if (stripTrailing) {\n // Work around old OpenPGP.js bug\n for (i = X.length - 1; i >= 0 && X[i] === 0; i--);\n X = X.subarray(0, i + 1);\n }\n const digest = await hash.digest(hashAlgo, util.concatUint8Array([\n new Uint8Array([0, 0, 0, 1]),\n X,\n param\n ]));\n return digest.subarray(0, length);\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPublicEphemeralKey(curve, Q) {\n switch (curve.type) {\n case 'curve25519Legacy': {\n const { sharedSecret: sharedKey, ephemeralPublicKey } = await ecdhXGenerateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1));\n const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]);\n return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPublicEphemeralKey(curve, Q);\n } catch (err) {\n util.printDebugError(err);\n return jsPublicEphemeralKey(curve, Q);\n }\n }\n break;\n case 'node':\n return nodePublicEphemeralKey(curve, Q);\n default:\n return jsPublicEphemeralKey(curve, Q);\n\n }\n}\n\n/**\n * Encrypt and wrap a session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} data - Unpadded session key data\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}\n * @async\n */\nexport async function encrypt(oid, kdfParams, data, Q, fingerprint) {\n const m = pkcs5.encode(data);\n\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param);\n const wrappedKey = await aesKW.wrap(kdfParams.cipher, Z, m);\n return { publicKey, wrappedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function genPrivateEphemeralKey(curve, V, Q, d) {\n if (d.length !== curve.payloadSize) {\n const privateKey = new Uint8Array(curve.payloadSize);\n privateKey.set(d, curve.payloadSize - d.length);\n d = privateKey;\n }\n switch (curve.type) {\n case 'curve25519Legacy': {\n const secretKey = d.slice().reverse();\n const sharedKey = await ecdhXRecomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey);\n return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below\n }\n case 'web':\n if (curve.web && util.getWebCrypto()) {\n try {\n return await webPrivateEphemeralKey(curve, V, Q, d);\n } catch (err) {\n util.printDebugError(err);\n return jsPrivateEphemeralKey(curve, V, d);\n }\n }\n break;\n case 'node':\n return nodePrivateEphemeralKey(curve, V, d);\n default:\n return jsPrivateEphemeralKey(curve, V, d);\n }\n}\n\n/**\n * Decrypt and unwrap the value derived from session key\n *\n * @param {module:type/oid} oid - Elliptic curve object identifier\n * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} C - Encrypted and wrapped value derived from session key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version\n * @returns {Promise} Value derived from session key.\n * @async\n */\nexport async function decrypt(oid, kdfParams, V, C, Q, d, fingerprint) {\n const curve = new CurveWithOID(oid);\n checkPublicPointEnconding(curve, Q);\n checkPublicPointEnconding(curve, V);\n const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d);\n const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint);\n const { keySize } = getCipherParams(kdfParams.cipher);\n let err;\n for (let i = 0; i < 3; i++) {\n try {\n // Work around old go crypto bug and old OpenPGP.js bug, respectively.\n const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2);\n return pkcs5.decode(await aesKW.unwrap(kdfParams.cipher, Z, C));\n } catch (e) {\n err = e;\n }\n }\n throw err;\n}\n\nasync function jsPrivateEphemeralKey(curve, V, d) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { secretKey: d, sharedKey };\n}\n\nasync function jsPublicEphemeralKey(curve, Q) {\n const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name);\n const { publicKey: V, privateKey: v } = await curve.genKeyPair();\n\n // The output includes parity byte\n const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q);\n const sharedKey = sharedSecretWithParity.subarray(1);\n return { publicKey: V, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} Q - Recipient public key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPrivateEphemeralKey(curve, V, Q, d) {\n const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d);\n let privateKey = webCrypto.importKey(\n 'jwk',\n recipient,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V);\n let sender = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n []\n );\n [privateKey, sender] = await Promise.all([privateKey, sender]);\n let S = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: sender\n },\n privateKey,\n curve.sharedSize\n );\n let secret = webCrypto.exportKey(\n 'jwk',\n privateKey\n );\n [S, secret] = await Promise.all([S, secret]);\n const sharedKey = new Uint8Array(S);\n const secretKey = b64ToUint8Array(secret.d, true);\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using webCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function webPublicEphemeralKey(curve, Q) {\n const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q);\n let keyPair = webCrypto.generateKey(\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n true,\n ['deriveKey', 'deriveBits']\n );\n let recipient = webCrypto.importKey(\n 'jwk',\n jwk,\n {\n name: 'ECDH',\n namedCurve: curve.web\n },\n false,\n []\n );\n [keyPair, recipient] = await Promise.all([keyPair, recipient]);\n let s = webCrypto.deriveBits(\n {\n name: 'ECDH',\n namedCurve: curve.web,\n public: recipient\n },\n keyPair.privateKey,\n curve.sharedSize\n );\n let p = webCrypto.exportKey(\n 'jwk',\n keyPair.publicKey\n );\n [s, p] = await Promise.all([s, p]);\n const sharedKey = new Uint8Array(s);\n const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte));\n return { publicKey, sharedKey };\n}\n\n/**\n * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} V - Public part of ephemeral key\n * @param {Uint8Array} d - Recipient private key\n * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePrivateEphemeralKey(curve, V, d) {\n const recipient = nodeCrypto.createECDH(curve.node);\n recipient.setPrivateKey(d);\n const sharedKey = new Uint8Array(recipient.computeSecret(V));\n const secretKey = new Uint8Array(recipient.getPrivateKey());\n return { secretKey, sharedKey };\n}\n\n/**\n * Generate ECDHE ephemeral key and secret from public key using nodeCrypto\n *\n * @param {CurveWithOID} curve - Elliptic curve object\n * @param {Uint8Array} Q - Recipient public key\n * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>}\n * @async\n */\nasync function nodePublicEphemeralKey(curve, Q) {\n const sender = nodeCrypto.createECDH(curve.node);\n sender.generateKeys();\n const sharedKey = new Uint8Array(sender.computeSecret(Q));\n const publicKey = new Uint8Array(sender.getPublicKey());\n return { publicKey, sharedKey };\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @fileoverview A Digital signature algorithm implementation\n * @module crypto/public_key/dsa\n */\nimport { getRandomBigInteger } from '../random';\nimport util from '../../util';\nimport { isProbablePrime } from './prime';\nimport { bigIntToUint8Array, bitLength, byteLength, mod, modExp, modInv, uint8ArrayToBigInt } from '../biginteger';\n\n/*\n TODO regarding the hash function, read:\n https://tools.ietf.org/html/rfc4880#section-13.6\n https://tools.ietf.org/html/rfc4880#section-14\n*/\n\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n\n/**\n * DSA Sign function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} x\n * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>}\n * @async\n */\nexport async function sign(hashAlgo, hashed, g, p, q, x) {\n const _0n = BigInt(0);\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n x = uint8ArrayToBigInt(x);\n\n let k;\n let r;\n let s;\n let t;\n g = mod(g, p);\n x = mod(x, q);\n // If the output size of the chosen hash is larger than the number of\n // bits of q, the hash result is truncated to fit by taking the number\n // of leftmost bits equal to the number of bits of q. This (possibly\n // truncated) hash function result is treated as a number and used\n // directly in the DSA signature algorithm.\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n // FIPS-186-4, section 4.6:\n // The values of r and s shall be checked to determine if r = 0 or s = 0.\n // If either r = 0 or s = 0, a new value of k shall be generated, and the\n // signature shall be recalculated. It is extremely unlikely that r = 0\n // or s = 0 if signatures are generated properly.\n while (true) {\n // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n k = getRandomBigInteger(_1n, q); // returns in [1, q-1]\n r = mod(modExp(g, k, p), q); // (g**k mod p) mod q\n if (r === _0n) {\n continue;\n }\n const xr = mod(x * r, q);\n t = mod(h + xr, q); // H(m) + x*r mod q\n s = mod(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q\n if (s === _0n) {\n continue;\n }\n break;\n }\n return {\n r: bigIntToUint8Array(r, 'be', byteLength(p)),\n s: bigIntToUint8Array(s, 'be', byteLength(p))\n };\n}\n\n/**\n * DSA Verify function\n * @param {Integer} hashAlgo\n * @param {Uint8Array} r\n * @param {Uint8Array} s\n * @param {Uint8Array} hashed\n * @param {Uint8Array} g\n * @param {Uint8Array} p\n * @param {Uint8Array} q\n * @param {Uint8Array} y\n * @returns {boolean}\n * @async\n */\nexport async function verify(hashAlgo, r, s, hashed, g, p, q, y) {\n r = uint8ArrayToBigInt(r);\n s = uint8ArrayToBigInt(s);\n\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n\n if (r <= _0n || r >= q ||\n s <= _0n || s >= q) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n const h = mod(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);\n const w = modInv(s, q); // s**-1 mod q\n if (w === _0n) {\n util.printDebug('invalid DSA Signature');\n return false;\n }\n\n g = mod(g, p);\n y = mod(y, p);\n const u1 = mod(h * w, q); // H(m) * w mod q\n const u2 = mod(r * w, q); // r * w mod q\n const t1 = modExp(g, u1, p); // g**u1 mod p\n const t2 = modExp(y, u2, p); // y**u2 mod p\n const v = mod(mod(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q\n return v === r;\n}\n\n/**\n * Validate DSA parameters\n * @param {Uint8Array} p - DSA prime\n * @param {Uint8Array} q - DSA group order\n * @param {Uint8Array} g - DSA sub-group generator\n * @param {Uint8Array} y - DSA public key\n * @param {Uint8Array} x - DSA private key\n * @returns {Promise} Whether params are valid.\n * @async\n */\nexport async function validateParams(p, q, g, y, x) {\n p = uint8ArrayToBigInt(p);\n q = uint8ArrayToBigInt(q);\n g = uint8ArrayToBigInt(g);\n y = uint8ArrayToBigInt(y);\n // Check that 1 < g < p\n if (g <= _1n || g >= p) {\n return false;\n }\n\n /**\n * Check that subgroup order q divides p-1\n */\n if (mod(p - _1n, q) !== _0n) {\n return false;\n }\n\n /**\n * g has order q\n * Check that g ** q = 1 mod p\n */\n if (modExp(g, q, p) !== _1n) {\n return false;\n }\n\n /**\n * Check q is large and probably prime (we mainly want to avoid small factors)\n */\n const qSize = BigInt(bitLength(q));\n const _150n = BigInt(150);\n if (qSize < _150n || !isProbablePrime(q, null, 32)) {\n return false;\n }\n\n /**\n * Re-derive public key y' = g ** x mod p\n * Expect y == y'\n *\n * Blinded exponentiation computes g**{rq + x} to compare to y\n */\n x = uint8ArrayToBigInt(x);\n const _2n = BigInt(2);\n const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q\n const rqx = q * r + x;\n if (y !== modExp(g, rqx, p)) {\n return false;\n }\n\n return true;\n}\n","/**\n * @fileoverview Asymmetric cryptography functions\n * @module crypto/public_key\n */\n\nimport * as rsa from './rsa';\nimport * as elgamal from './elgamal';\nimport * as elliptic from './elliptic';\nimport * as dsa from './dsa';\n\nexport default {\n /** @see module:crypto/public_key/rsa */\n rsa: rsa,\n /** @see module:crypto/public_key/elgamal */\n elgamal: elgamal,\n /** @see module:crypto/public_key/elliptic */\n elliptic: elliptic,\n /** @see module:crypto/public_key/dsa */\n dsa: dsa\n};\n","/**\n * @fileoverview Provides functions for asymmetric signing and signature verification\n * @module crypto/signature\n */\n\nimport publicKey from './public_key';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Parse signature in binary form to get the parameters.\n * The returned values are only padded for EdDSA, since in the other cases their expected length\n * depends on the key params, hence we delegate the padding to the signature verification function.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Uint8Array} signature - Data for which the signature was created\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport function parseSignatureParams(algo, signature) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA signatures:\n // - MPI of RSA signature value m**d mod n.\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n // The signature needs to be the same length as the public key modulo n.\n // We pad s on signature verification, where we have access to n.\n return { read, signatureParams: { s } };\n }\n // Algorithm-Specific Fields for DSA or ECDSA signatures:\n // - MPI of DSA or ECDSA value r.\n // - MPI of DSA or ECDSA value s.\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n {\n // If the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for legacy EdDSA signatures:\n // - MPI of an EC point r.\n // - EdDSA value s, in MPI, in the little endian representation\n case enums.publicKey.eddsaLegacy: {\n // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature\n // verification: if the signature payload sizes are unexpected, we will throw on verification,\n // where we also have access to the OID curve from the key.\n const r = util.readMPI(signature.subarray(read)); read += r.length + 2;\n const s = util.readMPI(signature.subarray(read)); read += s.length + 2;\n return { read, signatureParams: { r, s } };\n }\n // Algorithm-Specific Fields for Ed25519 signatures:\n // - 64 octets of the native signature\n // Algorithm-Specific Fields for Ed448 signatures:\n // - 114 octets of the native signature\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo);\n const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length;\n return { read, signatureParams: { RS } };\n }\n\n default:\n throw new UnsupportedError('Unknown signature algorithm.');\n }\n}\n\n/**\n * Verifies the signature provided for data using specified algorithms and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} signature - Named algorithm-specific signature parameters\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Data for which the signature was created\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} True if signature is valid.\n * @async\n */\nexport async function verify(algo, hashAlgo, signature, publicParams, data, hashed) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto\n return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed);\n }\n case enums.publicKey.dsa: {\n const { g, p, q, y } = publicParams;\n const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers\n return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y);\n }\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // padding needed for webcrypto\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicParams;\n const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values:\n // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9\n const r = util.leftPad(signature.r, curveSize);\n const s = util.leftPad(signature.s, curveSize);\n return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n\n/**\n * Creates a signature on data using specified algorithms and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}\n * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}\n * for public key and hash algorithms.\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {module:enums.hash} hashAlgo - Hash algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters\n * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters\n * @param {Uint8Array} data - Data to be signed\n * @param {Uint8Array} hashed - The hashed data\n * @returns {Promise} Signature Object containing named signature parameters.\n * @async\n */\nexport async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) {\n if (!publicKeyParams || !privateKeyParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed);\n return { s };\n }\n case enums.publicKey.dsa: {\n const { g, p, q } = publicKeyParams;\n const { x } = privateKeyParams;\n return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x);\n }\n case enums.publicKey.elgamal:\n throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');\n case enums.publicKey.ecdsa: {\n const { oid, Q } = publicKeyParams;\n const { d } = privateKeyParams;\n return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed);\n }\n case enums.publicKey.eddsaLegacy: {\n const { oid, Q } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicKeyParams;\n const { seed } = privateKeyParams;\n return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed);\n }\n default:\n throw new Error('Unknown signature algorithm.');\n }\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Encoded symmetric key for ECDH (incl. legacy x25519)\n *\n * @module type/ecdh_symkey\n */\n\nimport util from '../util';\n\nclass ECDHSymmetricKey {\n constructor(data) {\n if (data) {\n this.data = data;\n }\n }\n\n /**\n * Read an ECDHSymmetricKey from an Uint8Array:\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n if (bytes.length >= 1) {\n const length = bytes[0];\n if (bytes.length >= 1 + length) {\n this.data = bytes.subarray(1, 1 + length);\n return 1 + this.data.length;\n }\n }\n throw new Error('Invalid symmetric key');\n }\n\n /**\n * Write an ECDHSymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]);\n }\n}\n\nexport default ECDHSymmetricKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { UnsupportedError } from '../packet/packet';\n\n/**\n * Implementation of type KDF parameters\n *\n * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}:\n * A key derivation function (KDF) is necessary to implement the EC\n * encryption. The Concatenation Key Derivation Function (Approved\n * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is\n * SHA2-256 [FIPS-180-3] or stronger is REQUIRED.\n * @module type/kdf_params\n * @private\n */\n\nclass KDFParams {\n /**\n * @param {enums.hash} hash - Hash algorithm\n * @param {enums.symmetric} cipher - Symmetric algorithm\n */\n constructor(data) {\n if (data) {\n const { hash, cipher } = data;\n this.hash = hash;\n this.cipher = cipher;\n } else {\n this.hash = null;\n this.cipher = null;\n }\n }\n\n /**\n * Read KDFParams from an Uint8Array\n * @param {Uint8Array} input - Where to read the KDFParams from\n * @returns {Number} Number of read bytes.\n */\n read(input) {\n if (input.length < 4 || input[0] !== 3 || input[1] !== 1) {\n throw new UnsupportedError('Cannot read KDFParams');\n }\n this.hash = input[2];\n this.cipher = input[3];\n return 4;\n }\n\n /**\n * Write KDFParams to an Uint8Array\n * @returns {Uint8Array} Array with the KDFParams value\n */\n write() {\n return new Uint8Array([3, 1, this.hash, this.cipher]);\n }\n}\n\nexport default KDFParams;\n","/**\n * Encoded symmetric key for x25519 and x448\n * The payload format varies for v3 and v6 PKESK:\n * the former includes an algorithm byte preceeding the encrypted session key.\n *\n * @module type/x25519x448_symkey\n */\n\nimport util from '../util';\n\nclass ECDHXSymmetricKey {\n static fromObject({ wrappedKey, algorithm }) {\n const instance = new ECDHXSymmetricKey();\n instance.wrappedKey = wrappedKey;\n instance.algorithm = algorithm;\n return instance;\n }\n\n /**\n * - 1 octect for the length `l`\n * - `l` octects of encoded session key data (with optional leading algorithm byte)\n * @param {Uint8Array} bytes\n * @returns {Number} Number of read bytes.\n */\n read(bytes) {\n let read = 0;\n let followLength = bytes[read++];\n this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even\n followLength -= followLength % 2;\n this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength;\n }\n\n /**\n * Write an MontgomerySymmetricKey as an Uint8Array\n * @returns {Uint8Array} Serialised data\n */\n write() {\n return util.concatUint8Array([\n this.algorithm ?\n new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) :\n new Uint8Array([this.wrappedKey.length]),\n this.wrappedKey\n ]);\n }\n}\n\nexport default ECDHXSymmetricKey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n// The GPG4Browsers crypto interface\n\n/**\n * @fileoverview Provides functions for asymmetric encryption and decryption as\n * well as key generation and parameter handling for all public-key cryptosystems.\n * @module crypto/crypto\n */\n\nimport publicKey from './public_key';\nimport mode from './mode';\nimport { getRandomBytes } from './random';\nimport { getCipherParams } from './cipher';\nimport ECDHSymkey from '../type/ecdh_symkey';\nimport KDFParams from '../type/kdf_params';\nimport enums from '../enums';\nimport util from '../util';\nimport OID from '../type/oid';\nimport { UnsupportedError } from '../packet/packet';\nimport ECDHXSymmetricKey from '../type/ecdh_x_symkey';\n\n/**\n * Encrypts data using specified algorithm and public key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.\n * @param {module:enums.publicKey} keyAlgo - Public key algorithm\n * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only)\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Uint8Array} data - Session key data to be encrypted\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @returns {Promise} Encrypted session key parameters.\n * @async\n */\nexport async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const { n, e } = publicParams;\n const c = await publicKey.rsa.encrypt(data, n, e);\n return { c };\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n return publicKey.elgamal.encrypt(data, p, g, y);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicParams;\n const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(\n oid, kdfParams, data, Q, fingerprint);\n return { V, C: new ECDHSymkey(C) };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n if (symmetricAlgo && !util.isAES(symmetricAlgo)) {\n // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276\n throw new Error('X25519 and X448 keys can only encrypt AES session keys');\n }\n const { A } = publicParams;\n const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(\n keyAlgo, data, A);\n const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });\n return { ephemeralPublicKey, C };\n }\n default:\n return [];\n }\n}\n\n/**\n * Decrypts data using specified algorithm and private key parameters.\n * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3}\n * @param {module:enums.publicKey} algo - Public key algorithm\n * @param {Object} publicKeyParams - Algorithm-specific public key parameters\n * @param {Object} privateKeyParams - Algorithm-specific private key parameters\n * @param {Object} sessionKeyParams - Encrypted session key parameters\n * @param {Uint8Array} fingerprint - Recipient fingerprint\n * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing\n * (needed for constant-time processing in RSA and ElGamal)\n * @returns {Promise} Decrypted data.\n * @throws {Error} on sensitive decryption error, unless `randomPayload` is given\n * @async\n */\nexport async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) {\n switch (algo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt: {\n const { c } = sessionKeyParams;\n const { n, e } = publicKeyParams;\n const { d, p, q, u } = privateKeyParams;\n return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);\n }\n case enums.publicKey.elgamal: {\n const { c1, c2 } = sessionKeyParams;\n const p = publicKeyParams.p;\n const x = privateKeyParams.x;\n return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);\n }\n case enums.publicKey.ecdh: {\n const { oid, Q, kdfParams } = publicKeyParams;\n const { d } = privateKeyParams;\n const { V, C } = sessionKeyParams;\n return publicKey.elliptic.ecdh.decrypt(\n oid, kdfParams, V, C.data, Q, d, fingerprint);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicKeyParams;\n const { k } = privateKeyParams;\n const { ephemeralPublicKey, C } = sessionKeyParams;\n if (C.algorithm !== null && !util.isAES(C.algorithm)) {\n throw new Error('AES session key expected');\n }\n return publicKey.elliptic.ecdhX.decrypt(\n algo, ephemeralPublicKey, C.wrappedKey, A, k);\n }\n default:\n throw new Error('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse public key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name.\n */\nexport function parsePublicKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const n = util.readMPI(bytes.subarray(read)); read += n.length + 2;\n const e = util.readMPI(bytes.subarray(read)); read += e.length + 2;\n return { read, publicParams: { n, e } };\n }\n case enums.publicKey.dsa: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, q, g, y } };\n }\n case enums.publicKey.elgamal: {\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const g = util.readMPI(bytes.subarray(read)); read += g.length + 2;\n const y = util.readMPI(bytes.subarray(read)); read += y.length + 2;\n return { read, publicParams: { p, g, y } };\n }\n case enums.publicKey.ecdsa: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.eddsaLegacy: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n if (oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n Q = util.leftPad(Q, 33);\n return { read: read, publicParams: { oid, Q } };\n }\n case enums.publicKey.ecdh: {\n const oid = new OID(); read += oid.read(bytes);\n checkSupportedCurve(oid);\n const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2;\n const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read));\n return { read: read, publicParams: { oid, Q, kdfParams } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length;\n return { read, publicParams: { A } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Parse private key material in binary form to get the key parameters\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @param {Object} publicParams - (ECC only) public params, needed to format some private params\n * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name.\n */\nexport function parsePrivateKeyParams(algo, bytes, publicParams) {\n let read = 0;\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n const p = util.readMPI(bytes.subarray(read)); read += p.length + 2;\n const q = util.readMPI(bytes.subarray(read)); read += q.length + 2;\n const u = util.readMPI(bytes.subarray(read)); read += u.length + 2;\n return { read, privateParams: { d, p, q, u } };\n }\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal: {\n const x = util.readMPI(bytes.subarray(read)); read += x.length + 2;\n return { read, privateParams: { x } };\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n let d = util.readMPI(bytes.subarray(read)); read += d.length + 2;\n d = util.leftPad(d, payloadSize);\n return { read, privateParams: { d } };\n }\n case enums.publicKey.eddsaLegacy: {\n const payloadSize = getCurvePayloadSize(algo, publicParams.oid);\n if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) {\n throw new Error('Unexpected OID for eddsaLegacy');\n }\n let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2;\n seed = util.leftPad(seed, payloadSize);\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const payloadSize = getCurvePayloadSize(algo);\n const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length;\n return { read, privateParams: { seed } };\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const payloadSize = getCurvePayloadSize(algo);\n const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length;\n return { read, privateParams: { k } };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/** Returns the types comprising the encrypted session key of an algorithm\n * @param {module:enums.publicKey} algo - The key algorithm\n * @param {Uint8Array} bytes - The key material to parse\n * @returns {Object} The session key parameters referenced by name.\n */\nexport function parseEncSessionKeyParams(algo, bytes) {\n let read = 0;\n switch (algo) {\n // Algorithm-Specific Fields for RSA encrypted session keys:\n // - MPI of RSA encrypted value m**e mod n.\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign: {\n const c = util.readMPI(bytes.subarray(read));\n return { c };\n }\n\n // Algorithm-Specific Fields for Elgamal encrypted session keys:\n // - MPI of Elgamal value g**k mod p\n // - MPI of Elgamal value m * y**k mod p\n case enums.publicKey.elgamal: {\n const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2;\n const c2 = util.readMPI(bytes.subarray(read));\n return { c1, c2 };\n }\n // Algorithm-Specific Fields for ECDH encrypted session keys:\n // - MPI containing the ephemeral key used to establish the shared secret\n // - ECDH Symmetric Key\n case enums.publicKey.ecdh: {\n const V = util.readMPI(bytes.subarray(read)); read += V.length + 2;\n const C = new ECDHSymkey(); C.read(bytes.subarray(read));\n return { V, C };\n }\n // Algorithm-Specific Fields for X25519 or X448 encrypted session keys:\n // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448).\n // - A one-octet size of the following fields.\n // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).\n // - The encrypted session key.\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const pointSize = getCurvePayloadSize(algo);\n const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length;\n const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read));\n return { ephemeralPublicKey, C };\n }\n default:\n throw new UnsupportedError('Unknown public key encryption algorithm.');\n }\n}\n\n/**\n * Convert params to MPI and serializes them in the proper order\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} params - The key parameters indexed by name\n * @returns {Uint8Array} The array containing the MPIs.\n */\nexport function serializeParams(algo, params) {\n // Some algorithms do not rely on MPIs to store the binary params\n const algosWithNativeRepresentation = new Set([\n enums.publicKey.ed25519,\n enums.publicKey.x25519,\n enums.publicKey.ed448,\n enums.publicKey.x448\n ]);\n const orderedParams = Object.keys(params).map(name => {\n const param = params[name];\n if (!util.isUint8Array(param)) return param.write();\n return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param);\n });\n return util.concatUint8Array(orderedParams);\n}\n\n/**\n * Generate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Integer} bits - Bit length for RSA keys\n * @param {module:type/oid} oid - Object identifier for ECC keys\n * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name.\n * @async\n */\nexport function generateParams(algo, bits, oid) {\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({\n privateParams: { d, p, q, u },\n publicParams: { n, e }\n }));\n case enums.publicKey.ecdsa:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { d: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({\n privateParams: { seed: secret },\n publicParams: { oid: new OID(oid), Q }\n }));\n case enums.publicKey.ecdh:\n return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({\n privateParams: { d: secret },\n publicParams: {\n oid: new OID(oid),\n Q,\n kdfParams: new KDFParams({ hash, cipher })\n }\n }));\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({\n privateParams: { seed },\n publicParams: { A }\n }));\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({\n privateParams: { k },\n publicParams: { A }\n }));\n case enums.publicKey.dsa:\n case enums.publicKey.elgamal:\n throw new Error('Unsupported algorithm for key generation.');\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Validate algorithm-specific key parameters\n * @param {module:enums.publicKey} algo - The public key algorithm\n * @param {Object} publicParams - Algorithm-specific public key parameters\n * @param {Object} privateParams - Algorithm-specific private key parameters\n * @returns {Promise} Whether the parameters are valid.\n * @async\n */\nexport async function validateParams(algo, publicParams, privateParams) {\n if (!publicParams || !privateParams) {\n throw new Error('Missing key parameters');\n }\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign: {\n const { n, e } = publicParams;\n const { d, p, q, u } = privateParams;\n return publicKey.rsa.validateParams(n, e, d, p, q, u);\n }\n case enums.publicKey.dsa: {\n const { p, q, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.dsa.validateParams(p, q, g, y, x);\n }\n case enums.publicKey.elgamal: {\n const { p, g, y } = publicParams;\n const { x } = privateParams;\n return publicKey.elgamal.validateParams(p, g, y, x);\n }\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh: {\n const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];\n const { oid, Q } = publicParams;\n const { d } = privateParams;\n return algoModule.validateParams(oid, Q, d);\n }\n case enums.publicKey.eddsaLegacy: {\n const { Q, oid } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);\n }\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448: {\n const { A } = publicParams;\n const { seed } = privateParams;\n return publicKey.elliptic.eddsa.validateParams(algo, A, seed);\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const { A } = publicParams;\n const { k } = privateParams;\n return publicKey.elliptic.ecdhX.validateParams(algo, A, k);\n }\n default:\n throw new Error('Unknown public key algorithm.');\n }\n}\n\n/**\n * Generates a random byte prefix for the specified algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.\n * @async\n */\nexport async function getPrefixRandom(algo) {\n const { blockSize } = getCipherParams(algo);\n const prefixrandom = await getRandomBytes(blockSize);\n const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);\n return util.concat([prefixrandom, repeat]);\n}\n\n/**\n * Generating a session key for the specified symmetric algorithm\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} algo - Symmetric encryption algorithm\n * @returns {Uint8Array} Random bytes as a string to be used as a key.\n */\nexport function generateSessionKey(algo) {\n const { keySize } = getCipherParams(algo);\n return getRandomBytes(keySize);\n}\n\n/**\n * Get implementation of the given AEAD mode\n * @param {enums.aead} algo\n * @returns {Object}\n * @throws {Error} on invalid algo\n */\nexport function getAEADMode(algo) {\n const algoName = enums.read(enums.aead, algo);\n return mode[algoName];\n}\n\n/**\n * Check whether the given curve OID is supported\n * @param {module:type/oid} oid - EC object identifier\n * @throws {UnsupportedError} if curve is not supported\n */\nfunction checkSupportedCurve(oid) {\n try {\n oid.getName();\n } catch (e) {\n throw new UnsupportedError('Unknown curve OID');\n }\n}\n\n/**\n * Get encoded secret size for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getCurvePayloadSize(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.ecdh:\n case enums.publicKey.eddsaLegacy:\n return new publicKey.elliptic.CurveWithOID(oid).payloadSize;\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPayloadSize(algo);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return publicKey.elliptic.ecdhX.getPayloadSize(algo);\n default:\n throw new Error('Unknown elliptic algo');\n }\n}\n\n/**\n * Get preferred signing hash algo for a given elliptic algo\n * @param {module:enums.publicKey} algo - alrogithm identifier\n * @param {module:type/oid} [oid] - curve OID if needed by algo\n */\nexport function getPreferredCurveHashAlgo(algo, oid) {\n switch (algo) {\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return publicKey.elliptic.getPreferredHashAlgo(oid);\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);\n default:\n throw new Error('Unknown elliptic signing algo');\n }\n}\n\n\nexport { getCipherParams };\n","/**\n * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js\n * @see module:crypto/crypto\n * @see module:crypto/signature\n * @see module:crypto/public_key\n * @see module:crypto/cipher\n * @see module:crypto/random\n * @see module:crypto/hash\n * @module crypto\n */\n\nimport * as cipher from './cipher';\nimport hash from './hash';\nimport mode from './mode';\nimport publicKey from './public_key';\nimport * as signature from './signature';\nimport * as random from './random';\nimport * as pkcs1 from './pkcs1';\nimport * as pkcs5 from './pkcs5';\nimport * as crypto from './crypto';\nimport * as aesKW from './aes_kw';\n\n// TODO move cfb and gcm to cipher\nconst mod = {\n /** @see module:crypto/cipher */\n cipher: cipher,\n /** @see module:crypto/hash */\n hash: hash,\n /** @see module:crypto/mode */\n mode: mode,\n /** @see module:crypto/public_key */\n publicKey: publicKey,\n /** @see module:crypto/signature */\n signature: signature,\n /** @see module:crypto/random */\n random: random,\n /** @see module:crypto/pkcs1 */\n pkcs1: pkcs1,\n /** @see module:crypto/pkcs5 */\n pkcs5: pkcs5,\n /** @see module:crypto/aes_kw */\n aesKW: aesKW\n};\n\nObject.assign(mod, crypto);\n\nexport default mod;\n","import defaultConfig from '../../config';\nimport enums from '../../enums';\nimport util from '../../util';\nimport crypto from '../../crypto';\n\nconst ARGON2_TYPE = 0x02; // id\nconst ARGON2_VERSION = 0x13;\nconst ARGON2_SALT_SIZE = 16;\n\nexport class Argon2OutOfMemoryError extends Error {\n constructor(...params) {\n super(...params);\n\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Argon2OutOfMemoryError);\n }\n\n this.name = 'Argon2OutOfMemoryError';\n }\n}\n\n// cache argon wasm module\nlet loadArgonWasmModule;\nlet argon2Promise;\n// reload wasm module above this treshold, to deallocated used memory\nconst ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;\n\nclass Argon2S2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n const { passes, parallelism, memoryExponent } = config.s2kArgon2Params;\n\n this.type = 'argon2';\n /**\n * 16 bytes of salt\n * @type {Uint8Array}\n */\n this.salt = null;\n /**\n * number of passes\n * @type {Integer}\n */\n this.t = passes;\n /**\n * degree of parallelism (lanes)\n * @type {Integer}\n */\n this.p = parallelism;\n /**\n * exponent indicating memory size\n * @type {Integer}\n */\n this.encodedM = memoryExponent;\n }\n\n generateSalt() {\n this.salt = crypto.random.getRandomBytes(ARGON2_SALT_SIZE);\n }\n\n /**\n * Parsing function for argon2 string-to-key specifier.\n * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n\n this.salt = bytes.subarray(i, i + 16);\n i += 16;\n\n this.t = bytes[i++];\n this.p = bytes[i++];\n this.encodedM = bytes[i++]; // memory size exponent, one-octect\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n const arr = [\n new Uint8Array([enums.write(enums.s2k, this.type)]),\n this.salt,\n new Uint8Array([this.t, this.p, this.encodedM])\n ];\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to `keySize`\n * @throws {Argon2OutOfMemoryError|Errors}\n * @async\n */\n async produceKey(passphrase, keySize) {\n const decodedM = 2 << (this.encodedM - 1);\n\n try {\n // on first load, the argon2 lib is imported and the WASM module is initialized.\n // the two steps need to be atomic to avoid race conditions causing multiple wasm modules\n // being loaded when `argon2Promise` is not initialized.\n loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;\n argon2Promise = argon2Promise || loadArgonWasmModule();\n\n // important to keep local ref to argon2 in case the module is reloaded by another instance\n const argon2 = await argon2Promise;\n\n const passwordBytes = util.encodeUTF8(passphrase);\n const hash = argon2({\n version: ARGON2_VERSION,\n type: ARGON2_TYPE,\n password: passwordBytes,\n salt: this.salt,\n tagLength: keySize,\n memorySize: decodedM,\n parallelism: this.p,\n passes: this.t\n });\n\n // a lot of memory was used, reload to deallocate\n if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {\n // it will be awaited if needed at the next `produceKey` invocation\n argon2Promise = loadArgonWasmModule();\n argon2Promise.catch(() => {});\n }\n return hash;\n } catch (e) {\n if (e.message && (\n e.message.includes('Unable to grow instance memory') || // Chrome\n e.message.includes('failed to grow memory') || // Firefox\n e.message.includes('WebAssembly.Memory.grow') || // Safari\n e.message.includes('Out of memory') // Safari iOS\n )) {\n throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');\n } else {\n throw e;\n }\n }\n }\n}\n\nexport default Argon2S2K;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * Implementation of the String-to-key specifier\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7}:\n * String-to-key (S2K) specifiers are used to convert passphrase strings\n * into symmetric-key encryption/decryption keys. They are used in two\n * places, currently: to encrypt the secret part of private keys in the\n * private keyring, and to convert passphrases to encryption keys for\n * symmetrically encrypted messages.\n * @module type/s2k\n */\n\nimport defaultConfig from '../../config';\nimport crypto from '../../crypto';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\nimport util from '../../util';\n\nclass GenericS2K {\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(s2kType, config = defaultConfig) {\n /**\n * Hash function identifier, or 0 for gnu-dummy keys\n * @type {module:enums.hash | 0}\n */\n this.algorithm = enums.hash.sha256;\n /**\n * enums.s2k identifier or 'gnu-dummy'\n * @type {String}\n */\n this.type = enums.read(enums.s2k, s2kType);\n /** @type {Integer} */\n this.c = config.s2kIterationCountByte;\n /** Eight bytes of salt in a binary string.\n * @type {Uint8Array}\n */\n this.salt = null;\n }\n\n generateSalt() {\n switch (this.type) {\n case 'salted':\n case 'iterated':\n this.salt = crypto.random.getRandomBytes(8);\n }\n }\n\n getCount() {\n // Exponent bias, defined in RFC4880\n const expbias = 6;\n\n return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);\n }\n\n /**\n * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).\n * @param {Uint8Array} bytes - Payload of string-to-key specifier\n * @returns {Integer} Actual length of the object.\n */\n read(bytes) {\n let i = 0;\n this.algorithm = bytes[i++];\n\n switch (this.type) {\n case 'simple':\n break;\n\n case 'salted':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n break;\n\n case 'iterated':\n this.salt = bytes.subarray(i, i + 8);\n i += 8;\n\n // Octet 10: count, a one-octet, coded value\n this.c = bytes[i++];\n break;\n\n case 'gnu':\n if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {\n i += 3; // GNU\n const gnuExtType = 1000 + bytes[i++];\n if (gnuExtType === 1001) {\n this.type = 'gnu-dummy';\n // GnuPG extension mode 1001 -- don't write secret key at all\n } else {\n throw new UnsupportedError('Unknown s2k gnu protection mode.');\n }\n } else {\n throw new UnsupportedError('Unknown s2k type.');\n }\n break;\n\n default:\n throw new UnsupportedError('Unknown s2k type.'); // unreachable\n }\n\n return i;\n }\n\n /**\n * Serializes s2k information\n * @returns {Uint8Array} Binary representation of s2k.\n */\n write() {\n if (this.type === 'gnu-dummy') {\n return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);\n }\n const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];\n\n switch (this.type) {\n case 'simple':\n break;\n case 'salted':\n arr.push(this.salt);\n break;\n case 'iterated':\n arr.push(this.salt);\n arr.push(new Uint8Array([this.c]));\n break;\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Produces a key using the specified passphrase and the defined\n * hashAlgorithm\n * @param {String} passphrase - Passphrase containing user input\n * @returns {Promise} Produced key with a length corresponding to.\n * hashAlgorithm hash length\n * @async\n */\n async produceKey(passphrase, numBytes) {\n passphrase = util.encodeUTF8(passphrase);\n\n const arr = [];\n let rlength = 0;\n\n let prefixlen = 0;\n while (rlength < numBytes) {\n let toHash;\n switch (this.type) {\n case 'simple':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);\n break;\n case 'salted':\n toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);\n break;\n case 'iterated': {\n const data = util.concatUint8Array([this.salt, passphrase]);\n let datalen = data.length;\n const count = Math.max(this.getCount(), datalen);\n toHash = new Uint8Array(prefixlen + count);\n toHash.set(data, prefixlen);\n for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {\n toHash.copyWithin(pos, prefixlen, pos);\n }\n break;\n }\n case 'gnu':\n throw new Error('GNU s2k type not supported.');\n default:\n throw new Error('Unknown s2k type.');\n }\n const result = await crypto.hash.digest(this.algorithm, toHash);\n arr.push(result);\n rlength += result.length;\n prefixlen++;\n }\n\n return util.concatUint8Array(arr).subarray(0, numBytes);\n }\n}\n\nexport default GenericS2K;\n","import defaultConfig from '../../config';\nimport Argon2S2K, { Argon2OutOfMemoryError } from './argon2';\nimport GenericS2K from './generic';\nimport enums from '../../enums';\nimport { UnsupportedError } from '../../packet/packet';\n\nconst allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);\n\n/**\n * Instantiate a new S2K instance of the given type\n * @param {module:enums.s2k} type\n * @oaram {Object} [config]\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromType(type, config = defaultConfig) {\n switch (type) {\n case enums.s2k.argon2:\n return new Argon2S2K(config);\n case enums.s2k.iterated:\n case enums.s2k.gnu:\n case enums.s2k.salted:\n case enums.s2k.simple:\n return new GenericS2K(type, config);\n default:\n throw new UnsupportedError('Unsupported S2K type');\n }\n}\n\n/**\n * Instantiate a new S2K instance based on the config settings\n * @oaram {Object} config\n * @returns {Object} New s2k object\n * @throws {Error} for unknown or unsupported types\n */\nexport function newS2KFromConfig(config) {\n const { s2kType } = config;\n\n if (!allowedS2KTypesForEncryption.has(s2kType)) {\n throw new Error('The provided `config.s2kType` value is not allowed');\n }\n\n return newS2KFromType(s2kType, config);\n}\n\nexport { Argon2OutOfMemoryError };\n","// DEFLATE is a complex format; to read this code, you should probably check the RFC first:\n// https://tools.ietf.org/html/rfc1951\n// You may also wish to take a look at the guide I made about this program:\n// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad\n// Some of the following code is similar to that of UZIP.js:\n// https://github.com/photopea/UZIP.js\n// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size.\n// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint\n// is better for memory in most engines (I *think*).\nvar ch2 = {};\nvar wk = (function (c, id, msg, transfer, cb) {\n var w = new Worker(ch2[id] || (ch2[id] = URL.createObjectURL(new Blob([\n c + ';addEventListener(\"error\",function(e){e=e.error;postMessage({$e$:[e.message,e.code,e.stack]})})'\n ], { type: 'text/javascript' }))));\n w.onmessage = function (e) {\n var d = e.data, ed = d.$e$;\n if (ed) {\n var err = new Error(ed[0]);\n err['code'] = ed[1];\n err.stack = ed[2];\n cb(err, null);\n }\n else\n cb(null, d);\n };\n w.postMessage(msg, transfer);\n return w;\n});\n\n// aliases for shorter compressed code (most minifers don't do this)\nvar u8 = Uint8Array, u16 = Uint16Array, u32 = Uint32Array;\n// fixed length extra bits\nvar fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]);\n// fixed distance extra bits\n// see fleb note\nvar fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]);\n// code length index map\nvar clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);\n// get base, reverse index map from extra bits\nvar freb = function (eb, start) {\n var b = new u16(31);\n for (var i = 0; i < 31; ++i) {\n b[i] = start += 1 << eb[i - 1];\n }\n // numbers here are at max 18 bits\n var r = new u32(b[30]);\n for (var i = 1; i < 30; ++i) {\n for (var j = b[i]; j < b[i + 1]; ++j) {\n r[j] = ((j - b[i]) << 5) | i;\n }\n }\n return [b, r];\n};\nvar _a = freb(fleb, 2), fl = _a[0], revfl = _a[1];\n// we can ignore the fact that the other numbers are wrong; they never happen anyway\nfl[28] = 258, revfl[258] = 28;\nvar _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1];\n// map of value to reverse (assuming 16 bits)\nvar rev = new u16(32768);\nfor (var i = 0; i < 32768; ++i) {\n // reverse table algorithm from SO\n var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1);\n x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2);\n x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4);\n rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1;\n}\n// create huffman tree from u8 \"map\": index -> code length for code index\n// mb (max bits) must be at most 15\n// TODO: optimize/split up?\nvar hMap = (function (cd, mb, r) {\n var s = cd.length;\n // index\n var i = 0;\n // u16 \"map\": index -> # of codes with bit length = index\n var l = new u16(mb);\n // length of cd must be 288 (total # of codes)\n for (; i < s; ++i) {\n if (cd[i])\n ++l[cd[i] - 1];\n }\n // u16 \"map\": index -> minimum code for bit length = index\n var le = new u16(mb);\n for (i = 0; i < mb; ++i) {\n le[i] = (le[i - 1] + l[i - 1]) << 1;\n }\n var co;\n if (r) {\n // u16 \"map\": index -> number of actual bits, symbol for code\n co = new u16(1 << mb);\n // bits to remove for reverser\n var rvb = 15 - mb;\n for (i = 0; i < s; ++i) {\n // ignore 0 lengths\n if (cd[i]) {\n // num encoding both symbol and bits read\n var sv = (i << 4) | cd[i];\n // free bits\n var r_1 = mb - cd[i];\n // start value\n var v = le[cd[i] - 1]++ << r_1;\n // m is end value\n for (var m = v | ((1 << r_1) - 1); v <= m; ++v) {\n // every 16 bit value starting with the code yields the same result\n co[rev[v] >>> rvb] = sv;\n }\n }\n }\n }\n else {\n co = new u16(s);\n for (i = 0; i < s; ++i) {\n if (cd[i]) {\n co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]);\n }\n }\n }\n return co;\n});\n// fixed length tree\nvar flt = new u8(288);\nfor (var i = 0; i < 144; ++i)\n flt[i] = 8;\nfor (var i = 144; i < 256; ++i)\n flt[i] = 9;\nfor (var i = 256; i < 280; ++i)\n flt[i] = 7;\nfor (var i = 280; i < 288; ++i)\n flt[i] = 8;\n// fixed distance tree\nvar fdt = new u8(32);\nfor (var i = 0; i < 32; ++i)\n fdt[i] = 5;\n// fixed length map\nvar flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1);\n// fixed distance map\nvar fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1);\n// find max of array\nvar max = function (a) {\n var m = a[0];\n for (var i = 1; i < a.length; ++i) {\n if (a[i] > m)\n m = a[i];\n }\n return m;\n};\n// read d, starting at bit p and mask with m\nvar bits = function (d, p, m) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m;\n};\n// read d, starting at bit p continuing for at least 16 bits\nvar bits16 = function (d, p) {\n var o = (p / 8) | 0;\n return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7));\n};\n// get end of byte\nvar shft = function (p) { return ((p + 7) / 8) | 0; };\n// typed array slice - allows garbage collector to free original reference,\n// while being more compatible than .slice\nvar slc = function (v, s, e) {\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n // can't use .constructor in case user-supplied\n var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32 : u8)(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\n/**\n * Codes for errors generated within this library\n */\nexport var FlateErrorCode = {\n UnexpectedEOF: 0,\n InvalidBlockType: 1,\n InvalidLengthLiteral: 2,\n InvalidDistance: 3,\n StreamFinished: 4,\n NoStreamHandler: 5,\n InvalidHeader: 6,\n NoCallback: 7,\n InvalidUTF8: 8,\n ExtraFieldTooLong: 9,\n InvalidDate: 10,\n FilenameTooLong: 11,\n StreamFinishing: 12,\n InvalidZipData: 13,\n UnknownCompressionMethod: 14\n};\n// error codes\nvar ec = [\n 'unexpected EOF',\n 'invalid block type',\n 'invalid length/literal',\n 'invalid distance',\n 'stream finished',\n 'no stream handler',\n ,\n 'no callback',\n 'invalid UTF-8 data',\n 'extra field too long',\n 'date not in range 1980-2099',\n 'filename too long',\n 'stream finishing',\n 'invalid zip data'\n // determined by unknown compression method\n];\n;\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\n// expands raw DEFLATE data\nvar inflt = function (dat, buf, st) {\n // source length\n var sl = dat.length;\n if (!sl || (st && st.f && !st.l))\n return buf || new u8(0);\n // have to estimate size\n var noBuf = !buf || st;\n // no state\n var noSt = !st || st.i;\n if (!st)\n st = {};\n // Assumes roughly 33% compression ratio average\n if (!buf)\n buf = new u8(sl * 3);\n // ensure buffer can fit at least l elements\n var cbuf = function (l) {\n var bl = buf.length;\n // need to increase size to fit\n if (l > bl) {\n // Double or set to necessary, whichever is greater\n var nbuf = new u8(Math.max(bl * 2, l));\n nbuf.set(buf);\n buf = nbuf;\n }\n };\n // last chunk bitpos bytes\n var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;\n // total bits\n var tbts = sl * 8;\n do {\n if (!lm) {\n // BFINAL - this is only 1 when last chunk is next\n final = bits(dat, pos, 1);\n // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman\n var type = bits(dat, pos + 1, 3);\n pos += 3;\n if (!type) {\n // go to end of byte boundary\n var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l;\n if (t > sl) {\n if (noSt)\n err(0);\n break;\n }\n // ensure size\n if (noBuf)\n cbuf(bt + l);\n // Copy over uncompressed data\n buf.set(dat.subarray(s, t), bt);\n // Get new bitpos, update byte count\n st.b = bt += l, st.p = pos = t * 8, st.f = final;\n continue;\n }\n else if (type == 1)\n lm = flrm, dm = fdrm, lbt = 9, dbt = 5;\n else if (type == 2) {\n // literal lengths\n var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;\n var tl = hLit + bits(dat, pos + 5, 31) + 1;\n pos += 14;\n // length+distance tree\n var ldt = new u8(tl);\n // code length tree\n var clt = new u8(19);\n for (var i = 0; i < hcLen; ++i) {\n // use index map to get real code\n clt[clim[i]] = bits(dat, pos + i * 3, 7);\n }\n pos += hcLen * 3;\n // code lengths bits\n var clb = max(clt), clbmsk = (1 << clb) - 1;\n // code lengths map\n var clm = hMap(clt, clb, 1);\n for (var i = 0; i < tl;) {\n var r = clm[bits(dat, pos, clbmsk)];\n // bits read\n pos += r & 15;\n // symbol\n var s = r >>> 4;\n // code length to copy\n if (s < 16) {\n ldt[i++] = s;\n }\n else {\n // copy count\n var c = 0, n = 0;\n if (s == 16)\n n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1];\n else if (s == 17)\n n = 3 + bits(dat, pos, 7), pos += 3;\n else if (s == 18)\n n = 11 + bits(dat, pos, 127), pos += 7;\n while (n--)\n ldt[i++] = c;\n }\n }\n // length tree distance tree\n var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);\n // max length bits\n lbt = max(lt);\n // max dist bits\n dbt = max(dt);\n lm = hMap(lt, lbt, 1);\n dm = hMap(dt, dbt, 1);\n }\n else\n err(1);\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n }\n // Make sure the buffer can hold this + the largest possible addition\n // Maximum chunk size (practically, theoretically infinite) is 2^17;\n if (noBuf)\n cbuf(bt + 131072);\n var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;\n var lpos = pos;\n for (;; lpos = pos) {\n // bits read, code\n var c = lm[bits16(dat, pos) & lms], sym = c >>> 4;\n pos += c & 15;\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (!c)\n err(2);\n if (sym < 256)\n buf[bt++] = sym;\n else if (sym == 256) {\n lpos = pos, lm = null;\n break;\n }\n else {\n var add = sym - 254;\n // no extra bits needed if less\n if (sym > 264) {\n // index\n var i = sym - 257, b = fleb[i];\n add = bits(dat, pos, (1 << b) - 1) + fl[i];\n pos += b;\n }\n // dist\n var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4;\n if (!d)\n err(3);\n pos += d & 15;\n var dt = fd[dsym];\n if (dsym > 3) {\n var b = fdeb[dsym];\n dt += bits16(dat, pos) & ((1 << b) - 1), pos += b;\n }\n if (pos > tbts) {\n if (noSt)\n err(0);\n break;\n }\n if (noBuf)\n cbuf(bt + 131072);\n var end = bt + add;\n for (; bt < end; bt += 4) {\n buf[bt] = buf[bt - dt];\n buf[bt + 1] = buf[bt + 1 - dt];\n buf[bt + 2] = buf[bt + 2 - dt];\n buf[bt + 3] = buf[bt + 3 - dt];\n }\n bt = end;\n }\n }\n st.l = lm, st.p = lpos, st.b = bt, st.f = final;\n if (lm)\n final = 1, st.m = lbt, st.d = dm, st.n = dbt;\n } while (!final);\n return bt == buf.length ? buf : slc(buf, 0, bt);\n};\n// starting at p, write the minimum number of bits that can hold v to d\nvar wbits = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n};\n// starting at p, write the minimum number of bits (>8) that can hold v to d\nvar wbits16 = function (d, p, v) {\n v <<= p & 7;\n var o = (p / 8) | 0;\n d[o] |= v;\n d[o + 1] |= v >>> 8;\n d[o + 2] |= v >>> 16;\n};\n// creates code lengths from a frequency table\nvar hTree = function (d, mb) {\n // Need extra info to make a tree\n var t = [];\n for (var i = 0; i < d.length; ++i) {\n if (d[i])\n t.push({ s: i, f: d[i] });\n }\n var s = t.length;\n var t2 = t.slice();\n if (!s)\n return [et, 0];\n if (s == 1) {\n var v = new u8(t[0].s + 1);\n v[t[0].s] = 1;\n return [v, 1];\n }\n t.sort(function (a, b) { return a.f - b.f; });\n // after i2 reaches last ind, will be stopped\n // freq must be greater than largest possible number of symbols\n t.push({ s: -1, f: 25001 });\n var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2;\n t[0] = { s: -1, f: l.f + r.f, l: l, r: r };\n // efficient algorithm from UZIP.js\n // i0 is lookbehind, i2 is lookahead - after processing two low-freq\n // symbols that combined have high freq, will start processing i2 (high-freq,\n // non-composite) symbols instead\n // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/\n while (i1 != s - 1) {\n l = t[t[i0].f < t[i2].f ? i0++ : i2++];\n r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++];\n t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r };\n }\n var maxSym = t2[0].s;\n for (var i = 1; i < s; ++i) {\n if (t2[i].s > maxSym)\n maxSym = t2[i].s;\n }\n // code lengths\n var tr = new u16(maxSym + 1);\n // max bits in tree\n var mbt = ln(t[i1 - 1], tr, 0);\n if (mbt > mb) {\n // more algorithms from UZIP.js\n // TODO: find out how this code works (debt)\n // ind debt\n var i = 0, dt = 0;\n // left cost\n var lft = mbt - mb, cst = 1 << lft;\n t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; });\n for (; i < s; ++i) {\n var i2_1 = t2[i].s;\n if (tr[i2_1] > mb) {\n dt += cst - (1 << (mbt - tr[i2_1]));\n tr[i2_1] = mb;\n }\n else\n break;\n }\n dt >>>= lft;\n while (dt > 0) {\n var i2_2 = t2[i].s;\n if (tr[i2_2] < mb)\n dt -= 1 << (mb - tr[i2_2]++ - 1);\n else\n ++i;\n }\n for (; i >= 0 && dt; --i) {\n var i2_3 = t2[i].s;\n if (tr[i2_3] == mb) {\n --tr[i2_3];\n ++dt;\n }\n }\n mbt = mb;\n }\n return [new u8(tr), mbt];\n};\n// get the max length and assign length codes\nvar ln = function (n, l, d) {\n return n.s == -1\n ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1))\n : (l[n.s] = d);\n};\n// length codes generation\nvar lc = function (c) {\n var s = c.length;\n // Note that the semicolon was intentional\n while (s && !c[--s])\n ;\n var cl = new u16(++s);\n // ind num streak\n var cli = 0, cln = c[0], cls = 1;\n var w = function (v) { cl[cli++] = v; };\n for (var i = 1; i <= s; ++i) {\n if (c[i] == cln && i != s)\n ++cls;\n else {\n if (!cln && cls > 2) {\n for (; cls > 138; cls -= 138)\n w(32754);\n if (cls > 2) {\n w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305);\n cls = 0;\n }\n }\n else if (cls > 3) {\n w(cln), --cls;\n for (; cls > 6; cls -= 6)\n w(8304);\n if (cls > 2)\n w(((cls - 3) << 5) | 8208), cls = 0;\n }\n while (cls--)\n w(cln);\n cls = 1;\n cln = c[i];\n }\n }\n return [cl.subarray(0, cli), s];\n};\n// calculate the length of output from tree, code lengths\nvar clen = function (cf, cl) {\n var l = 0;\n for (var i = 0; i < cl.length; ++i)\n l += cf[i] * cl[i];\n return l;\n};\n// writes a fixed block\n// returns the new bit pos\nvar wfblk = function (out, pos, dat) {\n // no need to write 00 as type: TypedArray defaults to 0\n var s = dat.length;\n var o = shft(pos + 2);\n out[o] = s & 255;\n out[o + 1] = s >>> 8;\n out[o + 2] = out[o] ^ 255;\n out[o + 3] = out[o + 1] ^ 255;\n for (var i = 0; i < s; ++i)\n out[o + i + 4] = dat[i];\n return (o + 4 + s) * 8;\n};\n// writes a block\nvar wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) {\n wbits(out, p++, final);\n ++lf[256];\n var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1];\n var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1];\n var _c = lc(dlt), lclt = _c[0], nlc = _c[1];\n var _d = lc(ddt), lcdt = _d[0], ndc = _d[1];\n var lcfreq = new u16(19);\n for (var i = 0; i < lclt.length; ++i)\n lcfreq[lclt[i] & 31]++;\n for (var i = 0; i < lcdt.length; ++i)\n lcfreq[lcdt[i] & 31]++;\n var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1];\n var nlcc = 19;\n for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc)\n ;\n var flen = (bl + 5) << 3;\n var ftlen = clen(lf, flt) + clen(df, fdt) + eb;\n var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]);\n if (flen <= ftlen && flen <= dtlen)\n return wfblk(out, p, dat.subarray(bs, bs + bl));\n var lm, ll, dm, dl;\n wbits(out, p, 1 + (dtlen < ftlen)), p += 2;\n if (dtlen < ftlen) {\n lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt;\n var llm = hMap(lct, mlcb, 0);\n wbits(out, p, nlc - 257);\n wbits(out, p + 5, ndc - 1);\n wbits(out, p + 10, nlcc - 4);\n p += 14;\n for (var i = 0; i < nlcc; ++i)\n wbits(out, p + 3 * i, lct[clim[i]]);\n p += 3 * nlcc;\n var lcts = [lclt, lcdt];\n for (var it = 0; it < 2; ++it) {\n var clct = lcts[it];\n for (var i = 0; i < clct.length; ++i) {\n var len = clct[i] & 31;\n wbits(out, p, llm[len]), p += lct[len];\n if (len > 15)\n wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12;\n }\n }\n }\n else {\n lm = flm, ll = flt, dm = fdm, dl = fdt;\n }\n for (var i = 0; i < li; ++i) {\n if (syms[i] > 255) {\n var len = (syms[i] >>> 18) & 31;\n wbits16(out, p, lm[len + 257]), p += ll[len + 257];\n if (len > 7)\n wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len];\n var dst = syms[i] & 31;\n wbits16(out, p, dm[dst]), p += dl[dst];\n if (dst > 3)\n wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst];\n }\n else {\n wbits16(out, p, lm[syms[i]]), p += ll[syms[i]];\n }\n }\n wbits16(out, p, lm[256]);\n return p + ll[256];\n};\n// deflate options (nice << 13) | chain\nvar deo = /*#__PURE__*/ new u32([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]);\n// empty\nvar et = /*#__PURE__*/ new u8(0);\n// compresses data into a raw DEFLATE buffer\nvar dflt = function (dat, lvl, plvl, pre, post, lst) {\n var s = dat.length;\n var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post);\n // writing to this writes to the output buffer\n var w = o.subarray(pre, o.length - post);\n var pos = 0;\n if (!lvl || s < 8) {\n for (var i = 0; i <= s; i += 65535) {\n // end\n var e = i + 65535;\n if (e >= s) {\n // write final block\n w[pos >> 3] = lst;\n }\n pos = wfblk(w, pos + 1, dat.subarray(i, e));\n }\n }\n else {\n var opt = deo[lvl - 1];\n var n = opt >>> 13, c = opt & 8191;\n var msk_1 = (1 << plvl) - 1;\n // prev 2-byte val map curr 2-byte val map\n var prev = new u16(32768), head = new u16(msk_1 + 1);\n var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1;\n var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; };\n // 24576 is an arbitrary number of maximum symbols per block\n // 424 buffer for last block\n var syms = new u32(25000);\n // length/literal freq distance freq\n var lf = new u16(288), df = new u16(32);\n // l/lcnt exbits index l/lind waitdx bitpos\n var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0;\n for (; i < s; ++i) {\n // hash value\n // deopt when i > s - 3 - at end, deopt acceptable\n var hv = hsh(i);\n // index mod 32768 previous index mod\n var imod = i & 32767, pimod = head[hv];\n prev[imod] = pimod;\n head[hv] = imod;\n // We always should modify head and prev, but only add symbols if\n // this data is not yet processed (\"wait\" for wait index)\n if (wi <= i) {\n // bytes remaining\n var rem = s - i;\n if ((lc_1 > 7000 || li > 24576) && rem > 423) {\n pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos);\n li = lc_1 = eb = 0, bs = i;\n for (var j = 0; j < 286; ++j)\n lf[j] = 0;\n for (var j = 0; j < 30; ++j)\n df[j] = 0;\n }\n // len dist chain\n var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767;\n if (rem > 2 && hv == hsh(i - dif)) {\n var maxn = Math.min(n, rem) - 1;\n var maxd = Math.min(32767, i);\n // max possible length\n // not capped at dif because decompressors implement \"rolling\" index population\n var ml = Math.min(258, rem);\n while (dif <= maxd && --ch_1 && imod != pimod) {\n if (dat[i + l] == dat[i + l - dif]) {\n var nl = 0;\n for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl)\n ;\n if (nl > l) {\n l = nl, d = dif;\n // break out early when we reach \"nice\" (we are satisfied enough)\n if (nl > maxn)\n break;\n // now, find the rarest 2-byte sequence within this\n // length of literals and search for that instead.\n // Much faster than just using the start\n var mmd = Math.min(dif, nl - 2);\n var md = 0;\n for (var j = 0; j < mmd; ++j) {\n var ti = (i - dif + j + 32768) & 32767;\n var pti = prev[ti];\n var cd = (ti - pti + 32768) & 32767;\n if (cd > md)\n md = cd, pimod = ti;\n }\n }\n }\n // check the previous match\n imod = pimod, pimod = prev[imod];\n dif += (imod - pimod + 32768) & 32767;\n }\n }\n // d will be nonzero only when a match was found\n if (d) {\n // store both dist and len data in one Uint32\n // Make sure this is recognized as a len/dist with 28th bit (2^28)\n syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d];\n var lin = revfl[l] & 31, din = revfd[d] & 31;\n eb += fleb[lin] + fdeb[din];\n ++lf[257 + lin];\n ++df[din];\n wi = i + l;\n ++lc_1;\n }\n else {\n syms[li++] = dat[i];\n ++lf[dat[i]];\n }\n }\n }\n pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos);\n // this is the easiest way to avoid needing to maintain state\n if (!lst && pos & 7)\n pos = wfblk(w, pos + 1, et);\n }\n return slc(o, 0, pre + shft(pos) + post);\n};\n// CRC32 table\nvar crct = /*#__PURE__*/ (function () {\n var t = new Int32Array(256);\n for (var i = 0; i < 256; ++i) {\n var c = i, k = 9;\n while (--k)\n c = ((c & 1) && -306674912) ^ (c >>> 1);\n t[i] = c;\n }\n return t;\n})();\n// CRC32\nvar crc = function () {\n var c = -1;\n return {\n p: function (d) {\n // closures have awful performance\n var cr = c;\n for (var i = 0; i < d.length; ++i)\n cr = crct[(cr & 255) ^ d[i]] ^ (cr >>> 8);\n c = cr;\n },\n d: function () { return ~c; }\n };\n};\n// Alder32\nvar adler = function () {\n var a = 1, b = 0;\n return {\n p: function (d) {\n // closures have awful performance\n var n = a, m = b;\n var l = d.length | 0;\n for (var i = 0; i != l;) {\n var e = Math.min(i + 2655, l);\n for (; i < e; ++i)\n m += n += d[i];\n n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16);\n }\n a = n, b = m;\n },\n d: function () {\n a %= 65521, b %= 65521;\n return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8);\n }\n };\n};\n;\n// deflate with opts\nvar dopt = function (dat, opt, pre, post, st) {\n return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st);\n};\n// Walmart object spread\nvar mrg = function (a, b) {\n var o = {};\n for (var k in a)\n o[k] = a[k];\n for (var k in b)\n o[k] = b[k];\n return o;\n};\n// worker clone\n// This is possibly the craziest part of the entire codebase, despite how simple it may seem.\n// The only parameter to this function is a closure that returns an array of variables outside of the function scope.\n// We're going to try to figure out the variable names used in the closure as strings because that is crucial for workerization.\n// We will return an object mapping of true variable name to value (basically, the current scope as a JS object).\n// The reason we can't just use the original variable names is minifiers mangling the toplevel scope.\n// This took me three weeks to figure out how to do.\nvar wcln = function (fn, fnStr, td) {\n var dt = fn();\n var st = fn.toString();\n var ks = st.slice(st.indexOf('[') + 1, st.lastIndexOf(']')).replace(/\\s+/g, '').split(',');\n for (var i = 0; i < dt.length; ++i) {\n var v = dt[i], k = ks[i];\n if (typeof v == 'function') {\n fnStr += ';' + k + '=';\n var st_1 = v.toString();\n if (v.prototype) {\n // for global objects\n if (st_1.indexOf('[native code]') != -1) {\n var spInd = st_1.indexOf(' ', 8) + 1;\n fnStr += st_1.slice(spInd, st_1.indexOf('(', spInd));\n }\n else {\n fnStr += st_1;\n for (var t in v.prototype)\n fnStr += ';' + k + '.prototype.' + t + '=' + v.prototype[t].toString();\n }\n }\n else\n fnStr += st_1;\n }\n else\n td[k] = v;\n }\n return [fnStr, td];\n};\nvar ch = [];\n// clone bufs\nvar cbfs = function (v) {\n var tl = [];\n for (var k in v) {\n if (v[k].buffer) {\n tl.push((v[k] = new v[k].constructor(v[k])).buffer);\n }\n }\n return tl;\n};\n// use a worker to execute code\nvar wrkr = function (fns, init, id, cb) {\n var _a;\n if (!ch[id]) {\n var fnStr = '', td_1 = {}, m = fns.length - 1;\n for (var i = 0; i < m; ++i)\n _a = wcln(fns[i], fnStr, td_1), fnStr = _a[0], td_1 = _a[1];\n ch[id] = wcln(fns[m], fnStr, td_1);\n }\n var td = mrg({}, ch[id][1]);\n return wk(ch[id][0] + ';onmessage=function(e){for(var k in e.data)self[k]=e.data[k];onmessage=' + init.toString() + '}', id, td, cbfs(td), cb);\n};\n// base async inflate fn\nvar bInflt = function () { return [u8, u16, u32, fleb, fdeb, clim, fl, fd, flrm, fdrm, rev, ec, hMap, max, bits, bits16, shft, slc, err, inflt, inflateSync, pbf, gu8]; };\nvar bDflt = function () { return [u8, u16, u32, fleb, fdeb, clim, revfl, revfd, flm, flt, fdm, fdt, rev, deo, et, hMap, wbits, wbits16, hTree, ln, lc, clen, wfblk, wblk, shft, slc, dflt, dopt, deflateSync, pbf]; };\n// gzip extra\nvar gze = function () { return [gzh, gzhl, wbytes, crc, crct]; };\n// gunzip extra\nvar guze = function () { return [gzs, gzl]; };\n// zlib extra\nvar zle = function () { return [zlh, wbytes, adler]; };\n// unzlib extra\nvar zule = function () { return [zlv]; };\n// post buf\nvar pbf = function (msg) { return postMessage(msg, [msg.buffer]); };\n// get u8\nvar gu8 = function (o) { return o && o.size && new u8(o.size); };\n// async helper\nvar cbify = function (dat, opts, fns, init, id, cb) {\n var w = wrkr(fns, init, id, function (err, dat) {\n w.terminate();\n cb(err, dat);\n });\n w.postMessage([dat, opts], opts.consume ? [dat.buffer] : []);\n return function () { w.terminate(); };\n};\n// auto stream\nvar astrm = function (strm) {\n strm.ondata = function (dat, final) { return postMessage([dat, final], [dat.buffer]); };\n return function (ev) { return strm.push(ev.data[0], ev.data[1]); };\n};\n// async stream attach\nvar astrmify = function (fns, strm, opts, init, id) {\n var t;\n var w = wrkr(fns, init, id, function (err, dat) {\n if (err)\n w.terminate(), strm.ondata.call(strm, err);\n else {\n if (dat[1])\n w.terminate();\n strm.ondata.call(strm, err, dat[0], dat[1]);\n }\n });\n w.postMessage(opts);\n strm.push = function (d, f) {\n if (!strm.ondata)\n err(5);\n if (t)\n strm.ondata(err(4, 0, 1), null, !!f);\n w.postMessage([d, t = f], [d.buffer]);\n };\n strm.terminate = function () { w.terminate(); };\n};\n// read 2 bytes\nvar b2 = function (d, b) { return d[b] | (d[b + 1] << 8); };\n// read 4 bytes\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\nvar b8 = function (d, b) { return b4(d, b) + (b4(d, b + 4) * 4294967296); };\n// write bytes\nvar wbytes = function (d, b, v) {\n for (; v; ++b)\n d[b] = v, v >>>= 8;\n};\n// gzip header\nvar gzh = function (c, o) {\n var fn = o.filename;\n c[0] = 31, c[1] = 139, c[2] = 8, c[8] = o.level < 2 ? 4 : o.level == 9 ? 2 : 0, c[9] = 3; // assume Unix\n if (o.mtime != 0)\n wbytes(c, 4, Math.floor(new Date(o.mtime || Date.now()) / 1000));\n if (fn) {\n c[3] = 8;\n for (var i = 0; i <= fn.length; ++i)\n c[i + 10] = fn.charCodeAt(i);\n }\n};\n// gzip footer: -8 to -4 = CRC, -4 to -0 is length\n// gzip start\nvar gzs = function (d) {\n if (d[0] != 31 || d[1] != 139 || d[2] != 8)\n err(6, 'invalid gzip data');\n var flg = d[3];\n var st = 10;\n if (flg & 4)\n st += d[10] | (d[11] << 8) + 2;\n for (var zs = (flg >> 3 & 1) + (flg >> 4 & 1); zs > 0; zs -= !d[st++])\n ;\n return st + (flg & 2);\n};\n// gzip length\nvar gzl = function (d) {\n var l = d.length;\n return ((d[l - 4] | d[l - 3] << 8 | d[l - 2] << 16) | (d[l - 1] << 24)) >>> 0;\n};\n// gzip header length\nvar gzhl = function (o) { return 10 + ((o.filename && (o.filename.length + 1)) || 0); };\n// zlib header\nvar zlh = function (c, o) {\n var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2;\n c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1);\n};\n// zlib valid\nvar zlv = function (d) {\n if ((d[0] & 15) != 8 || (d[0] >>> 4) > 7 || ((d[0] << 8 | d[1]) % 31))\n err(6, 'invalid zlib data');\n if (d[1] & 32)\n err(6, 'invalid zlib data: preset dictionaries not supported');\n};\nfunction AsyncCmpStrm(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n return opts;\n}\n// zlib footer: -4 to -0 is Adler32\n/**\n * Streaming DEFLATE compression\n */\nvar Deflate = /*#__PURE__*/ (function () {\n function Deflate(opts, cb) {\n if (!cb && typeof opts == 'function')\n cb = opts, opts = {};\n this.ondata = cb;\n this.o = opts || {};\n }\n Deflate.prototype.p = function (c, f) {\n this.ondata(dopt(c, this.o, 0, 0, !f), f);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Deflate.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.d = final;\n this.p(chunk, final || false);\n };\n return Deflate;\n}());\nexport { Deflate };\n/**\n * Asynchronous streaming DEFLATE compression\n */\nvar AsyncDeflate = /*#__PURE__*/ (function () {\n function AsyncDeflate(opts, cb) {\n astrmify([\n bDflt,\n function () { return [astrm, Deflate]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Deflate(ev.data);\n onmessage = astrm(strm);\n }, 6);\n }\n return AsyncDeflate;\n}());\nexport { AsyncDeflate };\nexport function deflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n ], function (ev) { return pbf(deflateSync(ev.data[0], ev.data[1])); }, 0, cb);\n}\n/**\n * Compresses data with DEFLATE without any wrapper\n * @param data The data to compress\n * @param opts The compression options\n * @returns The deflated version of the data\n */\nexport function deflateSync(data, opts) {\n return dopt(data, opts || {}, 0, 0);\n}\n/**\n * Streaming DEFLATE decompression\n */\nvar Inflate = /*#__PURE__*/ (function () {\n /**\n * Creates an inflation stream\n * @param cb The callback to call whenever data is inflated\n */\n function Inflate(cb) {\n this.s = {};\n this.p = new u8(0);\n this.ondata = cb;\n }\n Inflate.prototype.e = function (c) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n var l = this.p.length;\n var n = new u8(l + c.length);\n n.set(this.p), n.set(c, l), this.p = n;\n };\n Inflate.prototype.c = function (final) {\n this.d = this.s.i = final || false;\n var bts = this.s.b;\n var dt = inflt(this.p, this.o, this.s);\n this.ondata(slc(dt, bts, this.s.b), this.d);\n this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length;\n this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7;\n };\n /**\n * Pushes a chunk to be inflated\n * @param chunk The chunk to push\n * @param final Whether this is the final chunk\n */\n Inflate.prototype.push = function (chunk, final) {\n this.e(chunk), this.c(final);\n };\n return Inflate;\n}());\nexport { Inflate };\n/**\n * Asynchronous streaming DEFLATE decompression\n */\nvar AsyncInflate = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous inflation stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncInflate(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n function () { return [astrm, Inflate]; }\n ], this, 0, function () {\n var strm = new Inflate();\n onmessage = astrm(strm);\n }, 7);\n }\n return AsyncInflate;\n}());\nexport { AsyncInflate };\nexport function inflate(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt\n ], function (ev) { return pbf(inflateSync(ev.data[0], gu8(ev.data[1]))); }, 1, cb);\n}\n/**\n * Expands DEFLATE data with no wrapper\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function inflateSync(data, out) {\n return inflt(data, out);\n}\n// before you yell at me for not just using extends, my reason is that TS inheritance is hard to workerize.\n/**\n * Streaming GZIP compression\n */\nvar Gzip = /*#__PURE__*/ (function () {\n function Gzip(opts, cb) {\n this.c = crc();\n this.l = 0;\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be GZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gzip.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Gzip.prototype.p = function (c, f) {\n this.c.p(c);\n this.l += c.length;\n var raw = dopt(c, this.o, this.v && gzhl(this.o), f && 8, !f);\n if (this.v)\n gzh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 8, this.c.d()), wbytes(raw, raw.length - 4, this.l);\n this.ondata(raw, f);\n };\n return Gzip;\n}());\nexport { Gzip };\n/**\n * Asynchronous streaming GZIP compression\n */\nvar AsyncGzip = /*#__PURE__*/ (function () {\n function AsyncGzip(opts, cb) {\n astrmify([\n bDflt,\n gze,\n function () { return [astrm, Deflate, Gzip]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Gzip(ev.data);\n onmessage = astrm(strm);\n }, 8);\n }\n return AsyncGzip;\n}());\nexport { AsyncGzip };\nexport function gzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n gze,\n function () { return [gzipSync]; }\n ], function (ev) { return pbf(gzipSync(ev.data[0], ev.data[1])); }, 2, cb);\n}\n/**\n * Compresses data with GZIP\n * @param data The data to compress\n * @param opts The compression options\n * @returns The gzipped version of the data\n */\nexport function gzipSync(data, opts) {\n if (!opts)\n opts = {};\n var c = crc(), l = data.length;\n c.p(data);\n var d = dopt(data, opts, gzhl(opts), 8), s = d.length;\n return gzh(d, opts), wbytes(d, s - 8, c.d()), wbytes(d, s - 4, l), d;\n}\n/**\n * Streaming GZIP decompression\n */\nvar Gunzip = /*#__PURE__*/ (function () {\n /**\n * Creates a GUNZIP stream\n * @param cb The callback to call whenever data is inflated\n */\n function Gunzip(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be GUNZIPped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Gunzip.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n var s = this.p.length > 3 ? gzs(this.p) : 4;\n if (s >= this.p.length && !final)\n return;\n this.p = this.p.subarray(s), this.v = 0;\n }\n if (final) {\n if (this.p.length < 8)\n err(6, 'invalid gzip data');\n this.p = this.p.subarray(0, -8);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Gunzip;\n}());\nexport { Gunzip };\n/**\n * Asynchronous streaming GZIP decompression\n */\nvar AsyncGunzip = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous GUNZIP stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncGunzip(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n guze,\n function () { return [astrm, Inflate, Gunzip]; }\n ], this, 0, function () {\n var strm = new Gunzip();\n onmessage = astrm(strm);\n }, 9);\n }\n return AsyncGunzip;\n}());\nexport { AsyncGunzip };\nexport function gunzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n guze,\n function () { return [gunzipSync]; }\n ], function (ev) { return pbf(gunzipSync(ev.data[0])); }, 3, cb);\n}\n/**\n * Expands GZIP data\n * @param data The data to decompress\n * @param out Where to write the data. GZIP already encodes the output size, so providing this doesn't save memory.\n * @returns The decompressed version of the data\n */\nexport function gunzipSync(data, out) {\n return inflt(data.subarray(gzs(data), -8), out || new u8(gzl(data)));\n}\n/**\n * Streaming Zlib compression\n */\nvar Zlib = /*#__PURE__*/ (function () {\n function Zlib(opts, cb) {\n this.c = adler();\n this.v = 1;\n Deflate.call(this, opts, cb);\n }\n /**\n * Pushes a chunk to be zlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Zlib.prototype.push = function (chunk, final) {\n Deflate.prototype.push.call(this, chunk, final);\n };\n Zlib.prototype.p = function (c, f) {\n this.c.p(c);\n var raw = dopt(c, this.o, this.v && 2, f && 4, !f);\n if (this.v)\n zlh(raw, this.o), this.v = 0;\n if (f)\n wbytes(raw, raw.length - 4, this.c.d());\n this.ondata(raw, f);\n };\n return Zlib;\n}());\nexport { Zlib };\n/**\n * Asynchronous streaming Zlib compression\n */\nvar AsyncZlib = /*#__PURE__*/ (function () {\n function AsyncZlib(opts, cb) {\n astrmify([\n bDflt,\n zle,\n function () { return [astrm, Deflate, Zlib]; }\n ], this, AsyncCmpStrm.call(this, opts, cb), function (ev) {\n var strm = new Zlib(ev.data);\n onmessage = astrm(strm);\n }, 10);\n }\n return AsyncZlib;\n}());\nexport { AsyncZlib };\nexport function zlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bDflt,\n zle,\n function () { return [zlibSync]; }\n ], function (ev) { return pbf(zlibSync(ev.data[0], ev.data[1])); }, 4, cb);\n}\n/**\n * Compress data with Zlib\n * @param data The data to compress\n * @param opts The compression options\n * @returns The zlib-compressed version of the data\n */\nexport function zlibSync(data, opts) {\n if (!opts)\n opts = {};\n var a = adler();\n a.p(data);\n var d = dopt(data, opts, 2, 4);\n return zlh(d, opts), wbytes(d, d.length - 4, a.d()), d;\n}\n/**\n * Streaming Zlib decompression\n */\nvar Unzlib = /*#__PURE__*/ (function () {\n /**\n * Creates a Zlib decompression stream\n * @param cb The callback to call whenever data is inflated\n */\n function Unzlib(cb) {\n this.v = 1;\n Inflate.call(this, cb);\n }\n /**\n * Pushes a chunk to be unzlibbed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzlib.prototype.push = function (chunk, final) {\n Inflate.prototype.e.call(this, chunk);\n if (this.v) {\n if (this.p.length < 2 && !final)\n return;\n this.p = this.p.subarray(2), this.v = 0;\n }\n if (final) {\n if (this.p.length < 4)\n err(6, 'invalid zlib data');\n this.p = this.p.subarray(0, -4);\n }\n // necessary to prevent TS from using the closure value\n // This allows for workerization to function correctly\n Inflate.prototype.c.call(this, final);\n };\n return Unzlib;\n}());\nexport { Unzlib };\n/**\n * Asynchronous streaming Zlib decompression\n */\nvar AsyncUnzlib = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous Zlib decompression stream\n * @param cb The callback to call whenever data is deflated\n */\n function AsyncUnzlib(cb) {\n this.ondata = cb;\n astrmify([\n bInflt,\n zule,\n function () { return [astrm, Inflate, Unzlib]; }\n ], this, 0, function () {\n var strm = new Unzlib();\n onmessage = astrm(strm);\n }, 11);\n }\n return AsyncUnzlib;\n}());\nexport { AsyncUnzlib };\nexport function unzlib(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return cbify(data, opts, [\n bInflt,\n zule,\n function () { return [unzlibSync]; }\n ], function (ev) { return pbf(unzlibSync(ev.data[0], gu8(ev.data[1]))); }, 5, cb);\n}\n/**\n * Expands Zlib data\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function unzlibSync(data, out) {\n return inflt((zlv(data), data.subarray(2, -4)), out);\n}\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzip as compress, AsyncGzip as AsyncCompress };\n// Default algorithm for compression (used because having a known output size allows faster decompression)\nexport { gzipSync as compressSync, Gzip as Compress };\n/**\n * Streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function Decompress(cb) {\n this.G = Gunzip;\n this.I = Inflate;\n this.Z = Unzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Decompress.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (!this.s) {\n if (this.p && this.p.length) {\n var n = new u8(this.p.length + chunk.length);\n n.set(this.p), n.set(chunk, this.p.length);\n }\n else\n this.p = chunk;\n if (this.p.length > 2) {\n var _this_1 = this;\n var cb = function () { _this_1.ondata.apply(_this_1, arguments); };\n this.s = (this.p[0] == 31 && this.p[1] == 139 && this.p[2] == 8)\n ? new this.G(cb)\n : ((this.p[0] & 15) != 8 || (this.p[0] >> 4) > 7 || ((this.p[0] << 8 | this.p[1]) % 31))\n ? new this.I(cb)\n : new this.Z(cb);\n this.s.push(this.p, final);\n this.p = null;\n }\n }\n else\n this.s.push(chunk, final);\n };\n return Decompress;\n}());\nexport { Decompress };\n/**\n * Asynchronous streaming GZIP, Zlib, or raw DEFLATE decompression\n */\nvar AsyncDecompress = /*#__PURE__*/ (function () {\n /**\n * Creates an asynchronous decompression stream\n * @param cb The callback to call whenever data is decompressed\n */\n function AsyncDecompress(cb) {\n this.G = AsyncGunzip;\n this.I = AsyncInflate;\n this.Z = AsyncUnzlib;\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be decompressed\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncDecompress.prototype.push = function (chunk, final) {\n Decompress.prototype.push.call(this, chunk, final);\n };\n return AsyncDecompress;\n}());\nexport { AsyncDecompress };\nexport function decompress(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzip(data, opts, cb)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflate(data, opts, cb)\n : unzlib(data, opts, cb);\n}\n/**\n * Expands compressed GZIP, Zlib, or raw DEFLATE data, automatically detecting the format\n * @param data The data to decompress\n * @param out Where to write the data. Saves memory if you know the decompressed size and provide an output buffer of that length.\n * @returns The decompressed version of the data\n */\nexport function decompressSync(data, out) {\n return (data[0] == 31 && data[1] == 139 && data[2] == 8)\n ? gunzipSync(data, out)\n : ((data[0] & 15) != 8 || (data[0] >> 4) > 7 || ((data[0] << 8 | data[1]) % 31))\n ? inflateSync(data, out)\n : unzlibSync(data, out);\n}\n// flatten a directory structure\nvar fltn = function (d, p, t, o) {\n for (var k in d) {\n var val = d[k], n = p + k, op = o;\n if (Array.isArray(val))\n op = mrg(o, val[1]), val = val[0];\n if (val instanceof u8)\n t[n] = [val, op];\n else {\n t[n += '/'] = [new u8(0), op];\n fltn(val, n, t, o);\n }\n }\n};\n// text encoder\nvar te = typeof TextEncoder != 'undefined' && /*#__PURE__*/ new TextEncoder();\n// text decoder\nvar td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder();\n// text decoder stream\nvar tds = 0;\ntry {\n td.decode(et, { stream: true });\n tds = 1;\n}\ncatch (e) { }\n// decode UTF8\nvar dutf8 = function (d) {\n for (var r = '', i = 0;;) {\n var c = d[i++];\n var eb = (c > 127) + (c > 223) + (c > 239);\n if (i + eb > d.length)\n return [r, slc(d, i - 1)];\n if (!eb)\n r += String.fromCharCode(c);\n else if (eb == 3) {\n c = ((c & 15) << 18 | (d[i++] & 63) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63)) - 65536,\n r += String.fromCharCode(55296 | (c >> 10), 56320 | (c & 1023));\n }\n else if (eb & 1)\n r += String.fromCharCode((c & 31) << 6 | (d[i++] & 63));\n else\n r += String.fromCharCode((c & 15) << 12 | (d[i++] & 63) << 6 | (d[i++] & 63));\n }\n};\n/**\n * Streaming UTF-8 decoding\n */\nvar DecodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is decoded\n */\n function DecodeUTF8(cb) {\n this.ondata = cb;\n if (tds)\n this.t = new TextDecoder();\n else\n this.p = et;\n }\n /**\n * Pushes a chunk to be decoded from UTF-8 binary\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n DecodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n final = !!final;\n if (this.t) {\n this.ondata(this.t.decode(chunk, { stream: true }), final);\n if (final) {\n if (this.t.decode().length)\n err(8);\n this.t = null;\n }\n return;\n }\n if (!this.p)\n err(4);\n var dat = new u8(this.p.length + chunk.length);\n dat.set(this.p);\n dat.set(chunk, this.p.length);\n var _a = dutf8(dat), ch = _a[0], np = _a[1];\n if (final) {\n if (np.length)\n err(8);\n this.p = null;\n }\n else\n this.p = np;\n this.ondata(ch, final);\n };\n return DecodeUTF8;\n}());\nexport { DecodeUTF8 };\n/**\n * Streaming UTF-8 encoding\n */\nvar EncodeUTF8 = /*#__PURE__*/ (function () {\n /**\n * Creates a UTF-8 decoding stream\n * @param cb The callback to call whenever data is encoded\n */\n function EncodeUTF8(cb) {\n this.ondata = cb;\n }\n /**\n * Pushes a chunk to be encoded to UTF-8\n * @param chunk The string data to push\n * @param final Whether this is the last chunk\n */\n EncodeUTF8.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n if (this.d)\n err(4);\n this.ondata(strToU8(chunk), this.d = final || false);\n };\n return EncodeUTF8;\n}());\nexport { EncodeUTF8 };\n/**\n * Converts a string into a Uint8Array for use with compression/decompression methods\n * @param str The string to encode\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless decoding a binary string.\n * @returns The string encoded in UTF-8/Latin-1 binary\n */\nexport function strToU8(str, latin1) {\n if (latin1) {\n var ar_1 = new u8(str.length);\n for (var i = 0; i < str.length; ++i)\n ar_1[i] = str.charCodeAt(i);\n return ar_1;\n }\n if (te)\n return te.encode(str);\n var l = str.length;\n var ar = new u8(str.length + (str.length >> 1));\n var ai = 0;\n var w = function (v) { ar[ai++] = v; };\n for (var i = 0; i < l; ++i) {\n if (ai + 5 > ar.length) {\n var n = new u8(ai + 8 + ((l - i) << 1));\n n.set(ar);\n ar = n;\n }\n var c = str.charCodeAt(i);\n if (c < 128 || latin1)\n w(c);\n else if (c < 2048)\n w(192 | (c >> 6)), w(128 | (c & 63));\n else if (c > 55295 && c < 57344)\n c = 65536 + (c & 1023 << 10) | (str.charCodeAt(++i) & 1023),\n w(240 | (c >> 18)), w(128 | ((c >> 12) & 63)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n else\n w(224 | (c >> 12)), w(128 | ((c >> 6) & 63)), w(128 | (c & 63));\n }\n return slc(ar, 0, ai);\n}\n/**\n * Converts a Uint8Array to a string\n * @param dat The data to decode to string\n * @param latin1 Whether or not to interpret the data as Latin-1. This should\n * not need to be true unless encoding to binary string.\n * @returns The original UTF-8/Latin-1 string\n */\nexport function strFromU8(dat, latin1) {\n if (latin1) {\n var r = '';\n for (var i = 0; i < dat.length; i += 16384)\n r += String.fromCharCode.apply(null, dat.subarray(i, i + 16384));\n return r;\n }\n else if (td)\n return td.decode(dat);\n else {\n var _a = dutf8(dat), out = _a[0], ext = _a[1];\n if (ext.length)\n err(8);\n return out;\n }\n}\n;\n// deflate bit flag\nvar dbf = function (l) { return l == 1 ? 3 : l < 6 ? 2 : l == 9 ? 1 : 0; };\n// skip local zip header\nvar slzh = function (d, b) { return b + 30 + b2(d, b + 26) + b2(d, b + 28); };\n// read zip header\nvar zh = function (d, b, z) {\n var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);\n var _a = z && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a[0], su = _a[1], off = _a[2];\n return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];\n};\n// read zip64 extra field\nvar z64e = function (d, b) {\n for (; b2(d, b) != 1; b += 4 + b2(d, b + 2))\n ;\n return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];\n};\n// extra field length\nvar exfl = function (ex) {\n var le = 0;\n if (ex) {\n for (var k in ex) {\n var l = ex[k].length;\n if (l > 65535)\n err(9);\n le += l + 4;\n }\n }\n return le;\n};\n// write zip header\nvar wzh = function (d, b, f, fn, u, c, ce, co) {\n var fl = fn.length, ex = f.extra, col = co && co.length;\n var exl = exfl(ex);\n wbytes(d, b, ce != null ? 0x2014B50 : 0x4034B50), b += 4;\n if (ce != null)\n d[b++] = 20, d[b++] = f.os;\n d[b] = 20, b += 2; // spec compliance? what's that?\n d[b++] = (f.flag << 1) | (c < 0 && 8), d[b++] = u && 8;\n d[b++] = f.compression & 255, d[b++] = f.compression >> 8;\n var dt = new Date(f.mtime == null ? Date.now() : f.mtime), y = dt.getFullYear() - 1980;\n if (y < 0 || y > 119)\n err(10);\n wbytes(d, b, (y << 25) | ((dt.getMonth() + 1) << 21) | (dt.getDate() << 16) | (dt.getHours() << 11) | (dt.getMinutes() << 5) | (dt.getSeconds() >>> 1)), b += 4;\n if (c != -1) {\n wbytes(d, b, f.crc);\n wbytes(d, b + 4, c < 0 ? -c - 2 : c);\n wbytes(d, b + 8, f.size);\n }\n wbytes(d, b + 12, fl);\n wbytes(d, b + 14, exl), b += 16;\n if (ce != null) {\n wbytes(d, b, col);\n wbytes(d, b + 6, f.attrs);\n wbytes(d, b + 10, ce), b += 14;\n }\n d.set(fn, b);\n b += fl;\n if (exl) {\n for (var k in ex) {\n var exf = ex[k], l = exf.length;\n wbytes(d, b, +k);\n wbytes(d, b + 2, l);\n d.set(exf, b + 4), b += 4 + l;\n }\n }\n if (col)\n d.set(co, b), b += col;\n return b;\n};\n// write zip footer (end of central directory)\nvar wzf = function (o, b, c, d, e) {\n wbytes(o, b, 0x6054B50); // skip disk\n wbytes(o, b + 8, c);\n wbytes(o, b + 10, c);\n wbytes(o, b + 12, d);\n wbytes(o, b + 16, e);\n};\n/**\n * A pass-through stream to keep data uncompressed in a ZIP archive.\n */\nvar ZipPassThrough = /*#__PURE__*/ (function () {\n /**\n * Creates a pass-through stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n */\n function ZipPassThrough(filename) {\n this.filename = filename;\n this.c = crc();\n this.size = 0;\n this.compression = 0;\n }\n /**\n * Processes a chunk and pushes to the output stream. You can override this\n * method in a subclass for custom behavior, but by default this passes\n * the data through. You must call this.ondata(err, chunk, final) at some\n * point in this method.\n * @param chunk The chunk to process\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.process = function (chunk, final) {\n this.ondata(null, chunk, final);\n };\n /**\n * Pushes a chunk to be added. If you are subclassing this with a custom\n * compression algorithm, note that you must push data from the source\n * file only, pre-compression.\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipPassThrough.prototype.push = function (chunk, final) {\n if (!this.ondata)\n err(5);\n this.c.p(chunk);\n this.size += chunk.length;\n if (final)\n this.crc = this.c.d();\n this.process(chunk, final || false);\n };\n return ZipPassThrough;\n}());\nexport { ZipPassThrough };\n// I don't extend because TypeScript extension adds 1kB of runtime bloat\n/**\n * Streaming DEFLATE compression for ZIP archives. Prefer using AsyncZipDeflate\n * for better performance\n */\nvar ZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function ZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new Deflate(opts, function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n }\n ZipDeflate.prototype.process = function (chunk, final) {\n try {\n this.d.push(chunk, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n ZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return ZipDeflate;\n}());\nexport { ZipDeflate };\n/**\n * Asynchronous streaming DEFLATE compression for ZIP archives\n */\nvar AsyncZipDeflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE stream that can be added to ZIP archives\n * @param filename The filename to associate with this data stream\n * @param opts The compression options\n */\n function AsyncZipDeflate(filename, opts) {\n var _this_1 = this;\n if (!opts)\n opts = {};\n ZipPassThrough.call(this, filename);\n this.d = new AsyncDeflate(opts, function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.compression = 8;\n this.flag = dbf(opts.level);\n this.terminate = this.d.terminate;\n }\n AsyncZipDeflate.prototype.process = function (chunk, final) {\n this.d.push(chunk, final);\n };\n /**\n * Pushes a chunk to be deflated\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n AsyncZipDeflate.prototype.push = function (chunk, final) {\n ZipPassThrough.prototype.push.call(this, chunk, final);\n };\n return AsyncZipDeflate;\n}());\nexport { AsyncZipDeflate };\n// TODO: Better tree shaking\n/**\n * A zippable archive to which files can incrementally be added\n */\nvar Zip = /*#__PURE__*/ (function () {\n /**\n * Creates an empty ZIP archive to which files can be added\n * @param cb The callback to call whenever data for the generated ZIP archive\n * is available\n */\n function Zip(cb) {\n this.ondata = cb;\n this.u = [];\n this.d = 1;\n }\n /**\n * Adds a file to the ZIP archive\n * @param file The file stream to add\n */\n Zip.prototype.add = function (file) {\n var _this_1 = this;\n if (!this.ondata)\n err(5);\n // finishing or finished\n if (this.d & 2)\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, false);\n else {\n var f = strToU8(file.filename), fl_1 = f.length;\n var com = file.comment, o = com && strToU8(com);\n var u = fl_1 != file.filename.length || (o && (com.length != o.length));\n var hl_1 = fl_1 + exfl(file.extra) + 30;\n if (fl_1 > 65535)\n this.ondata(err(11, 0, 1), null, false);\n var header = new u8(hl_1);\n wzh(header, 0, file, f, u, -1);\n var chks_1 = [header];\n var pAll_1 = function () {\n for (var _i = 0, chks_2 = chks_1; _i < chks_2.length; _i++) {\n var chk = chks_2[_i];\n _this_1.ondata(null, chk, false);\n }\n chks_1 = [];\n };\n var tr_1 = this.d;\n this.d = 0;\n var ind_1 = this.u.length;\n var uf_1 = mrg(file, {\n f: f,\n u: u,\n o: o,\n t: function () {\n if (file.terminate)\n file.terminate();\n },\n r: function () {\n pAll_1();\n if (tr_1) {\n var nxt = _this_1.u[ind_1 + 1];\n if (nxt)\n nxt.r();\n else\n _this_1.d = 1;\n }\n tr_1 = 1;\n }\n });\n var cl_1 = 0;\n file.ondata = function (err, dat, final) {\n if (err) {\n _this_1.ondata(err, dat, final);\n _this_1.terminate();\n }\n else {\n cl_1 += dat.length;\n chks_1.push(dat);\n if (final) {\n var dd = new u8(16);\n wbytes(dd, 0, 0x8074B50);\n wbytes(dd, 4, file.crc);\n wbytes(dd, 8, cl_1);\n wbytes(dd, 12, file.size);\n chks_1.push(dd);\n uf_1.c = cl_1, uf_1.b = hl_1 + cl_1 + 16, uf_1.crc = file.crc, uf_1.size = file.size;\n if (tr_1)\n uf_1.r();\n tr_1 = 1;\n }\n else if (tr_1)\n pAll_1();\n }\n };\n this.u.push(uf_1);\n }\n };\n /**\n * Ends the process of adding files and prepares to emit the final chunks.\n * This *must* be called after adding all desired files for the resulting\n * ZIP file to work properly.\n */\n Zip.prototype.end = function () {\n var _this_1 = this;\n if (this.d & 2) {\n this.ondata(err(4 + (this.d & 1) * 8, 0, 1), null, true);\n return;\n }\n if (this.d)\n this.e();\n else\n this.u.push({\n r: function () {\n if (!(_this_1.d & 1))\n return;\n _this_1.u.splice(-1, 1);\n _this_1.e();\n },\n t: function () { }\n });\n this.d = 3;\n };\n Zip.prototype.e = function () {\n var bt = 0, l = 0, tl = 0;\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n tl += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0);\n }\n var out = new u8(tl + 22);\n for (var _b = 0, _c = this.u; _b < _c.length; _b++) {\n var f = _c[_b];\n wzh(out, bt, f, f.f, f.u, -f.c - 2, l, f.o);\n bt += 46 + f.f.length + exfl(f.extra) + (f.o ? f.o.length : 0), l += f.b;\n }\n wzf(out, bt, this.u.length, tl, l);\n this.ondata(null, out, true);\n this.d = 2;\n };\n /**\n * A method to terminate any internal workers used by the stream. Subsequent\n * calls to add() will fail.\n */\n Zip.prototype.terminate = function () {\n for (var _i = 0, _a = this.u; _i < _a.length; _i++) {\n var f = _a[_i];\n f.t();\n }\n this.d = 2;\n };\n return Zip;\n}());\nexport { Zip };\nexport function zip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var r = {};\n fltn(data, '', r, opts);\n var k = Object.keys(r);\n var lft = k.length, o = 0, tot = 0;\n var slft = lft, files = new Array(lft);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var cbf = function () {\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n tot = 0;\n for (var i = 0; i < slft; ++i) {\n var f = files[i];\n try {\n var l = f.c.length;\n wzh(out, tot, f, f.f, f.u, l);\n var badd = 30 + f.f.length + exfl(f.extra);\n var loc = tot + badd;\n out.set(f.c, loc);\n wzh(out, o, f, f.f, f.u, l, tot, f.m), o += 16 + badd + (f.m ? f.m.length : 0), tot = loc + l;\n }\n catch (e) {\n return cbd(e, null);\n }\n }\n wzf(out, o, files.length, cdl, oe);\n cbd(null, out);\n };\n if (!lft)\n cbf();\n var _loop_1 = function (i) {\n var fn = k[i];\n var _a = r[fn], file = _a[0], p = _a[1];\n var c = crc(), size = file.length;\n c.p(file);\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n var compression = p.level == 0 ? 0 : 8;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n var l = d.length;\n files[i] = mrg(p, {\n size: size,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n compression: compression\n });\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n if (!--lft)\n cbf();\n }\n };\n if (s > 65535)\n cbl(err(11, 0, 1), null);\n if (!compression)\n cbl(null, file);\n else if (size < 160000) {\n try {\n cbl(null, deflateSync(file, p));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(deflate(file, p, cbl));\n };\n // Cannot use lft because it can decrease\n for (var i = 0; i < slft; ++i) {\n _loop_1(i);\n }\n return tAll;\n}\n/**\n * Synchronously creates a ZIP file. Prefer using `zip` for better performance\n * with more than one file.\n * @param data The directory structure for the ZIP archive\n * @param opts The main options, merged with per-file options\n * @returns The generated ZIP archive\n */\nexport function zipSync(data, opts) {\n if (!opts)\n opts = {};\n var r = {};\n var files = [];\n fltn(data, '', r, opts);\n var o = 0;\n var tot = 0;\n for (var fn in r) {\n var _a = r[fn], file = _a[0], p = _a[1];\n var compression = p.level == 0 ? 0 : 8;\n var f = strToU8(fn), s = f.length;\n var com = p.comment, m = com && strToU8(com), ms = m && m.length;\n var exl = exfl(p.extra);\n if (s > 65535)\n err(11);\n var d = compression ? deflateSync(file, p) : file, l = d.length;\n var c = crc();\n c.p(file);\n files.push(mrg(p, {\n size: file.length,\n crc: c.d(),\n c: d,\n f: f,\n m: m,\n u: s != fn.length || (m && (com.length != ms)),\n o: o,\n compression: compression\n }));\n o += 30 + s + exl + l;\n tot += 76 + 2 * (s + exl) + (ms || 0) + l;\n }\n var out = new u8(tot + 22), oe = o, cdl = tot - o;\n for (var i = 0; i < files.length; ++i) {\n var f = files[i];\n wzh(out, f.o, f, f.f, f.u, f.c.length);\n var badd = 30 + f.f.length + exfl(f.extra);\n out.set(f.c, f.o + badd);\n wzh(out, o, f, f.f, f.u, f.c.length, f.o, f.m), o += 16 + badd + (f.m ? f.m.length : 0);\n }\n wzf(out, o, files.length, cdl, oe);\n return out;\n}\n/**\n * Streaming pass-through decompression for ZIP archives\n */\nvar UnzipPassThrough = /*#__PURE__*/ (function () {\n function UnzipPassThrough() {\n }\n UnzipPassThrough.prototype.push = function (data, final) {\n this.ondata(null, data, final);\n };\n UnzipPassThrough.compression = 0;\n return UnzipPassThrough;\n}());\nexport { UnzipPassThrough };\n/**\n * Streaming DEFLATE decompression for ZIP archives. Prefer AsyncZipInflate for\n * better performance.\n */\nvar UnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function UnzipInflate() {\n var _this_1 = this;\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n UnzipInflate.prototype.push = function (data, final) {\n try {\n this.i.push(data, final);\n }\n catch (e) {\n this.ondata(e, null, final);\n }\n };\n UnzipInflate.compression = 8;\n return UnzipInflate;\n}());\nexport { UnzipInflate };\n/**\n * Asynchronous streaming DEFLATE decompression for ZIP archives\n */\nvar AsyncUnzipInflate = /*#__PURE__*/ (function () {\n /**\n * Creates a DEFLATE decompression that can be used in ZIP archives\n */\n function AsyncUnzipInflate(_, sz) {\n var _this_1 = this;\n if (sz < 320000) {\n this.i = new Inflate(function (dat, final) {\n _this_1.ondata(null, dat, final);\n });\n }\n else {\n this.i = new AsyncInflate(function (err, dat, final) {\n _this_1.ondata(err, dat, final);\n });\n this.terminate = this.i.terminate;\n }\n }\n AsyncUnzipInflate.prototype.push = function (data, final) {\n if (this.i.terminate)\n data = slc(data, 0);\n this.i.push(data, final);\n };\n AsyncUnzipInflate.compression = 8;\n return AsyncUnzipInflate;\n}());\nexport { AsyncUnzipInflate };\n/**\n * A ZIP archive decompression stream that emits files as they are discovered\n */\nvar Unzip = /*#__PURE__*/ (function () {\n /**\n * Creates a ZIP decompression stream\n * @param cb The callback to call whenever a file in the ZIP archive is found\n */\n function Unzip(cb) {\n this.onfile = cb;\n this.k = [];\n this.o = {\n 0: UnzipPassThrough\n };\n this.p = et;\n }\n /**\n * Pushes a chunk to be unzipped\n * @param chunk The chunk to push\n * @param final Whether this is the last chunk\n */\n Unzip.prototype.push = function (chunk, final) {\n var _this_1 = this;\n if (!this.onfile)\n err(5);\n if (!this.p)\n err(4);\n if (this.c > 0) {\n var len = Math.min(this.c, chunk.length);\n var toAdd = chunk.subarray(0, len);\n this.c -= len;\n if (this.d)\n this.d.push(toAdd, !this.c);\n else\n this.k[0].push(toAdd);\n chunk = chunk.subarray(len);\n if (chunk.length)\n return this.push(chunk, final);\n }\n else {\n var f = 0, i = 0, is = void 0, buf = void 0;\n if (!this.p.length)\n buf = chunk;\n else if (!chunk.length)\n buf = this.p;\n else {\n buf = new u8(this.p.length + chunk.length);\n buf.set(this.p), buf.set(chunk, this.p.length);\n }\n var l = buf.length, oc = this.c, add = oc && this.d;\n var _loop_2 = function () {\n var _a;\n var sig = b4(buf, i);\n if (sig == 0x4034B50) {\n f = 1, is = i;\n this_1.d = null;\n this_1.c = 0;\n var bf = b2(buf, i + 6), cmp_1 = b2(buf, i + 8), u = bf & 2048, dd = bf & 8, fnl = b2(buf, i + 26), es = b2(buf, i + 28);\n if (l > i + 30 + fnl + es) {\n var chks_3 = [];\n this_1.k.unshift(chks_3);\n f = 2;\n var sc_1 = b4(buf, i + 18), su_1 = b4(buf, i + 22);\n var fn_1 = strFromU8(buf.subarray(i + 30, i += 30 + fnl), !u);\n if (sc_1 == 4294967295) {\n _a = dd ? [-2] : z64e(buf, i), sc_1 = _a[0], su_1 = _a[1];\n }\n else if (dd)\n sc_1 = -1;\n i += es;\n this_1.c = sc_1;\n var d_1;\n var file_1 = {\n name: fn_1,\n compression: cmp_1,\n start: function () {\n if (!file_1.ondata)\n err(5);\n if (!sc_1)\n file_1.ondata(null, et, true);\n else {\n var ctr = _this_1.o[cmp_1];\n if (!ctr)\n file_1.ondata(err(14, 'unknown compression type ' + cmp_1, 1), null, false);\n d_1 = sc_1 < 0 ? new ctr(fn_1) : new ctr(fn_1, sc_1, su_1);\n d_1.ondata = function (err, dat, final) { file_1.ondata(err, dat, final); };\n for (var _i = 0, chks_4 = chks_3; _i < chks_4.length; _i++) {\n var dat = chks_4[_i];\n d_1.push(dat, false);\n }\n if (_this_1.k[0] == chks_3 && _this_1.c)\n _this_1.d = d_1;\n else\n d_1.push(et, true);\n }\n },\n terminate: function () {\n if (d_1 && d_1.terminate)\n d_1.terminate();\n }\n };\n if (sc_1 >= 0)\n file_1.size = sc_1, file_1.originalSize = su_1;\n this_1.onfile(file_1);\n }\n return \"break\";\n }\n else if (oc) {\n if (sig == 0x8074B50) {\n is = i += 12 + (oc == -2 && 8), f = 3, this_1.c = 0;\n return \"break\";\n }\n else if (sig == 0x2014B50) {\n is = i -= 4, f = 3, this_1.c = 0;\n return \"break\";\n }\n }\n };\n var this_1 = this;\n for (; i < l - 4; ++i) {\n var state_1 = _loop_2();\n if (state_1 === \"break\")\n break;\n }\n this.p = et;\n if (oc < 0) {\n var dat = f ? buf.subarray(0, is - 12 - (oc == -2 && 8) - (b4(buf, is - 16) == 0x8074B50 && 4)) : buf.subarray(0, i);\n if (add)\n add.push(dat, !!f);\n else\n this.k[+(f == 2)].push(dat);\n }\n if (f & 2)\n return this.push(buf.subarray(i), final);\n this.p = buf.subarray(i);\n }\n if (final) {\n if (this.c)\n err(13);\n this.p = null;\n }\n };\n /**\n * Registers a decoder with the stream, allowing for files compressed with\n * the compression type provided to be expanded correctly\n * @param decoder The decoder constructor\n */\n Unzip.prototype.register = function (decoder) {\n this.o[decoder.compression] = decoder;\n };\n return Unzip;\n}());\nexport { Unzip };\nvar mt = typeof queueMicrotask == 'function' ? queueMicrotask : typeof setTimeout == 'function' ? setTimeout : function (fn) { fn(); };\nexport function unzip(data, opts, cb) {\n if (!cb)\n cb = opts, opts = {};\n if (typeof cb != 'function')\n err(7);\n var term = [];\n var tAll = function () {\n for (var i = 0; i < term.length; ++i)\n term[i]();\n };\n var files = {};\n var cbd = function (a, b) {\n mt(function () { cb(a, b); });\n };\n mt(function () { cbd = cb; });\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558) {\n cbd(err(13, 0, 1), null);\n return tAll;\n }\n }\n ;\n var lft = b2(data, e + 8);\n if (lft) {\n var c = lft;\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = lft = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n var _loop_3 = function (i) {\n var _a = zh(data, o, z), c_1 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n var cbl = function (e, d) {\n if (e) {\n tAll();\n cbd(e, null);\n }\n else {\n if (d)\n files[fn] = d;\n if (!--lft)\n cbd(null, files);\n }\n };\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_1\n })) {\n if (!c_1)\n cbl(null, slc(data, b, b + sc));\n else if (c_1 == 8) {\n var infl = data.subarray(b, b + sc);\n if (sc < 320000) {\n try {\n cbl(null, inflateSync(infl, new u8(su)));\n }\n catch (e) {\n cbl(e, null);\n }\n }\n else\n term.push(inflate(infl, { size: su }, cbl));\n }\n else\n cbl(err(14, 'unknown compression type ' + c_1, 1), null);\n }\n else\n cbl(null, null);\n };\n for (var i = 0; i < c; ++i) {\n _loop_3(i);\n }\n }\n else\n cbd(null, {});\n return tAll;\n}\n/**\n * Synchronously decompresses a ZIP archive. Prefer using `unzip` for better\n * performance with more than one file.\n * @param data The raw compressed ZIP file\n * @param opts The ZIP extraction options\n * @returns The decompressed files\n */\nexport function unzipSync(data, opts) {\n var files = {};\n var e = data.length - 22;\n for (; b4(data, e) != 0x6054B50; --e) {\n if (!e || data.length - e > 65558)\n err(13);\n }\n ;\n var c = b2(data, e + 8);\n if (!c)\n return {};\n var o = b4(data, e + 16);\n var z = o == 4294967295 || c == 65535;\n if (z) {\n var ze = b4(data, e - 12);\n z = b4(data, ze) == 0x6064B50;\n if (z) {\n c = b4(data, ze + 32);\n o = b4(data, ze + 48);\n }\n }\n var fltr = opts && opts.filter;\n for (var i = 0; i < c; ++i) {\n var _a = zh(data, o, z), c_2 = _a[0], sc = _a[1], su = _a[2], fn = _a[3], no = _a[4], off = _a[5], b = slzh(data, off);\n o = no;\n if (!fltr || fltr({\n name: fn,\n size: sc,\n originalSize: su,\n compression: c_2\n })) {\n if (!c_2)\n files[fn] = slc(data, b, b + sc);\n else if (c_2 == 8)\n files[fn] = inflateSync(data.subarray(b, b + sc), new u8(su));\n else\n err(14, 'unknown compression type ' + c_2);\n }\n }\n return files;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the Literal Data Packet (Tag 11)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}:\n * A Literal Data packet contains the body of a message; data that is not to be\n * further interpreted.\n */\nclass LiteralDataPacket {\n static get tag() {\n return enums.packet.literalData;\n }\n\n /**\n * @param {Date} date - The creation date of the literal package\n */\n constructor(date = new Date()) {\n this.format = enums.literal.utf8; // default format for literal data packets\n this.date = util.normalizeDate(date);\n this.text = null; // textual data representation\n this.data = null; // literal data representation\n this.filename = '';\n }\n\n /**\n * Set the packet data to a javascript native string, end of line\n * will be normalized to \\r\\n and by default text is converted to UTF8\n * @param {String | ReadableStream} text - Any native javascript string\n * @param {enums.literal} [format] - The format of the string of bytes\n */\n setText(text, format = enums.literal.utf8) {\n this.format = format;\n this.text = text;\n this.data = null;\n }\n\n /**\n * Returns literal data packets as native JavaScript string\n * with normalized end of line to \\n\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {String | ReadableStream} Literal data as text.\n */\n getText(clone = false) {\n if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read\n this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone)));\n }\n return this.text;\n }\n\n /**\n * Set the packet data to value represented by the provided string of bytes.\n * @param {Uint8Array | ReadableStream} bytes - The string of bytes\n * @param {enums.literal} format - The format of the string of bytes\n */\n setBytes(bytes, format) {\n this.format = format;\n this.data = bytes;\n this.text = null;\n }\n\n\n /**\n * Get the byte sequence representing the literal packet data\n * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again\n * @returns {Uint8Array | ReadableStream} A sequence of bytes.\n */\n getBytes(clone = false) {\n if (this.data === null) {\n // encode UTF8 and normalize EOL to \\r\\n\n this.data = util.canonicalizeEOL(util.encodeUTF8(this.text));\n }\n if (clone) {\n return stream.passiveClone(this.data);\n }\n return this.data;\n }\n\n\n /**\n * Sets the filename of the literal packet data\n * @param {String} filename - Any native javascript string\n */\n setFilename(filename) {\n this.filename = filename;\n }\n\n\n /**\n * Get the filename of the literal packet data\n * @returns {String} Filename.\n */\n getFilename() {\n return this.filename;\n }\n\n /**\n * Parsing function for a literal data packet (tag 11).\n *\n * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet\n * @returns {Promise} Object representation.\n * @async\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n // - A one-octet field that describes how the data is formatted.\n const format = await reader.readByte(); // enums.literal\n\n const filename_len = await reader.readByte();\n this.filename = util.decodeUTF8(await reader.readBytes(filename_len));\n\n this.date = util.readDate(await reader.readBytes(4));\n\n let data = reader.remainder();\n if (stream.isArrayStream(data)) data = await stream.readToEnd(data);\n this.setBytes(data, format);\n });\n }\n\n /**\n * Creates a Uint8Array representation of the packet, excluding the data\n *\n * @returns {Uint8Array} Uint8Array representation of the packet.\n */\n writeHeader() {\n const filename = util.encodeUTF8(this.filename);\n const filename_length = new Uint8Array([filename.length]);\n\n const format = new Uint8Array([this.format]);\n const date = util.writeDate(this.date);\n\n return util.concatUint8Array([format, filename_length, filename, date]);\n }\n\n /**\n * Creates a Uint8Array representation of the packet\n *\n * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet.\n */\n write() {\n const header = this.writeHeader();\n const data = this.getBytes();\n\n return util.concat([header, data]);\n }\n}\n\nexport default LiteralDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\n/**\n * @module type/keyid\n */\n\nimport util from '../util';\n\n/**\n * Implementation of type key id\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}:\n * A Key ID is an eight-octet scalar that identifies a key.\n * Implementations SHOULD NOT assume that Key IDs are unique. The\n * section \"Enhanced Key Formats\" below describes how Key IDs are\n * formed.\n */\nclass KeyID {\n constructor() {\n this.bytes = '';\n }\n\n /**\n * Parsing method for a key id\n * @param {Uint8Array} bytes - Input to read the key id from\n */\n read(bytes) {\n this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8));\n return this.bytes.length;\n }\n\n /**\n * Serializes the Key ID\n * @returns {Uint8Array} Key ID as a Uint8Array.\n */\n write() {\n return util.stringToUint8Array(this.bytes);\n }\n\n /**\n * Returns the Key ID represented as a hexadecimal string\n * @returns {String} Key ID as a hexadecimal string.\n */\n toHex() {\n return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes));\n }\n\n /**\n * Checks equality of Key ID's\n * @param {KeyID} keyID\n * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard\n */\n equals(keyID, matchWildcard = false) {\n return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes;\n }\n\n /**\n * Checks to see if the Key ID is unset\n * @returns {Boolean} True if the Key ID is null.\n */\n isNull() {\n return this.bytes === '';\n }\n\n /**\n * Checks to see if the Key ID is a \"wildcard\" Key ID (all zeros)\n * @returns {Boolean} True if this is a wildcard Key ID.\n */\n isWildcard() {\n return /^0+$/.test(this.toHex());\n }\n\n static mapToHex(keyID) {\n return keyID.toHex();\n }\n\n static fromID(hex) {\n const keyID = new KeyID();\n keyID.read(util.hexToUint8Array(hex));\n return keyID;\n }\n\n static wildcard() {\n const keyID = new KeyID();\n keyID.read(new Uint8Array(8));\n return keyID;\n }\n}\n\nexport default KeyID;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { readSimpleLength, UnsupportedError, writeSimpleLength } from './packet';\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.\nconst verified = Symbol('verified');\n\n// A salt notation is used to randomize signatures.\n// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks\n// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).\n// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.\n// some chosen-prefix attacks.\n// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.\nconst SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org';\n\n// GPG puts the Issuer and Signature subpackets in the unhashed area.\n// Tampering with those invalidates the signature, so we still trust them and parse them.\n// All other unhashed subpackets are ignored.\nconst allowedUnhashedSubpackets = new Set([\n enums.signatureSubpacket.issuerKeyID,\n enums.signatureSubpacket.issuerFingerprint,\n enums.signatureSubpacket.embeddedSignature\n]);\n\n/**\n * Implementation of the Signature Packet (Tag 2)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}:\n * A Signature packet describes a binding between some public key and\n * some data. The most common signatures are a signature of a file or a\n * block of text, and a signature that is a certification of a User ID.\n */\nclass SignaturePacket {\n static get tag() {\n return enums.packet.signature;\n }\n\n constructor() {\n this.version = null;\n /** @type {enums.signature} */\n this.signatureType = null;\n /** @type {enums.hash} */\n this.hashAlgorithm = null;\n /** @type {enums.publicKey} */\n this.publicKeyAlgorithm = null;\n\n this.signatureData = null;\n this.unhashedSubpackets = [];\n this.unknownSubpackets = [];\n this.signedHashValue = null;\n this.salt = null;\n\n this.created = null;\n this.signatureExpirationTime = null;\n this.signatureNeverExpires = true;\n this.exportable = null;\n this.trustLevel = null;\n this.trustAmount = null;\n this.regularExpression = null;\n this.revocable = null;\n this.keyExpirationTime = null;\n this.keyNeverExpires = null;\n this.preferredSymmetricAlgorithms = null;\n this.revocationKeyClass = null;\n this.revocationKeyAlgorithm = null;\n this.revocationKeyFingerprint = null;\n this.issuerKeyID = new KeyID();\n this.rawNotations = [];\n this.notations = {};\n this.preferredHashAlgorithms = null;\n this.preferredCompressionAlgorithms = null;\n this.keyServerPreferences = null;\n this.preferredKeyServer = null;\n this.isPrimaryUserID = null;\n this.policyURI = null;\n this.keyFlags = null;\n this.signersUserID = null;\n this.reasonForRevocationFlag = null;\n this.reasonForRevocationString = null;\n this.features = null;\n this.signatureTargetPublicKeyAlgorithm = null;\n this.signatureTargetHashAlgorithm = null;\n this.signatureTargetHash = null;\n this.embeddedSignature = null;\n this.issuerKeyVersion = null;\n this.issuerFingerprint = null;\n this.preferredAEADAlgorithms = null;\n this.preferredCipherSuites = null;\n\n this.revoked = null;\n this[verified] = null;\n }\n\n /**\n * parsing function for a signature packet (tag 2).\n * @param {String} bytes - Payload of a tag 2 packet\n * @returns {SignaturePacket} Object representation.\n */\n read(bytes, config = defaultConfig) {\n let i = 0;\n this.version = bytes[i++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`);\n }\n\n this.signatureType = bytes[i++];\n this.publicKeyAlgorithm = bytes[i++];\n this.hashAlgorithm = bytes[i++];\n\n // hashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), true);\n if (!this.created) {\n throw new Error('Missing signature creation time subpacket.');\n }\n\n // A V4 signature hashes the packet body\n // starting from its first field, the version number, through the end\n // of the hashed subpacket data. Thus, the fields hashed are the\n // signature version, the signature type, the public-key algorithm, the\n // hash algorithm, the hashed subpacket length, and the hashed\n // subpacket body.\n this.signatureData = bytes.subarray(0, i);\n\n // unhashed subpackets\n i += this.readSubPackets(bytes.subarray(i, bytes.length), false);\n\n // Two-octet field holding left 16 bits of signed hash value.\n this.signedHashValue = bytes.subarray(i, i + 2);\n i += 2;\n\n // Only for v6 signatures, a variable-length field containing:\n if (this.version === 6) {\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[i++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(i, i + saltLength);\n i += saltLength;\n }\n\n const signatureMaterial = bytes.subarray(i, bytes.length);\n const { read, signatureParams } = crypto.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial);\n if (read < signatureMaterial.length) {\n throw new Error('Error reading MPIs');\n }\n this.params = signatureParams;\n }\n\n /**\n * @returns {Uint8Array | ReadableStream}\n */\n writeParams() {\n if (this.params instanceof Promise) {\n return stream.fromAsync(\n async () => crypto.serializeParams(this.publicKeyAlgorithm, await this.params)\n );\n }\n return crypto.serializeParams(this.publicKeyAlgorithm, this.params);\n }\n\n write() {\n const arr = [];\n arr.push(this.signatureData);\n arr.push(this.writeUnhashedSubPackets());\n arr.push(this.signedHashValue);\n if (this.version === 6) {\n arr.push(new Uint8Array([this.salt.length]));\n arr.push(this.salt);\n }\n arr.push(this.writeParams());\n return util.concat(arr);\n }\n\n /**\n * Signs provided data. This needs to be done prior to serialization.\n * @param {SecretKeyPacket} key - Private key used to sign the message.\n * @param {Object} data - Contains packets to be signed.\n * @param {Date} [date] - The signature creation time.\n * @param {Boolean} [detached] - Whether to create a detached signature\n * @throws {Error} if signing failed\n * @async\n */\n async sign(key, data, date = new Date(), detached = false, config) {\n this.version = key.version;\n\n this.created = util.normalizeDate(date);\n this.issuerKeyVersion = key.version;\n this.issuerFingerprint = key.getFingerprintBytes();\n this.issuerKeyID = key.getKeyID();\n\n const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])];\n\n // add randomness to the signature\n if (this.version === 6) {\n const saltLength = saltLengthForHash(this.hashAlgorithm);\n if (this.salt === null) {\n this.salt = crypto.random.getRandomBytes(saltLength);\n } else if (saltLength !== this.salt.length) {\n throw new Error('Provided salt does not have the required length');\n }\n } else if (config.nonDeterministicSignaturesViaNotation) {\n const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME));\n // since re-signing the same object is not supported, it's not expected to have multiple salt notations,\n // but we guard against it as a sanity check\n if (saltNotations.length === 0) {\n const saltValue = crypto.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm));\n this.rawNotations.push({\n name: SALT_NOTATION_NAME,\n value: saltValue,\n humanReadable: false,\n critical: false\n });\n } else {\n throw new Error('Unexpected existing salt notation');\n }\n }\n\n // Add hashed subpackets\n arr.push(this.writeHashedSubPackets());\n\n // Remove unhashed subpackets, in case some allowed unhashed\n // subpackets existed, in order not to duplicate them (in both\n // the hashed and unhashed subpackets) when re-signing.\n this.unhashedSubpackets = [];\n\n this.signatureData = util.concat(arr);\n\n const toHash = this.toHash(this.signatureType, data, detached);\n const hash = await this.hash(this.signatureType, data, toHash, detached);\n\n this.signedHashValue = stream.slice(stream.clone(hash), 0, 2);\n const signed = async () => crypto.signature.sign(\n this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await stream.readToEnd(hash)\n );\n if (util.isStream(hash)) {\n this.params = signed();\n } else {\n this.params = await signed();\n\n // Store the fact that this signature is valid, e.g. for when we call `await\n // getLatestValidSignature(this.revocationSignatures, key, data)` later.\n // Note that this only holds up if the key and data passed to verify are the\n // same as the ones passed to sign.\n this[verified] = true;\n }\n }\n\n /**\n * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeHashedSubPackets() {\n const sub = enums.signatureSubpacket;\n const arr = [];\n let bytes;\n if (this.created === null) {\n throw new Error('Missing signature creation time');\n }\n arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created)));\n if (this.signatureExpirationTime !== null) {\n arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4)));\n }\n if (this.exportable !== null) {\n arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0])));\n }\n if (this.trustLevel !== null) {\n bytes = new Uint8Array([this.trustLevel, this.trustAmount]);\n arr.push(writeSubPacket(sub.trustSignature, true, bytes));\n }\n if (this.regularExpression !== null) {\n arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression));\n }\n if (this.revocable !== null) {\n arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0])));\n }\n if (this.keyExpirationTime !== null) {\n arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4)));\n }\n if (this.preferredSymmetricAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms));\n arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes));\n }\n if (this.revocationKeyClass !== null) {\n bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]);\n bytes = util.concat([bytes, this.revocationKeyFingerprint]);\n arr.push(writeSubPacket(sub.revocationKey, false, bytes));\n }\n if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) {\n // If the version of [the] key is greater than 4, this subpacket\n // MUST NOT be included in the signature.\n arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write()));\n }\n this.rawNotations.forEach(({ name, value, humanReadable, critical }) => {\n bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];\n const encodedName = util.encodeUTF8(name);\n // 2 octets of name length\n bytes.push(util.writeNumber(encodedName.length, 2));\n // 2 octets of value length\n bytes.push(util.writeNumber(value.length, 2));\n bytes.push(encodedName);\n bytes.push(value);\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.notationData, critical, bytes));\n });\n if (this.preferredHashAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms));\n arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes));\n }\n if (this.preferredCompressionAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms));\n arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes));\n }\n if (this.keyServerPreferences !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences));\n arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes));\n }\n if (this.preferredKeyServer !== null) {\n arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer)));\n }\n if (this.isPrimaryUserID !== null) {\n arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0])));\n }\n if (this.policyURI !== null) {\n arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI)));\n }\n if (this.keyFlags !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags));\n arr.push(writeSubPacket(sub.keyFlags, true, bytes));\n }\n if (this.signersUserID !== null) {\n arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID)));\n }\n if (this.reasonForRevocationFlag !== null) {\n bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString);\n arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes));\n }\n if (this.features !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features));\n arr.push(writeSubPacket(sub.features, false, bytes));\n }\n if (this.signatureTargetPublicKeyAlgorithm !== null) {\n bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])];\n bytes.push(util.stringToUint8Array(this.signatureTargetHash));\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.signatureTarget, true, bytes));\n }\n if (this.embeddedSignature !== null) {\n arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write()));\n }\n if (this.issuerFingerprint !== null) {\n bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];\n bytes = util.concat(bytes);\n arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes));\n }\n if (this.preferredAEADAlgorithms !== null) {\n bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));\n arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));\n }\n if (this.preferredCipherSuites !== null) {\n bytes = new Uint8Array([].concat(...this.preferredCipherSuites));\n arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));\n }\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n /**\n * Creates an Uint8Array containing the unhashed subpackets\n * @returns {Uint8Array} Subpacket data.\n */\n writeUnhashedSubPackets() {\n const arr = this.unhashedSubpackets.map(({ type, critical, body }) => {\n return writeSubPacket(type, critical, body);\n });\n\n const result = util.concat(arr);\n const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);\n\n return util.concat([length, result]);\n }\n\n // Signature subpackets\n readSubPacket(bytes, hashed = true) {\n let mypos = 0;\n\n // The leftmost bit denotes a \"critical\" packet\n const critical = !!(bytes[mypos] & 0x80);\n const type = bytes[mypos] & 0x7F;\n\n mypos++;\n\n if (!hashed) {\n this.unhashedSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n if (!allowedUnhashedSubpackets.has(type)) {\n return;\n }\n }\n\n // subpacket type\n switch (type) {\n case enums.signatureSubpacket.signatureCreationTime:\n // Signature Creation Time\n this.created = util.readDate(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.signatureExpirationTime: {\n // Signature Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.signatureNeverExpires = seconds === 0;\n this.signatureExpirationTime = seconds;\n\n break;\n }\n case enums.signatureSubpacket.exportableCertification:\n // Exportable Certification\n this.exportable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.trustSignature:\n // Trust Signature\n this.trustLevel = bytes[mypos++];\n this.trustAmount = bytes[mypos++];\n break;\n case enums.signatureSubpacket.regularExpression:\n // Regular Expression\n this.regularExpression = bytes[mypos];\n break;\n case enums.signatureSubpacket.revocable:\n // Revocable\n this.revocable = bytes[mypos++] === 1;\n break;\n case enums.signatureSubpacket.keyExpirationTime: {\n // Key Expiration Time in seconds\n const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));\n\n this.keyExpirationTime = seconds;\n this.keyNeverExpires = seconds === 0;\n\n break;\n }\n case enums.signatureSubpacket.preferredSymmetricAlgorithms:\n // Preferred Symmetric Algorithms\n this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.revocationKey:\n // Revocation Key\n // (1 octet of class, 1 octet of public-key algorithm ID, 20\n // octets of\n // fingerprint)\n this.revocationKeyClass = bytes[mypos++];\n this.revocationKeyAlgorithm = bytes[mypos++];\n this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20);\n break;\n\n case enums.signatureSubpacket.issuerKeyID:\n // Issuer\n if (this.version === 4) {\n this.issuerKeyID.read(bytes.subarray(mypos, bytes.length));\n } else if (hashed) {\n // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature,\n // since the Issuer Fingerprint subpacket is to be used instead.\n // The `issuerKeyID` value will be set when reading the issuerFingerprint packet.\n // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it,\n // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed)\n // issuerFingerprint.\n // If the packet is hashed, then we reject the signature, to avoid verifying data different from\n // what was parsed.\n throw new Error('Unexpected Issuer Key ID subpacket');\n }\n break;\n\n case enums.signatureSubpacket.notationData: {\n // Notation Data\n const humanReadable = !!(bytes[mypos] & 0x80);\n\n // We extract key/value tuple from the byte stream.\n mypos += 4;\n const m = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n const n = util.readNumber(bytes.subarray(mypos, mypos + 2));\n mypos += 2;\n\n const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m));\n const value = bytes.subarray(mypos + m, mypos + m + n);\n\n this.rawNotations.push({ name, humanReadable, value, critical });\n\n if (humanReadable) {\n this.notations[name] = util.decodeUTF8(value);\n }\n break;\n }\n case enums.signatureSubpacket.preferredHashAlgorithms:\n // Preferred Hash Algorithms\n this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCompressionAlgorithms:\n // Preferred Compression Algorithms\n this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.keyServerPreferences:\n // Key Server Preferences\n this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredKeyServer:\n // Preferred Key Server\n this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.primaryUserID:\n // Primary User ID\n this.isPrimaryUserID = bytes[mypos++] !== 0;\n break;\n case enums.signatureSubpacket.policyURI:\n // Policy URI\n this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.keyFlags:\n // Key Flags\n this.keyFlags = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signersUserID:\n // Signer's User ID\n this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.reasonForRevocation:\n // Reason for Revocation\n this.reasonForRevocationFlag = bytes[mypos++];\n this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.features:\n // Features\n this.features = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.signatureTarget: {\n // Signature Target\n // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash)\n this.signatureTargetPublicKeyAlgorithm = bytes[mypos++];\n this.signatureTargetHashAlgorithm = bytes[mypos++];\n\n const len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm);\n\n this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len));\n break;\n }\n case enums.signatureSubpacket.embeddedSignature:\n // Embedded Signature\n this.embeddedSignature = new SignaturePacket();\n this.embeddedSignature.read(bytes.subarray(mypos, bytes.length));\n break;\n case enums.signatureSubpacket.issuerFingerprint:\n // Issuer Fingerprint\n this.issuerKeyVersion = bytes[mypos++];\n this.issuerFingerprint = bytes.subarray(mypos, bytes.length);\n if (this.issuerKeyVersion >= 5) {\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));\n }\n break;\n case enums.signatureSubpacket.preferredAEADAlgorithms:\n // Preferred AEAD Algorithms\n this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];\n break;\n case enums.signatureSubpacket.preferredCipherSuites:\n // Preferred AEAD Cipher Suites\n this.preferredCipherSuites = [];\n for (let i = mypos; i < bytes.length; i += 2) {\n this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);\n }\n break;\n default:\n this.unknownSubpackets.push({\n type,\n critical,\n body: bytes.subarray(mypos, bytes.length)\n });\n break;\n }\n }\n\n readSubPackets(bytes, trusted = true, config) {\n const subpacketLengthBytes = this.version === 6 ? 4 : 2;\n\n // Two-octet scalar octet count for following subpacket data.\n const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes));\n\n let i = subpacketLengthBytes;\n\n // subpacket data set (zero or more subpackets)\n while (i < 2 + subpacketLength) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config);\n\n i += len.len;\n }\n\n return i;\n }\n\n // Produces data to produce signature on\n toSign(type, data) {\n const t = enums.signature;\n\n switch (type) {\n case t.binary:\n if (data.text !== null) {\n return util.encodeUTF8(data.getText(true));\n }\n return data.getBytes(true);\n\n case t.text: {\n const bytes = data.getBytes(true);\n // normalize EOL to \\r\\n\n return util.canonicalizeEOL(bytes);\n }\n case t.standalone:\n return new Uint8Array(0);\n\n case t.certGeneric:\n case t.certPersona:\n case t.certCasual:\n case t.certPositive:\n case t.certRevocation: {\n let packet;\n let tag;\n\n if (data.userID) {\n tag = 0xB4;\n packet = data.userID;\n } else if (data.userAttribute) {\n tag = 0xD1;\n packet = data.userAttribute;\n } else {\n throw new Error('Either a userID or userAttribute packet needs to be ' +\n 'supplied for certification.');\n }\n\n const bytes = packet.write();\n\n return util.concat([this.toSign(t.key, data),\n new Uint8Array([tag]),\n util.writeNumber(bytes.length, 4),\n bytes]);\n }\n case t.subkeyBinding:\n case t.subkeyRevocation:\n case t.keyBinding:\n return util.concat([this.toSign(t.key, data), this.toSign(t.key, {\n key: data.bind\n })]);\n\n case t.key:\n if (data.key === undefined) {\n throw new Error('Key packet is required for this signature.');\n }\n return data.key.writeForHash(this.version);\n\n case t.keyRevocation:\n return this.toSign(t.key, data);\n case t.timestamp:\n return new Uint8Array(0);\n case t.thirdParty:\n throw new Error('Not implemented');\n default:\n throw new Error('Unknown signature type.');\n }\n }\n\n calculateTrailer(data, detached) {\n let length = 0;\n return stream.transform(stream.clone(this.signatureData), value => {\n length += value.length;\n }, () => {\n const arr = [];\n if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) {\n if (detached) {\n arr.push(new Uint8Array(6));\n } else {\n arr.push(data.writeHeader());\n }\n }\n arr.push(new Uint8Array([this.version, 0xFF]));\n if (this.version === 5) {\n arr.push(new Uint8Array(4));\n }\n arr.push(util.writeNumber(length, 4));\n // For v5, this should really be writeNumber(length, 8) rather than the\n // hardcoded 4 zero bytes above\n return util.concat(arr);\n });\n }\n\n toHash(signatureType, data, detached = false) {\n const bytes = this.toSign(signatureType, data);\n\n return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]);\n }\n\n async hash(signatureType, data, toHash, detached = false) {\n if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) {\n // avoid hashing unexpected salt size\n throw new Error('Signature salt does not have the expected length');\n }\n\n if (!toHash) toHash = this.toHash(signatureType, data, detached);\n return crypto.hash.digest(this.hashAlgorithm, toHash);\n }\n\n /**\n * verifies the signature packet. Note: not all signature types are implemented\n * @param {PublicSubkeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature\n * @param {module:enums.signature} signatureType - Expected signature type\n * @param {Uint8Array|Object} data - Data which on the signature applies\n * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration\n * @param {Boolean} [detached] - Whether to verify a detached signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if signature validation failed\n * @async\n */\n async verify(key, signatureType, data, date = new Date(), detached = false, config = defaultConfig) {\n if (!this.issuerKeyID.equals(key.getKeyID())) {\n throw new Error('Signature was not issued by the given public key');\n }\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');\n }\n\n const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text;\n // Cryptographic validity is cached after one successful verification.\n // However, for message signatures, we always re-verify, since the passed `data` can change\n const skipVerify = this[verified] && !isMessageSignature;\n if (!skipVerify) {\n let toHash;\n let hash;\n if (this.hashed) {\n hash = await this.hashed;\n } else {\n toHash = this.toHash(signatureType, data, detached);\n hash = await this.hash(signatureType, data, toHash);\n }\n hash = await stream.readToEnd(hash);\n if (this.signedHashValue[0] !== hash[0] ||\n this.signedHashValue[1] !== hash[1]) {\n throw new Error('Signed digest did not match');\n }\n\n this.params = await this.params;\n\n this[verified] = await crypto.signature.verify(\n this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams,\n toHash, hash\n );\n\n if (!this[verified]) {\n throw new Error('Signature verification failed');\n }\n }\n\n const normDate = util.normalizeDate(date);\n if (normDate && this.created > normDate) {\n throw new Error('Signature creation time is in the future');\n }\n if (normDate && normDate >= this.getExpirationTime()) {\n throw new Error('Signature is expired');\n }\n if (config.rejectHashAlgorithms.has(this.hashAlgorithm)) {\n throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n if (config.rejectMessageHashAlgorithms.has(this.hashAlgorithm) &&\n [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {\n throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());\n }\n this.unknownSubpackets.forEach(({ type, critical }) => {\n if (critical) {\n throw new Error(`Unknown critical signature subpacket type ${type}`);\n }\n });\n this.rawNotations.forEach(({ name, critical }) => {\n if (critical && (config.knownNotations.indexOf(name) < 0)) {\n throw new Error(`Unknown critical notation: ${name}`);\n }\n });\n if (this.revocationKeyClass !== null) {\n throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');\n }\n }\n\n /**\n * Verifies signature expiration date\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @returns {Boolean} True if expired.\n */\n isExpired(date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n return !(this.created <= normDate && normDate < this.getExpirationTime());\n }\n return false;\n }\n\n /**\n * Returns the expiration time of the signature or Infinity if signature does not expire\n * @returns {Date | Infinity} Expiration time.\n */\n getExpirationTime() {\n return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000);\n }\n}\n\nexport default SignaturePacket;\n\n/**\n * Creates a Uint8Array representation of a sub signature packet\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1}\n * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2}\n * @param {Integer} type - Subpacket signature type.\n * @param {Boolean} critical - Whether the subpacket should be critical.\n * @param {String} data - Data to be included\n * @returns {Uint8Array} The signature subpacket.\n * @private\n */\nfunction writeSubPacket(type, critical, data) {\n const arr = [];\n arr.push(writeSimpleLength(data.length + 1));\n arr.push(new Uint8Array([(critical ? 0x80 : 0) | type]));\n arr.push(data);\n return util.concat(arr);\n}\n\n/**\n * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh.\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5}\n * @param {enums.hash} hashAlgorithm - Hash algorithm.\n * @returns {Integer} Salt length.\n * @private\n */\nfunction saltLengthForHash(hashAlgorithm) {\n switch (hashAlgorithm) {\n case enums.hash.sha256: return 16;\n case enums.hash.sha384: return 24;\n case enums.hash.sha512: return 32;\n case enums.hash.sha224: return 16;\n case enums.hash.sha3_256: return 16;\n case enums.hash.sha3_512: return 32;\n default: throw new Error('Unsupported hash function');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport SignaturePacket from './signature';\nimport KeyID from '../type/keyid';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the One-Pass Signature Packets (Tag 4)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:\n * The One-Pass Signature packet precedes the signed data and contains\n * enough information to allow the receiver to begin calculating any\n * hashes needed to verify the signature. It allows the Signature\n * packet to be placed at the end of the message, so that the signer\n * can compute the entire signed message in one pass.\n */\nclass OnePassSignaturePacket {\n static get tag() {\n return enums.packet.onePassSignature;\n }\n\n static fromSignaturePacket(signaturePacket, isLast) {\n const onePassSig = new OnePassSignaturePacket();\n onePassSig.version = signaturePacket.version === 6 ? 6 : 3;\n onePassSig.signatureType = signaturePacket.signatureType;\n onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;\n onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;\n onePassSig.issuerKeyID = signaturePacket.issuerKeyID;\n onePassSig.salt = signaturePacket.salt; // v6 only\n onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only\n\n onePassSig.flags = isLast ? 1 : 0;\n return onePassSig;\n }\n\n constructor() {\n /** A one-octet version number. The current versions are 3 and 6. */\n this.version = null;\n /**\n * A one-octet signature type.\n * Signature types are described in\n * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.\n * @type {enums.signature}\n\n */\n this.signatureType = null;\n /**\n * A one-octet number describing the hash algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}\n * @type {enums.hash}\n */\n this.hashAlgorithm = null;\n /**\n * A one-octet number describing the public-key algorithm used.\n * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}\n * @type {enums.publicKey}\n */\n this.publicKeyAlgorithm = null;\n /** Only for v6, a variable-length field containing the salt. */\n this.salt = null;\n /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */\n this.issuerKeyID = null;\n /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */\n this.issuerFingerprint = null;\n /**\n * A one-octet number holding a flag showing whether the signature is nested.\n * A zero value indicates that the next packet is another One-Pass Signature packet\n * that describes another signature to be applied to the same message data.\n */\n this.flags = null;\n }\n\n /**\n * parsing function for a one-pass signature packet (tag 4).\n * @param {Uint8Array} bytes - Payload of a tag 4 packet\n * @returns {OnePassSignaturePacket} Object representation.\n */\n read(bytes) {\n let mypos = 0;\n // A one-octet version number. The current versions are 3 or 6.\n this.version = bytes[mypos++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`);\n }\n\n // A one-octet signature type. Signature types are described in\n // Section 5.2.1.\n this.signatureType = bytes[mypos++];\n\n // A one-octet number describing the hash algorithm used.\n this.hashAlgorithm = bytes[mypos++];\n\n // A one-octet number describing the public-key algorithm used.\n this.publicKeyAlgorithm = bytes[mypos++];\n\n if (this.version === 6) {\n // Only for v6 signatures, a variable-length field containing:\n\n // A one-octet salt size. The value MUST match the value defined\n // for the hash algorithm as specified in Table 23 (Hash algorithm registry).\n // To allow parsing unknown hash algos, we only check the expected salt length when verifying.\n const saltLength = bytes[mypos++];\n\n // The salt; a random value value of the specified size.\n this.salt = bytes.subarray(mypos, mypos + saltLength);\n mypos += saltLength;\n\n // Only for v6 packets, 32 octets of the fingerprint of the signing key.\n this.issuerFingerprint = bytes.subarray(mypos, mypos + 32);\n mypos += 32;\n this.issuerKeyID = new KeyID();\n // For v6 the Key ID is the high-order 64 bits of the fingerprint.\n this.issuerKeyID.read(this.issuerFingerprint);\n } else {\n // Only for v3 packets, an eight-octet number holding the Key ID of the signing key.\n this.issuerKeyID = new KeyID();\n this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8));\n mypos += 8;\n }\n\n // A one-octet number holding a flag showing whether the signature\n // is nested. A zero value indicates that the next packet is\n // another One-Pass Signature packet that describes another\n // signature to be applied to the same message data.\n this.flags = bytes[mypos++];\n return this;\n }\n\n /**\n * creates a string representation of a one-pass signature packet\n * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet.\n */\n write() {\n const arr = [new Uint8Array([\n this.version,\n this.signatureType,\n this.hashAlgorithm,\n this.publicKeyAlgorithm\n ])];\n if (this.version === 6) {\n arr.push(\n new Uint8Array([this.salt.length]),\n this.salt,\n this.issuerFingerprint\n );\n } else {\n arr.push(this.issuerKeyID.write());\n }\n arr.push(new Uint8Array([this.flags]));\n return util.concatUint8Array(arr);\n }\n\n calculateTrailer(...args) {\n return stream.fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args));\n }\n\n async verify() {\n const correspondingSig = await this.correspondingSig;\n if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) {\n throw new Error('Corresponding signature packet missing');\n }\n if (\n correspondingSig.signatureType !== this.signatureType ||\n correspondingSig.hashAlgorithm !== this.hashAlgorithm ||\n correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||\n !correspondingSig.issuerKeyID.equals(this.issuerKeyID) ||\n (this.version === 3 && correspondingSig.version === 6) ||\n (this.version === 6 && correspondingSig.version !== 6) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) ||\n (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt))\n ) {\n throw new Error('Corresponding signature packet does not match one-pass signature packet');\n }\n correspondingSig.hashed = this.hashed;\n return correspondingSig.verify.apply(correspondingSig, arguments);\n }\n}\n\nOnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;\nOnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;\nOnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;\n\nexport default OnePassSignaturePacket;\n","import * as stream from '@openpgp/web-stream-tools';\nimport {\n readPackets, supportsStreaming,\n writeTag, writeHeader,\n writePartialLength, writeSimpleLength,\n UnparseablePacket,\n UnsupportedError,\n UnknownPacketError\n} from './packet';\nimport util from '../util';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * Instantiate a new packet given its tag\n * @function newPacketFromTag\n * @param {module:enums.packet} tag - Property value from {@link module:enums.packet}\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @returns {Object} New packet object with type based on tag\n * @throws {Error|UnsupportedError} for disallowed or unknown packets\n */\nexport function newPacketFromTag(tag, allowedPackets) {\n if (!allowedPackets[tag]) {\n // distinguish between disallowed packets and unknown ones\n let packetType;\n try {\n packetType = enums.read(enums.packet, tag);\n } catch (e) {\n throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`);\n }\n throw new Error(`Packet not allowed in this context: ${packetType}`);\n }\n return new allowedPackets[tag]();\n}\n\n/**\n * This class represents a list of openpgp packets.\n * Take care when iterating over it - the packets themselves\n * are stored as numerical indices.\n * @extends Array\n */\nclass PacketList extends Array {\n /**\n * Parses the given binary data and returns a list of packets.\n * Equivalent to calling `read` on an empty PacketList instance.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @returns {PacketList} parsed list of packets\n * @throws on parsing errors\n * @async\n */\n static async fromBinary(bytes, allowedPackets, config = defaultConfig) {\n const packets = new PacketList();\n await packets.read(bytes, allowedPackets, config);\n return packets;\n }\n\n /**\n * Reads a stream of binary data and interprets it as a list of packets.\n * @param {Uint8Array | ReadableStream} bytes - binary data to parse\n * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class\n * @param {Object} [config] - full configuration, defaults to openpgp.config\n * @throws on parsing errors\n * @async\n */\n async read(bytes, allowedPackets, config = defaultConfig) {\n if (config.additionalAllowedPackets.length) {\n allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };\n }\n this.stream = stream.transformPair(bytes, async (readable, writable) => {\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n await writer.ready;\n const done = await readPackets(readable, async parsed => {\n try {\n if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) {\n // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed:\n // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145\n // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10\n // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21\n return;\n }\n const packet = newPacketFromTag(parsed.tag, allowedPackets);\n packet.packets = new PacketList();\n packet.fromStream = util.isStream(parsed.packet);\n await packet.read(parsed.packet, config);\n await writer.write(packet);\n } catch (e) {\n // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence,\n // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored.\n // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical.\n if (e instanceof UnknownPacketError) {\n if (parsed.tag <= 39) {\n await writer.abort(e);\n } else {\n return;\n }\n }\n\n const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;\n const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);\n if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {\n // The packets that support streaming are the ones that contain message data.\n // Those are also the ones we want to be more strict about and throw on parse errors\n // (since we likely cannot process the message without these packets anyway).\n await writer.abort(e);\n } else {\n const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet);\n await writer.write(unparsedPacket);\n }\n util.printDebugError(e);\n }\n });\n if (done) {\n await writer.ready;\n await writer.close();\n return;\n }\n }\n } catch (e) {\n await writer.abort(e);\n }\n });\n\n // Wait until first few packets have been read\n const reader = stream.getReader(this.stream);\n while (true) {\n const { done, value } = await reader.read();\n if (!done) {\n this.push(value);\n } else {\n this.stream = null;\n }\n if (done || supportsStreaming(value.constructor.tag)) {\n break;\n }\n }\n reader.releaseLock();\n }\n\n /**\n * Creates a binary representation of openpgp objects contained within the\n * class instance.\n * @returns {Uint8Array} A Uint8Array containing valid openpgp packets.\n */\n write() {\n const arr = [];\n\n for (let i = 0; i < this.length; i++) {\n const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag;\n const packetbytes = this[i].write();\n if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) {\n let buffer = [];\n let bufferLength = 0;\n const minLength = 512;\n arr.push(writeTag(tag));\n arr.push(stream.transform(packetbytes, value => {\n buffer.push(value);\n bufferLength += value.length;\n if (bufferLength >= minLength) {\n const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30);\n const chunkSize = 2 ** powerOf2;\n const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer));\n buffer = [bufferConcat.subarray(1 + chunkSize)];\n bufferLength = buffer[0].length;\n return bufferConcat.subarray(0, 1 + chunkSize);\n }\n }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer))));\n } else {\n if (util.isStream(packetbytes)) {\n let length = 0;\n arr.push(stream.transform(stream.clone(packetbytes), value => {\n length += value.length;\n }, () => writeHeader(tag, length)));\n } else {\n arr.push(writeHeader(tag, packetbytes.length));\n }\n arr.push(packetbytes);\n }\n }\n\n return util.concat(arr);\n }\n\n /**\n * Creates a new PacketList with all packets matching the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {PacketList}\n */\n filterByTag(...tags) {\n const filtered = new PacketList();\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(this[i].constructor.tag))) {\n filtered.push(this[i]);\n }\n }\n\n return filtered;\n }\n\n /**\n * Traverses packet list and returns first packet with matching tag\n * @param {module:enums.packet} tag - The packet tag\n * @returns {Packet|undefined}\n */\n findPacket(tag) {\n return this.find(packet => packet.constructor.tag === tag);\n }\n\n /**\n * Find indices of packets with the given tag(s)\n * @param {...module:enums.packet} tags - packet tags to look for\n * @returns {Integer[]} packet indices\n */\n indexOfTag(...tags) {\n const tagIndex = [];\n const that = this;\n\n const handle = tag => packetType => tag === packetType;\n\n for (let i = 0; i < this.length; i++) {\n if (tags.some(handle(that[i].constructor.tag))) {\n tagIndex.push(i);\n }\n }\n return tagIndex;\n }\n}\n\nexport default PacketList;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { Inflate, Deflate, Zlib, Unzlib } from 'fflate';\nimport * as stream from '@openpgp/web-stream-tools';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A Compressed Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Compressed Data Packet (Tag 8)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}:\n * The Compressed Data packet contains compressed data. Typically,\n * this packet is found as the contents of an encrypted packet, or following\n * a Signature or One-Pass Signature packet, and contains a literal data packet.\n */\nclass CompressedDataPacket {\n static get tag() {\n return enums.packet.compressedData;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n /**\n * List of packets\n * @type {PacketList}\n */\n this.packets = null;\n /**\n * Compression algorithm\n * @type {enums.compression}\n */\n this.algorithm = config.preferredCompressionAlgorithm;\n\n /**\n * Compressed packet data\n * @type {Uint8Array | ReadableStream}\n */\n this.compressed = null;\n }\n\n /**\n * Parsing function for the packet.\n * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async read(bytes, config = defaultConfig) {\n await stream.parse(bytes, async reader => {\n\n // One octet that gives the algorithm used to compress the packet.\n this.algorithm = await reader.readByte();\n\n // Compressed data, which makes up the remainder of the packet.\n this.compressed = reader.remainder();\n\n await this.decompress(config);\n });\n }\n\n\n /**\n * Return the compressed packet.\n * @returns {Uint8Array | ReadableStream} Binary compressed packet.\n */\n write() {\n if (this.compressed === null) {\n this.compress();\n }\n\n return util.concat([new Uint8Array([this.algorithm]), this.compressed]);\n }\n\n\n /**\n * Decompression method for decompressing the compressed data\n * read by read_packet\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async decompress(config = defaultConfig) {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async\n if (!decompressionFn) {\n throw new Error(`${compressionName} decompression not supported`);\n }\n\n this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets, config);\n }\n\n /**\n * Compress the packet data (member decompressedData)\n */\n compress() {\n const compressionName = enums.read(enums.compression, this.algorithm);\n const compressionFn = compress_fns[compressionName];\n if (!compressionFn) {\n throw new Error(`${compressionName} compression not supported`);\n }\n\n this.compressed = compressionFn(this.packets.write());\n }\n}\n\nexport default CompressedDataPacket;\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n/**\n * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise.\n * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator\n * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor\n * @returns {ReadableStream} compressed or decompressed data\n */\nfunction zlib(compressionStreamInstantiator, ZlibStreamedConstructor) {\n return data => {\n if (!util.isStream(data) || stream.isArrayStream(data)) {\n return stream.fromAsync(() => stream.readToEnd(data).then(inputData => {\n return new Promise((resolve, reject) => {\n const zlibStream = new ZlibStreamedConstructor();\n zlibStream.ondata = processedData => {\n resolve(processedData);\n };\n try {\n zlibStream.push(inputData, true); // only one chunk to push\n } catch (err) {\n reject(err);\n }\n });\n }));\n }\n\n // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API)\n if (compressionStreamInstantiator) {\n try {\n const compressorOrDecompressor = compressionStreamInstantiator();\n return data.pipeThrough(compressorOrDecompressor);\n } catch (err) {\n // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate.\n if (err.name !== 'TypeError') {\n throw err;\n }\n }\n }\n\n // JS fallback\n const inputReader = data.getReader();\n const zlibStream = new ZlibStreamedConstructor();\n\n return new ReadableStream({\n async start(controller) {\n zlibStream.ondata = async (value, isLast) => {\n controller.enqueue(value);\n if (isLast) {\n controller.close();\n }\n };\n\n while (true) {\n const { done, value } = await inputReader.read();\n if (done) {\n zlibStream.push(new Uint8Array(), true);\n return;\n } else if (value.length) {\n zlibStream.push(value);\n }\n }\n }\n });\n };\n}\n\nfunction bzip2Decompress() {\n return async function(data) {\n const { decode: bunzipDecode } = await import('@openpgp/seek-bzip');\n return stream.fromAsync(async () => bunzipDecode(await stream.readToEnd(data)));\n };\n}\n\n/**\n * Get Compression Stream API instatiators if the constructors are implemented.\n * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported\n * (supported formats cannot be determined in advance).\n * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat\n * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }}\n */\nconst getCompressionStreamInstantiators = compressionFormat => ({\n compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)),\n decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat))\n});\n\nconst compress_fns = {\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib)\n};\n\nconst decompress_fns = {\n uncompressed: data => data,\n zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate),\n zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib),\n bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import\n};\n\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\nimport { UnsupportedError } from './packet';\n\n// A SEIP packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}:\n * The Symmetrically Encrypted Integrity Protected Data packet is\n * a variant of the Symmetrically Encrypted Data packet. It is a new feature\n * created for OpenPGP that addresses the problem of detecting a modification to\n * encrypted data. It is used in combination with a Modification Detection Code\n * packet.\n */\nclass SymEncryptedIntegrityProtectedDataPacket {\n static get tag() {\n return enums.packet.symEncryptedIntegrityProtectedData;\n }\n\n static fromObject({ version, aeadAlgorithm }) {\n if (version !== 1 && version !== 2) {\n throw new Error('Unsupported SEIPD version');\n }\n\n const seip = new SymEncryptedIntegrityProtectedDataPacket();\n seip.version = version;\n if (version === 2) {\n seip.aeadAlgorithm = aeadAlgorithm;\n }\n\n return seip;\n }\n\n constructor() {\n this.version = null;\n\n // The following 4 fields are for V2 only.\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = null;\n this.chunkSizeByte = null;\n this.salt = null;\n\n this.encrypted = null;\n this.packets = null;\n }\n\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n this.version = await reader.readByte();\n // - A one-octet version number with value 1 or 2.\n if (this.version !== 1 && this.version !== 2) {\n throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`);\n }\n\n if (this.version === 2) {\n // - A one-octet cipher algorithm.\n this.cipherAlgorithm = await reader.readByte();\n // - A one-octet AEAD algorithm.\n this.aeadAlgorithm = await reader.readByte();\n // - A one-octet chunk size.\n this.chunkSizeByte = await reader.readByte();\n // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique.\n this.salt = await reader.readBytes(32);\n }\n\n // For V1:\n // - Encrypted data, the output of the selected symmetric-key cipher\n // operating in Cipher Feedback mode with shift amount equal to the\n // block size of the cipher (CFB-n where n is the block size).\n // For V2:\n // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode.\n // - A final, summary authentication tag for the AEAD mode.\n this.encrypted = reader.remainder();\n });\n }\n\n write() {\n if (this.version === 2) {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]);\n }\n return util.concat([new Uint8Array([this.version]), this.encrypted]);\n }\n\n /**\n * Encrypt the payload in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on encryption failure\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n const { blockSize, keySize } = crypto.getCipherParams(sessionKeyAlgorithm);\n if (key.length !== keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let bytes = this.packets.write();\n if (stream.isArrayStream(bytes)) bytes = await stream.readToEnd(bytes);\n\n if (this.version === 2) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n this.salt = crypto.random.getRandomBytes(32);\n this.chunkSizeByte = config.aeadChunkSizeByte;\n this.encrypted = await runAEAD(this, 'encrypt', key, bytes);\n } else {\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet\n\n const tohash = util.concat([prefix, bytes, mdc]);\n const hash = await crypto.hash.sha1(stream.passiveClone(tohash));\n const plaintext = util.concat([tohash, hash]);\n\n this.encrypted = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config);\n }\n return true;\n }\n\n /**\n * Decrypts the encrypted data contained in the packet.\n * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} on decryption failure\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // We check that the session key size matches the one expected by the symmetric algorithm.\n // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size,\n // but we want to ensure that the input key isn't e.g. too short.\n // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm,\n // which is instead included in the SEIPDv2 data.\n if (key.length !== crypto.getCipherParams(sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n\n let encrypted = stream.clone(this.encrypted);\n if (stream.isArrayStream(encrypted)) encrypted = await stream.readToEnd(encrypted);\n\n let packetbytes;\n if (this.version === 2) {\n if (this.cipherAlgorithm !== sessionKeyAlgorithm) {\n // sanity check\n throw new Error('Unexpected session key algorithm');\n }\n packetbytes = await runAEAD(this, 'decrypt', key, encrypted);\n } else {\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize));\n\n // there must be a modification detection code packet as the\n // last packet and everything gets hashed except the hash itself\n const realHash = stream.slice(stream.passiveClone(decrypted), -20);\n const tohash = stream.slice(decrypted, 0, -20);\n const verifyHash = Promise.all([\n stream.readToEnd(await crypto.hash.sha1(stream.passiveClone(tohash))),\n stream.readToEnd(realHash)\n ]).then(([hash, mdc]) => {\n if (!util.equalsUint8Array(hash, mdc)) {\n throw new Error('Modification detected.');\n }\n return new Uint8Array();\n });\n const bytes = stream.slice(tohash, blockSize + 2); // Remove random prefix\n packetbytes = stream.slice(bytes, 0, -2); // Remove MDC packet\n packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);\n if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) {\n packetbytes = await stream.readToEnd(packetbytes);\n }\n }\n\n this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config);\n return true;\n }\n}\n\nexport default SymEncryptedIntegrityProtectedDataPacket;\n\n/**\n * En/decrypt the payload.\n * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt\n * @param {Uint8Array} key - The session key used to en/decrypt the payload\n * @param {Uint8Array | ReadableStream} data - The data to en/decrypt\n * @returns {Promise>}\n * @async\n */\nexport async function runAEAD(packet, fn, key, data) {\n const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2;\n const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import)\n if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type');\n\n const mode = crypto.getAEADMode(packet.aeadAlgorithm);\n const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0;\n const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0;\n const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6))\n const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0;\n const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP);\n const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP);\n const adataTagArray = new Uint8Array(adataBuffer);\n const adataView = new DataView(adataBuffer);\n const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);\n adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0);\n let chunkIndex = 0;\n let latestPromise = Promise.resolve();\n let cryptedBytes = 0;\n let queuedBytes = 0;\n let iv;\n let ivView;\n if (isSEIPDv2) {\n const { keySize } = crypto.getCipherParams(packet.cipherAlgorithm);\n const { ivLength } = mode;\n const info = new Uint8Array(adataBuffer, 0, 5);\n const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength);\n key = derived.subarray(0, keySize);\n iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy.\n iv.fill(0, iv.length - 8);\n ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength);\n } else { // AEADEncryptedDataPacket\n iv = packet.iv;\n // ivView is unused in this case\n }\n const modeInstance = await mode(packet.cipherAlgorithm, key);\n return stream.transformPair(data, async (readable, writable) => {\n if (util.isStream(readable) !== 'array') {\n const buffer = new TransformStream({}, {\n highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6),\n size: array => array.length\n });\n stream.pipe(buffer.readable, writable);\n writable = buffer.writable;\n }\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n while (true) {\n let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array();\n const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting);\n chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting);\n let cryptedPromise;\n let done;\n let nonce;\n if (isSEIPDv2) { // SEIPD V2\n nonce = iv;\n } else { // AEADEncryptedDataPacket\n nonce = iv.slice();\n for (let i = 0; i < 8; i++) {\n nonce[iv.length - 8 + i] ^= chunkIndexArray[i];\n }\n }\n if (!chunkIndex || chunk.length) {\n reader.unshift(finalChunk);\n cryptedPromise = modeInstance[fn](chunk, nonce, adataArray);\n cryptedPromise.catch(() => {});\n queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting;\n } else {\n // After the last chunk, we either encrypt a final, empty\n // data chunk to get the final authentication tag or\n // validate that final authentication tag.\n adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...)\n cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray);\n cryptedPromise.catch(() => {});\n queuedBytes += tagLengthIfEncrypting;\n done = true;\n }\n cryptedBytes += chunk.length - tagLengthIfDecrypting;\n // eslint-disable-next-line @typescript-eslint/no-loop-func\n latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {\n await writer.ready;\n await writer.write(crypted);\n queuedBytes -= crypted.length;\n }).catch(err => writer.abort(err));\n if (done || queuedBytes > writer.desiredSize) {\n await latestPromise; // Respect backpressure\n }\n if (!done) {\n if (isSEIPDv2) { // SEIPD V2\n ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...)\n } else { // AEADEncryptedDataPacket\n adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...)\n }\n } else {\n await writer.close();\n break;\n }\n }\n } catch (e) {\n await writer.ready.catch(() => {});\n await writer.abort(e);\n }\n });\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError } from './packet';\nimport { runAEAD } from './sym_encrypted_integrity_protected_data';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// An AEAD-encrypted Data packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\nconst VERSION = 1; // A one-octet version number of the data packet.\n\n/**\n * Implementation of the Symmetrically Encrypted Authenticated Encryption with\n * Additional Data (AEAD) Protected Data Packet\n *\n * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}:\n * AEAD Protected Data Packet\n */\nclass AEADEncryptedDataPacket {\n static get tag() {\n return enums.packet.aeadEncryptedData;\n }\n\n constructor() {\n this.version = VERSION;\n /** @type {enums.symmetric} */\n this.cipherAlgorithm = null;\n /** @type {enums.aead} */\n this.aeadAlgorithm = enums.aead.eax;\n this.chunkSizeByte = null;\n this.iv = null;\n this.encrypted = null;\n this.packets = null;\n }\n\n /**\n * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @param {Uint8Array | ReadableStream} bytes\n * @throws {Error} on parsing failure\n */\n async read(bytes) {\n await stream.parse(bytes, async reader => {\n const version = await reader.readByte();\n if (version !== VERSION) { // The only currently defined value is 1.\n throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`);\n }\n this.cipherAlgorithm = await reader.readByte();\n this.aeadAlgorithm = await reader.readByte();\n this.chunkSizeByte = await reader.readByte();\n\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = await reader.readBytes(mode.ivLength);\n this.encrypted = reader.remainder();\n });\n }\n\n /**\n * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification)\n * @returns {Uint8Array | ReadableStream} The encrypted payload.\n */\n write() {\n return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]);\n }\n\n /**\n * Decrypt the encrypted payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.packets = await PacketList.fromBinary(\n await runAEAD(this, 'decrypt', key, stream.clone(this.encrypted)),\n allowedPackets,\n config\n );\n }\n\n /**\n * Encrypt the packet payload.\n * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm\n * @param {Uint8Array} key - The session key used to encrypt the payload\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n this.cipherAlgorithm = sessionKeyAlgorithm;\n\n const { ivLength } = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(ivLength); // generate new random IV\n this.chunkSizeByte = config.aeadChunkSizeByte;\n const data = this.packets.write();\n this.encrypted = await runAEAD(this, 'encrypt', key, data);\n }\n}\n\nexport default AEADEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Public-Key Encrypted Session Key Packets (Tag 1)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}:\n * A Public-Key Encrypted Session Key packet holds the session key\n * used to encrypt a message. Zero or more Public-Key Encrypted Session Key\n * packets and/or Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data Packet, which holds an encrypted message. The\n * message is encrypted with the session key, and the session key is itself\n * encrypted and stored in the Encrypted Session Key packet(s). The\n * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted\n * Session Key packet for each OpenPGP key to which the message is encrypted.\n * The recipient of the message finds a session key that is encrypted to their\n * public key, decrypts the session key, and then uses the session key to\n * decrypt the message.\n */\nclass PublicKeyEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.publicKeyEncryptedSessionKey;\n }\n\n constructor() {\n this.version = null;\n\n // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()`\n this.publicKeyID = new KeyID();\n\n // For version 6:\n this.publicKeyVersion = null;\n this.publicKeyFingerprint = null;\n\n // For all versions:\n this.publicKeyAlgorithm = null;\n\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n\n /** @type {Object} */\n this.encrypted = {};\n }\n\n static fromObject({\n version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm\n }) {\n const pkesk = new PublicKeyEncryptedSessionKeyPacket();\n\n if (version !== 3 && version !== 6) {\n throw new Error('Unsupported PKESK version');\n }\n\n pkesk.version = version;\n\n if (version === 6) {\n pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version;\n pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes();\n }\n\n pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID();\n pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm;\n pkesk.sessionKey = sessionKey;\n pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm;\n\n return pkesk;\n }\n\n /**\n * Parsing function for a publickey encrypted session key packet (tag 1).\n *\n * @param {Uint8Array} bytes - Payload of a tag 1 packet\n */\n read(bytes) {\n let offset = 0;\n this.version = bytes[offset++];\n if (this.version !== 3 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`);\n }\n if (this.version === 6) {\n // A one-octet size of the following two fields:\n // - A one octet key version number.\n // - The fingerprint of the public key or subkey to which the session key is encrypted.\n // The size may also be zero.\n const versionAndFingerprintLength = bytes[offset++];\n if (versionAndFingerprintLength) {\n this.publicKeyVersion = bytes[offset++];\n const fingerprintLength = versionAndFingerprintLength - 1;\n this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength;\n if (this.publicKeyVersion >= 5) {\n // For v5/6 the Key ID is the high-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint);\n } else {\n // For v4 The Key ID is the low-order 64 bits of the fingerprint.\n this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8));\n }\n } else {\n // The size may also be zero, and the key version and\n // fingerprint omitted for an \"anonymous recipient\"\n this.publicKeyID = KeyID.wildcard();\n }\n } else {\n offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8));\n }\n this.publicKeyAlgorithm = bytes[offset++];\n this.encrypted = crypto.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset));\n if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) {\n if (this.version === 3) {\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm);\n } else if (this.encrypted.C.algorithm !== null) {\n throw new Error('Unexpected cleartext symmetric algorithm');\n }\n }\n }\n\n /**\n * Create a binary representation of a tag 1 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const arr = [\n new Uint8Array([this.version])\n ];\n\n if (this.version === 6) {\n if (this.publicKeyFingerprint !== null) {\n arr.push(new Uint8Array([\n this.publicKeyFingerprint.length + 1,\n this.publicKeyVersion]\n ));\n arr.push(this.publicKeyFingerprint);\n } else {\n arr.push(new Uint8Array([0]));\n }\n } else {\n arr.push(this.publicKeyID.write());\n }\n\n arr.push(\n new Uint8Array([this.publicKeyAlgorithm]),\n crypto.serializeParams(this.publicKeyAlgorithm, this.encrypted)\n );\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Encrypt session key packet\n * @param {PublicKeyPacket} key - Public key\n * @throws {Error} if encryption failed\n * @async\n */\n async encrypt(key) {\n const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm);\n // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a\n // v6 PKESK packet, as it is included in the v2 SEIPD packet.\n const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);\n this.encrypted = await crypto.publicKeyEncrypt(\n algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);\n }\n\n /**\n * Decrypts the session key (only for public key encrypted session key packets (tag 1)\n * @param {SecretKeyPacket} key - decrypted private key\n * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size.\n * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric }\n * @throws {Error} if decryption failed, unless `randomSessionKey` is given\n * @async\n */\n async decrypt(key, randomSessionKey) {\n // check that session key algo matches the secret key algo\n if (this.publicKeyAlgorithm !== key.algorithm) {\n throw new Error('Decryption error');\n }\n\n const randomPayload = randomSessionKey ?\n encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :\n null;\n const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();\n const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);\n\n const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);\n\n if (this.version === 3) {\n // v3 Montgomery curves have cleartext cipher algo\n const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448;\n this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm;\n\n if (sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n }\n this.sessionKey = sessionKey;\n }\n}\n\nexport default PublicKeyEncryptedSessionKeyPacket;\n\n\nfunction encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n // add checksum\n return util.concatUint8Array([\n new Uint8Array(version === 6 ? [] : [cipherAlgo]),\n sessionKeyData,\n util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8))\n ]);\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return sessionKeyData;\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n\n\nfunction decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) {\n switch (keyAlgo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh: {\n // verify checksum in constant time\n const result = decryptedData.subarray(0, decryptedData.length - 2);\n const checksum = decryptedData.subarray(decryptedData.length - 2);\n const computedChecksum = util.writeChecksum(result.subarray(result.length % 8));\n const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1];\n const decryptedSessionKey = version === 6 ?\n { sessionKeyAlgorithm: null, sessionKey: result } :\n { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) };\n if (randomSessionKey) {\n // We must not leak info about the validity of the decrypted checksum or cipher algo.\n // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data.\n const isValidPayload = isValidChecksum &\n decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm &\n decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length;\n return {\n sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey),\n sessionKeyAlgorithm: version === 6 ? null : util.selectUint8(\n isValidPayload,\n decryptedSessionKey.sessionKeyAlgorithm,\n randomSessionKey.sessionKeyAlgorithm\n )\n };\n } else {\n const isValidPayload = isValidChecksum && (\n version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm));\n if (isValidPayload) {\n return decryptedSessionKey;\n } else {\n throw new Error('Decryption error');\n }\n }\n }\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n return {\n sessionKeyAlgorithm: null,\n sessionKey: decryptedData\n };\n default:\n throw new Error('Unsupported public key algorithm');\n }\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport computeHKDF from '../crypto/hkdf';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Symmetric-Key Encrypted Session Key Packets (Tag 3)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}:\n * The Symmetric-Key Encrypted Session Key packet holds the\n * symmetric-key encryption of a session key used to encrypt a message.\n * Zero or more Public-Key Encrypted Session Key packets and/or\n * Symmetric-Key Encrypted Session Key packets may precede a\n * Symmetrically Encrypted Data packet that holds an encrypted message.\n * The message is encrypted with a session key, and the session key is\n * itself encrypted and stored in the Encrypted Session Key packet or\n * the Symmetric-Key Encrypted Session Key packet.\n */\nclass SymEncryptedSessionKeyPacket {\n static get tag() {\n return enums.packet.symEncryptedSessionKey;\n }\n\n /**\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(config = defaultConfig) {\n this.version = config.aeadProtect ? 6 : 4;\n this.sessionKey = null;\n /**\n * Algorithm to encrypt the session key with\n * @type {enums.symmetric}\n */\n this.sessionKeyEncryptionAlgorithm = null;\n /**\n * Algorithm to encrypt the message with\n * @type {enums.symmetric}\n */\n this.sessionKeyAlgorithm = null;\n /**\n * AEAD mode to encrypt the session key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aeadAlgorithm = enums.write(enums.aead, config.preferredAEADAlgorithm);\n this.encrypted = null;\n this.s2k = null;\n this.iv = null;\n }\n\n /**\n * Parsing function for a symmetric encrypted session key packet (tag 3).\n *\n * @param {Uint8Array} bytes - Payload of a tag 3 packet\n */\n read(bytes) {\n let offset = 0;\n\n // A one-octet version number with value 4, 5 or 6.\n this.version = bytes[offset++];\n if (this.version !== 4 && this.version !== 5 && this.version !== 6) {\n throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`);\n }\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following 5 fields.\n offset++;\n }\n\n // A one-octet number describing the symmetric algorithm used.\n const algo = bytes[offset++];\n\n if (this.version >= 5) {\n // A one-octet AEAD algorithm.\n this.aeadAlgorithm = bytes[offset++];\n\n if (this.version === 6) {\n // A one-octet scalar octet count of the following field.\n offset++;\n }\n }\n\n // A string-to-key (S2K) specifier, length as defined above.\n const s2kType = bytes[offset++];\n this.s2k = newS2KFromType(s2kType);\n offset += this.s2k.read(bytes.subarray(offset, bytes.length));\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n\n // A starting initialization vector of size specified by the AEAD\n // algorithm.\n this.iv = bytes.subarray(offset, offset += mode.ivLength);\n }\n\n // The encrypted session key itself, which is decrypted with the\n // string-to-key object. This is optional in version 4.\n if (this.version >= 5 || offset < bytes.length) {\n this.encrypted = bytes.subarray(offset, bytes.length);\n this.sessionKeyEncryptionAlgorithm = algo;\n } else {\n this.sessionKeyAlgorithm = algo;\n }\n }\n\n /**\n * Create a binary representation of a tag 3 packet\n *\n * @returns {Uint8Array} The Uint8Array representation.\n */\n write() {\n const algo = this.encrypted === null ?\n this.sessionKeyAlgorithm :\n this.sessionKeyEncryptionAlgorithm;\n\n let bytes;\n\n const s2k = this.s2k.write();\n if (this.version === 6) {\n const s2kLen = s2k.length;\n const fieldsLen = 3 + s2kLen + this.iv.length;\n bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]);\n } else if (this.version === 5) {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]);\n } else {\n bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]);\n\n if (this.encrypted !== null) {\n bytes = util.concatUint8Array([bytes, this.encrypted]);\n }\n }\n\n return bytes;\n }\n\n /**\n * Decrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata);\n } else if (this.encrypted !== null) {\n const decrypted = await crypto.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize));\n\n this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]);\n this.sessionKey = decrypted.subarray(1, decrypted.length);\n if (this.sessionKey.length !== crypto.getCipherParams(this.sessionKeyAlgorithm).keySize) {\n throw new Error('Unexpected session key size');\n }\n } else {\n // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo\n this.sessionKey = key;\n }\n }\n\n /**\n * Encrypts the session key with the given passphrase\n * @param {String} passphrase - The passphrase in string form\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n const algo = this.sessionKeyEncryptionAlgorithm !== null ?\n this.sessionKeyEncryptionAlgorithm :\n this.sessionKeyAlgorithm;\n\n this.sessionKeyEncryptionAlgorithm = algo;\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n\n const { blockSize, keySize } = crypto.getCipherParams(algo);\n const key = await this.s2k.produceKey(passphrase, keySize);\n\n if (this.sessionKey === null) {\n this.sessionKey = crypto.generateSessionKey(this.sessionKeyAlgorithm);\n }\n\n if (this.version >= 5) {\n const mode = crypto.getAEADMode(this.aeadAlgorithm);\n this.iv = crypto.random.getRandomBytes(mode.ivLength); // generate new random IV\n const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]);\n const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key;\n const modeInstance = await mode(algo, encryptionKey);\n this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata);\n } else {\n const toEncrypt = util.concatUint8Array([\n new Uint8Array([this.sessionKeyAlgorithm]),\n this.sessionKey\n ]);\n this.encrypted = await crypto.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config);\n }\n }\n}\n\nexport default SymEncryptedSessionKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport KeyID from '../type/keyid';\nimport defaultConfig from '../config';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Key Material Packet (Tag 5,6,7,14)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}:\n * A key material packet contains all the information about a public or\n * private key. There are four variants of this packet type, and two\n * major versions.\n *\n * A Public-Key packet starts a series of packets that forms an OpenPGP\n * key (sometimes called an OpenPGP certificate).\n */\nclass PublicKeyPacket {\n static get tag() {\n return enums.packet.publicKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n /**\n * Packet version\n * @type {Integer}\n */\n this.version = config.v6Keys ? 6 : 4;\n /**\n * Key creation date.\n * @type {Date}\n */\n this.created = util.normalizeDate(date);\n /**\n * Public key algorithm.\n * @type {enums.publicKey}\n */\n this.algorithm = null;\n /**\n * Algorithm specific public params\n * @type {Object}\n */\n this.publicParams = null;\n /**\n * Time until expiration in days (V3 only)\n * @type {Integer}\n */\n this.expirationTimeV3 = 0;\n /**\n * Fingerprint bytes\n * @type {Uint8Array}\n */\n this.fingerprint = null;\n /**\n * KeyID\n * @type {module:type/keyid~KeyID}\n */\n this.keyID = null;\n }\n\n /**\n * Create a PublicKeyPacket from a SecretKeyPacket\n * @param {SecretKeyPacket} secretKeyPacket - key packet to convert\n * @returns {PublicKeyPacket} public key packet\n * @static\n */\n static fromSecretKeyPacket(secretKeyPacket) {\n const keyPacket = new PublicKeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n\n /**\n * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats}\n * @param {Uint8Array} bytes - Input array to read the packet from\n * @returns {Object} This object with attributes set by the parser\n * @async\n */\n async read(bytes, config = defaultConfig) {\n let pos = 0;\n // A one-octet version number (4, 5 or 6).\n this.version = bytes[pos++];\n if (this.version === 5 && !config.enableParsingV5Entities) {\n throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed');\n }\n\n if (this.version === 4 || this.version === 5 || this.version === 6) {\n // - A four-octet number denoting the time that the key was created.\n this.created = util.readDate(bytes.subarray(pos, pos + 4));\n pos += 4;\n\n // - A one-octet number denoting the public-key algorithm of this key.\n this.algorithm = bytes[pos++];\n\n if (this.version >= 5) {\n // - A four-octet scalar octet count for the following key material.\n pos += 4;\n }\n\n // - A series of values comprising the key material.\n const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos));\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (\n this.version === 6 &&\n publicParams.oid && (\n publicParams.oid.getName() === enums.curve.curve25519Legacy ||\n publicParams.oid.getName() === enums.curve.ed25519Legacy\n )\n ) {\n throw new Error('Legacy curve25519 cannot be used with v6 keys');\n }\n this.publicParams = publicParams;\n pos += read;\n\n // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor\n await this.computeFingerprintAndKeyID();\n return pos;\n }\n throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`);\n }\n\n /**\n * Creates an OpenPGP public key packet for the given key.\n * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet.\n */\n write() {\n const arr = [];\n // Version\n arr.push(new Uint8Array([this.version]));\n arr.push(util.writeDate(this.created));\n // A one-octet number denoting the public-key algorithm of this key\n arr.push(new Uint8Array([this.algorithm]));\n\n const params = crypto.serializeParams(this.algorithm, this.publicParams);\n if (this.version >= 5) {\n // A four-octet scalar octet count for the following key material\n arr.push(util.writeNumber(params.length, 4));\n }\n // Algorithm-specific params\n arr.push(params);\n return util.concatUint8Array(arr);\n }\n\n /**\n * Write packet in order to be hashed; either for a signature or a fingerprint\n * @param {Integer} version - target version of signature or key\n */\n writeForHash(version) {\n const bytes = this.writePublicKey();\n\n const versionOctet = 0x95 + version;\n const lengthOctets = version >= 5 ? 4 : 2;\n return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form. Returns null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return null;\n }\n\n /**\n * Returns the creation time of the key\n * @returns {Date}\n */\n getCreationTime() {\n return this.created;\n }\n\n /**\n * Return the key ID of the key\n * @returns {module:type/keyid~KeyID} The 8-byte key ID\n */\n getKeyID() {\n return this.keyID;\n }\n\n /**\n * Computes and set the key ID and fingerprint of the key\n * @async\n */\n async computeFingerprintAndKeyID() {\n await this.computeFingerprint();\n this.keyID = new KeyID();\n\n if (this.version >= 5) {\n this.keyID.read(this.fingerprint.subarray(0, 8));\n } else if (this.version === 4) {\n this.keyID.read(this.fingerprint.subarray(12, 20));\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Computes and set the fingerprint of the key\n */\n async computeFingerprint() {\n const toHash = this.writeForHash(this.version);\n\n if (this.version >= 5) {\n this.fingerprint = await crypto.hash.sha256(toHash);\n } else if (this.version === 4) {\n this.fingerprint = await crypto.hash.sha1(toHash);\n } else {\n throw new Error('Unsupported key version');\n }\n }\n\n /**\n * Returns the fingerprint of the key, as an array of bytes\n * @returns {Uint8Array} A Uint8Array containing the fingerprint\n */\n getFingerprintBytes() {\n return this.fingerprint;\n }\n\n /**\n * Calculates and returns the fingerprint of the key, as a string\n * @returns {String} A string containing the fingerprint in lowercase hex\n */\n getFingerprint() {\n return util.uint8ArrayToHex(this.getFingerprintBytes());\n }\n\n /**\n * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint\n * @returns {Boolean} Whether the two keys have the same version and public key data.\n */\n hasSameFingerprintAs(other) {\n return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey());\n }\n\n /**\n * Returns algorithm information\n * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}.\n */\n getAlgorithmInfo() {\n const result = {};\n result.algorithm = enums.read(enums.publicKey, this.algorithm);\n // RSA, DSA or ElGamal public modulo\n const modulo = this.publicParams.n || this.publicParams.p;\n if (modulo) {\n result.bits = util.uint8ArrayBitLength(modulo);\n } else if (this.publicParams.oid) {\n result.curve = this.publicParams.oid.getName();\n }\n return result;\n }\n}\n\n/**\n * Alias of read()\n * @see PublicKeyPacket#read\n */\nPublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read;\n\n/**\n * Alias of write()\n * @see PublicKeyPacket#write\n */\nPublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write;\n\nexport default PublicKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nimport LiteralDataPacket from './literal_data';\nimport CompressedDataPacket from './compressed_data';\nimport OnePassSignaturePacket from './one_pass_signature';\nimport SignaturePacket from './signature';\nimport PacketList from './packetlist';\n\n// A SE packet can contain the following packet types\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n\n/**\n * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}:\n * The Symmetrically Encrypted Data packet contains data encrypted with a\n * symmetric-key algorithm. When it has been decrypted, it contains other\n * packets (usually a literal data packet or compressed data packet, but in\n * theory other Symmetrically Encrypted Data packets or sequences of packets\n * that form whole OpenPGP messages).\n */\nclass SymmetricallyEncryptedDataPacket {\n static get tag() {\n return enums.packet.symmetricallyEncryptedData;\n }\n\n constructor() {\n /**\n * Encrypted secret-key data\n */\n this.encrypted = null;\n /**\n * Decrypted packets contained within.\n * @type {PacketList}\n */\n this.packets = null;\n }\n\n read(bytes) {\n this.encrypted = bytes;\n }\n\n write() {\n return this.encrypted;\n }\n\n /**\n * Decrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n\n * @throws {Error} if decryption was not successful\n * @async\n */\n async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error\n if (!config.allowUnauthenticatedMessages) {\n throw new Error('Message is not authenticated.');\n }\n\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n const encrypted = await stream.readToEnd(stream.clone(this.encrypted));\n const decrypted = await crypto.mode.cfb.decrypt(sessionKeyAlgorithm, key,\n encrypted.subarray(blockSize + 2),\n encrypted.subarray(2, blockSize + 2)\n );\n\n this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config);\n }\n\n /**\n * Encrypt the symmetrically-encrypted packet data\n * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.\n * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use\n * @param {Uint8Array} key - The key of cipher blocksize length to be used\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(sessionKeyAlgorithm, key, config = defaultConfig) {\n const data = this.packets.write();\n const { blockSize } = crypto.getCipherParams(sessionKeyAlgorithm);\n\n const prefix = await crypto.getPrefixRandom(sessionKeyAlgorithm);\n const FRE = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config);\n const ciphertext = await crypto.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config);\n this.encrypted = util.concat([FRE, ciphertext]);\n }\n}\n\nexport default SymmetricallyEncryptedDataPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\n\n/**\n * Implementation of the strange \"Marker packet\" (Tag 10)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:\n * An experimental version of PGP used this packet as the Literal\n * packet, but no released version of PGP generated Literal packets with this\n * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as\n * the Marker packet.\n *\n * The body of this packet consists of:\n * The three octets 0x50, 0x47, 0x50 (which spell \"PGP\" in UTF-8).\n *\n * Such a packet MUST be ignored when received. It may be placed at the\n * beginning of a message that uses features not available in PGP\n * version 2.6 in order to cause that version to report that newer\n * software is necessary to process the message.\n */\nclass MarkerPacket {\n static get tag() {\n return enums.packet.marker;\n }\n\n /**\n * Parsing function for a marker data packet (tag 10).\n * @param {Uint8Array} bytes - Payload of a tag 10 packet\n * @returns {Boolean} whether the packet payload contains \"PGP\"\n */\n read(bytes) {\n if (bytes[0] === 0x50 && // P\n bytes[1] === 0x47 && // G\n bytes[2] === 0x50) { // P\n return true;\n }\n return false;\n }\n\n write() {\n return new Uint8Array([0x50, 0x47, 0x50]);\n }\n}\n\nexport default MarkerPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport enums from '../enums';\n\n/**\n * A Public-Subkey packet (tag 14) has exactly the same format as a\n * Public-Key packet, but denotes a subkey. One or more subkeys may be\n * associated with a top-level key. By convention, the top-level key\n * provides signature services, and the subkeys provide encryption\n * services.\n * @extends PublicKeyPacket\n */\nclass PublicSubkeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.publicSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n // eslint-disable-next-line @typescript-eslint/no-useless-constructor\n constructor(date, config) {\n super(date, config);\n }\n\n /**\n * Create a PublicSubkeyPacket from a SecretSubkeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert\n * @returns {SecretSubkeyPacket} public key packet\n * @static\n */\n static fromSecretSubkeyPacket(secretSubkeyPacket) {\n const keyPacket = new PublicSubkeyPacket();\n const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket;\n keyPacket.version = version;\n keyPacket.created = created;\n keyPacket.algorithm = algorithm;\n keyPacket.publicParams = publicParams;\n keyPacket.keyID = keyID;\n keyPacket.fingerprint = fingerprint;\n return keyPacket;\n }\n}\n\nexport default PublicSubkeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { readSimpleLength, writeSimpleLength } from './packet';\nimport enums from '../enums';\nimport util from '../util';\n\n/**\n * Implementation of the User Attribute Packet (Tag 17)\n *\n * The User Attribute packet is a variation of the User ID packet. It\n * is capable of storing more types of data than the User ID packet,\n * which is limited to text. Like the User ID packet, a User Attribute\n * packet may be certified by the key owner (\"self-signed\") or any other\n * key owner who cares to certify it. Except as noted, a User Attribute\n * packet may be used anywhere that a User ID packet may be used.\n *\n * While User Attribute packets are not a required part of the OpenPGP\n * standard, implementations SHOULD provide at least enough\n * compatibility to properly handle a certification signature on the\n * User Attribute packet. A simple way to do this is by treating the\n * User Attribute packet as a User ID packet with opaque contents, but\n * an implementation may use any method desired.\n */\nclass UserAttributePacket {\n static get tag() {\n return enums.packet.userAttribute;\n }\n\n constructor() {\n this.attributes = [];\n }\n\n /**\n * parsing function for a user attribute packet (tag 17).\n * @param {Uint8Array} input - Payload of a tag 17 packet\n */\n read(bytes) {\n let i = 0;\n while (i < bytes.length) {\n const len = readSimpleLength(bytes.subarray(i, bytes.length));\n i += len.offset;\n\n this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len)));\n i += len.len;\n }\n }\n\n /**\n * Creates a binary representation of the user attribute packet\n * @returns {Uint8Array} String representation.\n */\n write() {\n const arr = [];\n for (let i = 0; i < this.attributes.length; i++) {\n arr.push(writeSimpleLength(this.attributes[i].length));\n arr.push(util.stringToUint8Array(this.attributes[i]));\n }\n return util.concatUint8Array(arr);\n }\n\n /**\n * Compare for equality\n * @param {UserAttributePacket} usrAttr\n * @returns {Boolean} True if equal.\n */\n equals(usrAttr) {\n if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) {\n return false;\n }\n return this.attributes.every(function(attr, index) {\n return attr === usrAttr.attributes[index];\n });\n }\n}\n\nexport default UserAttributePacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport PublicKeyPacket from './public_key';\nimport { newS2KFromConfig, newS2KFromType } from '../type/s2k';\nimport crypto from '../crypto';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { UnsupportedError, writeTag } from './packet';\nimport computeHKDF from '../crypto/hkdf';\n\n/**\n * A Secret-Key packet contains all the information that is found in a\n * Public-Key packet, including the public-key material, but also\n * includes the secret-key material after all the public-key fields.\n * @extends PublicKeyPacket\n */\nclass SecretKeyPacket extends PublicKeyPacket {\n static get tag() {\n return enums.packet.secretKey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n /**\n * Secret-key data\n */\n this.keyMaterial = null;\n /**\n * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form.\n */\n this.isEncrypted = null;\n /**\n * S2K usage\n * @type {enums.symmetric}\n */\n this.s2kUsage = 0;\n /**\n * S2K object\n * @type {type/s2k}\n */\n this.s2k = null;\n /**\n * Symmetric algorithm to encrypt the key with\n * @type {enums.symmetric}\n */\n this.symmetric = null;\n /**\n * AEAD algorithm to encrypt the key with (if AEAD protection is enabled)\n * @type {enums.aead}\n */\n this.aead = null;\n /**\n * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis\n * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older).\n * This value is only relevant to know how to decrypt the key:\n * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism.\n * @type {Boolean}\n * @private\n */\n this.isLegacyAEAD = null;\n /**\n * Decrypted private parameters, referenced by name\n * @type {Object}\n */\n this.privateParams = null;\n /**\n * `true` for keys whose integrity is already confirmed, based on\n * the AEAD encryption mechanism\n * @type {Boolean}\n * @private\n */\n this.usedModernAEAD = null;\n }\n\n // 5.5.3. Secret-Key Packet Formats\n\n /**\n * Internal parser for private keys as specified in\n * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3}\n * @param {Uint8Array} bytes - Input string to read the packet from\n * @async\n */\n async read(bytes, config = defaultConfig) {\n // - A Public-Key or Public-Subkey packet, as described above.\n let i = await this.readPublicKey(bytes, config);\n const startOfSecretKeyData = i;\n\n // - One octet indicating string-to-key usage conventions. Zero\n // indicates that the secret-key data is not encrypted. 255 or 254\n // indicates that a string-to-key specifier is being given. Any\n // other value is a symmetric-key encryption algorithm identifier.\n this.s2kUsage = bytes[i++];\n\n // - Only for a version 5 packet, a one-octet scalar octet count of\n // the next 4 optional fields.\n if (this.version === 5) {\n i++;\n }\n\n // - Only for a version 6 packet where the secret key material is\n // encrypted (that is, where the previous octet is not zero), a one-\n // octet scalar octet count of the cumulative length of all the\n // following optional string-to-key parameter fields.\n if (this.version === 6 && this.s2kUsage) {\n i++;\n }\n\n try {\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one-octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n this.symmetric = bytes[i++];\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n this.aead = bytes[i++];\n }\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n i++;\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n const s2kType = bytes[i++];\n this.s2k = newS2KFromType(s2kType);\n i += this.s2k.read(bytes.subarray(i, bytes.length));\n\n if (this.s2k.type === 'gnu-dummy') {\n return;\n }\n } else if (this.s2kUsage) {\n this.symmetric = this.s2kUsage;\n }\n\n\n if (this.s2kUsage) {\n // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5).\n // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format).\n // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always\n // fail if the key was parsed according to the wrong format, since the keys are processed differently.\n // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag.\n this.isLegacyAEAD = this.s2kUsage === 253 && (\n this.version === 5 || (this.version === 4 && config.parseAEADEncryptedV4KeysAsLegacy));\n // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV)\n // of the same length as the cipher's block size.\n // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the\n // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm.\n // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero\n if (this.s2kUsage !== 253 || this.isLegacyAEAD) {\n this.iv = bytes.subarray(\n i,\n i + crypto.getCipherParams(this.symmetric).blockSize\n );\n this.usedModernAEAD = false;\n } else {\n // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted),\n // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which\n // is used as the nonce for the AEAD algorithm.\n this.iv = bytes.subarray(\n i,\n i + crypto.getAEADMode(this.aead).ivLength\n );\n // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation.\n this.usedModernAEAD = true;\n }\n\n i += this.iv.length;\n }\n } catch (e) {\n // if the s2k is unsupported, we still want to support encrypting and verifying with the given key\n if (!this.s2kUsage) throw e; // always throw for decrypted keys\n this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData);\n this.isEncrypted = true;\n }\n\n // - Only for a version 5 packet, a four-octet scalar octet count for\n // the following key material.\n if (this.version === 5) {\n i += 4;\n }\n\n // - Plain or encrypted multiprecision integers comprising the secret\n // key data. These algorithm-specific fields are as described\n // below.\n this.keyMaterial = bytes.subarray(i);\n this.isEncrypted = !!this.s2kUsage;\n\n if (!this.isEncrypted) {\n let cleartext;\n if (this.version === 6) {\n cleartext = this.keyMaterial;\n } else {\n cleartext = this.keyMaterial.subarray(0, -2);\n if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) {\n throw new Error('Key checksum mismatch');\n }\n }\n try {\n const { read, privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n if (read < cleartext.length) {\n throw new Error('Error reading MPIs');\n }\n this.privateParams = privateParams;\n } catch (err) {\n if (err instanceof UnsupportedError) throw err;\n // avoid throwing potentially sensitive errors\n throw new Error('Error reading MPIs');\n }\n }\n }\n\n /**\n * Creates an OpenPGP key packet for the given key.\n * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet.\n */\n write() {\n const serializedPublicKey = this.writePublicKey();\n if (this.unparseableKeyMaterial) {\n return util.concatUint8Array([\n serializedPublicKey,\n this.unparseableKeyMaterial\n ]);\n }\n\n const arr = [serializedPublicKey];\n arr.push(new Uint8Array([this.s2kUsage]));\n\n const optionalFieldsArr = [];\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // one- octet symmetric encryption algorithm.\n if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) {\n optionalFieldsArr.push(this.symmetric);\n\n // - [Optional] If string-to-key usage octet was 253, a one-octet\n // AEAD algorithm.\n if (this.s2kUsage === 253) {\n optionalFieldsArr.push(this.aead);\n }\n\n const s2k = this.s2k.write();\n\n // - [Optional] Only for a version 6 packet, and if string-to-key usage\n // octet was 255, 254, or 253, an one-octet count of the following field.\n if (this.version === 6) {\n optionalFieldsArr.push(s2k.length);\n }\n\n // - [Optional] If string-to-key usage octet was 255, 254, or 253, a\n // string-to-key specifier. The length of the string-to-key\n // specifier is implied by its type, as described above.\n optionalFieldsArr.push(...s2k);\n }\n\n // - [Optional] If secret data is encrypted (string-to-key usage octet\n // not zero), an Initial Vector (IV) of the same length as the\n // cipher's block size.\n if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') {\n optionalFieldsArr.push(...this.iv);\n }\n\n if (this.version === 5 || (this.version === 6 && this.s2kUsage)) {\n arr.push(new Uint8Array([optionalFieldsArr.length]));\n }\n arr.push(new Uint8Array(optionalFieldsArr));\n\n if (!this.isDummy()) {\n if (!this.s2kUsage) {\n this.keyMaterial = crypto.serializeParams(this.algorithm, this.privateParams);\n }\n\n if (this.version === 5) {\n arr.push(util.writeNumber(this.keyMaterial.length, 4));\n }\n arr.push(this.keyMaterial);\n\n if (!this.s2kUsage && this.version !== 6) {\n arr.push(util.writeChecksum(this.keyMaterial));\n }\n }\n\n return util.concatUint8Array(arr);\n }\n\n /**\n * Check whether secret-key data is available in decrypted form.\n * Returns false for gnu-dummy keys and null for public keys.\n * @returns {Boolean|null}\n */\n isDecrypted() {\n return this.isEncrypted === false;\n }\n\n /**\n * Check whether the key includes secret key material.\n * Some secret keys do not include it, and can thus only be used\n * for public-key operations (encryption and verification).\n * Such keys are:\n * - GNU-dummy keys, where the secret material has been stripped away\n * - encrypted keys with unsupported S2K or cipher\n */\n isMissingSecretKeyMaterial() {\n return this.unparseableKeyMaterial !== undefined || this.isDummy();\n }\n\n /**\n * Check whether this is a gnu-dummy key\n * @returns {Boolean}\n */\n isDummy() {\n return !!(this.s2k && this.s2k.type === 'gnu-dummy');\n }\n\n /**\n * Remove private key material, converting the key to a dummy one.\n * The resulting key cannot be used for signing/decrypting but can still verify signatures.\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n makeDummy(config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n if (this.isDecrypted()) {\n this.clearPrivateParams();\n }\n delete this.unparseableKeyMaterial;\n this.isEncrypted = null;\n this.keyMaterial = null;\n this.s2k = newS2KFromType(enums.s2k.gnu, config);\n this.s2k.algorithm = 0;\n this.s2k.c = 0;\n this.s2k.type = 'gnu-dummy';\n this.s2kUsage = 254;\n this.symmetric = enums.symmetric.aes256;\n this.isLegacyAEAD = null;\n this.usedModernAEAD = null;\n }\n\n /**\n * Encrypt the payload. By default, we use aes256 and iterated, salted string\n * to key specifier. If the key is in a decrypted state (isEncrypted === false)\n * and the passphrase is empty or undefined, the key will be set as not encrypted.\n * This can be used to remove passphrase protection after calling decrypt().\n * @param {String} passphrase\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if encryption was not successful\n * @async\n */\n async encrypt(passphrase, config = defaultConfig) {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key packet is already encrypted');\n }\n\n if (!passphrase) {\n throw new Error('A non-empty passphrase is required for key encryption.');\n }\n\n this.s2k = newS2KFromConfig(config);\n this.s2k.generateSalt();\n const cleartext = crypto.serializeParams(this.algorithm, this.privateParams);\n this.symmetric = enums.symmetric.aes256;\n\n const { blockSize } = crypto.getCipherParams(this.symmetric);\n\n if (config.aeadProtect) {\n this.s2kUsage = 253;\n this.aead = config.preferredAEADAlgorithm;\n const mode = crypto.getAEADMode(this.aead);\n this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead.\n this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material\n\n const serializedPacketTag = writeTag(this.constructor.tag);\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n\n const modeInstance = await mode(this.symmetric, key);\n this.iv = this.isLegacyAEAD ? crypto.random.getRandomBytes(blockSize) : crypto.random.getRandomBytes(mode.ivLength);\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n\n this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData);\n } else {\n this.s2kUsage = 254;\n this.usedModernAEAD = false;\n const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric);\n this.iv = crypto.random.getRandomBytes(blockSize);\n this.keyMaterial = await crypto.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([\n cleartext,\n await crypto.hash.sha1(cleartext, config)\n ]), this.iv, config);\n }\n }\n\n /**\n * Decrypts the private key params which are needed to use the key.\n * Successful decryption does not imply key integrity, call validate() to confirm that.\n * {@link SecretKeyPacket.isDecrypted} should be false, as\n * otherwise calls to this function will throw an error.\n * @param {String} passphrase - The passphrase for this private key as string\n * @throws {Error} if the key is already decrypted, or if decryption was not successful\n * @async\n */\n async decrypt(passphrase) {\n if (this.isDummy()) {\n return false;\n }\n\n if (this.unparseableKeyMaterial) {\n throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo');\n }\n\n if (this.isDecrypted()) {\n throw new Error('Key packet is already decrypted.');\n }\n\n let key;\n const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only\n if (this.s2kUsage === 254 || this.s2kUsage === 253) {\n key = await produceEncryptionKey(\n this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD);\n } else if (this.s2kUsage === 255) {\n throw new Error('Encrypted private key is authenticated using an insecure two-byte hash');\n } else {\n throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5');\n }\n\n let cleartext;\n if (this.s2kUsage === 253) {\n const mode = crypto.getAEADMode(this.aead);\n const modeInstance = await mode(this.symmetric, key);\n try {\n const associateData = this.isLegacyAEAD ?\n new Uint8Array() :\n util.concatUint8Array([serializedPacketTag, this.writePublicKey()]);\n cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData);\n } catch (err) {\n if (err.message === 'Authentication tag mismatch') {\n throw new Error('Incorrect key passphrase: ' + err.message);\n }\n throw err;\n }\n } else {\n const cleartextWithHash = await crypto.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv);\n\n cleartext = cleartextWithHash.subarray(0, -20);\n const hash = await crypto.hash.sha1(cleartext);\n\n if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) {\n throw new Error('Incorrect key passphrase');\n }\n }\n\n try {\n const { privateParams } = crypto.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams);\n this.privateParams = privateParams;\n } catch (err) {\n throw new Error('Error reading MPIs');\n }\n this.isEncrypted = false;\n this.keyMaterial = null;\n this.s2kUsage = 0;\n this.aead = null;\n this.symmetric = null;\n this.isLegacyAEAD = null;\n }\n\n /**\n * Checks that the key parameters are consistent\n * @throws {Error} if validation was not successful\n * @async\n */\n async validate() {\n if (this.isDummy()) {\n return;\n }\n\n if (!this.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n\n if (this.usedModernAEAD) {\n // key integrity confirmed by successful AEAD decryption\n return;\n }\n\n let validParams;\n try {\n // this can throw if some parameters are undefined\n validParams = await crypto.validateParams(this.algorithm, this.publicParams, this.privateParams);\n } catch (_) {\n validParams = false;\n }\n if (!validParams) {\n throw new Error('Key is invalid');\n }\n }\n\n async generate(bits, curve) {\n // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.\n // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.\n if (this.version === 6 && (\n (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||\n this.algorithm === enums.publicKey.eddsaLegacy\n )) {\n throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);\n }\n const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);\n this.privateParams = privateParams;\n this.publicParams = publicParams;\n this.isEncrypted = false;\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n if (this.isMissingSecretKeyMaterial()) {\n return;\n }\n\n Object.keys(this.privateParams).forEach(name => {\n const param = this.privateParams[name];\n param.fill(0);\n delete this.privateParams[name];\n });\n this.privateParams = null;\n this.isEncrypted = true;\n }\n}\n\n/**\n * Derive encryption key\n * @param {Number} keyVersion - key derivation differs for v5 keys\n * @param {module:type/s2k} s2k\n * @param {String} passphrase\n * @param {module:enums.symmetric} cipherAlgo\n * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5)\n * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5)\n * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only)\n * @returns encryption key\n */\nasync function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) {\n if (s2k.type === 'argon2' && !aeadMode) {\n throw new Error('Using Argon2 S2K without AEAD is not allowed');\n }\n if (s2k.type === 'simple' && keyVersion === 6) {\n throw new Error('Using Simple S2K with version 6 keys is not allowed');\n }\n const { keySize } = crypto.getCipherParams(cipherAlgo);\n const derivedKey = await s2k.produceKey(passphrase, keySize);\n if (!aeadMode || keyVersion === 5 || isLegacyAEAD) {\n return derivedKey;\n }\n const info = util.concatUint8Array([\n serializedPacketTag,\n new Uint8Array([keyVersion, cipherAlgo, aeadMode])\n ]);\n return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize);\n}\n\nexport default SecretKeyPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\n\n/**\n * Implementation of the User ID Packet (Tag 13)\n *\n * A User ID packet consists of UTF-8 text that is intended to represent\n * the name and email address of the key holder. By convention, it\n * includes an RFC 2822 [RFC2822] mail name-addr, but there are no\n * restrictions on its content. The packet length in the header\n * specifies the length of the User ID.\n */\nclass UserIDPacket {\n static get tag() {\n return enums.packet.userID;\n }\n\n constructor() {\n /** A string containing the user id. Usually in the form\n * John Doe \n * @type {String}\n */\n this.userID = '';\n\n this.name = '';\n this.email = '';\n this.comment = '';\n }\n\n /**\n * Create UserIDPacket instance from object\n * @param {Object} userID - Object specifying userID name, email and comment\n * @returns {UserIDPacket}\n * @static\n */\n static fromObject(userID) {\n if (util.isString(userID) ||\n (userID.name && !util.isString(userID.name)) ||\n (userID.email && !util.isEmailAddress(userID.email)) ||\n (userID.comment && !util.isString(userID.comment))) {\n throw new Error('Invalid user ID format');\n }\n const packet = new UserIDPacket();\n Object.assign(packet, userID);\n const components = [];\n if (packet.name) components.push(packet.name);\n if (packet.comment) components.push(`(${packet.comment})`);\n if (packet.email) components.push(`<${packet.email}>`);\n packet.userID = components.join(' ');\n return packet;\n }\n\n /**\n * Parsing function for a user id packet (tag 13).\n * @param {Uint8Array} input - Payload of a tag 13 packet\n */\n read(bytes, config = defaultConfig) {\n const userID = util.decodeUTF8(bytes);\n if (userID.length > config.maxUserIDLength) {\n throw new Error('User ID string is too long');\n }\n\n /**\n * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1,\n * as well comments placed between the name (if present) and the bracketed email address:\n * - name (comment) \n * - email\n * In the first case, the `email` is the only required part, and it must contain the `@` symbol.\n * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`,\n * since they interfere with `comment` parsing.\n */\n const re = /^(?[^()]+\\s+)?(?\\([^()]+\\)\\s+)?(?<\\S+@\\S+>)$/;\n const matches = re.exec(userID);\n if (matches !== null) {\n const { name, comment, email } = matches.groups;\n this.comment = comment?.replace(/^\\(|\\)|\\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace\n this.name = name?.trim() || '';\n this.email = email.substring(1, email.length - 1); // remove brackets\n } else if (/^[^\\s@]+@[^\\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace\n this.email = userID;\n }\n\n this.userID = userID;\n }\n\n /**\n * Creates a binary representation of the user id packet\n * @returns {Uint8Array} Binary representation.\n */\n write() {\n return util.encodeUTF8(this.userID);\n }\n\n equals(otherUserID) {\n return otherUserID && otherUserID.userID === this.userID;\n }\n}\n\nexport default UserIDPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport SecretKeyPacket from './secret_key';\nimport enums from '../enums';\nimport defaultConfig from '../config';\n\n/**\n * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret\n * Key packet and has exactly the same format.\n * @extends SecretKeyPacket\n */\nclass SecretSubkeyPacket extends SecretKeyPacket {\n static get tag() {\n return enums.packet.secretSubkey;\n }\n\n /**\n * @param {Date} [date] - Creation date\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n constructor(date = new Date(), config = defaultConfig) {\n super(date, config);\n }\n}\n\nexport default SecretSubkeyPacket;\n","import enums from '../enums';\nimport { UnsupportedError } from './packet';\n\n/**\n * Implementation of the Trust Packet (Tag 12)\n *\n * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}:\n * The Trust packet is used only within keyrings and is not normally\n * exported. Trust packets contain data that record the user's\n * specifications of which key holders are trustworthy introducers,\n * along with other information that implementing software uses for\n * trust information. The format of Trust packets is defined by a given\n * implementation.\n *\n * Trust packets SHOULD NOT be emitted to output streams that are\n * transferred to other users, and they SHOULD be ignored on any input\n * other than local keyring files.\n */\nclass TrustPacket {\n static get tag() {\n return enums.packet.trust;\n }\n\n /**\n * Parsing function for a trust packet (tag 12).\n * Currently not implemented as we ignore trust packets\n */\n read() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n\n write() {\n throw new UnsupportedError('Trust packets are not supported');\n }\n}\n\nexport default TrustPacket;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2022 Proton AG\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport crypto from '../crypto';\nimport enums from '../enums';\n\n/**\n * Implementation of the Padding Packet\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}:\n * Padding Packet\n */\nclass PaddingPacket {\n static get tag() {\n return enums.packet.padding;\n }\n\n constructor() {\n this.padding = null;\n }\n\n /**\n * Read a padding packet\n * @param {Uint8Array | ReadableStream} bytes\n */\n read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars\n // Padding packets are ignored, so this function is never called.\n }\n\n /**\n * Write the padding packet\n * @returns {Uint8Array} The padding packet.\n */\n write() {\n return this.padding;\n }\n\n /**\n * Create random padding.\n * @param {Number} length - The length of padding to be generated.\n * @throws {Error} if padding generation was not successful\n * @async\n */\n async createPadding(length) {\n this.padding = await crypto.random.getRandomBytes(length);\n }\n}\n\nexport default PaddingPacket;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport { PacketList, SignaturePacket } from './packet';\nimport enums from './enums';\nimport util from './util';\nimport defaultConfig from './config';\n\n// A Signature can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP signature.\n */\nexport class Signature {\n /**\n * @param {PacketList} packetlist - The signature packets\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns binary encoded signature\n * @returns {ReadableStream} Binary signature.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns an array of KeyIDs of all of the issuers who created this signature\n * @returns {Array} The Key IDs of the signing keys\n */\n getSigningKeyIDs() {\n return this.packets.map(packet => packet.issuerKeyID);\n }\n}\n\n/**\n * reads an (optionally armored) OpenPGP signature and returns a signature object\n * @param {Object} options\n * @param {String} [options.armoredSignature] - Armored signature to be parsed\n * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New signature object.\n * @async\n * @static\n */\nexport async function readSignature({ armoredSignature, binarySignature, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredSignature || binarySignature;\n if (!input) {\n throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`');\n }\n if (armoredSignature && !util.isString(armoredSignature)) {\n throw new Error('readSignature: options.armoredSignature must be a string');\n }\n if (binarySignature && !util.isUint8Array(binarySignature)) {\n throw new Error('readSignature: options.binarySignature must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredSignature) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.signature) {\n throw new Error('Armored text not of type signature');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedPackets, config);\n return new Signature(packetlist);\n}\n","/**\n * @fileoverview Provides helpers methods for key module\n * @module key/helper\n */\n\nimport {\n SecretKeyPacket,\n SecretSubkeyPacket,\n SignaturePacket\n} from '../packet';\nimport enums from '../enums';\nimport crypto from '../crypto';\nimport util from '../util';\nimport defaultConfig from '../config';\n\nexport async function generateSecretSubkey(options, config) {\n const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);\n secretSubkeyPacket.packets = null;\n secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretSubkeyPacket.generate(options.rsaBits, options.curve);\n await secretSubkeyPacket.computeFingerprintAndKeyID();\n return secretSubkeyPacket;\n}\n\nexport async function generateSecretKey(options, config) {\n const secretKeyPacket = new SecretKeyPacket(options.date, config);\n secretKeyPacket.packets = null;\n secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm);\n await secretKeyPacket.generate(options.rsaBits, options.curve, options.config);\n await secretKeyPacket.computeFingerprintAndKeyID();\n return secretKeyPacket;\n}\n\n/**\n * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.\n * @param {Array} signatures - List of signatures\n * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature\n * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures,\n * `enums.signatures.certGeneric` should be given regardless of the actual trust level)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - full configuration\n * @returns {Promise} The latest valid signature.\n * @async\n */\nexport async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) {\n let latestValid;\n let exception;\n for (let i = signatures.length - 1; i >= 0; i--) {\n try {\n if (\n (!latestValid || signatures[i].created >= latestValid.created)\n ) {\n await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config);\n latestValid = signatures[i];\n }\n } catch (e) {\n exception = e;\n }\n }\n if (!latestValid) {\n throw util.wrapError(\n `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}`\n .replace('certGeneric ', 'self-')\n .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()),\n exception);\n }\n return latestValid;\n}\n\nexport function isDataExpired(keyPacket, signature, date = new Date()) {\n const normDate = util.normalizeDate(date);\n if (normDate !== null) {\n const expirationTime = getKeyExpirationTime(keyPacket, signature);\n return !(keyPacket.created <= normDate && normDate < expirationTime);\n }\n return false;\n}\n\n/**\n * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}\n * @param {SecretSubkeyPacket} subkey - Subkey key packet\n * @param {SecretKeyPacket} primaryKey - Primary key packet\n * @param {Object} options\n * @param {Object} config - Full configuration\n */\nexport async function createBindingSignature(subkey, primaryKey, options, config) {\n const dataToSign = {};\n dataToSign.key = primaryKey;\n dataToSign.bind = subkey;\n const signatureProperties = { signatureType: enums.signature.subkeyBinding };\n if (options.sign) {\n signatureProperties.keyFlags = [enums.keyFlags.signData];\n signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, {\n signatureType: enums.signature.keyBinding\n }, options.date, undefined, undefined, undefined, config);\n } else {\n signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config);\n return subkeySignaturePacket;\n}\n\n/**\n * Returns the preferred signature hash algorithm for a set of keys.\n * @param {Array} [targetKeys] - The keys to get preferences from\n * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from\n * @param {Object} config - full configuration\n * @returns {Promise}\n * @async\n */\nexport async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {\n /**\n * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the\n * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).\n * if no keys are available, `preferredSenderAlgo` is returned.\n * For ECC signing key, the curve preferred hash is taken into account as well (see logic below).\n */\n const defaultAlgo = enums.hash.sha256; // MUST implement\n const preferredSenderAlgo = config.preferredHashAlgorithm;\n\n const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => {\n const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config);\n const targetPrefs = selfCertification.preferredHashAlgorithms;\n return targetPrefs;\n }));\n const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys\n for (const supportedAlgos of supportedAlgosPerTarget) {\n for (const hashAlgo of supportedAlgos) {\n try {\n // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on\n const supportedAlgo = enums.write(enums.hash, hashAlgo);\n supportedAlgosMap.set(\n supportedAlgo,\n supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1\n );\n } catch {}\n }\n }\n const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo;\n const getStrongestSupportedHashAlgo = () => {\n if (supportedAlgosMap.size === 0) {\n return defaultAlgo;\n }\n const sortedHashAlgos = Array.from(supportedAlgosMap.keys())\n .filter(hashAlgo => isSupportedHashAlgo(hashAlgo))\n .sort((algoA, algoB) => crypto.hash.getHashByteLength(algoA) - crypto.hash.getHashByteLength(algoB));\n const strongestHashAlgo = sortedHashAlgos[0];\n // defaultAlgo is always implicilty supported, and might be stronger than the rest\n return crypto.hash.getHashByteLength(strongestHashAlgo) >= crypto.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo;\n };\n\n const eccAlgos = new Set([\n enums.publicKey.ecdsa,\n enums.publicKey.eddsaLegacy,\n enums.publicKey.ed25519,\n enums.publicKey.ed448\n ]);\n\n if (eccAlgos.has(signingKeyPacket.algorithm)) {\n // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:\n // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5\n // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3\n // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4\n // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4\n // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough;\n // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve\n // preferred algo, even if not supported by all targets.\n const preferredCurveAlgo = crypto.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid);\n\n const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo);\n const preferredSenderAlgoStrongerThanCurveAlgo = crypto.hash.getHashByteLength(preferredSenderAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo);\n\n if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) {\n return preferredSenderAlgo;\n } else {\n const strongestSupportedAlgo = getStrongestSupportedHashAlgo();\n return crypto.hash.getHashByteLength(strongestSupportedAlgo) >= crypto.hash.getHashByteLength(preferredCurveAlgo) ?\n strongestSupportedAlgo :\n preferredCurveAlgo;\n }\n }\n\n // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this,\n // since it was manually set by the sender.\n return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo();\n}\n\n/**\n * Returns the preferred compression algorithm for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Preferred compression algorithm\n * @async\n */\nexport async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const defaultAlgo = enums.compression.uncompressed;\n const preferredSenderAlgo = config.preferredCompressionAlgorithm;\n\n // if preferredSenderAlgo appears in the prefs of all recipients, we pick it\n // otherwise we use the default algo\n // if no keys are available, preferredSenderAlgo is returned\n const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) {\n const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config);\n const recipientPrefs = selfCertification.preferredCompressionAlgorithms;\n return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0;\n }));\n return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo;\n}\n\n/**\n * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys\n * @param {Array} [keys] - Set of keys\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Array} [userIDs] - User IDs\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred\n * @async\n */\nexport async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));\n const withAEAD = keys.length ?\n selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :\n config.aeadProtect;\n\n if (withAEAD) {\n const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };\n const desiredCipherSuites = [\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },\n { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },\n { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }\n ];\n for (const desiredCipherSuite of desiredCipherSuites) {\n if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(\n cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo\n ))) {\n return desiredCipherSuite;\n }\n }\n return defaultCipherSuite;\n }\n const defaultSymAlgo = enums.symmetric.aes128;\n const desiredSymAlgo = config.preferredSymmetricAlgorithm;\n return {\n symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ?\n desiredSymAlgo :\n defaultSymAlgo,\n aeadAlgo: undefined\n };\n}\n\n/**\n * Create signature packet\n * @param {Object} dataToSign - Contains packets to be signed\n * @param {Array} recipientKeys - keys to get preferences from\n * @param {SecretKeyPacket|\n * SecretSubkeyPacket} signingKeyPacket secret key packet for signing\n * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Object} [userID] - User ID\n * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [detached] - Whether to create a detached signature packet\n * @param {Object} config - full configuration\n * @returns {Promise} Signature packet.\n */\nexport async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) {\n if (signingKeyPacket.isDummy()) {\n throw new Error('Cannot sign with a gnu-dummy key.');\n }\n if (!signingKeyPacket.isDecrypted()) {\n throw new Error('Signing key is not decrypted.');\n }\n const signaturePacket = new SignaturePacket();\n Object.assign(signaturePacket, signatureProperties);\n signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;\n signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config);\n signaturePacket.rawNotations = [...notations];\n await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config);\n return signaturePacket;\n}\n\n/**\n * Merges signatures from source[attr] to dest[attr]\n * @param {Object} source\n * @param {Object} dest\n * @param {String} attr\n * @param {Date} [date] - date to use for signature expiration check, instead of the current time\n * @param {Function} [checkFn] - signature only merged if true\n */\nexport async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) {\n source = source[attr];\n if (source) {\n if (!dest[attr].length) {\n dest[attr] = source;\n } else {\n await Promise.all(source.map(async function(sourceSig) {\n if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) &&\n !dest[attr].some(function(destSig) {\n return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams());\n })) {\n dest[attr].push(sourceSig);\n }\n }));\n }\n }\n}\n\n/**\n * Checks if a given certificate or binding signature is revoked\n * @param {SecretKeyPacket|\n * PublicKeyPacket} primaryKey The primary key packet\n * @param {Object} dataToVerify - The data to check\n * @param {Array} revocations - The revocation signatures to check\n * @param {SignaturePacket} signature - The certificate or signature to check\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the signature revokes the data.\n * @async\n */\nexport async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) {\n key = key || primaryKey;\n const revocationKeyIDs = [];\n await Promise.all(revocations.map(async function(revocationSignature) {\n try {\n if (\n // Note: a third-party revocation signature could legitimately revoke a\n // self-signature if the signature has an authorized revocation key.\n // However, we don't support passing authorized revocation keys, nor\n // verifying such revocation signatures. Instead, we indicate an error\n // when parsing a key with an authorized revocation key, and ignore\n // third-party revocation signatures here. (It could also be revoking a\n // third-party key certification, which should only affect\n // `verifyAllCertifications`.)\n !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)\n ) {\n const isHardRevocation = ![\n enums.reasonForRevocation.keyRetired,\n enums.reasonForRevocation.keySuperseded,\n enums.reasonForRevocation.userIDInvalid\n ].includes(revocationSignature.reasonForRevocationFlag);\n\n await revocationSignature.verify(\n key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config\n );\n\n // TODO get an identifier of the revoked object instead\n revocationKeyIDs.push(revocationSignature.issuerKeyID);\n }\n } catch (e) {}\n }));\n // TODO further verify that this is the signature that should be revoked\n if (signature) {\n signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true :\n signature.revoked || false;\n return signature.revoked;\n }\n return revocationKeyIDs.length > 0;\n}\n\n/**\n * Returns key expiration time based on the given certification signature.\n * The expiration time of the signature is ignored.\n * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check\n * @param {SignaturePacket} signature - signature to process\n * @returns {Date|Infinity} expiration time or infinity if the key does not expire\n */\nexport function getKeyExpirationTime(keyPacket, signature) {\n let expirationTime;\n // check V4 expiration time\n if (signature.keyNeverExpires === false) {\n expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;\n }\n return expirationTime ? new Date(expirationTime) : Infinity;\n}\n\nexport function sanitizeKeyOptions(options, subkeyDefaults = {}) {\n options.type = options.type || subkeyDefaults.type;\n options.curve = options.curve || subkeyDefaults.curve;\n options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;\n options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n options.sign = options.sign || false;\n\n switch (options.type) {\n case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve`\n try {\n options.curve = enums.write(enums.curve, options.curve);\n } catch (e) {\n throw new Error('Unknown curve');\n }\n if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy ||\n options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now\n options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy;\n }\n if (options.sign) {\n options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa;\n } else {\n options.algorithm = enums.publicKey.ecdh;\n }\n break;\n case 'curve25519':\n options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519;\n break;\n case 'curve448':\n options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448;\n break;\n case 'rsa':\n options.algorithm = enums.publicKey.rsaEncryptSign;\n break;\n default:\n throw new Error(`Unsupported key type ${options.type}`);\n }\n return options;\n}\n\nexport function validateSigningKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ed25519:\n case enums.publicKey.ed448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateEncryptionKeyPacket(keyPacket, signature, config) {\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448:\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n default:\n return false;\n }\n}\n\nexport function validateDecryptionKeyPacket(keyPacket, signature, config) {\n if (!signature.keyFlags && !config.allowMissingKeyFlags) {\n throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');\n }\n\n switch (keyPacket.algorithm) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.elgamal:\n case enums.publicKey.ecdh:\n case enums.publicKey.x25519:\n case enums.publicKey.x448: {\n const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0;\n if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) {\n // This is only relevant for RSA keys, all other signing algorithms cannot decrypt\n return true;\n }\n\n return !signature.keyFlags ||\n (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||\n (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check key against blacklisted algorithms and minimum strength requirements.\n * @param {SecretKeyPacket|PublicKeyPacket|\n * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket\n * @param {Config} config\n * @throws {Error} if the key packet does not meet the requirements\n */\nexport function checkKeyRequirements(keyPacket, config) {\n const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);\n const algoInfo = keyPacket.getAlgorithmInfo();\n if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) {\n throw new Error(`${algoInfo.algorithm} keys are considered too weak.`);\n }\n switch (keyAlgo) {\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.rsaEncrypt:\n if (algoInfo.bits < config.minRSABits) {\n throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`);\n }\n break;\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n case enums.publicKey.ecdh:\n if (config.rejectCurves.has(algoInfo.curve)) {\n throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`);\n }\n break;\n default:\n break;\n }\n}\n","/**\n * @module key/User\n */\n\nimport enums from '../enums';\nimport util from '../util';\nimport { PacketList } from '../packet';\nimport { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents an user ID or attribute packet and the relevant signatures.\n * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info\n * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with\n */\nclass User {\n constructor(userPacket, mainKey) {\n this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null;\n this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null;\n this.selfCertifications = [];\n this.otherCertifications = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured user data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.userID || this.userAttribute);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.selfCertifications);\n packetlist.push(...this.otherCertifications);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @returns {User}\n */\n clone() {\n const user = new User(this.userID || this.userAttribute, this.mainKey);\n user.selfCertifications = [...this.selfCertifications];\n user.otherCertifications = [...this.otherCertifications];\n user.revocationSignatures = [...this.revocationSignatures];\n return user;\n }\n\n /**\n * Generate third-party certifications over this user and its primary key\n * @param {Array} signingKeys - Decrypted private keys for signing\n * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} New user with new certifications.\n * @async\n */\n async certify(signingKeys, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) {\n if (!privateKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n if (privateKey.hasSameFingerprintAs(primaryKey)) {\n throw new Error(\"The user's own key can only be used for self-certifications\");\n }\n const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config);\n return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, {\n // Most OpenPGP implementations use generic certification (0x10)\n signatureType: enums.signature.certGeneric,\n keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData]\n }, date, undefined, undefined, undefined, config);\n }));\n await user.update(this, date, config);\n return user;\n }\n\n /**\n * Checks if a given certificate of the user is revoked\n * @param {SignaturePacket} certificate - The certificate to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return isDataRevoked(primaryKey, enums.signature.certRevocation, {\n key: primaryKey,\n userID: this.userID,\n userAttribute: this.userAttribute\n }, this.revocationSignatures, certificate, keyPacket, date, config);\n }\n\n /**\n * Verifies the user certificate.\n * @param {SignaturePacket} certificate - A certificate of this user\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate\n * @throws if the user certificate is invalid.\n * @async\n */\n async verifyCertificate(certificate, verificationKeys, date = new Date(), config) {\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const { issuerKeyID } = certificate;\n const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0);\n if (issuerKeys.length === 0) {\n return null;\n }\n await Promise.all(issuerKeys.map(async key => {\n const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config);\n if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) {\n throw new Error('User certificate is revoked');\n }\n try {\n await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('User certificate is invalid', e);\n }\n }));\n return true;\n }\n\n /**\n * Verifies all user certificates\n * @param {Array} verificationKeys - Array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllCertifications(verificationKeys, date = new Date(), config) {\n const that = this;\n const certifications = this.selfCertifications.concat(this.otherCertifications);\n return Promise.all(certifications.map(async certification => ({\n keyID: certification.issuerKeyID,\n valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false)\n })));\n }\n\n /**\n * Verify User. Checks for existence of self signatures, revocation signatures\n * and validity of self signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} config - Full configuration\n * @returns {Promise} Status of user.\n * @throws {Error} if there are no valid self signatures.\n * @async\n */\n async verify(date = new Date(), config) {\n if (!this.selfCertifications.length) {\n throw new Error('No self-certifications found');\n }\n const that = this;\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // TODO replace when Promise.some or Promise.any are implemented\n let exception;\n for (let i = this.selfCertifications.length - 1; i >= 0; i--) {\n try {\n const selfCertification = this.selfCertifications[i];\n if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) {\n throw new Error('Self-certification is revoked');\n }\n try {\n await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Self-certification is invalid', e);\n }\n return true;\n } catch (e) {\n exception = e;\n }\n }\n throw exception;\n }\n\n /**\n * Update user with new components from specified user\n * @param {User} sourceUser - Source user to merge\n * @param {Date} date - Date to verify the validity of signatures\n * @param {Object} config - Full configuration\n * @returns {Promise}\n * @async\n */\n async update(sourceUser, date, config) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n // self signatures\n await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) {\n try {\n await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // other signatures\n await mergeSignatures(sourceUser, this, 'otherCertifications', date);\n // revocation signatures\n await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) {\n return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the user\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New user with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = {\n userID: this.userID,\n userAttribute: this.userAttribute,\n key: primaryKey\n };\n const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey);\n user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.certRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await user.update(this);\n return user;\n }\n}\n\nexport default User;\n","/**\n * @module key/Subkey\n */\n\nimport enums from '../enums';\nimport * as helper from './helper';\nimport { PacketList } from '../packet';\nimport defaultConfig from '../config';\n\n/**\n * Class that represents a subkey packet and the relevant signatures.\n * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID\n * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint\n * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs\n * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo\n * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime\n * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted\n */\nclass Subkey {\n /**\n * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey\n * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey\n */\n constructor(subkeyPacket, mainKey) {\n this.keyPacket = subkeyPacket;\n this.bindingSignatures = [];\n this.revocationSignatures = [];\n this.mainKey = mainKey;\n }\n\n /**\n * Transforms structured subkey data to packetlist\n * @returns {PacketList}\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.bindingSignatures);\n return packetlist;\n }\n\n /**\n * Shallow clone\n * @return {Subkey}\n */\n clone() {\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.bindingSignatures = [...this.bindingSignatures];\n subkey.revocationSignatures = [...this.revocationSignatures];\n return subkey;\n }\n\n /**\n * Checks if a binding signature of a subkey is revoked\n * @param {SignaturePacket} signature - The binding signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the binding signature is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n return helper.isDataRevoked(\n primaryKey, enums.signature.subkeyRevocation, {\n key: primaryKey,\n bind: this.keyPacket\n }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify subkey. Checks for revocation signatures, expiration time\n * and valid binding signature.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @throws {Error} if the subkey is invalid.\n * @async\n */\n async verify(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n // check subkey binding signatures\n const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n // check binding signature is not revoked\n if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config)) {\n throw new Error('Subkey is revoked');\n }\n // check for expiration time\n if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {\n throw new Error('Subkey is expired');\n }\n return bindingSignature;\n }\n\n /**\n * Returns the expiration time of the subkey or Infinity if key does not expire.\n * Returns null if the subkey is invalid.\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n const dataToVerify = { key: primaryKey, bind: this.keyPacket };\n let bindingSignature;\n try {\n bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n } catch (e) {\n return null;\n }\n const keyExpiry = helper.getKeyExpirationTime(this.keyPacket, bindingSignature);\n const sigExpiry = bindingSignature.getExpirationTime();\n return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;\n }\n\n /**\n * Update subkey with new components from specified subkey\n * @param {Subkey} subkey - Source subkey to merge\n * @param {Date} [date] - Date to verify validity of signatures\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if update failed\n * @async\n */\n async update(subkey, date = new Date(), config = defaultConfig) {\n const primaryKey = this.mainKey.keyPacket;\n if (!this.hasSameFingerprintAs(subkey)) {\n throw new Error('Subkey update method: fingerprints of subkeys not equal');\n }\n // key packet\n if (this.keyPacket.constructor.tag === enums.packet.publicSubkey &&\n subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) {\n this.keyPacket = subkey.keyPacket;\n }\n // update missing binding signatures\n const that = this;\n const dataToVerify = { key: primaryKey, bind: that.keyPacket };\n await helper.mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) {\n for (let i = 0; i < that.bindingSignatures.length; i++) {\n if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) {\n if (srcBindSig.created > that.bindingSignatures[i].created) {\n that.bindingSignatures[i] = srcBindSig;\n }\n return false;\n }\n }\n try {\n await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config);\n return true;\n } catch (e) {\n return false;\n }\n });\n // revocation signatures\n await helper.mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) {\n return helper.isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config);\n });\n }\n\n /**\n * Revokes the subkey\n * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New subkey with revocation signature.\n * @async\n */\n async revoke(\n primaryKey,\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n const dataToSign = { key: primaryKey, bind: this.keyPacket };\n const subkey = new Subkey(this.keyPacket, this.mainKey);\n subkey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], primaryKey, {\n signatureType: enums.signature.subkeyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, false, config));\n await subkey.update(this);\n return subkey;\n }\n\n hasSameFingerprintAs(other) {\n return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {\n Subkey.prototype[name] =\n function() {\n return this.keyPacket[name]();\n };\n});\n\nexport default Subkey;\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from '../encoding/armor';\nimport {\n PacketList,\n SignaturePacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport util from '../util';\nimport User from './user';\nimport Subkey from './subkey';\nimport * as helper from './helper';\nimport { UnparseablePacket } from '../packet/packet';\n\n// A key revocation certificate can contain the following packets\nconst allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\nconst mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]);\nconst keyPacketTags = new Set([\n enums.packet.publicKey, enums.packet.privateKey,\n enums.packet.publicSubkey, enums.packet.privateSubkey\n]);\n\n/**\n * Abstract class that represents an OpenPGP key. Must contain a primary key.\n * Can contain additional subkeys, signatures, user ids, user attributes.\n * @borrows PublicKeyPacket#getKeyID as Key#getKeyID\n * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint\n * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs\n * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo\n * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime\n */\nclass Key {\n /**\n * Transforms packetlist to structured key data\n * @param {PacketList} packetlist - The packets that form a key\n * @param {Set} disallowedPackets - disallowed packet tags\n */\n packetListToStructure(packetlist, disallowedPackets = new Set()) {\n let user;\n let primaryKeyID;\n let subkey;\n let ignoreUntil;\n\n for (const packet of packetlist) {\n\n if (packet instanceof UnparseablePacket) {\n const isUnparseableKeyPacket = keyPacketTags.has(packet.tag);\n if (isUnparseableKeyPacket && !ignoreUntil) {\n // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must\n // discard all non-key packets that follow, until another (sub)key packet is found.\n if (mainKeyPacketTags.has(packet.tag)) {\n ignoreUntil = mainKeyPacketTags;\n } else {\n ignoreUntil = keyPacketTags;\n }\n }\n continue;\n }\n\n const tag = packet.constructor.tag;\n if (ignoreUntil) {\n if (!ignoreUntil.has(tag)) continue;\n ignoreUntil = null;\n }\n if (disallowedPackets.has(tag)) {\n throw new Error(`Unexpected packet type: ${tag}`);\n }\n switch (tag) {\n case enums.packet.publicKey:\n case enums.packet.secretKey:\n if (this.keyPacket) {\n throw new Error('Key block contains multiple keys');\n }\n this.keyPacket = packet;\n primaryKeyID = this.getKeyID();\n if (!primaryKeyID) {\n throw new Error('Missing Key ID');\n }\n break;\n case enums.packet.userID:\n case enums.packet.userAttribute:\n user = new User(packet, this);\n this.users.push(user);\n break;\n case enums.packet.publicSubkey:\n case enums.packet.secretSubkey:\n user = null;\n subkey = new Subkey(packet, this);\n this.subkeys.push(subkey);\n break;\n case enums.packet.signature:\n switch (packet.signatureType) {\n case enums.signature.certGeneric:\n case enums.signature.certPersona:\n case enums.signature.certCasual:\n case enums.signature.certPositive:\n if (!user) {\n util.printDebug('Dropping certification signatures without preceding user packet');\n continue;\n }\n if (packet.issuerKeyID.equals(primaryKeyID)) {\n user.selfCertifications.push(packet);\n } else {\n user.otherCertifications.push(packet);\n }\n break;\n case enums.signature.certRevocation:\n if (user) {\n user.revocationSignatures.push(packet);\n } else {\n this.directSignatures.push(packet);\n }\n break;\n case enums.signature.key:\n this.directSignatures.push(packet);\n break;\n case enums.signature.subkeyBinding:\n if (!subkey) {\n util.printDebug('Dropping subkey binding signature without preceding subkey packet');\n continue;\n }\n subkey.bindingSignatures.push(packet);\n break;\n case enums.signature.keyRevocation:\n this.revocationSignatures.push(packet);\n break;\n case enums.signature.subkeyRevocation:\n if (!subkey) {\n util.printDebug('Dropping subkey revocation signature without preceding subkey packet');\n continue;\n }\n subkey.revocationSignatures.push(packet);\n break;\n }\n break;\n }\n }\n }\n\n /**\n * Transforms structured key data to packetlist\n * @returns {PacketList} The packets that form a key.\n */\n toPacketList() {\n const packetlist = new PacketList();\n packetlist.push(this.keyPacket);\n packetlist.push(...this.revocationSignatures);\n packetlist.push(...this.directSignatures);\n this.users.map(user => packetlist.push(...user.toPacketList()));\n this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList()));\n return packetlist;\n }\n\n /**\n * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent.\n * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key.\n * @returns {Promise} Clone of the key.\n */\n clone(clonePrivateParams = false) {\n const key = new this.constructor(this.toPacketList());\n if (clonePrivateParams) {\n key.getKeys().forEach(k => {\n // shallow clone the key packets\n k.keyPacket = Object.create(\n Object.getPrototypeOf(k.keyPacket),\n Object.getOwnPropertyDescriptors(k.keyPacket)\n );\n if (!k.keyPacket.isDecrypted()) return;\n // deep clone the private params, which are cleared during encryption\n const privateParams = {};\n Object.keys(k.keyPacket.privateParams).forEach(name => {\n privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);\n });\n k.keyPacket.privateParams = privateParams;\n });\n }\n return key;\n }\n\n /**\n * Returns an array containing all public or private subkeys matching keyID;\n * If no keyID is given, returns all subkeys.\n * @param {type/keyID} [keyID] - key ID to look for\n * @returns {Array} array of subkeys\n */\n getSubkeys(keyID = null) {\n const subkeys = this.subkeys.filter(subkey => (\n !keyID || subkey.getKeyID().equals(keyID, true)\n ));\n return subkeys;\n }\n\n /**\n * Returns an array containing all public or private keys matching keyID.\n * If no keyID is given, returns all keys, starting with the primary key.\n * @param {type/keyid~KeyID} [keyID] - key ID to look for\n * @returns {Array} array of keys\n */\n getKeys(keyID = null) {\n const keys = [];\n if (!keyID || this.getKeyID().equals(keyID, true)) {\n keys.push(this);\n }\n return keys.concat(this.getSubkeys(keyID));\n }\n\n /**\n * Returns key IDs of all keys\n * @returns {Array}\n */\n getKeyIDs() {\n return this.getKeys().map(key => key.getKeyID());\n }\n\n /**\n * Returns userIDs\n * @returns {Array} Array of userIDs.\n */\n getUserIDs() {\n return this.users.map(user => {\n return user.userID ? user.userID.userID : null;\n }).filter(userID => userID !== null);\n }\n\n /**\n * Returns binary encoded key\n * @returns {Uint8Array} Binary key.\n */\n write() {\n return this.toPacketList().write();\n }\n\n /**\n * Returns last created key or key by given keyID that is available for signing and verification\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} signing key\n * @throws if no valid signing key was found\n * @async\n */\n async getSigningKey(keyID = null, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(\n subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config\n );\n if (!helper.validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n continue;\n }\n if (!bindingSignature.embeddedSignature) {\n throw new Error('Missing embedded signature');\n }\n // verify embedded signature\n await helper.getLatestValidSignature(\n [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config\n );\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateSigningKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Returns last created key or key by given keyID that is available for encryption or decryption\n * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve\n * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date\n * @param {Object} [userID] - filter keys for the given user ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} encryption key\n * @throws if no valid encryption key was found\n * @async\n */\n async getEncryptionKey(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n await this.verifyPrimaryKey(date, userID, config);\n const primaryKey = this.keyPacket;\n try {\n helper.checkKeyRequirements(primaryKey, config);\n } catch (err) {\n throw util.wrapError('Could not verify primary key', err);\n }\n // V4: by convention subkeys are preferred for encryption service\n const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created);\n let exception;\n for (const subkey of subkeys) {\n if (!keyID || subkey.getKeyID().equals(keyID)) {\n try {\n await subkey.verify(date, config);\n const dataToVerify = { key: primaryKey, bind: subkey.keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config)) {\n helper.checkKeyRequirements(subkey.keyPacket, config);\n return subkey;\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n try {\n // if no valid subkey for encryption, evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID)) &&\n helper.validateEncryptionKeyPacket(primaryKey, selfCertification, config)) {\n helper.checkKeyRequirements(primaryKey, config);\n return this;\n }\n } catch (e) {\n exception = e;\n }\n throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception);\n }\n\n /**\n * Checks if a signature on a key is revoked\n * @param {SignaturePacket} signature - The signature to verify\n * @param {PublicSubkeyPacket|\n * SecretSubkeyPacket|\n * PublicKeyPacket|\n * SecretKeyPacket} key, optional The key to verify the signature\n * @param {Date} [date] - Use the given date for verification, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} True if the certificate is revoked.\n * @async\n */\n async isRevoked(signature, key, date = new Date(), config = defaultConfig) {\n return helper.isDataRevoked(\n this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config\n );\n }\n\n /**\n * Verify primary key. Checks for revocation signatures, expiration time\n * and valid self signature. Throws if the primary key is invalid.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} If key verification failed\n * @async\n */\n async verifyPrimaryKey(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n // check for key revocation signatures\n if (await this.isRevoked(null, null, date, config)) {\n throw new Error('Primary key is revoked');\n }\n // check for valid, unrevoked, unexpired self signature\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n // check for expiration time in binding signatures\n if (helper.isDataExpired(primaryKey, selfCertification, date)) {\n throw new Error('Primary key is expired');\n }\n if (primaryKey.version !== 6) {\n // check for expiration time in direct signatures (for V6 keys, the above already did so)\n const directSignature = await helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key\n\n if (directSignature && helper.isDataExpired(primaryKey, directSignature, date)) {\n throw new Error('Primary key is expired');\n }\n }\n }\n\n /**\n * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures.\n * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid.\n * @param {Object} [userID] - User ID to consider instead of the primary user\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise}\n * @async\n */\n async getExpirationTime(userID, config = defaultConfig) {\n let primaryKeyExpiry;\n try {\n const selfCertification = await this.getPrimarySelfSignature(null, userID, config);\n const selfSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, selfCertification);\n const selfSigExpiry = selfCertification.getExpirationTime();\n const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature.\n await helper.getLatestValidSignature(\n this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config\n ).catch(() => {});\n if (directSignature) {\n const directSigKeyExpiry = helper.getKeyExpirationTime(this.keyPacket, directSignature);\n // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration,\n // causing a discountinous validy period for the key\n primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry);\n } else {\n primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry;\n }\n } catch (e) {\n primaryKeyExpiry = null;\n }\n\n return util.normalizeDate(primaryKeyExpiry);\n }\n\n\n /**\n * For V4 keys, returns the self-signature of the primary user.\n * For V5 keys, returns the latest valid direct-key self-signature.\n * This self-signature is to be used to check the key expiration,\n * algorithm preferences, and so on.\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} The primary self-signature\n * @async\n */\n async getPrimarySelfSignature(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n if (primaryKey.version === 6) {\n return helper.getLatestValidSignature(\n this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config\n );\n }\n const { selfCertification } = await this.getPrimaryUser(date, userID, config);\n return selfCertification;\n }\n\n /**\n * Returns primary user and most significant (latest valid) self signature\n * - if multiple primary users exist, returns the one with the latest self signature\n * - otherwise, returns the user with the latest self signature\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * user: User,\n * selfCertification: SignaturePacket\n * }>} The primary user and the self signature\n * @async\n */\n async getPrimaryUser(date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const users = [];\n let exception;\n for (let i = 0; i < this.users.length; i++) {\n try {\n const user = this.users[i];\n if (!user.userID) {\n continue;\n }\n if (\n (userID.name !== undefined && user.userID.name !== userID.name) ||\n (userID.email !== undefined && user.userID.email !== userID.email) ||\n (userID.comment !== undefined && user.userID.comment !== userID.comment)\n ) {\n throw new Error('Could not find user that matches that user ID');\n }\n const dataToVerify = { userID: user.userID, key: primaryKey };\n const selfCertification = await helper.getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config);\n users.push({ index: i, user, selfCertification });\n } catch (e) {\n exception = e;\n }\n }\n if (!users.length) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('Could not find primary user');\n }\n await Promise.all(users.map(async function (a) {\n return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config);\n }));\n // sort by primary user flag and signature creation time\n const primaryUser = users.sort(function(a, b) {\n const A = a.selfCertification;\n const B = b.selfCertification;\n return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created;\n }).pop();\n const { user, selfCertification: cert } = primaryUser;\n if (cert.revoked || await user.isRevoked(cert, null, date, config)) {\n throw new Error('Primary user is revoked');\n }\n return primaryUser;\n }\n\n /**\n * Update key with new components from specified key with same key ID:\n * users, subkeys, certificates are merged into the destination key,\n * duplicates and expired signatures are ignored.\n *\n * If the source key is a private key and the destination key is public,\n * a private key is returned.\n * @param {Key} sourceKey - Source key to merge\n * @param {Date} [date] - Date to verify validity of signatures and keys\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} updated key\n * @async\n */\n async update(sourceKey, date = new Date(), config = defaultConfig) {\n if (!this.hasSameFingerprintAs(sourceKey)) {\n throw new Error('Primary key fingerprints must be equal to update the key');\n }\n if (!this.isPrivate() && sourceKey.isPrivate()) {\n // check for equal subkey packets\n const equal = (this.subkeys.length === sourceKey.subkeys.length) &&\n (this.subkeys.every(destSubkey => {\n return sourceKey.subkeys.some(srcSubkey => {\n return destSubkey.hasSameFingerprintAs(srcSubkey);\n });\n }));\n if (!equal) {\n throw new Error('Cannot update public key with private key if subkeys mismatch');\n }\n\n return sourceKey.update(this, config);\n }\n // from here on, either:\n // - destination key is private, source key is public\n // - the keys are of the same type\n // hence we don't need to convert the destination key type\n const updatedKey = this.clone();\n // revocation signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => {\n return helper.isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config);\n });\n // direct signatures\n await helper.mergeSignatures(sourceKey, updatedKey, 'directSignatures', date);\n // update users\n await Promise.all(sourceKey.users.map(async srcUser => {\n // multiple users with the same ID/attribute are not explicitly disallowed by the spec\n // hence we support them, just in case\n const usersToUpdate = updatedKey.users.filter(dstUser => (\n (srcUser.userID && srcUser.userID.equals(dstUser.userID)) ||\n (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute))\n ));\n if (usersToUpdate.length > 0) {\n await Promise.all(\n usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config))\n );\n } else {\n const newUser = srcUser.clone();\n newUser.mainKey = updatedKey;\n updatedKey.users.push(newUser);\n }\n }));\n // update subkeys\n await Promise.all(sourceKey.subkeys.map(async srcSubkey => {\n // multiple subkeys with same fingerprint might be preset\n const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => (\n dstSubkey.hasSameFingerprintAs(srcSubkey)\n ));\n if (subkeysToUpdate.length > 0) {\n await Promise.all(\n subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config))\n );\n } else {\n const newSubkey = srcSubkey.clone();\n newSubkey.mainKey = updatedKey;\n updatedKey.subkeys.push(newSubkey);\n }\n }));\n\n return updatedKey;\n }\n\n /**\n * Get revocation certificate from a revoked key.\n * (To get a revocation certificate for an unrevoked key, call revoke() first.)\n * @param {Date} date - Use the given date instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Armored revocation certificate.\n * @async\n */\n async getRevocationCertificate(date = new Date(), config = defaultConfig) {\n const dataToVerify = { key: this.keyPacket };\n const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config);\n const packetlist = new PacketList();\n packetlist.push(revocationSignature);\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config);\n }\n\n /**\n * Applies a revocation certificate to a key\n * This adds the first signature packet in the armored text to the key,\n * if it is a valid revocation signature.\n * @param {String} revocationCertificate - armored revocation certificate\n * @param {Date} [date] - Date to verify the certificate\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Revoked key.\n * @async\n */\n async applyRevocationCertificate(revocationCertificate, date = new Date(), config = defaultConfig) {\n const input = await unarmor(revocationCertificate, config);\n const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config);\n const revocationSignature = packetlist.findPacket(enums.packet.signature);\n if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {\n throw new Error('Could not find revocation signature packet');\n }\n if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) {\n throw new Error('Revocation signature does not match key');\n }\n try {\n await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config);\n } catch (e) {\n throw util.wrapError('Could not verify revocation signature', e);\n }\n const key = this.clone();\n key.revocationSignatures.push(revocationSignature);\n return key;\n }\n\n /**\n * Signs primary user of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signPrimaryUser(privateKeys, date, userID, config = defaultConfig) {\n const { index, user } = await this.getPrimaryUser(date, userID, config);\n const userSign = await user.certify(privateKeys, date, config);\n const key = this.clone();\n key.users[index] = userSign;\n return key;\n }\n\n /**\n * Signs all users of key\n * @param {Array} privateKeys - decrypted private keys for signing\n * @param {Date} [date] - Use the given date for signing, instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} Key with new certificate signature.\n * @async\n */\n async signAllUsers(privateKeys, date = new Date(), config = defaultConfig) {\n const key = this.clone();\n key.users = await Promise.all(this.users.map(function(user) {\n return user.certify(privateKeys, date, config);\n }));\n return key;\n }\n\n /**\n * Verifies primary user of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [userID] - User ID to get instead of the primary user, if it exists\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const { user } = await this.getPrimaryUser(date, userID, config);\n const results = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n return results;\n }\n\n /**\n * Verifies all users of key\n * - if no arguments are given, verifies the self certificates;\n * - otherwise, verifies all certificates signed with given keys.\n * @param {Array} [verificationKeys] - array of keys to verify certificate signatures\n * @param {Date} [date] - Use the given date for verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} List of userID, signer's keyID and validity of signature.\n * Signature validity is null if the verification keys do not correspond to the certificate.\n * @async\n */\n async verifyAllUsers(verificationKeys, date = new Date(), config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const results = [];\n await Promise.all(this.users.map(async user => {\n const signatures = verificationKeys ?\n await user.verifyAllCertifications(verificationKeys, date, config) :\n [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config).catch(() => false) }];\n\n results.push(...signatures.map(\n signature => ({\n userID: user.userID ? user.userID.userID : null,\n userAttribute: user.userAttribute,\n keyID: signature.keyID,\n valid: signature.valid\n }))\n );\n }));\n return results;\n }\n}\n\n['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => {\n Key.prototype[name] =\n Subkey.prototype[name];\n});\n\nexport default Key;\n","// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor } from '../encoding/armor';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport Key from './key';\n\n/**\n * Class that represents an OpenPGP Public Key\n */\nclass PublicKey extends Key {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.keyPacket = null;\n this.revocationSignatures = [];\n this.directSignatures = [];\n this.users = [];\n this.subkeys = [];\n if (packetlist) {\n this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing public-key packet');\n }\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {false}\n */\n isPrivate() {\n return false;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n return this;\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n}\n\nexport default PublicKey;\n\n","import PublicKey from './public_key';\nimport { armor } from '../encoding/armor';\nimport {\n PacketList,\n PublicKeyPacket,\n PublicSubkeyPacket\n} from '../packet';\nimport defaultConfig from '../config';\nimport enums from '../enums';\nimport * as helper from './helper';\n\n/**\n * Class that represents an OpenPGP Private key\n */\nclass PrivateKey extends PublicKey {\n /**\n * @param {PacketList} packetlist - The packets that form this key\n */\n constructor(packetlist) {\n super();\n this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey]));\n if (!this.keyPacket) {\n throw new Error('Invalid key: missing private-key packet');\n }\n }\n\n /**\n * Returns true if this is a private key\n * @returns {Boolean}\n */\n isPrivate() {\n return true;\n }\n\n /**\n * Returns key as public key (shallow copy)\n * @returns {PublicKey} New public Key\n */\n toPublic() {\n const packetlist = new PacketList();\n const keyPackets = this.toPacketList();\n for (const keyPacket of keyPackets) {\n switch (keyPacket.constructor.tag) {\n case enums.packet.secretKey: {\n const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket);\n packetlist.push(pubKeyPacket);\n break;\n }\n case enums.packet.secretSubkey: {\n const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket);\n packetlist.push(pubSubkeyPacket);\n break;\n }\n default:\n packetlist.push(keyPacket);\n }\n }\n return new PublicKey(packetlist);\n }\n\n /**\n * Returns ASCII armored text of key\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer.\n const emitChecksum = this.keyPacket.version !== 6;\n return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config);\n }\n\n /**\n * Returns all keys that are available for decryption, matching the keyID when given\n * This is useful to retrieve keys for session key decryption\n * @param {module:type/keyid~KeyID} keyID, optional\n * @param {Date} date, optional\n * @param {String} userID, optional\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} Array of decryption keys.\n * @throws {Error} if no decryption key is found\n * @async\n */\n async getDecryptionKeys(keyID, date = new Date(), userID = {}, config = defaultConfig) {\n const primaryKey = this.keyPacket;\n const keys = [];\n let exception = null;\n for (let i = 0; i < this.subkeys.length; i++) {\n if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) {\n if (this.subkeys[i].keyPacket.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n continue;\n }\n\n try {\n const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket };\n const bindingSignature = await helper.getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);\n if (helper.validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config)) {\n keys.push(this.subkeys[i]);\n }\n } catch (e) {\n exception = e;\n }\n }\n }\n\n // evaluate primary key\n const selfCertification = await this.getPrimarySelfSignature(date, userID, config);\n if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && helper.validateDecryptionKeyPacket(primaryKey, selfCertification, config)) {\n if (primaryKey.isDummy()) {\n exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption');\n } else {\n keys.push(this);\n }\n }\n\n if (keys.length === 0) {\n // eslint-disable-next-line @typescript-eslint/no-throw-literal\n throw exception || new Error('No decryption key packets found');\n }\n\n return keys;\n }\n\n /**\n * Returns true if the primary key or any subkey is decrypted.\n * A dummy key is considered encrypted.\n */\n isDecrypted() {\n return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted());\n }\n\n /**\n * Check whether the private and public primary key parameters correspond\n * Together with verification of binding signatures, this guarantees key integrity\n * In case of gnu-dummy primary key, it is enough to validate any signing subkeys\n * otherwise all encryption subkeys are validated\n * If only gnu-dummy keys are found, we cannot properly validate so we throw an error\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @throws {Error} if validation was not successful and the key cannot be trusted\n * @async\n */\n async validate(config = defaultConfig) {\n if (!this.isPrivate()) {\n throw new Error('Cannot validate a public key');\n }\n\n let signingKeyPacket;\n if (!this.keyPacket.isDummy()) {\n signingKeyPacket = this.keyPacket;\n } else {\n /**\n * It is enough to validate any signing keys\n * since its binding signatures are also checked\n */\n const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });\n // This could again be a dummy key\n if (signingKey && !signingKey.keyPacket.isDummy()) {\n signingKeyPacket = signingKey.keyPacket;\n }\n }\n\n if (signingKeyPacket) {\n return signingKeyPacket.validate();\n } else {\n const keys = this.getKeys();\n const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);\n if (allDummies) {\n throw new Error('Cannot validate an all-gnu-dummy key');\n }\n\n return Promise.all(keys.map(async key => key.keyPacket.validate()));\n }\n }\n\n /**\n * Clear private key parameters\n */\n clearPrivateParams() {\n this.getKeys().forEach(({ keyPacket }) => {\n if (keyPacket.isDecrypted()) {\n keyPacket.clearPrivateParams();\n }\n });\n }\n\n /**\n * Revokes the key\n * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation\n * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation\n * @param {Date} date - optional, override the creationtime of the revocation signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New key with revocation signature.\n * @async\n */\n async revoke(\n {\n flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason,\n string: reasonForRevocationString = ''\n } = {},\n date = new Date(),\n config = defaultConfig\n ) {\n if (!this.isPrivate()) {\n throw new Error('Need private key for revoking');\n }\n const dataToSign = { key: this.keyPacket };\n const key = this.clone();\n key.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, [], this.keyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),\n reasonForRevocationString\n }, date, undefined, undefined, undefined, config));\n return key;\n }\n\n\n /**\n * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.\n * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.\n * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.\n * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).\n * Note: Curve448 and Curve25519 are not widely supported yet.\n * @param {String} options.curve (optional) Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date (optional) Override the creation date of the key and the key signatures\n * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false\n * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise}\n * @async\n */\n async addSubkey(options = {}) {\n const config = { ...defaultConfig, ...options.config };\n if (options.passphrase) {\n throw new Error('Subkey could not be encrypted here, please encrypt whole key');\n }\n if (options.rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);\n }\n const secretKeyPacket = this.keyPacket;\n if (secretKeyPacket.isDummy()) {\n throw new Error('Cannot add subkey to gnu-dummy primary key');\n }\n if (!secretKeyPacket.isDecrypted()) {\n throw new Error('Key is not decrypted');\n }\n const defaultOptions = secretKeyPacket.getAlgorithmInfo();\n defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);\n defaultOptions.rsaBits = defaultOptions.bits || 4096;\n defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';\n options = helper.sanitizeKeyOptions(options, defaultOptions);\n // Every subkey for a v4 primary key MUST be a v4 subkey.\n // Every subkey for a v6 primary key MUST be a v6 subkey.\n // For v5 keys, since we dropped generation support, a v4 subkey is added.\n // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.\n const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });\n helper.checkKeyRequirements(keyPacket, config);\n const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);\n const packetList = this.toPacketList();\n packetList.push(keyPacket, bindingSignature);\n return new PrivateKey(packetList);\n }\n}\n\nfunction getDefaultSubkeyType(algoName) {\n const algo = enums.write(enums.publicKey, algoName);\n // NB: no encryption-only algos, since they cannot be in primary keys\n switch (algo) {\n case enums.publicKey.rsaEncrypt:\n case enums.publicKey.rsaEncryptSign:\n case enums.publicKey.rsaSign:\n case enums.publicKey.dsa:\n return 'rsa';\n case enums.publicKey.ecdsa:\n case enums.publicKey.eddsaLegacy:\n return 'ecc';\n case enums.publicKey.ed25519:\n return 'curve25519';\n case enums.publicKey.ed448:\n return 'curve448';\n default:\n throw new Error('Unsupported algorithm');\n }\n}\n\nexport default PrivateKey;\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2015-2016 Decentral\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport {\n PacketList,\n UserIDPacket,\n SignaturePacket,\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserAttributePacket\n} from '../packet';\nimport PrivateKey from './private_key';\nimport PublicKey from './public_key';\nimport * as helper from './helper';\nimport enums from '../enums';\nimport util from '../util';\nimport defaultConfig from '../config';\nimport { unarmor } from '../encoding/armor';\n\n// A Key can contain the following packets\nconst allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([\n PublicKeyPacket,\n PublicSubkeyPacket,\n SecretKeyPacket,\n SecretSubkeyPacket,\n UserIDPacket,\n UserAttributePacket,\n SignaturePacket\n]);\n\n/**\n * Creates a PublicKey or PrivateKey depending on the packetlist in input\n * @param {PacketList} - packets to parse\n * @return {Key} parsed key\n * @throws if no key packet was found\n */\nfunction createKey(packetlist) {\n for (const packet of packetlist) {\n switch (packet.constructor.tag) {\n case enums.packet.secretKey:\n return new PrivateKey(packetlist);\n case enums.packet.publicKey:\n return new PublicKey(packetlist);\n }\n }\n throw new Error('No key packet found');\n}\n\n\n/**\n * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format).\n * @param {String} options.curve Elliptic curve for ECC keys\n * @param {Integer} options.rsaBits Number of bits for RSA keys\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Creation date of the key and the key signatures\n * @param {Object} config - Full configuration\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function generate(options, config) {\n options.sign = true; // primary key is always a signing key\n options = helper.sanitizeKeyOptions(options);\n options.subkeys = options.subkeys.map((subkey, index) => helper.sanitizeKeyOptions(options.subkeys[index], options));\n let promises = [helper.generateSecretKey(options, config)];\n promises = promises.concat(options.subkeys.map(options => helper.generateSecretSubkey(options, config)));\n const packets = await Promise.all(promises);\n\n const key = await wrapKeyObject(packets[0], packets.slice(1), options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n}\n\n/**\n * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys.\n * @param {PrivateKey} options.privateKey The private key to reformat\n * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' }\n * @param {String} options.passphrase Passphrase used to encrypt the resulting private key\n * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires\n * @param {Date} options.date Override the creation date of the key signatures\n * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}]\n * @param {Object} config - Full configuration\n *\n * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>}\n * @async\n * @static\n * @private\n */\nexport async function reformat(options, config) {\n options = sanitize(options);\n const { privateKey } = options;\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot reformat a public key');\n }\n\n if (privateKey.keyPacket.isDummy()) {\n throw new Error('Cannot reformat a gnu-dummy primary key');\n }\n\n const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted());\n if (!isDecrypted) {\n throw new Error('Key is not decrypted');\n }\n\n const secretKeyPacket = privateKey.keyPacket;\n\n if (!options.subkeys) {\n options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => {\n const secretSubkeyPacket = subkey.keyPacket;\n const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };\n const bindingSignature = await (\n helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)\n ).catch(() => ({}));\n return {\n sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)\n };\n }));\n }\n\n const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket);\n if (options.subkeys.length !== secretSubkeyPackets.length) {\n throw new Error('Number of subkey options does not match number of subkeys');\n }\n\n options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options));\n\n const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config);\n const revocationCertificate = await key.getRevocationCertificate(options.date, config);\n key.revocationSignatures = [];\n return { key, revocationCertificate };\n\n function sanitize(options, subkeyDefaults = {}) {\n options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime;\n options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;\n options.date = options.date || subkeyDefaults.date;\n\n return options;\n }\n}\n\n/**\n * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection\n * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked.\n * @param {SecretKeyPacket} secretKeyPacket\n * @param {SecretSubkeyPacket} secretSubkeyPackets\n * @param {Object} options\n * @param {Object} config - Full configuration\n * @returns {PrivateKey}\n */\nasync function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) {\n // set passphrase protection\n if (options.passphrase) {\n await secretKeyPacket.encrypt(options.passphrase, config);\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n await secretSubkeyPacket.encrypt(subkeyPassphrase, config);\n }\n }));\n\n const packetlist = new PacketList();\n packetlist.push(secretKeyPacket);\n\n function createPreferredAlgos(algos, preferredAlgo) {\n return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];\n }\n\n function getKeySignatureProperties() {\n const signatureProperties = {};\n signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];\n const symmetricAlgorithms = createPreferredAlgos([\n // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support)\n enums.symmetric.aes256,\n enums.symmetric.aes128\n ], config.preferredSymmetricAlgorithm);\n signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;\n if (config.aeadProtect) {\n const aeadAlgorithms = createPreferredAlgos([\n enums.aead.gcm,\n enums.aead.eax,\n enums.aead.ocb\n ], config.preferredAEADAlgorithm);\n signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {\n return symmetricAlgorithms.map(symmetricAlgorithm => {\n return [symmetricAlgorithm, aeadAlgorithm];\n });\n });\n }\n signatureProperties.preferredHashAlgorithms = createPreferredAlgos([\n // prefer fast asm.js implementations (SHA-256)\n enums.hash.sha256,\n enums.hash.sha512,\n enums.hash.sha3_256,\n enums.hash.sha3_512\n ], config.preferredHashAlgorithm);\n signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([\n enums.compression.uncompressed,\n enums.compression.zlib,\n enums.compression.zip\n ], config.preferredCompressionAlgorithm);\n // integrity protection always enabled\n signatureProperties.features = [0];\n signatureProperties.features[0] |= enums.features.modificationDetection;\n if (config.aeadProtect) {\n signatureProperties.features[0] |= enums.features.seipdv2;\n }\n if (options.keyExpirationTime > 0) {\n signatureProperties.keyExpirationTime = options.keyExpirationTime;\n signatureProperties.keyNeverExpires = false;\n }\n return signatureProperties;\n }\n\n if (secretKeyPacket.version === 6) { // add direct key signature with key prefs\n const dataToSign = {\n key: secretKeyPacket\n };\n\n const signatureProperties = getKeySignatureProperties();\n signatureProperties.signatureType = enums.signature.key;\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n packetlist.push(signaturePacket);\n }\n\n await Promise.all(options.userIDs.map(async function(userID, index) {\n const userIDPacket = UserIDPacket.fromObject(userID);\n const dataToSign = {\n userID: userIDPacket,\n key: secretKeyPacket\n };\n const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};\n signatureProperties.signatureType = enums.signature.certPositive;\n if (index === 0) {\n signatureProperties.isPrimaryUserID = true;\n }\n\n const signaturePacket = await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);\n\n return { userIDPacket, signaturePacket };\n })).then(list => {\n list.forEach(({ userIDPacket, signaturePacket }) => {\n packetlist.push(userIDPacket);\n packetlist.push(signaturePacket);\n });\n });\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyOptions = options.subkeys[index];\n const subkeySignaturePacket = await helper.createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config);\n return { secretSubkeyPacket, subkeySignaturePacket };\n })).then(packets => {\n packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => {\n packetlist.push(secretSubkeyPacket);\n packetlist.push(subkeySignaturePacket);\n });\n });\n\n // Add revocation signature packet for creating a revocation certificate.\n // This packet should be removed before returning the key.\n const dataToSign = { key: secretKeyPacket };\n packetlist.push(await helper.createSignaturePacket(dataToSign, [], secretKeyPacket, {\n signatureType: enums.signature.keyRevocation,\n reasonForRevocationFlag: enums.reasonForRevocation.noReason,\n reasonForRevocationString: ''\n }, options.date, undefined, undefined, undefined, config));\n\n if (options.passphrase) {\n secretKeyPacket.clearPrivateParams();\n }\n\n await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) {\n const subkeyPassphrase = options.subkeys[index].passphrase;\n if (subkeyPassphrase) {\n secretSubkeyPacket.clearPrivateParams();\n }\n }));\n\n return new PrivateKey(packetlist);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key and returns a key object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);\n return createKey(firstKeyPacketList);\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object\n * @param {Object} options\n * @param {String} [options.armoredKey] - Armored key to be parsed\n * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Key object.\n * @async\n * @static\n */\nexport async function readPrivateKey({ armoredKey, binaryKey, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!armoredKey && !binaryKey) {\n throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`');\n }\n if (armoredKey && !util.isString(armoredKey)) {\n throw new Error('readPrivateKey: options.armoredKey must be a string');\n }\n if (binaryKey && !util.isUint8Array(binaryKey)) {\n throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n let input;\n if (armoredKey) {\n const { type, data } = await unarmor(armoredKey, config);\n if (!(type === enums.armor.privateKey)) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n } else {\n input = binaryKey;\n }\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n return new PrivateKey(firstPrivateKeyList);\n }\n throw new Error('No secret key packet found');\n}\n\n/**\n * Reads an (optionally armored) OpenPGP key block and returns a list of key objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readKeys({ armoredKeys, binaryKeys, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readKeys: options.binaryKeys must be a Uint8Array');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n if (keyIndex.length === 0) {\n throw new Error('No key packet found');\n }\n for (let i = 0; i < keyIndex.length; i++) {\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = createKey(oneKeyList);\n keys.push(newKey);\n }\n return keys;\n}\n\n/**\n * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects\n * @param {Object} options\n * @param {String} [options.armoredKeys] - Armored keys to be parsed\n * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Key objects.\n * @async\n * @static\n */\nexport async function readPrivateKeys({ armoredKeys, binaryKeys, config }) {\n config = { ...defaultConfig, ...config };\n let input = armoredKeys || binaryKeys;\n if (!input) {\n throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`');\n }\n if (armoredKeys && !util.isString(armoredKeys)) {\n throw new Error('readPrivateKeys: options.armoredKeys must be a string');\n }\n if (binaryKeys && !util.isUint8Array(binaryKeys)) {\n throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array');\n }\n if (armoredKeys) {\n const { type, data } = await unarmor(armoredKeys, config);\n if (type !== enums.armor.privateKey) {\n throw new Error('Armored text not of type private key');\n }\n input = data;\n }\n const keys = [];\n const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config);\n const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);\n for (let i = 0; i < keyIndex.length; i++) {\n if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {\n continue;\n }\n const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);\n const newKey = new PrivateKey(oneKeyList);\n keys.push(newKey);\n }\n if (keys.length === 0) {\n throw new Error('No secret key packet found');\n }\n return keys;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { armor, unarmor } from './encoding/armor';\nimport { Argon2OutOfMemoryError } from './type/s2k';\nimport defaultConfig from './config';\nimport crypto from './crypto';\nimport enums from './enums';\nimport util from './util';\nimport { Signature } from './signature';\nimport { getPreferredCipherSuite, createSignaturePacket } from './key';\nimport {\n PacketList,\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n} from './packet';\n\n// A Message can contain the following packets\nconst allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([\n LiteralDataPacket,\n CompressedDataPacket,\n AEADEncryptedDataPacket,\n SymEncryptedIntegrityProtectedDataPacket,\n SymmetricallyEncryptedDataPacket,\n PublicKeyEncryptedSessionKeyPacket,\n SymEncryptedSessionKeyPacket,\n OnePassSignaturePacket,\n SignaturePacket\n]);\n// A SKESK packet can contain the following packets\nconst allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);\n// A detached signature can contain the following packets\nconst allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP message.\n * Can be an encrypted message, signed message, compressed message or literal message\n * See {@link https://tools.ietf.org/html/rfc4880#section-11.3}\n */\nexport class Message {\n /**\n * @param {PacketList} packetlist - The packets that form this message\n */\n constructor(packetlist) {\n this.packets = packetlist || new PacketList();\n }\n\n /**\n * Returns the key IDs of the keys to which the session key is encrypted\n * @returns {Array} Array of keyID objects.\n */\n getEncryptionKeyIDs() {\n const keyIDs = [];\n const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n pkESKeyPacketlist.forEach(function(packet) {\n keyIDs.push(packet.publicKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Returns the key IDs of the keys that signed the message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const msg = this.unwrapCompressed();\n // search for one pass signatures\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);\n if (onePassSigList.length > 0) {\n return onePassSigList.map(packet => packet.issuerKeyID);\n }\n // if nothing found look for signature packets\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n return signatureList.map(packet => packet.issuerKeyID);\n }\n\n /**\n * Decrypt the message. Either a private key, a session key, or a password must be specified.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Date} [date] - Use the given date for key verification instead of the current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with decrypted content.\n * @async\n */\n async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config = defaultConfig) {\n const symEncryptedPacketlist = this.packets.filterByTag(\n enums.packet.symmetricallyEncryptedData,\n enums.packet.symEncryptedIntegrityProtectedData,\n enums.packet.aeadEncryptedData\n );\n\n if (symEncryptedPacketlist.length === 0) {\n throw new Error('No encrypted data found');\n }\n\n const symEncryptedPacket = symEncryptedPacketlist[0];\n const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm;\n\n const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config);\n\n let exception = null;\n const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => {\n if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) {\n throw new Error('Invalid session key for decryption.');\n }\n\n try {\n const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.decrypt(algo, data, config);\n } catch (e) {\n util.printDebugError(e);\n exception = e;\n }\n }));\n // We don't await stream.cancel here because it only returns when the other copy is canceled too.\n stream.cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory.\n symEncryptedPacket.encrypted = null;\n await decryptedPromise;\n\n if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) {\n throw exception || new Error('Decryption failed.');\n }\n\n const resultMsg = new Message(symEncryptedPacket.packets);\n symEncryptedPacket.packets = new PacketList(); // remove packets after decryption\n\n return resultMsg;\n }\n\n /**\n * Decrypt encrypted session keys either with private keys or passwords.\n * @param {Array} [decryptionKeys] - Private keys with decrypted secret data\n * @param {Array} [passwords] - Passwords used to decrypt\n * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable)\n * @param {Date} [date] - Use the given date for key verification, instead of current time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise>} array of object with potential sessionKey, algorithm pairs\n * @async\n */\n async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config = defaultConfig) {\n let decryptedSessionKeyPackets = [];\n\n let exception;\n if (passwords) {\n const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);\n if (skeskPackets.length === 0) {\n throw new Error('No symmetrically encrypted session key packet found.');\n }\n await Promise.all(passwords.map(async function(password, i) {\n let packets;\n if (i) {\n packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config);\n } else {\n packets = skeskPackets;\n }\n await Promise.all(packets.map(async function(skeskPacket) {\n try {\n await skeskPacket.decrypt(password);\n decryptedSessionKeyPackets.push(skeskPacket);\n } catch (err) {\n util.printDebugError(err);\n if (err instanceof Argon2OutOfMemoryError) {\n exception = err;\n }\n }\n }));\n }));\n } else if (decryptionKeys) {\n const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);\n if (pkeskPackets.length === 0) {\n throw new Error('No public key encrypted session key packet found.');\n }\n await Promise.all(pkeskPackets.map(async function(pkeskPacket) {\n await Promise.all(decryptionKeys.map(async function(decryptionKey) {\n let decryptionKeyPackets;\n try {\n // do not check key expiration to allow decryption of old messages\n decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);\n } catch (err) {\n exception = err;\n return;\n }\n\n let algos = [\n enums.symmetric.aes256, // Old OpenPGP.js default fallback\n enums.symmetric.aes128, // RFC4880bis fallback\n enums.symmetric.tripledes, // RFC4880 fallback\n enums.symmetric.cast5 // Golang OpenPGP fallback\n ];\n try {\n const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config); // TODO: Pass userID from somewhere.\n if (selfCertification.preferredSymmetricAlgorithms) {\n algos = algos.concat(selfCertification.preferredSymmetricAlgorithms);\n }\n } catch (e) {}\n\n await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {\n if (!decryptionKeyPacket.isDecrypted()) {\n throw new Error('Decryption key is not decrypted.');\n }\n\n // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set.\n const doConstantTimeDecryption = config.constantTimePKCS1Decryption && (\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign ||\n pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal\n );\n\n if (doConstantTimeDecryption) {\n // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message,\n // either with the successfully decrypted session key, or with a randomly generated one.\n // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on\n // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`:\n // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the\n // randomly generated keys of the remaining key types.\n // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly\n // generated session keys.\n // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.\n\n const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times\n await Promise.all((\n expectedSymmetricAlgorithm ?\n [expectedSymmetricAlgorithm] :\n Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)\n ).map(async sessionKeyAlgorithm => {\n const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();\n pkeskPacketCopy.read(serialisedPKESK);\n const randomSessionKey = {\n sessionKeyAlgorithm,\n sessionKey: crypto.generateSessionKey(sessionKeyAlgorithm)\n };\n try {\n await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey);\n decryptedSessionKeyPackets.push(pkeskPacketCopy);\n } catch (err) {\n // `decrypt` can still throw some non-security-sensitive errors\n util.printDebugError(err);\n exception = err;\n }\n }));\n\n } else {\n try {\n await pkeskPacket.decrypt(decryptionKeyPacket);\n const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm;\n if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) {\n throw new Error('A non-preferred symmetric algorithm was used.');\n }\n decryptedSessionKeyPackets.push(pkeskPacket);\n } catch (err) {\n util.printDebugError(err);\n exception = err;\n }\n }\n }));\n }));\n stream.cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory.\n pkeskPacket.encrypted = null;\n }));\n } else {\n throw new Error('No key or password specified.');\n }\n\n if (decryptedSessionKeyPackets.length > 0) {\n // Return only unique session keys\n if (decryptedSessionKeyPackets.length > 1) {\n const seen = new Set();\n decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => {\n const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey);\n if (seen.has(k)) {\n return false;\n }\n seen.add(k);\n return true;\n });\n }\n\n return decryptedSessionKeyPackets.map(packet => ({\n data: packet.sessionKey,\n algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm)\n }));\n }\n throw exception || new Error('Session key decryption failed.');\n }\n\n /**\n * Get literal data that is the body of the message\n * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array.\n */\n getLiteralData() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getBytes()) || null;\n }\n\n /**\n * Get filename from literal data packet\n * @returns {(String|null)} Filename of literal data packet as string.\n */\n getFilename() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n return (literal && literal.getFilename()) || null;\n }\n\n /**\n * Get literal data as text\n * @returns {(String|null)} Literal body of the message interpreted as text.\n */\n getText() {\n const msg = this.unwrapCompressed();\n const literal = msg.packets.findPacket(enums.packet.literalData);\n if (literal) {\n return literal.getText();\n }\n return null;\n }\n\n /**\n * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.\n * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for\n * @param {Date} [date] - Date to select algorithm preferences at\n * @param {Array} [userIDs] - User IDs to select algorithm preferences for\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms.\n * @async\n */\n static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config);\n const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo);\n const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined;\n\n await Promise.all(encryptionKeys.map(key => key.getEncryptionKey()\n .catch(() => null) // ignore key strength requirements\n .then(maybeKey => {\n if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) &&\n !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted\n throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.');\n }\n })\n ));\n\n const sessionKeyData = crypto.generateSessionKey(symmetricAlgo);\n return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName };\n }\n\n /**\n * Encrypt the message either with public keys, passwords, or both at once.\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - Password(s) for message encryption\n * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]\n * @param {Date} [date] - Override the creation date of the literal package\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n if (sessionKey) {\n if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {\n throw new Error('Invalid session key for encryption.');\n }\n } else if (encryptionKeys && encryptionKeys.length) {\n sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);\n } else if (passwords && passwords.length) {\n sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);\n } else {\n throw new Error('No keys, passwords, or session key provided.');\n }\n\n const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey;\n\n const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);\n\n const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({\n version: aeadAlgorithmName ? 2 : 1,\n aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null\n });\n symEncryptedPacket.packets = this.packets;\n\n const algorithm = enums.write(enums.symmetric, algorithmName);\n await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config);\n\n msg.packets.push(symEncryptedPacket);\n symEncryptedPacket.packets = new PacketList(); // remove packets after encryption\n return msg;\n }\n\n /**\n * Encrypt a session key either with public keys, passwords, or both at once.\n * @param {Uint8Array} sessionKey - session key for encryption\n * @param {String} algorithmName - session key algorithm\n * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {Array} [encryptionKeys] - Public key(s) for message encryption\n * @param {Array} [passwords] - For message encryption\n * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs\n * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [date] - Override the date\n * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with encrypted content.\n * @async\n */\n static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {\n const packetlist = new PacketList();\n const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName);\n const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName);\n\n if (encryptionKeys) {\n const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {\n const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);\n\n const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({\n version: aeadAlgorithm ? 6 : 3,\n encryptionKeyPacket: encryptionKey.keyPacket,\n anonymousRecipient: wildcard,\n sessionKey,\n sessionKeyAlgorithm: symmetricAlgorithm\n });\n\n await pkESKeyPacket.encrypt(encryptionKey.keyPacket);\n delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption\n return pkESKeyPacket;\n }));\n packetlist.push(...results);\n }\n if (passwords) {\n const testDecrypt = async function(keyPacket, password) {\n try {\n await keyPacket.decrypt(password);\n return 1;\n } catch (e) {\n return 0;\n }\n };\n\n const sum = (accumulator, currentValue) => accumulator + currentValue;\n\n const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) {\n const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config);\n symEncryptedSessionKeyPacket.sessionKey = sessionKey;\n symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm;\n if (aeadAlgorithm) {\n symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm;\n }\n await symEncryptedSessionKeyPacket.encrypt(password, config);\n\n if (config.passwordCollisionCheck) {\n const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd)));\n if (results.reduce(sum) !== 1) {\n return encryptPassword(sessionKey, algorithm, password);\n }\n }\n\n delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption\n return symEncryptedSessionKeyPacket;\n };\n\n const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd)));\n packetlist.push(...results);\n }\n\n return new Message(packetlist);\n }\n\n /**\n * Sign the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to add to the message\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New message with signed content.\n * @async\n */\n async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const packetlist = new PacketList();\n\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n\n const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config); // this returns the existing signature packets as well\n const onePassSignaturePackets = signaturePackets.map(\n (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0))\n .reverse(); // innermost OPS refers to the first signature packet\n\n packetlist.push(...onePassSignaturePackets);\n packetlist.push(literalDataPacket);\n packetlist.push(...signaturePackets);\n\n return new Message(packetlist);\n }\n\n /**\n * Compresses the message (the literal and -if signed- signature data packets of the message)\n * @param {module:enums.compression} algo - compression algorithm\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Message} New message with compressed content.\n */\n compress(algo, config = defaultConfig) {\n if (algo === enums.compression.uncompressed) {\n return this;\n }\n\n const compressed = new CompressedDataPacket(config);\n compressed.algorithm = algo;\n compressed.packets = this.packets;\n\n const packetList = new PacketList();\n packetList.push(compressed);\n\n return new Message(packetList);\n }\n\n /**\n * Create a detached signature for the message (the literal data packet of the message)\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creation time of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New detached signature of message content.\n * @async\n */\n async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = this.packets.findPacket(enums.packet.literalData);\n if (!literalDataPacket) {\n throw new Error('No literal data packet to sign.');\n }\n return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config));\n }\n\n /**\n * Verify message signatures\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signatures.\n * @async\n */\n async verify(verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n if (stream.isArrayStream(msg.packets.stream)) {\n msg.packets.push(...await stream.readToEnd(msg.packets.stream, _ => _ || []));\n }\n const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse();\n const signatureList = msg.packets.filterByTag(enums.packet.signature);\n if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !stream.isArrayStream(msg.packets.stream)) {\n await Promise.all(onePassSigList.map(async onePassSig => {\n onePassSig.correspondingSig = new Promise((resolve, reject) => {\n onePassSig.correspondingSigResolve = resolve;\n onePassSig.correspondingSigReject = reject;\n });\n onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);\n onePassSig.hashed = stream.readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false));\n onePassSig.hashed.catch(() => {});\n }));\n msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {\n const reader = stream.getReader(readable);\n const writer = stream.getWriter(writable);\n try {\n for (let i = 0; i < onePassSigList.length; i++) {\n const { value: signature } = await reader.read();\n onePassSigList[i].correspondingSigResolve(signature);\n }\n await reader.readToEnd();\n await writer.ready;\n await writer.close();\n } catch (e) {\n onePassSigList.forEach(onePassSig => {\n onePassSig.correspondingSigReject(e);\n });\n await writer.abort(e);\n }\n });\n return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);\n }\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);\n }\n\n /**\n * Verify detached message signature\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Signature} signature\n * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {\n const msg = this.unwrapCompressed();\n const literalDataList = msg.packets.filterByTag(enums.packet.literalData);\n if (literalDataList.length !== 1) {\n throw new Error('Can only verify message with one literal data packet.');\n }\n const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);\n }\n\n /**\n * Unwrap compressed message\n * @returns {Message} Message Content of compressed message.\n */\n unwrapCompressed() {\n const compressed = this.packets.filterByTag(enums.packet.compressedData);\n if (compressed.length) {\n return new Message(compressed[0].packets);\n }\n return this;\n }\n\n /**\n * Append signature to unencrypted message object\n * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n */\n async appendSignature(detachedSignature, config = defaultConfig) {\n await this.packets.read(\n util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,\n allowedDetachedSignaturePackets,\n config\n );\n }\n\n /**\n * Returns binary encoded message\n * @returns {ReadableStream} Binary message.\n */\n write() {\n return this.packets.write();\n }\n\n /**\n * Returns ASCII armored text of message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n const trailingPacket = this.packets[this.packets.length - 1];\n // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer.\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ?\n trailingPacket.version !== 2 :\n this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6);\n return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config);\n }\n}\n\n/**\n * Create signature packets for the message\n * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign\n * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing\n * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature to append\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [date] - Override the creationtime of the signature\n * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures\n * @param {Boolean} [detached] - Whether to create detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} List of signature packets.\n * @async\n * @private\n */\nexport async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config = defaultConfig) {\n const packetlist = new PacketList();\n\n // If data packet was created from Uint8Array, use binary, otherwise use text\n const signatureType = literalDataPacket.text === null ?\n enums.signature.binary : enums.signature.text;\n\n await Promise.all(signingKeys.map(async (primaryKey, i) => {\n const signingUserID = signingUserIDs[i];\n if (!primaryKey.isPrivate()) {\n throw new Error('Need private key for signing');\n }\n const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config);\n return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config);\n })).then(signatureList => {\n packetlist.push(...signatureList);\n });\n\n if (signature) {\n const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature);\n packetlist.push(...existingSigPacketlist);\n }\n return packetlist;\n}\n\n/**\n * Create object containing signer's keyID and validity of signature\n * @param {SignaturePacket} signature - Signature packet\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} [date] - Check signature validity with respect to the given date\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise<{\n * keyID: module:type/keyid~KeyID,\n * signature: Promise,\n * verified: Promise\n * }>} signer's keyID and validity of signature\n * @async\n * @private\n */\nasync function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n let primaryKey;\n let unverifiedSigningKey;\n\n for (const key of verificationKeys) {\n const issuerKeys = key.getKeys(signature.issuerKeyID);\n if (issuerKeys.length > 0) {\n primaryKey = key;\n unverifiedSigningKey = issuerKeys[0];\n break;\n }\n }\n\n const isOnePassSignature = signature instanceof OnePassSignaturePacket;\n const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature;\n\n const verifiedSig = {\n keyID: signature.issuerKeyID,\n verified: (async () => {\n if (!unverifiedSigningKey) {\n throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`);\n }\n\n await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config);\n const signaturePacket = await signaturePacketPromise;\n if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) {\n throw new Error('Key is newer than the signature');\n }\n // We pass the signature creation time to check whether the key was expired at the time of signing.\n // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before\n try {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config);\n } catch (e) {\n // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature,\n // making the key invalid at the time of signing.\n // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled.\n // Note: we do not support the edge case of a key that was reformatted and it has expired.\n if (config.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) {\n await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config);\n } else {\n throw e;\n }\n }\n return true;\n })(),\n signature: (async () => {\n const signaturePacket = await signaturePacketPromise;\n const packetlist = new PacketList();\n signaturePacket && packetlist.push(signaturePacket);\n return new Signature(packetlist);\n })()\n };\n\n // Mark potential promise rejections as \"handled\". This is needed because in\n // some cases, we reject them before the user has a reasonable chance to\n // handle them (e.g. `await readToEnd(result.data); await result.verified` and\n // the data stream errors).\n verifiedSig.signature.catch(() => {});\n verifiedSig.verified.catch(() => {});\n\n return verifiedSig;\n}\n\n/**\n * Create list of objects containing signer's keyID and validity of signature\n * @param {Array} signatureList - Array of signature packets\n * @param {Array} literalDataList - Array of literal data packets\n * @param {Array} verificationKeys - Array of public keys to verify signatures\n * @param {Date} date - Verify the signature against the given date,\n * i.e. check signature creation time < date < expiration time\n * @param {Boolean} [detached] - Whether to verify detached signature packets\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input)\n * @async\n * @private\n */\nexport async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {\n return Promise.all(signatureList.filter(function(signature) {\n return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));\n }).map(async function(signature) {\n return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);\n }));\n}\n\n/**\n * Reads an (optionally armored) OpenPGP message and returns a Message object\n * @param {Object} options\n * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed\n * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function readMessage({ armoredMessage, binaryMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n let input = armoredMessage || binaryMessage;\n if (!input) {\n throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`');\n }\n if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) {\n throw new Error('readMessage: options.armoredMessage must be a string or stream');\n }\n if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) {\n throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n if (armoredMessage) {\n const { type, data } = await unarmor(input, config);\n if (type !== enums.armor.message) {\n throw new Error('Armored text not of type message');\n }\n input = data;\n }\n const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config);\n const message = new Message(packetlist);\n message.fromStream = streamType;\n return message;\n}\n\n/**\n * Creates new message object from text or binary data.\n * @param {Object} options\n * @param {String | ReadableStream} [options.text] - The text message contents\n * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents\n * @param {String} [options.filename=\"\"] - Name of the file (if any)\n * @param {Date} [options.date=current date] - Date of the message, or modification date of the file\n * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type\n * @returns {Promise} New message object.\n * @async\n * @static\n */\nexport async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) {\n const input = text !== undefined ? text : binary;\n if (input === undefined) {\n throw new Error('createMessage: must pass options object containing `text` or `binary`');\n }\n if (text && !util.isString(text) && !util.isStream(text)) {\n throw new Error('createMessage: options.text must be a string or stream');\n }\n if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) {\n throw new Error('createMessage: options.binary must be a Uint8Array or stream');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const streamType = util.isStream(input);\n const literalDataPacket = new LiteralDataPacket(date);\n if (text !== undefined) {\n literalDataPacket.setText(input, enums.write(enums.literal, format));\n } else {\n literalDataPacket.setBytes(input, enums.write(enums.literal, format));\n }\n if (filename !== undefined) {\n literalDataPacket.setFilename(filename);\n }\n const literalDataPacketlist = new PacketList();\n literalDataPacketlist.push(literalDataPacket);\n const message = new Message(literalDataPacketlist);\n message.fromStream = streamType;\n return message;\n}\n","// GPG4Browsers - An OpenPGP implementation in javascript\n// Copyright (C) 2011 Recurity Labs GmbH\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport { armor, unarmor } from './encoding/armor';\nimport enums from './enums';\nimport util from './util';\nimport { PacketList, LiteralDataPacket, SignaturePacket } from './packet';\nimport { Signature } from './signature';\nimport { createVerificationObjects, createSignaturePackets } from './message';\nimport defaultConfig from './config';\n\n// A Cleartext message can contain the following packets\nconst allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]);\n\n/**\n * Class that represents an OpenPGP cleartext signed message.\n * See {@link https://tools.ietf.org/html/rfc4880#section-7}\n */\nexport class CleartextMessage {\n /**\n * @param {String} text - The cleartext of the signed message\n * @param {Signature} signature - The detached signature or an empty signature for unsigned messages\n */\n constructor(text, signature) {\n // remove trailing whitespace and normalize EOL to canonical form \n this.text = util.removeTrailingSpaces(text).replace(/\\r?\\n/g, '\\r\\n');\n if (signature && !(signature instanceof Signature)) {\n throw new Error('Invalid signature input');\n }\n this.signature = signature || new Signature(new PacketList());\n }\n\n /**\n * Returns the key IDs of the keys that signed the cleartext message\n * @returns {Array} Array of keyID objects.\n */\n getSigningKeyIDs() {\n const keyIDs = [];\n const signatureList = this.signature.packets;\n signatureList.forEach(function(packet) {\n keyIDs.push(packet.issuerKeyID);\n });\n return keyIDs;\n }\n\n /**\n * Sign the cleartext message\n * @param {Array} signingKeys - private keys with decrypted secret key data for signing\n * @param {Array} recipientKeys - recipient keys to get the signing preferences from\n * @param {Signature} [signature] - Any existing detached signature\n * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]\n * @param {Date} [date] - The creation time of the signature that should be created\n * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]\n * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from\n * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise} New cleartext message with signed content.\n * @async\n */\n async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config = defaultConfig) {\n const literalDataPacket = new LiteralDataPacket();\n literalDataPacket.setText(this.text);\n const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config));\n return new CleartextMessage(this.text, newSignature);\n }\n\n /**\n * Verify signatures of cleartext signed message\n * @param {Array} keys - Array of keys to verify signatures\n * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {Promise,\n * verified: Promise\n * }>>} List of signer's keyID and validity of signature.\n * @async\n */\n verify(keys, date = new Date(), config = defaultConfig) {\n const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets\n const literalDataPacket = new LiteralDataPacket();\n // we assume that cleartext signature is generated based on UTF8 cleartext\n literalDataPacket.setText(this.text);\n return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config);\n }\n\n /**\n * Get cleartext\n * @returns {String} Cleartext of message.\n */\n getText() {\n // normalize end of line to \\n\n return this.text.replace(/\\r\\n/g, '\\n');\n }\n\n /**\n * Returns ASCII armored text of cleartext signed message\n * @param {Object} [config] - Full configuration, defaults to openpgp.config\n * @returns {String | ReadableStream} ASCII armor.\n */\n armor(config = defaultConfig) {\n // emit header and checksum if one of the signatures has a version not 6\n const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6);\n const hash = emitHeaderAndChecksum ?\n Array.from(new Set(this.signature.packets.map(\n packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase()\n ))).join() :\n null;\n\n const body = {\n hash,\n text: this.text,\n data: this.signature.packets.write()\n };\n\n // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer.\n return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config);\n }\n}\n\n/**\n * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object\n * @param {Object} options\n * @param {String} options.cleartextMessage - Text to be parsed\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} New cleartext message object.\n * @async\n * @static\n */\nexport async function readCleartextMessage({ cleartextMessage, config, ...rest }) {\n config = { ...defaultConfig, ...config };\n if (!cleartextMessage) {\n throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`');\n }\n if (!util.isString(cleartextMessage)) {\n throw new Error('readCleartextMessage: options.cleartextMessage must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n const input = await unarmor(cleartextMessage);\n if (input.type !== enums.armor.signed) {\n throw new Error('No cleartext signed message.');\n }\n const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config);\n verifyHeaders(input.headers, packetlist);\n const signature = new Signature(packetlist);\n return new CleartextMessage(input.text, signature);\n}\n\n/**\n * Compare hash algorithm specified in the armor header with signatures\n * @param {Array} headers - Armor headers\n * @param {PacketList} packetlist - The packetlist with signature packets\n * @private\n */\nfunction verifyHeaders(headers, packetlist) {\n const checkHashAlgos = function(hashAlgos) {\n const check = packet => algo => packet.hashAlgorithm === algo;\n\n for (let i = 0; i < packetlist.length; i++) {\n if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) {\n return false;\n }\n }\n return true;\n };\n\n const hashAlgos = [];\n headers.forEach(header => {\n const hashHeader = header.match(/^Hash: (.+)$/); // get header value\n if (hashHeader) {\n const parsedHashIDs = hashHeader[1]\n .replace(/\\s/g, '') // remove whitespace\n .split(',')\n .map(hashName => {\n try {\n return enums.write(enums.hash, hashName.toLowerCase());\n } catch (e) {\n throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase());\n }\n });\n hashAlgos.push(...parsedHashIDs);\n } else {\n throw new Error('Only \"Hash\" header allowed in cleartext signed message');\n }\n });\n\n if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {\n throw new Error('Hash algorithm mismatch in armor header and signature');\n }\n}\n\n/**\n * Creates a new CleartextMessage object from text\n * @param {Object} options\n * @param {String} options.text\n * @static\n * @async\n */\nexport async function createCleartextMessage({ text, ...rest }) {\n if (!text) {\n throw new Error('createCleartextMessage: must pass options object containing `text`');\n }\n if (!util.isString(text)) {\n throw new Error('createCleartextMessage: options.text must be a string');\n }\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n return new CleartextMessage(text);\n}\n","// OpenPGP.js - An OpenPGP implementation in javascript\n// Copyright (C) 2016 Tankred Hase\n//\n// This library is free software; you can redistribute it and/or\n// modify it under the terms of the GNU Lesser General Public\n// License as published by the Free Software Foundation; either\n// version 3.0 of the License, or (at your option) any later version.\n//\n// This library is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n// Lesser General Public License for more details.\n//\n// You should have received a copy of the GNU Lesser General Public\n// License along with this library; if not, write to the Free Software\n// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n\nimport * as stream from '@openpgp/web-stream-tools';\nimport { Message } from './message';\nimport { CleartextMessage } from './cleartext';\nimport { generate, reformat, getPreferredCompressionAlgo } from './key';\nimport defaultConfig from './config';\nimport util from './util';\nimport { checkKeyRequirements } from './key/helper';\n\n\n//////////////////////\n// //\n// Key handling //\n// //\n//////////////////////\n\n\n/**\n * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.\n * By default, primary and subkeys will be of same type.\n * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.\n * @param {Object} options\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).\n * Note: Curve448 and Curve25519 (new format) are not widely supported yet.\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys\n * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:\n * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,\n * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1\n * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]`\n * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n if (!type && !curve) {\n type = config.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them)\n curve = 'curve25519Legacy'; // unused with type != 'ecc'\n } else {\n type = type || 'ecc';\n curve = curve || 'curve25519Legacy';\n }\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && !config.v6Keys) {\n throw new Error('UserIDs are required for V4 keys');\n }\n if (type === 'rsa' && rsaBits < config.minRSABits) {\n throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);\n }\n\n const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };\n\n try {\n const { key, revocationCertificate } = await generate(options, config);\n key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config));\n\n return {\n privateKey: formatObject(key, format, config),\n publicKey: formatObject(key.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error generating keypair', err);\n }\n}\n\n/**\n * Reformats signature packets for a key and rewraps key object.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - Private key to reformat\n * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`\n * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted.\n * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires\n * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended\n * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key.\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The generated key object in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String }\n * @async\n * @static\n */\nexport async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n userIDs = toArray(userIDs);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) {\n throw new Error('UserIDs are required for V4 keys');\n }\n const options = { privateKey, userIDs, passphrase, keyExpirationTime, date };\n\n try {\n const { key: reformattedKey, revocationCertificate } = await reformat(options, config);\n\n return {\n privateKey: formatObject(reformattedKey, format, config),\n publicKey: formatObject(reformattedKey.toPublic(), format, config),\n revocationCertificate\n };\n } catch (err) {\n throw util.wrapError('Error reformatting keypair', err);\n }\n}\n\n/**\n * Revokes a key. Requires either a private key or a revocation certificate.\n * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored.\n * @param {Object} options\n * @param {Key} options.key - Public or private key to revoke\n * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with\n * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation\n * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation\n * @param {String} [options.reasonForRevocation.string=\"\"] - String explaining the reason for revocation\n * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The revoked key in the form:\n * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or\n * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise\n * @async\n * @static\n */\nexport async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const revokedKey = revocationCertificate ?\n await key.applyRevocationCertificate(revocationCertificate, date, config) :\n await key.revoke(reasonForRevocation, date, config);\n\n return revokedKey.isPrivate() ? {\n privateKey: formatObject(revokedKey, format, config),\n publicKey: formatObject(revokedKey.toPublic(), format, config)\n } : {\n privateKey: null,\n publicKey: formatObject(revokedKey, format, config)\n };\n } catch (err) {\n throw util.wrapError('Error revoking key', err);\n }\n}\n\n/**\n * Unlock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to decrypt\n * @param {String|Array} options.passphrase - The user's passphrase(s)\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The unlocked key object.\n * @async\n */\nexport async function decryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot decrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];\n\n try {\n await Promise.all(clonedPrivateKey.getKeys().map(key => (\n // try to decrypt each key with any of the given passphrases\n util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))\n )));\n\n await clonedPrivateKey.validate(config);\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error decrypting private key', err);\n }\n}\n\n/**\n * Lock a private key with the given passphrase.\n * This method does not change the original key.\n * @param {Object} options\n * @param {PrivateKey} options.privateKey - The private key to encrypt\n * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} The locked key object.\n * @async\n */\nexport async function encryptKey({ privateKey, passphrase, config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!privateKey.isPrivate()) {\n throw new Error('Cannot encrypt a public key');\n }\n const clonedPrivateKey = privateKey.clone(true);\n\n const keys = clonedPrivateKey.getKeys();\n const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);\n if (passphrases.length !== keys.length) {\n throw new Error('Invalid number of passphrases given for key encryption');\n }\n\n try {\n await Promise.all(keys.map(async (key, i) => {\n const { keyPacket } = key;\n await keyPacket.encrypt(passphrases[i], config);\n keyPacket.clearPrivateParams();\n }));\n return clonedPrivateKey;\n } catch (err) {\n clonedPrivateKey.clearPrivateParams();\n throw util.wrapError('Error encrypting private key', err);\n }\n}\n\n\n///////////////////////////////////////////\n// //\n// Message encryption and decryption //\n// //\n///////////////////////////////////////////\n\n\n/**\n * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`\n * must be specified. If signing keys are specified, those will be used to sign the message.\n * @param {Object} options\n * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message\n * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed\n * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message\n * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Signature} [options.signature] - A detached signature to add to the encrypted message\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`\n * @param {Date} [options.date=current date] - Override the creation date of the message signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords);\n signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations);\n if (rest.detached) {\n throw new Error(\"The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.\");\n }\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead');\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (!signingKeys) {\n signingKeys = [];\n }\n\n try {\n if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified\n message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config);\n }\n message = message.compress(\n await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config),\n config\n );\n message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n if (format === 'object') return message;\n // serialize data\n const armor = format === 'armored';\n const data = armor ? message.armor(config) : message.write();\n return await convertStream(data);\n } catch (err) {\n throw util.wrapError('Error encrypting message', err);\n }\n}\n\n/**\n * Decrypts a message with the user's private key, a session key or a password.\n * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported).\n * @param {Object} options\n * @param {Message} options.message - The message object with the encrypted data\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the message\n * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }\n * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing decrypted and verified message in the form:\n *\n * {\n * data: MaybeStream, (if format was 'utf8', the default)\n * data: MaybeStream, (if format was 'binary')\n * filename: String,\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead');\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config);\n if (!verificationKeys) {\n verificationKeys = [];\n }\n\n const result = {};\n result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);\n result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();\n result.filename = decrypted.getFilename();\n linkStreams(result, message);\n if (expectSigned) {\n if (verificationKeys.length === 0) {\n throw new Error('Verification keys are required to verify message signatures');\n }\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error decrypting message', err);\n }\n}\n\n\n//////////////////////////////////////////\n// //\n// Message signing and verification //\n// //\n//////////////////////////////////////////\n\n\n/**\n * Signs a message.\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed\n * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext\n * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from\n * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message\n * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature\n * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]\n * @param {Date} [options.date=current date] - Override the creation date of the signature\n * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`\n * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys`\n * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); checkOutputMessageFormat(format);\n signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations);\n\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead');\n if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format');\n if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message');\n\n if (!signingKeys || signingKeys.length === 0) {\n throw new Error('No signing keys provided');\n }\n\n try {\n let signature;\n if (detached) {\n signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n } else {\n signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config);\n }\n if (format === 'object') return signature;\n\n const armor = format === 'armored';\n signature = armor ? signature.armor(config) : signature.write();\n if (detached) {\n signature = stream.transformPair(message.packets.write(), async (readable, writable) => {\n await Promise.all([\n stream.pipe(signature, writable),\n stream.readToEnd(readable).catch(() => {})\n ]);\n });\n }\n return await convertStream(signature);\n } catch (err) {\n throw util.wrapError('Error signing message', err);\n }\n}\n\n/**\n * Verifies signatures of cleartext signed message\n * @param {Object} options\n * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures\n * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures\n * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys\n * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.\n * @param {Signature} [options.signature] - Detached signature for verification\n * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Object containing verified message in the form:\n *\n * {\n * data: MaybeStream, (if `message` was a CleartextMessage)\n * data: MaybeStream, (if `message` was a Message)\n * signatures: [\n * {\n * keyID: module:type/keyid~KeyID,\n * verified: Promise,\n * signature: Promise\n * }, ...\n * ]\n * }\n *\n * where `signatures` contains a separate entry for each signature packet found in the input message.\n * @async\n * @static\n */\nexport async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if (message instanceof CleartextMessage && format === 'binary') throw new Error(\"Can't return cleartext message data as binary\");\n if (message instanceof CleartextMessage && signature) throw new Error(\"Can't verify detached cleartext signature\");\n\n try {\n const result = {};\n if (signature) {\n result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);\n } else {\n result.signatures = await message.verify(verificationKeys, date, config);\n }\n result.data = format === 'binary' ? message.getLiteralData() : message.getText();\n if (message.fromStream && !signature) linkStreams(result, message);\n if (expectSigned) {\n if (result.signatures.length === 0) {\n throw new Error('Message is not signed');\n }\n result.data = stream.concat([\n result.data,\n stream.fromAsync(async () => {\n await util.anyPromise(result.signatures.map(sig => sig.verified));\n })\n ]);\n }\n result.data = await convertStream(result.data);\n return result;\n } catch (err) {\n throw util.wrapError('Error verifying signed message', err);\n }\n}\n\n\n///////////////////////////////////////////////\n// //\n// Session key encryption and decryption //\n// //\n///////////////////////////////////////////////\n\n/**\n * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.\n * @param {Object} options\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm}\n * @param {Date} [options.date=current date] - Date to select algorithm preferences at\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.\n * @async\n * @static\n */\nexport async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error generating session key', err);\n }\n}\n\n/**\n * Encrypt a symmetric session key with public keys, passwords, or both at once.\n * At least one of `encryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)\n * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'\n * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'\n * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key\n * @param {String|String[]} [options.passwords] - Passwords for the message\n * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value\n * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs\n * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]\n * @param {Date} [options.date=current date] - Override the date\n * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).\n * @async\n * @static\n */\nexport async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format);\n encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs);\n if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {\n throw new Error('No encryption keys or passwords provided.');\n }\n\n try {\n const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);\n return formatObject(message, format, config);\n } catch (err) {\n throw util.wrapError('Error encrypting session key', err);\n }\n}\n\n/**\n * Decrypt symmetric session keys using private keys or passwords (not both).\n * One of `decryptionKeys` or `passwords` must be specified.\n * @param {Object} options\n * @param {Message} options.message - A message object containing the encrypted session key packets\n * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data\n * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key\n * @param {Date} [options.date] - Date to use for key verification instead of the current time\n * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}\n * @returns {Promise} Array of decrypted session key, algorithm pairs in the form:\n * { data:Uint8Array, algorithm:String }\n * @throws if no session key could be found or decrypted\n * @async\n * @static\n */\nexport async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config, ...rest }) {\n config = { ...defaultConfig, ...config }; checkConfig(config);\n checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);\n if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead');\n const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);\n\n try {\n const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config);\n return sessionKeys;\n } catch (err) {\n throw util.wrapError('Error decrypting session keys', err);\n }\n}\n\n\n//////////////////////////\n// //\n// Helper functions //\n// //\n//////////////////////////\n\n\n/**\n * Input validation\n * @private\n */\nfunction checkString(data, name) {\n if (!util.isString(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type String');\n }\n}\nfunction checkBinary(data, name) {\n if (!util.isUint8Array(data)) {\n throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');\n }\n}\nfunction checkMessage(message) {\n if (!(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message');\n }\n}\nfunction checkCleartextOrMessage(message) {\n if (!(message instanceof CleartextMessage) && !(message instanceof Message)) {\n throw new Error('Parameter [message] needs to be of type Message or CleartextMessage');\n }\n}\nfunction checkOutputMessageFormat(format) {\n if (format !== 'armored' && format !== 'binary' && format !== 'object') {\n throw new Error(`Unsupported format ${format}`);\n }\n}\nconst defaultConfigPropsCount = Object.keys(defaultConfig).length;\nfunction checkConfig(config) {\n const inputConfigProps = Object.keys(config);\n if (inputConfigProps.length !== defaultConfigPropsCount) {\n for (const inputProp of inputConfigProps) {\n if (defaultConfig[inputProp] === undefined) {\n throw new Error(`Unknown config property: ${inputProp}`);\n }\n }\n }\n}\n\n/**\n * Normalize parameter to an array if it is not undefined.\n * @param {Object} param - the parameter to be normalized\n * @returns {Array|undefined} The resulting array or undefined.\n * @private\n */\nfunction toArray(param) {\n if (param && !util.isArray(param)) {\n param = [param];\n }\n return param;\n}\n\n/**\n * Convert data to or from Stream\n * @param {Object} data - the data to convert\n * @returns {Promise} The data in the respective format.\n * @async\n * @private\n */\nasync function convertStream(data) {\n const streamType = util.isStream(data);\n if (streamType === 'array') {\n return stream.readToEnd(data);\n }\n return data;\n}\n\n/**\n * Link result.data to the message stream for cancellation.\n * Also, forward errors in the message to result.data.\n * @param {Object} result - the data to convert\n * @param {Message} message - message object\n * @returns {Object}\n * @private\n */\nfunction linkStreams(result, message) {\n result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {\n await stream.pipe(result.data, writable, {\n preventClose: true\n });\n const writer = stream.getWriter(writable);\n try {\n // Forward errors in the message stream to result.data.\n await stream.readToEnd(readable, _ => _);\n await writer.close();\n } catch (e) {\n await writer.abort(e);\n }\n });\n}\n\n/**\n * Convert the object to the given format\n * @param {Key|Message} object\n * @param {'armored'|'binary'|'object'} format\n * @param {Object} config - Full configuration\n * @returns {String|Uint8Array|Object}\n */\nfunction formatObject(object, format, config) {\n switch (format) {\n case 'object':\n return object;\n case 'armored':\n return object.armor(config);\n case 'binary':\n return object.write();\n default:\n throw new Error(`Unsupported format ${format}`);\n }\n}\n","function number(n) {\n if (!Number.isSafeInteger(n) || n < 0)\n throw new Error(`positive integer expected, not ${n}`);\n}\nfunction bool(b) {\n if (typeof b !== 'boolean')\n throw new Error(`boolean expected, not ${b}`);\n}\n// copied from utils\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nfunction bytes(b, ...lengths) {\n if (!isBytes(b))\n throw new Error('Uint8Array expected');\n if (lengths.length > 0 && !lengths.includes(b.length))\n throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);\n}\nfunction hash(h) {\n if (typeof h !== 'function' || typeof h.create !== 'function')\n throw new Error('Hash should be wrapped by utils.wrapConstructor');\n number(h.outputLen);\n number(h.blockLen);\n}\nfunction exists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\nfunction output(out, instance) {\n bytes(out);\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(`digestInto() expects output buffer of length at least ${min}`);\n }\n}\nexport { number, bool, bytes, hash, exists, output };\nconst assert = { number, bool, bytes, hash, exists, output };\nexport default assert;\n//# sourceMappingURL=_assert.js.map","export const crypto = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n//# sourceMappingURL=crypto.js.map","/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\n// Cast array to different type\nexport const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n// Cast array to view\nexport const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0);\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => { };\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters, tick, cb) {\n let ts = Date.now();\n for (let i = 0; i < iters; i++) {\n cb(i);\n // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n const diff = Date.now() - ts;\n if (diff >= 0 && diff < tick)\n continue;\n await nextTick();\n ts += diff;\n }\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data) {\n if (typeof data === 'string')\n data = utf8ToBytes(data);\n abytes(data);\n return data;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// For runtime check if class implements interface\nexport class Hash {\n // Safe version that clones internal state\n clone() {\n return this._cloneInto();\n }\n}\nconst toStr = {}.toString;\nexport function checkOpts(defaults, opts) {\n if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n throw new Error('Options should be object or undefined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\nexport function wrapConstructor(hashCons) {\n const hashC = (msg) => hashCons().update(toBytes(msg)).digest();\n const tmp = hashCons();\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = () => hashCons();\n return hashC;\n}\nexport function wrapConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\nexport function wrapXOFConstructorWithOpts(hashCons) {\n const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();\n const tmp = hashCons({});\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n return hashC;\n}\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32) {\n if (crypto && typeof crypto.getRandomValues === 'function') {\n return crypto.getRandomValues(new Uint8Array(bytesLength));\n }\n // Legacy Node.js compatibility\n if (crypto && typeof crypto.randomBytes === 'function') {\n return crypto.randomBytes(bytesLength);\n }\n throw new Error('crypto.getRandomValues must be defined');\n}\n//# sourceMappingURL=utils.js.map","import { exists, output } from './_assert.js';\nimport { Hash, createView, toBytes } from './utils.js';\n/**\n * Polyfill for Safari 14\n */\nfunction setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/**\n * Choice: a ? b : c\n */\nexport const Chi = (a, b, c) => (a & b) ^ (~a & c);\n/**\n * Majority function, true if any two inputs is true\n */\nexport const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n */\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n exists(this);\n const { view, buffer, blockLen } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n exists(this);\n output(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n this.buffer.subarray(pos).fill(0);\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to || (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.length = length;\n to.pos = pos;\n to.finished = finished;\n to.destroyed = destroyed;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n}\n//# sourceMappingURL=_md.js.map","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotr, wrapConstructor } from './utils.js';\n// SHA2-256 need to try 2^128 hashes to execute birthday attack.\n// BTC network is doing 2^67 hashes/sec as per early 2023.\n// Round constants:\n// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ new Uint32Array([\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n// Initial state:\n// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19\n// prettier-ignore\nconst SHA256_IV = /* @__PURE__ */ new Uint32Array([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\nexport class SHA256 extends HashMD {\n constructor() {\n super(64, 32, 8, false);\n // We cannot use array here since array allows indexing by variable\n // which means optimizer/compiler cannot use registers.\n this.A = SHA256_IV[0] | 0;\n this.B = SHA256_IV[1] | 0;\n this.C = SHA256_IV[2] | 0;\n this.D = SHA256_IV[3] | 0;\n this.E = SHA256_IV[4] | 0;\n this.F = SHA256_IV[5] | 0;\n this.G = SHA256_IV[6] | 0;\n this.H = SHA256_IV[7] | 0;\n }\n get() {\n const { A, B, C, D, E, F, G, H } = this;\n return [A, B, C, D, E, F, G, H];\n }\n // prettier-ignore\n set(A, B, C, D, E, F, G, H) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n this.F = F | 0;\n this.G = G | 0;\n this.H = H | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4)\n SHA256_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 64; i++) {\n const W15 = SHA256_W[i - 15];\n const W2 = SHA256_W[i - 2];\n const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n }\n // Compression function main loop, 64 rounds\n let { A, B, C, D, E, F, G, H } = this;\n for (let i = 0; i < 64; i++) {\n const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n const T2 = (sigma0 + Maj(A, B, C)) | 0;\n H = G;\n G = F;\n F = E;\n E = (D + T1) | 0;\n D = C;\n C = B;\n B = A;\n A = (T1 + T2) | 0;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n F = (F + this.F) | 0;\n G = (G + this.G) | 0;\n H = (H + this.H) | 0;\n this.set(A, B, C, D, E, F, G, H);\n }\n roundClean() {\n SHA256_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\nclass SHA224 extends SHA256 {\n constructor() {\n super();\n this.A = 0xc1059ed8 | 0;\n this.B = 0x367cd507 | 0;\n this.C = 0x3070dd17 | 0;\n this.D = 0xf70e5939 | 0;\n this.E = 0xffc00b31 | 0;\n this.F = 0x68581511 | 0;\n this.G = 0x64f98fa7 | 0;\n this.H = 0xbefa4fa4 | 0;\n this.outputLen = 28;\n }\n}\n/**\n * SHA2-256 hash function\n * @param message - data that would be hashed\n */\nexport const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());\n/**\n * SHA2-224 hash function\n */\nexport const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224());\n//# sourceMappingURL=sha256.js.map","import { hash as assertHash, bytes as assertBytes, exists as assertExists } from './_assert.js';\nimport { Hash, toBytes } from './utils.js';\n// HMAC (RFC 2104)\nexport class HMAC extends Hash {\n constructor(hash, _key) {\n super();\n this.finished = false;\n this.destroyed = false;\n assertHash(hash);\n const key = toBytes(_key);\n this.iHash = hash.create();\n if (typeof this.iHash.update !== 'function')\n throw new Error('Expected instance of class which extends utils.Hash');\n this.blockLen = this.iHash.blockLen;\n this.outputLen = this.iHash.outputLen;\n const blockLen = this.blockLen;\n const pad = new Uint8Array(blockLen);\n // blockLen can be bigger than outputLen\n pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36;\n this.iHash.update(pad);\n // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone\n this.oHash = hash.create();\n // Undo internal XOR && apply outer XOR\n for (let i = 0; i < pad.length; i++)\n pad[i] ^= 0x36 ^ 0x5c;\n this.oHash.update(pad);\n pad.fill(0);\n }\n update(buf) {\n assertExists(this);\n this.iHash.update(buf);\n return this;\n }\n digestInto(out) {\n assertExists(this);\n assertBytes(out, this.outputLen);\n this.finished = true;\n this.iHash.digestInto(out);\n this.oHash.update(out);\n this.oHash.digestInto(out);\n this.destroy();\n }\n digest() {\n const out = new Uint8Array(this.oHash.outputLen);\n this.digestInto(out);\n return out;\n }\n _cloneInto(to) {\n // Create new instance without calling constructor since key already in state and we don't know it.\n to || (to = Object.create(Object.getPrototypeOf(this), {}));\n const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;\n to = to;\n to.finished = finished;\n to.destroyed = destroyed;\n to.blockLen = blockLen;\n to.outputLen = outputLen;\n to.oHash = oHash._cloneInto(to.oHash);\n to.iHash = iHash._cloneInto(to.iHash);\n return to;\n }\n destroy() {\n this.destroyed = true;\n this.oHash.destroy();\n this.iHash.destroy();\n }\n}\n/**\n * HMAC: RFC2104 message authentication code.\n * @param hash - function that would be used e.g. sha256\n * @param key - message key\n * @param message - message data\n * @example\n * import { hmac } from '@noble/hashes/hmac';\n * import { sha256 } from '@noble/hashes/sha2';\n * const mac1 = hmac(sha256, 'key', 'message');\n */\nexport const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();\nhmac.create = (hash, key) => new HMAC(hash, key);\n//# sourceMappingURL=hmac.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// 100 lines of code in the file are duplicated from noble-hashes (utils).\n// This is OK: `abstract` directory does not use noble-hashes.\n// User may opt-in into using different hashing library. This way, noble-hashes\n// won't be included into their bundle.\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nexport function isBytes(a) {\n return (a instanceof Uint8Array ||\n (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));\n}\nexport function abytes(item) {\n if (!isBytes(item))\n throw new Error('Uint8Array expected');\n}\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(`${title} must be valid boolean, got \"${value}\".`);\n}\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? `0${hex}` : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n // Big Endian\n return BigInt(hex === '' ? '0' : `0x${hex}`);\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };\nfunction asciiToBase16(char) {\n if (char >= asciis._0 && char <= asciis._9)\n return char - asciis._0;\n if (char >= asciis._A && char <= asciis._F)\n return char - (asciis._A - 10);\n if (char >= asciis._a && char <= asciis._f)\n return char - (asciis._a - 10);\n return;\n}\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2;\n }\n return array;\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes(bytes);\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'private key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes(hex);\n }\n catch (e) {\n throw new Error(`${title} must be valid hex string, got \"${hex}\". Cause: ${e}`);\n }\n }\n else if (isBytes(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(`${title} must be hex string or Uint8Array`);\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);\n return res;\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;\n// DRBG\nconst u8n = (data) => new Uint8Array(data); // creates Uint8Array\nconst u8fr = (arr) => Uint8Array.from(arr); // another shortcut\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n()) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error(`Invalid validator \"${type}\", expected function`);\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Utilities for modular arithmetics and finite fields\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js';\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);\n// prettier-ignore\nconst _9n = BigInt(9), _16n = BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/**\n * Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n */\n// TODO: use field version && remove\nexport function pow(num, power, modulo) {\n if (modulo <= _0n || power < _0n)\n throw new Error('Expected power/modulo > 0');\n if (modulo === _1n)\n return _0n;\n let res = _1n;\n while (power > _0n) {\n if (power & _1n)\n res = (res * num) % modulo;\n num = (num * num) % modulo;\n power >>= _1n;\n }\n return res;\n}\n// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res *= res;\n res %= modulo;\n }\n return res;\n}\n// Inverses number over modulo\nexport function invert(number, modulo) {\n if (number === _0n || modulo <= _0n) {\n throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);\n }\n // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u * q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n/**\n * Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * Will start an infinite loop if field order P is not prime.\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n */\nexport function tonelliShanks(P) {\n // Legendre constant: used to calculate Legendre symbol (a | p),\n // which denotes the value of a^((p-1)/2) (mod p).\n // (a | p) ≡ 1 if a is a square (mod p)\n // (a | p) ≡ -1 if a is not a square (mod p)\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreC = (P - _1n) / _2n;\n let Q, S, Z;\n // Step 1: By factoring out powers of 2 from p - 1,\n // find q and s such that p - 1 = q*(2^s) with q odd\n for (Q = P - _1n, S = 0; Q % _2n === _0n; Q /= _2n, S++)\n ;\n // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq\n for (Z = _2n; Z < P && pow(Z, legendreC, P) !== P - _1n; Z++)\n ;\n // Fast-path\n if (S === 1) {\n const p1div4 = (P + _1n) / _4n;\n return function tonelliFast(Fp, n) {\n const root = Fp.pow(n, p1div4);\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Slow-path\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1\n if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))\n throw new Error('Cannot find square root');\n let r = S;\n // TODO: will fail at Fp2/etc\n let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b\n let x = Fp.pow(n, Q1div2); // first guess at the square root\n let b = Fp.pow(n, Q); // first guess at the fudge factor\n while (!Fp.eql(b, Fp.ONE)) {\n if (Fp.eql(b, Fp.ZERO))\n return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0)\n // Find m such b^(2^m)==1\n let m = 1;\n for (let t2 = Fp.sqr(b); m < r; m++) {\n if (Fp.eql(t2, Fp.ONE))\n break;\n t2 = Fp.sqr(t2); // t2 *= t2\n }\n // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow\n const ge = Fp.pow(g, _1n << BigInt(r - m - 1)); // ge = 2^(r-m-1)\n g = Fp.sqr(ge); // g = ge * ge\n x = Fp.mul(x, ge); // x *= ge\n b = Fp.mul(b, g); // b *= g\n r = m;\n }\n return x;\n };\n}\nexport function FpSqrt(P) {\n // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.\n // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n // P ≡ 3 (mod 4)\n // √n = n^((P+1)/4)\n if (P % _4n === _3n) {\n // Not all roots possible!\n // const ORDER =\n // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn;\n // const NUM = 72057594037927816n;\n const p1div4 = (P + _1n) / _4n;\n return function sqrt3mod4(Fp, n) {\n const root = Fp.pow(n, p1div4);\n // Throw if root**2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10)\n if (P % _8n === _5n) {\n const c1 = (P - _5n) / _8n;\n return function sqrt5mod8(Fp, n) {\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, c1);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n };\n }\n // P ≡ 9 (mod 16)\n if (P % _16n === _9n) {\n // NOTE: tonelli is too slow for bls-Fp2 calculations even on start\n // Means we cannot use sqrt for constants at all!\n //\n // const c1 = Fp.sqrt(Fp.negate(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n // const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n // const c3 = Fp.sqrt(Fp.negate(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n // const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n // sqrt = (x) => {\n // let tv1 = Fp.pow(x, c4); // 1. tv1 = x^c4\n // let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n // const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n // let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n // const e1 = Fp.equals(Fp.square(tv2), x); // 5. e1 = (tv2^2) == x\n // const e2 = Fp.equals(Fp.square(tv3), x); // 6. e2 = (tv3^2) == x\n // tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n // tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n // const e3 = Fp.equals(Fp.square(tv2), x); // 9. e3 = (tv2^2) == x\n // return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n // }\n }\n // Other cases: Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/**\n * Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n */\nexport function FpPow(f, num, power) {\n // Should have same speed as pow for bigints\n // TODO: benchmark!\n if (power < _0n)\n throw new Error('Expected power > 0');\n if (power === _0n)\n return f.ONE;\n if (power === _1n)\n return num;\n let p = f.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = f.mul(p, d);\n d = f.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/**\n * Efficiently invert an array of Field elements.\n * `inv(0)` will return `undefined` here: make sure to throw an error.\n */\nexport function FpInvertBatch(f, nums) {\n const tmp = new Array(nums.length);\n // Walk from first to last, multiply them by each other MOD p\n const lastMultiplied = nums.reduce((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = acc;\n return f.mul(acc, num);\n }, f.ONE);\n // Invert last element\n const inverted = f.inv(lastMultiplied);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (f.is0(num))\n return acc;\n tmp[i] = f.mul(acc, tmp[i]);\n return f.mul(acc, num);\n }, inverted);\n return tmp;\n}\nexport function FpDiv(f, lhs, rhs) {\n return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));\n}\nexport function FpLegendre(order) {\n // (a | p) ≡ 1 if a is a square (mod p), quadratic residue\n // (a | p) ≡ -1 if a is not a square (mod p), quadratic non residue\n // (a | p) ≡ 0 if a ≡ 0 (mod p)\n const legendreConst = (order - _1n) / _2n; // Integer arithmetic\n return (f, x) => f.pow(x, legendreConst);\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(f) {\n const legendre = FpLegendre(f.ORDER);\n return (x) => {\n const p = legendre(f, x);\n return f.eql(p, f.ZERO) || f.eql(p, f.ONE);\n };\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/**\n * Initializes a finite field over prime. **Non-primes are not supported.**\n * Do not init in loop: slow. Very fragile: always run a benchmark on a change.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * NOTE: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n */\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('Field lengths over 2048 bytes are not supported');\n const sqrtP = FpSqrt(ORDER);\n const f = Object.freeze({\n ORDER,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num * num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt || ((n) => sqrtP(f, n)),\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // TODO: do we really need constant cmov?\n // We don't have const-time bigints anyway, so probably will be not very useful\n cmov: (a, b, c) => (c ? b : a),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(`Field doesn't have isOdd`);\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use mapKeyToField instead\n */\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 || hashLen < minLen || hashLen > 1024)\n throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/**\n * Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n */\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/**\n * Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n */\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/**\n * \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 || len < minLen || len > 1024)\n throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);\n const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Abelian group utilities\nimport { validateField, nLength } from './modular.js';\nimport { validateObject, bitLen } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)\n// Elliptic curve multiplication of Point by scalar. Fragile.\n// Scalars should always be less than curve order: this should be checked inside of a curve itself.\n// Creates precomputation tables for fast multiplication:\n// - private scalar is split by fixed size windows of W bits\n// - every window point is collected from window's table & added to accumulator\n// - since windows are different, same point inside tables won't be accessed more than once per calc\n// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n// - +1 window is neccessary for wNAF\n// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow\n// windows to be in different memory locations\nexport function wNAF(c, bits) {\n const constTimeNegate = (condition, item) => {\n const neg = item.negate();\n return condition ? neg : item;\n };\n const validateW = (W) => {\n if (!Number.isSafeInteger(W) || W <= 0 || W > bits)\n throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);\n };\n const opts = (W) => {\n validateW(W);\n const windows = Math.ceil(bits / W) + 1; // +1, because\n const windowSize = 2 ** (W - 1); // -1 because we skip zero\n return { windows, windowSize };\n };\n return {\n constTimeNegate,\n // non-const time multiplication ladder\n unsafeLadder(elm, n) {\n let p = c.ZERO;\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /**\n * Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @returns precomputed point tables flattened to a single array\n */\n precomputeWindow(elm, W) {\n const { windows, windowSize } = opts(W);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // =1, because we skip zero\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /**\n * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n */\n wNAF(W, precomputes, n) {\n // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise\n // But need to carefully remove other checks before wNAF. ORDER == bits here\n const { windows, windowSize } = opts(W);\n let p = c.ZERO;\n let f = c.BASE;\n const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.\n const maxNumber = 2 ** W;\n const shiftBy = BigInt(W);\n for (let window = 0; window < windows; window++) {\n const offset = window * windowSize;\n // Extract W bits.\n let wbits = Number(n & mask);\n // Shift number by W bits.\n n >>= shiftBy;\n // If the bits are bigger than max size, we'll split those.\n // +224 => 256 - 32\n if (wbits > windowSize) {\n wbits -= maxNumber;\n n += _1n;\n }\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 ** W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n // Check if we're onto Zero point.\n // Add random point inside current window to f.\n const offset1 = offset;\n const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero\n const cond1 = window % 2 !== 0;\n const cond2 = wbits < 0;\n if (wbits === 0) {\n // The most important part for const-time getPublicKey\n f = f.add(constTimeNegate(cond1, precomputes[offset1]));\n }\n else {\n p = p.add(constTimeNegate(cond2, precomputes[offset2]));\n }\n }\n // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ()\n // Even if the variable is still unused, there are some checks which will\n // throw an exception, so compiler needs to prove they won't happen, which is hard.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n wNAFCached(P, n, transform) {\n const W = pointWindowSizes.get(P) || 1;\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return this.wNAF(W, comp, n);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/**\n * Pippenger algorithm for multi-scalar multiplication (MSM).\n * MSM is basically (Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster with precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param field field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n */\nexport function pippenger(c, field, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)\n throw new Error('arrays of points and scalars must have equal length');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error(`wrong scalar at index ${i}`);\n });\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error(`wrong point at index ${i}`);\n });\n const wbits = bitLen(BigInt(points.length));\n const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits\n const MASK = (1 << windowSize) - 1;\n const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array\n const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;\n let sum = c.ZERO;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(c.ZERO);\n for (let j = 0; j < scalars.length; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = c.ZERO; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Short Weierstrass curve. The formula is: y² = x³ + ax + b\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport * as mod from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\nfunction validateSigVerOpts(opts) {\n if (opts.lowS !== undefined)\n abool('lowS', opts.lowS);\n if (opts.prehash !== undefined)\n abool('prehash', opts.prehash);\n}\nfunction validatePointOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n a: 'field',\n b: 'field',\n }, {\n allowedPrivateKeyLengths: 'array',\n wrapPrivateKey: 'boolean',\n isTorsionFree: 'function',\n clearCofactor: 'function',\n allowInfinityPoint: 'boolean',\n fromBytes: 'function',\n toBytes: 'function',\n });\n const { endo, Fp, a } = opts;\n if (endo) {\n if (!Fp.eql(a, Fp.ZERO)) {\n throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');\n }\n if (typeof endo !== 'object' ||\n typeof endo.beta !== 'bigint' ||\n typeof endo.splitScalar !== 'function') {\n throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');\n }\n }\n return Object.freeze({ ...opts });\n}\nconst { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;\n/**\n * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:\n *\n * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]\n *\n * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html\n */\nexport const DER = {\n // asn.1 DER encoding utils\n Err: class DERErr extends Error {\n constructor(m = '') {\n super(m);\n }\n },\n // Basic building block is TLV (Tag-Length-Value)\n _tlv: {\n encode: (tag, data) => {\n const { Err: E } = DER;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length & 1)\n throw new E('tlv.encode: unpadded data');\n const dataLen = data.length / 2;\n const len = ut.numberToHexUnpadded(dataLen);\n if ((len.length / 2) & 128)\n throw new E('tlv.encode: long form length too big');\n // length of length with long form flag\n const lenLen = dataLen > 127 ? ut.numberToHexUnpadded((len.length / 2) | 128) : '';\n return `${ut.numberToHexUnpadded(tag)}${lenLen}${len}${data}`;\n },\n // v - value, l - left bytes (unparsed)\n decode(tag, data) {\n const { Err: E } = DER;\n let pos = 0;\n if (tag < 0 || tag > 256)\n throw new E('tlv.encode: wrong tag');\n if (data.length < 2 || data[pos++] !== tag)\n throw new E('tlv.decode: wrong tlv');\n const first = data[pos++];\n const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form\n let length = 0;\n if (!isLong)\n length = first;\n else {\n // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]\n const lenLen = first & 127;\n if (!lenLen)\n throw new E('tlv.decode(long): indefinite length not supported');\n if (lenLen > 4)\n throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js\n const lengthBytes = data.subarray(pos, pos + lenLen);\n if (lengthBytes.length !== lenLen)\n throw new E('tlv.decode: length bytes not complete');\n if (lengthBytes[0] === 0)\n throw new E('tlv.decode(long): zero leftmost byte');\n for (const b of lengthBytes)\n length = (length << 8) | b;\n pos += lenLen;\n if (length < 128)\n throw new E('tlv.decode(long): not minimal encoding');\n }\n const v = data.subarray(pos, pos + length);\n if (v.length !== length)\n throw new E('tlv.decode: wrong value length');\n return { v, l: data.subarray(pos + length) };\n },\n },\n // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,\n // since we always use positive integers here. It must always be empty:\n // - add zero byte if exists\n // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)\n _int: {\n encode(num) {\n const { Err: E } = DER;\n if (num < _0n)\n throw new E('integer: negative integers are not allowed');\n let hex = ut.numberToHexUnpadded(num);\n // Pad with zero byte if negative flag is present\n if (Number.parseInt(hex[0], 16) & 0b1000)\n hex = '00' + hex;\n if (hex.length & 1)\n throw new E('unexpected assertion');\n return hex;\n },\n decode(data) {\n const { Err: E } = DER;\n if (data[0] & 128)\n throw new E('Invalid signature integer: negative');\n if (data[0] === 0x00 && !(data[1] & 128))\n throw new E('Invalid signature integer: unnecessary leading zero');\n return b2n(data);\n },\n },\n toSig(hex) {\n // parse DER signature\n const { Err: E, _int: int, _tlv: tlv } = DER;\n const data = typeof hex === 'string' ? h2b(hex) : hex;\n ut.abytes(data);\n const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);\n if (seqLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);\n const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);\n if (sLeftBytes.length)\n throw new E('Invalid signature: left bytes after parsing');\n return { r: int.decode(rBytes), s: int.decode(sBytes) };\n },\n hexFromSig(sig) {\n const { _tlv: tlv, _int: int } = DER;\n const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;\n return tlv.encode(0x30, seq);\n },\n};\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4);\nexport function weierstrassPoints(opts) {\n const CURVE = validatePointOpts(opts);\n const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ\n const Fn = mod.Field(CURVE.n, CURVE.nBitLength);\n const toBytes = CURVE.toBytes ||\n ((_c, point, _isCompressed) => {\n const a = point.toAffine();\n return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));\n });\n const fromBytes = CURVE.fromBytes ||\n ((bytes) => {\n // const head = bytes[0];\n const tail = bytes.subarray(1);\n // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n });\n /**\n * y² = x³ + ax + b: Short weierstrass curve formula\n * @returns y²\n */\n function weierstrassEquation(x) {\n const { a, b } = CURVE;\n const x2 = Fp.sqr(x); // x * x\n const x3 = Fp.mul(x2, x); // x2 * x\n return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b\n }\n // Validate whether the passed curve params are valid.\n // We check if curve equation works for generator point.\n // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381.\n // ProjectivePoint class has not been initialized yet.\n if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))\n throw new Error('bad generator point: equation left != right');\n // Valid group elements reside in range 1..n-1\n function isWithinCurveOrder(num) {\n return ut.inRange(num, _1n, CURVE.n);\n }\n // Validates if priv key is valid and converts it to bigint.\n // Supports options allowedPrivateKeyLengths and wrapPrivateKey.\n function normPrivateKeyToScalar(key) {\n const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;\n if (lengths && typeof key !== 'bigint') {\n if (ut.isBytes(key))\n key = ut.bytesToHex(key);\n // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes\n if (typeof key !== 'string' || !lengths.includes(key.length))\n throw new Error('Invalid key');\n key = key.padStart(nByteLength * 2, '0');\n }\n let num;\n try {\n num =\n typeof key === 'bigint'\n ? key\n : ut.bytesToNumberBE(ensureBytes('private key', key, nByteLength));\n }\n catch (error) {\n throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);\n }\n if (wrapPrivateKey)\n num = mod.mod(num, N); // disabled by default, enabled for BLS\n ut.aInRange('private key', num, _1n, N); // num in range [1..N-1]\n return num;\n }\n function assertPrjPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ProjectivePoint expected');\n }\n // Memoized toAffine / validity check. They are heavy. Points are immutable.\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n const toAffineMemo = memoized((p, iz) => {\n const { px: x, py: y, pz: z } = p;\n // Fast-path for normalized points\n if (Fp.eql(z, Fp.ONE))\n return { x, y };\n const is0 = p.is0();\n // If invZ was 0, we return zero point. However we still want to execute\n // all operations, so we replace invZ with a random number, 1.\n if (iz == null)\n iz = is0 ? Fp.ONE : Fp.inv(z);\n const ax = Fp.mul(x, iz);\n const ay = Fp.mul(y, iz);\n const zz = Fp.mul(z, iz);\n if (is0)\n return { x: Fp.ZERO, y: Fp.ZERO };\n if (!Fp.eql(zz, Fp.ONE))\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n // NOTE: on exception this will crash 'cached' and no value will be set.\n // Otherwise true will be return\n const assertValidMemo = memoized((p) => {\n if (p.is0()) {\n // (0, 1, 0) aka ZERO is invalid in most contexts.\n // In BLS, ZERO can be serialized, so we allow it.\n // (0, 0, 0) is wrong representation of ZERO and is always invalid.\n if (CURVE.allowInfinityPoint && !Fp.is0(p.py))\n return;\n throw new Error('bad point: ZERO');\n }\n // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`\n const { x, y } = p.toAffine();\n // Check if x, y are valid field elements\n if (!Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('bad point: x or y not FE');\n const left = Fp.sqr(y); // y²\n const right = weierstrassEquation(x); // x³ + ax + b\n if (!Fp.eql(left, right))\n throw new Error('bad point: equation left != right');\n if (!p.isTorsionFree())\n throw new Error('bad point: not in prime-order subgroup');\n return true;\n });\n /**\n * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)\n * Default Point works in 2d / affine coordinates: (x, y)\n * We're doing calculations in projective, because its operations don't require costly inversion.\n */\n class Point {\n constructor(px, py, pz) {\n this.px = px;\n this.py = py;\n this.pz = pz;\n if (px == null || !Fp.isValid(px))\n throw new Error('x required');\n if (py == null || !Fp.isValid(py))\n throw new Error('y required');\n if (pz == null || !Fp.isValid(pz))\n throw new Error('z required');\n Object.freeze(this);\n }\n // Does not validate if the point is on-curve.\n // Use fromHex instead, or call assertValidity() later.\n static fromAffine(p) {\n const { x, y } = p || {};\n if (!p || !Fp.isValid(x) || !Fp.isValid(y))\n throw new Error('invalid affine point');\n if (p instanceof Point)\n throw new Error('projective point not allowed');\n const is0 = (i) => Fp.eql(i, Fp.ZERO);\n // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)\n if (is0(x) && is0(y))\n return Point.ZERO;\n return new Point(x, y, Fp.ONE);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n /**\n * Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n */\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.pz));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n /**\n * Converts hash string or Uint8Array to Point.\n * @param hex short/long ECDSA hex\n */\n static fromHex(hex) {\n const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));\n P.assertValidity();\n return P;\n }\n // Multiplies generator point by privateKey.\n static fromPrivateKey(privateKey) {\n return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // A point on curve is valid if it conforms to equation.\n assertValidity() {\n assertValidMemo(this);\n }\n hasEvenY() {\n const { y } = this.toAffine();\n if (Fp.isOdd)\n return !Fp.isOdd(y);\n throw new Error(\"Field doesn't support isOdd\");\n }\n /**\n * Compare one point to another.\n */\n equals(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));\n const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));\n return U1 && U2;\n }\n /**\n * Flips point to one corresponding to (x, -y) in Affine coordinates.\n */\n negate() {\n return new Point(this.px, Fp.neg(this.py), this.pz);\n }\n // Renes-Costello-Batina exception-free doubling formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 3\n // Cost: 8M + 3S + 3*a + 2*b3 + 15add.\n double() {\n const { a, b } = CURVE;\n const b3 = Fp.mul(b, _3n);\n const { px: X1, py: Y1, pz: Z1 } = this;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n let t0 = Fp.mul(X1, X1); // step 1\n let t1 = Fp.mul(Y1, Y1);\n let t2 = Fp.mul(Z1, Z1);\n let t3 = Fp.mul(X1, Y1);\n t3 = Fp.add(t3, t3); // step 5\n Z3 = Fp.mul(X1, Z1);\n Z3 = Fp.add(Z3, Z3);\n X3 = Fp.mul(a, Z3);\n Y3 = Fp.mul(b3, t2);\n Y3 = Fp.add(X3, Y3); // step 10\n X3 = Fp.sub(t1, Y3);\n Y3 = Fp.add(t1, Y3);\n Y3 = Fp.mul(X3, Y3);\n X3 = Fp.mul(t3, X3);\n Z3 = Fp.mul(b3, Z3); // step 15\n t2 = Fp.mul(a, t2);\n t3 = Fp.sub(t0, t2);\n t3 = Fp.mul(a, t3);\n t3 = Fp.add(t3, Z3);\n Z3 = Fp.add(t0, t0); // step 20\n t0 = Fp.add(Z3, t0);\n t0 = Fp.add(t0, t2);\n t0 = Fp.mul(t0, t3);\n Y3 = Fp.add(Y3, t0);\n t2 = Fp.mul(Y1, Z1); // step 25\n t2 = Fp.add(t2, t2);\n t0 = Fp.mul(t2, t3);\n X3 = Fp.sub(X3, t0);\n Z3 = Fp.mul(t2, t1);\n Z3 = Fp.add(Z3, Z3); // step 30\n Z3 = Fp.add(Z3, Z3);\n return new Point(X3, Y3, Z3);\n }\n // Renes-Costello-Batina exception-free addition formula.\n // There is 30% faster Jacobian formula, but it is not complete.\n // https://eprint.iacr.org/2015/1060, algorithm 1\n // Cost: 12M + 0S + 3*a + 3*b3 + 23add.\n add(other) {\n assertPrjPoint(other);\n const { px: X1, py: Y1, pz: Z1 } = this;\n const { px: X2, py: Y2, pz: Z2 } = other;\n let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore\n const a = CURVE.a;\n const b3 = Fp.mul(CURVE.b, _3n);\n let t0 = Fp.mul(X1, X2); // step 1\n let t1 = Fp.mul(Y1, Y2);\n let t2 = Fp.mul(Z1, Z2);\n let t3 = Fp.add(X1, Y1);\n let t4 = Fp.add(X2, Y2); // step 5\n t3 = Fp.mul(t3, t4);\n t4 = Fp.add(t0, t1);\n t3 = Fp.sub(t3, t4);\n t4 = Fp.add(X1, Z1);\n let t5 = Fp.add(X2, Z2); // step 10\n t4 = Fp.mul(t4, t5);\n t5 = Fp.add(t0, t2);\n t4 = Fp.sub(t4, t5);\n t5 = Fp.add(Y1, Z1);\n X3 = Fp.add(Y2, Z2); // step 15\n t5 = Fp.mul(t5, X3);\n X3 = Fp.add(t1, t2);\n t5 = Fp.sub(t5, X3);\n Z3 = Fp.mul(a, t4);\n X3 = Fp.mul(b3, t2); // step 20\n Z3 = Fp.add(X3, Z3);\n X3 = Fp.sub(t1, Z3);\n Z3 = Fp.add(t1, Z3);\n Y3 = Fp.mul(X3, Z3);\n t1 = Fp.add(t0, t0); // step 25\n t1 = Fp.add(t1, t0);\n t2 = Fp.mul(a, t2);\n t4 = Fp.mul(b3, t4);\n t1 = Fp.add(t1, t2);\n t2 = Fp.sub(t0, t2); // step 30\n t2 = Fp.mul(a, t2);\n t4 = Fp.add(t4, t2);\n t0 = Fp.mul(t1, t4);\n Y3 = Fp.add(Y3, t0);\n t0 = Fp.mul(t5, t4); // step 35\n X3 = Fp.mul(t3, X3);\n X3 = Fp.sub(X3, t0);\n t0 = Fp.mul(t3, t1);\n Z3 = Fp.mul(t5, Z3);\n Z3 = Fp.add(Z3, t0); // step 40\n return new Point(X3, Y3, Z3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n /**\n * Non-constant-time multiplication. Uses double-and-add algorithm.\n * It's faster, but should only be used when you don't care about\n * an exposed private key e.g. sig verification, which works over *public* keys.\n */\n multiplyUnsafe(sc) {\n ut.aInRange('scalar', sc, _0n, CURVE.n);\n const I = Point.ZERO;\n if (sc === _0n)\n return I;\n if (sc === _1n)\n return this;\n const { endo } = CURVE;\n if (!endo)\n return wnaf.unsafeLadder(this, sc);\n // Apply endomorphism\n let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);\n let k1p = I;\n let k2p = I;\n let d = this;\n while (k1 > _0n || k2 > _0n) {\n if (k1 & _1n)\n k1p = k1p.add(d);\n if (k2 & _1n)\n k2p = k2p.add(d);\n d = d.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n if (k1neg)\n k1p = k1p.negate();\n if (k2neg)\n k2p = k2p.negate();\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n return k1p.add(k2p);\n }\n /**\n * Constant time multiplication.\n * Uses wNAF method. Windowed method may be 10% faster,\n * but takes 2x longer to generate and consumes 2x memory.\n * Uses precomputes when available.\n * Uses endomorphism for Koblitz curves.\n * @param scalar by which the point would be multiplied\n * @returns New point\n */\n multiply(scalar) {\n const { endo, n: N } = CURVE;\n ut.aInRange('scalar', scalar, _1n, N);\n let point, fake; // Fake point is used to const-time mult\n if (endo) {\n const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);\n let { p: k1p, f: f1p } = this.wNAF(k1);\n let { p: k2p, f: f2p } = this.wNAF(k2);\n k1p = wnaf.constTimeNegate(k1neg, k1p);\n k2p = wnaf.constTimeNegate(k2neg, k2p);\n k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);\n point = k1p.add(k2p);\n fake = f1p.add(f2p);\n }\n else {\n const { p, f } = this.wNAF(scalar);\n point = p;\n fake = f;\n }\n // Normalize `z` for both points, but return only real one\n return Point.normalizeZ([point, fake])[0];\n }\n /**\n * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.\n * Not using Strauss-Shamir trick: precomputation tables are faster.\n * The trick could be useful if both P and Q are not G (not in our case).\n * @returns non-zero affine point\n */\n multiplyAndAddUnsafe(Q, a, b) {\n const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes\n const mul = (P, a // Select faster multiply() method\n ) => (a === _0n || a === _1n || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));\n const sum = mul(this, a).add(mul(Q, b));\n return sum.is0() ? undefined : sum;\n }\n // Converts Projective point to affine (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n // (x, y, z) ∋ (x=x/z, y=y/z)\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n isTorsionFree() {\n const { h: cofactor, isTorsionFree } = CURVE;\n if (cofactor === _1n)\n return true; // No subgroups, always torsion-free\n if (isTorsionFree)\n return isTorsionFree(Point, this);\n throw new Error('isTorsionFree() has not been declared for the elliptic curve');\n }\n clearCofactor() {\n const { h: cofactor, clearCofactor } = CURVE;\n if (cofactor === _1n)\n return this; // Fast-path\n if (clearCofactor)\n return clearCofactor(Point, this);\n return this.multiplyUnsafe(CURVE.h);\n }\n toRawBytes(isCompressed = true) {\n abool('isCompressed', isCompressed);\n this.assertValidity();\n return toBytes(Point, this, isCompressed);\n }\n toHex(isCompressed = true) {\n abool('isCompressed', isCompressed);\n return ut.bytesToHex(this.toRawBytes(isCompressed));\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);\n Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO);\n const _bits = CURVE.nBitLength;\n const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits);\n // Validate if generator point is on curve\n return {\n CURVE,\n ProjectivePoint: Point,\n normPrivateKeyToScalar,\n weierstrassEquation,\n isWithinCurveOrder,\n };\n}\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(opts, {\n hash: 'hash',\n hmac: 'function',\n randomBytes: 'function',\n }, {\n bits2int: 'function',\n bits2int_modN: 'function',\n lowS: 'boolean',\n });\n return Object.freeze({ lowS: true, ...opts });\n}\n/**\n * Creates short weierstrass curve and ECDSA signature methods for it.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, b, p, n, Gx, Gy\n * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })\n */\nexport function weierstrass(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER } = CURVE;\n const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32\n const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32\n function modN(a) {\n return mod.mod(a, CURVE_ORDER);\n }\n function invN(a) {\n return mod.invert(a, CURVE_ORDER);\n }\n const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({\n ...CURVE,\n toBytes(_c, point, isCompressed) {\n const a = point.toAffine();\n const x = Fp.toBytes(a.x);\n const cat = ut.concatBytes;\n abool('isCompressed', isCompressed);\n if (isCompressed) {\n return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);\n }\n else {\n return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));\n }\n },\n fromBytes(bytes) {\n const len = bytes.length;\n const head = bytes[0];\n const tail = bytes.subarray(1);\n // this.assertValidity() is done inside of fromHex\n if (len === compressedLen && (head === 0x02 || head === 0x03)) {\n const x = ut.bytesToNumberBE(tail);\n if (!ut.inRange(x, _1n, Fp.ORDER))\n throw new Error('Point is not on curve');\n const y2 = weierstrassEquation(x); // y² = x³ + ax + b\n let y;\n try {\n y = Fp.sqrt(y2); // y = y² ^ (p+1)/4\n }\n catch (sqrtError) {\n const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';\n throw new Error('Point is not on curve' + suffix);\n }\n const isYOdd = (y & _1n) === _1n;\n // ECDSA\n const isHeadOdd = (head & 1) === 1;\n if (isHeadOdd !== isYOdd)\n y = Fp.neg(y);\n return { x, y };\n }\n else if (len === uncompressedLen && head === 0x04) {\n const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));\n const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));\n return { x, y };\n }\n else {\n throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);\n }\n },\n });\n const numToNByteStr = (num) => ut.bytesToHex(ut.numberToBytesBE(num, CURVE.nByteLength));\n function isBiggerThanHalfOrder(number) {\n const HALF = CURVE_ORDER >> _1n;\n return number > HALF;\n }\n function normalizeS(s) {\n return isBiggerThanHalfOrder(s) ? modN(-s) : s;\n }\n // slice bytes num\n const slcNum = (b, from, to) => ut.bytesToNumberBE(b.slice(from, to));\n /**\n * ECDSA signature with its (r, s) properties. Supports DER & compact representations.\n */\n class Signature {\n constructor(r, s, recovery) {\n this.r = r;\n this.s = s;\n this.recovery = recovery;\n this.assertValidity();\n }\n // pair (bytes of r, bytes of s)\n static fromCompact(hex) {\n const l = CURVE.nByteLength;\n hex = ensureBytes('compactSignature', hex, l * 2);\n return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));\n }\n // DER encoded ECDSA signature\n // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script\n static fromDER(hex) {\n const { r, s } = DER.toSig(ensureBytes('DER', hex));\n return new Signature(r, s);\n }\n assertValidity() {\n ut.aInRange('r', this.r, _1n, CURVE_ORDER); // r in [1..N]\n ut.aInRange('s', this.s, _1n, CURVE_ORDER); // s in [1..N]\n }\n addRecoveryBit(recovery) {\n return new Signature(this.r, this.s, recovery);\n }\n recoverPublicKey(msgHash) {\n const { r, s, recovery: rec } = this;\n const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash\n if (rec == null || ![0, 1, 2, 3].includes(rec))\n throw new Error('recovery id invalid');\n const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;\n if (radj >= Fp.ORDER)\n throw new Error('recovery id 2 or 3 invalid');\n const prefix = (rec & 1) === 0 ? '02' : '03';\n const R = Point.fromHex(prefix + numToNByteStr(radj));\n const ir = invN(radj); // r^-1\n const u1 = modN(-h * ir); // -hr^-1\n const u2 = modN(s * ir); // sr^-1\n const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n if (!Q)\n throw new Error('point at infinify'); // unsafe is fine: no priv data leaked\n Q.assertValidity();\n return Q;\n }\n // Signatures should be low-s, to prevent malleability.\n hasHighS() {\n return isBiggerThanHalfOrder(this.s);\n }\n normalizeS() {\n return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;\n }\n // DER-encoded\n toDERRawBytes() {\n return ut.hexToBytes(this.toDERHex());\n }\n toDERHex() {\n return DER.hexFromSig({ r: this.r, s: this.s });\n }\n // padded bytes of r, then padded bytes of s\n toCompactRawBytes() {\n return ut.hexToBytes(this.toCompactHex());\n }\n toCompactHex() {\n return numToNByteStr(this.r) + numToNByteStr(this.s);\n }\n }\n const utils = {\n isValidPrivateKey(privateKey) {\n try {\n normPrivateKeyToScalar(privateKey);\n return true;\n }\n catch (error) {\n return false;\n }\n },\n normPrivateKeyToScalar: normPrivateKeyToScalar,\n /**\n * Produces cryptographically secure private key from random of size\n * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.\n */\n randomPrivateKey: () => {\n const length = mod.getMinHashLength(CURVE.n);\n return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);\n },\n /**\n * Creates precompute table for an arbitrary EC point. Makes point \"cached\".\n * Allows to massively speed-up `point.multiply(scalar)`.\n * @returns cached point\n * @example\n * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));\n * fast.multiply(privKey); // much faster ECDH now\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here\n return point;\n },\n };\n /**\n * Computes public key for a private key. Checks for validity of the private key.\n * @param privateKey private key\n * @param isCompressed whether to return compact (default), or full key\n * @returns Public key, full when isCompressed=false; short when isCompressed=true\n */\n function getPublicKey(privateKey, isCompressed = true) {\n return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);\n }\n /**\n * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.\n */\n function isProbPub(item) {\n const arr = ut.isBytes(item);\n const str = typeof item === 'string';\n const len = (arr || str) && item.length;\n if (arr)\n return len === compressedLen || len === uncompressedLen;\n if (str)\n return len === 2 * compressedLen || len === 2 * uncompressedLen;\n if (item instanceof Point)\n return true;\n return false;\n }\n /**\n * ECDH (Elliptic Curve Diffie Hellman).\n * Computes shared public key from private key and public key.\n * Checks: 1) private key validity 2) shared key is on-curve.\n * Does NOT hash the result.\n * @param privateA private key\n * @param publicB different public key\n * @param isCompressed whether to return compact (default), or full key\n * @returns shared public key\n */\n function getSharedSecret(privateA, publicB, isCompressed = true) {\n if (isProbPub(privateA))\n throw new Error('first arg must be private key');\n if (!isProbPub(publicB))\n throw new Error('second arg must be public key');\n const b = Point.fromHex(publicB); // check for being on-curve\n return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);\n }\n // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.\n // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.\n // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.\n // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors\n const bits2int = CURVE.bits2int ||\n function (bytes) {\n // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)\n // for some cases, since bytes.length * 8 is not actual bitLength.\n const num = ut.bytesToNumberBE(bytes); // check for == u8 done here\n const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits\n return delta > 0 ? num >> BigInt(delta) : num;\n };\n const bits2int_modN = CURVE.bits2int_modN ||\n function (bytes) {\n return modN(bits2int(bytes)); // can't use bytesToNumberBE here\n };\n // NOTE: pads output with zero as per spec\n const ORDER_MASK = ut.bitMask(CURVE.nBitLength);\n /**\n * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.\n */\n function int2octets(num) {\n ut.aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);\n // works with order, can have different size than numToField!\n return ut.numberToBytesBE(num, CURVE.nByteLength);\n }\n // Steps A, D of RFC6979 3.2\n // Creates RFC6979 seed; converts msg/privKey to numbers.\n // Used only in sign, not in verify.\n // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.\n // Also it can be bigger for P224 + SHA256\n function prepSig(msgHash, privateKey, opts = defaultSigOpts) {\n if (['recovered', 'canonical'].some((k) => k in opts))\n throw new Error('sign() legacy options not supported');\n const { hash, randomBytes } = CURVE;\n let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default\n if (lowS == null)\n lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash\n msgHash = ensureBytes('msgHash', msgHash);\n validateSigVerOpts(opts);\n if (prehash)\n msgHash = ensureBytes('prehashed msgHash', hash(msgHash));\n // We can't later call bits2octets, since nested bits2int is broken for curves\n // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.\n // const bits2octets = (bits) => int2octets(bits2int_modN(bits))\n const h1int = bits2int_modN(msgHash);\n const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint\n const seedArgs = [int2octets(d), int2octets(h1int)];\n // extraEntropy. RFC6979 3.6: additional k' (optional).\n if (ent != null && ent !== false) {\n // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is\n seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes\n }\n const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2\n const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!\n // Converts signature params into point w r/s, checks result for validity.\n function k2sig(kBytes) {\n // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n const k = bits2int(kBytes); // Cannot use fields methods, since it is group element\n if (!isWithinCurveOrder(k))\n return; // Important: all mod() calls here must be done over N\n const ik = invN(k); // k^-1 mod n\n const q = Point.BASE.multiply(k).toAffine(); // q = Gk\n const r = modN(q.x); // r = q.x mod n\n if (r === _0n)\n return;\n // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to\n // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:\n // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT\n const s = modN(ik * modN(m + r * d)); // Not using blinding here\n if (s === _0n)\n return;\n let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)\n let normS = s;\n if (lowS && isBiggerThanHalfOrder(s)) {\n normS = normalizeS(s); // if lowS was passed, ensure s is always\n recovery ^= 1; // // in the bottom half of N\n }\n return new Signature(r, normS, recovery); // use normS, not s\n }\n return { seed, k2sig };\n }\n const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };\n const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };\n /**\n * Signs message hash with a private key.\n * ```\n * sign(m, d, k) where\n * (x, y) = G × k\n * r = x mod n\n * s = (m + dr)/k mod n\n * ```\n * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.\n * @param privKey private key\n * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.\n * @returns signature with recovery param\n */\n function sign(msgHash, privKey, opts = defaultSigOpts) {\n const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.\n const C = CURVE;\n const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);\n return drbg(seed, k2sig); // Steps B, C, D, E, F, G\n }\n // Enable precomputes. Slows down first publicKey computation by 20ms.\n Point.BASE._setWindowSize(8);\n // utils.precompute(8, ProjectivePoint.BASE)\n /**\n * Verifies a signature against message hash and public key.\n * Rejects lowS signatures by default: to override,\n * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf:\n *\n * ```\n * verify(r, s, h, P) where\n * U1 = hs^-1 mod n\n * U2 = rs^-1 mod n\n * R = U1⋅G - U2⋅P\n * mod(R.x, n) == r\n * ```\n */\n function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {\n const sg = signature;\n msgHash = ensureBytes('msgHash', msgHash);\n publicKey = ensureBytes('publicKey', publicKey);\n if ('strict' in opts)\n throw new Error('options.strict was renamed to lowS');\n validateSigVerOpts(opts);\n const { lowS, prehash } = opts;\n let _sig = undefined;\n let P;\n try {\n if (typeof sg === 'string' || ut.isBytes(sg)) {\n // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).\n // Since DER can also be 2*nByteLength bytes, we check for it first.\n try {\n _sig = Signature.fromDER(sg);\n }\n catch (derError) {\n if (!(derError instanceof DER.Err))\n throw derError;\n _sig = Signature.fromCompact(sg);\n }\n }\n else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {\n const { r, s } = sg;\n _sig = new Signature(r, s);\n }\n else {\n throw new Error('PARSE');\n }\n P = Point.fromHex(publicKey);\n }\n catch (error) {\n if (error.message === 'PARSE')\n throw new Error(`signature must be Signature instance, Uint8Array or hex string`);\n return false;\n }\n if (lowS && _sig.hasHighS())\n return false;\n if (prehash)\n msgHash = CURVE.hash(msgHash);\n const { r, s } = _sig;\n const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element\n const is = invN(s); // s^-1\n const u1 = modN(h * is); // u1 = hs^-1 mod n\n const u2 = modN(r * is); // u2 = rs^-1 mod n\n const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P\n if (!R)\n return false;\n const v = modN(R.x);\n return v === r;\n }\n return {\n CURVE,\n getPublicKey,\n getSharedSecret,\n sign,\n verify,\n ProjectivePoint: Point,\n Signature,\n utils,\n };\n}\n/**\n * Implementation of the Shallue and van de Woestijne method for any weierstrass curve.\n * TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.\n * b = True and y = sqrt(u / v) if (u / v) is square in F, and\n * b = False and y = sqrt(Z * (u / v)) otherwise.\n * @param Fp\n * @param Z\n * @returns\n */\nexport function SWUFpSqrtRatio(Fp, Z) {\n // Generic implementation\n const q = Fp.ORDER;\n let l = _0n;\n for (let o = q - _1n; o % _2n === _0n; o /= _2n)\n l += _1n;\n const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.\n // We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.\n // 2n ** c1 == 2n << (c1-1)\n const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);\n const _2n_pow_c1 = _2n_pow_c1_1 * _2n;\n const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic\n const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic\n const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic\n const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic\n const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2\n const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)\n let sqrtRatio = (u, v) => {\n let tv1 = c6; // 1. tv1 = c6\n let tv2 = Fp.pow(v, c4); // 2. tv2 = v^c4\n let tv3 = Fp.sqr(tv2); // 3. tv3 = tv2^2\n tv3 = Fp.mul(tv3, v); // 4. tv3 = tv3 * v\n let tv5 = Fp.mul(u, tv3); // 5. tv5 = u * tv3\n tv5 = Fp.pow(tv5, c3); // 6. tv5 = tv5^c3\n tv5 = Fp.mul(tv5, tv2); // 7. tv5 = tv5 * tv2\n tv2 = Fp.mul(tv5, v); // 8. tv2 = tv5 * v\n tv3 = Fp.mul(tv5, u); // 9. tv3 = tv5 * u\n let tv4 = Fp.mul(tv3, tv2); // 10. tv4 = tv3 * tv2\n tv5 = Fp.pow(tv4, c5); // 11. tv5 = tv4^c5\n let isQR = Fp.eql(tv5, Fp.ONE); // 12. isQR = tv5 == 1\n tv2 = Fp.mul(tv3, c7); // 13. tv2 = tv3 * c7\n tv5 = Fp.mul(tv4, tv1); // 14. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, isQR); // 15. tv3 = CMOV(tv2, tv3, isQR)\n tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)\n // 17. for i in (c1, c1 - 1, ..., 2):\n for (let i = c1; i > _1n; i--) {\n let tv5 = i - _2n; // 18. tv5 = i - 2\n tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5\n let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5\n const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1\n tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1\n tv1 = Fp.mul(tv1, tv1); // 23. tv1 = tv1 * tv1\n tvv5 = Fp.mul(tv4, tv1); // 24. tv5 = tv4 * tv1\n tv3 = Fp.cmov(tv2, tv3, e1); // 25. tv3 = CMOV(tv2, tv3, e1)\n tv4 = Fp.cmov(tvv5, tv4, e1); // 26. tv4 = CMOV(tv5, tv4, e1)\n }\n return { isValid: isQR, value: tv3 };\n };\n if (Fp.ORDER % _4n === _3n) {\n // sqrt_ratio_3mod4(u, v)\n const c1 = (Fp.ORDER - _3n) / _4n; // 1. c1 = (q - 3) / 4 # Integer arithmetic\n const c2 = Fp.sqrt(Fp.neg(Z)); // 2. c2 = sqrt(-Z)\n sqrtRatio = (u, v) => {\n let tv1 = Fp.sqr(v); // 1. tv1 = v^2\n const tv2 = Fp.mul(u, v); // 2. tv2 = u * v\n tv1 = Fp.mul(tv1, tv2); // 3. tv1 = tv1 * tv2\n let y1 = Fp.pow(tv1, c1); // 4. y1 = tv1^c1\n y1 = Fp.mul(y1, tv2); // 5. y1 = y1 * tv2\n const y2 = Fp.mul(y1, c2); // 6. y2 = y1 * c2\n const tv3 = Fp.mul(Fp.sqr(y1), v); // 7. tv3 = y1^2; 8. tv3 = tv3 * v\n const isQR = Fp.eql(tv3, u); // 9. isQR = tv3 == u\n let y = Fp.cmov(y2, y1, isQR); // 10. y = CMOV(y2, y1, isQR)\n return { isValid: isQR, value: y }; // 11. return (isQR, y) isQR ? y : y*c2\n };\n }\n // No curves uses that\n // if (Fp.ORDER % _8n === _5n) // sqrt_ratio_5mod8\n return sqrtRatio;\n}\n/**\n * Simplified Shallue-van de Woestijne-Ulas Method\n * https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2\n */\nexport function mapToCurveSimpleSWU(Fp, opts) {\n mod.validateField(Fp);\n if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))\n throw new Error('mapToCurveSimpleSWU: invalid opts');\n const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);\n if (!Fp.isOdd)\n throw new Error('Fp.isOdd is not implemented!');\n // Input: u, an element of F.\n // Output: (x, y), a point on E.\n return (u) => {\n // prettier-ignore\n let tv1, tv2, tv3, tv4, tv5, tv6, x, y;\n tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, opts.Z); // 2. tv1 = Z * tv1\n tv2 = Fp.sqr(tv1); // 3. tv2 = tv1^2\n tv2 = Fp.add(tv2, tv1); // 4. tv2 = tv2 + tv1\n tv3 = Fp.add(tv2, Fp.ONE); // 5. tv3 = tv2 + 1\n tv3 = Fp.mul(tv3, opts.B); // 6. tv3 = B * tv3\n tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO)); // 7. tv4 = CMOV(Z, -tv2, tv2 != 0)\n tv4 = Fp.mul(tv4, opts.A); // 8. tv4 = A * tv4\n tv2 = Fp.sqr(tv3); // 9. tv2 = tv3^2\n tv6 = Fp.sqr(tv4); // 10. tv6 = tv4^2\n tv5 = Fp.mul(tv6, opts.A); // 11. tv5 = A * tv6\n tv2 = Fp.add(tv2, tv5); // 12. tv2 = tv2 + tv5\n tv2 = Fp.mul(tv2, tv3); // 13. tv2 = tv2 * tv3\n tv6 = Fp.mul(tv6, tv4); // 14. tv6 = tv6 * tv4\n tv5 = Fp.mul(tv6, opts.B); // 15. tv5 = B * tv6\n tv2 = Fp.add(tv2, tv5); // 16. tv2 = tv2 + tv5\n x = Fp.mul(tv1, tv3); // 17. x = tv1 * tv3\n const { isValid, value } = sqrtRatio(tv2, tv6); // 18. (is_gx1_square, y1) = sqrt_ratio(tv2, tv6)\n y = Fp.mul(tv1, u); // 19. y = tv1 * u -> Z * u^3 * y1\n y = Fp.mul(y, value); // 20. y = y * y1\n x = Fp.cmov(x, tv3, isValid); // 21. x = CMOV(x, tv3, is_gx1_square)\n y = Fp.cmov(y, value, isValid); // 22. y = CMOV(y, y1, is_gx1_square)\n const e1 = Fp.isOdd(u) === Fp.isOdd(y); // 23. e1 = sgn0(u) == sgn0(y)\n y = Fp.cmov(Fp.neg(y), y, e1); // 24. y = CMOV(-y, y, e1)\n x = Fp.div(x, tv4); // 25. x = x / tv4\n return { x, y };\n };\n}\n//# sourceMappingURL=weierstrass.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { hmac } from '@noble/hashes/hmac';\nimport { concatBytes, randomBytes } from '@noble/hashes/utils';\nimport { weierstrass } from './abstract/weierstrass.js';\n// connects noble-curves to noble-hashes\nexport function getHash(hash) {\n return {\n hash,\n hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),\n randomBytes,\n };\n}\nexport function createCurve(curveDef, defHash) {\n const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });\n return Object.freeze({ ...create(defHash), create });\n}\n//# sourceMappingURL=_shortw_utils.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp256r1 aka p256\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256\nconst Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));\nconst CURVE_A = Fp.create(BigInt('-3'));\nconst CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');\n// prettier-ignore\nexport const p256 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n\n // Curve order, total count of valid points in the field\n n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),\n Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),\n h: BigInt(1),\n lowS: false,\n}, sha256);\nexport const secp256r1 = p256;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-10')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P256_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p256.js.map","const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\n// We are not using BigUint64Array, because they are extremely slow as per 2022\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };\n}\nfunction split(lst, le = false) {\n let Ah = new Uint32Array(lst.length);\n let Al = new Uint32Array(lst.length);\n for (let i = 0; i < lst.length; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { fromBig, split, toBig, shrSH, shrSL, rotrSH, rotrSL, rotrBH, rotrBL, rotr32H, rotr32L, rotlSH, rotlSL, rotlBH, rotlBL, add, add3L, add3H, add4L, add4H, add5H, add5L, };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map","import { HashMD } from './_md.js';\nimport u64 from './_u64.js';\nimport { wrapConstructor } from './utils.js';\n// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):\n// prettier-ignore\nconst [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([\n '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\n// Temporary buffer, not used to store anything between runs\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA512 extends HashMD {\n constructor() {\n super(128, 64, 16, false);\n // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.\n // Also looks cleaner and easier to verify with spec.\n // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x6a09e667 | 0;\n this.Al = 0xf3bcc908 | 0;\n this.Bh = 0xbb67ae85 | 0;\n this.Bl = 0x84caa73b | 0;\n this.Ch = 0x3c6ef372 | 0;\n this.Cl = 0xfe94f82b | 0;\n this.Dh = 0xa54ff53a | 0;\n this.Dl = 0x5f1d36f1 | 0;\n this.Eh = 0x510e527f | 0;\n this.El = 0xade682d1 | 0;\n this.Fh = 0x9b05688c | 0;\n this.Fl = 0x2b3e6c1f | 0;\n this.Gh = 0x1f83d9ab | 0;\n this.Gl = 0xfb41bd6b | 0;\n this.Hh = 0x5be0cd19 | 0;\n this.Hl = 0x137e2179 | 0;\n }\n // prettier-ignore\n get() {\n const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n }\n // prettier-ignore\n set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {\n this.Ah = Ah | 0;\n this.Al = Al | 0;\n this.Bh = Bh | 0;\n this.Bl = Bl | 0;\n this.Ch = Ch | 0;\n this.Cl = Cl | 0;\n this.Dh = Dh | 0;\n this.Dl = Dl | 0;\n this.Eh = Eh | 0;\n this.El = El | 0;\n this.Fh = Fh | 0;\n this.Fl = Fl | 0;\n this.Gh = Gh | 0;\n this.Gl = Gl | 0;\n this.Hh = Hh | 0;\n this.Hl = Hl | 0;\n }\n process(view, offset) {\n // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n for (let i = 0; i < 16; i++, offset += 4) {\n SHA512_W_H[i] = view.getUint32(offset);\n SHA512_W_L[i] = view.getUint32((offset += 4));\n }\n for (let i = 16; i < 80; i++) {\n // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n const W15h = SHA512_W_H[i - 15] | 0;\n const W15l = SHA512_W_L[i - 15] | 0;\n const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n const W2h = SHA512_W_H[i - 2] | 0;\n const W2l = SHA512_W_L[i - 2] | 0;\n const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];\n const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n SHA512_W_H[i] = SUMh | 0;\n SHA512_W_L[i] = SUMl | 0;\n }\n let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n // Compression function main loop, 80 rounds\n for (let i = 0; i < 80; i++) {\n // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n const CHIl = (El & Fl) ^ (~El & Gl);\n // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n // prettier-ignore\n const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n const T1l = T1ll | 0;\n // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n Hh = Gh | 0;\n Hl = Gl | 0;\n Gh = Fh | 0;\n Gl = Fl | 0;\n Fh = Eh | 0;\n Fl = El | 0;\n ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n Dh = Ch | 0;\n Dl = Cl | 0;\n Ch = Bh | 0;\n Cl = Bl | 0;\n Bh = Ah | 0;\n Bl = Al | 0;\n const All = u64.add3L(T1l, sigma0l, MAJl);\n Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n Al = All | 0;\n }\n // Add the compressed chunk to the current hash value\n ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n }\n roundClean() {\n SHA512_W_H.fill(0);\n SHA512_W_L.fill(0);\n }\n destroy() {\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n }\n}\nexport class SHA512_224 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x8c3d37c8 | 0;\n this.Al = 0x19544da2 | 0;\n this.Bh = 0x73e19966 | 0;\n this.Bl = 0x89dcd4d6 | 0;\n this.Ch = 0x1dfab7ae | 0;\n this.Cl = 0x32ff9c82 | 0;\n this.Dh = 0x679dd514 | 0;\n this.Dl = 0x582f9fcf | 0;\n this.Eh = 0x0f6d2b69 | 0;\n this.El = 0x7bd44da8 | 0;\n this.Fh = 0x77e36f73 | 0;\n this.Fl = 0x04c48942 | 0;\n this.Gh = 0x3f9d85a8 | 0;\n this.Gl = 0x6a1d36c8 | 0;\n this.Hh = 0x1112e6ad | 0;\n this.Hl = 0x91d692a1 | 0;\n this.outputLen = 28;\n }\n}\nexport class SHA512_256 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0x22312194 | 0;\n this.Al = 0xfc2bf72c | 0;\n this.Bh = 0x9f555fa3 | 0;\n this.Bl = 0xc84c64c2 | 0;\n this.Ch = 0x2393b86b | 0;\n this.Cl = 0x6f53b151 | 0;\n this.Dh = 0x96387719 | 0;\n this.Dl = 0x5940eabd | 0;\n this.Eh = 0x96283ee2 | 0;\n this.El = 0xa88effe3 | 0;\n this.Fh = 0xbe5e1e25 | 0;\n this.Fl = 0x53863992 | 0;\n this.Gh = 0x2b0199fc | 0;\n this.Gl = 0x2c85b8aa | 0;\n this.Hh = 0x0eb72ddc | 0;\n this.Hl = 0x81c52ca2 | 0;\n this.outputLen = 32;\n }\n}\nexport class SHA384 extends SHA512 {\n constructor() {\n super();\n // h -- high 32 bits, l -- low 32 bits\n this.Ah = 0xcbbb9d5d | 0;\n this.Al = 0xc1059ed8 | 0;\n this.Bh = 0x629a292a | 0;\n this.Bl = 0x367cd507 | 0;\n this.Ch = 0x9159015a | 0;\n this.Cl = 0x3070dd17 | 0;\n this.Dh = 0x152fecd8 | 0;\n this.Dl = 0xf70e5939 | 0;\n this.Eh = 0x67332667 | 0;\n this.El = 0xffc00b31 | 0;\n this.Fh = 0x8eb44a87 | 0;\n this.Fl = 0x68581511 | 0;\n this.Gh = 0xdb0c2e0d | 0;\n this.Gl = 0x64f98fa7 | 0;\n this.Hh = 0x47b5481d | 0;\n this.Hl = 0xbefa4fa4 | 0;\n this.outputLen = 48;\n }\n}\nexport const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());\nexport const sha512_224 = /* @__PURE__ */ wrapConstructor(() => new SHA512_224());\nexport const sha512_256 = /* @__PURE__ */ wrapConstructor(() => new SHA512_256());\nexport const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384());\n//# sourceMappingURL=sha512.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha384 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp384r1 aka p384\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');\nconst Fp = Field(P);\nconst CURVE_A = Fp.create(BigInt('-3'));\n// prettier-ignore\nconst CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');\n// prettier-ignore\nexport const p384 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n\n // Curve order, total count of valid points in the field.\n n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),\n // Base (generator) point (x, y)\n Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),\n Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),\n h: BigInt(1),\n lowS: false,\n}, sha384);\nexport const secp384r1 = p384;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE_A,\n B: CURVE_B,\n Z: Fp.create(BigInt('-12')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P384_XMD:SHA-384_SSWU_RO_',\n encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 192,\n expand: 'xmd',\n hash: sha384,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p384.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha512 } from '@noble/hashes/sha512';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher } from './abstract/hash-to-curve.js';\nimport { Field } from './abstract/modular.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\n// NIST secp521r1 aka p521\n// Note that it's 521, which differs from 512 of its hash function.\n// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521\n// Field over which we'll do calculations.\n// prettier-ignore\nconst P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst Fp = Field(P);\nconst CURVE = {\n a: Fp.create(BigInt('-3')),\n b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),\n Fp,\n n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),\n Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),\n Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),\n h: BigInt(1),\n};\n// prettier-ignore\nexport const p521 = createCurve({\n a: CURVE.a, // Equation params: a, b\n b: CURVE.b,\n Fp, // Field: 2n**521n - 1n\n // Curve order, total count of valid points in the field\n n: CURVE.n,\n Gx: CURVE.Gx, // Base point (x, y) aka generator point\n Gy: CURVE.Gy,\n h: CURVE.h,\n lowS: false,\n allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b\n}, sha512);\nexport const secp521r1 = p521;\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: CURVE.a,\n B: CURVE.b,\n Z: Fp.create(BigInt('-4')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {\n DST: 'P521_XMD:SHA-512_SSWU_RO_',\n encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 256,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=p521.js.map","import { bytes, exists, number, output } from './_assert.js';\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';\nimport { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';\n// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.\n// It's called a sponge function.\n// Various per round constants calculations\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nconst _2n = /* @__PURE__ */ BigInt(2);\nconst _7n = /* @__PURE__ */ BigInt(7);\nconst _256n = /* @__PURE__ */ BigInt(256);\nconst _0x71n = /* @__PURE__ */ BigInt(0x71);\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true);\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n// Same as keccakf1600, but allows to skip some rounds\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n B.fill(0);\n}\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n // Can be passed from user as dkLen\n number(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n if (0 >= this.blockLen || this.blockLen >= 200)\n throw new Error('Sha3 supports only keccak-f1600 function');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n keccak() {\n if (!isLE)\n byteSwap32(this.state32);\n keccakP(this.state32, this.rounds);\n if (!isLE)\n byteSwap32(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n exists(this);\n const { blockLen, state } = this;\n data = toBytes(data);\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n exists(this, false);\n bytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n number(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n output(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n this.state.fill(0);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));\nexport const sha3_224 = /* @__PURE__ */ gen(0x06, 144, 224 / 8);\n/**\n * SHA3-256 hash function\n * @param message - that would be hashed\n */\nexport const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8);\nexport const sha3_384 = /* @__PURE__ */ gen(0x06, 104, 384 / 8);\nexport const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8);\nexport const keccak_224 = /* @__PURE__ */ gen(0x01, 144, 224 / 8);\n/**\n * keccak-256 hash function. Different from SHA3-256.\n * @param message - that would be hashed\n */\nexport const keccak_256 = /* @__PURE__ */ gen(0x01, 136, 256 / 8);\nexport const keccak_384 = /* @__PURE__ */ gen(0x01, 104, 384 / 8);\nexport const keccak_512 = /* @__PURE__ */ gen(0x01, 72, 512 / 8);\nconst genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\nexport const shake128 = /* @__PURE__ */ genShake(0x1f, 168, 128 / 8);\nexport const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8);\n//# sourceMappingURL=sha3.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²\nimport { validateBasic, wNAF, pippenger, } from './curve.js';\nimport { mod, Field } from './modular.js';\nimport * as ut from './utils.js';\nimport { ensureBytes, memoized, abool } from './utils.js';\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n ut.validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/**\n * Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n */\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n const MASK = _2n << (BigInt(nByteLength * 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio ||\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP\n const domain = CURVE.domain ||\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length || phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n) {\n ut.aInRange('coordinate ' + title, n, _0n, MASK);\n }\n function assertPoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T\n const XY = modP(X * Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez);\n aCoordinate('t', et);\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p || {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = Fp.invertBatch(points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n assertPoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1*a + 6add + 1*2.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12\n const D = modP(a * A); // D = a*A\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1*a + 1*d + 7add.\n add(other) {\n assertPoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n // Faster algo for adding 2 Extended Points when curve's a=-1.\n // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4\n // Cost: 8M + 8add + 2*2.\n // Note: It does not check whether the `other` point is valid.\n if (a === BigInt(-1)) {\n const A = modP((Y1 - X1) * (Y2 + X2));\n const B = modP((Y1 + X1) * (Y2 - X2));\n const F = modP(B - A);\n if (F === _0n)\n return this.double(); // Same point. Tests say it doesn't affect timing\n const C = modP(Z1 * _2n * T2);\n const D = modP(T1 * _2n * Z2);\n const E = D + C;\n const G = B + A;\n const H = D - C;\n const X3 = modP(E * F);\n const Y3 = modP(G * H);\n const T3 = modP(E * H);\n const Z3 = modP(F * G);\n return new Point(X3, Y3, Z3, T3);\n }\n const A = modP(X1 * X2); // A = X1*X2\n const B = modP(Y1 * Y2); // B = Y1*Y2\n const C = modP(T1 * d * T2); // C = T1*d*T2\n const D = modP(Z1 * Z2); // D = Z1*Z2\n const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a * A); // H = B-a*A\n const X3 = modP(E * F); // X3 = E*F\n const Y3 = modP(G * H); // Y3 = G*H\n const T3 = modP(E * H); // T3 = E*H\n const Z3 = modP(F * G); // Z3 = F*G\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n multiplyUnsafe(scalar) {\n const n = scalar;\n ut.aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.equals(I) || n === _1n)\n return this;\n if (this.equals(G))\n return this.wNAF(n).p;\n return wnaf.unsafeLadder(this, n);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = ut.bytesToNumberLE(normed);\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n ut.aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n return getExtendedPublicKey(privKey).point;\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(ut.bytesToNumberLE(hash));\n }\n /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */\n function getExtendedPublicKey(key) {\n const len = nByteLength;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) || msgs)) mod N\n function hashDomainToScalar(context = new Uint8Array(), ...msgs) {\n const msg = ut.concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 */\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)\n const s = modN(r + k * scalar); // S = (r + k * s) mod L\n ut.aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, nByteLength * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));\n // zip215: true is good for consensus-critical apps and allows points < 2^256\n // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p\n let A, R, SB;\n try {\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /**\n * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { mod, pow } from './modular.js';\nimport { aInRange, bytesToNumberLE, ensureBytes, numberToBytesLE, validateObject, } from './utils.js';\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction validateOpts(curve) {\n validateObject(curve, {\n a: 'bigint',\n }, {\n montgomeryBits: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n adjustScalarBytes: 'function',\n domain: 'function',\n powPminus2: 'function',\n Gu: 'bigint',\n });\n // Set defaults\n return Object.freeze({ ...curve });\n}\n// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748)\n// Uses only one coordinate instead of two\nexport function montgomery(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { P } = CURVE;\n const modP = (n) => mod(n, P);\n const montgomeryBits = CURVE.montgomeryBits;\n const montgomeryBytes = Math.ceil(montgomeryBits / 8);\n const fieldLen = CURVE.nByteLength;\n const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes);\n const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P));\n // cswap from RFC7748. But it is not from RFC7748!\n /*\n cswap(swap, x_2, x_3):\n dummy = mask(swap) AND (x_2 XOR x_3)\n x_2 = x_2 XOR dummy\n x_3 = x_3 XOR dummy\n Return (x_2, x_3)\n Where mask(swap) is the all-1 or all-0 word of the same length as x_2\n and x_3, computed, e.g., as mask(swap) = 0 - swap.\n */\n function cswap(swap, x_2, x_3) {\n const dummy = modP(swap * (x_2 - x_3));\n x_2 = modP(x_2 - dummy);\n x_3 = modP(x_3 + dummy);\n return [x_2, x_3];\n }\n // x25519 from 4\n // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519\n const a24 = (CURVE.a - BigInt(2)) / BigInt(4);\n /**\n *\n * @param pointU u coordinate (x) on Montgomery Curve 25519\n * @param scalar by which the point would be multiplied\n * @returns new Point on Montgomery curve\n */\n function montgomeryLadder(u, scalar) {\n aInRange('u', u, _0n, P);\n aInRange('scalar', scalar, _0n, P);\n // Section 5: Implementations MUST accept non-canonical values and process them as\n // if they had been reduced modulo the field prime.\n const k = scalar;\n const x_1 = u;\n let x_2 = _1n;\n let z_2 = _0n;\n let x_3 = u;\n let z_3 = _1n;\n let swap = _0n;\n let sw;\n for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {\n const k_t = (k >> t) & _1n;\n swap ^= k_t;\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n swap = k_t;\n const A = x_2 + z_2;\n const AA = modP(A * A);\n const B = x_2 - z_2;\n const BB = modP(B * B);\n const E = AA - BB;\n const C = x_3 + z_3;\n const D = x_3 - z_3;\n const DA = modP(D * A);\n const CB = modP(C * B);\n const dacb = DA + CB;\n const da_cb = DA - CB;\n x_3 = modP(dacb * dacb);\n z_3 = modP(x_1 * modP(da_cb * da_cb));\n x_2 = modP(AA * BB);\n z_2 = modP(E * (AA + modP(a24 * E)));\n }\n // (x_2, x_3) = cswap(swap, x_2, x_3)\n sw = cswap(swap, x_2, x_3);\n x_2 = sw[0];\n x_3 = sw[1];\n // (z_2, z_3) = cswap(swap, z_2, z_3)\n sw = cswap(swap, z_2, z_3);\n z_2 = sw[0];\n z_3 = sw[1];\n // z_2^(p - 2)\n const z2 = powPminus2(z_2);\n // Return x_2 * (z_2^(p - 2))\n return modP(x_2 * z2);\n }\n function encodeUCoordinate(u) {\n return numberToBytesLE(modP(u), montgomeryBytes);\n }\n function decodeUCoordinate(uEnc) {\n // Section 5: When receiving such an array, implementations of X25519\n // MUST mask the most significant bit in the final byte.\n const u = ensureBytes('u coordinate', uEnc, montgomeryBytes);\n if (fieldLen === 32)\n u[31] &= 127; // 0b0111_1111\n return bytesToNumberLE(u);\n }\n function decodeScalar(n) {\n const bytes = ensureBytes('scalar', n);\n const len = bytes.length;\n if (len !== montgomeryBytes && len !== fieldLen)\n throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`);\n return bytesToNumberLE(adjustScalarBytes(bytes));\n }\n function scalarMult(scalar, u) {\n const pointU = decodeUCoordinate(u);\n const _scalar = decodeScalar(scalar);\n const pu = montgomeryLadder(pointU, _scalar);\n // The result was not contributory\n // https://cr.yp.to/ecdh.html#validate\n if (pu === _0n)\n throw new Error('Invalid private or public key received');\n return encodeUCoordinate(pu);\n }\n // Computes public key from private. By doing scalar multiplication of base point.\n const GuBytes = encodeUCoordinate(CURVE.Gu);\n function scalarMultBase(scalar) {\n return scalarMult(scalar, GuBytes);\n }\n return {\n scalarMult,\n scalarMultBase,\n getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),\n getPublicKey: (privateKey) => scalarMultBase(privateKey),\n utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },\n GuBytes: GuBytes,\n };\n}\n//# sourceMappingURL=montgomery.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3';\nimport { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';\nimport { twistedEdwards } from './abstract/edwards.js';\nimport { createHasher, expand_message_xof } from './abstract/hash-to-curve.js';\nimport { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js';\nimport { montgomery } from './abstract/montgomery.js';\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js';\n/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n */\nconst shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));\nconst ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448P;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most\n // significant bit of the last byte to 1.\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448P;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\nconst Fp = Field(ed448P, 456, true);\nconst ED448_DEF = {\n // Param: a\n a: BigInt(1),\n // -39081. Negative number is P - number\n d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),\n // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n\n Fp,\n // Subgroup order: how many points curve has;\n // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\n n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n nBitLength: 456,\n // Cofactor\n h: BigInt(4),\n // Base point (x, y) aka generator point\n Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'),\n Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),\n // SHAKE256(dom4(phflag,context)||x, 114)\n hash: shake256_114,\n randomBytes,\n adjustScalarBytes,\n // dom4\n domain: (data, ctx, phflag) => {\n if (ctx.length > 255)\n throw new Error(`Context is too big: ${ctx.length}`);\n return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n },\n uvRatio,\n};\nexport const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF);\n// NOTE: there is no ed448ctx, since ed448 supports ctx by default\nexport const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 });\nexport const x448 = /* @__PURE__ */ (() => montgomery({\n a: BigInt(156326),\n // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys\n montgomeryBits: 448,\n nByteLength: 56,\n P: ed448P,\n Gu: BigInt(5),\n powPminus2: (x) => {\n const P = ed448P;\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, BigInt(2), P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/**\n * Converts edwards448 public key to x448 public key. Uses formula:\n * * `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`\n * * `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`\n * @example\n * const aPub = ed448.getPublicKey(utils.randomPrivateKey());\n * x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))\n */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = Fp.invertBatch([xEd, yEd]); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\nconst htf = /* @__PURE__ */ (() => createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\nfunction assertDcfPoint(other) {\n if (!(other instanceof DcfPoint))\n throw new Error('DecafPoint expected');\n}\n// 1-d\nconst ONE_MINUS_D = BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_448B = BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes448ToNumberLE = (bytes) => ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);\n// Computes Elligator map for Decaf\n// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/**\n * Each ed448/ExtendedPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448\n */\nclass DcfPoint {\n // Private property to discourage combining ExtendedPoint + DecafPoint\n // Always use Decaf encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));\n }\n /**\n * Takes uniform output of 112-byte hash function like shake256 and converts it to `DecafPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * **Note:** this is one-way map, there is no conversion from point to hash.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-element-derivation-2\n * @param hex 112-byte output of a hash function\n */\n static hashToCurve(hex) {\n hex = ensureBytes('decafHash', hex, 112);\n const r1 = bytes448ToNumberLE(hex.slice(0, 56));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = bytes448ToNumberLE(hex.slice(56, 112));\n const R2 = calcElligatorDecafMap(r2);\n return new DcfPoint(R1.add(R2));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-decode-2\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n hex = ensureBytes('decafHex', hex, 56);\n const { d } = ed448.CURVE;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';\n const s = bytes448ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 56), hex) || isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error(emsg);\n return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));\n }\n /**\n * Encodes decaf point to Uint8Array.\n * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-encode-2\n */\n toRawBytes() {\n let { ex: x, ey: _y, ez: z, et: t } = this.ep;\n const P = ed448.CURVE.Fp.ORDER;\n const mod = ed448.CURVE.Fp.create;\n const u1 = mod(mod(x + t) * mod(x - t)); // 1\n const x2 = mod(x * x);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * z - t); // 4\n let s = mod(ONE_MINUS_D * invsqrt * x * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 56);\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n // Compare one point to another.\n // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-07#name-equals-2\n equals(other) {\n assertDcfPoint(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed448.CURVE.Fp.create;\n // (x1 * y2 == y1 * x2)\n return mod(X1 * Y2) === mod(Y1 * X2);\n }\n add(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n assertDcfPoint(other);\n return new DcfPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new DcfPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new DcfPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new DcfPoint(this.ep.double());\n }\n negate() {\n return new DcfPoint(this.ep.negate());\n }\n}\nexport const DecafPoint = /* @__PURE__ */ (() => {\n // decaf448 base point is ed448 base x 2\n // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699\n if (!DcfPoint.BASE)\n DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);\n if (!DcfPoint.ZERO)\n DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);\n return DcfPoint;\n})();\n// Hashing to decaf448. https://www.rfc-editor.org/rfc/rfc9380#appendix-C\nexport const hashToDecaf448 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xof(msg, DST, 112, 224, shake256);\n const P = DcfPoint.hashToCurve(uniform_bytes);\n return P;\n};\nexport const hash_to_decaf448 = hashToDecaf448; // legacy\n//# sourceMappingURL=ed448.js.map","/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { createCurve } from './_shortw_utils.js';\nimport { createHasher, isogenyMap } from './abstract/hash-to-curve.js';\nimport { Field, mod, pow2 } from './abstract/modular.js';\nimport { inRange, aInRange, bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE, } from './abstract/utils.js';\nimport { mapToCurveSimpleSWU } from './abstract/weierstrass.js';\nconst secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');\nconst secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst divNearest = (a, b) => (a + b / _2n) / b;\n/**\n * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.\n * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]\n */\nfunction sqrtMod(y) {\n const P = secp256k1P;\n // prettier-ignore\n const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);\n // prettier-ignore\n const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);\n const b2 = (y * y * y) % P; // x^3, 11\n const b3 = (b2 * b2 * y) % P; // x^7\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b223 = (pow2(b220, _3n, P) * b3) % P;\n const t1 = (pow2(b223, _23n, P) * b22) % P;\n const t2 = (pow2(t1, _6n, P) * b2) % P;\n const root = pow2(t2, _2n, P);\n if (!Fp.eql(Fp.sqr(root), y))\n throw new Error('Cannot find square root');\n return root;\n}\nconst Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });\n/**\n * secp256k1 short weierstrass curve and ECDSA signatures over it.\n */\nexport const secp256k1 = createCurve({\n a: BigInt(0), // equation params: a, b\n b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975\n Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n\n n: secp256k1N, // Curve order, total count of valid points in the field\n // Base point (x, y) aka generator point\n Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),\n Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),\n h: BigInt(1), // Cofactor\n lowS: true, // Allow only low-S signatures by default in sign() and verify()\n /**\n * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.\n * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.\n * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.\n * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066\n */\n endo: {\n beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),\n splitScalar: (k) => {\n const n = secp256k1N;\n const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');\n const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');\n const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');\n const b2 = a1;\n const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)\n const c1 = divNearest(b2 * k, n);\n const c2 = divNearest(-b1 * k, n);\n let k1 = mod(k - c1 * a1 - c2 * a2, n);\n let k2 = mod(-c1 * b1 - c2 * b2, n);\n const k1neg = k1 > POW_2_128;\n const k2neg = k2 > POW_2_128;\n if (k1neg)\n k1 = n - k1;\n if (k2neg)\n k2 = n - k2;\n if (k1 > POW_2_128 || k2 > POW_2_128) {\n throw new Error('splitScalar: Endomorphism failed, k=' + k);\n }\n return { k1neg, k1, k2neg, k2 };\n },\n },\n}, sha256);\n// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.\n// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki\nconst _0n = BigInt(0);\n/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */\nconst TAGGED_HASH_PREFIXES = {};\nfunction taggedHash(tag, ...messages) {\n let tagP = TAGGED_HASH_PREFIXES[tag];\n if (tagP === undefined) {\n const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));\n tagP = concatBytes(tagH, tagH);\n TAGGED_HASH_PREFIXES[tag] = tagP;\n }\n return sha256(concatBytes(tagP, ...messages));\n}\n// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03\nconst pointToBytes = (point) => point.toRawBytes(true).slice(1);\nconst numTo32b = (n) => numberToBytesBE(n, 32);\nconst modP = (x) => mod(x, secp256k1P);\nconst modN = (x) => mod(x, secp256k1N);\nconst Point = secp256k1.ProjectivePoint;\nconst GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);\n// Calculate point, scalar and bytes\nfunction schnorrGetExtPubKey(priv) {\n let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey\n let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside\n const scalar = p.hasEvenY() ? d_ : modN(-d_);\n return { scalar: scalar, bytes: pointToBytes(p) };\n}\n/**\n * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.\n * @returns valid point checked for being on-curve\n */\nfunction lift_x(x) {\n aInRange('x', x, _1n, secp256k1P); // Fail if x ≥ p.\n const xx = modP(x * x);\n const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.\n let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.\n if (y % _2n !== _0n)\n y = modP(-y); // Return the unique point P such that x(P) = x and\n const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.\n p.assertValidity();\n return p;\n}\nconst num = bytesToNumberBE;\n/**\n * Create tagged hash, convert it to bigint, reduce modulo-n.\n */\nfunction challenge(...args) {\n return modN(num(taggedHash('BIP0340/challenge', ...args)));\n}\n/**\n * Schnorr public key is just `x` coordinate of Point as per BIP340.\n */\nfunction schnorrGetPublicKey(privateKey) {\n return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)\n}\n/**\n * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.\n * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.\n */\nfunction schnorrSign(message, privateKey, auxRand = randomBytes(32)) {\n const m = ensureBytes('message', message);\n const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder\n const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array\n const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)\n const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)\n const k_ = modN(num(rand)); // Let k' = int(rand) mod n\n if (k_ === _0n)\n throw new Error('sign failed: k is zero'); // Fail if k' = 0.\n const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.\n const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.\n const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).\n sig.set(rx, 0);\n sig.set(numTo32b(modN(k + e * d)), 32);\n // If Verify(bytes(P), m, sig) (see below) returns failure, abort\n if (!schnorrVerify(sig, m, px))\n throw new Error('sign: Invalid signature produced');\n return sig;\n}\n/**\n * Verifies Schnorr signature.\n * Will swallow errors & return false except for initial type validation of arguments.\n */\nfunction schnorrVerify(signature, message, publicKey) {\n const sig = ensureBytes('signature', signature, 64);\n const m = ensureBytes('message', message);\n const pub = ensureBytes('publicKey', publicKey, 32);\n try {\n const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails\n const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.\n if (!inRange(r, _1n, secp256k1P))\n return false;\n const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.\n if (!inRange(s, _1n, secp256k1N))\n return false;\n const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n\n const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P\n if (!R || !R.hasEvenY() || R.toAffine().x !== r)\n return false; // -eP == (n-e)P\n return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.\n }\n catch (error) {\n return false;\n }\n}\n/**\n * Schnorr signatures over secp256k1.\n */\nexport const schnorr = /* @__PURE__ */ (() => ({\n getPublicKey: schnorrGetPublicKey,\n sign: schnorrSign,\n verify: schnorrVerify,\n utils: {\n randomPrivateKey: secp256k1.utils.randomPrivateKey,\n lift_x,\n pointToBytes,\n numberToBytesBE,\n bytesToNumberBE,\n taggedHash,\n mod,\n },\n}))();\nconst isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [\n // xNum\n [\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',\n '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',\n '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',\n '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',\n ],\n // xDen\n [\n '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',\n '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n // yNum\n [\n '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',\n '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',\n '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',\n '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',\n ],\n // yDen\n [\n '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',\n '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',\n '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',\n '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1\n ],\n].map((i) => i.map((j) => BigInt(j)))))();\nconst mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {\n A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),\n B: BigInt('1771'),\n Z: Fp.create(BigInt('-11')),\n}))();\nconst htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {\n const { x, y } = mapSWU(Fp.create(scalars[0]));\n return isoMap(x, y);\n}, {\n DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',\n encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha256,\n}))();\nexport const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();\nexport const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();\n//# sourceMappingURL=secp256k1.js.map","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'));\nconst CURVE_A = Fp.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'));\nconst CURVE_B = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6');\n\n// prettier-ignore\nexport const brainpoolP256r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),\n Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),\n h: BigInt(1),\n lowS: false\n} as const, sha256);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha384 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'));\nconst CURVE_A = Fp.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'));\nconst CURVE_B = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11');\n\n// prettier-ignore\nexport const brainpoolP384r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),\n Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),\n h: BigInt(1),\n lowS: false\n} as const, sha384);\n","import { createCurve } from '@noble/curves/_shortw_utils';\nimport { sha512 } from '@noble/hashes/sha512';\nimport { Field } from '@noble/curves/abstract/modular';\n\n// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7\n\n// eslint-disable-next-line new-cap\nconst Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'));\nconst CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'));\nconst CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723');\n\n// prettier-ignore\nexport const brainpoolP512r1 = createCurve({\n a: CURVE_A, // Equation params: a, b\n b: CURVE_B,\n Fp,\n // Curve order (q), total count of valid points in the field\n n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),\n // Base (generator) point (x, y)\n Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),\n Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),\n h: BigInt(1),\n lowS: false\n} as const, sha512);\n","/**\n * This file is needed to dynamic import the noble-curves.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { p256 as nistP256 } from '@noble/curves/p256';\nimport { p384 as nistP384 } from '@noble/curves/p384';\nimport { p521 as nistP521 } from '@noble/curves/p521';\nimport { x448, ed448 } from '@noble/curves/ed448';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { brainpoolP256r1 } from './brainpool/brainpoolP256r1';\nimport { brainpoolP384r1 } from './brainpool/brainpoolP384r1';\nimport { brainpoolP512r1 } from './brainpool/brainpoolP512r1';\n\nexport const nobleCurves = new Map(Object.entries({\n nistP256,\n nistP384,\n nistP521,\n brainpoolP256r1,\n brainpoolP384r1,\n brainpoolP512r1,\n secp256k1,\n x448,\n ed448\n}));\n\n","//Paul Tero, July 2001\n//http://www.tero.co.uk/des/\n//\n//Optimised for performance with large blocks by Michael Hayworth, November 2001\n//http://www.netdealing.com\n//\n// Modified by Recurity Labs GmbH\n\n//THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n//SUCH DAMAGE.\n\n//des\n//this takes the key, the message, and whether to encrypt or decrypt\n\nfunction des(keys, message, encrypt, mode, iv, padding) {\n //declaring this locally speeds things up a bit\n const spfunction1 = [\n 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400,\n 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000,\n 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4,\n 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404,\n 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400,\n 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004\n ];\n const spfunction2 = [\n -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0,\n -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020,\n -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000,\n -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000,\n -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0,\n 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0,\n -0x7fef7fe0, 0x108000\n ];\n const spfunction3 = [\n 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008,\n 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000,\n 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000,\n 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0,\n 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208,\n 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200\n ];\n const spfunction4 = [\n 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000,\n 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080,\n 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0,\n 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001,\n 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080\n ];\n const spfunction5 = [\n 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000,\n 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000,\n 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100,\n 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100,\n 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100,\n 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0,\n 0x40080000, 0x2080100, 0x40000100\n ];\n const spfunction6 = [\n 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000,\n 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010,\n 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000,\n 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000,\n 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000,\n 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010\n ];\n const spfunction7 = [\n 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802,\n 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002,\n 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000,\n 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000,\n 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0,\n 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002\n ];\n const spfunction8 = [\n 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000,\n 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000,\n 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040,\n 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040,\n 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000,\n 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000\n ];\n\n //create the 16 or 48 subkeys we will need\n let m = 0;\n let i;\n let j;\n let temp;\n let right1;\n let right2;\n let left;\n let right;\n let looping;\n let cbcleft;\n let cbcleft2;\n let cbcright;\n let cbcright2;\n let endloop;\n let loopinc;\n let len = message.length;\n\n //set up the loops for single and triple des\n const iterations = keys.length === 32 ? 3 : 9; //single or triple des\n if (iterations === 3) {\n looping = encrypt ? [0, 32, 2] : [30, -2, -2];\n } else {\n looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2];\n }\n\n //pad the message depending on the padding parameter\n //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (encrypt) {\n message = desAddPadding(message, padding);\n len = message.length;\n }\n\n //store the result here\n let result = new Uint8Array(len);\n let k = 0;\n\n if (mode === 1) { //CBC mode\n cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++];\n m = 0;\n }\n\n //loop through each 64 bit chunk of the message\n while (m < len) {\n left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++];\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n left ^= cbcleft;\n right ^= cbcright;\n } else {\n cbcleft2 = cbcleft;\n cbcright2 = cbcright;\n cbcleft = left;\n cbcright = right;\n }\n }\n\n //first each 64 but chunk of the message must be permuted according to IP\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n //do this either 1 or 3 times for each chunk of the message\n for (j = 0; j < iterations; j += 3) {\n endloop = looping[j + 1];\n loopinc = looping[j + 2];\n //now go through and perform the encryption or decryption\n for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency\n right1 = right ^ keys[i];\n right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n //the result is attained by passing these bytes through the S selection functions\n temp = left;\n left = right;\n right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>>\n 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) &\n 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]);\n }\n temp = left;\n left = right;\n right = temp; //unreverse left and right\n } //for either 1 or 3 iterations\n\n //move then each one bit to the right\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n //now perform IP-1, which is IP in the opposite direction\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= temp;\n right ^= (temp << 2);\n temp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= temp;\n left ^= (temp << 16);\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n\n //for Cipher Block Chaining mode, xor the message with the previous result\n if (mode === 1) {\n if (encrypt) {\n cbcleft = left;\n cbcright = right;\n } else {\n left ^= cbcleft2;\n right ^= cbcright2;\n }\n }\n\n result[k++] = (left >>> 24);\n result[k++] = ((left >>> 16) & 0xff);\n result[k++] = ((left >>> 8) & 0xff);\n result[k++] = (left & 0xff);\n result[k++] = (right >>> 24);\n result[k++] = ((right >>> 16) & 0xff);\n result[k++] = ((right >>> 8) & 0xff);\n result[k++] = (right & 0xff);\n } //for every 8 characters, or 64 bits in the message\n\n //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt\n if (!encrypt) {\n result = desRemovePadding(result, padding);\n }\n\n return result;\n} //end of des\n\n\n//desCreateKeys\n//this takes as input a 64 bit key (even though only 56 bits are used)\n//as an array of 2 integers, and returns 16 48 bit keys\n\nfunction desCreateKeys(key) {\n //declaring this locally speeds things up a bit\n const pc2bytes0 = [\n 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204,\n 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204\n ];\n const pc2bytes1 = [\n 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100,\n 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101\n ];\n const pc2bytes2 = [\n 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808,\n 0x1000000, 0x1000008, 0x1000800, 0x1000808\n ];\n const pc2bytes3 = [\n 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000,\n 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000\n ];\n const pc2bytes4 = [\n 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000,\n 0x41000, 0x1010, 0x41010\n ];\n const pc2bytes5 = [\n 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420,\n 0x2000000, 0x2000400, 0x2000020, 0x2000420\n ];\n const pc2bytes6 = [\n 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000,\n 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002\n ];\n const pc2bytes7 = [\n 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000,\n 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800\n ];\n const pc2bytes8 = [\n 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000,\n 0x2000002, 0x2040002, 0x2000002, 0x2040002\n ];\n const pc2bytes9 = [\n 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408,\n 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408\n ];\n const pc2bytes10 = [\n 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020,\n 0x102000, 0x102020, 0x102000, 0x102020\n ];\n const pc2bytes11 = [\n 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000,\n 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200\n ];\n const pc2bytes12 = [\n 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010,\n 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010\n ];\n const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];\n\n //how many iterations (1 for des, 3 for triple des)\n const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n //stores the return keys\n const keys = new Array(32 * iterations);\n //now define the left shifts which need to be done\n const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n //other variables\n let lefttemp;\n let righttemp;\n let m = 0;\n let n = 0;\n let temp;\n\n for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations\n let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++];\n\n temp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= temp;\n left ^= (temp << 4);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= temp;\n left ^= (temp << 2);\n temp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= temp;\n right ^= (temp << -16);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n temp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= temp;\n right ^= (temp << 8);\n temp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= temp;\n left ^= (temp << 1);\n\n //the right side needs to be shifted and to get the last four bits of the left side\n temp = (left << 8) | ((right >>> 20) & 0x000000f0);\n //left needs to be put upside down\n left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0);\n right = temp;\n\n //now go through and perform these shifts on the left and right keys\n for (let i = 0; i < shifts.length; i++) {\n //shift the keys either one or two bits to the left\n if (shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n //now apply PC-2, in such a way that E is easier when encrypting or decrypting\n //this conversion will look like PC-2 except only the last 6 bits of each byte are used\n //rather than 48 consecutive bits and the order of lines will be according to\n //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7\n lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(\n left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) &\n 0xf];\n righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] |\n pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf];\n temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff;\n keys[n++] = lefttemp ^ temp;\n keys[n++] = righttemp ^ (temp << 16);\n }\n } //for each iterations\n //return the keys we've created\n return keys;\n} //end of desCreateKeys\n\n\nfunction desAddPadding(message, padding) {\n const padLength = 8 - (message.length % 8);\n\n let pad;\n if (padding === 2 && (padLength < 8)) { //pad the message with spaces\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { //PKCS7 padding\n pad = padLength;\n } else if (!padding && (padLength < 8)) { //pad the message out with null bytes\n pad = 0;\n } else if (padLength === 8) {\n return message;\n } else {\n throw new Error('des: invalid padding');\n }\n\n const paddedMessage = new Uint8Array(message.length + padLength);\n for (let i = 0; i < message.length; i++) {\n paddedMessage[i] = message[i];\n }\n for (let j = 0; j < padLength; j++) {\n paddedMessage[message.length + j] = pad;\n }\n\n return paddedMessage;\n}\n\nfunction desRemovePadding(message, padding) {\n let padLength = null;\n let pad;\n if (padding === 2) { // space padded\n pad = ' '.charCodeAt(0);\n } else if (padding === 1) { // PKCS7\n padLength = message[message.length - 1];\n } else if (!padding) { // null padding\n pad = 0;\n } else {\n throw new Error('des: invalid padding');\n }\n\n if (!padLength) {\n padLength = 1;\n while (message[message.length - padLength] === pad) {\n padLength++;\n }\n padLength--;\n }\n\n return message.subarray(0, message.length - padLength);\n}\n\n// added by Recurity Labs\n\nexport function TripleDES(key) {\n this.key = [];\n\n for (let i = 0; i < 3; i++) {\n this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8)));\n }\n\n this.encrypt = function(block) {\n return des(\n desCreateKeys(this.key[2]),\n des(\n desCreateKeys(this.key[1]),\n des(\n desCreateKeys(this.key[0]),\n block, true, 0, null, null\n ),\n false, 0, null, null\n ), true, 0, null, null\n );\n };\n}\n\nTripleDES.keySize = TripleDES.prototype.keySize = 24;\nTripleDES.blockSize = TripleDES.prototype.blockSize = 8;\n\n// This is \"original\" DES\n\nexport function DES(key) {\n this.key = key;\n\n this.encrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, true, 0, null, padding);\n };\n\n this.decrypt = function(block, padding) {\n const keys = desCreateKeys(this.key);\n return des(keys, block, false, 0, null, padding);\n };\n}\n","// Use of this source code is governed by a BSD-style\n// license that can be found in the LICENSE file.\n\n// Copyright 2010 pjacobs@xeekr.com . All rights reserved.\n\n// Modified by Recurity Labs GmbH\n\n// fixed/modified by Herbert Hanewinkel, www.haneWIN.de\n// check www.haneWIN.de for the latest version\n\n// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144.\n// CAST-128 is a common OpenPGP cipher.\n\n\n// CAST5 constructor\n\nfunction OpenPGPSymEncCAST5() {\n this.BlockSize = 8;\n this.KeySize = 16;\n\n this.setKey = function(key) {\n this.masking = new Array(16);\n this.rotate = new Array(16);\n\n this.reset();\n\n if (key.length === this.KeySize) {\n this.keySchedule(key);\n } else {\n throw new Error('CAST-128: keys must be 16 bytes');\n }\n return true;\n };\n\n this.reset = function() {\n for (let i = 0; i < 16; i++) {\n this.masking[i] = 0;\n this.rotate[i] = 0;\n }\n };\n\n this.getBlockSize = function() {\n return this.BlockSize;\n };\n\n this.encrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >>> 16) & 255;\n dst[i + 6] = (l >>> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n\n this.decrypt = function(src) {\n const dst = new Array(src.length);\n\n for (let i = 0; i < src.length; i += 8) {\n let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3];\n let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7];\n let t;\n\n t = r;\n r = l ^ f1(r, this.masking[15], this.rotate[15]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[14], this.rotate[14]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[13], this.rotate[13]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[12], this.rotate[12]);\n l = t;\n\n t = r;\n r = l ^ f3(r, this.masking[11], this.rotate[11]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[10], this.rotate[10]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[9], this.rotate[9]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[8], this.rotate[8]);\n l = t;\n\n t = r;\n r = l ^ f2(r, this.masking[7], this.rotate[7]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[6], this.rotate[6]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[5], this.rotate[5]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[4], this.rotate[4]);\n l = t;\n\n t = r;\n r = l ^ f1(r, this.masking[3], this.rotate[3]);\n l = t;\n t = r;\n r = l ^ f3(r, this.masking[2], this.rotate[2]);\n l = t;\n t = r;\n r = l ^ f2(r, this.masking[1], this.rotate[1]);\n l = t;\n t = r;\n r = l ^ f1(r, this.masking[0], this.rotate[0]);\n l = t;\n\n dst[i] = (r >>> 24) & 255;\n dst[i + 1] = (r >>> 16) & 255;\n dst[i + 2] = (r >>> 8) & 255;\n dst[i + 3] = r & 255;\n dst[i + 4] = (l >>> 24) & 255;\n dst[i + 5] = (l >> 16) & 255;\n dst[i + 6] = (l >> 8) & 255;\n dst[i + 7] = l & 255;\n }\n\n return dst;\n };\n const scheduleA = new Array(4);\n\n scheduleA[0] = new Array(4);\n scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8];\n scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n scheduleA[1] = new Array(4);\n scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n scheduleA[2] = new Array(4);\n scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8];\n scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa];\n scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9];\n scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb];\n\n\n scheduleA[3] = new Array(4);\n scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0];\n scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2];\n scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1];\n scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3];\n\n const scheduleB = new Array(4);\n\n scheduleB[0] = new Array(4);\n scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2];\n scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6];\n scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9];\n scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc];\n\n scheduleB[1] = new Array(4);\n scheduleB[1][0] = [3, 2, 0xc, 0xd, 8];\n scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd];\n scheduleB[1][2] = [7, 6, 8, 9, 3];\n scheduleB[1][3] = [5, 4, 0xa, 0xb, 7];\n\n\n scheduleB[2] = new Array(4);\n scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9];\n scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc];\n scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2];\n scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6];\n\n\n scheduleB[3] = new Array(4);\n scheduleB[3][0] = [8, 9, 7, 6, 3];\n scheduleB[3][1] = [0xa, 0xb, 5, 4, 7];\n scheduleB[3][2] = [0xc, 0xd, 3, 2, 8];\n scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd];\n\n // changed 'in' to 'inn' (in javascript 'in' is a reserved word)\n this.keySchedule = function(inn) {\n const t = new Array(8);\n const k = new Array(32);\n\n let j;\n\n for (let i = 0; i < 4; i++) {\n j = i * 4;\n t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3];\n }\n\n const x = [6, 7, 4, 5];\n let ki = 0;\n let w;\n\n for (let half = 0; half < 2; half++) {\n for (let round = 0; round < 4; round++) {\n for (j = 0; j < 4; j++) {\n const a = scheduleA[round][j];\n w = t[a[1]];\n\n w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff];\n w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff];\n w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff];\n w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff];\n w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff];\n t[a[0]] = w;\n }\n\n for (j = 0; j < 4; j++) {\n const b = scheduleB[round][j];\n w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff];\n\n w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff];\n w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff];\n w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff];\n w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff];\n k[ki] = w;\n ki++;\n }\n }\n }\n\n for (let i = 0; i < 16; i++) {\n this.masking[i] = k[i];\n this.rotate[i] = k[16 + i] & 0x1f;\n }\n };\n\n // These are the three 'f' functions. See RFC 2144, section 2.2.\n\n function f1(d, m, r) {\n const t = m + d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255];\n }\n\n function f2(d, m, r) {\n const t = m ^ d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255];\n }\n\n function f3(d, m, r) {\n const t = m - d;\n const I = (t << r) | (t >>> (32 - r));\n return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255];\n }\n\n const sBox = new Array(8);\n sBox[0] = [\n 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,\n 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,\n 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,\n 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,\n 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,\n 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,\n 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,\n 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,\n 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,\n 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,\n 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,\n 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,\n 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,\n 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,\n 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,\n 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,\n 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,\n 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,\n 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,\n 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,\n 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,\n 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,\n 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,\n 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,\n 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,\n 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,\n 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,\n 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,\n 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,\n 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,\n 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,\n 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf\n ];\n\n sBox[1] = [\n 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,\n 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,\n 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,\n 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,\n 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,\n 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,\n 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,\n 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,\n 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,\n 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,\n 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,\n 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,\n 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,\n 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,\n 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,\n 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,\n 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,\n 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,\n 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,\n 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,\n 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,\n 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,\n 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,\n 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,\n 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,\n 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,\n 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,\n 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,\n 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,\n 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,\n 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,\n 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1\n ];\n\n sBox[2] = [\n 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,\n 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,\n 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,\n 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,\n 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,\n 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,\n 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,\n 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,\n 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,\n 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,\n 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,\n 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,\n 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,\n 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,\n 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,\n 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,\n 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,\n 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,\n 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,\n 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,\n 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,\n 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,\n 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,\n 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,\n 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,\n 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,\n 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,\n 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,\n 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,\n 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,\n 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,\n 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783\n ];\n\n sBox[3] = [\n 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,\n 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,\n 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,\n 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,\n 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,\n 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,\n 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,\n 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,\n 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,\n 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,\n 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,\n 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,\n 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,\n 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,\n 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,\n 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,\n 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,\n 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,\n 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,\n 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,\n 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,\n 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,\n 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,\n 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,\n 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,\n 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,\n 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,\n 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,\n 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,\n 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,\n 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,\n 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2\n ];\n\n sBox[4] = [\n 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,\n 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,\n 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,\n 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,\n 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,\n 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,\n 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,\n 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,\n 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,\n 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,\n 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,\n 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,\n 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,\n 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,\n 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,\n 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,\n 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,\n 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,\n 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,\n 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,\n 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,\n 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,\n 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,\n 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,\n 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,\n 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,\n 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,\n 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,\n 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,\n 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,\n 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,\n 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4\n ];\n\n sBox[5] = [\n 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,\n 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,\n 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,\n 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,\n 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,\n 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,\n 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,\n 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,\n 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,\n 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,\n 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,\n 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,\n 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,\n 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,\n 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,\n 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,\n 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,\n 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,\n 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,\n 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,\n 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,\n 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,\n 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,\n 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,\n 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,\n 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,\n 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,\n 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,\n 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,\n 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,\n 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,\n 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f\n ];\n\n sBox[6] = [\n 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,\n 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,\n 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,\n 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,\n 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,\n 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,\n 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,\n 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,\n 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,\n 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,\n 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,\n 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,\n 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,\n 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,\n 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,\n 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,\n 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,\n 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,\n 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,\n 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,\n 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,\n 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,\n 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,\n 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,\n 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,\n 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,\n 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,\n 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,\n 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,\n 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,\n 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,\n 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3\n ];\n\n sBox[7] = [\n 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,\n 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,\n 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,\n 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,\n 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,\n 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,\n 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,\n 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,\n 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,\n 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,\n 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,\n 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,\n 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,\n 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,\n 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,\n 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,\n 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,\n 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,\n 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,\n 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,\n 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,\n 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,\n 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,\n 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,\n 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,\n 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,\n 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,\n 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,\n 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,\n 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,\n 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,\n 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e\n ];\n}\n\nfunction CAST5(key) {\n this.cast5 = new OpenPGPSymEncCAST5();\n this.cast5.setKey(key);\n\n this.encrypt = function(block) {\n return this.cast5.encrypt(block);\n };\n}\n\nCAST5.blockSize = CAST5.prototype.blockSize = 8;\nCAST5.keySize = CAST5.prototype.keySize = 16;\n\nexport default CAST5;\n","/* eslint-disable no-mixed-operators, no-fallthrough */\n\n\n/* Modified by Recurity Labs GmbH\n *\n * Cipher.js\n * A block-cipher algorithm implementation on JavaScript\n * See Cipher.readme.txt for further information.\n *\n * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ]\n * This script file is distributed under the LGPL\n *\n * ACKNOWLEDGMENT\n *\n * The main subroutines are written by Michiel van Everdingen.\n *\n * Michiel van Everdingen\n * http://home.versatel.nl/MAvanEverdingen/index.html\n *\n * All rights for these routines are reserved to Michiel van Everdingen.\n *\n */\n\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n//Math\n////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nconst MAXINT = 0xFFFFFFFF;\n\nfunction rotw(w, n) {\n return (w << n | w >>> (32 - n)) & MAXINT;\n}\n\nfunction getW(a, i) {\n return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24;\n}\n\nfunction setW(a, i, w) {\n a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF);\n}\n\nfunction getB(x, n) {\n return (x >>> (n * 8)) & 0xFF;\n}\n\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n// Twofish\n// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nfunction createTwofish() {\n //\n let keyBytes = null;\n let dataBytes = null;\n let dataOffset = -1;\n // var dataLength = -1;\n // var idx2 = -1;\n //\n\n let tfsKey = [];\n let tfsM = [\n [],\n [],\n [],\n []\n ];\n\n function tfsInit(key) {\n keyBytes = key;\n let i;\n let a;\n let b;\n let c;\n let d;\n const meKey = [];\n const moKey = [];\n const inKey = [];\n let kLen;\n const sKey = [];\n let f01;\n let f5b;\n let fef;\n\n const q0 = [\n [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],\n [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]\n ];\n const q1 = [\n [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],\n [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]\n ];\n const q2 = [\n [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],\n [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]\n ];\n const q3 = [\n [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],\n [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]\n ];\n const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15];\n const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7];\n const q = [\n [],\n []\n ];\n const m = [\n [],\n [],\n [],\n []\n ];\n\n function ffm5b(x) {\n return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3];\n }\n\n function ffmEf(x) {\n return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3];\n }\n\n function mdsRem(p, q) {\n let i;\n let t;\n let u;\n for (i = 0; i < 8; i++) {\n t = q >>> 24;\n q = ((q << 8) & MAXINT) | p >>> 24;\n p = (p << 8) & MAXINT;\n u = t << 1;\n if (t & 128) {\n u ^= 333;\n }\n q ^= t ^ (u << 16);\n u ^= t >>> 1;\n if (t & 1) {\n u ^= 166;\n }\n q ^= u << 24 | u << 8;\n }\n return q;\n }\n\n function qp(n, x) {\n const a = x >> 4;\n const b = x & 15;\n const c = q0[n][a ^ b];\n const d = q1[n][ror4[b] ^ ashx[a]];\n return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d];\n }\n\n function hFun(x, key) {\n let a = getB(x, 0);\n let b = getB(x, 1);\n let c = getB(x, 2);\n let d = getB(x, 3);\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(key[3], 0);\n b = q[0][b] ^ getB(key[3], 1);\n c = q[0][c] ^ getB(key[3], 2);\n d = q[1][d] ^ getB(key[3], 3);\n case 3:\n a = q[1][a] ^ getB(key[2], 0);\n b = q[1][b] ^ getB(key[2], 1);\n c = q[0][c] ^ getB(key[2], 2);\n d = q[0][d] ^ getB(key[2], 3);\n case 2:\n a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0);\n b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1);\n c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2);\n d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3);\n }\n return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d];\n }\n\n keyBytes = keyBytes.slice(0, 32);\n i = keyBytes.length;\n while (i !== 16 && i !== 24 && i !== 32) {\n keyBytes[i++] = 0;\n }\n\n for (i = 0; i < keyBytes.length; i += 4) {\n inKey[i >> 2] = getW(keyBytes, i);\n }\n for (i = 0; i < 256; i++) {\n q[0][i] = qp(0, i);\n q[1][i] = qp(1, i);\n }\n for (i = 0; i < 256; i++) {\n f01 = q[1][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);\n m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);\n f01 = q[0][i];\n f5b = ffm5b(f01);\n fef = ffmEf(f01);\n m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);\n m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);\n }\n\n kLen = inKey.length / 2;\n for (i = 0; i < kLen; i++) {\n a = inKey[i + i];\n meKey[i] = a;\n b = inKey[i + i + 1];\n moKey[i] = b;\n sKey[kLen - i - 1] = mdsRem(a, b);\n }\n for (i = 0; i < 40; i += 2) {\n a = 0x1010101 * i;\n b = a + 0x1010101;\n a = hFun(a, meKey);\n b = rotw(hFun(b, moKey), 8);\n tfsKey[i] = (a + b) & MAXINT;\n tfsKey[i + 1] = rotw(a + 2 * b, 9);\n }\n for (i = 0; i < 256; i++) {\n a = b = c = d = i;\n switch (kLen) {\n case 4:\n a = q[1][a] ^ getB(sKey[3], 0);\n b = q[0][b] ^ getB(sKey[3], 1);\n c = q[0][c] ^ getB(sKey[3], 2);\n d = q[1][d] ^ getB(sKey[3], 3);\n case 3:\n a = q[1][a] ^ getB(sKey[2], 0);\n b = q[1][b] ^ getB(sKey[2], 1);\n c = q[0][c] ^ getB(sKey[2], 2);\n d = q[0][d] ^ getB(sKey[2], 3);\n case 2:\n tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)];\n tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)];\n tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)];\n tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)];\n }\n }\n }\n\n function tfsG0(x) {\n return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)];\n }\n\n function tfsG1(x) {\n return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)];\n }\n\n function tfsFrnd(r, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31);\n blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT;\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31);\n blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT;\n }\n\n function tfsIrnd(i, blk) {\n let a = tfsG0(blk[0]);\n let b = tfsG1(blk[1]);\n blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT;\n blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31);\n a = tfsG0(blk[2]);\n b = tfsG1(blk[3]);\n blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT;\n blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31);\n }\n\n function tfsClose() {\n tfsKey = [];\n tfsM = [\n [],\n [],\n [],\n []\n ];\n }\n\n function tfsEncrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[1],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[2],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[3]];\n for (let j = 0; j < 8; j++) {\n tfsFrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]);\n dataOffset += 16;\n return dataBytes;\n }\n\n function tfsDecrypt(data, offset) {\n dataBytes = data;\n dataOffset = offset;\n const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4],\n getW(dataBytes, dataOffset + 4) ^ tfsKey[5],\n getW(dataBytes, dataOffset + 8) ^ tfsKey[6],\n getW(dataBytes, dataOffset + 12) ^ tfsKey[7]];\n for (let j = 7; j >= 0; j--) {\n tfsIrnd(j, blk);\n }\n setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]);\n setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]);\n setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]);\n setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]);\n dataOffset += 16;\n }\n\n // added by Recurity Labs\n\n function tfsFinal() {\n return dataBytes;\n }\n\n return {\n name: 'twofish',\n blocksize: 128 / 8,\n open: tfsInit,\n close: tfsClose,\n encrypt: tfsEncrypt,\n decrypt: tfsDecrypt,\n // added by Recurity Labs\n finalize: tfsFinal\n };\n}\n\n// added by Recurity Labs\n\nfunction TF(key) {\n this.tf = createTwofish();\n this.tf.open(Array.from(key), 0);\n\n this.encrypt = function(block) {\n return this.tf.encrypt(Array.from(block), 0);\n };\n}\n\nTF.keySize = TF.prototype.keySize = 32;\nTF.blockSize = TF.prototype.blockSize = 16;\n\nexport default TF;\n","/* Modified by Recurity Labs GmbH\n *\n * Originally written by nklein software (nklein.com)\n */\n\n/*\n * Javascript implementation based on Bruce Schneier's reference implementation.\n *\n *\n * The constructor doesn't do much of anything. It's just here\n * so we can start defining properties and methods and such.\n */\nfunction Blowfish() {}\n\n/*\n * Declare the block size so that protocols know what size\n * Initialization Vector (IV) they will need.\n */\nBlowfish.prototype.BLOCKSIZE = 8;\n\n/*\n * These are the default SBOXES.\n */\nBlowfish.prototype.SBOXES = [\n [\n 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,\n 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,\n 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,\n 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,\n 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,\n 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,\n 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,\n 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,\n 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,\n 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,\n 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,\n 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,\n 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,\n 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,\n 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,\n 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,\n 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,\n 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,\n 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,\n 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,\n 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,\n 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,\n 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,\n 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,\n 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,\n 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,\n 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,\n 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,\n 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,\n 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,\n 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,\n 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,\n 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,\n 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,\n 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,\n 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,\n 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,\n 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,\n 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,\n 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,\n 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,\n 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,\n 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a\n ],\n [\n 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,\n 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,\n 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,\n 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,\n 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,\n 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,\n 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,\n 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,\n 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,\n 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,\n 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,\n 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,\n 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,\n 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,\n 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,\n 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,\n 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,\n 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,\n 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,\n 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,\n 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,\n 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,\n 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,\n 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,\n 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,\n 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,\n 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,\n 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,\n 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,\n 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,\n 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,\n 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,\n 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,\n 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,\n 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,\n 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,\n 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,\n 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,\n 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,\n 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,\n 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,\n 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,\n 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7\n ],\n [\n 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,\n 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,\n 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,\n 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,\n 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,\n 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,\n 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,\n 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,\n 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,\n 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,\n 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,\n 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,\n 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,\n 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,\n 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,\n 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,\n 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,\n 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,\n 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,\n 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,\n 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,\n 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,\n 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,\n 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,\n 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,\n 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,\n 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,\n 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,\n 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,\n 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,\n 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,\n 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,\n 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,\n 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,\n 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,\n 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,\n 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,\n 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,\n 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,\n 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,\n 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,\n 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,\n 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0\n ],\n [\n 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,\n 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,\n 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,\n 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,\n 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,\n 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,\n 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,\n 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,\n 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,\n 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,\n 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,\n 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,\n 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,\n 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,\n 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,\n 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,\n 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,\n 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,\n 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,\n 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,\n 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,\n 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,\n 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,\n 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,\n 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,\n 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,\n 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,\n 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,\n 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,\n 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,\n 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,\n 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,\n 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,\n 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,\n 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,\n 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,\n 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,\n 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,\n 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,\n 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,\n 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,\n 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,\n 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6\n ]\n];\n\n//*\n//* This is the default PARRAY\n//*\nBlowfish.prototype.PARRAY = [\n 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,\n 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,\n 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b\n];\n\n//*\n//* This is the number of rounds the cipher will go\n//*\nBlowfish.prototype.NN = 16;\n\n//*\n//* This function is needed to get rid of problems\n//* with the high-bit getting set. If we don't do\n//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not\n//* equal to ( bb & 0x00FFFFFFFF ) even when they\n//* agree bit-for-bit for the first 32 bits.\n//*\nBlowfish.prototype._clean = function(xx) {\n if (xx < 0) {\n const yy = xx & 0x7FFFFFFF;\n xx = yy + 0x80000000;\n }\n return xx;\n};\n\n//*\n//* This is the mixing function that uses the sboxes\n//*\nBlowfish.prototype._F = function(xx) {\n let yy;\n\n const dd = xx & 0x00FF;\n xx >>>= 8;\n const cc = xx & 0x00FF;\n xx >>>= 8;\n const bb = xx & 0x00FF;\n xx >>>= 8;\n const aa = xx & 0x00FF;\n\n yy = this.sboxes[0][aa] + this.sboxes[1][bb];\n yy ^= this.sboxes[2][cc];\n yy += this.sboxes[3][dd];\n\n return yy;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and does NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._encryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = 0; ii < this.NN; ++ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[this.NN + 0];\n dataR ^= this.parray[this.NN + 1];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a vector of numbers and turns them\n//* into long words so that they can be processed by the\n//* real algorithm.\n//*\n//* Maybe I should make the real algorithm above take a vector\n//* instead. That will involve more looping, but it won't require\n//* the F() method to deconstruct the vector.\n//*\nBlowfish.prototype.encryptBlock = function(vector) {\n let ii;\n const vals = [0, 0];\n const off = this.BLOCKSIZE / 2;\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF);\n vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF);\n }\n\n this._encryptBlock(vals);\n\n const ret = [];\n for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) {\n ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF);\n ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF);\n // vals[ 0 ] = ( vals[ 0 ] >>> 8 );\n // vals[ 1 ] = ( vals[ 1 ] >>> 8 );\n }\n\n return ret;\n};\n\n//*\n//* This method takes an array with two values, left and right\n//* and undoes NN rounds of Blowfish on them.\n//*\nBlowfish.prototype._decryptBlock = function(vals) {\n let dataL = vals[0];\n let dataR = vals[1];\n\n let ii;\n\n for (ii = this.NN + 1; ii > 1; --ii) {\n dataL ^= this.parray[ii];\n dataR = this._F(dataL) ^ dataR;\n\n const tmp = dataL;\n dataL = dataR;\n dataR = tmp;\n }\n\n dataL ^= this.parray[1];\n dataR ^= this.parray[0];\n\n vals[0] = this._clean(dataR);\n vals[1] = this._clean(dataL);\n};\n\n//*\n//* This method takes a key array and initializes the\n//* sboxes and parray for this encryption.\n//*\nBlowfish.prototype.init = function(key) {\n let ii;\n let jj = 0;\n\n this.parray = [];\n for (ii = 0; ii < this.NN + 2; ++ii) {\n let data = 0x00000000;\n for (let kk = 0; kk < 4; ++kk) {\n data = (data << 8) | (key[jj] & 0x00FF);\n if (++jj >= key.length) {\n jj = 0;\n }\n }\n this.parray[ii] = this.PARRAY[ii] ^ data;\n }\n\n this.sboxes = [];\n for (ii = 0; ii < 4; ++ii) {\n this.sboxes[ii] = [];\n for (jj = 0; jj < 256; ++jj) {\n this.sboxes[ii][jj] = this.SBOXES[ii][jj];\n }\n }\n\n const vals = [0x00000000, 0x00000000];\n\n for (ii = 0; ii < this.NN + 2; ii += 2) {\n this._encryptBlock(vals);\n this.parray[ii + 0] = vals[0];\n this.parray[ii + 1] = vals[1];\n }\n\n for (ii = 0; ii < 4; ++ii) {\n for (jj = 0; jj < 256; jj += 2) {\n this._encryptBlock(vals);\n this.sboxes[ii][jj + 0] = vals[0];\n this.sboxes[ii][jj + 1] = vals[1];\n }\n }\n};\n\n// added by Recurity Labs\nfunction BF(key) {\n this.bf = new Blowfish();\n this.bf.init(key);\n\n this.encrypt = function(block) {\n return this.bf.encryptBlock(block);\n };\n}\n\nBF.keySize = BF.prototype.keySize = 16;\nBF.blockSize = BF.prototype.blockSize = 8;\n\nexport default BF;\n","/**\n * This file is needed to dynamic import the legacy ciphers.\n * Separate dynamic imports are not convenient as they result in multiple chunks.\n */\n\nimport { TripleDES } from './des';\nimport CAST5 from './cast5';\nimport TwoFish from './twofish';\nimport BlowFish from './blowfish';\nimport enums from '../../enums';\n\nexport const legacyCiphers = new Map([\n [enums.symmetric.tripledes, TripleDES],\n [enums.symmetric.cast5, CAST5],\n [enums.symmetric.blowfish, BlowFish],\n [enums.symmetric.twofish, TwoFish]\n]);\n","import { HashMD, Chi, Maj } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms.\n// Initial state\nconst SHA1_IV = /* @__PURE__ */ new Uint32Array([\n 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,\n]);\n// Temporary buffer, not used to store anything between runs\n// Named this way because it matches specification.\nconst SHA1_W = /* @__PURE__ */ new Uint32Array(80);\nexport class SHA1 extends HashMD {\n constructor() {\n super(64, 20, 8, false);\n this.A = SHA1_IV[0] | 0;\n this.B = SHA1_IV[1] | 0;\n this.C = SHA1_IV[2] | 0;\n this.D = SHA1_IV[3] | 0;\n this.E = SHA1_IV[4] | 0;\n }\n get() {\n const { A, B, C, D, E } = this;\n return [A, B, C, D, E];\n }\n set(A, B, C, D, E) {\n this.A = A | 0;\n this.B = B | 0;\n this.C = C | 0;\n this.D = D | 0;\n this.E = E | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n SHA1_W[i] = view.getUint32(offset, false);\n for (let i = 16; i < 80; i++)\n SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);\n // Compression function main loop, 80 rounds\n let { A, B, C, D, E } = this;\n for (let i = 0; i < 80; i++) {\n let F, K;\n if (i < 20) {\n F = Chi(B, C, D);\n K = 0x5a827999;\n }\n else if (i < 40) {\n F = B ^ C ^ D;\n K = 0x6ed9eba1;\n }\n else if (i < 60) {\n F = Maj(B, C, D);\n K = 0x8f1bbcdc;\n }\n else {\n F = B ^ C ^ D;\n K = 0xca62c1d6;\n }\n const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0;\n E = D;\n D = C;\n C = rotl(B, 30);\n B = A;\n A = T;\n }\n // Add the compressed chunk to the current hash value\n A = (A + this.A) | 0;\n B = (B + this.B) | 0;\n C = (C + this.C) | 0;\n D = (D + this.D) | 0;\n E = (E + this.E) | 0;\n this.set(A, B, C, D, E);\n }\n roundClean() {\n SHA1_W.fill(0);\n }\n destroy() {\n this.set(0, 0, 0, 0, 0);\n this.buffer.fill(0);\n }\n}\n/**\n * SHA1 (RFC 3174) hash function.\n * It was cryptographically broken: prefer newer algorithms.\n * @param message - data that would be hashed\n */\nexport const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1());\n//# sourceMappingURL=sha1.js.map","import { HashMD } from './_md.js';\nimport { rotl, wrapConstructor } from './utils.js';\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html\n// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf\nconst Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);\nconst Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));\nconst Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16);\nlet idxL = [Id];\nlet idxR = [Pi];\nfor (let i = 0; i < 4; i++)\n for (let j of [idxL, idxR])\n j.push(j[i].map((k) => Rho[k]));\nconst shifts = /* @__PURE__ */ [\n [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],\n [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],\n [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],\n [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],\n [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],\n].map((i) => new Uint8Array(i));\nconst shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j]));\nconst Kl = /* @__PURE__ */ new Uint32Array([\n 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e,\n]);\nconst Kr = /* @__PURE__ */ new Uint32Array([\n 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000,\n]);\n// It's called f() in spec.\nfunction f(group, x, y, z) {\n if (group === 0)\n return x ^ y ^ z;\n else if (group === 1)\n return (x & y) | (~x & z);\n else if (group === 2)\n return (x | ~y) ^ z;\n else if (group === 3)\n return (x & z) | (y & ~z);\n else\n return x ^ (y | ~z);\n}\n// Temporary buffer, not used to store anything between runs\nconst R_BUF = /* @__PURE__ */ new Uint32Array(16);\nexport class RIPEMD160 extends HashMD {\n constructor() {\n super(64, 20, 8, true);\n this.h0 = 0x67452301 | 0;\n this.h1 = 0xefcdab89 | 0;\n this.h2 = 0x98badcfe | 0;\n this.h3 = 0x10325476 | 0;\n this.h4 = 0xc3d2e1f0 | 0;\n }\n get() {\n const { h0, h1, h2, h3, h4 } = this;\n return [h0, h1, h2, h3, h4];\n }\n set(h0, h1, h2, h3, h4) {\n this.h0 = h0 | 0;\n this.h1 = h1 | 0;\n this.h2 = h2 | 0;\n this.h3 = h3 | 0;\n this.h4 = h4 | 0;\n }\n process(view, offset) {\n for (let i = 0; i < 16; i++, offset += 4)\n R_BUF[i] = view.getUint32(offset, true);\n // prettier-ignore\n let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;\n // Instead of iterating 0 to 80, we split it into 5 groups\n // And use the groups in constants, functions, etc. Much simpler\n for (let group = 0; group < 5; group++) {\n const rGroup = 4 - group;\n const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore\n const rl = idxL[group], rr = idxR[group]; // prettier-ignore\n const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore\n for (let i = 0; i < 16; i++) {\n const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0;\n al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore\n }\n // 2 loops are 10% faster\n for (let i = 0; i < 16; i++) {\n const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0;\n ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore\n }\n }\n // Add the compressed chunk to the current hash value\n this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);\n }\n roundClean() {\n R_BUF.fill(0);\n }\n destroy() {\n this.destroyed = true;\n this.buffer.fill(0);\n this.set(0, 0, 0, 0, 0);\n }\n}\n/**\n * RIPEMD-160 - a hash function from 1990s.\n * @param message - msg that would be hashed\n */\nexport const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160());\n//# sourceMappingURL=ripemd160.js.map","/**\n * This file is needed to dynamic import the noble-hashes.\n * Separate dynamic imports are not convenient as they result in too many chunks,\n * which share a lot of code anyway.\n */\n\nimport { sha1 } from '@noble/hashes/sha1';\nimport { sha224, sha256 } from '@noble/hashes/sha256';\nimport { sha384, sha512 } from '@noble/hashes/sha512';\nimport { sha3_256, sha3_512 } from '@noble/hashes/sha3';\nimport { ripemd160 } from '@noble/hashes/ripemd160';\n\nexport const nobleHashes = new Map(Object.entries({\n sha1,\n sha224,\n sha256,\n sha384,\n sha512,\n sha3_256,\n sha3_512,\n ripemd160\n}));\n","// Adapted from the reference implementation in RFC7693\n// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes\n\n// Uint64 values are represented using two Uint32s, stored as little endian\n// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays\n// need to be manually handled\n\n// 64-bit unsigned addition (little endian, in place)\n// Sets a[i,i+1] += b[j,j+1]\n// `a` and `b` must be Uint32Array(2)\nfunction ADD64 (a, i, b, j) {\n a[i] += b[j];\n a[i+1] += b[j+1] + (a[i] < b[j]); // add carry\n}\n\n// Increment 64-bit little-endian unsigned value by `c` (in place)\n// `a` must be Uint32Array(2)\nfunction INC64 (a, c) {\n a[0] += c;\n a[1] += (a[0] < c);\n}\n\n// G Mixing function\n// The ROTRs are inlined for speed\nfunction G (v, m, a, b, c, d, ix, iy) {\n ADD64(v, a, v, b) // v[a,a+1] += v[b,b+1]\n ADD64(v, a, m, ix) // v[a, a+1] += x ... x0\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits\n let xor0 = v[d] ^ v[a]\n let xor1 = v[d + 1] ^ v[a + 1]\n v[d] = xor1\n v[d + 1] = xor0\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor0 >>> 24) ^ (xor1 << 8)\n v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8)\n\n ADD64(v, a, v, b)\n ADD64(v, a, m, iy)\n\n // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits\n xor0 = v[d] ^ v[a]\n xor1 = v[d + 1] ^ v[a + 1]\n v[d] = (xor0 >>> 16) ^ (xor1 << 16)\n v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16)\n\n ADD64(v, c, v, d)\n\n // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits\n xor0 = v[b] ^ v[c]\n xor1 = v[b + 1] ^ v[c + 1]\n v[b] = (xor1 >>> 31) ^ (xor0 << 1)\n v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1)\n}\n\n// Initialization Vector\nconst BLAKE2B_IV32 = new Uint32Array([\n 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,\n 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,\n 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,\n 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19\n])\n\n// These are offsets into a Uint64 buffer.\n// Multiply them all by 2 to make them offsets into a Uint32 buffer\nconst SIGMA = new Uint8Array([\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,\n 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,\n 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,\n 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,\n 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,\n 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,\n 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,\n 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,\n 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3\n].map(x => x * 2))\n\n// Compression function. 'last' flag indicates last block.\n// Note: we're representing 16 uint64s as 32 uint32s\nfunction compress(S, last) {\n const v = new Uint32Array(32)\n const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32)\n\n // init work variables\n for (let i = 0; i < 16; i++) {\n v[i] = S.h[i]\n v[i + 16] = BLAKE2B_IV32[i]\n }\n\n // low 64 bits of offset\n v[24] ^= S.t0[0]\n v[25] ^= S.t0[1]\n // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1\n\n // if last block\n const f0 = last ? 0xFFFFFFFF : 0;\n v[28] ^= f0;\n v[29] ^= f0;\n\n // twelve rounds of mixing\n for (let i = 0; i < 12; i++) {\n // ROUND(r)\n const i16 = i << 4;\n G(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1])\n G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3])\n G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5])\n G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7])\n G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9])\n G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11])\n G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13])\n G(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15])\n }\n\n for (let i = 0; i < 16; i++) {\n S.h[i] ^= v[i] ^ v[i + 16]\n }\n}\n\n// Creates a BLAKE2b hashing context\n// Requires an output length between 1 and 64 bytes\n// Takes an optional Uint8Array key\nclass Blake2b {\n constructor(outlen, key, salt, personal) {\n const params = new Uint8Array(64)\n // 0: outlen, keylen, fanout, depth\n // 4: leaf length, sequential mode\n // 8: node offset\n // 12: node offset\n // 16: node depth, inner length, rfu\n // 20: rfu\n // 24: rfu\n // 28: rfu\n // 32: salt\n // 36: salt\n // 40: salt\n // 44: salt\n // 48: personal\n // 52: personal\n // 56: personal\n // 60: personal\n\n // init internal state\n this.S = {\n b: new Uint8Array(BLOCKBYTES),\n h: new Uint32Array(OUTBYTES_MAX / 4),\n t0: new Uint32Array(2), // input counter `t`, lower 64-bits only\n c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`\n outlen // output length in bytes\n }\n\n // init parameter block\n params[0] = outlen\n if (key) params[1] = key.length\n params[2] = 1 // fanout\n params[3] = 1 // depth\n if (salt) params.set(salt, 32)\n if (personal) params.set(personal, 48)\n const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);\n\n // initialize hash state\n for (let i = 0; i < 16; i++) {\n this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];\n }\n\n // key the hash, if applicable\n if (key) {\n const block = new Uint8Array(BLOCKBYTES)\n block.set(key)\n this.update(block)\n }\n }\n\n // Updates a BLAKE2b streaming hash\n // Requires Uint8Array (byte array)\n update(input) {\n if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')\n // for (let i = 0; i < input.length; i++) {\n // if (this.S.c === BLOCKBYTES) { // buffer full\n // INC64(this.S.t0, this.S.c) // add counters\n // compress(this.S, false)\n // this.S.c = 0 // empty buffer\n // }\n // this.S.b[this.S.c++] = input[i]\n // }\n let i = 0\n while(i < input.length) {\n if (this.S.c === BLOCKBYTES) { // buffer full\n INC64(this.S.t0, this.S.c) // add counters\n compress(this.S, false)\n this.S.c = 0 // empty buffer\n }\n let left = BLOCKBYTES - this.S.c\n this.S.b.set(input.subarray(i, i + left), this.S.c) // end index can be out of bounds\n const fill = Math.min(left, input.length - i)\n this.S.c += fill\n i += fill\n }\n return this\n }\n\n /**\n * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one\n * @param {Uint8Array} [prealloc] - optional preallocated buffer\n * @returns {ArrayBuffer} message digest\n */\n digest(prealloc) {\n INC64(this.S.t0, this.S.c) // mark last block offset\n\n // final block, padded\n this.S.b.fill(0, this.S.c);\n this.S.c = BLOCKBYTES;\n compress(this.S, true)\n\n const out = prealloc || new Uint8Array(this.S.outlen);\n for (let i = 0; i < this.S.outlen; i++) {\n // must be loaded individually since default Uint32 endianness is platform dependant\n out[i] = this.S.h[i >> 2] >> (8 * (i & 3))\n }\n this.S.h = null; // prevent calling `update` after `digest`\n return out.buffer;\n }\n}\n\n\nexport default function createHash(outlen, key, salt, personal) {\n if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)\n if (key) {\n if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')\n if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)\n }\n if (salt) {\n if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')\n if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)\n }\n if (personal) {\n if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')\n if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)\n }\n\n return new Blake2b(outlen, key, salt, personal)\n}\n\nconst OUTBYTES_MAX = 64;\nconst KEYBYTES_MAX = 64;\nconst SALTBYTES = 16;\nconst PERSONALBYTES = 16;\nconst BLOCKBYTES = 128;\n\n","import blake2b from \"./blake2b.js\"\nconst TYPE = 2; // Argon2id\nconst VERSION = 0x13;\nconst TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;\nconst SALTBYTES_MIN = 8;\nconst passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst passwordBYTES_MIN = 8;\nconst MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;\nconst ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)\nconst SECRETBYTES_MAX = 32; // key (optional)\n\nconst ARGON2_BLOCK_SIZE = 1024;\nconst ARGON2_PREHASH_DIGEST_LENGTH = 64;\n\nconst isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;\n\n// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])\nfunction LE32(buf, n, i) {\n buf[i+0] = n;\n buf[i+1] = n >> 8;\n buf[i+2] = n >> 16;\n buf[i+3] = n >> 24;\n return buf;\n}\n\n/**\n * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])\n * @param {Uint8Array} buf\n * @param {Number} n\n * @param {Number} i\n */\nfunction LE64(buf, n, i) {\n if (n > Number.MAX_SAFE_INTEGER) throw new Error(\"LE64: large numbers unsupported\");\n // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations\n // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)\n // so we manually extract each byte\n let remainder = n;\n for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER\n buf[offset] = remainder; // implicit & 0xff\n remainder = (remainder - buf[offset]) / 256;\n }\n return buf;\n}\n\n/**\n * Variable-Length Hash Function H'\n * @param {Number} outlen - T\n * @param {Uint8Array} X - value to hash\n * @param {Uint8Array} res - output buffer, of length `outlength` or larger\n */\nfunction H_(outlen, X, res) {\n const V = new Uint8Array(64); // no need to keep around all V_i\n\n const V1_in = new Uint8Array(4 + X.length);\n LE32(V1_in, outlen, 0);\n V1_in.set(X, 4);\n if (outlen <= 64) {\n // H'^T(A) = H^T(LE32(T)||A)\n blake2b(outlen).update(V1_in).digest(res);\n return res\n }\n\n const r = Math.ceil(outlen / 32) - 2;\n\n // Let V_i be a 64-byte block and W_i be its first 32 bytes.\n // V_1 = H^(64)(LE32(T)||A)\n // V_2 = H^(64)(V_1)\n // ...\n // V_r = H^(64)(V_{r-1})\n // V_{r+1} = H^(T-32*r)(V_{r})\n // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}\n for (let i = 0; i < r; i++) {\n blake2b(64).update(i === 0 ? V1_in : V).digest(V);\n // store W_i in result buffer already\n res.set(V.subarray(0, 32), i*32)\n }\n // V_{r+1}\n const V_r1 = new Uint8Array(blake2b(outlen - 32*r).update(V).digest());\n res.set(V_r1, r*32);\n\n return res;\n}\n\n// compute buf = xs ^ ys\nfunction XOR(wasmContext, buf, xs, ys) {\n wasmContext.fn.XOR(\n buf.byteOffset,\n xs.byteOffset,\n ys.byteOffset,\n );\n return buf\n}\n\n/**\n * @param {Uint8Array} X (read-only)\n * @param {Uint8Array} Y (read-only)\n * @param {Uint8Array} R - output buffer\n * @returns\n */\nfunction G(wasmContext, X, Y, R) {\n wasmContext.fn.G(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\nfunction G2(wasmContext, X, Y, R) {\n wasmContext.fn.G2(\n X.byteOffset,\n Y.byteOffset,\n R.byteOffset,\n wasmContext.refs.gZ.byteOffset\n );\n return R;\n}\n\n// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.\nfunction* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {\n // For each segment, we do the following. First, we compute the value Z as:\n // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )\n wasmContext.refs.prngTmp.fill(0);\n const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);\n LE64(Z, pass, 0);\n LE64(Z, lane, 8);\n LE64(Z, slice, 16);\n LE64(Z, m_, 24);\n LE64(Z, totalPasses, 32);\n LE64(Z, TYPE, 40);\n\n // Then we compute q/(128*SL) 1024-byte values\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),\n // ...,\n // G( ZERO(1024),\n // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),\n for(let i = 1; i <= segmentLength; i++) {\n // tmp.set(Z); // no need to re-copy\n LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed\n const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );\n\n // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2\n // NB: the first generated pair must be used for the first block of the segment, and so on.\n // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.\n for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {\n yield g2.subarray(k, k+8);\n }\n }\n return [];\n}\n\nfunction validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {\n const assertLength = (name, value, min, max) => {\n if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }\n }\n\n if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version');\n assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);\n assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);\n assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);\n assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);\n // optional fields\n ad && assertLength('associated data', ad, 0, ADBYTES_MAX);\n secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);\n\n return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };\n}\n\nconst KB = 1024;\nconst WASM_PAGE_SIZE = 64 * KB;\n\nexport default function argon2id(params, { memory, instance: wasmInstance }) {\n if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system\n\n const ctx = validateParams({ type: TYPE, version: VERSION, ...params });\n\n const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;\n const wasmRefs = {};\n const wasmFn = {};\n wasmFn.G = wasmG;\n wasmFn.G2 = wasmG2;\n wasmFn.XOR = wasmXOR;\n\n // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.\n const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));\n const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references\n if (memory.buffer.byteLength < requiredMemory) {\n const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE)\n // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.\n // Otherwise, the operation fails, and the original memory can still be used.\n memory.grow(missing)\n }\n\n let offset = 0;\n // Init wasm memory needed in other functions\n wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;\n wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;\n wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;\n wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;\n // Init wasm memory needed locally\n const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;\n const wasmContext = { fn: wasmFn, refs: wasmRefs };\n const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;\n const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);\n const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);\n\n // 1. Establish H_0\n const H0 = getH0(ctx);\n\n // 2. Allocate the memory as m' 1024-byte blocks\n // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.\n const q = m_ / ctx.lanes;\n const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));\n const initBlock = (i, j) => {\n B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);\n return B[i][j];\n }\n\n for (let i = 0; i < ctx.lanes; i++) {\n // const LEi = LE0; // since p = 1 for us\n const tmp = new Uint8Array(H0.length + 8);\n // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p\n // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))\n tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));\n // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p\n // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))\n LE32(tmp, 1, H0.length);\n H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));\n }\n\n // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2\n // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes\n // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.\n const SL = 4; // vertical slices\n const segmentLength = q / SL;\n for (let pass = 0; pass < ctx.passes; pass++) {\n // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel\n for (let sl = 0; sl < SL; sl++) {\n const isDataIndependent = pass === 0 && sl <= 1;\n for (let i = 0; i < ctx.lanes; i++) { // lane\n // On the first slice of the first pass, blocks 0 and 1 are already filled\n let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;\n // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)\n const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;\n for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {\n const j = sl * segmentLength + segmentOffset;\n const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]\n\n // we can assume the PRNG is never done\n const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength)\n const l = lz[0]; const z = lz[1];\n // for (let i = 0; i < p; i++ )\n // B[i][j] = G(B[i][j-1], B[l][z])\n // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.\n if (pass === 0) initBlock(i, j);\n G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);\n\n // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one\n if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j])\n }\n }\n }\n }\n\n // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:\n // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]\n const C = B[0][q-1];\n for(let i = 1; i < ctx.lanes; i++) {\n XOR(wasmContext, C, C, B[i][q-1])\n }\n\n const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));\n // clear memory since the module might be cached\n allocatedMemory.fill(0) // clear sensitive contents\n memory.grow(0) // allow deallocation\n // 8. The output tag is computed as H'^T(C).\n return tag;\n\n}\n\nfunction getH0(ctx) {\n const H = blake2b(ARGON2_PREHASH_DIGEST_LENGTH);\n const ZERO32 = new Uint8Array(4);\n const params = new Uint8Array(24);\n LE32(params, ctx.lanes, 0);\n LE32(params, ctx.tagLength, 4);\n LE32(params, ctx.memorySize, 8);\n LE32(params, ctx.passes, 12);\n LE32(params, ctx.version, 16);\n LE32(params, ctx.type, 20);\n\n const toHash = [params];\n if (ctx.password) {\n toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0))\n toHash.push(ctx.password)\n } else {\n toHash.push(ZERO32) // context.password.length\n }\n\n if (ctx.salt) {\n toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0))\n toHash.push(ctx.salt)\n } else {\n toHash.push(ZERO32) // context.salt.length\n }\n\n if (ctx.secret) {\n toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0))\n toHash.push(ctx.secret)\n // todo clear secret?\n } else {\n toHash.push(ZERO32) // context.secret.length\n }\n\n if (ctx.ad) {\n toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0))\n toHash.push(ctx.ad)\n } else {\n toHash.push(ZERO32) // context.ad.length\n }\n H.update(concatArrays(toHash))\n\n const outputBuffer = H.digest();\n return new Uint8Array(outputBuffer);\n}\n\nfunction concatArrays(arrays) {\n if (arrays.length === 1) return arrays[0];\n\n let totalLength = 0;\n for (let i = 0; i < arrays.length; i++) {\n if (!(arrays[i] instanceof Uint8Array)) {\n throw new Error('concatArrays: Data must be in the form of a Uint8Array');\n }\n\n totalLength += arrays[i].length;\n }\n\n const result = new Uint8Array(totalLength);\n let pos = 0;\n arrays.forEach((element) => {\n result.set(element, pos);\n pos += element.length;\n });\n\n return result;\n}\n","import argon2id from \"./argon2id.js\";\n\nlet isSIMDSupported;\nasync function wasmLoader(memory, getSIMD, getNonSIMD) {\n const importObject = { env: { memory } };\n if (isSIMDSupported === undefined) {\n try {\n const loaded = await getSIMD(importObject);\n isSIMDSupported = true;\n return loaded;\n } catch(e) {\n isSIMDSupported = false;\n }\n }\n\n const loader = isSIMDSupported ? getSIMD : getNonSIMD;\n return loader(importObject);\n}\n\nexport default async function setupWasm(getSIMD, getNonSIMD) {\n const memory = new WebAssembly.Memory({\n // in pages of 64KiB each\n // these values need to be compatible with those declared when building in `build-wasm`\n initial: 1040, // 65MB\n maximum: 65536, // 4GB\n });\n const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);\n\n /**\n * Argon2id hash function\n * @callback computeHash\n * @param {Object} params\n * @param {Uint8Array} params.password - password\n * @param {Uint8Array} params.salt - salt\n * @param {Integer} params.parallelism\n * @param {Integer} params.passes\n * @param {Integer} params.memorySize - in kibibytes\n * @param {Integer} params.tagLength - output tag length\n * @param {Uint8Array} [params.ad] - associated data (optional)\n * @param {Uint8Array} [params.secret] - secret data (optional)\n * @return {Uint8Array} argon2id hash\n */\n const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });\n\n return computeHash;\n}\n","import setupWasm from './lib/setup.js';\nimport wasmSIMD from './dist/simd.wasm';\nimport wasmNonSIMD from './dist/no-simd.wasm';\n\nconst loadWasm = async () => setupWasm(\n (instanceObject) => wasmSIMD(instanceObject),\n (instanceObject) => wasmNonSIMD(instanceObject),\n);\n\nexport default loadWasm;\n","/*\nnode-bzip - a pure-javascript Node.JS module for decoding bzip2 data\n\nCopyright (C) 2012 Eli Skeggs\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF];\n\n// offset in bytes\nvar BitReader = function(stream) {\n this.stream = stream;\n this.bitOffset = 0;\n this.curByte = 0;\n this.hasByte = false;\n};\n\nBitReader.prototype._ensureByte = function() {\n if (!this.hasByte) {\n this.curByte = this.stream.readByte();\n this.hasByte = true;\n }\n};\n\n// reads bits from the buffer\nBitReader.prototype.read = function(bits) {\n var result = 0;\n while (bits > 0) {\n this._ensureByte();\n var remaining = 8 - this.bitOffset;\n // if we're in a byte\n if (bits >= remaining) {\n result <<= remaining;\n result |= BITMASK[remaining] & this.curByte;\n this.hasByte = false;\n this.bitOffset = 0;\n bits -= remaining;\n } else {\n result <<= bits;\n var shift = remaining - bits;\n result |= (this.curByte & (BITMASK[bits] << shift)) >> shift;\n this.bitOffset += bits;\n bits = 0;\n }\n }\n return result;\n};\n\n// seek to an arbitrary point in the buffer (expressed in bits)\nBitReader.prototype.seek = function(pos) {\n var n_bit = pos % 8;\n var n_byte = (pos - n_bit) / 8;\n this.bitOffset = n_bit;\n this.stream.seek(n_byte);\n this.hasByte = false;\n};\n\n// reads 6 bytes worth of data using the read method\nBitReader.prototype.pi = function() {\n var buf = new Uint8Array(6), i;\n for (i = 0; i < buf.length; i++) {\n buf[i] = this.read(8);\n }\n return bufToHex(buf);\n};\n\nfunction bufToHex(buf) {\n return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join('');\n}\n\nmodule.exports = BitReader;\n","/* very simple input/output stream interface */\nvar Stream = function() {\n};\n\n// input streams //////////////\n/** Returns the next byte, or -1 for EOF. */\nStream.prototype.readByte = function() {\n throw new Error(\"abstract method readByte() not implemented\");\n};\n/** Attempts to fill the buffer; returns number of bytes read, or\n * -1 for EOF. */\nStream.prototype.read = function(buffer, bufOffset, length) {\n var bytesRead = 0;\n while (bytesRead < length) {\n var c = this.readByte();\n if (c < 0) { // EOF\n return (bytesRead===0) ? -1 : bytesRead;\n }\n buffer[bufOffset++] = c;\n bytesRead++;\n }\n return bytesRead;\n};\nStream.prototype.seek = function(new_pos) {\n throw new Error(\"abstract method seek() not implemented\");\n};\n\n// output streams ///////////\nStream.prototype.writeByte = function(_byte) {\n throw new Error(\"abstract method readByte() not implemented\");\n};\nStream.prototype.write = function(buffer, bufOffset, length) {\n var i;\n for (i=0; i>> 0; // return an unsigned value\n };\n\n /**\n * Update the CRC with a single byte\n * @param value The value to update the CRC with\n */\n this.updateCRC = function(value) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n };\n\n /**\n * Update the CRC with a sequence of identical bytes\n * @param value The value to update the CRC with\n * @param count The number of bytes\n */\n this.updateCRCRun = function(value, count) {\n while (count-- > 0) {\n crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff];\n }\n };\n };\n return CRC32;\n})();\n","/*\nseek-bzip - a pure-javascript module for seeking within bzip2 data\n\nCopyright (C) 2013 C. Scott Ananian\nCopyright (C) 2012 Eli Skeggs\nCopyright (C) 2011 Kevin Kwok\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, see\nhttp://www.gnu.org/licenses/lgpl-2.1.html\n\nAdapted from node-bzip, copyright 2012 Eli Skeggs.\nAdapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com).\n\nBased on micro-bunzip by Rob Landley (rob@landley.net).\n\nBased on bzip2 decompression code by Julian R Seward (jseward@acm.org),\nwhich also acknowledges contributions by Mike Burrows, David Wheeler,\nPeter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,\nRobert Sedgewick, and Jon L. Bentley.\n*/\n\nvar BitReader = require('./bitreader');\nvar Stream = require('./stream');\nvar CRC32 = require('./crc32');\n\nvar MAX_HUFCODE_BITS = 20;\nvar MAX_SYMBOLS = 258;\nvar SYMBOL_RUNA = 0;\nvar SYMBOL_RUNB = 1;\nvar MIN_GROUPS = 2;\nvar MAX_GROUPS = 6;\nvar GROUP_SIZE = 50;\n\nvar WHOLEPI = \"314159265359\";\nvar SQRTPI = \"177245385090\";\n\nvar mtf = function(array, index) {\n var src = array[index], i;\n for (i = index; i > 0; i--) {\n array[i] = array[i-1];\n }\n array[0] = src;\n return src;\n};\n\nvar Err = {\n OK: 0,\n LAST_BLOCK: -1,\n NOT_BZIP_DATA: -2,\n UNEXPECTED_INPUT_EOF: -3,\n UNEXPECTED_OUTPUT_EOF: -4,\n DATA_ERROR: -5,\n OUT_OF_MEMORY: -6,\n OBSOLETE_INPUT: -7,\n END_OF_BLOCK: -8\n};\nvar ErrorMessages = {};\nErrorMessages[Err.LAST_BLOCK] = \"Bad file checksum\";\nErrorMessages[Err.NOT_BZIP_DATA] = \"Not bzip data\";\nErrorMessages[Err.UNEXPECTED_INPUT_EOF] = \"Unexpected input EOF\";\nErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = \"Unexpected output EOF\";\nErrorMessages[Err.DATA_ERROR] = \"Data error\";\nErrorMessages[Err.OUT_OF_MEMORY] = \"Out of memory\";\nErrorMessages[Err.OBSOLETE_INPUT] = \"Obsolete (pre 0.9.5) bzip format not supported.\";\n\nvar _throw = function(status, optDetail) {\n var msg = ErrorMessages[status] || 'unknown error';\n if (optDetail) { msg += ': '+optDetail; }\n var e = new TypeError(msg);\n e.errorCode = status;\n throw e;\n};\n\nvar Bunzip = function(inputStream, outputStream) {\n this.writePos = this.writeCurrent = this.writeCount = 0;\n\n this._start_bunzip(inputStream, outputStream);\n};\nBunzip.prototype._init_block = function() {\n var moreBlocks = this._get_next_block();\n if ( !moreBlocks ) {\n this.writeCount = -1;\n return false; /* no more blocks */\n }\n this.blockCRC = new CRC32();\n return true;\n};\n/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */\nBunzip.prototype._start_bunzip = function(inputStream, outputStream) {\n /* Ensure that file starts with \"BZh['1'-'9'].\" */\n var buf = new Uint8Array(4);\n if (inputStream.read(buf, 0, 4) !== 4 ||\n String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh')\n _throw(Err.NOT_BZIP_DATA, 'bad magic');\n\n var level = buf[3] - 0x30;\n if (level < 1 || level > 9)\n _throw(Err.NOT_BZIP_DATA, 'level out of range');\n\n this.reader = new BitReader(inputStream);\n\n /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of\n uncompressed data. Allocate intermediate buffer for block. */\n this.dbufSize = 100000 * level;\n this.nextoutput = 0;\n this.outputStream = outputStream;\n this.streamCRC = 0;\n};\nBunzip.prototype._get_next_block = function() {\n var i, j, k;\n var reader = this.reader;\n // this is get_next_block() function from micro-bunzip:\n /* Read in header signature and CRC, then validate signature.\n (last block signature means CRC is for whole file, return now) */\n var h = reader.pi();\n if (h === SQRTPI) { // last block\n return false; /* no more blocks */\n }\n if (h !== WHOLEPI)\n _throw(Err.NOT_BZIP_DATA);\n this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned)\n this.streamCRC = (this.targetBlockCRC ^\n ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0;\n /* We can add support for blockRandomised if anybody complains. There was\n some code for this in busybox 1.0.0-pre3, but nobody ever noticed that\n it didn't actually work. */\n if (reader.read(1))\n _throw(Err.OBSOLETE_INPUT);\n var origPointer = reader.read(24);\n if (origPointer > this.dbufSize)\n _throw(Err.DATA_ERROR, 'initial position out of bounds');\n /* mapping table: if some byte values are never used (encoding things\n like ascii text), the compression code removes the gaps to have fewer\n symbols to deal with, and writes a sparse bitfield indicating which\n values were present. We make a translation table to convert the symbols\n back to the corresponding bytes. */\n var t = reader.read(16);\n var symToByte = new Uint8Array(256), symTotal = 0;\n for (i = 0; i < 16; i++) {\n if (t & (1 << (0xF - i))) {\n var o = i * 16;\n k = reader.read(16);\n for (j = 0; j < 16; j++)\n if (k & (1 << (0xF - j)))\n symToByte[symTotal++] = o + j;\n }\n }\n\n /* How many different huffman coding groups does this block use? */\n var groupCount = reader.read(3);\n if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS)\n _throw(Err.DATA_ERROR);\n /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding\n group. Read in the group selector list, which is stored as MTF encoded\n bit runs. (MTF=Move To Front, as each value is used it's moved to the\n start of the list.) */\n var nSelectors = reader.read(15);\n if (nSelectors === 0)\n _throw(Err.DATA_ERROR);\n\n var mtfSymbol = new Uint8Array(256);\n for (i = 0; i < groupCount; i++)\n mtfSymbol[i] = i;\n\n var selectors = new Uint8Array(nSelectors); // was 32768...\n\n for (i = 0; i < nSelectors; i++) {\n /* Get next value */\n for (j = 0; reader.read(1); j++)\n if (j >= groupCount) _throw(Err.DATA_ERROR);\n /* Decode MTF to get the next selector */\n selectors[i] = mtf(mtfSymbol, j);\n }\n\n /* Read the huffman coding tables for each group, which code for symTotal\n literal symbols, plus two run symbols (RUNA, RUNB) */\n var symCount = symTotal + 2;\n var groups = [], hufGroup;\n for (j = 0; j < groupCount; j++) {\n var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1);\n /* Read huffman code lengths for each symbol. They're stored in\n a way similar to mtf; record a starting value for the first symbol,\n and an offset from the previous value for everys symbol after that. */\n t = reader.read(5); // lengths\n for (i = 0; i < symCount; i++) {\n for (;;) {\n if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR);\n /* If first bit is 0, stop. Else second bit indicates whether\n to increment or decrement the value. */\n if(!reader.read(1))\n break;\n if(!reader.read(1))\n t++;\n else\n t--;\n }\n length[i] = t;\n }\n\n /* Find largest and smallest lengths in this group */\n var minLen, maxLen;\n minLen = maxLen = length[0];\n for (i = 1; i < symCount; i++) {\n if (length[i] > maxLen)\n maxLen = length[i];\n else if (length[i] < minLen)\n minLen = length[i];\n }\n\n /* Calculate permute[], base[], and limit[] tables from length[].\n *\n * permute[] is the lookup table for converting huffman coded symbols\n * into decoded symbols. base[] is the amount to subtract from the\n * value of a huffman symbol of a given length when using permute[].\n *\n * limit[] indicates the largest numerical value a symbol with a given\n * number of bits can have. This is how the huffman codes can vary in\n * length: each code with a value>limit[length] needs another bit.\n */\n hufGroup = {};\n groups.push(hufGroup);\n hufGroup.permute = new Uint16Array(MAX_SYMBOLS);\n hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2);\n hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1);\n hufGroup.minLen = minLen;\n hufGroup.maxLen = maxLen;\n /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */\n var pp = 0;\n for (i = minLen; i <= maxLen; i++) {\n temp[i] = hufGroup.limit[i] = 0;\n for (t = 0; t < symCount; t++)\n if (length[t] === i)\n hufGroup.permute[pp++] = t;\n }\n /* Count symbols coded for at each bit length */\n for (i = 0; i < symCount; i++)\n temp[length[i]]++;\n /* Calculate limit[] (the largest symbol-coding value at each bit\n * length, which is (previous limit<<1)+symbols at this level), and\n * base[] (number of symbols to ignore at each bit length, which is\n * limit minus the cumulative count of symbols coded for already). */\n pp = t = 0;\n for (i = minLen; i < maxLen; i++) {\n pp += temp[i];\n /* We read the largest possible symbol size and then unget bits\n after determining how many we need, and those extra bits could\n be set to anything. (They're noise from future symbols.) At\n each level we're really only interested in the first few bits,\n so here we set all the trailing to-be-ignored bits to 1 so they\n don't affect the value>limit[length] comparison. */\n hufGroup.limit[i] = pp - 1;\n pp <<= 1;\n t += temp[i];\n hufGroup.base[i + 1] = pp - t;\n }\n hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */\n hufGroup.limit[maxLen] = pp + temp[maxLen] - 1;\n hufGroup.base[minLen] = 0;\n }\n /* We've finished reading and digesting the block header. Now read this\n block's huffman coded symbols from the file and undo the huffman coding\n and run length encoding, saving the result into dbuf[dbufCount++]=uc */\n\n /* Initialize symbol occurrence counters and symbol Move To Front table */\n var byteCount = new Uint32Array(256);\n for (i = 0; i < 256; i++)\n mtfSymbol[i] = i;\n /* Loop through compressed symbols. */\n var runPos = 0, dbufCount = 0, selector = 0, uc;\n var dbuf = this.dbuf = new Uint32Array(this.dbufSize);\n symCount = 0;\n for (;;) {\n /* Determine which huffman coding group to use. */\n if (!(symCount--)) {\n symCount = GROUP_SIZE - 1;\n if (selector >= nSelectors) { _throw(Err.DATA_ERROR); }\n hufGroup = groups[selectors[selector++]];\n }\n /* Read next huffman-coded symbol. */\n i = hufGroup.minLen;\n j = reader.read(i);\n for (;;i++) {\n if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); }\n if (j <= hufGroup.limit[i])\n break;\n j = (j << 1) | reader.read(1);\n }\n /* Huffman decode value to get nextSym (with bounds checking) */\n j -= hufGroup.base[i];\n if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); }\n var nextSym = hufGroup.permute[j];\n /* We have now decoded the symbol, which indicates either a new literal\n byte, or a repeated run of the most recent literal byte. First,\n check if nextSym indicates a repeated run, and if so loop collecting\n how many times to repeat the last literal. */\n if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) {\n /* If this is the start of a new run, zero out counter */\n if (!runPos){\n runPos = 1;\n t = 0;\n }\n /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at\n each bit position, add 1 or 2 instead. For example,\n 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2.\n You can make any bit pattern that way using 1 less symbol than\n the basic or 0/1 method (except all bits 0, which would use no\n symbols, but a run of length 0 doesn't mean anything in this\n context). Thus space is saved. */\n if (nextSym === SYMBOL_RUNA)\n t += runPos;\n else\n t += 2 * runPos;\n runPos <<= 1;\n continue;\n }\n /* When we hit the first non-run symbol after a run, we now know\n how many times to repeat the last literal, so append that many\n copies to our buffer of decoded symbols (dbuf) now. (The last\n literal used is the one at the head of the mtfSymbol array.) */\n if (runPos){\n runPos = 0;\n if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); }\n uc = symToByte[mtfSymbol[0]];\n byteCount[uc] += t;\n while (t--)\n dbuf[dbufCount++] = uc;\n }\n /* Is this the terminating symbol? */\n if (nextSym > symTotal)\n break;\n /* At this point, nextSym indicates a new literal character. Subtract\n one to get the position in the MTF array at which this literal is\n currently to be found. (Note that the result can't be -1 or 0,\n because 0 and 1 are RUNA and RUNB. But another instance of the\n first symbol in the mtf array, position 0, would have been handled\n as part of a run above. Therefore 1 unused mtf position minus\n 2 non-literal nextSym values equals -1.) */\n if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); }\n i = nextSym - 1;\n uc = mtf(mtfSymbol, i);\n uc = symToByte[uc];\n /* We have our literal byte. Save it into dbuf. */\n byteCount[uc]++;\n dbuf[dbufCount++] = uc;\n }\n /* At this point, we've read all the huffman-coded symbols (and repeated\n runs) for this block from the input stream, and decoded them into the\n intermediate buffer. There are dbufCount many decoded bytes in dbuf[].\n Now undo the Burrows-Wheeler transform on dbuf.\n See http://dogma.net/markn/articles/bwt/bwt.htm\n */\n if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); }\n /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */\n j = 0;\n for (i = 0; i < 256; i++) {\n k = j + byteCount[i];\n byteCount[i] = j;\n j = k;\n }\n /* Figure out what order dbuf would be in if we sorted it. */\n for (i = 0; i < dbufCount; i++) {\n uc = dbuf[i] & 0xff;\n dbuf[byteCount[uc]] |= (i << 8);\n byteCount[uc]++;\n }\n /* Decode first byte by hand to initialize \"previous\" byte. Note that it\n doesn't get output, and if the first three characters are identical\n it doesn't qualify as a run (hence writeRunCountdown=5). */\n var pos = 0, current = 0, run = 0;\n if (dbufCount) {\n pos = dbuf[origPointer];\n current = (pos & 0xff);\n pos >>= 8;\n run = -1;\n }\n this.writePos = pos;\n this.writeCurrent = current;\n this.writeCount = dbufCount;\n this.writeRun = run;\n\n return true; /* more blocks to come */\n};\n/* Undo burrows-wheeler transform on intermediate buffer to produce output.\n If start_bunzip was initialized with out_fd=-1, then up to len bytes of\n data are written to outbuf. Return value is number of bytes written or\n error (all errors are negative numbers). If out_fd!=-1, outbuf and len\n are ignored, data is written to out_fd and return is RETVAL_OK or error.\n*/\nBunzip.prototype._read_bunzip = function(outputBuffer, len) {\n var copies, previous, outbyte;\n /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully\n decoded, which results in this returning RETVAL_LAST_BLOCK, also\n equal to -1... Confusing, I'm returning 0 here to indicate no\n bytes written into the buffer */\n if (this.writeCount < 0) { return 0; }\n\n var gotcount = 0;\n var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent;\n var dbufCount = this.writeCount, outputsize = this.outputsize;\n var run = this.writeRun;\n\n while (dbufCount) {\n dbufCount--;\n previous = current;\n pos = dbuf[pos];\n current = pos & 0xff;\n pos >>= 8;\n if (run++ === 3){\n copies = current;\n outbyte = previous;\n current = -1;\n } else {\n copies = 1;\n outbyte = current;\n }\n this.blockCRC.updateCRCRun(outbyte, copies);\n while (copies--) {\n this.outputStream.writeByte(outbyte);\n this.nextoutput++;\n }\n if (current != previous)\n run = 0;\n }\n this.writeCount = dbufCount;\n // check CRC\n if (this.blockCRC.getCRC() !== this.targetBlockCRC) {\n _throw(Err.DATA_ERROR, \"Bad block CRC \"+\n \"(got \"+this.blockCRC.getCRC().toString(16)+\n \" expected \"+this.targetBlockCRC.toString(16)+\")\");\n }\n return this.nextoutput;\n};\n\nvar coerceInputStream = function(input) {\n if ('readByte' in input) { return input; }\n var inputStream = new Stream();\n inputStream.pos = 0;\n inputStream.readByte = function() { return input[this.pos++]; };\n inputStream.seek = function(pos) { this.pos = pos; };\n inputStream.eof = function() { return this.pos >= input.length; };\n return inputStream;\n};\nvar coerceOutputStream = function(output) {\n var outputStream = new Stream();\n var resizeOk = true;\n if (output) {\n if (typeof(output)==='number') {\n outputStream.buffer = new Uint8Array(output);\n resizeOk = false;\n } else if ('writeByte' in output) {\n return output;\n } else {\n outputStream.buffer = output;\n resizeOk = false;\n }\n } else {\n outputStream.buffer = new Uint8Array(16384);\n }\n outputStream.pos = 0;\n outputStream.writeByte = function(_byte) {\n if (resizeOk && this.pos >= this.buffer.length) {\n var newBuffer = new Uint8Array(this.buffer.length*2);\n newBuffer.set(this.buffer);\n this.buffer = newBuffer;\n }\n this.buffer[this.pos++] = _byte;\n };\n outputStream.getBuffer = function() {\n // trim buffer\n if (this.pos !== this.buffer.length) {\n if (!resizeOk)\n throw new TypeError('outputsize does not match decoded input');\n var newBuffer = new Uint8Array(this.pos);\n newBuffer.set(this.buffer.subarray(0, this.pos));\n this.buffer = newBuffer;\n }\n return this.buffer;\n };\n outputStream._coerced = true;\n return outputStream;\n};\n\n/* Static helper functions */\n// 'input' can be a stream or a buffer\n// 'output' can be a stream or a buffer or a number (buffer size)\nconst decode = function(input, output, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n\n var bz = new Bunzip(inputStream, outputStream);\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n if (bz._init_block()) {\n bz._read_bunzip();\n } else {\n var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned)\n if (targetStreamCRC !== bz.streamCRC) {\n _throw(Err.DATA_ERROR, \"Bad stream CRC \"+\n \"(got \"+bz.streamCRC.toString(16)+\n \" expected \"+targetStreamCRC.toString(16)+\")\");\n }\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n } else break;\n }\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\nconst decodeBlock = function(input, pos, output) {\n // make a stream from a buffer, if necessary\n var inputStream = coerceInputStream(input);\n var outputStream = coerceOutputStream(output);\n var bz = new Bunzip(inputStream, outputStream);\n bz.reader.seek(pos);\n /* Fill the decode buffer for the block */\n var moreBlocks = bz._get_next_block();\n if (moreBlocks) {\n /* Init the CRC for writing */\n bz.blockCRC = new CRC32();\n\n /* Zero this so the current byte from before the seek is not written */\n bz.writeCopies = 0;\n\n /* Decompress the block and write to stdout */\n bz._read_bunzip();\n // XXX keep writing?\n }\n if ('getBuffer' in outputStream)\n return outputStream.getBuffer();\n};\n/* Reads bzip2 file from stream or buffer `input`, and invoke\n * `callback(position, size)` once for each bzip2 block,\n * where position gives the starting position (in *bits*)\n * and size gives uncompressed size of the block (in *bytes*). */\nconst table = function(input, callback, multistream) {\n // make a stream from a buffer, if necessary\n var inputStream = new Stream();\n inputStream.delegate = coerceInputStream(input);\n inputStream.pos = 0;\n inputStream.readByte = function() {\n this.pos++;\n return this.delegate.readByte();\n };\n if (inputStream.delegate.eof) {\n inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate);\n }\n var outputStream = new Stream();\n outputStream.pos = 0;\n outputStream.writeByte = function() { this.pos++; };\n\n var bz = new Bunzip(inputStream, outputStream);\n var blockSize = bz.dbufSize;\n while (true) {\n if ('eof' in inputStream && inputStream.eof()) break;\n\n var position = inputStream.pos*8 + bz.reader.bitOffset;\n if (bz.reader.hasByte) { position -= 8; }\n\n if (bz._init_block()) {\n var start = outputStream.pos;\n bz._read_bunzip();\n callback(position, outputStream.pos - start);\n } else {\n var crc = bz.reader.read(32); // (but we ignore the crc)\n if (multistream &&\n 'eof' in inputStream &&\n !inputStream.eof()) {\n // note that start_bunzip will also resync the bit reader to next byte\n bz._start_bunzip(inputStream, outputStream);\n console.assert(bz.dbufSize === blockSize,\n \"shouldn't change block size within multistream file\");\n } else break;\n }\n }\n};\n\nmodule.exports = {\n Bunzip,\n Stream,\n Err,\n decode,\n decodeBlock,\n table\n};\n"],"names":["doneWritingPromise","Symbol","doneWritingResolve","doneWritingReject","readingIndex","ArrayStream","Array","constructor","super","Object","setPrototypeOf","this","prototype","Promise","resolve","reject","catch","isArrayStream","input","getReader","isArray","Writer","writer","getWriter","releaseLock","closed","call","stream","isStream","globalThis","ReadableStream","isPrototypeOf","_read","_readableState","Error","isUint8Array","Uint8Array","concatUint8Array","arrays","length","totalLength","i","result","pos","forEach","element","set","undefined","read","async","value","done","readToEnd","join","slice","clone","then","push","write","chunk","close","abort","reason","process","versions","doneReadingSet","WeakSet","externalBuffer","Reader","reader","bind","_releaseLock","_cancel","cancel","doneReading","has","add","e","toStream","start","controller","enqueue","toArrayStream","concat","list","some","map","transform","transformWithCancel","all","transforms","prev","transformPair","readable","writable","pipe","preventClose","concatStream","concatArrayStream","target","preventAbort","preventCancel","ready","pipeTo","transformRaw","options","transformStream","TransformStream","customCancel","backpressureChangePromiseResolve","backpressureChangePromiseReject","outputController","pulled","cancelled","pull","highWaterMark","WritableStream","error","finish","output","data","result1","result2","flush","fn","incomingTransformController","incoming","pipeDonePromise","outgoing","setTimeout","parse","returnValue","transformed","remainder","teed","tee","overwrite","passiveClone","entries","getOwnPropertyDescriptors","name","descriptor","get","defineProperty","begin","end","Infinity","bytesRead","Math","max","terminate","lastBytes","console","warn","fromAsync","subarray","destroy","arrayStream","shift","readLine","returnVal","buffer","streams.concat","lineEndIndex","indexOf","substr","unshift","readByte","byte","streams.slice","readBytes","bufferLength","bufferConcat","peekBytes","bytes","values","byteOffset","byteLength","filter","byValue","enums","curve","nistP256","p256","nistP384","p384","nistP521","p521","secp256k1","ed25519Legacy","ed25519","curve25519Legacy","curve25519","brainpoolP256r1","brainpoolP384r1","brainpoolP512r1","s2k","simple","salted","iterated","argon2","gnu","publicKey","rsaEncryptSign","rsaEncrypt","rsaSign","elgamal","dsa","ecdh","ecdsa","eddsaLegacy","aedh","aedsa","x25519","x448","ed448","symmetric","idea","tripledes","cast5","blowfish","aes128","aes192","aes256","twofish","compression","uncompressed","zip","zlib","bzip2","hash","md5","sha1","ripemd","sha256","sha384","sha512","sha224","sha3_256","sha3_512","webHash","aead","eax","ocb","gcm","experimentalGCM","packet","publicKeyEncryptedSessionKey","signature","symEncryptedSessionKey","onePassSignature","secretKey","secretSubkey","compressedData","symmetricallyEncryptedData","marker","literalData","trust","userID","publicSubkey","userAttribute","symEncryptedIntegrityProtectedData","modificationDetectionCode","aeadEncryptedData","padding","literal","binary","text","utf8","mime","standalone","certGeneric","certPersona","certCasual","certPositive","certRevocation","subkeyBinding","keyBinding","key","keyRevocation","subkeyRevocation","timestamp","thirdParty","signatureSubpacket","signatureCreationTime","signatureExpirationTime","exportableCertification","trustSignature","regularExpression","revocable","keyExpirationTime","placeholderBackwardsCompatibility","preferredSymmetricAlgorithms","revocationKey","issuerKeyID","notationData","preferredHashAlgorithms","preferredCompressionAlgorithms","keyServerPreferences","preferredKeyServer","primaryUserID","policyURI","keyFlags","signersUserID","reasonForRevocation","features","signatureTarget","embeddedSignature","issuerFingerprint","preferredAEADAlgorithms","preferredCipherSuites","certifyKeys","signData","encryptCommunication","encryptStorage","splitPrivateKey","authentication","sharedPrivateKey","armor","multipartSection","multipartLast","signed","message","privateKey","noReason","keySuperseded","keyCompromised","keyRetired","userIDInvalid","modificationDetection","v5Keys","seipdv2","type","config","preferredHashAlgorithm","preferredSymmetricAlgorithm","preferredCompressionAlgorithm","aeadProtect","parseAEADEncryptedV4KeysAsLegacy","preferredAEADAlgorithm","aeadChunkSizeByte","v6Keys","enableParsingV5Entities","s2kType","s2kIterationCountByte","s2kArgon2Params","passes","parallelism","memoryExponent","allowUnauthenticatedMessages","allowUnauthenticatedStream","minRSABits","passwordCollisionCheck","allowInsecureDecryptionWithSigningKeys","allowInsecureVerificationWithReformattedKeys","allowMissingKeyFlags","constantTimePKCS1Decryption","constantTimePKCS1DecryptionSupportedSymmetricAlgorithms","Set","ignoreUnsupportedPackets","ignoreMalformedPackets","additionalAllowedPackets","showVersion","showComment","versionString","commentString","maxUserIDLength","knownNotations","nonDeterministicSignaturesViaNotation","useEllipticFallback","rejectHashAlgorithms","rejectMessageHashAlgorithms","rejectPublicKeyAlgorithms","rejectCurves","debugMode","env","NODE_ENV","util","isString","String","nodeRequire","stream.isUint8Array","stream.isStream","getNobleCurve","publicKeyAlgo","curveName","defaultConfig","nobleCurves","noble_curves","readNumber","n","writeNumber","b","readDate","Date","writeDate","time","numeric","floor","getTime","normalizeDate","now","readMPI","bytelen","readExactSubarray","leftPad","padded","offset","uint8ArrayToMPI","bin","bitSize","uint8ArrayBitLength","stripped","ceil","prefix","nbits","hexToUint8Array","hex","k","parseInt","uint8ArrayToHex","hexAlphabet","s","v","stringToUint8Array","str","stream.transform","charCodeAt","uint8ArrayToString","bs","j","fromCharCode","apply","encodeUTF8","encoder","TextEncoder","lastChunk","encode","decodeUTF8","decoder","TextDecoder","decode","stream.concat","stream.concatUint8Array","equalsUint8Array","array1","array2","writeChecksum","printDebug","log","printDebugError","x","r","t","double","doubleVar","last","shiftRight","array","bits","getWebCrypto","webCrypto","crypto","subtle","getNodeCrypto","webcrypto","getNodeZlib","getNodeBuffer","Buffer","getHardwareConcurrency","navigator","hardwareConcurrency","cpus","isEmailAddress","test","canonicalizeEOL","carryOverCR","index","indices","normalized","sub","nativeEOL","copyWithin","removeTrailingSpaces","split","line","wrapError","constructAllowedPackets","allowedClasses","PacketClass","tag","anyPromise","promises","exception","promise","selectUint8Array","cond","a","selectUint8","isAES","cipherAlgo","encodeChunk","decodeChunk","buf","lines","encoded","spaces","spacechars","spacechar","includes","decoded","b64ToUint8Array","base64","replace","uint8ArrayToB64","url","getType","header","match","addheader","customComment","getCheckSum","crc","len32","isLittleEndian","arr32","Uint32Array","crc_table","createcrc24","base64.encode","from","toString","btoa","atob","ArrayBuffer","DataView","setInt16","Int16Array","verifyHeaders","headers","removeChecksum","body","lastEquals","lastIndexOf","unarmor","reSplit","reEmptyLine","headersDone","textDone","lastHeaders","base64.decode","stream.transformPair","stream.getReader","stream.getWriter","parts","stream.isArrayStream","stream.readToEnd","messageType","partIndex","partTotal","emitChecksum","maybeBodyClone","stream.passiveClone","getLegacyCipher","algo","legacyCiphers","legacy_ciphers","cipher","getCipherBlockSize","getCipherKeySize","getCipherParams","keySize","blockSize","md5cycle","c","d","ff","gg","hh","ii","add32","cmn","q","md5blk","md5blks","hex_chr","rhex","nodeCrypto","nodeCryptoHashes","getHashes","nodeHash","shasum","createHash","update","digest","nobleHash","nobleHashName","webCryptoHashName","getNobleHash","nobleHashes","noble_hashes","hashInstance","create","hash$1","entree","state","substring","tail","md51","getHashByteLength","isBytes","lengths","exists","instance","checkFinished","destroyed","finished","out","min","outputLen","u8","arr","u32","createView","toBytes","utf8ToBytes","copyBytes","equalBytes","diff","wrapCipher","params","assign","setBigUint64","view","isLE","_32n","BigInt","_u32_max","wh","Number","wl","setUint32","isAligned32","clean","fill","BLOCK_SIZE","ZEROS16","ZEROS32","swapLE","GHASH","expectedLength","blockLen","s0","s1","s2","s3","abytes","kView","k0","getUint32","k1","k2","k3","doubles","W","estimateWindow","windows","windowSize","items","w","d0","d1","d2","d3","_updateBlock","o0","o1","o2","o3","mask","num","bytePos","bitPos","bit","e0","e1","e2","e3","aexists","b32","blocks","left","elm","digestInto","aoutput","o32","res","Polyval","ghKey","reverse","hiBit","carry","_toGHASHKey","wrapConstructorWithKey","hashCons","hashC","msg","tmp","ghash","EMPTY_BLOCK","POLY","mul2","mul","sbox","box","invSbox","_","rotr32_8","rotl32_8","byteSwap","word","genTtable","T0","T1","T2","T3","T01","T23","sbox2","Uint16Array","idx","tableEncoding","tableDecoding","xPowers","p","expandKeyLE","len","toClean","k32","Nk","subByte","applySbox","xk","expandKeyDecLE","encKey","apply0123","encrypt","rounds","t0","t1","t2","t3","decrypt","getDst","dst","ctrCounter","nonce","src","srcLen","ctr","c32","src32","dst32","ctr32","ctrPos","ctrNum","nonceLength","processCtr","plaintext","ciphertext","cbc","iv","opts","pcks5","disablePadding","o","_out","outLen","remaining","validateBlockEncrypt","_iv","n32","tmp32","paddingByte","padPCKS","validateBlockDecrypt","ps0","ps1","ps2","ps3","lastByte","validatePCKS","cfb","processCfb","isEncrypt","next32","tagLength","AAD","_computeTag","authKey","tagMask","aadLength","h","computeTag","deriveKeys","counter","nonceLen","g","passedTag","isBytes32","encryptBlock","block","decryptBlock","AESW","kek","a0","a1","chunks","AESKW_IV","aeskw","sum","pad","concatBytes","unsafe","knownAlgos","getCiphers","nodeAlgos","WebCryptoEncryptor","prevBlock","nextBlock","zeroBlock","isSupported","importKey","_runCBC","nonZeroIV","mode","keyRef","encryptChunk","missing","added","leftover","toEncrypt","encryptedBlocks","xorMut","encryptedBlock","curBlock","clearSensitiveData","ct","NobleStreamProcessor","forEncryption","nobleAesHelpers","getUint32Array","_runCFB","processChunk","toProcess","processedBlocks","processedBlock","aLength","algoName","decipherObj","createDecipheriv","nodeDecrypt","nobleAesCfb","aesDecrypt","cipherfn","block_size","blockp","decblock","pt","cipherObj","createCipheriv","nodeEncrypt","aesEncrypt","blockc","encblock","blockLength","rightXORMut","CMAC","CBC","padding2","err","nobleAesCbc","ivLength","zero","one","two","OMAC","cmac","CTR","en","final","nobleAesCtr","EAX","omac","adata","omacNonce","omacAdata","ciphered","ctTag","omacCiphered","getNonce","chunkIndex","ntz","S","T","xor","OCB","maxNtz","aes","encipher","decipher","crypt","m","newMaxNtz","extendKeyVariables","paddedNonce","bottom","kTop","stretched","checksum","xorInput","$","cipherInput","mask_x","mask_$","constructKeyVariables","crypted","ALGO","GCM","setAAD","getAuthTag","de","setAuthTag","_key","webcryptoEmptyMessagesUnsupported","userAgent","nobleAesGcm","additionalData","_0n","_1n","uint8ArrayToBigInt","mod","reduced","modExp","exp","lsb","abs","modInv","gcd","aInput","bInput","y","xPrev","yPrev","aNegated","bNegated","_egcd","bigIntToNumber","number","MAX_SAFE_INTEGER","getBit","bitLength","bitlen","_8n","bigIntToUint8Array","endian","rawLength","getRandomBytes","getRandomValues","getRandomBigInteger","modulus","randomProbablePrime","_30n","adds","isProbablePrime","smallPrimes","every","divisionTest","fermat","n1","millerRabin","hash_headers","emeEncode","keyLength","mLength","PS","count","randomBytes","getPKCS1Padding","emeDecode","randomPayload","separatorNotFound","psLen","payload","isValidPadding","emsaEncode","hashed","emLen","hashPrefix","tLen","EM","privateToJWK","u","pNum","qNum","dNum","dq","dp","kty","qi","ext","publicToJWK","jwkToPrivate","jwk","format","constants","RSA_PKCS1_PADDING","privateDecrypt","unblinder","blinder","mp","mq","bnDecrypt","publicEncrypt","bnEncrypt","keyGenOpt","modulusLength","publicExponent","keyPair","generateKey","exportKey","publicKeyEncoding","privateKeyEncoding","generateKeyPair","jwkPrivateKey","phi","hashAlgo","hashName","sign","webSign","createSign","nodeSign","bnSign","_2n","rde","verify","webVerify","createVerify","nodeVerify","EM1","EM2","bnVerify","c1","c2","pSize","threshold","nacl","gf","init","Float64Array","randombytes","_9","gf0","gf1","_121665","D","D2","X","Y","I","ts64","l","crypto_verify_32","xi","yi","vn","set25519","car25519","sel25519","pack25519","neq25519","par25519","unpack25519","A","Z","M","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","inv25519","crypto_scalarmult","z","f","x32","x16","crypto_scalarmult_base","K","crypto_hashblocks_hl","hl","bh0","bh1","bh2","bh3","bh4","bh5","bh6","bh7","bl0","bl1","bl2","bl3","bl4","bl5","bl6","bl7","th","tl","Int32Array","ah0","ah1","ah2","ah3","ah4","ah5","ah6","ah7","al0","al1","al2","al3","al4","al5","al6","al7","crypto_hash","cswap","pack","tx","ty","zi","scalarmult","scalarbase","crypto_sign_keypair","pk","sk","seeded","L","modL","reduce","unpackneg","chk","den","den2","den4","den6","pow2523","crypto_sign_BYTES","checkArrayTypes","arguments","TypeError","scalarMult","crypto_box_keypair","fromSecretKey","signedMsg","sm","smlen","crypto_sign","detached","sig","crypto_sign_open","fromSeed","seed","setPRNG","cleanup","knownOIDs","OID","oid","toHex","getName","readSimpleLength","writeSimpleLength","writePartialLength","power","writeTag","tag_type","writeHeader","supportsStreaming","readPackets","callback","callbackReturned","peekedBytes","headerByte","packetLength","packetLengthType","packetSupportsStreaming","wasPartialLength","stream.ArrayStream","lengthByte","nextPacket","UnsupportedError","captureStackTrace","UnknownPacketError","UnparseablePacket","rawContent","generate","webCryptoKey","getPayloadSize","utils","randomPrivateKey","getPublicKey","getPreferredHashAlgo","privateKeyToJWK","RS","publicKeyToJWK","crv","wrap","dataToWrap","wrappingKey","keyToWrap","wrapped","wrapKey","nobleAesKW","unwrap","wrappedData","unwrapped","unwrapKey","computeHKDF","inputKey","salt","info","importedKey","deriveBits","HKDF_INFO","generateEphemeralEncryptionMaterial","recipientA","ephemeralSecretKey","sharedSecret","assertNonZeroArray","ephemeralPublicKey","getSharedSecret","recomputeSharedSecret","acc","wrappedKey","hkdfInput","aesKW.unwrap","encryptionKey","aesKW.wrap","webCurves","knownCurves","getCurves","nodeCurves","curves","keyType","node","web","payloadSize","sharedSize","wireFormatLeadingByte","CurveWithOID","oidOrName","genKeyPair","namedCurve","jwkToRawPublic","webGenKeyPair","jsGenKeyPair","createECDH","generateKeys","getPrivateKey","nodeGenKeyPair","ecdhXGenerate","eddsaGenerate","validateStandardParams","Q","supportedCurves","dG","checkPublicPointEnconding","V","pointSize","nobleCurve","bufX","bufY","rawPublicToJWK","ecKeyUtils","nodeBuffer","derPrivateKey","generateDer","dsaEncoding","lowS","tryFallbackVerificationForOldBug","jsVerify","verified","derPublicKey","eddsaSign","eddsaVerify","provided","computed","buildEcdhParam","public_algo","kdfParams","fingerprint","kdf","param","stripLeading","stripTrailing","genPublicEphemeralKey","sharedKey","ecdhXGenerateEphemeralEncryptionMaterial","recipient","public","webPublicEphemeralKey","jsPublicEphemeralKey","sender","computeSecret","nodePublicEphemeralKey","genPrivateEphemeralKey","ecdhXRecomputeSharedSecret","secret","webPrivateEphemeralKey","jsPrivateEphemeralKey","setPrivateKey","nodePrivateEphemeralKey","C","pkcs5.decode","pkcs5.encode","xr","qSize","u1","u2","rsa","elliptic","signatureParams","rsSize","eddsa","publicKeyParams","privateKeyParams","publicParams","curveSize","ECDHSymmetricKey","KDFParams","ECDHXSymmetricKey","fromObject","algorithm","followLength","checkSupportedCurve","getCurvePayloadSize","ecdhX","privateParams","prefixrandom","repeat","ECDHSymkey","sessionKeyParams","keyAlgo","symmetricAlgo","algosWithNativeRepresentation","orderedParams","keys","validateParams","algoModule","random","pkcs1","pkcs5","aesKW","Argon2OutOfMemoryError","loadArgonWasmModule","argon2Promise","Argon2S2K","encodedM","generateSalt","produceKey","passphrase","decodedM","index$1","default","version","password","memorySize","GenericS2K","getCount","numBytes","rlength","prefixlen","toHash","datalen","allowedS2KTypesForEncryption","newS2KFromType","newS2KFromConfig","u16","fleb","fdeb","clim","freb","eb","_a","fl","revfl","_b","fd","revfd","rev","hMap","cd","mb","co","le","rvb","sv","r_1","flt","fdt","flm","flrm","fdm","fdrm","bits16","shft","slc","BYTES_PER_ELEMENT","ec","ind","nt","code","wbits","wbits16","hTree","et","sort","i0","i1","i2","maxSym","tr","mbt","ln","dt","lft","cst","i2_1","i2_2","i2_3","lc","cl","cli","cln","cls","clen","cf","wfblk","dat","wblk","syms","lf","df","li","bl","dlt","mlb","ddt","mdb","_c","lclt","nlc","_d","lcdt","ndc","lcfreq","_e","lct","mlcb","nlcc","lm","ll","dm","dl","flen","ftlen","dtlen","llm","lcts","it","clct","deo","dopt","opt","pre","post","st","lvl","plvl","lst","msk_1","head","bs1_1","bs2_1","hsh","lc_1","wi","hv","imod","pimod","rem","ch_1","dif","maxn","maxd","ml","nl","mmd","md","ti","lin","din","dflt","level","mem","Deflate","cb","ondata","Inflate","bts","sl","noBuf","noSt","cbuf","nbuf","bt","lbt","dbt","tbts","hLit","hcLen","ldt","clt","clb","clbmsk","clm","lt","lms","dms","lpos","sym","dsym","inflt","Zlib","raw","lv","zlh","wbytes","Unzlib","td","LiteralDataPacket","date","filename","setText","getText","getBytes","setBytes","setFilename","getFilename","stream.parse","filename_len","filename_length","KeyID","equals","keyID","matchWildcard","isWildcard","isNull","mapToHex","fromID","wildcard","SALT_NOTATION_NAME","allowedUnhashedSubpackets","SignaturePacket","signatureType","hashAlgorithm","publicKeyAlgorithm","signatureData","unhashedSubpackets","unknownSubpackets","signedHashValue","created","signatureNeverExpires","exportable","trustLevel","trustAmount","keyNeverExpires","revocationKeyClass","revocationKeyAlgorithm","revocationKeyFingerprint","rawNotations","notations","isPrimaryUserID","reasonForRevocationFlag","reasonForRevocationString","signatureTargetPublicKeyAlgorithm","signatureTargetHashAlgorithm","signatureTargetHash","issuerKeyVersion","revoked","readSubPackets","saltLength","signatureMaterial","parseSignatureParams","writeParams","stream.fromAsync","serializeParams","writeUnhashedSubPackets","getFingerprintBytes","getKeyID","saltLengthForHash","saltValue","humanReadable","critical","writeHashedSubPackets","stream.slice","stream.clone","writeSubPacket","encodedName","readSubPacket","mypos","seconds","trusted","subpacketLengthBytes","subpacketLength","toSign","writeForHash","calculateTrailer","isMessageSignature","normDate","getExpirationTime","toUpperCase","isExpired","OnePassSignaturePacket","fromSignaturePacket","signaturePacket","isLast","onePassSig","flags","args","correspondingSig","newPacketFromTag","allowedPackets","packetType","PacketList","fromBinary","packets","parsed","fromStream","throwUnsupportedError","throwMalformedError","unparsedPacket","packetbytes","minLength","powerOf2","LN2","chunkSize","filterByTag","tags","filtered","handle","findPacket","find","indexOfTag","tagIndex","that","CompressedDataPacket","compressed","decompress","compress","compressionName","decompressionFn","decompress_fns","compressionFn","compress_fns","compressionStreamInstantiator","ZlibStreamedConstructor","inputData","zlibStream","processedData","compressorOrDecompressor","pipeThrough","inputReader","bzip2Decompress","bunzipDecode","getCompressionStreamInstantiators","compressionFormat","compressor","CompressionStream","decompressor","DecompressionStream","SymEncryptedIntegrityProtectedDataPacket","aeadAlgorithm","seip","cipherAlgorithm","chunkSizeByte","encrypted","sessionKeyAlgorithm","runAEAD","getPrefixRandom","mdc","tohash","decrypted","realHash","verifyHash","isSEIPDv2","isAEADP","getAEADMode","tagLengthIfDecrypting","tagLengthIfEncrypting","chunkIndexSizeIfAEADEP","adataBuffer","adataArray","adataTagArray","adataView","chunkIndexArray","ivView","latestPromise","cryptedBytes","queuedBytes","derived","modeInstance","size","stream.pipe","finalChunk","cryptedPromise","setInt32","desiredSize","AEADEncryptedDataPacket","PublicKeyEncryptedSessionKeyPacket","publicKeyID","publicKeyVersion","publicKeyFingerprint","sessionKey","encryptionKeyPacket","anonymousRecipient","pkesk","versionAndFingerprintLength","fingerprintLength","parseEncSessionKeyParams","encodeSessionKey","publicKeyEncrypt","randomSessionKey","decryptedData","publicKeyDecrypt","computedChecksum","isValidChecksum","decryptedSessionKey","isValidPayload","decodeSessionKey","hasEncryptedAlgo","sessionKeyData","SymEncryptedSessionKeyPacket","sessionKeyEncryptionAlgorithm","s2kLen","fieldsLen","generateSessionKey","PublicKeyPacket","expirationTimeV3","fromSecretKeyPacket","secretKeyPacket","keyPacket","parsePublicKeyParams","computeFingerprintAndKeyID","writePublicKey","versionOctet","lengthOctets","isDecrypted","getCreationTime","computeFingerprint","getFingerprint","hasSameFingerprintAs","other","getAlgorithmInfo","modulo","readPublicKey","SymmetricallyEncryptedDataPacket","FRE","MarkerPacket","PublicSubkeyPacket","fromSecretSubkeyPacket","secretSubkeyPacket","UserAttributePacket","attributes","usrAttr","attr","SecretKeyPacket","keyMaterial","isEncrypted","s2kUsage","isLegacyAEAD","usedModernAEAD","startOfSecretKeyData","unparseableKeyMaterial","cleartext","parsePrivateKeyParams","serializedPublicKey","optionalFieldsArr","isDummy","isMissingSecretKeyMaterial","makeDummy","clearPrivateParams","serializedPacketTag","produceEncryptionKey","associateData","cleartextWithHash","validate","validParams","generateParams","keyVersion","aeadMode","derivedKey","UserIDPacket","email","comment","components","matches","exec","groups","trim","otherUserID","SecretSubkeyPacket","TrustPacket","PaddingPacket","createPadding","Signature","packetlist","getSigningKeyIDs","readSignature","armoredSignature","binarySignature","rest","unknownOptions","generateSecretSubkey","rsaBits","generateSecretKey","getLatestValidSignature","signatures","dataToVerify","latestValid","$1","$2","toLowerCase","isDataExpired","expirationTime","getKeyExpirationTime","createBindingSignature","subkey","primaryKey","dataToSign","signatureProperties","createSignaturePacket","recipientKeys","signingKeyPacket","recipientUserIDs","targetKeys","targetUserIDs","defaultAlgo","preferredSenderAlgo","supportedAlgosPerTarget","getPrimarySelfSignature","supportedAlgosMap","Map","supportedAlgos","supportedAlgo","isSupportedHashAlgo","getStrongestSupportedHashAlgo","strongestHashAlgo","algoA","algoB","preferredCurveAlgo","getPreferredCurveHashAlgo","preferredSenderAlgoIsSupported","preferredSenderAlgoStrongerThanCurveAlgo","strongestSupportedAlgo","mergeSignatures","source","dest","checkFn","sourceSig","destSig","isDataRevoked","revocations","revocationKeyIDs","revocationSignature","isHardRevocation","sanitizeKeyOptions","subkeyDefaults","validateSigningKeyPacket","validateEncryptionKeyPacket","validateDecryptionKeyPacket","checkKeyRequirements","algoInfo","User","userPacket","mainKey","selfCertifications","otherCertifications","revocationSignatures","toPacketList","user","certify","signingKeys","isPrivate","signingKey","getSigningKey","isRevoked","certificate","verifyCertificate","verificationKeys","issuerKeys","getKeys","verifyAllCertifications","certifications","certification","valid","selfCertification","sourceUser","srcSelfSig","srcRevSig","revoke","flag","string","Subkey","subkeyPacket","bindingSignatures","helper.isDataRevoked","bindingSignature","helper.getLatestValidSignature","helper.isDataExpired","keyExpiry","helper.getKeyExpirationTime","sigExpiry","helper.mergeSignatures","srcBindSig","helper.createSignaturePacket","allowedRevocationPackets","mainKeyPacketTags","keyPacketTags","privateSubkey","Key","packetListToStructure","disallowedPackets","primaryKeyID","ignoreUntil","users","subkeys","directSignatures","clonePrivateParams","getPrototypeOf","getSubkeys","getKeyIDs","getUserIDs","verifyPrimaryKey","helper.checkKeyRequirements","helper.validateSigningKeyPacket","getEncryptionKey","helper.validateEncryptionKeyPacket","directSignature","primaryKeyExpiry","selfSigKeyExpiry","selfSigExpiry","directSigKeyExpiry","getPrimaryUser","primaryUser","B","pop","cert","sourceKey","destSubkey","srcSubkey","updatedKey","usersToUpdate","dstUser","srcUser","userToUpdate","newUser","subkeysToUpdate","dstSubkey","subkeyToUpdate","newSubkey","getRevocationCertificate","applyRevocationCertificate","revocationCertificate","signPrimaryUser","privateKeys","userSign","signAllUsers","verifyPrimaryUser","verifyAllUsers","results","PublicKey","toPublic","PrivateKey","keyPackets","pubKeyPacket","pubSubkeyPacket","getDecryptionKeys","helper.validateDecryptionKeyPacket","Boolean","addSubkey","defaultOptions","getDefaultSubkeyType","helper.sanitizeKeyOptions","helper.generateSecretSubkey","helper.createBindingSignature","packetList","allowedKeyPackets","createKey","wrapKeyObject","secretSubkeyPackets","subkeyPassphrase","createPreferredAlgos","algos","preferredAlgo","getKeySignatureProperties","symmetricAlgorithms","aeadAlgorithms","flatMap","symmetricAlgorithm","userIDs","userIDPacket","subkeyOptions","subkeySignaturePacket","readKey","armoredKey","binaryKey","keyIndex","readPrivateKey","firstPrivateKeyList","readKeys","armoredKeys","binaryKeys","newKey","readPrivateKeys","oneKeyList","allowedMessagePackets","allowedSymSessionKeyPackets","allowedDetachedSignaturePackets","Message","getEncryptionKeyIDs","keyIDs","unwrapCompressed","onePassSigList","decryptionKeys","passwords","sessionKeys","symEncryptedPacketlist","symEncryptedPacket","expectedSymmetricAlgorithm","sessionKeyObjects","decryptSessionKeys","decryptedPromise","algorithmName","stream.cancel","resultMsg","decryptedSessionKeyPackets","skeskPackets","skeskPacket","pkeskPackets","pkeskPacket","decryptionKey","decryptionKeyPackets","decryptionKeyPacket","serialisedPKESK","pkeskPacketCopy","seen","item","getLiteralData","encryptionKeys","aeadAlgo","selfSigs","selfSig","defaultCipherSuite","desiredCipherSuites","desiredCipherSuite","cipherSuite","defaultSymAlgo","desiredSymAlgo","getPreferredCipherSuite","symmetricAlgoName","aeadAlgoName","maybeKey","encryptionKeyIDs","aeadAlgorithmName","encryptSessionKey","pkESKeyPacket","testDecrypt","accumulator","currentValue","encryptPassword","symEncryptedSessionKeyPacket","pwd","signingKeyIDs","signingUserIDs","literalDataPacket","signaturePackets","createSignaturePackets","onePassSignaturePackets","signDetached","recipientKeyIDs","literalDataList","signatureList","correspondingSigResolve","correspondingSigReject","createVerificationObjects","verifyDetached","appendSignature","detachedSignature","trailingPacket","signingUserID","existingSigPacketlist","unverifiedSigningKey","signaturePacketPromise","verifiedSig","createVerificationObject","readMessage","armoredMessage","binaryMessage","streamType","createMessage","literalDataPacketlist","CleartextMessage","newSignature","emitHeaderAndChecksum","readCleartextMessage","cleartextMessage","checkHashAlgos","hashAlgos","check","hashHeader","parsedHashIDs","createCleartextMessage","checkConfig","toArray","helper.generateSecretKey","formatObject","reformatKey","reformattedKey","sanitize","reformat","revokeKey","revokedKey","decryptKey","clonedPrivateKey","passphrases","encryptKey","encryptionUserIDs","signatureNotations","checkMessage","checkOutputMessageFormat","publicKeys","senderAlgoSupport","recipientPrefs","getPreferredCompressionAlgo","convertStream","expectSigned","linkStreams","checkCleartextOrMessage","checkBinary","checkString","defaultConfigPropsCount","inputConfigProps","inputProp","object","isSafeInteger","rotr","rotl","byteSwap32","Hash","_cloneInto","wrapConstructor","bytesLength","Chi","Maj","HashMD","padOffset","take","dataView","roundClean","oview","to","SHA256_K","SHA256_IV","SHA256_W","SHA256","E","F","G","H","W15","W2","SHA224","HMAC","assertHash","iHash","oHash","assertExists","assertBytes","hmac","abool","title","hexes","padStart","bytesToHex","numberToHexUnpadded","hexToNumber","asciis","_0","_A","_F","_f","asciiToBase16","char","hexToBytes","al","ai","hi","n2","bytesToNumberBE","bytesToNumberLE","numberToBytesBE","numberToBytesLE","ensureBytes","isPosBig","inRange","aInRange","bitLen","bitMask","u8n","u8fr","createHmacDrbg","hashLen","qByteLen","hmacFn","reset","reseed","gen","pred","validatorFns","bigint","val","function","boolean","stringOrUint8Array","field","Fp","isValid","validateObject","validators","optValidators","checkField","fieldName","isOptional","checkVal","memoized","WeakMap","arg","_3n","_4n","_5n","pow","pow2","invert","FpSqrt","P","p1div4","root","eql","sqr","nv","ONE","legendreC","Q1div2","neg","ZERO","ge","tonelliShanks","FIELD_FIELDS","nLength","nBitLength","_nBitLength","nByteLength","Field","ORDER","redef","BITS","BYTES","sqrtP","freeze","MASK","is0","isOdd","lhs","rhs","FpPow","div","sqrN","addN","subN","mulN","inv","sqrt","invertBatch","nums","lastMultiplied","inverted","reduceRight","FpInvertBatch","cmov","fromBytes","getFieldBytesLength","fieldOrder","getMinHashLength","pointPrecomputes","pointWindowSizes","wNAF","constTimeNegate","condition","negate","validateW","unsafeLadder","precomputeWindow","points","base","window","precomputes","BASE","maxNumber","shiftBy","offset1","offset2","cond1","cond2","wNAFCached","comp","setWindowSize","delete","pippenger","scalars","buckets","lastBits","scalar","resI","sumI","validateBasic","Gx","Gy","validateSigVerOpts","prehash","b2n","h2b","ut","DER","Err","_tlv","dataLen","ut.numberToHexUnpadded","lenLen","first","lengthBytes","_int","toSig","int","tlv","ut.abytes","seqBytes","seqLeftBytes","rBytes","rLeftBytes","sBytes","sLeftBytes","hexFromSig","seq","weierstrassPoints","CURVE","ut.validateObject","allowedPrivateKeyLengths","wrapPrivateKey","isTorsionFree","clearCofactor","allowInfinityPoint","endo","beta","splitScalar","validatePointOpts","Fn","mod.Field","point","_isCompressed","toAffine","ut.concatBytes","weierstrassEquation","x2","x3","normPrivateKeyToScalar","N","ut.isBytes","ut.bytesToHex","ut.bytesToNumberBE","mod.mod","ut.aInRange","assertPrjPoint","Point","toAffineMemo","iz","px","py","pz","ax","ay","zz","assertValidMemo","right","fromAffine","normalizeZ","toInv","fromHex","assertValidity","fromPrivateKey","multiply","msm","_setWindowSize","wnaf","hasEvenY","X1","Y1","Z1","X2","Y2","Z2","U1","U2","X3","Y3","Z3","subtract","multiplyUnsafe","sc","k1neg","k2neg","k1p","k2p","fake","f1p","f2p","multiplyAndAddUnsafe","cofactor","toRawBytes","isCompressed","_bits","ProjectivePoint","isWithinCurveOrder","ut.inRange","weierstrass","curveDef","bits2int","bits2int_modN","validateOpts","compressedLen","uncompressedLen","modN","CURVE_ORDER","invN","mod.invert","cat","y2","sqrtError","suffix","numToNByteStr","ut.numberToBytesBE","isBiggerThanHalfOrder","slcNum","recovery","fromCompact","fromDER","addRecoveryBit","recoverPublicKey","msgHash","rec","radj","R","ir","hasHighS","normalizeS","toDERRawBytes","ut.hexToBytes","toDERHex","toCompactRawBytes","toCompactHex","isValidPrivateKey","mod.getMinHashLength","fieldLen","minLen","mod.mapHashToField","precompute","isProbPub","delta","ORDER_MASK","ut.bitMask","int2octets","prepSig","defaultSigOpts","extraEntropy","ent","h1int","seedArgs","k2sig","kBytes","ik","normS","defaultVerOpts","privateA","publicB","privKey","ut.createHmacDrbg","drbg","sg","_sig","derError","is","getHash","msgs","createCurve","defHash","U32_MASK64","fromBig","Ah","Al","rotlSH","rotlSL","rotlBH","rotlBL","u64","toBig","shrSH","_l","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","rotr32H","_h","rotr32L","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5H","Eh","add5L","El","SHA512_Kh","SHA512_Kl","SHA512_W_H","SHA512_W_L","SHA512","Fh","Fl","Gh","Gl","Hh","Hl","W15h","W15l","s0h","s0l","W2h","W2l","s1h","s1l","SUMl","SUMh","sigma1h","sigma1l","CHIh","CHIl","T1ll","T1h","T1l","sigma0h","sigma0l","MAJh","MAJl","All","SHA384","SHA3_PI","SHA3_ROTL","_SHA3_IOTA","_7n","_256n","_0x71n","round","SHA3_IOTA_H","SHA3_IOTA_L","rotlH","rotlL","Keccak","enableXOF","posOut","state32","keccak","idx1","idx0","B0","B1","Th","Tl","curH","curL","PI","keccakP","writeInto","bufferOut","xofInto","xof","shake256","wrapXOFConstructorWithOpts","dkLen","genShake","VERIFY_DEFAULT","zip215","twistedEdwards","adjustScalarBytes","domain","uvRatio","mapToCurve","cHash","modP","ctx","phflag","aCoordinate","assertPoint","ex","ey","ez","Z4","aX2","X1Z2","X2Z1","Y1Z2","Y2Z1","x1y1","isSmallOrder","normed","ut.bytesToNumberLE","isXOdd","isLastByteOdd","getExtendedPublicKey","ut.numberToBytesLE","modN_LE","pointBytes","hashDomainToScalar","context","verifyOpts","SB","ExtendedPoint","montgomery","montgomeryBits","powPminus2","Gu","montgomeryBytes","swap","x_2","x_3","dummy","a24","encodeUCoordinate","pointU","uEnc","decodeUCoordinate","_scalar","decodeScalar","pu","x_1","sw","z_2","z_3","k_t","AA","BB","DA","CB","dacb","da_cb","z2","montgomeryLadder","GuBytes","scalarMultBase","shake256_114","ed448P","_11n","_22n","_44n","_88n","_223n","ed448_pow_Pminus3div4","b22","b44","b88","b176","b220","b222","b223","ED448_DEF","u2v","u3v","u5v3","secp256k1P","secp256k1N","divNearest","_6n","_23n","a2","POW_2_128","des","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","temp","right1","right2","looping","endloop","loopinc","iterations","padLength","paddedMessage","desAddPadding","desRemovePadding","desCreateKeys","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","shifts","lefttemp","righttemp","TripleDES","OpenPGPSymEncCAST5","BlockSize","KeySize","setKey","masking","rotate","keySchedule","getBlockSize","f1","f2","f3","scheduleA","scheduleB","sBox","inn","ki","half","CAST5","MAXINT","rotw","getW","setW","splice","getB","TF","tf","keyBytes","dataBytes","dataOffset","tfsKey","tfsM","tfsG0","tfsG1","tfsFrnd","blk","tfsIrnd","blocksize","open","meKey","moKey","inKey","kLen","sKey","f01","f5b","fef","q0","q1","q2","q3","ror4","ashx","ffm5b","ffmEf","mdsRem","qp","hFun","finalize","createTwofish","Blowfish","BF","bf","BLOCKSIZE","SBOXES","PARRAY","NN","_clean","xx","yy","dd","cc","bb","aa","sboxes","_encryptBlock","vals","dataL","dataR","parray","vector","off","ret","_decryptBlock","jj","kk","BlowFish","TwoFish","SHA1_IV","SHA1_W","SHA1","Rho","Id","Pi","idxL","idxR","shiftsL","shiftsR","Kl","Kr","group","R_BUF","RIPEMD160","h0","h1","h2","h3","h4","ar","br","cr","dr","el","er","rGroup","hbl","hbr","rl","rr","sr","ripemd160","ADD64","INC64","ix","iy","xor0","xor1","BLAKE2B_IV32","SIGMA","f0","i16","Blake2b","outlen","personal","BLOCKBYTES","OUTBYTES_MAX","params32","prealloc","TYPE","VERSION","TAGBYTES_MAX","TAGBYTES_MIN","SALTBYTES_MAX","SALTBYTES_MIN","passwordBYTES_MAX","passwordBYTES_MIN","MEMBYTES_MAX","ADBYTES_MAX","SECRETBYTES_MAX","ARGON2_BLOCK_SIZE","ARGON2_PREHASH_DIGEST_LENGTH","LE32","LE64","H_","V1_in","blake2b","V_r1","XOR","wasmContext","xs","ys","refs","gZ","G2","makePRNG","pass","lane","m_","totalPasses","segmentLength","segmentOffset","prngTmp","g2","ZERO1024","prngR","KB","WASM_PAGE_SIZE","argon2id","memory","wasmInstance","ad","assertLength","lanes","wasmG","wasmG2","wasmXOR","getLZ","wasmLZ","exports","wasmRefs","wasmFn","requiredMemory","grow","lz","newBlock","blockMemory","allocatedMemory","H0","ZERO32","concatArrays","outputBuffer","getH0","initBlock","isDataIndependent","PRNG","J1J2","next","isSIMDSupported","setupWasm","getSIMD","getNonSIMD","WebAssembly","Memory","initial","maximum","wasmModule","importObject","loaded","wasmLoader","instanceObject","BITMASK","BitReader","bitOffset","curByte","hasByte","_ensureByte","seek","n_bit","n_byte","pi","bufToHex","bitreader","Stream","bufOffset","new_pos","writeByte","_byte","crc32Lookup","crc32","getCRC","updateCRC","updateCRCRun","require$$0","require$$1","CRC32","require$$2","mtf","OK","LAST_BLOCK","NOT_BZIP_DATA","UNEXPECTED_INPUT_EOF","UNEXPECTED_OUTPUT_EOF","DATA_ERROR","OUT_OF_MEMORY","OBSOLETE_INPUT","END_OF_BLOCK","ErrorMessages","_throw","status","optDetail","errorCode","Bunzip","inputStream","outputStream","writePos","writeCurrent","writeCount","_start_bunzip","_init_block","_get_next_block","blockCRC","dbufSize","nextoutput","streamCRC","targetBlockCRC","origPointer","symToByte","symTotal","groupCount","nSelectors","mtfSymbol","selectors","hufGroup","symCount","maxLen","MAX_HUFCODE_BITS","permute","limit","pp","MAX_VALUE","byteCount","uc","runPos","dbufCount","selector","dbuf","GROUP_SIZE","nextSym","current","run","writeRun","_read_bunzip","copies","previous","outbyte","outputsize","coerceInputStream","eof","coerceOutputStream","resizeOk","newBuffer","getBuffer","_coerced","lib","multistream","bz","targetStreamCRC","decodeBlock","writeCopies","table","delegate","position","assert"],"mappings":";wZAAA,MAAMA,EAAqBC,OAAO,sBAC5BC,EAAqBD,OAAO,sBAC5BE,EAAoBF,OAAO,qBAE3BG,EAAeH,OAAO,gBAE5B,MAAMI,UAAoBC,MACxB,WAAAC,GACEC,QAEAC,OAAOC,eAAeC,KAAMN,EAAYO,WAExCD,KAAKX,GAAsB,IAAIa,SAAQ,CAACC,EAASC,KAC/CJ,KAAKT,GAAsBY,EAC3BH,KAAKR,GAAqBY,CAAM,IAElCJ,KAAKX,GAAoBgB,OAAM,QACnC,EAsCA,SAASC,EAAcC,GACrB,OAAOA,GAASA,EAAMC,WAAab,MAAMc,QAAQF,EACnD,CAOA,SAASG,EAAOH,GACd,IAAKD,EAAcC,GAAQ,CACzB,MAAMI,EAASJ,EAAMK,YACfC,EAAcF,EAAOE,YAK3B,OAJAF,EAAOE,YAAc,KACnBF,EAAOG,OAAOT,OAAM,eACpBQ,EAAYE,KAAKJ,EAAO,EAEnBA,CACX,CACEX,KAAKgB,OAAST,CAChB,CCjEA,SAASU,EAASV,GAChB,GAAID,EAAcC,GAChB,MAAO,QAET,GAAIW,EAAWC,gBAAkBD,EAAWC,eAAelB,UAAUmB,cAAcb,GACjF,MAAO,MAGT,GAAIA,KACAW,EAAWC,gBAAkBZ,aAAiBW,EAAWC,iBACpC,mBAAhBZ,EAAMc,OAAwD,iBAAzBd,EAAMe,eAClD,MAAUC,MAAM,sIAElB,SAAIhB,IAASA,EAAMC,YACV,UAGX,CAOA,SAASgB,EAAajB,GACpB,OAAOkB,WAAWxB,UAAUmB,cAAcb,EAC5C,CAOA,SAASmB,EAAiBC,GACxB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACtC,IAAKN,EAAaG,EAAOG,IACvB,MAAUP,MAAM,8DAGlBM,GAAeF,EAAOG,GAAGF,MAC7B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAAQ,SAAUC,GACvBH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MACnB,IAESG,CACT,CD3CArC,EAAYO,UAAUO,UAAY,WAIhC,YAH2B4B,IAAvBpC,KAAKP,KACPO,KAAKP,GAAgB,GAEhB,CACL4C,KAAMC,gBACEtC,KAAKX,GACPW,KAAKP,KAAkBO,KAAK4B,OACvB,CAAEW,WAAOH,EAAWI,MAAM,GAE5B,CAAED,MAAOvC,KAAKA,KAAKP,MAAkB+C,MAAM,IAGxD,EAEA9C,EAAYO,UAAUwC,UAAYH,eAAeI,SACzC1C,KAAKX,GACX,MAAM0C,EAASW,EAAK1C,KAAK2C,MAAM3C,KAAKP,KAEpC,OADAO,KAAK4B,OAAS,EACPG,CACT,EAEArC,EAAYO,UAAU2C,MAAQ,WAC5B,MAAMA,EAAQ,IAAIlD,EAIlB,OAHAkD,EAAMvD,GAAsBW,KAAKX,GAAoBwD,MAAK,KACxDD,EAAME,QAAQ9C,KAAK,IAEd4C,CACT,EAkCAlC,EAAOT,UAAU8C,MAAQT,eAAeU,GACtChD,KAAKgB,OAAO8B,KAAKE,EACnB,EAOAtC,EAAOT,UAAUgD,MAAQX,iBACvBtC,KAAKgB,OAAOzB,IACd,EAOAmB,EAAOT,UAAUiD,MAAQZ,eAAea,GAEtC,OADAnD,KAAKgB,OAAOxB,GAAmB2D,GACxBA,CACT,EAOAzC,EAAOT,UAAUY,YAAc,WAAa,EC5GC,iBAAvBK,EAAWkC,SACxBlC,EAAWkC,QAAQC,SCA5B,MAAMC,EAAiB,IAAIC,QAMrBC,EAAiBlE,OAAO,kBAS9B,SAASmE,EAAOlD,GAKd,GAJAP,KAAKgB,OAAST,EACVA,EAAMiD,KACRxD,KAAKwD,GAAkBjD,EAAMiD,GAAgBb,SAE3CrC,EAAcC,GAAQ,CACxB,MAAMmD,EAASnD,EAAMC,YAIrB,OAHAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,YACpB5D,KAAK6D,QAAU,OAEnB,CAEE,GADiB5C,EAASV,GACV,CACd,MAAMmD,EAASnD,EAAMC,YAOrB,OANAR,KAAKqB,MAAQqC,EAAOrB,KAAKsB,KAAKD,GAC9B1D,KAAK4D,aAAe,KAClBF,EAAO5C,OAAOT,OAAM,eACpBqD,EAAO7C,aAAa,OAEtBb,KAAK6D,QAAUH,EAAOI,OAAOH,KAAKD,GAEtC,CACE,IAAIK,GAAc,EAClB/D,KAAKqB,MAAQiB,SACPyB,GAAeT,EAAeU,IAAIzD,GAC7B,CAAEgC,WAAOH,EAAWI,MAAM,IAEnCuB,GAAc,EACP,CAAExB,MAAOhC,EAAOiC,MAAM,IAE/BxC,KAAK4D,aAAe,KAClB,GAAIG,EACF,IACET,EAAeW,IAAI1D,EACpB,CAAC,MAAM2D,GAAG,CACjB,CAEA,CC/CA,SAASC,EAAS5D,GAEhB,OADiBU,EAASV,GAEjBA,EAEF,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJA,EAAWC,QAAQ/D,GACnB8D,EAAWpB,OACjB,GAEA,CAOA,SAASsB,EAAchE,GACrB,GAAIU,EAASV,GACX,OAAOA,EAET,MAAMS,EAAS,IAAItB,EAMnB,MALA,WACE,MAAMiB,EAASC,EAAUI,SACnBL,EAAOoC,MAAMxC,SACbI,EAAOsC,OACd,EAJD,GAKOjC,CACT,CAQA,SAASwD,EAAOC,GACd,OAAIA,EAAKC,MAAK1D,GAAUC,EAASD,KAAYV,EAAcU,KAiB7D,SAAsByD,GACpBA,EAAOA,EAAKE,IAAIR,GAChB,MAAMS,EAAYC,GAAoBvC,eAAea,SAC7CjD,QAAQ4E,IAAIC,EAAWJ,KAAI3D,GAAU8C,EAAO9C,EAAQmC,KAC9D,IACE,IAAI6B,EAAO9E,QAAQC,UACnB,MAAM4E,EAAaN,EAAKE,KAAI,CAAC3D,EAAQc,IAAMmD,EAAcjE,GAAQ,CAACkE,EAAUC,KAC1EH,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKF,EAAUN,EAAUO,SAAU,CACxDE,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,OAET,OAAOJ,EAAUM,QACnB,CA7BWI,CAAab,GAElBA,EAAKC,MAAK1D,GAAUV,EAAcU,KAkCxC,SAA2ByD,GACzB,MAAM1C,EAAS,IAAIrC,EACnB,IAAIsF,EAAO9E,QAAQC,UAOnB,OANAsE,EAAKxC,SAAQ,CAACjB,EAAQc,KACpBkD,EAAOA,EAAKnC,MAAK,IAAMuC,EAAKpE,EAAQe,EAAQ,CAC1CsD,aAAcvD,IAAM2C,EAAK7C,OAAS,MAE7BoD,KAEFjD,CACT,CA3CWwD,CAAkBd,GAEJ,iBAAZA,EAAK,GACPA,EAAK/B,KAAK,IAEZhB,EAAiB+C,EAC1B,CA+CAnC,eAAe8C,EAAK7E,EAAOiF,GAAQH,aACjCA,GAAe,EAAKI,aACpBA,GAAe,EAAKC,cACpBA,GAAgB,GACd,IACF,GAAIzE,EAASV,KAAWD,EAAcC,GAAQ,CAC5CA,EAAQ4D,EAAS5D,GACjB,IACE,GAAIA,EAAMiD,GAAiB,CACzB,MAAM7C,EAASC,EAAU4E,GACzB,IAAK,IAAI1D,EAAI,EAAGA,EAAIvB,EAAMiD,GAAgB5B,OAAQE,UAC1CnB,EAAOgF,YACPhF,EAAOoC,MAAMxC,EAAMiD,GAAgB1B,IAE3CnB,EAAOE,aACf,OACYN,EAAMqF,OAAOJ,EAAQ,CACzBH,eACAI,eACAC,iBAEH,CAAC,MAAMxB,GAAG,CACX,MACJ,CAEE,MAAMR,EAASlD,EADfD,EAAQgE,EAAchE,IAEhBI,EAASC,EAAU4E,GACzB,IAEE,OAAa,OACL7E,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACH6C,SAAoB1E,EAAOsC,QAChC,KACR,OACYtC,EAAOoC,MAAMR,EACzB,CACG,CAAC,MAAO2B,GACFuB,SAAoB9E,EAAOuC,MAAMgB,EAC1C,CAAY,QACRR,EAAO7C,cACPF,EAAOE,aACX,CACA,CAQA,SAASgF,EAAatF,EAAOuF,GAC3B,MAAMC,EAAkB,IAAIC,gBAAgBF,GAE5C,OADAV,EAAK7E,EAAOwF,EAAgBZ,UACrBY,EAAgBb,QACzB,CAOA,SAASL,EAAoBoB,GAC3B,IAEIC,EAAkCC,EAClCC,EAHAC,GAAS,EACTC,GAAY,EAGhB,MAAO,CACLpB,SAAU,IAAI/D,eAAe,CAC3B,KAAAiD,CAAMC,GACJ+B,EAAmB/B,CACpB,EACD,IAAAkC,GACML,EACFA,IAEAG,GAAS,CAEZ,EACD,YAAMvC,CAAOX,GACXmD,GAAY,EACRL,SACIA,EAAa9C,GAEjBgD,GACFA,EAAgChD,EAE1C,GACO,CAACqD,cAAe,IACnBrB,SAAU,IAAIsB,eAAe,CAC3B1D,MAAOT,eAAeU,GACpB,GAAIsD,EACF,MAAU/E,MAAM,uBAElB6E,EAAiB9B,QAAQtB,GACpBqD,EAQHA,GAAS,SAPH,IAAInG,SAAQ,CAACC,EAASC,KAC1B8F,EAAmC/F,EACnCgG,EAAkC/F,CAAM,IAE1C8F,EAAmC,KACnCC,EAAkC,KAIrC,EACDlD,MAAOmD,EAAiBnD,MAAMU,KAAKyC,GACnClD,MAAOkD,EAAiBM,MAAM/C,KAAKyC,KAGzC,CASA,SAASxB,EAAUrE,EAAO6C,EAAU,KAAe,EAAEuD,EAAS,KAAe,GAC3E,GAAIrG,EAAcC,GAAQ,CACxB,MAAMqG,EAAS,IAAIlH,EAgBnB,MAfA,WACE,MAAMiB,EAASC,EAAUgG,GACzB,IACE,MAAMC,QAAapE,EAAUlC,GACvBuG,EAAU1D,EAAQyD,GAClBE,EAAUJ,IAChB,IAAI5E,EACgDA,OAApCK,IAAZ0E,QAAqC1E,IAAZ2E,EAAgCvC,EAAO,CAACsC,EAASC,SACpD3E,IAAZ0E,EAAwBA,EAAUC,QAC1CpG,EAAOoC,MAAMhB,SACbpB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,CACK,EAdD,GAeO0C,CACX,CACE,GAAI3F,EAASV,GACX,OAAOsF,EAAatF,EAAO,CACzB,eAAMqE,CAAUrC,EAAO8B,GACrB,IACE,MAAMtC,QAAeqB,EAAQb,QACdH,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACO,EACD,WAAM8C,CAAM3C,GACV,IACE,MAAMtC,QAAe4E,SACNvE,IAAXL,GAAsBsC,EAAWC,QAAQvC,EAC9C,CAAC,MAAMmC,GACNG,EAAWqC,MAAMxC,EAC3B,CACA,IAGE,MAAM4C,EAAU1D,EAAQ7C,GAClBwG,EAAUJ,IAChB,YAAgBvE,IAAZ0E,QAAqC1E,IAAZ2E,EAA8BvC,EAAO,CAACsC,EAASC,SACzD3E,IAAZ0E,EAAwBA,EAAUC,CAC3C,CAWA,SAAS9B,EAAc1E,EAAO0G,GAC5B,GAAIhG,EAASV,KAAWD,EAAcC,GAAQ,CAC5C,IAAI2G,EACJ,MAAMC,EAAW,IAAInB,gBAAgB,CACnC,KAAA5B,CAAMC,GACJ6C,EAA8B7C,CACtC,IAGU+C,EAAkBhC,EAAK7E,EAAO4G,EAAShC,UAEvCkC,EAAWxC,GAAoBvC,eAAea,GAClD+D,EAA4BR,MAAMvD,SAC5BiE,QACA,IAAIlH,QAAQoH,WACxB,IAEI,OADAL,EAAGE,EAASjC,SAAUmC,EAASlC,UACxBkC,EAASnC,QACpB,CACE3E,EAAQgE,EAAchE,GACtB,MAAMqG,EAAS,IAAIlH,EAEnB,OADAuH,EAAG1G,EAAOqG,GACHA,CACT,CAWA,SAASW,EAAMhH,EAAO0G,GACpB,IAAIO,EACJ,MAAMC,EAAcxC,EAAc1E,GAAO,CAAC2E,EAAUC,KAClD,MAAMzB,EAASlD,EAAU0E,GACzBxB,EAAOgE,UAAY,KACjBhE,EAAO7C,cACPuE,EAAKF,EAAUC,GACRsC,GAETD,EAAcP,EAAGvD,EAAO,IAE1B,OAAO8D,CACT,CA4BA,SAAS5E,EAAMrC,GACb,GAAID,EAAcC,GAChB,OAAOA,EAAMqC,QAEf,GAAI3B,EAASV,GAAQ,CACnB,MAAMoH,EAxBV,SAAapH,GACX,GAAID,EAAcC,GAChB,MAAUgB,MAAM,qDAElB,GAAIN,EAASV,GAAQ,CACnB,MAAMoH,EAAOxD,EAAS5D,GAAOqH,MAE7B,OADAD,EAAK,GAAGnE,GAAkBmE,EAAK,GAAGnE,GAAkBjD,EAAMiD,GACnDmE,CACX,CACE,MAAO,CAAChF,EAAMpC,GAAQoC,EAAMpC,GAC9B,CAciBqH,CAAIrH,GAEjB,OADAsH,EAAUtH,EAAOoH,EAAK,IACfA,EAAK,EAChB,CACE,OAAOhF,EAAMpC,EACf,CAUA,SAASuH,EAAavH,GACpB,OAAID,EAAcC,GACTqC,EAAMrC,GAEXU,EAASV,GACJ,IAAIY,eAAe,CACxB,KAAAiD,CAAMC,GACJ,MAAMoD,EAAcxC,EAAc1E,GAAO+B,MAAO4C,EAAUC,KACxD,MAAMzB,EAASlD,EAAU0E,GACnBvE,EAASC,EAAUuE,GACzB,IAEE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,IAAM6B,EAAWpB,OAAU,CAAC,MAAMiB,GAAG,CAErC,kBADMvD,EAAOsC,OAE7B,CACc,IAAMoB,EAAWC,QAAQ/B,EAAO,CAAG,MAAM2B,GAAG,OACtCvD,EAAOoC,MAAMR,EACjC,CACW,CAAC,MAAM2B,GACNG,EAAWqC,MAAMxC,SACXvD,EAAOuC,MAAMgB,EAC/B,KAEQ2D,EAAUtH,EAAOkH,EACzB,IAGS9E,EAAMpC,EACf,CAQA,SAASsH,EAAUtH,EAAOqC,GAExB9C,OAAOiI,QAAQjI,OAAOkI,0BAA0BzH,EAAMX,YAAYK,YAAYgC,SAAQ,EAAEgG,EAAMC,MAC/E,gBAATD,IAGAC,EAAW3F,MACb2F,EAAW3F,MAAQ2F,EAAW3F,MAAMoB,KAAKf,GAEzCsF,EAAWC,IAAMD,EAAWC,IAAIxE,KAAKf,GAEvC9C,OAAOsI,eAAe7H,EAAO0H,EAAMC,GAAW,GAElD,CAOA,SAASvF,EAAMpC,EAAO8H,EAAM,EAAGC,EAAIC,KACjC,GAAIjI,EAAcC,GAChB,MAAUgB,MAAM,mBAElB,GAAIN,EAASV,GAAQ,CACnB,GAAI8H,GAAS,GAAKC,GAAO,EAAG,CAC1B,IAAIE,EAAY,EAChB,OAAO3C,EAAatF,EAAO,CACzB,SAAAqE,CAAUrC,EAAO8B,GACXmE,EAAYF,GACVE,EAAYjG,EAAMX,QAAUyG,GAC9BhE,EAAWC,QAAQ3B,EAAMJ,EAAOkG,KAAKC,IAAIL,EAAQG,EAAW,GAAIF,EAAME,IAExEA,GAAajG,EAAMX,QAEnByC,EAAWsE,WAEvB,GAEA,CACI,GAAIN,EAAQ,IAAMC,EAAM,GAAKA,IAAQC,KAAW,CAC9C,IAAIK,EAAY,GAChB,OAAOhE,EAAUrE,GAAOgC,IAClBA,EAAMX,SAAWyG,EAAOO,EAAY,CAACrG,GACpCqG,EAAU9F,KAAKP,EAAM,IACzB,IAAMI,EAAM6B,EAAOoE,GAAYP,EAAOC,IAC/C,CACI,GAAc,IAAVD,GAAeC,EAAM,EAAG,CAC1B,IAAIM,EACJ,OAAOhE,EAAUrE,GAAOgC,IACtB,MAAMiF,EAAcoB,EAAYpE,EAAO,CAACoE,EAAWrG,IAAUA,EAC7D,GAAIiF,EAAY5F,SAAW0G,EAEzB,OADAM,EAAYjG,EAAM6E,EAAac,GACxB3F,EAAM6E,EAAaa,EAAOC,GAEjCM,EAAYpB,CAAW,GAEjC,CAEI,OADAqB,QAAQC,KAAK,uBAAuBT,MAAUC,mCACvCS,GAAUzG,SAAYK,QAAYF,EAAUlC,GAAQ8H,EAAOC,IACtE,CAIE,OAHI/H,EAAMiD,KACRjD,EAAQiE,EAAOjE,EAAMiD,GAAgBgB,OAAO,CAACjE,MAE3CiB,EAAajB,GACRA,EAAMyI,SAASX,EAAOC,IAAQC,IAAWhI,EAAMqB,OAAS0G,GAE1D/H,EAAMoC,MAAM0F,EAAOC,EAC5B,CASAhG,eAAeG,EAAUlC,EAAOmC,EAAK8B,GACnC,OAAIlE,EAAcC,GACTA,EAAMkC,UAAUC,GAErBzB,EAASV,GACJC,EAAUD,GAAOkC,UAAUC,GAE7BnC,CACT,CASA+B,eAAewB,EAAOvD,EAAO4C,GAC3B,GAAIlC,EAASV,GAAQ,CACnB,GAAIA,EAAMuD,OAAQ,CAChB,MAAMwC,QAAkB/F,EAAMuD,OAAOX,GAGrC,aADM,IAAIjD,QAAQoH,YACXhB,CACb,CACI,GAAI/F,EAAM0I,QAGR,OAFA1I,EAAM0I,QAAQ9F,SACR,IAAIjD,QAAQoH,YACXnE,CAEb,CACA,CAOA,SAAS4F,EAAU9B,GACjB,MAAMiC,EAAc,IAAIxJ,EAUxB,MATA,WACE,MAAMiB,EAASC,EAAUsI,GACzB,UACQvI,EAAOoC,YAAYkE,WACnBtG,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,CACG,EARD,GASOgF,CACT,CAOA,SAAS1I,EAAUD,GACjB,OAAO,IAAIkD,EAAOlD,EACpB,CAOA,SAASK,EAAUL,GACjB,OAAO,IAAIG,EAAOH,EACpB,CDhfAkD,EAAOxD,UAAUoC,KAAOC,iBACtB,GAAItC,KAAKwD,IAAmBxD,KAAKwD,GAAgB5B,OAAQ,CAEvD,MAAO,CAAEY,MAAM,EAAOD,MADRvC,KAAKwD,GAAgB2F,QAEvC,CACE,OAAOnJ,KAAKqB,OACd,EAKAoC,EAAOxD,UAAUY,YAAc,WACzBb,KAAKwD,KACPxD,KAAKgB,OAAOwC,GAAkBxD,KAAKwD,IAErCxD,KAAK4D,cACP,EAKAH,EAAOxD,UAAU6D,OAAS,SAASX,GACjC,OAAOnD,KAAK6D,QAAQV,EACtB,EAOAM,EAAOxD,UAAUmJ,SAAW9G,iBAC1B,IACI+G,EADAC,EAAS,GAEb,MAAQD,GAAW,CACjB,IAAI7G,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OAEjC,GADAE,GAAS,GACLC,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAEF,MAAME,EAAejH,EAAMkH,QAAQ,MAAQ,EACvCD,IACFH,EAAYE,EAAeD,EAAO9E,OAAOjC,EAAMmH,OAAO,EAAGF,KACzDF,EAAS,IAEPE,IAAiBjH,EAAMX,QACzB0H,EAAOxG,KAAKP,EAAMmH,OAAOF,GAE/B,CAEE,OADAxJ,KAAK2J,WAAWL,GACTD,CACT,EAOA5F,EAAOxD,UAAU2J,SAAWtH,iBAC1B,MAAME,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,OACV,MAAMqH,EAAOtH,EAAM,GAEnB,OADAvC,KAAK2J,QAAQG,EAAcvH,EAAO,IAC3BsH,CACT,EAOApG,EAAOxD,UAAU8J,UAAYzH,eAAeV,GAC1C,MAAM0H,EAAS,GACf,IAAIU,EAAe,EAEnB,OAAa,CACX,MAAMxH,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EACF,OAAI8G,EAAO1H,OAAe2H,EAAeD,QACzC,EAIF,GAFAA,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBpI,EAAQ,CAC1B,MAAMqI,EAAeV,EAAeD,GAEpC,OADAtJ,KAAK2J,QAAQG,EAAcG,EAAcrI,IAClCkI,EAAcG,EAAc,EAAGrI,EAC5C,CACA,CACA,EAOA6B,EAAOxD,UAAUiK,UAAY5H,eAAeV,GAC1C,MAAMuI,QAAcnK,KAAK+J,UAAUnI,GAEnC,OADA5B,KAAK2J,QAAQQ,GACNA,CACT,EAOA1G,EAAOxD,UAAU0J,QAAU,YAAYS,GAChCpK,KAAKwD,KACRxD,KAAKwD,GAAkB,IAGL,IAAlB4G,EAAOxI,QAAgBJ,EAAa4I,EAAO,KAC3CpK,KAAKwD,GAAgB5B,QAAUwI,EAAO,GAAGxI,QACzC5B,KAAKwD,GAAgB,GAAG6G,YAAcD,EAAO,GAAGxI,OAEhD5B,KAAKwD,GAAgB,GAAK,IAAI/B,WAC5BzB,KAAKwD,GAAgB,GAAG8F,OACxBtJ,KAAKwD,GAAgB,GAAG6G,WAAaD,EAAO,GAAGxI,OAC/C5B,KAAKwD,GAAgB,GAAG8G,WAAaF,EAAO,GAAGxI,QAInD5B,KAAKwD,GAAgBmG,WAAWS,EAAOG,QAAOhI,GAASA,GAASA,EAAMX,SACxE,EAQA6B,EAAOxD,UAAUwC,UAAYH,eAAeI,EAAK6G,GAC/C,MAAMxH,EAAS,GAEf,OAAa,CACX,MAAMS,KAAEA,EAAID,MAAEA,SAAgBvC,KAAKqC,OACnC,GAAIG,EAAM,MACVT,EAAOe,KAAKP,EAChB,CACE,OAAOG,EAAKX,EACd,EExMA,MAAMyI,EAAUlL,OAAO,WAEvB,IAAemL,EAAA,CAObC,MAAO,CAELC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,SAA0B,WAE1BC,KAA0B,WAG1BC,UAA0B,YAG1BC,cAA0B,gBAE1BC,QAA0B,gBAG1BC,iBAA0B,mBAE1BC,WAA0B,mBAG1BC,gBAAyB,kBAGzBC,gBAAyB,kBAGzBC,gBAAyB,mBAO3BC,IAAK,CACHC,OAAQ,EACRC,OAAQ,EACRC,SAAU,EACVC,OAAQ,EACRC,IAAK,KAOPC,UAAW,CAETC,eAAgB,EAEhBC,WAAY,EAEZC,QAAS,EAETC,QAAS,GAETC,IAAK,GAELC,KAAM,GAENC,MAAO,GAGPC,YAAa,GAEbC,KAAM,GAENC,MAAO,GAEPC,OAAQ,GAERC,KAAM,GAENxB,QAAS,GAETyB,MAAO,IAOTC,UAAW,CAETC,KAAM,EACNC,UAAW,EACXC,MAAO,EACPC,SAAU,EACVC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,QAAS,IAOXC,YAAa,CACXC,aAAc,EAEdC,IAAK,EAELC,KAAM,EACNC,MAAO,GAOTC,KAAM,CACJC,IAAK,EACLC,KAAM,EACNC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,EACRC,OAAQ,GACRC,OAAQ,GACRC,SAAU,GACVC,SAAU,IAOZC,QAAS,CACP,QAAS,EACT,UAAW,EACX,UAAW,EACX,UAAW,IAObC,KAAM,CACJC,IAAK,EACLC,IAAK,EACLC,IAAK,EACLC,gBAAiB,KAOnBC,OAAQ,CACNC,6BAA8B,EAC9BC,UAAW,EACXC,uBAAwB,EACxBC,iBAAkB,EAClBC,UAAW,EACXjD,UAAW,EACXkD,aAAc,EACdC,eAAgB,EAChBC,2BAA4B,EAC5BC,OAAQ,GACRC,YAAa,GACbC,MAAO,GACPC,OAAQ,GACRC,aAAc,GACdC,cAAe,GACfC,mCAAoC,GACpCC,0BAA2B,GAC3BC,kBAAmB,GACnBC,QAAS,IAOXC,QAAS,CAEPC,OAAQ,GAERC,KAAM,IAENC,KAAM,IAENC,KAAM,KAQRrB,UAAW,CAETkB,OAAQ,EAIRC,KAAM,EAONG,WAAY,EAMZC,YAAa,GAKbC,YAAa,GAKbC,WAAY,GASZC,aAAc,GAUdC,eAAgB,GAUhBC,cAAe,GAefC,WAAY,GAUZC,IAAK,GAOLC,cAAe,GAWfC,iBAAkB,GAIlBC,UAAW,GAUXC,WAAY,IAOdC,mBAAoB,CAClBC,sBAAuB,EACvBC,wBAAyB,EACzBC,wBAAyB,EACzBC,eAAgB,EAChBC,kBAAmB,EACnBC,UAAW,EACXC,kBAAmB,EACnBC,kCAAmC,GACnCC,6BAA8B,GAC9BC,cAAe,GACfC,YAAa,GACbC,aAAc,GACdC,wBAAyB,GACzBC,+BAAgC,GAChCC,qBAAsB,GACtBC,mBAAoB,GACpBC,cAAe,GACfC,UAAW,GACXC,SAAU,GACVC,cAAe,GACfC,oBAAqB,GACrBC,SAAU,GACVC,gBAAiB,GACjBC,kBAAmB,GACnBC,kBAAmB,GACnBC,wBAAyB,GACzBC,sBAAuB,IAOzBR,SAAU,CAERS,YAAa,EAEbC,SAAU,EAEVC,qBAAsB,EAEtBC,eAAgB,EAGhBC,gBAAiB,GAEjBC,eAAgB,GAGhBC,iBAAkB,KAOpBC,MAAO,CACLC,iBAAkB,EAClBC,cAAe,EACfC,OAAQ,EACRC,QAAS,EACTxH,UAAW,EACXyH,WAAY,EACZ3E,UAAW,GAObwD,oBAAqB,CAEnBoB,SAAU,EAEVC,cAAe,EAEfC,eAAgB,EAEhBC,WAAY,EAEZC,cAAe,IAOjBvB,SAAU,CAERwB,sBAAuB,EAGvBxF,KAAM,EAGNyF,OAAQ,EACRC,QAAS,GAUXjR,MAAO,SAASkR,EAAM/P,GAKpB,GAJiB,iBAANA,IACTA,EAAIlE,KAAKqC,KAAK4R,EAAM/P,SAGN9B,IAAZ6R,EAAK/P,GACP,OAAO+P,EAAK/P,GAGd,MAAU3C,MAAM,sBACjB,EASDc,KAAM,SAAS4R,EAAM/P,GAQnB,GAPK+P,EAAKzJ,KACRyJ,EAAKzJ,GAAW,GAChB1K,OAAOiI,QAAQkM,GAAMhS,SAAQ,EAAE0O,EAAKpO,MAClC0R,EAAKzJ,GAASjI,GAASoO,CAAG,UAILvO,IAArB6R,EAAKzJ,GAAStG,GAChB,OAAO+P,EAAKzJ,GAAStG,GAGvB,MAAU3C,MAAM,sBACpB,GCnce2S,EAAA,CAKbC,uBAAwB1J,EAAMkD,KAAKM,OAKnCmG,4BAA6B3J,EAAMoC,UAAUO,OAK7CiH,8BAA+B5J,EAAM6C,YAAYC,aAajD+G,aAAa,EAQbC,kCAAkC,EAOlCC,uBAAwB/J,EAAM6D,KAAKG,IAQnCgG,kBAAmB,GAQnBC,QAAQ,EAQRC,yBAAyB,EASzBC,QAASnK,EAAMgB,IAAIG,SASnBiJ,sBAAuB,IAcvBC,gBAAiB,CACfC,OAAQ,EACRC,YAAa,EACbC,eAAgB,IAUlBC,8BAA8B,EAe9BC,4BAA4B,EAO5BC,WAAY,KAOZC,wBAAwB,EAQxBC,wCAAwC,EASxCC,8CAA8C,EAQ9CC,sBAAsB,EAUtBC,6BAA6B,EAQ7BC,wDAAyD,IAAIC,IAAI,CAAClL,EAAMoC,UAAUK,OAAQzC,EAAMoC,UAAUM,OAAQ1C,EAAMoC,UAAUO,SAKlIwI,0BAA0B,EAK1BC,wBAAwB,EAQxBC,yBAA0B,GAK1BC,aAAa,EAKbC,aAAa,EAKbC,cAAe,mBAKfC,cAAe,wBAOfC,gBAAiB,KAOjBC,eAAgB,GAQhBC,uCAAuC,EAOvCC,qBAAqB,EAMrBC,qBAAsB,IAAIZ,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,SAM1D0I,4BAA6B,IAAIb,IAAI,CAAClL,EAAMkD,KAAKC,IAAKnD,EAAMkD,KAAKG,OAAQrD,EAAMkD,KAAKE,OAMpF4I,0BAA2B,IAAId,IAAI,CAAClL,EAAMsB,UAAUI,QAAS1B,EAAMsB,UAAUK,MAM7EsK,aAAc,IAAIf,IAAI,CAAClL,EAAMC,MAAMO,aCjRrC,MAIM0L,EAAY,MAChB,IACE,MAAgC,gBAAzBvT,QAAQwT,IAAIC,QACpB,CAAC,MAAO3S,GAAG,CACZ,OAAO,CACR,EALiB,GAOZ4S,EAAO,CACXC,SAAU,SAASlQ,GACjB,MAAuB,iBAATA,GAAqBA,aAAgBmQ,MACpD,EAEDC,YAhBF,OAkBExW,QAAS,SAASoG,GAChB,OAAOA,aAAgBlH,KACxB,EAED6B,aAAc0V,EAEdjW,SAAUkW,EASVC,cAAe9U,MAAO+U,EAAeC,KACnC,IAAKC,EAAcjB,oBACjB,MAAU/U,MAAM,gEAGlB,MAAMiW,YAAEA,SAAsBtX,QAAmDC,UAAA0C,MAAA,WAAA,OAAA4U,EAAA,IACjF,OAAQJ,GACN,KAAK5M,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUO,MAAO,CAC1B,MAAM5B,EAAQ8M,EAAYrP,IAAImP,GAC9B,IAAK5M,EAAO,MAAUnJ,MAAM,qBAC5B,OAAOmJ,CACf,CACM,KAAKD,EAAMsB,UAAUY,KACnB,OAAO6K,EAAYrP,IAAI,QACzB,KAAKsC,EAAMsB,UAAUa,MACnB,OAAO4K,EAAYrP,IAAI,SACzB,QACE,MAAU5G,MAAM,qBACxB,EAGEmW,WAAY,SAAUvN,GACpB,IAAIwN,EAAI,EACR,IAAK,IAAI7V,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAChC6V,GAAM,KAAO7V,EAAKqI,EAAMA,EAAMvI,OAAS,EAAIE,GAE7C,OAAO6V,CACR,EAEDC,YAAa,SAAUD,EAAGxN,GACxB,MAAM0N,EAAI,IAAIpW,WAAW0I,GACzB,IAAK,IAAIrI,EAAI,EAAGA,EAAIqI,EAAOrI,IACzB+V,EAAE/V,GAAM6V,GAAM,GAAKxN,EAAQrI,EAAI,GAAO,IAGxC,OAAO+V,CACR,EAEDC,SAAU,SAAU3N,GAClB,MAAMwN,EAAIb,EAAKY,WAAWvN,GAE1B,OADU,IAAI4N,KAAS,IAAJJ,EAEpB,EAEDK,UAAW,SAAUC,GACnB,MAAMC,EAAUzP,KAAK0P,MAAMF,EAAKG,UAAY,KAE5C,OAAOtB,EAAKc,YAAYM,EAAS,EAClC,EAEDG,cAAe,SAAUJ,EAAOF,KAAKO,OACnC,OAAgB,OAATL,GAAiBA,IAAS1P,IAAW0P,EAAO,IAAIF,KAAgC,IAA3BtP,KAAK0P,OAAOF,EAAO,KAChF,EAODM,QAAS,SAAUpO,GACjB,MACMqO,GADQrO,EAAM,IAAM,EAAKA,EAAM,IACb,IAAO,EAM/B,OAAO2M,EAAK2B,kBAAkBtO,EAAO,EAAG,EAAIqO,EAC7C,EASDC,kBAAmB,SAAUlY,EAAO6D,EAAOkE,GACzC,GAAI/H,EAAMqB,OAAU0G,EAAMlE,EACxB,MAAU7C,MAAM,yBAElB,OAAOhB,EAAMyI,SAAS5E,EAAOkE,EAC9B,EAQD,OAAAoQ,CAAQvO,EAAOvI,GACb,GAAIuI,EAAMvI,OAASA,EACjB,MAAUL,MAAM,wBAElB,MAAMoX,EAAS,IAAIlX,WAAWG,GACxBgX,EAAShX,EAASuI,EAAMvI,OAE9B,OADA+W,EAAOxW,IAAIgI,EAAOyO,GACXD,CACR,EAODE,gBAAiB,SAAUC,GACzB,MAAMC,EAAUjC,EAAKkC,oBAAoBF,GACzC,GAAgB,IAAZC,EACF,MAAUxX,MAAM,YAElB,MAAM0X,EAAWH,EAAI9P,SAAS8P,EAAIlX,OAAS6G,KAAKyQ,KAAKH,EAAU,IACzDI,EAAS,IAAI1X,WAAW,EAAY,MAAVsX,IAAqB,EAAa,IAAVA,IACxD,OAAOjC,EAAKpV,iBAAiB,CAACyX,EAAQF,GACvC,EAODD,oBAAqB,SAAUF,GAC7B,IAAIhX,EACJ,IAAKA,EAAI,EAAGA,EAAIgX,EAAIlX,QAA4B,IAAXkX,EAAIhX,GAAbA,KAC5B,GAAIA,IAAMgX,EAAIlX,OACZ,OAAO,EAET,MAAMqX,EAAWH,EAAI9P,SAASlH,GAC9B,OAA+B,GAAvBmX,EAASrX,OAAS,GAASkV,EAAKsC,MAAMH,EAAS,GACxD,EAODI,gBAAiB,SAAUC,GACzB,MAAMvX,EAAS,IAAIN,WAAW6X,EAAI1X,QAAU,GAC5C,IAAK,IAAI2X,EAAI,EAAGA,EAAID,EAAI1X,QAAU,EAAG2X,IACnCxX,EAAOwX,GAAKC,SAASF,EAAI5P,OAAO6P,GAAK,EAAG,GAAI,IAE9C,OAAOxX,CACR,EAOD0X,gBAAiB,SAAUtP,GACzB,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAER,OADAxP,EAAMlI,SAAQ2X,IAAOD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAC5DD,CACR,EAODE,mBAAoB,SAAUC,GAC5B,OAAOC,EAAiBD,GAAKA,IAC3B,IAAKhD,EAAKC,SAAS+C,GACjB,MAAUvY,MAAM,4DAGlB,MAAMQ,EAAS,IAAIN,WAAWqY,EAAIlY,QAClC,IAAK,IAAIE,EAAI,EAAGA,EAAIgY,EAAIlY,OAAQE,IAC9BC,EAAOD,GAAKgY,EAAIE,WAAWlY,GAE7B,OAAOC,CAAM,GAEhB,EAODkY,mBAAoB,SAAU9P,GAE5B,MAAMpI,EAAS,GACTmY,EAAK,MACLC,GAHNhQ,EAAQ,IAAI1I,WAAW0I,IAGPvI,OAEhB,IAAK,IAAIE,EAAI,EAAGA,EAAIqY,EAAGrY,GAAKoY,EAC1BnY,EAAOe,KAAKkU,OAAOoD,aAAaC,MAAMrD,OAAQ7M,EAAMnB,SAASlH,EAAGA,EAAIoY,EAAKC,EAAIrY,EAAIoY,EAAKC,KAExF,OAAOpY,EAAOW,KAAK,GACpB,EAOD4X,WAAY,SAAUR,GACpB,MAAMS,EAAU,IAAIC,YAAY,SAEhC,SAASpX,EAAQb,EAAOkY,GAAY,GAClC,OAAOF,EAAQG,OAAOnY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiBD,EAAK1W,GAAS,IAAMA,EAAQ,IAAI,IACzD,EAODuX,WAAY,SAAU1K,GACpB,MAAM2K,EAAU,IAAIC,YAAY,SAEhC,SAASzX,EAAQb,EAAOkY,GAAY,GAClC,OAAOG,EAAQE,OAAOvY,EAAO,CAAEvB,QAASyZ,GAC9C,CACI,OAAOV,EAAiB9J,EAAM7M,GAAS,IAAMA,EAAQ,IAAI3B,YAAc,IACxE,EAQD+C,OAAQuW,EAORrZ,iBAAkBsZ,EAQlBC,iBAAkB,SAAUC,EAAQC,GAClC,IAAKrE,EAAKtV,aAAa0Z,KAAYpE,EAAKtV,aAAa2Z,GACnD,MAAU5Z,MAAM,4CAGlB,GAAI2Z,EAAOtZ,SAAWuZ,EAAOvZ,OAC3B,OAAO,EAGT,IAAK,IAAIE,EAAI,EAAGA,EAAIoZ,EAAOtZ,OAAQE,IACjC,GAAIoZ,EAAOpZ,KAAOqZ,EAAOrZ,GACvB,OAAO,EAGX,OAAO,CACR,EAQDsZ,cAAe,SAAUpL,GACvB,IAAI2J,EAAI,EACR,IAAK,IAAI7X,EAAI,EAAGA,EAAIkO,EAAKpO,OAAQE,IAC/B6X,EAAKA,EAAI3J,EAAKlO,GAAM,MAEtB,OAAOgV,EAAKc,YAAY+B,EAAG,EAC5B,EAOD0B,WAAY,SAAUvB,GAChBnD,GACF9N,QAAQyS,IAAI,qBAAsBxB,EAErC,EAODyB,gBAAiB,SAAU7U,GACrBiQ,GACF9N,QAAQnC,MAAM,qBAAsBA,EAEvC,EAGD0S,MAAO,SAAUoC,GACf,IAAIC,EAAI,EACJC,EAAIF,IAAM,GAyBd,OAxBU,IAANE,IACFF,EAAIE,EACJD,GAAK,IAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEPC,EAAIF,GAAK,EACC,IAANE,IACFF,EAAIE,EACJD,GAAK,GAEAA,CACR,EAWDE,OAAQ,SAAS9U,GACf,MAAM+U,EAAY,IAAIna,WAAWoF,EAAKjF,QAChCia,EAAOhV,EAAKjF,OAAS,EAC3B,IAAK,IAAIE,EAAI,EAAGA,EAAI+Z,EAAM/Z,IACxB8Z,EAAU9Z,GAAM+E,EAAK/E,IAAM,EAAM+E,EAAK/E,EAAI,IAAM,EAGlD,OADA8Z,EAAUC,GAAShV,EAAKgV,IAAS,EAAuB,KAAhBhV,EAAK,IAAM,GAC5C+U,CACR,EASDE,WAAY,SAAUC,EAAOC,GAC3B,GAAIA,EACF,IAAK,IAAIla,EAAIia,EAAMna,OAAS,EAAGE,GAAK,EAAGA,IACrCia,EAAMja,KAAOka,EACTla,EAAI,IACNia,EAAMja,IAAOia,EAAMja,EAAI,IAAO,EAAIka,GAIxC,OAAOD,CACR,EAODE,aAAc,WACZ,MAEMC,OAFwC,IAAfhb,GAA8BA,EAAWib,QAAUjb,EAAWib,OAAOC,QAE/Dpc,KAAKqc,iBAAiBC,UAAUF,OACrE,IAAKF,EACH,MAAU3a,MAAM,sCAElB,OAAO2a,CACR,EAMDG,cAAe,WACb,OAAOrc,KAAKiX,YAAY,SACzB,EAEDsF,YAAa,WACX,OAAOvc,KAAKiX,YAAY,OACzB,EAODuF,cAAe,WACb,OAAQxc,KAAKiX,YAAY,WAAa,CAAE,GAAEwF,MAC3C,EAEDC,uBAAwB,WACtB,GAAyB,oBAAdC,UACT,OAAOA,UAAUC,qBAAuB,EAI1C,OADW5c,KAAKiX,YAAY,MAClB4F,OAAOjb,MAClB,EAWDkb,eAAgB,SAASjW,GACvB,IAAKiQ,EAAKC,SAASlQ,GACjB,OAAO,EAGT,MADW,+DACDkW,KAAKlW,EAChB,EAMDmW,gBAAiB,SAASnW,GAGxB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAY5B,IAAI+S,EAXAD,IACF9S,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,KAN9C,KASLA,EAAMA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,MAAME,EAAU,GAChB,IAAK,IAAIrb,EAAI,EACXob,EAAQ/S,EAAMV,QAlBP,GAkBmB3H,GAAK,EAC3Bob,EAFYpb,EAAIob,EAlBb,KAqBD/S,EAAM+S,EAAQ,IAAWC,EAAQra,KAAKoa,GAK9C,IAAKC,EAAQvb,OACX,OAAOuI,EAGT,MAAMiT,EAAa,IAAI3b,WAAW0I,EAAMvI,OAASub,EAAQvb,QACzD,IAAIuY,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,EAAIqb,EAAQvb,OAAQE,IAAK,CACvC,MAAMub,EAAMlT,EAAMnB,SAASmU,EAAQrb,EAAI,IAAM,EAAGqb,EAAQrb,IACxDsb,EAAWjb,IAAIkb,EAAKlD,GACpBA,GAAKkD,EAAIzb,OACTwb,EAAWjD,EAAI,GApCR,GAqCPiD,EAAWjD,GApCJ,GAqCPA,GACR,CAEM,OADAiD,EAAWjb,IAAIgI,EAAMnB,SAASmU,EAAQA,EAAQvb,OAAS,IAAM,GAAIuY,GAC1DiD,CAAU,IAChB,IAAOH,EAAc,IAAIxb,WAAW,CA1C5B,UA0CoCW,GAChD,EAMDkb,UAAW,SAASzW,GAGlB,IAAIoW,GAAc,EAElB,OAAOlD,EAAiBlT,GAAMsD,IAc5B,IAAI+S,EAlBK,MAMP/S,EADE8S,GAJK,KAIU9S,EAAM,GACf2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CANvC,KAM8C0I,IAE7C,IAAI1I,WAAW0I,IAGfA,EAAMvI,OAAS,IACvBqb,GAAc,EACd9S,EAAQA,EAAMnB,SAAS,GAAI,IAE3BiU,GAAc,EAIhB,IAAI9C,EAAI,EACR,IAAK,IAAIrY,EAAI,EAAGA,IAAMqI,EAAMvI,OAAQE,EAAIob,EAAO,CAC7CA,EAAQ/S,EAAMV,QArBP,GAqBmB3H,GAAK,EAC1Bob,IAAOA,EAAQ/S,EAAMvI,QAC1B,MAAMia,EAAOqB,GAtBN,KAsBe/S,EAAM+S,GAAgB,EAAI,GAC5Cpb,GAAGqI,EAAMoT,WAAWpD,EAAGrY,EAAG+Z,GAC9B1B,GAAK0B,EAAO/Z,CACpB,CACM,OAAOqI,EAAMnB,SAAS,EAAGmR,EAAE,IAC1B,IAAO8C,EAAc,IAAIxb,WAAW,CA5B5B,UA4BoCW,GAChD,EAKDob,qBAAsB,SAASxN,GAC7B,OAAOA,EAAKyN,MAAM,MAAM9Y,KAAI+Y,IAC1B,IAAI5b,EAAI4b,EAAK9b,OAAS,EACtB,KAAOE,GAAK,IAAkB,MAAZ4b,EAAK5b,IAA0B,OAAZ4b,EAAK5b,IAA2B,OAAZ4b,EAAK5b,IAAcA,KAC5E,OAAO4b,EAAKhU,OAAO,EAAG5H,EAAI,EAAE,IAC3BY,KAAK,KACT,EAEDib,UAAW,SAASpK,EAAS7M,GAC3B,IAAKA,EACH,OAAWnF,MAAMgS,GAInB,IACE7M,EAAM6M,QAAUA,EAAU,KAAO7M,EAAM6M,OACxC,CAAC,MAAOrP,GAAG,CAEZ,OAAOwC,CACR,EAQDkX,wBAAyB,SAASC,GAChC,MAAMlZ,EAAM,CAAE,EAOd,OANAkZ,EAAe5b,SAAQ6b,IACrB,IAAKA,EAAYC,IACf,MAAUxc,MAAM,0CAElBoD,EAAImZ,EAAYC,KAAOD,CAAW,IAE7BnZ,CACR,EAUDqZ,WAAY,SAASC,GAEnB,OAAO,IAAI/d,SAAQoC,MAAOnC,EAASC,KACjC,IAAI8d,QACEhe,QAAQ4E,IAAImZ,EAAStZ,KAAIrC,UAC7B,IACEnC,QAAcge,EACf,CAAC,MAAOja,GACPga,EAAYha,CACtB,MAEM9D,EAAO8d,EAAU,GAEpB,EASDE,iBAAkB,SAASC,EAAMC,EAAGzG,GAClC,MAAMjW,EAAS6G,KAAKC,IAAI4V,EAAE1c,OAAQiW,EAAEjW,QAC9BG,EAAS,IAAIN,WAAWG,GAC9B,IAAI0G,EAAM,EACV,IAAK,IAAIxG,EAAI,EAAGA,EAAIC,EAAOH,OAAQE,IACjCC,EAAOD,GAAMwc,EAAExc,GAAM,IAAMuc,EAAUxG,EAAE/V,GAAM,IAAMuc,EACnD/V,GAAQ+V,EAAOvc,EAAIwc,EAAE1c,OAAY,EAAIyc,EAAQvc,EAAI+V,EAAEjW,OAErD,OAAOG,EAAOiH,SAAS,EAAGV,EAC3B,EASDiW,YAAa,SAASF,EAAMC,EAAGzG,GAC7B,OAAQyG,EAAK,IAAMD,EAAUxG,EAAK,IAAMwG,CACzC,EAIDG,MAAO,SAASC,GACd,OAAOA,IAAehU,EAAMoC,UAAUK,QAAUuR,IAAehU,EAAMoC,UAAUM,QAAUsR,IAAehU,EAAMoC,UAAUO,MAC5H,GCtoBMqP,EAAS3F,EAAK0F,gBAEpB,IAAIkC,EACAC,EAkBG,SAASjE,EAAO7T,GACrB,IAAI+X,EAAM,IAAInd,WACd,OAAOsY,EAAiBlT,GAAMtE,IAC5Bqc,EAAM9H,EAAKpV,iBAAiB,CAACkd,EAAKrc,IAClC,MAAMkZ,EAAI,GAEJoD,EAAQpW,KAAK0P,MAAMyG,EAAIhd,OADR,IAEfuI,EAFe,GAEP0U,EACRC,EAAUJ,EAAYE,EAAI5V,SAAS,EAAGmB,IAC5C,IAAK,IAAIrI,EAAI,EAAGA,EAAI+c,EAAO/c,IACzB2Z,EAAE3Y,KAAKgc,EAAQpV,OAAW,GAAJ5H,EAAQ,KAC9B2Z,EAAE3Y,KAAK,MAGT,OADA8b,EAAMA,EAAI5V,SAASmB,GACZsR,EAAE/Y,KAAK,GAAG,IAChB,IAAOkc,EAAIhd,OAAS8c,EAAYE,GAAO,KAAO,IACnD,CAQO,SAAS9D,EAAOjU,GACrB,IAAI+X,EAAM,GACV,OAAO7E,EAAiBlT,GAAMtE,IAC5Bqc,GAAOrc,EAGP,IAAIwc,EAAS,EACb,MAAMC,EAAa,CAAC,IAAK,KAAM,KAAM,MACrC,IAAK,IAAIld,EAAI,EAAGA,EAAIkd,EAAWpd,OAAQE,IAAK,CAC1C,MAAMmd,EAAYD,EAAWld,GAC7B,IAAK,IAAIE,EAAM4c,EAAInV,QAAQwV,IAAqB,IAATjd,EAAYA,EAAM4c,EAAInV,QAAQwV,EAAWjd,EAAM,GACpF+c,GAER,CAII,IAAInd,EAASgd,EAAIhd,OACjB,KAAOA,EAAS,IAAMA,EAASmd,GAAU,GAAM,EAAGnd,IAC5Cod,EAAWE,SAASN,EAAIhd,KAAUmd,IAGxC,MAAMI,EAAUR,EAAYC,EAAIlV,OAAO,EAAG9H,IAE1C,OADAgd,EAAMA,EAAIlV,OAAO9H,GACVud,CAAO,IACb,IAAMR,EAAYC,IACvB,CASO,SAASQ,EAAgBC,GAC9B,OAAOvE,EAAOuE,EAAOC,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACxD,CAQO,SAASC,EAAgBpV,EAAOqV,GACrC,IAAIV,EAAUpE,EAAOvQ,GAAOmV,QAAQ,UAAW,IAI/C,OAFER,EAAUA,EAAQQ,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,KAAKA,QAAQ,OAAQ,IAEvER,CACT,CCjFA,SAASW,EAAQzP,GACf,MAEM0P,EAAS1P,EAAK2P,MAFH,yIAIjB,IAAKD,EACH,MAAUne,MAAM,4BAMlB,MAAI,yBAAyBwb,KAAK2C,EAAO,IAChCjV,EAAM0I,MAAMC,iBAMjB,oBAAoB2J,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAME,cAGjB,iBAAiB0J,KAAK2C,EAAO,IACxBjV,EAAM0I,MAAMG,OAIjB,UAAUyJ,KAAK2C,EAAO,IACjBjV,EAAM0I,MAAMI,QAIjB,mBAAmBwJ,KAAK2C,EAAO,IAC1BjV,EAAM0I,MAAMpH,UAIjB,oBAAoBgR,KAAK2C,EAAO,IAC3BjV,EAAM0I,MAAMK,WAMjB,YAAYuJ,KAAK2C,EAAO,IACnBjV,EAAM0I,MAAMtE,eADrB,CAGF,CAWA,SAAS+Q,EAAUC,EAAe3L,GAChC,IAAInS,EAAS,GAWb,OAVImS,EAAO6B,cACThU,GAAU,YAAcmS,EAAO+B,cAAgB,MAE7C/B,EAAO8B,cACTjU,GAAU,YAAcmS,EAAOgC,cAAgB,MAE7C2J,IACF9d,GAAU,YAAc8d,EAAgB,MAE1C9d,GAAU,KACHA,CACT,CAQA,SAAS+d,EAAYjZ,GACnB,MAAMkZ,EA+CR,SAAqBxf,GACnB,IAAIwf,EAAM,SACV,OAAOhG,EAAiBxZ,GAAOgC,IAC7B,MAAMyd,EAAQC,EAAiBxX,KAAK0P,MAAM5V,EAAMX,OAAS,GAAK,EACxDse,EAAQ,IAAIC,YAAY5d,EAAM+G,OAAQ/G,EAAM8H,WAAY2V,GAC9D,IAAK,IAAIle,EAAI,EAAGA,EAAIke,EAAOle,IACzBie,GAAOG,EAAMpe,GACbie,EACEK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,GAAM,KAC3BK,EAAU,GAAIL,GAAO,EAAK,KAC1BK,EAAU,GAAgB,IAAZL,GAElB,IAAK,IAAIje,EAAY,EAARke,EAAWle,EAAIS,EAAMX,OAAQE,IACxCie,EAAOA,GAAO,EAAKK,EAAU,GAAU,IAANL,EAAcxd,EAAMT,GAC3D,IACK,IAAM,IAAIL,WAAW,CAACse,EAAKA,GAAO,EAAGA,GAAO,MACjD,CAhEcM,CAAYxZ,GACxB,OAAOyZ,EAAcP,EACvB,CD9FItD,GACFiC,EAAcE,GAAOnC,EAAO8D,KAAK3B,GAAK4B,SAAS,UAC/C7B,EAAc7E,IACZ,MAAMjC,EAAI4E,EAAO8D,KAAKzG,EAAK,UAC3B,OAAO,IAAIrY,WAAWoW,EAAEvO,OAAQuO,EAAExN,WAAYwN,EAAEvN,WAAW,IAG7DoU,EAAcE,GAAO6B,KAAK3J,EAAKmD,mBAAmB2E,IAClDD,EAAc7E,GAAOhD,EAAK+C,mBAAmB6G,KAAK5G,KC0FpD,MAAMsG,EAAY,CACZzgB,MAAM,KACNA,MAAM,KACNA,MAAM,KACNA,MAAM,MAGZ,IAAK,IAAImC,EAAI,EAAGA,GAAK,IAAMA,IAAK,CAC9B,IAAIie,EAAMje,GAAK,GACf,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACrB4F,EAAOA,GAAO,GAAa,QAANA,EAAwB,QAAW,GAE1DK,EAAU,GAAGte,IACH,SAANie,IAAmB,GACd,MAANA,GACO,IAANA,IAAmB,EACzB,CACA,IAAK,IAAIje,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAEvE,IAAK,IAAIA,EAAI,EAAGA,GAAK,IAAMA,IACzBse,EAAU,GAAGte,GAAMse,EAAU,GAAGte,IAAM,EAAKse,EAAU,GAAqB,IAAlBA,EAAU,GAAGte,IAIvE,MAAMme,EAAkB,WACtB,MAAM3W,EAAS,IAAIqX,YAAY,GAG/B,OAFA,IAAIC,SAAStX,GAAQuX,SAAS,EAAG,KAAM,GAEF,MAA9B,IAAIC,WAAWxX,GAAQ,EAChC,IAmCA,SAASyX,EAAcC,GACrB,IAAK,IAAIlf,EAAI,EAAGA,EAAIkf,EAAQpf,OAAQE,IAC7B,mCAAmCib,KAAKiE,EAAQlf,KACnDgV,EAAKyE,gBAAoBha,MAAM,sCAAwCyf,EAAQlf,KAE5E,iDAAiDib,KAAKiE,EAAQlf,KACjEgV,EAAKyE,gBAAoBha,MAAM,mBAAqByf,EAAQlf,IAGlE,CAQA,SAASmf,EAAejR,GACtB,IAAIkR,EAAOlR,EAEX,MAAMmR,EAAanR,EAAKoR,YAAY,KAMpC,OAJID,GAAc,GAAKA,IAAenR,EAAKpO,OAAS,IAClDsf,EAAOlR,EAAKrN,MAAM,EAAGwe,IAGhBD,CACT,CAWO,SAASG,EAAQ9gB,GAEtB,OAAO,IAAIL,SAAQoC,MAAOnC,EAASC,KACjC,IACE,MAAMkhB,EAAU,qBACVC,EAAc,oDAEpB,IAAItN,EACJ,MAAM+M,EAAU,GAChB,IACIQ,EAEAC,EAHAC,EAAcV,EAEdhR,EAAO,GAEX,MAAMnJ,EAAO8a,EAAcC,EAAqBrhB,GAAO+B,MAAO4C,EAAUC,KACtE,MAAMzB,EAASme,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAIwY,QAAaha,EAAO0F,WACxB,QAAahH,IAATsb,EACF,MAAUnc,MAAM,0BAIlB,GADAmc,EAAO5G,EAAK0G,qBAAqBE,EAAK4B,QAAQ,UAAW,KACpDrL,EAIE,GAAKuN,EAcAC,GAAYxN,IAASxJ,EAAM0I,MAAMG,SACtCgO,EAAQvE,KAAKW,IAIhB1N,EAAOA,EAAKtN,KAAK,QACjB+e,GAAW,EACXV,EAAcW,GACdA,EAAc,GACdF,GAAc,GANdxR,EAAKlN,KAAK4a,EAAK4B,QAAQ,MAAO,WAbhC,GAHIgC,EAAQvE,KAAKW,IACftd,EAAWmB,MAAM,sEAEdggB,EAAYxE,KAAKW,IAKpB,GAFAqD,EAAcW,GACdF,GAAc,EACVC,GAAYxN,IAASxJ,EAAM0I,MAAMG,OAAQ,CAC3CnT,EAAQ,CAAE6P,OAAMnJ,OAAMma,UAAS/M,SAC/B,KAClB,OAPgByN,EAAY5e,KAAK4a,QARf4D,EAAQvE,KAAKW,KACfzJ,EAAOwL,EAAQ/B,GA4B/B,CACS,CAAC,MAAOxZ,GAEP,YADA9D,EAAO8D,EAEjB,CACQ,MAAMvD,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MACb,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EACF,MAAUjB,MAAM,0BAElB,MAAMmc,EAAOnb,EAAQ,GACrB,IAA2B,IAAvBmb,EAAKjU,QAAQ,OAAsC,IAAvBiU,EAAKjU,QAAQ,KAEtC,CACL,IAAI/B,QAAkBhE,EAAOjB,YACxBiF,EAAU9F,SAAQ8F,EAAY,IACnCA,EAAYgW,EAAOhW,EACnBA,EAAYoP,EAAK0G,qBAAqB9V,EAAU4X,QAAQ,MAAO,KAC/D,MAAMyC,EAAQra,EAAU+V,MAAM6D,GAC9B,GAAqB,IAAjBS,EAAMngB,OACR,MAAUL,MAAM,0BAElB,MAAM2f,EAAOD,EAAec,EAAM,GAAGpf,MAAM,GAAI,UACzChC,EAAOoC,MAAMme,GACnB,KACd,OAboBvgB,EAAOoC,MAAM2a,EAcjC,OACgB/c,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC7B,KAEK,CAAC,MAAOA,GACP9D,EAAO8D,EACb,KACKrB,MAAKP,UACF0f,EAAqBjgB,EAAO8E,QAC9B9E,EAAO8E,WAAaob,EAAiBlgB,EAAO8E,OAEvC9E,IAEX,CAgBO,SAASoR,EAAM+O,EAAahB,EAAMiB,EAAWC,EAAWvC,EAAewC,GAAe,EAAOnO,EAASqD,GAC3G,IAAIvH,EACArC,EACAuU,IAAgBzX,EAAM0I,MAAMG,SAC9BtD,EAAOkR,EAAKlR,KACZrC,EAAOuT,EAAKvT,KACZuT,EAAOA,EAAKra,MAId,MAAMyb,EAAiBD,GAAgBE,EAAoBrB,GAErDnf,EAAS,GACf,OAAQmgB,GACN,KAAKzX,EAAM0I,MAAMC,iBACfrR,EAAOe,KAAK,gCAAkCqf,EAAY,IAAMC,EAAY,WAC5ErgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,IAAMC,EAAY,WAC1E,MACF,KAAK3X,EAAM0I,MAAME,cACftR,EAAOe,KAAK,gCAAkCqf,EAAY,WAC1DpgB,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,8BAAgCqf,EAAY,WACxD,MACF,KAAK1X,EAAM0I,MAAMG,OACfvR,EAAOe,KAAK,wCACZf,EAAOe,KAAK6K,EAAO,SAASA,QAAa,MACzC5L,EAAOe,KAAKkN,EAAKsP,QAAQ,OAAQ,QACjCvd,EAAOe,KAAK,qCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCACZ,MACF,KAAK2H,EAAM0I,MAAMI,QACfxR,EAAOe,KAAK,iCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,+BACZ,MACF,KAAK2H,EAAM0I,MAAMpH,UACfhK,EAAOe,KAAK,0CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,wCACZ,MACF,KAAK2H,EAAM0I,MAAMK,WACfzR,EAAOe,KAAK,2CACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,yCACZ,MACF,KAAK2H,EAAM0I,MAAMtE,UACf9M,EAAOe,KAAK,mCACZf,EAAOe,KAAK8c,EAAUC,EAAe3L,IACrCnS,EAAOe,KAAKwd,EAAcY,IAC1BoB,GAAkBvgB,EAAOe,KAAK,IAAKgd,EAAYwC,IAC/CvgB,EAAOe,KAAK,iCAIhB,OAAOgU,EAAKtS,OAAOzC,EACrB,CCzZOO,eAAekgB,GAAgBC,GACpC,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACnB,MAAU7L,MAAM,uBAClB,KAAKkJ,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUQ,QACrB,KAAK5C,EAAMoC,UAAUE,UAAW,CAC9B,MAAM2V,cAAEA,SAAwBxiB,QAA0BC,UAAA0C,MAAA,WAAA,OAAA8f,EAAA,IACpDC,EAASF,EAAcva,IAAIsa,GACjC,IAAKG,EACH,MAAUrhB,MAAM,gCAElB,OAAOqhB,CACb,CACI,QACE,MAAUrhB,MAAM,gCAEtB,CAMA,SAASshB,GAAmBJ,GAC1B,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,KAAK5C,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACrB,KAAKvC,EAAMoC,UAAUE,UACnB,OAAO,EACT,QACE,MAAUxL,MAAM,sBAEtB,CAMA,SAASuhB,GAAiBL,GACxB,OAAQA,GACN,KAAKhY,EAAMoC,UAAUK,OACrB,KAAKzC,EAAMoC,UAAUI,SACrB,KAAKxC,EAAMoC,UAAUG,MACnB,OAAO,GACT,KAAKvC,EAAMoC,UAAUM,OACrB,KAAK1C,EAAMoC,UAAUE,UACnB,OAAO,GACT,KAAKtC,EAAMoC,UAAUO,OACrB,KAAK3C,EAAMoC,UAAUQ,QACnB,OAAO,GACT,QACE,MAAU9L,MAAM,sBAEtB,CAMO,SAASwhB,GAAgBN,GAC9B,MAAO,CAAEO,QAASF,GAAiBL,GAAOQ,UAAWJ,GAAmBJ,GAC1E,2FCjDA,SAASS,GAAS1H,EAAGjC,GACnB,IAAI+E,EAAI9C,EAAE,GACN3D,EAAI2D,EAAE,GACN2H,EAAI3H,EAAE,GACN4H,EAAI5H,EAAE,GAEV8C,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,OAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAI+E,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAIC,GAAGD,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIE,GAAGF,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAIwL,GAAGxL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAE9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,EAAG,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,WAC/B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAC9B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,WAC5B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,GAAI,YAC9B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,YAC7B+E,EAAIgF,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,GAAI,YAC9B6J,EAAIE,GAAGF,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,UAC7B4J,EAAIG,GAAGH,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,YAC7B1B,EAAIyL,GAAGzL,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAE/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,QAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,YAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,UAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,YAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,IAAK,YAC/B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,WAC9B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,GAAI,UAC7B+E,EAAIiF,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAIG,GAAGH,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,WAC/B4J,EAAII,GAAGJ,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,GAAI,WAC9B1B,EAAI0L,GAAG1L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,GAAI,YAC7B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,YAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,UAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,IAAK,EAAG,YAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,GAAI,IAAK,YAC9B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,IAAK,IAAK,SAC/B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,EAAG,YAC5B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,UAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,IAAK,YAC9B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,IAAK,GAAI,YAC9B+E,EAAIkF,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG7J,EAAE,GAAI,GAAI,WAC7B6J,EAAII,GAAGJ,EAAG9E,EAAGzG,EAAGsL,EAAG5J,EAAE,IAAK,IAAK,YAC/B4J,EAAIK,GAAGL,EAAGC,EAAG9E,EAAGzG,EAAG0B,EAAE,GAAI,GAAI,WAC7B1B,EAAI2L,GAAG3L,EAAGsL,EAAGC,EAAG9E,EAAG/E,EAAE,GAAI,IAAK,WAE9BiC,EAAE,GAAKiI,GAAMnF,EAAG9C,EAAE,IAClBA,EAAE,GAAKiI,GAAM5L,EAAG2D,EAAE,IAClBA,EAAE,GAAKiI,GAAMN,EAAG3H,EAAE,IAClBA,EAAE,GAAKiI,GAAML,EAAG5H,EAAE,GACpB,CAEA,SAASkI,GAAIC,EAAGrF,EAAGzG,EAAG2D,EAAG7B,EAAG+B,GAE1B,OADA4C,EAAImF,GAAMA,GAAMnF,EAAGqF,GAAIF,GAAMjI,EAAGE,IACzB+H,GAAOnF,GAAK3E,EAAM2E,IAAO,GAAK3E,EAAK9B,EAC5C,CAEA,SAASwL,GAAG/E,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIsL,GAAQtL,EAAKuL,EAAI9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS4H,GAAGhF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAK7L,EAAIuL,EAAMD,GAAMC,EAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EAC/C,CAEA,SAAS6H,GAAGjF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAI7L,EAAIsL,EAAIC,EAAG9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACpC,CAEA,SAAS8H,GAAGlF,EAAGzG,EAAGsL,EAAGC,EAAG5H,EAAG7B,EAAG+B,GAC5B,OAAOgI,GAAIP,GAAKtL,GAAMuL,GAAK9E,EAAGzG,EAAG2D,EAAG7B,EAAG+B,EACzC,CAyCA,SAASkI,GAAOjK,GACd,MAAMkK,EAAU,GAChB,IAAI/hB,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvB+hB,EAAQ/hB,GAAK,GAAK6X,EAAEK,WAAWlY,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,IAAM6X,EAAEK,WAAWlY,EAAI,IAAM,KAAO6X,EAAEK,WAAWlY,EAAI,IAC/G,IAEJ,OAAO+hB,CACT,CAEA,MAAMC,GAAU,mBAAmBrG,MAAM,IAEzC,SAASsG,GAAKpM,GACZ,IAAIgC,EAAI,GACJQ,EAAI,EACR,KAAOA,EAAI,EAAGA,IACZR,GAAKmK,GAASnM,GAAU,EAAJwC,EAAQ,EAAM,IAAQ2J,GAASnM,GAAU,EAAJwC,EAAU,IAErE,OAAOR,CACT,CAeA,SAAS8J,GAAMnF,EAAGzG,GAChB,OAAQyG,EAAIzG,EAAK,UACnB,CC1LA,MAAMqE,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClB4H,GAAmBD,IAAcA,GAAWE,YAElD,SAASC,GAASlQ,GAChB,GAAK+P,IAAeC,GAAiB/E,SAASjL,GAG9C,OAAO3R,eAAgBuE,GACrB,MAAMud,EAASJ,GAAWK,WAAWpQ,GACrC,OAAO8F,EAAiBlT,GAAMtE,IAC5B6hB,EAAOE,OAAO/hB,EAAM,IACnB,IAAM,IAAId,WAAW2iB,EAAOG,WAChC,CACH,CAEA,SAASC,GAAUC,EAAeC,GAChC,MAAMC,EAAeriB,UACnB,MAAMsiB,YAAEA,SAAsB1kB,QAAwBC,UAAA0C,MAAA,WAAA,OAAAgiB,EAAA,IAChDlX,EAAOiX,EAAYzc,IAAIsc,GAC7B,IAAK9W,EAAM,MAAUpM,MAAM,oBAC3B,OAAOoM,CAAI,EAGb,OAAOrL,eAAeuE,GAIpB,GAHImb,EAAqBnb,KACvBA,QAAaob,EAAiBpb,IAE5BiQ,EAAK7V,SAAS4F,GAAO,CACvB,MAEMie,SAFaH,KAEOI,SAC1B,OAAOhL,EAAiBlT,GAAMtE,IAC5BuiB,EAAaR,OAAO/hB,EAAM,IACzB,IAAMuiB,EAAaP,UAC5B,CAAW,GAAIrI,IAAawI,EACtB,OAAO,IAAIjjB,iBAAiBya,GAAUqI,OAAOG,EAAmB7d,IAIhE,aAFmB8d,KAEP9d,EAEf,CACH,CAEA,IAAeme,GAAA,CAGbpX,IAAKuW,GAAS,QD3ChB7hB,eAAmB2iB,GACjB,MAAMV,EAyGR,SAAc5K,GACZ,MAAMhC,EAAIgC,EAAE/X,OACNsjB,EAAQ,CAAC,YAAa,WAAY,WAAY,WACpD,IAAIpjB,EACJ,IAAKA,EAAI,GAAIA,GAAK6X,EAAE/X,OAAQE,GAAK,GAC/BohB,GAASgC,EAAOtB,GAAOjK,EAAEwL,UAAUrjB,EAAI,GAAIA,KAE7C6X,EAAIA,EAAEwL,UAAUrjB,EAAI,IACpB,MAAMsjB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC3D,IAAKtjB,EAAI,EAAGA,EAAI6X,EAAE/X,OAAQE,IACxBsjB,EAAKtjB,GAAK,IAAM6X,EAAEK,WAAWlY,KAAQA,EAAI,GAAM,GAGjD,GADAsjB,EAAKtjB,GAAK,IAAM,MAAUA,EAAI,GAAM,GAChCA,EAAI,GAEN,IADAohB,GAASgC,EAAOE,GACXtjB,EAAI,EAAGA,EAAI,GAAIA,IAClBsjB,EAAKtjB,GAAK,EAKd,OAFAsjB,EAAK,IAAU,EAAJzN,EACXuL,GAASgC,EAAOE,GACTF,CACT,CA/HiBG,CAAKvO,EAAKmD,mBAAmBgL,IAC5C,OAAOnO,EAAKuC,gBAoKd,SAAamC,GACX,IAAK,IAAI1Z,EAAI,EAAGA,EAAI0Z,EAAE5Z,OAAQE,IAC5B0Z,EAAE1Z,GAAKiiB,GAAKvI,EAAE1Z,IAEhB,OAAO0Z,EAAE9Y,KAAK,GAChB,CAzK8B4W,CAAIiL,GAClC,ECyCE1W,KAAMsW,GAAS,SAAWK,GAAU,OAAQ,SAC5CtW,OAAQiW,GAAS,WAAaK,GAAU,UACxCzW,OAAQoW,GAAS,WAAaK,GAAU,SAAU,WAClDxW,OAAQmW,GAAS,WAAaK,GAAU,SAAU,WAClDvW,OAAQkW,GAAS,WAAaK,GAAU,SAAU,WAClD1W,OAAQqW,GAAS,cAAgBK,GAAU,aAC3CrW,SAAUgW,GAAS,aAAeK,GAAU,YAC5CpW,SAAU+V,GAAS,aAAeK,GAAU,YAQ5CD,OAAQ,SAAS9B,EAAM5b,GACrB,OAAQ4b,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO5N,KAAK4N,IAAI/G,GAClB,KAAK4D,EAAMkD,KAAKE,KACd,OAAO7N,KAAK6N,KAAKhH,GACnB,KAAK4D,EAAMkD,KAAKG,OACd,OAAO9N,KAAK8N,OAAOjH,GACrB,KAAK4D,EAAMkD,KAAKI,OACd,OAAO/N,KAAK+N,OAAOlH,GACrB,KAAK4D,EAAMkD,KAAKK,OACd,OAAOhO,KAAKgO,OAAOnH,GACrB,KAAK4D,EAAMkD,KAAKM,OACd,OAAOjO,KAAKiO,OAAOpH,GACrB,KAAK4D,EAAMkD,KAAKO,OACd,OAAOlO,KAAKkO,OAAOrH,GACrB,KAAK4D,EAAMkD,KAAKQ,SACd,OAAOnO,KAAKmO,SAAStH,GACvB,KAAK4D,EAAMkD,KAAKS,SACd,OAAOpO,KAAKoO,SAASvH,GACvB,QACE,MAAUtF,MAAM,6BAErB,EAOD+jB,kBAAmB,SAAS7C,GAC1B,OAAQA,GACN,KAAKhY,EAAMkD,KAAKC,IACd,OAAO,GACT,KAAKnD,EAAMkD,KAAKE,KAChB,KAAKpD,EAAMkD,KAAKG,OACd,OAAO,GACT,KAAKrD,EAAMkD,KAAKI,OACd,OAAO,GACT,KAAKtD,EAAMkD,KAAKK,OACd,OAAO,GACT,KAAKvD,EAAMkD,KAAKM,OACd,OAAO,GACT,KAAKxD,EAAMkD,KAAKO,OACd,OAAO,GACT,KAAKzD,EAAMkD,KAAKQ,SACd,OAAO,GACT,KAAK1D,EAAMkD,KAAKS,SACd,OAAO,GACT,QACE,MAAU7M,MAAM,2BAExB,GCxHO,SAASgkB,GAAQjH,GACpB,OAAQA,aAAa7c,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,IAC7D,CACA,SAASkC,GAAM0N,KAAM2N,GACjB,IAAKD,GAAQ1N,GACT,MAAUtW,MAAM,uBACpB,GAAIikB,EAAQ5jB,OAAS,IAAM4jB,EAAQtG,SAASrH,EAAEjW,QAC1C,MAAUL,MAAM,iCAAiCikB,oBAA0B3N,EAAEjW,SACrF,CAOA,SAAS6jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUrkB,MAAM,oCACpB,GAAIokB,GAAiBD,EAASG,SAC1B,MAAUtkB,MAAM,wCACxB,CACA,SAASqF,GAAOkf,EAAKJ,GACjBvb,GAAM2b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAIlkB,OAASmkB,EACb,MAAUxkB,MAAM,yDAAyDwkB,EAEjF;uECjCO,MAAME,GAAMC,GAAQ,IAAIzkB,WAAWykB,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAE7D6b,GAAOD,GAAQ,IAAI/F,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,IAEvF8b,GAAcF,GAAQ,IAAItF,SAASsF,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAIhF,KADgF,KAA5D,IAAI7I,WAAW,IAAI0e,YAAY,CAAC,YAAa7W,QAAQ,IAErE,MAAU/H,MAAM,+CAiGb,SAAS8kB,GAAQxf,GACpB,GAAoB,iBAATA,EACPA,EAlBD,SAAqBiT,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,+BAA+BuY,GACnD,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD,CAcewM,CAAYzf,OAClB,KAAI0e,GAAQ1e,GAGb,MAAUtF,MAAM,mCAAmCsF,GAFnDA,EAAO0f,GAAU1f,EAEyC,CAC9D,OAAOA,CACX,CA0BO,SAAS2f,GAAWlI,EAAGzG,GAC1B,GAAIyG,EAAE1c,SAAWiW,EAAEjW,OACf,OAAO,EACX,IAAI6kB,EAAO,EACX,IAAK,IAAI3kB,EAAI,EAAGA,EAAIwc,EAAE1c,OAAQE,IAC1B2kB,GAAQnI,EAAExc,GAAK+V,EAAE/V,GACrB,OAAgB,IAAT2kB,CACX,CAOO,MAAMC,GAAa,CAACC,EAAQxD,KAC/BrjB,OAAO8mB,OAAOzD,EAAGwD,GACVxD,GAGJ,SAAS0D,GAAaC,EAAMzc,EAAY9H,EAAOwkB,GAClD,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAaxc,EAAY9H,EAAOwkB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ7kB,GAASykB,EAAQE,GAC9BG,EAAKD,OAAO7kB,EAAQ2kB,GAG1BJ,EAAKQ,UAAUjd,EAFM,EAEU8c,EAAIJ,GACnCD,EAAKQ,UAAUjd,EAFM,EAEUgd,EAAIN,EACvC,CASO,SAASQ,GAAYpd,GACxB,OAAOA,EAAME,WAAa,GAAM,CACpC,CAEO,SAASkc,GAAUpc,GACtB,OAAO1I,WAAW8e,KAAKpW,EAC3B,CACO,SAASqd,MAAS7lB,GACrB,IAAK,IAAIG,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAC/BH,EAAOG,GAAG2lB,KAAK,EAEvB,CCzLA,MAAMC,GAAa,GAGbC,kBAA0B,IAAIlmB,WAAW,IACzCmmB,GAAUzB,GAAIwB,IAcdE,GAAUlQ,IAASA,IAAM,EAAK,MAAS,IACtCA,IAAM,EAAK,MAAS,IACpBA,IAAM,GAAM,MAAS,EACtBA,IAAM,GAAM,IA0BlB,MAAMmQ,GAEF,WAAAloB,CAAY+Q,EAAKoX,GACb/nB,KAAKgoB,SAAWN,GAChB1nB,KAAKgmB,UAAY0B,GACjB1nB,KAAKioB,GAAK,EACVjoB,KAAKkoB,GAAK,EACVloB,KAAKmoB,GAAK,EACVnoB,KAAKooB,GAAK,EACVpoB,KAAK6lB,UAAW,EAEhBwC,GADA1X,EAAM0V,GAAQ1V,GACF,IACZ,MAAM2X,EAAQlC,GAAWzV,GACzB,IAAI4X,EAAKD,EAAME,UAAU,GAAG,GACxBC,EAAKH,EAAME,UAAU,GAAG,GACxBE,EAAKJ,EAAME,UAAU,GAAG,GACxBG,EAAKL,EAAME,UAAU,IAAI,GAE7B,MAAMI,EAAU,GAChB,IAAK,IAAI9mB,EAAI,EAAGA,EAAI,IAAKA,IACrB8mB,EAAQ9lB,KAAK,CAAEmlB,GAAIJ,GAAOU,GAAKL,GAAIL,GAAOY,GAAKN,GAAIN,GAAOa,GAAKN,GAAIP,GAAOc,OACvEV,GAAIM,EAAIL,GAAIO,EAAIN,GAAIO,EAAIN,GAAIO,GAzDhC,CACHP,IAHcD,EA2DyCO,IAxD5C,IAHON,EA2DyCO,KAxDlC,EACzBR,IAJUD,EA2DyCO,IAvDxC,GAAON,IAAO,EACzBD,IALMD,EA2DyCM,IAtDpC,GAAOL,IAAO,EACzBD,GAAKA,IAAO,EAVP,KAUsB,KAAgB,EALjCG,KADL,IAACH,EAAIC,EAAIC,EAAIC,EA6DlB,MAAMS,EA9BS,CAAC1e,GAChBA,EAAQ,MACD,EACPA,EAAQ,KACD,EACJ,EAyBO2e,CAAef,GAAkB,MAC3C,IAAK,CAAC,EAAG,EAAG,EAAG,GAAG7I,SAAS2J,GACvB,MAAUtnB,MAAM,4BAA4BsnB,0BAChD7oB,KAAK6oB,EAAIA,EACT,MACME,EADO,IACUF,EACjBG,EAAchpB,KAAKgpB,WAAa,GAAKH,EACrCI,EAAQ,GAEd,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAASG,IAEzB,IAAK,IAAIrf,EAAO,EAAGA,EAAOmf,EAAYnf,IAAQ,CAE1C,IAAIoe,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,IAAK,IAAIjO,EAAI,EAAGA,EAAI0O,EAAG1O,IAAK,CAExB,KADatQ,IAAUgf,EAAI1O,EAAI,EAAM,GAEjC,SACJ,MAAQ8N,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,EAAIjB,GAAIkB,GAAOV,EAAQC,EAAIK,EAAI/O,GAC1D8N,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,EAAMjB,GAAMkB,CAC/D,CACgBL,EAAMnmB,KAAK,CAAEmlB,KAAIC,KAAIC,KAAIC,MACzC,CAEQpoB,KAAK0b,EAAIuN,CACjB,CACI,YAAAM,CAAatB,EAAIC,EAAIC,EAAIC,GACpBH,GAAMjoB,KAAKioB,GAAMC,GAAMloB,KAAKkoB,GAAMC,GAAMnoB,KAAKmoB,GAAMC,GAAMpoB,KAAKooB,GAC/D,MAAMS,EAAEA,EAACnN,EAAEA,EAACsN,WAAEA,GAAehpB,KAE7B,IAAIwpB,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAAGC,EAAK,EACjC,MAAMC,GAAQ,GAAKf,GAAK,EACxB,IAAIK,EAAI,EACR,IAAK,MAAMW,IAAO,CAAC5B,EAAIC,EAAIC,EAAIC,GAC3B,IAAK,IAAI0B,EAAU,EAAGA,EAAU,EAAGA,IAAW,CAC1C,MAAMjgB,EAAQggB,IAAS,EAAIC,EAAY,IACvC,IAAK,IAAIC,EAAS,EAAIlB,EAAI,EAAGkB,GAAU,EAAGA,IAAU,CAChD,MAAMC,EAAOngB,IAAUgf,EAAIkB,EAAWH,GAC9B3B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO1O,EAAEwN,EAAIF,EAAagB,GAC7DR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAAMR,GAAMS,EAC3ClB,GAAK,CACzB,CACA,CAEQlpB,KAAKioB,GAAKuB,EACVxpB,KAAKkoB,GAAKuB,EACVzpB,KAAKmoB,GAAKuB,EACV1pB,KAAKooB,GAAKuB,CAClB,CACI,MAAArF,CAAOzd,GACHA,EAAOwf,GAAQxf,GACfwjB,GAAQrqB,MACR,MAAMsqB,EAAMnE,GAAItf,GACV0jB,EAAS9hB,KAAK0P,MAAMtR,EAAKjF,OAAS8lB,IAClC8C,EAAO3jB,EAAKjF,OAAS8lB,GAC3B,IAAK,IAAI5lB,EAAI,EAAGA,EAAIyoB,EAAQzoB,IACxB9B,KAAKupB,aAAae,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,GAAIwoB,EAAQ,EAAJxoB,EAAQ,IAOlF,OALI0oB,IACA7C,GAAQxlB,IAAI0E,EAAKmC,SAASuhB,EAAS7C,KACnC1nB,KAAKupB,aAAa3B,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,GAAIA,GAAQ,IAC9DJ,GAAMI,KAEH5nB,IACf,CACI,OAAAiJ,GACI,MAAMyS,EAAEA,GAAM1b,KAEd,IAAK,MAAMyqB,KAAO/O,EACb+O,EAAIxC,GAAK,EAAKwC,EAAIvC,GAAK,EAAKuC,EAAItC,GAAK,EAAKsC,EAAIrC,GAAK,CAEhE,CACI,UAAAsC,CAAW5E,GACPuE,GAAQrqB,MACR2qB,GAAQ7E,EAAK9lB,MACbA,KAAK6lB,UAAW,EAChB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOpoB,KACrB4qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,CACf,CACI,MAAAvB,GACI,MAAMsG,EAAM,IAAIppB,WAAWimB,IAG3B,OAFA1nB,KAAK0qB,WAAWG,GAChB7qB,KAAKiJ,UACE4hB,CACf,EAEA,MAAMC,WAAgBhD,GAClB,WAAAloB,CAAY+Q,EAAKoX,GAEb,MAAMgD,EAzIP,SAAqBxR,GACxBA,EAAEyR,UACF,MAAMC,EAAgB,EAAR1R,EAAE,IAEhB,IAAI2R,EAAQ,EACZ,IAAK,IAAIppB,EAAI,EAAGA,EAAIyX,EAAE3X,OAAQE,IAAK,CAC/B,MAAM4Z,EAAInC,EAAEzX,GACZyX,EAAEzX,GAAM4Z,IAAM,EAAKwP,EACnBA,GAAa,EAAJxP,IAAU,CAC3B,CAEI,OADAnC,EAAE,IAAe,KAAR0R,EACF1R,CACX,CA6HsB4R,CAAY5E,GAD1B5V,EAAM0V,GAAQ1V,KAEd9Q,MAAMkrB,EAAOhD,GACbP,GAAMuD,EACd,CACI,MAAAzG,CAAOzd,GACHA,EAAOwf,GAAQxf,GACfwjB,GAAQrqB,MACR,MAAMsqB,EAAMnE,GAAItf,GACV2jB,EAAO3jB,EAAKjF,OAAS8lB,GACrB6C,EAAS9hB,KAAK0P,MAAMtR,EAAKjF,OAAS8lB,IACxC,IAAK,IAAI5lB,EAAI,EAAGA,EAAIyoB,EAAQzoB,IACxB9B,KAAKupB,aAAa1B,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,IAAK+lB,GAAOyC,EAAQ,EAAJxoB,EAAQ,KAOjH,OALI0oB,IACA7C,GAAQxlB,IAAI0E,EAAKmC,SAASuhB,EAAS7C,KACnC1nB,KAAKupB,aAAa1B,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,IAAKC,GAAOD,GAAQ,KAC7FJ,GAAMI,KAEH5nB,IACf,CACI,UAAA0qB,CAAW5E,GACPuE,GAAQrqB,MACR2qB,GAAQ7E,EAAK9lB,MACbA,KAAK6lB,UAAW,EAEhB,MAAMoC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOpoB,KACrB4qB,EAAMzE,GAAIL,GAKhB,OAJA8E,EAAI,GAAK3C,EACT2C,EAAI,GAAK1C,EACT0C,EAAI,GAAKzC,EACTyC,EAAI,GAAKxC,EACFtC,EAAIkF,SACnB,EAEA,SAASI,GAAuBC,GAC5B,MAAMC,EAAQ,CAACC,EAAK5a,IAAQ0a,EAAS1a,EAAK4a,EAAI3pB,QAAQ0iB,OAAO+B,GAAQkF,IAAMhH,SACrEiH,EAAMH,EAAS,IAAI5pB,WAAW,IAAK,GAIzC,OAHA6pB,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,CAACpU,EAAKoX,IAAmBsD,EAAS1a,EAAKoX,GAC/CuD,CACX,CACO,MAAMG,GAAQL,IAAuB,CAACza,EAAKoX,IAAmB,IAAID,GAAMnX,EAAKoX,KAC7DqD,IAAuB,CAACza,EAAKoX,IAAmB,IAAI+C,GAAQna,EAAKoX,KCtMxF,MAAML,GAAa,GAEbgE,GAAc,IAAIjqB,WAAWimB,IAC7BiE,GAAO,IAEb,SAASC,GAAKjU,GACV,OAAQA,GAAK,EAAMgU,KAAShU,GAAK,EACrC,CACA,SAASkU,GAAIvN,EAAGzG,GACZ,IAAIgT,EAAM,EACV,KAAOhT,EAAI,EAAGA,IAAM,EAEhBgT,GAAOvM,IAAU,EAAJzG,GACbyG,EAAIsN,GAAKtN,GAEb,OAAOuM,CACX,CAGA,MAAMiB,kBAAuB,MACzB,MAAMpQ,EAAI,IAAIja,WAAW,KACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,IAAKA,IAAK0Z,GAAKoQ,GAAKpQ,GAC3CE,EAAE5Z,GAAK0Z,EACX,MAAMuQ,EAAM,IAAItqB,WAAW,KAC3BsqB,EAAI,GAAK,GACT,IAAK,IAAIjqB,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,IAAI0Z,EAAIE,EAAE,IAAM5Z,GAChB0Z,GAAKA,GAAK,EACVuQ,EAAIrQ,EAAE5Z,IAA+D,KAAxD0Z,EAAKA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAMA,GAAK,EAAK,GACrE,CAEI,OADAgM,GAAM9L,GACCqQ,CACV,EAb4B,GAevBC,kBAA0BF,GAAKnnB,KAAI,CAACsnB,EAAG9R,IAAM2R,GAAKriB,QAAQ0Q,KAE1D+R,GAAYvU,GAAOA,GAAK,GAAOA,IAAM,EACrCwU,GAAYxU,GAAOA,GAAK,EAAMA,IAAM,GAEpCyU,GAAYC,GAAWA,GAAQ,GAAM,WACrCA,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAKrB,SAASC,GAAUR,EAAM7kB,GACrB,GAAoB,MAAhB6kB,EAAKlqB,OACL,MAAUL,MAAM,qBACpB,MAAMgrB,EAAK,IAAIpM,YAAY,KAAKxb,KAAI,CAACsnB,EAAG9R,IAAMlT,EAAG6kB,EAAK3R,MAChDqS,EAAKD,EAAG5nB,IAAIwnB,IACZM,EAAKD,EAAG7nB,IAAIwnB,IACZO,EAAKD,EAAG9nB,IAAIwnB,IACZQ,EAAM,IAAIxM,YAAY,OACtByM,EAAM,IAAIzM,YAAY,OACtB0M,EAAQ,IAAIC,YAAY,OAC9B,IAAK,IAAIhrB,EAAI,EAAGA,EAAI,IAAKA,IACrB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,IAAKA,IAAK,CAC1B,MAAM4S,EAAU,IAAJjrB,EAAUqY,EACtBwS,EAAII,GAAOR,EAAGzqB,GAAK0qB,EAAGrS,GACtByS,EAAIG,GAAON,EAAG3qB,GAAK4qB,EAAGvS,GACtB0S,EAAME,GAAQjB,EAAKhqB,IAAM,EAAKgqB,EAAK3R,EAC/C,CAEI,MAAO,CAAE2R,OAAMe,QAAON,KAAIC,KAAIC,KAAIC,KAAIC,MAAKC,MAC/C,CACA,MAAMI,kBAAgCV,GAAUR,IAAOnS,GAAOkS,GAAIlS,EAAG,IAAM,GAAOA,GAAK,GAAOA,GAAK,EAAKkS,GAAIlS,EAAG,KACzGsT,kBAAgCX,GAAUN,IAAUrS,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,KAAO,GAAOkS,GAAIlS,EAAG,IAAM,EAAKkS,GAAIlS,EAAG,MAC9HuT,kBAA0B,MAC5B,MAAMC,EAAI,IAAI1rB,WAAW,IACzB,IAAK,IAAIK,EAAI,EAAG0Z,EAAI,EAAG1Z,EAAI,GAAIA,IAAK0Z,EAAIoQ,GAAKpQ,GACzC2R,EAAErrB,GAAK0Z,EACX,OAAO2R,CACV,EAL+B,GAMzB,SAASC,GAAYzc,GACxB0X,GAAO1X,GACP,MAAM0c,EAAM1c,EAAI/O,OAChB,IAAK,CAAC,GAAI,GAAI,IAAIsd,SAASmO,GACvB,MAAU9rB,MAAM,qDAAqD8rB,GACzE,MAAMR,MAAEA,GAAUG,GACZM,EAAU,GACX/F,GAAY5W,IACb2c,EAAQxqB,KAAM6N,EAAM4V,GAAU5V,IAClC,MAAM4c,EAAMpH,GAAIxV,GACV6c,EAAKD,EAAI3rB,OACT6rB,EAAW9V,GAAM+V,GAAUb,EAAOlV,EAAGA,EAAGA,EAAGA,GAC3CgW,EAAK,IAAIxN,YAAYkN,EAAM,IACjCM,EAAGxrB,IAAIorB,GAEP,IAAK,IAAIzrB,EAAI0rB,EAAI1rB,EAAI6rB,EAAG/rB,OAAQE,IAAK,CACjC,IAAI4Z,EAAIiS,EAAG7rB,EAAI,GACXA,EAAI0rB,GAAO,EACX9R,EAAI+R,EAAQvB,GAASxQ,IAAMwR,GAAQprB,EAAI0rB,EAAK,GACvCA,EAAK,GAAK1rB,EAAI0rB,GAAO,IAC1B9R,EAAI+R,EAAQ/R,IAChBiS,EAAG7rB,GAAK6rB,EAAG7rB,EAAI0rB,GAAM9R,CAC7B,CAEI,OADA8L,MAAS8F,GACFK,CACX,CACO,SAASC,GAAejd,GAC3B,MAAMkd,EAAST,GAAYzc,GACrBgd,EAAKE,EAAOlrB,QACZ6qB,EAAKK,EAAOjsB,QACZirB,MAAEA,GAAUG,IACZT,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOO,GAE3B,IAAK,IAAInrB,EAAI,EAAGA,EAAI0rB,EAAI1rB,GAAK,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,EAAGA,IACnBwT,EAAG7rB,EAAIqY,GAAK0T,EAAOL,EAAK1rB,EAAI,EAAIqY,GAExCqN,GAAMqG,GAEN,IAAK,IAAI/rB,EAAI,EAAGA,EAAI0rB,EAAK,EAAG1rB,IAAK,CAC7B,MAAM0Z,EAAImS,EAAG7rB,GACPonB,EAAIwE,GAAUb,EAAOrR,EAAGA,EAAGA,EAAGA,GACpCmS,EAAG7rB,GAAKyqB,EAAO,IAAJrD,GAAYsD,EAAItD,IAAM,EAAK,KAAQuD,EAAIvD,IAAM,GAAM,KAAQwD,EAAGxD,IAAM,GACvF,CACI,OAAOyE,CACX,CAEA,SAASG,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GACrC,OAAQuE,EAAM1E,GAAM,EAAK,MAAYC,IAAO,EAAK,KAC7C0E,EAAMzE,IAAO,EAAK,MAAYC,IAAO,GAAM,IACnD,CACA,SAASsF,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAClC,OAAQyE,EAAY,IAAL5E,EAAmB,MAALC,GACxB2E,EAAQ1E,IAAO,GAAM,IAAUC,IAAO,GAAM,QAAY,EACjE,CACA,SAAS2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQI,GAC5B,IAAIzT,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAG/rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAIksB,EAAQlsB,IAAK,CAC7B,MAAMmsB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIC,EAAIC,EAAIC,GAC/C8F,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAIC,EAAIC,EAAIH,GAC/CkG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAIC,EAAIH,EAAIC,GAC/CkG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAIH,EAAIC,EAAIC,GACpDF,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIC,EAAIC,EAAIC,GAIjCF,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAIC,EAAIC,EAAIH,GAGzBE,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAIC,EAAIH,EAAIC,GAEjBE,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAIH,EAAIC,EAAIC,GAEtD,CAEA,SAASkG,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAC7B,MAAMyE,MAAEA,EAAKF,IAAEA,EAAGC,IAAEA,GAAQK,GAC5B,IAAI1T,EAAI,EACP0O,GAAM0F,EAAGpU,KAAQ2O,GAAMyF,EAAGpU,KAAQ4O,GAAMwF,EAAGpU,KAAQ6O,GAAMuF,EAAGpU,KAC7D,MAAMyU,EAASL,EAAG/rB,OAAS,EAAI,EAC/B,IAAK,IAAIE,EAAI,EAAGA,EAAIksB,EAAQlsB,IAAK,CAC7B,MAAMmsB,EAAKN,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK3E,EAAIG,EAAID,EAAID,GAC/CgG,EAAKP,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAK1E,EAAID,EAAIG,EAAID,GAC/CgG,EAAKR,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKzE,EAAID,EAAID,EAAIG,GAC/CgG,EAAKT,EAAGpU,KAAOuU,GAAUnB,EAAKC,EAAKxE,EAAID,EAAID,EAAID,GACpDA,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,EAAM/F,EAAKgG,CAC/C,CAMI,MAAO,CAAEnG,GAJE0F,EAAGpU,KAAOmU,GAAUb,EAAO5E,EAAIG,EAAID,EAAID,GAIjCA,GAHNyF,EAAGpU,KAAOmU,GAAUb,EAAO3E,EAAID,EAAIG,EAAID,GAGzBA,GAFdwF,EAAGpU,KAAOmU,GAAUb,EAAO1E,EAAID,EAAID,EAAIG,GAEjBA,GADtBuF,EAAGpU,KAAOmU,GAAUb,EAAOzE,EAAID,EAAID,EAAID,GAEtD,CACA,SAASqG,GAAOjB,EAAKkB,GACjB,QAAYnsB,IAARmsB,EACA,OAAO,IAAI9sB,WAAW4rB,GAE1B,GADAhF,GAAOkG,GACHA,EAAI3sB,OAASyrB,EACb,MAAU9rB,MAAM,oDAAoD8rB,WAAakB,EAAI3sB,UACzF,IAAK2lB,GAAYgH,GACb,MAAUhtB,MAAM,iBACpB,OAAOgtB,CACX,CAEA,SAASC,GAAWb,EAAIc,EAAOC,EAAKH,GAChClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACP,MAAMC,EAASD,EAAI9sB,OACnB2sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GAEhB,IAAI3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACjE,MAAMC,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GAElB,IAAK,IAAIzsB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,OAAQE,GAAK,EAAG,CAC3CitB,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmmB,EAC9B8G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKomB,EAC9B6G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqmB,EAC9B4G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsmB,EAE9B,IAAI8C,EAAQ,EACZ,IAAK,IAAIppB,EAAI8sB,EAAIhtB,OAAS,EAAGE,GAAK,EAAGA,IACjCopB,EAASA,GAAkB,IAAT0D,EAAI9sB,IAAc,EACpC8sB,EAAI9sB,GAAa,IAARopB,EACTA,KAAW,IAEZjD,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IACtE,CAGI,MAAMzqB,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OA/M3B,GAgNjB,GAAIwC,EAAQuqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIxoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAIA,SAASS,GAAMrB,EAAI5G,EAAM0H,EAAOC,EAAKH,GACjClG,GAAOoG,EAAO/G,IACdW,GAAOqG,GACPH,EAAMD,GAAOI,EAAI9sB,OAAQ2sB,GACzB,MAAMK,EAAMH,EACNI,EAAM1I,GAAIyI,GACV9H,EAAOV,GAAWwI,GAClBE,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZU,EAASlI,EAAO,EAAI,GACpB4H,EAASD,EAAI9sB,OAEnB,IAAIstB,EAASpI,EAAK0B,UAAUyG,EAAQlI,IAChCkB,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,IAAK,IAAI/sB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,OAAQE,GAAK,EACxCitB,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmmB,EAC9B8G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKomB,EAC9B6G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqmB,EAC9B4G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsmB,EAC9B8G,EAAUA,EAAS,IAAO,EAC1BpI,EAAKQ,UAAU2H,EAAQC,EAAQnI,KAC5BkB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAIkB,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAGlE,MAAMzqB,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OArP3B,GAsPjB,GAAIwC,EAAQuqB,EAAQ,CAChB,MAAMrE,EAAM,IAAInK,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,IACnCxJ,EAAMqH,GAAGqE,GACf,IAAK,IAAIxoB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM8C,EACd,CACI,OAAOiE,CACX,CAKO,MAAMK,GAAMlI,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK8d,GAGhF,SAASW,EAAWxQ,EAAK2P,GAErB,GADAlG,GAAOzJ,QACKxc,IAARmsB,IACAlG,GAAOkG,IACFhH,GAAYgH,IACb,MAAUhtB,MAAM,yBAExB,MAAMosB,EAAKP,GAAYzc,GACjBgH,EAAI4O,GAAUkI,GACdnB,EAAU,CAACK,EAAIhW,GAChB4P,GAAY3I,IACb0O,EAAQxqB,KAAM8b,EAAM2H,GAAU3H,IAClC,MAAMkH,EAAM0I,GAAWb,EAAIhW,EAAGiH,EAAK2P,GAEnC,OADA/G,MAAS8F,GACFxH,CACf,CACI,OAlBAuC,GAAO1X,GACP0X,GAAOoG,EAAO/G,IAiBP,CACHqG,QAAS,CAACsB,EAAWd,IAAQa,EAAWC,EAAWd,GACnDF,QAAS,CAACiB,EAAYf,IAAQa,EAAWE,EAAYf,GAE7D,IAgGO,MAAMgB,GAAM7I,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK6e,EAAIC,EAAO,CAAA,GAC3FpH,GAAO1X,GACP0X,GAAOmH,EAAI,IACX,MAAME,GAASD,EAAKE,eACpB,MAAO,CACH,OAAA5B,CAAQsB,EAAWd,GACf,MAAMZ,EAAKP,GAAYzc,IACjBkH,EAAEA,EAAC+X,EAAK9J,IAAK+J,GAhG/B,SAA8BR,EAAWK,EAAOnB,GAC5ClG,GAAOgH,GACP,IAAIS,EAAST,EAAUztB,OACvB,MAAMmuB,EAAYD,EAASpI,GAC3B,IAAKgI,GAAuB,IAAdK,EACV,MAAUxuB,MAAM,2DACfgmB,GAAY8H,KACbA,EAAY9I,GAAU8I,IAC1B,MAAMxX,EAAIsO,GAAIkJ,GACd,GAAIK,EAAO,CACP,IAAIlF,EAAO9C,GAAaqI,EACnBvF,IACDA,EAAO9C,IACXoI,GAAkBtF,CAC1B,CACI,MAAM1E,EAAMwI,GAAOwB,EAAQvB,GAE3B,MAAO,CAAE1W,IAAG+X,EADFzJ,GAAIL,GACCA,MACnB,CA8EwCkK,CAAqBX,EAAWK,EAAOnB,GACnE,IAAI0B,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GAChDpuB,EAAI,EACR,KAAOA,EAAI,GAAK+V,EAAEjW,QACbqmB,GAAMpQ,EAAE/V,EAAI,GAAMomB,GAAMrQ,EAAE/V,EAAI,GAAMqmB,GAAMtQ,EAAE/V,EAAI,GAAMsmB,GAAMvQ,EAAE/V,EAAI,KAChEmmB,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE9tB,KAAOmmB,EAAM2H,EAAE9tB,KAAOomB,EAAM0H,EAAE9tB,KAAOqmB,EAAMyH,EAAE9tB,KAAOsmB,EAE3D,GAAIsH,EAAO,CACP,MAAMS,EA7EtB,SAAiB3F,GACb,MAAMgB,EAAM,IAAI/pB,WAAW,IACrB0uB,EAAQhK,GAAIqF,GAClBA,EAAIrpB,IAAIqoB,GACR,MAAM4F,EAAc1I,GAAa8C,EAAK5oB,OACtC,IAAK,IAAIE,EAAI4lB,GAAa0I,EAAatuB,EAAI4lB,GAAY5lB,IACnD0pB,EAAI1pB,GAAKsuB,EACb,OAAOD,CACX,CAqE8BE,CAAQhB,EAAUrmB,SAAa,EAAJlH,IACxCmmB,GAAMkI,EAAM,GAAMjI,GAAMiI,EAAM,GAAMhI,GAAMgI,EAAM,GAAM/H,GAAM+H,EAAM,KAChElI,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC7CwH,EAAE9tB,KAAOmmB,EAAM2H,EAAE9tB,KAAOomB,EAAM0H,EAAE9tB,KAAOqmB,EAAMyH,EAAE9tB,KAAOsmB,CACvE,CAEY,OADAZ,MAAS8F,GACFuC,CACV,EACD,OAAAxB,CAAQiB,EAAYf,IA7H5B,SAA8B1nB,GAE1B,GADAwhB,GAAOxhB,GACHA,EAAKjF,OAAS8lB,IAAe,EAC7B,MAAUnmB,MAAM,yEAExB,CAyHY+uB,CAAqBhB,GACrB,MAAM3B,EAAKC,GAAejd,GAC1B,IAAIsf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAClC,MAAMC,EAAM/J,GAAI8J,GACVnK,EAAMwI,GAAOgB,EAAW1tB,OAAQ2sB,GACjChH,GAAY+H,IACbhC,EAAQxqB,KAAMwsB,EAAa/I,GAAU+I,IACzC,MAAMzX,EAAIsO,GAAImJ,GACRM,EAAIzJ,GAAIL,GAEd,IAAImC,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIpuB,EAAI,EAAGA,EAAI,GAAK+V,EAAEjW,QAAS,CAEhC,MAAM2uB,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EAAIuI,EAAMtI,EACzCH,EAAKpQ,EAAE/V,EAAI,GAAMomB,EAAKrQ,EAAE/V,EAAI,GAAMqmB,EAAKtQ,EAAE/V,EAAI,GAAMsmB,EAAKvQ,EAAE/V,EAAI,GAC/D,MAAQmmB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,EAAItB,GAAIuB,GAAO0E,GAAQV,EAAI1F,EAAIC,EAAIC,EAAIC,GAClEwH,EAAE9tB,KAAO0nB,EAAK+G,EAAOX,EAAE9tB,KAAO2nB,EAAK+G,EAAOZ,EAAE9tB,KAAO4nB,EAAK+G,EAAOb,EAAE9tB,KAAO6nB,EAAK+G,CAC9F,CAEY,OADAlJ,MAAS8F,GA1HrB,SAAsBzmB,EAAM6oB,GACxB,IAAKA,EACD,OAAO7oB,EACX,MAAMwmB,EAAMxmB,EAAKjF,OACjB,IAAKyrB,EACD,MAAU9rB,MAAM,2CACpB,MAAMovB,EAAW9pB,EAAKwmB,EAAM,GAC5B,GAAIsD,GAAY,GAAKA,EAAW,GAC5B,MAAUpvB,MAAM,4BACpB,MAAMukB,EAAMjf,EAAKmC,SAAS,GAAI2nB,GAC9B,IAAK,IAAI7uB,EAAI,EAAGA,EAAI6uB,EAAU7uB,IAC1B,GAAI+E,EAAKwmB,EAAMvrB,EAAI,KAAO6uB,EACtB,MAAUpvB,MAAM,4BACxB,OAAOukB,CACX,CA6GmB8K,CAAa9K,EAAK4J,EAC5B,EAET,IAKamB,GAAMnK,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,KAAM,SAAaxe,EAAK6e,GAGhF,SAASsB,EAAWpC,EAAKqC,EAAWxC,GAChClG,GAAOqG,GACP,MAAMC,EAASD,EAAI9sB,OACnB2sB,EAAMD,GAAOK,EAAQJ,GACrB,MAAMZ,EAAKP,GAAYzc,GACvB,IAAIsf,EAAMT,EACV,MAAMlC,EAAU,CAACK,GACZpG,GAAY0I,IACb3C,EAAQxqB,KAAMmtB,EAAM1J,GAAU0J,IAC7B1I,GAAYmH,IACbpB,EAAQxqB,KAAM4rB,EAAMnI,GAAUmI,IAClC,MAAMI,EAAQ3I,GAAIuI,GACZK,EAAQ5I,GAAIoI,GACZyC,EAASD,EAAYhC,EAAQD,EAC7BoB,EAAM/J,GAAI8J,GAEhB,IAAIhI,EAAKiI,EAAI,GAAIhI,EAAKgI,EAAI,GAAI/H,EAAK+H,EAAI,GAAI9H,EAAK8H,EAAI,GACpD,IAAK,IAAIpuB,EAAI,EAAGA,EAAI,GAAKgtB,EAAMltB,QAAS,CACpC,MAAQqmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAO2D,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,GACnE2G,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmoB,EAC9B8E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKooB,EAC9B6E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqoB,EAC9B4E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsoB,EAC7BnC,EAAK+I,EAAOlvB,KAAQomB,EAAK8I,EAAOlvB,KAAQqmB,EAAK6I,EAAOlvB,KAAQsmB,EAAK4I,EAAOlvB,IACrF,CAEQ,MAAMsC,EAAQsjB,GAAajf,KAAK0P,MAAM2W,EAAMltB,OApd/B,GAqdb,GAAIwC,EAAQuqB,EAAQ,GACb1G,KAAIC,KAAIC,KAAIC,MAAO2F,GAAQJ,EAAI1F,EAAIC,EAAIC,EAAIC,IAC9C,MAAMxJ,EAAMqH,GAAG,IAAI9F,YAAY,CAAC8H,EAAIC,EAAIC,EAAIC,KAC5C,IAAK,IAAItmB,EAAIsC,EAAOpC,EAAM,EAAGF,EAAI6sB,EAAQ7sB,IAAKE,IAC1CusB,EAAIzsB,GAAK4sB,EAAI5sB,GAAK8c,EAAI5c,GAC1BwlB,GAAM5I,EAClB,CAEQ,OADA4I,MAAS8F,GACFiB,CACf,CACI,OAvCAlG,GAAO1X,GACP0X,GAAOmH,EAAI,IAsCJ,CACHzB,QAAS,CAACsB,EAAWd,IAAQuC,EAAWzB,GAAW,EAAMd,GACzDF,QAAS,CAACiB,EAAYf,IAAQuC,EAAWxB,GAAY,EAAOf,GAEpE,IAyBO,MAAM9f,GAAMiY,GAAW,CAAEzD,UAAW,GAAIkM,YAAa,GAAI8B,UAAW,KAAM,SAAatgB,EAAK8d,EAAOyC,GAQtG,GAPA7I,GAAO1X,GACP0X,GAAOoG,QACKrsB,IAAR8uB,GACA7I,GAAO6I,GAIPzC,EAAM7sB,OAAS,EACf,MAAUL,MAAM,iCACpB,MAAM0vB,EAAY,GAClB,SAASE,EAAYC,EAASC,EAASxqB,GACnC,MAAMkX,EAnCd,SAAoB9W,EAAI8f,EAAMpW,EAAK9J,EAAMqqB,GACrC,MAAMI,EAAmB,MAAPJ,EAAc,EAAIA,EAAItvB,OAClC2vB,EAAItqB,EAAG8d,OAAOpU,EAAK9J,EAAKjF,OAAS0vB,GACnCJ,GACAK,EAAEjN,OAAO4M,GACbK,EAAEjN,OAAOzd,GACT,MAAMgjB,EAAM,IAAIpoB,WAAW,IACrBqlB,EAAOV,GAAWyD,GACpBqH,GACArK,GAAaC,EAAM,EAAGG,OAAmB,EAAZqK,GAAgBvK,GACjDF,GAAaC,EAAM,EAAGG,OAAqB,EAAdpgB,EAAKjF,QAAamlB,GAC/CwK,EAAEjN,OAAOuF,GACT,MAAMgB,EAAM0G,EAAEhN,SAEd,OADAiD,GAAMqC,GACCgB,CACX,CAoBoB2G,CAAW/F,IAAO,EAAO2F,EAASvqB,EAAMqqB,GACpD,IAAK,IAAIpvB,EAAI,EAAGA,EAAIuvB,EAAQzvB,OAAQE,IAChCic,EAAIjc,IAAMuvB,EAAQvvB,GACtB,OAAOic,CACf,CACI,SAAS0T,IACL,MAAM9D,EAAKP,GAAYzc,GACjBygB,EAAU1F,GAAY/oB,QACtB+uB,EAAUhG,GAAY/oB,QAG5B,GAFAqsB,GAAMrB,GAAI,EAAO+D,EAASA,EAASN,GAEd,KAAjB3C,EAAM7sB,OACN8vB,EAAQvvB,IAAIssB,OAEX,CACD,MAAMkD,EAAWjG,GAAY/oB,QAE7BkkB,GADaT,GAAWuL,GACL,EAAG1K,OAAsB,EAAfwH,EAAM7sB,SAAa,GAEhD,MAAMgwB,EAAInG,GAAM1G,OAAOqM,GAAS9M,OAAOmK,GAAOnK,OAAOqN,GACrDC,EAAElH,WAAWgH,GACbE,EAAE3oB,SACd,CAEQ,MAAO,CAAE0kB,KAAIyD,UAASM,UAASL,QADfrC,GAAMrB,GAAI,EAAO+D,EAAShG,IAElD,CACI,MAAO,CACH,OAAAqC,CAAQsB,GACJhH,GAAOgH,GACP,MAAM1B,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpC3L,EAAM,IAAIrkB,WAAW4tB,EAAUztB,OAASqvB,GACxC3D,EAAU,CAACK,EAAIyD,EAASM,EAASL,GAClC9J,GAAY8H,IACb/B,EAAQxqB,KAAMusB,EAAY9I,GAAU8I,IACxCL,GAAMrB,GAAI,EAAO+D,EAASrC,EAAWvJ,GACrC,MAAM/H,EAAMoT,EAAYC,EAASC,EAASvL,EAAI9c,SAAS,EAAG8c,EAAIlkB,OAASqvB,IAIvE,OAHA3D,EAAQxqB,KAAKib,GACb+H,EAAI3jB,IAAI4b,EAAKsR,EAAUztB,QACvB4lB,MAAS8F,GACFxH,CACV,EACD,OAAAuI,CAAQiB,GAEJ,GADAjH,GAAOiH,GACHA,EAAW1tB,OAASqvB,EACpB,MAAU1vB,MAAM,6CACpB,MAAMosB,GAAEA,EAAEyD,QAAEA,EAAOM,QAAEA,EAAOL,QAAEA,GAAYI,IACpCnE,EAAU,CAACK,EAAIyD,EAASC,EAASK,GAClCnK,GAAY+H,IACbhC,EAAQxqB,KAAMwsB,EAAa/I,GAAU+I,IACzC,MAAMzoB,EAAOyoB,EAAWtmB,SAAS,GAAG,IAC9B6oB,EAAYvC,EAAWtmB,UAAS,IAChC+U,EAAMoT,EAAYC,EAASC,EAASxqB,GAE1C,GADAymB,EAAQxqB,KAAKib,IACRyI,GAAWzI,EAAK8T,GACjB,MAAUtwB,MAAM,8BACpB,MAAMukB,EAAMkJ,GAAMrB,GAAI,EAAO+D,EAAS7qB,GAEtC,OADA2gB,MAAS8F,GACFxH,CACV,EAET,IAkHA,SAASgM,GAAUxT,GACf,OAAa,MAALA,GACS,iBAANA,IACNA,aAAa6B,aAAsC,gBAAvB7B,EAAE1e,YAAYqI,KACnD,CACA,SAAS8pB,GAAapE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUpsB,MAAM,+CACpB,MAAM+oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CACA,SAASC,GAAatE,EAAIqE,GAEtB,GADA3J,GAAO2J,EAAO,KACTF,GAAUnE,GACX,MAAUpsB,MAAM,+CACpB,MAAM+oB,EAAMnE,GAAI6L,GAChB,IAAI/J,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIrD,EAAI,GAAIA,EAAI,GAAIA,EAAI,GAAIA,EAAI,IAEjE,OADCA,EAAI,GAAKrC,EAAMqC,EAAI,GAAKpC,EAAMoC,EAAI,GAAKnC,EAAMmC,EAAI,GAAKlC,EAChD4J,CACX,CAOA,MAAME,GAAO,CAiBT,OAAAnE,CAAQoE,EAAKrM,GAGT,GAAIA,EAAIlkB,QAAU,GAAK,GACnB,MAAUL,MAAM,qCACpB,MAAMosB,EAAKP,GAAY+E,GACvB,GAAmB,KAAfrM,EAAIlkB,OACJmwB,GAAapE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAM,EAAGzU,EAAI,EAAGA,IAC5B,IAAK,IAAInY,EAAM,EAAGA,EAAM4oB,EAAIhpB,OAAQI,GAAO,EAAG4sB,IAAO,CACjD,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAO2F,GAAQJ,EAAIyE,EAAIC,EAAIzH,EAAI5oB,GAAM4oB,EAAI5oB,EAAM,IAElEowB,EAAKnK,EAAMoK,EAAKnK,EAAKkE,GAASwC,GAAQhE,EAAI5oB,GAAOmmB,EAAMyC,EAAI5oB,EAAM,GAAKomB,CAC3F,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,EACD,OAAA4G,CAAQ8D,EAAKrM,GACT,GAAIA,EAAIlkB,OAAS,GAAK,GAAK,GACvB,MAAUL,MAAM,sCACpB,MAAMosB,EAAKC,GAAeuE,GACpBG,EAASxM,EAAIlkB,OAAS,EAAI,EAChC,GAAe,IAAX0wB,EACAL,GAAatE,EAAI7H,OAChB,CACD,MAAM8E,EAAMzE,GAAIL,GAEhB,IAAIsM,EAAKxH,EAAI,GAAIyH,EAAKzH,EAAI,GAC1B,IAAK,IAAIzQ,EAAI,EAAGyU,EAAe,EAAT0D,EAAYnY,EAAI,EAAGA,IACrC,IAAK,IAAInY,EAAe,EAATswB,EAAYtwB,GAAO,EAAGA,GAAO,EAAG4sB,IAAO,CAClDyD,GAAMjG,GAASwC,GACf,MAAM3G,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOiG,GAAQV,EAAIyE,EAAIC,EAAIzH,EAAI5oB,GAAM4oB,EAAI5oB,EAAM,IAClEowB,EAAKnK,EAAMoK,EAAKnK,EAAM0C,EAAI5oB,GAAOmmB,EAAMyC,EAAI5oB,EAAM,GAAKomB,CAC3E,CAEawC,EAAI,GAAKwH,EAAMxH,EAAI,GAAKyH,CACrC,CACQ1E,EAAGlG,KAAK,EACX,GAEC8K,GAAW,IAAI9wB,WAAW,GAAGgmB,KAAK,KAQ3B+K,GAAQ9L,GAAW,CAAEzD,UAAW,IAAMkP,IAAS,CACxD,OAAApE,CAAQsB,GAEJ,GADAhH,GAAOgH,IACFA,EAAUztB,QAAUytB,EAAUztB,OAAS,GAAM,EAC9C,MAAUL,MAAM,4BACpB,GAAyB,IAArB8tB,EAAUztB,OACV,MAAUL,MAAM,wDACpB,MAAMukB,EF1rBP,YAAwBnkB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CE4qBoB8H,CAAYJ,GAAUlD,GAElC,OADA6C,GAAKnE,QAAQoE,EAAKrM,GACXA,CACV,EACD,OAAAuI,CAAQiB,GAKJ,GAJAjH,GAAOiH,GAIHA,EAAW1tB,OAAS,GAAM,GAAK0tB,EAAW1tB,OAAS,GACnD,MAAUL,MAAM,6BACpB,MAAMukB,EAAMS,GAAU+I,GAEtB,GADA4C,GAAK7D,QAAQ8D,EAAKrM,IACbU,GAAWV,EAAI9c,SAAS,EAAG,GAAIupB,IAChC,MAAUhxB,MAAM,0BAEpB,OADAukB,EAAI9c,SAAS,EAAG,GAAGye,KAAK,GACjB3B,EAAI9c,SAAS,EACvB,MA+EQ4pB,GAAS,CAClBxF,eACAQ,kBACJG,QAAIA,GACJM,QAAIA,GACA0D,gBACAE,gBACAzD,cACAQ,UC73BE9S,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAElBwW,GAAa7O,GAAaA,GAAW8O,aAAe,GACpDC,GAAY,CAChBjmB,KAAM+lB,GAAW3T,SAAS,YAAc,gBAAa9c,EACrD2K,UAAW8lB,GAAW3T,SAAS,gBAAkB,oBAAiB9c,EAClE4K,MAAO6lB,GAAW3T,SAAS,aAAe,iBAAc9c,EACxD6K,SAAU4lB,GAAW3T,SAAS,UAAY,cAAW9c,EACrD8K,OAAQ2lB,GAAW3T,SAAS,eAAiB,mBAAgB9c,EAC7D+K,OAAQ0lB,GAAW3T,SAAS,eAAiB,mBAAgB9c,EAC7DgL,OAAQylB,GAAW3T,SAAS,eAAiB,mBAAgB9c,GA2F/D,MAAM4wB,GACJ,WAAApzB,CAAY6iB,EAAM9R,EAAK6e,GACrB,MAAMvM,UAAEA,GAAcF,GAAgBN,GACtCziB,KAAK2Q,IAAMA,EACX3Q,KAAKizB,UAAYzD,EACjBxvB,KAAKkzB,UAAY,IAAIzxB,WAAWwhB,GAChCjjB,KAAK8B,EAAI,EACT9B,KAAKijB,UAAYA,EACjBjjB,KAAKmzB,UAAY,IAAI1xB,WAAWzB,KAAKijB,UACzC,CAEE,wBAAamQ,CAAY3Q,GACvB,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOvG,GAAUmX,UAAU,MAAO,IAAI5xB,WAAWuhB,GAAU,WAAW,EAAO,CAAC,YAC3EngB,MAAK,KAAM,IAAM,KAAM,GAC9B,CAEE,aAAMywB,CAAQjE,EAAWkE,GACvB,MAAMC,EAAO,UACbxzB,KAAKyzB,OAASzzB,KAAKyzB,cAAgBvX,GAAUmX,UAAU,MAAOrzB,KAAK2Q,IAAK6iB,GAAM,EAAO,CAAC,YACtF,MAAMlE,QAAmBpT,GAAU6R,QACjC,CAAE9lB,KAAMurB,EAAMhE,GAAI+D,GAAavzB,KAAKmzB,WACpCnzB,KAAKyzB,OACLpE,GAEF,OAAO,IAAI5tB,WAAW6tB,GAAYtmB,SAAS,EAAGqmB,EAAUztB,OAC5D,CAEE,kBAAM8xB,CAAanxB,GACjB,MAAMoxB,EAAU3zB,KAAKkzB,UAAUtxB,OAAS5B,KAAK8B,EACvC8xB,EAAQrxB,EAAMyG,SAAS,EAAG2qB,GAEhC,GADA3zB,KAAKkzB,UAAU/wB,IAAIyxB,EAAO5zB,KAAK8B,GAC1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKijB,UAAY,CACnD,MAAM4Q,GAAYtxB,EAAMX,OAAS+xB,GAAW3zB,KAAKijB,UAC3CoM,EAAYvY,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL3wB,EAAMyG,SAAS2qB,EAASpxB,EAAMX,OAASiyB,KAEnCC,EAAYhd,EAAKpV,iBAAiB,CACtC1B,KAAKizB,UACL5D,EAAUrmB,SAAS,EAAGqmB,EAAUztB,OAAS5B,KAAKijB,aAG1C8Q,QAAwB/zB,KAAKszB,QAAQQ,GAQ3C,OAPAE,GAAOD,EAAiB1E,GACxBrvB,KAAKizB,UAAYc,EAAgBpxB,OAAO3C,KAAKijB,WAGzC4Q,EAAW,GAAG7zB,KAAKkzB,UAAU/wB,IAAII,EAAMyG,UAAU6qB,IACrD7zB,KAAK8B,EAAI+xB,EAEFE,CACb,CAGI,IAAIE,EACJ,GAFAj0B,KAAK8B,GAAK8xB,EAAMhyB,OAEZ5B,KAAK8B,IAAM9B,KAAKkzB,UAAUtxB,OAAQ,CACpC,MAAMsyB,EAAWl0B,KAAKkzB,UACtBe,QAAuBj0B,KAAKszB,QAAQtzB,KAAKizB,WACzCe,GAAOC,EAAgBC,GACvBl0B,KAAKizB,UAAYgB,EAAetxB,QAChC3C,KAAK8B,EAAI,EAET,MAAMiuB,EAAYxtB,EAAMyG,SAAS4qB,EAAMhyB,QACvC5B,KAAKkzB,UAAU/wB,IAAI4tB,EAAW/vB,KAAK8B,GACnC9B,KAAK8B,GAAKiuB,EAAUnuB,MAC1B,MACMqyB,EAAiB,IAAIxyB,WAGvB,OAAOwyB,CACX,CAEE,YAAMttB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CACLzB,KAAKkzB,UAAYlzB,KAAKkzB,UAAUlqB,SAAS,EAAGhJ,KAAK8B,GACjD,MAAMoyB,EAAWl0B,KAAKkzB,UAChBe,QAAuBj0B,KAAKszB,QAAQtzB,KAAKizB,WAC/Ce,GAAOC,EAAgBC,GACvBnyB,EAASkyB,EAAejrB,SAAS,EAAGkrB,EAAStyB,OACnD,CAGI,OADA5B,KAAKm0B,qBACEpyB,CACX,CAEE,kBAAAoyB,GACEn0B,KAAKkzB,UAAUzL,KAAK,GACpBznB,KAAKizB,UAAUxL,KAAK,GACpBznB,KAAKyzB,OAAS,KACdzzB,KAAK2Q,IAAM,IACf,CAEE,aAAMod,CAAQsB,GAEZ,MAKM+E,SAL6Bp0B,KAAKszB,QACtCxc,EAAKpV,iBAAiB,CAAC,IAAID,WAAWzB,KAAKijB,WAAYoM,IACvDrvB,KAAKwvB,KAGyBxmB,SAAS,EAAGqmB,EAAUztB,QAGtD,OAFAoyB,GAAOI,EAAI/E,GACXrvB,KAAKm0B,qBACEC,CACX,EAGA,MAAMC,GACJ,WAAAz0B,CAAY00B,EAAe7R,EAAM9R,EAAK6e,GACpCxvB,KAAKs0B,cAAgBA,EACrB,MAAMrR,UAAEA,GAAcF,GAAgBN,GACtCziB,KAAK2Q,IAAM4jB,GAAgBnH,YAAYzc,GAEnC6e,EAAGnlB,WAAa,GAAM,IAAGmlB,EAAKA,EAAG7sB,SACrC3C,KAAKizB,UAAYuB,GAAehF,GAChCxvB,KAAKkzB,UAAY,IAAIzxB,WAAWwhB,GAChCjjB,KAAK8B,EAAI,EACT9B,KAAKijB,UAAYA,CACrB,CAEE,OAAAwR,CAAQ/F,GACN,MAAMI,EAAQ0F,GAAe9F,GACvBH,EAAM,IAAI9sB,WAAWitB,EAAI9sB,QACzBmtB,EAAQyF,GAAejG,GAC7B,IAAK,IAAIzsB,EAAI,EAAGA,EAAI,GAAKitB,EAAMntB,OAAQE,GAAK,EAAG,CAC7C,MAAQmmB,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,EAAI/B,GAAIgC,GAAOmK,GAAgBxG,QAAQ/tB,KAAK2Q,IAAK3Q,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,GAAIjzB,KAAKizB,UAAU,IACrJlE,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKmoB,EAC9B8E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKooB,EAC9B6E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKqoB,EAC9B4E,EAAMjtB,EAAI,GAAKgtB,EAAMhtB,EAAI,GAAKsoB,EAC9BpqB,KAAKizB,WAAajzB,KAAKs0B,cAAgBvF,EAAQD,GAAOnsB,MAAMb,EAAGA,EAAI,EACzE,CACI,OAAOysB,CACX,CAEE,kBAAMmG,CAAanyB,GACjB,MAAMoxB,EAAU3zB,KAAKkzB,UAAUtxB,OAAS5B,KAAK8B,EACvC8xB,EAAQrxB,EAAMyG,SAAS,EAAG2qB,GAGhC,GAFA3zB,KAAKkzB,UAAU/wB,IAAIyxB,EAAO5zB,KAAK8B,GAE1B9B,KAAK8B,EAAIS,EAAMX,QAAY,EAAI5B,KAAKijB,UAAY,CACnD,MAAM4Q,GAAYtxB,EAAMX,OAAS+xB,GAAW3zB,KAAKijB,UAC3C0R,EAAY7d,EAAKpV,iBAAiB,CACtC1B,KAAKkzB,UACL3wB,EAAMyG,SAAS2qB,EAASpxB,EAAMX,OAASiyB,KAGnCe,EAAkB50B,KAAKy0B,QAAQE,GAMrC,OAHId,EAAW,GAAG7zB,KAAKkzB,UAAU/wB,IAAII,EAAMyG,UAAU6qB,IACrD7zB,KAAK8B,EAAI+xB,EAEFe,CACb,CAII,IAAIC,EACJ,GAHA70B,KAAK8B,GAAK8xB,EAAMhyB,OAGZ5B,KAAK8B,IAAM9B,KAAKkzB,UAAUtxB,OAAQ,CACpCizB,EAAiB70B,KAAKy0B,QAAQz0B,KAAKkzB,WACnClzB,KAAK8B,EAAI,EAET,MAAMiuB,EAAYxtB,EAAMyG,SAAS4qB,EAAMhyB,QACvC5B,KAAKkzB,UAAU/wB,IAAI4tB,EAAW/vB,KAAK8B,GACnC9B,KAAK8B,GAAKiuB,EAAUnuB,MAC1B,MACMizB,EAAiB,IAAIpzB,WAGvB,OAAOozB,CACX,CAEE,YAAMluB,GACJ,IAAI5E,EACJ,GAAe,IAAX/B,KAAK8B,EACPC,EAAS,IAAIN,eACR,CAGLM,EAFuB/B,KAAKy0B,QAAQz0B,KAAKkzB,WAEjBlqB,SAAS,EAAGhJ,KAAK8B,EAC/C,CAGI,OADA9B,KAAKm0B,qBACEpyB,CACX,CAEE,kBAAAoyB,GACEn0B,KAAKkzB,UAAUzL,KAAK,GACpBznB,KAAKizB,UAAUxL,KAAK,GACpBznB,KAAK2Q,IAAI8W,KAAK,EAClB,EAuBA,SAASuM,GAAO1V,EAAGzG,GACjB,MAAMid,EAAUrsB,KAAKsd,IAAIzH,EAAE1c,OAAQiW,EAAEjW,QACrC,IAAK,IAAIE,EAAI,EAAGA,EAAIgzB,EAAShzB,IAC3Bwc,EAAExc,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAEpB,CAEA,MAAM0yB,GAAiBtO,GAAO,IAAI/F,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,8DAnQ/FhI,eAAuBmgB,EAAM9R,EAAK2e,EAAYE,GACnD,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAIuB,IAAc+O,GAAUgC,GAC1B,OAwQJ,SAAqBtS,EAAM9R,EAAKyjB,EAAI5E,GAClC,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvCuS,EAAc,IAAIhR,GAAWiR,iBAAiBlC,GAAUgC,GAAWpkB,EAAK6e,GAC9E,OAAOzV,EAAiBqa,GAAI7xB,GAAS,IAAId,WAAWuzB,EAAY1Q,OAAO/hB,KACzE,CA5QW2yB,CAAYzS,EAAM9R,EAAK2e,EAAYE,GAE5C,GAAI1Y,EAAK0H,MAAMiE,GACb,OA8OJngB,eAA0BmgB,EAAM9R,EAAKyjB,EAAI5E,GACvC,GAAI1Y,EAAK7V,SAASmzB,GAAK,CACrB,MAAMvD,EAAM,IAAIwD,IAAqB,EAAO5R,EAAM9R,EAAK6e,GACvD,OAAOzV,EAAiBqa,GAAI7xB,GAASsuB,EAAI6D,aAAanyB,KAAQ,IAAMsuB,EAAIlqB,UAC5E,CACE,OAAOwuB,GAAYxkB,EAAK6e,GAAInB,QAAQ+F,EACtC,CApPWgB,CAAW3S,EAAM9R,EAAK2e,EAAYE,GAG3C,MACM6F,EAAW,UADU7S,GAAgBC,IACT9R,GAC5B2kB,EAAaD,EAASpS,UAE5B,IAAIsS,EAAS/F,EACT4E,EAAK,IAAI3yB,WACb,MAAM2B,EAAUJ,IACVA,IACFoxB,EAAKtd,EAAKpV,iBAAiB,CAAC0yB,EAAIpxB,KAElC,MAAMqsB,EAAY,IAAI5tB,WAAW2yB,EAAGxyB,QACpC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQoxB,EAAGxyB,QAAU0zB,EAAalB,EAAGxyB,QAAQ,CAClD,MAAM4zB,EAAWH,EAAStH,QAAQwH,GAElC,IADAA,EAASnB,EAAGprB,SAAS,EAAGssB,GACnBxzB,EAAI,EAAGA,EAAIwzB,EAAYxzB,IAC1ButB,EAAUlV,KAAOob,EAAOzzB,GAAK0zB,EAAS1zB,GAExCsyB,EAAKA,EAAGprB,SAASssB,EACvB,CACI,OAAOjG,EAAUrmB,SAAS,EAAGmR,EAAE,EAEjC,OAAOJ,EAAiBuV,EAAYlsB,EAASA,EAC/C,UA5EOd,eAAuBmgB,EAAM9R,EAAK0e,EAAWG,EAAItb,GACtD,MAAM6gB,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GAC7C,GAAI3L,EAAKuF,iBAAmB0W,GAAUgC,GACpC,OA6SJ,SAAqBtS,EAAM9R,EAAK8kB,EAAIjG,GAClC,MAAMuF,EAAWtqB,EAAMpI,KAAKoI,EAAMoC,UAAW4V,GACvCiT,EAAY,IAAI1R,GAAW2R,eAAe5C,GAAUgC,GAAWpkB,EAAK6e,GAC1E,OAAOzV,EAAiB0b,GAAIlzB,GAAS,IAAId,WAAWi0B,EAAUpR,OAAO/hB,KACvE,CAjTWqzB,CAAYnT,EAAM9R,EAAK0e,EAAWG,GAE3C,GAAI1Y,EAAK0H,MAAMiE,GACb,OA8QJngB,eAA0BmgB,EAAM9R,EAAK8kB,EAAIjG,GACvC,GAAItT,UAAmB8W,GAAmBI,YAAY3Q,GAAO,CAC3D,MAAMoO,EAAM,IAAImC,GAAmBvQ,EAAM9R,EAAK6e,GAC9C,OAAO1Y,EAAK7V,SAASw0B,GAAM1b,EAAiB0b,GAAIlzB,GAASsuB,EAAI6C,aAAanxB,KAAQ,IAAMsuB,EAAIlqB,WAAYkqB,EAAI9C,QAAQ0H,EACrH,CAAM,GAAI3e,EAAK7V,SAASw0B,GAAK,CAC5B,MAAM5E,EAAM,IAAIwD,IAAqB,EAAM5R,EAAM9R,EAAK6e,GACtD,OAAOzV,EAAiB0b,GAAIlzB,GAASsuB,EAAI6D,aAAanyB,KAAQ,IAAMsuB,EAAIlqB,UAC5E,CACE,OAAOwuB,GAAYxkB,EAAK6e,GAAIzB,QAAQ0H,EACtC,CAvRWI,CAAWpT,EAAM9R,EAAK0e,EAAWG,GAG1C,MACM6F,EAAW,UADU7S,GAAgBC,IACT9R,GAC5B2kB,EAAaD,EAASpS,UAEtB6S,EAAStG,EAAG7sB,QAClB,IAAI8yB,EAAK,IAAIh0B,WACb,MAAM2B,EAAUJ,IACVA,IACFyyB,EAAK3e,EAAKpV,iBAAiB,CAAC+zB,EAAIzyB,KAElC,MAAMssB,EAAa,IAAI7tB,WAAWg0B,EAAG7zB,QACrC,IAAIE,EACAqY,EAAI,EACR,KAAOnX,EAAQyyB,EAAG7zB,QAAU0zB,EAAaG,EAAG7zB,QAAQ,CAClD,MAAMm0B,EAAWV,EAAStH,QAAQ+H,GAClC,IAAKh0B,EAAI,EAAGA,EAAIwzB,EAAYxzB,IAC1Bg0B,EAAOh0B,GAAK2zB,EAAG3zB,GAAKi0B,EAASj0B,GAC7BwtB,EAAWnV,KAAO2b,EAAOh0B,GAE3B2zB,EAAKA,EAAGzsB,SAASssB,EACvB,CACI,OAAOhG,EAAWtmB,SAAS,EAAGmR,EAAE,EAElC,OAAOJ,EAAiBsV,EAAWjsB,EAASA,EAC9C,IC9EA,MAAM8Y,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAgBlB2Z,GAAc,GAWpB,SAASC,GAAYpvB,EAAMgJ,GACzB,MAAM+I,EAAS/R,EAAKjF,OAASo0B,GAC7B,IAAK,IAAIl0B,EAAI,EAAGA,EAAIk0B,GAAal0B,IAC/B+E,EAAK/E,EAAI8W,IAAW/I,EAAQ/N,GAE9B,OAAO+E,CACT,CAeA,MAAMssB,GAAY,IAAI1xB,WAAWu0B,IAElB1zB,eAAe4zB,GAAKvlB,GACjC,MAAM4e,QAAY4G,GAAIxlB,GAGhBd,EAAUiH,EAAK6E,aAAa4T,EAAI4D,KAChCiD,EAAWtf,EAAK6E,OAAO9L,GAE7B,OAAOvN,eAAeuE,GAEpB,aAAc0oB,EAxBlB,SAAa1oB,EAAMgJ,EAASumB,GAE1B,GAAIvvB,EAAKjF,QAAUiF,EAAKjF,OAASo0B,IAAgB,EAE/C,OAAOC,GAAYpvB,EAAMgJ,GAG3B,MAAM8I,EAAS,IAAIlX,WAAWoF,EAAKjF,QAAUo0B,GAAenvB,EAAKjF,OAASo0B,KAG1E,OAFArd,EAAOxW,IAAI0E,GACX8R,EAAO9R,EAAKjF,QAAU,IACfq0B,GAAYtd,EAAQyd,EAC7B,CAasB1D,CAAI7rB,EAAMgJ,EAASumB,KAAYptB,UAAUgtB,GAC5D,CACH,CAEA1zB,eAAe6zB,GAAIxlB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAemzB,GACpB,MACMrB,EADK,IAAIpQ,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAKwiB,IACpE7O,OAAOmR,GACrB,OAAO,IAAIh0B,WAAW2yB,EACvB,EAGH,GAAItd,EAAKmF,eACP,IAEE,OADAtL,QAAYuL,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1FU,eAAemzB,GACpB,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAM,UAAWunB,GAAI2D,GAAWvxB,OAAsB,EAAdo0B,IAAmBrlB,EAAK8kB,GACrG,OAAO,IAAIh0B,WAAW2yB,GAAIprB,SAAS,EAAGorB,EAAG9pB,WAAa0rB,GACvD,CACF,CAAC,MAAOK,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,OAAOjR,eAAemzB,GACpB,OAAOa,GAAY3lB,EAAKwiB,GAAW,CAAExD,gBAAgB,IAAQ5B,QAAQ0H,EACtE,CACH,CC1EA,MAAMvZ,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAGdwZ,GAAc,GACdO,GAAWP,GACX/E,GAAY+E,GAEZQ,GAAO,IAAI/0B,WAAWu0B,IACtBS,GAAM,IAAIh1B,WAAWu0B,IAAcS,GAAIT,GAAc,GAAK,EAChE,MAAMU,GAAM,IAAIj1B,WAAWu0B,IAE3B1zB,eAAeq0B,GAAKhmB,GAClB,MAAMimB,QAAaV,GAAKvlB,GACxB,OAAO,SAAS+K,EAAGnI,GACjB,OAAOqjB,EAAK9f,EAAKpV,iBAAiB,CAACga,EAAGnI,IACvC,CACH,CAEAjR,eAAeu0B,GAAIlmB,GACjB,GAAImG,EAAKuF,gBACP,OAAO/Z,eAAemzB,EAAIjG,GACxB,MAAMsH,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GAC5E4E,EAAK3X,GAAOjY,OAAO,CAACsyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,UAC5C,OAAO,IAAIt1B,WAAW2yB,EACvB,EAGH,GAAItd,EAAKmF,eACP,IACE,MAAMwX,QAAevX,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,UAAWrG,OAAqB,EAAb+O,EAAI/O,SAAc,EAAO,CAAC,YAC1G,OAAOU,eAAemzB,EAAIjG,GACxB,MAAM4E,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAM,UAAWypB,QAASlC,EAAI5tB,OAAsB,EAAdo0B,IAAmBvC,EAAQgC,GACtG,OAAO,IAAIh0B,WAAW2yB,EACvB,CACF,CAAC,MAAOiC,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,OAAOjR,eAAemzB,EAAIjG,GACxB,OAAOwH,GAAYrmB,EAAK6e,GAAIzB,QAAQ0H,EACrC,CACH,CAQAnzB,eAAe20B,GAAIrU,EAAQjS,GACzB,GAAIiS,IAAWnY,EAAMoC,UAAUK,QAC7B0V,IAAWnY,EAAMoC,UAAUM,QAC3ByV,IAAWnY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,MACE21B,EACAtI,SACQ1uB,QAAQ4E,IAAI,CACpB6xB,GAAKhmB,GACLkmB,GAAIlmB,KAGN,MAAO,CAQLod,QAASzrB,eAAe+sB,EAAWZ,EAAO0I,GACxC,MACEC,EACAC,SACQn3B,QAAQ4E,IAAI,CACpBoyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,KAENG,QAAiB1I,EAAIS,EAAW+H,GAEhCrZ,QADqBmZ,EAAKR,GAAKY,GAErC,IAAK,IAAIx1B,EAAI,EAAGA,EAAImvB,GAAWnvB,IAC7Bic,EAAIjc,IAAMu1B,EAAUv1B,GAAKs1B,EAAUt1B,GAErC,OAAOgV,EAAKpV,iBAAiB,CAAC41B,EAAUvZ,GACzC,EASDsQ,QAAS/rB,eAAegtB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW1tB,OAASqvB,GAAW,MAAU1vB,MAAM,0BACnD,MAAM+1B,EAAWhI,EAAWtmB,SAAS,GAAIioB,IACnCsG,EAAQjI,EAAWtmB,UAAUioB,KAEjCmG,EACAC,EACAG,SACQt3B,QAAQ4E,IAAI,CACpBoyB,EAAKV,GAAM/H,GACXyI,EAAKT,GAAKU,GACVD,EAAKR,GAAKY,KAENvZ,EAAMyZ,EACZ,IAAK,IAAI11B,EAAI,EAAGA,EAAImvB,GAAWnvB,IAC7Bic,EAAIjc,IAAMu1B,EAAUv1B,GAAKs1B,EAAUt1B,GAErC,IAAKgV,EAAKmE,iBAAiBsc,EAAOxZ,GAAM,MAAUxc,MAAM,+BAExD,aADwBqtB,EAAI0I,EAAUF,EAE5C,EAEA,CAnHyCV,GAAIV,GAAc,GAAK,EA2HhEiB,GAAIQ,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEAwI,GAAIjB,YAAcA,GAClBiB,GAAIV,SAAWA,GACfU,GAAIhG,UAAYA,GClJhB,MAAM+E,GAAc,GAOd/E,GAAY,GAGlB,SAAS0G,GAAIhgB,GACX,IAAIggB,EAAM,EACV,IAAK,IAAI71B,EAAI,IAAI6V,EAAI7V,GAAUA,IAAM,EACnC61B,IAEF,OAAOA,CACT,CAEA,SAAS3D,GAAO4D,EAAGC,GACjB,IAAK,IAAI/1B,EAAI,EAAGA,EAAI81B,EAAEh2B,OAAQE,IAC5B81B,EAAE91B,IAAM+1B,EAAE/1B,GAEZ,OAAO81B,CACT,CAEA,SAASE,GAAIF,EAAGC,GACd,OAAO7D,GAAO4D,EAAEj1B,QAASk1B,EAC3B,CAEA,MAAM1E,GAAY,IAAI1xB,WAAWu0B,IAC3BS,GAAM,IAAIh1B,WAAW,CAAC,IAO5Ba,eAAey1B,GAAInV,EAAQjS,GACzB,MAAMqS,QAAEA,GAAYD,GAAgBH,GAEpC,IAAK9L,EAAK0H,MAAMoE,IAAWjS,EAAI/O,SAAWohB,EACxC,MAAUzhB,MAAM,oCAGlB,IAAIy2B,EAAS,EAKb,MAAMC,EAAM3B,GAAY3lB,EAAKwiB,GAAW,CAAExD,gBAAgB,IACpDuI,EAAWlG,GAASiG,EAAIlK,QAAQiE,GAChCmG,EAAWnG,GAASiG,EAAI5J,QAAQ2D,GACtC,IAAIpI,EAmEJ,SAASwO,EAAMnxB,EAAI+I,EAAMye,EAAO0I,GAI9B,MAAMkB,EAAIroB,EAAKpO,OAASo0B,GAAc,GAxDxC,SAA4BhmB,EAAMmnB,GAChC,MAAMmB,EAAYxhB,EAAKsC,MAAM3Q,KAAKC,IAAIsH,EAAKpO,OAAQu1B,EAAMv1B,QAAUo0B,GAAc,GAAK,EACtF,IAAK,IAAIl0B,EAAIk2B,EAAS,EAAGl2B,GAAKw2B,EAAWx2B,IACvC8nB,EAAK9nB,GAAKgV,EAAK6E,OAAOiO,EAAK9nB,EAAI,IAEjCk2B,EAASM,CACb,CAuDIC,CAAmBvoB,EAAMmnB,GAOzB,MAAMqB,EAAc1hB,EAAKpV,iBAAiB,CAACyxB,GAAUnqB,SAAS,EAtIjD,GAsI+DylB,EAAM7sB,QAAS60B,GAAKhI,IAE1FgK,EAAwC,GAA/BD,EAAYxC,IAE3BwC,EAAYxC,KAAoB,IAChC,MAAM0C,EAAOR,EAASM,GAEhBG,EAAY7hB,EAAKpV,iBAAiB,CAACg3B,EAAMZ,GAAIY,EAAK1vB,SAAS,EAAG,GAAI0vB,EAAK1vB,SAAS,EAAG,MAEnF4P,EAAS9B,EAAKgF,WAAW6c,EAAU3vB,SAAS,GAAKyvB,GAAU,GAAI,IAAMA,GAAU,IAAK,GAAc,EAATA,IAAazvB,SAAS,GAE/G4vB,EAAW,IAAIn3B,WAAWu0B,IAE1B5B,EAAK,IAAI3yB,WAAWuO,EAAKpO,OAASqvB,IAKxC,IAAInvB,EACAE,EAAM,EACV,IAAKF,EAAI,EAAGA,EAAIu2B,EAAGv2B,IAEjBkyB,GAAOpb,EAAQgR,EAAK+N,GAAI71B,EAAI,KAG5BsyB,EAAGjyB,IAAI6xB,GAAO/sB,EAAG6wB,GAAIlf,EAAQ5I,IAAQ4I,GAAS5W,GAE9CgyB,GAAO4E,EAAU3xB,IAAOixB,EAAWloB,EAAOokB,EAAGprB,SAAShH,IAEtDgO,EAAOA,EAAKhH,SAASgtB,IACrBh0B,GAAOg0B,GAMT,GAAIhmB,EAAKpO,OAAQ,CAEfoyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAM3L,EAAUqoB,EAAStf,GAEzBwb,EAAGjyB,IAAI21B,GAAI9nB,EAAMH,GAAU7N,GAG3B,MAAM62B,EAAW,IAAIp3B,WAAWu0B,IAChC6C,EAAS12B,IAAI8E,IAAOixB,EAAWloB,EAAOokB,EAAGprB,SAAShH,GAAK,IAAa,GACpE62B,EAAS7oB,EAAKpO,QAAU,IACxBoyB,GAAO4E,EAAUC,GACjB72B,GAAOgO,EAAKpO,MAClB,CAEI,MAAMmc,EAAMiW,GAAOkE,EAASlE,GAAOA,GAAO4E,EAAUhgB,GAASgR,EAAKkP,IAhHpE,SAAc3B,GACZ,IAAKA,EAAMv1B,OAET,OAAOuxB,GAMT,MAAMkF,EAAIlB,EAAMv1B,OAASo0B,GAAc,EAEjCpd,EAAS,IAAInX,WAAWu0B,IACxBvD,EAAM,IAAIhxB,WAAWu0B,IAC3B,IAAK,IAAIl0B,EAAI,EAAGA,EAAIu2B,EAAGv2B,IACrBkyB,GAAOpb,EAAQgR,EAAK+N,GAAI71B,EAAI,KAC5BkyB,GAAOvB,EAAKyF,EAASJ,GAAIlf,EAAQue,KACjCA,EAAQA,EAAMnuB,SAASgtB,IAMzB,GAAImB,EAAMv1B,OAAQ,CAChBoyB,GAAOpb,EAAQgR,EAAKpO,GAEpB,MAAMud,EAAc,IAAIt3B,WAAWu0B,IACnC+C,EAAY52B,IAAIg1B,EAAO,GACvB4B,EAAY5B,EAAMv1B,QAAU,IAC5BoyB,GAAO+E,EAAangB,GAEpBob,GAAOvB,EAAKyF,EAASa,GAC3B,CAEI,OAAOtG,CACX,CA8E2E9kB,CAAKwpB,IAO5E,OADA/C,EAAGjyB,IAAI4b,EAAK/b,GACLoyB,CACX,CAGE,OA9IA,WACE,MAAM4E,EAASd,EAAS/E,IAClB8F,EAASniB,EAAK6E,OAAOqd,GAC3BpP,EAAO,GACPA,EAAK,GAAK9S,EAAK6E,OAAOsd,GAGtBrP,EAAKpO,EAAIwd,EACTpP,EAAKkP,EAAIG,CACb,CAXEC,GAgJO,CAQLnL,QAASzrB,eAAe+sB,EAAWZ,EAAO0I,GACxC,OAAOiB,EAAMF,EAAU7I,EAAWZ,EAAO0I,EAC1C,EASD9I,QAAS/rB,eAAegtB,EAAYb,EAAO0I,GACzC,GAAI7H,EAAW1tB,OAASqvB,GAAW,MAAU1vB,MAAM,0BAEnD,MAAMwc,EAAMuR,EAAWtmB,UAAS,IAChCsmB,EAAaA,EAAWtmB,SAAS,GAAG,IAEpC,MAAMmwB,EAAUf,EAAMD,EAAU7I,EAAYb,EAAO0I,GAEnD,GAAIrgB,EAAKmE,iBAAiB8C,EAAKob,EAAQnwB,UAAS,KAC9C,OAAOmwB,EAAQnwB,SAAS,GAAG,IAE7B,MAAUzH,MAAM,8BACtB,EAEA,CAQAw2B,GAAIN,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEAsJ,GAAI/B,YAAcA,GAClB+B,GAAIxB,SAvPa,GAwPjBwB,GAAI9G,UAAYA,GCxPhB,MAAM/U,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClBI,GAAS3F,EAAK0F,gBAIdyU,GAAY,GACZmI,GAAO,UAOb92B,eAAe+2B,GAAIzW,EAAQjS,GACzB,GAAIiS,IAAWnY,EAAMoC,UAAUK,QAC7B0V,IAAWnY,EAAMoC,UAAUM,QAC3ByV,IAAWnY,EAAMoC,UAAUO,OAC3B,MAAU7L,MAAM,qCAGlB,GAAIuV,EAAKuF,gBACP,MAAO,CACL0R,QAASzrB,eAAemzB,EAAIjG,EAAI2H,EAAQ,IAAI11B,YAC1C,MAAMq1B,EAAK,IAAI9S,GAAW2R,eAAe,OAAuB,EAAbhlB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GAClFsH,EAAGwC,OAAOnC,GACV,MAAM/C,EAAK3X,GAAOjY,OAAO,CAACsyB,EAAGxS,OAAOmR,GAAKqB,EAAGC,QAASD,EAAGyC,eACxD,OAAO,IAAI93B,WAAW2yB,EACvB,EAED/F,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,EAAQ,IAAI11B,YAC1C,MAAM+3B,EAAK,IAAIxV,GAAWiR,iBAAiB,OAAuB,EAAbtkB,EAAI/O,OAAc,OAAQ+O,EAAK6e,GACpFgK,EAAGF,OAAOnC,GACVqC,EAAGC,WAAWrF,EAAGzxB,MAAMyxB,EAAGxyB,OAASqvB,GAAWmD,EAAGxyB,SACjD,MAAM6zB,EAAKhZ,GAAOjY,OAAO,CAACg1B,EAAGlV,OAAO8P,EAAGzxB,MAAM,EAAGyxB,EAAGxyB,OAASqvB,KAAauI,EAAGzC,UAC5E,OAAO,IAAIt1B,WAAWg0B,EAC9B,GAIE,GAAI3e,EAAKmF,eACP,IACE,MAAMyd,QAAaxd,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAMmxB,KAAQ,EAAO,CAAC,UAAW,YAEhFO,EAAoChd,UAAUid,UAAUja,MAAM,kCAClEhD,UAAUid,UAAUja,MAAM,kDAC5B,MAAO,CACLoO,QAASzrB,eAAemzB,EAAIjG,EAAI2H,EAAQ,IAAI11B,YAC1C,GAAIk4B,IAAsClE,EAAG7zB,OAC3C,OAAOi4B,GAAYlpB,EAAK6e,EAAI2H,GAAOpJ,QAAQ0H,GAE7C,MAAMrB,QAAWlY,GAAU6R,QAAQ,CAAE9lB,KAAMmxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMjE,GAC9G,OAAO,IAAIh0B,WAAW2yB,EACvB,EAED/F,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,EAAQ,IAAI11B,YAC1C,GAAIk4B,GAAqCvF,EAAGxyB,SAAWqvB,GACrD,OAAO4I,GAAYlpB,EAAK6e,EAAI2H,GAAO9I,QAAQ+F,GAE7C,IACE,MAAMqB,QAAWvZ,GAAUmS,QAAQ,CAAEpmB,KAAMmxB,GAAM5J,KAAIsK,eAAgB3C,EAAOlG,UAAWA,KAAiByI,EAAMtF,GAC9G,OAAO,IAAI3yB,WAAWg0B,EACvB,CAAC,MAAOvxB,GACP,GAAe,mBAAXA,EAAE+D,KACJ,MAAU1G,MAAM,8BAE9B,CACA,EAEK,CAAC,MAAO80B,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACvE,CAGE,MAAO,CACLwa,QAASzrB,eAAemzB,EAAIjG,EAAI2H,GAC9B,OAAO0C,GAAYlpB,EAAK6e,EAAI2H,GAAOpJ,QAAQ0H,EAC5C,EAEDpH,QAAS/rB,eAAe8xB,EAAI5E,EAAI2H,GAC9B,OAAO0C,GAAYlpB,EAAK6e,EAAI2H,GAAO9I,QAAQ+F,EACjD,EAEA,CAWAiF,GAAI5B,SAAW,SAASjI,EAAIkI,GAC1B,MAAMjJ,EAAQe,EAAG7sB,QACjB,IAAK,IAAIb,EAAI,EAAGA,EAAI41B,EAAW91B,OAAQE,IACrC2sB,EAAM,EAAI3sB,IAAM41B,EAAW51B,GAE7B,OAAO2sB,CACT,EAEA4K,GAAIrD,YAvGgB,GAwGpBqD,GAAI9C,SAvGa,GAwGjB8C,GAAIpI,UAAYA,GC9HhB,IAAeuC,GAAA,CAEb3C,IAAKA,GAELpiB,IAAKA,GACLC,gBAAiBD,GAEjBF,IAAKA,GAELC,IAAKA,ICjBP,MAAMurB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAEb,SAAUgT,GAAmB9vB,GACjC,MAAMuP,EAAc,mBACpB,IAAIC,EAAI,GAIR,OAHAxP,EAAMlI,SAAQ2X,IACZD,GAAKD,EAAYE,GAAK,GAAKF,EAAgB,GAAJE,EAAO,IAEzCqN,OAAO,MAAQtN,EACxB,CAEgB,SAAAugB,GAAI5b,EAAW+Z,GAC7B,MAAM8B,EAAU7b,EAAI+Z,EACpB,OAAO8B,EAAUJ,GAAMI,EAAU9B,EAAI8B,CACvC,UASgBC,GAAOviB,EAAW3T,EAAWyT,GAC3C,GAAIA,IAAMoiB,GAAK,MAAMx4B,MAAM,yBAC3B,GAAIoW,IAAMqiB,GAAK,OAAO/S,OAAO,GAC7B,GAAI/iB,EAAI61B,GAAK,MAAMx4B,MAAM,iCAEzB,IAAI84B,EAAMn2B,EACNsX,EAAI3D,EAER2D,GAAK7D,EACL,IAAI8D,EAAIwL,OAAO,GACf,KAAOoT,EAAMN,IAAK,CAChB,MAAMO,EAAMD,EAAML,GAClBK,IAAQL,GAIRve,EAAI6e,EAFQ7e,EAAID,EAAK7D,EAEN8D,EACfD,EAAKA,EAAIA,EAAK7D,EAEhB,OAAO8D,CACT,CAGA,SAAS8e,GAAI/e,GACX,OAAOA,GAAKue,GAAMve,GAAKA,CACzB,CAsDgB,SAAAgf,GAAOlc,EAAW3G,GAChC,MAAM8iB,IAAEA,EAAGjf,EAAEA,GA7Cf,SAAekf,EAAgBC,GAC7B,IAAInf,EAAIyL,OAAO,GACX2T,EAAI3T,OAAO,GACX4T,EAAQ5T,OAAO,GACf6T,EAAQ7T,OAAO,GAKf3I,EAAIic,GAAIG,GACR7iB,EAAI0iB,GAAII,GACZ,MAAMI,EAAWL,EAASX,GACpBiB,EAAWL,EAASZ,GAE1B,KAAOliB,IAAMkiB,IAAK,CAChB,MAAMpW,EAAIrF,EAAIzG,EACd,IAAI2T,EAAMhQ,EACVA,EAAIqf,EAAQlX,EAAInI,EAChBqf,EAAQrP,EAERA,EAAMoP,EACNA,EAAIE,EAAQnX,EAAIiX,EAChBE,EAAQtP,EAERA,EAAM3T,EACNA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAGN,MAAO,CACLhQ,EAAGuf,GAAYF,EAAQA,EACvBD,EAAGI,GAAYF,EAAQA,EACvBL,IAAKnc,EAET,CAWqB2c,CAAM3c,EAAG3G,GAC5B,GAAI8iB,IAAQT,GACV,MAAUz4B,MAAM,0BAElB,OAAO24B,GAAI1e,EAAI7D,EAAGA,EACpB,CAwBM,SAAUujB,GAAe1f,GAC7B,MAAM2f,EAAS/T,OAAO5L,GACtB,GAAI2f,EAAS/T,OAAOgU,iBAElB,MAAU75B,MAAM,8CAElB,OAAO45B,CACT,CAQgB,SAAAE,GAAO7f,EAAU1Z,GAE/B,OADa0Z,GAAKyL,OAAOnlB,GAAMk4B,MAChBD,GAAM,EAAI,CAC3B,CAKM,SAAUuB,GAAU9f,GAGxB,MAAMhW,EAASgW,EAAIue,GAAM9S,QAAQ,GAAK8S,GACtC,IAAIwB,EAAS,EACT/P,EAAMhQ,EAEV,MAAQgQ,IAAQwO,MAASx0B,GACvB+1B,IAEF,OAAOA,CACT,CAKM,SAAUjxB,GAAWkR,GACzB,MAAMhW,EAASgW,EAAIue,GAAM9S,QAAQ,GAAK8S,GAChCyB,EAAMvU,OAAO,GACnB,IAAIoG,EAAM,EACN7B,EAAMhQ,EAEV,MAAQgQ,IAAQgQ,KAASh2B,GACvB6nB,IAEF,OAAOA,CACT,CAQM,SAAUoO,GAAmBjgB,EAAWkgB,EAAS,KAAM95B,GAG3D,IAAI0X,EAAMkC,EAAEgF,SAAS,IACjBlH,EAAI1X,OAAS,GAAM,IACrB0X,EAAM,IAAMA,GAGd,MAAMqiB,EAAYriB,EAAI1X,OAAS,EACzBuI,EAAQ,IAAI1I,WAAWG,GAAU+5B,GAEjC/iB,EAAShX,EAASA,EAAS+5B,EAAY,EAC7C,IAAI75B,EAAI,EACR,KAAOA,EAAI65B,GACTxxB,EAAMrI,EAAI8W,GAAUY,SAASF,EAAI3W,MAAM,EAAIb,EAAG,EAAIA,EAAI,GAAI,IAC1DA,IAOF,MAJe,OAAX45B,GACFvxB,EAAM6gB,UAGD7gB,CACT,CC7LA,MAAM6Z,GAAalN,EAAKuF,gBAOjB,SAASuf,GAAeh6B,GAC7B,MAAM0a,EAA8B,oBAAXH,OAAyBA,OAAS6H,IAAY1H,UACvE,GAAIA,GAAWuf,gBAAiB,CAC9B,MAAMjd,EAAM,IAAInd,WAAWG,GAC3B,OAAO0a,EAAUuf,gBAAgBjd,EACrC,CACI,MAAUrd,MAAM,+CAEpB,CASO,SAASu6B,GAAoB/V,EAAKrd,GACvC,GAAIA,EAAMqd,EACR,MAAUxkB,MAAM,uCAGlB,MAAMw6B,EAAUrzB,EAAMqd,EAOtB,OAAOmU,GADGD,GAAmB2B,GALftxB,GAAWyxB,GAK2B,IACtCA,GAAWhW,CAC3B,8FCvCA,MAAMiU,GAAM/S,OAAO,YAQH+U,GAAoBhgB,EAAc9X,EAAWqV,GAC3D,MAAM0iB,EAAOhV,OAAO,IACdlB,EAAMiU,IAAO/S,OAAOjL,EAAO,GAO3BkgB,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAErG,IAAIvkB,EAAImkB,GAAoB/V,EAAKA,GAAOiU,IACpCl4B,EAAIo5B,GAAehB,GAAIviB,EAAGskB,IAE9B,GACEtkB,GAAKsP,OAAOiV,EAAKp6B,IACjBA,GAAKA,EAAIo6B,EAAKp6B,IAAMo6B,EAAKt6B,OAErB05B,GAAU3jB,GAAKqE,IACjBrE,EAAIuiB,GAAIviB,EAAGoO,GAAOiU,IAAMriB,GAAKoO,EAC7BjkB,EAAIo5B,GAAehB,GAAIviB,EAAGskB,YAEpBE,GAAgBxkB,EAAGzT,EAAGqV,IAChC,OAAO5B,CACT,UAQgBwkB,GAAgBxkB,EAAWzT,EAAWqV,GACpD,QAAIrV,GFsDU,SAAIw2B,EAAgBC,GAClC,IAAIrc,EAAIoc,EACJ7iB,EAAI8iB,EACR,KAAO9iB,IAAMkiB,IAAK,CAChB,MAAMvO,EAAM3T,EACZA,EAAIyG,EAAIzG,EACRyG,EAAIkN,EAEN,OAAOlN,CACT,CE/DWmc,CAAI9iB,EAAIqiB,GAAK91B,KAAO81B,QA2BzB,SAAuBriB,GAC3B,MAAMoiB,EAAM9S,OAAO,GACnB,OAAOmV,GAAYC,OAAMhE,GAAK6B,GAAIviB,EAAG0gB,KAAO0B,GAC9C,CA3BOuC,CAAa3kB,OAoBd,SAAiBA,EAAWE,EAAIoP,OAAO,IAC3C,OAAOmT,GAAOviB,EAAGF,EAAIqiB,GAAKriB,KAAOqiB,EACnC,CAnBOuC,CAAO5kB,eAoJcA,EAAW4B,GACrC,MAAM8T,EAAMiO,GAAU3jB,GAEjB4B,IACHA,EAAI9Q,KAAKC,IAAI,EAAI2kB,EAAM,GAAM,IAG/B,MAAMmP,EAAK7kB,EAAIqiB,GAGf,IAAIrgB,EAAI,EACR,MAAQ0hB,GAAOmB,EAAI7iB,IAAMA,IACzB,MAAMyJ,EAAIzL,GAAKsP,OAAOtN,GAEtB,KAAOJ,EAAI,EAAGA,IAAK,CAGjB,IAKIzX,EALA0Z,EAAI4e,GAFkB0B,GAAoB7U,OAAO,GAAIuV,GAEvCpZ,EAAGzL,GACrB,GAAI6D,IAAMwe,IAAOxe,IAAMghB,EAAvB,CAKA,IAAK16B,EAAI,EAAGA,EAAI6X,EAAG7X,IAAK,CAGtB,GAFA0Z,EAAI0e,GAAI1e,EAAIA,EAAG7D,GAEX6D,IAAMwe,GACR,OAAO,EAET,GAAIxe,IAAMghB,EACR,MAIJ,GAAI16B,IAAM6X,EACR,OAAO,GAIX,OAAO,CACT,CAzLO8iB,CAAY9kB,EAAG4B,IAMtB,CAkBA,MAAM6iB,GAAc,CAClB,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GACvC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,IAC5C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAAK,IAC7C,IAAK,IAAK,KAAM,KAAM,KAAM,KAAM,KAAM,KACxC,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,KAC1C,KAAM,KAAM,KAAM,KAAM,KAAM,KAAM,MACpCz3B,KAAIgT,GAAKsP,OAAOtP,KCjJlB,MAAM+kB,GAAe,GAyCd,SAASC,GAAUppB,EAASqpB,GACjC,MAAMC,EAAUtpB,EAAQ3R,OAExB,GAAIi7B,EAAUD,EAAY,GACxB,MAAUr7B,MAAM,oBAIlB,MAAMu7B,EA7BR,SAAyBl7B,GACvB,MAAMG,EAAS,IAAIN,WAAWG,GAC9B,IAAIm7B,EAAQ,EACZ,KAAOA,EAAQn7B,GAAQ,CACrB,MAAMo7B,EAAcpB,GAAeh6B,EAASm7B,GAC5C,IAAK,IAAIj7B,EAAI,EAAGA,EAAIk7B,EAAYp7B,OAAQE,IACf,IAAnBk7B,EAAYl7B,KACdC,EAAOg7B,KAAWC,EAAYl7B,GAGtC,CACE,OAAOC,CACT,CAiBak7B,CAAgBL,EAAYC,EAAU,GAG3C/d,EAAU,IAAIrd,WAAWm7B,GAM/B,OAJA9d,EAAQ,GAAK,EACbA,EAAQ3c,IAAI26B,EAAI,GAEhBhe,EAAQ3c,IAAIoR,EAASqpB,EAAYC,GAC1B/d,CACT,CAUO,SAASoe,GAAUpe,EAASqe,GAEjC,IAAIvkB,EAAS,EACTwkB,EAAoB,EACxB,IAAK,IAAIjjB,EAAIvB,EAAQuB,EAAI2E,EAAQld,OAAQuY,IACvCijB,GAAoC,IAAfte,EAAQ3E,GAC7BvB,GAAUwkB,EAGZ,MAAMC,EAAQzkB,EAAS,EACjB0kB,EAAUxe,EAAQ9V,SAAS4P,EAAS,GACpC2kB,EAAgC,IAAfze,EAAQ,GAA0B,IAAfA,EAAQ,GAAWue,GAAS,GAAKD,EAE3E,GAAID,EACF,OAAOrmB,EAAKsH,iBAAiBmf,EAAgBD,EAASH,GAGxD,GAAII,EACF,OAAOD,EAGT,MAAU/7B,MAAM,mBAClB,CAUO,SAASi8B,GAAW/a,EAAMgb,EAAQC,GACvC,IAAI57B,EACJ,GAAI27B,EAAO77B,SAAW+L,GAAK2X,kBAAkB7C,GAC3C,MAAUlhB,MAAM,uBAIlB,MAAMo8B,EAAa,IAAIl8B,WAAWi7B,GAAaja,GAAM7gB,QACrD,IAAKE,EAAI,EAAGA,EAAI46B,GAAaja,GAAM7gB,OAAQE,IACzC67B,EAAW77B,GAAK46B,GAAaja,GAAM3gB,GAGrC,MAAM87B,EAAOD,EAAW/7B,OAAS67B,EAAO77B,OACxC,GAAI87B,EAAQE,EAAO,GACjB,MAAUr8B,MAAM,6CAIlB,MAAMu7B,EAAK,IAAIr7B,WAAWi8B,EAAQE,EAAO,GAAGnW,KAAK,KAI3CoW,EAAK,IAAIp8B,WAAWi8B,GAK1B,OAJAG,EAAG,GAAK,EACRA,EAAG17B,IAAI26B,EAAI,GACXe,EAAG17B,IAAIw7B,EAAYD,EAAQE,GAC3BC,EAAG17B,IAAIs7B,EAAQC,EAAQD,EAAO77B,QACvBi8B,CACT,CAhIAnB,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EACjH,IACFA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,EAAM,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IACvGA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,GAAK,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EACjH,EAAM,IACRA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,IACdA,GAAa,IAAM,CAAC,GAAM,GAAM,GAAM,GAAM,EAAM,EAAM,GAAM,IAAM,GAAM,EAAM,IAAM,EAAM,EAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,gGCfd,MAAMxgB,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAClB2d,GAAM/S,OAAO,GAuXnB3kB,eAAew7B,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACzC,MAAMC,EAAO/D,GAAmB9M,GAC1B8Q,EAAOhE,GAAmBtW,GAC1Bua,EAAOjE,GAAmB7W,GAEhC,IAAI+a,EAAKjE,GAAIgE,EAAMD,EAAOjE,IACtBoE,EAAKlE,GAAIgE,EAAMF,EAAOhE,IAG1B,OAFAoE,EAAK3C,GAAmB2C,GACxBD,EAAK1C,GAAmB0C,GACjB,CACLE,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBkf,EAAG7D,EAAgB6D,GAEnB+J,EAAG5N,EAAgBoE,GACnBA,EAAGpE,EAAgB4N,GAEnBiR,GAAI7e,EAAgB4e,GACpBA,GAAI5e,EAAgB6e,GACpBE,GAAI/e,EAAgBwe,GACpBQ,KAAK,EAET,CAQA,SAASC,GAAY7mB,EAAGzT,GACtB,MAAO,CACLm6B,IAAK,MACL1mB,EAAG4H,EAAgB5H,GACnBzT,EAAGqb,EAAgBrb,GACnBq6B,KAAK,EAET,CAGA,SAASE,GAAaC,EAAKx6B,GACzB,MAAO,CACLyT,EAAGyH,EAAgBsf,EAAI/mB,GACvBzT,EAAGu3B,GAAmBv3B,GACtBkf,EAAGhE,EAAgBsf,EAAItb,GAEvB+J,EAAG/N,EAAgBsf,EAAI/a,GACvBA,EAAGvE,EAAgBsf,EAAIvR,GAEvB4Q,EAAG3e,EAAgBsf,EAAIJ,IAE3B,2DA7UOh8B,eAAuBuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAIpD,GAAIrmB,EAAKuF,kBAAoB8gB,EAC3B,IACE,aAiON76B,eAA2BuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,MAAMW,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACxCptB,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAQ1qB,KAAM,QAASpE,QAASmU,GAAW4a,UAAUC,mBAErF,IACE,OAAO,IAAIp9B,WAAWuiB,GAAW8a,eAAenuB,EAAK9J,GACtD,CAAC,MAAOwvB,GACP,MAAU90B,MAAM,mBACpB,CACA,CA1OmB2zB,CAAYruB,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAC/C,CAAC,MAAO1H,GACPvf,EAAKyE,gBAAgB8a,EAC3B,CAEE,OAuOF/zB,eAAyBuE,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,GAQ/C,GAPAt2B,EAAOozB,GAAmBpzB,GAC1B8Q,EAAIsiB,GAAmBtiB,GACvBzT,EAAI+1B,GAAmB/1B,GACvBkf,EAAI6W,GAAmB7W,GACvB+J,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBoa,EAAI9D,GAAmB8D,GACnBl3B,GAAQ8Q,EACV,MAAUpW,MAAM,mBAElB,MAAM48B,EAAKjE,GAAI9W,EAAGO,EAAIqW,IAChBoE,EAAKlE,GAAI9W,EAAG+J,EAAI6M,IAEhB+E,EAAYjD,GAAoB7U,OAAO,GAAItP,GAC3CqnB,EAAU5E,GAAOI,GAAOuE,EAAWpnB,GAAIzT,EAAGyT,GAChD9Q,EAAOqzB,GAAIrzB,EAAOm4B,EAASrnB,GAE3B,MAAMsnB,EAAK7E,GAAOvzB,EAAMu3B,EAAIjR,GACtB+R,EAAK9E,GAAOvzB,EAAMs3B,EAAIxa,GACtB4N,EAAI2I,GAAI6D,GAAKmB,EAAKD,GAAKtb,GAE7B,IAAI5hB,EAASwvB,EAAIpE,EAAI8R,EAIrB,OAFAl9B,EAASm4B,GAAIn4B,EAASg9B,EAAWpnB,GAE1BulB,GAAUzB,GAAmB15B,EAAQ,KAAMuI,GAAWqN,IAAKwlB,EACpE,CAlQSgC,CAAUt4B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EAC3C,UAlCO76B,eAAuBuE,EAAM8Q,EAAGzT,GACrC,OAAI4S,EAAKuF,gBA2OX/Z,eAA2BuE,EAAM8Q,EAAGzT,GAClC,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,QAASpE,QAASmU,GAAW4a,UAAUC,mBAEpF,OAAO,IAAIp9B,WAAWuiB,GAAWob,cAAczuB,EAAK9J,GACtD,CA/OW+uB,CAAY/uB,EAAM8Q,EAAGzT,GAiPhC5B,eAAyBuE,EAAM8Q,EAAGzT,GAIhC,GAHAyT,EAAIsiB,GAAmBtiB,GACvB9Q,EAAOozB,GAAmB0C,GAAU91B,EAAMyD,GAAWqN,KACrDzT,EAAI+1B,GAAmB/1B,GACnB2C,GAAQ8Q,EACV,MAAUpW,MAAM,2CAElB,OAAOk6B,GAAmBrB,GAAOvzB,EAAM3C,EAAGyT,GAAI,KAAMrN,GAAWqN,GACjE,CAvPS0nB,CAAUx4B,EAAM8Q,EAAGzT,EAC5B,WA4CO5B,eAAwB0Z,EAAM9X,GAInC,GAHAA,EAAI+iB,OAAO/iB,GAGP4S,EAAKmF,eAAgB,CACvB,MAAMqjB,EAAY,CAChBr3B,KAAM,oBACNs3B,cAAevjB,EACfwjB,eAAgB/D,GAAmBv3B,GACnCyJ,KAAM,CACJ1F,KAAM,UAGJw3B,QAAgBvjB,GAAUwjB,YAAYJ,GAAW,EAAM,CAAC,OAAQ,WAMtE,OAAOb,SAFWviB,GAAUyjB,UAAU,MAAOF,EAAQjsB,YAE5BtP,EAC7B,CAAS,GAAI4S,EAAKuF,gBAAiB,CAC/B,MAAMoT,EAAO,CACX8P,cAAevjB,EACfwjB,eAAgBtE,GAAeh3B,GAC/B07B,kBAAmB,CAAE3rB,KAAM,QAAS0qB,OAAQ,OAC5CkB,mBAAoB,CAAE5rB,KAAM,QAAS0qB,OAAQ,QAEzCD,QAAY,IAAIx+B,SAAQ,CAACC,EAASC,KACtC4jB,GAAW8b,gBAAgB,MAAOrQ,GAAM,CAAC4G,EAAKpK,EAAG8T,KAC3C1J,EACFj2B,EAAOi2B,GAEPl2B,EAAQ4/B,EAClB,GACQ,IAEJ,OAAOtB,GAAaC,EAAKx6B,EAC7B,CAKE,IAAIipB,EACAxJ,EACAhM,EACJ,GACEgM,EAAIqY,GAAoBhgB,GAAQA,GAAQ,GAAI9X,EAAG,IAC/CipB,EAAI6O,GAAoBhgB,GAAQ,EAAG9X,EAAG,IACtCyT,EAAIwV,EAAIxJ,QACD2X,GAAU3jB,KAAOqE,GAE1B,MAAMgkB,GAAO7S,EAAI6M,KAAQrW,EAAIqW,IAM7B,OAJIrW,EAAIwJ,KACLA,EAAGxJ,GAAK,CAACA,EAAGwJ,IAGR,CACLxV,EAAG8jB,GAAmB9jB,GACtBzT,EAAGu3B,GAAmBv3B,GACtBkf,EAAGqY,GAAmBjB,GAAOt2B,EAAG87B,IAChC7S,EAAGsO,GAAmBtO,GACtBxJ,EAAG8X,GAAmB9X,GAGtBoa,EAAGtC,GAAmBjB,GAAOrN,EAAGxJ,IAEpC,OA7KOrhB,eAAoB29B,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAC3D,GAAI9vB,GAAK2X,kBAAkB2a,IAAatoB,EAAE/V,OAKxC,MAAUL,MAAM,8CAGlB,GAAIsF,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aA2NR3Z,eAAuB49B,EAAUr5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAQpD,MAAMW,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACxCtb,EAAO,CACXxa,KAAM,oBACN0F,KAAM,CAAE1F,KAAMi4B,IAEVvvB,QAAYuL,GAAUmX,UAAU,MAAOqL,EAAKjc,GAAM,EAAO,CAAC,SAChE,OAAO,IAAIhhB,iBAAiBya,GAAUikB,KAAK,oBAAqBxvB,EAAK9J,GACvE,CA1OqBu5B,CAAQ31B,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GAAWp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAChF,CAAC,MAAO1H,GACPvf,EAAKyE,gBAAgB8a,EAC7B,MACW,GAAIvf,EAAKuF,gBACd,OAuON/Z,eAAwB29B,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GACrD,MAAMoC,EAAOnc,GAAWqc,WAAW51B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC1DE,EAAKp9B,MAAM8D,GACXs5B,EAAK73B,MAEL,MAAMo2B,QAAYZ,GAAanmB,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAC9C,OAAO,IAAIt8B,WAAW0+B,EAAKA,KAAK,CAAExvB,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,UACnE,CA9OaqsB,CAASL,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAGnD,OA4MFz7B,eAAsB29B,EAAUtoB,EAAGyL,EAAGqa,GACpC9lB,EAAIsiB,GAAmBtiB,GACvB,MAAM0gB,EAAI4B,GAAmBuD,GAAWyC,EAAUxC,EAAQnzB,GAAWqN,KAErE,OADAyL,EAAI6W,GAAmB7W,GAChBqY,GAAmBrB,GAAO/B,EAAGjV,EAAGzL,GAAI,KAAMrN,GAAWqN,GAC9D,CAjNS4oB,CAAON,EAAUtoB,EAAGyL,EAAGqa,EAChC,iBAqKOn7B,eAA8BqV,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,GAMlD,GALApmB,EAAIsiB,GAAmBtiB,IACvBwV,EAAI8M,GAAmB9M,KACvBxJ,EAAIsW,GAAmBtW,MAGPhM,EACd,OAAO,EAGT,MAAM6oB,EAAMvZ,OAAO,GAGnB,GAAIiT,GAAI/M,GADR4Q,EAAI9D,GAAmB8D,IACRpa,KAAOsD,OAAO,GAC3B,OAAO,EAGT/iB,EAAI+1B,GAAmB/1B,GACvBkf,EAAI6W,GAAmB7W,GAQvB,MACM3H,EAAIqgB,GAAoB0E,EAAKA,GADhBvZ,OAAOxe,KAAK0P,MAAMmjB,GAAU3jB,GAAK,KAE9C8oB,EAAMhlB,EAAI2H,EAAIlf,EAGpB,QADoBg2B,GAAIuG,EAAKtT,EAAI6M,MAASve,GAAKye,GAAIuG,EAAK9c,EAAIqW,MAASve,EAMvE,SA5LOnZ,eAAsB29B,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,EAAGu5B,GACpD,GAAI52B,IAASiQ,EAAK7V,SAAS4F,GACzB,GAAIiQ,EAAKmF,eACP,IACE,aAuOR3Z,eAAyB49B,EAAUr5B,EAAM8S,EAAGhC,EAAGzT,GAC7C,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,QAAYuL,GAAUmX,UAAU,MAAOqL,EAAK,CAChDz2B,KAAM,oBACN0F,KAAM,CAAE1F,KAAOi4B,KACd,EAAO,CAAC,WACX,OAAOhkB,GAAUwkB,OAAO,oBAAqB/vB,EAAKgJ,EAAG9S,EACvD,CA9OqB85B,CAAUl2B,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GAAWp5B,EAAM8S,EAAGhC,EAAGzT,EACzE,CAAC,MAAOmyB,GACPvf,EAAKyE,gBAAgB8a,EAC7B,MACW,GAAIvf,EAAKuF,gBACd,OA2ON/Z,eAA0B29B,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,GAC9C,MAAMw6B,EAAMF,GAAY7mB,EAAGzT,GACrByM,EAAM,CAAEA,IAAK+tB,EAAKC,OAAQ,MAAO1qB,KAAM,SAEvCysB,EAAS1c,GAAW4c,aAAan2B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC9DS,EAAO39B,MAAM8D,GACb65B,EAAOp4B,MAEP,IACE,OAAOo4B,EAAOA,OAAO/vB,EAAKgJ,EAC3B,CAAC,MAAO0c,GACP,OAAO,CACX,CACA,CAxPawK,CAAWZ,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,GAG5C,OAmNF5B,eAAwB29B,EAAUtmB,EAAGhC,EAAGzT,EAAGu5B,GAIzC,GAHA9lB,EAAIsiB,GAAmBtiB,GACvBgC,EAAIsgB,GAAmBtgB,GACvBzV,EAAI+1B,GAAmB/1B,GACnByV,GAAKhC,EACP,MAAUpW,MAAM,6CAElB,MAAMu/B,EAAMrF,GAAmBrB,GAAOzgB,EAAGzV,EAAGyT,GAAI,KAAMrN,GAAWqN,IAC3DopB,EAAMvD,GAAWyC,EAAUxC,EAAQnzB,GAAWqN,IACpD,OAAOb,EAAKmE,iBAAiB6lB,EAAKC,EACpC,CA7NSC,CAASf,EAAUtmB,EAAGhC,EAAGzT,EAAGu5B,EACrC,ICrEA,MAAMzD,GAAM/S,OAAO,6DAyCZ3kB,eAAuB2+B,EAAIC,EAAI/T,EAAG3R,EAAG2hB,GAO1C,OANA8D,EAAKhH,GAAmBgH,GACxBC,EAAKjH,GAAmBiH,GACxB/T,EAAI8M,GAAmB9M,GAIhB+P,GAAUzB,GADFvB,GAAIM,GAAOJ,GAAO6G,EAFjCzlB,EAAIye,GAAmBze,GAEiB2R,GAAIA,GAAK+T,EAAI/T,GACT,KAAM7iB,GAAW6iB,IAAKgQ,EACpE,UArCO76B,eAAuBuE,EAAMsmB,EAAGyE,EAAGgJ,GACxCzN,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEvB,MACMvC,EAAI4B,GADK0C,GAAU91B,EAAMyD,GAAW6iB,KAKpC5T,EAAIuiB,GAAoB9B,GAAK7M,EAAI6M,IACvC,MAAO,CACLiH,GAAIxF,GAAmBrB,GAAOxI,EAAGrY,EAAG4T,IACpC+T,GAAIzF,GAAmBvB,GAAIE,GAAOQ,EAAGrhB,EAAG4T,GAAKkL,EAAGlL,IAEpD,iBAiCO7qB,eAA8B6qB,EAAGyE,EAAGgJ,EAAGpf,GAM5C,GALA2R,EAAI8M,GAAmB9M,GACvByE,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAGnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAIT,MAAMgU,EAAQla,OAAOqU,GAAUnO,IAE/B,GAAIgU,EADWla,OAAO,MAEpB,OAAO,EAOT,GAAImT,GAAOxI,EAAGzE,EAAI6M,GAAK7M,KAAO6M,GAC5B,OAAO,EAST,IAAInP,EAAM+G,EACN9vB,EAAImlB,OAAO,GACf,MAAMuZ,EAAMvZ,OAAO,GACbma,EAAYZ,GAAOvZ,OAAO,IAChC,KAAOnlB,EAAIs/B,GAAW,CAEpB,GADAvW,EAAMqP,GAAIrP,EAAM+G,EAAGzE,GACftC,IAAQmP,GACV,OAAO,EAETl4B,GACJ,CAQE0Z,EAAIye,GAAmBze,GACvB,MAAMC,EAAIqgB,GAAoB0E,GAAQW,EAAQnH,GAAMwG,GAAOW,GAE3D,OAAIvG,IAAMR,GAAOxI,GADJzE,EAAI6M,IAAOve,EAAID,EACH2R,EAK3B,IC7IO,MAAMhR,GACW,iBAAfjb,GAA2B,WAAYA,EAAaA,EAAWib,YAAS/Z,ECC3Ei/B,GAAO,CAAE,EASf,IAAIC,GAAK,SAASC,GAChB,IAAIz/B,EAAG2Z,EAAI,IAAI+lB,aAAa,IAC5B,GAAID,EAAM,IAAKz/B,EAAI,EAAGA,EAAIy/B,EAAK3/B,OAAQE,IAAK2Z,EAAE3Z,GAAKy/B,EAAKz/B,GACxD,OAAO2Z,CACT,EAGIgmB,GAAc,WAAuB,MAAUlgC,MAAM,UAAa,EAElEmgC,GAAK,IAAIjgC,WAAW,IAAKigC,GAAG,GAAK,EAErC,IAAIC,GAAML,KACNM,GAAMN,GAAG,CAAC,IACVO,GAAUP,GAAG,CAAC,MAAQ,IACtBQ,GAAIR,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIS,GAAKT,GAAG,CAAC,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,OACjIU,GAAIV,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,OAChIW,GAAIX,GAAG,CAAC,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,QAChIY,GAAIZ,GAAG,CAAC,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,QAEpI,SAASa,GAAK3mB,EAAG1Z,EAAGyvB,EAAG6Q,GACrB5mB,EAAE1Z,GAAQyvB,GAAK,GAAM,IACrB/V,EAAE1Z,EAAE,GAAMyvB,GAAK,GAAM,IACrB/V,EAAE1Z,EAAE,GAAMyvB,GAAM,EAAK,IACrB/V,EAAE1Z,EAAE,GAAS,IAAJyvB,EACT/V,EAAE1Z,EAAE,GAAMsgC,GAAK,GAAO,IACtB5mB,EAAE1Z,EAAE,GAAMsgC,GAAK,GAAO,IACtB5mB,EAAE1Z,EAAE,GAAMsgC,GAAM,EAAM,IACtB5mB,EAAE1Z,EAAE,GAAS,IAAJsgC,CACX,CAQA,SAASC,GAAiB7mB,EAAG8mB,EAAI1H,EAAG2H,GAClC,OAPF,SAAY/mB,EAAG8mB,EAAI1H,EAAG2H,EAAI5qB,GACxB,IAAI7V,EAAEshB,EAAI,EACV,IAAKthB,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKshB,GAAK5H,EAAE8mB,EAAGxgC,GAAG84B,EAAE2H,EAAGzgC,GAC1C,OAAQ,EAAMshB,EAAI,IAAO,GAAM,CACjC,CAGSof,CAAGhnB,EAAE8mB,EAAG1H,EAAE2H,EAAG,GACtB,CAEA,SAASE,GAAShnB,EAAG6C,GACnB,IAAIxc,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAU,EAALwc,EAAExc,EACpC,CAEA,SAAS4gC,GAAS9S,GAChB,IAAI9tB,EAAG8X,EAAGuJ,EAAI,EACd,IAAKrhB,EAAI,EAAGA,EAAI,GAAIA,IAClB8X,EAAIgW,EAAE9tB,GAAKqhB,EAAI,MACfA,EAAI1a,KAAK0P,MAAMyB,EAAI,OACnBgW,EAAE9tB,GAAK8X,EAAQ,MAAJuJ,EAEbyM,EAAE,IAAMzM,EAAE,EAAI,IAAMA,EAAE,EACxB,CAEA,SAASwf,GAASxV,EAAGxJ,EAAG9L,GAEtB,IADA,IAAI6D,EAAGyH,IAAMtL,EAAE,GACN/V,EAAI,EAAGA,EAAI,GAAIA,IACtB4Z,EAAIyH,GAAKgK,EAAErrB,GAAK6hB,EAAE7hB,IAClBqrB,EAAErrB,IAAM4Z,EACRiI,EAAE7hB,IAAM4Z,CAEZ,CAEA,SAASknB,GAAUhT,EAAGjY,GACpB,IAAI7V,EAAGqY,EAAGtC,EACNwgB,EAAIiJ,KAAM5lB,EAAI4lB,KAClB,IAAKx/B,EAAI,EAAGA,EAAI,GAAIA,IAAK4Z,EAAE5Z,GAAK6V,EAAE7V,GAIlC,IAHA4gC,GAAShnB,GACTgnB,GAAShnB,GACTgnB,GAAShnB,GACJvB,EAAI,EAAGA,EAAI,EAAGA,IAAK,CAEtB,IADAke,EAAE,GAAK3c,EAAE,GAAK,MACT5Z,EAAI,EAAGA,EAAI,GAAIA,IAClBu2B,EAAEv2B,GAAK4Z,EAAE5Z,GAAK,OAAWu2B,EAAEv2B,EAAE,IAAI,GAAM,GACvCu2B,EAAEv2B,EAAE,IAAM,MAEZu2B,EAAE,IAAM3c,EAAE,IAAM,OAAW2c,EAAE,KAAK,GAAM,GACxCxgB,EAAKwgB,EAAE,KAAK,GAAM,EAClBA,EAAE,KAAO,MACTsK,GAASjnB,EAAG2c,EAAG,EAAExgB,EACrB,CACE,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,IAClB8tB,EAAE,EAAE9tB,GAAY,IAAP4Z,EAAE5Z,GACX8tB,EAAE,EAAE9tB,EAAE,GAAK4Z,EAAE5Z,IAAI,CAErB,CAEA,SAAS+gC,GAASvkB,EAAGzG,GACnB,IAAIsL,EAAI,IAAI1hB,WAAW,IAAK2hB,EAAI,IAAI3hB,WAAW,IAG/C,OAFAmhC,GAAUzf,EAAG7E,GACbskB,GAAUxf,EAAGvL,GACNwqB,GAAiBlf,EAAG,EAAGC,EAAG,EACnC,CAEA,SAAS0f,GAASxkB,GAChB,IAAI8E,EAAI,IAAI3hB,WAAW,IAEvB,OADAmhC,GAAUxf,EAAG9E,GACC,EAAP8E,EAAE,EACX,CAEA,SAAS2f,GAAYnT,EAAGjY,GACtB,IAAI7V,EACJ,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAK6V,EAAE,EAAE7V,IAAM6V,EAAE,EAAE7V,EAAE,IAAM,GACtD8tB,EAAE,KAAO,KACX,CAEA,SAASoT,GAAEpT,EAAGtR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASmhC,GAAErT,EAAGtR,EAAGzG,GACf,IAAK,IAAI/V,EAAI,EAAGA,EAAI,GAAIA,IAAK8tB,EAAE9tB,GAAKwc,EAAExc,GAAK+V,EAAE/V,EAC/C,CAEA,SAASohC,GAAEtT,EAAGtR,EAAGzG,GACf,IAAI+B,EAAGuJ,EACJ8K,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAI+U,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAC5DC,EAAKjtB,EAAE,GACPktB,EAAKltB,EAAE,GACPmtB,EAAKntB,EAAE,GACPotB,EAAKptB,EAAE,GACPqtB,EAAKrtB,EAAE,GACPstB,EAAKttB,EAAE,GACPutB,EAAKvtB,EAAE,GACPwtB,EAAKxtB,EAAE,GACPytB,EAAKztB,EAAE,GACP0tB,EAAK1tB,EAAE,GACP2tB,EAAM3tB,EAAE,IACR4tB,EAAM5tB,EAAE,IACR6tB,EAAM7tB,EAAE,IACR8tB,EAAM9tB,EAAE,IACR+tB,EAAM/tB,EAAE,IACRguB,EAAMhuB,EAAE,IAGVoW,IADArU,EAAI0E,EAAE,IACIwmB,EACV5W,GAAMtU,EAAImrB,EACV5W,GAAMvU,EAAIorB,EACV5W,GAAMxU,EAAIqrB,EACV9B,GAAMvpB,EAAIsrB,EACV9B,GAAMxpB,EAAIurB,EACV9B,GAAMzpB,EAAIwrB,EACV9B,GAAM1pB,EAAIyrB,EACV9B,GAAM3pB,EAAI0rB,EACV9B,GAAM5pB,EAAI2rB,EACV9B,GAAO7pB,EAAI4rB,EACX9B,GAAO9pB,EAAI6rB,EACX9B,GAAO/pB,EAAI8rB,EACX9B,GAAOhqB,EAAI+rB,EACX9B,GAAOjqB,EAAIgsB,EACX9B,GAAOlqB,EAAIisB,EAEX3X,IADAtU,EAAI0E,EAAE,IACIwmB,EACV3W,GAAMvU,EAAImrB,EACV3W,GAAMxU,EAAIorB,EACV7B,GAAMvpB,EAAIqrB,EACV7B,GAAMxpB,EAAIsrB,EACV7B,GAAMzpB,EAAIurB,EACV7B,GAAM1pB,EAAIwrB,EACV7B,GAAM3pB,EAAIyrB,EACV7B,GAAM5pB,EAAI0rB,EACV7B,GAAO7pB,EAAI2rB,EACX7B,GAAO9pB,EAAI4rB,EACX7B,GAAO/pB,EAAI6rB,EACX7B,GAAOhqB,EAAI8rB,EACX7B,GAAOjqB,EAAI+rB,EACX7B,GAAOlqB,EAAIgsB,EACX7B,GAAOnqB,EAAIisB,EAEX1X,IADAvU,EAAI0E,EAAE,IACIwmB,EACV1W,GAAMxU,EAAImrB,EACV5B,GAAMvpB,EAAIorB,EACV5B,GAAMxpB,EAAIqrB,EACV5B,GAAMzpB,EAAIsrB,EACV5B,GAAM1pB,EAAIurB,EACV5B,GAAM3pB,EAAIwrB,EACV5B,GAAM5pB,EAAIyrB,EACV5B,GAAO7pB,EAAI0rB,EACX5B,GAAO9pB,EAAI2rB,EACX5B,GAAO/pB,EAAI4rB,EACX5B,GAAOhqB,EAAI6rB,EACX5B,GAAOjqB,EAAI8rB,EACX5B,GAAOlqB,EAAI+rB,EACX5B,GAAOnqB,EAAIgsB,EACX5B,GAAOpqB,EAAIisB,EAEXzX,IADAxU,EAAI0E,EAAE,IACIwmB,EACV3B,GAAMvpB,EAAImrB,EACV3B,GAAMxpB,EAAIorB,EACV3B,GAAMzpB,EAAIqrB,EACV3B,GAAM1pB,EAAIsrB,EACV3B,GAAM3pB,EAAIurB,EACV3B,GAAM5pB,EAAIwrB,EACV3B,GAAO7pB,EAAIyrB,EACX3B,GAAO9pB,EAAI0rB,EACX3B,GAAO/pB,EAAI2rB,EACX3B,GAAOhqB,EAAI4rB,EACX3B,GAAOjqB,EAAI6rB,EACX3B,GAAOlqB,EAAI8rB,EACX3B,GAAOnqB,EAAI+rB,EACX3B,GAAOpqB,EAAIgsB,EACX3B,GAAOrqB,EAAIisB,EAEX1C,IADAvpB,EAAI0E,EAAE,IACIwmB,EACV1B,GAAMxpB,EAAImrB,EACV1B,GAAMzpB,EAAIorB,EACV1B,GAAM1pB,EAAIqrB,EACV1B,GAAM3pB,EAAIsrB,EACV1B,GAAM5pB,EAAIurB,EACV1B,GAAO7pB,EAAIwrB,EACX1B,GAAO9pB,EAAIyrB,EACX1B,GAAO/pB,EAAI0rB,EACX1B,GAAOhqB,EAAI2rB,EACX1B,GAAOjqB,EAAI4rB,EACX1B,GAAOlqB,EAAI6rB,EACX1B,GAAOnqB,EAAI8rB,EACX1B,GAAOpqB,EAAI+rB,EACX1B,GAAOrqB,EAAIgsB,EACX1B,GAAOtqB,EAAIisB,EAEXzC,IADAxpB,EAAI0E,EAAE,IACIwmB,EACVzB,GAAMzpB,EAAImrB,EACVzB,GAAM1pB,EAAIorB,EACVzB,GAAM3pB,EAAIqrB,EACVzB,GAAM5pB,EAAIsrB,EACVzB,GAAO7pB,EAAIurB,EACXzB,GAAO9pB,EAAIwrB,EACXzB,GAAO/pB,EAAIyrB,EACXzB,GAAOhqB,EAAI0rB,EACXzB,GAAOjqB,EAAI2rB,EACXzB,GAAOlqB,EAAI4rB,EACXzB,GAAOnqB,EAAI6rB,EACXzB,GAAOpqB,EAAI8rB,EACXzB,GAAOrqB,EAAI+rB,EACXzB,GAAOtqB,EAAIgsB,EACXzB,GAAOvqB,EAAIisB,EAEXxC,IADAzpB,EAAI0E,EAAE,IACIwmB,EACVxB,GAAM1pB,EAAImrB,EACVxB,GAAM3pB,EAAIorB,EACVxB,GAAM5pB,EAAIqrB,EACVxB,GAAO7pB,EAAIsrB,EACXxB,GAAO9pB,EAAIurB,EACXxB,GAAO/pB,EAAIwrB,EACXxB,GAAOhqB,EAAIyrB,EACXxB,GAAOjqB,EAAI0rB,EACXxB,GAAOlqB,EAAI2rB,EACXxB,GAAOnqB,EAAI4rB,EACXxB,GAAOpqB,EAAI6rB,EACXxB,GAAOrqB,EAAI8rB,EACXxB,GAAOtqB,EAAI+rB,EACXxB,GAAOvqB,EAAIgsB,EACXxB,GAAOxqB,EAAIisB,EAEXvC,IADA1pB,EAAI0E,EAAE,IACIwmB,EACVvB,GAAM3pB,EAAImrB,EACVvB,GAAM5pB,EAAIorB,EACVvB,GAAO7pB,EAAIqrB,EACXvB,GAAO9pB,EAAIsrB,EACXvB,GAAO/pB,EAAIurB,EACXvB,GAAOhqB,EAAIwrB,EACXvB,GAAOjqB,EAAIyrB,EACXvB,GAAOlqB,EAAI0rB,EACXvB,GAAOnqB,EAAI2rB,EACXvB,GAAOpqB,EAAI4rB,EACXvB,GAAOrqB,EAAI6rB,EACXvB,GAAOtqB,EAAI8rB,EACXvB,GAAOvqB,EAAI+rB,EACXvB,GAAOxqB,EAAIgsB,EACXvB,GAAOzqB,EAAIisB,EAEXtC,IADA3pB,EAAI0E,EAAE,IACIwmB,EACVtB,GAAM5pB,EAAImrB,EACVtB,GAAO7pB,EAAIorB,EACXtB,GAAO9pB,EAAIqrB,EACXtB,GAAO/pB,EAAIsrB,EACXtB,GAAOhqB,EAAIurB,EACXtB,GAAOjqB,EAAIwrB,EACXtB,GAAOlqB,EAAIyrB,EACXtB,GAAOnqB,EAAI0rB,EACXtB,GAAOpqB,EAAI2rB,EACXtB,GAAOrqB,EAAI4rB,EACXtB,GAAOtqB,EAAI6rB,EACXtB,GAAOvqB,EAAI8rB,EACXtB,GAAOxqB,EAAI+rB,EACXtB,GAAOzqB,EAAIgsB,EACXtB,GAAO1qB,EAAIisB,EAEXrC,IADA5pB,EAAI0E,EAAE,IACIwmB,EACVrB,GAAO7pB,EAAImrB,EACXrB,GAAO9pB,EAAIorB,EACXrB,GAAO/pB,EAAIqrB,EACXrB,GAAOhqB,EAAIsrB,EACXrB,GAAOjqB,EAAIurB,EACXrB,GAAOlqB,EAAIwrB,EACXrB,GAAOnqB,EAAIyrB,EACXrB,GAAOpqB,EAAI0rB,EACXrB,GAAOrqB,EAAI2rB,EACXrB,GAAOtqB,EAAI4rB,EACXrB,GAAOvqB,EAAI6rB,EACXrB,GAAOxqB,EAAI8rB,EACXrB,GAAOzqB,EAAI+rB,EACXrB,GAAO1qB,EAAIgsB,EACXrB,GAAO3qB,EAAIisB,EAEXpC,IADA7pB,EAAI0E,EAAE,KACKwmB,EACXpB,GAAO9pB,EAAImrB,EACXpB,GAAO/pB,EAAIorB,EACXpB,GAAOhqB,EAAIqrB,EACXpB,GAAOjqB,EAAIsrB,EACXpB,GAAOlqB,EAAIurB,EACXpB,GAAOnqB,EAAIwrB,EACXpB,GAAOpqB,EAAIyrB,EACXpB,GAAOrqB,EAAI0rB,EACXpB,GAAOtqB,EAAI2rB,EACXpB,GAAOvqB,EAAI4rB,EACXpB,GAAOxqB,EAAI6rB,EACXpB,GAAOzqB,EAAI8rB,EACXpB,GAAO1qB,EAAI+rB,EACXpB,GAAO3qB,EAAIgsB,EACXpB,GAAO5qB,EAAIisB,EAEXnC,IADA9pB,EAAI0E,EAAE,KACKwmB,EACXnB,GAAO/pB,EAAImrB,EACXnB,GAAOhqB,EAAIorB,EACXnB,GAAOjqB,EAAIqrB,EACXnB,GAAOlqB,EAAIsrB,EACXnB,GAAOnqB,EAAIurB,EACXnB,GAAOpqB,EAAIwrB,EACXnB,GAAOrqB,EAAIyrB,EACXnB,GAAOtqB,EAAI0rB,EACXnB,GAAOvqB,EAAI2rB,EACXnB,GAAOxqB,EAAI4rB,EACXnB,GAAOzqB,EAAI6rB,EACXnB,GAAO1qB,EAAI8rB,EACXnB,GAAO3qB,EAAI+rB,EACXnB,GAAO5qB,EAAIgsB,EACXnB,GAAO7qB,EAAIisB,EAEXlC,IADA/pB,EAAI0E,EAAE,KACKwmB,EACXlB,GAAOhqB,EAAImrB,EACXlB,GAAOjqB,EAAIorB,EACXlB,GAAOlqB,EAAIqrB,EACXlB,GAAOnqB,EAAIsrB,EACXlB,GAAOpqB,EAAIurB,EACXlB,GAAOrqB,EAAIwrB,EACXlB,GAAOtqB,EAAIyrB,EACXlB,GAAOvqB,EAAI0rB,EACXlB,GAAOxqB,EAAI2rB,EACXlB,GAAOzqB,EAAI4rB,EACXlB,GAAO1qB,EAAI6rB,EACXlB,GAAO3qB,EAAI8rB,EACXlB,GAAO5qB,EAAI+rB,EACXlB,GAAO7qB,EAAIgsB,EACXlB,GAAO9qB,EAAIisB,EAEXjC,IADAhqB,EAAI0E,EAAE,KACKwmB,EACXjB,GAAOjqB,EAAImrB,EACXjB,GAAOlqB,EAAIorB,EACXjB,GAAOnqB,EAAIqrB,EACXjB,GAAOpqB,EAAIsrB,EACXjB,GAAOrqB,EAAIurB,EACXjB,GAAOtqB,EAAIwrB,EACXjB,GAAOvqB,EAAIyrB,EACXjB,GAAOxqB,EAAI0rB,EACXjB,GAAOzqB,EAAI2rB,EACXjB,GAAO1qB,EAAI4rB,EACXjB,GAAO3qB,EAAI6rB,EACXjB,GAAO5qB,EAAI8rB,EACXjB,GAAO7qB,EAAI+rB,EACXjB,GAAO9qB,EAAIgsB,EACXjB,GAAO/qB,EAAIisB,EAEXhC,IADAjqB,EAAI0E,EAAE,KACKwmB,EACXhB,GAAOlqB,EAAImrB,EACXhB,GAAOnqB,EAAIorB,EACXhB,GAAOpqB,EAAIqrB,EACXhB,GAAOrqB,EAAIsrB,EACXhB,GAAOtqB,EAAIurB,EACXhB,GAAOvqB,EAAIwrB,EACXhB,GAAOxqB,EAAIyrB,EACXhB,GAAOzqB,EAAI0rB,EACXhB,GAAO1qB,EAAI2rB,EACXhB,GAAO3qB,EAAI4rB,EACXhB,GAAO5qB,EAAI6rB,EACXhB,GAAO7qB,EAAI8rB,EACXhB,GAAO9qB,EAAI+rB,EACXhB,GAAO/qB,EAAIgsB,EACXhB,GAAOhrB,EAAIisB,EAEX/B,IADAlqB,EAAI0E,EAAE,KACKwmB,EAkBX5W,GAAO,IAhBP8V,GAAOpqB,EAAIorB,GAiBX7W,GAAO,IAhBP8V,GAAOrqB,EAAIqrB,GAiBX7W,GAAO,IAhBP8V,GAAOtqB,EAAIsrB,GAiBX/B,GAAO,IAhBPgB,GAAOvqB,EAAIurB,GAiBX/B,GAAO,IAhBPgB,GAAOxqB,EAAIwrB,GAiBX/B,GAAO,IAhBPgB,GAAOzqB,EAAIyrB,GAiBX/B,GAAO,IAhBPgB,GAAO1qB,EAAI0rB,GAiBX/B,GAAO,IAhBPgB,GAAO3qB,EAAI2rB,GAiBX/B,GAAO,IAhBPgB,GAAO5qB,EAAI4rB,GAiBX/B,GAAO,IAhBPgB,GAAO7qB,EAAI6rB,GAiBX/B,GAAO,IAhBPgB,GAAO9qB,EAAI8rB,GAiBX/B,GAAO,IAhBPgB,GAAO/qB,EAAI+rB,GAiBX/B,GAAO,IAhBPgB,GAAOhrB,EAAIgsB,GAiBX/B,GAAO,IAhBPgB,GAAOjrB,EAAIisB,GAqBsC5X,GAAjDrU,GAnBAqU,GAAO,IAhBP8V,GAAOnqB,EAAImrB,KAkCX5hB,EAAI,GACU,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QAKSqU,GAAjDrU,GAJAqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,KAGpBA,EAAI,GACU,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSsU,GAAjDtU,EAAKsU,EAAK/K,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSuU,GAAjDvU,EAAKuU,EAAKhL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwU,GAAjDxU,EAAKwU,EAAKjL,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSupB,GAAjDvpB,EAAKupB,EAAKhgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSwpB,GAAjDxpB,EAAKwpB,EAAKjgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACSypB,GAAjDzpB,EAAKypB,EAAKlgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS0pB,GAAjD1pB,EAAK0pB,EAAKngB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS2pB,GAAjD3pB,EAAK2pB,EAAKpgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACS4pB,GAAjD5pB,EAAK4pB,EAAKrgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ6pB,GAAhD7pB,EAAI6pB,EAAMtgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ8pB,GAAhD9pB,EAAI8pB,EAAMvgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQ+pB,GAAhD/pB,EAAI+pB,EAAMxgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQgqB,GAAhDhqB,EAAIgqB,EAAMzgB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQiqB,GAAhDjqB,EAAIiqB,EAAM1gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACQkqB,GAAhDlqB,EAAIkqB,EAAM3gB,EAAI,OAAgD,OAAzCA,EAAI1a,KAAK0P,MAAMyB,EAAI,QACxCqU,GAAM9K,EAAE,EAAI,IAAMA,EAAE,GAEpByM,EAAG,GAAK3B,EACR2B,EAAG,GAAK1B,EACR0B,EAAG,GAAKzB,EACRyB,EAAG,GAAKxB,EACRwB,EAAG,GAAKuT,EACRvT,EAAG,GAAKwT,EACRxT,EAAG,GAAKyT,EACRzT,EAAG,GAAK0T,EACR1T,EAAG,GAAK2T,EACR3T,EAAG,GAAK4T,EACR5T,EAAE,IAAM6T,EACR7T,EAAE,IAAM8T,EACR9T,EAAE,IAAM+T,EACR/T,EAAE,IAAMgU,EACRhU,EAAE,IAAMiU,EACRjU,EAAE,IAAMkU,CACV,CAEA,SAASlM,GAAEhI,EAAGtR,GACZ4kB,GAAEtT,EAAGtR,EAAGA,EACV,CAEA,SAASwnB,GAASlW,EAAG9tB,GACnB,IACIwc,EADA6E,EAAIme,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IACpBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAiB,IAANA,GAAS4kB,GAAE/f,EAAGA,EAAGrhB,GAEjC,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAaA,SAASynB,GAAkBpiB,EAAGhM,EAAGwV,GAC/B,IAC8B1R,EAAG3Z,EAD7BkkC,EAAI,IAAIvkC,WAAW,IACnB+Z,EAAI,IAAIgmB,aAAa,IACrBljB,EAAIgjB,KAAMzpB,EAAIypB,KAAMne,EAAIme,KACxBle,EAAIke,KAAMp9B,EAAIo9B,KAAM2E,EAAI3E,KAC5B,IAAKx/B,EAAI,EAAGA,EAAI,GAAIA,IAAKkkC,EAAElkC,GAAK6V,EAAE7V,GAIlC,IAHAkkC,EAAE,IAAW,IAANruB,EAAE,IAAS,GAClBquB,EAAE,IAAI,IACNjD,GAAYvnB,EAAE2R,GACTrrB,EAAI,EAAGA,EAAI,GAAIA,IAClB+V,EAAE/V,GAAG0Z,EAAE1Z,GACPshB,EAAEthB,GAAGwc,EAAExc,GAAGqhB,EAAErhB,GAAG,EAGjB,IADAwc,EAAE,GAAG8E,EAAE,GAAG,EACLthB,EAAE,IAAKA,GAAG,IAAKA,EAElB6gC,GAASrkB,EAAEzG,EADX4D,EAAGuqB,EAAElkC,IAAI,MAAQ,EAAFA,GAAM,GAErB6gC,GAASxf,EAAEC,EAAE3H,GACbunB,GAAE9+B,EAAEoa,EAAE6E,GACN8f,GAAE3kB,EAAEA,EAAE6E,GACN6f,GAAE7f,EAAEtL,EAAEuL,GACN6f,GAAEprB,EAAEA,EAAEuL,GACNwU,GAAExU,EAAElf,GACJ0zB,GAAEqO,EAAE3nB,GACJ4kB,GAAE5kB,EAAE6E,EAAE7E,GACN4kB,GAAE/f,EAAEtL,EAAE3T,GACN8+B,GAAE9+B,EAAEoa,EAAE6E,GACN8f,GAAE3kB,EAAEA,EAAE6E,GACNyU,GAAE/f,EAAEyG,GACJ2kB,GAAE9f,EAAEC,EAAE6iB,GACN/C,GAAE5kB,EAAE6E,EAAE0e,IACNmB,GAAE1kB,EAAEA,EAAE8E,GACN8f,GAAE/f,EAAEA,EAAE7E,GACN4kB,GAAE5kB,EAAE8E,EAAE6iB,GACN/C,GAAE9f,EAAEvL,EAAE2D,GACNoc,GAAE/f,EAAE3T,GACJy+B,GAASrkB,EAAEzG,EAAE4D,GACbknB,GAASxf,EAAEC,EAAE3H,GAEf,IAAK3Z,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAIwc,EAAExc,GACV0Z,EAAE1Z,EAAE,IAAIqhB,EAAErhB,GACV0Z,EAAE1Z,EAAE,IAAI+V,EAAE/V,GACV0Z,EAAE1Z,EAAE,IAAIshB,EAAEthB,GAEZ,IAAIokC,EAAM1qB,EAAExS,SAAS,IACjBm9B,EAAM3qB,EAAExS,SAAS,IAIrB,OAHA88B,GAASI,EAAIA,GACbhD,GAAEiD,EAAIA,EAAID,GACVtD,GAAUjf,EAAEwiB,GACL,CACT,CAEA,SAASC,GAAuBziB,EAAGhM,GACjC,OAAOouB,GAAkBpiB,EAAGhM,EAAG+pB,GACjC,CAOA,IAAI2E,GAAI,CACN,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,UAAY,WACpC,UAAY,WAAY,UAAY,UACpC,UAAY,UAAY,UAAY,WACpC,WAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,UAAY,WAAY,YAGtC,SAASC,GAAqB/iB,EAAIgjB,EAAIlO,EAAG1gB,GAyBvC,IAxBA,IACI6uB,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EAAKC,EACnCC,EAAIC,EAAI3lC,EAAGqY,EAAGoX,EAAG6Q,EAAG9jB,EAAGzG,EAAGsL,EAAGC,EAH7B+D,EAAK,IAAIugB,WAAW,IAAKrgB,EAAK,IAAIqgB,WAAW,IAK7CC,EAAMpkB,EAAG,GACTqkB,EAAMrkB,EAAG,GACTskB,EAAMtkB,EAAG,GACTukB,EAAMvkB,EAAG,GACTwkB,EAAMxkB,EAAG,GACTykB,EAAMzkB,EAAG,GACT0kB,EAAM1kB,EAAG,GACT2kB,EAAM3kB,EAAG,GAET4kB,EAAM5B,EAAG,GACT6B,EAAM7B,EAAG,GACT8B,EAAM9B,EAAG,GACT+B,EAAM/B,EAAG,GACTgC,EAAMhC,EAAG,GACTiC,EAAMjC,EAAG,GACTkC,EAAMlC,EAAG,GACTmC,EAAMnC,EAAG,GAETvkC,EAAM,EACH2V,GAAK,KAAK,CACf,IAAK7V,EAAI,EAAGA,EAAI,GAAIA,IAClBqY,EAAI,EAAIrY,EAAIE,EACZmlB,EAAGrlB,GAAMu2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAC9DkN,EAAGvlB,GAAMu2B,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,GAAOke,EAAEle,EAAE,IAAM,EAAKke,EAAEle,EAAE,GAEhE,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IA+HlB,GA9HA0kC,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAENlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACNlB,EAAMmB,EACAC,EAMNpqB,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAM1BjT,GAAS,OAFT8jB,GAAMmG,IAAQ,GAAOR,GAAQ,KAAaQ,IAAQ,GAAOR,GAAQ,KAAaA,IAAG,EAAiBQ,GAAG,KAEpF1wB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMwW,IAAQ,GAAOQ,GAAQ,KAAaR,IAAQ,GAAOQ,GAAQ,KAAaA,IAAG,EAAiBR,GAAG,KAIpF3kB,GAAKmO,IAAM,GAM5BjT,GAAS,OAFT8jB,EAAKmG,EAAMC,GAASD,EAAME,GAET5wB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,EAAKwW,EAAMC,GAASD,EAAME,GAIT7kB,GAAKmO,IAAM,GAG5BA,EAAI8U,GAAI,EAAFvkC,GAGNwc,GAAS,OAFT8jB,EAAIiE,GAAI,EAAFvkC,EAAI,IAEO+V,GAAKuqB,IAAM,GAC5Bjf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BA,EAAIpK,EAAGrlB,EAAE,IAGQ+V,IAFjBuqB,EAAI/a,EAAGvlB,EAAE,OAEmB,GAC5BqhB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BpO,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,GAUX9jB,EAAQ,OAFR8jB,EAJAqF,EAAS,MAAJnpB,EAAazG,GAAK,IAMPA,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAJAiW,EAAS,MAAJrkB,GAFLC,GAAKD,IAAM,KAEY,IAQPC,EAAImO,IAAM,GAM1BjT,GAAS,OAFT8jB,GAAM+F,IAAQ,GAAOR,GAAG,IAAkBA,IAAG,EAAiBQ,GAAQ,KAAkBR,IAAG,EAAiBQ,GAAG,KAE9FtwB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMoW,IAAQ,GAAOQ,GAAG,IAAkBA,IAAG,EAAiBR,GAAQ,KAAkBQ,IAAG,EAAiBR,GAAG,KAI9FvkB,GAAKmO,IAAM,GAMX1Z,IAFjBuqB,EAAK+F,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,KAEX,GAC5BllB,GAAS,OAJToO,EAAKoW,EAAMC,EAAQD,EAAME,EAAQD,EAAMC,GAItBzkB,GAAKmO,IAAM,GAM5BwV,EAAW,OAHX5jB,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXhf,GAAKD,IAAM,KAEgB,GAC3BokB,EAAW,MAAJjpB,EAAezG,GAAK,GAM3ByG,EAAQ,OAFR8jB,EAAI+E,GAEYtvB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIoV,GAIYvjB,EAAImO,IAAM,GAKT1Z,IAFjBuqB,EAAIqF,KAEwB,GAC5BtkB,GAAS,OAJToO,EAAIiW,GAIapkB,GAAKmO,IAAM,GAS5BqW,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EANApB,EAAW,OAHXxjB,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,KACXhf,GAAKD,IAAM,KAEgB,GAO3B6kB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAENqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAdApB,EAAW,MAAJ7oB,EAAezG,GAAK,GAe3B2wB,EAAMpB,EACNqB,EAAMpB,EACNqB,EAAMpB,EACNa,EAAMZ,EAEFzlC,EAAE,IAAO,GACX,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAElBoX,EAAIpK,EAAGhN,GAGPmE,EAAQ,OAFR8jB,EAAI/a,EAAGlN,IAEStC,EAAIuqB,IAAM,GAC1Bjf,EAAQ,MAAJoO,EAAYnO,EAAImO,IAAM,GAE1BA,EAAIpK,GAAIhN,EAAE,GAAG,IAGbmE,GAAS,OAFT8jB,EAAI/a,GAAIlN,EAAE,GAAG,KAEItC,GAAKuqB,IAAM,GAC5Bjf,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAG5BiW,EAAKrgB,GAAIhN,EAAE,GAAG,IAKdmE,GAAS,OAFT8jB,IAFAqF,EAAKpgB,GAAIlN,EAAE,GAAG,OAED,EAAMqtB,QAAmBC,IAAO,EAAMD,GAAE,KAAiBC,IAAO,EAAMD,GAAO,KAEzE3vB,GAAKuqB,IAAM,GAC5Bjf,GAAS,OAJToO,GAAMiW,IAAO,EAAMC,GAAO,KAAYD,IAAO,EAAMC,OAAkBD,IAAO,GAI3DpkB,GAAKmO,IAAM,GAG5BiW,EAAKrgB,GAAIhN,EAAE,IAAI,IAKEtC,IAFjBuqB,IAFAqF,EAAKpgB,GAAIlN,EAAE,IAAI,OAEF,GAAOqtB,GAAO,KAAaA,IAAQ,GAAWC,GAAO,IAAkBA,IAAO,EAAMD,GAAE,OAEvE,GAC5BrkB,GAAS,OAJToO,GAAMiW,IAAO,GAAOC,GAAE,KAAkBA,IAAE,GAAiBD,GAAO,GAAiBA,IAAO,GAIzEpkB,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEXjb,EAAGhN,GAAU,MAAJgJ,EAAeC,GAAK,GAC7BiE,EAAGlN,GAAU,MAAJmE,EAAezG,GAAK,GASnCyG,EAAQ,OAFR8jB,EAAI+F,GAEYtwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIoW,GAIYvkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKokB,EAAW,MAAJxkB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK4B,EAAW,MAAJ7pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIgG,GAEYvwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIqW,GAIYxkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKqkB,EAAW,MAAJzkB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK6B,EAAW,MAAJ9pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIiG,GAEYxwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIsW,GAIYzkB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKskB,EAAW,MAAJ1kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK8B,EAAW,MAAJ/pB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIkG,GAEYzwB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIuW,GAIY1kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKukB,EAAW,MAAJ3kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAK+B,EAAW,MAAJhqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAImG,GAEY1wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIwW,GAIY3kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKwkB,EAAW,MAAJ5kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKgC,EAAW,MAAJjqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIoG,GAEY3wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAIyW,GAIY5kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAKykB,EAAW,MAAJ7kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKiC,EAAW,MAAJlqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIqG,GAEY5wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI0W,GAIY7kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAK0kB,EAAW,MAAJ9kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKkC,EAAW,MAAJnqB,EAAezG,GAAK,GAKnCyG,EAAQ,OAFR8jB,EAAIsG,GAEY7wB,EAAIuqB,IAAM,GAC1Bjf,EAAQ,OAJRoO,EAAI2W,GAIY9kB,EAAImO,IAAM,GAE1BA,EAAIhO,EAAG,GAGU1L,IAFjBuqB,EAAImE,EAAG,MAEqB,GAC5BpjB,GAAS,MAAJoO,EAAYnO,GAAKmO,IAAM,GAI5BnO,IADAD,IADAtL,IAHAyG,GAAS,MAAJ8jB,KAGM,MACA,MACA,GAEX7e,EAAG,GAAK2kB,EAAW,MAAJ/kB,EAAeC,GAAK,GACnCmjB,EAAG,GAAKmC,EAAW,MAAJpqB,EAAezG,GAAK,GAEnC7V,GAAO,IACP2V,GAAK,GACT,CAEE,OAAOA,CACT,CAEA,SAASgxB,GAAY7iB,EAAKuS,EAAG1gB,GAC3B,IAGI7V,EAHAyhB,EAAK,IAAImkB,WAAW,GACpBnB,EAAK,IAAImB,WAAW,GACpBlsB,EAAI,IAAI/Z,WAAW,KAChBoW,EAAIF,EAuBX,IArBA4L,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WAERgjB,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UACRA,EAAG,GAAK,WACRA,EAAG,GAAK,UAERD,GAAqB/iB,EAAIgjB,EAAIlO,EAAG1gB,GAChCA,GAAK,IAEA7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAKu2B,EAAExgB,EAAEF,EAAE7V,GAQrC,IAPA0Z,EAAE7D,GAAK,IAGP6D,GADA7D,EAAI,IAAI,KAAKA,EAAE,IAAI,EAAE,IACjB,GAAK,EACTwqB,GAAK3mB,EAAG7D,EAAE,EAAKE,EAAI,UAAc,EAAGA,GAAK,GACzCyuB,GAAqB/iB,EAAIgjB,EAAI/qB,EAAG7D,GAE3B7V,EAAI,EAAGA,EAAI,EAAGA,IAAKqgC,GAAKrc,EAAK,EAAEhkB,EAAGyhB,EAAGzhB,GAAIykC,EAAGzkC,IAEjD,OAAO,CACT,CAEA,SAASmC,GAAIkpB,EAAGxJ,GACd,IAAIrF,EAAIgjB,KAAMzpB,EAAIypB,KAAMne,EAAIme,KACxBle,EAAIke,KAAMp9B,EAAIo9B,KAAM2E,EAAI3E,KACxB1P,EAAI0P,KAAM/P,EAAI+P,KAAM5lB,EAAI4lB,KAE5B2B,GAAE3kB,EAAG6O,EAAE,GAAIA,EAAE,IACb8V,GAAEvnB,EAAGiI,EAAE,GAAIA,EAAE,IACbuf,GAAE5kB,EAAGA,EAAG5C,GACRsnB,GAAEnrB,EAAGsV,EAAE,GAAIA,EAAE,IACb6V,GAAEtnB,EAAGiI,EAAE,GAAIA,EAAE,IACbuf,GAAErrB,EAAGA,EAAG6D,GACRwnB,GAAE/f,EAAGgK,EAAE,GAAIxJ,EAAE,IACbuf,GAAE/f,EAAGA,EAAG4e,IACRmB,GAAE9f,EAAG+J,EAAE,GAAIxJ,EAAE,IACbqf,GAAE5f,EAAGA,EAAGA,GACR6f,GAAE/+B,EAAG2T,EAAGyG,GACR2kB,GAAEgD,EAAG7iB,EAAGD,GACR6f,GAAEpR,EAAGxO,EAAGD,GACR6f,GAAEzR,EAAG1Z,EAAGyG,GAER4kB,GAAE/V,EAAE,GAAIjpB,EAAG+hC,GACX/C,GAAE/V,EAAE,GAAIoE,EAAGK,GACXsR,GAAE/V,EAAE,GAAIyE,EAAGqU,GACX/C,GAAE/V,EAAE,GAAIjpB,EAAGqtB,EACb,CAEA,SAASqX,GAAMzb,EAAGxJ,EAAG9L,GACnB,IAAI/V,EACJ,IAAKA,EAAI,EAAGA,EAAI,EAAGA,IACjB6gC,GAASxV,EAAErrB,GAAI6hB,EAAE7hB,GAAI+V,EAEzB,CAEA,SAASgxB,GAAKptB,EAAG0R,GACf,IAAI2b,EAAKxH,KAAMyH,EAAKzH,KAAM0H,EAAK1H,KAC/BwE,GAASkD,EAAI7b,EAAE,IACf+V,GAAE4F,EAAI3b,EAAE,GAAI6b,GACZ9F,GAAE6F,EAAI5b,EAAE,GAAI6b,GACZpG,GAAUnnB,EAAGstB,GACbttB,EAAE,KAAOqnB,GAASgG,IAAO,CAC3B,CAEA,SAASG,GAAW9b,EAAGxJ,EAAGhK,GACxB,IAAI9B,EAAG/V,EAKP,IAJA2gC,GAAStV,EAAE,GAAIwU,IACfc,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIyU,IACfa,GAAStV,EAAE,GAAIwU,IACV7/B,EAAI,IAAKA,GAAK,IAAKA,EAEtB8mC,GAAMzb,EAAGxJ,EADT9L,EAAK8B,EAAG7X,EAAE,EAAG,KAAS,EAAFA,GAAQ,GAE5BmC,GAAI0f,EAAGwJ,GACPlpB,GAAIkpB,EAAGA,GACPyb,GAAMzb,EAAGxJ,EAAG9L,EAEhB,CAEA,SAASqxB,GAAW/b,EAAGxT,GACrB,IAAIgK,EAAI,CAAC2d,KAAMA,KAAMA,KAAMA,MAC3BmB,GAAS9e,EAAE,GAAIqe,IACfS,GAAS9e,EAAE,GAAIse,IACfQ,GAAS9e,EAAE,GAAIie,IACfsB,GAAEvf,EAAE,GAAIqe,GAAGC,IACXgH,GAAW9b,EAAGxJ,EAAGhK,EACnB,CAEA,SAASwvB,GAAoBC,EAAIC,EAAIC,GACnC,IAEIxnC,EAFAshB,EAAI,IAAI3hB,WAAW,IACnB0rB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAY3B,IATKgI,GAAQ7H,GAAY4H,EAAI,IAC7BV,GAAYvlB,EAAGimB,EAAI,IACnBjmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET8lB,GAAW/b,EAAG/J,GACdylB,GAAKO,EAAIjc,GAEJrrB,EAAI,EAAGA,EAAI,GAAIA,IAAKunC,EAAGvnC,EAAE,IAAMsnC,EAAGtnC,GACvC,OAAO,CACT,CAEA,IAAIynC,GAAI,IAAI/H,aAAa,CAAC,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,KAEvK,SAASgI,GAAK/tB,EAAGD,GACf,IAAI0P,EAAOppB,EAAGqY,EAAGZ,EACjB,IAAKzX,EAAI,GAAIA,GAAK,KAAMA,EAAG,CAEzB,IADAopB,EAAQ,EACH/Q,EAAIrY,EAAI,GAAIyX,EAAIzX,EAAI,GAAIqY,EAAIZ,IAAKY,EACpCqB,EAAErB,IAAM+Q,EAAQ,GAAK1P,EAAE1Z,GAAKynC,GAAEpvB,GAAKrY,EAAI,KACvCopB,EAAQziB,KAAK0P,OAAOqD,EAAErB,GAAK,KAAO,KAClCqB,EAAErB,IAAc,IAAR+Q,EAEV1P,EAAErB,IAAM+Q,EACR1P,EAAE1Z,GAAK,CACX,CAEE,IADAopB,EAAQ,EACH/Q,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAErB,IAAM+Q,GAAS1P,EAAE,KAAO,GAAK+tB,GAAEpvB,GACjC+Q,EAAQ1P,EAAErB,IAAM,EAChBqB,EAAErB,IAAM,IAEV,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKqB,EAAErB,IAAM+Q,EAAQqe,GAAEpvB,GAC3C,IAAKrY,EAAI,EAAGA,EAAI,GAAIA,IAClB0Z,EAAE1Z,EAAE,IAAM0Z,EAAE1Z,IAAM,EAClB2Z,EAAE3Z,GAAY,IAAP0Z,EAAE1Z,EAEb,CAEA,SAAS2nC,GAAOhuB,GACd,IAA8B3Z,EAA1B0Z,EAAI,IAAIgmB,aAAa,IACzB,IAAK1/B,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2Z,EAAE3Z,GAAK,EAChC0nC,GAAK/tB,EAAGD,EACV,CAsCA,SAASkuB,GAAUjuB,EAAG0R,GACpB,IAAIzR,EAAI4lB,KAAMqI,EAAMrI,KAAMzX,EAAMyX,KAC5BsI,EAAMtI,KAAMuI,EAAOvI,KAAMwI,EAAOxI,KAChCyI,EAAOzI,KA2BX,OAzBAmB,GAAShnB,EAAE,GAAImmB,IACfmB,GAAYtnB,EAAE,GAAI0R,GAClByK,GAAE/N,EAAKpO,EAAE,IACTynB,GAAE0G,EAAK/f,EAAKiY,IACZmB,GAAEpZ,EAAKA,EAAKpO,EAAE,IACdunB,GAAE4G,EAAKnuB,EAAE,GAAImuB,GAEbhS,GAAEiS,EAAMD,GACRhS,GAAEkS,EAAMD,GACR3G,GAAE6G,EAAMD,EAAMD,GACd3G,GAAExnB,EAAGquB,EAAMlgB,GACXqZ,GAAExnB,EAAGA,EAAGkuB,GA/qBV,SAAiBha,EAAG9tB,GAClB,IACIwc,EADA6E,EAAIme,KAER,IAAKhjB,EAAI,EAAGA,EAAI,GAAIA,IAAK6E,EAAE7E,GAAKxc,EAAEwc,GAClC,IAAKA,EAAI,IAAKA,GAAK,EAAGA,IAClBsZ,GAAEzU,EAAGA,GACI,IAAN7E,GAAS4kB,GAAE/f,EAAGA,EAAGrhB,GAExB,IAAKwc,EAAI,EAAGA,EAAI,GAAIA,IAAKsR,EAAEtR,GAAK6E,EAAE7E,EACpC,CAwqBE0rB,CAAQtuB,EAAGA,GACXwnB,GAAExnB,EAAGA,EAAGmO,GACRqZ,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAExnB,EAAGA,EAAGkuB,GACR1G,GAAEznB,EAAE,GAAIC,EAAGkuB,GAEXhS,GAAE+R,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAMqZ,GAAEznB,EAAE,GAAIA,EAAE,GAAIymB,IAEtCtK,GAAE+R,EAAKluB,EAAE,IACTynB,GAAEyG,EAAKA,EAAKC,GACR/G,GAAS8G,EAAK9f,IAAc,GAE5BiZ,GAASrnB,EAAE,MAAS0R,EAAE,KAAK,GAAI8V,GAAExnB,EAAE,GAAIkmB,GAAKlmB,EAAE,IAElDynB,GAAEznB,EAAE,GAAIA,EAAE,GAAIA,EAAE,IACT,EACT,CAgCA,IAIIwuB,GAAoB,GAKxB,SAASC,KACP,IAAK,IAAIpoC,EAAI,EAAGA,EAAIqoC,UAAUvoC,OAAQE,IACpC,KAAMqoC,UAAUroC,aAAcL,YAC5B,MAAM,IAAI2oC,UAAU,kCAE1B,CAMA/I,GAAKgJ,WAAa,SAAS1yB,EAAGwV,GAE5B,GADA+c,GAAgBvyB,EAAGwV,GApBe,KAqB9BxV,EAAE/V,OAA0C,MAAUL,MAAM,cAChE,GAvB4B,KAuBxB4rB,EAAEvrB,OAAoC,MAAUL,MAAM,cAC1D,IAAIoiB,EAAI,IAAIliB,WAxBgB,IA0B5B,OADAskC,GAAkBpiB,EAAGhM,EAAGwV,GACjBxJ,CACT,EAEA0d,GAAKtV,IAAM,CAAE,EAEbsV,GAAKtV,IAAI0T,QAAU,WACjB,IAAI2J,EAAK,IAAI3nC,WA9BiB,IA+B1B4nC,EAAK,IAAI5nC,WA9BiB,IAgC9B,OAlsBF,SAA4Bm5B,EAAGpf,GAC7BimB,GAAYjmB,EAAG,IACR4qB,GAAuBxL,EAAGpf,EACnC,CA8rBE8uB,CAAmBlB,EAAIC,GAChB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAKtV,IAAI0T,QAAQ8K,cAAgB,SAASv7B,GAExC,GADAk7B,GAAgBl7B,GApCc,KAqC1BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAI6nC,EAAK,IAAI3nC,WAxCiB,IA0C9B,OADA2kC,GAAuBgD,EAAIp6B,GACpB,CAACjD,UAAWq9B,EAAIp6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAqyB,GAAKlB,KAAO,SAAS5U,EAAKvc,GAExB,GADAk7B,GAAgB3e,EAAKvc,GA1CU,KA2C3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAClB,IAAIipC,EAAY,IAAI/oC,WAAWwoC,GAAkB1e,EAAI3pB,QAErD,OA5JF,SAAqB6oC,EAAIpS,EAAG1gB,EAAG0xB,GAC7B,IACIvnC,EAAGqY,EADHiJ,EAAI,IAAI3hB,WAAW,IAAK8vB,EAAI,IAAI9vB,WAAW,IAAKga,EAAI,IAAIha,WAAW,IAC7D+Z,EAAI,IAAIgmB,aAAa,IAC3BrU,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MAE3BqH,GAAYvlB,EAAGimB,EAAI,IACnBjmB,EAAE,IAAM,IACRA,EAAE,KAAO,IACTA,EAAE,KAAO,GAET,IAAIsnB,EAAQ/yB,EAAI,GAChB,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK2oC,EAAG,GAAK3oC,GAAKu2B,EAAEv2B,GACvC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK2oC,EAAG,GAAK3oC,GAAKshB,EAAE,GAAKthB,GAO7C,IALA6mC,GAAYltB,EAAGgvB,EAAGzhC,SAAS,IAAK2O,EAAE,IAClC8xB,GAAOhuB,GACPytB,GAAW/b,EAAG1R,GACdotB,GAAK4B,EAAItd,GAEJrrB,EAAI,GAAIA,EAAI,GAAIA,IAAK2oC,EAAG3oC,GAAKunC,EAAGvnC,GAIrC,IAHA6mC,GAAYpX,EAAGkZ,EAAI9yB,EAAI,IACvB8xB,GAAOlY,GAEFzvB,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK,EAChC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAK0Z,EAAE1Z,GAAK2Z,EAAE3Z,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAClB,IAAKqY,EAAI,EAAGA,EAAI,GAAIA,IAClBqB,EAAE1Z,EAAEqY,IAAMoX,EAAEzvB,GAAKshB,EAAEjJ,GAIvBqvB,GAAKiB,EAAGzhC,SAAS,IAAKwS,EAExB,CA0HEmvB,CAAYH,EAAWjf,EAAKA,EAAI3pB,OAAQoN,GACjCw7B,CACT,EAEAnJ,GAAKlB,KAAKyK,SAAW,SAASrf,EAAKvc,GAGjC,IAFA,IAAIw7B,EAAYnJ,GAAKlB,KAAK5U,EAAKvc,GAC3B67B,EAAM,IAAIppC,WAAWwoC,IAChBnoC,EAAI,EAAGA,EAAI+oC,EAAIjpC,OAAQE,IAAK+oC,EAAI/oC,GAAK0oC,EAAU1oC,GACxD,OAAO+oC,CACT,EAEAxJ,GAAKlB,KAAKyK,SAASlK,OAAS,SAASnV,EAAKsf,EAAK9+B,GAE7C,GADAm+B,GAAgB3e,EAAKsf,EAAK9+B,GACtB8+B,EAAIjpC,SAAWqoC,GACjB,MAAU1oC,MAAM,sBAClB,GA9D+B,KA8D3BwK,EAAUnK,OACZ,MAAUL,MAAM,uBAClB,IAEIO,EAFA2oC,EAAK,IAAIhpC,WAAWwoC,GAAoB1e,EAAI3pB,QAC5Cy2B,EAAI,IAAI52B,WAAWwoC,GAAoB1e,EAAI3pB,QAE/C,IAAKE,EAAI,EAAGA,EAAImoC,GAAmBnoC,IAAK2oC,EAAG3oC,GAAK+oC,EAAI/oC,GACpD,IAAKA,EAAI,EAAGA,EAAIypB,EAAI3pB,OAAQE,IAAK2oC,EAAG3oC,EAAEmoC,IAAqB1e,EAAIzpB,GAC/D,OAxGF,SAA0Bu2B,EAAGoS,EAAI9yB,EAAGyxB,GAClC,IAAItnC,EACA4Z,EAAI,IAAIja,WAAW,IAAK8vB,EAAI,IAAI9vB,WAAW,IAC3C0rB,EAAI,CAACmU,KAAMA,KAAMA,KAAMA,MACvB3d,EAAI,CAAC2d,KAAMA,KAAMA,KAAMA,MAE3B,GAAI3pB,EAAI,GAAI,OAAQ,EAEpB,GAAI+xB,GAAU/lB,EAAGylB,GAAK,OAAQ,EAE9B,IAAKtnC,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK2oC,EAAG3oC,GAClC,IAAKA,EAAI,EAAGA,EAAI,GAAIA,IAAKu2B,EAAEv2B,EAAE,IAAMsnC,EAAGtnC,GAUtC,GATA6mC,GAAYpX,EAAG8G,EAAG1gB,GAClB8xB,GAAOlY,GACP0X,GAAW9b,EAAGxJ,EAAG4N,GAEjB2X,GAAWvlB,EAAG8mB,EAAGzhC,SAAS,KAC1B/E,GAAIkpB,EAAGxJ,GACPklB,GAAKntB,EAAGyR,GAERxV,GAAK,GACD0qB,GAAiBoI,EAAI,EAAG/uB,EAAG,GAAI,CACjC,IAAK5Z,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK,EAC/B,OAAQ,CACZ,CAEE,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAKu2B,EAAEv2B,GAAK2oC,EAAG3oC,EAAI,IACtC,OAAO6V,CACT,CA4EUmzB,CAAiBzS,EAAGoS,EAAIA,EAAG7oC,OAAQmK,IAAc,CAC3D,EAEAs1B,GAAKlB,KAAKV,QAAU,WAClB,IAAI2J,EAAK,IAAI3nC,WAzEkB,IA0E3B4nC,EAAK,IAAI5nC,WAzEkB,IA2E/B,OADA0nC,GAAoBC,EAAIC,GACjB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAKlB,KAAKV,QAAQ8K,cAAgB,SAASv7B,GAEzC,GADAk7B,GAAgBl7B,GA/Ee,KAgF3BA,EAAUpN,OACZ,MAAUL,MAAM,uBAElB,IADA,IAAI6nC,EAAK,IAAI3nC,WAnFkB,IAoFtBK,EAAI,EAAGA,EAAIsnC,EAAGxnC,OAAQE,IAAKsnC,EAAGtnC,GAAKkN,EAAU,GAAGlN,GACzD,MAAO,CAACiK,UAAWq9B,EAAIp6B,UAAW,IAAIvN,WAAWuN,GACnD,EAEAqyB,GAAKlB,KAAKV,QAAQsL,SAAW,SAASC,GAEpC,GADAd,GAAgBc,GAvFU,KAwFtBA,EAAKppC,OACP,MAAUL,MAAM,iBAGlB,IAFA,IAAI6nC,EAAK,IAAI3nC,WA5FkB,IA6F3B4nC,EAAK,IAAI5nC,WA5FkB,IA6FtBK,EAAI,EAAGA,EAAI,GAAIA,IAAKunC,EAAGvnC,GAAKkpC,EAAKlpC,GAE1C,OADAqnC,GAAoBC,EAAIC,GAAI,GACrB,CAACt9B,UAAWq9B,EAAIp6B,UAAWq6B,EACpC,EAEAhI,GAAK4J,QAAU,SAAShkC,GACtBw6B,GAAcx6B,CAChB,EAEA,WAGE,GAAIkV,IAAUA,GAAO0f,gBAAiB,CAGpCwF,GAAK4J,SAAQ,SAASzvB,EAAG7D,GACvB,IAAI7V,EAAG8X,EAAI,IAAInY,WAAWkW,GAC1B,IAAK7V,EAAI,EAAGA,EAAI6V,EAAG7V,GAHT,MAIRqa,GAAO0f,gBAAgBjiB,EAAE5Q,SAASlH,EAAGA,EAAI2G,KAAKsd,IAAIpO,EAAI7V,EAJ9C,SAMV,IAAKA,EAAI,EAAGA,EAAI6V,EAAG7V,IAAK0Z,EAAE1Z,GAAK8X,EAAE9X,IAvGvC,SAAiBokB,GACf,IAAK,IAAIpkB,EAAI,EAAGA,EAAIokB,EAAItkB,OAAQE,IAAKokB,EAAIpkB,GAAK,CAChD,CAsGMopC,CAAQtxB,EACd,GACA,CACC,CAfD,GC5yCA,MAAMuxB,GAAY,CAChB,mBAAoB1gC,EAAMC,MAAMC,SAChC,aAAcF,EAAMC,MAAMG,SAC1B,aAAcJ,EAAMC,MAAMK,SAC1B,aAAcN,EAAMC,MAAMO,UAC1B,qBAAsBR,EAAMC,MAAMQ,cAClC,uBAAwBT,EAAMC,MAAMU,iBACpC,qBAAsBX,EAAMC,MAAMY,gBAClC,qBAAsBb,EAAMC,MAAMa,gBAClC,qBAAsBd,EAAMC,MAAMc,iBAGpC,MAAM4/B,GACJ,WAAAxrC,CAAYyrC,GACV,GAAIA,aAAeD,GACjBprC,KAAKqrC,IAAMA,EAAIA,SACV,GAAIv0B,EAAKrW,QAAQ4qC,IACbv0B,EAAKtV,aAAa6pC,GAAM,CAEjC,GAAe,KADfA,EAAM,IAAI5pC,WAAW4pC,IACb,GAAa,CACnB,GAAIA,EAAI,KAAOA,EAAIzpC,OAAS,EAC1B,MAAUL,MAAM,sCAElB8pC,EAAMA,EAAIriC,SAAS,EAC3B,CACMhJ,KAAKqrC,IAAMA,CACjB,MACMrrC,KAAKqrC,IAAM,EAEjB,CAOE,IAAAhpC,CAAK9B,GACH,GAAIA,EAAMqB,QAAU,EAAG,CACrB,MAAMA,EAASrB,EAAM,GACrB,GAAIA,EAAMqB,QAAU,EAAIA,EAEtB,OADA5B,KAAKqrC,IAAM9qC,EAAMyI,SAAS,EAAG,EAAIpH,GAC1B,EAAI5B,KAAKqrC,IAAIzpC,MAE5B,CACI,MAAUL,MAAM,cACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKqrC,IAAIzpC,SAAU5B,KAAKqrC,KAC1E,CAME,KAAAC,GACE,OAAOx0B,EAAK2C,gBAAgBzZ,KAAKqrC,IACrC,CAOE,OAAAE,GACE,MAAMtjC,EAAOkjC,GAAUnrC,KAAKsrC,SAC5B,IAAKrjC,EACH,MAAU1G,MAAM,oCAGlB,OAAO0G,CACX,ECtFO,SAASujC,GAAiBrhC,GAC/B,IACIyO,EADAyU,EAAM,EAEV,MAAMpZ,EAAO9J,EAAM,GAcnB,OAXI8J,EAAO,MACRoZ,GAAOljB,EACRyO,EAAS,GACA3E,EAAO,KAChBoZ,GAAQljB,EAAM,GAAK,KAAQ,GAAMA,EAAM,GAAM,IAC7CyO,EAAS,GACS,MAAT3E,IACToZ,EAAMvW,EAAKY,WAAWvN,EAAMnB,SAAS,EAAG,IACxC4P,EAAS,GAGJ,CACLyU,IAAKA,EACLzU,OAAQA,EAEZ,CASO,SAAS6yB,GAAkB7pC,GAChC,OAAIA,EAAS,IACJ,IAAIH,WAAW,CAACG,IACdA,EAAS,KAAOA,EAAS,KAK3B,IAAIH,WAAW,CAAyB,KAAtBG,EAAS,KAAQ,GAAWA,EAAS,IAAO,MAEhEkV,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAAC,MAAOqV,EAAKc,YAAYhW,EAAQ,IAChF,CAEO,SAAS8pC,GAAmBC,GACjC,GAAIA,EAAQ,GAAKA,EAAQ,GACvB,MAAUpqC,MAAM,iDAElB,OAAO,IAAIE,WAAW,CAAC,IAAMkqC,GAC/B,CAEO,SAASC,GAASC,GAEvB,OAAO,IAAIpqC,WAAW,CAAC,IAAOoqC,GAChC,CAUO,SAASC,GAAYD,EAAUjqC,GAEpC,OAAOkV,EAAKpV,iBAAiB,CAACkqC,GAASC,GAAWJ,GAAkB7pC,IACtE,CAOO,SAASmqC,GAAkBhuB,GAChC,MAAO,CACLtT,EAAMkE,OAAOU,YACb5E,EAAMkE,OAAOO,eACbzE,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBACbsP,SAASnB,EACb,CASOzb,eAAe0pC,GAAYzrC,EAAO0rC,GACvC,MAAMvoC,EAASme,EAAiBthB,GAChC,IAAII,EACAurC,EACJ,IACE,MAAMC,QAAoBzoC,EAAOwG,UAAU,GAE3C,IAAKiiC,GAAeA,EAAYvqC,OAAS,KAAuB,IAAjBuqC,EAAY,IACzD,MAAU5qC,MAAM,iGAElB,MAAM6qC,QAAmB1oC,EAAOkG,WAChC,IAEIyiC,EAOAC,EATAvuB,GAAO,EACP4gB,GAAU,EAGdA,EAAS,EACS,GAAbyN,IACHzN,EAAS,GAIPA,EAEF5gB,EAAmB,GAAbquB,GAGNruB,GAAoB,GAAbquB,IAAsB,EAC7BE,EAAgC,EAAbF,GAGrB,MAAMG,EAA0BR,GAAkBhuB,GAClD,IAiBIyuB,EAjBA79B,EAAS,KACb,GAAI49B,EAAyB,CAC3B,GAA6B,UAAzBz1B,EAAK7V,SAASV,GAAoB,CACpC,MAAM2I,EAAc,IAAIujC,EACxB9rC,EAASmhB,EAAiB5Y,GAC1ByF,EAASzF,CACjB,KAAa,CACL,MAAMtE,EAAY,IAAIoB,gBACtBrF,EAASmhB,EAAiBld,EAAUO,UACpCwJ,EAAS/J,EAAUM,QAC3B,CAEMgnC,EAAmBD,EAAS,CAAEluB,MAAKpP,UACzC,MACMA,EAAS,GAIX,EAAG,CACD,GAAKgwB,EAiCE,CAEL,MAAM+N,QAAmBhpC,EAAOkG,WAEhC,GADA4iC,GAAmB,EACfE,EAAa,IACfL,EAAeK,OAEV,GAAIA,GAAc,KAAOA,EAAa,IAC3CL,GAAiBK,EAAa,KAAQ,SAAYhpC,EAAOkG,WAAc,SAElE,GAAI8iC,EAAa,KAAOA,EAAa,KAG1C,GAFAL,EAAe,IAAmB,GAAbK,GACrBF,GAAmB,GACdD,EACH,MAAM,IAAInC,UAAU,2DAItBiC,QAAsB3oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,UAE9B,MApDQ,OAAQ0iC,GACN,KAAK,EAGHD,QAAqB3oC,EAAOkG,WAC5B,MACF,KAAK,EAGHyiC,QAAsB3oC,EAAOkG,YAAc,QAAWlG,EAAOkG,WAC7D,MACF,KAAK,EAGHyiC,QAAsB3oC,EAAOkG,YAAc,SAAalG,EAAOkG,YAAc,SAAalG,EAAOkG,YAC/F,QAAWlG,EAAOkG,WACpB,MACF,QAWEyiC,EAAe9jC,IAyBrB,GAAI8jC,EAAe,EAAG,CACpB,IAAI7jC,EAAY,EAChB,OAAa,CACP7H,SAAcA,EAAOgF,MACzB,MAAMnD,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OACrC,GAAIG,EAAM,CACR,GAAI6pC,IAAiB9jC,IAAU,MAC/B,MAAUhH,MAAM,2BAC5B,CACU,MAAMyB,EAAQqpC,IAAiB9jC,IAAWhG,EAAQA,EAAMyG,SAAS,EAAGqjC,EAAe7jC,GAInF,GAHI7H,QAAcA,EAAOoC,MAAMC,GAC1B2L,EAAO7L,KAAKE,GACjBwF,GAAajG,EAAMX,OACf4G,GAAa6jC,EAAc,CAC7B3oC,EAAOiG,QAAQpH,EAAMyG,SAASqjC,EAAe7jC,EAAYjG,EAAMX,SAC/D,KACZ,CACA,CACA,CACA,OAAa4qC,GAiCT,MAAMG,QAAmBjpC,EAAOwG,UAAUqiC,EAA0BhkC,IAAW,GAS/E,OARI5H,SACIA,EAAOgF,YACPhF,EAAOsC,UAEb0L,EAASmI,EAAKpV,iBAAiBiN,SAEzBs9B,EAAS,CAAEluB,MAAKpP,aAEhBg+B,IAAeA,EAAW/qC,MACnC,CAAC,MAAOsC,GACP,GAAIvD,EAEF,aADMA,EAAOuC,MAAMgB,IACZ,EAEP,MAAMA,CAEZ,CAAY,QACJvD,SACIurC,EAERxoC,EAAO7C,aACX,CACA,CAEO,MAAM+rC,WAAyBrrC,MACpC,WAAA3B,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM4sC,IAGhC5sC,KAAKiI,KAAO,kBAChB,EAIO,MAAM6kC,WAA2BF,GACtC,WAAAhtC,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM4sC,IAGhC5sC,KAAKiI,KAAO,oBAChB,EAGO,MAAM8kC,GACX,WAAAntC,CAAYme,EAAKivB,GACfhtC,KAAK+d,IAAMA,EACX/d,KAAKgtC,WAAaA,CACtB,CAEE,KAAAjqC,GACE,OAAO/C,KAAKgtC,UAChB,ECxSO1qC,eAAe2qC,GAASxqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjBixB,QAAqBhxB,EAAUwjB,YAAY,WAAW,EAAM,CAAC,OAAQ,WAErElsB,QAAmB0I,EAAUyjB,UAAU,MAAOuN,EAAa15B,YAC3DzH,QAAkBmQ,EAAUyjB,UAAU,MAAOuN,EAAanhC,WAEhE,MAAO,CACLi3B,EAAG,IAAIvhC,WAAW2d,EAAgBrT,EAAUyP,IAC5CwvB,KAAM5rB,EAAgB5L,EAAW4P,GAEpC,CAAC,MAAOiT,GACP,GAAiB,sBAAbA,EAAIpuB,MAA6C,mBAAbouB,EAAIpuB,KAC1C,MAAMouB,EAER,MAAM2U,EAAOpP,GAAeuR,GAAe1qB,KACnC1W,UAAWi3B,GAAM73B,GAAQg1B,KAAKV,QAAQsL,SAASC,GACvD,MAAO,CAAEhI,IAAGgI,OACpB,CAEI,KAAKvgC,EAAMsB,UAAUa,MAAO,CAC1B,MAAMA,QAAckK,EAAKM,cAAc3M,EAAMsB,UAAUa,OACjDo+B,EAAOp+B,EAAMwgC,MAAMC,mBAEzB,MAAO,CAAErK,EADCp2B,EAAM0gC,aAAatC,GACjBA,OAClB,CACI,QACE,MAAUzpC,MAAM,+BAEtB,CAeOe,eAAe69B,GAAK1d,EAAMwd,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GACzE,GAAI9vB,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkBioB,GAAqB9qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjByiB,EAAM8O,GAAgB/qB,EAAM1W,EAAWyH,GACvC7C,QAAYuL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,SAMrE,MAAO,CAAE+O,GAJS,IAAIhsC,iBACdya,EAAUikB,KAAK,UAAWxvB,EAAK8sB,IAIxC,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIpuB,KACN,MAAMouB,EAER,MAAMrnB,EAAY8H,EAAKpV,iBAAiB,CAAC8R,EAAYzH,IAErD,MAAO,CAAE0hC,GADStiC,GAAQg1B,KAAKyK,SAASnN,EAAQzuB,GAExD,CAEI,KAAKvE,EAAMsB,UAAUa,MAGnB,MAAO,CAAE6gC,UAFW32B,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC/BuzB,KAAK1C,EAAQjqB,IAGvC,QACE,MAAUjS,MAAM,+BAGtB,CAaOe,eAAeo+B,GAAOje,EAAMwd,GAAUwN,GAAEA,GAAMpV,EAAGtsB,EAAW0xB,GACjE,GAAI9vB,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkBioB,GAAqB9qB,IAIjF,MAAUlhB,MAAM,sCAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,IACE,MAAM+Q,EAAYpF,EAAKmF,eACjByiB,EAAMgP,GAAejrB,EAAM1W,GAC3B4E,QAAYuL,EAAUmX,UAAU,MAAOqL,EAAK,WAAW,EAAO,CAAC,WAErE,aADuBxiB,EAAUwkB,OAAO,UAAW/vB,EAAK88B,EAAIhQ,EAE7D,CAAC,MAAOpH,GACP,GAAiB,sBAAbA,EAAIpuB,KACN,MAAMouB,EAER,OAAOlrB,GAAQg1B,KAAKyK,SAASlK,OAAOjD,EAAQgQ,EAAI1hC,EACxD,CAEI,KAAKtB,EAAMsB,UAAUa,MAEnB,aADoBkK,EAAKM,cAAc3M,EAAMsB,UAAUa,QAC1C8zB,OAAO+M,EAAIhQ,EAAQ1xB,GAElC,QACE,MAAUxK,MAAM,+BAEtB,CAiCO,SAAS4rC,GAAe1qB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAO,GAET,KAAKV,EAAMsB,UAAUa,MACnB,OAAO,GAET,QACE,MAAUrL,MAAM,+BAEtB,CAEO,SAASgsC,GAAqB9qB,GACnC,OAAQA,GACN,KAAKhY,EAAMsB,UAAUZ,QACnB,OAAOV,EAAMkD,KAAKI,OACpB,KAAKtD,EAAMsB,UAAUa,MACnB,OAAOnC,EAAMkD,KAAKM,OACpB,QACE,MAAU1M,MAAM,sBAEtB,CAEA,MAAMmsC,GAAiB,CAACjrB,EAAM1W,KAC5B,GAAQ0W,IACDhY,EAAMsB,UAAUZ,QAAS,CAO5B,MANY,CACVkzB,IAAK,MACLsP,IAAK,UACLnyB,EAAG+D,EAAgBxT,GACnBwyB,KAAK,EAGb,CAEM,MAAUh9B,MAAM,8BACtB,EAGMisC,GAAkB,CAAC/qB,EAAM1W,EAAWyH,KACxC,GAAQiP,IACDhY,EAAMsB,UAAUZ,QAAS,CAC5B,MAAMuzB,EAAMgP,GAAejrB,EAAM1W,GAEjC,OADA2yB,EAAItb,EAAI7D,EAAgB/L,GACjBkrB,CACb,CAEM,MAAUn9B,MAAM,8BACtB,iIAxEOe,eAA8BmgB,EAAMugB,EAAGgI,GAC5C,OAAQvoB,GACN,KAAKhY,EAAMsB,UAAUZ,QAAS,CAM5B,MAAMY,UAAEA,GAAcZ,GAAQg1B,KAAKV,QAAQsL,SAASC,GACpD,OAAOl0B,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CAEI,KAAKtB,EAAMsB,UAAUa,MAAO,CAC1B,MAEMb,SAFc+K,EAAKM,cAAc3M,EAAMsB,UAAUa,QAE/B0gC,aAAatC,GACrC,OAAOl0B,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CACI,QACE,OAAO,EAEb,cCrKA,MAAMmQ,GAAYpF,EAAKmF,eAQhB3Z,eAAesrC,GAAKnrB,EAAM9R,EAAKk9B,GACpC,MAAM7qB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWohB,EACtC,MAAUzhB,MAAM,oCAGlB,IACE,MAAMusC,QAAoB5xB,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,YAEhF8lC,QAAkB7xB,GAAUmX,UAAU,MAAOwa,EAAY,CAAE5lC,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SACnGqgC,QAAgB9xB,GAAU+xB,QAAQ,MAAOF,EAAWD,EAAa,CAAE7lC,KAAM,WAC/E,OAAO,IAAIxG,WAAWusC,EACvB,CAAC,MAAO3X,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QACrE,CAEE,OAAO26B,GAAWv9B,GAAKod,QAAQ8f,EACjC,CASOvrC,eAAe6rC,GAAO1rB,EAAM9R,EAAKy9B,GACtC,MAAMprB,QAAEA,GAAYD,GAAgBN,GAEpC,IAAK3L,EAAK0H,MAAMiE,IAAS9R,EAAI/O,SAAWohB,EACtC,MAAUzhB,MAAM,oCAGlB,IAAIusC,EACJ,IACEA,QAAoB5xB,GAAUmX,UAAU,MAAO1iB,EAAK,CAAE1I,KAAM,WAAY,EAAO,CAAC,aACjF,CAAC,MAAOouB,GAEP,GAAiB,sBAAbA,EAAIpuB,OACW,KAAf0I,EAAI/O,QAA8B,mBAAby0B,EAAIpuB,MAC3B,MAAMouB,EAGR,OADAvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,SAC1D26B,GAAWv9B,GAAK0d,QAAQ+f,EACnC,CAEE,IACE,MAAMC,QAAkBnyB,GAAUoyB,UAAU,MAAOF,EAAaN,EAAa,CAAE7lC,KAAM,UAAY,CAAEA,KAAM,OAAQ0F,KAAM,YAAa,EAAM,CAAC,SAC3I,OAAO,IAAIlM,iBAAiBya,GAAUyjB,UAAU,MAAO0O,GACxD,CAAC,MAAOhY,GACP,GAAiB,mBAAbA,EAAIpuB,KACN,MAAU1G,MAAM,6BAElB,MAAM80B,CACV,CACA,uECxFA,MAAMna,GAAYpF,EAAKmF,eAER3Z,eAAeisC,GAAYtO,EAAUuO,EAAUC,EAAMC,EAAM5e,GACxE,MAAMniB,EAAOlD,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,GACvC,IAAKtyB,EAAM,MAAUpM,MAAM,qCAE3B,MAAMotC,QAAoBzyB,GAAUmX,UAAU,MAAOmb,EAAU,QAAQ,EAAO,CAAC,eACzExyB,QAAaE,GAAU0yB,WAAW,CAAE3mC,KAAM,OAAQ0F,OAAM8gC,OAAMC,QAAQC,EAAsB,EAAT7e,GACzF,OAAO,IAAIruB,WAAWua,EACxB,CCHA,MAAM6yB,GAAY,CAChBniC,OAAQoK,EAAKwD,WAAW,kBACxB3N,KAAMmK,EAAKwD,WAAW,iBAQjBhY,eAAe2qC,GAASxqB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAE3B,MAAM6M,EAAIqiB,GAAe,KACjB7vB,UAAWi3B,GAAMt2B,GAAOqf,IAAI0T,QAAQ8K,cAAchxB,GAC1D,MAAO,CAAEypB,IAAGzpB,IAClB,CAEI,KAAK9O,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChD4M,EAAI5M,EAAKygC,MAAMC,mBAErB,MAAO,CAAErK,EADCr2B,EAAK2gC,aAAa/zB,GAChBA,IAClB,CACI,QACE,MAAUhY,MAAM,8BAEtB,CA+GO,SAAS4rC,GAAe1qB,GAC7B,OAAQA,GACN,KAAKhY,EAAMsB,UAAUW,OACnB,OAAO,GAET,KAAKjC,EAAMsB,UAAUY,KACnB,OAAO,GAET,QACE,MAAUpL,MAAM,8BAEtB,CAOOe,eAAewsC,GAAoCrsB,EAAMssB,GAC9D,OAAQtsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMsiC,EAAqBpT,GAAeuR,GAAe1qB,IACnDwsB,EAAeviC,GAAO29B,WAAW2E,EAAoBD,GAC3DG,GAAmBD,GACnB,MAAQljC,UAAWojC,GAAuBziC,GAAOqf,IAAI0T,QAAQ8K,cAAcyE,GAC3E,MAAO,CAAEG,qBAAoBF,eACnC,CACI,KAAKxkC,EAAMsB,UAAUY,KAAM,CACzB,MAAMA,QAAamK,EAAKM,cAAc3M,EAAMsB,UAAUY,MAChDqiC,EAAqBriC,EAAKygC,MAAMC,mBAChC4B,EAAetiC,EAAKyiC,gBAAgBJ,EAAoBD,GAC9DG,GAAmBD,GAEnB,MAAO,CAAEE,mBADkBxiC,EAAK2gC,aAAa0B,GAChBC,eACnC,CACI,QACE,MAAU1tC,MAAM,8BAEtB,CAEOe,eAAe+sC,GAAsB5sB,EAAM0sB,EAAoBnM,EAAGzpB,GACvE,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAMuiC,EAAeviC,GAAO29B,WAAW9wB,EAAG41B,GAE1C,OADAD,GAAmBD,GACZA,CACb,CACI,KAAKxkC,EAAMsB,UAAUY,KAAM,CACzB,MACMsiC,SADan4B,EAAKM,cAAc3M,EAAMsB,UAAUY,OAC5ByiC,gBAAgB71B,EAAG41B,GAE7C,OADAD,GAAmBD,GACZA,CACb,CACI,QACE,MAAU1tC,MAAM,8BAEtB,CAQA,SAAS2tC,GAAmBD,GAC1B,IAAIK,EAAM,EACV,IAAK,IAAIxtC,EAAI,EAAGA,EAAImtC,EAAartC,OAAQE,IACvCwtC,GAAOL,EAAantC,GAEtB,GAAY,IAARwtC,EACF,MAAU/tC,MAAM,6BAEpB,2DAjGOe,eAAuBmgB,EAAM0sB,EAAoBI,EAAYvM,EAAGzpB,GACrE,MAAM01B,QAAqBI,GAAsB5sB,EAAM0sB,EAAoBnM,EAAGzpB,GACxEi2B,EAAY14B,EAAKpV,iBAAiB,CACtCytC,EACAnM,EACAiM,IAEF,OAAQxsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B8V,QAAEA,GAAYD,GAAgBtE,GAEpC,OAAOgxB,GAAahxB,QADQ8vB,GAAY9jC,EAAMkD,KAAKI,OAAQyhC,EAAW,IAAI/tC,WAAcotC,GAAUniC,OAAQsW,GAC3DusB,EACrD,CACI,KAAK9kC,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B4V,QAAEA,GAAYD,GAAgBtY,EAAMoC,UAAUO,QAEpD,OAAOqiC,GAAahxB,QADQ8vB,GAAY9jC,EAAMkD,KAAKM,OAAQuhC,EAAW,IAAI/tC,WAAcotC,GAAUliC,KAAMqW,GACzDusB,EACrD,CACI,QACE,MAAUhuC,MAAM,8BAEtB,UA9DOe,eAAuBmgB,EAAM5b,EAAMkoC,GACxC,MAAMI,mBAAEA,EAAkBF,aAAEA,SAAuBH,GAAoCrsB,EAAMssB,GACvFS,EAAY14B,EAAKpV,iBAAiB,CACtCytC,EACAJ,EACAE,IAEF,OAAQxsB,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAC3B,MAAM+R,EAAahU,EAAMoC,UAAUK,QAC7B8V,QAAEA,GAAYD,GAAgBtE,GAC9BixB,QAAsBnB,GAAY9jC,EAAMkD,KAAKI,OAAQyhC,EAAW,IAAI/tC,WAAcotC,GAAUniC,OAAQsW,GAE1G,MAAO,CAAEmsB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe7oC,GAErE,CACI,KAAK4D,EAAMsB,UAAUY,KAAM,CACzB,MAAM8R,EAAahU,EAAMoC,UAAUO,QAC7B4V,QAAEA,GAAYD,GAAgBtY,EAAMoC,UAAUO,QAC9CsiC,QAAsBnB,GAAY9jC,EAAMkD,KAAKM,OAAQuhC,EAAW,IAAI/tC,WAAcotC,GAAUliC,KAAMqW,GAExG,MAAO,CAAEmsB,qBAAoBI,iBADJI,GAAWlxB,EAAYixB,EAAe7oC,GAErE,CAEI,QACE,MAAUtF,MAAM,8BAEtB,+GA/DOe,eAA8BmgB,EAAMugB,EAAGzpB,GAC5C,OAAQkJ,GACN,KAAKhY,EAAMsB,UAAUW,OAAQ,CAK3B,MAAMX,UAAEA,GAAcW,GAAOqf,IAAI0T,QAAQ8K,cAAchxB,GACvD,OAAOzC,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CACI,KAAKtB,EAAMsB,UAAUY,KAAM,CACzB,MAKMZ,SALa+K,EAAKM,cAAc3M,EAAMsB,UAAUY,OAK/B2gC,aAAa/zB,GACpC,OAAOzC,EAAKmE,iBAAiB+nB,EAAGj3B,EACtC,CAEI,QACE,OAAO,EAEb,IC7CA,MAAMmQ,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAElBuzB,GAAY,CAChB,CAACnlC,EAAMC,MAAMC,UAAW,QACxB,CAACF,EAAMC,MAAMG,UAAW,QACxB,CAACJ,EAAMC,MAAMK,UAAW,SAEpB8kC,GAAc7rB,GAAaA,GAAW8rB,YAAc,GACpDC,GAAa/rB,GAAa,CAC9B,CAACvZ,EAAMC,MAAMO,WAAY4kC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC3E,CAACqI,EAAMC,MAAMC,UAAWklC,GAAY3wB,SAAS,cAAgB,kBAAe9c,EAC5E,CAACqI,EAAMC,MAAMG,UAAWglC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMK,UAAW8kC,GAAY3wB,SAAS,aAAe,iBAAc9c,EAC1E,CAACqI,EAAMC,MAAMQ,eAAgB2kC,GAAY3wB,SAAS,WAAa,eAAY9c,EAC3E,CAACqI,EAAMC,MAAMU,kBAAmBykC,GAAY3wB,SAAS,UAAY,cAAW9c,EAC5E,CAACqI,EAAMC,MAAMY,iBAAkBukC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMa,iBAAkBskC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,EAC7F,CAACqI,EAAMC,MAAMc,iBAAkBqkC,GAAY3wB,SAAS,mBAAqB,uBAAoB9c,GAC3F,CAAE,EAEA4tC,GAAS,CACb,CAACvlC,EAAMC,MAAMC,UAAW,CACtB0gC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,GAAM,IAAM,GAAM,EAAM,EAAM,GAC5D4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMC,UAC7BwlC,IAAKP,GAAUnlC,EAAMC,MAAMC,UAC3BylC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMG,UAAW,CACtBwgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB4U,OAAQnY,EAAMoC,UAAUM,OACxB+iC,KAAMH,GAAWtlC,EAAMC,MAAMG,UAC7BslC,IAAKP,GAAUnlC,EAAMC,MAAMG,UAC3BulC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMK,UAAW,CACtBsgC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB2U,OAAQnY,EAAMoC,UAAUO,OACxB8iC,KAAMH,GAAWtlC,EAAMC,MAAMK,UAC7BolC,IAAKP,GAAUnlC,EAAMC,MAAMK,UAC3BqlC,YAAa,GACbC,WAAY,IACZC,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMO,WAAY,CACvBogC,IAAK,CAAC,EAAM,EAAM,GAAM,IAAM,EAAM,EAAM,IAC1C4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMO,WAC7BmlC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMQ,eAAgB,CAC3BmgC,IAAK,CAAC,EAAM,EAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,GAAM,GAClE4E,QAASxlC,EAAMsB,UAAUQ,YACzBoB,KAAMlD,EAAMkD,KAAKM,OACjBiiC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC7lC,EAAMC,MAAMU,kBAAmB,CAC9BigC,IAAK,CAAC,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,IAAM,GAAM,EAAM,EAAM,GACxE4E,QAASxlC,EAAMsB,UAAUM,KACzBsB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,MAAM,EACNE,YAAa,GACbE,sBAAuB,IAEzB,CAAC7lC,EAAMC,MAAMY,iBAAkB,CAC7B+/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,GAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKI,OACjB6U,OAAQnY,EAAMoC,UAAUK,OACxBgjC,KAAMH,GAAWtlC,EAAMC,MAAMY,iBAC7B8kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMa,iBAAkB,CAC7B8/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKK,OACjB4U,OAAQnY,EAAMoC,UAAUM,OACxB+iC,KAAMH,GAAWtlC,EAAMC,MAAMa,iBAC7B6kC,YAAa,GACbE,sBAAuB,GAEzB,CAAC7lC,EAAMC,MAAMc,iBAAkB,CAC7B6/B,IAAK,CAAC,EAAM,EAAM,GAAM,GAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,IAClE4E,QAASxlC,EAAMsB,UAAUO,MACzBqB,KAAMlD,EAAMkD,KAAKM,OACjB2U,OAAQnY,EAAMoC,UAAUO,OACxB8iC,KAAMH,GAAWtlC,EAAMC,MAAMc,iBAC7B4kC,YAAa,GACbE,sBAAuB,IAI3B,MAAMC,GACJ,WAAA3wC,CAAY4wC,GACV,IACExwC,KAAKiI,KAAOuoC,aAAqBpF,GAC/BoF,EAAUjF,UACV9gC,EAAM1H,MAAM0H,EAAMC,MAAM8lC,EAC3B,CAAC,MAAOna,GACP,MAAM,IAAIuW,GAAiB,gBACjC,CACI,MAAMjmB,EAASqpB,GAAOhwC,KAAKiI,MAE3BjI,KAAKiwC,QAAUtpB,EAAOspB,QAEtBjwC,KAAKqrC,IAAM1kB,EAAO0kB,IAClBrrC,KAAK2N,KAAOgZ,EAAOhZ,KACnB3N,KAAK4iB,OAAS+D,EAAO/D,OACrB5iB,KAAKkwC,KAAOvpB,EAAOupB,KACnBlwC,KAAKmwC,IAAMxpB,EAAOwpB,IAClBnwC,KAAKowC,YAAczpB,EAAOypB,YAC1BpwC,KAAKqwC,WAAa1pB,EAAO0pB,WACzBrwC,KAAKswC,sBAAwB3pB,EAAO2pB,sBAChCtwC,KAAKmwC,KAAOr5B,EAAKmF,eACnBjc,KAAKiU,KAAO,MACHjU,KAAKkwC,MAAQp5B,EAAKuF,gBAC3Brc,KAAKiU,KAAO,OACHjU,KAAKiI,OAASwC,EAAMC,MAAMU,iBACnCpL,KAAKiU,KAAO,mBACHjU,KAAKiI,OAASwC,EAAMC,MAAMQ,gBACnClL,KAAKiU,KAAO,gBAElB,CAEE,gBAAMw8B,GACJ,OAAQzwC,KAAKiU,MACX,IAAK,MACH,IACE,aAsIV3R,eAA6B2F,EAAMqoC,GAEjC,MAAMpD,QAAqBhxB,GAAUwjB,YAAY,CAAEz3B,KAAM,QAASyoC,WAAYd,GAAU3nC,KAAS,EAAM,CAAC,OAAQ,WAE1GuL,QAAmB0I,GAAUyjB,UAAU,MAAOuN,EAAa15B,YAC3DzH,QAAkBmQ,GAAUyjB,UAAU,MAAOuN,EAAanhC,WAEhE,MAAO,CACLA,UAAW4kC,GAAe5kC,EAAWukC,GACrC98B,WAAY4L,EAAgB5L,EAAW4P,GAE3C,CAjJuBwtB,CAAc5wC,KAAKiI,KAAMjI,KAAKswC,sBAC5C,CAAC,MAAOja,GAEP,OADAvf,EAAKyE,gBAAgB,6CAA+C8a,EAAI9iB,SACjEs9B,GAAa7wC,KAAKiI,KACnC,CACM,IAAK,OACH,OA6IR3F,eAA8B2F,GAE5B,MAAMoE,EAAO2X,GAAW8sB,WAAWf,GAAW9nC,IAE9C,aADMoE,EAAK0kC,eACJ,CACLhlC,UAAW,IAAItK,WAAW4K,EAAKihC,gBAC/B95B,WAAY,IAAI/R,WAAW4K,EAAK2kC,iBAEpC,CArJeC,CAAejxC,KAAKiI,MAC7B,IAAK,mBAAoB,CAEvB,MAAMsR,EAAEA,EAACypB,EAAEA,SAAYkO,GAAczmC,EAAMsB,UAAUW,QAC/C8G,EAAa+F,EAAE5W,QAAQqoB,UAC7BxX,EAAW,GAAsB,IAAhBA,EAAW,GAAY,GACxCA,EAAW,KAAO,IAElB,MAAO,CAAEzH,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKswC,wBAAyBtN,IACnExvB,aAC5B,CACM,IAAK,gBAAiB,CACpB,MAAQw3B,KAAMx3B,EAAUwvB,EAAEA,SAAYmO,GAAc1mC,EAAMsB,UAAUZ,SAEpE,MAAO,CAAEY,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAKswC,wBAAyBtN,IACnExvB,aAC5B,CACM,QACE,OAAOq9B,GAAa7wC,KAAKiI,MAEjC,EAmCA3F,eAAe8uC,GAAuB3uB,EAAM4oB,EAAKgG,EAAGjuB,GAClD,MAAMkuB,EAAkB,CACtB,CAAC7mC,EAAMC,MAAMC,WAAW,EACxB,CAACF,EAAMC,MAAMG,WAAW,EACxB,CAACJ,EAAMC,MAAMK,WAAW,EACxB,CAACN,EAAMC,MAAMO,YAAY,EACzB,CAACR,EAAMC,MAAMU,kBAAmBqX,IAAShY,EAAMsB,UAAUM,KACzD,CAAC5B,EAAMC,MAAMY,kBAAkB,EAC/B,CAACb,EAAMC,MAAMa,kBAAkB,EAC/B,CAACd,EAAMC,MAAMc,kBAAkB,GAI3B8L,EAAY+zB,EAAIE,UACtB,IAAK+F,EAAgBh6B,GACnB,OAAO,EAGT,GAAIA,IAAc7M,EAAMC,MAAMU,iBAAkB,CAC9CgY,EAAIA,EAAEzgB,QAAQqoB,UAEd,MAAMjf,UAAEA,GAAcs1B,GAAKtV,IAAI0T,QAAQ8K,cAAcnnB,GAErDiuB,EAAI,IAAI5vC,WAAW4vC,GACnB,MAAME,EAAK,IAAI9vC,WAAW,CAAC,MAASsK,IACpC,QAAK+K,EAAKmE,iBAAiBs2B,EAAIF,EAKnC,CAEE,MAKME,SALmBz6B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOgL,IAK7Cg2B,aAAalqB,GAAG,GACtC,QAAKtM,EAAKmE,iBAAiBs2B,EAAIF,EAKjC,CAMA,SAASG,GAA0B9mC,EAAO+mC,GACxC,MAAMrB,YAAEA,EAAWE,sBAAEA,EAAuBroC,KAAMqP,GAAc5M,EAE1DgnC,EAAap6B,IAAc7M,EAAMC,MAAMU,kBAAoBkM,IAAc7M,EAAMC,MAAMQ,cAAiBklC,EAA4B,EAAdA,EAE1H,GAAIqB,EAAE,KAAOnB,GAAyBmB,EAAE7vC,SAAW8vC,EAAY,EAC7D,MAAUnwC,MAAM,yBAEpB,CAWAe,eAAeuuC,GAAa5oC,GAC1B,MAAM0pC,QAAmB76B,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAOrE,GAC7DuL,EAAam+B,EAAWvE,MAAMC,mBAEpC,MAAO,CAAEthC,UADS4lC,EAAWrE,aAAa95B,GAAY,GAClCA,aACtB,CAoCA,SAASm9B,GAAejS,EAAK4R,GAC3B,MAAMsB,EAAOxyB,EAAgBsf,EAAIljB,GAC3Bq2B,EAAOzyB,EAAgBsf,EAAI9D,GAC3B7uB,EAAY,IAAItK,WAAWmwC,EAAKhwC,OAASiwC,EAAKjwC,OAAS,GAI7D,OAHAmK,EAAU,GAAKukC,EACfvkC,EAAU5J,IAAIyvC,EAAM,GACpB7lC,EAAU5J,IAAI0vC,EAAMD,EAAKhwC,OAAS,GAC3BmK,CACT,CASA,SAAS+lC,GAAe1B,EAAanoC,EAAM8D,GACzC,MAAMshB,EAAM+iB,EACNwB,EAAO7lC,EAAUpJ,MAAM,EAAG0qB,EAAM,GAChCwkB,EAAO9lC,EAAUpJ,MAAM0qB,EAAM,EAAS,EAANA,EAAU,GAShD,MAPY,CACVgR,IAAK,KACLsP,IAAK1lC,EACLuT,EAAG+D,EAAgBqyB,GACnBhX,EAAGrb,EAAgBsyB,GACnBtT,KAAK,EAGT,CAUA,SAAST,GAAasS,EAAanoC,EAAM8D,EAAWyH,GAClD,MAAMkrB,EAAMoT,GAAe1B,EAAanoC,EAAM8D,GAE9C,OADA2yB,EAAItb,EAAI7D,EAAgB/L,GACjBkrB,CACT,CCvWA,MAAMxiB,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAgBjB/Z,eAAe69B,GAAKkL,EAAKpL,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GACxE,MAAM/yB,EAAQ,IAAI6lC,GAAalF,GAE/B,GADAmG,GAA0B9mC,EAAOqB,GAC7BwH,IAAYuD,EAAK7V,SAASsS,GAAU,CACtC,MAAMksB,EAAU,CAAE1zB,YAAWyH,cAC7B,OAAQ9I,EAAMuJ,MACZ,IAAK,MAEH,IAEE,aAqIV3R,eAAuBoI,EAAOu1B,EAAU1sB,EAASksB,GAC/C,MAAMpS,EAAM3iB,EAAM0lC,YACZ1R,EAAMZ,GAAapzB,EAAM0lC,YAAaR,GAAUllC,EAAMzC,MAAOw3B,EAAQ1zB,UAAW0zB,EAAQjsB,YACxF7C,QAAYuL,GAAUmX,UAC1B,MACAqL,EACA,CACEz2B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,SAGGkB,EAAY,IAAIpN,iBAAiBya,GAAUikB,KAC/C,CACEl4B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,KAE5CtvB,EACA4C,IAGF,MAAO,CACLkI,EAAG5M,EAAUlM,MAAM,EAAG0qB,GACtB1T,EAAG9K,EAAUlM,MAAM0qB,EAAKA,GAAO,GAEnC,CAlKuB+S,CAAQ11B,EAAOu1B,EAAU1sB,EAASksB,EAChD,CAAC,MAAOpJ,GAIP,GAAmB,aAAf3rB,EAAMzC,OAAqC,cAAbouB,EAAIpuB,MAAqC,mBAAbouB,EAAIpuB,MAChE,MAAMouB,EAERvf,EAAKyE,gBAAgB,oCAAsC8a,EAAI9iB,QACzE,CACQ,MACF,IAAK,OACH,OAoLRjR,eAAwBoI,EAAOu1B,EAAU1sB,EAASC,GAEhD,MAAMu+B,EAAaj7B,EAAKG,YAAY,eAC9B+6B,EAAal7B,EAAK0F,iBAChBhJ,WAAYy+B,GAAkBF,EAAWG,YAAY,CAC3D56B,UAAWy4B,GAAWrlC,EAAMzC,MAC5BuL,WAAYw+B,EAAWzxB,KAAK/M,KAGxB2sB,EAAOnc,GAAWqc,WAAW51B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC1DE,EAAKp9B,MAAMwQ,GACX4sB,EAAK73B,MAEL,MAAMuG,EAAY,IAAIpN,WAAW0+B,EAAKA,KAAK,CAAExvB,IAAKshC,EAAetT,OAAQ,MAAO1qB,KAAM,OAAQk+B,YAAa,gBACrG9kB,EAAM3iB,EAAM0lC,YAElB,MAAO,CACL30B,EAAG5M,EAAU7F,SAAS,EAAGqkB,GACzB1T,EAAG9K,EAAU7F,SAASqkB,EAAKA,GAAO,GAEtC,CAxMeiT,CAAS51B,EAAOu1B,EAAU1sB,EAASC,GAElD,CAEE,MAEM3E,SAFmBiI,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAE5Ck4B,KAAK1C,EAAQjqB,EAAY,CAAE4+B,MAAM,IAC9D,MAAO,CACL32B,EAAGggB,GAAmB5sB,EAAU4M,EAAG,KAAM/Q,EAAM0lC,aAC/Cz2B,EAAG8hB,GAAmB5sB,EAAU8K,EAAG,KAAMjP,EAAM0lC,aAEnD,CAcO9tC,eAAeo+B,GAAO2K,EAAKpL,EAAUpxB,EAAW0E,EAASxH,EAAW0xB,GACzE,MAAM/yB,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAOqB,GAOjC,MAAMsmC,EAAmC/vC,SACzB,IAAdm7B,EAAO,IACL6U,GAAS5nC,EAAOmE,EAAW4uB,EAAOz0B,SAAS,GAAI+C,GAInD,GAAIwH,IAAYuD,EAAK7V,SAASsS,GAC5B,OAAQ7I,EAAMuJ,MACZ,IAAK,MACH,IAEE,MAAMs+B,QA2GhBjwC,eAAyBoI,EAAOu1B,GAAUxkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC3D,MAAM2yB,EAAMoT,GAAepnC,EAAM0lC,YAAaR,GAAUllC,EAAMzC,MAAO8D,GAC/D4E,QAAYuL,GAAUmX,UAC1B,MACAqL,EACA,CACEz2B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS3D,EAAMiD,SAElD,EACA,CAAC,WAGGkB,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAAIrQ,OAEhD,OAAO4S,GAAUwkB,OACf,CACEz4B,KAAQ,QACRyoC,WAAcd,GAAUllC,EAAMzC,MAC9B0F,KAAQ,CAAE1F,KAAMwC,EAAMpI,KAAKoI,EAAM4D,QAAS4xB,KAE5CtvB,EACA9B,EACA0E,EAEJ,CArIiCotB,CAAUj2B,EAAOu1B,EAAUpxB,EAAW0E,EAASxH,GACtE,OAAOwmC,GAAYF,GACpB,CAAC,MAAOhc,GAIP,GAAmB,aAAf3rB,EAAMzC,OAAqC,cAAbouB,EAAIpuB,MAAqC,mBAAbouB,EAAIpuB,MAChE,MAAMouB,EAERvf,EAAKyE,gBAAgB,sCAAwC8a,EAAI9iB,QAC3E,CACQ,MACF,IAAK,OAAQ,CACX,MAAMg/B,QAgJdjwC,eAA0BoI,EAAOu1B,GAAUxkB,EAAG9B,EAAEA,GAAKpG,EAASxH,GAC5D,MAAMgmC,EAAaj7B,EAAKG,YAAY,eAC9B+6B,EAAal7B,EAAK0F,iBAChBzQ,UAAWymC,GAAiBT,EAAWG,YAAY,CACzD56B,UAAWy4B,GAAWrlC,EAAMzC,MAC5B8D,UAAWimC,EAAWzxB,KAAKxU,KAGvB20B,EAAS1c,GAAW4c,aAAan2B,EAAMpI,KAAKoI,EAAMkD,KAAMsyB,IAC9DS,EAAO39B,MAAMwQ,GACbmtB,EAAOp4B,MAEP,MAAMuG,EAAYiI,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IAE5C,IACE,OAAO+mB,EAAOA,OAAO,CAAE/vB,IAAK6hC,EAAc7T,OAAQ,MAAO1qB,KAAM,OAAQk+B,YAAa,cAAgBtjC,EACrG,CAAC,MAAOwnB,GACP,OAAO,CACX,CACA,CAnK+BwK,CAAWn2B,EAAOu1B,EAAUpxB,EAAW0E,EAASxH,GACvE,OAAOwmC,GAAYF,GAC3B,EAKE,aADuBC,GAAS5nC,EAAOmE,EAAW4uB,EAAQ1xB,IACvCsmC,GACrB,CAiDA/vC,eAAegwC,GAAS5nC,EAAOmE,EAAW4uB,EAAQ1xB,GAGhD,aAFyB+K,EAAKM,cAAc3M,EAAMsB,UAAUO,MAAO5B,EAAMzC,OAEvDy4B,OAAO5pB,EAAKpV,iBAAiB,CAACmN,EAAU4M,EAAG5M,EAAU8K,IAAK8jB,EAAQ1xB,EAAW,CAAEqmC,MAAM,GACzG,0EA3CO9vC,eAA8B+oC,EAAKgG,EAAGjuB,GAC3C,MAAM1Y,EAAQ,IAAI6lC,GAAalF,GAE/B,GAAI3gC,EAAMulC,UAAYxlC,EAAMsB,UAAUO,MACpC,OAAO,EAKT,OAAQ5B,EAAMuJ,MACZ,IAAK,MACL,IAAK,OAAQ,CACX,MAAMV,EAAUqoB,GAAe,GACzBqE,EAAWx1B,EAAMkD,KAAKI,OACtB0vB,QAAe9vB,GAAK4W,OAAO0b,EAAU1sB,GAC3C,IACE,MAAM1E,QAAkBsxB,GAAKkL,EAAKpL,EAAU1sB,EAAS89B,EAAGjuB,EAAGqa,GAE3D,aAAaiD,GAAO2K,EAAKpL,EAAUpxB,EAAW0E,EAAS89B,EAAG5T,EAC3D,CAAC,MAAOpH,GACP,OAAO,CACf,CACA,CACI,QACE,OAAO+a,GAAuB3mC,EAAMsB,UAAUO,MAAO++B,EAAKgG,EAAGjuB,GAEnE,qEC9HO9gB,eAAoB+oC,EAAKpL,EAAU1sB,EAASxH,EAAWyH,EAAYiqB,GAGxE,GADA+T,GADc,IAAIjB,GAAalF,GACEt/B,GAC7B4B,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkB7a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAQksC,GAAI5+B,SAAoB4jC,GAAUhoC,EAAMsB,UAAUZ,QAAS80B,EAAU1sB,EAASxH,EAAU/C,SAAS,GAAIwK,EAAYiqB,GAEzH,MAAO,CACLhiB,EAAG5M,EAAU7F,SAAS,EAAG,IACzB2Q,EAAG9K,EAAU7F,SAAS,IAE1B,iBAkCO1G,eAA8B+oC,EAAKgG,EAAG93B,GAE3C,GAAI8xB,EAAIE,YAAc9gC,EAAMC,MAAMQ,cAChC,OAAO,EAOT,MAAMa,UAAEA,GAAcs1B,GAAKlB,KAAKV,QAAQsL,SAASxxB,GAC3Cg4B,EAAK,IAAI9vC,WAAW,CAAC,MAASsK,IACpC,OAAO+K,EAAKmE,iBAAiBo2B,EAAGE,EAElC,SAlCOjvC,eAAsB+oC,EAAKpL,GAAUxkB,EAAG9B,EAAEA,GAAK0e,EAAGtsB,EAAW0xB,GAGlE,GADA+T,GADc,IAAIjB,GAAalF,GACEt/B,GAC7B4B,GAAK2X,kBAAkB2a,GAAYtyB,GAAK2X,kBAAkB7a,EAAMkD,KAAKI,QAIvE,MAAUxM,MAAM,sCAElB,MAAMksC,EAAK32B,EAAKpV,iBAAiB,CAAC+Z,EAAG9B,IACrC,OAAO+4B,GAAYjoC,EAAMsB,UAAUZ,QAAS80B,EAAU,CAAEwN,MAAMpV,EAAGtsB,EAAU/C,SAAS,GAAIy0B,EAC1F,ICrDO,SAAS/iB,GAAOnH,GACrB,MAAM4P,EAAI,EAAK5P,EAAQ3R,OAAS,EAC1B+W,EAAS,IAAIlX,WAAW8R,EAAQ3R,OAASuhB,GAAGsE,KAAKtE,GAEvD,OADAxK,EAAOxW,IAAIoR,GACJoF,CACT,CAOO,SAASmC,GAAOvH,GACrB,MAAM8Z,EAAM9Z,EAAQ3R,OACpB,GAAIyrB,EAAM,EAAG,CACX,MAAMlK,EAAI5P,EAAQ8Z,EAAM,GACxB,GAAIlK,GAAK,EAAG,CACV,MAAMwvB,EAAWp/B,EAAQvK,SAASqkB,EAAMlK,GAClCyvB,EAAW,IAAInxC,WAAW0hB,GAAGsE,KAAKtE,GACxC,GAAIrM,EAAKmE,iBAAiB03B,EAAUC,GAClC,OAAOr/B,EAAQvK,SAAS,EAAGqkB,EAAMlK,EAEzC,CACA,CACE,MAAU5hB,MAAM,kBAClB,yECxBA,MAAM2a,GAAYpF,EAAKmF,eACjB+H,GAAalN,EAAKuF,gBAexB,SAASw2B,GAAeC,EAAazH,EAAK0H,EAAWC,GACnD,OAAOl8B,EAAKpV,iBAAiB,CAC3B2pC,EAAItoC,QACJ,IAAItB,WAAW,CAACqxC,IAChBC,EAAUhwC,QACV+T,EAAK+C,mBAAmB,wBACxBm5B,GAEJ,CAGA1wC,eAAe2wC,GAAIhT,EAAU+B,EAAGpgC,EAAQsxC,EAAOC,GAAe,EAAOC,GAAgB,GAInF,IAAItxC,EACJ,GAAIqxC,EAAc,CAEhB,IAAKrxC,EAAI,EAAGA,EAAIkgC,EAAEpgC,QAAmB,IAATogC,EAAElgC,GAAUA,KACxCkgC,EAAIA,EAAEh5B,SAASlH,EACnB,CACE,GAAIsxC,EAAe,CAEjB,IAAKtxC,EAAIkgC,EAAEpgC,OAAS,EAAGE,GAAK,GAAc,IAATkgC,EAAElgC,GAAUA,KAC7CkgC,EAAIA,EAAEh5B,SAAS,EAAGlH,EAAI,EAC1B,CAME,aALqB6L,GAAK4W,OAAO0b,EAAUnpB,EAAKpV,iBAAiB,CAC/D,IAAID,WAAW,CAAC,EAAG,EAAG,EAAG,IACzBugC,EACAkR,MAEYlqC,SAAS,EAAGpH,EAC5B,CAUAU,eAAe+wC,GAAsB3oC,EAAO2mC,GAC1C,OAAQ3mC,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAQg7B,aAAcqE,EAASnE,mBAAEA,SAA6BoE,GAAyC9oC,EAAMsB,UAAUW,OAAQ2kC,EAAEroC,SAAS,IAE1I,MAAO,CAAE+C,UADS+K,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACiJ,EAAM4lC,wBAAyBnB,IACpEmE,YAC1B,CACI,IAAK,MACH,GAAI5oC,EAAMylC,KAAOr5B,EAAKmF,eACpB,IACE,aA8LV3Z,eAAqCoI,EAAO2mC,GAC1C,MAAM3S,EAAMoT,GAAepnC,EAAM0lC,YAAa1lC,EAAMylC,IAAKkB,GACzD,IAAI5R,EAAUvjB,GAAUwjB,YACtB,CACEz3B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,CAAC,YAAa,eAEZqD,EAAYt3B,GAAUmX,UACxB,MACAqL,EACA,CACEz2B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,KAED1Q,EAAS+T,SAAmBtzC,QAAQ4E,IAAI,CAAC26B,EAAS+T,IACnD,IAAI75B,EAAIuC,GAAU0yB,WAChB,CACE3mC,KAAM,OACNyoC,WAAYhmC,EAAMylC,IAClBsD,OAAQD,GAEV/T,EAAQjsB,WACR9I,EAAM2lC,YAEJljB,EAAIjR,GAAUyjB,UAChB,MACAF,EAAQ1zB,YAET4N,EAAGwT,SAAWjtB,QAAQ4E,IAAI,CAAC6U,EAAGwT,IAC/B,MAAMmmB,EAAY,IAAI7xC,WAAWkY,GAC3B5N,EAAY,IAAItK,WAAWkvC,GAAexjB,EAAGziB,EAAM4lC,wBACzD,MAAO,CAAEvkC,YAAWunC,YACtB,CApOuBI,CAAsBhpC,EAAO2mC,EAC3C,CAAC,MAAOhb,GAEP,OADAvf,EAAKyE,gBAAgB8a,GACdsd,GAAqBjpC,EAAO2mC,EAC7C,CAEM,MACF,IAAK,OACH,OAuPN/uC,eAAsCoI,EAAO2mC,GAC3C,MAAMuC,EAAS5vB,GAAW8sB,WAAWpmC,EAAMwlC,MAC3C0D,EAAO7C,eACP,MAAMuC,EAAY,IAAI7xC,WAAWmyC,EAAOC,cAAcxC,IAChDtlC,EAAY,IAAItK,WAAWmyC,EAAOtG,gBACxC,MAAO,CAAEvhC,YAAWunC,YACtB,CA7PaQ,CAAuBppC,EAAO2mC,GACvC,QACE,OAAOsC,GAAqBjpC,EAAO2mC,GAGzC,CAoCA/uC,eAAeyxC,GAAuBrpC,EAAO+mC,EAAGJ,EAAGjuB,GACjD,GAAIA,EAAExhB,SAAW8I,EAAM0lC,YAAa,CAClC,MAAM58B,EAAa,IAAI/R,WAAWiJ,EAAM0lC,aACxC58B,EAAWrR,IAAIihB,EAAG1Y,EAAM0lC,YAAchtB,EAAExhB,QACxCwhB,EAAI5P,CACR,CACE,OAAQ9I,EAAMuJ,MACZ,IAAK,mBAAoB,CACvB,MAAMjF,EAAYoU,EAAEzgB,QAAQqoB,UAE5B,MAAO,CAAEhc,YAAWskC,gBADIU,GAA2BvpC,EAAMsB,UAAUW,OAAQ+kC,EAAEzoC,SAAS,GAAIqoC,EAAEroC,SAAS,GAAIgG,GAE/G,CACI,IAAK,MACH,GAAItE,EAAMylC,KAAOr5B,EAAKmF,eACpB,IACE,aA2EV3Z,eAAsCoI,EAAO+mC,EAAGJ,EAAGjuB,GACjD,MAAMowB,EAAY1V,GAAapzB,EAAM0lC,YAAa1lC,EAAMylC,IAAKkB,EAAGjuB,GAChE,IAAI5P,EAAa0I,GAAUmX,UACzB,MACAmgB,EACA,CACEvrC,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,CAAC,YAAa,eAEhB,MAAMzR,EAAMoT,GAAepnC,EAAM0lC,YAAa1lC,EAAMylC,IAAKsB,GACzD,IAAImC,EAAS13B,GAAUmX,UACrB,MACAqL,EACA,CACEz2B,KAAM,OACNyoC,WAAYhmC,EAAMylC,MAEpB,EACA,KAED38B,EAAYogC,SAAgB1zC,QAAQ4E,IAAI,CAAC0O,EAAYogC,IACtD,IAAIhc,EAAI1b,GAAU0yB,WAChB,CACE3mC,KAAM,OACNyoC,WAAYhmC,EAAMylC,IAClBsD,OAAQG,GAEVpgC,EACA9I,EAAM2lC,YAEJ4D,EAAS/3B,GAAUyjB,UACrB,MACAnsB,IAEDokB,EAAGqc,SAAgB/zC,QAAQ4E,IAAI,CAAC8yB,EAAGqc,IACpC,MAAMX,EAAY,IAAI7xC,WAAWm2B,GAEjC,MAAO,CAAE5oB,UADSoQ,EAAgB60B,EAAO7wB,GACrBkwB,YACtB,CApHuBY,CAAuBxpC,EAAO+mC,EAAGJ,EAAGjuB,EAClD,CAAC,MAAOiT,GAEP,OADAvf,EAAKyE,gBAAgB8a,GACd8d,GAAsBzpC,EAAO+mC,EAAGruB,EACjD,CAEM,MACF,IAAK,OACH,OAuKN9gB,eAAuCoI,EAAO+mC,EAAGruB,GAC/C,MAAMowB,EAAYxvB,GAAW8sB,WAAWpmC,EAAMwlC,MAC9CsD,EAAUY,cAAchxB,GACxB,MAAMkwB,EAAY,IAAI7xC,WAAW+xC,EAAUK,cAAcpC,IAEzD,MAAO,CAAEziC,UADS,IAAIvN,WAAW+xC,EAAUxC,iBACvBsC,YACtB,CA7Kae,CAAwB3pC,EAAO+mC,EAAGruB,GAC3C,QACE,OAAO+wB,GAAsBzpC,EAAO+mC,EAAGruB,GAE7C,CAmCA9gB,eAAe6xC,GAAsBzpC,EAAO+mC,EAAGruB,GAK7C,MAAO,CAAEpU,UAAWoU,EAAGkwB,iBAJEx8B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAE9BmnC,gBAAgBhsB,EAAGquB,GACpBzoC,SAAS,GAEpD,CAEA1G,eAAeqxC,GAAqBjpC,EAAO2mC,GACzC,MAAMM,QAAmB76B,EAAKM,cAAc3M,EAAMsB,UAAUM,KAAM3B,EAAMzC,OAChE8D,UAAW0lC,EAAGj+B,WAAYoG,SAAYlP,EAAM+lC,aAKpD,MAAO,CAAE1kC,UAAW0lC,EAAG6B,UAFQ3B,EAAWvC,gBAAgBx1B,EAAGy3B,GACpBroC,SAAS,GAEpD,2DApCO1G,eAAuB+oC,EAAK0H,EAAWtB,EAAG6C,EAAGjD,EAAGjuB,EAAG4vB,GACxD,MAAMtoC,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAO2mC,GACjCG,GAA0B9mC,EAAO+mC,GACjC,MAAM6B,UAAEA,SAAoBS,GAAuBrpC,EAAO+mC,EAAGJ,EAAGjuB,GAC1D8vB,EAAQL,GAAepoC,EAAMsB,UAAUM,KAAMg/B,EAAK0H,EAAWC,IAC7DhwB,QAAEA,GAAYD,GAAgBgwB,EAAUnwB,QAC9C,IAAIyT,EACJ,IAAK,IAAIv0B,EAAI,EAAGA,EAAI,EAAGA,IACrB,IAEE,MAAMmhC,QAAUgQ,GAAIF,EAAUplC,KAAM2lC,EAAWtwB,EAASkwB,EAAa,IAANpxC,EAAe,IAANA,GACxE,OAAOyyC,SAAmB9E,GAAasD,EAAUnwB,OAAQqgB,EAAGqR,GAC7D,CAAC,MAAOpwC,GACPmyB,EAAMnyB,CACZ,CAEE,MAAMmyB,CACR,UAnFO/zB,eAAuB+oC,EAAK0H,EAAWlsC,EAAMwqC,EAAG2B,GACrD,MAAM3a,EAAImc,GAAa3tC,GAEjB6D,EAAQ,IAAI6lC,GAAalF,GAC/BmG,GAA0B9mC,EAAO2mC,GACjC,MAAMtlC,UAAEA,EAASunC,UAAEA,SAAoBD,GAAsB3oC,EAAO2mC,GAC9D6B,EAAQL,GAAepoC,EAAMsB,UAAUM,KAAMg/B,EAAK0H,EAAWC,IAC7DhwB,QAAEA,GAAYD,GAAgBgwB,EAAUnwB,QACxCqgB,QAAUgQ,GAAIF,EAAUplC,KAAM2lC,EAAWtwB,EAASkwB,GAExD,MAAO,CAAEnnC,YAAWwjC,iBADKI,GAAWoD,EAAUnwB,OAAQqgB,EAAG5K,GAE3D,iBA9FO/1B,eAA8B+oC,EAAKgG,EAAGjuB,GAC3C,OAAOguB,GAAuB3mC,EAAMsB,UAAUM,KAAMg/B,EAAKgG,EAAGjuB,EAC9D,6HJ8JA9gB,eAAwBgV,GACtB,MAAM5M,EAAQ,IAAI6lC,GAAaj5B,IACzB+zB,IAAEA,EAAG19B,KAAEA,EAAIiV,OAAEA,GAAWlY,EACxB+0B,QAAgB/0B,EAAM+lC,aAC5B,MAAO,CACLpF,MACAgG,EAAG5R,EAAQ1zB,UACXkoC,OAAQn9B,EAAK4B,QAAQ+mB,EAAQjsB,WAAY9I,EAAM0lC,aAC/CziC,OACAiV,SAEJ,uBAOA,SAA8ByoB,GAC5B,OAAO2E,GAAO3E,EAAIE,WAAW59B,IAC/B,IK/LA,MAAMosB,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,0DAaZ3kB,eAAoB29B,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,GACpD,MAAMue,EAAM9S,OAAO,GAMnB,IAAI1N,EACAkC,EACA9B,EACA+B,EARJyR,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBpW,EAAIye,GAAmBze,GAMvBoW,EAAIsI,GAAItI,EAAGzE,GACX3R,EAAI0e,GAAI1e,EAAGmI,GAMX,MAAM4N,EAAI2I,GAAID,GAAmBwD,EAAOz0B,SAAS,EAAGsB,GAAWqZ,KAAMA,GAMrE,OAAa,CAIX,GAFApK,EAAIuiB,GAAoB9B,GAAKrW,GAC7BlI,EAAIye,GAAIE,GAAOxI,EAAGrY,EAAG4T,GAAIxJ,GACrBlI,IAAMse,EACR,SAEF,MAAM0a,EAAKva,GAAI1e,EAAIC,EAAGkI,GAGtB,GAFAjI,EAAIwe,GAAI3I,EAAIkjB,EAAI9wB,GAChBhK,EAAIugB,GAAIM,GAAOjhB,EAAGoK,GAAKjI,EAAGiI,GACtBhK,IAAMogB,EAGV,KACJ,CACE,MAAO,CACLte,EAAGggB,GAAmBhgB,EAAG,KAAMnR,GAAW6iB,IAC1CxT,EAAG8hB,GAAmB9hB,EAAG,KAAMrP,GAAW6iB,IAE9C,iBAwDO7qB,eAA8B6qB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,GAM/C,GALA2R,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBhJ,GAAKoI,IAAOpI,GAAKzE,EACnB,OAAO,EAMT,GAAI+M,GAAI/M,EAAI6M,GAAKrW,KAAOoW,GACtB,OAAO,EAOT,GAAIK,GAAOxI,EAAGjO,EAAGwJ,KAAO6M,GACtB,OAAO,EAMT,MAAM0a,EAAQztB,OAAOqU,GAAU3X,IAE/B,GAAI+wB,EADUztB,OAAO,OACCkV,GAAgBxY,EAAG,KAAM,IAC7C,OAAO,EASTnI,EAAIye,GAAmBze,GACvB,MAAMglB,EAAMvZ,OAAO,GAGnB,OAAI2T,IAAMR,GAAOxI,EADLjO,EADFmY,GAAoB0E,GAAQkU,EAAQ1a,GAAMwG,GAAOkU,GACvCl5B,EACK2R,EAK3B,SA1FO7qB,eAAsB29B,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,GAS5D,GARAnf,EAAIwe,GAAmBxe,GACvB9B,EAAIsgB,GAAmBtgB,GAEvBwT,EAAI8M,GAAmB9M,GACvBxJ,EAAIsW,GAAmBtW,GACvBiO,EAAIqI,GAAmBrI,GACvBgJ,EAAIX,GAAmBW,GAEnBnf,GAAKse,IAAOte,GAAKkI,GACjBhK,GAAKogB,IAAOpgB,GAAKgK,EAEnB,OADA7M,EAAKuE,WAAW,0BACT,EAET,MAAMkW,EAAI2I,GAAID,GAAmBwD,EAAOz0B,SAAS,EAAGsB,GAAWqZ,KAAMA,GAC/DuF,EAAIsR,GAAO7gB,EAAGgK,GACpB,GAAIuF,IAAM6Q,GAER,OADAjjB,EAAKuE,WAAW,0BACT,EAGTuW,EAAIsI,GAAItI,EAAGzE,GACXyN,EAAIV,GAAIU,EAAGzN,GACX,MAAMwnB,EAAKza,GAAI3I,EAAIrI,EAAGvF,GAChBixB,EAAK1a,GAAIze,EAAIyN,EAAGvF,GAItB,OADUuW,GAAIA,GAFHE,GAAOxI,EAAG+iB,EAAIxnB,GACdiN,GAAOQ,EAAGga,EAAIznB,GACEA,GAAIxJ,KAClBlI,CACf,IC3He1P,GAAA,CAEb8oC,IAAKA,GAEL1oC,QAASA,GAET2oC,SAAUA,GAEV1oC,IAAKA,2ECGA,SAA8BqW,EAAM5T,GACzC,IAAIxM,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyN,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAG1C,OAHkDA,GAAQsX,EAAE/X,OAAS,EAG9D,CAAES,OAAM0yC,gBAAiB,CAAEp7B,KACxC,CAII,KAAKlP,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,CAGE,MAAMmP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAM0yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAII,KAAKlP,EAAMsB,UAAUQ,YAAa,CAIhC,MAAMkP,EAAI3E,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAAQA,GAAQoZ,EAAE7Z,OAAS,EACrE,MAAM+X,EAAI7C,EAAKyB,QAAQ1J,EAAU7F,SAAS3G,IAC1C,OADkDA,GAAQsX,EAAE/X,OAAS,EAC9D,CAAES,OAAM0yC,gBAAiB,CAAEt5B,IAAG9B,KAC3C,CAKI,KAAKlP,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMooC,EAAS,EAAIjpC,GAAU+oC,SAASG,MAAM9H,eAAe1qB,GACrDgrB,EAAK32B,EAAK2B,kBAAkB5J,EAAWxM,EAAMA,EAAO2yC,GAC1D,OADmE3yC,GAAQorC,EAAG7rC,OACvE,CAAES,OAAM0yC,gBAAiB,CAAEtH,MACxC,CAEI,QACE,MAAM,IAAIb,GAAiB,gCAEjC,OAuEOtqC,eAAoBmgB,EAAMwd,EAAUiV,EAAiBC,EAAkBtuC,EAAM42B,GAClF,IAAKyX,IAAoBC,EACvB,MAAU5zC,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMgxC,GACX9xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQoX,EAEvB,MAAO,CAAEx7B,QADO5N,GAAU8oC,IAAI1U,KAAKF,EAAUp5B,EAAM8Q,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGN,GAE3E,CACI,KAAKhzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMwlB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,GAAMuxB,GACd15B,EAAEA,GAAM25B,EACd,OAAOppC,GAAUK,IAAI+zB,KAAKF,EAAUxC,EAAQ7L,EAAGzE,EAAGxJ,EAAGnI,EAC3D,CACI,KAAK/Q,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,gEAClB,KAAKkJ,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACb9xB,EAAEA,GAAM+xB,EACd,OAAOppC,GAAU+oC,SAASxoC,MAAM6zB,KAAKkL,EAAKpL,EAAUp5B,EAAMwqC,EAAGjuB,EAAGqa,EACtE,CACI,KAAKhzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,IAAEA,EAAGgG,EAAEA,GAAM6D,GACblK,KAAEA,GAASmK,EACjB,OAAOppC,GAAU+oC,SAASvoC,YAAY4zB,KAAKkL,EAAKpL,EAAUp5B,EAAMwqC,EAAGrG,EAAMvN,EAC/E,CACI,KAAKhzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMkS,GACRlK,KAAEA,GAASmK,EACjB,OAAOppC,GAAU+oC,SAASG,MAAM9U,KAAK1d,EAAMwd,EAAUp5B,EAAMm8B,EAAGgI,EAAMvN,EAC1E,CACI,QACE,MAAUl8B,MAAM,gCAEtB,SA9FOe,eAAsBmgB,EAAMwd,EAAUpxB,EAAWumC,EAAcvuC,EAAM42B,GAC1E,OAAQhb,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMkxC,EACXz7B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAGhC,EAAE/V,QACtC,OAAOmK,GAAU8oC,IAAInU,OAAOT,EAAUp5B,EAAM8S,EAAGhC,EAAGzT,EAAGu5B,EAC3D,CACI,KAAKhzB,EAAMsB,UAAUK,IAAK,CACxB,MAAMwlB,EAAEA,EAACzE,EAAEA,EAACxJ,EAAEA,EAACiX,EAAEA,GAAMwa,GACjB35B,EAAEA,EAAC9B,EAAEA,GAAM9K,EACjB,OAAO9C,GAAUK,IAAIs0B,OAAOT,EAAUxkB,EAAG9B,EAAG8jB,EAAQ7L,EAAGzE,EAAGxJ,EAAGiX,EACnE,CACI,KAAKnwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAItpC,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAErD30B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAG45B,GAC9B17B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAG07B,GACpC,OAAOtpC,GAAU+oC,SAASxoC,MAAMo0B,OAAO2K,EAAKpL,EAAU,CAAExkB,IAAG9B,KAAK9S,EAAMwqC,EAAG5T,EAC/E,CACI,KAAKhzB,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,IAAEA,EAAGgG,EAAEA,GAAM+D,EACbC,EAAY,IAAItpC,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAGrD30B,EAAI3E,EAAK4B,QAAQ7J,EAAU4M,EAAG45B,GAC9B17B,EAAI7C,EAAK4B,QAAQ7J,EAAU8K,EAAG07B,GACpC,OAAOtpC,GAAU+oC,SAASvoC,YAAYm0B,OAAO2K,EAAKpL,EAAU,CAAExkB,IAAG9B,KAAK9S,EAAMwqC,EAAG5T,EACrF,CACI,KAAKhzB,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMoS,EACd,OAAOrpC,GAAU+oC,SAASG,MAAMvU,OAAOje,EAAMwd,EAAUpxB,EAAWhI,EAAMm8B,EAAGvF,EACjF,CACI,QACE,MAAUl8B,MAAM,gCAEtB,ICrGA,MAAM+zC,GACJ,WAAA11C,CAAYiH,GACNA,IACF7G,KAAK6G,KAAOA,EAElB,CASE,IAAAxE,CAAK8H,GACH,GAAIA,EAAMvI,QAAU,EAAG,CACrB,MAAMA,EAASuI,EAAM,GACrB,GAAIA,EAAMvI,QAAU,EAAIA,EAEtB,OADA5B,KAAK6G,KAAOsD,EAAMnB,SAAS,EAAG,EAAIpH,GAC3B,EAAI5B,KAAK6G,KAAKjF,MAE7B,CACI,MAAUL,MAAM,wBACpB,CAME,KAAAwB,GACE,OAAO+T,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK6G,KAAKjF,SAAU5B,KAAK6G,MAC3E,ECzBA,MAAM0uC,GAKJ,WAAA31C,CAAYiH,GACV,GAAIA,EAAM,CACR,MAAM8G,KAAEA,EAAIiV,OAAEA,GAAW/b,EACzB7G,KAAK2N,KAAOA,EACZ3N,KAAK4iB,OAASA,CACpB,MACM5iB,KAAK2N,KAAO,KACZ3N,KAAK4iB,OAAS,IAEpB,CAOE,IAAAvgB,CAAK9B,GACH,GAAIA,EAAMqB,OAAS,GAAkB,IAAbrB,EAAM,IAAyB,IAAbA,EAAM,GAC9C,MAAM,IAAIqsC,GAAiB,yBAI7B,OAFA5sC,KAAK2N,KAAOpN,EAAM,GAClBP,KAAK4iB,OAASriB,EAAM,GACb,CACX,CAME,KAAAwC,GACE,OAAO,IAAItB,WAAW,CAAC,EAAG,EAAGzB,KAAK2N,KAAM3N,KAAK4iB,QACjD,ECzDA,MAAM4yB,GACJ,iBAAOC,EAAWlG,WAAEA,EAAUmG,UAAEA,IAC9B,MAAMhwB,EAAW,IAAI8vB,GAGrB,OAFA9vB,EAAS6pB,WAAaA,EACtB7pB,EAASgwB,UAAYA,EACdhwB,CACX,CAQE,IAAArjB,CAAK8H,GACH,IAAI9H,EAAO,EACPszC,EAAexrC,EAAM9H,KACzBrC,KAAK01C,UAAYC,EAAe,EAAIxrC,EAAM9H,KAAU,KACpDszC,GAAgBA,EAAe,EAC/B31C,KAAKuvC,WAAaz4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOszC,GAAetzC,GAAQszC,CACxF,CAME,KAAA5yC,GACE,OAAO+T,EAAKpV,iBAAiB,CAC3B1B,KAAK01C,UACH,IAAIj0C,WAAW,CAACzB,KAAKuvC,WAAW3tC,OAAS,EAAG5B,KAAK01C,YACjD,IAAIj0C,WAAW,CAACzB,KAAKuvC,WAAW3tC,SAClC5B,KAAKuvC,YAEX,ECwbA,SAASqG,GAAoBvK,GAC3B,IACEA,EAAIE,SACL,CAAC,MAAOrnC,GACP,MAAM,IAAI0oC,GAAiB,oBAC/B,CACA,CAOO,SAASiJ,GAAoBpzB,EAAM4oB,GACxC,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUQ,YACnB,OAAO,IAAIR,GAAU+oC,SAASvE,aAAalF,GAAK+E,YAClD,KAAK3lC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAM9H,eAAe1qB,GACjD,KAAKhY,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU+oC,SAASgB,MAAM3I,eAAe1qB,GACjD,QACE,MAAUlhB,MAAM,yBAEtB,kEAhLO,SAAwBkhB,EAAMzG,EAAMqvB,GACzC,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACnB,OAAOH,GAAU8oC,IAAI5H,SAASjxB,EAAM,OAAOnZ,MAAK,EAAG8U,IAAGzT,IAAGkf,IAAG+J,IAAGxJ,IAAGoa,QAAS,CACzEgY,cAAe,CAAE3yB,IAAG+J,IAAGxJ,IAAGoa,KAC1BqX,aAAc,CAAEz9B,IAAGzT,SAEvB,KAAKuG,EAAMsB,UAAUO,MACnB,OAAOP,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE3yB,EAAG6wB,GACpBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK5mC,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,aAAc,CACpE8B,cAAe,CAAE/K,KAAMiJ,GACvBmB,aAAc,CAAE/J,IAAK,IAAID,GAAIC,GAAMgG,SAEvC,KAAK5mC,EAAMsB,UAAUM,KACnB,OAAON,GAAU+oC,SAAS7H,SAAS5B,GAAKxoC,MAAK,EAAGwoC,MAAKgG,IAAG4C,SAAQtmC,OAAMiV,aAAc,CAClFmzB,cAAe,CAAE3yB,EAAG6wB,GACpBmB,aAAc,CACZ/J,IAAK,IAAID,GAAIC,GACbgG,IACA0B,UAAW,IAAIwC,GAAU,CAAE5nC,OAAMiV,gBAGvC,KAAKnY,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAMhI,SAASxqB,GAAM5f,MAAK,EAAGmgC,IAAGgI,WAAY,CACpE+K,cAAe,CAAE/K,QACjBoK,aAAc,CAAEpS,SAEpB,KAAKv4B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOZ,GAAU+oC,SAASgB,MAAM7I,SAASxqB,GAAM5f,MAAK,EAAGmgC,IAAGzpB,QAAS,CACjEw8B,cAAe,CAAEx8B,KACjB67B,aAAc,CAAEpS,SAEpB,KAAKv4B,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QACnB,MAAU5K,MAAM,6CAClB,QACE,MAAUA,MAAM,iCAEtB,qBAiFO,SAA4BkhB,GACjC,MAAMO,QAAEA,GAAYD,GAAgBN,GACpC,OAAOmZ,GAAe5Y,EACxB,cAQO,SAAqBP,GAC1B,MAAMsS,EAAWtqB,EAAMpI,KAAKoI,EAAM6D,KAAMmU,GACxC,OAAO+Q,GAAKuB,EACd,sEA0CO,SAAmCtS,EAAM4oB,GAC9C,OAAQ5oB,GACN,KAAKhY,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,OAAOR,GAAU+oC,SAASvH,qBAAqBlC,GACjD,KAAK5gC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,OAAOb,GAAU+oC,SAASG,MAAM1H,qBAAqB9qB,GACvD,QACE,MAAUlhB,MAAM,iCAEtB,kBAhFOe,eAA+BmgB,GACpC,MAAMQ,UAAEA,GAAcF,GAAgBN,GAChCuzB,QAAqBpa,GAAe3Y,GACpCgzB,EAAS,IAAIx0C,WAAW,CAACu0C,EAAaA,EAAap0C,OAAS,GAAIo0C,EAAaA,EAAap0C,OAAS,KACzG,OAAOkV,EAAKtS,OAAO,CAACwxC,EAAcC,GACpC,2BAjMO,SAAkCxzB,EAAMtY,GAC7C,IAAI9H,EAAO,EACX,OAAQogB,GAGN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAEnB,MAAO,CAAEmX,EADCrM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,KAOxC,KAAKoI,EAAMsB,UAAUI,QAAS,CAC5B,MAAM80B,EAAKnqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ4+B,EAAGr/B,OAAS,EAEnE,MAAO,CAAEq/B,KAAIC,GADFpqB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAE7C,CAII,KAAKoI,EAAMsB,UAAUM,KAAM,CACzB,MAAMolC,EAAI36B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQovC,EAAE7vC,OAAS,EACjE,MAAM0yC,EAAI,IAAI4B,GACd,OAD4B5B,EAAEjyC,KAAK8H,EAAMnB,SAAS3G,IAC3C,CAAEovC,IAAG6C,IAClB,CAMI,KAAK7pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAM+kC,EAAYmE,GAAoBpzB,GAChC0sB,EAAqBr4B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOqvC,GAAYrvC,GAAQ8sC,EAAmBvtC,OAC7G,MAAM0yC,EAAI,IAAIkB,GACd,OADmClB,EAAEjyC,KAAK8H,EAAMnB,SAAS3G,IAClD,CAAE8sC,qBAAoBmF,IACnC,CACI,QACE,MAAM,IAAI1H,GAAiB,4CAEjC,wBAjGO,SAA+BnqB,EAAMtY,EAAOirC,GACjD,IAAI/yC,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMkX,EAAItM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ+gB,EAAExhB,OAAS,EACjE,MAAMurB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAM+hB,EAAI7M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQshB,EAAE/hB,OAAS,EACjE,MAAMm8B,EAAIjnB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ07B,EAAEn8B,OAAS,EAC1D,CAAES,OAAM0zC,cAAe,CAAE3yB,IAAG+J,IAAGxJ,IAAGoa,KAC/C,CACI,KAAKtzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUI,QAAS,CAC5B,MAAMqP,EAAI1E,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQmZ,EAAE5Z,OAAS,EAC1D,CAAES,OAAM0zC,cAAe,CAAEv6B,KACtC,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAM+jC,EAAcyF,GAAoBpzB,EAAM2yB,EAAa/J,KAC3D,IAAIjoB,EAAItM,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQ+gB,EAAExhB,OAAS,EAC/DwhB,EAAItM,EAAK4B,QAAQ0K,EAAGgtB,GACb,CAAE/tC,OAAM0zC,cAAe,CAAE3yB,KACtC,CACI,KAAK3Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM6jC,EAAcyF,GAAoBpzB,EAAM2yB,EAAa/J,KAC3D,GAAI+J,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMQ,cAC7C,MAAU3J,MAAM,kCAElB,IAAIypC,EAAOl0B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEvC,OAF+CA,GAAQ2oC,EAAKppC,OAAS,EACrEopC,EAAOl0B,EAAK4B,QAAQsyB,EAAMoF,GACnB,CAAE/tC,OAAM0zC,cAAe,CAAE/K,QACtC,CACI,KAAKvgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMwjC,EAAcyF,GAAoBpzB,GAClCuoB,EAAOl0B,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO+tC,GACxD,OADsE/tC,GAAQ2oC,EAAKppC,OAC5E,CAAES,OAAM0zC,cAAe,CAAE/K,QACtC,CACI,KAAKvgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMyjC,EAAcyF,GAAoBpzB,GAClClJ,EAAIzC,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAO+tC,GACrD,OADmE/tC,GAAQkX,EAAE3X,OACtE,CAAES,OAAM0zC,cAAe,CAAEx8B,KACtC,CACI,QACE,MAAM,IAAIqzB,GAAiB,4CAEjC,uBAjHO,SAA8BnqB,EAAMtY,GACzC,IAAI9H,EAAO,EACX,OAAQogB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAIb,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQsV,EAAE/V,OAAS,EACjE,MAAMsC,EAAI4S,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQ6B,EAAEtC,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEz9B,IAAGzT,KACxC,CACI,KAAKuG,EAAMsB,UAAUK,IAAK,CACxB,MAAM+gB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAM+hB,EAAI7M,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQshB,EAAE/hB,OAAS,EACjE,MAAMgwB,EAAI9a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQuvB,EAAEhwB,OAAS,EACjE,MAAMg5B,EAAI9jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQu4B,EAAEh5B,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEjoB,IAAGxJ,IAAGiO,IAAGgJ,KAC9C,CACI,KAAKnwB,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAIrW,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQ8qB,EAAEvrB,OAAS,EACjE,MAAMgwB,EAAI9a,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQuvB,EAAEhwB,OAAS,EACjE,MAAMg5B,EAAI9jB,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQu4B,EAAEh5B,OAAS,EAC1D,CAAES,OAAM+yC,aAAc,CAAEjoB,IAAGyE,IAAGgJ,KAC3C,CACI,KAAKnwB,EAAMsB,UAAUO,MAAO,CAC1B,MAAM++B,EAAM,IAAID,GAAO/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GACpB,MAAMgG,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IACtC,OAD8CA,GAAQgvC,EAAEzvC,OAAS,EAC1D,CAAES,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK5mC,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8+B,EAAM,IAAID,GAEhB,GAFuB/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GAChBA,EAAIE,YAAc9gC,EAAMC,MAAMQ,cAChC,MAAU3J,MAAM,kCAElB,IAAI8vC,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAEpC,OAF4CA,GAAQgvC,EAAEzvC,OAAS,EAC/DyvC,EAAIv6B,EAAK4B,QAAQ24B,EAAG,IACb,CAAEhvC,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,KAChD,CACI,KAAK5mC,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,EAAM,IAAID,GAAO/oC,GAAQgpC,EAAIhpC,KAAK8H,GACxCyrC,GAAoBvK,GACpB,MAAMgG,EAAIv6B,EAAKyB,QAAQpO,EAAMnB,SAAS3G,IAAQA,GAAQgvC,EAAEzvC,OAAS,EACjE,MAAMmxC,EAAY,IAAIwC,GACtB,OADmClzC,GAAQ0wC,EAAU1wC,KAAK8H,EAAMnB,SAAS3G,IAClE,CAAEA,KAAMA,EAAM+yC,aAAc,CAAE/J,MAAKgG,IAAG0B,aACnD,CACI,KAAKtoC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACrB,KAAKnC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAIlsB,EAAK2B,kBAAkBtO,EAAO9H,EAAMA,EAAOwzC,GAAoBpzB,IACzE,OADiFpgB,GAAQ2gC,EAAEphC,OACpF,CAAES,OAAM+yC,aAAc,CAAEpS,KACrC,CACI,QACE,MAAM,IAAI4J,GAAiB,4CAEjC,mBApGOtqC,eAAgCmgB,EAAMyyB,EAAiBC,EAAkBgB,EAAkBnD,EAAa7V,GAC7G,OAAQ1a,GACN,KAAKhY,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WAAY,CAC/B,MAAMkX,EAAEA,GAAMgzB,GACRx+B,EAAEA,EAACzT,EAAEA,GAAMgxC,GACX9xB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,GAAQoX,EACvB,OAAOppC,GAAU8oC,IAAIxmB,QAAQlL,EAAGxL,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EAAGZ,EACxD,CACI,KAAK1yB,EAAMsB,UAAUI,QAAS,CAC5B,MAAM80B,GAAEA,EAAEC,GAAEA,GAAOiV,EACbhpB,EAAI+nB,EAAgB/nB,EACpB3R,EAAI25B,EAAiB35B,EAC3B,OAAOzP,GAAUI,QAAQkiB,QAAQ4S,EAAIC,EAAI/T,EAAG3R,EAAG2hB,EACrD,CACI,KAAK1yB,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcmC,GACxB9xB,EAAEA,GAAM+xB,GACR1D,EAAEA,EAAC6C,EAAEA,GAAM6B,EACjB,OAAOpqC,GAAU+oC,SAASzoC,KAAKgiB,QAC7Bgd,EAAK0H,EAAWtB,EAAG6C,EAAEztC,KAAMwqC,EAAGjuB,EAAG4vB,EACzC,CACI,KAAKvoC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAEA,GAAMkS,GACR37B,EAAEA,GAAM47B,GACRhG,mBAAEA,EAAkBmF,EAAEA,GAAM6B,EAClC,GAAoB,OAAhB7B,EAAEoB,YAAuB5+B,EAAK0H,MAAM81B,EAAEoB,WACxC,MAAUn0C,MAAM,4BAElB,OAAOwK,GAAU+oC,SAASgB,MAAMznB,QAC9B5L,EAAM0sB,EAAoBmF,EAAE/E,WAAYvM,EAAGzpB,EACnD,CACI,QACE,MAAUhY,MAAM,4CAEtB,mBArFOe,eAAgC8zC,EAASC,EAAejB,EAAcvuC,EAAMmsC,GACjF,OAAQoD,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eAAgB,CACnC,MAAM2L,EAAEA,EAACzT,EAAEA,GAAMkxC,EAEjB,MAAO,CAAEjyB,QADOpX,GAAU8oC,IAAI9mB,QAAQlnB,EAAM8Q,EAAGzT,GAErD,CACI,KAAKuG,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,EACpB,OAAOrpC,GAAUI,QAAQ4hB,QAAQlnB,EAAMsmB,EAAGyE,EAAGgJ,EACnD,CACI,KAAKnwB,EAAMsB,UAAUM,KAAM,CACzB,MAAMg/B,IAAEA,EAAGgG,EAAEA,EAAC0B,UAAEA,GAAcqC,GACtBrpC,UAAW0lC,EAAGlC,WAAY+E,SAAYvoC,GAAU+oC,SAASzoC,KAAK0hB,QACpEsd,EAAK0H,EAAWlsC,EAAMwqC,EAAG2B,GAC3B,MAAO,CAAEvB,IAAG6C,EAAG,IAAI4B,GAAW5B,GACpC,CACI,KAAK7pC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,GAAI0pC,IAAkBv/B,EAAK0H,MAAM63B,GAE/B,MAAU90C,MAAM,0DAElB,MAAMyhC,EAAEA,GAAMoS,GACRjG,mBAAEA,EAAkBI,WAAEA,SAAqBxjC,GAAU+oC,SAASgB,MAAM/nB,QACxEqoB,EAASvvC,EAAMm8B,GAEjB,MAAO,CAAEmM,qBAAoBmF,EADnBkB,GAAkBC,WAAW,CAAEC,UAAWW,EAAe9G,eAEzE,CACI,QACE,MAAO,GAEb,kBAsOO,SAAyB9sB,EAAMkE,GAEpC,MAAM2vB,EAAgC,IAAI3gC,IAAI,CAC5ClL,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUW,OAChBjC,EAAMsB,UAAUa,MAChBnC,EAAMsB,UAAUY,OAEZ4pC,EAAgBz2C,OAAO02C,KAAK7vB,GAAQhiB,KAAIsD,IAC5C,MAAMirC,EAAQvsB,EAAO1e,GACrB,OAAK6O,EAAKtV,aAAa0xC,GAChBoD,EAA8BtyC,IAAIye,GAAQywB,EAAQp8B,EAAK+B,gBAAgBq6B,GADxCA,EAAMnwC,OACwC,IAEtF,OAAO+T,EAAKpV,iBAAiB60C,EAC/B,iBAkEOj0C,eAA8BmgB,EAAM2yB,EAAcW,GACvD,IAAKX,IAAiBW,EACpB,MAAUx0C,MAAM,0BAElB,OAAQkhB,GACN,KAAKhY,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QAAS,CAC5B,MAAMyL,EAAEA,EAACzT,EAAEA,GAAMkxC,GACXhyB,EAAEA,EAAC+J,EAAEA,EAACxJ,EAAEA,EAACoa,EAAEA,GAAMgY,EACvB,OAAOhqC,GAAU8oC,IAAI4B,eAAe9+B,EAAGzT,EAAGkf,EAAG+J,EAAGxJ,EAAGoa,EACzD,CACI,KAAKtzB,EAAMsB,UAAUK,IAAK,CACxB,MAAM+gB,EAAEA,EAACxJ,EAAEA,EAACiO,EAAEA,EAACgJ,EAAEA,GAAMwa,GACjB55B,EAAEA,GAAMu6B,EACd,OAAOhqC,GAAUK,IAAIqqC,eAAetpB,EAAGxJ,EAAGiO,EAAGgJ,EAAGpf,EACtD,CACI,KAAK/Q,EAAMsB,UAAUI,QAAS,CAC5B,MAAMghB,EAAEA,EAACyE,EAAEA,EAACgJ,EAAEA,GAAMwa,GACd55B,EAAEA,GAAMu6B,EACd,OAAOhqC,GAAUI,QAAQsqC,eAAetpB,EAAGyE,EAAGgJ,EAAGpf,EACvD,CACI,KAAK/Q,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUM,KAAM,CACzB,MAAMqqC,EAAa3qC,GAAU+oC,SAASrqC,EAAMpI,KAAKoI,EAAMsB,UAAW0W,KAC5D4oB,IAAEA,EAAGgG,EAAEA,GAAM+D,GACbhyB,EAAEA,GAAM2yB,EACd,OAAOW,EAAWD,eAAepL,EAAKgG,EAAGjuB,EAC/C,CACI,KAAK3Y,EAAMsB,UAAUQ,YAAa,CAChC,MAAM8kC,EAAEA,EAAChG,IAAEA,GAAQ+J,GACbpK,KAAEA,GAAS+K,EACjB,OAAOhqC,GAAU+oC,SAASvoC,YAAYkqC,eAAepL,EAAKgG,EAAGrG,EACnE,CACI,KAAKvgC,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MAAO,CAC1B,MAAMo2B,EAAEA,GAAMoS,GACRpK,KAAEA,GAAS+K,EACjB,OAAOhqC,GAAU+oC,SAASG,MAAMwB,eAAeh0B,EAAMugB,EAAGgI,EAC9D,CACI,KAAKvgC,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAAM,CACzB,MAAMq2B,EAAEA,GAAMoS,GACR77B,EAAEA,GAAMw8B,EACd,OAAOhqC,GAAU+oC,SAASgB,MAAMW,eAAeh0B,EAAMugB,EAAGzpB,EAC9D,CACI,QACE,MAAUhY,MAAM,iCAEtB,ICjaA,MAAM24B,GAAM,CAEVtX,OAAQA,GAERjV,KAAMA,GAEN6lB,KAAMA,GAENznB,UAAWA,GAEX8C,UAAWA,GAEX8nC,OAAQA,GAERC,MAAOA,GAEPC,MAAOA,GAEPC,MAAOA,IAGTh3C,OAAO8mB,OAAOsT,GAAK/d,ICnCZ,MAAM46B,WAA+Bx1C,MAC1C,WAAA3B,IAAe+mB,GACb9mB,SAAS8mB,GAELplB,MAAMsrC,mBACRtrC,MAAMsrC,kBAAkB7sC,KAAM+2C,IAGhC/2C,KAAKiI,KAAO,wBAChB,EAIA,IAAI+uC,GACAC,GAIJ,MAAMC,GAIJ,WAAAt3C,CAAYsU,EAASqD,GACnB,MAAMxC,OAAEA,EAAMC,YAAEA,EAAWC,eAAEA,GAAmBf,EAAOY,gBAEvD9U,KAAKiU,KAAO,SAKZjU,KAAKyuC,KAAO,KAKZzuC,KAAK0b,EAAI3G,EAKT/U,KAAKmtB,EAAInY,EAKThV,KAAKm3C,SAAWliC,CACpB,CAEE,YAAAmiC,GACEp3C,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAnDL,GAoDzB,CAOE,IAAAv5B,CAAK8H,GACH,IAAIrI,EAAI,EASR,OAPA9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,IAClCA,GAAK,GAEL9B,KAAK0b,EAAIvR,EAAMrI,KACf9B,KAAKmtB,EAAIhjB,EAAMrI,KACf9B,KAAKm3C,SAAWhtC,EAAMrI,KAEfA,CACX,CAME,KAAAiB,GACE,MAAMmjB,EAAM,CACV,IAAIzkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,QAC5CjU,KAAKyuC,KACL,IAAIhtC,WAAW,CAACzB,KAAK0b,EAAG1b,KAAKmtB,EAAGntB,KAAKm3C,YAGvC,OAAOrgC,EAAKpV,iBAAiBwkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYt0B,GAC3B,MAAMu0B,EAAW,GAAMv3C,KAAKm3C,SAAW,EAEvC,IAIEH,GAAsBA,WAA8B92C,QAAAC,UAAA0C,MAAA,WAAA,OAAA20C,EAAA,KAAoBC,QACxER,GAAgBA,IAAiBD,KAGjC,MAAMnrC,QAAeorC,GAGftpC,EAAO9B,EAAO,CAClB6rC,QA9Ge,GA+GfzjC,KAhHY,EAiHZ0jC,SAJoB7gC,EAAKwD,WAAWg9B,GAKpC7I,KAAMzuC,KAAKyuC,KACXxd,UAAWjO,EACX40B,WAAYL,EACZviC,YAAahV,KAAKmtB,EAClBpY,OAAQ/U,KAAK0b,IASf,OALI67B,EAtGkC,UAwGpCN,GAAgBD,KAChBC,GAAc52C,OAAM,UAEfsN,CACR,CAAC,MAAOzJ,GACP,MAAIA,EAAEqP,UACJrP,EAAEqP,QAAQ2L,SAAS,mCACnBhb,EAAEqP,QAAQ2L,SAAS,0BACnBhb,EAAEqP,QAAQ2L,SAAS,4BACnBhb,EAAEqP,QAAQ2L,SAAS,kBAEb,IAAI63B,GAAuB,iDAE3B7yC,CAEd,CACA,EC9GA,MAAM2zC,GAIJ,WAAAj4C,CAAYgV,EAASV,EAASqD,GAK5BvX,KAAK01C,UAAYjrC,EAAMkD,KAAKI,OAK5B/N,KAAKiU,KAAOxJ,EAAMpI,KAAKoI,EAAMgB,IAAKmJ,GAElC5U,KAAKmjB,EAAIjP,EAAOW,sBAIhB7U,KAAKyuC,KAAO,IAChB,CAEE,YAAA2I,GACE,OAAQp3C,KAAKiU,MACX,IAAK,SACL,IAAK,WACHjU,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAe,GAEjD,CAEE,QAAAkc,GAIE,OAAQ,IAAe,GAAT93C,KAAKmjB,IAFH,GAEiBnjB,KAAKmjB,GAAK,EAC/C,CAOE,IAAA9gB,CAAK8H,GACH,IAAIrI,EAAI,EAGR,OAFA9B,KAAK01C,UAAYvrC,EAAMrI,KAEf9B,KAAKiU,MACX,IAAK,SACH,MAEF,IAAK,SACHjU,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EACL,MAEF,IAAK,WACH9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI,GAClCA,GAAK,EAGL9B,KAAKmjB,EAAIhZ,EAAMrI,KACf,MAEF,IAAK,MACH,GAA0D,QAAtDgV,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAI,IAUhD,MAAM,IAAI8qC,GAAiB,qBAT3B9qC,GAAK,EAEL,GAAmB,OADA,IAAOqI,EAAMrI,KAK9B,MAAM,IAAI8qC,GAAiB,oCAH3B5sC,KAAKiU,KAAO,YAQhB,MAEF,QACE,MAAM,IAAI24B,GAAiB,qBAG/B,OAAO9qC,CACX,CAME,KAAAiB,GACE,GAAkB,cAAd/C,KAAKiU,KACP,OAAO,IAAIxS,WAAW,CAAC,IAAK,KAAMqV,EAAK+C,mBAAmB,OAAQ,IAEpE,MAAMqM,EAAM,CAAC,IAAIzkB,WAAW,CAACgJ,EAAM1H,MAAM0H,EAAMgB,IAAKzL,KAAKiU,MAAOjU,KAAK01C,aAErE,OAAQ11C,KAAKiU,MACX,IAAK,SACH,MACF,IAAK,SACHiS,EAAIpjB,KAAK9C,KAAKyuC,MACd,MACF,IAAK,WACHvoB,EAAIpjB,KAAK9C,KAAKyuC,MACdvoB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKmjB,KAC9B,MACF,IAAK,MACH,MAAU5hB,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAGpB,OAAOuV,EAAKpV,iBAAiBwkB,EACjC,CAUE,gBAAMmxB,CAAWC,EAAYS,GAC3BT,EAAaxgC,EAAKwD,WAAWg9B,GAE7B,MAAMpxB,EAAM,GACZ,IAAI8xB,EAAU,EAEVC,EAAY,EAChB,KAAOD,EAAUD,GAAU,CACzB,IAAIG,EACJ,OAAQl4C,KAAKiU,MACX,IAAK,SACHikC,EAASphC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWw2C,GAAYX,IAC3D,MACF,IAAK,SACHY,EAASphC,EAAKpV,iBAAiB,CAAC,IAAID,WAAWw2C,GAAYj4C,KAAKyuC,KAAM6I,IACtE,MACF,IAAK,WAAY,CACf,MAAMzwC,EAAOiQ,EAAKpV,iBAAiB,CAAC1B,KAAKyuC,KAAM6I,IAC/C,IAAIa,EAAUtxC,EAAKjF,OACnB,MAAMm7B,EAAQt0B,KAAKC,IAAI1I,KAAK83C,WAAYK,GACxCD,EAAS,IAAIz2C,WAAWw2C,EAAYlb,GACpCmb,EAAO/1C,IAAI0E,EAAMoxC,GACjB,IAAK,IAAIj2C,EAAMi2C,EAAYE,EAASn2C,EAAM+6B,EAAO/6B,GAAOm2C,EAASA,GAAW,EAC1ED,EAAO36B,WAAWvb,EAAKi2C,EAAWj2C,GAEpC,KACV,CACQ,IAAK,MACH,MAAUT,MAAM,+BAClB,QACE,MAAUA,MAAM,qBAEpB,MAAMQ,QAAeoa,GAAOxO,KAAK4W,OAAOvkB,KAAK01C,UAAWwC,GACxDhyB,EAAIpjB,KAAKf,GACTi2C,GAAWj2C,EAAOH,OAClBq2C,GACN,CAEI,OAAOnhC,EAAKpV,iBAAiBwkB,GAAKld,SAAS,EAAG+uC,EAClD,EC/LA,MAAMK,GAA+B,IAAIziC,IAAI,CAAClL,EAAMgB,IAAII,OAAQpB,EAAMgB,IAAIG,WASnE,SAASysC,GAAepkC,EAAMC,EAASqD,GAC5C,OAAQtD,GACN,KAAKxJ,EAAMgB,IAAII,OACb,OAAO,IAAIqrC,GAAUhjC,GACvB,KAAKzJ,EAAMgB,IAAIG,SACf,KAAKnB,EAAMgB,IAAIK,IACf,KAAKrB,EAAMgB,IAAIE,OACf,KAAKlB,EAAMgB,IAAIC,OACb,OAAO,IAAImsC,GAAW5jC,EAAMC,GAC9B,QACE,MAAM,IAAI04B,GAAiB,wBAEjC,CAQO,SAAS0L,GAAiBpkC,GAC/B,MAAMU,QAAEA,GAAYV,EAEpB,IAAKkkC,GAA6Bp0C,IAAI4Q,GACpC,MAAUrT,MAAM,sDAGlB,OAAO82C,GAAezjC,EAASV,EACjC,CCbA,IAAI+R,GAAKxkB,WAAY82C,GAAMzrB,YAAa3G,GAAMhG,YAE1Cq4B,GAAO,IAAIvyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAgB,EAAG,EAAoB,IAG1IwyB,GAAO,IAAIxyB,GAAG,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAiB,EAAG,IAEjIyyB,GAAO,IAAIzyB,GAAG,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,KAE7E0yB,GAAO,SAAUC,EAAIx0C,GAErB,IADA,IAAIyT,EAAI,IAAI0gC,GAAI,IACPz2C,EAAI,EAAGA,EAAI,KAAMA,EACtB+V,EAAE/V,GAAKsC,GAAS,GAAKw0C,EAAG92C,EAAI,GAGhC,IAAI2Z,EAAI,IAAI0K,GAAItO,EAAE,KAClB,IAAS/V,EAAI,EAAGA,EAAI,KAAMA,EACtB,IAAK,IAAIqY,EAAItC,EAAE/V,GAAIqY,EAAItC,EAAE/V,EAAI,KAAMqY,EAC/BsB,EAAEtB,GAAOA,EAAItC,EAAE/V,IAAO,EAAKA,EAGnC,MAAO,CAAC+V,EAAG4D,EACf,EACIo9B,GAAKF,GAAKH,GAAM,GAAIM,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE/CC,GAAG,IAAM,IAAKC,GAAM,KAAO,GAI3B,IAHA,IAAIC,GAAKL,GAAKF,GAAM,GAAIQ,GAAKD,GAAG,GAAIE,GAAQF,GAAG,GAE3CG,GAAM,IAAIZ,GAAI,OACTz2C,GAAI,EAAGA,GAAI,QAASA,GAAG,CAE5B,IAAI0Z,IAAU,MAAJ1Z,MAAgB,GAAW,MAAJA,KAAe,EAEhD0Z,IAAU,OADVA,IAAU,MAAJA,MAAgB,GAAW,MAAJA,KAAe,MACtB,GAAW,KAAJA,KAAe,EAC5C29B,GAAIr3C,MAAY,MAAJ0Z,MAAgB,GAAW,IAAJA,KAAe,KAAQ,CAC9D,CAIA,IAAI49B,YAAkBC,EAAIC,EAAI79B,GAO1B,IANA,IAAI9B,EAAI0/B,EAAGz3C,OAEPE,EAAI,EAEJsgC,EAAI,IAAImW,GAAIe,GAETx3C,EAAI6X,IAAK7X,EACRu3C,EAAGv3C,MACDsgC,EAAEiX,EAAGv3C,GAAK,GAGpB,IAIIy3C,EAJAC,EAAK,IAAIjB,GAAIe,GACjB,IAAKx3C,EAAI,EAAGA,EAAIw3C,IAAMx3C,EAClB03C,EAAG13C,GAAM03C,EAAG13C,EAAI,GAAKsgC,EAAEtgC,EAAI,IAAO,EAGtC,GAAI2Z,EAAG,CAEH89B,EAAK,IAAIhB,GAAI,GAAKe,GAElB,IAAIG,EAAM,GAAKH,EACf,IAAKx3C,EAAI,EAAGA,EAAI6X,IAAK7X,EAEjB,GAAIu3C,EAAGv3C,GAQH,IANA,IAAI43C,EAAM53C,GAAK,EAAKu3C,EAAGv3C,GAEnB63C,EAAML,EAAKD,EAAGv3C,GAEd8X,EAAI4/B,EAAGH,EAAGv3C,GAAK,MAAQ63C,EAElBthB,EAAIze,GAAM,GAAK+/B,GAAO,EAAI//B,GAAKye,IAAKze,EAEzC2/B,EAAGJ,GAAIv/B,KAAO6/B,GAAOC,CAIzC,MAGQ,IADAH,EAAK,IAAIhB,GAAI5+B,GACR7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACbu3C,EAAGv3C,KACHy3C,EAAGz3C,GAAKq3C,GAAIK,EAAGH,EAAGv3C,GAAK,QAAW,GAAKu3C,EAAGv3C,IAItD,OAAOy3C,CACV,EAEGK,GAAM,IAAI3zB,GAAG,KACjB,IAASnkB,GAAI,EAAGA,GAAI,MAAOA,GACvB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EACb,IAASA,GAAI,IAAKA,GAAI,MAAOA,GACzB83C,GAAI93C,IAAK,EAEb,IAAI+3C,GAAM,IAAI5zB,GAAG,IACjB,IAASnkB,GAAI,EAAGA,GAAI,KAAMA,GACtB+3C,GAAI/3C,IAAK,EAEb,IAAIg4C,gBAAoBV,GAAKQ,GAAK,EAAG,GAAIG,gBAAqBX,GAAKQ,GAAK,EAAG,GAEvEI,gBAAoBZ,GAAKS,GAAK,EAAG,GAAII,gBAAqBb,GAAKS,GAAK,EAAG,GAEvEnxC,GAAM,SAAU4V,GAEhB,IADA,IAAI+Z,EAAI/Z,EAAE,GACDxc,EAAI,EAAGA,EAAIwc,EAAE1c,SAAUE,EACxBwc,EAAExc,GAAKu2B,IACPA,EAAI/Z,EAAExc,IAEd,OAAOu2B,CACX,EAEIrc,GAAO,SAAUoH,EAAG+J,EAAGkL,GACvB,IAAIzI,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,KAAY,EAAJzC,GAAUkL,CACnD,EAEI6hB,GAAS,SAAU92B,EAAG+J,GACtB,IAAIyC,EAAKzC,EAAI,EAAK,EAClB,OAAS/J,EAAEwM,GAAMxM,EAAEwM,EAAI,IAAM,EAAMxM,EAAEwM,EAAI,IAAM,MAAa,EAAJzC,EAC5D,EAEIgtB,GAAO,SAAUhtB,GAAK,OAASA,EAAI,GAAK,EAAK,CAAI,EAGjDitB,GAAM,SAAUxgC,EAAGD,EAAGzV,IACb,MAALyV,GAAaA,EAAI,KACjBA,EAAI,IACC,MAALzV,GAAaA,EAAI0V,EAAEhY,UACnBsC,EAAI0V,EAAEhY,QAEV,IAAI+V,EAAI,IAA4B,GAAvBiC,EAAEygC,kBAAyB9B,GAA6B,GAAvB3+B,EAAEygC,kBAAyBl0B,GAAMF,IAAI/hB,EAAIyV,GAEvF,OADAhC,EAAExV,IAAIyX,EAAE5Q,SAAS2Q,EAAGzV,IACbyT,CACX,EAsBI2iC,GAAK,CACL,iBACA,qBACA,yBACA,mBACA,kBACA,oBACJ,CACI,cACA,qBACA,uBACA,8BACA,oBACA,mBACA,oBAIAjkB,GAAM,SAAUkkB,EAAKhvB,EAAKivB,GAC1B,IAAIt2C,EAAQ3C,MAAMgqB,GAAO+uB,GAAGC,IAI5B,GAHAr2C,EAAEu2C,KAAOF,EACLh5C,MAAMsrC,mBACNtrC,MAAMsrC,kBAAkB3oC,EAAGmyB,KAC1BmkB,EACD,MAAMt2C,EACV,OAAOA,CACX,EAqLIw2C,GAAQ,SAAUt3B,EAAG+J,EAAGvT,GACxBA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,CACtB,EAEI+gC,GAAU,SAAUv3B,EAAG+J,EAAGvT,GAC1BA,IAAU,EAAJuT,EACN,IAAIyC,EAAKzC,EAAI,EAAK,EAClB/J,EAAEwM,IAAMhW,EACRwJ,EAAEwM,EAAI,IAAMhW,IAAM,EAClBwJ,EAAEwM,EAAI,IAAMhW,IAAM,EACtB,EAEIghC,GAAQ,SAAUx3B,EAAGk2B,GAGrB,IADA,IAAI59B,EAAI,GACC5Z,EAAI,EAAGA,EAAIshB,EAAExhB,SAAUE,EACxBshB,EAAEthB,IACF4Z,EAAE5Y,KAAK,CAAE6W,EAAG7X,EAAGmkC,EAAG7iB,EAAEthB,KAE5B,IAAI6X,EAAI+B,EAAE9Z,OACNusB,EAAKzS,EAAE/Y,QACX,IAAKgX,EACD,MAAO,CAACkhC,GAAI,GAChB,GAAS,GAALlhC,EAAQ,CACR,IAAIC,EAAI,IAAIqM,GAAGvK,EAAE,GAAG/B,EAAI,GAExB,OADAC,EAAE8B,EAAE,GAAG/B,GAAK,EACL,CAACC,EAAG,EACnB,CACI8B,EAAEo/B,MAAK,SAAUx8B,EAAGzG,GAAK,OAAOyG,EAAE2nB,EAAIpuB,EAAEouB,KAGxCvqB,EAAE5Y,KAAK,CAAE6W,GAAI,EAAGssB,EAAG,QACnB,IAAI7D,EAAI1mB,EAAE,GAAID,EAAIC,EAAE,GAAIq/B,EAAK,EAAGC,EAAK,EAAGC,EAAK,EAO7C,IANAv/B,EAAE,GAAK,CAAE/B,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAMhCu/B,GAAMrhC,EAAI,GACbyoB,EAAI1mB,EAAEA,EAAEq/B,GAAI9U,EAAIvqB,EAAEu/B,GAAIhV,EAAI8U,IAAOE,KACjCx/B,EAAIC,EAAEq/B,GAAMC,GAAMt/B,EAAEq/B,GAAI9U,EAAIvqB,EAAEu/B,GAAIhV,EAAI8U,IAAOE,KAC7Cv/B,EAAEs/B,KAAQ,CAAErhC,GAAI,EAAGssB,EAAG7D,EAAE6D,EAAIxqB,EAAEwqB,EAAG7D,EAAGA,EAAG3mB,EAAGA,GAE9C,IAAIy/B,EAAS/sB,EAAG,GAAGxU,EACnB,IAAS7X,EAAI,EAAGA,EAAI6X,IAAK7X,EACjBqsB,EAAGrsB,GAAG6X,EAAIuhC,IACVA,EAAS/sB,EAAGrsB,GAAG6X,GAGvB,IAAIwhC,EAAK,IAAI5C,GAAI2C,EAAS,GAEtBE,EAAMC,GAAG3/B,EAAEs/B,EAAK,GAAIG,EAAI,GAC5B,GAAIC,EAAM9B,EAAI,CAINx3C,EAAI,EAAR,IAAWw5C,EAAK,EAEZC,EAAMH,EAAM9B,EAAIkC,EAAM,GAAKD,EAE/B,IADAptB,EAAG2sB,MAAK,SAAUx8B,EAAGzG,GAAK,OAAOsjC,EAAGtjC,EAAE8B,GAAKwhC,EAAG78B,EAAE3E,IAAM2E,EAAE2nB,EAAIpuB,EAAEouB,KACvDnkC,EAAI6X,IAAK7X,EAAG,CACf,IAAI25C,EAAOttB,EAAGrsB,GAAG6X,EACjB,KAAIwhC,EAAGM,GAAQnC,GAKX,MAJAgC,GAAME,GAAO,GAAMJ,EAAMD,EAAGM,IAC5BN,EAAGM,GAAQnC,CAI3B,CAEQ,IADAgC,KAAQC,EACDD,EAAK,GAAG,CACX,IAAII,EAAOvtB,EAAGrsB,GAAG6X,EACbwhC,EAAGO,GAAQpC,EACXgC,GAAM,GAAMhC,EAAK6B,EAAGO,KAAU,IAE5B55C,CAClB,CACQ,KAAOA,GAAK,GAAKw5C,IAAMx5C,EAAG,CACtB,IAAI65C,EAAOxtB,EAAGrsB,GAAG6X,EACbwhC,EAAGQ,IAASrC,MACV6B,EAAGQ,KACHL,EAElB,CACQF,EAAM9B,CACd,CACI,MAAO,CAAC,IAAIrzB,GAAGk1B,GAAKC,EACxB,EAEIC,GAAK,SAAU1jC,EAAGyqB,EAAGhf,GACrB,OAAe,GAARzL,EAAEgC,EACHlR,KAAKC,IAAI2yC,GAAG1jC,EAAEyqB,EAAGA,EAAGhf,EAAI,GAAIi4B,GAAG1jC,EAAE8D,EAAG2mB,EAAGhf,EAAI,IAC1Cgf,EAAEzqB,EAAEgC,GAAKyJ,CACpB,EAEIw4B,GAAK,SAAUz4B,GAGf,IAFA,IAAIxJ,EAAIwJ,EAAEvhB,OAEH+X,IAAMwJ,IAAIxJ,KAMjB,IAJA,IAAIkiC,EAAK,IAAItD,KAAM5+B,GAEfmiC,EAAM,EAAGC,EAAM54B,EAAE,GAAI64B,EAAM,EAC3B9yB,EAAI,SAAUtP,GAAKiiC,EAAGC,KAASliC,CAAI,EAC9B9X,EAAI,EAAGA,GAAK6X,IAAK7X,EACtB,GAAIqhB,EAAErhB,IAAMi6C,GAAOj6C,GAAK6X,IAClBqiC,MACD,CACD,IAAKD,GAAOC,EAAM,EAAG,CACjB,KAAOA,EAAM,IAAKA,GAAO,IACrB9yB,EAAE,OACF8yB,EAAM,IACN9yB,EAAE8yB,EAAM,GAAOA,EAAM,IAAO,EAAK,MAAUA,EAAM,GAAM,EAAK,OAC5DA,EAAM,EAE1B,MACiB,GAAIA,EAAM,EAAG,CAEd,IADA9yB,EAAE6yB,KAAQC,EACHA,EAAM,EAAGA,GAAO,EACnB9yB,EAAE,MACF8yB,EAAM,IACN9yB,EAAI8yB,EAAM,GAAM,EAAK,MAAOA,EAAM,EACtD,CACY,KAAOA,KACH9yB,EAAE6yB,GACNC,EAAM,EACND,EAAM54B,EAAErhB,EACpB,CAEI,MAAO,CAAC+5C,EAAG7yC,SAAS,EAAG8yC,GAAMniC,EACjC,EAEIsiC,GAAO,SAAUC,EAAIL,GAErB,IADA,IAAIzZ,EAAI,EACCtgC,EAAI,EAAGA,EAAI+5C,EAAGj6C,SAAUE,EAC7BsgC,GAAK8Z,EAAGp6C,GAAK+5C,EAAG/5C,GACpB,OAAOsgC,CACX,EAGI+Z,GAAQ,SAAUr2B,EAAK9jB,EAAKo6C,GAE5B,IAAIziC,EAAIyiC,EAAIx6C,OACRguB,EAAIuqB,GAAKn4C,EAAM,GACnB8jB,EAAI8J,GAAS,IAAJjW,EACTmM,EAAI8J,EAAI,GAAKjW,IAAM,EACnBmM,EAAI8J,EAAI,GAAc,IAAT9J,EAAI8J,GACjB9J,EAAI8J,EAAI,GAAkB,IAAb9J,EAAI8J,EAAI,GACrB,IAAK,IAAI9tB,EAAI,EAAGA,EAAI6X,IAAK7X,EACrBgkB,EAAI8J,EAAI9tB,EAAI,GAAKs6C,EAAIt6C,GACzB,OAAqB,GAAb8tB,EAAI,EAAIjW,EACpB,EAEI0iC,GAAO,SAAUD,EAAKt2B,EAAKiR,EAAOulB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIwiC,EAAIvvB,GAChEutB,GAAM50B,EAAKqH,IAAK4J,KACdwlB,EAAG,KAML,IALA,IAAI1D,EAAK+B,GAAM2B,EAAI,IAAKI,EAAM9D,EAAG,GAAI+D,EAAM/D,EAAG,GAC1CG,EAAK4B,GAAM4B,EAAI,IAAKK,EAAM7D,EAAG,GAAI8D,EAAM9D,EAAG,GAC1C+D,EAAKnB,GAAGe,GAAMK,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAKtB,GAAGiB,GAAMM,EAAOD,EAAG,GAAIE,EAAMF,EAAG,GACrCG,EAAS,IAAI9E,GAAI,IACZz2C,EAAI,EAAGA,EAAIk7C,EAAKp7C,SAAUE,EAC/Bu7C,EAAiB,GAAVL,EAAKl7C,MAChB,IAASA,EAAI,EAAGA,EAAIq7C,EAAKv7C,SAAUE,EAC/Bu7C,EAAiB,GAAVF,EAAKr7C,MAGhB,IAFA,IAAIw7C,EAAK1C,GAAMyC,EAAQ,GAAIE,EAAMD,EAAG,GAAIE,EAAOF,EAAG,GAC9CG,EAAO,GACJA,EAAO,IAAMF,EAAI7E,GAAK+E,EAAO,MAAOA,GAE3C,IAKIC,EAAIC,EAAIC,EAAIC,EALZC,EAAQpB,EAAK,GAAM,EACnBqB,EAAQ9B,GAAKM,EAAI3C,IAAOqC,GAAKO,EAAI3C,IAAOjB,EACxCoF,EAAQ/B,GAAKM,EAAII,GAAOV,GAAKO,EAAIK,GAAOjE,EAAK,GAAK,EAAI6E,EAAOxB,GAAKoB,EAAQE,IAAQ,EAAIF,EAAO,IAAM,EAAIA,EAAO,IAAM,EAAIA,EAAO,KACnI,GAAIS,GAAQC,GAASD,GAAQE,EACzB,OAAO7B,GAAMr2B,EAAKqH,EAAGivB,EAAIpzC,SAASkR,EAAIA,EAAKwiC,IAG/C,GADAhC,GAAM50B,EAAKqH,EAAG,GAAK6wB,EAAQD,IAAS5wB,GAAK,EACrC6wB,EAAQD,EAAO,CACfL,EAAKtE,GAAKuD,EAAKC,EAAK,GAAIe,EAAKhB,EAAKiB,EAAKxE,GAAKyD,EAAKC,EAAK,GAAIe,EAAKhB,EAC/D,IAAIoB,EAAM7E,GAAKmE,EAAKC,EAAM,GAC1B9C,GAAM50B,EAAKqH,EAAG8vB,EAAM,KACpBvC,GAAM50B,EAAKqH,EAAI,EAAGiwB,EAAM,GACxB1C,GAAM50B,EAAKqH,EAAI,GAAIswB,EAAO,GAC1BtwB,GAAK,GACL,IAASrrB,EAAI,EAAGA,EAAI27C,IAAQ37C,EACxB44C,GAAM50B,EAAKqH,EAAI,EAAIrrB,EAAGy7C,EAAI7E,GAAK52C,KACnCqrB,GAAK,EAAIswB,EAET,IADA,IAAIS,EAAO,CAAClB,EAAMG,GACTgB,EAAK,EAAGA,EAAK,IAAKA,EACvB,KAAIC,EAAOF,EAAKC,GAChB,IAASr8C,EAAI,EAAGA,EAAIs8C,EAAKx8C,SAAUE,EAAG,CAClC,IAAIurB,EAAgB,GAAV+wB,EAAKt8C,GACf44C,GAAM50B,EAAKqH,EAAG8wB,EAAI5wB,IAAOF,GAAKowB,EAAIlwB,GAC9BA,EAAM,KACNqtB,GAAM50B,EAAKqH,EAAIixB,EAAKt8C,KAAO,EAAK,KAAMqrB,GAAKixB,EAAKt8C,KAAO,GAC3E,CAN+B,CAQ/B,MAEQ47C,EAAK5D,GAAK6D,EAAK/D,GAAKgE,EAAK5D,GAAK6D,EAAKhE,GAEvC,IAAS/3C,EAAI,EAAGA,EAAI26C,IAAM36C,EACtB,GAAIw6C,EAAKx6C,GAAK,IAAK,CACXurB,EAAOivB,EAAKx6C,KAAO,GAAM,GAC7B64C,GAAQ70B,EAAKqH,EAAGuwB,EAAGrwB,EAAM,MAAOF,GAAKwwB,EAAGtwB,EAAM,KAC1CA,EAAM,IACNqtB,GAAM50B,EAAKqH,EAAImvB,EAAKx6C,KAAO,GAAM,IAAKqrB,GAAKqrB,GAAKnrB,IACpD,IAAIkB,EAAgB,GAAV+tB,EAAKx6C,GACf64C,GAAQ70B,EAAKqH,EAAGywB,EAAGrvB,IAAOpB,GAAK0wB,EAAGtvB,GAC9BA,EAAM,IACNosB,GAAQ70B,EAAKqH,EAAImvB,EAAKx6C,KAAO,EAAK,MAAOqrB,GAAKsrB,GAAKlqB,GACnE,MAEYosB,GAAQ70B,EAAKqH,EAAGuwB,EAAGpB,EAAKx6C,KAAMqrB,GAAKwwB,EAAGrB,EAAKx6C,IAInD,OADA64C,GAAQ70B,EAAKqH,EAAGuwB,EAAG,MACZvwB,EAAIwwB,EAAG,IAClB,EAEIU,gBAAoB,IAAIl4B,GAAI,CAAC,MAAO,OAAQ,OAAQ,OAAQ,OAAQ,QAAS,QAAS,QAAS,UAE/F00B,gBAAmB,IAAI50B,GAAG,GAsK1Bq4B,GAAO,SAAUlC,EAAKmC,EAAKC,EAAKC,EAAMC,GACtC,OArKO,SAAUtC,EAAKuC,EAAKC,EAAMJ,EAAKC,EAAMI,GAC5C,IAAIllC,EAAIyiC,EAAIx6C,OACRguB,EAAI,IAAI3J,GAAGu4B,EAAM7kC,EAAI,GAAK,EAAIlR,KAAKyQ,KAAKS,EAAI,MAAS8kC,GAErDv1B,EAAI0G,EAAE5mB,SAASw1C,EAAK5uB,EAAEhuB,OAAS68C,GAC/Bz8C,EAAM,EACV,IAAK28C,GAAOhlC,EAAI,EACZ,IAAK,IAAI7X,EAAI,EAAGA,GAAK6X,EAAG7X,GAAK,MAAO,CAEhC,IAAIoC,EAAIpC,EAAI,MACRoC,GAAKyV,IAELuP,EAAElnB,GAAO,GAAK68C,GAElB78C,EAAMm6C,GAAMjzB,EAAGlnB,EAAM,EAAGo6C,EAAIpzC,SAASlH,EAAGoC,GACpD,KAES,CAeD,IAdA,IAAIq6C,EAAMF,GAAIM,EAAM,GAChBhnC,EAAI4mC,IAAQ,GAAIp7B,EAAU,KAANo7B,EACpBO,GAAS,GAAKF,GAAQ,EAEtB55C,EAAO,IAAIuzC,GAAI,OAAQwG,EAAO,IAAIxG,GAAIuG,EAAQ,GAC9CE,EAAQv2C,KAAKyQ,KAAK0lC,EAAO,GAAIK,EAAQ,EAAID,EACzCE,EAAM,SAAUp9C,GAAK,OAAQs6C,EAAIt6C,GAAMs6C,EAAIt6C,EAAI,IAAMk9C,EAAU5C,EAAIt6C,EAAI,IAAMm9C,GAAUH,CAAQ,EAG/FxC,EAAO,IAAIn2B,GAAI,MAEfo2B,EAAK,IAAIhE,GAAI,KAAMiE,EAAK,IAAIjE,GAAI,IAEhC4G,EAAO,EAAGvG,EAAK,EAAU6D,GAAP36C,EAAI,EAAQ,GAAGs9C,EAAK,EAAGllC,EAAK,EAC3CpY,EAAI6X,IAAK7X,EAAG,CAGf,IAAIu9C,EAAKH,EAAIp9C,GAETw9C,EAAW,MAAJx9C,EAAWy9C,EAAQR,EAAKM,GAKnC,GAJAr6C,EAAKs6C,GAAQC,EACbR,EAAKM,GAAMC,EAGPF,GAAMt9C,EAAG,CAET,IAAI09C,EAAM7lC,EAAI7X,EACd,IAAKq9C,EAAO,KAAQ1C,EAAK,QAAU+C,EAAM,IAAK,CAC1Cx9C,EAAMq6C,GAAKD,EAAKlzB,EAAG,EAAGozB,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIpY,EAAIoY,EAAIlY,GACxDy6C,EAAK0C,EAAOvG,EAAK,EAAG1+B,EAAKpY,EACzB,IAAK,IAAIqY,EAAI,EAAGA,EAAI,MAAOA,EACvBoiC,EAAGpiC,GAAK,EACZ,IAASA,EAAI,EAAGA,EAAI,KAAMA,EACtBqiC,EAAGriC,GAAK,CAChC,CAEgB,IAAIioB,EAAI,EAAGhf,EAAI,EAAGq8B,EAAOt8B,EAAGu8B,EAAOJ,EAAOC,EAAS,MACnD,GAAIC,EAAM,GAAKH,GAAMH,EAAIp9C,EAAI49C,GAMzB,IALA,IAAIC,EAAOl3C,KAAKsd,IAAIpO,EAAG6nC,GAAO,EAC1BI,EAAOn3C,KAAKsd,IAAI,MAAOjkB,GAGvB+9C,EAAKp3C,KAAKsd,IAAI,IAAKy5B,GAChBE,GAAOE,KAAUH,GAAQH,GAAQC,GAAO,CAC3C,GAAInD,EAAIt6C,EAAIsgC,IAAMga,EAAIt6C,EAAIsgC,EAAIsd,GAAM,CAEhC,IADA,IAAII,EAAK,EACFA,EAAKD,GAAMzD,EAAIt6C,EAAIg+C,IAAO1D,EAAIt6C,EAAIg+C,EAAKJ,KAAQI,GAEtD,GAAIA,EAAK1d,EAAG,CAGR,GAFAA,EAAI0d,EAAI18B,EAAIs8B,EAERI,EAAKH,EACL,MAIJ,IAAII,EAAMt3C,KAAKsd,IAAI25B,EAAKI,EAAK,GACzBE,EAAK,EACT,IAAS7lC,EAAI,EAAGA,EAAI4lC,IAAO5lC,EAAG,CAC1B,IAAI8lC,EAAMn+C,EAAI49C,EAAMvlC,EAAI,MAAS,MAE7Bk/B,EAAM4G,EADAj7C,EAAKi7C,GACM,MAAS,MAC1B5G,EAAK2G,IACLA,EAAK3G,EAAIkG,EAAQU,EACzD,CACA,CACA,CAGwBP,IADAJ,EAAOC,IAAOA,EAAQv6C,EAAKs6C,IACJ,MAAS,KACxD,CAGgB,GAAIl8B,EAAG,CAGHk5B,EAAKG,KAAQ,UAAa1D,GAAM3W,IAAM,GAAM8W,GAAM91B,GAClD,IAAI88B,EAAiB,GAAXnH,GAAM3W,GAAS+d,EAAiB,GAAXjH,GAAM91B,GACrCw1B,GAAMJ,GAAK0H,GAAOzH,GAAK0H,KACrB5D,EAAG,IAAM2D,KACT1D,EAAG2D,GACLf,EAAKt9C,EAAIsgC,IACP+c,CACtB,MAEoB7C,EAAKG,KAAQL,EAAIt6C,KACfy6C,EAAGH,EAAIt6C,GAE7B,CACA,CACQE,EAAMq6C,GAAKD,EAAKlzB,EAAG21B,EAAKvC,EAAMC,EAAIC,EAAI5D,EAAI6D,EAAIviC,EAAIpY,EAAIoY,EAAIlY,IAErD68C,GAAa,EAAN78C,IACRA,EAAMm6C,GAAMjzB,EAAGlnB,EAAM,EAAG64C,IACpC,CACI,OAAOT,GAAIxqB,EAAG,EAAG4uB,EAAMrE,GAAKn4C,GAAOy8C,EACvC,CAmDW2B,CAAKhE,EAAkB,MAAbmC,EAAI8B,MAAgB,EAAI9B,EAAI8B,MAAkB,MAAX9B,EAAI+B,IAAc73C,KAAKyQ,KAAuD,IAAlDzQ,KAAKC,IAAI,EAAGD,KAAKsd,IAAI,GAAItd,KAAK6S,IAAI8gC,EAAIx6C,WAAoB,GAAK28C,EAAI+B,IAAM9B,EAAKC,GAAOC,EACzK,EAwLI6B,gBAAyB,WACzB,SAASA,EAAQ9wB,EAAM+wB,GACdA,GAAqB,mBAAR/wB,IACd+wB,EAAK/wB,EAAMA,EAAO,CAAE,GACxBzvB,KAAKygD,OAASD,EACdxgD,KAAK4vB,EAAIH,GAAQ,CAAE,CAC3B,CAiBI,OAhBA8wB,EAAQtgD,UAAUktB,EAAI,SAAUhK,EAAG8iB,GAC/BjmC,KAAKygD,OAAOnC,GAAKn7B,EAAGnjB,KAAK4vB,EAAG,EAAG,GAAIqW,GAAIA,EAC1C,EAMDsa,EAAQtgD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACjC/2B,KAAKygD,QACNpqB,GAAI,GACJr2B,KAAKojB,GACLiT,GAAI,GACRr2B,KAAKojB,EAAI2T,EACT/2B,KAAKmtB,EAAEnqB,EAAO+zB,IAAS,EAC1B,EACMwpB,CACX,IAuCIG,gBAAyB,WAKzB,SAASA,EAAQF,GACbxgD,KAAK2Z,EAAI,CAAE,EACX3Z,KAAKmtB,EAAI,IAAIlH,GAAG,GAChBjmB,KAAKygD,OAASD,CACtB,CA0BI,OAzBAE,EAAQzgD,UAAUiE,EAAI,SAAUif,GACvBnjB,KAAKygD,QACNpqB,GAAI,GACJr2B,KAAKojB,GACLiT,GAAI,GACR,IAAI+L,EAAIpiC,KAAKmtB,EAAEvrB,OACX+V,EAAI,IAAIsO,GAAGmc,EAAIjf,EAAEvhB,QACrB+V,EAAExV,IAAInC,KAAKmtB,GAAIxV,EAAExV,IAAIghB,EAAGif,GAAIpiC,KAAKmtB,EAAIxV,CACxC,EACD+oC,EAAQzgD,UAAUkjB,EAAI,SAAU4T,GAC5B/2B,KAAKojB,EAAIpjB,KAAK2Z,EAAE7X,EAAIi1B,IAAS,EAC7B,IAAI4pB,EAAM3gD,KAAK2Z,EAAE9B,EACbyjC,EAz0BA,SAAUc,EAAKx9B,EAAK8/B,GAE5B,IAAIkC,EAAKxE,EAAIx6C,OACb,IAAKg/C,GAAOlC,GAAMA,EAAGzY,IAAMyY,EAAGtc,EAC1B,OAAOxjB,GAAO,IAAIqH,GAAG,GAEzB,IAAI46B,GAASjiC,GAAO8/B,EAEhBoC,GAAQpC,GAAMA,EAAG58C,EAChB48C,IACDA,EAAK,CAAE,GAEN9/B,IACDA,EAAM,IAAIqH,GAAQ,EAAL26B,IAEjB,IAAIG,EAAO,SAAU3e,GACjB,IAAIsa,EAAK99B,EAAIhd,OAEb,GAAIwgC,EAAIsa,EAAI,CAER,IAAIsE,EAAO,IAAI/6B,GAAGxd,KAAKC,IAAS,EAALg0C,EAAQta,IACnC4e,EAAK7+C,IAAIyc,GACTA,EAAMoiC,CAClB,CACK,EAEGjqB,EAAQ2nB,EAAGzY,GAAK,EAAGjkC,EAAM08C,EAAGvxB,GAAK,EAAG8zB,EAAKvC,EAAG7mC,GAAK,EAAG6lC,EAAKgB,EAAGtc,EAAGwb,EAAKc,EAAGt7B,EAAG89B,EAAMxC,EAAGrmB,EAAG8oB,EAAMzC,EAAG/mC,EAE/FypC,EAAY,EAALR,EACX,EAAG,CACC,IAAKlD,EAAI,CAEL3mB,EAAQ/a,GAAKogC,EAAKp6C,EAAK,GAEvB,IAAIiS,EAAO+H,GAAKogC,EAAKp6C,EAAM,EAAG,GAE9B,GADAA,GAAO,GACFiS,EAAM,CAEP,IAAuBmuB,EAAIga,GAAvBziC,EAAIwgC,GAAKn4C,GAAO,GAAe,GAAMo6C,EAAIziC,EAAI,IAAM,EAAI+B,EAAI/B,EAAIyoB,EACnE,GAAI1mB,EAAIklC,EAAI,CACJE,GACAzqB,GAAI,GACR,KACpB,CAEoBwqB,GACAE,EAAKE,EAAK7e,GAEdxjB,EAAIzc,IAAIi6C,EAAIpzC,SAAS2Q,EAAG+B,GAAIulC,GAE5BvC,EAAG7mC,EAAIopC,GAAM7e,EAAGsc,EAAGvxB,EAAInrB,EAAU,EAAJ0Z,EAAOgjC,EAAGzY,EAAIlP,EAC3C,QAChB,CACiB,GAAY,GAAR9iB,EACLypC,EAAK3D,GAAM6D,EAAK3D,GAAMiH,EAAM,EAAGC,EAAM,OACpC,GAAY,GAARltC,EAAW,CAEhB,IAAIotC,EAAOrlC,GAAKogC,EAAKp6C,EAAK,IAAM,IAAKs/C,EAAQtlC,GAAKogC,EAAKp6C,EAAM,GAAI,IAAM,EACnEylC,EAAK4Z,EAAOrlC,GAAKogC,EAAKp6C,EAAM,EAAG,IAAM,EACzCA,GAAO,GAKP,IAHA,IAAIu/C,EAAM,IAAIt7B,GAAGwhB,GAEb+Z,EAAM,IAAIv7B,GAAG,IACRnkB,EAAI,EAAGA,EAAIw/C,IAASx/C,EAEzB0/C,EAAI9I,GAAK52C,IAAMka,GAAKogC,EAAKp6C,EAAU,EAAJF,EAAO,GAE1CE,GAAe,EAARs/C,EAEP,IAAIG,EAAM/4C,GAAI84C,GAAME,GAAU,GAAKD,GAAO,EAEtCE,EAAMvI,GAAKoI,EAAKC,EAAK,GACzB,IAAS3/C,EAAI,EAAGA,EAAI2lC,GAAK,CACrB,IAII9tB,EAJA8B,EAAIkmC,EAAI3lC,GAAKogC,EAAKp6C,EAAK0/C,IAM3B,GAJA1/C,GAAW,GAAJyZ,GAEH9B,EAAI8B,IAAM,GAEN,GACJ8lC,EAAIz/C,KAAO6X,MAEV,CAED,IAAIwJ,EAAI,EAAGxL,EAAI,EAOf,IANS,IAALgC,GACAhC,EAAI,EAAIqE,GAAKogC,EAAKp6C,EAAK,GAAIA,GAAO,EAAGmhB,EAAIo+B,EAAIz/C,EAAI,IACvC,IAAL6X,GACLhC,EAAI,EAAIqE,GAAKogC,EAAKp6C,EAAK,GAAIA,GAAO,GACxB,IAAL2X,IACLhC,EAAI,GAAKqE,GAAKogC,EAAKp6C,EAAK,KAAMA,GAAO,GAClC2V,KACH4pC,EAAIz/C,KAAOqhB,CACvC,CACA,CAEgB,IAAIy+B,EAAKL,EAAIv4C,SAAS,EAAGq4C,GAAO/F,EAAKiG,EAAIv4C,SAASq4C,GAElDH,EAAMx4C,GAAIk5C,GAEVT,EAAMz4C,GAAI4yC,GACVoC,EAAKtE,GAAKwI,EAAIV,EAAK,GACnBtD,EAAKxE,GAAKkC,EAAI6F,EAAK,EACnC,MAEgB9qB,GAAI,GACR,GAAIr0B,EAAMo/C,EAAM,CACRN,GACAzqB,GAAI,GACR,KAChB,CACA,CAGYwqB,GACAE,EAAKE,EAAK,QAGd,IAFA,IAAIY,GAAO,GAAKX,GAAO,EAAGY,GAAO,GAAKX,GAAO,EACzCY,EAAO//C,GACH+/C,EAAO//C,EAAK,CAEhB,IAAoCggD,GAAhC7+B,EAAIu6B,EAAGxD,GAAOkC,EAAKp6C,GAAO6/C,MAAkB,EAEhD,IADA7/C,GAAW,GAAJmhB,GACGi+B,EAAM,CACRN,GACAzqB,GAAI,GACR,KAChB,CAGY,GAFKlT,GACDkT,GAAI,GACJ2rB,EAAM,IACNpjC,EAAIqiC,KAAQe,MACX,IAAW,KAAPA,EAAY,CACjBD,EAAO//C,EAAK07C,EAAK,KACjB,KAChB,CAEgB,IAAIz5C,EAAM+9C,EAAM,IAEhB,GAAIA,EAAM,IAAK,CAEX,IAAmBnqC,EAAI2gC,GAAnB12C,EAAIkgD,EAAM,KACd/9C,EAAM+X,GAAKogC,EAAKp6C,GAAM,GAAK6V,GAAK,GAAKihC,GAAGh3C,GACxCE,GAAO6V,CAC3B,CAEgB,IAAIuL,EAAIw6B,EAAG1D,GAAOkC,EAAKp6C,GAAO8/C,GAAMG,EAAO7+B,IAAM,EASjD,GARKA,GACDiT,GAAI,GACRr0B,GAAW,GAAJohB,EACHk4B,EAAKrC,GAAGgJ,GACRA,EAAO,IACHpqC,EAAI4gC,GAAKwJ,GACb3G,GAAMpB,GAAOkC,EAAKp6C,IAAS,GAAK6V,GAAK,EAAI7V,GAAO6V,GAEhD7V,EAAMo/C,EAAM,CACRN,GACAzqB,GAAI,GACR,KACpB,CACoBwqB,GACAE,EAAKE,EAAK,QAEd,IADA,IAAI34C,EAAM24C,EAAKh9C,EACRg9C,EAAK34C,EAAK24C,GAAM,EACnBriC,EAAIqiC,GAAMriC,EAAIqiC,EAAK3F,GACnB18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAC3B18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAC3B18B,EAAIqiC,EAAK,GAAKriC,EAAIqiC,EAAK,EAAI3F,GAE/B2F,EAAK34C,CACrB,CACA,CACQo2C,EAAGtc,EAAIsb,EAAIgB,EAAGvxB,EAAI40B,EAAMrD,EAAG7mC,EAAIopC,EAAIvC,EAAGzY,EAAIlP,EACtC2mB,IACA3mB,EAAQ,EAAG2nB,EAAGrmB,EAAI6oB,EAAKxC,EAAGt7B,EAAIw6B,EAAIc,EAAG/mC,EAAIwpC,EAChD,QAASpqB,GACV,OAAOkqB,GAAMriC,EAAIhd,OAASgd,EAAMw7B,GAAIx7B,EAAK,EAAGqiC,EAChD,CAwpBiBiB,CAAMliD,KAAKmtB,EAAGntB,KAAK4vB,EAAG5vB,KAAK2Z,GACpC3Z,KAAKygD,OAAOrG,GAAIkB,EAAIqF,EAAK3gD,KAAK2Z,EAAE9B,GAAI7X,KAAKojB,GACzCpjB,KAAK4vB,EAAIwqB,GAAIkB,EAAIt7C,KAAK2Z,EAAE9B,EAAI,OAAQ7X,KAAK2Z,EAAE9B,EAAI7X,KAAK4vB,EAAEhuB,OACtD5B,KAAKmtB,EAAIitB,GAAIp6C,KAAKmtB,EAAIntB,KAAK2Z,EAAEwT,EAAI,EAAK,GAAIntB,KAAK2Z,EAAEwT,GAAK,CACzD,EAMDuzB,EAAQzgD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACtC/2B,KAAKkE,EAAElB,GAAQhD,KAAKmjB,EAAE4T,EACzB,EACM2pB,CACX,IAqMIyB,gBAAsB,WACtB,SAASA,EAAK1yB,EAAM+wB,GA1fZ,IACJliC,EAAOzG,EA0fP7X,KAAKmjB,GA1fL7E,EAAI,EAAGzG,EAAI,EACR,CACHsV,EAAG,SAAU/J,GAIT,IAFA,IAAIzL,EAAI2G,EAAG+Z,EAAIxgB,EACXuqB,EAAe,EAAXhf,EAAExhB,OACDE,EAAI,EAAGA,GAAKsgC,GAAI,CAErB,IADA,IAAIl+B,EAAIuE,KAAKsd,IAAIjkB,EAAI,KAAMsgC,GACpBtgC,EAAIoC,IAAKpC,EACZu2B,GAAK1gB,GAAKyL,EAAEthB,GAChB6V,GAAS,MAAJA,GAAa,IAAMA,GAAK,IAAK0gB,GAAS,MAAJA,GAAa,IAAMA,GAAK,GAC/E,CACY/Z,EAAI3G,EAAGE,EAAIwgB,CACd,EACDjV,EAAG,WAEC,OAAY,KADZ9E,GAAK,SACe,GAAMA,IAAM,GAAM,IAAU,KADpCzG,GAAK,SACuC,EAAKA,IAAM,CAC/E,IA0eQ7X,KAAK4Z,EAAI,EACT2mC,GAAQx/C,KAAKf,KAAMyvB,EAAM+wB,EACjC,CAkBI,OAZA2B,EAAKliD,UAAU6C,KAAO,SAAUE,EAAO+zB,GACnCwpB,GAAQtgD,UAAU6C,KAAK/B,KAAKf,KAAMgD,EAAO+zB,EAC5C,EACDorB,EAAKliD,UAAUktB,EAAI,SAAUhK,EAAG8iB,GAC5BjmC,KAAKmjB,EAAEgK,EAAEhK,GACT,IAAIi/B,EAAM9D,GAAKn7B,EAAGnjB,KAAK4vB,EAAG5vB,KAAK4Z,GAAK,EAAGqsB,GAAK,GAAIA,GAC5CjmC,KAAK4Z,IA9UP,SAAUuJ,EAAGyM,GACnB,IAAIyyB,EAAKzyB,EAAEywB,MAAOvH,EAAW,GAANuJ,EAAU,EAAIA,EAAK,EAAI,EAAU,GAANA,EAAU,EAAI,EAChEl/B,EAAE,GAAK,IAAKA,EAAE,GAAM21B,GAAM,GAAMA,EAAM,GAAK,EAAIA,EAAM,EACzD,CA4UYwJ,CAAIF,EAAKpiD,KAAK4vB,GAAI5vB,KAAK4Z,EAAI,GAC3BqsB,GArXC,SAAU7iB,EAAGvL,EAAG+B,GACzB,KAAOA,IAAK/B,EACRuL,EAAEvL,GAAK+B,EAAGA,KAAO,CACzB,CAmXY2oC,CAAOH,EAAKA,EAAIxgD,OAAS,EAAG5B,KAAKmjB,EAAEC,KACvCpjB,KAAKygD,OAAO2B,EAAKnc,EACpB,EACMkc,CACX,IA+CIK,gBAAwB,WAKxB,SAASA,EAAOhC,GACZxgD,KAAK4Z,EAAI,EACT8mC,GAAQ3/C,KAAKf,KAAMwgD,EAC3B,CAsBI,OAhBAgC,EAAOviD,UAAU6C,KAAO,SAAUE,EAAO+zB,GAErC,GADA2pB,GAAQzgD,UAAUiE,EAAEnD,KAAKf,KAAMgD,GAC3BhD,KAAK4Z,EAAG,CACR,GAAI5Z,KAAKmtB,EAAEvrB,OAAS,IAAMm1B,EACtB,OACJ/2B,KAAKmtB,EAAIntB,KAAKmtB,EAAEnkB,SAAS,GAAIhJ,KAAK4Z,EAAI,CAClD,CACYmd,IACI/2B,KAAKmtB,EAAEvrB,OAAS,GAChBy0B,GAAI,EAAG,qBACXr2B,KAAKmtB,EAAIntB,KAAKmtB,EAAEnkB,SAAS,GAAI,IAIjC03C,GAAQzgD,UAAUkjB,EAAEpiB,KAAKf,KAAM+2B,EAClC,EACMyrB,CACX,IAiKIC,GAA2B,oBAAf5nC,0BAA4C,IAAIA,YAGhE,IACI4nC,GAAG3nC,OAAO+/B,GAAI,CAAE75C,QAAQ,IAClB,CACV,CACA,MAAOkD,GAAG,CCx+CV,MAAMw+C,GACJ,cAAW3kC,GACT,OAAOtT,EAAMkE,OAAOU,WACxB,CAKE,WAAAzP,CAAY+iD,EAAO,IAAI5qC,MACrB/X,KAAK2+B,OAASl0B,EAAMqF,QAAQG,KAC5BjQ,KAAK2iD,KAAO7rC,EAAKuB,cAAcsqC,GAC/B3iD,KAAKgQ,KAAO,KACZhQ,KAAK6G,KAAO,KACZ7G,KAAK4iD,SAAW,EACpB,CAQE,OAAAC,CAAQ7yC,EAAM2uB,EAASl0B,EAAMqF,QAAQG,MACnCjQ,KAAK2+B,OAASA,EACd3+B,KAAKgQ,KAAOA,EACZhQ,KAAK6G,KAAO,IAChB,CAQE,OAAAi8C,CAAQlgD,GAAQ,GAId,OAHkB,OAAd5C,KAAKgQ,MAAiB8G,EAAK7V,SAASjB,KAAKgQ,SAC3ChQ,KAAKgQ,KAAO8G,EAAK6D,WAAW7D,EAAKwG,UAAUtd,KAAK+iD,SAASngD,MAEpD5C,KAAKgQ,IAChB,CAOE,QAAAgzC,CAAS74C,EAAOw0B,GACd3+B,KAAK2+B,OAASA,EACd3+B,KAAK6G,KAAOsD,EACZnK,KAAKgQ,KAAO,IAChB,CAQE,QAAA+yC,CAASngD,GAAQ,GAKf,OAJkB,OAAd5C,KAAK6G,OAEP7G,KAAK6G,KAAOiQ,EAAKkG,gBAAgBlG,EAAKwD,WAAWta,KAAKgQ,QAEpDpN,EACK2f,EAAoBviB,KAAK6G,MAE3B7G,KAAK6G,IAChB,CAOE,WAAAo8C,CAAYL,GACV5iD,KAAK4iD,SAAWA,CACpB,CAOE,WAAAM,GACE,OAAOljD,KAAK4iD,QAChB,CASE,UAAMvgD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UAExB,MAAMq8B,QAAej7B,EAAOkG,WAEtBw5C,QAAqB1/C,EAAOkG,WAClC5J,KAAK4iD,SAAW9rC,EAAK6D,iBAAiBjX,EAAOqG,UAAUq5C,IAEvDpjD,KAAK2iD,KAAO7rC,EAAKgB,eAAepU,EAAOqG,UAAU,IAEjD,IAAIlD,EAAOnD,EAAOgE,YACdsa,EAAqBnb,KAAOA,QAAaob,EAAiBpb,IAC9D7G,KAAKgjD,SAASn8C,EAAM83B,EAAO,GAEjC,CAOE,WAAAmN,GACE,MAAM8W,EAAW9rC,EAAKwD,WAAWta,KAAK4iD,UAChCS,EAAkB,IAAI5hD,WAAW,CAACmhD,EAAShhD,SAE3C+8B,EAAS,IAAIl9B,WAAW,CAACzB,KAAK2+B,SAC9BgkB,EAAO7rC,EAAKkB,UAAUhY,KAAK2iD,MAEjC,OAAO7rC,EAAKpV,iBAAiB,CAACi9B,EAAQ0kB,EAAiBT,EAAUD,GACrE,CAOE,KAAA5/C,GACE,MAAM2c,EAAS1f,KAAK8rC,cACdjlC,EAAO7G,KAAK+iD,WAElB,OAAOjsC,EAAKtS,OAAO,CAACkb,EAAQ7Y,GAChC,ECnIA,MAAMy8C,GACJ,WAAA1jD,GACEI,KAAKmK,MAAQ,EACjB,CAME,IAAA9H,CAAK8H,GAEH,OADAnK,KAAKmK,MAAQ2M,EAAKmD,mBAAmB9P,EAAMnB,SAAS,EAAG,IAChDhJ,KAAKmK,MAAMvI,MACtB,CAME,KAAAmB,GACE,OAAO+T,EAAK+C,mBAAmB7Z,KAAKmK,MACxC,CAME,KAAAmhC,GACE,OAAOx0B,EAAK2C,gBAAgB3C,EAAK+C,mBAAmB7Z,KAAKmK,OAC7D,CAOE,MAAAo5C,CAAOC,EAAOC,GAAgB,GAC5B,OAAQA,IAAkBD,EAAME,cAAgB1jD,KAAK0jD,eAAkB1jD,KAAKmK,QAAUq5C,EAAMr5C,KAChG,CAME,MAAAw5C,GACE,MAAsB,KAAf3jD,KAAKmK,KAChB,CAME,UAAAu5C,GACE,MAAO,OAAO3mC,KAAK/c,KAAKsrC,QAC5B,CAEE,eAAOsY,CAASJ,GACd,OAAOA,EAAMlY,OACjB,CAEE,aAAOuY,CAAOvqC,GACZ,MAAMkqC,EAAQ,IAAIF,GAElB,OADAE,EAAMnhD,KAAKyU,EAAKuC,gBAAgBC,IACzBkqC,CACX,CAEE,eAAOM,GACL,MAAMN,EAAQ,IAAIF,GAElB,OADAE,EAAMnhD,KAAK,IAAIZ,WAAW,IACnB+hD,CACX,EC3EA,MAAMjR,GAAWjzC,OAAO,YAQlBykD,GAAqB,+BAKrBC,GAA4B,IAAIruC,IAAI,CACxClL,EAAMuG,mBAAmBW,YACzBlH,EAAMuG,mBAAmByB,kBACzBhI,EAAMuG,mBAAmBwB,oBAW3B,MAAMyxC,GACJ,cAAWlmC,GACT,OAAOtT,EAAMkE,OAAOE,SACxB,CAEE,WAAAjP,GACEI,KAAK03C,QAAU,KAEf13C,KAAKkkD,cAAgB,KAErBlkD,KAAKmkD,cAAgB,KAErBnkD,KAAKokD,mBAAqB,KAE1BpkD,KAAKqkD,cAAgB,KACrBrkD,KAAKskD,mBAAqB,GAC1BtkD,KAAKukD,kBAAoB,GACzBvkD,KAAKwkD,gBAAkB,KACvBxkD,KAAKyuC,KAAO,KAEZzuC,KAAKykD,QAAU,KACfzkD,KAAKkR,wBAA0B,KAC/BlR,KAAK0kD,uBAAwB,EAC7B1kD,KAAK2kD,WAAa,KAClB3kD,KAAK4kD,WAAa,KAClB5kD,KAAK6kD,YAAc,KACnB7kD,KAAKqR,kBAAoB,KACzBrR,KAAKsR,UAAY,KACjBtR,KAAKuR,kBAAoB,KACzBvR,KAAK8kD,gBAAkB,KACvB9kD,KAAKyR,6BAA+B,KACpCzR,KAAK+kD,mBAAqB,KAC1B/kD,KAAKglD,uBAAyB,KAC9BhlD,KAAKilD,yBAA2B,KAChCjlD,KAAK2R,YAAc,IAAI2xC,GACvBtjD,KAAKklD,aAAe,GACpBllD,KAAKmlD,UAAY,CAAE,EACnBnlD,KAAK6R,wBAA0B,KAC/B7R,KAAK8R,+BAAiC,KACtC9R,KAAK+R,qBAAuB,KAC5B/R,KAAKgS,mBAAqB,KAC1BhS,KAAKolD,gBAAkB,KACvBplD,KAAKkS,UAAY,KACjBlS,KAAKmS,SAAW,KAChBnS,KAAKoS,cAAgB,KACrBpS,KAAKqlD,wBAA0B,KAC/BrlD,KAAKslD,0BAA4B,KACjCtlD,KAAKsS,SAAW,KAChBtS,KAAKulD,kCAAoC,KACzCvlD,KAAKwlD,6BAA+B,KACpCxlD,KAAKylD,oBAAsB,KAC3BzlD,KAAKwS,kBAAoB,KACzBxS,KAAK0lD,iBAAmB,KACxB1lD,KAAKyS,kBAAoB,KACzBzS,KAAK0S,wBAA0B,KAC/B1S,KAAK2S,sBAAwB,KAE7B3S,KAAK2lD,QAAU,KACf3lD,KAAKuyC,IAAY,IACrB,CAOE,IAAAlwC,CAAK8H,EAAO+J,EAASqD,GACnB,IAAIzV,EAAI,EAER,GADA9B,KAAK03C,QAAUvtC,EAAMrI,KACA,IAAjB9B,KAAK03C,UAAkBxjC,EAAOS,wBAChC,MAAM,IAAIi4B,GAAiB,2FAG7B,GAAqB,IAAjB5sC,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QACnD,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,mDAS7C,GANA13C,KAAKkkD,cAAgB/5C,EAAMrI,KAC3B9B,KAAKokD,mBAAqBj6C,EAAMrI,KAChC9B,KAAKmkD,cAAgBh6C,EAAMrI,KAG3BA,GAAK9B,KAAK4lD,eAAez7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,IACrD5B,KAAKykD,QACR,MAAUljD,MAAM,8CAmBlB,GAVAvB,KAAKqkD,cAAgBl6C,EAAMnB,SAAS,EAAGlH,GAGvCA,GAAK9B,KAAK4lD,eAAez7C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAAS,GAG1D5B,KAAKwkD,gBAAkBr6C,EAAMnB,SAASlH,EAAGA,EAAI,GAC7CA,GAAK,EAGgB,IAAjB9B,KAAK03C,QAAe,CAItB,MAAMmO,EAAa17C,EAAMrI,KAGzB9B,KAAKyuC,KAAOtkC,EAAMnB,SAASlH,EAAGA,EAAI+jD,GAClC/jD,GAAK+jD,CACX,CAEI,MAAMC,EAAoB37C,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAC5CS,KAAEA,EAAI0yC,gBAAEA,GAAoB54B,GAAOtN,UAAUk3C,qBAAqB/lD,KAAKokD,mBAAoB0B,GACjG,GAAIzjD,EAAOyjD,EAAkBlkD,OAC3B,MAAUL,MAAM,sBAElBvB,KAAK2mB,OAASouB,CAClB,CAKE,WAAAiR,GACE,OAAIhmD,KAAK2mB,kBAAkBzmB,QAClB+lD,GACL3jD,SAAY6Z,GAAO+pC,gBAAgBlmD,KAAKokD,yBAA0BpkD,KAAK2mB,UAGpExK,GAAO+pC,gBAAgBlmD,KAAKokD,mBAAoBpkD,KAAK2mB,OAChE,CAEE,KAAA5jB,GACE,MAAMmjB,EAAM,GASZ,OARAA,EAAIpjB,KAAK9C,KAAKqkD,eACdn+B,EAAIpjB,KAAK9C,KAAKmmD,2BACdjgC,EAAIpjB,KAAK9C,KAAKwkD,iBACO,IAAjBxkD,KAAK03C,UACPxxB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKyuC,KAAK7sC,UACnCskB,EAAIpjB,KAAK9C,KAAKyuC,OAEhBvoB,EAAIpjB,KAAK9C,KAAKgmD,eACPlvC,EAAKtS,OAAO0hB,EACvB,CAWE,UAAMia,CAAKxvB,EAAK9J,EAAM87C,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,GACzDlU,KAAK03C,QAAU/mC,EAAI+mC,QAEnB13C,KAAKykD,QAAU3tC,EAAKuB,cAAcsqC,GAClC3iD,KAAK0lD,iBAAmB/0C,EAAI+mC,QAC5B13C,KAAKyS,kBAAoB9B,EAAIy1C,sBAC7BpmD,KAAK2R,YAAchB,EAAI01C,WAEvB,MAAMngC,EAAM,CAAC,IAAIzkB,WAAW,CAACzB,KAAK03C,QAAS13C,KAAKkkD,cAAelkD,KAAKokD,mBAAoBpkD,KAAKmkD,iBAG7F,GAAqB,IAAjBnkD,KAAK03C,QAAe,CACtB,MAAMmO,EAAaS,GAAkBtmD,KAAKmkD,eAC1C,GAAkB,OAAdnkD,KAAKyuC,KACPzuC,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAeiqB,QACpC,GAAIA,IAAe7lD,KAAKyuC,KAAK7sC,OAClC,MAAUL,MAAM,kDAExB,MAAW,GAAI2S,EAAOmC,sCAAuC,CAIvD,GAA6B,IAHPrW,KAAKklD,aAAa36C,QAAO,EAAGtC,UAAYA,IAAS87C,KAGrDniD,OAShB,MAAUL,MAAM,qCATc,CAC9B,MAAMglD,EAAYpqC,GAAOw6B,OAAO/a,eAAe0qB,GAAkBtmD,KAAKmkD,gBACtEnkD,KAAKklD,aAAapiD,KAAK,CACrBmF,KAAM87C,GACNxhD,MAAOgkD,EACPC,eAAe,EACfC,UAAU,GAEpB,CAGA,CAGIvgC,EAAIpjB,KAAK9C,KAAK0mD,yBAKd1mD,KAAKskD,mBAAqB,GAE1BtkD,KAAKqkD,cAAgBvtC,EAAKtS,OAAO0hB,GAEjC,MAAMgyB,EAASl4C,KAAKk4C,OAAOl4C,KAAKkkD,cAAer9C,EAAM+jC,GAC/Cj9B,QAAa3N,KAAK2N,KAAK3N,KAAKkkD,cAAer9C,EAAMqxC,EAAQtN,GAE/D5qC,KAAKwkD,gBAAkBmC,EAAaC,EAAaj5C,GAAO,EAAG,GAC3D,MAAM2F,EAAShR,SAAY6Z,GAAOtN,UAAUsxB,KAC1CngC,KAAKokD,mBAAoBpkD,KAAKmkD,cAAexzC,EAAIykC,aAAczkC,EAAIolC,cAAemC,QAAcj2B,EAAiBtU,IAE/GmJ,EAAK7V,SAAS0M,GAChB3N,KAAK2mB,OAASrT,KAEdtT,KAAK2mB,aAAerT,IAMpBtT,KAAKuyC,KAAY,EAEvB,CAME,qBAAAmU,GACE,MAAMrpC,EAAM5S,EAAMuG,mBACZkV,EAAM,GACZ,IAAI/b,EACJ,GAAqB,OAAjBnK,KAAKykD,QACP,MAAUljD,MAAM,mCAElB2kB,EAAIpjB,KAAK+jD,GAAexpC,EAAIpM,uBAAuB,EAAM6F,EAAKkB,UAAUhY,KAAKykD,WACxC,OAAjCzkD,KAAKkR,yBACPgV,EAAIpjB,KAAK+jD,GAAexpC,EAAInM,yBAAyB,EAAM4F,EAAKc,YAAY5X,KAAKkR,wBAAyB,KAEpF,OAApBlR,KAAK2kD,YACPz+B,EAAIpjB,KAAK+jD,GAAexpC,EAAIlM,yBAAyB,EAAM,IAAI1P,WAAW,CAACzB,KAAK2kD,WAAa,EAAI,MAE3E,OAApB3kD,KAAK4kD,aACPz6C,EAAQ,IAAI1I,WAAW,CAACzB,KAAK4kD,WAAY5kD,KAAK6kD,cAC9C3+B,EAAIpjB,KAAK+jD,GAAexpC,EAAIjM,gBAAgB,EAAMjH,KAErB,OAA3BnK,KAAKqR,mBACP6U,EAAIpjB,KAAK+jD,GAAexpC,EAAIhM,mBAAmB,EAAMrR,KAAKqR,oBAErC,OAAnBrR,KAAKsR,WACP4U,EAAIpjB,KAAK+jD,GAAexpC,EAAI/L,WAAW,EAAM,IAAI7P,WAAW,CAACzB,KAAKsR,UAAY,EAAI,MAErD,OAA3BtR,KAAKuR,mBACP2U,EAAIpjB,KAAK+jD,GAAexpC,EAAI9L,mBAAmB,EAAMuF,EAAKc,YAAY5X,KAAKuR,kBAAmB,KAEtD,OAAtCvR,KAAKyR,+BACPtH,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKyR,+BAC7DyU,EAAIpjB,KAAK+jD,GAAexpC,EAAI5L,8BAA8B,EAAOtH,KAEnC,OAA5BnK,KAAK+kD,qBACP56C,EAAQ,IAAI1I,WAAW,CAACzB,KAAK+kD,mBAAoB/kD,KAAKglD,yBACtD76C,EAAQ2M,EAAKtS,OAAO,CAAC2F,EAAOnK,KAAKilD,2BACjC/+B,EAAIpjB,KAAK+jD,GAAexpC,EAAI3L,eAAe,EAAOvH,MAE/CnK,KAAK2R,YAAYgyC,UAAY3jD,KAAK0lD,iBAAmB,GAGxDx/B,EAAIpjB,KAAK+jD,GAAexpC,EAAI1L,aAAa,EAAM3R,KAAK2R,YAAY5O,UAElE/C,KAAKklD,aAAajjD,SAAQ,EAAGgG,OAAM1F,QAAOikD,gBAAeC,eACvDt8C,EAAQ,CAAC,IAAI1I,WAAW,CAAC+kD,EAAgB,IAAO,EAAG,EAAG,EAAG,KACzD,MAAMM,EAAchwC,EAAKwD,WAAWrS,GAEpCkC,EAAMrH,KAAKgU,EAAKc,YAAYkvC,EAAYllD,OAAQ,IAEhDuI,EAAMrH,KAAKgU,EAAKc,YAAYrV,EAAMX,OAAQ,IAC1CuI,EAAMrH,KAAKgkD,GACX38C,EAAMrH,KAAKP,GACX4H,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAIzL,aAAc60C,EAAUt8C,GAAO,IAExB,OAAjCnK,KAAK6R,0BACP1H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK6R,0BAC7DqU,EAAIpjB,KAAK+jD,GAAexpC,EAAIxL,yBAAyB,EAAO1H,KAElB,OAAxCnK,KAAK8R,iCACP3H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK8R,iCAC7DoU,EAAIpjB,KAAK+jD,GAAexpC,EAAIvL,gCAAgC,EAAO3H,KAEnC,OAA9BnK,KAAK+R,uBACP5H,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK+R,uBAC7DmU,EAAIpjB,KAAK+jD,GAAexpC,EAAItL,sBAAsB,EAAO5H,KAE3B,OAA5BnK,KAAKgS,oBACPkU,EAAIpjB,KAAK+jD,GAAexpC,EAAIrL,oBAAoB,EAAO8E,EAAKwD,WAAWta,KAAKgS,sBAEjD,OAAzBhS,KAAKolD,iBACPl/B,EAAIpjB,KAAK+jD,GAAexpC,EAAIpL,eAAe,EAAO,IAAIxQ,WAAW,CAACzB,KAAKolD,gBAAkB,EAAI,MAExE,OAAnBplD,KAAKkS,WACPgU,EAAIpjB,KAAK+jD,GAAexpC,EAAInL,WAAW,EAAO4E,EAAKwD,WAAWta,KAAKkS,aAE/C,OAAlBlS,KAAKmS,WACPhI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKmS,WAC7D+T,EAAIpjB,KAAK+jD,GAAexpC,EAAIlL,UAAU,EAAMhI,KAEnB,OAAvBnK,KAAKoS,eACP8T,EAAIpjB,KAAK+jD,GAAexpC,EAAIjL,eAAe,EAAO0E,EAAKwD,WAAWta,KAAKoS,iBAEpC,OAAjCpS,KAAKqlD,0BACPl7C,EAAQ2M,EAAK+C,mBAAmB7C,OAAOoD,aAAapa,KAAKqlD,yBAA2BrlD,KAAKslD,2BACzFp/B,EAAIpjB,KAAK+jD,GAAexpC,EAAIhL,qBAAqB,EAAMlI,KAEnC,OAAlBnK,KAAKsS,WACPnI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAKsS,WAC7D4T,EAAIpjB,KAAK+jD,GAAexpC,EAAI/K,UAAU,EAAOnI,KAEA,OAA3CnK,KAAKulD,oCACPp7C,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAKulD,kCAAmCvlD,KAAKwlD,gCACtEr7C,EAAMrH,KAAKgU,EAAK+C,mBAAmB7Z,KAAKylD,sBACxCt7C,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAI9K,iBAAiB,EAAMpI,KAEtB,OAA3BnK,KAAKwS,mBACP0T,EAAIpjB,KAAK+jD,GAAexpC,EAAI7K,mBAAmB,EAAMxS,KAAKwS,kBAAkBzP,UAE/C,OAA3B/C,KAAKyS,oBACPtI,EAAQ,CAAC,IAAI1I,WAAW,CAACzB,KAAK0lD,mBAAoB1lD,KAAKyS,mBACvDtI,EAAQ2M,EAAKtS,OAAO2F,GACpB+b,EAAIpjB,KAAK+jD,GAAexpC,EAAI5K,kBAAmBzS,KAAK03C,SAAW,EAAGvtC,KAE/B,OAAjCnK,KAAK0S,0BACPvI,EAAQ2M,EAAK+C,mBAAmB/C,EAAKmD,mBAAmBja,KAAK0S,0BAC7DwT,EAAIpjB,KAAK+jD,GAAexpC,EAAI3K,yBAAyB,EAAOvI,KAE3B,OAA/BnK,KAAK2S,wBACPxI,EAAQ,IAAI1I,WAAW,GAAG+C,UAAUxE,KAAK2S,wBACzCuT,EAAIpjB,KAAK+jD,GAAexpC,EAAI1K,uBAAuB,EAAOxI,KAG5D,MAAMpI,EAAS+U,EAAKtS,OAAO0hB,GACrBtkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAK03C,QAAgB,EAAI,GAExE,OAAO5gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAME,uBAAAokD,GACE,MAAMjgC,EAAMlmB,KAAKskD,mBAAmB3/C,KAAI,EAAGsP,OAAMwyC,WAAUvlC,UAClD2lC,GAAe5yC,EAAMwyC,EAAUvlC,KAGlCnf,EAAS+U,EAAKtS,OAAO0hB,GACrBtkB,EAASkV,EAAKc,YAAY7V,EAAOH,OAAyB,IAAjB5B,KAAK03C,QAAgB,EAAI,GAExE,OAAO5gC,EAAKtS,OAAO,CAAC5C,EAAQG,GAChC,CAGE,aAAAglD,CAAc58C,EAAOszB,GAAS,GAC5B,IAAIupB,EAAQ,EAGZ,MAAMP,KAA6B,IAAft8C,EAAM68C,IACpB/yC,EAAsB,IAAf9J,EAAM68C,GAInB,GAFAA,IAEKvpB,IACHz9B,KAAKskD,mBAAmBxhD,KAAK,CAC3BmR,OACAwyC,WACAvlC,KAAM/W,EAAMnB,SAASg+C,EAAO78C,EAAMvI,UAE/BoiD,GAA0BhgD,IAAIiQ,IAMrC,OAAQA,GACN,KAAKxJ,EAAMuG,mBAAmBC,sBAE5BjR,KAAKykD,QAAU3tC,EAAKgB,SAAS3N,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACzD,MACF,KAAK6I,EAAMuG,mBAAmBE,wBAAyB,CAErD,MAAM+1C,EAAUnwC,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAE5D5B,KAAK0kD,sBAAoC,IAAZuC,EAC7BjnD,KAAKkR,wBAA0B+1C,EAE/B,KACR,CACM,KAAKx8C,EAAMuG,mBAAmBG,wBAE5BnR,KAAK2kD,WAAgC,IAAnBx6C,EAAM68C,KACxB,MACF,KAAKv8C,EAAMuG,mBAAmBI,eAE5BpR,KAAK4kD,WAAaz6C,EAAM68C,KACxBhnD,KAAK6kD,YAAc16C,EAAM68C,KACzB,MACF,KAAKv8C,EAAMuG,mBAAmBK,kBAE5BrR,KAAKqR,kBAAoBlH,EAAM68C,GAC/B,MACF,KAAKv8C,EAAMuG,mBAAmBM,UAE5BtR,KAAKsR,UAA+B,IAAnBnH,EAAM68C,KACvB,MACF,KAAKv8C,EAAMuG,mBAAmBO,kBAAmB,CAE/C,MAAM01C,EAAUnwC,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAE5D5B,KAAKuR,kBAAoB01C,EACzBjnD,KAAK8kD,gBAA8B,IAAZmC,EAEvB,KACR,CACM,KAAKx8C,EAAMuG,mBAAmBS,6BAE5BzR,KAAKyR,6BAA+B,IAAItH,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACpE,MACF,KAAK6I,EAAMuG,mBAAmBU,cAK5B1R,KAAK+kD,mBAAqB56C,EAAM68C,KAChChnD,KAAKglD,uBAAyB76C,EAAM68C,KACpChnD,KAAKilD,yBAA2B96C,EAAMnB,SAASg+C,EAAOA,EAAQ,IAC9D,MAEF,KAAKv8C,EAAMuG,mBAAmBW,YAE5B,GAAqB,IAAjB3R,KAAK03C,QACP13C,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,cAC7C,GAAI67B,EAST,MAAUl8B,MAAM,sCAElB,MAEF,KAAKkJ,EAAMuG,mBAAmBY,aAAc,CAE1C,MAAM40C,KAAkC,IAAfr8C,EAAM68C,IAG/BA,GAAS,EACT,MAAM3uB,EAAIvhB,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAOA,EAAQ,IACxDA,GAAS,EACT,MAAMrvC,EAAIb,EAAKY,WAAWvN,EAAMnB,SAASg+C,EAAOA,EAAQ,IACxDA,GAAS,EAET,MAAM/+C,EAAO6O,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAOA,EAAQ3uB,IACrD91B,EAAQ4H,EAAMnB,SAASg+C,EAAQ3uB,EAAG2uB,EAAQ3uB,EAAI1gB,GAEpD3X,KAAKklD,aAAapiD,KAAK,CAAEmF,OAAMu+C,gBAAejkD,QAAOkkD,aAEjDD,IACFxmD,KAAKmlD,UAAUl9C,GAAQ6O,EAAK6D,WAAWpY,IAEzC,KACR,CACM,KAAKkI,EAAMuG,mBAAmBa,wBAE5B7R,KAAK6R,wBAA0B,IAAI1H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmBc,+BAE5B9R,KAAK8R,+BAAiC,IAAI3H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBe,qBAE5B/R,KAAK+R,qBAAuB,IAAI5H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC5D,MACF,KAAK6I,EAAMuG,mBAAmBgB,mBAE5BhS,KAAKgS,mBAAqB8E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACtE,MACF,KAAK6I,EAAMuG,mBAAmBiB,cAE5BjS,KAAKolD,gBAAqC,IAAnBj7C,EAAM68C,KAC7B,MACF,KAAKv8C,EAAMuG,mBAAmBkB,UAE5BlS,KAAKkS,UAAY4E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC7D,MACF,KAAK6I,EAAMuG,mBAAmBmB,SAE5BnS,KAAKmS,SAAW,IAAIhI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBoB,cAE5BpS,KAAKoS,cAAgB0E,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACjE,MACF,KAAK6I,EAAMuG,mBAAmBqB,oBAE5BrS,KAAKqlD,wBAA0Bl7C,EAAM68C,KACrChnD,KAAKslD,0BAA4BxuC,EAAK6D,WAAWxQ,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC7E,MACF,KAAK6I,EAAMuG,mBAAmBsB,SAE5BtS,KAAKsS,SAAW,IAAInI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAChD,MACF,KAAK6I,EAAMuG,mBAAmBuB,gBAAiB,CAG7CvS,KAAKulD,kCAAoCp7C,EAAM68C,KAC/ChnD,KAAKwlD,6BAA+Br7C,EAAM68C,KAE1C,MAAM35B,EAAMlR,GAAOmJ,kBAAkBtlB,KAAKwlD,8BAE1CxlD,KAAKylD,oBAAsB3uC,EAAKmD,mBAAmB9P,EAAMnB,SAASg+C,EAAOA,EAAQ35B,IACjF,KACR,CACM,KAAK5iB,EAAMuG,mBAAmBwB,kBAE5BxS,KAAKwS,kBAAoB,IAAIyxC,GAC7BjkD,KAAKwS,kBAAkBnQ,KAAK8H,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SACxD,MACF,KAAK6I,EAAMuG,mBAAmByB,kBAE5BzS,KAAK0lD,iBAAmBv7C,EAAM68C,KAC9BhnD,KAAKyS,kBAAoBtI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,QACjD5B,KAAK0lD,kBAAoB,EAC3B1lD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,mBAE3BzS,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBAAkBzJ,UAAU,IAEzD,MACF,KAAKyB,EAAMuG,mBAAmB0B,wBAE5B1S,KAAK0S,wBAA0B,IAAIvI,EAAMnB,SAASg+C,EAAO78C,EAAMvI,SAC/D,MACF,KAAK6I,EAAMuG,mBAAmB2B,sBAE5B3S,KAAK2S,sBAAwB,GAC7B,IAAK,IAAI7Q,EAAIklD,EAAOllD,EAAIqI,EAAMvI,OAAQE,GAAK,EACzC9B,KAAK2S,sBAAsB7P,KAAK,CAACqH,EAAMrI,GAAIqI,EAAMrI,EAAI,KAEvD,MACF,QACE9B,KAAKukD,kBAAkBzhD,KAAK,CAC1BmR,OACAwyC,WACAvlC,KAAM/W,EAAMnB,SAASg+C,EAAO78C,EAAMvI,UAI5C,CAEE,cAAAgkD,CAAez7C,EAAO+8C,GAAU,EAAMhzC,GACpC,MAAMizC,EAAwC,IAAjBnnD,KAAK03C,QAAgB,EAAI,EAGhD0P,EAAkBtwC,EAAKY,WAAWvN,EAAMnB,SAAS,EAAGm+C,IAE1D,IAAIrlD,EAAIqlD,EAGR,KAAOrlD,EAAI,EAAIslD,GAAiB,CAC9B,MAAM/5B,EAAMme,GAAiBrhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKurB,EAAIzU,OAET5Y,KAAK+mD,cAAc58C,EAAMnB,SAASlH,EAAGA,EAAIurB,EAAIA,KAAM65B,EAAShzC,GAE5DpS,GAAKurB,EAAIA,GACf,CAEI,OAAOvrB,CACX,CAGE,MAAAulD,CAAOpzC,EAAMpN,GACX,MAAM6U,EAAIjR,EAAMoE,UAEhB,OAAQoF,GACN,KAAKyH,EAAE3L,OACL,OAAkB,OAAdlJ,EAAKmJ,KACA8G,EAAKwD,WAAWzT,EAAKi8C,SAAQ,IAE/Bj8C,EAAKk8C,UAAS,GAEvB,KAAKrnC,EAAE1L,KAAM,CACX,MAAM7F,EAAQtD,EAAKk8C,UAAS,GAE5B,OAAOjsC,EAAKkG,gBAAgB7S,EACpC,CACM,KAAKuR,EAAEvL,WACL,OAAO,IAAI1O,WAAW,GAExB,KAAKia,EAAEtL,YACP,KAAKsL,EAAErL,YACP,KAAKqL,EAAEpL,WACP,KAAKoL,EAAEnL,aACP,KAAKmL,EAAElL,eAAgB,CACrB,IAAI7B,EACAoP,EAEJ,GAAIlX,EAAK0I,OACPwO,EAAM,IACNpP,EAAS9H,EAAK0I,WACT,KAAI1I,EAAK4I,cAId,MAAUlO,MAAM,mFAHhBwc,EAAM,IACNpP,EAAS9H,EAAK4I,aAIxB,CAEQ,MAAMtF,EAAQwE,EAAO5L,QAErB,OAAO+T,EAAKtS,OAAO,CAACxE,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GACrC,IAAIpF,WAAW,CAACsc,IAChBjH,EAAKc,YAAYzN,EAAMvI,OAAQ,GAC/BuI,GACV,CACM,KAAKuR,EAAEjL,cACP,KAAKiL,EAAE7K,iBACP,KAAK6K,EAAEhL,WACL,OAAOoG,EAAKtS,OAAO,CAACxE,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GAAO7G,KAAKqnD,OAAO3rC,EAAE/K,IAAK,CAC/DA,IAAK9J,EAAKlD,SAGd,KAAK+X,EAAE/K,IACL,QAAiBvO,IAAbyE,EAAK8J,IACP,MAAUpP,MAAM,8CAElB,OAAOsF,EAAK8J,IAAI22C,aAAatnD,KAAK03C,SAEpC,KAAKh8B,EAAE9K,cACL,OAAO5Q,KAAKqnD,OAAO3rC,EAAE/K,IAAK9J,GAC5B,KAAK6U,EAAE5K,UACL,OAAO,IAAIrP,WAAW,GACxB,KAAKia,EAAE3K,WACL,MAAUxP,MAAM,mBAClB,QACE,MAAUA,MAAM,2BAExB,CAEE,gBAAAgmD,CAAiB1gD,EAAM+jC,GACrB,IAAIhpC,EAAS,EACb,OAAOmY,EAAiB6sC,EAAa5mD,KAAKqkD,gBAAgB9hD,IACxDX,GAAUW,EAAMX,MAAM,IACrB,KACD,MAAMskB,EAAM,GAeZ,OAdqB,IAAjBlmB,KAAK03C,SAAkB13C,KAAKkkD,gBAAkBz5C,EAAMoE,UAAUkB,QAAU/P,KAAKkkD,gBAAkBz5C,EAAMoE,UAAUmB,OAC7G46B,EACF1kB,EAAIpjB,KAAK,IAAIrB,WAAW,IAExBykB,EAAIpjB,KAAK+D,EAAKilC,gBAGlB5lB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK03C,QAAS,OAClB,IAAjB13C,KAAK03C,SACPxxB,EAAIpjB,KAAK,IAAIrB,WAAW,IAE1BykB,EAAIpjB,KAAKgU,EAAKc,YAAYhW,EAAQ,IAG3BkV,EAAKtS,OAAO0hB,EAAI,GAE7B,CAEE,MAAAgyB,CAAOgM,EAAer9C,EAAM+jC,GAAW,GACrC,MAAMzgC,EAAQnK,KAAKqnD,OAAOnD,EAAer9C,GAEzC,OAAOiQ,EAAKtS,OAAO,CAACxE,KAAKyuC,MAAQ,IAAIhtC,WAAc0I,EAAOnK,KAAKqkD,cAAerkD,KAAKunD,iBAAiB1gD,EAAM+jC,IAC9G,CAEE,UAAMj9B,CAAKu2C,EAAer9C,EAAMqxC,EAAQtN,GAAW,GACjD,GAAqB,IAAjB5qC,KAAK03C,SAAiB13C,KAAKyuC,KAAK7sC,SAAW0kD,GAAkBtmD,KAAKmkD,eAEpE,MAAU5iD,MAAM,oDAIlB,OADK22C,IAAQA,EAASl4C,KAAKk4C,OAAOgM,EAAer9C,EAAM+jC,IAChDzuB,GAAOxO,KAAK4W,OAAOvkB,KAAKmkD,cAAejM,EAClD,CAcE,YAAMxX,CAAO/vB,EAAKuzC,EAAer9C,EAAM87C,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GACnF,IAAKvX,KAAK2R,YAAY4xC,OAAO5yC,EAAI01C,YAC/B,MAAU9kD,MAAM,oDAElB,GAAIvB,KAAKokD,qBAAuBzzC,EAAI+kC,UAClC,MAAUn0C,MAAM,oFAGlB,MAAMimD,EAAqBtD,IAAkBz5C,EAAMoE,UAAUkB,QAAUm0C,IAAkBz5C,EAAMoE,UAAUmB,KAIzG,KADmBhQ,KAAKuyC,MAAciV,GACrB,CACf,IAAItP,EACAvqC,EAQJ,GAPI3N,KAAKy9B,OACP9vB,QAAa3N,KAAKy9B,QAElBya,EAASl4C,KAAKk4C,OAAOgM,EAAer9C,EAAM+jC,GAC1Cj9B,QAAa3N,KAAK2N,KAAKu2C,EAAer9C,EAAMqxC,IAE9CvqC,QAAasU,EAAiBtU,GAC1B3N,KAAKwkD,gBAAgB,KAAO72C,EAAK,IACjC3N,KAAKwkD,gBAAgB,KAAO72C,EAAK,GACnC,MAAUpM,MAAM,+BAUlB,GAPAvB,KAAK2mB,aAAe3mB,KAAK2mB,OAEzB3mB,KAAKuyC,UAAkBp2B,GAAOtN,UAAU6xB,OACtC1gC,KAAKokD,mBAAoBpkD,KAAKmkD,cAAenkD,KAAK2mB,OAAQhW,EAAIykC,aAC9D8C,EAAQvqC,IAGL3N,KAAKuyC,IACR,MAAUhxC,MAAM,gCAExB,CAEI,MAAMkmD,EAAW3wC,EAAKuB,cAAcsqC,GACpC,GAAI8E,GAAYznD,KAAKykD,QAAUgD,EAC7B,MAAUlmD,MAAM,4CAElB,GAAIkmD,GAAYA,GAAYznD,KAAK0nD,oBAC/B,MAAUnmD,MAAM,wBAElB,GAAI2S,EAAOqC,qBAAqBvS,IAAIhE,KAAKmkD,eACvC,MAAU5iD,MAAM,4BAA8BkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKmkD,eAAewD,eAE3F,GAAIzzC,EAAOsC,4BAA4BxS,IAAIhE,KAAKmkD,gBAC9C,CAAC15C,EAAMoE,UAAUkB,OAAQtF,EAAMoE,UAAUmB,MAAMkP,SAASlf,KAAKkkD,eAC7D,MAAU3iD,MAAM,oCAAsCkJ,EAAMpI,KAAKoI,EAAMkD,KAAM3N,KAAKmkD,eAAewD,eAYnG,GAVA3nD,KAAKukD,kBAAkBtiD,SAAQ,EAAGgS,OAAMwyC,eACtC,GAAIA,EACF,MAAUllD,MAAM,6CAA6C0S,EACrE,IAEIjU,KAAKklD,aAAajjD,SAAQ,EAAGgG,OAAMw+C,eACjC,GAAIA,GAAavyC,EAAOkC,eAAe3M,QAAQxB,GAAQ,EACrD,MAAU1G,MAAM,8BAA8B0G,EACtD,IAEoC,OAA5BjI,KAAK+kD,mBACP,MAAUxjD,MAAM,gGAEtB,CAOE,SAAAqmD,CAAUjF,EAAO,IAAI5qC,MACnB,MAAM0vC,EAAW3wC,EAAKuB,cAAcsqC,GACpC,OAAiB,OAAb8E,KACOznD,KAAKykD,SAAWgD,GAAYA,EAAWznD,KAAK0nD,oBAG3D,CAME,iBAAAA,GACE,OAAO1nD,KAAK0kD,sBAAwBn8C,IAAW,IAAIwP,KAAK/X,KAAKykD,QAAQrsC,UAA2C,IAA/BpY,KAAKkR,wBAC1F,EAeA,SAAS21C,GAAe5yC,EAAMwyC,EAAU5/C,GACtC,MAAMqf,EAAM,GAIZ,OAHAA,EAAIpjB,KAAK2oC,GAAkB5kC,EAAKjF,OAAS,IACzCskB,EAAIpjB,KAAK,IAAIrB,WAAW,EAAEglD,EAAW,IAAO,GAAKxyC,KACjDiS,EAAIpjB,KAAK+D,GACFiQ,EAAKtS,OAAO0hB,EACrB,CASA,SAASogC,GAAkBnC,GACzB,OAAQA,GACN,KAAK15C,EAAMkD,KAAKI,OAAQ,OAAO,GAC/B,KAAKtD,EAAMkD,KAAKK,OAAQ,OAAO,GAC/B,KAAKvD,EAAMkD,KAAKM,OAAQ,OAAO,GAC/B,KAAKxD,EAAMkD,KAAKO,OAChB,KAAKzD,EAAMkD,KAAKQ,SAAU,OAAO,GACjC,KAAK1D,EAAMkD,KAAKS,SAAU,OAAO,GACjC,QAAS,MAAU7M,MAAM,6BAE7B,CCh1BA,MAAMsmD,GACJ,cAAW9pC,GACT,OAAOtT,EAAMkE,OAAOI,gBACxB,CAEE,0BAAO+4C,CAAoBC,EAAiBC,GAC1C,MAAMC,EAAa,IAAIJ,GAUvB,OATAI,EAAWvQ,QAAsC,IAA5BqQ,EAAgBrQ,QAAgB,EAAI,EACzDuQ,EAAW/D,cAAgB6D,EAAgB7D,cAC3C+D,EAAW9D,cAAgB4D,EAAgB5D,cAC3C8D,EAAW7D,mBAAqB2D,EAAgB3D,mBAChD6D,EAAWt2C,YAAco2C,EAAgBp2C,YACzCs2C,EAAWxZ,KAAOsZ,EAAgBtZ,KAClCwZ,EAAWx1C,kBAAoBs1C,EAAgBt1C,kBAE/Cw1C,EAAWC,MAAQF,EAAS,EAAI,EACzBC,CACX,CAEE,WAAAroD,GAEEI,KAAK03C,QAAU,KAQf13C,KAAKkkD,cAAgB,KAMrBlkD,KAAKmkD,cAAgB,KAMrBnkD,KAAKokD,mBAAqB,KAE1BpkD,KAAKyuC,KAAO,KAEZzuC,KAAK2R,YAAc,KAEnB3R,KAAKyS,kBAAoB,KAMzBzS,KAAKkoD,MAAQ,IACjB,CAOE,IAAA7lD,CAAK8H,GACH,IAAI68C,EAAQ,EAGZ,GADAhnD,KAAK03C,QAAUvtC,EAAM68C,KACA,IAAjBhnD,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,4DAa7C,GARA13C,KAAKkkD,cAAgB/5C,EAAM68C,KAG3BhnD,KAAKmkD,cAAgBh6C,EAAM68C,KAG3BhnD,KAAKokD,mBAAqBj6C,EAAM68C,KAEX,IAAjBhnD,KAAK03C,QAAe,CAMtB,MAAMmO,EAAa17C,EAAM68C,KAGzBhnD,KAAKyuC,KAAOtkC,EAAMnB,SAASg+C,EAAOA,EAAQnB,GAC1CmB,GAASnB,EAGT7lD,KAAKyS,kBAAoBtI,EAAMnB,SAASg+C,EAAOA,EAAQ,IACvDA,GAAS,GACThnD,KAAK2R,YAAc,IAAI2xC,GAEvBtjD,KAAK2R,YAAYtP,KAAKrC,KAAKyS,kBACjC,MAEMzS,KAAK2R,YAAc,IAAI2xC,GACvBtjD,KAAK2R,YAAYtP,KAAK8H,EAAMnB,SAASg+C,EAAOA,EAAQ,IACpDA,GAAS,EAQX,OADAhnD,KAAKkoD,MAAQ/9C,EAAM68C,KACZhnD,IACX,CAME,KAAA+C,GACE,MAAMmjB,EAAM,CAAC,IAAIzkB,WAAW,CAC1BzB,KAAK03C,QACL13C,KAAKkkD,cACLlkD,KAAKmkD,cACLnkD,KAAKokD,sBAYP,OAVqB,IAAjBpkD,KAAK03C,QACPxxB,EAAIpjB,KACF,IAAIrB,WAAW,CAACzB,KAAKyuC,KAAK7sC,SAC1B5B,KAAKyuC,KACLzuC,KAAKyS,mBAGPyT,EAAIpjB,KAAK9C,KAAK2R,YAAY5O,SAE5BmjB,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKkoD,SACvBpxC,EAAKpV,iBAAiBwkB,EACjC,CAEE,gBAAAqhC,IAAoBY,GAClB,OAAOlC,GAAiB3jD,SAAY2hD,GAAgBhkD,UAAUsnD,iBAAiBltC,YAAYra,KAAKooD,iBAAkBD,IACtH,CAEE,YAAMznB,GACJ,MAAM0nB,QAAyBpoD,KAAKooD,iBACpC,IAAKA,GAAoBA,EAAiBxoD,YAAYme,MAAQtT,EAAMkE,OAAOE,UACzE,MAAUtN,MAAM,0CAElB,GACE6mD,EAAiBlE,gBAAkBlkD,KAAKkkD,eACxCkE,EAAiBjE,gBAAkBnkD,KAAKmkD,eACxCiE,EAAiBhE,qBAAuBpkD,KAAKokD,qBAC5CgE,EAAiBz2C,YAAY4xC,OAAOvjD,KAAK2R,cACxB,IAAjB3R,KAAK03C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjB13C,KAAK03C,SAA8C,IAA7B0Q,EAAiB1Q,SACtB,IAAjB13C,KAAK03C,UAAkB5gC,EAAKmE,iBAAiBmtC,EAAiB31C,kBAAmBzS,KAAKyS,oBACrE,IAAjBzS,KAAK03C,UAAkB5gC,EAAKmE,iBAAiBmtC,EAAiB3Z,KAAMzuC,KAAKyuC,MAE1E,MAAUltC,MAAM,2EAGlB,OADA6mD,EAAiB3qB,OAASz9B,KAAKy9B,OACxB2qB,EAAiB1nB,OAAOrmB,MAAM+tC,EAAkBje,UAC3D,EC5KO,SAASke,GAAiBtqC,EAAKuqC,GACpC,IAAKA,EAAevqC,GAAM,CAExB,IAAIwqC,EACJ,IACEA,EAAa99C,EAAMpI,KAAKoI,EAAMkE,OAAQoP,EACvC,CAAC,MAAO7Z,GACP,MAAM,IAAI4oC,GAAmB,iCAAiC/uB,EACpE,CACI,MAAUxc,MAAM,uCAAuCgnD,EAC3D,CACE,OAAO,IAAID,EAAevqC,EAC5B,CDmKA8pC,GAAuB5nD,UAAU0N,KAAOs2C,GAAgBhkD,UAAU0N,KAClEk6C,GAAuB5nD,UAAUi4C,OAAS+L,GAAgBhkD,UAAUi4C,OACpE2P,GAAuB5nD,UAAUonD,OAASpD,GAAgBhkD,UAAUonD,OC7JpE,MAAMmB,WAAmB7oD,MAWvB,uBAAa8oD,CAAWt+C,EAAOm+C,EAAgBp0C,EAASqD,GACtD,MAAMmxC,EAAU,IAAIF,GAEpB,aADME,EAAQrmD,KAAK8H,EAAOm+C,EAAgBp0C,GACnCw0C,CACX,CAUE,UAAMrmD,CAAK8H,EAAOm+C,EAAgBp0C,EAASqD,GACrCrD,EAAO4B,yBAAyBlU,SAClC0mD,EAAiB,IAAKA,KAAmBxxC,EAAK8G,wBAAwB1J,EAAO4B,4BAE/E9V,KAAKgB,OAAS4gB,EAAqBzX,GAAO7H,MAAO4C,EAAUC,KACzD,MAAMxE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,OACLxE,EAAOgF,MAyCb,SAxCmBqmC,GAAY9mC,GAAU5C,UACvC,IACE,GAAIqmD,EAAO5qC,MAAQtT,EAAMkE,OAAOS,QAAUu5C,EAAO5qC,MAAQtT,EAAMkE,OAAOW,OAASq5C,EAAO5qC,MAAQtT,EAAMkE,OAAOkB,QAKzG,OAEF,MAAMlB,EAAS05C,GAAiBM,EAAO5qC,IAAKuqC,GAC5C35C,EAAO+5C,QAAU,IAAIF,GACrB75C,EAAOi6C,WAAa9xC,EAAK7V,SAAS0nD,EAAOh6C,cACnCA,EAAOtM,KAAKsmD,EAAOh6C,OAAQuF,SAC3BvT,EAAOoC,MAAM4L,EACpB,CAAC,MAAOzK,GAIP,GAAIA,aAAa4oC,GAAoB,CACnC,KAAI6b,EAAO5qC,KAAO,IAGhB,aAFMpd,EAAOuC,MAAMgB,EAIrC,CAEc,MAAM2kD,GAAyB30C,EAAO0B,0BAA4B1R,aAAa0oC,GACzEkc,IAAuB50C,EAAO2B,wBAA4B3R,aAAa0oC,IAC7E,GAAIic,GAAyBC,GAAuB/c,GAAkB4c,EAAO5qC,WAIrEpd,EAAOuC,MAAMgB,OACd,CACL,MAAM6kD,EAAiB,IAAIhc,GAAkB4b,EAAO5qC,IAAK4qC,EAAOh6C,cAC1DhO,EAAOoC,MAAMgmD,EACnC,CACcjyC,EAAKyE,gBAAgBrX,EACnC,KAKY,aAFMvD,EAAOgF,iBACPhF,EAAOsC,OAGzB,CACO,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EAC3B,KAII,MAAMR,EAASme,EAAiB7hB,KAAKgB,QACrC,OAAa,CACX,MAAMwB,KAAEA,EAAID,MAAEA,SAAgBmB,EAAOrB,OAMrC,GALKG,EAGHxC,KAAKgB,OAAS,KAFdhB,KAAK8C,KAAKP,GAIRC,GAAQupC,GAAkBxpC,EAAM3C,YAAYme,KAC9C,KAER,CACIra,EAAO7C,aACX,CAOE,KAAAkC,GACE,MAAMmjB,EAAM,GAEZ,IAAK,IAAIpkB,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAAK,CACpC,MAAMic,EAAM/d,KAAK8B,aAAcirC,GAAoB/sC,KAAK8B,GAAGic,IAAM/d,KAAK8B,GAAGlC,YAAYme,IAC/EirC,EAAchpD,KAAK8B,GAAGiB,QAC5B,GAAI+T,EAAK7V,SAAS+nD,IAAgBjd,GAAkB/rC,KAAK8B,GAAGlC,YAAYme,KAAM,CAC5E,IAAIzU,EAAS,GACTU,EAAe,EACnB,MAAMi/C,EAAY,IAClB/iC,EAAIpjB,KAAK8oC,GAAS7tB,IAClBmI,EAAIpjB,KAAKiX,EAAiBivC,GAAazmD,IAGrC,GAFA+G,EAAOxG,KAAKP,GACZyH,GAAgBzH,EAAMX,OAClBoI,GAAgBi/C,EAAW,CAC7B,MAAMC,EAAWzgD,KAAKsd,IAAItd,KAAK6S,IAAItR,GAAgBvB,KAAK0gD,IAAM,EAAG,IAC3DC,EAAY,GAAKF,EACjBj/C,EAAe6M,EAAKtS,OAAO,CAACknC,GAAmBwd,IAAW1kD,OAAO8E,IAGvE,OAFAA,EAAS,CAACW,EAAajB,SAAS,EAAIogD,IACpCp/C,EAAeV,EAAO,GAAG1H,OAClBqI,EAAajB,SAAS,EAAG,EAAIogD,EAChD,KACW,IAAMtyC,EAAKtS,OAAO,CAACinC,GAAkBzhC,IAAexF,OAAO8E,MACtE,KAAa,CACL,GAAIwN,EAAK7V,SAAS+nD,GAAc,CAC9B,IAAIpnD,EAAS,EACbskB,EAAIpjB,KAAKiX,EAAiB6sC,EAAaoC,IAAczmD,IACnDX,GAAUW,EAAMX,MAAM,IACrB,IAAMkqC,GAAY/tB,EAAKnc,KACpC,MACUskB,EAAIpjB,KAAKgpC,GAAY/tB,EAAKirC,EAAYpnD,SAExCskB,EAAIpjB,KAAKkmD,EACjB,CACA,CAEI,OAAOlyC,EAAKtS,OAAO0hB,EACvB,CAOE,WAAAmjC,IAAeC,GACb,MAAMC,EAAW,IAAIf,GAEfgB,EAASzrC,GAAOwqC,GAAcxqC,IAAQwqC,EAE5C,IAAK,IAAIzmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BwnD,EAAK5kD,KAAK8kD,EAAOxpD,KAAK8B,GAAGlC,YAAYme,OACvCwrC,EAASzmD,KAAK9C,KAAK8B,IAIvB,OAAOynD,CACX,CAOE,UAAAE,CAAW1rC,GACT,OAAO/d,KAAK0pD,MAAK/6C,GAAUA,EAAO/O,YAAYme,MAAQA,GAC1D,CAOE,UAAA4rC,IAAcL,GACZ,MAAMM,EAAW,GACXC,EAAO7pD,KAEPwpD,EAASzrC,GAAOwqC,GAAcxqC,IAAQwqC,EAE5C,IAAK,IAAIzmD,EAAI,EAAGA,EAAI9B,KAAK4B,OAAQE,IAC3BwnD,EAAK5kD,KAAK8kD,EAAOK,EAAK/nD,GAAGlC,YAAYme,OACvC6rC,EAAS9mD,KAAKhB,GAGlB,OAAO8nD,CACX,EC1MA,MAAMtB,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAmF,GACA5D,KAWF,MAAM6F,GACJ,cAAW/rC,GACT,OAAOtT,EAAMkE,OAAOO,cACxB,CAKE,WAAAtP,CAAYsU,EAASqD,GAKnBvX,KAAK0oD,QAAU,KAKf1oD,KAAK01C,UAAYxhC,EAAOG,8BAMxBrU,KAAK+pD,WAAa,IACtB,CAOE,UAAM1nD,CAAK8H,EAAO+J,EAASqD,SACnB4rC,EAAah5C,GAAO7H,UAGxBtC,KAAK01C,gBAAkBhyC,EAAOkG,WAG9B5J,KAAK+pD,WAAarmD,EAAOgE,kBAEnB1H,KAAKgqD,WAAW91C,EAAO,GAEnC,CAOE,KAAAnR,GAKE,OAJwB,OAApB/C,KAAK+pD,YACP/pD,KAAKiqD,WAGAnzC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK01C,YAAa11C,KAAK+pD,YAC/D,CAQE,gBAAMC,CAAW91C,EAASqD,GACxB,MAAM2yC,EAAkBz/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK01C,WACrDyU,EAAkBC,GAAeF,GACvC,IAAKC,EACH,MAAU5oD,MAAS2oD,EAAH,gCAGlBlqD,KAAK0oD,cAAgBF,GAAWC,iBAAiB0B,EAAgBnqD,KAAK+pD,YAAazB,GAAgBp0C,EACvG,CAKE,QAAA+1C,GACE,MAAMC,EAAkBz/C,EAAMpI,KAAKoI,EAAM6C,YAAatN,KAAK01C,WACrD2U,EAAgBC,GAAaJ,GACnC,IAAKG,EACH,MAAU9oD,MAAS2oD,EAAH,8BAGlBlqD,KAAK+pD,WAAaM,EAAcrqD,KAAK0oD,QAAQ3lD,QACjD,EAiBA,SAAS0K,GAAK88C,EAA+BC,GAC3C,OAAO3jD,IACL,IAAKiQ,EAAK7V,SAAS4F,IAASmb,EAAqBnb,GAC/C,OAAOo/C,GAAiB,IAAMhkC,EAAiBpb,GAAMhE,MAAK4nD,GACjD,IAAIvqD,SAAQ,CAACC,EAASC,KAC3B,MAAMsqD,EAAa,IAAIF,EACvBE,EAAWjK,OAASkK,IAClBxqD,EAAQwqD,EAAc,EAExB,IACED,EAAW5nD,KAAK2nD,GAAW,EAC5B,CAAC,MAAOp0B,GACPj2B,EAAOi2B,EACnB,SAMI,GAAIk0B,EACF,IACE,MAAMK,EAA2BL,IACjC,OAAO1jD,EAAKgkD,YAAYD,EACzB,CAAC,MAAOv0B,GAEP,GAAiB,cAAbA,EAAIpuB,KACN,MAAMouB,CAEhB,CAII,MAAMy0B,EAAcjkD,EAAKrG,YACnBkqD,EAAa,IAAIF,EAEvB,OAAO,IAAIrpD,eAAe,CACxB,WAAMiD,CAAMC,GAQV,IAPAqmD,EAAWjK,OAASn+C,MAAOC,EAAOylD,KAChC3jD,EAAWC,QAAQ/B,GACfylD,GACF3jD,EAAWpB,OACvB,IAGqB,CACX,MAAMT,KAAEA,EAAID,MAAEA,SAAgBuoD,EAAYzoD,OAC1C,GAAIG,EAEF,YADAkoD,EAAW5nD,KAAK,IAAIrB,YAAc,GAEzBc,EAAMX,QACf8oD,EAAW5nD,KAAKP,EAE5B,CACA,GACM,CAEN,CAEA,SAASwoD,KACP,OAAOzoD,eAAeuE,GACpB,MAAQiU,OAAQkwC,SAAuB9qD,QAA4BC,UAAA0C,MAAA,WAAA,OAAAqa,EAAA,IACnE,OAAO+oC,GAAiB3jD,SAAY0oD,QAAmB/oC,EAAiBpb,KACzE,CACH,CASA,MAAMokD,GAAoCC,IAAsB,CAC9DC,WAAyC,oBAAtBC,mBAAsC,KAAM,IAAIA,kBAAkBF,IACrFG,aAA6C,oBAAxBC,qBAAwC,KAAM,IAAIA,oBAAoBJ,MAGvFZ,GAAe,CACnB98C,iBAAmBC,GAAKw9C,GAAkC,eAAeE,WAAY5K,IACrF9yC,kBAAoBA,GAAKw9C,GAAkC,WAAWE,WAAYhJ,KAG9EiI,GAAiB,CACrB78C,aAAc1G,GAAQA,EACtB2G,iBAAmBC,GAAKw9C,GAAkC,eAAeI,aAAc3K,IACvFjzC,kBAAoBA,GAAKw9C,GAAkC,WAAWI,aAAc7I,IACpF90C,mBAAqBq9C,MCvMjBzC,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAaF,MAAMsH,GACJ,cAAWxtC,GACT,OAAOtT,EAAMkE,OAAOe,kCACxB,CAEE,iBAAO+lC,EAAWiC,QAAEA,EAAO8T,cAAEA,IAC3B,GAAgB,IAAZ9T,GAA6B,IAAZA,EACnB,MAAUn2C,MAAM,6BAGlB,MAAMkqD,EAAO,IAAIF,GAMjB,OALAE,EAAK/T,QAAUA,EACC,IAAZA,IACF+T,EAAKD,cAAgBA,GAGhBC,CACX,CAEE,WAAA7rD,GACEI,KAAK03C,QAAU,KAIf13C,KAAK0rD,gBAAkB,KAEvB1rD,KAAKwrD,cAAgB,KACrBxrD,KAAK2rD,cAAgB,KACrB3rD,KAAKyuC,KAAO,KAEZzuC,KAAK4rD,UAAY,KACjB5rD,KAAK0oD,QAAU,IACnB,CAEE,UAAMrmD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UAGxB,GAFAtC,KAAK03C,cAAgBh0C,EAAOkG,WAEP,IAAjB5J,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,8CAGxB,IAAjB13C,KAAK03C,UAEP13C,KAAK0rD,sBAAwBhoD,EAAOkG,WAEpC5J,KAAKwrD,oBAAsB9nD,EAAOkG,WAElC5J,KAAK2rD,oBAAsBjoD,EAAOkG,WAElC5J,KAAKyuC,WAAa/qC,EAAOqG,UAAU,KAUrC/J,KAAK4rD,UAAYloD,EAAOgE,WAAW,GAEzC,CAEE,KAAA3E,GACE,OAAqB,IAAjB/C,KAAK03C,QACA5gC,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,QAAS13C,KAAK0rD,gBAAiB1rD,KAAKwrD,cAAexrD,KAAK2rD,gBAAiB3rD,KAAKyuC,KAAMzuC,KAAK4rD,YAE7H90C,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,UAAW13C,KAAK4rD,WAC7D,CAWE,aAAM79B,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAM/C,MAAM0L,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgB8oC,GACtD,GAAIl7C,EAAI/O,SAAWohB,EACjB,MAAUzhB,MAAM,+BAGlB,IAAI4I,EAAQnK,KAAK0oD,QAAQ3lD,QAGzB,GAFIif,EAAqB7X,KAAQA,QAAc8X,EAAiB9X,IAE3C,IAAjBnK,KAAK03C,QACP13C,KAAK0rD,gBAAkBG,EAEvB7rD,KAAKyuC,KAAOtyB,GAAOw6B,OAAO/a,eAAe,IACzC57B,KAAK2rD,cAAgBz3C,EAAOO,kBAC5BzU,KAAK4rD,gBAAkBE,GAAQ9rD,KAAM,UAAW2Q,EAAKxG,OAChD,CACL,MAAMgP,QAAegD,GAAO4vC,gBAAgBF,GACtCG,EAAM,IAAIvqD,WAAW,CAAC,IAAM,KAE5BwqD,EAASn1C,EAAKtS,OAAO,CAAC2U,EAAQhP,EAAO6hD,IACrCr+C,QAAawO,GAAOxO,KAAKE,KAAK0U,EAAoB0pC,IAClD58B,EAAYvY,EAAKtS,OAAO,CAACynD,EAAQt+C,IAEvC3N,KAAK4rD,gBAAkBzvC,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAK0e,EAAW,IAAI5tB,WAAWwhB,GAAY/O,EACrH,CACI,OAAO,CACX,CAWE,aAAMma,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAM/C,GAAI5G,EAAI/O,SAAWua,GAAO4G,gBAAgB8oC,GAAqB7oC,QAC7D,MAAUzhB,MAAM,+BAGlB,IAGIynD,EAHA4C,EAAYhF,EAAa5mD,KAAK4rD,WAIlC,GAHI5pC,EAAqB4pC,KAAYA,QAAkB3pC,EAAiB2pC,IAGnD,IAAjB5rD,KAAK03C,QAAe,CACtB,GAAI13C,KAAK0rD,kBAAoBG,EAE3B,MAAUtqD,MAAM,oCAElBynD,QAAoB8C,GAAQ9rD,KAAM,UAAW2Q,EAAKi7C,EACxD,KAAW,CACL,MAAM3oC,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GACvCK,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQw9B,EAAqBl7C,EAAKi7C,EAAW,IAAInqD,WAAWwhB,IAI9FkpC,EAAWxF,EAAapkC,EAAoB2pC,IAAa,IACzDD,EAAStF,EAAauF,EAAW,GAAI,IACrCE,EAAalsD,QAAQ4E,IAAI,CAC7Bmd,QAAuB9F,GAAOxO,KAAKE,KAAK0U,EAAoB0pC,KAC5DhqC,EAAiBkqC,KAChBtpD,MAAK,EAAE8K,EAAMq+C,MACd,IAAKl1C,EAAKmE,iBAAiBtN,EAAMq+C,GAC/B,MAAUzqD,MAAM,0BAElB,OAAO,IAAIE,UAAY,IAEnB0I,EAAQw8C,EAAasF,EAAQhpC,EAAY,GAC/C+lC,EAAcrC,EAAax8C,EAAO,GAAI,GACtC6+C,EAAcjuC,EAAc,CAACiuC,EAAa/C,GAAiB,IAAMmG,MAC5Dt1C,EAAK7V,SAAS2qD,IAAe13C,EAAOiB,6BACvC6zC,QAAoB/mC,EAAiB+mC,GAE7C,CAGI,OADAhpD,KAAK0oD,cAAgBF,GAAWC,WAAWO,EAAaV,GAAgBp0C,IACjE,CACX,EAaO5R,eAAewpD,GAAQn9C,EAAQ1H,EAAI0J,EAAK9J,GAC7C,MAAMwlD,EAAY19C,aAAkB48C,IAA+D,IAAnB58C,EAAO+oC,QACjF4U,GAAWD,GAAa19C,EAAO/O,YAAYme,MAAQtT,EAAMkE,OAAOiB,kBACtE,IAAKy8C,IAAcC,EAAS,MAAU/qD,MAAM,0BAE5C,MAAMiyB,EAAOrX,GAAOowC,YAAY59C,EAAO68C,eACjCgB,EAA+B,YAAPvlD,EAAmBusB,EAAKvC,UAAY,EAC5Dw7B,EAA+B,YAAPxlD,EAAmBusB,EAAKvC,UAAY,EAC5Dm4B,EAAY,IAAMz6C,EAAOg9C,cAAgB,GAAKa,EAC9CE,EAAyBJ,EAAU,EAAI,EACvCK,EAAc,IAAIhsC,YAAY,GAAK+rC,GACnCE,EAAa,IAAInrD,WAAWkrD,EAAa,EAAG,EAAID,GAChDG,EAAgB,IAAIprD,WAAWkrD,GAC/BG,EAAY,IAAIlsC,SAAS+rC,GACzBI,EAAkB,IAAItrD,WAAWkrD,EAAa,EAAG,GACvDC,EAAWzqD,IAAI,CAAC,IAAOwM,EAAO/O,YAAYme,IAAKpP,EAAO+oC,QAAS/oC,EAAO+8C,gBAAiB/8C,EAAO68C,cAAe78C,EAAOg9C,eAAgB,GACpI,IAIIn8B,EACAw9B,EALAt1B,EAAa,EACbu1B,EAAgB/sD,QAAQC,UACxB+sD,EAAe,EACfC,EAAc,EAGlB,GAAId,EAAW,CACb,MAAMrpC,QAAEA,GAAY7G,GAAO4G,gBAAgBpU,EAAO+8C,kBAC5Cn1B,SAAEA,GAAa/C,EACfkb,EAAO,IAAIjtC,WAAWkrD,EAAa,EAAG,GACtCS,QAAgB7e,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAKhC,EAAO8/B,KAAMC,EAAM1rB,EAAUuT,GACvF5lB,EAAMy8C,EAAQpkD,SAAS,EAAGga,GAC1BwM,EAAK49B,EAAQpkD,SAASga,GACtBwM,EAAG/H,KAAK,EAAG+H,EAAG5tB,OAAS,GACvBorD,EAAS,IAAIpsC,SAAS4O,EAAGlmB,OAAQkmB,EAAGnlB,WAAYmlB,EAAGllB,WACvD,MACIklB,EAAK7gB,EAAO6gB,GAGd,MAAM69B,QAAqB75B,EAAK7kB,EAAO+8C,gBAAiB/6C,GACxD,OAAOiR,EAAqB/a,GAAMvE,MAAO4C,EAAUC,KACjD,GAAgC,UAA5B2R,EAAK7V,SAASiE,GAAuB,CACvC,MAAMoE,EAAS,IAAItD,gBAAgB,GAAI,CACrCQ,cAAesQ,EAAK4F,yBAA2B,IAAM/N,EAAOg9C,cAAgB,GAC5E2B,KAAMvxC,GAASA,EAAMna,SAEvB2rD,EAAYjkD,EAAOpE,SAAUC,GAC7BA,EAAWmE,EAAOnE,QACxB,CACI,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,OAAa,CACX,IAAInC,QAAcU,EAAOqG,UAAUq/C,EAAYoD,IAA0B,IAAI/qD,WAC7E,MAAM+rD,EAAaxqD,EAAMgG,SAAShG,EAAMpB,OAAS4qD,GAEjD,IAAIiB,EACAjrD,EACAisB,EACJ,GAJAzrB,EAAQA,EAAMgG,SAAS,EAAGhG,EAAMpB,OAAS4qD,GAIrCH,EACF59B,EAAQe,MACH,CACLf,EAAQe,EAAG7sB,QACX,IAAK,IAAIb,EAAI,EAAGA,EAAI,EAAGA,IACrB2sB,EAAMe,EAAG5tB,OAAS,EAAIE,IAAMirD,EAAgBjrD,EAExD,CA0BQ,IAzBK41B,GAAc10B,EAAMpB,QACvB8B,EAAOiG,QAAQ6jD,GACfC,EAAiBJ,EAAapmD,GAAIjE,EAAOyrB,EAAOm+B,GAChDa,EAAeptD,OAAM,SACrB8sD,GAAenqD,EAAMpB,OAAS4qD,EAAwBC,IAKtDK,EAAUY,SAAS,EAAIhB,EAAyB,EAAGQ,GACnDO,EAAiBJ,EAAapmD,GAAIumD,EAAY/+B,EAAOo+B,GACrDY,EAAeptD,OAAM,SACrB8sD,GAAeV,EACfjqD,GAAO,GAET0qD,GAAgBlqD,EAAMpB,OAAS4qD,EAE/BS,EAAgBA,EAAcpqD,MAAK,IAAM4qD,IAAgB5qD,MAAKP,gBACtD3B,EAAOgF,YACPhF,EAAOoC,MAAMo2B,GACnBg0B,GAAeh0B,EAAQv3B,MAAM,IAC5BvB,OAAMg2B,GAAO11B,EAAOuC,MAAMmzB,MACzB7zB,GAAQ2qD,EAAcxsD,EAAOgtD,oBACzBV,EAEHzqD,EAME,OACC7B,EAAOsC,QACb,KACV,CARcopD,EACFW,EAAOU,SAASl+B,EAAG5tB,OAAS,IAAK81B,GAEjCo1B,EAAUY,SAAS,IAASh2B,EAMxC,CACK,CAAC,MAAOxzB,SACDvD,EAAOgF,MAAMtF,OAAM,eACnBM,EAAOuC,MAAMgB,EACzB,IAEA,CC/SA,MAAMokD,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAYF,MAAM2J,GACJ,cAAW7vC,GACT,OAAOtT,EAAMkE,OAAOiB,iBACxB,CAEE,WAAAhQ,GACEI,KAAK03C,QAfO,EAiBZ13C,KAAK0rD,gBAAkB,KAEvB1rD,KAAKwrD,cAAgB/gD,EAAM6D,KAAKC,IAChCvO,KAAK2rD,cAAgB,KACrB3rD,KAAKwvB,GAAK,KACVxvB,KAAK4rD,UAAY,KACjB5rD,KAAK0oD,QAAU,IACnB,CAOE,UAAMrmD,CAAK8H,SACHg5C,EAAah5C,GAAO7H,UACxB,MAAMo1C,QAAgBh0C,EAAOkG,WAC7B,GAlCU,IAkCN8tC,EACF,MAAM,IAAI9K,GAAiB,WAAW8K,yDAExC13C,KAAK0rD,sBAAwBhoD,EAAOkG,WACpC5J,KAAKwrD,oBAAsB9nD,EAAOkG,WAClC5J,KAAK2rD,oBAAsBjoD,EAAOkG,WAElC,MAAM4pB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eACrCxrD,KAAKwvB,SAAW9rB,EAAOqG,UAAUypB,EAAK+C,UACtCv2B,KAAK4rD,UAAYloD,EAAOgE,WAAW,GAEzC,CAME,KAAA3E,GACE,OAAO+T,EAAKtS,OAAO,CAAC,IAAI/C,WAAW,CAACzB,KAAK03C,QAAS13C,KAAK0rD,gBAAiB1rD,KAAKwrD,cAAexrD,KAAK2rD,gBAAiB3rD,KAAKwvB,GAAIxvB,KAAK4rD,WACpI,CAUE,aAAMv9B,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAC/CvX,KAAK0oD,cAAgBF,GAAWC,iBACxBqD,GAAQ9rD,KAAM,UAAW2Q,EAAKi2C,EAAa5mD,KAAK4rD,YACtDtD,GACAp0C,EAEN,CAUE,aAAM6Z,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAC/CvX,KAAK0rD,gBAAkBG,EAEvB,MAAMt1B,SAAEA,GAAapa,GAAOowC,YAAYvsD,KAAKwrD,eAC7CxrD,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAerF,GACvCv2B,KAAK2rD,cAAgBz3C,EAAOO,kBAC5B,MAAM5N,EAAO7G,KAAK0oD,QAAQ3lD,QAC1B/C,KAAK4rD,gBAAkBE,GAAQ9rD,KAAM,UAAW2Q,EAAK9J,EACzD,ECvFA,MAAMgnD,GACJ,cAAW9vC,GACT,OAAOtT,EAAMkE,OAAOC,4BACxB,CAEE,WAAAhP,GACEI,KAAK03C,QAAU,KAGf13C,KAAK8tD,YAAc,IAAIxK,GAGvBtjD,KAAK+tD,iBAAmB,KACxB/tD,KAAKguD,qBAAuB,KAG5BhuD,KAAKokD,mBAAqB,KAE1BpkD,KAAKiuD,WAAa,KAKlBjuD,KAAK6rD,oBAAsB,KAG3B7rD,KAAK4rD,UAAY,CAAE,CACvB,CAEE,iBAAOnW,EAAWiC,QAChBA,EAAOwW,oBAAEA,EAAmBC,mBAAEA,EAAkBF,WAAEA,EAAUpC,oBAAEA,IAE9D,MAAMuC,EAAQ,IAAIP,GAElB,GAAgB,IAAZnW,GAA6B,IAAZA,EACnB,MAAUn2C,MAAM,6BAelB,OAZA6sD,EAAM1W,QAAUA,EAEA,IAAZA,IACF0W,EAAML,iBAAmBI,EAAqB,KAAOD,EAAoBxW,QACzE0W,EAAMJ,qBAAuBG,EAAqB,KAAOD,EAAoB9H,uBAG/EgI,EAAMN,YAAcK,EAAqB7K,GAAMQ,WAAaoK,EAAoB7H,WAChF+H,EAAMhK,mBAAqB8J,EAAoBxY,UAC/C0Y,EAAMH,WAAaA,EACnBG,EAAMvC,oBAAsBA,EAErBuC,CACX,CAOE,IAAA/rD,CAAK8H,GACH,IAAIyO,EAAS,EAEb,GADA5Y,KAAK03C,QAAUvtC,EAAMyO,KACA,IAAjB5Y,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAC7B,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,+CAE7C,GAAqB,IAAjB13C,KAAK03C,QAAe,CAKtB,MAAM2W,EAA8BlkD,EAAMyO,KAC1C,GAAIy1C,EAA6B,CAC/BruD,KAAK+tD,iBAAmB5jD,EAAMyO,KAC9B,MAAM01C,EAAoBD,EAA8B,EACxDruD,KAAKguD,qBAAuB7jD,EAAMnB,SAAS4P,EAAQA,EAAS01C,GAAoB11C,GAAU01C,EACtFtuD,KAAK+tD,kBAAoB,EAE3B/tD,KAAK8tD,YAAYzrD,KAAKrC,KAAKguD,sBAG3BhuD,KAAK8tD,YAAYzrD,KAAKrC,KAAKguD,qBAAqBhlD,UAAU,GAEpE,MAGQhJ,KAAK8tD,YAAcxK,GAAMQ,UAEjC,MACMlrC,GAAU5Y,KAAK8tD,YAAYzrD,KAAK8H,EAAMnB,SAAS4P,EAAQA,EAAS,IAIlE,GAFA5Y,KAAKokD,mBAAqBj6C,EAAMyO,KAChC5Y,KAAK4rD,UAAYzvC,GAAOoyC,yBAAyBvuD,KAAKokD,mBAAoBj6C,EAAMnB,SAAS4P,IACrF5Y,KAAKokD,qBAAuB35C,EAAMsB,UAAUW,QAAU1M,KAAKokD,qBAAuB35C,EAAMsB,UAAUY,KACpG,GAAqB,IAAjB3M,KAAK03C,QACP13C,KAAK6rD,oBAAsBphD,EAAM1H,MAAM0H,EAAMoC,UAAW7M,KAAK4rD,UAAUtX,EAAEoB,gBACpE,GAAmC,OAA/B11C,KAAK4rD,UAAUtX,EAAEoB,UAC1B,MAAUn0C,MAAM,2CAGxB,CAOE,KAAAwB,GACE,MAAMmjB,EAAM,CACV,IAAIzkB,WAAW,CAACzB,KAAK03C,WAsBvB,OAnBqB,IAAjB13C,KAAK03C,QAC2B,OAA9B13C,KAAKguD,sBACP9nC,EAAIpjB,KAAK,IAAIrB,WAAW,CACtBzB,KAAKguD,qBAAqBpsD,OAAS,EACnC5B,KAAK+tD,oBAEP7nC,EAAIpjB,KAAK9C,KAAKguD,uBAEd9nC,EAAIpjB,KAAK,IAAIrB,WAAW,CAAC,KAG3BykB,EAAIpjB,KAAK9C,KAAK8tD,YAAY/qD,SAG5BmjB,EAAIpjB,KACF,IAAIrB,WAAW,CAACzB,KAAKokD,qBACrBjoC,GAAO+pC,gBAAgBlmD,KAAKokD,mBAAoBpkD,KAAK4rD,YAGhD90C,EAAKpV,iBAAiBwkB,EACjC,CAQE,aAAM6H,CAAQpd,GACZ,MAAM8R,EAAOhY,EAAM1H,MAAM0H,EAAMsB,UAAW/L,KAAKokD,oBAGzCyH,EAAuC,IAAjB7rD,KAAK03C,QAAgB13C,KAAK6rD,oBAAsB,KACtE7Y,EAA8B,IAAhBriC,EAAI+mC,QAAgB/mC,EAAIy1C,sBAAsBp9C,SAAS,EAAG,IAAM2H,EAAIy1C,sBAClFtnC,EAAU0vC,GAAiBxuD,KAAK03C,QAASj1B,EAAMopC,EAAqB7rD,KAAKiuD,YAC/EjuD,KAAK4rD,gBAAkBzvC,GAAOsyC,iBAC5BhsC,EAAMopC,EAAqBl7C,EAAIykC,aAAct2B,EAASk0B,EAC5D,CAUE,aAAM3kB,CAAQ1d,EAAK+9C,GAEjB,GAAI1uD,KAAKokD,qBAAuBzzC,EAAI+kC,UAClC,MAAUn0C,MAAM,oBAGlB,MAAM47B,EAAgBuxB,EACpBF,GAAiBxuD,KAAK03C,QAAS13C,KAAKokD,mBAAoBsK,EAAiB7C,oBAAqB6C,EAAiBT,YAC/G,KACIjb,EAA8B,IAAhBriC,EAAI+mC,QAAgB/mC,EAAIy1C,sBAAsBp9C,SAAS,EAAG,IAAM2H,EAAIy1C,sBAClFuI,QAAsBxyC,GAAOyyC,iBAAiB5uD,KAAKokD,mBAAoBzzC,EAAIykC,aAAczkC,EAAIolC,cAAe/1C,KAAK4rD,UAAW5Y,EAAa7V,IAEzI8wB,WAAEA,EAAUpC,oBAAEA,GAuCxB,SAA0BnU,EAAStB,EAASuY,EAAeD,GACzD,OAAQtY,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAAM,CAEzB,MAAMtK,EAAS4sD,EAAc3lD,SAAS,EAAG2lD,EAAc/sD,OAAS,GAC1Dg3B,EAAW+1B,EAAc3lD,SAAS2lD,EAAc/sD,OAAS,GACzDitD,EAAmB/3C,EAAKsE,cAAcrZ,EAAOiH,SAASjH,EAAOH,OAAS,IACtEktD,EAAkBD,EAAiB,KAAOj2B,EAAS,GAAKi2B,EAAiB,KAAOj2B,EAAS,GACzFm2B,EAAkC,IAAZrX,EAC1B,CAAEmU,oBAAqB,KAAMoC,WAAYlsD,GACzC,CAAE8pD,oBAAqB9pD,EAAO,GAAIksD,WAAYlsD,EAAOiH,SAAS,IAChE,GAAI0lD,EAAkB,CAGpB,MAAMM,EAAiBF,EACrBC,EAAoBlD,sBAAwB6C,EAAiB7C,oBAC7DkD,EAAoBd,WAAWrsD,SAAW8sD,EAAiBT,WAAWrsD,OACxE,MAAO,CACLqsD,WAAYn3C,EAAKsH,iBAAiB4wC,EAAgBD,EAAoBd,WAAYS,EAAiBT,YACnGpC,oBAAiC,IAAZnU,EAAgB,KAAO5gC,EAAKyH,YAC/CywC,EACAD,EAAoBlD,oBACpB6C,EAAiB7C,qBAG7B,CAGQ,GAFuBiD,IACT,IAAZpX,GAAiBjtC,EAAMpI,KAAKoI,EAAMoC,UAAWkiD,EAAoBlD,sBAEjE,OAAOkD,EAEP,MAAUxtD,MAAM,mBAG1B,CACI,KAAKkJ,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,MAAO,CACLk/C,oBAAqB,KACrBoC,WAAYU,GAEhB,QACE,MAAUptD,MAAM,oCAEtB,CAtFgD0tD,CAAiBjvD,KAAK03C,QAAS13C,KAAKokD,mBAAoBuK,EAAeD,GAEnH,GAAqB,IAAjB1uD,KAAK03C,QAAe,CAEtB,MAAMwX,EAAmBlvD,KAAKokD,qBAAuB35C,EAAMsB,UAAUW,QAAU1M,KAAKokD,qBAAuB35C,EAAMsB,UAAUY,KAG3H,GAFA3M,KAAK6rD,oBAAsBqD,EAAmBrD,EAAsB7rD,KAAK6rD,oBAErEoC,EAAWrsD,SAAWua,GAAO4G,gBAAgB/iB,KAAK6rD,qBAAqB7oC,QACzE,MAAUzhB,MAAM,8BAExB,CACIvB,KAAKiuD,WAAaA,CACtB,EAMA,SAASO,GAAiB9W,EAAStB,EAAS33B,EAAY0wC,GACtD,OAAQ/Y,GACN,KAAK3rC,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KAEnB,OAAOyK,EAAKpV,iBAAiB,CAC3B,IAAID,WAAuB,IAAZi2C,EAAgB,GAAK,CAACj5B,IACrC0wC,EACAr4C,EAAKsE,cAAc+zC,EAAenmD,SAASmmD,EAAevtD,OAAS,MAEvE,KAAK6I,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,OAAOwiD,EACT,QACE,MAAU5tD,MAAM,oCAEtB,CC9MA,MAAM6tD,GACJ,cAAWrxC,GACT,OAAOtT,EAAMkE,OAAOG,sBACxB,CAKE,WAAAlP,CAAYsU,EAASqD,GACnBvX,KAAK03C,QAAUxjC,EAAOI,YAAc,EAAI,EACxCtU,KAAKiuD,WAAa,KAKlBjuD,KAAKqvD,8BAAgC,KAKrCrvD,KAAK6rD,oBAAsB,KAK3B7rD,KAAKwrD,cAAgB/gD,EAAM1H,MAAM0H,EAAM6D,KAAM4F,EAAOM,wBACpDxU,KAAK4rD,UAAY,KACjB5rD,KAAKyL,IAAM,KACXzL,KAAKwvB,GAAK,IACd,CAOE,IAAAntB,CAAK8H,GACH,IAAIyO,EAAS,EAIb,GADA5Y,KAAK03C,QAAUvtC,EAAMyO,KACA,IAAjB5Y,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QACnD,MAAM,IAAI9K,GAAiB,WAAW5sC,KAAK03C,+CAGxB,IAAjB13C,KAAK03C,SAEP9+B,IAIF,MAAM6J,EAAOtY,EAAMyO,KAEf5Y,KAAK03C,SAAW,IAElB13C,KAAKwrD,cAAgBrhD,EAAMyO,KAEN,IAAjB5Y,KAAK03C,SAEP9+B,KAKJ,MAAMhE,EAAUzK,EAAMyO,KAItB,GAHA5Y,KAAKyL,IAAM4sC,GAAezjC,GAC1BgE,GAAU5Y,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAAS4P,EAAQzO,EAAMvI,SAEjD5B,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eAIrCxrD,KAAKwvB,GAAKrlB,EAAMnB,SAAS4P,EAAQA,GAAU4a,EAAK+C,SACtD,CAIQv2B,KAAK03C,SAAW,GAAK9+B,EAASzO,EAAMvI,QACtC5B,KAAK4rD,UAAYzhD,EAAMnB,SAAS4P,EAAQzO,EAAMvI,QAC9C5B,KAAKqvD,8BAAgC5sC,GAErCziB,KAAK6rD,oBAAsBppC,CAEjC,CAOE,KAAA1f,GACE,MAAM0f,EAA0B,OAAnBziB,KAAK4rD,UAChB5rD,KAAK6rD,oBACL7rD,KAAKqvD,8BAEP,IAAIllD,EAEJ,MAAMsB,EAAMzL,KAAKyL,IAAI1I,QACrB,GAAqB,IAAjB/C,KAAK03C,QAAe,CACtB,MAAM4X,EAAS7jD,EAAI7J,OACb2tD,EAAY,EAAID,EAAStvD,KAAKwvB,GAAG5tB,OACvCuI,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAAS6X,EAAW9sC,EAAMziB,KAAKwrD,cAAe8D,IAAU7jD,EAAKzL,KAAKwvB,GAAIxvB,KAAK4rD,WACrI,MAAgC,IAAjB5rD,KAAK03C,QACdvtC,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAASj1B,EAAMziB,KAAKwrD,gBAAiB//C,EAAKzL,KAAKwvB,GAAIxvB,KAAK4rD,aAE5GzhD,EAAQ2M,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACzB,KAAK03C,QAASj1B,IAAQhX,IAE9C,OAAnBzL,KAAK4rD,YACPzhD,EAAQ2M,EAAKpV,iBAAiB,CAACyI,EAAOnK,KAAK4rD,cAI/C,OAAOzhD,CACX,CAQE,aAAMkkB,CAAQipB,GACZ,MAAM70B,EAA8C,OAAvCziB,KAAKqvD,8BAChBrvD,KAAKqvD,8BACLrvD,KAAK6rD,qBAED5oC,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD9R,QAAY3Q,KAAKyL,IAAI4rC,WAAWC,EAAYt0B,GAElD,GAAIhjB,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eAC/Br0B,EAAQ,IAAI11B,WAAW,CAAC,IAAO2tD,GAA6BrxC,IAAK/d,KAAK03C,QAAS13C,KAAKqvD,8BAA+BrvD,KAAKwrD,gBACxH9b,EAAiC,IAAjB1vC,KAAK03C,cAAsBnJ,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc01B,EAAOnU,GAAWrS,EACnH08C,QAAqB75B,EAAK/Q,EAAMitB,GACtC1vC,KAAKiuD,iBAAmBZ,EAAah/B,QAAQruB,KAAK4rD,UAAW5rD,KAAKwvB,GAAI2H,EAC5E,MAAW,GAAuB,OAAnBn3B,KAAK4rD,UAAoB,CAClC,MAAMM,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQ5L,EAAM9R,EAAK3Q,KAAK4rD,UAAW,IAAInqD,WAAWwhB,IAI1F,GAFAjjB,KAAK6rD,oBAAsBphD,EAAM1H,MAAM0H,EAAMoC,UAAWq/C,EAAU,IAClElsD,KAAKiuD,WAAa/B,EAAUljD,SAAS,EAAGkjD,EAAUtqD,QAC9C5B,KAAKiuD,WAAWrsD,SAAWua,GAAO4G,gBAAgB/iB,KAAK6rD,qBAAqB7oC,QAC9E,MAAUzhB,MAAM,8BAExB,MAEMvB,KAAKiuD,WAAat9C,CAExB,CASE,aAAMod,CAAQupB,EAAYpjC,EAASqD,GACjC,MAAMkL,EAA8C,OAAvCziB,KAAKqvD,8BAChBrvD,KAAKqvD,8BACLrvD,KAAK6rD,oBAEP7rD,KAAKqvD,8BAAgC5sC,EAErCziB,KAAKyL,IAAM6sC,GAAiBpkC,GAC5BlU,KAAKyL,IAAI2rC,eAET,MAAMn0B,UAAEA,EAASD,QAAEA,GAAY7G,GAAO4G,gBAAgBN,GAChD9R,QAAY3Q,KAAKyL,IAAI4rC,WAAWC,EAAYt0B,GAMlD,GAJwB,OAApBhjB,KAAKiuD,aACPjuD,KAAKiuD,WAAa9xC,GAAOqzC,mBAAmBxvD,KAAK6rD,sBAG/C7rD,KAAK03C,SAAW,EAAG,CACrB,MAAMlkB,EAAOrX,GAAOowC,YAAYvsD,KAAKwrD,eACrCxrD,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAepI,EAAK+C,UAC5C,MAAMY,EAAQ,IAAI11B,WAAW,CAAC,IAAO2tD,GAA6BrxC,IAAK/d,KAAK03C,QAAS13C,KAAKqvD,8BAA+BrvD,KAAKwrD,gBACxH9b,EAAiC,IAAjB1vC,KAAK03C,cAAsBnJ,GAAY9jC,EAAMkD,KAAKI,OAAQ4C,EAAK,IAAIlP,WAAc01B,EAAOnU,GAAWrS,EACnH08C,QAAqB75B,EAAK/Q,EAAMitB,GACtC1vC,KAAK4rD,gBAAkByB,EAAat/B,QAAQ/tB,KAAKiuD,WAAYjuD,KAAKwvB,GAAI2H,EAC5E,KAAW,CACL,MAAMrD,EAAYhd,EAAKpV,iBAAiB,CACtC,IAAID,WAAW,CAACzB,KAAK6rD,sBACrB7rD,KAAKiuD,aAEPjuD,KAAK4rD,gBAAkBzvC,GAAOqX,KAAK3C,IAAI9C,QAAQtL,EAAM9R,EAAKmjB,EAAW,IAAIryB,WAAWwhB,GAAY/O,EACtG,CACA,EC/LA,MAAMu7C,GACJ,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAO5C,SACxB,CAME,WAAAnM,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAKtCvX,KAAK03C,QAAUxjC,EAAOQ,OAAS,EAAI,EAKnC1U,KAAKykD,QAAU3tC,EAAKuB,cAAcsqC,GAKlC3iD,KAAK01C,UAAY,KAKjB11C,KAAKo1C,aAAe,KAKpBp1C,KAAK0vD,iBAAmB,EAKxB1vD,KAAKgzC,YAAc,KAKnBhzC,KAAKwjD,MAAQ,IACjB,CAQE,0BAAOmM,CAAoBC,GACzB,MAAMC,EAAY,IAAIJ,IAChB/X,QAAEA,EAAO+M,QAAEA,EAAO/O,UAAEA,EAASN,aAAEA,EAAYoO,MAAEA,EAAKxQ,YAAEA,GAAgB4c,EAO1E,OANAC,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUna,UAAYA,EACtBma,EAAUza,aAAeA,EACzBya,EAAUrM,MAAQA,EAClBqM,EAAU7c,YAAcA,EACjB6c,CACX,CAQE,UAAMxtD,CAAK8H,EAAO+J,EAASqD,GACzB,IAAIvV,EAAM,EAGV,GADAhC,KAAK03C,QAAUvtC,EAAMnI,KACA,IAAjBhC,KAAK03C,UAAkBxjC,EAAOS,wBAChC,MAAM,IAAIi4B,GAAiB,mGAG7B,GAAqB,IAAjB5sC,KAAK03C,SAAkC,IAAjB13C,KAAK03C,SAAkC,IAAjB13C,KAAK03C,QAAe,CAElE13C,KAAKykD,QAAU3tC,EAAKgB,SAAS3N,EAAMnB,SAAShH,EAAKA,EAAM,IACvDA,GAAO,EAGPhC,KAAK01C,UAAYvrC,EAAMnI,KAEnBhC,KAAK03C,SAAW,IAElB11C,GAAO,GAIT,MAAMK,KAAEA,EAAI+yC,aAAEA,GAAiBj5B,GAAO2zC,qBAAqB9vD,KAAK01C,UAAWvrC,EAAMnB,SAAShH,IAG1F,GACmB,IAAjBhC,KAAK03C,SACLtC,EAAa/J,MACX+J,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMU,kBAC3CgqC,EAAa/J,IAAIE,YAAc9gC,EAAMC,MAAMQ,eAG7C,MAAU3J,MAAM,iDAOlB,OALAvB,KAAKo1C,aAAeA,EACpBpzC,GAAOK,QAGDrC,KAAK+vD,6BACJ/tD,CACb,CACI,MAAM,IAAI4qC,GAAiB,WAAW5sC,KAAK03C,4CAC/C,CAME,KAAA30C,GACE,MAAMmjB,EAAM,GAEZA,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK03C,WAC9BxxB,EAAIpjB,KAAKgU,EAAKkB,UAAUhY,KAAKykD,UAE7Bv+B,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAK01C,aAE9B,MAAM/uB,EAASxK,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAKo1C,cAO3D,OANIp1C,KAAK03C,SAAW,GAElBxxB,EAAIpjB,KAAKgU,EAAKc,YAAY+O,EAAO/kB,OAAQ,IAG3CskB,EAAIpjB,KAAK6jB,GACF7P,EAAKpV,iBAAiBwkB,EACjC,CAME,YAAAohC,CAAa5P,GACX,MAAMvtC,EAAQnK,KAAKgwD,iBAEbC,EAAe,IAAOvY,EACtBwY,EAAexY,GAAW,EAAI,EAAI,EACxC,OAAO5gC,EAAKpV,iBAAiB,CAAC,IAAID,WAAW,CAACwuD,IAAgBn5C,EAAKc,YAAYzN,EAAMvI,OAAQsuD,GAAe/lD,GAChH,CAME,WAAAgmD,GACE,OAAO,IACX,CAME,eAAAC,GACE,OAAOpwD,KAAKykD,OAChB,CAME,QAAA4B,GACE,OAAOrmD,KAAKwjD,KAChB,CAME,gCAAMuM,GAIJ,SAHM/vD,KAAKqwD,qBACXrwD,KAAKwjD,MAAQ,IAAIF,GAEbtjD,KAAK03C,SAAW,EAClB13C,KAAKwjD,MAAMnhD,KAAKrC,KAAKgzC,YAAYhqC,SAAS,EAAG,QACxC,IAAqB,IAAjBhJ,KAAK03C,QAGd,MAAUn2C,MAAM,2BAFhBvB,KAAKwjD,MAAMnhD,KAAKrC,KAAKgzC,YAAYhqC,SAAS,GAAI,IAGpD,CACA,CAKE,wBAAMqnD,GACJ,MAAMnY,EAASl4C,KAAKsnD,aAAatnD,KAAK03C,SAEtC,GAAI13C,KAAK03C,SAAW,EAClB13C,KAAKgzC,kBAAoB72B,GAAOxO,KAAKI,OAAOmqC,OACvC,IAAqB,IAAjBl4C,KAAK03C,QAGd,MAAUn2C,MAAM,2BAFhBvB,KAAKgzC,kBAAoB72B,GAAOxO,KAAKE,KAAKqqC,EAGhD,CACA,CAME,mBAAAkO,GACE,OAAOpmD,KAAKgzC,WAChB,CAME,cAAAsd,GACE,OAAOx5C,EAAK2C,gBAAgBzZ,KAAKomD,sBACrC,CAME,oBAAAmK,CAAqBC,GACnB,OAAOxwD,KAAK03C,UAAY8Y,EAAM9Y,SAAW5gC,EAAKmE,iBAAiBjb,KAAKgwD,iBAAkBQ,EAAMR,iBAChG,CAME,gBAAAS,GACE,MAAM1uD,EAAS,CAAE,EACjBA,EAAO2zC,UAAYjrC,EAAMpI,KAAKoI,EAAMsB,UAAW/L,KAAK01C,WAEpD,MAAMgb,EAAS1wD,KAAKo1C,aAAaz9B,GAAK3X,KAAKo1C,aAAajoB,EAMxD,OALIujC,EACF3uD,EAAOia,KAAOlF,EAAKkC,oBAAoB03C,GAC9B1wD,KAAKo1C,aAAa/J,MAC3BtpC,EAAO2I,MAAQ1K,KAAKo1C,aAAa/J,IAAIE,WAEhCxpC,CACX,EAOA0tD,GAAgBxvD,UAAU0wD,cAAgBlB,GAAgBxvD,UAAUoC,KAMpEotD,GAAgBxvD,UAAU+vD,eAAiBP,GAAgBxvD,UAAU8C,MCtQrE,MAAMulD,gBAA+BxxC,EAAK8G,wBAAwB,CAChE8kC,GACAoH,GACAjC,GACA5D,KAaF,MAAM2M,GACJ,cAAW7yC,GACT,OAAOtT,EAAMkE,OAAOQ,0BACxB,CAEE,WAAAvP,GAIEI,KAAK4rD,UAAY,KAKjB5rD,KAAK0oD,QAAU,IACnB,CAEE,IAAArmD,CAAK8H,GACHnK,KAAK4rD,UAAYzhD,CACrB,CAEE,KAAApH,GACE,OAAO/C,KAAK4rD,SAChB,CAYE,aAAMv9B,CAAQw9B,EAAqBl7C,EAAKuD,EAASqD,GAE/C,IAAKrD,EAAOgB,6BACV,MAAU3T,MAAM,iCAGlB,MAAM0hB,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GACvCD,QAAkB3pC,EAAiB2kC,EAAa5mD,KAAK4rD,YACrDM,QAAkB/vC,GAAOqX,KAAK3C,IAAIxC,QAAQw9B,EAAqBl7C,EACnEi7C,EAAU5iD,SAASia,EAAY,GAC/B2oC,EAAU5iD,SAAS,EAAGia,EAAY,IAGpCjjB,KAAK0oD,cAAgBF,GAAWC,WAAWyD,EAAW5D,GAAgBp0C,EAC1E,CAWE,aAAM6Z,CAAQ89B,EAAqBl7C,EAAKuD,EAASqD,GAC/C,MAAM1Q,EAAO7G,KAAK0oD,QAAQ3lD,SACpBkgB,UAAEA,GAAc9G,GAAO4G,gBAAgB8oC,GAEvC1yC,QAAegD,GAAO4vC,gBAAgBF,GACtCgF,QAAY10C,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAKwI,EAAQ,IAAI1X,WAAWwhB,GAAY/O,GACjGob,QAAmBnT,GAAOqX,KAAK3C,IAAI9C,QAAQ89B,EAAqBl7C,EAAK9J,EAAMgqD,EAAI7nD,SAAS,GAAIkL,GAClGlU,KAAK4rD,UAAY90C,EAAKtS,OAAO,CAACqsD,EAAKvhC,GACvC,EC/EA,MAAMwhC,GACJ,cAAW/yC,GACT,OAAOtT,EAAMkE,OAAOS,MACxB,CAOE,IAAA/M,CAAK8H,GACH,OAAiB,KAAbA,EAAM,IACO,KAAbA,EAAM,IACO,KAAbA,EAAM,EAId,CAEE,KAAApH,GACE,OAAO,IAAItB,WAAW,CAAC,GAAM,GAAM,IACvC,EC7BA,MAAMsvD,WAA2BtB,GAC/B,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAOa,YACxB,CAOE,WAAA5P,CAAY+iD,EAAMzuC,GAChBrU,MAAM8iD,EAAMzuC,EAChB,CAQE,6BAAO88C,CAAuBC,GAC5B,MAAMpB,EAAY,IAAIkB,IAChBrZ,QAAEA,EAAO+M,QAAEA,EAAO/O,UAAEA,EAASN,aAAEA,EAAYoO,MAAEA,EAAKxQ,YAAEA,GAAgBie,EAO1E,OANApB,EAAUnY,QAAUA,EACpBmY,EAAUpL,QAAUA,EACpBoL,EAAUna,UAAYA,EACtBma,EAAUza,aAAeA,EACzBya,EAAUrM,MAAQA,EAClBqM,EAAU7c,YAAcA,EACjB6c,CACX,ECpBA,MAAMqB,GACJ,cAAWnzC,GACT,OAAOtT,EAAMkE,OAAOc,aACxB,CAEE,WAAA7P,GACEI,KAAKmxD,WAAa,EACtB,CAME,IAAA9uD,CAAK8H,GACH,IAAIrI,EAAI,EACR,KAAOA,EAAIqI,EAAMvI,QAAQ,CACvB,MAAMyrB,EAAMme,GAAiBrhC,EAAMnB,SAASlH,EAAGqI,EAAMvI,SACrDE,GAAKurB,EAAIzU,OAET5Y,KAAKmxD,WAAWruD,KAAKgU,EAAKmD,mBAAmB9P,EAAMnB,SAASlH,EAAGA,EAAIurB,EAAIA,OACvEvrB,GAAKurB,EAAIA,GACf,CACA,CAME,KAAAtqB,GACE,MAAMmjB,EAAM,GACZ,IAAK,IAAIpkB,EAAI,EAAGA,EAAI9B,KAAKmxD,WAAWvvD,OAAQE,IAC1CokB,EAAIpjB,KAAK2oC,GAAkBzrC,KAAKmxD,WAAWrvD,GAAGF,SAC9CskB,EAAIpjB,KAAKgU,EAAK+C,mBAAmB7Z,KAAKmxD,WAAWrvD,KAEnD,OAAOgV,EAAKpV,iBAAiBwkB,EACjC,CAOE,MAAAq9B,CAAO6N,GACL,SAAKA,GAAaA,aAAmBF,KAG9BlxD,KAAKmxD,WAAW90B,OAAM,SAASg1B,EAAMn0C,GAC1C,OAAOm0C,IAASD,EAAQD,WAAWj0C,EACzC,GACA,ECvDA,MAAMo0C,WAAwB7B,GAC5B,cAAW1xC,GACT,OAAOtT,EAAMkE,OAAOK,SACxB,CAME,WAAApP,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtC1X,MAAM8iD,EAAMzuC,GAIZlU,KAAKuxD,YAAc,KAInBvxD,KAAKwxD,YAAc,KAKnBxxD,KAAKyxD,SAAW,EAKhBzxD,KAAKyL,IAAM,KAKXzL,KAAK6M,UAAY,KAKjB7M,KAAKsO,KAAO,KASZtO,KAAK0xD,aAAe,KAKpB1xD,KAAK+1C,cAAgB,KAOrB/1C,KAAK2xD,eAAiB,IAC1B,CAUE,UAAMtvD,CAAK8H,EAAO+J,EAASqD,GAEzB,IAAIzV,QAAU9B,KAAK2wD,cAAcxmD,EAAO+J,GACxC,MAAM09C,EAAuB9vD,EAM7B9B,KAAKyxD,SAAWtnD,EAAMrI,KAID,IAAjB9B,KAAK03C,SACP51C,IAOmB,IAAjB9B,KAAK03C,SAAiB13C,KAAKyxD,UAC7B3vD,IAGF,IAGE,GAAsB,MAAlB9B,KAAKyxD,UAAsC,MAAlBzxD,KAAKyxD,UAAsC,MAAlBzxD,KAAKyxD,SAAkB,CAC3EzxD,KAAK6M,UAAY1C,EAAMrI,KAID,MAAlB9B,KAAKyxD,WACPzxD,KAAKsO,KAAOnE,EAAMrI,MAKC,IAAjB9B,KAAK03C,SACP51C,IAMF,MAAM8S,EAAUzK,EAAMrI,KAItB,GAHA9B,KAAKyL,IAAM4sC,GAAezjC,GAC1B9S,GAAK9B,KAAKyL,IAAIpJ,KAAK8H,EAAMnB,SAASlH,EAAGqI,EAAMvI,SAErB,cAAlB5B,KAAKyL,IAAIwI,KACX,MAEV,MAAiBjU,KAAKyxD,WACdzxD,KAAK6M,UAAY7M,KAAKyxD,UAIpBzxD,KAAKyxD,WAMPzxD,KAAK0xD,aAAiC,MAAlB1xD,KAAKyxD,WACN,IAAjBzxD,KAAK03C,SAAmC,IAAjB13C,KAAK03C,SAAiBxjC,EAAOK,kCAMhC,MAAlBvU,KAAKyxD,UAAoBzxD,KAAK0xD,cAChC1xD,KAAKwvB,GAAKrlB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAO4G,gBAAgB/iB,KAAK6M,WAAWoW,WAE7CjjB,KAAK2xD,gBAAiB,IAKtB3xD,KAAKwvB,GAAKrlB,EAAMnB,SACdlH,EACAA,EAAIqa,GAAOowC,YAAYvsD,KAAKsO,MAAMioB,UAGpCv2B,KAAK2xD,gBAAiB,GAGxB7vD,GAAK9B,KAAKwvB,GAAG5tB,OAEhB,CAAC,MAAOsC,GAEP,IAAKlE,KAAKyxD,SAAU,MAAMvtD,EAC1BlE,KAAK6xD,uBAAyB1nD,EAAMnB,SAAS4oD,GAC7C5xD,KAAKwxD,aAAc,CACzB,CAcI,GAVqB,IAAjBxxD,KAAK03C,UACP51C,GAAK,GAMP9B,KAAKuxD,YAAcpnD,EAAMnB,SAASlH,GAClC9B,KAAKwxD,cAAgBxxD,KAAKyxD,UAErBzxD,KAAKwxD,YAAa,CACrB,IAAIM,EACJ,GAAqB,IAAjB9xD,KAAK03C,QACPoa,EAAY9xD,KAAKuxD,iBAGjB,GADAO,EAAY9xD,KAAKuxD,YAAYvoD,SAAS,GAAI,IACrC8N,EAAKmE,iBAAiBnE,EAAKsE,cAAc02C,GAAY9xD,KAAKuxD,YAAYvoD,UAAU,IACnF,MAAUzH,MAAM,yBAGpB,IACE,MAAMc,KAAEA,EAAI0zC,cAAEA,GAAkB55B,GAAO41C,sBAAsB/xD,KAAK01C,UAAWoc,EAAW9xD,KAAKo1C,cAC7F,GAAI/yC,EAAOyvD,EAAUlwD,OACnB,MAAUL,MAAM,sBAElBvB,KAAK+1C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,GAAIA,aAAeuW,GAAkB,MAAMvW,EAE3C,MAAU90B,MAAM,qBACxB,CACA,CACA,CAME,KAAAwB,GACE,MAAMivD,EAAsBhyD,KAAKgwD,iBACjC,GAAIhwD,KAAK6xD,uBACP,OAAO/6C,EAAKpV,iBAAiB,CAC3BswD,EACAhyD,KAAK6xD,yBAIT,MAAM3rC,EAAM,CAAC8rC,GACb9rC,EAAIpjB,KAAK,IAAIrB,WAAW,CAACzB,KAAKyxD,YAE9B,MAAMQ,EAAoB,GAG1B,GAAsB,MAAlBjyD,KAAKyxD,UAAsC,MAAlBzxD,KAAKyxD,UAAsC,MAAlBzxD,KAAKyxD,SAAkB,CAC3EQ,EAAkBnvD,KAAK9C,KAAK6M,WAIN,MAAlB7M,KAAKyxD,UACPQ,EAAkBnvD,KAAK9C,KAAKsO,MAG9B,MAAM7C,EAAMzL,KAAKyL,IAAI1I,QAIA,IAAjB/C,KAAK03C,SACPua,EAAkBnvD,KAAK2I,EAAI7J,QAM7BqwD,EAAkBnvD,QAAQ2I,EAChC,CA6BI,OAxBIzL,KAAKyxD,UAA8B,cAAlBzxD,KAAKyL,IAAIwI,MAC5Bg+C,EAAkBnvD,QAAQ9C,KAAKwvB,KAGZ,IAAjBxvB,KAAK03C,SAAmC,IAAjB13C,KAAK03C,SAAiB13C,KAAKyxD,WACpDvrC,EAAIpjB,KAAK,IAAIrB,WAAW,CAACwwD,EAAkBrwD,UAE7CskB,EAAIpjB,KAAK,IAAIrB,WAAWwwD,IAEnBjyD,KAAKkyD,YACHlyD,KAAKyxD,WACRzxD,KAAKuxD,YAAcp1C,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAK+1C,gBAG5C,IAAjB/1C,KAAK03C,SACPxxB,EAAIpjB,KAAKgU,EAAKc,YAAY5X,KAAKuxD,YAAY3vD,OAAQ,IAErDskB,EAAIpjB,KAAK9C,KAAKuxD,aAETvxD,KAAKyxD,UAA6B,IAAjBzxD,KAAK03C,SACzBxxB,EAAIpjB,KAAKgU,EAAKsE,cAAcpb,KAAKuxD,eAI9Bz6C,EAAKpV,iBAAiBwkB,EACjC,CAOE,WAAAiqC,GACE,OAA4B,IAArBnwD,KAAKwxD,WAChB,CAUE,0BAAAW,GACE,YAAuC/vD,IAAhCpC,KAAK6xD,wBAAwC7xD,KAAKkyD,SAC7D,CAME,OAAAA,GACE,SAAUlyD,KAAKyL,KAAyB,cAAlBzL,KAAKyL,IAAIwI,KACnC,CAOE,SAAAm+C,CAAUl+C,EAASqD,GACbvX,KAAKkyD,YAGLlyD,KAAKmwD,eACPnwD,KAAKqyD,4BAEAryD,KAAK6xD,uBACZ7xD,KAAKwxD,YAAc,KACnBxxD,KAAKuxD,YAAc,KACnBvxD,KAAKyL,IAAM4sC,GAAe5tC,EAAMgB,IAAIK,IAAKoI,GACzClU,KAAKyL,IAAIiqC,UAAY,EACrB11C,KAAKyL,IAAI0X,EAAI,EACbnjB,KAAKyL,IAAIwI,KAAO,YAChBjU,KAAKyxD,SAAW,IAChBzxD,KAAK6M,UAAYpC,EAAMoC,UAAUO,OACjCpN,KAAK0xD,aAAe,KACpB1xD,KAAK2xD,eAAiB,KAC1B,CAYE,aAAM5jC,CAAQupB,EAAYpjC,EAASqD,GACjC,GAAIvX,KAAKkyD,UACP,OAGF,IAAKlyD,KAAKmwD,cACR,MAAU5uD,MAAM,mCAGlB,IAAK+1C,EACH,MAAU/1C,MAAM,0DAGlBvB,KAAKyL,IAAM6sC,GAAiBpkC,GAC5BlU,KAAKyL,IAAI2rC,eACT,MAAM0a,EAAY31C,GAAO+pC,gBAAgBlmD,KAAK01C,UAAW11C,KAAK+1C,eAC9D/1C,KAAK6M,UAAYpC,EAAMoC,UAAUO,OAEjC,MAAM6V,UAAEA,GAAc9G,GAAO4G,gBAAgB/iB,KAAK6M,WAElD,GAAIqH,EAAOI,YAAa,CACtBtU,KAAKyxD,SAAW,IAChBzxD,KAAKsO,KAAO4F,EAAOM,uBACnB,MAAMgf,EAAOrX,GAAOowC,YAAYvsD,KAAKsO,MACrCtO,KAAK0xD,aAAgC,IAAjB1xD,KAAK03C,QACzB13C,KAAK2xD,gBAAkB3xD,KAAK0xD,aAE5B,MAAMY,EAAsB1mB,GAAS5rC,KAAKJ,YAAYme,KAChDpN,QAAY4hD,GAAqBvyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,UAAW7M,KAAKsO,KAAMgkD,EAAqBtyD,KAAK0xD,cAE1HrE,QAAqB75B,EAAKxzB,KAAK6M,UAAW8D,GAChD3Q,KAAKwvB,GAAKxvB,KAAK0xD,aAAev1C,GAAOw6B,OAAO/a,eAAe3Y,GAAa9G,GAAOw6B,OAAO/a,eAAepI,EAAK+C,UAC1G,MAAMi8B,EAAgBxyD,KAAK0xD,aACzB,IAAIjwD,WACJqV,EAAKpV,iBAAiB,CAAC4wD,EAAqBtyD,KAAKgwD,mBAEnDhwD,KAAKuxD,kBAAoBlE,EAAat/B,QAAQ+jC,EAAW9xD,KAAKwvB,GAAGxmB,SAAS,EAAGwqB,EAAK+C,UAAWi8B,EACnG,KAAW,CACLxyD,KAAKyxD,SAAW,IAChBzxD,KAAK2xD,gBAAiB,EACtB,MAAMhhD,QAAY4hD,GAAqBvyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,WAChF7M,KAAKwvB,GAAKrT,GAAOw6B,OAAO/a,eAAe3Y,GACvCjjB,KAAKuxD,kBAAoBp1C,GAAOqX,KAAK3C,IAAI9C,QAAQ/tB,KAAK6M,UAAW8D,EAAKmG,EAAKpV,iBAAiB,CAC1FowD,QACM31C,GAAOxO,KAAKE,KAAKikD,EAAW59C,KAChClU,KAAKwvB,GAAItb,EACnB,CACA,CAWE,aAAMma,CAAQipB,GACZ,GAAIt3C,KAAKkyD,UACP,OAAO,EAGT,GAAIlyD,KAAK6xD,uBACP,MAAUtwD,MAAM,kEAGlB,GAAIvB,KAAKmwD,cACP,MAAU5uD,MAAM,oCAGlB,IAAIoP,EACJ,MAAM2hD,EAAsB1mB,GAAS5rC,KAAKJ,YAAYme,KACtD,GAAsB,MAAlB/d,KAAKyxD,UAAsC,MAAlBzxD,KAAKyxD,SAG3B,MAAsB,MAAlBzxD,KAAKyxD,SACJlwD,MAAM,0EAENA,MAAM,yEAGlB,IAAIuwD,EACJ,GATEnhD,QAAY4hD,GACVvyD,KAAK03C,QAAS13C,KAAKyL,IAAK6rC,EAAYt3C,KAAK6M,UAAW7M,KAAKsO,KAAMgkD,EAAqBtyD,KAAK0xD,cAQvE,MAAlB1xD,KAAKyxD,SAAkB,CACzB,MAAMj+B,EAAOrX,GAAOowC,YAAYvsD,KAAKsO,MAC/B++C,QAAqB75B,EAAKxzB,KAAK6M,UAAW8D,GAChD,IACE,MAAM6hD,EAAgBxyD,KAAK0xD,aACzB,IAAIjwD,WACJqV,EAAKpV,iBAAiB,CAAC4wD,EAAqBtyD,KAAKgwD,mBACnD8B,QAAkBzE,EAAah/B,QAAQruB,KAAKuxD,YAAavxD,KAAKwvB,GAAGxmB,SAAS,EAAGwqB,EAAK+C,UAAWi8B,EAC9F,CAAC,MAAOn8B,GACP,GAAoB,gCAAhBA,EAAI9iB,QACN,MAAUhS,MAAM,6BAA+B80B,EAAI9iB,SAErD,MAAM8iB,CACd,CACA,KAAW,CACL,MAAMo8B,QAA0Bt2C,GAAOqX,KAAK3C,IAAIxC,QAAQruB,KAAK6M,UAAW8D,EAAK3Q,KAAKuxD,YAAavxD,KAAKwvB,IAEpGsiC,EAAYW,EAAkBzpD,SAAS,GAAI,IAC3C,MAAM2E,QAAawO,GAAOxO,KAAKE,KAAKikD,GAEpC,IAAKh7C,EAAKmE,iBAAiBtN,EAAM8kD,EAAkBzpD,UAAU,KAC3D,MAAUzH,MAAM,2BAExB,CAEI,IACE,MAAMw0C,cAAEA,GAAkB55B,GAAO41C,sBAAsB/xD,KAAK01C,UAAWoc,EAAW9xD,KAAKo1C,cACvFp1C,KAAK+1C,cAAgBA,CACtB,CAAC,MAAO1f,GACP,MAAU90B,MAAM,qBACtB,CACIvB,KAAKwxD,aAAc,EACnBxxD,KAAKuxD,YAAc,KACnBvxD,KAAKyxD,SAAW,EAChBzxD,KAAKsO,KAAO,KACZtO,KAAK6M,UAAY,KACjB7M,KAAK0xD,aAAe,IACxB,CAOE,cAAMgB,GACJ,GAAI1yD,KAAKkyD,UACP,OAGF,IAAKlyD,KAAKmwD,cACR,MAAU5uD,MAAM,wBAGlB,GAAIvB,KAAK2xD,eAEP,OAGF,IAAIgB,EACJ,IAEEA,QAAoBx2C,GAAOs6B,eAAez2C,KAAK01C,UAAW11C,KAAKo1C,aAAcp1C,KAAK+1C,cACnF,CAAC,MAAO9pB,GACP0mC,GAAc,CACpB,CACI,IAAKA,EACH,MAAUpxD,MAAM,iBAEtB,CAEE,cAAM0rC,CAASjxB,EAAMtR,GAGnB,GAAqB,IAAjB1K,KAAK03C,UACN13C,KAAK01C,YAAcjrC,EAAMsB,UAAUM,MAAQ3B,IAAUD,EAAMC,MAAMU,kBAClEpL,KAAK01C,YAAcjrC,EAAMsB,UAAUQ,aAEnC,MAAUhL,MAAM,oDAAoDmJ,kDAEtE,MAAMqrC,cAAEA,EAAaX,aAAEA,SAAuBj5B,GAAOy2C,eAAe5yD,KAAK01C,UAAW15B,EAAMtR,GAC1F1K,KAAK+1C,cAAgBA,EACrB/1C,KAAKo1C,aAAeA,EACpBp1C,KAAKwxD,aAAc,CACvB,CAKE,kBAAAa,GACMryD,KAAKmyD,+BAITryD,OAAO02C,KAAKx2C,KAAK+1C,eAAe9zC,SAAQgG,IACxBjI,KAAK+1C,cAAc9tC,GAC3Bwf,KAAK,UACJznB,KAAK+1C,cAAc9tC,EAAK,IAEjCjI,KAAK+1C,cAAgB,KACrB/1C,KAAKwxD,aAAc,EACvB,EAcAlvD,eAAeiwD,GAAqBM,EAAYpnD,EAAK6rC,EAAY74B,EAAYq0C,EAAUR,EAAqBZ,GAC1G,GAAiB,WAAbjmD,EAAIwI,OAAsB6+C,EAC5B,MAAUvxD,MAAM,gDAElB,GAAiB,WAAbkK,EAAIwI,MAAoC,IAAf4+C,EAC3B,MAAUtxD,MAAM,uDAElB,MAAMyhB,QAAEA,GAAY7G,GAAO4G,gBAAgBtE,GACrCs0C,QAAmBtnD,EAAI4rC,WAAWC,EAAYt0B,GACpD,IAAK8vC,GAA2B,IAAfD,GAAoBnB,EACnC,OAAOqB,EAET,MAAMrkB,EAAO53B,EAAKpV,iBAAiB,CACjC4wD,EACA,IAAI7wD,WAAW,CAACoxD,EAAYp0C,EAAYq0C,MAE1C,OAAOvkB,GAAY9jC,EAAMkD,KAAKI,OAAQglD,EAAY,IAAItxD,WAAcitC,EAAM1rB,EAC5E,CC5iBA,MAAMgwC,GACJ,cAAWj1C,GACT,OAAOtT,EAAMkE,OAAOY,MACxB,CAEE,WAAA3P,GAKEI,KAAKuP,OAAS,GAEdvP,KAAKiI,KAAO,GACZjI,KAAKizD,MAAQ,GACbjzD,KAAKkzD,QAAU,EACnB,CAQE,iBAAOzd,CAAWlmC,GAChB,GAAIuH,EAAKC,SAASxH,IACfA,EAAOtH,OAAS6O,EAAKC,SAASxH,EAAOtH,OACrCsH,EAAO0jD,QAAUn8C,EAAKgG,eAAevN,EAAO0jD,QAC5C1jD,EAAO2jD,UAAYp8C,EAAKC,SAASxH,EAAO2jD,SACzC,MAAU3xD,MAAM,0BAElB,MAAMoN,EAAS,IAAIqkD,GACnBlzD,OAAO8mB,OAAOjY,EAAQY,GACtB,MAAM4jD,EAAa,GAKnB,OAJIxkD,EAAO1G,MAAMkrD,EAAWrwD,KAAK6L,EAAO1G,MACpC0G,EAAOukD,SAASC,EAAWrwD,KAAK,IAAI6L,EAAOukD,YAC3CvkD,EAAOskD,OAAOE,EAAWrwD,KAAK,IAAI6L,EAAOskD,UAC7CtkD,EAAOY,OAAS4jD,EAAWzwD,KAAK,KACzBiM,CACX,CAME,IAAAtM,CAAK8H,EAAO+J,EAASqD,GACnB,MAAMhI,EAASuH,EAAK6D,WAAWxQ,GAC/B,GAAIoF,EAAO3N,OAASsS,EAAOiC,gBACzB,MAAU5U,MAAM,8BAYlB,MACM6xD,EADK,qEACQC,KAAK9jD,GACxB,GAAgB,OAAZ6jD,EAAkB,CACpB,MAAMnrD,KAAEA,EAAIirD,QAAEA,EAAOD,MAAEA,GAAUG,EAAQE,OACzCtzD,KAAKkzD,QAAUA,GAAS5zC,QAAQ,cAAe,IAAIi0C,QAAU,GAC7DvzD,KAAKiI,KAAOA,GAAMsrD,QAAU,GAC5BvzD,KAAKizD,MAAQA,EAAM9tC,UAAU,EAAG8tC,EAAMrxD,OAAS,EAChD,KAAU,oBAAoBmb,KAAKxN,KAClCvP,KAAKizD,MAAQ1jD,GAGfvP,KAAKuP,OAASA,CAClB,CAME,KAAAxM,GACE,OAAO+T,EAAKwD,WAAWta,KAAKuP,OAChC,CAEE,MAAAg0C,CAAOiQ,GACL,OAAOA,GAAeA,EAAYjkD,SAAWvP,KAAKuP,MACtD,ECvFA,MAAMkkD,WAA2BnC,GAC/B,cAAWvzC,GACT,OAAOtT,EAAMkE,OAAOM,YACxB,CAME,WAAArP,CAAY+iD,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtC1X,MAAM8iD,EAAMzuC,EAChB,ECnBA,MAAMw/C,GACJ,cAAW31C,GACT,OAAOtT,EAAMkE,OAAOW,KACxB,CAME,IAAAjN,GACE,MAAM,IAAIuqC,GAAiB,kCAC/B,CAEE,KAAA7pC,GACE,MAAM,IAAI6pC,GAAiB,kCAC/B,ECPA,MAAM+mB,GACJ,cAAW51C,GACT,OAAOtT,EAAMkE,OAAOkB,OACxB,CAEE,WAAAjQ,GACEI,KAAK6P,QAAU,IACnB,CAME,IAAAxN,CAAK8H,GAEP,CAME,KAAApH,GACE,OAAO/C,KAAK6P,OAChB,CAQE,mBAAM+jD,CAAchyD,GAClB5B,KAAK6P,cAAgBsM,GAAOw6B,OAAO/a,eAAeh6B,EACtD,ECnCA,MAAM0mD,gBAA+BxxC,EAAK8G,wBAAwB,CAACqmC,KAK5D,MAAM4P,GAIX,WAAAj0D,CAAYk0D,GACV9zD,KAAK0oD,QAAUoL,GAAc,IAAItL,EACrC,CAME,KAAAzlD,GACE,OAAO/C,KAAK0oD,QAAQ3lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GAEb,MAAM8K,EAAeriB,KAAK0oD,QAAQhkD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQkmC,GAAgBlmC,KAA0B,IAAnBpP,EAAO+oC,UAC1G,OAAOvkC,EAAM1I,EAAM0I,MAAMtE,UAAW7O,KAAK+C,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrG,CAME,gBAAA6/C,GACE,OAAO/zD,KAAK0oD,QAAQ/jD,KAAIgK,GAAUA,EAAOgD,aAC7C,EAaOrP,eAAe0xD,IAAcC,iBAAEA,EAAgBC,gBAAEA,EAAiBhgD,OAAAA,KAAWigD,IAClFjgD,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQ0zD,GAAoBC,EAChC,IAAK3zD,EACH,MAAUgB,MAAM,8FAElB,GAAI0yD,IAAqBn9C,EAAKC,SAASk9C,GACrC,MAAU1yD,MAAM,4DAElB,GAAI2yD,IAAoBp9C,EAAKtV,aAAa0yD,GACxC,MAAU3yD,MAAM,+DAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAIuxD,EAAkB,CACpB,MAAMhgD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMtE,UACvB,MAAUtN,MAAM,sCAElBhB,EAAQsG,CACZ,CACE,MAAMitD,QAAmBtL,GAAWC,WAAWloD,EAAO+nD,GAAgBp0C,GACtE,OAAO,IAAI2/C,GAAUC,EACvB,CCnFOxxD,eAAe+xD,GAAqBvuD,EAASoO,GAClD,MAAM+8C,EAAqB,IAAIwC,GAAmB3tD,EAAQ68C,KAAMzuC,GAKhE,OAJA+8C,EAAmBvI,QAAU,KAC7BuI,EAAmBvb,UAAYjrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ4vC,iBAC9Dub,EAAmBhkB,SAASnnC,EAAQwuD,QAASxuD,EAAQ4E,aACrDumD,EAAmBlB,6BAClBkB,CACT,CAEO3uD,eAAeiyD,GAAkBzuD,EAASoO,GAC/C,MAAM07C,EAAkB,IAAI0B,GAAgBxrD,EAAQ68C,KAAMzuC,GAK1D,OAJA07C,EAAgBlH,QAAU,KAC1BkH,EAAgBla,UAAYjrC,EAAM1H,MAAM0H,EAAMsB,UAAWjG,EAAQ4vC,iBAC3Dka,EAAgB3iB,SAASnnC,EAAQwuD,QAASxuD,EAAQ4E,MAAO5E,EAAQoO,cACjE07C,EAAgBG,6BACfH,CACT,CAaOttD,eAAekyD,GAAwBC,EAAY1oD,EAAWm4C,EAAewQ,EAAc/R,EAAO,IAAI5qC,KAAQ7D,GACnH,IAAIygD,EACAz2C,EACJ,IAAK,IAAIpc,EAAI2yD,EAAW7yD,OAAS,EAAGE,GAAK,EAAGA,IAC1C,MAEM6yD,GAAeF,EAAW3yD,GAAG2iD,SAAWkQ,EAAYlQ,iBAEhDgQ,EAAW3yD,GAAG4+B,OAAO30B,EAAWm4C,EAAewQ,EAAc/R,OAAMvgD,EAAW8R,GACpFygD,EAAcF,EAAW3yD,GAE5B,CAAC,MAAOoC,GACPga,EAAYha,CAClB,CAEE,IAAKywD,EACH,MAAM79C,EAAK6G,UACT,wBAAwBlT,EAAMpI,KAAKoI,EAAMoE,UAAWq1C,uBAAmCn4C,EAAUs6C,WAAW/a,UACzGhsB,QAAQ,eAAgB,SACxBA,QAAQ,mBAAmB,CAAC2M,EAAG2oC,EAAIC,IAAOD,EAAK,IAAMC,EAAGC,gBAC3D52C,GAEJ,OAAOy2C,CACT,CAEO,SAASI,GAAclF,EAAWhhD,EAAW8zC,EAAO,IAAI5qC,MAC7D,MAAM0vC,EAAW3wC,EAAKuB,cAAcsqC,GACpC,GAAiB,OAAb8E,EAAmB,CACrB,MAAMuN,EAAiBC,GAAqBpF,EAAWhhD,GACvD,QAASghD,EAAUpL,SAAWgD,GAAYA,EAAWuN,EACzD,CACE,OAAO,CACT,CASO1yD,eAAe4yD,GAAuBC,EAAQC,EAAYtvD,EAASoO,GACxE,MAAMmhD,EAAa,CAAE,EACrBA,EAAW1kD,IAAMykD,EACjBC,EAAW1xD,KAAOwxD,EAClB,MAAMG,EAAsB,CAAEpR,cAAez5C,EAAMoE,UAAU4B,eACzD3K,EAAQq6B,MACVm1B,EAAoBnjD,SAAW,CAAC1H,EAAM0H,SAASU,UAC/CyiD,EAAoB9iD,wBAA0B+iD,GAAsBF,EAAY,GAAIF,EAAQ,CAC1FjR,cAAez5C,EAAMoE,UAAU6B,YAC9B5K,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,IAElDohD,EAAoBnjD,SAAW,CAAC1H,EAAM0H,SAASW,qBAAuBrI,EAAM0H,SAASY,gBAEnFjN,EAAQyL,kBAAoB,IAC9B+jD,EAAoB/jD,kBAAoBzL,EAAQyL,kBAChD+jD,EAAoBxQ,iBAAkB,GAGxC,aADoCyQ,GAAsBF,EAAY,GAAID,EAAYE,EAAqBxvD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,EAE5J,CAwKO5R,eAAeizD,GAAsBF,EAAYG,EAAeC,EAAkBH,EAAqB3S,EAAM+S,EAAkBvQ,EAAY,GAAIva,GAAW,EAAO12B,GACtK,GAAIuhD,EAAiBvD,UACnB,MAAU3wD,MAAM,qCAElB,IAAKk0D,EAAiBtF,cACpB,MAAU5uD,MAAM,iCAElB,MAAMwmD,EAAkB,IAAI9D,GAM5B,OALAnkD,OAAO8mB,OAAOmhC,EAAiBuN,GAC/BvN,EAAgB3D,mBAAqBqR,EAAiB/f,UACtDqS,EAAgB5D,oBAtKX7hD,eAAoCqzD,EAAYF,EAAkB9S,EAAO,IAAI5qC,KAAQ69C,EAAgB,GAAI1hD,GAO9G,MAAM2hD,EAAcprD,EAAMkD,KAAKI,OACzB+nD,EAAsB5hD,EAAOC,uBAE7B4hD,QAAgC71D,QAAQ4E,IAAI6wD,EAAWhxD,KAAIrC,MAAOqO,EAAK7O,WAC3C6O,EAAIqlD,wBAAwBrT,EAAMiT,EAAc9zD,GAAIoS,IAC9CrC,2BAGlCokD,EAAoB,IAAIC,IAC9B,IAAK,MAAMC,KAAkBJ,EAC3B,IAAK,MAAM91B,KAAYk2B,EACrB,IAEE,MAAMC,EAAgB3rD,EAAM1H,MAAM0H,EAAMkD,KAAMsyB,GAC9Cg2B,EAAkB9zD,IAChBi0D,EACAH,EAAkBjyD,IAAIoyD,GAAiBH,EAAkB9tD,IAAIiuD,GAAiB,EAAI,EAE5F,CAAQ,MAAM,CAGZ,MAAMC,EAAsBp2B,GAAkC,IAAtB01B,EAAW/zD,QAAgBq0D,EAAkB9tD,IAAI83B,KAAc01B,EAAW/zD,QAAUq+B,IAAa41B,EACnIS,EAAgC,KACpC,GAA+B,IAA3BL,EAAkB3I,KACpB,OAAOuI,EAET,MAGMU,EAHkB52D,MAAM4gB,KAAK01C,EAAkBzf,QAClDjsC,QAAO01B,GAAYo2B,EAAoBp2B,KACvC6a,MAAK,CAAC0b,EAAOC,IAAUt6C,GAAOxO,KAAK2X,kBAAkBkxC,GAASr6C,GAAOxO,KAAK2X,kBAAkBmxC,KACrD,GAE1C,OAAOt6C,GAAOxO,KAAK2X,kBAAkBixC,IAAsBp6C,GAAOxO,KAAK2X,kBAAkBuwC,GAAeU,EAAoBV,CAAW,EAUzI,GAPiB,IAAIlgD,IAAI,CACvBlL,EAAMsB,UAAUO,MAChB7B,EAAMsB,UAAUQ,YAChB9B,EAAMsB,UAAUZ,QAChBV,EAAMsB,UAAUa,QAGL5I,IAAIyxD,EAAiB/f,WAAY,CAS5C,MAAMghB,EAAqBv6C,GAAOw6C,0BAA0BlB,EAAiB/f,UAAW+f,EAAiBrgB,aAAa/J,KAEhHurB,EAAiCP,EAAoBP,GACrDe,EAA2C16C,GAAOxO,KAAK2X,kBAAkBwwC,IAAwB35C,GAAOxO,KAAK2X,kBAAkBoxC,GAErI,GAAIE,GAAkCC,EACpC,OAAOf,EACF,CACL,MAAMgB,EAAyBR,IAC/B,OAAOn6C,GAAOxO,KAAK2X,kBAAkBwxC,IAA2B36C,GAAOxO,KAAK2X,kBAAkBoxC,GAC5FI,EACAJ,CACR,CACA,CAIE,OAAOL,EAAoBP,GAAuBA,EAAsBQ,GAC1E,CA2FwC/oB,CAAqBioB,EAAeC,EAAkB9S,EAAM+S,EAAkBxhD,GACpH6zC,EAAgB7C,aAAe,IAAIC,SAC7B4C,EAAgB5nB,KAAKs1B,EAAkBJ,EAAY1S,EAAM/X,EAAU12B,GAClE6zC,CACT,CAUOzlD,eAAey0D,GAAgBC,EAAQC,EAAM5F,EAAM1O,EAAO,IAAI5qC,KAAQm/C,IAC3EF,EAASA,EAAO3F,MAET4F,EAAK5F,GAAMzvD,aAGR1B,QAAQ4E,IAAIkyD,EAAOryD,KAAIrC,eAAe60D,GACrCA,EAAUvP,UAAUjF,IAAWuU,UAAiBA,EAAQC,IACxDF,EAAK5F,GAAM3sD,MAAK,SAAS0yD,GACxB,OAAOtgD,EAAKmE,iBAAiBm8C,EAAQpR,cAAemR,EAAUnR,cAC5E,KACUiR,EAAK5F,GAAMvuD,KAAKq0D,EAE1B,KATMF,EAAK5F,GAAQ2F,EAYnB,CAkBO10D,eAAe+0D,GAAcjC,EAAYlR,EAAewQ,EAAc4C,EAAazoD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,GAC3HvD,EAAMA,GAAOykD,EACb,MAAMmC,EAAmB,GA8BzB,aA7BMr3D,QAAQ4E,IAAIwyD,EAAY3yD,KAAIrC,eAAek1D,GAC/C,IACE,IASG3oD,GAAa2oD,EAAoB7lD,YAAY4xC,OAAO10C,EAAU8C,aAC/D,CACA,MAAM8lD,GAAoB,CACxBhtD,EAAM4H,oBAAoBuB,WAC1BnJ,EAAM4H,oBAAoBqB,cAC1BjJ,EAAM4H,oBAAoBwB,eAC1BqL,SAASs4C,EAAoBnS,+BAEzBmS,EAAoB92B,OACxB/vB,EAAKuzC,EAAewQ,EAAc+C,EAAmB,KAAO9U,GAAM,EAAOzuC,GAI3EqjD,EAAiBz0D,KAAK00D,EAAoB7lD,YAClD,CACK,CAAC,MAAOzN,GAAG,CAChB,KAEM2K,GACFA,EAAU82C,UAAU4R,EAAiB7yD,MAAK8+C,GAASA,EAAMD,OAAO10C,EAAU8C,iBACxE9C,EAAU82C,UAAW,GAChB92C,EAAU82C,SAEZ4R,EAAiB31D,OAAS,CACnC,CASO,SAASqzD,GAAqBpF,EAAWhhD,GAC9C,IAAImmD,EAKJ,OAHkC,IAA9BnmD,EAAUi2C,kBACZkQ,EAAiBnF,EAAUpL,QAAQrsC,UAA0C,IAA9BvJ,EAAU0C,mBAEpDyjD,EAAiB,IAAIj9C,KAAKi9C,GAAkBzsD,GACrD,CAEO,SAASmvD,GAAmB5xD,EAAS6xD,EAAiB,IAU3D,OATA7xD,EAAQmO,KAAOnO,EAAQmO,MAAQ0jD,EAAe1jD,KAC9CnO,EAAQ4E,MAAQ5E,EAAQ4E,OAASitD,EAAejtD,MAChD5E,EAAQwuD,QAAUxuD,EAAQwuD,SAAWqD,EAAerD,QACpDxuD,EAAQyL,uBAAkDnP,IAA9B0D,EAAQyL,kBAAkCzL,EAAQyL,kBAAoBomD,EAAepmD,kBACjHzL,EAAQwxC,WAAaxgC,EAAKC,SAASjR,EAAQwxC,YAAcxxC,EAAQwxC,WAAaqgB,EAAergB,WAC7FxxC,EAAQ68C,KAAO78C,EAAQ68C,MAAQgV,EAAehV,KAE9C78C,EAAQq6B,KAAOr6B,EAAQq6B,OAAQ,EAEvBr6B,EAAQmO,MACd,IAAK,MACH,IACEnO,EAAQ4E,MAAQD,EAAM1H,MAAM0H,EAAMC,MAAO5E,EAAQ4E,MAClD,CAAC,MAAOxG,GACP,MAAU3C,MAAM,gBACxB,CACUuE,EAAQ4E,QAAUD,EAAMC,MAAMQ,eAAiBpF,EAAQ4E,QAAUD,EAAMC,MAAMU,kBAC7D,YAAlBtF,EAAQ4E,OAAyC,eAAlB5E,EAAQ4E,QACvC5E,EAAQ4E,MAAQ5E,EAAQq6B,KAAO11B,EAAMC,MAAMQ,cAAgBT,EAAMC,MAAMU,kBAErEtF,EAAQq6B,KACVr6B,EAAQ4vC,UAAY5vC,EAAQ4E,QAAUD,EAAMC,MAAMQ,cAAgBT,EAAMsB,UAAUQ,YAAc9B,EAAMsB,UAAUO,MAEhHxG,EAAQ4vC,UAAYjrC,EAAMsB,UAAUM,KAEtC,MACF,IAAK,aACHvG,EAAQ4vC,UAAY5vC,EAAQq6B,KAAO11B,EAAMsB,UAAUZ,QAAUV,EAAMsB,UAAUW,OAC7E,MACF,IAAK,WACH5G,EAAQ4vC,UAAY5vC,EAAQq6B,KAAO11B,EAAMsB,UAAUa,MAAQnC,EAAMsB,UAAUY,KAC3E,MACF,IAAK,MACH7G,EAAQ4vC,UAAYjrC,EAAMsB,UAAUC,eACpC,MACF,QACE,MAAUzK,MAAM,wBAAwBuE,EAAQmO,MAEpD,OAAOnO,CACT,CAEO,SAAS8xD,GAAyB/H,EAAWhhD,EAAWqF,GAC7D,OAAQ27C,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACrB,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUZ,QACrB,KAAKV,EAAMsB,UAAUa,MACnB,IAAKiC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,UAC5C,QACE,OAAO,EAEb,CAEO,SAASglD,GAA4BhI,EAAWhhD,EAAWqF,GAChE,OAAQ27C,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KACnB,IAAKkC,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAElB,OAAQsN,EAAUsD,aACftD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,gBAC5C,QACE,OAAO,EAEb,CAEO,SAAS+kD,GAA4BjI,EAAWhhD,EAAWqF,GAChE,IAAKrF,EAAUsD,WAAa+B,EAAOsB,qBACjC,MAAUjU,MAAM,gFAGlB,OAAQsuD,EAAUna,WAChB,KAAKjrC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUI,QACrB,KAAK1B,EAAMsB,UAAUM,KACrB,KAAK5B,EAAMsB,UAAUW,OACrB,KAAKjC,EAAMsB,UAAUY,KAEnB,WADiCkC,EAAUsD,aAAatD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASU,aAChEqB,EAAOoB,2CAK9BzG,EAAUsD,aACjBtD,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASW,0BACvCjE,EAAUsD,SAAS,GAAK1H,EAAM0H,SAASY,iBAE1C,QACE,OAAO,EAEb,CASO,SAASglD,GAAqBlI,EAAW37C,GAC9C,MAAMkiC,EAAU3rC,EAAM1H,MAAM0H,EAAMsB,UAAW8jD,EAAUna,WACjDsiB,EAAWnI,EAAUY,mBAC3B,GAAIv8C,EAAOuC,0BAA0BzS,IAAIoyC,GACvC,MAAU70C,MAASy2D,EAAStiB,UAAZ,kCAElB,OAAQU,GACN,KAAK3rC,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUE,WACnB,GAAI+rD,EAASh8C,KAAO9H,EAAOkB,WACzB,MAAU7T,MAAM,yBAAyB2S,EAAOkB,4CAElD,MACF,KAAK3K,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACrB,KAAK9B,EAAMsB,UAAUM,KACnB,GAAI6H,EAAOwC,aAAa1S,IAAIg0D,EAASttD,OACnC,MAAUnJ,MAAM,eAAey2D,EAAStiB,8BAA8BsiB,EAASttD,sBAMvF,CC7fA,MAAMutD,GACJ,WAAAr4D,CAAYs4D,EAAYC,GACtBn4D,KAAKuP,OAAS2oD,EAAWt4D,YAAYme,MAAQtT,EAAMkE,OAAOY,OAAS2oD,EAAa,KAChFl4D,KAAKyP,cAAgByoD,EAAWt4D,YAAYme,MAAQtT,EAAMkE,OAAOc,cAAgByoD,EAAa,KAC9Fl4D,KAAKo4D,mBAAqB,GAC1Bp4D,KAAKq4D,oBAAsB,GAC3Br4D,KAAKs4D,qBAAuB,GAC5Bt4D,KAAKm4D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAKvB,OAJAsL,EAAWhxD,KAAK9C,KAAKuP,QAAUvP,KAAKyP,eACpCqkD,EAAWhxD,QAAQ9C,KAAKs4D,sBACxBxE,EAAWhxD,QAAQ9C,KAAKo4D,oBACxBtE,EAAWhxD,QAAQ9C,KAAKq4D,qBACjBvE,CACX,CAME,KAAAlxD,GACE,MAAM41D,EAAO,IAAIP,GAAKj4D,KAAKuP,QAAUvP,KAAKyP,cAAezP,KAAKm4D,SAI9D,OAHAK,EAAKJ,mBAAqB,IAAIp4D,KAAKo4D,oBACnCI,EAAKH,oBAAsB,IAAIr4D,KAAKq4D,qBACpCG,EAAKF,qBAAuB,IAAIt4D,KAAKs4D,sBAC9BE,CACX,CAUE,aAAMC,CAAQC,EAAa/V,EAAMzuC,GAC/B,MAAMkhD,EAAap1D,KAAKm4D,QAAQtI,UAC1BwF,EAAa,CACjB9lD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKykD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAW9lD,QAAU8lD,EAAW5lD,cAAezP,KAAKm4D,SAgB1E,OAfAK,EAAKH,0BAA4Bn4D,QAAQ4E,IAAI4zD,EAAY/zD,KAAIrC,eAAekR,GAC1E,IAAKA,EAAWmlD,YACd,MAAUp3D,MAAM,gCAElB,GAAIiS,EAAW+8C,qBAAqB6E,GAClC,MAAU7zD,MAAM,+DAElB,MAAMq3D,QAAmBplD,EAAWqlD,mBAAcz2D,EAAWugD,OAAMvgD,EAAW8R,GAC9E,OAAOqhD,GAAsBF,EAAY,CAAC7hD,GAAaolD,EAAW/I,UAAW,CAE3E3L,cAAez5C,EAAMoE,UAAUuB,YAC/B+B,SAAU,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,WACtD8vC,OAAMvgD,OAAWA,OAAWA,EAAW8R,EAChD,WACUskD,EAAKl0C,OAAOtkB,KAAM2iD,EAAMzuC,GACvBskD,CACX,CAcE,eAAMM,CAAUC,EAAalJ,EAAWlN,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClE,MAAM69C,EAAap1D,KAAKm4D,QAAQtI,UAChC,OAAOwH,GAAcjC,EAAY3qD,EAAMoE,UAAU2B,eAAgB,CAC/DG,IAAKykD,EACL7lD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,eACnBzP,KAAKs4D,qBAAsBS,EAAalJ,EAAWlN,EAAMzuC,EAChE,CAYE,uBAAM8kD,CAAkBD,EAAaE,EAAkBtW,EAAO,IAAI5qC,KAAQ7D,GACxE,MAAM21C,EAAO7pD,KACPo1D,EAAap1D,KAAKm4D,QAAQtI,UAC1B6E,EAAe,CACnBnlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKykD,IAEDzjD,YAAEA,GAAgBonD,EAClBG,EAAaD,EAAiB1uD,QAAOoG,GAAOA,EAAIwoD,QAAQxnD,GAAa/P,OAAS,IACpF,OAA0B,IAAtBs3D,EAAWt3D,OACN,YAEH1B,QAAQ4E,IAAIo0D,EAAWv0D,KAAIrC,UAC/B,MAAMs2D,QAAmBjoD,EAAIkoD,cAAclnD,EAAaonD,EAAYtU,aAASriD,EAAW8R,GACxF,GAAI6kD,EAAYpT,eAAiBkE,EAAKiP,UAAUC,EAAaH,EAAW/I,UAAWlN,EAAMzuC,GACvF,MAAU3S,MAAM,+BAElB,UACQw3D,EAAYr4B,OAAOk4B,EAAW/I,UAAWplD,EAAMoE,UAAUuB,YAAaskD,EAAc/R,OAAMvgD,EAAW8R,EAC5G,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,8BAA+BzZ,EAC5D,OAEW,EACX,CAcE,6BAAMk1D,CAAwBH,EAAkBtW,EAAO,IAAI5qC,KAAQ7D,GACjE,MAAM21C,EAAO7pD,KACPq5D,EAAiBr5D,KAAKo4D,mBAAmB5zD,OAAOxE,KAAKq4D,qBAC3D,OAAOn4D,QAAQ4E,IAAIu0D,EAAe10D,KAAIrC,UAAwB,CAC5DkhD,MAAO8V,EAAc3nD,YACrB4nD,YAAa1P,EAAKmP,kBAAkBM,EAAeL,EAAkBtW,EAAMzuC,GAAQ7T,OAAM,KAAM,QAErG,CAWE,YAAMqgC,CAAOiiB,EAAO,IAAI5qC,KAAQ7D,GAC9B,IAAKlU,KAAKo4D,mBAAmBx2D,OAC3B,MAAUL,MAAM,gCAElB,MAAMsoD,EAAO7pD,KACPo1D,EAAap1D,KAAKm4D,QAAQtI,UAC1B6E,EAAe,CACnBnlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKykD,GAGP,IAAIl3C,EACJ,IAAK,IAAIpc,EAAI9B,KAAKo4D,mBAAmBx2D,OAAS,EAAGE,GAAK,EAAGA,IACvD,IACE,MAAM03D,EAAoBx5D,KAAKo4D,mBAAmBt2D,GAClD,GAAI03D,EAAkB7T,eAAiBkE,EAAKiP,UAAUU,OAAmBp3D,EAAWugD,EAAMzuC,GACxF,MAAU3S,MAAM,iCAElB,UACQi4D,EAAkB94B,OAAO00B,EAAY3qD,EAAMoE,UAAUuB,YAAaskD,EAAc/R,OAAMvgD,EAAW8R,EACxG,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,gCAAiCzZ,EAChE,CACQ,OAAO,CACR,CAAC,MAAOA,GACPga,EAAYha,CACpB,CAEI,MAAMga,CACV,CAUE,YAAMoG,CAAOm1C,EAAY9W,EAAMzuC,GAC7B,MAAMkhD,EAAap1D,KAAKm4D,QAAQtI,UAC1B6E,EAAe,CACnBnlD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKykD,SAGD2B,GAAgB0C,EAAYz5D,KAAM,qBAAsB2iD,GAAMrgD,eAAeo3D,GACjF,IAEE,aADMA,EAAWh5B,OAAO00B,EAAY3qD,EAAMoE,UAAUuB,YAAaskD,EAAc/R,GAAM,EAAOzuC,IACrF,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEU6yD,GAAgB0C,EAAYz5D,KAAM,sBAAuB2iD,SAEzDoU,GAAgB0C,EAAYz5D,KAAM,uBAAwB2iD,GAAM,SAASgX,GAC7E,OAAOtC,GAAcjC,EAAY3qD,EAAMoE,UAAU2B,eAAgBkkD,EAAc,CAACiF,QAAYv3D,OAAWA,EAAWugD,EAAMzuC,EAC9H,GACA,CAaE,YAAM0lD,CACJxE,GAEEyE,KAAMxU,EAA0B56C,EAAM4H,oBAAoBoB,SAC1DqmD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,MAAM89C,EAAa,CACjB9lD,OAAQvP,KAAKuP,OACbE,cAAezP,KAAKyP,cACpBkB,IAAKykD,GAEDoD,EAAO,IAAIP,GAAK5C,EAAW9lD,QAAU8lD,EAAW5lD,cAAezP,KAAKm4D,SAO1E,OANAK,EAAKF,qBAAqBx1D,WAAWyyD,GAAsBF,EAAY,GAAID,EAAY,CACrFlR,cAAez5C,EAAMoE,UAAU2B,eAC/B60C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,GAAW,EAAO8R,UAChCskD,EAAKl0C,OAAOtkB,MACXw4D,CACX,EC3PA,MAAMuB,GAKJ,WAAAn6D,CAAYo6D,EAAc7B,GACxBn4D,KAAK6vD,UAAYmK,EACjBh6D,KAAKi6D,kBAAoB,GACzBj6D,KAAKs4D,qBAAuB,GAC5Bt4D,KAAKm4D,QAAUA,CACnB,CAME,YAAAI,GACE,MAAMzE,EAAa,IAAItL,GAIvB,OAHAsL,EAAWhxD,KAAK9C,KAAK6vD,WACrBiE,EAAWhxD,QAAQ9C,KAAKs4D,sBACxBxE,EAAWhxD,QAAQ9C,KAAKi6D,mBACjBnG,CACX,CAME,KAAAlxD,GACE,MAAMuyD,EAAS,IAAI4E,GAAO/5D,KAAK6vD,UAAW7vD,KAAKm4D,SAG/C,OAFAhD,EAAO8E,kBAAoB,IAAIj6D,KAAKi6D,mBACpC9E,EAAOmD,qBAAuB,IAAIt4D,KAAKs4D,sBAChCnD,CACX,CAcE,eAAM2D,CAAUjqD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,MAAM69C,EAAap1D,KAAKm4D,QAAQtI,UAChC,OAAOqK,GACL9E,EAAY3qD,EAAMoE,UAAUgC,iBAAkB,CAC5CF,IAAKykD,EACLzxD,KAAM3D,KAAK6vD,WACV7vD,KAAKs4D,qBAAsBzpD,EAAW8B,EAAKgyC,EAAMzuC,EAE1D,CAWE,YAAMwsB,CAAOiiB,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACvC,MAAM69C,EAAap1D,KAAKm4D,QAAQtI,UAC1B6E,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAM3D,KAAK6vD,WAE7CsK,QAAyBC,GAA+Bp6D,KAAKi6D,kBAAmB7E,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,EAAMzuC,GAErJ,GAAIimD,EAAiBxU,eAAiB3lD,KAAK84D,UAAUqB,EAAkB,KAAMxX,EAAMzuC,GACjF,MAAU3S,MAAM,qBAGlB,GAAI84D,GAAqBr6D,KAAK6vD,UAAWsK,EAAkBxX,GACzD,MAAUphD,MAAM,qBAElB,OAAO44D,CACX,CAUE,uBAAMzS,CAAkB/E,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClD,MAAM69C,EAAap1D,KAAKm4D,QAAQtI,UAC1B6E,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAM3D,KAAK6vD,WACnD,IAAIsK,EACJ,IACEA,QAAyBC,GAA+Bp6D,KAAKi6D,kBAAmB7E,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,EAAMzuC,EAChJ,CAAC,MAAOhQ,GACP,OAAO,IACb,CACI,MAAMo2D,EAAYC,GAA4Bv6D,KAAK6vD,UAAWsK,GACxDK,EAAYL,EAAiBzS,oBACnC,OAAO4S,EAAYE,EAAYF,EAAYE,CAC/C,CAUE,YAAMl2C,CAAO6wC,EAAQxS,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC/C,MAAM69C,EAAap1D,KAAKm4D,QAAQtI,UAChC,IAAK7vD,KAAKuwD,qBAAqB4E,GAC7B,MAAU5zD,MAAM,2DAGdvB,KAAK6vD,UAAUjwD,YAAYme,MAAQtT,EAAMkE,OAAOa,cAChD2lD,EAAOtF,UAAUjwD,YAAYme,MAAQtT,EAAMkE,OAAOM,eACpDjP,KAAK6vD,UAAYsF,EAAOtF,WAG1B,MAAMhG,EAAO7pD,KACP00D,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAMkmD,EAAKgG,iBAC7C4K,GAAuBtF,EAAQn1D,KAAM,oBAAqB2iD,GAAMrgD,eAAeo4D,GACnF,IAAK,IAAI54D,EAAI,EAAGA,EAAI+nD,EAAKoQ,kBAAkBr4D,OAAQE,IACjD,GAAI+nD,EAAKoQ,kBAAkBn4D,GAAG6P,YAAY4xC,OAAOmX,EAAW/oD,aAI1D,OAHI+oD,EAAWjW,QAAUoF,EAAKoQ,kBAAkBn4D,GAAG2iD,UACjDoF,EAAKoQ,kBAAkBn4D,GAAK44D,IAEvB,EAGX,IAEE,aADMA,EAAWh6B,OAAO00B,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,OAAMvgD,EAAW8R,IAC3F,CACR,CAAC,MAAOhQ,GACP,OAAO,CACf,CACA,UAEUu2D,GAAuBtF,EAAQn1D,KAAM,uBAAwB2iD,GAAM,SAASgX,GAChF,OAAOO,GAAqB9E,EAAY3qD,EAAMoE,UAAUgC,iBAAkB6jD,EAAc,CAACiF,QAAYv3D,OAAWA,EAAWugD,EAAMzuC,EACvI,GACA,CAaE,YAAM0lD,CACJxE,GAEEyE,KAAMxU,EAA0B56C,EAAM4H,oBAAoBoB,SAC1DqmD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,MAAM89C,EAAa,CAAE1kD,IAAKykD,EAAYzxD,KAAM3D,KAAK6vD,WAC3CsF,EAAS,IAAI4E,GAAO/5D,KAAK6vD,UAAW7vD,KAAKm4D,SAO/C,OANAhD,EAAOmD,qBAAqBx1D,WAAW63D,GAA6BtF,EAAY,GAAID,EAAY,CAC9FlR,cAAez5C,EAAMoE,UAAUgC,iBAC/Bw0C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,GAAW,EAAO8R,UAChCihD,EAAO7wC,OAAOtkB,MACbm1D,CACX,CAEE,oBAAA5E,CAAqBC,GACnB,OAAOxwD,KAAK6vD,UAAUU,qBAAqBC,EAAMX,WAAaW,EAClE,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,eAAevuD,SAAQgG,IAC3F8xD,GAAO95D,UAAUgI,GACf,WACE,OAAOjI,KAAK6vD,UAAU5nD,IACvB,CAAA,IC9KL,MAAM2yD,gBAAyC9jD,EAAK8G,wBAAwB,CAACqmC,KACvE4W,GAAoB,IAAIllD,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,aAClEsnD,GAAgB,IAAInlD,IAAI,CAC5BlL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAO6E,WACrC/I,EAAMkE,OAAOa,aAAc/E,EAAMkE,OAAOosD,gBAY1C,MAAMC,GAMJ,qBAAAC,CAAsBnH,EAAYoH,EAAoB,IAAIvlD,KACxD,IAAI6iD,EACA2C,EACAhG,EACAiG,EAEJ,IAAK,MAAMzsD,KAAUmlD,EAAY,CAE/B,GAAInlD,aAAkBo+B,GAAmB,CACR+tB,GAAc92D,IAAI2K,EAAOoP,OACzBq9C,IAI3BA,EADEP,GAAkB72D,IAAI2K,EAAOoP,KACjB88C,GAEAC,IAGlB,QACR,CAEM,MAAM/8C,EAAMpP,EAAO/O,YAAYme,IAC/B,GAAIq9C,EAAa,CACf,IAAKA,EAAYp3D,IAAI+Z,GAAM,SAC3Bq9C,EAAc,IACtB,CACM,GAAIF,EAAkBl3D,IAAI+Z,GACxB,MAAUxc,MAAM,2BAA2Bwc,GAE7C,OAAQA,GACN,KAAKtT,EAAMkE,OAAO5C,UAClB,KAAKtB,EAAMkE,OAAOK,UAChB,GAAIhP,KAAK6vD,UACP,MAAUtuD,MAAM,oCAIlB,GAFAvB,KAAK6vD,UAAYlhD,EACjBwsD,EAAen7D,KAAKqmD,YACf8U,EACH,MAAU55D,MAAM,kBAElB,MACF,KAAKkJ,EAAMkE,OAAOY,OAClB,KAAK9E,EAAMkE,OAAOc,cAChB+oD,EAAO,IAAIP,GAAKtpD,EAAQ3O,MACxBA,KAAKq7D,MAAMv4D,KAAK01D,GAChB,MACF,KAAK/tD,EAAMkE,OAAOa,aAClB,KAAK/E,EAAMkE,OAAOM,aAChBupD,EAAO,KACPrD,EAAS,IAAI4E,GAAOprD,EAAQ3O,MAC5BA,KAAKs7D,QAAQx4D,KAAKqyD,GAClB,MACF,KAAK1qD,EAAMkE,OAAOE,UAChB,OAAQF,EAAOu1C,eACb,KAAKz5C,EAAMoE,UAAUuB,YACrB,KAAK3F,EAAMoE,UAAUwB,YACrB,KAAK5F,EAAMoE,UAAUyB,WACrB,KAAK7F,EAAMoE,UAAU0B,aACnB,IAAKioD,EAAM,CACT1hD,EAAKuE,WAAW,mEAChB,QAChB,CACkB1M,EAAOgD,YAAY4xC,OAAO4X,GAC5B3C,EAAKJ,mBAAmBt1D,KAAK6L,GAE7B6pD,EAAKH,oBAAoBv1D,KAAK6L,GAEhC,MACF,KAAKlE,EAAMoE,UAAU2B,eACfgoD,EACFA,EAAKF,qBAAqBx1D,KAAK6L,GAE/B3O,KAAKu7D,iBAAiBz4D,KAAK6L,GAE7B,MACF,KAAKlE,EAAMoE,UAAU8B,IACnB3Q,KAAKu7D,iBAAiBz4D,KAAK6L,GAC3B,MACF,KAAKlE,EAAMoE,UAAU4B,cACnB,IAAK0kD,EAAQ,CACXr+C,EAAKuE,WAAW,qEAChB,QAChB,CACc85C,EAAO8E,kBAAkBn3D,KAAK6L,GAC9B,MACF,KAAKlE,EAAMoE,UAAU+B,cACnB5Q,KAAKs4D,qBAAqBx1D,KAAK6L,GAC/B,MACF,KAAKlE,EAAMoE,UAAUgC,iBACnB,IAAKskD,EAAQ,CACXr+C,EAAKuE,WAAW,wEAChB,QAChB,CACc85C,EAAOmD,qBAAqBx1D,KAAK6L,IAK/C,CACA,CAME,YAAA4pD,GACE,MAAMzE,EAAa,IAAItL,GAMvB,OALAsL,EAAWhxD,KAAK9C,KAAK6vD,WACrBiE,EAAWhxD,QAAQ9C,KAAKs4D,sBACxBxE,EAAWhxD,QAAQ9C,KAAKu7D,kBACxBv7D,KAAKq7D,MAAM12D,KAAI6zD,GAAQ1E,EAAWhxD,QAAQ01D,EAAKD,kBAC/Cv4D,KAAKs7D,QAAQ32D,KAAIwwD,GAAUrB,EAAWhxD,QAAQqyD,EAAOoD,kBAC9CzE,CACX,CAOE,KAAAlxD,CAAM44D,GAAqB,GACzB,MAAM7qD,EAAM,IAAI3Q,KAAKJ,YAAYI,KAAKu4D,gBAiBtC,OAhBIiD,GACF7qD,EAAIwoD,UAAUl3D,SAAQsX,IAMpB,GAJAA,EAAEs2C,UAAY/vD,OAAOilB,OACnBjlB,OAAO27D,eAAeliD,EAAEs2C,WACxB/vD,OAAOkI,0BAA0BuR,EAAEs2C,aAEhCt2C,EAAEs2C,UAAUM,cAAe,OAEhC,MAAMpa,EAAgB,CAAE,EACxBj2C,OAAO02C,KAAKj9B,EAAEs2C,UAAU9Z,eAAe9zC,SAAQgG,IAC7C8tC,EAAc9tC,GAAQ,IAAIxG,WAAW8X,EAAEs2C,UAAU9Z,cAAc9tC,GAAM,IAEvEsR,EAAEs2C,UAAU9Z,cAAgBA,CAAa,IAGtCplC,CACX,CAQE,UAAA+qD,CAAWlY,EAAQ,MAIjB,OAHgBxjD,KAAKs7D,QAAQ/wD,QAAO4qD,IACjC3R,GAAS2R,EAAO9O,WAAW9C,OAAOC,GAAO,IAGhD,CAQE,OAAA2V,CAAQ3V,EAAQ,MACd,MAAMhN,EAAO,GAIb,OAHKgN,IAASxjD,KAAKqmD,WAAW9C,OAAOC,GAAO,IAC1ChN,EAAK1zC,KAAK9C,MAELw2C,EAAKhyC,OAAOxE,KAAK07D,WAAWlY,GACvC,CAME,SAAAmY,GACE,OAAO37D,KAAKm5D,UAAUx0D,KAAIgM,GAAOA,EAAI01C,YACzC,CAME,UAAAuV,GACE,OAAO57D,KAAKq7D,MAAM12D,KAAI6zD,GACbA,EAAKjpD,OAASipD,EAAKjpD,OAAOA,OAAS,OACzChF,QAAOgF,GAAqB,OAAXA,GACxB,CAME,KAAAxM,GACE,OAAO/C,KAAKu4D,eAAex1D,OAC/B,CAYE,mBAAM81D,CAAcrV,EAAQ,KAAMb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SACnEvX,KAAK67D,iBAAiBlZ,EAAMpzC,EAAQ2E,GAC1C,MAAMkhD,EAAap1D,KAAK6vD,UACxB,IACEiM,GAA4B1G,EAAYlhD,EACzC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EAC3D,CACI,MAAMilC,EAAUt7D,KAAKs7D,QAAQ34D,QAAQm4C,MAAK,CAACx8B,EAAGzG,IAAMA,EAAEg4C,UAAUpL,QAAUnmC,EAAEuxC,UAAUpL,UACtF,IAAIvmC,EACJ,IAAK,MAAMi3C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAOz0B,OAAOiiB,EAAMzuC,GAC1B,MAAMwgD,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAMwxD,EAAOtF,WAC/CsK,QAAyBC,GAC7BjF,EAAO8E,kBAAmB7E,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,EAAMzuC,GAE3F,IAAK6nD,GAAgC5G,EAAOtF,UAAWsK,EAAkBjmD,GACvE,SAEF,IAAKimD,EAAiB3nD,kBACpB,MAAUjR,MAAM,8BAOlB,aAJM64D,GACJ,CAACD,EAAiB3nD,mBAAoB2iD,EAAOtF,UAAWplD,EAAMoE,UAAU6B,WAAYgkD,EAAc/R,EAAMzuC,GAE1G4nD,GAA4B3G,EAAOtF,UAAW37C,GACvCihD,CACR,CAAC,MAAOjxD,GACPga,EAAYha,CACtB,CAII,IACE,MAAMs1D,QAA0Bx5D,KAAKg2D,wBAAwBrT,EAAMpzC,EAAQ2E,GAC3E,KAAMsvC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCuY,GAAgC3G,EAAYoE,EAAmBtlD,GAEjE,OADA4nD,GAA4B1G,EAAYlhD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,kDAAoD3d,KAAKqmD,WAAW/a,QAASptB,EACtG,CAYE,sBAAM89C,CAAiBxY,EAAOb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,SAC/DvX,KAAK67D,iBAAiBlZ,EAAMpzC,EAAQ2E,GAC1C,MAAMkhD,EAAap1D,KAAK6vD,UACxB,IACEiM,GAA4B1G,EAAYlhD,EACzC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EAC3D,CAEI,MAAMilC,EAAUt7D,KAAKs7D,QAAQ34D,QAAQm4C,MAAK,CAACx8B,EAAGzG,IAAMA,EAAEg4C,UAAUpL,QAAUnmC,EAAEuxC,UAAUpL,UACtF,IAAIvmC,EACJ,IAAK,MAAMi3C,KAAUmG,EACnB,IAAK9X,GAAS2R,EAAO9O,WAAW9C,OAAOC,GACrC,UACQ2R,EAAOz0B,OAAOiiB,EAAMzuC,GAC1B,MAAMwgD,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAMwxD,EAAOtF,WAC/CsK,QAAyBC,GAA+BjF,EAAO8E,kBAAmB7E,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,EAAMzuC,GACvJ,GAAI+nD,GAAmC9G,EAAOtF,UAAWsK,EAAkBjmD,GAEzE,OADA4nD,GAA4B3G,EAAOtF,UAAW37C,GACvCihD,CAEV,CAAC,MAAOjxD,GACPga,EAAYha,CACtB,CAII,IAEE,MAAMs1D,QAA0Bx5D,KAAKg2D,wBAAwBrT,EAAMpzC,EAAQ2E,GAC3E,KAAMsvC,GAAS4R,EAAW/O,WAAW9C,OAAOC,KACxCyY,GAAmC7G,EAAYoE,EAAmBtlD,GAEpE,OADA4nD,GAA4B1G,EAAYlhD,GACjClU,IAEV,CAAC,MAAOkE,GACPga,EAAYha,CAClB,CACI,MAAM4S,EAAK6G,UAAU,qDAAuD3d,KAAKqmD,WAAW/a,QAASptB,EACzG,CAcE,eAAM46C,CAAUjqD,EAAW8B,EAAKgyC,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,OAAO2iD,GACLl6D,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAK6vD,WAAa7vD,KAAKs4D,qBAAsBzpD,EAAW8B,EAAKgyC,EAAMzuC,EAE/H,CAWE,sBAAM2nD,CAAiBlZ,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC9D,MAAM69C,EAAap1D,KAAK6vD,UAExB,SAAU7vD,KAAK84D,UAAU,KAAM,KAAMnW,EAAMzuC,GACzC,MAAU3S,MAAM,0BAKlB,GAAI84D,GAAqBjF,QAFOp1D,KAAKg2D,wBAAwBrT,EAAMpzC,EAAQ2E,GAEnByuC,GACtD,MAAUphD,MAAM,0BAElB,GAA2B,IAAvB6zD,EAAW1d,QAAe,CAE5B,MAAMwkB,QAAwB9B,GAC5Bp6D,KAAKu7D,iBAAkBnG,EAAY3qD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKykD,GAAczS,EAAMzuC,GACnF7T,OAAM,SAER,GAAI67D,GAAmB7B,GAAqBjF,EAAY8G,EAAiBvZ,GACvE,MAAUphD,MAAM,yBAExB,CACA,CAUE,uBAAMmmD,CAAkBn4C,EAAQ2E,EAASqD,GACvC,IAAI4kD,EACJ,IACE,MAAM3C,QAA0Bx5D,KAAKg2D,wBAAwB,KAAMzmD,EAAQ2E,GACrEkoD,EAAmB7B,GAA4Bv6D,KAAK6vD,UAAW2J,GAC/D6C,EAAgB7C,EAAkB9R,oBAClCwU,EAA6C,IAA3Bl8D,KAAK6vD,UAAUnY,eAC/B0iB,GACJp6D,KAAKu7D,iBAAkBv7D,KAAK6vD,UAAWplD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAK3Q,KAAK6vD,WAAa,KAAM37C,GAC3F7T,OAAM,SACV,GAAI67D,EAAiB,CACnB,MAAMI,EAAqB/B,GAA4Bv6D,KAAK6vD,UAAWqM,GAGvEC,EAAmB1zD,KAAKsd,IAAIq2C,EAAkBC,EAAeC,EACrE,MACQH,EAAmBC,EAAmBC,EAAgBD,EAAmBC,CAE5E,CAAC,MAAOn4D,GACPi4D,EAAmB,IACzB,CAEI,OAAOrlD,EAAKuB,cAAc8jD,EAC9B,CAcE,6BAAMnG,CAAwBrT,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GACrE,MAAM69C,EAAap1D,KAAK6vD,UACxB,GAA2B,IAAvBuF,EAAW1d,QACb,OAAO0iB,GACLp6D,KAAKu7D,iBAAkBnG,EAAY3qD,EAAMoE,UAAU8B,IAAK,CAAEA,IAAKykD,GAAczS,EAAMzuC,GAGvF,MAAMslD,kBAAEA,SAA4Bx5D,KAAKu8D,eAAe5Z,EAAMpzC,EAAQ2E,GACtE,OAAOslD,CACX,CAeE,oBAAM+C,CAAe5Z,EAAO,IAAI5qC,KAAQxI,EAAS,CAAE,EAAE2E,EAASqD,GAC5D,MAAM69C,EAAap1D,KAAK6vD,UAClBwL,EAAQ,GACd,IAAIn9C,EACJ,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAKq7D,MAAMz5D,OAAQE,IACrC,IACE,MAAM02D,EAAOx4D,KAAKq7D,MAAMv5D,GACxB,IAAK02D,EAAKjpD,OACR,SAEF,QACmBnN,IAAhBmN,EAAOtH,MAAsBuwD,EAAKjpD,OAAOtH,OAASsH,EAAOtH,WACxC7F,IAAjBmN,EAAO0jD,OAAuBuF,EAAKjpD,OAAO0jD,QAAU1jD,EAAO0jD,YACxC7wD,IAAnBmN,EAAO2jD,SAAyBsF,EAAKjpD,OAAO2jD,UAAY3jD,EAAO2jD,QAEhE,MAAU3xD,MAAM,iDAElB,MAAMmzD,EAAe,CAAEnlD,OAAQipD,EAAKjpD,OAAQoB,IAAKykD,GAC3CoE,QAA0BY,GAA+B5B,EAAKJ,mBAAoBhD,EAAY3qD,EAAMoE,UAAUuB,YAAaskD,EAAc/R,EAAMzuC,GACrJmnD,EAAMv4D,KAAK,CAAEoa,MAAOpb,EAAG02D,OAAMgB,qBAC9B,CAAC,MAAOt1D,GACPga,EAAYha,CACpB,CAEI,IAAKm3D,EAAMz5D,OAET,MAAMsc,GAAiB3c,MAAM,qCAEzBrB,QAAQ4E,IAAIu2D,EAAM12D,KAAIrC,eAAgBgc,GAC1C,OAAOA,EAAEk7C,kBAAkB7T,SAAWrnC,EAAEk6C,KAAKM,UAAUx6C,EAAEk7C,kBAAmB,KAAM7W,EAAMzuC,EAC9F,KAEI,MAAMsoD,EAAcnB,EAAMvgB,MAAK,SAASx8B,EAAGzG,GACzC,MAAMmrB,EAAI1kB,EAAEk7C,kBACNiD,EAAI5kD,EAAE2hD,kBACZ,OAAOiD,EAAE9W,QAAU3iB,EAAE2iB,SAAW3iB,EAAEoiB,gBAAkBqX,EAAErX,iBAAmBpiB,EAAEyhB,QAAUgY,EAAEhY,OACxF,IAAEiY,OACGlE,KAAEA,EAAMgB,kBAAmBmD,GAASH,EAC1C,GAAIG,EAAKhX,eAAiB6S,EAAKM,UAAU6D,EAAM,KAAMha,EAAMzuC,GACzD,MAAU3S,MAAM,2BAElB,OAAOi7D,CACX,CAeE,YAAMl4C,CAAOs4C,EAAWja,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClD,IAAKvX,KAAKuwD,qBAAqBqM,GAC7B,MAAUr7D,MAAM,4DAElB,IAAKvB,KAAK24D,aAAeiE,EAAUjE,YAAa,CAQ9C,KANe34D,KAAKs7D,QAAQ15D,SAAWg7D,EAAUtB,QAAQ15D,QAClD5B,KAAKs7D,QAAQj/B,OAAMwgC,GACXD,EAAUtB,QAAQ52D,MAAKo4D,GACrBD,EAAWtM,qBAAqBuM,QAI/C,MAAUv7D,MAAM,iEAGlB,OAAOq7D,EAAUt4C,OAAOtkB,KAAMkU,EACpC,CAKI,MAAM6oD,EAAa/8D,KAAK4C,QA0CxB,aAxCM63D,GAAuBmC,EAAWG,EAAY,uBAAwBpa,GAAMgX,GACzEO,GAAqB6C,EAAWlN,UAAWplD,EAAMoE,UAAU+B,cAAemsD,EAAY,CAACpD,GAAY,KAAMiD,EAAU/M,UAAWlN,EAAMzuC,WAGvIumD,GAAuBmC,EAAWG,EAAY,mBAAoBpa,SAElEziD,QAAQ4E,IAAI83D,EAAUvB,MAAM12D,KAAIrC,UAGpC,MAAM06D,EAAgBD,EAAW1B,MAAM9wD,QAAO0yD,GAC3CC,EAAQ3tD,QAAU2tD,EAAQ3tD,OAAOg0C,OAAO0Z,EAAQ1tD,SAChD2tD,EAAQztD,eAAiBytD,EAAQztD,cAAc8zC,OAAO0Z,EAAQxtD,iBAEjE,GAAIutD,EAAcp7D,OAAS,QACnB1B,QAAQ4E,IACZk4D,EAAcr4D,KAAIw4D,GAAgBA,EAAa74C,OAAO44C,EAASva,EAAMzuC,UAElE,CACL,MAAMkpD,EAAUF,EAAQt6D,QACxBw6D,EAAQjF,QAAU4E,EAClBA,EAAW1B,MAAMv4D,KAAKs6D,EAC9B,YAGUl9D,QAAQ4E,IAAI83D,EAAUtB,QAAQ32D,KAAIrC,UAEtC,MAAM+6D,EAAkBN,EAAWzB,QAAQ/wD,QAAO+yD,GAChDA,EAAU/M,qBAAqBuM,KAEjC,GAAIO,EAAgBz7D,OAAS,QACrB1B,QAAQ4E,IACZu4D,EAAgB14D,KAAI44D,GAAkBA,EAAej5C,OAAOw4C,EAAWna,EAAMzuC,UAE1E,CACL,MAAMspD,EAAYV,EAAUl6D,QAC5B46D,EAAUrF,QAAU4E,EACpBA,EAAWzB,QAAQx4D,KAAK06D,EAChC,MAGWT,CACX,CAUE,8BAAMU,CAAyB9a,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACzD,MAAMm9C,EAAe,CAAE/jD,IAAK3Q,KAAK6vD,WAC3B2H,QAA4B4C,GAA+Bp6D,KAAKs4D,qBAAsBt4D,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAe8jD,EAAc/R,EAAMzuC,GACzJ4/C,EAAa,IAAItL,GACvBsL,EAAWhxD,KAAK00D,GAEhB,MAAMn1C,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,EAAM1I,EAAM0I,MAAMpH,UAAW+nD,EAAW/wD,QAAS,KAAM,KAAM,mCAAoCsf,EAAcnO,EAC1H,CAYE,gCAAMwpD,CAA2BC,EAAuBhb,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAClF,MAAMhX,QAAc8gB,EAAQs8C,GAEtBnG,SADmBhP,GAAWC,WAAWloD,EAAMsG,KAAM+zD,GAA0B1mD,IAC9Cu1C,WAAWh/C,EAAMkE,OAAOE,WAC/D,IAAK2oD,GAAuBA,EAAoBtT,gBAAkBz5C,EAAMoE,UAAU+B,cAChF,MAAUrP,MAAM,8CAElB,IAAKi2D,EAAoB7lD,YAAY4xC,OAAOvjD,KAAKqmD,YAC/C,MAAU9kD,MAAM,2CAElB,UACQi2D,EAAoB92B,OAAO1gC,KAAK6vD,UAAWplD,EAAMoE,UAAU+B,cAAe,CAAED,IAAK3Q,KAAK6vD,WAAalN,OAAMvgD,EAAW8R,EAC3H,CAAC,MAAOhQ,GACP,MAAM4S,EAAK6G,UAAU,wCAAyCzZ,EACpE,CACI,MAAMyM,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAI2nD,qBAAqBx1D,KAAK00D,GACvB7mD,CACX,CAWE,qBAAMitD,CAAgBC,EAAalb,EAAMpzC,EAAQ2E,EAASqD,GACxD,MAAM2F,MAAEA,EAAKs7C,KAAEA,SAAex4D,KAAKu8D,eAAe5Z,EAAMpzC,EAAQ2E,GAC1D4pD,QAAiBtF,EAAKC,QAAQoF,EAAalb,EAAMzuC,GACjDvD,EAAM3Q,KAAK4C,QAEjB,OADA+N,EAAI0qD,MAAMn+C,GAAS4gD,EACZntD,CACX,CAUE,kBAAMotD,CAAaF,EAAalb,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1D,MAAM5G,EAAM3Q,KAAK4C,QAIjB,OAHA+N,EAAI0qD,YAAcn7D,QAAQ4E,IAAI9E,KAAKq7D,MAAM12D,KAAI,SAAS6zD,GACpD,OAAOA,EAAKC,QAAQoF,EAAalb,EAAMzuC,EAC7C,KACWvD,CACX,CAiBE,uBAAMqtD,CAAkB/E,EAAkBtW,EAAO,IAAI5qC,KAAQxI,EAAQ2E,EAASqD,GAC5E,MAAM69C,EAAap1D,KAAK6vD,WAClB2I,KAAEA,SAAex4D,KAAKu8D,eAAe5Z,EAAMpzC,EAAQ2E,GAIzD,OAHgB+kD,QACRT,EAAKY,wBAAwBH,EAAkBtW,EAAMzuC,GAC3D,CAAC,CAAEsvC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAK93B,OAAOiiB,EAAMzuC,GAAQ7T,OAAM,KAAM,KAE1F,CAiBE,oBAAM49D,CAAehF,EAAkBtW,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACjE,MAAM69C,EAAap1D,KAAK6vD,UAClBqO,EAAU,GAehB,aAdMh+D,QAAQ4E,IAAI9E,KAAKq7D,MAAM12D,KAAIrC,UAC/B,MAAMmyD,EAAawE,QACXT,EAAKY,wBAAwBH,EAAkBtW,EAAMzuC,GAC3D,CAAC,CAAEsvC,MAAO4R,EAAW/O,WAAYkT,YAAaf,EAAK93B,OAAOiiB,EAAMzuC,GAAQ7T,OAAM,KAAM,MAEtF69D,EAAQp7D,QAAQ2xD,EAAW9vD,KACzBkK,IAAc,CACZU,OAAQipD,EAAKjpD,OAASipD,EAAKjpD,OAAOA,OAAS,KAC3CE,cAAe+oD,EAAK/oD,cACpB+zC,MAAO30C,EAAU20C,MACjB+V,MAAO1qD,EAAU0qD,UAEpB,KAEI2E,CACX,EAGA,CAAC,WAAY,iBAAkB,mBAAoB,kBAAmB,wBAAwBj8D,SAAQgG,IACpG+yD,GAAI/6D,UAAUgI,GACd8xD,GAAO95D,UAAUgI,EAAK,ICntBxB,MAAMk2D,WAAkBnD,GAItB,WAAAp7D,CAAYk0D,GAOV,GANAj0D,QACAG,KAAK6vD,UAAY,KACjB7vD,KAAKs4D,qBAAuB,GAC5Bt4D,KAAKu7D,iBAAmB,GACxBv7D,KAAKq7D,MAAQ,GACbr7D,KAAKs7D,QAAU,GACXxH,IACF9zD,KAAKi7D,sBAAsBnH,EAAY,IAAIn+C,IAAI,CAAClL,EAAMkE,OAAOK,UAAWvE,EAAMkE,OAAOM,iBAChFjP,KAAK6vD,WACR,MAAUtuD,MAAM,yCAGxB,CAME,SAAAo3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,OAAOp+D,IACX,CAOE,KAAAmT,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,EAAM1I,EAAM0I,MAAMpH,UAAW/L,KAAKu4D,eAAex1D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACpH,ECpDA,MAAMmqD,WAAmBF,GAIvB,WAAAv+D,CAAYk0D,GAGV,GAFAj0D,QACAG,KAAKi7D,sBAAsBnH,EAAY,IAAIn+C,IAAI,CAAClL,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOa,iBAChFxP,KAAK6vD,UACR,MAAUtuD,MAAM,0CAEtB,CAME,SAAAo3D,GACE,OAAO,CACX,CAME,QAAAyF,GACE,MAAMtK,EAAa,IAAItL,GACjB8V,EAAat+D,KAAKu4D,eACxB,IAAK,MAAM1I,KAAayO,EACtB,OAAQzO,EAAUjwD,YAAYme,KAC5B,KAAKtT,EAAMkE,OAAOK,UAAW,CAC3B,MAAMuvD,EAAe9O,GAAgBE,oBAAoBE,GACzDiE,EAAWhxD,KAAKy7D,GAChB,KACV,CACQ,KAAK9zD,EAAMkE,OAAOM,aAAc,CAC9B,MAAMuvD,EAAkBzN,GAAmBC,uBAAuBnB,GAClEiE,EAAWhxD,KAAK07D,GAChB,KACV,CACQ,QACE1K,EAAWhxD,KAAK+sD,GAGtB,OAAO,IAAIsO,GAAUrK,EACzB,CAOE,KAAA3gD,CAAMe,EAASqD,GAEb,MAAM8K,EAA0C,IAA3BriB,KAAK6vD,UAAUnY,QACpC,OAAOvkC,EAAM1I,EAAM0I,MAAMK,WAAYxT,KAAKu4D,eAAex1D,aAASX,OAAWA,OAAWA,EAAWigB,EAAcnO,EACrH,CAaE,uBAAMuqD,CAAkBjb,EAAOb,EAAO,IAAI5qC,KAAQxI,EAAS,CAAA,EAAI2E,EAASqD,GACtE,MAAM69C,EAAap1D,KAAK6vD,UAClBrZ,EAAO,GACb,IAAIt4B,EAAY,KAChB,IAAK,IAAIpc,EAAI,EAAGA,EAAI9B,KAAKs7D,QAAQ15D,OAAQE,IACvC,IAAK0hD,GAASxjD,KAAKs7D,QAAQx5D,GAAGukD,WAAW9C,OAAOC,GAAO,GAAO,CAC5D,GAAIxjD,KAAKs7D,QAAQx5D,GAAG+tD,UAAUqC,UAAW,CACvCh0C,EAAYA,GAAiB3c,MAAM,uDACnC,QACV,CAEQ,IACE,MAAMmzD,EAAe,CAAE/jD,IAAKykD,EAAYzxD,KAAM3D,KAAKs7D,QAAQx5D,GAAG+tD,WACxDsK,QAAyBC,GAA+Bp6D,KAAKs7D,QAAQx5D,GAAGm4D,kBAAmB7E,EAAY3qD,EAAMoE,UAAU4B,cAAeikD,EAAc/R,EAAMzuC,GAC5JwqD,GAAmC1+D,KAAKs7D,QAAQx5D,GAAG+tD,UAAWsK,EAAkBjmD,IAClFsiC,EAAK1zC,KAAK9C,KAAKs7D,QAAQx5D,GAE1B,CAAC,MAAOoC,GACPga,EAAYha,CACtB,CACA,CAII,MAAMs1D,QAA0Bx5D,KAAKg2D,wBAAwBrT,EAAMpzC,EAAQ2E,GAS3E,GARMsvC,IAAS4R,EAAW/O,WAAW9C,OAAOC,GAAO,KAAUkb,GAAmCtJ,EAAYoE,EAAmBtlD,KACzHkhD,EAAWlD,UACbh0C,EAAYA,GAAiB3c,MAAM,uDAEnCi1C,EAAK1zC,KAAK9C,OAIM,IAAhBw2C,EAAK50C,OAEP,MAAMsc,GAAiB3c,MAAM,mCAG/B,OAAOi1C,CACX,CAME,WAAA2Z,GACE,OAAOnwD,KAAKm5D,UAAUz0D,MAAK,EAAGmrD,eAAgBA,EAAUM,eAC5D,CAYE,cAAMuC,CAASx+C,EAASqD,GACtB,IAAKvX,KAAK24D,YACR,MAAUp3D,MAAM,gCAGlB,IAAIk0D,EACJ,GAAKz1D,KAAK6vD,UAAUqC,UAEb,CAKL,MAAM0G,QAAmB54D,KAAK64D,cAAc,KAAM,UAAMz2D,EAAW,IAAK8R,EAAQuC,0BAA2B,IAAId,IAAOP,WAAY,IAE9HwjD,IAAeA,EAAW/I,UAAUqC,YACtCuD,EAAmBmD,EAAW/I,UAEtC,MAXM4F,EAAmBz1D,KAAK6vD,UAa1B,GAAI4F,EACF,OAAOA,EAAiB/C,WACnB,CACL,MAAMlc,EAAOx2C,KAAKm5D,UAElB,GADmB3iB,EAAK7xC,KAAIgM,GAAOA,EAAIk/C,UAAUqC,YAAW71B,MAAMsiC,SAEhE,MAAUp9D,MAAM,wCAGlB,OAAOrB,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,SAAaqO,EAAIk/C,UAAU6C,aAC7D,CACA,CAKE,kBAAAL,GACEryD,KAAKm5D,UAAUl3D,SAAQ,EAAG4tD,gBACpBA,EAAUM,eACZN,EAAUwC,oBAClB,GAEA,CAYE,YAAMuH,EAEFC,KAAMxU,EAA0B56C,EAAM4H,oBAAoBoB,SAC1DqmD,OAAQxU,EAA4B,IAClC,CAAE,EACN3C,EAAO,IAAI5qC,KACX7D,EAASqD,GAET,IAAKvX,KAAK24D,YACR,MAAUp3D,MAAM,iCAElB,MAAM8zD,EAAa,CAAE1kD,IAAK3Q,KAAK6vD,WACzBl/C,EAAM3Q,KAAK4C,QAMjB,OALA+N,EAAI2nD,qBAAqBx1D,WAAW63D,GAA6BtF,EAAY,GAAIr1D,KAAK6vD,UAAW,CAC/F3L,cAAez5C,EAAMoE,UAAU+B,cAC/By0C,wBAAyB56C,EAAM1H,MAAM0H,EAAM4H,oBAAqBgzC,GAChEC,6BACC3C,OAAMvgD,OAAWA,OAAWA,EAAW8R,IACnCvD,CACX,CAkBE,eAAMiuD,CAAU94D,EAAU,IACxB,MAAMoO,EAAS,IAAKqD,KAAkBzR,EAAQoO,QAC9C,GAAIpO,EAAQwxC,WACV,MAAU/1C,MAAM,gEAElB,GAAIuE,EAAQwuD,QAAUpgD,EAAOkB,WAC3B,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBtP,EAAQwuD,WAEnF,MAAM1E,EAAkB5vD,KAAK6vD,UAC7B,GAAID,EAAgBsC,UAClB,MAAU3wD,MAAM,8CAElB,IAAKquD,EAAgBO,cACnB,MAAU5uD,MAAM,wBAElB,MAAMs9D,EAAiBjP,EAAgBa,mBACvCoO,EAAe5qD,KAiBnB,SAA8B8gB,GAG5B,OAFatqB,EAAM1H,MAAM0H,EAAMsB,UAAWgpB,IAGxC,KAAKtqB,EAAMsB,UAAUE,WACrB,KAAKxB,EAAMsB,UAAUC,eACrB,KAAKvB,EAAMsB,UAAUG,QACrB,KAAKzB,EAAMsB,UAAUK,IACnB,MAAO,MACT,KAAK3B,EAAMsB,UAAUO,MACrB,KAAK7B,EAAMsB,UAAUQ,YACnB,MAAO,MACT,KAAK9B,EAAMsB,UAAUZ,QACnB,MAAO,aACT,KAAKV,EAAMsB,UAAUa,MACnB,MAAO,WACT,QACE,MAAUrL,MAAM,yBAEtB,CApC0Bu9D,CAAqBD,EAAenpB,WAC1DmpB,EAAevK,QAAUuK,EAAe7iD,MAAQ,KAChD6iD,EAAen0D,MAAQm0D,EAAen0D,OAAS,mBAC/C5E,EAAUi5D,GAA0Bj5D,EAAS+4D,GAK7C,MAAMhP,QAAkBmP,GAA4Bl5D,EAAS,IAAKoO,EAAQQ,OAAmC,IAA3B1U,KAAK6vD,UAAUnY,UACjGokB,GAA4BjM,EAAW37C,GACvC,MAAMimD,QAAyB8E,GAA8BpP,EAAWD,EAAiB9pD,EAASoO,GAC5FgrD,EAAal/D,KAAKu4D,eAExB,OADA2G,EAAWp8D,KAAK+sD,EAAWsK,GACpB,IAAIkE,GAAWa,EAC1B,EClOA,MAAMC,gBAAkCroD,EAAK8G,wBAAwB,CACnE6xC,GACAsB,GACAO,GACAmC,GACAT,GACA9B,GACAjN,KASF,SAASmb,GAAUtL,GACjB,IAAK,MAAMnlD,KAAUmlD,EACnB,OAAQnlD,EAAO/O,YAAYme,KACzB,KAAKtT,EAAMkE,OAAOK,UAChB,OAAO,IAAIqvD,GAAWvK,GACxB,KAAKrpD,EAAMkE,OAAO5C,UAChB,OAAO,IAAIoyD,GAAUrK,GAG3B,MAAUvyD,MAAM,sBAClB,CAgHAe,eAAe+8D,GAAczP,EAAiB0P,EAAqBx5D,EAASoO,GAEtEpO,EAAQwxC,kBACJsY,EAAgB7hC,QAAQjoB,EAAQwxC,WAAYpjC,SAG9ChU,QAAQ4E,IAAIw6D,EAAoB36D,KAAIrC,eAAe2uD,EAAoB/zC,GAC3E,MAAMqiD,EAAmBz5D,EAAQw1D,QAAQp+C,GAAOo6B,WAC5CioB,SACItO,EAAmBljC,QAAQwxC,EAAkBrrD,EAEzD,KAEE,MAAM4/C,EAAa,IAAItL,GAGvB,SAASgX,EAAqBC,EAAOC,GACnC,MAAO,CAACA,KAAkBD,EAAMl1D,QAAOkY,GAAQA,IAASi9C,IAC5D,CAEE,SAASC,IACP,MAAMrK,EAAsB,CAAE,EAC9BA,EAAoBnjD,SAAW,CAAC1H,EAAM0H,SAASS,YAAcnI,EAAM0H,SAASU,UAC5E,MAAM+sD,EAAsBJ,EAAqB,CAE/C/0D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,QACfgH,EAAOE,6BAEV,GADAkhD,EAAoB7jD,6BAA+BmuD,EAC/C1rD,EAAOI,YAAa,CACtB,MAAMurD,EAAiBL,EAAqB,CAC1C/0D,EAAM6D,KAAKG,IACXhE,EAAM6D,KAAKC,IACX9D,EAAM6D,KAAKE,KACV0F,EAAOM,wBACV8gD,EAAoB3iD,sBAAwBktD,EAAeC,SAAQtU,GAC1DoU,EAAoBj7D,KAAIo7D,GACtB,CAACA,EAAoBvU,MAGtC,CAuBI,OAtBA8J,EAAoBzjD,wBAA0B2tD,EAAqB,CAEjE/0D,EAAMkD,KAAKI,OACXtD,EAAMkD,KAAKM,OACXxD,EAAMkD,KAAKQ,SACX1D,EAAMkD,KAAKS,UACV8F,EAAOC,wBACVmhD,EAAoBxjD,+BAAiC0tD,EAAqB,CACxE/0D,EAAM6C,YAAYC,aAClB9C,EAAM6C,YAAYG,KAClBhD,EAAM6C,YAAYE,KACjB0G,EAAOG,+BAEVihD,EAAoBhjD,SAAW,CAAC,GAChCgjD,EAAoBhjD,SAAS,IAAM7H,EAAM6H,SAASwB,sBAC9CI,EAAOI,cACTghD,EAAoBhjD,SAAS,IAAM7H,EAAM6H,SAAS0B,SAEhDlO,EAAQyL,kBAAoB,IAC9B+jD,EAAoB/jD,kBAAoBzL,EAAQyL,kBAChD+jD,EAAoBxQ,iBAAkB,GAEjCwQ,CACX,CAEE,GApDAxB,EAAWhxD,KAAK8sD,GAoDgB,IAA5BA,EAAgBlY,QAAe,CACjC,MAAM2d,EAAa,CACjB1kD,IAAKi/C,GAGD0F,EAAsBqK,IAC5BrK,EAAoBpR,cAAgBz5C,EAAMoE,UAAU8B,IAEpD,MAAMo3C,QAAwB4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqBxvD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,GAChK4/C,EAAWhxD,KAAKilD,EACpB,OAEQ7nD,QAAQ4E,IAAIgB,EAAQk6D,QAAQr7D,KAAIrC,eAAeiN,EAAQ2N,GAC3D,MAAM+iD,EAAejN,GAAavd,WAAWlmC,GACvC8lD,EAAa,CACjB9lD,OAAQ0wD,EACRtvD,IAAKi/C,GAED0F,EAAkD,IAA5B1F,EAAgBlY,QAAgBioB,IAA8B,CAAE,EAC5FrK,EAAoBpR,cAAgBz5C,EAAMoE,UAAU0B,aACtC,IAAV2M,IACFo4C,EAAoBlQ,iBAAkB,GAKxC,MAAO,CAAE6a,eAAclY,sBAFO4S,GAA6BtF,EAAY,GAAIzF,EAAiB0F,EAAqBxvD,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,GAGpK,KAAMrR,MAAK4B,IACPA,EAAKxC,SAAQ,EAAGg+D,eAAclY,sBAC5B+L,EAAWhxD,KAAKm9D,GAChBnM,EAAWhxD,KAAKilD,EAAgB,GAChC,UAGE7nD,QAAQ4E,IAAIw6D,EAAoB36D,KAAIrC,eAAe2uD,EAAoB/zC,GAC3E,MAAMgjD,EAAgBp6D,EAAQw1D,QAAQp+C,GAEtC,MAAO,CAAE+zC,qBAAoBkP,4BADOlB,GAA8BhO,EAAoBrB,EAAiBsQ,EAAehsD,GAE1H,KAAMrR,MAAK6lD,IACPA,EAAQzmD,SAAQ,EAAGgvD,qBAAoBkP,4BACrCrM,EAAWhxD,KAAKmuD,GAChB6C,EAAWhxD,KAAKq9D,EAAsB,GACtC,IAKJ,MAAM9K,EAAa,CAAE1kD,IAAKi/C,GAkB1B,OAjBAkE,EAAWhxD,WAAW63D,GAA6BtF,EAAY,GAAIzF,EAAiB,CAClF1L,cAAez5C,EAAMoE,UAAU+B,cAC/By0C,wBAAyB56C,EAAM4H,oBAAoBoB,SACnD6xC,0BAA2B,IAC1Bx/C,EAAQ68C,UAAMvgD,OAAWA,OAAWA,EAAW8R,IAE9CpO,EAAQwxC,YACVsY,EAAgByC,2BAGZnyD,QAAQ4E,IAAIw6D,EAAoB36D,KAAIrC,eAAe2uD,EAAoB/zC,GAClDpX,EAAQw1D,QAAQp+C,GAAOo6B,YAE9C2Z,EAAmBoB,oBAEzB,KAES,IAAIgM,GAAWvK,EACxB,CAYOxxD,eAAe89D,IAAQC,WAAEA,EAAUC,UAAEA,EAAWpsD,OAAAA,KAAWigD,IAEhE,GADAjgD,EAAS,IAAKqD,KAAkBrD,IAC3BmsD,IAAeC,EAClB,MAAU/+D,MAAM,4EAElB,GAAI8+D,IAAevpD,EAAKC,SAASspD,GAC/B,MAAU9+D,MAAM,gDAElB,GAAI++D,IAAcxpD,EAAKtV,aAAa8+D,GAClC,MAAU/+D,MAAM,mDAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAAInC,EACJ,GAAI8/D,EAAY,CACd,MAAMpsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQg/C,GACrC,GAAMpsD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WAC3D,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,MACItG,EAAQ+/D,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAWloD,EAAO4+D,GAAmBjrD,GACnEqsD,EAAWzM,EAAWnK,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApBuxD,EAAS3+D,OACX,MAAUL,MAAM,uBAGlB,OAAO69D,GADoBtL,EAAWnxD,MAAM49D,EAAS,GAAIA,EAAS,IAEpE,CAYOj+D,eAAek+D,IAAeH,WAAEA,EAAUC,UAAEA,EAAWpsD,OAAAA,KAAWigD,IAEvE,GADAjgD,EAAS,IAAKqD,KAAkBrD,IAC3BmsD,IAAeC,EAClB,MAAU/+D,MAAM,mFAElB,GAAI8+D,IAAevpD,EAAKC,SAASspD,GAC/B,MAAU9+D,MAAM,uDAElB,GAAI++D,IAAcxpD,EAAKtV,aAAa8+D,GAClC,MAAU/+D,MAAM,0DAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAAInC,EACJ,GAAI8/D,EAAY,CACd,MAAMpsD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQg/C,GACrC,GAAMpsD,IAASxJ,EAAM0I,MAAMK,WACzB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,MACItG,EAAQ+/D,EAEV,MAAMxM,QAAmBtL,GAAWC,WAAWloD,EAAO4+D,GAAmBjrD,GACnEqsD,EAAWzM,EAAWnK,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIy+D,EAAS3+D,OAAQE,IAAK,CACxC,GAAIgyD,EAAWyM,EAASz+D,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAM00D,EAAsB3M,EAAWnxD,MAAM49D,EAASz+D,GAAIy+D,EAASz+D,EAAI,IACvE,OAAO,IAAIu8D,GAAWoC,EAC1B,CACE,MAAUl/D,MAAM,6BAClB,CAYOe,eAAeo+D,IAASC,YAAEA,EAAWC,WAAEA,EAAY1sD,OAAAA,KAAWigD,IACnEjgD,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQogE,GAAeC,EAC3B,IAAKrgE,EACH,MAAUgB,MAAM,+EAElB,GAAIo/D,IAAgB7pD,EAAKC,SAAS4pD,GAChC,MAAUp/D,MAAM,kDAElB,GAAIq/D,IAAe9pD,EAAKtV,aAAao/D,GACnC,MAAUr/D,MAAM,qDAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAIi+D,EAAa,CACf,MAAM1sD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQs/C,GACrC,GAAI1sD,IAASxJ,EAAM0I,MAAMpH,WAAakI,IAASxJ,EAAM0I,MAAMK,WACzD,MAAUjS,MAAM,gCAElBhB,EAAQsG,CACZ,CACE,MAAM2vC,EAAO,GACPsd,QAAmBtL,GAAWC,WAAWloD,EAAO4+D,GAAmBjrD,GACnEqsD,EAAWzM,EAAWnK,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,GAAwB,IAApBuxD,EAAS3+D,OACX,MAAUL,MAAM,uBAElB,IAAK,IAAIO,EAAI,EAAGA,EAAIy+D,EAAS3+D,OAAQE,IAAK,CACxC,MACM++D,EAASzB,GADItL,EAAWnxD,MAAM49D,EAASz+D,GAAIy+D,EAASz+D,EAAI,KAE9D00C,EAAK1zC,KAAK+9D,EACd,CACE,OAAOrqB,CACT,CAYOl0C,eAAew+D,IAAgBH,YAAEA,EAAWC,WAAEA,EAAU1sD,OAAEA,IAC/DA,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQogE,GAAeC,EAC3B,IAAKrgE,EACH,MAAUgB,MAAM,sFAElB,GAAIo/D,IAAgB7pD,EAAKC,SAAS4pD,GAChC,MAAUp/D,MAAM,yDAElB,GAAIq/D,IAAe9pD,EAAKtV,aAAao/D,GACnC,MAAUr/D,MAAM,4DAElB,GAAIo/D,EAAa,CACf,MAAM1sD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQs/C,GACrC,GAAI1sD,IAASxJ,EAAM0I,MAAMK,WACvB,MAAUjS,MAAM,wCAElBhB,EAAQsG,CACZ,CACE,MAAM2vC,EAAO,GACPsd,QAAmBtL,GAAWC,WAAWloD,EAAO4+D,GAAmBjrD,GACnEqsD,EAAWzM,EAAWnK,WAAWl/C,EAAMkE,OAAO5C,UAAWtB,EAAMkE,OAAOK,WAC5E,IAAK,IAAIlN,EAAI,EAAGA,EAAIy+D,EAAS3+D,OAAQE,IAAK,CACxC,GAAIgyD,EAAWyM,EAASz+D,IAAIlC,YAAYme,MAAQtT,EAAMkE,OAAO5C,UAC3D,SAEF,MAAMg1D,EAAajN,EAAWnxD,MAAM49D,EAASz+D,GAAIy+D,EAASz+D,EAAI,IACxD++D,EAAS,IAAIxC,GAAW0C,GAC9BvqB,EAAK1zC,KAAK+9D,EACd,CACE,GAAoB,IAAhBrqB,EAAK50C,OACP,MAAUL,MAAM,8BAElB,OAAOi1C,CACT,CC5bA,MAAMwqB,gBAAsClqD,EAAK8G,wBAAwB,CACvE8kC,GACAoH,GACA8D,GACArC,GACAqF,GACA/C,GACAuB,GACAvH,GACA5D,KAGIgd,gBAA4CnqD,EAAK8G,wBAAwB,CAACwxC,KAE1E8R,gBAAgDpqD,EAAK8G,wBAAwB,CAACqmC,KAO7E,MAAMkd,GAIX,WAAAvhE,CAAYk0D,GACV9zD,KAAK0oD,QAAUoL,GAAc,IAAItL,EACrC,CAME,mBAAA4Y,GACE,MAAMC,EAAS,GAKf,OAJ0BrhE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOC,8BAC9C3M,SAAQ,SAAS0M,GACjC0yD,EAAOv+D,KAAK6L,EAAOm/C,YACzB,IACWuT,CACX,CAME,gBAAAtN,GACE,MAAMxoC,EAAMvrB,KAAKshE,mBAEXC,EAAiBh2C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOI,kBAC5D,GAAIwyD,EAAe3/D,OAAS,EAC1B,OAAO2/D,EAAe58D,KAAIgK,GAAUA,EAAOgD,cAI7C,OADsB4Z,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACtClK,KAAIgK,GAAUA,EAAOgD,aAC9C,CAYE,aAAM0c,CAAQmzC,EAAgBC,EAAWC,EAAa/e,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAChF,MAAMoqD,EAAyB3hE,KAAK0oD,QAAQW,YAC1C5+C,EAAMkE,OAAOQ,2BACb1E,EAAMkE,OAAOe,mCACbjF,EAAMkE,OAAOiB,mBAGf,GAAsC,IAAlC+xD,EAAuB//D,OACzB,MAAUL,MAAM,2BAGlB,MAAMqgE,EAAqBD,EAAuB,GAC5CE,EAA6BD,EAAmBlW,gBAEhDoW,EAAoBJ,SAAqB1hE,KAAK+hE,mBAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAMzuC,GAEpI,IAAIgK,EAAY,KAChB,MAAM8jD,EAAmB9hE,QAAQ4E,IAAIg9D,EAAkBn9D,KAAIrC,OAASozC,UAAWusB,EAAep7D,WAC5F,IAAKiQ,EAAKtV,aAAaqF,KAAW+6D,EAAmBlW,kBAAoB50C,EAAKC,SAASkrD,GACrF,MAAU1gE,MAAM,uCAGlB,IACE,MAAMkhB,EAAOm/C,EAAmBlW,iBAAmBjhD,EAAM1H,MAAM0H,EAAMoC,UAAWo1D,SAC1EL,EAAmBvzC,QAAQ5L,EAAM5b,EAAMqN,EAC9C,CAAC,MAAOhQ,GACP4S,EAAKyE,gBAAgBrX,GACrBga,EAAYha,CACpB,MAOI,GAJAg+D,EAAcN,EAAmBhW,WACjCgW,EAAmBhW,UAAY,WACzBoW,GAEDJ,EAAmBlZ,UAAYkZ,EAAmBlZ,QAAQ9mD,OAC7D,MAAMsc,GAAiB3c,MAAM,sBAG/B,MAAM4gE,EAAY,IAAIhB,GAAQS,EAAmBlZ,SAGjD,OAFAkZ,EAAmBlZ,QAAU,IAAIF,GAE1B2Z,CACX,CAeE,wBAAMJ,CAAmBP,EAAgBC,EAAWI,EAA4Blf,EAAO,IAAI5qC,KAAQ7D,EAASqD,GAC1G,IAEI2G,EAFAkkD,EAA6B,GAGjC,GAAIX,EAAW,CACb,MAAMY,EAAeriE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOG,wBAC3D,GAA4B,IAAxBuzD,EAAazgE,OACf,MAAUL,MAAM,8DAEZrB,QAAQ4E,IAAI28D,EAAU98D,KAAIrC,eAAeq1C,EAAU71C,GACvD,IAAI4mD,EAEFA,EADE5mD,QACc0mD,GAAWC,WAAW4Z,EAAat/D,QAASk+D,GAA6B/sD,GAE/EmuD,QAENniE,QAAQ4E,IAAI4jD,EAAQ/jD,KAAIrC,eAAeggE,GAC3C,UACQA,EAAYj0C,QAAQspB,GAC1ByqB,EAA2Bt/D,KAAKw/D,EACjC,CAAC,MAAOjsC,GACPvf,EAAKyE,gBAAgB8a,GACjBA,aAAe0gB,KACjB74B,EAAYmY,EAE1B,CACA,IACA,IACK,KAAM,KAAImrC,EA8FT,MAAUjgE,MAAM,iCA9FS,CACzB,MAAMghE,EAAeviE,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOC,8BAC3D,GAA4B,IAAxB2zD,EAAa3gE,OACf,MAAUL,MAAM,2DAEZrB,QAAQ4E,IAAIy9D,EAAa59D,KAAIrC,eAAekgE,SAC1CtiE,QAAQ4E,IAAI08D,EAAe78D,KAAIrC,eAAemgE,GAClD,IAAIC,EACJ,IAEEA,SAA8BD,EAAchE,kBAAkB+D,EAAY1U,YAAa,UAAM1rD,EAAW8R,IAASvP,KAAIgM,GAAOA,EAAIk/C,WACjI,CAAC,MAAOx5B,GAEP,YADAnY,EAAYmY,EAExB,CAEU,IAAIopC,EAAQ,CACVh1D,EAAMoC,UAAUO,OAChB3C,EAAMoC,UAAUK,OAChBzC,EAAMoC,UAAUE,UAChBtC,EAAMoC,UAAUG,OAElB,IACE,MAAMwsD,QAA0BiJ,EAAczM,wBAAwBrT,OAAMvgD,EAAW8R,GACnFslD,EAAkB/nD,+BACpBguD,EAAQA,EAAMj7D,OAAOg1D,EAAkB/nD,8BAE1C,CAAC,MAAOvN,GAAG,OAENhE,QAAQ4E,IAAI49D,EAAqB/9D,KAAIrC,eAAeqgE,GACxD,IAAKA,EAAoBxS,cACvB,MAAU5uD,MAAM,oCAWlB,GAPiC2S,EAAOuB,8BACtC+sD,EAAYpe,qBAAuB35C,EAAMsB,UAAUE,YACnDu2D,EAAYpe,qBAAuB35C,EAAMsB,UAAUC,gBACnDw2D,EAAYpe,qBAAuB35C,EAAMsB,UAAUG,SACnDs2D,EAAYpe,qBAAuB35C,EAAMsB,UAAUI,SAGvB,CAW5B,MAAMy2D,EAAkBJ,EAAYz/D,cAC9B7C,QAAQ4E,KACZ+8D,EACE,CAACA,GACDliE,MAAM4gB,KAAKrM,EAAOwB,0DACpB/Q,KAAIrC,UACJ,MAAMugE,EAAkB,IAAIhV,GAC5BgV,EAAgBxgE,KAAKugE,GACrB,MAAMlU,EAAmB,CACvB7C,sBACAoC,WAAY9xC,GAAOqzC,mBAAmB3D,IAExC,UACQgX,EAAgBx0C,QAAQs0C,EAAqBjU,GACnD0T,EAA2Bt/D,KAAK+/D,EACjC,CAAC,MAAOxsC,GAEPvf,EAAKyE,gBAAgB8a,GACrBnY,EAAYmY,CAC9B,KAGA,MACc,UACQmsC,EAAYn0C,QAAQs0C,GAC1B,MAAM5C,EAAqB8B,GAA8BW,EAAY3W,oBACrE,GAAIkU,IAAuBN,EAAMvgD,SAASzU,EAAM1H,MAAM0H,EAAMoC,UAAWkzD,IACrE,MAAUx+D,MAAM,iDAElB6gE,EAA2Bt/D,KAAK0/D,EACjC,CAAC,MAAOnsC,GACPvf,EAAKyE,gBAAgB8a,GACrBnY,EAAYmY,CAC5B,CAEA,IACA,KACQ6rC,EAAcM,EAAY5W,WAC1B4W,EAAY5W,UAAY,IAChC,IACA,CAEA,CAEI,GAAIwW,EAA2BxgE,OAAS,EAAG,CAEzC,GAAIwgE,EAA2BxgE,OAAS,EAAG,CACzC,MAAMkhE,EAAO,IAAIntD,IACjBysD,EAA6BA,EAA2B73D,QAAOw4D,IAC7D,MAAMxpD,EAAIwpD,EAAKlX,oBAAsB/0C,EAAKmD,mBAAmB8oD,EAAK9U,YAClE,OAAI6U,EAAK9+D,IAAIuV,KAGbupD,EAAK7+D,IAAIsV,IACF,EAAI,GAErB,CAEM,OAAO6oD,EAA2Bz9D,KAAIgK,IAAW,CAC/C9H,KAAM8H,EAAOs/C,WACbvY,UAAW/mC,EAAOk9C,qBAAuBphD,EAAMpI,KAAKoI,EAAMoC,UAAW8B,EAAOk9C,wBAEpF,CACI,MAAM3tC,GAAiB3c,MAAM,iCACjC,CAME,cAAAyhE,GACE,MACMlzD,EADM9P,KAAKshE,mBACG5Y,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQizC,YAAe,IAC9C,CAME,WAAAG,GACE,MACMpzC,EADM9P,KAAKshE,mBACG5Y,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAQS,GAAWA,EAAQozC,eAAkB,IACjD,CAME,OAAAJ,GACE,MACMhzC,EADM9P,KAAKshE,mBACG5Y,QAAQe,WAAWh/C,EAAMkE,OAAOU,aACpD,OAAIS,EACKA,EAAQgzC,UAEV,IACX,CAWE,+BAAa0M,CAAmByT,EAAiB,GAAItgB,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI9rD,EAASqD,GAC7F,MAAM8+B,cAAEA,EAAa6sB,SAAEA,SPlIpB5gE,eAAuCk0C,EAAO,GAAImM,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI9rD,EAASqD,GACjG,MAAM4rD,QAAiBjjE,QAAQ4E,IAAI0xC,EAAK7xC,KAAI,CAACgM,EAAK7O,IAAM6O,EAAIqlD,wBAAwBrT,EAAMqd,EAAQl+D,GAAIoS,MAKtG,GAJiBsiC,EAAK50C,OACpBuhE,EAAS9mC,OAAM+mC,GAAWA,EAAQ9wD,UAAa8wD,EAAQ9wD,SAAS,GAAK7H,EAAM6H,SAAS0B,UACpFE,EAAOI,YAEK,CACZ,MAAM+uD,EAAqB,CAAEhtB,cAAe5rC,EAAMoC,UAAUK,OAAQg2D,SAAUz4D,EAAM6D,KAAKE,KACnF80D,EAAsB,CAC1B,CAAEjtB,cAAeniC,EAAOE,4BAA6B8uD,SAAUhvD,EAAOM,wBACtE,CAAE6hC,cAAeniC,EAAOE,4BAA6B8uD,SAAUz4D,EAAM6D,KAAKE,KAC1E,CAAE6nC,cAAe5rC,EAAMoC,UAAUK,OAAQg2D,SAAUhvD,EAAOM,yBAE5D,IAAK,MAAM+uD,KAAsBD,EAC/B,GAAIH,EAAS9mC,OAAM+mC,GAAWA,EAAQzwD,uBAAyBywD,EAAQzwD,sBAAsBjO,MAC3F8+D,GAAeA,EAAY,KAAOD,EAAmBltB,eAAiBmtB,EAAY,KAAOD,EAAmBL,aAE5G,OAAOK,EAGX,OAAOF,CACX,CACE,MAAMI,EAAiBh5D,EAAMoC,UAAUK,OACjCw2D,EAAiBxvD,EAAOE,4BAC9B,MAAO,CACLiiC,cAAe8sB,EAAS9mC,OAAM+mC,GAAWA,EAAQ3xD,8BAAgC2xD,EAAQ3xD,6BAA6ByN,SAASwkD,KAC7HA,EACAD,EACFP,cAAU9gE,EAEd,COoG8CuhE,CAAwBV,EAAgBtgB,EAAMqd,EAAS9rD,GAC3F0vD,EAAoBn5D,EAAMpI,KAAKoI,EAAMoC,UAAWwpC,GAChDwtB,EAAeX,EAAWz4D,EAAMpI,KAAKoI,EAAM6D,KAAM40D,QAAY9gE,QAE7DlC,QAAQ4E,IAAIm+D,EAAet+D,KAAIgM,GAAOA,EAAIqrD,mBAC7C37D,OAAM,IAAM,OACZwC,MAAKihE,IACJ,GAAIA,IAAaA,EAASjU,UAAUna,YAAcjrC,EAAMsB,UAAUW,QAAUo3D,EAASjU,UAAUna,YAAcjrC,EAAMsB,UAAUY,QAC1Hk3D,IAAiB/sD,EAAK0H,MAAM63B,GAC7B,MAAU90C,MAAM,2MAC1B,OAKI,MAAO,CAAEsF,KADcsV,GAAOqzC,mBAAmBnZ,GAClBX,UAAWkuB,EAAmBpY,cAAeqY,EAChF,CAeE,aAAM91C,CAAQk1C,EAAgBxB,EAAWxT,EAAYnK,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI9rD,EAASqD,GACtI,GAAI02C,GACF,IAAKn3C,EAAKtV,aAAaysD,EAAWpnD,QAAUiQ,EAAKC,SAASk3C,EAAWvY,WACnE,MAAUn0C,MAAM,4CAEb,GAAI0hE,GAAkBA,EAAerhE,OAC1CqsD,QAAmBkT,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMqd,EAAS9rD,OACxE,KAAIutD,IAAaA,EAAU7/D,OAGhC,MAAUL,MAAM,gDAFhB0sD,QAAmBkT,GAAQ3R,wBAAmBptD,OAAWA,OAAWA,EAAW8R,EAGrF,CAEI,MAAQrN,KAAMsoD,EAAgBzZ,UAAWusB,EAAezW,cAAewY,GAAsB/V,EAEvF1iC,QAAY41C,GAAQ8C,kBAAkB9U,EAAgB8S,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMqd,EAAS9rD,GAE9J0tD,EAAqBrW,GAAyC9V,WAAW,CAC7EiC,QAASssB,EAAoB,EAAI,EACjCxY,cAAewY,EAAoBv5D,EAAM1H,MAAM0H,EAAM6D,KAAM01D,GAAqB,OAElFpC,EAAmBlZ,QAAU1oD,KAAK0oD,QAElC,MAAMhT,EAAYjrC,EAAM1H,MAAM0H,EAAMoC,UAAWo1D,GAK/C,aAJML,EAAmB7zC,QAAQ2nB,EAAWyZ,EAAgBj7C,GAE5DqX,EAAIm9B,QAAQ5lD,KAAK8+D,GACjBA,EAAmBlZ,QAAU,IAAIF,GAC1Bj9B,CACX,CAiBE,8BAAa04C,CAAkBhW,EAAYgU,EAAe+B,EAAmBf,EAAgBxB,EAAW3d,GAAW,EAAOigB,EAAmB,GAAIphB,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI9rD,EAASqD,GACzL,MAAMu8C,EAAa,IAAItL,GACjBuX,EAAqBt1D,EAAM1H,MAAM0H,EAAMoC,UAAWo1D,GAClDzW,EAAgBwY,GAAqBv5D,EAAM1H,MAAM0H,EAAM6D,KAAM01D,GAEnE,GAAIf,EAAgB,CAClB,MAAM/E,QAAgBh+D,QAAQ4E,IAAIm+D,EAAet+D,KAAIrC,eAAe8yD,EAAYtzD,GAC9E,MAAM4tC,QAAsB0lB,EAAW4G,iBAAiB+H,EAAiBjiE,GAAI6gD,EAAMqd,EAAS9rD,GAEtFgwD,EAAgBrW,GAAmCpY,WAAW,CAClEiC,QAAS8T,EAAgB,EAAI,EAC7B0C,oBAAqBxe,EAAcmgB,UACnC1B,mBAAoBrK,EACpBmK,aACApC,oBAAqBkU,IAKvB,aAFMmE,EAAcn2C,QAAQ2hB,EAAcmgB,kBACnCqU,EAAcjW,WACdiW,CACf,KACMpQ,EAAWhxD,QAAQo7D,EACzB,CACI,GAAIuD,EAAW,CACb,MAAM0C,EAAc7hE,eAAeutD,EAAWlY,GAC5C,IAEE,aADMkY,EAAUxhC,QAAQspB,GACjB,CACR,CAAC,MAAOzzC,GACP,OAAO,CACjB,CACO,EAEKuuB,EAAM,CAAC2xC,EAAaC,IAAiBD,EAAcC,EAEnDC,EAAkBhiE,eAAe2rD,EAAYvY,EAAW8V,EAAe7T,GAC3E,MAAM4sB,EAA+B,IAAInV,GAA6Bl7C,GAQtE,GAPAqwD,EAA6BtW,WAAaA,EAC1CsW,EAA6B1Y,oBAAsBnW,EAC/C8V,IACF+Y,EAA6B/Y,cAAgBA,SAEzC+Y,EAA6Bx2C,QAAQ4pB,EAAUzjC,GAEjDA,EAAOmB,uBAAwB,CAEjC,GAA4B,WADNnV,QAAQ4E,IAAI28D,EAAU98D,KAAI6/D,GAAOL,EAAYI,EAA8BC,OACrF/6B,OAAOhX,GACjB,OAAO6xC,EAAgBrW,EAAYvY,EAAWiC,EAE1D,CAGQ,cADO4sB,EAA6BtW,WAC7BsW,CACR,EAEKrG,QAAgBh+D,QAAQ4E,IAAI28D,EAAU98D,KAAI6/D,GAAOF,EAAgBrW,EAAY8R,EAAoBvU,EAAegZ,MACtH1Q,EAAWhxD,QAAQo7D,EACzB,CAEI,OAAO,IAAIiD,GAAQrN,EACvB,CAgBE,UAAM3zB,CAAKu4B,EAAc,GAAIlD,EAAgB,GAAI3mD,EAAY,KAAM41D,EAAgB,GAAI9hB,EAAO,IAAI5qC,KAAQ2sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIjxC,EAASqD,GAC7K,MAAMu8C,EAAa,IAAItL,GAEjBmc,EAAoB3kE,KAAK0oD,QAAQe,WAAWh/C,EAAMkE,OAAOU,aAC/D,IAAKs1D,EACH,MAAUpjE,MAAM,mCAGlB,MAAMqjE,QAAyBC,GAAuBF,EAAmBjM,EAAalD,EAAe3mD,EAAW41D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAOjxC,GACnL4wD,EAA0BF,EAAiBjgE,KAC/C,CAACojD,EAAiBjmD,IAAM+lD,GAAuBC,oBAAoBC,EAAuB,IAANjmD,KACnFkpB,UAMH,OAJA8oC,EAAWhxD,QAAQgiE,GACnBhR,EAAWhxD,KAAK6hE,GAChB7Q,EAAWhxD,QAAQ8hE,GAEZ,IAAIzD,GAAQrN,EACvB,CAQE,QAAA7J,CAASxnC,EAAMvO,EAASqD,GACtB,GAAIkL,IAAShY,EAAM6C,YAAYC,aAC7B,OAAOvN,KAGT,MAAM+pD,EAAa,IAAID,GAAqB51C,GAC5C61C,EAAWrU,UAAYjzB,EACvBsnC,EAAWrB,QAAU1oD,KAAK0oD,QAE1B,MAAMwW,EAAa,IAAI1W,GAGvB,OAFA0W,EAAWp8D,KAAKinD,GAET,IAAIoX,GAAQjC,EACvB,CAgBE,kBAAM6F,CAAarM,EAAc,GAAIlD,EAAgB,GAAI3mD,EAAY,KAAM41D,EAAgB,GAAIO,EAAkB,GAAIriB,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI7a,EAAY,GAAIjxC,EAASqD,GAC7K,MAAMotD,EAAoB3kE,KAAK0oD,QAAQe,WAAWh/C,EAAMkE,OAAOU,aAC/D,IAAKs1D,EACH,MAAUpjE,MAAM,mCAElB,OAAO,IAAIsyD,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAe3mD,EAAW41D,EAAeO,EAAiBriB,EAAMqd,EAAS7a,GAAW,EAAMjxC,GAChL,CAcE,YAAMwsB,CAAOu4B,EAAkBtW,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACzD,MAAMgU,EAAMvrB,KAAKshE,mBACX2D,EAAkB15C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3B41D,EAAgBrjE,OAClB,MAAUL,MAAM,yDAEdygB,EAAqBuJ,EAAIm9B,QAAQ1nD,SACnCuqB,EAAIm9B,QAAQ5lD,cAAcmf,EAAiBsJ,EAAIm9B,QAAQ1nD,QAAQirB,GAAKA,GAAK,MAE3E,MAAMs1C,EAAiBh2C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOI,kBAAkBic,UACxEk6C,EAAgB35C,EAAIm9B,QAAQW,YAAY5+C,EAAMkE,OAAOE,WAC3D,OAAI0yD,EAAe3/D,SAAWsjE,EAActjE,QAAUkV,EAAK7V,SAASsqB,EAAIm9B,QAAQ1nD,UAAYghB,EAAqBuJ,EAAIm9B,QAAQ1nD,eACrHd,QAAQ4E,IAAIy8D,EAAe58D,KAAIrC,UACnC2lD,EAAWG,iBAAmB,IAAIloD,SAAQ,CAACC,EAASC,KAClD6nD,EAAWkd,wBAA0BhlE,EACrC8nD,EAAWmd,uBAAyBhlE,CAAM,IAE5C6nD,EAAW5D,cAAgB4B,GAAiB3jD,gBAAmB2lD,EAAWG,kBAAkB/D,gBAC5F4D,EAAWxqB,OAASxb,QAAuBgmC,EAAWt6C,KAAKs6C,EAAW/D,cAAe+gB,EAAgB,QAAI7iE,GAAW,IACpH6lD,EAAWxqB,OAAOp9B,OAAM,QAAS,KAEnCkrB,EAAIm9B,QAAQ1nD,OAAS4gB,EAAqB2J,EAAIm9B,QAAQ1nD,QAAQsB,MAAO4C,EAAUC,KAC7E,MAAMzB,EAASme,EAAiB3c,GAC1BvE,EAASmhB,EAAiB3c,GAChC,IACE,IAAK,IAAIrD,EAAI,EAAGA,EAAIy/D,EAAe3/D,OAAQE,IAAK,CAC9C,MAAQS,MAAOsM,SAAoBnL,EAAOrB,OAC1Ck/D,EAAez/D,GAAGqjE,wBAAwBt2D,EACtD,OACgBnL,EAAOjB,kBACP9B,EAAOgF,YACPhF,EAAOsC,OACd,CAAC,MAAOiB,GACPq9D,EAAet/D,SAAQgmD,IACrBA,EAAWmd,uBAAuBlhE,EAAE,UAEhCvD,EAAOuC,MAAMgB,EAC7B,KAEamhE,GAA0B9D,EAAgB0D,EAAiBhM,EAAkBtW,GAAM,EAAOzuC,IAE5FmxD,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,GAAM,EAAOzuC,EACpG,CAeE,cAAAoxD,CAAez2D,EAAWoqD,EAAkBtW,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACtE,MACM0tD,EADMjlE,KAAKshE,mBACW5Y,QAAQW,YAAY5+C,EAAMkE,OAAOU,aAC7D,GAA+B,IAA3B41D,EAAgBrjE,OAClB,MAAUL,MAAM,yDAGlB,OAAO8jE,GADex2D,EAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACjBo2D,EAAiBhM,EAAkBtW,GAAM,EAAMzuC,EACnG,CAME,gBAAAotD,GACE,MAAMvX,EAAa/pD,KAAK0oD,QAAQW,YAAY5+C,EAAMkE,OAAOO,gBACzD,OAAI66C,EAAWnoD,OACN,IAAIu/D,GAAQpX,EAAW,GAAGrB,SAE5B1oD,IACX,CAOE,qBAAMulE,CAAgBC,EAAmBtxD,EAASqD,SAC1CvX,KAAK0oD,QAAQrmD,KACjByU,EAAKtV,aAAagkE,GAAqBA,SAA2BnkD,EAAQmkD,IAAoB3+D,KAC9Fq6D,GACAhtD,EAEN,CAME,KAAAnR,GACE,OAAO/C,KAAK0oD,QAAQ3lD,OACxB,CAOE,KAAAoQ,CAAMe,EAASqD,GACb,MAAMkuD,EAAiBzlE,KAAK0oD,QAAQ1oD,KAAK0oD,QAAQ9mD,OAAS,GAGpDygB,EAAeojD,EAAe7lE,YAAYme,MAAQwtC,GAAyCxtC,IACpE,IAA3B0nD,EAAe/tB,QACf13C,KAAK0oD,QAAQhkD,MAAKiK,GAAUA,EAAO/O,YAAYme,MAAQkmC,GAAgBlmC,KAA0B,IAAnBpP,EAAO+oC,UACvF,OAAOvkC,EAAM1I,EAAM0I,MAAMI,QAASvT,KAAK+C,QAAS,KAAM,KAAM,KAAMsf,EAAcnO,EACpF,EAqBO5R,eAAeuiE,GAAuBF,EAAmBjM,EAAalD,EAAgB,GAAI3mD,EAAY,KAAM41D,EAAgB,GAAI9hB,EAAO,IAAI5qC,KAAQ2sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIva,GAAW,EAAO12B,EAASqD,GAC/O,MAAMu8C,EAAa,IAAItL,GAGjBtE,EAA2C,OAA3BygB,EAAkB30D,KACtCvF,EAAMoE,UAAUkB,OAAStF,EAAMoE,UAAUmB,KAa3C,SAXM9P,QAAQ4E,IAAI4zD,EAAY/zD,KAAIrC,MAAO8yD,EAAYtzD,KACnD,MAAM4jE,EAAgBhB,EAAe5iE,GACrC,IAAKszD,EAAWuD,YACd,MAAUp3D,MAAM,gCAElB,MAAMq3D,QAAmBxD,EAAWyD,cAAc4L,EAAc3iE,GAAI6gD,EAAM+iB,EAAexxD,GACzF,OAAOqhD,GAAsBoP,EAAmBnP,EAAc5zD,OAAS4zD,EAAgB,CAACJ,GAAawD,EAAW/I,UAAW,CAAE3L,iBAAiBvB,EAAM+S,EAAkBvQ,EAAWva,EAAU12B,EAAO,KAChMrR,MAAKqiE,IACPpR,EAAWhxD,QAAQoiE,EAAc,IAG/Br2D,EAAW,CACb,MAAM82D,EAAwB92D,EAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WACzEilD,EAAWhxD,QAAQ6iE,EACvB,CACE,OAAO7R,CACT,CAkGOxxD,eAAe+iE,GAA0BH,EAAeD,EAAiBhM,EAAkBtW,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GAC9I,OAAOrX,QAAQ4E,IAAIogE,EAAc36D,QAAO,SAASsE,GAC/C,MAAO,CAAC,OAAQ,UAAUqQ,SAASzU,EAAMpI,KAAKoI,EAAMoE,UAAWA,EAAUq1C,eAC7E,IAAKv/C,KAAIrC,eAAeuM,GACpB,OApFJvM,eAAwCuM,EAAWo2D,EAAiBhM,EAAkBtW,EAAO,IAAI5qC,KAAQ6yB,GAAW,EAAO12B,EAASqD,GAClI,IAAI69C,EACAwQ,EAEJ,IAAK,MAAMj1D,KAAOsoD,EAAkB,CAClC,MAAMC,EAAavoD,EAAIwoD,QAAQtqD,EAAU8C,aACzC,GAAIunD,EAAWt3D,OAAS,EAAG,CACzBwzD,EAAazkD,EACbi1D,EAAuB1M,EAAW,GAClC,KACN,CACA,CAEE,MACM2M,EADqBh3D,aAAqBg5C,GACIh5C,EAAUu5C,iBAAmBv5C,EAE3Ei3D,EAAc,CAClBtiB,MAAO30C,EAAU8C,YACjB4gC,SAAU,WACR,IAAKqzB,EACH,MAAUrkE,MAAM,0CAA0CsN,EAAU8C,YAAY25B,eAG5Ez8B,EAAU6xB,OAAOklC,EAAqB/V,UAAWhhD,EAAUq1C,cAAe+gB,EAAgB,GAAItiB,EAAM/X,EAAU12B,GACpH,MAAM6zC,QAAwB8d,EAC9B,GAAID,EAAqBxV,kBAAoBrI,EAAgBtD,QAC3D,MAAUljD,MAAM,mCAIlB,UACQ6zD,EAAWyD,cAAc+M,EAAqBvf,WAAY0B,EAAgBtD,aAASriD,EAAW8R,EACrG,CAAC,MAAOhQ,GAKP,IAAIgQ,EAAOqB,+CAAgDrR,EAAEqP,QAAQoM,MAAM,4CAGzE,MAAMzb,QAFAkxD,EAAWyD,cAAc+M,EAAqBvf,WAAY1D,OAAMvgD,EAAW8R,EAI3F,CACM,OAAO,CACR,EA1BS,GA2BVrF,UAAW,WACT,MAAMk5C,QAAwB8d,EACxB/R,EAAa,IAAItL,GAEvB,OADAT,GAAmB+L,EAAWhxD,KAAKilD,GAC5B,IAAI8L,GAAUC,EACtB,EALU,IAeb,OAHAgS,EAAYj3D,UAAUxO,OAAM,SAC5BylE,EAAYvzB,SAASlyC,OAAM,SAEpBylE,CACT,CAuBWC,CAAyBl3D,EAAWo2D,EAAiBhM,EAAkBtW,EAAM/X,EAAU12B,EAClG,IACA,CAYO5R,eAAe0jE,IAAYC,eAAEA,EAAcC,cAAEA,EAAehyD,OAAAA,KAAWigD,IAC5EjgD,EAAS,IAAKqD,KAAkBrD,GAChC,IAAI3T,EAAQ0lE,GAAkBC,EAC9B,IAAK3lE,EACH,MAAUgB,MAAM,wFAElB,GAAI0kE,IAAmBnvD,EAAKC,SAASkvD,KAAoBnvD,EAAK7V,SAASglE,GACrE,MAAU1kE,MAAM,kEAElB,GAAI2kE,IAAkBpvD,EAAKtV,aAAa0kE,KAAmBpvD,EAAK7V,SAASilE,GACvE,MAAU3kE,MAAM,qEAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,MAAMyjE,EAAarvD,EAAK7V,SAASV,GACjC,GAAI0lE,EAAgB,CAClB,MAAMhyD,KAAEA,EAAIpN,KAAEA,SAAewa,EAAQ9gB,GACrC,GAAI0T,IAASxJ,EAAM0I,MAAMI,QACvB,MAAUhS,MAAM,oCAElBhB,EAAQsG,CACZ,CACE,MAAMitD,QAAmBtL,GAAWC,WAAWloD,EAAOygE,GAAuB9sD,GACvEX,EAAU,IAAI4tD,GAAQrN,GAE5B,OADAvgD,EAAQq1C,WAAaud,EACd5yD,CACT,CAcOjR,eAAe8jE,IAAcp2D,KAAEA,EAAID,OAAEA,EAAM6yC,SAAEA,EAAQD,KAAEA,EAAO,IAAI5qC,KAAM4mB,OAAEA,QAAkBv8B,IAAT4N,EAAqB,OAAS,aAAamkD,IACnI,MAAM5zD,OAAiB6B,IAAT4N,EAAqBA,EAAOD,EAC1C,QAAc3N,IAAV7B,EACF,MAAUgB,MAAM,yEAElB,GAAIyO,IAAS8G,EAAKC,SAAS/G,KAAU8G,EAAK7V,SAAS+O,GACjD,MAAUzO,MAAM,0DAElB,GAAIwO,IAAW+G,EAAKtV,aAAauO,KAAY+G,EAAK7V,SAAS8O,GACzD,MAAUxO,MAAM,gEAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,MAAMyjE,EAAarvD,EAAK7V,SAASV,GAC3BokE,EAAoB,IAAIjiB,GAAkBC,QACnCvgD,IAAT4N,EACF20D,EAAkB9hB,QAAQtiD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS6uB,IAE5DgmC,EAAkB3hB,SAASziD,EAAOkK,EAAM1H,MAAM0H,EAAMqF,QAAS6uB,SAE9Cv8B,IAAbwgD,GACF+hB,EAAkB1hB,YAAYL,GAEhC,MAAMyjB,EAAwB,IAAI7d,GAClC6d,EAAsBvjE,KAAK6hE,GAC3B,MAAMpxD,EAAU,IAAI4tD,GAAQkF,GAE5B,OADA9yD,EAAQq1C,WAAaud,EACd5yD,CACT,CCn4BA,MAAM+0C,gBAA+BxxC,EAAK8G,wBAAwB,CAACqmC,KAM5D,MAAMqiB,GAKX,WAAA1mE,CAAYoQ,EAAMnB,GAGhB,GADA7O,KAAKgQ,KAAO8G,EAAK0G,qBAAqBxN,GAAMsP,QAAQ,SAAU,QAC1DzQ,KAAeA,aAAqBglD,IACtC,MAAUtyD,MAAM,2BAElBvB,KAAK6O,UAAYA,GAAa,IAAIglD,GAAU,IAAIrL,GACpD,CAME,gBAAAuL,GACE,MAAMsN,EAAS,GAKf,OAJsBrhE,KAAK6O,UAAU65C,QACvBzmD,SAAQ,SAAS0M,GAC7B0yD,EAAOv+D,KAAK6L,EAAOgD,YACzB,IACW0vD,CACX,CAgBE,UAAMlhC,CAAKu4B,EAAalD,EAAgB,GAAI3mD,EAAY,KAAM41D,EAAgB,GAAI9hB,EAAO,IAAI5qC,KAAQ2sD,EAAiB,GAAIhP,EAAmB,GAAIvQ,EAAY,GAAIjxC,EAASqD,GACxK,MAAMotD,EAAoB,IAAIjiB,GAC9BiiB,EAAkB9hB,QAAQ7iD,KAAKgQ,MAC/B,MAAMu2D,EAAe,IAAI1S,SAAgBgR,GAAuBF,EAAmBjM,EAAalD,EAAe3mD,EAAW41D,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBvQ,GAAW,EAAMjxC,IAClM,OAAO,IAAIoyD,GAAiBtmE,KAAKgQ,KAAMu2D,EAC3C,CAcE,MAAA7lC,CAAO8V,EAAMmM,EAAO,IAAI5qC,KAAQ7D,EAASqD,GACvC,MAAM2tD,EAAgBllE,KAAK6O,UAAU65C,QAAQW,YAAY5+C,EAAMkE,OAAOE,WAChE81D,EAAoB,IAAIjiB,GAG9B,OADAiiB,EAAkB9hB,QAAQ7iD,KAAKgQ,MACxBq1D,GAA0BH,EAAe,CAACP,GAAoBnuB,EAAMmM,GAAM,EAAMzuC,EAC3F,CAME,OAAA4uC,GAEE,OAAO9iD,KAAKgQ,KAAKsP,QAAQ,QAAS,KACtC,CAOE,KAAAnM,CAAMe,EAASqD,GAEb,MAAMivD,EAAwBxmE,KAAK6O,UAAU65C,QAAQhkD,MAAKiK,GAA6B,IAAnBA,EAAO+oC,UAOrEx2B,EAAO,CACXvT,KAPW64D,EACX7mE,MAAM4gB,KAAK,IAAI5K,IAAI3V,KAAK6O,UAAU65C,QAAQ/jD,KACxCgK,GAAUlE,EAAMpI,KAAKoI,EAAMkD,KAAMgB,EAAOw1C,eAAewD,kBACrDjlD,OACJ,KAIAsN,KAAMhQ,KAAKgQ,KACXnJ,KAAM7G,KAAK6O,UAAU65C,QAAQ3lD,SAI/B,OAAOoQ,EAAM1I,EAAM0I,MAAMG,OAAQ4N,OAAM9e,OAAWA,OAAWA,EAAWokE,EAAuBtyD,EACnG,EAYO5R,eAAemkE,IAAqBC,iBAAEA,EAAgBxyD,OAAEA,KAAWigD,IAExE,GADAjgD,EAAS,IAAKqD,KAAkBrD,IAC3BwyD,EACH,MAAUnlE,MAAM,gFAElB,IAAKuV,EAAKC,SAAS2vD,GACjB,MAAUnlE,MAAM,mEAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,MAAMnC,QAAc8gB,EAAQqlD,GAC5B,GAAInmE,EAAM0T,OAASxJ,EAAM0I,MAAMG,OAC7B,MAAU/R,MAAM,gCAElB,MAAMuyD,QAAmBtL,GAAWC,WAAWloD,EAAMsG,KAAMyhD,GAAgBp0C,IAY7E,SAAuB8M,EAAS8yC,GAC9B,MAAM6S,EAAiB,SAASC,GAC9B,MAAMC,EAAQl4D,GAAU8T,GAAQ9T,EAAOw1C,gBAAkB1hC,EAEzD,IAAK,IAAI3gB,EAAI,EAAGA,EAAIgyD,EAAWlyD,OAAQE,IACrC,GAAIgyD,EAAWhyD,GAAGlC,YAAYme,MAAQtT,EAAMkE,OAAOE,YAAc+3D,EAAUliE,KAAKmiE,EAAM/S,EAAWhyD,KAC/F,OAAO,EAGX,OAAO,CACR,EAEK8kE,EAAY,GAoBlB,GAnBA5lD,EAAQ/e,SAAQyd,IACd,MAAMonD,EAAapnD,EAAOC,MAAM,gBAChC,IAAImnD,EAaF,MAAUvlE,MAAM,0DAbF,CACd,MAAMwlE,EAAgBD,EAAW,GAC9BxnD,QAAQ,MAAO,IACf7B,MAAM,KACN9Y,KAAIu7B,IACH,IACE,OAAOz1B,EAAM1H,MAAM0H,EAAMkD,KAAMuyB,EAAS40B,cACzC,CAAC,MAAO5wD,GACP,MAAU3C,MAAM,2CAA6C2+B,EAAS40B,cAClF,KAEM8R,EAAU9jE,QAAQikE,EACxB,CAEA,IAGMH,EAAUhlE,SAAW+kE,EAAeC,GACtC,MAAUrlE,MAAM,wDAEpB,CA9CEwf,CAAcxgB,EAAMygB,QAAS8yC,GAC7B,MAAMjlD,EAAY,IAAIglD,GAAUC,GAChC,OAAO,IAAIwS,GAAiB/lE,EAAMyP,KAAMnB,EAC1C,CAoDOvM,eAAe0kE,IAAuBh3D,KAAEA,KAASmkD,IACtD,IAAKnkD,EACH,MAAUzO,MAAM,sEAElB,IAAKuV,EAAKC,SAAS/G,GACjB,MAAUzO,MAAM,yDAElB,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,OAAO,IAAI4jE,GAAiBt2D,EAC9B,CCtKO1N,eAAeo9B,IAAYsgC,QAAEA,EAAU,GAAE1oB,WAAEA,EAAUrjC,KAAEA,EAAIvJ,MAAEA,EAAK4pD,QAAEA,EAAU,KAAI/iD,kBAAEA,EAAoB,EAACoxC,KAAEA,EAAO,IAAI5qC,KAAMujD,QAAEA,EAAU,CAAC,CAAE,GAAC38B,OAAEA,EAAS,UAAWzqB,OAAAA,KAAWigD,IACxI8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAC3BD,GAASvJ,GAIZuJ,EAAOA,GAAQ,MACfvJ,EAAQA,GAAS,qBAJjBuJ,EAAOC,EAAOQ,OAAS,aAAe,MACtChK,EAAQ,oBAKVs1D,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAuB,IAAnBs9D,EAAQp+D,SAAiBsS,EAAOQ,OAClC,MAAUnT,MAAM,oCAElB,GAAa,QAAT0S,GAAkBqgD,EAAUpgD,EAAOkB,WACrC,MAAU7T,MAAM,8BAA8B2S,EAAOkB,oBAAoBk/C,KAG3E,MAAMxuD,EAAU,CAAEk6D,UAAS1oB,aAAYrjC,OAAMqgD,UAAS5pD,QAAO6G,oBAAmBoxC,OAAM2Y,WAEtF,IACE,MAAM3qD,IAAEA,EAAGgtD,sBAAEA,SHIVr7D,eAAwBwD,EAASoO,GACtCpO,EAAQq6B,MAAO,GACfr6B,EAAUi5D,GAA0Bj5D,IAC5Bw1D,QAAUx1D,EAAQw1D,QAAQ32D,KAAI,CAACwwD,EAAQj4C,IAAU6hD,GAA0Bj5D,EAAQw1D,QAAQp+C,GAAQpX,KAC3G,IAAImY,EAAW,CAACkpD,GAAyBrhE,EAASoO,IAClD+J,EAAWA,EAASzZ,OAAOsB,EAAQw1D,QAAQ32D,KAAImB,GAAWk5D,GAA4Bl5D,EAASoO,MAC/F,MAAMw0C,QAAgBxoD,QAAQ4E,IAAImZ,GAE5BtN,QAAY0uD,GAAc3W,EAAQ,GAAIA,EAAQ/lD,MAAM,GAAImD,EAASoO,GACjEypD,QAA8BhtD,EAAI8sD,yBAAyB33D,EAAQ68C,KAAMzuC,GAE/E,OADAvD,EAAI2nD,qBAAuB,GACpB,CAAE3nD,MAAKgtD,wBAChB,CGhBiD1wB,CAASnnC,EAASoO,GAG/D,OAFAvD,EAAIwoD,UAAUl3D,SAAQ,EAAG4tD,eAAgBkI,GAAqBlI,EAAW37C,KAElE,CACLV,WAAY4zD,GAAaz2D,EAAKguB,EAAQzqB,GACtCnI,UAAWq7D,GAAaz2D,EAAIytD,WAAYz/B,EAAQzqB,GAChDypD,wBAEH,CAAC,MAAOtnC,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,CAkBO/zB,eAAe+kE,IAAY7zD,WAAEA,EAAUwsD,QAAEA,EAAU,GAAE1oB,WAAEA,EAAU/lC,kBAAEA,EAAoB,EAACoxC,KAAEA,EAAIhkB,OAAEA,EAAS,UAAWzqB,OAAAA,KAAWigD,IAC1F8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC8rD,EAAUkH,GAAQlH,GAClB,MAAM5L,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAuB,IAAnBs9D,EAAQp+D,QAAiD,IAAjC4R,EAAWq8C,UAAUnY,QAC/C,MAAUn2C,MAAM,oCAElB,MAAMuE,EAAU,CAAE0N,aAAYwsD,UAAS1oB,aAAY/lC,oBAAmBoxC,QAEtE,IACE,MAAQhyC,IAAK22D,EAAc3J,sBAAEA,SHP1Br7D,eAAwBwD,EAASoO,GACtCpO,EAAUyhE,EAASzhE,GACnB,MAAM0N,WAAEA,GAAe1N,EAEvB,IAAK0N,EAAWmlD,YACd,MAAUp3D,MAAM,gCAGlB,GAAIiS,EAAWq8C,UAAUqC,UACvB,MAAU3wD,MAAM,2CAIlB,IADoBiS,EAAW2lD,UAAU98B,OAAM,EAAGwzB,eAAgBA,EAAUM,gBAE1E,MAAU5uD,MAAM,wBAGlB,MAAMquD,EAAkBp8C,EAAWq8C,UAE9B/pD,EAAQw1D,UACXx1D,EAAQw1D,cAAgBp7D,QAAQ4E,IAAI0O,EAAW8nD,QAAQ32D,KAAIrC,UACzD,MAAM2uD,EAAqBkE,EAAOtF,UAC5B6E,EAAe,CAAE/jD,IAAKi/C,EAAiBjsD,KAAMstD,GAC7CkJ,QACJC,GAA+BjF,EAAO8E,kBAAmBrK,EAAiBnlD,EAAMoE,UAAU4B,cAAeikD,EAAc,KAAMxgD,GAC7H7T,OAAM,KAAO,CAAE,KACjB,MAAO,CACL8/B,KAAMg6B,EAAiBhoD,UAAagoD,EAAiBhoD,SAAS,GAAK1H,EAAM0H,SAASU,SACnF,MAIL,MAAMysD,EAAsB9rD,EAAW8nD,QAAQ32D,KAAIwwD,GAAUA,EAAOtF,YACpE,GAAI/pD,EAAQw1D,QAAQ15D,SAAW09D,EAAoB19D,OACjD,MAAUL,MAAM,6DAGlBuE,EAAQw1D,QAAUx1D,EAAQw1D,QAAQ32D,KAAIu7D,GAAiBqH,EAASrH,EAAep6D,KAE/E,MAAM6K,QAAY0uD,GAAczP,EAAiB0P,EAAqBx5D,EAASoO,GACzEypD,QAA8BhtD,EAAI8sD,yBAAyB33D,EAAQ68C,KAAMzuC,GAE/E,OADAvD,EAAI2nD,qBAAuB,GACpB,CAAE3nD,MAAKgtD,yBAEd,SAAS4J,EAASzhE,EAAS6xD,EAAiB,IAK1C,OAJA7xD,EAAQyL,kBAAoBzL,EAAQyL,mBAAqBomD,EAAepmD,kBACxEzL,EAAQwxC,WAAaxgC,EAAKC,SAASjR,EAAQwxC,YAAcxxC,EAAQwxC,WAAaqgB,EAAergB,WAC7FxxC,EAAQ68C,KAAO78C,EAAQ68C,MAAQgV,EAAehV,KAEvC78C,CACX,CACA,CG5CiE0hE,CAAS1hE,EAASoO,GAE/E,MAAO,CACLV,WAAY4zD,GAAaE,EAAgB3oC,EAAQzqB,GACjDnI,UAAWq7D,GAAaE,EAAelJ,WAAYz/B,EAAQzqB,GAC3DypD,wBAEH,CAAC,MAAOtnC,GACP,MAAMvf,EAAK6G,UAAU,6BAA8B0Y,EACvD,CACA,CAoBO/zB,eAAemlE,IAAU92D,IAAEA,EAAGgtD,sBAAEA,EAAqBtrD,oBAAEA,EAAmBswC,KAAEA,EAAO,IAAI5qC,KAAM4mB,OAAEA,EAAS,UAASzqB,OAAEA,KAAWigD,IACzF8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkgD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IACE,MAAMglE,EAAa/J,QACXhtD,EAAI+sD,2BAA2BC,EAAuBhb,EAAMzuC,SAC5DvD,EAAIipD,OAAOvnD,EAAqBswC,EAAMzuC,GAE9C,OAAOwzD,EAAW/O,YAAc,CAC9BnlD,WAAY4zD,GAAaM,EAAY/oC,EAAQzqB,GAC7CnI,UAAWq7D,GAAaM,EAAWtJ,WAAYz/B,EAAQzqB,IACrD,CACFV,WAAY,KACZzH,UAAWq7D,GAAaM,EAAY/oC,EAAQzqB,GAE/C,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,qBAAsB0Y,EAC/C,CACA,CAYO/zB,eAAeqlE,IAAWn0D,WAAEA,EAAU8jC,WAAEA,EAAYpjC,OAAAA,KAAWigD,IAC1B8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkgD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAAK8Q,EAAWmlD,YACd,MAAUp3D,MAAM,+BAElB,MAAMqmE,EAAmBp0D,EAAW5Q,OAAM,GACpCilE,EAAc/wD,EAAKrW,QAAQ62C,GAAcA,EAAa,CAACA,GAE7D,IAOE,aANMp3C,QAAQ4E,IAAI8iE,EAAiBzO,UAAUx0D,KAAIgM,GAE/CmG,EAAKkH,WAAW6pD,EAAYljE,KAAI2yC,GAAc3mC,EAAIk/C,UAAUxhC,QAAQipB,eAGhEswB,EAAiBlV,SAASx+C,GACzB0zD,CACR,CAAC,MAAOvxC,GAEP,MADAuxC,EAAiBvV,qBACXv7C,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,CAYO/zB,eAAewlE,IAAWt0D,WAAEA,EAAU8jC,WAAEA,EAAYpjC,OAAAA,KAAWigD,IAC1B8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC,MAAMkgD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAAK8Q,EAAWmlD,YACd,MAAUp3D,MAAM,+BAElB,MAAMqmE,EAAmBp0D,EAAW5Q,OAAM,GAEpC4zC,EAAOoxB,EAAiBzO,UACxB0O,EAAc/wD,EAAKrW,QAAQ62C,GAAcA,EAAiB33C,MAAM62C,EAAK50C,QAAQ6lB,KAAK6vB,GACxF,GAAIuwB,EAAYjmE,SAAW40C,EAAK50C,OAC9B,MAAUL,MAAM,0DAGlB,IAME,aALMrB,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,MAAOqO,EAAK7O,KACrC,MAAM+tD,UAAEA,GAAcl/C,QAChBk/C,EAAU9hC,QAAQ85C,EAAY/lE,GAAIoS,GACxC27C,EAAUwC,oBAAoB,KAEzBuV,CACR,CAAC,MAAOvxC,GAEP,MADAuxC,EAAiBvV,qBACXv7C,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,CAiCO/zB,eAAeyrB,IAAQxa,QAAEA,EAAO0vD,eAAEA,EAAcvK,YAAEA,EAAW+I,UAAEA,EAASxT,WAAEA,EAAUtvB,OAAEA,EAAS,UAAS9vB,UAAEA,EAAY,KAAIi1C,SAAEA,GAAW,EAAK2gB,cAAEA,EAAgB,GAAEV,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAI5qC,KAAM2sD,eAAEA,EAAiB,GAAEqD,kBAAEA,EAAoB,GAAEC,mBAAEA,EAAqB,GAAI9zD,OAAAA,KAAWigD,IAKlS,GAJ0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC+zD,GAAa10D,GAAU20D,GAAyBvpC,GAChDskC,EAAiBiE,GAAQjE,GAAiBvK,EAAcwO,GAAQxO,GAAc+I,EAAYyF,GAAQzF,GAClGgD,EAAgByC,GAAQzC,GAAgBV,EAAmBmD,GAAQnD,GAAmBW,EAAiBwC,GAAQxC,GAAiBqD,EAAoBb,GAAQa,GAAoBC,EAAqBd,GAAQc,GACzM7T,EAAKvpB,SACP,MAAUrpC,MAAM,+JAElB,GAAI4yD,EAAKgU,WAAY,MAAU5mE,MAAM,gGACrC,GAAI4yD,EAAK0J,YAAa,MAAUt8D,MAAM,8FACtC,QAAmBa,IAAf+xD,EAAKhhD,MAAqB,MAAU5R,MAAM,oFAC9C,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAE3Hg2D,IACHA,EAAc,IAGhB,IASE,IARIA,EAAY92D,QAAUiN,KACxB0E,QAAgBA,EAAQ4sB,KAAKu4B,EAAauK,EAAgBp0D,EAAW41D,EAAe9hB,EAAM+hB,EAAgBX,EAAkBiE,EAAoB9zD,IAElJX,EAAUA,EAAQ02C,eT5Ff3nD,eAA2Ck0C,EAAO,GAAImM,EAAO,IAAI5qC,KAAQioD,EAAU,GAAI9rD,EAASqD,GACrG,MAAMs+C,EAAcprD,EAAM6C,YAAYC,aAChCuoD,EAAsB5hD,EAAOG,8BAK7B+zD,QAA0BloE,QAAQ4E,IAAI0xC,EAAK7xC,KAAIrC,eAAeqO,EAAK7O,GACvE,MACMumE,SAD0B13D,EAAIqlD,wBAAwBrT,EAAMqd,EAAQl+D,GAAIoS,IACrCpC,+BACzC,QAASu2D,GAAkBA,EAAe5+D,QAAQqsD,IAAwB,CAC9E,KACE,OAAOsS,EAAkB/rC,MAAMsiC,SAAW7I,EAAsBD,CAClE,CSgFYyS,CAA4BrF,EAAgBtgB,EAAMolB,EAAmB7zD,GAC3EA,GAEFX,QAAgBA,EAAQwa,QAAQk1C,EAAgBxB,EAAWxT,EAAYnK,EAAUigB,EAAkBphB,EAAMolB,EAAmB7zD,GAC7G,WAAXyqB,EAAqB,OAAOprB,EAEhC,MACM1M,EADmB,YAAX83B,EACOprB,EAAQJ,MAAMe,GAAUX,EAAQxQ,QACrD,aAAawlE,GAAc1hE,EAC5B,CAAC,MAAOwvB,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,CAmCO/zB,eAAe+rB,IAAQ9a,QAAEA,EAAOiuD,eAAEA,EAAcC,UAAEA,EAASC,YAAEA,EAAWzI,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAK7pC,OAAEA,EAAS,OAAM9vB,UAAEA,EAAY,KAAI8zC,KAAEA,EAAO,IAAI5qC,YAAQ7D,KAAWigD,IAGxL,GAF0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC+zD,GAAa10D,GAAU0lD,EAAmBiO,GAAQjO,GAAmBuI,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GAAYC,EAAcwF,GAAQxF,GACjKvN,EAAK0J,YAAa,MAAUt8D,MAAM,iGACtC,GAAI4yD,EAAKgU,WAAY,MAAU5mE,MAAM,kGACrC,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IACE,MAAMwpD,QAAkB34C,EAAQ8a,QAAQmzC,EAAgBC,EAAWC,EAAa/e,EAAMzuC,GACjF+kD,IACHA,EAAmB,IAGrB,MAAMl3D,EAAS,CAAE,EAKjB,GAJAA,EAAO0yD,WAAa5lD,QAAkBq9C,EAAUoZ,eAAez2D,EAAWoqD,EAAkBtW,EAAMzuC,SAAgBg4C,EAAUxrB,OAAOu4B,EAAkBtW,EAAMzuC,GAC3JnS,EAAO8E,KAAkB,WAAX83B,EAAsButB,EAAU8W,iBAAmB9W,EAAUpJ,UAC3E/gD,EAAO6gD,SAAWsJ,EAAUhJ,cAC5BulB,GAAY1mE,EAAQwR,GAChBi1D,EAAc,CAChB,GAAgC,IAA5BvP,EAAiBr3D,OACnB,MAAUL,MAAM,+DAElB,GAAiC,IAA7BQ,EAAO0yD,WAAW7yD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPo/C,GAAiB3jD,gBACTwU,EAAKkH,WAAWjc,EAAO0yD,WAAW9vD,KAAIkmC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADAxwC,EAAO8E,WAAa0hE,GAAcxmE,EAAO8E,MAClC9E,CACR,CAAC,MAAOs0B,GACP,MAAMvf,EAAK6G,UAAU,2BAA4B0Y,EACrD,CACA,CA4BO/zB,eAAe69B,IAAK5sB,QAAEA,EAAOmlD,YAAEA,EAAWlD,cAAEA,EAAgB,GAAE72B,OAAEA,EAAS,UAASiM,SAAEA,GAAW,EAAK65B,cAAEA,EAAgB,GAAE9hB,KAAEA,EAAO,IAAI5qC,KAAM2sD,eAAEA,EAAiB,GAAEhP,iBAAEA,EAAmB,GAAEsS,mBAAEA,EAAqB,GAAE9zD,OAAEA,KAAWigD,IAKlO,GAJ0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChCw0D,GAAwBn1D,GAAU20D,GAAyBvpC,GAC3D+5B,EAAcwO,GAAQxO,GAAc+L,EAAgByC,GAAQzC,GAAgBC,EAAiBwC,GAAQxC,GAAiBlP,EAAgB0R,GAAQ1R,GAAgBE,EAAmBwR,GAAQxR,GAAmBsS,EAAqBd,GAAQc,GAErO7T,EAAK0J,YAAa,MAAUt8D,MAAM,2FACtC,QAAmBa,IAAf+xD,EAAKhhD,MAAqB,MAAU5R,MAAM,iFAC9C,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAI6Q,aAAmB+yD,IAA+B,WAAX3nC,EAAqB,MAAUp9B,MAAM,2DAChF,GAAIgS,aAAmB+yD,IAAoB17B,EAAU,MAAUrpC,MAAM,0CAErE,IAAKm3D,GAAsC,IAAvBA,EAAY92D,OAC9B,MAAUL,MAAM,4BAGlB,IACE,IAAIsN,EAMJ,GAJEA,EADE+7B,QACgBr3B,EAAQwxD,aAAarM,EAAalD,OAAepzD,EAAWqiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoB9zD,SAEvIX,EAAQ4sB,KAAKu4B,EAAalD,OAAepzD,EAAWqiE,EAAe9hB,EAAM+hB,EAAgBhP,EAAkBsS,EAAoB9zD,GAEpI,WAAXyqB,EAAqB,OAAO9vB,EAYhC,OATAA,EADyB,YAAX8vB,EACM9vB,EAAUsE,MAAMe,GAAUrF,EAAU9L,QACpD6nC,IACF/7B,EAAY+S,EAAqBrO,EAAQm1C,QAAQ3lD,SAAST,MAAO4C,EAAUC,WACnEjF,QAAQ4E,IAAI,CAChByoD,EAAY1+C,EAAW1J,GACvB8c,EAAiB/c,GAAU7E,OAAM,UACjC,WAGOkoE,GAAc15D,EAC5B,CAAC,MAAOwnB,GACP,MAAMvf,EAAK6G,UAAU,wBAAyB0Y,EAClD,CACA,CA8BO/zB,eAAeo+B,IAAOntB,QAAEA,EAAO0lD,iBAAEA,EAAgBuP,aAAEA,GAAe,EAAK7pC,OAAEA,EAAS,OAAM9vB,UAAEA,EAAY,KAAI8zC,KAAEA,EAAO,IAAI5qC,KAAM7D,OAAEA,KAAWigD,IAG/I,GAF0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChCw0D,GAAwBn1D,GAAU0lD,EAAmBiO,GAAQjO,GACzD9E,EAAKgU,WAAY,MAAU5mE,MAAM,iGACrC,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,GAAI6Q,aAAmB+yD,IAA+B,WAAX3nC,EAAqB,MAAUp9B,MAAM,iDAChF,GAAIgS,aAAmB+yD,IAAoBz3D,EAAW,MAAUtN,MAAM,6CAEtE,IACE,MAAMQ,EAAS,CAAE,EAQjB,GANEA,EAAO0yD,WADL5lD,QACwB0E,EAAQ+xD,eAAez2D,EAAWoqD,EAAkBtW,EAAMzuC,SAE1DX,EAAQmtB,OAAOu4B,EAAkBtW,EAAMzuC,GAEnEnS,EAAO8E,KAAkB,WAAX83B,EAAsBprB,EAAQyvD,iBAAmBzvD,EAAQuvC,UACnEvvC,EAAQq1C,aAAe/5C,GAAW45D,GAAY1mE,EAAQwR,GACtDi1D,EAAc,CAChB,GAAiC,IAA7BzmE,EAAO0yD,WAAW7yD,OACpB,MAAUL,MAAM,yBAElBQ,EAAO8E,KAAOkU,EAAc,CAC1BhZ,EAAO8E,KACPo/C,GAAiB3jD,gBACTwU,EAAKkH,WAAWjc,EAAO0yD,WAAW9vD,KAAIkmC,GAAOA,EAAI0H,WAAU,KAG3E,CAEI,OADAxwC,EAAO8E,WAAa0hE,GAAcxmE,EAAO8E,MAClC9E,CACR,CAAC,MAAOs0B,GACP,MAAMvf,EAAK6G,UAAU,iCAAkC0Y,EAC3D,CACA,CAoBO/zB,eAAektD,IAAmByT,eAAEA,EAActgB,KAAEA,EAAO,IAAI5qC,KAAMgwD,kBAAEA,EAAoB,GAAI7zD,OAAAA,KAAWigD,IAG/G,GAF0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC+uD,EAAiBiE,GAAQjE,GAAiB8E,EAAoBb,GAAQa,GAClE5T,EAAKgU,WAAY,MAAU5mE,MAAM,2GACrC,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAEE,aAD0By+D,GAAQ3R,mBAAmByT,EAAgBtgB,EAAMolB,EAAmB7zD,EAE/F,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,CAqBO/zB,eAAe2hE,IAAkBp9D,KAAEA,EAAI6uC,UAAEA,EAAS8V,cAAEA,EAAayX,eAAEA,EAAcxB,UAAEA,EAAS9iC,OAAEA,EAAS,UAASmlB,SAAEA,GAAW,EAAKigB,iBAAEA,EAAmB,GAAEphB,KAAEA,EAAO,IAAI5qC,KAAMgwD,kBAAEA,EAAoB,GAAI7zD,OAAAA,KAAWigD,IAItN,GAH0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAgElC,SAAqBrN,GACnB,IAAKiQ,EAAKtV,aAAaqF,GACrB,MAAUtF,MAAM,8CAEpB,CAnEEonE,CAAY9hE,GA0Dd,SAAqBA,EAAMoB,GACzB,IAAK6O,EAAKC,SAASlQ,GACjB,MAAUtF,MAAM,gBAAmC,2BAEvD,CA9DqBqnE,CAAYlzB,EAAW,aAAcwyB,GAAyBvpC,GACjFskC,EAAiBiE,GAAQjE,GAAiBxB,EAAYyF,GAAQzF,GAAYsC,EAAmBmD,GAAQnD,GAAmBgE,EAAoBb,GAAQa,GAChJ5T,EAAKgU,WAAY,MAAU5mE,MAAM,0GACrC,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,KAAMugE,GAA4C,IAA1BA,EAAerhE,QAAmB6/D,GAAkC,IAArBA,EAAU7/D,QAC/E,MAAUL,MAAM,6CAGlB,IAEE,OAAO6lE,SADejG,GAAQ8C,kBAAkBp9D,EAAM6uC,EAAW8V,EAAeyX,EAAgBxB,EAAW3d,EAAUigB,EAAkBphB,EAAMolB,EAAmB7zD,GACnIyqB,EAAQzqB,EACtC,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,+BAAgC0Y,EACzD,CACA,CAiBO/zB,eAAey/D,IAAmBxuD,QAAEA,EAAOiuD,eAAEA,EAAcC,UAAEA,EAAS9e,KAAEA,EAAO,IAAI5qC,KAAQ7D,OAAAA,KAAWigD,IAG3G,GAF0C8S,GAA1C/yD,EAAS,IAAKqD,KAAkBrD,IAChC+zD,GAAa10D,GAAUiuD,EAAiB0F,GAAQ1F,GAAiBC,EAAYyF,GAAQzF,GACjFtN,EAAK0J,YAAa,MAAUt8D,MAAM,4GACtC,MAAM6yD,EAAiBt0D,OAAO02C,KAAK2d,GAAO,GAAIC,EAAexyD,OAAS,EAAG,MAAUL,MAAM,mBAAmB6yD,EAAe1xD,KAAK,OAEhI,IAEE,aAD0B6Q,EAAQwuD,mBAAmBP,EAAgBC,OAAWr/D,EAAWugD,EAAMzuC,EAElG,CAAC,MAAOmiB,GACP,MAAMvf,EAAK6G,UAAU,gCAAiC0Y,EAC1D,CACA,CAwBA,SAAS4xC,GAAa10D,GACpB,KAAMA,aAAmB4tD,IACvB,MAAU5/D,MAAM,kDAEpB,CACA,SAASmnE,GAAwBn1D,GAC/B,KAAMA,aAAmB+yD,IAAuB/yD,aAAmB4tD,IACjE,MAAU5/D,MAAM,sEAEpB,CACA,SAAS2mE,GAAyBvpC,GAChC,GAAe,YAAXA,GAAmC,WAAXA,GAAkC,WAAXA,EACjD,MAAUp9B,MAAM,sBAAsBo9B,EAE1C,CACA,MAAMkqC,GAA0B/oE,OAAO02C,KAAKj/B,GAAe3V,OAC3D,SAASqlE,GAAY/yD,GACnB,MAAM40D,EAAmBhpE,OAAO02C,KAAKtiC,GACrC,GAAI40D,EAAiBlnE,SAAWinE,GAC9B,IAAK,MAAME,KAAaD,EACtB,QAAiC1mE,IAA7BmV,EAAcwxD,GAChB,MAAUxnE,MAAM,4BAA4BwnE,EAIpD,CAQA,SAAS7B,GAAQh0B,GAIf,OAHIA,IAAUp8B,EAAKrW,QAAQyyC,KACzBA,EAAQ,CAACA,IAEJA,CACT,CASA5wC,eAAeimE,GAAc1hE,GAE3B,MAAmB,UADAiQ,EAAK7V,SAAS4F,GAExBob,EAAiBpb,GAEnBA,CACT,CAUA,SAAS4hE,GAAY1mE,EAAQwR,GAC3BxR,EAAO8E,KAAO+a,EAAqBrO,EAAQm1C,QAAQ1nD,QAAQsB,MAAO4C,EAAUC,WACpEooD,EAAYxrD,EAAO8E,KAAM1B,EAAU,CACvCE,cAAc,IAEhB,MAAM1E,EAASmhB,EAAiB3c,GAChC,UAEQ8c,EAAiB/c,GAAU+mB,GAAKA,UAChCtrB,EAAOsC,OACd,CAAC,MAAOiB,SACDvD,EAAOuC,MAAMgB,EACzB,IAEA,CASA,SAASkjE,GAAa4B,EAAQrqC,EAAQzqB,GACpC,OAAQyqB,GACN,IAAK,SACH,OAAOqqC,EACT,IAAK,UACH,OAAOA,EAAO71D,MAAMe,GACtB,IAAK,SACH,OAAO80D,EAAOjmE,QAChB,QACE,MAAUxB,MAAM,sBAAsBo9B,GAE5C,CC1tBA,SAASxD,GAAOxjB,GACZ,IAAKyP,OAAO6hD,cAActxD,IAAMA,EAAI,EAChC,MAAUpW,MAAM,kCAAkCoW,EAC1D,CAUA,SAASxN,GAAM0N,KAAM2N,GACjB,MALoBlH,EAKPzG,aAJQpW,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,MAIrD,MAAU1G,MAAM,uBANjB,IAAiB+c,EAOpB,GAAIkH,EAAQ5jB,OAAS,IAAM4jB,EAAQtG,SAASrH,EAAEjW,QAC1C,MAAUL,MAAM,iCAAiCikB,oBAA0B3N,EAAEjW,SACrF,CAOA,SAAS6jB,GAAOC,EAAUC,GAAgB,GACtC,GAAID,EAASE,UACT,MAAUrkB,MAAM,oCACpB,GAAIokB,GAAiBD,EAASG,SAC1B,MAAUtkB,MAAM,wCACxB,CACA,SAASqF,GAAOkf,EAAKJ,GACjBvb,GAAM2b,GACN,MAAMC,EAAML,EAASM,UACrB,GAAIF,EAAIlkB,OAASmkB,EACb,MAAUxkB,MAAM,yDAAyDwkB,EAEjF,CCrCO,MAAM5J,GAA+B,iBAAfjb,GAA2B,WAAYA,EAAaA,EAAWib,YAAS/Z,ECmBxFgkB,GAAcF,GAAQ,IAAItF,SAASsF,EAAI5c,OAAQ4c,EAAI7b,WAAY6b,EAAI5b,YAEnE4+D,GAAO,CAAC78C,EAAMljB,IAAWkjB,GAAS,GAAKljB,EAAWkjB,IAASljB,EAE3DggE,GAAO,CAAC98C,EAAMljB,IAAWkjB,GAAQljB,EAAWkjB,IAAU,GAAKljB,IAAY,EACvE4d,GAAmE,KAA5D,IAAItlB,WAAW,IAAI0e,YAAY,CAAC,YAAa7W,QAAQ;sEASlE,SAAS8/D,GAAWljD,GACvB,IAAK,IAAIpkB,EAAI,EAAGA,EAAIokB,EAAItkB,OAAQE,IAC5BokB,EAAIpkB,IATauqB,EASCnG,EAAIpkB,KATc,GAAM,WAC5CuqB,GAAQ,EAAK,SACbA,IAAS,EAAK,MACdA,IAAS,GAAM,IAHG,IAACA,CAWzB,CAoEO,SAAS/F,GAAYxM,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,2CAA2CuY,GAC/D,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD,CAMO,SAASuM,GAAQxf,GAIpB,MAHoB,iBAATA,IACPA,EAAOyf,GAAYzf,IACvBwhB,GAAOxhB,GACAA,CACX,CAIO,SAAS8rB,MAAehxB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CAEO,MAAMw+C,GAET,KAAAzmE,GACI,OAAO5C,KAAKspE,YACpB,EASO,SAASC,GAAgBl+C,GAC5B,MAAMC,EAASC,GAAQF,IAAW/G,OAAO+B,GAAQkF,IAAMhH,SACjDiH,EAAMH,IAIZ,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAS,IAAMsG,IACdC,CACX,CAoBO,SAAS0R,GAAYwsC,EAAc,IACtC,GAAIrtD,IAA4C,mBAA3BA,GAAO0f,gBACxB,OAAO1f,GAAO0f,gBAAgB,IAAIp6B,WAAW+nE,IAGjD,GAAIrtD,IAAwC,mBAAvBA,GAAO6gB,YACxB,OAAO7gB,GAAO6gB,YAAYwsC,GAE9B,MAAUjoE,MAAM,yCACpB,CCzKO,MAAMkoE,GAAM,CAACnrD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,GAAOyG,EAAI6E,EAInCumD,GAAM,CAACprD,EAAGzG,EAAGsL,IAAO7E,EAAIzG,EAAMyG,EAAI6E,EAAMtL,EAAIsL,EAKlD,MAAMwmD,WAAeN,GACxB,WAAAzpE,CAAYooB,EAAUhC,EAAW4jD,EAAW7iD,GACxClnB,QACAG,KAAKgoB,SAAWA,EAChBhoB,KAAKgmB,UAAYA,EACjBhmB,KAAK4pE,UAAYA,EACjB5pE,KAAK+mB,KAAOA,EACZ/mB,KAAK6lB,UAAW,EAChB7lB,KAAK4B,OAAS,EACd5B,KAAKgC,IAAM,EACXhC,KAAK4lB,WAAY,EACjB5lB,KAAKsJ,OAAS,IAAI7H,WAAWumB,GAC7BhoB,KAAK8mB,KAAOV,GAAWpmB,KAAKsJ,OACpC,CACI,MAAAgb,CAAOzd,GACH4e,GAAOzlB,MACP,MAAM8mB,KAAEA,EAAIxd,OAAEA,EAAM0e,SAAEA,GAAahoB,KAE7BqtB,GADNxmB,EAAOwf,GAAQxf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMqrB,GAAM,CAC1B,MAAMw8C,EAAOphE,KAAKsd,IAAIiC,EAAWhoB,KAAKgC,IAAKqrB,EAAMrrB,GAEjD,GAAI6nE,IAAS7hD,EAMb1e,EAAOnH,IAAI0E,EAAKmC,SAAShH,EAAKA,EAAM6nE,GAAO7pE,KAAKgC,KAChDhC,KAAKgC,KAAO6nE,EACZ7nE,GAAO6nE,EACH7pE,KAAKgC,MAAQgmB,IACbhoB,KAAKoD,QAAQ0jB,EAAM,GACnB9mB,KAAKgC,IAAM,OAXf,CACI,MAAM8nE,EAAW1jD,GAAWvf,GAC5B,KAAOmhB,GAAYqF,EAAMrrB,EAAKA,GAAOgmB,EACjChoB,KAAKoD,QAAQ0mE,EAAU9nE,EAE3C,CAQA,CAGQ,OAFAhC,KAAK4B,QAAUiF,EAAKjF,OACpB5B,KAAK+pE,aACE/pE,IACf,CACI,UAAA0qB,CAAW5E,GACPL,GAAOzlB,MACP4G,GAAOkf,EAAK9lB,MACZA,KAAK6lB,UAAW,EAIhB,MAAMvc,OAAEA,EAAMwd,KAAEA,EAAIkB,SAAEA,EAAQjB,KAAEA,GAAS/mB,KACzC,IAAIgC,IAAEA,GAAQhC,KAEdsJ,EAAOtH,KAAS,IAChBhC,KAAKsJ,OAAON,SAAShH,GAAKylB,KAAK,GAG3BznB,KAAK4pE,UAAY5hD,EAAWhmB,IAC5BhC,KAAKoD,QAAQ0jB,EAAM,GACnB9kB,EAAM,GAGV,IAAK,IAAIF,EAAIE,EAAKF,EAAIkmB,EAAUlmB,IAC5BwH,EAAOxH,GAAK,GApFxB,SAAsBglB,EAAMzc,EAAY9H,EAAOwkB,GAC3C,GAAiC,mBAAtBD,EAAKD,aACZ,OAAOC,EAAKD,aAAaxc,EAAY9H,EAAOwkB,GAChD,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQ7kB,GAASykB,EAAQE,GAC9BG,EAAKD,OAAO7kB,EAAQ2kB,GACpBqK,EAAIxK,EAAO,EAAI,EACfqb,EAAIrb,EAAO,EAAI,EACrBD,EAAKQ,UAAUjd,EAAaknB,EAAGpK,EAAIJ,GACnCD,EAAKQ,UAAUjd,EAAa+3B,EAAG/a,EAAIN,EACvC,CA6EQF,CAAaC,EAAMkB,EAAW,EAAGf,OAAqB,EAAdjnB,KAAK4B,QAAamlB,GAC1D/mB,KAAKoD,QAAQ0jB,EAAM,GACnB,MAAMkjD,EAAQ5jD,GAAWN,GACnBuH,EAAMrtB,KAAKgmB,UAEjB,GAAIqH,EAAM,EACN,MAAU9rB,MAAM,+CACpB,MAAMuuB,EAASzC,EAAM,EACfnI,EAAQllB,KAAKmI,MACnB,GAAI2nB,EAAS5K,EAAMtjB,OACf,MAAUL,MAAM,sCACpB,IAAK,IAAIO,EAAI,EAAGA,EAAIguB,EAAQhuB,IACxBkoE,EAAM1iD,UAAU,EAAIxlB,EAAGojB,EAAMpjB,GAAIilB,EAC7C,CACI,MAAAxC,GACI,MAAMjb,OAAEA,EAAM0c,UAAEA,GAAchmB,KAC9BA,KAAK0qB,WAAWphB,GAChB,MAAMuhB,EAAMvhB,EAAO3G,MAAM,EAAGqjB,GAE5B,OADAhmB,KAAKiJ,UACE4hB,CACf,CACI,UAAAy+C,CAAWW,GACPA,IAAOA,EAAK,IAAIjqE,KAAKJ,aACrBqqE,EAAG9nE,OAAOnC,KAAKmI,OACf,MAAM6f,SAAEA,EAAQ1e,OAAEA,EAAM1H,OAAEA,EAAMikB,SAAEA,EAAQD,UAAEA,EAAS5jB,IAAEA,GAAQhC,KAO/D,OANAiqE,EAAGroE,OAASA,EACZqoE,EAAGjoE,IAAMA,EACTioE,EAAGpkD,SAAWA,EACdokD,EAAGrkD,UAAYA,EACXhkB,EAASomB,GACTiiD,EAAG3gE,OAAOnH,IAAImH,GACX2gE,CACf,ECtHA,MAAMC,kBAA2B,IAAI/pD,YAAY,CAC7C,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAKlFgqD,kBAA4B,IAAIhqD,YAAY,CAC9C,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAIlFiqD,kBAA2B,IAAIjqD,YAAY,IAC1C,MAAMkqD,WAAeV,GACxB,WAAA/pE,GACIC,MAAM,GAAI,GAAI,GAAG,GAGjBG,KAAKgjC,EAAmB,EAAfmnC,GAAU,GACnBnqE,KAAKy8D,EAAmB,EAAf0N,GAAU,GACnBnqE,KAAKs0C,EAAmB,EAAf61B,GAAU,GACnBnqE,KAAK8hC,EAAmB,EAAfqoC,GAAU,GACnBnqE,KAAKsqE,EAAmB,EAAfH,GAAU,GACnBnqE,KAAKuqE,EAAmB,EAAfJ,GAAU,GACnBnqE,KAAKwqE,EAAmB,EAAfL,GAAU,GACnBnqE,KAAKyqE,EAAmB,EAAfN,GAAU,EAC3B,CACI,GAAAhiE,GACI,MAAM66B,EAAEA,EAACy5B,EAAEA,EAACnoB,EAAEA,EAACxS,EAAEA,EAACwoC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMzqE,KACnC,MAAO,CAACgjC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,EAAGC,EAAGC,EAAGC,EACrC,CAEI,GAAAtoE,CAAI6gC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,EAAGC,EAAGC,EAAGC,GACrBzqE,KAAKgjC,EAAQ,EAAJA,EACThjC,KAAKy8D,EAAQ,EAAJA,EACTz8D,KAAKs0C,EAAQ,EAAJA,EACTt0C,KAAK8hC,EAAQ,EAAJA,EACT9hC,KAAKsqE,EAAQ,EAAJA,EACTtqE,KAAKuqE,EAAQ,EAAJA,EACTvqE,KAAKwqE,EAAQ,EAAJA,EACTxqE,KAAKyqE,EAAQ,EAAJA,CACjB,CACI,OAAArnE,CAAQ0jB,EAAMlO,GAEV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnCwxD,GAAStoE,GAAKglB,EAAK0B,UAAU5P,GAAQ,GACzC,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAC1B,MAAM4oE,EAAMN,GAAStoE,EAAI,IACnB6oE,EAAKP,GAAStoE,EAAI,GAClBmmB,EAAKihD,GAAKwB,EAAK,GAAKxB,GAAKwB,EAAK,IAAOA,IAAQ,EAC7CxiD,EAAKghD,GAAKyB,EAAI,IAAMzB,GAAKyB,EAAI,IAAOA,IAAO,GACjDP,GAAStoE,GAAMomB,EAAKkiD,GAAStoE,EAAI,GAAKmmB,EAAKmiD,GAAStoE,EAAI,IAAO,CAC3E,CAEQ,IAAIkhC,EAAEA,EAACy5B,EAAEA,EAACnoB,EAAEA,EAACxS,EAAEA,EAACwoC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMzqE,KACjC,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MACM0qB,EAAMi+C,GADGvB,GAAKoB,EAAG,GAAKpB,GAAKoB,EAAG,IAAMpB,GAAKoB,EAAG,KACzBb,GAAIa,EAAGC,EAAGC,GAAKN,GAASpoE,GAAKsoE,GAAStoE,GAAM,EAE/D2qB,GADSy8C,GAAKlmC,EAAG,GAAKkmC,GAAKlmC,EAAG,IAAMkmC,GAAKlmC,EAAG,KAC7B0mC,GAAI1mC,EAAGy5B,EAAGnoB,GAAM,EACrCm2B,EAAID,EACJA,EAAID,EACJA,EAAID,EACJA,EAAKxoC,EAAItV,EAAM,EACfsV,EAAIwS,EACJA,EAAImoB,EACJA,EAAIz5B,EACJA,EAAKxW,EAAKC,EAAM,CAC5B,CAEQuW,EAAKA,EAAIhjC,KAAKgjC,EAAK,EACnBy5B,EAAKA,EAAIz8D,KAAKy8D,EAAK,EACnBnoB,EAAKA,EAAIt0C,KAAKs0C,EAAK,EACnBxS,EAAKA,EAAI9hC,KAAK8hC,EAAK,EACnBwoC,EAAKA,EAAItqE,KAAKsqE,EAAK,EACnBC,EAAKA,EAAIvqE,KAAKuqE,EAAK,EACnBC,EAAKA,EAAIxqE,KAAKwqE,EAAK,EACnBC,EAAKA,EAAIzqE,KAAKyqE,EAAK,EACnBzqE,KAAKmC,IAAI6gC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,EAAGC,EAAGC,EAAGC,EACtC,CACI,UAAAV,GACIK,GAAS3iD,KAAK,EACtB,CACI,OAAAxe,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAC9BnC,KAAKsJ,OAAOme,KAAK,EACzB,EAGA,MAAMmjD,WAAeP,GACjB,WAAAzqE,GACIC,QACAG,KAAKgjC,GAAI,WACThjC,KAAKy8D,EAAI,UACTz8D,KAAKs0C,EAAI,UACTt0C,KAAK8hC,GAAI,UACT9hC,KAAKsqE,GAAI,QACTtqE,KAAKuqE,EAAI,WACTvqE,KAAKwqE,EAAI,WACTxqE,KAAKyqE,GAAI,WACTzqE,KAAKgmB,UAAY,EACzB,EAMO,MAAMjY,kBAAyBw7D,IAAgB,IAAM,IAAIc,KAInDn8D,kBAAyBq7D,IAAgB,IAAM,IAAIqB,KCzHzD,MAAMC,WAAaxB,GACtB,WAAAzpE,CAAY+N,EAAM+rB,GACd75B,QACAG,KAAK6lB,UAAW,EAChB7lB,KAAK4lB,WAAY,ELYzB,SAAc2L,GACV,GAAiB,mBAANA,GAAwC,mBAAbA,EAAExM,OACpC,MAAUxjB,MAAM,mDACpB45B,GAAO5J,EAAEvL,WACTmV,GAAO5J,EAAEvJ,SACb,CKhBQ8iD,CAAWn9D,GACX,MAAMgD,EAAM0V,GAAQqT,GAEpB,GADA15B,KAAK+qE,MAAQp9D,EAAKoX,SACe,mBAAtB/kB,KAAK+qE,MAAMzmD,OAClB,MAAU/iB,MAAM,uDACpBvB,KAAKgoB,SAAWhoB,KAAK+qE,MAAM/iD,SAC3BhoB,KAAKgmB,UAAYhmB,KAAK+qE,MAAM/kD,UAC5B,MAAMgC,EAAWhoB,KAAKgoB,SAChB0K,EAAM,IAAIjxB,WAAWumB,GAE3B0K,EAAIvwB,IAAIwO,EAAI/O,OAASomB,EAAWra,EAAKoX,SAAST,OAAO3T,GAAK4T,SAAW5T,GACrE,IAAK,IAAI7O,EAAI,EAAGA,EAAI4wB,EAAI9wB,OAAQE,IAC5B4wB,EAAI5wB,IAAM,GACd9B,KAAK+qE,MAAMzmD,OAAOoO,GAElB1yB,KAAKgrE,MAAQr9D,EAAKoX,SAElB,IAAK,IAAIjjB,EAAI,EAAGA,EAAI4wB,EAAI9wB,OAAQE,IAC5B4wB,EAAI5wB,IAAM,IACd9B,KAAKgrE,MAAM1mD,OAAOoO,GAClBA,EAAIjL,KAAK,EACjB,CACI,MAAAnD,CAAO1F,GAGH,OAFAqsD,GAAajrE,MACbA,KAAK+qE,MAAMzmD,OAAO1F,GACX5e,IACf,CACI,UAAA0qB,CAAW5E,GACPmlD,GAAajrE,MACbkrE,GAAYplD,EAAK9lB,KAAKgmB,WACtBhmB,KAAK6lB,UAAW,EAChB7lB,KAAK+qE,MAAMrgD,WAAW5E,GACtB9lB,KAAKgrE,MAAM1mD,OAAOwB,GAClB9lB,KAAKgrE,MAAMtgD,WAAW5E,GACtB9lB,KAAKiJ,SACb,CACI,MAAAsb,GACI,MAAMuB,EAAM,IAAIrkB,WAAWzB,KAAKgrE,MAAMhlD,WAEtC,OADAhmB,KAAK0qB,WAAW5E,GACTA,CACf,CACI,UAAAwjD,CAAWW,GAEPA,IAAOA,EAAKnqE,OAAOilB,OAAOjlB,OAAO27D,eAAez7D,MAAO,CAAA,IACvD,MAAMgrE,MAAEA,EAAKD,MAAEA,EAAKllD,SAAEA,EAAQD,UAAEA,EAASoC,SAAEA,EAAQhC,UAAEA,GAAchmB,KAQnE,OANAiqE,EAAGpkD,SAAWA,EACdokD,EAAGrkD,UAAYA,EACfqkD,EAAGjiD,SAAWA,EACdiiD,EAAGjkD,UAAYA,EACfikD,EAAGe,MAAQA,EAAM1B,WAAWW,EAAGe,OAC/Bf,EAAGc,MAAQA,EAAMzB,WAAWW,EAAGc,OACxBd,CACf,CACI,OAAAhhE,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKgrE,MAAM/hE,UACXjJ,KAAK+qE,MAAM9hE,SACnB,EAYO,MAAMkiE,GAAO,CAACx9D,EAAMgD,EAAK4C,IAAY,IAAIs3D,GAAKl9D,EAAMgD,GAAK2T,OAAO/Q,GAASgR,SAChF4mD,GAAKpmD,OAAS,CAACpX,EAAMgD,IAAQ,IAAIk6D,GAAKl9D,EAAMgD;uEC1E5C,MAAMopB,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC5B,SAAS1B,GAAQjH,GACpB,OAAQA,aAAa7c,YACX,MAAL6c,GAA0B,iBAANA,GAAyC,eAAvBA,EAAE1e,YAAYqI,IAC7D,CACO,SAASogB,GAAO06C,GACnB,IAAKx9C,GAAQw9C,GACT,MAAUxhE,MAAM,sBACxB,CACO,SAAS6pE,GAAMC,EAAO9oE,GACzB,GAAqB,kBAAVA,EACP,MAAUhB,MAAM,GAAG8pE,iCAAqC9oE,MAChE,CAEA,MAAM+oE,kBAAwB3rE,MAAM4gB,KAAK,CAAE3e,OAAQ,MAAO,CAACqqB,EAAGnqB,IAAMA,EAAE0e,SAAS,IAAI+qD,SAAS,EAAG,OAIxF,SAASC,GAAWrhE,GACvBke,GAAOle,GAEP,IAAImP,EAAM,GACV,IAAK,IAAIxX,EAAI,EAAGA,EAAIqI,EAAMvI,OAAQE,IAC9BwX,GAAOgyD,GAAMnhE,EAAMrI,IAEvB,OAAOwX,CACX,CACO,SAASmyD,GAAoB5hD,GAChC,MAAMvQ,EAAMuQ,EAAIrJ,SAAS,IACzB,OAAoB,EAAblH,EAAI1X,OAAa,IAAI0X,EAAQA,CACxC,CACO,SAASoyD,GAAYpyD,GACxB,GAAmB,iBAARA,EACP,MAAU/X,MAAM,mCAAqC+X,GAEzD,OAAO2N,OAAe,KAAR3N,EAAa,IAAM,KAAKA,EAC1C,CAEA,MAAMqyD,GAAS,CAAEC,GAAI,GAAIlqC,GAAI,GAAImqC,GAAI,GAAIC,GAAI,GAAIjzB,GAAI,GAAIkzB,GAAI,KAC7D,SAASC,GAAcC,GACnB,OAAIA,GAAQN,GAAOC,IAAMK,GAAQN,GAAOjqC,GAC7BuqC,EAAON,GAAOC,GACrBK,GAAQN,GAAOE,IAAMI,GAAQN,GAAOG,GAC7BG,GAAQN,GAAOE,GAAK,IAC3BI,GAAQN,GAAO9yB,IAAMozB,GAAQN,GAAOI,GAC7BE,GAAQN,GAAO9yB,GAAK,SAD/B,CAGJ,CAIO,SAASqzB,GAAW5yD,GACvB,GAAmB,iBAARA,EACP,MAAU/X,MAAM,mCAAqC+X,GACzD,MAAMitB,EAAKjtB,EAAI1X,OACTuqE,EAAK5lC,EAAK,EAChB,GAAIA,EAAK,EACL,MAAUhlC,MAAM,0DAA4DglC,GAChF,MAAMxqB,EAAQ,IAAIta,WAAW0qE,GAC7B,IAAK,IAAIC,EAAK,EAAGC,EAAK,EAAGD,EAAKD,EAAIC,IAAMC,GAAM,EAAG,CAC7C,MAAM7vC,EAAKwvC,GAAc1yD,EAAIU,WAAWqyD,IAClCC,EAAKN,GAAc1yD,EAAIU,WAAWqyD,EAAK,IAC7C,QAAWjqE,IAAPo6B,QAA2Bp6B,IAAPkqE,EAAkB,CACtC,MAAML,EAAO3yD,EAAI+yD,GAAM/yD,EAAI+yD,EAAK,GAChC,MAAU9qE,MAAM,+CAAiD0qE,EAAO,cAAgBI,EACpG,CACQtwD,EAAMqwD,GAAW,GAAL5vC,EAAU8vC,CAC9B,CACI,OAAOvwD,CACX,CAEO,SAASwwD,GAAgBpiE,GAC5B,OAAOuhE,GAAYF,GAAWrhE,GAClC,CACO,SAASqiE,GAAgBriE,GAE5B,OADAke,GAAOle,GACAuhE,GAAYF,GAAW/pE,WAAW8e,KAAKpW,GAAO6gB,WACzD,CACO,SAASyhD,GAAgB90D,EAAG0V,GAC/B,OAAO6+C,GAAWv0D,EAAE6I,SAAS,IAAI+qD,SAAe,EAANl+C,EAAS,KACvD,CACO,SAASq/C,GAAgB/0D,EAAG0V,GAC/B,OAAOo/C,GAAgB90D,EAAG0V,GAAKrC,SACnC,CAcO,SAAS2hD,GAAYtB,EAAO/xD,EAAKyO,GACpC,IAAI8C,EACJ,GAAmB,iBAARvR,EACP,IACIuR,EAAMqhD,GAAW5yD,EAC7B,CACQ,MAAOpV,GACH,MAAU3C,MAAM,GAAG8pE,oCAAwC/xD,cAAgBpV,IACvF,KAES,KAAIqhB,GAAQjM,GAMb,MAAU/X,MAAS8pE,EAAH,qCAHhBxgD,EAAMppB,WAAW8e,KAAKjH,EAI9B,CACI,MAAM+T,EAAMxC,EAAIjpB,OAChB,GAA8B,iBAAnBmmB,GAA+BsF,IAAQtF,EAC9C,MAAUxmB,MAAM,GAAG8pE,cAAkBtjD,gBAA6BsF,KACtE,OAAOxC,CACX,CAIO,SAAS8H,MAAehxB,GAC3B,IAAI8wB,EAAM,EACV,IAAK,IAAI3wB,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,MAAMwc,EAAI3c,EAAOG,GACjBumB,GAAO/J,GACPmU,GAAOnU,EAAE1c,MACjB,CACI,MAAMipB,EAAM,IAAIppB,WAAWgxB,GAC3B,IAAK,IAAI3wB,EAAI,EAAG4wB,EAAM,EAAG5wB,EAAIH,EAAOC,OAAQE,IAAK,CAC7C,MAAMwc,EAAI3c,EAAOG,GACjB+oB,EAAI1oB,IAAImc,EAAGoU,GACXA,GAAOpU,EAAE1c,MACjB,CACI,OAAOipB,CACX,CAmBA,MAAM+hD,GAAYj1D,GAAmB,iBAANA,GAAkBoiB,IAAOpiB,EACjD,SAASk1D,GAAQl1D,EAAGoO,EAAKrd,GAC5B,OAAOkkE,GAASj1D,IAAMi1D,GAAS7mD,IAAQ6mD,GAASlkE,IAAQqd,GAAOpO,GAAKA,EAAIjP,CAC5E,CAMO,SAASokE,GAASzB,EAAO1zD,EAAGoO,EAAKrd,GAMpC,IAAKmkE,GAAQl1D,EAAGoO,EAAKrd,GACjB,MAAUnH,MAAM,kBAAkB8pE,MAAUtlD,YAAcrd,iBAAmBiP,KAAKA,IAC1F,CAMO,SAASo1D,GAAOp1D,GACnB,IAAI0V,EACJ,IAAKA,EAAM,EAAG1V,EAAIoiB,GAAKpiB,IAAMqiB,GAAK3M,GAAO,GAEzC,OAAOA,CACX,CAmBO,MAAM2/C,GAAWr1D,IAAO6oB,IAAOvZ,OAAOtP,EAAI,IAAMqiB,GAEjDizC,GAAOpmE,GAAS,IAAIpF,WAAWoF,GAC/BqmE,GAAQhnD,GAAQzkB,WAAW8e,KAAK2F,GAQ/B,SAASinD,GAAeC,EAASC,EAAUC,GAC9C,GAAuB,iBAAZF,GAAwBA,EAAU,EACzC,MAAU7rE,MAAM,4BACpB,GAAwB,iBAAb8rE,GAAyBA,EAAW,EAC3C,MAAU9rE,MAAM,6BACpB,GAAsB,mBAAX+rE,EACP,MAAU/rE,MAAM,6BAEpB,IAAIqY,EAAIqzD,GAAIG,GACR7zD,EAAI0zD,GAAIG,GACRtrE,EAAI,EACR,MAAMyrE,EAAQ,KACV3zD,EAAE6N,KAAK,GACPlO,EAAEkO,KAAK,GACP3lB,EAAI,CAAC,EAEHyvB,EAAI,IAAI1Z,IAAMy1D,EAAO/zD,EAAGK,KAAM/B,GAC9B21D,EAAS,CAACxiC,EAAOiiC,QAEnB1zD,EAAIgY,EAAE27C,GAAK,CAAC,IAAQliC,GACpBpxB,EAAI2X,IACgB,IAAhByZ,EAAKppC,SAET2X,EAAIgY,EAAE27C,GAAK,CAAC,IAAQliC,GACpBpxB,EAAI2X,IAAG,EAELk8C,EAAM,KAER,GAAI3rE,KAAO,IACP,MAAUP,MAAM,2BACpB,IAAI8rB,EAAM,EACV,MAAMvH,EAAM,GACZ,KAAOuH,EAAMggD,GAAU,CACnBzzD,EAAI2X,IACJ,MAAMqvB,EAAKhnC,EAAEjX,QACbmjB,EAAIhjB,KAAK89C,GACTvzB,GAAOzT,EAAEhY,MACrB,CACQ,OAAO+wB,MAAe7M,EAAI,EAW9B,MATiB,CAACklB,EAAM0iC,KAGpB,IAAI7iD,EACJ,IAHA0iD,IACAC,EAAOxiC,KAEEngB,EAAM6iD,EAAKD,OAChBD,IAEJ,OADAD,IACO1iD,CAAG,CAGlB,CAEA,MAAM8iD,GAAe,CACjBC,OAASC,GAAuB,iBAARA,EACxBC,SAAWD,GAAuB,mBAARA,EAC1BE,QAAUF,GAAuB,kBAARA,EACzB/T,OAAS+T,GAAuB,iBAARA,EACxBG,mBAAqBH,GAAuB,iBAARA,GAAoBtoD,GAAQsoD,GAChE5E,cAAgB4E,GAAQzmD,OAAO6hD,cAAc4E,GAC7C9xD,MAAQ8xD,GAAQluE,MAAMc,QAAQotE,GAC9BI,MAAO,CAACJ,EAAK7E,IAAWA,EAAOkF,GAAGC,QAAQN,GAC1ClgE,KAAOkgE,GAAuB,mBAARA,GAAsBzmD,OAAO6hD,cAAc4E,EAAI7nD,YAGlE,SAASooD,GAAepF,EAAQqF,EAAYC,EAAgB,CAAA,GAC/D,MAAMC,EAAa,CAACC,EAAWv6D,EAAMw6D,KACjC,MAAMC,EAAWf,GAAa15D,GAC9B,GAAwB,mBAAby6D,EACP,MAAUntE,MAAM,sBAAsB0S,yBAC1C,MAAM45D,EAAM7E,EAAOwF,GACnB,KAAIC,QAAsBrsE,IAARyrE,GAEba,EAASb,EAAK7E,IACf,MAAUznE,MAAM,iBAAwBitE,EAAPx3D,MAAqB62D,aAAeA,gBAAkB55D,IACnG,EAEI,IAAK,MAAOu6D,EAAWv6D,KAASnU,OAAOiI,QAAQsmE,GAC3CE,EAAWC,EAAWv6D,GAAM,GAChC,IAAK,MAAOu6D,EAAWv6D,KAASnU,OAAOiI,QAAQumE,GAC3CC,EAAWC,EAAWv6D,GAAM,GAChC,OAAO+0D,CACX,CAmBO,SAAS2F,GAAS1nE,GACrB,MAAMtC,EAAM,IAAIiqE,QAChB,MAAO,CAACC,KAAQ1mB,KACZ,MAAM0lB,EAAMlpE,EAAIwD,IAAI0mE,GACpB,QAAYzsE,IAARyrE,EACA,OAAOA,EACX,MAAMj7B,EAAW3rC,EAAG4nE,KAAQ1mB,GAE5B,OADAxjD,EAAIxC,IAAI0sE,EAAKj8B,GACNA,CAAQ,CAEvB,yFAtIO,SAAgBj7B,EAAG3V,GACtB,OAAQ2V,GAAKsP,OAAOjlB,GAAQg4B,EAChC,8BAIO,SAAgBriB,EAAG3V,EAAKO,GAC3B,OAAOoV,GAAMpV,EAAQy3B,GAAMD,KAAQ9S,OAAOjlB,EAC9C,iHA3DO,SAAoBsc,EAAGzG,GAC1B,GAAIyG,EAAE1c,SAAWiW,EAAEjW,OACf,OAAO,EACX,IAAI6kB,EAAO,EACX,IAAK,IAAI3kB,EAAI,EAAGA,EAAIwc,EAAE1c,OAAQE,IAC1B2kB,GAAQnI,EAAExc,GAAK+V,EAAE/V,GACrB,OAAgB,IAAT2kB,CACX,gFAiK8B,KAC1B,MAAUllB,MAAM,kBAAkB,kFA/N/B,SAA4BoW,GAC/B,OAAOu0D,GAAWT,GAAoB9zD,GAC1C,cA+DO,SAAqBmC,GACxB,GAAmB,iBAARA,EACP,MAAUvY,MAAM,2CAA2CuY,GAC/D,OAAO,IAAIrY,YAAW,IAAI+Y,aAAcE,OAAOZ,GACnD;sEC7JA,MAAMigB,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAI6nD,GAAM7nD,OAAO,GAEhE8nD,GAAM9nD,OAAO,GAAI+nD,GAAM/nD,OAAO,GAAIuU,GAAMvU,OAAO,GAI9C,SAASiT,GAAI5b,EAAGzG,GACnB,MAAM9V,EAASuc,EAAIzG,EACnB,OAAO9V,GAAUg4B,GAAMh4B,EAAS8V,EAAI9V,CACxC,CAQO,SAASktE,GAAIplD,EAAK8hB,EAAO+kB,GAC5B,GAAIA,GAAU32B,IAAO4R,EAAQ5R,GACzB,MAAUx4B,MAAM,6BACpB,GAAImvD,IAAW12B,GACX,OAAOD,GACX,IAAIlP,EAAMmP,GACV,KAAO2R,EAAQ5R,IACP4R,EAAQ3R,KACRnP,EAAOA,EAAMhB,EAAO6mC,GACxB7mC,EAAOA,EAAMA,EAAO6mC,EACpB/kB,IAAU3R,GAEd,OAAOnP,CACX,CAEO,SAASqkD,GAAK1zD,EAAGmwB,EAAO+kB,GAC3B,IAAI7lC,EAAMrP,EACV,KAAOmwB,KAAU5R,IACblP,GAAOA,EACPA,GAAO6lC,EAEX,OAAO7lC,CACX,CAEO,SAASskD,GAAOh0C,EAAQu1B,GAC3B,GAAIv1B,IAAWpB,IAAO22B,GAAU32B,GAC5B,MAAUx4B,MAAM,6CAA6C45B,SAAcu1B,KAI/E,IAAIpyC,EAAI4b,GAAIiB,EAAQu1B,GAChB74C,EAAI64C,EAEJl1C,EAAIue,GAAcgE,EAAI/D,GAC1B,KAAO1b,IAAMyb,IAAK,CAEd,MACMte,EAAI5D,EAAIyG,EACR+Z,EAAI7c,EAAIuiB,GAFJlmB,EAAIyG,GAKdzG,EAAIyG,EAAGA,EAAI7C,EAAGD,EAAIuiB,EAAUA,EAAI1F,CACxC,CAEI,GADYxgB,IACAmiB,GACR,MAAUz4B,MAAM,0BACpB,OAAO24B,GAAI1e,EAAGk1C,EAClB,CAiEO,SAAS0e,GAAOC,GAKnB,GAAIA,EAAIN,KAAQD,GAAK,CAKjB,MAAMQ,GAAUD,EAAIr1C,IAAO+0C,GAC3B,OAAO,SAAmBb,EAAIv2D,GAC1B,MAAM43D,EAAOrB,EAAGe,IAAIt3D,EAAG23D,GAEvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO53D,GACtB,MAAUpW,MAAM,2BACpB,OAAOguE,CACV,CACT,CAEI,GAAIF,EAAI7zC,KAAQwzC,GAAK,CACjB,MAAM/tC,GAAMouC,EAAIL,IAAOxzC,GACvB,OAAO,SAAmB0yC,EAAIv2D,GAC1B,MAAM20D,EAAK4B,EAAGriD,IAAIlU,EAAG6oB,IACf5mB,EAAIs0D,EAAGe,IAAI3C,EAAIrrC,GACfyuC,EAAKxB,EAAGriD,IAAIlU,EAAGiC,GACf9X,EAAIosE,EAAGriD,IAAIqiD,EAAGriD,IAAI6jD,EAAIlvC,IAAM5mB,GAC5B21D,EAAOrB,EAAGriD,IAAI6jD,EAAIxB,EAAG7wD,IAAIvb,EAAGosE,EAAGyB,MACrC,IAAKzB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO53D,GACtB,MAAUpW,MAAM,2BACpB,OAAOguE,CACV,CACT,CAwBI,OAhHG,SAAuBF,GAM1B,MAAMO,GAAaP,EAAIr1C,IAAOwG,GAC9B,IAAI6Q,EAAGzZ,EAAGqL,EAGV,IAAKoO,EAAIg+B,EAAIr1C,GAAKpC,EAAI,EAAGyZ,EAAI7Q,KAAQzG,GAAKsX,GAAK7Q,GAAK5I,KAGpD,IAAKqL,EAAIzC,GAAKyC,EAAIosC,GAAKJ,GAAIhsC,EAAG2sC,EAAWP,KAAOA,EAAIr1C,GAAKiJ,KAGzD,GAAU,IAANrL,EAAS,CACT,MAAM03C,GAAUD,EAAIr1C,IAAO+0C,GAC3B,OAAO,SAAqBb,EAAIv2D,GAC5B,MAAM43D,EAAOrB,EAAGe,IAAIt3D,EAAG23D,GACvB,IAAKpB,EAAGsB,IAAItB,EAAGuB,IAAIF,GAAO53D,GACtB,MAAUpW,MAAM,2BACpB,OAAOguE,CACV,CACT,CAEI,MAAMM,GAAUx+B,EAAIrX,IAAOwG,GAC3B,OAAO,SAAqB0tC,EAAIv2D,GAE5B,GAAIu2D,EAAGe,IAAIt3D,EAAGi4D,KAAe1B,EAAG4B,IAAI5B,EAAGyB,KACnC,MAAUpuE,MAAM,2BACpB,IAAIka,EAAImc,EAEJhG,EAAIs8C,EAAGe,IAAIf,EAAGriD,IAAIqiD,EAAGyB,IAAK1sC,GAAIoO,GAC9B71B,EAAI0yD,EAAGe,IAAIt3D,EAAGk4D,GACdh4D,EAAIq2D,EAAGe,IAAIt3D,EAAG05B,GAClB,MAAQ68B,EAAGsB,IAAI33D,EAAGq2D,EAAGyB,MAAM,CACvB,GAAIzB,EAAGsB,IAAI33D,EAAGq2D,EAAG6B,MACb,OAAO7B,EAAG6B,KAEd,IAAI13C,EAAI,EACR,IAAK,IAAIlK,EAAK+/C,EAAGuB,IAAI53D,GAAIwgB,EAAI5c,IACrByyD,EAAGsB,IAAIrhD,EAAI+/C,EAAGyB,KADUt3C,IAG5BlK,EAAK+/C,EAAGuB,IAAIthD,GAGhB,MAAM6hD,EAAK9B,EAAGe,IAAIr9C,EAAGoI,IAAO/S,OAAOxL,EAAI4c,EAAI,IAC3CzG,EAAIs8C,EAAGuB,IAAIO,GACXx0D,EAAI0yD,EAAGriD,IAAIrQ,EAAGw0D,GACdn4D,EAAIq2D,EAAGriD,IAAIhU,EAAG+Z,GACdnW,EAAI4c,CAChB,CACQ,OAAO7c,CACV,CACL,CAyDWy0D,CAAcZ,EACzB,CAtLYpoD,OAAO,GAAWA,OAAO,IA0LrC,MAAMipD,GAAe,CACjB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAkFrB,SAASC,GAAQx4D,EAAGy4D,GAEvB,MAAMC,OAA6BjuE,IAAfguE,EAA2BA,EAAaz4D,EAAE6I,SAAS,GAAG5e,OAE1E,MAAO,CAAEwuE,WAAYC,EAAaC,YADd7nE,KAAKyQ,KAAKm3D,EAAc,GAEhD,CAgBO,SAASE,GAAMC,EAAOzD,EAAQhmD,GAAO,EAAO0pD,EAAQ,IACvD,GAAID,GAASz2C,GACT,MAAUx4B,MAAM,iCAAiCivE,GACrD,MAAQJ,WAAYM,EAAMJ,YAAaK,GAAUR,GAAQK,EAAOzD,GAChE,GAAI4D,EAAQ,KACR,MAAUpvE,MAAM,mDACpB,MAAMqvE,EAAQxB,GAAOoB,GACfvqC,EAAInmC,OAAO+wE,OAAO,CACpBL,QACAE,OACAC,QACAG,KAAM9D,GAAQ0D,GACdX,KAAMh2C,GACN41C,IAAK31C,GACLjV,OAAS8E,GAAQqQ,GAAIrQ,EAAK2mD,GAC1BrC,QAAUtkD,IACN,GAAmB,iBAARA,EACP,MAAUtoB,MAAM,sDAAsDsoB,GAC1E,OAAOkQ,IAAOlQ,GAAOA,EAAM2mD,CAAK,EAEpCO,IAAMlnD,GAAQA,IAAQkQ,GACtBi3C,MAAQnnD,IAASA,EAAMmQ,MAASA,GAChC81C,IAAMjmD,GAAQqQ,IAAKrQ,EAAK2mD,GACxBhB,IAAK,CAACyB,EAAKC,IAAQD,IAAQC,EAC3BzB,IAAM5lD,GAAQqQ,GAAIrQ,EAAMA,EAAK2mD,GAC7BvsE,IAAK,CAACgtE,EAAKC,IAAQh3C,GAAI+2C,EAAMC,EAAKV,GAClCnzD,IAAK,CAAC4zD,EAAKC,IAAQh3C,GAAI+2C,EAAMC,EAAKV,GAClC3kD,IAAK,CAAColD,EAAKC,IAAQh3C,GAAI+2C,EAAMC,EAAKV,GAClCvB,IAAK,CAACplD,EAAK8hB,IA/GZ,SAAe1F,EAAGpc,EAAK8hB,GAG1B,GAAIA,EAAQ5R,GACR,MAAUx4B,MAAM,sBACpB,GAAIoqC,IAAU5R,GACV,OAAOkM,EAAE0pC,IACb,GAAIhkC,IAAU3R,GACV,OAAOnQ,EACX,IAAIsD,EAAI8Y,EAAE0pC,IACNvsD,EAAIyG,EACR,KAAO8hB,EAAQ5R,IACP4R,EAAQ3R,KACR7M,EAAI8Y,EAAEpa,IAAIsB,EAAG/J,IACjBA,EAAI6iB,EAAEwpC,IAAIrsD,GACVuoB,IAAU3R,GAEd,OAAO7M,CACX,CA6F6BgkD,CAAMlrC,EAAGpc,EAAK8hB,GACnCylC,IAAK,CAACH,EAAKC,IAAQh3C,GAAI+2C,EAAM9B,GAAO+B,EAAKV,GAAQA,GAEjDa,KAAOxnD,GAAQA,EAAMA,EACrBynD,KAAM,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAM,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAM,CAACP,EAAKC,IAAQD,EAAMC,EAC1BO,IAAM5nD,GAAQslD,GAAOtlD,EAAK2mD,GAC1BkB,KAAMjB,EAAMiB,MAAS,CAAC/5D,GAAMi5D,EAAM3qC,EAAGtuB,IACrCg6D,YAAc9yB,GAjGf,SAAuB5Y,EAAG2rC,GAC7B,MAAMpmD,EAAU7rB,MAAMiyE,EAAKhwE,QAErBiwE,EAAiBD,EAAKnoC,QAAO,CAAC6F,EAAKzlB,EAAK/nB,IACtCmkC,EAAE8qC,IAAIlnD,GACCylB,GACX9jB,EAAI1pB,GAAKwtC,EACFrJ,EAAEpa,IAAIyjB,EAAKzlB,KACnBoc,EAAE0pC,KAECmC,EAAW7rC,EAAEwrC,IAAII,GAQvB,OANAD,EAAKG,aAAY,CAACziC,EAAKzlB,EAAK/nB,IACpBmkC,EAAE8qC,IAAIlnD,GACCylB,GACX9jB,EAAI1pB,GAAKmkC,EAAEpa,IAAIyjB,EAAK9jB,EAAI1pB,IACjBmkC,EAAEpa,IAAIyjB,EAAKzlB,KACnBioD,GACItmD,CACX,CA8E8BwmD,CAAc/rC,EAAG4Y,GAGvCozB,KAAM,CAAC3zD,EAAGzG,EAAGsL,IAAOA,EAAItL,EAAIyG,EAC5B+H,QAAUwD,GAAS9C,EAAO2lD,GAAgB7iD,EAAK8mD,GAASlE,GAAgB5iD,EAAK8mD,GAC7EuB,UAAY/nE,IACR,GAAIA,EAAMvI,SAAW+uE,EACjB,MAAUpvE,MAAM,0BAA0BovE,UAAcxmE,EAAMvI,UAClE,OAAOmlB,EAAOylD,GAAgBriE,GAASoiE,GAAgBpiE,EAAM,IAGrE,OAAOrK,OAAO+wE,OAAO5qC,EACzB,CAkCO,SAASksC,GAAoBC,GAChC,GAA0B,iBAAfA,EACP,MAAU7wE,MAAM,8BACpB,MAAM+5B,EAAY82C,EAAW5xD,SAAS,GAAG5e,OACzC,OAAO6G,KAAKyQ,KAAKoiB,EAAY,EACjC,CAQO,SAAS+2C,GAAiBD,GAC7B,MAAMxwE,EAASuwE,GAAoBC,GACnC,OAAOxwE,EAAS6G,KAAKyQ,KAAKtX,EAAS,EACvC;;AC3YA,MAAMm4B,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAGbqrD,GAAmB,IAAI1D,QACvB2D,GAAmB,IAAI3D,QAYtB,SAAS4D,GAAKrvD,EAAGnH,GACpB,MAAMy2D,EAAkB,CAACC,EAAW3P,KAChC,MAAM+M,EAAM/M,EAAK4P,SACjB,OAAOD,EAAY5C,EAAM/M,CAAI,EAE3B6P,EAAa/pD,IACf,IAAKzB,OAAO6hD,cAAcpgD,IAAMA,GAAK,GAAKA,EAAI7M,EAC1C,MAAUza,MAAM,qBAAqBsnB,oBAAoB7M,KAAQ,EAEnEyT,EAAQ5G,IACV+pD,EAAU/pD,GAGV,MAAO,CAAEE,QAFOtgB,KAAKyQ,KAAK8C,EAAO6M,GAAK,EAEpBG,WADC,IAAMH,EAAI,GACC,EAElC,MAAO,CACH4pD,kBAEA,YAAAI,CAAapoD,EAAK9S,GACd,IAAIwV,EAAIhK,EAAE4sD,KACN3sD,EAAIqH,EACR,KAAO9S,EAAIoiB,IACHpiB,EAAIqiB,KACJ7M,EAAIA,EAAElpB,IAAImf,IACdA,EAAIA,EAAEzH,SACNhE,IAAMqiB,GAEV,OAAO7M,CACV,EAWD,gBAAA2lD,CAAiBroD,EAAK5B,GAClB,MAAME,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GAC/BkqD,EAAS,GACf,IAAI5lD,EAAI1C,EACJuoD,EAAO7lD,EACX,IAAK,IAAI8lD,EAAS,EAAGA,EAASlqD,EAASkqD,IAAU,CAC7CD,EAAO7lD,EACP4lD,EAAOjwE,KAAKkwE,GAEZ,IAAK,IAAIlxE,EAAI,EAAGA,EAAIknB,EAAYlnB,IAC5BkxE,EAAOA,EAAK/uE,IAAIkpB,GAChB4lD,EAAOjwE,KAAKkwE,GAEhB7lD,EAAI6lD,EAAKr3D,QACzB,CACY,OAAOo3D,CACV,EAQD,IAAAP,CAAK3pD,EAAGqqD,EAAav7D,GAGjB,MAAMoR,QAAEA,EAAOC,WAAEA,GAAeyG,EAAK5G,GACrC,IAAIsE,EAAIhK,EAAE4sD,KACN9pC,EAAI9iB,EAAEgwD,KACV,MAAMvpD,EAAO3C,OAAO,GAAK4B,EAAI,GACvBuqD,EAAY,GAAKvqD,EACjBwqD,EAAUpsD,OAAO4B,GACvB,IAAK,IAAIoqD,EAAS,EAAGA,EAASlqD,EAASkqD,IAAU,CAC7C,MAAMr6D,EAASq6D,EAASjqD,EAExB,IAAI0xB,EAAQtzB,OAAOzP,EAAIiS,GAEvBjS,IAAM07D,EAGF34B,EAAQ1xB,IACR0xB,GAAS04B,EACTz7D,GAAKqiB,IAST,MAAMs5C,EAAU16D,EACV26D,EAAU36D,EAASnQ,KAAK8xB,IAAImgB,GAAS,EACrC84B,EAAQP,EAAS,GAAM,EACvBQ,EAAQ/4B,EAAQ,EACR,IAAVA,EAEAzU,EAAIA,EAAEhiC,IAAIwuE,EAAgBe,EAAON,EAAYI,KAG7CnmD,EAAIA,EAAElpB,IAAIwuE,EAAgBgB,EAAOP,EAAYK,IAEjE,CAMY,MAAO,CAAEpmD,IAAG8Y,IACf,EACD,UAAAytC,CAAWrE,EAAG13D,EAAG/S,GACb,MAAMikB,EAAI0pD,GAAiBpqE,IAAIknE,IAAM,EAErC,IAAIsE,EAAOrB,GAAiBnqE,IAAIknE,GAMhC,OALKsE,IACDA,EAAO3zE,KAAK8yE,iBAAiBzD,EAAGxmD,GACtB,IAANA,GACAypD,GAAiBnwE,IAAIktE,EAAGzqE,EAAU+uE,KAEnC3zE,KAAKwyE,KAAK3pD,EAAG8qD,EAAMh8D,EAC7B,EAID,aAAAi8D,CAAcvE,EAAGxmD,GACb+pD,EAAU/pD,GACV0pD,GAAiBpwE,IAAIktE,EAAGxmD,GACxBypD,GAAiBuB,OAAOxE,EAC3B,EAET,CAYO,SAASyE,GAAU3wD,EAAG8qD,EAAO8E,EAAQgB,GAOxC,IAAKp0E,MAAMc,QAAQsyE,KAAYpzE,MAAMc,QAAQszE,IAAYA,EAAQnyE,SAAWmxE,EAAOnxE,OAC/E,MAAUL,MAAM,uDACpBwyE,EAAQ9xE,SAAQ,CAAC0X,EAAG7X,KAChB,IAAKmsE,EAAME,QAAQx0D,GACf,MAAUpY,MAAM,yBAAyBO,EAAI,IAErDixE,EAAO9wE,SAAQ,CAACkrB,EAAGrrB,KACf,KAAMqrB,aAAahK,GACf,MAAU5hB,MAAM,wBAAwBO,EAAI,IAEpD,MAAM44C,EAAQqyB,GAAO9lD,OAAO8rD,EAAOnxE,SAC7BonB,EAAa0xB,EAAQ,GAAKA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAIA,EAAQ,EAAI,EAC1Eo2B,GAAQ,GAAK9nD,GAAc,EAC3BgrD,EAAcr0E,MAAMmxE,EAAO,GAAGrpD,KAAKtE,EAAE4sD,MACrCkE,EAAWxrE,KAAK0P,OAAO81D,EAAMyC,KAAO,GAAK1nD,GAAcA,EAC7D,IAAIyJ,EAAMtP,EAAE4sD,KACZ,IAAK,IAAIjuE,EAAImyE,EAAUnyE,GAAK,EAAGA,GAAKknB,EAAY,CAC5CgrD,EAAQvsD,KAAKtE,EAAE4sD,MACf,IAAK,IAAI51D,EAAI,EAAGA,EAAI45D,EAAQnyE,OAAQuY,IAAK,CACrC,MAAM+5D,EAASH,EAAQ55D,GACjBugC,EAAQtzB,OAAQ8sD,GAAUjtD,OAAOnlB,GAAMmlB,OAAO6pD,IACpDkD,EAAQt5B,GAASs5B,EAAQt5B,GAAOz2C,IAAI8uE,EAAO54D,GACvD,CACQ,IAAIg6D,EAAOhxD,EAAE4sD,KAEb,IAAK,IAAI51D,EAAI65D,EAAQpyE,OAAS,EAAGwyE,EAAOjxD,EAAE4sD,KAAM51D,EAAI,EAAGA,IACnDi6D,EAAOA,EAAKnwE,IAAI+vE,EAAQ75D,IACxBg6D,EAAOA,EAAKlwE,IAAImwE,GAGpB,GADA3hD,EAAMA,EAAIxuB,IAAIkwE,GACJ,IAANryE,EACA,IAAK,IAAIqY,EAAI,EAAGA,EAAI6O,EAAY7O,IAC5BsY,EAAMA,EAAI9W,QAC1B,CACI,OAAO8W,CACX,CACO,SAAS4hD,GAAc3pE,GAY1B,ODRO0jE,GCHO1jE,EAAMwjE,GDDPgC,GAAazmC,QAAO,CAAC9kC,EAAKkpE,KACnClpE,EAAIkpE,GAAO,WACJlpE,IARK,CACZ6rE,MAAO,SACPM,KAAM,SACNH,MAAO,gBACPD,KAAM,mBCIVtC,GAAe1jE,EAAO,CAClBiN,EAAG,SACH4Z,EAAG,SACH+iD,GAAI,QACJC,GAAI,SACL,CACCnE,WAAY,gBACZE,YAAa,kBAGVxwE,OAAO+wE,OAAO,IACdV,GAAQzlE,EAAMiN,EAAGjN,EAAM0lE,eACvB1lE,EACEyiB,EAAGziB,EAAMwjE,GAAGsC,OAEzB;sECzNA,SAASgE,GAAmB/kD,QACNrtB,IAAdqtB,EAAK2iB,MACLg5B,GAAM,OAAQ37C,EAAK2iB,WACFhwC,IAAjBqtB,EAAKglD,SACLrJ,GAAM,UAAW37C,EAAKglD,QAC9B,CA4BA,MAAQlI,gBAAiBmI,GAAKxI,WAAYyI,IAAQC,GAQrCC,GAAM,CAEfC,IAAK,cAAqBvzE,MACtB,WAAA3B,CAAYy4B,EAAI,IACZx4B,MAAMw4B,EAClB,GAGI08C,KAAM,CACFr6D,OAAQ,CAACqD,EAAKlX,KACV,MAAQiuE,IAAKxK,GAAMuK,GACnB,GAAI92D,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIusD,EAAE,yBAChB,GAAkB,EAAdzjE,EAAKjF,OACL,MAAM,IAAI0oE,EAAE,6BAChB,MAAM0K,EAAUnuE,EAAKjF,OAAS,EACxByrB,EAAM4nD,GAAuBD,GACnC,GAAK3nD,EAAIzrB,OAAS,EAAK,IACnB,MAAM,IAAI0oE,EAAE,wCAEhB,MAAM4K,EAASF,EAAU,IAAMC,GAAwB5nD,EAAIzrB,OAAS,EAAK,KAAO,GAChF,MAAO,GAAGqzE,GAAuBl3D,KAAOm3D,IAAS7nD,IAAMxmB,GAAM,EAGjE,MAAAiU,CAAOiD,EAAKlX,GACR,MAAQiuE,IAAKxK,GAAMuK,GACnB,IAAI7yE,EAAM,EACV,GAAI+b,EAAM,GAAKA,EAAM,IACjB,MAAM,IAAIusD,EAAE,yBAChB,GAAIzjE,EAAKjF,OAAS,GAAKiF,EAAK7E,OAAW+b,EACnC,MAAM,IAAIusD,EAAE,yBAChB,MAAM6K,EAAQtuE,EAAK7E,KAEnB,IAAIJ,EAAS,EACb,MAF0B,IAARuzE,GAIb,CAED,MAAMD,EAAiB,IAARC,EACf,IAAKD,EACD,MAAM,IAAI5K,EAAE,qDAChB,GAAI4K,EAAS,EACT,MAAM,IAAI5K,EAAE,4CAChB,MAAM8K,EAAcvuE,EAAKmC,SAAShH,EAAKA,EAAMkzE,GAC7C,GAAIE,EAAYxzE,SAAWszE,EACvB,MAAM,IAAI5K,EAAE,yCAChB,GAAuB,IAAnB8K,EAAY,GACZ,MAAM,IAAI9K,EAAE,wCAChB,IAAK,MAAMzyD,KAAKu9D,EACZxzE,EAAUA,GAAU,EAAKiW,EAE7B,GADA7V,GAAOkzE,EACHtzE,EAAS,IACT,MAAM,IAAI0oE,EAAE,yCAChC,MAlBgB1oE,EAASuzE,EAmBb,MAAMv7D,EAAI/S,EAAKmC,SAAShH,EAAKA,EAAMJ,GACnC,GAAIgY,EAAEhY,SAAWA,EACb,MAAM,IAAI0oE,EAAE,kCAChB,MAAO,CAAE1wD,IAAGwoB,EAAGv7B,EAAKmC,SAAShH,EAAMJ,GACtC,GAMLyzE,KAAM,CACF,MAAA36D,CAAOmP,GACH,MAAQirD,IAAKxK,GAAMuK,GACnB,GAAIhrD,EAAMkQ,GACN,MAAM,IAAIuwC,EAAE,8CAChB,IAAIhxD,EAAM27D,GAAuBprD,GAIjC,GAFkC,EAA9BzC,OAAO5N,SAASF,EAAI,GAAI,MACxBA,EAAM,KAAOA,GACA,EAAbA,EAAI1X,OACJ,MAAM,IAAI0oE,EAAE,wBAChB,OAAOhxD,CACV,EACD,MAAAwB,CAAOjU,GACH,MAAQiuE,IAAKxK,GAAMuK,GACnB,GAAc,IAAVhuE,EAAK,GACL,MAAM,IAAIyjE,EAAE,uCAChB,GAAgB,IAAZzjE,EAAK,MAA2B,IAAVA,EAAK,IAC3B,MAAM,IAAIyjE,EAAE,uDAChB,OAAOoK,GAAI7tE,EACd,GAEL,KAAAyuE,CAAMh8D,GAEF,MAAQw7D,IAAKxK,EAAG+K,KAAME,EAAKR,KAAMS,GAAQX,GACnChuE,EAAsB,iBAARyS,EAAmBq7D,GAAIr7D,GAAOA,EAClDm8D,GAAU5uE,GACV,MAAQ+S,EAAG87D,EAAUtzC,EAAGuzC,GAAiBH,EAAI16D,OAAO,GAAMjU,GAC1D,GAAI8uE,EAAa/zE,OACb,MAAM,IAAI0oE,EAAE,+CAChB,MAAQ1wD,EAAGg8D,EAAQxzC,EAAGyzC,GAAeL,EAAI16D,OAAO,EAAM46D,IAC9C97D,EAAGk8D,EAAQ1zC,EAAG2zC,GAAeP,EAAI16D,OAAO,EAAM+6D,GACtD,GAAIE,EAAWn0E,OACX,MAAM,IAAI0oE,EAAE,+CAChB,MAAO,CAAE7uD,EAAG85D,EAAIz6D,OAAO86D,GAASj8D,EAAG47D,EAAIz6D,OAAOg7D,GACjD,EACD,UAAAE,CAAWnrC,GACP,MAAQkqC,KAAMS,EAAKH,KAAME,GAAQV,GAC3BoB,EAAM,GAAGT,EAAI96D,OAAO,EAAM66D,EAAI76D,OAAOmwB,EAAIpvB,MAAM+5D,EAAI96D,OAAO,EAAM66D,EAAI76D,OAAOmwB,EAAIlxB,MACrF,OAAO67D,EAAI96D,OAAO,GAAMu7D,EAC3B,GAICl8C,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAUA,OAAO,GAAG,MAAC6nD,GAAM7nD,OAAO,GAC/D,SAASivD,GAAkBzmD,GAC9B,MAAM0mD,EAjJV,SAA2BzrE,GACvB,MAAM+kB,EAAO4kD,GAAc3pE,GAC3B0rE,GAAkB3mD,EAAM,CACpBnR,EAAG,QACHzG,EAAG,SACJ,CACCw+D,yBAA0B,QAC1BC,eAAgB,UAChBC,cAAe,WACfC,cAAe,WACfC,mBAAoB,UACpBvE,UAAW,WACX7rD,QAAS,aAEb,MAAMqwD,KAAEA,EAAIxI,GAAEA,EAAE5vD,EAAEA,GAAMmR,EACxB,GAAIinD,EAAM,CACN,IAAKxI,EAAGsB,IAAIlxD,EAAG4vD,EAAG6B,MACd,MAAUxuE,MAAM,qEAEpB,GAAoB,iBAATm1E,GACc,iBAAdA,EAAKC,MACgB,mBAArBD,EAAKE,YACZ,MAAUr1E,MAAM,oEAE5B,CACI,OAAOzB,OAAO+wE,OAAO,IAAKphD,GAC9B,CAuHkBonD,CAAkBpnD,IAC1By+C,GAAEA,GAAOiI,EACTW,EAAKC,GAAUZ,EAAMx+D,EAAGw+D,EAAM/F,YAC9B/pD,EAAU8vD,EAAM9vD,SAC1B,EAAU02B,EAAIi6B,EAAOC,KACT,MAAM34D,EAAI04D,EAAME,WAChB,OAAOC,GAAe11E,WAAW8e,KAAK,CAAC,IAAQ2tD,EAAG7nD,QAAQ/H,EAAE9C,GAAI0yD,EAAG7nD,QAAQ/H,EAAEsc,GAChF,GACCs3C,EAAYiE,EAAMjE,WACnB,CAAC/nE,IAEE,MAAMib,EAAOjb,EAAMnB,SAAS,GAI5B,MAAO,CAAEwS,EAFC0yD,EAAGgE,UAAU9sD,EAAKpc,SAAS,EAAGklE,EAAGyC,QAE/B/1C,EADFszC,EAAGgE,UAAU9sD,EAAKpc,SAASklE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEzD,GAKL,SAASyG,EAAoB57D,GACzB,MAAM8C,EAAEA,EAACzG,EAAEA,GAAMs+D,EACXkB,EAAKnJ,EAAGuB,IAAIj0D,GACZ87D,EAAKpJ,EAAGriD,IAAIwrD,EAAI77D,GACtB,OAAO0yD,EAAGjqE,IAAIiqE,EAAGjqE,IAAIqzE,EAAIpJ,EAAGriD,IAAIrQ,EAAG8C,IAAKzG,EAChD,CAKI,IAAKq2D,EAAGsB,IAAItB,EAAGuB,IAAI0G,EAAM5B,IAAK6C,EAAoBjB,EAAM7B,KACpD,MAAU/yE,MAAM,+CAOpB,SAASg2E,EAAuB5mE,GAC5B,MAAQ0lE,yBAA0B7wD,EAAO8qD,YAAEA,EAAWgG,eAAEA,EAAgB3+D,EAAG6/D,GAAMrB,EACjF,GAAI3wD,GAA0B,iBAAR7U,EAAkB,CAIpC,GAHI8mE,GAAW9mE,KACXA,EAAM+mE,GAAc/mE,IAEL,iBAARA,IAAqB6U,EAAQtG,SAASvO,EAAI/O,QACjD,MAAUL,MAAM,eACpBoP,EAAMA,EAAI46D,SAAuB,EAAd+E,EAAiB,IAChD,CACQ,IAAIzmD,EACJ,IACIA,EACmB,iBAARlZ,EACDA,EACAgnE,GAAmBhL,GAAY,cAAeh8D,EAAK2/D,GACzE,CACQ,MAAO5pE,GACH,MAAUnF,MAAM,uBAAuB+uE,sCAAgD3/D,IACnG,CAIQ,OAHI2lE,IACAzsD,EAAM+tD,GAAQ/tD,EAAK2tD,IACvBK,GAAY,cAAehuD,EAAKmQ,GAAKw9C,GAC9B3tD,CACf,CACI,SAASiuD,EAAetnB,GACpB,KAAMA,aAAiBunB,GACnB,MAAUx2E,MAAM,2BAC5B,CAKI,MAAMy2E,EAAerJ,IAAS,CAACxhD,EAAG8qD,KAC9B,MAAQC,GAAI18D,EAAG28D,GAAIv9C,EAAGw9C,GAAIpyC,GAAM7Y,EAEhC,GAAI+gD,EAAGsB,IAAIxpC,EAAGkoC,EAAGyB,KACb,MAAO,CAAEn0D,IAAGof,KAChB,MAAMm2C,EAAM5jD,EAAE4jD,MAGJ,MAANkH,IACAA,EAAKlH,EAAM7C,EAAGyB,IAAMzB,EAAGuD,IAAIzrC,IAC/B,MAAMqyC,EAAKnK,EAAGriD,IAAIrQ,EAAGy8D,GACfK,EAAKpK,EAAGriD,IAAI+O,EAAGq9C,GACfM,EAAKrK,EAAGriD,IAAIma,EAAGiyC,GACrB,GAAIlH,EACA,MAAO,CAAEv1D,EAAG0yD,EAAG6B,KAAMn1C,EAAGszC,EAAG6B,MAC/B,IAAK7B,EAAGsB,IAAI+I,EAAIrK,EAAGyB,KACf,MAAUpuE,MAAM,oBACpB,MAAO,CAAEia,EAAG68D,EAAIz9C,EAAG09C,EAAI,IAIrBE,EAAkB7J,IAAUxhD,IAC9B,GAAIA,EAAE4jD,MAAO,CAIT,GAAIoF,EAAMM,qBAAuBvI,EAAG6C,IAAI5jD,EAAEgrD,IACtC,OACJ,MAAU52E,MAAM,kBAC5B,CAEQ,MAAMia,EAAEA,EAACof,EAAEA,GAAMzN,EAAE+pD,WAEnB,IAAKhJ,EAAGC,QAAQ3yD,KAAO0yD,EAAGC,QAAQvzC,GAC9B,MAAUr5B,MAAM,4BACpB,MAAMipB,EAAO0jD,EAAGuB,IAAI70C,GACd69C,EAAQrB,EAAoB57D,GAClC,IAAK0yD,EAAGsB,IAAIhlD,EAAMiuD,GACd,MAAUl3E,MAAM,qCACpB,IAAK4rB,EAAEopD,gBACH,MAAUh1E,MAAM,0CACpB,OAAO,CAAI,IAOf,MAAMw2E,EACF,WAAAn4E,CAAYs4E,EAAIC,EAAIC,GAIhB,GAHAp4E,KAAKk4E,GAAKA,EACVl4E,KAAKm4E,GAAKA,EACVn4E,KAAKo4E,GAAKA,EACA,MAANF,IAAehK,EAAGC,QAAQ+J,GAC1B,MAAU32E,MAAM,cACpB,GAAU,MAAN42E,IAAejK,EAAGC,QAAQgK,GAC1B,MAAU52E,MAAM,cACpB,GAAU,MAAN62E,IAAelK,EAAGC,QAAQiK,GAC1B,MAAU72E,MAAM,cACpBzB,OAAO+wE,OAAO7wE,KAC1B,CAGQ,iBAAO04E,CAAWvrD,GACd,MAAM3R,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EACxB,IAAKA,IAAM+gD,EAAGC,QAAQ3yD,KAAO0yD,EAAGC,QAAQvzC,GACpC,MAAUr5B,MAAM,wBACpB,GAAI4rB,aAAa4qD,EACb,MAAUx2E,MAAM,gCACpB,MAAMwvE,EAAOjvE,GAAMosE,EAAGsB,IAAI1tE,EAAGosE,EAAG6B,MAEhC,OAAIgB,EAAIv1D,IAAMu1D,EAAIn2C,GACPm9C,EAAMhI,KACV,IAAIgI,EAAMv8D,EAAGof,EAAGszC,EAAGyB,IACtC,CACQ,KAAIn0D,GACA,OAAOxb,KAAKk3E,WAAW17D,CACnC,CACQ,KAAIof,GACA,OAAO56B,KAAKk3E,WAAWt8C,CACnC,CAOQ,iBAAO+9C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOpuE,KAAKwoB,GAAMA,EAAEirD,MACjD,OAAOrF,EAAOpuE,KAAI,CAACwoB,EAAGrrB,IAAMqrB,EAAE+pD,SAAS0B,EAAM92E,MAAK6C,IAAIozE,EAAMW,WACxE,CAKQ,cAAOG,CAAQv/D,GACX,MAAM+1D,EAAI0I,EAAMW,WAAWxG,EAAUvF,GAAY,WAAYrzD,KAE7D,OADA+1D,EAAEyJ,iBACKzJ,CACnB,CAEQ,qBAAO0J,CAAevlE,GAClB,OAAOukE,EAAM5E,KAAK6F,SAASzB,EAAuB/jE,GAC9D,CAEQ,UAAOylE,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAelwD,GACXmwD,EAAKvF,cAAc5zE,KAAMgpB,EACrC,CAEQ,cAAA8vD,GACIN,EAAgBx4E,KAC5B,CACQ,QAAAo5E,GACI,MAAMx+C,EAAEA,GAAM56B,KAAKk3E,WACnB,GAAIhJ,EAAG8C,MACH,OAAQ9C,EAAG8C,MAAMp2C,GACrB,MAAUr5B,MAAM,8BAC5B,CAIQ,MAAAgiD,CAAOiN,GACHsnB,EAAetnB,GACf,MAAQ0nB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOv5E,MAC3Bk4E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAOlpB,EAC7BmpB,EAAKzL,EAAGsB,IAAItB,EAAGriD,IAAIwtD,EAAIK,GAAKxL,EAAGriD,IAAI2tD,EAAID,IACvCK,EAAK1L,EAAGsB,IAAItB,EAAGriD,IAAIytD,EAAII,GAAKxL,EAAGriD,IAAI4tD,EAAIF,IAC7C,OAAOI,GAAMC,CACzB,CAIQ,MAAAjH,GACI,OAAO,IAAIoF,EAAM/3E,KAAKk4E,GAAIhK,EAAG4B,IAAI9vE,KAAKm4E,IAAKn4E,KAAKo4E,GAC5D,CAKQ,MAAAz8D,GACI,MAAM2C,EAAEA,EAACzG,EAAEA,GAAMs+D,EACXlxC,EAAKipC,EAAGriD,IAAIhU,EAAGi3D,KACboJ,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOv5E,KACnC,IAAI65E,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACpC9hD,EAAKigD,EAAGriD,IAAIwtD,EAAIA,GAChBnrD,EAAKggD,EAAGriD,IAAIytD,EAAIA,GAChBnrD,EAAK+/C,EAAGriD,IAAI0tD,EAAIA,GAChBnrD,EAAK8/C,EAAGriD,IAAIwtD,EAAIC,GA4BpB,OA3BAlrD,EAAK8/C,EAAGjqE,IAAImqB,EAAIA,GAChB2rD,EAAK7L,EAAGriD,IAAIwtD,EAAIE,GAChBQ,EAAK7L,EAAGjqE,IAAI81E,EAAIA,GAChBF,EAAK3L,EAAGriD,IAAIvN,EAAGy7D,GACfD,EAAK5L,EAAGriD,IAAIoZ,EAAI9W,GAChB2rD,EAAK5L,EAAGjqE,IAAI41E,EAAIC,GAChBD,EAAK3L,EAAG7wD,IAAI6Q,EAAI4rD,GAChBA,EAAK5L,EAAGjqE,IAAIiqB,EAAI4rD,GAChBA,EAAK5L,EAAGriD,IAAIguD,EAAIC,GAChBD,EAAK3L,EAAGriD,IAAIuC,EAAIyrD,GAChBE,EAAK7L,EAAGriD,IAAIoZ,EAAI80C,GAChB5rD,EAAK+/C,EAAGriD,IAAIvN,EAAG6P,GACfC,EAAK8/C,EAAG7wD,IAAI4Q,EAAIE,GAChBC,EAAK8/C,EAAGriD,IAAIvN,EAAG8P,GACfA,EAAK8/C,EAAGjqE,IAAImqB,EAAI2rD,GAChBA,EAAK7L,EAAGjqE,IAAIgqB,EAAIA,GAChBA,EAAKigD,EAAGjqE,IAAI81E,EAAI9rD,GAChBA,EAAKigD,EAAGjqE,IAAIgqB,EAAIE,GAChBF,EAAKigD,EAAGriD,IAAIoC,EAAIG,GAChB0rD,EAAK5L,EAAGjqE,IAAI61E,EAAI7rD,GAChBE,EAAK+/C,EAAGriD,IAAIytD,EAAIC,GAChBprD,EAAK+/C,EAAGjqE,IAAIkqB,EAAIA,GAChBF,EAAKigD,EAAGriD,IAAIsC,EAAIC,GAChByrD,EAAK3L,EAAG7wD,IAAIw8D,EAAI5rD,GAChB8rD,EAAK7L,EAAGriD,IAAIsC,EAAID,GAChB6rD,EAAK7L,EAAGjqE,IAAI81E,EAAIA,GAChBA,EAAK7L,EAAGjqE,IAAI81E,EAAIA,GACT,IAAIhC,EAAM8B,EAAIC,EAAIC,EACrC,CAKQ,GAAA91E,CAAIusD,GACAsnB,EAAetnB,GACf,MAAQ0nB,GAAImB,EAAIlB,GAAImB,EAAIlB,GAAImB,GAAOv5E,MAC3Bk4E,GAAIsB,EAAIrB,GAAIsB,EAAIrB,GAAIsB,GAAOlpB,EACnC,IAAIqpB,EAAK3L,EAAG6B,KAAM+J,EAAK5L,EAAG6B,KAAMgK,EAAK7L,EAAG6B,KACxC,MAAMzxD,EAAI63D,EAAM73D,EACV2mB,EAAKipC,EAAGriD,IAAIsqD,EAAMt+D,EAAGi3D,IAC3B,IAAI7gD,EAAKigD,EAAGriD,IAAIwtD,EAAIG,GAChBtrD,EAAKggD,EAAGriD,IAAIytD,EAAIG,GAChBtrD,EAAK+/C,EAAGriD,IAAI0tD,EAAIG,GAChBtrD,EAAK8/C,EAAGjqE,IAAIo1E,EAAIC,GAChBn2C,EAAK+qC,EAAGjqE,IAAIu1E,EAAIC,GACpBrrD,EAAK8/C,EAAGriD,IAAIuC,EAAI+U,GAChBA,EAAK+qC,EAAGjqE,IAAIgqB,EAAIC,GAChBE,EAAK8/C,EAAG7wD,IAAI+Q,EAAI+U,GAChBA,EAAK+qC,EAAGjqE,IAAIo1E,EAAIE,GAChB,IAAIn2C,EAAK8qC,EAAGjqE,IAAIu1E,EAAIE,GA+BpB,OA9BAv2C,EAAK+qC,EAAGriD,IAAIsX,EAAIC,GAChBA,EAAK8qC,EAAGjqE,IAAIgqB,EAAIE,GAChBgV,EAAK+qC,EAAG7wD,IAAI8lB,EAAIC,GAChBA,EAAK8qC,EAAGjqE,IAAIq1E,EAAIC,GAChBM,EAAK3L,EAAGjqE,IAAIw1E,EAAIC,GAChBt2C,EAAK8qC,EAAGriD,IAAIuX,EAAIy2C,GAChBA,EAAK3L,EAAGjqE,IAAIiqB,EAAIC,GAChBiV,EAAK8qC,EAAG7wD,IAAI+lB,EAAIy2C,GAChBE,EAAK7L,EAAGriD,IAAIvN,EAAG6kB,GACf02C,EAAK3L,EAAGriD,IAAIoZ,EAAI9W,GAChB4rD,EAAK7L,EAAGjqE,IAAI41E,EAAIE,GAChBF,EAAK3L,EAAG7wD,IAAI6Q,EAAI6rD,GAChBA,EAAK7L,EAAGjqE,IAAIiqB,EAAI6rD,GAChBD,EAAK5L,EAAGriD,IAAIguD,EAAIE,GAChB7rD,EAAKggD,EAAGjqE,IAAIgqB,EAAIA,GAChBC,EAAKggD,EAAGjqE,IAAIiqB,EAAID,GAChBE,EAAK+/C,EAAGriD,IAAIvN,EAAG6P,GACfgV,EAAK+qC,EAAGriD,IAAIoZ,EAAI9B,GAChBjV,EAAKggD,EAAGjqE,IAAIiqB,EAAIC,GAChBA,EAAK+/C,EAAG7wD,IAAI4Q,EAAIE,GAChBA,EAAK+/C,EAAGriD,IAAIvN,EAAG6P,GACfgV,EAAK+qC,EAAGjqE,IAAIk/B,EAAIhV,GAChBF,EAAKigD,EAAGriD,IAAIqC,EAAIiV,GAChB22C,EAAK5L,EAAGjqE,IAAI61E,EAAI7rD,GAChBA,EAAKigD,EAAGriD,IAAIuX,EAAID,GAChB02C,EAAK3L,EAAGriD,IAAIuC,EAAIyrD,GAChBA,EAAK3L,EAAG7wD,IAAIw8D,EAAI5rD,GAChBA,EAAKigD,EAAGriD,IAAIuC,EAAIF,GAChB6rD,EAAK7L,EAAGriD,IAAIuX,EAAI22C,GAChBA,EAAK7L,EAAGjqE,IAAI81E,EAAI9rD,GACT,IAAI8pD,EAAM8B,EAAIC,EAAIC,EACrC,CACQ,QAAAC,CAASxpB,GACL,OAAOxwD,KAAKiE,IAAIusD,EAAMmiB,SAClC,CACQ,GAAA5B,GACI,OAAO/wE,KAAKujD,OAAOw0B,EAAMhI,KACrC,CACQ,IAAAyC,CAAK76D,GACD,OAAOwhE,EAAKzF,WAAW1zE,KAAM2X,EAAGogE,EAAMY,WAClD,CAMQ,cAAAsB,CAAeC,GACXrC,GAAY,SAAUqC,EAAIngD,GAAKo8C,EAAMx+D,GACrC,MAAMuqB,EAAI61C,EAAMhI,KAChB,GAAImK,IAAOngD,GACP,OAAOmI,EACX,GAAIg4C,IAAOlgD,GACP,OAAOh6B,KACX,MAAM02E,KAAEA,GAASP,EACjB,IAAKO,EACD,OAAOyC,EAAKtG,aAAa7yE,KAAMk6E,GAEnC,IAAIC,MAAEA,EAAK1xD,GAAEA,EAAE2xD,MAAEA,EAAK1xD,GAAEA,GAAOguD,EAAKE,YAAYsD,GAC5CG,EAAMn4C,EACNo4C,EAAMp4C,EACN9e,EAAIpjB,KACR,KAAOyoB,EAAKsR,IAAOrR,EAAKqR,IAChBtR,EAAKuR,KACLqgD,EAAMA,EAAIp2E,IAAImf,IACdsF,EAAKsR,KACLsgD,EAAMA,EAAIr2E,IAAImf,IAClBA,EAAIA,EAAEzH,SACN8M,IAAOuR,GACPtR,IAAOsR,GAOX,OALImgD,IACAE,EAAMA,EAAI1H,UACVyH,IACAE,EAAMA,EAAI3H,UACd2H,EAAM,IAAIvC,EAAM7J,EAAGriD,IAAIyuD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IAChDiC,EAAIp2E,IAAIq2E,EAC3B,CAUQ,QAAAtB,CAAS9E,GACL,MAAMwC,KAAEA,EAAM/+D,EAAG6/D,GAAMrB,EAEvB,IAAIa,EAAOuD,EACX,GAFA1C,GAAY,SAAU3D,EAAQl6C,GAAKw9C,GAE/Bd,EAAM,CACN,MAAMyD,MAAEA,EAAK1xD,GAAEA,EAAE2xD,MAAEA,EAAK1xD,GAAEA,GAAOguD,EAAKE,YAAY1C,GAClD,IAAM/mD,EAAGktD,EAAKp0C,EAAGu0C,GAAQx6E,KAAKwyE,KAAK/pD,IAC7B0E,EAAGmtD,EAAKr0C,EAAGw0C,GAAQz6E,KAAKwyE,KAAK9pD,GACnC2xD,EAAMlB,EAAK1G,gBAAgB0H,EAAOE,GAClCC,EAAMnB,EAAK1G,gBAAgB2H,EAAOE,GAClCA,EAAM,IAAIvC,EAAM7J,EAAGriD,IAAIyuD,EAAIpC,GAAIxB,EAAKC,MAAO2D,EAAInC,GAAImC,EAAIlC,IACvDpB,EAAQqD,EAAIp2E,IAAIq2E,GAChBC,EAAOC,EAAIv2E,IAAIw2E,EAC/B,KACiB,CACD,MAAMttD,EAAEA,EAAC8Y,EAAEA,GAAMjmC,KAAKwyE,KAAK0B,GAC3B8C,EAAQ7pD,EACRotD,EAAOt0C,CACvB,CAEY,OAAO8xC,EAAMY,WAAW,CAAC3B,EAAOuD,IAAO,EACnD,CAOQ,oBAAAG,CAAqBrpC,EAAG/yB,EAAGzG,GACvB,MAAM2yD,EAAIuN,EAAM5E,KACVtnD,EAAM,CAACwjD,EAAG/wD,IACVA,IAAMyb,IAAOzb,IAAM0b,IAAQq1C,EAAE9rB,OAAOinB,GAA2B6E,EAAE2J,SAAS16D,GAAjC+wD,EAAE4K,eAAe37D,GAC1DmU,EAAM5G,EAAI7rB,KAAMse,GAAGra,IAAI4nB,EAAIwlB,EAAGx5B,IACpC,OAAO4a,EAAIs+C,WAAQ3uE,EAAYqwB,CAC3C,CAIQ,QAAAykD,CAASe,GACL,OAAOD,EAAah4E,KAAMi4E,EACtC,CACQ,aAAA1B,GACI,MAAQhlD,EAAGopD,EAAQpE,cAAEA,GAAkBJ,EACvC,GAAIwE,IAAa3gD,GACb,OAAO,EACX,GAAIu8C,EACA,OAAOA,EAAcwB,EAAO/3E,MAChC,MAAUuB,MAAM,+DAC5B,CACQ,aAAAi1E,GACI,MAAQjlD,EAAGopD,EAAQnE,cAAEA,GAAkBL,EACvC,OAAIwE,IAAa3gD,GACNh6B,KACPw2E,EACOA,EAAcuB,EAAO/3E,MACzBA,KAAKi6E,eAAe9D,EAAM5kD,EAC7C,CACQ,UAAAqpD,CAAWC,GAAe,GAGtB,OAFAzP,GAAM,eAAgByP,GACtB76E,KAAK84E,iBACEzyD,EAAQ0xD,EAAO/3E,KAAM66E,EACxC,CACQ,KAAAvvC,CAAMuvC,GAAe,GAEjB,OADAzP,GAAM,eAAgByP,GACfnD,GAAc13E,KAAK46E,WAAWC,GACjD,EAEI9C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIrG,EAAGyB,KAC9CoI,EAAMhI,KAAO,IAAIgI,EAAM7J,EAAG6B,KAAM7B,EAAGyB,IAAKzB,EAAG6B,MAC3C,MAAM+K,EAAQ3E,EAAM/F,WACd+I,EAAO3G,GAAKuF,EAAO5B,EAAMO,KAAOjuE,KAAKyQ,KAAK4hE,EAAQ,GAAKA,GAE7D,MAAO,CACH3E,QACA4E,gBAAiBhD,EACjBR,yBACAH,sBACA4D,mBAnZJ,SAA4BnxD,GACxB,OAAOoxD,GAAWpxD,EAAKmQ,GAAKm8C,EAAMx+D,EAC1C,EAmZA,CAqBO,SAASujE,GAAYC,GACxB,MAAMhF,EArBV,SAAsBzrE,GAClB,MAAM+kB,EAAO4kD,GAAc3pE,GAU3B,OATA0rE,GAAkB3mD,EAAM,CACpB9hB,KAAM,OACNw9D,KAAM,WACNnuC,YAAa,YACd,CACCo+C,SAAU,WACVC,cAAe,WACfjpC,KAAM,YAEHtyC,OAAO+wE,OAAO,CAAEz+B,MAAM,KAAS3iB,GAC1C,CASkB6rD,CAAaH,IACrBjN,GAAEA,EAAIv2D,GAAmBw+D,EACzBoF,EAAgBrN,EAAGyC,MAAQ,EAC3B6K,EAAkB,EAAItN,EAAGyC,MAAQ,EACvC,SAAS8K,EAAKn9D,GACV,OAAOs5D,GAAQt5D,EAAGo9D,EAC1B,CACI,SAASC,EAAKr9D,GACV,OAAOs9D,GAAWt9D,EAAGo9D,EAC7B,CACI,MAAQX,gBAAiBhD,EAAKR,uBAAEA,EAAsBH,oBAAEA,EAAmB4D,mBAAEA,GAAwB9E,GAAkB,IAChHC,EACH,OAAA9vD,CAAQ02B,EAAIi6B,EAAO6D,GACf,MAAMv8D,EAAI04D,EAAME,WACV17D,EAAI0yD,EAAG7nD,QAAQ/H,EAAE9C,GACjBqgE,EAAM1E,GAEZ,OADA/L,GAAM,eAAgByP,GAClBA,EACOgB,EAAIp6E,WAAW8e,KAAK,CAACy2D,EAAMoC,WAAa,EAAO,IAAQ59D,GAGvDqgE,EAAIp6E,WAAW8e,KAAK,CAAC,IAAQ/E,EAAG0yD,EAAG7nD,QAAQ/H,EAAEsc,GAE3D,EACD,SAAAs3C,CAAU/nE,GACN,MAAMkjB,EAAMljB,EAAMvI,OACZm9C,EAAO50C,EAAM,GACbib,EAAOjb,EAAMnB,SAAS,GAE5B,GAAIqkB,IAAQkuD,GAA2B,IAATx8B,GAA0B,IAATA,EAoB1C,IAAI1xB,IAAQmuD,GAA4B,IAATz8B,EAAe,CAG/C,MAAO,CAAEvjC,EAFC0yD,EAAGgE,UAAU9sD,EAAKpc,SAAS,EAAGklE,EAAGyC,QAE/B/1C,EADFszC,EAAGgE,UAAU9sD,EAAKpc,SAASklE,EAAGyC,MAAO,EAAIzC,EAAGyC,QAEtE,CAEgB,MAAUpvE,MAAM,mBAAmB8rB,2BAA6BkuD,yBAAqCC,uBACrH,CA3B2E,CAC3D,MAAMhgE,EAAIm8D,GAAmBvyD,GAC7B,IAAK61D,GAAWz/D,EAAGwe,GAAKk0C,EAAGsC,OACvB,MAAUjvE,MAAM,yBACpB,MAAMu6E,EAAK1E,EAAoB57D,GAC/B,IAAIof,EACJ,IACIA,EAAIszC,EAAGwD,KAAKoK,EAChC,CACgB,MAAOC,GACH,MAAMC,EAASD,aAAqBx6E,MAAQ,KAAOw6E,EAAUxoE,QAAU,GACvE,MAAUhS,MAAM,wBAA0By6E,EAC9D,CAMgB,QAHiC,GAAdj9B,OAFHnkB,EAAIZ,MAASA,MAIzBY,EAAIszC,EAAG4B,IAAIl1C,IACR,CAAEpf,IAAGof,IAC5B,CASS,IAECqhD,EAAiBpyD,GAAQ6tD,GAAcwE,GAAmBryD,EAAKssD,EAAM7F,cAC3E,SAAS6L,EAAsBhhD,GAE3B,OAAOA,EADMugD,GAAe1hD,EAEpC,CAKI,MAAMoiD,EAAS,CAACvkE,EAAG0I,EAAM0pD,IAAO0N,GAAmB9/D,EAAElV,MAAM4d,EAAM0pD,IAIjE,MAAMpW,EACF,WAAAj0D,CAAY6b,EAAG9B,EAAG0iE,GACdr8E,KAAKyb,EAAIA,EACTzb,KAAK2Z,EAAIA,EACT3Z,KAAKq8E,SAAWA,EAChBr8E,KAAK84E,gBACjB,CAEQ,kBAAOwD,CAAYhjE,GACf,MAAM8oB,EAAI+zC,EAAM7F,YAEhB,OADAh3D,EAAMqzD,GAAY,mBAAoBrzD,EAAS,EAAJ8oB,GACpC,IAAIyxB,EAAUuoB,EAAO9iE,EAAK,EAAG8oB,GAAIg6C,EAAO9iE,EAAK8oB,EAAG,EAAIA,GACvE,CAGQ,cAAOm6C,CAAQjjE,GACX,MAAMmC,EAAEA,EAAC9B,EAAEA,GAAMk7D,GAAIS,MAAM3I,GAAY,MAAOrzD,IAC9C,OAAO,IAAIu6C,EAAUp4C,EAAG9B,EACpC,CACQ,cAAAm/D,GACIjB,GAAY,IAAK73E,KAAKyb,EAAGue,GAAK0hD,GAC9B7D,GAAY,IAAK73E,KAAK2Z,EAAGqgB,GAAK0hD,EAC1C,CACQ,cAAAc,CAAeH,GACX,OAAO,IAAIxoB,EAAU7zD,KAAKyb,EAAGzb,KAAK2Z,EAAG0iE,EACjD,CACQ,gBAAAI,CAAiBC,GACb,MAAMjhE,EAAEA,EAAC9B,EAAEA,EAAG0iE,SAAUM,GAAQ38E,KAC1BuxB,EAAI8pD,EAAc1O,GAAY,UAAW+P,IAC/C,GAAW,MAAPC,IAAgB,CAAC,EAAG,EAAG,EAAG,GAAGz9D,SAASy9D,GACtC,MAAUp7E,MAAM,uBACpB,MAAMq7E,EAAe,IAARD,GAAqB,IAARA,EAAYlhE,EAAI06D,EAAMx+D,EAAI8D,EACpD,GAAImhE,GAAQ1O,EAAGsC,MACX,MAAUjvE,MAAM,8BACpB,MAAM4X,EAAgB,EAANwjE,EAAwB,KAAP,KAC3BE,EAAI9E,EAAMc,QAAQ1/D,EAAS8iE,EAAcW,IACzCE,EAAKnB,EAAKiB,GACVjoC,EAAK8mC,GAAMlqD,EAAIurD,GACfloC,EAAK6mC,EAAK9hE,EAAImjE,GACdzrC,EAAI0mC,EAAM5E,KAAKuH,qBAAqBmC,EAAGloC,EAAIC,GACjD,IAAKvD,EACD,MAAU9vC,MAAM,qBAEpB,OADA8vC,EAAEynC,iBACKznC,CACnB,CAEQ,QAAA0rC,GACI,OAAOZ,EAAsBn8E,KAAK2Z,EAC9C,CACQ,UAAAqjE,GACI,OAAOh9E,KAAK+8E,WAAa,IAAIlpB,EAAU7zD,KAAKyb,EAAGggE,GAAMz7E,KAAK2Z,GAAI3Z,KAAKq8E,UAAYr8E,IAC3F,CAEQ,aAAAi9E,GACI,OAAOC,GAAcl9E,KAAKm9E,WACtC,CACQ,QAAAA,GACI,OAAOtI,GAAImB,WAAW,CAAEv6D,EAAGzb,KAAKyb,EAAG9B,EAAG3Z,KAAK2Z,GACvD,CAEQ,iBAAAyjE,GACI,OAAOF,GAAcl9E,KAAKq9E,eACtC,CACQ,YAAAA,GACI,OAAOpB,EAAcj8E,KAAKyb,GAAKwgE,EAAcj8E,KAAK2Z,EAC9D,EAEI,MAAMyzB,EAAQ,CACV,iBAAAkwC,CAAkB9pE,GACd,IAEI,OADA+jE,EAAuB/jE,IAChB,CACvB,CACY,MAAO9M,GACH,OAAO,CACvB,CACS,EACD6wE,uBAAwBA,EAKxBlqC,iBAAkB,KACd,MAAMzrC,EAAS27E,GAAqBpH,EAAMx+D,GAC1C,OFzWL,SAAwBhH,EAAKyhE,EAAYrrD,GAAO,GACnD,MAAMsG,EAAM1c,EAAI/O,OACV47E,EAAWrL,GAAoBC,GAC/BqL,EAASpL,GAAiBD,GAEhC,GAAI/kD,EAAM,IAAMA,EAAMowD,GAAUpwD,EAAM,KAClC,MAAU9rB,MAAM,YAAYk8E,8BAAmCpwD,KACnE,MAEM8M,EAAUD,GAFJnT,EAAOwlD,GAAgB57D,GAAO67D,GAAgB77D,GAEjCyhE,EAAap4C,IAAOA,GAC7C,OAAOjT,EAAO2lD,GAAgBvyC,EAASqjD,GAAY/Q,GAAgBtyC,EAASqjD,EAChF,CE8VmBE,CAAmBvH,EAAMn5C,YAAYp7B,GAASu0E,EAAMx+D,EAAE,EAUjEgmE,WAAU,CAAC30D,EAAa,EAAGguD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAelwD,GACrBguD,EAAMgC,SAAS/xD,OAAO,IACf+vD,IAef,SAAS4G,EAAU7a,GACf,MAAM78C,EAAMuxD,GAAW1U,GACjBjpD,EAAsB,iBAATipD,EACb11C,GAAOnH,GAAOpM,IAAQipD,EAAKnhE,OACjC,OAAIskB,EACOmH,IAAQkuD,GAAiBluD,IAAQmuD,EACxC1hE,EACOuT,IAAQ,EAAIkuD,GAAiBluD,IAAQ,EAAImuD,EAChDzY,aAAgBgV,CAG5B,CAuBI,MAAMqD,EAAWjF,EAAMiF,UACnB,SAAUjxE,GAGN,MAAM0f,EAAM8tD,GAAmBxtE,GACzB0zE,EAAuB,EAAf1zE,EAAMvI,OAAau0E,EAAM/F,WACvC,OAAOyN,EAAQ,EAAIh0D,GAAO5C,OAAO42D,GAASh0D,CAC7C,EACCwxD,EAAgBlF,EAAMkF,eACxB,SAAUlxE,GACN,OAAOsxE,EAAKL,EAASjxE,GACxB,EAEC2zE,EAAaC,GAAW5H,EAAM/F,YAIpC,SAAS4N,EAAWn0D,GAGhB,OAFAguD,GAAY,WAAW1B,EAAM/F,WAAcvmD,EAAKkQ,GAAK+jD,GAE9C5B,GAAmBryD,EAAKssD,EAAM7F,YAC7C,CAMI,SAAS2N,EAAQvB,EAASlpE,EAAYic,EAAOyuD,GACzC,GAAI,CAAC,YAAa,aAAax5E,MAAM6U,GAAMA,KAAKkW,IAC5C,MAAUluB,MAAM,uCACpB,MAAMoM,KAAEA,EAAIqvB,YAAEA,GAAgBm5C,EAC9B,IAAI/jC,KAAEA,EAAIqiC,QAAEA,EAAS0J,aAAcC,GAAQ3uD,EAC/B,MAAR2iB,IACAA,GAAO,GACXsqC,EAAU/P,GAAY,UAAW+P,GACjClI,GAAmB/kD,GACfglD,IACAiI,EAAU/P,GAAY,oBAAqBh/D,EAAK+uE,KAIpD,MAAM2B,EAAQhD,EAAcqB,GACtBt5D,EAAIm0D,EAAuB/jE,GAC3B8qE,EAAW,CAACN,EAAW56D,GAAI46D,EAAWK,IAE5C,GAAW,MAAPD,IAAuB,IAARA,EAAe,CAE9B,MAAMl6E,GAAY,IAARk6E,EAAephD,EAAYkxC,EAAGyC,OAASyN,EACjDE,EAASx7E,KAAK6pE,GAAY,eAAgBzoE,GACtD,CACQ,MAAM8mC,EAAOmsC,MAAkBmH,GACzBjmD,EAAIgmD,EA0BV,MAAO,CAAErzC,OAAMuzC,MAxBf,SAAeC,GAEX,MAAMjlE,EAAI6hE,EAASoD,GACnB,IAAKxD,EAAmBzhE,GACpB,OACJ,MAAMklE,EAAK9C,EAAKpiE,GACVoK,EAAIo0D,EAAM5E,KAAK6F,SAASz/D,GAAG29D,WAC3Bz7D,EAAIggE,EAAK93D,EAAEnI,GACjB,GAAIC,IAAMse,GACN,OAIJ,MAAMpgB,EAAI8hE,EAAKgD,EAAKhD,EAAKpjD,EAAI5c,EAAI2H,IACjC,GAAIzJ,IAAMogB,GACN,OACJ,IAAIsiD,GAAY14D,EAAEnI,IAAMC,EAAI,EAAI,GAAK2L,OAAOzD,EAAEiX,EAAIZ,IAC9C0kD,EAAQ/kE,EAKZ,OAJIy4B,GAAQ+pC,EAAsBxiE,KAC9B+kE,EAlOZ,SAAoB/kE,GAChB,OAAOwiE,EAAsBxiE,GAAK8hE,GAAM9hE,GAAKA,CACrD,CAgOwBqjE,CAAWrjE,GACnB0iE,GAAY,GAET,IAAIxoB,EAAUp4C,EAAGijE,EAAOrC,EAC3C,EAEA,CACI,MAAM6B,EAAiB,CAAE9rC,KAAM+jC,EAAM/jC,KAAMqiC,SAAS,GAC9CkK,EAAiB,CAAEvsC,KAAM+jC,EAAM/jC,KAAMqiC,SAAS,GAwFpD,OAnEAsD,EAAM5E,KAAK+F,eAAe,GAmEnB,CACH/C,QACA7oC,aAlNJ,SAAsB95B,EAAYqnE,GAAe,GAC7C,OAAO9C,EAAMgB,eAAevlE,GAAYonE,WAAWC,EAC3D,EAiNQzrC,gBAvLJ,SAAyBwvC,EAAUC,EAAShE,GAAe,GACvD,GAAI+C,EAAUgB,GACV,MAAUr9E,MAAM,iCACpB,IAAKq8E,EAAUiB,GACX,MAAUt9E,MAAM,iCAEpB,OADUw2E,EAAMc,QAAQgG,GACf7F,SAASzB,EAAuBqH,IAAWhE,WAAWC,EACvE,EAiLQ16C,KA9EJ,SAAcu8C,EAASoC,EAASrvD,EAAOyuD,GACnC,MAAMlzC,KAAEA,EAAIuzC,MAAEA,GAAUN,EAAQvB,EAASoC,EAASrvD,GAC5C6kB,EAAI6hC,EAEV,OADa4I,GAAkBzqC,EAAE3mC,KAAKqY,UAAWsuB,EAAEg8B,YAAah8B,EAAE62B,KAC3D6T,CAAKh0C,EAAMuzC,EAC1B,EA0EQ79C,OAzDJ,SAAgB7xB,EAAW6tE,EAAS3wE,EAAW0jB,EAAOkvD,GAClD,MAAMM,EAAKpwE,EAGX,GAFA6tE,EAAU/P,GAAY,UAAW+P,GACjC3wE,EAAY4gE,GAAY,YAAa5gE,GACjC,WAAY0jB,EACZ,MAAUluB,MAAM,sCACpBizE,GAAmB/kD,GACnB,MAAM2iB,KAAEA,EAAIqiC,QAAEA,GAAYhlD,EAC1B,IAAIyvD,EACA7P,EACJ,IACI,GAAkB,iBAAP4P,GAAmBxH,GAAWwH,GAGrC,IACIC,EAAOrrB,EAAU0oB,QAAQ0C,EAC7C,CACgB,MAAOE,GACH,KAAMA,aAAoBtK,GAAIC,KAC1B,MAAMqK,EACVD,EAAOrrB,EAAUyoB,YAAY2C,EACjD,KAEiB,IAAkB,iBAAPA,GAAmC,iBAATA,EAAGxjE,GAAkC,iBAATwjE,EAAGtlE,EAKrE,MAAUpY,MAAM,SALqE,CACrF,MAAMka,EAAEA,EAAC9B,EAAEA,GAAMslE,EACjBC,EAAO,IAAIrrB,EAAUp4C,EAAG9B,EACxC,CAGA,CACY01D,EAAI0I,EAAMc,QAAQ9sE,EAC9B,CACQ,MAAOrF,GACH,GAAsB,UAAlBA,EAAM6M,QACN,MAAUhS,MAAM,kEACpB,OAAO,CACnB,CACQ,GAAI6wC,GAAQ8sC,EAAKnC,WACb,OAAO,EACPtI,IACAiI,EAAUvG,EAAMxoE,KAAK+uE,IACzB,MAAMjhE,EAAEA,EAAC9B,EAAEA,GAAMulE,EACX3tD,EAAI8pD,EAAcqB,GAClB0C,EAAKzD,EAAKhiE,GACVg7B,EAAK8mC,EAAKlqD,EAAI6tD,GACdxqC,EAAK6mC,EAAKhgE,EAAI2jE,GACdvC,EAAI9E,EAAM5E,KAAKuH,qBAAqBrL,EAAG16B,EAAIC,IAAKsiC,WACtD,QAAK2F,GAEKpB,EAAKoB,EAAErhE,KACJC,CACrB,EAOQs/D,gBAAiBhD,EACjBlkB,YACAzmB,QAER;sECj/BO,SAASiyC,GAAQ1xE,GACpB,MAAO,CACHA,OACAw9D,KAAM,CAACx6D,KAAQ2uE,IAASnU,GAAKx9D,EAAMgD,EAAKgiB,MAAe2sD,IACvDtiD,eAER,CACO,SAASuiD,GAAYpE,EAAUqE,GAClC,MAAMz6D,EAAUpX,GAASutE,GAAY,IAAKC,KAAakE,GAAQ1xE,KAC/D,OAAO7N,OAAO+wE,OAAO,IAAK9rD,EAAOy6D,GAAUz6D,UAC/C;sED4IgFkC,OAAO,GEnJvF,MAAMinD,GAAKqC,GAAMtpD,OAAO,uEAIXrc,GAAO20E,GAAY,CAC5BjhE,EAJY4vD,GAAGnpD,OAAOkC,OAAO,OAK7BpP,EAJYoP,OAAO,sEAKvBinD,GAAIA,GAEAv2D,EAAGsP,OAAO,sEAEVqtD,GAAIrtD,OAAO,sEACXstD,GAAIttD,OAAO,sEACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACPrkC,ICvBG0xE,kBAA6Bx4D,OAAO,GAAK,GAAK,GAC9CD,kBAAuBC,OAAO,IAEpC,SAASy4D,GAAQ/nE,EAAG6hC,GAAK,GACrB,OAAIA,EACO,CAAEjoB,EAAGnK,OAAOzP,EAAI8nE,IAAar9C,EAAGhb,OAAQzP,GAAKqP,GAAQy4D,KACzD,CAAEluD,EAAsC,EAAnCnK,OAAQzP,GAAKqP,GAAQy4D,IAAiBr9C,EAA4B,EAAzBhb,OAAOzP,EAAI8nE,IACpE,CACA,SAAShiE,GAAMohC,EAAKrF,GAAK,GACrB,IAAImmC,EAAK,IAAIx/D,YAAY0+B,EAAIj9C,QACzBg+E,EAAK,IAAIz/D,YAAY0+B,EAAIj9C,QAC7B,IAAK,IAAIE,EAAI,EAAGA,EAAI+8C,EAAIj9C,OAAQE,IAAK,CACjC,MAAMyvB,EAAEA,EAAC6Q,EAAEA,GAAMs9C,GAAQ7gC,EAAI/8C,GAAI03C,IAChCmmC,EAAG79E,GAAI89E,EAAG99E,IAAM,CAACyvB,EAAG6Q,EAC7B,CACI,MAAO,CAACu9C,EAAIC,EAChB,CACA,MAcMC,GAAS,CAACtuD,EAAG6Q,EAAGzoB,IAAO4X,GAAK5X,EAAMyoB,IAAO,GAAKzoB,EAC9CmmE,GAAS,CAACvuD,EAAG6Q,EAAGzoB,IAAOyoB,GAAKzoB,EAAM4X,IAAO,GAAK5X,EAE9ComE,GAAS,CAACxuD,EAAG6Q,EAAGzoB,IAAOyoB,GAAMzoB,EAAI,GAAQ4X,IAAO,GAAK5X,EACrDqmE,GAAS,CAACzuD,EAAG6Q,EAAGzoB,IAAO4X,GAAM5X,EAAI,GAAQyoB,IAAO,GAAKzoB,EAQ3D,MASMsmE,GAAM,CACRP,WAASjiE,SAAOyiE,MApCN,CAAC3uD,EAAG6Q,IAAOnb,OAAOsK,IAAM,IAAMvK,GAAQC,OAAOmb,IAAM,GAqC7D+9C,MAnCU,CAAC5uD,EAAG6uD,EAAIzmE,IAAM4X,IAAM5X,EAmCvB0mE,MAlCG,CAAC9uD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAMzoB,EAmChD2mE,OAjCW,CAAC/uD,EAAG6Q,EAAGzoB,IAAO4X,IAAM5X,EAAMyoB,GAAM,GAAKzoB,EAiCxC4mE,OAhCG,CAAChvD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAMzoB,EAgCjC6mE,OA9BL,CAACjvD,EAAG6Q,EAAGzoB,IAAO4X,GAAM,GAAK5X,EAAOyoB,IAAOzoB,EAAI,GA8B9B8mE,OA7Bb,CAAClvD,EAAG6Q,EAAGzoB,IAAO4X,IAAO5X,EAAI,GAAQyoB,GAAM,GAAKzoB,EA8BvD+mE,QA5BY,CAACC,EAAIv+C,IAAMA,EA4Bdw+C,QA3BG,CAACrvD,EAAG6uD,IAAO7uD,EA4BvBsuD,UAAQC,UAAQC,UAAQC,UACxB/7E,IApBJ,SAAa07E,EAAIC,EAAIiB,EAAIC,GACrB,MAAM1+C,GAAKw9C,IAAO,IAAMkB,IAAO,GAC/B,MAAO,CAAEvvD,EAAIouD,EAAKkB,GAAOz+C,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACxD,EAiBS2+C,MAfK,CAACnB,EAAIkB,EAAIE,KAAQpB,IAAO,IAAMkB,IAAO,IAAME,IAAO,GAehDC,MAdF,CAACC,EAAKvB,EAAIkB,EAAIM,IAAQxB,EAAKkB,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EAcrDE,MAbT,CAACxB,EAAIkB,EAAIE,EAAIK,KAAQzB,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,GAanDC,MAZhB,CAACJ,EAAKvB,EAAIkB,EAAIM,EAAII,IAAQ5B,EAAKkB,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAYhDM,MAVvB,CAACN,EAAKvB,EAAIkB,EAAIM,EAAII,EAAIE,IAAQ9B,EAAKkB,EAAKM,EAAKI,EAAKE,GAAOP,EAAM,GAAK,GAAM,GAAM,EAUlDQ,MAX9B,CAAC9B,EAAIkB,EAAIE,EAAIK,EAAIM,KAAQ/B,IAAO,IAAMkB,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMM,IAAO,KC1C3FC,GAAWC,mBAA6B,KAAO5B,GAAIxiE,MAAM,CAC5D,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,qBAClE,qBAAsB,qBAAsB,qBAAsB,sBACpE9Y,KAAIgT,GAAKsP,OAAOtP,MArB6B,GAuBzCmqE,kBAA6B,IAAI3hE,YAAY,IAC7C4hE,kBAA6B,IAAI5hE,YAAY,IAC5C,MAAM6hE,WAAerY,GACxB,WAAA/pE,GACIC,MAAM,IAAK,GAAI,IAAI,GAKnBG,KAAK2/E,GAAK,WACV3/E,KAAK4/E,IAAK,UACV5/E,KAAK6gF,IAAK,WACV7gF,KAAK8gF,IAAK,WACV9gF,KAAKmhF,GAAK,WACVnhF,KAAKghF,IAAK,SACVhhF,KAAKuhF,IAAK,WACVvhF,KAAKqhF,GAAK,WACVrhF,KAAKyhF,GAAK,WACVzhF,KAAK2hF,IAAK,WACV3hF,KAAKiiF,IAAK,WACVjiF,KAAKkiF,GAAK,UACVliF,KAAKmiF,GAAK,UACVniF,KAAKoiF,IAAK,SACVpiF,KAAKqiF,GAAK,WACVriF,KAAKsiF,GAAK,SAClB,CAEI,GAAAn6E,GACI,MAAMw3E,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOtiF,KAC3E,MAAO,CAAC2/E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC5E,CAEI,GAAAngF,CAAIw9E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,GAC5DtiF,KAAK2/E,GAAU,EAALA,EACV3/E,KAAK4/E,GAAU,EAALA,EACV5/E,KAAK6gF,GAAU,EAALA,EACV7gF,KAAK8gF,GAAU,EAALA,EACV9gF,KAAKmhF,GAAU,EAALA,EACVnhF,KAAKghF,GAAU,EAALA,EACVhhF,KAAKuhF,GAAU,EAALA,EACVvhF,KAAKqhF,GAAU,EAALA,EACVrhF,KAAKyhF,GAAU,EAALA,EACVzhF,KAAK2hF,GAAU,EAALA,EACV3hF,KAAKiiF,GAAU,EAALA,EACVjiF,KAAKkiF,GAAU,EAALA,EACVliF,KAAKmiF,GAAU,EAALA,EACVniF,KAAKoiF,GAAU,EAALA,EACVpiF,KAAKqiF,GAAU,EAALA,EACVriF,KAAKsiF,GAAU,EAALA,CAClB,CACI,OAAAl/E,CAAQ0jB,EAAMlO,GAEV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnCkpE,GAAWhgF,GAAKglB,EAAK0B,UAAU5P,GAC/BmpE,GAAWjgF,GAAKglB,EAAK0B,UAAW5P,GAAU,GAE9C,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IAAK,CAE1B,MAAMygF,EAA4B,EAArBT,GAAWhgF,EAAI,IACtB0gF,EAA4B,EAArBT,GAAWjgF,EAAI,IACtB2gF,EAAMxC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIK,OAAOiC,EAAMC,EAAM,GAAKvC,GAAIE,MAAMoC,EAAMC,EAAM,GACpFE,EAAMzC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAIM,OAAOgC,EAAMC,EAAM,GAAKvC,GAAII,MAAMkC,EAAMC,EAAM,GAEpFG,EAA0B,EAApBb,GAAWhgF,EAAI,GACrB8gF,EAA0B,EAApBb,GAAWjgF,EAAI,GACrB+gF,EAAM5C,GAAIK,OAAOqC,EAAKC,EAAK,IAAM3C,GAAIO,OAAOmC,EAAKC,EAAK,IAAM3C,GAAIE,MAAMwC,EAAKC,EAAK,GAChFE,EAAM7C,GAAIM,OAAOoC,EAAKC,EAAK,IAAM3C,GAAIQ,OAAOkC,EAAKC,EAAK,IAAM3C,GAAII,MAAMsC,EAAKC,EAAK,GAEhFG,EAAO9C,GAAImB,MAAMsB,EAAKI,EAAKf,GAAWjgF,EAAI,GAAIigF,GAAWjgF,EAAI,KAC7DkhF,EAAO/C,GAAIqB,MAAMyB,EAAMN,EAAKI,EAAKf,GAAWhgF,EAAI,GAAIggF,GAAWhgF,EAAI,KACzEggF,GAAWhgF,GAAY,EAAPkhF,EAChBjB,GAAWjgF,GAAY,EAAPihF,CAC5B,CACQ,IAAIpD,GAAEA,EAAEC,GAAEA,EAAEiB,GAAEA,EAAEC,GAAEA,EAAEK,GAAEA,EAAEH,GAAEA,EAAEO,GAAEA,EAAEF,GAAEA,EAAEI,GAAEA,EAAEE,GAAEA,EAAEM,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOtiF,KAEzE,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAEzB,MAAMmhF,EAAUhD,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIK,OAAOmB,EAAIE,EAAI,IAAM1B,GAAIO,OAAOiB,EAAIE,EAAI,IAC/EuB,EAAUjD,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIM,OAAOkB,EAAIE,EAAI,IAAM1B,GAAIQ,OAAOgB,EAAIE,EAAI,IAE/EwB,EAAQ1B,EAAKQ,GAAQR,EAAKU,EAC1BiB,EAAQzB,EAAKO,GAAQP,EAAKS,EAG1BiB,EAAOpD,GAAIyB,MAAMY,EAAIY,EAASE,EAAMvB,GAAU//E,GAAIigF,GAAWjgF,IAC7DwhF,EAAMrD,GAAIuB,MAAM6B,EAAMhB,EAAIY,EAASE,EAAMvB,GAAU9/E,GAAIggF,GAAWhgF,IAClEyhF,EAAa,EAAPF,EAENG,EAAUvD,GAAIK,OAAOX,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAAMK,GAAIO,OAAOb,EAAIC,EAAI,IAC/E6D,EAAUxD,GAAIM,OAAOZ,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAAMK,GAAIQ,OAAOd,EAAIC,EAAI,IAC/E8D,EAAQ/D,EAAKkB,EAAOlB,EAAKwB,EAAON,EAAKM,EACrCwC,EAAQ/D,EAAKkB,EAAOlB,EAAKoB,EAAOF,EAAKE,EAC3CqB,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALF,EACLG,EAAU,EAALF,EACLD,EAAU,EAALR,EACLS,EAAU,EAALP,IACFpwD,EAAGkwD,EAAIr/C,GAAU69C,GAAIh8E,IAAS,EAALs9E,EAAa,EAALF,EAAc,EAANiC,EAAe,EAANC,IACrDhC,EAAU,EAALJ,EACLE,EAAU,EAALL,EACLG,EAAU,EAALN,EACLG,EAAU,EAALF,EACLD,EAAU,EAALlB,EACLmB,EAAU,EAALlB,EACL,MAAMgE,EAAM3D,GAAIc,MAAMwC,EAAKE,EAASE,GACpChE,EAAKM,GAAIgB,MAAM2C,EAAKN,EAAKE,EAASE,GAClC9D,EAAW,EAANgE,CACjB,GAEWryD,EAAGouD,EAAIv9C,EAAGw9C,GAAOK,GAAIh8E,IAAc,EAAVjE,KAAK2/E,GAAkB,EAAV3/E,KAAK4/E,GAAa,EAALD,EAAa,EAALC,MAC3DruD,EAAGsvD,EAAIz+C,EAAG0+C,GAAOb,GAAIh8E,IAAc,EAAVjE,KAAK6gF,GAAkB,EAAV7gF,KAAK8gF,GAAa,EAALD,EAAa,EAALC,MAC3DvvD,EAAG4vD,EAAI/+C,EAAG4+C,GAAOf,GAAIh8E,IAAc,EAAVjE,KAAKmhF,GAAkB,EAAVnhF,KAAKghF,GAAa,EAALG,EAAa,EAALH,MAC3DzvD,EAAGgwD,EAAIn/C,EAAGi/C,GAAOpB,GAAIh8E,IAAc,EAAVjE,KAAKuhF,GAAkB,EAAVvhF,KAAKqhF,GAAa,EAALE,EAAa,EAALF,MAC3D9vD,EAAGkwD,EAAIr/C,GAAU69C,GAAIh8E,IAAc,EAAVjE,KAAKyhF,GAAkB,EAAVzhF,KAAK2hF,GAAa,EAALF,EAAa,EAALE,MAC3DpwD,EAAG0wD,EAAI7/C,EAAG8/C,GAAOjC,GAAIh8E,IAAc,EAAVjE,KAAKiiF,GAAkB,EAAVjiF,KAAKkiF,GAAa,EAALD,EAAa,EAALC,MAC3D3wD,EAAG4wD,EAAI//C,EAAGggD,GAAOnC,GAAIh8E,IAAc,EAAVjE,KAAKmiF,GAAkB,EAAVniF,KAAKoiF,GAAa,EAALD,EAAa,EAALC,MAC3D7wD,EAAG8wD,EAAIjgD,EAAGkgD,GAAOrC,GAAIh8E,IAAc,EAAVjE,KAAKqiF,GAAkB,EAAVriF,KAAKsiF,GAAa,EAALD,EAAa,EAALC,IAC9DtiF,KAAKmC,IAAIw9E,EAAIC,EAAIiB,EAAIC,EAAIK,EAAIH,EAAIO,EAAIF,EAAII,EAAIE,EAAIM,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAC7E,CACI,UAAAvY,GACI+X,GAAWr6D,KAAK,GAChBs6D,GAAWt6D,KAAK,EACxB,CACI,OAAAxe,GACIjJ,KAAKsJ,OAAOme,KAAK,GACjBznB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC9D,EAgDO,MAAM0hF,WAAe7B,GACxB,WAAApiF,GACIC,QAEAG,KAAK2/E,IAAK,UACV3/E,KAAK4/E,IAAK,WACV5/E,KAAK6gF,GAAK,WACV7gF,KAAK8gF,GAAK,UACV9gF,KAAKmhF,IAAK,WACVnhF,KAAKghF,GAAK,UACVhhF,KAAKuhF,GAAK,UACVvhF,KAAKqhF,IAAK,UACVrhF,KAAKyhF,GAAK,WACVzhF,KAAK2hF,IAAK,QACV3hF,KAAKiiF,IAAK,WACVjiF,KAAKkiF,GAAK,WACVliF,KAAKmiF,IAAK,UACVniF,KAAKoiF,GAAK,WACVpiF,KAAKqiF,GAAK,WACVriF,KAAKsiF,IAAK,WACVtiF,KAAKgmB,UAAY,EACzB,EAEO,MAAM/X,kBAAyBs7D,IAAgB,IAAM,IAAIyY,KAGnDh0E,kBAAyBu7D,IAAgB,IAAM,IAAIsa,KC1N1D3V,GAAKqC,GADDtpD,OAAO,uGAMJnc,GAAOy0E,GAAY,CAC5BjhE,EALY4vD,GAAGnpD,OAAOkC,OAAO,OAM7BpP,EAJYoP,OAAO,sGAKvBinD,GAAIA,GAEAv2D,EAAGsP,OAAO,sGAEVqtD,GAAIrtD,OAAO,sGACXstD,GAAIttD,OAAO,sGACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACPpkC,ICfGkgE,GAAKqC,GADDtpD,OAAO,0IAEXkvD,GAAQ,CACV73D,EAAG4vD,GAAGnpD,OAAOkC,OAAO,OACpBpP,EAAGoP,OAAO,0IACdinD,GAAIA,GACAv2D,EAAGsP,OAAO,0IACVqtD,GAAIrtD,OAAO,0IACXstD,GAAIttD,OAAO,0IACXsK,EAAGtK,OAAO,IAGDjc,GAAOu0E,GAAY,CAC5BjhE,EAAG63D,GAAM73D,EACTzG,EAAGs+D,GAAMt+D,EACbq2D,GAAIA,GAEAv2D,EAAGw+D,GAAMx+D,EACT28D,GAAI6B,GAAM7B,GACVC,GAAI4B,GAAM5B,GACVhjD,EAAG4kD,GAAM5kD,EACT6gB,MAAM,EACNikC,yBAA0B,CAAC,IAAK,IAAK,MACtCpoE,IC5BG61E,GAAU,GACVC,GAAY,GACZC,GAAa,GACbjqD,kBAAsB9S,OAAO,GAC7B+S,kBAAsB/S,OAAO,GAC7BuZ,kBAAsBvZ,OAAO,GAC7Bg9D,kBAAsBh9D,OAAO,GAC7Bi9D,kBAAwBj9D,OAAO,KAC/Bk9D,kBAAyBl9D,OAAO,KACtC,IAAK,IAAIm9D,EAAQ,EAAGvH,EAAI7iD,GAAKxe,EAAI,EAAGof,EAAI,EAAGwpD,EAAQ,GAAIA,IAAS,EAE3D5oE,EAAGof,GAAK,CAACA,GAAI,EAAIpf,EAAI,EAAIof,GAAK,GAC/BkpD,GAAQhhF,KAAK,GAAK,EAAI83B,EAAIpf,IAE1BuoE,GAAUjhF,MAAQshF,EAAQ,IAAMA,EAAQ,GAAM,EAAK,IAEnD,IAAI1oE,EAAIqe,GACR,IAAK,IAAI5f,EAAI,EAAGA,EAAI,EAAGA,IACnB0iE,GAAMA,GAAK7iD,IAAS6iD,GAAKoH,IAAOE,IAAWD,GACvCrH,EAAIr8C,KACJ9kB,GAAKse,KAASA,mBAAuB/S,OAAO9M,IAAM6f,IAE1DgqD,GAAWlhF,KAAK4Y,EACpB,CACA,MAAO2oE,GAAaC,mBAA+B7mE,GAAMumE,IAAY,GAE/DO,GAAQ,CAAChzD,EAAG6Q,EAAGzoB,IAAOA,EAAI,GAAKomE,GAAOxuD,EAAG6Q,EAAGzoB,GAAKkmE,GAAOtuD,EAAG6Q,EAAGzoB,GAC9D6qE,GAAQ,CAACjzD,EAAG6Q,EAAGzoB,IAAOA,EAAI,GAAKqmE,GAAOzuD,EAAG6Q,EAAGzoB,GAAKmmE,GAAOvuD,EAAG6Q,EAAGzoB,GA+C7D,MAAM8qE,WAAepb,GAExB,WAAAzpE,CAAYooB,EAAUg0D,EAAQh2D,EAAW0+D,GAAY,EAAO12D,EAAS,IAcjE,GAbAnuB,QACAG,KAAKgoB,SAAWA,EAChBhoB,KAAKg8E,OAASA,EACdh8E,KAAKgmB,UAAYA,EACjBhmB,KAAK0kF,UAAYA,EACjB1kF,KAAKguB,OAASA,EACdhuB,KAAKgC,IAAM,EACXhC,KAAK2kF,OAAS,EACd3kF,KAAK6lB,UAAW,EAChB7lB,KAAK4lB,WAAY,EAEjBuV,GAAOnV,GAEH,GAAKhmB,KAAKgoB,UAAYhoB,KAAKgoB,UAAY,IACvC,MAAUzmB,MAAM,4CdhFT,IAAC2kB,EciFZlmB,KAAKklB,MAAQ,IAAIzjB,WAAW,KAC5BzB,KAAK4kF,SdlFO1+D,EckFOlmB,KAAKklB,MdlFJ,IAAI/E,YAAY+F,EAAI5c,OAAQ4c,EAAI7b,WAAY5B,KAAK0P,MAAM+N,EAAI5b,WAAa,IcmFpG,CACI,MAAAu6E,GACS99D,IACDqiD,GAAWppE,KAAK4kF,SApErB,SAAiBjrE,EAAGqU,EAAS,IAChC,MAAMyuC,EAAI,IAAIt8C,YAAY,IAE1B,IAAK,IAAIikE,EAAQ,GAAKp2D,EAAQo2D,EAAQ,GAAIA,IAAS,CAE/C,IAAK,IAAI5oE,EAAI,EAAGA,EAAI,GAAIA,IACpBihD,EAAEjhD,GAAK7B,EAAE6B,GAAK7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAAM7B,EAAE6B,EAAI,IAC5D,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,GAAK,EAAG,CAC5B,MAAMspE,GAAQtpE,EAAI,GAAK,GACjBupE,GAAQvpE,EAAI,GAAK,GACjBwpE,EAAKvoB,EAAEsoB,GACPE,EAAKxoB,EAAEsoB,EAAO,GACdG,EAAKX,GAAMS,EAAIC,EAAI,GAAKxoB,EAAEqoB,GAC1BK,EAAKX,GAAMQ,EAAIC,EAAI,GAAKxoB,EAAEqoB,EAAO,GACvC,IAAK,IAAIlqD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GACzBjhB,EAAE6B,EAAIof,IAAMsqD,EACZvrE,EAAE6B,EAAIof,EAAI,IAAMuqD,CAEhC,CAEQ,IAAIC,EAAOzrE,EAAE,GACT0rE,EAAO1rE,EAAE,GACb,IAAK,IAAI+B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMvS,EAAQ46E,GAAUroE,GAClBwpE,EAAKX,GAAMa,EAAMC,EAAMl8E,GACvBg8E,EAAKX,GAAMY,EAAMC,EAAMl8E,GACvBm8E,EAAKxB,GAAQpoE,GACnB0pE,EAAOzrE,EAAE2rE,GACTD,EAAO1rE,EAAE2rE,EAAK,GACd3rE,EAAE2rE,GAAMJ,EACRvrE,EAAE2rE,EAAK,GAAKH,CACxB,CAEQ,IAAK,IAAIvqD,EAAI,EAAGA,EAAI,GAAIA,GAAK,GAAI,CAC7B,IAAK,IAAIpf,EAAI,EAAGA,EAAI,GAAIA,IACpBihD,EAAEjhD,GAAK7B,EAAEihB,EAAIpf,GACjB,IAAK,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACpB7B,EAAEihB,EAAIpf,KAAOihD,GAAGjhD,EAAI,GAAK,IAAMihD,GAAGjhD,EAAI,GAAK,GAC3D,CAEQ7B,EAAE,IAAM0qE,GAAYD,GACpBzqE,EAAE,IAAM2qE,GAAYF,EAC5B,CACI3nB,EAAEh1C,KAAK,EACX,CAyBQ89D,CAAQvlF,KAAK4kF,QAAS5kF,KAAKguB,QACtBjH,IACDqiD,GAAWppE,KAAK4kF,SACpB5kF,KAAK2kF,OAAS,EACd3kF,KAAKgC,IAAM,CACnB,CACI,MAAAsiB,CAAOzd,GACH4e,GAAOzlB,MACP,MAAMgoB,SAAEA,EAAQ9C,MAAEA,GAAUllB,KAEtBqtB,GADNxmB,EAAOwf,GAAQxf,IACEjF,OACjB,IAAK,IAAII,EAAM,EAAGA,EAAMqrB,GAAM,CAC1B,MAAMw8C,EAAOphE,KAAKsd,IAAIiC,EAAWhoB,KAAKgC,IAAKqrB,EAAMrrB,GACjD,IAAK,IAAIF,EAAI,EAAGA,EAAI+nE,EAAM/nE,IACtBojB,EAAMllB,KAAKgC,QAAU6E,EAAK7E,KAC1BhC,KAAKgC,MAAQgmB,GACbhoB,KAAK6kF,QACrB,CACQ,OAAO7kF,IACf,CACI,MAAA2G,GACI,GAAI3G,KAAK6lB,SACL,OACJ7lB,KAAK6lB,UAAW,EAChB,MAAMX,MAAEA,EAAK82D,OAAEA,EAAMh6E,IAAEA,EAAGgmB,SAAEA,GAAahoB,KAEzCklB,EAAMljB,IAAQg6E,EACA,IAATA,GAAwBh6E,IAAQgmB,EAAW,GAC5ChoB,KAAK6kF,SACT3/D,EAAM8C,EAAW,IAAM,IACvBhoB,KAAK6kF,QACb,CACI,SAAAW,CAAU1/D,GACNL,GAAOzlB,MAAM,GACbmK,GAAM2b,GACN9lB,KAAK2G,SACL,MAAM8+E,EAAYzlF,KAAKklB,OACjB8C,SAAEA,GAAahoB,KACrB,IAAK,IAAIgC,EAAM,EAAGqrB,EAAMvH,EAAIlkB,OAAQI,EAAMqrB,GAAM,CACxCrtB,KAAK2kF,QAAU38D,GACfhoB,KAAK6kF,SACT,MAAMhb,EAAOphE,KAAKsd,IAAIiC,EAAWhoB,KAAK2kF,OAAQt3D,EAAMrrB,GACpD8jB,EAAI3jB,IAAIsjF,EAAUz8E,SAAShJ,KAAK2kF,OAAQ3kF,KAAK2kF,OAAS9a,GAAO7nE,GAC7DhC,KAAK2kF,QAAU9a,EACf7nE,GAAO6nE,CACnB,CACQ,OAAO/jD,CACf,CACI,OAAA4/D,CAAQ5/D,GAEJ,IAAK9lB,KAAK0kF,UACN,MAAUnjF,MAAM,yCACpB,OAAOvB,KAAKwlF,UAAU1/D,EAC9B,CACI,GAAA6/D,CAAIx7E,GAEA,OADAgxB,GAAOhxB,GACAnK,KAAK0lF,QAAQ,IAAIjkF,WAAW0I,GAC3C,CACI,UAAAugB,CAAW5E,GAEP,GADAlf,GAAOkf,EAAK9lB,MACRA,KAAK6lB,SACL,MAAUtkB,MAAM,+BAGpB,OAFAvB,KAAKwlF,UAAU1/D,GACf9lB,KAAKiJ,UACE6c,CACf,CACI,MAAAvB,GACI,OAAOvkB,KAAK0qB,WAAW,IAAIjpB,WAAWzB,KAAKgmB,WACnD,CACI,OAAA/c,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKklB,MAAMuC,KAAK,EACxB,CACI,UAAA6hD,CAAWW,GACP,MAAMjiD,SAAEA,EAAQg0D,OAAEA,EAAMh2D,UAAEA,EAASgI,OAAEA,EAAM02D,UAAEA,GAAc1kF,KAY3D,OAXAiqE,IAAOA,EAAK,IAAIwa,GAAOz8D,EAAUg0D,EAAQh2D,EAAW0+D,EAAW12D,IAC/Di8C,EAAG2a,QAAQziF,IAAInC,KAAK4kF,SACpB3a,EAAGjoE,IAAMhC,KAAKgC,IACdioE,EAAG0a,OAAS3kF,KAAK2kF,OACjB1a,EAAGpkD,SAAW7lB,KAAK6lB,SACnBokD,EAAGj8C,OAASA,EAEZi8C,EAAG+R,OAASA,EACZ/R,EAAGjkD,UAAYA,EACfikD,EAAGya,UAAYA,EACfza,EAAGrkD,UAAY5lB,KAAK4lB,UACbqkD,CACf,EAEA,MAAMwD,GAAM,CAACuO,EAAQh0D,EAAUhC,IAAcujD,IAAgB,IAAM,IAAIkb,GAAOz8D,EAAUg0D,EAAQh2D,KAMnF7X,kBAA2Bs/D,GAAI,EAAM,IAAK,IAE1Cr/D,kBAA2Bq/D,GAAI,EAAM,GAAI,IAWzCmY,kBAFI,EAAC5J,EAAQh0D,EAAUhC,IdzC7B,SAAoCqF,GACvC,MAAMC,EAAQ,CAACC,EAAKkE,IAASpE,EAASoE,GAAMnL,OAAO+B,GAAQkF,IAAMhH,SAC3DiH,EAAMH,EAAS,IAIrB,OAHAC,EAAMtF,UAAYwF,EAAIxF,UACtBsF,EAAMtD,SAAWwD,EAAIxD,SACrBsD,EAAMvG,OAAU0K,GAASpE,EAASoE,GAC3BnE,CACX,CckCkDu6D,EAA2B,CAACp2D,EAAO,CAAA,IAAO,IAAIg1D,GAAOz8D,EAAUg0D,OAAuB55E,IAAfqtB,EAAKq2D,MAAsB9/D,EAAYyJ,EAAKq2D,OAAO,KAEpIC,CAAS,GAAM,IAAK,IC5MtDhsD,GAAM9S,OAAO,GAAI+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAIuU,GAAMvU,OAAO,GAEhE++D,GAAiB,CAAEC,QAAQ,GAwB1B,SAASC,GAAe/K,GAC3B,MAAMhF,EAxBV,SAAsBzrE,GAClB,MAAM+kB,EAAO4kD,GAAc3pE,GAa3B,OAZA0rE,GAAkB1rE,EAAO,CACrBiD,KAAM,WACN2Q,EAAG,SACH8E,EAAG,SACH4Z,YAAa,YACd,CACCmpD,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAGTxmF,OAAO+wE,OAAO,IAAKphD,GAC9B,CASkB6rD,CAAaH,IACrBjN,GAAEA,EAAIv2D,EAAgB88D,QAASA,EAAS9mE,KAAM44E,EAAKvpD,YAAEA,EAAWszC,YAAEA,EAAa/+C,EAAGopD,GAAcxE,EAChGrF,EAAOtwC,IAAQvZ,OAAqB,EAAdqpD,GAAmBt2C,GACzCwsD,EAAOtY,EAAGnpD,OACV+xD,EAAKvG,GAAM4F,EAAMx+D,EAAGw+D,EAAM/F,YAE1BiW,EAAUlQ,EAAMkQ,SAC1B,EAAUtoD,EAAGnkB,KACD,IACI,MAAO,CAAEu0D,SAAS,EAAM5rE,MAAO2rE,EAAGwD,KAAK3zC,EAAImwC,EAAGuD,IAAI73D,IAClE,CACY,MAAO1V,GACH,MAAO,CAAEiqE,SAAS,EAAO5rE,MAAOw3B,GAChD,CACS,GACCosD,EAAoBhQ,EAAMgQ,mBAAsB,CAACh8E,GAAUA,GAC3Di8E,EAASjQ,EAAMiQ,QACzB,EAAUv/E,EAAM4/E,EAAKC,KAET,GADAtb,GAAM,SAAUsb,GACZD,EAAI7kF,QAAU8kF,EACd,MAAUnlF,MAAM,uCACpB,OAAOsF,CACV,GAGL,SAAS8/E,EAAYtb,EAAO1zD,GACxBkgE,GAAY,cAAgBxM,EAAO1zD,EAAGoiB,GAAK+2C,EACnD,CACI,SAAS8V,EAAYp2B,GACjB,KAAMA,aAAiBunB,GACnB,MAAUx2E,MAAM,yBAC5B,CAGI,MAAMy2E,EAAerJ,IAAS,CAACxhD,EAAG8qD,KAC9B,MAAQ4O,GAAIrrE,EAAGsrE,GAAIlsD,EAAGmsD,GAAI/gD,GAAM7Y,EAC1B4jD,EAAM5jD,EAAE4jD,MACJ,MAANkH,IACAA,EAAKlH,EAAMv1C,GAAM0yC,EAAGuD,IAAIzrC,IAC5B,MAAMqyC,EAAKmO,EAAKhrE,EAAIy8D,GACdK,EAAKkO,EAAK5rD,EAAIq9C,GACdM,EAAKiO,EAAKxgD,EAAIiyC,GACpB,GAAIlH,EACA,MAAO,CAAEv1D,EAAGue,GAAKa,EAAGZ,IACxB,GAAIu+C,IAAOv+C,GACP,MAAUz4B,MAAM,oBACpB,MAAO,CAAEia,EAAG68D,EAAIz9C,EAAG09C,EAAI,IAErBE,EAAkB7J,IAAUxhD,IAC9B,MAAM7O,EAAEA,EAAC8E,EAAEA,GAAM+yD,EACjB,GAAIhpD,EAAE4jD,MACF,MAAUxvE,MAAM,mBAGpB,MAAQslF,GAAI7kD,EAAG8kD,GAAI7kD,EAAG8kD,GAAI9jD,EAAG4X,GAAIhjB,GAAM1K,EACjCqsD,EAAKgN,EAAKxkD,EAAIA,GACdy3C,EAAK+M,EAAKvkD,EAAIA,GACdy3C,EAAK8M,EAAKvjD,EAAIA,GACd+jD,EAAKR,EAAK9M,EAAKA,GACfuN,EAAMT,EAAKhN,EAAKl7D,GAGtB,GAFakoE,EAAK9M,EAAK8M,EAAKS,EAAMxN,MACpB+M,EAAKQ,EAAKR,EAAKpjE,EAAIojE,EAAKhN,EAAKC,KAEvC,MAAUl4E,MAAM,yCAIpB,GAFWilF,EAAKxkD,EAAIC,KACTukD,EAAKvjD,EAAIpL,GAEhB,MAAUt2B,MAAM,yCACpB,OAAO,CAAI,IAIf,MAAMw2E,EACF,WAAAn4E,CAAYinF,EAAIC,EAAIC,EAAIlsC,GACpB76C,KAAK6mF,GAAKA,EACV7mF,KAAK8mF,GAAKA,EACV9mF,KAAK+mF,GAAKA,EACV/mF,KAAK66C,GAAKA,EACV8rC,EAAY,IAAKE,GACjBF,EAAY,IAAKG,GACjBH,EAAY,IAAKI,GACjBJ,EAAY,IAAK9rC,GACjB/6C,OAAO+wE,OAAO7wE,KAC1B,CACQ,KAAIwb,GACA,OAAOxb,KAAKk3E,WAAW17D,CACnC,CACQ,KAAIof,GACA,OAAO56B,KAAKk3E,WAAWt8C,CACnC,CACQ,iBAAO89C,CAAWvrD,GACd,GAAIA,aAAa4qD,EACb,MAAUx2E,MAAM,8BACpB,MAAMia,EAAEA,EAACof,EAAEA,GAAMzN,GAAK,CAAE,EAGxB,OAFAw5D,EAAY,IAAKnrE,GACjBmrE,EAAY,IAAK/rD,GACV,IAAIm9C,EAAMv8D,EAAGof,EAAGZ,GAAKwsD,EAAKhrE,EAAIof,GACjD,CACQ,iBAAO+9C,CAAW5F,GACd,MAAM6F,EAAQ1K,EAAGyD,YAAYoB,EAAOpuE,KAAKwoB,GAAMA,EAAE45D,MACjD,OAAOhU,EAAOpuE,KAAI,CAACwoB,EAAGrrB,IAAMqrB,EAAE+pD,SAAS0B,EAAM92E,MAAK6C,IAAIozE,EAAMW,WACxE,CAEQ,UAAOO,CAAIlG,EAAQgB,GACf,OAAOD,GAAUiE,EAAOjB,EAAI/D,EAAQgB,EAChD,CAEQ,cAAAmF,CAAelwD,GACXmwD,EAAKvF,cAAc5zE,KAAMgpB,EACrC,CAGQ,cAAA8vD,GACIN,EAAgBx4E,KAC5B,CAEQ,MAAAujD,CAAOiN,GACHo2B,EAAYp2B,GACZ,MAAQq2B,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOv5E,MAC3B6mF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,GAAOlpB,EAC7B02B,EAAOV,EAAKnN,EAAKK,GACjByN,EAAOX,EAAKhN,EAAKD,GACjB6N,EAAOZ,EAAKlN,EAAKI,GACjB2N,EAAOb,EAAK/M,EAAKF,GACvB,OAAO2N,IAASC,GAAQC,IAASC,CAC7C,CACQ,GAAAtW,GACI,OAAO/wE,KAAKujD,OAAOw0B,EAAMhI,KACrC,CACQ,MAAA4C,GAEI,OAAO,IAAIoF,EAAMyO,GAAMxmF,KAAK6mF,IAAK7mF,KAAK8mF,GAAI9mF,KAAK+mF,GAAIP,GAAMxmF,KAAK66C,IAC1E,CAIQ,MAAAl/B,GACI,MAAM2C,EAAEA,GAAM63D,GACN0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,GAAOv5E,KAC7BgjC,EAAIwjD,EAAKnN,EAAKA,GACd5c,EAAI+pB,EAAKlN,EAAKA,GACdhlC,EAAIkyC,EAAKhmD,GAAMgmD,EAAKjN,EAAKA,IACzBz3C,EAAI0kD,EAAKloE,EAAI0kB,GACbskD,EAAOjO,EAAKC,EACZhP,EAAIkc,EAAKA,EAAKc,EAAOA,GAAQtkD,EAAIy5B,GACjC+N,EAAI1oC,EAAI26B,EACR8N,EAAIC,EAAIl2B,EACRm2B,EAAI3oC,EAAI26B,EACRod,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd/9C,EAAK85D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIrtD,EACzC,CAIQ,GAAAzoB,CAAIusD,GACAo2B,EAAYp2B,GACZ,MAAMlyC,EAAEA,EAAC8E,EAAEA,GAAM+yD,GACT0Q,GAAIxN,EAAIyN,GAAIxN,EAAIyN,GAAIxN,EAAI1+B,GAAIruB,GAAOxsB,MACnC6mF,GAAIrN,EAAIsN,GAAIrN,EAAIsN,GAAIrN,EAAI7+B,GAAIpuB,GAAO+jC,EAK3C,GAAIlyC,IAAM2I,QAAQ,GAAI,CAClB,MAAM+b,EAAIwjD,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3B/c,EAAI+pB,GAAMlN,EAAKD,IAAOI,EAAKD,IAC3BjP,EAAIic,EAAK/pB,EAAIz5B,GACnB,GAAIunC,IAAMxwC,GACN,OAAO/5B,KAAK2b,SAChB,MAAM24B,EAAIkyC,EAAKjN,EAAK/4C,GAAM/T,GACpBqV,EAAI0kD,EAAKh6D,EAAKgU,GAAMk5C,GACpBpP,EAAIxoC,EAAIwS,EACRk2B,EAAI/N,EAAIz5B,EACRynC,EAAI3oC,EAAIwS,EACRulC,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd/9C,EAAK85D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIrtD,EAC7C,CACY,MAAMsW,EAAIwjD,EAAKnN,EAAKG,GACd/c,EAAI+pB,EAAKlN,EAAKG,GACdnlC,EAAIkyC,EAAKh6D,EAAKpJ,EAAIqJ,GAClBqV,EAAI0kD,EAAKjN,EAAKG,GACdpP,EAAIkc,GAAMnN,EAAKC,IAAOE,EAAKC,GAAMz2C,EAAIy5B,GACrC8N,EAAIzoC,EAAIwS,EACRk2B,EAAI1oC,EAAIwS,EACRm2B,EAAI+b,EAAK/pB,EAAIn+C,EAAI0kB,GACjB62C,EAAK2M,EAAKlc,EAAIC,GACduP,EAAK0M,EAAKhc,EAAIC,GACd/9C,EAAK85D,EAAKlc,EAAIG,GACdsP,EAAKyM,EAAKjc,EAAIC,GACpB,OAAO,IAAIuN,EAAM8B,EAAIC,EAAIC,EAAIrtD,EACzC,CACQ,QAAAstD,CAASxpB,GACL,OAAOxwD,KAAKiE,IAAIusD,EAAMmiB,SAClC,CACQ,IAAAH,CAAK76D,GACD,OAAOwhE,EAAKzF,WAAW1zE,KAAM2X,EAAGogE,EAAMY,WAClD,CAEQ,QAAAK,CAAS9E,GACL,MAAMv8D,EAAIu8D,EACV2D,GAAY,SAAUlgE,EAAGqiB,GAAK0hD,GAC9B,MAAMvuD,EAAEA,EAAC8Y,EAAEA,GAAMjmC,KAAKwyE,KAAK76D,GAC3B,OAAOogE,EAAMY,WAAW,CAACxrD,EAAG8Y,IAAI,EAC5C,CAKQ,cAAAg0C,CAAe/F,GACX,MAAMv8D,EAAIu8D,EAEV,OADA2D,GAAY,SAAUlgE,EAAGoiB,GAAK2hD,GAC1B/jE,IAAMoiB,GACCmI,EACPliC,KAAKujD,OAAOrhB,IAAMvqB,IAAMqiB,GACjBh6B,KACPA,KAAKujD,OAAOinB,GACLxqE,KAAKwyE,KAAK76D,GAAGwV,EACjBgsD,EAAKtG,aAAa7yE,KAAM2X,EAC3C,CAKQ,YAAA4vE,GACI,OAAOvnF,KAAKi6E,eAAeU,GAAU5J,KACjD,CAGQ,aAAAwF,GACI,OAAO4C,EAAKtG,aAAa7yE,KAAM07E,GAAa3K,KACxD,CAGQ,QAAAmG,CAASe,GACL,OAAOD,EAAah4E,KAAMi4E,EACtC,CACQ,aAAAzB,GACI,MAAQjlD,EAAGopD,GAAaxE,EACxB,OAAIwE,IAAa3gD,GACNh6B,KACJA,KAAKi6E,eAAeU,EACvC,CAGQ,cAAO9B,CAAQv/D,EAAK2sE,GAAS,GACzB,MAAM7iE,EAAEA,EAAC9E,EAAEA,GAAM63D,EACX9oD,EAAM6gD,EAAGyC,MACfr3D,EAAMqzD,GAAY,WAAYrzD,EAAK+T,GACnC+9C,GAAM,SAAU6a,GAChB,MAAMuB,EAASluE,EAAI3W,QACbguB,EAAWrX,EAAI+T,EAAM,GAC3Bm6D,EAAOn6D,EAAM,IAAgB,IAAXsD,EAClB,MAAMiK,EAAI6sD,GAAmBD,GAIvB9+E,EAAMu9E,EAASnV,EAAO5C,EAAGsC,MAC/BqH,GAAY,aAAcj9C,EAAGb,GAAKrxB,GAGlC,MAAMozE,EAAK0K,EAAK5rD,EAAIA,GACdmD,EAAIyoD,EAAK1K,EAAK9hD,IACdpgB,EAAI4sE,EAAKpjE,EAAI04D,EAAKx9D,GACxB,IAAI6vD,QAAEA,EAAS5rE,MAAOiZ,GAAM6qE,EAAQtoD,EAAGnkB,GACvC,IAAKu0D,EACD,MAAU5sE,MAAM,uCACpB,MAAMmmF,GAAUlsE,EAAIwe,MAASA,GACvB2tD,KAA4B,IAAXh3D,GACvB,IAAKs1D,GAAUzqE,IAAMue,IAAO4tD,EAExB,MAAUpmF,MAAM,gCAGpB,OAFIomF,IAAkBD,IAClBlsE,EAAIgrE,GAAMhrE,IACPu8D,EAAMW,WAAW,CAAEl9D,IAAGof,KACzC,CACQ,qBAAOm+C,CAAe+F,GAClB,OAAO8I,EAAqB9I,GAAS9H,KACjD,CACQ,UAAA4D,GACI,MAAMp/D,EAAEA,EAACof,EAAEA,GAAM56B,KAAKk3E,WAChB/sE,EAAQ09E,GAAmBjtD,EAAGszC,EAAGyC,OAEvC,OADAxmE,EAAMA,EAAMvI,OAAS,IAAM4Z,EAAIwe,GAAM,IAAO,EACrC7vB,CACnB,CACQ,KAAAmhC,GACI,OAAOosC,GAAc13E,KAAK46E,aACtC,EAEI7C,EAAM5E,KAAO,IAAI4E,EAAM5B,EAAM7B,GAAI6B,EAAM5B,GAAIv6C,GAAKwsD,EAAKrQ,EAAM7B,GAAK6B,EAAM5B,KACtEwD,EAAMhI,KAAO,IAAIgI,EAAMh+C,GAAKC,GAAKA,GAAKD,IACtC,MAAQo5C,KAAM3I,EAAGuF,KAAM7tC,GAAM61C,EACvBoB,EAAO3G,GAAKuF,EAAqB,EAAdzH,GACzB,SAASmL,EAAKn9D,GACV,OAAO4b,GAAI5b,EAAGo9D,EACtB,CAEI,SAASoM,EAAQn6E,GACb,OAAO8tE,EAAKgM,GAAmB95E,GACvC,CAEI,SAASi6E,EAAqBj3E,GAC1B,MAAM0c,EAAMijD,EACZ3/D,EAAMg8D,GAAY,cAAeh8D,EAAK0c,GAGtC,MAAMoQ,EAASkvC,GAAY,qBAAsB4Z,EAAM51E,GAAM,EAAI0c,GAC3D0xB,EAAOonC,EAAkB1oD,EAAO96B,MAAM,EAAG0qB,IACzClU,EAASskB,EAAO96B,MAAM0qB,EAAK,EAAIA,GAC/B6mD,EAAS4T,EAAQ/oC,GACjBi4B,EAAQxM,EAAEwO,SAAS9E,GACnB6T,EAAa/Q,EAAM4D,aACzB,MAAO,CAAE77B,OAAM5lC,SAAQ+6D,SAAQ8C,QAAO+Q,aAC9C,CAMI,SAASC,EAAmBC,EAAU,IAAIxmF,cAAiB69E,GACvD,MAAM/zD,EAAM4rD,MAAkBmI,GAC9B,OAAOwI,EAAQvB,EAAMH,EAAO76D,EAAKohD,GAAY,UAAWsb,KAAYxT,IAC5E,CAeI,MAAMyT,EAAalC,GA6BnBxb,EAAE0O,eAAe,GAiBjB,MAAO,CACH/C,QACA7oC,aAtEJ,SAAsBwxC,GAClB,OAAO8I,EAAqB9I,GAASiJ,UAC7C,EAqEQ5nD,KA9DJ,SAAc5U,EAAKuzD,EAASh5E,EAAU,CAAA,GAClCylB,EAAMohD,GAAY,UAAWphD,GACzBkpD,IACAlpD,EAAMkpD,EAAQlpD,IAClB,MAAMpS,OAAEA,EAAM+6D,OAAEA,EAAM6T,WAAEA,GAAeH,EAAqB9I,GACtDrjE,EAAIusE,EAAmBliF,EAAQmiF,QAAS9uE,EAAQoS,GAChDsxD,EAAIrS,EAAEwO,SAASv9D,GAAGm/D,aAElBjhE,EAAI8hE,EAAKhgE,EADLusE,EAAmBliF,EAAQmiF,QAASpL,EAAGkL,EAAYx8D,GACtC2oD,GAGvB,OAFA2D,GAAY,cAAel+D,EAAGogB,GAAK2hD,GAE5B/O,GAAY,SADPwK,GAAe0F,EAAGgL,GAAmBluE,EAAGu0D,EAAGyC,QACP,EAAdL,EAC1C,EAmDQ5vC,OAjDJ,SAAgBmK,EAAKtf,EAAKxf,EAAWjG,EAAUoiF,GAC3C,MAAMD,QAAEA,EAAOhC,OAAEA,GAAWngF,EACtBunB,EAAM6gD,EAAGyC,MACf9lC,EAAM8hC,GAAY,YAAa9hC,EAAK,EAAIxd,GACxC9B,EAAMohD,GAAY,UAAWphD,QACdnpB,IAAX6jF,GACA7a,GAAM,SAAU6a,GAChBxR,IACAlpD,EAAMkpD,EAAQlpD,IAClB,MAAM5R,EAAI8tE,GAAmB58C,EAAIloC,MAAM0qB,EAAK,EAAIA,IAGhD,IAAI2V,EAAG65C,EAAGsL,EACV,IACInlD,EAAI+0C,EAAMc,QAAQ9sE,EAAWk6E,GAC7BpJ,EAAI9E,EAAMc,QAAQhuC,EAAIloC,MAAM,EAAG0qB,GAAM44D,GACrCkC,EAAK3d,EAAEyP,eAAetgE,EAClC,CACQ,MAAOjT,GACH,OAAO,CACnB,CACQ,IAAKu/E,GAAUjjD,EAAEukD,eACb,OAAO,EACX,MAAMhuE,EAAIyuE,EAAmBC,EAASpL,EAAEjC,aAAc53C,EAAE43C,aAAcrvD,GAGtE,OAFYsxD,EAAE54E,IAAI++B,EAAEi3C,eAAe1gE,IAExBygE,SAASmO,GAAI3R,gBAAgBjzB,OAAOw0B,EAAMhI,KAC7D,EAuBQqY,cAAerQ,EACf3qC,MAtBU,CACVw6C,uBAEAv6C,iBAAkB,IAAMrQ,EAAYkxC,EAAGyC,OAOvCgN,WAAU,CAAC30D,EAAa,EAAGguD,EAAQe,EAAM5E,QACrC6D,EAAMkC,eAAelwD,GACrBguD,EAAMgC,SAAS/xD,OAAO,IACf+vD,IAWnB;sEC7aA,MAAMj9C,GAAM9S,OAAO,GACb+S,GAAM/S,OAAO,GAiBZ,SAASohE,GAAWlN,GACvB,MAAMhF,GAhBN/H,GADkB1jE,EAiBSywE,EAhBL,CAClB78D,EAAG,UACJ,CACCgqE,eAAgB,gBAChBhY,YAAa,gBACb6V,kBAAmB,WACnBC,OAAQ,WACRmC,WAAY,WACZC,GAAI,WAGD1oF,OAAO+wE,OAAO,IAAKnmE,KAZ9B,IAAsBA,EAkBlB,MAAM2kE,EAAEA,GAAM8G,EACRqQ,EAAQ7uE,GAAMuiB,GAAIviB,EAAG03D,GACrBiZ,EAAiBnS,EAAMmS,eACvBG,EAAkBhgF,KAAKyQ,KAAKovE,EAAiB,GAC7C9K,EAAWrH,EAAM7F,YACjB6V,EAAoBhQ,EAAMgQ,mBAAiB,CAAMh8E,GAAUA,GAC3Do+E,EAAapS,EAAMoS,YAAU,CAAM/sE,GAAMyzD,GAAIzzD,EAAG6zD,EAAIpoD,OAAO,GAAIooD,IAWrE,SAASzmC,EAAM8/C,EAAMC,EAAKC,GACtB,MAAMC,EAAQrC,EAAKkC,GAAQC,EAAMC,IAGjC,MAAO,CAFPD,EAAMnC,EAAKmC,EAAME,GACjBD,EAAMpC,EAAKoC,EAAMC,GAEzB,CAGI,MAAMC,GAAO3S,EAAM73D,EAAI2I,OAAO,IAAMA,OAAO,GA2D3C,SAAS8hE,EAAkBhrD,GACvB,OAAO2uC,GAAgB8Z,EAAKzoD,GAAI0qD,EACxC,CAgBI,SAASp+C,EAAW6pC,EAAQn2C,GACxB,MAAMirD,EAhBV,SAA2BC,GAGvB,MAAMlrD,EAAI4uC,GAAY,eAAgBsc,EAAMR,GAG5C,OAFiB,KAAbjL,IACAz/C,EAAE,KAAO,KACNyuC,GAAgBzuC,EAC/B,CASuBmrD,CAAkBnrD,GAC3BorD,EATV,SAAsBxxE,GAClB,MAAMxN,EAAQwiE,GAAY,SAAUh1D,GAC9B0V,EAAMljB,EAAMvI,OAClB,GAAIyrB,IAAQo7D,GAAmBp7D,IAAQmwD,EACnC,MAAUj8E,MAAM,YAAYknF,QAAsBjL,gBAAuBnwD,KAC7E,OAAOm/C,GAAgB2Z,EAAkBh8E,GACjD,CAGwBi/E,CAAalV,GACvBmV,EAzEV,SAA0BtrD,EAAGm2C,GACzBpH,GAAS,IAAK/uC,EAAGhE,GAAKs1C,GACtBvC,GAAS,SAAUoH,EAAQn6C,GAAKs1C,GAGhC,MAAM91D,EAAI26D,EACJoV,EAAMvrD,EACZ,IAKIwrD,EALAZ,EAAM3uD,GACNwvD,EAAMzvD,GACN6uD,EAAM7qD,EACN0rD,EAAMzvD,GACN0uD,EAAO3uD,GAEX,IAAK,IAAIre,EAAIuL,OAAOqhE,EAAiB,GAAI5sE,GAAKqe,GAAKre,IAAK,CACpD,MAAMguE,EAAOnwE,GAAKmC,EAAKse,GACvB0uD,GAAQgB,EACRH,EAAK3gD,EAAM8/C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GACTA,EAAK3gD,EAAM8/C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GACTb,EAAOgB,EACP,MAAM1mD,EAAI2lD,EAAMa,EACVG,EAAKnD,EAAKxjD,EAAIA,GACdy5B,EAAIksB,EAAMa,EACVI,EAAKpD,EAAK/pB,EAAIA,GACd6N,EAAIqf,EAAKC,EACTt1C,EAAIs0C,EAAMa,EAEVI,EAAKrD,GADDoC,EAAMa,GACIzmD,GACd8mD,EAAKtD,EAAKlyC,EAAImoB,GACdstB,EAAOF,EAAKC,EACZE,EAAQH,EAAKC,EACnBlB,EAAMpC,EAAKuD,EAAOA,GAClBN,EAAMjD,EAAK8C,EAAM9C,EAAKwD,EAAQA,IAC9BrB,EAAMnC,EAAKmD,EAAKC,GAChBJ,EAAMhD,EAAKlc,GAAKqf,EAAKnD,EAAKsC,EAAMxe,IAC5C,CAEQif,EAAK3gD,EAAM8/C,EAAMC,EAAKC,GACtBD,EAAMY,EAAG,GACTX,EAAMW,EAAG,GAETA,EAAK3gD,EAAM8/C,EAAMc,EAAKC,GACtBD,EAAMD,EAAG,GACTE,EAAMF,EAAG,GAET,MAAMU,EAAK1B,EAAWiB,GAEtB,OAAOhD,EAAKmC,EAAMsB,EAC1B,CAsBmBC,CAAiBlB,EAAQG,GAGpC,GAAIE,IAAOtvD,GACP,MAAUx4B,MAAM,0CACpB,OAAOwnF,EAAkBM,EACjC,CAEI,MAAMc,EAAUpB,EAAkB5S,EAAMqS,IACxC,SAAS4B,EAAelW,GACpB,OAAO7pC,EAAW6pC,EAAQiW,EAClC,CACI,MAAO,CACH9/C,aACA+/C,iBACAh7C,gBAAiB,CAAC57B,EAAYzH,IAAcs+B,EAAW72B,EAAYzH,GACnEuhC,aAAe95B,GAAe42E,EAAe52E,GAC7C45B,MAAO,CAAEC,iBAAkB,IAAM8oC,EAAMn5C,YAAYm5C,EAAM7F,cACzD6Z,QAASA,EAEjB;sECrIA,MAAME,GAAe9gB,IAAgB,IAAMqc,GAAS7gE,OAAO,CAAE+gE,MAAO,QAE9DwE,IADc/gB,IAAgB,IAAMqc,GAAS7gE,OAAO,CAAE+gE,MAAO,OACpD7+D,OAAO,4IAEhB+S,GAAM/S,OAAO,GAAIuZ,GAAMvZ,OAAO,GAAI6nD,GAAM7nD,OAAO,GAAUA,OAAO,GAAI,MAAAsjE,GAAOtjE,OAAO,IAElFujE,GAAOvjE,OAAO,IAAKwjE,GAAOxjE,OAAO,IAAKyjE,GAAOzjE,OAAO,IAAK0jE,GAAQ1jE,OAAO,KAI9E,SAAS2jE,GAAsBpvE,GAC3B,MAAM6zD,EAAIib,GACJtlD,EAAMxpB,EAAIA,EAAIA,EAAK6zD,EACnBpqC,EAAMD,EAAKA,EAAKxpB,EAAK6zD,EACrBjqC,EAAM8pC,GAAKjqC,EAAI6pC,GAAKO,GAAKpqC,EAAMoqC,EAC/B9pC,EAAM2pC,GAAK9pC,EAAI0pC,GAAKO,GAAKpqC,EAAMoqC,EAC/B5pC,EAAOypC,GAAK3pC,EAAI/E,GAAK6uC,GAAKrqC,EAAMqqC,EAChCwb,EAAO3b,GAAKzpC,EAAK8kD,GAAMlb,GAAK5pC,EAAO4pC,EACnCyb,EAAO5b,GAAK2b,EAAKL,GAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,GAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,GAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,GAAMpb,GAAKyb,EAAOzb,EACrC6b,EAAQhc,GAAK+b,EAAMzqD,GAAK6uC,GAAKrqC,EAAMqqC,EACnC8b,EAAQjc,GAAKgc,EAAMlxD,GAAKq1C,GAAK7zD,EAAK6zD,EACxC,OAAQH,GAAKic,EAAMR,GAAOtb,GAAK6b,EAAQ7b,CAC3C,CACA,SAAS8W,GAAkBh8E,GAQvB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,IAAM,EACLA,CACX,CAsBA,MAAM+jE,GAAKqC,GAAM+Z,GAAQ,KAAK,GACxBc,GAAY,CAEd9sE,EAAG2I,OAAO,GAEV7D,EAAG6D,OAAO,2IAEdinD,GAAIA,GAGAv2D,EAAGsP,OAAO,2IAEVmpD,WAAY,IAEZ7+C,EAAGtK,OAAO,GAEVqtD,GAAIrtD,OAAO,2IACXstD,GAAIttD,OAAO,2IAEXtZ,KAAM08E,GACNrtD,eACAmpD,qBAEAC,OAAQ,CAACv/E,EAAM4/E,EAAKC,KAChB,GAAID,EAAI7kF,OAAS,IACb,MAAUL,MAAM,uBAAuBklF,EAAI7kF,QAC/C,OAAO+wB,GAAYrM,GAAY,YAAa,IAAI7kB,WAAW,CAACilF,EAAS,EAAI,EAAGD,EAAI7kF,SAAU6kF,EAAK5/E,EAAK,EAExGw/E,QA/CJ,SAAiBtoD,EAAGnkB,GAChB,MAAMy1D,EAAIib,GAOJe,EAAMnxD,GAAI6D,EAAIA,EAAInkB,EAAGy1D,GACrBic,EAAMpxD,GAAImxD,EAAMttD,EAAGsxC,GACnBkc,EAAOrxD,GAAIoxD,EAAMD,EAAMzxE,EAAGy1D,GAE1B7zD,EAAI0e,GAAIoxD,EADDV,GAAsBW,GACTlc,GAEpBgI,EAAKn9C,GAAI1e,EAAIA,EAAG6zD,GAGtB,MAAO,CAAElB,QAASj0C,GAAIm9C,EAAKz9D,EAAGy1D,KAAOtxC,EAAGx7B,MAAOiZ,EACnD,GA+Ba5O,kBAAwBs5E,GAAekF,IAGvCz+E,kBAAuB,KAAO07E,GAAW,CAClD/pE,EAAG2I,OAAO,QAEVqhE,eAAgB,IAChBhY,YAAa,GACbjB,EAAGib,GACH9B,GAAIvhE,OAAO,GACXshE,WAAa/sE,IACT,MAAM6zD,EAAIib,GAGV,OAAOpwD,GADSg1C,GADI0b,GAAsBpvE,GACRyL,OAAO,GAAIooD,GACxB7zD,EAAG6zD,EAAE,EAE9B8W,qBACAnpD,iBAdgC,GAgCnBkxC,GAAGsC,MAAQvpD,OAAO,GAAMA,OAAO,GACjCA,OAAO,QAuFFA,OAAO,SAEHA,OAAO,SAEVA,OAAO,0IAEJA,OAAO,2IAGdA,OAAO;;AClOxB,MAAMukE,GAAavkE,OAAO,sEACpBwkE,GAAaxkE,OAAO,sEACpB+S,GAAM/S,OAAO,GACbuZ,GAAMvZ,OAAO,GACbykE,GAAa,CAACptE,EAAGzG,KAAOyG,EAAIzG,EAAI2oB,IAAO3oB,EA6B7C,MAAMq2D,GAAKqC,GAAMib,QAAYppF,OAAWA,EAAW,CAAEsvE,KAxBrD,SAAiB92C,GACb,MAAMy0C,EAAImc,GAEJ1c,EAAM7nD,OAAO,GAAI0kE,EAAM1kE,OAAO,GAAIsjE,EAAOtjE,OAAO,IAAKujE,EAAOvjE,OAAO,IAEnE2kE,EAAO3kE,OAAO,IAAKwjE,EAAOxjE,OAAO,IAAKyjE,EAAOzjE,OAAO,IACpD+d,EAAMpK,EAAIA,EAAIA,EAAKy0C,EACnBpqC,EAAMD,EAAKA,EAAKpK,EAAKy0C,EACrBjqC,EAAM8pC,GAAKjqC,EAAI6pC,EAAKO,GAAKpqC,EAAMoqC,EAC/B9pC,EAAM2pC,GAAK9pC,EAAI0pC,EAAKO,GAAKpqC,EAAMoqC,EAC/B5pC,EAAOypC,GAAK3pC,EAAI/E,GAAK6uC,GAAKrqC,EAAMqqC,EAChCwb,EAAO3b,GAAKzpC,EAAK8kD,EAAMlb,GAAK5pC,EAAO4pC,EACnCyb,EAAO5b,GAAK2b,EAAKL,EAAMnb,GAAKwb,EAAOxb,EACnC0b,EAAO7b,GAAK4b,EAAKL,EAAMpb,GAAKyb,EAAOzb,EACnC2b,EAAQ9b,GAAK6b,EAAKL,EAAMrb,GAAK0b,EAAO1b,EACpC4b,EAAQ/b,GAAK8b,EAAMP,EAAMpb,GAAKyb,EAAOzb,EACrC8b,EAAQjc,GAAK+b,EAAMnc,EAAKO,GAAKpqC,EAAMoqC,EACnCnhD,EAAMghD,GAAKic,EAAMS,EAAMvc,GAAKwb,EAAOxb,EACnClhD,EAAM+gD,GAAKhhD,EAAIy9D,EAAKtc,GAAKrqC,EAAMqqC,EAC/BE,EAAOL,GAAK/gD,EAAIqS,GAAK6uC,GAC3B,IAAKnB,GAAGsB,IAAItB,GAAGuB,IAAIF,GAAO30C,GACtB,MAAUr5B,MAAM,2BACpB,OAAOguE,CACX,IAKatkE,GAAYs0E,GAAY,CACjCjhE,EAAG2I,OAAO,GACVpP,EAAGoP,OAAO,GACdinD,GAAIA,GACAv2D,EAAG8zE,GAEHnX,GAAIrtD,OAAO,iFACXstD,GAAIttD,OAAO,iFACXsK,EAAGtK,OAAO,GACVmrB,MAAM,EAONskC,KAAM,CACFC,KAAM1vD,OAAO,sEACb2vD,YAAcr9D,IACV,MAAM5B,EAAI8zE,GACJp5D,EAAKpL,OAAO,sCACZ8d,GAAM/K,GAAM/S,OAAO,sCACnB4kE,EAAK5kE,OAAO,uCACZ+d,EAAK3S,EACLy5D,EAAY7kE,OAAO,uCACnBga,EAAKyqD,GAAW1mD,EAAKzrB,EAAG5B,GACxBupB,EAAKwqD,IAAY3mD,EAAKxrB,EAAG5B,GAC/B,IAAI8Q,EAAKyR,GAAI3gB,EAAI0nB,EAAK5O,EAAK6O,EAAK2qD,EAAIl0E,GAChC+Q,EAAKwR,IAAK+G,EAAK8D,EAAK7D,EAAK8D,EAAIrtB,GACjC,MAAMwiE,EAAQ1xD,EAAKqjE,EACb1R,EAAQ1xD,EAAKojE,EAKnB,GAJI3R,IACA1xD,EAAK9Q,EAAI8Q,GACT2xD,IACA1xD,EAAK/Q,EAAI+Q,GACTD,EAAKqjE,GAAapjE,EAAKojE,EACvB,MAAUvqF,MAAM,uCAAyCgY,GAE7D,MAAO,CAAE4gE,QAAO1xD,KAAI2xD,QAAO1xD,KAAI,IAGxC3a,IAGSkZ,OAAO,GAiBLhc,GAAU8vE,gBCnGxB,MAAM7M,GAAKqC,GAAMtpD,OAAO,uEAKX3b,GAAkBi0E,GAAY,CACzCjhE,EALc4vD,GAAGnpD,OAAOkC,OAAO,uEAM/BpP,EALcoP,OAAO,yEAMrBinD,GAEAv2D,EAAGsP,OAAO,sEAEVqtD,GAAIrtD,OAAO,sEACXstD,GAAIttD,OAAO,sEACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACIrkC,IChBNmgE,GAAKqC,GAAMtpD,OAAO,uGAKX1b,GAAkBg0E,GAAY,CACzCjhE,EALc4vD,GAAGnpD,OAAOkC,OAAO,uGAM/BpP,EALcoP,OAAO,yGAMrBinD,GAEAv2D,EAAGsP,OAAO,sGAEVqtD,GAAIrtD,OAAO,sGACXstD,GAAIttD,OAAO,sGACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACIpkC,IChBNkgE,GAAKqC,GAAMtpD,OAAO,uIAKXzb,GAAkB+zE,GAAY,CACzCjhE,EALc4vD,GAAGnpD,OAAOkC,OAAO,uIAM/BpP,EALcoP,OAAO,sIAMrBinD,MAEAv2D,EAAGsP,OAAO,sIAEVqtD,GAAIrtD,OAAO,sIACXstD,GAAIttD,OAAO,sIACXsK,EAAGtK,OAAO,GACVmrB,MAAM,GACInkC,ICRCuJ,GAAc,IAAI0+C,IAAIp2D,OAAOiI,QAAQ,CAClD4C,SAAEA,GACFE,SAAEA,GACFE,SAAEA,GACAO,mBACAC,mBACAC,mBACAP,aACA0B,QACAC,+ECDF,SAASm/E,GAAIv1C,EAAMjjC,EAASwa,EAASyF,EAAMhE,EAAI3f,GAE7C,MAAMm8E,EAAc,CAClB,SAAW,EAAG,MAAS,SAAW,SAAW,MAAS,EAAK,MAAS,KAAO,SAC3E,SAAW,KAAO,SAAW,SAAW,SAAW,EAAK,KAAO,SAAW,SAAW,MAAS,MAAS,SACvG,SAAW,SAAW,MAAS,SAAW,SAAW,MAAS,EAAG,KAAO,MAAS,SAAW,MAAS,SAAW,EAChH,SAAW,SAAW,SAAW,SAAW,KAAO,SAAW,MAAS,MAAS,SAAW,KAAO,EAAK,SACvG,MAAS,SAAW,MAAS,SAAW,SAAW,SAAW,KAAO,MAAS,SAAW,KAAO,SAChG,SAAW,EAAG,MAAS,MAAS,EAAG,UAE/BC,EAAc,EACjB,YAAa,WAAY,MAAQ,QAAU,QAAU,IAAO,YAAa,YACzE,YAAa,YAAa,YAAa,YAAa,WAAY,QAAU,IAAO,WAAY,QAAU,SACvG,WAAY,GAAI,WAAY,MAAQ,SAAW,WAAY,SAAW,WAAY,EAAG,QAAU,OAAS,YACxG,WAAY,MAAQ,EAAG,SAAW,WAAY,SAAW,YAAa,YAAa,WAAY,OAAS,YACxG,WAAY,IAAO,WAAY,QAAU,GAAM,OAAS,WAAY,OAAS,WAAY,SAAW,WACrG,SAAW,YAAa,WAAY,QAAU,QAAU,GAAI,WAAY,OAAS,YAAa,YAC7F,WAAY,SAETC,EAAc,CAClB,IAAO,UAAW,EAAG,UAAW,UAAW,EAAG,OAAS,UAAW,OAAS,UAC3E,UAAW,OAAS,UAAW,OAAS,UAAW,IAAO,UAAW,EAAK,UAAW,IAAO,OAAS,UACrG,UAAW,OAAS,UAAW,OAAS,OAAS,UAAW,EAAK,UAAW,IAAO,UAAW,UAAW,UACzG,OAAS,IAAO,OAAS,UAAW,UAAW,EAAG,IAAO,OAAS,UAAW,UAAW,UAAW,IAAO,EAC1G,UAAW,UAAW,OAAS,UAAW,UAAW,EAAK,OAAS,OAAS,UAAW,UAAW,UAAW,IAC7G,UAAW,OAAS,EAAK,UAAW,QAEhCC,EAAc,CAClB,QAAU,KAAQ,KAAQ,IAAM,QAAU,QAAU,QAAU,KAAQ,EAAG,QACzE,QAAU,QAAU,IAAM,EAAG,QAAU,QAAU,EAAK,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,KAC1G,QAAU,EAAK,KAAQ,QAAU,KAAQ,QAAU,QAAU,IAAM,QAAU,QAAU,QAAU,QAAU,IAAM,EACjH,EAAG,QAAU,KAAQ,QAAU,QAAU,EAAK,QAAU,KAAQ,KAAQ,IAAM,QAAU,IAAM,EAAK,KAAQ,QAC3G,KAAQ,QAAU,QAAU,KAAQ,KAAQ,QAAU,QAAU,IAAM,QAAU,KAAQ,SAEpFC,EAAc,CAClB,IAAO,SAAW,SAAW,WAAY,OAAS,IAAO,WAAY,SACrE,WAAY,OAAS,SAAW,WAAY,WAAY,WAAY,OAAS,WAAY,SAAW,WACpG,WAAY,EAAG,WAAY,WAAY,WAAY,SAAW,WAAY,WAAY,EAAG,WAAY,SACrG,SAAW,WAAY,OAAS,OAAS,WAAY,IAAO,SAAW,WAAY,SAAW,WAC9F,WAAY,SAAW,WAAY,WAAY,SAAW,WAAY,IAAO,SAAW,WAAY,WACpG,OAAS,WAAY,WAAY,SAAW,EAAG,WAAY,WAAY,OAAS,SAAW,WAAY,OAAS,EAChH,WAAY,SAAW,YAEnBC,EAAc,CAClB,UAAY,UAAY,MAAQ,UAAY,UAAY,GAAM,UAAY,QAC1E,UAAY,QAAU,QAAU,UAAY,QAAU,UAAY,UAAY,MAAQ,EAAG,QAAU,UACnG,MAAQ,QAAU,UAAY,GAAM,UAAY,UAAY,EAAG,QAAU,UAAY,MAAQ,QAAU,UACvG,UAAY,UAAY,GAAM,UAAY,QAAU,UAAY,QAAU,MAAQ,UAAY,QAAU,UACxG,UAAY,MAAQ,UAAY,UAAY,QAAU,UAAY,QAAU,UAAY,EAAG,UAAY,GAAM,MAC7G,UAAY,QAAU,MAAQ,QAAU,UAAY,EAAG,UAAY,UAAY,QAAU,WAErFC,EAAc,CAClB,QAAU,SAAW,SAAW,EAAG,KAAO,SAAW,QAAU,SAAW,SAC1E,QAAU,EAAG,SAAW,EAAK,SAAW,SAAW,KAAO,SAAW,QAAU,QAAU,SAAW,SACpG,SAAW,SAAW,QAAU,SAAW,KAAO,KAAO,SAAW,QAAU,EAAK,SAAW,QAAU,SACxG,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,EAAK,QAAU,SAAW,SAAW,QACrG,SAAW,KAAO,QAAU,SAAW,KAAO,SAAW,SAAW,SAAW,QAAU,EAAG,EAAK,SAAW,EAC5G,QAAU,SAAW,KAAO,SAAW,SAAW,KAAO,SAErDC,EAAc,CAClB,UAAY,KAAQ,OAAS,UAAY,UAAY,UAAY,GAAM,UACvE,OAAS,UAAY,UAAY,OAAS,UAAY,OAAS,KAAQ,GAAM,UAAY,UAAY,UACrG,KAAQ,OAAS,OAAS,UAAY,UAAY,KAAQ,EAAG,EAAG,UAAY,UAAY,UAAY,OACpG,OAAS,OAAS,OAAS,UAAY,KAAQ,GAAM,UAAY,KAAQ,OAAS,UAAY,GAAM,UACpG,UAAY,UAAY,UAAY,OAAS,UAAY,EAAG,UAAY,OAAS,UAAY,UAAY,UACzG,UAAY,EAAG,UAAY,OAAS,OAAS,KAAQ,KAAQ,OAAS,UAAY,WAIpF,IACIzqF,EACAqY,EACAqyE,EACAC,EACAC,EACAliE,EACAiuD,EACAkU,EAKAC,EACAC,EAdAx0D,EAAI,EAeJhL,EAAM9Z,EAAQ3R,OAGlB,MAAMkrF,EAA6B,KAAhBt2C,EAAK50C,OAAgB,EAAI,EAE1C+qF,EADiB,IAAfG,EACQ/+D,EAAU,CAAC,EAAG,GAAI,GAAK,CAAC,IAAK,GAAI,GAEjCA,EAAU,CAAC,EAAG,GAAI,EAAG,GAAI,IAAK,EAAG,GAAI,GAAI,GAAK,CAAC,GAAI,IAAK,EAAG,GAAI,GAAI,EAAG,IAAK,GAAI,GAKvFA,IACFxa,EAqQJ,SAAuBA,GACrB,MAAMw5E,EAAY,EAAKx5E,EAAQ3R,OAAS,EAExC,IAAI8wB,EAKG,KAAiBq6D,EAAY,GAE7B,IAAkB,IAAdA,EACT,OAAOx5E,EAEP,MAAUhS,MAAM,uBACpB,CALImxB,EAAM,EAOR,MAAMs6D,EAAgB,IAAIvrF,WAAW8R,EAAQ3R,OAASmrF,GACtD,IAAK,IAAIjrF,EAAI,EAAGA,EAAIyR,EAAQ3R,OAAQE,IAClCkrF,EAAclrF,GAAKyR,EAAQzR,GAE7B,IAAK,IAAIqY,EAAI,EAAGA,EAAI4yE,EAAW5yE,IAC7B6yE,EAAcz5E,EAAQ3R,OAASuY,GAAKuY,EAGtC,OAAOs6D,CACT,CA9RcC,CAAc15E,GACxB8Z,EAAM9Z,EAAQ3R,QAIhB,IAAIG,EAAS,IAAIN,WAAW4rB,GACxB9T,EAAI,EASR,KAAO8e,EAAIhL,GAAK,CAsCd,IArCA7C,EAAQjX,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,EAAK9kB,EAAQ8kB,KACnFogD,EAASllE,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,GAAO9kB,EAAQ8kB,MAAQ,EAAK9kB,EAAQ8kB,KAgBpFm0D,EAAgC,WAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EACjBA,EAAiC,OAAxBhiE,IAAS,GAAMiuD,GACxBA,GAAS+T,EACThiE,GAASgiE,GAAQ,GACjBA,EAAgC,WAAvB/T,IAAU,EAAKjuD,GACxBA,GAAQgiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,UAAvB/T,IAAU,EAAKjuD,GACxBA,GAAQgiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EAEjBhiE,EAASA,GAAQ,EAAMA,IAAS,GAChCiuD,EAAUA,GAAS,EAAMA,IAAU,GAG9Bt+D,EAAI,EAAGA,EAAI2yE,EAAY3yE,GAAK,EAAG,CAIlC,IAHAyyE,EAAUD,EAAQxyE,EAAI,GACtB0yE,EAAUF,EAAQxyE,EAAI,GAEjBrY,EAAI6qF,EAAQxyE,GAAIrY,IAAM8qF,EAAS9qF,GAAK+qF,EACvCJ,EAAShU,EAAQjiC,EAAK10C,GACtB4qF,GAAWjU,IAAU,EAAMA,GAAS,IAAOjiC,EAAK10C,EAAI,GAEpD0qF,EAAOhiE,EACPA,EAAOiuD,EACPA,EAAQ+T,GAAQP,EAAaQ,IAAW,GAAM,IAAQN,EAAaM,IAAW,GAAM,IAAQJ,EAAaI,IACvG,EAAK,IAAQF,EAAqB,GAATE,GAAiBT,EAAaU,IAAW,GAAM,IAAQR,EAAaQ,IAAW,GACxG,IAAQN,EAAaM,IAAW,EAAK,IAAQJ,EAAqB,GAATI,IAE7DF,EAAOhiE,EACPA,EAAOiuD,EACPA,EAAQ+T,CACT,CAGDhiE,EAASA,IAAS,EAAMA,GAAQ,GAChCiuD,EAAUA,IAAU,EAAMA,GAAS,GAGnC+T,EAAgC,YAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAKjuD,GACxBA,GAAQgiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,WAAvB/T,IAAU,EAAKjuD,GACxBA,GAAQgiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAiC,OAAxBhiE,IAAS,GAAMiuD,GACxBA,GAAS+T,EACThiE,GAASgiE,GAAQ,GACjBA,EAAgC,WAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EAajBzqF,EAAOwX,KAAQiR,IAAS,GACxBzoB,EAAOwX,KAASiR,IAAS,GAAM,IAC/BzoB,EAAOwX,KAASiR,IAAS,EAAK,IAC9BzoB,EAAOwX,KAAe,IAAPiR,EACfzoB,EAAOwX,KAAQk/D,IAAU,GACzB12E,EAAOwX,KAASk/D,IAAU,GAAM,IAChC12E,EAAOwX,KAASk/D,IAAU,EAAK,IAC/B12E,EAAOwX,KAAgB,IAARk/D,CAChB,CAOD,OAJK1qD,IACHhsB,EA4KJ,SAA0BwR,GACxB,IACImf,EADAq6D,EAAY,KAYhB,GALEr6D,EAAM,GAKHq6D,EAAW,CAEd,IADAA,EAAY,EACLx5E,EAAQA,EAAQ3R,OAASmrF,KAAer6D,GAC7Cq6D,IAEFA,GACJ,CAEE,OAAOx5E,EAAQvK,SAAS,EAAGuK,EAAQ3R,OAASmrF,EAC9C,CAlMaG,CAAiBnrF,IAGrBA,CACT,CAOA,SAASorF,GAAcx8E,GAErB,MAAMy8E,EAAY,CAChB,EAAG,EAAK,UAAY,UAAY,MAAS,MAAS,UAAY,UAAY,IAAO,IACjF,UAAY,UAAY,MAAS,MAAS,UAAY,WAElDC,EAAY,CAChB,EAAG,EAAK,QAAU,QAAU,SAAW,SAAW,SAAW,SAAW,IAAO,IAAO,QACtF,QAAU,SAAW,SAAW,SAAW,UAEvCC,EAAY,CAChB,EAAG,EAAK,KAAO,KAAO,SAAW,SAAW,SAAW,SAAW,EAAG,EAAK,KAAO,KACjF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,QAAU,UAAW,UAAW,KAAQ,QAAU,UAAW,UAAW,OAAS,QACpF,UAAW,UAAW,OAAS,QAAU,UAAW,WAEhDC,EAAY,CAChB,EAAG,OAAS,GAAM,OAAS,EAAG,OAAS,GAAM,OAAS,KAAQ,OAAS,KAAQ,OAAS,KACxF,OAAS,KAAQ,QAEbC,EAAY,CAChB,EAAG,KAAO,GAAM,KAAO,EAAG,KAAO,GAAM,KAAO,SAAW,SAAW,SAAW,SAC/E,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,OAAS,UAAY,EAAK,UAAY,OAAS,UAAY,EAAG,UAC7E,OAAS,UAAY,EAAK,UAAY,OAAS,WAE3CC,EAAY,CAChB,EAAG,MAAS,KAAO,MAAS,UAAY,UAAY,UAAY,UAAY,OAAS,OACrF,OAAS,OAAS,UAAY,UAAY,UAAY,WAElDC,EAAY,CAChB,EAAG,OAAS,EAAG,OAAS,EAAK,OAAS,EAAK,OAAS,SAAW,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,UAE7BC,EAAY,CAChB,EAAG,UAAY,EAAK,UAAY,EAAG,UAAY,EAAK,UAAY,KAAO,UAAY,KACnF,UAAY,KAAO,UAAY,KAAO,WAElCC,EAAa,CACjB,EAAG,GAAM,EAAG,GAAM,QAAU,QAAU,QAAU,QAAU,KAAQ,KAAQ,KAAQ,KAClF,QAAU,QAAU,QAAU,SAE1BC,EAAa,CACjB,EAAG,SAAW,IAAO,SAAW,QAAU,SAAW,QAAU,SAAW,SAAW,SACrF,SAAW,SAAW,SAAW,SAAW,SAAW,UAEnDC,EAAa,CACjB,EAAG,KAAQ,UAAW,UAAW,OAAS,OAAS,UAAW,UAAW,GAAM,KAC/E,UAAW,UAAW,OAAS,OAAS,UAAW,WAE/CC,EAAa,CAAC,EAAG,EAAK,IAAO,IAAO,EAAG,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,IAAO,EAAK,EAAK,IAAO,KAGnGnB,EAAan8E,EAAI/O,OAAS,EAAI,EAAI,EAElC40C,EAAW72C,MAAM,GAAKmtF,GAEtBoB,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAE7D,IAAIC,EACAC,EAGA5B,EAFAn0D,EAAI,EACJ1gB,EAAI,EAGR,IAAK,IAAIwC,EAAI,EAAGA,EAAI2yE,EAAY3yE,IAAK,CACnC,IAAIqQ,EAAQ7Z,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,EAAK1nB,EAAI0nB,KACnEogD,EAAS9nE,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,GAAO1nB,EAAI0nB,MAAQ,EAAK1nB,EAAI0nB,KAExEm0D,EAAgC,WAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAMjuD,GAC1BA,GAAQgiE,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,WAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EACjBA,EAAkC,OAAzB/T,KAAW,GAAMjuD,GAC1BA,GAAQgiE,EACR/T,GAAU+T,IAAS,GACnBA,EAAgC,YAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EACjBA,EAAgC,UAAvB/T,IAAU,EAAKjuD,GACxBA,GAAQgiE,EACR/T,GAAU+T,GAAQ,EAClBA,EAAgC,YAAvBhiE,IAAS,EAAKiuD,GACvBA,GAAS+T,EACThiE,GAASgiE,GAAQ,EAGjBA,EAAQhiE,GAAQ,EAAOiuD,IAAU,GAAM,IAEvCjuD,EAAQiuD,GAAS,GAAQA,GAAS,EAAK,SAAcA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAChGA,EAAQ+T,EAGR,IAAK,IAAI1qF,EAAI,EAAGA,EAAIosF,GAAepsF,IAE7BosF,EAAOpsF,IACT0oB,EAAQA,GAAQ,EAAMA,IAAS,GAC/BiuD,EAASA,GAAS,EAAMA,IAAU,KAElCjuD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BiuD,EAASA,GAAS,EAAMA,IAAU,IAEpCjuD,IAAS,GACTiuD,IAAU,GAMV0V,EAAWf,EAAU5iE,IAAS,IAAM6iE,EAAW7iE,IAAS,GAAM,IAAO8iE,EAAW9iE,IAAS,GAAM,IAAO+iE,EACpG/iE,IAAS,GAAM,IAAOgjE,EAAWhjE,IAAS,GAAM,IAAOijE,EAAWjjE,IAAS,EAAK,IAAOkjE,EAAWljE,IAAS,EAC3G,IACF4jE,EAAYT,EAAUlV,IAAU,IAAMmV,EAAWnV,IAAU,GAAM,IAAOoV,EAAWpV,IAAU,GAAM,IACjGqV,EAAYrV,IAAU,GAAM,IAAOsV,EAAYtV,IAAU,GAAM,IAAOuV,EAAYvV,IAAU,EAAK,IACjGwV,EAAYxV,IAAU,EAAK,IAC7B+T,EAAyC,OAAhC4B,IAAc,GAAMD,GAC7B33C,EAAK7+B,KAAOw2E,EAAW3B,EACvBh2C,EAAK7+B,KAAOy2E,EAAa5B,GAAQ,EAEpC,CAED,OAAOh2C,CACT,CAwDO,SAAS63C,GAAU19E,GACxB3Q,KAAK2Q,IAAM,GAEX,IAAK,IAAI7O,EAAI,EAAGA,EAAI,EAAGA,IACrB9B,KAAK2Q,IAAI7N,KAAK,IAAIrB,WAAWkP,EAAI3H,SAAa,EAAJlH,EAAY,EAAJA,EAAS,KAG7D9B,KAAK+tB,QAAU,SAASiE,GACtB,OAAO+5D,GACLoB,GAAcntF,KAAK2Q,IAAI,IACvBo7E,GACEoB,GAAcntF,KAAK2Q,IAAI,IACvBo7E,GACEoB,GAAcntF,KAAK2Q,IAAI,IACvBqhB,GAAO,IAET,IACC,EAEN,CACH,CCtbA,SAASs8D,KACPtuF,KAAKuuF,UAAY,EACjBvuF,KAAKwuF,QAAU,GAEfxuF,KAAKyuF,OAAS,SAAS99E,GAMrB,GALA3Q,KAAK0uF,QAAc/uF,MAAM,IACzBK,KAAK2uF,OAAahvF,MAAM,IAExBK,KAAKutE,QAED58D,EAAI/O,SAAW5B,KAAKwuF,QAGtB,MAAUjtF,MAAM,mCAElB,OAJEvB,KAAK4uF,YAAYj+E,IAIZ,CACR,EAED3Q,KAAKutE,MAAQ,WACX,IAAK,IAAIzrE,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK0uF,QAAQ5sF,GAAK,EAClB9B,KAAK2uF,OAAO7sF,GAAK,CAEpB,EAED9B,KAAK6uF,aAAe,WAClB,OAAO7uF,KAAKuuF,SACb,EAEDvuF,KAAK+tB,QAAU,SAASW,GACtB,MAAMH,EAAU5uB,MAAM+uB,EAAI9sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI4sB,EAAI9sB,OAAQE,GAAK,EAAG,CACtC,IAEI4Z,EAFA0mB,EAAK1T,EAAI5sB,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GACtE2Z,EAAKiT,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GAG9E4Z,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EAEJ6S,EAAIzsB,GAAM2Z,IAAM,GAAM,IACtB8S,EAAIzsB,EAAI,GAAM2Z,IAAM,GAAM,IAC1B8S,EAAIzsB,EAAI,GAAM2Z,IAAM,EAAK,IACzB8S,EAAIzsB,EAAI,GAAS,IAAJ2Z,EACb8S,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,IAAM,EAAK,IACzB7T,EAAIzsB,EAAI,GAAS,IAAJsgC,CACnB,CAEI,OAAO7T,CACR,EAEDvuB,KAAKquB,QAAU,SAASK,GACtB,MAAMH,EAAU5uB,MAAM+uB,EAAI9sB,QAE1B,IAAK,IAAIE,EAAI,EAAGA,EAAI4sB,EAAI9sB,OAAQE,GAAK,EAAG,CACtC,IAEI4Z,EAFA0mB,EAAK1T,EAAI5sB,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GACtE2Z,EAAKiT,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,GAAO4sB,EAAI5sB,EAAI,IAAM,EAAK4sB,EAAI5sB,EAAI,GAG9E4Z,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,IAAK1uF,KAAK2uF,OAAO,KAC5CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EAEJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI4sD,EAAGvzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI2sD,EAAGtzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EACJA,EAAID,EACJA,EAAI2mB,EAAI0sD,EAAGrzE,EAAGzb,KAAK0uF,QAAQ,GAAI1uF,KAAK2uF,OAAO,IAC3CvsD,EAAI1mB,EAEJ6S,EAAIzsB,GAAM2Z,IAAM,GAAM,IACtB8S,EAAIzsB,EAAI,GAAM2Z,IAAM,GAAM,IAC1B8S,EAAIzsB,EAAI,GAAM2Z,IAAM,EAAK,IACzB8S,EAAIzsB,EAAI,GAAS,IAAJ2Z,EACb8S,EAAIzsB,EAAI,GAAMsgC,IAAM,GAAM,IAC1B7T,EAAIzsB,EAAI,GAAMsgC,GAAK,GAAM,IACzB7T,EAAIzsB,EAAI,GAAMsgC,GAAK,EAAK,IACxB7T,EAAIzsB,EAAI,GAAS,IAAJsgC,CACnB,CAEI,OAAO7T,CACR,EACD,MAAM0gE,SAENA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAE7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAAK,GAAK,GAC7CA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,GACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAU,GAAQ,GAAU,GAAQ,IAG7DA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAQ,GAAQ,GAAQ,GAAQ,IACzDA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,IACrCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,EAAG,GAAK,EAAG,IAEzC,MAAMC,SAgFN,SAASJ,EAAG1rE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS0zE,EAAK,GAAGjtD,IAAM,IAAMitD,EAAK,GAAIjtD,IAAM,GAAM,MAAQitD,EAAK,GAAIjtD,IAAM,EAAK,KAAQitD,EAAK,GAAO,IAAJjtD,EAClG,CAEE,SAAS6sD,EAAG3rE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS0zE,EAAK,GAAGjtD,IAAM,IAAMitD,EAAK,GAAIjtD,IAAM,GAAM,KAAQitD,EAAK,GAAIjtD,IAAM,EAAK,KAAQitD,EAAK,GAAO,IAAJjtD,EAClG,CAEE,SAAS8sD,EAAG5rE,EAAGiV,EAAG5c,GAChB,MAAMC,EAAI2c,EAAIjV,EACR8e,EAAKxmB,GAAKD,EAAMC,IAAO,GAAKD,EAClC,OAAS0zE,EAAK,GAAGjtD,IAAM,IAAMitD,EAAK,GAAIjtD,IAAM,GAAM,KAAQitD,EAAK,GAAIjtD,IAAM,EAAK,MAAQitD,EAAK,GAAO,IAAJjtD,EAClG,CA9FEgtD,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAU,GAAU,GAAQ,GAAQ,IAEvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,IACnCA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,GAAK,GAAK,GAGnCA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IACvDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAQ,GAAQ,IACnDA,EAAU,GAAG,GAAK,CAAC,GAAQ,GAAQ,GAAU,GAAU,IAGvDA,EAAU,UACVA,EAAU,GAAG,GAAK,CAAC,EAAG,EAAG,EAAG,EAAG,GAC/BA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,GACnCA,EAAU,GAAG,GAAK,CAAC,GAAK,GAAK,EAAG,EAAG,IAGnClvF,KAAK4uF,YAAc,SAASQ,GAC1B,MAAM1zE,aACAnC,EAAQ5Z,MAAM,IAEpB,IAAIwa,EAEJ,IAAK,IAAIrY,EAAI,EAAGA,EAAI,EAAGA,IACrBqY,EAAQ,EAAJrY,EACJ4Z,EAAE5Z,GAAMstF,EAAIj1E,IAAM,GAAOi1E,EAAIj1E,EAAI,IAAM,GAAOi1E,EAAIj1E,EAAI,IAAM,EAAKi1E,EAAIj1E,EAAI,GAG3E,MAAMqB,EAAI,CAAC,EAAG,EAAG,EAAG,GACpB,IACI0N,EADAmmE,EAAK,EAGT,IAAK,IAAIC,EAAO,EAAGA,EAAO,EAAGA,IAC3B,IAAK,IAAIlL,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACtC,IAAKjqE,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMmE,EAAI2wE,EAAU7K,GAAOjqE,GAC3B+O,EAAIxN,EAAE4C,EAAE,IAER4K,GAAKimE,EAAK,GAAIzzE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAKimE,EAAK,GAAIzzE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAKimE,EAAK,GAAIzzE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAKimE,EAAK,GAAIzzE,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzD4K,GAAKimE,EAAK3zE,EAAErB,IAAKuB,EAAE4C,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC5D5C,EAAE4C,EAAE,IAAM4K,CACpB,CAEQ,IAAK/O,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACtB,MAAMtC,EAAIq3E,EAAU9K,GAAOjqE,GAC3B+O,EAAIimE,EAAK,GAAIzzE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAExDqR,GAAKimE,EAAK,GAAIzzE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAKimE,EAAK,GAAIzzE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAKimE,EAAK,GAAIzzE,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KACzDqR,GAAKimE,EAAK,EAAIh1E,GAAIuB,EAAE7D,EAAE,KAAO,KAAQ,GAAK,GAAY,EAAPA,EAAE,IAAY,KAC7D0B,EAAE81E,GAAMnmE,EACRmmE,GACV,CACA,CAGI,IAAK,IAAIvtF,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK0uF,QAAQ5sF,GAAKyX,EAAEzX,GACpB9B,KAAK2uF,OAAO7sF,GAAiB,GAAZyX,EAAE,GAAKzX,EAE3B,EAsBD,MAAMqtF,aACNA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,QAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,SAAY,WAAY,WACpF,WAAY,QAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,SAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,SAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,SAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,QAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,SAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,WAAY,QAAY,SAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,SAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,SAAY,QAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,SAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,QAAY,WACpF,UAAY,QAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,SAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,SAAY,UACpF,WAAY,WAAY,WAAY,SAAY,UAAY,WAAY,WAAY,SACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,WAAY,SAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,UAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,SAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,SAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UAAY,UACpF,UAAY,WAAY,SAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,SAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,SAAY,WACpF,UAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WACpF,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,SAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SAAY,UACpF,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,SAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,YAGtFA,EAAK,GAAK,CACR,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,SACpF,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,SACpF,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,SAAY,WAAY,WACpF,UAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WACpF,WAAY,UAAY,WAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,WAAY,UACpF,WAAY,UAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UAAY,UACpF,UAAY,WAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAAY,UACpF,UAAY,SAAY,WAAY,WAAY,WAAY,WAAY,UAAY,WACpF,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,WAAY,UAAY,WAAY,UACpF,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY,UAAY,UACpF,WAAY,UAAY,UAAY,UAAY,WAAY,UAAY,WAAY,WACpF,SAAY,WAAY,WAAY,UAAY,WAAY,WAAY,WAAY,WAExF,CAEA,SAASI,GAAM5+E,GACb3Q,KAAKgN,MAAQ,IAAIshF,GACjBtuF,KAAKgN,MAAMyhF,OAAO99E,GAElB3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAKgN,MAAM+gB,QAAQiE,EAC3B,CACH,CDpJAq8D,GAAUrrE,QAAUqrE,GAAUpuF,UAAU+iB,QAAU,GAClDqrE,GAAUprE,UAAYorE,GAAUpuF,UAAUgjB,UAAY,ECqJtDssE,GAAMtsE,UAAYssE,GAAMtvF,UAAUgjB,UAAY,EAC9CssE,GAAMvsE,QAAUusE,GAAMtvF,UAAU+iB,QAAU,GCpkB1C,MAAMwsE,GAAS,WAEf,SAASC,GAAKvmE,EAAGvR,GACf,OAAQuR,GAAKvR,EAAIuR,IAAO,GAAKvR,GAAM63E,EACrC,CAEA,SAASE,GAAKpxE,EAAGxc,GACf,OAAOwc,EAAExc,GAAKwc,EAAExc,EAAI,IAAM,EAAIwc,EAAExc,EAAI,IAAM,GAAKwc,EAAExc,EAAI,IAAM,EAC7D,CAEA,SAAS6tF,GAAKrxE,EAAGxc,EAAGonB,GAClB5K,EAAEsxE,OAAO9tF,EAAG,EAAO,IAAJonB,EAAWA,IAAM,EAAK,IAAOA,IAAM,GAAM,IAAOA,IAAM,GAAM,IAC7E,CAEA,SAAS2mE,GAAKr0E,EAAG7D,GACf,OAAQ6D,IAAW,EAAJ7D,EAAU,GAC3B,CAkSA,SAASm4E,GAAGn/E,GACV3Q,KAAK+vF,GA7RP,WAEE,IAAIC,EAAW,KACXC,EAAY,KACZC,GAAc,EAKdC,EAAS,GACTC,EAAO,CACT,GACA,GACA,GACA,IA+KF,SAASC,EAAM70E,GACb,OAAO40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,GAC7F,CAEE,SAAS80E,EAAM90E,GACb,OAAO40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,IAAM40E,EAAK,GAAGP,GAAKr0E,EAAG,GAC7F,CAEE,SAAS+0E,EAAQ90E,EAAG+0E,GAClB,IAAIlyE,EAAI+xE,EAAMG,EAAI,IACd34E,EAAIy4E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAMlyE,EAAIzG,EAAIs4E,EAAO,EAAI10E,EAAI,GAAM+zE,GAAQ,IAC7DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMlyE,EAAI,EAAIzG,EAAIs4E,EAAO,EAAI10E,EAAI,GAAM+zE,GAC7DlxE,EAAI+xE,EAAMG,EAAI,IACd34E,EAAIy4E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAMlyE,EAAIzG,EAAIs4E,EAAO,EAAI10E,EAAI,IAAO+zE,GAAQ,IAC9DgB,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMlyE,EAAI,EAAIzG,EAAIs4E,EAAO,EAAI10E,EAAI,IAAO+zE,EAClE,CAEE,SAASiB,EAAQ3uF,EAAG0uF,GAClB,IAAIlyE,EAAI+xE,EAAMG,EAAI,IACd34E,EAAIy4E,EAAME,EAAI,IAClBA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMlyE,EAAIzG,EAAIs4E,EAAO,EAAIruF,EAAI,IAAO0tF,GAC1DgB,EAAI,GAAKf,GAAKe,EAAI,GAAMlyE,EAAI,EAAIzG,EAAIs4E,EAAO,EAAIruF,EAAI,IAAO0tF,GAAQ,IAClElxE,EAAI+xE,EAAMG,EAAI,IACd34E,EAAIy4E,EAAME,EAAI,IACdA,EAAI,GAAKf,GAAKe,EAAI,GAAI,GAAMlyE,EAAIzG,EAAIs4E,EAAO,EAAIruF,EAAI,GAAM0tF,GACzDgB,EAAI,GAAKf,GAAKe,EAAI,GAAMlyE,EAAI,EAAIzG,EAAIs4E,EAAO,EAAIruF,EAAI,GAAM0tF,GAAQ,GACrE,CAqDE,MAAO,CACLvnF,KAAM,UACNyoF,UAAW,GACXC,KAhQF,SAAiBhgF,GAEf,IAAI7O,EACAwc,EACAzG,EACAsL,EACAC,EALJ4sE,EAAWr/E,EAMX,MAAMigF,EAAQ,GACRC,EAAQ,GACRC,EAAQ,GACd,IAAIC,EACJ,MAAMC,EAAO,GACb,IAAIC,EACAC,EACAC,EAEJ,MAAMC,EAAK,CACT,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,GACpD,CAAC,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,IACnD,CAAC,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,IAEhDC,EAAK,CACT,CAAC,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GACpD,CAAC,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,KAE/CC,EAAK,CACT,CAAC,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,IACnD,CAAC,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,KAE/CC,EAAO,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,IAC1DC,EAAO,CAAC,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,GAC3D9tE,EAAI,CACR,GACA,IAEI0U,EAAI,CACR,GACA,GACA,GACA,IAGF,SAASq5D,EAAMl2E,GACb,OAAOA,EAAKA,GAAK,EAAK,CAAC,EAAG,GAAI,IAAK,KAAS,EAAJA,EAC9C,CAEI,SAASm2E,EAAMn2E,GACb,OAAOA,EAAKA,GAAK,EAAMA,GAAK,EAAK,CAAC,EAAG,IAAK,IAAK,IAAQ,EAAJA,EACzD,CAEI,SAASo2E,EAAOzkE,EAAGxJ,GACjB,IAAI7hB,EACA4Z,EACAqiB,EACJ,IAAKj8B,EAAI,EAAGA,EAAI,EAAGA,IACjB4Z,EAAIiI,IAAM,GACVA,EAAMA,GAAK,EAAK6rE,GAAUriE,IAAM,GAChCA,EAAKA,GAAK,EAAKqiE,GACfzxD,EAAIriB,GAAK,EACD,IAAJA,IACFqiB,GAAK,KAEPpa,GAAKjI,EAAKqiB,GAAK,GACfA,GAAKriB,IAAM,EACH,EAAJA,IACFqiB,GAAK,KAEPpa,GAAKoa,GAAK,GAAKA,GAAK,EAEtB,OAAOpa,CACb,CAEI,SAASkuE,EAAGl6E,EAAG6D,GACb,MAAM8C,EAAI9C,GAAK,EACT3D,EAAQ,GAAJ2D,EACJ2H,EAAIiuE,EAAGz5E,GAAG2G,EAAIzG,GACduL,EAAIiuE,EAAG15E,GAAG65E,EAAK35E,GAAK45E,EAAKnzE,IAC/B,OAAOizE,EAAG55E,GAAG65E,EAAKpuE,GAAKquE,EAAKtuE,KAAO,EAAImuE,EAAG35E,GAAGwL,EAAIC,EACvD,CAEI,SAAS0uE,EAAKt2E,EAAG7K,GACf,IAAI2N,EAAIuxE,GAAKr0E,EAAG,GACZ3D,EAAIg4E,GAAKr0E,EAAG,GACZ2H,EAAI0sE,GAAKr0E,EAAG,GACZ4H,EAAIysE,GAAKr0E,EAAG,GAChB,OAAQu1E,GACN,KAAK,EACHzyE,EAAIqF,EAAE,GAAGrF,GAAKuxE,GAAKl/E,EAAI,GAAI,GAC3BkH,EAAI8L,EAAE,GAAG9L,GAAKg4E,GAAKl/E,EAAI,GAAI,GAC3BwS,EAAIQ,EAAE,GAAGR,GAAK0sE,GAAKl/E,EAAI,GAAI,GAC3ByS,EAAIO,EAAE,GAAGP,GAAKysE,GAAKl/E,EAAI,GAAI,GAC7B,KAAK,EACH2N,EAAIqF,EAAE,GAAGrF,GAAKuxE,GAAKl/E,EAAI,GAAI,GAC3BkH,EAAI8L,EAAE,GAAG9L,GAAKg4E,GAAKl/E,EAAI,GAAI,GAC3BwS,EAAIQ,EAAE,GAAGR,GAAK0sE,GAAKl/E,EAAI,GAAI,GAC3ByS,EAAIO,EAAE,GAAGP,GAAKysE,GAAKl/E,EAAI,GAAI,GAC7B,KAAK,EACH2N,EAAIqF,EAAE,GAAGA,EAAE,GAAGrF,GAAKuxE,GAAKl/E,EAAI,GAAI,IAAMk/E,GAAKl/E,EAAI,GAAI,GACnDkH,EAAI8L,EAAE,GAAGA,EAAE,GAAG9L,GAAKg4E,GAAKl/E,EAAI,GAAI,IAAMk/E,GAAKl/E,EAAI,GAAI,GACnDwS,EAAIQ,EAAE,GAAGA,EAAE,GAAGR,GAAK0sE,GAAKl/E,EAAI,GAAI,IAAMk/E,GAAKl/E,EAAI,GAAI,GACnDyS,EAAIO,EAAE,GAAGA,EAAE,GAAGP,GAAKysE,GAAKl/E,EAAI,GAAI,IAAMk/E,GAAKl/E,EAAI,GAAI,GAEvD,OAAO0nB,EAAE,GAAG/Z,GAAK+Z,EAAE,GAAGxgB,GAAKwgB,EAAE,GAAGlV,GAAKkV,EAAE,GAAGjV,EAChD,CAII,IAFA4sE,EAAWA,EAASrtF,MAAM,EAAG,IAC7Bb,EAAIkuF,EAASpuF,OACA,KAANE,GAAkB,KAANA,GAAkB,KAANA,GAC7BkuF,EAASluF,KAAO,EAGlB,IAAKA,EAAI,EAAGA,EAAIkuF,EAASpuF,OAAQE,GAAK,EACpCgvF,EAAMhvF,GAAK,GAAK4tF,GAAKM,EAAUluF,GAEjC,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnB6hB,EAAE,GAAG7hB,GAAK+vF,EAAG,EAAG/vF,GAChB6hB,EAAE,GAAG7hB,GAAK+vF,EAAG,EAAG/vF,GAElB,IAAKA,EAAI,EAAGA,EAAI,IAAKA,IACnBmvF,EAAMttE,EAAE,GAAG7hB,GACXovF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ54D,EAAE,GAAGv2B,GAAKmvF,GAAOC,GAAO,IAAMC,GAAO,KAAOA,GAAO,IACnD94D,EAAE,GAAGv2B,GAAKovF,GAAOC,GAAO,IAAMF,GAAO,KAAOE,GAAO,IACnDF,EAAMttE,EAAE,GAAG7hB,GACXovF,EAAMQ,EAAMT,GACZE,EAAMQ,EAAMV,GACZ54D,EAAE,GAAGv2B,GAAKqvF,GAAOA,GAAO,IAAMD,GAAO,KAAOD,GAAO,IACnD54D,EAAE,GAAGv2B,GAAKovF,GAAOD,GAAO,IAAME,GAAO,KAAOD,GAAO,IAIrD,IADAH,EAAOD,EAAMlvF,OAAS,EACjBE,EAAI,EAAGA,EAAIivF,EAAMjvF,IACpBwc,EAAIwyE,EAAMhvF,EAAIA,GACd8uF,EAAM9uF,GAAKwc,EACXzG,EAAIi5E,EAAMhvF,EAAIA,EAAI,GAClB+uF,EAAM/uF,GAAK+V,EACXm5E,EAAKD,EAAOjvF,EAAI,GAAK8vF,EAAOtzE,EAAGzG,GAEjC,IAAK/V,EAAI,EAAGA,EAAI,GAAIA,GAAK,EACvBwc,EAAI,SAAYxc,EAChB+V,EAAIyG,EAAI,SACRA,EAAIwzE,EAAKxzE,EAAGsyE,GACZ/4E,EAAI43E,GAAKqC,EAAKj6E,EAAGg5E,GAAQ,GACzBV,EAAOruF,GAAMwc,EAAIzG,EAAK23E,GACtBW,EAAOruF,EAAI,GAAK2tF,GAAKnxE,EAAI,EAAIzG,EAAG,GAElC,IAAK/V,EAAI,EAAGA,EAAI,IAAKA,IAEnB,OADAwc,EAAIzG,EAAIsL,EAAIC,EAAIthB,EACRivF,GACN,KAAK,EACHzyE,EAAIqF,EAAE,GAAGrF,GAAKuxE,GAAKmB,EAAK,GAAI,GAC5Bn5E,EAAI8L,EAAE,GAAG9L,GAAKg4E,GAAKmB,EAAK,GAAI,GAC5B7tE,EAAIQ,EAAE,GAAGR,GAAK0sE,GAAKmB,EAAK,GAAI,GAC5B5tE,EAAIO,EAAE,GAAGP,GAAKysE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACH1yE,EAAIqF,EAAE,GAAGrF,GAAKuxE,GAAKmB,EAAK,GAAI,GAC5Bn5E,EAAI8L,EAAE,GAAG9L,GAAKg4E,GAAKmB,EAAK,GAAI,GAC5B7tE,EAAIQ,EAAE,GAAGR,GAAK0sE,GAAKmB,EAAK,GAAI,GAC5B5tE,EAAIO,EAAE,GAAGP,GAAKysE,GAAKmB,EAAK,GAAI,GAC9B,KAAK,EACHZ,EAAK,GAAGtuF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGrF,GAAKuxE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGtuF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAG9L,GAAKg4E,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGtuF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGR,GAAK0sE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IACnEZ,EAAK,GAAGtuF,GAAKu2B,EAAE,GAAG1U,EAAE,GAAGA,EAAE,GAAGP,GAAKysE,GAAKmB,EAAK,GAAI,IAAMnB,GAAKmB,EAAK,GAAI,IAG7E,EAuFI/tF,MAvDF,WACEktF,EAAS,GACTC,EAAO,CACL,GACA,GACA,GACA,GAEN,EAgDIriE,QA9CF,SAAoBlnB,EAAM+R,GACxBq3E,EAAYppF,EACZqpF,EAAat3E,EACb,MAAM43E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIh2E,EAAI,EAAGA,EAAI,EAAGA,IACrBo2E,EAAQp2E,EAAGq2E,GAOb,OALAb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,GACPD,CACX,EA+BI5hE,QA7BF,SAAoBxnB,EAAM+R,GACxBq3E,EAAYppF,EACZqpF,EAAat3E,EACb,MAAM43E,EAAM,CAACd,GAAKO,EAAWC,GAAcC,EAAO,GAChDT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,GAAKC,EAAO,GACzCT,GAAKO,EAAWC,EAAa,IAAMC,EAAO,IAC5C,IAAK,IAAIh2E,EAAI,EAAGA,GAAK,EAAGA,IACtBs2E,EAAQt2E,EAAGq2E,GAEbb,GAAKM,EAAWC,EAAYM,EAAI,GAAKL,EAAO,IAC5CR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,EAAGM,EAAI,GAAKL,EAAO,IAChDR,GAAKM,EAAWC,EAAa,GAAIM,EAAI,GAAKL,EAAO,IACjDD,GAAc,EAClB,EAgBI6B,SAZF,WACE,OAAO9B,CACX,EAYA,CAKY+B,GACVhyF,KAAK+vF,GAAGY,KAAKhxF,MAAM4gB,KAAK5P,GAAM,GAE9B3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAK+vF,GAAGhiE,QAAQpuB,MAAM4gB,KAAKyR,GAAQ,EAC3C,CACH,CCxUA,SAASigE,KAAW,CAqXpB,SAASC,GAAGvhF,GACV3Q,KAAKmyF,GAAK,IAAIF,GACdjyF,KAAKmyF,GAAG5wD,KAAK5wB,GAEb3Q,KAAK+tB,QAAU,SAASiE,GACtB,OAAOhyB,KAAKmyF,GAAGpgE,aAAaC,EAC7B,CACH,CDlDA89D,GAAG9sE,QAAU8sE,GAAG7vF,UAAU+iB,QAAU,GACpC8sE,GAAG7sE,UAAY6sE,GAAG7vF,UAAUgjB,UAAY,GCrUxCgvE,GAAShyF,UAAUmyF,UAAY,EAK/BH,GAAShyF,UAAUoyF,OAAS,CAC1B,CACE,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,QAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,UAAY,UAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,SAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,YAEtC,CACE,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,SAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,UAAY,WAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,UAAY,SAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,UAAY,UAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,QAAY,UAAY,UAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,YAEtC,CACE,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,SAAY,WAAY,SAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,SAAY,SAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,SAAY,WAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,UAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,SAAY,UAAY,WAAY,UAAY,WAC5D,WAAY,UAAY,SAAY,UAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,WAC5D,WAAY,WAAY,SAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,UAAY,WAAY,WAAY,UAC5D,WAAY,UAAY,WAAY,WAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,UAAY,WAAY,UAAY,WAAY,WAC5D,UAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,UAC5D,UAAY,UAAY,WAAY,WAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,UAAY,SAC5D,SAAY,WAAY,WAAY,WAAY,WAAY,WAC5D,WAAY,WAAY,WAAY,YAOxCJ,GAAShyF,UAAUqyF,OAAS,CAC1B,UAAY,WAAY,UAAY,SAAY,WAAY,UAC5D,UAAY,WAAY,WAAY,UAAY,WAAY,UAC5D,WAAY,WAAY,WAAY,WAAY,WAAY,YAM9DL,GAAShyF,UAAUsyF,GAAK,GASxBN,GAAShyF,UAAUuyF,OAAS,SAASC,GACnC,GAAIA,EAAK,EAAG,CAEVA,GADgB,WAALA,GACD,UACd,CACE,OAAOA,CACT,EAKAR,GAAShyF,UAAU6rE,GAAK,SAAS2mB,GAC/B,IAAIC,EAEJ,MAAMC,EAAU,IAALF,EAELG,EAAU,KADhBH,KAAQ,GAGFI,EAAU,KADhBJ,KAAQ,GAGFK,EAAU,KADhBL,KAAQ,GAOR,OAJAC,EAAK1yF,KAAK+yF,OAAO,GAAGD,GAAM9yF,KAAK+yF,OAAO,GAAGF,GACzCH,GAAM1yF,KAAK+yF,OAAO,GAAGH,GACrBF,GAAM1yF,KAAK+yF,OAAO,GAAGJ,GAEdD,CACT,EAMAT,GAAShyF,UAAU+yF,cAAgB,SAASC,GAC1C,IAGIzvE,EAHA0vE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKzvE,EAAK,EAAGA,EAAKxjB,KAAKuyF,KAAM/uE,EAAI,CAC/B0vE,GAASlzF,KAAKozF,OAAO5vE,GACrB2vE,EAAQnzF,KAAK8rE,GAAGonB,GAASC,EAEzB,MAAM3nE,EAAM0nE,EACZA,EAAQC,EACRA,EAAQ3nE,CACZ,CAEE0nE,GAASlzF,KAAKozF,OAAOpzF,KAAKuyF,GAAK,GAC/BY,GAASnzF,KAAKozF,OAAOpzF,KAAKuyF,GAAK,GAE/BU,EAAK,GAAKjzF,KAAKwyF,OAAOW,GACtBF,EAAK,GAAKjzF,KAAKwyF,OAAOU,EACxB,EAWAjB,GAAShyF,UAAU8xB,aAAe,SAASshE,GACzC,IAAI7vE,EACJ,MAAMyvE,EAAO,CAAC,EAAG,GACXK,EAAMtzF,KAAKoyF,UAAY,EAC7B,IAAK5uE,EAAK,EAAGA,EAAKxjB,KAAKoyF,UAAY,IAAK5uE,EACtCyvE,EAAK,GAAMA,EAAK,IAAM,EAAuB,IAAjBI,EAAO7vE,EAAK,GACxCyvE,EAAK,GAAMA,EAAK,IAAM,EAAyB,IAAnBI,EAAO7vE,EAAK8vE,GAG1CtzF,KAAKgzF,cAAcC,GAEnB,MAAMM,EAAM,GACZ,IAAK/vE,EAAK,EAAGA,EAAKxjB,KAAKoyF,UAAY,IAAK5uE,EACtC+vE,EAAI/vE,EAAK,GAAOyvE,EAAK,KAAQ,GAAK,EAAC,EAAY,IAC/CM,EAAI/vE,EAAK8vE,GAASL,EAAK,KAAQ,GAAK,EAAC,EAAY,IAKnD,OAAOM,CACT,EAMAtB,GAAShyF,UAAUuzF,cAAgB,SAASP,GAC1C,IAGIzvE,EAHA0vE,EAAQD,EAAK,GACbE,EAAQF,EAAK,GAIjB,IAAKzvE,EAAKxjB,KAAKuyF,GAAK,EAAG/uE,EAAK,IAAKA,EAAI,CACnC0vE,GAASlzF,KAAKozF,OAAO5vE,GACrB2vE,EAAQnzF,KAAK8rE,GAAGonB,GAASC,EAEzB,MAAM3nE,EAAM0nE,EACZA,EAAQC,EACRA,EAAQ3nE,CACZ,CAEE0nE,GAASlzF,KAAKozF,OAAO,GACrBD,GAASnzF,KAAKozF,OAAO,GAErBH,EAAK,GAAKjzF,KAAKwyF,OAAOW,GACtBF,EAAK,GAAKjzF,KAAKwyF,OAAOU,EACxB,EAMAjB,GAAShyF,UAAUshC,KAAO,SAAS5wB,GACjC,IAAI6S,EACAiwE,EAAK,EAGT,IADAzzF,KAAKozF,OAAS,GACT5vE,EAAK,EAAGA,EAAKxjB,KAAKuyF,GAAK,IAAK/uE,EAAI,CACnC,IAAI3c,EAAO,EACX,IAAK,IAAI6sF,EAAK,EAAGA,EAAK,IAAKA,EACzB7sF,EAAQA,GAAQ,EAAgB,IAAV8J,EAAI8iF,KACpBA,GAAM9iF,EAAI/O,SACd6xF,EAAK,GAGTzzF,KAAKozF,OAAO5vE,GAAMxjB,KAAKsyF,OAAO9uE,GAAM3c,CACxC,CAGE,IADA7G,KAAK+yF,OAAS,GACTvvE,EAAK,EAAGA,EAAK,IAAKA,EAErB,IADAxjB,KAAK+yF,OAAOvvE,GAAM,GACbiwE,EAAK,EAAGA,EAAK,MAAOA,EACvBzzF,KAAK+yF,OAAOvvE,GAAIiwE,GAAMzzF,KAAKqyF,OAAO7uE,GAAIiwE,GAI1C,MAAMR,EAAO,CAAC,EAAY,GAE1B,IAAKzvE,EAAK,EAAGA,EAAKxjB,KAAKuyF,GAAK,EAAG/uE,GAAM,EACnCxjB,KAAKgzF,cAAcC,GACnBjzF,KAAKozF,OAAO5vE,EAAK,GAAKyvE,EAAK,GAC3BjzF,KAAKozF,OAAO5vE,EAAK,GAAKyvE,EAAK,GAG7B,IAAKzvE,EAAK,EAAGA,EAAK,IAAKA,EACrB,IAAKiwE,EAAK,EAAGA,EAAK,IAAKA,GAAM,EAC3BzzF,KAAKgzF,cAAcC,GACnBjzF,KAAK+yF,OAAOvvE,GAAIiwE,EAAK,GAAKR,EAAK,GAC/BjzF,KAAK+yF,OAAOvvE,GAAIiwE,EAAK,GAAKR,EAAK,EAGrC,EAYAf,GAAGlvE,QAAUkvE,GAAGjyF,UAAU+iB,QAAU,GACpCkvE,GAAGjvE,UAAYivE,GAAGjyF,UAAUgjB,UAAY,EChYjC,MAAMP,GAAgB,IAAIwzC,IAAI,CACnC,CAACzrD,EAAMoC,UAAUE,UAAWshF,IAC5B,CAAC5jF,EAAMoC,UAAUG,MAAOuiF,IACxB,CAAC9kF,EAAMoC,UAAUI,SAAU0mF,IAC3B,CAAClpF,EAAMoC,UAAUQ,QAASumF,2ECX5B,MAAMC,kBAA0B,IAAI1zE,YAAY,CAC5C,WAAY,WAAY,WAAY,UAAY,aAI9C2zE,kBAAyB,IAAI3zE,YAAY,IACxC,MAAM4zE,WAAapqB,GACtB,WAAA/pE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAKgjC,EAAiB,EAAb6wD,GAAQ,GACjB7zF,KAAKy8D,EAAiB,EAAbo3B,GAAQ,GACjB7zF,KAAKs0C,EAAiB,EAAbu/C,GAAQ,GACjB7zF,KAAK8hC,EAAiB,EAAb+xD,GAAQ,GACjB7zF,KAAKsqE,EAAiB,EAAbupB,GAAQ,EACzB,CACI,GAAA1rF,GACI,MAAM66B,EAAEA,EAACy5B,EAAEA,EAACnoB,EAAEA,EAACxS,EAAEA,EAACwoC,EAAEA,GAAMtqE,KAC1B,MAAO,CAACgjC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,EAC5B,CACI,GAAAnoE,CAAI6gC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,GACZtqE,KAAKgjC,EAAQ,EAAJA,EACThjC,KAAKy8D,EAAQ,EAAJA,EACTz8D,KAAKs0C,EAAQ,EAAJA,EACTt0C,KAAK8hC,EAAQ,EAAJA,EACT9hC,KAAKsqE,EAAQ,EAAJA,CACjB,CACI,OAAAlnE,CAAQ0jB,EAAMlO,GACV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnCk7E,GAAOhyF,GAAKglB,EAAK0B,UAAU5P,GAAQ,GACvC,IAAK,IAAI9W,EAAI,GAAIA,EAAI,GAAIA,IACrBgyF,GAAOhyF,GAAKqnE,GAAK2qB,GAAOhyF,EAAI,GAAKgyF,GAAOhyF,EAAI,GAAKgyF,GAAOhyF,EAAI,IAAMgyF,GAAOhyF,EAAI,IAAK,GAEtF,IAAIkhC,EAAEA,EAACy5B,EAAEA,EAACnoB,EAAEA,EAACxS,EAAEA,EAACwoC,EAAEA,GAAMtqE,KACxB,IAAK,IAAI8B,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,IAAIyoE,EAAGlkC,EACHvkC,EAAI,IACJyoE,EAAId,GAAIhN,EAAGnoB,EAAGxS,GACduE,EAAI,YAECvkC,EAAI,IACTyoE,EAAI9N,EAAInoB,EAAIxS,EACZuE,EAAI,YAECvkC,EAAI,IACTyoE,EAAIb,GAAIjN,EAAGnoB,EAAGxS,GACduE,EAAI,aAGJkkC,EAAI9N,EAAInoB,EAAIxS,EACZuE,EAAI,YAER,MAAMxO,EAAKsxC,GAAKnmC,EAAG,GAAKunC,EAAID,EAAIjkC,EAAIytD,GAAOhyF,GAAM,EACjDwoE,EAAIxoC,EACJA,EAAIwS,EACJA,EAAI60B,GAAK1M,EAAG,IACZA,EAAIz5B,EACJA,EAAInL,CAChB,CAEQmL,EAAKA,EAAIhjC,KAAKgjC,EAAK,EACnBy5B,EAAKA,EAAIz8D,KAAKy8D,EAAK,EACnBnoB,EAAKA,EAAIt0C,KAAKs0C,EAAK,EACnBxS,EAAKA,EAAI9hC,KAAK8hC,EAAK,EACnBwoC,EAAKA,EAAItqE,KAAKsqE,EAAK,EACnBtqE,KAAKmC,IAAI6gC,EAAGy5B,EAAGnoB,EAAGxS,EAAGwoC,EAC7B,CACI,UAAAP,GACI+pB,GAAOrsE,KAAK,EACpB,CACI,OAAAxe,GACIjJ,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,GACrBnC,KAAKsJ,OAAOme,KAAK,EACzB,EAOO,MAAM5Z,kBAAuB07D,IAAgB,IAAM,IAAIwqB,KC/ExDC,kBAAsB,IAAIvyF,WAAW,CAAC,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,IACzFwyF,kBAAqB,IAAIxyF,WAAe9B,MAAM,IAAI8nB,KAAK,GAAG9iB,KAAI,CAACsnB,EAAGnqB,IAAMA,KACxEoyF,kBAAqBD,GAAGtvF,KAAK7C,IAAO,EAAIA,EAAI,GAAK,KACvD,IAAIqyF,GAAO,CAACF,IACRG,GAAO,CAACF,IACZ,IAAK,IAAIpyF,EAAI,EAAGA,EAAI,EAAGA,IACnB,IAAK,IAAIqY,IAAK,CAACg6E,GAAMC,IACjBj6E,EAAErX,KAAKqX,EAAErY,GAAG6C,KAAK4U,GAAMy6E,GAAIz6E,MACnC,MAAM20E,kBAAyB,CAC3B,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GACtD,CAAC,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,IACxDvpF,KAAK7C,GAAM,IAAIL,WAAWK,KACtBuyF,kBAA0BF,GAAKxvF,KAAI,CAACooB,EAAKjrB,IAAMirB,EAAIpoB,KAAKwV,GAAM+zE,GAAOpsF,GAAGqY,OACxEm6E,kBAA0BF,GAAKzvF,KAAI,CAACooB,EAAKjrB,IAAMirB,EAAIpoB,KAAKwV,GAAM+zE,GAAOpsF,GAAGqY,OACxEo6E,kBAAqB,IAAIp0E,YAAY,CACvC,EAAY,WAAY,WAAY,WAAY,aAE9Cq0E,kBAAqB,IAAIr0E,YAAY,CACvC,WAAY,WAAY,WAAY,WAAY,IAGpD,SAAS8lB,GAAEwuD,EAAOj5E,EAAGof,EAAGoL,GACpB,OAAc,IAAVyuD,EACOj5E,EAAIof,EAAIoL,EACA,IAAVyuD,EACGj5E,EAAIof,GAAOpf,EAAIwqB,EACR,IAAVyuD,GACGj5E,GAAKof,GAAKoL,EACH,IAAVyuD,EACGj5E,EAAIwqB,EAAMpL,GAAKoL,EAEhBxqB,GAAKof,GAAKoL,EACzB,CAEA,MAAM0uD,kBAAwB,IAAIv0E,YAAY,IACvC,MAAMw0E,WAAkBhrB,GAC3B,WAAA/pE,GACIC,MAAM,GAAI,GAAI,GAAG,GACjBG,KAAK40F,GAAK,WACV50F,KAAK60F,IAAK,UACV70F,KAAK80F,IAAK,WACV90F,KAAK+0F,GAAK,UACV/0F,KAAKg1F,IAAK,UAClB,CACI,GAAA7sF,GACI,MAAMysF,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,EAAEC,GAAEA,GAAOh1F,KAC/B,MAAO,CAAC40F,EAAIC,EAAIC,EAAIC,EAAIC,EAChC,CACI,GAAA7yF,CAAIyyF,EAAIC,EAAIC,EAAIC,EAAIC,GAChBh1F,KAAK40F,GAAU,EAALA,EACV50F,KAAK60F,GAAU,EAALA,EACV70F,KAAK80F,GAAU,EAALA,EACV90F,KAAK+0F,GAAU,EAALA,EACV/0F,KAAKg1F,GAAU,EAALA,CAClB,CACI,OAAA5xF,CAAQ0jB,EAAMlO,GACV,IAAK,IAAI9W,EAAI,EAAGA,EAAI,GAAIA,IAAK8W,GAAU,EACnC87E,GAAM5yF,GAAKglB,EAAK0B,UAAU5P,GAAQ,GAEtC,IAAIuzD,EAAe,EAAVnsE,KAAK40F,GAAQK,EAAK9oB,EAAIzvB,EAAe,EAAV18C,KAAK60F,GAAQK,EAAKx4C,EAAIb,EAAe,EAAV77C,KAAK80F,GAAQK,EAAKt5C,EAAIgC,EAAe,EAAV79C,KAAK+0F,GAAQK,EAAKv3C,EAAIw3C,EAAe,EAAVr1F,KAAKg1F,GAAQM,EAAKD,EAGvI,IAAK,IAAIZ,EAAQ,EAAGA,EAAQ,EAAGA,IAAS,CACpC,MAAMc,EAAS,EAAId,EACbe,EAAMjB,GAAGE,GAAQgB,EAAMjB,GAAGC,GAC1BiB,EAAKvB,GAAKM,GAAQkB,EAAKvB,GAAKK,GAC5B7zC,EAAKyzC,GAAQI,GAAQmB,EAAKtB,GAAQG,GACxC,IAAK,IAAI3yF,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAM2lC,EAAM0hC,GAAKgD,EAAKlmC,GAAEwuD,EAAO/3C,EAAIb,EAAIgC,GAAM62C,GAAMgB,EAAG5zF,IAAM0zF,EAAK50C,EAAG9+C,IAAMuzF,EAAM,EAChFlpB,EAAKkpB,EAAIA,EAAKx3C,EAAIA,EAAoB,EAAfsrB,GAAKttB,EAAI,IAASA,EAAKa,EAAIA,EAAKjV,CACvE,CAEY,IAAK,IAAI3lC,EAAI,EAAGA,EAAI,GAAIA,IAAK,CACzB,MAAMq5C,EAAMguB,GAAK8rB,EAAKhvD,GAAEsvD,EAAQL,EAAIC,EAAIC,GAAMV,GAAMiB,EAAG7zF,IAAM2zF,EAAKG,EAAG9zF,IAAMwzF,EAAM,EACjFL,EAAKK,EAAIA,EAAKF,EAAIA,EAAoB,EAAfjsB,GAAKgsB,EAAI,IAASA,EAAKD,EAAIA,EAAK/5C,CACvE,CACA,CAEQn7C,KAAKmC,IAAKnC,KAAK60F,GAAKh5C,EAAKu5C,EAAM,EAAIp1F,KAAK80F,GAAKj3C,EAAKy3C,EAAM,EAAIt1F,KAAK+0F,GAAKM,EAAKJ,EAAM,EAAIj1F,KAAKg1F,GAAK7oB,EAAK+oB,EAAM,EAAIl1F,KAAK40F,GAAKl4C,EAAKy4C,EAAM,EAC3I,CACI,UAAAprB,GACI2qB,GAAMjtE,KAAK,EACnB,CACI,OAAAxe,GACIjJ,KAAK4lB,WAAY,EACjB5lB,KAAKsJ,OAAOme,KAAK,GACjBznB,KAAKmC,IAAI,EAAG,EAAG,EAAG,EAAG,EAC7B,EAMO,MCxFMyiB,GAAc,IAAIsxC,IAAIp2D,OAAOiI,QAAQ,CAChD8F,QACAK,UACAH,UACAC,UACAC,UACAE,YACAC,YACAynF,yBDgFuCtsB,IAAgB,IAAM,IAAIorB,2EE1FnE,SAASmB,GAAOx3E,EAAGxc,EAAG+V,EAAGsC,GACvBmE,EAAExc,IAAM+V,EAAEsC,GACVmE,EAAExc,EAAE,IAAM+V,EAAEsC,EAAE,IAAMmE,EAAExc,GAAK+V,EAAEsC,GAC/B,CAIA,SAAS47E,GAAOz3E,EAAG6E,GACjB7E,EAAE,IAAM6E,EACR7E,EAAE,IAAOA,EAAE,GAAK6E,CAClB,CAIA,SAASqnD,GAAG5wD,EAAGye,EAAG/Z,EAAGzG,EAAGsL,EAAGC,EAAG4yE,EAAIC,GAChCH,GAAMl8E,EAAG0E,EAAG1E,EAAG/B,GACfi+E,GAAMl8E,EAAG0E,EAAG+Z,EAAG29D,GAGf,IAAIE,EAAOt8E,EAAEwJ,GAAKxJ,EAAE0E,GAChB63E,EAAOv8E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GAC5B1E,EAAEwJ,GAAK+yE,EACPv8E,EAAEwJ,EAAI,GAAK8yE,EAEXJ,GAAMl8E,EAAGuJ,EAAGvJ,EAAGwJ,GAGf8yE,EAAOt8E,EAAE/B,GAAK+B,EAAEuJ,GAChBgzE,EAAOv8E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAMq+E,IAAS,GAAOC,GAAQ,EAChCv8E,EAAE/B,EAAI,GAAMs+E,IAAS,GAAOD,GAAQ,EAEpCJ,GAAMl8E,EAAG0E,EAAG1E,EAAG/B,GACfi+E,GAAMl8E,EAAG0E,EAAG+Z,EAAG49D,GAGfC,EAAOt8E,EAAEwJ,GAAKxJ,EAAE0E,GAChB63E,EAAOv8E,EAAEwJ,EAAI,GAAKxJ,EAAE0E,EAAI,GACxB1E,EAAEwJ,GAAM8yE,IAAS,GAAOC,GAAQ,GAChCv8E,EAAEwJ,EAAI,GAAM+yE,IAAS,GAAOD,GAAQ,GAEpCJ,GAAMl8E,EAAGuJ,EAAGvJ,EAAGwJ,GAGf8yE,EAAOt8E,EAAE/B,GAAK+B,EAAEuJ,GAChBgzE,EAAOv8E,EAAE/B,EAAI,GAAK+B,EAAEuJ,EAAI,GACxBvJ,EAAE/B,GAAMs+E,IAAS,GAAOD,GAAQ,EAChCt8E,EAAE/B,EAAI,GAAMq+E,IAAS,GAAOC,GAAQ,CACtC,CAGA,MAAMC,GAAe,IAAIj2E,YAAY,CACnC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,WACpC,WAAY,UAAY,UAAY,aAKhCk2E,GAAQ,IAAI50F,WAAW,CAC3B,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,EACnD,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EACnD,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EACnD,GAAI,EAAG,EAAG,GAAI,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAClD,GAAI,GAAI,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,EAAG,EAAG,EAAG,EAAG,GAClD,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,EAAG,GAAI,EACnD,GAAI,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,GAAI,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GACnDkD,KAAI6W,GAAS,EAAJA,KAIX,SAASyuC,GAASryB,EAAG/b,GACnB,MAAMjC,EAAI,IAAIuG,YAAY,IACpBkY,EAAI,IAAIlY,YAAYyX,EAAE/f,EAAEvO,OAAQsuB,EAAE/f,EAAExN,WAAY,IAGtD,IAAK,IAAIvI,EAAI,EAAGA,EAAI,GAAIA,IACtB8X,EAAE9X,GAAK81B,EAAErG,EAAEzvB,GACX8X,EAAE9X,EAAI,IAAMs0F,GAAat0F,GAI3B8X,EAAE,KAAOge,EAAE3J,GAAG,GACdrU,EAAE,KAAOge,EAAE3J,GAAG,GAId,MAAMqoE,EAAKz6E,EAAO,WAAa,EAC/BjC,EAAE,KAAO08E,EACT18E,EAAE,KAAO08E,EAGT,IAAK,IAAIx0F,EAAI,EAAGA,EAAI,GAAIA,IAAK,CAE3B,MAAMy0F,EAAMz0F,GAAK,EACjB0oE,GAAE5wD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAKg+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,GAAIF,GAAME,EAAM,IACnD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAE5wD,EAAGye,EAAG,EAAG,GAAI,GAAI,GAAIg+D,GAAME,EAAM,IAAKF,GAAME,EAAM,KACpD/rB,GAAE5wD,EAAGye,EAAG,EAAG,EAAG,GAAI,GAAKg+D,GAAME,EAAM,IAAKF,GAAME,EAAM,IACxD,CAEE,IAAK,IAAIz0F,EAAI,EAAGA,EAAI,GAAIA,IACtB81B,EAAErG,EAAEzvB,IAAM8X,EAAE9X,GAAK8X,EAAE9X,EAAI,GAE3B,CAKA,MAAM00F,GACJ,WAAA52F,CAAY62F,EAAQ9lF,EAAK89B,EAAMioD,GAC7B,MAAM/vE,EAAS,IAAIllB,WAAW,IAmB9BzB,KAAK43B,EAAI,CACP/f,EAAG,IAAIpW,WAAWk1F,IAClBplE,EAAG,IAAIpR,YAAYy2E,GAAe,GAClC3oE,GAAI,IAAI9N,YAAY,GACpBgD,EAAG,EACHszE,UAIF9vE,EAAO,GAAK8vE,EACR9lF,IAAKgW,EAAO,GAAKhW,EAAI/O,QACzB+kB,EAAO,GAAK,EACZA,EAAO,GAAK,EACR8nB,GAAM9nB,EAAOxkB,IAAIssC,EAAM,IACvBioD,GAAU/vE,EAAOxkB,IAAIu0F,EAAU,IACnC,MAAMG,EAAW,IAAI12E,YAAYwG,EAAOrd,OAAQqd,EAAOtc,WAAYsc,EAAO/kB,OAASue,YAAYk6B,mBAG/F,IAAK,IAAIv4C,EAAI,EAAGA,EAAI,GAAIA,IACtB9B,KAAK43B,EAAErG,EAAEzvB,GAAKs0F,GAAat0F,GAAK+0F,EAAS/0F,GAI3C,GAAI6O,EAAK,CACP,MAAMqhB,EAAQ,IAAIvwB,WAAWk1F,IAC7B3kE,EAAM7vB,IAAIwO,GACV3Q,KAAKskB,OAAO0N,EAClB,CACA,CAIE,MAAA1N,CAAO/jB,GACL,KAAMA,aAAiBkB,YAAa,MAAUF,MAAM,sCASpD,IAAIO,EAAI,EACR,KAAMA,EAAIvB,EAAMqB,QAAQ,CAClB5B,KAAK43B,EAAEzU,IAAMwzE,KACfZ,GAAM/1F,KAAK43B,EAAE3J,GAAIjuB,KAAK43B,EAAEzU,GACxB8mC,GAASjqD,KAAK43B,GAAG,GACjB53B,KAAK43B,EAAEzU,EAAI,GAEb,IAAIqH,EAAOmsE,GAAa32F,KAAK43B,EAAEzU,EAC/BnjB,KAAK43B,EAAE/f,EAAE1V,IAAI5B,EAAMyI,SAASlH,EAAGA,EAAI0oB,GAAOxqB,KAAK43B,EAAEzU,GACjD,MAAMsE,EAAOhf,KAAKsd,IAAIyE,EAAMjqB,EAAMqB,OAASE,GAC3C9B,KAAK43B,EAAEzU,GAAKsE,EACZ3lB,GAAK2lB,CACX,CACI,OAAOznB,IACX,CAOE,MAAAukB,CAAOuyE,GACLf,GAAM/1F,KAAK43B,EAAE3J,GAAIjuB,KAAK43B,EAAEzU,GAGxBnjB,KAAK43B,EAAE/f,EAAE4P,KAAK,EAAGznB,KAAK43B,EAAEzU,GACxBnjB,KAAK43B,EAAEzU,EAAIwzE,GACX1sC,GAASjqD,KAAK43B,GAAG,GAEjB,MAAM9R,EAAMgxE,GAAY,IAAIr1F,WAAWzB,KAAK43B,EAAE6+D,QAC9C,IAAK,IAAI30F,EAAI,EAAGA,EAAI9B,KAAK43B,EAAE6+D,OAAQ30F,IAEjCgkB,EAAIhkB,GAAK9B,KAAK43B,EAAErG,EAAEzvB,GAAK,IAAO,GAAS,EAAJA,GAGrC,OADA9B,KAAK43B,EAAErG,EAAI,KACJzL,EAAIxc,MACf,EAIe,SAAS+a,GAAWoyE,EAAQ9lF,EAAK89B,EAAMioD,GACpD,GAAID,EAASG,GAAc,MAAUr1F,MAAM,0BAA0Bq1F,cAAwBH,MAc7F,OAAO,IAAID,GAAQC,EAAQ9lF,EAAK89B,EAAMioD,EACxC,CAEA,MAAME,GAAe,GAIfD,GAAa,IC7PbI,GAAO,EACPC,GAAU,GACVC,GAAe,WACfC,GAAe,EACfC,GAAgB,WAChBC,GAAgB,EAChBC,GAAoB,WACpBC,GAAoB,EACpBC,GAAe,WACfC,GAAc,WACdC,GAAkB,GAElBC,GAAoB,KACpBC,GAA+B,GAE/B13E,GAAyE,MAAxD,IAAIxe,WAAW,IAAIqrB,YAAY,CAAC,QAASxjB,QAAQ,GAGxE,SAASsuF,GAAKh5E,EAAKjH,EAAG7V,GAKpB,OAJA8c,EAAI9c,EAAE,GAAK6V,EACXiH,EAAI9c,EAAE,GAAK6V,GAAM,EACjBiH,EAAI9c,EAAE,GAAK6V,GAAK,GAChBiH,EAAI9c,EAAE,GAAK6V,GAAK,GACTiH,CACT,CAQA,SAASi5E,GAAKj5E,EAAKjH,EAAG7V,GACpB,GAAI6V,EAAIyP,OAAOgU,iBAAkB,MAAU75B,MAAM,mCAIjD,IAAImG,EAAYiQ,EAChB,IAAK,IAAIiB,EAAS9W,EAAG8W,EAAS9W,EAAE,EAAG8W,IACjCgG,EAAIhG,GAAUlR,EACdA,GAAaA,EAAYkX,EAAIhG,IAAW,IAE1C,OAAOgG,CACT,CAQA,SAASk5E,GAAGrB,EAAQz0D,EAAGnX,GACrB,MAAM4mB,EAAI,IAAIhwC,WAAW,IAEnBs2F,EAAQ,IAAIt2F,WAAW,EAAIugC,EAAEpgC,QAGnC,GAFAg2F,GAAKG,EAAOtB,EAAQ,GACpBsB,EAAM51F,IAAI6/B,EAAG,GACTy0D,GAAU,GAGZ,OADAuB,GAAQvB,GAAQnyE,OAAOyzE,GAAOxzE,OAAOsG,GAC9BA,EAGT,MAAMpP,EAAIhT,KAAKyQ,KAAKu9E,EAAS,IAAM,EASnC,IAAK,IAAI30F,EAAI,EAAGA,EAAI2Z,EAAG3Z,IACrBk2F,GAAQ,IAAI1zE,OAAa,IAANxiB,EAAUi2F,EAAQtmD,GAAGltB,OAAOktB,GAE/C5mB,EAAI1oB,IAAIsvC,EAAEzoC,SAAS,EAAG,IAAO,GAAFlH,GAG7B,MAAMm2F,EAAO,IAAIx2F,WAAWu2F,GAAQvB,EAAS,GAAGh7E,GAAG6I,OAAOmtB,GAAGltB,UAG7D,OAFAsG,EAAI1oB,IAAI81F,EAAQ,GAAFx8E,GAEPoP,CACT,CAGA,SAASqtE,GAAIC,EAAav5E,EAAKw5E,EAAIC,GAMjC,OALAF,EAAYlxF,GAAGixF,IACbt5E,EAAIvU,WACJ+tF,EAAG/tF,WACHguF,EAAGhuF,YAEEuU,CACT,CAQA,SAAS4rD,GAAE2tB,EAAan2D,EAAGC,EAAG46C,GAO5B,OANAsb,EAAYlxF,GAAGujE,EACbxoC,EAAE33B,WACF43B,EAAE53B,WACFwyE,EAAExyE,WACF8tF,EAAYG,KAAKC,GAAGluF,YAEfwyE,CACT,CAEA,SAAS2b,GAAGL,EAAan2D,EAAGC,EAAG46C,GAO7B,OANAsb,EAAYlxF,GAAGuxF,GACbx2D,EAAE33B,WACF43B,EAAE53B,WACFwyE,EAAExyE,WACF8tF,EAAYG,KAAKC,GAAGluF,YAEfwyE,CACT,CAGA,SAAU4b,GAASN,EAAaO,EAAMC,EAAMh2F,EAAOi2F,EAAIC,EAAaC,EAAeC,GAGjFZ,EAAYG,KAAKU,QAAQvxE,KAAK,GAC9B,MAAMwb,EAAIk1D,EAAYG,KAAKU,QAAQhwF,SAAS,EAAG,IAC/C6uF,GAAK50D,EAAGy1D,EAAM,GACdb,GAAK50D,EAAG01D,EAAM,GACdd,GAAK50D,EAAGtgC,EAAO,IACfk1F,GAAK50D,EAAG21D,EAAI,IACZf,GAAK50D,EAAG41D,EAAa,IACrBhB,GAAK50D,EAAG8zD,GAAM,IAQd,IAAI,IAAIj1F,EAAI,EAAGA,GAAKg3F,EAAeh3F,IAAK,CAEtC+1F,GAAKM,EAAYG,KAAKU,QAASl3F,EAAGmhC,EAAErhC,QACpC,MAAMq3F,EAAKT,GAAGL,EAAaA,EAAYG,KAAKY,SAAUf,EAAYG,KAAKU,QAASb,EAAYG,KAAKa,OAKjG,IAAI,IAAI5/E,EAAU,IAANzX,EAAwB,EAAdi3F,EAAkB,EAAGx/E,EAAI0/E,EAAGr3F,OAAQ2X,GAAK,QACtD0/E,EAAGjwF,SAASuQ,EAAGA,EAAE,EAE9B,CACE,MAAO,EACT,CAmBA,MAAM6/E,GAAK,KACLC,GAAiB,GAAKD,GAEb,SAASE,GAAS3yE,GAAQ4yE,OAAEA,EAAQ7zE,SAAU8zE,IAC3D,IAAKv5E,GAAgB,MAAU1e,MAAM,kCAErC,MAAMklF,EAvBR,UAAwBxyE,KAAEA,EAAIyjC,QAAEA,EAAOzmB,UAAEA,EAAS0mB,SAAEA,EAAQlJ,KAAEA,EAAIgrD,GAAEA,EAAExlD,OAAEA,EAAMj/B,YAAEA,EAAW4iC,WAAEA,EAAU7iC,OAAEA,IACvG,MAAM2kF,EAAe,CAACzxF,EAAM1F,EAAOwjB,EAAKrd,KACtC,GAAInG,EAAQwjB,GAAOxjB,EAAQmG,EAAO,MAAUnH,MAAM,GAAG0G,4BAA+B8d,SAAWrd,UAAa,EAG9G,GAAIuL,IAAS8iF,IAAQr/C,IAAYs/C,GAAS,MAAUz1F,MAAM,+BAS1D,OARAm4F,EAAa,WAAY/hD,EAAU2/C,GAAmBD,IACtDqC,EAAa,OAAQjrD,EAAM2oD,GAAeD,IAC1CuC,EAAa,MAAOzoE,EAAWimE,GAAcD,IAC7CyC,EAAa,SAAU9hD,EAAY,EAAE5iC,EAAauiF,IAElDkC,GAAMC,EAAa,kBAAmBD,EAAI,EAAGjC,IAC7CvjD,GAAUylD,EAAa,SAAUzlD,EAAQ,EAAGwjD,IAErC,CAAExjF,OAAMyjC,UAASzmB,YAAW0mB,WAAUlJ,OAAMgrD,KAAIxlD,SAAQ0lD,MAAO3kF,EAAa4iC,aAAY7iC,SACjG,CAQc0hC,CAAe,CAAExiC,KAAM8iF,GAAMr/C,QAASs/C,MAAYrwE,KAEtD6jD,EAAEovB,EAAOpB,GAAGqB,EAAQ/hE,IAAIgiE,EAASC,MAAMC,GAAWR,EAAaS,QACjEC,EAAW,CAAE,EACbC,EAAS,CAAE,EACjBA,EAAO3vB,EAAIovB,EACXO,EAAO3B,GAAKqB,EACZM,EAAOjC,IAAM4B,EAGb,MAAMlB,EAAK,EAAInS,EAAIkT,MAAQlxF,KAAK0P,MAAMsuE,EAAI7uC,YAAc,EAAI6uC,EAAIkT,QAC1DS,EAAiBxB,EAAKlB,GAAoB,GAAK0B,GACrD,GAAIG,EAAOjwF,OAAOgB,WAAa8vF,EAAgB,CAC7C,MAAMzmE,EAAUlrB,KAAKyQ,MAAMkhF,EAAiBb,EAAOjwF,OAAOgB,YAAc+uF,IAGxEE,EAAOc,KAAK1mE,EAChB,CAEE,IAAI/a,EAAS,EAEbshF,EAAS3B,GAAK,IAAI92F,WAAW83F,EAAOjwF,OAAQsP,EAAQ8+E,IAAoB9+E,GAASshF,EAAS3B,GAAG32F,OAC7Fs4F,EAASf,MAAQ,IAAI13F,WAAW83F,EAAOjwF,OAAQsP,EAAQ8+E,IAAoB9+E,GAAQshF,EAASf,MAAMv3F,OAClGs4F,EAASlB,QAAU,IAAIv3F,WAAW83F,EAAOjwF,OAAQsP,EAAQ8+E,IAAoB9+E,GAAQshF,EAASlB,QAAQp3F,OACtGs4F,EAAShB,SAAW,IAAIz3F,WAAW83F,EAAOjwF,OAAQsP,EAAQ,MAAOA,GAAQshF,EAAShB,SAASt3F,OAE3F,MAAM04F,EAAK,IAAIn6E,YAAYo5E,EAAOjwF,OAAQsP,EAAQ,GAAIA,GAAQ0hF,EAAG14F,OAASue,YAAYk6B,kBACtF,MAAM89C,EAAc,CAAElxF,GAAIkzF,EAAQ7B,KAAM4B,GAClCK,EAAW,IAAI94F,WAAW83F,EAAOjwF,OAAQsP,EAAQ8+E,IAAoB9+E,GAAQ2hF,EAAS34F,OAC5F,MAAM44F,EAAc,IAAI/4F,WAAW83F,EAAOjwF,OAAQsP,EAAQ6tE,EAAI7uC,WAAa8/C,IACrE+C,EAAkB,IAAIh5F,WAAW83F,EAAOjwF,OAAQ,EAAGsP,GAGnD8hF,EA4ER,SAAejU,GACb,MAAMhc,EAAIutB,GAAQL,IACZgD,EAAS,IAAIl5F,WAAW,GACxBklB,EAAS,IAAIllB,WAAW,IAC9Bm2F,GAAKjxE,EAAQ8/D,EAAIkT,MAAO,GACxB/B,GAAKjxE,EAAQ8/D,EAAIx1D,UAAW,GAC5B2mE,GAAKjxE,EAAQ8/D,EAAI7uC,WAAY,GAC7BggD,GAAKjxE,EAAQ8/D,EAAI1xE,OAAQ,IACzB6iF,GAAKjxE,EAAQ8/D,EAAI/uC,QAAS,IAC1BkgD,GAAKjxE,EAAQ8/D,EAAIxyE,KAAM,IAEvB,MAAMikC,EAAS,CAACvxB,GACZ8/D,EAAI9uC,UACNO,EAAOp1C,KAAK80F,GAAK,IAAIn2F,WAAW,GAAIglF,EAAI9uC,SAAS/1C,OAAQ,IACzDs2C,EAAOp1C,KAAK2jF,EAAI9uC,WAEhBO,EAAOp1C,KAAK63F,GAGVlU,EAAIh4C,MACNyJ,EAAOp1C,KAAK80F,GAAK,IAAIn2F,WAAW,GAAIglF,EAAIh4C,KAAK7sC,OAAQ,IACrDs2C,EAAOp1C,KAAK2jF,EAAIh4C,OAEhByJ,EAAOp1C,KAAK63F,GAGVlU,EAAIxyC,QACNiE,EAAOp1C,KAAK80F,GAAK,IAAIn2F,WAAW,GAAIglF,EAAIxyC,OAAOryC,OAAQ,IACvDs2C,EAAOp1C,KAAK2jF,EAAIxyC,SAGhBiE,EAAOp1C,KAAK63F,GAGVlU,EAAIgT,IACNvhD,EAAOp1C,KAAK80F,GAAK,IAAIn2F,WAAW,GAAIglF,EAAIgT,GAAG73F,OAAQ,IACnDs2C,EAAOp1C,KAAK2jF,EAAIgT,KAEhBvhD,EAAOp1C,KAAK63F,GAEdlwB,EAAEnmD,OAMJ,SAAsB3iB,GACpB,GAAsB,IAAlBA,EAAOC,OAAc,OAAOD,EAAO,GAEvC,IAAIE,EAAc,EAClB,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAOC,OAAQE,IAAK,CACpC,KAAMH,EAAOG,aAAcL,YACvB,MAAUF,MAAM,0DAGpBM,GAAeF,EAAOG,GAAGF,MAC/B,CAEE,MAAMG,EAAS,IAAIN,WAAWI,GAC9B,IAAIG,EAAM,EAMV,OALAL,EAAOM,SAASC,IACZH,EAAOI,IAAID,EAASF,GACpBA,GAAOE,EAAQN,MAAM,IAGlBG,CACT,CA1BW64F,CAAa1iD,IAEtB,MAAM2iD,EAAepwB,EAAElmD,SACvB,OAAO,IAAI9iB,WAAWo5F,EACxB,CAxHaC,CAAMrU,GAIX9iE,EAAIi1E,EAAKnS,EAAIkT,MACbl9B,EAAQ98D,MAAM8mF,EAAIkT,OAAOlyE,KAAK,MAAM9iB,KAAI,IAAUhF,MAAMgkB,KACxDo3E,EAAY,CAACj5F,EAAGqY,KACpBsiD,EAAE36D,GAAGqY,GAAKqgF,EAAYxxF,SAASlH,EAAE6hB,EAAE,KAAS,KAAFxJ,EAASrY,EAAE6hB,EAAE,KAAS,KAAFxJ,EAAUu9E,IACjEj7B,EAAE36D,GAAGqY,IAGd,IAAK,IAAIrY,EAAI,EAAGA,EAAI2kF,EAAIkT,MAAO73F,IAAK,CAElC,MAAM0pB,EAAM,IAAI/pB,WAAWi5F,EAAG94F,OAAS,GAGvC4pB,EAAIrpB,IAAIu4F,GAAK9C,GAAKpsE,EAAK,EAAGkvE,EAAG94F,QAASg2F,GAAKpsE,EAAK1pB,EAAG44F,EAAG94F,OAAS,GAC/Dk2F,GAAGJ,GAAmBlsE,EAAKuvE,EAAUj5F,EAAG,IAGxC81F,GAAKpsE,EAAK,EAAGkvE,EAAG94F,QAChBk2F,GAAGJ,GAAmBlsE,EAAKuvE,EAAUj5F,EAAG,GAC5C,CAKE,MACMg3F,EAAgBn1E,EADX,EAEX,IAAK,IAAI+0E,EAAO,EAAGA,EAAOjS,EAAI1xE,OAAQ2jF,IAEpC,IAAK,IAAI93C,EAAK,EAAGA,EAJR,EAIiBA,IAAM,CAC9B,MAAMo6C,EAA6B,IAATtC,GAAc93C,GAAM,EAC9C,IAAK,IAAI9+C,EAAI,EAAGA,EAAI2kF,EAAIkT,MAAO73F,IAAK,CAElC,IAAIi3F,EAAuB,IAAPn4C,GAAqB,IAAT83C,EAAa,EAAI,EAEjD,MAAMuC,EAAOD,EAAoBvC,GAASN,EAAaO,EAAM52F,EAAG8+C,EAAIg4C,EAAInS,EAAI1xE,OAAQ+jF,EAAeC,GAAiB,KACpH,KAAoBA,EAAgBD,EAAeC,IAAiB,CAClE,MAAM5+E,EAAIymC,EAAKk4C,EAAgBC,EACzB9lE,EAAY9Y,EAAI,EAAIsiD,EAAE36D,GAAGqY,EAAE,GAAKsiD,EAAE36D,GAAG6hB,EAAE,GAGvCu3E,EAAOF,EAAoBC,EAAKE,OAAO54F,MAAQ0wB,EAErD+mE,EAAOM,EAAGjwF,WAAY6wF,EAAK7wF,WAAYvI,EAAG2kF,EAAIkT,MAAOjB,EAAM93C,EAAIm4C,EAlB5D,EAkB+ED,GAClF,MAAM12D,EAAIk4D,EAAG,GAAUt0D,EAAIs0D,EAAG,GAIjB,IAAT5B,GAAYqC,EAAUj5F,EAAGqY,GAC7BqwD,GAAE2tB,EAAallE,EAAWwpC,EAAEr6B,GAAG4D,GAAI0yD,EAAO,EAAI6B,EAAW99B,EAAE36D,GAAGqY,IAG1Du+E,EAAO,GAAGR,GAAIC,EAAa17B,EAAE36D,GAAGqY,GAAIogF,EAAU99B,EAAE36D,GAAGqY,GACjE,CACA,CACA,CAKE,MAAMm6B,EAAImoB,EAAE,GAAG94C,EAAE,GACjB,IAAI,IAAI7hB,EAAI,EAAGA,EAAI2kF,EAAIkT,MAAO73F,IAC5Bo2F,GAAIC,EAAa7jD,EAAGA,EAAGmoB,EAAE36D,GAAG6hB,EAAE,IAGhC,MAAM5F,EAAM+5E,GAAGrR,EAAIx1D,UAAWqjB,EAAG,IAAI7yC,WAAWglF,EAAIx1D,YAKpD,OAHAwpE,EAAgBhzE,KAAK,GACrB8xE,EAAOc,KAAK,GAELt8E,CAET,CC3RA,IAAIq9E,GAiBW94F,eAAe+4F,GAAUC,EAASC,GAC/C,MAAMhC,EAAS,IAAIiC,YAAYC,OAAO,CAGpCC,QAAS,KACTC,QAAS,QAELC,QAvBRt5F,eAA0Bi3F,EAAQ+B,EAASC,GACzC,MAAMM,EAAe,CAAEjlF,IAAK,CAAE2iF,WAC9B,QAAwBn3F,IAApBg5F,GACF,IACE,MAAMU,QAAeR,EAAQO,GAE7B,OADAT,IAAkB,EACXU,CACR,CAAC,MAAM53F,GACNk3F,IAAkB,CACxB,CAIE,OADeA,GAAkBE,EAAUC,GAC7BM,EAChB,CAS2BE,CAAWxC,EAAQ+B,EAASC,GAkBrD,OAFqB50E,GAAW2yE,GAAS3yE,EAAQ,CAAEjB,SAAUk2E,EAAWl2E,SAAU6zE,UAGpF,oSCzCiBj3F,SAAY+4F,IAC1BW,6wLAA4BA,KAC5BA,yyJAA+BA,OCuB9BC,GAAU,CAAC,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,KAG3DC,GAAY,SAASl7F,GACvBhB,KAAKgB,OAASA,EACdhB,KAAKm8F,UAAY,EACjBn8F,KAAKo8F,QAAU,EACfp8F,KAAKq8F,SAAU,CACjB,EAEAH,GAAUj8F,UAAUq8F,YAAc,WAC3Bt8F,KAAKq8F,UACRr8F,KAAKo8F,QAAUp8F,KAAKgB,OAAO4I,WAC3B5J,KAAKq8F,SAAU,EAEnB,EAGAH,GAAUj8F,UAAUoC,KAAO,SAAS2Z,GAElC,IADA,IAAIja,EAAS,EACNia,EAAO,GAAG,CACfhc,KAAKs8F,cACL,IAAIvsE,EAAY,EAAI/vB,KAAKm8F,UAEzB,GAAIngF,GAAQ+T,EACVhuB,IAAWguB,EACXhuB,GAAUk6F,GAAQlsE,GAAa/vB,KAAKo8F,QACpCp8F,KAAKq8F,SAAU,EACfr8F,KAAKm8F,UAAY,EACjBngF,GAAQ+T,MACH,CACLhuB,IAAWia,EACX,IAAI7S,EAAQ4mB,EAAY/T,EACxBja,IAAW/B,KAAKo8F,QAAWH,GAAQjgF,IAAS7S,IAAWA,EACvDnJ,KAAKm8F,WAAangF,EAClBA,EAAO,CACb,CACA,CACE,OAAOja,CACT,EAGAm6F,GAAUj8F,UAAUs8F,KAAO,SAASv6F,GAClC,IAAIw6F,EAAQx6F,EAAM,EACdy6F,GAAUz6F,EAAMw6F,GAAS,EAC7Bx8F,KAAKm8F,UAAYK,EACjBx8F,KAAKgB,OAAOu7F,KAAKE,GACjBz8F,KAAKq8F,SAAU,CACjB,EAGAH,GAAUj8F,UAAUy8F,GAAK,WACvB,IAA6B56F,EAAzB8c,EAAM,IAAInd,WAAW,GACzB,IAAKK,EAAI,EAAGA,EAAI8c,EAAIhd,OAAQE,IAC1B8c,EAAI9c,GAAK9B,KAAKqC,KAAK,GAErB,OAGF,SAAkBuc,GAChB,OAAOjf,MAAMM,UAAU0E,IAAI5D,KAAK6d,GAAKpD,IAAM,KAAOA,EAAEgF,SAAS,KAAK7d,OAAO,KAAID,KAAK,GACpF,CALSi6F,CAAS/9E,EAClB,EAMA,IAAAg+E,GAAiBV,GC3FbW,GAAS,WACb,EAIAA,GAAO58F,UAAU2J,SAAW,WAC1B,MAAUrI,MAAM,6CAClB,EAGAs7F,GAAO58F,UAAUoC,KAAO,SAASiH,EAAQwzF,EAAWl7F,GAElD,IADA,IAAI4G,EAAY,EACTA,EAAY5G,GAAQ,CACzB,IAAIuhB,EAAInjB,KAAK4J,WACb,GAAIuZ,EAAI,EACN,OAAoB,IAAZ3a,GAAkB,EAAIA,EAEhCc,EAAOwzF,KAAe35E,EACtB3a,GACJ,CACE,OAAOA,CACT,EACAq0F,GAAO58F,UAAUs8F,KAAO,SAASQ,GAC/B,MAAUx7F,MAAM,yCAClB,EAGAs7F,GAAO58F,UAAU+8F,UAAY,SAASC,GACpC,MAAU17F,MAAM,6CAClB,EACAs7F,GAAO58F,UAAU8C,MAAQ,SAASuG,EAAQwzF,EAAWl7F,GACnD,IAAIE,EACJ,IAAKA,EAAE,EAAGA,EAAEF,EAAQE,IAClB9B,KAAKg9F,UAAU1zF,EAAOwzF,MAExB,OAAOl7F,CACT,EACAi7F,GAAO58F,UAAU+G,MAAQ,WACzB,EAEA,ICNMk2F,GDMNl8F,GAAiB67F,GCXjBM,IAKMD,GAAc,IAAI/8E,YAAY,CAChC,EAAY,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,UAAY,UAAY,UAAY,UAAY,SAAY,SAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,WAAY,UACpF,SAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,UAAY,UAAY,UAAY,UAAY,SAAY,UAAY,UAAY,UACpF,UAAY,UAAY,WAAY,UAAY,UAAY,UAAY,UAAY,UACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,aAG1E,WAIV,IAAIJ,EAAM,WAKV/f,KAAKo9F,OAAS,WACZ,OAASr9E,IAAS,CACnB,EAMD/f,KAAKq9F,UAAY,SAAS96F,GACxBwd,EAAOA,GAAO,EAAKm9E,GAAqC,KAAvBn9E,IAAQ,GAAMxd,GAChD,EAODvC,KAAKs9F,aAAe,SAAS/6F,EAAOw6B,GAClC,KAAOA,KAAU,GACfhd,EAAOA,GAAO,EAAKm9E,GAAqC,KAAvBn9E,IAAQ,GAAMxd,GAElD,CACF,GCrEC25F,GAAYqB,GACZV,GAASW,GACTC,GAAQC,GAaRC,GAAM,SAAS5hF,EAAOmB,GACxB,IAAwBpb,EAApB4sB,EAAM3S,EAAMmB,GAChB,IAAKpb,EAAIob,EAAOpb,EAAI,EAAGA,IACrBia,EAAMja,GAAKia,EAAMja,EAAE,GAGrB,OADAia,EAAM,GAAK2S,EACJA,CACT,EAEIomD,GAAM,CACR8oB,GAAI,EACJC,YAAa,EACbC,eAAgB,EAChBC,sBAAuB,EACvBC,uBAAwB,EACxBC,YAAa,EACbC,eAAgB,EAChBC,gBAAiB,EACjBC,cAAe,GAEbC,GAAgB,CAAE,EACtBA,GAAcvpB,GAAI+oB,YAAyB,oBAC3CQ,GAAcvpB,GAAIgpB,eAAyB,gBAC3CO,GAAcvpB,GAAIipB,sBAAyB,uBAC3CM,GAAcvpB,GAAIkpB,uBAAyB,wBAC3CK,GAAcvpB,GAAImpB,YAAyB,aAC3CI,GAAcvpB,GAAIopB,eAAyB,gBAC3CG,GAAcvpB,GAAIqpB,gBAAkB,kDAEpC,IAAIG,GAAS,SAASC,EAAQC,GAC5B,IAAIjzE,EAAM8yE,GAAcE,IAAW,gBAC/BC,IAAajzE,GAAO,KAAKizE,GAC7B,IAAIt6F,EAAI,IAAIkmC,UAAU7e,GAEtB,MADArnB,EAAEu6F,UAAYF,EACRr6F,CACR,EAEIw6F,GAAS,SAASC,EAAaC,GACjC5+F,KAAK6+F,SAAW7+F,KAAK8+F,aAAe9+F,KAAK++F,WAAa,EAEtD/+F,KAAKg/F,cAAcL,EAAaC,EAClC,EACAF,GAAOz+F,UAAUg/F,YAAc,WAE7B,OADiBj/F,KAAKk/F,mBAKtBl/F,KAAKm/F,SAAW,IAAI1B,IACb,IAJLz9F,KAAK++F,YAAc,GACZ,EAIX,EAEAL,GAAOz+F,UAAU++F,cAAgB,SAASL,EAAaC,GAErD,IAAIhgF,EAAM,IAAInd,WAAW,GACW,IAAhCk9F,EAAYt8F,KAAKuc,EAAK,EAAG,IACuB,QAAhD5H,OAAOoD,aAAawE,EAAI,GAAIA,EAAI,GAAIA,EAAI,KAC1C0/E,GAAOxpB,GAAIgpB,cAAe,aAE5B,IAAIz9C,EAAQzhC,EAAI,GAAK,IACjByhC,EAAQ,GAAKA,EAAQ,IACvBi+C,GAAOxpB,GAAIgpB,cAAe,sBAE5B99F,KAAK0D,OAAS,IAAIw4F,GAAUyC,GAI5B3+F,KAAKo/F,SAAW,IAAS/+C,EACzBrgD,KAAKq/F,WAAa,EAClBr/F,KAAK4+F,aAAeA,EACpB5+F,KAAKs/F,UAAY,CACnB,EACAZ,GAAOz+F,UAAUi/F,gBAAkB,WACjC,IAAIp9F,EAAGqY,EAAGZ,EACN7V,EAAS1D,KAAK0D,OAId6tB,EAAI7tB,EAAOg5F,KACf,GAjFW,iBAiFPnrE,EACF,OAAO,EAnFG,iBAqFRA,GACF+sE,GAAOxpB,GAAIgpB,eACb99F,KAAKu/F,eAAiB77F,EAAOrB,KAAK,MAAQ,EAC1CrC,KAAKs/F,WAAat/F,KAAKu/F,gBACHv/F,KAAKs/F,WAAa,EAAMt/F,KAAKs/F,YAAY,OAAU,EAInE57F,EAAOrB,KAAK,IACdi8F,GAAOxpB,GAAIqpB,gBACb,IAAIqB,EAAc97F,EAAOrB,KAAK,IAC1Bm9F,EAAcx/F,KAAKo/F,UACrBd,GAAOxpB,GAAImpB,WAAY,kCAMzB,IAAIviF,EAAIhY,EAAOrB,KAAK,IAChBo9F,EAAY,IAAIh+F,WAAW,KAAMi+F,EAAW,EAChD,IAAK59F,EAAI,EAAGA,EAAI,GAAIA,IAClB,GAAI4Z,EAAK,GAAM,GAAM5Z,EAAK,CACxB,IAAI8tB,EAAQ,GAAJ9tB,EAER,IADAyX,EAAI7V,EAAOrB,KAAK,IACX8X,EAAI,EAAGA,EAAI,GAAIA,IACdZ,EAAK,GAAM,GAAMY,IACnBslF,EAAUC,KAAc9vE,EAAIzV,EACtC,CAIE,IAAIwlF,EAAaj8F,EAAOrB,KAAK,IACzBs9F,EAzHW,GAyHgBA,EAxHhB,IAyHbrB,GAAOxpB,GAAImpB,YAKb,IAAI2B,EAAal8F,EAAOrB,KAAK,IACV,IAAfu9F,GACFtB,GAAOxpB,GAAImpB,YAEb,IAAI4B,EAAY,IAAIp+F,WAAW,KAC/B,IAAKK,EAAI,EAAGA,EAAI69F,EAAY79F,IAC1B+9F,EAAU/9F,GAAKA,EAEjB,IAAIg+F,EAAY,IAAIr+F,WAAWm+F,GAE/B,IAAK99F,EAAI,EAAGA,EAAI89F,EAAY99F,IAAK,CAE/B,IAAKqY,EAAI,EAAGzW,EAAOrB,KAAK,GAAI8X,IACtBA,GAAKwlF,GAAYrB,GAAOxpB,GAAImpB,YAElC6B,EAAUh+F,GAAK67F,GAAIkC,EAAW1lF,EAClC,CAIE,IACiB4lF,EADbC,EAAWN,EAAW,EACtBpsC,EAAS,GACb,IAAKn5C,EAAI,EAAGA,EAAIwlF,EAAYxlF,IAAK,CAC/B,IAqBIsjE,EAASwiB,EArBTr+F,EAAS,IAAIH,WAAWu+F,GAAWxT,EAAO,IAAI1/D,YAAYozE,IAK9D,IADAxkF,EAAIhY,EAAOrB,KAAK,GACXP,EAAI,EAAGA,EAAIk+F,EAAUl+F,IAAK,CAC7B,MACM4Z,EAAI,GAAKA,EAjKE,KAiKoB4iF,GAAOxpB,GAAImpB,YAG1Cv6F,EAAOrB,KAAK,IAEZqB,EAAOrB,KAAK,GAGdqZ,IAFAA,IAIJ9Z,EAAOE,GAAK4Z,CAClB,CAKI,IADA+hE,EAASwiB,EAASr+F,EAAO,GACpBE,EAAI,EAAGA,EAAIk+F,EAAUl+F,IACpBF,EAAOE,GAAKm+F,EACdA,EAASr+F,EAAOE,GACTF,EAAOE,GAAK27E,IACnBA,EAAS77E,EAAOE,IAapBi+F,EAAW,CAAE,EACbzsC,EAAOxwD,KAAKi9F,GACZA,EAASI,QAAU,IAAIrzE,YAnMT,KAoMdizE,EAASK,MAAQ,IAAIjgF,YAAY+/E,IACjCH,EAAS/sB,KAAO,IAAI7yD,YAAY+/E,IAChCH,EAAStiB,OAASA,EAClBsiB,EAASE,OAASA,EAElB,IAAII,EAAK,EACT,IAAKv+F,EAAI27E,EAAQ37E,GAAKm+F,EAAQn+F,IAE5B,IADA0qF,EAAK1qF,GAAKi+F,EAASK,MAAMt+F,GAAK,EACzB4Z,EAAI,EAAGA,EAAIskF,EAAUtkF,IACpB9Z,EAAO8Z,KAAO5Z,IAChBi+F,EAASI,QAAQE,KAAQ3kF,GAG/B,IAAK5Z,EAAI,EAAGA,EAAIk+F,EAAUl+F,IACxB0qF,EAAK5qF,EAAOE,MAMd,IADAu+F,EAAK3kF,EAAI,EACJ5Z,EAAI27E,EAAQ37E,EAAIm+F,EAAQn+F,IAC3Bu+F,GAAM7T,EAAK1qF,GAOXi+F,EAASK,MAAMt+F,GAAKu+F,EAAK,EACzBA,IAAO,EACP3kF,GAAK8wE,EAAK1qF,GACVi+F,EAAS/sB,KAAKlxE,EAAI,GAAKu+F,EAAK3kF,EAE9BqkF,EAASK,MAAMH,EAAS,GAAK74E,OAAOk5E,UACpCP,EAASK,MAAMH,GAAUI,EAAK7T,EAAKyT,GAAU,EAC7CF,EAAS/sB,KAAKyK,GAAU,CAC5B,CAME,IAAI8iB,EAAY,IAAIpgF,YAAY,KAChC,IAAKre,EAAI,EAAGA,EAAI,IAAKA,IACnB+9F,EAAU/9F,GAAKA,EAEjB,IAA6C0+F,EAAzCC,EAAS,EAAGC,EAAY,EAAGC,EAAW,EACtCC,EAAO5gG,KAAK4gG,KAAO,IAAIzgF,YAAYngB,KAAKo/F,UAE5C,IADAY,EAAW,IACF,CAUP,IARMA,MACJA,EAAWa,GACPF,GAAYf,GAActB,GAAOxpB,GAAImpB,YACzC8B,EAAWzsC,EAAOwsC,EAAUa,OAG9B7+F,EAAIi+F,EAAStiB,OACbtjE,EAAIzW,EAAOrB,KAAKP,GAEVA,EAAIi+F,EAASE,QAAU3B,GAAOxpB,GAAImpB,cAClC9jF,GAAK4lF,EAASK,MAAMt+F,IAFnBA,IAILqY,EAAKA,GAAK,EAAKzW,EAAOrB,KAAK,KAG7B8X,GAAK4lF,EAAS/sB,KAAKlxE,IACX,GAAKqY,GAvQC,MAuQmBmkF,GAAOxpB,GAAImpB,YAC5C,IAAI6C,EAAUf,EAASI,QAAQhmF,GAK/B,GA5Qc,IA4QV2mF,GA3QU,IA2QiBA,EAA/B,CAwBA,GAAIL,EAKF,IAJAA,EAAS,EACLC,EAAYhlF,EAAI1b,KAAKo/F,UAAYd,GAAOxpB,GAAImpB,YAEhDsC,EADAC,EAAKf,EAAUI,EAAU,MACRnkF,EACVA,KACLklF,EAAKF,KAAeF,EAGxB,GAAIM,EAAUpB,EACZ,MAQEgB,GAAa1gG,KAAKo/F,UAAYd,GAAOxpB,GAAImpB,YAK7CsC,EAFAC,EAAKf,EADLe,EAAK7C,GAAIkC,EADT/9F,EAAIg/F,EAAU,OAKdF,EAAKF,KAAeF,CA7BxB,MAjBWC,IACHA,EAAS,EACT/kF,EAAI,GAUJA,GA1RU,IAyRRolF,EACGL,EAEA,EAAIA,EACXA,IAAW,CAgCjB,CAUE,KAHIjB,EAAc,GAAKA,GAAekB,IAAapC,GAAOxpB,GAAImpB,YAE9D9jF,EAAI,EACCrY,EAAI,EAAGA,EAAI,IAAKA,IACnByX,EAAIY,EAAIomF,EAAUz+F,GAClBy+F,EAAUz+F,GAAKqY,EACfA,EAAIZ,EAGN,IAAKzX,EAAI,EAAGA,EAAI4+F,EAAW5+F,IAEzB8+F,EAAKL,EADLC,EAAe,IAAVI,EAAK9+F,MACcA,GAAK,EAC7By+F,EAAUC,KAKZ,IAAIx+F,EAAM,EAAG++F,EAAU,EAAGC,EAAM,EAYhC,OAXIN,IAEFK,EAAiB,KADjB/+F,EAAM4+F,EAAKpB,IAEXx9F,IAAQ,EACRg/F,GAAO,GAEThhG,KAAK6+F,SAAW78F,EAChBhC,KAAK8+F,aAAeiC,EACpB/gG,KAAK++F,WAAa2B,EAClB1gG,KAAKihG,SAAWD,GAET,CACT,EAOAtC,GAAOz+F,UAAUihG,aAAe,SAASrG,EAAcxtE,GACnD,IAAI8zE,EAAQC,EAAUC,EAKxB,GAAIrhG,KAAK++F,WAAa,EAAK,OAAO,EAGlC,IAAI6B,EAAO5gG,KAAK4gG,KAAM5+F,EAAMhC,KAAK6+F,SAAUkC,EAAU/gG,KAAK8+F,aACtD4B,EAAY1gG,KAAK++F,WAAyB/+F,KAAKshG,WAGnD,IAFA,IAAIN,EAAMhhG,KAAKihG,SAERP,GAAW,CAehB,IAdAA,IACAU,EAAWL,EAEXA,EAAgB,KADhB/+F,EAAM4+F,EAAK5+F,IAEXA,IAAQ,EACM,GAAVg/F,KACFG,EAASJ,EACTM,EAAUD,EACVL,GAAW,IAEXI,EAAS,EACTE,EAAUN,GAEZ/gG,KAAKm/F,SAAS7B,aAAa+D,EAASF,GAC7BA,KACLnhG,KAAK4+F,aAAa5B,UAAUqE,GAC5BrhG,KAAKq/F,aAEH0B,GAAWK,IACbJ,EAAM,EACZ,CAQE,OAPAhhG,KAAK++F,WAAa2B,EAEd1gG,KAAKm/F,SAAS/B,WAAap9F,KAAKu/F,gBAClCjB,GAAOxpB,GAAImpB,WAAY,sBACRj+F,KAAKm/F,SAAS/B,SAAS58E,SAAS,IACxC,aAAaxgB,KAAKu/F,eAAe/+E,SAAS,IAAI,KAEhDxgB,KAAKq/F,UACd,EAEA,IAAIkC,GAAoB,SAAShhG,GAC/B,GAAI,aAAcA,EAAS,OAAOA,EAClC,IAAIo+F,EAAc,IAAI9B,GAKtB,OAJA8B,EAAY38F,IAAM,EAClB28F,EAAY/0F,SAAW,WAAa,OAAOrJ,EAAMP,KAAKgC,MAAS,EAC/D28F,EAAYpC,KAAO,SAASv6F,GAAOhC,KAAKgC,IAAMA,CAAM,EACpD28F,EAAY6C,IAAM,WAAa,OAAOxhG,KAAKgC,KAAOzB,EAAMqB,MAAS,EAC1D+8F,CACT,EACI8C,GAAqB,SAAS76F,GAChC,IAAIg4F,EAAe,IAAI/B,GACnB6E,GAAW,EACf,GAAI96F,EACF,GAAqB,iBAAV,EACTg4F,EAAat1F,OAAS,IAAI7H,WAAWmF,GACrC86F,GAAW,MACN,IAAI,cAAe96F,EACxB,OAAOA,EAEPg4F,EAAat1F,OAAS1C,EACtB86F,GAAW,CACjB,MAEI9C,EAAat1F,OAAS,IAAI7H,WAAW,OAuBvC,OArBAm9F,EAAa58F,IAAM,EACnB48F,EAAa5B,UAAY,SAASC,GAChC,GAAIyE,GAAY1hG,KAAKgC,KAAOhC,KAAKsJ,OAAO1H,OAAQ,CAC9C,IAAI+/F,EAAY,IAAIlgG,WAA8B,EAAnBzB,KAAKsJ,OAAO1H,QAC3C+/F,EAAUx/F,IAAInC,KAAKsJ,QACnBtJ,KAAKsJ,OAASq4F,CACpB,CACI3hG,KAAKsJ,OAAOtJ,KAAKgC,OAASi7F,CAC3B,EACD2B,EAAagD,UAAY,WAEvB,GAAI5hG,KAAKgC,MAAQhC,KAAKsJ,OAAO1H,OAAQ,CACnC,IAAK8/F,EACH,MAAM,IAAIt3D,UAAU,2CACtB,IAAIu3D,EAAY,IAAIlgG,WAAWzB,KAAKgC,KACpC2/F,EAAUx/F,IAAInC,KAAKsJ,OAAON,SAAS,EAAGhJ,KAAKgC,MAC3ChC,KAAKsJ,OAASq4F,CACpB,CACI,OAAO3hG,KAAKsJ,MACb,EACDs1F,EAAaiD,UAAW,EACjBjD,CACT,EAqGA,IAAAkD,GAAiB,CACfpD,UACA7B,UACA/nB,OACAh6D,OApGa,SAASva,EAAOqG,EAAQm7F,GAMrC,IAJA,IAAIpD,EAAc4C,GAAkBhhG,GAChCq+F,EAAe6C,GAAmB76F,GAElCo7F,EAAK,IAAItD,GAAOC,EAAaC,KAE3B,QAASD,KAAeA,EAAY6C,OACxC,GAAIQ,EAAG/C,cACL+C,EAAGd,mBACE,CACL,IAAIe,EAAkBD,EAAGt+F,OAAOrB,KAAK,MAAQ,EAM7C,GALI4/F,IAAoBD,EAAG1C,WACzBhB,GAAOxpB,GAAImpB,WAAY,uBACR+D,EAAG1C,UAAU9+E,SAAS,IAC9B,aAAayhF,EAAgBzhF,SAAS,IAAI,MAE/CuhF,KACA,QAASpD,IACRA,EAAY6C,MAGV,MADLQ,EAAGhD,cAAcL,EAAaC,EAEtC,CAEE,GAAI,cAAeA,EACjB,OAAOA,EAAagD,WACxB,EA0EEM,YAzEkB,SAAS3hG,EAAOyB,EAAK4E,GAEvC,IAAI+3F,EAAc4C,GAAkBhhG,GAChCq+F,EAAe6C,GAAmB76F,GAClCo7F,EAAK,IAAItD,GAAOC,EAAaC,GAejC,GAdAoD,EAAGt+F,OAAO64F,KAAKv6F,GAEEggG,EAAG9C,oBAGlB8C,EAAG7C,SAAW,IAAI1B,GAGlBuE,EAAGG,YAAc,EAGjBH,EAAGd,gBAGD,cAAetC,EACjB,OAAOA,EAAagD,WACxB,EAqDEQ,MAhDY,SAAS7hG,EAAO0rC,EAAU81D,GAEtC,IAAIpD,EAAc,IAAI9B,GACtB8B,EAAY0D,SAAWd,GAAkBhhG,GACzCo+F,EAAY38F,IAAM,EAClB28F,EAAY/0F,SAAW,WAErB,OADA5J,KAAKgC,MACEhC,KAAKqiG,SAASz4F,UACtB,EACG+0F,EAAY0D,SAASb,MACvB7C,EAAY6C,IAAM7C,EAAY0D,SAASb,IAAI79F,KAAKg7F,EAAY0D,WAE9D,IAAIzD,EAAe,IAAI/B,GACvB+B,EAAa58F,IAAM,EACnB48F,EAAa5B,UAAY,WAAah9F,KAAKgC,KAAQ,EAInD,IAFA,IAAIggG,EAAK,IAAItD,GAAOC,EAAaC,GAC7B37E,EAAY++E,EAAG5C,WAEb,QAAST,KAAeA,EAAY6C,OAD7B,CAGX,IAAIc,EAA2B,EAAhB3D,EAAY38F,IAAQggG,EAAGt+F,OAAOy4F,UAG7C,GAFI6F,EAAGt+F,OAAO24F,UAAWiG,GAAY,GAEjCN,EAAG/C,cAAe,CACpB,IAAI76F,EAAQw6F,EAAa58F,IACzBggG,EAAGd,eACHj1D,EAASq2D,EAAU1D,EAAa58F,IAAMoC,EAC5C,KAAW,CAEL,GADU49F,EAAGt+F,OAAOrB,KAAK,KACrB0/F,KACA,QAASpD,IACRA,EAAY6C,MAKV,MAHLQ,EAAGhD,cAAcL,EAAaC,GAC9B/1F,QAAQ05F,OAAOP,EAAG5C,WAAan8E,EAChB,sDAEvB,CACA,CACA","x_google_ignoreList":[0,1,2,3,12,13,14,15,28,29,52,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,114,115,117,118,119,120,121,122,123,124]} \ No newline at end of file diff --git a/app/node_modules/openpgp/dist/openpgp.mjs b/app/node_modules/openpgp/dist/openpgp.mjs index 960e15cf4..4690044da 100644 --- a/app/node_modules/openpgp/dist/openpgp.mjs +++ b/app/node_modules/openpgp/dist/openpgp.mjs @@ -1,6 +1,21 @@ -/*! OpenPGP.js v5.11.2 - 2024-06-19 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ +/*! OpenPGP.js v6.0.0 - 2024-11-04 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; +function _mergeNamespaces(n, m) { + m.forEach(function (e) { + e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) { + if (k !== 'default' && !(k in n)) { + var d = Object.getOwnPropertyDescriptor(e, k); + Object.defineProperty(n, k, d.get ? d : { + enumerable: true, + get: function () { return e[k]; } + }); + } + }); + }); + return Object.freeze(n); +} + const doneWritingPromise = Symbol('doneWritingPromise'); const doneWritingResolve = Symbol('doneWritingResolve'); const doneWritingReject = Symbol('doneWritingReject'); @@ -10,6 +25,9 @@ const readingIndex = Symbol('readingIndex'); class ArrayStream extends Array { constructor() { super(); + // ES5 patch, see https://github.com/Microsoft/TypeScript/wiki/FAQ#why-doesnt-extending-built-ins-like-error-array-and-map-work + Object.setPrototypeOf(this, ArrayStream.prototype); + this[doneWritingPromise] = new Promise((resolve, reject) => { this[doneWritingResolve] = resolve; this[doneWritingReject] = reject; @@ -110,15 +128,14 @@ Writer.prototype.abort = async function(reason) { */ Writer.prototype.releaseLock = function() {}; -const isNode = typeof globalThis.process === 'object' && +/* eslint-disable no-prototype-builtins */ +typeof globalThis.process === 'object' && typeof globalThis.process.versions === 'object'; -const NodeReadableStream = isNode && void('stream').Readable; - /** * Check whether data is a Stream, and if so of which type * @param {Any} input data to check - * @returns {'web'|'ponyfill'|'node'|'array'|'web-like'|false} + * @returns {'web'|'node'|'array'|'web-like'|false} */ function isStream(input) { if (isArrayStream(input)) { @@ -127,11 +144,11 @@ function isStream(input) { if (globalThis.ReadableStream && globalThis.ReadableStream.prototype.isPrototypeOf(input)) { return 'web'; } - if (ReadableStream && ReadableStream.prototype.isPrototypeOf(input)) { - return 'ponyfill'; - } - if (NodeReadableStream && NodeReadableStream.prototype.isPrototypeOf(input)) { - return 'node'; + // try and detect a node native stream without having to import its class + if (input && + !(globalThis.ReadableStream && input instanceof globalThis.ReadableStream) && + typeof input._read === 'function' && typeof input._readableState === 'object') { + throw new Error('Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`'); } if (input && input.getReader) { return 'web-like'; @@ -175,99 +192,12 @@ function concatUint8Array(arrays) { return result; } -const NodeBuffer = isNode && void('buffer').Buffer; -const NodeReadableStream$1 = isNode && void('stream').Readable; - +const doneReadingSet = new WeakSet(); /** - * Web / node stream conversion functions - * From https://github.com/gwicke/node-web-streams + * The external buffer is used to store values that have been peeked or unshifted from the original stream. + * Because of how streams are implemented, such values cannot be "put back" in the original stream, + * but they need to be returned first when reading from the input again. */ - -let nodeToWeb; -let webToNode; - -if (NodeReadableStream$1) { - - /** - * Convert a Node Readable Stream to a Web ReadableStream - * @param {Readable} nodeStream - * @returns {ReadableStream} - */ - nodeToWeb = function(nodeStream) { - let canceled = false; - return new ReadableStream({ - start(controller) { - nodeStream.pause(); - nodeStream.on('data', chunk => { - if (canceled) { - return; - } - if (NodeBuffer.isBuffer(chunk)) { - chunk = new Uint8Array(chunk.buffer, chunk.byteOffset, chunk.byteLength); - } - controller.enqueue(chunk); - nodeStream.pause(); - }); - nodeStream.on('end', () => { - if (canceled) { - return; - } - controller.close(); - }); - nodeStream.on('error', e => controller.error(e)); - }, - pull() { - nodeStream.resume(); - }, - cancel(reason) { - canceled = true; - nodeStream.destroy(reason); - } - }); - }; - - - class NodeReadable extends NodeReadableStream$1 { - constructor(webStream, options) { - super(options); - this._reader = getReader(webStream); - } - - async _read(size) { - try { - while (true) { - const { done, value } = await this._reader.read(); - if (done) { - this.push(null); - break; - } - if (!this.push(value)) { - break; - } - } - } catch (e) { - this.destroy(e); - } - } - - async _destroy(error, callback) { - this._reader.cancel(error).then(callback, callback); - } - } - - /** - * Convert a Web ReadableStream to a Node Readable Stream - * @param {ReadableStream} webStream - * @param {Object} options - * @returns {Readable} - */ - webToNode = function(webStream, options) { - return new NodeReadable(webStream, options); - }; - -} - -const doneReadingSet = new WeakSet(); const externalBuffer = Symbol('externalBuffer'); /** @@ -286,13 +216,10 @@ function Reader(input) { const reader = input.getReader(); this._read = reader.read.bind(reader); this._releaseLock = () => {}; - this._cancel = async () => {}; + this._cancel = () => {}; return; } let streamType = isStream(input); - if (streamType === 'node') { - input = nodeToWeb(input); - } if (streamType) { const reader = input.getReader(); this._read = reader.read.bind(reader); @@ -399,6 +326,7 @@ Reader.prototype.readByte = async function() { Reader.prototype.readBytes = async function(length) { const buffer = []; let bufferLength = 0; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) { @@ -458,6 +386,7 @@ Reader.prototype.unshift = function(...values) { */ Reader.prototype.readToEnd = async function(join=concat) { const result = []; + // eslint-disable-next-line no-constant-condition while (true) { const { done, value } = await this.read(); if (done) break; @@ -466,32 +395,6 @@ Reader.prototype.readToEnd = async function(join=concat) { return join(result); }; -let { ReadableStream, WritableStream, TransformStream } = globalThis; - -let toPonyfillReadable, toNativeReadable; - -async function loadStreamsPonyfill() { - if (TransformStream) { - return; - } - - const [ponyfill, adapter] = await Promise.all([ - Promise.resolve().then(function () { return ponyfill_es6; }), - Promise.resolve().then(function () { return webStreamsAdapter; }) - ]); - - ({ ReadableStream, WritableStream, TransformStream } = ponyfill); - - const { createReadableStreamWrapper } = adapter; - - if (globalThis.ReadableStream && ReadableStream !== globalThis.ReadableStream) { - toPonyfillReadable = createReadableStreamWrapper(ReadableStream); - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } -} - -const NodeBuffer$1 = isNode && void('buffer').Buffer; - /** * Convert data to Stream * @param {ReadableStream|Uint8array|String} input data to convert @@ -499,12 +402,6 @@ const NodeBuffer$1 = isNode && void('buffer').Buffer; */ function toStream(input) { let streamType = isStream(input); - if (streamType === 'node') { - return nodeToWeb(input); - } - if (streamType === 'web' && toPonyfillReadable) { - return toPonyfillReadable(input); - } if (streamType) { return input; } @@ -517,7 +414,7 @@ function toStream(input) { } /** - * Convert data to ArrayStream + * Convert non-streamed data to ArrayStream; this is a noop if `input` is already a stream. * @param {Object} input data to convert * @returns {ArrayStream} Converted data */ @@ -550,9 +447,6 @@ function concat(list) { if (typeof list[0] === 'string') { return list.join(''); } - if (NodeBuffer$1 && NodeBuffer$1.isBuffer(list[0])) { - return NodeBuffer$1.concat(list); - } return concatUint8Array(list); } @@ -593,24 +487,6 @@ function concatArrayStream(list) { return result; } -/** - * Get a Reader - * @param {ReadableStream|Uint8array|String} input - * @returns {Reader} - */ -function getReader(input) { - return new Reader(input); -} - -/** - * Get a Writer - * @param {WritableStream} input - * @returns {Writer} - */ -function getWriter(input) { - return new Writer(input); -} - /** * Pipe a readable stream to a writable stream. Don't throw on input stream errors, but forward them to the output stream. * @param {ReadableStream|Uint8array|String} input @@ -647,6 +523,7 @@ async function pipe(input, target, { const reader = getReader(input); const writer = getWriter(target); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -898,6 +775,7 @@ function passiveClone(input) { const reader = getReader(readable); const writer = getWriter(writable); try { + // eslint-disable-next-line no-constant-condition while (true) { await writer.ready; const { done, value } = await reader.read(); @@ -981,9 +859,8 @@ function slice(input, begin=0, end=Infinity) { if (returnValue.length >= -end) { lastBytes = slice(returnValue, end); return slice(returnValue, begin, end); - } else { - lastBytes = returnValue; } + lastBytes = returnValue; }); } console.warn(`stream.slice(input, ${begin}, ${end}) not implemented efficiently.`); @@ -992,9 +869,8 @@ function slice(input, begin=0, end=Infinity) { if (input[externalBuffer]) { input = concat(input[externalBuffer].concat([input])); } - if (isUint8Array(input) && !(NodeBuffer$1 && NodeBuffer$1.isBuffer(input))) { - if (end === Infinity) end = input.length; - return input.subarray(begin, end); + if (isUint8Array(input)) { + return input.subarray(begin, end === Infinity ? input.length : end); } return input.slice(begin, end); } @@ -1026,7 +902,10 @@ async function readToEnd(input, join=concat) { async function cancel(input, reason) { if (isStream(input)) { if (input.cancel) { - return input.cancel(reason); + const cancelled = await input.cancel(reason); + // the stream is not always cancelled at this point, so we wait some more + await new Promise(setTimeout); + return cancelled; } if (input.destroy) { input.destroy(reason); @@ -1055,636 +934,152 @@ function fromAsync(fn) { return arrayStream; } -/* eslint-disable new-cap */ +/** + * Get a Reader + * @param {ReadableStream|Uint8array|String} input + * @returns {Reader} + */ +function getReader(input) { + return new Reader(input); +} /** - * @fileoverview - * BigInteger implementation of basic operations - * that wraps the native BigInt library. - * Operations are not constant time, - * but we try and limit timing leakage where we can - * @module biginteger/native - * @private + * Get a Writer + * @param {WritableStream} input + * @returns {Writer} */ +function getWriter(input) { + return new Writer(input); +} /** - * @private + * @module enums */ -class BigInteger { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on null or undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); - } - if (n instanceof Uint8Array) { - const bytes = n; - const hex = new Array(bytes.length); - for (let i = 0; i < bytes.length; i++) { - const hexByte = bytes[i].toString(16); - hex[i] = (bytes[i] <= 0xF) ? ('0' + hexByte) : hexByte; - } - this.value = BigInt('0x0' + hex.join('')); - } else { - this.value = BigInt(n); - } - } +const byValue = Symbol('byValue'); - clone() { - return new BigInteger(this.value); - } +var enums = { - /** - * BigInteger increment in place + /** Maps curve names under various standards to one + * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} + * @enum {String} + * @readonly */ - iinc() { - this.value++; - return this; - } + curve: { + /** NIST P-256 Curve */ + 'nistP256': 'nistP256', + /** @deprecated use `nistP256` instead */ + 'p256': 'nistP256', - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } + /** NIST P-384 Curve */ + 'nistP384': 'nistP384', + /** @deprecated use `nistP384` instead */ + 'p384': 'nistP384', - /** - * BigInteger decrement in place - */ - idec() { - this.value--; - return this; - } + /** NIST P-521 Curve */ + 'nistP521': 'nistP521', + /** @deprecated use `nistP521` instead */ + 'p521': 'nistP521', - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + /** SECG SECP256k1 Curve */ + 'secp256k1': 'secp256k1', - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value += x.value; - return this; - } + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519Legacy', + /** @deprecated use `ed25519Legacy` instead */ + 'ed25519': 'ed25519Legacy', - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'curve25519Legacy': 'curve25519Legacy', + /** @deprecated use `curve25519Legacy` instead */ + 'curve25519': 'curve25519Legacy', - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value -= x.value; - return this; - } + /** BrainpoolP256r1 Curve */ + 'brainpoolP256r1': 'brainpoolP256r1', - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } + /** BrainpoolP384r1 Curve */ + 'brainpoolP384r1': 'brainpoolP384r1', - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value *= x.value; - return this; - } + /** BrainpoolP512r1 Curve */ + 'brainpoolP512r1': 'brainpoolP512r1' + }, - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. + /** A string to key specifier type + * @enum {Integer} + * @readonly */ - mul(x) { - return this.clone().imul(x); - } + s2k: { + simple: 0, + salted: 1, + iterated: 3, + argon2: 4, + gnu: 101 + }, - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} + * @enum {Integer} + * @readonly */ - imod(m) { - this.value %= m.value; - if (this.isNegative()) { - this.iadd(m); - } - return this; - } + publicKey: { + /** RSA (Encrypt or Sign) [HAC] */ + rsaEncryptSign: 1, + /** RSA (Encrypt only) [HAC] */ + rsaEncrypt: 2, + /** RSA (Sign only) [HAC] */ + rsaSign: 3, + /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ + elgamal: 16, + /** DSA (Sign only) [FIPS186] [HAC] */ + dsa: 17, + /** ECDH (Encrypt only) [RFC6637] */ + ecdh: 18, + /** ECDSA (Sign only) [RFC6637] */ + ecdsa: 19, + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) + * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ + eddsaLegacy: 22, + /** Reserved for AEDH */ + aedh: 23, + /** Reserved for AEDSA */ + aedsa: 24, + /** X25519 (Encrypt only) */ + x25519: 25, + /** X448 (Encrypt only) */ + x448: 26, + /** Ed25519 (Sign only) */ + ed25519: 27, + /** Ed448 (Sign only) */ + ed448: 28 + }, - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} + * @enum {Integer} + * @readonly */ - mod(m) { - return this.clone().imod(m); - } + symmetric: { + /** Not implemented! */ + idea: 1, + tripledes: 2, + cast5: 3, + blowfish: 4, + aes128: 7, + aes192: 8, + aes256: 9, + twofish: 10 + }, - /** - * Compute modular exponentiation using square and multiply - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. + /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} + * @enum {Integer} + * @readonly */ - modExp(e, n) { - if (n.isZero()) throw Error('Modulo cannot be zero'); - if (n.isOne()) return new BigInteger(0); - if (e.isNegative()) throw Error('Unsopported negative exponent'); - - let exp = e.value; - let x = this.value; - - x %= n.value; - let r = BigInt(1); - while (exp > BigInt(0)) { - const lsb = exp & BigInt(1); - exp >>= BigInt(1); // e / 2 - // Always compute multiplication step, to reduce timing leakage - const rx = (r * x) % n.value; - // Update r only if lsb is 1 (odd exponent) - r = lsb ? rx : r; - x = (x * x) % n.value; // Square - } - return new BigInteger(r); - } - - - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - const { gcd, x } = this._egcd(n); - if (!gcd.isOne()) { - throw new Error('Inverse does not exist'); - } - return x.add(n).mod(n); - } - - /** - * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) - * Given a = this and b, compute (x, y) such that ax + by = gdc(a, b) - * @param {BigInteger} b - Second operand - * @returns {{ gcd, x, y: BigInteger }} - */ - _egcd(b) { - let x = BigInt(0); - let y = BigInt(1); - let xPrev = BigInt(1); - let yPrev = BigInt(0); - - let a = this.value; - b = b.value; - - while (b !== BigInt(0)) { - const q = a / b; - let tmp = x; - x = xPrev - q * x; - xPrev = tmp; - - tmp = y; - y = yPrev - q * y; - yPrev = tmp; - - tmp = b; - b = a % b; - a = tmp; - } - - return { - x: new BigInteger(xPrev), - y: new BigInteger(yPrev), - gcd: new BigInteger(a) - }; - } - - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} b - Operand - * @returns {BigInteger} gcd - */ - gcd(b) { - let a = this.value; - b = b.value; - while (b !== BigInt(0)) { - const tmp = b; - b = a % b; - a = tmp; - } - return new BigInteger(a); - } - - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value <<= x.value; - return this; - } - - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); - } - - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value >>= x.value; - return this; - } - - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); - } - - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value === x.value; - } - - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value < x.value; - } - - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value <= x.value; - } - - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value > x.value; - } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value >= x.value; - } - - isZero() { - return this.value === BigInt(0); - } - - isOne() { - return this.value === BigInt(1); - } - - isNegative() { - return this.value < BigInt(0); - } - - isEven() { - return !(this.value & BigInt(1)); - } - - abs() { - const res = this.clone(); - if (this.isNegative()) { - res.value = -res.value; - } - return res; - } - - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); - } - - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - const number = Number(this.value); - if (number > Number.MAX_SAFE_INTEGER) { - // We throw and error to conform with the bn.js implementation - throw new Error('Number can only safely store up to 53 bits'); - } - return number; - } - - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - const bit = (this.value >> BigInt(i)) & BigInt(1); - return (bit === BigInt(0)) ? 0 : 1; - } - - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - const zero = new BigInteger(0); - const one = new BigInteger(1); - const negOne = new BigInteger(-1); - - // -1n >> -1n is -1n - // 1n >> 1n is 0n - const target = this.isNegative() ? negOne : zero; - let bitlen = 1; - const tmp = this.clone(); - while (!tmp.irightShift(one).equal(target)) { - bitlen++; - } - return bitlen; - } - - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - const zero = new BigInteger(0); - const negOne = new BigInteger(-1); - - const target = this.isNegative() ? negOne : zero; - const eight = new BigInteger(8); - let len = 1; - const tmp = this.clone(); - while (!tmp.irightShift(eight).equal(target)) { - len++; - } - return len; - } - - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) - // this is faster than shift+mod iterations - let hex = this.value.toString(16); - if (hex.length % 2 === 1) { - hex = '0' + hex; - } - - const rawLength = hex.length / 2; - const bytes = new Uint8Array(length || rawLength); - // parse hex - const offset = length ? (length - rawLength) : 0; - let i = 0; - while (i < rawLength) { - bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); - i++; - } - - if (endian !== 'be') { - bytes.reverse(); - } - - return bytes; - } -} - -const detectBigInt = () => typeof BigInt !== 'undefined'; - -async function getBigInteger() { - if (detectBigInt()) { - return BigInteger; - } else { - const { default: BigInteger } = await Promise.resolve().then(function () { return bn_interface; }); - return BigInteger; - } -} - -/** - * @module enums - */ - -const byValue = Symbol('byValue'); - -var enums = { - - /** Maps curve names under various standards to one - * @see {@link https://wiki.gnupg.org/ECC|ECC - GnuPG wiki} - * @enum {String} - * @readonly - */ - curve: { - /** NIST P-256 Curve */ - 'p256': 'p256', - 'P-256': 'p256', - 'secp256r1': 'p256', - 'prime256v1': 'p256', - '1.2.840.10045.3.1.7': 'p256', - '2a8648ce3d030107': 'p256', - '2A8648CE3D030107': 'p256', - - /** NIST P-384 Curve */ - 'p384': 'p384', - 'P-384': 'p384', - 'secp384r1': 'p384', - '1.3.132.0.34': 'p384', - '2b81040022': 'p384', - '2B81040022': 'p384', - - /** NIST P-521 Curve */ - 'p521': 'p521', - 'P-521': 'p521', - 'secp521r1': 'p521', - '1.3.132.0.35': 'p521', - '2b81040023': 'p521', - '2B81040023': 'p521', - - /** SECG SECP256k1 Curve */ - 'secp256k1': 'secp256k1', - '1.3.132.0.10': 'secp256k1', - '2b8104000a': 'secp256k1', - '2B8104000A': 'secp256k1', - - /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ - 'ed25519Legacy': 'ed25519', - 'ED25519': 'ed25519', - /** @deprecated use `ed25519Legacy` instead */ - 'ed25519': 'ed25519', - 'Ed25519': 'ed25519', - '1.3.6.1.4.1.11591.15.1': 'ed25519', - '2b06010401da470f01': 'ed25519', - '2B06010401DA470F01': 'ed25519', - - /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ - 'curve25519Legacy': 'curve25519', - 'X25519': 'curve25519', - 'cv25519': 'curve25519', - /** @deprecated use `curve25519Legacy` instead */ - 'curve25519': 'curve25519', - 'Curve25519': 'curve25519', - '1.3.6.1.4.1.3029.1.5.1': 'curve25519', - '2b060104019755010501': 'curve25519', - '2B060104019755010501': 'curve25519', - - /** BrainpoolP256r1 Curve */ - 'brainpoolP256r1': 'brainpoolP256r1', - '1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1', - '2b2403030208010107': 'brainpoolP256r1', - '2B2403030208010107': 'brainpoolP256r1', - - /** BrainpoolP384r1 Curve */ - 'brainpoolP384r1': 'brainpoolP384r1', - '1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1', - '2b240303020801010b': 'brainpoolP384r1', - '2B240303020801010B': 'brainpoolP384r1', - - /** BrainpoolP512r1 Curve */ - 'brainpoolP512r1': 'brainpoolP512r1', - '1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1', - '2b240303020801010d': 'brainpoolP512r1', - '2B240303020801010D': 'brainpoolP512r1' - }, - - /** A string to key specifier type - * @enum {Integer} - * @readonly - */ - s2k: { - simple: 0, - salted: 1, - iterated: 3, - gnu: 101 - }, - - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} - * @enum {Integer} - * @readonly - */ - publicKey: { - /** RSA (Encrypt or Sign) [HAC] */ - rsaEncryptSign: 1, - /** RSA (Encrypt only) [HAC] */ - rsaEncrypt: 2, - /** RSA (Sign only) [HAC] */ - rsaSign: 3, - /** Elgamal (Encrypt only) [ELGAMAL] [HAC] */ - elgamal: 16, - /** DSA (Sign only) [FIPS186] [HAC] */ - dsa: 17, - /** ECDH (Encrypt only) [RFC6637] */ - ecdh: 18, - /** ECDSA (Sign only) [RFC6637] */ - ecdsa: 19, - /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) - * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility - /** @deprecated use `eddsaLegacy` instead */ - ed25519Legacy: 22, - /** @deprecated use `eddsaLegacy` instead */ - eddsa: 22, - /** Reserved for AEDH */ - aedh: 23, - /** Reserved for AEDSA */ - aedsa: 24, - /** X25519 (Encrypt only) */ - x25519: 25, - /** X448 (Encrypt only) */ - x448: 26, - /** Ed25519 (Sign only) */ - ed25519: 27, - /** Ed448 (Sign only) */ - ed448: 28 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} - * @enum {Integer} - * @readonly - */ - symmetric: { - plaintext: 0, - /** Not implemented! */ - idea: 1, - tripledes: 2, - cast5: 3, - blowfish: 4, - aes128: 7, - aes192: 8, - aes256: 9, - twofish: 10 - }, - - /** {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} - * @enum {Integer} - * @readonly - */ - compression: { - uncompressed: 0, - /** RFC1951 */ - zip: 1, - /** RFC1950 */ - zlib: 2, - bzip2: 3 - }, + compression: { + uncompressed: 0, + /** RFC1951 */ + zip: 1, + /** RFC1950 */ + zlib: 2, + bzip2: 3 + }, /** {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} * @enum {Integer} @@ -1697,7 +1092,9 @@ var enums = { sha256: 8, sha384: 9, sha512: 10, - sha224: 11 + sha224: 11, + sha3_256: 12, + sha3_512: 14 }, /** A list of hash names as accepted by webCrypto functions. @@ -1718,6 +1115,7 @@ var enums = { aead: { eax: 1, ocb: 2, + gcm: 3, experimentalGCM: 100 // Private algorithm }, @@ -1743,7 +1141,8 @@ var enums = { userAttribute: 17, symEncryptedIntegrityProtectedData: 18, modificationDetectionCode: 19, - aeadEncryptedData: 20 // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + aeadEncryptedData: 20, // see IETF draft: https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1 + padding: 21 }, /** Data types in the literal packet @@ -1899,7 +1298,7 @@ var enums = { placeholderBackwardsCompatibility: 10, preferredSymmetricAlgorithms: 11, revocationKey: 12, - issuer: 16, + issuerKeyID: 16, notationData: 20, preferredHashAlgorithms: 21, preferredCompressionAlgorithms: 22, @@ -1914,7 +1313,8 @@ var enums = { signatureTarget: 31, embeddedSignature: 32, issuerFingerprint: 33, - preferredAEADAlgorithms: 34 + preferredAEADAlgorithms: 34, + preferredCipherSuites: 39 }, /** Key flags @@ -1983,7 +1383,8 @@ var enums = { aead: 2, /** 0x04 - Version 5 Public-Key Packet format and corresponding new * fingerprint format */ - v5Keys: 4 + v5Keys: 4, + seipdv2: 8 }, /** @@ -2029,9 +1430,328 @@ var enums = { }; // GPG4Browsers - An OpenPGP implementation in javascript - -const debugMode = (() => { - try { +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +var config = { + /** + * @memberof module:config + * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} + */ + preferredHashAlgorithm: enums.hash.sha512, + /** + * @memberof module:config + * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} + */ + preferredSymmetricAlgorithm: enums.symmetric.aes256, + /** + * @memberof module:config + * @property {Integer} compression Default compression algorithm {@link module:enums.compression} + */ + preferredCompressionAlgorithm: enums.compression.uncompressed, + /** + * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. + * This option is applicable to: + * - key generation (encryption key preferences), + * - password-based message encryption, and + * - private key encryption. + * In the case of message encryption using public keys, the encryption key preferences are respected instead. + * Note: not all OpenPGP implementations are compatible with this option. + * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10} + * @memberof module:config + * @property {Boolean} aeadProtect + */ + aeadProtect: false, + /** + * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`) + * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`, + * this option must be set, otherwise key parsing and/or key decryption will fail. + * Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys + * will be processed incorrectly. + */ + parseAEADEncryptedV4KeysAsLegacy: false, + /** + * Default Authenticated Encryption with Additional Data (AEAD) encryption mode + * Only has an effect when aeadProtect is set to true. + * @memberof module:config + * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} + */ + preferredAEADAlgorithm: enums.aead.gcm, + /** + * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode + * Only has an effect when aeadProtect is set to true. + * Must be an integer value from 0 to 56. + * @memberof module:config + * @property {Integer} aeadChunkSizeByte + */ + aeadChunkSizeByte: 12, + /** + * Use v6 keys. + * Note: not all OpenPGP implementations are compatible with this option. + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v6Keys + */ + v6Keys: false, + /** + * Enable parsing v5 keys and v5 signatures (which is different from the AEAD-encrypted SEIPDv2 packet). + * These are non-standard entities, which in the crypto-refresh have been superseded + * by v6 keys and v6 signatures, respectively. + * However, generation of v5 entities was supported behind config flag in OpenPGP.js v5, and some other libraries, + * hence parsing them might be necessary in some cases. + */ + enableParsingV5Entities: false, + /** + * S2K (String to Key) type, used for key derivation in the context of secret key encryption + * and password-encrypted data. Weaker s2k options are not allowed. + * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it + * (pending standardisation). + * @memberof module:config + * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k} + */ + s2kType: enums.s2k.iterated, + /** + * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}: + * Iteration Count Byte for Iterated and Salted S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`. + * Note: this is the exponent value, not the final number of iterations (refer to specs for more details). + * @memberof module:config + * @property {Integer} s2kIterationCountByte + */ + s2kIterationCountByte: 224, + /** + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}: + * Argon2 parameters for S2K (String to Key). + * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`. + * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"), + * to ensure compatibility with memory-constrained environments. + * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. + * @memberof module:config + * @property {Object} params + * @property {Integer} params.passes - number of iterations t + * @property {Integer} params.parallelism - degree of parallelism p + * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes. + */ + s2kArgon2Params: { + passes: 3, + parallelism: 4, // lanes + memoryExponent: 16 // 64 MiB of RAM + }, + /** + * Allow decryption of messages without integrity protection. + * This is an **insecure** setting: + * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. + * - it enables downgrade attacks against integrity-protected messages. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedMessages + */ + allowUnauthenticatedMessages: false, + /** + * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to + * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible + * and deferring checking their integrity until the decrypted stream has been read in full. + * + * This setting is **insecure** if the encrypted data has been corrupted by a malicious entity: + * - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL + * (see https://efail.de/). + * - an attacker with access to traces or timing info of internal processing errors could learn some info about the data. + * + * NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed. + * @memberof module:config + * @property {Boolean} allowUnauthenticatedStream + */ + allowUnauthenticatedStream: false, + /** + * Minimum RSA key size allowed for key generation and message signing, verification and encryption. + * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. + * @memberof module:config + * @property {Number} minRSABits + */ + minRSABits: 2047, + /** + * Work-around for rare GPG decryption bug when encrypting with multiple passwords. + * **Slower and slightly less secure** + * @memberof module:config + * @property {Boolean} passwordCollisionCheck + */ + passwordCollisionCheck: false, + /** + * Allow decryption using RSA keys without `encrypt` flag. + * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug + * where key flags were ignored when selecting a key for encryption. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureDecryptionWithSigningKeys: false, + /** + * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. + * Instead, a verification key will also be consider valid as long as it is valid at the current time. + * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, + * and have self-signature's creation date that does not match the primary key creation date. + * @memberof module:config + * @property {Boolean} allowInsecureDecryptionWithSigningKeys + */ + allowInsecureVerificationWithReformattedKeys: false, + /** + * Allow using keys that do not have any key flags set. + * Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages + * (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29). + * Some older keys do not declare any key flags, which means they are not allowed to be used for any operation. + * This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm. + */ + allowMissingKeyFlags: false, + /** + * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). + * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: + * - new/incoming messages are automatically decrypted (without user interaction); + * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). + * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. + * @memberof module:config + * @property {Boolean} constantTimePKCS1Decryption + */ + constantTimePKCS1Decryption: false, + /** + * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. + * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. + * However, the more algorithms are added, the slower the decryption procedure becomes. + * @memberof module:config + * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} + */ + constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), + /** + * @memberof module:config + * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error + */ + ignoreUnsupportedPackets: true, + /** + * @memberof module:config + * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error + */ + ignoreMalformedPackets: false, + /** + * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only + * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable + * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). + * @memberof module:config + * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] + */ + additionalAllowedPackets: [], + /** + * @memberof module:config + * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages + */ + showVersion: false, + /** + * @memberof module:config + * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages + */ + showComment: false, + /** + * @memberof module:config + * @property {String} versionString A version string to be included in armored messages + */ + versionString: 'OpenPGP.js 6.0.0', + /** + * @memberof module:config + * @property {String} commentString A comment string to be included in armored messages + */ + commentString: 'https://openpgpjs.org', + + /** + * Max userID string length (used for parsing) + * @memberof module:config + * @property {Integer} maxUserIDLength + */ + maxUserIDLength: 1024 * 5, + /** + * Contains notatations that are considered "known". Known notations do not trigger + * validation error when the notation is marked as critical. + * @memberof module:config + * @property {Array} knownNotations + */ + knownNotations: [], + /** + * If true, a salt notation is used to randomize signatures generated by v4 and v5 keys (v6 signatures are always non-deterministic, by design). + * This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur + * during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of + * weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. + * NOTE: the notation is interoperable, but will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. + */ + nonDeterministicSignaturesViaNotation: true, + /** + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. + * When false, certain standard curves will not be supported (depending on the platform). + * @memberof module:config + * @property {Boolean} useEllipticFallback + */ + useEllipticFallback: true, + /** + * Reject insecure hash algorithms + * @memberof module:config + * @property {Set} rejectHashAlgorithms {@link module:enums.hash} + */ + rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), + /** + * Reject insecure message hash algorithms + * @memberof module:config + * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} + */ + rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), + /** + * Reject insecure public key algorithms for key generation and message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} + */ + rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), + /** + * Reject non-standard curves for key generation, message encryption, signing or verification + * @memberof module:config + * @property {Set} rejectCurves {@link module:enums.curve} + */ + rejectCurves: new Set([enums.curve.secp256k1]) +}; + +/** + * @fileoverview This object contains global configuration values. + * @see module:config/config + * @module config + */ + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +const createRequire = () => () => {}; // Must be stripped in browser built + +const debugMode = (() => { + try { return process.env.NODE_ENV === 'development'; // eslint-disable-line no-process-env } catch (e) {} return false; @@ -2042,6 +1762,8 @@ const util = { return typeof data === 'string' || data instanceof String; }, + nodeRequire: createRequire(), + isArray: function(data) { return data instanceof Array; }, @@ -2050,6 +1772,35 @@ const util = { isStream: isStream, + /** + * Load noble-curves lib on demand and return the requested curve function + * @param {enums.publicKey} publicKeyAlgo + * @param {enums.curve} [curveName] - for algos supporting different curves (e.g. ECDSA) + * @returns curve implementation + * @throws on unrecognized curve, or curve not implemented by noble-curve + */ + getNobleCurve: async (publicKeyAlgo, curveName) => { + if (!config.useEllipticFallback) { + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } + + const { nobleCurves } = await Promise.resolve().then(function () { return noble_curves; }); + switch (publicKeyAlgo) { + case enums.publicKey.ecdh: + case enums.publicKey.ecdsa: { + const curve = nobleCurves.get(curveName); + if (!curve) throw new Error('Unsupported curve'); + return curve; + } + case enums.publicKey.x448: + return nobleCurves.get('x448'); + case enums.publicKey.ed448: + return nobleCurves.get('ed448'); + default: + throw new Error('Unsupported curve'); + } + }, + readNumber: function (bytes) { let n = 0; for (let i = 0; i < bytes.length; i++) { @@ -2091,7 +1842,26 @@ const util = { readMPI: function (bytes) { const bits = (bytes[0] << 8) | bytes[1]; const bytelen = (bits + 7) >>> 3; - return bytes.subarray(2, 2 + bytelen); + // There is a decryption oracle risk here by enforcing the MPI length using `readExactSubarray` in the context of SEIPDv1 encrypted signatures, + // where unauthenticated streamed decryption is done (via `config.allowUnauthenticatedStream`), since the decrypted signature data being processed + // has not been authenticated (yet). + // However, such config setting is known to be insecure, and there are other packet parsing errors that can cause similar issues. + // Also, AEAD is also not affected. + return util.readExactSubarray(bytes, 2, 2 + bytelen); + }, + + /** + * Read exactly `end - start` bytes from input. + * This is a stricter version of `.subarray`. + * @param {Uint8Array} input - Input data to parse + * @returns {Uint8Array} subarray of size always equal to `end - start` + * @throws if the input array is too short. + */ + readExactSubarray: function (input, start, end) { + if (input.length < (end - start)) { + throw new Error('Input array too short'); + } + return input.subarray(start, end); }, /** @@ -2101,6 +1871,9 @@ const util = { * @returns {Uint8Array} Padded bytes. */ leftPad(bytes, length) { + if (bytes.length > length) { + throw new Error('Input array too long'); + } const padded = new Uint8Array(length); const offset = length - bytes.length; padded.set(bytes, offset); @@ -2156,18 +1929,10 @@ const util = { * @returns {String} Hexadecimal representation of the array. */ uint8ArrayToHex: function (bytes) { - const r = []; - const e = bytes.length; - let c = 0; - let h; - while (c < e) { - h = bytes[c++].toString(16); - while (h.length < 2) { - h = '0' + h; - } - r.push('' + h); - } - return r.join(''); + const hexAlphabet = '0123456789abcdef'; + let s = ''; + bytes.forEach(v => { s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; }); + return s; }, /** @@ -2378,32 +2143,30 @@ const util = { }, /** - * Get native Web Cryptography api, only the current version of the spec. - * @returns {Object} The SubtleCrypto api or 'undefined'. + * Get native Web Cryptography API. + * @returns {Object} The SubtleCrypto API + * @throws if the API is not available */ getWebCrypto: function() { - return typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + const globalWebCrypto = typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.subtle; + // Fallback for Node 16, which does not expose WebCrypto as a global + const webCrypto = globalWebCrypto || this.getNodeCrypto()?.webcrypto.subtle; + if (!webCrypto) { + throw new Error('The WebCrypto API is not available'); + } + return webCrypto; }, - /** - * Get BigInteger class - * It wraps the native BigInt type if it's available - * Otherwise it relies on bn.js - * @returns {BigInteger} - * @async - */ - getBigInteger, - /** * Get native Node.js crypto api. * @returns {Object} The crypto module or 'undefined'. */ getNodeCrypto: function() { - return void('crypto'); + return this.nodeRequire('crypto'); }, getNodeZlib: function() { - return void('zlib'); + return this.nodeRequire('zlib'); }, /** @@ -2412,7 +2175,7 @@ const util = { * @returns {Function} The Buffer constructor or 'undefined'. */ getNodeBuffer: function() { - return ({}).Buffer; + return (this.nodeRequire('buffer') || {}).Buffer; }, getHardwareConcurrency: function() { @@ -2420,15 +2183,24 @@ const util = { return navigator.hardwareConcurrency || 1; } - const os = void('os'); // Assume we're on Node.js. + const os = this.nodeRequire('os'); // Assume we're on Node.js. return os.cpus().length; }, - isEmailAddress: function(data) { + /** + * Test email format to ensure basic compliance: + * - must include a single @ + * - no control or space unicode chars allowed + * - no backslash and square brackets (as the latter can mess with the userID parsing) + * - cannot end with a punctuation char + * These checks are not meant to be exhaustive; applications are strongly encouraged to implement stricter validation, + * e.g. based on the W3C HTML spec (https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email)). + */ + isEmailAddress: function(data) { if (!util.isString(data)) { return false; } - const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/; + const re = /^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u; return re.test(data); }, @@ -2631,14 +2403,15 @@ const util = { * provided with the application or distribution. */ -const Buffer = util.getNodeBuffer(); + +const Buffer$2 = util.getNodeBuffer(); let encodeChunk; let decodeChunk; -if (Buffer) { - encodeChunk = buf => Buffer.from(buf).toString('base64'); +if (Buffer$2) { + encodeChunk = buf => Buffer$2.from(buf).toString('base64'); decodeChunk = str => { - const b = Buffer.from(str, 'base64'); + const b = Buffer$2.from(str, 'base64'); return new Uint8Array(b.buffer, b.byteOffset, b.byteLength); }; } else { @@ -2652,7 +2425,7 @@ if (Buffer) { * @returns {String | ReadableStream} Radix-64 version of input string. * @static */ -function encode(data) { +function encode$1(data) { let buf = new Uint8Array(); return transform(data, value => { buf = util.concatUint8Array([buf, value]); @@ -2676,7 +2449,7 @@ function encode(data) { * @returns {Uint8Array | ReadableStream} Binary array version of input string. * @static */ -function decode(data) { +function decode$2(data) { let buf = ''; return transform(data, value => { buf += value; @@ -2712,7 +2485,7 @@ function decode(data) { * @returns {Uint8Array} An array of 8-bit integers. */ function b64ToUint8Array(base64) { - return decode(base64.replace(/-/g, '+').replace(/_/g, '/')); + return decode$2(base64.replace(/-/g, '+').replace(/_/g, '/')); } /** @@ -2722,254 +2495,30 @@ function b64ToUint8Array(base64) { * @returns {String} Base-64 encoded string. */ function uint8ArrayToB64(bytes, url) { - let encoded = encode(bytes).replace(/[\r\n]/g, ''); - if (url) { + let encoded = encode$1(bytes).replace(/[\r\n]/g, ''); + { encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, ''); } return encoded; } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -var config = { - /** - * @memberof module:config - * @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash} - */ - preferredHashAlgorithm: enums.hash.sha256, - /** - * @memberof module:config - * @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric} - */ - preferredSymmetricAlgorithm: enums.symmetric.aes256, - /** - * @memberof module:config - * @property {Integer} compression Default compression algorithm {@link module:enums.compression} - */ - preferredCompressionAlgorithm: enums.compression.uncompressed, - /** - * @memberof module:config - * @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9 - */ - deflateLevel: 6, - - /** - * Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07} - * @memberof module:config - * @property {Boolean} aeadProtect - */ - aeadProtect: false, - /** - * Default Authenticated Encryption with Additional Data (AEAD) encryption mode - * Only has an effect when aeadProtect is set to true. - * @memberof module:config - * @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead} - */ - preferredAEADAlgorithm: enums.aead.eax, - /** - * Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode - * Only has an effect when aeadProtect is set to true. - * Must be an integer value from 0 to 56. - * @memberof module:config - * @property {Integer} aeadChunkSizeByte - */ - aeadChunkSizeByte: 12, - /** - * Use V5 keys. - * Note: not all OpenPGP implementations are compatible with this option. - * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** - * @memberof module:config - * @property {Boolean} v5Keys - */ - v5Keys: false, - /** - * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: - * Iteration Count Byte for S2K (String to Key) - * @memberof module:config - * @property {Integer} s2kIterationCountByte - */ - s2kIterationCountByte: 224, - /** - * Allow decryption of messages without integrity protection. - * This is an **insecure** setting: - * - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe. - * - it enables downgrade attacks against integrity-protected messages. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedMessages - */ - allowUnauthenticatedMessages: false, - /** - * Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to - * process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible - * and deferring checking their integrity until the decrypted stream has been read in full. - * - * This setting is **insecure** if the partially decrypted message is processed further or displayed to the user. - * @memberof module:config - * @property {Boolean} allowUnauthenticatedStream - */ - allowUnauthenticatedStream: false, - /** - * @memberof module:config - * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum - */ - checksumRequired: false, - /** - * Minimum RSA key size allowed for key generation and message signing, verification and encryption. - * The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones. - * @memberof module:config - * @property {Number} minRSABits - */ - minRSABits: 2047, - /** - * Work-around for rare GPG decryption bug when encrypting with multiple passwords. - * **Slower and slightly less secure** - * @memberof module:config - * @property {Boolean} passwordCollisionCheck - */ - passwordCollisionCheck: false, - /** - * @memberof module:config - * @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored - */ - revocationsExpire: false, - /** - * Allow decryption using RSA keys without `encrypt` flag. - * This setting is potentially insecure, but it is needed to get around an old openpgpjs bug - * where key flags were ignored when selecting a key for encryption. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureDecryptionWithSigningKeys: false, - /** - * Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. - * Instead, a verification key will also be consider valid as long as it is valid at the current time. - * This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, - * and have self-signature's creation date that does not match the primary key creation date. - * @memberof module:config - * @property {Boolean} allowInsecureDecryptionWithSigningKeys - */ - allowInsecureVerificationWithReformattedKeys: false, - - /** - * Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). - * This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply: - * - new/incoming messages are automatically decrypted (without user interaction); - * - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). - * See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`. - * @memberof module:config - * @property {Boolean} constantTimePKCS1Decryption - */ - constantTimePKCS1Decryption: false, - /** - * This setting is only meaningful if `constantTimePKCS1Decryption` is enabled. - * Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. - * However, the more algorithms are added, the slower the decryption procedure becomes. - * @memberof module:config - * @property {Set} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric} - */ - constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]), - - /** - * @memberof module:config - * @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available - */ - minBytesForWebCrypto: 1000, - /** - * @memberof module:config - * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error - */ - ignoreUnsupportedPackets: true, - /** - * @memberof module:config - * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error - */ - ignoreMalformedPackets: false, - /** - * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only - * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable - * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message). - * @memberof module:config - * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] - */ - additionalAllowedPackets: [], - /** - * @memberof module:config - * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages - */ - showVersion: false, - /** - * @memberof module:config - * @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages - */ - showComment: false, - /** - * @memberof module:config - * @property {String} versionString A version string to be included in armored messages - */ - versionString: 'OpenPGP.js 5.11.2', - /** - * @memberof module:config - * @property {String} commentString A comment string to be included in armored messages - */ - commentString: 'https://openpgpjs.org', - - /** - * Max userID string length (used for parsing) - * @memberof module:config - * @property {Integer} maxUserIDLength - */ - maxUserIDLength: 1024 * 5, - /** - * Contains notatations that are considered "known". Known notations do not trigger - * validation error when the notation is marked as critical. - * @memberof module:config - * @property {Array} knownNotations - */ - knownNotations: [], - /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. - * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. - * @memberof module:config - * @property {Boolean} useIndutnyElliptic - */ - useIndutnyElliptic: true, - /** - * Reject insecure hash algorithms - * @memberof module:config - * @property {Set} rejectHashAlgorithms {@link module:enums.hash} - */ - rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]), - /** - * Reject insecure message hash algorithms - * @memberof module:config - * @property {Set} rejectMessageHashAlgorithms {@link module:enums.hash} - */ - rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]), - /** - * Reject insecure public key algorithms for key generation and message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectPublicKeyAlgorithms {@link module:enums.publicKey} - */ - rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]), - /** - * Reject non-standard curves for key generation, message encryption, signing or verification - * @memberof module:config - * @property {Set} rejectCurves {@link module:enums.curve} - */ - rejectCurves: new Set([enums.curve.secp256k1]) -}; - -/** - * @fileoverview This object contains global configuration values. - * @see module:config/config - * @module config - */ - -// GPG4Browsers - An OpenPGP implementation in javascript /** * Finds out which Ascii Armoring type is used. Throws error if unknown type. @@ -2997,33 +2546,33 @@ function getType(text) { // parts, and this is the Xth part out of Y. if (/MESSAGE, PART \d+\/\d+/.test(header[1])) { return enums.armor.multipartSection; - } else + } // BEGIN PGP MESSAGE, PART X // Used for multi-part messages, where this is the Xth part of an // unspecified number of parts. Requires the MESSAGE-ID Armor // Header to be used. if (/MESSAGE, PART \d+/.test(header[1])) { return enums.armor.multipartLast; - } else + } // BEGIN PGP SIGNED MESSAGE if (/SIGNED MESSAGE/.test(header[1])) { return enums.armor.signed; - } else + } // BEGIN PGP MESSAGE // Used for signed, encrypted, or compressed files. if (/MESSAGE/.test(header[1])) { return enums.armor.message; - } else + } // BEGIN PGP PUBLIC KEY BLOCK // Used for armoring public keys. if (/PUBLIC KEY BLOCK/.test(header[1])) { return enums.armor.publicKey; - } else + } // BEGIN PGP PRIVATE KEY BLOCK // Used for armoring private keys. if (/PRIVATE KEY BLOCK/.test(header[1])) { return enums.armor.privateKey; - } else + } // BEGIN PGP SIGNATURE // Used for detached signatures, OpenPGP/MIME signatures, and // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE @@ -3057,7 +2606,6 @@ function addheader(customComment, config) { return result; } - /** * Calculates a checksum over the given data and returns it base64 encoded * @param {String | ReadableStream} data - Data to create a CRC-24 checksum for @@ -3066,7 +2614,7 @@ function addheader(customComment, config) { */ function getCheckSum(data) { const crc = createcrc24(data); - return encode(crc); + return encode$1(crc); } // https://create.stephan-brumme.com/crc32/#slicing-by-8-overview @@ -3099,7 +2647,7 @@ for (let i = 0; i <= 0xFF; i++) { } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView#Endianness -const isLittleEndian = (function() { +const isLittleEndian$1 = (function() { const buffer = new ArrayBuffer(2); new DataView(buffer).setInt16(0, 0xFF, true /* littleEndian */); // Int16Array uses the platform's endianness. @@ -3115,7 +2663,7 @@ const isLittleEndian = (function() { function createcrc24(input) { let crc = 0xCE04B7; return transform(input, value => { - const len32 = isLittleEndian ? Math.floor(value.length / 4) : 0; + const len32 = isLittleEndian$1 ? Math.floor(value.length / 4) : 0; const arr32 = new Uint32Array(value.buffer, value.byteOffset, len32); for (let i = 0; i < len32; i++) { crc ^= arr32[i]; @@ -3139,7 +2687,7 @@ function createcrc24(input) { * @private * @param {Array} headers - Armor headers */ -function verifyHeaders(headers) { +function verifyHeaders$1(headers) { for (let i = 0; i < headers.length; i++) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); @@ -3151,24 +2699,21 @@ function verifyHeaders(headers) { } /** - * Splits a message into two parts, the body and the checksum. This is an internal function - * @param {String} text - OpenPGP armored message part - * @returns {Object} An object with attribute "body" containing the body. - * and an attribute "checksum" containing the checksum. + * Remove the (optional) checksum from an armored message. + * @param {String} text - OpenPGP armored message + * @returns {String} The body of the armored message. * @private */ -function splitChecksum(text) { +function removeChecksum(text) { let body = text; - let checksum = ''; const lastEquals = text.lastIndexOf('='); if (lastEquals >= 0 && lastEquals !== text.length - 1) { // '=' as the last char means no checksum body = text.slice(0, lastEquals); - checksum = text.slice(lastEquals + 1).substr(0, 4); } - return { body: body, checksum: checksum }; + return body; } /** @@ -3180,7 +2725,7 @@ function splitChecksum(text) { * @async * @static */ -function unarmor(input, config$1 = config) { +function unarmor(input) { // eslint-disable-next-line no-async-promise-executor return new Promise(async (resolve, reject) => { try { @@ -3193,8 +2738,7 @@ function unarmor(input, config$1 = config) { let headersDone; let text = []; let textDone; - let checksum; - let data = decode(transformPair(input, async (readable, writable) => { + const data = decode$2(transformPair(input, async (readable, writable) => { const reader = getReader(readable); try { while (true) { @@ -3215,21 +2759,21 @@ function unarmor(input, config$1 = config) { if (!reEmptyLine.test(line)) { lastHeaders.push(line); } else { - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); headersDone = true; - if (textDone || type !== 2) { + if (textDone || type !== enums.armor.signed) { resolve({ text, data, headers, type }); break; } } - } else if (!textDone && type === 2) { + } else if (!textDone && type === enums.armor.signed) { if (!reSplit.test(line)) { // Reverse dash-escaping for msg text.push(line.replace(/^- /, '')); } else { text = text.join('\r\n'); textDone = true; - verifyHeaders(lastHeaders); + verifyHeaders$1(lastHeaders); lastHeaders = []; headersDone = false; } @@ -3259,9 +2803,8 @@ function unarmor(input, config$1 = config) { if (parts.length === 1) { throw new Error('Misformed armored text'); } - const split = splitChecksum(parts[0].slice(0, -1)); - checksum = split.checksum; - await writer.write(split.body); + const body = removeChecksum(parts[0].slice(0, -1)); + await writer.write(body); break; } } @@ -3271,24 +2814,6 @@ function unarmor(input, config$1 = config) { await writer.abort(e); } })); - data = transformPair(data, async (readable, writable) => { - const checksumVerified = readToEnd(getCheckSum(passiveClone(readable))); - checksumVerified.catch(() => {}); - await pipe(readable, writable, { - preventClose: true - }); - const writer = getWriter(writable); - try { - const checksumVerifiedString = (await checksumVerified).replace('\n', ''); - if (checksum !== checksumVerifiedString && (checksum || config$1.checksumRequired)) { - throw new Error('Ascii armor integrity check failed'); - } - await writer.ready; - await writer.close(); - } catch (e) { - await writer.abort(e); - } - }); } catch (e) { reject(e); } @@ -3308,10 +2833,13 @@ function unarmor(input, config$1 = config) { * @param {Integer} [partIndex] * @param {Integer} [partTotal] * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {String | ReadableStream} Armored text. * @static */ -function armor(messageType, body, partIndex, partTotal, customComment, config$1 = config) { +function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config$1 = config) { let text; let hash; if (messageType === enums.armor.signed) { @@ -3319,59 +2847,62 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 hash = body.hash; body = body.data; } - const bodyClone = passiveClone(body); + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && passiveClone(body); + const result = []; switch (messageType) { case enums.armor.multipartSection: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); break; case enums.armor.multipartLast: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); break; case enums.armor.signed: result.push('-----BEGIN PGP SIGNED MESSAGE-----\n'); - result.push('Hash: ' + hash + '\n\n'); + result.push(hash ? `Hash: ${hash}\n\n` : '\n'); result.push(text.replace(/^-/mg, '- -')); result.push('\n-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; case enums.armor.message: result.push('-----BEGIN PGP MESSAGE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE-----\n'); break; case enums.armor.publicKey: result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); break; case enums.armor.privateKey: result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); break; case enums.armor.signature: result.push('-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config$1)); - result.push(encode(body)); - result.push('=', getCheckSum(bodyClone)); + result.push(encode$1(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; } @@ -3379,40689 +2910,25656 @@ function armor(messageType, body, partIndex, partTotal, customComment, config$1 return util.concat(result); } -// GPG4Browsers - An OpenPGP implementation in javascript +async function getLegacyCipher(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + throw new Error('Not a legacy cipher'); + case enums.symmetric.cast5: + case enums.symmetric.blowfish: + case enums.symmetric.twofish: + case enums.symmetric.tripledes: { + const { legacyCiphers } = await Promise.resolve().then(function () { return legacy_ciphers; }); + const cipher = legacyCiphers.get(algo); + if (!cipher) { + throw new Error('Unsupported cipher algorithm'); + } + return cipher; + } + default: + throw new Error('Unsupported cipher algorithm'); + } +} /** - * Implementation of type key id - * - * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: - * A Key ID is an eight-octet scalar that identifies a key. - * Implementations SHOULD NOT assume that Key IDs are unique. The - * section "Enhanced Key Formats" below describes how Key IDs are - * formed. + * Get block size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -class KeyID { - constructor() { - this.bytes = ''; - } - - /** - * Parsing method for a key id - * @param {Uint8Array} bytes - Input to read the key id from - */ - read(bytes) { - this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); - return this.bytes.length; - } - - /** - * Serializes the Key ID - * @returns {Uint8Array} Key ID as a Uint8Array. - */ - write() { - return util.stringToUint8Array(this.bytes); - } - - /** - * Returns the Key ID represented as a hexadecimal string - * @returns {String} Key ID as a hexadecimal string. - */ - toHex() { - return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); - } - - /** - * Checks equality of Key ID's - * @param {KeyID} keyID - * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard - */ - equals(keyID, matchWildcard = false) { - return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; - } - - /** - * Checks to see if the Key ID is unset - * @returns {Boolean} True if the Key ID is null. - */ - isNull() { - return this.bytes === ''; - } - - /** - * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) - * @returns {Boolean} True if this is a wildcard Key ID. - */ - isWildcard() { - return /^0+$/.test(this.toHex()); - } - - static mapToHex(keyID) { - return keyID.toHex(); - } - - static fromID(hex) { - const keyID = new KeyID(); - keyID.read(util.hexToUint8Array(hex)); - return keyID; +function getCipherBlockSize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.aes192: + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 16; + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + case enums.symmetric.tripledes: + return 8; + default: + throw new Error('Unsupported cipher'); } +} - static wildcard() { - const keyID = new KeyID(); - keyID.read(new Uint8Array(8)); - return keyID; +/** + * Get key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier + */ +function getCipherKeySize(algo) { + switch (algo) { + case enums.symmetric.aes128: + case enums.symmetric.blowfish: + case enums.symmetric.cast5: + return 16; + case enums.symmetric.aes192: + case enums.symmetric.tripledes: + return 24; + case enums.symmetric.aes256: + case enums.symmetric.twofish: + return 32; + default: + throw new Error('Unsupported cipher'); } } /** - * @file {@link http://asmjs.org Asm.js} implementation of the {@link https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard}. - * @author Artem S Vybornov - * @license MIT + * Get block and key size for given cipher algo + * @param {module:enums.symmetric} algo - alrogithm identifier */ -var AES_asm = function () { - - /** - * Galois Field stuff init flag - */ - var ginit_done = false; +function getCipherParams(algo) { + return { keySize: getCipherKeySize(algo), blockSize: getCipherBlockSize(algo) }; +} - /** - * Galois Field exponentiation and logarithm tables for 3 (the generator) - */ - var gexp3, glog3; +var cipher = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCipherParams: getCipherParams, + getLegacyCipher: getLegacyCipher +}); - /** - * Init Galois Field tables - */ - function ginit() { - gexp3 = [], - glog3 = []; +/** + * A fast MD5 JavaScript implementation + * Copyright (c) 2012 Joseph Myers + * http://www.myersdaily.org/joseph/javascript/md5-text.html + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purposes and without + * fee is hereby granted provided that this copyright notice + * appears in all copies. + * + * Of course, this soft is provided "as is" without express or implied + * warranty of any kind. + */ - var a = 1, c, d; - for (c = 0; c < 255; c++) { - gexp3[c] = a; - // Multiply by three - d = a & 0x80, a <<= 1, a &= 255; - if (d === 0x80) a ^= 0x1b; - a ^= gexp3[c]; +// MD5 Digest +async function md5(entree) { + const digest = md51(util.uint8ArrayToString(entree)); + return util.hexToUint8Array(hex(digest)); +} - // Set the log table value - glog3[gexp3[c]] = c; - } - gexp3[255] = gexp3[0]; - glog3[0] = 0; +function md5cycle(x, k) { + let a = x[0]; + let b = x[1]; + let c = x[2]; + let d = x[3]; - ginit_done = true; - } + a = ff(a, b, c, d, k[0], 7, -680876936); + d = ff(d, a, b, c, k[1], 12, -389564586); + c = ff(c, d, a, b, k[2], 17, 606105819); + b = ff(b, c, d, a, k[3], 22, -1044525330); + a = ff(a, b, c, d, k[4], 7, -176418897); + d = ff(d, a, b, c, k[5], 12, 1200080426); + c = ff(c, d, a, b, k[6], 17, -1473231341); + b = ff(b, c, d, a, k[7], 22, -45705983); + a = ff(a, b, c, d, k[8], 7, 1770035416); + d = ff(d, a, b, c, k[9], 12, -1958414417); + c = ff(c, d, a, b, k[10], 17, -42063); + b = ff(b, c, d, a, k[11], 22, -1990404162); + a = ff(a, b, c, d, k[12], 7, 1804603682); + d = ff(d, a, b, c, k[13], 12, -40341101); + c = ff(c, d, a, b, k[14], 17, -1502002290); + b = ff(b, c, d, a, k[15], 22, 1236535329); - /** - * Galois Field multiplication - * @param {number} a - * @param {number} b - * @return {number} - */ - function gmul(a, b) { - var c = gexp3[(glog3[a] + glog3[b]) % 255]; - if (a === 0 || b === 0) c = 0; - return c; - } + a = gg(a, b, c, d, k[1], 5, -165796510); + d = gg(d, a, b, c, k[6], 9, -1069501632); + c = gg(c, d, a, b, k[11], 14, 643717713); + b = gg(b, c, d, a, k[0], 20, -373897302); + a = gg(a, b, c, d, k[5], 5, -701558691); + d = gg(d, a, b, c, k[10], 9, 38016083); + c = gg(c, d, a, b, k[15], 14, -660478335); + b = gg(b, c, d, a, k[4], 20, -405537848); + a = gg(a, b, c, d, k[9], 5, 568446438); + d = gg(d, a, b, c, k[14], 9, -1019803690); + c = gg(c, d, a, b, k[3], 14, -187363961); + b = gg(b, c, d, a, k[8], 20, 1163531501); + a = gg(a, b, c, d, k[13], 5, -1444681467); + d = gg(d, a, b, c, k[2], 9, -51403784); + c = gg(c, d, a, b, k[7], 14, 1735328473); + b = gg(b, c, d, a, k[12], 20, -1926607734); - /** - * Galois Field reciprocal - * @param {number} a - * @return {number} - */ - function ginv(a) { - var i = gexp3[255 - glog3[a]]; - if (a === 0) i = 0; - return i; - } + a = hh(a, b, c, d, k[5], 4, -378558); + d = hh(d, a, b, c, k[8], 11, -2022574463); + c = hh(c, d, a, b, k[11], 16, 1839030562); + b = hh(b, c, d, a, k[14], 23, -35309556); + a = hh(a, b, c, d, k[1], 4, -1530992060); + d = hh(d, a, b, c, k[4], 11, 1272893353); + c = hh(c, d, a, b, k[7], 16, -155497632); + b = hh(b, c, d, a, k[10], 23, -1094730640); + a = hh(a, b, c, d, k[13], 4, 681279174); + d = hh(d, a, b, c, k[0], 11, -358537222); + c = hh(c, d, a, b, k[3], 16, -722521979); + b = hh(b, c, d, a, k[6], 23, 76029189); + a = hh(a, b, c, d, k[9], 4, -640364487); + d = hh(d, a, b, c, k[12], 11, -421815835); + c = hh(c, d, a, b, k[15], 16, 530742520); + b = hh(b, c, d, a, k[2], 23, -995338651); - /** - * AES stuff init flag - */ - var aes_init_done = false; + a = ii(a, b, c, d, k[0], 6, -198630844); + d = ii(d, a, b, c, k[7], 10, 1126891415); + c = ii(c, d, a, b, k[14], 15, -1416354905); + b = ii(b, c, d, a, k[5], 21, -57434055); + a = ii(a, b, c, d, k[12], 6, 1700485571); + d = ii(d, a, b, c, k[3], 10, -1894986606); + c = ii(c, d, a, b, k[10], 15, -1051523); + b = ii(b, c, d, a, k[1], 21, -2054922799); + a = ii(a, b, c, d, k[8], 6, 1873313359); + d = ii(d, a, b, c, k[15], 10, -30611744); + c = ii(c, d, a, b, k[6], 15, -1560198380); + b = ii(b, c, d, a, k[13], 21, 1309151649); + a = ii(a, b, c, d, k[4], 6, -145523070); + d = ii(d, a, b, c, k[11], 10, -1120210379); + c = ii(c, d, a, b, k[2], 15, 718787259); + b = ii(b, c, d, a, k[9], 21, -343485551); - /** - * Encryption, Decryption, S-Box and KeyTransform tables - * - * @type {number[]} - */ - var aes_sbox; + x[0] = add32(a, x[0]); + x[1] = add32(b, x[1]); + x[2] = add32(c, x[2]); + x[3] = add32(d, x[3]); +} - /** - * @type {number[]} - */ - var aes_sinv; +function cmn(q, a, b, x, s, t) { + a = add32(add32(a, q), add32(x, t)); + return add32((a << s) | (a >>> (32 - s)), b); +} - /** - * @type {number[][]} - */ - var aes_enc; +function ff(a, b, c, d, x, s, t) { + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} - /** - * @type {number[][]} - */ - var aes_dec; +function gg(a, b, c, d, x, s, t) { + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} - /** - * Init AES tables - */ - function aes_init() { - if (!ginit_done) ginit(); +function hh(a, b, c, d, x, s, t) { + return cmn(b ^ c ^ d, a, b, x, s, t); +} - // Calculates AES S-Box value - function _s(a) { - var c, s, x; - s = x = ginv(a); - for (c = 0; c < 4; c++) { - s = ((s << 1) | (s >>> 7)) & 255; - x ^= s; - } - x ^= 99; - return x; - } - - // Tables - aes_sbox = [], - aes_sinv = [], - aes_enc = [[], [], [], []], - aes_dec = [[], [], [], []]; - - for (var i = 0; i < 256; i++) { - var s = _s(i); - - // S-Box and its inverse - aes_sbox[i] = s; - aes_sinv[s] = i; - - // Ecryption and Decryption tables - aes_enc[0][i] = (gmul(2, s) << 24) | (s << 16) | (s << 8) | gmul(3, s); - aes_dec[0][s] = (gmul(14, i) << 24) | (gmul(9, i) << 16) | (gmul(13, i) << 8) | gmul(11, i); - // Rotate tables - for (var t = 1; t < 4; t++) { - aes_enc[t][i] = (aes_enc[t - 1][i] >>> 8) | (aes_enc[t - 1][i] << 24); - aes_dec[t][s] = (aes_dec[t - 1][s] >>> 8) | (aes_dec[t - 1][s] << 24); - } - } +function ii(a, b, c, d, x, s, t) { + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} - aes_init_done = true; +function md51(s) { + const n = s.length; + const state = [1732584193, -271733879, -1732584194, 271733878]; + let i; + for (i = 64; i <= s.length; i += 64) { + md5cycle(state, md5blk(s.substring(i - 64, i))); } - - /** - * Asm.js module constructor. - * - *

- * Heap buffer layout by offset: - * 

-   * 0x0000   encryption key schedule
-   * 0x0400   decryption key schedule
-   * 0x0800   sbox
-   * 0x0c00   inv sbox
-   * 0x1000   encryption tables
-   * 0x2000   decryption tables
-   * 0x3000   reserved (future GCM multiplication lookup table)
-   * 0x4000   data
-   *
- * Don't touch anything before 0x400. - *

- * - * @alias AES_asm - * @class - * @param foreign - ignored - * @param buffer - heap buffer to link with - */ - var wrapper = function (foreign, buffer) { - // Init AES stuff for the first time - if (!aes_init_done) aes_init(); - - // Fill up AES tables - var heap = new Uint32Array(buffer); - heap.set(aes_sbox, 0x0800 >> 2); - heap.set(aes_sinv, 0x0c00 >> 2); - for (var i = 0; i < 4; i++) { - heap.set(aes_enc[i], (0x1000 + 0x400 * i) >> 2); - heap.set(aes_dec[i], (0x2000 + 0x400 * i) >> 2); + s = s.substring(i - 64); + const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for (i = 0; i < s.length; i++) { + tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); + } + tail[i >> 2] |= 0x80 << ((i % 4) << 3); + if (i > 55) { + md5cycle(state, tail); + for (i = 0; i < 16; i++) { + tail[i] = 0; } + } + tail[14] = n * 8; + md5cycle(state, tail); + return state; +} - /** - * Calculate AES key schedules. - * @instance - * @memberof AES_asm - * @param {number} ks - key size, 4/6/8 (for 128/192/256-bit key correspondingly) - * @param {number} k0 - key vector components - * @param {number} k1 - key vector components - * @param {number} k2 - key vector components - * @param {number} k3 - key vector components - * @param {number} k4 - key vector components - * @param {number} k5 - key vector components - * @param {number} k6 - key vector components - * @param {number} k7 - key vector components - */ - function set_key(ks, k0, k1, k2, k3, k4, k5, k6, k7) { - var ekeys = heap.subarray(0x000, 60), - dkeys = heap.subarray(0x100, 0x100 + 60); - - // Encryption key schedule - ekeys.set([k0, k1, k2, k3, k4, k5, k6, k7]); - for (var i = ks, rcon = 1; i < 4 * ks + 28; i++) { - var k = ekeys[i - 1]; - if ((i % ks === 0) || (ks === 8 && i % ks === 4)) { - k = aes_sbox[k >>> 24] << 24 ^ aes_sbox[k >>> 16 & 255] << 16 ^ aes_sbox[k >>> 8 & 255] << 8 ^ aes_sbox[k & 255]; - } - if (i % ks === 0) { - k = (k << 8) ^ (k >>> 24) ^ (rcon << 24); - rcon = (rcon << 1) ^ ((rcon & 0x80) ? 0x1b : 0); - } - ekeys[i] = ekeys[i - ks] ^ k; - } - - // Decryption key schedule - for (var j = 0; j < i; j += 4) { - for (var jj = 0; jj < 4; jj++) { - var k = ekeys[i - (4 + j) + (4 - jj) % 4]; - if (j < 4 || j >= i - 4) { - dkeys[j + jj] = k; - } else { - dkeys[j + jj] = aes_dec[0][aes_sbox[k >>> 24]] - ^ aes_dec[1][aes_sbox[k >>> 16 & 255]] - ^ aes_dec[2][aes_sbox[k >>> 8 & 255]] - ^ aes_dec[3][aes_sbox[k & 255]]; - } - } - } - - // Set rounds number - asm.set_rounds(ks + 5); - } - - // create library object with necessary properties - var stdlib = {Uint8Array: Uint8Array, Uint32Array: Uint32Array}; - - var asm = function (stdlib, foreign, buffer) { - "use asm"; - - var S0 = 0, S1 = 0, S2 = 0, S3 = 0, - I0 = 0, I1 = 0, I2 = 0, I3 = 0, - N0 = 0, N1 = 0, N2 = 0, N3 = 0, - M0 = 0, M1 = 0, M2 = 0, M3 = 0, - H0 = 0, H1 = 0, H2 = 0, H3 = 0, - R = 0; - - var HEAP = new stdlib.Uint32Array(buffer), - DATA = new stdlib.Uint8Array(buffer); - - /** - * AES core - * @param {number} k - precomputed key schedule offset - * @param {number} s - precomputed sbox table offset - * @param {number} t - precomputed round table offset - * @param {number} r - number of inner rounds to perform - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _core(k, s, t, r, x0, x1, x2, x3) { - k = k | 0; - s = s | 0; - t = t | 0; - r = r | 0; - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t1 = 0, t2 = 0, t3 = 0, - y0 = 0, y1 = 0, y2 = 0, y3 = 0, - i = 0; - - t1 = t | 0x400, t2 = t | 0x800, t3 = t | 0xc00; - - // round 0 - x0 = x0 ^ HEAP[(k | 0) >> 2], - x1 = x1 ^ HEAP[(k | 4) >> 2], - x2 = x2 ^ HEAP[(k | 8) >> 2], - x3 = x3 ^ HEAP[(k | 12) >> 2]; - - // round 1..r - for (i = 16; (i | 0) <= (r << 4); i = (i + 16) | 0) { - y0 = HEAP[(t | x0 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x1 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x2 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - y1 = HEAP[(t | x1 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x2 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x3 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - y2 = HEAP[(t | x2 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x3 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x0 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - y3 = HEAP[(t | x3 >> 22 & 1020) >> 2] ^ HEAP[(t1 | x0 >> 14 & 1020) >> 2] ^ HEAP[(t2 | x1 >> 6 & 1020) >> 2] ^ HEAP[(t3 | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - x0 = y0, x1 = y1, x2 = y2, x3 = y3; - } - - // final round - S0 = HEAP[(s | x0 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x1 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x2 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x3 << 2 & 1020) >> 2] ^ HEAP[(k | i | 0) >> 2], - S1 = HEAP[(s | x1 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x2 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x3 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x0 << 2 & 1020) >> 2] ^ HEAP[(k | i | 4) >> 2], - S2 = HEAP[(s | x2 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x3 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x0 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x1 << 2 & 1020) >> 2] ^ HEAP[(k | i | 8) >> 2], - S3 = HEAP[(s | x3 >> 22 & 1020) >> 2] << 24 ^ HEAP[(s | x0 >> 14 & 1020) >> 2] << 16 ^ HEAP[(s | x1 >> 6 & 1020) >> 2] << 8 ^ HEAP[(s | x2 << 2 & 1020) >> 2] ^ HEAP[(k | i | 12) >> 2]; - } - - /** - * ECB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - x0, - x1, - x2, - x3 - ); - } - - /** - * ECB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ecb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - } - - - /** - * CBC mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0 ^ x0, - I1 ^ x1, - I2 ^ x2, - I3 ^ x3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - } - - /** - * CBC mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cbc_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var t = 0; - - _core( - 0x0400, 0x0c00, 0x2000, - R, - x0, - x3, - x2, - x1 - ); - - t = S1, S1 = S3, S3 = t; - - S0 = S0 ^ I0, - S1 = S1 ^ I1, - S2 = S2 ^ I2, - S3 = S3 ^ I3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * CFB mode encryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_enc(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0 = S0 ^ x0, - I1 = S1 = S1 ^ x1, - I2 = S2 = S2 ^ x2, - I3 = S3 = S3 ^ x3; - } - - - /** - * CFB mode decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _cfb_dec(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - - I0 = x0, - I1 = x1, - I2 = x2, - I3 = x3; - } - - /** - * OFB mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ofb(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - I0, - I1, - I2, - I3 - ); - - I0 = S0, - I1 = S1, - I2 = S2, - I3 = S3; - - S0 = S0 ^ x0, - S1 = S1 ^ x1, - S2 = S2 ^ x2, - S3 = S3 ^ x3; - } - - /** - * CTR mode encryption / decryption - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _ctr(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - _core( - 0x0000, 0x0800, 0x1000, - R, - N0, - N1, - N2, - N3 - ); - - N3 = (~M3 & N3) | M3 & (N3 + 1); - N2 = (~M2 & N2) | M2 & (N2 + ((N3 | 0) == 0)); - N1 = (~M1 & N1) | M1 & (N1 + ((N2 | 0) == 0)); - N0 = (~M0 & N0) | M0 & (N0 + ((N1 | 0) == 0)); - - S0 = S0 ^ x0; - S1 = S1 ^ x1; - S2 = S2 ^ x2; - S3 = S3 ^ x3; - } - - /** - * GCM mode MAC calculation - * @param {number} x0 - 128-bit input block vector - * @param {number} x1 - 128-bit input block vector - * @param {number} x2 - 128-bit input block vector - * @param {number} x3 - 128-bit input block vector - */ - function _gcm_mac(x0, x1, x2, x3) { - x0 = x0 | 0; - x1 = x1 | 0; - x2 = x2 | 0; - x3 = x3 | 0; - - var y0 = 0, y1 = 0, y2 = 0, y3 = 0, - z0 = 0, z1 = 0, z2 = 0, z3 = 0, - i = 0, c = 0; - - x0 = x0 ^ I0, - x1 = x1 ^ I1, - x2 = x2 ^ I2, - x3 = x3 ^ I3; - - y0 = H0 | 0, - y1 = H1 | 0, - y2 = H2 | 0, - y3 = H3 | 0; - - for (; (i | 0) < 128; i = (i + 1) | 0) { - if (y0 >>> 31) { - z0 = z0 ^ x0, - z1 = z1 ^ x1, - z2 = z2 ^ x2, - z3 = z3 ^ x3; - } - - y0 = (y0 << 1) | (y1 >>> 31), - y1 = (y1 << 1) | (y2 >>> 31), - y2 = (y2 << 1) | (y3 >>> 31), - y3 = (y3 << 1); - - c = x3 & 1; - - x3 = (x3 >>> 1) | (x2 << 31), - x2 = (x2 >>> 1) | (x1 << 31), - x1 = (x1 >>> 1) | (x0 << 31), - x0 = (x0 >>> 1); - - if (c) x0 = x0 ^ 0xe1000000; - } - - I0 = z0, - I1 = z1, - I2 = z2, - I3 = z3; - } - - /** - * Set the internal rounds number. - * @instance - * @memberof AES_asm - * @param {number} r - number if inner AES rounds - */ - function set_rounds(r) { - r = r | 0; - R = r; - } - - /** - * Populate the internal state of the module. - * @instance - * @memberof AES_asm - * @param {number} s0 - state vector - * @param {number} s1 - state vector - * @param {number} s2 - state vector - * @param {number} s3 - state vector - */ - function set_state(s0, s1, s2, s3) { - s0 = s0 | 0; - s1 = s1 | 0; - s2 = s2 | 0; - s3 = s3 | 0; - - S0 = s0, - S1 = s1, - S2 = s2, - S3 = s3; - } - - /** - * Populate the internal iv of the module. - * @instance - * @memberof AES_asm - * @param {number} i0 - iv vector - * @param {number} i1 - iv vector - * @param {number} i2 - iv vector - * @param {number} i3 - iv vector - */ - function set_iv(i0, i1, i2, i3) { - i0 = i0 | 0; - i1 = i1 | 0; - i2 = i2 | 0; - i3 = i3 | 0; - - I0 = i0, - I1 = i1, - I2 = i2, - I3 = i3; - } - - /** - * Set nonce for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} n0 - nonce vector - * @param {number} n1 - nonce vector - * @param {number} n2 - nonce vector - * @param {number} n3 - nonce vector - */ - function set_nonce(n0, n1, n2, n3) { - n0 = n0 | 0; - n1 = n1 | 0; - n2 = n2 | 0; - n3 = n3 | 0; - - N0 = n0, - N1 = n1, - N2 = n2, - N3 = n3; - } - - /** - * Set counter mask for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} m0 - counter mask vector - * @param {number} m1 - counter mask vector - * @param {number} m2 - counter mask vector - * @param {number} m3 - counter mask vector - */ - function set_mask(m0, m1, m2, m3) { - m0 = m0 | 0; - m1 = m1 | 0; - m2 = m2 | 0; - m3 = m3 | 0; - - M0 = m0, - M1 = m1, - M2 = m2, - M3 = m3; - } - - /** - * Set counter for CTR-family modes. - * @instance - * @memberof AES_asm - * @param {number} c0 - counter vector - * @param {number} c1 - counter vector - * @param {number} c2 - counter vector - * @param {number} c3 - counter vector - */ - function set_counter(c0, c1, c2, c3) { - c0 = c0 | 0; - c1 = c1 | 0; - c2 = c2 | 0; - c3 = c3 | 0; - - N3 = (~M3 & N3) | M3 & c3, - N2 = (~M2 & N2) | M2 & c2, - N1 = (~M1 & N1) | M1 & c1, - N0 = (~M0 & N0) | M0 & c0; - } - - /** - * Store the internal state vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_state(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - return 16; - } - - /** - * Store the internal iv vector into the heap. - * @instance - * @memberof AES_asm - * @param {number} pos - offset where to put the data - * @return {number} The number of bytes have been written into the heap, always 16. - */ - function get_iv(pos) { - pos = pos | 0; - - if (pos & 15) return -1; - - DATA[pos | 0] = I0 >>> 24, - DATA[pos | 1] = I0 >>> 16 & 255, - DATA[pos | 2] = I0 >>> 8 & 255, - DATA[pos | 3] = I0 & 255, - DATA[pos | 4] = I1 >>> 24, - DATA[pos | 5] = I1 >>> 16 & 255, - DATA[pos | 6] = I1 >>> 8 & 255, - DATA[pos | 7] = I1 & 255, - DATA[pos | 8] = I2 >>> 24, - DATA[pos | 9] = I2 >>> 16 & 255, - DATA[pos | 10] = I2 >>> 8 & 255, - DATA[pos | 11] = I2 & 255, - DATA[pos | 12] = I3 >>> 24, - DATA[pos | 13] = I3 >>> 16 & 255, - DATA[pos | 14] = I3 >>> 8 & 255, - DATA[pos | 15] = I3 & 255; - - return 16; - } - - /** - * GCM initialization. - * @instance - * @memberof AES_asm - */ - function gcm_init() { - _ecb_enc(0, 0, 0, 0); - H0 = S0, - H1 = S1, - H2 = S2, - H3 = S3; - } - - /** - * Perform ciphering operation on the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function cipher(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; - - var ret = 0; +/* there needs to be support for Unicode here, + * unless we pretend that we can redefine the MD-5 + * algorithm for multi-byte characters (perhaps + * by adding every four 16-bit characters and + * shortening the sum to 32 bits). Otherwise + * I suggest performing MD-5 as if every character + * was two bytes--e.g., 0040 0025 = @%--but then + * how will an ordinary MD-5 sum be matched? + * There is no way to standardize text to something + * like UTF-8 before transformation; speed cost is + * utterly prohibitive. The JavaScript standard + * itself needs to look at this: it should start + * providing access to strings as preformed UTF-8 + * 8-bit unsigned value arrays. + */ +function md5blk(s) { /* I figured global was faster. */ + const md5blks = []; + let i; /* Andy King said do it this way. */ + for (i = 0; i < 64; i += 4) { + md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << + 24); + } + return md5blks; +} - if (pos & 15) return -1; +const hex_chr = '0123456789abcdef'.split(''); - while ((len | 0) >= 16) { - _cipher_modes[mode & 7]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); +function rhex(n) { + let s = ''; + let j = 0; + for (; j < 4; j++) { + s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; + } + return s; +} - DATA[pos | 0] = S0 >>> 24, - DATA[pos | 1] = S0 >>> 16 & 255, - DATA[pos | 2] = S0 >>> 8 & 255, - DATA[pos | 3] = S0 & 255, - DATA[pos | 4] = S1 >>> 24, - DATA[pos | 5] = S1 >>> 16 & 255, - DATA[pos | 6] = S1 >>> 8 & 255, - DATA[pos | 7] = S1 & 255, - DATA[pos | 8] = S2 >>> 24, - DATA[pos | 9] = S2 >>> 16 & 255, - DATA[pos | 10] = S2 >>> 8 & 255, - DATA[pos | 11] = S2 & 255, - DATA[pos | 12] = S3 >>> 24, - DATA[pos | 13] = S3 >>> 16 & 255, - DATA[pos | 14] = S3 >>> 8 & 255, - DATA[pos | 15] = S3 & 255; - - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } +function hex(x) { + for (let i = 0; i < x.length; i++) { + x[i] = rhex(x[i]); + } + return x.join(''); +} - return ret | 0; - } +/* this function is much faster, +so if possible we use it. Some IEs +are the only ones I know of that +need the idiotic second function, +generated by an if clause. */ - /** - * Calculates MAC of the supplied data. - * @instance - * @memberof AES_asm - * @param {number} mode - block cipher mode (see {@link AES_asm} mode constants) - * @param {number} pos - offset of the data being processed - * @param {number} len - length of the data being processed - * @return {number} Actual amount of data have been processed. - */ - function mac(mode, pos, len) { - mode = mode | 0; - pos = pos | 0; - len = len | 0; +function add32(a, b) { + return (a + b) & 0xFFFFFFFF; +} - var ret = 0; +/** + * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. + * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} + * @see {@link https://github.com/indutny/hash.js|hash.js} + * @module crypto/hash + */ - if (pos & 15) return -1; - while ((len | 0) >= 16) { - _mac_modes[mode & 1]( - DATA[pos | 0] << 24 | DATA[pos | 1] << 16 | DATA[pos | 2] << 8 | DATA[pos | 3], - DATA[pos | 4] << 24 | DATA[pos | 5] << 16 | DATA[pos | 6] << 8 | DATA[pos | 7], - DATA[pos | 8] << 24 | DATA[pos | 9] << 16 | DATA[pos | 10] << 8 | DATA[pos | 11], - DATA[pos | 12] << 24 | DATA[pos | 13] << 16 | DATA[pos | 14] << 8 | DATA[pos | 15] - ); +const webCrypto$a = util.getWebCrypto(); +const nodeCrypto$9 = util.getNodeCrypto(); +const nodeCryptoHashes = nodeCrypto$9 && nodeCrypto$9.getHashes(); - ret = (ret + 16) | 0, - pos = (pos + 16) | 0, - len = (len - 16) | 0; - } +function nodeHash(type) { + if (!nodeCrypto$9 || !nodeCryptoHashes.includes(type)) { + return; + } + return async function (data) { + const shasum = nodeCrypto$9.createHash(type); + return transform(data, value => { + shasum.update(value); + }, () => new Uint8Array(shasum.digest())); + }; +} - return ret | 0; - } +function nobleHash(nobleHashName, webCryptoHashName) { + const getNobleHash = async () => { + const { nobleHashes } = await Promise.resolve().then(function () { return noble_hashes; }); + const hash = nobleHashes.get(nobleHashName); + if (!hash) throw new Error('Unsupported hash'); + return hash; + }; - /** - * AES cipher modes table (virual methods) - */ - var _cipher_modes = [_ecb_enc, _ecb_dec, _cbc_enc, _cbc_dec, _cfb_enc, _cfb_dec, _ofb, _ctr]; + return async function(data) { + if (isArrayStream(data)) { + data = await readToEnd(data); + } + if (util.isStream(data)) { + const hash = await getNobleHash(); - /** - * AES MAC modes table (virual methods) - */ - var _mac_modes = [_cbc_enc, _gcm_mac]; + const hashInstance = hash.create(); + return transform(data, value => { + hashInstance.update(value); + }, () => hashInstance.digest()); + } else if (webCrypto$a && webCryptoHashName) { + return new Uint8Array(await webCrypto$a.digest(webCryptoHashName, data)); + } else { + const hash = await getNobleHash(); - /** - * Asm.js module exports - */ - return { - set_rounds: set_rounds, - set_state: set_state, - set_iv: set_iv, - set_nonce: set_nonce, - set_mask: set_mask, - set_counter: set_counter, - get_state: get_state, - get_iv: get_iv, - gcm_init: gcm_init, - cipher: cipher, - mac: mac, - }; - }(stdlib, foreign, buffer); + return hash(data); + } + }; +} - asm.set_key = set_key; +var hash$1 = { - return asm; - }; + /** @see module:md5 */ + md5: nodeHash('md5') || md5, + sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'), + sha224: nodeHash('sha224') || nobleHash('sha224'), + sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'), + sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'), + sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'), + ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'), + sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'), + sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'), /** - * AES enciphering mode constants - * @enum {number} - * @const + * Create a hash on the specified data using the specified algorithm + * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @param {Uint8Array} data - Data to be hashed + * @returns {Promise} Hash value. */ - wrapper.ENC = { - ECB: 0, - CBC: 2, - CFB: 4, - OFB: 6, - CTR: 7, + digest: function(algo, data) { + switch (algo) { + case enums.hash.md5: + return this.md5(data); + case enums.hash.sha1: + return this.sha1(data); + case enums.hash.ripemd: + return this.ripemd(data); + case enums.hash.sha256: + return this.sha256(data); + case enums.hash.sha384: + return this.sha384(data); + case enums.hash.sha512: + return this.sha512(data); + case enums.hash.sha224: + return this.sha224(data); + case enums.hash.sha3_256: + return this.sha3_256(data); + case enums.hash.sha3_512: + return this.sha3_512(data); + default: + throw new Error('Unsupported hash function'); + } }, - /** - * AES deciphering mode constants - * @enum {number} - * @const - */ - wrapper.DEC = { - ECB: 1, - CBC: 3, - CFB: 5, - OFB: 6, - CTR: 7, - }, - - /** - * AES MAC mode constants - * @enum {number} - * @const - */ - wrapper.MAC = { - CBC: 0, - GCM: 1, - }; - /** - * Heap data offset - * @type {number} - * @const + * Returns the hash size in bytes of the specified hash algorithm type + * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) + * @returns {Integer} Size in bytes of the resulting hash. */ - wrapper.HEAP_DATA = 0x4000; - - return wrapper; -}(); - -function is_bytes(a) { - return a instanceof Uint8Array; -} -function _heap_init(heap, heapSize) { - const size = heap ? heap.byteLength : heapSize || 65536; - if (size & 0xfff || size <= 0) - throw new Error('heap size must be a positive integer and a multiple of 4096'); - heap = heap || new Uint8Array(new ArrayBuffer(size)); - return heap; -} -function _heap_write(heap, hpos, data, dpos, dlen) { - const hlen = heap.length - hpos; - const wlen = hlen < dlen ? hlen : dlen; - heap.set(data.subarray(dpos, dpos + wlen), hpos); - return wlen; -} -function joinBytes(...arg) { - const totalLenght = arg.reduce((sum, curr) => sum + curr.length, 0); - const ret = new Uint8Array(totalLenght); - let cursor = 0; - for (let i = 0; i < arg.length; i++) { - ret.set(arg[i], cursor); - cursor += arg[i].length; - } - return ret; -} - -class IllegalStateError extends Error { - constructor(...args) { - super(...args); + getHashByteLength: function(algo) { + switch (algo) { + case enums.hash.md5: + return 16; + case enums.hash.sha1: + case enums.hash.ripemd: + return 20; + case enums.hash.sha256: + return 32; + case enums.hash.sha384: + return 48; + case enums.hash.sha512: + return 64; + case enums.hash.sha224: + return 28; + case enums.hash.sha3_256: + return 32; + case enums.hash.sha3_512: + return 64; + default: + throw new Error('Invalid hash algorithm.'); } + } +}; + +function isBytes$2(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); } -class IllegalArgumentError extends Error { - constructor(...args) { - super(...args); - } +function bytes$1(b, ...lengths) { + if (!isBytes$2(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function exists$1(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); } -class SecurityError extends Error { - constructor(...args) { - super(...args); +function output$1(out, instance) { + bytes$1(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); } } -const heap_pool = []; -const asm_pool = []; -class AES { - constructor(key, iv, padding = true, mode, heap, asm) { - this.pos = 0; - this.len = 0; - this.mode = mode; - // The AES object state - this.pos = 0; - this.len = 0; - this.key = key; - this.iv = iv; - this.padding = padding; - // The AES "worker" - this.acquire_asm(heap, asm); - } - acquire_asm(heap, asm) { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap || heap_pool.pop() || _heap_init().subarray(AES_asm.HEAP_DATA); - this.asm = asm || asm_pool.pop() || new AES_asm(null, this.heap.buffer); - this.reset(this.key, this.iv); - } - return { heap: this.heap, asm: this.asm }; +/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */ +// Cast array to different type +const u8$1 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength); +const u32$2 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView$1 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// big-endian hardware is rare. Just in case someone still decides to run ciphers: +// early-throw an error because we don't support BE yet. +const isLE$1 = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +if (!isLE$1) + throw new Error('Non little-endian hardware is not supported'); +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$2(str) { + if (typeof str !== 'string') + throw new Error(`string expected, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes$1(data) { + if (typeof data === 'string') + data = utf8ToBytes$2(data); + else if (isBytes$2(data)) + data = copyBytes(data); + else + throw new Error(`Uint8Array expected, got ${typeof data}`); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$2(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes$1(a); + sum += a.length; } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool.push(this.heap); - asm_pool.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - reset(key, iv) { - const { asm } = this.acquire_asm(); - // Key - const keylen = key.length; - if (keylen !== 16 && keylen !== 24 && keylen !== 32) - throw new IllegalArgumentError('illegal key size'); - const keyview = new DataView(key.buffer, key.byteOffset, key.byteLength); - asm.set_key(keylen >> 2, keyview.getUint32(0), keyview.getUint32(4), keyview.getUint32(8), keyview.getUint32(12), keylen > 16 ? keyview.getUint32(16) : 0, keylen > 16 ? keyview.getUint32(20) : 0, keylen > 24 ? keyview.getUint32(24) : 0, keylen > 24 ? keyview.getUint32(28) : 0); - // IV - if (iv !== undefined) { - if (iv.length !== 16) - throw new IllegalArgumentError('illegal iv size'); - let ivview = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); - asm.set_iv(ivview.getUint32(0), ivview.getUint32(4), ivview.getUint32(8), ivview.getUint32(12)); - } - else { - asm.set_iv(0, 0, 0, 0); - } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; } - AES_Encrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - let result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes$1(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @__NO_SIDE_EFFECTS__ + */ +const wrapCipher = (params, c) => { + Object.assign(c, params); + return c; +}; +// Polyfill for Safari 14 +function setBigUint64$1(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = 0; + const l = 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +// Is byte array aligned to 4 byte offset (u32)? +function isAligned32(bytes) { + return bytes.byteOffset % 4 === 0; +} +// copy bytes to new u8a (aligned). Because Buffer.slice is broken. +function copyBytes(bytes) { + return Uint8Array.from(bytes); +} +function clean(...arrays) { + for (let i = 0; i < arrays.length; i++) { + arrays[i].fill(0); + } +} + +// GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV. +// Implemented in terms of GHash with conversion function for keys +// GCM GHASH from NIST SP800-38d, SIV from RFC 8452. +// https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf +// GHASH modulo: x^128 + x^7 + x^2 + x + 1 +// POLYVAL modulo: x^128 + x^127 + x^126 + x^121 + 1 +const BLOCK_SIZE$1 = 16; +// TODO: rewrite +// temporary padding buffer +const ZEROS16 = /* @__PURE__ */ new Uint8Array(16); +const ZEROS32 = u32$2(ZEROS16); +const POLY$1 = 0xe1; // v = 2*v % POLY +// v = 2*v % POLY +// NOTE: because x + x = 0 (add/sub is same), mul2(x) != x+x +// We can multiply any number using montgomery ladder and this function (works as double, add is simple xor) +const mul2$1 = (s0, s1, s2, s3) => { + const hiBit = s3 & 1; + return { + s3: (s2 << 31) | (s3 >>> 1), + s2: (s1 << 31) | (s2 >>> 1), + s1: (s0 << 31) | (s1 >>> 1), + s0: (s0 >>> 1) ^ ((POLY$1 << 24) & -(hiBit & 1)), // reduce % poly + }; +}; +const swapLE = (n) => (((n >>> 0) & 0xff) << 24) | + (((n >>> 8) & 0xff) << 16) | + (((n >>> 16) & 0xff) << 8) | + ((n >>> 24) & 0xff) | + 0; +/** + * `mulX_POLYVAL(ByteReverse(H))` from spec + * @param k mutated in place + */ +function _toGHASHKey(k) { + k.reverse(); + const hiBit = k[15] & 1; + // k >>= 1 + let carry = 0; + for (let i = 0; i < k.length; i++) { + const t = k[i]; + k[i] = (t >>> 1) | carry; + carry = (t & 1) << 7; + } + k[0] ^= -hiBit & 0xe1; // if (hiBit) n ^= 0xe1000000000000000000000000000000; + return k; +} +const estimateWindow = (bytes) => { + if (bytes > 64 * 1024) + return 8; + if (bytes > 1024) + return 4; + return 2; +}; +class GHASH { + // We select bits per window adaptively based on expectedLength + constructor(key, expectedLength) { + this.blockLen = BLOCK_SIZE$1; + this.outputLen = BLOCK_SIZE$1; + this.s0 = 0; + this.s1 = 0; + this.s2 = 0; + this.s3 = 0; + this.finished = false; + key = toBytes$1(key); + bytes$1(key, 16); + const kView = createView$1(key); + let k0 = kView.getUint32(0, false); + let k1 = kView.getUint32(4, false); + let k2 = kView.getUint32(8, false); + let k3 = kView.getUint32(12, false); + // generate table of doubled keys (half of montgomery ladder) + const doubles = []; + for (let i = 0; i < 128; i++) { + doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) }); + ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2$1(k0, k1, k2, k3)); + } + const W = estimateWindow(expectedLength || 1024); + if (![1, 2, 4, 8].includes(W)) + throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`); + this.W = W; + const bits = 128; // always 128 bits; + const windows = bits / W; + const windowSize = (this.windowSize = 2 ** W); + const items = []; + // Create precompute table for window of W bits + for (let w = 0; w < windows; w++) { + // truth table: 00, 01, 10, 11 + for (let byte = 0; byte < windowSize; byte++) { + // prettier-ignore + let s0 = 0, s1 = 0, s2 = 0, s3 = 0; + for (let j = 0; j < W; j++) { + const bit = (byte >>> (W - j - 1)) & 1; + if (!bit) + continue; + const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j]; + (s0 ^= d0), (s1 ^= d1), (s2 ^= d2), (s3 ^= d3); + } + items.push({ s0, s1, s2, s3 }); } } - this.pos = pos; - this.len = len; - return result; - } - AES_Encrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.ENC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let plen = 16 - (len % 16); - let rlen = len; - if (this.hasOwnProperty('padding')) { - if (this.padding) { - for (let p = 0; p < plen; ++p) { - heap[pos + len + p] = plen; + this.t = items; + } + _updateBlock(s0, s1, s2, s3) { + (s0 ^= this.s0), (s1 ^= this.s1), (s2 ^= this.s2), (s3 ^= this.s3); + const { W, t, windowSize } = this; + // prettier-ignore + let o0 = 0, o1 = 0, o2 = 0, o3 = 0; + const mask = (1 << W) - 1; // 2**W will kill performance. + let w = 0; + for (const num of [s0, s1, s2, s3]) { + for (let bytePos = 0; bytePos < 4; bytePos++) { + const byte = (num >>> (8 * bytePos)) & 0xff; + for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) { + const bit = (byte >>> (W * bitPos)) & mask; + const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit]; + (o0 ^= e0), (o1 ^= e1), (o2 ^= e2), (o3 ^= e3); + w += 1; } - len += plen; - rlen = len; - } - else if (len % 16) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); } } - else { - len += plen; + this.s0 = o0; + this.s1 = o1; + this.s2 = o2; + this.s3 = o3; + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + const left = data.length % BLOCK_SIZE$1; + for (let i = 0; i < blocks; i++) { + this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]); + clean(ZEROS32); // clean tmp buffer } - const result = new Uint8Array(rlen); - if (len) - asm.cipher(amode, hpos + pos, len); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } - AES_Decrypt_process(data) { - if (!is_bytes(data)) - throw new TypeError("data isn't of expected type"); - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let dpos = 0; - let dlen = data.length || 0; - let rpos = 0; - let rlen = (len + dlen) & -16; - let plen = 0; - let wlen = 0; - if (this.padding) { - plen = len + dlen - rlen || 16; - rlen -= plen; + return this; + } + destroy() { + const { t } = this; + // clean precompute table + for (const elm of t) { + (elm.s0 = 0), (elm.s1 = 0), (elm.s2 = 0), (elm.s3 = 0); + } + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out; + } + digest() { + const res = new Uint8Array(BLOCK_SIZE$1); + this.digestInto(res); + this.destroy(); + return res; + } +} +class Polyval extends GHASH { + constructor(key, expectedLength) { + key = toBytes$1(key); + const ghKey = _toGHASHKey(copyBytes(key)); + super(ghKey, expectedLength); + clean(ghKey); + } + update(data) { + data = toBytes$1(data); + exists$1(this); + const b32 = u32$2(data); + const left = data.length % BLOCK_SIZE$1; + const blocks = Math.floor(data.length / BLOCK_SIZE$1); + for (let i = 0; i < blocks; i++) { + this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0])); + } + if (left) { + ZEROS16.set(data.subarray(blocks * BLOCK_SIZE$1)); + this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0])); + clean(ZEROS32); } - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(amode, hpos + pos, len - (!dlen ? plen : 0)); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; + return this; + } + digestInto(out) { + exists$1(this); + output$1(out, this); + this.finished = true; + // tmp ugly hack + const { s0, s1, s2, s3 } = this; + const o32 = u32$2(out); + o32[0] = s0; + o32[1] = s1; + o32[2] = s2; + o32[3] = s3; + return out.reverse(); + } +} +function wrapConstructorWithKey(hashCons) { + const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes$1(msg)).digest(); + const tmp = hashCons(new Uint8Array(16), 0); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (key, expectedLength) => hashCons(key, expectedLength); + return hashC; +} +const ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength)); +wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength)); + +// prettier-ignore +/* +AES (Advanced Encryption Standard) aka Rijndael block cipher. + +Data is split into 128-bit blocks. Encrypted in 10/12/14 rounds (128/192/256 bits). In every round: +1. **S-box**, table substitution +2. **Shift rows**, cyclic shift left of all rows of data array +3. **Mix columns**, multiplying every column by fixed polynomial +4. **Add round key**, round_key xor i-th column of array + +Resources: +- FIPS-197 https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf +- Original proposal: https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf +*/ +const BLOCK_SIZE = 16; +const BLOCK_SIZE32 = 4; +const EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE); +const POLY = 0x11b; // 1 + x + x**3 + x**4 + x**8 +// TODO: remove multiplication, binary ops only +function mul2(n) { + return (n << 1) ^ (POLY & -(n >> 7)); +} +function mul(a, b) { + let res = 0; + for (; b > 0; b >>= 1) { + // Montgomery ladder + res ^= a & -(b & 1); // if (b&1) res ^=a (but const-time). + a = mul2(a); // a = 2*a + } + return res; +} +// AES S-box is generated using finite field inversion, +// an affine transform, and xor of a constant 0x63. +const sbox = /* @__PURE__ */ (() => { + const t = new Uint8Array(256); + for (let i = 0, x = 1; i < 256; i++, x ^= mul2(x)) + t[i] = x; + const box = new Uint8Array(256); + box[0] = 0x63; // first elm + for (let i = 0; i < 255; i++) { + let x = t[255 - i]; + x |= x << 8; + box[t[i]] = (x ^ (x >> 4) ^ (x >> 5) ^ (x >> 6) ^ (x >> 7) ^ 0x63) & 0xff; + } + clean(t); + return box; +})(); +// Inverted S-box +const invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j)); +// Rotate u32 by 8 +const rotr32_8 = (n) => (n << 24) | (n >>> 8); +const rotl32_8 = (n) => (n << 8) | (n >>> 24); +// The byte swap operation for uint32 (LE<->BE) +const byteSwap$1 = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// T-table is optimization suggested in 5.2 of original proposal (missed from FIPS-197). Changes: +// - LE instead of BE +// - bigger tables: T0 and T1 are merged into T01 table and T2 & T3 into T23; +// so index is u16, instead of u8. This speeds up things, unexpectedly +function genTtable(sbox, fn) { + if (sbox.length !== 256) + throw new Error('Wrong sbox length'); + const T0 = new Uint32Array(256).map((_, j) => fn(sbox[j])); + const T1 = T0.map(rotl32_8); + const T2 = T1.map(rotl32_8); + const T3 = T2.map(rotl32_8); + const T01 = new Uint32Array(256 * 256); + const T23 = new Uint32Array(256 * 256); + const sbox2 = new Uint16Array(256 * 256); + for (let i = 0; i < 256; i++) { + for (let j = 0; j < 256; j++) { + const idx = i * 256 + j; + T01[idx] = T0[i] ^ T1[j]; + T23[idx] = T2[i] ^ T3[j]; + sbox2[idx] = (sbox[i] << 8) | sbox[j]; + } + } + return { sbox, sbox2, T0, T1, T2, T3, T01, T23 }; +} +const tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => (mul(s, 3) << 24) | (s << 16) | (s << 8) | mul(s, 2)); +const tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => (mul(s, 11) << 24) | (mul(s, 13) << 16) | (mul(s, 9) << 8) | mul(s, 14)); +const xPowers = /* @__PURE__ */ (() => { + const p = new Uint8Array(16); + for (let i = 0, x = 1; i < 16; i++, x = mul2(x)) + p[i] = x; + return p; +})(); +function expandKeyLE(key) { + bytes$1(key); + const len = key.length; + if (![16, 24, 32].includes(len)) + throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`); + const { sbox2 } = tableEncoding; + const toClean = []; + if (!isAligned32(key)) + toClean.push((key = copyBytes(key))); + const k32 = u32$2(key); + const Nk = k32.length; + const subByte = (n) => applySbox(sbox2, n, n, n, n); + const xk = new Uint32Array(len + 28); // expanded key + xk.set(k32); + // 4.3.1 Key expansion + for (let i = Nk; i < xk.length; i++) { + let t = xk[i - 1]; + if (i % Nk === 0) + t = subByte(rotr32_8(t)) ^ xPowers[i / Nk - 1]; + else if (Nk > 6 && i % Nk === 4) + t = subByte(t); + xk[i] = xk[i - Nk] ^ t; + } + clean(...toClean); + return xk; +} +function expandKeyDecLE(key) { + const encKey = expandKeyLE(key); + const xk = encKey.slice(); + const Nk = encKey.length; + const { sbox2 } = tableEncoding; + const { T0, T1, T2, T3 } = tableDecoding; + // Inverse key by chunks of 4 (rounds) + for (let i = 0; i < Nk; i += 4) { + for (let j = 0; j < 4; j++) + xk[i + j] = encKey[Nk - i - 4 + j]; + } + clean(encKey); + // apply InvMixColumn except first & last round + for (let i = 4; i < Nk - 4; i++) { + const x = xk[i]; + const w = applySbox(sbox2, x, x, x, x); + xk[i] = T0[w & 0xff] ^ T1[(w >>> 8) & 0xff] ^ T2[(w >>> 16) & 0xff] ^ T3[w >>> 24]; + } + return xk; +} +// Apply tables +function apply0123(T01, T23, s0, s1, s2, s3) { + return (T01[((s0 << 8) & 0xff00) | ((s1 >>> 8) & 0xff)] ^ + T23[((s2 >>> 8) & 0xff00) | ((s3 >>> 24) & 0xff)]); +} +function applySbox(sbox2, s0, s1, s2, s3) { + return (sbox2[(s0 & 0xff) | (s1 & 0xff00)] | + (sbox2[((s2 >>> 16) & 0xff) | ((s3 >>> 16) & 0xff00)] << 16)); +} +function encrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableEncoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // last round (without mixcolumns, so using SBOX2 table) + const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +// Can't be merged with encrypt: arg positions for apply0123 / applySbox are different +function decrypt$6(xk, s0, s1, s2, s3) { + const { sbox2, T01, T23 } = tableDecoding; + let k = 0; + (s0 ^= xk[k++]), (s1 ^= xk[k++]), (s2 ^= xk[k++]), (s3 ^= xk[k++]); + const rounds = xk.length / 4 - 2; + for (let i = 0; i < rounds; i++) { + const t0 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1); + const t1 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2); + const t2 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3); + const t3 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0); + (s0 = t0), (s1 = t1), (s2 = t2), (s3 = t3); + } + // Last round + const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1); + const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2); + const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3); + const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0); + return { s0: t0, s1: t1, s2: t2, s3: t3 }; +} +function getDst(len, dst) { + if (dst === undefined) + return new Uint8Array(len); + bytes$1(dst); + if (dst.length < len) + throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`); + if (!isAligned32(dst)) + throw new Error('unaligned dst'); + return dst; +} +// TODO: investigate merging with ctr32 +function ctrCounter(xk, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const ctr = nonce; + const c32 = u32$2(ctr); + // Fill block (empty, ctr=0) + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + // Full 128 bit counter with wrap around + let carry = 1; + for (let i = ctr.length - 1; i >= 0; i--) { + carry = (carry + (ctr[i] & 0xff)) | 0; + ctr[i] = carry & 0xff; + carry >>>= 8; + } + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than block) + // It's possible to handle > u32 fast, but is it worth it? + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +// AES CTR with overflowing 32 bit counter +// It's possible to do 32le significantly simpler (and probably faster) by using u32. +// But, we need both, and perf bottleneck is in ghash anyway. +function ctr32(xk, isLE, nonce, src, dst) { + bytes$1(nonce, BLOCK_SIZE); + bytes$1(src); + dst = getDst(src.length, dst); + const ctr = nonce; // write new value to nonce, so it can be re-used + const c32 = u32$2(ctr); + const view = createView$1(ctr); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const ctrPos = isLE ? 0 : 12; + const srcLen = src.length; + // Fill block (empty, ctr=0) + let ctrNum = view.getUint32(ctrPos, isLE); // read current counter value + let { s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3]); + // process blocks + for (let i = 0; i + 4 <= src32.length; i += 4) { + dst32[i + 0] = src32[i + 0] ^ s0; + dst32[i + 1] = src32[i + 1] ^ s1; + dst32[i + 2] = src32[i + 2] ^ s2; + dst32[i + 3] = src32[i + 3] ^ s3; + ctrNum = (ctrNum + 1) >>> 0; // u32 wrap + view.setUint32(ctrPos, ctrNum, isLE); + ({ s0, s1, s2, s3 } = encrypt$6(xk, c32[0], c32[1], c32[2], c32[3])); + } + // leftovers (less than a block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + const b32 = new Uint32Array([s0, s1, s2, s3]); + const buf = u8$1(b32); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(b32); + } + return dst; +} +/** + * CTR: counter mode. Creates stream cipher. + * Requires good IV. Parallelizable. OK, but no MAC. + */ +const ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr(key, nonce) { + bytes$1(key); + bytes$1(nonce, BLOCK_SIZE); + function processCtr(buf, dst) { + bytes$1(buf); + if (dst !== undefined) { + bytes$1(dst); + if (!isAligned32(dst)) + throw new Error('unaligned destination'); + } + const xk = expandKeyLE(key); + const n = copyBytes(nonce); // align + avoid changing + const toClean = [xk, n]; + if (!isAligned32(buf)) + toClean.push((buf = copyBytes(buf))); + const out = ctrCounter(xk, n, buf, dst); + clean(...toClean); + return out; + } + return { + encrypt: (plaintext, dst) => processCtr(plaintext, dst), + decrypt: (ciphertext, dst) => processCtr(ciphertext, dst), + }; +}); +function validateBlockDecrypt(data) { + bytes$1(data); + if (data.length % BLOCK_SIZE !== 0) { + throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE}`); + } +} +function validateBlockEncrypt(plaintext, pcks5, dst) { + bytes$1(plaintext); + let outLen = plaintext.length; + const remaining = outLen % BLOCK_SIZE; + if (!pcks5 && remaining !== 0) + throw new Error('aec/(cbc-ecb): unpadded plaintext with disabled padding'); + if (!isAligned32(plaintext)) + plaintext = copyBytes(plaintext); + const b = u32$2(plaintext); + if (pcks5) { + let left = BLOCK_SIZE - remaining; + if (!left) + left = BLOCK_SIZE; // if no bytes left, create empty padding block + outLen = outLen + left; + } + const out = getDst(outLen, dst); + const o = u32$2(out); + return { b, o, out }; +} +function validatePCKS(data, pcks5) { + if (!pcks5) + return data; + const len = data.length; + if (!len) + throw new Error('aes/pcks5: empty ciphertext not allowed'); + const lastByte = data[len - 1]; + if (lastByte <= 0 || lastByte > 16) + throw new Error('aes/pcks5: wrong padding'); + const out = data.subarray(0, -lastByte); + for (let i = 0; i < lastByte; i++) + if (data[len - i - 1] !== lastByte) + throw new Error('aes/pcks5: wrong padding'); + return out; +} +function padPCKS(left) { + const tmp = new Uint8Array(16); + const tmp32 = u32$2(tmp); + tmp.set(left); + const paddingByte = BLOCK_SIZE - left.length; + for (let i = BLOCK_SIZE - paddingByte; i < BLOCK_SIZE; i++) + tmp[i] = paddingByte; + return tmp32; +} +/** + * CBC: Cipher-Block-Chaining. Key is previous round’s block. + * Fragile: needs proper padding. Unauthenticated: needs MAC. + */ +const cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc(key, iv, opts = {}) { + bytes$1(key); + bytes$1(iv, 16); + const pcks5 = !opts.disablePadding; + return { + encrypt(plaintext, dst) { + const xk = expandKeyLE(key); + const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + let i = 0; + for (; i + 4 <= b.length;) { + (s0 ^= b[i + 0]), (s1 ^= b[i + 1]), (s2 ^= b[i + 2]), (s3 ^= b[i + 3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); } - else { - pos = 0; - len = 0; + if (pcks5) { + const tmp32 = padPCKS(plaintext.subarray(i * 4)); + (s0 ^= tmp32[0]), (s1 ^= tmp32[1]), (s2 ^= tmp32[2]), (s3 ^= tmp32[3]); + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + (o[i++] = s0), (o[i++] = s1), (o[i++] = s2), (o[i++] = s3); + } + clean(...toClean); + return _out; + }, + decrypt(ciphertext, dst) { + validateBlockDecrypt(ciphertext); + const xk = expandKeyDecLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + const n32 = u32$2(_iv); + const out = getDst(ciphertext.length, dst); + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const b = u32$2(ciphertext); + const o = u32$2(out); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= b.length;) { + // prettier-ignore + const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3; + (s0 = b[i + 0]), (s1 = b[i + 1]), (s2 = b[i + 2]), (s3 = b[i + 3]); + const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt$6(xk, s0, s1, s2, s3); + (o[i++] = o0 ^ ps0), (o[i++] = o1 ^ ps1), (o[i++] = o2 ^ ps2), (o[i++] = o3 ^ ps3); } + clean(...toClean); + return validatePCKS(out, pcks5); + }, + }; +}); +/** + * CFB: Cipher Feedback Mode. The input for the block cipher is the previous cipher output. + * Unauthenticated: needs MAC. + */ +const cfb$1 = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cfb(key, iv) { + bytes$1(key); + bytes$1(iv, 16); + function processCfb(src, isEncrypt, dst) { + bytes$1(src); + const srcLen = src.length; + dst = getDst(srcLen, dst); + const xk = expandKeyLE(key); + let _iv = iv; + const toClean = [xk]; + if (!isAligned32(_iv)) + toClean.push((_iv = copyBytes(_iv))); + if (!isAligned32(src)) + toClean.push((src = copyBytes(src))); + const src32 = u32$2(src); + const dst32 = u32$2(dst); + const next32 = isEncrypt ? dst32 : src32; + const n32 = u32$2(_iv); + // prettier-ignore + let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3]; + for (let i = 0; i + 4 <= src32.length;) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = encrypt$6(xk, s0, s1, s2, s3); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + (s0 = next32[i++]), (s1 = next32[i++]), (s2 = next32[i++]), (s3 = next32[i++]); + } + // leftovers (less than block) + const start = BLOCK_SIZE * Math.floor(src32.length / BLOCK_SIZE32); + if (start < srcLen) { + ({ s0, s1, s2, s3 } = encrypt$6(xk, s0, s1, s2, s3)); + const buf = u8$1(new Uint32Array([s0, s1, s2, s3])); + for (let i = start, pos = 0; i < srcLen; i++, pos++) + dst[i] = src[i] ^ buf[pos]; + clean(buf); + } + clean(...toClean); + return dst; + } + return { + encrypt: (plaintext, dst) => processCfb(plaintext, true, dst), + decrypt: (ciphertext, dst) => processCfb(ciphertext, false, dst), + }; +}); +// TODO: merge with chacha, however gcm has bitLen while chacha has byteLen +function computeTag(fn, isLE, key, data, AAD) { + const aadLength = AAD == null ? 0 : AAD.length; + const h = fn.create(key, data.length + aadLength); + if (AAD) + h.update(AAD); + h.update(data); + const num = new Uint8Array(16); + const view = createView$1(num); + if (AAD) + setBigUint64$1(view, 0, BigInt(aadLength * 8), isLE); + setBigUint64$1(view, 8, BigInt(data.length * 8), isLE); + h.update(num); + const res = h.digest(); + clean(num); + return res; +} +/** + * GCM: Galois/Counter Mode. + * Modern, parallel version of CTR, with MAC. + * Be careful: MACs can be forged. + * Unsafe to use random nonces under the same key, due to collision chance. + * As for nonce size, prefer 12-byte, instead of 8-byte. + */ +const gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm(key, nonce, AAD) { + bytes$1(key); + bytes$1(nonce); + if (AAD !== undefined) + bytes$1(AAD); + // NIST 800-38d doesn't enforce minimum nonce length. + // We enforce 8 bytes for compat with openssl. + // 12 bytes are recommended. More than 12 bytes would be converted into 12. + if (nonce.length < 8) + throw new Error('aes/gcm: invalid nonce length'); + const tagLength = 16; + function _computeTag(authKey, tagMask, data) { + const tag = computeTag(ghash, false, authKey, data, AAD); + for (let i = 0; i < tagMask.length; i++) + tag[i] ^= tagMask[i]; + return tag; + } + function deriveKeys() { + const xk = expandKeyLE(key); + const authKey = EMPTY_BLOCK.slice(); + const counter = EMPTY_BLOCK.slice(); + ctr32(xk, false, counter, counter, authKey); + // NIST 800-38d, page 15: different behavior for 96-bit and non-96-bit nonces + if (nonce.length === 12) { + counter.set(nonce); } - this.pos = pos; - this.len = len; - return result; - } - AES_Decrypt_finish() { - let { heap, asm } = this.acquire_asm(); - let amode = AES_asm.DEC[this.mode]; - let hpos = AES_asm.HEAP_DATA; - let pos = this.pos; - let len = this.len; - let rlen = len; - if (len > 0) { - if (len % 16) { - if (this.hasOwnProperty('padding')) { - throw new IllegalArgumentError('data length must be a multiple of the block size'); - } - else { - len += 16 - (len % 16); + else { + const nonceLen = EMPTY_BLOCK.slice(); + const view = createView$1(nonceLen); + setBigUint64$1(view, 8, BigInt(nonce.length * 8), false); + // ghash(nonce || u64be(0) || u64be(nonceLen*8)) + const g = ghash.create(authKey).update(nonce).update(nonceLen); + g.digestInto(counter); // digestInto doesn't trigger '.destroy' + g.destroy(); + } + const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK); + return { xk, authKey, counter, tagMask }; + } + return { + encrypt(plaintext) { + bytes$1(plaintext); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const out = new Uint8Array(plaintext.length + tagLength); + const toClean = [xk, authKey, counter, tagMask]; + if (!isAligned32(plaintext)) + toClean.push((plaintext = copyBytes(plaintext))); + ctr32(xk, false, counter, plaintext, out); + const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength)); + toClean.push(tag); + out.set(tag, plaintext.length); + clean(...toClean); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + if (ciphertext.length < tagLength) + throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`); + const { xk, authKey, counter, tagMask } = deriveKeys(); + const toClean = [xk, authKey, tagMask, counter]; + if (!isAligned32(ciphertext)) + toClean.push((ciphertext = copyBytes(ciphertext))); + const data = ciphertext.subarray(0, -tagLength); + const passedTag = ciphertext.subarray(-tagLength); + const tag = _computeTag(authKey, tagMask, data); + toClean.push(tag); + if (!equalBytes$1(tag, passedTag)) + throw new Error('aes/gcm: invalid ghash tag'); + const out = ctr32(xk, false, counter, data); + clean(...toClean); + return out; + }, + }; +}); +function isBytes32(a) { + return (a != null && + typeof a === 'object' && + (a instanceof Uint32Array || a.constructor.name === 'Uint32Array')); +} +function encryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_encryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = encrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +function decryptBlock(xk, block) { + bytes$1(block, 16); + if (!isBytes32(xk)) + throw new Error('_decryptBlock accepts result of expandKeyLE'); + const b32 = u32$2(block); + let { s0, s1, s2, s3 } = decrypt$6(xk, b32[0], b32[1], b32[2], b32[3]); + (b32[0] = s0), (b32[1] = s1), (b32[2] = s2), (b32[3] = s3); + return block; +} +/** + * AES-W (base for AESKW/AESKWP). + * Specs: [SP800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf), + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [RFC 5649](https://datatracker.ietf.org/doc/rfc5649/). + */ +const AESW = { + /* + High-level pseudocode: + ``` + A: u64 = IV + out = [] + for (let i=0, ctr = 0; i<6; i++) { + for (const chunk of chunks(plaintext, 8)) { + A ^= swapEndianess(ctr++) + [A, res] = chunks(encrypt(A || chunk), 8); + out ||= res + } + } + out = A || out + ``` + Decrypt is the same, but reversed. + */ + encrypt(kek, out) { + // Size is limited to 4GB, otherwise ctr will overflow and we'll need to switch to bigints. + // If you need it larger, open an issue. + if (out.length >= 2 ** 32) + throw new Error('plaintext should be less than 4gb'); + const xk = expandKeyLE(kek); + if (out.length === 16) + encryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = 1; j < 6; j++) { + for (let pos = 2; pos < o32.length; pos += 2, ctr++) { + const { s0, s1, s2, s3 } = encrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + // A = MSB(64, B) ^ t where t = (n*j)+i + (a0 = s0), (a1 = s1 ^ byteSwap$1(ctr)), (o32[pos] = s2), (o32[pos + 1] = s3); } } - asm.cipher(amode, hpos + pos, len); - if (this.hasOwnProperty('padding') && this.padding) { - let pad = heap[pos + rlen - 1]; - if (pad < 1 || pad > 16 || pad > rlen) - throw new SecurityError('bad padding'); - let pcheck = 0; - for (let i = pad; i > 1; i--) - pcheck |= pad ^ heap[pos + rlen - i]; - if (pcheck) - throw new SecurityError('bad padding'); - rlen -= pad; - } + (o32[0] = a0), (o32[1] = a1); // out = A || out } - const result = new Uint8Array(rlen); - if (rlen > 0) { - result.set(heap.subarray(pos, pos + rlen)); + xk.fill(0); + }, + decrypt(kek, out) { + if (out.length - 8 >= 2 ** 32) + throw new Error('ciphertext should be less than 4gb'); + const xk = expandKeyDecLE(kek); + const chunks = out.length / 8 - 1; // first chunk is IV + if (chunks === 1) + decryptBlock(xk, out); + else { + const o32 = u32$2(out); + // prettier-ignore + let a0 = o32[0], a1 = o32[1]; // A + for (let j = 0, ctr = chunks * 6; j < 6; j++) { + for (let pos = chunks * 2; pos >= 1; pos -= 2, ctr--) { + a1 ^= byteSwap$1(ctr); + const { s0, s1, s2, s3 } = decrypt$6(xk, a0, a1, o32[pos], o32[pos + 1]); + (a0 = s0), (a1 = s1), (o32[pos] = s2), (o32[pos + 1] = s3); + } + } + (o32[0] = a0), (o32[1] = a1); } - this.pos = 0; - this.len = 0; - this.release_asm(); - return result; - } -} + xk.fill(0); + }, +}; +const AESKW_IV = new Uint8Array(8).fill(0xa6); // A6A6A6A6A6A6A6A6 +/** + * AES-KW (key-wrap). Injects static IV into plaintext, adds counter, encrypts 6 times. + * Reduces block size from 16 to 8 bytes. + * For padded version, use aeskwp. + * [RFC 3394](https://datatracker.ietf.org/doc/rfc3394/), + * [NIST.SP.800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + */ +const aeskw = wrapCipher({ blockSize: 8 }, (kek) => ({ + encrypt(plaintext) { + bytes$1(plaintext); + if (!plaintext.length || plaintext.length % 8 !== 0) + throw new Error('invalid plaintext length'); + if (plaintext.length === 8) + throw new Error('8-byte keys not allowed in AESKW, use AESKWP instead'); + const out = concatBytes$2(AESKW_IV, plaintext); + AESW.encrypt(kek, out); + return out; + }, + decrypt(ciphertext) { + bytes$1(ciphertext); + // ciphertext must be at least 24 bytes and a multiple of 8 bytes + // 24 because should have at least two block (1 iv + 2). + // Replace with 16 to enable '8-byte keys' + if (ciphertext.length % 8 !== 0 || ciphertext.length < 3 * 8) + throw new Error('invalid ciphertext length'); + const out = copyBytes(ciphertext); + AESW.decrypt(kek, out); + if (!equalBytes$1(out.subarray(0, 8), AESKW_IV)) + throw new Error('integrity check failed'); + out.subarray(0, 8).fill(0); // ciphertext.subarray(0, 8) === IV, but we clean it anyway + return out.subarray(8); + }, +})); +// Private, unsafe low-level methods. Can change at any time. +const unsafe = { + expandKeyLE, + expandKeyDecLE, + encrypt: encrypt$6, + decrypt: decrypt$6, + encryptBlock, + decryptBlock, + ctrCounter, + ctr32, +}; -class AES_ECB { - static encrypt(data, key, padding = false) { - return new AES_ECB(key, padding).encrypt(data); - } - static decrypt(data, key, padding = false) { - return new AES_ECB(key, padding).decrypt(data); - } - constructor(key, padding = false, aes) { - this.aes = aes ? aes : new AES(key, undefined, padding, 'ECB'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); +// Modified by ProtonTech AG + + +const webCrypto$9 = util.getWebCrypto(); +const nodeCrypto$8 = util.getNodeCrypto(); + +const knownAlgos = nodeCrypto$8 ? nodeCrypto$8.getCiphers() : []; +const nodeAlgos = { + idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ + tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, + cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, + blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, + aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, + aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, + aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined + /* twofish is not implemented in OpenSSL */ +}; + +/** + * CFB encryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} plaintext + * @param {Uint8Array} iv + * @param {Object} config - full configuration, defaults to openpgp.config + * @returns MaybeStream + */ +async function encrypt$5(algo, key, plaintext, iv, config) { + const algoName = enums.read(enums.symmetric, algo); + if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. + return nodeEncrypt$1(algo, key, plaintext, iv); + } + if (util.isAES(algo)) { + return aesEncrypt(algo, key, plaintext, iv); + } + + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; + + const blockc = iv.slice(); + let pt = new Uint8Array(); + const process = chunk => { + if (chunk) { + pt = util.concatUint8Array([pt, chunk]); } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); + const ciphertext = new Uint8Array(pt.length); + let i; + let j = 0; + while (chunk ? pt.length >= block_size : pt.length) { + const encblock = cipherfn.encrypt(blockc); + for (i = 0; i < block_size; i++) { + blockc[i] = pt[i] ^ encblock[i]; + ciphertext[j++] = blockc[i]; + } + pt = pt.subarray(block_size); } + return ciphertext.subarray(0, j); + }; + return transform(plaintext, process, process); } /** - * Javascript AES implementation. - * This is used as fallback if the native Crypto APIs are not available. + * CFB decryption + * @param {enums.symmetric} algo - block cipher algorithm + * @param {Uint8Array} key + * @param {MaybeStream} ciphertext + * @param {Uint8Array} iv + * @returns MaybeStream */ -function aes(length) { - const C = function(key) { - const aesECB = new AES_ECB(key); +async function decrypt$5(algo, key, ciphertext, iv) { + const algoName = enums.read(enums.symmetric, algo); + if (nodeCrypto$8 && nodeAlgos[algoName]) { // Node crypto library. + return nodeDecrypt$1(algo, key, ciphertext, iv); + } + if (util.isAES(algo)) { + return aesDecrypt(algo, key, ciphertext, iv); + } - this.encrypt = function(block) { - return aesECB.encrypt(block); - }; + const LegacyCipher = await getLegacyCipher(algo); + const cipherfn = new LegacyCipher(key); + const block_size = cipherfn.blockSize; - this.decrypt = function(block) { - return aesECB.decrypt(block); - }; + let blockp = iv; + let ct = new Uint8Array(); + const process = chunk => { + if (chunk) { + ct = util.concatUint8Array([ct, chunk]); + } + const plaintext = new Uint8Array(ct.length); + let i; + let j = 0; + while (chunk ? ct.length >= block_size : ct.length) { + const decblock = cipherfn.encrypt(blockp); + blockp = ct.subarray(0, block_size); + for (i = 0; i < block_size; i++) { + plaintext[j++] = blockp[i] ^ decblock[i]; + } + ct = ct.subarray(block_size); + } + return plaintext.subarray(0, j); }; + return transform(ciphertext, process, process); +} - C.blockSize = C.prototype.blockSize = 16; - C.keySize = C.prototype.keySize = length / 8; +class WebCryptoEncryptor { + constructor(algo, key, iv) { + const { blockSize } = getCipherParams(algo); + this.key = key; + this.prevBlock = iv; + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + this.zeroBlock = new Uint8Array(this.blockSize); + } - return C; -} + static async isSupported(algo) { + const { keySize } = getCipherParams(algo); + return webCrypto$9.importKey('raw', new Uint8Array(keySize), 'aes-cbc', false, ['encrypt']) + .then(() => true, () => false); + } -//Paul Tero, July 2001 -//http://www.tero.co.uk/des/ -// -//Optimised for performance with large blocks by Michael Hayworth, November 2001 -//http://www.netdealing.com -// -// Modified by Recurity Labs GmbH + async _runCBC(plaintext, nonZeroIV) { + const mode = 'AES-CBC'; + this.keyRef = this.keyRef || await webCrypto$9.importKey('raw', this.key, mode, false, ['encrypt']); + const ciphertext = await webCrypto$9.encrypt( + { name: mode, iv: nonZeroIV || this.zeroBlock }, + this.keyRef, + plaintext + ); + return new Uint8Array(ciphertext).subarray(0, plaintext.length); + } + + async encryptChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const plaintext = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); + const toEncrypt = util.concatUint8Array([ + this.prevBlock, + plaintext.subarray(0, plaintext.length - this.blockSize) // stop one block "early", since we only need to xor the plaintext and pass it over as prevBlock + ]); -//THIS SOFTWARE IS PROVIDED "AS IS" AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. + const encryptedBlocks = await this._runCBC(toEncrypt); + xorMut$1(encryptedBlocks, plaintext); + this.prevBlock = encryptedBlocks.slice(-this.blockSize); -//des -//this takes the key, the message, and whether to encrypt or decrypt + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; -function des(keys, message, encrypt, mode, iv, padding) { - //declaring this locally speeds things up a bit - const spfunction1 = [ - 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, - 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, - 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, - 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, - 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, - 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 - ]; - const spfunction2 = [ - -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, - 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - -0x7fef7fe0, 0x108000 - ]; - const spfunction3 = [ - 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, - 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, - 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, - 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, - 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, - 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 - ]; - const spfunction4 = [ - 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, - 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, - 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, - 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, - 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 - ]; - const spfunction5 = [ - 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, - 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, - 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, - 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, - 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, - 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, - 0x40080000, 0x2080100, 0x40000100 - ]; - const spfunction6 = [ - 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, - 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, - 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, - 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, - 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, - 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 - ]; - const spfunction7 = [ - 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, - 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, - 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, - 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, - 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, - 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 - ]; - const spfunction8 = [ - 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, - 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, - 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, - 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, - 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 - ]; + return encryptedBlocks; + } - //create the 16 or 48 subkeys we will need - let m = 0; - let i; - let j; - let temp; - let right1; - let right2; - let left; - let right; - let looping; - let cbcleft; - let cbcleft2; - let cbcright; - let cbcright2; - let endloop; - let loopinc; - let len = message.length; + this.i += added.length; + let encryptedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + const curBlock = this.nextBlock; + encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + this.prevBlock = encryptedBlock.slice(); + this.i = 0; - //set up the loops for single and triple des - const iterations = keys.length === 32 ? 3 : 9; //single or triple des - if (iterations === 3) { - looping = encrypt ? [0, 32, 2] : [30, -2, -2]; - } else { - looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + encryptedBlock = new Uint8Array(); + } + + return encryptedBlock; } - //pad the message depending on the padding parameter - //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt - if (encrypt) { - message = desAddPadding(message, padding); - len = message.length; + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + this.nextBlock = this.nextBlock.subarray(0, this.i); + const curBlock = this.nextBlock; + const encryptedBlock = await this._runCBC(this.prevBlock); + xorMut$1(encryptedBlock, curBlock); + result = encryptedBlock.subarray(0, curBlock.length); + } + + this.clearSensitiveData(); + return result; } - //store the result here - let result = new Uint8Array(len); - let k = 0; + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.keyRef = null; + this.key = null; + } - if (mode === 1) { //CBC mode - cbcleft = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - cbcright = (iv[m++] << 24) | (iv[m++] << 16) | (iv[m++] << 8) | iv[m++]; - m = 0; + async encrypt(plaintext) { + // plaintext is internally padded to block length before encryption + const encryptedWithPadding = await this._runCBC( + util.concatUint8Array([new Uint8Array(this.blockSize), plaintext]), + this.iv + ); + // drop encrypted padding + const ct = encryptedWithPadding.subarray(0, plaintext.length); + xorMut$1(ct, plaintext); + this.clearSensitiveData(); + return ct; } +} - //loop through each 64 bit chunk of the message - while (m < len) { - left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; +class NobleStreamProcessor { + constructor(forEncryption, algo, key, iv) { + this.forEncryption = forEncryption; + const { blockSize } = getCipherParams(algo); + this.key = unsafe.expandKeyLE(key); - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - left ^= cbcleft; - right ^= cbcright; - } else { - cbcleft2 = cbcleft; - cbcright2 = cbcright; - cbcleft = left; - cbcright = right; - } + if (iv.byteOffset % 4 !== 0) iv = iv.slice(); // aligned arrays required by noble-ciphers + this.prevBlock = getUint32Array(iv); + this.nextBlock = new Uint8Array(blockSize); + this.i = 0; // pointer inside next block + this.blockSize = blockSize; + } + + _runCFB(src) { + const src32 = getUint32Array(src); + const dst = new Uint8Array(src.length); + const dst32 = getUint32Array(dst); + for (let i = 0; i + 4 <= dst32.length; i += 4) { + const { s0: e0, s1: e1, s2: e2, s3: e3 } = unsafe.encrypt(this.key, this.prevBlock[0], this.prevBlock[1], this.prevBlock[2], this.prevBlock[3]); + dst32[i + 0] = src32[i + 0] ^ e0; + dst32[i + 1] = src32[i + 1] ^ e1; + dst32[i + 2] = src32[i + 2] ^ e2; + dst32[i + 3] = src32[i + 3] ^ e3; + this.prevBlock = (this.forEncryption ? dst32 : src32).slice(i, i + 4); } + return dst; + } - //first each 64 but chunk of the message must be permuted according to IP - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); + async processChunk(value) { + const missing = this.nextBlock.length - this.i; + const added = value.subarray(0, missing); + this.nextBlock.set(added, this.i); - left = ((left << 1) | (left >>> 31)); - right = ((right << 1) | (right >>> 31)); + if ((this.i + value.length) >= (2 * this.blockSize)) { + const leftover = (value.length - missing) % this.blockSize; + const toProcess = util.concatUint8Array([ + this.nextBlock, + value.subarray(missing, value.length - leftover) + ]); - //do this either 1 or 3 times for each chunk of the message - for (j = 0; j < iterations; j += 3) { - endloop = looping[j + 1]; - loopinc = looping[j + 2]; - //now go through and perform the encryption or decryption - for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency - right1 = right ^ keys[i]; - right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; - //the result is attained by passing these bytes through the S selection functions - temp = left; - left = right; - right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> - 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & - 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); - } - temp = left; - left = right; - right = temp; //unreverse left and right - } //for either 1 or 3 iterations + const processedBlocks = this._runCFB(toProcess); - //move then each one bit to the right - left = ((left >>> 1) | (left << 31)); - right = ((right >>> 1) | (right << 31)); + // take care of leftover data + if (leftover > 0) this.nextBlock.set(value.subarray(-leftover)); + this.i = leftover; - //now perform IP-1, which is IP in the opposite direction - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((right >>> 2) ^ left) & 0x33333333; - left ^= temp; - right ^= (temp << 2); - temp = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= temp; - left ^= (temp << 16); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); + return processedBlocks; + } - //for Cipher Block Chaining mode, xor the message with the previous result - if (mode === 1) { - if (encrypt) { - cbcleft = left; - cbcright = right; - } else { - left ^= cbcleft2; - right ^= cbcright2; - } + this.i += added.length; + + let processedBlock; + if (this.i === this.nextBlock.length) { // block ready to be encrypted + processedBlock = this._runCFB(this.nextBlock); + this.i = 0; + + const remaining = value.subarray(added.length); + this.nextBlock.set(remaining, this.i); + this.i += remaining.length; + } else { + processedBlock = new Uint8Array(); } - result[k++] = (left >>> 24); - result[k++] = ((left >>> 16) & 0xff); - result[k++] = ((left >>> 8) & 0xff); - result[k++] = (left & 0xff); - result[k++] = (right >>> 24); - result[k++] = ((right >>> 16) & 0xff); - result[k++] = ((right >>> 8) & 0xff); - result[k++] = (right & 0xff); - } //for every 8 characters, or 64 bits in the message + return processedBlock; + } - //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt - if (!encrypt) { - result = desRemovePadding(result, padding); + async finish() { + let result; + if (this.i === 0) { // nothing more to encrypt + result = new Uint8Array(); + } else { + const processedBlock = this._runCFB(this.nextBlock); + + result = processedBlock.subarray(0, this.i); + } + + this.clearSensitiveData(); + return result; } - return result; -} //end of des + clearSensitiveData() { + this.nextBlock.fill(0); + this.prevBlock.fill(0); + this.key.fill(0); + } +} -//desCreateKeys -//this takes as input a 64 bit key (even though only 56 bits are used) -//as an array of 2 integers, and returns 16 48 bit keys +async function aesEncrypt(algo, key, pt, iv) { + if (webCrypto$9 && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys + const cfb = new WebCryptoEncryptor(algo, key, iv); + return util.isStream(pt) ? transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt); + } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream + const cfb = new NobleStreamProcessor(true, algo, key, iv); + return transform(pt, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).encrypt(pt); +} -function desCreateKeys(key) { - //declaring this locally speeds things up a bit - const pc2bytes0 = [ - 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, - 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 - ]; - const pc2bytes1 = [ - 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, - 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 - ]; - const pc2bytes2 = [ - 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, - 0x1000000, 0x1000008, 0x1000800, 0x1000808 - ]; - const pc2bytes3 = [ - 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, - 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 - ]; - const pc2bytes4 = [ - 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, - 0x41000, 0x1010, 0x41010 - ]; - const pc2bytes5 = [ - 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, - 0x2000000, 0x2000400, 0x2000020, 0x2000420 - ]; - const pc2bytes6 = [ - 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, - 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 - ]; - const pc2bytes7 = [ - 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, - 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 - ]; - const pc2bytes8 = [ - 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, - 0x2000002, 0x2040002, 0x2000002, 0x2040002 - ]; - const pc2bytes9 = [ - 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, - 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 - ]; - const pc2bytes10 = [ - 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, - 0x102000, 0x102020, 0x102000, 0x102020 - ]; - const pc2bytes11 = [ - 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, - 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 - ]; - const pc2bytes12 = [ - 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, - 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 - ]; - const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; +async function aesDecrypt(algo, key, ct, iv) { + if (util.isStream(ct)) { + const cfb = new NobleStreamProcessor(false, algo, key, iv); + return transform(ct, value => cfb.processChunk(value), () => cfb.finish()); + } + return cfb$1(key, iv).decrypt(ct); +} - //how many iterations (1 for des, 3 for triple des) - const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys - //stores the return keys - const keys = new Array(32 * iterations); - //now define the left shifts which need to be done - const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - //other variables - let lefttemp; - let righttemp; - let m = 0; - let n = 0; - let temp; +function xorMut$1(a, b) { + const aLength = Math.min(a.length, b.length); + for (let i = 0; i < aLength; i++) { + a[i] = a[i] ^ b[i]; + } +} - for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations - let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; +const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); - temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= temp; - left ^= (temp << 4); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 2) ^ right) & 0x33333333; - right ^= temp; - left ^= (temp << 2); - temp = ((right >>> -16) ^ left) & 0x0000ffff; - left ^= temp; - right ^= (temp << -16); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); - temp = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= temp; - right ^= (temp << 8); - temp = ((left >>> 1) ^ right) & 0x55555555; - right ^= temp; - left ^= (temp << 1); +function nodeEncrypt$1(algo, key, pt, iv) { + const algoName = enums.read(enums.symmetric, algo); + const cipherObj = new nodeCrypto$8.createCipheriv(nodeAlgos[algoName], key, iv); + return transform(pt, value => new Uint8Array(cipherObj.update(value))); +} - //the right side needs to be shifted and to get the last four bits of the left side - temp = (left << 8) | ((right >>> 20) & 0x000000f0); - //left needs to be put upside down - left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); - right = temp; +function nodeDecrypt$1(algo, key, ct, iv) { + const algoName = enums.read(enums.symmetric, algo); + const decipherObj = new nodeCrypto$8.createDecipheriv(nodeAlgos[algoName], key, iv); + return transform(ct, value => new Uint8Array(decipherObj.update(value))); +} - //now go through and perform these shifts on the left and right keys - for (let i = 0; i < shifts.length; i++) { - //shift the keys either one or two bits to the left - if (shifts[i]) { - left = (left << 2) | (left >>> 26); - right = (right << 2) | (right >>> 26); - } else { - left = (left << 1) | (left >>> 27); - right = (right << 1) | (right >>> 27); - } - left &= -0xf; - right &= -0xf; +var cfb = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$5, + encrypt: encrypt$5 +}); - //now apply PC-2, in such a way that E is easier when encrypting or decrypting - //this conversion will look like PC-2 except only the last 6 bits of each byte are used - //rather than 48 consecutive bits and the order of lines will be according to - //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 - lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( - left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & - 0xf]; - righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | - pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | - pc2bytes13[(right >>> 4) & 0xf]; - temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; - keys[n++] = lefttemp ^ temp; - keys[n++] = righttemp ^ (temp << 16); - } - } //for each iterations - //return the keys we've created - return keys; -} //end of desCreateKeys +/** + * @fileoverview This module implements AES-CMAC on top of + * native AES-CBC using either the WebCrypto API or Node.js' crypto API. + * @module crypto/cmac + */ -function desAddPadding(message, padding) { - const padLength = 8 - (message.length % 8); +const webCrypto$8 = util.getWebCrypto(); +const nodeCrypto$7 = util.getNodeCrypto(); - let pad; - if (padding === 2 && (padLength < 8)) { //pad the message with spaces - pad = ' '.charCodeAt(0); - } else if (padding === 1) { //PKCS7 padding - pad = padLength; - } else if (!padding && (padLength < 8)) { //pad the message out with null bytes - pad = 0; - } else if (padLength === 8) { - return message; - } else { - throw new Error('des: invalid padding'); - } - const paddedMessage = new Uint8Array(message.length + padLength); - for (let i = 0; i < message.length; i++) { - paddedMessage[i] = message[i]; - } - for (let j = 0; j < padLength; j++) { - paddedMessage[message.length + j] = pad; - } +/** + * This implementation of CMAC is based on the description of OMAC in + * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that + * document: + * + * We have made a small modification to the OMAC algorithm as it was + * originally presented, changing one of its two constants. + * Specifically, the constant 4 at line 85 was the constant 1/2 (the + * multiplicative inverse of 2) in the original definition of OMAC [14]. + * The OMAC authors indicate that they will promulgate this modification + * [15], which slightly simplifies implementations. + */ - return paddedMessage; -} +const blockLength$3 = 16; -function desRemovePadding(message, padding) { - let padLength = null; - let pad; - if (padding === 2) { // space padded - pad = ' '.charCodeAt(0); - } else if (padding === 1) { // PKCS7 - padLength = message[message.length - 1]; - } else if (!padding) { // null padding - pad = 0; - } else { - throw new Error('des: invalid padding'); - } - if (!padLength) { - padLength = 1; - while (message[message.length - padLength] === pad) { - padLength++; - } - padLength--; +/** + * xor `padding` into the end of `data`. This function implements "the + * operation xor→ [which] xors the shorter string into the end of longer + * one". Since data is always as least as long as padding, we can + * simplify the implementation. + * @param {Uint8Array} data + * @param {Uint8Array} padding + */ +function rightXORMut(data, padding) { + const offset = data.length - blockLength$3; + for (let i = 0; i < blockLength$3; i++) { + data[i + offset] ^= padding[i]; } + return data; +} - return message.subarray(0, message.length - padLength); +function pad(data, padding, padding2) { + // if |M| in {n, 2n, 3n, ...} + if (data.length && data.length % blockLength$3 === 0) { + // then return M xor→ B, + return rightXORMut(data, padding); + } + // else return (M || 10^(n−1−(|M| mod n))) xor→ P + const padded = new Uint8Array(data.length + (blockLength$3 - (data.length % blockLength$3))); + padded.set(data); + padded[data.length] = 0b10000000; + return rightXORMut(padded, padding2); } -// added by Recurity Labs +const zeroBlock$1 = new Uint8Array(blockLength$3); -function TripleDES(key) { - this.key = []; +async function CMAC(key) { + const cbc = await CBC(key); - for (let i = 0; i < 3; i++) { - this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); - } + // L ← E_K(0^n); B ← 2L; P ← 4L + const padding = util.double(await cbc(zeroBlock$1)); + const padding2 = util.double(padding); - this.encrypt = function(block) { - return des( - desCreateKeys(this.key[2]), - des( - desCreateKeys(this.key[1]), - des( - desCreateKeys(this.key[0]), - block, true, 0, null, null - ), - false, 0, null, null - ), true, 0, null, null - ); + return async function(data) { + // return CBC_K(pad(M; B, P)) + return (await cbc(pad(data, padding, padding2))).subarray(-blockLength$3); }; } -TripleDES.keySize = TripleDES.prototype.keySize = 24; -TripleDES.blockSize = TripleDES.prototype.blockSize = 8; - -// This is "original" DES - -function DES(key) { - this.key = key; +async function CBC(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt) { + const en = new nodeCrypto$7.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock$1); + const ct = en.update(pt); + return new Uint8Array(ct); + }; + } - this.encrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, true, 0, null, padding); - }; + if (util.getWebCrypto()) { + try { + key = await webCrypto$8.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); + return async function(pt) { + const ct = await webCrypto$8.encrypt({ name: 'AES-CBC', iv: zeroBlock$1, length: blockLength$3 * 8 }, key, pt); + return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength$3); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - this.decrypt = function(block, padding) { - const keys = desCreateKeys(this.key); - return des(keys, block, false, 0, null, padding); + return async function(pt) { + return cbc(key, zeroBlock$1, { disablePadding: true }).encrypt(pt); }; } -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Copyright 2010 pjacobs@xeekr.com . All rights reserved. - -// Modified by Recurity Labs GmbH +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// fixed/modified by Herbert Hanewinkel, www.haneWIN.de -// check www.haneWIN.de for the latest version -// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. -// CAST-128 is a common OpenPGP cipher. +const webCrypto$7 = util.getWebCrypto(); +const nodeCrypto$6 = util.getNodeCrypto(); +const Buffer$1 = util.getNodeBuffer(); -// CAST5 constructor +const blockLength$2 = 16; +const ivLength$2 = blockLength$2; +const tagLength$2 = blockLength$2; -function OpenPGPSymEncCAST5() { - this.BlockSize = 8; - this.KeySize = 16; +const zero = new Uint8Array(blockLength$2); +const one$1 = new Uint8Array(blockLength$2); one$1[blockLength$2 - 1] = 1; +const two = new Uint8Array(blockLength$2); two[blockLength$2 - 1] = 2; - this.setKey = function(key) { - this.masking = new Array(16); - this.rotate = new Array(16); +async function OMAC(key) { + const cmac = await CMAC(key); + return function(t, message) { + return cmac(util.concatUint8Array([t, message])); + }; +} - this.reset(); +async function CTR(key) { + if (util.getNodeCrypto()) { // Node crypto library + return async function(pt, iv) { + const en = new nodeCrypto$6.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); + const ct = Buffer$1.concat([en.update(pt), en.final()]); + return new Uint8Array(ct); + }; + } - if (key.length === this.KeySize) { - this.keySchedule(key); - } else { - throw new Error('CAST-128: keys must be 16 bytes'); + if (util.getWebCrypto()) { + try { + const keyRef = await webCrypto$7.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); + return async function(pt, iv) { + const ct = await webCrypto$7.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$2 * 8 }, keyRef, pt); + return new Uint8Array(ct); + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); } - return true; + } + + return async function(pt, iv) { + return ctr(key, iv).encrypt(pt); }; +} - this.reset = function() { - for (let i = 0; i < 16; i++) { - this.masking[i] = 0; - this.rotate[i] = 0; + +/** + * Class to en/decrypt using EAX mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function EAX(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('EAX mode supports only AES cipher'); + } + + const [ + omac, + ctr + ] = await Promise.all([ + OMAC(key), + CTR(key) + ]); + + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + const [ + omacNonce, + omacAdata + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata) + ]); + const ciphered = await ctr(plaintext, omacNonce); + const omacCiphered = await omac(two, ciphered); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + return util.concatUint8Array([ciphered, tag]); + }, + + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (16 bytes) + * @param {Uint8Array} adata - Associated data to verify + * @returns {Promise} The plaintext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$2) throw new Error('Invalid EAX ciphertext'); + const ciphered = ciphertext.subarray(0, -tagLength$2); + const ctTag = ciphertext.subarray(-tagLength$2); + const [ + omacNonce, + omacAdata, + omacCiphered + ] = await Promise.all([ + omac(zero, nonce), + omac(one$1, adata), + omac(two, ciphered) + ]); + const tag = omacCiphered; // Assumes that omac(*).length === tagLength. + for (let i = 0; i < tagLength$2; i++) { + tag[i] ^= omacAdata[i] ^ omacNonce[i]; + } + if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); + const plaintext = await ctr(ciphered, omacNonce); + return plaintext; } }; +} - this.getBlockSize = function() { - return this.BlockSize; - }; - this.encrypt = function(src) { - const dst = new Array(src.length); +/** + * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. + * @param {Uint8Array} iv - The initialization vector (16 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +EAX.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[8 + i] ^= chunkIndex[i]; + } + return nonce; +}; - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; +EAX.blockLength = blockLength$2; +EAX.ivLength = ivLength$2; +EAX.tagLength = tagLength$2; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 ProtonTech AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; +const blockLength$1 = 16; +const ivLength$1 = 15; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; +// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: +// While OCB [RFC7253] allows the authentication tag length to be of any +// number up to 128 bits long, this document requires a fixed +// authentication tag length of 128 bits (16 octets) for simplicity. +const tagLength$1 = 16; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >>> 16) & 255; - dst[i + 6] = (l >>> 8) & 255; - dst[i + 7] = l & 255; - } - return dst; - }; +function ntz(n) { + let ntz = 0; + for (let i = 1; (n & i) === 0; i <<= 1) { + ntz++; + } + return ntz; +} - this.decrypt = function(src) { - const dst = new Array(src.length); +function xorMut(S, T) { + for (let i = 0; i < S.length; i++) { + S[i] ^= T[i]; + } + return S; +} - for (let i = 0; i < src.length; i += 8) { - let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; - let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; - let t; +function xor(S, T) { + return xorMut(S.slice(), T); +} - t = r; - r = l ^ f1(r, this.masking[15], this.rotate[15]); - l = t; - t = r; - r = l ^ f3(r, this.masking[14], this.rotate[14]); - l = t; - t = r; - r = l ^ f2(r, this.masking[13], this.rotate[13]); - l = t; - t = r; - r = l ^ f1(r, this.masking[12], this.rotate[12]); - l = t; +const zeroBlock = new Uint8Array(blockLength$1); +const one = new Uint8Array([1]); - t = r; - r = l ^ f3(r, this.masking[11], this.rotate[11]); - l = t; - t = r; - r = l ^ f2(r, this.masking[10], this.rotate[10]); - l = t; - t = r; - r = l ^ f1(r, this.masking[9], this.rotate[9]); - l = t; - t = r; - r = l ^ f3(r, this.masking[8], this.rotate[8]); - l = t; +/** + * Class to en/decrypt using OCB mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function OCB(cipher, key) { + const { keySize } = getCipherParams(cipher); + // sanity checks + if (!util.isAES(cipher) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - t = r; - r = l ^ f2(r, this.masking[7], this.rotate[7]); - l = t; - t = r; - r = l ^ f1(r, this.masking[6], this.rotate[6]); - l = t; - t = r; - r = l ^ f3(r, this.masking[5], this.rotate[5]); - l = t; - t = r; - r = l ^ f2(r, this.masking[4], this.rotate[4]); - l = t; + let maxNtz = 0; - t = r; - r = l ^ f1(r, this.masking[3], this.rotate[3]); - l = t; - t = r; - r = l ^ f3(r, this.masking[2], this.rotate[2]); - l = t; - t = r; - r = l ^ f2(r, this.masking[1], this.rotate[1]); - l = t; - t = r; - r = l ^ f1(r, this.masking[0], this.rotate[0]); - l = t; + // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls, + // hence its execution cannot be broken up. + // As a result, WebCrypto cannot currently be used for `encipher`. + const aes = cbc(key, zeroBlock, { disablePadding: true }); + const encipher = block => aes.encrypt(block); + const decipher = block => aes.decrypt(block); + let mask; - dst[i] = (r >>> 24) & 255; - dst[i + 1] = (r >>> 16) & 255; - dst[i + 2] = (r >>> 8) & 255; - dst[i + 3] = r & 255; - dst[i + 4] = (l >>> 24) & 255; - dst[i + 5] = (l >> 16) & 255; - dst[i + 6] = (l >> 8) & 255; - dst[i + 7] = l & 255; - } + constructKeyVariables(); - return dst; - }; - const scheduleA = new Array(4); + function constructKeyVariables() { + const mask_x = encipher(zeroBlock); + const mask_$ = util.double(mask_x); + mask = []; + mask[0] = util.double(mask_$); - scheduleA[0] = new Array(4); - scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; - scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - scheduleA[1] = new Array(4); - scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + mask.x = mask_x; + mask.$ = mask_$; + } - scheduleA[2] = new Array(4); - scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; - scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; - scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; - scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; + function extendKeyVariables(text, adata) { + const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$1 | 0) - 1; + for (let i = maxNtz + 1; i <= newMaxNtz; i++) { + mask[i] = util.double(mask[i - 1]); + } + maxNtz = newMaxNtz; + } + function hash(adata) { + if (!adata.length) { + // Fast path + return zeroBlock; + } - scheduleA[3] = new Array(4); - scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; - scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; - scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; - scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; + // + // Consider A as a sequence of 128-bit blocks + // + const m = adata.length / blockLength$1 | 0; - const scheduleB = new Array(4); + const offset = new Uint8Array(blockLength$1); + const sum = new Uint8Array(blockLength$1); + for (let i = 0; i < m; i++) { + xorMut(offset, mask[ntz(i + 1)]); + xorMut(sum, encipher(xor(offset, adata))); + adata = adata.subarray(blockLength$1); + } - scheduleB[0] = new Array(4); - scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; - scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; - scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; - scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; + // + // Process any final partial block; compute final hash value + // + if (adata.length) { + xorMut(offset, mask.x); - scheduleB[1] = new Array(4); - scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; - scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; - scheduleB[1][2] = [7, 6, 8, 9, 3]; - scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; + const cipherInput = new Uint8Array(blockLength$1); + cipherInput.set(adata, 0); + cipherInput[adata.length] = 0b10000000; + xorMut(cipherInput, offset); + xorMut(sum, encipher(cipherInput)); + } - scheduleB[2] = new Array(4); - scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; - scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; - scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; - scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; + return sum; + } + + /** + * Encrypt/decrypt data. + * @param {encipher|decipher} fn - Encryption/decryption block cipher function + * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. + */ + function crypt(fn, text, nonce, adata) { + // + // Consider P as a sequence of 128-bit blocks + // + const m = text.length / blockLength$1 | 0; + // + // Key-dependent variables + // + extendKeyVariables(text, adata); - scheduleB[3] = new Array(4); - scheduleB[3][0] = [8, 9, 7, 6, 3]; - scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; - scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; - scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; + // + // Nonce-dependent and per-encryption variables + // + // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N + // Note: We assume here that tagLength mod 16 == 0. + const paddedNonce = util.concatUint8Array([zeroBlock.subarray(0, ivLength$1 - nonce.length), one, nonce]); + // bottom = str2num(Nonce[123..128]) + const bottom = paddedNonce[blockLength$1 - 1] & 0b111111; + // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) + paddedNonce[blockLength$1 - 1] &= 0b11000000; + const kTop = encipher(paddedNonce); + // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) + const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); + // Offset_0 = Stretch[1+bottom..128+bottom] + const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); + // Checksum_0 = zeros(128) + const checksum = new Uint8Array(blockLength$1); - // changed 'in' to 'inn' (in javascript 'in' is a reserved word) - this.keySchedule = function(inn) { - const t = new Array(8); - const k = new Array(32); + const ct = new Uint8Array(text.length + tagLength$1); - let j; + // + // Process any whole blocks + // + let i; + let pos = 0; + for (i = 0; i < m; i++) { + // Offset_i = Offset_{i-1} xor L_{ntz(i)} + xorMut(offset, mask[ntz(i + 1)]); + // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) + // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) + ct.set(xorMut(fn(xor(offset, text)), offset), pos); + // Checksum_i = Checksum_{i-1} xor P_i + xorMut(checksum, fn === encipher ? text : ct.subarray(pos)); - for (let i = 0; i < 4; i++) { - j = i * 4; - t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + text = text.subarray(blockLength$1); + pos += blockLength$1; } - const x = [6, 7, 4, 5]; - let ki = 0; - let w; + // + // Process any final partial block and compute raw tag + // + if (text.length) { + // Offset_* = Offset_m xor L_* + xorMut(offset, mask.x); + // Pad = ENCIPHER(K, Offset_*) + const padding = encipher(offset); + // C_* = P_* xor Pad[1..bitlen(P_*)] + ct.set(xor(text, padding), pos); - for (let half = 0; half < 2; half++) { - for (let round = 0; round < 4; round++) { - for (j = 0; j < 4; j++) { - const a = scheduleA[round][j]; - w = t[a[1]]; + // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) + const xorInput = new Uint8Array(blockLength$1); + xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); + xorInput[text.length] = 0b10000000; + xorMut(checksum, xorInput); + pos += text.length; + } + // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) + const tag = xorMut(encipher(xorMut(xorMut(checksum, offset), mask.$)), hash(adata)); - w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; - w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; - w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; - w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; - w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; - t[a[0]] = w; - } + // + // Assemble ciphertext + // + // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] + ct.set(tag, pos); + return ct; + } - for (j = 0; j < 4; j++) { - const b = scheduleB[round][j]; - w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; - w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; - w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; - w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; - k[ki] = w; - ki++; - } - } - } + return { + /** + * Encrypt plaintext input. + * @param {Uint8Array} plaintext - The cleartext input to be encrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + encrypt: async function(plaintext, nonce, adata) { + return crypt(encipher, plaintext, nonce, adata); + }, - for (let i = 0; i < 16; i++) { - this.masking[i] = k[i]; - this.rotate[i] = k[16 + i] & 0x1f; + /** + * Decrypt ciphertext input. + * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted + * @param {Uint8Array} nonce - The nonce (15 bytes) + * @param {Uint8Array} adata - Associated data to sign + * @returns {Promise} The ciphertext output. + */ + decrypt: async function(ciphertext, nonce, adata) { + if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); + + const tag = ciphertext.subarray(-tagLength$1); + ciphertext = ciphertext.subarray(0, -tagLength$1); + + const crypted = crypt(decipher, ciphertext, nonce, adata); + // if (Tag[1..TAGLEN] == T) + if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { + return crypted.subarray(0, -tagLength$1); + } + throw new Error('Authentication tag mismatch'); } }; +} - // These are the three 'f' functions. See RFC 2144, section 2.2. - function f1(d, m, r) { - const t = m + d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; +/** + * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. + * @param {Uint8Array} iv - The initialization vector (15 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +OCB.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[7 + i] ^= chunkIndex[i]; } + return nonce; +}; - function f2(d, m, r) { - const t = m ^ d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; - } +OCB.blockLength = blockLength$1; +OCB.ivLength = ivLength$1; +OCB.tagLength = tagLength$1; - function f3(d, m, r) { - const t = m - d; - const I = (t << r) | (t >>> (32 - r)); - return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const webCrypto$6 = util.getWebCrypto(); +const nodeCrypto$5 = util.getNodeCrypto(); +const Buffer = util.getNodeBuffer(); + +const blockLength = 16; +const ivLength = 12; // size of the IV in bytes +const tagLength = 16; // size of the tag in bytes +const ALGO = 'AES-GCM'; + +/** + * Class to en/decrypt using GCM mode. + * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use + * @param {Uint8Array} key - The encryption key + */ +async function GCM(cipher, key) { + if (cipher !== enums.symmetric.aes128 && + cipher !== enums.symmetric.aes192 && + cipher !== enums.symmetric.aes256) { + throw new Error('GCM mode supports only AES cipher'); } - const sBox = new Array(8); - sBox[0] = [ - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf - ]; + if (util.getNodeCrypto()) { // Node crypto library + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + const en = new nodeCrypto$5.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + en.setAAD(adata); + const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext + return new Uint8Array(ct); + }, - sBox[1] = [ - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + const de = new nodeCrypto$5.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); + de.setAAD(adata); + de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext + const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]); + return new Uint8Array(pt); + } + }; + } - sBox[2] = [ - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 - ]; + if (util.getWebCrypto()) { + try { + const _key = await webCrypto$6.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); + // Safari 13 and Safari iOS 14 does not support GCM-en/decrypting empty messages + const webcryptoEmptyMessagesUnsupported = navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/) || + navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/); + return { + encrypt: async function(pt, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && !pt.length) { + return gcm(key, iv, adata).encrypt(pt); + } + const ct = await webCrypto$6.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt); + return new Uint8Array(ct); + }, - sBox[3] = [ - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 - ]; + decrypt: async function(ct, iv, adata = new Uint8Array()) { + if (webcryptoEmptyMessagesUnsupported && ct.length === tagLength) { + return gcm(key, iv, adata).decrypt(ct); + } + try { + const pt = await webCrypto$6.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct); + return new Uint8Array(pt); + } catch (e) { + if (e.name === 'OperationError') { + throw new Error('Authentication tag mismatch'); + } + } + } + }; + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support operation: ' + err.message); + } + } - sBox[4] = [ - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 - ]; + return { + encrypt: async function(pt, iv, adata) { + return gcm(key, iv, adata).encrypt(pt); + }, - sBox[5] = [ - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f - ]; + decrypt: async function(ct, iv, adata) { + return gcm(key, iv, adata).decrypt(ct); + } + }; +} - sBox[6] = [ - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 - ]; - - sBox[7] = [ - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e - ]; -} - -function CAST5(key) { - this.cast5 = new OpenPGPSymEncCAST5(); - this.cast5.setKey(key); - - this.encrypt = function(block) { - return this.cast5.encrypt(block); - }; -} -CAST5.blockSize = CAST5.prototype.blockSize = 8; -CAST5.keySize = CAST5.prototype.keySize = 16; - -/* eslint-disable no-mixed-operators, no-fallthrough */ +/** + * Get GCM nonce. Note: this operation is not defined by the standard. + * A future version of the standard may define GCM mode differently, + * hopefully under a different ID (we use Private/Experimental algorithm + * ID 100) so that we can maintain backwards compatibility. + * @param {Uint8Array} iv - The initialization vector (12 bytes) + * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) + */ +GCM.getNonce = function(iv, chunkIndex) { + const nonce = iv.slice(); + for (let i = 0; i < chunkIndex.length; i++) { + nonce[4 + i] ^= chunkIndex[i]; + } + return nonce; +}; +GCM.blockLength = blockLength; +GCM.ivLength = ivLength; +GCM.tagLength = tagLength; -/* Modified by Recurity Labs GmbH - * - * Cipher.js - * A block-cipher algorithm implementation on JavaScript - * See Cipher.readme.txt for further information. - * - * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] - * This script file is distributed under the LGPL - * - * ACKNOWLEDGMENT - * - * The main subroutines are written by Michiel van Everdingen. - * - * Michiel van Everdingen - * http://home.versatel.nl/MAvanEverdingen/index.html - * - * All rights for these routines are reserved to Michiel van Everdingen. - * +/** + * @fileoverview Cipher modes + * @module crypto/mode */ -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -//Math -//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -const MAXINT = 0xFFFFFFFF; +var mode = { + /** @see module:crypto/mode/cfb */ + cfb: cfb, + /** @see module:crypto/mode/gcm */ + gcm: GCM, + experimentalGCM: GCM, + /** @see module:crypto/mode/eax */ + eax: EAX, + /** @see module:crypto/mode/ocb */ + ocb: OCB +}; -function rotw(w, n) { - return (w << n | w >>> (32 - n)) & MAXINT; +// Operations are not constant time, but we try and limit timing leakage where we can +const _0n$8 = BigInt(0); +const _1n$d = BigInt(1); +function uint8ArrayToBigInt(bytes) { + const hexAlphabet = '0123456789ABCDEF'; + let s = ''; + bytes.forEach(v => { + s += hexAlphabet[v >> 4] + hexAlphabet[v & 15]; + }); + return BigInt('0x0' + s); +} +function mod$2(a, m) { + const reduced = a % m; + return reduced < _0n$8 ? reduced + m : reduced; +} +/** + * Compute modular exponentiation using square and multiply + * @param {BigInt} a - Base + * @param {BigInt} e - Exponent + * @param {BigInt} n - Modulo + * @returns {BigInt} b ** e mod n. + */ +function modExp(b, e, n) { + if (n === _0n$8) + throw Error('Modulo cannot be zero'); + if (n === _1n$d) + return BigInt(0); + if (e < _0n$8) + throw Error('Unsopported negative exponent'); + let exp = e; + let x = b; + x %= n; + let r = BigInt(1); + while (exp > _0n$8) { + const lsb = exp & _1n$d; + exp >>= _1n$d; // e / 2 + // Always compute multiplication step, to reduce timing leakage + const rx = (r * x) % n; + // Update r only if lsb is 1 (odd exponent) + r = lsb ? rx : r; + x = (x * x) % n; // Square + } + return r; } - -function getW(a, i) { - return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +function abs(x) { + return x >= _0n$8 ? x : -x; } - -function setW(a, i, w) { - a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +/** + * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf) + * Given a and b, compute (x, y) such that ax + by = gdc(a, b). + * Negative numbers are also supported. + * @param {BigInt} a - First operand + * @param {BigInt} b - Second operand + * @returns {{ gcd, x, y: bigint }} + */ +function _egcd(aInput, bInput) { + let x = BigInt(0); + let y = BigInt(1); + let xPrev = BigInt(1); + let yPrev = BigInt(0); + // Deal with negative numbers: run algo over absolute values, + // and "move" the sign to the returned x and/or y. + // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers + let a = abs(aInput); + let b = abs(bInput); + const aNegated = aInput < _0n$8; + const bNegated = bInput < _0n$8; + while (b !== _0n$8) { + const q = a / b; + let tmp = x; + x = xPrev - q * x; + xPrev = tmp; + tmp = y; + y = yPrev - q * y; + yPrev = tmp; + tmp = b; + b = a % b; + a = tmp; + } + return { + x: aNegated ? -xPrev : xPrev, + y: bNegated ? -yPrev : yPrev, + gcd: a + }; +} +/** + * Compute the inverse of `a` modulo `n` + * Note: `a` and and `n` must be relatively prime + * @param {BigInt} a + * @param {BigInt} n - Modulo + * @returns {BigInt} x such that a*x = 1 mod n + * @throws {Error} if the inverse does not exist + */ +function modInv(a, n) { + const { gcd, x } = _egcd(a, n); + if (gcd !== _1n$d) { + throw new Error('Inverse does not exist'); + } + return mod$2(x + n, n); +} +/** + * Compute greatest common divisor between this and n + * @param {BigInt} aInput - Operand + * @param {BigInt} bInput - Operand + * @returns {BigInt} gcd + */ +function gcd(aInput, bInput) { + let a = aInput; + let b = bInput; + while (b !== _0n$8) { + const tmp = b; + b = a % b; + a = tmp; + } + return a; +} +/** + * Get this value as an exact Number (max 53 bits) + * Fails if this value is too large + * @returns {Number} + */ +function bigIntToNumber(x) { + const number = Number(x); + if (number > Number.MAX_SAFE_INTEGER) { + // We throw and error to conform with the bn.js implementation + throw new Error('Number can only safely store up to 53 bits'); + } + return number; +} +/** + * Get value of i-th bit + * @param {BigInt} x + * @param {Number} i - Bit index + * @returns {Number} Bit value. + */ +function getBit(x, i) { + const bit = (x >> BigInt(i)) & _1n$d; + return bit === _0n$8 ? 0 : 1; +} +/** + * Compute bit length + */ +function bitLength(x) { + // -1n >> -1n is -1n + // 1n >> 1n is 0n + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + let bitlen = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _1n$d) !== target) { + bitlen++; + } + return bitlen; +} +/** + * Compute byte length + */ +function byteLength(x) { + const target = x < _0n$8 ? BigInt(-1) : _0n$8; + const _8n = BigInt(8); + let len = 1; + let tmp = x; + // eslint-disable-next-line no-cond-assign + while ((tmp >>= _8n) !== target) { + len++; + } + return len; +} +/** + * Get Uint8Array representation of this number + * @param {String} endian - Endianess of output array (defaults to 'be') + * @param {Number} length - Of output array + * @returns {Uint8Array} + */ +function bigIntToUint8Array(x, endian = 'be', length) { + // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/) + // this is faster than shift+mod iterations + let hex = x.toString(16); + if (hex.length % 2 === 1) { + hex = '0' + hex; + } + const rawLength = hex.length / 2; + const bytes = new Uint8Array(length || rawLength); + // parse hex + const offset = length ? length - rawLength : 0; + let i = 0; + while (i < rawLength) { + bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16); + i++; + } + if (endian !== 'be') { + bytes.reverse(); + } + return bytes; } -function getB(x, n) { - return (x >>> (n * 8)) & 0xFF; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +const nodeCrypto$4 = util.getNodeCrypto(); + +/** + * Retrieve secure random byte array of the specified length + * @param {Integer} length - Length in bytes to generate + * @returns {Uint8Array} Random byte array. + */ +function getRandomBytes(length) { + const webcrypto = typeof crypto !== 'undefined' ? crypto : nodeCrypto$4?.webcrypto; + if (webcrypto?.getRandomValues) { + const buf = new Uint8Array(length); + return webcrypto.getRandomValues(buf); + } else { + throw new Error('No secure random number generator available.'); + } } -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// Twofish -// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +/** + * Create a secure random BigInt that is greater than or equal to min and less than max. + * @param {bigint} min - Lower bound, included + * @param {bigint} max - Upper bound, excluded + * @returns {bigint} Random BigInt. + * @async + */ +function getRandomBigInteger(min, max) { + if (max < min) { + throw new Error('Illegal parameter value: max <= min'); + } -function createTwofish() { - // - let keyBytes = null; - let dataBytes = null; - let dataOffset = -1; - // var dataLength = -1; - // var idx2 = -1; - // + const modulus = max - min; + const bytes = byteLength(modulus); - let tfsKey = []; - let tfsM = [ - [], - [], - [], - [] - ]; + // Using a while loop is necessary to avoid bias introduced by the mod operation. + // However, we request 64 extra random bits so that the bias is negligible. + // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8)); + return mod$2(r, modulus) + min; +} - function tfsInit(key) { - keyBytes = key; - let i; - let a; - let b; - let c; - let d; - const meKey = []; - const moKey = []; - const inKey = []; - let kLen; - const sKey = []; - let f01; - let f5b; - let fef; +var random = /*#__PURE__*/Object.freeze({ + __proto__: null, + getRandomBigInteger: getRandomBigInteger, + getRandomBytes: getRandomBytes +}); - const q0 = [ - [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], - [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] - ]; - const q1 = [ - [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], - [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] - ]; - const q2 = [ - [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], - [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] - ]; - const q3 = [ - [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], - [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] - ]; - const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; - const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; - const q = [ - [], - [] - ]; - const m = [ - [], - [], - [], - [] - ]; - - function ffm5b(x) { - return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +/** + * @fileoverview Algorithms for probabilistic random prime generation + * @module crypto/public_key/prime + */ +const _1n$c = BigInt(1); +/** + * Generate a probably prime random number + * @param bits - Bit length of the prime + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function randomProbablePrime(bits, e, k) { + const _30n = BigInt(30); + const min = _1n$c << BigInt(bits - 1); + /* + * We can avoid any multiples of 3 and 5 by looking at n mod 30 + * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 + * the next possible prime is mod 30: + * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 + */ + const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; + let n = getRandomBigInteger(min, min << _1n$c); + let i = bigIntToNumber(mod$2(n, _30n)); + do { + n += BigInt(adds[i]); + i = (i + adds[i]) % adds.length; + // If reached the maximum, go back to the minimum. + if (bitLength(n) > bits) { + n = mod$2(n, min << _1n$c); + n += min; + i = bigIntToNumber(mod$2(n, _30n)); + } + } while (!isProbablePrime(n, e, k)); + return n; +} +/** + * Probabilistic primality testing + * @param n - Number to test + * @param e - Optional RSA exponent to check against the prime + * @param k - Optional number of iterations of Miller-Rabin test + */ +function isProbablePrime(n, e, k) { + if (e && gcd(n - _1n$c, e) !== _1n$c) { + return false; } - - function ffmEf(x) { - return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + if (!divisionTest(n)) { + return false; } - - function mdsRem(p, q) { - let i; - let t; - let u; - for (i = 0; i < 8; i++) { - t = q >>> 24; - q = ((q << 8) & MAXINT) | p >>> 24; - p = (p << 8) & MAXINT; - u = t << 1; - if (t & 128) { - u ^= 333; + if (!fermat(n)) { + return false; + } + if (!millerRabin(n, k)) { + return false; + } + // TODO implement the Lucas test + // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + return true; +} +/** + * Tests whether n is probably prime or not using Fermat's test with b = 2. + * Fails if b^(n-1) mod n != 1. + * @param n - Number to test + * @param b - Optional Fermat test base + */ +function fermat(n, b = BigInt(2)) { + return modExp(b, n - _1n$c, n) === _1n$c; +} +function divisionTest(n) { + const _0n = BigInt(0); + return smallPrimes.every(m => mod$2(n, m) !== _0n); +} +// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c +const smallPrimes = [ + 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +].map(n => BigInt(n)); +// Miller-Rabin - Miller Rabin algorithm for primality test +// Copyright Fedor Indutny, 2014. +// +// This software is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. +// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin +// Sample syntax for Fixed-Base Miller-Rabin: +// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) +/** + * Tests whether n is probably prime or not using the Miller-Rabin test. + * See HAC Remark 4.28. + * @param n - Number to test + * @param k - Optional number of iterations of Miller-Rabin test + * @param rand - Optional function to generate potential witnesses + * @returns {boolean} + * @async + */ +function millerRabin(n, k, rand) { + const len = bitLength(n); + if (!k) { + k = Math.max(1, (len / 48) | 0); + } + const n1 = n - _1n$c; // n - 1 + // Find d and s, (n - 1) = (2 ^ s) * d; + let s = 0; + while (!getBit(n1, s)) { + s++; + } + const d = n >> BigInt(s); + for (; k > 0; k--) { + const a = getRandomBigInteger(BigInt(2), n1); + let x = modExp(a, d, n); + if (x === _1n$c || x === n1) { + continue; } - q ^= t ^ (u << 16); - u ^= t >>> 1; - if (t & 1) { - u ^= 166; + let i; + for (i = 1; i < s; i++) { + x = mod$2(x * x, n); + if (x === _1n$c) { + return false; + } + if (x === n1) { + break; + } + } + if (i === s) { + return false; } - q ^= u << 24 | u << 8; - } - return q; - } - - function qp(n, x) { - const a = x >> 4; - const b = x & 15; - const c = q0[n][a ^ b]; - const d = q1[n][ror4[b] ^ ashx[a]]; - return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; } + return true; +} - function hFun(x, key) { - let a = getB(x, 0); - let b = getB(x, 1); - let c = getB(x, 2); - let d = getB(x, 3); - switch (kLen) { - case 4: - a = q[1][a] ^ getB(key[3], 0); - b = q[0][b] ^ getB(key[3], 1); - c = q[0][c] ^ getB(key[3], 2); - d = q[1][d] ^ getB(key[3], 3); - case 3: - a = q[1][a] ^ getB(key[2], 0); - b = q[1][b] ^ getB(key[2], 1); - c = q[0][c] ^ getB(key[2], 2); - d = q[0][d] ^ getB(key[2], 3); - case 2: - a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); - b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); - c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); - d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); - } - return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - keyBytes = keyBytes.slice(0, 32); - i = keyBytes.length; - while (i !== 16 && i !== 24 && i !== 32) { - keyBytes[i++] = 0; - } - for (i = 0; i < keyBytes.length; i += 4) { - inKey[i >> 2] = getW(keyBytes, i); - } - for (i = 0; i < 256; i++) { - q[0][i] = qp(0, i); - q[1][i] = qp(1, i); - } - for (i = 0; i < 256; i++) { - f01 = q[1][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); - m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); - f01 = q[0][i]; - f5b = ffm5b(f01); - fef = ffmEf(f01); - m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); - m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); - } +/** + * ASN1 object identifiers for hashes + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} + */ +const hash_headers = []; +hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, + 0x10]; +hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; +hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; +hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20]; +hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, + 0x04, 0x30]; +hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40]; +hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, + 0x00, 0x04, 0x1C]; - kLen = inKey.length / 2; - for (i = 0; i < kLen; i++) { - a = inKey[i + i]; - meKey[i] = a; - b = inKey[i + i + 1]; - moKey[i] = b; - sKey[kLen - i - 1] = mdsRem(a, b); - } - for (i = 0; i < 40; i += 2) { - a = 0x1010101 * i; - b = a + 0x1010101; - a = hFun(a, meKey); - b = rotw(hFun(b, moKey), 8); - tfsKey[i] = (a + b) & MAXINT; - tfsKey[i + 1] = rotw(a + 2 * b, 9); - } - for (i = 0; i < 256; i++) { - a = b = c = d = i; - switch (kLen) { - case 4: - a = q[1][a] ^ getB(sKey[3], 0); - b = q[0][b] ^ getB(sKey[3], 1); - c = q[0][c] ^ getB(sKey[3], 2); - d = q[1][d] ^ getB(sKey[3], 3); - case 3: - a = q[1][a] ^ getB(sKey[2], 0); - b = q[1][b] ^ getB(sKey[2], 1); - c = q[0][c] ^ getB(sKey[2], 2); - d = q[0][d] ^ getB(sKey[2], 3); - case 2: - tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; - tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; - tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; - tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; +/** + * Create padding with secure random data + * @private + * @param {Integer} length - Length of the padding in bytes + * @returns {Uint8Array} Random padding. + */ +function getPKCS1Padding(length) { + const result = new Uint8Array(length); + let count = 0; + while (count < length) { + const randomBytes = getRandomBytes(length - count); + for (let i = 0; i < randomBytes.length; i++) { + if (randomBytes[i] !== 0) { + result[count++] = randomBytes[i]; } } } + return result; +} - function tfsG0(x) { - return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; - } - - function tfsG1(x) { - return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; - } - - function tfsFrnd(r, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); - blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); - blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; +/** + * Create a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} + * @param {Uint8Array} message - Message to be encoded + * @param {Integer} keyLength - The length in octets of the key modulus + * @returns {Uint8Array} EME-PKCS1 padded message. + */ +function emeEncode(message, keyLength) { + const mLength = message.length; + // length checking + if (mLength > keyLength - 11) { + throw new Error('Message too long'); } + // Generate an octet string PS of length k - mLen - 3 consisting of + // pseudo-randomly generated nonzero octets + const PS = getPKCS1Padding(keyLength - mLength - 3); + // Concatenate PS, the message M, and other padding to form an + // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. + const encoded = new Uint8Array(keyLength); + // 0x00 byte + encoded[1] = 2; + encoded.set(PS, 2); + // 0x00 bytes + encoded.set(message, keyLength - mLength); + return encoded; +} - function tfsIrnd(i, blk) { - let a = tfsG0(blk[0]); - let b = tfsG1(blk[1]); - blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; - blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); - a = tfsG0(blk[2]); - b = tfsG1(blk[3]); - blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; - blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); +/** + * Decode a EME-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} + * @param {Uint8Array} encoded - Encoded message bytes + * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) + * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) + * @throws {Error} on decoding failure, unless `randomPayload` is provided + */ +function emeDecode(encoded, randomPayload) { + // encoded format: 0x00 0x02 0x00 + let offset = 2; + let separatorNotFound = 1; + for (let j = offset; j < encoded.length; j++) { + separatorNotFound &= encoded[j] !== 0; + offset += separatorNotFound; } - function tfsClose() { - tfsKey = []; - tfsM = [ - [], - [], - [], - [] - ]; - } + const psLen = offset - 2; + const payload = encoded.subarray(offset + 1); // discard the 0x00 separator + const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - function tfsEncrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], - getW(dataBytes, dataOffset + 4) ^ tfsKey[1], - getW(dataBytes, dataOffset + 8) ^ tfsKey[2], - getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; - for (let j = 0; j < 8; j++) { - tfsFrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); - dataOffset += 16; - return dataBytes; + if (randomPayload) { + return util.selectUint8Array(isValidPadding, payload, randomPayload); } - function tfsDecrypt(data, offset) { - dataBytes = data; - dataOffset = offset; - const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], - getW(dataBytes, dataOffset + 4) ^ tfsKey[5], - getW(dataBytes, dataOffset + 8) ^ tfsKey[6], - getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; - for (let j = 7; j >= 0; j--) { - tfsIrnd(j, blk); - } - setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); - setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); - setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); - setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); - dataOffset += 16; + if (isValidPadding) { + return payload; } - // added by Recurity Labs + throw new Error('Decryption error'); +} - function tfsFinal() { - return dataBytes; +/** + * Create a EMSA-PKCS1-v1_5 padded message + * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} + * @param {Integer} algo - Hash algorithm type used + * @param {Uint8Array} hashed - Message to be encoded + * @param {Integer} emLen - Intended length in octets of the encoded message + * @returns {Uint8Array} Encoded message. + */ +function emsaEncode(algo, hashed, emLen) { + let i; + if (hashed.length !== hash$1.getHashByteLength(algo)) { + throw new Error('Invalid hash length'); + } + // produce an ASN.1 DER value for the hash function used. + // Let T be the full hash prefix + const hashPrefix = new Uint8Array(hash_headers[algo].length); + for (i = 0; i < hash_headers[algo].length; i++) { + hashPrefix[i] = hash_headers[algo][i]; + } + // and let tLen be the length in octets prefix and hashed data + const tLen = hashPrefix.length + hashed.length; + if (emLen < tLen + 11) { + throw new Error('Intended encoded message length too short'); } + // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF + // The length of PS will be at least 8 octets + const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - return { - name: 'twofish', - blocksize: 128 / 8, - open: tfsInit, - close: tfsClose, - encrypt: tfsEncrypt, - decrypt: tfsDecrypt, - // added by Recurity Labs - finalize: tfsFinal - }; + // Concatenate PS, the hash prefix, hashed data, and other padding to form the + // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed + const EM = new Uint8Array(emLen); + EM[1] = 0x01; + EM.set(PS, 2); + EM.set(hashPrefix, emLen - tLen); + EM.set(hashed, emLen - hashed.length); + return EM; } -// added by Recurity Labs +var pkcs1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + emeDecode: emeDecode, + emeEncode: emeEncode, + emsaEncode: emsaEncode +}); -function TF(key) { - this.tf = createTwofish(); - this.tf.open(Array.from(key), 0); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - this.encrypt = function(block) { - return this.tf.encrypt(Array.from(block), 0); - }; -} -TF.keySize = TF.prototype.keySize = 32; -TF.blockSize = TF.prototype.blockSize = 16; +const webCrypto$5 = util.getWebCrypto(); +const nodeCrypto$3 = util.getNodeCrypto(); +const _1n$b = BigInt(1); -/* Modified by Recurity Labs GmbH - * - * Originally written by nklein software (nklein.com) +/** Create signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} hashed - Hashed message + * @returns {Promise} RSA Signature. + * @async */ +async function sign$6(hashAlgo, data, n, e, d, p, q, u, hashed) { + if (hash$1.getHashByteLength(hashAlgo) >= n.length) { + // Throw here instead of `emsaEncode` below, to provide a clearer and consistent error + // e.g. if a 512-bit RSA key is used with a SHA-512 digest. + // The size limit is actually slightly different but here we only care about throwing + // on common key sizes. + throw new Error('Digest size cannot exceed key modulus size'); + } -/* - * Javascript implementation based on Bruce Schneier's reference implementation. - * - * - * The constructor doesn't do much of anything. It's just here - * so we can start defining properties and methods and such. - */ -function Blowfish() {} + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webSign$1(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeSign$1(hashAlgo, data, n, e, d, p, q, u); + } + } + return bnSign(hashAlgo, n, d, hashed); +} -/* - * Declare the block size so that protocols know what size - * Initialization Vector (IV) they will need. +/** + * Verify signature + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Uint8Array} data - Message + * @param {Uint8Array} s - Signature + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} hashed - Hashed message + * @returns {Boolean} + * @async */ -Blowfish.prototype.BLOCKSIZE = 8; +async function verify$6(hashAlgo, data, s, n, e, hashed) { + if (data && !util.isStream(data)) { + if (util.getWebCrypto()) { + try { + return await webVerify$1(enums.read(enums.webHash, hashAlgo), data, s, n, e); + } catch (err) { + util.printDebugError(err); + } + } else if (util.getNodeCrypto()) { + return nodeVerify$1(hashAlgo, data, s, n, e); + } + } + return bnVerify(hashAlgo, s, n, e, hashed); +} -/* - * These are the default SBOXES. +/** + * Encrypt message + * @param {Uint8Array} data - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @returns {Promise} RSA Ciphertext. + * @async */ -Blowfish.prototype.SBOXES = [ - [ - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, - 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, - 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, - 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, - 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, - 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, - 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, - 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, - 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, - 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, - 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, - 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, - 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, - 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, - 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, - 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, - 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, - 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, - 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, - 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, - 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, - 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a - ], - [ - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 - ], - [ - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 - ], - [ - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 - ] -]; - -//* -//* This is the default PARRAY -//* -Blowfish.prototype.PARRAY = [ - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b -]; - -//* -//* This is the number of rounds the cipher will go -//* -Blowfish.prototype.NN = 16; - -//* -//* This function is needed to get rid of problems -//* with the high-bit getting set. If we don't do -//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not -//* equal to ( bb & 0x00FFFFFFFF ) even when they -//* agree bit-for-bit for the first 32 bits. -//* -Blowfish.prototype._clean = function(xx) { - if (xx < 0) { - const yy = xx & 0x7FFFFFFF; - xx = yy + 0x80000000; +async function encrypt$4(data, n, e) { + if (util.getNodeCrypto()) { + return nodeEncrypt(data, n, e); } - return xx; -}; - -//* -//* This is the mixing function that uses the sboxes -//* -Blowfish.prototype._F = function(xx) { - let yy; + return bnEncrypt(data, n, e); +} - const dd = xx & 0x00FF; - xx >>>= 8; - const cc = xx & 0x00FF; - xx >>>= 8; - const bb = xx & 0x00FF; - xx >>>= 8; - const aa = xx & 0x00FF; +/** + * Decrypt RSA message + * @param {Uint8Array} m - Message + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA private coefficient + * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} RSA Plaintext. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$4(data, n, e, d, p, q, u, randomPayload) { + // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, + // and we want to avoid checking the error type to decide if the random payload + // should indeed be returned. + if (util.getNodeCrypto() && !randomPayload) { + try { + return await nodeDecrypt(data, n, e, d, p, q, u); + } catch (err) { + util.printDebugError(err); + } + } + return bnDecrypt(data, n, e, d, p, q, u, randomPayload); +} - yy = this.sboxes[0][aa] + this.sboxes[1][bb]; - yy ^= this.sboxes[2][cc]; - yy += this.sboxes[3][dd]; +/** + * Generate a new random private key B bits long with public exponent E. + * + * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using + * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. + * @see module:crypto/public_key/prime + * @param {Integer} bits - RSA bit length + * @param {Integer} e - RSA public exponent + * @returns {{n, e, d, + * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, + * RSA private prime p, RSA private prime q, u = p ** -1 mod q + * @async + */ +async function generate$4(bits, e) { + e = BigInt(e); - return yy; -}; + // Native RSA keygen using Web Crypto + if (util.getWebCrypto()) { + const keyGenOpt = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: bits, // the specified keysize in bits + publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent + hash: { + name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' + } + }; + const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); -//* -//* This method takes an array with two values, left and right -//* and does NN rounds of Blowfish on them. -//* -Blowfish.prototype._encryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; + // export the generated keys as JsonWebKey (JWK) + // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 + const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); + // map JWK parameters to corresponding OpenPGP names + return jwkToPrivate(jwk, e); + } else if (util.getNodeCrypto()) { + const opts = { + modulusLength: bits, + publicExponent: bigIntToNumber(e), + publicKeyEncoding: { type: 'pkcs1', format: 'jwk' }, + privateKeyEncoding: { type: 'pkcs1', format: 'jwk' } + }; + const jwk = await new Promise((resolve, reject) => { + nodeCrypto$3.generateKeyPair('rsa', opts, (err, _, jwkPrivateKey) => { + if (err) { + reject(err); + } else { + resolve(jwkPrivateKey); + } + }); + }); + return jwkToPrivate(jwk, e); + } - let ii; + // RSA keygen fallback using 40 iterations of the Miller-Rabin test + // See https://stackoverflow.com/a/6330138 for justification + // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST + let p; + let q; + let n; + do { + q = randomProbablePrime(bits - (bits >> 1), e, 40); + p = randomProbablePrime(bits >> 1, e, 40); + n = p * q; + } while (bitLength(n) !== bits); - for (ii = 0; ii < this.NN; ++ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; + const phi = (p - _1n$b) * (q - _1n$b); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + if (q < p) { + [p, q] = [q, p]; } - dataL ^= this.parray[this.NN + 0]; - dataR ^= this.parray[this.NN + 1]; + return { + n: bigIntToUint8Array(n), + e: bigIntToUint8Array(e), + d: bigIntToUint8Array(modInv(e, phi)), + p: bigIntToUint8Array(p), + q: bigIntToUint8Array(q), + // dp: d.mod(p.subn(1)), + // dq: d.mod(q.subn(1)), + u: bigIntToUint8Array(modInv(p, q)) + }; +} - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; +/** + * Validate RSA parameters + * @param {Uint8Array} n - RSA public modulus + * @param {Uint8Array} e - RSA public exponent + * @param {Uint8Array} d - RSA private exponent + * @param {Uint8Array} p - RSA private prime p + * @param {Uint8Array} q - RSA private prime q + * @param {Uint8Array} u - RSA inverse of p w.r.t. q + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$9(n, e, d, p, q, u) { + n = uint8ArrayToBigInt(n); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); -//* -//* This method takes a vector of numbers and turns them -//* into long words so that they can be processed by the -//* real algorithm. -//* -//* Maybe I should make the real algorithm above take a vector -//* instead. That will involve more looping, but it won't require -//* the F() method to deconstruct the vector. -//* -Blowfish.prototype.encryptBlock = function(vector) { - let ii; - const vals = [0, 0]; - const off = this.BLOCKSIZE / 2; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); - vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); + // expect pq = n + if ((p * q) !== n) { + return false; } - this._encryptBlock(vals); + const _2n = BigInt(2); + // expect p*u = 1 mod q + u = uint8ArrayToBigInt(u); + if (mod$2(p * u, q) !== BigInt(1)) { + return false; + } - const ret = []; - for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { - ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); - ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); - // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); - // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + /** + * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) + * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] + * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] + * + * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) + */ + const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3)); + const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q + const rde = r * d * e; + + const areInverses = mod$2(rde, p - _1n$b) === r && mod$2(rde, q - _1n$b) === r; + if (!areInverses) { + return false; } - return ret; -}; + return true; +} -//* -//* This method takes an array with two values, left and right -//* and undoes NN rounds of Blowfish on them. -//* -Blowfish.prototype._decryptBlock = function(vals) { - let dataL = vals[0]; - let dataR = vals[1]; +async function bnSign(hashAlgo, n, d, hashed) { + n = uint8ArrayToBigInt(n); + const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n))); + d = uint8ArrayToBigInt(d); + return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n)); +} - let ii; +async function webSign$1(hashName, data, n, e, d, p, q, u) { + /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. + * We swap them in privateToJWK, so it usually works out, but nevertheless, + * not all OpenPGP keys are compatible with this requirement. + * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still + * does if the underlying Web Crypto does so (though the tested implementations + * don't do so). + */ + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const algo = { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }; + const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); + return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); +} - for (ii = this.NN + 1; ii > 1; --ii) { - dataL ^= this.parray[ii]; - dataR = this._F(dataL) ^ dataR; +async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) { + const sign = nodeCrypto$3.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(data); + sign.end(); - const tmp = dataL; - dataL = dataR; - dataR = tmp; + const jwk = await privateToJWK$1(n, e, d, p, q, u); + return new Uint8Array(sign.sign({ key: jwk, format: 'jwk', type: 'pkcs1' })); +} + +async function bnVerify(hashAlgo, s, n, e, hashed) { + n = uint8ArrayToBigInt(n); + s = uint8ArrayToBigInt(s); + e = uint8ArrayToBigInt(e); + if (s >= n) { + throw new Error('Signature size cannot exceed modulus size'); } + const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n)); + const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n)); + return util.equalsUint8Array(EM1, EM2); +} - dataL ^= this.parray[1]; - dataR ^= this.parray[0]; +async function webVerify$1(hashName, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = await webCrypto$5.importKey('jwk', jwk, { + name: 'RSASSA-PKCS1-v1_5', + hash: { name: hashName } + }, false, ['verify']); + return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); +} - vals[0] = this._clean(dataR); - vals[1] = this._clean(dataL); -}; +async function nodeVerify$1(hashAlgo, data, s, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1' }; -//* -//* This method takes a key array and initializes the -//* sboxes and parray for this encryption. -//* -Blowfish.prototype.init = function(key) { - let ii; - let jj = 0; + const verify = nodeCrypto$3.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(data); + verify.end(); - this.parray = []; - for (ii = 0; ii < this.NN + 2; ++ii) { - let data = 0x00000000; - for (let kk = 0; kk < 4; ++kk) { - data = (data << 8) | (key[jj] & 0x00FF); - if (++jj >= key.length) { - jj = 0; - } - } - this.parray[ii] = this.PARRAY[ii] ^ data; + try { + return verify.verify(key, s); + } catch (err) { + return false; } +} - this.sboxes = []; - for (ii = 0; ii < 4; ++ii) { - this.sboxes[ii] = []; - for (jj = 0; jj < 256; ++jj) { - this.sboxes[ii][jj] = this.SBOXES[ii][jj]; - } +async function nodeEncrypt(data, n, e) { + const jwk = publicToJWK(n, e); + const key = { key: jwk, format: 'jwk', type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; + + return new Uint8Array(nodeCrypto$3.publicEncrypt(key, data)); +} + +async function bnEncrypt(data, n, e) { + n = uint8ArrayToBigInt(n); + data = uint8ArrayToBigInt(emeEncode(data, byteLength(n))); + e = uint8ArrayToBigInt(e); + if (data >= n) { + throw new Error('Message size cannot exceed modulus size'); } + return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n)); +} - const vals = [0x00000000, 0x00000000]; +async function nodeDecrypt(data, n, e, d, p, q, u) { + const jwk = await privateToJWK$1(n, e, d, p, q, u); + const key = { key: jwk, format: 'jwk' , type: 'pkcs1', padding: nodeCrypto$3.constants.RSA_PKCS1_PADDING }; - for (ii = 0; ii < this.NN + 2; ii += 2) { - this._encryptBlock(vals); - this.parray[ii + 0] = vals[0]; - this.parray[ii + 1] = vals[1]; + try { + return new Uint8Array(nodeCrypto$3.privateDecrypt(key, data)); + } catch (err) { + throw new Error('Decryption error'); } +} - for (ii = 0; ii < 4; ++ii) { - for (jj = 0; jj < 256; jj += 2) { - this._encryptBlock(vals); - this.sboxes[ii][jj + 0] = vals[0]; - this.sboxes[ii][jj + 1] = vals[1]; - } +async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { + data = uint8ArrayToBigInt(data); + n = uint8ArrayToBigInt(n); + e = uint8ArrayToBigInt(e); + d = uint8ArrayToBigInt(d); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + u = uint8ArrayToBigInt(u); + if (data >= n) { + throw new Error('Data too large.'); } -}; + const dq = mod$2(d, q - _1n$b); // d mod (q-1) + const dp = mod$2(d, p - _1n$b); // d mod (p-1) -// added by Recurity Labs -function BF(key) { - this.bf = new Blowfish(); - this.bf.init(key); + const unblinder = getRandomBigInteger(BigInt(2), n); + const blinder = modExp(modInv(unblinder, n), e, n); + data = mod$2(data * blinder, n); - this.encrypt = function(block) { - return this.bf.encryptBlock(block); - }; -} + const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p + const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q + const h = mod$2(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q) -BF.keySize = BF.prototype.keySize = 16; -BF.blockSize = BF.prototype.blockSize = 8; + let result = h * p + mp; // result < n due to relations above -/** - * @fileoverview Symmetric cryptography functions - * @module crypto/cipher - * @private + result = mod$2(result * unblinder, n); + + return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload); +} + +/** Convert Openpgp private key params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e + * @param {Uint8Array} d + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} u */ +async function privateToJWK$1(n, e, d, p, q, u) { + const pNum = uint8ArrayToBigInt(p); + const qNum = uint8ArrayToBigInt(q); + const dNum = uint8ArrayToBigInt(d); -/** - * AES-128 encryption and decryption (ID 7) - * @function - * @param {String} key - 128-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} + let dq = mod$2(dNum, qNum - _1n$b); // d mod (q-1) + let dp = mod$2(dNum, pNum - _1n$b); // d mod (p-1) + dp = bigIntToUint8Array(dp); + dq = bigIntToUint8Array(dq); + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + d: uint8ArrayToB64(d), + // switch p and q + p: uint8ArrayToB64(q), + q: uint8ArrayToB64(p), + // switch dp and dq + dp: uint8ArrayToB64(dq), + dq: uint8ArrayToB64(dp), + qi: uint8ArrayToB64(u), + ext: true + }; +} + +/** Convert Openpgp key public params to jwk key according to + * @link https://tools.ietf.org/html/rfc7517 + * @param {String} hashAlgo + * @param {Uint8Array} n + * @param {Uint8Array} e */ -const aes128 = aes(128); -/** - * AES-128 Block Cipher (ID 8) - * @function - * @param {String} key - 192-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes192 = aes(192); -/** - * AES-128 Block Cipher (ID 9) - * @function - * @param {String} key - 256-bit key - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf|NIST FIPS-197} - * @returns {Object} - */ -const aes256 = aes(256); -// Not in OpenPGP specifications -const des$1 = DES; -/** - * Triple DES Block Cipher (ID 2) - * @function - * @param {String} key - 192-bit key - * @see {@link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf|NIST SP 800-67} - * @returns {Object} - */ -const tripledes = TripleDES; -/** - * CAST-128 Block Cipher (ID 3) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc2144|The CAST-128 Encryption Algorithm} - * @returns {Object} - */ -const cast5 = CAST5; -/** - * Twofish Block Cipher (ID 10) - * @function - * @param {String} key - 256-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-TWOFISH|TWOFISH} - * @returns {Object} - */ -const twofish = TF; -/** - * Blowfish Block Cipher (ID 4) - * @function - * @param {String} key - 128-bit key - * @see {@link https://tools.ietf.org/html/rfc4880#ref-BLOWFISH|BLOWFISH} - * @returns {Object} - */ -const blowfish = BF; -/** - * Not implemented - * @function - * @throws {Error} - */ -const idea = function() { - throw new Error('IDEA symmetric-key algorithm not implemented'); -}; +function publicToJWK(n, e) { + return { + kty: 'RSA', + n: uint8ArrayToB64(n), + e: uint8ArrayToB64(e), + ext: true + }; +} -var cipher = /*#__PURE__*/Object.freeze({ +/** Convert JWK private key to OpenPGP private key params */ +function jwkToPrivate(jwk, e) { + return { + n: b64ToUint8Array(jwk.n), + e: bigIntToUint8Array(e), + d: b64ToUint8Array(jwk.d), + // switch p and q + p: b64ToUint8Array(jwk.q), + q: b64ToUint8Array(jwk.p), + // Since p and q are switched in places, u is the inverse of jwk.q + u: b64ToUint8Array(jwk.qi) + }; +} + +var rsa = /*#__PURE__*/Object.freeze({ __proto__: null, - aes128: aes128, - aes192: aes192, - aes256: aes256, - des: des$1, - tripledes: tripledes, - cast5: cast5, - twofish: twofish, - blowfish: blowfish, - idea: idea + decrypt: decrypt$4, + encrypt: encrypt$4, + generate: generate$4, + sign: sign$6, + validateParams: validateParams$9, + verify: verify$6 }); -var sha1_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, n = 0, t = 0, - w16 = 0, w17 = 0, w18 = 0, w19 = 0, - w20 = 0, w21 = 0, w22 = 0, w23 = 0, w24 = 0, w25 = 0, w26 = 0, w27 = 0, w28 = 0, w29 = 0, - w30 = 0, w31 = 0, w32 = 0, w33 = 0, w34 = 0, w35 = 0, w36 = 0, w37 = 0, w38 = 0, w39 = 0, - w40 = 0, w41 = 0, w42 = 0, w43 = 0, w44 = 0, w45 = 0, w46 = 0, w47 = 0, w48 = 0, w49 = 0, - w50 = 0, w51 = 0, w52 = 0, w53 = 0, w54 = 0, w55 = 0, w56 = 0, w57 = 0, w58 = 0, w59 = 0, - w60 = 0, w61 = 0, w62 = 0, w63 = 0, w64 = 0, w65 = 0, w66 = 0, w67 = 0, w68 = 0, w69 = 0, - w70 = 0, w71 = 0, w72 = 0, w73 = 0, w74 = 0, w75 = 0, w76 = 0, w77 = 0, w78 = 0, w79 = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - - // 0 - t = ( w0 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 1 - t = ( w1 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 2 - t = ( w2 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 3 - t = ( w3 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 4 - t = ( w4 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 5 - t = ( w5 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 6 - t = ( w6 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 7 - t = ( w7 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 8 - t = ( w8 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 9 - t = ( w9 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 10 - t = ( w10 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 11 - t = ( w11 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 12 - t = ( w12 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 13 - t = ( w13 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 14 - t = ( w14 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 15 - t = ( w15 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 16 - n = w13 ^ w8 ^ w2 ^ w0; - w16 = (n << 1) | (n >>> 31); - t = (w16 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 17 - n = w14 ^ w9 ^ w3 ^ w1; - w17 = (n << 1) | (n >>> 31); - t = (w17 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 18 - n = w15 ^ w10 ^ w4 ^ w2; - w18 = (n << 1) | (n >>> 31); - t = (w18 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 19 - n = w16 ^ w11 ^ w5 ^ w3; - w19 = (n << 1) | (n >>> 31); - t = (w19 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (~b & d)) + 0x5a827999 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 20 - n = w17 ^ w12 ^ w6 ^ w4; - w20 = (n << 1) | (n >>> 31); - t = (w20 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 21 - n = w18 ^ w13 ^ w7 ^ w5; - w21 = (n << 1) | (n >>> 31); - t = (w21 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 22 - n = w19 ^ w14 ^ w8 ^ w6; - w22 = (n << 1) | (n >>> 31); - t = (w22 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 23 - n = w20 ^ w15 ^ w9 ^ w7; - w23 = (n << 1) | (n >>> 31); - t = (w23 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 24 - n = w21 ^ w16 ^ w10 ^ w8; - w24 = (n << 1) | (n >>> 31); - t = (w24 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 25 - n = w22 ^ w17 ^ w11 ^ w9; - w25 = (n << 1) | (n >>> 31); - t = (w25 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 26 - n = w23 ^ w18 ^ w12 ^ w10; - w26 = (n << 1) | (n >>> 31); - t = (w26 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 27 - n = w24 ^ w19 ^ w13 ^ w11; - w27 = (n << 1) | (n >>> 31); - t = (w27 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 28 - n = w25 ^ w20 ^ w14 ^ w12; - w28 = (n << 1) | (n >>> 31); - t = (w28 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 29 - n = w26 ^ w21 ^ w15 ^ w13; - w29 = (n << 1) | (n >>> 31); - t = (w29 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 30 - n = w27 ^ w22 ^ w16 ^ w14; - w30 = (n << 1) | (n >>> 31); - t = (w30 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 31 - n = w28 ^ w23 ^ w17 ^ w15; - w31 = (n << 1) | (n >>> 31); - t = (w31 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 32 - n = w29 ^ w24 ^ w18 ^ w16; - w32 = (n << 1) | (n >>> 31); - t = (w32 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 33 - n = w30 ^ w25 ^ w19 ^ w17; - w33 = (n << 1) | (n >>> 31); - t = (w33 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 34 - n = w31 ^ w26 ^ w20 ^ w18; - w34 = (n << 1) | (n >>> 31); - t = (w34 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 35 - n = w32 ^ w27 ^ w21 ^ w19; - w35 = (n << 1) | (n >>> 31); - t = (w35 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 36 - n = w33 ^ w28 ^ w22 ^ w20; - w36 = (n << 1) | (n >>> 31); - t = (w36 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 37 - n = w34 ^ w29 ^ w23 ^ w21; - w37 = (n << 1) | (n >>> 31); - t = (w37 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 38 - n = w35 ^ w30 ^ w24 ^ w22; - w38 = (n << 1) | (n >>> 31); - t = (w38 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 39 - n = w36 ^ w31 ^ w25 ^ w23; - w39 = (n << 1) | (n >>> 31); - t = (w39 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) + 0x6ed9eba1 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 40 - n = w37 ^ w32 ^ w26 ^ w24; - w40 = (n << 1) | (n >>> 31); - t = (w40 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 41 - n = w38 ^ w33 ^ w27 ^ w25; - w41 = (n << 1) | (n >>> 31); - t = (w41 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 42 - n = w39 ^ w34 ^ w28 ^ w26; - w42 = (n << 1) | (n >>> 31); - t = (w42 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 43 - n = w40 ^ w35 ^ w29 ^ w27; - w43 = (n << 1) | (n >>> 31); - t = (w43 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 44 - n = w41 ^ w36 ^ w30 ^ w28; - w44 = (n << 1) | (n >>> 31); - t = (w44 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 45 - n = w42 ^ w37 ^ w31 ^ w29; - w45 = (n << 1) | (n >>> 31); - t = (w45 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 46 - n = w43 ^ w38 ^ w32 ^ w30; - w46 = (n << 1) | (n >>> 31); - t = (w46 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 47 - n = w44 ^ w39 ^ w33 ^ w31; - w47 = (n << 1) | (n >>> 31); - t = (w47 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 48 - n = w45 ^ w40 ^ w34 ^ w32; - w48 = (n << 1) | (n >>> 31); - t = (w48 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 49 - n = w46 ^ w41 ^ w35 ^ w33; - w49 = (n << 1) | (n >>> 31); - t = (w49 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 50 - n = w47 ^ w42 ^ w36 ^ w34; - w50 = (n << 1) | (n >>> 31); - t = (w50 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 51 - n = w48 ^ w43 ^ w37 ^ w35; - w51 = (n << 1) | (n >>> 31); - t = (w51 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 52 - n = w49 ^ w44 ^ w38 ^ w36; - w52 = (n << 1) | (n >>> 31); - t = (w52 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 53 - n = w50 ^ w45 ^ w39 ^ w37; - w53 = (n << 1) | (n >>> 31); - t = (w53 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 54 - n = w51 ^ w46 ^ w40 ^ w38; - w54 = (n << 1) | (n >>> 31); - t = (w54 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 55 - n = w52 ^ w47 ^ w41 ^ w39; - w55 = (n << 1) | (n >>> 31); - t = (w55 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 56 - n = w53 ^ w48 ^ w42 ^ w40; - w56 = (n << 1) | (n >>> 31); - t = (w56 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 57 - n = w54 ^ w49 ^ w43 ^ w41; - w57 = (n << 1) | (n >>> 31); - t = (w57 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 58 - n = w55 ^ w50 ^ w44 ^ w42; - w58 = (n << 1) | (n >>> 31); - t = (w58 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 59 - n = w56 ^ w51 ^ w45 ^ w43; - w59 = (n << 1) | (n >>> 31); - t = (w59 + ((a << 5) | (a >>> 27)) + e + ((b & c) | (b & d) | (c & d)) - 0x70e44324 )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 60 - n = w57 ^ w52 ^ w46 ^ w44; - w60 = (n << 1) | (n >>> 31); - t = (w60 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 61 - n = w58 ^ w53 ^ w47 ^ w45; - w61 = (n << 1) | (n >>> 31); - t = (w61 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 62 - n = w59 ^ w54 ^ w48 ^ w46; - w62 = (n << 1) | (n >>> 31); - t = (w62 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 63 - n = w60 ^ w55 ^ w49 ^ w47; - w63 = (n << 1) | (n >>> 31); - t = (w63 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 64 - n = w61 ^ w56 ^ w50 ^ w48; - w64 = (n << 1) | (n >>> 31); - t = (w64 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 65 - n = w62 ^ w57 ^ w51 ^ w49; - w65 = (n << 1) | (n >>> 31); - t = (w65 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 66 - n = w63 ^ w58 ^ w52 ^ w50; - w66 = (n << 1) | (n >>> 31); - t = (w66 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 67 - n = w64 ^ w59 ^ w53 ^ w51; - w67 = (n << 1) | (n >>> 31); - t = (w67 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 68 - n = w65 ^ w60 ^ w54 ^ w52; - w68 = (n << 1) | (n >>> 31); - t = (w68 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 69 - n = w66 ^ w61 ^ w55 ^ w53; - w69 = (n << 1) | (n >>> 31); - t = (w69 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 70 - n = w67 ^ w62 ^ w56 ^ w54; - w70 = (n << 1) | (n >>> 31); - t = (w70 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 71 - n = w68 ^ w63 ^ w57 ^ w55; - w71 = (n << 1) | (n >>> 31); - t = (w71 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 72 - n = w69 ^ w64 ^ w58 ^ w56; - w72 = (n << 1) | (n >>> 31); - t = (w72 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 73 - n = w70 ^ w65 ^ w59 ^ w57; - w73 = (n << 1) | (n >>> 31); - t = (w73 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 74 - n = w71 ^ w66 ^ w60 ^ w58; - w74 = (n << 1) | (n >>> 31); - t = (w74 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 75 - n = w72 ^ w67 ^ w61 ^ w59; - w75 = (n << 1) | (n >>> 31); - t = (w75 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 76 - n = w73 ^ w68 ^ w62 ^ w60; - w76 = (n << 1) | (n >>> 31); - t = (w76 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 77 - n = w74 ^ w69 ^ w63 ^ w61; - w77 = (n << 1) | (n >>> 31); - t = (w77 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 78 - n = w75 ^ w70 ^ w64 ^ w62; - w78 = (n << 1) | (n >>> 31); - t = (w78 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - // 79 - n = w76 ^ w71 ^ w65 ^ w63; - w79 = (n << 1) | (n >>> 31); - t = (w79 + ((a << 5) | (a >>> 27)) + e + (b ^ c ^ d) - 0x359d3e2a )|0; - e = d; d = c; c = (b << 30) | (b >>> 2); b = a; a = t; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } - - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - } - - function reset () { - H0 = 0x67452301; - H1 = 0xefcdab89; - H2 = 0x98badcfe; - H3 = 0x10325476; - H4 = 0xc3d2e1f0; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } - - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if ( offset & 63 ) - return -1; - if ( ~output ) - if ( output & 31 ) - return -1; +const _1n$a = BigInt(1); - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; +/** + * ElGamal Encryption function + * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) + * @param {Uint8Array} data - To be padded and encrypted + * @param {Uint8Array} p + * @param {Uint8Array} g + * @param {Uint8Array} y + * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} + * @async + */ +async function encrypt$3(data, p, g, y) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } + const padded = emeEncode(data, byteLength(p)); + const m = uint8ArrayToBigInt(padded); - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = (TOTAL1 + 1)|0; + // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* + // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] + const k = getRandomBigInteger(_1n$a, p - _1n$a); + return { + c1: bigIntToUint8Array(modExp(g, k, p)), + c2: bigIntToUint8Array(mod$2(modExp(y, k, p) * m, p)) + }; +} - HEAP[offset|length] = 0x80; +/** + * ElGamal Encryption function + * @param {Uint8Array} c1 + * @param {Uint8Array} c2 + * @param {Uint8Array} p + * @param {Uint8Array} x + * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing + * (needed for constant-time processing) + * @returns {Promise} Unpadded message. + * @throws {Error} on decryption error, unless `randomPayload` is given + * @async + */ +async function decrypt$3(c1, c2, p, x, randomPayload) { + c1 = uint8ArrayToBigInt(c1); + c2 = uint8ArrayToBigInt(c2); + p = uint8ArrayToBigInt(p); + x = uint8ArrayToBigInt(x); - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - _core_heap(offset); + const padded = mod$2(modInv(modExp(c1, x, p), p) * c2, p); + return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload); +} - length = 0; +/** + * Validate ElGamal parameters + * @param {Uint8Array} p - ElGamal prime + * @param {Uint8Array} g - ElGamal group generator + * @param {Uint8Array} y - ElGamal public key + * @param {Uint8Array} x - ElGamal private exponent + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$8(p, g, y, x) { + p = uint8ArrayToBigInt(p); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - HEAP[offset|0] = 0; - } + // Check that 1 < g < p + if (g <= _1n$a || g >= p) { + return false; + } - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; + // Expect p-1 to be large + const pSize = BigInt(bitLength(p)); + const _1023n = BigInt(1023); + if (pSize < _1023n) { + return false; + } - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; + /** + * g should have order p-1 + * Check that g ** (p-1) = 1 mod p + */ + if (modExp(g, p - _1n$a, p) !== _1n$a) { + return false; + } - TOTAL0 = 64; - TOTAL1 = 0; + /** + * Since p-1 is not prime, g might have a smaller order that divides p-1 + * We want to make sure that the order is large enough to hinder a small subgroup attack + * + * We just check g**i != 1 for all i up to a threshold + */ + let res = g; + let i = BigInt(1); + const _2n = BigInt(2); + const threshold = _2n << BigInt(17); // we want order > threshold + while (i < threshold) { + res = mod$2(res * g, p); + if (res === _1n$a) { + return false; } + i++; + } - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{r(p-1) + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const r = getRandomBigInteger(_2n << (pSize - _1n$a), _2n << pSize); // draw r of same size as p-1 + const rqx = (p - _1n$a) * r + x; + if (y !== modExp(g, rqx, p)) { + return false; + } - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); + return true; +} - if ( ~output ) - _state_to_heap(output); +var elgamal = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$3, + encrypt: encrypt$3, + validateParams: validateParams$8 +}); - return hashed|0; - } +// declare const globalThis: Record | undefined; +const crypto$3 = + typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; +const nacl = {}; - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; +// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. +// Public domain. +// +// Implementation derived from TweetNaCl version 20140427. +// See for details: http://tweetnacl.cr.yp.to/ - if ( offset & 63 ) - return -1; +var gf = function(init) { + var i, r = new Float64Array(16); + if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; + return r; +}; - if ( ~output ) - if ( output & 31 ) - return -1; +// Pluggable, initialized in high-level API below. +var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; +var _9 = new Uint8Array(32); _9[0] = 9; - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4; - count = (count-1)|0; +var gf0 = gf(), + gf1 = gf([1]), + _121665 = gf([0xdb41, 1]), + D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), + D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), + X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), + Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), + I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; +function ts64(x, i, h, l) { + x[i] = (h >> 24) & 0xff; + x[i+1] = (h >> 16) & 0xff; + x[i+2] = (h >> 8) & 0xff; + x[i+3] = h & 0xff; + x[i+4] = (l >> 24) & 0xff; + x[i+5] = (l >> 16) & 0xff; + x[i+6] = (l >> 8) & 0xff; + x[i+7] = l & 0xff; +} - _hmac_opad(); - _core( t0, t1, t2, t3, t4, 0x80000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 672 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4; +function vn(x, xi, y, yi, n) { + var i,d = 0; + for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; + return (1 & ((d - 1) >>> 8)) - 1; +} - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; +function crypto_verify_32(x, xi, y, yi) { + return vn(x,xi,y,yi,32); +} - count = (count-1)|0; - } +function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) r[i] = a[i]|0; +} - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; +function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; i++) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c-1 + 37 * (c-1); +} - if ( ~output ) - _state_to_heap(output); +function sel25519(p, q, b) { + var t, c = ~(b-1); + for (var i = 0; i < 16; i++) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; + } +} - return 0; +function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; i++) t[i] = n[i]; + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; j++) { + m[0] = t[0] - 0xffed; + for (i = 1; i < 15; i++) { + m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); + m[i-1] &= 0xffff; } + m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); + b = (m[15]>>16) & 1; + m[14] &= 0xffff; + sel25519(t, m, 1-b); + } + for (i = 0; i < 16; i++) { + o[2*i] = t[i] & 0xff; + o[2*i+1] = t[i]>>8; + } +} - return { - // SHA1 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA1 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA1 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; +function neq25519(a, b) { + var c = new Uint8Array(32), d = new Uint8Array(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); +} -class Hash { - constructor() { - this.pos = 0; - this.len = 0; - } - reset() { - const { asm } = this.acquire_asm(); - this.result = null; - this.pos = 0; - this.len = 0; - asm.reset(); - return this; - } - process(data) { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - let hpos = this.pos; - let hlen = this.len; - let dpos = 0; - let dlen = data.length; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, hpos + hlen, data, dpos, dlen); - hlen += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.process(hpos, hlen); - hpos += wlen; - hlen -= wlen; - if (!hlen) - hpos = 0; - } - this.pos = hpos; - this.len = hlen; - return this; - } - finish() { - if (this.result !== null) - throw new IllegalStateError('state must be reset before processing new data'); - const { asm, heap } = this.acquire_asm(); - asm.finish(this.pos, this.len, 0); - this.result = new Uint8Array(this.HASH_SIZE); - this.result.set(heap.subarray(0, this.HASH_SIZE)); - this.pos = 0; - this.len = 0; - this.release_asm(); - return this; - } +function par25519(a) { + var d = new Uint8Array(32); + pack25519(d, a); + return d[0] & 1; } -const _sha1_block_size = 64; -const _sha1_hash_size = 20; -const heap_pool$1 = []; -const asm_pool$1 = []; -class Sha1 extends Hash { - constructor() { - super(); - this.NAME = 'sha1'; - this.BLOCK_SIZE = _sha1_block_size; - this.HASH_SIZE = _sha1_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$1.pop() || _heap_init(); - this.asm = asm_pool$1.pop() || sha1_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$1.push(this.heap); - asm_pool$1.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha1().process(data).finish().result; - } -} -Sha1.NAME = 'sha1'; -Sha1.heap_pool = []; -Sha1.asm_pool = []; -Sha1.asm_function = sha1_asm; - -var sha256_asm = function ( stdlib, foreign, buffer ) { - "use asm"; - - // SHA256 state - var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, - TOTAL0 = 0, TOTAL1 = 0; - - // HMAC state - var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, - O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0; - - // I/O buffer - var HEAP = new stdlib.Uint8Array(buffer); - - function _core ( w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15 ) { - w0 = w0|0; - w1 = w1|0; - w2 = w2|0; - w3 = w3|0; - w4 = w4|0; - w5 = w5|0; - w6 = w6|0; - w7 = w7|0; - w8 = w8|0; - w9 = w9|0; - w10 = w10|0; - w11 = w11|0; - w12 = w12|0; - w13 = w13|0; - w14 = w14|0; - w15 = w15|0; - - var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0; - - a = H0; - b = H1; - c = H2; - d = H3; - e = H4; - f = H5; - g = H6; - h = H7; - - // 0 - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x428a2f98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 1 - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x71374491 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 2 - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb5c0fbcf )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 3 - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xe9b5dba5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 4 - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x3956c25b )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 5 - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x59f111f1 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 6 - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x923f82a4 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 7 - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xab1c5ed5 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 8 - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xd807aa98 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 9 - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x12835b01 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 10 - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x243185be )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 11 - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x550c7dc3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 12 - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x72be5d74 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 13 - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x80deb1fe )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 14 - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x9bdc06a7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 15 - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc19bf174 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 16 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xe49b69c1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 17 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xefbe4786 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 18 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x0fc19dc6 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 19 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x240ca1cc )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 20 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x2de92c6f )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 21 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4a7484aa )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 22 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5cb0a9dc )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 23 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x76f988da )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 24 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x983e5152 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 25 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa831c66d )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 26 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xb00327c8 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 27 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xbf597fc7 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 28 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xc6e00bf3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 29 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd5a79147 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 30 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x06ca6351 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 31 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x14292967 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 32 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x27b70a85 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 33 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x2e1b2138 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 34 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x4d2c6dfc )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 35 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x53380d13 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 36 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x650a7354 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 37 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x766a0abb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 38 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x81c2c92e )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 39 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x92722c85 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 40 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0xa2bfe8a1 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 41 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0xa81a664b )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 42 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0xc24b8b70 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 43 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0xc76c51a3 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 44 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0xd192e819 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 45 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xd6990624 )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 46 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xf40e3585 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 47 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x106aa070 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 48 - w0 = ( ( w1>>>7 ^ w1>>>18 ^ w1>>>3 ^ w1<<25 ^ w1<<14 ) + ( w14>>>17 ^ w14>>>19 ^ w14>>>10 ^ w14<<15 ^ w14<<13 ) + w0 + w9 )|0; - h = ( w0 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x19a4c116 )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 49 - w1 = ( ( w2>>>7 ^ w2>>>18 ^ w2>>>3 ^ w2<<25 ^ w2<<14 ) + ( w15>>>17 ^ w15>>>19 ^ w15>>>10 ^ w15<<15 ^ w15<<13 ) + w1 + w10 )|0; - g = ( w1 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x1e376c08 )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 50 - w2 = ( ( w3>>>7 ^ w3>>>18 ^ w3>>>3 ^ w3<<25 ^ w3<<14 ) + ( w0>>>17 ^ w0>>>19 ^ w0>>>10 ^ w0<<15 ^ w0<<13 ) + w2 + w11 )|0; - f = ( w2 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x2748774c )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 51 - w3 = ( ( w4>>>7 ^ w4>>>18 ^ w4>>>3 ^ w4<<25 ^ w4<<14 ) + ( w1>>>17 ^ w1>>>19 ^ w1>>>10 ^ w1<<15 ^ w1<<13 ) + w3 + w12 )|0; - e = ( w3 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x34b0bcb5 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 52 - w4 = ( ( w5>>>7 ^ w5>>>18 ^ w5>>>3 ^ w5<<25 ^ w5<<14 ) + ( w2>>>17 ^ w2>>>19 ^ w2>>>10 ^ w2<<15 ^ w2<<13 ) + w4 + w13 )|0; - d = ( w4 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x391c0cb3 )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 53 - w5 = ( ( w6>>>7 ^ w6>>>18 ^ w6>>>3 ^ w6<<25 ^ w6<<14 ) + ( w3>>>17 ^ w3>>>19 ^ w3>>>10 ^ w3<<15 ^ w3<<13 ) + w5 + w14 )|0; - c = ( w5 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0x4ed8aa4a )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 54 - w6 = ( ( w7>>>7 ^ w7>>>18 ^ w7>>>3 ^ w7<<25 ^ w7<<14 ) + ( w4>>>17 ^ w4>>>19 ^ w4>>>10 ^ w4<<15 ^ w4<<13 ) + w6 + w15 )|0; - b = ( w6 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0x5b9cca4f )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 55 - w7 = ( ( w8>>>7 ^ w8>>>18 ^ w8>>>3 ^ w8<<25 ^ w8<<14 ) + ( w5>>>17 ^ w5>>>19 ^ w5>>>10 ^ w5<<15 ^ w5<<13 ) + w7 + w0 )|0; - a = ( w7 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0x682e6ff3 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - // 56 - w8 = ( ( w9>>>7 ^ w9>>>18 ^ w9>>>3 ^ w9<<25 ^ w9<<14 ) + ( w6>>>17 ^ w6>>>19 ^ w6>>>10 ^ w6<<15 ^ w6<<13 ) + w8 + w1 )|0; - h = ( w8 + h + ( e>>>6 ^ e>>>11 ^ e>>>25 ^ e<<26 ^ e<<21 ^ e<<7 ) + ( g ^ e & (f^g) ) + 0x748f82ee )|0; - d = ( d + h )|0; - h = ( h + ( (a & b) ^ ( c & (a ^ b) ) ) + ( a>>>2 ^ a>>>13 ^ a>>>22 ^ a<<30 ^ a<<19 ^ a<<10 ) )|0; - - // 57 - w9 = ( ( w10>>>7 ^ w10>>>18 ^ w10>>>3 ^ w10<<25 ^ w10<<14 ) + ( w7>>>17 ^ w7>>>19 ^ w7>>>10 ^ w7<<15 ^ w7<<13 ) + w9 + w2 )|0; - g = ( w9 + g + ( d>>>6 ^ d>>>11 ^ d>>>25 ^ d<<26 ^ d<<21 ^ d<<7 ) + ( f ^ d & (e^f) ) + 0x78a5636f )|0; - c = ( c + g )|0; - g = ( g + ( (h & a) ^ ( b & (h ^ a) ) ) + ( h>>>2 ^ h>>>13 ^ h>>>22 ^ h<<30 ^ h<<19 ^ h<<10 ) )|0; - - // 58 - w10 = ( ( w11>>>7 ^ w11>>>18 ^ w11>>>3 ^ w11<<25 ^ w11<<14 ) + ( w8>>>17 ^ w8>>>19 ^ w8>>>10 ^ w8<<15 ^ w8<<13 ) + w10 + w3 )|0; - f = ( w10 + f + ( c>>>6 ^ c>>>11 ^ c>>>25 ^ c<<26 ^ c<<21 ^ c<<7 ) + ( e ^ c & (d^e) ) + 0x84c87814 )|0; - b = ( b + f )|0; - f = ( f + ( (g & h) ^ ( a & (g ^ h) ) ) + ( g>>>2 ^ g>>>13 ^ g>>>22 ^ g<<30 ^ g<<19 ^ g<<10 ) )|0; - - // 59 - w11 = ( ( w12>>>7 ^ w12>>>18 ^ w12>>>3 ^ w12<<25 ^ w12<<14 ) + ( w9>>>17 ^ w9>>>19 ^ w9>>>10 ^ w9<<15 ^ w9<<13 ) + w11 + w4 )|0; - e = ( w11 + e + ( b>>>6 ^ b>>>11 ^ b>>>25 ^ b<<26 ^ b<<21 ^ b<<7 ) + ( d ^ b & (c^d) ) + 0x8cc70208 )|0; - a = ( a + e )|0; - e = ( e + ( (f & g) ^ ( h & (f ^ g) ) ) + ( f>>>2 ^ f>>>13 ^ f>>>22 ^ f<<30 ^ f<<19 ^ f<<10 ) )|0; - - // 60 - w12 = ( ( w13>>>7 ^ w13>>>18 ^ w13>>>3 ^ w13<<25 ^ w13<<14 ) + ( w10>>>17 ^ w10>>>19 ^ w10>>>10 ^ w10<<15 ^ w10<<13 ) + w12 + w5 )|0; - d = ( w12 + d + ( a>>>6 ^ a>>>11 ^ a>>>25 ^ a<<26 ^ a<<21 ^ a<<7 ) + ( c ^ a & (b^c) ) + 0x90befffa )|0; - h = ( h + d )|0; - d = ( d + ( (e & f) ^ ( g & (e ^ f) ) ) + ( e>>>2 ^ e>>>13 ^ e>>>22 ^ e<<30 ^ e<<19 ^ e<<10 ) )|0; - - // 61 - w13 = ( ( w14>>>7 ^ w14>>>18 ^ w14>>>3 ^ w14<<25 ^ w14<<14 ) + ( w11>>>17 ^ w11>>>19 ^ w11>>>10 ^ w11<<15 ^ w11<<13 ) + w13 + w6 )|0; - c = ( w13 + c + ( h>>>6 ^ h>>>11 ^ h>>>25 ^ h<<26 ^ h<<21 ^ h<<7 ) + ( b ^ h & (a^b) ) + 0xa4506ceb )|0; - g = ( g + c )|0; - c = ( c + ( (d & e) ^ ( f & (d ^ e) ) ) + ( d>>>2 ^ d>>>13 ^ d>>>22 ^ d<<30 ^ d<<19 ^ d<<10 ) )|0; - - // 62 - w14 = ( ( w15>>>7 ^ w15>>>18 ^ w15>>>3 ^ w15<<25 ^ w15<<14 ) + ( w12>>>17 ^ w12>>>19 ^ w12>>>10 ^ w12<<15 ^ w12<<13 ) + w14 + w7 )|0; - b = ( w14 + b + ( g>>>6 ^ g>>>11 ^ g>>>25 ^ g<<26 ^ g<<21 ^ g<<7 ) + ( a ^ g & (h^a) ) + 0xbef9a3f7 )|0; - f = ( f + b )|0; - b = ( b + ( (c & d) ^ ( e & (c ^ d) ) ) + ( c>>>2 ^ c>>>13 ^ c>>>22 ^ c<<30 ^ c<<19 ^ c<<10 ) )|0; - - // 63 - w15 = ( ( w0>>>7 ^ w0>>>18 ^ w0>>>3 ^ w0<<25 ^ w0<<14 ) + ( w13>>>17 ^ w13>>>19 ^ w13>>>10 ^ w13<<15 ^ w13<<13 ) + w15 + w8 )|0; - a = ( w15 + a + ( f>>>6 ^ f>>>11 ^ f>>>25 ^ f<<26 ^ f<<21 ^ f<<7 ) + ( h ^ f & (g^h) ) + 0xc67178f2 )|0; - e = ( e + a )|0; - a = ( a + ( (b & c) ^ ( d & (b ^ c) ) ) + ( b>>>2 ^ b>>>13 ^ b>>>22 ^ b<<30 ^ b<<19 ^ b<<10 ) )|0; - - H0 = ( H0 + a )|0; - H1 = ( H1 + b )|0; - H2 = ( H2 + c )|0; - H3 = ( H3 + d )|0; - H4 = ( H4 + e )|0; - H5 = ( H5 + f )|0; - H6 = ( H6 + g )|0; - H7 = ( H7 + h )|0; - } - - function _core_heap ( offset ) { - offset = offset|0; - - _core( - HEAP[offset|0]<<24 | HEAP[offset|1]<<16 | HEAP[offset|2]<<8 | HEAP[offset|3], - HEAP[offset|4]<<24 | HEAP[offset|5]<<16 | HEAP[offset|6]<<8 | HEAP[offset|7], - HEAP[offset|8]<<24 | HEAP[offset|9]<<16 | HEAP[offset|10]<<8 | HEAP[offset|11], - HEAP[offset|12]<<24 | HEAP[offset|13]<<16 | HEAP[offset|14]<<8 | HEAP[offset|15], - HEAP[offset|16]<<24 | HEAP[offset|17]<<16 | HEAP[offset|18]<<8 | HEAP[offset|19], - HEAP[offset|20]<<24 | HEAP[offset|21]<<16 | HEAP[offset|22]<<8 | HEAP[offset|23], - HEAP[offset|24]<<24 | HEAP[offset|25]<<16 | HEAP[offset|26]<<8 | HEAP[offset|27], - HEAP[offset|28]<<24 | HEAP[offset|29]<<16 | HEAP[offset|30]<<8 | HEAP[offset|31], - HEAP[offset|32]<<24 | HEAP[offset|33]<<16 | HEAP[offset|34]<<8 | HEAP[offset|35], - HEAP[offset|36]<<24 | HEAP[offset|37]<<16 | HEAP[offset|38]<<8 | HEAP[offset|39], - HEAP[offset|40]<<24 | HEAP[offset|41]<<16 | HEAP[offset|42]<<8 | HEAP[offset|43], - HEAP[offset|44]<<24 | HEAP[offset|45]<<16 | HEAP[offset|46]<<8 | HEAP[offset|47], - HEAP[offset|48]<<24 | HEAP[offset|49]<<16 | HEAP[offset|50]<<8 | HEAP[offset|51], - HEAP[offset|52]<<24 | HEAP[offset|53]<<16 | HEAP[offset|54]<<8 | HEAP[offset|55], - HEAP[offset|56]<<24 | HEAP[offset|57]<<16 | HEAP[offset|58]<<8 | HEAP[offset|59], - HEAP[offset|60]<<24 | HEAP[offset|61]<<16 | HEAP[offset|62]<<8 | HEAP[offset|63] - ); - } +function unpack25519(o, n) { + var i; + for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); + o[15] &= 0x7fff; +} - // offset — multiple of 32 - function _state_to_heap ( output ) { - output = output|0; - - HEAP[output|0] = H0>>>24; - HEAP[output|1] = H0>>>16&255; - HEAP[output|2] = H0>>>8&255; - HEAP[output|3] = H0&255; - HEAP[output|4] = H1>>>24; - HEAP[output|5] = H1>>>16&255; - HEAP[output|6] = H1>>>8&255; - HEAP[output|7] = H1&255; - HEAP[output|8] = H2>>>24; - HEAP[output|9] = H2>>>16&255; - HEAP[output|10] = H2>>>8&255; - HEAP[output|11] = H2&255; - HEAP[output|12] = H3>>>24; - HEAP[output|13] = H3>>>16&255; - HEAP[output|14] = H3>>>8&255; - HEAP[output|15] = H3&255; - HEAP[output|16] = H4>>>24; - HEAP[output|17] = H4>>>16&255; - HEAP[output|18] = H4>>>8&255; - HEAP[output|19] = H4&255; - HEAP[output|20] = H5>>>24; - HEAP[output|21] = H5>>>16&255; - HEAP[output|22] = H5>>>8&255; - HEAP[output|23] = H5&255; - HEAP[output|24] = H6>>>24; - HEAP[output|25] = H6>>>16&255; - HEAP[output|26] = H6>>>8&255; - HEAP[output|27] = H6&255; - HEAP[output|28] = H7>>>24; - HEAP[output|29] = H7>>>16&255; - HEAP[output|30] = H7>>>8&255; - HEAP[output|31] = H7&255; - } - - function reset () { - H0 = 0x6a09e667; - H1 = 0xbb67ae85; - H2 = 0x3c6ef372; - H3 = 0xa54ff53a; - H4 = 0x510e527f; - H5 = 0x9b05688c; - H6 = 0x1f83d9ab; - H7 = 0x5be0cd19; - TOTAL0 = TOTAL1 = 0; - } - - function init ( h0, h1, h2, h3, h4, h5, h6, h7, total0, total1 ) { - h0 = h0|0; - h1 = h1|0; - h2 = h2|0; - h3 = h3|0; - h4 = h4|0; - h5 = h5|0; - h6 = h6|0; - h7 = h7|0; - total0 = total0|0; - total1 = total1|0; - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - TOTAL0 = total0; - TOTAL1 = total1; - } - - // offset — multiple of 64 - function process ( offset, length ) { - offset = offset|0; - length = length|0; - - var hashed = 0; - - if ( offset & 63 ) - return -1; - - while ( (length|0) >= 64 ) { - _core_heap(offset); - - offset = ( offset + 64 )|0; - length = ( length - 64 )|0; - - hashed = ( hashed + 64 )|0; - } +function A(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; +} - TOTAL0 = ( TOTAL0 + hashed )|0; - if ( TOTAL0>>>0 < hashed>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; +function Z(o, a, b) { + for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; +} - return hashed|0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var hashed = 0, - i = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - if ( (length|0) >= 64 ) { - hashed = process( offset, length )|0; - if ( (hashed|0) == -1 ) - return -1; - - offset = ( offset + hashed )|0; - length = ( length - hashed )|0; - } - - hashed = ( hashed + length )|0; - TOTAL0 = ( TOTAL0 + length )|0; - if ( TOTAL0>>>0 < length>>>0 ) TOTAL1 = ( TOTAL1 + 1 )|0; - - HEAP[offset|length] = 0x80; - - if ( (length|0) >= 56 ) { - for ( i = (length+1)|0; (i|0) < 64; i = (i+1)|0 ) - HEAP[offset|i] = 0x00; - - _core_heap(offset); - - length = 0; - - HEAP[offset|0] = 0; - } - - for ( i = (length+1)|0; (i|0) < 59; i = (i+1)|0 ) - HEAP[offset|i] = 0; - - HEAP[offset|56] = TOTAL1>>>21&255; - HEAP[offset|57] = TOTAL1>>>13&255; - HEAP[offset|58] = TOTAL1>>>5&255; - HEAP[offset|59] = TOTAL1<<3&255 | TOTAL0>>>29; - HEAP[offset|60] = TOTAL0>>>21&255; - HEAP[offset|61] = TOTAL0>>>13&255; - HEAP[offset|62] = TOTAL0>>>5&255; - HEAP[offset|63] = TOTAL0<<3&255; - _core_heap(offset); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - function hmac_reset () { - H0 = I0; - H1 = I1; - H2 = I2; - H3 = I3; - H4 = I4; - H5 = I5; - H6 = I6; - H7 = I7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function _hmac_opad () { - H0 = O0; - H1 = O1; - H2 = O2; - H3 = O3; - H4 = O4; - H5 = O5; - H6 = O6; - H7 = O7; - TOTAL0 = 64; - TOTAL1 = 0; - } - - function hmac_init ( p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15 ) { - p0 = p0|0; - p1 = p1|0; - p2 = p2|0; - p3 = p3|0; - p4 = p4|0; - p5 = p5|0; - p6 = p6|0; - p7 = p7|0; - p8 = p8|0; - p9 = p9|0; - p10 = p10|0; - p11 = p11|0; - p12 = p12|0; - p13 = p13|0; - p14 = p14|0; - p15 = p15|0; - - // opad - reset(); - _core( - p0 ^ 0x5c5c5c5c, - p1 ^ 0x5c5c5c5c, - p2 ^ 0x5c5c5c5c, - p3 ^ 0x5c5c5c5c, - p4 ^ 0x5c5c5c5c, - p5 ^ 0x5c5c5c5c, - p6 ^ 0x5c5c5c5c, - p7 ^ 0x5c5c5c5c, - p8 ^ 0x5c5c5c5c, - p9 ^ 0x5c5c5c5c, - p10 ^ 0x5c5c5c5c, - p11 ^ 0x5c5c5c5c, - p12 ^ 0x5c5c5c5c, - p13 ^ 0x5c5c5c5c, - p14 ^ 0x5c5c5c5c, - p15 ^ 0x5c5c5c5c - ); - O0 = H0; - O1 = H1; - O2 = H2; - O3 = H3; - O4 = H4; - O5 = H5; - O6 = H6; - O7 = H7; - - // ipad - reset(); - _core( - p0 ^ 0x36363636, - p1 ^ 0x36363636, - p2 ^ 0x36363636, - p3 ^ 0x36363636, - p4 ^ 0x36363636, - p5 ^ 0x36363636, - p6 ^ 0x36363636, - p7 ^ 0x36363636, - p8 ^ 0x36363636, - p9 ^ 0x36363636, - p10 ^ 0x36363636, - p11 ^ 0x36363636, - p12 ^ 0x36363636, - p13 ^ 0x36363636, - p14 ^ 0x36363636, - p15 ^ 0x36363636 - ); - I0 = H0; - I1 = H1; - I2 = H2; - I3 = H3; - I4 = H4; - I5 = H5; - I6 = H6; - I7 = H7; - - TOTAL0 = 64; - TOTAL1 = 0; - } - - // offset — multiple of 64 - // output — multiple of 32 - function hmac_finish ( offset, length, output ) { - offset = offset|0; - length = length|0; - output = output|0; - - var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - hashed = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - hashed = finish( offset, length, -1 )|0; - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - - if ( ~output ) - _state_to_heap(output); - - return hashed|0; - } - - // salt is assumed to be already processed - // offset — multiple of 64 - // output — multiple of 32 - function pbkdf2_generate_block ( offset, length, block, count, output ) { - offset = offset|0; - length = length|0; - block = block|0; - count = count|0; - output = output|0; - - var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0; - - if ( offset & 63 ) - return -1; - - if ( ~output ) - if ( output & 31 ) - return -1; - - // pad block number into heap - // FIXME probable OOB write - HEAP[(offset+length)|0] = block>>>24; - HEAP[(offset+length+1)|0] = block>>>16&255; - HEAP[(offset+length+2)|0] = block>>>8&255; - HEAP[(offset+length+3)|0] = block&255; - - // finish first iteration - hmac_finish( offset, (length+4)|0, -1 )|0; - h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5, h6 = t6 = H6, h7 = t7 = H7; - count = (count-1)|0; - - // perform the rest iterations - while ( (count|0) > 0 ) { - hmac_reset(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - _hmac_opad(); - _core( t0, t1, t2, t3, t4, t5, t6, t7, 0x80000000, 0, 0, 0, 0, 0, 0, 768 ); - t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7; - - h0 = h0 ^ H0; - h1 = h1 ^ H1; - h2 = h2 ^ H2; - h3 = h3 ^ H3; - h4 = h4 ^ H4; - h5 = h5 ^ H5; - h6 = h6 ^ H6; - h7 = h7 ^ H7; - - count = (count-1)|0; - } - - H0 = h0; - H1 = h1; - H2 = h2; - H3 = h3; - H4 = h4; - H5 = h5; - H6 = h6; - H7 = h7; - - if ( ~output ) - _state_to_heap(output); - - return 0; - } - - return { - // SHA256 - reset: reset, - init: init, - process: process, - finish: finish, - - // HMAC-SHA256 - hmac_reset: hmac_reset, - hmac_init: hmac_init, - hmac_finish: hmac_finish, - - // PBKDF2-HMAC-SHA256 - pbkdf2_generate_block: pbkdf2_generate_block - } -}; - -const _sha256_block_size = 64; -const _sha256_hash_size = 32; -const heap_pool$2 = []; -const asm_pool$2 = []; -class Sha256 extends Hash { - constructor() { - super(); - this.NAME = 'sha256'; - this.BLOCK_SIZE = _sha256_block_size; - this.HASH_SIZE = _sha256_hash_size; - this.acquire_asm(); - } - acquire_asm() { - if (this.heap === undefined || this.asm === undefined) { - this.heap = heap_pool$2.pop() || _heap_init(); - this.asm = asm_pool$2.pop() || sha256_asm({ Uint8Array: Uint8Array }, null, this.heap.buffer); - this.reset(); - } - return { heap: this.heap, asm: this.asm }; - } - release_asm() { - if (this.heap !== undefined && this.asm !== undefined) { - heap_pool$2.push(this.heap); - asm_pool$2.push(this.asm); - } - this.heap = undefined; - this.asm = undefined; - } - static bytes(data) { - return new Sha256().process(data).finish().result; - } -} -Sha256.NAME = 'sha256'; - -var minimalisticAssert = assert; - -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} - -assert.equal = function assertEqual(l, r, msg) { - if (l != r) - throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r)); -}; - -var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; - -function createCommonjsModule(fn, module) { - return module = { exports: {} }, fn(module, module.exports), module.exports; -} - -function commonjsRequire () { - throw new Error('Dynamic requires are not currently supported by @rollup/plugin-commonjs'); -} - -var inherits_browser = createCommonjsModule(function (module) { -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; - }; -} -}); - -var inherits_1 = inherits_browser; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; -} -var toArray_1 = toArray; - -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -var toHex_1 = toHex; - -function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; -} -var htonl_1 = htonl; - -function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); - } - return res; -} -var toHex32_1 = toHex32; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -var zero2_1 = zero2; - -function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; -} -var zero8_1 = zero8; - -function join32(msg, start, end, endian) { - var len = end - start; - minimalisticAssert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; - } - return res; -} -var join32_1 = join32; - -function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; - } - } - return res; -} -var split32_1 = split32; - -function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); -} -var rotr32_1 = rotr32; - -function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); -} -var rotl32_1 = rotl32; - -function sum32(a, b) { - return (a + b) >>> 0; -} -var sum32_1 = sum32; - -function sum32_3(a, b, c) { - return (a + b + c) >>> 0; -} -var sum32_3_1 = sum32_3; - -function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; -} -var sum32_4_1 = sum32_4; - -function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; -} -var sum32_5_1 = sum32_5; - -function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; - - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; -} -var sum64_1 = sum64; - -function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; -} -var sum64_hi_1 = sum64_hi; - -function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; -} -var sum64_lo_1 = sum64_lo; - -function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; -} -var sum64_4_hi_1 = sum64_4_hi; - -function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; -} -var sum64_4_lo_1 = sum64_4_lo; - -function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; - - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; -} -var sum64_5_hi_1 = sum64_5_hi; - -function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; - - return lo >>> 0; -} -var sum64_5_lo_1 = sum64_5_lo; - -function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; -} -var rotr64_hi_1 = rotr64_hi; - -function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var rotr64_lo_1 = rotr64_lo; - -function shr64_hi(ah, al, num) { - return ah >>> num; -} -var shr64_hi_1 = shr64_hi; - -function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -} -var shr64_lo_1 = shr64_lo; - -var utils = { - inherits: inherits_1, - toArray: toArray_1, - toHex: toHex_1, - htonl: htonl_1, - toHex32: toHex32_1, - zero2: zero2_1, - zero8: zero8_1, - join32: join32_1, - split32: split32_1, - rotr32: rotr32_1, - rotl32: rotl32_1, - sum32: sum32_1, - sum32_3: sum32_3_1, - sum32_4: sum32_4_1, - sum32_5: sum32_5_1, - sum64: sum64_1, - sum64_hi: sum64_hi_1, - sum64_lo: sum64_lo_1, - sum64_4_hi: sum64_4_hi_1, - sum64_4_lo: sum64_4_lo_1, - sum64_5_hi: sum64_5_hi_1, - sum64_5_lo: sum64_5_lo_1, - rotr64_hi: rotr64_hi_1, - rotr64_lo: rotr64_lo_1, - shr64_hi: shr64_hi_1, - shr64_lo: shr64_lo_1 -}; - -function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; - - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; -} -var BlockHash_1 = BlockHash; - -BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; - - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; - - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; - - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); - } - - return this; -}; - -BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - minimalisticAssert(this.pending === null); - - return this._digest(enc); -}; - -BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; - } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (t = 8; t < this.padLength; t++) - res[i++] = 0; - } - - return res; -}; - -var common = { - BlockHash: BlockHash_1 -}; - -var rotr32$1 = utils.rotr32; - -function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); -} -var ft_1_1 = ft_1; - -function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); -} -var ch32_1 = ch32; - -function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); -} -var maj32_1 = maj32; - -function p32(x, y, z) { - return x ^ y ^ z; -} -var p32_1 = p32; - -function s0_256(x) { - return rotr32$1(x, 2) ^ rotr32$1(x, 13) ^ rotr32$1(x, 22); -} -var s0_256_1 = s0_256; - -function s1_256(x) { - return rotr32$1(x, 6) ^ rotr32$1(x, 11) ^ rotr32$1(x, 25); -} -var s1_256_1 = s1_256; - -function g0_256(x) { - return rotr32$1(x, 7) ^ rotr32$1(x, 18) ^ (x >>> 3); -} -var g0_256_1 = g0_256; - -function g1_256(x) { - return rotr32$1(x, 17) ^ rotr32$1(x, 19) ^ (x >>> 10); -} -var g1_256_1 = g1_256; - -var common$1 = { - ft_1: ft_1_1, - ch32: ch32_1, - maj32: maj32_1, - p32: p32_1, - s0_256: s0_256_1, - s1_256: s1_256_1, - g0_256: g0_256_1, - g1_256: g1_256_1 -}; - -var sum32$1 = utils.sum32; -var sum32_4$1 = utils.sum32_4; -var sum32_5$1 = utils.sum32_5; -var ch32$1 = common$1.ch32; -var maj32$1 = common$1.maj32; -var s0_256$1 = common$1.s0_256; -var s1_256$1 = common$1.s1_256; -var g0_256$1 = common$1.g0_256; -var g1_256$1 = common$1.g1_256; - -var BlockHash$1 = common.BlockHash; - -var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; - -function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); - - BlockHash$1.call(this); - this.h = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 - ]; - this.k = sha256_K; - this.W = new Array(64); -} -utils.inherits(SHA256, BlockHash$1); -var _256 = SHA256; - -SHA256.blockSize = 512; -SHA256.outSize = 256; -SHA256.hmacStrength = 192; -SHA256.padLength = 64; - -SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4$1(g1_256$1(W[i - 2]), W[i - 7], g0_256$1(W[i - 15]), W[i - 16]); - - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; - - minimalisticAssert(this.k.length === W.length); - for (i = 0; i < W.length; i++) { - var T1 = sum32_5$1(h, s1_256$1(e), ch32$1(e, f, g), this.k[i], W[i]); - var T2 = sum32$1(s0_256$1(a), maj32$1(a, b, c)); - h = g; - g = f; - f = e; - e = sum32$1(d, T1); - d = c; - c = b; - b = a; - a = sum32$1(T1, T2); - } - - this.h[0] = sum32$1(this.h[0], a); - this.h[1] = sum32$1(this.h[1], b); - this.h[2] = sum32$1(this.h[2], c); - this.h[3] = sum32$1(this.h[3], d); - this.h[4] = sum32$1(this.h[4], e); - this.h[5] = sum32$1(this.h[5], f); - this.h[6] = sum32$1(this.h[6], g); - this.h[7] = sum32$1(this.h[7], h); -}; - -SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - - _256.call(this); - this.h = [ - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; -} -utils.inherits(SHA224, _256); -var _224 = SHA224; - -SHA224.blockSize = 512; -SHA224.outSize = 224; -SHA224.hmacStrength = 192; -SHA224.padLength = 64; - -SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); -}; - -var rotr64_hi$1 = utils.rotr64_hi; -var rotr64_lo$1 = utils.rotr64_lo; -var shr64_hi$1 = utils.shr64_hi; -var shr64_lo$1 = utils.shr64_lo; -var sum64$1 = utils.sum64; -var sum64_hi$1 = utils.sum64_hi; -var sum64_lo$1 = utils.sum64_lo; -var sum64_4_hi$1 = utils.sum64_4_hi; -var sum64_4_lo$1 = utils.sum64_4_lo; -var sum64_5_hi$1 = utils.sum64_5_hi; -var sum64_5_lo$1 = utils.sum64_5_lo; - -var BlockHash$2 = common.BlockHash; - -var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 -]; - -function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - - BlockHash$2.call(this); - this.h = [ - 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); -} -utils.inherits(SHA512, BlockHash$2); -var _512 = SHA512; - -SHA512.blockSize = 1024; -SHA512.outSize = 512; -SHA512.hmacStrength = 192; -SHA512.padLength = 128; - -SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; - - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - - W[i] = sum64_4_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - } -}; - -SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; - - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; - - minimalisticAssert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; - - var T1_hi = sum64_5_hi$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo$1( - c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - - c0_hi = s0_512_hi(ah, al); - c0_lo = s0_512_lo(ah, al); - c1_hi = maj64_hi(ah, al, bh, bl, ch); - c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); - - var T2_hi = sum64_hi$1(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo$1(c0_hi, c0_lo, c1_hi, c1_lo); - - hh = gh; - hl = gl; - - gh = fh; - gl = fl; - - fh = eh; - fl = el; - - eh = sum64_hi$1(dh, dl, T1_hi, T1_lo); - el = sum64_lo$1(dl, dl, T1_hi, T1_lo); - - dh = ch; - dl = cl; - - ch = bh; - cl = bl; - - bh = ah; - bl = al; - - ah = sum64_hi$1(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo$1(T1_hi, T1_lo, T2_hi, T2_lo); - } - - sum64$1(this.h, 0, ah, al); - sum64$1(this.h, 2, bh, bl); - sum64$1(this.h, 4, ch, cl); - sum64$1(this.h, 6, dh, dl); - sum64$1(this.h, 8, eh, el); - sum64$1(this.h, 10, fh, fl); - sum64$1(this.h, 12, gh, gl); - sum64$1(this.h, 14, hh, hl); -}; - -SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; - -function ch64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_hi(xh, xl, yh, yl, zh) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; -} - -function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 28); - var c1_hi = rotr64_hi$1(xl, xh, 2); // 34 - var c2_hi = rotr64_hi$1(xl, xh, 7); // 39 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 28); - var c1_lo = rotr64_lo$1(xl, xh, 2); // 34 - var c2_lo = rotr64_lo$1(xl, xh, 7); // 39 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 14); - var c1_hi = rotr64_hi$1(xh, xl, 18); - var c2_hi = rotr64_hi$1(xl, xh, 9); // 41 - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 14); - var c1_lo = rotr64_lo$1(xh, xl, 18); - var c2_lo = rotr64_lo$1(xl, xh, 9); // 41 - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 1); - var c1_hi = rotr64_hi$1(xh, xl, 8); - var c2_hi = shr64_hi$1(xh, xl, 7); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 1); - var c1_lo = rotr64_lo$1(xh, xl, 8); - var c2_lo = shr64_lo$1(xh, xl, 7); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi$1(xh, xl, 19); - var c1_hi = rotr64_hi$1(xl, xh, 29); // 61 - var c2_hi = shr64_hi$1(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} - -function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo$1(xh, xl, 19); - var c1_lo = rotr64_lo$1(xl, xh, 29); // 61 - var c2_lo = shr64_lo$1(xh, xl, 6); - - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} - -function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - _512.call(this); - this.h = [ - 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; -} -utils.inherits(SHA384, _512); -var _384 = SHA384; - -SHA384.blockSize = 1024; -SHA384.outSize = 384; -SHA384.hmacStrength = 192; -SHA384.padLength = 128; - -SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); -}; - -var rotl32$1 = utils.rotl32; -var sum32$2 = utils.sum32; -var sum32_3$1 = utils.sum32_3; -var sum32_4$2 = utils.sum32_4; -var BlockHash$3 = common.BlockHash; - -function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash$3.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; -} -utils.inherits(RIPEMD160, BlockHash$3); -var ripemd160 = RIPEMD160; - -RIPEMD160.blockSize = 512; -RIPEMD160.outSize = 160; -RIPEMD160.hmacStrength = 192; -RIPEMD160.padLength = 64; - -RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32$2( - rotl32$1( - sum32_4$2(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32$1(C, 10); - C = B; - B = T; - T = sum32$2( - rotl32$1( - sum32_4$2(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32$1(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3$1(this.h[1], C, Dh); - this.h[1] = sum32_3$1(this.h[2], D, Eh); - this.h[2] = sum32_3$1(this.h[3], E, Ah); - this.h[3] = sum32_3$1(this.h[4], A, Bh); - this.h[4] = sum32_3$1(this.h[0], B, Ch); - this.h[0] = T; -}; - -RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); -}; - -function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); -} - -function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; -} - -function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; -} - -var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -]; - -var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -]; - -var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -]; - -var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -]; - -var ripemd = { - ripemd160: ripemd160 -}; - -/** - * A fast MD5 JavaScript implementation - * Copyright (c) 2012 Joseph Myers - * http://www.myersdaily.org/joseph/javascript/md5-text.html - * - * Permission to use, copy, modify, and distribute this software - * and its documentation for any purposes and without - * fee is hereby granted provided that this copyright notice - * appears in all copies. - * - * Of course, this soft is provided "as is" without express or implied - * warranty of any kind. - */ - -// MD5 Digest -async function md5(entree) { - const digest = md51(util.uint8ArrayToString(entree)); - return util.hexToUint8Array(hex(digest)); -} - -function md5cycle(x, k) { - let a = x[0]; - let b = x[1]; - let c = x[2]; - let d = x[3]; - - a = ff(a, b, c, d, k[0], 7, -680876936); - d = ff(d, a, b, c, k[1], 12, -389564586); - c = ff(c, d, a, b, k[2], 17, 606105819); - b = ff(b, c, d, a, k[3], 22, -1044525330); - a = ff(a, b, c, d, k[4], 7, -176418897); - d = ff(d, a, b, c, k[5], 12, 1200080426); - c = ff(c, d, a, b, k[6], 17, -1473231341); - b = ff(b, c, d, a, k[7], 22, -45705983); - a = ff(a, b, c, d, k[8], 7, 1770035416); - d = ff(d, a, b, c, k[9], 12, -1958414417); - c = ff(c, d, a, b, k[10], 17, -42063); - b = ff(b, c, d, a, k[11], 22, -1990404162); - a = ff(a, b, c, d, k[12], 7, 1804603682); - d = ff(d, a, b, c, k[13], 12, -40341101); - c = ff(c, d, a, b, k[14], 17, -1502002290); - b = ff(b, c, d, a, k[15], 22, 1236535329); - - a = gg(a, b, c, d, k[1], 5, -165796510); - d = gg(d, a, b, c, k[6], 9, -1069501632); - c = gg(c, d, a, b, k[11], 14, 643717713); - b = gg(b, c, d, a, k[0], 20, -373897302); - a = gg(a, b, c, d, k[5], 5, -701558691); - d = gg(d, a, b, c, k[10], 9, 38016083); - c = gg(c, d, a, b, k[15], 14, -660478335); - b = gg(b, c, d, a, k[4], 20, -405537848); - a = gg(a, b, c, d, k[9], 5, 568446438); - d = gg(d, a, b, c, k[14], 9, -1019803690); - c = gg(c, d, a, b, k[3], 14, -187363961); - b = gg(b, c, d, a, k[8], 20, 1163531501); - a = gg(a, b, c, d, k[13], 5, -1444681467); - d = gg(d, a, b, c, k[2], 9, -51403784); - c = gg(c, d, a, b, k[7], 14, 1735328473); - b = gg(b, c, d, a, k[12], 20, -1926607734); - - a = hh(a, b, c, d, k[5], 4, -378558); - d = hh(d, a, b, c, k[8], 11, -2022574463); - c = hh(c, d, a, b, k[11], 16, 1839030562); - b = hh(b, c, d, a, k[14], 23, -35309556); - a = hh(a, b, c, d, k[1], 4, -1530992060); - d = hh(d, a, b, c, k[4], 11, 1272893353); - c = hh(c, d, a, b, k[7], 16, -155497632); - b = hh(b, c, d, a, k[10], 23, -1094730640); - a = hh(a, b, c, d, k[13], 4, 681279174); - d = hh(d, a, b, c, k[0], 11, -358537222); - c = hh(c, d, a, b, k[3], 16, -722521979); - b = hh(b, c, d, a, k[6], 23, 76029189); - a = hh(a, b, c, d, k[9], 4, -640364487); - d = hh(d, a, b, c, k[12], 11, -421815835); - c = hh(c, d, a, b, k[15], 16, 530742520); - b = hh(b, c, d, a, k[2], 23, -995338651); - - a = ii(a, b, c, d, k[0], 6, -198630844); - d = ii(d, a, b, c, k[7], 10, 1126891415); - c = ii(c, d, a, b, k[14], 15, -1416354905); - b = ii(b, c, d, a, k[5], 21, -57434055); - a = ii(a, b, c, d, k[12], 6, 1700485571); - d = ii(d, a, b, c, k[3], 10, -1894986606); - c = ii(c, d, a, b, k[10], 15, -1051523); - b = ii(b, c, d, a, k[1], 21, -2054922799); - a = ii(a, b, c, d, k[8], 6, 1873313359); - d = ii(d, a, b, c, k[15], 10, -30611744); - c = ii(c, d, a, b, k[6], 15, -1560198380); - b = ii(b, c, d, a, k[13], 21, 1309151649); - a = ii(a, b, c, d, k[4], 6, -145523070); - d = ii(d, a, b, c, k[11], 10, -1120210379); - c = ii(c, d, a, b, k[2], 15, 718787259); - b = ii(b, c, d, a, k[9], 21, -343485551); - - x[0] = add32(a, x[0]); - x[1] = add32(b, x[1]); - x[2] = add32(c, x[2]); - x[3] = add32(d, x[3]); -} - -function cmn(q, a, b, x, s, t) { - a = add32(add32(a, q), add32(x, t)); - return add32((a << s) | (a >>> (32 - s)), b); -} - -function ff(a, b, c, d, x, s, t) { - return cmn((b & c) | ((~b) & d), a, b, x, s, t); -} - -function gg(a, b, c, d, x, s, t) { - return cmn((b & d) | (c & (~d)), a, b, x, s, t); -} - -function hh(a, b, c, d, x, s, t) { - return cmn(b ^ c ^ d, a, b, x, s, t); -} - -function ii(a, b, c, d, x, s, t) { - return cmn(c ^ (b | (~d)), a, b, x, s, t); -} - -function md51(s) { - const n = s.length; - const state = [1732584193, -271733879, -1732584194, 271733878]; - let i; - for (i = 64; i <= s.length; i += 64) { - md5cycle(state, md5blk(s.substring(i - 64, i))); - } - s = s.substring(i - 64); - const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (i = 0; i < s.length; i++) { - tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); - } - tail[i >> 2] |= 0x80 << ((i % 4) << 3); - if (i > 55) { - md5cycle(state, tail); - for (i = 0; i < 16; i++) { - tail[i] = 0; - } - } - tail[14] = n * 8; - md5cycle(state, tail); - return state; -} - -/* there needs to be support for Unicode here, - * unless we pretend that we can redefine the MD-5 - * algorithm for multi-byte characters (perhaps - * by adding every four 16-bit characters and - * shortening the sum to 32 bits). Otherwise - * I suggest performing MD-5 as if every character - * was two bytes--e.g., 0040 0025 = @%--but then - * how will an ordinary MD-5 sum be matched? - * There is no way to standardize text to something - * like UTF-8 before transformation; speed cost is - * utterly prohibitive. The JavaScript standard - * itself needs to look at this: it should start - * providing access to strings as preformed UTF-8 - * 8-bit unsigned value arrays. - */ -function md5blk(s) { /* I figured global was faster. */ - const md5blks = []; - let i; /* Andy King said do it this way. */ - for (i = 0; i < 64; i += 4) { - md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << - 24); - } - return md5blks; -} - -const hex_chr = '0123456789abcdef'.split(''); - -function rhex(n) { - let s = ''; - let j = 0; - for (; j < 4; j++) { - s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; - } - return s; -} - -function hex(x) { - for (let i = 0; i < x.length; i++) { - x[i] = rhex(x[i]); - } - return x.join(''); -} - -/* this function is much faster, -so if possible we use it. Some IEs -are the only ones I know of that -need the idiotic second function, -generated by an if clause. */ - -function add32(a, b) { - return (a + b) & 0xFFFFFFFF; -} - -/** - * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries. - * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto} - * @see {@link https://github.com/indutny/hash.js|hash.js} - * @module crypto/hash - * @private - */ - -const webCrypto = util.getWebCrypto(); -const nodeCrypto = util.getNodeCrypto(); -const nodeCryptoHashes = nodeCrypto && nodeCrypto.getHashes(); - -function nodeHash(type) { - if (!nodeCrypto || !nodeCryptoHashes.includes(type)) { - return; - } - return async function (data) { - const shasum = nodeCrypto.createHash(type); - return transform(data, value => { - shasum.update(value); - }, () => new Uint8Array(shasum.digest())); - }; -} - -function hashjsHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } - const hashInstance = hash(); - return transform(data, value => { - hashInstance.update(value); - }, () => new Uint8Array(hashInstance.digest())); - }; -} - -function asmcryptoHash(hash, webCryptoHash) { - return async function(data, config$1 = config) { - if (isArrayStream(data)) { - data = await readToEnd(data); - } - if (util.isStream(data)) { - const hashInstance = new hash(); - return transform(data, value => { - hashInstance.process(value); - }, () => hashInstance.finish().result); - } else if (webCrypto && webCryptoHash && data.length >= config$1.minBytesForWebCrypto) { - return new Uint8Array(await webCrypto.digest(webCryptoHash, data)); - } else { - return hash.bytes(data); - } - }; -} - -const hashFunctions = { - md5: nodeHash('md5') || md5, - sha1: nodeHash('sha1') || asmcryptoHash(Sha1, 'SHA-1'), - sha224: nodeHash('sha224') || hashjsHash(_224), - sha256: nodeHash('sha256') || asmcryptoHash(Sha256, 'SHA-256'), - sha384: nodeHash('sha384') || hashjsHash(_384, 'SHA-384'), - sha512: nodeHash('sha512') || hashjsHash(_512, 'SHA-512'), // asmcrypto sha512 is huge. - ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160) -}; - -var hash = { - - /** @see module:md5 */ - md5: hashFunctions.md5, - /** @see asmCrypto */ - sha1: hashFunctions.sha1, - /** @see hash.js */ - sha224: hashFunctions.sha224, - /** @see asmCrypto */ - sha256: hashFunctions.sha256, - /** @see hash.js */ - sha384: hashFunctions.sha384, - /** @see asmCrypto */ - sha512: hashFunctions.sha512, - /** @see hash.js */ - ripemd: hashFunctions.ripemd, - - /** - * Create a hash on the specified data using the specified algorithm - * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @param {Uint8Array} data - Data to be hashed - * @returns {Promise} Hash value. - */ - digest: function(algo, data) { - switch (algo) { - case enums.hash.md5: - return this.md5(data); - case enums.hash.sha1: - return this.sha1(data); - case enums.hash.ripemd: - return this.ripemd(data); - case enums.hash.sha256: - return this.sha256(data); - case enums.hash.sha384: - return this.sha384(data); - case enums.hash.sha512: - return this.sha512(data); - case enums.hash.sha224: - return this.sha224(data); - default: - throw new Error('Invalid hash function.'); - } - }, - - /** - * Returns the hash size in bytes of the specified hash algorithm type - * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) - * @returns {Integer} Size in bytes of the resulting hash. - */ - getHashByteLength: function(algo) { - switch (algo) { - case enums.hash.md5: - return 16; - case enums.hash.sha1: - case enums.hash.ripemd: - return 20; - case enums.hash.sha256: - return 32; - case enums.hash.sha384: - return 48; - case enums.hash.sha512: - return 64; - case enums.hash.sha224: - return 28; - default: - throw new Error('Invalid hash algorithm.'); - } - } -}; - -class AES_CFB { - static encrypt(data, key, iv) { - return new AES_CFB(key, iv).encrypt(data); - } - static decrypt(data, key, iv) { - return new AES_CFB(key, iv).decrypt(data); - } - constructor(key, iv, aes) { - this.aes = aes ? aes : new AES(key, iv, true, 'CFB'); - delete this.aes.padding; - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * Get implementation of the given cipher - * @param {enums.symmetric} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getCipher(algo) { - const algoName = enums.read(enums.symmetric, algo); - return cipher[algoName]; -} - -// Modified by ProtonTech AG - -const webCrypto$1 = util.getWebCrypto(); -const nodeCrypto$1 = util.getNodeCrypto(); - -const knownAlgos = nodeCrypto$1 ? nodeCrypto$1.getCiphers() : []; -const nodeAlgos = { - idea: knownAlgos.includes('idea-cfb') ? 'idea-cfb' : undefined, /* Unused, not implemented */ - tripledes: knownAlgos.includes('des-ede3-cfb') ? 'des-ede3-cfb' : undefined, - cast5: knownAlgos.includes('cast5-cfb') ? 'cast5-cfb' : undefined, - blowfish: knownAlgos.includes('bf-cfb') ? 'bf-cfb' : undefined, - aes128: knownAlgos.includes('aes-128-cfb') ? 'aes-128-cfb' : undefined, - aes192: knownAlgos.includes('aes-192-cfb') ? 'aes-192-cfb' : undefined, - aes256: knownAlgos.includes('aes-256-cfb') ? 'aes-256-cfb' : undefined - /* twofish is not implemented in OpenSSL */ -}; - -/** - * CFB encryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} plaintext - * @param {Uint8Array} iv - * @param {Object} config - full configuration, defaults to openpgp.config - * @returns MaybeStream - */ -async function encrypt(algo, key, plaintext, iv, config) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeEncrypt(algo, key, plaintext, iv); - } - if (util.isAES(algo)) { - return aesEncrypt(algo, key, plaintext, iv, config); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - const blockc = iv.slice(); - let pt = new Uint8Array(); - const process = chunk => { - if (chunk) { - pt = util.concatUint8Array([pt, chunk]); - } - const ciphertext = new Uint8Array(pt.length); - let i; - let j = 0; - while (chunk ? pt.length >= block_size : pt.length) { - const encblock = cipherfn.encrypt(blockc); - for (i = 0; i < block_size; i++) { - blockc[i] = pt[i] ^ encblock[i]; - ciphertext[j++] = blockc[i]; - } - pt = pt.subarray(block_size); - } - return ciphertext.subarray(0, j); - }; - return transform(plaintext, process, process); -} - -/** - * CFB decryption - * @param {enums.symmetric} algo - block cipher algorithm - * @param {Uint8Array} key - * @param {MaybeStream} ciphertext - * @param {Uint8Array} iv - * @returns MaybeStream - */ -async function decrypt(algo, key, ciphertext, iv) { - const algoName = enums.read(enums.symmetric, algo); - if (util.getNodeCrypto() && nodeAlgos[algoName]) { // Node crypto library. - return nodeDecrypt(algo, key, ciphertext, iv); - } - if (util.isAES(algo)) { - return aesDecrypt(algo, key, ciphertext, iv); - } - - const Cipher = getCipher(algo); - const cipherfn = new Cipher(key); - const block_size = cipherfn.blockSize; - - let blockp = iv; - let ct = new Uint8Array(); - const process = chunk => { - if (chunk) { - ct = util.concatUint8Array([ct, chunk]); - } - const plaintext = new Uint8Array(ct.length); - let i; - let j = 0; - while (chunk ? ct.length >= block_size : ct.length) { - const decblock = cipherfn.encrypt(blockp); - blockp = ct.subarray(0, block_size); - for (i = 0; i < block_size; i++) { - plaintext[j++] = blockp[i] ^ decblock[i]; - } - ct = ct.subarray(block_size); - } - return plaintext.subarray(0, j); - }; - return transform(ciphertext, process, process); -} - -function aesEncrypt(algo, key, pt, iv, config) { - if ( - util.getWebCrypto() && - key.length !== 24 && // Chrome doesn't support 192 bit keys, see https://www.chromium.org/blink/webcrypto#TOC-AES-support - !util.isStream(pt) && - pt.length >= 3000 * config.minBytesForWebCrypto // Default to a 3MB minimum. Chrome is pretty slow for small messages, see: https://bugs.chromium.org/p/chromium/issues/detail?id=701188#c2 - ) { // Web Crypto - return webEncrypt(algo, key, pt, iv); - } - // asm.js fallback - const cfb = new AES_CFB(key, iv); - return transform(pt, value => cfb.aes.AES_Encrypt_process(value), () => cfb.aes.AES_Encrypt_finish()); -} - -function aesDecrypt(algo, key, ct, iv) { - if (util.isStream(ct)) { - const cfb = new AES_CFB(key, iv); - return transform(ct, value => cfb.aes.AES_Decrypt_process(value), () => cfb.aes.AES_Decrypt_finish()); - } - return AES_CFB.decrypt(ct, key, iv); -} - -function xorMut(a, b) { - for (let i = 0; i < a.length; i++) { - a[i] = a[i] ^ b[i]; - } -} - -async function webEncrypt(algo, key, pt, iv) { - const ALGO = 'AES-CBC'; - const _key = await webCrypto$1.importKey('raw', key, { name: ALGO }, false, ['encrypt']); - const { blockSize } = getCipher(algo); - const cbc_pt = util.concatUint8Array([new Uint8Array(blockSize), pt]); - const ct = new Uint8Array(await webCrypto$1.encrypt({ name: ALGO, iv }, _key, cbc_pt)).subarray(0, pt.length); - xorMut(ct, pt); - return ct; -} - -function nodeEncrypt(algo, key, pt, iv) { - const algoName = enums.read(enums.symmetric, algo); - const cipherObj = new nodeCrypto$1.createCipheriv(nodeAlgos[algoName], key, iv); - return transform(pt, value => new Uint8Array(cipherObj.update(value))); -} - -function nodeDecrypt(algo, key, ct, iv) { - const algoName = enums.read(enums.symmetric, algo); - const decipherObj = new nodeCrypto$1.createDecipheriv(nodeAlgos[algoName], key, iv); - return transform(ct, value => new Uint8Array(decipherObj.update(value))); -} - -var cfb = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt, - decrypt: decrypt -}); - -class AES_CTR { - static encrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - static decrypt(data, key, nonce) { - return new AES_CTR(key, nonce).encrypt(data); - } - constructor(key, nonce, aes) { - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - delete this.aes.padding; - this.AES_CTR_set_options(nonce); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - AES_CTR_set_options(nonce, counter, size) { - let { asm } = this.aes.acquire_asm(); - if (size !== undefined) { - if (size < 8 || size > 48) - throw new IllegalArgumentError('illegal counter size'); - let mask = Math.pow(2, size) - 1; - asm.set_mask(0, 0, (mask / 0x100000000) | 0, mask | 0); - } - else { - size = 48; - asm.set_mask(0, 0, 0xffff, 0xffffffff); - } - if (nonce !== undefined) { - let len = nonce.length; - if (!len || len > 16) - throw new IllegalArgumentError('illegal nonce size'); - let view = new DataView(new ArrayBuffer(16)); - new Uint8Array(view.buffer).set(nonce); - asm.set_nonce(view.getUint32(0), view.getUint32(4), view.getUint32(8), view.getUint32(12)); - } - else { - throw new Error('nonce is required'); - } - if (counter !== undefined) { - if (counter < 0 || counter >= Math.pow(2, size)) - throw new IllegalArgumentError('illegal counter value'); - asm.set_counter(0, 0, (counter / 0x100000000) | 0, counter | 0); - } - } -} - -class AES_CBC { - static encrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).encrypt(data); - } - static decrypt(data, key, padding = true, iv) { - return new AES_CBC(key, iv, padding).decrypt(data); - } - constructor(key, iv, padding = true, aes) { - this.aes = aes ? aes : new AES(key, iv, padding, 'CBC'); - } - encrypt(data) { - const r1 = this.aes.AES_Encrypt_process(data); - const r2 = this.aes.AES_Encrypt_finish(); - return joinBytes(r1, r2); - } - decrypt(data) { - const r1 = this.aes.AES_Decrypt_process(data); - const r2 = this.aes.AES_Decrypt_finish(); - return joinBytes(r1, r2); - } -} - -/** - * @fileoverview This module implements AES-CMAC on top of - * native AES-CBC using either the WebCrypto API or Node.js' crypto API. - * @module crypto/cmac - * @private - */ - -const webCrypto$2 = util.getWebCrypto(); -const nodeCrypto$2 = util.getNodeCrypto(); - - -/** - * This implementation of CMAC is based on the description of OMAC in - * http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that - * document: - * - * We have made a small modification to the OMAC algorithm as it was - * originally presented, changing one of its two constants. - * Specifically, the constant 4 at line 85 was the constant 1/2 (the - * multiplicative inverse of 2) in the original definition of OMAC [14]. - * The OMAC authors indicate that they will promulgate this modification - * [15], which slightly simplifies implementations. - */ - -const blockLength = 16; - - -/** - * xor `padding` into the end of `data`. This function implements "the - * operation xor→ [which] xors the shorter string into the end of longer - * one". Since data is always as least as long as padding, we can - * simplify the implementation. - * @param {Uint8Array} data - * @param {Uint8Array} padding - */ -function rightXORMut(data, padding) { - const offset = data.length - blockLength; - for (let i = 0; i < blockLength; i++) { - data[i + offset] ^= padding[i]; - } - return data; -} - -function pad(data, padding, padding2) { - // if |M| in {n, 2n, 3n, ...} - if (data.length && data.length % blockLength === 0) { - // then return M xor→ B, - return rightXORMut(data, padding); - } - // else return (M || 10^(n−1−(|M| mod n))) xor→ P - const padded = new Uint8Array(data.length + (blockLength - (data.length % blockLength))); - padded.set(data); - padded[data.length] = 0b10000000; - return rightXORMut(padded, padding2); -} - -const zeroBlock = new Uint8Array(blockLength); - -async function CMAC(key) { - const cbc = await CBC(key); - - // L ← E_K(0^n); B ← 2L; P ← 4L - const padding = util.double(await cbc(zeroBlock)); - const padding2 = util.double(padding); - - return async function(data) { - // return CBC_K(pad(M; B, P)) - return (await cbc(pad(data, padding, padding2))).subarray(-blockLength); - }; -} - -async function CBC(key) { - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - key = await webCrypto$2.importKey('raw', key, { name: 'AES-CBC', length: key.length * 8 }, false, ['encrypt']); - return async function(pt) { - const ct = await webCrypto$2.encrypt({ name: 'AES-CBC', iv: zeroBlock, length: blockLength * 8 }, key, pt); - return new Uint8Array(ct).subarray(0, ct.byteLength - blockLength); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt) { - const en = new nodeCrypto$2.createCipheriv('aes-' + (key.length * 8) + '-cbc', key, zeroBlock); - const ct = en.update(pt); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt) { - return AES_CBC.encrypt(pt, key, false, zeroBlock); - }; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$3 = util.getWebCrypto(); -const nodeCrypto$3 = util.getNodeCrypto(); -const Buffer$1 = util.getNodeBuffer(); - - -const blockLength$1 = 16; -const ivLength = blockLength$1; -const tagLength = blockLength$1; - -const zero = new Uint8Array(blockLength$1); -const one = new Uint8Array(blockLength$1); one[blockLength$1 - 1] = 1; -const two = new Uint8Array(blockLength$1); two[blockLength$1 - 1] = 2; - -async function OMAC(key) { - const cmac = await CMAC(key); - return function(t, message) { - return cmac(util.concatUint8Array([t, message])); - }; -} - -async function CTR(key) { - if ( - util.getWebCrypto() && - key.length !== 24 // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - ) { - key = await webCrypto$3.importKey('raw', key, { name: 'AES-CTR', length: key.length * 8 }, false, ['encrypt']); - return async function(pt, iv) { - const ct = await webCrypto$3.encrypt({ name: 'AES-CTR', counter: iv, length: blockLength$1 * 8 }, key, pt); - return new Uint8Array(ct); - }; - } - if (util.getNodeCrypto()) { // Node crypto library - return async function(pt, iv) { - const en = new nodeCrypto$3.createCipheriv('aes-' + (key.length * 8) + '-ctr', key, iv); - const ct = Buffer$1.concat([en.update(pt), en.final()]); - return new Uint8Array(ct); - }; - } - // asm.js fallback - return async function(pt, iv) { - return AES_CTR.encrypt(pt, key, iv); - }; -} - - -/** - * Class to en/decrypt using EAX mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function EAX(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('EAX mode supports only AES cipher'); - } - - const [ - omac, - ctr - ] = await Promise.all([ - OMAC(key), - CTR(key) - ]); - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - const [ - omacNonce, - omacAdata - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata) - ]); - const ciphered = await ctr(plaintext, omacNonce); - const omacCiphered = await omac(two, ciphered); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - return util.concatUint8Array([ciphered, tag]); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (16 bytes) - * @param {Uint8Array} adata - Associated data to verify - * @returns {Promise} The plaintext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength) throw new Error('Invalid EAX ciphertext'); - const ciphered = ciphertext.subarray(0, -tagLength); - const ctTag = ciphertext.subarray(-tagLength); - const [ - omacNonce, - omacAdata, - omacCiphered - ] = await Promise.all([ - omac(zero, nonce), - omac(one, adata), - omac(two, ciphered) - ]); - const tag = omacCiphered; // Assumes that omac(*).length === tagLength. - for (let i = 0; i < tagLength; i++) { - tag[i] ^= omacAdata[i] ^ omacNonce[i]; - } - if (!util.equalsUint8Array(ctTag, tag)) throw new Error('Authentication tag mismatch'); - const plaintext = await ctr(ciphered, omacNonce); - return plaintext; - } - }; -} - - -/** - * Get EAX nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.1|RFC4880bis-04, section 5.16.1}. - * @param {Uint8Array} iv - The initialization vector (16 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -EAX.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[8 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -EAX.blockLength = blockLength$1; -EAX.ivLength = ivLength; -EAX.tagLength = tagLength; - -// OpenPGP.js - An OpenPGP implementation in javascript - -const blockLength$2 = 16; -const ivLength$1 = 15; - -// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2: -// While OCB [RFC7253] allows the authentication tag length to be of any -// number up to 128 bits long, this document requires a fixed -// authentication tag length of 128 bits (16 octets) for simplicity. -const tagLength$1 = 16; - - -function ntz(n) { - let ntz = 0; - for (let i = 1; (n & i) === 0; i <<= 1) { - ntz++; - } - return ntz; -} - -function xorMut$1(S, T) { - for (let i = 0; i < S.length; i++) { - S[i] ^= T[i]; - } - return S; -} - -function xor(S, T) { - return xorMut$1(S.slice(), T); -} - -const zeroBlock$1 = new Uint8Array(blockLength$2); -const one$1 = new Uint8Array([1]); - -/** - * Class to en/decrypt using OCB mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function OCB(cipher$1, key) { - - let maxNtz = 0; - let encipher; - let decipher; - let mask; - - constructKeyVariables(cipher$1, key); - - function constructKeyVariables(cipher$1, key) { - const cipherName = enums.read(enums.symmetric, cipher$1); - const aes = new cipher[cipherName](key); - encipher = aes.encrypt.bind(aes); - decipher = aes.decrypt.bind(aes); - - const mask_x = encipher(zeroBlock$1); - const mask_$ = util.double(mask_x); - mask = []; - mask[0] = util.double(mask_$); - - - mask.x = mask_x; - mask.$ = mask_$; - } - - function extendKeyVariables(text, adata) { - const newMaxNtz = util.nbits(Math.max(text.length, adata.length) / blockLength$2 | 0) - 1; - for (let i = maxNtz + 1; i <= newMaxNtz; i++) { - mask[i] = util.double(mask[i - 1]); - } - maxNtz = newMaxNtz; - } - - function hash(adata) { - if (!adata.length) { - // Fast path - return zeroBlock$1; - } - - // - // Consider A as a sequence of 128-bit blocks - // - const m = adata.length / blockLength$2 | 0; - - const offset = new Uint8Array(blockLength$2); - const sum = new Uint8Array(blockLength$2); - for (let i = 0; i < m; i++) { - xorMut$1(offset, mask[ntz(i + 1)]); - xorMut$1(sum, encipher(xor(offset, adata))); - adata = adata.subarray(blockLength$2); - } - - // - // Process any final partial block; compute final hash value - // - if (adata.length) { - xorMut$1(offset, mask.x); - - const cipherInput = new Uint8Array(blockLength$2); - cipherInput.set(adata, 0); - cipherInput[adata.length] = 0b10000000; - xorMut$1(cipherInput, offset); - - xorMut$1(sum, encipher(cipherInput)); - } - - return sum; - } - - /** - * Encrypt/decrypt data. - * @param {encipher|decipher} fn - Encryption/decryption block cipher function - * @param {Uint8Array} text - The cleartext or ciphertext (without tag) input - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext or plaintext output, with tag appended in both cases. - */ - function crypt(fn, text, nonce, adata) { - // - // Consider P as a sequence of 128-bit blocks - // - const m = text.length / blockLength$2 | 0; - - // - // Key-dependent variables - // - extendKeyVariables(text, adata); - - // - // Nonce-dependent and per-encryption variables - // - // Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N - // Note: We assume here that tagLength mod 16 == 0. - const paddedNonce = util.concatUint8Array([zeroBlock$1.subarray(0, ivLength$1 - nonce.length), one$1, nonce]); - // bottom = str2num(Nonce[123..128]) - const bottom = paddedNonce[blockLength$2 - 1] & 0b111111; - // Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) - paddedNonce[blockLength$2 - 1] &= 0b11000000; - const kTop = encipher(paddedNonce); - // Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) - const stretched = util.concatUint8Array([kTop, xor(kTop.subarray(0, 8), kTop.subarray(1, 9))]); - // Offset_0 = Stretch[1+bottom..128+bottom] - const offset = util.shiftRight(stretched.subarray(0 + (bottom >> 3), 17 + (bottom >> 3)), 8 - (bottom & 7)).subarray(1); - // Checksum_0 = zeros(128) - const checksum = new Uint8Array(blockLength$2); - - const ct = new Uint8Array(text.length + tagLength$1); - - // - // Process any whole blocks - // - let i; - let pos = 0; - for (i = 0; i < m; i++) { - // Offset_i = Offset_{i-1} xor L_{ntz(i)} - xorMut$1(offset, mask[ntz(i + 1)]); - // C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) - // P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) - ct.set(xorMut$1(fn(xor(offset, text)), offset), pos); - // Checksum_i = Checksum_{i-1} xor P_i - xorMut$1(checksum, fn === encipher ? text : ct.subarray(pos)); - - text = text.subarray(blockLength$2); - pos += blockLength$2; - } - - // - // Process any final partial block and compute raw tag - // - if (text.length) { - // Offset_* = Offset_m xor L_* - xorMut$1(offset, mask.x); - // Pad = ENCIPHER(K, Offset_*) - const padding = encipher(offset); - // C_* = P_* xor Pad[1..bitlen(P_*)] - ct.set(xor(text, padding), pos); - - // Checksum_* = Checksum_m xor (P_* || 1 || new Uint8Array(127-bitlen(P_*))) - const xorInput = new Uint8Array(blockLength$2); - xorInput.set(fn === encipher ? text : ct.subarray(pos, -tagLength$1), 0); - xorInput[text.length] = 0b10000000; - xorMut$1(checksum, xorInput); - pos += text.length; - } - // Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - const tag = xorMut$1(encipher(xorMut$1(xorMut$1(checksum, offset), mask.$)), hash(adata)); - - // - // Assemble ciphertext - // - // C = C_1 || C_2 || ... || C_m || C_* || Tag[1..TAGLEN] - ct.set(tag, pos); - return ct; - } - - - return { - /** - * Encrypt plaintext input. - * @param {Uint8Array} plaintext - The cleartext input to be encrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - encrypt: async function(plaintext, nonce, adata) { - return crypt(encipher, plaintext, nonce, adata); - }, - - /** - * Decrypt ciphertext input. - * @param {Uint8Array} ciphertext - The ciphertext input to be decrypted - * @param {Uint8Array} nonce - The nonce (15 bytes) - * @param {Uint8Array} adata - Associated data to sign - * @returns {Promise} The ciphertext output. - */ - decrypt: async function(ciphertext, nonce, adata) { - if (ciphertext.length < tagLength$1) throw new Error('Invalid OCB ciphertext'); - - const tag = ciphertext.subarray(-tagLength$1); - ciphertext = ciphertext.subarray(0, -tagLength$1); - - const crypted = crypt(decipher, ciphertext, nonce, adata); - // if (Tag[1..TAGLEN] == T) - if (util.equalsUint8Array(tag, crypted.subarray(-tagLength$1))) { - return crypted.subarray(0, -tagLength$1); - } - throw new Error('Authentication tag mismatch'); - } - }; -} - - -/** - * Get OCB nonce as defined by {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16.2|RFC4880bis-04, section 5.16.2}. - * @param {Uint8Array} iv - The initialization vector (15 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -OCB.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[7 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -OCB.blockLength = blockLength$2; -OCB.ivLength = ivLength$1; -OCB.tagLength = tagLength$1; - -const _AES_GCM_data_maxLength = 68719476704; // 2^36 - 2^5 -class AES_GCM { - constructor(key, nonce, adata, tagSize = 16, aes) { - this.tagSize = tagSize; - this.gamma0 = 0; - this.counter = 1; - this.aes = aes ? aes : new AES(key, undefined, false, 'CTR'); - let { asm, heap } = this.aes.acquire_asm(); - // Init GCM - asm.gcm_init(); - // Tag size - if (this.tagSize < 4 || this.tagSize > 16) - throw new IllegalArgumentError('illegal tagSize value'); - // Nonce - const noncelen = nonce.length || 0; - const noncebuf = new Uint8Array(16); - if (noncelen !== 12) { - this._gcm_mac_process(nonce); - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = 0; - heap[4] = 0; - heap[5] = 0; - heap[6] = 0; - heap[7] = 0; - heap[8] = 0; - heap[9] = 0; - heap[10] = 0; - heap[11] = noncelen >>> 29; - heap[12] = (noncelen >>> 21) & 255; - heap[13] = (noncelen >>> 13) & 255; - heap[14] = (noncelen >>> 5) & 255; - heap[15] = (noncelen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_iv(0, 0, 0, 0); - noncebuf.set(heap.subarray(0, 16)); - } - else { - noncebuf.set(nonce); - noncebuf[15] = 1; - } - const nonceview = new DataView(noncebuf.buffer); - this.gamma0 = nonceview.getUint32(12); - asm.set_nonce(nonceview.getUint32(0), nonceview.getUint32(4), nonceview.getUint32(8), 0); - asm.set_mask(0, 0, 0, 0xffffffff); - // Associated data - if (adata !== undefined) { - if (adata.length > _AES_GCM_data_maxLength) - throw new IllegalArgumentError('illegal adata length'); - if (adata.length) { - this.adata = adata; - this._gcm_mac_process(adata); - } - else { - this.adata = undefined; - } - } - else { - this.adata = undefined; - } - // Counter - if (this.counter < 1 || this.counter > 0xffffffff) - throw new RangeError('counter must be a positive 32-bit integer'); - asm.set_counter(0, 0, 0, (this.gamma0 + this.counter) | 0); - } - static encrypt(cleartext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).encrypt(cleartext); - } - static decrypt(ciphertext, key, nonce, adata, tagsize) { - return new AES_GCM(key, nonce, adata, tagsize).decrypt(ciphertext); - } - encrypt(data) { - return this.AES_GCM_encrypt(data); - } - decrypt(data) { - return this.AES_GCM_decrypt(data); - } - AES_GCM_Encrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = (len + dlen) & -16; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > 0) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, len); - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - if (wlen < len) { - pos += wlen; - len -= wlen; - } - else { - pos = 0; - len = 0; - } - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Encrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let adata = this.adata; - let pos = this.aes.pos; - let len = this.aes.len; - const result = new Uint8Array(len + tagSize); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA + pos, (len + 15) & -16); - if (len) - result.set(heap.subarray(pos, pos + len)); - let i = len; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - result.set(heap.subarray(0, tagSize), len); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_Decrypt_process(data) { - let dpos = 0; - let dlen = data.length || 0; - let { asm, heap } = this.aes.acquire_asm(); - let counter = this.counter; - let tagSize = this.tagSize; - let pos = this.aes.pos; - let len = this.aes.len; - let rpos = 0; - let rlen = len + dlen > tagSize ? (len + dlen - tagSize) & -16 : 0; - let tlen = len + dlen - rlen; - let wlen = 0; - if (((counter - 1) << 4) + len + dlen > _AES_GCM_data_maxLength) - throw new RangeError('counter overflow'); - const result = new Uint8Array(rlen); - while (dlen > tlen) { - wlen = _heap_write(heap, pos + len, data, dpos, dlen - tlen); - len += wlen; - dpos += wlen; - dlen -= wlen; - wlen = asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, wlen); - wlen = asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, wlen); - if (wlen) - result.set(heap.subarray(pos, pos + wlen), rpos); - counter += wlen >>> 4; - rpos += wlen; - pos = 0; - len = 0; - } - if (dlen > 0) { - len += _heap_write(heap, 0, data, dpos, dlen); - } - this.counter = counter; - this.aes.pos = pos; - this.aes.len = len; - return result; - } - AES_GCM_Decrypt_finish() { - let { asm, heap } = this.aes.acquire_asm(); - let tagSize = this.tagSize; - let adata = this.adata; - let counter = this.counter; - let pos = this.aes.pos; - let len = this.aes.len; - let rlen = len - tagSize; - if (len < tagSize) - throw new IllegalStateError('authentication tag not found'); - const result = new Uint8Array(rlen); - const atag = new Uint8Array(heap.subarray(pos + rlen, pos + len)); - let i = rlen; - for (; i & 15; i++) - heap[pos + i] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA + pos, i); - asm.cipher(AES_asm.DEC.CTR, AES_asm.HEAP_DATA + pos, i); - if (rlen) - result.set(heap.subarray(pos, pos + rlen)); - const alen = adata !== undefined ? adata.length : 0; - const clen = ((counter - 1) << 4) + len - tagSize; - heap[0] = 0; - heap[1] = 0; - heap[2] = 0; - heap[3] = alen >>> 29; - heap[4] = alen >>> 21; - heap[5] = (alen >>> 13) & 255; - heap[6] = (alen >>> 5) & 255; - heap[7] = (alen << 3) & 255; - heap[8] = heap[9] = heap[10] = 0; - heap[11] = clen >>> 29; - heap[12] = (clen >>> 21) & 255; - heap[13] = (clen >>> 13) & 255; - heap[14] = (clen >>> 5) & 255; - heap[15] = (clen << 3) & 255; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, 16); - asm.get_iv(AES_asm.HEAP_DATA); - asm.set_counter(0, 0, 0, this.gamma0); - asm.cipher(AES_asm.ENC.CTR, AES_asm.HEAP_DATA, 16); - let acheck = 0; - for (let i = 0; i < tagSize; ++i) - acheck |= atag[i] ^ heap[i]; - if (acheck) - throw new SecurityError('data integrity check failed'); - this.counter = 1; - this.aes.pos = 0; - this.aes.len = 0; - return result; - } - AES_GCM_decrypt(data) { - const result1 = this.AES_GCM_Decrypt_process(data); - const result2 = this.AES_GCM_Decrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - AES_GCM_encrypt(data) { - const result1 = this.AES_GCM_Encrypt_process(data); - const result2 = this.AES_GCM_Encrypt_finish(); - const result = new Uint8Array(result1.length + result2.length); - if (result1.length) - result.set(result1); - if (result2.length) - result.set(result2, result1.length); - return result; - } - _gcm_mac_process(data) { - let { asm, heap } = this.aes.acquire_asm(); - let dpos = 0; - let dlen = data.length || 0; - let wlen = 0; - while (dlen > 0) { - wlen = _heap_write(heap, 0, data, dpos, dlen); - dpos += wlen; - dlen -= wlen; - while (wlen & 15) - heap[wlen++] = 0; - asm.mac(AES_asm.MAC.GCM, AES_asm.HEAP_DATA, wlen); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$4 = util.getWebCrypto(); -const nodeCrypto$4 = util.getNodeCrypto(); -const Buffer$2 = util.getNodeBuffer(); - -const blockLength$3 = 16; -const ivLength$2 = 12; // size of the IV in bytes -const tagLength$2 = 16; // size of the tag in bytes -const ALGO = 'AES-GCM'; - -/** - * Class to en/decrypt using GCM mode. - * @param {enums.symmetric} cipher - The symmetric cipher algorithm to use - * @param {Uint8Array} key - The encryption key - */ -async function GCM(cipher, key) { - if (cipher !== enums.symmetric.aes128 && - cipher !== enums.symmetric.aes192 && - cipher !== enums.symmetric.aes256) { - throw new Error('GCM mode supports only AES cipher'); - } - - if (util.getNodeCrypto()) { // Node crypto library - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - const en = new nodeCrypto$4.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - en.setAAD(adata); - const ct = Buffer$2.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - const de = new nodeCrypto$4.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv); - de.setAAD(adata); - de.setAuthTag(ct.slice(ct.length - tagLength$2, ct.length)); // read auth tag at end of ciphertext - const pt = Buffer$2.concat([de.update(ct.slice(0, ct.length - tagLength$2)), de.final()]); - return new Uint8Array(pt); - } - }; - } - - if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support - const _key = await webCrypto$4.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']); - - return { - encrypt: async function(pt, iv, adata = new Uint8Array()) { - if (!pt.length) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.encrypt(pt, key, iv, adata); - } - const ct = await webCrypto$4.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, pt); - return new Uint8Array(ct); - }, - - decrypt: async function(ct, iv, adata = new Uint8Array()) { - if (ct.length === tagLength$2) { // iOS does not support GCM-en/decrypting empty messages - return AES_GCM.decrypt(ct, key, iv, adata); - } - const pt = await webCrypto$4.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength$2 * 8 }, _key, ct); - return new Uint8Array(pt); - } - }; - } - - return { - encrypt: async function(pt, iv, adata) { - return AES_GCM.encrypt(pt, key, iv, adata); - }, - - decrypt: async function(ct, iv, adata) { - return AES_GCM.decrypt(ct, key, iv, adata); - } - }; -} - - -/** - * Get GCM nonce. Note: this operation is not defined by the standard. - * A future version of the standard may define GCM mode differently, - * hopefully under a different ID (we use Private/Experimental algorithm - * ID 100) so that we can maintain backwards compatibility. - * @param {Uint8Array} iv - The initialization vector (12 bytes) - * @param {Uint8Array} chunkIndex - The chunk index (8 bytes) - */ -GCM.getNonce = function(iv, chunkIndex) { - const nonce = iv.slice(); - for (let i = 0; i < chunkIndex.length; i++) { - nonce[4 + i] ^= chunkIndex[i]; - } - return nonce; -}; - -GCM.blockLength = blockLength$3; -GCM.ivLength = ivLength$2; -GCM.tagLength = tagLength$2; - -/** - * @fileoverview Cipher modes - * @module crypto/mode - * @private - */ - -var mode = { - /** @see module:crypto/mode/cfb */ - cfb: cfb, - /** @see module:crypto/mode/gcm */ - gcm: GCM, - experimentalGCM: GCM, - /** @see module:crypto/mode/eax */ - eax: EAX, - /** @see module:crypto/mode/ocb */ - ocb: OCB -}; - -var naclFastLight = createCommonjsModule(function (module) { -/*jshint bitwise: false*/ - -(function(nacl) { - -// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. -// Public domain. -// -// Implementation derived from TweetNaCl version 20140427. -// See for details: http://tweetnacl.cr.yp.to/ - -var gf = function(init) { - var i, r = new Float64Array(16); - if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; - return r; -}; - -// Pluggable, initialized in high-level API below. -var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; - -var _9 = new Uint8Array(32); _9[0] = 9; - -var gf0 = gf(), - gf1 = gf([1]), - _121665 = gf([0xdb41, 1]), - D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), - D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), - X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), - Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), - I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); - -function vn(x, xi, y, yi, n) { - var i,d = 0; - for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; - return (1 & ((d - 1) >>> 8)) - 1; -} - -function crypto_verify_32(x, xi, y, yi) { - return vn(x,xi,y,yi,32); -} - -function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) r[i] = a[i]|0; -} - -function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; i++) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c-1 + 37 * (c-1); -} - -function sel25519(p, q, b) { - var t, c = ~(b-1); - for (var i = 0; i < 16; i++) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } -} - -function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; i++) t[i] = n[i]; - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; j++) { - m[0] = t[0] - 0xffed; - for (i = 1; i < 15; i++) { - m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); - m[i-1] &= 0xffff; - } - m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); - b = (m[15]>>16) & 1; - m[14] &= 0xffff; - sel25519(t, m, 1-b); - } - for (i = 0; i < 16; i++) { - o[2*i] = t[i] & 0xff; - o[2*i+1] = t[i]>>8; - } -} - -function neq25519(a, b) { - var c = new Uint8Array(32), d = new Uint8Array(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); -} - -function par25519(a) { - var d = new Uint8Array(32); - pack25519(d, a); - return d[0] & 1; -} - -function unpack25519(o, n) { - var i; - for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); - o[15] &= 0x7fff; -} - -function A(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; -} - -function Z(o, a, b) { - for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; -} - -function M(o, a, b) { - var v, c, - t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, - t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, - t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, - t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, - b0 = b[0], - b1 = b[1], - b2 = b[2], - b3 = b[3], - b4 = b[4], - b5 = b[5], - b6 = b[6], - b7 = b[7], - b8 = b[8], - b9 = b[9], - b10 = b[10], - b11 = b[11], - b12 = b[12], - b13 = b[13], - b14 = b[14], - b15 = b[15]; - - v = a[0]; - t0 += v * b0; - t1 += v * b1; - t2 += v * b2; - t3 += v * b3; - t4 += v * b4; - t5 += v * b5; - t6 += v * b6; - t7 += v * b7; - t8 += v * b8; - t9 += v * b9; - t10 += v * b10; - t11 += v * b11; - t12 += v * b12; - t13 += v * b13; - t14 += v * b14; - t15 += v * b15; - v = a[1]; - t1 += v * b0; - t2 += v * b1; - t3 += v * b2; - t4 += v * b3; - t5 += v * b4; - t6 += v * b5; - t7 += v * b6; - t8 += v * b7; - t9 += v * b8; - t10 += v * b9; - t11 += v * b10; - t12 += v * b11; - t13 += v * b12; - t14 += v * b13; - t15 += v * b14; - t16 += v * b15; - v = a[2]; - t2 += v * b0; - t3 += v * b1; - t4 += v * b2; - t5 += v * b3; - t6 += v * b4; - t7 += v * b5; - t8 += v * b6; - t9 += v * b7; - t10 += v * b8; - t11 += v * b9; - t12 += v * b10; - t13 += v * b11; - t14 += v * b12; - t15 += v * b13; - t16 += v * b14; - t17 += v * b15; - v = a[3]; - t3 += v * b0; - t4 += v * b1; - t5 += v * b2; - t6 += v * b3; - t7 += v * b4; - t8 += v * b5; - t9 += v * b6; - t10 += v * b7; - t11 += v * b8; - t12 += v * b9; - t13 += v * b10; - t14 += v * b11; - t15 += v * b12; - t16 += v * b13; - t17 += v * b14; - t18 += v * b15; - v = a[4]; - t4 += v * b0; - t5 += v * b1; - t6 += v * b2; - t7 += v * b3; - t8 += v * b4; - t9 += v * b5; - t10 += v * b6; - t11 += v * b7; - t12 += v * b8; - t13 += v * b9; - t14 += v * b10; - t15 += v * b11; - t16 += v * b12; - t17 += v * b13; - t18 += v * b14; - t19 += v * b15; - v = a[5]; - t5 += v * b0; - t6 += v * b1; - t7 += v * b2; - t8 += v * b3; - t9 += v * b4; - t10 += v * b5; - t11 += v * b6; - t12 += v * b7; - t13 += v * b8; - t14 += v * b9; - t15 += v * b10; - t16 += v * b11; - t17 += v * b12; - t18 += v * b13; - t19 += v * b14; - t20 += v * b15; - v = a[6]; - t6 += v * b0; - t7 += v * b1; - t8 += v * b2; - t9 += v * b3; - t10 += v * b4; - t11 += v * b5; - t12 += v * b6; - t13 += v * b7; - t14 += v * b8; - t15 += v * b9; - t16 += v * b10; - t17 += v * b11; - t18 += v * b12; - t19 += v * b13; - t20 += v * b14; - t21 += v * b15; - v = a[7]; - t7 += v * b0; - t8 += v * b1; - t9 += v * b2; - t10 += v * b3; - t11 += v * b4; - t12 += v * b5; - t13 += v * b6; - t14 += v * b7; - t15 += v * b8; - t16 += v * b9; - t17 += v * b10; - t18 += v * b11; - t19 += v * b12; - t20 += v * b13; - t21 += v * b14; - t22 += v * b15; - v = a[8]; - t8 += v * b0; - t9 += v * b1; - t10 += v * b2; - t11 += v * b3; - t12 += v * b4; - t13 += v * b5; - t14 += v * b6; - t15 += v * b7; - t16 += v * b8; - t17 += v * b9; - t18 += v * b10; - t19 += v * b11; - t20 += v * b12; - t21 += v * b13; - t22 += v * b14; - t23 += v * b15; - v = a[9]; - t9 += v * b0; - t10 += v * b1; - t11 += v * b2; - t12 += v * b3; - t13 += v * b4; - t14 += v * b5; - t15 += v * b6; - t16 += v * b7; - t17 += v * b8; - t18 += v * b9; - t19 += v * b10; - t20 += v * b11; - t21 += v * b12; - t22 += v * b13; - t23 += v * b14; - t24 += v * b15; - v = a[10]; - t10 += v * b0; - t11 += v * b1; - t12 += v * b2; - t13 += v * b3; - t14 += v * b4; - t15 += v * b5; - t16 += v * b6; - t17 += v * b7; - t18 += v * b8; - t19 += v * b9; - t20 += v * b10; - t21 += v * b11; - t22 += v * b12; - t23 += v * b13; - t24 += v * b14; - t25 += v * b15; - v = a[11]; - t11 += v * b0; - t12 += v * b1; - t13 += v * b2; - t14 += v * b3; - t15 += v * b4; - t16 += v * b5; - t17 += v * b6; - t18 += v * b7; - t19 += v * b8; - t20 += v * b9; - t21 += v * b10; - t22 += v * b11; - t23 += v * b12; - t24 += v * b13; - t25 += v * b14; - t26 += v * b15; - v = a[12]; - t12 += v * b0; - t13 += v * b1; - t14 += v * b2; - t15 += v * b3; - t16 += v * b4; - t17 += v * b5; - t18 += v * b6; - t19 += v * b7; - t20 += v * b8; - t21 += v * b9; - t22 += v * b10; - t23 += v * b11; - t24 += v * b12; - t25 += v * b13; - t26 += v * b14; - t27 += v * b15; - v = a[13]; - t13 += v * b0; - t14 += v * b1; - t15 += v * b2; - t16 += v * b3; - t17 += v * b4; - t18 += v * b5; - t19 += v * b6; - t20 += v * b7; - t21 += v * b8; - t22 += v * b9; - t23 += v * b10; - t24 += v * b11; - t25 += v * b12; - t26 += v * b13; - t27 += v * b14; - t28 += v * b15; - v = a[14]; - t14 += v * b0; - t15 += v * b1; - t16 += v * b2; - t17 += v * b3; - t18 += v * b4; - t19 += v * b5; - t20 += v * b6; - t21 += v * b7; - t22 += v * b8; - t23 += v * b9; - t24 += v * b10; - t25 += v * b11; - t26 += v * b12; - t27 += v * b13; - t28 += v * b14; - t29 += v * b15; - v = a[15]; - t15 += v * b0; - t16 += v * b1; - t17 += v * b2; - t18 += v * b3; - t19 += v * b4; - t20 += v * b5; - t21 += v * b6; - t22 += v * b7; - t23 += v * b8; - t24 += v * b9; - t25 += v * b10; - t26 += v * b11; - t27 += v * b12; - t28 += v * b13; - t29 += v * b14; - t30 += v * b15; - - t0 += 38 * t16; - t1 += 38 * t17; - t2 += 38 * t18; - t3 += 38 * t19; - t4 += 38 * t20; - t5 += 38 * t21; - t6 += 38 * t22; - t7 += 38 * t23; - t8 += 38 * t24; - t9 += 38 * t25; - t10 += 38 * t26; - t11 += 38 * t27; - t12 += 38 * t28; - t13 += 38 * t29; - t14 += 38 * t30; - // t15 left as is - - // first car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - // second car - c = 1; - v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; - v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; - v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; - v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; - v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; - v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; - v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; - v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; - v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; - v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; - v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; - v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; - v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; - v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; - v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; - v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; - t0 += c-1 + 37 * (c-1); - - o[ 0] = t0; - o[ 1] = t1; - o[ 2] = t2; - o[ 3] = t3; - o[ 4] = t4; - o[ 5] = t5; - o[ 6] = t6; - o[ 7] = t7; - o[ 8] = t8; - o[ 9] = t9; - o[10] = t10; - o[11] = t11; - o[12] = t12; - o[13] = t13; - o[14] = t14; - o[15] = t15; -} - -function S(o, a) { - M(o, a, a); -} - -function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 253; a >= 0; a--) { - S(c, c); - if(a !== 2 && a !== 4) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; a++) c[a] = i[a]; - for (a = 250; a >= 0; a--) { - S(c, c); - if(a !== 1) M(c, c, i); - } - for (a = 0; a < 16; a++) o[a] = c[a]; -} - -function crypto_scalarmult(q, n, p) { - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; -} - -function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); -} - -function crypto_box_keypair(y, x) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); -} - -function add(p, q) { - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(), - g = gf(), h = gf(), t = gf(); - - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); -} - -function cswap(p, q, b) { - var i; - for (i = 0; i < 4; i++) { - sel25519(p[i], q[i], b); - } -} - -function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; -} - -function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = (s[(i/8)|0] >> (i&7)) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } -} - -function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); -} - -function crypto_sign_keypair(pk, sk, seeded) { - var d; - var p = [gf(), gf(), gf(), gf()]; - var i; - - if (!seeded) randombytes(sk, 32); - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - scalarbase(p, d); - pack(pk, p); - - for (i = 0; i < 32; i++) sk[i+32] = pk[i]; - return 0; -} - -var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); - -function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = Math.floor((x[j] + 128) / 256); - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; j++) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; j++) x[j] -= carry * L[j]; - for (i = 0; i < 32; i++) { - x[i+1] += x[i] >> 8; - r[i] = x[i] & 255; - } -} - -function reduce(r) { - var x = new Float64Array(64), i; - for (i = 0; i < 64; i++) x[i] = r[i]; - for (i = 0; i < 64; i++) r[i] = 0; - modL(r, x); -} - -// Note: difference from C - smlen returned, not passed as argument. -function crypto_sign(sm, m, n, sk) { - var d, h, r; - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - - d = nacl.hash(sk.subarray(0, 32)); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - - var smlen = n + 64; - for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - - r = nacl.hash(sm.subarray(32, smlen)); - reduce(r); - scalarbase(p, r); - pack(sm, p); - - for (i = 32; i < 64; i++) sm[i] = sk[i]; - h = nacl.hash(sm.subarray(0, smlen)); - reduce(h); - - for (i = 0; i < 64; i++) x[i] = 0; - for (i = 0; i < 32; i++) x[i] = r[i]; - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - x[i+j] += h[i] * d[j]; - } - } - - modL(sm.subarray(32), x); - return smlen; -} - -function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), - den = gf(), den2 = gf(), den4 = gf(), - den6 = gf(); - - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) M(r[0], r[0], I); - - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) return -1; - - if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); - - M(r[3], r[0], r[1]); - return 0; -} - -function crypto_sign_open(m, sm, n, pk) { - var i; - var t = new Uint8Array(32), h; - var p = [gf(), gf(), gf(), gf()], - q = [gf(), gf(), gf(), gf()]; - - if (n < 64) return -1; - - if (unpackneg(q, pk)) return -1; - - for (i = 0; i < n; i++) m[i] = sm[i]; - for (i = 0; i < 32; i++) m[i+32] = pk[i]; - h = nacl.hash(m.subarray(0, n)); - reduce(h); - scalarmult(p, q, h); - - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; i++) m[i] = 0; - return -1; - } - - for (i = 0; i < n; i++) m[i] = sm[i + 64]; - return n; -} - -var crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_sign_BYTES = 64, - crypto_sign_PUBLICKEYBYTES = 32, - crypto_sign_SECRETKEYBYTES = 64, - crypto_sign_SEEDBYTES = 32; - -function checkArrayTypes() { - for (var i = 0; i < arguments.length; i++) { - if (!(arguments[i] instanceof Uint8Array)) - throw new TypeError('unexpected type, use Uint8Array'); - } -} - -function cleanup(arr) { - for (var i = 0; i < arr.length; i++) arr[i] = 0; -} - -nacl.scalarMult = function(n, p) { - checkArrayTypes(n, p); - if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); - if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); - var q = new Uint8Array(crypto_scalarmult_BYTES); - crypto_scalarmult(q, n, p); - return q; -}; - -nacl.box = {}; - -nacl.box.keyPair = function() { - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.box.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign = function(msg, secretKey) { - checkArrayTypes(msg, secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); - crypto_sign(signedMsg, msg, msg.length, secretKey); - return signedMsg; -}; - -nacl.sign.detached = function(msg, secretKey) { - var signedMsg = nacl.sign(msg, secretKey); - var sig = new Uint8Array(crypto_sign_BYTES); - for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; - return sig; -}; - -nacl.sign.detached.verify = function(msg, sig, publicKey) { - checkArrayTypes(msg, sig, publicKey); - if (sig.length !== crypto_sign_BYTES) - throw new Error('bad signature size'); - if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) - throw new Error('bad public key size'); - var sm = new Uint8Array(crypto_sign_BYTES + msg.length); - var m = new Uint8Array(crypto_sign_BYTES + msg.length); - var i; - for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; - for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; - return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); -}; - -nacl.sign.keyPair = function() { - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - crypto_sign_keypair(pk, sk); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.sign.keyPair.fromSecretKey = function(secretKey) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_sign_SECRETKEYBYTES) - throw new Error('bad secret key size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; - return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; -}; - -nacl.sign.keyPair.fromSeed = function(seed) { - checkArrayTypes(seed); - if (seed.length !== crypto_sign_SEEDBYTES) - throw new Error('bad seed size'); - var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); - var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); - for (var i = 0; i < 32; i++) sk[i] = seed[i]; - crypto_sign_keypair(pk, sk, true); - return {publicKey: pk, secretKey: sk}; -}; - -nacl.setPRNG = function(fn) { - randombytes = fn; -}; - -(function() { - // Initialize PRNG if environment provides CSPRNG. - // If not, methods calling randombytes will throw. - var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; - if (crypto && crypto.getRandomValues) { - // Browsers. - var QUOTA = 65536; - nacl.setPRNG(function(x, n) { - var i, v = new Uint8Array(n); - for (i = 0; i < n; i += QUOTA) { - crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); - } - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } else if (typeof commonjsRequire !== 'undefined') { - // Node.js. - crypto = void('crypto'); - if (crypto && crypto.randomBytes) { - nacl.setPRNG(function(x, n) { - var i, v = crypto.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; - cleanup(v); - }); - } - } -})(); - -})(module.exports ? module.exports : (self.nacl = self.nacl || {})); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const nodeCrypto$5 = util.getNodeCrypto(); - -/** - * Retrieve secure random byte array of the specified length - * @param {Integer} length - Length in bytes to generate - * @returns {Uint8Array} Random byte array. - */ -function getRandomBytes(length) { - const buf = new Uint8Array(length); - if (nodeCrypto$5) { - const bytes = nodeCrypto$5.randomBytes(buf.length); - buf.set(bytes); - } else if (typeof crypto !== 'undefined' && crypto.getRandomValues) { - crypto.getRandomValues(buf); - } else { - throw new Error('No secure random number generator available.'); - } - return buf; -} - -/** - * Create a secure random BigInteger that is greater than or equal to min and less than max. - * @param {module:BigInteger} min - Lower bound, included - * @param {module:BigInteger} max - Upper bound, excluded - * @returns {Promise} Random BigInteger. - * @async - */ -async function getRandomBigInteger(min, max) { - const BigInteger = await util.getBigInteger(); - - if (max.lt(min)) { - throw new Error('Illegal parameter value: max <= min'); - } - - const modulus = max.sub(min); - const bytes = modulus.byteLength(); - - // Using a while loop is necessary to avoid bias introduced by the mod operation. - // However, we request 64 extra random bits so that the bias is negligible. - // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - const r = new BigInteger(await getRandomBytes(bytes + 8)); - return r.mod(modulus).add(min); -} - -var random = /*#__PURE__*/Object.freeze({ - __proto__: null, - getRandomBytes: getRandomBytes, - getRandomBigInteger: getRandomBigInteger -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Generate a probably prime random number - * @param {Integer} bits - Bit length of the prime - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns BigInteger - * @async - */ -async function randomProbablePrime(bits, e, k) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - const min = one.leftShift(new BigInteger(bits - 1)); - const thirty = new BigInteger(30); - /* - * We can avoid any multiples of 3 and 5 by looking at n mod 30 - * n mod 30 = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 - * the next possible prime is mod 30: - * 1 7 7 7 7 7 7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1 - */ - const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2]; - - const n = await getRandomBigInteger(min, min.leftShift(one)); - let i = n.mod(thirty).toNumber(); - - do { - n.iadd(new BigInteger(adds[i])); - i = (i + adds[i]) % adds.length; - // If reached the maximum, go back to the minimum. - if (n.bitLength() > bits) { - n.imod(min.leftShift(one)).iadd(min); - i = n.mod(thirty).toNumber(); - } - } while (!await isProbablePrime(n, e, k)); - return n; -} - -/** - * Probabilistic primality testing - * @param {BigInteger} n - Number to test - * @param {BigInteger} e - Optional RSA exponent to check against the prime - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @returns {boolean} - * @async - */ -async function isProbablePrime(n, e, k) { - if (e && !n.dec().gcd(e).isOne()) { - return false; - } - if (!await divisionTest(n)) { - return false; - } - if (!await fermat(n)) { - return false; - } - if (!await millerRabin(n, k)) { - return false; - } - // TODO implement the Lucas test - // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - return true; -} - -/** - * Tests whether n is probably prime or not using Fermat's test with b = 2. - * Fails if b^(n-1) mod n != 1. - * @param {BigInteger} n - Number to test - * @param {BigInteger} b - Optional Fermat test base - * @returns {boolean} - */ -async function fermat(n, b) { - const BigInteger = await util.getBigInteger(); - b = b || new BigInteger(2); - return b.modExp(n.dec(), n).isOne(); -} - -async function divisionTest(n) { - const BigInteger = await util.getBigInteger(); - return smallPrimes.every(m => { - return n.mod(new BigInteger(m)) !== 0; - }); -} - -// https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c -const smallPrimes = [ - 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 -]; - - -// Miller-Rabin - Miller Rabin algorithm for primality test -// Copyright Fedor Indutny, 2014. -// -// This software is licensed under the MIT License. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -// Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin - -// Sample syntax for Fixed-Base Miller-Rabin: -// millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0])) - -/** - * Tests whether n is probably prime or not using the Miller-Rabin test. - * See HAC Remark 4.28. - * @param {BigInteger} n - Number to test - * @param {Integer} k - Optional number of iterations of Miller-Rabin test - * @param {Function} rand - Optional function to generate potential witnesses - * @returns {boolean} - * @async - */ -async function millerRabin(n, k, rand) { - const BigInteger = await util.getBigInteger(); - const len = n.bitLength(); - - if (!k) { - k = Math.max(1, (len / 48) | 0); - } - - const n1 = n.dec(); // n - 1 - - // Find d and s, (n - 1) = (2 ^ s) * d; - let s = 0; - while (!n1.getBit(s)) { s++; } - const d = n.rightShift(new BigInteger(s)); - - for (; k > 0; k--) { - const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1); - - let x = a.modExp(d, n); - if (x.isOne() || x.equal(n1)) { - continue; - } - - let i; - for (i = 1; i < s; i++) { - x = x.mul(x).mod(n); - - if (x.isOne()) { - return false; - } - if (x.equal(n1)) { - break; - } - } - - if (i === s) { - return false; - } - } - - return true; -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ASN1 object identifiers for hashes - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.2} - */ -const hash_headers = []; -hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, - 0x10]; -hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; -hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; -hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, - 0x04, 0x20]; -hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, - 0x04, 0x30]; -hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, - 0x00, 0x04, 0x40]; -hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, - 0x00, 0x04, 0x1C]; - -/** - * Create padding with secure random data - * @private - * @param {Integer} length - Length of the padding in bytes - * @returns {Uint8Array} Random padding. - */ -function getPKCS1Padding(length) { - const result = new Uint8Array(length); - let count = 0; - while (count < length) { - const randomBytes = getRandomBytes(length - count); - for (let i = 0; i < randomBytes.length; i++) { - if (randomBytes[i] !== 0) { - result[count++] = randomBytes[i]; - } - } - } - return result; -} - -/** - * Create a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1} - * @param {Uint8Array} message - Message to be encoded - * @param {Integer} keyLength - The length in octets of the key modulus - * @returns {Uint8Array} EME-PKCS1 padded message. - */ -function emeEncode(message, keyLength) { - const mLength = message.length; - // length checking - if (mLength > keyLength - 11) { - throw new Error('Message too long'); - } - // Generate an octet string PS of length k - mLen - 3 consisting of - // pseudo-randomly generated nonzero octets - const PS = getPKCS1Padding(keyLength - mLength - 3); - // Concatenate PS, the message M, and other padding to form an - // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. - const encoded = new Uint8Array(keyLength); - // 0x00 byte - encoded[1] = 2; - encoded.set(PS, 2); - // 0x00 bytes - encoded.set(message, keyLength - mLength); - return encoded; -} - -/** - * Decode a EME-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2} - * @param {Uint8Array} encoded - Encoded message bytes - * @param {Uint8Array} randomPayload - Data to return in case of decoding error (needed for constant-time processing) - * @returns {Uint8Array} decoded data or `randomPayload` (on error, if given) - * @throws {Error} on decoding failure, unless `randomPayload` is provided - */ -function emeDecode(encoded, randomPayload) { - // encoded format: 0x00 0x02 0x00 - let offset = 2; - let separatorNotFound = 1; - for (let j = offset; j < encoded.length; j++) { - separatorNotFound &= encoded[j] !== 0; - offset += separatorNotFound; - } - - const psLen = offset - 2; - const payload = encoded.subarray(offset + 1); // discard the 0x00 separator - const isValidPadding = encoded[0] === 0 & encoded[1] === 2 & psLen >= 8 & !separatorNotFound; - - if (randomPayload) { - return util.selectUint8Array(isValidPadding, payload, randomPayload); - } - - if (isValidPadding) { - return payload; - } - - throw new Error('Decryption error'); -} - -/** - * Create a EMSA-PKCS1-v1_5 padded message - * @see {@link https://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3} - * @param {Integer} algo - Hash algorithm type used - * @param {Uint8Array} hashed - Message to be encoded - * @param {Integer} emLen - Intended length in octets of the encoded message - * @returns {Uint8Array} Encoded message. - */ -async function emsaEncode(algo, hashed, emLen) { - let i; - if (hashed.length !== hash.getHashByteLength(algo)) { - throw new Error('Invalid hash length'); - } - // produce an ASN.1 DER value for the hash function used. - // Let T be the full hash prefix - const hashPrefix = new Uint8Array(hash_headers[algo].length); - for (i = 0; i < hash_headers[algo].length; i++) { - hashPrefix[i] = hash_headers[algo][i]; - } - // and let tLen be the length in octets prefix and hashed data - const tLen = hashPrefix.length + hashed.length; - if (emLen < tLen + 11) { - throw new Error('Intended encoded message length too short'); - } - // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF - // The length of PS will be at least 8 octets - const PS = new Uint8Array(emLen - tLen - 3).fill(0xff); - - // Concatenate PS, the hash prefix, hashed data, and other padding to form the - // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || prefix || hashed - const EM = new Uint8Array(emLen); - EM[1] = 0x01; - EM.set(PS, 2); - EM.set(hashPrefix, emLen - tLen); - EM.set(hashed, emLen - hashed.length); - return EM; -} - -var pkcs1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - emeEncode: emeEncode, - emeDecode: emeDecode, - emsaEncode: emsaEncode -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -const webCrypto$5 = util.getWebCrypto(); -const nodeCrypto$6 = util.getNodeCrypto(); -const asn1 = nodeCrypto$6 ? void('asn1.js') : undefined; - -/* eslint-disable no-invalid-this */ -const RSAPrivateKey = nodeCrypto$6 ? asn1.define('RSAPrivateKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('version').int(), // 0 - this.key('modulus').int(), // n - this.key('publicExponent').int(), // e - this.key('privateExponent').int(), // d - this.key('prime1').int(), // p - this.key('prime2').int(), // q - this.key('exponent1').int(), // dp - this.key('exponent2').int(), // dq - this.key('coefficient').int() // u - ); -}) : undefined; - -const RSAPublicKey = nodeCrypto$6 ? asn1.define('RSAPubliceKey', function () { - this.seq().obj( // used for native NodeJS crypto - this.key('modulus').int(), // n - this.key('publicExponent').int() // e - ); -}) : undefined; -/* eslint-enable no-invalid-this */ - -/** Create signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} hashed - Hashed message - * @returns {Promise} RSA Signature. - * @async - */ -async function sign(hashAlgo, data, n, e, d, p, q, u, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webSign(enums.read(enums.webHash, hashAlgo), data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeSign(hashAlgo, data, n, e, d, p, q, u); - } - } - return bnSign(hashAlgo, n, d, hashed); -} - -/** - * Verify signature - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Uint8Array} data - Message - * @param {Uint8Array} s - Signature - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} hashed - Hashed message - * @returns {Boolean} - * @async - */ -async function verify(hashAlgo, data, s, n, e, hashed) { - if (data && !util.isStream(data)) { - if (util.getWebCrypto()) { - try { - return await webVerify(enums.read(enums.webHash, hashAlgo), data, s, n, e); - } catch (err) { - util.printDebugError(err); - } - } else if (util.getNodeCrypto()) { - return nodeVerify(hashAlgo, data, s, n, e); - } - } - return bnVerify(hashAlgo, s, n, e, hashed); -} - -/** - * Encrypt message - * @param {Uint8Array} data - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @returns {Promise} RSA Ciphertext. - * @async - */ -async function encrypt$1(data, n, e) { - if (util.getNodeCrypto()) { - return nodeEncrypt$1(data, n, e); - } - return bnEncrypt(data, n, e); -} - -/** - * Decrypt RSA message - * @param {Uint8Array} m - Message - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA private coefficient - * @param {Uint8Array} randomPayload - Data to return on decryption error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} RSA Plaintext. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$1(data, n, e, d, p, q, u, randomPayload) { - // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption, - // and we want to avoid checking the error type to decide if the random payload - // should indeed be returned. - if (util.getNodeCrypto() && !randomPayload) { - try { - return await nodeDecrypt$1(data, n, e, d, p, q, u); - } catch (err) { - util.printDebugError(err); - } - } - return bnDecrypt(data, n, e, d, p, q, u, randomPayload); -} - -/** - * Generate a new random private key B bits long with public exponent E. - * - * When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using - * 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm. - * @see module:crypto/public_key/prime - * @param {Integer} bits - RSA bit length - * @param {Integer} e - RSA public exponent - * @returns {{n, e, d, - * p, q ,u: Uint8Array}} RSA public modulus, RSA public exponent, RSA private exponent, - * RSA private prime p, RSA private prime q, u = p ** -1 mod q - * @async - */ -async function generate(bits, e) { - const BigInteger = await util.getBigInteger(); - - e = new BigInteger(e); - - // Native RSA keygen using Web Crypto - if (util.getWebCrypto()) { - const keyGenOpt = { - name: 'RSASSA-PKCS1-v1_5', - modulusLength: bits, // the specified keysize in bits - publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent - hash: { - name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' - } - }; - const keyPair = await webCrypto$5.generateKey(keyGenOpt, true, ['sign', 'verify']); - - // export the generated keys as JsonWebKey (JWK) - // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 - const jwk = await webCrypto$5.exportKey('jwk', keyPair.privateKey); - // map JWK parameters to corresponding OpenPGP names - return { - n: b64ToUint8Array(jwk.n), - e: e.toUint8Array(), - d: b64ToUint8Array(jwk.d), - // switch p and q - p: b64ToUint8Array(jwk.q), - q: b64ToUint8Array(jwk.p), - // Since p and q are switched in places, u is the inverse of jwk.q - u: b64ToUint8Array(jwk.qi) - }; - } else if (util.getNodeCrypto() && nodeCrypto$6.generateKeyPair && RSAPrivateKey) { - const opts = { - modulusLength: bits, - publicExponent: e.toNumber(), - publicKeyEncoding: { type: 'pkcs1', format: 'der' }, - privateKeyEncoding: { type: 'pkcs1', format: 'der' } - }; - const prv = await new Promise((resolve, reject) => { - nodeCrypto$6.generateKeyPair('rsa', opts, (err, _, der) => { - if (err) { - reject(err); - } else { - resolve(RSAPrivateKey.decode(der, 'der')); - } - }); - }); - /** - * OpenPGP spec differs from DER spec, DER: `u = (inverse of q) mod p`, OpenPGP: `u = (inverse of p) mod q`. - * @link https://tools.ietf.org/html/rfc3447#section-3.2 - * @link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.6.1 - */ - return { - n: prv.modulus.toArrayLike(Uint8Array), - e: prv.publicExponent.toArrayLike(Uint8Array), - d: prv.privateExponent.toArrayLike(Uint8Array), - // switch p and q - p: prv.prime2.toArrayLike(Uint8Array), - q: prv.prime1.toArrayLike(Uint8Array), - // Since p and q are switched in places, we can keep u as defined by DER - u: prv.coefficient.toArrayLike(Uint8Array) - }; - } - - // RSA keygen fallback using 40 iterations of the Miller-Rabin test - // See https://stackoverflow.com/a/6330138 for justification - // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST - let p; - let q; - let n; - do { - q = await randomProbablePrime(bits - (bits >> 1), e, 40); - p = await randomProbablePrime(bits >> 1, e, 40); - n = p.mul(q); - } while (n.bitLength() !== bits); - - const phi = p.dec().imul(q.dec()); - - if (q.lt(p)) { - [p, q] = [q, p]; - } - - return { - n: n.toUint8Array(), - e: e.toUint8Array(), - d: e.modInv(phi).toUint8Array(), - p: p.toUint8Array(), - q: q.toUint8Array(), - // dp: d.mod(p.subn(1)), - // dq: d.mod(q.subn(1)), - u: p.modInv(q).toUint8Array() - }; -} - -/** - * Validate RSA parameters - * @param {Uint8Array} n - RSA public modulus - * @param {Uint8Array} e - RSA public exponent - * @param {Uint8Array} d - RSA private exponent - * @param {Uint8Array} p - RSA private prime p - * @param {Uint8Array} q - RSA private prime q - * @param {Uint8Array} u - RSA inverse of p w.r.t. q - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - p = new BigInteger(p); - q = new BigInteger(q); - - // expect pq = n - if (!p.mul(q).equal(n)) { - return false; - } - - const two = new BigInteger(2); - // expect p*u = 1 mod q - u = new BigInteger(u); - if (!p.mul(u).mod(q).isOne()) { - return false; - } - - e = new BigInteger(e); - d = new BigInteger(d); - /** - * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1) - * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)] - * By CRT on coprime factors of (p-1, q-1) it follows that [de = 1 mod lcm(p-1, q-1)] - * - * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1) - */ - const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3)); - const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q - const rde = r.mul(d).mul(e); - - const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r); - if (!areInverses) { - return false; - } - - return true; -} - -async function bnSign(hashAlgo, n, d, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength())); - d = new BigInteger(d); - if (m.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return m.modExp(d, n).toUint8Array('be', n.byteLength()); -} - -async function webSign(hashName, data, n, e, d, p, q, u) { - /** OpenPGP keys require that p < q, and Safari Web Crypto requires that p > q. - * We swap them in privateToJWK, so it usually works out, but nevertheless, - * not all OpenPGP keys are compatible with this requirement. - * OpenPGP.js used to generate RSA keys the wrong way around (p > q), and still - * does if the underlying Web Crypto does so (though the tested implementations - * don't do so). - */ - const jwk = await privateToJWK(n, e, d, p, q, u); - const algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }; - const key = await webCrypto$5.importKey('jwk', jwk, algo, false, ['sign']); - return new Uint8Array(await webCrypto$5.sign('RSASSA-PKCS1-v1_5', key, data)); -} - -async function nodeSign(hashAlgo, data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const sign = nodeCrypto$6.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(data); - sign.end(); - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPrivateKey.encode(keyObject, 'der'); - return new Uint8Array(sign.sign({ key: der, format: 'der', type: 'pkcs1' })); - } - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - return new Uint8Array(sign.sign(pem)); -} - -async function bnVerify(hashAlgo, s, n, e, hashed) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - s = new BigInteger(s); - e = new BigInteger(e); - if (s.gte(n)) { - throw new Error('Signature size cannot exceed modulus size'); - } - const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength()); - const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength()); - return util.equalsUint8Array(EM1, EM2); -} - -async function webVerify(hashName, data, s, n, e) { - const jwk = publicToJWK(n, e); - const key = await webCrypto$5.importKey('jwk', jwk, { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: hashName } - }, false, ['verify']); - return webCrypto$5.verify('RSASSA-PKCS1-v1_5', key, s, data); -} - -async function nodeVerify(hashAlgo, data, s, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$6.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(data); - verify.end(); - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { //from version 11.6.0 Node supports der encoded key objects - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1' }; - } else { - key = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - } - try { - return await verify.verify(key, s); - } catch (err) { - return false; - } -} - -async function nodeEncrypt$1(data, n, e) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const keyObject = { - modulus: new BN(n), - publicExponent: new BN(e) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPublicKey.encode(keyObject, 'der'); - key = { key: der, format: 'der', type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPublicKey.encode(keyObject, 'pem', { - label: 'RSA PUBLIC KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - return new Uint8Array(nodeCrypto$6.publicEncrypt(key, data)); -} - -async function bnEncrypt(data, n, e) { - const BigInteger = await util.getBigInteger(); - n = new BigInteger(n); - data = new BigInteger(emeEncode(data, n.byteLength())); - e = new BigInteger(e); - if (data.gte(n)) { - throw new Error('Message size cannot exceed modulus size'); - } - return data.modExp(e, n).toUint8Array('be', n.byteLength()); -} - -async function nodeDecrypt$1(data, n, e, d, p, q, u) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const pBNum = new BN(p); - const qBNum = new BN(q); - const dBNum = new BN(d); - const dq = dBNum.mod(qBNum.subn(1)); // d mod (q-1) - const dp = dBNum.mod(pBNum.subn(1)); // d mod (p-1) - const keyObject = { - version: 0, - modulus: new BN(n), - publicExponent: new BN(e), - privateExponent: new BN(d), - // switch p and q - prime1: new BN(q), - prime2: new BN(p), - // switch dp and dq - exponent1: dq, - exponent2: dp, - coefficient: new BN(u) - }; - let key; - if (typeof nodeCrypto$6.createPrivateKey !== 'undefined') { - const der = RSAPrivateKey.encode(keyObject, 'der'); - key = { key: der, format: 'der' , type: 'pkcs1', padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } else { - const pem = RSAPrivateKey.encode(keyObject, 'pem', { - label: 'RSA PRIVATE KEY' - }); - key = { key: pem, padding: nodeCrypto$6.constants.RSA_PKCS1_PADDING }; - } - try { - return new Uint8Array(nodeCrypto$6.privateDecrypt(key, data)); - } catch (err) { - throw new Error('Decryption error'); - } -} - -async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) { - const BigInteger = await util.getBigInteger(); - data = new BigInteger(data); - n = new BigInteger(n); - e = new BigInteger(e); - d = new BigInteger(d); - p = new BigInteger(p); - q = new BigInteger(q); - u = new BigInteger(u); - if (data.gte(n)) { - throw new Error('Data too large.'); - } - const dq = d.mod(q.dec()); // d mod (q-1) - const dp = d.mod(p.dec()); // d mod (p-1) - - const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n); - const blinder = unblinder.modInv(n).modExp(e, n); - data = data.mul(blinder).mod(n); - - - const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p - const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q - const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q) - - let result = h.mul(p).add(mp); // result < n due to relations above - - result = result.mul(unblinder).mod(n); - - - return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload); -} - -/** Convert Openpgp private key params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - * @param {Uint8Array} d - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} u - */ -async function privateToJWK(n, e, d, p, q, u) { - const BigInteger = await util.getBigInteger(); - const pNum = new BigInteger(p); - const qNum = new BigInteger(q); - const dNum = new BigInteger(d); - - let dq = dNum.mod(qNum.dec()); // d mod (q-1) - let dp = dNum.mod(pNum.dec()); // d mod (p-1) - dp = dp.toUint8Array(); - dq = dq.toUint8Array(); - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - d: uint8ArrayToB64(d, true), - // switch p and q - p: uint8ArrayToB64(q, true), - q: uint8ArrayToB64(p, true), - // switch dp and dq - dp: uint8ArrayToB64(dq, true), - dq: uint8ArrayToB64(dp, true), - qi: uint8ArrayToB64(u, true), - ext: true - }; -} - -/** Convert Openpgp key public params to jwk key according to - * @link https://tools.ietf.org/html/rfc7517 - * @param {String} hashAlgo - * @param {Uint8Array} n - * @param {Uint8Array} e - */ -function publicToJWK(n, e) { - return { - kty: 'RSA', - n: uint8ArrayToB64(n, true), - e: uint8ArrayToB64(e, true), - ext: true - }; -} - -var rsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign, - verify: verify, - encrypt: encrypt$1, - decrypt: decrypt$1, - generate: generate, - validateParams: validateParams -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * ElGamal Encryption function - * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA) - * @param {Uint8Array} data - To be padded and encrypted - * @param {Uint8Array} p - * @param {Uint8Array} g - * @param {Uint8Array} y - * @returns {Promise<{ c1: Uint8Array, c2: Uint8Array }>} - * @async - */ -async function encrypt$2(data, p, g, y) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const padded = emeEncode(data, p.byteLength()); - const m = new BigInteger(padded); - - // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ* - // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2] - const k = await getRandomBigInteger(new BigInteger(1), p.dec()); - return { - c1: g.modExp(k, p).toUint8Array(), - c2: y.modExp(k, p).imul(m).imod(p).toUint8Array() - }; -} - -/** - * ElGamal Encryption function - * @param {Uint8Array} c1 - * @param {Uint8Array} c2 - * @param {Uint8Array} p - * @param {Uint8Array} x - * @param {Uint8Array} randomPayload - Data to return on unpadding error, instead of throwing - * (needed for constant-time processing) - * @returns {Promise} Unpadded message. - * @throws {Error} on decryption error, unless `randomPayload` is given - * @async - */ -async function decrypt$2(c1, c2, p, x, randomPayload) { - const BigInteger = await util.getBigInteger(); - c1 = new BigInteger(c1); - c2 = new BigInteger(c2); - p = new BigInteger(p); - x = new BigInteger(x); - - const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p); - return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload); -} - -/** - * Validate ElGamal parameters - * @param {Uint8Array} p - ElGamal prime - * @param {Uint8Array} g - ElGamal group generator - * @param {Uint8Array} y - ElGamal public key - * @param {Uint8Array} x - ElGamal private exponent - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$1(p, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - g = new BigInteger(g); - y = new BigInteger(y); - - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - // Expect p-1 to be large - const pSize = new BigInteger(p.bitLength()); - const n1023 = new BigInteger(1023); - if (pSize.lt(n1023)) { - return false; - } - - /** - * g should have order p-1 - * Check that g ** (p-1) = 1 mod p - */ - if (!g.modExp(p.dec(), p).isOne()) { - return false; - } - - /** - * Since p-1 is not prime, g might have a smaller order that divides p-1 - * We want to make sure that the order is large enough to hinder a small subgroup attack - * - * We just check g**i != 1 for all i up to a threshold - */ - let res = g; - const i = new BigInteger(1); - const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold - while (i.lt(threshold)) { - res = res.mul(g).imod(p); - if (res.isOne()) { - return false; - } - i.iinc(); - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{r(p-1) + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1 - const rqx = p.dec().imul(r).iadd(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var elgamal = /*#__PURE__*/Object.freeze({ - __proto__: null, - encrypt: encrypt$2, - decrypt: decrypt$2, - validateParams: validateParams$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class OID { - constructor(oid) { - if (oid instanceof OID) { - this.oid = oid.oid; - } else if (util.isArray(oid) || - util.isUint8Array(oid)) { - oid = new Uint8Array(oid); - if (oid[0] === 0x06) { // DER encoded oid byte array - if (oid[1] !== oid.length - 2) { - throw new Error('Length mismatch in DER encoded oid'); - } - oid = oid.subarray(2); - } - this.oid = oid; - } else { - this.oid = ''; - } - } - - /** - * Method to read an OID object - * @param {Uint8Array} input - Where to read the OID from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length >= 1) { - const length = input[0]; - if (input.length >= 1 + length) { - this.oid = input.subarray(1, 1 + length); - return 1 + this.oid.length; - } - } - throw new Error('Invalid oid'); - } - - /** - * Serialize an OID object - * @returns {Uint8Array} Array with the serialized value the OID. - */ - write() { - return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); - } - - /** - * Serialize an OID object as a hex string - * @returns {string} String with the hex value of the OID. - */ - toHex() { - return util.uint8ArrayToHex(this.oid); - } - - /** - * If a known curve object identifier, return the canonical name of the curve - * @returns {string} String with the canonical name of the curve. - */ - getName() { - const hex = this.toHex(); - if (enums.curve[hex]) { - return enums.write(enums.curve, hex); - } else { - throw new Error('Unknown curve object identifier.'); - } - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -function keyFromPrivate(indutnyCurve, priv) { - const keyPair = indutnyCurve.keyPair({ priv: priv }); - return keyPair; -} - -function keyFromPublic(indutnyCurve, pub) { - const keyPair = indutnyCurve.keyPair({ pub: pub }); - if (keyPair.validate().result !== true) { - throw new Error('Invalid elliptic public key'); - } - return keyPair; -} - -async function getIndutnyCurve(name) { - if (!config.useIndutnyElliptic) { - throw new Error('This curve is only supported in the full build of OpenPGP.js'); - } - const { default: elliptic } = await Promise.resolve().then(function () { return elliptic$1; }); - return new elliptic.ec(name); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -function readSimpleLength(bytes) { - let len = 0; - let offset; - const type = bytes[0]; - - - if (type < 192) { - [len] = bytes; - offset = 1; - } else if (type < 255) { - len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; - offset = 2; - } else if (type === 255) { - len = util.readNumber(bytes.subarray(1, 1 + 4)); - offset = 5; - } - - return { - len: len, - offset: offset - }; -} - -/** - * Encodes a given integer of length to the openpgp length specifier to a - * string - * - * @param {Integer} length - The length to encode - * @returns {Uint8Array} String with openpgp length representation. - */ -function writeSimpleLength(length) { - if (length < 192) { - return new Uint8Array([length]); - } else if (length > 191 && length < 8384) { - /* - * let a = (total data packet length) - 192 let bc = two octet - * representation of a let d = b + 192 - */ - return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); - } - return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); -} - -function writePartialLength(power) { - if (power < 0 || power > 30) { - throw new Error('Partial Length power must be between 1 and 30'); - } - return new Uint8Array([224 + power]); -} - -function writeTag(tag_type) { - /* we're only generating v4 packet headers here */ - return new Uint8Array([0xC0 | tag_type]); -} - -/** - * Writes a packet header version 4 with the given tag_type and length to a - * string - * - * @param {Integer} tag_type - Tag type - * @param {Integer} length - Length of the payload - * @returns {String} String of the header. - */ -function writeHeader(tag_type, length) { - /* we're only generating v4 packet headers here */ - return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); -} - -/** - * Whether the packet type supports partial lengths per RFC4880 - * @param {Integer} tag - Tag type - * @returns {Boolean} String of the header. - */ -function supportsStreaming(tag) { - return [ - enums.packet.literalData, - enums.packet.compressedData, - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ].includes(tag); -} - -/** - * Generic static Packet Parser function - * - * @param {Uint8Array | ReadableStream} input - Input stream as string - * @param {Function} callback - Function to call with the parsed packet - * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. - */ -async function readPackets(input, callback) { - const reader = getReader(input); - let writer; - let callbackReturned; - try { - const peekedBytes = await reader.peekBytes(2); - // some sanity checks - if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { - throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); - } - const headerByte = await reader.readByte(); - let tag = -1; - let format = -1; - let packetLength; - - format = 0; // 0 = old format; 1 = new format - if ((headerByte & 0x40) !== 0) { - format = 1; - } - - let packetLengthType; - if (format) { - // new format header - tag = headerByte & 0x3F; // bit 5-0 - } else { - // old format header - tag = (headerByte & 0x3F) >> 2; // bit 5-2 - packetLengthType = headerByte & 0x03; // bit 1-0 - } - - const packetSupportsStreaming = supportsStreaming(tag); - let packet = null; - if (packetSupportsStreaming) { - if (util.isStream(input) === 'array') { - const arrayStream = new ArrayStream(); - writer = getWriter(arrayStream); - packet = arrayStream; - } else { - const transform = new TransformStream(); - writer = getWriter(transform.writable); - packet = transform.readable; - } - // eslint-disable-next-line callback-return - callbackReturned = callback({ tag, packet }); - } else { - packet = []; - } - - let wasPartialLength; - do { - if (!format) { - // 4.2.1. Old Format Packet Lengths - switch (packetLengthType) { - case 0: - // The packet has a one-octet length. The header is 2 octets - // long. - packetLength = await reader.readByte(); - break; - case 1: - // The packet has a two-octet length. The header is 3 octets - // long. - packetLength = (await reader.readByte() << 8) | await reader.readByte(); - break; - case 2: - // The packet has a four-octet length. The header is 5 - // octets long. - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - break; - default: - // 3 - The packet is of indeterminate length. The header is 1 - // octet long, and the implementation must determine how long - // the packet is. If the packet is in a file, this means that - // the packet extends until the end of the file. In general, - // an implementation SHOULD NOT use indeterminate-length - // packets except where the end of the data will be clear - // from the context, and even then it is better to use a - // definite length, or a new format header. The new format - // headers described below have a mechanism for precisely - // encoding data of indeterminate length. - packetLength = Infinity; - break; - } - } else { // 4.2.2. New Format Packet Lengths - // 4.2.2.1. One-Octet Lengths - const lengthByte = await reader.readByte(); - wasPartialLength = false; - if (lengthByte < 192) { - packetLength = lengthByte; - // 4.2.2.2. Two-Octet Lengths - } else if (lengthByte >= 192 && lengthByte < 224) { - packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; - // 4.2.2.4. Partial Body Lengths - } else if (lengthByte > 223 && lengthByte < 255) { - packetLength = 1 << (lengthByte & 0x1F); - wasPartialLength = true; - if (!packetSupportsStreaming) { - throw new TypeError('This packet type does not support partial lengths.'); - } - // 4.2.2.3. Five-Octet Lengths - } else { - packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << - 8) | await reader.readByte(); - } - } - if (packetLength > 0) { - let bytesRead = 0; - while (true) { - if (writer) await writer.ready; - const { done, value } = await reader.read(); - if (done) { - if (packetLength === Infinity) break; - throw new Error('Unexpected end of packet'); - } - const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); - if (writer) await writer.write(chunk); - else packet.push(chunk); - bytesRead += value.length; - if (bytesRead >= packetLength) { - reader.unshift(value.subarray(packetLength - bytesRead + value.length)); - break; - } - } - } - } while (wasPartialLength); - - // If this was not a packet that "supports streaming", we peek to check - // whether it is the last packet in the message. We peek 2 bytes instead - // of 1 because the beginning of this function also peeks 2 bytes, and we - // want to cut a `subarray` of the correct length into `web-stream-tools`' - // `externalBuffer` as a tiny optimization here. - // - // If it *was* a streaming packet (i.e. the data packets), we peek at the - // entire remainder of the stream, in order to forward errors in the - // remainder of the stream to the packet data. (Note that this means we - // read/peek at all signature packets before closing the literal data - // packet, for example.) This forwards MDC errors to the literal data - // stream, for example, so that they don't get lost / forgotten on - // decryptedMessage.packets.stream, which we never look at. - // - // An example of what we do when stream-parsing a message containing - // [ one-pass signature packet, literal data packet, signature packet ]: - // 1. Read the one-pass signature packet - // 2. Peek 2 bytes of the literal data packet - // 3. Parse the one-pass signature packet - // - // 4. Read the literal data packet, simultaneously stream-parsing it - // 5. Peek until the end of the message - // 6. Finish parsing the literal data packet - // - // 7. Read the signature packet again (we already peeked at it in step 5) - // 8. Peek at the end of the stream again (`peekBytes` returns undefined) - // 9. Parse the signature packet - // - // Note that this means that if there's an error in the very end of the - // stream, such as an MDC error, we throw in step 5 instead of in step 8 - // (or never), which is the point of this exercise. - const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); - if (writer) { - await writer.ready; - await writer.close(); - } else { - packet = util.concatUint8Array(packet); - // eslint-disable-next-line callback-return - await callback({ tag, packet }); - } - return !nextPacket || !nextPacket.length; - } catch (e) { - if (writer) { - await writer.abort(e); - return true; - } else { - throw e; - } - } finally { - if (writer) { - await callbackReturned; - } - reader.releaseLock(); - } -} - -class UnsupportedError extends Error { - constructor(...params) { - super(...params); - - if (Error.captureStackTrace) { - Error.captureStackTrace(this, UnsupportedError); - } - - this.name = 'UnsupportedError'; - } -} - -class UnparseablePacket { - constructor(tag, rawContent) { - this.tag = tag; - this.rawContent = rawContent; - } - - write() { - return this.rawContent; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$6 = util.getWebCrypto(); -const nodeCrypto$7 = util.getNodeCrypto(); - -const webCurves = { - 'p256': 'P-256', - 'p384': 'P-384', - 'p521': 'P-521' -}; -const knownCurves = nodeCrypto$7 ? nodeCrypto$7.getCurves() : []; -const nodeCurves = nodeCrypto$7 ? { - secp256k1: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, - p256: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, - p384: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, - p521: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, - ed25519: knownCurves.includes('ED25519') ? 'ED25519' : undefined, - curve25519: knownCurves.includes('X25519') ? 'X25519' : undefined, - brainpoolP256r1: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, - brainpoolP384r1: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, - brainpoolP512r1: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined -} : {}; - -const curves = { - p256: { - oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.p256, - web: webCurves.p256, - payloadSize: 32, - sharedSize: 256 - }, - p384: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.p384, - web: webCurves.p384, - payloadSize: 48, - sharedSize: 384 - }, - p521: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.p521, - web: webCurves.p521, - payloadSize: 66, - sharedSize: 528 - }, - secp256k1: { - oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.secp256k1, - payloadSize: 32 - }, - ed25519: { - oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], - keyType: enums.publicKey.eddsaLegacy, - hash: enums.hash.sha512, - node: false, // nodeCurves.ed25519 TODO - payloadSize: 32 - }, - curve25519: { - oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], - keyType: enums.publicKey.ecdh, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: false, // nodeCurves.curve25519 TODO - payloadSize: 32 - }, - brainpoolP256r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha256, - cipher: enums.symmetric.aes128, - node: nodeCurves.brainpoolP256r1, - payloadSize: 32 - }, - brainpoolP384r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha384, - cipher: enums.symmetric.aes192, - node: nodeCurves.brainpoolP384r1, - payloadSize: 48 - }, - brainpoolP512r1: { - oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], - keyType: enums.publicKey.ecdsa, - hash: enums.hash.sha512, - cipher: enums.symmetric.aes256, - node: nodeCurves.brainpoolP512r1, - payloadSize: 64 - } -}; - -class CurveWithOID { - constructor(oidOrName, params) { - try { - if (util.isArray(oidOrName) || - util.isUint8Array(oidOrName)) { - // by oid byte array - oidOrName = new OID(oidOrName); - } - if (oidOrName instanceof OID) { - // by curve OID - oidOrName = oidOrName.getName(); - } - // by curve name or oid string - this.name = enums.write(enums.curve, oidOrName); - } catch (err) { - throw new UnsupportedError('Unknown curve'); - } - params = params || curves[this.name]; - - this.keyType = params.keyType; - - this.oid = params.oid; - this.hash = params.hash; - this.cipher = params.cipher; - this.node = params.node && curves[this.name]; - this.web = params.web && curves[this.name]; - this.payloadSize = params.payloadSize; - if (this.web && util.getWebCrypto()) { - this.type = 'web'; - } else if (this.node && util.getNodeCrypto()) { - this.type = 'node'; - } else if (this.name === 'curve25519') { - this.type = 'curve25519'; - } else if (this.name === 'ed25519') { - this.type = 'ed25519'; - } - } - - async genKeyPair() { - let keyPair; - switch (this.type) { - case 'web': - try { - return await webGenKeyPair(this.name); - } catch (err) { - util.printDebugError('Browser did not support generating ec key ' + err.message); - break; - } - case 'node': - return nodeGenKeyPair(this.name); - case 'curve25519': { - const privateKey = getRandomBytes(32); - privateKey[0] = (privateKey[0] & 127) | 64; - privateKey[31] &= 248; - const secretKey = privateKey.slice().reverse(); - keyPair = naclFastLight.box.keyPair.fromSecretKey(secretKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - case 'ed25519': { - const privateKey = getRandomBytes(32); - const keyPair = naclFastLight.sign.keyPair.fromSeed(privateKey); - const publicKey = util.concatUint8Array([new Uint8Array([0x40]), keyPair.publicKey]); - return { publicKey, privateKey }; - } - } - const indutnyCurve = await getIndutnyCurve(this.name); - keyPair = await indutnyCurve.genKeyPair({ - entropy: util.uint8ArrayToString(getRandomBytes(32)) - }); - return { publicKey: new Uint8Array(keyPair.getPublic('array', false)), privateKey: keyPair.getPrivate().toArrayLike(Uint8Array) }; - } -} - -async function generate$1(curve) { - const BigInteger = await util.getBigInteger(); - - curve = new CurveWithOID(curve); - const keyPair = await curve.genKeyPair(); - const Q = new BigInteger(keyPair.publicKey).toUint8Array(); - const secret = new BigInteger(keyPair.privateKey).toUint8Array('be', curve.payloadSize); - return { - oid: curve.oid, - Q, - secret, - hash: curve.hash, - cipher: curve.cipher - }; -} - -/** - * Get preferred hash algo to use with the given curve - * @param {module:type/oid} oid - curve oid - * @returns {enums.hash} hash algorithm - */ -function getPreferredHashAlgo(oid) { - return curves[enums.write(enums.curve, oid.toHex())].hash; -} - -/** - * Validate ECDH and ECDSA parameters - * Not suitable for EdDSA (different secret key format) - * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves - * @param {module:type/oid} oid - EC object identifier - * @param {Uint8Array} Q - EC public point - * @param {Uint8Array} d - EC secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateStandardParams(algo, oid, Q, d) { - const supportedCurves = { - p256: true, - p384: true, - p521: true, - secp256k1: true, - curve25519: algo === enums.publicKey.ecdh, - brainpoolP256r1: true, - brainpoolP384r1: true, - brainpoolP512r1: true - }; - - // Check whether the given curve is supported - const curveName = oid.getName(); - if (!supportedCurves[curveName]) { - return false; - } - - if (curveName === 'curve25519') { - d = d.slice().reverse(); - // Re-derive public point Q' - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(d); - - Q = new Uint8Array(Q); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - if (!util.equalsUint8Array(dG, Q)) { - return false; - } - - return true; - } - - const curve = await getIndutnyCurve(curveName); - try { - // Parse Q and check that it is on the curve but not at infinity - Q = keyFromPublic(curve, Q).getPublic(); - } catch (validationErrors) { - return false; - } - - /** - * Re-derive public point Q' = dG from private key - * Expect Q == Q' - */ - const dG = keyFromPrivate(curve, d).getPublic(); - if (!dG.eq(Q)) { - return false; - } - - return true; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -async function webGenKeyPair(name) { - // Note: keys generated with ECDSA and ECDH are structurally equivalent - const webCryptoKey = await webCrypto$6.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - - const privateKey = await webCrypto$6.exportKey('jwk', webCryptoKey.privateKey); - const publicKey = await webCrypto$6.exportKey('jwk', webCryptoKey.publicKey); - - return { - publicKey: jwkToRawPublic(publicKey), - privateKey: b64ToUint8Array(privateKey.d) - }; -} - -async function nodeGenKeyPair(name) { - // Note: ECDSA and ECDH key generation is structurally equivalent - const ecdh = nodeCrypto$7.createECDH(nodeCurves[name]); - await ecdh.generateKeys(); - return { - publicKey: new Uint8Array(ecdh.getPublicKey()), - privateKey: new Uint8Array(ecdh.getPrivateKey()) - }; -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -/** - * @param {JsonWebKey} jwk - key for conversion - * - * @returns {Uint8Array} Raw public key. - */ -function jwkToRawPublic(jwk) { - const bufX = b64ToUint8Array(jwk.x); - const bufY = b64ToUint8Array(jwk.y); - const publicKey = new Uint8Array(bufX.length + bufY.length + 1); - publicKey[0] = 0x04; - publicKey.set(bufX, 1); - publicKey.set(bufY, bufX.length + 1); - return publicKey; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * - * @returns {JsonWebKey} Public key in jwk format. - */ -function rawPublicToJWK(payloadSize, name, publicKey) { - const len = payloadSize; - const bufX = publicKey.slice(1, len + 1); - const bufY = publicKey.slice(len + 1, len * 2 + 1); - // https://www.rfc-editor.org/rfc/rfc7518.txt - const jwk = { - kty: 'EC', - crv: name, - x: uint8ArrayToB64(bufX, true), - y: uint8ArrayToB64(bufY, true), - ext: true - }; - return jwk; -} - -/** - * @param {Integer} payloadSize - ec payload size - * @param {String} name - curve name - * @param {Uint8Array} publicKey - public key - * @param {Uint8Array} privateKey - private key - * - * @returns {JsonWebKey} Private key in jwk format. - */ -function privateToJWK$1(payloadSize, name, publicKey, privateKey) { - const jwk = rawPublicToJWK(payloadSize, name, publicKey); - jwk.d = uint8ArrayToB64(privateKey, true); - return jwk; -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$7 = util.getWebCrypto(); -const nodeCrypto$8 = util.getNodeCrypto(); - -/** - * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$1(oid, hashAlgo, message, publicKey, privateKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - const keyPair = { publicKey, privateKey }; - switch (curve.type) { - case 'web': { - // If browser doesn't support a curve, we'll catch it - try { - // Need to await to make sure browser succeeds - return await webSign$1(curve, hashAlgo, message, keyPair); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunaley Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support signing: ' + err.message); - } - break; - } - case 'node': { - const signature = await nodeSign$1(curve, hashAlgo, message, keyPair); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; - } - } - } - return ellipticSign(curve, hashed, privateKey); -} - -/** - * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify - * @param {Uint8Array} message - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$1(oid, hashAlgo, signature, message, publicKey, hashed) { - const curve = new CurveWithOID(oid); - if (message && !util.isStream(message)) { - switch (curve.type) { - case 'web': - try { - // Need to await to make sure browser succeeds - return await webVerify$1(curve, hashAlgo, signature, message, publicKey); - } catch (err) { - // We do not fallback if the error is related to key integrity - // Unfortunately Safari does not support p521 and throws a DataError when using it - // So we need to always fallback for that curve - if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) { - throw err; - } - util.printDebugError('Browser did not support verifying: ' + err.message); - } - break; - case 'node': - return nodeVerify$1(curve, hashAlgo, signature, message, publicKey); - } - } - const digest = (typeof hashAlgo === 'undefined') ? message : hashed; - return ellipticVerify(curve, signature, digest, publicKey); -} - -/** - * Validate ECDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDSA public point - * @param {Uint8Array} d - ECDSA secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$2(oid, Q, d) { - const curve = new CurveWithOID(oid); - // Reject curves x25519 and ed25519 - if (curve.keyType !== enums.publicKey.ecdsa) { - return false; - } - - // To speed up the validation, we try to use node- or webcrypto when available - // and sign + verify a random message - switch (curve.type) { - case 'web': - case 'node': { - const message = getRandomBytes(8); - const hashAlgo = enums.hash.sha256; - const hashed = await hash.digest(hashAlgo, message); - try { - const signature = await sign$1(oid, hashAlgo, message, Q, d, hashed); - return await verify$1(oid, hashAlgo, signature, message, Q, hashed); - } catch (err) { - return false; - } - } - default: - return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); - } -} - - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - -async function ellipticSign(curve, hashed, privateKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPrivate(indutnyCurve, privateKey); - const signature = key.sign(hashed); - return { - r: signature.r.toArrayLike(Uint8Array), - s: signature.s.toArrayLike(Uint8Array) - }; -} - -async function ellipticVerify(curve, signature, digest, publicKey) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const key = keyFromPublic(indutnyCurve, publicKey); - return key.verify(digest, signature); -} - -async function webSign$1(curve, hashAlgo, message, keyPair) { - const len = curve.payloadSize; - const jwk = privateToJWK$1(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['sign'] - ); - - const signature = new Uint8Array(await webCrypto$7.sign( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - message - )); - - return { - r: signature.slice(0, len), - s: signature.slice(len, len << 1) - }; -} - -async function webVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); - const key = await webCrypto$7.importKey( - 'jwk', - jwk, - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, curve.hash) } - }, - false, - ['verify'] - ); - - const signature = util.concatUint8Array([r, s]).buffer; - - return webCrypto$7.verify( - { - 'name': 'ECDSA', - 'namedCurve': webCurves[curve.name], - 'hash': { name: enums.read(enums.webHash, hashAlgo) } - }, - key, - signature, - message - ); -} - -async function nodeSign$1(curve, hashAlgo, message, keyPair) { - const sign = nodeCrypto$8.createSign(enums.read(enums.hash, hashAlgo)); - sign.write(message); - sign.end(); - const key = ECPrivateKey.encode({ - version: 1, - parameters: curve.oid, - privateKey: Array.from(keyPair.privateKey), - publicKey: { unused: 0, data: Array.from(keyPair.publicKey) } - }, 'pem', { - label: 'EC PRIVATE KEY' - }); - - return ECDSASignature.decode(sign.sign(key), 'der'); -} - -async function nodeVerify$1(curve, hashAlgo, { r, s }, message, publicKey) { - const { default: BN } = await Promise.resolve().then(function () { return bn$1; }); - - const verify = nodeCrypto$8.createVerify(enums.read(enums.hash, hashAlgo)); - verify.write(message); - verify.end(); - const key = SubjectPublicKeyInfo.encode({ - algorithm: { - algorithm: [1, 2, 840, 10045, 2, 1], - parameters: curve.oid - }, - subjectPublicKey: { unused: 0, data: Array.from(publicKey) } - }, 'pem', { - label: 'PUBLIC KEY' - }); - const signature = ECDSASignature.encode({ - r: new BN(r), s: new BN(s) - }, 'der'); - - try { - return verify.verify(key, signature); - } catch (err) { - return false; - } -} - -// Originally written by Owen Smith https://github.com/omsmith -// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/ - -/* eslint-disable no-invalid-this */ - -const asn1$1 = nodeCrypto$8 ? void('asn1.js') : undefined; - -const ECDSASignature = nodeCrypto$8 ? - asn1$1.define('ECDSASignature', function() { - this.seq().obj( - this.key('r').int(), - this.key('s').int() - ); - }) : undefined; - -const ECPrivateKey = nodeCrypto$8 ? - asn1$1.define('ECPrivateKey', function() { - this.seq().obj( - this.key('version').int(), - this.key('privateKey').octstr(), - this.key('parameters').explicit(0).optional().any(), - this.key('publicKey').explicit(1).optional().bitstr() - ); - }) : undefined; - -const AlgorithmIdentifier = nodeCrypto$8 ? - asn1$1.define('AlgorithmIdentifier', function() { - this.seq().obj( - this.key('algorithm').objid(), - this.key('parameters').optional().any() - ); - }) : undefined; - -const SubjectPublicKeyInfo = nodeCrypto$8 ? - asn1$1.define('SubjectPublicKeyInfo', function() { - this.seq().obj( - this.key('algorithm').use(AlgorithmIdentifier), - this.key('subjectPublicKey').bitstr() - ); - }) : undefined; - -var ecdsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$1, - verify: verify$1, - validateParams: validateParams$2 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Sign a message using the provided legacy EdDSA key - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * r: Uint8Array, - * s: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$2(oid, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; -} - -/** - * Verifies if a legacy EdDSA signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$2(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - const signature = util.concatUint8Array([r, s]); - return naclFastLight.sign.detached.verify(hashed, signature, publicKey.subarray(1)); -} -/** - * Validate legacy EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point - * @param {Uint8Array} k - EdDSA secret seed - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$3(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } - - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); - -} - -var eddsa_legacy = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$2, - verify: verify$2, - validateParams: validateParams$3 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -naclFastLight.hash = bytes => new Uint8Array(_512().update(bytes).digest()); - -/** - * Generate (non-legacy) EdDSA key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} - */ -async function generate$2(algo) { - switch (algo) { - case enums.publicKey.ed25519: { - const seed = getRandomBytes(32); - const { publicKey: A } = naclFastLight.sign.keyPair.fromSeed(seed); - return { A, seed }; - } - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} - -/** - * Sign a message using the provided key - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) - * @param {Uint8Array} message - Message to sign - * @param {Uint8Array} publicKey - Public key - * @param {Uint8Array} privateKey - Private key used to sign the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Promise<{ - * RS: Uint8Array - * }>} Signature of the message - * @async - */ -async function sign$3(algo, hashAlgo, message, publicKey, privateKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - const secretKey = util.concatUint8Array([privateKey, publicKey]); - const signature = naclFastLight.sign.detached(hashed, secretKey); - return { RS: signature }; - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } - -} - -/** - * Verifies if a signature is valid for a message - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{ RS: Uint8Array }} signature Signature to verify the message - * @param {Uint8Array} m - Message to verify - * @param {Uint8Array} publicKey - Public key used to verify the message - * @param {Uint8Array} hashed - The hashed message - * @returns {Boolean} - * @async - */ -async function verify$3(algo, hashAlgo, { RS }, m, publicKey, hashed) { - if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo$1(algo))) { - throw new Error('Hash algorithm too weak for EdDSA.'); - } - switch (algo) { - case enums.publicKey.ed25519: { - return naclFastLight.sign.detached.verify(hashed, RS, publicKey); - } - case enums.publicKey.ed448: - default: - throw new Error('Unsupported EdDSA algorithm'); - } -} -/** - * Validate (non-legacy) EdDSA parameters - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} A - EdDSA public point - * @param {Uint8Array} seed - EdDSA secret seed - * @param {Uint8Array} oid - (legacy only) EdDSA OID - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$4(algo, A, seed) { - switch (algo) { - case enums.publicKey.ed25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.sign.keyPair.fromSeed(seed); - return util.equalsUint8Array(A, publicKey); - } - - case enums.publicKey.ed448: // unsupported - default: - return false; - } -} - -function getPreferredHashAlgo$1(algo) { - switch (algo) { - case enums.publicKey.ed25519: - return enums.hash.sha256; - default: - throw new Error('Unknown EdDSA algo'); - } -} - -var eddsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$2, - sign: sign$3, - verify: verify$3, - validateParams: validateParams$4, - getPreferredHashAlgo: getPreferredHashAlgo$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * AES key wrap - * @function - * @param {Uint8Array} key - * @param {Uint8Array} data - * @returns {Uint8Array} - */ -function wrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const P = unpack(data); - let A = IV; - const R = P; - const n = P.length / 2; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 0; j <= 5; ++j) { - for (let i = 0; i < n; ++i) { - t[1] = n * j + (1 + i); - // B = A - B[0] = A[0]; - B[1] = A[1]; - // B = A || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES(K, B) - B = unpack(aes.encrypt(pack(B))); - // A = MSB(64, B) ^ t - A = B.subarray(0, 2); - A[0] ^= t[0]; - A[1] ^= t[1]; - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - return pack(A, R); -} - -/** - * AES key unwrap - * @function - * @param {String} key - * @param {String} data - * @returns {Uint8Array} - * @throws {Error} - */ -function unwrap(key, data) { - const aes = new cipher['aes' + (key.length * 8)](key); - const IV = new Uint32Array([0xA6A6A6A6, 0xA6A6A6A6]); - const C = unpack(data); - let A = C.subarray(0, 2); - const R = C.subarray(2); - const n = C.length / 2 - 1; - const t = new Uint32Array([0, 0]); - let B = new Uint32Array(4); - for (let j = 5; j >= 0; --j) { - for (let i = n - 1; i >= 0; --i) { - t[1] = n * j + (i + 1); - // B = A ^ t - B[0] = A[0] ^ t[0]; - B[1] = A[1] ^ t[1]; - // B = (A ^ t) || R[i] - B[2] = R[2 * i]; - B[3] = R[2 * i + 1]; - // B = AES-1(B) - B = unpack(aes.decrypt(pack(B))); - // A = MSB(64, B) - A = B.subarray(0, 2); - // R[i] = LSB(64, B) - R[2 * i] = B[2]; - R[2 * i + 1] = B[3]; - } - } - if (A[0] === IV[0] && A[1] === IV[1]) { - return pack(R); - } - throw new Error('Key Data Integrity failed'); -} - -function createArrayBuffer(data) { - if (util.isString(data)) { - const { length } = data; - const buffer = new ArrayBuffer(length); - const view = new Uint8Array(buffer); - for (let j = 0; j < length; ++j) { - view[j] = data.charCodeAt(j); - } - return buffer; - } - return new Uint8Array(data).buffer; -} - -function unpack(data) { - const { length } = data; - const buffer = createArrayBuffer(data); - const view = new DataView(buffer); - const arr = new Uint32Array(length / 4); - for (let i = 0; i < length / 4; ++i) { - arr[i] = view.getUint32(4 * i); - } - return arr; -} - -function pack() { - let length = 0; - for (let k = 0; k < arguments.length; ++k) { - length += 4 * arguments[k].length; - } - const buffer = new ArrayBuffer(length); - const view = new DataView(buffer); - let offset = 0; - for (let i = 0; i < arguments.length; ++i) { - for (let j = 0; j < arguments[i].length; ++j) { - view.setUint32(offset + 4 * j, arguments[i][j]); - } - offset += 4 * arguments[i].length; - } - return new Uint8Array(buffer); -} - -var aesKW = /*#__PURE__*/Object.freeze({ - __proto__: null, - wrap: wrap, - unwrap: unwrap -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * @fileoverview Functions to add and remove PKCS5 padding - * @see PublicKeyEncryptedSessionKeyPacket - * @module crypto/pkcs5 - * @private - */ - -/** - * Add pkcs5 padding to a message - * @param {Uint8Array} message - message to pad - * @returns {Uint8Array} Padded message. - */ -function encode$1(message) { - const c = 8 - (message.length % 8); - const padded = new Uint8Array(message.length + c).fill(c); - padded.set(message); - return padded; -} - -/** - * Remove pkcs5 padding from a message - * @param {Uint8Array} message - message to remove padding from - * @returns {Uint8Array} Message without padding. - */ -function decode$1(message) { - const len = message.length; - if (len > 0) { - const c = message[len - 1]; - if (c >= 1) { - const provided = message.subarray(len - c); - const computed = new Uint8Array(c).fill(c); - if (util.equalsUint8Array(provided, computed)) { - return message.subarray(0, len - c); - } - } - } - throw new Error('Invalid padding'); -} - -var pkcs5 = /*#__PURE__*/Object.freeze({ - __proto__: null, - encode: encode$1, - decode: decode$1 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -const webCrypto$8 = util.getWebCrypto(); -const nodeCrypto$9 = util.getNodeCrypto(); - -/** - * Validate ECDH parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - ECDH public point - * @param {Uint8Array} d - ECDH secret scalar - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$5(oid, Q, d) { - return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); -} - -// Build Param for ECDH algorithm (RFC 6637) -function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { - return util.concatUint8Array([ - oid.write(), - new Uint8Array([public_algo]), - kdfParams.write(), - util.stringToUint8Array('Anonymous Sender '), - fingerprint.subarray(0, 20) - ]); -} - -// Key Derivation Function (RFC 6637) -async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { - // Note: X is little endian for Curve25519, big-endian for all others. - // This is not ideal, but the RFC's are unclear - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - let i; - if (stripLeading) { - // Work around old go crypto bug - for (i = 0; i < X.length && X[i] === 0; i++); - X = X.subarray(i); - } - if (stripTrailing) { - // Work around old OpenPGP.js bug - for (i = X.length - 1; i >= 0 && X[i] === 0; i--); - X = X.subarray(0, i + 1); - } - const digest = await hash.digest(hashAlgo, util.concatUint8Array([ - new Uint8Array([0, 0, 0, 1]), - X, - param - ])); - return digest.subarray(0, length); -} - -/** - * Generate ECDHE ephemeral key and secret from public key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPublicEphemeralKey(curve, Q) { - switch (curve.type) { - case 'curve25519': { - const d = getRandomBytes(32); - const { secretKey, sharedKey } = await genPrivateEphemeralKey(curve, Q, null, d); - let { publicKey } = naclFastLight.box.keyPair.fromSecretKey(secretKey); - publicKey = util.concatUint8Array([new Uint8Array([0x40]), publicKey]); - return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPublicEphemeralKey(curve, Q); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePublicEphemeralKey(curve, Q); - } - return ellipticPublicEphemeralKey(curve, Q); -} - -/** - * Encrypt and wrap a session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} data - Unpadded session key data - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} - * @async - */ -async function encrypt$3(oid, kdfParams, data, Q, fingerprint) { - const m = encode$1(data); - - const curve = new CurveWithOID(oid); - const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); - const wrappedKey = wrap(Z, m); - return { publicKey, wrappedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function genPrivateEphemeralKey(curve, V, Q, d) { - if (d.length !== curve.payloadSize) { - const privateKey = new Uint8Array(curve.payloadSize); - privateKey.set(d, curve.payloadSize - d.length); - d = privateKey; - } - switch (curve.type) { - case 'curve25519': { - const secretKey = d.slice().reverse(); - const sharedKey = naclFastLight.scalarMult(secretKey, V.subarray(1)); - return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below - } - case 'web': - if (curve.web && util.getWebCrypto()) { - try { - return await webPrivateEphemeralKey(curve, V, Q, d); - } catch (err) { - util.printDebugError(err); - } - } - break; - case 'node': - return nodePrivateEphemeralKey(curve, V, d); - } - return ellipticPrivateEphemeralKey(curve, V, d); -} - -/** - * Decrypt and unwrap the value derived from session key - * - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} C - Encrypted and wrapped value derived from session key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Value derived from session key. - * @async - */ -async function decrypt$3(oid, kdfParams, V, C, Q, d, fingerprint) { - const curve = new CurveWithOID(oid); - const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); - const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); - const { keySize } = getCipher(kdfParams.cipher); - let err; - for (let i = 0; i < 3; i++) { - try { - // Work around old go crypto bug and old OpenPGP.js bug, respectively. - const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); - return decode$1(unwrap(Z, C)); - } catch (e) { - err = e; - } - } - throw err; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} Q - Recipient public key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPrivateEphemeralKey(curve, V, Q, d) { - const recipient = privateToJWK$1(curve.payloadSize, curve.web.web, Q, d); - let privateKey = webCrypto$8.importKey( - 'jwk', - recipient, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, V); - let sender = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - [] - ); - [privateKey, sender] = await Promise.all([privateKey, sender]); - let S = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: sender - }, - privateKey, - curve.web.sharedSize - ); - let secret = webCrypto$8.exportKey( - 'jwk', - privateKey - ); - [S, secret] = await Promise.all([S, secret]); - const sharedKey = new Uint8Array(S); - const secretKey = b64ToUint8Array(secret.d); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using webCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function webPublicEphemeralKey(curve, Q) { - const jwk = rawPublicToJWK(curve.payloadSize, curve.web.web, Q); - let keyPair = webCrypto$8.generateKey( - { - name: 'ECDH', - namedCurve: curve.web.web - }, - true, - ['deriveKey', 'deriveBits'] - ); - let recipient = webCrypto$8.importKey( - 'jwk', - jwk, - { - name: 'ECDH', - namedCurve: curve.web.web - }, - false, - [] - ); - [keyPair, recipient] = await Promise.all([keyPair, recipient]); - let s = webCrypto$8.deriveBits( - { - name: 'ECDH', - namedCurve: curve.web.web, - public: recipient - }, - keyPair.privateKey, - curve.web.sharedSize - ); - let p = webCrypto$8.exportKey( - 'jwk', - keyPair.publicKey - ); - [s, p] = await Promise.all([s, p]); - const sharedKey = new Uint8Array(s); - const publicKey = new Uint8Array(jwkToRawPublic(p)); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPrivateEphemeralKey(curve, V, d) { - const indutnyCurve = await getIndutnyCurve(curve.name); - V = keyFromPublic(indutnyCurve, V); - d = keyFromPrivate(indutnyCurve, d); - const secretKey = new Uint8Array(d.getPrivate()); - const S = d.derive(V.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using indutny/elliptic - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function ellipticPublicEphemeralKey(curve, Q) { - const indutnyCurve = await getIndutnyCurve(curve.name); - const v = await curve.genKeyPair(); - Q = keyFromPublic(indutnyCurve, Q); - const V = keyFromPrivate(indutnyCurve, v.privateKey); - const publicKey = v.publicKey; - const S = V.derive(Q.getPublic()); - const len = indutnyCurve.curve.p.byteLength(); - const sharedKey = S.toArrayLike(Uint8Array, 'be', len); - return { publicKey, sharedKey }; -} - -/** - * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} V - Public part of ephemeral key - * @param {Uint8Array} d - Recipient private key - * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePrivateEphemeralKey(curve, V, d) { - const recipient = nodeCrypto$9.createECDH(curve.node.node); - recipient.setPrivateKey(d); - const sharedKey = new Uint8Array(recipient.computeSecret(V)); - const secretKey = new Uint8Array(recipient.getPrivateKey()); - return { secretKey, sharedKey }; -} - -/** - * Generate ECDHE ephemeral key and secret from public key using nodeCrypto - * - * @param {CurveWithOID} curve - Elliptic curve object - * @param {Uint8Array} Q - Recipient public key - * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} - * @async - */ -async function nodePublicEphemeralKey(curve, Q) { - const sender = nodeCrypto$9.createECDH(curve.node.node); - sender.generateKeys(); - const sharedKey = new Uint8Array(sender.computeSecret(Q)); - const publicKey = new Uint8Array(sender.getPublicKey()); - return { publicKey, sharedKey }; -} - -var ecdh = /*#__PURE__*/Object.freeze({ - __proto__: null, - validateParams: validateParams$5, - encrypt: encrypt$3, - decrypt: decrypt$3 -}); - -/** - * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. - * @module crypto/hkdf - * @private - */ - -const webCrypto$9 = util.getWebCrypto(); -const nodeCrypto$a = util.getNodeCrypto(); -const nodeSubtleCrypto = nodeCrypto$a && nodeCrypto$a.webcrypto && nodeCrypto$a.webcrypto.subtle; - -async function HKDF(hashAlgo, inputKey, salt, info, outLen) { - const hash = enums.read(enums.webHash, hashAlgo); - if (!hash) throw new Error('Hash algo not supported with HKDF'); - - if (webCrypto$9 || nodeSubtleCrypto) { - const crypto = webCrypto$9 || nodeSubtleCrypto; - const importedKey = await crypto.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); - const bits = await crypto.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); - return new Uint8Array(bits); - } - - if (nodeCrypto$a) { - const hashAlgoName = enums.read(enums.hash, hashAlgo); - // Node-only HKDF implementation based on https://www.rfc-editor.org/rfc/rfc5869 - - const computeHMAC = (hmacKey, hmacMessage) => nodeCrypto$a.createHmac(hashAlgoName, hmacKey).update(hmacMessage).digest(); - // Step 1: Extract - // PRK = HMAC-Hash(salt, IKM) - const pseudoRandomKey = computeHMAC(salt, inputKey); - - const hashLen = pseudoRandomKey.length; - - // Step 2: Expand - // HKDF-Expand(PRK, info, L) -> OKM - const n = Math.ceil(outLen / hashLen); - const outputKeyingMaterial = new Uint8Array(n * hashLen); - - // HMAC input buffer updated at each iteration - const roundInput = new Uint8Array(hashLen + info.length + 1); - // T_i and last byte are updated at each iteration, but `info` remains constant - roundInput.set(info, hashLen); - - for (let i = 0; i < n; i++) { - // T(0) = empty string (zero length) - // T(i) = HMAC-Hash(PRK, T(i-1) | info | i) - roundInput[roundInput.length - 1] = i + 1; - // t = T(i+1) - const t = computeHMAC(pseudoRandomKey, i > 0 ? roundInput : roundInput.subarray(hashLen)); - roundInput.set(t, 0); - - outputKeyingMaterial.set(t, i * hashLen); - } - - return outputKeyingMaterial.subarray(0, outLen); - } - - throw new Error('No HKDF implementation available'); -} - -/** - * @fileoverview Key encryption and decryption for RFC 6637 ECDH - * @module crypto/public_key/elliptic/ecdh - * @private - */ - -const HKDF_INFO = { - x25519: util.encodeUTF8('OpenPGP X25519') -}; - -/** - * Generate ECDH key for Montgomery curves - * @param {module:enums.publicKey} algo - Algorithm identifier - * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} - */ -async function generate$3(algo) { - switch (algo) { - case enums.publicKey.x25519: { - // k stays in little-endian, unlike legacy ECDH over curve25519 - const k = getRandomBytes(32); - const { publicKey: A } = naclFastLight.box.keyPair.fromSecretKey(k); - return { A, k }; - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** -* Validate ECDH parameters -* @param {module:enums.publicKey} algo - Algorithm identifier -* @param {Uint8Array} A - ECDH public point -* @param {Uint8Array} k - ECDH secret scalar -* @returns {Promise} Whether params are valid. -* @async -*/ -async function validateParams$6(algo, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - /** - * Derive public point A' from private key - * and expect A == A' - */ - const { publicKey } = naclFastLight.box.keyPair.fromSecretKey(k); - return util.equalsUint8Array(A, publicKey); - } - - default: - return false; - } -} - -/** - * Wrap and encrypt a session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} data - session key data to be encrypted - * @param {Uint8Array} recipientA - Recipient public key (K_B) - * @returns {Promise<{ - * ephemeralPublicKey: Uint8Array, - * wrappedKey: Uint8Array - * }>} ephemeral public key (K_A) and encrypted key - * @async - */ -async function encrypt$4(algo, data, recipientA) { - switch (algo) { - case enums.publicKey.x25519: { - const ephemeralSecretKey = getRandomBytes(32); - const sharedSecret = naclFastLight.scalarMult(ephemeralSecretKey, recipientA); - const { publicKey: ephemeralPublicKey } = naclFastLight.box.keyPair.fromSecretKey(ephemeralSecretKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - recipientA, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - const wrappedKey = wrap(encryptionKey, data); - return { ephemeralPublicKey, wrappedKey }; - } - - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -/** - * Decrypt and unwrap the session key - * - * @param {module:enums.publicKey} algo - Algorithm identifier - * @param {Uint8Array} ephemeralPublicKey - (K_A) - * @param {Uint8Array} wrappedKey, - * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF - * @param {Uint8Array} k - Recipient secret key (b) - * @returns {Promise} decrypted session key data - * @async - */ -async function decrypt$4(algo, ephemeralPublicKey, wrappedKey, A, k) { - switch (algo) { - case enums.publicKey.x25519: { - const sharedSecret = naclFastLight.scalarMult(k, ephemeralPublicKey); - const hkdfInput = util.concatUint8Array([ - ephemeralPublicKey, - A, - sharedSecret - ]); - const { keySize } = getCipher(enums.symmetric.aes128); - const encryptionKey = await HKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); - return unwrap(encryptionKey, wrappedKey); - } - default: - throw new Error('Unsupported ECDH algorithm'); - } -} - -var ecdh_x = /*#__PURE__*/Object.freeze({ - __proto__: null, - generate: generate$3, - validateParams: validateParams$6, - encrypt: encrypt$4, - decrypt: decrypt$4 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -var elliptic = /*#__PURE__*/Object.freeze({ - __proto__: null, - CurveWithOID: CurveWithOID, - ecdh: ecdh, - ecdhX: ecdh_x, - ecdsa: ecdsa, - eddsaLegacy: eddsa_legacy, - eddsa: eddsa, - generate: generate$1, - getPreferredHashAlgo: getPreferredHashAlgo -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - -/* - TODO regarding the hash function, read: - https://tools.ietf.org/html/rfc4880#section-13.6 - https://tools.ietf.org/html/rfc4880#section-14 -*/ - -/** - * DSA Sign function - * @param {Integer} hashAlgo - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} x - * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} - * @async - */ -async function sign$4(hashAlgo, hashed, g, p, q, x) { - const BigInteger = await util.getBigInteger(); - const one = new BigInteger(1); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - x = new BigInteger(x); - - let k; - let r; - let s; - let t; - g = g.mod(p); - x = x.mod(q); - // If the output size of the chosen hash is larger than the number of - // bits of q, the hash result is truncated to fit by taking the number - // of leftmost bits equal to the number of bits of q. This (possibly - // truncated) hash function result is treated as a number and used - // directly in the DSA signature algorithm. - const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q); - // FIPS-186-4, section 4.6: - // The values of r and s shall be checked to determine if r = 0 or s = 0. - // If either r = 0 or s = 0, a new value of k shall be generated, and the - // signature shall be recalculated. It is extremely unlikely that r = 0 - // or s = 0 if signatures are generated properly. - while (true) { - // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf - k = await getRandomBigInteger(one, q); // returns in [1, q-1] - r = g.modExp(k, p).imod(q); // (g**k mod p) mod q - if (r.isZero()) { - continue; - } - const xr = x.mul(r).imod(q); - t = h.add(xr).imod(q); // H(m) + x*r mod q - s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q - if (s.isZero()) { - continue; - } - break; - } - return { - r: r.toUint8Array('be', q.byteLength()), - s: s.toUint8Array('be', q.byteLength()) - }; -} - -/** - * DSA Verify function - * @param {Integer} hashAlgo - * @param {Uint8Array} r - * @param {Uint8Array} s - * @param {Uint8Array} hashed - * @param {Uint8Array} g - * @param {Uint8Array} p - * @param {Uint8Array} q - * @param {Uint8Array} y - * @returns {boolean} - * @async - */ -async function verify$4(hashAlgo, r, s, hashed, g, p, q, y) { - const BigInteger = await util.getBigInteger(); - const zero = new BigInteger(0); - r = new BigInteger(r); - s = new BigInteger(s); - - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - - if (r.lte(zero) || r.gte(q) || - s.lte(zero) || s.gte(q)) { - util.printDebug('invalid DSA Signature'); - return false; - } - const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q); - const w = s.modInv(q); // s**-1 mod q - if (w.isZero()) { - util.printDebug('invalid DSA Signature'); - return false; - } - - g = g.mod(p); - y = y.mod(p); - const u1 = h.mul(w).imod(q); // H(m) * w mod q - const u2 = r.mul(w).imod(q); // r * w mod q - const t1 = g.modExp(u1, p); // g**u1 mod p - const t2 = y.modExp(u2, p); // y**u2 mod p - const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q - return v.equal(r); -} - -/** - * Validate DSA parameters - * @param {Uint8Array} p - DSA prime - * @param {Uint8Array} q - DSA group order - * @param {Uint8Array} g - DSA sub-group generator - * @param {Uint8Array} y - DSA public key - * @param {Uint8Array} x - DSA private key - * @returns {Promise} Whether params are valid. - * @async - */ -async function validateParams$7(p, q, g, y, x) { - const BigInteger = await util.getBigInteger(); - p = new BigInteger(p); - q = new BigInteger(q); - g = new BigInteger(g); - y = new BigInteger(y); - const one = new BigInteger(1); - // Check that 1 < g < p - if (g.lte(one) || g.gte(p)) { - return false; - } - - /** - * Check that subgroup order q divides p-1 - */ - if (!p.dec().mod(q).isZero()) { - return false; - } - - /** - * g has order q - * Check that g ** q = 1 mod p - */ - if (!g.modExp(q, p).isOne()) { - return false; - } - - /** - * Check q is large and probably prime (we mainly want to avoid small factors) - */ - const qSize = new BigInteger(q.bitLength()); - const n150 = new BigInteger(150); - if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) { - return false; - } - - /** - * Re-derive public key y' = g ** x mod p - * Expect y == y' - * - * Blinded exponentiation computes g**{rq + x} to compare to y - */ - x = new BigInteger(x); - const two = new BigInteger(2); - const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q - const rqx = q.mul(r).add(x); - if (!y.equal(g.modExp(rqx, p))) { - return false; - } - - return true; -} - -var dsa = /*#__PURE__*/Object.freeze({ - __proto__: null, - sign: sign$4, - verify: verify$4, - validateParams: validateParams$7 -}); - -/** - * @fileoverview Asymmetric cryptography functions - * @module crypto/public_key - * @private - */ - -var publicKey = { - /** @see module:crypto/public_key/rsa */ - rsa: rsa, - /** @see module:crypto/public_key/elgamal */ - elgamal: elgamal, - /** @see module:crypto/public_key/elliptic */ - elliptic: elliptic, - /** @see module:crypto/public_key/dsa */ - dsa: dsa, - /** @see tweetnacl */ - nacl: naclFastLight -}; - -/** - * @fileoverview Provides functions for asymmetric signing and signature verification - * @module crypto/signature - * @private - */ - -/** - * Parse signature in binary form to get the parameters. - * The returned values are only padded for EdDSA, since in the other cases their expected length - * depends on the key params, hence we delegate the padding to the signature verification function. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Uint8Array} signature - Data for which the signature was created - * @returns {Promise} True if signature is valid. - * @async - */ -function parseSignatureParams(algo, signature) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA signatures: - // - MPI of RSA signature value m**d mod n. - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const s = util.readMPI(signature.subarray(read)); - // The signature needs to be the same length as the public key modulo n. - // We pad s on signature verification, where we have access to n. - return { s }; - } - // Algorithm-Specific Fields for DSA or ECDSA signatures: - // - MPI of DSA or ECDSA value r. - // - MPI of DSA or ECDSA value s. - case enums.publicKey.dsa: - case enums.publicKey.ecdsa: - { - const r = util.readMPI(signature.subarray(read)); read += r.length + 2; - const s = util.readMPI(signature.subarray(read)); - return { r, s }; - } - // Algorithm-Specific Fields for legacy EdDSA signatures: - // - MPI of an EC point r. - // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsaLegacy: { - // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: - // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 - let r = util.readMPI(signature.subarray(read)); read += r.length + 2; - r = util.leftPad(r, 32); - let s = util.readMPI(signature.subarray(read)); - s = util.leftPad(s, 32); - return { r, s }; - } - // Algorithm-Specific Fields for Ed25519 signatures: - // - 64 octets of the native signature - case enums.publicKey.ed25519: { - const RS = signature.subarray(read, read + 64); read += RS.length; - return { RS }; - } - default: - throw new UnsupportedError('Unknown signature algorithm.'); - } -} - -/** - * Verifies the signature provided for data using specified algorithms and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} signature - Named algorithm-specific signature parameters - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Data for which the signature was created - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} True if signature is valid. - * @async - */ -async function verify$5(algo, hashAlgo, signature, publicParams, data, hashed) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto - return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); - } - case enums.publicKey.dsa: { - const { g, p, q, y } = publicParams; - const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers - return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicParams; - const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; - // padding needed for webcrypto - const r = util.leftPad(signature.r, curveSize); - const s = util.leftPad(signature.s, curveSize); - return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicParams; - // signature already padded on parsing - return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -/** - * Creates a signature on data using specified algorithms and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} - * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} - * for public key and hash algorithms. - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {module:enums.hash} hashAlgo - Hash algorithm - * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters - * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters - * @param {Uint8Array} data - Data to be signed - * @param {Uint8Array} hashed - The hashed data - * @returns {Promise} Signature Object containing named signature parameters. - * @async - */ -async function sign$5(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { - if (!publicKeyParams || !privateKeyParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaSign: { - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); - return { s }; - } - case enums.publicKey.dsa: { - const { g, p, q } = publicKeyParams; - const { x } = privateKeyParams; - return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); - } - case enums.publicKey.elgamal: { - throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); - } - case enums.publicKey.ecdsa: { - const { oid, Q } = publicKeyParams; - const { d } = privateKeyParams; - return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); - } - case enums.publicKey.eddsaLegacy: { - const { oid, Q } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); - } - case enums.publicKey.ed25519: { - const { A } = publicKeyParams; - const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); - } - default: - throw new Error('Unknown signature algorithm.'); - } -} - -var signature = /*#__PURE__*/Object.freeze({ - __proto__: null, - parseSignatureParams: parseSignatureParams, - verify: verify$5, - sign: sign$5 -}); - -// OpenPGP.js - An OpenPGP implementation in javascript - -class ECDHSymmetricKey { - constructor(data) { - if (data) { - this.data = data; - } - } - - /** - * Read an ECDHSymmetricKey from an Uint8Array: - * - 1 octect for the length `l` - * - `l` octects of encoded session key data - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - if (bytes.length >= 1) { - const length = bytes[0]; - if (bytes.length >= 1 + length) { - this.data = bytes.subarray(1, 1 + length); - return 1 + this.data.length; - } - } - throw new Error('Invalid symmetric key'); - } - - /** - * Write an ECDHSymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -/** - * Implementation of type KDF parameters - * - * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: - * A key derivation function (KDF) is necessary to implement the EC - * encryption. The Concatenation Key Derivation Function (Approved - * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is - * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. - * @module type/kdf_params - * @private - */ - -class KDFParams { - /** - * @param {enums.hash} hash - Hash algorithm - * @param {enums.symmetric} cipher - Symmetric algorithm - */ - constructor(data) { - if (data) { - const { hash, cipher } = data; - this.hash = hash; - this.cipher = cipher; - } else { - this.hash = null; - this.cipher = null; - } - } - - /** - * Read KDFParams from an Uint8Array - * @param {Uint8Array} input - Where to read the KDFParams from - * @returns {Number} Number of read bytes. - */ - read(input) { - if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { - throw new UnsupportedError('Cannot read KDFParams'); - } - this.hash = input[2]; - this.cipher = input[3]; - return 4; - } - - /** - * Write KDFParams to an Uint8Array - * @returns {Uint8Array} Array with the KDFParams value - */ - write() { - return new Uint8Array([3, 1, this.hash, this.cipher]); - } -} - -/** - * Encoded symmetric key for x25519 and x448 - * The payload format varies for v3 and v6 PKESK: - * the former includes an algorithm byte preceeding the encrypted session key. - * - * @module type/x25519x448_symkey - */ - -class ECDHXSymmetricKey { - static fromObject({ wrappedKey, algorithm }) { - const instance = new ECDHXSymmetricKey(); - instance.wrappedKey = wrappedKey; - instance.algorithm = algorithm; - return instance; - } - - /** - * - 1 octect for the length `l` - * - `l` octects of encoded session key data (with optional leading algorithm byte) - * @param {Uint8Array} bytes - * @returns {Number} Number of read bytes. - */ - read(bytes) { - let read = 0; - let followLength = bytes[read++]; - this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even - followLength -= followLength % 2; - this.wrappedKey = bytes.subarray(read, read + followLength); read += followLength; - } - - /** - * Write an MontgomerySymmetricKey as an Uint8Array - * @returns {Uint8Array} Serialised data - */ - write() { - return util.concatUint8Array([ - this.algorithm ? - new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : - new Uint8Array([this.wrappedKey.length]), - this.wrappedKey - ]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Encrypts data using specified algorithm and public key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. - * @param {module:enums.publicKey} keyAlgo - Public key algorithm - * @param {module:enums.symmetric} symmetricAlgo - Cipher algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Uint8Array} data - Session key data to be encrypted - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @returns {Promise} Encrypted session key parameters. - * @async - */ -async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const { n, e } = publicParams; - const c = await publicKey.rsa.encrypt(data, n, e); - return { c }; - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - return publicKey.elgamal.encrypt(data, p, g, y); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicParams; - const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( - oid, kdfParams, data, Q, fingerprint); - return { V, C: new ECDHSymmetricKey(C) }; - } - case enums.publicKey.x25519: { - if (!util.isAES(symmetricAlgo)) { - // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 - throw new Error('X25519 keys can only encrypt AES session keys'); - } - const { A } = publicParams; - const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( - keyAlgo, data, A); - const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); - return { ephemeralPublicKey, C }; - } - default: - return []; - } -} - -/** - * Decrypts data using specified algorithm and private key parameters. - * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} - * @param {module:enums.publicKey} algo - Public key algorithm - * @param {Object} publicKeyParams - Algorithm-specific public key parameters - * @param {Object} privateKeyParams - Algorithm-specific private key parameters - * @param {Object} sessionKeyParams - Encrypted session key parameters - * @param {Uint8Array} fingerprint - Recipient fingerprint - * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing - * (needed for constant-time processing in RSA and ElGamal) - * @returns {Promise} Decrypted data. - * @throws {Error} on sensitive decryption error, unless `randomPayload` is given - * @async - */ -async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { - switch (algo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaEncrypt: { - const { c } = sessionKeyParams; - const { n, e } = publicKeyParams; - const { d, p, q, u } = privateKeyParams; - return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); - } - case enums.publicKey.elgamal: { - const { c1, c2 } = sessionKeyParams; - const p = publicKeyParams.p; - const x = privateKeyParams.x; - return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); - } - case enums.publicKey.ecdh: { - const { oid, Q, kdfParams } = publicKeyParams; - const { d } = privateKeyParams; - const { V, C } = sessionKeyParams; - return publicKey.elliptic.ecdh.decrypt( - oid, kdfParams, V, C.data, Q, d, fingerprint); - } - case enums.publicKey.x25519: { - const { A } = publicKeyParams; - const { k } = privateKeyParams; - const { ephemeralPublicKey, C } = sessionKeyParams; - if (!util.isAES(C.algorithm)) { - throw new Error('AES session key expected'); - } - return publicKey.elliptic.ecdhX.decrypt( - algo, ephemeralPublicKey, C.wrappedKey, A, k); - } - default: - throw new Error('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse public key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. - */ -function parsePublicKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; - const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; - return { read, publicParams: { n, e } }; - } - case enums.publicKey.dsa: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, q, g, y } }; - } - case enums.publicKey.elgamal: { - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; - const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; - return { read, publicParams: { p, g, y } }; - } - case enums.publicKey.ecdsa: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.eddsaLegacy: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - Q = util.leftPad(Q, 33); - return { read: read, publicParams: { oid, Q } }; - } - case enums.publicKey.ecdh: { - const oid = new OID(); read += oid.read(bytes); - checkSupportedCurve(oid); - const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; - const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); - return { read: read, publicParams: { oid, Q, kdfParams } }; - } - case enums.publicKey.ed25519: - case enums.publicKey.x25519: { - const A = bytes.subarray(read, read + 32); read += A.length; - return { read, publicParams: { A } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Parse private key material in binary form to get the key parameters - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @param {Object} publicParams - (ECC only) public params, needed to format some private params - * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. - */ -function parsePrivateKeyParams(algo, bytes, publicParams) { - let read = 0; - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; - const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; - const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; - return { read, privateParams: { d, p, q, u } }; - } - case enums.publicKey.dsa: - case enums.publicKey.elgamal: { - const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; - return { read, privateParams: { x } }; - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const curve = new CurveWithOID(publicParams.oid); - let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; - d = util.leftPad(d, curve.payloadSize); - return { read, privateParams: { d } }; - } - case enums.publicKey.eddsaLegacy: { - const curve = new CurveWithOID(publicParams.oid); - let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; - seed = util.leftPad(seed, curve.payloadSize); - return { read, privateParams: { seed } }; - } - case enums.publicKey.ed25519: { - const seed = bytes.subarray(read, read + 32); read += seed.length; - return { read, privateParams: { seed } }; - } - case enums.publicKey.x25519: { - const k = bytes.subarray(read, read + 32); read += k.length; - return { read, privateParams: { k } }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** Returns the types comprising the encrypted session key of an algorithm - * @param {module:enums.publicKey} algo - The key algorithm - * @param {Uint8Array} bytes - The key material to parse - * @returns {Object} The session key parameters referenced by name. - */ -function parseEncSessionKeyParams(algo, bytes) { - let read = 0; - switch (algo) { - // Algorithm-Specific Fields for RSA encrypted session keys: - // - MPI of RSA encrypted value m**e mod n. - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: { - const c = util.readMPI(bytes.subarray(read)); - return { c }; - } - - // Algorithm-Specific Fields for Elgamal encrypted session keys: - // - MPI of Elgamal value g**k mod p - // - MPI of Elgamal value m * y**k mod p - case enums.publicKey.elgamal: { - const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; - const c2 = util.readMPI(bytes.subarray(read)); - return { c1, c2 }; - } - // Algorithm-Specific Fields for ECDH encrypted session keys: - // - MPI containing the ephemeral key used to establish the shared secret - // - ECDH Symmetric Key - case enums.publicKey.ecdh: { - const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; - const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); - return { V, C }; - } - // Algorithm-Specific Fields for X25519 encrypted session keys: - // - 32 octets representing an ephemeral X25519 public key. - // - A one-octet size of the following fields. - // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - // - The encrypted session key. - case enums.publicKey.x25519: { - const ephemeralPublicKey = bytes.subarray(read, read + 32); read += ephemeralPublicKey.length; - const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); - return { ephemeralPublicKey, C }; - } - default: - throw new UnsupportedError('Unknown public key encryption algorithm.'); - } -} - -/** - * Convert params to MPI and serializes them in the proper order - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} params - The key parameters indexed by name - * @returns {Uint8Array} The array containing the MPIs. - */ -function serializeParams(algo, params) { - // Some algorithms do not rely on MPIs to store the binary params - const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519, enums.publicKey.x25519]); - const orderedParams = Object.keys(params).map(name => { - const param = params[name]; - if (!util.isUint8Array(param)) return param.write(); - return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); - }); - return util.concatUint8Array(orderedParams); -} - -/** - * Generate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Integer} bits - Bit length for RSA keys - * @param {module:type/oid} oid - Object identifier for ECC keys - * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. - * @async - */ -function generateParams(algo, bits, oid) { - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ - privateParams: { d, p, q, u }, - publicParams: { n, e } - })); - } - case enums.publicKey.ecdsa: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { d: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ - privateParams: { seed: secret }, - publicParams: { oid: new OID(oid), Q } - })); - case enums.publicKey.ecdh: - return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ - privateParams: { d: secret }, - publicParams: { - oid: new OID(oid), - Q, - kdfParams: new KDFParams({ hash, cipher }) - } - })); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ - privateParams: { seed }, - publicParams: { A } - })); - case enums.publicKey.x25519: - return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ - privateParams: { k }, - publicParams: { A } - })); - case enums.publicKey.dsa: - case enums.publicKey.elgamal: - throw new Error('Unsupported algorithm for key generation.'); - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Validate algorithm-specific key parameters - * @param {module:enums.publicKey} algo - The public key algorithm - * @param {Object} publicParams - Algorithm-specific public key parameters - * @param {Object} privateParams - Algorithm-specific private key parameters - * @returns {Promise} Whether the parameters are valid. - * @async - */ -async function validateParams$8(algo, publicParams, privateParams) { - if (!publicParams || !privateParams) { - throw new Error('Missing key parameters'); - } - switch (algo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: { - const { n, e } = publicParams; - const { d, p, q, u } = privateParams; - return publicKey.rsa.validateParams(n, e, d, p, q, u); - } - case enums.publicKey.dsa: { - const { p, q, g, y } = publicParams; - const { x } = privateParams; - return publicKey.dsa.validateParams(p, q, g, y, x); - } - case enums.publicKey.elgamal: { - const { p, g, y } = publicParams; - const { x } = privateParams; - return publicKey.elgamal.validateParams(p, g, y, x); - } - case enums.publicKey.ecdsa: - case enums.publicKey.ecdh: { - const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; - const { oid, Q } = publicParams; - const { d } = privateParams; - return algoModule.validateParams(oid, Q, d); - } - case enums.publicKey.eddsaLegacy: { - const { Q, oid } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); - } - case enums.publicKey.ed25519: { - const { A } = publicParams; - const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(algo, A, seed); - } - case enums.publicKey.x25519: { - const { A } = publicParams; - const { k } = privateParams; - return publicKey.elliptic.ecdhX.validateParams(algo, A, k); - } - default: - throw new Error('Unknown public key algorithm.'); - } -} - -/** - * Generates a random byte prefix for the specified algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. - * @async - */ -async function getPrefixRandom(algo) { - const { blockSize } = getCipher(algo); - const prefixrandom = await getRandomBytes(blockSize); - const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); - return util.concat([prefixrandom, repeat]); -} - -/** - * Generating a session key for the specified symmetric algorithm - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} algo - Symmetric encryption algorithm - * @returns {Uint8Array} Random bytes as a string to be used as a key. - */ -function generateSessionKey(algo) { - const { keySize } = getCipher(algo); - return getRandomBytes(keySize); -} - -/** - * Get implementation of the given AEAD mode - * @param {enums.aead} algo - * @returns {Object} - * @throws {Error} on invalid algo - */ -function getAEADMode(algo) { - const algoName = enums.read(enums.aead, algo); - return mode[algoName]; -} - -/** - * Check whether the given curve OID is supported - * @param {module:type/oid} oid - EC object identifier - * @throws {UnsupportedError} if curve is not supported - */ -function checkSupportedCurve(oid) { - try { - oid.getName(); - } catch (e) { - throw new UnsupportedError('Unknown curve OID'); - } -} - -/** - * Get preferred hash algo for a given elliptic algo - * @param {module:enums.publicKey} algo - alrogithm identifier - * @param {module:type/oid} [oid] - curve OID if needed by algo - */ -function getPreferredCurveHashAlgo(algo, oid) { - switch (algo) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - return publicKey.elliptic.getPreferredHashAlgo(oid); - case enums.publicKey.ed25519: - return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); - default: - throw new Error('Unknown elliptic signing algo'); - } -} - -var crypto$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - publicKeyEncrypt: publicKeyEncrypt, - publicKeyDecrypt: publicKeyDecrypt, - parsePublicKeyParams: parsePublicKeyParams, - parsePrivateKeyParams: parsePrivateKeyParams, - parseEncSessionKeyParams: parseEncSessionKeyParams, - serializeParams: serializeParams, - generateParams: generateParams, - validateParams: validateParams$8, - getPrefixRandom: getPrefixRandom, - generateSessionKey: generateSessionKey, - getAEADMode: getAEADMode, - getCipher: getCipher, - getPreferredCurveHashAlgo: getPreferredCurveHashAlgo -}); - -/** - * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js - * @see module:crypto/crypto - * @see module:crypto/signature - * @see module:crypto/public_key - * @see module:crypto/cipher - * @see module:crypto/random - * @see module:crypto/hash - * @module crypto - * @private - */ - -// TODO move cfb and gcm to cipher -const mod = { - /** @see module:crypto/cipher */ - cipher: cipher, - /** @see module:crypto/hash */ - hash: hash, - /** @see module:crypto/mode */ - mode: mode, - /** @see module:crypto/public_key */ - publicKey: publicKey, - /** @see module:crypto/signature */ - signature: signature, - /** @see module:crypto/random */ - random: random, - /** @see module:crypto/pkcs1 */ - pkcs1: pkcs1, - /** @see module:crypto/pkcs5 */ - pkcs5: pkcs5, - /** @see module:crypto/aes_kw */ - aesKW: aesKW -}; - -Object.assign(mod, crypto$1); - -var TYPED_OK = typeof Uint8Array !== "undefined" && - typeof Uint16Array !== "undefined" && - typeof Int32Array !== "undefined"; - - -// reduce buffer size, avoiding mem copy -function shrinkBuf(buf, size) { - if (buf.length === size) { - return buf; - } - if (buf.subarray) { - return buf.subarray(0, size); - } - buf.length = size; - return buf; -} - - -const fnTyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - if (src.subarray && dest.subarray) { - dest.set(src.subarray(src_offs, src_offs + len), dest_offs); - return; - } - // Fallback to ordinary array - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - let i, l, len, pos, chunk; - - // calculate data length - len = 0; - for (i = 0, l = chunks.length; i < l; i++) { - len += chunks[i].length; - } - - // join chunks - const result = new Uint8Array(len); - pos = 0; - for (i = 0, l = chunks.length; i < l; i++) { - chunk = chunks[i]; - result.set(chunk, pos); - pos += chunk.length; - } - - return result; - } -}; - -const fnUntyped = { - arraySet: function (dest, src, src_offs, len, dest_offs) { - for (let i = 0; i < len; i++) { - dest[dest_offs + i] = src[src_offs + i]; - } - }, - // Join array of chunks to single array. - flattenChunks: function (chunks) { - return [].concat.apply([], chunks); - } -}; - - -// Enable/Disable typed arrays use, for testing -// - -let Buf8 = TYPED_OK ? Uint8Array : Array; -let Buf16 = TYPED_OK ? Uint16Array : Array; -let Buf32 = TYPED_OK ? Int32Array : Array; -let flattenChunks = TYPED_OK ? fnTyped.flattenChunks : fnUntyped.flattenChunks; -let arraySet = TYPED_OK ? fnTyped.arraySet : fnUntyped.arraySet; - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -/* Allowed flush values; see deflate() and inflate() below for details */ -const Z_NO_FLUSH = 0; -const Z_PARTIAL_FLUSH = 1; -const Z_SYNC_FLUSH = 2; -const Z_FULL_FLUSH = 3; -const Z_FINISH = 4; -const Z_BLOCK = 5; -const Z_TREES = 6; - -/* Return codes for the compression/decompression functions. Negative values - * are errors, positive values are used for special but normal events. - */ -const Z_OK = 0; -const Z_STREAM_END = 1; -const Z_NEED_DICT = 2; -const Z_STREAM_ERROR = -2; -const Z_DATA_ERROR = -3; -//export const Z_MEM_ERROR = -4; -const Z_BUF_ERROR = -5; -const Z_DEFAULT_COMPRESSION = -1; - - -const Z_FILTERED = 1; -const Z_HUFFMAN_ONLY = 2; -const Z_RLE = 3; -const Z_FIXED = 4; -const Z_DEFAULT_STRATEGY = 0; - -/* Possible values of the data_type field (though see inflate()) */ -const Z_BINARY = 0; -const Z_TEXT = 1; -//export const Z_ASCII = 1; // = Z_TEXT (deprecated) -const Z_UNKNOWN = 2; - -/* The deflate compression method */ -const Z_DEFLATED = 8; -//export const Z_NULL = null // Use -1 or null inline, depending on var type - -/*============================================================================*/ - - -function zero$1(buf) { - let len = buf.length; while (--len >= 0) { - buf[len] = 0; - } -} - -// From zutil.h - -const STORED_BLOCK = 0; -const STATIC_TREES = 1; -const DYN_TREES = 2; -/* The three kinds of block type */ - -const MIN_MATCH = 3; -const MAX_MATCH = 258; -/* The minimum and maximum match lengths */ - -// From deflate.h -/* =========================================================================== - * Internal compression state. - */ - -const LENGTH_CODES = 29; -/* number of length codes, not counting the special END_BLOCK code */ - -const LITERALS = 256; -/* number of literal bytes 0..255 */ - -const L_CODES = LITERALS + 1 + LENGTH_CODES; -/* number of Literal or Length codes, including the END_BLOCK code */ - -const D_CODES = 30; -/* number of distance codes */ - -const BL_CODES = 19; -/* number of codes used to transfer the bit lengths */ - -const HEAP_SIZE = 2 * L_CODES + 1; -/* maximum heap size */ - -const MAX_BITS = 15; -/* All codes must not exceed MAX_BITS bits */ - -const Buf_size = 16; -/* size of bit buffer in bi_buf */ - - -/* =========================================================================== - * Constants - */ - -const MAX_BL_BITS = 7; -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -const END_BLOCK = 256; -/* end of block literal code */ - -const REP_3_6 = 16; -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -const REPZ_3_10 = 17; -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -const REPZ_11_138 = 18; -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -/* eslint-disable comma-spacing,array-bracket-spacing */ -const extra_lbits = /* extra bits for each length code */ - [0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]; - -const extra_dbits = /* extra bits for each distance code */ - [0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]; - -const extra_blbits = /* extra bits for each bit length code */ - [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]; - -const bl_order = - [16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]; -/* eslint-enable comma-spacing,array-bracket-spacing */ - -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -/* =========================================================================== - * Local data. These are initialized only once. - */ - -// We pre-fill arrays with 0 to avoid uninitialized gaps - -const DIST_CODE_LEN = 512; /* see definition of array dist_code below */ - -// !!!! Use flat array instead of structure, Freq = i*2, Len = i*2+1 -const static_ltree = new Array((L_CODES + 2) * 2); -zero$1(static_ltree); -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - -const static_dtree = new Array(D_CODES * 2); -zero$1(static_dtree); -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -const _dist_code = new Array(DIST_CODE_LEN); -zero$1(_dist_code); -/* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -const _length_code = new Array(MAX_MATCH - MIN_MATCH + 1); -zero$1(_length_code); -/* length code for each normalized match length (0 == MIN_MATCH) */ - -const base_length = new Array(LENGTH_CODES); -zero$1(base_length); -/* First normalized length for each code (0 = MIN_MATCH) */ - -const base_dist = new Array(D_CODES); -zero$1(base_dist); -/* First normalized distance for each code (0 = distance of 1) */ - - -function StaticTreeDesc(static_tree, extra_bits, extra_base, elems, max_length) { - - this.static_tree = static_tree; /* static tree or NULL */ - this.extra_bits = extra_bits; /* extra bits for each code or NULL */ - this.extra_base = extra_base; /* base index for extra_bits */ - this.elems = elems; /* max number of elements in the tree */ - this.max_length = max_length; /* max bit length for the codes */ - - // show if `static_tree` has data or dummy - needed for monomorphic objects - this.has_stree = static_tree && static_tree.length; -} - - -let static_l_desc; -let static_d_desc; -let static_bl_desc; - - -function TreeDesc(dyn_tree, stat_desc) { - this.dyn_tree = dyn_tree; /* the dynamic tree */ - this.max_code = 0; /* largest code with non zero frequency */ - this.stat_desc = stat_desc; /* the corresponding static tree */ -} - - - -function d_code(dist) { - return dist < 256 ? _dist_code[dist] : _dist_code[256 + (dist >>> 7)]; -} - - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -function put_short(s, w) { -// put_byte(s, (uch)((w) & 0xff)); -// put_byte(s, (uch)((ush)(w) >> 8)); - s.pending_buf[s.pending++] = w & 0xff; - s.pending_buf[s.pending++] = w >>> 8 & 0xff; -} - - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -function send_bits(s, value, length) { - if (s.bi_valid > Buf_size - length) { - s.bi_buf |= value << s.bi_valid & 0xffff; - put_short(s, s.bi_buf); - s.bi_buf = value >> Buf_size - s.bi_valid; - s.bi_valid += length - Buf_size; - } else { - s.bi_buf |= value << s.bi_valid & 0xffff; - s.bi_valid += length; - } -} - - -function send_code(s, c, tree) { - send_bits(s, tree[c * 2]/*.Code*/, tree[c * 2 + 1]/*.Len*/); -} - - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -function bi_reverse(code, len) { - let res = 0; - do { - res |= code & 1; - code >>>= 1; - res <<= 1; - } while (--len > 0); - return res >>> 1; -} - - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -function bi_flush(s) { - if (s.bi_valid === 16) { - put_short(s, s.bi_buf); - s.bi_buf = 0; - s.bi_valid = 0; - - } else if (s.bi_valid >= 8) { - s.pending_buf[s.pending++] = s.bi_buf & 0xff; - s.bi_buf >>= 8; - s.bi_valid -= 8; - } -} - - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -function gen_bitlen(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const max_code = desc.max_code; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const extra = desc.stat_desc.extra_bits; - const base = desc.stat_desc.extra_base; - const max_length = desc.stat_desc.max_length; - let h; /* heap index */ - let n, m; /* iterate over the tree elements */ - let bits; /* bit length */ - let xbits; /* extra bits */ - let f; /* frequency */ - let overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) { - s.bl_count[bits] = 0; - } - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s.heap[s.heap_max] * 2 + 1]/*.Len*/ = 0; /* root of the heap */ - - for (h = s.heap_max + 1; h < HEAP_SIZE; h++) { - n = s.heap[h]; - bits = tree[tree[n * 2 + 1]/*.Dad*/ * 2 + 1]/*.Len*/ + 1; - if (bits > max_length) { - bits = max_length; - overflow++; - } - tree[n * 2 + 1]/*.Len*/ = bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) { - continue; - } /* not a leaf node */ - - s.bl_count[bits]++; - xbits = 0; - if (n >= base) { - xbits = extra[n - base]; - } - f = tree[n * 2]/*.Freq*/; - s.opt_len += f * (bits + xbits); - if (has_stree) { - s.static_len += f * (stree[n * 2 + 1]/*.Len*/ + xbits); - } - } - if (overflow === 0) { - return; - } - - // Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length - 1; - while (s.bl_count[bits] === 0) { - bits--; - } - s.bl_count[bits]--; /* move one leaf down the tree */ - s.bl_count[bits + 1] += 2; /* move one overflow item as its brother */ - s.bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits !== 0; bits--) { - n = s.bl_count[bits]; - while (n !== 0) { - m = s.heap[--h]; - if (m > max_code) { - continue; - } - if (tree[m * 2 + 1]/*.Len*/ !== bits) { - // Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s.opt_len += (bits - tree[m * 2 + 1]/*.Len*/) * tree[m * 2]/*.Freq*/; - tree[m * 2 + 1]/*.Len*/ = bits; - } - n--; - } - } -} - - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -function gen_codes(tree, max_code, bl_count) -// ct_data *tree; /* the tree to decorate */ -// int max_code; /* largest code with non zero frequency */ -// ushf *bl_count; /* number of codes at each bit length */ -{ - const next_code = new Array(MAX_BITS + 1); /* next code value for each bit length */ - let code = 0; /* running code value */ - let bits; /* bit index */ - let n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = code + bl_count[bits - 1] << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - //Assert (code + bl_count[MAX_BITS]-1 == (1< length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES - 1; code++) { - base_length[code] = length; - for (n = 0; n < 1 << extra_lbits[code]; n++) { - _length_code[length++] = code; - } - } - //Assert (length == 256, "tr_static_init: length != 256"); - /* Note that the length 255 (match length 258) can be represented - * in two different ways: code 284 + 5 bits or code 285, so we - * overwrite length_code[255] to use the best encoding: - */ - _length_code[length - 1] = code; - - /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ - dist = 0; - for (code = 0; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < 1 << extra_dbits[code]; n++) { - _dist_code[dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: dist != 256"); - dist >>= 7; /* from now on, all distances are divided by 128 */ - for (; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < 1 << extra_dbits[code] - 7; n++) { - _dist_code[256 + dist++] = code; - } - } - //Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) { - bl_count[bits] = 0; - } - - n = 0; - while (n <= 143) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - while (n <= 255) { - static_ltree[n * 2 + 1]/*.Len*/ = 9; - n++; - bl_count[9]++; - } - while (n <= 279) { - static_ltree[n * 2 + 1]/*.Len*/ = 7; - n++; - bl_count[7]++; - } - while (n <= 287) { - static_ltree[n * 2 + 1]/*.Len*/ = 8; - n++; - bl_count[8]++; - } - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes(static_ltree, L_CODES + 1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n * 2 + 1]/*.Len*/ = 5; - static_dtree[n * 2]/*.Code*/ = bi_reverse(n, 5); - } - - // Now data ready and we can init static trees - static_l_desc = new StaticTreeDesc(static_ltree, extra_lbits, LITERALS + 1, L_CODES, MAX_BITS); - static_d_desc = new StaticTreeDesc(static_dtree, extra_dbits, 0, D_CODES, MAX_BITS); - static_bl_desc = new StaticTreeDesc(new Array(0), extra_blbits, 0, BL_CODES, MAX_BL_BITS); - - //static_init_done = true; -} - - -/* =========================================================================== - * Initialize a new block. - */ -function init_block(s) { - let n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) { - s.dyn_ltree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < D_CODES; n++) { - s.dyn_dtree[n * 2]/*.Freq*/ = 0; - } - for (n = 0; n < BL_CODES; n++) { - s.bl_tree[n * 2]/*.Freq*/ = 0; - } - - s.dyn_ltree[END_BLOCK * 2]/*.Freq*/ = 1; - s.opt_len = s.static_len = 0; - s.last_lit = s.matches = 0; -} - - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -function bi_windup(s) { - if (s.bi_valid > 8) { - put_short(s, s.bi_buf); - } else if (s.bi_valid > 0) { - //put_byte(s, (Byte)s->bi_buf); - s.pending_buf[s.pending++] = s.bi_buf; - } - s.bi_buf = 0; - s.bi_valid = 0; -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -function copy_block(s, buf, len, header) -//DeflateState *s; -//charf *buf; /* the input data */ -//unsigned len; /* its length */ -//int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - - if (header) { - put_short(s, len); - put_short(s, ~len); - } - // while (len--) { - // put_byte(s, *buf++); - // } - arraySet(s.pending_buf, s.window, buf, len, s.pending); - s.pending += len; -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -function smaller(tree, n, m, depth) { - const _n2 = n * 2; - const _m2 = m * 2; - return tree[_n2]/*.Freq*/ < tree[_m2]/*.Freq*/ || - tree[_n2]/*.Freq*/ === tree[_m2]/*.Freq*/ && depth[n] <= depth[m]; -} - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -function pqdownheap(s, tree, k) -// deflate_state *s; -// ct_data *tree; /* the tree to restore */ -// int k; /* node to move down */ -{ - const v = s.heap[k]; - let j = k << 1; /* left son of k */ - while (j <= s.heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s.heap_len && - smaller(tree, s.heap[j + 1], s.heap[j], s.depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s.heap[j], s.depth)) { - break; - } - - /* Exchange v with the smallest son */ - s.heap[k] = s.heap[j]; - k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s.heap[k] = v; -} - - -// inlined manually -// var SMALLEST = 1; - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -function compress_block(s, ltree, dtree) -// deflate_state *s; -// const ct_data *ltree; /* literal tree */ -// const ct_data *dtree; /* distance tree */ -{ - let dist; /* distance of matched string */ - let lc; /* match length or unmatched char (if dist == 0) */ - let lx = 0; /* running index in l_buf */ - let code; /* the code to send */ - let extra; /* number of extra bits to send */ - - if (s.last_lit !== 0) { - do { - dist = s.pending_buf[s.d_buf + lx * 2] << 8 | s.pending_buf[s.d_buf + lx * 2 + 1]; - lc = s.pending_buf[s.l_buf + lx]; - lx++; - - if (dist === 0) { - send_code(s, lc, ltree); /* send a literal byte */ - //Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code + LITERALS + 1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra !== 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - //Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra !== 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - //Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - // "pendingBuf overflow"); - - } while (lx < s.last_lit); - } - - send_code(s, END_BLOCK, ltree); -} - - -/* =========================================================================== - * Construct one Huffman tree and assigns the code bit strings and lengths. - * Update the total bit length for the current block. - * IN assertion: the field freq is set for all tree elements. - * OUT assertions: the fields len and code are set to the optimal bit length - * and corresponding code. The length opt_len is updated; static_len is - * also updated if stree is not null. The field max_code is set. - */ -function build_tree(s, desc) -// deflate_state *s; -// tree_desc *desc; /* the tree descriptor */ -{ - const tree = desc.dyn_tree; - const stree = desc.stat_desc.static_tree; - const has_stree = desc.stat_desc.has_stree; - const elems = desc.stat_desc.elems; - let n, m; /* iterate over heap elements */ - let max_code = -1; /* largest code with non zero frequency */ - let node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s.heap_len = 0; - s.heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n * 2]/*.Freq*/ !== 0) { - s.heap[++s.heap_len] = max_code = n; - s.depth[n] = 0; - - } else { - tree[n * 2 + 1]/*.Len*/ = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s.heap_len < 2) { - node = s.heap[++s.heap_len] = max_code < 2 ? ++max_code : 0; - tree[node * 2]/*.Freq*/ = 1; - s.depth[node] = 0; - s.opt_len--; - - if (has_stree) { - s.static_len -= stree[node * 2 + 1]/*.Len*/; - } - /* node is 0 or 1 so it does not have extra bits */ - } - desc.max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s.heap_len >> 1/*int /2*/; n >= 1; n--) { - pqdownheap(s, tree, n); - } - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - //pqremove(s, tree, n); /* n = node of least frequency */ - /*** pqremove ***/ - n = s.heap[1/*SMALLEST*/]; - s.heap[1/*SMALLEST*/] = s.heap[s.heap_len--]; - pqdownheap(s, tree, 1/*SMALLEST*/); - /***/ - - m = s.heap[1/*SMALLEST*/]; /* m = node of next least frequency */ - - s.heap[--s.heap_max] = n; /* keep the nodes sorted by frequency */ - s.heap[--s.heap_max] = m; - - /* Create a new node father of n and m */ - tree[node * 2]/*.Freq*/ = tree[n * 2]/*.Freq*/ + tree[m * 2]/*.Freq*/; - s.depth[node] = (s.depth[n] >= s.depth[m] ? s.depth[n] : s.depth[m]) + 1; - tree[n * 2 + 1]/*.Dad*/ = tree[m * 2 + 1]/*.Dad*/ = node; - - /* and insert the new node in the heap */ - s.heap[1/*SMALLEST*/] = node++; - pqdownheap(s, tree, 1/*SMALLEST*/); - - } while (s.heap_len >= 2); - - s.heap[--s.heap_max] = s.heap[1/*SMALLEST*/]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes(tree, max_code, s.bl_count); -} - - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -function scan_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - tree[(max_code + 1) * 2 + 1]/*.Len*/ = 0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - s.bl_tree[curlen * 2]/*.Freq*/ += count; - - } else if (curlen !== 0) { - - if (curlen !== prevlen) { - s.bl_tree[curlen * 2]/*.Freq*/++; - } - s.bl_tree[REP_3_6 * 2]/*.Freq*/++; - - } else if (count <= 10) { - s.bl_tree[REPZ_3_10 * 2]/*.Freq*/++; - - } else { - s.bl_tree[REPZ_11_138 * 2]/*.Freq*/++; - } - - count = 0; - prevlen = curlen; - - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -function send_tree(s, tree, max_code) -// deflate_state *s; -// ct_data *tree; /* the tree to be scanned */ -// int max_code; /* and its largest code of non zero frequency */ -{ - let n; /* iterates over all tree elements */ - let prevlen = -1; /* last emitted length */ - let curlen; /* length of current code */ - - let nextlen = tree[0 * 2 + 1]/*.Len*/; /* length of next code */ - - let count = 0; /* repeat count of the current code */ - let max_count = 7; /* max repeat count */ - let min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen === 0) { - max_count = 138; - min_count = 3; - } - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; - nextlen = tree[(n + 1) * 2 + 1]/*.Len*/; - - if (++count < max_count && curlen === nextlen) { - continue; - - } else if (count < min_count) { - do { - send_code(s, curlen, s.bl_tree); - } while (--count !== 0); - - } else if (curlen !== 0) { - if (curlen !== prevlen) { - send_code(s, curlen, s.bl_tree); - count--; - } - //Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s.bl_tree); - send_bits(s, count - 3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s.bl_tree); - send_bits(s, count - 3, 3); - - } else { - send_code(s, REPZ_11_138, s.bl_tree); - send_bits(s, count - 11, 7); - } - - count = 0; - prevlen = curlen; - if (nextlen === 0) { - max_count = 138; - min_count = 3; - - } else if (curlen === nextlen) { - max_count = 6; - min_count = 3; - - } else { - max_count = 7; - min_count = 4; - } - } -} - - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -function build_bl_tree(s) { - let max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, s.dyn_ltree, s.l_desc.max_code); - scan_tree(s, s.dyn_dtree, s.d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, s.bl_desc); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES - 1; max_blindex >= 3; max_blindex--) { - if (s.bl_tree[bl_order[max_blindex] * 2 + 1]/*.Len*/ !== 0) { - break; - } - } - /* Update opt_len to include the bit length tree and counts */ - s.opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4; - //Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - // s->opt_len, s->static_len)); - - return max_blindex; -} - - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -function send_all_trees(s, lcodes, dcodes, blcodes) -// deflate_state *s; -// int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - let rank; /* index in bl_order */ - - //Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - //Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - // "too many codes"); - //Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes - 257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes - 1, 5); - send_bits(s, blcodes - 4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - //Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s.bl_tree[bl_order[rank] * 2 + 1]/*.Len*/, 3); - } - //Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_ltree, lcodes - 1); /* literal tree */ - //Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, s.dyn_dtree, dcodes - 1); /* distance tree */ - //Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - - -/* =========================================================================== - * Check if the data type is TEXT or BINARY, using the following algorithm: - * - TEXT if the two conditions below are satisfied: - * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). - * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). - * - BINARY otherwise. - * - The following partially-portable control characters form a - * "gray list" that is ignored in this detection algorithm: - * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). - * IN assertion: the fields Freq of dyn_ltree are set. - */ -function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes - * set bits 0..6, 14..25, and 28..31 - * 0xf3ffc07f = binary 11110011111111111100000001111111 - */ - let black_mask = 0xf3ffc07f; - let n; - - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if (black_mask & 1 && s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_BINARY; - } - } - - /* Check for textual ("white-listed") bytes. */ - if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || - s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - for (n = 32; n < LITERALS; n++) { - if (s.dyn_ltree[n * 2]/*.Freq*/ !== 0) { - return Z_TEXT; - } - } - - /* There are no "black-listed" or "white-listed" bytes: - * this stream either is empty or has tolerated ("gray-listed") bytes only. - */ - return Z_BINARY; -} - - -let static_init_done = false; - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -function _tr_init(s) { - - if (!static_init_done) { - tr_static_init(); - static_init_done = true; - } - - s.l_desc = new TreeDesc(s.dyn_ltree, static_l_desc); - s.d_desc = new TreeDesc(s.dyn_dtree, static_d_desc); - s.bl_desc = new TreeDesc(s.bl_tree, static_bl_desc); - - s.bi_buf = 0; - s.bi_valid = 0; - - /* Initialize the first block of the first file: */ - init_block(s); -} - - -/* =========================================================================== - * Send a stored block - */ -function _tr_stored_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK << 1) + (last ? 1 : 0), 3); /* send block type */ - copy_block(s, buf, stored_len, true); /* with header */ -} - - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - */ -function _tr_align(s) { - send_bits(s, STATIC_TREES << 1, 3); - send_code(s, END_BLOCK, static_ltree); - bi_flush(s); -} - - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. - */ -function _tr_flush_block(s, buf, stored_len, last) -//DeflateState *s; -//charf *buf; /* input block, or NULL if too old */ -//ulg stored_len; /* length of input block */ -//int last; /* one if this is the last block for a file */ -{ - let opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - let max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s.level > 0) { - - /* Check if the file is binary or text */ - if (s.strm.data_type === Z_UNKNOWN) { - s.strm.data_type = detect_data_type(s); - } - - /* Construct the literal and distance trees */ - build_tree(s, s.l_desc); - // Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - - build_tree(s, s.d_desc); - // Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - // s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute the block lengths in bytes. */ - opt_lenb = s.opt_len + 3 + 7 >>> 3; - static_lenb = s.static_len + 3 + 7 >>> 3; - - // Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - // opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - // s->last_lit)); - - if (static_lenb <= opt_lenb) { - opt_lenb = static_lenb; - } - - } else { - // Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - - if (stored_len + 4 <= opt_lenb && buf !== -1) { - /* 4: two words for the lengths */ - - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, last); - - } else if (s.strategy === Z_FIXED || static_lenb === opt_lenb) { - - send_bits(s, (STATIC_TREES << 1) + (last ? 1 : 0), 3); - compress_block(s, static_ltree, static_dtree); - - } else { - send_bits(s, (DYN_TREES << 1) + (last ? 1 : 0), 3); - send_all_trees(s, s.l_desc.max_code + 1, s.d_desc.max_code + 1, max_blindex + 1); - compress_block(s, s.dyn_ltree, s.dyn_dtree); - } - // Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); - - if (last) { - bi_windup(s); - } - // Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - // s->compressed_len-7*last)); -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -function _tr_tally(s, dist, lc) -// deflate_state *s; -// unsigned dist; /* distance of matched string */ -// unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - //var out_length, in_length, dcode; - - s.pending_buf[s.d_buf + s.last_lit * 2] = dist >>> 8 & 0xff; - s.pending_buf[s.d_buf + s.last_lit * 2 + 1] = dist & 0xff; - - s.pending_buf[s.l_buf + s.last_lit] = lc & 0xff; - s.last_lit++; - - if (dist === 0) { - /* lc is the unmatched char */ - s.dyn_ltree[lc * 2]/*.Freq*/++; - } else { - s.matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - //Assert((ush)dist < (ush)MAX_DIST(s) && - // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - // (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s.dyn_ltree[(_length_code[lc] + LITERALS + 1) * 2]/*.Freq*/++; - s.dyn_dtree[d_code(dist) * 2]/*.Freq*/++; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - - //#ifdef TRUNCATE_BLOCK - // /* Try to guess if it is profitable to stop the current block here */ - // if ((s.last_lit & 0x1fff) === 0 && s.level > 2) { - // /* Compute an upper bound for the compressed length */ - // out_length = s.last_lit*8; - // in_length = s.strstart - s.block_start; - // - // for (dcode = 0; dcode < D_CODES; dcode++) { - // out_length += s.dyn_dtree[dcode*2]/*.Freq*/ * (5 + extra_dbits[dcode]); - // } - // out_length >>>= 3; - // //Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - // // s->last_lit, in_length, out_length, - // // 100L - out_length*100L/in_length)); - // if (s.matches < (s.last_lit>>1)/*int /2*/ && out_length < (in_length>>1)/*int /2*/) { - // return true; - // } - // } - //#endif - - return s.last_lit === s.lit_bufsize - 1; - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -// Note: adler32 takes 12% for level 0 and 2% for level 6. -// It isn't worth it to make additional optimizations as in original. -// Small size is preferable. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -function adler32(adler, buf, len, pos) { - let s1 = adler & 0xffff |0, - s2 = adler >>> 16 & 0xffff |0, - n = 0; - - while (len !== 0) { - // Set limit ~ twice less than 5552, to keep - // s2 in 31-bits, because we force signed ints. - // in other case %= will fail. - n = len > 2000 ? 2000 : len; - len -= n; - - do { - s1 = s1 + buf[pos++] |0; - s2 = s2 + s1 |0; - } while (--n); - - s1 %= 65521; - s2 %= 65521; - } - - return s1 | s2 << 16 |0; -} - -// Note: we can't get significant speed boost here. -// So write code to minimize size - no pregenerated tables -// and array tools dependencies. - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// Use ordinary array, since untyped makes no boost here -function makeTable() { - let c; - const table = []; - - for (let n = 0; n < 256; n++) { - c = n; - for (let k = 0; k < 8; k++) { - c = c & 1 ? 0xEDB88320 ^ c >>> 1 : c >>> 1; - } - table[n] = c; - } - - return table; -} - -// Create table on load. Just 255 signed longs. Not a problem. -const crcTable = makeTable(); - - -function crc32(crc, buf, len, pos) { - const t = crcTable, - end = pos + len; - - crc ^= -1; - - for (let i = pos; i < end; i++) { - crc = crc >>> 8 ^ t[(crc ^ buf[i]) & 0xFF]; - } - - return crc ^ -1; // >>> 0; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -var msg = { - 2: "need dictionary", /* Z_NEED_DICT 2 */ - 1: "stream end", /* Z_STREAM_END 1 */ - 0: "", /* Z_OK 0 */ - "-1": "file error", /* Z_ERRNO (-1) */ - "-2": "stream error", /* Z_STREAM_ERROR (-2) */ - "-3": "data error", /* Z_DATA_ERROR (-3) */ - "-4": "insufficient memory", /* Z_MEM_ERROR (-4) */ - "-5": "buffer error", /* Z_BUF_ERROR (-5) */ - "-6": "incompatible version" /* Z_VERSION_ERROR (-6) */ -}; - -/*============================================================================*/ - - -const MAX_MEM_LEVEL = 9; - - -const LENGTH_CODES$1 = 29; -/* number of length codes, not counting the special END_BLOCK code */ -const LITERALS$1 = 256; -/* number of literal bytes 0..255 */ -const L_CODES$1 = LITERALS$1 + 1 + LENGTH_CODES$1; -/* number of Literal or Length codes, including the END_BLOCK code */ -const D_CODES$1 = 30; -/* number of distance codes */ -const BL_CODES$1 = 19; -/* number of codes used to transfer the bit lengths */ -const HEAP_SIZE$1 = 2 * L_CODES$1 + 1; -/* maximum heap size */ -const MAX_BITS$1 = 15; -/* All codes must not exceed MAX_BITS bits */ - -const MIN_MATCH$1 = 3; -const MAX_MATCH$1 = 258; -const MIN_LOOKAHEAD = (MAX_MATCH$1 + MIN_MATCH$1 + 1); - -const PRESET_DICT = 0x20; - -const INIT_STATE = 42; -const EXTRA_STATE = 69; -const NAME_STATE = 73; -const COMMENT_STATE = 91; -const HCRC_STATE = 103; -const BUSY_STATE = 113; -const FINISH_STATE = 666; - -const BS_NEED_MORE = 1; /* block not completed, need more input or more output */ -const BS_BLOCK_DONE = 2; /* block flush performed */ -const BS_FINISH_STARTED = 3; /* finish started, need only more output at next deflate */ -const BS_FINISH_DONE = 4; /* finish done, accept no more input or output */ - -const OS_CODE = 0x03; // Unix :) . Don't detect, use this default. - -function err(strm, errorCode) { - strm.msg = msg[errorCode]; - return errorCode; -} - -function rank(f) { - return ((f) << 1) - ((f) > 4 ? 9 : 0); -} - -function zero$2(buf) { let len = buf.length; while (--len >= 0) { buf[len] = 0; } } - - -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->output buffer and copying into it. - * (See also read_buf()). - */ -function flush_pending(strm) { - const s = strm.state; - - //_tr_flush_bits(s); - let len = s.pending; - if (len > strm.avail_out) { - len = strm.avail_out; - } - if (len === 0) { return; } - - arraySet(strm.output, s.pending_buf, s.pending_out, len, strm.next_out); - strm.next_out += len; - s.pending_out += len; - strm.total_out += len; - strm.avail_out -= len; - s.pending -= len; - if (s.pending === 0) { - s.pending_out = 0; - } -} - - -function flush_block_only(s, last) { - _tr_flush_block(s, (s.block_start >= 0 ? s.block_start : -1), s.strstart - s.block_start, last); - s.block_start = s.strstart; - flush_pending(s.strm); -} - - -function put_byte(s, b) { - s.pending_buf[s.pending++] = b; -} - - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -function putShortMSB(s, b) { - // put_byte(s, (Byte)(b >> 8)); - // put_byte(s, (Byte)(b & 0xff)); - s.pending_buf[s.pending++] = (b >>> 8) & 0xff; - s.pending_buf[s.pending++] = b & 0xff; -} - - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->input buffer and copying from it. - * (See also flush_pending()). - */ -function read_buf(strm, buf, start, size) { - let len = strm.avail_in; - - if (len > size) { len = size; } - if (len === 0) { return 0; } - - strm.avail_in -= len; - - // zmemcpy(buf, strm->next_in, len); - arraySet(buf, strm.input, strm.next_in, len, start); - if (strm.state.wrap === 1) { - strm.adler = adler32(strm.adler, buf, len, start); - } - - else if (strm.state.wrap === 2) { - strm.adler = crc32(strm.adler, buf, len, start); - } - - strm.next_in += len; - strm.total_in += len; - - return len; -} - - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -function longest_match(s, cur_match) { - let chain_length = s.max_chain_length; /* max hash chain length */ - let scan = s.strstart; /* current string */ - let match; /* matched string */ - let len; /* length of current match */ - let best_len = s.prev_length; /* best match length so far */ - let nice_match = s.nice_match; /* stop if match long enough */ - const limit = (s.strstart > (s.w_size - MIN_LOOKAHEAD)) ? - s.strstart - (s.w_size - MIN_LOOKAHEAD) : 0/*NIL*/; - - const _win = s.window; // shortcut - - const wmask = s.w_mask; - const prev = s.prev; - - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - - const strend = s.strstart + MAX_MATCH$1; - let scan_end1 = _win[scan + best_len - 1]; - let scan_end = _win[scan + best_len]; - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - // Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s.prev_length >= s.good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if (nice_match > s.lookahead) { nice_match = s.lookahead; } - - // Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - // Assert(cur_match < s->strstart, "no future"); - match = cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2. Note that the checks below - * for insufficient lookahead only occur occasionally for performance - * reasons. Therefore uninitialized memory will be accessed, and - * conditional jumps will be made that depend on those values. - * However the length of the match is limited to the lookahead, so - * the output of deflate is not affected by the uninitialized values. - */ - - if (_win[match + best_len] !== scan_end || - _win[match + best_len - 1] !== scan_end1 || - _win[match] !== _win[scan] || - _win[++match] !== _win[scan + 1]) { - continue; - } - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2; - match++; - // Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - /*jshint noempty:false*/ - } while (_win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - _win[++scan] === _win[++match] && _win[++scan] === _win[++match] && - scan < strend); - - // Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH$1 - (strend - scan); - scan = strend - MAX_MATCH$1; - - if (len > best_len) { - s.match_start = cur_match; - best_len = len; - if (len >= nice_match) { - break; - } - scan_end1 = _win[scan + best_len - 1]; - scan_end = _win[scan + best_len]; - } - } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length !== 0); - - if (best_len <= s.lookahead) { - return best_len; - } - return s.lookahead; -} - - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -function fill_window(s) { - const _w_size = s.w_size; - let p, n, m, more, str; - - //Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); - - do { - more = s.window_size - s.lookahead - s.strstart; - - // JS ints have 32 bit, block below not needed - /* Deal with !@#$% 64K limit: */ - //if (sizeof(int) <= 2) { - // if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - // more = wsize; - // - // } else if (more == (unsigned)(-1)) { - // /* Very unlikely, but possible on 16 bit machine if - // * strstart == 0 && lookahead == 1 (input done a byte at time) - // */ - // more--; - // } - //} - - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - if (s.strstart >= _w_size + (_w_size - MIN_LOOKAHEAD)) { - - arraySet(s.window, s.window, _w_size, _w_size, 0); - s.match_start -= _w_size; - s.strstart -= _w_size; - /* we now have strstart >= MAX_DIST */ - s.block_start -= _w_size; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - - n = s.hash_size; - p = n; - do { - m = s.head[--p]; - s.head[p] = (m >= _w_size ? m - _w_size : 0); - } while (--n); - - n = _w_size; - p = n; - do { - m = s.prev[--p]; - s.prev[p] = (m >= _w_size ? m - _w_size : 0); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += _w_size; - } - if (s.strm.avail_in === 0) { - break; - } - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - //Assert(more >= 2, "more < 2"); - n = read_buf(s.strm, s.window, s.strstart + s.lookahead, more); - s.lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s.lookahead + s.insert >= MIN_MATCH$1) { - str = s.strstart - s.insert; - s.ins_h = s.window[str]; - - /* UPDATE_HASH(s, s->ins_h, s->window[str + 1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + 1]) & s.hash_mask; - //#if MIN_MATCH != 3 - // Call update_hash() MIN_MATCH-3 more times - //#endif - while (s.insert) { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = str; - str++; - s.insert--; - if (s.lookahead + s.insert < MIN_MATCH$1) { - break; - } - } - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s.lookahead < MIN_LOOKAHEAD && s.strm.avail_in !== 0); - - /* If the WIN_INIT bytes after the end of the current data have never been - * written, then zero those bytes in order to avoid memory check reports of - * the use of uninitialized (or uninitialised as Julian writes) bytes by - * the longest match routines. Update the high water mark for the next - * time through here. WIN_INIT is set to MAX_MATCH since the longest match - * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. - */ - // if (s.high_water < s.window_size) { - // var curr = s.strstart + s.lookahead; - // var init = 0; - // - // if (s.high_water < curr) { - // /* Previous high water mark below current data -- zero WIN_INIT - // * bytes or up to end of window, whichever is less. - // */ - // init = s.window_size - curr; - // if (init > WIN_INIT) - // init = WIN_INIT; - // zmemzero(s->window + curr, (unsigned)init); - // s->high_water = curr + init; - // } - // else if (s->high_water < (ulg)curr + WIN_INIT) { - // /* High water mark at or above current data, but below current data - // * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up - // * to end of window, whichever is less. - // */ - // init = (ulg)curr + WIN_INIT - s->high_water; - // if (init > s->window_size - s->high_water) - // init = s->window_size - s->high_water; - // zmemzero(s->window + s->high_water, (unsigned)init); - // s->high_water += init; - // } - // } - // - // Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, - // "not enough room for search"); -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ -function deflate_stored(s, flush) { - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - let max_block_size = 0xffff; - - if (max_block_size > s.pending_buf_size - 5) { - max_block_size = s.pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (; ;) { - /* Fill the window as much as possible: */ - if (s.lookahead <= 1) { - - //Assert(s->strstart < s->w_size+MAX_DIST(s) || - // s->block_start >= (long)s->w_size, "slide too late"); - // if (!(s.strstart < s.w_size + (s.w_size - MIN_LOOKAHEAD) || - // s.block_start >= s.w_size)) { - // throw new Error("slide too late"); - // } - - fill_window(s); - if (s.lookahead === 0 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - - if (s.lookahead === 0) { - break; - } - /* flush the current block */ - } - //Assert(s->block_start >= 0L, "block gone"); - // if (s.block_start < 0) throw new Error("block gone"); - - s.strstart += s.lookahead; - s.lookahead = 0; - - /* Emit a stored block if pending_buf will be full: */ - const max_start = s.block_start + max_block_size; - - if (s.strstart === 0 || s.strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s.lookahead = s.strstart - max_start; - s.strstart = max_start; - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - - - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s.strstart - s.block_start >= (s.w_size - MIN_LOOKAHEAD)) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - - s.insert = 0; - - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - - if (s.strstart > s.block_start) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_NEED_MORE; -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -function deflate_fast(s, flush) { - let hash_head; /* head of the hash chain */ - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { - break; /* flush the current block */ - } - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head !== 0/*NIL*/ && ((s.strstart - hash_head) <= (s.w_size - MIN_LOOKAHEAD))) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - } - if (s.match_length >= MIN_MATCH$1) { - // check_match(s, s.strstart, s.match_start, s.match_length); // for debug only - - /*** _tr_tally_dist(s, s.strstart - s.match_start, - s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, s.strstart - s.match_start, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s.match_length <= s.max_lazy_match/*max_insert_length*/ && s.lookahead >= MIN_MATCH$1) { - s.match_length--; /* string at strstart already in table */ - do { - s.strstart++; - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s.match_length !== 0); - s.strstart++; - } else { - s.strstart += s.match_length; - s.match_length = 0; - s.ins_h = s.window[s.strstart]; - /* UPDATE_HASH(s, s.ins_h, s.window[s.strstart+1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + 1]) & s.hash_mask; - - //#if MIN_MATCH != 3 - // Call UPDATE_HASH() MIN_MATCH-3 more times - //#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s.window[s.strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = ((s.strstart < (MIN_MATCH$1 - 1)) ? s.strstart : MIN_MATCH$1 - 1); - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -function deflate_slow(s, flush) { - let hash_head; /* head of hash chain */ - let bflush; /* set if current block must be flushed */ - - let max_insert; - - /* Process the input block. */ - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s.lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s.lookahead < MIN_LOOKAHEAD && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - hash_head = 0/*NIL*/; - if (s.lookahead >= MIN_MATCH$1) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - - /* Find the longest match, discarding those <= prev_length. - */ - s.prev_length = s.match_length; - s.prev_match = s.match_start; - s.match_length = MIN_MATCH$1 - 1; - - if (hash_head !== 0/*NIL*/ && s.prev_length < s.max_lazy_match && - s.strstart - hash_head <= (s.w_size - MIN_LOOKAHEAD)/*MAX_DIST(s)*/) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - s.match_length = longest_match(s, hash_head); - /* longest_match() sets match_start */ - - if (s.match_length <= 5 && - (s.strategy === Z_FILTERED || (s.match_length === MIN_MATCH$1 && s.strstart - s.match_start > 4096/*TOO_FAR*/))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s.match_length = MIN_MATCH$1 - 1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s.prev_length >= MIN_MATCH$1 && s.match_length <= s.prev_length) { - max_insert = s.strstart + s.lookahead - MIN_MATCH$1; - /* Do not insert strings in hash table beyond this. */ - - //check_match(s, s.strstart-1, s.prev_match, s.prev_length); - - /***_tr_tally_dist(s, s.strstart - 1 - s.prev_match, - s.prev_length - MIN_MATCH, bflush);***/ - bflush = _tr_tally(s, s.strstart - 1 - s.prev_match, s.prev_length - MIN_MATCH$1); - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s.lookahead -= s.prev_length - 1; - s.prev_length -= 2; - do { - if (++s.strstart <= max_insert) { - /*** INSERT_STRING(s, s.strstart, hash_head); ***/ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[s.strstart + MIN_MATCH$1 - 1]) & s.hash_mask; - hash_head = s.prev[s.strstart & s.w_mask] = s.head[s.ins_h]; - s.head[s.ins_h] = s.strstart; - /***/ - } - } while (--s.prev_length !== 0); - s.match_available = 0; - s.match_length = MIN_MATCH$1 - 1; - s.strstart++; - - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - } else if (s.match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - if (bflush) { - /*** FLUSH_BLOCK_ONLY(s, 0) ***/ - flush_block_only(s, false); - /***/ - } - s.strstart++; - s.lookahead--; - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s.match_available = 1; - s.strstart++; - s.lookahead--; - } - } - //Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s.match_available) { - //Tracevv((stderr,"%c", s->window[s->strstart-1])); - /*** _tr_tally_lit(s, s.window[s.strstart-1], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart - 1]); - - s.match_available = 0; - } - s.insert = s.strstart < MIN_MATCH$1 - 1 ? s.strstart : MIN_MATCH$1 - 1; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - - return BS_BLOCK_DONE; -} - - -/* =========================================================================== - * For Z_RLE, simply look for runs of bytes, generate matches only of distance - * one. Do not maintain a hash table. (It will be regenerated if this run of - * deflate switches away from Z_RLE.) - */ -function deflate_rle(s, flush) { - let bflush; /* set if current block must be flushed */ - let prev; /* byte at distance one to match */ - let scan, strend; /* scan goes up to strend for length of run */ - - const _win = s.window; - - for (; ;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the longest run, plus one for the unrolled loop. - */ - if (s.lookahead <= MAX_MATCH$1) { - fill_window(s); - if (s.lookahead <= MAX_MATCH$1 && flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - if (s.lookahead === 0) { break; } /* flush the current block */ - } - - /* See how many times the previous byte repeats */ - s.match_length = 0; - if (s.lookahead >= MIN_MATCH$1 && s.strstart > 0) { - scan = s.strstart - 1; - prev = _win[scan]; - if (prev === _win[++scan] && prev === _win[++scan] && prev === _win[++scan]) { - strend = s.strstart + MAX_MATCH$1; - do { - /*jshint noempty:false*/ - } while (prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - prev === _win[++scan] && prev === _win[++scan] && - scan < strend); - s.match_length = MAX_MATCH$1 - (strend - scan); - if (s.match_length > s.lookahead) { - s.match_length = s.lookahead; - } - } - //Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); - } - - /* Emit match if have run of MIN_MATCH or longer, else emit literal */ - if (s.match_length >= MIN_MATCH$1) { - //check_match(s, s.strstart, s.strstart - 1, s.match_length); - - /*** _tr_tally_dist(s, 1, s.match_length - MIN_MATCH, bflush); ***/ - bflush = _tr_tally(s, 1, s.match_length - MIN_MATCH$1); - - s.lookahead -= s.match_length; - s.strstart += s.match_length; - s.match_length = 0; - } else { - /* No match, output a literal byte */ - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - - s.lookahead--; - s.strstart++; - } - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* =========================================================================== - * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. - * (It will be regenerated if this run of deflate switches away from Huffman.) - */ -function deflate_huff(s, flush) { - let bflush; /* set if current block must be flushed */ - - for (; ;) { - /* Make sure that we have a literal to write. */ - if (s.lookahead === 0) { - fill_window(s); - if (s.lookahead === 0) { - if (flush === Z_NO_FLUSH) { - return BS_NEED_MORE; - } - break; /* flush the current block */ - } - } - - /* Output a literal byte */ - s.match_length = 0; - //Tracevv((stderr,"%c", s->window[s->strstart])); - /*** _tr_tally_lit(s, s.window[s.strstart], bflush); ***/ - bflush = _tr_tally(s, 0, s.window[s.strstart]); - s.lookahead--; - s.strstart++; - if (bflush) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - } - s.insert = 0; - if (flush === Z_FINISH) { - /*** FLUSH_BLOCK(s, 1); ***/ - flush_block_only(s, true); - if (s.strm.avail_out === 0) { - return BS_FINISH_STARTED; - } - /***/ - return BS_FINISH_DONE; - } - if (s.last_lit) { - /*** FLUSH_BLOCK(s, 0); ***/ - flush_block_only(s, false); - if (s.strm.avail_out === 0) { - return BS_NEED_MORE; - } - /***/ - } - return BS_BLOCK_DONE; -} - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ -class Config { - constructor(good_length, max_lazy, nice_length, max_chain, func) { - this.good_length = good_length; - this.max_lazy = max_lazy; - this.nice_length = nice_length; - this.max_chain = max_chain; - this.func = func; - } -} -const configuration_table = [ - /* good lazy nice chain */ - new Config(0, 0, 0, 0, deflate_stored), /* 0 store only */ - new Config(4, 4, 8, 4, deflate_fast), /* 1 max speed, no lazy matches */ - new Config(4, 5, 16, 8, deflate_fast), /* 2 */ - new Config(4, 6, 32, 32, deflate_fast), /* 3 */ - - new Config(4, 4, 16, 16, deflate_slow), /* 4 lazy matches */ - new Config(8, 16, 32, 32, deflate_slow), /* 5 */ - new Config(8, 16, 128, 128, deflate_slow), /* 6 */ - new Config(8, 32, 128, 256, deflate_slow), /* 7 */ - new Config(32, 128, 258, 1024, deflate_slow), /* 8 */ - new Config(32, 258, 258, 4096, deflate_slow) /* 9 max compression */ -]; - - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -function lm_init(s) { - s.window_size = 2 * s.w_size; - - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - - /* Set the default configuration parameters: - */ - s.max_lazy_match = configuration_table[s.level].max_lazy; - s.good_match = configuration_table[s.level].good_length; - s.nice_match = configuration_table[s.level].nice_length; - s.max_chain_length = configuration_table[s.level].max_chain; - - s.strstart = 0; - s.block_start = 0; - s.lookahead = 0; - s.insert = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - s.ins_h = 0; -} - -class DeflateState { - constructor() { - this.strm = null; /* pointer back to this zlib stream */ - this.status = 0; /* as the name implies */ - this.pending_buf = null; /* output still pending */ - this.pending_buf_size = 0; /* size of pending_buf */ - this.pending_out = 0; /* next pending byte to output to the stream */ - this.pending = 0; /* nb of bytes in the pending buffer */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.gzhead = null; /* gzip header information to write */ - this.gzindex = 0; /* where in extra, name, or comment */ - this.method = Z_DEFLATED; /* can only be DEFLATED */ - this.last_flush = -1; /* value of flush param for previous deflate call */ - - this.w_size = 0; /* LZ77 window size (32K by default) */ - this.w_bits = 0; /* log2(w_size) (8..16) */ - this.w_mask = 0; /* w_size - 1 */ - - this.window = null; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. - */ - - this.window_size = 0; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - this.prev = null; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - this.head = null; /* Heads of the hash chains or NIL. */ - - this.ins_h = 0; /* hash index of string to be inserted */ - this.hash_size = 0; /* number of elements in hash table */ - this.hash_bits = 0; /* log2(hash_size) */ - this.hash_mask = 0; /* hash_size-1 */ - - this.hash_shift = 0; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - this.block_start = 0; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - this.match_length = 0; /* length of best match */ - this.prev_match = 0; /* previous match */ - this.match_available = 0; /* set if previous match exists */ - this.strstart = 0; /* start of string to insert */ - this.match_start = 0; /* start of matching string */ - this.lookahead = 0; /* number of valid bytes ahead in window */ - - this.prev_length = 0; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - this.max_chain_length = 0; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - this.max_lazy_match = 0; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ - // That's alias to max_lazy_match, don't use directly - //this.max_insert_length = 0; - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - this.level = 0; /* compression level (1..9) */ - this.strategy = 0; /* favor or force Huffman coding*/ - - this.good_match = 0; - /* Use a faster search when the previous match is longer than this */ - - this.nice_match = 0; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - - /* Didn't use ct_data typedef below to suppress compiler warning */ - - // struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - // struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - // struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - // Use flat array of DOUBLE size, with interleaved fata, - // because JS does not support effective - this.dyn_ltree = new Buf16(HEAP_SIZE$1 * 2); - this.dyn_dtree = new Buf16((2 * D_CODES$1 + 1) * 2); - this.bl_tree = new Buf16((2 * BL_CODES$1 + 1) * 2); - zero$2(this.dyn_ltree); - zero$2(this.dyn_dtree); - zero$2(this.bl_tree); - - this.l_desc = null; /* desc. for literal tree */ - this.d_desc = null; /* desc. for distance tree */ - this.bl_desc = null; /* desc. for bit length tree */ - - //ush bl_count[MAX_BITS+1]; - this.bl_count = new Buf16(MAX_BITS$1 + 1); - /* number of codes at each bit length for an optimal tree */ - - //int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - this.heap = new Buf16(2 * L_CODES$1 + 1); /* heap used to build the Huffman trees */ - zero$2(this.heap); - - this.heap_len = 0; /* number of elements in the heap */ - this.heap_max = 0; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - this.depth = new Buf16(2 * L_CODES$1 + 1); //uch depth[2*L_CODES+1]; - zero$2(this.depth); - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - this.l_buf = 0; /* buffer index for literals or lengths */ - - this.lit_bufsize = 0; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - this.last_lit = 0; /* running index in l_buf */ - - this.d_buf = 0; - /* Buffer index for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - this.opt_len = 0; /* bit length of current block with optimal trees */ - this.static_len = 0; /* bit length of current block with static trees */ - this.matches = 0; /* number of string matches in current block */ - this.insert = 0; /* bytes at end of window left to insert */ - - - this.bi_buf = 0; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - this.bi_valid = 0; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - - // Used for window memory init. We safely ignore it for JS. That makes - // sense only for pointers and memory check tools. - //this.high_water = 0; - /* High water mark offset in window for initialized bytes -- bytes above - * this are set to zero in order to avoid memory check warnings when - * longest match routines access bytes past the input. This is then - * updated to the new high water mark. - */ - } -} - -function deflateResetKeep(strm) { - let s; - - if (!strm || !strm.state) { - return err(strm, Z_STREAM_ERROR); - } - - strm.total_in = strm.total_out = 0; - strm.data_type = Z_UNKNOWN; - - s = strm.state; - s.pending = 0; - s.pending_out = 0; - - if (s.wrap < 0) { - s.wrap = -s.wrap; - /* was made negative by deflate(..., Z_FINISH); */ - } - s.status = (s.wrap ? INIT_STATE : BUSY_STATE); - strm.adler = (s.wrap === 2) ? - 0 // crc32(0, Z_NULL, 0) - : - 1; // adler32(0, Z_NULL, 0) - s.last_flush = Z_NO_FLUSH; - _tr_init(s); - return Z_OK; -} - - -function deflateReset(strm) { - const ret = deflateResetKeep(strm); - if (ret === Z_OK) { - lm_init(strm.state); - } - return ret; -} - - -function deflateSetHeader(strm, head) { - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - if (strm.state.wrap !== 2) { return Z_STREAM_ERROR; } - strm.state.gzhead = head; - return Z_OK; -} - - -function deflateInit2(strm, level, method, windowBits, memLevel, strategy) { - if (!strm) { // === Z_NULL - return Z_STREAM_ERROR; - } - let wrap = 1; - - if (level === Z_DEFAULT_COMPRESSION) { - level = 6; - } - - if (windowBits < 0) { /* suppress zlib wrapper */ - wrap = 0; - windowBits = -windowBits; - } - - else if (windowBits > 15) { - wrap = 2; /* write gzip wrapper instead */ - windowBits -= 16; - } - - - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method !== Z_DEFLATED || - windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_FIXED) { - return err(strm, Z_STREAM_ERROR); - } - - - if (windowBits === 8) { - windowBits = 9; - } - /* until 256-byte window bug fixed */ - - const s = new DeflateState(); - - strm.state = s; - s.strm = strm; - - s.wrap = wrap; - s.gzhead = null; - s.w_bits = windowBits; - s.w_size = 1 << s.w_bits; - s.w_mask = s.w_size - 1; - - s.hash_bits = memLevel + 7; - s.hash_size = 1 << s.hash_bits; - s.hash_mask = s.hash_size - 1; - s.hash_shift = ~~((s.hash_bits + MIN_MATCH$1 - 1) / MIN_MATCH$1); - s.window = new Buf8(s.w_size * 2); - s.head = new Buf16(s.hash_size); - s.prev = new Buf16(s.w_size); - - // Don't need mem init magic for JS. - //s.high_water = 0; /* nothing written to s->window yet */ - - s.lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s.pending_buf_size = s.lit_bufsize * 4; - - //overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - //s->pending_buf = (uchf *) overlay; - s.pending_buf = new Buf8(s.pending_buf_size); - - // It is offset from `s.pending_buf` (size is `s.lit_bufsize * 2`) - //s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s.d_buf = 1 * s.lit_bufsize; - - //s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - s.l_buf = (1 + 2) * s.lit_bufsize; - - s.level = level; - s.strategy = strategy; - s.method = method; - - return deflateReset(strm); -} - - -function deflate(strm, flush) { - let old_flush, s; - let beg, val; // for gzip header write only - - if (!strm || !strm.state || - flush > Z_BLOCK || flush < 0) { - return strm ? err(strm, Z_STREAM_ERROR) : Z_STREAM_ERROR; - } - - s = strm.state; - - if (!strm.output || - (!strm.input && strm.avail_in !== 0) || - (s.status === FINISH_STATE && flush !== Z_FINISH)) { - return err(strm, (strm.avail_out === 0) ? Z_BUF_ERROR : Z_STREAM_ERROR); - } - - s.strm = strm; /* just in case */ - old_flush = s.last_flush; - s.last_flush = flush; - - /* Write the header */ - if (s.status === INIT_STATE) { - - if (s.wrap === 2) { // GZIP header - strm.adler = 0; //crc32(0L, Z_NULL, 0); - put_byte(s, 31); - put_byte(s, 139); - put_byte(s, 8); - if (!s.gzhead) { // s->gzhead == Z_NULL - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, 0); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, OS_CODE); - s.status = BUSY_STATE; - } - else { - put_byte(s, (s.gzhead.text ? 1 : 0) + - (s.gzhead.hcrc ? 2 : 0) + - (!s.gzhead.extra ? 0 : 4) + - (!s.gzhead.name ? 0 : 8) + - (!s.gzhead.comment ? 0 : 16) - ); - put_byte(s, s.gzhead.time & 0xff); - put_byte(s, (s.gzhead.time >> 8) & 0xff); - put_byte(s, (s.gzhead.time >> 16) & 0xff); - put_byte(s, (s.gzhead.time >> 24) & 0xff); - put_byte(s, s.level === 9 ? 2 : - (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2 ? - 4 : 0)); - put_byte(s, s.gzhead.os & 0xff); - if (s.gzhead.extra && s.gzhead.extra.length) { - put_byte(s, s.gzhead.extra.length & 0xff); - put_byte(s, (s.gzhead.extra.length >> 8) & 0xff); - } - if (s.gzhead.hcrc) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending, 0); - } - s.gzindex = 0; - s.status = EXTRA_STATE; - } - } - else // DEFLATE header - { - let header = (Z_DEFLATED + ((s.w_bits - 8) << 4)) << 8; - let level_flags = -1; - - if (s.strategy >= Z_HUFFMAN_ONLY || s.level < 2) { - level_flags = 0; - } else if (s.level < 6) { - level_flags = 1; - } else if (s.level === 6) { - level_flags = 2; - } else { - level_flags = 3; - } - header |= (level_flags << 6); - if (s.strstart !== 0) { header |= PRESET_DICT; } - header += 31 - (header % 31); - - s.status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s.strstart !== 0) { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - strm.adler = 1; // adler32(0L, Z_NULL, 0); - } - } - - //#ifdef GZIP - if (s.status === EXTRA_STATE) { - if (s.gzhead.extra/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - - while (s.gzindex < (s.gzhead.extra.length & 0xffff)) { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - break; - } - } - put_byte(s, s.gzhead.extra[s.gzindex] & 0xff); - s.gzindex++; - } - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (s.gzindex === s.gzhead.extra.length) { - s.gzindex = 0; - s.status = NAME_STATE; - } - } - else { - s.status = NAME_STATE; - } - } - if (s.status === NAME_STATE) { - if (s.gzhead.name/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.name.length) { - val = s.gzhead.name.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.gzindex = 0; - s.status = COMMENT_STATE; - } - } - else { - s.status = COMMENT_STATE; - } - } - if (s.status === COMMENT_STATE) { - if (s.gzhead.comment/* != Z_NULL*/) { - beg = s.pending; /* start of bytes to update crc */ - //int val; - - do { - if (s.pending === s.pending_buf_size) { - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - flush_pending(strm); - beg = s.pending; - if (s.pending === s.pending_buf_size) { - val = 1; - break; - } - } - // JS specific: little magic to add zero terminator to end of string - if (s.gzindex < s.gzhead.comment.length) { - val = s.gzhead.comment.charCodeAt(s.gzindex++) & 0xff; - } else { - val = 0; - } - put_byte(s, val); - } while (val !== 0); - - if (s.gzhead.hcrc && s.pending > beg) { - strm.adler = crc32(strm.adler, s.pending_buf, s.pending - beg, beg); - } - if (val === 0) { - s.status = HCRC_STATE; - } - } - else { - s.status = HCRC_STATE; - } - } - if (s.status === HCRC_STATE) { - if (s.gzhead.hcrc) { - if (s.pending + 2 > s.pending_buf_size) { - flush_pending(strm); - } - if (s.pending + 2 <= s.pending_buf_size) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - strm.adler = 0; //crc32(0L, Z_NULL, 0); - s.status = BUSY_STATE; - } - } - else { - s.status = BUSY_STATE; - } - } - //#endif - - /* Flush as much pending output as possible */ - if (s.pending !== 0) { - flush_pending(strm); - if (strm.avail_out === 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s.last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUF_ERROR. - */ - } else if (strm.avail_in === 0 && rank(flush) <= rank(old_flush) && - flush !== Z_FINISH) { - return err(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s.status === FINISH_STATE && strm.avail_in !== 0) { - return err(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm.avail_in !== 0 || s.lookahead !== 0 || - (flush !== Z_NO_FLUSH && s.status !== FINISH_STATE)) { - var bstate = (s.strategy === Z_HUFFMAN_ONLY) ? deflate_huff(s, flush) : - (s.strategy === Z_RLE ? deflate_rle(s, flush) : - configuration_table[s.level].func(s, flush)); - - if (bstate === BS_FINISH_STARTED || bstate === BS_FINISH_DONE) { - s.status = FINISH_STATE; - } - if (bstate === BS_NEED_MORE || bstate === BS_FINISH_STARTED) { - if (strm.avail_out === 0) { - s.last_flush = -1; - /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate === BS_BLOCK_DONE) { - if (flush === Z_PARTIAL_FLUSH) { - _tr_align(s); - } - else if (flush !== Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ - - _tr_stored_block(s, 0, 0, false); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush === Z_FULL_FLUSH) { - /*** CLEAR_HASH(s); ***/ /* forget history */ - zero$2(s.head); // Fill with NIL (= 0); - - if (s.lookahead === 0) { - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - } - } - flush_pending(strm); - if (strm.avail_out === 0) { - s.last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - //Assert(strm->avail_out > 0, "bug2"); - //if (strm.avail_out <= 0) { throw new Error("bug2");} - - if (flush !== Z_FINISH) { return Z_OK; } - if (s.wrap <= 0) { return Z_STREAM_END; } - - /* Write the trailer */ - if (s.wrap === 2) { - put_byte(s, strm.adler & 0xff); - put_byte(s, (strm.adler >> 8) & 0xff); - put_byte(s, (strm.adler >> 16) & 0xff); - put_byte(s, (strm.adler >> 24) & 0xff); - put_byte(s, strm.total_in & 0xff); - put_byte(s, (strm.total_in >> 8) & 0xff); - put_byte(s, (strm.total_in >> 16) & 0xff); - put_byte(s, (strm.total_in >> 24) & 0xff); - } - else { - putShortMSB(s, strm.adler >>> 16); - putShortMSB(s, strm.adler & 0xffff); - } - - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - if (s.wrap > 0) { s.wrap = -s.wrap; } - /* write the trailer only once! */ - return s.pending !== 0 ? Z_OK : Z_STREAM_END; -} - -function deflateEnd(strm) { - let status; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - status = strm.state.status; - if (status !== INIT_STATE && - status !== EXTRA_STATE && - status !== NAME_STATE && - status !== COMMENT_STATE && - status !== HCRC_STATE && - status !== BUSY_STATE && - status !== FINISH_STATE - ) { - return err(strm, Z_STREAM_ERROR); - } - - strm.state = null; - - return status === BUSY_STATE ? err(strm, Z_DATA_ERROR) : Z_OK; -} - - -/* ========================================================================= - * Initializes the compression dictionary from the given byte - * sequence without producing any compressed output. - */ -function deflateSetDictionary(strm, dictionary) { - let dictLength = dictionary.length; - - let s; - let str, n; - let wrap; - let avail; - let next; - let input; - let tmpDict; - - if (!strm/*== Z_NULL*/ || !strm.state/*== Z_NULL*/) { - return Z_STREAM_ERROR; - } - - s = strm.state; - wrap = s.wrap; - - if (wrap === 2 || (wrap === 1 && s.status !== INIT_STATE) || s.lookahead) { - return Z_STREAM_ERROR; - } - - /* when using zlib wrappers, compute Adler-32 for provided dictionary */ - if (wrap === 1) { - /* adler32(strm->adler, dictionary, dictLength); */ - strm.adler = adler32(strm.adler, dictionary, dictLength, 0); - } - - s.wrap = 0; /* avoid computing Adler-32 in read_buf */ - - /* if dictionary would fill window, just replace the history */ - if (dictLength >= s.w_size) { - if (wrap === 0) { /* already empty otherwise */ - /*** CLEAR_HASH(s); ***/ - zero$2(s.head); // Fill with NIL (= 0); - s.strstart = 0; - s.block_start = 0; - s.insert = 0; - } - /* use the tail */ - // dictionary = dictionary.slice(dictLength - s.w_size); - tmpDict = new Buf8(s.w_size); - arraySet(tmpDict, dictionary, dictLength - s.w_size, s.w_size, 0); - dictionary = tmpDict; - dictLength = s.w_size; - } - /* insert dictionary into window and hash */ - avail = strm.avail_in; - next = strm.next_in; - input = strm.input; - strm.avail_in = dictLength; - strm.next_in = 0; - strm.input = dictionary; - fill_window(s); - while (s.lookahead >= MIN_MATCH$1) { - str = s.strstart; - n = s.lookahead - (MIN_MATCH$1 - 1); - do { - /* UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); */ - s.ins_h = ((s.ins_h << s.hash_shift) ^ s.window[str + MIN_MATCH$1 - 1]) & s.hash_mask; - - s.prev[str & s.w_mask] = s.head[s.ins_h]; - - s.head[s.ins_h] = str; - str++; - } while (--n); - s.strstart = str; - s.lookahead = MIN_MATCH$1 - 1; - fill_window(s); - } - s.strstart += s.lookahead; - s.block_start = s.strstart; - s.insert = s.lookahead; - s.lookahead = 0; - s.match_length = s.prev_length = MIN_MATCH$1 - 1; - s.match_available = 0; - strm.next_in = next; - strm.input = input; - strm.avail_in = avail; - s.wrap = wrap; - return Z_OK; -} - -/* Not implemented -exports.deflateBound = deflateBound; -exports.deflateCopy = deflateCopy; -exports.deflateParams = deflateParams; -exports.deflatePending = deflatePending; -exports.deflatePrime = deflatePrime; -exports.deflateTune = deflateTune; -*/ - -// String encode/decode helpers - -try { - String.fromCharCode.apply(null, [ 0 ]); -} catch (__) { -} -try { - String.fromCharCode.apply(null, new Uint8Array(1)); -} catch (__) { -} - - -// Table with utf8 lengths (calculated by first byte of sequence) -// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS, -// because max possible codepoint is 0x10ffff -const _utf8len = new Buf8(256); -for (let q = 0; q < 256; q++) { - _utf8len[q] = q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1; -} -_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start - - -// convert string to array (typed, when possible) -function string2buf (str) { - let c, c2, m_pos, i, buf_len = 0; - const str_len = str.length; - - // count binary size - for (m_pos = 0; m_pos < str_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4; - } - - // allocate buffer - const buf = new Buf8(buf_len); - - // convert - for (i = 0, m_pos = 0; i < buf_len; m_pos++) { - c = str.charCodeAt(m_pos); - if ((c & 0xfc00) === 0xd800 && m_pos + 1 < str_len) { - c2 = str.charCodeAt(m_pos + 1); - if ((c2 & 0xfc00) === 0xdc00) { - c = 0x10000 + (c - 0xd800 << 10) + (c2 - 0xdc00); - m_pos++; - } - } - if (c < 0x80) { - /* one byte */ - buf[i++] = c; - } else if (c < 0x800) { - /* two bytes */ - buf[i++] = 0xC0 | c >>> 6; - buf[i++] = 0x80 | c & 0x3f; - } else if (c < 0x10000) { - /* three bytes */ - buf[i++] = 0xE0 | c >>> 12; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } else { - /* four bytes */ - buf[i++] = 0xf0 | c >>> 18; - buf[i++] = 0x80 | c >>> 12 & 0x3f; - buf[i++] = 0x80 | c >>> 6 & 0x3f; - buf[i++] = 0x80 | c & 0x3f; - } - } - - return buf; -} - - -// Convert binary string (typed, when possible) -function binstring2buf (str) { - const buf = new Buf8(str.length); - for (let i = 0, len = buf.length; i < len; i++) { - buf[i] = str.charCodeAt(i); - } - return buf; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class ZStream { - constructor() { - /* next input byte */ - this.input = null; // JS specific, because we have no pointers - this.next_in = 0; - /* number of bytes available at input */ - this.avail_in = 0; - /* total number of input bytes read so far */ - this.total_in = 0; - /* next output byte should be put there */ - this.output = null; // JS specific, because we have no pointers - this.next_out = 0; - /* remaining free space at output */ - this.avail_out = 0; - /* total number of bytes output so far */ - this.total_out = 0; - /* last error message, NULL if no error */ - this.msg = ''/*Z_NULL*/; - /* not visible by applications */ - this.state = null; - /* best guess about the data type: binary or text */ - this.data_type = 2/*Z_UNKNOWN*/; - /* adler32 value of the uncompressed data */ - this.adler = 0; - } -} - -/* ===========================================================================*/ - - -/** - * class Deflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[deflate]], - * [[deflateRaw]] and [[gzip]]. - **/ - -/* internal - * Deflate.chunks -> Array - * - * Chunks of output data, if [[Deflate#onData]] not overridden. - **/ - -/** - * Deflate.result -> Uint8Array|Array - * - * Compressed result, generated by default [[Deflate#onData]] - * and [[Deflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Deflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Deflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Deflate.err -> Number - * - * Error code after deflate finished. 0 (Z_OK) on success. - * You will not need it in real life, because deflate errors - * are possible only on wrong options or bad `onData` / `onEnd` - * custom handlers. - **/ - -/** - * Deflate.msg -> String - * - * Error message, if [[Deflate.err]] != 0 - **/ - - -/** - * new Deflate(options) - * - options (Object): zlib deflate options. - * - * Creates new deflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `level` - * - `windowBits` - * - `memLevel` - * - `strategy` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw deflate - * - `gzip` (Boolean) - create gzip wrapper - * - `to` (String) - if equal to 'string', then result will be "binary string" - * (each char code [0..255]) - * - `header` (Object) - custom header for gzip - * - `text` (Boolean) - true if compressed data believed to be text - * - `time` (Number) - modification time, unix timestamp - * - `os` (Number) - operation system code - * - `extra` (Array) - array of bytes with extra data (max 65536) - * - `name` (String) - file name (binary string) - * - `comment` (String) - comment (binary string) - * - `hcrc` (Boolean) - true if header crc should be added - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var deflate = new pako.Deflate({ level: 3}); - * - * deflate.push(chunk1, false); - * deflate.push(chunk2, true); // true -> last chunk - * - * if (deflate.err) { throw new Error(deflate.err); } - * - * console.log(deflate.result); - * ``` - **/ - -class Deflate { - constructor(options) { - this.options = { - level: Z_DEFAULT_COMPRESSION, - method: Z_DEFLATED, - chunkSize: 16384, - windowBits: 15, - memLevel: 8, - strategy: Z_DEFAULT_STRATEGY, - ...(options || {}) - }; - - const opt = this.options; - - if (opt.raw && (opt.windowBits > 0)) { - opt.windowBits = -opt.windowBits; - } - - else if (opt.gzip && (opt.windowBits > 0) && (opt.windowBits < 16)) { - opt.windowBits += 16; - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - var status = deflateInit2( - this.strm, - opt.level, - opt.method, - opt.windowBits, - opt.memLevel, - opt.strategy - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - if (opt.header) { - deflateSetHeader(this.strm, opt.header); - } - - if (opt.dictionary) { - let dict; - // Convert data if needed - if (typeof opt.dictionary === 'string') { - // If we need to compress text, change encoding to utf8. - dict = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - dict = new Uint8Array(opt.dictionary); - } else { - dict = opt.dictionary; - } - - status = deflateSetDictionary(this.strm, dict); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this._dict_set = true; - } - } - - /** - * Deflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data. Strings will be - * converted to utf8 byte sequence. - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to deflate pipe, generating [[Deflate#onData]] calls with - * new compressed chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Deflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the compression context. - * - * On fail call [[Deflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * array format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize } } = this; - var status, _mode; - - if (this.ended) { return false; } - - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // If we need to compress text, change encoding to utf8. - strm.input = string2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - status = deflate(strm, _mode); /* no bad return value */ - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - if (strm.avail_out === 0 || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = deflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - /** - * Deflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - /** - * Deflate#onEnd(status) -> Void - * - status (Number): deflate status. 0 (Z_OK) on success, - * other if not. - * - * Called once after you tell deflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -// See state defs from inflate.js -const BAD = 30; /* got a data error -- remain here until reset */ -const TYPE = 12; /* i: waiting for type bits, including last-flag bit */ - -/* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is - available, an end-of-block is encountered, or a data error is encountered. - When large enough input and output buffers are supplied to inflate(), for - example, a 16K input buffer and a 64K output buffer, more than 95% of the - inflate execution time is spent in this routine. - - Entry assumptions: - - state.mode === LEN - strm.avail_in >= 6 - strm.avail_out >= 258 - start >= strm.avail_out - state.bits < 8 - - On return, state.mode is one of: - - LEN -- ran out of enough output space or enough available input - TYPE -- reached end of block code, inflate() to interpret next block - BAD -- error in block data - - Notes: - - - The maximum input bits used by a length/distance pair is 15 bits for the - length code, 5 bits for the length extra, 15 bits for the distance code, - and 13 bits for the distance extra. This totals 48 bits, or six bytes. - Therefore if strm.avail_in >= 6, then there is enough input to avoid - checking for available input while decoding. - - - The maximum bytes that a single length/distance pair can output is 258 - bytes, which is the maximum length that can be coded. inflate_fast() - requires strm.avail_out >= 258 for each loop to avoid checking for - output space. - */ -function inflate_fast(strm, start) { - let _in; /* local strm.input */ - let _out; /* local strm.output */ - // Use `s_window` instead `window`, avoid conflict with instrumentation tools - let hold; /* local strm.hold */ - let bits; /* local strm.bits */ - let here; /* retrieved table entry */ - let op; /* code bits, operation, extra bits, or */ - /* window position, window bytes to copy */ - let len; /* match length, unused bytes */ - let dist; /* match distance */ - let from; /* where to copy match from */ - let from_source; - - - - /* copy state to local variables */ - const state = strm.state; - //here = state.here; - _in = strm.next_in; - const input = strm.input; - const last = _in + (strm.avail_in - 5); - _out = strm.next_out; - const output = strm.output; - const beg = _out - (start - strm.avail_out); - const end = _out + (strm.avail_out - 257); - //#ifdef INFLATE_STRICT - const dmax = state.dmax; - //#endif - const wsize = state.wsize; - const whave = state.whave; - const wnext = state.wnext; - const s_window = state.window; - hold = state.hold; - bits = state.bits; - const lcode = state.lencode; - const dcode = state.distcode; - const lmask = (1 << state.lenbits) - 1; - const dmask = (1 << state.distbits) - 1; - - - /* decode literals and length/distances until end-of-block or not enough - input data or output space */ - - top: - do { - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - - here = lcode[hold & lmask]; - - dolen: - for (;;) { // Goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - if (op === 0) { /* literal */ - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - output[_out++] = here & 0xffff/*here.val*/; - } else if (op & 16) { /* length base */ - len = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - len += hold & (1 << op) - 1; - hold >>>= op; - bits -= op; - } - //Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { - hold += input[_in++] << bits; - bits += 8; - hold += input[_in++] << bits; - bits += 8; - } - here = dcode[hold & dmask]; - - dodist: - for (;;) { // goto emulation - op = here >>> 24/*here.bits*/; - hold >>>= op; - bits -= op; - op = here >>> 16 & 0xff/*here.op*/; - - if (op & 16) { /* distance base */ - dist = here & 0xffff/*here.val*/; - op &= 15; /* number of extra bits */ - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - if (bits < op) { - hold += input[_in++] << bits; - bits += 8; - } - } - dist += hold & (1 << op) - 1; - //#ifdef INFLATE_STRICT - if (dist > dmax) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - //#endif - hold >>>= op; - bits -= op; - //Tracevv((stderr, "inflate: distance %u\n", dist)); - op = _out - beg; /* max distance in output */ - if (dist > op) { /* see if copy from window */ - op = dist - op; /* distance back in window */ - if (op > whave) { - if (state.sane) { - strm.msg = "invalid distance too far back"; - state.mode = BAD; - break top; - } - - // (!) This block is disabled in zlib defaults, - // don't enable it for binary compatibility - //#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - // if (len <= op - whave) { - // do { - // output[_out++] = 0; - // } while (--len); - // continue top; - // } - // len -= op - whave; - // do { - // output[_out++] = 0; - // } while (--op > whave); - // if (op === 0) { - // from = _out - dist; - // do { - // output[_out++] = output[from++]; - // } while (--len); - // continue top; - // } - //#endif - } - from = 0; // window index - from_source = s_window; - if (wnext === 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; - if (op < len) { /* some from end of window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = 0; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - } else { /* contiguous in window */ - from += wnext - op; - if (op < len) { /* some from window */ - len -= op; - do { - output[_out++] = s_window[from++]; - } while (--op); - from = _out - dist; /* rest from output */ - from_source = output; - } - } - while (len > 2) { - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - output[_out++] = from_source[from++]; - len -= 3; - } - if (len) { - output[_out++] = from_source[from++]; - if (len > 1) { - output[_out++] = from_source[from++]; - } - } - } else { - from = _out - dist; /* copy direct from output */ - do { /* minimum length is three */ - output[_out++] = output[from++]; - output[_out++] = output[from++]; - output[_out++] = output[from++]; - len -= 3; - } while (len > 2); - if (len) { - output[_out++] = output[from++]; - if (len > 1) { - output[_out++] = output[from++]; - } - } - } - } else if ((op & 64) === 0) { /* 2nd level distance code */ - here = dcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dodist; - } else { - strm.msg = "invalid distance code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } else if ((op & 64) === 0) { /* 2nd level length code */ - here = lcode[(here & 0xffff)/*here.val*/ + (hold & (1 << op) - 1)]; - continue dolen; - } else if (op & 32) { /* end-of-block */ - //Tracevv((stderr, "inflate: end of block\n")); - state.mode = TYPE; - break top; - } else { - strm.msg = "invalid literal/length code"; - state.mode = BAD; - break top; - } - - break; // need to emulate goto via "continue" - } - } while (_in < last && _out < end); - - /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ - len = bits >> 3; - _in -= len; - bits -= len << 3; - hold &= (1 << bits) - 1; - - /* update state and return */ - strm.next_in = _in; - strm.next_out = _out; - strm.avail_in = _in < last ? 5 + (last - _in) : 5 - (_in - last); - strm.avail_out = _out < end ? 257 + (end - _out) : 257 - (_out - end); - state.hold = hold; - state.bits = bits; - return; -} - -const MAXBITS = 15; -const ENOUGH_LENS = 852; -const ENOUGH_DISTS = 592; -//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS); - -const CODES = 0; -const LENS = 1; -const DISTS = 2; - -const lbase = [ /* Length codes 257..285 base */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 -]; - -const lext = [ /* Length codes 257..285 extra */ - 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78 -]; - -const dbase = [ /* Distance codes 0..29 base */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577, 0, 0 -]; - -const dext = [ /* Distance codes 0..29 extra */ - 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, - 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, - 28, 28, 29, 29, 64, 64 -]; - -function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts) { - const bits = opts.bits; - //here = opts.here; /* table entry for duplication */ - - let len = 0; /* a code's length in bits */ - let sym = 0; /* index of code symbols */ - let min = 0, max = 0; /* minimum and maximum code lengths */ - let root = 0; /* number of index bits for root table */ - let curr = 0; /* number of index bits for current table */ - let drop = 0; /* code bits to drop for sub-table */ - let left = 0; /* number of prefix codes available */ - let used = 0; /* code entries in table used */ - let huff = 0; /* Huffman code */ - let incr; /* for incrementing code, index */ - let fill; /* index for replicating entries */ - let low; /* low bits for current root entry */ - let next; /* next available space in table */ - let base = null; /* base value table to use */ - let base_index = 0; - // var shoextra; /* extra bits table to use */ - let end; /* use base and extra for symbol > end */ - const count = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* number of codes of each length */ - const offs = new Buf16(MAXBITS + 1); //[MAXBITS+1]; /* offsets in table for each length */ - let extra = null; - let extra_index = 0; - - let here_bits, here_op, here_val; - - /* - Process a set of code lengths to create a canonical Huffman code. The - code lengths are lens[0..codes-1]. Each length corresponds to the - symbols 0..codes-1. The Huffman code is generated by first sorting the - symbols by length from short to long, and retaining the symbol order - for codes with equal lengths. Then the code starts with all zero bits - for the first code of the shortest length, and the codes are integer - increments for the same length, and zeros are appended as the length - increases. For the deflate format, these bits are stored backwards - from their more natural integer increment ordering, and so when the - decoding tables are built in the large loop below, the integer codes - are incremented backwards. - - This routine assumes, but does not check, that all of the entries in - lens[] are in the range 0..MAXBITS. The caller must assure this. - 1..MAXBITS is interpreted as that code length. zero means that that - symbol does not occur in this code. - - The codes are sorted by computing a count of codes for each length, - creating from that a table of starting indices for each length in the - sorted table, and then entering the symbols in order in the sorted - table. The sorted table is work[], with that space being provided by - the caller. - - The length counts are used for other purposes as well, i.e. finding - the minimum and maximum length codes, determining if there are any - codes at all, checking for a valid set of lengths, and looking ahead - at length counts to determine sub-table sizes when building the - decoding tables. - */ - - /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ - for (len = 0; len <= MAXBITS; len++) { - count[len] = 0; - } - for (sym = 0; sym < codes; sym++) { - count[lens[lens_index + sym]]++; - } - - /* bound code lengths, force root to be within code lengths */ - root = bits; - for (max = MAXBITS; max >= 1; max--) { - if (count[max] !== 0) { - break; - } - } - if (root > max) { - root = max; - } - if (max === 0) { /* no symbols to code at all */ - //table.op[opts.table_index] = 64; //here.op = (var char)64; /* invalid code marker */ - //table.bits[opts.table_index] = 1; //here.bits = (var char)1; - //table.val[opts.table_index++] = 0; //here.val = (var short)0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - - //table.op[opts.table_index] = 64; - //table.bits[opts.table_index] = 1; - //table.val[opts.table_index++] = 0; - table[table_index++] = 1 << 24 | 64 << 16 | 0; - - opts.bits = 1; - return 0; /* no symbols, but wait for decoding to report error */ - } - for (min = 1; min < max; min++) { - if (count[min] !== 0) { - break; - } - } - if (root < min) { - root = min; - } - - /* check for an over-subscribed or incomplete set of lengths */ - left = 1; - for (len = 1; len <= MAXBITS; len++) { - left <<= 1; - left -= count[len]; - if (left < 0) { - return -1; - } /* over-subscribed */ - } - if (left > 0 && (type === CODES || max !== 1)) { - return -1; /* incomplete set */ - } - - /* generate offsets into symbol table for each length for sorting */ - offs[1] = 0; - for (len = 1; len < MAXBITS; len++) { - offs[len + 1] = offs[len] + count[len]; - } - - /* sort symbols by length, by symbol order within each length */ - for (sym = 0; sym < codes; sym++) { - if (lens[lens_index + sym] !== 0) { - work[offs[lens[lens_index + sym]]++] = sym; - } - } - - /* - Create and fill in decoding tables. In this loop, the table being - filled is at next and has curr index bits. The code being used is huff - with length len. That code is converted to an index by dropping drop - bits off of the bottom. For codes where len is less than drop + curr, - those top drop + curr - len bits are incremented through all values to - fill the table with replicated entries. - - root is the number of index bits for the root table. When len exceeds - root, sub-tables are created pointed to by the root entry with an index - of the low root bits of huff. This is saved in low to check for when a - new sub-table should be started. drop is zero when the root table is - being filled, and drop is root when sub-tables are being filled. - - When a new sub-table is needed, it is necessary to look ahead in the - code lengths to determine what size sub-table is needed. The length - counts are used for this, and so count[] is decremented as codes are - entered in the tables. - - used keeps track of how many table entries have been allocated from the - provided *table space. It is checked for LENS and DIST tables against - the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in - the initial root table size constants. See the comments in inftrees.h - for more information. - - sym increments through all symbols, and the loop terminates when - all codes of length max, i.e. all codes, have been processed. This - routine permits incomplete codes, so another loop after this one fills - in the rest of the decoding tables with invalid code markers. - */ - - /* set up for code type */ - // poor man optimization - use if-else instead of switch, - // to avoid deopts in old v8 - if (type === CODES) { - base = extra = work; /* dummy value--not used */ - end = 19; - - } else if (type === LENS) { - base = lbase; - base_index -= 257; - extra = lext; - extra_index -= 257; - end = 256; - - } else { /* DISTS */ - base = dbase; - extra = dext; - end = -1; - } - - /* initialize opts for loop */ - huff = 0; /* starting code */ - sym = 0; /* starting code symbol */ - len = min; /* starting code length */ - next = table_index; /* current table to fill in */ - curr = root; /* current table index bits */ - drop = 0; /* current bits to drop from code for index */ - low = -1; /* trigger new sub-table when len > root */ - used = 1 << root; /* use root table entries */ - const mask = used - 1; /* mask for comparing low */ - - /* check available table space */ - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* process all codes and make table entries */ - for (;;) { - /* create table entry */ - here_bits = len - drop; - if (work[sym] < end) { - here_op = 0; - here_val = work[sym]; - } else if (work[sym] > end) { - here_op = extra[extra_index + work[sym]]; - here_val = base[base_index + work[sym]]; - } else { - here_op = 32 + 64; /* end of block */ - here_val = 0; - } - - /* replicate for those indices with low len bits equal to huff */ - incr = 1 << len - drop; - fill = 1 << curr; - min = fill; /* save offset to next table */ - do { - fill -= incr; - table[next + (huff >> drop) + fill] = here_bits << 24 | here_op << 16 | here_val |0; - } while (fill !== 0); - - /* backwards increment the len-bit code huff */ - incr = 1 << len - 1; - while (huff & incr) { - incr >>= 1; - } - if (incr !== 0) { - huff &= incr - 1; - huff += incr; - } else { - huff = 0; - } - - /* go to next symbol, update count, len */ - sym++; - if (--count[len] === 0) { - if (len === max) { - break; - } - len = lens[lens_index + work[sym]]; - } - - /* create new sub-table if needed */ - if (len > root && (huff & mask) !== low) { - /* if first time, transition to sub-tables */ - if (drop === 0) { - drop = root; - } - - /* increment past last table */ - next += min; /* here min is 1 << curr */ - - /* determine length of next table */ - curr = len - drop; - left = 1 << curr; - while (curr + drop < max) { - left -= count[curr + drop]; - if (left <= 0) { - break; - } - curr++; - left <<= 1; - } - - /* check for enough space */ - used += 1 << curr; - if (type === LENS && used > ENOUGH_LENS || - type === DISTS && used > ENOUGH_DISTS) { - return 1; - } - - /* point entry in root table to sub-table */ - low = huff & mask; - /*table.op[low] = curr; - table.bits[low] = root; - table.val[low] = next - opts.table_index;*/ - table[low] = root << 24 | curr << 16 | next - table_index |0; - } - } - - /* fill in remaining table entry if code is incomplete (guaranteed to have - at most one remaining entry, since if the code is incomplete, the - maximum code length that was allowed to get this far is one bit) */ - if (huff !== 0) { - //table.op[next + huff] = 64; /* invalid code marker */ - //table.bits[next + huff] = len - drop; - //table.val[next + huff] = 0; - table[next + huff] = len - drop << 24 | 64 << 16 |0; - } - - /* set return parameters */ - //opts.table_index += used; - opts.bits = root; - return 0; -} - -const CODES$1 = 0; -const LENS$1 = 1; -const DISTS$1 = 2; - -/* STATES ====================================================================*/ -/* ===========================================================================*/ - - -const HEAD = 1; /* i: waiting for magic header */ -const FLAGS = 2; /* i: waiting for method and flags (gzip) */ -const TIME = 3; /* i: waiting for modification time (gzip) */ -const OS = 4; /* i: waiting for extra flags and operating system (gzip) */ -const EXLEN = 5; /* i: waiting for extra length (gzip) */ -const EXTRA = 6; /* i: waiting for extra bytes (gzip) */ -const NAME = 7; /* i: waiting for end of file name (gzip) */ -const COMMENT = 8; /* i: waiting for end of comment (gzip) */ -const HCRC = 9; /* i: waiting for header crc (gzip) */ -const DICTID = 10; /* i: waiting for dictionary check value */ -const DICT = 11; /* waiting for inflateSetDictionary() call */ -const TYPE$1 = 12; /* i: waiting for type bits, including last-flag bit */ -const TYPEDO = 13; /* i: same, but skip check to exit inflate on new block */ -const STORED = 14; /* i: waiting for stored size (length and complement) */ -const COPY_ = 15; /* i/o: same as COPY below, but only first time in */ -const COPY = 16; /* i/o: waiting for input or output to copy stored block */ -const TABLE = 17; /* i: waiting for dynamic block table lengths */ -const LENLENS = 18; /* i: waiting for code length code lengths */ -const CODELENS = 19; /* i: waiting for length/lit and distance code lengths */ -const LEN_ = 20; /* i: same as LEN below, but only first time in */ -const LEN = 21; /* i: waiting for length/lit/eob code */ -const LENEXT = 22; /* i: waiting for length extra bits */ -const DIST = 23; /* i: waiting for distance code */ -const DISTEXT = 24; /* i: waiting for distance extra bits */ -const MATCH = 25; /* o: waiting for output space to copy string */ -const LIT = 26; /* o: waiting for output space to write literal */ -const CHECK = 27; /* i: waiting for 32-bit check value */ -const LENGTH = 28; /* i: waiting for 32-bit length (gzip) */ -const DONE = 29; /* finished check, done -- remain here until reset */ -const BAD$1 = 30; /* got a data error -- remain here until reset */ -//const MEM = 31; /* got an inflate() memory error -- remain here until reset */ -const SYNC = 32; /* looking for synchronization bytes to restart inflate() */ - -/* ===========================================================================*/ - - - -const ENOUGH_LENS$1 = 852; -const ENOUGH_DISTS$1 = 592; - - -function zswap32(q) { - return (((q >>> 24) & 0xff) + - ((q >>> 8) & 0xff00) + - ((q & 0xff00) << 8) + - ((q & 0xff) << 24)); -} - - -class InflateState { - constructor() { - this.mode = 0; /* current inflate mode */ - this.last = false; /* true if processing last block */ - this.wrap = 0; /* bit 0 true for zlib, bit 1 true for gzip */ - this.havedict = false; /* true if dictionary provided */ - this.flags = 0; /* gzip header method and flags (0 if zlib) */ - this.dmax = 0; /* zlib header max distance (INFLATE_STRICT) */ - this.check = 0; /* protected copy of check value */ - this.total = 0; /* protected copy of output count */ - // TODO: may be {} - this.head = null; /* where to save gzip header information */ - - /* sliding window */ - this.wbits = 0; /* log base 2 of requested window size */ - this.wsize = 0; /* window size or zero if not using window */ - this.whave = 0; /* valid bytes in the window */ - this.wnext = 0; /* window write index */ - this.window = null; /* allocated sliding window, if needed */ - - /* bit accumulator */ - this.hold = 0; /* input bit accumulator */ - this.bits = 0; /* number of bits in "in" */ - - /* for string and stored block copying */ - this.length = 0; /* literal or length of data to copy */ - this.offset = 0; /* distance back to copy string from */ - - /* for table and code decoding */ - this.extra = 0; /* extra bits needed */ - - /* fixed and dynamic code tables */ - this.lencode = null; /* starting table for length/literal codes */ - this.distcode = null; /* starting table for distance codes */ - this.lenbits = 0; /* index bits for lencode */ - this.distbits = 0; /* index bits for distcode */ - - /* dynamic table building */ - this.ncode = 0; /* number of code length code lengths */ - this.nlen = 0; /* number of length code lengths */ - this.ndist = 0; /* number of distance code lengths */ - this.have = 0; /* number of code lengths in lens[] */ - this.next = null; /* next available space in codes[] */ - - this.lens = new Buf16(320); /* temporary storage for code lengths */ - this.work = new Buf16(288); /* work area for code table building */ - - /* - because we don't have pointers in js, we use lencode and distcode directly - as buffers so we don't need codes - */ - //this.codes = new utils.Buf32(ENOUGH); /* space for code tables */ - this.lendyn = null; /* dynamic table for length/literal codes (JS specific) */ - this.distdyn = null; /* dynamic table for distance codes (JS specific) */ - this.sane = 0; /* if false, allow invalid distance too far */ - this.back = 0; /* bits back of last unprocessed length/lit */ - this.was = 0; /* initial length of match */ - } -} - -function inflateResetKeep(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - strm.total_in = strm.total_out = state.total = 0; - strm.msg = ''; /*Z_NULL*/ - if (state.wrap) { /* to support ill-conceived Java test suite */ - strm.adler = state.wrap & 1; - } - state.mode = HEAD; - state.last = 0; - state.havedict = 0; - state.dmax = 32768; - state.head = null/*Z_NULL*/; - state.hold = 0; - state.bits = 0; - //state.lencode = state.distcode = state.next = state.codes; - state.lencode = state.lendyn = new Buf32(ENOUGH_LENS$1); - state.distcode = state.distdyn = new Buf32(ENOUGH_DISTS$1); - - state.sane = 1; - state.back = -1; - //Tracev((stderr, "inflate: reset\n")); - return Z_OK; -} - -function inflateReset(strm) { - let state; - - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - state.wsize = 0; - state.whave = 0; - state.wnext = 0; - return inflateResetKeep(strm); - -} - -function inflateReset2(strm, windowBits) { - let wrap; - let state; - - /* get the state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - - /* extract wrap request from windowBits parameter */ - if (windowBits < 0) { - wrap = 0; - windowBits = -windowBits; - } - else { - wrap = (windowBits >> 4) + 1; - if (windowBits < 48) { - windowBits &= 15; - } - } - - /* set number of window bits, free window if different */ - if (windowBits && (windowBits < 8 || windowBits > 15)) { - return Z_STREAM_ERROR; - } - if (state.window !== null && state.wbits !== windowBits) { - state.window = null; - } - - /* update state and reset the rest of it */ - state.wrap = wrap; - state.wbits = windowBits; - return inflateReset(strm); -} - -function inflateInit2(strm, windowBits) { - let ret; - let state; - - if (!strm) { return Z_STREAM_ERROR; } - //strm.msg = Z_NULL; /* in case we return an error */ - - state = new InflateState(); - - //if (state === Z_NULL) return Z_MEM_ERROR; - //Tracev((stderr, "inflate: allocated\n")); - strm.state = state; - state.window = null/*Z_NULL*/; - ret = inflateReset2(strm, windowBits); - if (ret !== Z_OK) { - strm.state = null/*Z_NULL*/; - } - return ret; -} - - -/* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ -let virgin = true; - -let lenfix, distfix; // We have no pointers in JS, so keep tables separate - -function fixedtables(state) { - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - let sym; - - lenfix = new Buf32(512); - distfix = new Buf32(32); - - /* literal/length table */ - sym = 0; - while (sym < 144) { state.lens[sym++] = 8; } - while (sym < 256) { state.lens[sym++] = 9; } - while (sym < 280) { state.lens[sym++] = 7; } - while (sym < 288) { state.lens[sym++] = 8; } - - inflate_table(LENS$1, state.lens, 0, 288, lenfix, 0, state.work, { bits: 9 }); - - /* distance table */ - sym = 0; - while (sym < 32) { state.lens[sym++] = 5; } - - inflate_table(DISTS$1, state.lens, 0, 32, distfix, 0, state.work, { bits: 5 }); - - /* do this just once */ - virgin = false; - } - - state.lencode = lenfix; - state.lenbits = 9; - state.distcode = distfix; - state.distbits = 5; -} - - -/* - Update the window with the last wsize (normally 32K) bytes written before - returning. If window does not exist yet, create it. This is only called - when a window is already in use, or when output has been written during this - inflate call, but the end of the deflate stream has not been reached yet. - It is also called to create a window for dictionary data when a dictionary - is loaded. - - Providing output buffers larger than 32K to inflate() should provide a speed - advantage, since only the last 32K of output is copied to the sliding window - upon return from inflate(), and since all distances after the first 32K of - output will fall in the output data, making match copies simpler and faster. - The advantage may be dependent on the size of the processor's data caches. - */ -function updatewindow(strm, src, end, copy) { - let dist; - const state = strm.state; - - /* if it hasn't been done already, allocate space for the window */ - if (state.window === null) { - state.wsize = 1 << state.wbits; - state.wnext = 0; - state.whave = 0; - - state.window = new Buf8(state.wsize); - } - - /* copy state->wsize or less output bytes into the circular window */ - if (copy >= state.wsize) { - arraySet(state.window, src, end - state.wsize, state.wsize, 0); - state.wnext = 0; - state.whave = state.wsize; - } - else { - dist = state.wsize - state.wnext; - if (dist > copy) { - dist = copy; - } - //zmemcpy(state->window + state->wnext, end - copy, dist); - arraySet(state.window, src, end - copy, dist, state.wnext); - copy -= dist; - if (copy) { - //zmemcpy(state->window, end - copy, copy); - arraySet(state.window, src, end - copy, copy, 0); - state.wnext = copy; - state.whave = state.wsize; - } - else { - state.wnext += dist; - if (state.wnext === state.wsize) { state.wnext = 0; } - if (state.whave < state.wsize) { state.whave += dist; } - } - } - return 0; -} - -function inflate(strm, flush) { - let state; - let input, output; // input/output buffers - let next; /* next input INDEX */ - let put; /* next output INDEX */ - let have, left; /* available input and output */ - let hold; /* bit buffer */ - let bits; /* bits in bit buffer */ - let _in, _out; /* save starting available input and output */ - let copy; /* number of stored or match bytes to copy */ - let from; /* where to copy match bytes from */ - let from_source; - let here = 0; /* current decoding table entry */ - let here_bits, here_op, here_val; // paked "here" denormalized (JS specific) - //var last; /* parent table entry */ - let last_bits, last_op, last_val; // paked "last" denormalized (JS specific) - let len; /* length to copy for repeats, bits to drop */ - let ret; /* return code */ - let hbuf = new Buf8(4); /* buffer for gzip header crc calculation */ - let opts; - - let n; // temporary var for NEED_BITS - - const order = /* permutation of code lengths */ - [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ]; - - - if (!strm || !strm.state || !strm.output || - (!strm.input && strm.avail_in !== 0)) { - return Z_STREAM_ERROR; - } - - state = strm.state; - if (state.mode === TYPE$1) { state.mode = TYPEDO; } /* skip check */ - - - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - _in = have; - _out = left; - ret = Z_OK; - - inf_leave: // goto emulation - for (;;) { - switch (state.mode) { - case HEAD: - if (state.wrap === 0) { - state.mode = TYPEDO; - break; - } - //=== NEEDBITS(16); - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((state.wrap & 2) && hold === 0x8b1f) { /* gzip header */ - state.check = 0/*crc32(0L, Z_NULL, 0)*/; - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = FLAGS; - break; - } - state.flags = 0; /* expect zlib header */ - if (state.head) { - state.head.done = false; - } - if (!(state.wrap & 1) || /* check if zlib header allowed */ - (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) { - strm.msg = 'incorrect header check'; - state.mode = BAD$1; - break; - } - if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// - len = (hold & 0x0f)/*BITS(4)*/ + 8; - if (state.wbits === 0) { - state.wbits = len; - } - else if (len > state.wbits) { - strm.msg = 'invalid window size'; - state.mode = BAD$1; - break; - } - state.dmax = 1 << len; - //Tracev((stderr, "inflate: zlib header ok\n")); - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = hold & 0x200 ? DICTID : TYPE$1; - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - break; - case FLAGS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.flags = hold; - if ((state.flags & 0xff) !== Z_DEFLATED) { - strm.msg = 'unknown compression method'; - state.mode = BAD$1; - break; - } - if (state.flags & 0xe000) { - strm.msg = 'unknown header flags set'; - state.mode = BAD$1; - break; - } - if (state.head) { - state.head.text = ((hold >> 8) & 1); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = TIME; - /* falls through */ - case TIME: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.time = hold; - } - if (state.flags & 0x0200) { - //=== CRC4(state.check, hold) - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - hbuf[2] = (hold >>> 16) & 0xff; - hbuf[3] = (hold >>> 24) & 0xff; - state.check = crc32(state.check, hbuf, 4, 0); - //=== - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = OS; - /* falls through */ - case OS: - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (state.head) { - state.head.xflags = (hold & 0xff); - state.head.os = (hold >> 8); - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = EXLEN; - /* falls through */ - case EXLEN: - if (state.flags & 0x0400) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length = hold; - if (state.head) { - state.head.extra_len = hold; - } - if (state.flags & 0x0200) { - //=== CRC2(state.check, hold); - hbuf[0] = hold & 0xff; - hbuf[1] = (hold >>> 8) & 0xff; - state.check = crc32(state.check, hbuf, 2, 0); - //===// - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - else if (state.head) { - state.head.extra = null/*Z_NULL*/; - } - state.mode = EXTRA; - /* falls through */ - case EXTRA: - if (state.flags & 0x0400) { - copy = state.length; - if (copy > have) { copy = have; } - if (copy) { - if (state.head) { - len = state.head.extra_len - state.length; - if (!state.head.extra) { - // Use untyped array for more convenient processing later - state.head.extra = new Array(state.head.extra_len); - } - arraySet( - state.head.extra, - input, - next, - // extra field is limited to 65536 bytes - // - no need for additional size check - copy, - /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/ - len - ); - //zmemcpy(state.head.extra + len, next, - // len + copy > state.head.extra_max ? - // state.head.extra_max - len : copy); - } - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - state.length -= copy; - } - if (state.length) { break inf_leave; } - } - state.length = 0; - state.mode = NAME; - /* falls through */ - case NAME: - if (state.flags & 0x0800) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - // TODO: 2 or 1 bytes? - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.name_max*/)) { - state.head.name += String.fromCharCode(len); - } - } while (len && copy < have); - - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.name = null; - } - state.length = 0; - state.mode = COMMENT; - /* falls through */ - case COMMENT: - if (state.flags & 0x1000) { - if (have === 0) { break inf_leave; } - copy = 0; - do { - len = input[next + copy++]; - /* use constant limit because in js we should not preallocate memory */ - if (state.head && len && - (state.length < 65536 /*state.head.comm_max*/)) { - state.head.comment += String.fromCharCode(len); - } - } while (len && copy < have); - if (state.flags & 0x0200) { - state.check = crc32(state.check, input, copy, next); - } - have -= copy; - next += copy; - if (len) { break inf_leave; } - } - else if (state.head) { - state.head.comment = null; - } - state.mode = HCRC; - /* falls through */ - case HCRC: - if (state.flags & 0x0200) { - //=== NEEDBITS(16); */ - while (bits < 16) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.check & 0xffff)) { - strm.msg = 'header crc mismatch'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - } - if (state.head) { - state.head.hcrc = ((state.flags >> 9) & 1); - state.head.done = true; - } - strm.adler = state.check = 0; - state.mode = TYPE$1; - break; - case DICTID: - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - strm.adler = state.check = zswap32(hold); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = DICT; - /* falls through */ - case DICT: - if (state.havedict === 0) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - return Z_NEED_DICT; - } - strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/; - state.mode = TYPE$1; - /* falls through */ - case TYPE$1: - if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; } - /* falls through */ - case TYPEDO: - if (state.last) { - //--- BYTEBITS() ---// - hold >>>= bits & 7; - bits -= bits & 7; - //---// - state.mode = CHECK; - break; - } - //=== NEEDBITS(3); */ - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.last = (hold & 0x01)/*BITS(1)*/; - //--- DROPBITS(1) ---// - hold >>>= 1; - bits -= 1; - //---// - - switch ((hold & 0x03)/*BITS(2)*/) { - case 0: /* stored block */ - //Tracev((stderr, "inflate: stored block%s\n", - // state.last ? " (last)" : "")); - state.mode = STORED; - break; - case 1: /* fixed block */ - fixedtables(state); - //Tracev((stderr, "inflate: fixed codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = LEN_; /* decode codes */ - if (flush === Z_TREES) { - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break inf_leave; - } - break; - case 2: /* dynamic block */ - //Tracev((stderr, "inflate: dynamic codes block%s\n", - // state.last ? " (last)" : "")); - state.mode = TABLE; - break; - case 3: - strm.msg = 'invalid block type'; - state.mode = BAD$1; - } - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - break; - case STORED: - //--- BYTEBITS() ---// /* go to byte boundary */ - hold >>>= bits & 7; - bits -= bits & 7; - //---// - //=== NEEDBITS(32); */ - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) { - strm.msg = 'invalid stored block lengths'; - state.mode = BAD$1; - break; - } - state.length = hold & 0xffff; - //Tracev((stderr, "inflate: stored length %u\n", - // state.length)); - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - state.mode = COPY_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case COPY_: - state.mode = COPY; - /* falls through */ - case COPY: - copy = state.length; - if (copy) { - if (copy > have) { copy = have; } - if (copy > left) { copy = left; } - if (copy === 0) { break inf_leave; } - //--- zmemcpy(put, next, copy); --- - arraySet(output, input, next, copy, put); - //---// - have -= copy; - next += copy; - left -= copy; - put += copy; - state.length -= copy; - break; - } - //Tracev((stderr, "inflate: stored end\n")); - state.mode = TYPE$1; - break; - case TABLE: - //=== NEEDBITS(14); */ - while (bits < 14) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1; - //--- DROPBITS(5) ---// - hold >>>= 5; - bits -= 5; - //---// - state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4; - //--- DROPBITS(4) ---// - hold >>>= 4; - bits -= 4; - //---// -//#ifndef PKZIP_BUG_WORKAROUND - if (state.nlen > 286 || state.ndist > 30) { - strm.msg = 'too many length or distance symbols'; - state.mode = BAD$1; - break; - } -//#endif - //Tracev((stderr, "inflate: table sizes ok\n")); - state.have = 0; - state.mode = LENLENS; - /* falls through */ - case LENLENS: - while (state.have < state.ncode) { - //=== NEEDBITS(3); - while (bits < 3) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.lens[order[state.have++]] = (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - while (state.have < 19) { - state.lens[order[state.have++]] = 0; - } - // We have separate tables & no pointers. 2 commented lines below not needed. - //state.next = state.codes; - //state.lencode = state.next; - // Switch to use dynamic table - state.lencode = state.lendyn; - state.lenbits = 7; - - opts = { bits: state.lenbits }; - ret = inflate_table(CODES$1, state.lens, 0, 19, state.lencode, 0, state.work, opts); - state.lenbits = opts.bits; - - if (ret) { - strm.msg = 'invalid code lengths set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, "inflate: code lengths ok\n")); - state.have = 0; - state.mode = CODELENS; - /* falls through */ - case CODELENS: - while (state.have < state.nlen + state.ndist) { - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_val < 16) { - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.lens[state.have++] = here_val; - } - else { - if (here_val === 16) { - //=== NEEDBITS(here.bits + 2); - n = here_bits + 2; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - if (state.have === 0) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - len = state.lens[state.have - 1]; - copy = 3 + (hold & 0x03);//BITS(2); - //--- DROPBITS(2) ---// - hold >>>= 2; - bits -= 2; - //---// - } - else if (here_val === 17) { - //=== NEEDBITS(here.bits + 3); - n = here_bits + 3; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 3 + (hold & 0x07);//BITS(3); - //--- DROPBITS(3) ---// - hold >>>= 3; - bits -= 3; - //---// - } - else { - //=== NEEDBITS(here.bits + 7); - n = here_bits + 7; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - len = 0; - copy = 11 + (hold & 0x7f);//BITS(7); - //--- DROPBITS(7) ---// - hold >>>= 7; - bits -= 7; - //---// - } - if (state.have + copy > state.nlen + state.ndist) { - strm.msg = 'invalid bit length repeat'; - state.mode = BAD$1; - break; - } - while (copy--) { - state.lens[state.have++] = len; - } - } - } - - /* handle error breaks in while */ - if (state.mode === BAD$1) { break; } - - /* check for end-of-block code (better have one) */ - if (state.lens[256] === 0) { - strm.msg = 'invalid code -- missing end-of-block'; - state.mode = BAD$1; - break; - } - - /* build code tables -- note: do not change the lenbits or distbits - values here (9 and 6) without reading the comments in inftrees.h - concerning the ENOUGH constants, which depend on those values */ - state.lenbits = 9; - - opts = { bits: state.lenbits }; - ret = inflate_table(LENS$1, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.lenbits = opts.bits; - // state.lencode = state.next; - - if (ret) { - strm.msg = 'invalid literal/lengths set'; - state.mode = BAD$1; - break; - } - - state.distbits = 6; - //state.distcode.copy(state.codes); - // Switch to use dynamic table - state.distcode = state.distdyn; - opts = { bits: state.distbits }; - ret = inflate_table(DISTS$1, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts); - // We have separate tables & no pointers. 2 commented lines below not needed. - // state.next_index = opts.table_index; - state.distbits = opts.bits; - // state.distcode = state.next; - - if (ret) { - strm.msg = 'invalid distances set'; - state.mode = BAD$1; - break; - } - //Tracev((stderr, 'inflate: codes ok\n')); - state.mode = LEN_; - if (flush === Z_TREES) { break inf_leave; } - /* falls through */ - case LEN_: - state.mode = LEN; - /* falls through */ - case LEN: - if (have >= 6 && left >= 258) { - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - inflate_fast(strm, _out); - //--- LOAD() --- - put = strm.next_out; - output = strm.output; - left = strm.avail_out; - next = strm.next_in; - input = strm.input; - have = strm.avail_in; - hold = state.hold; - bits = state.bits; - //--- - - if (state.mode === TYPE$1) { - state.back = -1; - } - break; - } - state.back = 0; - for (;;) { - here = state.lencode[hold & ((1 << state.lenbits) - 1)]; /*BITS(state.lenbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if (here_bits <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if (here_op && (here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.lencode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - state.length = here_val; - if (here_op === 0) { - //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - // "inflate: literal '%c'\n" : - // "inflate: literal 0x%02x\n", here.val)); - state.mode = LIT; - break; - } - if (here_op & 32) { - //Tracevv((stderr, "inflate: end of block\n")); - state.back = -1; - state.mode = TYPE$1; - break; - } - if (here_op & 64) { - strm.msg = 'invalid literal/length code'; - state.mode = BAD$1; - break; - } - state.extra = here_op & 15; - state.mode = LENEXT; - /* falls through */ - case LENEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } - //Tracevv((stderr, "inflate: length %u\n", state.length)); - state.was = state.length; - state.mode = DIST; - /* falls through */ - case DIST: - for (;;) { - here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/ - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - if ((here_op & 0xf0) === 0) { - last_bits = here_bits; - last_op = here_op; - last_val = here_val; - for (;;) { - here = state.distcode[last_val + - ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)]; - here_bits = here >>> 24; - here_op = (here >>> 16) & 0xff; - here_val = here & 0xffff; - - if ((last_bits + here_bits) <= bits) { break; } - //--- PULLBYTE() ---// - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - //---// - } - //--- DROPBITS(last.bits) ---// - hold >>>= last_bits; - bits -= last_bits; - //---// - state.back += last_bits; - } - //--- DROPBITS(here.bits) ---// - hold >>>= here_bits; - bits -= here_bits; - //---// - state.back += here_bits; - if (here_op & 64) { - strm.msg = 'invalid distance code'; - state.mode = BAD$1; - break; - } - state.offset = here_val; - state.extra = (here_op) & 15; - state.mode = DISTEXT; - /* falls through */ - case DISTEXT: - if (state.extra) { - //=== NEEDBITS(state.extra); - n = state.extra; - while (bits < n) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/; - //--- DROPBITS(state.extra) ---// - hold >>>= state.extra; - bits -= state.extra; - //---// - state.back += state.extra; - } -//#ifdef INFLATE_STRICT - if (state.offset > state.dmax) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -//#endif - //Tracevv((stderr, "inflate: distance %u\n", state.offset)); - state.mode = MATCH; - /* falls through */ - case MATCH: - if (left === 0) { break inf_leave; } - copy = _out - left; - if (state.offset > copy) { /* copy from window */ - copy = state.offset - copy; - if (copy > state.whave) { - if (state.sane) { - strm.msg = 'invalid distance too far back'; - state.mode = BAD$1; - break; - } -// (!) This block is disabled in zlib defaults, -// don't enable it for binary compatibility -//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR -// Trace((stderr, "inflate.c too far\n")); -// copy -= state.whave; -// if (copy > state.length) { copy = state.length; } -// if (copy > left) { copy = left; } -// left -= copy; -// state.length -= copy; -// do { -// output[put++] = 0; -// } while (--copy); -// if (state.length === 0) { state.mode = LEN; } -// break; -//#endif - } - if (copy > state.wnext) { - copy -= state.wnext; - from = state.wsize - copy; - } - else { - from = state.wnext - copy; - } - if (copy > state.length) { copy = state.length; } - from_source = state.window; - } - else { /* copy from output */ - from_source = output; - from = put - state.offset; - copy = state.length; - } - if (copy > left) { copy = left; } - left -= copy; - state.length -= copy; - do { - output[put++] = from_source[from++]; - } while (--copy); - if (state.length === 0) { state.mode = LEN; } - break; - case LIT: - if (left === 0) { break inf_leave; } - output[put++] = state.length; - left--; - state.mode = LEN; - break; - case CHECK: - if (state.wrap) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - // Use '|' instead of '+' to make sure that result is signed - hold |= input[next++] << bits; - bits += 8; - } - //===// - _out -= left; - strm.total_out += _out; - state.total += _out; - if (_out) { - strm.adler = state.check = - /*UPDATE(state.check, put - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out)); - - } - _out = left; - // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too - if ((state.flags ? hold : zswap32(hold)) !== state.check) { - strm.msg = 'incorrect data check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: check matches trailer\n")); - } - state.mode = LENGTH; - /* falls through */ - case LENGTH: - if (state.wrap && state.flags) { - //=== NEEDBITS(32); - while (bits < 32) { - if (have === 0) { break inf_leave; } - have--; - hold += input[next++] << bits; - bits += 8; - } - //===// - if (hold !== (state.total & 0xffffffff)) { - strm.msg = 'incorrect length check'; - state.mode = BAD$1; - break; - } - //=== INITBITS(); - hold = 0; - bits = 0; - //===// - //Tracev((stderr, "inflate: length matches trailer\n")); - } - state.mode = DONE; - /* falls through */ - case DONE: - ret = Z_STREAM_END; - break inf_leave; - case BAD$1: - ret = Z_DATA_ERROR; - break inf_leave; - // case MEM: - // return Z_MEM_ERROR; - case SYNC: - /* falls through */ - default: - return Z_STREAM_ERROR; - } - } - - // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave" - - /* - Return from inflate(), updating the total counts and the check value. - If there was no progress during the inflate() call, return a buffer - error. Call updatewindow() to create and/or update the window state. - Note: a memory error from inflate() is non-recoverable. - */ - - //--- RESTORE() --- - strm.next_out = put; - strm.avail_out = left; - strm.next_in = next; - strm.avail_in = have; - state.hold = hold; - state.bits = bits; - //--- - - if (state.wsize || (_out !== strm.avail_out && state.mode < BAD$1 && - (state.mode < CHECK || flush !== Z_FINISH))) { - if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) ; - } - _in -= strm.avail_in; - _out -= strm.avail_out; - strm.total_in += _in; - strm.total_out += _out; - state.total += _out; - if (state.wrap && _out) { - strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/ - (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out)); - } - strm.data_type = state.bits + (state.last ? 64 : 0) + - (state.mode === TYPE$1 ? 128 : 0) + - (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0); - if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) { - ret = Z_BUF_ERROR; - } - return ret; -} - -function inflateEnd(strm) { - - if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) { - return Z_STREAM_ERROR; - } - - const state = strm.state; - if (state.window) { - state.window = null; - } - strm.state = null; - return Z_OK; -} - -function inflateGetHeader(strm, head) { - let state; - - /* check state */ - if (!strm || !strm.state) { return Z_STREAM_ERROR; } - state = strm.state; - if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; } - - /* save header structure */ - state.head = head; - head.done = false; - return Z_OK; -} - -function inflateSetDictionary(strm, dictionary) { - const dictLength = dictionary.length; - - let state; - let dictid; - - /* check state */ - if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; } - state = strm.state; - - if (state.wrap !== 0 && state.mode !== DICT) { - return Z_STREAM_ERROR; - } - - /* check for correct dictionary identifier */ - if (state.mode === DICT) { - dictid = 1; /* adler32(0, null, 0)*/ - /* dictid = adler32(dictid, dictionary, dictLength); */ - dictid = adler32(dictid, dictionary, dictLength, 0); - if (dictid !== state.check) { - return Z_DATA_ERROR; - } - } - /* copy dictionary to window using updatewindow(), which will amend the - existing dictionary if appropriate */ - updatewindow(strm, dictionary, dictLength, dictLength); - // if (ret) { - // state.mode = MEM; - // return Z_MEM_ERROR; - // } - state.havedict = 1; - // Tracev((stderr, "inflate: dictionary set\n")); - return Z_OK; -} - -/* Not implemented -exports.inflateCopy = inflateCopy; -exports.inflateGetDictionary = inflateGetDictionary; -exports.inflateMark = inflateMark; -exports.inflatePrime = inflatePrime; -exports.inflateSync = inflateSync; -exports.inflateSyncPoint = inflateSyncPoint; -exports.inflateUndermine = inflateUndermine; -*/ - -// (C) 1995-2013 Jean-loup Gailly and Mark Adler -// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin -// -// This software is provided 'as-is', without any express or implied -// warranty. In no event will the authors be held liable for any damages -// arising from the use of this software. -// -// Permission is granted to anyone to use this software for any purpose, -// including commercial applications, and to alter it and redistribute it -// freely, subject to the following restrictions: -// -// 1. The origin of this software must not be misrepresented; you must not -// claim that you wrote the original software. If you use this software -// in a product, an acknowledgment in the product documentation would be -// appreciated but is not required. -// 2. Altered source versions must be plainly marked as such, and must not be -// misrepresented as being the original software. -// 3. This notice may not be removed or altered from any source distribution. - -class GZheader { - constructor() { - /* true if compressed data believed to be text */ - this.text = 0; - /* modification time */ - this.time = 0; - /* extra flags (not used when writing a gzip file) */ - this.xflags = 0; - /* operating system */ - this.os = 0; - /* pointer to extra field or Z_NULL if none */ - this.extra = null; - /* extra field length (valid if extra != Z_NULL) */ - this.extra_len = 0; // Actually, we don't need it in JS, - // but leave for few code modifications - - // - // Setup limits is not necessary because in js we should not preallocate memory - // for inflate use constant limit in 65536 bytes - // - - /* space at extra (only when reading header) */ - // this.extra_max = 0; - /* pointer to zero-terminated file name or Z_NULL */ - this.name = ''; - /* space at name (only when reading header) */ - // this.name_max = 0; - /* pointer to zero-terminated comment or Z_NULL */ - this.comment = ''; - /* space at comment (only when reading header) */ - // this.comm_max = 0; - /* true if there was or will be a header crc */ - this.hcrc = 0; - /* true when done reading gzip header (not used when writing a gzip file) */ - this.done = false; - } -} - -/** - * class Inflate - * - * Generic JS-style wrapper for zlib calls. If you don't need - * streaming behaviour - use more simple functions: [[inflate]] - * and [[inflateRaw]]. - **/ - -/* internal - * inflate.chunks -> Array - * - * Chunks of output data, if [[Inflate#onData]] not overridden. - **/ - -/** - * Inflate.result -> Uint8Array|Array|String - * - * Uncompressed result, generated by default [[Inflate#onData]] - * and [[Inflate#onEnd]] handlers. Filled after you push last chunk - * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you - * push a chunk with explicit flush (call [[Inflate#push]] with - * `Z_SYNC_FLUSH` param). - **/ - -/** - * Inflate.err -> Number - * - * Error code after inflate finished. 0 (Z_OK) on success. - * Should be checked if broken data possible. - **/ - -/** - * Inflate.msg -> String - * - * Error message, if [[Inflate.err]] != 0 - **/ - - -/** - * new Inflate(options) - * - options (Object): zlib inflate options. - * - * Creates new inflator instance with specified params. Throws exception - * on bad params. Supported options: - * - * - `windowBits` - * - `dictionary` - * - * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced) - * for more information on these. - * - * Additional options, for internal needs: - * - * - `chunkSize` - size of generated data chunks (16K by default) - * - `raw` (Boolean) - do raw inflate - * - `to` (String) - if equal to 'string', then result will be converted - * from utf8 to utf16 (javascript) string. When string output requested, - * chunk length can differ from `chunkSize`, depending on content. - * - * By default, when no options set, autodetect deflate/gzip data format via - * wrapper header. - * - * ##### Example: - * - * ```javascript - * var pako = void('pako') - * , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9]) - * , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]); - * - * var inflate = new pako.Inflate({ level: 3}); - * - * inflate.push(chunk1, false); - * inflate.push(chunk2, true); // true -> last chunk - * - * if (inflate.err) { throw new Error(inflate.err); } - * - * console.log(inflate.result); - * ``` - **/ -class Inflate { - constructor(options) { - this.options = { - chunkSize: 16384, - windowBits: 0, - ...(options || {}) - }; - - const opt = this.options; - - // Force window size for `raw` data, if not set directly, - // because we have no header for autodetect. - if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) { - opt.windowBits = -opt.windowBits; - if (opt.windowBits === 0) { opt.windowBits = -15; } - } - - // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate - if ((opt.windowBits >= 0) && (opt.windowBits < 16) && - !(options && options.windowBits)) { - opt.windowBits += 32; - } - - // Gzip header has no info about windows size, we can do autodetect only - // for deflate. So, if window size not set, force it to max when gzip possible - if ((opt.windowBits > 15) && (opt.windowBits < 48)) { - // bit 3 (16) -> gzipped data - // bit 4 (32) -> autodetect gzip/deflate - if ((opt.windowBits & 15) === 0) { - opt.windowBits |= 15; - } - } - - this.err = 0; // error code, if happens (0 = Z_OK) - this.msg = ''; // error message - this.ended = false; // used to avoid multiple onEnd() calls - this.chunks = []; // chunks of compressed data - - this.strm = new ZStream(); - this.strm.avail_out = 0; - - let status = inflateInit2( - this.strm, - opt.windowBits - ); - - if (status !== Z_OK) { - throw new Error(msg[status]); - } - - this.header = new GZheader(); - - inflateGetHeader(this.strm, this.header); - - // Setup dictionary - if (opt.dictionary) { - // Convert data if needed - if (typeof opt.dictionary === 'string') { - opt.dictionary = string2buf(opt.dictionary); - } else if (opt.dictionary instanceof ArrayBuffer) { - opt.dictionary = new Uint8Array(opt.dictionary); - } - if (opt.raw) { //In raw mode we need to set the dictionary early - status = inflateSetDictionary(this.strm, opt.dictionary); - if (status !== Z_OK) { - throw new Error(msg[status]); - } - } - } - } - /** - * Inflate#push(data[, mode]) -> Boolean - * - data (Uint8Array|Array|ArrayBuffer|String): input data - * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes. - * See constants. Skipped or `false` means Z_NO_FLUSH, `true` means Z_FINISH. - * - * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with - * new output chunks. Returns `true` on success. The last data block must have - * mode Z_FINISH (or `true`). That will flush internal pending buffers and call - * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you - * can use mode Z_SYNC_FLUSH, keeping the decompression context. - * - * On fail call [[Inflate#onEnd]] with error code and return false. - * - * We strongly recommend to use `Uint8Array` on input for best speed (output - * format is detected automatically). Also, don't skip last param and always - * use the same type in your code (boolean or number). That will improve JS speed. - * - * For regular `Array`-s make sure all elements are [0..255]. - * - * ##### Example - * - * ```javascript - * push(chunk, false); // push one of data chunks - * ... - * push(chunk, true); // push last chunk - * ``` - **/ - push(data, mode) { - const { strm, options: { chunkSize, dictionary } } = this; - let status, _mode; - - // Flag to properly process Z_BUF_ERROR on testing inflate call - // when we check that all output data was flushed. - let allowBufError = false; - - if (this.ended) { return false; } - _mode = (mode === ~~mode) ? mode : ((mode === true) ? Z_FINISH : Z_NO_FLUSH); - - // Convert data if needed - if (typeof data === 'string') { - // Only binary strings can be decompressed on practice - strm.input = binstring2buf(data); - } else if (data instanceof ArrayBuffer) { - strm.input = new Uint8Array(data); - } else { - strm.input = data; - } - - strm.next_in = 0; - strm.avail_in = strm.input.length; - - do { - if (strm.avail_out === 0) { - strm.output = new Buf8(chunkSize); - strm.next_out = 0; - strm.avail_out = chunkSize; - } - - status = inflate(strm, Z_NO_FLUSH); /* no bad return value */ - - if (status === Z_NEED_DICT && dictionary) { - status = inflateSetDictionary(this.strm, dictionary); - } - - if (status === Z_BUF_ERROR && allowBufError === true) { - status = Z_OK; - allowBufError = false; - } - - if (status !== Z_STREAM_END && status !== Z_OK) { - this.onEnd(status); - this.ended = true; - return false; - } - - if (strm.next_out) { - if (strm.avail_out === 0 || status === Z_STREAM_END || (strm.avail_in === 0 && (_mode === Z_FINISH || _mode === Z_SYNC_FLUSH))) { - this.onData(shrinkBuf(strm.output, strm.next_out)); - } - } - - // When no more input data, we should check that internal inflate buffers - // are flushed. The only way to do it when avail_out = 0 - run one more - // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR. - // Here we set flag to process this error properly. - // - // NOTE. Deflate does not return error in this case and does not needs such - // logic. - if (strm.avail_in === 0 && strm.avail_out === 0) { - allowBufError = true; - } - - } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== Z_STREAM_END); - - if (status === Z_STREAM_END) { - _mode = Z_FINISH; - } - - // Finalize on the last chunk. - if (_mode === Z_FINISH) { - status = inflateEnd(this.strm); - this.onEnd(status); - this.ended = true; - return status === Z_OK; - } - - // callback interim results if Z_SYNC_FLUSH. - if (_mode === Z_SYNC_FLUSH) { - this.onEnd(Z_OK); - strm.avail_out = 0; - return true; - } - - return true; - }; - - /** - * Inflate#onData(chunk) -> Void - * - chunk (Uint8Array|Array|String): output data. Type of array depends - * on js engine support. When string output requested, each chunk - * will be string. - * - * By default, stores data blocks in `chunks[]` property and glue - * those in `onEnd`. Override this handler, if you need another behaviour. - **/ - onData(chunk) { - this.chunks.push(chunk); - }; - - - - /** - * Inflate#onEnd(status) -> Void - * - status (Number): inflate status. 0 (Z_OK) on success, - * other if not. - * - * Called either after you tell inflate that the input stream is - * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH) - * or if an error happened. By default - join collected chunks, - * free memory and fill `results` / `err` properties. - **/ - onEnd(status) { - // On success - join - if (status === Z_OK) { - this.result = flattenChunks(this.chunks); - } - this.chunks = []; - this.err = status; - this.msg = this.strm.msg; - }; -} - -/* -node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - -Copyright (C) 2012 Eli Skeggs - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - -var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; - -// offset in bytes -var BitReader = function(stream) { - this.stream = stream; - this.bitOffset = 0; - this.curByte = 0; - this.hasByte = false; -}; - -BitReader.prototype._ensureByte = function() { - if (!this.hasByte) { - this.curByte = this.stream.readByte(); - this.hasByte = true; - } -}; - -// reads bits from the buffer -BitReader.prototype.read = function(bits) { - var result = 0; - while (bits > 0) { - this._ensureByte(); - var remaining = 8 - this.bitOffset; - // if we're in a byte - if (bits >= remaining) { - result <<= remaining; - result |= BITMASK[remaining] & this.curByte; - this.hasByte = false; - this.bitOffset = 0; - bits -= remaining; - } else { - result <<= bits; - var shift = remaining - bits; - result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; - this.bitOffset += bits; - bits = 0; - } - } - return result; -}; - -// seek to an arbitrary point in the buffer (expressed in bits) -BitReader.prototype.seek = function(pos) { - var n_bit = pos % 8; - var n_byte = (pos - n_bit) / 8; - this.bitOffset = n_bit; - this.stream.seek(n_byte); - this.hasByte = false; -}; - -// reads 6 bytes worth of data using the read method -BitReader.prototype.pi = function() { - var buf = new Uint8Array(6), i; - for (i = 0; i < buf.length; i++) { - buf[i] = this.read(8); - } - return bufToHex(buf); -}; - -function bufToHex(buf) { - return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); -} - -var bitreader = BitReader; - -/* very simple input/output stream interface */ -var Stream = function() { -}; - -// input streams ////////////// -/** Returns the next byte, or -1 for EOF. */ -Stream.prototype.readByte = function() { - throw new Error("abstract method readByte() not implemented"); -}; -/** Attempts to fill the buffer; returns number of bytes read, or - * -1 for EOF. */ -Stream.prototype.read = function(buffer, bufOffset, length) { - var bytesRead = 0; - while (bytesRead < length) { - var c = this.readByte(); - if (c < 0) { // EOF - return (bytesRead===0) ? -1 : bytesRead; - } - buffer[bufOffset++] = c; - bytesRead++; - } - return bytesRead; -}; -Stream.prototype.seek = function(new_pos) { - throw new Error("abstract method seek() not implemented"); -}; - -// output streams /////////// -Stream.prototype.writeByte = function(_byte) { - throw new Error("abstract method readByte() not implemented"); -}; -Stream.prototype.write = function(buffer, bufOffset, length) { - var i; - for (i=0; i>> 0; // return an unsigned value - }; - - /** - * Update the CRC with a single byte - * @param value The value to update the CRC with - */ - this.updateCRC = function(value) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - }; - - /** - * Update the CRC with a sequence of identical bytes - * @param value The value to update the CRC with - * @param count The number of bytes - */ - this.updateCRCRun = function(value, count) { - while (count-- > 0) { - crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; - } - }; - }; - return CRC32; -})(); - -/* -seek-bzip - a pure-javascript module for seeking within bzip2 data - -Copyright (C) 2013 C. Scott Ananian -Copyright (C) 2012 Eli Skeggs -Copyright (C) 2011 Kevin Kwok - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, see -http://www.gnu.org/licenses/lgpl-2.1.html - -Adapted from node-bzip, copyright 2012 Eli Skeggs. -Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). - -Based on micro-bunzip by Rob Landley (rob@landley.net). - -Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), -which also acknowledges contributions by Mike Burrows, David Wheeler, -Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, -Robert Sedgewick, and Jon L. Bentley. -*/ - - - - - -var MAX_HUFCODE_BITS = 20; -var MAX_SYMBOLS = 258; -var SYMBOL_RUNA = 0; -var SYMBOL_RUNB = 1; -var MIN_GROUPS = 2; -var MAX_GROUPS = 6; -var GROUP_SIZE = 50; - -var WHOLEPI = "314159265359"; -var SQRTPI = "177245385090"; - -var mtf = function(array, index) { - var src = array[index], i; - for (i = index; i > 0; i--) { - array[i] = array[i-1]; - } - array[0] = src; - return src; -}; - -var Err = { - OK: 0, - LAST_BLOCK: -1, - NOT_BZIP_DATA: -2, - UNEXPECTED_INPUT_EOF: -3, - UNEXPECTED_OUTPUT_EOF: -4, - DATA_ERROR: -5, - OUT_OF_MEMORY: -6, - OBSOLETE_INPUT: -7, - END_OF_BLOCK: -8 -}; -var ErrorMessages = {}; -ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; -ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; -ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; -ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; -ErrorMessages[Err.DATA_ERROR] = "Data error"; -ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; -ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - -var _throw = function(status, optDetail) { - var msg = ErrorMessages[status] || 'unknown error'; - if (optDetail) { msg += ': '+optDetail; } - var e = new TypeError(msg); - e.errorCode = status; - throw e; -}; - -var Bunzip = function(inputStream, outputStream) { - this.writePos = this.writeCurrent = this.writeCount = 0; - - this._start_bunzip(inputStream, outputStream); -}; -Bunzip.prototype._init_block = function() { - var moreBlocks = this._get_next_block(); - if ( !moreBlocks ) { - this.writeCount = -1; - return false; /* no more blocks */ - } - this.blockCRC = new crc32$1(); - return true; -}; -/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ -Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { - /* Ensure that file starts with "BZh['1'-'9']." */ - var buf = new Uint8Array(4); - if (inputStream.read(buf, 0, 4) !== 4 || - String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') - _throw(Err.NOT_BZIP_DATA, 'bad magic'); - - var level = buf[3] - 0x30; - if (level < 1 || level > 9) - _throw(Err.NOT_BZIP_DATA, 'level out of range'); - - this.reader = new bitreader(inputStream); - - /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of - uncompressed data. Allocate intermediate buffer for block. */ - this.dbufSize = 100000 * level; - this.nextoutput = 0; - this.outputStream = outputStream; - this.streamCRC = 0; -}; -Bunzip.prototype._get_next_block = function() { - var i, j, k; - var reader = this.reader; - // this is get_next_block() function from micro-bunzip: - /* Read in header signature and CRC, then validate signature. - (last block signature means CRC is for whole file, return now) */ - var h = reader.pi(); - if (h === SQRTPI) { // last block - return false; /* no more blocks */ - } - if (h !== WHOLEPI) - _throw(Err.NOT_BZIP_DATA); - this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) - this.streamCRC = (this.targetBlockCRC ^ - ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; - /* We can add support for blockRandomised if anybody complains. There was - some code for this in busybox 1.0.0-pre3, but nobody ever noticed that - it didn't actually work. */ - if (reader.read(1)) - _throw(Err.OBSOLETE_INPUT); - var origPointer = reader.read(24); - if (origPointer > this.dbufSize) - _throw(Err.DATA_ERROR, 'initial position out of bounds'); - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer - symbols to deal with, and writes a sparse bitfield indicating which - values were present. We make a translation table to convert the symbols - back to the corresponding bytes. */ - var t = reader.read(16); - var symToByte = new Uint8Array(256), symTotal = 0; - for (i = 0; i < 16; i++) { - if (t & (1 << (0xF - i))) { - var o = i * 16; - k = reader.read(16); - for (j = 0; j < 16; j++) - if (k & (1 << (0xF - j))) - symToByte[symTotal++] = o + j; - } - } - - /* How many different huffman coding groups does this block use? */ - var groupCount = reader.read(3); - if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) - _throw(Err.DATA_ERROR); - /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding - group. Read in the group selector list, which is stored as MTF encoded - bit runs. (MTF=Move To Front, as each value is used it's moved to the - start of the list.) */ - var nSelectors = reader.read(15); - if (nSelectors === 0) - _throw(Err.DATA_ERROR); - - var mtfSymbol = new Uint8Array(256); - for (i = 0; i < groupCount; i++) - mtfSymbol[i] = i; - - var selectors = new Uint8Array(nSelectors); // was 32768... - - for (i = 0; i < nSelectors; i++) { - /* Get next value */ - for (j = 0; reader.read(1); j++) - if (j >= groupCount) _throw(Err.DATA_ERROR); - /* Decode MTF to get the next selector */ - selectors[i] = mtf(mtfSymbol, j); - } - - /* Read the huffman coding tables for each group, which code for symTotal - literal symbols, plus two run symbols (RUNA, RUNB) */ - var symCount = symTotal + 2; - var groups = [], hufGroup; - for (j = 0; j < groupCount; j++) { - var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); - /* Read huffman code lengths for each symbol. They're stored in - a way similar to mtf; record a starting value for the first symbol, - and an offset from the previous value for everys symbol after that. */ - t = reader.read(5); // lengths - for (i = 0; i < symCount; i++) { - for (;;) { - if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); - /* If first bit is 0, stop. Else second bit indicates whether - to increment or decrement the value. */ - if(!reader.read(1)) - break; - if(!reader.read(1)) - t++; - else - t--; - } - length[i] = t; - } - - /* Find largest and smallest lengths in this group */ - var minLen, maxLen; - minLen = maxLen = length[0]; - for (i = 1; i < symCount; i++) { - if (length[i] > maxLen) - maxLen = length[i]; - else if (length[i] < minLen) - minLen = length[i]; - } - - /* Calculate permute[], base[], and limit[] tables from length[]. - * - * permute[] is the lookup table for converting huffman coded symbols - * into decoded symbols. base[] is the amount to subtract from the - * value of a huffman symbol of a given length when using permute[]. - * - * limit[] indicates the largest numerical value a symbol with a given - * number of bits can have. This is how the huffman codes can vary in - * length: each code with a value>limit[length] needs another bit. - */ - hufGroup = {}; - groups.push(hufGroup); - hufGroup.permute = new Uint16Array(MAX_SYMBOLS); - hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); - hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); - hufGroup.minLen = minLen; - hufGroup.maxLen = maxLen; - /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ - var pp = 0; - for (i = minLen; i <= maxLen; i++) { - temp[i] = hufGroup.limit[i] = 0; - for (t = 0; t < symCount; t++) - if (length[t] === i) - hufGroup.permute[pp++] = t; - } - /* Count symbols coded for at each bit length */ - for (i = 0; i < symCount; i++) - temp[length[i]]++; - /* Calculate limit[] (the largest symbol-coding value at each bit - * length, which is (previous limit<<1)+symbols at this level), and - * base[] (number of symbols to ignore at each bit length, which is - * limit minus the cumulative count of symbols coded for already). */ - pp = t = 0; - for (i = minLen; i < maxLen; i++) { - pp += temp[i]; - /* We read the largest possible symbol size and then unget bits - after determining how many we need, and those extra bits could - be set to anything. (They're noise from future symbols.) At - each level we're really only interested in the first few bits, - so here we set all the trailing to-be-ignored bits to 1 so they - don't affect the value>limit[length] comparison. */ - hufGroup.limit[i] = pp - 1; - pp <<= 1; - t += temp[i]; - hufGroup.base[i + 1] = pp - t; - } - hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ - hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; - hufGroup.base[minLen] = 0; - } - /* We've finished reading and digesting the block header. Now read this - block's huffman coded symbols from the file and undo the huffman coding - and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - - /* Initialize symbol occurrence counters and symbol Move To Front table */ - var byteCount = new Uint32Array(256); - for (i = 0; i < 256; i++) - mtfSymbol[i] = i; - /* Loop through compressed symbols. */ - var runPos = 0, dbufCount = 0, selector = 0, uc; - var dbuf = this.dbuf = new Uint32Array(this.dbufSize); - symCount = 0; - for (;;) { - /* Determine which huffman coding group to use. */ - if (!(symCount--)) { - symCount = GROUP_SIZE - 1; - if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } - hufGroup = groups[selectors[selector++]]; - } - /* Read next huffman-coded symbol. */ - i = hufGroup.minLen; - j = reader.read(i); - for (;;i++) { - if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } - if (j <= hufGroup.limit[i]) - break; - j = (j << 1) | reader.read(1); - } - /* Huffman decode value to get nextSym (with bounds checking) */ - j -= hufGroup.base[i]; - if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } - var nextSym = hufGroup.permute[j]; - /* We have now decoded the symbol, which indicates either a new literal - byte, or a repeated run of the most recent literal byte. First, - check if nextSym indicates a repeated run, and if so loop collecting - how many times to repeat the last literal. */ - if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { - /* If this is the start of a new run, zero out counter */ - if (!runPos){ - runPos = 1; - t = 0; - } - /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at - each bit position, add 1 or 2 instead. For example, - 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. - You can make any bit pattern that way using 1 less symbol than - the basic or 0/1 method (except all bits 0, which would use no - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - if (nextSym === SYMBOL_RUNA) - t += runPos; - else - t += 2 * runPos; - runPos <<= 1; - continue; - } - /* When we hit the first non-run symbol after a run, we now know - how many times to repeat the last literal, so append that many - copies to our buffer of decoded symbols (dbuf) now. (The last - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos){ - runPos = 0; - if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } - uc = symToByte[mtfSymbol[0]]; - byteCount[uc] += t; - while (t--) - dbuf[dbufCount++] = uc; - } - /* Is this the terminating symbol? */ - if (nextSym > symTotal) - break; - /* At this point, nextSym indicates a new literal character. Subtract - one to get the position in the MTF array at which this literal is - currently to be found. (Note that the result can't be -1 or 0, - because 0 and 1 are RUNA and RUNB. But another instance of the - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ - if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } - i = nextSym - 1; - uc = mtf(mtfSymbol, i); - uc = symToByte[uc]; - /* We have our literal byte. Save it into dbuf. */ - byteCount[uc]++; - dbuf[dbufCount++] = uc; - } - /* At this point, we've read all the huffman-coded symbols (and repeated - runs) for this block from the input stream, and decoded them into the - intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. - Now undo the Burrows-Wheeler transform on dbuf. - See http://dogma.net/markn/articles/bwt/bwt.htm - */ - if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } - /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ - j = 0; - for (i = 0; i < 256; i++) { - k = j + byteCount[i]; - byteCount[i] = j; - j = k; - } - /* Figure out what order dbuf would be in if we sorted it. */ - for (i = 0; i < dbufCount; i++) { - uc = dbuf[i] & 0xff; - dbuf[byteCount[uc]] |= (i << 8); - byteCount[uc]++; - } - /* Decode first byte by hand to initialize "previous" byte. Note that it - doesn't get output, and if the first three characters are identical - it doesn't qualify as a run (hence writeRunCountdown=5). */ - var pos = 0, current = 0, run = 0; - if (dbufCount) { - pos = dbuf[origPointer]; - current = (pos & 0xff); - pos >>= 8; - run = -1; - } - this.writePos = pos; - this.writeCurrent = current; - this.writeCount = dbufCount; - this.writeRun = run; - - return true; /* more blocks to come */ -}; -/* Undo burrows-wheeler transform on intermediate buffer to produce output. - If start_bunzip was initialized with out_fd=-1, then up to len bytes of - data are written to outbuf. Return value is number of bytes written or - error (all errors are negative numbers). If out_fd!=-1, outbuf and len - are ignored, data is written to out_fd and return is RETVAL_OK or error. -*/ -Bunzip.prototype._read_bunzip = function(outputBuffer, len) { - var copies, previous, outbyte; - /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully - decoded, which results in this returning RETVAL_LAST_BLOCK, also - equal to -1... Confusing, I'm returning 0 here to indicate no - bytes written into the buffer */ - if (this.writeCount < 0) { return 0; } - var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; - var dbufCount = this.writeCount; this.outputsize; - var run = this.writeRun; - - while (dbufCount) { - dbufCount--; - previous = current; - pos = dbuf[pos]; - current = pos & 0xff; - pos >>= 8; - if (run++ === 3){ - copies = current; - outbyte = previous; - current = -1; - } else { - copies = 1; - outbyte = current; - } - this.blockCRC.updateCRCRun(outbyte, copies); - while (copies--) { - this.outputStream.writeByte(outbyte); - this.nextoutput++; - } - if (current != previous) - run = 0; - } - this.writeCount = dbufCount; - // check CRC - if (this.blockCRC.getCRC() !== this.targetBlockCRC) { - _throw(Err.DATA_ERROR, "Bad block CRC "+ - "(got "+this.blockCRC.getCRC().toString(16)+ - " expected "+this.targetBlockCRC.toString(16)+")"); - } - return this.nextoutput; -}; - -var coerceInputStream = function(input) { - if ('readByte' in input) { return input; } - var inputStream = new stream(); - inputStream.pos = 0; - inputStream.readByte = function() { return input[this.pos++]; }; - inputStream.seek = function(pos) { this.pos = pos; }; - inputStream.eof = function() { return this.pos >= input.length; }; - return inputStream; -}; -var coerceOutputStream = function(output) { - var outputStream = new stream(); - var resizeOk = true; - if (output) { - if (typeof(output)==='number') { - outputStream.buffer = new Uint8Array(output); - resizeOk = false; - } else if ('writeByte' in output) { - return output; - } else { - outputStream.buffer = output; - resizeOk = false; - } - } else { - outputStream.buffer = new Uint8Array(16384); - } - outputStream.pos = 0; - outputStream.writeByte = function(_byte) { - if (resizeOk && this.pos >= this.buffer.length) { - var newBuffer = new Uint8Array(this.buffer.length*2); - newBuffer.set(this.buffer); - this.buffer = newBuffer; - } - this.buffer[this.pos++] = _byte; - }; - outputStream.getBuffer = function() { - // trim buffer - if (this.pos !== this.buffer.length) { - if (!resizeOk) - throw new TypeError('outputsize does not match decoded input'); - var newBuffer = new Uint8Array(this.pos); - newBuffer.set(this.buffer.subarray(0, this.pos)); - this.buffer = newBuffer; - } - return this.buffer; - }; - outputStream._coerced = true; - return outputStream; -}; - -/* Static helper functions */ -// 'input' can be a stream or a buffer -// 'output' can be a stream or a buffer or a number (buffer size) -const decode$2 = function(input, output, multistream) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - - var bz = new Bunzip(inputStream, outputStream); - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - if (bz._init_block()) { - bz._read_bunzip(); - } else { - var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) - if (targetStreamCRC !== bz.streamCRC) { - _throw(Err.DATA_ERROR, "Bad stream CRC "+ - "(got "+bz.streamCRC.toString(16)+ - " expected "+targetStreamCRC.toString(16)+")"); - } - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - } else break; - } - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -const decodeBlock = function(input, pos, output) { - // make a stream from a buffer, if necessary - var inputStream = coerceInputStream(input); - var outputStream = coerceOutputStream(output); - var bz = new Bunzip(inputStream, outputStream); - bz.reader.seek(pos); - /* Fill the decode buffer for the block */ - var moreBlocks = bz._get_next_block(); - if (moreBlocks) { - /* Init the CRC for writing */ - bz.blockCRC = new crc32$1(); - - /* Zero this so the current byte from before the seek is not written */ - bz.writeCopies = 0; - - /* Decompress the block and write to stdout */ - bz._read_bunzip(); - // XXX keep writing? - } - if ('getBuffer' in outputStream) - return outputStream.getBuffer(); -}; -/* Reads bzip2 file from stream or buffer `input`, and invoke - * `callback(position, size)` once for each bzip2 block, - * where position gives the starting position (in *bits*) - * and size gives uncompressed size of the block (in *bytes*). */ -const table = function(input, callback, multistream) { - // make a stream from a buffer, if necessary - var inputStream = new stream(); - inputStream.delegate = coerceInputStream(input); - inputStream.pos = 0; - inputStream.readByte = function() { - this.pos++; - return this.delegate.readByte(); - }; - if (inputStream.delegate.eof) { - inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); - } - var outputStream = new stream(); - outputStream.pos = 0; - outputStream.writeByte = function() { this.pos++; }; - - var bz = new Bunzip(inputStream, outputStream); - var blockSize = bz.dbufSize; - while (true) { - if ('eof' in inputStream && inputStream.eof()) break; - - var position = inputStream.pos*8 + bz.reader.bitOffset; - if (bz.reader.hasByte) { position -= 8; } - - if (bz._init_block()) { - var start = outputStream.pos; - bz._read_bunzip(); - callback(position, outputStream.pos - start); - } else { - bz.reader.read(32); // (but we ignore the crc) - if (multistream && - 'eof' in inputStream && - !inputStream.eof()) { - // note that start_bunzip will also resync the bit reader to next byte - bz._start_bunzip(inputStream, outputStream); - console.assert(bz.dbufSize === blockSize, - "shouldn't change block size within multistream file"); - } else break; - } - } -}; - -var lib = { - Bunzip, - Stream: stream, - Err, - decode: decode$2, - decodeBlock, - table -}; -var lib_4 = lib.decode; - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the Literal Data Packet (Tag 11) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: - * A Literal Data packet contains the body of a message; data that is not to be - * further interpreted. - */ -class LiteralDataPacket { - static get tag() { - return enums.packet.literalData; - } - - /** - * @param {Date} date - The creation date of the literal package - */ - constructor(date = new Date()) { - this.format = enums.literal.utf8; // default format for literal data packets - this.date = util.normalizeDate(date); - this.text = null; // textual data representation - this.data = null; // literal data representation - this.filename = ''; - } - - /** - * Set the packet data to a javascript native string, end of line - * will be normalized to \r\n and by default text is converted to UTF8 - * @param {String | ReadableStream} text - Any native javascript string - * @param {enums.literal} [format] - The format of the string of bytes - */ - setText(text, format = enums.literal.utf8) { - this.format = format; - this.text = text; - this.data = null; - } - - /** - * Returns literal data packets as native JavaScript string - * with normalized end of line to \n - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {String | ReadableStream} Literal data as text. - */ - getText(clone = false) { - if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read - this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); - } - return this.text; - } - - /** - * Set the packet data to value represented by the provided string of bytes. - * @param {Uint8Array | ReadableStream} bytes - The string of bytes - * @param {enums.literal} format - The format of the string of bytes - */ - setBytes(bytes, format) { - this.format = format; - this.data = bytes; - this.text = null; - } - - - /** - * Get the byte sequence representing the literal packet data - * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again - * @returns {Uint8Array | ReadableStream} A sequence of bytes. - */ - getBytes(clone = false) { - if (this.data === null) { - // encode UTF8 and normalize EOL to \r\n - this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); - } - if (clone) { - return passiveClone(this.data); - } - return this.data; - } - - - /** - * Sets the filename of the literal packet data - * @param {String} filename - Any native javascript string - */ - setFilename(filename) { - this.filename = filename; - } - - - /** - * Get the filename of the literal packet data - * @returns {String} Filename. - */ - getFilename() { - return this.filename; - } - - /** - * Parsing function for a literal data packet (tag 11). - * - * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet - * @returns {Promise} Object representation. - * @async - */ - async read(bytes) { - await parse(bytes, async reader => { - // - A one-octet field that describes how the data is formatted. - const format = await reader.readByte(); // enums.literal - - const filename_len = await reader.readByte(); - this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - - this.date = util.readDate(await reader.readBytes(4)); - - let data = reader.remainder(); - if (isArrayStream(data)) data = await readToEnd(data); - this.setBytes(data, format); - }); - } - - /** - * Creates a Uint8Array representation of the packet, excluding the data - * - * @returns {Uint8Array} Uint8Array representation of the packet. - */ - writeHeader() { - const filename = util.encodeUTF8(this.filename); - const filename_length = new Uint8Array([filename.length]); - - const format = new Uint8Array([this.format]); - const date = util.writeDate(this.date); - - return util.concatUint8Array([format, filename_length, filename, date]); - } - - /** - * Creates a Uint8Array representation of the packet - * - * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. - */ - write() { - const header = this.writeHeader(); - const data = this.getBytes(); - - return util.concat([header, data]); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. -const verified = Symbol('verified'); - -// GPG puts the Issuer and Signature subpackets in the unhashed area. -// Tampering with those invalidates the signature, so we still trust them and parse them. -// All other unhashed subpackets are ignored. -const allowedUnhashedSubpackets = new Set([ - enums.signatureSubpacket.issuer, - enums.signatureSubpacket.issuerFingerprint, - enums.signatureSubpacket.embeddedSignature -]); - -/** - * Implementation of the Signature Packet (Tag 2) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: - * A Signature packet describes a binding between some public key and - * some data. The most common signatures are a signature of a file or a - * block of text, and a signature that is a certification of a User ID. - */ -class SignaturePacket { - static get tag() { - return enums.packet.signature; - } - - constructor() { - this.version = null; - /** @type {enums.signature} */ - this.signatureType = null; - /** @type {enums.hash} */ - this.hashAlgorithm = null; - /** @type {enums.publicKey} */ - this.publicKeyAlgorithm = null; - - this.signatureData = null; - this.unhashedSubpackets = []; - this.signedHashValue = null; - - this.created = null; - this.signatureExpirationTime = null; - this.signatureNeverExpires = true; - this.exportable = null; - this.trustLevel = null; - this.trustAmount = null; - this.regularExpression = null; - this.revocable = null; - this.keyExpirationTime = null; - this.keyNeverExpires = null; - this.preferredSymmetricAlgorithms = null; - this.revocationKeyClass = null; - this.revocationKeyAlgorithm = null; - this.revocationKeyFingerprint = null; - this.issuerKeyID = new KeyID(); - this.rawNotations = []; - this.notations = {}; - this.preferredHashAlgorithms = null; - this.preferredCompressionAlgorithms = null; - this.keyServerPreferences = null; - this.preferredKeyServer = null; - this.isPrimaryUserID = null; - this.policyURI = null; - this.keyFlags = null; - this.signersUserID = null; - this.reasonForRevocationFlag = null; - this.reasonForRevocationString = null; - this.features = null; - this.signatureTargetPublicKeyAlgorithm = null; - this.signatureTargetHashAlgorithm = null; - this.signatureTargetHash = null; - this.embeddedSignature = null; - this.issuerKeyVersion = null; - this.issuerFingerprint = null; - this.preferredAEADAlgorithms = null; - - this.revoked = null; - this[verified] = null; - } - - /** - * parsing function for a signature packet (tag 2). - * @param {String} bytes - Payload of a tag 2 packet - * @returns {SignaturePacket} Object representation. - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); - } - - this.signatureType = bytes[i++]; - this.publicKeyAlgorithm = bytes[i++]; - this.hashAlgorithm = bytes[i++]; - - // hashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), true); - if (!this.created) { - throw new Error('Missing signature creation time subpacket.'); - } - - // A V4 signature hashes the packet body - // starting from its first field, the version number, through the end - // of the hashed subpacket data. Thus, the fields hashed are the - // signature version, the signature type, the public-key algorithm, the - // hash algorithm, the hashed subpacket length, and the hashed - // subpacket body. - this.signatureData = bytes.subarray(0, i); - - // unhashed subpackets - i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - - // Two-octet field holding left 16 bits of signed hash value. - this.signedHashValue = bytes.subarray(i, i + 2); - i += 2; - - this.params = mod.signature.parseSignatureParams(this.publicKeyAlgorithm, bytes.subarray(i, bytes.length)); - } - - /** - * @returns {Uint8Array | ReadableStream} - */ - writeParams() { - if (this.params instanceof Promise) { - return fromAsync( - async () => mod.serializeParams(this.publicKeyAlgorithm, await this.params) - ); - } - return mod.serializeParams(this.publicKeyAlgorithm, this.params); - } - - write() { - const arr = []; - arr.push(this.signatureData); - arr.push(this.writeUnhashedSubPackets()); - arr.push(this.signedHashValue); - arr.push(this.writeParams()); - return util.concat(arr); - } - - /** - * Signs provided data. This needs to be done prior to serialization. - * @param {SecretKeyPacket} key - Private key used to sign the message. - * @param {Object} data - Contains packets to be signed. - * @param {Date} [date] - The signature creation time. - * @param {Boolean} [detached] - Whether to create a detached signature - * @throws {Error} if signing failed - * @async - */ - async sign(key, data, date = new Date(), detached = false) { - if (key.version === 5) { - this.version = 5; - } else { - this.version = 4; - } - const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; - - this.created = util.normalizeDate(date); - this.issuerKeyVersion = key.version; - this.issuerFingerprint = key.getFingerprintBytes(); - this.issuerKeyID = key.getKeyID(); - - // Add hashed subpackets - arr.push(this.writeHashedSubPackets()); - - // Remove unhashed subpackets, in case some allowed unhashed - // subpackets existed, in order not to duplicate them (in both - // the hashed and unhashed subpackets) when re-signing. - this.unhashedSubpackets = []; - - this.signatureData = util.concat(arr); - - const toHash = this.toHash(this.signatureType, data, detached); - const hash = await this.hash(this.signatureType, data, toHash, detached); - - this.signedHashValue = slice(clone(hash), 0, 2); - const signed = async () => mod.signature.sign( - this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) - ); - if (util.isStream(hash)) { - this.params = signed(); - } else { - this.params = await signed(); - - // Store the fact that this signature is valid, e.g. for when we call `await - // getLatestValidSignature(this.revocationSignatures, key, data)` later. - // Note that this only holds up if the key and data passed to verify are the - // same as the ones passed to sign. - this[verified] = true; - } - } - - /** - * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeHashedSubPackets() { - const sub = enums.signatureSubpacket; - const arr = []; - let bytes; - if (this.created === null) { - throw new Error('Missing signature creation time'); - } - arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); - if (this.signatureExpirationTime !== null) { - arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); - } - if (this.exportable !== null) { - arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); - } - if (this.trustLevel !== null) { - bytes = new Uint8Array([this.trustLevel, this.trustAmount]); - arr.push(writeSubPacket(sub.trustSignature, true, bytes)); - } - if (this.regularExpression !== null) { - arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); - } - if (this.revocable !== null) { - arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); - } - if (this.keyExpirationTime !== null) { - arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); - } - if (this.preferredSymmetricAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); - arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); - } - if (this.revocationKeyClass !== null) { - bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); - bytes = util.concat([bytes, this.revocationKeyFingerprint]); - arr.push(writeSubPacket(sub.revocationKey, false, bytes)); - } - if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { - // If the version of [the] key is greater than 4, this subpacket - // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, true, this.issuerKeyID.write())); - } - this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { - bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; - const encodedName = util.encodeUTF8(name); - // 2 octets of name length - bytes.push(util.writeNumber(encodedName.length, 2)); - // 2 octets of value length - bytes.push(util.writeNumber(value.length, 2)); - bytes.push(encodedName); - bytes.push(value); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.notationData, critical, bytes)); - }); - if (this.preferredHashAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); - arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); - } - if (this.preferredCompressionAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); - arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); - } - if (this.keyServerPreferences !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); - arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); - } - if (this.preferredKeyServer !== null) { - arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); - } - if (this.isPrimaryUserID !== null) { - arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); - } - if (this.policyURI !== null) { - arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); - } - if (this.keyFlags !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); - arr.push(writeSubPacket(sub.keyFlags, true, bytes)); - } - if (this.signersUserID !== null) { - arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); - } - if (this.reasonForRevocationFlag !== null) { - bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); - arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); - } - if (this.features !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); - arr.push(writeSubPacket(sub.features, false, bytes)); - } - if (this.signatureTargetPublicKeyAlgorithm !== null) { - bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; - bytes.push(util.stringToUint8Array(this.signatureTargetHash)); - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); - } - if (this.embeddedSignature !== null) { - arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); - } - if (this.issuerFingerprint !== null) { - bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; - bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, this.version === 5, bytes)); - } - if (this.preferredAEADAlgorithms !== null) { - bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); - arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); - } - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - /** - * Creates an Uint8Array containing the unhashed subpackets - * @returns {Uint8Array} Subpacket data. - */ - writeUnhashedSubPackets() { - const arr = []; - this.unhashedSubpackets.forEach(data => { - arr.push(writeSimpleLength(data.length)); - arr.push(data); - }); - - const result = util.concat(arr); - const length = util.writeNumber(result.length, 2); - - return util.concat([length, result]); - } - - // V4 signature sub packets - readSubPacket(bytes, hashed = true) { - let mypos = 0; - - // The leftmost bit denotes a "critical" packet - const critical = !!(bytes[mypos] & 0x80); - const type = bytes[mypos] & 0x7F; - - if (!hashed) { - this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); - if (!allowedUnhashedSubpackets.has(type)) { - return; - } - } - - mypos++; - - // subpacket type - switch (type) { - case enums.signatureSubpacket.signatureCreationTime: - // Signature Creation Time - this.created = util.readDate(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.signatureExpirationTime: { - // Signature Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.signatureNeverExpires = seconds === 0; - this.signatureExpirationTime = seconds; - - break; - } - case enums.signatureSubpacket.exportableCertification: - // Exportable Certification - this.exportable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.trustSignature: - // Trust Signature - this.trustLevel = bytes[mypos++]; - this.trustAmount = bytes[mypos++]; - break; - case enums.signatureSubpacket.regularExpression: - // Regular Expression - this.regularExpression = bytes[mypos]; - break; - case enums.signatureSubpacket.revocable: - // Revocable - this.revocable = bytes[mypos++] === 1; - break; - case enums.signatureSubpacket.keyExpirationTime: { - // Key Expiration Time in seconds - const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); - - this.keyExpirationTime = seconds; - this.keyNeverExpires = seconds === 0; - - break; - } - case enums.signatureSubpacket.preferredSymmetricAlgorithms: - // Preferred Symmetric Algorithms - this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.revocationKey: - // Revocation Key - // (1 octet of class, 1 octet of public-key algorithm ID, 20 - // octets of - // fingerprint) - this.revocationKeyClass = bytes[mypos++]; - this.revocationKeyAlgorithm = bytes[mypos++]; - this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); - break; - - case enums.signatureSubpacket.issuer: - // Issuer - this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); - break; - - case enums.signatureSubpacket.notationData: { - // Notation Data - const humanReadable = !!(bytes[mypos] & 0x80); - - // We extract key/value tuple from the byte stream. - mypos += 4; - const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); - mypos += 2; - - const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); - const value = bytes.subarray(mypos + m, mypos + m + n); - - this.rawNotations.push({ name, humanReadable, value, critical }); - - if (humanReadable) { - this.notations[name] = util.decodeUTF8(value); - } - break; - } - case enums.signatureSubpacket.preferredHashAlgorithms: - // Preferred Hash Algorithms - this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredCompressionAlgorithms: - // Preferred Compression Algorithms - this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.keyServerPreferences: - // Key Server Preferences - this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.preferredKeyServer: - // Preferred Key Server - this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.primaryUserID: - // Primary User ID - this.isPrimaryUserID = bytes[mypos++] !== 0; - break; - case enums.signatureSubpacket.policyURI: - // Policy URI - this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.keyFlags: - // Key Flags - this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signersUserID: - // Signer's User ID - this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.reasonForRevocation: - // Reason for Revocation - this.reasonForRevocationFlag = bytes[mypos++]; - this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.features: - // Features - this.features = [...bytes.subarray(mypos, bytes.length)]; - break; - case enums.signatureSubpacket.signatureTarget: { - // Signature Target - // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) - this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; - this.signatureTargetHashAlgorithm = bytes[mypos++]; - - const len = mod.getHashByteLength(this.signatureTargetHashAlgorithm); - - this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); - break; - } - case enums.signatureSubpacket.embeddedSignature: - // Embedded Signature - this.embeddedSignature = new SignaturePacket(); - this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); - break; - case enums.signatureSubpacket.issuerFingerprint: - // Issuer Fingerprint - this.issuerKeyVersion = bytes[mypos++]; - this.issuerFingerprint = bytes.subarray(mypos, bytes.length); - if (this.issuerKeyVersion === 5) { - this.issuerKeyID.read(this.issuerFingerprint); - } else { - this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); - } - break; - case enums.signatureSubpacket.preferredAEADAlgorithms: - // Preferred AEAD Algorithms - this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; - break; - default: { - const err = new Error(`Unknown signature subpacket type ${type}`); - if (critical) { - throw err; - } else { - util.printDebug(err); - } - } - } - } - - readSubPackets(bytes, trusted = true, config) { - // Two-octet scalar octet count for following subpacket data. - const subpacketLength = util.readNumber(bytes.subarray(0, 2)); - - let i = 2; - - // subpacket data set (zero or more subpackets) - while (i < 2 + subpacketLength) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); - - i += len.len; - } - - return i; - } - - // Produces data to produce signature on - toSign(type, data) { - const t = enums.signature; - - switch (type) { - case t.binary: - if (data.text !== null) { - return util.encodeUTF8(data.getText(true)); - } - return data.getBytes(true); - - case t.text: { - const bytes = data.getBytes(true); - // normalize EOL to \r\n - return util.canonicalizeEOL(bytes); - } - case t.standalone: - return new Uint8Array(0); - - case t.certGeneric: - case t.certPersona: - case t.certCasual: - case t.certPositive: - case t.certRevocation: { - let packet; - let tag; - - if (data.userID) { - tag = 0xB4; - packet = data.userID; - } else if (data.userAttribute) { - tag = 0xD1; - packet = data.userAttribute; - } else { - throw new Error('Either a userID or userAttribute packet needs to be ' + - 'supplied for certification.'); - } - - const bytes = packet.write(); - - return util.concat([this.toSign(t.key, data), - new Uint8Array([tag]), - util.writeNumber(bytes.length, 4), - bytes]); - } - case t.subkeyBinding: - case t.subkeyRevocation: - case t.keyBinding: - return util.concat([this.toSign(t.key, data), this.toSign(t.key, { - key: data.bind - })]); - - case t.key: - if (data.key === undefined) { - throw new Error('Key packet is required for this signature.'); - } - return data.key.writeForHash(this.version); - - case t.keyRevocation: - return this.toSign(t.key, data); - case t.timestamp: - return new Uint8Array(0); - case t.thirdParty: - throw new Error('Not implemented'); - default: - throw new Error('Unknown signature type.'); - } - } - - calculateTrailer(data, detached) { - let length = 0; - return transform(clone(this.signatureData), value => { - length += value.length; - }, () => { - const arr = []; - if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { - if (detached) { - arr.push(new Uint8Array(6)); - } else { - arr.push(data.writeHeader()); - } - } - arr.push(new Uint8Array([this.version, 0xFF])); - if (this.version === 5) { - arr.push(new Uint8Array(4)); - } - arr.push(util.writeNumber(length, 4)); - // For v5, this should really be writeNumber(length, 8) rather than the - // hardcoded 4 zero bytes above - return util.concat(arr); - }); - } - - toHash(signatureType, data, detached = false) { - const bytes = this.toSign(signatureType, data); - - return util.concat([bytes, this.signatureData, this.calculateTrailer(data, detached)]); - } - - async hash(signatureType, data, toHash, detached = false) { - if (!toHash) toHash = this.toHash(signatureType, data, detached); - return mod.hash.digest(this.hashAlgorithm, toHash); - } - - /** - * verifies the signature packet. Note: not all signature types are implemented - * @param {PublicSubkeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature - * @param {module:enums.signature} signatureType - Expected signature type - * @param {Uint8Array|Object} data - Data which on the signature applies - * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration - * @param {Boolean} [detached] - Whether to verify a detached signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if signature validation failed - * @async - */ - async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { - if (!this.issuerKeyID.equals(key.getKeyID())) { - throw new Error('Signature was not issued by the given public key'); - } - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); - } - - const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; - // Cryptographic validity is cached after one successful verification. - // However, for message signatures, we always re-verify, since the passed `data` can change - const skipVerify = this[verified] && !isMessageSignature; - if (!skipVerify) { - let toHash; - let hash; - if (this.hashed) { - hash = await this.hashed; - } else { - toHash = this.toHash(signatureType, data, detached); - hash = await this.hash(signatureType, data, toHash); - } - hash = await readToEnd(hash); - if (this.signedHashValue[0] !== hash[0] || - this.signedHashValue[1] !== hash[1]) { - throw new Error('Signed digest did not match'); - } - - this.params = await this.params; - - this[verified] = await mod.signature.verify( - this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, - toHash, hash - ); - - if (!this[verified]) { - throw new Error('Signature verification failed'); - } - } - - const normDate = util.normalizeDate(date); - if (normDate && this.created > normDate) { - throw new Error('Signature creation time is in the future'); - } - if (normDate && normDate >= this.getExpirationTime()) { - throw new Error('Signature is expired'); - } - if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { - throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && - [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { - throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); - } - this.rawNotations.forEach(({ name, critical }) => { - if (critical && (config$1.knownNotations.indexOf(name) < 0)) { - throw new Error(`Unknown critical notation: ${name}`); - } - }); - if (this.revocationKeyClass !== null) { - throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); - } - } - - /** - * Verifies signature expiration date - * @param {Date} [date] - Use the given date for verification instead of the current time - * @returns {Boolean} True if expired. - */ - isExpired(date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - return !(this.created <= normDate && normDate < this.getExpirationTime()); - } - return false; - } - - /** - * Returns the expiration time of the signature or Infinity if signature does not expire - * @returns {Date | Infinity} Expiration time. - */ - getExpirationTime() { - return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); - } -} - -/** - * Creates a Uint8Array representation of a sub signature packet - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} - * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} - * @param {Integer} type - Subpacket signature type. - * @param {Boolean} critical - Whether the subpacket should be critical. - * @param {String} data - Data to be included - * @returns {Uint8Array} The signature subpacket. - * @private - */ -function writeSubPacket(type, critical, data) { - const arr = []; - arr.push(writeSimpleLength(data.length + 1)); - arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); - arr.push(data); - return util.concat(arr); -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -const VERSION = 3; - -/** - * Implementation of the One-Pass Signature Packets (Tag 4) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: - * The One-Pass Signature packet precedes the signed data and contains - * enough information to allow the receiver to begin calculating any - * hashes needed to verify the signature. It allows the Signature - * packet to be placed at the end of the message, so that the signer - * can compute the entire signed message in one pass. - */ -class OnePassSignaturePacket { - static get tag() { - return enums.packet.onePassSignature; - } - - constructor() { - /** A one-octet version number. The current version is 3. */ - this.version = null; - /** - * A one-octet signature type. - * Signature types are described in - * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. - * @type {enums.signature} - - */ - this.signatureType = null; - /** - * A one-octet number describing the hash algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} - * @type {enums.hash} - */ - this.hashAlgorithm = null; - /** - * A one-octet number describing the public-key algorithm used. - * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} - * @type {enums.publicKey} - */ - this.publicKeyAlgorithm = null; - /** An eight-octet number holding the Key ID of the signing key. */ - this.issuerKeyID = null; - /** - * A one-octet number holding a flag showing whether the signature is nested. - * A zero value indicates that the next packet is another One-Pass Signature packet - * that describes another signature to be applied to the same message data. - */ - this.flags = null; - } - - /** - * parsing function for a one-pass signature packet (tag 4). - * @param {Uint8Array} bytes - Payload of a tag 4 packet - * @returns {OnePassSignaturePacket} Object representation. - */ - read(bytes) { - let mypos = 0; - // A one-octet version number. The current version is 3. - this.version = bytes[mypos++]; - if (this.version !== VERSION) { - throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); - } - - // A one-octet signature type. Signature types are described in - // Section 5.2.1. - this.signatureType = bytes[mypos++]; - - // A one-octet number describing the hash algorithm used. - this.hashAlgorithm = bytes[mypos++]; - - // A one-octet number describing the public-key algorithm used. - this.publicKeyAlgorithm = bytes[mypos++]; - - // An eight-octet number holding the Key ID of the signing key. - this.issuerKeyID = new KeyID(); - this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); - mypos += 8; - - // A one-octet number holding a flag showing whether the signature - // is nested. A zero value indicates that the next packet is - // another One-Pass Signature packet that describes another - // signature to be applied to the same message data. - this.flags = bytes[mypos++]; - return this; - } - - /** - * creates a string representation of a one-pass signature packet - * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. - */ - write() { - const start = new Uint8Array([VERSION, this.signatureType, this.hashAlgorithm, this.publicKeyAlgorithm]); - - const end = new Uint8Array([this.flags]); - - return util.concatUint8Array([start, this.issuerKeyID.write(), end]); - } - - calculateTrailer(...args) { - return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); - } - - async verify() { - const correspondingSig = await this.correspondingSig; - if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { - throw new Error('Corresponding signature packet missing'); - } - if ( - correspondingSig.signatureType !== this.signatureType || - correspondingSig.hashAlgorithm !== this.hashAlgorithm || - correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || - !correspondingSig.issuerKeyID.equals(this.issuerKeyID) - ) { - throw new Error('Corresponding signature packet does not match one-pass signature packet'); - } - correspondingSig.hashed = this.hashed; - return correspondingSig.verify.apply(correspondingSig, arguments); - } -} - -OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; -OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; -OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; - -/** - * Instantiate a new packet given its tag - * @function newPacketFromTag - * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @returns {Object} New packet object with type based on tag - * @throws {Error|UnsupportedError} for disallowed or unknown packets - */ -function newPacketFromTag(tag, allowedPackets) { - if (!allowedPackets[tag]) { - // distinguish between disallowed packets and unknown ones - let packetType; - try { - packetType = enums.read(enums.packet, tag); - } catch (e) { - throw new UnsupportedError(`Unknown packet type with tag: ${tag}`); - } - throw new Error(`Packet not allowed in this context: ${packetType}`); - } - return new allowedPackets[tag](); -} - -/** - * This class represents a list of openpgp packets. - * Take care when iterating over it - the packets themselves - * are stored as numerical indices. - * @extends Array - */ -class PacketList extends Array { - /** - * Parses the given binary data and returns a list of packets. - * Equivalent to calling `read` on an empty PacketList instance. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @returns {PacketList} parsed list of packets - * @throws on parsing errors - * @async - */ - static async fromBinary(bytes, allowedPackets, config$1 = config) { - const packets = new PacketList(); - await packets.read(bytes, allowedPackets, config$1); - return packets; - } - - /** - * Reads a stream of binary data and interprets it as a list of packets. - * @param {Uint8Array | ReadableStream} bytes - binary data to parse - * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class - * @param {Object} [config] - full configuration, defaults to openpgp.config - * @throws on parsing errors - * @async - */ - async read(bytes, allowedPackets, config$1 = config) { - if (config$1.additionalAllowedPackets.length) { - allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; - } - this.stream = transformPair(bytes, async (readable, writable) => { - const writer = getWriter(writable); - try { - while (true) { - await writer.ready; - const done = await readPackets(readable, async parsed => { - try { - if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust) { - // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: - // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 - // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 - return; - } - const packet = newPacketFromTag(parsed.tag, allowedPackets); - packet.packets = new PacketList(); - packet.fromStream = util.isStream(parsed.packet); - await packet.read(parsed.packet, config$1); - await writer.write(packet); - } catch (e) { - const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; - const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); - if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { - // The packets that support streaming are the ones that contain message data. - // Those are also the ones we want to be more strict about and throw on parse errors - // (since we likely cannot process the message without these packets anyway). - await writer.abort(e); - } else { - const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); - await writer.write(unparsedPacket); - } - util.printDebugError(e); - } - }); - if (done) { - await writer.ready; - await writer.close(); - return; - } - } - } catch (e) { - await writer.abort(e); - } - }); - - // Wait until first few packets have been read - const reader = getReader(this.stream); - while (true) { - const { done, value } = await reader.read(); - if (!done) { - this.push(value); - } else { - this.stream = null; - } - if (done || supportsStreaming(value.constructor.tag)) { - break; - } - } - reader.releaseLock(); - } - - /** - * Creates a binary representation of openpgp objects contained within the - * class instance. - * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. - */ - write() { - const arr = []; - - for (let i = 0; i < this.length; i++) { - const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; - const packetbytes = this[i].write(); - if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { - let buffer = []; - let bufferLength = 0; - const minLength = 512; - arr.push(writeTag(tag)); - arr.push(transform(packetbytes, value => { - buffer.push(value); - bufferLength += value.length; - if (bufferLength >= minLength) { - const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); - const chunkSize = 2 ** powerOf2; - const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); - buffer = [bufferConcat.subarray(1 + chunkSize)]; - bufferLength = buffer[0].length; - return bufferConcat.subarray(0, 1 + chunkSize); - } - }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); - } else { - if (util.isStream(packetbytes)) { - let length = 0; - arr.push(transform(clone(packetbytes), value => { - length += value.length; - }, () => writeHeader(tag, length))); - } else { - arr.push(writeHeader(tag, packetbytes.length)); - } - arr.push(packetbytes); - } - } - - return util.concat(arr); - } - - /** - * Creates a new PacketList with all packets matching the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {PacketList} - */ - filterByTag(...tags) { - const filtered = new PacketList(); - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(this[i].constructor.tag))) { - filtered.push(this[i]); - } - } - - return filtered; - } - - /** - * Traverses packet list and returns first packet with matching tag - * @param {module:enums.packet} tag - The packet tag - * @returns {Packet|undefined} - */ - findPacket(tag) { - return this.find(packet => packet.constructor.tag === tag); - } - - /** - * Find indices of packets with the given tag(s) - * @param {...module:enums.packet} tags - packet tags to look for - * @returns {Integer[]} packet indices - */ - indexOfTag(...tags) { - const tagIndex = []; - const that = this; - - const handle = tag => packetType => tag === packetType; - - for (let i = 0; i < this.length; i++) { - if (tags.some(handle(that[i].constructor.tag))) { - tagIndex.push(i); - } - } - return tagIndex; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A Compressed Data packet can contain the following packet types -const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -/** - * Implementation of the Compressed Data Packet (Tag 8) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: - * The Compressed Data packet contains compressed data. Typically, - * this packet is found as the contents of an encrypted packet, or following - * a Signature or One-Pass Signature packet, and contains a literal data packet. - */ -class CompressedDataPacket { - static get tag() { - return enums.packet.compressedData; - } - - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * List of packets - * @type {PacketList} - */ - this.packets = null; - /** - * Compression algorithm - * @type {enums.compression} - */ - this.algorithm = config$1.preferredCompressionAlgorithm; - - /** - * Compressed packet data - * @type {Uint8Array | ReadableStream} - */ - this.compressed = null; - - /** - * zip/zlib compression level, between 1 and 9 - */ - this.deflateLevel = config$1.deflateLevel; - } - - /** - * Parsing function for the packet. - * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async read(bytes, config$1 = config) { - await parse(bytes, async reader => { - - // One octet that gives the algorithm used to compress the packet. - this.algorithm = await reader.readByte(); - - // Compressed data, which makes up the remainder of the packet. - this.compressed = reader.remainder(); - - await this.decompress(config$1); - }); - } - - - /** - * Return the compressed packet. - * @returns {Uint8Array | ReadableStream} Binary compressed packet. - */ - write() { - if (this.compressed === null) { - this.compress(); - } - - return util.concat([new Uint8Array([this.algorithm]), this.compressed]); - } - - - /** - * Decompression method for decompressing the compressed data - * read by read_packet - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - async decompress(config$1 = config) { - const compressionName = enums.read(enums.compression, this.algorithm); - const decompressionFn = decompress_fns[compressionName]; - if (!decompressionFn) { - throw new Error(`${compressionName} decompression not supported`); - } - - this.packets = await PacketList.fromBinary(decompressionFn(this.compressed), allowedPackets, config$1); - } - - /** - * Compress the packet data (member decompressedData) - */ - compress() { - const compressionName = enums.read(enums.compression, this.algorithm); - const compressionFn = compress_fns[compressionName]; - if (!compressionFn) { - throw new Error(`${compressionName} compression not supported`); - } - - this.compressed = compressionFn(this.packets.write(), this.deflateLevel); - } -} - -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// - - -const nodeZlib = util.getNodeZlib(); - -function uncompressed(data) { - return data; -} - -function node_zlib(func, create, options = {}) { - return function (data) { - if (!util.isStream(data) || isArrayStream(data)) { - return fromAsync(() => readToEnd(data).then(data => { - return new Promise((resolve, reject) => { - func(data, options, (err, result) => { - if (err) return reject(err); - resolve(result); - }); - }); - })); - } - return nodeToWeb(webToNode(data).pipe(create(options))); - }; -} - -function pako_zlib(constructor, options = {}) { - return function(data) { - const obj = new constructor(options); - return transform(data, value => { - if (value.length) { - obj.push(value, Z_SYNC_FLUSH); - return obj.result; - } - }, () => { - if (constructor === Deflate) { - obj.push([], Z_FINISH); - return obj.result; - } - }); - }; -} - -function bzip2(func) { - return function(data) { - return fromAsync(async () => func(await readToEnd(data))); - }; -} - -const compress_fns = nodeZlib ? { - zip: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflateRaw, nodeZlib.createDeflateRaw, { level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => node_zlib(nodeZlib.deflate, nodeZlib.createDeflate, { level })(compressed) -} : { - zip: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { raw: true, level })(compressed), - zlib: /*#__PURE__*/ (compressed, level) => pako_zlib(Deflate, { level })(compressed) -}; - -const decompress_fns = nodeZlib ? { - uncompressed: uncompressed, - zip: /*#__PURE__*/ node_zlib(nodeZlib.inflateRaw, nodeZlib.createInflateRaw), - zlib: /*#__PURE__*/ node_zlib(nodeZlib.inflate, nodeZlib.createInflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -} : { - uncompressed: uncompressed, - zip: /*#__PURE__*/ pako_zlib(Inflate, { raw: true }), - zlib: /*#__PURE__*/ pako_zlib(Inflate), - bzip2: /*#__PURE__*/ bzip2(lib_4) -}; - -// GPG4Browsers - An OpenPGP implementation in javascript - -// A SEIP packet can contain the following packet types -const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$1 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: - * The Symmetrically Encrypted Integrity Protected Data packet is - * a variant of the Symmetrically Encrypted Data packet. It is a new feature - * created for OpenPGP that addresses the problem of detecting a modification to - * encrypted data. It is used in combination with a Modification Detection Code - * packet. - */ -class SymEncryptedIntegrityProtectedDataPacket { - static get tag() { - return enums.packet.symEncryptedIntegrityProtectedData; - } - - constructor() { - this.version = VERSION$1; - this.encrypted = null; - this.packets = null; - } - - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - // - A one-octet version number. The only currently defined value is 1. - if (version !== VERSION$1) { - throw new UnsupportedError(`Version ${version} of the SEIP packet is unsupported.`); - } - - // - Encrypted data, the output of the selected symmetric-key cipher - // operating in Cipher Feedback mode with shift amount equal to the - // block size of the cipher (CFB-n where n is the block size). - this.encrypted = reader.remainder(); - }); - } - - write() { - return util.concat([new Uint8Array([VERSION$1]), this.encrypted]); - } - - /** - * Encrypt the payload in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on encryption failure - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - - let bytes = this.packets.write(); - if (isArrayStream(bytes)) bytes = await readToEnd(bytes); - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet - - const tohash = util.concat([prefix, bytes, mdc]); - const hash = await mod.hash.sha1(passiveClone(tohash)); - const plaintext = util.concat([tohash, hash]); - - this.encrypted = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); - return true; - } - - /** - * Decrypts the encrypted data contained in the packet. - * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} on decryption failure - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - let encrypted = clone(this.encrypted); - if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); - - // there must be a modification detection code packet as the - // last packet and everything gets hashed except the hash itself - const realHash = slice(passiveClone(decrypted), -20); - const tohash = slice(decrypted, 0, -20); - const verifyHash = Promise.all([ - readToEnd(await mod.hash.sha1(passiveClone(tohash))), - readToEnd(realHash) - ]).then(([hash, mdc]) => { - if (!util.equalsUint8Array(hash, mdc)) { - throw new Error('Modification detected.'); - } - return new Uint8Array(); - }); - const bytes = slice(tohash, blockSize + 2); // Remove random prefix - let packetbytes = slice(bytes, 0, -2); // Remove MDC packet - packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); - if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { - packetbytes = await readToEnd(packetbytes); - } - this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$1, config$1); - return true; - } -} - -// OpenPGP.js - An OpenPGP implementation in javascript - -// An AEAD-encrypted Data packet can contain the following packet types -const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); - -const VERSION$2 = 1; // A one-octet version number of the data packet. - -/** - * Implementation of the Symmetrically Encrypted Authenticated Encryption with - * Additional Data (AEAD) Protected Data Packet - * - * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: - * AEAD Protected Data Packet - */ -class AEADEncryptedDataPacket { - static get tag() { - return enums.packet.aeadEncryptedData; - } - - constructor() { - this.version = VERSION$2; - /** @type {enums.symmetric} */ - this.cipherAlgorithm = null; - /** @type {enums.aead} */ - this.aeadAlgorithm = enums.aead.eax; - this.chunkSizeByte = null; - this.iv = null; - this.encrypted = null; - this.packets = null; - } - - /** - * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @param {Uint8Array | ReadableStream} bytes - * @throws {Error} on parsing failure - */ - async read(bytes) { - await parse(bytes, async reader => { - const version = await reader.readByte(); - if (version !== VERSION$2) { // The only currently defined value is 1. - throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); - } - this.cipherAlgorithm = await reader.readByte(); - this.aeadAlgorithm = await reader.readByte(); - this.chunkSizeByte = await reader.readByte(); - - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = await reader.readBytes(mode.ivLength); - this.encrypted = reader.remainder(); - }); - } - - /** - * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) - * @returns {Uint8Array | ReadableStream} The encrypted payload. - */ - write() { - return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); - } - - /** - * Decrypt the encrypted payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.packets = await PacketList.fromBinary( - await this.crypt('decrypt', key, clone(this.encrypted)), - allowedPackets$2, - config$1 - ); - } - - /** - * Encrypt the packet payload. - * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm - * @param {Uint8Array} key - The session key used to encrypt the payload - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - this.cipherAlgorithm = sessionKeyAlgorithm; - - const { ivLength } = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(ivLength); // generate new random IV - this.chunkSizeByte = config$1.aeadChunkSizeByte; - const data = this.packets.write(); - this.encrypted = await this.crypt('encrypt', key, data); - } - - /** - * En/decrypt the payload. - * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt - * @param {Uint8Array} key - The session key used to en/decrypt the payload - * @param {Uint8Array | ReadableStream} data - The data to en/decrypt - * @returns {Promise>} - * @async - */ - async crypt(fn, key, data) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const modeInstance = await mode(this.cipherAlgorithm, key); - const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; - const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; - const chunkSize = 2 ** (this.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) - const adataBuffer = new ArrayBuffer(21); - const adataArray = new Uint8Array(adataBuffer, 0, 13); - const adataTagArray = new Uint8Array(adataBuffer); - const adataView = new DataView(adataBuffer); - const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); - adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte], 0); - let chunkIndex = 0; - let latestPromise = Promise.resolve(); - let cryptedBytes = 0; - let queuedBytes = 0; - const iv = this.iv; - return transformPair(data, async (readable, writable) => { - if (util.isStream(readable) !== 'array') { - const buffer = new TransformStream({}, { - highWaterMark: util.getHardwareConcurrency() * 2 ** (this.chunkSizeByte + 6), - size: array => array.length - }); - pipe(buffer.readable, writable); - writable = buffer.writable; - } - const reader = getReader(readable); - const writer = getWriter(writable); - try { - while (true) { - let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); - const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); - chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); - let cryptedPromise; - let done; - if (!chunkIndex || chunk.length) { - reader.unshift(finalChunk); - cryptedPromise = modeInstance[fn](chunk, mode.getNonce(iv, chunkIndexArray), adataArray); - queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; - } else { - // After the last chunk, we either encrypt a final, empty - // data chunk to get the final authentication tag or - // validate that final authentication tag. - adataView.setInt32(13 + 4, cryptedBytes); // Should be setInt64(13, ...) - cryptedPromise = modeInstance[fn](finalChunk, mode.getNonce(iv, chunkIndexArray), adataTagArray); - queuedBytes += tagLengthIfEncrypting; - done = true; - } - cryptedBytes += chunk.length - tagLengthIfDecrypting; - // eslint-disable-next-line no-loop-func - latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { - await writer.ready; - await writer.write(crypted); - queuedBytes -= crypted.length; - }).catch(err => writer.abort(err)); - if (done || queuedBytes > writer.desiredSize) { - await latestPromise; // Respect backpressure - } - if (!done) { - adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) - } else { - await writer.close(); - break; - } - } - } catch (e) { - await writer.abort(e); - } - }); - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript +function M(o, a, b) { + var v, c, + t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, + t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, + t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, + t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, + b0 = b[0], + b1 = b[1], + b2 = b[2], + b3 = b[3], + b4 = b[4], + b5 = b[5], + b6 = b[6], + b7 = b[7], + b8 = b[8], + b9 = b[9], + b10 = b[10], + b11 = b[11], + b12 = b[12], + b13 = b[13], + b14 = b[14], + b15 = b[15]; -const VERSION$3 = 3; + v = a[0]; + t0 += v * b0; + t1 += v * b1; + t2 += v * b2; + t3 += v * b3; + t4 += v * b4; + t5 += v * b5; + t6 += v * b6; + t7 += v * b7; + t8 += v * b8; + t9 += v * b9; + t10 += v * b10; + t11 += v * b11; + t12 += v * b12; + t13 += v * b13; + t14 += v * b14; + t15 += v * b15; + v = a[1]; + t1 += v * b0; + t2 += v * b1; + t3 += v * b2; + t4 += v * b3; + t5 += v * b4; + t6 += v * b5; + t7 += v * b6; + t8 += v * b7; + t9 += v * b8; + t10 += v * b9; + t11 += v * b10; + t12 += v * b11; + t13 += v * b12; + t14 += v * b13; + t15 += v * b14; + t16 += v * b15; + v = a[2]; + t2 += v * b0; + t3 += v * b1; + t4 += v * b2; + t5 += v * b3; + t6 += v * b4; + t7 += v * b5; + t8 += v * b6; + t9 += v * b7; + t10 += v * b8; + t11 += v * b9; + t12 += v * b10; + t13 += v * b11; + t14 += v * b12; + t15 += v * b13; + t16 += v * b14; + t17 += v * b15; + v = a[3]; + t3 += v * b0; + t4 += v * b1; + t5 += v * b2; + t6 += v * b3; + t7 += v * b4; + t8 += v * b5; + t9 += v * b6; + t10 += v * b7; + t11 += v * b8; + t12 += v * b9; + t13 += v * b10; + t14 += v * b11; + t15 += v * b12; + t16 += v * b13; + t17 += v * b14; + t18 += v * b15; + v = a[4]; + t4 += v * b0; + t5 += v * b1; + t6 += v * b2; + t7 += v * b3; + t8 += v * b4; + t9 += v * b5; + t10 += v * b6; + t11 += v * b7; + t12 += v * b8; + t13 += v * b9; + t14 += v * b10; + t15 += v * b11; + t16 += v * b12; + t17 += v * b13; + t18 += v * b14; + t19 += v * b15; + v = a[5]; + t5 += v * b0; + t6 += v * b1; + t7 += v * b2; + t8 += v * b3; + t9 += v * b4; + t10 += v * b5; + t11 += v * b6; + t12 += v * b7; + t13 += v * b8; + t14 += v * b9; + t15 += v * b10; + t16 += v * b11; + t17 += v * b12; + t18 += v * b13; + t19 += v * b14; + t20 += v * b15; + v = a[6]; + t6 += v * b0; + t7 += v * b1; + t8 += v * b2; + t9 += v * b3; + t10 += v * b4; + t11 += v * b5; + t12 += v * b6; + t13 += v * b7; + t14 += v * b8; + t15 += v * b9; + t16 += v * b10; + t17 += v * b11; + t18 += v * b12; + t19 += v * b13; + t20 += v * b14; + t21 += v * b15; + v = a[7]; + t7 += v * b0; + t8 += v * b1; + t9 += v * b2; + t10 += v * b3; + t11 += v * b4; + t12 += v * b5; + t13 += v * b6; + t14 += v * b7; + t15 += v * b8; + t16 += v * b9; + t17 += v * b10; + t18 += v * b11; + t19 += v * b12; + t20 += v * b13; + t21 += v * b14; + t22 += v * b15; + v = a[8]; + t8 += v * b0; + t9 += v * b1; + t10 += v * b2; + t11 += v * b3; + t12 += v * b4; + t13 += v * b5; + t14 += v * b6; + t15 += v * b7; + t16 += v * b8; + t17 += v * b9; + t18 += v * b10; + t19 += v * b11; + t20 += v * b12; + t21 += v * b13; + t22 += v * b14; + t23 += v * b15; + v = a[9]; + t9 += v * b0; + t10 += v * b1; + t11 += v * b2; + t12 += v * b3; + t13 += v * b4; + t14 += v * b5; + t15 += v * b6; + t16 += v * b7; + t17 += v * b8; + t18 += v * b9; + t19 += v * b10; + t20 += v * b11; + t21 += v * b12; + t22 += v * b13; + t23 += v * b14; + t24 += v * b15; + v = a[10]; + t10 += v * b0; + t11 += v * b1; + t12 += v * b2; + t13 += v * b3; + t14 += v * b4; + t15 += v * b5; + t16 += v * b6; + t17 += v * b7; + t18 += v * b8; + t19 += v * b9; + t20 += v * b10; + t21 += v * b11; + t22 += v * b12; + t23 += v * b13; + t24 += v * b14; + t25 += v * b15; + v = a[11]; + t11 += v * b0; + t12 += v * b1; + t13 += v * b2; + t14 += v * b3; + t15 += v * b4; + t16 += v * b5; + t17 += v * b6; + t18 += v * b7; + t19 += v * b8; + t20 += v * b9; + t21 += v * b10; + t22 += v * b11; + t23 += v * b12; + t24 += v * b13; + t25 += v * b14; + t26 += v * b15; + v = a[12]; + t12 += v * b0; + t13 += v * b1; + t14 += v * b2; + t15 += v * b3; + t16 += v * b4; + t17 += v * b5; + t18 += v * b6; + t19 += v * b7; + t20 += v * b8; + t21 += v * b9; + t22 += v * b10; + t23 += v * b11; + t24 += v * b12; + t25 += v * b13; + t26 += v * b14; + t27 += v * b15; + v = a[13]; + t13 += v * b0; + t14 += v * b1; + t15 += v * b2; + t16 += v * b3; + t17 += v * b4; + t18 += v * b5; + t19 += v * b6; + t20 += v * b7; + t21 += v * b8; + t22 += v * b9; + t23 += v * b10; + t24 += v * b11; + t25 += v * b12; + t26 += v * b13; + t27 += v * b14; + t28 += v * b15; + v = a[14]; + t14 += v * b0; + t15 += v * b1; + t16 += v * b2; + t17 += v * b3; + t18 += v * b4; + t19 += v * b5; + t20 += v * b6; + t21 += v * b7; + t22 += v * b8; + t23 += v * b9; + t24 += v * b10; + t25 += v * b11; + t26 += v * b12; + t27 += v * b13; + t28 += v * b14; + t29 += v * b15; + v = a[15]; + t15 += v * b0; + t16 += v * b1; + t17 += v * b2; + t18 += v * b3; + t19 += v * b4; + t20 += v * b5; + t21 += v * b6; + t22 += v * b7; + t23 += v * b8; + t24 += v * b9; + t25 += v * b10; + t26 += v * b11; + t27 += v * b12; + t28 += v * b13; + t29 += v * b14; + t30 += v * b15; -/** - * Public-Key Encrypted Session Key Packets (Tag 1) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: - * A Public-Key Encrypted Session Key packet holds the session key - * used to encrypt a message. Zero or more Public-Key Encrypted Session Key - * packets and/or Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data Packet, which holds an encrypted message. The - * message is encrypted with the session key, and the session key is itself - * encrypted and stored in the Encrypted Session Key packet(s). The - * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted - * Session Key packet for each OpenPGP key to which the message is encrypted. - * The recipient of the message finds a session key that is encrypted to their - * public key, decrypts the session key, and then uses the session key to - * decrypt the message. - */ -class PublicKeyEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.publicKeyEncryptedSessionKey; - } + t0 += 38 * t16; + t1 += 38 * t17; + t2 += 38 * t18; + t3 += 38 * t19; + t4 += 38 * t20; + t5 += 38 * t21; + t6 += 38 * t22; + t7 += 38 * t23; + t8 += 38 * t24; + t9 += 38 * t25; + t10 += 38 * t26; + t11 += 38 * t27; + t12 += 38 * t28; + t13 += 38 * t29; + t14 += 38 * t30; + // t15 left as is - constructor() { - this.version = 3; + // first car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - this.publicKeyID = new KeyID(); - this.publicKeyAlgorithm = null; + // second car + c = 1; + v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; + v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; + v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; + v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; + v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; + v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; + v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; + v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; + v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; + v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; + v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; + v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; + v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; + v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; + v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; + v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; + t0 += c-1 + 37 * (c-1); - this.sessionKey = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = null; + o[ 0] = t0; + o[ 1] = t1; + o[ 2] = t2; + o[ 3] = t3; + o[ 4] = t4; + o[ 5] = t5; + o[ 6] = t6; + o[ 7] = t7; + o[ 8] = t8; + o[ 9] = t9; + o[10] = t10; + o[11] = t11; + o[12] = t12; + o[13] = t13; + o[14] = t14; + o[15] = t15; +} - /** @type {Object} */ - this.encrypted = {}; - } +function S(o, a) { + M(o, a, a); +} - /** - * Parsing function for a publickey encrypted session key packet (tag 1). - * - * @param {Uint8Array} bytes - Payload of a tag 1 packet - */ - read(bytes) { - let i = 0; - this.version = bytes[i++]; - if (this.version !== VERSION$3) { - throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); - } - i += this.publicKeyID.read(bytes.subarray(i)); - this.publicKeyAlgorithm = bytes[i++]; - this.encrypted = mod.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(i), this.version); - if (this.publicKeyAlgorithm === enums.publicKey.x25519) { - this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); - } +function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 253; a >= 0; a--) { + S(c, c); + if(a !== 2 && a !== 4) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; +} - /** - * Create a binary representation of a tag 1 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const arr = [ - new Uint8Array([this.version]), - this.publicKeyID.write(), - new Uint8Array([this.publicKeyAlgorithm]), - mod.serializeParams(this.publicKeyAlgorithm, this.encrypted) - ]; - - return util.concatUint8Array(arr); +function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; a++) c[a] = i[a]; + for (a = 250; a >= 0; a--) { + S(c, c); + if(a !== 1) M(c, c, i); } + for (a = 0; a < 16; a++) o[a] = c[a]; +} - /** - * Encrypt session key packet - * @param {PublicKeyPacket} key - Public key - * @throws {Error} if encryption failed - * @async - */ - async encrypt(key) { - const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); - const encoded = encodeSessionKey(this.version, algo, this.sessionKeyAlgorithm, this.sessionKey); - this.encrypted = await mod.publicKeyEncrypt( - algo, this.sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes()); +function crypto_scalarmult(q, n, p) { + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; } - - /** - * Decrypts the session key (only for public key encrypted session key packets (tag 1) - * @param {SecretKeyPacket} key - decrypted private key - * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. - * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } - * @throws {Error} if decryption failed, unless `randomSessionKey` is given - * @async - */ - async decrypt(key, randomSessionKey) { - // check that session key algo matches the secret key algo - if (this.publicKeyAlgorithm !== key.algorithm) { - throw new Error('Decryption error'); - } - - const randomPayload = randomSessionKey ? - encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : - null; - const decryptedData = await mod.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload); - - const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); - - // v3 Montgomery curves have cleartext cipher algo - if (this.publicKeyAlgorithm !== enums.publicKey.x25519) { - this.sessionKeyAlgorithm = sessionKeyAlgorithm; - } - this.sessionKey = sessionKey; + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); + } + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; } +function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); +} -function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // add checksum - return util.concatUint8Array([ - new Uint8Array([cipherAlgo]), - sessionKeyData, - util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) - ]); - } - case enums.publicKey.x25519: - return sessionKeyData; - default: - throw new Error('Unsupported public key algorithm'); - } +function crypto_box_keypair(y, x) { + randombytes(x, 32); + return crypto_scalarmult_base(y, x); } +var K = [ + 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, + 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, + 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, + 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, + 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, + 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, + 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, + 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, + 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, + 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, + 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, + 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, + 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, + 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, + 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, + 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, + 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, + 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, + 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, + 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, + 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, + 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, + 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, + 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, + 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, + 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, + 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, + 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, + 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, + 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, + 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, + 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, + 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, + 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, + 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, + 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, + 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, + 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, + 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, + 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 +]; -function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { - switch (keyAlgo) { - case enums.publicKey.rsaEncrypt: - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.elgamal: - case enums.publicKey.ecdh: { - // verify checksum in constant time - const result = decryptedData.subarray(0, decryptedData.length - 2); - const checksum = decryptedData.subarray(decryptedData.length - 2); - const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); - const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; - const decryptedSessionKey = { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; - if (randomSessionKey) { - // We must not leak info about the validity of the decrypted checksum or cipher algo. - // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. - const isValidPayload = isValidChecksum & - decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & - decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; - return { - sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), - sessionKeyAlgorithm: util.selectUint8( - isValidPayload, - decryptedSessionKey.sessionKeyAlgorithm, - randomSessionKey.sessionKeyAlgorithm - ) - }; - } else { - const isValidPayload = isValidChecksum && enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm); - if (isValidPayload) { - return decryptedSessionKey; - } else { - throw new Error('Decryption error'); - } - } +function crypto_hashblocks_hl(hh, hl, m, n) { + var wh = new Int32Array(16), wl = new Int32Array(16), + bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, + bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, + th, tl, i, j, h, l, a, b, c, d; + + var ah0 = hh[0], + ah1 = hh[1], + ah2 = hh[2], + ah3 = hh[3], + ah4 = hh[4], + ah5 = hh[5], + ah6 = hh[6], + ah7 = hh[7], + + al0 = hl[0], + al1 = hl[1], + al2 = hl[2], + al3 = hl[3], + al4 = hl[4], + al5 = hl[5], + al6 = hl[6], + al7 = hl[7]; + + var pos = 0; + while (n >= 128) { + for (i = 0; i < 16; i++) { + j = 8 * i + pos; + wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; + wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; } - case enums.publicKey.x25519: - return { - sessionKey: decryptedData - }; - default: - throw new Error('Unsupported public key algorithm'); - } -} + for (i = 0; i < 80; i++) { + bh0 = ah0; + bh1 = ah1; + bh2 = ah2; + bh3 = ah3; + bh4 = ah4; + bh5 = ah5; + bh6 = ah6; + bh7 = ah7; -// GPG4Browsers - An OpenPGP implementation in javascript - -class S2K { - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - /** - * Hash function identifier, or 0 for gnu-dummy keys - * @type {module:enums.hash | 0} - */ - this.algorithm = enums.hash.sha256; - /** - * enums.s2k identifier or 'gnu-dummy' - * @type {String} - */ - this.type = 'iterated'; - /** @type {Integer} */ - this.c = config$1.s2kIterationCountByte; - /** Eight bytes of salt in a binary string. - * @type {Uint8Array} - */ - this.salt = null; - } + bl0 = al0; + bl1 = al1; + bl2 = al2; + bl3 = al3; + bl4 = al4; + bl5 = al5; + bl6 = al6; + bl7 = al7; - getCount() { - // Exponent bias, defined in RFC4880 - const expbias = 6; + // add + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma1 + h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); + l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // Ch + h = (ah4 & ah5) ^ (~ah4 & ah6); + l = (al4 & al5) ^ (~al4 & al6); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // K + h = K[i*2]; + l = K[i*2+1]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // w + h = wh[i%16]; + l = wl[i%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + th = c & 0xffff | d << 16; + tl = a & 0xffff | b << 16; + + // add + h = th; + l = tl; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + // Sigma0 + h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); + l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); - return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). - * @param {Uint8Array} bytes - Payload of string-to-key specifier - * @returns {Integer} Actual length of the object. - */ - read(bytes) { - let i = 0; - try { - this.type = enums.read(enums.s2k, bytes[i++]); - } catch (err) { - throw new UnsupportedError('Unknown S2K type.'); - } - this.algorithm = bytes[i++]; + // Maj + h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); + l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); - switch (this.type) { - case 'simple': - break; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - case 'salted': - this.salt = bytes.subarray(i, i + 8); - i += 8; - break; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - case 'iterated': - this.salt = bytes.subarray(i, i + 8); - i += 8; + bh7 = (c & 0xffff) | (d << 16); + bl7 = (a & 0xffff) | (b << 16); - // Octet 10: count, a one-octet, coded value - this.c = bytes[i++]; - break; + // add + h = bh3; + l = bl3; - case 'gnu': - if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { - i += 3; // GNU - const gnuExtType = 1000 + bytes[i++]; - if (gnuExtType === 1001) { - this.type = 'gnu-dummy'; - // GnuPG extension mode 1001 -- don't write secret key at all - } else { - throw new UnsupportedError('Unknown s2k gnu protection mode.'); - } - } else { - throw new UnsupportedError('Unknown s2k type.'); - } - break; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - default: - throw new UnsupportedError('Unknown s2k type.'); // unreachable - } + h = th; + l = tl; - return i; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Serializes s2k information - * @returns {Uint8Array} Binary representation of s2k. - */ - write() { - if (this.type === 'gnu-dummy') { - return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); - } - const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - switch (this.type) { - case 'simple': - break; - case 'salted': - arr.push(this.salt); - break; - case 'iterated': - arr.push(this.salt); - arr.push(new Uint8Array([this.c])); - break; - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); - } + bh3 = (c & 0xffff) | (d << 16); + bl3 = (a & 0xffff) | (b << 16); - return util.concatUint8Array(arr); - } + ah1 = bh0; + ah2 = bh1; + ah3 = bh2; + ah4 = bh3; + ah5 = bh4; + ah6 = bh5; + ah7 = bh6; + ah0 = bh7; - /** - * Produces a key using the specified passphrase and the defined - * hashAlgorithm - * @param {String} passphrase - Passphrase containing user input - * @returns {Promise} Produced key with a length corresponding to. - * hashAlgorithm hash length - * @async - */ - async produceKey(passphrase, numBytes) { - passphrase = util.encodeUTF8(passphrase); + al1 = bl0; + al2 = bl1; + al3 = bl2; + al4 = bl3; + al5 = bl4; + al6 = bl5; + al7 = bl6; + al0 = bl7; - const arr = []; - let rlength = 0; + if (i%16 === 15) { + for (j = 0; j < 16; j++) { + // add + h = wh[j]; + l = wl[j]; - let prefixlen = 0; - while (rlength < numBytes) { - let toHash; - switch (this.type) { - case 'simple': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); - break; - case 'salted': - toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); - break; - case 'iterated': { - const data = util.concatUint8Array([this.salt, passphrase]); - let datalen = data.length; - const count = Math.max(this.getCount(), datalen); - toHash = new Uint8Array(prefixlen + count); - toHash.set(data, prefixlen); - for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { - toHash.copyWithin(pos, prefixlen, pos); - } - break; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = wh[(j+9)%16]; + l = wl[(j+9)%16]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma0 + th = wh[(j+1)%16]; + tl = wl[(j+1)%16]; + h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); + l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + // sigma1 + th = wh[(j+14)%16]; + tl = wl[(j+14)%16]; + h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); + l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + wh[j] = (c & 0xffff) | (d << 16); + wl[j] = (a & 0xffff) | (b << 16); } - case 'gnu': - throw new Error('GNU s2k type not supported.'); - default: - throw new Error('Unknown s2k type.'); } - const result = await mod.hash.digest(this.algorithm, toHash); - arr.push(result); - rlength += result.length; - prefixlen++; } - return util.concatUint8Array(arr).subarray(0, numBytes); - } -} + // add + h = ah0; + l = al0; -// GPG4Browsers - An OpenPGP implementation in javascript + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; -/** - * Symmetric-Key Encrypted Session Key Packets (Tag 3) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: - * The Symmetric-Key Encrypted Session Key packet holds the - * symmetric-key encryption of a session key used to encrypt a message. - * Zero or more Public-Key Encrypted Session Key packets and/or - * Symmetric-Key Encrypted Session Key packets may precede a - * Symmetrically Encrypted Data packet that holds an encrypted message. - * The message is encrypted with a session key, and the session key is - * itself encrypted and stored in the Encrypted Session Key packet or - * the Symmetric-Key Encrypted Session Key packet. - */ -class SymEncryptedSessionKeyPacket { - static get tag() { - return enums.packet.symEncryptedSessionKey; - } + h = hh[0]; + l = hl[0]; - /** - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(config$1 = config) { - this.version = config$1.aeadProtect ? 5 : 4; - this.sessionKey = null; - /** - * Algorithm to encrypt the session key with - * @type {enums.symmetric} - */ - this.sessionKeyEncryptionAlgorithm = null; - /** - * Algorithm to encrypt the message with - * @type {enums.symmetric} - */ - this.sessionKeyAlgorithm = enums.symmetric.aes256; - /** - * AEAD mode to encrypt the session key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); - this.encrypted = null; - this.s2k = null; - this.iv = null; - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - /** - * Parsing function for a symmetric encrypted session key packet (tag 3). - * - * @param {Uint8Array} bytes - Payload of a tag 3 packet - */ - read(bytes) { - let offset = 0; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - // A one-octet version number. The only currently defined version is 4. - this.version = bytes[offset++]; - if (this.version !== 4 && this.version !== 5) { - throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); - } + hh[0] = ah0 = (c & 0xffff) | (d << 16); + hl[0] = al0 = (a & 0xffff) | (b << 16); - // A one-octet number describing the symmetric algorithm used. - const algo = bytes[offset++]; + h = ah1; + l = al1; - if (this.version === 5) { - // A one-octet AEAD algorithm. - this.aeadAlgorithm = bytes[offset++]; - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - // A string-to-key (S2K) specifier, length as defined above. - this.s2k = new S2K(); - offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + h = hh[1]; + l = hl[1]; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - // A starting initialization vector of size specified by the AEAD - // algorithm. - this.iv = bytes.subarray(offset, offset += mode.ivLength); - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - // The encrypted session key itself, which is decrypted with the - // string-to-key object. This is optional in version 4. - if (this.version === 5 || offset < bytes.length) { - this.encrypted = bytes.subarray(offset, bytes.length); - this.sessionKeyEncryptionAlgorithm = algo; - } else { - this.sessionKeyAlgorithm = algo; - } - } + hh[1] = ah1 = (c & 0xffff) | (d << 16); + hl[1] = al1 = (a & 0xffff) | (b << 16); - /** - * Create a binary representation of a tag 3 packet - * - * @returns {Uint8Array} The Uint8Array representation. - */ - write() { - const algo = this.encrypted === null ? - this.sessionKeyAlgorithm : - this.sessionKeyEncryptionAlgorithm; + h = ah2; + l = al2; - let bytes; + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (this.version === 5) { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), this.s2k.write(), this.iv, this.encrypted]); - } else { - bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), this.s2k.write()]); + h = hh[2]; + l = hl[2]; - if (this.encrypted !== null) { - bytes = util.concatUint8Array([bytes, this.encrypted]); - } - } + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - return bytes; - } + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - /** - * Decrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(passphrase) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; + hh[2] = ah2 = (c & 0xffff) | (d << 16); + hl[2] = al2 = (a & 0xffff) | (b << 16); - const { blockSize, keySize } = mod.getCipher(algo); - const key = await this.s2k.produceKey(passphrase, keySize); + h = ah3; + l = al3; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, key); - this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); - } else if (this.encrypted !== null) { - const decrypted = await mod.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); - this.sessionKey = decrypted.subarray(1, decrypted.length); - } else { - this.sessionKey = key; - } - } + h = hh[3]; + l = hl[3]; - /** - * Encrypts the session key with the given passphrase - * @param {String} passphrase - The passphrase in string form - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - const algo = this.sessionKeyEncryptionAlgorithm !== null ? - this.sessionKeyEncryptionAlgorithm : - this.sessionKeyAlgorithm; + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; - this.sessionKeyEncryptionAlgorithm = algo; + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); + hh[3] = ah3 = (c & 0xffff) | (d << 16); + hl[3] = al3 = (a & 0xffff) | (b << 16); - const { blockSize, keySize } = mod.getCipher(algo); - const encryptionKey = await this.s2k.produceKey(passphrase, keySize); + h = ah4; + l = al4; - if (this.sessionKey === null) { - this.sessionKey = mod.generateSessionKey(this.sessionKeyAlgorithm); - } + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; - if (this.version === 5) { - const mode = mod.getAEADMode(this.aeadAlgorithm); - this.iv = mod.random.getRandomBytes(mode.ivLength); // generate new random IV - const associatedData = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); - const modeInstance = await mode(algo, encryptionKey); - this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, associatedData); - } else { - const toEncrypt = util.concatUint8Array([ - new Uint8Array([this.sessionKeyAlgorithm]), - this.sessionKey - ]); - this.encrypted = await mod.mode.cfb.encrypt(algo, encryptionKey, toEncrypt, new Uint8Array(blockSize), config$1); - } + h = hh[4]; + l = hl[4]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[4] = ah4 = (c & 0xffff) | (d << 16); + hl[4] = al4 = (a & 0xffff) | (b << 16); + + h = ah5; + l = al5; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[5]; + l = hl[5]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[5] = ah5 = (c & 0xffff) | (d << 16); + hl[5] = al5 = (a & 0xffff) | (b << 16); + + h = ah6; + l = al6; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[6]; + l = hl[6]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[6] = ah6 = (c & 0xffff) | (d << 16); + hl[6] = al6 = (a & 0xffff) | (b << 16); + + h = ah7; + l = al7; + + a = l & 0xffff; b = l >>> 16; + c = h & 0xffff; d = h >>> 16; + + h = hh[7]; + l = hl[7]; + + a += l & 0xffff; b += l >>> 16; + c += h & 0xffff; d += h >>> 16; + + b += a >>> 16; + c += b >>> 16; + d += c >>> 16; + + hh[7] = ah7 = (c & 0xffff) | (d << 16); + hl[7] = al7 = (a & 0xffff) | (b << 16); + + pos += 128; + n -= 128; } + + return n; } -// GPG4Browsers - An OpenPGP implementation in javascript +function crypto_hash(out, m, n) { + var hh = new Int32Array(8), + hl = new Int32Array(8), + x = new Uint8Array(256), + i, b = n; -/** - * Implementation of the Key Material Packet (Tag 5,6,7,14) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: - * A key material packet contains all the information about a public or - * private key. There are four variants of this packet type, and two - * major versions. - * - * A Public-Key packet starts a series of packets that forms an OpenPGP - * key (sometimes called an OpenPGP certificate). - */ -class PublicKeyPacket { - static get tag() { - return enums.packet.publicKey; - } + hh[0] = 0x6a09e667; + hh[1] = 0xbb67ae85; + hh[2] = 0x3c6ef372; + hh[3] = 0xa54ff53a; + hh[4] = 0x510e527f; + hh[5] = 0x9b05688c; + hh[6] = 0x1f83d9ab; + hh[7] = 0x5be0cd19; - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - /** - * Packet version - * @type {Integer} - */ - this.version = config$1.v5Keys ? 5 : 4; - /** - * Key creation date. - * @type {Date} - */ - this.created = util.normalizeDate(date); - /** - * Public key algorithm. - * @type {enums.publicKey} - */ - this.algorithm = null; - /** - * Algorithm specific public params - * @type {Object} - */ - this.publicParams = null; - /** - * Time until expiration in days (V3 only) - * @type {Integer} - */ - this.expirationTimeV3 = 0; - /** - * Fingerprint bytes - * @type {Uint8Array} - */ - this.fingerprint = null; - /** - * KeyID - * @type {module:type/keyid~KeyID} - */ - this.keyID = null; - } + hl[0] = 0xf3bcc908; + hl[1] = 0x84caa73b; + hl[2] = 0xfe94f82b; + hl[3] = 0x5f1d36f1; + hl[4] = 0xade682d1; + hl[5] = 0x2b3e6c1f; + hl[6] = 0xfb41bd6b; + hl[7] = 0x137e2179; + + crypto_hashblocks_hl(hh, hl, m, n); + n %= 128; + + for (i = 0; i < n; i++) x[i] = m[b-n+i]; + x[n] = 128; + + n = 256-128*(n<112?1:0); + x[n-9] = 0; + ts64(x, n-8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(hh, hl, x, n); + + for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); + + return 0; +} + +function add$1(p, q) { + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(), + g = gf(), h = gf(), t = gf(); + + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); - /** - * Create a PublicKeyPacket from a SecretKeyPacket - * @param {SecretKeyPacket} secretKeyPacket - key packet to convert - * @returns {PublicKeyPacket} public key packet - * @static - */ - static fromSecretKeyPacket(secretKeyPacket) { - const keyPacket = new PublicKeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); +} + +function cswap(p, q, b) { + var i; + for (i = 0; i < 4; i++) { + sel25519(p[i], q[i], b); } +} - /** - * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} - * @param {Uint8Array} bytes - Input array to read the packet from - * @returns {Object} This object with attributes set by the parser - * @async - */ - async read(bytes) { - let pos = 0; - // A one-octet version number (3, 4 or 5). - this.version = bytes[pos++]; +function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; +} - if (this.version === 4 || this.version === 5) { - // - A four-octet number denoting the time that the key was created. - this.created = util.readDate(bytes.subarray(pos, pos + 4)); - pos += 4; +function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = (s[(i/8)|0] >> (i&7)) & 1; + cswap(p, q, b); + add$1(q, p); + add$1(p, p); + cswap(p, q, b); + } +} - // - A one-octet number denoting the public-key algorithm of this key. - this.algorithm = bytes[pos++]; +function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); +} - if (this.version === 5) { - // - A four-octet scalar octet count for the following key material. - pos += 4; - } +function crypto_sign_keypair(pk, sk, seeded) { + var d = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()]; + var i; - // - A series of values comprising the key material. - const { read, publicParams } = mod.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); - this.publicParams = publicParams; - pos += read; + if (!seeded) randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; - // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor - await this.computeFingerprintAndKeyID(); - return pos; - } - throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); - } + scalarbase(p, d); + pack(pk, p); - /** - * Creates an OpenPGP public key packet for the given key. - * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. - */ - write() { - const arr = []; - // Version - arr.push(new Uint8Array([this.version])); - arr.push(util.writeDate(this.created)); - // A one-octet number denoting the public-key algorithm of this key - arr.push(new Uint8Array([this.algorithm])); + for (i = 0; i < 32; i++) sk[i+32] = pk[i]; + return 0; +} - const params = mod.serializeParams(this.algorithm, this.publicParams); - if (this.version === 5) { - // A four-octet scalar octet count for the following key material - arr.push(util.writeNumber(params.length, 4)); +var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); + +function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = Math.floor((x[j] + 128) / 256); + x[j] -= carry * 256; } - // Algorithm-specific params - arr.push(params); - return util.concatUint8Array(arr); + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; j++) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; j++) x[j] -= carry * L[j]; + for (i = 0; i < 32; i++) { + x[i+1] += x[i] >> 8; + r[i] = x[i] & 255; } +} - /** - * Write packet in order to be hashed; either for a signature or a fingerprint - * @param {Integer} version - target version of signature or key - */ - writeForHash(version) { - const bytes = this.writePublicKey(); +function reduce(r) { + var x = new Float64Array(64), i; + for (i = 0; i < 64; i++) x[i] = r[i]; + for (i = 0; i < 64; i++) r[i] = 0; + modL(r, x); +} - if (version === 5) { - return util.concatUint8Array([new Uint8Array([0x9A]), util.writeNumber(bytes.length, 4), bytes]); - } - return util.concatUint8Array([new Uint8Array([0x99]), util.writeNumber(bytes.length, 2), bytes]); - } +// Note: difference from C - smlen returned, not passed as argument. +function crypto_sign(sm, m, n, sk) { + var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; - /** - * Check whether secret-key data is available in decrypted form. Returns null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return null; - } + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; - /** - * Returns the creation time of the key - * @returns {Date} - */ - getCreationTime() { - return this.created; - } + var smlen = n + 64; + for (i = 0; i < n; i++) sm[64 + i] = m[i]; + for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; - /** - * Return the key ID of the key - * @returns {module:type/keyid~KeyID} The 8-byte key ID - */ - getKeyID() { - return this.keyID; - } + crypto_hash(r, sm.subarray(32), n+32); + reduce(r); + scalarbase(p, r); + pack(sm, p); - /** - * Computes and set the key ID and fingerprint of the key - * @async - */ - async computeFingerprintAndKeyID() { - await this.computeFingerprint(); - this.keyID = new KeyID(); + for (i = 32; i < 64; i++) sm[i] = sk[i]; + crypto_hash(h, sm, n + 64); + reduce(h); - if (this.version === 5) { - this.keyID.read(this.fingerprint.subarray(0, 8)); - } else if (this.version === 4) { - this.keyID.read(this.fingerprint.subarray(12, 20)); - } else { - throw new Error('Unsupported key version'); + for (i = 0; i < 64; i++) x[i] = 0; + for (i = 0; i < 32; i++) x[i] = r[i]; + for (i = 0; i < 32; i++) { + for (j = 0; j < 32; j++) { + x[i+j] += h[i] * d[j]; } } - /** - * Computes and set the fingerprint of the key - */ - async computeFingerprint() { - const toHash = this.writeForHash(this.version); + modL(sm.subarray(32), x); + return smlen; +} - if (this.version === 5) { - this.fingerprint = await mod.hash.sha256(toHash); - } else if (this.version === 4) { - this.fingerprint = await mod.hash.sha1(toHash); - } else { - throw new Error('Unsupported key version'); - } - } +function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), + den = gf(), den2 = gf(), den4 = gf(), + den6 = gf(); - /** - * Returns the fingerprint of the key, as an array of bytes - * @returns {Uint8Array} A Uint8Array containing the fingerprint - */ - getFingerprintBytes() { - return this.fingerprint; - } + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); - /** - * Calculates and returns the fingerprint of the key, as a string - * @returns {String} A string containing the fingerprint in lowercase hex - */ - getFingerprint() { - return util.uint8ArrayToHex(this.getFingerprintBytes()); - } + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); + + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); + + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) M(r[0], r[0], I); - /** - * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint - * @returns {Boolean} Whether the two keys have the same version and public key data. - */ - hasSameFingerprintAs(other) { - return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); - } + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) return -1; - /** - * Returns algorithm information - * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. - */ - getAlgorithmInfo() { - const result = {}; - result.algorithm = enums.read(enums.publicKey, this.algorithm); - // RSA, DSA or ElGamal public modulo - const modulo = this.publicParams.n || this.publicParams.p; - if (modulo) { - result.bits = util.uint8ArrayBitLength(modulo); - } else if (this.publicParams.oid) { - result.curve = this.publicParams.oid.getName(); - } - return result; - } + if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); + + M(r[3], r[0], r[1]); + return 0; } -/** - * Alias of read() - * @see PublicKeyPacket#read - */ -PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; +function crypto_sign_open(m, sm, n, pk) { + var i; + var t = new Uint8Array(32), h = new Uint8Array(64); + var p = [gf(), gf(), gf(), gf()], + q = [gf(), gf(), gf(), gf()]; -/** - * Alias of write() - * @see PublicKeyPacket#write - */ -PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + if (n < 64) return -1; -// GPG4Browsers - An OpenPGP implementation in javascript + if (unpackneg(q, pk)) return -1; -// A SE packet can contain the following packet types -const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - OnePassSignaturePacket, - SignaturePacket -]); + for (i = 0; i < n; i++) m[i] = sm[i]; + for (i = 0; i < 32; i++) m[i+32] = pk[i]; + crypto_hash(h, m, n); + reduce(h); + scalarmult(p, q, h); -/** - * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: - * The Symmetrically Encrypted Data packet contains data encrypted with a - * symmetric-key algorithm. When it has been decrypted, it contains other - * packets (usually a literal data packet or compressed data packet, but in - * theory other Symmetrically Encrypted Data packets or sequences of packets - * that form whole OpenPGP messages). - */ -class SymmetricallyEncryptedDataPacket { - static get tag() { - return enums.packet.symmetricallyEncryptedData; - } + scalarbase(q, sm.subarray(32)); + add$1(p, q); + pack(t, p); - constructor() { - /** - * Encrypted secret-key data - */ - this.encrypted = null; - /** - * Decrypted packets contained within. - * @type {PacketList} - */ - this.packets = null; + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; i++) m[i] = 0; + return -1; } - read(bytes) { - this.encrypted = bytes; - } + for (i = 0; i < n; i++) m[i] = sm[i + 64]; + return n; +} - write() { - return this.encrypted; +var crypto_scalarmult_BYTES = 32, + crypto_scalarmult_SCALARBYTES = 32, + crypto_box_PUBLICKEYBYTES = 32, + crypto_box_SECRETKEYBYTES = 32, + crypto_sign_BYTES = 64, + crypto_sign_PUBLICKEYBYTES = 32, + crypto_sign_SECRETKEYBYTES = 64, + crypto_sign_SEEDBYTES = 32; + +function checkArrayTypes() { + for (var i = 0; i < arguments.length; i++) { + if (!(arguments[i] instanceof Uint8Array)) + throw new TypeError('unexpected type, use Uint8Array'); } +} - /** - * Decrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config +function cleanup(arr) { + for (var i = 0; i < arr.length; i++) arr[i] = 0; +} - * @throws {Error} if decryption was not successful - * @async - */ - async decrypt(sessionKeyAlgorithm, key, config$1 = config) { - // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error - if (!config$1.allowUnauthenticatedMessages) { - throw new Error('Message is not authenticated.'); - } +nacl.scalarMult = function(n, p) { + checkArrayTypes(n, p); + if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); + if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); + var q = new Uint8Array(crypto_scalarmult_BYTES); + crypto_scalarmult(q, n, p); + return q; +}; - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); - const encrypted = await readToEnd(clone(this.encrypted)); - const decrypted = await mod.mode.cfb.decrypt(sessionKeyAlgorithm, key, - encrypted.subarray(blockSize + 2), - encrypted.subarray(2, blockSize + 2) - ); +nacl.box = {}; - this.packets = await PacketList.fromBinary(decrypted, allowedPackets$3, config$1); - } +nacl.box.keyPair = function() { + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); + crypto_box_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; - /** - * Encrypt the symmetrically-encrypted packet data - * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. - * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use - * @param {Uint8Array} key - The key of cipher blocksize length to be used - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(sessionKeyAlgorithm, key, config$1 = config) { - const data = this.packets.write(); - const { blockSize } = mod.getCipher(sessionKeyAlgorithm); +nacl.box.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_box_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); + crypto_scalarmult_base(pk, secretKey); + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; - const prefix = await mod.getPrefixRandom(sessionKeyAlgorithm); - const FRE = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); - const ciphertext = await mod.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); - this.encrypted = util.concat([FRE, ciphertext]); - } -} +nacl.sign = function(msg, secretKey) { + checkArrayTypes(msg, secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); + crypto_sign(signedMsg, msg, msg.length, secretKey); + return signedMsg; +}; -// GPG4Browsers - An OpenPGP implementation in javascript +nacl.sign.detached = function(msg, secretKey) { + var signedMsg = nacl.sign(msg, secretKey); + var sig = new Uint8Array(crypto_sign_BYTES); + for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; + return sig; +}; -/** - * Implementation of the strange "Marker packet" (Tag 10) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: - * An experimental version of PGP used this packet as the Literal - * packet, but no released version of PGP generated Literal packets with this - * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as - * the Marker packet. - * - * The body of this packet consists of: - * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). - * - * Such a packet MUST be ignored when received. It may be placed at the - * beginning of a message that uses features not available in PGP - * version 2.6 in order to cause that version to report that newer - * software is necessary to process the message. - */ -class MarkerPacket { - static get tag() { - return enums.packet.marker; +nacl.sign.detached.verify = function(msg, sig, publicKey) { + checkArrayTypes(msg, sig, publicKey); + if (sig.length !== crypto_sign_BYTES) + throw new Error('bad signature size'); + if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) + throw new Error('bad public key size'); + var sm = new Uint8Array(crypto_sign_BYTES + msg.length); + var m = new Uint8Array(crypto_sign_BYTES + msg.length); + var i; + for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; + for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; + return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); +}; + +nacl.sign.keyPair = function() { + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + crypto_sign_keypair(pk, sk); + return {publicKey: pk, secretKey: sk}; +}; + +nacl.sign.keyPair.fromSecretKey = function(secretKey) { + checkArrayTypes(secretKey); + if (secretKey.length !== crypto_sign_SECRETKEYBYTES) + throw new Error('bad secret key size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; + return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; +}; + +nacl.sign.keyPair.fromSeed = function(seed) { + checkArrayTypes(seed); + if (seed.length !== crypto_sign_SEEDBYTES) + throw new Error('bad seed size'); + var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); + var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); + for (var i = 0; i < 32; i++) sk[i] = seed[i]; + crypto_sign_keypair(pk, sk, true); + return {publicKey: pk, secretKey: sk}; +}; + +nacl.setPRNG = function(fn) { + randombytes = fn; +}; + +(function() { + // Initialize PRNG if environment provides CSPRNG. + // If not, methods calling randombytes will throw. + if (crypto$3 && crypto$3.getRandomValues) { + // Browsers and Node v16+ + var QUOTA = 65536; + nacl.setPRNG(function(x, n) { + var i, v = new Uint8Array(n); + for (i = 0; i < n; i += QUOTA) { + crypto$3.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); + } + for (i = 0; i < n; i++) x[i] = v[i]; + cleanup(v); + }); } +})(); - /** - * Parsing function for a marker data packet (tag 10). - * @param {Uint8Array} bytes - Payload of a tag 10 packet - * @returns {Boolean} whether the packet payload contains "PGP" - */ - read(bytes) { - if (bytes[0] === 0x50 && // P - bytes[1] === 0x47 && // G - bytes[2] === 0x50) { // P - return true; - } - return false; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - write() { - return new Uint8Array([0x50, 0x47, 0x50]); - } -} -// GPG4Browsers - An OpenPGP implementation in javascript +const knownOIDs = { + '2a8648ce3d030107': enums.curve.nistP256, + '2b81040022': enums.curve.nistP384, + '2b81040023': enums.curve.nistP521, + '2b8104000a': enums.curve.secp256k1, + '2b06010401da470f01': enums.curve.ed25519Legacy, + '2b060104019755010501': enums.curve.curve25519Legacy, + '2b2403030208010107': enums.curve.brainpoolP256r1, + '2b240303020801010b': enums.curve.brainpoolP384r1, + '2b240303020801010d': enums.curve.brainpoolP512r1 +}; -/** - * A Public-Subkey packet (tag 14) has exactly the same format as a - * Public-Key packet, but denotes a subkey. One or more subkeys may be - * associated with a top-level key. By convention, the top-level key - * provides signature services, and the subkeys provide encryption - * services. - * @extends PublicKeyPacket - */ -class PublicSubkeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.publicSubkey; +class OID { + constructor(oid) { + if (oid instanceof OID) { + this.oid = oid.oid; + } else if (util.isArray(oid) || + util.isUint8Array(oid)) { + oid = new Uint8Array(oid); + if (oid[0] === 0x06) { // DER encoded oid byte array + if (oid[1] !== oid.length - 2) { + throw new Error('Length mismatch in DER encoded oid'); + } + oid = oid.subarray(2); + } + this.oid = oid; + } else { + this.oid = ''; + } } /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config + * Method to read an OID object + * @param {Uint8Array} input - Where to read the OID from + * @returns {Number} Number of read bytes. */ - // eslint-disable-next-line no-useless-constructor - constructor(date, config) { - super(date, config); + read(input) { + if (input.length >= 1) { + const length = input[0]; + if (input.length >= 1 + length) { + this.oid = input.subarray(1, 1 + length); + return 1 + this.oid.length; + } + } + throw new Error('Invalid oid'); } /** - * Create a PublicSubkeyPacket from a SecretSubkeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert - * @returns {SecretSubkeyPacket} public key packet - * @static + * Serialize an OID object + * @returns {Uint8Array} Array with the serialized value the OID. */ - static fromSecretSubkeyPacket(secretSubkeyPacket) { - const keyPacket = new PublicSubkeyPacket(); - const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; - keyPacket.version = version; - keyPacket.created = created; - keyPacket.algorithm = algorithm; - keyPacket.publicParams = publicParams; - keyPacket.keyID = keyID; - keyPacket.fingerprint = fingerprint; - return keyPacket; - } -} - -// GPG4Browsers - An OpenPGP implementation in javascript - -/** - * Implementation of the User Attribute Packet (Tag 17) - * - * The User Attribute packet is a variation of the User ID packet. It - * is capable of storing more types of data than the User ID packet, - * which is limited to text. Like the User ID packet, a User Attribute - * packet may be certified by the key owner ("self-signed") or any other - * key owner who cares to certify it. Except as noted, a User Attribute - * packet may be used anywhere that a User ID packet may be used. - * - * While User Attribute packets are not a required part of the OpenPGP - * standard, implementations SHOULD provide at least enough - * compatibility to properly handle a certification signature on the - * User Attribute packet. A simple way to do this is by treating the - * User Attribute packet as a User ID packet with opaque contents, but - * an implementation may use any method desired. - */ -class UserAttributePacket { - static get tag() { - return enums.packet.userAttribute; - } - - constructor() { - this.attributes = []; + write() { + return util.concatUint8Array([new Uint8Array([this.oid.length]), this.oid]); } /** - * parsing function for a user attribute packet (tag 17). - * @param {Uint8Array} input - Payload of a tag 17 packet + * Serialize an OID object as a hex string + * @returns {string} String with the hex value of the OID. */ - read(bytes) { - let i = 0; - while (i < bytes.length) { - const len = readSimpleLength(bytes.subarray(i, bytes.length)); - i += len.offset; - - this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); - i += len.len; - } + toHex() { + return util.uint8ArrayToHex(this.oid); } /** - * Creates a binary representation of the user attribute packet - * @returns {Uint8Array} String representation. + * If a known curve object identifier, return the canonical name of the curve + * @returns {enums.curve} String with the canonical name of the curve + * @throws if unknown */ - write() { - const arr = []; - for (let i = 0; i < this.attributes.length; i++) { - arr.push(writeSimpleLength(this.attributes[i].length)); - arr.push(util.stringToUint8Array(this.attributes[i])); + getName() { + const name = knownOIDs[this.toHex()]; + if (!name) { + throw new Error('Unknown curve object identifier.'); } - return util.concatUint8Array(arr); - } - /** - * Compare for equality - * @param {UserAttributePacket} usrAttr - * @returns {Boolean} True if equal. - */ - equals(usrAttr) { - if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { - return false; - } - return this.attributes.every(function(attr, index) { - return attr === usrAttr.attributes[index]; - }); + return name; } } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/** - * A Secret-Key packet contains all the information that is found in a - * Public-Key packet, including the public-key material, but also - * includes the secret-key material after all the public-key fields. - * @extends PublicKeyPacket - */ -class SecretKeyPacket extends PublicKeyPacket { - static get tag() { - return enums.packet.secretKey; - } - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - /** - * Secret-key data - */ - this.keyMaterial = null; - /** - * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. - */ - this.isEncrypted = null; - /** - * S2K usage - * @type {enums.symmetric} - */ - this.s2kUsage = 0; - /** - * S2K object - * @type {type/s2k} - */ - this.s2k = null; - /** - * Symmetric algorithm to encrypt the key with - * @type {enums.symmetric} - */ - this.symmetric = null; - /** - * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) - * @type {enums.aead} - */ - this.aead = null; - /** - * Decrypted private parameters, referenced by name - * @type {Object} - */ - this.privateParams = null; - } +function readSimpleLength(bytes) { + let len = 0; + let offset; + const type = bytes[0]; - // 5.5.3. Secret-Key Packet Formats - /** - * Internal parser for private keys as specified in - * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} - * @param {Uint8Array} bytes - Input string to read the packet from - * @async - */ - async read(bytes) { - // - A Public-Key or Public-Subkey packet, as described above. - let i = await this.readPublicKey(bytes); - const startOfSecretKeyData = i; + if (type < 192) { + [len] = bytes; + offset = 1; + } else if (type < 255) { + len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192; + offset = 2; + } else if (type === 255) { + len = util.readNumber(bytes.subarray(1, 1 + 4)); + offset = 5; + } - // - One octet indicating string-to-key usage conventions. Zero - // indicates that the secret-key data is not encrypted. 255 or 254 - // indicates that a string-to-key specifier is being given. Any - // other value is a symmetric-key encryption algorithm identifier. - this.s2kUsage = bytes[i++]; + return { + len: len, + offset: offset + }; +} - // - Only for a version 5 packet, a one-octet scalar octet count of - // the next 4 optional fields. - if (this.version === 5) { - i++; - } +/** + * Encodes a given integer of length to the openpgp length specifier to a + * string + * + * @param {Integer} length - The length to encode + * @returns {Uint8Array} String with openpgp length representation. + */ +function writeSimpleLength(length) { + if (length < 192) { + return new Uint8Array([length]); + } else if (length > 191 && length < 8384) { + /* + * let a = (total data packet length) - 192 let bc = two octet + * representation of a let d = b + 192 + */ + return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]); + } + return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]); +} - try { - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one-octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - this.symmetric = bytes[i++]; +function writePartialLength(power) { + if (power < 0 || power > 30) { + throw new Error('Partial Length power must be between 1 and 30'); + } + return new Uint8Array([224 + power]); +} - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - this.aead = bytes[i++]; - } +function writeTag(tag_type) { + /* we're only generating v4 packet headers here */ + return new Uint8Array([0xC0 | tag_type]); +} - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - this.s2k = new S2K(); - i += this.s2k.read(bytes.subarray(i, bytes.length)); +/** + * Writes a packet header version 4 with the given tag_type and length to a + * string + * + * @param {Integer} tag_type - Tag type + * @param {Integer} length - Length of the payload + * @returns {String} String of the header. + */ +function writeHeader(tag_type, length) { + /* we're only generating v4 packet headers here */ + return util.concatUint8Array([writeTag(tag_type), writeSimpleLength(length)]); +} - if (this.s2k.type === 'gnu-dummy') { - return; - } - } else if (this.s2kUsage) { - this.symmetric = this.s2kUsage; - } +/** + * Whether the packet type supports partial lengths per RFC4880 + * @param {Integer} tag - Tag type + * @returns {Boolean} String of the header. + */ +function supportsStreaming(tag) { + return [ + enums.packet.literalData, + enums.packet.compressedData, + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ].includes(tag); +} - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage) { - this.iv = bytes.subarray( - i, - i + mod.getCipher(this.symmetric).blockSize - ); +/** + * Generic static Packet Parser function + * + * @param {Uint8Array | ReadableStream} input - Input stream as string + * @param {Function} callback - Function to call with the parsed packet + * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise. + */ +async function readPackets(input, callback) { + const reader = getReader(input); + let writer; + let callbackReturned; + try { + const peekedBytes = await reader.peekBytes(2); + // some sanity checks + if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) { + throw new Error('Error during parsing. This message / key probably does not conform to a valid OpenPGP format.'); + } + const headerByte = await reader.readByte(); + let tag = -1; + let format = -1; + let packetLength; - i += this.iv.length; - } - } catch (e) { - // if the s2k is unsupported, we still want to support encrypting and verifying with the given key - if (!this.s2kUsage) throw e; // always throw for decrypted keys - this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); - this.isEncrypted = true; + format = 0; // 0 = old format; 1 = new format + if ((headerByte & 0x40) !== 0) { + format = 1; } - // - Only for a version 5 packet, a four-octet scalar octet count for - // the following key material. - if (this.version === 5) { - i += 4; + let packetLengthType; + if (format) { + // new format header + tag = headerByte & 0x3F; // bit 5-0 + } else { + // old format header + tag = (headerByte & 0x3F) >> 2; // bit 5-2 + packetLengthType = headerByte & 0x03; // bit 1-0 } - // - Plain or encrypted multiprecision integers comprising the secret - // key data. These algorithm-specific fields are as described - // below. - this.keyMaterial = bytes.subarray(i); - this.isEncrypted = !!this.s2kUsage; + const packetSupportsStreaming = supportsStreaming(tag); + let packet = null; + if (packetSupportsStreaming) { + if (util.isStream(input) === 'array') { + const arrayStream = new ArrayStream(); + writer = getWriter(arrayStream); + packet = arrayStream; + } else { + const transform = new TransformStream(); + writer = getWriter(transform.writable); + packet = transform.readable; + } + // eslint-disable-next-line callback-return + callbackReturned = callback({ tag, packet }); + } else { + packet = []; + } - if (!this.isEncrypted) { - const cleartext = this.keyMaterial.subarray(0, -2); - if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { - throw new Error('Key checksum mismatch'); + let wasPartialLength; + do { + if (!format) { + // 4.2.1. Old Format Packet Lengths + switch (packetLengthType) { + case 0: + // The packet has a one-octet length. The header is 2 octets + // long. + packetLength = await reader.readByte(); + break; + case 1: + // The packet has a two-octet length. The header is 3 octets + // long. + packetLength = (await reader.readByte() << 8) | await reader.readByte(); + break; + case 2: + // The packet has a four-octet length. The header is 5 + // octets long. + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + break; + default: + // 3 - The packet is of indeterminate length. The header is 1 + // octet long, and the implementation must determine how long + // the packet is. If the packet is in a file, this means that + // the packet extends until the end of the file. In general, + // an implementation SHOULD NOT use indeterminate-length + // packets except where the end of the data will be clear + // from the context, and even then it is better to use a + // definite length, or a new format header. The new format + // headers described below have a mechanism for precisely + // encoding data of indeterminate length. + packetLength = Infinity; + break; + } + } else { // 4.2.2. New Format Packet Lengths + // 4.2.2.1. One-Octet Lengths + const lengthByte = await reader.readByte(); + wasPartialLength = false; + if (lengthByte < 192) { + packetLength = lengthByte; + // 4.2.2.2. Two-Octet Lengths + } else if (lengthByte >= 192 && lengthByte < 224) { + packetLength = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192; + // 4.2.2.4. Partial Body Lengths + } else if (lengthByte > 223 && lengthByte < 255) { + packetLength = 1 << (lengthByte & 0x1F); + wasPartialLength = true; + if (!packetSupportsStreaming) { + throw new TypeError('This packet type does not support partial lengths.'); + } + // 4.2.2.3. Five-Octet Lengths + } else { + packetLength = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() << + 8) | await reader.readByte(); + } } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - if (err instanceof UnsupportedError) throw err; - // avoid throwing potentially sensitive errors - throw new Error('Error reading MPIs'); + if (packetLength > 0) { + let bytesRead = 0; + while (true) { + if (writer) await writer.ready; + const { done, value } = await reader.read(); + if (done) { + if (packetLength === Infinity) break; + throw new Error('Unexpected end of packet'); + } + const chunk = packetLength === Infinity ? value : value.subarray(0, packetLength - bytesRead); + if (writer) await writer.write(chunk); + else packet.push(chunk); + bytesRead += value.length; + if (bytesRead >= packetLength) { + reader.unshift(value.subarray(packetLength - bytesRead + value.length)); + break; + } + } } + } while (wasPartialLength); + + // If this was not a packet that "supports streaming", we peek to check + // whether it is the last packet in the message. We peek 2 bytes instead + // of 1 because the beginning of this function also peeks 2 bytes, and we + // want to cut a `subarray` of the correct length into `web-stream-tools`' + // `externalBuffer` as a tiny optimization here. + // + // If it *was* a streaming packet (i.e. the data packets), we peek at the + // entire remainder of the stream, in order to forward errors in the + // remainder of the stream to the packet data. (Note that this means we + // read/peek at all signature packets before closing the literal data + // packet, for example.) This forwards MDC errors to the literal data + // stream, for example, so that they don't get lost / forgotten on + // decryptedMessage.packets.stream, which we never look at. + // + // An example of what we do when stream-parsing a message containing + // [ one-pass signature packet, literal data packet, signature packet ]: + // 1. Read the one-pass signature packet + // 2. Peek 2 bytes of the literal data packet + // 3. Parse the one-pass signature packet + // + // 4. Read the literal data packet, simultaneously stream-parsing it + // 5. Peek until the end of the message + // 6. Finish parsing the literal data packet + // + // 7. Read the signature packet again (we already peeked at it in step 5) + // 8. Peek at the end of the stream again (`peekBytes` returns undefined) + // 9. Parse the signature packet + // + // Note that this means that if there's an error in the very end of the + // stream, such as an MDC error, we throw in step 5 instead of in step 8 + // (or never), which is the point of this exercise. + const nextPacket = await reader.peekBytes(packetSupportsStreaming ? Infinity : 2); + if (writer) { + await writer.ready; + await writer.close(); + } else { + packet = util.concatUint8Array(packet); + // eslint-disable-next-line callback-return + await callback({ tag, packet }); } - } - - /** - * Creates an OpenPGP key packet for the given key. - * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. - */ - write() { - const serializedPublicKey = this.writePublicKey(); - if (this.unparseableKeyMaterial) { - return util.concatUint8Array([ - serializedPublicKey, - this.unparseableKeyMaterial - ]); + return !nextPacket || !nextPacket.length; + } catch (e) { + if (writer) { + await writer.abort(e); + return true; + } else { + throw e; } - - const arr = [serializedPublicKey]; - arr.push(new Uint8Array([this.s2kUsage])); - - const optionalFieldsArr = []; - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // one- octet symmetric encryption algorithm. - if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { - optionalFieldsArr.push(this.symmetric); - - // - [Optional] If string-to-key usage octet was 253, a one-octet - // AEAD algorithm. - if (this.s2kUsage === 253) { - optionalFieldsArr.push(this.aead); - } - - // - [Optional] If string-to-key usage octet was 255, 254, or 253, a - // string-to-key specifier. The length of the string-to-key - // specifier is implied by its type, as described above. - optionalFieldsArr.push(...this.s2k.write()); + } finally { + if (writer) { + await callbackReturned; } + reader.releaseLock(); + } +} - // - [Optional] If secret data is encrypted (string-to-key usage octet - // not zero), an Initial Vector (IV) of the same length as the - // cipher's block size. - if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { - optionalFieldsArr.push(...this.iv); - } +class UnsupportedError extends Error { + constructor(...params) { + super(...params); - if (this.version === 5) { - arr.push(new Uint8Array([optionalFieldsArr.length])); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - arr.push(new Uint8Array(optionalFieldsArr)); - if (!this.isDummy()) { - if (!this.s2kUsage) { - this.keyMaterial = mod.serializeParams(this.algorithm, this.privateParams); - } + this.name = 'UnsupportedError'; + } +} - if (this.version === 5) { - arr.push(util.writeNumber(this.keyMaterial.length, 4)); - } - arr.push(this.keyMaterial); +// unknown packet types are handled differently depending on the packet criticality +class UnknownPacketError extends UnsupportedError { + constructor(...params) { + super(...params); - if (!this.s2kUsage) { - arr.push(util.writeChecksum(this.keyMaterial)); - } + if (Error.captureStackTrace) { + Error.captureStackTrace(this, UnsupportedError); } - return util.concatUint8Array(arr); - } - - /** - * Check whether secret-key data is available in decrypted form. - * Returns false for gnu-dummy keys and null for public keys. - * @returns {Boolean|null} - */ - isDecrypted() { - return this.isEncrypted === false; + this.name = 'UnknownPacketError'; } +} - /** - * Check whether the key includes secret key material. - * Some secret keys do not include it, and can thus only be used - * for public-key operations (encryption and verification). - * Such keys are: - * - GNU-dummy keys, where the secret material has been stripped away - * - encrypted keys with unsupported S2K or cipher - */ - isMissingSecretKeyMaterial() { - return this.unparseableKeyMaterial !== undefined || this.isDummy(); +class UnparseablePacket { + constructor(tag, rawContent) { + this.tag = tag; + this.rawContent = rawContent; } - /** - * Check whether this is a gnu-dummy key - * @returns {Boolean} - */ - isDummy() { - return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + write() { + return this.rawContent; } +} - /** - * Remove private key material, converting the key to a dummy one. - * The resulting key cannot be used for signing/decrypting but can still verify signatures. - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - makeDummy(config$1 = config) { - if (this.isDummy()) { - return; - } - if (this.isDecrypted()) { - this.clearPrivateParams(); - } - delete this.unparseableKeyMaterial; - this.isEncrypted = null; - this.keyMaterial = null; - this.s2k = new S2K(config$1); - this.s2k.algorithm = 0; - this.s2k.c = 0; - this.s2k.type = 'gnu-dummy'; - this.s2kUsage = 254; - this.symmetric = enums.symmetric.aes256; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - /** - * Encrypt the payload. By default, we use aes256 and iterated, salted string - * to key specifier. If the key is in a decrypted state (isEncrypted === false) - * and the passphrase is empty or undefined, the key will be set as not encrypted. - * This can be used to remove passphrase protection after calling decrypt(). - * @param {String} passphrase - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption was not successful - * @async - */ - async encrypt(passphrase, config$1 = config) { - if (this.isDummy()) { - return; - } - if (!this.isDecrypted()) { - throw new Error('Key packet is already encrypted'); - } - if (!passphrase) { - throw new Error('A non-empty passphrase is required for key encryption.'); - } +/** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, seed: Uint8Array }>} + */ +async function generate$3(algo) { + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']); - this.s2k = new S2K(config$1); - this.s2k.salt = mod.random.getRandomBytes(8); - const cleartext = mod.serializeParams(this.algorithm, this.privateParams); - this.symmetric = enums.symmetric.aes256; - const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); + const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey); - const { blockSize } = mod.getCipher(this.symmetric); - this.iv = mod.random.getRandomBytes(blockSize); + return { + A: new Uint8Array(b64ToUint8Array(publicKey.x)), + seed: b64ToUint8Array(privateKey.d, true) + }; + } catch (err) { + if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux + throw err; + } + const seed = getRandomBytes(getPayloadSize$1(algo)); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } - if (config$1.aeadProtect) { - this.s2kUsage = 253; - this.aead = enums.aead.eax; - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); - this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); - } else { - this.s2kUsage = 254; - this.keyMaterial = await mod.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ - cleartext, - await mod.hash.sha1(cleartext, config$1) - ]), this.iv, config$1); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const seed = ed448.utils.randomPrivateKey(); + const A = ed448.getPublicKey(seed); + return { A, seed }; } + default: + throw new Error('Unsupported EdDSA algorithm'); } +} - /** - * Decrypts the private key params which are needed to use the key. - * Successful decryption does not imply key integrity, call validate() to confirm that. - * {@link SecretKeyPacket.isDecrypted} should be false, as - * otherwise calls to this function will throw an error. - * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if the key is already decrypted, or if decryption was not successful - * @async - */ - async decrypt(passphrase) { - if (this.isDummy()) { - return false; - } +/** + * Sign a message using the provided key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * RS: Uint8Array + * }>} Signature of the message + * @async + */ +async function sign$5(algo, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: + try { + const webCrypto = util.getWebCrypto(); + const jwk = privateKeyToJWK(algo, publicKey, privateKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['sign']); - if (this.unparseableKeyMaterial) { - throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); - } + const signature = new Uint8Array( + await webCrypto.sign('Ed25519', key, hashed) + ); - if (this.isDecrypted()) { - throw new Error('Key packet is already decrypted.'); - } + return { RS: signature }; + } catch (err) { + if (err.name !== 'NotSupportedError') { + throw err; + } + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } - let key; - if (this.s2kUsage === 254 || this.s2kUsage === 253) { - key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); - } else if (this.s2kUsage === 255) { - throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); - } else { - throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + const signature = ed448.sign(hashed, privateKey); + return { RS: signature }; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } - let cleartext; - if (this.s2kUsage === 253) { - const mode = mod.getAEADMode(this.aead); - const modeInstance = await mode(this.symmetric, key); +} + +/** + * Verifies if a signature is valid for a message + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{ RS: Uint8Array }} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +async function verify$5(algo, hashAlgo, { RS }, m, publicKey, hashed) { + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(getPreferredHashAlgo$2(algo))) { + // Enforce digest sizes: + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + throw new Error('Hash algorithm too weak for EdDSA.'); + } + switch (algo) { + case enums.publicKey.ed25519: try { - cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), new Uint8Array()); + const webCrypto = util.getWebCrypto(); + const jwk = publicKeyToJWK(algo, publicKey); + const key = await webCrypto.importKey('jwk', jwk, 'Ed25519', false, ['verify']); + const verified = await webCrypto.verify('Ed25519', key, RS, hashed); + return verified; } catch (err) { - if (err.message === 'Authentication tag mismatch') { - throw new Error('Incorrect key passphrase: ' + err.message); + if (err.name !== 'NotSupportedError') { + throw err; } - throw err; + return nacl.sign.detached.verify(hashed, RS, publicKey); } - } else { - const cleartextWithHash = await mod.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); - - cleartext = cleartextWithHash.subarray(0, -20); - const hash = await mod.hash.sha1(cleartext); - - if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { - throw new Error('Incorrect key passphrase'); - } - } - try { - const { privateParams } = mod.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); - this.privateParams = privateParams; - } catch (err) { - throw new Error('Error reading MPIs'); + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); + return ed448.verify(RS, hashed, publicKey); } - this.isEncrypted = false; - this.keyMaterial = null; - this.s2kUsage = 0; + default: + throw new Error('Unsupported EdDSA algorithm'); } - - /** - * Checks that the key parameters are consistent - * @throws {Error} if validation was not successful - * @async - */ - async validate() { - if (this.isDummy()) { - return; +} +/** + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point + * @param {Uint8Array} seed - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$7(algo, A, seed) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + * TODO: move to sign-verify using WebCrypto (same as ECDSA) when curve is more widely implemented + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(seed); + return util.equalsUint8Array(A, publicKey); } - if (!this.isDecrypted()) { - throw new Error('Key is not decrypted'); - } + case enums.publicKey.ed448: { + const ed448 = await util.getNobleCurve(enums.publicKey.ed448); - let validParams; - try { - // this can throw if some parameters are undefined - validParams = await mod.validateParams(this.algorithm, this.publicParams, this.privateParams); - } catch (_) { - validParams = false; - } - if (!validParams) { - throw new Error('Key is invalid'); + const publicKey = ed448.getPublicKey(seed); + return util.equalsUint8Array(A, publicKey); } + default: + return false; } +} - async generate(bits, curve) { - const { privateParams, publicParams } = await mod.generateParams(this.algorithm, bits, curve); - this.privateParams = privateParams; - this.publicParams = publicParams; - this.isEncrypted = false; - } +function getPayloadSize$1(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return 32; - /** - * Clear private key parameters - */ - clearPrivateParams() { - if (this.isMissingSecretKeyMaterial()) { - return; - } + case enums.publicKey.ed448: + return 57; - Object.keys(this.privateParams).forEach(name => { - const param = this.privateParams[name]; - param.fill(0); - delete this.privateParams[name]; - }); - this.privateParams = null; - this.isEncrypted = true; + default: + throw new Error('Unsupported EdDSA algorithm'); } } -async function produceEncryptionKey(s2k, passphrase, algorithm) { - const { keySize } = mod.getCipher(algorithm); - return s2k.produceKey(passphrase, keySize); +function getPreferredHashAlgo$2(algo) { + switch (algo) { + case enums.publicKey.ed25519: + return enums.hash.sha256; + case enums.publicKey.ed448: + return enums.hash.sha512; + default: + throw new Error('Unknown EdDSA algo'); + } } -var emailAddresses = createCommonjsModule(function (module) { -// email-addresses.js - RFC 5322 email address parser -// v 3.1.0 -// -// http://tools.ietf.org/html/rfc5322 -// -// This library does not validate email addresses. -// emailAddresses attempts to parse addresses using the (fairly liberal) -// grammar specified in RFC 5322. -// -// email-addresses returns { -// ast: , -// addresses: [{ -// node: , -// name: , -// address: , -// local: , -// domain: -// }, ...] -// } -// -// emailAddresses.parseOneAddress and emailAddresses.parseAddressList -// work as you might expect. Try it out. -// -// Many thanks to Dominic Sayers and his documentation on the is_email function, -// http://code.google.com/p/isemail/ , which helped greatly in writing this parser. - -(function (global) { - -function parse5322(opts) { - - // tokenizing functions - - function inStr() { return pos < len; } - function curTok() { return parseString[pos]; } - function getPos() { return pos; } - function setPos(i) { pos = i; } - function nextTok() { pos += 1; } - function initialize() { - pos = 0; - len = parseString.length; - } - - // parser helper functions - - function o(name, value) { - return { - name: name, - tokens: value || "", - semantic: value || "", - children: [] - }; - } - - function wrap(name, ast) { - var n; - if (ast === null) { return null; } - n = o(name); - n.tokens = ast.tokens; - n.semantic = ast.semantic; - n.children.push(ast); - return n; - } - - function add(parent, child) { - if (child !== null) { - parent.tokens += child.tokens; - parent.semantic += child.semantic; - } - parent.children.push(child); - return parent; +const publicKeyToJWK = (algo, publicKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = { + kty: 'OKP', + crv: 'Ed25519', + x: uint8ArrayToB64(publicKey), + ext: true + }; + return jwk; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; - function compareToken(fxnCompare) { - var tok; - if (!inStr()) { return null; } - tok = curTok(); - if (fxnCompare(tok)) { - nextTok(); - return o('token', tok); - } - return null; +const privateKeyToJWK = (algo, publicKey, privateKey) => { + switch (algo) { + case enums.publicKey.ed25519: { + const jwk = publicKeyToJWK(algo, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +}; - function literal(lit) { - return function literalFunc() { - return wrap('literal', compareToken(function (tok) { - return tok === lit; - })); - }; - } +var eddsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + generate: generate$3, + getPayloadSize: getPayloadSize$1, + getPreferredHashAlgo: getPreferredHashAlgo$2, + sign: sign$5, + validateParams: validateParams$7, + verify: verify$5 +}); - function and() { - var args = arguments; - return function andFunc() { - var i, s, result, start; - start = getPos(); - s = o('and'); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result === null) { - setPos(start); - return null; - } - add(s, result); - } - return s; - }; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function or() { - var args = arguments; - return function orFunc() { - var i, result, start; - start = getPos(); - for (i = 0; i < args.length; i += 1) { - result = args[i](); - if (result !== null) { - return result; - } - setPos(start); - } - return null; - }; - } - function opt(prod) { - return function optFunc() { - var result, start; - start = getPos(); - result = prod(); - if (result !== null) { - return result; - } - else { - setPos(start); - return o('opt'); - } - }; - } +const webCrypto$4 = util.getWebCrypto(); +/** + * AES key wrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} dataToWrap + * @returns {Uint8Array} wrapped key + */ +async function wrap(algo, key, dataToWrap) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - function invis(prod) { - return function invisFunc() { - var result = prod(); - if (result !== null) { - result.semantic = ""; - } - return result; - }; + try { + const wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['wrapKey']); + // Import data as HMAC key, as it has no key length requirements + const keyToWrap = await webCrypto$4.importKey('raw', dataToWrap, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + const wrapped = await webCrypto$4.wrapKey('raw', keyToWrap, wrappingKey, { name: 'AES-KW' }); + return new Uint8Array(wrapped); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + } - function colwsp(prod) { - return function collapseSemanticWhitespace() { - var result = prod(); - if (result !== null && result.semantic.length > 0) { - result.semantic = " "; - } - return result; - }; - } + return aeskw(key).encrypt(dataToWrap); +} - function star(prod, minimum) { - return function starFunc() { - var s, result, count, start, min; - start = getPos(); - s = o('star'); - count = 0; - min = minimum === undefined ? 0 : minimum; - while ((result = prod()) !== null) { - count = count + 1; - add(s, result); - } - if (count >= min) { - return s; - } - else { - setPos(start); - return null; - } - }; - } +/** + * AES key unwrap + * @param {enums.symmetric.aes128|enums.symmetric.aes256|enums.symmetric.aes192} algo - AES algo + * @param {Uint8Array} key - wrapping key + * @param {Uint8Array} wrappedData + * @returns {Uint8Array} unwrapped data + */ +async function unwrap(algo, key, wrappedData) { + const { keySize } = getCipherParams(algo); + // sanity checks, since WebCrypto does not use the `algo` input + if (!util.isAES(algo) || key.length !== keySize) { + throw new Error('Unexpected algorithm or key size'); + } - // One expects names to get normalized like this: - // " First Last " -> "First Last" - // "First Last" -> "First Last" - // "First Last" -> "First Last" - function collapseWhitespace(s) { - return s.replace(/([ \t]|\r\n)+/g, ' ').replace(/^\s*/, '').replace(/\s*$/, ''); + let wrappingKey; + try { + wrappingKey = await webCrypto$4.importKey('raw', key, { name: 'AES-KW' }, false, ['unwrapKey']); + } catch (err) { + // no 192 bit support in Chromium, which throws `OperationError`, see: https://www.chromium.org/blink/webcrypto#TOC-AES-support + if (err.name !== 'NotSupportedError' && + !(key.length === 24 && err.name === 'OperationError')) { + throw err; } + util.printDebugError('Browser did not support operation: ' + err.message); + return aeskw(key).decrypt(wrappedData); + } - // UTF-8 pseudo-production (RFC 6532) - // RFC 6532 extends RFC 5322 productions to include UTF-8 - // using the following productions: - // UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4 - // UTF8-2 = - // UTF8-3 = - // UTF8-4 = - // - // For reference, the extended RFC 5322 productions are: - // VCHAR =/ UTF8-non-ascii - // ctext =/ UTF8-non-ascii - // atext =/ UTF8-non-ascii - // qtext =/ UTF8-non-ascii - // dtext =/ UTF8-non-ascii - function isUTF8NonAscii(tok) { - // In JavaScript, we just deal directly with Unicode code points, - // so we aren't checking individual bytes for UTF-8 encoding. - // Just check that the character is non-ascii. - return tok.charCodeAt(0) >= 128; - } - - - // common productions (RFC 5234) - // http://tools.ietf.org/html/rfc5234 - // B.1. Core Rules - - // CR = %x0D - // ; carriage return - function cr() { return wrap('cr', literal('\r')()); } - - // CRLF = CR LF - // ; Internet standard newline - function crlf() { return wrap('crlf', and(cr, lf)()); } - - // DQUOTE = %x22 - // ; " (Double Quote) - function dquote() { return wrap('dquote', literal('"')()); } - - // HTAB = %x09 - // ; horizontal tab - function htab() { return wrap('htab', literal('\t')()); } - - // LF = %x0A - // ; linefeed - function lf() { return wrap('lf', literal('\n')()); } - - // SP = %x20 - function sp() { return wrap('sp', literal(' ')()); } - - // VCHAR = %x21-7E - // ; visible (printing) characters - function vchar() { - return wrap('vchar', compareToken(function vcharFunc(tok) { - var code = tok.charCodeAt(0); - var accept = (0x21 <= code && code <= 0x7E); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); + try { + const unwrapped = await webCrypto$4.unwrapKey('raw', wrappedData, wrappingKey, { name: 'AES-KW' }, { name: 'HMAC', hash: 'SHA-256' }, true, ['sign']); + return new Uint8Array(await webCrypto$4.exportKey('raw', unwrapped)); + } catch (err) { + if (err.name === 'OperationError') { + throw new Error('Key Data Integrity failed'); } + throw err; + } +} - // WSP = SP / HTAB - // ; white space - function wsp() { return wrap('wsp', or(sp, htab)()); } - - - // email productions (RFC 5322) - // http://tools.ietf.org/html/rfc5322 - // 3.2.1. Quoted characters - - // quoted-pair = ("\" (VCHAR / WSP)) / obs-qp - function quotedPair() { - var qp = wrap('quoted-pair', - or( - and(literal('\\'), or(vchar, wsp)), - obsQP - )()); - if (qp === null) { return null; } - // a quoted pair will be two characters, and the "\" character - // should be semantically "invisible" (RFC 5322 3.2.1) - qp.semantic = qp.semantic[1]; - return qp; - } - - // 3.2.2. Folding White Space and Comments - - // FWS = ([*WSP CRLF] 1*WSP) / obs-FWS - function fws() { - return wrap('fws', or( - obsFws, - and( - opt(and( - star(wsp), - invis(crlf) - )), - star(wsp, 1) - ) - )()); - } - - // ctext = %d33-39 / ; Printable US-ASCII - // %d42-91 / ; characters not including - // %d93-126 / ; "(", ")", or "\" - // obs-ctext - function ctext() { - return wrap('ctext', or( - function ctextFunc1() { - return compareToken(function ctextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 39) || - (42 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsCtext - )()); - } - - // ccontent = ctext / quoted-pair / comment - function ccontent() { - return wrap('ccontent', or(ctext, quotedPair, comment)()); - } - - // comment = "(" *([FWS] ccontent) [FWS] ")" - function comment() { - return wrap('comment', and( - literal('('), - star(and(opt(fws), ccontent)), - opt(fws), - literal(')') - )()); - } - - // CFWS = (1*([FWS] comment) [FWS]) / FWS - function cfws() { - return wrap('cfws', or( - and( - star( - and(opt(fws), comment), - 1 - ), - opt(fws) - ), - fws - )()); - } - - // 3.2.3. Atom - - //atext = ALPHA / DIGIT / ; Printable US-ASCII - // "!" / "#" / ; characters not including - // "$" / "%" / ; specials. Used for atoms. - // "&" / "'" / - // "*" / "+" / - // "-" / "/" / - // "=" / "?" / - // "^" / "_" / - // "`" / "{" / - // "|" / "}" / - // "~" - function atext() { - return wrap('atext', compareToken(function atextFunc(tok) { - var accept = - ('a' <= tok && tok <= 'z') || - ('A' <= tok && tok <= 'Z') || - ('0' <= tok && tok <= '9') || - (['!', '#', '$', '%', '&', '\'', '*', '+', '-', '/', - '=', '?', '^', '_', '`', '{', '|', '}', '~'].indexOf(tok) >= 0); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - })); - } +var aesKW = /*#__PURE__*/Object.freeze({ + __proto__: null, + unwrap: unwrap, + wrap: wrap +}); - // atom = [CFWS] 1*atext [CFWS] - function atom() { - return wrap('atom', and(colwsp(opt(cfws)), star(atext, 1), colwsp(opt(cfws)))()); - } +/** + * @fileoverview This module implements HKDF using either the WebCrypto API or Node.js' crypto API. + * @module crypto/hkdf + */ - // dot-atom-text = 1*atext *("." 1*atext) - function dotAtomText() { - var s, maybeText; - s = wrap('dot-atom-text', star(atext, 1)()); - if (s === null) { return s; } - maybeText = star(and(literal('.'), star(atext, 1)))(); - if (maybeText !== null) { - add(s, maybeText); - } - return s; - } - - // dot-atom = [CFWS] dot-atom-text [CFWS] - function dotAtom() { - return wrap('dot-atom', and(invis(opt(cfws)), dotAtomText, invis(opt(cfws)))()); - } - - // 3.2.4. Quoted Strings - - // qtext = %d33 / ; Printable US-ASCII - // %d35-91 / ; characters not including - // %d93-126 / ; "\" or the quote character - // obs-qtext - function qtext() { - return wrap('qtext', or( - function qtextFunc1() { - return compareToken(function qtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 === code) || - (35 <= code && code <= 91) || - (93 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsQtext - )()); - } - // qcontent = qtext / quoted-pair - function qcontent() { - return wrap('qcontent', or(qtext, quotedPair)()); - } +const webCrypto$3 = util.getWebCrypto(); - // quoted-string = [CFWS] - // DQUOTE *([FWS] qcontent) [FWS] DQUOTE - // [CFWS] - function quotedString() { - return wrap('quoted-string', and( - invis(opt(cfws)), - invis(dquote), star(and(opt(colwsp(fws)), qcontent)), opt(invis(fws)), invis(dquote), - invis(opt(cfws)) - )()); - } +async function computeHKDF(hashAlgo, inputKey, salt, info, outLen) { + const hash = enums.read(enums.webHash, hashAlgo); + if (!hash) throw new Error('Hash algo not supported with HKDF'); - // 3.2.5 Miscellaneous Tokens + const importedKey = await webCrypto$3.importKey('raw', inputKey, 'HKDF', false, ['deriveBits']); + const bits = await webCrypto$3.deriveBits({ name: 'HKDF', hash, salt, info }, importedKey, outLen * 8); + return new Uint8Array(bits); +} - // word = atom / quoted-string - function word() { - return wrap('word', or(atom, quotedString)()); - } +/** + * @fileoverview Key encryption and decryption for RFC 6637 ECDH + * @module crypto/public_key/elliptic/ecdh + */ - // phrase = 1*word / obs-phrase - function phrase() { - return wrap('phrase', or(obsPhrase, star(word, 1))()); - } - // 3.4. Address Specification - // address = mailbox / group - function address() { - return wrap('address', or(mailbox, group)()); - } +const HKDF_INFO = { + x25519: util.encodeUTF8('OpenPGP X25519'), + x448: util.encodeUTF8('OpenPGP X448') +}; - // mailbox = name-addr / addr-spec - function mailbox() { - return wrap('mailbox', or(nameAddr, addrSpec)()); +/** + * Generate ECDH key for Montgomery curves + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns {Promise<{ A: Uint8Array, k: Uint8Array }>} + */ +async function generate$2(algo) { + switch (algo) { + case enums.publicKey.x25519: { + // k stays in little-endian, unlike legacy ECDH over curve25519 + const k = getRandomBytes(32); + const { publicKey: A } = nacl.box.keyPair.fromSecretKey(k); + return { A, k }; } - // name-addr = [display-name] angle-addr - function nameAddr() { - return wrap('name-addr', and(opt(displayName), angleAddr)()); + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const k = x448.utils.randomPrivateKey(); + const A = x448.getPublicKey(k); + return { A, k }; } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - // angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / - // obs-angle-addr - function angleAddr() { - return wrap('angle-addr', or( - and( - invis(opt(cfws)), - literal('<'), - addrSpec, - literal('>'), - invis(opt(cfws)) - ), - obsAngleAddr - )()); +/** +* Validate ECDH parameters +* @param {module:enums.publicKey} algo - Algorithm identifier +* @param {Uint8Array} A - ECDH public point +* @param {Uint8Array} k - ECDH secret scalar +* @returns {Promise} Whether params are valid. +* @async +*/ +async function validateParams$6(algo, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.box.keyPair.fromSecretKey(k); + return util.equalsUint8Array(A, publicKey); } - - // group = display-name ":" [group-list] ";" [CFWS] - function group() { - return wrap('group', and( - displayName, - literal(':'), - opt(groupList), - literal(';'), - invis(opt(cfws)) - )()); + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + /** + * Derive public point A' from private key + * and expect A == A' + */ + const publicKey = x448.getPublicKey(k); + return util.equalsUint8Array(A, publicKey); } - // display-name = phrase - function displayName() { - return wrap('display-name', function phraseFixedSemantic() { - var result = phrase(); - if (result !== null) { - result.semantic = collapseWhitespace(result.semantic); - } - return result; - }()); - } - - // mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list - function mailboxList() { - return wrap('mailbox-list', or( - and( - mailbox, - star(and(literal(','), mailbox)) - ), - obsMboxList - )()); - } - - // address-list = (address *("," address)) / obs-addr-list - function addressList() { - return wrap('address-list', or( - and( - address, - star(and(literal(','), address)) - ), - obsAddrList - )()); - } - - // group-list = mailbox-list / CFWS / obs-group-list - function groupList() { - return wrap('group-list', or( - mailboxList, - invis(cfws), - obsGroupList - )()); - } - - // 3.4.1 Addr-Spec Specification - - // local-part = dot-atom / quoted-string / obs-local-part - function localPart() { - // note: quoted-string, dotAtom are proper subsets of obs-local-part - // so we really just have to look for obsLocalPart, if we don't care about the exact parse tree - return wrap('local-part', or(obsLocalPart, dotAtom, quotedString)()); - } - - // dtext = %d33-90 / ; Printable US-ASCII - // %d94-126 / ; characters not including - // obs-dtext ; "[", "]", or "\" - function dtext() { - return wrap('dtext', or( - function dtextFunc1() { - return compareToken(function dtextFunc2(tok) { - var code = tok.charCodeAt(0); - var accept = - (33 <= code && code <= 90) || - (94 <= code && code <= 126); - if (opts.rfc6532) { - accept = accept || isUTF8NonAscii(tok); - } - return accept; - }); - }, - obsDtext - )() - ); - } + default: + return false; + } +} - // domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS] - function domainLiteral() { - return wrap('domain-literal', and( - invis(opt(cfws)), - literal('['), - star(and(opt(fws), dtext)), - opt(fws), - literal(']'), - invis(opt(cfws)) - )()); - } - - // domain = dot-atom / domain-literal / obs-domain - function domain() { - return wrap('domain', function domainCheckTLD() { - var result = or(obsDomain, dotAtom, domainLiteral)(); - if (opts.rejectTLD) { - if (result && result.semantic && result.semantic.indexOf('.') < 0) { - return null; - } - } - // strip all whitespace from domains - if (result) { - result.semantic = result.semantic.replace(/\s+/g, ''); - } - return result; - }()); - } - - // addr-spec = local-part "@" domain - function addrSpec() { - return wrap('addr-spec', and( - localPart, literal('@'), domain - )()); - } - - // 3.6.2 Originator Fields - // Below we only parse the field body, not the name of the field - // like "From:", "Sender:", or "Reply-To:". Other libraries that - // parse email headers can parse those and defer to these productions - // for the "RFC 5322" part. - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // from = "From:" (mailbox-list / address-list) CRLF - function fromSpec() { - return wrap('from', or( - mailboxList, - addressList - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // sender = "Sender:" (mailbox / address) CRLF - function senderSpec() { - return wrap('sender', or( - mailbox, - address - )()); - } - - // RFC 6854 2.1. Replacement of RFC 5322, Section 3.6.2. Originator Fields - // reply-to = "Reply-To:" address-list CRLF - function replyToSpec() { - return wrap('reply-to', addressList()); - } - - // 4.1. Miscellaneous Obsolete Tokens - - // obs-NO-WS-CTL = %d1-8 / ; US-ASCII control - // %d11 / ; characters that do not - // %d12 / ; include the carriage - // %d14-31 / ; return, line feed, and - // %d127 ; white space characters - function obsNoWsCtl() { - return opts.strict ? null : wrap('obs-NO-WS-CTL', compareToken(function (tok) { - var code = tok.charCodeAt(0); - return ((1 <= code && code <= 8) || - (11 === code || 12 === code) || - (14 <= code && code <= 31) || - (127 === code)); - })); +/** + * Wrap and encrypt a session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} data - session key data to be encrypted + * @param {Uint8Array} recipientA - Recipient public key (K_B) + * @returns {Promise<{ + * ephemeralPublicKey: Uint8Array, + * wrappedKey: Uint8Array + * }>} ephemeral public key (K_A) and encrypted key + * @async + */ +async function encrypt$2(algo, data, recipientA) { + const { ephemeralPublicKey, sharedSecret } = await generateEphemeralEncryptionMaterial(algo, recipientA); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + recipientA, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; } - - // obs-ctext = obs-NO-WS-CTL - function obsCtext() { return opts.strict ? null : wrap('obs-ctext', obsNoWsCtl()); } - - // obs-qtext = obs-NO-WS-CTL - function obsQtext() { return opts.strict ? null : wrap('obs-qtext', obsNoWsCtl()); } - - // obs-qp = "\" (%d0 / obs-NO-WS-CTL / LF / CR) - function obsQP() { - return opts.strict ? null : wrap('obs-qp', and( - literal('\\'), - or(literal('\0'), obsNoWsCtl, lf, cr) - )()); - } - - // obs-phrase = word *(word / "." / CFWS) - function obsPhrase() { - if (opts.strict ) return null; - return opts.atInDisplayName ? wrap('obs-phrase', and( - word, - star(or(word, literal('.'), literal('@'), colwsp(cfws))) - )()) : - wrap('obs-phrase', and( - word, - star(or(word, literal('.'), colwsp(cfws))) - )()); - } - - // 4.2. Obsolete Folding White Space - - // NOTE: read the errata http://www.rfc-editor.org/errata_search.php?rfc=5322&eid=1908 - // obs-FWS = 1*([CRLF] WSP) - function obsFws() { - return opts.strict ? null : wrap('obs-FWS', star( - and(invis(opt(crlf)), wsp), - 1 - )()); - } - - // 4.4. Obsolete Addressing - - // obs-angle-addr = [CFWS] "<" obs-route addr-spec ">" [CFWS] - function obsAngleAddr() { - return opts.strict ? null : wrap('obs-angle-addr', and( - invis(opt(cfws)), - literal('<'), - obsRoute, - addrSpec, - literal('>'), - invis(opt(cfws)) - )()); - } - - // obs-route = obs-domain-list ":" - function obsRoute() { - return opts.strict ? null : wrap('obs-route', and( - obsDomainList, - literal(':') - )()); - } - - // obs-domain-list = *(CFWS / ",") "@" domain - // *("," [CFWS] ["@" domain]) - function obsDomainList() { - return opts.strict ? null : wrap('obs-domain-list', and( - star(or(invis(cfws), literal(','))), - literal('@'), - domain, - star(and( - literal(','), - invis(opt(cfws)), - opt(and(literal('@'), domain)) - )) - )()); - } - - // obs-mbox-list = *([CFWS] ",") mailbox *("," [mailbox / CFWS]) - function obsMboxList() { - return opts.strict ? null : wrap('obs-mbox-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - mailbox, - star(and( - literal(','), - opt(and( - mailbox, - invis(cfws) - )) - )) - )()); - } - - // obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) - function obsAddrList() { - return opts.strict ? null : wrap('obs-addr-list', and( - star(and( - invis(opt(cfws)), - literal(',') - )), - address, - star(and( - literal(','), - opt(and( - address, - invis(cfws) - )) - )) - )()); - } - - // obs-group-list = 1*([CFWS] ",") [CFWS] - function obsGroupList() { - return opts.strict ? null : wrap('obs-group-list', and( - star(and( - invis(opt(cfws)), - literal(',') - ), 1), - invis(opt(cfws)) - )()); - } - - // obs-local-part = word *("." word) - function obsLocalPart() { - return opts.strict ? null : wrap('obs-local-part', and(word, star(and(literal('.'), word)))()); - } - - // obs-domain = atom *("." atom) - function obsDomain() { - return opts.strict ? null : wrap('obs-domain', and(atom, star(and(literal('.'), atom)))()); - } - - // obs-dtext = obs-NO-WS-CTL / quoted-pair - function obsDtext() { - return opts.strict ? null : wrap('obs-dtext', or(obsNoWsCtl, quotedPair)()); - } - - ///////////////////////////////////////////////////// - - // ast analysis - - function findNode(name, root) { - var i, stack, node; - if (root === null || root === undefined) { return null; } - stack = [root]; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - return node; - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return null; - } - - function findAllNodes(name, root) { - var i, stack, node, result; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - while (stack.length > 0) { - node = stack.pop(); - if (node.name === name) { - result.push(node); - } - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - return result; + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + const wrappedKey = await wrap(cipherAlgo, encryptionKey, data); + return { ephemeralPublicKey, wrappedKey }; } - function findAllNodesNoChildren(names, root) { - var i, stack, node, result, namesLookup; - if (root === null || root === undefined) { return null; } - stack = [root]; - result = []; - namesLookup = {}; - for (i = 0; i < names.length; i += 1) { - namesLookup[names[i]] = true; - } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - while (stack.length > 0) { - node = stack.pop(); - if (node.name in namesLookup) { - result.push(node); - // don't look at children (hence findAllNodesNoChildren) - } else { - for (i = node.children.length - 1; i >= 0; i -= 1) { - stack.push(node.children[i]); - } - } - } - return result; +/** + * Decrypt and unwrap the session key + * + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} ephemeralPublicKey - (K_A) + * @param {Uint8Array} wrappedKey, + * @param {Uint8Array} A - Recipient public key (K_b), needed for KDF + * @param {Uint8Array} k - Recipient secret key (b) + * @returns {Promise} decrypted session key data + * @async + */ +async function decrypt$2(algo, ephemeralPublicKey, wrappedKey, A, k) { + const sharedSecret = await recomputeSharedSecret(algo, ephemeralPublicKey, A, k); + const hkdfInput = util.concatUint8Array([ + ephemeralPublicKey, + A, + sharedSecret + ]); + switch (algo) { + case enums.publicKey.x25519: { + const cipherAlgo = enums.symmetric.aes128; + const { keySize } = getCipherParams(cipherAlgo); + const encryptionKey = await computeHKDF(enums.hash.sha256, hkdfInput, new Uint8Array(), HKDF_INFO.x25519, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); } - - function giveResult(ast) { - var addresses, groupsAndMailboxes, i, groupOrMailbox, result; - if (ast === null) { - return null; - } - addresses = []; - - // An address is a 'group' (i.e. a list of mailboxes) or a 'mailbox'. - groupsAndMailboxes = findAllNodesNoChildren(['group', 'mailbox'], ast); - for (i = 0; i < groupsAndMailboxes.length; i += 1) { - groupOrMailbox = groupsAndMailboxes[i]; - if (groupOrMailbox.name === 'group') { - addresses.push(giveResultGroup(groupOrMailbox)); - } else if (groupOrMailbox.name === 'mailbox') { - addresses.push(giveResultMailbox(groupOrMailbox)); - } - } - - result = { - ast: ast, - addresses: addresses, - }; - if (opts.simple) { - result = simplifyResult(result); - } - if (opts.oneResult) { - return oneResult(result); - } - if (opts.simple) { - return result && result.addresses; - } else { - return result; - } + case enums.publicKey.x448: { + const cipherAlgo = enums.symmetric.aes256; + const { keySize } = getCipherParams(enums.symmetric.aes256); + const encryptionKey = await computeHKDF(enums.hash.sha512, hkdfInput, new Uint8Array(), HKDF_INFO.x448, keySize); + return unwrap(cipherAlgo, encryptionKey, wrappedKey); } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - function giveResultGroup(group) { - var i; - var groupName = findNode('display-name', group); - var groupResultMailboxes = []; - var mailboxes = findAllNodesNoChildren(['mailbox'], group); - for (i = 0; i < mailboxes.length; i += 1) { - groupResultMailboxes.push(giveResultMailbox(mailboxes[i])); - } - return { - node: group, - parts: { - name: groupName, - }, - type: group.name, // 'group' - name: grabSemantic(groupName), - addresses: groupResultMailboxes, - }; - } +function getPayloadSize(algo) { + switch (algo) { + case enums.publicKey.x25519: + return 32; - function giveResultMailbox(mailbox) { - var name = findNode('display-name', mailbox); - var aspec = findNode('addr-spec', mailbox); - var cfws = findAllNodes('cfws', mailbox); - var comments = findAllNodesNoChildren(['comment'], mailbox); + case enums.publicKey.x448: + return 56; + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - var local = findNode('local-part', aspec); - var domain = findNode('domain', aspec); - return { - node: mailbox, - parts: { - name: name, - address: aspec, - local: local, - domain: domain, - comments: cfws - }, - type: mailbox.name, // 'mailbox' - name: grabSemantic(name), - address: grabSemantic(aspec), - local: grabSemantic(local), - domain: grabSemantic(domain), - comments: concatComments(comments), - groupName: grabSemantic(mailbox.groupName), - }; +/** + * Generate shared secret and ephemeral public key for encryption + * @returns {Promise<{ ephemeralPublicKey: Uint8Array, sharedSecret: Uint8Array }>} ephemeral public key (K_A) and shared secret + * @async + */ +async function generateEphemeralEncryptionMaterial(algo, recipientA) { + switch (algo) { + case enums.publicKey.x25519: { + const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo)); + const sharedSecret = nacl.scalarMult(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const { publicKey: ephemeralPublicKey } = nacl.box.keyPair.fromSecretKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; + } + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const ephemeralSecretKey = x448.utils.randomPrivateKey(); + const sharedSecret = x448.getSharedSecret(ephemeralSecretKey, recipientA); + assertNonZeroArray(sharedSecret); + const ephemeralPublicKey = x448.getPublicKey(ephemeralSecretKey); + return { ephemeralPublicKey, sharedSecret }; } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - function grabSemantic(n) { - return n !== null && n !== undefined ? n.semantic : null; +async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) { + switch (algo) { + case enums.publicKey.x25519: { + const sharedSecret = nacl.scalarMult(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; } - - function simplifyResult(result) { - var i; - if (result && result.addresses) { - for (i = 0; i < result.addresses.length; i += 1) { - delete result.addresses[i].node; - } - } - return result; + case enums.publicKey.x448: { + const x448 = await util.getNobleCurve(enums.publicKey.x448); + const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey); + assertNonZeroArray(sharedSecret); + return sharedSecret; } + default: + throw new Error('Unsupported ECDH algorithm'); + } +} - function concatComments(comments) { - var result = ''; - if (comments) { - for (var i = 0; i < comments.length; i += 1) { - result += grabSemantic(comments[i]); - } - } - return result; - } +/** + * x25519 and x448 produce an all-zero value when given as input a point with small order. + * This does not lead to a security issue in the context of ECDH, but it is still unexpected, + * hence we throw. + * @param {Uint8Array} sharedSecret + */ +function assertNonZeroArray(sharedSecret) { + let acc = 0; + for (let i = 0; i < sharedSecret.length; i++) { + acc |= sharedSecret[i]; + } + if (acc === 0) { + throw new Error('Unexpected low order point'); + } +} - function oneResult(result) { - if (!result) { return null; } - if (!opts.partial && result.addresses.length > 1) { return null; } - return result.addresses && result.addresses[0]; - } +var ecdh_x = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$2, + encrypt: encrypt$2, + generate: generate$2, + generateEphemeralEncryptionMaterial: generateEphemeralEncryptionMaterial, + getPayloadSize: getPayloadSize, + recomputeSharedSecret: recomputeSharedSecret, + validateParams: validateParams$6 +}); - ///////////////////////////////////////////////////// +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - var parseString, pos, len, parsed, startProduction; - opts = handleOpts(opts, {}); - if (opts === null) { return null; } +const webCrypto$2 = util.getWebCrypto(); +const nodeCrypto$2 = util.getNodeCrypto(); - parseString = opts.input; +const webCurves = { + [enums.curve.nistP256]: 'P-256', + [enums.curve.nistP384]: 'P-384', + [enums.curve.nistP521]: 'P-521' +}; +const knownCurves = nodeCrypto$2 ? nodeCrypto$2.getCurves() : []; +const nodeCurves = nodeCrypto$2 ? { + [enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined, + [enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined, + [enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined, + [enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined, + [enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined, + [enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined, + [enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined, + [enums.curve.brainpoolP384r1]: knownCurves.includes('brainpoolP384r1') ? 'brainpoolP384r1' : undefined, + [enums.curve.brainpoolP512r1]: knownCurves.includes('brainpoolP512r1') ? 'brainpoolP512r1' : undefined +} : {}; - startProduction = { - 'address': address, - 'address-list': addressList, - 'angle-addr': angleAddr, - 'from': fromSpec, - 'group': group, - 'mailbox': mailbox, - 'mailbox-list': mailboxList, - 'reply-to': replyToSpec, - 'sender': senderSpec, - }[opts.startAt] || addressList; +const curves = { + [enums.curve.nistP256]: { + oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.nistP256], + web: webCurves[enums.curve.nistP256], + payloadSize: 32, + sharedSize: 256, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP384]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.nistP384], + web: webCurves[enums.curve.nistP384], + payloadSize: 48, + sharedSize: 384, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.nistP521]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.nistP521], + web: webCurves[enums.curve.nistP521], + payloadSize: 66, + sharedSize: 528, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.secp256k1]: { + oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.secp256k1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.ed25519Legacy]: { + oid: [0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01], + keyType: enums.publicKey.eddsaLegacy, + hash: enums.hash.sha512, + node: false, // nodeCurves.ed25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.curve25519Legacy]: { + oid: [0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01], + keyType: enums.publicKey.ecdh, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: false, // nodeCurves.curve25519 TODO + payloadSize: 32, + wireFormatLeadingByte: 0x40 + }, + [enums.curve.brainpoolP256r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha256, + cipher: enums.symmetric.aes128, + node: nodeCurves[enums.curve.brainpoolP256r1], + payloadSize: 32, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP384r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha384, + cipher: enums.symmetric.aes192, + node: nodeCurves[enums.curve.brainpoolP384r1], + payloadSize: 48, + wireFormatLeadingByte: 0x04 + }, + [enums.curve.brainpoolP512r1]: { + oid: [0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D], + keyType: enums.publicKey.ecdsa, + hash: enums.hash.sha512, + cipher: enums.symmetric.aes256, + node: nodeCurves[enums.curve.brainpoolP512r1], + payloadSize: 64, + wireFormatLeadingByte: 0x04 + } +}; - if (!opts.strict) { - initialize(); - opts.strict = true; - parsed = startProduction(parseString); - if (opts.partial || !inStr()) { - return giveResult(parsed); - } - opts.strict = false; +class CurveWithOID { + constructor(oidOrName) { + try { + this.name = oidOrName instanceof OID ? + oidOrName.getName() : + enums.write(enums.curve,oidOrName); + } catch (err) { + throw new UnsupportedError('Unknown curve'); } + const params = curves[this.name]; - initialize(); - parsed = startProduction(parseString); - if (!opts.partial && inStr()) { return null; } - return giveResult(parsed); -} - -function parseOneAddressSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} + this.keyType = params.keyType; -function parseAddressListSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'address-list', - })); -} + this.oid = params.oid; + this.hash = params.hash; + this.cipher = params.cipher; + this.node = params.node; + this.web = params.web; + this.payloadSize = params.payloadSize; + this.sharedSize = params.sharedSize; + this.wireFormatLeadingByte = params.wireFormatLeadingByte; + if (this.web && util.getWebCrypto()) { + this.type = 'web'; + } else if (this.node && util.getNodeCrypto()) { + this.type = 'node'; + } else if (this.name === enums.curve.curve25519Legacy) { + this.type = 'curve25519Legacy'; + } else if (this.name === enums.curve.ed25519Legacy) { + this.type = 'ed25519Legacy'; + } + } -function parseFromSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'from', - })); + async genKeyPair() { + switch (this.type) { + case 'web': + try { + return await webGenKeyPair(this.name, this.wireFormatLeadingByte); + } catch (err) { + util.printDebugError('Browser did not support generating ec key ' + err.message); + return jsGenKeyPair(this.name); + } + case 'node': + return nodeGenKeyPair(this.name); + case 'curve25519Legacy': { + // the private key must be stored in big endian and already clamped: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-5.5.5.6.1.1-3 + const { k, A } = await generate$2(enums.publicKey.x25519); + const privateKey = k.slice().reverse(); + privateKey[0] = (privateKey[0] & 127) | 64; + privateKey[31] &= 248; + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + case 'ed25519Legacy': { + const { seed: privateKey, A } = await generate$3(enums.publicKey.ed25519); + const publicKey = util.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]), A]); + return { publicKey, privateKey }; + } + default: + return jsGenKeyPair(this.name); + } + } } -function parseSenderSimple(opts) { - return parse5322(handleOpts(opts, { - oneResult: true, - rfc6532: true, - simple: true, - startAt: 'sender', - })); +async function generate$1(curveName) { + const curve = new CurveWithOID(curveName); + const { oid, hash, cipher } = curve; + const keyPair = await curve.genKeyPair(); + return { + oid, + Q: keyPair.publicKey, + secret: util.leftPad(keyPair.privateKey, curve.payloadSize), + hash, + cipher + }; } -function parseReplyToSimple(opts) { - return parse5322(handleOpts(opts, { - rfc6532: true, - simple: true, - startAt: 'reply-to', - })); +/** + * Get preferred hash algo to use with the given curve + * @param {module:type/oid} oid - curve oid + * @returns {enums.hash} hash algorithm + */ +function getPreferredHashAlgo$1(oid) { + return curves[oid.getName()].hash; } -function handleOpts(opts, defs) { - function isString(str) { - return Object.prototype.toString.call(str) === '[object String]'; - } - - function isObject(o) { - return o === Object(o); - } +/** + * Validate ECDH and ECDSA parameters + * Not suitable for EdDSA (different secret key format) + * @param {module:enums.publicKey} algo - EC algorithm, to filter supported curves + * @param {module:type/oid} oid - EC object identifier + * @param {Uint8Array} Q - EC public point + * @param {Uint8Array} d - EC secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateStandardParams(algo, oid, Q, d) { + const supportedCurves = { + [enums.curve.nistP256]: true, + [enums.curve.nistP384]: true, + [enums.curve.nistP521]: true, + [enums.curve.secp256k1]: true, + [enums.curve.curve25519Legacy]: algo === enums.publicKey.ecdh, + [enums.curve.brainpoolP256r1]: true, + [enums.curve.brainpoolP384r1]: true, + [enums.curve.brainpoolP512r1]: true + }; - function isNullUndef(o) { - return o === null || o === undefined; - } + // Check whether the given curve is supported + const curveName = oid.getName(); + if (!supportedCurves[curveName]) { + return false; + } - var defaults, o; + if (curveName === enums.curve.curve25519Legacy) { + d = d.slice().reverse(); + // Re-derive public point Q' + const { publicKey } = nacl.box.keyPair.fromSecretKey(d); - if (isString(opts)) { - opts = { input: opts }; - } else if (!isObject(opts)) { - return null; + Q = new Uint8Array(Q); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + if (!util.equalsUint8Array(dG, Q)) { + return false; } - if (!isString(opts.input)) { return null; } - if (!defs) { return null; } - - defaults = { - oneResult: false, - partial: false, - rejectTLD: false, - rfc6532: false, - simple: false, - startAt: 'address-list', - strict: false, - atInDisplayName: false - }; - - for (o in defaults) { - if (isNullUndef(opts[o])) { - opts[o] = !isNullUndef(defs[o]) ? defs[o] : defaults[o]; - } - } - return opts; -} + return true; + } -parse5322.parseOneAddress = parseOneAddressSimple; -parse5322.parseAddressList = parseAddressListSimple; -parse5322.parseFrom = parseFromSimple; -parse5322.parseSender = parseSenderSimple; -parse5322.parseReplyTo = parseReplyToSimple; + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curveName); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + /* + * Re-derive public point Q' = dG from private key + * Expect Q == Q' + */ + const dG = nobleCurve.getPublicKey(d, false); + if (!util.equalsUint8Array(dG, Q)) { + return false; + } -{ - module.exports = parse5322; + return true; } -}()); -}); - -// GPG4Browsers - An OpenPGP implementation in javascript - /** - * Implementation of the User ID Packet (Tag 13) - * - * A User ID packet consists of UTF-8 text that is intended to represent - * the name and email address of the key holder. By convention, it - * includes an RFC 2822 [RFC2822] mail name-addr, but there are no - * restrictions on its content. The packet length in the header - * specifies the length of the User ID. + * Check whether the public point has a valid encoding. + * NB: this function does not check e.g. whether the point belongs to the curve. */ -class UserIDPacket { - static get tag() { - return enums.packet.userID; - } +function checkPublicPointEnconding(curve, V) { + const { payloadSize, wireFormatLeadingByte, name: curveName } = curve; - constructor() { - /** A string containing the user id. Usually in the form - * John Doe - * @type {String} - */ - this.userID = ''; + const pointSize = (curveName === enums.curve.curve25519Legacy || curveName === enums.curve.ed25519Legacy) ? payloadSize : payloadSize * 2; - this.name = ''; - this.email = ''; - this.comment = ''; + if (V[0] !== wireFormatLeadingByte || V.length !== pointSize + 1) { + throw new Error('Invalid point encoding'); } +} - /** - * Create UserIDPacket instance from object - * @param {Object} userID - Object specifying userID name, email and comment - * @returns {UserIDPacket} - * @static - */ - static fromObject(userID) { - if (util.isString(userID) || - (userID.name && !util.isString(userID.name)) || - (userID.email && !util.isEmailAddress(userID.email)) || - (userID.comment && !util.isString(userID.comment))) { - throw new Error('Invalid user ID format'); - } - const packet = new UserIDPacket(); - Object.assign(packet, userID); - const components = []; - if (packet.name) components.push(packet.name); - if (packet.comment) components.push(`(${packet.comment})`); - if (packet.email) components.push(`<${packet.email}>`); - packet.userID = components.join(' '); - return packet; - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// +async function jsGenKeyPair(name) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, name); // excluding curve25519Legacy, ecdh and ecdsa use the same curves + const privateKey = nobleCurve.utils.randomPrivateKey(); + const publicKey = nobleCurve.getPublicKey(privateKey, false); + return { publicKey, privateKey }; +} - /** - * Parsing function for a user id packet (tag 13). - * @param {Uint8Array} input - Payload of a tag 13 packet - */ - read(bytes, config$1 = config) { - const userID = util.decodeUTF8(bytes); - if (userID.length > config$1.maxUserIDLength) { - throw new Error('User ID string is too long'); - } - try { - const { name, address: email, comments } = emailAddresses.parseOneAddress({ input: userID, atInDisplayName: true }); - this.comment = comments.replace(/^\(|\)$/g, ''); - this.name = name; - this.email = email; - } catch (e) {} - this.userID = userID; - } +async function webGenKeyPair(name, wireFormatLeadingByte) { + // Note: keys generated with ECDSA and ECDH are structurally equivalent + const webCryptoKey = await webCrypto$2.generateKey({ name: 'ECDSA', namedCurve: webCurves[name] }, true, ['sign', 'verify']); - /** - * Creates a binary representation of the user id packet - * @returns {Uint8Array} Binary representation. - */ - write() { - return util.encodeUTF8(this.userID); - } + const privateKey = await webCrypto$2.exportKey('jwk', webCryptoKey.privateKey); + const publicKey = await webCrypto$2.exportKey('jwk', webCryptoKey.publicKey); - equals(otherUserID) { - return otherUserID && otherUserID.userID === this.userID; - } + return { + publicKey: jwkToRawPublic(publicKey, wireFormatLeadingByte), + privateKey: b64ToUint8Array(privateKey.d) + }; } -// GPG4Browsers - An OpenPGP implementation in javascript +async function nodeGenKeyPair(name) { + // Note: ECDSA and ECDH key generation is structurally equivalent + const ecdh = nodeCrypto$2.createECDH(nodeCurves[name]); + await ecdh.generateKeys(); + return { + publicKey: new Uint8Array(ecdh.getPublicKey()), + privateKey: new Uint8Array(ecdh.getPrivateKey()) + }; +} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// /** - * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret - * Key packet and has exactly the same format. - * @extends SecretKeyPacket + * @param {JsonWebKey} jwk - key for conversion + * + * @returns {Uint8Array} Raw public key. */ -class SecretSubkeyPacket extends SecretKeyPacket { - static get tag() { - return enums.packet.secretSubkey; - } - - /** - * @param {Date} [date] - Creation date - * @param {Object} [config] - Full configuration, defaults to openpgp.config - */ - constructor(date = new Date(), config$1 = config) { - super(date, config$1); - } +function jwkToRawPublic(jwk, wireFormatLeadingByte) { + const bufX = b64ToUint8Array(jwk.x); + const bufY = b64ToUint8Array(jwk.y); + const publicKey = new Uint8Array(bufX.length + bufY.length + 1); + publicKey[0] = wireFormatLeadingByte; + publicKey.set(bufX, 1); + publicKey.set(bufY, bufX.length + 1); + return publicKey; } /** - * Implementation of the Trust Packet (Tag 12) - * - * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: - * The Trust packet is used only within keyrings and is not normally - * exported. Trust packets contain data that record the user's - * specifications of which key holders are trustworthy introducers, - * along with other information that implementing software uses for - * trust information. The format of Trust packets is defined by a given - * implementation. + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key * - * Trust packets SHOULD NOT be emitted to output streams that are - * transferred to other users, and they SHOULD be ignored on any input - * other than local keyring files. + * @returns {JsonWebKey} Public key in jwk format. */ -class TrustPacket { - static get tag() { - return enums.packet.trust; - } - - /** - * Parsing function for a trust packet (tag 12). - * Currently not implemented as we ignore trust packets - */ - read() { - throw new UnsupportedError('Trust packets are not supported'); - } +function rawPublicToJWK(payloadSize, name, publicKey) { + const len = payloadSize; + const bufX = publicKey.slice(1, len + 1); + const bufY = publicKey.slice(len + 1, len * 2 + 1); + // https://www.rfc-editor.org/rfc/rfc7518.txt + const jwk = { + kty: 'EC', + crv: name, + x: uint8ArrayToB64(bufX), + y: uint8ArrayToB64(bufY), + ext: true + }; + return jwk; +} - write() { - throw new UnsupportedError('Trust packets are not supported'); - } +/** + * @param {Integer} payloadSize - ec payload size + * @param {String} name - curve name + * @param {Uint8Array} publicKey - public key + * @param {Uint8Array} privateKey - private key + * + * @returns {JsonWebKey} Private key in jwk format. + */ +function privateToJWK(payloadSize, name, publicKey, privateKey) { + const jwk = rawPublicToJWK(payloadSize, name, publicKey); + jwk.d = uint8ArrayToB64(privateKey); + return jwk; } -// GPG4Browsers - An OpenPGP implementation in javascript +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// A Signature can contain the following packets -const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + +const webCrypto$1 = util.getWebCrypto(); +const nodeCrypto$1 = util.getNodeCrypto(); /** - * Class that represents an OpenPGP signature. + * Sign a message using the provided key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async */ -class Signature { - /** - * @param {PacketList} packetlist - The signature packets - */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); - } - - /** - * Returns binary encoded signature - * @returns {ReadableStream} Binary signature. - */ - write() { - return this.packets.write(); - } - - /** - * Returns ASCII armored text of signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config$1); +async function sign$4(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (message && !util.isStream(message)) { + const keyPair = { publicKey, privateKey }; + switch (curve.type) { + case 'web': + // If browser doesn't support a curve, we'll catch it + try { + // Need to await to make sure browser succeeds + return await webSign(curve, hashAlgo, message, keyPair); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunaley Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support signing: ' + err.message); + } + break; + case 'node': + return nodeSign(curve, hashAlgo, message, privateKey); + } } - /** - * Returns an array of KeyIDs of all of the issuers who created this signature - * @returns {Array} The Key IDs of the signing keys - */ - getSigningKeyIDs() { - return this.packets.map(packet => packet.issuerKeyID); - } + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + const signature = nobleCurve.sign(hashed, privateKey, { lowS: false }); + return { + r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize), + s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize) + }; } /** - * reads an (optionally armored) OpenPGP signature and returns a signature object - * @param {Object} options - * @param {String} [options.armoredSignature] - Armored signature to be parsed - * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New signature object. + * Verifies if a signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify + * @param {Uint8Array} message - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} * @async - * @static */ -async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredSignature || binarySignature; - if (!input) { - throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); - } - if (armoredSignature && !util.isString(armoredSignature)) { - throw new Error('readSignature: options.armoredSignature must be a string'); - } - if (binarySignature && !util.isUint8Array(binarySignature)) { - throw new Error('readSignature: options.binarySignature must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +async function verify$4(oid, hashAlgo, signature, message, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + // See https://github.com/openpgpjs/openpgpjs/pull/948. + // NB: the impact was more likely limited to Brainpool curves, since thanks + // to WebCrypto availability, NIST curve should not have been affected. + // Similarly, secp256k1 should have been used rarely enough. + // However, we implement the fix for all curves, since it's only needed in case of + // verification failure, which is unexpected, hence a minor slowdown is acceptable. + const tryFallbackVerificationForOldBug = async () => ( + hashed[0] === 0 ? + jsVerify(curve, signature, hashed.subarray(1), publicKey) : + false + ); - if (armoredSignature) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.signature) { - throw new Error('Armored text not of type signature'); + if (message && !util.isStream(message)) { + switch (curve.type) { + case 'web': + try { + // Need to await to make sure browser succeeds + const verified = await webVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } catch (err) { + // We do not fallback if the error is related to key integrity + // Unfortunately Safari does not support nistP521 and throws a DataError when using it + // So we need to always fallback for that curve + if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) { + throw err; + } + util.printDebugError('Browser did not support verifying: ' + err.message); + } + break; + case 'node': { + const verified = await nodeVerify(curve, hashAlgo, signature, message, publicKey); + return verified || tryFallbackVerificationForOldBug(); + } } - input = data; } - const packetlist = await PacketList.fromBinary(input, allowedPackets$4, config$1); - return new Signature(packetlist); -} - -/** - * @fileoverview Provides helpers methods for key module - * @module key/helper - * @private - */ - -async function generateSecretSubkey(options, config) { - const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); - secretSubkeyPacket.packets = null; - secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretSubkeyPacket.generate(options.rsaBits, options.curve); - await secretSubkeyPacket.computeFingerprintAndKeyID(); - return secretSubkeyPacket; -} -async function generateSecretKey(options, config) { - const secretKeyPacket = new SecretKeyPacket(options.date, config); - secretKeyPacket.packets = null; - secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); - await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); - await secretKeyPacket.computeFingerprintAndKeyID(); - return secretKeyPacket; + const verified = await jsVerify(curve, signature, hashed, publicKey); + return verified || tryFallbackVerificationForOldBug(); } /** - * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. - * @param {Array} signatures - List of signatures - * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - full configuration - * @returns {Promise} The latest valid signature. + * Validate ECDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDSA public point + * @param {Uint8Array} d - ECDSA secret scalar + * @returns {Promise} Whether params are valid. * @async */ -async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { - let latestValid; - let exception; - for (let i = signatures.length - 1; i >= 0; i--) { - try { - if ( - (!latestValid || signatures[i].created >= latestValid.created) - ) { - await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); - latestValid = signatures[i]; +async function validateParams$5(oid, Q, d) { + const curve = new CurveWithOID(oid); + // Reject curves x25519 and ed25519 + if (curve.keyType !== enums.publicKey.ecdsa) { + return false; + } + + // To speed up the validation, we try to use node- or webcrypto when available + // and sign + verify a random message + switch (curve.type) { + case 'web': + case 'node': { + const message = getRandomBytes(8); + const hashAlgo = enums.hash.sha256; + const hashed = await hash$1.digest(hashAlgo, message); + try { + const signature = await sign$4(oid, hashAlgo, message, Q, d, hashed); + // eslint-disable-next-line @typescript-eslint/return-await + return await verify$4(oid, hashAlgo, signature, message, Q, hashed); + } catch (err) { + return false; } - } catch (e) { - exception = e; } + default: + return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d); } - if (!latestValid) { - throw util.wrapError( - `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` - .replace('certGeneric ', 'self-') - .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), - exception); - } - return latestValid; } -function isDataExpired(keyPacket, signature, date = new Date()) { - const normDate = util.normalizeDate(date); - if (normDate !== null) { - const expirationTime = getKeyExpirationTime(keyPacket, signature); - return !(keyPacket.created <= normDate && normDate < expirationTime); - } - return false; -} + +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// /** - * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} - * @param {SecretSubkeyPacket} subkey - Subkey key packet - * @param {SecretKeyPacket} primaryKey - Primary key packet - * @param {Object} options - * @param {Object} config - Full configuration + * Fallback javascript implementation of ECDSA verification. + * To be used if no native implementation is available for the given curve/operation. */ -async function createBindingSignature(subkey, primaryKey, options, config) { - const dataToSign = {}; - dataToSign.key = primaryKey; - dataToSign.bind = subkey; - const signatureProperties = { signatureType: enums.signature.subkeyBinding }; - if (options.sign) { - signatureProperties.keyFlags = [enums.keyFlags.signData]; - signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, { - signatureType: enums.signature.keyBinding - }, options.date, undefined, undefined, undefined, config); - } else { - signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; - } - const subkeySignaturePacket = await createSignaturePacket(dataToSign, null, primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); - return subkeySignaturePacket; +async function jsVerify(curve, signature, hashed, publicKey) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdsa, curve.name); + // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch + return nobleCurve.verify(util.concatUint8Array([signature.r, signature.s]), hashed, publicKey, { lowS: false }); } -/** - * Returns the preferred signature hash algorithm of a key - * @param {Key} [key] - The key to get preferences from - * @param {SecretKeyPacket|SecretSubkeyPacket} keyPacket - key packet used for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} config - full configuration - * @returns {Promise} - * @async - */ -async function getPreferredHashAlgo$2(key, keyPacket, date = new Date(), userID = {}, config) { - let hashAlgo = config.preferredHashAlgorithm; - let prefAlgo = hashAlgo; - if (key) { - const primaryUser = await key.getPrimaryUser(date, userID, config); - if (primaryUser.selfCertification.preferredHashAlgorithms) { - [prefAlgo] = primaryUser.selfCertification.preferredHashAlgorithms; - hashAlgo = mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; - } - } - switch (keyPacket.algorithm) { - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ed25519: - prefAlgo = mod.getPreferredCurveHashAlgo(keyPacket.algorithm, keyPacket.publicParams.oid); +async function webSign(curve, hashAlgo, message, keyPair) { + const len = curve.payloadSize; + const jwk = privateToJWK(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['sign'] + ); + + const signature = new Uint8Array(await webCrypto$1.sign( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + message + )); + + return { + r: signature.slice(0, len), + s: signature.slice(len, len << 1) + }; +} + +async function webVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const jwk = rawPublicToJWK(curve.payloadSize, webCurves[curve.name], publicKey); + const key = await webCrypto$1.importKey( + 'jwk', + jwk, + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, curve.hash) } + }, + false, + ['verify'] + ); + + const signature = util.concatUint8Array([r, s]).buffer; + + return webCrypto$1.verify( + { + 'name': 'ECDSA', + 'namedCurve': webCurves[curve.name], + 'hash': { name: enums.read(enums.webHash, hashAlgo) } + }, + key, + signature, + message + ); +} + +async function nodeSign(curve, hashAlgo, message, privateKey) { + // JWT encoding cannot be used for now, as Brainpool curves are not supported + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { privateKey: derPrivateKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + privateKey: nodeBuffer.from(privateKey) + }); + + const sign = nodeCrypto$1.createSign(enums.read(enums.hash, hashAlgo)); + sign.write(message); + sign.end(); + + const signature = new Uint8Array(sign.sign({ key: derPrivateKey, format: 'der', type: 'sec1', dsaEncoding: 'ieee-p1363' })); + const len = curve.payloadSize; + + return { + r: signature.subarray(0, len), + s: signature.subarray(len, len << 1) + }; +} + +async function nodeVerify(curve, hashAlgo, { r, s }, message, publicKey) { + const ecKeyUtils = util.nodeRequire('eckey-utils'); + const nodeBuffer = util.getNodeBuffer(); + const { publicKey: derPublicKey } = ecKeyUtils.generateDer({ + curveName: nodeCurves[curve.name], + publicKey: nodeBuffer.from(publicKey) + }); + + const verify = nodeCrypto$1.createVerify(enums.read(enums.hash, hashAlgo)); + verify.write(message); + verify.end(); + + const signature = util.concatUint8Array([r, s]); + + try { + return verify.verify({ key: derPublicKey, format: 'der', type: 'spki', dsaEncoding: 'ieee-p1363' }, signature); + } catch (err) { + return false; } - return mod.hash.getHashByteLength(hashAlgo) <= mod.hash.getHashByteLength(prefAlgo) ? - prefAlgo : hashAlgo; } -/** - * Returns the preferred symmetric/aead/compression algorithm for a set of keys - * @param {'symmetric'|'aead'|'compression'} type - Type of preference to return - * @param {Array} [keys] - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Preferred algorithm - * @async - */ -async function getPreferredAlgo(type, keys = [], date = new Date(), userIDs = [], config$1 = config) { - const defaultAlgo = { // these are all must-implement in rfc4880bis - 'symmetric': enums.symmetric.aes128, - 'aead': enums.aead.eax, - 'compression': enums.compression.uncompressed - }[type]; - const preferredSenderAlgo = { - 'symmetric': config$1.preferredSymmetricAlgorithm, - 'aead': config$1.preferredAEADAlgorithm, - 'compression': config$1.preferredCompressionAlgorithm - }[type]; - const prefPropertyName = { - 'symmetric': 'preferredSymmetricAlgorithms', - 'aead': 'preferredAEADAlgorithms', - 'compression': 'preferredCompressionAlgorithms' - }[type]; +var ecdsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$4, + validateParams: validateParams$5, + verify: verify$4 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // if preferredSenderAlgo appears in the prefs of all recipients, we pick it - // otherwise we use the default algo - // if no keys are available, preferredSenderAlgo is returned - const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - const recipientPrefs = primaryUser.selfCertification[prefPropertyName]; - return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; - })); - return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; -} /** - * Create signature packet - * @param {Object} dataToSign - Contains packets to be signed - * @param {PrivateKey} privateKey - key to get preferences from - * @param {SecretKeyPacket| - * SecretSubkeyPacket} signingKeyPacket secret key packet for signing - * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing - * @param {Date} [date] - Override the creationtime of the signature - * @param {Object} [userID] - User ID - * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [detached] - Whether to create a detached signature packet - * @param {Object} config - full configuration - * @returns {Promise} Signature packet. + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async */ -async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userID, notations = [], detached = false, config) { - if (signingKeyPacket.isDummy()) { - throw new Error('Cannot sign with a gnu-dummy key.'); - } - if (!signingKeyPacket.isDecrypted()) { - throw new Error('Signing key is not decrypted.'); +async function sign$3(oid, hashAlgo, message, publicKey, privateKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); } - const signaturePacket = new SignaturePacket(); - Object.assign(signaturePacket, signatureProperties); - signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; - signaturePacket.hashAlgorithm = await getPreferredHashAlgo$2(privateKey, signingKeyPacket, date, userID, config); - signaturePacket.rawNotations = notations; - await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached); - return signaturePacket; + const { RS: signature } = await sign$5(enums.publicKey.ed25519, hashAlgo, message, publicKey.subarray(1), privateKey, hashed); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; } /** - * Merges signatures from source[attr] to dest[attr] - * @param {Object} source - * @param {Object} dest - * @param {String} attr - * @param {Date} [date] - date to use for signature expiration check, instead of the current time - * @param {Function} [checkFn] - signature only merged if true + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async */ -async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { - source = source[attr]; - if (source) { - if (!dest[attr].length) { - dest[attr] = source; - } else { - await Promise.all(source.map(async function(sourceSig) { - if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && - !dest[attr].some(function(destSig) { - return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); - })) { - dest[attr].push(sourceSig); - } - })); - } +async function verify$3(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, publicKey); + if (hash$1.getHashByteLength(hashAlgo) < hash$1.getHashByteLength(enums.hash.sha256)) { + // Enforce digest sizes, since the constraint was already present in RFC4880bis: + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + throw new Error('Hash algorithm too weak for EdDSA.'); } + const RS = util.concatUint8Array([r, s]); + return verify$5(enums.publicKey.ed25519, hashAlgo, { RS }, m, publicKey.subarray(1), hashed); } - /** - * Checks if a given certificate or binding signature is revoked - * @param {SecretKeyPacket| - * PublicKeyPacket} primaryKey The primary key packet - * @param {Object} dataToVerify - The data to check - * @param {Array} revocations - The revocation signatures to check - * @param {SignaturePacket} signature - The certificate or signature to check - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the signature revokes the data. + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. * @async */ -async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { - key = key || primaryKey; - const revocationKeyIDs = []; - await Promise.all(revocations.map(async function(revocationSignature) { - try { - if ( - // Note: a third-party revocation signature could legitimately revoke a - // self-signature if the signature has an authorized revocation key. - // However, we don't support passing authorized revocation keys, nor - // verifying such revocation signatures. Instead, we indicate an error - // when parsing a key with an authorized revocation key, and ignore - // third-party revocation signatures here. (It could also be revoking a - // third-party key certification, which should only affect - // `verifyAllCertifications`.) - !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) - ) { - await revocationSignature.verify( - key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config - ); - - // TODO get an identifier of the revoked object instead - revocationKeyIDs.push(revocationSignature.issuerKeyID); - } - } catch (e) {} - })); - // TODO further verify that this is the signature that should be revoked - if (signature) { - signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : - signature.revoked || false; - return signature.revoked; +async function validateParams$4(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== enums.curve.ed25519Legacy) { + return false; } - return revocationKeyIDs.length > 0; + + /** + * Derive public point Q' = dG from private key + * and expect Q == Q' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); + } +var eddsa_legacy = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$3, + validateParams: validateParams$4, + verify: verify$3 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + /** - * Returns key expiration time based on the given certification signature. - * The expiration time of the signature is ignored. - * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check - * @param {SignaturePacket} signature - signature to process - * @returns {Date|Infinity} expiration time or infinity if the key does not expire + * @fileoverview Functions to add and remove PKCS5 padding + * @see PublicKeyEncryptedSessionKeyPacket + * @module crypto/pkcs5 + * @private */ -function getKeyExpirationTime(keyPacket, signature) { - let expirationTime; - // check V4 expiration time - if (signature.keyNeverExpires === false) { - expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; - } - return expirationTime ? new Date(expirationTime) : Infinity; + +/** + * Add pkcs5 padding to a message + * @param {Uint8Array} message - message to pad + * @returns {Uint8Array} Padded message. + */ +function encode(message) { + const c = 8 - (message.length % 8); + const padded = new Uint8Array(message.length + c).fill(c); + padded.set(message); + return padded; } /** - * Returns whether aead is supported by all keys in the set - * @param {Array} keys - Set of keys - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Array} [userIDs] - User IDs - * @param {Object} config - full configuration - * @returns {Promise} - * @async + * Remove pkcs5 padding from a message + * @param {Uint8Array} message - message to remove padding from + * @returns {Uint8Array} Message without padding. */ -async function isAEADSupported(keys, date = new Date(), userIDs = [], config$1 = config) { - let supported = true; - // TODO replace when Promise.some or Promise.any are implemented - await Promise.all(keys.map(async function(key, i) { - const primaryUser = await key.getPrimaryUser(date, userIDs[i], config$1); - if (!primaryUser.selfCertification.features || - !(primaryUser.selfCertification.features[0] & enums.features.aead)) { - supported = false; +function decode$1(message) { + const len = message.length; + if (len > 0) { + const c = message[len - 1]; + if (c >= 1) { + const provided = message.subarray(len - c); + const computed = new Uint8Array(c).fill(c); + if (util.equalsUint8Array(provided, computed)) { + return message.subarray(0, len - c); + } } - })); - return supported; + } + throw new Error('Invalid padding'); } -function sanitizeKeyOptions(options, subkeyDefaults = {}) { - options.type = options.type || subkeyDefaults.type; - options.curve = options.curve || subkeyDefaults.curve; - options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; - options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; +var pkcs5 = /*#__PURE__*/Object.freeze({ + __proto__: null, + decode: decode$1, + encode: encode +}); - options.sign = options.sign || false; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - switch (options.type) { - case 'ecc': - try { - options.curve = enums.write(enums.curve, options.curve); - } catch (e) { - throw new Error('Unknown curve'); - } - if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy) { - options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; - } - if (options.sign) { - options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; - } else { - options.algorithm = enums.publicKey.ecdh; - } - break; - case 'rsa': - options.algorithm = enums.publicKey.rsaEncryptSign; - break; - default: - throw new Error(`Unsupported key type ${options.type}`); - } - return options; + +const webCrypto = util.getWebCrypto(); +const nodeCrypto = util.getNodeCrypto(); + +/** + * Validate ECDH parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - ECDH public point + * @param {Uint8Array} d - ECDH secret scalar + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$3(oid, Q, d) { + return validateStandardParams(enums.publicKey.ecdh, oid, Q, d); } -function isValidSigningKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.rsaEncrypt && - keyAlgo !== enums.publicKey.elgamal && - keyAlgo !== enums.publicKey.ecdh && - keyAlgo !== enums.publicKey.x25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.signData) !== 0); -} - -function isValidEncryptionKeyPacket(keyPacket, signature) { - const keyAlgo = keyPacket.algorithm; - return keyAlgo !== enums.publicKey.dsa && - keyAlgo !== enums.publicKey.rsaSign && - keyAlgo !== enums.publicKey.ecdsa && - keyAlgo !== enums.publicKey.eddsaLegacy && - keyAlgo !== enums.publicKey.ed25519 && - (!signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0); +// Build Param for ECDH algorithm (RFC 6637) +function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) { + return util.concatUint8Array([ + oid.write(), + new Uint8Array([public_algo]), + kdfParams.write(), + util.stringToUint8Array('Anonymous Sender '), + fingerprint + ]); } -function isValidDecryptionKeyPacket(signature, config) { - if (config.allowInsecureDecryptionWithSigningKeys) { - // This is only relevant for RSA keys, all other signing algorithms cannot decrypt - return true; +// Key Derivation Function (RFC 6637) +async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTrailing = false) { + // Note: X is little endian for Curve25519, big-endian for all others. + // This is not ideal, but the RFC's are unclear + // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B + let i; + if (stripLeading) { + // Work around old go crypto bug + for (i = 0; i < X.length && X[i] === 0; i++); + X = X.subarray(i); } - - return !signature.keyFlags || - (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || - (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + if (stripTrailing) { + // Work around old OpenPGP.js bug + for (i = X.length - 1; i >= 0 && X[i] === 0; i--); + X = X.subarray(0, i + 1); + } + const digest = await hash$1.digest(hashAlgo, util.concatUint8Array([ + new Uint8Array([0, 0, 0, 1]), + X, + param + ])); + return digest.subarray(0, length); } /** - * Check key against blacklisted algorithms and minimum strength requirements. - * @param {SecretKeyPacket|PublicKeyPacket| - * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket - * @param {Config} config - * @throws {Error} if the key packet does not meet the requirements + * Generate ECDHE ephemeral key and secret from public key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async */ -function checkKeyRequirements(keyPacket, config) { - const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); - const algoInfo = keyPacket.getAlgorithmInfo(); - if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { - throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); - } - switch (keyAlgo) { - case enums.publicKey.rsaEncryptSign: - case enums.publicKey.rsaSign: - case enums.publicKey.rsaEncrypt: - if (algoInfo.bits < config.minRSABits) { - throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); - } - break; - case enums.publicKey.ecdsa: - case enums.publicKey.eddsaLegacy: - case enums.publicKey.ecdh: - if (config.rejectCurves.has(algoInfo.curve)) { - throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); +async function genPublicEphemeralKey(curve, Q) { + switch (curve.type) { + case 'curve25519Legacy': { + const { sharedSecret: sharedKey, ephemeralPublicKey } = await generateEphemeralEncryptionMaterial(enums.publicKey.x25519, Q.subarray(1)); + const publicKey = util.concatUint8Array([new Uint8Array([curve.wireFormatLeadingByte]), ephemeralPublicKey]); + return { publicKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below + } + case 'web': + if (curve.web && util.getWebCrypto()) { + try { + return await webPublicEphemeralKey(curve, Q); + } catch (err) { + util.printDebugError(err); + return jsPublicEphemeralKey(curve, Q); + } } break; + case 'node': + return nodePublicEphemeralKey(curve, Q); + default: + return jsPublicEphemeralKey(curve, Q); + } } /** - * @module key/User - * @private - */ - -/** - * Class that represents an user ID or attribute packet and the relevant signatures. - * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info - * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + * Encrypt and wrap a session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} data - Unpadded session key data + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>} + * @async */ -class User { - constructor(userPacket, mainKey) { - this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; - this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; - this.selfCertifications = []; - this.otherCertifications = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } - - /** - * Transforms structured user data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.userID || this.userAttribute); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.selfCertifications); - packetlist.push(...this.otherCertifications); - return packetlist; - } - - /** - * Shallow clone - * @returns {User} - */ - clone() { - const user = new User(this.userID || this.userAttribute, this.mainKey); - user.selfCertifications = [...this.selfCertifications]; - user.otherCertifications = [...this.otherCertifications]; - user.revocationSignatures = [...this.revocationSignatures]; - return user; - } - - /** - * Generate third-party certifications over this user and its primary key - * @param {Array} signingKeys - Decrypted private keys for signing - * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} New user with new certifications. - * @async - */ - async certify(signingKeys, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { - if (!privateKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - if (privateKey.hasSameFingerprintAs(primaryKey)) { - throw new Error("The user's own key can only be used for self-certifications"); - } - const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); - return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, { - // Most OpenPGP implementations use generic certification (0x10) - signatureType: enums.signature.certGeneric, - keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] - }, date, undefined, undefined, undefined, config); - })); - await user.update(this, date, config); - return user; - } - - /** - * Checks if a given certificate of the user is revoked - * @param {SignaturePacket} certificate - The certificate to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} True if the certificate is revoked. - * @async - */ - async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked(primaryKey, enums.signature.certRevocation, { - key: primaryKey, - userID: this.userID, - userAttribute: this.userAttribute - }, this.revocationSignatures, certificate, keyPacket, date, config$1); - } - - /** - * Verifies the user certificate. - * @param {SignaturePacket} certificate - A certificate of this user - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate - * @throws if the user certificate is invalid. - * @async - */ - async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const { issuerKeyID } = certificate; - const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); - if (issuerKeys.length === 0) { - return null; - } - await Promise.all(issuerKeys.map(async key => { - const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); - if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { - throw new Error('User certificate is revoked'); - } - try { - await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('User certificate is invalid', e); - } - })); - return true; - } +async function encrypt$1(oid, kdfParams, data, Q, fingerprint) { + const m = encode(data); - /** - * Verifies all user certificates - * @param {Array} verificationKeys - Array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllCertifications(verificationKeys, date = new Date(), config) { - const that = this; - const certifications = this.selfCertifications.concat(this.otherCertifications); - return Promise.all(certifications.map(async certification => ({ - keyID: certification.issuerKeyID, - valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) - }))); - } + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + const { publicKey, sharedKey } = await genPublicEphemeralKey(curve, Q); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param); + const wrappedKey = await wrap(kdfParams.cipher, Z, m); + return { publicKey, wrappedKey }; +} - /** - * Verify User. Checks for existence of self signatures, revocation signatures - * and validity of self signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} config - Full configuration - * @returns {Promise} Status of user. - * @throws {Error} if there are no valid self signatures. - * @async - */ - async verify(date = new Date(), config) { - if (!this.selfCertifications.length) { - throw new Error('No self-certifications found'); +/** + * Generate ECDHE secret from private key and public part of ephemeral key + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function genPrivateEphemeralKey(curve, V, Q, d) { + if (d.length !== curve.payloadSize) { + const privateKey = new Uint8Array(curve.payloadSize); + privateKey.set(d, curve.payloadSize - d.length); + d = privateKey; + } + switch (curve.type) { + case 'curve25519Legacy': { + const secretKey = d.slice().reverse(); + const sharedKey = await recomputeSharedSecret(enums.publicKey.x25519, V.subarray(1), Q.subarray(1), secretKey); + return { secretKey, sharedKey }; // Note: sharedKey is little-endian here, unlike below } - const that = this; - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // TODO replace when Promise.some or Promise.any are implemented - let exception; - for (let i = this.selfCertifications.length - 1; i >= 0; i--) { - try { - const selfCertification = this.selfCertifications[i]; - if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { - throw new Error('Self-certification is revoked'); - } + case 'web': + if (curve.web && util.getWebCrypto()) { try { - await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); - } catch (e) { - throw util.wrapError('Self-certification is invalid', e); + return await webPrivateEphemeralKey(curve, V, Q, d); + } catch (err) { + util.printDebugError(err); + return jsPrivateEphemeralKey(curve, V, d); } - return true; - } catch (e) { - exception = e; } - } - throw exception; + break; + case 'node': + return nodePrivateEphemeralKey(curve, V, d); + default: + return jsPrivateEphemeralKey(curve, V, d); } +} - /** - * Update user with new components from specified user - * @param {User} sourceUser - Source user to merge - * @param {Date} date - Date to verify the validity of signatures - * @param {Object} config - Full configuration - * @returns {Promise} - * @async - */ - async update(sourceUser, date, config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - // self signatures - await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { - try { - await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); - return true; - } catch (e) { - return false; - } - }); - // other signatures - await mergeSignatures(sourceUser, this, 'otherCertifications', date); - // revocation signatures - await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); - }); +/** + * Decrypt and unwrap the value derived from session key + * + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} C - Encrypted and wrapped value derived from session key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version + * @returns {Promise} Value derived from session key. + * @async + */ +async function decrypt$1(oid, kdfParams, V, C, Q, d, fingerprint) { + const curve = new CurveWithOID(oid); + checkPublicPointEnconding(curve, Q); + checkPublicPointEnconding(curve, V); + const { sharedKey } = await genPrivateEphemeralKey(curve, V, Q, d); + const param = buildEcdhParam(enums.publicKey.ecdh, oid, kdfParams, fingerprint); + const { keySize } = getCipherParams(kdfParams.cipher); + let err; + for (let i = 0; i < 3; i++) { + try { + // Work around old go crypto bug and old OpenPGP.js bug, respectively. + const Z = await kdf(kdfParams.hash, sharedKey, keySize, param, i === 1, i === 2); + return decode$1(await unwrap(kdfParams.cipher, Z, C)); + } catch (e) { + err = e; + } } + throw err; +} - /** - * Revokes the user - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New user with revocation signature. - * @async - */ - async revoke( - primaryKey, +async function jsPrivateEphemeralKey(curve, V, d) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(d, V); + const sharedKey = sharedSecretWithParity.subarray(1); + return { secretKey: d, sharedKey }; +} + +async function jsPublicEphemeralKey(curve, Q) { + const nobleCurve = await util.getNobleCurve(enums.publicKey.ecdh, curve.name); + const { publicKey: V, privateKey: v } = await curve.genKeyPair(); + + // The output includes parity byte + const sharedSecretWithParity = nobleCurve.getSharedSecret(v, Q); + const sharedKey = sharedSecretWithParity.subarray(1); + return { publicKey: V, sharedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} Q - Recipient public key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPrivateEphemeralKey(curve, V, Q, d) { + const recipient = privateToJWK(curve.payloadSize, curve.web, Q, d); + let privateKey = webCrypto.importKey( + 'jwk', + recipient, { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { - userID: this.userID, - userAttribute: this.userAttribute, - key: primaryKey - }; - const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); - user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.certRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await user.update(this); - return user; - } + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, V); + let sender = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + [] + ); + [privateKey, sender] = await Promise.all([privateKey, sender]); + let S = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: sender + }, + privateKey, + curve.sharedSize + ); + let secret = webCrypto.exportKey( + 'jwk', + privateKey + ); + [S, secret] = await Promise.all([S, secret]); + const sharedKey = new Uint8Array(S); + const secretKey = b64ToUint8Array(secret.d); + return { secretKey, sharedKey }; +} + +/** + * Generate ECDHE ephemeral key and secret from public key using webCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function webPublicEphemeralKey(curve, Q) { + const jwk = rawPublicToJWK(curve.payloadSize, curve.web, Q); + let keyPair = webCrypto.generateKey( + { + name: 'ECDH', + namedCurve: curve.web + }, + true, + ['deriveKey', 'deriveBits'] + ); + let recipient = webCrypto.importKey( + 'jwk', + jwk, + { + name: 'ECDH', + namedCurve: curve.web + }, + false, + [] + ); + [keyPair, recipient] = await Promise.all([keyPair, recipient]); + let s = webCrypto.deriveBits( + { + name: 'ECDH', + namedCurve: curve.web, + public: recipient + }, + keyPair.privateKey, + curve.sharedSize + ); + let p = webCrypto.exportKey( + 'jwk', + keyPair.publicKey + ); + [s, p] = await Promise.all([s, p]); + const sharedKey = new Uint8Array(s); + const publicKey = new Uint8Array(jwkToRawPublic(p, curve.wireFormatLeadingByte)); + return { publicKey, sharedKey }; +} + +/** + * Generate ECDHE secret from private key and public part of ephemeral key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} V - Public part of ephemeral key + * @param {Uint8Array} d - Recipient private key + * @returns {Promise<{secretKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePrivateEphemeralKey(curve, V, d) { + const recipient = nodeCrypto.createECDH(curve.node); + recipient.setPrivateKey(d); + const sharedKey = new Uint8Array(recipient.computeSecret(V)); + const secretKey = new Uint8Array(recipient.getPrivateKey()); + return { secretKey, sharedKey }; +} + +/** + * Generate ECDHE ephemeral key and secret from public key using nodeCrypto + * + * @param {CurveWithOID} curve - Elliptic curve object + * @param {Uint8Array} Q - Recipient public key + * @returns {Promise<{publicKey: Uint8Array, sharedKey: Uint8Array}>} + * @async + */ +async function nodePublicEphemeralKey(curve, Q) { + const sender = nodeCrypto.createECDH(curve.node); + sender.generateKeys(); + const sharedKey = new Uint8Array(sender.computeSecret(Q)); + const publicKey = new Uint8Array(sender.getPublicKey()); + return { publicKey, sharedKey }; } +var ecdh = /*#__PURE__*/Object.freeze({ + __proto__: null, + decrypt: decrypt$1, + encrypt: encrypt$1, + validateParams: validateParams$3 +}); + +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +var elliptic = /*#__PURE__*/Object.freeze({ + __proto__: null, + CurveWithOID: CurveWithOID, + ecdh: ecdh, + ecdhX: ecdh_x, + ecdsa: ecdsa, + eddsa: eddsa, + eddsaLegacy: eddsa_legacy, + generate: generate$1, + getPreferredHashAlgo: getPreferredHashAlgo$1 +}); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/* + TODO regarding the hash function, read: + https://tools.ietf.org/html/rfc4880#section-13.6 + https://tools.ietf.org/html/rfc4880#section-14 +*/ + +const _0n$7 = BigInt(0); +const _1n$9 = BigInt(1); + /** - * @module key/Subkey - * @private + * DSA Sign function + * @param {Integer} hashAlgo + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} x + * @returns {Promise<{ r: Uint8Array, s: Uint8Array }>} + * @async */ +async function sign$2(hashAlgo, hashed, g, p, q, x) { + const _0n = BigInt(0); + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + x = uint8ArrayToBigInt(x); + + let k; + let r; + let s; + let t; + g = mod$2(g, p); + x = mod$2(x, q); + // If the output size of the chosen hash is larger than the number of + // bits of q, the hash result is truncated to fit by taking the number + // of leftmost bits equal to the number of bits of q. This (possibly + // truncated) hash function result is treated as a number and used + // directly in the DSA signature algorithm. + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + // FIPS-186-4, section 4.6: + // The values of r and s shall be checked to determine if r = 0 or s = 0. + // If either r = 0 or s = 0, a new value of k shall be generated, and the + // signature shall be recalculated. It is extremely unlikely that r = 0 + // or s = 0 if signatures are generated properly. + while (true) { + // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + k = getRandomBigInteger(_1n$9, q); // returns in [1, q-1] + r = mod$2(modExp(g, k, p), q); // (g**k mod p) mod q + if (r === _0n) { + continue; + } + const xr = mod$2(x * r, q); + t = mod$2(h + xr, q); // H(m) + x*r mod q + s = mod$2(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q + if (s === _0n) { + continue; + } + break; + } + return { + r: bigIntToUint8Array(r, 'be', byteLength(p)), + s: bigIntToUint8Array(s, 'be', byteLength(p)) + }; +} /** - * Class that represents a subkey packet and the relevant signatures. - * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID - * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint - * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs - * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo - * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime - * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + * DSA Verify function + * @param {Integer} hashAlgo + * @param {Uint8Array} r + * @param {Uint8Array} s + * @param {Uint8Array} hashed + * @param {Uint8Array} g + * @param {Uint8Array} p + * @param {Uint8Array} q + * @param {Uint8Array} y + * @returns {boolean} + * @async */ -class Subkey { - /** - * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey - * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey - */ - constructor(subkeyPacket, mainKey) { - this.keyPacket = subkeyPacket; - this.bindingSignatures = []; - this.revocationSignatures = []; - this.mainKey = mainKey; - } +async function verify$2(hashAlgo, r, s, hashed, g, p, q, y) { + r = uint8ArrayToBigInt(r); + s = uint8ArrayToBigInt(s); - /** - * Transforms structured subkey data to packetlist - * @returns {PacketList} - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.bindingSignatures); - return packetlist; - } + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); - /** - * Shallow clone - * @return {Subkey} - */ - clone() { - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.bindingSignatures = [...this.bindingSignatures]; - subkey.revocationSignatures = [...this.revocationSignatures]; - return subkey; + if (r <= _0n$7 || r >= q || + s <= _0n$7 || s >= q) { + util.printDebug('invalid DSA Signature'); + return false; } - - /** - * Checks if a binding signature of a subkey is revoked - * @param {SignaturePacket} signature - The binding signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the binding signature is revoked. - * @async - */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - return isDataRevoked( - primaryKey, enums.signature.subkeyRevocation, { - key: primaryKey, - bind: this.keyPacket - }, this.revocationSignatures, signature, key, date, config$1 - ); + const h = mod$2(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q); + const w = modInv(s, q); // s**-1 mod q + if (w === _0n$7) { + util.printDebug('invalid DSA Signature'); + return false; } - /** - * Verify subkey. Checks for revocation signatures, expiration time - * and valid binding signature. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @throws {Error} if the subkey is invalid. - * @async - */ - async verify(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - // check subkey binding signatures - const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - // check binding signature is not revoked - if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { - throw new Error('Subkey is revoked'); - } - // check for expiration time - if (isDataExpired(this.keyPacket, bindingSignature, date)) { - throw new Error('Subkey is expired'); - } - return bindingSignature; + g = mod$2(g, p); + y = mod$2(y, p); + const u1 = mod$2(h * w, q); // H(m) * w mod q + const u2 = mod$2(r * w, q); // r * w mod q + const t1 = modExp(g, u1, p); // g**u1 mod p + const t2 = modExp(y, u2, p); // y**u2 mod p + const v = mod$2(mod$2(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q + return v === r; +} + +/** + * Validate DSA parameters + * @param {Uint8Array} p - DSA prime + * @param {Uint8Array} q - DSA group order + * @param {Uint8Array} g - DSA sub-group generator + * @param {Uint8Array} y - DSA public key + * @param {Uint8Array} x - DSA private key + * @returns {Promise} Whether params are valid. + * @async + */ +async function validateParams$2(p, q, g, y, x) { + p = uint8ArrayToBigInt(p); + q = uint8ArrayToBigInt(q); + g = uint8ArrayToBigInt(g); + y = uint8ArrayToBigInt(y); + // Check that 1 < g < p + if (g <= _1n$9 || g >= p) { + return false; } /** - * Returns the expiration time of the subkey or Infinity if key does not expire. - * Returns null if the subkey is invalid. - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async + * Check that subgroup order q divides p-1 */ - async getExpirationTime(date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - const dataToVerify = { key: primaryKey, bind: this.keyPacket }; - let bindingSignature; - try { - bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - } catch (e) { - return null; - } - const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); - const sigExpiry = bindingSignature.getExpirationTime(); - return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; + if (mod$2(p - _1n$9, q) !== _0n$7) { + return false; } /** - * Update subkey with new components from specified subkey - * @param {Subkey} subkey - Source subkey to merge - * @param {Date} [date] - Date to verify validity of signatures - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if update failed - * @async - */ - async update(subkey, date = new Date(), config$1 = config) { - const primaryKey = this.mainKey.keyPacket; - if (!this.hasSameFingerprintAs(subkey)) { - throw new Error('Subkey update method: fingerprints of subkeys not equal'); - } - // key packet - if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && - subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { - this.keyPacket = subkey.keyPacket; - } - // update missing binding signatures - const that = this; - const dataToVerify = { key: primaryKey, bind: that.keyPacket }; - await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { - for (let i = 0; i < that.bindingSignatures.length; i++) { - if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { - if (srcBindSig.created > that.bindingSignatures[i].created) { - that.bindingSignatures[i] = srcBindSig; - } - return false; - } - } - try { - await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); - return true; - } catch (e) { - return false; - } - }); - // revocation signatures - await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { - return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); - }); + * g has order q + * Check that g ** q = 1 mod p + */ + if (modExp(g, q, p) !== _1n$9) { + return false; } /** - * Revokes the subkey - * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New subkey with revocation signature. - * @async + * Check q is large and probably prime (we mainly want to avoid small factors) */ - async revoke( - primaryKey, - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - const dataToSign = { key: primaryKey, bind: this.keyPacket }; - const subkey = new Subkey(this.keyPacket, this.mainKey); - subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { - signatureType: enums.signature.subkeyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, false, config$1)); - await subkey.update(this); - return subkey; + const qSize = BigInt(bitLength(q)); + const _150n = BigInt(150); + if (qSize < _150n || !isProbablePrime(q, null, 32)) { + return false; } - hasSameFingerprintAs(other) { - return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + /** + * Re-derive public key y' = g ** x mod p + * Expect y == y' + * + * Blinded exponentiation computes g**{rq + x} to compare to y + */ + x = uint8ArrayToBigInt(x); + const _2n = BigInt(2); + const r = getRandomBigInteger(_2n << (qSize - _1n$9), _2n << qSize); // draw r of same size as q + const rqx = q * r + x; + if (y !== modExp(g, rqx, p)) { + return false; } + + return true; } -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { - Subkey.prototype[name] = - function() { - return this.keyPacket[name](); - }; +var dsa = /*#__PURE__*/Object.freeze({ + __proto__: null, + sign: sign$2, + validateParams: validateParams$2, + verify: verify$2 }); -// GPG4Browsers - An OpenPGP implementation in javascript - -// A key revocation certificate can contain the following packets -const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); -const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); -const keyPacketTags = new Set([ - enums.packet.publicKey, enums.packet.privateKey, - enums.packet.publicSubkey, enums.packet.privateSubkey -]); - /** - * Abstract class that represents an OpenPGP key. Must contain a primary key. - * Can contain additional subkeys, signatures, user ids, user attributes. - * @borrows PublicKeyPacket#getKeyID as Key#getKeyID - * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint - * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs - * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo - * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + * @fileoverview Asymmetric cryptography functions + * @module crypto/public_key */ -class Key { - /** - * Transforms packetlist to structured key data - * @param {PacketList} packetlist - The packets that form a key - * @param {Set} disallowedPackets - disallowed packet tags - */ - packetListToStructure(packetlist, disallowedPackets = new Set()) { - let user; - let primaryKeyID; - let subkey; - let ignoreUntil; - for (const packet of packetlist) { - if (packet instanceof UnparseablePacket) { - const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); - if (isUnparseableKeyPacket && !ignoreUntil) { - // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must - // discard all non-key packets that follow, until another (sub)key packet is found. - if (mainKeyPacketTags.has(packet.tag)) { - ignoreUntil = mainKeyPacketTags; - } else { - ignoreUntil = keyPacketTags; - } - } - continue; - } +var publicKey = { + /** @see module:crypto/public_key/rsa */ + rsa: rsa, + /** @see module:crypto/public_key/elgamal */ + elgamal: elgamal, + /** @see module:crypto/public_key/elliptic */ + elliptic: elliptic, + /** @see module:crypto/public_key/dsa */ + dsa: dsa +}; - const tag = packet.constructor.tag; - if (ignoreUntil) { - if (!ignoreUntil.has(tag)) continue; - ignoreUntil = null; - } - if (disallowedPackets.has(tag)) { - throw new Error(`Unexpected packet type: ${tag}`); - } - switch (tag) { - case enums.packet.publicKey: - case enums.packet.secretKey: - if (this.keyPacket) { - throw new Error('Key block contains multiple keys'); - } - this.keyPacket = packet; - primaryKeyID = this.getKeyID(); - if (!primaryKeyID) { - throw new Error('Missing Key ID'); - } - break; - case enums.packet.userID: - case enums.packet.userAttribute: - user = new User(packet, this); - this.users.push(user); - break; - case enums.packet.publicSubkey: - case enums.packet.secretSubkey: - user = null; - subkey = new Subkey(packet, this); - this.subkeys.push(subkey); - break; - case enums.packet.signature: - switch (packet.signatureType) { - case enums.signature.certGeneric: - case enums.signature.certPersona: - case enums.signature.certCasual: - case enums.signature.certPositive: - if (!user) { - util.printDebug('Dropping certification signatures without preceding user packet'); - continue; - } - if (packet.issuerKeyID.equals(primaryKeyID)) { - user.selfCertifications.push(packet); - } else { - user.otherCertifications.push(packet); - } - break; - case enums.signature.certRevocation: - if (user) { - user.revocationSignatures.push(packet); - } else { - this.directSignatures.push(packet); - } - break; - case enums.signature.key: - this.directSignatures.push(packet); - break; - case enums.signature.subkeyBinding: - if (!subkey) { - util.printDebug('Dropping subkey binding signature without preceding subkey packet'); - continue; - } - subkey.bindingSignatures.push(packet); - break; - case enums.signature.keyRevocation: - this.revocationSignatures.push(packet); - break; - case enums.signature.subkeyRevocation: - if (!subkey) { - util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); - continue; - } - subkey.revocationSignatures.push(packet); - break; - } - break; - } - } - } +/** + * @fileoverview Provides functions for asymmetric signing and signature verification + * @module crypto/signature + */ - /** - * Transforms structured key data to packetlist - * @returns {PacketList} The packets that form a key. - */ - toPacketList() { - const packetlist = new PacketList(); - packetlist.push(this.keyPacket); - packetlist.push(...this.revocationSignatures); - packetlist.push(...this.directSignatures); - this.users.map(user => packetlist.push(...user.toPacketList())); - this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); - return packetlist; - } - /** - * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. - * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. - * @returns {Promise} Clone of the key. - */ - clone(clonePrivateParams = false) { - const key = new this.constructor(this.toPacketList()); - if (clonePrivateParams) { - key.getKeys().forEach(k => { - // shallow clone the key packets - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - if (!k.keyPacket.isDecrypted()) return; - // deep clone the private params, which are cleared during encryption - const privateParams = {}; - Object.keys(k.keyPacket.privateParams).forEach(name => { - privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); - }); - k.keyPacket.privateParams = privateParams; - }); +/** + * Parse signature in binary form to get the parameters. + * The returned values are only padded for EdDSA, since in the other cases their expected length + * depends on the key params, hence we delegate the padding to the signature verification function. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * See {@link https://tools.ietf.org/html/rfc4880#section-5.2.2|RFC 4880 5.2.2.} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Uint8Array} signature - Data for which the signature was created + * @returns {Promise} True if signature is valid. + * @async + */ +function parseSignatureParams(algo, signature) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA signatures: + // - MPI of RSA signature value m**d mod n. + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + // The signature needs to be the same length as the public key modulo n. + // We pad s on signature verification, where we have access to n. + return { read, signatureParams: { s } }; + } + // Algorithm-Specific Fields for DSA or ECDSA signatures: + // - MPI of DSA or ECDSA value r. + // - MPI of DSA or ECDSA value s. + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + { + // If the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for legacy EdDSA signatures: + // - MPI of an EC point r. + // - EdDSA value s, in MPI, in the little endian representation + case enums.publicKey.eddsaLegacy: { + // Only Curve25519Legacy is supported (no Curve448Legacy), but the relevant checks are done on key parsing and signature + // verification: if the signature payload sizes are unexpected, we will throw on verification, + // where we also have access to the OID curve from the key. + const r = util.readMPI(signature.subarray(read)); read += r.length + 2; + const s = util.readMPI(signature.subarray(read)); read += s.length + 2; + return { read, signatureParams: { r, s } }; + } + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + // Algorithm-Specific Fields for Ed448 signatures: + // - 114 octets of the native signature + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const rsSize = 2 * publicKey.elliptic.eddsa.getPayloadSize(algo); + const RS = util.readExactSubarray(signature, read, read + rsSize); read += RS.length; + return { read, signatureParams: { RS } }; } - return key; - } - /** - * Returns an array containing all public or private subkeys matching keyID; - * If no keyID is given, returns all subkeys. - * @param {type/keyID} [keyID] - key ID to look for - * @returns {Array} array of subkeys - */ - getSubkeys(keyID = null) { - const subkeys = this.subkeys.filter(subkey => ( - !keyID || subkey.getKeyID().equals(keyID, true) - )); - return subkeys; + default: + throw new UnsupportedError('Unknown signature algorithm.'); } +} - /** - * Returns an array containing all public or private keys matching keyID. - * If no keyID is given, returns all keys, starting with the primary key. - * @param {type/keyid~KeyID} [keyID] - key ID to look for - * @returns {Array} array of keys - */ - getKeys(keyID = null) { - const keys = []; - if (!keyID || this.getKeyID().equals(keyID, true)) { - keys.push(this); +/** + * Verifies the signature provided for data using specified algorithms and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} signature - Named algorithm-specific signature parameters + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Data for which the signature was created + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} True if signature is valid. + * @async + */ +async function verify$1(algo, hashAlgo, signature, publicParams, data, hashed) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const s = util.leftPad(signature.s, n.length); // padding needed for webcrypto and node crypto + return publicKey.rsa.verify(hashAlgo, data, s, n, e, hashed); } - return keys.concat(this.getSubkeys(keyID)); + case enums.publicKey.dsa: { + const { g, p, q, y } = publicParams; + const { r, s } = signature; // no need to pad, since we always handle them as BigIntegers + return publicKey.dsa.verify(hashAlgo, r, s, hashed, g, p, q, y); + } + case enums.publicKey.ecdsa: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // padding needed for webcrypto + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicParams; + const curveSize = new publicKey.elliptic.CurveWithOID(oid).payloadSize; + // When dealing little-endian MPI data, we always need to left-pad it, as done with big-endian values: + // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 + const r = util.leftPad(signature.r, curveSize); + const s = util.leftPad(signature.s, curveSize); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, { r, s }, data, Q, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); } +} - /** - * Returns key IDs of all keys - * @returns {Array} - */ - getKeyIDs() { - return this.getKeys().map(key => key.getKeyID()); +/** + * Creates a signature on data using specified algorithms and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} + * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4} + * for public key and hash algorithms. + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {module:enums.hash} hashAlgo - Hash algorithm + * @param {Object} publicKeyParams - Algorithm-specific public and private key parameters + * @param {Object} privateKeyParams - Algorithm-specific public and private key parameters + * @param {Uint8Array} data - Data to be signed + * @param {Uint8Array} hashed - The hashed data + * @returns {Promise} Signature Object containing named signature parameters. + * @async + */ +async function sign$1(algo, hashAlgo, publicKeyParams, privateKeyParams, data, hashed) { + if (!publicKeyParams || !privateKeyParams) { + throw new Error('Missing key parameters'); } - - /** - * Returns userIDs - * @returns {Array} Array of userIDs. - */ - getUserIDs() { - return this.users.map(user => { - return user.userID ? user.userID.userID : null; - }).filter(userID => userID !== null); + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaSign: { + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + const s = await publicKey.rsa.sign(hashAlgo, data, n, e, d, p, q, u, hashed); + return { s }; + } + case enums.publicKey.dsa: { + const { g, p, q } = publicKeyParams; + const { x } = privateKeyParams; + return publicKey.dsa.sign(hashAlgo, hashed, g, p, q, x); + } + case enums.publicKey.elgamal: + throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); + case enums.publicKey.ecdsa: { + const { oid, Q } = publicKeyParams; + const { d } = privateKeyParams; + return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); + } + case enums.publicKey.eddsaLegacy: { + const { oid, Q } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); + } + default: + throw new Error('Unknown signature algorithm.'); } +} - /** - * Returns binary encoded key - * @returns {Uint8Array} Binary key. - */ - write() { - return this.toPacketList().write(); - } +var signature = /*#__PURE__*/Object.freeze({ + __proto__: null, + parseSignatureParams: parseSignatureParams, + sign: sign$1, + verify: verify$1 +}); - /** - * Returns last created key or key by given keyID that is available for signing and verification - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} signing key - * @throws if no valid signing key was found - * @async - */ - async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature( - subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 - ); - if (!isValidSigningKeyPacket(subkey.keyPacket, bindingSignature)) { - continue; - } - if (!bindingSignature.embeddedSignature) { - throw new Error('Missing embedded signature'); - } - // verify embedded signature - await getLatestValidSignature( - [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 - ); - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } catch (e) { - exception = e; - } - } - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - try { - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config$1)) { - checkKeyRequirements(primaryKey, config$1); - return this; - } - } catch (e) { - exception = e; + +class ECDHSymmetricKey { + constructor(data) { + if (data) { + this.data = data; } - throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); } /** - * Returns last created key or key by given keyID that is available for encryption or decryption - * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve - * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date - * @param {Object} [userID] - filter keys for the given user ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} encryption key - * @throws if no valid encryption key was found - * @async + * Read an ECDHSymmetricKey from an Uint8Array: + * - 1 octect for the length `l` + * - `l` octects of encoded session key data + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. */ - async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { - await this.verifyPrimaryKey(date, userID, config$1); - const primaryKey = this.keyPacket; - // V4: by convention subkeys are preferred for encryption service - const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); - let exception; - for (const subkey of subkeys) { - if (!keyID || subkey.getKeyID().equals(keyID)) { - try { - await subkey.verify(date, config$1); - const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; - const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidEncryptionKeyPacket(subkey.keyPacket, bindingSignature)) { - checkKeyRequirements(subkey.keyPacket, config$1); - return subkey; - } - } catch (e) { - exception = e; - } - } - } - - try { - // if no valid subkey for encryption, evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID)) && - isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) { - checkKeyRequirements(primaryKey, config$1); - return this; + read(bytes) { + if (bytes.length >= 1) { + const length = bytes[0]; + if (bytes.length >= 1 + length) { + this.data = bytes.subarray(1, 1 + length); + return 1 + this.data.length; } - } catch (e) { - exception = e; } - throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + throw new Error('Invalid symmetric key'); } /** - * Checks if a signature on a key is revoked - * @param {SignaturePacket} signature - The signature to verify - * @param {PublicSubkeyPacket| - * SecretSubkeyPacket| - * PublicKeyPacket| - * SecretKeyPacket} key, optional The key to verify the signature - * @param {Date} [date] - Use the given date for verification, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} True if the certificate is revoked. - * @async + * Write an ECDHSymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data */ - async isRevoked(signature, key, date = new Date(), config$1 = config) { - return isDataRevoked( - this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 - ); + write() { + return util.concatUint8Array([new Uint8Array([this.data.length]), this.data]); } +} - /** - * Verify primary key. Checks for revocation signatures, expiration time - * and valid self signature. Throws if the primary key is invalid. - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} If key verification failed - * @async - */ - async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - // check for key revocation signatures - if (await this.isRevoked(null, null, date, config$1)) { - throw new Error('Primary key is revoked'); - } - // check for valid, unrevoked, unexpired self signature - const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); - // check for expiration time in binding signatures - if (isDataExpired(primaryKey, selfCertification, date)) { - throw new Error('Primary key is expired'); - } - // check for expiration time in direct signatures - const directSignature = await getLatestValidSignature( - this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 - ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (directSignature && isDataExpired(primaryKey, directSignature, date)) { - throw new Error('Primary key is expired'); - } - } +/** + * Implementation of type KDF parameters + * + * {@link https://tools.ietf.org/html/rfc6637#section-7|RFC 6637 7}: + * A key derivation function (KDF) is necessary to implement the EC + * encryption. The Concatenation Key Derivation Function (Approved + * Alternative 1) [NIST-SP800-56A] with the KDF hash function that is + * SHA2-256 [FIPS-180-3] or stronger is REQUIRED. + * @module type/kdf_params + * @private + */ + +class KDFParams { /** - * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. - * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. - * @param {Object} [userID] - User ID to consider instead of the primary user - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} - * @async + * @param {enums.hash} hash - Hash algorithm + * @param {enums.symmetric} cipher - Symmetric algorithm */ - async getExpirationTime(userID, config$1 = config) { - let primaryKeyExpiry; - try { - const { selfCertification } = await this.getPrimaryUser(null, userID, config$1); - const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); - const selfSigExpiry = selfCertification.getExpirationTime(); - const directSignature = await getLatestValidSignature( - this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 - ).catch(() => {}); - if (directSignature) { - const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); - // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, - // causing a discountinous validy period for the key - primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); - } else { - primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; - } - } catch (e) { - primaryKeyExpiry = null; + constructor(data) { + if (data) { + const { hash, cipher } = data; + this.hash = hash; + this.cipher = cipher; + } else { + this.hash = null; + this.cipher = null; } - - return util.normalizeDate(primaryKeyExpiry); } - /** - * Returns primary user and most significant (latest valid) self signature - * - if multiple primary users exist, returns the one with the latest self signature - * - otherwise, returns the user with the latest self signature - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * user: User, - * selfCertification: SignaturePacket - * }>} The primary user and the self signature - * @async + * Read KDFParams from an Uint8Array + * @param {Uint8Array} input - Where to read the KDFParams from + * @returns {Number} Number of read bytes. */ - async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const users = []; - let exception; - for (let i = 0; i < this.users.length; i++) { - try { - const user = this.users[i]; - if (!user.userID) { - continue; - } - if ( - (userID.name !== undefined && user.userID.name !== userID.name) || - (userID.email !== undefined && user.userID.email !== userID.email) || - (userID.comment !== undefined && user.userID.comment !== userID.comment) - ) { - throw new Error('Could not find user that matches that user ID'); - } - const dataToVerify = { userID: user.userID, key: primaryKey }; - const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); - users.push({ index: i, user, selfCertification }); - } catch (e) { - exception = e; - } - } - if (!users.length) { - throw exception || new Error('Could not find primary user'); - } - await Promise.all(users.map(async function (a) { - return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); - })); - // sort by primary user flag and signature creation time - const primaryUser = users.sort(function(a, b) { - const A = a.selfCertification; - const B = b.selfCertification; - return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; - }).pop(); - const { user, selfCertification: cert } = primaryUser; - if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { - throw new Error('Primary user is revoked'); + read(input) { + if (input.length < 4 || input[0] !== 3 || input[1] !== 1) { + throw new UnsupportedError('Cannot read KDFParams'); } - return primaryUser; + this.hash = input[2]; + this.cipher = input[3]; + return 4; } /** - * Update key with new components from specified key with same key ID: - * users, subkeys, certificates are merged into the destination key, - * duplicates and expired signatures are ignored. - * - * If the source key is a private key and the destination key is public, - * a private key is returned. - * @param {Key} sourceKey - Source key to merge - * @param {Date} [date] - Date to verify validity of signatures and keys - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} updated key - * @async + * Write KDFParams to an Uint8Array + * @returns {Uint8Array} Array with the KDFParams value */ - async update(sourceKey, date = new Date(), config$1 = config) { - if (!this.hasSameFingerprintAs(sourceKey)) { - throw new Error('Primary key fingerprints must be equal to update the key'); - } - if (!this.isPrivate() && sourceKey.isPrivate()) { - // check for equal subkey packets - const equal = (this.subkeys.length === sourceKey.subkeys.length) && - (this.subkeys.every(destSubkey => { - return sourceKey.subkeys.some(srcSubkey => { - return destSubkey.hasSameFingerprintAs(srcSubkey); - }); - })); - if (!equal) { - throw new Error('Cannot update public key with private key if subkeys mismatch'); - } + write() { + return new Uint8Array([3, 1, this.hash, this.cipher]); + } +} - return sourceKey.update(this, config$1); - } - // from here on, either: - // - destination key is private, source key is public - // - the keys are of the same type - // hence we don't need to convert the destination key type - const updatedKey = this.clone(); - // revocation signatures - await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { - return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); - }); - // direct signatures - await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); - // update users - await Promise.all(sourceKey.users.map(async srcUser => { - // multiple users with the same ID/attribute are not explicitly disallowed by the spec - // hence we support them, just in case - const usersToUpdate = updatedKey.users.filter(dstUser => ( - (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || - (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) - )); - if (usersToUpdate.length > 0) { - await Promise.all( - usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) - ); - } else { - const newUser = srcUser.clone(); - newUser.mainKey = updatedKey; - updatedKey.users.push(newUser); - } - })); - // update subkeys - await Promise.all(sourceKey.subkeys.map(async srcSubkey => { - // multiple subkeys with same fingerprint might be preset - const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( - dstSubkey.hasSameFingerprintAs(srcSubkey) - )); - if (subkeysToUpdate.length > 0) { - await Promise.all( - subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) - ); - } else { - const newSubkey = srcSubkey.clone(); - newSubkey.mainKey = updatedKey; - updatedKey.subkeys.push(newSubkey); - } - })); +/** + * Encoded symmetric key for x25519 and x448 + * The payload format varies for v3 and v6 PKESK: + * the former includes an algorithm byte preceeding the encrypted session key. + * + * @module type/x25519x448_symkey + */ - return updatedKey; + +class ECDHXSymmetricKey { + static fromObject({ wrappedKey, algorithm }) { + const instance = new ECDHXSymmetricKey(); + instance.wrappedKey = wrappedKey; + instance.algorithm = algorithm; + return instance; } /** - * Get revocation certificate from a revoked key. - * (To get a revocation certificate for an unrevoked key, call revoke() first.) - * @param {Date} date - Use the given date instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Armored revocation certificate. - * @async + * - 1 octect for the length `l` + * - `l` octects of encoded session key data (with optional leading algorithm byte) + * @param {Uint8Array} bytes + * @returns {Number} Number of read bytes. */ - async getRevocationCertificate(date = new Date(), config$1 = config) { - const dataToVerify = { key: this.keyPacket }; - const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); - const packetlist = new PacketList(); - packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); + read(bytes) { + let read = 0; + let followLength = bytes[read++]; + this.algorithm = followLength % 2 ? bytes[read++] : null; // session key size is always even + followLength -= followLength % 2; + this.wrappedKey = util.readExactSubarray(bytes, read, read + followLength); read += followLength; } /** - * Applies a revocation certificate to a key - * This adds the first signature packet in the armored text to the key, - * if it is a valid revocation signature. - * @param {String} revocationCertificate - armored revocation certificate - * @param {Date} [date] - Date to verify the certificate - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Revoked key. - * @async + * Write an MontgomerySymmetricKey as an Uint8Array + * @returns {Uint8Array} Serialised data */ - async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { - const input = await unarmor(revocationCertificate, config$1); - const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); - const revocationSignature = packetlist.findPacket(enums.packet.signature); - if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { - throw new Error('Could not find revocation signature packet'); + write() { + return util.concatUint8Array([ + this.algorithm ? + new Uint8Array([this.wrappedKey.length + 1, this.algorithm]) : + new Uint8Array([this.wrappedKey.length]), + this.wrappedKey + ]); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Encrypts data using specified algorithm and public key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms. + * @param {module:enums.publicKey} keyAlgo - Public key algorithm + * @param {module:enums.symmetric|null} symmetricAlgo - Cipher algorithm (v3 only) + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Uint8Array} data - Session key data to be encrypted + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @returns {Promise} Encrypted session key parameters. + * @async + */ +async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, data, fingerprint) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const { n, e } = publicParams; + const c = await publicKey.rsa.encrypt(data, n, e); + return { c }; } - if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { - throw new Error('Revocation signature does not match key'); + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + return publicKey.elgamal.encrypt(data, p, g, y); } - try { - await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); - } catch (e) { - throw util.wrapError('Could not verify revocation signature', e); + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicParams; + const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt( + oid, kdfParams, data, Q, fingerprint); + return { V, C: new ECDHSymmetricKey(C) }; } - const key = this.clone(); - key.revocationSignatures.push(revocationSignature); - return key; + case enums.publicKey.x25519: + case enums.publicKey.x448: { + if (symmetricAlgo && !util.isAES(symmetricAlgo)) { + // see https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/276 + throw new Error('X25519 and X448 keys can only encrypt AES session keys'); + } + const { A } = publicParams; + const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt( + keyAlgo, data, A); + const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey }); + return { ephemeralPublicKey, C }; + } + default: + return []; } +} - /** - * Signs primary user of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signPrimaryUser(privateKeys, date, userID, config$1 = config) { - const { index, user } = await this.getPrimaryUser(date, userID, config$1); - const userSign = await user.certify(privateKeys, date, config$1); - const key = this.clone(); - key.users[index] = userSign; - return key; +/** + * Decrypts data using specified algorithm and private key parameters. + * See {@link https://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 5.5.3} + * @param {module:enums.publicKey} algo - Public key algorithm + * @param {Object} publicKeyParams - Algorithm-specific public key parameters + * @param {Object} privateKeyParams - Algorithm-specific private key parameters + * @param {Object} sessionKeyParams - Encrypted session key parameters + * @param {Uint8Array} fingerprint - Recipient fingerprint + * @param {Uint8Array} [randomPayload] - Data to return on decryption error, instead of throwing + * (needed for constant-time processing in RSA and ElGamal) + * @returns {Promise} Decrypted data. + * @throws {Error} on sensitive decryption error, unless `randomPayload` is given + * @async + */ +async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams, sessionKeyParams, fingerprint, randomPayload) { + switch (algo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: { + const { c } = sessionKeyParams; + const { n, e } = publicKeyParams; + const { d, p, q, u } = privateKeyParams; + return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload); + } + case enums.publicKey.elgamal: { + const { c1, c2 } = sessionKeyParams; + const p = publicKeyParams.p; + const x = privateKeyParams.x; + return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload); + } + case enums.publicKey.ecdh: { + const { oid, Q, kdfParams } = publicKeyParams; + const { d } = privateKeyParams; + const { V, C } = sessionKeyParams; + return publicKey.elliptic.ecdh.decrypt( + oid, kdfParams, V, C.data, Q, d, fingerprint); + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicKeyParams; + const { k } = privateKeyParams; + const { ephemeralPublicKey, C } = sessionKeyParams; + if (C.algorithm !== null && !util.isAES(C.algorithm)) { + throw new Error('AES session key expected'); + } + return publicKey.elliptic.ecdhX.decrypt( + algo, ephemeralPublicKey, C.wrappedKey, A, k); + } + default: + throw new Error('Unknown public key encryption algorithm.'); + } +} + +/** + * Parse public key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {{ read: Number, publicParams: Object }} Number of read bytes plus key parameters referenced by name. + */ +function parsePublicKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const n = util.readMPI(bytes.subarray(read)); read += n.length + 2; + const e = util.readMPI(bytes.subarray(read)); read += e.length + 2; + return { read, publicParams: { n, e } }; + } + case enums.publicKey.dsa: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, q, g, y } }; + } + case enums.publicKey.elgamal: { + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const g = util.readMPI(bytes.subarray(read)); read += g.length + 2; + const y = util.readMPI(bytes.subarray(read)); read += y.length + 2; + return { read, publicParams: { p, g, y } }; + } + case enums.publicKey.ecdsa: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.eddsaLegacy: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + if (oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + Q = util.leftPad(Q, 33); + return { read: read, publicParams: { oid, Q } }; + } + case enums.publicKey.ecdh: { + const oid = new OID(); read += oid.read(bytes); + checkSupportedCurve(oid); + const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; + const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); + return { read: read, publicParams: { oid, Q, kdfParams } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const A = util.readExactSubarray(bytes, read, read + getCurvePayloadSize(algo)); read += A.length; + return { read, publicParams: { A } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); + } +} + +/** + * Parse private key material in binary form to get the key parameters + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @param {Object} publicParams - (ECC only) public params, needed to format some private params + * @returns {{ read: Number, privateParams: Object }} Number of read bytes plus the key parameters referenced by name. + */ +function parsePrivateKeyParams(algo, bytes, publicParams) { + let read = 0; + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + const p = util.readMPI(bytes.subarray(read)); read += p.length + 2; + const q = util.readMPI(bytes.subarray(read)); read += q.length + 2; + const u = util.readMPI(bytes.subarray(read)); read += u.length + 2; + return { read, privateParams: { d, p, q, u } }; + } + case enums.publicKey.dsa: + case enums.publicKey.elgamal: { + const x = util.readMPI(bytes.subarray(read)); read += x.length + 2; + return { read, privateParams: { x } }; + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + let d = util.readMPI(bytes.subarray(read)); read += d.length + 2; + d = util.leftPad(d, payloadSize); + return { read, privateParams: { d } }; + } + case enums.publicKey.eddsaLegacy: { + const payloadSize = getCurvePayloadSize(algo, publicParams.oid); + if (publicParams.oid.getName() !== enums.curve.ed25519Legacy) { + throw new Error('Unexpected OID for eddsaLegacy'); + } + let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; + seed = util.leftPad(seed, payloadSize); + return { read, privateParams: { seed } }; + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const payloadSize = getCurvePayloadSize(algo); + const seed = util.readExactSubarray(bytes, read, read + payloadSize); read += seed.length; + return { read, privateParams: { seed } }; + } + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const payloadSize = getCurvePayloadSize(algo); + const k = util.readExactSubarray(bytes, read, read + payloadSize); read += k.length; + return { read, privateParams: { k } }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } +} - /** - * Signs all users of key - * @param {Array} privateKeys - decrypted private keys for signing - * @param {Date} [date] - Use the given date for signing, instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} Key with new certificate signature. - * @async - */ - async signAllUsers(privateKeys, date = new Date(), config$1 = config) { - const key = this.clone(); - key.users = await Promise.all(this.users.map(function(user) { - return user.certify(privateKeys, date, config$1); - })); - return key; - } +/** Returns the types comprising the encrypted session key of an algorithm + * @param {module:enums.publicKey} algo - The key algorithm + * @param {Uint8Array} bytes - The key material to parse + * @returns {Object} The session key parameters referenced by name. + */ +function parseEncSessionKeyParams(algo, bytes) { + let read = 0; + switch (algo) { + // Algorithm-Specific Fields for RSA encrypted session keys: + // - MPI of RSA encrypted value m**e mod n. + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: { + const c = util.readMPI(bytes.subarray(read)); + return { c }; + } - /** - * Verifies primary user of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [userID] - User ID to get instead of the primary user, if it exists - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { - const primaryKey = this.keyPacket; - const { user } = await this.getPrimaryUser(date, userID, config$1); - const results = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - return results; + // Algorithm-Specific Fields for Elgamal encrypted session keys: + // - MPI of Elgamal value g**k mod p + // - MPI of Elgamal value m * y**k mod p + case enums.publicKey.elgamal: { + const c1 = util.readMPI(bytes.subarray(read)); read += c1.length + 2; + const c2 = util.readMPI(bytes.subarray(read)); + return { c1, c2 }; + } + // Algorithm-Specific Fields for ECDH encrypted session keys: + // - MPI containing the ephemeral key used to establish the shared secret + // - ECDH Symmetric Key + case enums.publicKey.ecdh: { + const V = util.readMPI(bytes.subarray(read)); read += V.length + 2; + const C = new ECDHSymmetricKey(); C.read(bytes.subarray(read)); + return { V, C }; + } + // Algorithm-Specific Fields for X25519 or X448 encrypted session keys: + // - 32 octets representing an ephemeral X25519 public key (or 57 octets for X448). + // - A one-octet size of the following fields. + // - The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). + // - The encrypted session key. + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const pointSize = getCurvePayloadSize(algo); + const ephemeralPublicKey = util.readExactSubarray(bytes, read, read + pointSize); read += ephemeralPublicKey.length; + const C = new ECDHXSymmetricKey(); C.read(bytes.subarray(read)); + return { ephemeralPublicKey, C }; + } + default: + throw new UnsupportedError('Unknown public key encryption algorithm.'); } +} - /** - * Verifies all users of key - * - if no arguments are given, verifies the self certificates; - * - otherwise, verifies all certificates signed with given keys. - * @param {Array} [verificationKeys] - array of keys to verify certificate signatures - * @param {Date} [date] - Use the given date for verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} List of userID, signer's keyID and validity of signature. - * Signature validity is null if the verification keys do not correspond to the certificate. - * @async - */ - async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { - const primaryKey = this.keyPacket; - const results = []; - await Promise.all(this.users.map(async user => { - const signatures = verificationKeys ? - await user.verifyAllCertifications(verificationKeys, date, config$1) : - [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; +/** + * Convert params to MPI and serializes them in the proper order + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} params - The key parameters indexed by name + * @returns {Uint8Array} The array containing the MPIs. + */ +function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([ + enums.publicKey.ed25519, + enums.publicKey.x25519, + enums.publicKey.ed448, + enums.publicKey.x448 + ]); + const orderedParams = Object.keys(params).map(name => { + const param = params[name]; + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); + }); + return util.concatUint8Array(orderedParams); +} - results.push(...signatures.map( - signature => ({ - userID: user.userID ? user.userID.userID : null, - userAttribute: user.userAttribute, - keyID: signature.keyID, - valid: signature.valid - })) - ); - })); - return results; +/** + * Generate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Integer} bits - Bit length for RSA keys + * @param {module:type/oid} oid - Object identifier for ECC keys + * @returns {Promise<{ publicParams: {Object}, privateParams: {Object} }>} The parameters referenced by name. + * @async + */ +function generateParams(algo, bits, oid) { + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({ + privateParams: { d, p, q, u }, + publicParams: { n, e } + })); + case enums.publicKey.ecdsa: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { d: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ + privateParams: { seed: secret }, + publicParams: { oid: new OID(oid), Q } + })); + case enums.publicKey.ecdh: + return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({ + privateParams: { d: secret }, + publicParams: { + oid: new OID(oid), + Q, + kdfParams: new KDFParams({ hash, cipher }) + } + })); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({ + privateParams: { k }, + publicParams: { A } + })); + case enums.publicKey.dsa: + case enums.publicKey.elgamal: + throw new Error('Unsupported algorithm for key generation.'); + default: + throw new Error('Unknown public key algorithm.'); } } -['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { - Key.prototype[name] = - Subkey.prototype[name]; -}); - -// This library is free software; you can redistribute it and/or - /** - * Class that represents an OpenPGP Public Key + * Validate algorithm-specific key parameters + * @param {module:enums.publicKey} algo - The public key algorithm + * @param {Object} publicParams - Algorithm-specific public key parameters + * @param {Object} privateParams - Algorithm-specific private key parameters + * @returns {Promise} Whether the parameters are valid. + * @async */ -class PublicKey extends Key { - /** - * @param {PacketList} packetlist - The packets that form this key - */ - constructor(packetlist) { - super(); - this.keyPacket = null; - this.revocationSignatures = []; - this.directSignatures = []; - this.users = []; - this.subkeys = []; - if (packetlist) { - this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing public-key packet'); - } +async function validateParams$1(algo, publicParams, privateParams) { + if (!publicParams || !privateParams) { + throw new Error('Missing key parameters'); + } + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: { + const { n, e } = publicParams; + const { d, p, q, u } = privateParams; + return publicKey.rsa.validateParams(n, e, d, p, q, u); + } + case enums.publicKey.dsa: { + const { p, q, g, y } = publicParams; + const { x } = privateParams; + return publicKey.dsa.validateParams(p, q, g, y, x); + } + case enums.publicKey.elgamal: { + const { p, g, y } = publicParams; + const { x } = privateParams; + return publicKey.elgamal.validateParams(p, g, y, x); + } + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: { + const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)]; + const { oid, Q } = publicParams; + const { d } = privateParams; + return algoModule.validateParams(oid, Q, d); + } + case enums.publicKey.eddsaLegacy: { + const { Q, oid } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: + case enums.publicKey.ed448: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); } - } - - /** - * Returns true if this is a private key - * @returns {false} - */ - isPrivate() { - return false; - } - - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - return this; - } - - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const { A } = publicParams; + const { k } = privateParams; + return publicKey.elliptic.ecdhX.validateParams(algo, A, k); + } + default: + throw new Error('Unknown public key algorithm.'); } } /** - * Class that represents an OpenPGP Private key + * Generates a random byte prefix for the specified algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Promise} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated. + * @async */ -class PrivateKey extends PublicKey { - /** - * @param {PacketList} packetlist - The packets that form this key +async function getPrefixRandom(algo) { + const { blockSize } = getCipherParams(algo); + const prefixrandom = await getRandomBytes(blockSize); + const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]); + return util.concat([prefixrandom, repeat]); +} + +/** + * Generating a session key for the specified symmetric algorithm + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} algo - Symmetric encryption algorithm + * @returns {Uint8Array} Random bytes as a string to be used as a key. */ - constructor(packetlist) { - super(); - this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); - if (!this.keyPacket) { - throw new Error('Invalid key: missing private-key packet'); - } - } +function generateSessionKey$1(algo) { + const { keySize } = getCipherParams(algo); + return getRandomBytes(keySize); +} - /** - * Returns true if this is a private key - * @returns {Boolean} - */ - isPrivate() { - return true; - } +/** + * Get implementation of the given AEAD mode + * @param {enums.aead} algo + * @returns {Object} + * @throws {Error} on invalid algo + */ +function getAEADMode(algo) { + const algoName = enums.read(enums.aead, algo); + return mode[algoName]; +} - /** - * Returns key as public key (shallow copy) - * @returns {PublicKey} New public Key - */ - toPublic() { - const packetlist = new PacketList(); - const keyPackets = this.toPacketList(); - for (const keyPacket of keyPackets) { - switch (keyPacket.constructor.tag) { - case enums.packet.secretKey: { - const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); - packetlist.push(pubKeyPacket); - break; - } - case enums.packet.secretSubkey: { - const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); - packetlist.push(pubSubkeyPacket); - break; - } - default: - packetlist.push(keyPacket); - } - } - return new PublicKey(packetlist); +/** + * Check whether the given curve OID is supported + * @param {module:type/oid} oid - EC object identifier + * @throws {UnsupportedError} if curve is not supported + */ +function checkSupportedCurve(oid) { + try { + oid.getName(); + } catch (e) { + throw new UnsupportedError('Unknown curve OID'); } +} - /** - * Returns ASCII armored text of key - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config$1); +/** + * Get encoded secret size for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getCurvePayloadSize(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.ecdh: + case enums.publicKey.eddsaLegacy: + return new publicKey.elliptic.CurveWithOID(oid).payloadSize; + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPayloadSize(algo); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return publicKey.elliptic.ecdhX.getPayloadSize(algo); + default: + throw new Error('Unknown elliptic algo'); } +} - /** - * Returns all keys that are available for decryption, matching the keyID when given - * This is useful to retrieve keys for session key decryption - * @param {module:type/keyid~KeyID} keyID, optional - * @param {Date} date, optional - * @param {String} userID, optional - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} Array of decryption keys. - * @async - */ - async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { - const primaryKey = this.keyPacket; - const keys = []; - for (let i = 0; i < this.subkeys.length; i++) { - if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { - try { - const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; - const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); - if (isValidDecryptionKeyPacket(bindingSignature, config$1)) { - keys.push(this.subkeys[i]); - } - } catch (e) {} - } - } - - // evaluate primary key - const primaryUser = await this.getPrimaryUser(date, userID, config$1); - if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && - isValidDecryptionKeyPacket(primaryUser.selfCertification, config$1)) { - keys.push(this); - } - - return keys; +/** + * Get preferred signing hash algo for a given elliptic algo + * @param {module:enums.publicKey} algo - alrogithm identifier + * @param {module:type/oid} [oid] - curve OID if needed by algo + */ +function getPreferredCurveHashAlgo(algo, oid) { + switch (algo) { + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return publicKey.elliptic.getPreferredHashAlgo(oid); + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo); + default: + throw new Error('Unknown elliptic signing algo'); } +} - /** - * Returns true if the primary key or any subkey is decrypted. - * A dummy key is considered encrypted. - */ - isDecrypted() { - return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); - } +var crypto$2 = /*#__PURE__*/Object.freeze({ + __proto__: null, + generateParams: generateParams, + generateSessionKey: generateSessionKey$1, + getAEADMode: getAEADMode, + getCipherParams: getCipherParams, + getCurvePayloadSize: getCurvePayloadSize, + getPreferredCurveHashAlgo: getPreferredCurveHashAlgo, + getPrefixRandom: getPrefixRandom, + parseEncSessionKeyParams: parseEncSessionKeyParams, + parsePrivateKeyParams: parsePrivateKeyParams, + parsePublicKeyParams: parsePublicKeyParams, + publicKeyDecrypt: publicKeyDecrypt, + publicKeyEncrypt: publicKeyEncrypt, + serializeParams: serializeParams, + validateParams: validateParams$1 +}); - /** - * Check whether the private and public primary key parameters correspond - * Together with verification of binding signatures, this guarantees key integrity - * In case of gnu-dummy primary key, it is enough to validate any signing subkeys - * otherwise all encryption subkeys are validated - * If only gnu-dummy keys are found, we cannot properly validate so we throw an error - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if validation was not successful and the key cannot be trusted - * @async - */ - async validate(config$1 = config) { - if (!this.isPrivate()) { - throw new Error('Cannot validate a public key'); - } +/** + * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js + * @see module:crypto/crypto + * @see module:crypto/signature + * @see module:crypto/public_key + * @see module:crypto/cipher + * @see module:crypto/random + * @see module:crypto/hash + * @module crypto + */ - let signingKeyPacket; - if (!this.keyPacket.isDummy()) { - signingKeyPacket = this.keyPacket; - } else { - /** - * It is enough to validate any signing keys - * since its binding signatures are also checked - */ - const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); - // This could again be a dummy key - if (signingKey && !signingKey.keyPacket.isDummy()) { - signingKeyPacket = signingKey.keyPacket; - } - } - if (signingKeyPacket) { - return signingKeyPacket.validate(); - } else { - const keys = this.getKeys(); - const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); - if (allDummies) { - throw new Error('Cannot validate an all-gnu-dummy key'); - } +// TODO move cfb and gcm to cipher +const mod$1 = { + /** @see module:crypto/cipher */ + cipher: cipher, + /** @see module:crypto/hash */ + hash: hash$1, + /** @see module:crypto/mode */ + mode: mode, + /** @see module:crypto/public_key */ + publicKey: publicKey, + /** @see module:crypto/signature */ + signature: signature, + /** @see module:crypto/random */ + random: random, + /** @see module:crypto/pkcs1 */ + pkcs1: pkcs1, + /** @see module:crypto/pkcs5 */ + pkcs5: pkcs5, + /** @see module:crypto/aes_kw */ + aesKW: aesKW +}; - return Promise.all(keys.map(async key => key.keyPacket.validate())); +Object.assign(mod$1, crypto$2); + +const ARGON2_TYPE = 0x02; // id +const ARGON2_VERSION = 0x13; +const ARGON2_SALT_SIZE = 16; + +class Argon2OutOfMemoryError extends Error { + constructor(...params) { + super(...params); + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, Argon2OutOfMemoryError); } - } - /** - * Clear private key parameters - */ - clearPrivateParams() { - this.getKeys().forEach(({ keyPacket }) => { - if (keyPacket.isDecrypted()) { - keyPacket.clearPrivateParams(); - } - }); + this.name = 'Argon2OutOfMemoryError'; } +} +// cache argon wasm module +let loadArgonWasmModule; +let argon2Promise; +// reload wasm module above this treshold, to deallocated used memory +const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19; + +class Argon2S2K { /** - * Revokes the key - * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation - * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation - * @param {Date} date - optional, override the creationtime of the revocation signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New key with revocation signature. - * @async - */ - async revoke( - { - flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, - string: reasonForRevocationString = '' - } = {}, - date = new Date(), - config$1 = config - ) { - if (!this.isPrivate()) { - throw new Error('Need private key for revoking'); - } - const dataToSign = { key: this.keyPacket }; - const key = this.clone(); - key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.keyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), - reasonForRevocationString - }, date, undefined, undefined, undefined, config$1)); - return key; + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params; + + this.type = 'argon2'; + /** + * 16 bytes of salt + * @type {Uint8Array} + */ + this.salt = null; + /** + * number of passes + * @type {Integer} + */ + this.t = passes; + /** + * degree of parallelism (lanes) + * @type {Integer} + */ + this.p = parallelism; + /** + * exponent indicating memory size + * @type {Integer} + */ + this.encodedM = memoryExponent; } + generateSalt() { + this.salt = mod$1.random.getRandomBytes(ARGON2_SALT_SIZE); + } /** - * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. - * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. - * @param {ecc|rsa} options.type The subkey algorithm: ECC or RSA - * @param {String} options.curve (optional) Elliptic curve for ECC keys - * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date (optional) Override the creation date of the key and the key signatures - * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false - * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} - * @async - */ - async addSubkey(options = {}) { - const config$1 = { ...config, ...options.config }; - if (options.passphrase) { - throw new Error('Subkey could not be encrypted here, please encrypt whole key'); - } - if (options.rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); - } - const secretKeyPacket = this.keyPacket; - if (secretKeyPacket.isDummy()) { - throw new Error('Cannot add subkey to gnu-dummy primary key'); - } - if (!secretKeyPacket.isDecrypted()) { - throw new Error('Key is not decrypted'); - } - const defaultOptions = secretKeyPacket.getAlgorithmInfo(); - defaultOptions.type = defaultOptions.curve ? 'ecc' : 'rsa'; // DSA keys default to RSA - defaultOptions.rsaBits = defaultOptions.bits || 4096; - defaultOptions.curve = defaultOptions.curve || 'curve25519'; - options = sanitizeKeyOptions(options, defaultOptions); - const keyPacket = await generateSecretSubkey(options); - checkKeyRequirements(keyPacket, config$1); - const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); - const packetList = this.toPacketList(); - packetList.push(keyPacket, bindingSignature); - return new PrivateKey(packetList); - } -} + * Parsing function for argon2 string-to-key specifier. + * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; -// OpenPGP.js - An OpenPGP implementation in javascript + this.salt = bytes.subarray(i, i + 16); + i += 16; -// A Key can contain the following packets -const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ - PublicKeyPacket, - PublicSubkeyPacket, - SecretKeyPacket, - SecretSubkeyPacket, - UserIDPacket, - UserAttributePacket, - SignaturePacket -]); + this.t = bytes[i++]; + this.p = bytes[i++]; + this.encodedM = bytes[i++]; // memory size exponent, one-octect -/** - * Creates a PublicKey or PrivateKey depending on the packetlist in input - * @param {PacketList} - packets to parse - * @return {Key} parsed key - * @throws if no key packet was found - */ -function createKey(packetlist) { - for (const packet of packetlist) { - switch (packet.constructor.tag) { - case enums.packet.secretKey: - return new PrivateKey(packetlist); - case enums.packet.publicKey: - return new PublicKey(packetlist); - } + return i; } - throw new Error('No key packet found'); -} + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + const arr = [ + new Uint8Array([enums.write(enums.s2k, this.type)]), + this.salt, + new Uint8Array([this.t, this.p, this.encodedM]) + ]; -/** - * Generates a new OpenPGP key. Supports RSA and ECC keys. - * By default, primary and subkeys will be of same type. - * @param {ecc|rsa} options.type The primary key algorithm type: ECC or RSA - * @param {String} options.curve Elliptic curve for ECC keys - * @param {Integer} options.rsaBits Number of bits for RSA keys - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Creation date of the key and the key signatures - * @param {Object} config - Full configuration - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ -async function generate$4(options, config) { - options.sign = true; // primary key is always a signing key - options = sanitizeKeyOptions(options); - options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); - let promises = [generateSecretKey(options, config)]; - promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); - const packets = await Promise.all(promises); + return util.concatUint8Array(arr); + } - const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; -} + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to `keySize` + * @throws {Argon2OutOfMemoryError|Errors} + * @async + */ + async produceKey(passphrase, keySize) { + const decodedM = 2 << (this.encodedM - 1); -/** - * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. - * @param {PrivateKey} options.privateKey The private key to reformat - * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } - * @param {String} options.passphrase Passphrase used to encrypt the resulting private key - * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires - * @param {Date} options.date Override the creation date of the key signatures - * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] - * @param {Object} config - Full configuration - * - * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} - * @async - * @static - * @private - */ -async function reformat(options, config) { - options = sanitize(options); - const { privateKey } = options; + try { + // on first load, the argon2 lib is imported and the WASM module is initialized. + // the two steps need to be atomic to avoid race conditions causing multiple wasm modules + // being loaded when `argon2Promise` is not initialized. + loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index$1; })).default; + argon2Promise = argon2Promise || loadArgonWasmModule(); + + // important to keep local ref to argon2 in case the module is reloaded by another instance + const argon2 = await argon2Promise; + + const passwordBytes = util.encodeUTF8(passphrase); + const hash = argon2({ + version: ARGON2_VERSION, + type: ARGON2_TYPE, + password: passwordBytes, + salt: this.salt, + tagLength: keySize, + memorySize: decodedM, + parallelism: this.p, + passes: this.t + }); - if (!privateKey.isPrivate()) { - throw new Error('Cannot reformat a public key'); + // a lot of memory was used, reload to deallocate + if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) { + // it will be awaited if needed at the next `produceKey` invocation + argon2Promise = loadArgonWasmModule(); + argon2Promise.catch(() => {}); + } + return hash; + } catch (e) { + if (e.message && ( + e.message.includes('Unable to grow instance memory') || // Chrome + e.message.includes('failed to grow memory') || // Firefox + e.message.includes('WebAssembly.Memory.grow') || // Safari + e.message.includes('Out of memory') // Safari iOS + )) { + throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2'); + } else { + throw e; + } + } } +} - if (privateKey.keyPacket.isDummy()) { - throw new Error('Cannot reformat a gnu-dummy primary key'); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +class GenericS2K { + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(s2kType, config$1 = config) { + /** + * Hash function identifier, or 0 for gnu-dummy keys + * @type {module:enums.hash | 0} + */ + this.algorithm = enums.hash.sha256; + /** + * enums.s2k identifier or 'gnu-dummy' + * @type {String} + */ + this.type = enums.read(enums.s2k, s2kType); + /** @type {Integer} */ + this.c = config$1.s2kIterationCountByte; + /** Eight bytes of salt in a binary string. + * @type {Uint8Array} + */ + this.salt = null; } - const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); - if (!isDecrypted) { - throw new Error('Key is not decrypted'); + generateSalt() { + switch (this.type) { + case 'salted': + case 'iterated': + this.salt = mod$1.random.getRandomBytes(8); + } } - const secretKeyPacket = privateKey.keyPacket; + getCount() { + // Exponent bias, defined in RFC4880 + const expbias = 6; - if (!options.subkeys) { - options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { - const secretSubkeyPacket = subkey.keyPacket; - const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; - const bindingSignature = await ( - getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) - ).catch(() => ({})); - return { - sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) - }; - })); + return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); } - const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); - if (options.subkeys.length !== secretSubkeyPackets.length) { - throw new Error('Number of subkey options does not match number of subkeys'); - } + /** + * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). + * @param {Uint8Array} bytes - Payload of string-to-key specifier + * @returns {Integer} Actual length of the object. + */ + read(bytes) { + let i = 0; + this.algorithm = bytes[i++]; - options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); + switch (this.type) { + case 'simple': + break; - const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); - const revocationCertificate = await key.getRevocationCertificate(options.date, config); - key.revocationSignatures = []; - return { key, revocationCertificate }; + case 'salted': + this.salt = bytes.subarray(i, i + 8); + i += 8; + break; - function sanitize(options, subkeyDefaults = {}) { - options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; - options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; - options.date = options.date || subkeyDefaults.date; + case 'iterated': + this.salt = bytes.subarray(i, i + 8); + i += 8; - return options; - } -} + // Octet 10: count, a one-octet, coded value + this.c = bytes[i++]; + break; -/** - * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection - * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. - * @param {SecretKeyPacket} secretKeyPacket - * @param {SecretSubkeyPacket} secretSubkeyPackets - * @param {Object} options - * @param {Object} config - Full configuration - * @returns {PrivateKey} - */ -async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { - // set passphrase protection - if (options.passphrase) { - await secretKeyPacket.encrypt(options.passphrase, config); - } + case 'gnu': + if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') { + i += 3; // GNU + const gnuExtType = 1000 + bytes[i++]; + if (gnuExtType === 1001) { + this.type = 'gnu-dummy'; + // GnuPG extension mode 1001 -- don't write secret key at all + } else { + throw new UnsupportedError('Unknown s2k gnu protection mode.'); + } + } else { + throw new UnsupportedError('Unknown s2k type.'); + } + break; - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - await secretSubkeyPacket.encrypt(subkeyPassphrase, config); + default: + throw new UnsupportedError('Unknown s2k type.'); // unreachable } - })); - const packetlist = new PacketList(); - packetlist.push(secretKeyPacket); + return i; + } - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + /** + * Serializes s2k information + * @returns {Uint8Array} Binary representation of s2k. + */ + write() { + if (this.type === 'gnu-dummy') { + return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]); } + const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])]; - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; - - const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; - signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; - signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ - // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) - enums.symmetric.aes256, - enums.symmetric.aes128, - enums.symmetric.aes192 - ], config.preferredSymmetricAlgorithm); - if (config.aeadProtect) { - signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([ - enums.aead.eax, - enums.aead.ocb - ], config.preferredAEADAlgorithm); - } - signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ - // prefer fast asm.js implementations (SHA-256) - enums.hash.sha256, - enums.hash.sha512 - ], config.preferredHashAlgorithm); - signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ - enums.compression.zlib, - enums.compression.zip, - enums.compression.uncompressed - ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } - // integrity protection always enabled - signatureProperties.features = [0]; - signatureProperties.features[0] |= enums.features.modificationDetection; - if (config.aeadProtect) { - signatureProperties.features[0] |= enums.features.aead; - } - if (config.v5Keys) { - signatureProperties.features[0] |= enums.features.v5Keys; - } - if (options.keyExpirationTime > 0) { - signatureProperties.keyExpirationTime = options.keyExpirationTime; - signatureProperties.keyNeverExpires = false; + switch (this.type) { + case 'simple': + break; + case 'salted': + arr.push(this.salt); + break; + case 'iterated': + arr.push(this.salt); + arr.push(new Uint8Array([this.c])); + break; + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); } - const signaturePacket = await createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + return util.concatUint8Array(arr); + } - return { userIDPacket, signaturePacket }; - })).then(list => { - list.forEach(({ userIDPacket, signaturePacket }) => { - packetlist.push(userIDPacket); - packetlist.push(signaturePacket); - }); - }); + /** + * Produces a key using the specified passphrase and the defined + * hashAlgorithm + * @param {String} passphrase - Passphrase containing user input + * @returns {Promise} Produced key with a length corresponding to. + * hashAlgorithm hash length + * @async + */ + async produceKey(passphrase, numBytes) { + passphrase = util.encodeUTF8(passphrase); - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyOptions = options.subkeys[index]; - const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); - return { secretSubkeyPacket, subkeySignaturePacket }; - })).then(packets => { - packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { - packetlist.push(secretSubkeyPacket); - packetlist.push(subkeySignaturePacket); - }); - }); + const arr = []; + let rlength = 0; - // Add revocation signature packet for creating a revocation certificate. - // This packet should be removed before returning the key. - const dataToSign = { key: secretKeyPacket }; - packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { - signatureType: enums.signature.keyRevocation, - reasonForRevocationFlag: enums.reasonForRevocation.noReason, - reasonForRevocationString: '' - }, options.date, undefined, undefined, undefined, config)); + let prefixlen = 0; + while (rlength < numBytes) { + let toHash; + switch (this.type) { + case 'simple': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]); + break; + case 'salted': + toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]); + break; + case 'iterated': { + const data = util.concatUint8Array([this.salt, passphrase]); + let datalen = data.length; + const count = Math.max(this.getCount(), datalen); + toHash = new Uint8Array(prefixlen + count); + toHash.set(data, prefixlen); + for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) { + toHash.copyWithin(pos, prefixlen, pos); + } + break; + } + case 'gnu': + throw new Error('GNU s2k type not supported.'); + default: + throw new Error('Unknown s2k type.'); + } + const result = await mod$1.hash.digest(this.algorithm, toHash); + arr.push(result); + rlength += result.length; + prefixlen++; + } - if (options.passphrase) { - secretKeyPacket.clearPrivateParams(); + return util.concatUint8Array(arr).subarray(0, numBytes); } +} - await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { - const subkeyPassphrase = options.subkeys[index].passphrase; - if (subkeyPassphrase) { - secretSubkeyPacket.clearPrivateParams(); +const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]); + +/** + * Instantiate a new S2K instance of the given type + * @param {module:enums.s2k} type + * @oaram {Object} [config] + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromType(type, config$1 = config) { + switch (type) { + case enums.s2k.argon2: + return new Argon2S2K(config$1); + case enums.s2k.iterated: + case enums.s2k.gnu: + case enums.s2k.salted: + case enums.s2k.simple: + return new GenericS2K(type, config$1); + default: + throw new UnsupportedError('Unsupported S2K type'); + } +} + +/** + * Instantiate a new S2K instance based on the config settings + * @oaram {Object} config + * @returns {Object} New s2k object + * @throws {Error} for unknown or unsupported types + */ +function newS2KFromConfig(config) { + const { s2kType } = config; + + if (!allowedS2KTypesForEncryption.has(s2kType)) { + throw new Error('The provided `config.s2kType` value is not allowed'); + } + + return newS2KFromType(s2kType, config); +} + +// DEFLATE is a complex format; to read this code, you should probably check the RFC first: +// https://tools.ietf.org/html/rfc1951 +// You may also wish to take a look at the guide I made about this program: +// https://gist.github.com/101arrowz/253f31eb5abc3d9275ab943003ffecad +// Some of the following code is similar to that of UZIP.js: +// https://github.com/photopea/UZIP.js +// However, the vast majority of the codebase has diverged from UZIP.js to increase performance and reduce bundle size. +// Sometimes 0 will appear where -1 would be more appropriate. This is because using a uint +// is better for memory in most engines (I *think*). + +// aliases for shorter compressed code (most minifers don't do this) +var u8 = Uint8Array, u16 = Uint16Array, u32$1 = Uint32Array; +// fixed length extra bits +var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, /* unused */ 0, 0, /* impossible */ 0]); +// fixed distance extra bits +// see fleb note +var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, /* unused */ 0, 0]); +// code length index map +var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]); +// get base, reverse index map from extra bits +var freb = function (eb, start) { + var b = new u16(31); + for (var i = 0; i < 31; ++i) { + b[i] = start += 1 << eb[i - 1]; + } + // numbers here are at max 18 bits + var r = new u32$1(b[30]); + for (var i = 1; i < 30; ++i) { + for (var j = b[i]; j < b[i + 1]; ++j) { + r[j] = ((j - b[i]) << 5) | i; + } + } + return [b, r]; +}; +var _a = freb(fleb, 2), fl = _a[0], revfl = _a[1]; +// we can ignore the fact that the other numbers are wrong; they never happen anyway +fl[28] = 258, revfl[258] = 28; +var _b = freb(fdeb, 0), fd = _b[0], revfd = _b[1]; +// map of value to reverse (assuming 16 bits) +var rev = new u16(32768); +for (var i = 0; i < 32768; ++i) { + // reverse table algorithm from SO + var x = ((i & 0xAAAA) >>> 1) | ((i & 0x5555) << 1); + x = ((x & 0xCCCC) >>> 2) | ((x & 0x3333) << 2); + x = ((x & 0xF0F0) >>> 4) | ((x & 0x0F0F) << 4); + rev[i] = (((x & 0xFF00) >>> 8) | ((x & 0x00FF) << 8)) >>> 1; +} +// create huffman tree from u8 "map": index -> code length for code index +// mb (max bits) must be at most 15 +// TODO: optimize/split up? +var hMap = (function (cd, mb, r) { + var s = cd.length; + // index + var i = 0; + // u16 "map": index -> # of codes with bit length = index + var l = new u16(mb); + // length of cd must be 288 (total # of codes) + for (; i < s; ++i) { + if (cd[i]) + ++l[cd[i] - 1]; + } + // u16 "map": index -> minimum code for bit length = index + var le = new u16(mb); + for (i = 0; i < mb; ++i) { + le[i] = (le[i - 1] + l[i - 1]) << 1; + } + var co; + if (r) { + // u16 "map": index -> number of actual bits, symbol for code + co = new u16(1 << mb); + // bits to remove for reverser + var rvb = 15 - mb; + for (i = 0; i < s; ++i) { + // ignore 0 lengths + if (cd[i]) { + // num encoding both symbol and bits read + var sv = (i << 4) | cd[i]; + // free bits + var r_1 = mb - cd[i]; + // start value + var v = le[cd[i] - 1]++ << r_1; + // m is end value + for (var m = v | ((1 << r_1) - 1); v <= m; ++v) { + // every 16 bit value starting with the code yields the same result + co[rev[v] >>> rvb] = sv; + } + } + } + } + else { + co = new u16(s); + for (i = 0; i < s; ++i) { + if (cd[i]) { + co[i] = rev[le[cd[i] - 1]++] >>> (15 - cd[i]); + } + } + } + return co; +}); +// fixed length tree +var flt = new u8(288); +for (var i = 0; i < 144; ++i) + flt[i] = 8; +for (var i = 144; i < 256; ++i) + flt[i] = 9; +for (var i = 256; i < 280; ++i) + flt[i] = 7; +for (var i = 280; i < 288; ++i) + flt[i] = 8; +// fixed distance tree +var fdt = new u8(32); +for (var i = 0; i < 32; ++i) + fdt[i] = 5; +// fixed length map +var flm = /*#__PURE__*/ hMap(flt, 9, 0), flrm = /*#__PURE__*/ hMap(flt, 9, 1); +// fixed distance map +var fdm = /*#__PURE__*/ hMap(fdt, 5, 0), fdrm = /*#__PURE__*/ hMap(fdt, 5, 1); +// find max of array +var max = function (a) { + var m = a[0]; + for (var i = 1; i < a.length; ++i) { + if (a[i] > m) + m = a[i]; + } + return m; +}; +// read d, starting at bit p and mask with m +var bits = function (d, p, m) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8)) >> (p & 7)) & m; +}; +// read d, starting at bit p continuing for at least 16 bits +var bits16 = function (d, p) { + var o = (p / 8) | 0; + return ((d[o] | (d[o + 1] << 8) | (d[o + 2] << 16)) >> (p & 7)); +}; +// get end of byte +var shft = function (p) { return ((p + 7) / 8) | 0; }; +// typed array slice - allows garbage collector to free original reference, +// while being more compatible than .slice +var slc = function (v, s, e) { + if (s == null || s < 0) + s = 0; + if (e == null || e > v.length) + e = v.length; + // can't use .constructor in case user-supplied + var n = new (v.BYTES_PER_ELEMENT == 2 ? u16 : v.BYTES_PER_ELEMENT == 4 ? u32$1 : u8)(e - s); + n.set(v.subarray(s, e)); + return n; +}; +// error codes +var ec = [ + 'unexpected EOF', + 'invalid block type', + 'invalid length/literal', + 'invalid distance', + 'stream finished', + 'no stream handler', + , + 'no callback', + 'invalid UTF-8 data', + 'extra field too long', + 'date not in range 1980-2099', + 'filename too long', + 'stream finishing', + 'invalid zip data' + // determined by unknown compression method +]; +var err = function (ind, msg, nt) { + var e = new Error(msg || ec[ind]); + e.code = ind; + if (Error.captureStackTrace) + Error.captureStackTrace(e, err); + if (!nt) + throw e; + return e; +}; +// expands raw DEFLATE data +var inflt = function (dat, buf, st) { + // source length + var sl = dat.length; + if (!sl || (st && st.f && !st.l)) + return buf || new u8(0); + // have to estimate size + var noBuf = !buf || st; + // no state + var noSt = !st || st.i; + if (!st) + st = {}; + // Assumes roughly 33% compression ratio average + if (!buf) + buf = new u8(sl * 3); + // ensure buffer can fit at least l elements + var cbuf = function (l) { + var bl = buf.length; + // need to increase size to fit + if (l > bl) { + // Double or set to necessary, whichever is greater + var nbuf = new u8(Math.max(bl * 2, l)); + nbuf.set(buf); + buf = nbuf; + } + }; + // last chunk bitpos bytes + var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n; + // total bits + var tbts = sl * 8; + do { + if (!lm) { + // BFINAL - this is only 1 when last chunk is next + final = bits(dat, pos, 1); + // type: 0 = no compression, 1 = fixed huffman, 2 = dynamic huffman + var type = bits(dat, pos + 1, 3); + pos += 3; + if (!type) { + // go to end of byte boundary + var s = shft(pos) + 4, l = dat[s - 4] | (dat[s - 3] << 8), t = s + l; + if (t > sl) { + if (noSt) + err(0); + break; + } + // ensure size + if (noBuf) + cbuf(bt + l); + // Copy over uncompressed data + buf.set(dat.subarray(s, t), bt); + // Get new bitpos, update byte count + st.b = bt += l, st.p = pos = t * 8, st.f = final; + continue; + } + else if (type == 1) + lm = flrm, dm = fdrm, lbt = 9, dbt = 5; + else if (type == 2) { + // literal lengths + var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4; + var tl = hLit + bits(dat, pos + 5, 31) + 1; + pos += 14; + // length+distance tree + var ldt = new u8(tl); + // code length tree + var clt = new u8(19); + for (var i = 0; i < hcLen; ++i) { + // use index map to get real code + clt[clim[i]] = bits(dat, pos + i * 3, 7); + } + pos += hcLen * 3; + // code lengths bits + var clb = max(clt), clbmsk = (1 << clb) - 1; + // code lengths map + var clm = hMap(clt, clb, 1); + for (var i = 0; i < tl;) { + var r = clm[bits(dat, pos, clbmsk)]; + // bits read + pos += r & 15; + // symbol + var s = r >>> 4; + // code length to copy + if (s < 16) { + ldt[i++] = s; + } + else { + // copy count + var c = 0, n = 0; + if (s == 16) + n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i - 1]; + else if (s == 17) + n = 3 + bits(dat, pos, 7), pos += 3; + else if (s == 18) + n = 11 + bits(dat, pos, 127), pos += 7; + while (n--) + ldt[i++] = c; + } + } + // length tree distance tree + var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit); + // max length bits + lbt = max(lt); + // max dist bits + dbt = max(dt); + lm = hMap(lt, lbt, 1); + dm = hMap(dt, dbt, 1); + } + else + err(1); + if (pos > tbts) { + if (noSt) + err(0); + break; + } + } + // Make sure the buffer can hold this + the largest possible addition + // Maximum chunk size (practically, theoretically infinite) is 2^17; + if (noBuf) + cbuf(bt + 131072); + var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1; + var lpos = pos; + for (;; lpos = pos) { + // bits read, code + var c = lm[bits16(dat, pos) & lms], sym = c >>> 4; + pos += c & 15; + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (!c) + err(2); + if (sym < 256) + buf[bt++] = sym; + else if (sym == 256) { + lpos = pos, lm = null; + break; + } + else { + var add = sym - 254; + // no extra bits needed if less + if (sym > 264) { + // index + var i = sym - 257, b = fleb[i]; + add = bits(dat, pos, (1 << b) - 1) + fl[i]; + pos += b; + } + // dist + var d = dm[bits16(dat, pos) & dms], dsym = d >>> 4; + if (!d) + err(3); + pos += d & 15; + var dt = fd[dsym]; + if (dsym > 3) { + var b = fdeb[dsym]; + dt += bits16(dat, pos) & ((1 << b) - 1), pos += b; + } + if (pos > tbts) { + if (noSt) + err(0); + break; + } + if (noBuf) + cbuf(bt + 131072); + var end = bt + add; + for (; bt < end; bt += 4) { + buf[bt] = buf[bt - dt]; + buf[bt + 1] = buf[bt + 1 - dt]; + buf[bt + 2] = buf[bt + 2 - dt]; + buf[bt + 3] = buf[bt + 3 - dt]; + } + bt = end; + } + } + st.l = lm, st.p = lpos, st.b = bt, st.f = final; + if (lm) + final = 1, st.m = lbt, st.d = dm, st.n = dbt; + } while (!final); + return bt == buf.length ? buf : slc(buf, 0, bt); +}; +// starting at p, write the minimum number of bits that can hold v to d +var wbits = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; +}; +// starting at p, write the minimum number of bits (>8) that can hold v to d +var wbits16 = function (d, p, v) { + v <<= p & 7; + var o = (p / 8) | 0; + d[o] |= v; + d[o + 1] |= v >>> 8; + d[o + 2] |= v >>> 16; +}; +// creates code lengths from a frequency table +var hTree = function (d, mb) { + // Need extra info to make a tree + var t = []; + for (var i = 0; i < d.length; ++i) { + if (d[i]) + t.push({ s: i, f: d[i] }); + } + var s = t.length; + var t2 = t.slice(); + if (!s) + return [et, 0]; + if (s == 1) { + var v = new u8(t[0].s + 1); + v[t[0].s] = 1; + return [v, 1]; + } + t.sort(function (a, b) { return a.f - b.f; }); + // after i2 reaches last ind, will be stopped + // freq must be greater than largest possible number of symbols + t.push({ s: -1, f: 25001 }); + var l = t[0], r = t[1], i0 = 0, i1 = 1, i2 = 2; + t[0] = { s: -1, f: l.f + r.f, l: l, r: r }; + // efficient algorithm from UZIP.js + // i0 is lookbehind, i2 is lookahead - after processing two low-freq + // symbols that combined have high freq, will start processing i2 (high-freq, + // non-composite) symbols instead + // see https://reddit.com/r/photopea/comments/ikekht/uzipjs_questions/ + while (i1 != s - 1) { + l = t[t[i0].f < t[i2].f ? i0++ : i2++]; + r = t[i0 != i1 && t[i0].f < t[i2].f ? i0++ : i2++]; + t[i1++] = { s: -1, f: l.f + r.f, l: l, r: r }; + } + var maxSym = t2[0].s; + for (var i = 1; i < s; ++i) { + if (t2[i].s > maxSym) + maxSym = t2[i].s; + } + // code lengths + var tr = new u16(maxSym + 1); + // max bits in tree + var mbt = ln(t[i1 - 1], tr, 0); + if (mbt > mb) { + // more algorithms from UZIP.js + // TODO: find out how this code works (debt) + // ind debt + var i = 0, dt = 0; + // left cost + var lft = mbt - mb, cst = 1 << lft; + t2.sort(function (a, b) { return tr[b.s] - tr[a.s] || a.f - b.f; }); + for (; i < s; ++i) { + var i2_1 = t2[i].s; + if (tr[i2_1] > mb) { + dt += cst - (1 << (mbt - tr[i2_1])); + tr[i2_1] = mb; + } + else + break; + } + dt >>>= lft; + while (dt > 0) { + var i2_2 = t2[i].s; + if (tr[i2_2] < mb) + dt -= 1 << (mb - tr[i2_2]++ - 1); + else + ++i; + } + for (; i >= 0 && dt; --i) { + var i2_3 = t2[i].s; + if (tr[i2_3] == mb) { + --tr[i2_3]; + ++dt; + } + } + mbt = mb; + } + return [new u8(tr), mbt]; +}; +// get the max length and assign length codes +var ln = function (n, l, d) { + return n.s == -1 + ? Math.max(ln(n.l, l, d + 1), ln(n.r, l, d + 1)) + : (l[n.s] = d); +}; +// length codes generation +var lc = function (c) { + var s = c.length; + // Note that the semicolon was intentional + while (s && !c[--s]) + ; + var cl = new u16(++s); + // ind num streak + var cli = 0, cln = c[0], cls = 1; + var w = function (v) { cl[cli++] = v; }; + for (var i = 1; i <= s; ++i) { + if (c[i] == cln && i != s) + ++cls; + else { + if (!cln && cls > 2) { + for (; cls > 138; cls -= 138) + w(32754); + if (cls > 2) { + w(cls > 10 ? ((cls - 11) << 5) | 28690 : ((cls - 3) << 5) | 12305); + cls = 0; + } + } + else if (cls > 3) { + w(cln), --cls; + for (; cls > 6; cls -= 6) + w(8304); + if (cls > 2) + w(((cls - 3) << 5) | 8208), cls = 0; + } + while (cls--) + w(cln); + cls = 1; + cln = c[i]; + } + } + return [cl.subarray(0, cli), s]; +}; +// calculate the length of output from tree, code lengths +var clen = function (cf, cl) { + var l = 0; + for (var i = 0; i < cl.length; ++i) + l += cf[i] * cl[i]; + return l; +}; +// writes a fixed block +// returns the new bit pos +var wfblk = function (out, pos, dat) { + // no need to write 00 as type: TypedArray defaults to 0 + var s = dat.length; + var o = shft(pos + 2); + out[o] = s & 255; + out[o + 1] = s >>> 8; + out[o + 2] = out[o] ^ 255; + out[o + 3] = out[o + 1] ^ 255; + for (var i = 0; i < s; ++i) + out[o + i + 4] = dat[i]; + return (o + 4 + s) * 8; +}; +// writes a block +var wblk = function (dat, out, final, syms, lf, df, eb, li, bs, bl, p) { + wbits(out, p++, final); + ++lf[256]; + var _a = hTree(lf, 15), dlt = _a[0], mlb = _a[1]; + var _b = hTree(df, 15), ddt = _b[0], mdb = _b[1]; + var _c = lc(dlt), lclt = _c[0], nlc = _c[1]; + var _d = lc(ddt), lcdt = _d[0], ndc = _d[1]; + var lcfreq = new u16(19); + for (var i = 0; i < lclt.length; ++i) + lcfreq[lclt[i] & 31]++; + for (var i = 0; i < lcdt.length; ++i) + lcfreq[lcdt[i] & 31]++; + var _e = hTree(lcfreq, 7), lct = _e[0], mlcb = _e[1]; + var nlcc = 19; + for (; nlcc > 4 && !lct[clim[nlcc - 1]]; --nlcc) + ; + var flen = (bl + 5) << 3; + var ftlen = clen(lf, flt) + clen(df, fdt) + eb; + var dtlen = clen(lf, dlt) + clen(df, ddt) + eb + 14 + 3 * nlcc + clen(lcfreq, lct) + (2 * lcfreq[16] + 3 * lcfreq[17] + 7 * lcfreq[18]); + if (flen <= ftlen && flen <= dtlen) + return wfblk(out, p, dat.subarray(bs, bs + bl)); + var lm, ll, dm, dl; + wbits(out, p, 1 + (dtlen < ftlen)), p += 2; + if (dtlen < ftlen) { + lm = hMap(dlt, mlb, 0), ll = dlt, dm = hMap(ddt, mdb, 0), dl = ddt; + var llm = hMap(lct, mlcb, 0); + wbits(out, p, nlc - 257); + wbits(out, p + 5, ndc - 1); + wbits(out, p + 10, nlcc - 4); + p += 14; + for (var i = 0; i < nlcc; ++i) + wbits(out, p + 3 * i, lct[clim[i]]); + p += 3 * nlcc; + var lcts = [lclt, lcdt]; + for (var it = 0; it < 2; ++it) { + var clct = lcts[it]; + for (var i = 0; i < clct.length; ++i) { + var len = clct[i] & 31; + wbits(out, p, llm[len]), p += lct[len]; + if (len > 15) + wbits(out, p, (clct[i] >>> 5) & 127), p += clct[i] >>> 12; + } + } + } + else { + lm = flm, ll = flt, dm = fdm, dl = fdt; + } + for (var i = 0; i < li; ++i) { + if (syms[i] > 255) { + var len = (syms[i] >>> 18) & 31; + wbits16(out, p, lm[len + 257]), p += ll[len + 257]; + if (len > 7) + wbits(out, p, (syms[i] >>> 23) & 31), p += fleb[len]; + var dst = syms[i] & 31; + wbits16(out, p, dm[dst]), p += dl[dst]; + if (dst > 3) + wbits16(out, p, (syms[i] >>> 5) & 8191), p += fdeb[dst]; + } + else { + wbits16(out, p, lm[syms[i]]), p += ll[syms[i]]; + } + } + wbits16(out, p, lm[256]); + return p + ll[256]; +}; +// deflate options (nice << 13) | chain +var deo = /*#__PURE__*/ new u32$1([65540, 131080, 131088, 131104, 262176, 1048704, 1048832, 2114560, 2117632]); +// empty +var et = /*#__PURE__*/ new u8(0); +// compresses data into a raw DEFLATE buffer +var dflt = function (dat, lvl, plvl, pre, post, lst) { + var s = dat.length; + var o = new u8(pre + s + 5 * (1 + Math.ceil(s / 7000)) + post); + // writing to this writes to the output buffer + var w = o.subarray(pre, o.length - post); + var pos = 0; + if (!lvl || s < 8) { + for (var i = 0; i <= s; i += 65535) { + // end + var e = i + 65535; + if (e >= s) { + // write final block + w[pos >> 3] = lst; + } + pos = wfblk(w, pos + 1, dat.subarray(i, e)); + } } - })); - - return new PrivateKey(packetlist); -} - + else { + var opt = deo[lvl - 1]; + var n = opt >>> 13, c = opt & 8191; + var msk_1 = (1 << plvl) - 1; + // prev 2-byte val map curr 2-byte val map + var prev = new u16(32768), head = new u16(msk_1 + 1); + var bs1_1 = Math.ceil(plvl / 3), bs2_1 = 2 * bs1_1; + var hsh = function (i) { return (dat[i] ^ (dat[i + 1] << bs1_1) ^ (dat[i + 2] << bs2_1)) & msk_1; }; + // 24576 is an arbitrary number of maximum symbols per block + // 424 buffer for last block + var syms = new u32$1(25000); + // length/literal freq distance freq + var lf = new u16(288), df = new u16(32); + // l/lcnt exbits index l/lind waitdx bitpos + var lc_1 = 0, eb = 0, i = 0, li = 0, wi = 0, bs = 0; + for (; i < s; ++i) { + // hash value + // deopt when i > s - 3 - at end, deopt acceptable + var hv = hsh(i); + // index mod 32768 previous index mod + var imod = i & 32767, pimod = head[hv]; + prev[imod] = pimod; + head[hv] = imod; + // We always should modify head and prev, but only add symbols if + // this data is not yet processed ("wait" for wait index) + if (wi <= i) { + // bytes remaining + var rem = s - i; + if ((lc_1 > 7000 || li > 24576) && rem > 423) { + pos = wblk(dat, w, 0, syms, lf, df, eb, li, bs, i - bs, pos); + li = lc_1 = eb = 0, bs = i; + for (var j = 0; j < 286; ++j) + lf[j] = 0; + for (var j = 0; j < 30; ++j) + df[j] = 0; + } + // len dist chain + var l = 2, d = 0, ch_1 = c, dif = (imod - pimod) & 32767; + if (rem > 2 && hv == hsh(i - dif)) { + var maxn = Math.min(n, rem) - 1; + var maxd = Math.min(32767, i); + // max possible length + // not capped at dif because decompressors implement "rolling" index population + var ml = Math.min(258, rem); + while (dif <= maxd && --ch_1 && imod != pimod) { + if (dat[i + l] == dat[i + l - dif]) { + var nl = 0; + for (; nl < ml && dat[i + nl] == dat[i + nl - dif]; ++nl) + ; + if (nl > l) { + l = nl, d = dif; + // break out early when we reach "nice" (we are satisfied enough) + if (nl > maxn) + break; + // now, find the rarest 2-byte sequence within this + // length of literals and search for that instead. + // Much faster than just using the start + var mmd = Math.min(dif, nl - 2); + var md = 0; + for (var j = 0; j < mmd; ++j) { + var ti = (i - dif + j + 32768) & 32767; + var pti = prev[ti]; + var cd = (ti - pti + 32768) & 32767; + if (cd > md) + md = cd, pimod = ti; + } + } + } + // check the previous match + imod = pimod, pimod = prev[imod]; + dif += (imod - pimod + 32768) & 32767; + } + } + // d will be nonzero only when a match was found + if (d) { + // store both dist and len data in one Uint32 + // Make sure this is recognized as a len/dist with 28th bit (2^28) + syms[li++] = 268435456 | (revfl[l] << 18) | revfd[d]; + var lin = revfl[l] & 31, din = revfd[d] & 31; + eb += fleb[lin] + fdeb[din]; + ++lf[257 + lin]; + ++df[din]; + wi = i + l; + ++lc_1; + } + else { + syms[li++] = dat[i]; + ++lf[dat[i]]; + } + } + } + pos = wblk(dat, w, lst, syms, lf, df, eb, li, bs, i - bs, pos); + // this is the easiest way to avoid needing to maintain state + if (!lst && pos & 7) + pos = wfblk(w, pos + 1, et); + } + return slc(o, 0, pre + shft(pos) + post); +}; +// Alder32 +var adler = function () { + var a = 1, b = 0; + return { + p: function (d) { + // closures have awful performance + var n = a, m = b; + var l = d.length | 0; + for (var i = 0; i != l;) { + var e = Math.min(i + 2655, l); + for (; i < e; ++i) + m += n += d[i]; + n = (n & 65535) + 15 * (n >> 16), m = (m & 65535) + 15 * (m >> 16); + } + a = n, b = m; + }, + d: function () { + a %= 65521, b %= 65521; + return (a & 255) << 24 | (a >>> 8) << 16 | (b & 255) << 8 | (b >>> 8); + } + }; +}; +// deflate with opts +var dopt = function (dat, opt, pre, post, st) { + return dflt(dat, opt.level == null ? 6 : opt.level, opt.mem == null ? Math.ceil(Math.max(8, Math.min(13, Math.log(dat.length))) * 1.5) : (12 + opt.mem), pre, post, !st); +}; +// write bytes +var wbytes = function (d, b, v) { + for (; v; ++b) + d[b] = v, v >>>= 8; +}; +// zlib header +var zlh = function (c, o) { + var lv = o.level, fl = lv == 0 ? 0 : lv < 6 ? 1 : lv == 9 ? 3 : 2; + c[0] = 120, c[1] = (fl << 6) | (fl ? (32 - 2 * fl) : 1); +}; +// zlib footer: -4 to -0 is Adler32 /** - * Reads an (optionally armored) OpenPGP key and returns a key object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static + * Streaming DEFLATE compression */ -async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { - throw new Error('Armored text not of type key'); +var Deflate = /*#__PURE__*/ (function () { + function Deflate(opts, cb) { + if (!cb && typeof opts == 'function') + cb = opts, opts = {}; + this.ondata = cb; + this.o = opts || {}; } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return createKey(packetlist); -} - + Deflate.prototype.p = function (c, f) { + this.ondata(dopt(c, this.o, 0, 0, !f), f); + }; + /** + * Pushes a chunk to be deflated + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Deflate.prototype.push = function (chunk, final) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + this.d = final; + this.p(chunk, final || false); + }; + return Deflate; +}()); /** - * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object - * @param {Object} options - * @param {String} [options.armoredKey] - Armored key to be parsed - * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Key object. - * @async - * @static + * Streaming DEFLATE decompression */ -async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!armoredKey && !binaryKey) { - throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); - } - if (armoredKey && !util.isString(armoredKey)) { - throw new Error('readPrivateKey: options.armoredKey must be a string'); - } - if (binaryKey && !util.isUint8Array(binaryKey)) { - throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - let input; - if (armoredKey) { - const { type, data } = await unarmor(armoredKey, config$1); - if (!(type === enums.armor.privateKey)) { - throw new Error('Armored text not of type private key'); - } - input = data; - } else { - input = binaryKey; - } - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - return new PrivateKey(packetlist); -} - +var Inflate = /*#__PURE__*/ (function () { + /** + * Creates an inflation stream + * @param cb The callback to call whenever data is inflated + */ + function Inflate(cb) { + this.s = {}; + this.p = new u8(0); + this.ondata = cb; + } + Inflate.prototype.e = function (c) { + if (!this.ondata) + err(5); + if (this.d) + err(4); + var l = this.p.length; + var n = new u8(l + c.length); + n.set(this.p), n.set(c, l), this.p = n; + }; + Inflate.prototype.c = function (final) { + this.d = this.s.i = final || false; + var bts = this.s.b; + var dt = inflt(this.p, this.o, this.s); + this.ondata(slc(dt, bts, this.s.b), this.d); + this.o = slc(dt, this.s.b - 32768), this.s.b = this.o.length; + this.p = slc(this.p, (this.s.p / 8) | 0), this.s.p &= 7; + }; + /** + * Pushes a chunk to be inflated + * @param chunk The chunk to push + * @param final Whether this is the final chunk + */ + Inflate.prototype.push = function (chunk, final) { + this.e(chunk), this.c(final); + }; + return Inflate; +}()); /** - * Reads an (optionally armored) OpenPGP key block and returns a list of key objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static + * Streaming Zlib compression */ -async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { - throw new Error('Armored text not of type key'); +var Zlib = /*#__PURE__*/ (function () { + function Zlib(opts, cb) { + this.c = adler(); + this.v = 1; + Deflate.call(this, opts, cb); } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = createKey(oneKeyList); - keys.push(newKey); - } - return keys; -} - + /** + * Pushes a chunk to be zlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Zlib.prototype.push = function (chunk, final) { + Deflate.prototype.push.call(this, chunk, final); + }; + Zlib.prototype.p = function (c, f) { + this.c.p(c); + var raw = dopt(c, this.o, this.v && 2, f && 4, !f); + if (this.v) + zlh(raw, this.o), this.v = 0; + if (f) + wbytes(raw, raw.length - 4, this.c.d()); + this.ondata(raw, f); + }; + return Zlib; +}()); /** - * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects - * @param {Object} options - * @param {String} [options.armoredKeys] - Armored keys to be parsed - * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Key objects. - * @async - * @static + * Streaming Zlib decompression */ -async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { - config$1 = { ...config, ...config$1 }; - let input = armoredKeys || binaryKeys; - if (!input) { - throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); - } - if (armoredKeys && !util.isString(armoredKeys)) { - throw new Error('readPrivateKeys: options.armoredKeys must be a string'); - } - if (binaryKeys && !util.isUint8Array(binaryKeys)) { - throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); - } - if (armoredKeys) { - const { type, data } = await unarmor(armoredKeys, config$1); - if (type !== enums.armor.privateKey) { - throw new Error('Armored text not of type private key'); +var Unzlib = /*#__PURE__*/ (function () { + /** + * Creates a Zlib decompression stream + * @param cb The callback to call whenever data is inflated + */ + function Unzlib(cb) { + this.v = 1; + Inflate.call(this, cb); } - input = data; - } - const keys = []; - const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); - const keyIndex = packetlist.indexOfTag(enums.packet.secretKey); - if (keyIndex.length === 0) { - throw new Error('No secret key packet found'); - } - for (let i = 0; i < keyIndex.length; i++) { - const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); - const newKey = new PrivateKey(oneKeyList); - keys.push(newKey); - } - return keys; + /** + * Pushes a chunk to be unzlibbed + * @param chunk The chunk to push + * @param final Whether this is the last chunk + */ + Unzlib.prototype.push = function (chunk, final) { + Inflate.prototype.e.call(this, chunk); + if (this.v) { + if (this.p.length < 2 && !final) + return; + this.p = this.p.subarray(2), this.v = 0; + } + if (final) { + if (this.p.length < 4) + err(6, 'invalid zlib data'); + this.p = this.p.subarray(0, -4); + } + // necessary to prevent TS from using the closure value + // This allows for workerization to function correctly + Inflate.prototype.c.call(this, final); + }; + return Unzlib; +}()); +// text decoder +var td = typeof TextDecoder != 'undefined' && /*#__PURE__*/ new TextDecoder(); +// text decoder stream +var tds = 0; +try { + td.decode(et, { stream: true }); + tds = 1; } +catch (e) { } // GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -// A Message can contain the following packets -const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ - LiteralDataPacket, - CompressedDataPacket, - AEADEncryptedDataPacket, - SymEncryptedIntegrityProtectedDataPacket, - SymmetricallyEncryptedDataPacket, - PublicKeyEncryptedSessionKeyPacket, - SymEncryptedSessionKeyPacket, - OnePassSignaturePacket, - SignaturePacket -]); -// A SKESK packet can contain the following packets -const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); -// A detached signature can contain the following packets -const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); /** - * Class that represents an OpenPGP message. - * Can be an encrypted message, signed message, compressed message or literal message - * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + * Implementation of the Literal Data Packet (Tag 11) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: + * A Literal Data packet contains the body of a message; data that is not to be + * further interpreted. */ -class Message { +class LiteralDataPacket { + static get tag() { + return enums.packet.literalData; + } + /** - * @param {PacketList} packetlist - The packets that form this message + * @param {Date} date - The creation date of the literal package */ - constructor(packetlist) { - this.packets = packetlist || new PacketList(); + constructor(date = new Date()) { + this.format = enums.literal.utf8; // default format for literal data packets + this.date = util.normalizeDate(date); + this.text = null; // textual data representation + this.data = null; // literal data representation + this.filename = ''; } /** - * Returns the key IDs of the keys to which the session key is encrypted - * @returns {Array} Array of keyID objects. - */ - getEncryptionKeyIDs() { - const keyIDs = []; - const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - pkESKeyPacketlist.forEach(function(packet) { - keyIDs.push(packet.publicKeyID); - }); - return keyIDs; + * Set the packet data to a javascript native string, end of line + * will be normalized to \r\n and by default text is converted to UTF8 + * @param {String | ReadableStream} text - Any native javascript string + * @param {enums.literal} [format] - The format of the string of bytes + */ + setText(text, format = enums.literal.utf8) { + this.format = format; + this.text = text; + this.data = null; } /** - * Returns the key IDs of the keys that signed the message - * @returns {Array} Array of keyID objects. + * Returns literal data packets as native JavaScript string + * with normalized end of line to \n + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {String | ReadableStream} Literal data as text. */ - getSigningKeyIDs() { - const msg = this.unwrapCompressed(); - // search for one pass signatures - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); - if (onePassSigList.length > 0) { - return onePassSigList.map(packet => packet.issuerKeyID); + getText(clone = false) { + if (this.text === null || util.isStream(this.text)) { // Assume that this.text has been read + this.text = util.decodeUTF8(util.nativeEOL(this.getBytes(clone))); } - // if nothing found look for signature packets - const signatureList = msg.packets.filterByTag(enums.packet.signature); - return signatureList.map(packet => packet.issuerKeyID); + return this.text; } /** - * Decrypt the message. Either a private key, a session key, or a password must be specified. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Date} [date] - Use the given date for key verification instead of the current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with decrypted content. - * @async + * Set the packet data to value represented by the provided string of bytes. + * @param {Uint8Array | ReadableStream} bytes - The string of bytes + * @param {enums.literal} format - The format of the string of bytes */ - async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { - const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, date, config$1); + setBytes(bytes, format) { + this.format = format; + this.data = bytes; + this.text = null; + } - const symEncryptedPacketlist = this.packets.filterByTag( - enums.packet.symmetricallyEncryptedData, - enums.packet.symEncryptedIntegrityProtectedData, - enums.packet.aeadEncryptedData - ); - if (symEncryptedPacketlist.length === 0) { - throw new Error('No encrypted data found'); + /** + * Get the byte sequence representing the literal packet data + * @param {Boolean} [clone] - Whether to return a clone so that getBytes/getText can be called again + * @returns {Uint8Array | ReadableStream} A sequence of bytes. + */ + getBytes(clone = false) { + if (this.data === null) { + // encode UTF8 and normalize EOL to \r\n + this.data = util.canonicalizeEOL(util.encodeUTF8(this.text)); } + if (clone) { + return passiveClone(this.data); + } + return this.data; + } - const symEncryptedPacket = symEncryptedPacketlist[0]; - let exception = null; - const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { - if (!util.isUint8Array(data) || !util.isString(algorithmName)) { - throw new Error('Invalid session key for decryption.'); - } - - try { - const algo = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.decrypt(algo, data, config$1); - } catch (e) { - util.printDebugError(e); - exception = e; - } - })); - // We don't await stream.cancel here because it only returns when the other copy is canceled too. - cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. - symEncryptedPacket.encrypted = null; - await decryptedPromise; - if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { - throw exception || new Error('Decryption failed.'); - } + /** + * Sets the filename of the literal packet data + * @param {String} filename - Any native javascript string + */ + setFilename(filename) { + this.filename = filename; + } - const resultMsg = new Message(symEncryptedPacket.packets); - symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - return resultMsg; + /** + * Get the filename of the literal packet data + * @returns {String} Filename. + */ + getFilename() { + return this.filename; } /** - * Decrypt encrypted session keys either with private keys or passwords. - * @param {Array} [decryptionKeys] - Private keys with decrypted secret data - * @param {Array} [passwords] - Passwords used to decrypt - * @param {Date} [date] - Use the given date for key verification, instead of current time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * Parsing function for a literal data packet (tag 11). + * + * @param {Uint8Array | ReadableStream} input - Payload of a tag 11 packet + * @returns {Promise} Object representation. * @async */ - async decryptSessionKeys(decryptionKeys, passwords, date = new Date(), config$1 = config) { - let decryptedSessionKeyPackets = []; + async read(bytes) { + await parse(bytes, async reader => { + // - A one-octet field that describes how the data is formatted. + const format = await reader.readByte(); // enums.literal - let exception; - if (passwords) { - const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); - if (skeskPackets.length === 0) { - throw new Error('No symmetrically encrypted session key packet found.'); - } - await Promise.all(passwords.map(async function(password, i) { - let packets; - if (i) { - packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); - } else { - packets = skeskPackets; - } - await Promise.all(packets.map(async function(skeskPacket) { - try { - await skeskPacket.decrypt(password); - decryptedSessionKeyPackets.push(skeskPacket); - } catch (err) { - util.printDebugError(err); - } - })); - })); - } else if (decryptionKeys) { - const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); - if (pkeskPackets.length === 0) { - throw new Error('No public key encrypted session key packet found.'); - } - await Promise.all(pkeskPackets.map(async function(pkeskPacket) { - await Promise.all(decryptionKeys.map(async function(decryptionKey) { - let algos = [ - enums.symmetric.aes256, // Old OpenPGP.js default fallback - enums.symmetric.aes128, // RFC4880bis fallback - enums.symmetric.tripledes, // RFC4880 fallback - enums.symmetric.cast5 // Golang OpenPGP fallback - ]; - try { - const primaryUser = await decryptionKey.getPrimaryUser(date, undefined, config$1); // TODO: Pass userID from somewhere. - if (primaryUser.selfCertification.preferredSymmetricAlgorithms) { - algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms); - } - } catch (e) {} + const filename_len = await reader.readByte(); + this.filename = util.decodeUTF8(await reader.readBytes(filename_len)); - // do not check key expiration to allow decryption of old messages - const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); - await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { - if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) { - return; - } - if (!decryptionKeyPacket.isDecrypted()) { - throw new Error('Decryption key is not decrypted.'); - } + this.date = util.readDate(await reader.readBytes(4)); - // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. - const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || - pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal - ); + let data = reader.remainder(); + if (isArrayStream(data)) data = await readToEnd(data); + this.setBytes(data, format); + }); + } - if (doConstantTimeDecryption) { - // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, - // either with the successfully decrypted session key, or with a randomly generated one. - // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on - // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: - // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the - // randomly generated keys of the remaining key types. - // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly - // generated session keys. - // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. + /** + * Creates a Uint8Array representation of the packet, excluding the data + * + * @returns {Uint8Array} Uint8Array representation of the packet. + */ + writeHeader() { + const filename = util.encodeUTF8(this.filename); + const filename_length = new Uint8Array([filename.length]); - const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times - await Promise.all(Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => { - const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); - pkeskPacketCopy.read(serialisedPKESK); - const randomSessionKey = { - sessionKeyAlgorithm, - sessionKey: mod.generateSessionKey(sessionKeyAlgorithm) - }; - try { - await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); - decryptedSessionKeyPackets.push(pkeskPacketCopy); - } catch (err) { - // `decrypt` can still throw some non-security-sensitive errors - util.printDebugError(err); - exception = err; - } - })); + const format = new Uint8Array([this.format]); + const date = util.writeDate(this.date); - } else { - try { - await pkeskPacket.decrypt(decryptionKeyPacket); - if (!algos.includes(enums.write(enums.symmetric, pkeskPacket.sessionKeyAlgorithm))) { - throw new Error('A non-preferred symmetric algorithm was used.'); - } - decryptedSessionKeyPackets.push(pkeskPacket); - } catch (err) { - util.printDebugError(err); - exception = err; - } - } - })); - })); - cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. - pkeskPacket.encrypted = null; - })); - } else { - throw new Error('No key or password specified.'); - } + return util.concatUint8Array([format, filename_length, filename, date]); + } - if (decryptedSessionKeyPackets.length > 0) { - // Return only unique session keys - if (decryptedSessionKeyPackets.length > 1) { - const seen = new Set(); - decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { - const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); - if (seen.has(k)) { - return false; - } - seen.add(k); - return true; - }); - } + /** + * Creates a Uint8Array representation of the packet + * + * @returns {Uint8Array | ReadableStream} Uint8Array representation of the packet. + */ + write() { + const header = this.writeHeader(); + const data = this.getBytes(); + + return util.concat([header, data]); + } +} - return decryptedSessionKeyPackets.map(packet => ({ - data: packet.sessionKey, - algorithm: enums.read(enums.symmetric, packet.sessionKeyAlgorithm) - })); - } - throw exception || new Error('Session key decryption failed.'); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of type key id + * + * {@link https://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3}: + * A Key ID is an eight-octet scalar that identifies a key. + * Implementations SHOULD NOT assume that Key IDs are unique. The + * section "Enhanced Key Formats" below describes how Key IDs are + * formed. + */ +class KeyID { + constructor() { + this.bytes = ''; } /** - * Get literal data that is the body of the message - * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + * Parsing method for a key id + * @param {Uint8Array} bytes - Input to read the key id from */ - getLiteralData() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getBytes()) || null; + read(bytes) { + this.bytes = util.uint8ArrayToString(bytes.subarray(0, 8)); + return this.bytes.length; } /** - * Get filename from literal data packet - * @returns {(String|null)} Filename of literal data packet as string. + * Serializes the Key ID + * @returns {Uint8Array} Key ID as a Uint8Array. */ - getFilename() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - return (literal && literal.getFilename()) || null; + write() { + return util.stringToUint8Array(this.bytes); } /** - * Get literal data as text - * @returns {(String|null)} Literal body of the message interpreted as text. + * Returns the Key ID represented as a hexadecimal string + * @returns {String} Key ID as a hexadecimal string. */ - getText() { - const msg = this.unwrapCompressed(); - const literal = msg.packets.findPacket(enums.packet.literalData); - if (literal) { - return literal.getText(); - } - return null; + toHex() { + return util.uint8ArrayToHex(util.stringToUint8Array(this.bytes)); } /** - * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. - * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for - * @param {Date} [date] - Date to select algorithm preferences at - * @param {Array} [userIDs] - User IDs to select algorithm preferences for - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. - * @async + * Checks equality of Key ID's + * @param {KeyID} keyID + * @param {Boolean} matchWildcard - Indicates whether to check if either keyID is a wildcard */ - static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { - const algo = await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config$1); - const algorithmName = enums.read(enums.symmetric, algo); - const aeadAlgorithmName = config$1.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config$1) ? - enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config$1)) : - undefined; - - await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() - .catch(() => null) // ignore key strength requirements - .then(maybeKey => { - if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { - throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); - } - }) - )); + equals(keyID, matchWildcard = false) { + return (matchWildcard && (keyID.isWildcard() || this.isWildcard())) || this.bytes === keyID.bytes; + } - const sessionKeyData = mod.generateSessionKey(algo); - return { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName }; + /** + * Checks to see if the Key ID is unset + * @returns {Boolean} True if the Key ID is null. + */ + isNull() { + return this.bytes === ''; } /** - * Encrypt the message either with public keys, passwords, or both at once. - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - Password(s) for message encryption - * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] - * @param {Date} [date] - Override the creation date of the literal package - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async + * Checks to see if the Key ID is a "wildcard" Key ID (all zeros) + * @returns {Boolean} True if this is a wildcard Key ID. */ - async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - if (sessionKey) { - if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { - throw new Error('Invalid session key for encryption.'); - } - } else if (encryptionKeys && encryptionKeys.length) { - sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); - } else if (passwords && passwords.length) { - sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); - } else { - throw new Error('No keys, passwords, or session key provided.'); - } + isWildcard() { + return /^0+$/.test(this.toHex()); + } - const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; + static mapToHex(keyID) { + return keyID.toHex(); + } - const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); + static fromID(hex) { + const keyID = new KeyID(); + keyID.read(util.hexToUint8Array(hex)); + return keyID; + } - let symEncryptedPacket; - if (aeadAlgorithmName) { - symEncryptedPacket = new AEADEncryptedDataPacket(); - symEncryptedPacket.aeadAlgorithm = enums.write(enums.aead, aeadAlgorithmName); - } else { - symEncryptedPacket = new SymEncryptedIntegrityProtectedDataPacket(); - } - symEncryptedPacket.packets = this.packets; + static wildcard() { + const keyID = new KeyID(); + keyID.read(new Uint8Array(8)); + return keyID; + } +} - const algorithm = enums.write(enums.symmetric, algorithmName); - await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - msg.packets.push(symEncryptedPacket); - symEncryptedPacket.packets = new PacketList(); // remove packets after encryption - return msg; + +// Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification. +const verified = Symbol('verified'); + +// A salt notation is used to randomize signatures. +// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks +// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170). +// For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g. +// some chosen-prefix attacks. +// v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt. +const SALT_NOTATION_NAME = 'salt@notations.openpgpjs.org'; + +// GPG puts the Issuer and Signature subpackets in the unhashed area. +// Tampering with those invalidates the signature, so we still trust them and parse them. +// All other unhashed subpackets are ignored. +const allowedUnhashedSubpackets = new Set([ + enums.signatureSubpacket.issuerKeyID, + enums.signatureSubpacket.issuerFingerprint, + enums.signatureSubpacket.embeddedSignature +]); + +/** + * Implementation of the Signature Packet (Tag 2) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: + * A Signature packet describes a binding between some public key and + * some data. The most common signatures are a signature of a file or a + * block of text, and a signature that is a certification of a User ID. + */ +class SignaturePacket { + static get tag() { + return enums.packet.signature; + } + + constructor() { + this.version = null; + /** @type {enums.signature} */ + this.signatureType = null; + /** @type {enums.hash} */ + this.hashAlgorithm = null; + /** @type {enums.publicKey} */ + this.publicKeyAlgorithm = null; + + this.signatureData = null; + this.unhashedSubpackets = []; + this.unknownSubpackets = []; + this.signedHashValue = null; + this.salt = null; + + this.created = null; + this.signatureExpirationTime = null; + this.signatureNeverExpires = true; + this.exportable = null; + this.trustLevel = null; + this.trustAmount = null; + this.regularExpression = null; + this.revocable = null; + this.keyExpirationTime = null; + this.keyNeverExpires = null; + this.preferredSymmetricAlgorithms = null; + this.revocationKeyClass = null; + this.revocationKeyAlgorithm = null; + this.revocationKeyFingerprint = null; + this.issuerKeyID = new KeyID(); + this.rawNotations = []; + this.notations = {}; + this.preferredHashAlgorithms = null; + this.preferredCompressionAlgorithms = null; + this.keyServerPreferences = null; + this.preferredKeyServer = null; + this.isPrimaryUserID = null; + this.policyURI = null; + this.keyFlags = null; + this.signersUserID = null; + this.reasonForRevocationFlag = null; + this.reasonForRevocationString = null; + this.features = null; + this.signatureTargetPublicKeyAlgorithm = null; + this.signatureTargetHashAlgorithm = null; + this.signatureTargetHash = null; + this.embeddedSignature = null; + this.issuerKeyVersion = null; + this.issuerFingerprint = null; + this.preferredAEADAlgorithms = null; + this.preferredCipherSuites = null; + + this.revoked = null; + this[verified] = null; } /** - * Encrypt a session key either with public keys, passwords, or both at once. - * @param {Uint8Array} sessionKey - session key for encryption - * @param {String} algorithmName - session key algorithm - * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {Array} [encryptionKeys] - Public key(s) for message encryption - * @param {Array} [passwords] - For message encryption - * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs - * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [date] - Override the date - * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with encrypted content. - * @async + * parsing function for a signature packet (tag 2). + * @param {String} bytes - Payload of a tag 2 packet + * @returns {SignaturePacket} Object representation. */ - static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { - const packetlist = new PacketList(); - const algorithm = enums.write(enums.symmetric, algorithmName); - const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); + read(bytes, config$1 = config) { + let i = 0; + this.version = bytes[i++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); + } - if (encryptionKeys) { - const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { - const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket(); - pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID(); - pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm; - pkESKeyPacket.sessionKey = sessionKey; - pkESKeyPacket.sessionKeyAlgorithm = algorithm; - await pkESKeyPacket.encrypt(encryptionKey.keyPacket); - delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption - return pkESKeyPacket; - })); - packetlist.push(...results); + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the signature packet is unsupported.`); } - if (passwords) { - const testDecrypt = async function(keyPacket, password) { - try { - await keyPacket.decrypt(password); - return 1; - } catch (e) { - return 0; - } - }; - const sum = (accumulator, currentValue) => accumulator + currentValue; + this.signatureType = bytes[i++]; + this.publicKeyAlgorithm = bytes[i++]; + this.hashAlgorithm = bytes[i++]; - const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { - const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); - symEncryptedSessionKeyPacket.sessionKey = sessionKey; - symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; - if (aeadAlgorithm) { - symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; - } - await symEncryptedSessionKeyPacket.encrypt(password, config$1); + // hashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), true); + if (!this.created) { + throw new Error('Missing signature creation time subpacket.'); + } - if (config$1.passwordCollisionCheck) { - const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); - if (results.reduce(sum) !== 1) { - return encryptPassword(sessionKey, algorithm, password); - } - } + // A V4 signature hashes the packet body + // starting from its first field, the version number, through the end + // of the hashed subpacket data. Thus, the fields hashed are the + // signature version, the signature type, the public-key algorithm, the + // hash algorithm, the hashed subpacket length, and the hashed + // subpacket body. + this.signatureData = bytes.subarray(0, i); - delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption - return symEncryptedSessionKeyPacket; - }; + // unhashed subpackets + i += this.readSubPackets(bytes.subarray(i, bytes.length), false); - const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, algorithm, aeadAlgorithm, pwd))); - packetlist.push(...results); + // Two-octet field holding left 16 bits of signed hash value. + this.signedHashValue = bytes.subarray(i, i + 2); + i += 2; + + // Only for v6 signatures, a variable-length field containing: + if (this.version === 6) { + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[i++]; + + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(i, i + saltLength); + i += saltLength; } - return new Message(packetlist); + const signatureMaterial = bytes.subarray(i, bytes.length); + const { read, signatureParams } = mod$1.signature.parseSignatureParams(this.publicKeyAlgorithm, signatureMaterial); + if (read < signatureMaterial.length) { + throw new Error('Error reading MPIs'); + } + this.params = signatureParams; } /** - * Sign the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to add to the message - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New message with signed content. - * @async + * @returns {Uint8Array | ReadableStream} */ - async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const packetlist = new PacketList(); + writeParams() { + if (this.params instanceof Promise) { + return fromAsync( + async () => mod$1.serializeParams(this.publicKeyAlgorithm, await this.params) + ); + } + return mod$1.serializeParams(this.publicKeyAlgorithm, this.params); + } - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); + write() { + const arr = []; + arr.push(this.signatureData); + arr.push(this.writeUnhashedSubPackets()); + arr.push(this.signedHashValue); + if (this.version === 6) { + arr.push(new Uint8Array([this.salt.length])); + arr.push(this.salt); } + arr.push(this.writeParams()); + return util.concat(arr); + } - let i; - let existingSigPacketlist; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; + /** + * Signs provided data. This needs to be done prior to serialization. + * @param {SecretKeyPacket} key - Private key used to sign the message. + * @param {Object} data - Contains packets to be signed. + * @param {Date} [date] - The signature creation time. + * @param {Boolean} [detached] - Whether to create a detached signature + * @throws {Error} if signing failed + * @async + */ + async sign(key, data, date = new Date(), detached = false, config) { + this.version = key.version; - if (signature) { - existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - for (i = existingSigPacketlist.length - 1; i >= 0; i--) { - const signaturePacket = existingSigPacketlist[i]; - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signaturePacket.signatureType; - onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; - onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; - onePassSig.issuerKeyID = signaturePacket.issuerKeyID; - if (!signingKeys.length && i === 0) { - onePassSig.flags = 1; - } - packetlist.push(onePassSig); - } - } + this.created = util.normalizeDate(date); + this.issuerKeyVersion = key.version; + this.issuerFingerprint = key.getFingerprintBytes(); + this.issuerKeyID = key.getKeyID(); - await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); - } - const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; - const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config$1); - const onePassSig = new OnePassSignaturePacket(); - onePassSig.signatureType = signatureType; - onePassSig.hashAlgorithm = await getPreferredHashAlgo$2(primaryKey, signingKey.keyPacket, date, userIDs, config$1); - onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm; - onePassSig.issuerKeyID = signingKey.getKeyID(); - if (i === signingKeys.length - 1) { - onePassSig.flags = 1; + const arr = [new Uint8Array([this.version, this.signatureType, this.publicKeyAlgorithm, this.hashAlgorithm])]; + + // add randomness to the signature + if (this.version === 6) { + const saltLength = saltLengthForHash(this.hashAlgorithm); + if (this.salt === null) { + this.salt = mod$1.random.getRandomBytes(saltLength); + } else if (saltLength !== this.salt.length) { + throw new Error('Provided salt does not have the required length'); + } + } else if (config.nonDeterministicSignaturesViaNotation) { + const saltNotations = this.rawNotations.filter(({ name }) => (name === SALT_NOTATION_NAME)); + // since re-signing the same object is not supported, it's not expected to have multiple salt notations, + // but we guard against it as a sanity check + if (saltNotations.length === 0) { + const saltValue = mod$1.random.getRandomBytes(saltLengthForHash(this.hashAlgorithm)); + this.rawNotations.push({ + name: SALT_NOTATION_NAME, + value: saltValue, + humanReadable: false, + critical: false + }); + } else { + throw new Error('Unexpected existing salt notation'); } - return onePassSig; - })).then(onePassSignatureList => { - onePassSignatureList.forEach(onePassSig => packetlist.push(onePassSig)); - }); + } - packetlist.push(literalDataPacket); - packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, false, config$1))); + // Add hashed subpackets + arr.push(this.writeHashedSubPackets()); - return new Message(packetlist); - } + // Remove unhashed subpackets, in case some allowed unhashed + // subpackets existed, in order not to duplicate them (in both + // the hashed and unhashed subpackets) when re-signing. + this.unhashedSubpackets = []; - /** - * Compresses the message (the literal and -if signed- signature data packets of the message) - * @param {module:enums.compression} algo - compression algorithm - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Message} New message with compressed content. - */ - compress(algo, config$1 = config) { - if (algo === enums.compression.uncompressed) { - return this; - } + this.signatureData = util.concat(arr); - const compressed = new CompressedDataPacket(config$1); - compressed.algorithm = algo; - compressed.packets = this.packets; + const toHash = this.toHash(this.signatureType, data, detached); + const hash = await this.hash(this.signatureType, data, toHash, detached); - const packetList = new PacketList(); - packetList.push(compressed); + this.signedHashValue = slice(clone(hash), 0, 2); + const signed = async () => mod$1.signature.sign( + this.publicKeyAlgorithm, this.hashAlgorithm, key.publicParams, key.privateParams, toHash, await readToEnd(hash) + ); + if (util.isStream(hash)) { + this.params = signed(); + } else { + this.params = await signed(); - return new Message(packetList); + // Store the fact that this signature is valid, e.g. for when we call `await + // getLatestValidSignature(this.revocationSignatures, key, data)` later. + // Note that this only holds up if the key and data passed to verify are the + // same as the ones passed to sign. + this[verified] = true; + } } /** - * Create a detached signature for the message (the literal data packet of the message) - * @param {Array} signingKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creation time of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New detached signature of message content. - * @async + * Creates Uint8Array of bytes of all subpacket data except Issuer and Embedded Signature subpackets + * @returns {Uint8Array} Subpacket data. */ - async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = this.packets.findPacket(enums.packet.literalData); - if (!literalDataPacket) { - throw new Error('No literal data packet to sign.'); + writeHashedSubPackets() { + const sub = enums.signatureSubpacket; + const arr = []; + let bytes; + if (this.created === null) { + throw new Error('Missing signature creation time'); + } + arr.push(writeSubPacket(sub.signatureCreationTime, true, util.writeDate(this.created))); + if (this.signatureExpirationTime !== null) { + arr.push(writeSubPacket(sub.signatureExpirationTime, true, util.writeNumber(this.signatureExpirationTime, 4))); + } + if (this.exportable !== null) { + arr.push(writeSubPacket(sub.exportableCertification, true, new Uint8Array([this.exportable ? 1 : 0]))); + } + if (this.trustLevel !== null) { + bytes = new Uint8Array([this.trustLevel, this.trustAmount]); + arr.push(writeSubPacket(sub.trustSignature, true, bytes)); + } + if (this.regularExpression !== null) { + arr.push(writeSubPacket(sub.regularExpression, true, this.regularExpression)); + } + if (this.revocable !== null) { + arr.push(writeSubPacket(sub.revocable, true, new Uint8Array([this.revocable ? 1 : 0]))); + } + if (this.keyExpirationTime !== null) { + arr.push(writeSubPacket(sub.keyExpirationTime, true, util.writeNumber(this.keyExpirationTime, 4))); + } + if (this.preferredSymmetricAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredSymmetricAlgorithms)); + arr.push(writeSubPacket(sub.preferredSymmetricAlgorithms, false, bytes)); + } + if (this.revocationKeyClass !== null) { + bytes = new Uint8Array([this.revocationKeyClass, this.revocationKeyAlgorithm]); + bytes = util.concat([bytes, this.revocationKeyFingerprint]); + arr.push(writeSubPacket(sub.revocationKey, false, bytes)); + } + if (!this.issuerKeyID.isNull() && this.issuerKeyVersion < 5) { + // If the version of [the] key is greater than 4, this subpacket + // MUST NOT be included in the signature. + arr.push(writeSubPacket(sub.issuerKeyID, true, this.issuerKeyID.write())); + } + this.rawNotations.forEach(({ name, value, humanReadable, critical }) => { + bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])]; + const encodedName = util.encodeUTF8(name); + // 2 octets of name length + bytes.push(util.writeNumber(encodedName.length, 2)); + // 2 octets of value length + bytes.push(util.writeNumber(value.length, 2)); + bytes.push(encodedName); + bytes.push(value); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.notationData, critical, bytes)); + }); + if (this.preferredHashAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredHashAlgorithms)); + arr.push(writeSubPacket(sub.preferredHashAlgorithms, false, bytes)); + } + if (this.preferredCompressionAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredCompressionAlgorithms)); + arr.push(writeSubPacket(sub.preferredCompressionAlgorithms, false, bytes)); + } + if (this.keyServerPreferences !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyServerPreferences)); + arr.push(writeSubPacket(sub.keyServerPreferences, false, bytes)); + } + if (this.preferredKeyServer !== null) { + arr.push(writeSubPacket(sub.preferredKeyServer, false, util.encodeUTF8(this.preferredKeyServer))); + } + if (this.isPrimaryUserID !== null) { + arr.push(writeSubPacket(sub.primaryUserID, false, new Uint8Array([this.isPrimaryUserID ? 1 : 0]))); + } + if (this.policyURI !== null) { + arr.push(writeSubPacket(sub.policyURI, false, util.encodeUTF8(this.policyURI))); + } + if (this.keyFlags !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.keyFlags)); + arr.push(writeSubPacket(sub.keyFlags, true, bytes)); + } + if (this.signersUserID !== null) { + arr.push(writeSubPacket(sub.signersUserID, false, util.encodeUTF8(this.signersUserID))); + } + if (this.reasonForRevocationFlag !== null) { + bytes = util.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag) + this.reasonForRevocationString); + arr.push(writeSubPacket(sub.reasonForRevocation, true, bytes)); + } + if (this.features !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.features)); + arr.push(writeSubPacket(sub.features, false, bytes)); + } + if (this.signatureTargetPublicKeyAlgorithm !== null) { + bytes = [new Uint8Array([this.signatureTargetPublicKeyAlgorithm, this.signatureTargetHashAlgorithm])]; + bytes.push(util.stringToUint8Array(this.signatureTargetHash)); + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.signatureTarget, true, bytes)); + } + if (this.embeddedSignature !== null) { + arr.push(writeSubPacket(sub.embeddedSignature, true, this.embeddedSignature.write())); } - return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - } - - /** - * Verify message signatures - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signatures. - * @async - */ - async verify(verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); + if (this.issuerFingerprint !== null) { + bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; + bytes = util.concat(bytes); + arr.push(writeSubPacket(sub.issuerFingerprint, this.version >= 5, bytes)); } - if (isArrayStream(msg.packets.stream)) { - msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + if (this.preferredAEADAlgorithms !== null) { + bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms)); + arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes)); } - const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); - const signatureList = msg.packets.filterByTag(enums.packet.signature); - if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { - await Promise.all(onePassSigList.map(async onePassSig => { - onePassSig.correspondingSig = new Promise((resolve, reject) => { - onePassSig.correspondingSigResolve = resolve; - onePassSig.correspondingSigReject = reject; - }); - onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); - onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); - onePassSig.hashed.catch(() => {}); - })); - msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { - const reader = getReader(readable); - const writer = getWriter(writable); - try { - for (let i = 0; i < onePassSigList.length; i++) { - const { value: signature } = await reader.read(); - onePassSigList[i].correspondingSigResolve(signature); - } - await reader.readToEnd(); - await writer.ready; - await writer.close(); - } catch (e) { - onePassSigList.forEach(onePassSig => { - onePassSig.correspondingSigReject(e); - }); - await writer.abort(e); - } - }); - return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + if (this.preferredCipherSuites !== null) { + bytes = new Uint8Array([].concat(...this.preferredCipherSuites)); + arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes)); } - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); - } - /** - * Verify detached message signature - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Signature} signature - * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { - const msg = this.unwrapCompressed(); - const literalDataList = msg.packets.filterByTag(enums.packet.literalData); - if (literalDataList.length !== 1) { - throw new Error('Can only verify message with one literal data packet.'); - } - const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); - } + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); - /** - * Unwrap compressed message - * @returns {Message} Message Content of compressed message. - */ - unwrapCompressed() { - const compressed = this.packets.filterByTag(enums.packet.compressedData); - if (compressed.length) { - return new Message(compressed[0].packets); - } - return this; + return util.concat([length, result]); } /** - * Append signature to unencrypted message object - * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature - * @param {Object} [config] - Full configuration, defaults to openpgp.config + * Creates an Uint8Array containing the unhashed subpackets + * @returns {Uint8Array} Subpacket data. */ - async appendSignature(detachedSignature, config$1 = config) { - await this.packets.read( - util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, - allowedDetachedSignaturePackets, - config$1 - ); - } + writeUnhashedSubPackets() { + const arr = this.unhashedSubpackets.map(({ type, critical, body }) => { + return writeSubPacket(type, critical, body); + }); - /** - * Returns binary encoded message - * @returns {ReadableStream} Binary message. - */ - write() { - return this.packets.write(); - } + const result = util.concat(arr); + const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2); - /** - * Returns ASCII armored text of message - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {ReadableStream} ASCII armor. - */ - armor(config$1 = config) { - return armor(enums.armor.message, this.write(), null, null, null, config$1); + return util.concat([length, result]); } -} -/** - * Create signature packets for the message - * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign - * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature to append - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [date] - Override the creationtime of the signature - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Boolean} [detached] - Whether to create detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} List of signature packets. - * @async - * @private - */ -async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], detached = false, config$1 = config) { - const packetlist = new PacketList(); + // Signature subpackets + readSubPacket(bytes, hashed = true) { + let mypos = 0; - // If data packet was created from Uint8Array, use binary, otherwise use text - const signatureType = literalDataPacket.text === null ? - enums.signature.binary : enums.signature.text; + // The leftmost bit denotes a "critical" packet + const critical = !!(bytes[mypos] & 0x80); + const type = bytes[mypos] & 0x7F; - await Promise.all(signingKeys.map(async (primaryKey, i) => { - const userID = userIDs[i]; - if (!primaryKey.isPrivate()) { - throw new Error('Need private key for signing'); + mypos++; + + if (!hashed) { + this.unhashedSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + if (!allowedUnhashedSubpackets.has(type)) { + return; + } } - const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config$1); - return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, notations, detached, config$1); - })).then(signatureList => { - packetlist.push(...signatureList); - }); - if (signature) { - const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); - packetlist.push(...existingSigPacketlist); - } - return packetlist; -} + // subpacket type + switch (type) { + case enums.signatureSubpacket.signatureCreationTime: + // Signature Creation Time + this.created = util.readDate(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.signatureExpirationTime: { + // Signature Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); -/** - * Create object containing signer's keyID and validity of signature - * @param {SignaturePacket} signature - Signature packet - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} [date] - Check signature validity with respect to the given date - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise<{ - * keyID: module:type/keyid~KeyID, - * signature: Promise, - * verified: Promise - * }>} signer's keyID and validity of signature - * @async - * @private - */ -async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - let primaryKey; - let unverifiedSigningKey; + this.signatureNeverExpires = seconds === 0; + this.signatureExpirationTime = seconds; - for (const key of verificationKeys) { - const issuerKeys = key.getKeys(signature.issuerKeyID); - if (issuerKeys.length > 0) { - primaryKey = key; - unverifiedSigningKey = issuerKeys[0]; - break; - } - } + break; + } + case enums.signatureSubpacket.exportableCertification: + // Exportable Certification + this.exportable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.trustSignature: + // Trust Signature + this.trustLevel = bytes[mypos++]; + this.trustAmount = bytes[mypos++]; + break; + case enums.signatureSubpacket.regularExpression: + // Regular Expression + this.regularExpression = bytes[mypos]; + break; + case enums.signatureSubpacket.revocable: + // Revocable + this.revocable = bytes[mypos++] === 1; + break; + case enums.signatureSubpacket.keyExpirationTime: { + // Key Expiration Time in seconds + const seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); + + this.keyExpirationTime = seconds; + this.keyNeverExpires = seconds === 0; + + break; + } + case enums.signatureSubpacket.preferredSymmetricAlgorithms: + // Preferred Symmetric Algorithms + this.preferredSymmetricAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.revocationKey: + // Revocation Key + // (1 octet of class, 1 octet of public-key algorithm ID, 20 + // octets of + // fingerprint) + this.revocationKeyClass = bytes[mypos++]; + this.revocationKeyAlgorithm = bytes[mypos++]; + this.revocationKeyFingerprint = bytes.subarray(mypos, mypos + 20); + break; + + case enums.signatureSubpacket.issuerKeyID: + // Issuer + if (this.version === 4) { + this.issuerKeyID.read(bytes.subarray(mypos, bytes.length)); + } else if (hashed) { + // If the version of the key is greater than 4, this subpacket MUST NOT be included in the signature, + // since the Issuer Fingerprint subpacket is to be used instead. + // The `issuerKeyID` value will be set when reading the issuerFingerprint packet. + // For this reason, if the issuer Key ID packet is present but unhashed, we simply ignore it, + // to avoid situations where `.getSigningKeyIDs()` returns a keyID potentially different from the (signed) + // issuerFingerprint. + // If the packet is hashed, then we reject the signature, to avoid verifying data different from + // what was parsed. + throw new Error('Unexpected Issuer Key ID subpacket'); + } + break; + + case enums.signatureSubpacket.notationData: { + // Notation Data + const humanReadable = !!(bytes[mypos] & 0x80); + + // We extract key/value tuple from the byte stream. + mypos += 4; + const m = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; + const n = util.readNumber(bytes.subarray(mypos, mypos + 2)); + mypos += 2; - const isOnePassSignature = signature instanceof OnePassSignaturePacket; - const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; + const name = util.decodeUTF8(bytes.subarray(mypos, mypos + m)); + const value = bytes.subarray(mypos + m, mypos + m + n); - const verifiedSig = { - keyID: signature.issuerKeyID, - verified: (async () => { - if (!unverifiedSigningKey) { - throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + this.rawNotations.push({ name, humanReadable, value, critical }); + + if (humanReadable) { + this.notations[name] = util.decodeUTF8(value); + } + break; } + case enums.signatureSubpacket.preferredHashAlgorithms: + // Preferred Hash Algorithms + this.preferredHashAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCompressionAlgorithms: + // Preferred Compression Algorithms + this.preferredCompressionAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.keyServerPreferences: + // Key Server Preferences + this.keyServerPreferences = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredKeyServer: + // Preferred Key Server + this.preferredKeyServer = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.primaryUserID: + // Primary User ID + this.isPrimaryUserID = bytes[mypos++] !== 0; + break; + case enums.signatureSubpacket.policyURI: + // Policy URI + this.policyURI = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.keyFlags: + // Key Flags + this.keyFlags = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signersUserID: + // Signer's User ID + this.signersUserID = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.reasonForRevocation: + // Reason for Revocation + this.reasonForRevocationFlag = bytes[mypos++]; + this.reasonForRevocationString = util.decodeUTF8(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.features: + // Features + this.features = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.signatureTarget: { + // Signature Target + // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) + this.signatureTargetPublicKeyAlgorithm = bytes[mypos++]; + this.signatureTargetHashAlgorithm = bytes[mypos++]; - await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); - const signaturePacket = await signaturePacketPromise; - if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { - throw new Error('Key is newer than the signature'); + const len = mod$1.getHashByteLength(this.signatureTargetHashAlgorithm); + + this.signatureTargetHash = util.uint8ArrayToString(bytes.subarray(mypos, mypos + len)); + break; } - // We pass the signature creation time to check whether the key was expired at the time of signing. - // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before - try { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); - } catch (e) { - // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, - // making the key invalid at the time of signing. - // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. - // Note: we do not support the edge case of a key that was reformatted and it has expired. - if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { - await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + case enums.signatureSubpacket.embeddedSignature: + // Embedded Signature + this.embeddedSignature = new SignaturePacket(); + this.embeddedSignature.read(bytes.subarray(mypos, bytes.length)); + break; + case enums.signatureSubpacket.issuerFingerprint: + // Issuer Fingerprint + this.issuerKeyVersion = bytes[mypos++]; + this.issuerFingerprint = bytes.subarray(mypos, bytes.length); + if (this.issuerKeyVersion >= 5) { + this.issuerKeyID.read(this.issuerFingerprint); } else { - throw e; + this.issuerKeyID.read(this.issuerFingerprint.subarray(-8)); } - } - return true; - })(), - signature: (async () => { - const signaturePacket = await signaturePacketPromise; - const packetlist = new PacketList(); - signaturePacket && packetlist.push(signaturePacket); - return new Signature(packetlist); - })() - }; + break; + case enums.signatureSubpacket.preferredAEADAlgorithms: + // Preferred AEAD Algorithms + this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)]; + break; + case enums.signatureSubpacket.preferredCipherSuites: + // Preferred AEAD Cipher Suites + this.preferredCipherSuites = []; + for (let i = mypos; i < bytes.length; i += 2) { + this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); + } + break; + default: + this.unknownSubpackets.push({ + type, + critical, + body: bytes.subarray(mypos, bytes.length) + }); + break; + } + } - // Mark potential promise rejections as "handled". This is needed because in - // some cases, we reject them before the user has a reasonable chance to - // handle them (e.g. `await readToEnd(result.data); await result.verified` and - // the data stream errors). - verifiedSig.signature.catch(() => {}); - verifiedSig.verified.catch(() => {}); + readSubPackets(bytes, trusted = true, config) { + const subpacketLengthBytes = this.version === 6 ? 4 : 2; - return verifiedSig; -} + // Two-octet scalar octet count for following subpacket data. + const subpacketLength = util.readNumber(bytes.subarray(0, subpacketLengthBytes)); -/** - * Create list of objects containing signer's keyID and validity of signature - * @param {Array} signatureList - Array of signature packets - * @param {Array} literalDataList - Array of literal data packets - * @param {Array} verificationKeys - Array of public keys to verify signatures - * @param {Date} date - Verify the signature against the given date, - * i.e. check signature creation time < date < expiration time - * @param {Boolean} [detached] - Whether to verify detached signature packets - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) - * @async - * @private - */ -async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { - return Promise.all(signatureList.filter(function(signature) { - return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); - }).map(async function(signature) { - return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); - })); -} + let i = subpacketLengthBytes; -/** - * Reads an (optionally armored) OpenPGP message and returns a Message object - * @param {Object} options - * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed - * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New message object. - * @async - * @static - */ -async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - let input = armoredMessage || binaryMessage; - if (!input) { - throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); - } - if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { - throw new Error('readMessage: options.armoredMessage must be a string or stream'); - } - if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { - throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // subpacket data set (zero or more subpackets) + while (i < 2 + subpacketLength) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - if (armoredMessage) { - const { type, data } = await unarmor(input, config$1); - if (type !== enums.armor.message) { - throw new Error('Armored text not of type message'); + this.readSubPacket(bytes.subarray(i, i + len.len), trusted, config); + + i += len.len; } - input = data; - } - const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); - const message = new Message(packetlist); - message.fromStream = streamType; - return message; -} -/** - * Creates new message object from text or binary data. - * @param {Object} options - * @param {String | ReadableStream} [options.text] - The text message contents - * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents - * @param {String} [options.filename=""] - Name of the file (if any) - * @param {Date} [options.date=current date] - Date of the message, or modification date of the file - * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type - * @returns {Promise} New message object. - * @async - * @static - */ -async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { - let input = text !== undefined ? text : binary; - if (input === undefined) { - throw new Error('createMessage: must pass options object containing `text` or `binary`'); - } - if (text && !util.isString(text) && !util.isStream(text)) { - throw new Error('createMessage: options.text must be a string or stream'); - } - if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { - throw new Error('createMessage: options.binary must be a Uint8Array or stream'); + return i; } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - const streamType = util.isStream(input); - if (streamType) { - await loadStreamsPonyfill(); - input = toStream(input); - } - const literalDataPacket = new LiteralDataPacket(date); - if (text !== undefined) { - literalDataPacket.setText(input, enums.write(enums.literal, format)); - } else { - literalDataPacket.setBytes(input, enums.write(enums.literal, format)); - } - if (filename !== undefined) { - literalDataPacket.setFilename(filename); - } - const literalDataPacketlist = new PacketList(); - literalDataPacketlist.push(literalDataPacket); - const message = new Message(literalDataPacketlist); - message.fromStream = streamType; - return message; -} + // Produces data to produce signature on + toSign(type, data) { + const t = enums.signature; + + switch (type) { + case t.binary: + if (data.text !== null) { + return util.encodeUTF8(data.getText(true)); + } + return data.getBytes(true); + + case t.text: { + const bytes = data.getBytes(true); + // normalize EOL to \r\n + return util.canonicalizeEOL(bytes); + } + case t.standalone: + return new Uint8Array(0); + + case t.certGeneric: + case t.certPersona: + case t.certCasual: + case t.certPositive: + case t.certRevocation: { + let packet; + let tag; + + if (data.userID) { + tag = 0xB4; + packet = data.userID; + } else if (data.userAttribute) { + tag = 0xD1; + packet = data.userAttribute; + } else { + throw new Error('Either a userID or userAttribute packet needs to be ' + + 'supplied for certification.'); + } + + const bytes = packet.write(); -// GPG4Browsers - An OpenPGP implementation in javascript + return util.concat([this.toSign(t.key, data), + new Uint8Array([tag]), + util.writeNumber(bytes.length, 4), + bytes]); + } + case t.subkeyBinding: + case t.subkeyRevocation: + case t.keyBinding: + return util.concat([this.toSign(t.key, data), this.toSign(t.key, { + key: data.bind + })]); -// A Cleartext message can contain the following packets -const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + case t.key: + if (data.key === undefined) { + throw new Error('Key packet is required for this signature.'); + } + return data.key.writeForHash(this.version); -/** - * Class that represents an OpenPGP cleartext signed message. - * See {@link https://tools.ietf.org/html/rfc4880#section-7} - */ -class CleartextMessage { - /** - * @param {String} text - The cleartext of the signed message - * @param {Signature} signature - The detached signature or an empty signature for unsigned messages - */ - constructor(text, signature) { - // remove trailing whitespace and normalize EOL to canonical form - this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); - if (signature && !(signature instanceof Signature)) { - throw new Error('Invalid signature input'); + case t.keyRevocation: + return this.toSign(t.key, data); + case t.timestamp: + return new Uint8Array(0); + case t.thirdParty: + throw new Error('Not implemented'); + default: + throw new Error('Unknown signature type.'); } - this.signature = signature || new Signature(new PacketList()); } - /** - * Returns the key IDs of the keys that signed the cleartext message - * @returns {Array} Array of keyID objects. - */ - getSigningKeyIDs() { - const keyIDs = []; - const signatureList = this.signature.packets; - signatureList.forEach(function(packet) { - keyIDs.push(packet.issuerKeyID); + calculateTrailer(data, detached) { + let length = 0; + return transform(clone(this.signatureData), value => { + length += value.length; + }, () => { + const arr = []; + if (this.version === 5 && (this.signatureType === enums.signature.binary || this.signatureType === enums.signature.text)) { + if (detached) { + arr.push(new Uint8Array(6)); + } else { + arr.push(data.writeHeader()); + } + } + arr.push(new Uint8Array([this.version, 0xFF])); + if (this.version === 5) { + arr.push(new Uint8Array(4)); + } + arr.push(util.writeNumber(length, 4)); + // For v5, this should really be writeNumber(length, 8) rather than the + // hardcoded 4 zero bytes above + return util.concat(arr); }); - return keyIDs; } - /** - * Sign the cleartext message - * @param {Array} privateKeys - private keys with decrypted secret key data for signing - * @param {Signature} [signature] - Any existing detached signature - * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] - * @param {Date} [date] - The creation time of the signature that should be created - * @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] - * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise} New cleartext message with signed content. - * @async - */ - async sign(privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { - const literalDataPacket = new LiteralDataPacket(); - literalDataPacket.setText(this.text); - const newSignature = new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, notations, true, config$1)); - return new CleartextMessage(this.text, newSignature); - } + toHash(signatureType, data, detached = false) { + const bytes = this.toSign(signatureType, data); - /** - * Verify signatures of cleartext signed message - * @param {Array} keys - Array of keys to verify signatures - * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {Promise, - * verified: Promise - * }>>} List of signer's keyID and validity of signature. - * @async - */ - verify(keys, date = new Date(), config$1 = config) { - const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets - const literalDataPacket = new LiteralDataPacket(); - // we assume that cleartext signature is generated based on UTF8 cleartext - literalDataPacket.setText(this.text); - return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + return util.concat([this.salt || new Uint8Array(), bytes, this.signatureData, this.calculateTrailer(data, detached)]); } - /** - * Get cleartext - * @returns {String} Cleartext of message. - */ - getText() { - // normalize end of line to \n - return this.text.replace(/\r\n/g, '\n'); + async hash(signatureType, data, toHash, detached = false) { + if (this.version === 6 && this.salt.length !== saltLengthForHash(this.hashAlgorithm)) { + // avoid hashing unexpected salt size + throw new Error('Signature salt does not have the expected length'); + } + + if (!toHash) toHash = this.toHash(signatureType, data, detached); + return mod$1.hash.digest(this.hashAlgorithm, toHash); } /** - * Returns ASCII armored text of cleartext signed message + * verifies the signature packet. Note: not all signature types are implemented + * @param {PublicSubkeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|SecretKeyPacket} key - the public key to verify the signature + * @param {module:enums.signature} signatureType - Expected signature type + * @param {Uint8Array|Object} data - Data which on the signature applies + * @param {Date} [date] - Use the given date instead of the current time to check for signature validity and expiration + * @param {Boolean} [detached] - Whether to verify a detached signature * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @returns {String | ReadableStream} ASCII armor. + * @throws {Error} if signature validation failed + * @async */ - armor(config$1 = config) { - let hashes = this.signature.packets.map(function(packet) { - return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase(); - }); - hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; }); - const body = { - hash: hashes.join(), - text: this.text, - data: this.signature.packets.write() - }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config$1); - } -} + async verify(key, signatureType, data, date = new Date(), detached = false, config$1 = config) { + if (!this.issuerKeyID.equals(key.getKeyID())) { + throw new Error('Signature was not issued by the given public key'); + } + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.'); + } -/** - * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object - * @param {Object} options - * @param {String} options.cleartextMessage - Text to be parsed - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} New cleartext message object. - * @async - * @static - */ -async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; - if (!cleartextMessage) { - throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); - } - if (!util.isString(cleartextMessage)) { - throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const isMessageSignature = signatureType === enums.signature.binary || signatureType === enums.signature.text; + // Cryptographic validity is cached after one successful verification. + // However, for message signatures, we always re-verify, since the passed `data` can change + const skipVerify = this[verified] && !isMessageSignature; + if (!skipVerify) { + let toHash; + let hash; + if (this.hashed) { + hash = await this.hashed; + } else { + toHash = this.toHash(signatureType, data, detached); + hash = await this.hash(signatureType, data, toHash); + } + hash = await readToEnd(hash); + if (this.signedHashValue[0] !== hash[0] || + this.signedHashValue[1] !== hash[1]) { + throw new Error('Signed digest did not match'); + } - const input = await unarmor(cleartextMessage); - if (input.type !== enums.armor.signed) { - throw new Error('No cleartext signed message.'); - } - const packetlist = await PacketList.fromBinary(input.data, allowedPackets$5, config$1); - verifyHeaders$1(input.headers, packetlist); - const signature = new Signature(packetlist); - return new CleartextMessage(input.text, signature); -} + this.params = await this.params; -/** - * Compare hash algorithm specified in the armor header with signatures - * @param {Array} headers - Armor headers - * @param {PacketList} packetlist - The packetlist with signature packets - * @private - */ -function verifyHeaders$1(headers, packetlist) { - const checkHashAlgos = function(hashAlgos) { - const check = packet => algo => packet.hashAlgorithm === algo; + this[verified] = await mod$1.signature.verify( + this.publicKeyAlgorithm, this.hashAlgorithm, this.params, key.publicParams, + toHash, hash + ); - for (let i = 0; i < packetlist.length; i++) { - if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { - return false; + if (!this[verified]) { + throw new Error('Signature verification failed'); } } - return true; - }; - let oneHeader = null; - let hashAlgos = []; - headers.forEach(function(header) { - oneHeader = header.match(/^Hash: (.+)$/); // get header value - if (oneHeader) { - oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace - oneHeader = oneHeader.split(','); - oneHeader = oneHeader.map(function(hash) { - hash = hash.toLowerCase(); - try { - return enums.write(enums.hash, hash); - } catch (e) { - throw new Error('Unknown hash algorithm in armor header: ' + hash); - } - }); - hashAlgos = hashAlgos.concat(oneHeader); - } else { - throw new Error('Only "Hash" header allowed in cleartext signed message'); + const normDate = util.normalizeDate(date); + if (normDate && this.created > normDate) { + throw new Error('Signature creation time is in the future'); + } + if (normDate && normDate >= this.getExpirationTime()) { + throw new Error('Signature is expired'); + } + if (config$1.rejectHashAlgorithms.has(this.hashAlgorithm)) { + throw new Error('Insecure hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + if (config$1.rejectMessageHashAlgorithms.has(this.hashAlgorithm) && + [enums.signature.binary, enums.signature.text].includes(this.signatureType)) { + throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); + } + this.unknownSubpackets.forEach(({ type, critical }) => { + if (critical) { + throw new Error(`Unknown critical signature subpacket type ${type}`); + } + }); + this.rawNotations.forEach(({ name, critical }) => { + if (critical && (config$1.knownNotations.indexOf(name) < 0)) { + throw new Error(`Unknown critical notation: ${name}`); + } + }); + if (this.revocationKeyClass !== null) { + throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'); + } + } + + /** + * Verifies signature expiration date + * @param {Date} [date] - Use the given date for verification instead of the current time + * @returns {Boolean} True if expired. + */ + isExpired(date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + return !(this.created <= normDate && normDate < this.getExpirationTime()); } - }); + return false; + } - if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { - throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); - } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { - throw new Error('Hash algorithm mismatch in armor header and signature'); + /** + * Returns the expiration time of the signature or Infinity if signature does not expire + * @returns {Date | Infinity} Expiration time. + */ + getExpirationTime() { + return this.signatureNeverExpires ? Infinity : new Date(this.created.getTime() + this.signatureExpirationTime * 1000); } } /** - * Creates a new CleartextMessage object from text - * @param {Object} options - * @param {String} options.text - * @static - * @async + * Creates a Uint8Array representation of a sub signature packet + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} + * @param {Integer} type - Subpacket signature type. + * @param {Boolean} critical - Whether the subpacket should be critical. + * @param {String} data - Data to be included + * @returns {Uint8Array} The signature subpacket. + * @private */ -async function createCleartextMessage({ text, ...rest }) { - if (!text) { - throw new Error('createCleartextMessage: must pass options object containing `text`'); - } - if (!util.isString(text)) { - throw new Error('createCleartextMessage: options.text must be a string'); - } - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - return new CleartextMessage(text); +function writeSubPacket(type, critical, data) { + const arr = []; + arr.push(writeSimpleLength(data.length + 1)); + arr.push(new Uint8Array([(critical ? 0x80 : 0) | type])); + arr.push(data); + return util.concat(arr); } -// OpenPGP.js - An OpenPGP implementation in javascript - - -////////////////////// -// // -// Key handling // -// // -////////////////////// - - /** - * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. - * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. - * @param {Object} options - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys - * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: - * curve25519 (default), p256, p384, p521, secp256k1, - * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 - * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` - * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static + * Select the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. + * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#section-9.5|Crypto Refresh Section 9.5} + * @param {enums.hash} hashAlgorithm - Hash algorithm. + * @returns {Integer} Salt length. + * @private */ -async function generateKey({ userIDs = [], passphrase, type = 'ecc', rsaBits = 4096, curve = 'curve25519', keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key generation'); +function saltLengthForHash(hashAlgorithm) { + switch (hashAlgorithm) { + case enums.hash.sha256: return 16; + case enums.hash.sha384: return 24; + case enums.hash.sha512: return 32; + case enums.hash.sha224: return 16; + case enums.hash.sha3_256: return 16; + case enums.hash.sha3_512: return 32; + default: throw new Error('Unsupported hash function'); } - if (type === 'rsa' && rsaBits < config$1.minRSABits) { - throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); - } - - const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; +} - try { - const { key, revocationCertificate } = await generate$4(options, config$1); - key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return { - privateKey: formatObject(key, format, config$1), - publicKey: formatObject(key.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error generating keypair', err); - } -} /** - * Reformats signature packets for a key and rewraps key object. - * @param {Object} options - * @param {PrivateKey} options.privateKey - Private key to reformat - * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` - * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. - * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires - * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended - * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The generated key object in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } - * @async - * @static + * Implementation of the One-Pass Signature Packets (Tag 4) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: + * The One-Pass Signature packet precedes the signed data and contains + * enough information to allow the receiver to begin calculating any + * hashes needed to verify the signature. It allows the Signature + * packet to be placed at the end of the message, so that the signer + * can compute the entire signed message in one pass. */ -async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - userIDs = toArray$1(userIDs); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +class OnePassSignaturePacket { + static get tag() { + return enums.packet.onePassSignature; + } + + static fromSignaturePacket(signaturePacket, isLast) { + const onePassSig = new OnePassSignaturePacket(); + onePassSig.version = signaturePacket.version === 6 ? 6 : 3; + onePassSig.signatureType = signaturePacket.signatureType; + onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm; + onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm; + onePassSig.issuerKeyID = signaturePacket.issuerKeyID; + onePassSig.salt = signaturePacket.salt; // v6 only + onePassSig.issuerFingerprint = signaturePacket.issuerFingerprint; // v6 only - if (userIDs.length === 0) { - throw new Error('UserIDs are required for key reformat'); + onePassSig.flags = isLast ? 1 : 0; + return onePassSig; } - const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - try { - const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); + constructor() { + /** A one-octet version number. The current versions are 3 and 6. */ + this.version = null; + /** + * A one-octet signature type. + * Signature types are described in + * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. + * @type {enums.signature} - return { - privateKey: formatObject(reformattedKey, format, config$1), - publicKey: formatObject(reformattedKey.toPublic(), format, config$1), - revocationCertificate - }; - } catch (err) { - throw util.wrapError('Error reformatting keypair', err); + */ + this.signatureType = null; + /** + * A one-octet number describing the hash algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4} + * @type {enums.hash} + */ + this.hashAlgorithm = null; + /** + * A one-octet number describing the public-key algorithm used. + * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} + * @type {enums.publicKey} + */ + this.publicKeyAlgorithm = null; + /** Only for v6, a variable-length field containing the salt. */ + this.salt = null; + /** Only for v3 packets, an eight-octet number holding the Key ID of the signing key. */ + this.issuerKeyID = null; + /** Only for v6 packets, 32 octets of the fingerprint of the signing key. */ + this.issuerFingerprint = null; + /** + * A one-octet number holding a flag showing whether the signature is nested. + * A zero value indicates that the next packet is another One-Pass Signature packet + * that describes another signature to be applied to the same message data. + */ + this.flags = null; } -} -/** - * Revokes a key. Requires either a private key or a revocation certificate. - * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. - * @param {Object} options - * @param {Key} options.key - Public or private key to revoke - * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with - * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation - * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation - * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation - * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature - * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The revoked key in the form: - * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or - * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise - * @async - * @static - */ -async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + /** + * parsing function for a one-pass signature packet (tag 4). + * @param {Uint8Array} bytes - Payload of a tag 4 packet + * @returns {OnePassSignaturePacket} Object representation. + */ + read(bytes) { + let mypos = 0; + // A one-octet version number. The current versions are 3 or 6. + this.version = bytes[mypos++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the one-pass signature packet is unsupported.`); + } - try { - const revokedKey = revocationCertificate ? - await key.applyRevocationCertificate(revocationCertificate, date, config$1) : - await key.revoke(reasonForRevocation, date, config$1); + // A one-octet signature type. Signature types are described in + // Section 5.2.1. + this.signatureType = bytes[mypos++]; - return revokedKey.isPrivate() ? { - privateKey: formatObject(revokedKey, format, config$1), - publicKey: formatObject(revokedKey.toPublic(), format, config$1) - } : { - privateKey: null, - publicKey: formatObject(revokedKey, format, config$1) - }; - } catch (err) { - throw util.wrapError('Error revoking key', err); - } -} + // A one-octet number describing the hash algorithm used. + this.hashAlgorithm = bytes[mypos++]; -/** - * Unlock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to decrypt - * @param {String|Array} options.passphrase - The user's passphrase(s) - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The unlocked key object. - * @async - */ -async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // A one-octet number describing the public-key algorithm used. + this.publicKeyAlgorithm = bytes[mypos++]; - if (!privateKey.isPrivate()) { - throw new Error('Cannot decrypt a public key'); - } - const clonedPrivateKey = privateKey.clone(true); - const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; + if (this.version === 6) { + // Only for v6 signatures, a variable-length field containing: - try { - await Promise.all(clonedPrivateKey.getKeys().map(key => ( - // try to decrypt each key with any of the given passphrases - util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) - ))); + // A one-octet salt size. The value MUST match the value defined + // for the hash algorithm as specified in Table 23 (Hash algorithm registry). + // To allow parsing unknown hash algos, we only check the expected salt length when verifying. + const saltLength = bytes[mypos++]; - await clonedPrivateKey.validate(config$1); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error decrypting private key', err); - } -} + // The salt; a random value value of the specified size. + this.salt = bytes.subarray(mypos, mypos + saltLength); + mypos += saltLength; -/** - * Lock a private key with the given passphrase. - * This method does not change the original key. - * @param {Object} options - * @param {PrivateKey} options.privateKey - The private key to encrypt - * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} The locked key object. - * @async - */ -async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + // Only for v6 packets, 32 octets of the fingerprint of the signing key. + this.issuerFingerprint = bytes.subarray(mypos, mypos + 32); + mypos += 32; + this.issuerKeyID = new KeyID(); + // For v6 the Key ID is the high-order 64 bits of the fingerprint. + this.issuerKeyID.read(this.issuerFingerprint); + } else { + // Only for v3 packets, an eight-octet number holding the Key ID of the signing key. + this.issuerKeyID = new KeyID(); + this.issuerKeyID.read(bytes.subarray(mypos, mypos + 8)); + mypos += 8; + } - if (!privateKey.isPrivate()) { - throw new Error('Cannot encrypt a public key'); + // A one-octet number holding a flag showing whether the signature + // is nested. A zero value indicates that the next packet is + // another One-Pass Signature packet that describes another + // signature to be applied to the same message data. + this.flags = bytes[mypos++]; + return this; } - const clonedPrivateKey = privateKey.clone(true); - const keys = clonedPrivateKey.getKeys(); - const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); - if (passphrases.length !== keys.length) { - throw new Error('Invalid number of passphrases given for key encryption'); + /** + * creates a string representation of a one-pass signature packet + * @returns {Uint8Array} A Uint8Array representation of a one-pass signature packet. + */ + write() { + const arr = [new Uint8Array([ + this.version, + this.signatureType, + this.hashAlgorithm, + this.publicKeyAlgorithm + ])]; + if (this.version === 6) { + arr.push( + new Uint8Array([this.salt.length]), + this.salt, + this.issuerFingerprint + ); + } else { + arr.push(this.issuerKeyID.write()); + } + arr.push(new Uint8Array([this.flags])); + return util.concatUint8Array(arr); } - try { - await Promise.all(keys.map(async (key, i) => { - const { keyPacket } = key; - await keyPacket.encrypt(passphrases[i], config$1); - keyPacket.clearPrivateParams(); - })); - return clonedPrivateKey; - } catch (err) { - clonedPrivateKey.clearPrivateParams(); - throw util.wrapError('Error encrypting private key', err); + calculateTrailer(...args) { + return fromAsync(async () => SignaturePacket.prototype.calculateTrailer.apply(await this.correspondingSig, args)); } -} + async verify() { + const correspondingSig = await this.correspondingSig; + if (!correspondingSig || correspondingSig.constructor.tag !== enums.packet.signature) { + throw new Error('Corresponding signature packet missing'); + } + if ( + correspondingSig.signatureType !== this.signatureType || + correspondingSig.hashAlgorithm !== this.hashAlgorithm || + correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm || + !correspondingSig.issuerKeyID.equals(this.issuerKeyID) || + (this.version === 3 && correspondingSig.version === 6) || + (this.version === 6 && correspondingSig.version !== 6) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.issuerFingerprint, this.issuerFingerprint)) || + (this.version === 6 && !util.equalsUint8Array(correspondingSig.salt, this.salt)) + ) { + throw new Error('Corresponding signature packet does not match one-pass signature packet'); + } + correspondingSig.hashed = this.hashed; + return correspondingSig.verify.apply(correspondingSig, arguments); + } +} -/////////////////////////////////////////// -// // -// Message encryption and decryption // -// // -/////////////////////////////////////////// - +OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash; +OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash; +OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign; /** - * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` - * must be specified. If signing keys are specified, those will be used to sign the message. - * @param {Object} options - * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message - * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed - * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message - * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Signature} [options.signature] - A detached signature to add to the encrypted message - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` - * @param {Date} [options.date=current date] - Override the creation date of the message signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static + * Instantiate a new packet given its tag + * @function newPacketFromTag + * @param {module:enums.packet} tag - Property value from {@link module:enums.packet} + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @returns {Object} New packet object with type based on tag + * @throws {Error|UnsupportedError} for disallowed or unknown packets */ -async function encrypt$5({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); signingKeys = toArray$1(signingKeys); passwords = toArray$1(passwords); - signingKeyIDs = toArray$1(signingKeyIDs); encryptionKeyIDs = toArray$1(encryptionKeyIDs); signingUserIDs = toArray$1(signingUserIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); signatureNotations = toArray$1(signatureNotations); - if (rest.detached) { - throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); - } - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - - if (!signingKeys) { - signingKeys = []; - } - const streaming = message.fromStream; - try { - if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified - message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); +function newPacketFromTag(tag, allowedPackets) { + if (!allowedPackets[tag]) { + // distinguish between disallowed packets and unknown ones + let packetType; + try { + packetType = enums.read(enums.packet, tag); + } catch (e) { + throw new UnknownPacketError(`Unknown packet type with tag: ${tag}`); } - message = message.compress( - await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config$1), - config$1 - ); - message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - if (format === 'object') return message; - // serialize data - const armor = format === 'armored'; - const data = armor ? message.armor(config$1) : message.write(); - return convertStream(data, streaming, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error encrypting message', err); + throw new Error(`Packet not allowed in this context: ${packetType}`); } + return new allowedPackets[tag](); } /** - * Decrypts a message with the user's private key, a session key or a password. - * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). - * @param {Object} options - * @param {Message} options.message - The message object with the encrypted data - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key - * @param {String|String[]} [options.passwords] - Passwords to decrypt the message - * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } - * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing decrypted and verified message in the form: - * - * { - * data: MaybeStream, (if format was 'utf8', the default) - * data: MaybeStream, (if format was 'binary') - * filename: String, - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } - * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static + * This class represents a list of openpgp packets. + * Take care when iterating over it - the packets themselves + * are stored as numerical indices. + * @extends Array */ -async function decrypt$5({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); verificationKeys = toArray$1(verificationKeys); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); sessionKeys = toArray$1(sessionKeys); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +class PacketList extends Array { + /** + * Parses the given binary data and returns a list of packets. + * Equivalent to calling `read` on an empty PacketList instance. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @returns {PacketList} parsed list of packets + * @throws on parsing errors + * @async + */ + static async fromBinary(bytes, allowedPackets, config$1 = config) { + const packets = new PacketList(); + await packets.read(bytes, allowedPackets, config$1); + return packets; + } - try { - const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); - if (!verificationKeys) { - verificationKeys = []; + /** + * Reads a stream of binary data and interprets it as a list of packets. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @throws on parsing errors + * @async + */ + async read(bytes, allowedPackets, config$1 = config) { + if (config$1.additionalAllowedPackets.length) { + allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) }; } + this.stream = transformPair(bytes, async (readable, writable) => { + const writer = getWriter(writable); + try { + while (true) { + await writer.ready; + const done = await readPackets(readable, async parsed => { + try { + if (parsed.tag === enums.packet.marker || parsed.tag === enums.packet.trust || parsed.tag === enums.packet.padding) { + // According to the spec, these packet types should be ignored and not cause parsing errors, even if not esplicitly allowed: + // - Marker packets MUST be ignored when received: https://github.com/openpgpjs/openpgpjs/issues/1145 + // - Trust packets SHOULD be ignored outside of keyrings (unsupported): https://datatracker.ietf.org/doc/html/rfc4880#section-5.10 + // - [Padding Packets] MUST be ignored when received: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 + return; + } + const packet = newPacketFromTag(parsed.tag, allowedPackets); + packet.packets = new PacketList(); + packet.fromStream = util.isStream(parsed.packet); + await packet.read(parsed.packet, config$1); + await writer.write(packet); + } catch (e) { + // If an implementation encounters a critical packet where the packet type is unknown in a packet sequence, + // it MUST reject the whole packet sequence. On the other hand, an unknown non-critical packet MUST be ignored. + // Packet Tags from 0 to 39 are critical. Packet Tags from 40 to 63 are non-critical. + if (e instanceof UnknownPacketError) { + if (parsed.tag <= 39) { + await writer.abort(e); + } else { + return; + } + } - const result = {}; - result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); - result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); - result.filename = decrypted.getFilename(); - linkStreams(result, message); - if (expectSigned) { - if (verificationKeys.length === 0) { - throw new Error('Verification keys are required to verify message signatures'); + const throwUnsupportedError = !config$1.ignoreUnsupportedPackets && e instanceof UnsupportedError; + const throwMalformedError = !config$1.ignoreMalformedPackets && !(e instanceof UnsupportedError); + if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) { + // The packets that support streaming are the ones that contain message data. + // Those are also the ones we want to be more strict about and throw on parse errors + // (since we likely cannot process the message without these packets anyway). + await writer.abort(e); + } else { + const unparsedPacket = new UnparseablePacket(parsed.tag, parsed.packet); + await writer.write(unparsedPacket); + } + util.printDebugError(e); + } + }); + if (done) { + await writer.ready; + await writer.close(); + return; + } + } + } catch (e) { + await writer.abort(e); } - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); + }); + + // Wait until first few packets have been read + const reader = getReader(this.stream); + while (true) { + const { done, value } = await reader.read(); + if (!done) { + this.push(value); + } else { + this.stream = null; + } + if (done || supportsStreaming(value.constructor.tag)) { + break; } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error decrypting message', err); + reader.releaseLock(); } -} + /** + * Creates a binary representation of openpgp objects contained within the + * class instance. + * @returns {Uint8Array} A Uint8Array containing valid openpgp packets. + */ + write() { + const arr = []; -////////////////////////////////////////// -// // -// Message signing and verification // -// // -////////////////////////////////////////// + for (let i = 0; i < this.length; i++) { + const tag = this[i] instanceof UnparseablePacket ? this[i].tag : this[i].constructor.tag; + const packetbytes = this[i].write(); + if (util.isStream(packetbytes) && supportsStreaming(this[i].constructor.tag)) { + let buffer = []; + let bufferLength = 0; + const minLength = 512; + arr.push(writeTag(tag)); + arr.push(transform(packetbytes, value => { + buffer.push(value); + bufferLength += value.length; + if (bufferLength >= minLength) { + const powerOf2 = Math.min(Math.log(bufferLength) / Math.LN2 | 0, 30); + const chunkSize = 2 ** powerOf2; + const bufferConcat = util.concat([writePartialLength(powerOf2)].concat(buffer)); + buffer = [bufferConcat.subarray(1 + chunkSize)]; + bufferLength = buffer[0].length; + return bufferConcat.subarray(0, 1 + chunkSize); + } + }, () => util.concat([writeSimpleLength(bufferLength)].concat(buffer)))); + } else { + if (util.isStream(packetbytes)) { + let length = 0; + arr.push(transform(clone(packetbytes), value => { + length += value.length; + }, () => writeHeader(tag, length))); + } else { + arr.push(writeHeader(tag, packetbytes.length)); + } + arr.push(packetbytes); + } + } + return util.concat(arr); + } -/** - * Signs a message. - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed - * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext - * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message - * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature - * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] - * @param {Date} [options.date=current date] - Override the creation date of the signature - * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` - * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static - */ -async function sign$6({ message, signingKeys, format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); checkOutputMessageFormat(format); - signingKeys = toArray$1(signingKeys); signingKeyIDs = toArray$1(signingKeyIDs); signingUserIDs = toArray$1(signingUserIDs); signatureNotations = toArray$1(signatureNotations); + /** + * Creates a new PacketList with all packets matching the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {PacketList} + */ + filterByTag(...tags) { + const filtered = new PacketList(); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); - if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + const handle = tag => packetType => tag === packetType; - if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); - if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(this[i].constructor.tag))) { + filtered.push(this[i]); + } + } - if (!signingKeys || signingKeys.length === 0) { - throw new Error('No signing keys provided'); + return filtered; } - try { - let signature; - if (detached) { - signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } else { - signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, signatureNotations, config$1); - } - if (format === 'object') return signature; + /** + * Traverses packet list and returns first packet with matching tag + * @param {module:enums.packet} tag - The packet tag + * @returns {Packet|undefined} + */ + findPacket(tag) { + return this.find(packet => packet.constructor.tag === tag); + } - const armor = format === 'armored'; - signature = armor ? signature.armor(config$1) : signature.write(); - if (detached) { - signature = transformPair(message.packets.write(), async (readable, writable) => { - await Promise.all([ - pipe(signature, writable), - readToEnd(readable).catch(() => {}) - ]); - }); + /** + * Find indices of packets with the given tag(s) + * @param {...module:enums.packet} tags - packet tags to look for + * @returns {Integer[]} packet indices + */ + indexOfTag(...tags) { + const tagIndex = []; + const that = this; + + const handle = tag => packetType => tag === packetType; + + for (let i = 0; i < this.length; i++) { + if (tags.some(handle(that[i].constructor.tag))) { + tagIndex.push(i); + } } - return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); - } catch (err) { - throw util.wrapError('Error signing message', err); + return tagIndex; } } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A Compressed Data packet can contain the following packet types +const allowedPackets$5 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + /** - * Verifies signatures of cleartext signed message - * @param {Object} options - * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures - * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures - * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys - * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {Signature} [options.signature] - Detached signature for verification - * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Object containing verified message in the form: - * - * { - * data: MaybeStream, (if `message` was a CleartextMessage) - * data: MaybeStream, (if `message` was a Message) - * signatures: [ - * { - * keyID: module:type/keyid~KeyID, - * verified: Promise, - * signature: Promise - * }, ... - * ] - * } + * Implementation of the Compressed Data Packet (Tag 8) * - * where `signatures` contains a separate entry for each signature packet found in the input message. - * @async - * @static + * {@link https://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: + * The Compressed Data packet contains compressed data. Typically, + * this packet is found as the contents of an encrypted packet, or following + * a Signature or One-Pass Signature packet, and contains a literal data packet. */ -async function verify$6({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkCleartextOrMessage(message); verificationKeys = toArray$1(verificationKeys); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +class CompressedDataPacket { + static get tag() { + return enums.packet.compressedData; + } - if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); - if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + /** + * List of packets + * @type {PacketList} + */ + this.packets = null; + /** + * Compression algorithm + * @type {enums.compression} + */ + this.algorithm = config$1.preferredCompressionAlgorithm; - try { - const result = {}; - if (signature) { - result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); - } else { - result.signatures = await message.verify(verificationKeys, date, config$1); - } - result.data = format === 'binary' ? message.getLiteralData() : message.getText(); - if (message.fromStream && !signature) linkStreams(result, message); - if (expectSigned) { - if (result.signatures.length === 0) { - throw new Error('Message is not signed'); - } - result.data = concat([ - result.data, - fromAsync(async () => { - await util.anyPromise(result.signatures.map(sig => sig.verified)); - }) - ]); + /** + * Compressed packet data + * @type {Uint8Array | ReadableStream} + */ + this.compressed = null; + } + + /** + * Parsing function for the packet. + * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async read(bytes, config$1 = config) { + await parse(bytes, async reader => { + + // One octet that gives the algorithm used to compress the packet. + this.algorithm = await reader.readByte(); + + // Compressed data, which makes up the remainder of the packet. + this.compressed = reader.remainder(); + + await this.decompress(config$1); + }); + } + + + /** + * Return the compressed packet. + * @returns {Uint8Array | ReadableStream} Binary compressed packet. + */ + write() { + if (this.compressed === null) { + this.compress(); } - result.data = await convertStream(result.data, message.fromStream, format); - return result; - } catch (err) { - throw util.wrapError('Error verifying signed message', err); + + return util.concat([new Uint8Array([this.algorithm]), this.compressed]); } -} -/////////////////////////////////////////////// -// // -// Session key encryption and decryption // -// // -/////////////////////////////////////////////// + /** + * Decompression method for decompressing the compressed data + * read by read_packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async decompress(config$1 = config) { + const compressionName = enums.read(enums.compression, this.algorithm); + const decompressionFn = decompress_fns[compressionName]; // bzip decompression is async + if (!decompressionFn) { + throw new Error(`${compressionName} decompression not supported`); + } -/** - * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. - * @param {Object} options - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} - * @param {Date} [options.date=current date] - Date to select algorithm preferences at - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. - * @async - * @static - */ -async function generateSessionKey$1({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - encryptionKeys = toArray$1(encryptionKeys); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + this.packets = await PacketList.fromBinary(await decompressionFn(this.compressed), allowedPackets$5, config$1); + } - try { - const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error generating session key', err); + /** + * Compress the packet data (member decompressedData) + */ + compress() { + const compressionName = enums.read(enums.compression, this.algorithm); + const compressionFn = compress_fns[compressionName]; + if (!compressionFn) { + throw new Error(`${compressionName} compression not supported`); + } + + this.compressed = compressionFn(this.packets.write()); } } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// + /** - * Encrypt a symmetric session key with public keys, passwords, or both at once. - * At least one of `encryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) - * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' - * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' - * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key - * @param {String|String[]} [options.passwords] - Passwords for the message - * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value - * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs - * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] - * @param {Date} [options.date=current date] - Override the date - * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). - * @async - * @static + * Zlib processor relying on Compression Stream API if available, or falling back to fflate otherwise. + * @param {function(): CompressionStream|function(): DecompressionStream} compressionStreamInstantiator + * @param {FunctionConstructor} ZlibStreamedConstructor - fflate constructor + * @returns {ReadableStream} compressed or decompressed data */ -async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); - encryptionKeys = toArray$1(encryptionKeys); passwords = toArray$1(passwords); encryptionKeyIDs = toArray$1(encryptionKeyIDs); encryptionUserIDs = toArray$1(encryptionUserIDs); - if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +function zlib(compressionStreamInstantiator, ZlibStreamedConstructor) { + return data => { + if (!util.isStream(data) || isArrayStream(data)) { + return fromAsync(() => readToEnd(data).then(inputData => { + return new Promise((resolve, reject) => { + const zlibStream = new ZlibStreamedConstructor(); + zlibStream.ondata = processedData => { + resolve(processedData); + }; + try { + zlibStream.push(inputData, true); // only one chunk to push + } catch (err) { + reject(err); + } + }); + })); + } - if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { - throw new Error('No encryption keys or passwords provided.'); - } + // Use Compression Streams API if available (see https://developer.mozilla.org/en-US/docs/Web/API/Compression_Streams_API) + if (compressionStreamInstantiator) { + try { + const compressorOrDecompressor = compressionStreamInstantiator(); + return data.pipeThrough(compressorOrDecompressor); + } catch (err) { + // If format is unsupported in Compression/DecompressionStream, then a TypeError in thrown, and we fallback to fflate. + if (err.name !== 'TypeError') { + throw err; + } + } + } - try { - const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); - return formatObject(message, format, config$1); - } catch (err) { - throw util.wrapError('Error encrypting session key', err); - } + // JS fallback + const inputReader = data.getReader(); + const zlibStream = new ZlibStreamedConstructor(); + + return new ReadableStream({ + async start(controller) { + zlibStream.ondata = async (value, isLast) => { + controller.enqueue(value); + if (isLast) { + controller.close(); + } + }; + + while (true) { + const { done, value } = await inputReader.read(); + if (done) { + zlibStream.push(new Uint8Array(), true); + return; + } else if (value.length) { + zlibStream.push(value); + } + } + } + }); + }; +} + +function bzip2Decompress() { + return async function(data) { + const { decode: bunzipDecode } = await Promise.resolve().then(function () { return index; }); + return fromAsync(async () => bunzipDecode(await readToEnd(data))); + }; } /** - * Decrypt symmetric session keys using private keys or passwords (not both). - * One of `decryptionKeys` or `passwords` must be specified. - * @param {Object} options - * @param {Message} options.message - A message object containing the encrypted session key packets - * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data - * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key - * @param {Date} [options.date] - Date to use for key verification instead of the current time - * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} - * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: - * { data:Uint8Array, algorithm:String } - * @throws if no session key could be found or decrypted - * @async - * @static + * Get Compression Stream API instatiators if the constructors are implemented. + * NB: the return instatiator functions will throw when called if the provided `compressionFormat` is not supported + * (supported formats cannot be determined in advance). + * @param {'deflate-raw'|'deflate'|'gzip'|string} compressionFormat + * @returns {{ compressor: function(): CompressionStream | false, decompressor: function(): DecompressionStream | false }} */ -async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { - config$1 = { ...config, ...config$1 }; checkConfig(config$1); - checkMessage(message); decryptionKeys = toArray$1(decryptionKeys); passwords = toArray$1(passwords); - if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); - const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); +const getCompressionStreamInstantiators = compressionFormat => ({ + compressor: typeof CompressionStream !== 'undefined' && (() => new CompressionStream(compressionFormat)), + decompressor: typeof DecompressionStream !== 'undefined' && (() => new DecompressionStream(compressionFormat)) +}); - try { - const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, date, config$1); - return sessionKeys; - } catch (err) { - throw util.wrapError('Error decrypting session keys', err); - } -} +const compress_fns = { + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').compressor, Deflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').compressor, Zlib) +}; +const decompress_fns = { + uncompressed: data => data, + zip: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate-raw').decompressor, Inflate), + zlib: /*#__PURE__*/ zlib(getCompressionStreamInstantiators('deflate').decompressor, Unzlib), + bzip2: /*#__PURE__*/ bzip2Decompress() // NB: async due to dynamic lib import +}; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -////////////////////////// -// // -// Helper functions // -// // -////////////////////////// +// A SEIP packet can contain the following packet types +const allowedPackets$4 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); /** - * Input validation - * @private + * Implementation of the Sym. Encrypted Integrity Protected Data Packet (Tag 18) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: + * The Symmetrically Encrypted Integrity Protected Data packet is + * a variant of the Symmetrically Encrypted Data packet. It is a new feature + * created for OpenPGP that addresses the problem of detecting a modification to + * encrypted data. It is used in combination with a Modification Detection Code + * packet. */ -function checkString(data, name) { - if (!util.isString(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type String'); +class SymEncryptedIntegrityProtectedDataPacket { + static get tag() { + return enums.packet.symEncryptedIntegrityProtectedData; } -} -function checkBinary(data, name) { - if (!util.isUint8Array(data)) { - throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array'); + + static fromObject({ version, aeadAlgorithm }) { + if (version !== 1 && version !== 2) { + throw new Error('Unsupported SEIPD version'); + } + + const seip = new SymEncryptedIntegrityProtectedDataPacket(); + seip.version = version; + if (version === 2) { + seip.aeadAlgorithm = aeadAlgorithm; + } + + return seip; } -} -function checkMessage(message) { - if (!(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message'); + + constructor() { + this.version = null; + + // The following 4 fields are for V2 only. + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = null; + this.chunkSizeByte = null; + this.salt = null; + + this.encrypted = null; + this.packets = null; } -} -function checkCleartextOrMessage(message) { - if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { - throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); + + async read(bytes) { + await parse(bytes, async reader => { + this.version = await reader.readByte(); + // - A one-octet version number with value 1 or 2. + if (this.version !== 1 && this.version !== 2) { + throw new UnsupportedError(`Version ${this.version} of the SEIP packet is unsupported.`); + } + + if (this.version === 2) { + // - A one-octet cipher algorithm. + this.cipherAlgorithm = await reader.readByte(); + // - A one-octet AEAD algorithm. + this.aeadAlgorithm = await reader.readByte(); + // - A one-octet chunk size. + this.chunkSizeByte = await reader.readByte(); + // - Thirty-two octets of salt. The salt is used to derive the message key and must be unique. + this.salt = await reader.readBytes(32); + } + + // For V1: + // - Encrypted data, the output of the selected symmetric-key cipher + // operating in Cipher Feedback mode with shift amount equal to the + // block size of the cipher (CFB-n where n is the block size). + // For V2: + // - Encrypted data, the output of the selected symmetric-key cipher operating in the given AEAD mode. + // - A final, summary authentication tag for the AEAD mode. + this.encrypted = reader.remainder(); + }); } -} -function checkOutputMessageFormat(format) { - if (format !== 'armored' && format !== 'binary' && format !== 'object') { - throw new Error(`Unsupported format ${format}`); + + write() { + if (this.version === 2) { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.salt, this.encrypted]); + } + return util.concat([new Uint8Array([this.version]), this.encrypted]); + } + + /** + * Encrypt the payload in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The symmetric encryption algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on encryption failure + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) encryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + const { blockSize, keySize } = mod$1.getCipherParams(sessionKeyAlgorithm); + if (key.length !== keySize) { + throw new Error('Unexpected session key size'); + } + + let bytes = this.packets.write(); + if (isArrayStream(bytes)) bytes = await readToEnd(bytes); + + if (this.version === 2) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + this.salt = mod$1.random.getRandomBytes(32); + this.chunkSizeByte = config$1.aeadChunkSizeByte; + this.encrypted = await runAEAD(this, 'encrypt', key, bytes); + } else { + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const mdc = new Uint8Array([0xD3, 0x14]); // modification detection code packet + + const tohash = util.concat([prefix, bytes, mdc]); + const hash = await mod$1.hash.sha1(passiveClone(tohash)); + const plaintext = util.concat([tohash, hash]); + + this.encrypted = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, plaintext, new Uint8Array(blockSize), config$1); + } + return true; } -} -const defaultConfigPropsCount = Object.keys(config).length; -function checkConfig(config$1) { - const inputConfigProps = Object.keys(config$1); - if (inputConfigProps.length !== defaultConfigPropsCount) { - for (const inputProp of inputConfigProps) { - if (config[inputProp] === undefined) { - throw new Error(`Unknown config property: ${inputProp}`); + + /** + * Decrypts the encrypted data contained in the packet. + * @param {enums.symmetric} sessionKeyAlgorithm - The selected symmetric encryption algorithm to be used + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} on decryption failure + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // We check that the session key size matches the one expected by the symmetric algorithm. + // This is especially important for SEIPDv2 session keys, as a key derivation step is run where the resulting key will always match the expected cipher size, + // but we want to ensure that the input key isn't e.g. too short. + // The check is done here, instead of on encrypted session key (ESK) decryption, because v6 ESK packets do not store the session key algorithm, + // which is instead included in the SEIPDv2 data. + if (key.length !== mod$1.getCipherParams(sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + + let encrypted = clone(this.encrypted); + if (isArrayStream(encrypted)) encrypted = await readToEnd(encrypted); + + let packetbytes; + if (this.version === 2) { + if (this.cipherAlgorithm !== sessionKeyAlgorithm) { + // sanity check + throw new Error('Unexpected session key algorithm'); + } + packetbytes = await runAEAD(this, 'decrypt', key, encrypted); + } else { + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, encrypted, new Uint8Array(blockSize)); + + // there must be a modification detection code packet as the + // last packet and everything gets hashed except the hash itself + const realHash = slice(passiveClone(decrypted), -20); + const tohash = slice(decrypted, 0, -20); + const verifyHash = Promise.all([ + readToEnd(await mod$1.hash.sha1(passiveClone(tohash))), + readToEnd(realHash) + ]).then(([hash, mdc]) => { + if (!util.equalsUint8Array(hash, mdc)) { + throw new Error('Modification detected.'); + } + return new Uint8Array(); + }); + const bytes = slice(tohash, blockSize + 2); // Remove random prefix + packetbytes = slice(bytes, 0, -2); // Remove MDC packet + packetbytes = concat([packetbytes, fromAsync(() => verifyHash)]); + if (!util.isStream(encrypted) || !config$1.allowUnauthenticatedStream) { + packetbytes = await readToEnd(packetbytes); } } - } -} -/** - * Normalize parameter to an array if it is not undefined. - * @param {Object} param - the parameter to be normalized - * @returns {Array|undefined} The resulting array or undefined. - * @private - */ -function toArray$1(param) { - if (param && !util.isArray(param)) { - param = [param]; + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets$4, config$1); + return true; } - return param; } /** - * Convert data to or from Stream - * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams - * @returns {Promise} The data in the respective format. + * En/decrypt the payload. + * @param {encrypt|decrypt} fn - Whether to encrypt or decrypt + * @param {Uint8Array} key - The session key used to en/decrypt the payload + * @param {Uint8Array | ReadableStream} data - The data to en/decrypt + * @returns {Promise>} * @async - * @private - */ -async function convertStream(data, streaming, encoding = 'utf8') { - const streamType = util.isStream(data); - if (streamType === 'array') { - return readToEnd(data); - } - if (streaming === 'node') { - data = webToNode(data); - if (encoding !== 'binary') data.setEncoding(encoding); - return data; - } - if (streaming === 'web' && streamType === 'ponyfill') { - return toNativeReadable(data); - } - return data; -} - -/** - * Link result.data to the message stream for cancellation. - * Also, forward errors in the message to result.data. - * @param {Object} result - the data to convert - * @param {Message} message - message object - * @returns {Object} - * @private */ -function linkStreams(result, message) { - result.data = transformPair(message.packets.stream, async (readable, writable) => { - await pipe(result.data, writable, { - preventClose: true - }); +async function runAEAD(packet, fn, key, data) { + const isSEIPDv2 = packet instanceof SymEncryptedIntegrityProtectedDataPacket && packet.version === 2; + const isAEADP = !isSEIPDv2 && packet.constructor.tag === enums.packet.aeadEncryptedData; // no `instanceof` to avoid importing the corresponding class (circular import) + if (!isSEIPDv2 && !isAEADP) throw new Error('Unexpected packet type'); + + const mode = mod$1.getAEADMode(packet.aeadAlgorithm); + const tagLengthIfDecrypting = fn === 'decrypt' ? mode.tagLength : 0; + const tagLengthIfEncrypting = fn === 'encrypt' ? mode.tagLength : 0; + const chunkSize = 2 ** (packet.chunkSizeByte + 6) + tagLengthIfDecrypting; // ((uint64_t)1 << (c + 6)) + const chunkIndexSizeIfAEADEP = isAEADP ? 8 : 0; + const adataBuffer = new ArrayBuffer(13 + chunkIndexSizeIfAEADEP); + const adataArray = new Uint8Array(adataBuffer, 0, 5 + chunkIndexSizeIfAEADEP); + const adataTagArray = new Uint8Array(adataBuffer); + const adataView = new DataView(adataBuffer); + const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8); + adataArray.set([0xC0 | packet.constructor.tag, packet.version, packet.cipherAlgorithm, packet.aeadAlgorithm, packet.chunkSizeByte], 0); + let chunkIndex = 0; + let latestPromise = Promise.resolve(); + let cryptedBytes = 0; + let queuedBytes = 0; + let iv; + let ivView; + if (isSEIPDv2) { + const { keySize } = mod$1.getCipherParams(packet.cipherAlgorithm); + const { ivLength } = mode; + const info = new Uint8Array(adataBuffer, 0, 5); + const derived = await computeHKDF(enums.hash.sha256, key, packet.salt, info, keySize + ivLength); + key = derived.subarray(0, keySize); + iv = derived.subarray(keySize); // The last 8 bytes of HKDF output are unneeded, but this avoids one copy. + iv.fill(0, iv.length - 8); + ivView = new DataView(iv.buffer, iv.byteOffset, iv.byteLength); + } else { // AEADEncryptedDataPacket + iv = packet.iv; + // ivView is unused in this case + } + const modeInstance = await mode(packet.cipherAlgorithm, key); + return transformPair(data, async (readable, writable) => { + if (util.isStream(readable) !== 'array') { + const buffer = new TransformStream({}, { + highWaterMark: util.getHardwareConcurrency() * 2 ** (packet.chunkSizeByte + 6), + size: array => array.length + }); + pipe(buffer.readable, writable); + writable = buffer.writable; + } + const reader = getReader(readable); const writer = getWriter(writable); try { - // Forward errors in the message stream to result.data. - await readToEnd(readable, _ => _); - await writer.close(); + while (true) { + let chunk = await reader.readBytes(chunkSize + tagLengthIfDecrypting) || new Uint8Array(); + const finalChunk = chunk.subarray(chunk.length - tagLengthIfDecrypting); + chunk = chunk.subarray(0, chunk.length - tagLengthIfDecrypting); + let cryptedPromise; + let done; + let nonce; + if (isSEIPDv2) { // SEIPD V2 + nonce = iv; + } else { // AEADEncryptedDataPacket + nonce = iv.slice(); + for (let i = 0; i < 8; i++) { + nonce[iv.length - 8 + i] ^= chunkIndexArray[i]; + } + } + if (!chunkIndex || chunk.length) { + reader.unshift(finalChunk); + cryptedPromise = modeInstance[fn](chunk, nonce, adataArray); + cryptedPromise.catch(() => {}); + queuedBytes += chunk.length - tagLengthIfDecrypting + tagLengthIfEncrypting; + } else { + // After the last chunk, we either encrypt a final, empty + // data chunk to get the final authentication tag or + // validate that final authentication tag. + adataView.setInt32(5 + chunkIndexSizeIfAEADEP + 4, cryptedBytes); // Should be setInt64(5 + chunkIndexSizeIfAEADEP, ...) + cryptedPromise = modeInstance[fn](finalChunk, nonce, adataTagArray); + cryptedPromise.catch(() => {}); + queuedBytes += tagLengthIfEncrypting; + done = true; + } + cryptedBytes += chunk.length - tagLengthIfDecrypting; + // eslint-disable-next-line @typescript-eslint/no-loop-func + latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => { + await writer.ready; + await writer.write(crypted); + queuedBytes -= crypted.length; + }).catch(err => writer.abort(err)); + if (done || queuedBytes > writer.desiredSize) { + await latestPromise; // Respect backpressure + } + if (!done) { + if (isSEIPDv2) { // SEIPD V2 + ivView.setInt32(iv.length - 4, ++chunkIndex); // Should be setInt64(iv.length - 8, ...) + } else { // AEADEncryptedDataPacket + adataView.setInt32(5 + 4, ++chunkIndex); // Should be setInt64(5, ...) + } + } else { + await writer.close(); + break; + } + } } catch (e) { + await writer.ready.catch(() => {}); await writer.abort(e); } }); } -/** - * Convert the object to the given format - * @param {Key|Message} object - * @param {'armored'|'binary'|'object'} format - * @param {Object} config - Full configuration - * @returns {String|Uint8Array|Object} - */ -function formatObject(object, format, config) { - switch (format) { - case 'object': - return object; - case 'armored': - return object.armor(config); - case 'binary': - return object.write(); - default: - throw new Error(`Unsupported format ${format}`); - } -} - -/** - * web-streams-polyfill v3.0.3 - */ -/// -const SymbolPolyfill = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? - Symbol : - description => `Symbol(${description})`; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -/// -function noop() { - return undefined; -} -function getGlobals() { - if (typeof self !== 'undefined') { - return self; - } - else if (typeof window !== 'undefined') { - return window; - } - else if (typeof global !== 'undefined') { - return global; - } - return undefined; -} -const globals = getGlobals(); -function typeIsObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -const rethrowAssertionErrorRejection = noop; +// An AEAD-encrypted Data packet can contain the following packet types +const allowedPackets$3 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); -const originalPromise = Promise; -const originalPromiseThen = Promise.prototype.then; -const originalPromiseResolve = Promise.resolve.bind(originalPromise); -const originalPromiseReject = Promise.reject.bind(originalPromise); -function newPromise(executor) { - return new originalPromise(executor); -} -function promiseResolvedWith(value) { - return originalPromiseResolve(value); -} -function promiseRejectedWith(reason) { - return originalPromiseReject(reason); -} -function PerformPromiseThen(promise, onFulfilled, onRejected) { - // There doesn't appear to be any way to correctly emulate the behaviour from JavaScript, so this is just an - // approximation. - return originalPromiseThen.call(promise, onFulfilled, onRejected); -} -function uponPromise(promise, onFulfilled, onRejected) { - PerformPromiseThen(PerformPromiseThen(promise, onFulfilled, onRejected), undefined, rethrowAssertionErrorRejection); -} -function uponFulfillment(promise, onFulfilled) { - uponPromise(promise, onFulfilled); -} -function uponRejection(promise, onRejected) { - uponPromise(promise, undefined, onRejected); -} -function transformPromiseWith(promise, fulfillmentHandler, rejectionHandler) { - return PerformPromiseThen(promise, fulfillmentHandler, rejectionHandler); -} -function setPromiseIsHandledToTrue(promise) { - PerformPromiseThen(promise, undefined, rethrowAssertionErrorRejection); -} -const queueMicrotask = (() => { - const globalQueueMicrotask = globals && globals.queueMicrotask; - if (typeof globalQueueMicrotask === 'function') { - return globalQueueMicrotask; - } - const resolvedPromise = promiseResolvedWith(undefined); - return (fn) => PerformPromiseThen(resolvedPromise, fn); -})(); -function reflectCall(F, V, args) { - if (typeof F !== 'function') { - throw new TypeError('Argument is not a function'); - } - return Function.prototype.apply.call(F, V, args); -} -function promiseCall(F, V, args) { - try { - return promiseResolvedWith(reflectCall(F, V, args)); - } - catch (value) { - return promiseRejectedWith(value); - } -} +const VERSION$1 = 1; // A one-octet version number of the data packet. -// Original from Chromium -// https://chromium.googlesource.com/chromium/src/+/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/third_party/blink/renderer/core/streams/SimpleQueue.js -const QUEUE_MAX_ARRAY_SIZE = 16384; /** - * Simple queue structure. + * Implementation of the Symmetrically Encrypted Authenticated Encryption with + * Additional Data (AEAD) Protected Data Packet * - * Avoids scalability issues with using a packed array directly by using - * multiple arrays in a linked list and keeping the array size bounded. + * {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00#section-2.1}: + * AEAD Protected Data Packet */ -class SimpleQueue { - constructor() { - this._cursor = 0; - this._size = 0; - // _front and _back are always defined. - this._front = { - _elements: [], - _next: undefined - }; - this._back = this._front; - // The cursor is used to avoid calling Array.shift(). - // It contains the index of the front element of the array inside the - // front-most node. It is always in the range [0, QUEUE_MAX_ARRAY_SIZE). - this._cursor = 0; - // When there is only one node, size === elements.length - cursor. - this._size = 0; - } - get length() { - return this._size; - } - // For exception safety, this method is structured in order: - // 1. Read state - // 2. Calculate required state mutations - // 3. Perform state mutations - push(element) { - const oldBack = this._back; - let newBack = oldBack; - if (oldBack._elements.length === QUEUE_MAX_ARRAY_SIZE - 1) { - newBack = { - _elements: [], - _next: undefined - }; - } - // push() is the mutation most likely to throw an exception, so it - // goes first. - oldBack._elements.push(element); - if (newBack !== oldBack) { - this._back = newBack; - oldBack._next = newBack; - } - ++this._size; - } - // Like push(), shift() follows the read -> calculate -> mutate pattern for - // exception safety. - shift() { // must not be called on an empty queue - const oldFront = this._front; - let newFront = oldFront; - const oldCursor = this._cursor; - let newCursor = oldCursor + 1; - const elements = oldFront._elements; - const element = elements[oldCursor]; - if (newCursor === QUEUE_MAX_ARRAY_SIZE) { - newFront = oldFront._next; - newCursor = 0; - } - // No mutations before this point. - --this._size; - this._cursor = newCursor; - if (oldFront !== newFront) { - this._front = newFront; - } - // Permit shifted element to be garbage collected. - elements[oldCursor] = undefined; - return element; - } - // The tricky thing about forEach() is that it can be called - // re-entrantly. The queue may be mutated inside the callback. It is easy to - // see that push() within the callback has no negative effects since the end - // of the queue is checked for on every iteration. If shift() is called - // repeatedly within the callback then the next iteration may return an - // element that has been removed. In this case the callback will be called - // with undefined values until we either "catch up" with elements that still - // exist or reach the back of the queue. - forEach(callback) { - let i = this._cursor; - let node = this._front; - let elements = node._elements; - while (i !== elements.length || node._next !== undefined) { - if (i === elements.length) { - node = node._next; - elements = node._elements; - i = 0; - if (elements.length === 0) { - break; - } - } - callback(elements[i]); - ++i; - } - } - // Return the element that would be returned if shift() was called now, - // without modifying the queue. - peek() { // must not be called on an empty queue - const front = this._front; - const cursor = this._cursor; - return front._elements[cursor]; - } -} +class AEADEncryptedDataPacket { + static get tag() { + return enums.packet.aeadEncryptedData; + } -function ReadableStreamReaderGenericInitialize(reader, stream) { - reader._ownerReadableStream = stream; - stream._reader = reader; - if (stream._state === 'readable') { - defaultReaderClosedPromiseInitialize(reader); - } - else if (stream._state === 'closed') { - defaultReaderClosedPromiseInitializeAsResolved(reader); - } - else { - defaultReaderClosedPromiseInitializeAsRejected(reader, stream._storedError); - } -} -// A client of ReadableStreamDefaultReader and ReadableStreamBYOBReader may use these functions directly to bypass state -// check. -function ReadableStreamReaderGenericCancel(reader, reason) { - const stream = reader._ownerReadableStream; - return ReadableStreamCancel(stream, reason); -} -function ReadableStreamReaderGenericRelease(reader) { - if (reader._ownerReadableStream._state === 'readable') { - defaultReaderClosedPromiseReject(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - else { - defaultReaderClosedPromiseResetToRejected(reader, new TypeError(`Reader was released and can no longer be used to monitor the stream's closedness`)); - } - reader._ownerReadableStream._reader = undefined; - reader._ownerReadableStream = undefined; -} -// Helper functions for the readers. -function readerLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released reader'); -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderClosedPromiseInitialize(reader) { - reader._closedPromise = newPromise((resolve, reject) => { - reader._closedPromise_resolve = resolve; - reader._closedPromise_reject = reject; + constructor() { + this.version = VERSION$1; + /** @type {enums.symmetric} */ + this.cipherAlgorithm = null; + /** @type {enums.aead} */ + this.aeadAlgorithm = enums.aead.eax; + this.chunkSizeByte = null; + this.iv = null; + this.encrypted = null; + this.packets = null; + } + + /** + * Parse an encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @param {Uint8Array | ReadableStream} bytes + * @throws {Error} on parsing failure + */ + async read(bytes) { + await parse(bytes, async reader => { + const version = await reader.readByte(); + if (version !== VERSION$1) { // The only currently defined value is 1. + throw new UnsupportedError(`Version ${version} of the AEAD-encrypted data packet is not supported.`); + } + this.cipherAlgorithm = await reader.readByte(); + this.aeadAlgorithm = await reader.readByte(); + this.chunkSizeByte = await reader.readByte(); + + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = await reader.readBytes(mode.ivLength); + this.encrypted = reader.remainder(); }); + } + + /** + * Write the encrypted payload of bytes in the order: version, IV, ciphertext (see specification) + * @returns {Uint8Array | ReadableStream} The encrypted payload. + */ + write() { + return util.concat([new Uint8Array([this.version, this.cipherAlgorithm, this.aeadAlgorithm, this.chunkSizeByte]), this.iv, this.encrypted]); + } + + /** + * Decrypt the encrypted payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.packets = await PacketList.fromBinary( + await runAEAD(this, 'decrypt', key, clone(this.encrypted)), + allowedPackets$3, + config$1 + ); + } + + /** + * Encrypt the packet payload. + * @param {enums.symmetric} sessionKeyAlgorithm - The session key's cipher algorithm + * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + this.cipherAlgorithm = sessionKeyAlgorithm; + + const { ivLength } = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(ivLength); // generate new random IV + this.chunkSizeByte = config$1.aeadChunkSizeByte; + const data = this.packets.write(); + this.encrypted = await runAEAD(this, 'encrypt', key, data); + } } -function defaultReaderClosedPromiseInitializeAsRejected(reader, reason) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseReject(reader, reason); -} -function defaultReaderClosedPromiseInitializeAsResolved(reader) { - defaultReaderClosedPromiseInitialize(reader); - defaultReaderClosedPromiseResolve(reader); -} -function defaultReaderClosedPromiseReject(reader, reason) { - if (reader._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(reader._closedPromise); - reader._closedPromise_reject(reason); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -function defaultReaderClosedPromiseResetToRejected(reader, reason) { - defaultReaderClosedPromiseInitializeAsRejected(reader, reason); -} -function defaultReaderClosedPromiseResolve(reader) { - if (reader._closedPromise_resolve === undefined) { - return; - } - reader._closedPromise_resolve(undefined); - reader._closedPromise_resolve = undefined; - reader._closedPromise_reject = undefined; -} -const AbortSteps = SymbolPolyfill('[[AbortSteps]]'); -const ErrorSteps = SymbolPolyfill('[[ErrorSteps]]'); -const CancelSteps = SymbolPolyfill('[[CancelSteps]]'); -const PullSteps = SymbolPolyfill('[[PullSteps]]'); +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isFinite#Polyfill -const NumberIsFinite = Number.isFinite || function (x) { - return typeof x === 'number' && isFinite(x); -}; +/** + * Public-Key Encrypted Session Key Packets (Tag 1) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: + * A Public-Key Encrypted Session Key packet holds the session key + * used to encrypt a message. Zero or more Public-Key Encrypted Session Key + * packets and/or Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data Packet, which holds an encrypted message. The + * message is encrypted with the session key, and the session key is itself + * encrypted and stored in the Encrypted Session Key packet(s). The + * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted + * Session Key packet for each OpenPGP key to which the message is encrypted. + * The recipient of the message finds a session key that is encrypted to their + * public key, decrypts the session key, and then uses the session key to + * decrypt the message. + */ +class PublicKeyEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.publicKeyEncryptedSessionKey; + } -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/trunc#Polyfill -const MathTrunc = Math.trunc || function (v) { - return v < 0 ? Math.ceil(v) : Math.floor(v); -}; + constructor() { + this.version = null; -// https://heycam.github.io/webidl/#idl-dictionaries -function isDictionary(x) { - return typeof x === 'object' || typeof x === 'function'; -} -function assertDictionary(obj, context) { - if (obj !== undefined && !isDictionary(obj)) { - throw new TypeError(`${context} is not an object.`); - } -} -// https://heycam.github.io/webidl/#idl-callback-functions -function assertFunction(x, context) { - if (typeof x !== 'function') { - throw new TypeError(`${context} is not a function.`); - } -} -// https://heycam.github.io/webidl/#idl-object -function isObject(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; -} -function assertObject(x, context) { - if (!isObject(x)) { - throw new TypeError(`${context} is not an object.`); - } -} -function assertRequiredArgument(x, position, context) { - if (x === undefined) { - throw new TypeError(`Parameter ${position} is required in '${context}'.`); - } -} -function assertRequiredField(x, field, context) { - if (x === undefined) { - throw new TypeError(`${field} is required in '${context}'.`); - } -} -// https://heycam.github.io/webidl/#idl-unrestricted-double -function convertUnrestrictedDouble(value) { - return Number(value); -} -function censorNegativeZero(x) { - return x === 0 ? 0 : x; -} -function integerPart(x) { - return censorNegativeZero(MathTrunc(x)); -} -// https://heycam.github.io/webidl/#idl-unsigned-long-long -function convertUnsignedLongLongWithEnforceRange(value, context) { - const lowerBound = 0; - const upperBound = Number.MAX_SAFE_INTEGER; - let x = Number(value); - x = censorNegativeZero(x); - if (!NumberIsFinite(x)) { - throw new TypeError(`${context} is not a finite number`); - } - x = integerPart(x); - if (x < lowerBound || x > upperBound) { - throw new TypeError(`${context} is outside the accepted range of ${lowerBound} to ${upperBound}, inclusive`); - } - if (!NumberIsFinite(x) || x === 0) { - return 0; - } - // TODO Use BigInt if supported? - // let xBigInt = BigInt(integerPart(x)); - // xBigInt = BigInt.asUintN(64, xBigInt); - // return Number(xBigInt); - return x; -} + // For version 3, but also used internally by v6 in e.g. `getEncryptionKeyIDs()` + this.publicKeyID = new KeyID(); -function assertReadableStream(x, context) { - if (!IsReadableStream(x)) { - throw new TypeError(`${context} is not a ReadableStream.`); - } -} + // For version 6: + this.publicKeyVersion = null; + this.publicKeyFingerprint = null; -// Abstract operations for the ReadableStream. -function AcquireReadableStreamDefaultReader(stream) { - return new ReadableStreamDefaultReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadRequest(stream, readRequest) { - stream._reader._readRequests.push(readRequest); -} -function ReadableStreamFulfillReadRequest(stream, chunk, done) { - const reader = stream._reader; - const readRequest = reader._readRequests.shift(); - if (done) { - readRequest._closeSteps(); - } - else { - readRequest._chunkSteps(chunk); - } -} -function ReadableStreamGetNumReadRequests(stream) { - return stream._reader._readRequests.length; -} -function ReadableStreamHasDefaultReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; - } - if (!IsReadableStreamDefaultReader(reader)) { - return false; - } - return true; -} -/** - * A default reader vended by a {@link ReadableStream}. - * - * @public - */ -class ReadableStreamDefaultReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamDefaultReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readRequests = new SimpleQueue(); - } + // For all versions: + this.publicKeyAlgorithm = null; + + this.sessionKey = null; /** - * Returns a promise that will be fulfilled when the stream becomes closed, - * or rejected if the stream ever errors or the reader's lock is released before the stream finishes closing. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - get closed() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('closed')); - } - return this._closedPromise; + this.sessionKeyAlgorithm = null; + + /** @type {Object} */ + this.encrypted = {}; + } + + static fromObject({ + version, encryptionKeyPacket, anonymousRecipient, sessionKey, sessionKeyAlgorithm + }) { + const pkesk = new PublicKeyEncryptedSessionKeyPacket(); + + if (version !== 3 && version !== 6) { + throw new Error('Unsupported PKESK version'); } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); + + pkesk.version = version; + + if (version === 6) { + pkesk.publicKeyVersion = anonymousRecipient ? null : encryptionKeyPacket.version; + pkesk.publicKeyFingerprint = anonymousRecipient ? null : encryptionKeyPacket.getFingerprintBytes(); } - /** - * Returns a promise that allows access to the next chunk from the stream's internal queue, if available. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. - */ - read() { - if (!IsReadableStreamDefaultReader(this)) { - return promiseRejectedWith(defaultReaderBrandCheckException('read')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: () => resolvePromise({ value: undefined, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamDefaultReaderRead(this, readRequest); - return promise; + + pkesk.publicKeyID = anonymousRecipient ? KeyID.wildcard() : encryptionKeyPacket.getKeyID(); + pkesk.publicKeyAlgorithm = encryptionKeyPacket.algorithm; + pkesk.sessionKey = sessionKey; + pkesk.sessionKeyAlgorithm = sessionKeyAlgorithm; + + return pkesk; + } + + /** + * Parsing function for a publickey encrypted session key packet (tag 1). + * + * @param {Uint8Array} bytes - Payload of a tag 1 packet + */ + read(bytes) { + let offset = 0; + this.version = bytes[offset++]; + if (this.version !== 3 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the PKESK packet is unsupported.`); } - /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamDefaultReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. - */ - releaseLock() { - if (!IsReadableStreamDefaultReader(this)) { - throw defaultReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); + if (this.version === 6) { + // A one-octet size of the following two fields: + // - A one octet key version number. + // - The fingerprint of the public key or subkey to which the session key is encrypted. + // The size may also be zero. + const versionAndFingerprintLength = bytes[offset++]; + if (versionAndFingerprintLength) { + this.publicKeyVersion = bytes[offset++]; + const fingerprintLength = versionAndFingerprintLength - 1; + this.publicKeyFingerprint = bytes.subarray(offset, offset + fingerprintLength); offset += fingerprintLength; + if (this.publicKeyVersion >= 5) { + // For v5/6 the Key ID is the high-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint); + } else { + // For v4 The Key ID is the low-order 64 bits of the fingerprint. + this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8)); } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamDefaultReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamDefaultReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readRequests')) { - return false; - } - return true; -} -function ReadableStreamDefaultReaderRead(reader, readRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'closed') { - readRequest._closeSteps(); - } - else if (stream._state === 'errored') { - readRequest._errorSteps(stream._storedError); + } else { + // The size may also be zero, and the key version and + // fingerprint omitted for an "anonymous recipient" + this.publicKeyID = KeyID.wildcard(); + } + } else { + offset += this.publicKeyID.read(bytes.subarray(offset, offset + 8)); } - else { - stream._readableStreamController[PullSteps](readRequest); + this.publicKeyAlgorithm = bytes[offset++]; + this.encrypted = mod$1.parseEncSessionKeyParams(this.publicKeyAlgorithm, bytes.subarray(offset)); + if (this.publicKeyAlgorithm === enums.publicKey.x25519 || this.publicKeyAlgorithm === enums.publicKey.x448) { + if (this.version === 3) { + this.sessionKeyAlgorithm = enums.write(enums.symmetric, this.encrypted.C.algorithm); + } else if (this.encrypted.C.algorithm !== null) { + throw new Error('Unexpected cleartext symmetric algorithm'); + } } -} -// Helper functions for the ReadableStreamDefaultReader. -function defaultReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamDefaultReader.prototype.${name} can only be used on a ReadableStreamDefaultReader`); -} + } -/// -let AsyncIteratorPrototype; -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - // We're running inside a ES2018+ environment, but we're compiling to an older syntax. - // We cannot access %AsyncIteratorPrototype% without non-ES2018 syntax, but we can re-create it. - AsyncIteratorPrototype = { - // 25.1.3.1 %AsyncIteratorPrototype% [ @@asyncIterator ] ( ) - // https://tc39.github.io/ecma262/#sec-asynciteratorprototype-asynciterator - [SymbolPolyfill.asyncIterator]() { - return this; - } - }; - Object.defineProperty(AsyncIteratorPrototype, SymbolPolyfill.asyncIterator, { enumerable: false }); -} - -/// -class ReadableStreamAsyncIteratorImpl { - constructor(reader, preventCancel) { - this._ongoingPromise = undefined; - this._isFinished = false; - this._reader = reader; - this._preventCancel = preventCancel; - } - next() { - const nextSteps = () => this._nextSteps(); - this._ongoingPromise = this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, nextSteps, nextSteps) : - nextSteps(); - return this._ongoingPromise; - } - return(value) { - const returnSteps = () => this._returnSteps(value); - return this._ongoingPromise ? - transformPromiseWith(this._ongoingPromise, returnSteps, returnSteps) : - returnSteps(); - } - _nextSteps() { - if (this._isFinished) { - return Promise.resolve({ value: undefined, done: true }); - } - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('iterate')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readRequest = { - _chunkSteps: chunk => { - this._ongoingPromise = undefined; - // This needs to be delayed by one microtask, otherwise we stop pulling too early which breaks a test. - // FIXME Is this a bug in the specification, or in the test? - queueMicrotask(() => resolvePromise({ value: chunk, done: false })); - }, - _closeSteps: () => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - resolvePromise({ value: undefined, done: true }); - }, - _errorSteps: reason => { - this._ongoingPromise = undefined; - this._isFinished = true; - ReadableStreamReaderGenericRelease(reader); - rejectPromise(reason); - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promise; - } - _returnSteps(value) { - if (this._isFinished) { - return Promise.resolve({ value, done: true }); - } - this._isFinished = true; - const reader = this._reader; - if (reader._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('finish iterating')); - } - if (!this._preventCancel) { - const result = ReadableStreamReaderGenericCancel(reader, value); - ReadableStreamReaderGenericRelease(reader); - return transformPromiseWith(result, () => ({ value, done: true })); - } - ReadableStreamReaderGenericRelease(reader); - return promiseResolvedWith({ value, done: true }); - } -} -const ReadableStreamAsyncIteratorPrototype = { - next() { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('next')); - } - return this._asyncIteratorImpl.next(); - }, - return(value) { - if (!IsReadableStreamAsyncIterator(this)) { - return promiseRejectedWith(streamAsyncIteratorBrandCheckException('return')); - } - return this._asyncIteratorImpl.return(value); + /** + * Create a binary representation of a tag 1 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const arr = [ + new Uint8Array([this.version]) + ]; + + if (this.version === 6) { + if (this.publicKeyFingerprint !== null) { + arr.push(new Uint8Array([ + this.publicKeyFingerprint.length + 1, + this.publicKeyVersion] + )); + arr.push(this.publicKeyFingerprint); + } else { + arr.push(new Uint8Array([0])); + } + } else { + arr.push(this.publicKeyID.write()); } -}; -if (AsyncIteratorPrototype !== undefined) { - Object.setPrototypeOf(ReadableStreamAsyncIteratorPrototype, AsyncIteratorPrototype); -} -// Abstract operations for the ReadableStream. -function AcquireReadableStreamAsyncIterator(stream, preventCancel) { - const reader = AcquireReadableStreamDefaultReader(stream); - const impl = new ReadableStreamAsyncIteratorImpl(reader, preventCancel); - const iterator = Object.create(ReadableStreamAsyncIteratorPrototype); - iterator._asyncIteratorImpl = impl; - return iterator; -} -function IsReadableStreamAsyncIterator(x) { - if (!typeIsObject(x)) { - return false; + + arr.push( + new Uint8Array([this.publicKeyAlgorithm]), + mod$1.serializeParams(this.publicKeyAlgorithm, this.encrypted) + ); + + return util.concatUint8Array(arr); + } + + /** + * Encrypt session key packet + * @param {PublicKeyPacket} key - Public key + * @throws {Error} if encryption failed + * @async + */ + async encrypt(key) { + const algo = enums.write(enums.publicKey, this.publicKeyAlgorithm); + // No symmetric encryption algorithm identifier is passed to the public-key algorithm for a + // v6 PKESK packet, as it is included in the v2 SEIPD packet. + const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey); + this.encrypted = await mod$1.publicKeyEncrypt( + algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint); + } + + /** + * Decrypts the session key (only for public key encrypted session key packets (tag 1) + * @param {SecretKeyPacket} key - decrypted private key + * @param {Object} [randomSessionKey] - Bogus session key to use in case of sensitive decryption error, or if the decrypted session key is of a different type/size. + * This is needed for constant-time processing. Expected object of the form: { sessionKey: Uint8Array, sessionKeyAlgorithm: enums.symmetric } + * @throws {Error} if decryption failed, unless `randomSessionKey` is given + * @async + */ + async decrypt(key, randomSessionKey) { + // check that session key algo matches the secret key algo + if (this.publicKeyAlgorithm !== key.algorithm) { + throw new Error('Decryption error'); } - if (!Object.prototype.hasOwnProperty.call(x, '_asyncIteratorImpl')) { - return false; + + const randomPayload = randomSessionKey ? + encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) : + null; + const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes(); + const decryptedData = await mod$1.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload); + + const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey); + + if (this.version === 3) { + // v3 Montgomery curves have cleartext cipher algo + const hasEncryptedAlgo = this.publicKeyAlgorithm !== enums.publicKey.x25519 && this.publicKeyAlgorithm !== enums.publicKey.x448; + this.sessionKeyAlgorithm = hasEncryptedAlgo ? sessionKeyAlgorithm : this.sessionKeyAlgorithm; + + if (sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } } - return true; -} -// Helper functions for the ReadableStream. -function streamAsyncIteratorBrandCheckException(name) { - return new TypeError(`ReadableStreamAsyncIterator.${name} can only be used on a ReadableSteamAsyncIterator`); + this.sessionKey = sessionKey; + } } -/// -// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isNaN#Polyfill -const NumberIsNaN = Number.isNaN || function (x) { - // eslint-disable-next-line no-self-compare - return x !== x; -}; -function IsFiniteNonNegativeNumber(v) { - if (!IsNonNegativeNumber(v)) { - return false; - } - if (v === Infinity) { - return false; - } - return true; +function encodeSessionKey(version, keyAlgo, cipherAlgo, sessionKeyData) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + // add checksum + return util.concatUint8Array([ + new Uint8Array(version === 6 ? [] : [cipherAlgo]), + sessionKeyData, + util.writeChecksum(sessionKeyData.subarray(sessionKeyData.length % 8)) + ]); + case enums.publicKey.x25519: + case enums.publicKey.x448: + return sessionKeyData; + default: + throw new Error('Unsupported public key algorithm'); + } } -function IsNonNegativeNumber(v) { - if (typeof v !== 'number') { - return false; - } - if (NumberIsNaN(v)) { - return false; - } - if (v < 0) { - return false; + + +function decodeSessionKey(version, keyAlgo, decryptedData, randomSessionKey) { + switch (keyAlgo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: { + // verify checksum in constant time + const result = decryptedData.subarray(0, decryptedData.length - 2); + const checksum = decryptedData.subarray(decryptedData.length - 2); + const computedChecksum = util.writeChecksum(result.subarray(result.length % 8)); + const isValidChecksum = computedChecksum[0] === checksum[0] & computedChecksum[1] === checksum[1]; + const decryptedSessionKey = version === 6 ? + { sessionKeyAlgorithm: null, sessionKey: result } : + { sessionKeyAlgorithm: result[0], sessionKey: result.subarray(1) }; + if (randomSessionKey) { + // We must not leak info about the validity of the decrypted checksum or cipher algo. + // The decrypted session key must be of the same algo and size as the random session key, otherwise we discard it and use the random data. + const isValidPayload = isValidChecksum & + decryptedSessionKey.sessionKeyAlgorithm === randomSessionKey.sessionKeyAlgorithm & + decryptedSessionKey.sessionKey.length === randomSessionKey.sessionKey.length; + return { + sessionKey: util.selectUint8Array(isValidPayload, decryptedSessionKey.sessionKey, randomSessionKey.sessionKey), + sessionKeyAlgorithm: version === 6 ? null : util.selectUint8( + isValidPayload, + decryptedSessionKey.sessionKeyAlgorithm, + randomSessionKey.sessionKeyAlgorithm + ) + }; + } else { + const isValidPayload = isValidChecksum && ( + version === 6 || enums.read(enums.symmetric, decryptedSessionKey.sessionKeyAlgorithm)); + if (isValidPayload) { + return decryptedSessionKey; + } else { + throw new Error('Decryption error'); + } + } } - return true; + case enums.publicKey.x25519: + case enums.publicKey.x448: + return { + sessionKeyAlgorithm: null, + sessionKey: decryptedData + }; + default: + throw new Error('Unsupported public key algorithm'); + } } -function DequeueValue(container) { - const pair = container._queue.shift(); - container._queueTotalSize -= pair.size; - if (container._queueTotalSize < 0) { - container._queueTotalSize = 0; - } - return pair.value; -} -function EnqueueValueWithSize(container, value, size) { - size = Number(size); - if (!IsFiniteNonNegativeNumber(size)) { - throw new RangeError('Size must be a finite, non-NaN, non-negative number.'); - } - container._queue.push({ value, size }); - container._queueTotalSize += size; -} -function PeekQueueValue(container) { - const pair = container._queue.peek(); - return pair.value; -} -function ResetQueue(container) { - container._queue = new SimpleQueue(); - container._queueTotalSize = 0; -} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function CreateArrayFromList(elements) { - // We use arrays to represent lists, so this is basically a no-op. - // Do a slice though just in case we happen to depend on the unique-ness. - return elements.slice(); -} -function CopyDataBlockBytes(dest, destOffset, src, srcOffset, n) { - new Uint8Array(dest).set(new Uint8Array(src, srcOffset, n), destOffset); -} -// Not implemented correctly -function TransferArrayBuffer(O) { - return O; -} -// Not implemented correctly -function IsDetachedBuffer(O) { - return false; -} /** - * A pull-into request in a {@link ReadableByteStreamController}. - * - * @public - */ -class ReadableStreamBYOBRequest { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the view for writing in to, or `null` if the BYOB request has already been responded to. - */ - get view() { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('view'); - } - return this._view; - } - respond(bytesWritten) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respond'); - } - assertRequiredArgument(bytesWritten, 1, 'respond'); - bytesWritten = convertUnsignedLongLongWithEnforceRange(bytesWritten, 'First parameter'); - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - if (IsDetachedBuffer(this._view.buffer)) ; - ReadableByteStreamControllerRespond(this._associatedReadableByteStreamController, bytesWritten); - } - respondWithNewView(view) { - if (!IsReadableStreamBYOBRequest(this)) { - throw byobRequestBrandCheckException('respondWithNewView'); - } - assertRequiredArgument(view, 1, 'respondWithNewView'); - if (!ArrayBuffer.isView(view)) { - throw new TypeError('You can only respond with array buffer views'); - } - if (view.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (view.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._associatedReadableByteStreamController === undefined) { - throw new TypeError('This BYOB request has been invalidated'); - } - ReadableByteStreamControllerRespondWithNewView(this._associatedReadableByteStreamController, view); - } -} -Object.defineProperties(ReadableStreamBYOBRequest.prototype, { - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, - view: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBRequest.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBRequest', - configurable: true - }); -} -/** - * Allows control of a {@link ReadableStream | readable byte stream}'s state and internal queue. + * Symmetric-Key Encrypted Session Key Packets (Tag 3) * - * @public + * {@link https://tools.ietf.org/html/rfc4880#section-5.3|RFC4880 5.3}: + * The Symmetric-Key Encrypted Session Key packet holds the + * symmetric-key encryption of a session key used to encrypt a message. + * Zero or more Public-Key Encrypted Session Key packets and/or + * Symmetric-Key Encrypted Session Key packets may precede a + * Symmetrically Encrypted Data packet that holds an encrypted message. + * The message is encrypted with a session key, and the session key is + * itself encrypted and stored in the Encrypted Session Key packet or + * the Symmetric-Key Encrypted Session Key packet. */ -class ReadableByteStreamController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the current BYOB pull request, or `null` if there isn't one. - */ - get byobRequest() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('byobRequest'); - } - if (this._byobRequest === null && this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - const view = new Uint8Array(firstDescriptor.buffer, firstDescriptor.byteOffset + firstDescriptor.bytesFilled, firstDescriptor.byteLength - firstDescriptor.bytesFilled); - const byobRequest = Object.create(ReadableStreamBYOBRequest.prototype); - SetUpReadableStreamBYOBRequest(byobRequest, this, view); - this._byobRequest = byobRequest; - } - return this._byobRequest; - } +class SymEncryptedSessionKeyPacket { + static get tag() { + return enums.packet.symEncryptedSessionKey; + } + + /** + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(config$1 = config) { + this.version = config$1.aeadProtect ? 6 : 4; + this.sessionKey = null; /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying byte source ought to use this information to determine when and how to apply backpressure. + * Algorithm to encrypt the session key with + * @type {enums.symmetric} */ - get desiredSize() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('desiredSize'); - } - return ReadableByteStreamControllerGetDesiredSize(this); - } + this.sessionKeyEncryptionAlgorithm = null; /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. + * Algorithm to encrypt the message with + * @type {enums.symmetric} */ - close() { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('close'); - } - if (this._closeRequested) { - throw new TypeError('The stream has already been closed; do not close it again!'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be closed`); - } - ReadableByteStreamControllerClose(this); - } - enqueue(chunk) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('enqueue'); - } - assertRequiredArgument(chunk, 1, 'enqueue'); - if (!ArrayBuffer.isView(chunk)) { - throw new TypeError('chunk must be an array buffer view'); - } - if (chunk.byteLength === 0) { - throw new TypeError('chunk must have non-zero byteLength'); - } - if (chunk.buffer.byteLength === 0) { - throw new TypeError(`chunk's buffer must have non-zero byteLength`); - } - if (this._closeRequested) { - throw new TypeError('stream is closed or draining'); - } - const state = this._controlledReadableByteStream._state; - if (state !== 'readable') { - throw new TypeError(`The stream (in ${state} state) is not in the readable state and cannot be enqueued to`); - } - ReadableByteStreamControllerEnqueue(this, chunk); - } + this.sessionKeyAlgorithm = null; /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. + * AEAD mode to encrypt the session key with (if AEAD protection is enabled) + * @type {enums.aead} */ - error(e = undefined) { - if (!IsReadableByteStreamController(this)) { - throw byteStreamControllerBrandCheckException('error'); - } - ReadableByteStreamControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - if (this._pendingPullIntos.length > 0) { - const firstDescriptor = this._pendingPullIntos.peek(); - firstDescriptor.bytesFilled = 0; - } - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableByteStreamControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableByteStream; - if (this._queueTotalSize > 0) { - const entry = this._queue.shift(); - this._queueTotalSize -= entry.byteLength; - ReadableByteStreamControllerHandleQueueDrain(this); - const view = new Uint8Array(entry.buffer, entry.byteOffset, entry.byteLength); - readRequest._chunkSteps(view); - return; - } - const autoAllocateChunkSize = this._autoAllocateChunkSize; - if (autoAllocateChunkSize !== undefined) { - let buffer; - try { - buffer = new ArrayBuffer(autoAllocateChunkSize); - } - catch (bufferE) { - readRequest._errorSteps(bufferE); - return; - } - const pullIntoDescriptor = { - buffer, - byteOffset: 0, - byteLength: autoAllocateChunkSize, - bytesFilled: 0, - elementSize: 1, - viewConstructor: Uint8Array, - readerType: 'default' - }; - this._pendingPullIntos.push(pullIntoDescriptor); - } - ReadableStreamAddReadRequest(stream, readRequest); - ReadableByteStreamControllerCallPullIfNeeded(this); - } -} -Object.defineProperties(ReadableByteStreamController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableByteStreamController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableByteStreamController', - configurable: true - }); -} -// Abstract operations for the ReadableByteStreamController. -function IsReadableByteStreamController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableByteStream')) { - return false; - } - return true; -} -function IsReadableStreamBYOBRequest(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_associatedReadableByteStreamController')) { - return false; - } - return true; -} -function ReadableByteStreamControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableByteStreamControllerShouldCallPull(controller); - if (!shouldPull) { - return; - } - if (controller._pulling) { - controller._pullAgain = true; - return; - } - controller._pulling = true; - // TODO: Test controller argument - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableByteStreamControllerCallPullIfNeeded(controller); - } - }, e => { - ReadableByteStreamControllerError(controller, e); - }); -} -function ReadableByteStreamControllerClearPendingPullIntos(controller) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - controller._pendingPullIntos = new SimpleQueue(); -} -function ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor) { - let done = false; - if (stream._state === 'closed') { - done = true; - } - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - if (pullIntoDescriptor.readerType === 'default') { - ReadableStreamFulfillReadRequest(stream, filledView, done); - } - else { - ReadableStreamFulfillReadIntoRequest(stream, filledView, done); - } -} -function ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor) { - const bytesFilled = pullIntoDescriptor.bytesFilled; - const elementSize = pullIntoDescriptor.elementSize; - return new pullIntoDescriptor.viewConstructor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, bytesFilled / elementSize); -} -function ReadableByteStreamControllerEnqueueChunkToQueue(controller, buffer, byteOffset, byteLength) { - controller._queue.push({ buffer, byteOffset, byteLength }); - controller._queueTotalSize += byteLength; -} -function ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor) { - const elementSize = pullIntoDescriptor.elementSize; - const currentAlignedBytes = pullIntoDescriptor.bytesFilled - pullIntoDescriptor.bytesFilled % elementSize; - const maxBytesToCopy = Math.min(controller._queueTotalSize, pullIntoDescriptor.byteLength - pullIntoDescriptor.bytesFilled); - const maxBytesFilled = pullIntoDescriptor.bytesFilled + maxBytesToCopy; - const maxAlignedBytes = maxBytesFilled - maxBytesFilled % elementSize; - let totalBytesToCopyRemaining = maxBytesToCopy; - let ready = false; - if (maxAlignedBytes > currentAlignedBytes) { - totalBytesToCopyRemaining = maxAlignedBytes - pullIntoDescriptor.bytesFilled; - ready = true; - } - const queue = controller._queue; - while (totalBytesToCopyRemaining > 0) { - const headOfQueue = queue.peek(); - const bytesToCopy = Math.min(totalBytesToCopyRemaining, headOfQueue.byteLength); - const destStart = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - CopyDataBlockBytes(pullIntoDescriptor.buffer, destStart, headOfQueue.buffer, headOfQueue.byteOffset, bytesToCopy); - if (headOfQueue.byteLength === bytesToCopy) { - queue.shift(); - } - else { - headOfQueue.byteOffset += bytesToCopy; - headOfQueue.byteLength -= bytesToCopy; - } - controller._queueTotalSize -= bytesToCopy; - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesToCopy, pullIntoDescriptor); - totalBytesToCopyRemaining -= bytesToCopy; - } - return ready; -} -function ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, size, pullIntoDescriptor) { - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - pullIntoDescriptor.bytesFilled += size; -} -function ReadableByteStreamControllerHandleQueueDrain(controller) { - if (controller._queueTotalSize === 0 && controller._closeRequested) { - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(controller._controlledReadableByteStream); - } - else { - ReadableByteStreamControllerCallPullIfNeeded(controller); - } -} -function ReadableByteStreamControllerInvalidateBYOBRequest(controller) { - if (controller._byobRequest === null) { - return; - } - controller._byobRequest._associatedReadableByteStreamController = undefined; - controller._byobRequest._view = null; - controller._byobRequest = null; -} -function ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller) { - while (controller._pendingPullIntos.length > 0) { - if (controller._queueTotalSize === 0) { - return; - } - const pullIntoDescriptor = controller._pendingPullIntos.peek(); - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerPullInto(controller, view, readIntoRequest) { - const stream = controller._controlledReadableByteStream; - let elementSize = 1; - if (view.constructor !== DataView) { - elementSize = view.constructor.BYTES_PER_ELEMENT; - } - const ctor = view.constructor; - const buffer = TransferArrayBuffer(view.buffer); - const pullIntoDescriptor = { - buffer, - byteOffset: view.byteOffset, - byteLength: view.byteLength, - bytesFilled: 0, - elementSize, - viewConstructor: ctor, - readerType: 'byob' - }; - if (controller._pendingPullIntos.length > 0) { - controller._pendingPullIntos.push(pullIntoDescriptor); - // No ReadableByteStreamControllerCallPullIfNeeded() call since: - // - No change happens on desiredSize - // - The source has already been notified of that there's at least 1 pending read(view) - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - return; - } - if (stream._state === 'closed') { - const emptyView = new ctor(pullIntoDescriptor.buffer, pullIntoDescriptor.byteOffset, 0); - readIntoRequest._closeSteps(emptyView); - return; - } - if (controller._queueTotalSize > 0) { - if (ReadableByteStreamControllerFillPullIntoDescriptorFromQueue(controller, pullIntoDescriptor)) { - const filledView = ReadableByteStreamControllerConvertPullIntoDescriptor(pullIntoDescriptor); - ReadableByteStreamControllerHandleQueueDrain(controller); - readIntoRequest._chunkSteps(filledView); - return; - } - if (controller._closeRequested) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - readIntoRequest._errorSteps(e); - return; - } - } - controller._pendingPullIntos.push(pullIntoDescriptor); - ReadableStreamAddReadIntoRequest(stream, readIntoRequest); - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor) { - firstDescriptor.buffer = TransferArrayBuffer(firstDescriptor.buffer); - const stream = controller._controlledReadableByteStream; - if (ReadableStreamHasBYOBReader(stream)) { - while (ReadableStreamGetNumReadIntoRequests(stream) > 0) { - const pullIntoDescriptor = ReadableByteStreamControllerShiftPendingPullInto(controller); - ReadableByteStreamControllerCommitPullIntoDescriptor(stream, pullIntoDescriptor); - } - } -} -function ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, pullIntoDescriptor) { - if (pullIntoDescriptor.bytesFilled + bytesWritten > pullIntoDescriptor.byteLength) { - throw new RangeError('bytesWritten out of range'); - } - ReadableByteStreamControllerFillHeadPullIntoDescriptor(controller, bytesWritten, pullIntoDescriptor); - if (pullIntoDescriptor.bytesFilled < pullIntoDescriptor.elementSize) { - // TODO: Figure out whether we should detach the buffer or not here. - return; - } - ReadableByteStreamControllerShiftPendingPullInto(controller); - const remainderSize = pullIntoDescriptor.bytesFilled % pullIntoDescriptor.elementSize; - if (remainderSize > 0) { - const end = pullIntoDescriptor.byteOffset + pullIntoDescriptor.bytesFilled; - const remainder = pullIntoDescriptor.buffer.slice(end - remainderSize, end); - ReadableByteStreamControllerEnqueueChunkToQueue(controller, remainder, 0, remainder.byteLength); - } - pullIntoDescriptor.buffer = TransferArrayBuffer(pullIntoDescriptor.buffer); - pullIntoDescriptor.bytesFilled -= remainderSize; - ReadableByteStreamControllerCommitPullIntoDescriptor(controller._controlledReadableByteStream, pullIntoDescriptor); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); -} -function ReadableByteStreamControllerRespondInternal(controller, bytesWritten) { - const firstDescriptor = controller._pendingPullIntos.peek(); - const state = controller._controlledReadableByteStream._state; - if (state === 'closed') { - if (bytesWritten !== 0) { - throw new TypeError('bytesWritten must be 0 when calling respond() on a closed stream'); - } - ReadableByteStreamControllerRespondInClosedState(controller, firstDescriptor); - } - else { - ReadableByteStreamControllerRespondInReadableState(controller, bytesWritten, firstDescriptor); - } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerShiftPendingPullInto(controller) { - const descriptor = controller._pendingPullIntos.shift(); - ReadableByteStreamControllerInvalidateBYOBRequest(controller); - return descriptor; -} -function ReadableByteStreamControllerShouldCallPull(controller) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return false; - } - if (controller._closeRequested) { - return false; - } - if (!controller._started) { - return false; - } - if (ReadableStreamHasDefaultReader(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; - } - if (ReadableStreamHasBYOBReader(stream) && ReadableStreamGetNumReadIntoRequests(stream) > 0) { - return true; - } - const desiredSize = ReadableByteStreamControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; + this.aeadAlgorithm = enums.write(enums.aead, config$1.preferredAEADAlgorithm); + this.encrypted = null; + this.s2k = null; + this.iv = null; + } + + /** + * Parsing function for a symmetric encrypted session key packet (tag 3). + * + * @param {Uint8Array} bytes - Payload of a tag 3 packet + */ + read(bytes) { + let offset = 0; + + // A one-octet version number with value 4, 5 or 6. + this.version = bytes[offset++]; + if (this.version !== 4 && this.version !== 5 && this.version !== 6) { + throw new UnsupportedError(`Version ${this.version} of the SKESK packet is unsupported.`); } - return false; -} -function ReadableByteStreamControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; -} -// A client of ReadableByteStreamController may use these functions directly to bypass state check. -function ReadableByteStreamControllerClose(controller) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + + if (this.version === 6) { + // A one-octet scalar octet count of the following 5 fields. + offset++; } - if (controller._queueTotalSize > 0) { - controller._closeRequested = true; - return; + + // A one-octet number describing the symmetric algorithm used. + const algo = bytes[offset++]; + + if (this.version >= 5) { + // A one-octet AEAD algorithm. + this.aeadAlgorithm = bytes[offset++]; + + if (this.version === 6) { + // A one-octet scalar octet count of the following field. + offset++; + } } - if (controller._pendingPullIntos.length > 0) { - const firstPendingPullInto = controller._pendingPullIntos.peek(); - if (firstPendingPullInto.bytesFilled > 0) { - const e = new TypeError('Insufficient bytes to fill elements in the given buffer'); - ReadableByteStreamControllerError(controller, e); - throw e; - } + + // A string-to-key (S2K) specifier, length as defined above. + const s2kType = bytes[offset++]; + this.s2k = newS2KFromType(s2kType); + offset += this.s2k.read(bytes.subarray(offset, bytes.length)); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + + // A starting initialization vector of size specified by the AEAD + // algorithm. + this.iv = bytes.subarray(offset, offset += mode.ivLength); } - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamClose(stream); -} -function ReadableByteStreamControllerEnqueue(controller, chunk) { - const stream = controller._controlledReadableByteStream; - if (controller._closeRequested || stream._state !== 'readable') { - return; + + // The encrypted session key itself, which is decrypted with the + // string-to-key object. This is optional in version 4. + if (this.version >= 5 || offset < bytes.length) { + this.encrypted = bytes.subarray(offset, bytes.length); + this.sessionKeyEncryptionAlgorithm = algo; + } else { + this.sessionKeyAlgorithm = algo; } - const buffer = chunk.buffer; - const byteOffset = chunk.byteOffset; - const byteLength = chunk.byteLength; - const transferredBuffer = TransferArrayBuffer(buffer); - if (ReadableStreamHasDefaultReader(stream)) { - if (ReadableStreamGetNumReadRequests(stream) === 0) { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - } - else { - const transferredView = new Uint8Array(transferredBuffer, byteOffset, byteLength); - ReadableStreamFulfillReadRequest(stream, transferredView, false); - } + } + + /** + * Create a binary representation of a tag 3 packet + * + * @returns {Uint8Array} The Uint8Array representation. + */ + write() { + const algo = this.encrypted === null ? + this.sessionKeyAlgorithm : + this.sessionKeyEncryptionAlgorithm; + + let bytes; + + const s2k = this.s2k.write(); + if (this.version === 6) { + const s2kLen = s2k.length; + const fieldsLen = 3 + s2kLen + this.iv.length; + bytes = util.concatUint8Array([new Uint8Array([this.version, fieldsLen, algo, this.aeadAlgorithm, s2kLen]), s2k, this.iv, this.encrypted]); + } else if (this.version === 5) { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo, this.aeadAlgorithm]), s2k, this.iv, this.encrypted]); + } else { + bytes = util.concatUint8Array([new Uint8Array([this.version, algo]), s2k]); + + if (this.encrypted !== null) { + bytes = util.concatUint8Array([bytes, this.encrypted]); + } } - else if (ReadableStreamHasBYOBReader(stream)) { - // TODO: Ideally in this branch detaching should happen only if the buffer is not consumed fully. - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); - ReadableByteStreamControllerProcessPullIntoDescriptorsUsingQueue(controller); + + return bytes; + } + + /** + * Decrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(passphrase) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.sessionKey = await modeInstance.decrypt(this.encrypted, this.iv, adata); + } else if (this.encrypted !== null) { + const decrypted = await mod$1.mode.cfb.decrypt(algo, key, this.encrypted, new Uint8Array(blockSize)); + + this.sessionKeyAlgorithm = enums.write(enums.symmetric, decrypted[0]); + this.sessionKey = decrypted.subarray(1, decrypted.length); + if (this.sessionKey.length !== mod$1.getCipherParams(this.sessionKeyAlgorithm).keySize) { + throw new Error('Unexpected session key size'); + } + } else { + // session key size is checked as part of SEIPDv2 decryption, where we know the expected symmetric algo + this.sessionKey = key; } - else { - ReadableByteStreamControllerEnqueueChunkToQueue(controller, transferredBuffer, byteOffset, byteLength); + } + + /** + * Encrypts the session key with the given passphrase + * @param {String} passphrase - The passphrase in string form + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + const algo = this.sessionKeyEncryptionAlgorithm !== null ? + this.sessionKeyEncryptionAlgorithm : + this.sessionKeyAlgorithm; + + this.sessionKeyEncryptionAlgorithm = algo; + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + + const { blockSize, keySize } = mod$1.getCipherParams(algo); + const key = await this.s2k.produceKey(passphrase, keySize); + + if (this.sessionKey === null) { + this.sessionKey = mod$1.generateSessionKey(this.sessionKeyAlgorithm); } - ReadableByteStreamControllerCallPullIfNeeded(controller); -} -function ReadableByteStreamControllerError(controller, e) { - const stream = controller._controlledReadableByteStream; - if (stream._state !== 'readable') { - return; + + if (this.version >= 5) { + const mode = mod$1.getAEADMode(this.aeadAlgorithm); + this.iv = mod$1.random.getRandomBytes(mode.ivLength); // generate new random IV + const adata = new Uint8Array([0xC0 | SymEncryptedSessionKeyPacket.tag, this.version, this.sessionKeyEncryptionAlgorithm, this.aeadAlgorithm]); + const encryptionKey = this.version === 6 ? await computeHKDF(enums.hash.sha256, key, new Uint8Array(), adata, keySize) : key; + const modeInstance = await mode(algo, encryptionKey); + this.encrypted = await modeInstance.encrypt(this.sessionKey, this.iv, adata); + } else { + const toEncrypt = util.concatUint8Array([ + new Uint8Array([this.sessionKeyAlgorithm]), + this.sessionKey + ]); + this.encrypted = await mod$1.mode.cfb.encrypt(algo, key, toEncrypt, new Uint8Array(blockSize), config$1); } - ReadableByteStreamControllerClearPendingPullIntos(controller); - ResetQueue(controller); - ReadableByteStreamControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); -} -function ReadableByteStreamControllerGetDesiredSize(controller) { - const state = controller._controlledReadableByteStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; - } - return controller._strategyHWM - controller._queueTotalSize; -} -function ReadableByteStreamControllerRespond(controller, bytesWritten) { - bytesWritten = Number(bytesWritten); - if (!IsFiniteNonNegativeNumber(bytesWritten)) { - throw new RangeError('bytesWritten must be a finite'); - } - ReadableByteStreamControllerRespondInternal(controller, bytesWritten); -} -function ReadableByteStreamControllerRespondWithNewView(controller, view) { - const firstDescriptor = controller._pendingPullIntos.peek(); - if (firstDescriptor.byteOffset + firstDescriptor.bytesFilled !== view.byteOffset) { - throw new RangeError('The region specified by view does not match byobRequest'); - } - if (firstDescriptor.byteLength !== view.byteLength) { - throw new RangeError('The buffer of view has different capacity than byobRequest'); - } - firstDescriptor.buffer = view.buffer; - ReadableByteStreamControllerRespondInternal(controller, view.byteLength); -} -function SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize) { - controller._controlledReadableByteStream = stream; - controller._pullAgain = false; - controller._pulling = false; - controller._byobRequest = null; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._closeRequested = false; - controller._started = false; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - controller._autoAllocateChunkSize = autoAllocateChunkSize; - controller._pendingPullIntos = new SimpleQueue(); - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableByteStreamControllerCallPullIfNeeded(controller); - }, r => { - ReadableByteStreamControllerError(controller, r); - }); + } } -function SetUpReadableByteStreamControllerFromUnderlyingSource(stream, underlyingByteSource, highWaterMark) { - const controller = Object.create(ReadableByteStreamController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingByteSource.start !== undefined) { - startAlgorithm = () => underlyingByteSource.start(controller); - } - if (underlyingByteSource.pull !== undefined) { - pullAlgorithm = () => underlyingByteSource.pull(controller); - } - if (underlyingByteSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingByteSource.cancel(reason); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Key Material Packet (Tag 5,6,7,14) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: + * A key material packet contains all the information about a public or + * private key. There are four variants of this packet type, and two + * major versions. + * + * A Public-Key packet starts a series of packets that forms an OpenPGP + * key (sometimes called an OpenPGP certificate). + */ +class PublicKeyPacket { + static get tag() { + return enums.packet.publicKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + /** + * Packet version + * @type {Integer} + */ + this.version = config$1.v6Keys ? 6 : 4; + /** + * Key creation date. + * @type {Date} + */ + this.created = util.normalizeDate(date); + /** + * Public key algorithm. + * @type {enums.publicKey} + */ + this.algorithm = null; + /** + * Algorithm specific public params + * @type {Object} + */ + this.publicParams = null; + /** + * Time until expiration in days (V3 only) + * @type {Integer} + */ + this.expirationTimeV3 = 0; + /** + * Fingerprint bytes + * @type {Uint8Array} + */ + this.fingerprint = null; + /** + * KeyID + * @type {module:type/keyid~KeyID} + */ + this.keyID = null; + } + + /** + * Create a PublicKeyPacket from a SecretKeyPacket + * @param {SecretKeyPacket} secretKeyPacket - key packet to convert + * @returns {PublicKeyPacket} public key packet + * @static + */ + static fromSecretKeyPacket(secretKeyPacket) { + const keyPacket = new PublicKeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretKeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } + + /** + * Internal Parser for public keys as specified in {@link https://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} + * @param {Uint8Array} bytes - Input array to read the packet from + * @returns {Object} This object with attributes set by the parser + * @async + */ + async read(bytes, config$1 = config) { + let pos = 0; + // A one-octet version number (4, 5 or 6). + this.version = bytes[pos++]; + if (this.version === 5 && !config$1.enableParsingV5Entities) { + throw new UnsupportedError('Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed'); } - const autoAllocateChunkSize = underlyingByteSource.autoAllocateChunkSize; - if (autoAllocateChunkSize === 0) { - throw new TypeError('autoAllocateChunkSize must be greater than 0'); + + if (this.version === 4 || this.version === 5 || this.version === 6) { + // - A four-octet number denoting the time that the key was created. + this.created = util.readDate(bytes.subarray(pos, pos + 4)); + pos += 4; + + // - A one-octet number denoting the public-key algorithm of this key. + this.algorithm = bytes[pos++]; + + if (this.version >= 5) { + // - A four-octet scalar octet count for the following key material. + pos += 4; + } + + // - A series of values comprising the key material. + const { read, publicParams } = mod$1.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } + this.publicParams = publicParams; + pos += read; + + // we set the fingerprint and keyID already to make it possible to put together the key packets directly in the Key constructor + await this.computeFingerprintAndKeyID(); + return pos; } - SetUpReadableByteStreamController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, autoAllocateChunkSize); -} -function SetUpReadableStreamBYOBRequest(request, controller, view) { - request._associatedReadableByteStreamController = controller; - request._view = view; -} -// Helper functions for the ReadableStreamBYOBRequest. -function byobRequestBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBRequest.prototype.${name} can only be used on a ReadableStreamBYOBRequest`); -} -// Helper functions for the ReadableByteStreamController. -function byteStreamControllerBrandCheckException(name) { - return new TypeError(`ReadableByteStreamController.prototype.${name} can only be used on a ReadableByteStreamController`); -} + throw new UnsupportedError(`Version ${this.version} of the key packet is unsupported.`); + } -// Abstract operations for the ReadableStream. -function AcquireReadableStreamBYOBReader(stream) { - return new ReadableStreamBYOBReader(stream); -} -// ReadableStream API exposed for controllers. -function ReadableStreamAddReadIntoRequest(stream, readIntoRequest) { - stream._reader._readIntoRequests.push(readIntoRequest); -} -function ReadableStreamFulfillReadIntoRequest(stream, chunk, done) { - const reader = stream._reader; - const readIntoRequest = reader._readIntoRequests.shift(); - if (done) { - readIntoRequest._closeSteps(chunk); + /** + * Creates an OpenPGP public key packet for the given key. + * @returns {Uint8Array} Bytes encoding the public key OpenPGP packet. + */ + write() { + const arr = []; + // Version + arr.push(new Uint8Array([this.version])); + arr.push(util.writeDate(this.created)); + // A one-octet number denoting the public-key algorithm of this key + arr.push(new Uint8Array([this.algorithm])); + + const params = mod$1.serializeParams(this.algorithm, this.publicParams); + if (this.version >= 5) { + // A four-octet scalar octet count for the following key material + arr.push(util.writeNumber(params.length, 4)); } - else { - readIntoRequest._chunkSteps(chunk); + // Algorithm-specific params + arr.push(params); + return util.concatUint8Array(arr); + } + + /** + * Write packet in order to be hashed; either for a signature or a fingerprint + * @param {Integer} version - target version of signature or key + */ + writeForHash(version) { + const bytes = this.writePublicKey(); + + const versionOctet = 0x95 + version; + const lengthOctets = version >= 5 ? 4 : 2; + return util.concatUint8Array([new Uint8Array([versionOctet]), util.writeNumber(bytes.length, lengthOctets), bytes]); + } + + /** + * Check whether secret-key data is available in decrypted form. Returns null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return null; + } + + /** + * Returns the creation time of the key + * @returns {Date} + */ + getCreationTime() { + return this.created; + } + + /** + * Return the key ID of the key + * @returns {module:type/keyid~KeyID} The 8-byte key ID + */ + getKeyID() { + return this.keyID; + } + + /** + * Computes and set the key ID and fingerprint of the key + * @async + */ + async computeFingerprintAndKeyID() { + await this.computeFingerprint(); + this.keyID = new KeyID(); + + if (this.version >= 5) { + this.keyID.read(this.fingerprint.subarray(0, 8)); + } else if (this.version === 4) { + this.keyID.read(this.fingerprint.subarray(12, 20)); + } else { + throw new Error('Unsupported key version'); } -} -function ReadableStreamGetNumReadIntoRequests(stream) { - return stream._reader._readIntoRequests.length; -} -function ReadableStreamHasBYOBReader(stream) { - const reader = stream._reader; - if (reader === undefined) { - return false; + } + + /** + * Computes and set the fingerprint of the key + */ + async computeFingerprint() { + const toHash = this.writeForHash(this.version); + + if (this.version >= 5) { + this.fingerprint = await mod$1.hash.sha256(toHash); + } else if (this.version === 4) { + this.fingerprint = await mod$1.hash.sha1(toHash); + } else { + throw new Error('Unsupported key version'); } - if (!IsReadableStreamBYOBReader(reader)) { - return false; + } + + /** + * Returns the fingerprint of the key, as an array of bytes + * @returns {Uint8Array} A Uint8Array containing the fingerprint + */ + getFingerprintBytes() { + return this.fingerprint; + } + + /** + * Calculates and returns the fingerprint of the key, as a string + * @returns {String} A string containing the fingerprint in lowercase hex + */ + getFingerprint() { + return util.uint8ArrayToHex(this.getFingerprintBytes()); + } + + /** + * Calculates whether two keys have the same fingerprint without actually calculating the fingerprint + * @returns {Boolean} Whether the two keys have the same version and public key data. + */ + hasSameFingerprintAs(other) { + return this.version === other.version && util.equalsUint8Array(this.writePublicKey(), other.writePublicKey()); + } + + /** + * Returns algorithm information + * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}. + */ + getAlgorithmInfo() { + const result = {}; + result.algorithm = enums.read(enums.publicKey, this.algorithm); + // RSA, DSA or ElGamal public modulo + const modulo = this.publicParams.n || this.publicParams.p; + if (modulo) { + result.bits = util.uint8ArrayBitLength(modulo); + } else if (this.publicParams.oid) { + result.curve = this.publicParams.oid.getName(); } - return true; + return result; + } } + +/** + * Alias of read() + * @see PublicKeyPacket#read + */ +PublicKeyPacket.prototype.readPublicKey = PublicKeyPacket.prototype.read; + +/** + * Alias of write() + * @see PublicKeyPacket#write + */ +PublicKeyPacket.prototype.writePublicKey = PublicKeyPacket.prototype.write; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +// A SE packet can contain the following packet types +const allowedPackets$2 = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + OnePassSignaturePacket, + SignaturePacket +]); + /** - * A BYOB reader vended by a {@link ReadableStream}. + * Implementation of the Symmetrically Encrypted Data Packet (Tag 9) * - * @public - */ -class ReadableStreamBYOBReader { - constructor(stream) { - assertRequiredArgument(stream, 1, 'ReadableStreamBYOBReader'); - assertReadableStream(stream, 'First parameter'); - if (IsReadableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive reading by another reader'); - } - if (!IsReadableByteStreamController(stream._readableStreamController)) { - throw new TypeError('Cannot construct a ReadableStreamBYOBReader for a stream not constructed with a byte ' + - 'source'); - } - ReadableStreamReaderGenericInitialize(this, stream); - this._readIntoRequests = new SimpleQueue(); - } - /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the reader's lock is released before the stream finishes closing. - */ - get closed() { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('closed')); - } - return this._closedPromise; - } - /** - * If the reader is active, behaves the same as {@link ReadableStream.cancel | stream.cancel(reason)}. - */ - cancel(reason = undefined) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('cancel')); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('cancel')); - } - return ReadableStreamReaderGenericCancel(this, reason); - } + * {@link https://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: + * The Symmetrically Encrypted Data packet contains data encrypted with a + * symmetric-key algorithm. When it has been decrypted, it contains other + * packets (usually a literal data packet or compressed data packet, but in + * theory other Symmetrically Encrypted Data packets or sequences of packets + * that form whole OpenPGP messages). + */ +class SymmetricallyEncryptedDataPacket { + static get tag() { + return enums.packet.symmetricallyEncryptedData; + } + + constructor() { /** - * Attempts to reads bytes into view, and returns a promise resolved with the result. - * - * If reading a chunk causes the queue to become empty, more data will be pulled from the underlying source. + * Encrypted secret-key data */ - read(view) { - if (!IsReadableStreamBYOBReader(this)) { - return promiseRejectedWith(byobReaderBrandCheckException('read')); - } - if (!ArrayBuffer.isView(view)) { - return promiseRejectedWith(new TypeError('view must be an array buffer view')); - } - if (view.byteLength === 0) { - return promiseRejectedWith(new TypeError('view must have non-zero byteLength')); - } - if (view.buffer.byteLength === 0) { - return promiseRejectedWith(new TypeError(`view's buffer must have non-zero byteLength`)); - } - if (this._ownerReadableStream === undefined) { - return promiseRejectedWith(readerLockException('read from')); - } - let resolvePromise; - let rejectPromise; - const promise = newPromise((resolve, reject) => { - resolvePromise = resolve; - rejectPromise = reject; - }); - const readIntoRequest = { - _chunkSteps: chunk => resolvePromise({ value: chunk, done: false }), - _closeSteps: chunk => resolvePromise({ value: chunk, done: true }), - _errorSteps: e => rejectPromise(e) - }; - ReadableStreamBYOBReaderRead(this, view, readIntoRequest); - return promise; - } + this.encrypted = null; /** - * Releases the reader's lock on the corresponding stream. After the lock is released, the reader is no longer active. - * If the associated stream is errored when the lock is released, the reader will appear errored in the same way - * from now on; otherwise, the reader will appear closed. - * - * A reader's lock cannot be released while it still has a pending read request, i.e., if a promise returned by - * the reader's {@link ReadableStreamBYOBReader.read | read()} method has not yet been settled. Attempting to - * do so will throw a `TypeError` and leave the reader locked to the stream. + * Decrypted packets contained within. + * @type {PacketList} */ - releaseLock() { - if (!IsReadableStreamBYOBReader(this)) { - throw byobReaderBrandCheckException('releaseLock'); - } - if (this._ownerReadableStream === undefined) { - return; - } - if (this._readIntoRequests.length > 0) { - throw new TypeError('Tried to release a reader lock when that reader has pending read() calls un-settled'); - } - ReadableStreamReaderGenericRelease(this); - } -} -Object.defineProperties(ReadableStreamBYOBReader.prototype, { - cancel: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - closed: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamBYOBReader.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamBYOBReader', - configurable: true - }); -} -// Abstract operations for the readers. -function IsReadableStreamBYOBReader(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readIntoRequests')) { - return false; + this.packets = null; + } + + read(bytes) { + this.encrypted = bytes; + } + + write() { + return this.encrypted; + } + + /** + * Decrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + + * @throws {Error} if decryption was not successful + * @async + */ + async decrypt(sessionKeyAlgorithm, key, config$1 = config) { + // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error + if (!config$1.allowUnauthenticatedMessages) { + throw new Error('Message is not authenticated.'); } - return true; + + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + const encrypted = await readToEnd(clone(this.encrypted)); + const decrypted = await mod$1.mode.cfb.decrypt(sessionKeyAlgorithm, key, + encrypted.subarray(blockSize + 2), + encrypted.subarray(2, blockSize + 2) + ); + + this.packets = await PacketList.fromBinary(decrypted, allowedPackets$2, config$1); + } + + /** + * Encrypt the symmetrically-encrypted packet data + * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms. + * @param {module:enums.symmetric} sessionKeyAlgorithm - Symmetric key algorithm to use + * @param {Uint8Array} key - The key of cipher blocksize length to be used + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(sessionKeyAlgorithm, key, config$1 = config) { + const data = this.packets.write(); + const { blockSize } = mod$1.getCipherParams(sessionKeyAlgorithm); + + const prefix = await mod$1.getPrefixRandom(sessionKeyAlgorithm); + const FRE = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, prefix, new Uint8Array(blockSize), config$1); + const ciphertext = await mod$1.mode.cfb.encrypt(sessionKeyAlgorithm, key, data, FRE.subarray(2), config$1); + this.encrypted = util.concat([FRE, ciphertext]); + } } -function ReadableStreamBYOBReaderRead(reader, view, readIntoRequest) { - const stream = reader._ownerReadableStream; - stream._disturbed = true; - if (stream._state === 'errored') { - readIntoRequest._errorSteps(stream._storedError); - } - else { - ReadableByteStreamControllerPullInto(stream._readableStreamController, view, readIntoRequest); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the strange "Marker packet" (Tag 10) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: + * An experimental version of PGP used this packet as the Literal + * packet, but no released version of PGP generated Literal packets with this + * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as + * the Marker packet. + * + * The body of this packet consists of: + * The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8). + * + * Such a packet MUST be ignored when received. It may be placed at the + * beginning of a message that uses features not available in PGP + * version 2.6 in order to cause that version to report that newer + * software is necessary to process the message. + */ +class MarkerPacket { + static get tag() { + return enums.packet.marker; + } + + /** + * Parsing function for a marker data packet (tag 10). + * @param {Uint8Array} bytes - Payload of a tag 10 packet + * @returns {Boolean} whether the packet payload contains "PGP" + */ + read(bytes) { + if (bytes[0] === 0x50 && // P + bytes[1] === 0x47 && // G + bytes[2] === 0x50) { // P + return true; } + return false; + } + + write() { + return new Uint8Array([0x50, 0x47, 0x50]); + } } -// Helper functions for the ReadableStreamBYOBReader. -function byobReaderBrandCheckException(name) { - return new TypeError(`ReadableStreamBYOBReader.prototype.${name} can only be used on a ReadableStreamBYOBReader`); -} -function ExtractHighWaterMark(strategy, defaultHWM) { - const { highWaterMark } = strategy; - if (highWaterMark === undefined) { - return defaultHWM; - } - if (NumberIsNaN(highWaterMark) || highWaterMark < 0) { - throw new RangeError('Invalid highWaterMark'); - } - return highWaterMark; -} -function ExtractSizeAlgorithm(strategy) { - const { size } = strategy; - if (!size) { - return () => 1; - } - return size; -} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Public-Subkey packet (tag 14) has exactly the same format as a + * Public-Key packet, but denotes a subkey. One or more subkeys may be + * associated with a top-level key. By convention, the top-level key + * provides signature services, and the subkeys provide encryption + * services. + * @extends PublicKeyPacket + */ +class PublicSubkeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.publicSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + // eslint-disable-next-line @typescript-eslint/no-useless-constructor + constructor(date, config) { + super(date, config); + } -function convertQueuingStrategy(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - const size = init === null || init === void 0 ? void 0 : init.size; - return { - highWaterMark: highWaterMark === undefined ? undefined : convertUnrestrictedDouble(highWaterMark), - size: size === undefined ? undefined : convertQueuingStrategySize(size, `${context} has member 'size' that`) - }; -} -function convertQueuingStrategySize(fn, context) { - assertFunction(fn, context); - return chunk => convertUnrestrictedDouble(fn(chunk)); + /** + * Create a PublicSubkeyPacket from a SecretSubkeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPacket - subkey packet to convert + * @returns {SecretSubkeyPacket} public key packet + * @static + */ + static fromSecretSubkeyPacket(secretSubkeyPacket) { + const keyPacket = new PublicSubkeyPacket(); + const { version, created, algorithm, publicParams, keyID, fingerprint } = secretSubkeyPacket; + keyPacket.version = version; + keyPacket.created = created; + keyPacket.algorithm = algorithm; + keyPacket.publicParams = publicParams; + keyPacket.keyID = keyID; + keyPacket.fingerprint = fingerprint; + return keyPacket; + } } -function convertUnderlyingSink(original, context) { - assertDictionary(original, context); - const abort = original === null || original === void 0 ? void 0 : original.abort; - const close = original === null || original === void 0 ? void 0 : original.close; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - const write = original === null || original === void 0 ? void 0 : original.write; - return { - abort: abort === undefined ? - undefined : - convertUnderlyingSinkAbortCallback(abort, original, `${context} has member 'abort' that`), - close: close === undefined ? - undefined : - convertUnderlyingSinkCloseCallback(close, original, `${context} has member 'close' that`), - start: start === undefined ? - undefined : - convertUnderlyingSinkStartCallback(start, original, `${context} has member 'start' that`), - write: write === undefined ? - undefined : - convertUnderlyingSinkWriteCallback(write, original, `${context} has member 'write' that`), - type - }; -} -function convertUnderlyingSinkAbortCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSinkCloseCallback(fn, original, context) { - assertFunction(fn, context); - return () => promiseCall(fn, original, []); -} -function convertUnderlyingSinkStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertUnderlyingSinkWriteCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); -} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function assertWritableStream(x, context) { - if (!IsWritableStream(x)) { - throw new TypeError(`${context} is not a WritableStream.`); - } -} /** - * A writable stream represents a destination for data, into which you can write. + * Implementation of the User Attribute Packet (Tag 17) + * + * The User Attribute packet is a variation of the User ID packet. It + * is capable of storing more types of data than the User ID packet, + * which is limited to text. Like the User ID packet, a User Attribute + * packet may be certified by the key owner ("self-signed") or any other + * key owner who cares to certify it. Except as noted, a User Attribute + * packet may be used anywhere that a User ID packet may be used. * - * @public + * While User Attribute packets are not a required part of the OpenPGP + * standard, implementations SHOULD provide at least enough + * compatibility to properly handle a certification signature on the + * User Attribute packet. A simple way to do this is by treating the + * User Attribute packet as a User ID packet with opaque contents, but + * an implementation may use any method desired. */ -class WritableStream$1 { - constructor(rawUnderlyingSink = {}, rawStrategy = {}) { - if (rawUnderlyingSink === undefined) { - rawUnderlyingSink = null; - } - else { - assertObject(rawUnderlyingSink, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSink = convertUnderlyingSink(rawUnderlyingSink, 'First parameter'); - InitializeWritableStream(this); - const type = underlyingSink.type; - if (type !== undefined) { - throw new RangeError('Invalid type is specified'); - } - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpWritableStreamDefaultControllerFromUnderlyingSink(this, underlyingSink, highWaterMark, sizeAlgorithm); +class UserAttributePacket { + static get tag() { + return enums.packet.userAttribute; + } + + constructor() { + this.attributes = []; + } + + /** + * parsing function for a user attribute packet (tag 17). + * @param {Uint8Array} input - Payload of a tag 17 packet + */ + read(bytes) { + let i = 0; + while (i < bytes.length) { + const len = readSimpleLength(bytes.subarray(i, bytes.length)); + i += len.offset; + + this.attributes.push(util.uint8ArrayToString(bytes.subarray(i, i + len.len))); + i += len.len; } - /** - * Returns whether or not the writable stream is locked to a writer. - */ - get locked() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('locked'); - } - return IsWritableStreamLocked(this); + } + + /** + * Creates a binary representation of the user attribute packet + * @returns {Uint8Array} String representation. + */ + write() { + const arr = []; + for (let i = 0; i < this.attributes.length; i++) { + arr.push(writeSimpleLength(this.attributes[i].length)); + arr.push(util.stringToUint8Array(this.attributes[i])); + } + return util.concatUint8Array(arr); + } + + /** + * Compare for equality + * @param {UserAttributePacket} usrAttr + * @returns {Boolean} True if equal. + */ + equals(usrAttr) { + if (!usrAttr || !(usrAttr instanceof UserAttributePacket)) { + return false; } + return this.attributes.every(function(attr, index) { + return attr === usrAttr.attributes[index]; + }); + } +} + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Secret-Key packet contains all the information that is found in a + * Public-Key packet, including the public-key material, but also + * includes the secret-key material after all the public-key fields. + * @extends PublicKeyPacket + */ +class SecretKeyPacket extends PublicKeyPacket { + static get tag() { + return enums.packet.secretKey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); /** - * Aborts the stream, signaling that the producer can no longer successfully write to the stream and it is to be - * immediately moved to an errored state, with any queued-up writes discarded. This will also execute any abort - * mechanism of the underlying sink. - * - * The returned promise will fulfill if the stream shuts down successfully, or reject if the underlying sink signaled - * that there was an error doing so. Additionally, it will reject with a `TypeError` (without attempting to cancel - * the stream) if the stream is currently locked. + * Secret-key data */ - abort(reason = undefined) { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('abort')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot abort a stream that already has a writer')); - } - return WritableStreamAbort(this, reason); - } + this.keyMaterial = null; /** - * Closes the stream. The underlying sink will finish processing any previously-written chunks, before invoking its - * close behavior. During this time any further attempts to write will fail (without erroring the stream). - * - * The method returns a promise that will fulfill if all remaining chunks are successfully written and the stream - * successfully closes, or rejects if an error is encountered during this process. Additionally, it will reject with - * a `TypeError` (without attempting to cancel the stream) if the stream is currently locked. + * Indicates whether secret-key data is encrypted. `this.isEncrypted === false` means data is available in decrypted form. */ - close() { - if (!IsWritableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$2('close')); - } - if (IsWritableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot close a stream that already has a writer')); - } - if (WritableStreamCloseQueuedOrInFlight(this)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamClose(this); - } + this.isEncrypted = null; /** - * Creates a {@link WritableStreamDefaultWriter | writer} and locks the stream to the new writer. While the stream - * is locked, no other writer can be acquired until this one is released. - * - * This functionality is especially useful for creating abstractions that desire the ability to write to a stream - * without interruption or interleaving. By getting a writer for the stream, you can ensure nobody else can write at - * the same time, which would cause the resulting written data to be unpredictable and probably useless. + * S2K usage + * @type {enums.symmetric} */ - getWriter() { - if (!IsWritableStream(this)) { - throw streamBrandCheckException$2('getWriter'); - } - return AcquireWritableStreamDefaultWriter(this); - } -} -Object.defineProperties(WritableStream$1.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStream', - configurable: true - }); -} -// Abstract operations for the WritableStream. -function AcquireWritableStreamDefaultWriter(stream) { - return new WritableStreamDefaultWriter(stream); -} -// Throws if and only if startAlgorithm throws. -function CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(WritableStream$1.prototype); - InitializeWritableStream(stream); - const controller = Object.create(WritableStreamDefaultController.prototype); - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeWritableStream(stream) { - stream._state = 'writable'; - // The error that will be reported by new method calls once the state becomes errored. Only set when [[state]] is - // 'erroring' or 'errored'. May be set to an undefined value. - stream._storedError = undefined; - stream._writer = undefined; - // Initialize to undefined first because the constructor of the controller checks this - // variable to validate the caller. - stream._writableStreamController = undefined; - // This queue is placed here instead of the writer class in order to allow for passing a writer to the next data - // producer without waiting for the queued writes to finish. - stream._writeRequests = new SimpleQueue(); - // Write requests are removed from _writeRequests when write() is called on the underlying sink. This prevents - // them from being erroneously rejected on error. If a write() call is in-flight, the request is stored here. - stream._inFlightWriteRequest = undefined; - // The promise that was returned from writer.close(). Stored here because it may be fulfilled after the writer - // has been detached. - stream._closeRequest = undefined; - // Close request is removed from _closeRequest when close() is called on the underlying sink. This prevents it - // from being erroneously rejected on error. If a close() call is in-flight, the request is stored here. - stream._inFlightCloseRequest = undefined; - // The promise that was returned from writer.abort(). This may also be fulfilled after the writer has detached. - stream._pendingAbortRequest = undefined; - // The backpressure signal set by the controller. - stream._backpressure = false; -} -function IsWritableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_writableStreamController')) { - return false; - } - return true; -} -function IsWritableStreamLocked(stream) { - if (stream._writer === undefined) { - return false; - } - return true; -} -function WritableStreamAbort(stream, reason) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseResolvedWith(undefined); - } - if (stream._pendingAbortRequest !== undefined) { - return stream._pendingAbortRequest._promise; - } - let wasAlreadyErroring = false; - if (state === 'erroring') { - wasAlreadyErroring = true; - // reason will not be used, so don't keep a reference to it. - reason = undefined; - } - const promise = newPromise((resolve, reject) => { - stream._pendingAbortRequest = { - _promise: undefined, - _resolve: resolve, - _reject: reject, - _reason: reason, - _wasAlreadyErroring: wasAlreadyErroring - }; - }); - stream._pendingAbortRequest._promise = promise; - if (!wasAlreadyErroring) { - WritableStreamStartErroring(stream, reason); - } - return promise; -} -function WritableStreamClose(stream) { - const state = stream._state; - if (state === 'closed' || state === 'errored') { - return promiseRejectedWith(new TypeError(`The stream (in ${state} state) is not in the writable state and cannot be closed`)); - } - const promise = newPromise((resolve, reject) => { - const closeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._closeRequest = closeRequest; - }); - const writer = stream._writer; - if (writer !== undefined && stream._backpressure && state === 'writable') { - defaultWriterReadyPromiseResolve(writer); - } - WritableStreamDefaultControllerClose(stream._writableStreamController); - return promise; -} -// WritableStream API exposed for controllers. -function WritableStreamAddWriteRequest(stream) { - const promise = newPromise((resolve, reject) => { - const writeRequest = { - _resolve: resolve, - _reject: reject - }; - stream._writeRequests.push(writeRequest); - }); - return promise; -} -function WritableStreamDealWithRejection(stream, error) { - const state = stream._state; - if (state === 'writable') { - WritableStreamStartErroring(stream, error); - return; - } - WritableStreamFinishErroring(stream); -} -function WritableStreamStartErroring(stream, reason) { - const controller = stream._writableStreamController; - stream._state = 'erroring'; - stream._storedError = reason; - const writer = stream._writer; - if (writer !== undefined) { - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, reason); - } - if (!WritableStreamHasOperationMarkedInFlight(stream) && controller._started) { - WritableStreamFinishErroring(stream); - } -} -function WritableStreamFinishErroring(stream) { - stream._state = 'errored'; - stream._writableStreamController[ErrorSteps](); - const storedError = stream._storedError; - stream._writeRequests.forEach(writeRequest => { - writeRequest._reject(storedError); - }); - stream._writeRequests = new SimpleQueue(); - if (stream._pendingAbortRequest === undefined) { - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const abortRequest = stream._pendingAbortRequest; - stream._pendingAbortRequest = undefined; - if (abortRequest._wasAlreadyErroring) { - abortRequest._reject(storedError); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - return; - } - const promise = stream._writableStreamController[AbortSteps](abortRequest._reason); - uponPromise(promise, () => { - abortRequest._resolve(); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }, (reason) => { - abortRequest._reject(reason); - WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream); - }); -} -function WritableStreamFinishInFlightWrite(stream) { - stream._inFlightWriteRequest._resolve(undefined); - stream._inFlightWriteRequest = undefined; -} -function WritableStreamFinishInFlightWriteWithError(stream, error) { - stream._inFlightWriteRequest._reject(error); - stream._inFlightWriteRequest = undefined; - WritableStreamDealWithRejection(stream, error); -} -function WritableStreamFinishInFlightClose(stream) { - stream._inFlightCloseRequest._resolve(undefined); - stream._inFlightCloseRequest = undefined; - const state = stream._state; - if (state === 'erroring') { - // The error was too late to do anything, so it is ignored. - stream._storedError = undefined; - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._resolve(); - stream._pendingAbortRequest = undefined; - } - } - stream._state = 'closed'; - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseResolve(writer); - } -} -function WritableStreamFinishInFlightCloseWithError(stream, error) { - stream._inFlightCloseRequest._reject(error); - stream._inFlightCloseRequest = undefined; - // Never execute sink abort() after sink close(). - if (stream._pendingAbortRequest !== undefined) { - stream._pendingAbortRequest._reject(error); - stream._pendingAbortRequest = undefined; - } - WritableStreamDealWithRejection(stream, error); -} -// TODO(ricea): Fix alphabetical order. -function WritableStreamCloseQueuedOrInFlight(stream) { - if (stream._closeRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamHasOperationMarkedInFlight(stream) { - if (stream._inFlightWriteRequest === undefined && stream._inFlightCloseRequest === undefined) { - return false; - } - return true; -} -function WritableStreamMarkCloseRequestInFlight(stream) { - stream._inFlightCloseRequest = stream._closeRequest; - stream._closeRequest = undefined; -} -function WritableStreamMarkFirstWriteRequestInFlight(stream) { - stream._inFlightWriteRequest = stream._writeRequests.shift(); -} -function WritableStreamRejectCloseAndClosedPromiseIfNeeded(stream) { - if (stream._closeRequest !== undefined) { - stream._closeRequest._reject(stream._storedError); - stream._closeRequest = undefined; - } - const writer = stream._writer; - if (writer !== undefined) { - defaultWriterClosedPromiseReject(writer, stream._storedError); - } -} -function WritableStreamUpdateBackpressure(stream, backpressure) { - const writer = stream._writer; - if (writer !== undefined && backpressure !== stream._backpressure) { - if (backpressure) { - defaultWriterReadyPromiseReset(writer); - } - else { - defaultWriterReadyPromiseResolve(writer); - } - } - stream._backpressure = backpressure; -} -/** - * A default writer vended by a {@link WritableStream}. - * - * @public - */ -class WritableStreamDefaultWriter { - constructor(stream) { - assertRequiredArgument(stream, 1, 'WritableStreamDefaultWriter'); - assertWritableStream(stream, 'First parameter'); - if (IsWritableStreamLocked(stream)) { - throw new TypeError('This stream has already been locked for exclusive writing by another writer'); - } - this._ownerWritableStream = stream; - stream._writer = this; - const state = stream._state; - if (state === 'writable') { - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._backpressure) { - defaultWriterReadyPromiseInitialize(this); - } - else { - defaultWriterReadyPromiseInitializeAsResolved(this); - } - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'erroring') { - defaultWriterReadyPromiseInitializeAsRejected(this, stream._storedError); - defaultWriterClosedPromiseInitialize(this); - } - else if (state === 'closed') { - defaultWriterReadyPromiseInitializeAsResolved(this); - defaultWriterClosedPromiseInitializeAsResolved(this); - } - else { - const storedError = stream._storedError; - defaultWriterReadyPromiseInitializeAsRejected(this, storedError); - defaultWriterClosedPromiseInitializeAsRejected(this, storedError); - } - } + this.s2kUsage = 0; /** - * Returns a promise that will be fulfilled when the stream becomes closed, or rejected if the stream ever errors or - * the writer’s lock is released before the stream finishes closing. + * S2K object + * @type {type/s2k} */ - get closed() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('closed')); - } - return this._closedPromise; - } + this.s2k = null; /** - * Returns the desired size to fill the stream’s internal queue. It can be negative, if the queue is over-full. - * A producer can use this information to determine the right amount of data to write. - * - * It will be `null` if the stream cannot be successfully written to (due to either being errored, or having an abort - * queued up). It will return zero if the stream is closed. And the getter will throw an exception if invoked when - * the writer’s lock is released. + * Symmetric algorithm to encrypt the key with + * @type {enums.symmetric} */ - get desiredSize() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('desiredSize'); - } - if (this._ownerWritableStream === undefined) { - throw defaultWriterLockException('desiredSize'); - } - return WritableStreamDefaultWriterGetDesiredSize(this); - } + this.symmetric = null; /** - * Returns a promise that will be fulfilled when the desired size to fill the stream’s internal queue transitions - * from non-positive to positive, signaling that it is no longer applying backpressure. Once the desired size dips - * back to zero or below, the getter will return a new promise that stays pending until the next transition. - * - * If the stream becomes errored or aborted, or the writer’s lock is released, the returned promise will become - * rejected. + * AEAD algorithm to encrypt the key with (if AEAD protection is enabled) + * @type {enums.aead} */ - get ready() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('ready')); - } - return this._readyPromise; - } + this.aead = null; /** - * If the reader is active, behaves the same as {@link WritableStream.abort | stream.abort(reason)}. + * Whether the key is encrypted using the legacy AEAD format proposal from RFC4880bis + * (i.e. it was encrypted with the flag `config.aeadProtect` in OpenPGP.js v5 or older). + * This value is only relevant to know how to decrypt the key: + * if AEAD is enabled, a v4 key is always re-encrypted using the standard AEAD mechanism. + * @type {Boolean} + * @private */ - abort(reason = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('abort')); - } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('abort')); - } - return WritableStreamDefaultWriterAbort(this, reason); - } + this.isLegacyAEAD = null; /** - * If the reader is active, behaves the same as {@link WritableStream.close | stream.close()}. + * Decrypted private parameters, referenced by name + * @type {Object} */ - close() { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('close')); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return promiseRejectedWith(defaultWriterLockException('close')); - } - if (WritableStreamCloseQueuedOrInFlight(stream)) { - return promiseRejectedWith(new TypeError('Cannot close an already-closing stream')); - } - return WritableStreamDefaultWriterClose(this); - } + this.privateParams = null; /** - * Releases the writer’s lock on the corresponding stream. After the lock is released, the writer is no longer active. - * If the associated stream is errored when the lock is released, the writer will appear errored in the same way from - * now on; otherwise, the writer will appear closed. - * - * Note that the lock can still be released even if some ongoing writes have not yet finished (i.e. even if the - * promises returned from previous calls to {@link WritableStreamDefaultWriter.write | write()} have not yet settled). - * It’s not necessary to hold the lock on the writer for the duration of the write; the lock instead simply prevents - * other producers from writing in an interleaved manner. + * `true` for keys whose integrity is already confirmed, based on + * the AEAD encryption mechanism + * @type {Boolean} + * @private */ - releaseLock() { - if (!IsWritableStreamDefaultWriter(this)) { - throw defaultWriterBrandCheckException('releaseLock'); - } - const stream = this._ownerWritableStream; - if (stream === undefined) { - return; - } - WritableStreamDefaultWriterRelease(this); + this.usedModernAEAD = null; + } + + // 5.5.3. Secret-Key Packet Formats + + /** + * Internal parser for private keys as specified in + * {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-5.5.3|RFC4880bis-04 section 5.5.3} + * @param {Uint8Array} bytes - Input string to read the packet from + * @async + */ + async read(bytes, config$1 = config) { + // - A Public-Key or Public-Subkey packet, as described above. + let i = await this.readPublicKey(bytes, config$1); + const startOfSecretKeyData = i; + + // - One octet indicating string-to-key usage conventions. Zero + // indicates that the secret-key data is not encrypted. 255 or 254 + // indicates that a string-to-key specifier is being given. Any + // other value is a symmetric-key encryption algorithm identifier. + this.s2kUsage = bytes[i++]; + + // - Only for a version 5 packet, a one-octet scalar octet count of + // the next 4 optional fields. + if (this.version === 5) { + i++; + } + + // - Only for a version 6 packet where the secret key material is + // encrypted (that is, where the previous octet is not zero), a one- + // octet scalar octet count of the cumulative length of all the + // following optional string-to-key parameter fields. + if (this.version === 6 && this.s2kUsage) { + i++; } - write(chunk = undefined) { - if (!IsWritableStreamDefaultWriter(this)) { - return promiseRejectedWith(defaultWriterBrandCheckException('write')); + + try { + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one-octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + this.symmetric = bytes[i++]; + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + this.aead = bytes[i++]; } - if (this._ownerWritableStream === undefined) { - return promiseRejectedWith(defaultWriterLockException('write to')); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + i++; } - return WritableStreamDefaultWriterWrite(this, chunk); - } -} -Object.defineProperties(WritableStreamDefaultWriter.prototype, { - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, - closed: { enumerable: true }, - desiredSize: { enumerable: true }, - ready: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultWriter.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultWriter', - configurable: true - }); -} -// Abstract operations for the WritableStreamDefaultWriter. -function IsWritableStreamDefaultWriter(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_ownerWritableStream')) { - return false; - } - return true; -} -// A client of WritableStreamDefaultWriter may use these functions directly to bypass state check. -function WritableStreamDefaultWriterAbort(writer, reason) { - const stream = writer._ownerWritableStream; - return WritableStreamAbort(stream, reason); -} -function WritableStreamDefaultWriterClose(writer) { - const stream = writer._ownerWritableStream; - return WritableStreamClose(stream); -} -function WritableStreamDefaultWriterCloseWithErrorPropagation(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseResolvedWith(undefined); - } - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - return WritableStreamDefaultWriterClose(writer); -} -function WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, error) { - if (writer._closedPromiseState === 'pending') { - defaultWriterClosedPromiseReject(writer, error); - } - else { - defaultWriterClosedPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, error) { - if (writer._readyPromiseState === 'pending') { - defaultWriterReadyPromiseReject(writer, error); - } - else { - defaultWriterReadyPromiseResetToRejected(writer, error); - } -} -function WritableStreamDefaultWriterGetDesiredSize(writer) { - const stream = writer._ownerWritableStream; - const state = stream._state; - if (state === 'errored' || state === 'erroring') { - return null; - } - if (state === 'closed') { - return 0; - } - return WritableStreamDefaultControllerGetDesiredSize(stream._writableStreamController); -} -function WritableStreamDefaultWriterRelease(writer) { - const stream = writer._ownerWritableStream; - const releasedError = new TypeError(`Writer was released and can no longer be used to monitor the stream's closedness`); - WritableStreamDefaultWriterEnsureReadyPromiseRejected(writer, releasedError); - // The state transitions to "errored" before the sink abort() method runs, but the writer.closed promise is not - // rejected until afterwards. This means that simply testing state will not work. - WritableStreamDefaultWriterEnsureClosedPromiseRejected(writer, releasedError); - stream._writer = undefined; - writer._ownerWritableStream = undefined; -} -function WritableStreamDefaultWriterWrite(writer, chunk) { - const stream = writer._ownerWritableStream; - const controller = stream._writableStreamController; - const chunkSize = WritableStreamDefaultControllerGetChunkSize(controller, chunk); - if (stream !== writer._ownerWritableStream) { - return promiseRejectedWith(defaultWriterLockException('write to')); - } - const state = stream._state; - if (state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - if (WritableStreamCloseQueuedOrInFlight(stream) || state === 'closed') { - return promiseRejectedWith(new TypeError('The stream is closing or closed and cannot be written to')); - } - if (state === 'erroring') { - return promiseRejectedWith(stream._storedError); - } - const promise = WritableStreamAddWriteRequest(stream); - WritableStreamDefaultControllerWrite(controller, chunk, chunkSize); - return promise; -} -const closeSentinel = {}; -/** - * Allows control of a {@link WritableStream | writable stream}'s state and internal queue. - * - * @public - */ -class WritableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Closes the controlled writable stream, making all future interactions with it fail with the given error `e`. - * - * This method is rarely used, since usually it suffices to return a rejected promise from one of the underlying - * sink's methods. However, it can be useful for suddenly shutting down a stream in response to an event outside the - * normal lifecycle of interactions with the underlying sink. - */ - error(e = undefined) { - if (!IsWritableStreamDefaultController(this)) { - throw new TypeError('WritableStreamDefaultController.prototype.error can only be used on a WritableStreamDefaultController'); + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + const s2kType = bytes[i++]; + this.s2k = newS2KFromType(s2kType); + i += this.s2k.read(bytes.subarray(i, bytes.length)); + + if (this.s2k.type === 'gnu-dummy') { + return; } - const state = this._controlledWritableStream._state; - if (state !== 'writable') { - // The stream is closed, errored or will be soon. The sink can't do anything useful if it gets an error here, so - // just treat it as a no-op. - return; + } else if (this.s2kUsage) { + this.symmetric = this.s2kUsage; + } + + + if (this.s2kUsage) { + // OpenPGP.js up to v5 used to support encrypting v4 keys using AEAD as specified by draft RFC4880bis (https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.5.3-3.5). + // This legacy format is incompatible, but fundamentally indistinguishable, from that of the crypto-refresh for v4 keys (v5 keys are always in legacy format). + // While parsing the key may succeed (if IV and AES block sizes match), key decryption will always + // fail if the key was parsed according to the wrong format, since the keys are processed differently. + // Thus, for v4 keys, we rely on the caller to instruct us to process the key as legacy, via config flag. + this.isLegacyAEAD = this.s2kUsage === 253 && ( + this.version === 5 || (this.version === 4 && config$1.parseAEADEncryptedV4KeysAsLegacy)); + // - crypto-refresh: If string-to-key usage octet was 255, 254 [..], an initialization vector (IV) + // of the same length as the cipher's block size. + // - RFC4880bis (v5 keys, regardless of AEAD): an Initial Vector (IV) of the same length as the + // cipher's block size. If string-to-key usage octet was 253 the IV is used as the nonce for the AEAD algorithm. + // If the AEAD algorithm requires a shorter nonce, the high-order bits of the IV are used and the remaining bits MUST be zero + if (this.s2kUsage !== 253 || this.isLegacyAEAD) { + this.iv = bytes.subarray( + i, + i + mod$1.getCipherParams(this.symmetric).blockSize + ); + this.usedModernAEAD = false; + } else { + // crypto-refresh: If string-to-key usage octet was 253 (that is, the secret data is AEAD-encrypted), + // an initialization vector (IV) of size specified by the AEAD algorithm (see Section 5.13.2), which + // is used as the nonce for the AEAD algorithm. + this.iv = bytes.subarray( + i, + i + mod$1.getAEADMode(this.aead).ivLength + ); + // the non-legacy AEAD encryption mechanism also authenticates public key params; no need for manual validation. + this.usedModernAEAD = true; } - WritableStreamDefaultControllerError(this, e); - } - /** @internal */ - [AbortSteps](reason) { - const result = this._abortAlgorithm(reason); - WritableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [ErrorSteps]() { - ResetQueue(this); - } -} -Object.defineProperties(WritableStreamDefaultController.prototype, { - error: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(WritableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'WritableStreamDefaultController', - configurable: true - }); -} -// Abstract operations implementing interface required by the WritableStream. -function IsWritableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledWritableStream')) { - return false; - } - return true; -} -function SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledWritableStream = stream; - stream._writableStreamController = controller; - // Need to set the slots so that the assert doesn't fire. In the spec the slots already exist implicitly. - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._writeAlgorithm = writeAlgorithm; - controller._closeAlgorithm = closeAlgorithm; - controller._abortAlgorithm = abortAlgorithm; - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - const startResult = startAlgorithm(); - const startPromise = promiseResolvedWith(startResult); - uponPromise(startPromise, () => { - controller._started = true; - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, r => { - controller._started = true; - WritableStreamDealWithRejection(stream, r); - }); -} -function SetUpWritableStreamDefaultControllerFromUnderlyingSink(stream, underlyingSink, highWaterMark, sizeAlgorithm) { - const controller = Object.create(WritableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let writeAlgorithm = () => promiseResolvedWith(undefined); - let closeAlgorithm = () => promiseResolvedWith(undefined); - let abortAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSink.start !== undefined) { - startAlgorithm = () => underlyingSink.start(controller); - } - if (underlyingSink.write !== undefined) { - writeAlgorithm = chunk => underlyingSink.write(chunk, controller); - } - if (underlyingSink.close !== undefined) { - closeAlgorithm = () => underlyingSink.close(); - } - if (underlyingSink.abort !== undefined) { - abortAlgorithm = reason => underlyingSink.abort(reason); - } - SetUpWritableStreamDefaultController(stream, controller, startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, highWaterMark, sizeAlgorithm); -} -// ClearAlgorithms may be called twice. Erroring the same stream in multiple ways will often result in redundant calls. -function WritableStreamDefaultControllerClearAlgorithms(controller) { - controller._writeAlgorithm = undefined; - controller._closeAlgorithm = undefined; - controller._abortAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -function WritableStreamDefaultControllerClose(controller) { - EnqueueValueWithSize(controller, closeSentinel, 0); - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -function WritableStreamDefaultControllerGetChunkSize(controller, chunk) { - try { - return controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, chunkSizeE); - return 1; - } -} -function WritableStreamDefaultControllerGetDesiredSize(controller) { - return controller._strategyHWM - controller._queueTotalSize; -} -function WritableStreamDefaultControllerWrite(controller, chunk, chunkSize) { - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - WritableStreamDefaultControllerErrorIfNeeded(controller, enqueueE); - return; - } - const stream = controller._controlledWritableStream; - if (!WritableStreamCloseQueuedOrInFlight(stream) && stream._state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); - } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); -} -// Abstract operations for the WritableStreamDefaultController. -function WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller) { - const stream = controller._controlledWritableStream; - if (!controller._started) { - return; - } - if (stream._inFlightWriteRequest !== undefined) { - return; - } - const state = stream._state; - if (state === 'erroring') { - WritableStreamFinishErroring(stream); - return; - } - if (controller._queue.length === 0) { - return; - } - const value = PeekQueueValue(controller); - if (value === closeSentinel) { - WritableStreamDefaultControllerProcessClose(controller); - } - else { - WritableStreamDefaultControllerProcessWrite(controller, value); + + i += this.iv.length; + } + } catch (e) { + // if the s2k is unsupported, we still want to support encrypting and verifying with the given key + if (!this.s2kUsage) throw e; // always throw for decrypted keys + this.unparseableKeyMaterial = bytes.subarray(startOfSecretKeyData); + this.isEncrypted = true; } -} -function WritableStreamDefaultControllerErrorIfNeeded(controller, error) { - if (controller._controlledWritableStream._state === 'writable') { - WritableStreamDefaultControllerError(controller, error); + + // - Only for a version 5 packet, a four-octet scalar octet count for + // the following key material. + if (this.version === 5) { + i += 4; } -} -function WritableStreamDefaultControllerProcessClose(controller) { - const stream = controller._controlledWritableStream; - WritableStreamMarkCloseRequestInFlight(stream); - DequeueValue(controller); - const sinkClosePromise = controller._closeAlgorithm(); - WritableStreamDefaultControllerClearAlgorithms(controller); - uponPromise(sinkClosePromise, () => { - WritableStreamFinishInFlightClose(stream); - }, reason => { - WritableStreamFinishInFlightCloseWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerProcessWrite(controller, chunk) { - const stream = controller._controlledWritableStream; - WritableStreamMarkFirstWriteRequestInFlight(stream); - const sinkWritePromise = controller._writeAlgorithm(chunk); - uponPromise(sinkWritePromise, () => { - WritableStreamFinishInFlightWrite(stream); - const state = stream._state; - DequeueValue(controller); - if (!WritableStreamCloseQueuedOrInFlight(stream) && state === 'writable') { - const backpressure = WritableStreamDefaultControllerGetBackpressure(controller); - WritableStreamUpdateBackpressure(stream, backpressure); + + // - Plain or encrypted multiprecision integers comprising the secret + // key data. These algorithm-specific fields are as described + // below. + this.keyMaterial = bytes.subarray(i); + this.isEncrypted = !!this.s2kUsage; + + if (!this.isEncrypted) { + let cleartext; + if (this.version === 6) { + cleartext = this.keyMaterial; + } else { + cleartext = this.keyMaterial.subarray(0, -2); + if (!util.equalsUint8Array(util.writeChecksum(cleartext), this.keyMaterial.subarray(-2))) { + throw new Error('Key checksum mismatch'); } - WritableStreamDefaultControllerAdvanceQueueIfNeeded(controller); - }, reason => { - if (stream._state === 'writable') { - WritableStreamDefaultControllerClearAlgorithms(controller); + } + try { + const { read, privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + if (read < cleartext.length) { + throw new Error('Error reading MPIs'); } - WritableStreamFinishInFlightWriteWithError(stream, reason); - }); -} -function WritableStreamDefaultControllerGetBackpressure(controller) { - const desiredSize = WritableStreamDefaultControllerGetDesiredSize(controller); - return desiredSize <= 0; -} -// A client of WritableStreamDefaultController may use these functions directly to bypass state check. -function WritableStreamDefaultControllerError(controller, error) { - const stream = controller._controlledWritableStream; - WritableStreamDefaultControllerClearAlgorithms(controller); - WritableStreamStartErroring(stream, error); -} -// Helper functions for the WritableStream. -function streamBrandCheckException$2(name) { - return new TypeError(`WritableStream.prototype.${name} can only be used on a WritableStream`); -} -// Helper functions for the WritableStreamDefaultWriter. -function defaultWriterBrandCheckException(name) { - return new TypeError(`WritableStreamDefaultWriter.prototype.${name} can only be used on a WritableStreamDefaultWriter`); -} -function defaultWriterLockException(name) { - return new TypeError('Cannot ' + name + ' a stream using a released writer'); -} -function defaultWriterClosedPromiseInitialize(writer) { - writer._closedPromise = newPromise((resolve, reject) => { - writer._closedPromise_resolve = resolve; - writer._closedPromise_reject = reject; - writer._closedPromiseState = 'pending'; - }); -} -function defaultWriterClosedPromiseInitializeAsRejected(writer, reason) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseReject(writer, reason); -} -function defaultWriterClosedPromiseInitializeAsResolved(writer) { - defaultWriterClosedPromiseInitialize(writer); - defaultWriterClosedPromiseResolve(writer); -} -function defaultWriterClosedPromiseReject(writer, reason) { - if (writer._closedPromise_reject === undefined) { - return; - } - setPromiseIsHandledToTrue(writer._closedPromise); - writer._closedPromise_reject(reason); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'rejected'; -} -function defaultWriterClosedPromiseResetToRejected(writer, reason) { - defaultWriterClosedPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterClosedPromiseResolve(writer) { - if (writer._closedPromise_resolve === undefined) { - return; - } - writer._closedPromise_resolve(undefined); - writer._closedPromise_resolve = undefined; - writer._closedPromise_reject = undefined; - writer._closedPromiseState = 'resolved'; -} -function defaultWriterReadyPromiseInitialize(writer) { - writer._readyPromise = newPromise((resolve, reject) => { - writer._readyPromise_resolve = resolve; - writer._readyPromise_reject = reject; - }); - writer._readyPromiseState = 'pending'; -} -function defaultWriterReadyPromiseInitializeAsRejected(writer, reason) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseReject(writer, reason); -} -function defaultWriterReadyPromiseInitializeAsResolved(writer) { - defaultWriterReadyPromiseInitialize(writer); - defaultWriterReadyPromiseResolve(writer); -} -function defaultWriterReadyPromiseReject(writer, reason) { - if (writer._readyPromise_reject === undefined) { - return; + this.privateParams = privateParams; + } catch (err) { + if (err instanceof UnsupportedError) throw err; + // avoid throwing potentially sensitive errors + throw new Error('Error reading MPIs'); + } } - setPromiseIsHandledToTrue(writer._readyPromise); - writer._readyPromise_reject(reason); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'rejected'; -} -function defaultWriterReadyPromiseReset(writer) { - defaultWriterReadyPromiseInitialize(writer); -} -function defaultWriterReadyPromiseResetToRejected(writer, reason) { - defaultWriterReadyPromiseInitializeAsRejected(writer, reason); -} -function defaultWriterReadyPromiseResolve(writer) { - if (writer._readyPromise_resolve === undefined) { - return; + } + + /** + * Creates an OpenPGP key packet for the given key. + * @returns {Uint8Array} A string of bytes containing the secret key OpenPGP packet. + */ + write() { + const serializedPublicKey = this.writePublicKey(); + if (this.unparseableKeyMaterial) { + return util.concatUint8Array([ + serializedPublicKey, + this.unparseableKeyMaterial + ]); } - writer._readyPromise_resolve(undefined); - writer._readyPromise_resolve = undefined; - writer._readyPromise_reject = undefined; - writer._readyPromiseState = 'fulfilled'; -} -function isAbortSignal(value) { - if (typeof value !== 'object' || value === null) { - return false; + const arr = [serializedPublicKey]; + arr.push(new Uint8Array([this.s2kUsage])); + + const optionalFieldsArr = []; + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // one- octet symmetric encryption algorithm. + if (this.s2kUsage === 255 || this.s2kUsage === 254 || this.s2kUsage === 253) { + optionalFieldsArr.push(this.symmetric); + + // - [Optional] If string-to-key usage octet was 253, a one-octet + // AEAD algorithm. + if (this.s2kUsage === 253) { + optionalFieldsArr.push(this.aead); + } + + const s2k = this.s2k.write(); + + // - [Optional] Only for a version 6 packet, and if string-to-key usage + // octet was 255, 254, or 253, an one-octet count of the following field. + if (this.version === 6) { + optionalFieldsArr.push(s2k.length); + } + + // - [Optional] If string-to-key usage octet was 255, 254, or 253, a + // string-to-key specifier. The length of the string-to-key + // specifier is implied by its type, as described above. + optionalFieldsArr.push(...s2k); } - try { - return typeof value.aborted === 'boolean'; + + // - [Optional] If secret data is encrypted (string-to-key usage octet + // not zero), an Initial Vector (IV) of the same length as the + // cipher's block size. + if (this.s2kUsage && this.s2k.type !== 'gnu-dummy') { + optionalFieldsArr.push(...this.iv); } - catch (_a) { - // AbortSignal.prototype.aborted throws if its brand check fails - return false; + + if (this.version === 5 || (this.version === 6 && this.s2kUsage)) { + arr.push(new Uint8Array([optionalFieldsArr.length])); } -} + arr.push(new Uint8Array(optionalFieldsArr)); -/// -const NativeDOMException = typeof DOMException !== 'undefined' ? DOMException : undefined; + if (!this.isDummy()) { + if (!this.s2kUsage) { + this.keyMaterial = mod$1.serializeParams(this.algorithm, this.privateParams); + } -/// -function isDOMExceptionConstructor(ctor) { - if (!(typeof ctor === 'function' || typeof ctor === 'object')) { - return false; + if (this.version === 5) { + arr.push(util.writeNumber(this.keyMaterial.length, 4)); + } + arr.push(this.keyMaterial); + + if (!this.s2kUsage && this.version !== 6) { + arr.push(util.writeChecksum(this.keyMaterial)); + } } - try { - new ctor(); - return true; + + return util.concatUint8Array(arr); + } + + /** + * Check whether secret-key data is available in decrypted form. + * Returns false for gnu-dummy keys and null for public keys. + * @returns {Boolean|null} + */ + isDecrypted() { + return this.isEncrypted === false; + } + + /** + * Check whether the key includes secret key material. + * Some secret keys do not include it, and can thus only be used + * for public-key operations (encryption and verification). + * Such keys are: + * - GNU-dummy keys, where the secret material has been stripped away + * - encrypted keys with unsupported S2K or cipher + */ + isMissingSecretKeyMaterial() { + return this.unparseableKeyMaterial !== undefined || this.isDummy(); + } + + /** + * Check whether this is a gnu-dummy key + * @returns {Boolean} + */ + isDummy() { + return !!(this.s2k && this.s2k.type === 'gnu-dummy'); + } + + /** + * Remove private key material, converting the key to a dummy one. + * The resulting key cannot be used for signing/decrypting but can still verify signatures. + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + makeDummy(config$1 = config) { + if (this.isDummy()) { + return; } - catch (_a) { - return false; + if (this.isDecrypted()) { + this.clearPrivateParams(); } -} -function createDOMExceptionPolyfill() { - // eslint-disable-next-line no-shadow - const ctor = function DOMException(message, name) { - this.message = message || ''; - this.name = name || 'Error'; - if (Error.captureStackTrace) { - Error.captureStackTrace(this, this.constructor); - } - }; - ctor.prototype = Object.create(Error.prototype); - Object.defineProperty(ctor.prototype, 'constructor', { value: ctor, writable: true, configurable: true }); - return ctor; -} -// eslint-disable-next-line no-redeclare -const DOMException$1 = isDOMExceptionConstructor(NativeDOMException) ? NativeDOMException : createDOMExceptionPolyfill(); - -function ReadableStreamPipeTo(source, dest, preventClose, preventAbort, preventCancel, signal) { - const reader = AcquireReadableStreamDefaultReader(source); - const writer = AcquireWritableStreamDefaultWriter(dest); - source._disturbed = true; - let shuttingDown = false; - // This is used to keep track of the spec's requirement that we wait for ongoing writes during shutdown. - let currentWrite = promiseResolvedWith(undefined); - return newPromise((resolve, reject) => { - let abortAlgorithm; - if (signal !== undefined) { - abortAlgorithm = () => { - const error = new DOMException$1('Aborted', 'AbortError'); - const actions = []; - if (!preventAbort) { - actions.push(() => { - if (dest._state === 'writable') { - return WritableStreamAbort(dest, error); - } - return promiseResolvedWith(undefined); - }); - } - if (!preventCancel) { - actions.push(() => { - if (source._state === 'readable') { - return ReadableStreamCancel(source, error); - } - return promiseResolvedWith(undefined); - }); - } - shutdownWithAction(() => Promise.all(actions.map(action => action())), true, error); - }; - if (signal.aborted) { - abortAlgorithm(); - return; - } - signal.addEventListener('abort', abortAlgorithm); - } - // Using reader and writer, read all chunks from this and write them to dest - // - Backpressure must be enforced - // - Shutdown must stop all activity - function pipeLoop() { - return newPromise((resolveLoop, rejectLoop) => { - function next(done) { - if (done) { - resolveLoop(); - } - else { - // Use `PerformPromiseThen` instead of `uponPromise` to avoid - // adding unnecessary `.catch(rethrowAssertionErrorRejection)` handlers - PerformPromiseThen(pipeStep(), next, rejectLoop); - } - } - next(false); - }); - } - function pipeStep() { - if (shuttingDown) { - return promiseResolvedWith(true); - } - return PerformPromiseThen(writer._readyPromise, () => { - return newPromise((resolveRead, rejectRead) => { - ReadableStreamDefaultReaderRead(reader, { - _chunkSteps: chunk => { - currentWrite = PerformPromiseThen(WritableStreamDefaultWriterWrite(writer, chunk), undefined, noop); - resolveRead(false); - }, - _closeSteps: () => resolveRead(true), - _errorSteps: rejectRead - }); - }); - }); - } - // Errors must be propagated forward - isOrBecomesErrored(source, reader._closedPromise, storedError => { - if (!preventAbort) { - shutdownWithAction(() => WritableStreamAbort(dest, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Errors must be propagated backward - isOrBecomesErrored(dest, writer._closedPromise, storedError => { - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, storedError), true, storedError); - } - else { - shutdown(true, storedError); - } - }); - // Closing must be propagated forward - isOrBecomesClosed(source, reader._closedPromise, () => { - if (!preventClose) { - shutdownWithAction(() => WritableStreamDefaultWriterCloseWithErrorPropagation(writer)); - } - else { - shutdown(); - } - }); - // Closing must be propagated backward - if (WritableStreamCloseQueuedOrInFlight(dest) || dest._state === 'closed') { - const destClosed = new TypeError('the destination writable stream closed before all data could be piped to it'); - if (!preventCancel) { - shutdownWithAction(() => ReadableStreamCancel(source, destClosed), true, destClosed); - } - else { - shutdown(true, destClosed); - } - } - setPromiseIsHandledToTrue(pipeLoop()); - function waitForWritesToFinish() { - // Another write may have started while we were waiting on this currentWrite, so we have to be sure to wait - // for that too. - const oldCurrentWrite = currentWrite; - return PerformPromiseThen(currentWrite, () => oldCurrentWrite !== currentWrite ? waitForWritesToFinish() : undefined); - } - function isOrBecomesErrored(stream, promise, action) { - if (stream._state === 'errored') { - action(stream._storedError); - } - else { - uponRejection(promise, action); - } - } - function isOrBecomesClosed(stream, promise, action) { - if (stream._state === 'closed') { - action(); - } - else { - uponFulfillment(promise, action); - } - } - function shutdownWithAction(action, originalIsError, originalError) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), doTheRest); - } - else { - doTheRest(); - } - function doTheRest() { - uponPromise(action(), () => finalize(originalIsError, originalError), newError => finalize(true, newError)); - } - } - function shutdown(isError, error) { - if (shuttingDown) { - return; - } - shuttingDown = true; - if (dest._state === 'writable' && !WritableStreamCloseQueuedOrInFlight(dest)) { - uponFulfillment(waitForWritesToFinish(), () => finalize(isError, error)); - } - else { - finalize(isError, error); - } - } - function finalize(isError, error) { - WritableStreamDefaultWriterRelease(writer); - ReadableStreamReaderGenericRelease(reader); - if (signal !== undefined) { - signal.removeEventListener('abort', abortAlgorithm); - } - if (isError) { - reject(error); - } - else { - resolve(undefined); - } - } - }); -} + delete this.unparseableKeyMaterial; + this.isEncrypted = null; + this.keyMaterial = null; + this.s2k = newS2KFromType(enums.s2k.gnu, config$1); + this.s2k.algorithm = 0; + this.s2k.c = 0; + this.s2k.type = 'gnu-dummy'; + this.s2kUsage = 254; + this.symmetric = enums.symmetric.aes256; + this.isLegacyAEAD = null; + this.usedModernAEAD = null; + } -/** - * Allows control of a {@link ReadableStream | readable stream}'s state and internal queue. - * - * @public - */ -class ReadableStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the controlled stream's internal queue. It can be negative, if the queue is - * over-full. An underlying source ought to use this information to determine when and how to apply backpressure. - */ - get desiredSize() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('desiredSize'); - } - return ReadableStreamDefaultControllerGetDesiredSize(this); + /** + * Encrypt the payload. By default, we use aes256 and iterated, salted string + * to key specifier. If the key is in a decrypted state (isEncrypted === false) + * and the passphrase is empty or undefined, the key will be set as not encrypted. + * This can be used to remove passphrase protection after calling decrypt(). + * @param {String} passphrase + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if encryption was not successful + * @async + */ + async encrypt(passphrase, config$1 = config) { + if (this.isDummy()) { + return; } - /** - * Closes the controlled readable stream. Consumers will still be able to read any previously-enqueued chunks from - * the stream, but once those are read, the stream will become closed. - */ - close() { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('close'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits close'); - } - ReadableStreamDefaultControllerClose(this); + + if (!this.isDecrypted()) { + throw new Error('Key packet is already encrypted'); } - enqueue(chunk = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('enqueue'); - } - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(this)) { - throw new TypeError('The stream is not in a state that permits enqueue'); - } - return ReadableStreamDefaultControllerEnqueue(this, chunk); + + if (!passphrase) { + throw new Error('A non-empty passphrase is required for key encryption.'); } - /** - * Errors the controlled readable stream, making all future interactions with it fail with the given error `e`. - */ - error(e = undefined) { - if (!IsReadableStreamDefaultController(this)) { - throw defaultControllerBrandCheckException$1('error'); - } - ReadableStreamDefaultControllerError(this, e); - } - /** @internal */ - [CancelSteps](reason) { - ResetQueue(this); - const result = this._cancelAlgorithm(reason); - ReadableStreamDefaultControllerClearAlgorithms(this); - return result; - } - /** @internal */ - [PullSteps](readRequest) { - const stream = this._controlledReadableStream; - if (this._queue.length > 0) { - const chunk = DequeueValue(this); - if (this._closeRequested && this._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(this); - ReadableStreamClose(stream); - } - else { - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } - readRequest._chunkSteps(chunk); - } - else { - ReadableStreamAddReadRequest(stream, readRequest); - ReadableStreamDefaultControllerCallPullIfNeeded(this); - } + + this.s2k = newS2KFromConfig(config$1); + this.s2k.generateSalt(); + const cleartext = mod$1.serializeParams(this.algorithm, this.privateParams); + this.symmetric = enums.symmetric.aes256; + + const { blockSize } = mod$1.getCipherParams(this.symmetric); + + if (config$1.aeadProtect) { + this.s2kUsage = 253; + this.aead = config$1.preferredAEADAlgorithm; + const mode = mod$1.getAEADMode(this.aead); + this.isLegacyAEAD = this.version === 5; // v4 is always re-encrypted with standard format instead. + this.usedModernAEAD = !this.isLegacyAEAD; // legacy AEAD does not guarantee integrity of public key material + + const serializedPacketTag = writeTag(this.constructor.tag); + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + + const modeInstance = await mode(this.symmetric, key); + this.iv = this.isLegacyAEAD ? mod$1.random.getRandomBytes(blockSize) : mod$1.random.getRandomBytes(mode.ivLength); + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + + this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), associateData); + } else { + this.s2kUsage = 254; + this.usedModernAEAD = false; + const key = await produceEncryptionKey(this.version, this.s2k, passphrase, this.symmetric); + this.iv = mod$1.random.getRandomBytes(blockSize); + this.keyMaterial = await mod$1.mode.cfb.encrypt(this.symmetric, key, util.concatUint8Array([ + cleartext, + await mod$1.hash.sha1(cleartext, config$1) + ]), this.iv, config$1); } -} -Object.defineProperties(ReadableStreamDefaultController.prototype, { - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStreamDefaultController', - configurable: true - }); -} -// Abstract operations for the ReadableStreamDefaultController. -function IsReadableStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; + } + + /** + * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. + * {@link SecretKeyPacket.isDecrypted} should be false, as + * otherwise calls to this function will throw an error. + * @param {String} passphrase - The passphrase for this private key as string + * @throws {Error} if the key is already decrypted, or if decryption was not successful + * @async + */ + async decrypt(passphrase) { + if (this.isDummy()) { + return false; } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledReadableStream')) { - return false; + + if (this.unparseableKeyMaterial) { + throw new Error('Key packet cannot be decrypted: unsupported S2K or cipher algo'); } - return true; -} -function ReadableStreamDefaultControllerCallPullIfNeeded(controller) { - const shouldPull = ReadableStreamDefaultControllerShouldCallPull(controller); - if (!shouldPull) { - return; + + if (this.isDecrypted()) { + throw new Error('Key packet is already decrypted.'); } - if (controller._pulling) { - controller._pullAgain = true; - return; + + let key; + const serializedPacketTag = writeTag(this.constructor.tag); // relevant for AEAD only + if (this.s2kUsage === 254 || this.s2kUsage === 253) { + key = await produceEncryptionKey( + this.version, this.s2k, passphrase, this.symmetric, this.aead, serializedPacketTag, this.isLegacyAEAD); + } else if (this.s2kUsage === 255) { + throw new Error('Encrypted private key is authenticated using an insecure two-byte hash'); + } else { + throw new Error('Private key is encrypted using an insecure S2K function: unsalted MD5'); } - controller._pulling = true; - const pullPromise = controller._pullAlgorithm(); - uponPromise(pullPromise, () => { - controller._pulling = false; - if (controller._pullAgain) { - controller._pullAgain = false; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); + + let cleartext; + if (this.s2kUsage === 253) { + const mode = mod$1.getAEADMode(this.aead); + const modeInstance = await mode(this.symmetric, key); + try { + const associateData = this.isLegacyAEAD ? + new Uint8Array() : + util.concatUint8Array([serializedPacketTag, this.writePublicKey()]); + cleartext = await modeInstance.decrypt(this.keyMaterial, this.iv.subarray(0, mode.ivLength), associateData); + } catch (err) { + if (err.message === 'Authentication tag mismatch') { + throw new Error('Incorrect key passphrase: ' + err.message); } - }, e => { - ReadableStreamDefaultControllerError(controller, e); - }); -} -function ReadableStreamDefaultControllerShouldCallPull(controller) { - const stream = controller._controlledReadableStream; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return false; - } - if (!controller._started) { - return false; + throw err; + } + } else { + const cleartextWithHash = await mod$1.mode.cfb.decrypt(this.symmetric, key, this.keyMaterial, this.iv); + + cleartext = cleartextWithHash.subarray(0, -20); + const hash = await mod$1.hash.sha1(cleartext); + + if (!util.equalsUint8Array(hash, cleartextWithHash.subarray(-20))) { + throw new Error('Incorrect key passphrase'); + } } - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - return true; + + try { + const { privateParams } = mod$1.parsePrivateKeyParams(this.algorithm, cleartext, this.publicParams); + this.privateParams = privateParams; + } catch (err) { + throw new Error('Error reading MPIs'); } - const desiredSize = ReadableStreamDefaultControllerGetDesiredSize(controller); - if (desiredSize > 0) { - return true; + this.isEncrypted = false; + this.keyMaterial = null; + this.s2kUsage = 0; + this.aead = null; + this.symmetric = null; + this.isLegacyAEAD = null; + } + + /** + * Checks that the key parameters are consistent + * @throws {Error} if validation was not successful + * @async + */ + async validate() { + if (this.isDummy()) { + return; } - return false; -} -function ReadableStreamDefaultControllerClearAlgorithms(controller) { - controller._pullAlgorithm = undefined; - controller._cancelAlgorithm = undefined; - controller._strategySizeAlgorithm = undefined; -} -// A client of ReadableStreamDefaultController may use these functions directly to bypass state check. -function ReadableStreamDefaultControllerClose(controller) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; + + if (!this.isDecrypted()) { + throw new Error('Key is not decrypted'); } - const stream = controller._controlledReadableStream; - controller._closeRequested = true; - if (controller._queue.length === 0) { - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamClose(stream); + + if (this.usedModernAEAD) { + // key integrity confirmed by successful AEAD decryption + return; } -} -function ReadableStreamDefaultControllerEnqueue(controller, chunk) { - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(controller)) { - return; + + let validParams; + try { + // this can throw if some parameters are undefined + validParams = await mod$1.validateParams(this.algorithm, this.publicParams, this.privateParams); + } catch (_) { + validParams = false; } - const stream = controller._controlledReadableStream; - if (IsReadableStreamLocked(stream) && ReadableStreamGetNumReadRequests(stream) > 0) { - ReadableStreamFulfillReadRequest(stream, chunk, false); + if (!validParams) { + throw new Error('Key is invalid'); } - else { - let chunkSize; - try { - chunkSize = controller._strategySizeAlgorithm(chunk); - } - catch (chunkSizeE) { - ReadableStreamDefaultControllerError(controller, chunkSizeE); - throw chunkSizeE; - } - try { - EnqueueValueWithSize(controller, chunk, chunkSize); - } - catch (enqueueE) { - ReadableStreamDefaultControllerError(controller, enqueueE); - throw enqueueE; - } + } + + async generate(bits, curve) { + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if (this.version === 6 && ( + (this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) || + this.algorithm === enums.publicKey.eddsaLegacy + )) { + throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`); + } + const { privateParams, publicParams } = await mod$1.generateParams(this.algorithm, bits, curve); + this.privateParams = privateParams; + this.publicParams = publicParams; + this.isEncrypted = false; + } + + /** + * Clear private key parameters + */ + clearPrivateParams() { + if (this.isMissingSecretKeyMaterial()) { + return; } - ReadableStreamDefaultControllerCallPullIfNeeded(controller); + + Object.keys(this.privateParams).forEach(name => { + const param = this.privateParams[name]; + param.fill(0); + delete this.privateParams[name]; + }); + this.privateParams = null; + this.isEncrypted = true; + } } -function ReadableStreamDefaultControllerError(controller, e) { - const stream = controller._controlledReadableStream; - if (stream._state !== 'readable') { - return; - } - ResetQueue(controller); - ReadableStreamDefaultControllerClearAlgorithms(controller); - ReadableStreamError(stream, e); + +/** + * Derive encryption key + * @param {Number} keyVersion - key derivation differs for v5 keys + * @param {module:type/s2k} s2k + * @param {String} passphrase + * @param {module:enums.symmetric} cipherAlgo + * @param {module:enums.aead} [aeadMode] - for AEAD-encrypted keys only (excluding v5) + * @param {Uint8Array} [serializedPacketTag] - for AEAD-encrypted keys only (excluding v5) + * @param {Boolean} [isLegacyAEAD] - for AEAD-encrypted keys from RFC4880bis (v4 and v5 only) + * @returns encryption key + */ +async function produceEncryptionKey(keyVersion, s2k, passphrase, cipherAlgo, aeadMode, serializedPacketTag, isLegacyAEAD) { + if (s2k.type === 'argon2' && !aeadMode) { + throw new Error('Using Argon2 S2K without AEAD is not allowed'); + } + if (s2k.type === 'simple' && keyVersion === 6) { + throw new Error('Using Simple S2K with version 6 keys is not allowed'); + } + const { keySize } = mod$1.getCipherParams(cipherAlgo); + const derivedKey = await s2k.produceKey(passphrase, keySize); + if (!aeadMode || keyVersion === 5 || isLegacyAEAD) { + return derivedKey; + } + const info = util.concatUint8Array([ + serializedPacketTag, + new Uint8Array([keyVersion, cipherAlgo, aeadMode]) + ]); + return computeHKDF(enums.hash.sha256, derivedKey, new Uint8Array(), info, keySize); } -function ReadableStreamDefaultControllerGetDesiredSize(controller) { - const state = controller._controlledReadableStream._state; - if (state === 'errored') { - return null; - } - if (state === 'closed') { - return 0; + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the User ID Packet (Tag 13) + * + * A User ID packet consists of UTF-8 text that is intended to represent + * the name and email address of the key holder. By convention, it + * includes an RFC 2822 [RFC2822] mail name-addr, but there are no + * restrictions on its content. The packet length in the header + * specifies the length of the User ID. + */ +class UserIDPacket { + static get tag() { + return enums.packet.userID; + } + + constructor() { + /** A string containing the user id. Usually in the form + * John Doe + * @type {String} + */ + this.userID = ''; + + this.name = ''; + this.email = ''; + this.comment = ''; + } + + /** + * Create UserIDPacket instance from object + * @param {Object} userID - Object specifying userID name, email and comment + * @returns {UserIDPacket} + * @static + */ + static fromObject(userID) { + if (util.isString(userID) || + (userID.name && !util.isString(userID.name)) || + (userID.email && !util.isEmailAddress(userID.email)) || + (userID.comment && !util.isString(userID.comment))) { + throw new Error('Invalid user ID format'); } - return controller._strategyHWM - controller._queueTotalSize; -} -// This is used in the implementation of TransformStream. -function ReadableStreamDefaultControllerHasBackpressure(controller) { - if (ReadableStreamDefaultControllerShouldCallPull(controller)) { - return false; + const packet = new UserIDPacket(); + Object.assign(packet, userID); + const components = []; + if (packet.name) components.push(packet.name); + if (packet.comment) components.push(`(${packet.comment})`); + if (packet.email) components.push(`<${packet.email}>`); + packet.userID = components.join(' '); + return packet; + } + + /** + * Parsing function for a user id packet (tag 13). + * @param {Uint8Array} input - Payload of a tag 13 packet + */ + read(bytes, config$1 = config) { + const userID = util.decodeUTF8(bytes); + if (userID.length > config$1.maxUserIDLength) { + throw new Error('User ID string is too long'); } - return true; -} -function ReadableStreamDefaultControllerCanCloseOrEnqueue(controller) { - const state = controller._controlledReadableStream._state; - if (!controller._closeRequested && state === 'readable') { - return true; + + /** + * We support the conventional cases described in https://www.ietf.org/id/draft-dkg-openpgp-userid-conventions-00.html#section-4.1, + * as well comments placed between the name (if present) and the bracketed email address: + * - name (comment) + * - email + * In the first case, the `email` is the only required part, and it must contain the `@` symbol. + * The `name` and `comment` parts can include any letters, whitespace, and symbols, except for `(` and `)`, + * since they interfere with `comment` parsing. + */ + const re = /^(?[^()]+\s+)?(?\([^()]+\)\s+)?(?<\S+@\S+>)$/; + const matches = re.exec(userID); + if (matches !== null) { + const { name, comment, email } = matches.groups; + this.comment = comment?.replace(/^\(|\)|\s$/g, '').trim() || ''; // remove parenthesis and separating whiltespace + this.name = name?.trim() || ''; + this.email = email.substring(1, email.length - 1); // remove brackets + } else if (/^[^\s@]+@[^\s@]+$/.test(userID)) { // unbracketed email: enforce single @ and no whitespace + this.email = userID; } - return false; + + this.userID = userID; + } + + /** + * Creates a binary representation of the user id packet + * @returns {Uint8Array} Binary representation. + */ + write() { + return util.encodeUTF8(this.userID); + } + + equals(otherUserID) { + return otherUserID && otherUserID.userID === this.userID; + } } -function SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm) { - controller._controlledReadableStream = stream; - controller._queue = undefined; - controller._queueTotalSize = undefined; - ResetQueue(controller); - controller._started = false; - controller._closeRequested = false; - controller._pullAgain = false; - controller._pulling = false; - controller._strategySizeAlgorithm = sizeAlgorithm; - controller._strategyHWM = highWaterMark; - controller._pullAlgorithm = pullAlgorithm; - controller._cancelAlgorithm = cancelAlgorithm; - stream._readableStreamController = controller; - const startResult = startAlgorithm(); - uponPromise(promiseResolvedWith(startResult), () => { - controller._started = true; - ReadableStreamDefaultControllerCallPullIfNeeded(controller); - }, r => { - ReadableStreamDefaultControllerError(controller, r); - }); + +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * A Secret-Subkey packet (tag 7) is the subkey analog of the Secret + * Key packet and has exactly the same format. + * @extends SecretKeyPacket + */ +class SecretSubkeyPacket extends SecretKeyPacket { + static get tag() { + return enums.packet.secretSubkey; + } + + /** + * @param {Date} [date] - Creation date + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + constructor(date = new Date(), config$1 = config) { + super(date, config$1); + } } -function SetUpReadableStreamDefaultControllerFromUnderlyingSource(stream, underlyingSource, highWaterMark, sizeAlgorithm) { - const controller = Object.create(ReadableStreamDefaultController.prototype); - let startAlgorithm = () => undefined; - let pullAlgorithm = () => promiseResolvedWith(undefined); - let cancelAlgorithm = () => promiseResolvedWith(undefined); - if (underlyingSource.start !== undefined) { - startAlgorithm = () => underlyingSource.start(controller); - } - if (underlyingSource.pull !== undefined) { - pullAlgorithm = () => underlyingSource.pull(controller); - } - if (underlyingSource.cancel !== undefined) { - cancelAlgorithm = reason => underlyingSource.cancel(reason); - } - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); -} -// Helper functions for the ReadableStreamDefaultController. -function defaultControllerBrandCheckException$1(name) { - return new TypeError(`ReadableStreamDefaultController.prototype.${name} can only be used on a ReadableStreamDefaultController`); -} - -function ReadableStreamTee(stream, cloneForBranch2) { - const reader = AcquireReadableStreamDefaultReader(stream); - let reading = false; - let canceled1 = false; - let canceled2 = false; - let reason1; - let reason2; - let branch1; - let branch2; - let resolveCancelPromise; - const cancelPromise = newPromise(resolve => { - resolveCancelPromise = resolve; - }); - function pullAlgorithm() { - if (reading) { - return promiseResolvedWith(undefined); - } - reading = true; - const readRequest = { - _chunkSteps: value => { - // This needs to be delayed a microtask because it takes at least a microtask to detect errors (using - // reader._closedPromise below), and we want errors in stream to error both branches immediately. We cannot let - // successful synchronously-available reads get ahead of asynchronously-available errors. - queueMicrotask(() => { - reading = false; - const value1 = value; - const value2 = value; - // There is no way to access the cloning code right now in the reference implementation. - // If we add one then we'll need an implementation for serializable objects. - // if (!canceled2 && cloneForBranch2) { - // value2 = StructuredDeserialize(StructuredSerialize(value2)); - // } - if (!canceled1) { - ReadableStreamDefaultControllerEnqueue(branch1._readableStreamController, value1); - } - if (!canceled2) { - ReadableStreamDefaultControllerEnqueue(branch2._readableStreamController, value2); - } - }); - }, - _closeSteps: () => { - reading = false; - if (!canceled1) { - ReadableStreamDefaultControllerClose(branch1._readableStreamController); - } - if (!canceled2) { - ReadableStreamDefaultControllerClose(branch2._readableStreamController); - } - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }, - _errorSteps: () => { - reading = false; - } - }; - ReadableStreamDefaultReaderRead(reader, readRequest); - return promiseResolvedWith(undefined); - } - function cancel1Algorithm(reason) { - canceled1 = true; - reason1 = reason; - if (canceled2) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function cancel2Algorithm(reason) { - canceled2 = true; - reason2 = reason; - if (canceled1) { - const compositeReason = CreateArrayFromList([reason1, reason2]); - const cancelResult = ReadableStreamCancel(stream, compositeReason); - resolveCancelPromise(cancelResult); - } - return cancelPromise; - } - function startAlgorithm() { - // do nothing - } - branch1 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel1Algorithm); - branch2 = CreateReadableStream(startAlgorithm, pullAlgorithm, cancel2Algorithm); - uponRejection(reader._closedPromise, (r) => { - ReadableStreamDefaultControllerError(branch1._readableStreamController, r); - ReadableStreamDefaultControllerError(branch2._readableStreamController, r); - if (!canceled1 || !canceled2) { - resolveCancelPromise(undefined); - } - }); - return [branch1, branch2]; + +/** + * Implementation of the Trust Packet (Tag 12) + * + * {@link https://tools.ietf.org/html/rfc4880#section-5.10|RFC4880 5.10}: + * The Trust packet is used only within keyrings and is not normally + * exported. Trust packets contain data that record the user's + * specifications of which key holders are trustworthy introducers, + * along with other information that implementing software uses for + * trust information. The format of Trust packets is defined by a given + * implementation. + * + * Trust packets SHOULD NOT be emitted to output streams that are + * transferred to other users, and they SHOULD be ignored on any input + * other than local keyring files. + */ +class TrustPacket { + static get tag() { + return enums.packet.trust; + } + + /** + * Parsing function for a trust packet (tag 12). + * Currently not implemented as we ignore trust packets + */ + read() { + throw new UnsupportedError('Trust packets are not supported'); + } + + write() { + throw new UnsupportedError('Trust packets are not supported'); + } } -function convertUnderlyingDefaultOrByteSource(source, context) { - assertDictionary(source, context); - const original = source; - const autoAllocateChunkSize = original === null || original === void 0 ? void 0 : original.autoAllocateChunkSize; - const cancel = original === null || original === void 0 ? void 0 : original.cancel; - const pull = original === null || original === void 0 ? void 0 : original.pull; - const start = original === null || original === void 0 ? void 0 : original.start; - const type = original === null || original === void 0 ? void 0 : original.type; - return { - autoAllocateChunkSize: autoAllocateChunkSize === undefined ? - undefined : - convertUnsignedLongLongWithEnforceRange(autoAllocateChunkSize, `${context} has member 'autoAllocateChunkSize' that`), - cancel: cancel === undefined ? - undefined : - convertUnderlyingSourceCancelCallback(cancel, original, `${context} has member 'cancel' that`), - pull: pull === undefined ? - undefined : - convertUnderlyingSourcePullCallback(pull, original, `${context} has member 'pull' that`), - start: start === undefined ? - undefined : - convertUnderlyingSourceStartCallback(start, original, `${context} has member 'start' that`), - type: type === undefined ? undefined : convertReadableStreamType(type, `${context} has member 'type' that`) - }; -} -function convertUnderlyingSourceCancelCallback(fn, original, context) { - assertFunction(fn, context); - return (reason) => promiseCall(fn, original, [reason]); -} -function convertUnderlyingSourcePullCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertUnderlyingSourceStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertReadableStreamType(type, context) { - type = `${type}`; - if (type !== 'bytes') { - throw new TypeError(`${context} '${type}' is not a valid enumeration value for ReadableStreamType`); - } - return type; +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2022 Proton AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +/** + * Implementation of the Padding Packet + * + * {@link https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21}: + * Padding Packet + */ +class PaddingPacket { + static get tag() { + return enums.packet.padding; + } + + constructor() { + this.padding = null; + } + + /** + * Read a padding packet + * @param {Uint8Array | ReadableStream} bytes + */ + read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars + // Padding packets are ignored, so this function is never called. + } + + /** + * Write the padding packet + * @returns {Uint8Array} The padding packet. + */ + write() { + return this.padding; + } + + /** + * Create random padding. + * @param {Number} length - The length of padding to be generated. + * @throws {Error} if padding generation was not successful + * @async + */ + async createPadding(length) { + this.padding = await mod$1.random.getRandomBytes(length); + } } -function convertReaderOptions(options, context) { - assertDictionary(options, context); - const mode = options === null || options === void 0 ? void 0 : options.mode; - return { - mode: mode === undefined ? undefined : convertReadableStreamReaderMode(mode, `${context} has member 'mode' that`) - }; -} -function convertReadableStreamReaderMode(mode, context) { - mode = `${mode}`; - if (mode !== 'byob') { - throw new TypeError(`${context} '${mode}' is not a valid enumeration value for ReadableStreamReaderMode`); - } - return mode; -} +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -function convertIteratorOptions(options, context) { - assertDictionary(options, context); - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - return { preventCancel: Boolean(preventCancel) }; -} -function convertPipeOptions(options, context) { - assertDictionary(options, context); - const preventAbort = options === null || options === void 0 ? void 0 : options.preventAbort; - const preventCancel = options === null || options === void 0 ? void 0 : options.preventCancel; - const preventClose = options === null || options === void 0 ? void 0 : options.preventClose; - const signal = options === null || options === void 0 ? void 0 : options.signal; - if (signal !== undefined) { - assertAbortSignal(signal, `${context} has member 'signal' that`); - } - return { - preventAbort: Boolean(preventAbort), - preventCancel: Boolean(preventCancel), - preventClose: Boolean(preventClose), - signal - }; -} -function assertAbortSignal(signal, context) { - if (!isAbortSignal(signal)) { - throw new TypeError(`${context} is not an AbortSignal.`); - } -} +// A Signature can contain the following packets +const allowedPackets$1 = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); + +/** + * Class that represents an OpenPGP signature. + */ +class Signature { + /** + * @param {PacketList} packetlist - The signature packets + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } + + /** + * Returns binary encoded signature + * @returns {ReadableStream} Binary signature. + */ + write() { + return this.packets.write(); + } -function convertReadableWritablePair(pair, context) { - assertDictionary(pair, context); - const readable = pair === null || pair === void 0 ? void 0 : pair.readable; - assertRequiredField(readable, 'readable', 'ReadableWritablePair'); - assertReadableStream(readable, `${context} has member 'readable' that`); - const writable = pair === null || pair === void 0 ? void 0 : pair.writable; - assertRequiredField(writable, 'writable', 'ReadableWritablePair'); - assertWritableStream(writable, `${context} has member 'writable' that`); - return { readable, writable }; + /** + * Returns ASCII armored text of signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config$1); + } + + /** + * Returns an array of KeyIDs of all of the issuers who created this signature + * @returns {Array} The Key IDs of the signing keys + */ + getSigningKeyIDs() { + return this.packets.map(packet => packet.issuerKeyID); + } } /** - * A readable stream represents a source of data, from which you can read. - * - * @public + * reads an (optionally armored) OpenPGP signature and returns a signature object + * @param {Object} options + * @param {String} [options.armoredSignature] - Armored signature to be parsed + * @param {Uint8Array} [options.binarySignature] - Binary signature to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New signature object. + * @async + * @static */ -class ReadableStream$1 { - constructor(rawUnderlyingSource = {}, rawStrategy = {}) { - if (rawUnderlyingSource === undefined) { - rawUnderlyingSource = null; - } - else { - assertObject(rawUnderlyingSource, 'First parameter'); - } - const strategy = convertQueuingStrategy(rawStrategy, 'Second parameter'); - const underlyingSource = convertUnderlyingDefaultOrByteSource(rawUnderlyingSource, 'First parameter'); - InitializeReadableStream(this); - if (underlyingSource.type === 'bytes') { - if (strategy.size !== undefined) { - throw new RangeError('The strategy for a byte stream cannot have a size function'); - } - const highWaterMark = ExtractHighWaterMark(strategy, 0); - SetUpReadableByteStreamControllerFromUnderlyingSource(this, underlyingSource, highWaterMark); - } - else { - const sizeAlgorithm = ExtractSizeAlgorithm(strategy); - const highWaterMark = ExtractHighWaterMark(strategy, 1); - SetUpReadableStreamDefaultControllerFromUnderlyingSource(this, underlyingSource, highWaterMark, sizeAlgorithm); - } - } - /** - * Whether or not the readable stream is locked to a {@link ReadableStreamDefaultReader | reader}. - */ - get locked() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('locked'); - } - return IsReadableStreamLocked(this); - } - /** - * Cancels the stream, signaling a loss of interest in the stream by a consumer. - * - * The supplied `reason` argument will be given to the underlying source's {@link UnderlyingSource.cancel | cancel()} - * method, which might or might not use it. - */ - cancel(reason = undefined) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('cancel')); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('Cannot cancel a stream that already has a reader')); - } - return ReadableStreamCancel(this, reason); - } - getReader(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('getReader'); - } - const options = convertReaderOptions(rawOptions, 'First parameter'); - if (options.mode === undefined) { - return AcquireReadableStreamDefaultReader(this); - } - return AcquireReadableStreamBYOBReader(this); - } - pipeThrough(rawTransform, rawOptions = {}) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('pipeThrough'); - } - assertRequiredArgument(rawTransform, 1, 'pipeThrough'); - const transform = convertReadableWritablePair(rawTransform, 'First parameter'); - const options = convertPipeOptions(rawOptions, 'Second parameter'); - if (IsReadableStreamLocked(this)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked ReadableStream'); - } - if (IsWritableStreamLocked(transform.writable)) { - throw new TypeError('ReadableStream.prototype.pipeThrough cannot be used on a locked WritableStream'); - } - const promise = ReadableStreamPipeTo(this, transform.writable, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - setPromiseIsHandledToTrue(promise); - return transform.readable; - } - pipeTo(destination, rawOptions = {}) { - if (!IsReadableStream(this)) { - return promiseRejectedWith(streamBrandCheckException$1('pipeTo')); - } - if (destination === undefined) { - return promiseRejectedWith(`Parameter 1 is required in 'pipeTo'.`); - } - if (!IsWritableStream(destination)) { - return promiseRejectedWith(new TypeError(`ReadableStream.prototype.pipeTo's first argument must be a WritableStream`)); - } - let options; - try { - options = convertPipeOptions(rawOptions, 'Second parameter'); - } - catch (e) { - return promiseRejectedWith(e); - } - if (IsReadableStreamLocked(this)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked ReadableStream')); - } - if (IsWritableStreamLocked(destination)) { - return promiseRejectedWith(new TypeError('ReadableStream.prototype.pipeTo cannot be used on a locked WritableStream')); - } - return ReadableStreamPipeTo(this, destination, options.preventClose, options.preventAbort, options.preventCancel, options.signal); - } - /** - * Tees this readable stream, returning a two-element array containing the two resulting branches as - * new {@link ReadableStream} instances. - * - * Teeing a stream will lock it, preventing any other consumer from acquiring a reader. - * To cancel the stream, cancel both of the resulting branches; a composite cancellation reason will then be - * propagated to the stream's underlying source. - * - * Note that the chunks seen in each branch will be the same object. If the chunks are not immutable, - * this could allow interference between the two branches. - */ - tee() { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('tee'); - } - const branches = ReadableStreamTee(this); - return CreateArrayFromList(branches); +async function readSignature({ armoredSignature, binarySignature, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredSignature || binarySignature; + if (!input) { + throw new Error('readSignature: must pass options object containing `armoredSignature` or `binarySignature`'); + } + if (armoredSignature && !util.isString(armoredSignature)) { + throw new Error('readSignature: options.armoredSignature must be a string'); + } + if (binarySignature && !util.isUint8Array(binarySignature)) { + throw new Error('readSignature: options.binarySignature must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + + if (armoredSignature) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.signature) { + throw new Error('Armored text not of type signature'); } - values(rawOptions = undefined) { - if (!IsReadableStream(this)) { - throw streamBrandCheckException$1('values'); - } - const options = convertIteratorOptions(rawOptions, 'First parameter'); - return AcquireReadableStreamAsyncIterator(this, options.preventCancel); - } -} -Object.defineProperties(ReadableStream$1.prototype, { - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, - values: { enumerable: true }, - locked: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'ReadableStream', - configurable: true - }); + input = data; + } + const packetlist = await PacketList.fromBinary(input, allowedPackets$1, config$1); + return new Signature(packetlist); } -if (typeof SymbolPolyfill.asyncIterator === 'symbol') { - Object.defineProperty(ReadableStream$1.prototype, SymbolPolyfill.asyncIterator, { - value: ReadableStream$1.prototype.values, - writable: true, - configurable: true - }); + +/** + * @fileoverview Provides helpers methods for key module + * @module key/helper + */ + + +async function generateSecretSubkey(options, config) { + const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config); + secretSubkeyPacket.packets = null; + secretSubkeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretSubkeyPacket.generate(options.rsaBits, options.curve); + await secretSubkeyPacket.computeFingerprintAndKeyID(); + return secretSubkeyPacket; } -// Abstract operations for the ReadableStream. -// Throws if and only if startAlgorithm throws. -function CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark = 1, sizeAlgorithm = () => 1) { - const stream = Object.create(ReadableStream$1.prototype); - InitializeReadableStream(stream); - const controller = Object.create(ReadableStreamDefaultController.prototype); - SetUpReadableStreamDefaultController(stream, controller, startAlgorithm, pullAlgorithm, cancelAlgorithm, highWaterMark, sizeAlgorithm); - return stream; -} -function InitializeReadableStream(stream) { - stream._state = 'readable'; - stream._reader = undefined; - stream._storedError = undefined; - stream._disturbed = false; -} -function IsReadableStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_readableStreamController')) { - return false; - } - return true; + +async function generateSecretKey(options, config) { + const secretKeyPacket = new SecretKeyPacket(options.date, config); + secretKeyPacket.packets = null; + secretKeyPacket.algorithm = enums.write(enums.publicKey, options.algorithm); + await secretKeyPacket.generate(options.rsaBits, options.curve, options.config); + await secretKeyPacket.computeFingerprintAndKeyID(); + return secretKeyPacket; } -function IsReadableStreamLocked(stream) { - if (stream._reader === undefined) { - return false; + +/** + * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future. + * @param {Array} signatures - List of signatures + * @param {PublicKeyPacket|PublicSubkeyPacket} publicKey - Public key packet to verify the signature + * @param {module:enums.signature} signatureType - Signature type to determine how to hash the data (NB: for userID signatures, + * `enums.signatures.certGeneric` should be given regardless of the actual trust level) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - full configuration + * @returns {Promise} The latest valid signature. + * @async + */ +async function getLatestValidSignature(signatures, publicKey, signatureType, dataToVerify, date = new Date(), config) { + let latestValid; + let exception; + for (let i = signatures.length - 1; i >= 0; i--) { + try { + if ( + (!latestValid || signatures[i].created >= latestValid.created) + ) { + await signatures[i].verify(publicKey, signatureType, dataToVerify, date, undefined, config); + latestValid = signatures[i]; + } + } catch (e) { + exception = e; } - return true; + } + if (!latestValid) { + throw util.wrapError( + `Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${publicKey.getKeyID().toHex()}` + .replace('certGeneric ', 'self-') + .replace(/([a-z])([A-Z])/g, (_, $1, $2) => $1 + ' ' + $2.toLowerCase()), + exception); + } + return latestValid; } -// ReadableStream API exposed for controllers. -function ReadableStreamCancel(stream, reason) { - stream._disturbed = true; - if (stream._state === 'closed') { - return promiseResolvedWith(undefined); - } - if (stream._state === 'errored') { - return promiseRejectedWith(stream._storedError); - } - ReadableStreamClose(stream); - const sourceCancelPromise = stream._readableStreamController[CancelSteps](reason); - return transformPromiseWith(sourceCancelPromise, noop); + +function isDataExpired(keyPacket, signature, date = new Date()) { + const normDate = util.normalizeDate(date); + if (normDate !== null) { + const expirationTime = getKeyExpirationTime(keyPacket, signature); + return !(keyPacket.created <= normDate && normDate < expirationTime); + } + return false; } -function ReadableStreamClose(stream) { - stream._state = 'closed'; - const reader = stream._reader; - if (reader === undefined) { - return; - } - defaultReaderClosedPromiseResolve(reader); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._closeSteps(); - }); - reader._readRequests = new SimpleQueue(); - } + +/** + * Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1} + * @param {SecretSubkeyPacket} subkey - Subkey key packet + * @param {SecretKeyPacket} primaryKey - Primary key packet + * @param {Object} options + * @param {Object} config - Full configuration + */ +async function createBindingSignature(subkey, primaryKey, options, config) { + const dataToSign = {}; + dataToSign.key = primaryKey; + dataToSign.bind = subkey; + const signatureProperties = { signatureType: enums.signature.subkeyBinding }; + if (options.sign) { + signatureProperties.keyFlags = [enums.keyFlags.signData]; + signatureProperties.embeddedSignature = await createSignaturePacket(dataToSign, [], subkey, { + signatureType: enums.signature.keyBinding + }, options.date, undefined, undefined, undefined, config); + } else { + signatureProperties.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage]; + } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; + } + const subkeySignaturePacket = await createSignaturePacket(dataToSign, [], primaryKey, signatureProperties, options.date, undefined, undefined, undefined, config); + return subkeySignaturePacket; } -function ReadableStreamError(stream, e) { - stream._state = 'errored'; - stream._storedError = e; - const reader = stream._reader; - if (reader === undefined) { - return; + +/** + * Returns the preferred signature hash algorithm for a set of keys. + * @param {Array} [targetKeys] - The keys to get preferences from + * @param {SecretKeyPacket|SecretSubkeyPacket} signingKeyPacket - key packet used for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [targetUserID] - User IDs corresponding to `targetKeys` to get preferences from + * @param {Object} config - full configuration + * @returns {Promise} + * @async + */ +async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { + /** + * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the + * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). + * if no keys are available, `preferredSenderAlgo` is returned. + * For ECC signing key, the curve preferred hash is taken into account as well (see logic below). + */ + const defaultAlgo = enums.hash.sha256; // MUST implement + const preferredSenderAlgo = config.preferredHashAlgorithm; + + const supportedAlgosPerTarget = await Promise.all(targetKeys.map(async (key, i) => { + const selfCertification = await key.getPrimarySelfSignature(date, targetUserIDs[i], config); + const targetPrefs = selfCertification.preferredHashAlgorithms; + return targetPrefs; + })); + const supportedAlgosMap = new Map(); // use Map over object to preserve numeric keys + for (const supportedAlgos of supportedAlgosPerTarget) { + for (const hashAlgo of supportedAlgos) { + try { + // ensure that `hashAlgo` is recognized/implemented by us, otherwise e.g. `getHashByteLength` will throw later on + const supportedAlgo = enums.write(enums.hash, hashAlgo); + supportedAlgosMap.set( + supportedAlgo, + supportedAlgosMap.has(supportedAlgo) ? supportedAlgosMap.get(supportedAlgo) + 1 : 1 + ); + } catch {} } - defaultReaderClosedPromiseReject(reader, e); - if (IsReadableStreamDefaultReader(reader)) { - reader._readRequests.forEach(readRequest => { - readRequest._errorSteps(e); - }); - reader._readRequests = new SimpleQueue(); + } + const isSupportedHashAlgo = hashAlgo => targetKeys.length === 0 || supportedAlgosMap.get(hashAlgo) === targetKeys.length || hashAlgo === defaultAlgo; + const getStrongestSupportedHashAlgo = () => { + if (supportedAlgosMap.size === 0) { + return defaultAlgo; } - else { - reader._readIntoRequests.forEach(readIntoRequest => { - readIntoRequest._errorSteps(e); - }); - reader._readIntoRequests = new SimpleQueue(); + const sortedHashAlgos = Array.from(supportedAlgosMap.keys()) + .filter(hashAlgo => isSupportedHashAlgo(hashAlgo)) + .sort((algoA, algoB) => mod$1.hash.getHashByteLength(algoA) - mod$1.hash.getHashByteLength(algoB)); + const strongestHashAlgo = sortedHashAlgos[0]; + // defaultAlgo is always implicilty supported, and might be stronger than the rest + return mod$1.hash.getHashByteLength(strongestHashAlgo) >= mod$1.hash.getHashByteLength(defaultAlgo) ? strongestHashAlgo : defaultAlgo; + }; + + const eccAlgos = new Set([ + enums.publicKey.ecdsa, + enums.publicKey.eddsaLegacy, + enums.publicKey.ed25519, + enums.publicKey.ed448 + ]); + + if (eccAlgos.has(signingKeyPacket.algorithm)) { + // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: + // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 + // - EdDSALegacy: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3 + // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4 + // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4 + // Hence, we return the `preferredHashAlgo` as long as it's supported and strong enough; + // Otherwise, we look at the strongest supported algo, and ultimately fallback to the curve + // preferred algo, even if not supported by all targets. + const preferredCurveAlgo = mod$1.getPreferredCurveHashAlgo(signingKeyPacket.algorithm, signingKeyPacket.publicParams.oid); + + const preferredSenderAlgoIsSupported = isSupportedHashAlgo(preferredSenderAlgo); + const preferredSenderAlgoStrongerThanCurveAlgo = mod$1.hash.getHashByteLength(preferredSenderAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo); + + if (preferredSenderAlgoIsSupported && preferredSenderAlgoStrongerThanCurveAlgo) { + return preferredSenderAlgo; + } else { + const strongestSupportedAlgo = getStrongestSupportedHashAlgo(); + return mod$1.hash.getHashByteLength(strongestSupportedAlgo) >= mod$1.hash.getHashByteLength(preferredCurveAlgo) ? + strongestSupportedAlgo : + preferredCurveAlgo; } -} -// Helper functions for the ReadableStream. -function streamBrandCheckException$1(name) { - return new TypeError(`ReadableStream.prototype.${name} can only be used on a ReadableStream`); -} + } -function convertQueuingStrategyInit(init, context) { - assertDictionary(init, context); - const highWaterMark = init === null || init === void 0 ? void 0 : init.highWaterMark; - assertRequiredField(highWaterMark, 'highWaterMark', 'QueuingStrategyInit'); - return { - highWaterMark: convertUnrestrictedDouble(highWaterMark) - }; + // `preferredSenderAlgo` may be weaker than the default, but we do not guard against this, + // since it was manually set by the sender. + return isSupportedHashAlgo(preferredSenderAlgo) ? preferredSenderAlgo : getStrongestSupportedHashAlgo(); } -const byteLengthSizeFunction = function size(chunk) { - return chunk.byteLength; -}; /** - * A queuing strategy that counts the number of bytes in each chunk. - * - * @public + * Returns the preferred compression algorithm for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Preferred compression algorithm + * @async */ -class ByteLengthQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'ByteLengthQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._byteLengthQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('highWaterMark'); - } - return this._byteLengthQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by returning the value of its `byteLength` property. - */ - get size() { - if (!IsByteLengthQueuingStrategy(this)) { - throw byteLengthBrandCheckException('size'); - } - return byteLengthSizeFunction; - } -} -Object.defineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(ByteLengthQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'ByteLengthQueuingStrategy', - configurable: true - }); -} -// Helper functions for the ByteLengthQueuingStrategy. -function byteLengthBrandCheckException(name) { - return new TypeError(`ByteLengthQueuingStrategy.prototype.${name} can only be used on a ByteLengthQueuingStrategy`); -} -function IsByteLengthQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_byteLengthQueuingStrategyHighWaterMark')) { - return false; - } - return true; +async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const defaultAlgo = enums.compression.uncompressed; + const preferredSenderAlgo = config$1.preferredCompressionAlgorithm; + + // if preferredSenderAlgo appears in the prefs of all recipients, we pick it + // otherwise we use the default algo + // if no keys are available, preferredSenderAlgo is returned + const senderAlgoSupport = await Promise.all(keys.map(async function(key, i) { + const selfCertification = await key.getPrimarySelfSignature(date, userIDs[i], config$1); + const recipientPrefs = selfCertification.preferredCompressionAlgorithms; + return !!recipientPrefs && recipientPrefs.indexOf(preferredSenderAlgo) >= 0; + })); + return senderAlgoSupport.every(Boolean) ? preferredSenderAlgo : defaultAlgo; } -const countSizeFunction = function size() { - return 1; -}; /** - * A queuing strategy that counts the number of chunks. - * - * @public + * Returns the preferred symmetric and AEAD algorithm (if any) for a set of keys + * @param {Array} [keys] - Set of keys + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Array} [userIDs] - User IDs + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ symmetricAlgo: module:enums.symmetric, aeadAlgo: module:enums.aead | undefined }>} Object containing the preferred symmetric algorithm, and the preferred AEAD algorithm, or undefined if CFB is preferred + * @async */ -class CountQueuingStrategy { - constructor(options) { - assertRequiredArgument(options, 1, 'CountQueuingStrategy'); - options = convertQueuingStrategyInit(options, 'First parameter'); - this._countQueuingStrategyHighWaterMark = options.highWaterMark; - } - /** - * Returns the high water mark provided to the constructor. - */ - get highWaterMark() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('highWaterMark'); - } - return this._countQueuingStrategyHighWaterMark; - } - /** - * Measures the size of `chunk` by always returning 1. - * This ensures that the total queue size is a count of the number of chunks in the queue. - */ - get size() { - if (!IsCountQueuingStrategy(this)) { - throw countBrandCheckException('size'); - } - return countSizeFunction; - } -} -Object.defineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(CountQueuingStrategy.prototype, SymbolPolyfill.toStringTag, { - value: 'CountQueuingStrategy', - configurable: true - }); -} -// Helper functions for the CountQueuingStrategy. -function countBrandCheckException(name) { - return new TypeError(`CountQueuingStrategy.prototype.${name} can only be used on a CountQueuingStrategy`); -} -function IsCountQueuingStrategy(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_countQueuingStrategyHighWaterMark')) { - return false; +async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) { + const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1))); + const withAEAD = keys.length ? + selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) : + config$1.aeadProtect; + + if (withAEAD) { + const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb }; + const desiredCipherSuites = [ + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: config$1.preferredAEADAlgorithm }, + { symmetricAlgo: config$1.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb }, + { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config$1.preferredAEADAlgorithm } + ]; + for (const desiredCipherSuite of desiredCipherSuites) { + if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some( + cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo + ))) { + return desiredCipherSuite; + } } - return true; + return defaultCipherSuite; + } + const defaultSymAlgo = enums.symmetric.aes128; + const desiredSymAlgo = config$1.preferredSymmetricAlgorithm; + return { + symmetricAlgo: selfSigs.every(selfSig => selfSig.preferredSymmetricAlgorithms && selfSig.preferredSymmetricAlgorithms.includes(desiredSymAlgo)) ? + desiredSymAlgo : + defaultSymAlgo, + aeadAlgo: undefined + }; } -function convertTransformer(original, context) { - assertDictionary(original, context); - const flush = original === null || original === void 0 ? void 0 : original.flush; - const readableType = original === null || original === void 0 ? void 0 : original.readableType; - const start = original === null || original === void 0 ? void 0 : original.start; - const transform = original === null || original === void 0 ? void 0 : original.transform; - const writableType = original === null || original === void 0 ? void 0 : original.writableType; - return { - flush: flush === undefined ? - undefined : - convertTransformerFlushCallback(flush, original, `${context} has member 'flush' that`), - readableType, - start: start === undefined ? - undefined : - convertTransformerStartCallback(start, original, `${context} has member 'start' that`), - transform: transform === undefined ? - undefined : - convertTransformerTransformCallback(transform, original, `${context} has member 'transform' that`), - writableType - }; -} -function convertTransformerFlushCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => promiseCall(fn, original, [controller]); -} -function convertTransformerStartCallback(fn, original, context) { - assertFunction(fn, context); - return (controller) => reflectCall(fn, original, [controller]); -} -function convertTransformerTransformCallback(fn, original, context) { - assertFunction(fn, context); - return (chunk, controller) => promiseCall(fn, original, [chunk, controller]); +/** + * Create signature packet + * @param {Object} dataToSign - Contains packets to be signed + * @param {Array} recipientKeys - keys to get preferences from + * @param {SecretKeyPacket| + * SecretSubkeyPacket} signingKeyPacket secret key packet for signing + * @param {Object} [signatureProperties] - Properties to write on the signature packet before signing + * @param {Date} [date] - Override the creationtime of the signature + * @param {Object} [userID] - User ID + * @param {Array} [notations] - Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [detached] - Whether to create a detached signature packet + * @param {Object} config - full configuration + * @returns {Promise} Signature packet. + */ +async function createSignaturePacket(dataToSign, recipientKeys, signingKeyPacket, signatureProperties, date, recipientUserIDs, notations = [], detached = false, config) { + if (signingKeyPacket.isDummy()) { + throw new Error('Cannot sign with a gnu-dummy key.'); + } + if (!signingKeyPacket.isDecrypted()) { + throw new Error('Signing key is not decrypted.'); + } + const signaturePacket = new SignaturePacket(); + Object.assign(signaturePacket, signatureProperties); + signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; + signaturePacket.hashAlgorithm = await getPreferredHashAlgo(recipientKeys, signingKeyPacket, date, recipientUserIDs, config); + signaturePacket.rawNotations = [...notations]; + await signaturePacket.sign(signingKeyPacket, dataToSign, date, detached, config); + return signaturePacket; } -// Class TransformStream /** - * A transform stream consists of a pair of streams: a {@link WritableStream | writable stream}, - * known as its writable side, and a {@link ReadableStream | readable stream}, known as its readable side. - * In a manner specific to the transform stream in question, writes to the writable side result in new data being - * made available for reading from the readable side. - * - * @public + * Merges signatures from source[attr] to dest[attr] + * @param {Object} source + * @param {Object} dest + * @param {String} attr + * @param {Date} [date] - date to use for signature expiration check, instead of the current time + * @param {Function} [checkFn] - signature only merged if true */ -class TransformStream$1 { - constructor(rawTransformer = {}, rawWritableStrategy = {}, rawReadableStrategy = {}) { - if (rawTransformer === undefined) { - rawTransformer = null; - } - const writableStrategy = convertQueuingStrategy(rawWritableStrategy, 'Second parameter'); - const readableStrategy = convertQueuingStrategy(rawReadableStrategy, 'Third parameter'); - const transformer = convertTransformer(rawTransformer, 'First parameter'); - if (transformer.readableType !== undefined) { - throw new RangeError('Invalid readableType specified'); - } - if (transformer.writableType !== undefined) { - throw new RangeError('Invalid writableType specified'); - } - const readableHighWaterMark = ExtractHighWaterMark(readableStrategy, 0); - const readableSizeAlgorithm = ExtractSizeAlgorithm(readableStrategy); - const writableHighWaterMark = ExtractHighWaterMark(writableStrategy, 1); - const writableSizeAlgorithm = ExtractSizeAlgorithm(writableStrategy); - let startPromise_resolve; - const startPromise = newPromise(resolve => { - startPromise_resolve = resolve; - }); - InitializeTransformStream(this, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - SetUpTransformStreamDefaultControllerFromTransformer(this, transformer); - if (transformer.start !== undefined) { - startPromise_resolve(transformer.start(this._transformStreamController)); - } - else { - startPromise_resolve(undefined); - } - } - /** - * The readable side of the transform stream. - */ - get readable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('readable'); - } - return this._readable; - } - /** - * The writable side of the transform stream. - */ - get writable() { - if (!IsTransformStream(this)) { - throw streamBrandCheckException('writable'); +async function mergeSignatures(source, dest, attr, date = new Date(), checkFn) { + source = source[attr]; + if (source) { + if (!dest[attr].length) { + dest[attr] = source; + } else { + await Promise.all(source.map(async function(sourceSig) { + if (!sourceSig.isExpired(date) && (!checkFn || await checkFn(sourceSig)) && + !dest[attr].some(function(destSig) { + return util.equalsUint8Array(destSig.writeParams(), sourceSig.writeParams()); + })) { + dest[attr].push(sourceSig); } - return this._writable; - } -} -Object.defineProperties(TransformStream$1.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStream$1.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStream', - configurable: true - }); -} -function InitializeTransformStream(stream, startPromise, writableHighWaterMark, writableSizeAlgorithm, readableHighWaterMark, readableSizeAlgorithm) { - function startAlgorithm() { - return startPromise; - } - function writeAlgorithm(chunk) { - return TransformStreamDefaultSinkWriteAlgorithm(stream, chunk); - } - function abortAlgorithm(reason) { - return TransformStreamDefaultSinkAbortAlgorithm(stream, reason); - } - function closeAlgorithm() { - return TransformStreamDefaultSinkCloseAlgorithm(stream); - } - stream._writable = CreateWritableStream(startAlgorithm, writeAlgorithm, closeAlgorithm, abortAlgorithm, writableHighWaterMark, writableSizeAlgorithm); - function pullAlgorithm() { - return TransformStreamDefaultSourcePullAlgorithm(stream); - } - function cancelAlgorithm(reason) { - TransformStreamErrorWritableAndUnblockWrite(stream, reason); - return promiseResolvedWith(undefined); - } - stream._readable = CreateReadableStream(startAlgorithm, pullAlgorithm, cancelAlgorithm, readableHighWaterMark, readableSizeAlgorithm); - // The [[backpressure]] slot is set to undefined so that it can be initialised by TransformStreamSetBackpressure. - stream._backpressure = undefined; - stream._backpressureChangePromise = undefined; - stream._backpressureChangePromise_resolve = undefined; - TransformStreamSetBackpressure(stream, true); - stream._transformStreamController = undefined; -} -function IsTransformStream(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_transformStreamController')) { - return false; - } - return true; -} -// This is a no-op if both sides are already errored. -function TransformStreamError(stream, e) { - ReadableStreamDefaultControllerError(stream._readable._readableStreamController, e); - TransformStreamErrorWritableAndUnblockWrite(stream, e); -} -function TransformStreamErrorWritableAndUnblockWrite(stream, e) { - TransformStreamDefaultControllerClearAlgorithms(stream._transformStreamController); - WritableStreamDefaultControllerErrorIfNeeded(stream._writable._writableStreamController, e); - if (stream._backpressure) { - // Pretend that pull() was called to permit any pending write() calls to complete. TransformStreamSetBackpressure() - // cannot be called from enqueue() or pull() once the ReadableStream is errored, so this will will be the final time - // _backpressure is set. - TransformStreamSetBackpressure(stream, false); - } -} -function TransformStreamSetBackpressure(stream, backpressure) { - // Passes also when called during construction. - if (stream._backpressureChangePromise !== undefined) { - stream._backpressureChangePromise_resolve(); + })); } - stream._backpressureChangePromise = newPromise(resolve => { - stream._backpressureChangePromise_resolve = resolve; - }); - stream._backpressure = backpressure; + } } -// Class TransformStreamDefaultController + /** - * Allows control of the {@link ReadableStream} and {@link WritableStream} of the associated {@link TransformStream}. - * - * @public + * Checks if a given certificate or binding signature is revoked + * @param {SecretKeyPacket| + * PublicKeyPacket} primaryKey The primary key packet + * @param {Object} dataToVerify - The data to check + * @param {Array} revocations - The revocation signatures to check + * @param {SignaturePacket} signature - The certificate or signature to check + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key packet to verify the signature, instead of the primary key + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the signature revokes the data. + * @async */ -class TransformStreamDefaultController { - constructor() { - throw new TypeError('Illegal constructor'); - } - /** - * Returns the desired size to fill the readable side’s internal queue. It can be negative, if the queue is over-full. - */ - get desiredSize() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('desiredSize'); - } - const readableController = this._controlledTransformStream._readable._readableStreamController; - return ReadableStreamDefaultControllerGetDesiredSize(readableController); - } - enqueue(chunk = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('enqueue'); - } - TransformStreamDefaultControllerEnqueue(this, chunk); - } - /** - * Errors both the readable side and the writable side of the controlled transform stream, making all future - * interactions with it fail with the given error `e`. Any chunks queued for transformation will be discarded. - */ - error(reason = undefined) { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('error'); - } - TransformStreamDefaultControllerError(this, reason); - } - /** - * Closes the readable side and errors the writable side of the controlled transform stream. This is useful when the - * transformer only needs to consume a portion of the chunks written to the writable side. - */ - terminate() { - if (!IsTransformStreamDefaultController(this)) { - throw defaultControllerBrandCheckException('terminate'); - } - TransformStreamDefaultControllerTerminate(this); - } -} -Object.defineProperties(TransformStreamDefaultController.prototype, { - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, - desiredSize: { enumerable: true } -}); -if (typeof SymbolPolyfill.toStringTag === 'symbol') { - Object.defineProperty(TransformStreamDefaultController.prototype, SymbolPolyfill.toStringTag, { - value: 'TransformStreamDefaultController', - configurable: true - }); -} -// Transform Stream Default Controller Abstract Operations -function IsTransformStreamDefaultController(x) { - if (!typeIsObject(x)) { - return false; - } - if (!Object.prototype.hasOwnProperty.call(x, '_controlledTransformStream')) { - return false; - } - return true; -} -function SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm) { - controller._controlledTransformStream = stream; - stream._transformStreamController = controller; - controller._transformAlgorithm = transformAlgorithm; - controller._flushAlgorithm = flushAlgorithm; -} -function SetUpTransformStreamDefaultControllerFromTransformer(stream, transformer) { - const controller = Object.create(TransformStreamDefaultController.prototype); - let transformAlgorithm = (chunk) => { - try { - TransformStreamDefaultControllerEnqueue(controller, chunk); - return promiseResolvedWith(undefined); - } - catch (transformResultE) { - return promiseRejectedWith(transformResultE); - } - }; - let flushAlgorithm = () => promiseResolvedWith(undefined); - if (transformer.transform !== undefined) { - transformAlgorithm = chunk => transformer.transform(chunk, controller); - } - if (transformer.flush !== undefined) { - flushAlgorithm = () => transformer.flush(controller); - } - SetUpTransformStreamDefaultController(stream, controller, transformAlgorithm, flushAlgorithm); -} -function TransformStreamDefaultControllerClearAlgorithms(controller) { - controller._transformAlgorithm = undefined; - controller._flushAlgorithm = undefined; -} -function TransformStreamDefaultControllerEnqueue(controller, chunk) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - if (!ReadableStreamDefaultControllerCanCloseOrEnqueue(readableController)) { - throw new TypeError('Readable side is not in a state that permits enqueue'); - } - // We throttle transform invocations based on the backpressure of the ReadableStream, but we still - // accept TransformStreamDefaultControllerEnqueue() calls. +async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date(), config) { + key = key || primaryKey; + const revocationKeyIDs = []; + await Promise.all(revocations.map(async function(revocationSignature) { try { - ReadableStreamDefaultControllerEnqueue(readableController, chunk); - } - catch (e) { - // This happens when readableStrategy.size() throws. - TransformStreamErrorWritableAndUnblockWrite(stream, e); - throw stream._readable._storedError; - } - const backpressure = ReadableStreamDefaultControllerHasBackpressure(readableController); - if (backpressure !== stream._backpressure) { - TransformStreamSetBackpressure(stream, true); - } -} -function TransformStreamDefaultControllerError(controller, e) { - TransformStreamError(controller._controlledTransformStream, e); -} -function TransformStreamDefaultControllerPerformTransform(controller, chunk) { - const transformPromise = controller._transformAlgorithm(chunk); - return transformPromiseWith(transformPromise, undefined, r => { - TransformStreamError(controller._controlledTransformStream, r); - throw r; - }); -} -function TransformStreamDefaultControllerTerminate(controller) { - const stream = controller._controlledTransformStream; - const readableController = stream._readable._readableStreamController; - ReadableStreamDefaultControllerClose(readableController); - const error = new TypeError('TransformStream terminated'); - TransformStreamErrorWritableAndUnblockWrite(stream, error); -} -// TransformStreamDefaultSink Algorithms -function TransformStreamDefaultSinkWriteAlgorithm(stream, chunk) { - const controller = stream._transformStreamController; - if (stream._backpressure) { - const backpressureChangePromise = stream._backpressureChangePromise; - return transformPromiseWith(backpressureChangePromise, () => { - const writable = stream._writable; - const state = writable._state; - if (state === 'erroring') { - throw writable._storedError; - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); - }); - } - return TransformStreamDefaultControllerPerformTransform(controller, chunk); -} -function TransformStreamDefaultSinkAbortAlgorithm(stream, reason) { - // abort() is not called synchronously, so it is possible for abort() to be called when the stream is already - // errored. - TransformStreamError(stream, reason); - return promiseResolvedWith(undefined); -} -function TransformStreamDefaultSinkCloseAlgorithm(stream) { - // stream._readable cannot change after construction, so caching it across a call to user code is safe. - const readable = stream._readable; - const controller = stream._transformStreamController; - const flushPromise = controller._flushAlgorithm(); - TransformStreamDefaultControllerClearAlgorithms(controller); - // Return a promise that is fulfilled with undefined on success. - return transformPromiseWith(flushPromise, () => { - if (readable._state === 'errored') { - throw readable._storedError; - } - ReadableStreamDefaultControllerClose(readable._readableStreamController); - }, r => { - TransformStreamError(stream, r); - throw readable._storedError; - }); -} -// TransformStreamDefaultSource Algorithms -function TransformStreamDefaultSourcePullAlgorithm(stream) { - // Invariant. Enforced by the promises returned by start() and pull(). - TransformStreamSetBackpressure(stream, false); - // Prevent the next pull() call until there is backpressure. - return stream._backpressureChangePromise; -} -// Helper functions for the TransformStreamDefaultController. -function defaultControllerBrandCheckException(name) { - return new TypeError(`TransformStreamDefaultController.prototype.${name} can only be used on a TransformStreamDefaultController`); + if ( + // Note: a third-party revocation signature could legitimately revoke a + // self-signature if the signature has an authorized revocation key. + // However, we don't support passing authorized revocation keys, nor + // verifying such revocation signatures. Instead, we indicate an error + // when parsing a key with an authorized revocation key, and ignore + // third-party revocation signatures here. (It could also be revoking a + // third-party key certification, which should only affect + // `verifyAllCertifications`.) + !signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID) + ) { + const isHardRevocation = ![ + enums.reasonForRevocation.keyRetired, + enums.reasonForRevocation.keySuperseded, + enums.reasonForRevocation.userIDInvalid + ].includes(revocationSignature.reasonForRevocationFlag); + + await revocationSignature.verify( + key, signatureType, dataToVerify, isHardRevocation ? null : date, false, config + ); + + // TODO get an identifier of the revoked object instead + revocationKeyIDs.push(revocationSignature.issuerKeyID); + } + } catch (e) {} + })); + // TODO further verify that this is the signature that should be revoked + if (signature) { + signature.revoked = revocationKeyIDs.some(keyID => keyID.equals(signature.issuerKeyID)) ? true : + signature.revoked || false; + return signature.revoked; + } + return revocationKeyIDs.length > 0; } -// Helper functions for the TransformStream. -function streamBrandCheckException(name) { - return new TypeError(`TransformStream.prototype.${name} can only be used on a TransformStream`); + +/** + * Returns key expiration time based on the given certification signature. + * The expiration time of the signature is ignored. + * @param {PublicSubkeyPacket|PublicKeyPacket} keyPacket - key to check + * @param {SignaturePacket} signature - signature to process + * @returns {Date|Infinity} expiration time or infinity if the key does not expire + */ +function getKeyExpirationTime(keyPacket, signature) { + let expirationTime; + // check V4 expiration time + if (signature.keyNeverExpires === false) { + expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000; + } + return expirationTime ? new Date(expirationTime) : Infinity; } -var ponyfill_es6 = /*#__PURE__*/Object.freeze({ - __proto__: null, - ByteLengthQueuingStrategy: ByteLengthQueuingStrategy, - CountQueuingStrategy: CountQueuingStrategy, - ReadableByteStreamController: ReadableByteStreamController, - ReadableStream: ReadableStream$1, - ReadableStreamBYOBReader: ReadableStreamBYOBReader, - ReadableStreamBYOBRequest: ReadableStreamBYOBRequest, - ReadableStreamDefaultController: ReadableStreamDefaultController, - ReadableStreamDefaultReader: ReadableStreamDefaultReader, - TransformStream: TransformStream$1, - TransformStreamDefaultController: TransformStreamDefaultController, - WritableStream: WritableStream$1, - WritableStreamDefaultController: WritableStreamDefaultController, - WritableStreamDefaultWriter: WritableStreamDefaultWriter -}); +function sanitizeKeyOptions(options, subkeyDefaults = {}) { + options.type = options.type || subkeyDefaults.type; + options.curve = options.curve || subkeyDefaults.curve; + options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; + options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; -/*! ***************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise */ - -var extendStatics = function(d, b) { - extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return extendStatics(d, b); -}; + options.sign = options.sign || false; -function __extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); + switch (options.type) { + case 'ecc': // NB: this case also handles legacy eddsa and x25519 keys, based on `options.curve` + try { + options.curve = enums.write(enums.curve, options.curve); + } catch (e) { + throw new Error('Unknown curve'); + } + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.curve25519Legacy || + options.curve === 'ed25519' || options.curve === 'curve25519') { // keep support for curve names without 'Legacy' addition, for now + options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.curve25519Legacy; + } + if (options.sign) { + options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; + } else { + options.algorithm = enums.publicKey.ecdh; + } + break; + case 'curve25519': + options.algorithm = options.sign ? enums.publicKey.ed25519 : enums.publicKey.x25519; + break; + case 'curve448': + options.algorithm = options.sign ? enums.publicKey.ed448 : enums.publicKey.x448; + break; + case 'rsa': + options.algorithm = enums.publicKey.rsaEncryptSign; + break; + default: + throw new Error(`Unsupported key type ${options.type}`); + } + return options; } -function assert$1(test) { - if (!test) { - throw new TypeError('Assertion failed'); - } +function validateSigningKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ed25519: + case enums.publicKey.ed448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + default: + return false; + } } -function noop$1() { - return; -} -function typeIsObject$1(x) { - return (typeof x === 'object' && x !== null) || typeof x === 'function'; +function validateEncryptionKeyPacket(keyPacket, signature, config) { + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; + default: + return false; + } } -function isStreamConstructor(ctor) { - if (typeof ctor !== 'function') { - return false; - } - var startCalled = false; - try { - new ctor({ - start: function () { - startCalled = true; - } - }); - } - catch (e) { - // ignore - } - return startCalled; -} -function isReadableStream(readable) { - if (!typeIsObject$1(readable)) { - return false; - } - if (typeof readable.getReader !== 'function') { - return false; - } - return true; -} -function isReadableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isReadableStream(new ctor())) { - return false; - } - return true; -} -function isWritableStream(writable) { - if (!typeIsObject$1(writable)) { - return false; - } - if (typeof writable.getWriter !== 'function') { - return false; - } - return true; -} -function isWritableStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isWritableStream(new ctor())) { - return false; - } - return true; -} -function isTransformStream(transform) { - if (!typeIsObject$1(transform)) { - return false; - } - if (!isReadableStream(transform.readable)) { - return false; - } - if (!isWritableStream(transform.writable)) { - return false; - } - return true; -} -function isTransformStreamConstructor(ctor) { - if (!isStreamConstructor(ctor)) { - return false; - } - if (!isTransformStream(new ctor())) { - return false; - } - return true; -} -function supportsByobReader(readable) { - try { - var reader = readable.getReader({ mode: 'byob' }); - reader.releaseLock(); - return true; - } - catch (_a) { - return false; - } -} -function supportsByteSource(ctor) { - try { - new ctor({ type: 'bytes' }); +function validateDecryptionKeyPacket(keyPacket, signature, config) { + if (!signature.keyFlags && !config.allowMissingKeyFlags) { + throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); + } + + switch (keyPacket.algorithm) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaEncrypt: + case enums.publicKey.elgamal: + case enums.publicKey.ecdh: + case enums.publicKey.x25519: + case enums.publicKey.x448: { + const isValidSigningKeyPacket = !signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.signData) !== 0; + if (isValidSigningKeyPacket && config.allowInsecureDecryptionWithSigningKeys) { + // This is only relevant for RSA keys, all other signing algorithms cannot decrypt return true; - } - catch (_a) { - return false; - } -} + } -function createReadableStreamWrapper(ctor) { - assert$1(isReadableStreamConstructor(ctor)); - var byteSourceSupported = supportsByteSource(ctor); - return function (readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - type = parseReadableType(type); - if (type === 'bytes' && !byteSourceSupported) { - type = undefined; - } - if (readable.constructor === ctor) { - if (type !== 'bytes' || supportsByobReader(readable)) { - return readable; - } - } - if (type === 'bytes') { - var source = createWrappingReadableSource(readable, { type: type }); - return new ctor(source); - } - else { - var source = createWrappingReadableSource(readable); - return new ctor(source); - } - }; -} -function createWrappingReadableSource(readable, _a) { - var _b = _a === void 0 ? {} : _a, type = _b.type; - assert$1(isReadableStream(readable)); - assert$1(readable.locked === false); - type = parseReadableType(type); - var source; - if (type === 'bytes') { - source = new WrappingReadableByteStreamSource(readable); - } - else { - source = new WrappingReadableStreamDefaultSource(readable); - } - return source; -} -function parseReadableType(type) { - var typeString = String(type); - if (typeString === 'bytes') { - return typeString; - } - else if (type === undefined) { - return type; - } - else { - throw new RangeError('Invalid type is specified'); - } -} -var AbstractWrappingReadableStreamSource = /** @class */ (function () { - function AbstractWrappingReadableStreamSource(underlyingStream) { - this._underlyingReader = undefined; - this._readerMode = undefined; - this._readableStreamController = undefined; - this._pendingRead = undefined; - this._underlyingStream = underlyingStream; - // always keep a reader attached to detect close/error - this._attachDefaultReader(); - } - AbstractWrappingReadableStreamSource.prototype.start = function (controller) { - this._readableStreamController = controller; - }; - AbstractWrappingReadableStreamSource.prototype.cancel = function (reason) { - assert$1(this._underlyingReader !== undefined); - return this._underlyingReader.cancel(reason); - }; - AbstractWrappingReadableStreamSource.prototype._attachDefaultReader = function () { - if (this._readerMode === "default" /* DEFAULT */) { - return; - } - this._detachReader(); - var reader = this._underlyingStream.getReader(); - this._readerMode = "default" /* DEFAULT */; - this._attachReader(reader); - }; - AbstractWrappingReadableStreamSource.prototype._attachReader = function (reader) { - var _this = this; - assert$1(this._underlyingReader === undefined); - this._underlyingReader = reader; - var closed = this._underlyingReader.closed; - if (!closed) { - return; - } - closed - .then(function () { return _this._finishPendingRead(); }) - .then(function () { - if (reader === _this._underlyingReader) { - _this._readableStreamController.close(); - } - }, function (reason) { - if (reader === _this._underlyingReader) { - _this._readableStreamController.error(reason); - } - }) - .catch(noop$1); - }; - AbstractWrappingReadableStreamSource.prototype._detachReader = function () { - if (this._underlyingReader === undefined) { - return; - } - this._underlyingReader.releaseLock(); - this._underlyingReader = undefined; - this._readerMode = undefined; - }; - AbstractWrappingReadableStreamSource.prototype._pullWithDefaultReader = function () { - var _this = this; - this._attachDefaultReader(); - // TODO Backpressure? - var read = this._underlyingReader.read() - .then(function (result) { - var controller = _this._readableStreamController; - if (result.done) { - _this._tryClose(); - } - else { - controller.enqueue(result.value); - } - }); - this._setPendingRead(read); - return read; - }; - AbstractWrappingReadableStreamSource.prototype._tryClose = function () { - try { - this._readableStreamController.close(); - } - catch (_a) { - // already errored or closed - } - }; - AbstractWrappingReadableStreamSource.prototype._setPendingRead = function (readPromise) { - var _this = this; - var pendingRead; - var finishRead = function () { - if (_this._pendingRead === pendingRead) { - _this._pendingRead = undefined; - } - }; - this._pendingRead = pendingRead = readPromise.then(finishRead, finishRead); - }; - AbstractWrappingReadableStreamSource.prototype._finishPendingRead = function () { - var _this = this; - if (!this._pendingRead) { - return undefined; - } - var afterRead = function () { return _this._finishPendingRead(); }; - return this._pendingRead.then(afterRead, afterRead); - }; - return AbstractWrappingReadableStreamSource; -}()); -var WrappingReadableStreamDefaultSource = /** @class */ (function (_super) { - __extends(WrappingReadableStreamDefaultSource, _super); - function WrappingReadableStreamDefaultSource() { - return _super !== null && _super.apply(this, arguments) || this; + return !signature.keyFlags || + (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 || + (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0; } - WrappingReadableStreamDefaultSource.prototype.pull = function () { - return this._pullWithDefaultReader(); - }; - return WrappingReadableStreamDefaultSource; -}(AbstractWrappingReadableStreamSource)); -function toUint8Array(view) { - return new Uint8Array(view.buffer, view.byteOffset, view.byteLength); -} -function copyArrayBufferView(from, to) { - var fromArray = toUint8Array(from); - var toArray = toUint8Array(to); - toArray.set(fromArray, 0); -} -var WrappingReadableByteStreamSource = /** @class */ (function (_super) { - __extends(WrappingReadableByteStreamSource, _super); - function WrappingReadableByteStreamSource(underlyingStream) { - var _this = this; - var supportsByob = supportsByobReader(underlyingStream); - _this = _super.call(this, underlyingStream) || this; - _this._supportsByob = supportsByob; - return _this; - } - Object.defineProperty(WrappingReadableByteStreamSource.prototype, "type", { - get: function () { - return 'bytes'; - }, - enumerable: false, - configurable: true - }); - WrappingReadableByteStreamSource.prototype._attachByobReader = function () { - if (this._readerMode === "byob" /* BYOB */) { - return; - } - assert$1(this._supportsByob); - this._detachReader(); - var reader = this._underlyingStream.getReader({ mode: 'byob' }); - this._readerMode = "byob" /* BYOB */; - this._attachReader(reader); - }; - WrappingReadableByteStreamSource.prototype.pull = function () { - if (this._supportsByob) { - var byobRequest = this._readableStreamController.byobRequest; - if (byobRequest) { - return this._pullWithByobRequest(byobRequest); - } - } - return this._pullWithDefaultReader(); - }; - WrappingReadableByteStreamSource.prototype._pullWithByobRequest = function (byobRequest) { - var _this = this; - this._attachByobReader(); - // reader.read(view) detaches the input view, therefore we cannot pass byobRequest.view directly - // create a separate buffer to read into, then copy that to byobRequest.view - var buffer = new Uint8Array(byobRequest.view.byteLength); - // TODO Backpressure? - var read = this._underlyingReader.read(buffer) - .then(function (result) { - _this._readableStreamController; - if (result.done) { - _this._tryClose(); - byobRequest.respond(0); - } - else { - copyArrayBufferView(result.value, byobRequest.view); - byobRequest.respond(result.value.byteLength); - } - }); - this._setPendingRead(read); - return read; - }; - return WrappingReadableByteStreamSource; -}(AbstractWrappingReadableStreamSource)); - -function createWritableStreamWrapper(ctor) { - assert$1(isWritableStreamConstructor(ctor)); - return function (writable) { - if (writable.constructor === ctor) { - return writable; - } - var sink = createWrappingWritableSink(writable); - return new ctor(sink); - }; + default: + return false; + } } -function createWrappingWritableSink(writable) { - assert$1(isWritableStream(writable)); - assert$1(writable.locked === false); - var writer = writable.getWriter(); - return new WrappingWritableStreamSink(writer); -} -var WrappingWritableStreamSink = /** @class */ (function () { - function WrappingWritableStreamSink(underlyingWriter) { - var _this = this; - this._writableStreamController = undefined; - this._pendingWrite = undefined; - this._state = "writable" /* WRITABLE */; - this._storedError = undefined; - this._underlyingWriter = underlyingWriter; - this._errorPromise = new Promise(function (resolve, reject) { - _this._errorPromiseReject = reject; - }); - this._errorPromise.catch(noop$1); - } - WrappingWritableStreamSink.prototype.start = function (controller) { - var _this = this; - this._writableStreamController = controller; - this._underlyingWriter.closed - .then(function () { - _this._state = "closed" /* CLOSED */; - }) - .catch(function (reason) { return _this._finishErroring(reason); }); - }; - WrappingWritableStreamSink.prototype.write = function (chunk) { - var _this = this; - var writer = this._underlyingWriter; - // Detect past errors - if (writer.desiredSize === null) { - return writer.ready; - } - var writeRequest = writer.write(chunk); - // Detect future errors - writeRequest.catch(function (reason) { return _this._finishErroring(reason); }); - writer.ready.catch(function (reason) { return _this._startErroring(reason); }); - // Reject write when errored - var write = Promise.race([writeRequest, this._errorPromise]); - this._setPendingWrite(write); - return write; - }; - WrappingWritableStreamSink.prototype.close = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return this._underlyingWriter.close(); - } - return this._finishPendingWrite().then(function () { return _this.close(); }); - }; - WrappingWritableStreamSink.prototype.abort = function (reason) { - if (this._state === "errored" /* ERRORED */) { - return undefined; - } - var writer = this._underlyingWriter; - return writer.abort(reason); - }; - WrappingWritableStreamSink.prototype._setPendingWrite = function (writePromise) { - var _this = this; - var pendingWrite; - var finishWrite = function () { - if (_this._pendingWrite === pendingWrite) { - _this._pendingWrite = undefined; - } - }; - this._pendingWrite = pendingWrite = writePromise.then(finishWrite, finishWrite); - }; - WrappingWritableStreamSink.prototype._finishPendingWrite = function () { - var _this = this; - if (this._pendingWrite === undefined) { - return Promise.resolve(); - } - var afterWrite = function () { return _this._finishPendingWrite(); }; - return this._pendingWrite.then(afterWrite, afterWrite); - }; - WrappingWritableStreamSink.prototype._startErroring = function (reason) { - var _this = this; - if (this._state === "writable" /* WRITABLE */) { - this._state = "erroring" /* ERRORING */; - this._storedError = reason; - var afterWrite = function () { return _this._finishErroring(reason); }; - if (this._pendingWrite === undefined) { - afterWrite(); - } - else { - this._finishPendingWrite().then(afterWrite, afterWrite); - } - this._writableStreamController.error(reason); - } - }; - WrappingWritableStreamSink.prototype._finishErroring = function (reason) { - if (this._state === "writable" /* WRITABLE */) { - this._startErroring(reason); - } - if (this._state === "erroring" /* ERRORING */) { - this._state = "errored" /* ERRORED */; - this._errorPromiseReject(this._storedError); - } - }; - return WrappingWritableStreamSink; -}()); -function createTransformStreamWrapper(ctor) { - assert$1(isTransformStreamConstructor(ctor)); - return function (transform) { - if (transform.constructor === ctor) { - return transform; - } - var transformer = createWrappingTransformer(transform); - return new ctor(transformer); - }; -} -function createWrappingTransformer(transform) { - assert$1(isTransformStream(transform)); - var readable = transform.readable, writable = transform.writable; - assert$1(readable.locked === false); - assert$1(writable.locked === false); - var reader = readable.getReader(); - var writer; - try { - writer = writable.getWriter(); - } - catch (e) { - reader.releaseLock(); // do not leak reader - throw e; - } - return new WrappingTransformStreamTransformer(reader, writer); +/** + * Check key against blacklisted algorithms and minimum strength requirements. + * @param {SecretKeyPacket|PublicKeyPacket| + * SecretSubkeyPacket|PublicSubkeyPacket} keyPacket + * @param {Config} config + * @throws {Error} if the key packet does not meet the requirements + */ +function checkKeyRequirements(keyPacket, config) { + const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm); + const algoInfo = keyPacket.getAlgorithmInfo(); + if (config.rejectPublicKeyAlgorithms.has(keyAlgo)) { + throw new Error(`${algoInfo.algorithm} keys are considered too weak.`); + } + switch (keyAlgo) { + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.rsaEncrypt: + if (algoInfo.bits < config.minRSABits) { + throw new Error(`RSA keys shorter than ${config.minRSABits} bits are considered too weak.`); + } + break; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + case enums.publicKey.ecdh: + if (config.rejectCurves.has(algoInfo.curve)) { + throw new Error(`Support for ${algoInfo.algorithm} keys using curve ${algoInfo.curve} is disabled.`); + } + break; + } } -var WrappingTransformStreamTransformer = /** @class */ (function () { - function WrappingTransformStreamTransformer(reader, writer) { - var _this = this; - this._transformStreamController = undefined; - this._onRead = function (result) { - if (result.done) { - return; - } - _this._transformStreamController.enqueue(result.value); - return _this._reader.read().then(_this._onRead); - }; - this._onError = function (reason) { - _this._flushReject(reason); - _this._transformStreamController.error(reason); - _this._reader.cancel(reason).catch(noop$1); - _this._writer.abort(reason).catch(noop$1); - }; - this._onTerminate = function () { - _this._flushResolve(); - _this._transformStreamController.terminate(); - var error = new TypeError('TransformStream terminated'); - _this._writer.abort(error).catch(noop$1); - }; - this._reader = reader; - this._writer = writer; - this._flushPromise = new Promise(function (resolve, reject) { - _this._flushResolve = resolve; - _this._flushReject = reject; - }); - } - WrappingTransformStreamTransformer.prototype.start = function (controller) { - this._transformStreamController = controller; - this._reader.read() - .then(this._onRead) - .then(this._onTerminate, this._onError); - var readerClosed = this._reader.closed; - if (readerClosed) { - readerClosed - .then(this._onTerminate, this._onError); - } - }; - WrappingTransformStreamTransformer.prototype.transform = function (chunk) { - return this._writer.write(chunk); - }; - WrappingTransformStreamTransformer.prototype.flush = function () { - var _this = this; - return this._writer.close() - .then(function () { return _this._flushPromise; }); - }; - return WrappingTransformStreamTransformer; -}()); -var webStreamsAdapter = /*#__PURE__*/Object.freeze({ - __proto__: null, - createReadableStreamWrapper: createReadableStreamWrapper, - createTransformStreamWrapper: createTransformStreamWrapper, - createWrappingReadableSource: createWrappingReadableSource, - createWrappingTransformer: createWrappingTransformer, - createWrappingWritableSink: createWrappingWritableSink, - createWritableStreamWrapper: createWritableStreamWrapper -}); +/** + * @module key/User + */ -var bn = createCommonjsModule(function (module) { -(function (module, exports) { - // Utils - function assert (val, msg) { - if (!val) throw new Error(msg || 'Assertion failed'); +/** + * Class that represents an user ID or attribute packet and the relevant signatures. + * @param {UserIDPacket|UserAttributePacket} userPacket - packet containing the user info + * @param {Key} mainKey - reference to main Key object containing the primary key and subkeys that the user is associated with + */ +class User { + constructor(userPacket, mainKey) { + this.userID = userPacket.constructor.tag === enums.packet.userID ? userPacket : null; + this.userAttribute = userPacket.constructor.tag === enums.packet.userAttribute ? userPacket : null; + this.selfCertifications = []; + this.otherCertifications = []; + this.revocationSignatures = []; + this.mainKey = mainKey; } - // Could use `inherits` module, but don't want to move from single file - // architecture yet. - function inherits (ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; + /** + * Transforms structured user data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.userID || this.userAttribute); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.selfCertifications); + packetlist.push(...this.otherCertifications); + return packetlist; } - // BN - - function BN (number, base, endian) { - if (BN.isBN(number)) { - return number; - } - - this.negative = 0; - this.words = null; - this.length = 0; - - // Reduction context - this.red = null; + /** + * Shallow clone + * @returns {User} + */ + clone() { + const user = new User(this.userID || this.userAttribute, this.mainKey); + user.selfCertifications = [...this.selfCertifications]; + user.otherCertifications = [...this.otherCertifications]; + user.revocationSignatures = [...this.revocationSignatures]; + return user; + } - if (number !== null) { - if (base === 'le' || base === 'be') { - endian = base; - base = 10; + /** + * Generate third-party certifications over this user and its primary key + * @param {Array} signingKeys - Decrypted private keys for signing + * @param {Date} [date] - Date to use as creation date of the certificate, instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} New user with new certifications. + * @async + */ + async certify(signingKeys, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { + if (!privateKey.isPrivate()) { + throw new Error('Need private key for signing'); } - - this._init(number || 0, base || 10, endian || 'be'); - } - } - if (typeof module === 'object') { - module.exports = BN; - } else { - exports.BN = BN; + if (privateKey.hasSameFingerprintAs(primaryKey)) { + throw new Error("The user's own key can only be used for self-certifications"); + } + const signingKey = await privateKey.getSigningKey(undefined, date, undefined, config); + return createSignaturePacket(dataToSign, [privateKey], signingKey.keyPacket, { + // Most OpenPGP implementations use generic certification (0x10) + signatureType: enums.signature.certGeneric, + keyFlags: [enums.keyFlags.certifyKeys | enums.keyFlags.signData] + }, date, undefined, undefined, undefined, config); + })); + await user.update(this, date, config); + return user; } - BN.BN = BN; - BN.wordSize = 26; - - var Buffer; - try { - Buffer = void('buffer').Buffer; - } catch (e) { + /** + * Checks if a given certificate of the user is revoked + * @param {SignaturePacket} certificate - The certificate to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} [keyPacket] The key packet to verify the signature, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(certificate, keyPacket, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked(primaryKey, enums.signature.certRevocation, { + key: primaryKey, + userID: this.userID, + userAttribute: this.userAttribute + }, this.revocationSignatures, certificate, keyPacket, date, config$1); } - BN.isBN = function isBN (num) { - if (num instanceof BN) { - return true; - } - - return num !== null && typeof num === 'object' && - num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); - }; - - BN.max = function max (left, right) { - if (left.cmp(right) > 0) return left; - return right; - }; - - BN.min = function min (left, right) { - if (left.cmp(right) < 0) return left; - return right; - }; - - BN.prototype._init = function init (number, base, endian) { - if (typeof number === 'number') { - return this._initNumber(number, base, endian); - } - - if (typeof number === 'object') { - return this._initArray(number, base, endian); - } - - if (base === 'hex') { - base = 16; - } - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') { - start++; - } - - if (base === 16) { - this._parseHex(number, start); - } else { - this._parseBase(number, base, start); - } - - if (number[0] === '-') { - this.negative = 1; - } - - this.strip(); - - if (endian !== 'le') return; - - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initNumber = function _initNumber (number, base, endian) { - if (number < 0) { - this.negative = 1; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - - if (endian !== 'le') return; - - // Reverse the bytes - this._initArray(this.toArray(), base, endian); - }; - - BN.prototype._initArray = function _initArray (number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; - } - - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; + /** + * Verifies the user certificate. + * @param {SignaturePacket} certificate - A certificate of this user + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} true if the certificate could be verified, or null if the verification keys do not correspond to the certificate + * @throws if the user certificate is invalid. + * @async + */ + async verifyCertificate(certificate, verificationKeys, date = new Date(), config) { + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const { issuerKeyID } = certificate; + const issuerKeys = verificationKeys.filter(key => key.getKeys(issuerKeyID).length > 0); + if (issuerKeys.length === 0) { + return null; } - - var j, w; - var off = 0; - if (endian === 'be') { - for (i = number.length - 1, j = 0; i >= 0; i -= 3) { - w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } + await Promise.all(issuerKeys.map(async key => { + const signingKey = await key.getSigningKey(issuerKeyID, certificate.created, undefined, config); + if (certificate.revoked || await that.isRevoked(certificate, signingKey.keyPacket, date, config)) { + throw new Error('User certificate is revoked'); } - } else if (endian === 'le') { - for (i = 0, j = 0; i < number.length; i += 3) { - w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } + try { + await certificate.verify(signingKey.keyPacket, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('User certificate is invalid', e); } - } - return this.strip(); - }; - - function parseHex (str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r <<= 4; - - // 'a' - 'f' - if (c >= 49 && c <= 54) { - r |= c - 49 + 0xa; - - // 'A' - 'F' - } else if (c >= 17 && c <= 22) { - r |= c - 17 + 0xa; + })); + return true; + } - // '0' - '9' - } else { - r |= c & 0xf; - } - } - return r; + /** + * Verifies all user certificates + * @param {Array} verificationKeys - Array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllCertifications(verificationKeys, date = new Date(), config) { + const that = this; + const certifications = this.selfCertifications.concat(this.otherCertifications); + return Promise.all(certifications.map(async certification => ({ + keyID: certification.issuerKeyID, + valid: await that.verifyCertificate(certification, verificationKeys, date, config).catch(() => false) + }))); } - BN.prototype._parseHex = function _parseHex (number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - this.words[i] = 0; - } - - var j, w; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (i = number.length - 6, j = 0; i >= start; i -= 6) { - w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; + /** + * Verify User. Checks for existence of self signatures, revocation signatures + * and validity of self signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} config - Full configuration + * @returns {Promise} Status of user. + * @throws {Error} if there are no valid self signatures. + * @async + */ + async verify(date = new Date(), config) { + if (!this.selfCertifications.length) { + throw new Error('No self-certifications found'); + } + const that = this; + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // TODO replace when Promise.some or Promise.any are implemented + let exception; + for (let i = this.selfCertifications.length - 1; i >= 0; i--) { + try { + const selfCertification = this.selfCertifications[i]; + if (selfCertification.revoked || await that.isRevoked(selfCertification, undefined, date, config)) { + throw new Error('Self-certification is revoked'); + } + try { + await selfCertification.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, undefined, config); + } catch (e) { + throw util.wrapError('Self-certification is invalid', e); + } + return true; + } catch (e) { + exception = e; } } - if (i + 6 !== start) { - w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - } - this.strip(); - }; - - function parseBase (str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) { - r += c - 49 + 0xa; - - // 'A' - } else if (c >= 17) { - r += c - 17 + 0xa; + throw exception; + } - // '0' - '9' - } else { - r += c; + /** + * Update user with new components from specified user + * @param {User} sourceUser - Source user to merge + * @param {Date} date - Date to verify the validity of signatures + * @param {Object} config - Full configuration + * @returns {Promise} + * @async + */ + async update(sourceUser, date, config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + // self signatures + await mergeSignatures(sourceUser, this, 'selfCertifications', date, async function(srcSelfSig) { + try { + await srcSelfSig.verify(primaryKey, enums.signature.certGeneric, dataToVerify, date, false, config); + return true; + } catch (e) { + return false; } - } - return r; + }); + // other signatures + await mergeSignatures(sourceUser, this, 'otherCertifications', date); + // revocation signatures + await mergeSignatures(sourceUser, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); + }); } - BN.prototype._parseBase = function _parseBase (number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; - - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { - limbLen++; - } - limbLen--; - limbPow = (limbPow / base) | 0; + /** + * Revokes the user + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New user with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.certRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await user.update(this); + return user; + } +} - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; +/** + * @module key/Subkey + */ - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } +/** + * Class that represents a subkey packet and the relevant signatures. + * @borrows PublicSubkeyPacket#getKeyID as Subkey#getKeyID + * @borrows PublicSubkeyPacket#getFingerprint as Subkey#getFingerprint + * @borrows PublicSubkeyPacket#hasSameFingerprintAs as Subkey#hasSameFingerprintAs + * @borrows PublicSubkeyPacket#getAlgorithmInfo as Subkey#getAlgorithmInfo + * @borrows PublicSubkeyPacket#getCreationTime as Subkey#getCreationTime + * @borrows PublicSubkeyPacket#isDecrypted as Subkey#isDecrypted + */ +class Subkey { + /** + * @param {SecretSubkeyPacket|PublicSubkeyPacket} subkeyPacket - subkey packet to hold in the Subkey + * @param {Key} mainKey - reference to main Key object, containing the primary key packet corresponding to the subkey + */ + constructor(subkeyPacket, mainKey) { + this.keyPacket = subkeyPacket; + this.bindingSignatures = []; + this.revocationSignatures = []; + this.mainKey = mainKey; + } - if (mod !== 0) { - var pow = 1; - word = parseBase(number, i, number.length, base); + /** + * Transforms structured subkey data to packetlist + * @returns {PacketList} + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.bindingSignatures); + return packetlist; + } - for (i = 0; i < mod; i++) { - pow *= base; - } + /** + * Shallow clone + * @return {Subkey} + */ + clone() { + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.bindingSignatures = [...this.bindingSignatures]; + subkey.revocationSignatures = [...this.revocationSignatures]; + return subkey; + } - this.imuln(pow); - if (this.words[0] + word < 0x4000000) { - this.words[0] += word; - } else { - this._iaddn(word); - } - } - }; + /** + * Checks if a binding signature of a subkey is revoked + * @param {SignaturePacket} signature - The binding signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the binding signature is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + return isDataRevoked( + primaryKey, enums.signature.subkeyRevocation, { + key: primaryKey, + bind: this.keyPacket + }, this.revocationSignatures, signature, key, date, config$1 + ); + } - BN.prototype.copy = function copy (dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) { - dest.words[i] = this.words[i]; + /** + * Verify subkey. Checks for revocation signatures, expiration time + * and valid binding signature. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @throws {Error} if the subkey is invalid. + * @async + */ + async verify(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + // check subkey binding signatures + const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + // check binding signature is not revoked + if (bindingSignature.revoked || await this.isRevoked(bindingSignature, null, date, config$1)) { + throw new Error('Subkey is revoked'); } - dest.length = this.length; - dest.negative = this.negative; - dest.red = this.red; - }; - - BN.prototype.clone = function clone () { - var r = new BN(null); - this.copy(r); - return r; - }; - - BN.prototype._expand = function _expand (size) { - while (this.length < size) { - this.words[this.length++] = 0; + // check for expiration time + if (isDataExpired(this.keyPacket, bindingSignature, date)) { + throw new Error('Subkey is expired'); } - return this; - }; + return bindingSignature; + } - // Remove leading `0` from `this` - BN.prototype.strip = function strip () { - while (this.length > 1 && this.words[this.length - 1] === 0) { - this.length--; + /** + * Returns the expiration time of the subkey or Infinity if key does not expire. + * Returns null if the subkey is invalid. + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + const dataToVerify = { key: primaryKey, bind: this.keyPacket }; + let bindingSignature; + try { + bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + } catch (e) { + return null; } - return this._normSign(); - }; + const keyExpiry = getKeyExpirationTime(this.keyPacket, bindingSignature); + const sigExpiry = bindingSignature.getExpirationTime(); + return keyExpiry < sigExpiry ? keyExpiry : sigExpiry; + } - BN.prototype._normSign = function _normSign () { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) { - this.negative = 0; + /** + * Update subkey with new components from specified subkey + * @param {Subkey} subkey - Source subkey to merge + * @param {Date} [date] - Date to verify validity of signatures + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if update failed + * @async + */ + async update(subkey, date = new Date(), config$1 = config) { + const primaryKey = this.mainKey.keyPacket; + if (!this.hasSameFingerprintAs(subkey)) { + throw new Error('Subkey update method: fingerprints of subkeys not equal'); } - return this; - }; - - BN.prototype.inspect = function inspect () { - return (this.red ? ''; - }; - - /* - - var zeros = []; - var groupSizes = []; - var groupBases = []; - - var s = ''; - var i = -1; - while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; - } - groupSizes[0] = 0; - groupSizes[1] = 0; - groupBases[0] = 0; - groupBases[1] = 0; - var base = 2 - 1; - while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; + // key packet + if (this.keyPacket.constructor.tag === enums.packet.publicSubkey && + subkey.keyPacket.constructor.tag === enums.packet.secretSubkey) { + this.keyPacket = subkey.keyPacket; } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; - } - - */ - - var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' - ]; - - var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 - ]; - - var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 - ]; - - BN.prototype.toString = function toString (base, padding) { - base = base || 10; - padding = padding | 0 || 1; - - var out; - if (base === 16 || base === 'hex') { - out = ''; - var off = 0; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) { - out = zeros[6 - word.length] + word + out; - } else { - out = word + out; - } - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) { - out = carry.toString(16) + out; - } - while (out.length % padding !== 0) { - out = '0' + out; - } - if (this.negative !== 0) { - out = '-' + out; - } - return out; - } - - if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - out = ''; - var c = this.clone(); - c.negative = 0; - while (!c.isZero()) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); - - if (!c.isZero()) { - out = zeros[groupSize - r.length] + r + out; - } else { - out = r + out; - } - } - if (this.isZero()) { - out = '0' + out; - } - while (out.length % padding !== 0) { - out = '0' + out; + // update missing binding signatures + const that = this; + const dataToVerify = { key: primaryKey, bind: that.keyPacket }; + await mergeSignatures(subkey, this, 'bindingSignatures', date, async function(srcBindSig) { + for (let i = 0; i < that.bindingSignatures.length; i++) { + if (that.bindingSignatures[i].issuerKeyID.equals(srcBindSig.issuerKeyID)) { + if (srcBindSig.created > that.bindingSignatures[i].created) { + that.bindingSignatures[i] = srcBindSig; + } + return false; + } } - if (this.negative !== 0) { - out = '-' + out; + try { + await srcBindSig.verify(primaryKey, enums.signature.subkeyBinding, dataToVerify, date, undefined, config$1); + return true; + } catch (e) { + return false; } - return out; - } - - assert(false, 'Base should be between 2 and 36'); - }; + }); + // revocation signatures + await mergeSignatures(subkey, this, 'revocationSignatures', date, function(srcRevSig) { + return isDataRevoked(primaryKey, enums.signature.subkeyRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config$1); + }); + } - BN.prototype.toNumber = function toNumber () { - var ret = this.words[0]; - if (this.length === 2) { - ret += this.words[1] * 0x4000000; - } else if (this.length === 3 && this.words[2] === 0x01) { - // NOTE: at this stage it is known that the top bit is set - ret += 0x10000000000000 + (this.words[1] * 0x4000000); - } else if (this.length > 2) { - assert(false, 'Number can only safely store up to 53 bits'); - } - return (this.negative !== 0) ? -ret : ret; - }; + /** + * Revokes the subkey + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New subkey with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + const dataToSign = { key: primaryKey, bind: this.keyPacket }; + const subkey = new Subkey(this.keyPacket, this.mainKey); + subkey.revocationSignatures.push(await createSignaturePacket(dataToSign, [], primaryKey, { + signatureType: enums.signature.subkeyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, false, config$1)); + await subkey.update(this); + return subkey; + } - BN.prototype.toJSON = function toJSON () { - return this.toString(16); - }; + hasSameFingerprintAs(other) { + return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other); + } +} - BN.prototype.toBuffer = function toBuffer (endian, length) { - assert(typeof Buffer !== 'undefined'); - return this.toArrayLike(Buffer, endian, length); - }; +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => { + Subkey.prototype[name] = + function() { + return this.keyPacket[name](); + }; +}); - BN.prototype.toArray = function toArray (endian, length) { - return this.toArrayLike(Array, endian, length); - }; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { - var byteLength = this.byteLength(); - var reqLength = length || Math.max(1, byteLength); - assert(byteLength <= reqLength, 'byte array longer than desired length'); - assert(reqLength > 0, 'Requested array length <= 0'); - - this.strip(); - var littleEndian = endian === 'le'; - var res = new ArrayType(reqLength); - - var b, i; - var q = this.clone(); - if (!littleEndian) { - // Assume big-endian - for (i = 0; i < reqLength - byteLength; i++) { - res[i] = 0; - } - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); +// A key revocation certificate can contain the following packets +const allowedRevocationPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); +const mainKeyPacketTags = new Set([enums.packet.publicKey, enums.packet.privateKey]); +const keyPacketTags = new Set([ + enums.packet.publicKey, enums.packet.privateKey, + enums.packet.publicSubkey, enums.packet.privateSubkey +]); - res[reqLength - i - 1] = b; - } - } else { - for (i = 0; !q.isZero(); i++) { - b = q.andln(0xff); - q.iushrn(8); +/** + * Abstract class that represents an OpenPGP key. Must contain a primary key. + * Can contain additional subkeys, signatures, user ids, user attributes. + * @borrows PublicKeyPacket#getKeyID as Key#getKeyID + * @borrows PublicKeyPacket#getFingerprint as Key#getFingerprint + * @borrows PublicKeyPacket#hasSameFingerprintAs as Key#hasSameFingerprintAs + * @borrows PublicKeyPacket#getAlgorithmInfo as Key#getAlgorithmInfo + * @borrows PublicKeyPacket#getCreationTime as Key#getCreationTime + */ +class Key { + /** + * Transforms packetlist to structured key data + * @param {PacketList} packetlist - The packets that form a key + * @param {Set} disallowedPackets - disallowed packet tags + */ + packetListToStructure(packetlist, disallowedPackets = new Set()) { + let user; + let primaryKeyID; + let subkey; + let ignoreUntil; - res[i] = b; - } + for (const packet of packetlist) { - for (; i < reqLength; i++) { - res[i] = 0; + if (packet instanceof UnparseablePacket) { + const isUnparseableKeyPacket = keyPacketTags.has(packet.tag); + if (isUnparseableKeyPacket && !ignoreUntil) { + // Since non-key packets apply to the preceding key packet, if a (sub)key is Unparseable we must + // discard all non-key packets that follow, until another (sub)key packet is found. + if (mainKeyPacketTags.has(packet.tag)) { + ignoreUntil = mainKeyPacketTags; + } else { + ignoreUntil = keyPacketTags; + } + } + continue; } - } - return res; - }; - - if (Math.clz32) { - BN.prototype._countBits = function _countBits (w) { - return 32 - Math.clz32(w); - }; - } else { - BN.prototype._countBits = function _countBits (w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; + const tag = packet.constructor.tag; + if (ignoreUntil) { + if (!ignoreUntil.has(tag)) continue; + ignoreUntil = null; } - if (t >= 0x8) { - r += 4; - t >>>= 4; + if (disallowedPackets.has(tag)) { + throw new Error(`Unexpected packet type: ${tag}`); } - if (t >= 0x02) { - r += 2; - t >>>= 2; + switch (tag) { + case enums.packet.publicKey: + case enums.packet.secretKey: + if (this.keyPacket) { + throw new Error('Key block contains multiple keys'); + } + this.keyPacket = packet; + primaryKeyID = this.getKeyID(); + if (!primaryKeyID) { + throw new Error('Missing Key ID'); + } + break; + case enums.packet.userID: + case enums.packet.userAttribute: + user = new User(packet, this); + this.users.push(user); + break; + case enums.packet.publicSubkey: + case enums.packet.secretSubkey: + user = null; + subkey = new Subkey(packet, this); + this.subkeys.push(subkey); + break; + case enums.packet.signature: + switch (packet.signatureType) { + case enums.signature.certGeneric: + case enums.signature.certPersona: + case enums.signature.certCasual: + case enums.signature.certPositive: + if (!user) { + util.printDebug('Dropping certification signatures without preceding user packet'); + continue; + } + if (packet.issuerKeyID.equals(primaryKeyID)) { + user.selfCertifications.push(packet); + } else { + user.otherCertifications.push(packet); + } + break; + case enums.signature.certRevocation: + if (user) { + user.revocationSignatures.push(packet); + } else { + this.directSignatures.push(packet); + } + break; + case enums.signature.key: + this.directSignatures.push(packet); + break; + case enums.signature.subkeyBinding: + if (!subkey) { + util.printDebug('Dropping subkey binding signature without preceding subkey packet'); + continue; + } + subkey.bindingSignatures.push(packet); + break; + case enums.signature.keyRevocation: + this.revocationSignatures.push(packet); + break; + case enums.signature.subkeyRevocation: + if (!subkey) { + util.printDebug('Dropping subkey revocation signature without preceding subkey packet'); + continue; + } + subkey.revocationSignatures.push(packet); + break; + } + break; } - return r + t; - }; + } } - BN.prototype._zeroBits = function _zeroBits (w) { - // Short-cut - if (w === 0) return 26; + /** + * Transforms structured key data to packetlist + * @returns {PacketList} The packets that form a key. + */ + toPacketList() { + const packetlist = new PacketList(); + packetlist.push(this.keyPacket); + packetlist.push(...this.revocationSignatures); + packetlist.push(...this.directSignatures); + this.users.map(user => packetlist.push(...user.toPacketList())); + this.subkeys.map(subkey => packetlist.push(...subkey.toPacketList())); + return packetlist; + } - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; - } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; - } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; - } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; + /** + * Clones the key object. The copy is shallow, as it references the same packet objects as the original. However, if the top-level API is used, the two key instances are effectively independent. + * @param {Boolean} [clonePrivateParams=false] Only relevant for private keys: whether the secret key paramenters should be deeply copied. This is needed if e.g. `encrypt()` is to be called either on the clone or the original key. + * @returns {Promise} Clone of the key. + */ + clone(clonePrivateParams = false) { + const key = new this.constructor(this.toPacketList()); + if (clonePrivateParams) { + key.getKeys().forEach(k => { + // shallow clone the key packets + k.keyPacket = Object.create( + Object.getPrototypeOf(k.keyPacket), + Object.getOwnPropertyDescriptors(k.keyPacket) + ); + if (!k.keyPacket.isDecrypted()) return; + // deep clone the private params, which are cleared during encryption + const privateParams = {}; + Object.keys(k.keyPacket.privateParams).forEach(name => { + privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); + }); + k.keyPacket.privateParams = privateParams; + }); } - if ((t & 0x1) === 0) { - r++; + return key; + } + + /** + * Returns an array containing all public or private subkeys matching keyID; + * If no keyID is given, returns all subkeys. + * @param {type/keyID} [keyID] - key ID to look for + * @returns {Array} array of subkeys + */ + getSubkeys(keyID = null) { + const subkeys = this.subkeys.filter(subkey => ( + !keyID || subkey.getKeyID().equals(keyID, true) + )); + return subkeys; + } + + /** + * Returns an array containing all public or private keys matching keyID. + * If no keyID is given, returns all keys, starting with the primary key. + * @param {type/keyid~KeyID} [keyID] - key ID to look for + * @returns {Array} array of keys + */ + getKeys(keyID = null) { + const keys = []; + if (!keyID || this.getKeyID().equals(keyID, true)) { + keys.push(this); } - return r; - }; - - // Return number of used bits in a BN - BN.prototype.bitLength = function bitLength () { - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; - }; - - function toBitArray (num) { - var w = new Array(num.bitLength()); - - for (var bit = 0; bit < w.length; bit++) { - var off = (bit / 26) | 0; - var wbit = bit % 26; + return keys.concat(this.getSubkeys(keyID)); + } - w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; - } + /** + * Returns key IDs of all keys + * @returns {Array} + */ + getKeyIDs() { + return this.getKeys().map(key => key.getKeyID()); + } - return w; + /** + * Returns userIDs + * @returns {Array} Array of userIDs. + */ + getUserIDs() { + return this.users.map(user => { + return user.userID ? user.userID.userID : null; + }).filter(userID => userID !== null); } - // Number of trailing zero bits - BN.prototype.zeroBits = function zeroBits () { - if (this.isZero()) return 0; + /** + * Returns binary encoded key + * @returns {Uint8Array} Binary key. + */ + write() { + return this.toPacketList().write(); + } - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) break; + /** + * Returns last created key or key by given keyID that is available for signing and verification + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} signing key + * @throws if no valid signing key was found + * @async + */ + async getSigningKey(keyID = null, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - return r; - }; - - BN.prototype.byteLength = function byteLength () { - return Math.ceil(this.bitLength() / 8); - }; - - BN.prototype.toTwos = function toTwos (width) { - if (this.negative !== 0) { - return this.abs().inotn(width).iaddn(1); + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature( + subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1 + ); + if (!validateSigningKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + continue; + } + if (!bindingSignature.embeddedSignature) { + throw new Error('Missing embedded signature'); + } + // verify embedded signature + await getLatestValidSignature( + [bindingSignature.embeddedSignature], subkey.keyPacket, enums.signature.keyBinding, dataToVerify, date, config$1 + ); + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } catch (e) { + exception = e; + } + } } - return this.clone(); - }; - BN.prototype.fromTwos = function fromTwos (width) { - if (this.testn(width - 1)) { - return this.notn(width).iaddn(1).ineg(); + try { + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateSigningKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } - return this.clone(); - }; - - BN.prototype.isNeg = function isNeg () { - return this.negative !== 0; - }; - - // Return negative clone of `this` - BN.prototype.neg = function neg () { - return this.clone().ineg(); - }; + throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyID().toHex(), exception); + } - BN.prototype.ineg = function ineg () { - if (!this.isZero()) { - this.negative ^= 1; + /** + * Returns last created key or key by given keyID that is available for encryption or decryption + * @param {module:type/keyid~KeyID} [keyID] - key ID of a specific key to retrieve + * @param {Date} [date] - use the fiven date date to to check key validity instead of the current date + * @param {Object} [userID] - filter keys for the given user ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} encryption key + * @throws if no valid encryption key was found + * @async + */ + async getEncryptionKey(keyID, date = new Date(), userID = {}, config$1 = config) { + await this.verifyPrimaryKey(date, userID, config$1); + const primaryKey = this.keyPacket; + try { + checkKeyRequirements(primaryKey, config$1); + } catch (err) { + throw util.wrapError('Could not verify primary key', err); } - - return this; - }; - - // Or `num` with `this` in-place - BN.prototype.iuor = function iuor (num) { - while (this.length < num.length) { - this.words[this.length++] = 0; + // V4: by convention subkeys are preferred for encryption service + const subkeys = this.subkeys.slice().sort((a, b) => b.keyPacket.created - a.keyPacket.created); + let exception; + for (const subkey of subkeys) { + if (!keyID || subkey.getKeyID().equals(keyID)) { + try { + await subkey.verify(date, config$1); + const dataToVerify = { key: primaryKey, bind: subkey.keyPacket }; + const bindingSignature = await getLatestValidSignature(subkey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateEncryptionKeyPacket(subkey.keyPacket, bindingSignature, config$1)) { + checkKeyRequirements(subkey.keyPacket, config$1); + return subkey; + } + } catch (e) { + exception = e; + } + } } - for (var i = 0; i < num.length; i++) { - this.words[i] = this.words[i] | num.words[i]; + try { + // if no valid subkey for encryption, evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID)) && + validateEncryptionKeyPacket(primaryKey, selfCertification, config$1)) { + checkKeyRequirements(primaryKey, config$1); + return this; + } + } catch (e) { + exception = e; } + throw util.wrapError('Could not find valid encryption key packet in key ' + this.getKeyID().toHex(), exception); + } - return this.strip(); - }; - - BN.prototype.ior = function ior (num) { - assert((this.negative | num.negative) === 0); - return this.iuor(num); - }; - - // Or `num` with `this` - BN.prototype.or = function or (num) { - if (this.length > num.length) return this.clone().ior(num); - return num.clone().ior(this); - }; - - BN.prototype.uor = function uor (num) { - if (this.length > num.length) return this.clone().iuor(num); - return num.clone().iuor(this); - }; + /** + * Checks if a signature on a key is revoked + * @param {SignaturePacket} signature - The signature to verify + * @param {PublicSubkeyPacket| + * SecretSubkeyPacket| + * PublicKeyPacket| + * SecretKeyPacket} key, optional The key to verify the signature + * @param {Date} [date] - Use the given date for verification, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} True if the certificate is revoked. + * @async + */ + async isRevoked(signature, key, date = new Date(), config$1 = config) { + return isDataRevoked( + this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, this.revocationSignatures, signature, key, date, config$1 + ); + } - // And `num` with `this` in-place - BN.prototype.iuand = function iuand (num) { - // b = min-length(num, this) - var b; - if (this.length > num.length) { - b = num; - } else { - b = this; + /** + * Verify primary key. Checks for revocation signatures, expiration time + * and valid self signature. Throws if the primary key is invalid. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} If key verification failed + * @async + */ + async verifyPrimaryKey(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + // check for key revocation signatures + if (await this.isRevoked(null, null, date, config$1)) { + throw new Error('Primary key is revoked'); } - - for (var i = 0; i < b.length; i++) { - this.words[i] = this.words[i] & num.words[i]; + // check for valid, unrevoked, unexpired self signature + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + // check for expiration time in binding signatures + if (isDataExpired(primaryKey, selfCertification, date)) { + throw new Error('Primary key is expired'); } + if (primaryKey.version !== 6) { + // check for expiration time in direct signatures (for V6 keys, the above already did so) + const directSignature = await getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ).catch(() => {}); // invalid signatures are discarded, to avoid breaking the key - this.length = b.length; - - return this.strip(); - }; - - BN.prototype.iand = function iand (num) { - assert((this.negative | num.negative) === 0); - return this.iuand(num); - }; + if (directSignature && isDataExpired(primaryKey, directSignature, date)) { + throw new Error('Primary key is expired'); + } + } + } - // And `num` with `this` - BN.prototype.and = function and (num) { - if (this.length > num.length) return this.clone().iand(num); - return num.clone().iand(this); - }; + /** + * Returns the expiration date of the primary key, considering self-certifications and direct-key signatures. + * Returns `Infinity` if the key doesn't expire, or `null` if the key is revoked or invalid. + * @param {Object} [userID] - User ID to consider instead of the primary user + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} + * @async + */ + async getExpirationTime(userID, config$1 = config) { + let primaryKeyExpiry; + try { + const selfCertification = await this.getPrimarySelfSignature(null, userID, config$1); + const selfSigKeyExpiry = getKeyExpirationTime(this.keyPacket, selfCertification); + const selfSigExpiry = selfCertification.getExpirationTime(); + const directSignature = this.keyPacket.version !== 6 && // For V6 keys, the above already returns the direct-key signature. + await getLatestValidSignature( + this.directSignatures, this.keyPacket, enums.signature.key, { key: this.keyPacket }, null, config$1 + ).catch(() => {}); + if (directSignature) { + const directSigKeyExpiry = getKeyExpirationTime(this.keyPacket, directSignature); + // We do not support the edge case where the direct signature expires, since it would invalidate the corresponding key expiration, + // causing a discountinous validy period for the key + primaryKeyExpiry = Math.min(selfSigKeyExpiry, selfSigExpiry, directSigKeyExpiry); + } else { + primaryKeyExpiry = selfSigKeyExpiry < selfSigExpiry ? selfSigKeyExpiry : selfSigExpiry; + } + } catch (e) { + primaryKeyExpiry = null; + } - BN.prototype.uand = function uand (num) { - if (this.length > num.length) return this.clone().iuand(num); - return num.clone().iuand(this); - }; + return util.normalizeDate(primaryKeyExpiry); + } - // Xor `num` with `this` in-place - BN.prototype.iuxor = function iuxor (num) { - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - for (var i = 0; i < b.length; i++) { - this.words[i] = a.words[i] ^ b.words[i]; + /** + * For V4 keys, returns the self-signature of the primary user. + * For V5 keys, returns the latest valid direct-key self-signature. + * This self-signature is to be used to check the key expiration, + * algorithm preferences, and so on. + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user for V4 keys, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} The primary self-signature + * @async + */ + async getPrimarySelfSignature(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + if (primaryKey.version === 6) { + return getLatestValidSignature( + this.directSignatures, primaryKey, enums.signature.key, { key: primaryKey }, date, config$1 + ); } + const { selfCertification } = await this.getPrimaryUser(date, userID, config$1); + return selfCertification; + } - if (this !== a) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + /** + * Returns primary user and most significant (latest valid) self signature + * - if multiple primary users exist, returns the one with the latest self signature + * - otherwise, returns the user with the latest self signature + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * user: User, + * selfCertification: SignaturePacket + * }>} The primary user and the self signature + * @async + */ + async getPrimaryUser(date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const users = []; + let exception; + for (let i = 0; i < this.users.length; i++) { + try { + const user = this.users[i]; + if (!user.userID) { + continue; + } + if ( + (userID.name !== undefined && user.userID.name !== userID.name) || + (userID.email !== undefined && user.userID.email !== userID.email) || + (userID.comment !== undefined && user.userID.comment !== userID.comment) + ) { + throw new Error('Could not find user that matches that user ID'); + } + const dataToVerify = { userID: user.userID, key: primaryKey }; + const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, enums.signature.certGeneric, dataToVerify, date, config$1); + users.push({ index: i, user, selfCertification }); + } catch (e) { + exception = e; } } - - this.length = a.length; - - return this.strip(); - }; - - BN.prototype.ixor = function ixor (num) { - assert((this.negative | num.negative) === 0); - return this.iuxor(num); - }; - - // Xor `num` with `this` - BN.prototype.xor = function xor (num) { - if (this.length > num.length) return this.clone().ixor(num); - return num.clone().ixor(this); - }; - - BN.prototype.uxor = function uxor (num) { - if (this.length > num.length) return this.clone().iuxor(num); - return num.clone().iuxor(this); - }; - - // Not ``this`` with ``width`` bitwidth - BN.prototype.inotn = function inotn (width) { - assert(typeof width === 'number' && width >= 0); - - var bytesNeeded = Math.ceil(width / 26) | 0; - var bitsLeft = width % 26; - - // Extend the buffer with leading zeroes - this._expand(bytesNeeded); - - if (bitsLeft > 0) { - bytesNeeded--; - } - - // Handle complete words - for (var i = 0; i < bytesNeeded; i++) { - this.words[i] = ~this.words[i] & 0x3ffffff; + if (!users.length) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('Could not find primary user'); } - - // Handle the residue - if (bitsLeft > 0) { - this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); + await Promise.all(users.map(async function (a) { + return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1); + })); + // sort by primary user flag and signature creation time + const primaryUser = users.sort(function(a, b) { + const A = a.selfCertification; + const B = b.selfCertification; + return B.revoked - A.revoked || A.isPrimaryUserID - B.isPrimaryUserID || A.created - B.created; + }).pop(); + const { user, selfCertification: cert } = primaryUser; + if (cert.revoked || await user.isRevoked(cert, null, date, config$1)) { + throw new Error('Primary user is revoked'); } + return primaryUser; + } - // And remove leading zeroes - return this.strip(); - }; - - BN.prototype.notn = function notn (width) { - return this.clone().inotn(width); - }; - - // Set `bit` of `this` - BN.prototype.setn = function setn (bit, val) { - assert(typeof bit === 'number' && bit >= 0); - - var off = (bit / 26) | 0; - var wbit = bit % 26; - - this._expand(off + 1); - - if (val) { - this.words[off] = this.words[off] | (1 << wbit); - } else { - this.words[off] = this.words[off] & ~(1 << wbit); + /** + * Update key with new components from specified key with same key ID: + * users, subkeys, certificates are merged into the destination key, + * duplicates and expired signatures are ignored. + * + * If the source key is a private key and the destination key is public, + * a private key is returned. + * @param {Key} sourceKey - Source key to merge + * @param {Date} [date] - Date to verify validity of signatures and keys + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} updated key + * @async + */ + async update(sourceKey, date = new Date(), config$1 = config) { + if (!this.hasSameFingerprintAs(sourceKey)) { + throw new Error('Primary key fingerprints must be equal to update the key'); } - - return this.strip(); - }; - - // Add `num` to `this` in-place - BN.prototype.iadd = function iadd (num) { - var r; - - // negative + positive - if (this.negative !== 0 && num.negative === 0) { - this.negative = 0; - r = this.isub(num); - this.negative ^= 1; - return this._normSign(); - - // positive + negative - } else if (this.negative === 0 && num.negative !== 0) { - num.negative = 0; - r = this.isub(num); - num.negative = 1; - return r._normSign(); - } - - // a.length > b.length - var a, b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) + (b.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; + if (!this.isPrivate() && sourceKey.isPrivate()) { + // check for equal subkey packets + const equal = (this.subkeys.length === sourceKey.subkeys.length) && + (this.subkeys.every(destSubkey => { + return sourceKey.subkeys.some(srcSubkey => { + return destSubkey.hasSameFingerprintAs(srcSubkey); + }); + })); + if (!equal) { + throw new Error('Cannot update public key with private key if subkeys mismatch'); } - } - - return this; - }; - // Add `num` to `this` - BN.prototype.add = function add (num) { - var res; - if (num.negative !== 0 && this.negative === 0) { - num.negative = 0; - res = this.sub(num); - num.negative ^= 1; - return res; - } else if (num.negative === 0 && this.negative !== 0) { - this.negative = 0; - res = num.sub(this); - this.negative = 1; - return res; + return sourceKey.update(this, config$1); } + // from here on, either: + // - destination key is private, source key is public + // - the keys are of the same type + // hence we don't need to convert the destination key type + const updatedKey = this.clone(); + // revocation signatures + await mergeSignatures(sourceKey, updatedKey, 'revocationSignatures', date, srcRevSig => { + return isDataRevoked(updatedKey.keyPacket, enums.signature.keyRevocation, updatedKey, [srcRevSig], null, sourceKey.keyPacket, date, config$1); + }); + // direct signatures + await mergeSignatures(sourceKey, updatedKey, 'directSignatures', date); + // update users + await Promise.all(sourceKey.users.map(async srcUser => { + // multiple users with the same ID/attribute are not explicitly disallowed by the spec + // hence we support them, just in case + const usersToUpdate = updatedKey.users.filter(dstUser => ( + (srcUser.userID && srcUser.userID.equals(dstUser.userID)) || + (srcUser.userAttribute && srcUser.userAttribute.equals(dstUser.userAttribute)) + )); + if (usersToUpdate.length > 0) { + await Promise.all( + usersToUpdate.map(userToUpdate => userToUpdate.update(srcUser, date, config$1)) + ); + } else { + const newUser = srcUser.clone(); + newUser.mainKey = updatedKey; + updatedKey.users.push(newUser); + } + })); + // update subkeys + await Promise.all(sourceKey.subkeys.map(async srcSubkey => { + // multiple subkeys with same fingerprint might be preset + const subkeysToUpdate = updatedKey.subkeys.filter(dstSubkey => ( + dstSubkey.hasSameFingerprintAs(srcSubkey) + )); + if (subkeysToUpdate.length > 0) { + await Promise.all( + subkeysToUpdate.map(subkeyToUpdate => subkeyToUpdate.update(srcSubkey, date, config$1)) + ); + } else { + const newSubkey = srcSubkey.clone(); + newSubkey.mainKey = updatedKey; + updatedKey.subkeys.push(newSubkey); + } + })); - if (this.length > num.length) return this.clone().iadd(num); - - return num.clone().iadd(this); - }; + return updatedKey; + } - // Subtract `num` from `this` in-place - BN.prototype.isub = function isub (num) { - // this - (-num) = this + num - if (num.negative !== 0) { - num.negative = 0; - var r = this.iadd(num); - num.negative = 1; - return r._normSign(); - - // -this - num = -(this + num) - } else if (this.negative !== 0) { - this.negative = 0; - this.iadd(num); - this.negative = 1; - return this._normSign(); - } - - // At this point both numbers are positive - var cmp = this.cmp(num); - - // Optimization - zeroify - if (cmp === 0) { - this.negative = 0; - this.length = 1; - this.words[0] = 0; - return this; - } + /** + * Get revocation certificate from a revoked key. + * (To get a revocation certificate for an unrevoked key, call revoke() first.) + * @param {Date} date - Use the given date instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Armored revocation certificate. + * @async + */ + async getRevocationCertificate(date = new Date(), config$1 = config) { + const dataToVerify = { key: this.keyPacket }; + const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config$1); + const packetlist = new PacketList(); + packetlist.push(revocationSignature); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum, config$1); + } - // a > b - var a, b; - if (cmp > 0) { - a = this; - b = num; - } else { - a = num; - b = this; + /** + * Applies a revocation certificate to a key + * This adds the first signature packet in the armored text to the key, + * if it is a valid revocation signature. + * @param {String} revocationCertificate - armored revocation certificate + * @param {Date} [date] - Date to verify the certificate + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Revoked key. + * @async + */ + async applyRevocationCertificate(revocationCertificate, date = new Date(), config$1 = config) { + const input = await unarmor(revocationCertificate); + const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config$1); + const revocationSignature = packetlist.findPacket(enums.packet.signature); + if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { + throw new Error('Could not find revocation signature packet'); } - - var carry = 0; - for (var i = 0; i < b.length; i++) { - r = (a.words[i] | 0) - (b.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + if (!revocationSignature.issuerKeyID.equals(this.getKeyID())) { + throw new Error('Revocation signature does not match key'); } - for (; carry !== 0 && i < a.length; i++) { - r = (a.words[i] | 0) + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; + try { + await revocationSignature.verify(this.keyPacket, enums.signature.keyRevocation, { key: this.keyPacket }, date, undefined, config$1); + } catch (e) { + throw util.wrapError('Could not verify revocation signature', e); } + const key = this.clone(); + key.revocationSignatures.push(revocationSignature); + return key; + } - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) { - for (; i < a.length; i++) { - this.words[i] = a.words[i]; - } - } + /** + * Signs primary user of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signPrimaryUser(privateKeys, date, userID, config$1 = config) { + const { index, user } = await this.getPrimaryUser(date, userID, config$1); + const userSign = await user.certify(privateKeys, date, config$1); + const key = this.clone(); + key.users[index] = userSign; + return key; + } + + /** + * Signs all users of key + * @param {Array} privateKeys - decrypted private keys for signing + * @param {Date} [date] - Use the given date for signing, instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} Key with new certificate signature. + * @async + */ + async signAllUsers(privateKeys, date = new Date(), config$1 = config) { + const key = this.clone(); + key.users = await Promise.all(this.users.map(function(user) { + return user.certify(privateKeys, date, config$1); + })); + return key; + } + + /** + * Verifies primary user of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures, instead of the primary key + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [userID] - User ID to get instead of the primary user, if it exists + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyPrimaryUser(verificationKeys, date = new Date(), userID, config$1 = config) { + const primaryKey = this.keyPacket; + const { user } = await this.getPrimaryUser(date, userID, config$1); + const results = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; + return results; + } - this.length = Math.max(this.length, i); + /** + * Verifies all users of key + * - if no arguments are given, verifies the self certificates; + * - otherwise, verifies all certificates signed with given keys. + * @param {Array} [verificationKeys] - array of keys to verify certificate signatures + * @param {Date} [date] - Use the given date for verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} List of userID, signer's keyID and validity of signature. + * Signature validity is null if the verification keys do not correspond to the certificate. + * @async + */ + async verifyAllUsers(verificationKeys, date = new Date(), config$1 = config) { + const primaryKey = this.keyPacket; + const results = []; + await Promise.all(this.users.map(async user => { + const signatures = verificationKeys ? + await user.verifyAllCertifications(verificationKeys, date, config$1) : + [{ keyID: primaryKey.getKeyID(), valid: await user.verify(date, config$1).catch(() => false) }]; - if (a !== this) { - this.negative = 1; - } + results.push(...signatures.map( + signature => ({ + userID: user.userID ? user.userID.userID : null, + userAttribute: user.userAttribute, + keyID: signature.keyID, + valid: signature.valid + })) + ); + })); + return results; + } +} - return this.strip(); - }; +['getKeyID', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'hasSameFingerprintAs'].forEach(name => { + Key.prototype[name] = + Subkey.prototype[name]; +}); - // Subtract `num` from `this` - BN.prototype.sub = function sub (num) { - return this.clone().isub(num); - }; +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - function smallMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - var len = (self.length + num.length) | 0; - out.length = len; - len = (len - 1) | 0; - - // Peel one iteration (compiler can't do it, because of code complexity) - var a = self.words[0] | 0; - var b = num.words[0] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - var carry = (r / 0x4000000) | 0; - out.words[0] = lo; - - for (var k = 1; k < len; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = (k - j) | 0; - a = self.words[i] | 0; - b = num.words[j] | 0; - r = a * b + rword; - ncarry += (r / 0x4000000) | 0; - rword = r & 0x3ffffff; - } - out.words[k] = rword | 0; - carry = ncarry | 0; - } - if (carry !== 0) { - out.words[k] = carry | 0; - } else { - out.length--; - } - - return out.strip(); - } - - // TODO(indutny): it may be reasonable to omit it for users who don't need - // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit - // multiplication (like elliptic secp256k1). - var comb10MulTo = function comb10MulTo (self, num, out) { - var a = self.words; - var b = num.words; - var o = out.words; - var c = 0; - var lo; - var mid; - var hi; - var a0 = a[0] | 0; - var al0 = a0 & 0x1fff; - var ah0 = a0 >>> 13; - var a1 = a[1] | 0; - var al1 = a1 & 0x1fff; - var ah1 = a1 >>> 13; - var a2 = a[2] | 0; - var al2 = a2 & 0x1fff; - var ah2 = a2 >>> 13; - var a3 = a[3] | 0; - var al3 = a3 & 0x1fff; - var ah3 = a3 >>> 13; - var a4 = a[4] | 0; - var al4 = a4 & 0x1fff; - var ah4 = a4 >>> 13; - var a5 = a[5] | 0; - var al5 = a5 & 0x1fff; - var ah5 = a5 >>> 13; - var a6 = a[6] | 0; - var al6 = a6 & 0x1fff; - var ah6 = a6 >>> 13; - var a7 = a[7] | 0; - var al7 = a7 & 0x1fff; - var ah7 = a7 >>> 13; - var a8 = a[8] | 0; - var al8 = a8 & 0x1fff; - var ah8 = a8 >>> 13; - var a9 = a[9] | 0; - var al9 = a9 & 0x1fff; - var ah9 = a9 >>> 13; - var b0 = b[0] | 0; - var bl0 = b0 & 0x1fff; - var bh0 = b0 >>> 13; - var b1 = b[1] | 0; - var bl1 = b1 & 0x1fff; - var bh1 = b1 >>> 13; - var b2 = b[2] | 0; - var bl2 = b2 & 0x1fff; - var bh2 = b2 >>> 13; - var b3 = b[3] | 0; - var bl3 = b3 & 0x1fff; - var bh3 = b3 >>> 13; - var b4 = b[4] | 0; - var bl4 = b4 & 0x1fff; - var bh4 = b4 >>> 13; - var b5 = b[5] | 0; - var bl5 = b5 & 0x1fff; - var bh5 = b5 >>> 13; - var b6 = b[6] | 0; - var bl6 = b6 & 0x1fff; - var bh6 = b6 >>> 13; - var b7 = b[7] | 0; - var bl7 = b7 & 0x1fff; - var bh7 = b7 >>> 13; - var b8 = b[8] | 0; - var bl8 = b8 & 0x1fff; - var bh8 = b8 >>> 13; - var b9 = b[9] | 0; - var bl9 = b9 & 0x1fff; - var bh9 = b9 >>> 13; - - out.negative = self.negative ^ num.negative; - out.length = 19; - /* k = 0 */ - lo = Math.imul(al0, bl0); - mid = Math.imul(al0, bh0); - mid = (mid + Math.imul(ah0, bl0)) | 0; - hi = Math.imul(ah0, bh0); - var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; - w0 &= 0x3ffffff; - /* k = 1 */ - lo = Math.imul(al1, bl0); - mid = Math.imul(al1, bh0); - mid = (mid + Math.imul(ah1, bl0)) | 0; - hi = Math.imul(ah1, bh0); - lo = (lo + Math.imul(al0, bl1)) | 0; - mid = (mid + Math.imul(al0, bh1)) | 0; - mid = (mid + Math.imul(ah0, bl1)) | 0; - hi = (hi + Math.imul(ah0, bh1)) | 0; - var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; - w1 &= 0x3ffffff; - /* k = 2 */ - lo = Math.imul(al2, bl0); - mid = Math.imul(al2, bh0); - mid = (mid + Math.imul(ah2, bl0)) | 0; - hi = Math.imul(ah2, bh0); - lo = (lo + Math.imul(al1, bl1)) | 0; - mid = (mid + Math.imul(al1, bh1)) | 0; - mid = (mid + Math.imul(ah1, bl1)) | 0; - hi = (hi + Math.imul(ah1, bh1)) | 0; - lo = (lo + Math.imul(al0, bl2)) | 0; - mid = (mid + Math.imul(al0, bh2)) | 0; - mid = (mid + Math.imul(ah0, bl2)) | 0; - hi = (hi + Math.imul(ah0, bh2)) | 0; - var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; - w2 &= 0x3ffffff; - /* k = 3 */ - lo = Math.imul(al3, bl0); - mid = Math.imul(al3, bh0); - mid = (mid + Math.imul(ah3, bl0)) | 0; - hi = Math.imul(ah3, bh0); - lo = (lo + Math.imul(al2, bl1)) | 0; - mid = (mid + Math.imul(al2, bh1)) | 0; - mid = (mid + Math.imul(ah2, bl1)) | 0; - hi = (hi + Math.imul(ah2, bh1)) | 0; - lo = (lo + Math.imul(al1, bl2)) | 0; - mid = (mid + Math.imul(al1, bh2)) | 0; - mid = (mid + Math.imul(ah1, bl2)) | 0; - hi = (hi + Math.imul(ah1, bh2)) | 0; - lo = (lo + Math.imul(al0, bl3)) | 0; - mid = (mid + Math.imul(al0, bh3)) | 0; - mid = (mid + Math.imul(ah0, bl3)) | 0; - hi = (hi + Math.imul(ah0, bh3)) | 0; - var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; - w3 &= 0x3ffffff; - /* k = 4 */ - lo = Math.imul(al4, bl0); - mid = Math.imul(al4, bh0); - mid = (mid + Math.imul(ah4, bl0)) | 0; - hi = Math.imul(ah4, bh0); - lo = (lo + Math.imul(al3, bl1)) | 0; - mid = (mid + Math.imul(al3, bh1)) | 0; - mid = (mid + Math.imul(ah3, bl1)) | 0; - hi = (hi + Math.imul(ah3, bh1)) | 0; - lo = (lo + Math.imul(al2, bl2)) | 0; - mid = (mid + Math.imul(al2, bh2)) | 0; - mid = (mid + Math.imul(ah2, bl2)) | 0; - hi = (hi + Math.imul(ah2, bh2)) | 0; - lo = (lo + Math.imul(al1, bl3)) | 0; - mid = (mid + Math.imul(al1, bh3)) | 0; - mid = (mid + Math.imul(ah1, bl3)) | 0; - hi = (hi + Math.imul(ah1, bh3)) | 0; - lo = (lo + Math.imul(al0, bl4)) | 0; - mid = (mid + Math.imul(al0, bh4)) | 0; - mid = (mid + Math.imul(ah0, bl4)) | 0; - hi = (hi + Math.imul(ah0, bh4)) | 0; - var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; - w4 &= 0x3ffffff; - /* k = 5 */ - lo = Math.imul(al5, bl0); - mid = Math.imul(al5, bh0); - mid = (mid + Math.imul(ah5, bl0)) | 0; - hi = Math.imul(ah5, bh0); - lo = (lo + Math.imul(al4, bl1)) | 0; - mid = (mid + Math.imul(al4, bh1)) | 0; - mid = (mid + Math.imul(ah4, bl1)) | 0; - hi = (hi + Math.imul(ah4, bh1)) | 0; - lo = (lo + Math.imul(al3, bl2)) | 0; - mid = (mid + Math.imul(al3, bh2)) | 0; - mid = (mid + Math.imul(ah3, bl2)) | 0; - hi = (hi + Math.imul(ah3, bh2)) | 0; - lo = (lo + Math.imul(al2, bl3)) | 0; - mid = (mid + Math.imul(al2, bh3)) | 0; - mid = (mid + Math.imul(ah2, bl3)) | 0; - hi = (hi + Math.imul(ah2, bh3)) | 0; - lo = (lo + Math.imul(al1, bl4)) | 0; - mid = (mid + Math.imul(al1, bh4)) | 0; - mid = (mid + Math.imul(ah1, bl4)) | 0; - hi = (hi + Math.imul(ah1, bh4)) | 0; - lo = (lo + Math.imul(al0, bl5)) | 0; - mid = (mid + Math.imul(al0, bh5)) | 0; - mid = (mid + Math.imul(ah0, bl5)) | 0; - hi = (hi + Math.imul(ah0, bh5)) | 0; - var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; - w5 &= 0x3ffffff; - /* k = 6 */ - lo = Math.imul(al6, bl0); - mid = Math.imul(al6, bh0); - mid = (mid + Math.imul(ah6, bl0)) | 0; - hi = Math.imul(ah6, bh0); - lo = (lo + Math.imul(al5, bl1)) | 0; - mid = (mid + Math.imul(al5, bh1)) | 0; - mid = (mid + Math.imul(ah5, bl1)) | 0; - hi = (hi + Math.imul(ah5, bh1)) | 0; - lo = (lo + Math.imul(al4, bl2)) | 0; - mid = (mid + Math.imul(al4, bh2)) | 0; - mid = (mid + Math.imul(ah4, bl2)) | 0; - hi = (hi + Math.imul(ah4, bh2)) | 0; - lo = (lo + Math.imul(al3, bl3)) | 0; - mid = (mid + Math.imul(al3, bh3)) | 0; - mid = (mid + Math.imul(ah3, bl3)) | 0; - hi = (hi + Math.imul(ah3, bh3)) | 0; - lo = (lo + Math.imul(al2, bl4)) | 0; - mid = (mid + Math.imul(al2, bh4)) | 0; - mid = (mid + Math.imul(ah2, bl4)) | 0; - hi = (hi + Math.imul(ah2, bh4)) | 0; - lo = (lo + Math.imul(al1, bl5)) | 0; - mid = (mid + Math.imul(al1, bh5)) | 0; - mid = (mid + Math.imul(ah1, bl5)) | 0; - hi = (hi + Math.imul(ah1, bh5)) | 0; - lo = (lo + Math.imul(al0, bl6)) | 0; - mid = (mid + Math.imul(al0, bh6)) | 0; - mid = (mid + Math.imul(ah0, bl6)) | 0; - hi = (hi + Math.imul(ah0, bh6)) | 0; - var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; - w6 &= 0x3ffffff; - /* k = 7 */ - lo = Math.imul(al7, bl0); - mid = Math.imul(al7, bh0); - mid = (mid + Math.imul(ah7, bl0)) | 0; - hi = Math.imul(ah7, bh0); - lo = (lo + Math.imul(al6, bl1)) | 0; - mid = (mid + Math.imul(al6, bh1)) | 0; - mid = (mid + Math.imul(ah6, bl1)) | 0; - hi = (hi + Math.imul(ah6, bh1)) | 0; - lo = (lo + Math.imul(al5, bl2)) | 0; - mid = (mid + Math.imul(al5, bh2)) | 0; - mid = (mid + Math.imul(ah5, bl2)) | 0; - hi = (hi + Math.imul(ah5, bh2)) | 0; - lo = (lo + Math.imul(al4, bl3)) | 0; - mid = (mid + Math.imul(al4, bh3)) | 0; - mid = (mid + Math.imul(ah4, bl3)) | 0; - hi = (hi + Math.imul(ah4, bh3)) | 0; - lo = (lo + Math.imul(al3, bl4)) | 0; - mid = (mid + Math.imul(al3, bh4)) | 0; - mid = (mid + Math.imul(ah3, bl4)) | 0; - hi = (hi + Math.imul(ah3, bh4)) | 0; - lo = (lo + Math.imul(al2, bl5)) | 0; - mid = (mid + Math.imul(al2, bh5)) | 0; - mid = (mid + Math.imul(ah2, bl5)) | 0; - hi = (hi + Math.imul(ah2, bh5)) | 0; - lo = (lo + Math.imul(al1, bl6)) | 0; - mid = (mid + Math.imul(al1, bh6)) | 0; - mid = (mid + Math.imul(ah1, bl6)) | 0; - hi = (hi + Math.imul(ah1, bh6)) | 0; - lo = (lo + Math.imul(al0, bl7)) | 0; - mid = (mid + Math.imul(al0, bh7)) | 0; - mid = (mid + Math.imul(ah0, bl7)) | 0; - hi = (hi + Math.imul(ah0, bh7)) | 0; - var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; - w7 &= 0x3ffffff; - /* k = 8 */ - lo = Math.imul(al8, bl0); - mid = Math.imul(al8, bh0); - mid = (mid + Math.imul(ah8, bl0)) | 0; - hi = Math.imul(ah8, bh0); - lo = (lo + Math.imul(al7, bl1)) | 0; - mid = (mid + Math.imul(al7, bh1)) | 0; - mid = (mid + Math.imul(ah7, bl1)) | 0; - hi = (hi + Math.imul(ah7, bh1)) | 0; - lo = (lo + Math.imul(al6, bl2)) | 0; - mid = (mid + Math.imul(al6, bh2)) | 0; - mid = (mid + Math.imul(ah6, bl2)) | 0; - hi = (hi + Math.imul(ah6, bh2)) | 0; - lo = (lo + Math.imul(al5, bl3)) | 0; - mid = (mid + Math.imul(al5, bh3)) | 0; - mid = (mid + Math.imul(ah5, bl3)) | 0; - hi = (hi + Math.imul(ah5, bh3)) | 0; - lo = (lo + Math.imul(al4, bl4)) | 0; - mid = (mid + Math.imul(al4, bh4)) | 0; - mid = (mid + Math.imul(ah4, bl4)) | 0; - hi = (hi + Math.imul(ah4, bh4)) | 0; - lo = (lo + Math.imul(al3, bl5)) | 0; - mid = (mid + Math.imul(al3, bh5)) | 0; - mid = (mid + Math.imul(ah3, bl5)) | 0; - hi = (hi + Math.imul(ah3, bh5)) | 0; - lo = (lo + Math.imul(al2, bl6)) | 0; - mid = (mid + Math.imul(al2, bh6)) | 0; - mid = (mid + Math.imul(ah2, bl6)) | 0; - hi = (hi + Math.imul(ah2, bh6)) | 0; - lo = (lo + Math.imul(al1, bl7)) | 0; - mid = (mid + Math.imul(al1, bh7)) | 0; - mid = (mid + Math.imul(ah1, bl7)) | 0; - hi = (hi + Math.imul(ah1, bh7)) | 0; - lo = (lo + Math.imul(al0, bl8)) | 0; - mid = (mid + Math.imul(al0, bh8)) | 0; - mid = (mid + Math.imul(ah0, bl8)) | 0; - hi = (hi + Math.imul(ah0, bh8)) | 0; - var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; - w8 &= 0x3ffffff; - /* k = 9 */ - lo = Math.imul(al9, bl0); - mid = Math.imul(al9, bh0); - mid = (mid + Math.imul(ah9, bl0)) | 0; - hi = Math.imul(ah9, bh0); - lo = (lo + Math.imul(al8, bl1)) | 0; - mid = (mid + Math.imul(al8, bh1)) | 0; - mid = (mid + Math.imul(ah8, bl1)) | 0; - hi = (hi + Math.imul(ah8, bh1)) | 0; - lo = (lo + Math.imul(al7, bl2)) | 0; - mid = (mid + Math.imul(al7, bh2)) | 0; - mid = (mid + Math.imul(ah7, bl2)) | 0; - hi = (hi + Math.imul(ah7, bh2)) | 0; - lo = (lo + Math.imul(al6, bl3)) | 0; - mid = (mid + Math.imul(al6, bh3)) | 0; - mid = (mid + Math.imul(ah6, bl3)) | 0; - hi = (hi + Math.imul(ah6, bh3)) | 0; - lo = (lo + Math.imul(al5, bl4)) | 0; - mid = (mid + Math.imul(al5, bh4)) | 0; - mid = (mid + Math.imul(ah5, bl4)) | 0; - hi = (hi + Math.imul(ah5, bh4)) | 0; - lo = (lo + Math.imul(al4, bl5)) | 0; - mid = (mid + Math.imul(al4, bh5)) | 0; - mid = (mid + Math.imul(ah4, bl5)) | 0; - hi = (hi + Math.imul(ah4, bh5)) | 0; - lo = (lo + Math.imul(al3, bl6)) | 0; - mid = (mid + Math.imul(al3, bh6)) | 0; - mid = (mid + Math.imul(ah3, bl6)) | 0; - hi = (hi + Math.imul(ah3, bh6)) | 0; - lo = (lo + Math.imul(al2, bl7)) | 0; - mid = (mid + Math.imul(al2, bh7)) | 0; - mid = (mid + Math.imul(ah2, bl7)) | 0; - hi = (hi + Math.imul(ah2, bh7)) | 0; - lo = (lo + Math.imul(al1, bl8)) | 0; - mid = (mid + Math.imul(al1, bh8)) | 0; - mid = (mid + Math.imul(ah1, bl8)) | 0; - hi = (hi + Math.imul(ah1, bh8)) | 0; - lo = (lo + Math.imul(al0, bl9)) | 0; - mid = (mid + Math.imul(al0, bh9)) | 0; - mid = (mid + Math.imul(ah0, bl9)) | 0; - hi = (hi + Math.imul(ah0, bh9)) | 0; - var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; - w9 &= 0x3ffffff; - /* k = 10 */ - lo = Math.imul(al9, bl1); - mid = Math.imul(al9, bh1); - mid = (mid + Math.imul(ah9, bl1)) | 0; - hi = Math.imul(ah9, bh1); - lo = (lo + Math.imul(al8, bl2)) | 0; - mid = (mid + Math.imul(al8, bh2)) | 0; - mid = (mid + Math.imul(ah8, bl2)) | 0; - hi = (hi + Math.imul(ah8, bh2)) | 0; - lo = (lo + Math.imul(al7, bl3)) | 0; - mid = (mid + Math.imul(al7, bh3)) | 0; - mid = (mid + Math.imul(ah7, bl3)) | 0; - hi = (hi + Math.imul(ah7, bh3)) | 0; - lo = (lo + Math.imul(al6, bl4)) | 0; - mid = (mid + Math.imul(al6, bh4)) | 0; - mid = (mid + Math.imul(ah6, bl4)) | 0; - hi = (hi + Math.imul(ah6, bh4)) | 0; - lo = (lo + Math.imul(al5, bl5)) | 0; - mid = (mid + Math.imul(al5, bh5)) | 0; - mid = (mid + Math.imul(ah5, bl5)) | 0; - hi = (hi + Math.imul(ah5, bh5)) | 0; - lo = (lo + Math.imul(al4, bl6)) | 0; - mid = (mid + Math.imul(al4, bh6)) | 0; - mid = (mid + Math.imul(ah4, bl6)) | 0; - hi = (hi + Math.imul(ah4, bh6)) | 0; - lo = (lo + Math.imul(al3, bl7)) | 0; - mid = (mid + Math.imul(al3, bh7)) | 0; - mid = (mid + Math.imul(ah3, bl7)) | 0; - hi = (hi + Math.imul(ah3, bh7)) | 0; - lo = (lo + Math.imul(al2, bl8)) | 0; - mid = (mid + Math.imul(al2, bh8)) | 0; - mid = (mid + Math.imul(ah2, bl8)) | 0; - hi = (hi + Math.imul(ah2, bh8)) | 0; - lo = (lo + Math.imul(al1, bl9)) | 0; - mid = (mid + Math.imul(al1, bh9)) | 0; - mid = (mid + Math.imul(ah1, bl9)) | 0; - hi = (hi + Math.imul(ah1, bh9)) | 0; - var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; - w10 &= 0x3ffffff; - /* k = 11 */ - lo = Math.imul(al9, bl2); - mid = Math.imul(al9, bh2); - mid = (mid + Math.imul(ah9, bl2)) | 0; - hi = Math.imul(ah9, bh2); - lo = (lo + Math.imul(al8, bl3)) | 0; - mid = (mid + Math.imul(al8, bh3)) | 0; - mid = (mid + Math.imul(ah8, bl3)) | 0; - hi = (hi + Math.imul(ah8, bh3)) | 0; - lo = (lo + Math.imul(al7, bl4)) | 0; - mid = (mid + Math.imul(al7, bh4)) | 0; - mid = (mid + Math.imul(ah7, bl4)) | 0; - hi = (hi + Math.imul(ah7, bh4)) | 0; - lo = (lo + Math.imul(al6, bl5)) | 0; - mid = (mid + Math.imul(al6, bh5)) | 0; - mid = (mid + Math.imul(ah6, bl5)) | 0; - hi = (hi + Math.imul(ah6, bh5)) | 0; - lo = (lo + Math.imul(al5, bl6)) | 0; - mid = (mid + Math.imul(al5, bh6)) | 0; - mid = (mid + Math.imul(ah5, bl6)) | 0; - hi = (hi + Math.imul(ah5, bh6)) | 0; - lo = (lo + Math.imul(al4, bl7)) | 0; - mid = (mid + Math.imul(al4, bh7)) | 0; - mid = (mid + Math.imul(ah4, bl7)) | 0; - hi = (hi + Math.imul(ah4, bh7)) | 0; - lo = (lo + Math.imul(al3, bl8)) | 0; - mid = (mid + Math.imul(al3, bh8)) | 0; - mid = (mid + Math.imul(ah3, bl8)) | 0; - hi = (hi + Math.imul(ah3, bh8)) | 0; - lo = (lo + Math.imul(al2, bl9)) | 0; - mid = (mid + Math.imul(al2, bh9)) | 0; - mid = (mid + Math.imul(ah2, bl9)) | 0; - hi = (hi + Math.imul(ah2, bh9)) | 0; - var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; - w11 &= 0x3ffffff; - /* k = 12 */ - lo = Math.imul(al9, bl3); - mid = Math.imul(al9, bh3); - mid = (mid + Math.imul(ah9, bl3)) | 0; - hi = Math.imul(ah9, bh3); - lo = (lo + Math.imul(al8, bl4)) | 0; - mid = (mid + Math.imul(al8, bh4)) | 0; - mid = (mid + Math.imul(ah8, bl4)) | 0; - hi = (hi + Math.imul(ah8, bh4)) | 0; - lo = (lo + Math.imul(al7, bl5)) | 0; - mid = (mid + Math.imul(al7, bh5)) | 0; - mid = (mid + Math.imul(ah7, bl5)) | 0; - hi = (hi + Math.imul(ah7, bh5)) | 0; - lo = (lo + Math.imul(al6, bl6)) | 0; - mid = (mid + Math.imul(al6, bh6)) | 0; - mid = (mid + Math.imul(ah6, bl6)) | 0; - hi = (hi + Math.imul(ah6, bh6)) | 0; - lo = (lo + Math.imul(al5, bl7)) | 0; - mid = (mid + Math.imul(al5, bh7)) | 0; - mid = (mid + Math.imul(ah5, bl7)) | 0; - hi = (hi + Math.imul(ah5, bh7)) | 0; - lo = (lo + Math.imul(al4, bl8)) | 0; - mid = (mid + Math.imul(al4, bh8)) | 0; - mid = (mid + Math.imul(ah4, bl8)) | 0; - hi = (hi + Math.imul(ah4, bh8)) | 0; - lo = (lo + Math.imul(al3, bl9)) | 0; - mid = (mid + Math.imul(al3, bh9)) | 0; - mid = (mid + Math.imul(ah3, bl9)) | 0; - hi = (hi + Math.imul(ah3, bh9)) | 0; - var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; - w12 &= 0x3ffffff; - /* k = 13 */ - lo = Math.imul(al9, bl4); - mid = Math.imul(al9, bh4); - mid = (mid + Math.imul(ah9, bl4)) | 0; - hi = Math.imul(ah9, bh4); - lo = (lo + Math.imul(al8, bl5)) | 0; - mid = (mid + Math.imul(al8, bh5)) | 0; - mid = (mid + Math.imul(ah8, bl5)) | 0; - hi = (hi + Math.imul(ah8, bh5)) | 0; - lo = (lo + Math.imul(al7, bl6)) | 0; - mid = (mid + Math.imul(al7, bh6)) | 0; - mid = (mid + Math.imul(ah7, bl6)) | 0; - hi = (hi + Math.imul(ah7, bh6)) | 0; - lo = (lo + Math.imul(al6, bl7)) | 0; - mid = (mid + Math.imul(al6, bh7)) | 0; - mid = (mid + Math.imul(ah6, bl7)) | 0; - hi = (hi + Math.imul(ah6, bh7)) | 0; - lo = (lo + Math.imul(al5, bl8)) | 0; - mid = (mid + Math.imul(al5, bh8)) | 0; - mid = (mid + Math.imul(ah5, bl8)) | 0; - hi = (hi + Math.imul(ah5, bh8)) | 0; - lo = (lo + Math.imul(al4, bl9)) | 0; - mid = (mid + Math.imul(al4, bh9)) | 0; - mid = (mid + Math.imul(ah4, bl9)) | 0; - hi = (hi + Math.imul(ah4, bh9)) | 0; - var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; - w13 &= 0x3ffffff; - /* k = 14 */ - lo = Math.imul(al9, bl5); - mid = Math.imul(al9, bh5); - mid = (mid + Math.imul(ah9, bl5)) | 0; - hi = Math.imul(ah9, bh5); - lo = (lo + Math.imul(al8, bl6)) | 0; - mid = (mid + Math.imul(al8, bh6)) | 0; - mid = (mid + Math.imul(ah8, bl6)) | 0; - hi = (hi + Math.imul(ah8, bh6)) | 0; - lo = (lo + Math.imul(al7, bl7)) | 0; - mid = (mid + Math.imul(al7, bh7)) | 0; - mid = (mid + Math.imul(ah7, bl7)) | 0; - hi = (hi + Math.imul(ah7, bh7)) | 0; - lo = (lo + Math.imul(al6, bl8)) | 0; - mid = (mid + Math.imul(al6, bh8)) | 0; - mid = (mid + Math.imul(ah6, bl8)) | 0; - hi = (hi + Math.imul(ah6, bh8)) | 0; - lo = (lo + Math.imul(al5, bl9)) | 0; - mid = (mid + Math.imul(al5, bh9)) | 0; - mid = (mid + Math.imul(ah5, bl9)) | 0; - hi = (hi + Math.imul(ah5, bh9)) | 0; - var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; - w14 &= 0x3ffffff; - /* k = 15 */ - lo = Math.imul(al9, bl6); - mid = Math.imul(al9, bh6); - mid = (mid + Math.imul(ah9, bl6)) | 0; - hi = Math.imul(ah9, bh6); - lo = (lo + Math.imul(al8, bl7)) | 0; - mid = (mid + Math.imul(al8, bh7)) | 0; - mid = (mid + Math.imul(ah8, bl7)) | 0; - hi = (hi + Math.imul(ah8, bh7)) | 0; - lo = (lo + Math.imul(al7, bl8)) | 0; - mid = (mid + Math.imul(al7, bh8)) | 0; - mid = (mid + Math.imul(ah7, bl8)) | 0; - hi = (hi + Math.imul(ah7, bh8)) | 0; - lo = (lo + Math.imul(al6, bl9)) | 0; - mid = (mid + Math.imul(al6, bh9)) | 0; - mid = (mid + Math.imul(ah6, bl9)) | 0; - hi = (hi + Math.imul(ah6, bh9)) | 0; - var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; - w15 &= 0x3ffffff; - /* k = 16 */ - lo = Math.imul(al9, bl7); - mid = Math.imul(al9, bh7); - mid = (mid + Math.imul(ah9, bl7)) | 0; - hi = Math.imul(ah9, bh7); - lo = (lo + Math.imul(al8, bl8)) | 0; - mid = (mid + Math.imul(al8, bh8)) | 0; - mid = (mid + Math.imul(ah8, bl8)) | 0; - hi = (hi + Math.imul(ah8, bh8)) | 0; - lo = (lo + Math.imul(al7, bl9)) | 0; - mid = (mid + Math.imul(al7, bh9)) | 0; - mid = (mid + Math.imul(ah7, bl9)) | 0; - hi = (hi + Math.imul(ah7, bh9)) | 0; - var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; - w16 &= 0x3ffffff; - /* k = 17 */ - lo = Math.imul(al9, bl8); - mid = Math.imul(al9, bh8); - mid = (mid + Math.imul(ah9, bl8)) | 0; - hi = Math.imul(ah9, bh8); - lo = (lo + Math.imul(al8, bl9)) | 0; - mid = (mid + Math.imul(al8, bh9)) | 0; - mid = (mid + Math.imul(ah8, bl9)) | 0; - hi = (hi + Math.imul(ah8, bh9)) | 0; - var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; - w17 &= 0x3ffffff; - /* k = 18 */ - lo = Math.imul(al9, bl9); - mid = Math.imul(al9, bh9); - mid = (mid + Math.imul(ah9, bl9)) | 0; - hi = Math.imul(ah9, bh9); - var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; - c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; - w18 &= 0x3ffffff; - o[0] = w0; - o[1] = w1; - o[2] = w2; - o[3] = w3; - o[4] = w4; - o[5] = w5; - o[6] = w6; - o[7] = w7; - o[8] = w8; - o[9] = w9; - o[10] = w10; - o[11] = w11; - o[12] = w12; - o[13] = w13; - o[14] = w14; - o[15] = w15; - o[16] = w16; - o[17] = w17; - o[18] = w18; - if (c !== 0) { - o[19] = c; - out.length++; - } - return out; - }; - // Polyfill comb - if (!Math.imul) { - comb10MulTo = smallMulTo; - } - - function bigMulTo (self, num, out) { - out.negative = num.negative ^ self.negative; - out.length = self.length + num.length; - - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = self.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; +/** + * Class that represents an OpenPGP Public Key + */ +class PublicKey extends Key { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.keyPacket = null; + this.revocationSignatures = []; + this.directSignatures = []; + this.users = []; + this.subkeys = []; + if (packetlist) { + this.packetListToStructure(packetlist, new Set([enums.packet.secretKey, enums.packet.secretSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing public-key packet'); } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; } - - return out.strip(); } - function jumboMulTo (self, num, out) { - var fftm = new FFTM(); - return fftm.mulp(self, num, out); + /** + * Returns true if this is a private key + * @returns {false} + */ + isPrivate() { + return false; } - BN.prototype.mulTo = function mulTo (num, out) { - var res; - var len = this.length + num.length; - if (this.length === 10 && num.length === 10) { - res = comb10MulTo(this, num, out); - } else if (len < 63) { - res = smallMulTo(this, num, out); - } else if (len < 1024) { - res = bigMulTo(this, num, out); - } else { - res = jumboMulTo(this, num, out); - } - - return res; - }; - - // Cooley-Tukey algorithm for FFT - // slightly revisited to rely on looping instead of recursion - - function FFTM (x, y) { - this.x = x; - this.y = y; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + return this; } - FFTM.prototype.makeRBT = function makeRBT (N) { - var t = new Array(N); - var l = BN.prototype._countBits(N) - 1; - for (var i = 0; i < N; i++) { - t[i] = this.revBin(i, l, N); - } - - return t; - }; - - // Returns binary-reversed representation of `x` - FFTM.prototype.revBin = function revBin (x, l, N) { - if (x === 0 || x === N - 1) return x; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } +} - var rb = 0; - for (var i = 0; i < l; i++) { - rb |= (x & 1) << (l - i - 1); - x >>= 1; +/** + * Class that represents an OpenPGP Private key + */ +class PrivateKey extends PublicKey { + /** + * @param {PacketList} packetlist - The packets that form this key + */ + constructor(packetlist) { + super(); + this.packetListToStructure(packetlist, new Set([enums.packet.publicKey, enums.packet.publicSubkey])); + if (!this.keyPacket) { + throw new Error('Invalid key: missing private-key packet'); } + } - return rb; - }; + /** + * Returns true if this is a private key + * @returns {Boolean} + */ + isPrivate() { + return true; + } - // Performs "tweedling" phase, therefore 'emulating' - // behaviour of the recursive algorithm - FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { - for (var i = 0; i < N; i++) { - rtws[i] = rws[rbt[i]]; - itws[i] = iws[rbt[i]]; + /** + * Returns key as public key (shallow copy) + * @returns {PublicKey} New public Key + */ + toPublic() { + const packetlist = new PacketList(); + const keyPackets = this.toPacketList(); + for (const keyPacket of keyPackets) { + switch (keyPacket.constructor.tag) { + case enums.packet.secretKey: { + const pubKeyPacket = PublicKeyPacket.fromSecretKeyPacket(keyPacket); + packetlist.push(pubKeyPacket); + break; + } + case enums.packet.secretSubkey: { + const pubSubkeyPacket = PublicSubkeyPacket.fromSecretSubkeyPacket(keyPacket); + packetlist.push(pubSubkeyPacket); + break; + } + default: + packetlist.push(keyPacket); + } } - }; - - FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { - this.permute(rbt, rws, iws, rtws, itws, N); - - for (var s = 1; s < N; s <<= 1) { - var l = s << 1; - - var rtwdf = Math.cos(2 * Math.PI / l); - var itwdf = Math.sin(2 * Math.PI / l); - - for (var p = 0; p < N; p += l) { - var rtwdf_ = rtwdf; - var itwdf_ = itwdf; - - for (var j = 0; j < s; j++) { - var re = rtws[p + j]; - var ie = itws[p + j]; - - var ro = rtws[p + j + s]; - var io = itws[p + j + s]; - - var rx = rtwdf_ * ro - itwdf_ * io; - - io = rtwdf_ * io + itwdf_ * ro; - ro = rx; - - rtws[p + j] = re + ro; - itws[p + j] = ie + io; + return new PublicKey(packetlist); + } - rtws[p + j + s] = re - ro; - itws[p + j + s] = ie - io; + /** + * Returns ASCII armored text of key + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config$1); + } - /* jshint maxdepth : false */ - if (j !== l) { - rx = rtwdf * rtwdf_ - itwdf * itwdf_; + /** + * Returns all keys that are available for decryption, matching the keyID when given + * This is useful to retrieve keys for session key decryption + * @param {module:type/keyid~KeyID} keyID, optional + * @param {Date} date, optional + * @param {String} userID, optional + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} Array of decryption keys. + * @throws {Error} if no decryption key is found + * @async + */ + async getDecryptionKeys(keyID, date = new Date(), userID = {}, config$1 = config) { + const primaryKey = this.keyPacket; + const keys = []; + let exception = null; + for (let i = 0; i < this.subkeys.length; i++) { + if (!keyID || this.subkeys[i].getKeyID().equals(keyID, true)) { + if (this.subkeys[i].keyPacket.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); + continue; + } - itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; - rtwdf_ = rx; + try { + const dataToVerify = { key: primaryKey, bind: this.subkeys[i].keyPacket }; + const bindingSignature = await getLatestValidSignature(this.subkeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config$1); + if (validateDecryptionKeyPacket(this.subkeys[i].keyPacket, bindingSignature, config$1)) { + keys.push(this.subkeys[i]); } + } catch (e) { + exception = e; } } } - }; - - FFTM.prototype.guessLen13b = function guessLen13b (n, m) { - var N = Math.max(m, n) | 1; - var odd = N & 1; - var i = 0; - for (N = N / 2 | 0; N; N = N >>> 1) { - i++; - } - - return 1 << i + 1 + odd; - }; - - FFTM.prototype.conjugate = function conjugate (rws, iws, N) { - if (N <= 1) return; - - for (var i = 0; i < N / 2; i++) { - var t = rws[i]; - - rws[i] = rws[N - i - 1]; - rws[N - i - 1] = t; - - t = iws[i]; - - iws[i] = -iws[N - i - 1]; - iws[N - i - 1] = -t; - } - }; - - FFTM.prototype.normalize13b = function normalize13b (ws, N) { - var carry = 0; - for (var i = 0; i < N / 2; i++) { - var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + - Math.round(ws[2 * i] / N) + - carry; - ws[i] = w & 0x3ffffff; - - if (w < 0x4000000) { - carry = 0; + // evaluate primary key + const selfCertification = await this.getPrimarySelfSignature(date, userID, config$1); + if ((!keyID || primaryKey.getKeyID().equals(keyID, true)) && validateDecryptionKeyPacket(primaryKey, selfCertification, config$1)) { + if (primaryKey.isDummy()) { + exception = exception || new Error('Gnu-dummy key packets cannot be used for decryption'); } else { - carry = w / 0x4000000 | 0; + keys.push(this); } } - return ws; - }; - - FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { - var carry = 0; - for (var i = 0; i < len; i++) { - carry = carry + (ws[i] | 0); - - rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; - rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; - } - - // Pad with zeroes - for (i = 2 * len; i < N; ++i) { - rws[i] = 0; - } - - assert(carry === 0); - assert((carry & ~0x1fff) === 0); - }; - - FFTM.prototype.stub = function stub (N) { - var ph = new Array(N); - for (var i = 0; i < N; i++) { - ph[i] = 0; - } - - return ph; - }; - - FFTM.prototype.mulp = function mulp (x, y, out) { - var N = 2 * this.guessLen13b(x.length, y.length); - - var rbt = this.makeRBT(N); - - var _ = this.stub(N); - - var rws = new Array(N); - var rwst = new Array(N); - var iwst = new Array(N); - - var nrws = new Array(N); - var nrwst = new Array(N); - var niwst = new Array(N); - - var rmws = out.words; - rmws.length = N; - - this.convert13b(x.words, x.length, rws, N); - this.convert13b(y.words, y.length, nrws, N); - - this.transform(rws, _, rwst, iwst, N, rbt); - this.transform(nrws, _, nrwst, niwst, N, rbt); - - for (var i = 0; i < N; i++) { - var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; - iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; - rwst[i] = rx; - } - - this.conjugate(rwst, iwst, N); - this.transform(rwst, iwst, rmws, _, N, rbt); - this.conjugate(rmws, _, N); - this.normalize13b(rmws, N); - - out.negative = x.negative ^ y.negative; - out.length = x.length + y.length; - return out.strip(); - }; - - // Multiply `this` by `num` - BN.prototype.mul = function mul (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); - }; - - // Multiply employing FFT - BN.prototype.mulf = function mulf (num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return jumboMulTo(this, num, out); - }; - - // In-place Multiplication - BN.prototype.imul = function imul (num) { - return this.clone().mulTo(num, this); - }; - - BN.prototype.imuln = function imuln (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = (this.words[i] | 0) * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; - } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; + if (keys.length === 0) { + // eslint-disable-next-line @typescript-eslint/no-throw-literal + throw exception || new Error('No decryption key packets found'); } - return this; - }; - - BN.prototype.muln = function muln (num) { - return this.clone().imuln(num); - }; - - // `this` * `this` - BN.prototype.sqr = function sqr () { - return this.mul(this); - }; - - // `this` * `this` in-place - BN.prototype.isqr = function isqr () { - return this.imul(this.clone()); - }; + return keys; + } - // Math.pow(`this`, `num`) - BN.prototype.pow = function pow (num) { - var w = toBitArray(num); - if (w.length === 0) return new BN(1); + /** + * Returns true if the primary key or any subkey is decrypted. + * A dummy key is considered encrypted. + */ + isDecrypted() { + return this.getKeys().some(({ keyPacket }) => keyPacket.isDecrypted()); + } - // Skip leading zeroes - var res = this; - for (var i = 0; i < w.length; i++, res = res.sqr()) { - if (w[i] !== 0) break; + /** + * Check whether the private and public primary key parameters correspond + * Together with verification of binding signatures, this guarantees key integrity + * In case of gnu-dummy primary key, it is enough to validate any signing subkeys + * otherwise all encryption subkeys are validated + * If only gnu-dummy keys are found, we cannot properly validate so we throw an error + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @throws {Error} if validation was not successful and the key cannot be trusted + * @async + */ + async validate(config$1 = config) { + if (!this.isPrivate()) { + throw new Error('Cannot validate a public key'); } - if (++i < w.length) { - for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { - if (w[i] === 0) continue; - - res = res.mul(q); + let signingKeyPacket; + if (!this.keyPacket.isDummy()) { + signingKeyPacket = this.keyPacket; + } else { + /** + * It is enough to validate any signing keys + * since its binding signatures are also checked + */ + const signingKey = await this.getSigningKey(null, null, undefined, { ...config$1, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 }); + // This could again be a dummy key + if (signingKey && !signingKey.keyPacket.isDummy()) { + signingKeyPacket = signingKey.keyPacket; } } - return res; - }; - - // Shift-left in-place - BN.prototype.iushln = function iushln (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - var i; - - if (r !== 0) { - var carry = 0; - - for (i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = ((this.words[i] | 0) - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); + if (signingKeyPacket) { + return signingKeyPacket.validate(); + } else { + const keys = this.getKeys(); + const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean); + if (allDummies) { + throw new Error('Cannot validate an all-gnu-dummy key'); } - if (carry) { - this.words[i] = carry; - this.length++; - } + return Promise.all(keys.map(async key => key.keyPacket.validate())); } + } - if (s !== 0) { - for (i = this.length - 1; i >= 0; i--) { - this.words[i + s] = this.words[i]; - } - - for (i = 0; i < s; i++) { - this.words[i] = 0; + /** + * Clear private key parameters + */ + clearPrivateParams() { + this.getKeys().forEach(({ keyPacket }) => { + if (keyPacket.isDecrypted()) { + keyPacket.clearPrivateParams(); } + }); + } - this.length += s; + /** + * Revokes the key + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New key with revocation signature. + * @async + */ + async revoke( + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config$1 = config + ) { + if (!this.isPrivate()) { + throw new Error('Need private key for revoking'); } + const dataToSign = { key: this.keyPacket }; + const key = this.clone(); + key.revocationSignatures.push(await createSignaturePacket(dataToSign, [], this.keyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, undefined, undefined, config$1)); + return key; + } - return this.strip(); - }; - - BN.prototype.ishln = function ishln (bits) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushln(bits); - }; - // Shift-right in-place - // NOTE: `hint` is a lowest bit before trailing zeroes - // NOTE: if `extended` is present - it will be filled with destroyed bits - BN.prototype.iushrn = function iushrn (bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) { - h = (hint - (hint % 26)) / 26; - } else { - h = 0; + /** + * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. + * Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519. + * Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys. + * @param {ecc|rsa|curve25519|curve448} options.type The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format). + * Note: Curve448 and Curve25519 are not widely supported yet. + * @param {String} options.curve (optional) Elliptic curve for ECC keys + * @param {Integer} options.rsaBits (optional) Number of bits for RSA subkeys + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date (optional) Override the creation date of the key and the key signatures + * @param {Boolean} options.sign (optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false + * @param {Object} options.config (optional) custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} + * @async + */ + async addSubkey(options = {}) { + const config$1 = { ...config, ...options.config }; + if (options.passphrase) { + throw new Error('Subkey could not be encrypted here, please encrypt whole key'); } - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; - - h -= s; - h = Math.max(0, h); - - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) { - maskedWords.words[i] = this.words[i]; - } - maskedWords.length = s; + if (options.rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${options.rsaBits}`); } - - if (s === 0) ; else if (this.length > s) { - this.length -= s; - for (i = 0; i < this.length; i++) { - this.words[i] = this.words[i + s]; - } - } else { - this.words[0] = 0; - this.length = 1; + const secretKeyPacket = this.keyPacket; + if (secretKeyPacket.isDummy()) { + throw new Error('Cannot add subkey to gnu-dummy primary key'); } - - var carry = 0; - for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i] | 0; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; + if (!secretKeyPacket.isDecrypted()) { + throw new Error('Key is not decrypted'); } + const defaultOptions = secretKeyPacket.getAlgorithmInfo(); + defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm); + defaultOptions.rsaBits = defaultOptions.bits || 4096; + defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy'; + options = sanitizeKeyOptions(options, defaultOptions); + // Every subkey for a v4 primary key MUST be a v4 subkey. + // Every subkey for a v6 primary key MUST be a v6 subkey. + // For v5 keys, since we dropped generation support, a v4 subkey is added. + // The config is always overwritten since we cannot tell if the defaultConfig was changed by the user. + const keyPacket = await generateSecretSubkey(options, { ...config$1, v6Keys: this.keyPacket.version === 6 }); + checkKeyRequirements(keyPacket, config$1); + const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options, config$1); + const packetList = this.toPacketList(); + packetList.push(keyPacket, bindingSignature); + return new PrivateKey(packetList); + } +} - // Push carried bits as a mask - if (maskedWords && carry !== 0) { - maskedWords.words[maskedWords.length++] = carry; - } +function getDefaultSubkeyType(algoName) { + const algo = enums.write(enums.publicKey, algoName); + // NB: no encryption-only algos, since they cannot be in primary keys + switch (algo) { + case enums.publicKey.rsaEncrypt: + case enums.publicKey.rsaEncryptSign: + case enums.publicKey.rsaSign: + case enums.publicKey.dsa: + return 'rsa'; + case enums.publicKey.ecdsa: + case enums.publicKey.eddsaLegacy: + return 'ecc'; + case enums.publicKey.ed25519: + return 'curve25519'; + case enums.publicKey.ed448: + return 'curve448'; + default: + throw new Error('Unsupported algorithm'); + } +} - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2015-2016 Decentral +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - return this.strip(); - }; - BN.prototype.ishrn = function ishrn (bits, hint, extended) { - // TODO(indutny): implement me - assert(this.negative === 0); - return this.iushrn(bits, hint, extended); - }; +// A Key can contain the following packets +const allowedKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([ + PublicKeyPacket, + PublicSubkeyPacket, + SecretKeyPacket, + SecretSubkeyPacket, + UserIDPacket, + UserAttributePacket, + SignaturePacket +]); - // Shift-left - BN.prototype.shln = function shln (bits) { - return this.clone().ishln(bits); - }; +/** + * Creates a PublicKey or PrivateKey depending on the packetlist in input + * @param {PacketList} - packets to parse + * @return {Key} parsed key + * @throws if no key packet was found + */ +function createKey(packetlist) { + for (const packet of packetlist) { + switch (packet.constructor.tag) { + case enums.packet.secretKey: + return new PrivateKey(packetlist); + case enums.packet.publicKey: + return new PublicKey(packetlist); + } + } + throw new Error('No key packet found'); +} - BN.prototype.ushln = function ushln (bits) { - return this.clone().iushln(bits); - }; - // Shift-right - BN.prototype.shrn = function shrn (bits) { - return this.clone().ishrn(bits); - }; +/** + * Generates a new OpenPGP key. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * @param {ecc|rsa|curve448|curve25519} options.type The primary key algorithm type: ECC, RSA, Curve448 or Curve25519 (new format). + * @param {String} options.curve Elliptic curve for ECC keys + * @param {Integer} options.rsaBits Number of bits for RSA keys + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime (optional) Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Creation date of the key and the key signatures + * @param {Object} config - Full configuration + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function generate(options, config) { + options.sign = true; // primary key is always a signing key + options = sanitizeKeyOptions(options); + options.subkeys = options.subkeys.map((subkey, index) => sanitizeKeyOptions(options.subkeys[index], options)); + let promises = [generateSecretKey(options, config)]; + promises = promises.concat(options.subkeys.map(options => generateSecretSubkey(options, config))); + const packets = await Promise.all(promises); - BN.prototype.ushrn = function ushrn (bits) { - return this.clone().iushrn(bits); - }; + const key = await wrapKeyObject(packets[0], packets.slice(1), options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; +} - // Test if n bit is set - BN.prototype.testn = function testn (bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; +/** + * Reformats and signs an OpenPGP key with a given User ID. Currently only supports RSA keys. + * @param {PrivateKey} options.privateKey The private key to reformat + * @param {Array} options.userIDs User IDs as strings or objects: 'Jo Doe ' or { name:'Jo Doe', email:'info@jo.com' } + * @param {String} options.passphrase Passphrase used to encrypt the resulting private key + * @param {Number} options.keyExpirationTime Number of seconds from the key creation time after which the key expires + * @param {Date} options.date Override the creation date of the key signatures + * @param {Array} options.subkeys (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] + * @param {Object} config - Full configuration + * + * @returns {Promise<{{ key: PrivateKey, revocationCertificate: String }}>} + * @async + * @static + * @private + */ +async function reformat(options, config) { + options = sanitize(options); + const { privateKey } = options; - // Fast case: bit is much higher than all existing words - if (this.length <= s) return false; + if (!privateKey.isPrivate()) { + throw new Error('Cannot reformat a public key'); + } - // Check bit and return - var w = this.words[s]; + if (privateKey.keyPacket.isDummy()) { + throw new Error('Cannot reformat a gnu-dummy primary key'); + } - return !!(w & q); - }; + const isDecrypted = privateKey.getKeys().every(({ keyPacket }) => keyPacket.isDecrypted()); + if (!isDecrypted) { + throw new Error('Key is not decrypted'); + } - // Return only lowers bits of number (in-place) - BN.prototype.imaskn = function imaskn (bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; + const secretKeyPacket = privateKey.keyPacket; - assert(this.negative === 0, 'imaskn works only with positive numbers'); + if (!options.subkeys) { + options.subkeys = await Promise.all(privateKey.subkeys.map(async subkey => { + const secretSubkeyPacket = subkey.keyPacket; + const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket }; + const bindingSignature = await ( + getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config) + ).catch(() => ({})); + return { + sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData) + }; + })); + } - if (this.length <= s) { - return this; - } + const secretSubkeyPackets = privateKey.subkeys.map(subkey => subkey.keyPacket); + if (options.subkeys.length !== secretSubkeyPackets.length) { + throw new Error('Number of subkey options does not match number of subkeys'); + } - if (r !== 0) { - s++; - } - this.length = Math.min(s, this.length); + options.subkeys = options.subkeys.map(subkeyOptions => sanitize(subkeyOptions, options)); - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } + const key = await wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config); + const revocationCertificate = await key.getRevocationCertificate(options.date, config); + key.revocationSignatures = []; + return { key, revocationCertificate }; - return this.strip(); - }; + function sanitize(options, subkeyDefaults = {}) { + options.keyExpirationTime = options.keyExpirationTime || subkeyDefaults.keyExpirationTime; + options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; + options.date = options.date || subkeyDefaults.date; - // Return only lowers bits of number - BN.prototype.maskn = function maskn (bits) { - return this.clone().imaskn(bits); - }; + return options; + } +} - // Add plain number `num` to `this` - BN.prototype.iaddn = function iaddn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.isubn(-num); - - // Possible sign change - if (this.negative !== 0) { - if (this.length === 1 && (this.words[0] | 0) < num) { - this.words[0] = num - (this.words[0] | 0); - this.negative = 0; - return this; - } +/** + * Construct PrivateKey object from the given key packets, add certification signatures and set passphrase protection + * The new key includes a revocation certificate that must be removed before returning the key, otherwise the key is considered revoked. + * @param {SecretKeyPacket} secretKeyPacket + * @param {SecretSubkeyPacket} secretSubkeyPackets + * @param {Object} options + * @param {Object} config - Full configuration + * @returns {PrivateKey} + */ +async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, config) { + // set passphrase protection + if (options.passphrase) { + await secretKeyPacket.encrypt(options.passphrase, config); + } - this.negative = 0; - this.isubn(num); - this.negative = 1; - return this; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + await secretSubkeyPacket.encrypt(subkeyPassphrase, config); } + })); - // Add without checks - return this._iaddn(num); - }; + const packetlist = new PacketList(); + packetlist.push(secretKeyPacket); - BN.prototype._iaddn = function _iaddn (num) { - this.words[0] += num; + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) { - this.words[i + 1] = 1; - } else { - this.words[i + 1]++; - } + function getKeySignatureProperties() { + const signatureProperties = {}; + signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; + const symmetricAlgorithms = createPreferredAlgos([ + // prefer aes256, aes128, no aes192 (no Web Crypto support in Chrome: https://www.chromium.org/blink/webcrypto#TOC-AES-support) + enums.symmetric.aes256, + enums.symmetric.aes128 + ], config.preferredSymmetricAlgorithm); + signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms; + if (config.aeadProtect) { + const aeadAlgorithms = createPreferredAlgos([ + enums.aead.gcm, + enums.aead.eax, + enums.aead.ocb + ], config.preferredAEADAlgorithm); + signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => { + return symmetricAlgorithms.map(symmetricAlgorithm => { + return [symmetricAlgorithm, aeadAlgorithm]; + }); + }); } - this.length = Math.max(this.length, i + 1); - - return this; - }; - - // Subtract plain number `num` from `this` - BN.prototype.isubn = function isubn (num) { - assert(typeof num === 'number'); - assert(num < 0x4000000); - if (num < 0) return this.iaddn(-num); - - if (this.negative !== 0) { - this.negative = 0; - this.iaddn(num); - this.negative = 1; - return this; + signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ + // prefer fast asm.js implementations (SHA-256) + enums.hash.sha256, + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 + ], config.preferredHashAlgorithm); + signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ + enums.compression.uncompressed, + enums.compression.zlib, + enums.compression.zip + ], config.preferredCompressionAlgorithm); + // integrity protection always enabled + signatureProperties.features = [0]; + signatureProperties.features[0] |= enums.features.modificationDetection; + if (config.aeadProtect) { + signatureProperties.features[0] |= enums.features.seipdv2; } - - this.words[0] -= num; - - if (this.length === 1 && this.words[0] < 0) { - this.words[0] = -this.words[0]; - this.negative = 1; - } else { - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } + if (options.keyExpirationTime > 0) { + signatureProperties.keyExpirationTime = options.keyExpirationTime; + signatureProperties.keyNeverExpires = false; } + return signatureProperties; + } - return this.strip(); - }; - - BN.prototype.addn = function addn (num) { - return this.clone().iaddn(num); - }; - - BN.prototype.subn = function subn (num) { - return this.clone().isubn(num); - }; - - BN.prototype.iabs = function iabs () { - this.negative = 0; - - return this; - }; - - BN.prototype.abs = function abs () { - return this.clone().iabs(); - }; + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; - BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { - var len = num.length + shift; - var i; + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; - this._expand(len); + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } - var w; - var carry = 0; - for (i = 0; i < num.length; i++) { - w = (this.words[i + shift] | 0) + carry; - var right = (num.words[i] | 0) * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - w = (this.words[i + shift] | 0) + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certPositive; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; } - if (carry === 0) return this.strip(); + const signaturePacket = await createSignaturePacket(dataToSign, [], secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (i = 0; i < this.length; i++) { - w = -(this.words[i] | 0) + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; - } - this.negative = 1; + return { userIDPacket, signaturePacket }; + })).then(list => { + list.forEach(({ userIDPacket, signaturePacket }) => { + packetlist.push(userIDPacket); + packetlist.push(signaturePacket); + }); + }); - return this.strip(); - }; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyOptions = options.subkeys[index]; + const subkeySignaturePacket = await createBindingSignature(secretSubkeyPacket, secretKeyPacket, subkeyOptions, config); + return { secretSubkeyPacket, subkeySignaturePacket }; + })).then(packets => { + packets.forEach(({ secretSubkeyPacket, subkeySignaturePacket }) => { + packetlist.push(secretSubkeyPacket); + packetlist.push(subkeySignaturePacket); + }); + }); - BN.prototype._wordDiv = function _wordDiv (num, mode) { - var shift = this.length - num.length; + // Add revocation signature packet for creating a revocation certificate. + // This packet should be removed before returning the key. + const dataToSign = { key: secretKeyPacket }; + packetlist.push(await createSignaturePacket(dataToSign, [], secretKeyPacket, { + signatureType: enums.signature.keyRevocation, + reasonForRevocationFlag: enums.reasonForRevocation.noReason, + reasonForRevocationString: '' + }, options.date, undefined, undefined, undefined, config)); - var a = this.clone(); - var b = num; + if (options.passphrase) { + secretKeyPacket.clearPrivateParams(); + } - // Normalize - var bhi = b.words[b.length - 1] | 0; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.ushln(shift); - a.iushln(shift); - bhi = b.words[b.length - 1] | 0; + await Promise.all(secretSubkeyPackets.map(async function(secretSubkeyPacket, index) { + const subkeyPassphrase = options.subkeys[index].passphrase; + if (subkeyPassphrase) { + secretSubkeyPacket.clearPrivateParams(); } + })); - // Initialize quotient - var m = a.length - b.length; - var q; + return new PrivateKey(packetlist); +} - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) { - q.words[i] = 0; - } - } +/** + * Reads an (optionally armored) OpenPGP key and returns a key object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (diff.negative === 0) { - a = diff; - if (q) { - q.words[m] = 1; - } + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.publicKey || type === enums.armor.privateKey)) { + throw new Error('Armored text not of type key'); } + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]); + return createKey(firstKeyPacketList); +} - for (var j = m - 1; j >= 0; j--) { - var qj = (a.words[b.length + j] | 0) * 0x4000000 + - (a.words[b.length + j - 1] | 0); - - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); +/** + * Reads an (optionally armored) OpenPGP private key and returns a PrivateKey object + * @param {Object} options + * @param {String} [options.armoredKey] - Armored key to be parsed + * @param {Uint8Array} [options.binaryKey] - Binary key to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Key object. + * @async + * @static + */ +async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!armoredKey && !binaryKey) { + throw new Error('readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`'); + } + if (armoredKey && !util.isString(armoredKey)) { + throw new Error('readPrivateKey: options.armoredKey must be a string'); + } + if (binaryKey && !util.isUint8Array(binaryKey)) { + throw new Error('readPrivateKey: options.binaryKey must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - a._ishlnsubmul(b, qj, j); - while (a.negative !== 0) { - qj--; - a.negative = 0; - a._ishlnsubmul(b, 1, j); - if (!a.isZero()) { - a.negative ^= 1; - } - } - if (q) { - q.words[j] = qj; - } - } - if (q) { - q.strip(); + let input; + if (armoredKey) { + const { type, data } = await unarmor(armoredKey); + if (!(type === enums.armor.privateKey)) { + throw new Error('Armored text not of type private key'); } - a.strip(); - - // Denormalize - if (mode !== 'div' && shift !== 0) { - a.iushrn(shift); + input = data; + } else { + input = binaryKey; + } + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; } + const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + return new PrivateKey(firstPrivateKeyList); + } + throw new Error('No secret key packet found'); +} - return { - div: q || null, - mod: a - }; - }; +/** + * Reads an (optionally armored) OpenPGP key block and returns a list of key objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readKeys({ armoredKeys, binaryKeys, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readKeys: options.binaryKeys must be a Uint8Array'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - // NOTE: 1) `mode` can be set to `mod` to request mod only, - // to `div` to request div only, or be absent to - // request both div & mod - // 2) `positive` is true if unsigned mod is requested - BN.prototype.divmod = function divmod (num, mode, positive) { - assert(!num.isZero()); + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.publicKey && type !== enums.armor.privateKey) { + throw new Error('Armored text not of type key'); + } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + if (keyIndex.length === 0) { + throw new Error('No key packet found'); + } + for (let i = 0; i < keyIndex.length; i++) { + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = createKey(oneKeyList); + keys.push(newKey); + } + return keys; +} - if (this.isZero()) { - return { - div: new BN(0), - mod: new BN(0) - }; +/** + * Reads an (optionally armored) OpenPGP private key block and returns a list of PrivateKey objects + * @param {Object} options + * @param {String} [options.armoredKeys] - Armored keys to be parsed + * @param {Uint8Array} [options.binaryKeys] - Binary keys to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Key objects. + * @async + * @static + */ +async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) { + config$1 = { ...config, ...config$1 }; + let input = armoredKeys || binaryKeys; + if (!input) { + throw new Error('readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`'); + } + if (armoredKeys && !util.isString(armoredKeys)) { + throw new Error('readPrivateKeys: options.armoredKeys must be a string'); + } + if (binaryKeys && !util.isUint8Array(binaryKeys)) { + throw new Error('readPrivateKeys: options.binaryKeys must be a Uint8Array'); + } + if (armoredKeys) { + const { type, data } = await unarmor(armoredKeys); + if (type !== enums.armor.privateKey) { + throw new Error('Armored text not of type private key'); } + input = data; + } + const keys = []; + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1); + const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); + for (let i = 0; i < keyIndex.length; i++) { + if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) { + continue; + } + const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); + const newKey = new PrivateKey(oneKeyList); + keys.push(newKey); + } + if (keys.length === 0) { + throw new Error('No secret key packet found'); + } + return keys; +} - var div, mod, res; - if (this.negative !== 0 && num.negative === 0) { - res = this.neg().divmod(num, mode); - - if (mode !== 'mod') { - div = res.div.neg(); - } +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.iadd(num); - } - } - return { - div: div, - mod: mod - }; - } +// A Message can contain the following packets +const allowedMessagePackets = /*#__PURE__*/ util.constructAllowedPackets([ + LiteralDataPacket, + CompressedDataPacket, + AEADEncryptedDataPacket, + SymEncryptedIntegrityProtectedDataPacket, + SymmetricallyEncryptedDataPacket, + PublicKeyEncryptedSessionKeyPacket, + SymEncryptedSessionKeyPacket, + OnePassSignaturePacket, + SignaturePacket +]); +// A SKESK packet can contain the following packets +const allowedSymSessionKeyPackets = /*#__PURE__*/ util.constructAllowedPackets([SymEncryptedSessionKeyPacket]); +// A detached signature can contain the following packets +const allowedDetachedSignaturePackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - if (this.negative === 0 && num.negative !== 0) { - res = this.divmod(num.neg(), mode); +/** + * Class that represents an OpenPGP message. + * Can be an encrypted message, signed message, compressed message or literal message + * See {@link https://tools.ietf.org/html/rfc4880#section-11.3} + */ +class Message { + /** + * @param {PacketList} packetlist - The packets that form this message + */ + constructor(packetlist) { + this.packets = packetlist || new PacketList(); + } - if (mode !== 'mod') { - div = res.div.neg(); - } + /** + * Returns the key IDs of the keys to which the session key is encrypted + * @returns {Array} Array of keyID objects. + */ + getEncryptionKeyIDs() { + const keyIDs = []; + const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + pkESKeyPacketlist.forEach(function(packet) { + keyIDs.push(packet.publicKeyID); + }); + return keyIDs; + } - return { - div: div, - mod: res.mod - }; + /** + * Returns the key IDs of the keys that signed the message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const msg = this.unwrapCompressed(); + // search for one pass signatures + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); + if (onePassSigList.length > 0) { + return onePassSigList.map(packet => packet.issuerKeyID); } + // if nothing found look for signature packets + const signatureList = msg.packets.filterByTag(enums.packet.signature); + return signatureList.map(packet => packet.issuerKeyID); + } - if ((this.negative & num.negative) !== 0) { - res = this.neg().divmod(num.neg(), mode); - - if (mode !== 'div') { - mod = res.mod.neg(); - if (positive && mod.negative !== 0) { - mod.isub(num); - } - } + /** + * Decrypt the message. Either a private key, a session key, or a password must be specified. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {Array} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Date} [date] - Use the given date for key verification instead of the current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with decrypted content. + * @async + */ + async decrypt(decryptionKeys, passwords, sessionKeys, date = new Date(), config$1 = config) { + const symEncryptedPacketlist = this.packets.filterByTag( + enums.packet.symmetricallyEncryptedData, + enums.packet.symEncryptedIntegrityProtectedData, + enums.packet.aeadEncryptedData + ); - return { - div: res.div, - mod: mod - }; + if (symEncryptedPacketlist.length === 0) { + throw new Error('No encrypted data found'); } - // Both numbers are positive at this point + const symEncryptedPacket = symEncryptedPacketlist[0]; + const expectedSymmetricAlgorithm = symEncryptedPacket.cipherAlgorithm; - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) { - return { - div: new BN(0), - mod: this - }; - } + const sessionKeyObjects = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date, config$1); - // Very short reduction - if (num.length === 1) { - if (mode === 'div') { - return { - div: this.divn(num.words[0]), - mod: null - }; + let exception = null; + const decryptedPromise = Promise.all(sessionKeyObjects.map(async ({ algorithm: algorithmName, data }) => { + if (!util.isUint8Array(data) || (!symEncryptedPacket.cipherAlgorithm && !util.isString(algorithmName))) { + throw new Error('Invalid session key for decryption.'); } - if (mode === 'mod') { - return { - div: null, - mod: new BN(this.modn(num.words[0])) - }; + try { + const algo = symEncryptedPacket.cipherAlgorithm || enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.decrypt(algo, data, config$1); + } catch (e) { + util.printDebugError(e); + exception = e; } + })); + // We don't await stream.cancel here because it only returns when the other copy is canceled too. + cancel(symEncryptedPacket.encrypted); // Don't keep copy of encrypted data in memory. + symEncryptedPacket.encrypted = null; + await decryptedPromise; - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; - } - - return this._wordDiv(num, mode); - }; - - // Find `this` / `num` - BN.prototype.div = function div (num) { - return this.divmod(num, 'div', false).div; - }; - - // Find `this` % `num` - BN.prototype.mod = function mod (num) { - return this.divmod(num, 'mod', false).mod; - }; - - BN.prototype.umod = function umod (num) { - return this.divmod(num, 'mod', true).mod; - }; - - // Find Round(`this` / `num`) - BN.prototype.divRound = function divRound (num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.isZero()) return dm.div; - - var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; - - var half = num.ushrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); - - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; - - // Round up - return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); - }; - - BN.prototype.modn = function modn (num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; - - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) { - acc = (p * acc + (this.words[i] | 0)) % num; + if (!symEncryptedPacket.packets || !symEncryptedPacket.packets.length) { + throw exception || new Error('Decryption failed.'); } - return acc; - }; - - // In-place division by number - BN.prototype.idivn = function idivn (num) { - assert(num <= 0x3ffffff); - - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = (this.words[i] | 0) + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; - } + const resultMsg = new Message(symEncryptedPacket.packets); + symEncryptedPacket.packets = new PacketList(); // remove packets after decryption - return this.strip(); - }; + return resultMsg; + } - BN.prototype.divn = function divn (num) { - return this.clone().idivn(num); - }; + /** + * Decrypt encrypted session keys either with private keys or passwords. + * @param {Array} [decryptionKeys] - Private keys with decrypted secret data + * @param {Array} [passwords] - Passwords used to decrypt + * @param {enums.symmetric} [expectedSymmetricAlgorithm] - The symmetric algorithm the SEIPDv2 / AEAD packet is encrypted with (if applicable) + * @param {Date} [date] - Use the given date for key verification, instead of current time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise>} array of object with potential sessionKey, algorithm pairs + * @async + */ + async decryptSessionKeys(decryptionKeys, passwords, expectedSymmetricAlgorithm, date = new Date(), config$1 = config) { + let decryptedSessionKeyPackets = []; - BN.prototype.egcd = function egcd (p) { - assert(p.negative === 0); - assert(!p.isZero()); + let exception; + if (passwords) { + const skeskPackets = this.packets.filterByTag(enums.packet.symEncryptedSessionKey); + if (skeskPackets.length === 0) { + throw new Error('No symmetrically encrypted session key packet found.'); + } + await Promise.all(passwords.map(async function(password, i) { + let packets; + if (i) { + packets = await PacketList.fromBinary(skeskPackets.write(), allowedSymSessionKeyPackets, config$1); + } else { + packets = skeskPackets; + } + await Promise.all(packets.map(async function(skeskPacket) { + try { + await skeskPacket.decrypt(password); + decryptedSessionKeyPackets.push(skeskPacket); + } catch (err) { + util.printDebugError(err); + if (err instanceof Argon2OutOfMemoryError) { + exception = err; + } + } + })); + })); + } else if (decryptionKeys) { + const pkeskPackets = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); + if (pkeskPackets.length === 0) { + throw new Error('No public key encrypted session key packet found.'); + } + await Promise.all(pkeskPackets.map(async function(pkeskPacket) { + await Promise.all(decryptionKeys.map(async function(decryptionKey) { + let decryptionKeyPackets; + try { + // do not check key expiration to allow decryption of old messages + decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(pkeskPacket.publicKeyID, null, undefined, config$1)).map(key => key.keyPacket); + } catch (err) { + exception = err; + return; + } - var x = this; - var y = p.clone(); + let algos = [ + enums.symmetric.aes256, // Old OpenPGP.js default fallback + enums.symmetric.aes128, // RFC4880bis fallback + enums.symmetric.tripledes, // RFC4880 fallback + enums.symmetric.cast5 // Golang OpenPGP fallback + ]; + try { + const selfCertification = await decryptionKey.getPrimarySelfSignature(date, undefined, config$1); // TODO: Pass userID from somewhere. + if (selfCertification.preferredSymmetricAlgorithms) { + algos = algos.concat(selfCertification.preferredSymmetricAlgorithms); + } + } catch (e) {} - if (x.negative !== 0) { - x = x.umod(p); - } else { - x = x.clone(); - } + await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) { + if (!decryptionKeyPacket.isDecrypted()) { + throw new Error('Decryption key is not decrypted.'); + } - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); + // To hinder CCA attacks against PKCS1, we carry out a constant-time decryption flow if the `constantTimePKCS1Decryption` config option is set. + const doConstantTimeDecryption = config$1.constantTimePKCS1Decryption && ( + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncrypt || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaEncryptSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.rsaSign || + pkeskPacket.publicKeyAlgorithm === enums.publicKey.elgamal + ); - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); + if (doConstantTimeDecryption) { + // The goal is to not reveal whether PKESK decryption (specifically the PKCS1 decoding step) failed, hence, we always proceed to decrypt the message, + // either with the successfully decrypted session key, or with a randomly generated one. + // Since the SEIP/AEAD's symmetric algorithm and key size are stored in the encrypted portion of the PKESK, and the execution flow cannot depend on + // the decrypted payload, we always assume the message to be encrypted with one of the symmetric algorithms specified in `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`: + // - If the PKESK decryption succeeds, and the session key cipher is in the supported set, then we try to decrypt the data with the decrypted session key as well as with the + // randomly generated keys of the remaining key types. + // - If the PKESK decryptions fails, or if it succeeds but support for the cipher is not enabled, then we discard the session key and try to decrypt the data using only the randomly + // generated session keys. + // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail. - var g = 0; + const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times + await Promise.all(( + expectedSymmetricAlgorithm ? + [expectedSymmetricAlgorithm] : + Array.from(config$1.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms) + ).map(async sessionKeyAlgorithm => { + const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket(); + pkeskPacketCopy.read(serialisedPKESK); + const randomSessionKey = { + sessionKeyAlgorithm, + sessionKey: mod$1.generateSessionKey(sessionKeyAlgorithm) + }; + try { + await pkeskPacketCopy.decrypt(decryptionKeyPacket, randomSessionKey); + decryptedSessionKeyPackets.push(pkeskPacketCopy); + } catch (err) { + // `decrypt` can still throw some non-security-sensitive errors + util.printDebugError(err); + exception = err; + } + })); - while (x.isEven() && y.isEven()) { - x.iushrn(1); - y.iushrn(1); - ++g; + } else { + try { + await pkeskPacket.decrypt(decryptionKeyPacket); + const symmetricAlgorithm = expectedSymmetricAlgorithm || pkeskPacket.sessionKeyAlgorithm; + if (symmetricAlgorithm && !algos.includes(enums.write(enums.symmetric, symmetricAlgorithm))) { + throw new Error('A non-preferred symmetric algorithm was used.'); + } + decryptedSessionKeyPackets.push(pkeskPacket); + } catch (err) { + util.printDebugError(err); + exception = err; + } + } + })); + })); + cancel(pkeskPacket.encrypted); // Don't keep copy of encrypted data in memory. + pkeskPacket.encrypted = null; + })); + } else { + throw new Error('No key or password specified.'); } - var yp = y.clone(); - var xp = x.clone(); - - while (!x.isZero()) { - for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - x.iushrn(i); - while (i-- > 0) { - if (A.isOdd() || B.isOdd()) { - A.iadd(yp); - B.isub(xp); - } - - A.iushrn(1); - B.iushrn(1); - } - } - - for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - y.iushrn(j); - while (j-- > 0) { - if (C.isOdd() || D.isOdd()) { - C.iadd(yp); - D.isub(xp); + if (decryptedSessionKeyPackets.length > 0) { + // Return only unique session keys + if (decryptedSessionKeyPackets.length > 1) { + const seen = new Set(); + decryptedSessionKeyPackets = decryptedSessionKeyPackets.filter(item => { + const k = item.sessionKeyAlgorithm + util.uint8ArrayToString(item.sessionKey); + if (seen.has(k)) { + return false; } - - C.iushrn(1); - D.iushrn(1); - } + seen.add(k); + return true; + }); } - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } + return decryptedSessionKeyPackets.map(packet => ({ + data: packet.sessionKey, + algorithm: packet.sessionKeyAlgorithm && enums.read(enums.symmetric, packet.sessionKeyAlgorithm) + })); } + throw exception || new Error('Session key decryption failed.'); + } - return { - a: C, - b: D, - gcd: y.iushln(g) - }; - }; - - // This is reduced incarnation of the binary EEA - // above, designated to invert members of the - // _prime_ fields F(p) at a maximal speed - BN.prototype._invmp = function _invmp (p) { - assert(p.negative === 0); - assert(!p.isZero()); + /** + * Get literal data that is the body of the message + * @returns {(Uint8Array|null)} Literal body of the message as Uint8Array. + */ + getLiteralData() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getBytes()) || null; + } - var a = this; - var b = p.clone(); + /** + * Get filename from literal data packet + * @returns {(String|null)} Filename of literal data packet as string. + */ + getFilename() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + return (literal && literal.getFilename()) || null; + } - if (a.negative !== 0) { - a = a.umod(p); - } else { - a = a.clone(); + /** + * Get literal data as text + * @returns {(String|null)} Literal body of the message interpreted as text. + */ + getText() { + const msg = this.unwrapCompressed(); + const literal = msg.packets.findPacket(enums.packet.literalData); + if (literal) { + return literal.getText(); } + return null; + } - var x1 = new BN(1); - var x2 = new BN(0); - - var delta = b.clone(); - - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); - if (i > 0) { - a.iushrn(i); - while (i-- > 0) { - if (x1.isOdd()) { - x1.iadd(delta); - } + /** + * Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any. + * @param {Array} [encryptionKeys] - Public key(s) to select algorithm preferences for + * @param {Date} [date] - Date to select algorithm preferences at + * @param {Array} [userIDs] - User IDs to select algorithm preferences for + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ data: Uint8Array, algorithm: String, aeadAlgorithm: undefined|String }>} Object with session key data and algorithms. + * @async + */ + static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config$1 = config) { + const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite(encryptionKeys, date, userIDs, config$1); + const symmetricAlgoName = enums.read(enums.symmetric, symmetricAlgo); + const aeadAlgoName = aeadAlgo ? enums.read(enums.aead, aeadAlgo) : undefined; - x1.iushrn(1); + await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() + .catch(() => null) // ignore key strength requirements + .then(maybeKey => { + if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519 || maybeKey.keyPacket.algorithm === enums.publicKey.x448) && + !aeadAlgoName && !util.isAES(symmetricAlgo)) { // if AEAD is defined, then PKESK v6 are used, and the algo info is encrypted + throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); } - } - - for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); - if (j > 0) { - b.iushrn(j); - while (j-- > 0) { - if (x2.isOdd()) { - x2.iadd(delta); - } + }) + )); - x2.iushrn(1); - } - } + const sessionKeyData = mod$1.generateSessionKey(symmetricAlgo); + return { data: sessionKeyData, algorithm: symmetricAlgoName, aeadAlgorithm: aeadAlgoName }; + } - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); + /** + * Encrypt the message either with public keys, passwords, or both at once. + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - Password(s) for message encryption + * @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] } + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i] + * @param {Date} [date] - Override the creation date of the literal package + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + if (sessionKey) { + if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) { + throw new Error('Invalid session key for encryption.'); } - } - - var res; - if (a.cmpn(1) === 0) { - res = x1; + } else if (encryptionKeys && encryptionKeys.length) { + sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config$1); + } else if (passwords && passwords.length) { + sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config$1); } else { - res = x2; - } - - if (res.cmpn(0) < 0) { - res.iadd(p); - } - - return res; - }; - - BN.prototype.gcd = function gcd (num) { - if (this.isZero()) return num.abs(); - if (num.isZero()) return this.abs(); - - var a = this.clone(); - var b = num.clone(); - a.negative = 0; - b.negative = 0; - - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.iushrn(1); - b.iushrn(1); + throw new Error('No keys, passwords, or session key provided.'); } - do { - while (a.isEven()) { - a.iushrn(1); - } - while (b.isEven()) { - b.iushrn(1); - } - - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } + const { data: sessionKeyData, algorithm: algorithmName, aeadAlgorithm: aeadAlgorithmName } = sessionKey; - a.isub(b); - } while (true); + const msg = await Message.encryptSessionKey(sessionKeyData, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config$1); - return b.iushln(shift); - }; + const symEncryptedPacket = SymEncryptedIntegrityProtectedDataPacket.fromObject({ + version: aeadAlgorithmName ? 2 : 1, + aeadAlgorithm: aeadAlgorithmName ? enums.write(enums.aead, aeadAlgorithmName) : null + }); + symEncryptedPacket.packets = this.packets; - // Invert number in the field F(num) - BN.prototype.invm = function invm (num) { - return this.egcd(num).a.umod(num); - }; + const algorithm = enums.write(enums.symmetric, algorithmName); + await symEncryptedPacket.encrypt(algorithm, sessionKeyData, config$1); - BN.prototype.isEven = function isEven () { - return (this.words[0] & 1) === 0; - }; + msg.packets.push(symEncryptedPacket); + symEncryptedPacket.packets = new PacketList(); // remove packets after encryption + return msg; + } - BN.prototype.isOdd = function isOdd () { - return (this.words[0] & 1) === 1; - }; + /** + * Encrypt a session key either with public keys, passwords, or both at once. + * @param {Uint8Array} sessionKey - session key for encryption + * @param {String} algorithmName - session key algorithm + * @param {String} [aeadAlgorithmName] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {Array} [encryptionKeys] - Public key(s) for message encryption + * @param {Array} [passwords] - For message encryption + * @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs + * @param {Array} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [date] - Override the date + * @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with encrypted content. + * @async + */ + static async encryptSessionKey(sessionKey, algorithmName, aeadAlgorithmName, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config$1 = config) { + const packetlist = new PacketList(); + const symmetricAlgorithm = enums.write(enums.symmetric, algorithmName); + const aeadAlgorithm = aeadAlgorithmName && enums.write(enums.aead, aeadAlgorithmName); - // And first word and num - BN.prototype.andln = function andln (num) { - return this.words[0] & num; - }; + if (encryptionKeys) { + const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) { + const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config$1); - // Increment at the bit position in-line - BN.prototype.bincn = function bincn (bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - this._expand(s + 1); - this.words[s] |= q; - return this; - } + const pkESKeyPacket = PublicKeyEncryptedSessionKeyPacket.fromObject({ + version: aeadAlgorithm ? 6 : 3, + encryptionKeyPacket: encryptionKey.keyPacket, + anonymousRecipient: wildcard, + sessionKey, + sessionKeyAlgorithm: symmetricAlgorithm + }); - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i] | 0; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; - } - if (carry !== 0) { - this.words[i] = carry; - this.length++; + await pkESKeyPacket.encrypt(encryptionKey.keyPacket); + delete pkESKeyPacket.sessionKey; // delete plaintext session key after encryption + return pkESKeyPacket; + })); + packetlist.push(...results); } - return this; - }; - - BN.prototype.isZero = function isZero () { - return this.length === 1 && this.words[0] === 0; - }; - - BN.prototype.cmpn = function cmpn (num) { - var negative = num < 0; + if (passwords) { + const testDecrypt = async function(keyPacket, password) { + try { + await keyPacket.decrypt(password); + return 1; + } catch (e) { + return 0; + } + }; - if (this.negative !== 0 && !negative) return -1; - if (this.negative === 0 && negative) return 1; + const sum = (accumulator, currentValue) => accumulator + currentValue; - this.strip(); + const encryptPassword = async function(sessionKey, algorithm, aeadAlgorithm, password) { + const symEncryptedSessionKeyPacket = new SymEncryptedSessionKeyPacket(config$1); + symEncryptedSessionKeyPacket.sessionKey = sessionKey; + symEncryptedSessionKeyPacket.sessionKeyAlgorithm = algorithm; + if (aeadAlgorithm) { + symEncryptedSessionKeyPacket.aeadAlgorithm = aeadAlgorithm; + } + await symEncryptedSessionKeyPacket.encrypt(password, config$1); - var res; - if (this.length > 1) { - res = 1; - } else { - if (negative) { - num = -num; - } + if (config$1.passwordCollisionCheck) { + const results = await Promise.all(passwords.map(pwd => testDecrypt(symEncryptedSessionKeyPacket, pwd))); + if (results.reduce(sum) !== 1) { + return encryptPassword(sessionKey, algorithm, password); + } + } - assert(num <= 0x3ffffff, 'Number is too big'); + delete symEncryptedSessionKeyPacket.sessionKey; // delete plaintext session key after encryption + return symEncryptedSessionKeyPacket; + }; - var w = this.words[0] | 0; - res = w === num ? 0 : w < num ? -1 : 1; + const results = await Promise.all(passwords.map(pwd => encryptPassword(sessionKey, symmetricAlgorithm, aeadAlgorithm, pwd))); + packetlist.push(...results); } - if (this.negative !== 0) return -res | 0; - return res; - }; - // Compare two numbers and return: - // 1 - if `this` > `num` - // 0 - if `this` == `num` - // -1 - if `this` < `num` - BN.prototype.cmp = function cmp (num) { - if (this.negative !== 0 && num.negative === 0) return -1; - if (this.negative === 0 && num.negative !== 0) return 1; + return new Message(packetlist); + } - var res = this.ucmp(num); - if (this.negative !== 0) return -res | 0; - return res; - }; + /** + * Sign the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to add to the message + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New message with signed content. + * @async + */ + async sign(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const packetlist = new PacketList(); - // Unsigned comparison - BN.prototype.ucmp = function ucmp (num) { - // At this point both numbers have the same sign - if (this.length > num.length) return 1; - if (this.length < num.length) return -1; - - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i] | 0; - var b = num.words[i] | 0; - - if (a === b) continue; - if (a < b) { - res = -1; - } else if (a > b) { - res = 1; - } - break; + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); } - return res; - }; - - BN.prototype.gtn = function gtn (num) { - return this.cmpn(num) === 1; - }; - - BN.prototype.gt = function gt (num) { - return this.cmp(num) === 1; - }; - - BN.prototype.gten = function gten (num) { - return this.cmpn(num) >= 0; - }; - BN.prototype.gte = function gte (num) { - return this.cmp(num) >= 0; - }; + const signaturePackets = await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, false, config$1); // this returns the existing signature packets as well + const onePassSignaturePackets = signaturePackets.map( + (signaturePacket, i) => OnePassSignaturePacket.fromSignaturePacket(signaturePacket, i === 0)) + .reverse(); // innermost OPS refers to the first signature packet - BN.prototype.ltn = function ltn (num) { - return this.cmpn(num) === -1; - }; + packetlist.push(...onePassSignaturePackets); + packetlist.push(literalDataPacket); + packetlist.push(...signaturePackets); - BN.prototype.lt = function lt (num) { - return this.cmp(num) === -1; - }; + return new Message(packetlist); + } - BN.prototype.lten = function lten (num) { - return this.cmpn(num) <= 0; - }; + /** + * Compresses the message (the literal and -if signed- signature data packets of the message) + * @param {module:enums.compression} algo - compression algorithm + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Message} New message with compressed content. + */ + compress(algo, config$1 = config) { + if (algo === enums.compression.uncompressed) { + return this; + } - BN.prototype.lte = function lte (num) { - return this.cmp(num) <= 0; - }; + const compressed = new CompressedDataPacket(config$1); + compressed.algorithm = algo; + compressed.packets = this.packets; - BN.prototype.eqn = function eqn (num) { - return this.cmpn(num) === 0; - }; + const packetList = new PacketList(); + packetList.push(compressed); - BN.prototype.eq = function eq (num) { - return this.cmp(num) === 0; - }; + return new Message(packetList); + } - // - // A reduce context, could be using montgomery or something better, depending - // on the `m` itself. - // - BN.red = function red (num) { - return new Red(num); - }; + /** + * Create a detached signature for the message (the literal data packet of the message) + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creation time of the signature + * @param {Array} [signingUserIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New detached signature of message content. + * @async + */ + async signDetached(signingKeys = [], recipientKeys = [], signature = null, signingKeyIDs = [], recipientKeyIDs = [], date = new Date(), userIDs = [], notations = [], config$1 = config) { + const literalDataPacket = this.packets.findPacket(enums.packet.literalData); + if (!literalDataPacket) { + throw new Error('No literal data packet to sign.'); + } + return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, recipientKeyIDs, date, userIDs, notations, true, config$1)); + } - BN.prototype.toRed = function toRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(this.negative === 0, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); - }; + /** + * Verify message signatures + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signatures. + * @async + */ + async verify(verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + if (isArrayStream(msg.packets.stream)) { + msg.packets.push(...await readToEnd(msg.packets.stream, _ => _ || [])); + } + const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature).reverse(); + const signatureList = msg.packets.filterByTag(enums.packet.signature); + if (onePassSigList.length && !signatureList.length && util.isStream(msg.packets.stream) && !isArrayStream(msg.packets.stream)) { + await Promise.all(onePassSigList.map(async onePassSig => { + onePassSig.correspondingSig = new Promise((resolve, reject) => { + onePassSig.correspondingSigResolve = resolve; + onePassSig.correspondingSigReject = reject; + }); + onePassSig.signatureData = fromAsync(async () => (await onePassSig.correspondingSig).signatureData); + onePassSig.hashed = readToEnd(await onePassSig.hash(onePassSig.signatureType, literalDataList[0], undefined, false)); + onePassSig.hashed.catch(() => {}); + })); + msg.packets.stream = transformPair(msg.packets.stream, async (readable, writable) => { + const reader = getReader(readable); + const writer = getWriter(writable); + try { + for (let i = 0; i < onePassSigList.length; i++) { + const { value: signature } = await reader.read(); + onePassSigList[i].correspondingSigResolve(signature); + } + await reader.readToEnd(); + await writer.ready; + await writer.close(); + } catch (e) { + onePassSigList.forEach(onePassSig => { + onePassSig.correspondingSigReject(e); + }); + await writer.abort(e); + } + }); + return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config$1); + } + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config$1); + } - BN.prototype.fromRed = function fromRed () { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); - }; + /** + * Verify detached message signature + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Signature} signature + * @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verifyDetached(signature, verificationKeys, date = new Date(), config$1 = config) { + const msg = this.unwrapCompressed(); + const literalDataList = msg.packets.filterByTag(enums.packet.literalData); + if (literalDataList.length !== 1) { + throw new Error('Can only verify message with one literal data packet.'); + } + const signatureList = signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config$1); + } - BN.prototype._forceRed = function _forceRed (ctx) { - this.red = ctx; + /** + * Unwrap compressed message + * @returns {Message} Message Content of compressed message. + */ + unwrapCompressed() { + const compressed = this.packets.filterByTag(enums.packet.compressedData); + if (compressed.length) { + return new Message(compressed[0].packets); + } return this; - }; - - BN.prototype.forceRed = function forceRed (ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); - }; + } - BN.prototype.redAdd = function redAdd (num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); - }; + /** + * Append signature to unencrypted message object + * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + */ + async appendSignature(detachedSignature, config$1 = config) { + await this.packets.read( + util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, + allowedDetachedSignaturePackets, + config$1 + ); + } - BN.prototype.redIAdd = function redIAdd (num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); - }; + /** + * Returns binary encoded message + * @returns {ReadableStream} Binary message. + */ + write() { + return this.packets.write(); + } - BN.prototype.redSub = function redSub (num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); - }; + /** + * Returns ASCII armored text of message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config$1); + } +} - BN.prototype.redISub = function redISub (num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); - }; +/** + * Create signature packets for the message + * @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign + * @param {Array} [signingKeys] - private keys with decrypted secret key data for signing + * @param {Array} [recipientKeys] - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature to append + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [date] - Override the creationtime of the signature + * @param {Array} [signingUserIDs] - User IDs to sign to, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Array} [signatureSalts] - A list of signature salts matching the number of signingKeys that should be used for v6 signatures + * @param {Boolean} [detached] - Whether to create detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} List of signature packets. + * @async + * @private + */ +async function createSignaturePackets(literalDataPacket, signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], detached = false, config$1 = config) { + const packetlist = new PacketList(); - BN.prototype.redShl = function redShl (num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); - }; + // If data packet was created from Uint8Array, use binary, otherwise use text + const signatureType = literalDataPacket.text === null ? + enums.signature.binary : enums.signature.text; - BN.prototype.redMul = function redMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); - }; + await Promise.all(signingKeys.map(async (primaryKey, i) => { + const signingUserID = signingUserIDs[i]; + if (!primaryKey.isPrivate()) { + throw new Error('Need private key for signing'); + } + const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, signingUserID, config$1); + return createSignaturePacket(literalDataPacket, recipientKeys.length ? recipientKeys : [primaryKey], signingKey.keyPacket, { signatureType }, date, recipientUserIDs, notations, detached, config$1); + })).then(signatureList => { + packetlist.push(...signatureList); + }); - BN.prototype.redIMul = function redIMul (num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); - }; + if (signature) { + const existingSigPacketlist = signature.packets.filterByTag(enums.packet.signature); + packetlist.push(...existingSigPacketlist); + } + return packetlist; +} - BN.prototype.redSqr = function redSqr () { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); - }; +/** + * Create object containing signer's keyID and validity of signature + * @param {SignaturePacket} signature - Signature packet + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} [date] - Check signature validity with respect to the given date + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise<{ + * keyID: module:type/keyid~KeyID, + * signature: Promise, + * verified: Promise + * }>} signer's keyID and validity of signature + * @async + * @private + */ +async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + let primaryKey; + let unverifiedSigningKey; - BN.prototype.redISqr = function redISqr () { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); - }; + for (const key of verificationKeys) { + const issuerKeys = key.getKeys(signature.issuerKeyID); + if (issuerKeys.length > 0) { + primaryKey = key; + unverifiedSigningKey = issuerKeys[0]; + break; + } + } - // Square root over p - BN.prototype.redSqrt = function redSqrt () { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); - }; + const isOnePassSignature = signature instanceof OnePassSignaturePacket; + const signaturePacketPromise = isOnePassSignature ? signature.correspondingSig : signature; - BN.prototype.redInvm = function redInvm () { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); - }; + const verifiedSig = { + keyID: signature.issuerKeyID, + verified: (async () => { + if (!unverifiedSigningKey) { + throw new Error(`Could not find signing key with key ID ${signature.issuerKeyID.toHex()}`); + } - // Return negative clone of `this` % `red modulo` - BN.prototype.redNeg = function redNeg () { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); + await signature.verify(unverifiedSigningKey.keyPacket, signature.signatureType, literalDataList[0], date, detached, config$1); + const signaturePacket = await signaturePacketPromise; + if (unverifiedSigningKey.getCreationTime() > signaturePacket.created) { + throw new Error('Key is newer than the signature'); + } + // We pass the signature creation time to check whether the key was expired at the time of signing. + // We check this after signature verification because for streamed one-pass signatures, the creation time is not available before + try { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), signaturePacket.created, undefined, config$1); + } catch (e) { + // If a key was reformatted then the self-signatures of the signing key might be in the future compared to the message signature, + // making the key invalid at the time of signing. + // However, if the key is valid at the given `date`, we still allow using it provided the relevant `config` setting is enabled. + // Note: we do not support the edge case of a key that was reformatted and it has expired. + if (config$1.allowInsecureVerificationWithReformattedKeys && e.message.match(/Signature creation time is in the future/)) { + await primaryKey.getSigningKey(unverifiedSigningKey.getKeyID(), date, undefined, config$1); + } else { + throw e; + } + } + return true; + })(), + signature: (async () => { + const signaturePacket = await signaturePacketPromise; + const packetlist = new PacketList(); + signaturePacket && packetlist.push(signaturePacket); + return new Signature(packetlist); + })() }; - BN.prototype.redPow = function redPow (num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); - }; + // Mark potential promise rejections as "handled". This is needed because in + // some cases, we reject them before the user has a reasonable chance to + // handle them (e.g. `await readToEnd(result.data); await result.verified` and + // the data stream errors). + verifiedSig.signature.catch(() => {}); + verifiedSig.verified.catch(() => {}); - // Prime numbers with efficient reduction - var primes = { - k256: null, - p224: null, - p192: null, - p25519: null - }; + return verifiedSig; +} - // Pseudo-Mersenne prime - function MPrime (name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).iushln(this.n).isub(this.p); +/** + * Create list of objects containing signer's keyID and validity of signature + * @param {Array} signatureList - Array of signature packets + * @param {Array} literalDataList - Array of literal data packets + * @param {Array} verificationKeys - Array of public keys to verify signatures + * @param {Date} date - Verify the signature against the given date, + * i.e. check signature creation time < date < expiration time + * @param {Boolean} [detached] - Whether to verify detached signature packets + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} list of signer's keyID and validity of signatures (one entry per signature packet in input) + * @async + * @private + */ +async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config$1 = config) { + return Promise.all(signatureList.filter(function(signature) { + return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType)); + }).map(async function(signature) { + return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config$1); + })); +} - this.tmp = this._tmp(); +/** + * Reads an (optionally armored) OpenPGP message and returns a Message object + * @param {Object} options + * @param {String | ReadableStream} [options.armoredMessage] - Armored message to be parsed + * @param {Uint8Array | ReadableStream} [options.binaryMessage] - Binary to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New message object. + * @async + * @static + */ +async function readMessage({ armoredMessage, binaryMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + let input = armoredMessage || binaryMessage; + if (!input) { + throw new Error('readMessage: must pass options object containing `armoredMessage` or `binaryMessage`'); } - - MPrime.prototype._tmp = function _tmp () { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; - }; - - MPrime.prototype.ireduce = function ireduce (num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; - - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); - - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); - } - - return r; - }; - - MPrime.prototype.split = function split (input, out) { - input.iushrn(this.n, 0, out); - }; - - MPrime.prototype.imulK = function imulK (num) { - return num.imul(this.k); - }; - - function K256 () { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); + if (armoredMessage && !util.isString(armoredMessage) && !util.isStream(armoredMessage)) { + throw new Error('readMessage: options.armoredMessage must be a string or stream'); } - inherits(K256, MPrime); - - K256.prototype.split = function split (input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; - - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) { - output.words[i] = input.words[i]; - } - output.length = outLen; - - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } - - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; - - for (i = 10; i < input.length; i++) { - var next = input.words[i] | 0; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; - } - prev >>>= 22; - input.words[i - 10] = prev; - if (prev === 0 && input.length > 10) { - input.length -= 10; - } else { - input.length -= 9; - } - }; + if (binaryMessage && !util.isUint8Array(binaryMessage) && !util.isStream(binaryMessage)) { + throw new Error('readMessage: options.binaryMessage must be a Uint8Array or stream'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - K256.prototype.imulK = function imulK (num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i] | 0; - lo += w * 0x3d1; - num.words[i] = lo & 0x3ffffff; - lo = w * 0x40 + ((lo / 0x4000000) | 0); - } - - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) { - num.length--; - } + const streamType = util.isStream(input); + if (armoredMessage) { + const { type, data } = await unarmor(input); + if (type !== enums.armor.message) { + throw new Error('Armored text not of type message'); } - return num; - }; - - function P224 () { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); + input = data; } - inherits(P224, MPrime); + const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config$1); + const message = new Message(packetlist); + message.fromStream = streamType; + return message; +} - function P192 () { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); +/** + * Creates new message object from text or binary data. + * @param {Object} options + * @param {String | ReadableStream} [options.text] - The text message contents + * @param {Uint8Array | ReadableStream} [options.binary] - The binary message contents + * @param {String} [options.filename=""] - Name of the file (if any) + * @param {Date} [options.date=current date] - Date of the message, or modification date of the file + * @param {'utf8'|'binary'|'text'|'mime'} [options.format='utf8' if text is passed, 'binary' otherwise] - Data packet type + * @returns {Promise} New message object. + * @async + * @static + */ +async function createMessage({ text, binary, filename, date = new Date(), format = text !== undefined ? 'utf8' : 'binary', ...rest }) { + const input = text !== undefined ? text : binary; + if (input === undefined) { + throw new Error('createMessage: must pass options object containing `text` or `binary`'); } - inherits(P192, MPrime); - - function P25519 () { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); + if (text && !util.isString(text) && !util.isStream(text)) { + throw new Error('createMessage: options.text must be a string or stream'); + } + if (binary && !util.isUint8Array(binary) && !util.isStream(binary)) { + throw new Error('createMessage: options.binary must be a Uint8Array or stream'); } - inherits(P25519, MPrime); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - P25519.prototype.imulK = function imulK (num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = (num.words[i] | 0) * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; + const streamType = util.isStream(input); + const literalDataPacket = new LiteralDataPacket(date); + if (text !== undefined) { + literalDataPacket.setText(input, enums.write(enums.literal, format)); + } else { + literalDataPacket.setBytes(input, enums.write(enums.literal, format)); + } + if (filename !== undefined) { + literalDataPacket.setFilename(filename); + } + const literalDataPacketlist = new PacketList(); + literalDataPacketlist.push(literalDataPacket); + const message = new Message(literalDataPacketlist); + message.fromStream = streamType; + return message; +} - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) { - num.words[num.length++] = carry; - } - return num; - }; +// GPG4Browsers - An OpenPGP implementation in javascript +// Copyright (C) 2011 Recurity Labs GmbH +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Exported mostly for testing purposes, use plain name instead - BN._prime = function prime (name) { - // Cached version of prime - if (primes[name]) return primes[name]; - - var prime; - if (name === 'k256') { - prime = new K256(); - } else if (name === 'p224') { - prime = new P224(); - } else if (name === 'p192') { - prime = new P192(); - } else if (name === 'p25519') { - prime = new P25519(); - } else { - throw new Error('Unknown prime ' + name); - } - primes[name] = prime; - return prime; - }; +// A Cleartext message can contain the following packets +const allowedPackets = /*#__PURE__*/ util.constructAllowedPackets([SignaturePacket]); - // - // Base reduction engine - // - function Red (m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; - } else { - assert(m.gtn(1), 'modulus must be greater than 1'); - this.m = m; - this.prime = null; +/** + * Class that represents an OpenPGP cleartext signed message. + * See {@link https://tools.ietf.org/html/rfc4880#section-7} + */ +class CleartextMessage { + /** + * @param {String} text - The cleartext of the signed message + * @param {Signature} signature - The detached signature or an empty signature for unsigned messages + */ + constructor(text, signature) { + // remove trailing whitespace and normalize EOL to canonical form + this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n'); + if (signature && !(signature instanceof Signature)) { + throw new Error('Invalid signature input'); } + this.signature = signature || new Signature(new PacketList()); } - Red.prototype._verify1 = function _verify1 (a) { - assert(a.negative === 0, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); - }; + /** + * Returns the key IDs of the keys that signed the cleartext message + * @returns {Array} Array of keyID objects. + */ + getSigningKeyIDs() { + const keyIDs = []; + const signatureList = this.signature.packets; + signatureList.forEach(function(packet) { + keyIDs.push(packet.issuerKeyID); + }); + return keyIDs; + } - Red.prototype._verify2 = function _verify2 (a, b) { - assert((a.negative | b.negative) === 0, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); - }; + /** + * Sign the cleartext message + * @param {Array} signingKeys - private keys with decrypted secret key data for signing + * @param {Array} recipientKeys - recipient keys to get the signing preferences from + * @param {Signature} [signature] - Any existing detached signature + * @param {Array} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] + * @param {Date} [date] - The creation time of the signature that should be created + * @param {Array} [signingKeyIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }] + * @param {Array} [recipientUserIDs] - User IDs associated with `recipientKeys` to get the signing preferences from + * @param {Array} [notations] - Notation Data to add to the signatures, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }] + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New cleartext message with signed content. + * @async + */ + async sign(signingKeys, recipientKeys = [], signature = null, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], notations = [], config$1 = config) { + const literalDataPacket = new LiteralDataPacket(); + literalDataPacket.setText(this.text); + const newSignature = new Signature(await createSignaturePackets(literalDataPacket, signingKeys, recipientKeys, signature, signingKeyIDs, date, signingUserIDs, recipientUserIDs, notations, true, config$1)); + return new CleartextMessage(this.text, newSignature); + } - Red.prototype.imod = function imod (a) { - if (this.prime) return this.prime.ireduce(a)._forceRed(this); - return a.umod(this.m)._forceRed(this); - }; + /** + * Verify signatures of cleartext signed message + * @param {Array} keys - Array of keys to verify signatures + * @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise, + * verified: Promise + * }>>} List of signer's keyID and validity of signature. + * @async + */ + verify(keys, date = new Date(), config$1 = config) { + const signatureList = this.signature.packets.filterByTag(enums.packet.signature); // drop UnparsablePackets + const literalDataPacket = new LiteralDataPacket(); + // we assume that cleartext signature is generated based on UTF8 cleartext + literalDataPacket.setText(this.text); + return createVerificationObjects(signatureList, [literalDataPacket], keys, date, true, config$1); + } - Red.prototype.neg = function neg (a) { - if (a.isZero()) { - return a.clone(); - } + /** + * Get cleartext + * @returns {String} Cleartext of message. + */ + getText() { + // normalize end of line to \n + return this.text.replace(/\r\n/g, '\n'); + } - return this.m.sub(a)._forceRed(this); - }; + /** + * Returns ASCII armored text of cleartext signed message + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {String | ReadableStream} ASCII armor. + */ + armor(config$1 = config) { + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? + Array.from(new Set(this.signature.packets.map( + packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() + ))).join() : + null; - Red.prototype.add = function add (a, b) { - this._verify2(a, b); + const body = { + hash, + text: this.text, + data: this.signature.packets.write() + }; - var res = a.add(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res._forceRed(this); - }; + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config$1); + } +} - Red.prototype.iadd = function iadd (a, b) { - this._verify2(a, b); +/** + * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object + * @param {Object} options + * @param {String} options.cleartextMessage - Text to be parsed + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} New cleartext message object. + * @async + * @static + */ +async function readCleartextMessage({ cleartextMessage, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; + if (!cleartextMessage) { + throw new Error('readCleartextMessage: must pass options object containing `cleartextMessage`'); + } + if (!util.isString(cleartextMessage)) { + throw new Error('readCleartextMessage: options.cleartextMessage must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) { - res.isub(this.m); - } - return res; - }; + const input = await unarmor(cleartextMessage); + if (input.type !== enums.armor.signed) { + throw new Error('No cleartext signed message.'); + } + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config$1); + verifyHeaders(input.headers, packetlist); + const signature = new Signature(packetlist); + return new CleartextMessage(input.text, signature); +} - Red.prototype.sub = function sub (a, b) { - this._verify2(a, b); +/** + * Compare hash algorithm specified in the armor header with signatures + * @param {Array} headers - Armor headers + * @param {PacketList} packetlist - The packetlist with signature packets + * @private + */ +function verifyHeaders(headers, packetlist) { + const checkHashAlgos = function(hashAlgos) { + const check = packet => algo => packet.hashAlgorithm === algo; - var res = a.sub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + for (let i = 0; i < packetlist.length; i++) { + if (packetlist[i].constructor.tag === enums.packet.signature && !hashAlgos.some(check(packetlist[i]))) { + return false; + } } - return res._forceRed(this); + return true; }; - Red.prototype.isub = function isub (a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) { - res.iadd(this.m); + const hashAlgos = []; + headers.forEach(header => { + const hashHeader = header.match(/^Hash: (.+)$/); // get header value + if (hashHeader) { + const parsedHashIDs = hashHeader[1] + .replace(/\s/g, '') // remove whitespace + .split(',') + .map(hashName => { + try { + return enums.write(enums.hash, hashName.toLowerCase()); + } catch (e) { + throw new Error('Unknown hash algorithm in armor header: ' + hashName.toLowerCase()); + } + }); + hashAlgos.push(...parsedHashIDs); + } else { + throw new Error('Only "Hash" header allowed in cleartext signed message'); } - return res; - }; - - Red.prototype.shl = function shl (a, num) { - this._verify1(a); - return this.imod(a.ushln(num)); - }; - - Red.prototype.imul = function imul (a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); - }; - - Red.prototype.mul = function mul (a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); - }; + }); - Red.prototype.isqr = function isqr (a) { - return this.imul(a, a.clone()); - }; + if (hashAlgos.length && !checkHashAlgos(hashAlgos)) { + throw new Error('Hash algorithm mismatch in armor header and signature'); + } +} - Red.prototype.sqr = function sqr (a) { - return this.mul(a, a); - }; +/** + * Creates a new CleartextMessage object from text + * @param {Object} options + * @param {String} options.text + * @static + * @async + */ +async function createCleartextMessage({ text, ...rest }) { + if (!text) { + throw new Error('createCleartextMessage: must pass options object containing `text`'); + } + if (!util.isString(text)) { + throw new Error('createCleartextMessage: options.text must be a string'); + } + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.sqrt = function sqrt (a) { - if (a.isZero()) return a.clone(); + return new CleartextMessage(text); +} - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2016 Tankred Hase +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).iushrn(2); - return this.pow(a, pow); - } - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (!q.isZero() && q.andln(1) === 0) { - s++; - q.iushrn(1); - } - assert(!q.isZero()); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).iushrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - - while (this.pow(z, lpow).cmp(nOne) !== 0) { - z.redIAdd(nOne); - } - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).iushrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) { - tmp = tmp.redSqr(); - } - assert(i < m); - var b = this.pow(c, new BN(1).iushln(m - i - 1)); - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; - } +////////////////////// +// // +// Key handling // +// // +////////////////////// - return r; - }; - Red.prototype.invm = function invm (a) { - var inv = a._invmp(this.m); - if (inv.negative !== 0) { - inv.negative = 0; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } - }; +/** + * Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys. + * By default, primary and subkeys will be of same type. + * The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated. + * @param {Object} options + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {'ecc'|'rsa'|'curve448'|'curve25519'} [options.type='ecc'] - The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys). + * Note: Curve448 and Curve25519 (new format) are not widely supported yet. + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys + * @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys: + * curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1, + * brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 + * @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Array} [options.subkeys=a single encryption subkey] - Options for each subkey e.g. `[{sign: true, passphrase: '123'}]` + * default to main key options, except for `sign` parameter that defaults to false, and indicates whether the subkey should sign rather than encrypt + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function generateKey({ userIDs = [], passphrase, type, curve, rsaBits = 4096, keyExpirationTime = 0, date = new Date(), subkeys = [{}], format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + if (!type && !curve) { + type = config$1.v6Keys ? 'curve25519' : 'ecc'; // default to new curve25519 for v6 keys (legacy curve25519 cannot be used with them) + curve = 'curve25519Legacy'; // unused with type != 'ecc' + } else { + type = type || 'ecc'; + curve = curve || 'curve25519Legacy'; + } + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Red.prototype.pow = function pow (a, num) { - if (num.isZero()) return new BN(1).toRed(this); - if (num.cmpn(1) === 0) return a.clone(); + if (userIDs.length === 0 && !config$1.v6Keys) { + throw new Error('UserIDs are required for V4 keys'); + } + if (type === 'rsa' && rsaBits < config$1.minRSABits) { + throw new Error(`rsaBits should be at least ${config$1.minRSABits}, got: ${rsaBits}`); + } - var windowSize = 4; - var wnd = new Array(1 << windowSize); - wnd[0] = new BN(1).toRed(this); - wnd[1] = a; - for (var i = 2; i < wnd.length; i++) { - wnd[i] = this.mul(wnd[i - 1], a); - } + const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; - var res = wnd[0]; - var current = 0; - var currentLen = 0; - var start = num.bitLength() % 26; - if (start === 0) { - start = 26; - } + try { + const { key, revocationCertificate } = await generate(options, config$1); + key.getKeys().forEach(({ keyPacket }) => checkKeyRequirements(keyPacket, config$1)); - for (i = num.length - 1; i >= 0; i--) { - var word = num.words[i]; - for (var j = start - 1; j >= 0; j--) { - var bit = (word >> j) & 1; - if (res !== wnd[0]) { - res = this.sqr(res); - } + return { + privateKey: formatObject(key, format, config$1), + publicKey: formatObject(key.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error generating keypair', err); + } +} - if (bit === 0 && current === 0) { - currentLen = 0; - continue; - } +/** + * Reformats signature packets for a key and rewraps key object. + * @param {Object} options + * @param {PrivateKey} options.privateKey - Private key to reformat + * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the reformatted private key. If omitted or empty, the key won't be encrypted. + * @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires + * @param {Date} [options.date] - Override the creation date of the key signatures. If the key was previously used to sign messages, it is recommended + * to set the same date as the key creation time to ensure that old message signatures will still be verifiable using the reformatted key. + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output keys + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The generated key object in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String, revocationCertificate:String } + * @async + * @static + */ +async function reformatKey({ privateKey, userIDs = [], passphrase, keyExpirationTime = 0, date, format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + userIDs = toArray(userIDs); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - current <<= 1; - current |= bit; - currentLen++; - if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; + if (userIDs.length === 0 && privateKey.keyPacket.version !== 6) { + throw new Error('UserIDs are required for V4 keys'); + } + const options = { privateKey, userIDs, passphrase, keyExpirationTime, date }; - res = this.mul(res, wnd[current]); - currentLen = 0; - current = 0; - } - start = 26; - } + try { + const { key: reformattedKey, revocationCertificate } = await reformat(options, config$1); - return res; - }; + return { + privateKey: formatObject(reformattedKey, format, config$1), + publicKey: formatObject(reformattedKey.toPublic(), format, config$1), + revocationCertificate + }; + } catch (err) { + throw util.wrapError('Error reformatting keypair', err); + } +} - Red.prototype.convertTo = function convertTo (num) { - var r = num.umod(this.m); +/** + * Revokes a key. Requires either a private key or a revocation certificate. + * If a revocation certificate is passed, the reasonForRevocation parameter will be ignored. + * @param {Object} options + * @param {Key} options.key - Public or private key to revoke + * @param {String} [options.revocationCertificate] - Revocation certificate to revoke the key with + * @param {Object} [options.reasonForRevocation] - Object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} [options.reasonForRevocation.flag=[noReason]{@link module:enums.reasonForRevocation}] - Flag indicating the reason for revocation + * @param {String} [options.reasonForRevocation.string=""] - String explaining the reason for revocation + * @param {Date} [options.date] - Use the given date instead of the current time to verify validity of revocation certificate (if provided), or as creation time of the revocation signature + * @param {'armored'|'binary'|'object'} [options.format='armored'] - format of the output key(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The revoked key in the form: + * { privateKey:PrivateKey|Uint8Array|String, publicKey:PublicKey|Uint8Array|String } if private key is passed, or + * { privateKey: null, publicKey:PublicKey|Uint8Array|String } otherwise + * @async + * @static + */ +async function revokeKey({ key, revocationCertificate, reasonForRevocation, date = new Date(), format = 'armored', config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - return r === num ? r.clone() : r; - }; + try { + const revokedKey = revocationCertificate ? + await key.applyRevocationCertificate(revocationCertificate, date, config$1) : + await key.revoke(reasonForRevocation, date, config$1); - Red.prototype.convertFrom = function convertFrom (num) { - var res = num.clone(); - res.red = null; - return res; - }; + return revokedKey.isPrivate() ? { + privateKey: formatObject(revokedKey, format, config$1), + publicKey: formatObject(revokedKey.toPublic(), format, config$1) + } : { + privateKey: null, + publicKey: formatObject(revokedKey, format, config$1) + }; + } catch (err) { + throw util.wrapError('Error revoking key', err); + } +} - // - // Montgomery method engine - // +/** + * Unlock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to decrypt + * @param {String|Array} options.passphrase - The user's passphrase(s) + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The unlocked key object. + * @async + */ +async function decryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - BN.mont = function mont (num) { - return new Mont(num); - }; + if (!privateKey.isPrivate()) { + throw new Error('Cannot decrypt a public key'); + } + const clonedPrivateKey = privateKey.clone(true); + const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; - function Mont (m) { - Red.call(this, m); + try { + await Promise.all(clonedPrivateKey.getKeys().map(key => ( + // try to decrypt each key with any of the given passphrases + util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) + ))); - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) { - this.shift += 26 - (this.shift % 26); - } + await clonedPrivateKey.validate(config$1); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error decrypting private key', err); + } +} - this.r = new BN(1).iushln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); +/** + * Lock a private key with the given passphrase. + * This method does not change the original key. + * @param {Object} options + * @param {PrivateKey} options.privateKey - The private key to encrypt + * @param {String|Array} options.passphrase - If multiple passphrases, they should be in the same order as the packets each should encrypt + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} The locked key object. + * @async + */ +async function encryptKey({ privateKey, passphrase, config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv = this.minv.umod(this.r); - this.minv = this.r.sub(this.minv); + if (!privateKey.isPrivate()) { + throw new Error('Cannot encrypt a public key'); } - inherits(Mont, Red); + const clonedPrivateKey = privateKey.clone(true); - Mont.prototype.convertTo = function convertTo (num) { - return this.imod(num.ushln(this.shift)); - }; + const keys = clonedPrivateKey.getKeys(); + const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); + if (passphrases.length !== keys.length) { + throw new Error('Invalid number of passphrases given for key encryption'); + } - Mont.prototype.convertFrom = function convertFrom (num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; - }; + try { + await Promise.all(keys.map(async (key, i) => { + const { keyPacket } = key; + await keyPacket.encrypt(passphrases[i], config$1); + keyPacket.clearPrivateParams(); + })); + return clonedPrivateKey; + } catch (err) { + clonedPrivateKey.clearPrivateParams(); + throw util.wrapError('Error encrypting private key', err); + } +} - Mont.prototype.imul = function imul (a, b) { - if (a.isZero() || b.isZero()) { - a.words[0] = 0; - a.length = 1; - return a; - } - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; +/////////////////////////////////////////// +// // +// Message encryption and decryption // +// // +/////////////////////////////////////////// - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); - } - return res._forceRed(this); - }; +/** + * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys` + * must be specified. If signing keys are specified, those will be used to sign the message. + * @param {Object} options + * @param {Message} options.message - Message to be encrypted as created by {@link createMessage} + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message + * @param {PrivateKey|PrivateKey[]} [options.signingKeys] - Private keys for signing. If omitted message will not be signed + * @param {String|String[]} [options.passwords] - Array of passwords or a single password to encrypt the message + * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Signature} [options.signature] - A detached signature to add to the encrypted message + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]` + * @param {Date} [options.date=current date] - Override the creation date of the message signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise|MaybeStream>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, format = 'armored', signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); + signingKeyIDs = toArray(signingKeyIDs); encryptionKeyIDs = toArray(encryptionKeyIDs); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs); signatureNotations = toArray(signatureNotations); + if (rest.detached) { + throw new Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well."); + } + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead'); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.encrypt, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - Mont.prototype.mul = function mul (a, b) { - if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); + if (!signingKeys) { + signingKeys = []; + } - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).iushrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) { - res = u.isub(this.m); - } else if (u.cmpn(0) < 0) { - res = u.iadd(this.m); + try { + if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified + message = await message.sign(signingKeys, encryptionKeys, signature, signingKeyIDs, date, signingUserIDs, encryptionKeyIDs, signatureNotations, config$1); } - - return res._forceRed(this); - }; - - Mont.prototype.invm = function invm (a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); - }; -})(module, commonjsGlobal); -}); - -var bn$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': bn, - __moduleExports: bn -}); + message = message.compress( + await getPreferredCompressionAlgo(encryptionKeys, date, encryptionUserIDs, config$1), + config$1 + ); + message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + if (format === 'object') return message; + // serialize data + const armor = format === 'armored'; + const data = armor ? message.armor(config$1) : message.write(); + return await convertStream(data); + } catch (err) { + throw util.wrapError('Error encrypting message', err); + } +} /** - * @fileoverview - * BigInteger implementation of basic operations - * Wrapper of bn.js library (wwww.github.com/indutny/bn.js) - * @module biginteger/bn - * @private + * Decrypts a message with the user's private key, a session key or a password. + * One of `decryptionKeys`, `sessionkeys` or `passwords` must be specified (passing a combination of these options is not supported). + * @param {Object} options + * @param {Message} options.message - The message object with the encrypted data + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data or session key + * @param {String|String[]} [options.passwords] - Passwords to decrypt the message + * @param {Object|Object[]} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } + * @param {PublicKey|PublicKey[]} [options.verificationKeys] - Array of public keys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing decrypted and verified message in the form: + * + * { + * data: MaybeStream, (if format was 'utf8', the default) + * data: MaybeStream, (if format was 'binary') + * filename: String, + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static */ +async function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead'); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); -/** - * @private - */ -class BigInteger$1 { - /** - * Get a BigInteger (input must be big endian for strings and arrays) - * @param {Number|String|Uint8Array} n - Value to convert - * @throws {Error} on undefined input - */ - constructor(n) { - if (n === undefined) { - throw new Error('Invalid BigInteger input'); + try { + const decrypted = await message.decrypt(decryptionKeys, passwords, sessionKeys, date, config$1); + if (!verificationKeys) { + verificationKeys = []; } - this.value = new bn(n); + const result = {}; + result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config$1) : await decrypted.verify(verificationKeys, date, config$1); + result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); + result.filename = decrypted.getFilename(); + linkStreams(result, message); + if (expectSigned) { + if (verificationKeys.length === 0) { + throw new Error('Verification keys are required to verify message signatures'); + } + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error decrypting message', err); } +} - clone() { - const clone = new BigInteger$1(null); - this.value.copy(clone.value); - return clone; - } - /** - * BigInteger increment in place - */ - iinc() { - this.value.iadd(new bn(1)); - return this; - } +////////////////////////////////////////// +// // +// Message signing and verification // +// // +////////////////////////////////////////// - /** - * BigInteger increment - * @returns {BigInteger} this + 1. - */ - inc() { - return this.clone().iinc(); - } - /** - * BigInteger decrement in place - */ - idec() { - this.value.isub(new bn(1)); - return this; - } +/** + * Signs a message. + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed + * @param {PrivateKey|PrivateKey[]} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext + * @param {Key|Key[]} options.recipientKeys - Array of keys or single to get the signing preferences from + * @param {'armored'|'binary'|'object'} [options.format='armored'] - Format of the returned message + * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature + * @param {KeyID|KeyID[]} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i] + * @param {Date} [options.date=current date] - Override the creation date of the signature + * @param {Object|Object[]} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]` + * @param {Object|Object[]} [options.recipientUserIDs=primary user IDs] - Array of user IDs to get the signing preferences from, one per key in `recipientKeys` + * @param {Object|Object[]} [options.signatureNotations=[]] - Array of notations to add to the signatures, e.g. `[{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function sign({ message, signingKeys, recipientKeys = [], format = 'armored', detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], recipientUserIDs = [], signatureNotations = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); checkOutputMessageFormat(format); + signingKeys = toArray(signingKeys); signingKeyIDs = toArray(signingKeyIDs); signingUserIDs = toArray(signingUserIDs); recipientKeys = toArray(recipientKeys); recipientUserIDs = toArray(recipientUserIDs); signatureNotations = toArray(signatureNotations); - /** - * BigInteger decrement - * @returns {BigInteger} this - 1. - */ - dec() { - return this.clone().idec(); - } + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead'); + if (rest.armor !== undefined) throw new Error('The `armor` option has been removed from openpgp.sign, pass `format` instead.'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); + if (message instanceof CleartextMessage && format === 'binary') throw new Error('Cannot return signed cleartext message in binary format'); + if (message instanceof CleartextMessage && detached) throw new Error('Cannot detach-sign a cleartext message'); - /** - * BigInteger addition in place - * @param {BigInteger} x - Value to add - */ - iadd(x) { - this.value.iadd(x.value); - return this; + if (!signingKeys || signingKeys.length === 0) { + throw new Error('No signing keys provided'); } - /** - * BigInteger addition - * @param {BigInteger} x - Value to add - * @returns {BigInteger} this + x. - */ - add(x) { - return this.clone().iadd(x); - } + try { + let signature; + if (detached) { + signature = await message.signDetached(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } else { + signature = await message.sign(signingKeys, recipientKeys, undefined, signingKeyIDs, date, signingUserIDs, recipientUserIDs, signatureNotations, config$1); + } + if (format === 'object') return signature; - /** - * BigInteger subtraction in place - * @param {BigInteger} x - Value to subtract - */ - isub(x) { - this.value.isub(x.value); - return this; + const armor = format === 'armored'; + signature = armor ? signature.armor(config$1) : signature.write(); + if (detached) { + signature = transformPair(message.packets.write(), async (readable, writable) => { + await Promise.all([ + pipe(signature, writable), + readToEnd(readable).catch(() => {}) + ]); + }); + } + return await convertStream(signature); + } catch (err) { + throw util.wrapError('Error signing message', err); } +} - /** - * BigInteger subtraction - * @param {BigInteger} x - Value to subtract - * @returns {BigInteger} this - x. - */ - sub(x) { - return this.clone().isub(x); - } +/** + * Verifies signatures of cleartext signed message + * @param {Object} options + * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures + * @param {PublicKey|PublicKey[]} options.verificationKeys - Array of publicKeys or single key, to verify signatures + * @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys + * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. + * @param {Signature} [options.signature] - Detached signature for verification + * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Object containing verified message in the form: + * + * { + * data: MaybeStream, (if `message` was a CleartextMessage) + * data: MaybeStream, (if `message` was a Message) + * signatures: [ + * { + * keyID: module:type/keyid~KeyID, + * verified: Promise, + * signature: Promise + * }, ... + * ] + * } + * + * where `signatures` contains a separate entry for each signature packet found in the input message. + * @async + * @static + */ +async function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkCleartextOrMessage(message); verificationKeys = toArray(verificationKeys); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * BigInteger multiplication in place - * @param {BigInteger} x - Value to multiply - */ - imul(x) { - this.value.imul(x.value); - return this; - } + if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); + if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature"); - /** - * BigInteger multiplication - * @param {BigInteger} x - Value to multiply - * @returns {BigInteger} this * x. - */ - mul(x) { - return this.clone().imul(x); + try { + const result = {}; + if (signature) { + result.signatures = await message.verifyDetached(signature, verificationKeys, date, config$1); + } else { + result.signatures = await message.verify(verificationKeys, date, config$1); + } + result.data = format === 'binary' ? message.getLiteralData() : message.getText(); + if (message.fromStream && !signature) linkStreams(result, message); + if (expectSigned) { + if (result.signatures.length === 0) { + throw new Error('Message is not signed'); + } + result.data = concat([ + result.data, + fromAsync(async () => { + await util.anyPromise(result.signatures.map(sig => sig.verified)); + }) + ]); + } + result.data = await convertStream(result.data); + return result; + } catch (err) { + throw util.wrapError('Error verifying signed message', err); } +} - /** - * Compute value modulo m, in place - * @param {BigInteger} m - Modulo - */ - imod(m) { - this.value = this.value.umod(m.value); - return this; - } - /** - * Compute value modulo m - * @param {BigInteger} m - Modulo - * @returns {BigInteger} this mod m. - */ - mod(m) { - return this.clone().imod(m); - } +/////////////////////////////////////////////// +// // +// Session key encryption and decryption // +// // +/////////////////////////////////////////////// - /** - * Compute modular exponentiation - * Much faster than this.exp(e).mod(n) - * @param {BigInteger} e - Exponent - * @param {BigInteger} n - Modulo - * @returns {BigInteger} this ** e mod n. - */ - modExp(e, n) { - // We use either Montgomery or normal reduction context - // Montgomery requires coprime n and R (montogmery multiplier) - // bn.js picks R as power of 2, so n must be odd - const nred = n.isEven() ? bn.red(n.value) : bn.mont(n.value); - const x = this.clone(); - x.value = x.value.toRed(nred).redPow(e.value).fromRed(); - return x; - } +/** + * Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any. + * @param {Object} options + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key used to select algorithm preferences for. If no keys are given, the algorithm will be [config.preferredSymmetricAlgorithm]{@link module:config.preferredSymmetricAlgorithm} + * @param {Date} [options.date=current date] - Date to select algorithm preferences at + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm. + * @async + * @static + */ +async function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Compute the inverse of this value modulo n - * Note: this and and n must be relatively prime - * @param {BigInteger} n - Modulo - * @returns {BigInteger} x such that this*x = 1 mod n - * @throws {Error} if the inverse does not exist - */ - modInv(n) { - // invm returns a wrong result if the inverse does not exist - if (!this.gcd(n).isOne()) { - throw new Error('Inverse does not exist'); - } - return new BigInteger$1(this.value.invm(n.value)); + try { + const sessionKeys = await Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error generating session key', err); } +} - /** - * Compute greatest common divisor between this and n - * @param {BigInteger} n - Operand - * @returns {BigInteger} gcd - */ - gcd(n) { - return new BigInteger$1(this.value.gcd(n.value)); - } +/** + * Encrypt a symmetric session key with public keys, passwords, or both at once. + * At least one of `encryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128) + * @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256' + * @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb' + * @param {PublicKey|PublicKey[]} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key + * @param {String|String[]} [options.passwords] - Passwords for the message + * @param {'armored'|'binary'} [options.format='armored'] - Format of the returned value + * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs + * @param {KeyID|KeyID[]} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i] + * @param {Date} [options.date=current date] - Override the date + * @param {Object|Object[]} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]` + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false). + * @async + * @static + */ +async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, format = 'armored', wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkBinary(data); checkString(algorithm, 'algorithm'); checkOutputMessageFormat(format); + encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionKeyIDs = toArray(encryptionKeyIDs); encryptionUserIDs = toArray(encryptionUserIDs); + if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the left by x, in place - * @param {BigInteger} x - Shift value - */ - ileftShift(x) { - this.value.ishln(x.value.toNumber()); - return this; + if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) { + throw new Error('No encryption keys or passwords provided.'); } - /** - * Shift this to the left by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this << x. - */ - leftShift(x) { - return this.clone().ileftShift(x); + try { + const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config$1); + return formatObject(message, format, config$1); + } catch (err) { + throw util.wrapError('Error encrypting session key', err); } +} - /** - * Shift this to the right by x, in place - * @param {BigInteger} x - Shift value - */ - irightShift(x) { - this.value.ishrn(x.value.toNumber()); - return this; - } +/** + * Decrypt symmetric session keys using private keys or passwords (not both). + * One of `decryptionKeys` or `passwords` must be specified. + * @param {Object} options + * @param {Message} options.message - A message object containing the encrypted session key packets + * @param {PrivateKey|PrivateKey[]} [options.decryptionKeys] - Private keys with decrypted secret key data + * @param {String|String[]} [options.passwords] - Passwords to decrypt the session key + * @param {Date} [options.date] - Date to use for key verification instead of the current time + * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} + * @returns {Promise} Array of decrypted session key, algorithm pairs in the form: + * { data:Uint8Array, algorithm:String } + * @throws if no session key could be found or decrypted + * @async + * @static + */ +async function decryptSessionKeys({ message, decryptionKeys, passwords, date = new Date(), config: config$1, ...rest }) { + config$1 = { ...config, ...config$1 }; checkConfig(config$1); + checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); + if (rest.privateKeys) throw new Error('The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead'); + const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`); - /** - * Shift this to the right by x - * @param {BigInteger} x - Shift value - * @returns {BigInteger} this >> x. - */ - rightShift(x) { - return this.clone().irightShift(x); + try { + const sessionKeys = await message.decryptSessionKeys(decryptionKeys, passwords, undefined, date, config$1); + return sessionKeys; + } catch (err) { + throw util.wrapError('Error decrypting session keys', err); } +} - /** - * Whether this value is equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - equal(x) { - return this.value.eq(x.value); - } - /** - * Whether this value is less than x - * @param {BigInteger} x - * @returns {Boolean} - */ - lt(x) { - return this.value.lt(x.value); - } +////////////////////////// +// // +// Helper functions // +// // +////////////////////////// - /** - * Whether this value is less than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - lte(x) { - return this.value.lte(x.value); - } - /** - * Whether this value is greater than x - * @param {BigInteger} x - * @returns {Boolean} - */ - gt(x) { - return this.value.gt(x.value); +/** + * Input validation + * @private + */ +function checkString(data, name) { + if (!util.isString(data)) { + throw new Error('Parameter [' + (name) + '] must be of type String'); } - - /** - * Whether this value is greater than or equal to x - * @param {BigInteger} x - * @returns {Boolean} - */ - gte(x) { - return this.value.gte(x.value); +} +function checkBinary(data, name) { + if (!util.isUint8Array(data)) { + throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array'); } - - isZero() { - return this.value.isZero(); +} +function checkMessage(message) { + if (!(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message'); } - - isOne() { - return this.value.eq(new bn(1)); +} +function checkCleartextOrMessage(message) { + if (!(message instanceof CleartextMessage) && !(message instanceof Message)) { + throw new Error('Parameter [message] needs to be of type Message or CleartextMessage'); } - - isNegative() { - return this.value.isNeg(); +} +function checkOutputMessageFormat(format) { + if (format !== 'armored' && format !== 'binary' && format !== 'object') { + throw new Error(`Unsupported format ${format}`); } - - isEven() { - return this.value.isEven(); +} +const defaultConfigPropsCount = Object.keys(config).length; +function checkConfig(config$1) { + const inputConfigProps = Object.keys(config$1); + if (inputConfigProps.length !== defaultConfigPropsCount) { + for (const inputProp of inputConfigProps) { + if (config[inputProp] === undefined) { + throw new Error(`Unknown config property: ${inputProp}`); + } + } } +} - abs() { - const res = this.clone(); - res.value = res.value.abs(); - return res; +/** + * Normalize parameter to an array if it is not undefined. + * @param {Object} param - the parameter to be normalized + * @returns {Array|undefined} The resulting array or undefined. + * @private + */ +function toArray(param) { + if (param && !util.isArray(param)) { + param = [param]; } + return param; +} - /** - * Get this value as a string - * @returns {String} this value. - */ - toString() { - return this.value.toString(); +/** + * Convert data to or from Stream + * @param {Object} data - the data to convert + * @returns {Promise} The data in the respective format. + * @async + * @private + */ +async function convertStream(data) { + const streamType = util.isStream(data); + if (streamType === 'array') { + return readToEnd(data); } + return data; +} - /** - * Get this value as an exact Number (max 53 bits) - * Fails if this value is too large - * @returns {Number} - */ - toNumber() { - return this.value.toNumber(); - } +/** + * Link result.data to the message stream for cancellation. + * Also, forward errors in the message to result.data. + * @param {Object} result - the data to convert + * @param {Message} message - message object + * @returns {Object} + * @private + */ +function linkStreams(result, message) { + result.data = transformPair(message.packets.stream, async (readable, writable) => { + await pipe(result.data, writable, { + preventClose: true + }); + const writer = getWriter(writable); + try { + // Forward errors in the message stream to result.data. + await readToEnd(readable, _ => _); + await writer.close(); + } catch (e) { + await writer.abort(e); + } + }); +} - /** - * Get value of i-th bit - * @param {Number} i - Bit index - * @returns {Number} Bit value. - */ - getBit(i) { - return this.value.testn(i) ? 1 : 0; +/** + * Convert the object to the given format + * @param {Key|Message} object + * @param {'armored'|'binary'|'object'} format + * @param {Object} config - Full configuration + * @returns {String|Uint8Array|Object} + */ +function formatObject(object, format, config) { + switch (format) { + case 'object': + return object; + case 'armored': + return object.armor(config); + case 'binary': + return object.write(); + default: + throw new Error(`Unsupported format ${format}`); } +} - /** - * Compute bit length - * @returns {Number} Bit length. - */ - bitLength() { - return this.value.bitLength(); - } +function number(n) { + if (!Number.isSafeInteger(n) || n < 0) + throw new Error(`positive integer expected, not ${n}`); +} +// copied from utils +function isBytes$1(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function bytes(b, ...lengths) { + if (!isBytes$1(b)) + throw new Error('Uint8Array expected'); + if (lengths.length > 0 && !lengths.includes(b.length)) + throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function hash(h) { + if (typeof h !== 'function' || typeof h.create !== 'function') + throw new Error('Hash should be wrapped by utils.wrapConstructor'); + number(h.outputLen); + number(h.blockLen); +} +function exists(instance, checkFinished = true) { + if (instance.destroyed) + throw new Error('Hash instance has been destroyed'); + if (checkFinished && instance.finished) + throw new Error('Hash#digest() has already been called'); +} +function output(out, instance) { + bytes(out); + const min = instance.outputLen; + if (out.length < min) { + throw new Error(`digestInto() expects output buffer of length at least ${min}`); + } +} + +const crypto$1 = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined; + +/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+. +// node.js versions earlier than v19 don't declare it in global scope. +// For node.js, package.json#exports field mapping rewrites import +// from `crypto` to `cryptoNode`, which imports native module. +// Makes the utils un-importable in browsers without a bundler. +// Once node.js 18 is deprecated (2025-04-30), we can just drop the import. +const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4)); +// Cast array to view +const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength); +// The rotate right (circular right shift) operation for uint32 +const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift); +// The rotate left (circular left shift) operation for uint32 +const rotl = (word, shift) => (word << shift) | ((word >>> (32 - shift)) >>> 0); +const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44; +// The byte swap operation for uint32 +const byteSwap = (word) => ((word << 24) & 0xff000000) | + ((word << 8) & 0xff0000) | + ((word >>> 8) & 0xff00) | + ((word >>> 24) & 0xff); +// In place byte swap for Uint32Array +function byteSwap32(arr) { + for (let i = 0; i < arr.length; i++) { + arr[i] = byteSwap(arr[i]); + } +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes$1(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +/** + * Normalizes (non-hex) string or Uint8Array to Uint8Array. + * Warning: when Uint8Array is passed, it would NOT get copied. + * Keep in mind for future mutable operations. + */ +function toBytes(data) { + if (typeof data === 'string') + data = utf8ToBytes$1(data); + bytes(data); + return data; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes$1(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + bytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// For runtime check if class implements interface +class Hash { + // Safe version that clones internal state + clone() { + return this._cloneInto(); + } +} +function wrapConstructor(hashCons) { + const hashC = (msg) => hashCons().update(toBytes(msg)).digest(); + const tmp = hashCons(); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = () => hashCons(); + return hashC; +} +function wrapXOFConstructorWithOpts(hashCons) { + const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest(); + const tmp = hashCons({}); + hashC.outputLen = tmp.outputLen; + hashC.blockLen = tmp.blockLen; + hashC.create = (opts) => hashCons(opts); + return hashC; +} +/** + * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS. + */ +function randomBytes(bytesLength = 32) { + if (crypto$1 && typeof crypto$1.getRandomValues === 'function') { + return crypto$1.getRandomValues(new Uint8Array(bytesLength)); + } + // Legacy Node.js compatibility + if (crypto$1 && typeof crypto$1.randomBytes === 'function') { + return crypto$1.randomBytes(bytesLength); + } + throw new Error('crypto.getRandomValues must be defined'); +} - /** - * Compute byte length - * @returns {Number} Byte length. - */ - byteLength() { - return this.value.byteLength(); - } +/** + * Polyfill for Safari 14 + */ +function setBigUint64(view, byteOffset, value, isLE) { + if (typeof view.setBigUint64 === 'function') + return view.setBigUint64(byteOffset, value, isLE); + const _32n = BigInt(32); + const _u32_max = BigInt(0xffffffff); + const wh = Number((value >> _32n) & _u32_max); + const wl = Number(value & _u32_max); + const h = isLE ? 4 : 0; + const l = isLE ? 0 : 4; + view.setUint32(byteOffset + h, wh, isLE); + view.setUint32(byteOffset + l, wl, isLE); +} +/** + * Choice: a ? b : c + */ +const Chi = (a, b, c) => (a & b) ^ (~a & c); +/** + * Majority function, true if any two inputs is true + */ +const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c); +/** + * Merkle-Damgard hash construction base class. + * Could be used to create MD5, RIPEMD, SHA1, SHA2. + */ +class HashMD extends Hash { + constructor(blockLen, outputLen, padOffset, isLE) { + super(); + this.blockLen = blockLen; + this.outputLen = outputLen; + this.padOffset = padOffset; + this.isLE = isLE; + this.finished = false; + this.length = 0; + this.pos = 0; + this.destroyed = false; + this.buffer = new Uint8Array(blockLen); + this.view = createView(this.buffer); + } + update(data) { + exists(this); + const { view, buffer, blockLen } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + // Fast path: we have at least one block in input, cast it to view and process + if (take === blockLen) { + const dataView = createView(data); + for (; blockLen <= len - pos; pos += blockLen) + this.process(dataView, pos); + continue; + } + buffer.set(data.subarray(pos, pos + take), this.pos); + this.pos += take; + pos += take; + if (this.pos === blockLen) { + this.process(view, 0); + this.pos = 0; + } + } + this.length += data.length; + this.roundClean(); + return this; + } + digestInto(out) { + exists(this); + output(out, this); + this.finished = true; + // Padding + // We can avoid allocation of buffer for padding completely if it + // was previously not allocated here. But it won't change performance. + const { buffer, view, blockLen, isLE } = this; + let { pos } = this; + // append the bit '1' to the message + buffer[pos++] = 0b10000000; + this.buffer.subarray(pos).fill(0); + // we have less than padOffset left in buffer, so we cannot put length in + // current block, need process it and pad again + if (this.padOffset > blockLen - pos) { + this.process(view, 0); + pos = 0; + } + // Pad until full block byte with zeros + for (let i = pos; i < blockLen; i++) + buffer[i] = 0; + // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that + // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen. + // So we just write lowest 64 bits of that value. + setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE); + this.process(view, 0); + const oview = createView(out); + const len = this.outputLen; + // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT + if (len % 4) + throw new Error('_sha2: outputLen should be aligned to 32bit'); + const outLen = len / 4; + const state = this.get(); + if (outLen > state.length) + throw new Error('_sha2: outputLen bigger than state'); + for (let i = 0; i < outLen; i++) + oview.setUint32(4 * i, state[i], isLE); + } + digest() { + const { buffer, outputLen } = this; + this.digestInto(buffer); + const res = buffer.slice(0, outputLen); + this.destroy(); + return res; + } + _cloneInto(to) { + to || (to = new this.constructor()); + to.set(...this.get()); + const { blockLen, buffer, length, finished, destroyed, pos } = this; + to.length = length; + to.pos = pos; + to.finished = finished; + to.destroyed = destroyed; + if (length % blockLen) + to.buffer.set(buffer); + return to; + } +} + +// SHA2-256 need to try 2^128 hashes to execute birthday attack. +// BTC network is doing 2^67 hashes/sec as per early 2023. +// Round constants: +// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) +// prettier-ignore +const SHA256_K = /* @__PURE__ */ new Uint32Array([ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +]); +// Initial state: +// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19 +// prettier-ignore +const SHA256_IV = /* @__PURE__ */ new Uint32Array([ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA256_W = /* @__PURE__ */ new Uint32Array(64); +class SHA256 extends HashMD { + constructor() { + super(64, 32, 8, false); + // We cannot use array here since array allows indexing by variable + // which means optimizer/compiler cannot use registers. + this.A = SHA256_IV[0] | 0; + this.B = SHA256_IV[1] | 0; + this.C = SHA256_IV[2] | 0; + this.D = SHA256_IV[3] | 0; + this.E = SHA256_IV[4] | 0; + this.F = SHA256_IV[5] | 0; + this.G = SHA256_IV[6] | 0; + this.H = SHA256_IV[7] | 0; + } + get() { + const { A, B, C, D, E, F, G, H } = this; + return [A, B, C, D, E, F, G, H]; + } + // prettier-ignore + set(A, B, C, D, E, F, G, H) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + this.F = F | 0; + this.G = G | 0; + this.H = H | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) + SHA256_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 64; i++) { + const W15 = SHA256_W[i - 15]; + const W2 = SHA256_W[i - 2]; + const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3); + const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10); + SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0; + } + // Compression function main loop, 64 rounds + let { A, B, C, D, E, F, G, H } = this; + for (let i = 0; i < 64; i++) { + const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25); + const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22); + const T2 = (sigma0 + Maj(A, B, C)) | 0; + H = G; + G = F; + F = E; + E = (D + T1) | 0; + D = C; + C = B; + B = A; + A = (T1 + T2) | 0; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + F = (F + this.F) | 0; + G = (G + this.G) | 0; + H = (H + this.H) | 0; + this.set(A, B, C, D, E, F, G, H); + } + roundClean() { + SHA256_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +// Constants from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf +class SHA224 extends SHA256 { + constructor() { + super(); + this.A = 0xc1059ed8 | 0; + this.B = 0x367cd507 | 0; + this.C = 0x3070dd17 | 0; + this.D = 0xf70e5939 | 0; + this.E = 0xffc00b31 | 0; + this.F = 0x68581511 | 0; + this.G = 0x64f98fa7 | 0; + this.H = 0xbefa4fa4 | 0; + this.outputLen = 28; + } +} +/** + * SHA2-256 hash function + * @param message - data that would be hashed + */ +const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256()); +/** + * SHA2-224 hash function + */ +const sha224 = /* @__PURE__ */ wrapConstructor(() => new SHA224()); - /** - * Get Uint8Array representation of this number - * @param {String} endian - Endianess of output array (defaults to 'be') - * @param {Number} length - Of output array - * @returns {Uint8Array} - */ - toUint8Array(endian = 'be', length) { - return this.value.toArrayLike(Uint8Array, endian, length); - } +// HMAC (RFC 2104) +class HMAC extends Hash { + constructor(hash$1, _key) { + super(); + this.finished = false; + this.destroyed = false; + hash(hash$1); + const key = toBytes(_key); + this.iHash = hash$1.create(); + if (typeof this.iHash.update !== 'function') + throw new Error('Expected instance of class which extends utils.Hash'); + this.blockLen = this.iHash.blockLen; + this.outputLen = this.iHash.outputLen; + const blockLen = this.blockLen; + const pad = new Uint8Array(blockLen); + // blockLen can be bigger than outputLen + pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key); + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36; + this.iHash.update(pad); + // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone + this.oHash = hash$1.create(); + // Undo internal XOR && apply outer XOR + for (let i = 0; i < pad.length; i++) + pad[i] ^= 0x36 ^ 0x5c; + this.oHash.update(pad); + pad.fill(0); + } + update(buf) { + exists(this); + this.iHash.update(buf); + return this; + } + digestInto(out) { + exists(this); + bytes(out, this.outputLen); + this.finished = true; + this.iHash.digestInto(out); + this.oHash.update(out); + this.oHash.digestInto(out); + this.destroy(); + } + digest() { + const out = new Uint8Array(this.oHash.outputLen); + this.digestInto(out); + return out; + } + _cloneInto(to) { + // Create new instance without calling constructor since key already in state and we don't know it. + to || (to = Object.create(Object.getPrototypeOf(this), {})); + const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this; + to = to; + to.finished = finished; + to.destroyed = destroyed; + to.blockLen = blockLen; + to.outputLen = outputLen; + to.oHash = oHash._cloneInto(to.oHash); + to.iHash = iHash._cloneInto(to.iHash); + return to; + } + destroy() { + this.destroyed = true; + this.oHash.destroy(); + this.iHash.destroy(); + } +} +/** + * HMAC: RFC2104 message authentication code. + * @param hash - function that would be used e.g. sha256 + * @param key - message key + * @param message - message data + * @example + * import { hmac } from '@noble/hashes/hmac'; + * import { sha256 } from '@noble/hashes/sha2'; + * const mac1 = hmac(sha256, 'key', 'message'); + */ +const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); +hmac.create = (hash, key) => new HMAC(hash, key); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// 100 lines of code in the file are duplicated from noble-hashes (utils). +// This is OK: `abstract` directory does not use noble-hashes. +// User may opt-in into using different hashing library. This way, noble-hashes +// won't be included into their bundle. +const _0n$6 = /* @__PURE__ */ BigInt(0); +const _1n$8 = /* @__PURE__ */ BigInt(1); +const _2n$5 = /* @__PURE__ */ BigInt(2); +function isBytes(a) { + return (a instanceof Uint8Array || + (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')); +} +function abytes(item) { + if (!isBytes(item)) + throw new Error('Uint8Array expected'); +} +function abool(title, value) { + if (typeof value !== 'boolean') + throw new Error(`${title} must be valid boolean, got "${value}".`); +} +// Array where index 0xf0 (240) is mapped to string 'f0' +const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); +/** + * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123' + */ +function bytesToHex(bytes) { + abytes(bytes); + // pre-caching improves the speed 6x + let hex = ''; + for (let i = 0; i < bytes.length; i++) { + hex += hexes[bytes[i]]; + } + return hex; +} +function numberToHexUnpadded(num) { + const hex = num.toString(16); + return hex.length & 1 ? `0${hex}` : hex; +} +function hexToNumber(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + // Big Endian + return BigInt(hex === '' ? '0' : `0x${hex}`); +} +// We use optimized technique to convert hex string to byte array +const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; +function asciiToBase16(char) { + if (char >= asciis._0 && char <= asciis._9) + return char - asciis._0; + if (char >= asciis._A && char <= asciis._F) + return char - (asciis._A - 10); + if (char >= asciis._a && char <= asciis._f) + return char - (asciis._a - 10); + return; +} +/** + * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23]) + */ +function hexToBytes(hex) { + if (typeof hex !== 'string') + throw new Error('hex string expected, got ' + typeof hex); + const hl = hex.length; + const al = hl / 2; + if (hl % 2) + throw new Error('padded hex string expected, got unpadded hex of length ' + hl); + const array = new Uint8Array(al); + for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) { + const n1 = asciiToBase16(hex.charCodeAt(hi)); + const n2 = asciiToBase16(hex.charCodeAt(hi + 1)); + if (n1 === undefined || n2 === undefined) { + const char = hex[hi] + hex[hi + 1]; + throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi); + } + array[ai] = n1 * 16 + n2; + } + return array; +} +// BE: Big Endian, LE: Little Endian +function bytesToNumberBE(bytes) { + return hexToNumber(bytesToHex(bytes)); +} +function bytesToNumberLE(bytes) { + abytes(bytes); + return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse())); +} +function numberToBytesBE(n, len) { + return hexToBytes(n.toString(16).padStart(len * 2, '0')); +} +function numberToBytesLE(n, len) { + return numberToBytesBE(n, len).reverse(); +} +// Unpadded, rarely used +function numberToVarBytesBE(n) { + return hexToBytes(numberToHexUnpadded(n)); +} +/** + * Takes hex string or Uint8Array, converts to Uint8Array. + * Validates output length. + * Will throw error for other types. + * @param title descriptive title for an error e.g. 'private key' + * @param hex hex string or Uint8Array + * @param expectedLength optional, will compare to result array's length + * @returns + */ +function ensureBytes(title, hex, expectedLength) { + let res; + if (typeof hex === 'string') { + try { + res = hexToBytes(hex); + } + catch (e) { + throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`); + } + } + else if (isBytes(hex)) { + // Uint8Array.from() instead of hash.slice() because node.js Buffer + // is instance of Uint8Array, and its slice() creates **mutable** copy + res = Uint8Array.from(hex); + } + else { + throw new Error(`${title} must be hex string or Uint8Array`); + } + const len = res.length; + if (typeof expectedLength === 'number' && len !== expectedLength) + throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`); + return res; +} +/** + * Copies several Uint8Arrays into one. + */ +function concatBytes(...arrays) { + let sum = 0; + for (let i = 0; i < arrays.length; i++) { + const a = arrays[i]; + abytes(a); + sum += a.length; + } + const res = new Uint8Array(sum); + for (let i = 0, pad = 0; i < arrays.length; i++) { + const a = arrays[i]; + res.set(a, pad); + pad += a.length; + } + return res; +} +// Compares 2 u8a-s in kinda constant time +function equalBytes(a, b) { + if (a.length !== b.length) + return false; + let diff = 0; + for (let i = 0; i < a.length; i++) + diff |= a[i] ^ b[i]; + return diff === 0; +} +/** + * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) + */ +function utf8ToBytes(str) { + if (typeof str !== 'string') + throw new Error(`utf8ToBytes expected string, got ${typeof str}`); + return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809 +} +// Is positive bigint +const isPosBig = (n) => typeof n === 'bigint' && _0n$6 <= n; +function inRange(n, min, max) { + return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max; +} +/** + * Asserts min <= n < max. NOTE: It's < max and not <= max. + * @example + * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n) + */ +function aInRange(title, n, min, max) { + // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)? + // consider P=256n, min=0n, max=P + // - a for min=0 would require -1: `inRange('x', x, -1n, P)` + // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)` + // - our way is the cleanest: `inRange('x', x, 0n, P) + if (!inRange(n, min, max)) + throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`); +} +// Bit operations +/** + * Calculates amount of bits in a bigint. + * Same as `n.toString(2).length` + */ +function bitLen(n) { + let len; + for (len = 0; n > _0n$6; n >>= _1n$8, len += 1) + ; + return len; +} +/** + * Gets single bit at position. + * NOTE: first bit position is 0 (same as arrays) + * Same as `!!+Array.from(n.toString(2)).reverse()[pos]` + */ +function bitGet(n, pos) { + return (n >> BigInt(pos)) & _1n$8; +} +/** + * Sets single bit at position. + */ +function bitSet(n, pos, value) { + return n | ((value ? _1n$8 : _0n$6) << BigInt(pos)); +} +/** + * Calculate mask for N bits. Not using ** operator with bigints because of old engines. + * Same as BigInt(`0b${Array(i).fill('1').join('')}`) + */ +const bitMask = (n) => (_2n$5 << BigInt(n - 1)) - _1n$8; +// DRBG +const u8n = (data) => new Uint8Array(data); // creates Uint8Array +const u8fr = (arr) => Uint8Array.from(arr); // another shortcut +/** + * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + * @returns function that will call DRBG until 2nd arg returns something meaningful + * @example + * const drbg = createHmacDRBG(32, 32, hmac); + * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined + */ +function createHmacDrbg(hashLen, qByteLen, hmacFn) { + if (typeof hashLen !== 'number' || hashLen < 2) + throw new Error('hashLen must be a number'); + if (typeof qByteLen !== 'number' || qByteLen < 2) + throw new Error('qByteLen must be a number'); + if (typeof hmacFn !== 'function') + throw new Error('hmacFn must be a function'); + // Step B, Step C: set hashLen to 8*ceil(hlen/8) + let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs. + let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same + let i = 0; // Iterations counter, will throw when over 1000 + const reset = () => { + v.fill(1); + k.fill(0); + i = 0; + }; + const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values) + const reseed = (seed = u8n()) => { + // HMAC-DRBG reseed() function. Steps D-G + k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed) + v = h(); // v = hmac(k || v) + if (seed.length === 0) + return; + k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed) + v = h(); // v = hmac(k || v) + }; + const gen = () => { + // HMAC-DRBG generate() function + if (i++ >= 1000) + throw new Error('drbg: tried 1000 values'); + let len = 0; + const out = []; + while (len < qByteLen) { + v = h(); + const sl = v.slice(); + out.push(sl); + len += v.length; + } + return concatBytes(...out); + }; + const genUntil = (seed, pred) => { + reset(); + reseed(seed); // Steps D-G + let res = undefined; // Step H: grind until k is in [1..n-1] + while (!(res = pred(gen()))) + reseed(); + reset(); + return res; + }; + return genUntil; +} +// Validating curves and fields +const validatorFns = { + bigint: (val) => typeof val === 'bigint', + function: (val) => typeof val === 'function', + boolean: (val) => typeof val === 'boolean', + string: (val) => typeof val === 'string', + stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val), + isSafeInteger: (val) => Number.isSafeInteger(val), + array: (val) => Array.isArray(val), + field: (val, object) => object.Fp.isValid(val), + hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen), +}; +// type Record = { [P in K]: T; } +function validateObject(object, validators, optValidators = {}) { + const checkField = (fieldName, type, isOptional) => { + const checkVal = validatorFns[type]; + if (typeof checkVal !== 'function') + throw new Error(`Invalid validator "${type}", expected function`); + const val = object[fieldName]; + if (isOptional && val === undefined) + return; + if (!checkVal(val, object)) { + throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`); + } + }; + for (const [fieldName, type] of Object.entries(validators)) + checkField(fieldName, type, false); + for (const [fieldName, type] of Object.entries(optValidators)) + checkField(fieldName, type, true); + return object; +} +// validate type tests +// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; +// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok! +// // Should fail type-check +// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' }); +// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' }); +// const z3 = validateObject(o, { test: 'boolean', z: 'bug' }); +// const z4 = validateObject(o, { a: 'boolean', z: 'bug' }); +/** + * throws not implemented error + */ +const notImplemented = () => { + throw new Error('not implemented'); +}; +/** + * Memoizes (caches) computation result. + * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed. + */ +function memoized(fn) { + const map = new WeakMap(); + return (arg, ...args) => { + const val = map.get(arg); + if (val !== undefined) + return val; + const computed = fn(arg, ...args); + map.set(arg, computed); + return computed; + }; } -var bn_interface = /*#__PURE__*/Object.freeze({ +var ut = /*#__PURE__*/Object.freeze({ __proto__: null, - 'default': BigInteger$1 + aInRange: aInRange, + abool: abool, + abytes: abytes, + bitGet: bitGet, + bitLen: bitLen, + bitMask: bitMask, + bitSet: bitSet, + bytesToHex: bytesToHex, + bytesToNumberBE: bytesToNumberBE, + bytesToNumberLE: bytesToNumberLE, + concatBytes: concatBytes, + createHmacDrbg: createHmacDrbg, + ensureBytes: ensureBytes, + equalBytes: equalBytes, + hexToBytes: hexToBytes, + hexToNumber: hexToNumber, + inRange: inRange, + isBytes: isBytes, + memoized: memoized, + notImplemented: notImplemented, + numberToBytesBE: numberToBytesBE, + numberToBytesLE: numberToBytesLE, + numberToHexUnpadded: numberToHexUnpadded, + numberToVarBytesBE: numberToVarBytesBE, + utf8ToBytes: utf8ToBytes, + validateObject: validateObject }); -var utils_1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Utilities for modular arithmetics and finite fields +// prettier-ignore +const _0n$5 = BigInt(0), _1n$7 = BigInt(1), _2n$4 = BigInt(2), _3n$2 = BigInt(3); +// prettier-ignore +const _4n = BigInt(4), _5n = BigInt(5), _8n$1 = BigInt(8); +// prettier-ignore +BigInt(9); BigInt(16); +// Calculates a modulo b +function mod(a, b) { + const result = a % b; + return result >= _0n$5 ? result : b + result; +} +/** + * Efficiently raise num to power and do modular division. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + * @example + * pow(2n, 6n, 11n) // 64n % 11n == 9n + */ +// TODO: use field version && remove +function pow(num, power, modulo) { + if (modulo <= _0n$5 || power < _0n$5) + throw new Error('Expected power/modulo > 0'); + if (modulo === _1n$7) + return _0n$5; + let res = _1n$7; + while (power > _0n$5) { + if (power & _1n$7) + res = (res * num) % modulo; + num = (num * num) % modulo; + power >>= _1n$7; + } return res; - } - if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } else { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); +} +// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) +function pow2(x, power, modulo) { + let res = x; + while (power-- > _0n$5) { + res *= res; + res %= modulo; } - } - return res; + return res; } -utils.toArray = toArray; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; +// Inverses number over modulo +function invert(number, modulo) { + if (number === _0n$5 || modulo <= _0n$5) { + throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`); + } + // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/ + // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower. + let a = mod(number, modulo); + let b = modulo; + // prettier-ignore + let x = _0n$5, u = _1n$7; + while (a !== _0n$5) { + // JIT applies optimization if those two lines follow each other + const q = b / a; + const r = b % a; + const m = x - u * q; + // prettier-ignore + b = a, a = r, x = u, u = m; + } + const gcd = b; + if (gcd !== _1n$7) + throw new Error('invert: does not exist'); + return mod(x, modulo); +} +/** + * Tonelli-Shanks square root search algorithm. + * 1. https://eprint.iacr.org/2012/685.pdf (page 12) + * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks + * Will start an infinite loop if field order P is not prime. + * @param P field order + * @returns function that takes field Fp (created from P) and number n + */ +function tonelliShanks(P) { + // Legendre constant: used to calculate Legendre symbol (a | p), + // which denotes the value of a^((p-1)/2) (mod p). + // (a | p) ≡ 1 if a is a square (mod p) + // (a | p) ≡ -1 if a is not a square (mod p) + // (a | p) ≡ 0 if a ≡ 0 (mod p) + const legendreC = (P - _1n$7) / _2n$4; + let Q, S, Z; + // Step 1: By factoring out powers of 2 from p - 1, + // find q and s such that p - 1 = q*(2^s) with q odd + for (Q = P - _1n$7, S = 0; Q % _2n$4 === _0n$5; Q /= _2n$4, S++) + ; + // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq + for (Z = _2n$4; Z < P && pow(Z, legendreC, P) !== P - _1n$7; Z++) + ; + // Fast-path + if (S === 1) { + const p1div4 = (P + _1n$7) / _4n; + return function tonelliFast(Fp, n) { + const root = Fp.pow(n, p1div4); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Slow-path + const Q1div2 = (Q + _1n$7) / _2n$4; + return function tonelliSlow(Fp, n) { + // Step 0: Check that n is indeed a square: (n | p) should not be ≡ -1 + if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) + throw new Error('Cannot find square root'); + let r = S; + // TODO: will fail at Fp2/etc + let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q); // will update both x and b + let x = Fp.pow(n, Q1div2); // first guess at the square root + let b = Fp.pow(n, Q); // first guess at the fudge factor + while (!Fp.eql(b, Fp.ONE)) { + if (Fp.eql(b, Fp.ZERO)) + return Fp.ZERO; // https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm (4. If t = 0, return r = 0) + // Find m such b^(2^m)==1 + let m = 1; + for (let t2 = Fp.sqr(b); m < r; m++) { + if (Fp.eql(t2, Fp.ONE)) + break; + t2 = Fp.sqr(t2); // t2 *= t2 + } + // NOTE: r-m-1 can be bigger than 32, need to convert to bigint before shift, otherwise there will be overflow + const ge = Fp.pow(g, _1n$7 << BigInt(r - m - 1)); // ge = 2^(r-m-1) + g = Fp.sqr(ge); // g = ge * ge + x = Fp.mul(x, ge); // x *= ge + b = Fp.mul(b, g); // b *= g + r = m; + } + return x; + }; +} +function FpSqrt(P) { + // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. + // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve). + // P ≡ 3 (mod 4) + // √n = n^((P+1)/4) + if (P % _4n === _3n$2) { + // Not all roots possible! + // const ORDER = + // 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn; + // const NUM = 72057594037927816n; + const p1div4 = (P + _1n$7) / _4n; + return function sqrt3mod4(Fp, n) { + const root = Fp.pow(n, p1div4); + // Throw if root**2 != n + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Atkin algorithm for q ≡ 5 (mod 8), https://eprint.iacr.org/2012/685.pdf (page 10) + if (P % _8n$1 === _5n) { + const c1 = (P - _5n) / _8n$1; + return function sqrt5mod8(Fp, n) { + const n2 = Fp.mul(n, _2n$4); + const v = Fp.pow(n2, c1); + const nv = Fp.mul(n, v); + const i = Fp.mul(Fp.mul(nv, _2n$4), v); + const root = Fp.mul(nv, Fp.sub(i, Fp.ONE)); + if (!Fp.eql(Fp.sqr(root), n)) + throw new Error('Cannot find square root'); + return root; + }; + } + // Other cases: Tonelli-Shanks algorithm + return tonelliShanks(P); +} +// prettier-ignore +const FIELD_FIELDS = [ + 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr', + 'eql', 'add', 'sub', 'mul', 'pow', 'div', + 'addN', 'subN', 'mulN', 'sqrN' +]; +function validateField(field) { + const initial = { + ORDER: 'bigint', + MASK: 'bigint', + BYTES: 'isSafeInteger', + BITS: 'isSafeInteger', + }; + const opts = FIELD_FIELDS.reduce((map, val) => { + map[val] = 'function'; + return map; + }, initial); + return validateObject(field, opts); +} +// Generic field functions +/** + * Same as `pow` but for Fp: non-constant-time. + * Unsafe in some contexts: uses ladder, so can expose bigint bits. + */ +function FpPow(f, num, power) { + // Should have same speed as pow for bigints + // TODO: benchmark! + if (power < _0n$5) + throw new Error('Expected power > 0'); + if (power === _0n$5) + return f.ONE; + if (power === _1n$7) + return num; + let p = f.ONE; + let d = num; + while (power > _0n$5) { + if (power & _1n$7) + p = f.mul(p, d); + d = f.sqr(d); + power >>= _1n$7; + } + return p; +} +/** + * Efficiently invert an array of Field elements. + * `inv(0)` will return `undefined` here: make sure to throw an error. + */ +function FpInvertBatch(f, nums) { + const tmp = new Array(nums.length); + // Walk from first to last, multiply them by each other MOD p + const lastMultiplied = nums.reduce((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = acc; + return f.mul(acc, num); + }, f.ONE); + // Invert last element + const inverted = f.inv(lastMultiplied); + // Walk from last to first, multiply them by inverted each other MOD p + nums.reduceRight((acc, num, i) => { + if (f.is0(num)) + return acc; + tmp[i] = f.mul(acc, tmp[i]); + return f.mul(acc, num); + }, inverted); + return tmp; +} +// CURVE.n lengths +function nLength(n, nBitLength) { + // Bit size, byte size of CURVE.n + const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length; + const nByteLength = Math.ceil(_nBitLength / 8); + return { nBitLength: _nBitLength, nByteLength }; +} +/** + * Initializes a finite field over prime. **Non-primes are not supported.** + * Do not init in loop: slow. Very fragile: always run a benchmark on a change. + * Major performance optimizations: + * * a) denormalized operations like mulN instead of mul + * * b) same object shape: never add or remove keys + * * c) Object.freeze + * NOTE: operations don't check 'isValid' for all elements for performance reasons, + * it is caller responsibility to check this. + * This is low-level code, please make sure you know what you doing. + * @param ORDER prime positive bigint + * @param bitLen how many bits the field consumes + * @param isLE (def: false) if encoding / decoding should be in little-endian + * @param redef optional faster redefinitions of sqrt and other methods + */ +function Field(ORDER, bitLen, isLE = false, redef = {}) { + if (ORDER <= _0n$5) + throw new Error(`Expected Field ORDER > 0, got ${ORDER}`); + const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen); + if (BYTES > 2048) + throw new Error('Field lengths over 2048 bytes are not supported'); + const sqrtP = FpSqrt(ORDER); + const f = Object.freeze({ + ORDER, + BITS, + BYTES, + MASK: bitMask(BITS), + ZERO: _0n$5, + ONE: _1n$7, + create: (num) => mod(num, ORDER), + isValid: (num) => { + if (typeof num !== 'bigint') + throw new Error(`Invalid field element: expected bigint, got ${typeof num}`); + return _0n$5 <= num && num < ORDER; // 0 is valid element, but it's not invertible + }, + is0: (num) => num === _0n$5, + isOdd: (num) => (num & _1n$7) === _1n$7, + neg: (num) => mod(-num, ORDER), + eql: (lhs, rhs) => lhs === rhs, + sqr: (num) => mod(num * num, ORDER), + add: (lhs, rhs) => mod(lhs + rhs, ORDER), + sub: (lhs, rhs) => mod(lhs - rhs, ORDER), + mul: (lhs, rhs) => mod(lhs * rhs, ORDER), + pow: (num, power) => FpPow(f, num, power), + div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), + // Same as above, but doesn't normalize + sqrN: (num) => num * num, + addN: (lhs, rhs) => lhs + rhs, + subN: (lhs, rhs) => lhs - rhs, + mulN: (lhs, rhs) => lhs * rhs, + inv: (num) => invert(num, ORDER), + sqrt: redef.sqrt || ((n) => sqrtP(f, n)), + invertBatch: (lst) => FpInvertBatch(f, lst), + // TODO: do we really need constant cmov? + // We don't have const-time bigints anyway, so probably will be not very useful + cmov: (a, b, c) => (c ? b : a), + toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)), + fromBytes: (bytes) => { + if (bytes.length !== BYTES) + throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`); + return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes); + }, + }); + return Object.freeze(f); +} +/** + * Returns total number of bytes consumed by the field element. + * For example, 32 bytes for usual 256-bit weierstrass curve. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of field + */ +function getFieldBytesLength(fieldOrder) { + if (typeof fieldOrder !== 'bigint') + throw new Error('field order must be bigint'); + const bitLength = fieldOrder.toString(2).length; + return Math.ceil(bitLength / 8); +} +/** + * Returns minimal amount of bytes that can be safely reduced + * by field order. + * Should be 2^-128 for 128-bit curve such as P256. + * @param fieldOrder number of field elements, usually CURVE.n + * @returns byte length of target hash + */ +function getMinHashLength(fieldOrder) { + const length = getFieldBytesLength(fieldOrder); + return length + Math.ceil(length / 2); +} +/** + * "Constant-time" private key generation utility. + * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF + * and convert them into private scalar, with the modulo bias being negligible. + * Needs at least 48 bytes of input for 32-byte private key. + * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/ + * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final + * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5 + * @param hash hash output from SHA3 or a similar function + * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n) + * @param isLE interpret hash bytes as LE num + * @returns valid private scalar + */ +function mapHashToField(key, fieldOrder, isLE = false) { + const len = key.length; + const fieldLen = getFieldBytesLength(fieldOrder); + const minLen = getMinHashLength(fieldOrder); + // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings. + if (len < 16 || len < minLen || len > 1024) + throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`); + const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key); + // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0 + const reduced = mod(num, fieldOrder - _1n$7) + _1n$7; + return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Abelian group utilities +const _0n$4 = BigInt(0); +const _1n$6 = BigInt(1); +// Since points in different groups cannot be equal (different object constructor), +// we can have single place to store precomputes +const pointPrecomputes = new WeakMap(); +const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside) +// Elliptic curve multiplication of Point by scalar. Fragile. +// Scalars should always be less than curve order: this should be checked inside of a curve itself. +// Creates precomputation tables for fast multiplication: +// - private scalar is split by fixed size windows of W bits +// - every window point is collected from window's table & added to accumulator +// - since windows are different, same point inside tables won't be accessed more than once per calc +// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar) +// - +1 window is neccessary for wNAF +// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication +// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow +// windows to be in different memory locations +function wNAF(c, bits) { + const constTimeNegate = (condition, item) => { + const neg = item.negate(); + return condition ? neg : item; + }; + const validateW = (W) => { + if (!Number.isSafeInteger(W) || W <= 0 || W > bits) + throw new Error(`Wrong window size=${W}, should be [1..${bits}]`); + }; + const opts = (W) => { + validateW(W); + const windows = Math.ceil(bits / W) + 1; // +1, because + const windowSize = 2 ** (W - 1); // -1 because we skip zero + return { windows, windowSize }; + }; + return { + constTimeNegate, + // non-const time multiplication ladder + unsafeLadder(elm, n) { + let p = c.ZERO; + let d = elm; + while (n > _0n$4) { + if (n & _1n$6) + p = p.add(d); + d = d.double(); + n >>= _1n$6; + } + return p; + }, + /** + * Creates a wNAF precomputation window. Used for caching. + * Default window size is set by `utils.precompute()` and is equal to 8. + * Number of precomputed points depends on the curve size: + * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: + * - 𝑊 is the window size + * - 𝑛 is the bitlength of the curve order. + * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. + * @returns precomputed point tables flattened to a single array + */ + precomputeWindow(elm, W) { + const { windows, windowSize } = opts(W); + const points = []; + let p = elm; + let base = p; + for (let window = 0; window < windows; window++) { + base = p; + points.push(base); + // =1, because we skip zero + for (let i = 1; i < windowSize; i++) { + base = base.add(p); + points.push(base); + } + p = base.double(); + } + return points; + }, + /** + * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. + * @param W window size + * @param precomputes precomputed tables + * @param n scalar (we don't check here, but should be less than curve order) + * @returns real and fake (for const-time) points + */ + wNAF(W, precomputes, n) { + // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise + // But need to carefully remove other checks before wNAF. ORDER == bits here + const { windows, windowSize } = opts(W); + let p = c.ZERO; + let f = c.BASE; + const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc. + const maxNumber = 2 ** W; + const shiftBy = BigInt(W); + for (let window = 0; window < windows; window++) { + const offset = window * windowSize; + // Extract W bits. + let wbits = Number(n & mask); + // Shift number by W bits. + n >>= shiftBy; + // If the bits are bigger than max size, we'll split those. + // +224 => 256 - 32 + if (wbits > windowSize) { + wbits -= maxNumber; + n += _1n$6; + } + // This code was first written with assumption that 'f' and 'p' will never be infinity point: + // since each addition is multiplied by 2 ** W, it cannot cancel each other. However, + // there is negate now: it is possible that negated element from low value + // would be the same as high element, which will create carry into next window. + // It's not obvious how this can fail, but still worth investigating later. + // Check if we're onto Zero point. + // Add random point inside current window to f. + const offset1 = offset; + const offset2 = offset + Math.abs(wbits) - 1; // -1 because we skip zero + const cond1 = window % 2 !== 0; + const cond2 = wbits < 0; + if (wbits === 0) { + // The most important part for const-time getPublicKey + f = f.add(constTimeNegate(cond1, precomputes[offset1])); + } + else { + p = p.add(constTimeNegate(cond2, precomputes[offset2])); + } + } + // JIT-compiler should not eliminate f here, since it will later be used in normalizeZ() + // Even if the variable is still unused, there are some checks which will + // throw an exception, so compiler needs to prove they won't happen, which is hard. + // At this point there is a way to F be infinity-point even if p is not, + // which makes it less const-time: around 1 bigint multiply. + return { p, f }; + }, + wNAFCached(P, n, transform) { + const W = pointWindowSizes.get(P) || 1; + // Calculate precomputes on a first run, reuse them after + let comp = pointPrecomputes.get(P); + if (!comp) { + comp = this.precomputeWindow(P, W); + if (W !== 1) + pointPrecomputes.set(P, transform(comp)); + } + return this.wNAF(W, comp, n); + }, + // We calculate precomputes for elliptic curve point multiplication + // using windowed method. This specifies window size and + // stores precomputed values. Usually only base point would be precomputed. + setWindowSize(P, W) { + validateW(W); + pointWindowSizes.set(P, W); + pointPrecomputes.delete(P); + }, + }; +} +/** + * Pippenger algorithm for multi-scalar multiplication (MSM). + * MSM is basically (Pa + Qb + Rc + ...). + * 30x faster vs naive addition on L=4096, 10x faster with precomputes. + * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL. + * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0. + * @param c Curve Point constructor + * @param field field over CURVE.N - important that it's not over CURVE.P + * @param points array of L curve points + * @param scalars array of L scalars (aka private keys / bigints) + */ +function pippenger(c, field, points, scalars) { + // If we split scalars by some window (let's say 8 bits), every chunk will only + // take 256 buckets even if there are 4096 scalars, also re-uses double. + // TODO: + // - https://eprint.iacr.org/2024/750.pdf + // - https://tches.iacr.org/index.php/TCHES/article/view/10287 + // 0 is accepted in scalars + if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length) + throw new Error('arrays of points and scalars must have equal length'); + scalars.forEach((s, i) => { + if (!field.isValid(s)) + throw new Error(`wrong scalar at index ${i}`); + }); + points.forEach((p, i) => { + if (!(p instanceof c)) + throw new Error(`wrong point at index ${i}`); + }); + const wbits = bitLen(BigInt(points.length)); + const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits + const MASK = (1 << windowSize) - 1; + const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array + const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize; + let sum = c.ZERO; + for (let i = lastBits; i >= 0; i -= windowSize) { + buckets.fill(c.ZERO); + for (let j = 0; j < scalars.length; j++) { + const scalar = scalars[j]; + const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK)); + buckets[wbits] = buckets[wbits].add(points[j]); + } + let resI = c.ZERO; // not using this will do small speed-up, but will lose ct + // Skip first bucket, because it is zero + for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) { + sumI = sumI.add(buckets[j]); + resI = resI.add(sumI); + } + sum = sum.add(resI); + if (i !== 0) + for (let j = 0; j < windowSize; j++) + sum = sum.double(); + } + return sum; +} +function validateBasic(curve) { + validateField(curve.Fp); + validateObject(curve, { + n: 'bigint', + h: 'bigint', + Gx: 'field', + Gy: 'field', + }, { + nBitLength: 'isSafeInteger', + nByteLength: 'isSafeInteger', + }); + // Set defaults + return Object.freeze({ + ...nLength(curve.n, curve.nBitLength), + ...curve, + ...{ p: curve.Fp.ORDER }, + }); } -utils.zero2 = zero2; -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Short Weierstrass curve. The formula is: y² = x³ + ax + b +function validateSigVerOpts(opts) { + if (opts.lowS !== undefined) + abool('lowS', opts.lowS); + if (opts.prehash !== undefined) + abool('prehash', opts.prehash); +} +function validatePointOpts(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + a: 'field', + b: 'field', + }, { + allowedPrivateKeyLengths: 'array', + wrapPrivateKey: 'boolean', + isTorsionFree: 'function', + clearCofactor: 'function', + allowInfinityPoint: 'boolean', + fromBytes: 'function', + toBytes: 'function', + }); + const { endo, Fp, a } = opts; + if (endo) { + if (!Fp.eql(a, Fp.ZERO)) { + throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0'); + } + if (typeof endo !== 'object' || + typeof endo.beta !== 'bigint' || + typeof endo.splitScalar !== 'function') { + throw new Error('Expected endomorphism with beta: bigint and splitScalar: function'); + } + } + return Object.freeze({ ...opts }); +} +const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut; +/** + * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format: + * + * [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S] + * + * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html + */ +const DER = { + // asn.1 DER encoding utils + Err: class DERErr extends Error { + constructor(m = '') { + super(m); + } + }, + // Basic building block is TLV (Tag-Length-Value) + _tlv: { + encode: (tag, data) => { + const { Err: E } = DER; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length & 1) + throw new E('tlv.encode: unpadded data'); + const dataLen = data.length / 2; + const len = numberToHexUnpadded(dataLen); + if ((len.length / 2) & 128) + throw new E('tlv.encode: long form length too big'); + // length of length with long form flag + const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : ''; + return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`; + }, + // v - value, l - left bytes (unparsed) + decode(tag, data) { + const { Err: E } = DER; + let pos = 0; + if (tag < 0 || tag > 256) + throw new E('tlv.encode: wrong tag'); + if (data.length < 2 || data[pos++] !== tag) + throw new E('tlv.decode: wrong tlv'); + const first = data[pos++]; + const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form + let length = 0; + if (!isLong) + length = first; + else { + // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)] + const lenLen = first & 127; + if (!lenLen) + throw new E('tlv.decode(long): indefinite length not supported'); + if (lenLen > 4) + throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js + const lengthBytes = data.subarray(pos, pos + lenLen); + if (lengthBytes.length !== lenLen) + throw new E('tlv.decode: length bytes not complete'); + if (lengthBytes[0] === 0) + throw new E('tlv.decode(long): zero leftmost byte'); + for (const b of lengthBytes) + length = (length << 8) | b; + pos += lenLen; + if (length < 128) + throw new E('tlv.decode(long): not minimal encoding'); + } + const v = data.subarray(pos, pos + length); + if (v.length !== length) + throw new E('tlv.decode: wrong value length'); + return { v, l: data.subarray(pos + length) }; + }, + }, + // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, + // since we always use positive integers here. It must always be empty: + // - add zero byte if exists + // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) + _int: { + encode(num) { + const { Err: E } = DER; + if (num < _0n$3) + throw new E('integer: negative integers are not allowed'); + let hex = numberToHexUnpadded(num); + // Pad with zero byte if negative flag is present + if (Number.parseInt(hex[0], 16) & 0b1000) + hex = '00' + hex; + if (hex.length & 1) + throw new E('unexpected assertion'); + return hex; + }, + decode(data) { + const { Err: E } = DER; + if (data[0] & 128) + throw new E('Invalid signature integer: negative'); + if (data[0] === 0x00 && !(data[1] & 128)) + throw new E('Invalid signature integer: unnecessary leading zero'); + return b2n(data); + }, + }, + toSig(hex) { + // parse DER signature + const { Err: E, _int: int, _tlv: tlv } = DER; + const data = typeof hex === 'string' ? h2b(hex) : hex; + abytes(data); + const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data); + if (seqLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes); + const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes); + if (sLeftBytes.length) + throw new E('Invalid signature: left bytes after parsing'); + return { r: int.decode(rBytes), s: int.decode(sBytes) }; + }, + hexFromSig(sig) { + const { _tlv: tlv, _int: int } = DER; + const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`; + return tlv.encode(0x30, seq); + }, +}; +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$3 = BigInt(0), _1n$5 = BigInt(1); BigInt(2); const _3n$1 = BigInt(3); BigInt(4); +function weierstrassPoints(opts) { + const CURVE = validatePointOpts(opts); + const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ + const Fn = Field(CURVE.n, CURVE.nBitLength); + const toBytes = CURVE.toBytes || + ((_c, point, _isCompressed) => { + const a = point.toAffine(); + return concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y)); + }); + const fromBytes = CURVE.fromBytes || + ((bytes) => { + // const head = bytes[0]; + const tail = bytes.subarray(1); + // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported'); + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + }); + /** + * y² = x³ + ax + b: Short weierstrass curve formula + * @returns y² + */ + function weierstrassEquation(x) { + const { a, b } = CURVE; + const x2 = Fp.sqr(x); // x * x + const x3 = Fp.mul(x2, x); // x2 * x + return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x3 + a * x + b + } + // Validate whether the passed curve params are valid. + // We check if curve equation works for generator point. + // `assertValidity()` won't work: `isTorsionFree()` is not available at this point in bls12-381. + // ProjectivePoint class has not been initialized yet. + if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx))) + throw new Error('bad generator point: equation left != right'); + // Valid group elements reside in range 1..n-1 + function isWithinCurveOrder(num) { + return inRange(num, _1n$5, CURVE.n); + } + // Validates if priv key is valid and converts it to bigint. + // Supports options allowedPrivateKeyLengths and wrapPrivateKey. + function normPrivateKeyToScalar(key) { + const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE; + if (lengths && typeof key !== 'bigint') { + if (isBytes(key)) + key = bytesToHex(key); + // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes + if (typeof key !== 'string' || !lengths.includes(key.length)) + throw new Error('Invalid key'); + key = key.padStart(nByteLength * 2, '0'); + } + let num; + try { + num = + typeof key === 'bigint' + ? key + : bytesToNumberBE(ensureBytes('private key', key, nByteLength)); + } + catch (error) { + throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`); + } + if (wrapPrivateKey) + num = mod(num, N); // disabled by default, enabled for BLS + aInRange('private key', num, _1n$5, N); // num in range [1..N-1] + return num; + } + function assertPrjPoint(other) { + if (!(other instanceof Point)) + throw new Error('ProjectivePoint expected'); + } + // Memoized toAffine / validity check. They are heavy. Points are immutable. + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + const toAffineMemo = memoized((p, iz) => { + const { px: x, py: y, pz: z } = p; + // Fast-path for normalized points + if (Fp.eql(z, Fp.ONE)) + return { x, y }; + const is0 = p.is0(); + // If invZ was 0, we return zero point. However we still want to execute + // all operations, so we replace invZ with a random number, 1. + if (iz == null) + iz = is0 ? Fp.ONE : Fp.inv(z); + const ax = Fp.mul(x, iz); + const ay = Fp.mul(y, iz); + const zz = Fp.mul(z, iz); + if (is0) + return { x: Fp.ZERO, y: Fp.ZERO }; + if (!Fp.eql(zz, Fp.ONE)) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + // NOTE: on exception this will crash 'cached' and no value will be set. + // Otherwise true will be return + const assertValidMemo = memoized((p) => { + if (p.is0()) { + // (0, 1, 0) aka ZERO is invalid in most contexts. + // In BLS, ZERO can be serialized, so we allow it. + // (0, 0, 0) is wrong representation of ZERO and is always invalid. + if (CURVE.allowInfinityPoint && !Fp.is0(p.py)) + return; + throw new Error('bad point: ZERO'); + } + // Some 3rd-party test vectors require different wording between here & `fromCompressedHex` + const { x, y } = p.toAffine(); + // Check if x, y are valid field elements + if (!Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('bad point: x or y not FE'); + const left = Fp.sqr(y); // y² + const right = weierstrassEquation(x); // x³ + ax + b + if (!Fp.eql(left, right)) + throw new Error('bad point: equation left != right'); + if (!p.isTorsionFree()) + throw new Error('bad point: not in prime-order subgroup'); + return true; + }); + /** + * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z) + * Default Point works in 2d / affine coordinates: (x, y) + * We're doing calculations in projective, because its operations don't require costly inversion. + */ + class Point { + constructor(px, py, pz) { + this.px = px; + this.py = py; + this.pz = pz; + if (px == null || !Fp.isValid(px)) + throw new Error('x required'); + if (py == null || !Fp.isValid(py)) + throw new Error('y required'); + if (pz == null || !Fp.isValid(pz)) + throw new Error('z required'); + Object.freeze(this); + } + // Does not validate if the point is on-curve. + // Use fromHex instead, or call assertValidity() later. + static fromAffine(p) { + const { x, y } = p || {}; + if (!p || !Fp.isValid(x) || !Fp.isValid(y)) + throw new Error('invalid affine point'); + if (p instanceof Point) + throw new Error('projective point not allowed'); + const is0 = (i) => Fp.eql(i, Fp.ZERO); + // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0) + if (is0(x) && is0(y)) + return Point.ZERO; + return new Point(x, y, Fp.ONE); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + /** + * Takes a bunch of Projective Points but executes only one + * inversion on all of them. Inversion is very slow operation, + * so this improves performance massively. + * Optimization: converts a list of projective points to a list of identical points with Z=1. + */ + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.pz)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + /** + * Converts hash string or Uint8Array to Point. + * @param hex short/long ECDSA hex + */ + static fromHex(hex) { + const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex))); + P.assertValidity(); + return P; + } + // Multiplies generator point by privateKey. + static fromPrivateKey(privateKey) { + return Point.BASE.multiply(normPrivateKeyToScalar(privateKey)); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // A point on curve is valid if it conforms to equation. + assertValidity() { + assertValidMemo(this); + } + hasEvenY() { + const { y } = this.toAffine(); + if (Fp.isOdd) + return !Fp.isOdd(y); + throw new Error("Field doesn't support isOdd"); + } + /** + * Compare one point to another. + */ + equals(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1)); + const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1)); + return U1 && U2; + } + /** + * Flips point to one corresponding to (x, -y) in Affine coordinates. + */ + negate() { + return new Point(this.px, Fp.neg(this.py), this.pz); + } + // Renes-Costello-Batina exception-free doubling formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 3 + // Cost: 8M + 3S + 3*a + 2*b3 + 15add. + double() { + const { a, b } = CURVE; + const b3 = Fp.mul(b, _3n$1); + const { px: X1, py: Y1, pz: Z1 } = this; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + let t0 = Fp.mul(X1, X1); // step 1 + let t1 = Fp.mul(Y1, Y1); + let t2 = Fp.mul(Z1, Z1); + let t3 = Fp.mul(X1, Y1); + t3 = Fp.add(t3, t3); // step 5 + Z3 = Fp.mul(X1, Z1); + Z3 = Fp.add(Z3, Z3); + X3 = Fp.mul(a, Z3); + Y3 = Fp.mul(b3, t2); + Y3 = Fp.add(X3, Y3); // step 10 + X3 = Fp.sub(t1, Y3); + Y3 = Fp.add(t1, Y3); + Y3 = Fp.mul(X3, Y3); + X3 = Fp.mul(t3, X3); + Z3 = Fp.mul(b3, Z3); // step 15 + t2 = Fp.mul(a, t2); + t3 = Fp.sub(t0, t2); + t3 = Fp.mul(a, t3); + t3 = Fp.add(t3, Z3); + Z3 = Fp.add(t0, t0); // step 20 + t0 = Fp.add(Z3, t0); + t0 = Fp.add(t0, t2); + t0 = Fp.mul(t0, t3); + Y3 = Fp.add(Y3, t0); + t2 = Fp.mul(Y1, Z1); // step 25 + t2 = Fp.add(t2, t2); + t0 = Fp.mul(t2, t3); + X3 = Fp.sub(X3, t0); + Z3 = Fp.mul(t2, t1); + Z3 = Fp.add(Z3, Z3); // step 30 + Z3 = Fp.add(Z3, Z3); + return new Point(X3, Y3, Z3); + } + // Renes-Costello-Batina exception-free addition formula. + // There is 30% faster Jacobian formula, but it is not complete. + // https://eprint.iacr.org/2015/1060, algorithm 1 + // Cost: 12M + 0S + 3*a + 3*b3 + 23add. + add(other) { + assertPrjPoint(other); + const { px: X1, py: Y1, pz: Z1 } = this; + const { px: X2, py: Y2, pz: Z2 } = other; + let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO; // prettier-ignore + const a = CURVE.a; + const b3 = Fp.mul(CURVE.b, _3n$1); + let t0 = Fp.mul(X1, X2); // step 1 + let t1 = Fp.mul(Y1, Y2); + let t2 = Fp.mul(Z1, Z2); + let t3 = Fp.add(X1, Y1); + let t4 = Fp.add(X2, Y2); // step 5 + t3 = Fp.mul(t3, t4); + t4 = Fp.add(t0, t1); + t3 = Fp.sub(t3, t4); + t4 = Fp.add(X1, Z1); + let t5 = Fp.add(X2, Z2); // step 10 + t4 = Fp.mul(t4, t5); + t5 = Fp.add(t0, t2); + t4 = Fp.sub(t4, t5); + t5 = Fp.add(Y1, Z1); + X3 = Fp.add(Y2, Z2); // step 15 + t5 = Fp.mul(t5, X3); + X3 = Fp.add(t1, t2); + t5 = Fp.sub(t5, X3); + Z3 = Fp.mul(a, t4); + X3 = Fp.mul(b3, t2); // step 20 + Z3 = Fp.add(X3, Z3); + X3 = Fp.sub(t1, Z3); + Z3 = Fp.add(t1, Z3); + Y3 = Fp.mul(X3, Z3); + t1 = Fp.add(t0, t0); // step 25 + t1 = Fp.add(t1, t0); + t2 = Fp.mul(a, t2); + t4 = Fp.mul(b3, t4); + t1 = Fp.add(t1, t2); + t2 = Fp.sub(t0, t2); // step 30 + t2 = Fp.mul(a, t2); + t4 = Fp.add(t4, t2); + t0 = Fp.mul(t1, t4); + Y3 = Fp.add(Y3, t0); + t0 = Fp.mul(t5, t4); // step 35 + X3 = Fp.mul(t3, X3); + X3 = Fp.sub(X3, t0); + t0 = Fp.mul(t3, t1); + Z3 = Fp.mul(t5, Z3); + Z3 = Fp.add(Z3, t0); // step 40 + return new Point(X3, Y3, Z3); + } + subtract(other) { + return this.add(other.negate()); + } + is0() { + return this.equals(Point.ZERO); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + /** + * Non-constant-time multiplication. Uses double-and-add algorithm. + * It's faster, but should only be used when you don't care about + * an exposed private key e.g. sig verification, which works over *public* keys. + */ + multiplyUnsafe(sc) { + aInRange('scalar', sc, _0n$3, CURVE.n); + const I = Point.ZERO; + if (sc === _0n$3) + return I; + if (sc === _1n$5) + return this; + const { endo } = CURVE; + if (!endo) + return wnaf.unsafeLadder(this, sc); + // Apply endomorphism + let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc); + let k1p = I; + let k2p = I; + let d = this; + while (k1 > _0n$3 || k2 > _0n$3) { + if (k1 & _1n$5) + k1p = k1p.add(d); + if (k2 & _1n$5) + k2p = k2p.add(d); + d = d.double(); + k1 >>= _1n$5; + k2 >>= _1n$5; + } + if (k1neg) + k1p = k1p.negate(); + if (k2neg) + k2p = k2p.negate(); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + return k1p.add(k2p); + } + /** + * Constant time multiplication. + * Uses wNAF method. Windowed method may be 10% faster, + * but takes 2x longer to generate and consumes 2x memory. + * Uses precomputes when available. + * Uses endomorphism for Koblitz curves. + * @param scalar by which the point would be multiplied + * @returns New point + */ + multiply(scalar) { + const { endo, n: N } = CURVE; + aInRange('scalar', scalar, _1n$5, N); + let point, fake; // Fake point is used to const-time mult + if (endo) { + const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar); + let { p: k1p, f: f1p } = this.wNAF(k1); + let { p: k2p, f: f2p } = this.wNAF(k2); + k1p = wnaf.constTimeNegate(k1neg, k1p); + k2p = wnaf.constTimeNegate(k2neg, k2p); + k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz); + point = k1p.add(k2p); + fake = f1p.add(f2p); + } + else { + const { p, f } = this.wNAF(scalar); + point = p; + fake = f; + } + // Normalize `z` for both points, but return only real one + return Point.normalizeZ([point, fake])[0]; + } + /** + * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly. + * Not using Strauss-Shamir trick: precomputation tables are faster. + * The trick could be useful if both P and Q are not G (not in our case). + * @returns non-zero affine point + */ + multiplyAndAddUnsafe(Q, a, b) { + const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes + const mul = (P, a // Select faster multiply() method + ) => (a === _0n$3 || a === _1n$5 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a)); + const sum = mul(this, a).add(mul(Q, b)); + return sum.is0() ? undefined : sum; + } + // Converts Projective point to affine (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + // (x, y, z) ∋ (x=x/z, y=y/z) + toAffine(iz) { + return toAffineMemo(this, iz); + } + isTorsionFree() { + const { h: cofactor, isTorsionFree } = CURVE; + if (cofactor === _1n$5) + return true; // No subgroups, always torsion-free + if (isTorsionFree) + return isTorsionFree(Point, this); + throw new Error('isTorsionFree() has not been declared for the elliptic curve'); + } + clearCofactor() { + const { h: cofactor, clearCofactor } = CURVE; + if (cofactor === _1n$5) + return this; // Fast-path + if (clearCofactor) + return clearCofactor(Point, this); + return this.multiplyUnsafe(CURVE.h); + } + toRawBytes(isCompressed = true) { + abool('isCompressed', isCompressed); + this.assertValidity(); + return toBytes(Point, this, isCompressed); + } + toHex(isCompressed = true) { + abool('isCompressed', isCompressed); + return bytesToHex(this.toRawBytes(isCompressed)); + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); + Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); + const _bits = CURVE.nBitLength; + const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); + // Validate if generator point is on curve + return { + CURVE, + ProjectivePoint: Point, + normPrivateKeyToScalar, + weierstrassEquation, + isWithinCurveOrder, + }; } -utils.toHex = toHex; - -utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; -}; -}); - -var utils_1$1 = createCommonjsModule(function (module, exports) { - -var utils = exports; - - - - -utils.assert = minimalisticAssert; -utils.toArray = utils_1.toArray; -utils.zero2 = utils_1.zero2; -utils.toHex = utils_1.toHex; -utils.encode = utils_1.encode; - -// Represent num in a w-NAF form -function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; +function validateOpts$2(curve) { + const opts = validateBasic(curve); + validateObject(opts, { + hash: 'hash', + hmac: 'function', + randomBytes: 'function', + }, { + bits2int: 'function', + bits2int_modN: 'function', + lowS: 'boolean', + }); + return Object.freeze({ lowS: true, ...opts }); +} +/** + * Creates short weierstrass curve and ECDSA signature methods for it. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, b, p, n, Gx, Gy + * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n }) + */ +function weierstrass(curveDef) { + const CURVE = validateOpts$2(curveDef); + const { Fp, n: CURVE_ORDER } = CURVE; + const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32 + const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32 + function modN(a) { + return mod(a, CURVE_ORDER); + } + function invN(a) { + return invert(a, CURVE_ORDER); + } + const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({ + ...CURVE, + toBytes(_c, point, isCompressed) { + const a = point.toAffine(); + const x = Fp.toBytes(a.x); + const cat = concatBytes; + abool('isCompressed', isCompressed); + if (isCompressed) { + return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x); + } + else { + return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y)); + } + }, + fromBytes(bytes) { + const len = bytes.length; + const head = bytes[0]; + const tail = bytes.subarray(1); + // this.assertValidity() is done inside of fromHex + if (len === compressedLen && (head === 0x02 || head === 0x03)) { + const x = bytesToNumberBE(tail); + if (!inRange(x, _1n$5, Fp.ORDER)) + throw new Error('Point is not on curve'); + const y2 = weierstrassEquation(x); // y² = x³ + ax + b + let y; + try { + y = Fp.sqrt(y2); // y = y² ^ (p+1)/4 + } + catch (sqrtError) { + const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : ''; + throw new Error('Point is not on curve' + suffix); + } + const isYOdd = (y & _1n$5) === _1n$5; + // ECDSA + const isHeadOdd = (head & 1) === 1; + if (isHeadOdd !== isYOdd) + y = Fp.neg(y); + return { x, y }; + } + else if (len === uncompressedLen && head === 0x04) { + const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES)); + const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES)); + return { x, y }; + } + else { + throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`); + } + }, + }); + const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength)); + function isBiggerThanHalfOrder(number) { + const HALF = CURVE_ORDER >> _1n$5; + return number > HALF; } - naf.push(z); - - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.iushrn(shift); - } - - return naf; -} -utils.getNAF = getNAF; - -// Represent k1, k2 in a Joint Sparse Form -function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; + function normalizeS(s) { + return isBiggerThanHalfOrder(s) ? modN(-s) : s; } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; + // slice bytes num + const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to)); + /** + * ECDSA signature with its (r, s) properties. Supports DER & compact representations. + */ + class Signature { + constructor(r, s, recovery) { + this.r = r; + this.s = s; + this.recovery = recovery; + this.assertValidity(); + } + // pair (bytes of r, bytes of s) + static fromCompact(hex) { + const l = CURVE.nByteLength; + hex = ensureBytes('compactSignature', hex, l * 2); + return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l)); + } + // DER encoded ECDSA signature + // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script + static fromDER(hex) { + const { r, s } = DER.toSig(ensureBytes('DER', hex)); + return new Signature(r, s); + } + assertValidity() { + aInRange('r', this.r, _1n$5, CURVE_ORDER); // r in [1..N] + aInRange('s', this.s, _1n$5, CURVE_ORDER); // s in [1..N] + } + addRecoveryBit(recovery) { + return new Signature(this.r, this.s, recovery); + } + recoverPublicKey(msgHash) { + const { r, s, recovery: rec } = this; + const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash + if (rec == null || ![0, 1, 2, 3].includes(rec)) + throw new Error('recovery id invalid'); + const radj = rec === 2 || rec === 3 ? r + CURVE.n : r; + if (radj >= Fp.ORDER) + throw new Error('recovery id 2 or 3 invalid'); + const prefix = (rec & 1) === 0 ? '02' : '03'; + const R = Point.fromHex(prefix + numToNByteStr(radj)); + const ir = invN(radj); // r^-1 + const u1 = modN(-h * ir); // -hr^-1 + const u2 = modN(s * ir); // sr^-1 + const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1) + if (!Q) + throw new Error('point at infinify'); // unsafe is fine: no priv data leaked + Q.assertValidity(); + return Q; + } + // Signatures should be low-s, to prevent malleability. + hasHighS() { + return isBiggerThanHalfOrder(this.s); + } + normalizeS() { + return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this; + } + // DER-encoded + toDERRawBytes() { + return hexToBytes(this.toDERHex()); + } + toDERHex() { + return DER.hexFromSig({ r: this.r, s: this.s }); + } + // padded bytes of r, then padded bytes of s + toCompactRawBytes() { + return hexToBytes(this.toCompactHex()); + } + toCompactHex() { + return numToNByteStr(this.r) + numToNByteStr(this.s); + } + } + const utils = { + isValidPrivateKey(privateKey) { + try { + normPrivateKeyToScalar(privateKey); + return true; + } + catch (error) { + return false; + } + }, + normPrivateKeyToScalar: normPrivateKeyToScalar, + /** + * Produces cryptographically secure private key from random of size + * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible. + */ + randomPrivateKey: () => { + const length = getMinHashLength(CURVE.n); + return mapHashToField(CURVE.randomBytes(length), CURVE.n); + }, + /** + * Creates precompute table for an arbitrary EC point. Makes point "cached". + * Allows to massively speed-up `point.multiply(scalar)`. + * @returns cached point + * @example + * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey)); + * fast.multiply(privKey); // much faster ECDH now + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here + return point; + }, + }; + /** + * Computes public key for a private key. Checks for validity of the private key. + * @param privateKey private key + * @param isCompressed whether to return compact (default), or full key + * @returns Public key, full when isCompressed=false; short when isCompressed=true + */ + function getPublicKey(privateKey, isCompressed = true) { + return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed); } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.iushrn(1); - k2.iushrn(1); - } - - return jsf; + /** + * Quick and dirty check for item being public key. Does not validate hex, or being on-curve. + */ + function isProbPub(item) { + const arr = isBytes(item); + const str = typeof item === 'string'; + const len = (arr || str) && item.length; + if (arr) + return len === compressedLen || len === uncompressedLen; + if (str) + return len === 2 * compressedLen || len === 2 * uncompressedLen; + if (item instanceof Point) + return true; + return false; + } + /** + * ECDH (Elliptic Curve Diffie Hellman). + * Computes shared public key from private key and public key. + * Checks: 1) private key validity 2) shared key is on-curve. + * Does NOT hash the result. + * @param privateA private key + * @param publicB different public key + * @param isCompressed whether to return compact (default), or full key + * @returns shared public key + */ + function getSharedSecret(privateA, publicB, isCompressed = true) { + if (isProbPub(privateA)) + throw new Error('first arg must be private key'); + if (!isProbPub(publicB)) + throw new Error('second arg must be public key'); + const b = Point.fromHex(publicB); // check for being on-curve + return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed); + } + // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets. + // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int. + // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same. + // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors + const bits2int = CURVE.bits2int || + function (bytes) { + // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m) + // for some cases, since bytes.length * 8 is not actual bitLength. + const num = bytesToNumberBE(bytes); // check for == u8 done here + const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits + return delta > 0 ? num >> BigInt(delta) : num; + }; + const bits2int_modN = CURVE.bits2int_modN || + function (bytes) { + return modN(bits2int(bytes)); // can't use bytesToNumberBE here + }; + // NOTE: pads output with zero as per spec + const ORDER_MASK = bitMask(CURVE.nBitLength); + /** + * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`. + */ + function int2octets(num) { + aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n$3, ORDER_MASK); + // works with order, can have different size than numToField! + return numberToBytesBE(num, CURVE.nByteLength); + } + // Steps A, D of RFC6979 3.2 + // Creates RFC6979 seed; converts msg/privKey to numbers. + // Used only in sign, not in verify. + // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521. + // Also it can be bigger for P224 + SHA256 + function prepSig(msgHash, privateKey, opts = defaultSigOpts) { + if (['recovered', 'canonical'].some((k) => k in opts)) + throw new Error('sign() legacy options not supported'); + const { hash, randomBytes } = CURVE; + let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default + if (lowS == null) + lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash + msgHash = ensureBytes('msgHash', msgHash); + validateSigVerOpts(opts); + if (prehash) + msgHash = ensureBytes('prehashed msgHash', hash(msgHash)); + // We can't later call bits2octets, since nested bits2int is broken for curves + // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call. + // const bits2octets = (bits) => int2octets(bits2int_modN(bits)) + const h1int = bits2int_modN(msgHash); + const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint + const seedArgs = [int2octets(d), int2octets(h1int)]; + // extraEntropy. RFC6979 3.6: additional k' (optional). + if (ent != null && ent !== false) { + // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k') + const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is + seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes + } + const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2 + const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash! + // Converts signature params into point w r/s, checks result for validity. + function k2sig(kBytes) { + // RFC 6979 Section 3.2, step 3: k = bits2int(T) + const k = bits2int(kBytes); // Cannot use fields methods, since it is group element + if (!isWithinCurveOrder(k)) + return; // Important: all mod() calls here must be done over N + const ik = invN(k); // k^-1 mod n + const q = Point.BASE.multiply(k).toAffine(); // q = Gk + const r = modN(q.x); // r = q.x mod n + if (r === _0n$3) + return; + // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to + // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it: + // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT + const s = modN(ik * modN(m + r * d)); // Not using blinding here + if (s === _0n$3) + return; + let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$5); // recovery bit (2 or 3, when q.x > n) + let normS = s; + if (lowS && isBiggerThanHalfOrder(s)) { + normS = normalizeS(s); // if lowS was passed, ensure s is always + recovery ^= 1; // // in the bottom half of N + } + return new Signature(r, normS, recovery); // use normS, not s + } + return { seed, k2sig }; + } + const defaultSigOpts = { lowS: CURVE.lowS, prehash: false }; + const defaultVerOpts = { lowS: CURVE.lowS, prehash: false }; + /** + * Signs message hash with a private key. + * ``` + * sign(m, d, k) where + * (x, y) = G × k + * r = x mod n + * s = (m + dr)/k mod n + * ``` + * @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`. + * @param privKey private key + * @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg. + * @returns signature with recovery param + */ + function sign(msgHash, privKey, opts = defaultSigOpts) { + const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2. + const C = CURVE; + const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac); + return drbg(seed, k2sig); // Steps B, C, D, E, F, G + } + // Enable precomputes. Slows down first publicKey computation by 20ms. + Point.BASE._setWindowSize(8); + // utils.precompute(8, ProjectivePoint.BASE) + /** + * Verifies a signature against message hash and public key. + * Rejects lowS signatures by default: to override, + * specify option `{lowS: false}`. Implements section 4.1.4 from https://www.secg.org/sec1-v2.pdf: + * + * ``` + * verify(r, s, h, P) where + * U1 = hs^-1 mod n + * U2 = rs^-1 mod n + * R = U1⋅G - U2⋅P + * mod(R.x, n) == r + * ``` + */ + function verify(signature, msgHash, publicKey, opts = defaultVerOpts) { + const sg = signature; + msgHash = ensureBytes('msgHash', msgHash); + publicKey = ensureBytes('publicKey', publicKey); + if ('strict' in opts) + throw new Error('options.strict was renamed to lowS'); + validateSigVerOpts(opts); + const { lowS, prehash } = opts; + let _sig = undefined; + let P; + try { + if (typeof sg === 'string' || isBytes(sg)) { + // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). + // Since DER can also be 2*nByteLength bytes, we check for it first. + try { + _sig = Signature.fromDER(sg); + } + catch (derError) { + if (!(derError instanceof DER.Err)) + throw derError; + _sig = Signature.fromCompact(sg); + } + } + else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') { + const { r, s } = sg; + _sig = new Signature(r, s); + } + else { + throw new Error('PARSE'); + } + P = Point.fromHex(publicKey); + } + catch (error) { + if (error.message === 'PARSE') + throw new Error(`signature must be Signature instance, Uint8Array or hex string`); + return false; + } + if (lowS && _sig.hasHighS()) + return false; + if (prehash) + msgHash = CURVE.hash(msgHash); + const { r, s } = _sig; + const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element + const is = invN(s); // s^-1 + const u1 = modN(h * is); // u1 = hs^-1 mod n + const u2 = modN(r * is); // u2 = rs^-1 mod n + const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P + if (!R) + return false; + const v = modN(R.x); + return v === r; + } + return { + CURVE, + getPublicKey, + getSharedSecret, + sign, + verify, + ProjectivePoint: Point, + Signature, + utils, + }; } -utils.getJSF = getJSF; -function cachedProperty(obj, name, computer) { - var key = '_' + name; - obj.prototype[name] = function cachedProperty() { - return this[key] !== undefined ? this[key] : - this[key] = computer.call(this); - }; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// connects noble-curves to noble-hashes +function getHash(hash) { + return { + hash, + hmac: (key, ...msgs) => hmac(hash, key, concatBytes$1(...msgs)), + randomBytes, + }; +} +function createCurve(curveDef, defHash) { + const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) }); + return Object.freeze({ ...create(defHash), create }); +} + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp256r1 aka p256 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 +const Fp$7 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff')); +const CURVE_A$4 = Fp$7.create(BigInt('-3')); +const CURVE_B$4 = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'); +// prettier-ignore +const p256 = createCurve({ + a: CURVE_A$4, // Equation params: a, b + b: CURVE_B$4, + Fp: Fp$7, // Field: 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n + // Curve order, total count of valid points in the field + n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'), + // Base (generator) point (x, y) + Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'), + Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'), + h: BigInt(1), + lowS: false, +}, sha256); + +const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1); +const _32n = /* @__PURE__ */ BigInt(32); +// We are not using BigUint64Array, because they are extremely slow as per 2022 +function fromBig(n, le = false) { + if (le) + return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) }; + return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 }; +} +function split(lst, le = false) { + let Ah = new Uint32Array(lst.length); + let Al = new Uint32Array(lst.length); + for (let i = 0; i < lst.length; i++) { + const { h, l } = fromBig(lst[i], le); + [Ah[i], Al[i]] = [h, l]; + } + return [Ah, Al]; +} +const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0); +// for Shift in [0, 32) +const shrSH = (h, _l, s) => h >>> s; +const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in [1, 32) +const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s)); +const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s); +// Right rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32)); +const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s)); +// Right rotate for shift===32 (just swaps l&h) +const rotr32H = (_h, l) => l; +const rotr32L = (h, _l) => h; +// Left rotate for Shift in [1, 32) +const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s)); +const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s)); +// Left rotate for Shift in (32, 64), NOTE: 32 is special case. +const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s)); +const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s)); +// JS uses 32-bit signed integers for bitwise operations which means we cannot +// simple take carry out of low bit sum by shift, we need to use division. +function add(Ah, Al, Bh, Bl) { + const l = (Al >>> 0) + (Bl >>> 0); + return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 }; +} +// Addition with more than 2 elements +const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0); +const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0; +const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0); +const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0; +const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0); +const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0; +// prettier-ignore +const u64 = { + fromBig, split, toBig, + shrSH, shrSL, + rotrSH, rotrSL, rotrBH, rotrBL, + rotr32H, rotr32L, + rotlSH, rotlSL, rotlBH, rotlBL, + add, add3L, add3H, add4L, add4H, add5H, add5L, +}; + +// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409): +// prettier-ignore +const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([ + '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc', + '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118', + '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2', + '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694', + '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65', + '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5', + '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4', + '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70', + '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df', + '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b', + '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30', + '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8', + '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8', + '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3', + '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec', + '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b', + '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178', + '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b', + '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c', + '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817' +].map(n => BigInt(n))))(); +// Temporary buffer, not used to store anything between runs +const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80); +const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80); +class SHA512 extends HashMD { + constructor() { + super(128, 64, 16, false); + // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers. + // Also looks cleaner and easier to verify with spec. + // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19): + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0x6a09e667 | 0; + this.Al = 0xf3bcc908 | 0; + this.Bh = 0xbb67ae85 | 0; + this.Bl = 0x84caa73b | 0; + this.Ch = 0x3c6ef372 | 0; + this.Cl = 0xfe94f82b | 0; + this.Dh = 0xa54ff53a | 0; + this.Dl = 0x5f1d36f1 | 0; + this.Eh = 0x510e527f | 0; + this.El = 0xade682d1 | 0; + this.Fh = 0x9b05688c | 0; + this.Fl = 0x2b3e6c1f | 0; + this.Gh = 0x1f83d9ab | 0; + this.Gl = 0xfb41bd6b | 0; + this.Hh = 0x5be0cd19 | 0; + this.Hl = 0x137e2179 | 0; + } + // prettier-ignore + get() { + const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl]; + } + // prettier-ignore + set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) { + this.Ah = Ah | 0; + this.Al = Al | 0; + this.Bh = Bh | 0; + this.Bl = Bl | 0; + this.Ch = Ch | 0; + this.Cl = Cl | 0; + this.Dh = Dh | 0; + this.Dl = Dl | 0; + this.Eh = Eh | 0; + this.El = El | 0; + this.Fh = Fh | 0; + this.Fl = Fl | 0; + this.Gh = Gh | 0; + this.Gl = Gl | 0; + this.Hh = Hh | 0; + this.Hl = Hl | 0; + } + process(view, offset) { + // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array + for (let i = 0; i < 16; i++, offset += 4) { + SHA512_W_H[i] = view.getUint32(offset); + SHA512_W_L[i] = view.getUint32((offset += 4)); + } + for (let i = 16; i < 80; i++) { + // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7) + const W15h = SHA512_W_H[i - 15] | 0; + const W15l = SHA512_W_L[i - 15] | 0; + const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7); + const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7); + // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6) + const W2h = SHA512_W_H[i - 2] | 0; + const W2l = SHA512_W_L[i - 2] | 0; + const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6); + const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6); + // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16]; + const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]); + const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]); + SHA512_W_H[i] = SUMh | 0; + SHA512_W_L[i] = SUMl | 0; + } + let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this; + // Compression function main loop, 80 rounds + for (let i = 0; i < 80; i++) { + // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41) + const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41); + const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41); + //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0; + const CHIh = (Eh & Fh) ^ (~Eh & Gh); + const CHIl = (El & Fl) ^ (~El & Gl); + // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i] + // prettier-ignore + const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]); + const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]); + const T1l = T1ll | 0; + // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39) + const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39); + const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39); + const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch); + const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl); + Hh = Gh | 0; + Hl = Gl | 0; + Gh = Fh | 0; + Gl = Fl | 0; + Fh = Eh | 0; + Fl = El | 0; + ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0)); + Dh = Ch | 0; + Dl = Cl | 0; + Ch = Bh | 0; + Cl = Bl | 0; + Bh = Ah | 0; + Bl = Al | 0; + const All = u64.add3L(T1l, sigma0l, MAJl); + Ah = u64.add3H(All, T1h, sigma0h, MAJh); + Al = All | 0; + } + // Add the compressed chunk to the current hash value + ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0)); + ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0)); + ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0)); + ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0)); + ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0)); + ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0)); + ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0)); + ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0)); + this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl); + } + roundClean() { + SHA512_W_H.fill(0); + SHA512_W_L.fill(0); + } + destroy() { + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + } +} +class SHA384 extends SHA512 { + constructor() { + super(); + // h -- high 32 bits, l -- low 32 bits + this.Ah = 0xcbbb9d5d | 0; + this.Al = 0xc1059ed8 | 0; + this.Bh = 0x629a292a | 0; + this.Bl = 0x367cd507 | 0; + this.Ch = 0x9159015a | 0; + this.Cl = 0x3070dd17 | 0; + this.Dh = 0x152fecd8 | 0; + this.Dl = 0xf70e5939 | 0; + this.Eh = 0x67332667 | 0; + this.El = 0xffc00b31 | 0; + this.Fh = 0x8eb44a87 | 0; + this.Fl = 0x68581511 | 0; + this.Gh = 0xdb0c2e0d | 0; + this.Gl = 0x64f98fa7 | 0; + this.Hh = 0x47b5481d | 0; + this.Hl = 0xbefa4fa4 | 0; + this.outputLen = 48; + } +} +const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512()); +const sha384 = /* @__PURE__ */ wrapConstructor(() => new SHA384()); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp384r1 aka p384 +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 +// Field over which we'll do calculations. +// prettier-ignore +const P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'); +const Fp$6 = Field(P$1); +const CURVE_A$3 = Fp$6.create(BigInt('-3')); +// prettier-ignore +const CURVE_B$3 = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'); +// prettier-ignore +const p384 = createCurve({ + a: CURVE_A$3, // Equation params: a, b + b: CURVE_B$3, + Fp: Fp$6, // Field: 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n + // Curve order, total count of valid points in the field. + n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'), + // Base (generator) point (x, y) + Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'), + Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'), + h: BigInt(1), + lowS: false, +}, sha384); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// NIST secp521r1 aka p521 +// Note that it's 521, which differs from 512 of its hash function. +// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521 +// Field over which we'll do calculations. +// prettier-ignore +const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); +const Fp$5 = Field(P); +const CURVE = { + a: Fp$5.create(BigInt('-3')), + b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'), + Fp: Fp$5, + n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'), + Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'), + Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'), + h: BigInt(1), +}; +// prettier-ignore +const p521 = createCurve({ + a: CURVE.a, // Equation params: a, b + b: CURVE.b, + Fp: Fp$5, // Field: 2n**521n - 1n + // Curve order, total count of valid points in the field + n: CURVE.n, + Gx: CURVE.Gx, // Base point (x, y) aka generator point + Gy: CURVE.Gy, + h: CURVE.h, + lowS: false, + allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b +}, sha512); + +// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size. +// It's called a sponge function. +// Various per round constants calculations +const SHA3_PI = []; +const SHA3_ROTL = []; +const _SHA3_IOTA = []; +const _0n$2 = /* @__PURE__ */ BigInt(0); +const _1n$4 = /* @__PURE__ */ BigInt(1); +const _2n$3 = /* @__PURE__ */ BigInt(2); +const _7n = /* @__PURE__ */ BigInt(7); +const _256n = /* @__PURE__ */ BigInt(256); +const _0x71n = /* @__PURE__ */ BigInt(0x71); +for (let round = 0, R = _1n$4, x = 1, y = 0; round < 24; round++) { + // Pi + [x, y] = [y, (2 * x + 3 * y) % 5]; + SHA3_PI.push(2 * (5 * y + x)); + // Rotational + SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64); + // Iota + let t = _0n$2; + for (let j = 0; j < 7; j++) { + R = ((R << _1n$4) ^ ((R >> _7n) * _0x71n)) % _256n; + if (R & _2n$3) + t ^= _1n$4 << ((_1n$4 << /* @__PURE__ */ BigInt(j)) - _1n$4); + } + _SHA3_IOTA.push(t); +} +const [SHA3_IOTA_H, SHA3_IOTA_L] = /* @__PURE__ */ split(_SHA3_IOTA, true); +// Left rotation (without 0, 32, 64) +const rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s)); +const rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s)); +// Same as keccakf1600, but allows to skip some rounds +function keccakP(s, rounds = 24) { + const B = new Uint32Array(5 * 2); + // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js) + for (let round = 24 - rounds; round < 24; round++) { + // Theta θ + for (let x = 0; x < 10; x++) + B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40]; + for (let x = 0; x < 10; x += 2) { + const idx1 = (x + 8) % 10; + const idx0 = (x + 2) % 10; + const B0 = B[idx0]; + const B1 = B[idx0 + 1]; + const Th = rotlH(B0, B1, 1) ^ B[idx1]; + const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1]; + for (let y = 0; y < 50; y += 10) { + s[x + y] ^= Th; + s[x + y + 1] ^= Tl; + } + } + // Rho (ρ) and Pi (π) + let curH = s[2]; + let curL = s[3]; + for (let t = 0; t < 24; t++) { + const shift = SHA3_ROTL[t]; + const Th = rotlH(curH, curL, shift); + const Tl = rotlL(curH, curL, shift); + const PI = SHA3_PI[t]; + curH = s[PI]; + curL = s[PI + 1]; + s[PI] = Th; + s[PI + 1] = Tl; + } + // Chi (χ) + for (let y = 0; y < 50; y += 10) { + for (let x = 0; x < 10; x++) + B[x] = s[y + x]; + for (let x = 0; x < 10; x++) + s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10]; + } + // Iota (ι) + s[0] ^= SHA3_IOTA_H[round]; + s[1] ^= SHA3_IOTA_L[round]; + } + B.fill(0); +} +class Keccak extends Hash { + // NOTE: we accept arguments in bytes instead of bits here. + constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) { + super(); + this.blockLen = blockLen; + this.suffix = suffix; + this.outputLen = outputLen; + this.enableXOF = enableXOF; + this.rounds = rounds; + this.pos = 0; + this.posOut = 0; + this.finished = false; + this.destroyed = false; + // Can be passed from user as dkLen + number(outputLen); + // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes + if (0 >= this.blockLen || this.blockLen >= 200) + throw new Error('Sha3 supports only keccak-f1600 function'); + this.state = new Uint8Array(200); + this.state32 = u32(this.state); + } + keccak() { + if (!isLE) + byteSwap32(this.state32); + keccakP(this.state32, this.rounds); + if (!isLE) + byteSwap32(this.state32); + this.posOut = 0; + this.pos = 0; + } + update(data) { + exists(this); + const { blockLen, state } = this; + data = toBytes(data); + const len = data.length; + for (let pos = 0; pos < len;) { + const take = Math.min(blockLen - this.pos, len - pos); + for (let i = 0; i < take; i++) + state[this.pos++] ^= data[pos++]; + if (this.pos === blockLen) + this.keccak(); + } + return this; + } + finish() { + if (this.finished) + return; + this.finished = true; + const { state, suffix, pos, blockLen } = this; + // Do the padding + state[pos] ^= suffix; + if ((suffix & 0x80) !== 0 && pos === blockLen - 1) + this.keccak(); + state[blockLen - 1] ^= 0x80; + this.keccak(); + } + writeInto(out) { + exists(this, false); + bytes(out); + this.finish(); + const bufferOut = this.state; + const { blockLen } = this; + for (let pos = 0, len = out.length; pos < len;) { + if (this.posOut >= blockLen) + this.keccak(); + const take = Math.min(blockLen - this.posOut, len - pos); + out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos); + this.posOut += take; + pos += take; + } + return out; + } + xofInto(out) { + // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF + if (!this.enableXOF) + throw new Error('XOF is not possible for this instance'); + return this.writeInto(out); + } + xof(bytes) { + number(bytes); + return this.xofInto(new Uint8Array(bytes)); + } + digestInto(out) { + output(out, this); + if (this.finished) + throw new Error('digest() was already called'); + this.writeInto(out); + this.destroy(); + return out; + } + digest() { + return this.digestInto(new Uint8Array(this.outputLen)); + } + destroy() { + this.destroyed = true; + this.state.fill(0); + } + _cloneInto(to) { + const { blockLen, suffix, outputLen, rounds, enableXOF } = this; + to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds)); + to.state32.set(this.state32); + to.pos = this.pos; + to.posOut = this.posOut; + to.finished = this.finished; + to.rounds = rounds; + // Suffix can change in cSHAKE + to.suffix = suffix; + to.outputLen = outputLen; + to.enableXOF = enableXOF; + to.destroyed = this.destroyed; + return to; + } +} +const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen)); +/** + * SHA3-256 hash function + * @param message - that would be hashed + */ +const sha3_256 = /* @__PURE__ */ gen(0x06, 136, 256 / 8); +const sha3_512 = /* @__PURE__ */ gen(0x06, 72, 512 / 8); +const genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true)); +const shake256 = /* @__PURE__ */ genShake(0x1f, 136, 256 / 8); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² +// Be friendly to bad ECMAScript parsers by not using bigint literals +// prettier-ignore +const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n = BigInt(8); +// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex: +const VERIFY_DEFAULT = { zip215: true }; +function validateOpts$1(curve) { + const opts = validateBasic(curve); + validateObject(curve, { + hash: 'function', + a: 'bigint', + d: 'bigint', + randomBytes: 'function', + }, { + adjustScalarBytes: 'function', + domain: 'function', + uvRatio: 'function', + mapToCurve: 'function', + }); + // Set defaults + return Object.freeze({ ...opts }); +} +/** + * Creates Twisted Edwards curve with EdDSA signatures. + * @example + * import { Field } from '@noble/curves/abstract/modular'; + * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h + * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h }) + */ +function twistedEdwards(curveDef) { + const CURVE = validateOpts$1(curveDef); + const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE; + const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3); + const modP = Fp.create; // Function overrides + const Fn = Field(CURVE.n, CURVE.nBitLength); + // sqrt(u/v) + const uvRatio = CURVE.uvRatio || + ((u, v) => { + try { + return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) }; + } + catch (e) { + return { isValid: false, value: _0n$1 }; + } + }); + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP + const domain = CURVE.domain || + ((data, ctx, phflag) => { + abool('phflag', phflag); + if (ctx.length || phflag) + throw new Error('Contexts/pre-hash are not supported'); + return data; + }); // NOOP + // 0 <= n < MASK + // Coordinates larger than Fp.ORDER are allowed for zip215 + function aCoordinate(title, n) { + aInRange('coordinate ' + title, n, _0n$1, MASK); + } + function assertPoint(other) { + if (!(other instanceof Point)) + throw new Error('ExtendedPoint expected'); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + const toAffineMemo = memoized((p, iz) => { + const { ex: x, ey: y, ez: z } = p; + const is0 = p.is0(); + if (iz == null) + iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily + const ax = modP(x * iz); + const ay = modP(y * iz); + const zz = modP(z * iz); + if (is0) + return { x: _0n$1, y: _1n$3 }; + if (zz !== _1n$3) + throw new Error('invZ was invalid'); + return { x: ax, y: ay }; + }); + const assertValidMemo = memoized((p) => { + const { a, d } = CURVE; + if (p.is0()) + throw new Error('bad point: ZERO'); // TODO: optimize, with vars below? + // Equation in affine coordinates: ax² + y² = 1 + dx²y² + // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y² + const { ex: X, ey: Y, ez: Z, et: T } = p; + const X2 = modP(X * X); // X² + const Y2 = modP(Y * Y); // Y² + const Z2 = modP(Z * Z); // Z² + const Z4 = modP(Z2 * Z2); // Z⁴ + const aX2 = modP(X2 * a); // aX² + const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z² + const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y² + if (left !== right) + throw new Error('bad point: equation left != right (1)'); + // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T + const XY = modP(X * Y); + const ZT = modP(Z * T); + if (XY !== ZT) + throw new Error('bad point: equation left != right (2)'); + return true; + }); + // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy). + // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates + class Point { + constructor(ex, ey, ez, et) { + this.ex = ex; + this.ey = ey; + this.ez = ez; + this.et = et; + aCoordinate('x', ex); + aCoordinate('y', ey); + aCoordinate('z', ez); + aCoordinate('t', et); + Object.freeze(this); + } + get x() { + return this.toAffine().x; + } + get y() { + return this.toAffine().y; + } + static fromAffine(p) { + if (p instanceof Point) + throw new Error('extended point not allowed'); + const { x, y } = p || {}; + aCoordinate('x', x); + aCoordinate('y', y); + return new Point(x, y, _1n$3, modP(x * y)); + } + static normalizeZ(points) { + const toInv = Fp.invertBatch(points.map((p) => p.ez)); + return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine); + } + // Multiscalar Multiplication + static msm(points, scalars) { + return pippenger(Point, Fn, points, scalars); + } + // "Private method", don't use it directly + _setWindowSize(windowSize) { + wnaf.setWindowSize(this, windowSize); + } + // Not required for fromHex(), which always creates valid points. + // Could be useful for fromAffine(). + assertValidity() { + assertValidMemo(this); + } + // Compare one point to another. + equals(other) { + assertPoint(other); + const { ex: X1, ey: Y1, ez: Z1 } = this; + const { ex: X2, ey: Y2, ez: Z2 } = other; + const X1Z2 = modP(X1 * Z2); + const X2Z1 = modP(X2 * Z1); + const Y1Z2 = modP(Y1 * Z2); + const Y2Z1 = modP(Y2 * Z1); + return X1Z2 === X2Z1 && Y1Z2 === Y2Z1; + } + is0() { + return this.equals(Point.ZERO); + } + negate() { + // Flips point sign to a negative one (-x, y in affine coords) + return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et)); + } + // Fast algo for doubling Extended Point. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd + // Cost: 4M + 4S + 1*a + 6add + 1*2. + double() { + const { a } = CURVE; + const { ex: X1, ey: Y1, ez: Z1 } = this; + const A = modP(X1 * X1); // A = X12 + const B = modP(Y1 * Y1); // B = Y12 + const C = modP(_2n$2 * modP(Z1 * Z1)); // C = 2*Z12 + const D = modP(a * A); // D = a*A + const x1y1 = X1 + Y1; + const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B + const G = D + B; // G = D+B + const F = G - C; // F = G-C + const H = D - B; // H = D-B + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + // Fast algo for adding 2 Extended Points. + // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd + // Cost: 9M + 1*a + 1*d + 7add. + add(other) { + assertPoint(other); + const { a, d } = CURVE; + const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this; + const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other; + // Faster algo for adding 2 Extended Points when curve's a=-1. + // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4 + // Cost: 8M + 8add + 2*2. + // Note: It does not check whether the `other` point is valid. + if (a === BigInt(-1)) { + const A = modP((Y1 - X1) * (Y2 + X2)); + const B = modP((Y1 + X1) * (Y2 - X2)); + const F = modP(B - A); + if (F === _0n$1) + return this.double(); // Same point. Tests say it doesn't affect timing + const C = modP(Z1 * _2n$2 * T2); + const D = modP(T1 * _2n$2 * Z2); + const E = D + C; + const G = B + A; + const H = D - C; + const X3 = modP(E * F); + const Y3 = modP(G * H); + const T3 = modP(E * H); + const Z3 = modP(F * G); + return new Point(X3, Y3, Z3, T3); + } + const A = modP(X1 * X2); // A = X1*X2 + const B = modP(Y1 * Y2); // B = Y1*Y2 + const C = modP(T1 * d * T2); // C = T1*d*T2 + const D = modP(Z1 * Z2); // D = Z1*Z2 + const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B + const F = D - C; // F = D-C + const G = D + C; // G = D+C + const H = modP(B - a * A); // H = B-a*A + const X3 = modP(E * F); // X3 = E*F + const Y3 = modP(G * H); // Y3 = G*H + const T3 = modP(E * H); // T3 = E*H + const Z3 = modP(F * G); // Z3 = F*G + return new Point(X3, Y3, Z3, T3); + } + subtract(other) { + return this.add(other.negate()); + } + wNAF(n) { + return wnaf.wNAFCached(this, n, Point.normalizeZ); + } + // Constant-time multiplication. + multiply(scalar) { + const n = scalar; + aInRange('scalar', n, _1n$3, CURVE_ORDER); // 1 <= scalar < L + const { p, f } = this.wNAF(n); + return Point.normalizeZ([p, f])[0]; + } + // Non-constant-time multiplication. Uses double-and-add algorithm. + // It's faster, but should only be used when you don't care about + // an exposed private key e.g. sig verification. + // Does NOT allow scalars higher than CURVE.n. + multiplyUnsafe(scalar) { + const n = scalar; + aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L + if (n === _0n$1) + return I; + if (this.equals(I) || n === _1n$3) + return this; + if (this.equals(G)) + return this.wNAF(n).p; + return wnaf.unsafeLadder(this, n); + } + // Checks if point is of small order. + // If you add something to small order point, you will have "dirty" + // point with torsion component. + // Multiplies point by cofactor and checks if the result is 0. + isSmallOrder() { + return this.multiplyUnsafe(cofactor).is0(); + } + // Multiplies point by curve order and checks if the result is 0. + // Returns `false` is the point is dirty. + isTorsionFree() { + return wnaf.unsafeLadder(this, CURVE_ORDER).is0(); + } + // Converts Extended point to default (x, y) coordinates. + // Can accept precomputed Z^-1 - for example, from invertBatch. + toAffine(iz) { + return toAffineMemo(this, iz); + } + clearCofactor() { + const { h: cofactor } = CURVE; + if (cofactor === _1n$3) + return this; + return this.multiplyUnsafe(cofactor); + } + // Converts hash string or Uint8Array to Point. + // Uses algo from RFC8032 5.1.3. + static fromHex(hex, zip215 = false) { + const { d, a } = CURVE; + const len = Fp.BYTES; + hex = ensureBytes('pointHex', hex, len); // copy hex to a new array + abool('zip215', zip215); + const normed = hex.slice(); // copy again, we'll manipulate it + const lastByte = hex[len - 1]; // select last byte + normed[len - 1] = lastByte & ~0x80; // clear last bit + const y = bytesToNumberLE(normed); + // RFC8032 prohibits >= p, but ZIP215 doesn't + // zip215=true: 0 <= y < MASK (2^256 for ed25519) + // zip215=false: 0 <= y < P (2^255-19 for ed25519) + const max = zip215 ? MASK : Fp.ORDER; + aInRange('pointHex.y', y, _0n$1, max); + // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case: + // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a) + const y2 = modP(y * y); // denominator is always non-0 mod p. + const u = modP(y2 - _1n$3); // u = y² - 1 + const v = modP(d * y2 - a); // v = d y² + 1. + let { isValid, value: x } = uvRatio(u, v); // √(u/v) + if (!isValid) + throw new Error('Point.fromHex: invalid y coordinate'); + const isXOdd = (x & _1n$3) === _1n$3; // There are 2 square roots. Use x_0 bit to select proper + const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit + if (!zip215 && x === _0n$1 && isLastByteOdd) + // if x=0 and x_0 = 1, fail + throw new Error('Point.fromHex: x=0 and x_0=1'); + if (isLastByteOdd !== isXOdd) + x = modP(-x); // if x_0 != x mod 2, set x = p-x + return Point.fromAffine({ x, y }); + } + static fromPrivateKey(privKey) { + return getExtendedPublicKey(privKey).point; + } + toRawBytes() { + const { x, y } = this.toAffine(); + const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y) + bytes[bytes.length - 1] |= x & _1n$3 ? 0x80 : 0; // when compressing, it's enough to store y + return bytes; // and use the last byte to encode sign of x + } + toHex() { + return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string. + } + } + Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n$3, modP(CURVE.Gx * CURVE.Gy)); + Point.ZERO = new Point(_0n$1, _1n$3, _1n$3, _0n$1); // 0, 1, 1, 0 + const { BASE: G, ZERO: I } = Point; + const wnaf = wNAF(Point, nByteLength * 8); + function modN(a) { + return mod(a, CURVE_ORDER); + } + // Little-endian SHA512 with modulo n + function modN_LE(hash) { + return modN(bytesToNumberLE(hash)); + } + /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */ + function getExtendedPublicKey(key) { + const len = nByteLength; + key = ensureBytes('private key', key, len); + // Hash private key with curve's hash function to produce uniformingly random input + // Check byte lengths: ensure(64, h(ensure(32, key))) + const hashed = ensureBytes('hashed private key', cHash(key), 2 * len); + const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE + const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6) + const scalar = modN_LE(head); // The actual private scalar + const point = G.multiply(scalar); // Point on Edwards curve aka public key + const pointBytes = point.toRawBytes(); // Uint8Array representation + return { head, prefix, scalar, point, pointBytes }; + } + // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared + function getPublicKey(privKey) { + return getExtendedPublicKey(privKey).pointBytes; + } + // int('LE', SHA512(dom2(F, C) || msgs)) mod N + function hashDomainToScalar(context = new Uint8Array(), ...msgs) { + const msg = concatBytes(...msgs); + return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash))); + } + /** Signs message with privateKey. RFC8032 5.1.6 */ + function sign(msg, privKey, options = {}) { + msg = ensureBytes('message', msg); + if (prehash) + msg = prehash(msg); // for ed25519ph etc. + const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey); + const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) || prefix || PH(M) + const R = G.multiply(r).toRawBytes(); // R = rG + const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M) + const s = modN(r + k * scalar); // S = (r + k * s) mod L + aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l + const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES)); + return ensureBytes('result', res, nByteLength * 2); // 64-byte signature + } + const verifyOpts = VERIFY_DEFAULT; + function verify(sig, msg, publicKey, options = verifyOpts) { + const { context, zip215 } = options; + const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7. + sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked. + msg = ensureBytes('message', msg); + if (zip215 !== undefined) + abool('zip215', zip215); + if (prehash) + msg = prehash(msg); // for ed25519ph, etc + const s = bytesToNumberLE(sig.slice(len, 2 * len)); + // zip215: true is good for consensus-critical apps and allows points < 2^256 + // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p + let A, R, SB; + try { + A = Point.fromHex(publicKey, zip215); + R = Point.fromHex(sig.slice(0, len), zip215); + SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside + } + catch (error) { + return false; + } + if (!zip215 && A.isSmallOrder()) + return false; + const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); + const RkA = R.add(A.multiplyUnsafe(k)); + // [8][S]B = [8]R + [8][k]A' + return RkA.subtract(SB).clearCofactor().equals(Point.ZERO); + } + G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms. + const utils = { + getExtendedPublicKey, + // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1. + randomPrivateKey: () => randomBytes(Fp.BYTES), + /** + * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT + * values. This slows down first getPublicKey() by milliseconds (see Speed section), + * but allows to speed-up subsequent getPublicKey() calls up to 20x. + * @param windowSize 2, 4, 8, 16 + */ + precompute(windowSize = 8, point = Point.BASE) { + point._setWindowSize(windowSize); + point.multiply(BigInt(3)); + return point; + }, + }; + return { + CURVE, + getPublicKey, + sign, + verify, + ExtendedPoint: Point, + utils, + }; } -utils.cachedProperty = cachedProperty; -function parseBytes(bytes) { - return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') : - bytes; +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const _0n = BigInt(0); +const _1n$2 = BigInt(1); +function validateOpts(curve) { + validateObject(curve, { + a: 'bigint', + }, { + montgomeryBits: 'isSafeInteger', + nByteLength: 'isSafeInteger', + adjustScalarBytes: 'function', + domain: 'function', + powPminus2: 'function', + Gu: 'bigint', + }); + // Set defaults + return Object.freeze({ ...curve }); +} +// NOTE: not really montgomery curve, just bunch of very specific methods for X25519/X448 (RFC 7748, https://www.rfc-editor.org/rfc/rfc7748) +// Uses only one coordinate instead of two +function montgomery(curveDef) { + const CURVE = validateOpts(curveDef); + const { P } = CURVE; + const modP = (n) => mod(n, P); + const montgomeryBits = CURVE.montgomeryBits; + const montgomeryBytes = Math.ceil(montgomeryBits / 8); + const fieldLen = CURVE.nByteLength; + const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); + const powPminus2 = CURVE.powPminus2 || ((x) => pow(x, P - BigInt(2), P)); + // cswap from RFC7748. But it is not from RFC7748! + /* + cswap(swap, x_2, x_3): + dummy = mask(swap) AND (x_2 XOR x_3) + x_2 = x_2 XOR dummy + x_3 = x_3 XOR dummy + Return (x_2, x_3) + Where mask(swap) is the all-1 or all-0 word of the same length as x_2 + and x_3, computed, e.g., as mask(swap) = 0 - swap. + */ + function cswap(swap, x_2, x_3) { + const dummy = modP(swap * (x_2 - x_3)); + x_2 = modP(x_2 - dummy); + x_3 = modP(x_3 + dummy); + return [x_2, x_3]; + } + // x25519 from 4 + // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 + const a24 = (CURVE.a - BigInt(2)) / BigInt(4); + /** + * + * @param pointU u coordinate (x) on Montgomery Curve 25519 + * @param scalar by which the point would be multiplied + * @returns new Point on Montgomery curve + */ + function montgomeryLadder(u, scalar) { + aInRange('u', u, _0n, P); + aInRange('scalar', scalar, _0n, P); + // Section 5: Implementations MUST accept non-canonical values and process them as + // if they had been reduced modulo the field prime. + const k = scalar; + const x_1 = u; + let x_2 = _1n$2; + let z_2 = _0n; + let x_3 = u; + let z_3 = _1n$2; + let swap = _0n; + let sw; + for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) { + const k_t = (k >> t) & _1n$2; + swap ^= k_t; + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + swap = k_t; + const A = x_2 + z_2; + const AA = modP(A * A); + const B = x_2 - z_2; + const BB = modP(B * B); + const E = AA - BB; + const C = x_3 + z_3; + const D = x_3 - z_3; + const DA = modP(D * A); + const CB = modP(C * B); + const dacb = DA + CB; + const da_cb = DA - CB; + x_3 = modP(dacb * dacb); + z_3 = modP(x_1 * modP(da_cb * da_cb)); + x_2 = modP(AA * BB); + z_2 = modP(E * (AA + modP(a24 * E))); + } + // (x_2, x_3) = cswap(swap, x_2, x_3) + sw = cswap(swap, x_2, x_3); + x_2 = sw[0]; + x_3 = sw[1]; + // (z_2, z_3) = cswap(swap, z_2, z_3) + sw = cswap(swap, z_2, z_3); + z_2 = sw[0]; + z_3 = sw[1]; + // z_2^(p - 2) + const z2 = powPminus2(z_2); + // Return x_2 * (z_2^(p - 2)) + return modP(x_2 * z2); + } + function encodeUCoordinate(u) { + return numberToBytesLE(modP(u), montgomeryBytes); + } + function decodeUCoordinate(uEnc) { + // Section 5: When receiving such an array, implementations of X25519 + // MUST mask the most significant bit in the final byte. + const u = ensureBytes('u coordinate', uEnc, montgomeryBytes); + if (fieldLen === 32) + u[31] &= 127; // 0b0111_1111 + return bytesToNumberLE(u); + } + function decodeScalar(n) { + const bytes = ensureBytes('scalar', n); + const len = bytes.length; + if (len !== montgomeryBytes && len !== fieldLen) + throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${len}`); + return bytesToNumberLE(adjustScalarBytes(bytes)); + } + function scalarMult(scalar, u) { + const pointU = decodeUCoordinate(u); + const _scalar = decodeScalar(scalar); + const pu = montgomeryLadder(pointU, _scalar); + // The result was not contributory + // https://cr.yp.to/ecdh.html#validate + if (pu === _0n) + throw new Error('Invalid private or public key received'); + return encodeUCoordinate(pu); + } + // Computes public key from private. By doing scalar multiplication of base point. + const GuBytes = encodeUCoordinate(CURVE.Gu); + function scalarMultBase(scalar) { + return scalarMult(scalar, GuBytes); + } + return { + scalarMult, + scalarMultBase, + getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey), + getPublicKey: (privateKey) => scalarMultBase(privateKey), + utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) }, + GuBytes: GuBytes, + }; } -utils.parseBytes = parseBytes; -function intFromLE(bytes) { - return new bn(bytes, 'hex', 'le'); +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +/** + * Edwards448 (not Ed448-Goldilocks) curve with following addons: + * - X448 ECDH + * - Decaf cofactor elimination + * - Elligator hash-to-group / point indistinguishability + * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2 + */ +const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 })); +const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 })); +const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'); +// prettier-ignore +const _1n$1 = BigInt(1), _2n$1 = BigInt(2), _3n = BigInt(3); BigInt(4); const _11n = BigInt(11); +// prettier-ignore +const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223); +// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. +// Used for efficient square root calculation. +// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1] +function ed448_pow_Pminus3div4(x) { + const P = ed448P; + const b2 = (x * x * x) % P; + const b3 = (b2 * b2 * x) % P; + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n$1, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b222 = (pow2(b220, _2n$1, P) * b2) % P; + const b223 = (pow2(b222, _1n$1, P) * x) % P; + return (pow2(b223, _223n, P) * b222) % P; +} +function adjustScalarBytes(bytes) { + // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most + // significant bit of the last byte to 1. + bytes[0] &= 252; // 0b11111100 + // and the most significant bit of the last byte to 1. + bytes[55] |= 128; // 0b10000000 + // NOTE: is is NOOP for 56 bytes scalars (X25519/X448) + bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits) + return bytes; } -utils.intFromLE = intFromLE; +// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v. +// Uses algo from RFC8032 5.1.3. +function uvRatio(u, v) { + const P = ed448P; + // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3 + // To compute the square root of (u/v), the first step is to compute the + // candidate root x = (u/v)^((p+1)/4). This can be done using the + // following trick, to use a single modular powering for both the + // inversion of v and the square root: + // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p) + const u2v = mod(u * u * v, P); // u²v + const u3v = mod(u2v * u, P); // u³v + const u5v3 = mod(u3v * u2v * v, P); // u⁵v³ + const root = ed448_pow_Pminus3div4(u5v3); + const x = mod(u3v * root, P); + // Verify that root is exists + const x2 = mod(x * x, P); // x² + // If vx² = u, the recovered x-coordinate is x. Otherwise, no + // square root exists, and the decoding fails. + return { isValid: mod(x2 * v, P) === u, value: x }; +} +const Fp$4 = Field(ed448P, 456, true); +const ED448_DEF = { + // Param: a + a: BigInt(1), + // -39081. Negative number is P - number + d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'), + // Finite field 𝔽p over which we'll do calculations; 2n**448n - 2n**224n - 1n + Fp: Fp$4, + // Subgroup order: how many points curve has; + // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n + n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + nBitLength: 456, + // Cofactor + h: BigInt(4), + // Base point (x, y) aka generator point + Gx: BigInt('224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'), + Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'), + // SHAKE256(dom4(phflag,context)||x, 114) + hash: shake256_114, + randomBytes, + adjustScalarBytes, + // dom4 + domain: (data, ctx, phflag) => { + if (ctx.length > 255) + throw new Error(`Context is too big: ${ctx.length}`); + return concatBytes$1(utf8ToBytes$1('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data); + }, + uvRatio, +}; +const ed448 = /* @__PURE__ */ twistedEdwards(ED448_DEF); +// NOTE: there is no ed448ctx, since ed448 supports ctx by default +/* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: shake256_64 }); +const x448 = /* @__PURE__ */ (() => montgomery({ + a: BigInt(156326), + // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys + montgomeryBits: 448, + nByteLength: 56, + P: ed448P, + Gu: BigInt(5), + powPminus2: (x) => { + const P = ed448P; + const Pminus3div4 = ed448_pow_Pminus3div4(x); + const Pminus3 = pow2(Pminus3div4, BigInt(2), P); + return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2 + }, + adjustScalarBytes, + randomBytes, +}))(); +// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version +// Hash To Curve Elligator2 Map +(Fp$4.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4 # Integer arithmetic +BigInt(156326); +// 1-d +BigInt('39082'); +// 1-2d +BigInt('78163'); +// √(-d) +BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214'); +// 1 / √(-d) +BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716'); +BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); + +/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ +const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); +const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); +const _1n = BigInt(1); +const _2n = BigInt(2); +const divNearest = (a, b) => (a + b / _2n) / b; +/** + * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit. + * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00] + */ +function sqrtMod(y) { + const P = secp256k1P; + // prettier-ignore + const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22); + // prettier-ignore + const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88); + const b2 = (y * y * y) % P; // x^3, 11 + const b3 = (b2 * b2 * y) % P; // x^7 + const b6 = (pow2(b3, _3n, P) * b3) % P; + const b9 = (pow2(b6, _3n, P) * b3) % P; + const b11 = (pow2(b9, _2n, P) * b2) % P; + const b22 = (pow2(b11, _11n, P) * b11) % P; + const b44 = (pow2(b22, _22n, P) * b22) % P; + const b88 = (pow2(b44, _44n, P) * b44) % P; + const b176 = (pow2(b88, _88n, P) * b88) % P; + const b220 = (pow2(b176, _44n, P) * b44) % P; + const b223 = (pow2(b220, _3n, P) * b3) % P; + const t1 = (pow2(b223, _23n, P) * b22) % P; + const t2 = (pow2(t1, _6n, P) * b2) % P; + const root = pow2(t2, _2n, P); + if (!Fp$3.eql(Fp$3.sqr(root), y)) + throw new Error('Cannot find square root'); + return root; +} +const Fp$3 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod }); +/** + * secp256k1 short weierstrass curve and ECDSA signatures over it. + */ +const secp256k1 = createCurve({ + a: BigInt(0), // equation params: a, b + b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975 + Fp: Fp$3, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n + n: secp256k1N, // Curve order, total count of valid points in the field + // Base point (x, y) aka generator point + Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'), + Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'), + h: BigInt(1), // Cofactor + lowS: true, // Allow only low-S signatures by default in sign() and verify() + /** + * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism. + * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%. + * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit. + * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066 + */ + endo: { + beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'), + splitScalar: (k) => { + const n = secp256k1N; + const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15'); + const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'); + const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'); + const b2 = a1; + const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16) + const c1 = divNearest(b2 * k, n); + const c2 = divNearest(-b1 * k, n); + let k1 = mod(k - c1 * a1 - c2 * a2, n); + let k2 = mod(-c1 * b1 - c2 * b2, n); + const k1neg = k1 > POW_2_128; + const k2neg = k2 > POW_2_128; + if (k1neg) + k1 = n - k1; + if (k2neg) + k2 = n - k2; + if (k1 > POW_2_128 || k2 > POW_2_128) { + throw new Error('splitScalar: Endomorphism failed, k=' + k); + } + return { k1neg, k1, k2neg, k2 }; + }, + }, +}, sha256); +// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code. +// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki +BigInt(0); +secp256k1.ProjectivePoint; + +// brainpoolP256r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.4 +// eslint-disable-next-line new-cap +const Fp$2 = Field(BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377')); +const CURVE_A$2 = Fp$2.create(BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9')); +const CURVE_B$2 = BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'); +// prettier-ignore +const brainpoolP256r1 = createCurve({ + a: CURVE_A$2, // Equation params: a, b + b: CURVE_B$2, + Fp: Fp$2, + // Curve order (q), total count of valid points in the field + n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'), + // Base (generator) point (x, y) + Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'), + Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'), + h: BigInt(1), + lowS: false +}, sha256); + +// brainpoolP384 r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.6 +// eslint-disable-next-line new-cap +const Fp$1 = Field(BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53')); +const CURVE_A$1 = Fp$1.create(BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826')); +const CURVE_B$1 = BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'); +// prettier-ignore +const brainpoolP384r1 = createCurve({ + a: CURVE_A$1, // Equation params: a, b + b: CURVE_B$1, + Fp: Fp$1, + // Curve order (q), total count of valid points in the field + n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'), + // Base (generator) point (x, y) + Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'), + Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'), + h: BigInt(1), + lowS: false +}, sha384); + +// brainpoolP512r1: https://datatracker.ietf.org/doc/html/rfc5639#section-3.7 +// eslint-disable-next-line new-cap +const Fp = Field(BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3')); +const CURVE_A = Fp.create(BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca')); +const CURVE_B = BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'); +// prettier-ignore +const brainpoolP512r1 = createCurve({ + a: CURVE_A, // Equation params: a, b + b: CURVE_B, + Fp, + // Curve order (q), total count of valid points in the field + n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'), + // Base (generator) point (x, y) + Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'), + Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'), + h: BigInt(1), + lowS: false +}, sha512); + +/** + * This file is needed to dynamic import the noble-curves. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ + + +const nobleCurves = new Map(Object.entries({ + nistP256: p256, + nistP384: p384, + nistP521: p521, + brainpoolP256r1, + brainpoolP384r1, + brainpoolP512r1, + secp256k1, + x448, + ed448 +})); + +var noble_curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleCurves: nobleCurves }); -var r$1; - -var brorand = function rand(len) { - if (!r$1) - r$1 = new Rand(null); - - return r$1.generate(len); -}; - -function Rand(rand) { - this.rand = rand; -} -var Rand_1 = Rand; +//Paul Tero, July 2001 +//http://www.tero.co.uk/des/ +// +//Optimised for performance with large blocks by Michael Hayworth, November 2001 +//http://www.netdealing.com +// +// Modified by Recurity Labs GmbH -Rand.prototype.generate = function generate(len) { - return this._rand(len); -}; +//THIS SOFTWARE IS PROVIDED "AS IS" AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. -// Emulate crypto API using randy -Rand.prototype._rand = function _rand(n) { - if (this.rand.getBytes) - return this.rand.getBytes(n); +//des +//this takes the key, the message, and whether to encrypt or decrypt - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; -}; +function des(keys, message, encrypt, mode, iv, padding) { + //declaring this locally speeds things up a bit + const spfunction1 = [ + 0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, + 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, + 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, + 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, + 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, + 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004 + ]; + const spfunction2 = [ + -0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, + -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, + -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, + -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, + -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, + 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, + -0x7fef7fe0, 0x108000 + ]; + const spfunction3 = [ + 0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, + 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, + 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, + 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, + 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, + 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200 + ]; + const spfunction4 = [ + 0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, + 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, + 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, + 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, + 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080 + ]; + const spfunction5 = [ + 0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, + 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, + 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, + 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, + 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, + 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, + 0x40080000, 0x2080100, 0x40000100 + ]; + const spfunction6 = [ + 0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, + 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, + 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, + 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, + 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, + 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010 + ]; + const spfunction7 = [ + 0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, + 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, + 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, + 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, + 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, + 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002 + ]; + const spfunction8 = [ + 0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, + 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, + 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, + 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, + 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000 + ]; -if (typeof self === 'object') { - if (self.crypto && self.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.crypto.getRandomValues(arr); - return arr; - }; - } else if (self.msCrypto && self.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - self.msCrypto.getRandomValues(arr); - return arr; - }; + //create the 16 or 48 subkeys we will need + let m = 0; + let i; + let j; + let temp; + let right1; + let right2; + let left; + let right; + let looping; + let endloop; + let loopinc; + let len = message.length; - // Safari's WebWorkers do not have `crypto` - } else if (typeof window === 'object') { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; + //set up the loops for single and triple des + const iterations = keys.length === 32 ? 3 : 9; //single or triple des + if (iterations === 3) { + looping = encrypt ? [0, 32, 2] : [30, -2, -2]; + } else { + looping = encrypt ? [0, 32, 2, 62, 30, -2, 64, 96, 2] : [94, 62, -2, 32, 64, 2, 30, -2, -2]; } -} else { - // Node.js or Web worker with no crypto support - try { - var crypto$2 = void('crypto'); - if (typeof crypto$2.randomBytes !== 'function') - throw new Error('Not supported'); - Rand.prototype._rand = function _rand(n) { - return crypto$2.randomBytes(n); - }; - } catch (e) { + //pad the message depending on the padding parameter + //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt + if (encrypt) { + message = desAddPadding(message); + len = message.length; } -} -brorand.Rand = Rand_1; -var getNAF = utils_1$1.getNAF; -var getJSF = utils_1$1.getJSF; -var assert$2 = utils_1$1.assert; + //store the result here + let result = new Uint8Array(len); + let k = 0; -function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); + //loop through each 64 bit chunk of the message + while (m < len) { + left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; + right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); + //first each 64 but chunk of the message must be permuted according to IP + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); + left = ((left << 1) | (left >>> 31)); + right = ((right << 1) | (right >>> 31)); - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); + //do this either 1 or 3 times for each chunk of the message + for (j = 0; j < iterations; j += 3) { + endloop = looping[j + 1]; + loopinc = looping[j + 2]; + //now go through and perform the encryption or decryption + for (i = looping[j]; i !== endloop; i += loopinc) { //for efficiency + right1 = right ^ keys[i]; + right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; + //the result is attained by passing these bytes through the S selection functions + temp = left; + left = right; + right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> + 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & + 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); + } + temp = left; + left = right; + right = temp; //unreverse left and right + } //for either 1 or 3 iterations - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); + //move then each one bit to the right + left = ((left >>> 1) | (left << 31)); + right = ((right >>> 1) | (right << 31)); - // Generalized Greg Maxwell's trick - var adjustCount = this.n && this.p.div(this.n); - if (!adjustCount || adjustCount.cmpn(100) > 0) { - this.redN = null; - } else { - this._maxwellTrick = true; - this.redN = this.n.toRed(this.red); - } -} -var base = BaseCurve; + //now perform IP-1, which is IP in the opposite direction + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((right >>> 2) ^ left) & 0x33333333; + left ^= temp; + right ^= (temp << 2); + temp = ((left >>> 16) ^ right) & 0x0000ffff; + right ^= temp; + left ^= (temp << 16); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); -BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); -}; + result[k++] = (left >>> 24); + result[k++] = ((left >>> 16) & 0xff); + result[k++] = ((left >>> 8) & 0xff); + result[k++] = (left & 0xff); + result[k++] = (right >>> 24); + result[k++] = ((right >>> 16) & 0xff); + result[k++] = ((right >>> 8) & 0xff); + result[k++] = (right & 0xff); + } //for every 8 characters, or 64 bits in the message -BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); -}; + //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt + if (!encrypt) { + result = desRemovePadding(result); + } -BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - assert$2(p.precomputed); - var doubles = p._getDoubles(); + return result; +} //end of des - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); - } +//desCreateKeys +//this takes as input a 64 bit key (even though only 56 bits are used) +//as an array of 2 integers, and returns 16 48 bit keys - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); - } - a = a.add(b); - } - return a.toP(); -}; +function desCreateKeys(key) { + //declaring this locally speeds things up a bit + const pc2bytes0 = [ + 0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, + 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204 + ]; + const pc2bytes1 = [ + 0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, + 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101 + ]; + const pc2bytes2 = [ + 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, + 0x1000000, 0x1000008, 0x1000800, 0x1000808 + ]; + const pc2bytes3 = [ + 0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, + 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000 + ]; + const pc2bytes4 = [ + 0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, + 0x41000, 0x1010, 0x41010 + ]; + const pc2bytes5 = [ + 0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, + 0x2000000, 0x2000400, 0x2000020, 0x2000420 + ]; + const pc2bytes6 = [ + 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, + 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002 + ]; + const pc2bytes7 = [ + 0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, + 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800 + ]; + const pc2bytes8 = [ + 0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, + 0x2000002, 0x2040002, 0x2000002, 0x2040002 + ]; + const pc2bytes9 = [ + 0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, + 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408 + ]; + const pc2bytes10 = [ + 0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, + 0x102000, 0x102020, 0x102000, 0x102020 + ]; + const pc2bytes11 = [ + 0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, + 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200 + ]; + const pc2bytes12 = [ + 0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, + 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010 + ]; + const pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105]; -BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; + //how many iterations (1 for des, 3 for triple des) + const iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys + //stores the return keys + const keys = new Array(32 * iterations); + //now define the left shifts which need to be done + const shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + //other variables + let lefttemp; + let righttemp; + let m = 0; + let n = 0; + let temp; - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; + for (let j = 0; j < iterations; j++) { //either 1 or 3 iterations + let left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; + let right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; - // Get NAF form - var naf = getNAF(k, w); + temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; + right ^= temp; + left ^= (temp << 4); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 2) ^ right) & 0x33333333; + right ^= temp; + left ^= (temp << 2); + temp = ((right >>> -16) ^ left) & 0x0000ffff; + left ^= temp; + right ^= (temp << -16); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); + temp = ((right >>> 8) ^ left) & 0x00ff00ff; + left ^= temp; + right ^= (temp << 8); + temp = ((left >>> 1) ^ right) & 0x55555555; + right ^= temp; + left ^= (temp << 1); - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); + //the right side needs to be shifted and to get the last four bits of the left side + temp = (left << 8) | ((right >>> 20) & 0x000000f0); + //left needs to be put upside down + left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); + right = temp; - if (i < 0) - break; - var z = naf[i]; - assert$2(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } - } - return p.type === 'affine' ? acc.toP() : acc; -}; + //now go through and perform these shifts on the left and right keys + for (let i = 0; i < shifts.length; i++) { + //shift the keys either one or two bits to the left + if (shifts[i]) { + left = (left << 2) | (left >>> 26); + right = (right << 2) | (right >>> 26); + } else { + left = (left << 1) | (left >>> 27); + right = (right << 1) | (right >>> 27); + } + left &= -0xf; + right &= -0xf; -BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len, - jacobianResult) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; - - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; - } - - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; + //now apply PC-2, in such a way that E is easier when encrypting or decrypting + //this conversion will look like PC-2 except only the last 6 bits of each byte are used + //rather than 48 consecutive bits and the order of lines will be according to + //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 + lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( + left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & + 0xf]; + righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | + pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | + pc2bytes13[(right >>> 4) & 0xf]; + temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; + keys[n++] = lefttemp ^ temp; + keys[n++] = righttemp ^ (temp << 16); } + } //for each iterations + //return the keys we've created + return keys; +} //end of desCreateKeys - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; - - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } - - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; +function desAddPadding(message, padding) { + const padLength = 8 - (message.length % 8); - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } + let pad; + if ((padLength < 8)) { //pad the message out with null bytes + pad = 0; + } else if (padLength === 8) { + return message; + } else { + throw new Error('des: invalid padding'); } - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; + const paddedMessage = new Uint8Array(message.length + padLength); + for (let i = 0; i < message.length; i++) { + paddedMessage[i] = message[i]; + } + for (let j = 0; j < padLength; j++) { + paddedMessage[message.length + j] = pad; + } - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; + return paddedMessage; +} - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); +function desRemovePadding(message, padding) { + let padLength = null; + let pad; + { // null padding + pad = 0; + } - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); + if (!padLength) { + padLength = 1; + while (message[message.length - padLength] === pad) { + padLength++; } + padLength--; } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - - if (jacobianResult) - return acc; - else - return acc.toP(); -}; -function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; + return message.subarray(0, message.length - padLength); } -BaseCurve.BasePoint = BasePoint; - -BasePoint.prototype.eq = function eq(/*other*/) { - throw new Error('Not implemented'); -}; - -BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); -}; - -BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - bytes = utils_1$1.toArray(bytes, enc); - var len = this.p.byteLength(); - - // uncompressed, hybrid-odd, hybrid-even - if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) && - bytes.length - 1 === 2 * len) { - if (bytes[0] === 0x06) - assert$2(bytes[bytes.length - 1] % 2 === 0); - else if (bytes[0] === 0x07) - assert$2(bytes[bytes.length - 1] % 2 === 1); +// added by Recurity Labs - var res = this.point(bytes.slice(1, 1 + len), - bytes.slice(1 + len, 1 + 2 * len)); +function TripleDES(key) { + this.key = []; - return res; - } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) && - bytes.length - 1 === len) { - return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03); + for (let i = 0; i < 3; i++) { + this.key.push(new Uint8Array(key.subarray(i * 8, (i * 8) + 8))); } - throw new Error('Unknown point format'); -}; - -BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) { - return this.encode(enc, true); -}; - -BasePoint.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - var x = this.getX().toArray('be', len); - - if (compact) - return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); - - return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; -}; -BasePoint.prototype.encode = function encode(enc, compact) { - return utils_1$1.encode(this._encode(compact), enc); -}; - -BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; - - var precomputed = { - doubles: null, - naf: null, - beta: null + this.encrypt = function(block) { + return des( + desCreateKeys(this.key[2]), + des( + desCreateKeys(this.key[1]), + des( + desCreateKeys(this.key[0]), + block, true, 0, null, null + ), + false, 0, null, null + ), true); }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; - - return this; -}; - -BasePoint.prototype._hasDoubles = function _hasDoubles(k) { - if (!this.precomputed) - return false; - - var doubles = this.precomputed.doubles; - if (!doubles) - return false; - - return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); -}; - -BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; +} - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; -}; +TripleDES.keySize = TripleDES.prototype.keySize = 24; +TripleDES.blockSize = TripleDES.prototype.blockSize = 8; -BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; -}; +// Copyright 2010 pjacobs@xeekr.com . All rights reserved. -BasePoint.prototype._getBeta = function _getBeta() { - return null; -}; +// Modified by Recurity Labs GmbH -BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; -}; +// fixed/modified by Herbert Hanewinkel, www.haneWIN.de +// check www.haneWIN.de for the latest version -var assert$3 = utils_1$1.assert; +// cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. +// CAST-128 is a common OpenPGP cipher. -function ShortCurve(conf) { - base.call(this, 'short', conf); - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); +// CAST5 constructor - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; +function OpenPGPSymEncCAST5() { + this.BlockSize = 8; + this.KeySize = 16; - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); -} -inherits_browser(ShortCurve, base); -var short_1 = ShortCurve; + this.setKey = function(key) { + this.masking = new Array(16); + this.rotate = new Array(16); -ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; + this.reset(); - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; + if (key.length === this.KeySize) { + this.keySchedule(key); } else { - lambda = lambdas[1]; - assert$3(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); + throw new Error('CAST-128: keys must be 16 bytes'); } - } - - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); - } else { - basis = this._getEndoBasis(lambda); - } - - return { - beta: beta, - lambda: lambda, - basis: basis + return true; }; -}; - -ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); - - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; -}; -ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2)); - - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); - - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; - - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); - - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; + this.reset = function() { + for (let i = 0; i < 16; i++) { + this.masking[i] = 0; + this.rotate[i] = 0; } - prevR = r; - - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; - } - a2 = r.neg(); - b2 = x; - - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; - } - - // Normalize signs - if (a1.negative) { - a1 = a1.neg(); - b1 = b1.neg(); - } - if (a2.negative) { - a2 = a2.neg(); - b2 = b2.neg(); - } - - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; -}; - -ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); - - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; -}; - -ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); - - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); - - return this.point(x, y); -}; + }; -ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; + this.getBlockSize = function() { + return this.BlockSize; + }; - var x = point.x; - var y = point.y; + this.encrypt = function(src) { + const dst = new Array(src.length); - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; -}; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; -ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs, jacobianResult) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; - if (split.k1.negative) { - split.k1.ineg(); - p = p.neg(true); - } - if (split.k2.negative) { - split.k2.ineg(); - beta = beta.neg(true); - } + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; - } - return res; -}; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; -function Point(curve, x, y, isRed) { - base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >>> 16) & 255; + dst[i + 6] = (l >>> 8) & 255; + dst[i + 7] = l & 255; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; - } -} -inherits_browser(Point, base.BasePoint); - -ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); -}; - -ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); -}; -Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; + return dst; + }; - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; + this.decrypt = function(src) { + const dst = new Array(src.length); - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; -}; + for (let i = 0; i < src.length; i += 8) { + let l = (src[i] << 24) | (src[i + 1] << 16) | (src[i + 2] << 8) | src[i + 3]; + let r = (src[i + 4] << 24) | (src[i + 5] << 16) | (src[i + 6] << 8) | src[i + 7]; + let t; -Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; + t = r; + r = l ^ f1(r, this.masking[15], this.rotate[15]); + l = t; + t = r; + r = l ^ f3(r, this.masking[14], this.rotate[14]); + l = t; + t = r; + r = l ^ f2(r, this.masking[13], this.rotate[13]); + l = t; + t = r; + r = l ^ f1(r, this.masking[12], this.rotate[12]); + l = t; - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; -}; + t = r; + r = l ^ f3(r, this.masking[11], this.rotate[11]); + l = t; + t = r; + r = l ^ f2(r, this.masking[10], this.rotate[10]); + l = t; + t = r; + r = l ^ f1(r, this.masking[9], this.rotate[9]); + l = t; + t = r; + r = l ^ f3(r, this.masking[8], this.rotate[8]); + l = t; -Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; + t = r; + r = l ^ f2(r, this.masking[7], this.rotate[7]); + l = t; + t = r; + r = l ^ f1(r, this.masking[6], this.rotate[6]); + l = t; + t = r; + r = l ^ f3(r, this.masking[5], this.rotate[5]); + l = t; + t = r; + r = l ^ f2(r, this.masking[4], this.rotate[4]); + l = t; - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); - } + t = r; + r = l ^ f1(r, this.masking[3], this.rotate[3]); + l = t; + t = r; + r = l ^ f3(r, this.masking[2], this.rotate[2]); + l = t; + t = r; + r = l ^ f2(r, this.masking[1], this.rotate[1]); + l = t; + t = r; + r = l ^ f1(r, this.masking[0], this.rotate[0]); + l = t; - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) + dst[i] = (r >>> 24) & 255; + dst[i + 1] = (r >>> 16) & 255; + dst[i + 2] = (r >>> 8) & 255; + dst[i + 3] = r & 255; + dst[i + 4] = (l >>> 24) & 255; + dst[i + 5] = (l >> 16) & 255; + dst[i + 6] = (l >> 8) & 255; + dst[i + 7] = l & 255; } - }; - return res; -}; -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + return dst; + }; + const scheduleA = new Array(4); -Point.prototype.isInfinity = function isInfinity() { - return this.inf; -}; + scheduleA[0] = new Array(4); + scheduleA[0][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 0x8]; + scheduleA[0][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[0][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[0][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; -Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; + scheduleA[1] = new Array(4); + scheduleA[1][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[1][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[1][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[1][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + O = P - if (p.inf) - return this; + scheduleA[2] = new Array(4); + scheduleA[2][0] = [4, 0, 0xd, 0xf, 0xc, 0xe, 8]; + scheduleA[2][1] = [5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa]; + scheduleA[2][2] = [6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9]; + scheduleA[2][3] = [7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb]; - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); + scheduleA[3] = new Array(4); + scheduleA[3][0] = [0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0]; + scheduleA[3][1] = [1, 4, 0, 2, 1, 3, 16 + 2]; + scheduleA[3][2] = [2, 5, 7, 6, 5, 4, 16 + 1]; + scheduleA[3][3] = [3, 7, 0xa, 9, 0xb, 8, 16 + 3]; - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); + const scheduleB = new Array(4); - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; + scheduleB[0] = new Array(4); + scheduleB[0][0] = [16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2]; + scheduleB[0][1] = [16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6]; + scheduleB[0][2] = [16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9]; + scheduleB[0][3] = [16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc]; -Point.prototype.dbl = function dbl() { - if (this.inf) - return this; + scheduleB[1] = new Array(4); + scheduleB[1][0] = [3, 2, 0xc, 0xd, 8]; + scheduleB[1][1] = [1, 0, 0xe, 0xf, 0xd]; + scheduleB[1][2] = [7, 6, 8, 9, 3]; + scheduleB[1][3] = [5, 4, 0xa, 0xb, 7]; - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - var a = this.curve.a; + scheduleB[2] = new Array(4); + scheduleB[2][0] = [16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9]; + scheduleB[2][1] = [16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc]; + scheduleB[2][2] = [16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2]; + scheduleB[2][3] = [16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6]; - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); -}; + scheduleB[3] = new Array(4); + scheduleB[3][0] = [8, 9, 7, 6, 3]; + scheduleB[3][1] = [0xa, 0xb, 5, 4, 7]; + scheduleB[3][2] = [0xc, 0xd, 3, 2, 8]; + scheduleB[3][3] = [0xe, 0xf, 1, 0, 0xd]; -Point.prototype.getX = function getX() { - return this.x.fromRed(); -}; + // changed 'in' to 'inn' (in javascript 'in' is a reserved word) + this.keySchedule = function(inn) { + const t = new Array(8); + const k = new Array(32); -Point.prototype.getY = function getY() { - return this.y.fromRed(); -}; + let j; -Point.prototype.mul = function mul(k) { - k = new bn(k, 16); - if (this.isInfinity()) - return this; - else if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); -}; + for (let i = 0; i < 4; i++) { + j = i * 4; + t[i] = (inn[j] << 24) | (inn[j + 1] << 16) | (inn[j + 2] << 8) | inn[j + 3]; + } -Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); -}; + const x = [6, 7, 4, 5]; + let ki = 0; + let w; -Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs, true); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2, true); -}; + for (let half = 0; half < 2; half++) { + for (let round = 0; round < 4; round++) { + for (j = 0; j < 4; j++) { + const a = scheduleA[round][j]; + w = t[a[1]]; -Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); -}; + w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; + w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; + w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; + w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; + w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; + t[a[0]] = w; + } -Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; + for (j = 0; j < 4; j++) { + const b = scheduleB[round][j]; + w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) + w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; + w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; + w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; + w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; + k[ki] = w; + ki++; + } } - }; - } - return res; -}; + } -Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); + for (let i = 0; i < 16; i++) { + this.masking[i] = k[i]; + this.rotate[i] = k[16 + i] & 0x1f; + } + }; - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; -}; + // These are the three 'f' functions. See RFC 2144, section 2.2. -function JPoint(curve, x, y, z) { - base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); + function f1(d, m, r) { + const t = m + d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - - this.zOne = this.z === this.curve.one; -} -inherits_browser(JPoint, base.BasePoint); - -ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); -}; - -JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); - - return this.curve.point(ax, ay); -}; -JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); -}; - -JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; - - // P + O = P - if (p.isInfinity()) - return this; + function f2(d, m, r) { + const t = m ^ d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; + } - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); + function f3(d, m, r) { + const t = m - d; + const I = (t << r) | (t >>> (32 - r)); + return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; } - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + const sBox = new Array(8); + sBox[0] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf + ]; + + sBox[1] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1 + ]; - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); + sBox[2] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783 + ]; - return this.curve.jpoint(nx, ny, nz); -}; + sBox[3] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2 + ]; -JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); + sBox[4] = [ + 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, + 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, + 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, + 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, + 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, + 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, + 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, + 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, + 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, + 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, + 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, + 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, + 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, + 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, + 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, + 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, + 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, + 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, + 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, + 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, + 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, + 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, + 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, + 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, + 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, + 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, + 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, + 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, + 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, + 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, + 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, + 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4 + ]; - // P + O = P - if (p.isInfinity()) - return this; + sBox[5] = [ + 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, + 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, + 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, + 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, + 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, + 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, + 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, + 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, + 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, + 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, + 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, + 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, + 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, + 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, + 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, + 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, + 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, + 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, + 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, + 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, + 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, + 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, + 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, + 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, + 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, + 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, + 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, + 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, + 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, + 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, + 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, + 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f + ]; - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); - - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } + sBox[6] = [ + 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, + 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, + 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, + 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, + 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, + 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, + 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, + 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, + 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, + 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, + 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, + 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, + 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, + 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, + 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, + 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, + 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, + 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, + 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, + 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, + 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, + 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, + 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, + 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, + 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, + 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, + 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, + 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, + 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, + 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, + 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, + 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3 + ]; - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); + sBox[7] = [ + 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, + 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, + 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, + 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, + 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, + 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, + 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, + 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, + 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, + 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, + 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, + 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, + 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, + 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, + 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, + 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, + 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, + 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, + 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, + 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, + 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, + 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, + 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, + 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, + 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, + 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, + 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, + 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, + 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, + 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, + 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, + 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e + ]; +} - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); +function CAST5(key) { + this.cast5 = new OpenPGPSymEncCAST5(); + this.cast5.setKey(key); - return this.curve.jpoint(nx, ny, nz); -}; + this.encrypt = function(block) { + return this.cast5.encrypt(block); + }; +} -JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); +CAST5.blockSize = CAST5.prototype.blockSize = 8; +CAST5.keySize = CAST5.prototype.keySize = 16; - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; - } +/* eslint-disable no-mixed-operators, no-fallthrough */ - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); +/* Modified by Recurity Labs GmbH + * + * Cipher.js + * A block-cipher algorithm implementation on JavaScript + * See Cipher.readme.txt for further information. + * + * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] + * This script file is distributed under the LGPL + * + * ACKNOWLEDGMENT + * + * The main subroutines are written by Michiel van Everdingen. + * + * Michiel van Everdingen + * http://home.versatel.nl/MAvanEverdingen/index.html + * + * All rights for these routines are reserved to Michiel van Everdingen. + * + */ - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//Math +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); +const MAXINT = 0xFFFFFFFF; - jx = nx; - jz = nz; - jyd = dny; - } +function rotw(w, n) { + return (w << n | w >>> (32 - n)) & MAXINT; +} - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); -}; +function getW(a, i) { + return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; +} -JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; +function setW(a, i, w) { + a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); +} - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); -}; +function getB(x, n) { + return (x >>> (n * 8)) & 0xFF; +} -JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); - - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); - - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); - - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } - - return this.curve.jpoint(nx, ny, nz); -}; +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// Twofish +// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); -}; +function createTwofish() { + // + let keyBytes = null; + let dataBytes = null; + let dataOffset = -1; + // var dataLength = -1; + // var idx2 = -1; + // -JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; + let tfsKey = []; + let tfsM = [ + [], + [], + [], + [] + ]; - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); + function tfsInit(key) { + keyBytes = key; + let i; + let a; + let b; + let c; + let d; + const meKey = []; + const moKey = []; + const inKey = []; + let kLen; + const sKey = []; + let f01; + let f5b; + let fef; - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); + const q0 = [ + [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], + [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] + ]; + const q1 = [ + [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], + [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] + ]; + const q2 = [ + [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], + [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] + ]; + const q3 = [ + [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], + [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] + ]; + const ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; + const ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; + const q = [ + [], + [] + ]; + const m = [ + [], + [], + [], + [] + ]; - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); + function ffm5b(x) { + return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; + } - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); + function ffmEf(x) { + return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; + } - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); + function mdsRem(p, q) { + let i; + let t; + let u; + for (i = 0; i < 8; i++) { + t = q >>> 24; + q = ((q << 8) & MAXINT) | p >>> 24; + p = (p << 8) & MAXINT; + u = t << 1; + if (t & 128) { + u ^= 333; + } + q ^= t ^ (u << 16); + u ^= t >>> 1; + if (t & 1) { + u ^= 166; + } + q ^= u << 24 | u << 8; + } + return q; + } - return this.curve.jpoint(nx, ny, nz); -}; + function qp(n, x) { + const a = x >> 4; + const b = x & 15; + const c = q0[n][a ^ b]; + const d = q1[n][ror4[b] ^ ashx[a]]; + return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; + } -JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); - - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... - - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); - - return this.curve.jpoint(nx, ny, nz); -}; + function hFun(x, key) { + let a = getB(x, 0); + let b = getB(x, 1); + let c = getB(x, 2); + let d = getB(x, 3); + switch (kLen) { + case 4: + a = q[1][a] ^ getB(key[3], 0); + b = q[0][b] ^ getB(key[3], 1); + c = q[0][c] ^ getB(key[3], 2); + d = q[1][d] ^ getB(key[3], 3); + case 3: + a = q[1][a] ^ getB(key[2], 0); + b = q[1][b] ^ getB(key[2], 1); + c = q[0][c] ^ getB(key[2], 2); + d = q[0][d] ^ getB(key[2], 3); + case 2: + a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); + b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); + c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); + d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); + } + return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; + } -JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); + keyBytes = keyBytes.slice(0, 32); + i = keyBytes.length; + while (i !== 16 && i !== 24 && i !== 32) { + keyBytes[i++] = 0; + } - return this.curve._wnafMul(this, k); -}; + for (i = 0; i < keyBytes.length; i += 4) { + inKey[i >> 2] = getW(keyBytes, i); + } + for (i = 0; i < 256; i++) { + q[0][i] = qp(0, i); + q[1][i] = qp(1, i); + } + for (i = 0; i < 256; i++) { + f01 = q[1][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); + m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); + f01 = q[0][i]; + f5b = ffm5b(f01); + fef = ffmEf(f01); + m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); + m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); + } -JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); + kLen = inKey.length / 2; + for (i = 0; i < kLen; i++) { + a = inKey[i + i]; + meKey[i] = a; + b = inKey[i + i + 1]; + moKey[i] = b; + sKey[kLen - i - 1] = mdsRem(a, b); + } + for (i = 0; i < 40; i += 2) { + a = 0x1010101 * i; + b = a + 0x1010101; + a = hFun(a, meKey); + b = rotw(hFun(b, moKey), 8); + tfsKey[i] = (a + b) & MAXINT; + tfsKey[i + 1] = rotw(a + 2 * b, 9); + } + for (i = 0; i < 256; i++) { + a = b = c = d = i; + switch (kLen) { + case 4: + a = q[1][a] ^ getB(sKey[3], 0); + b = q[0][b] ^ getB(sKey[3], 1); + c = q[0][c] ^ getB(sKey[3], 2); + d = q[1][d] ^ getB(sKey[3], 3); + case 3: + a = q[1][a] ^ getB(sKey[2], 0); + b = q[1][b] ^ getB(sKey[2], 1); + c = q[0][c] ^ getB(sKey[2], 2); + d = q[0][d] ^ getB(sKey[2], 3); + case 2: + tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; + tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; + tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; + tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; + } + } + } - if (this === p) - return true; + function tfsG0(x) { + return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; + } - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; + function tfsG1(x) { + return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; + } - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; -}; + function tfsFrnd(r, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); + blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); + blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; + } -JPoint.prototype.eqXToP = function eqXToP(x) { - var zs = this.z.redSqr(); - var rx = x.toRed(this.curve.red).redMul(zs); - if (this.x.cmp(rx) === 0) - return true; + function tfsIrnd(i, blk) { + let a = tfsG0(blk[0]); + let b = tfsG1(blk[1]); + blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; + blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); + a = tfsG0(blk[2]); + b = tfsG1(blk[3]); + blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; + blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); + } - var xc = x.clone(); - var t = this.curve.redN.redMul(zs); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; + function tfsClose() { + tfsKey = []; + tfsM = [ + [], + [], + [], + [] + ]; + } - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; + function tfsEncrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], + getW(dataBytes, dataOffset + 4) ^ tfsKey[1], + getW(dataBytes, dataOffset + 8) ^ tfsKey[2], + getW(dataBytes, dataOffset + 12) ^ tfsKey[3]]; + for (let j = 0; j < 8; j++) { + tfsFrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); + dataOffset += 16; + return dataBytes; } -}; -JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + function tfsDecrypt(data, offset) { + dataBytes = data; + dataOffset = offset; + const blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], + getW(dataBytes, dataOffset + 4) ^ tfsKey[5], + getW(dataBytes, dataOffset + 8) ^ tfsKey[6], + getW(dataBytes, dataOffset + 12) ^ tfsKey[7]]; + for (let j = 7; j >= 0; j--) { + tfsIrnd(j, blk); + } + setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); + setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); + setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); + setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); + dataOffset += 16; + } -JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; + // added by Recurity Labs -function MontCurve(conf) { - base.call(this, 'mont', conf); + function tfsFinal() { + return dataBytes; + } - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - // Note: this implementation is according to the original paper - // by P. Montgomery, NOT the one by D. J. Bernstein. - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); + return { + name: 'twofish', + blocksize: 128 / 8, + open: tfsInit, + close: tfsClose, + encrypt: tfsEncrypt, + decrypt: tfsDecrypt, + // added by Recurity Labs + finalize: tfsFinal + }; } -inherits_browser(MontCurve, base); -var mont = MontCurve; -MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); +// added by Recurity Labs - return y.redSqr().cmp(rhs) === 0; -}; +function TF(key) { + this.tf = createTwofish(); + this.tf.open(Array.from(key), 0); -function Point$1(curve, x, z) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } + this.encrypt = function(block) { + return this.tf.encrypt(Array.from(block), 0); + }; } -inherits_browser(Point$1, base.BasePoint); - -MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) { - var bytes = utils_1$1.toArray(bytes, enc); - - // TODO Curve448 - // Montgomery curve points must be represented in the compressed format - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (bytes.length === 33 && bytes[0] === 0x40) - bytes = bytes.slice(1, 33).reverse(); // point must be little-endian - if (bytes.length !== 32) - throw new Error('Unknown point compression format'); - return this.point(bytes, 1); -}; - -MontCurve.prototype.point = function point(x, z) { - return new Point$1(this, x, z); -}; - -MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$1.fromJSON(this, obj); -}; - -Point$1.prototype.precompute = function precompute() { - // No-op -}; - -Point$1.prototype._encode = function _encode(compact) { - var len = this.curve.p.byteLength(); - - // Note: the output should always be little-endian - // https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#appendix-B - if (compact) { - return [ 0x40 ].concat(this.getX().toArray('le', len)); - } else { - return this.getX().toArray('be', len); - } -}; - -Point$1.fromJSON = function fromJSON(curve, obj) { - return new Point$1(curve, obj[0], obj[1] || curve.one); -}; - -Point$1.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; -Point$1.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; +TF.keySize = TF.prototype.keySize = 32; +TF.blockSize = TF.prototype.blockSize = 16; -Point$1.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A - - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); -}; +/* Modified by Recurity Labs GmbH + * + * Originally written by nklein software (nklein.com) + */ -Point$1.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); -}; +/* + * Javascript implementation based on Bruce Schneier's reference implementation. + * + * + * The constructor doesn't do much of anything. It's just here + * so we can start defining properties and methods and such. + */ +function Blowfish() {} -Point$1.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A - - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); -}; +/* + * Declare the block size so that protocols know what size + * Initialization Vector (IV) they will need. + */ +Blowfish.prototype.BLOCKSIZE = 8; -Point$1.prototype.mul = function mul(k) { - k = new bn(k, 16); +/* + * These are the default SBOXES. + */ +Blowfish.prototype.SBOXES = [ + [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + ], + [ + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + ], + [ + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + ], + [ + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + ] +]; - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q +//* +//* This is the default PARRAY +//* +Blowfish.prototype.PARRAY = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b +]; - for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1)) - bits.push(t.andln(1)); +//* +//* This is the number of rounds the cipher will go +//* +Blowfish.prototype.NN = 16; - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); - } +//* +//* This function is needed to get rid of problems +//* with the high-bit getting set. If we don't do +//* this, then sometimes ( aa & 0x00FFFFFFFF ) is not +//* equal to ( bb & 0x00FFFFFFFF ) even when they +//* agree bit-for-bit for the first 32 bits. +//* +Blowfish.prototype._clean = function(xx) { + if (xx < 0) { + const yy = xx & 0x7FFFFFFF; + xx = yy + 0x80000000; } - return b; -}; - -Point$1.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.jumlAdd = function jumlAdd() { - throw new Error('Not supported on Montgomery curve'); -}; - -Point$1.prototype.eq = function eq(other) { - return this.getX().cmp(other.getX()) === 0; -}; - -Point$1.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; -}; - -Point$1.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); - - return this.x.fromRed(); + return xx; }; -var assert$4 = utils_1$1.assert; - -function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - - base.call(this, 'edwards', conf); - - this.a = new bn(conf.a, 16).umod(this.red.m); - this.a = this.a.toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); +//* +//* This is the mixing function that uses the sboxes +//* +Blowfish.prototype._F = function(xx) { + let yy; - assert$4(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; -} -inherits_browser(EdwardsCurve, base); -var edwards = EdwardsCurve; + const dd = xx & 0x00FF; + xx >>>= 8; + const cc = xx & 0x00FF; + xx >>>= 8; + const bb = xx & 0x00FF; + xx >>>= 8; + const aa = xx & 0x00FF; -EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); -}; + yy = this.sboxes[0][aa] + this.sboxes[1][bb]; + yy ^= this.sboxes[2][cc]; + yy += this.sboxes[3][dd]; -EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); + return yy; }; -// Just for compatibility with Short curve -EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); -}; +//* +//* This method takes an array with two values, left and right +//* and does NN rounds of Blowfish on them. +//* +Blowfish.prototype._encryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; -EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); + let ii; - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); + for (ii = 0; ii < this.NN; ++ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; - var y2 = rhs.redMul(lhs.redInvm()); - var y = y2.redSqrt(); - if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); + dataL ^= this.parray[this.NN + 0]; + dataR ^= this.parray[this.NN + 1]; - return this.point(x, y); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; -EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) { - y = new bn(y, 16); - if (!y.red) - y = y.toRed(this.red); - - // x^2 = (y^2 - c^2) / (c^2 d y^2 - a) - var y2 = y.redSqr(); - var lhs = y2.redSub(this.c2); - var rhs = y2.redMul(this.d).redMul(this.c2).redSub(this.a); - var x2 = lhs.redMul(rhs.redInvm()); - - if (x2.cmp(this.zero) === 0) { - if (odd) - throw new Error('invalid point'); - else - return this.point(this.zero, y); +//* +//* This method takes a vector of numbers and turns them +//* into long words so that they can be processed by the +//* real algorithm. +//* +//* Maybe I should make the real algorithm above take a vector +//* instead. That will involve more looping, but it won't require +//* the F() method to deconstruct the vector. +//* +Blowfish.prototype.encryptBlock = function(vector) { + let ii; + const vals = [0, 0]; + const off = this.BLOCKSIZE / 2; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); + vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); } - var x = x2.redSqrt(); - if (x.redSqr().redSub(x2).cmp(this.zero) !== 0) - throw new Error('invalid point'); + this._encryptBlock(vals); - if (x.fromRed().isOdd() !== odd) - x = x.redNeg(); + const ret = []; + for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { + ret[ii + 0] = ((vals[0] >>> (24 - 8 * (ii))) & 0x00FF); + ret[ii + off] = ((vals[1] >>> (24 - 8 * (ii))) & 0x00FF); + // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); + // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); + } - return this.point(x, y); + return ret; }; -EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; - - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); - - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - - return lhs.cmp(rhs) === 0; -}; +//* +//* This method takes an array with two values, left and right +//* and undoes NN rounds of Blowfish on them. +//* +Blowfish.prototype._decryptBlock = function(vals) { + let dataL = vals[0]; + let dataR = vals[1]; -function Point$2(curve, x, y, z, t) { - base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; - - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } -} -inherits_browser(Point$2, base.BasePoint); - -EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point$2.fromJSON(this, obj); -}; + let ii; -EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point$2(this, x, y, z, t); -}; + for (ii = this.NN + 1; ii > 1; --ii) { + dataL ^= this.parray[ii]; + dataR = this._F(dataL) ^ dataR; -Point$2.fromJSON = function fromJSON(curve, obj) { - return new Point$2(curve, obj[0], obj[1], obj[2]); -}; + const tmp = dataL; + dataL = dataR; + dataR = tmp; + } -Point$2.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + dataL ^= this.parray[1]; + dataR ^= this.parray[0]; -Point$2.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - (this.y.cmp(this.z) === 0 || - (this.zOne && this.y.cmp(this.curve.c) === 0)); + vals[0] = this._clean(dataR); + vals[1] = this._clean(dataL); }; -Point$2.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S - - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; +//* +//* This method takes a key array and initializes the +//* sboxes and parray for this encryption. +//* +Blowfish.prototype.init = function(key) { + let ii; + let jj = 0; -Point$2.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S - - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); - - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); + this.parray = []; + for (ii = 0; ii < this.NN + 2; ++ii) { + let data = 0x00000000; + for (let kk = 0; kk < 4; ++kk) { + data = (data << 8) | (key[jj] & 0x00FF); + if (++jj >= key.length) { + jj = 0; + } } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.z).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); -}; - -Point$2.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; - - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); -}; - -Point$2.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M - - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; - -Point$2.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); + this.parray[ii] = this.PARRAY[ii] ^ data; } - return this.curve.point(nx, ny, nz); -}; -Point$2.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; - - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); -}; + this.sboxes = []; + for (ii = 0; ii < 4; ++ii) { + this.sboxes[ii] = []; + for (jj = 0; jj < 256; ++jj) { + this.sboxes[ii][jj] = this.SBOXES[ii][jj]; + } + } -Point$2.prototype.mul = function mul(k) { - if (this._hasDoubles(k)) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); -}; + const vals = [0x00000000, 0x00000000]; -Point$2.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false); -}; + for (ii = 0; ii < this.NN + 2; ii += 2) { + this._encryptBlock(vals); + this.parray[ii + 0] = vals[0]; + this.parray[ii + 1] = vals[1]; + } -Point$2.prototype.jmulAdd = function jmulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true); + for (ii = 0; ii < 4; ++ii) { + for (jj = 0; jj < 256; jj += 2) { + this._encryptBlock(vals); + this.sboxes[ii][jj + 0] = vals[0]; + this.sboxes[ii][jj + 1] = vals[1]; + } + } }; -Point$2.prototype.normalize = function normalize() { - if (this.zOne) - return this; - - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; -}; +// added by Recurity Labs +function BF(key) { + this.bf = new Blowfish(); + this.bf.init(key); -Point$2.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); -}; + this.encrypt = function(block) { + return this.bf.encryptBlock(block); + }; +} -Point$2.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); -}; +BF.keySize = BF.prototype.keySize = 16; +BF.blockSize = BF.prototype.blockSize = 8; -Point$2.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); -}; +/** + * This file is needed to dynamic import the legacy ciphers. + * Separate dynamic imports are not convenient as they result in multiple chunks. + */ -Point$2.prototype.eq = function eq(other) { - return this === other || - this.getX().cmp(other.getX()) === 0 && - this.getY().cmp(other.getY()) === 0; -}; -Point$2.prototype.eqXToP = function eqXToP(x) { - var rx = x.toRed(this.curve.red).redMul(this.z); - if (this.x.cmp(rx) === 0) - return true; +const legacyCiphers = new Map([ + [enums.symmetric.tripledes, TripleDES], + [enums.symmetric.cast5, CAST5], + [enums.symmetric.blowfish, BF], + [enums.symmetric.twofish, TF] +]); - var xc = x.clone(); - var t = this.curve.redN.redMul(this.z); - for (;;) { - xc.iadd(this.curve.n); - if (xc.cmp(this.curve.p) >= 0) - return false; +var legacy_ciphers = /*#__PURE__*/Object.freeze({ + __proto__: null, + legacyCiphers: legacyCiphers +}); - rx.redIAdd(t); - if (this.x.cmp(rx) === 0) - return true; - } -}; +// SHA1 (RFC 3174). It was cryptographically broken: prefer newer algorithms. +// Initial state +const SHA1_IV = /* @__PURE__ */ new Uint32Array([ + 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0, +]); +// Temporary buffer, not used to store anything between runs +// Named this way because it matches specification. +const SHA1_W = /* @__PURE__ */ new Uint32Array(80); +class SHA1 extends HashMD { + constructor() { + super(64, 20, 8, false); + this.A = SHA1_IV[0] | 0; + this.B = SHA1_IV[1] | 0; + this.C = SHA1_IV[2] | 0; + this.D = SHA1_IV[3] | 0; + this.E = SHA1_IV[4] | 0; + } + get() { + const { A, B, C, D, E } = this; + return [A, B, C, D, E]; + } + set(A, B, C, D, E) { + this.A = A | 0; + this.B = B | 0; + this.C = C | 0; + this.D = D | 0; + this.E = E | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + SHA1_W[i] = view.getUint32(offset, false); + for (let i = 16; i < 80; i++) + SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1); + // Compression function main loop, 80 rounds + let { A, B, C, D, E } = this; + for (let i = 0; i < 80; i++) { + let F, K; + if (i < 20) { + F = Chi(B, C, D); + K = 0x5a827999; + } + else if (i < 40) { + F = B ^ C ^ D; + K = 0x6ed9eba1; + } + else if (i < 60) { + F = Maj(B, C, D); + K = 0x8f1bbcdc; + } + else { + F = B ^ C ^ D; + K = 0xca62c1d6; + } + const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) | 0; + E = D; + D = C; + C = rotl(B, 30); + B = A; + A = T; + } + // Add the compressed chunk to the current hash value + A = (A + this.A) | 0; + B = (B + this.B) | 0; + C = (C + this.C) | 0; + D = (D + this.D) | 0; + E = (E + this.E) | 0; + this.set(A, B, C, D, E); + } + roundClean() { + SHA1_W.fill(0); + } + destroy() { + this.set(0, 0, 0, 0, 0); + this.buffer.fill(0); + } +} +/** + * SHA1 (RFC 3174) hash function. + * It was cryptographically broken: prefer newer algorithms. + * @param message - data that would be hashed + */ +const sha1 = /* @__PURE__ */ wrapConstructor(() => new SHA1()); + +// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html +// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf +const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]); +const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i)); +const Pi = /* @__PURE__ */ Id.map((i) => (9 * i + 5) % 16); +let idxL = [Id]; +let idxR = [Pi]; +for (let i = 0; i < 4; i++) + for (let j of [idxL, idxR]) + j.push(j[i].map((k) => Rho[k])); +const shifts = /* @__PURE__ */ [ + [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], + [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7], + [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9], + [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6], + [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5], +].map((i) => new Uint8Array(i)); +const shiftsL = /* @__PURE__ */ idxL.map((idx, i) => idx.map((j) => shifts[i][j])); +const shiftsR = /* @__PURE__ */ idxR.map((idx, i) => idx.map((j) => shifts[i][j])); +const Kl = /* @__PURE__ */ new Uint32Array([ + 0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e, +]); +const Kr = /* @__PURE__ */ new Uint32Array([ + 0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000, +]); +// It's called f() in spec. +function f(group, x, y, z) { + if (group === 0) + return x ^ y ^ z; + else if (group === 1) + return (x & y) | (~x & z); + else if (group === 2) + return (x | ~y) ^ z; + else if (group === 3) + return (x & z) | (y & ~z); + else + return x ^ (y | ~z); +} +// Temporary buffer, not used to store anything between runs +const R_BUF = /* @__PURE__ */ new Uint32Array(16); +class RIPEMD160 extends HashMD { + constructor() { + super(64, 20, 8, true); + this.h0 = 0x67452301 | 0; + this.h1 = 0xefcdab89 | 0; + this.h2 = 0x98badcfe | 0; + this.h3 = 0x10325476 | 0; + this.h4 = 0xc3d2e1f0 | 0; + } + get() { + const { h0, h1, h2, h3, h4 } = this; + return [h0, h1, h2, h3, h4]; + } + set(h0, h1, h2, h3, h4) { + this.h0 = h0 | 0; + this.h1 = h1 | 0; + this.h2 = h2 | 0; + this.h3 = h3 | 0; + this.h4 = h4 | 0; + } + process(view, offset) { + for (let i = 0; i < 16; i++, offset += 4) + R_BUF[i] = view.getUint32(offset, true); + // prettier-ignore + let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el; + // Instead of iterating 0 to 80, we split it into 5 groups + // And use the groups in constants, functions, etc. Much simpler + for (let group = 0; group < 5; group++) { + const rGroup = 4 - group; + const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore + const rl = idxL[group], rr = idxR[group]; // prettier-ignore + const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore + for (let i = 0; i < 16; i++) { + const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) | 0; + al = el, el = dl, dl = rotl(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore + } + // 2 loops are 10% faster + for (let i = 0; i < 16; i++) { + const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) | 0; + ar = er, er = dr, dr = rotl(cr, 10) | 0, cr = br, br = tr; // prettier-ignore + } + } + // Add the compressed chunk to the current hash value + this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0); + } + roundClean() { + R_BUF.fill(0); + } + destroy() { + this.destroyed = true; + this.buffer.fill(0); + this.set(0, 0, 0, 0, 0); + } +} +/** + * RIPEMD-160 - a hash function from 1990s. + * @param message - msg that would be hashed + */ +const ripemd160 = /* @__PURE__ */ wrapConstructor(() => new RIPEMD160()); -// Compatibility with BaseCurve -Point$2.prototype.toP = Point$2.prototype.normalize; -Point$2.prototype.mixedAdd = Point$2.prototype.add; +/** + * This file is needed to dynamic import the noble-hashes. + * Separate dynamic imports are not convenient as they result in too many chunks, + * which share a lot of code anyway. + */ -var curve_1 = createCommonjsModule(function (module, exports) { -var curve = exports; +const nobleHashes = new Map(Object.entries({ + sha1, + sha224, + sha256, + sha384, + sha512, + sha3_256, + sha3_512, + ripemd160 +})); -curve.base = base; -curve.short = short_1; -curve.mont = mont; -curve.edwards = edwards; +var noble_hashes = /*#__PURE__*/Object.freeze({ + __proto__: null, + nobleHashes: nobleHashes }); -var rotl32$2 = utils.rotl32; -var sum32$3 = utils.sum32; -var sum32_5$2 = utils.sum32_5; -var ft_1$1 = common$1.ft_1; -var BlockHash$4 = common.BlockHash; - -var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 -]; +// Adapted from the reference implementation in RFC7693 +// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes -function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); +// Uint64 values are represented using two Uint32s, stored as little endian +// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays +// need to be manually handled - BlockHash$4.call(this); - this.h = [ - 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); +// 64-bit unsigned addition (little endian, in place) +// Sets a[i,i+1] += b[j,j+1] +// `a` and `b` must be Uint32Array(2) +function ADD64 (a, i, b, j) { + a[i] += b[j]; + a[i+1] += b[j+1] + (a[i] < b[j]); // add carry } -utils.inherits(SHA1, BlockHash$4); -var _1 = SHA1; +// Increment 64-bit little-endian unsigned value by `c` (in place) +// `a` must be Uint32Array(2) +function INC64 (a, c) { + a[0] += c; + a[1] += (a[0] < c); +} -SHA1.blockSize = 512; -SHA1.outSize = 160; -SHA1.hmacStrength = 80; -SHA1.padLength = 64; +// G Mixing function +// The ROTRs are inlined for speed +function G$1 (v, m, a, b, c, d, ix, iy) { + ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1] + ADD64(v, a, m, ix); // v[a, a+1] += x ... x0 -SHA1.prototype._update = function _update(msg, start) { - var W = this.W; + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits + let xor0 = v[d] ^ v[a]; + let xor1 = v[d + 1] ^ v[a + 1]; + v[d] = xor1; + v[d + 1] = xor0; - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; + ADD64(v, c, v, d); - for(; i < W.length; i++) - W[i] = rotl32$2(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor0 >>> 24) ^ (xor1 << 8); + v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8); - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; + ADD64(v, a, v, b); + ADD64(v, a, m, iy); - for (i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5$2(rotl32$2(a, 5), ft_1$1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32$2(b, 30); - b = a; - a = t; - } + // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits + xor0 = v[d] ^ v[a]; + xor1 = v[d + 1] ^ v[a + 1]; + v[d] = (xor0 >>> 16) ^ (xor1 << 16); + v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16); - this.h[0] = sum32$3(this.h[0], a); - this.h[1] = sum32$3(this.h[1], b); - this.h[2] = sum32$3(this.h[2], c); - this.h[3] = sum32$3(this.h[3], d); - this.h[4] = sum32$3(this.h[4], e); -}; + ADD64(v, c, v, d); -SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; + // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits + xor0 = v[b] ^ v[c]; + xor1 = v[b + 1] ^ v[c + 1]; + v[b] = (xor1 >>> 31) ^ (xor0 << 1); + v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1); +} -var sha1 = _1; -var sha224 = _224; -var sha256 = _256; -var sha384 = _384; -var sha512 = _512; - -var sha = { - sha1: sha1, - sha224: sha224, - sha256: sha256, - sha384: sha384, - sha512: sha512 -}; +// Initialization Vector +const BLAKE2B_IV32 = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 +]); -function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; - - this._init(utils.toArray(key, enc)); -} -var hmac = Hmac; - -Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - minimalisticAssert(key.length <= this.blockSize); - - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); - - for (i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); - - // 0x36 ^ 0x5c = 0x6a - for (i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); -}; +// These are offsets into a Uint64 buffer. +// Multiply them all by 2 to make them offsets into a Uint32 buffer +const SIGMA = new Uint8Array([ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 +].map(x => x * 2)); + +// Compression function. 'last' flag indicates last block. +// Note: we're representing 16 uint64s as 32 uint32s +function compress(S, last) { + const v = new Uint32Array(32); + const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32); + + // init work variables + for (let i = 0; i < 16; i++) { + v[i] = S.h[i]; + v[i + 16] = BLAKE2B_IV32[i]; + } + + // low 64 bits of offset + v[24] ^= S.t0[0]; + v[25] ^= S.t0[1]; + // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1 + + // if last block + const f0 = last ? 0xFFFFFFFF : 0; + v[28] ^= f0; + v[29] ^= f0; + + // twelve rounds of mixing + for (let i = 0; i < 12; i++) { + // ROUND(r) + const i16 = i << 4; + G$1(v, m, 0, 8, 16, 24, SIGMA[i16 + 0], SIGMA[i16 + 1]); + G$1(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]); + G$1(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]); + G$1(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]); + G$1(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]); + G$1(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]); + G$1(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]); + G$1(v, m, 6, 8, 18, 28, SIGMA[i16 + 14], SIGMA[i16 + 15]); + } + + for (let i = 0; i < 16; i++) { + S.h[i] ^= v[i] ^ v[i + 16]; + } +} + +// Creates a BLAKE2b hashing context +// Requires an output length between 1 and 64 bytes +// Takes an optional Uint8Array key +class Blake2b { + constructor(outlen, key, salt, personal) { + const params = new Uint8Array(64); + // 0: outlen, keylen, fanout, depth + // 4: leaf length, sequential mode + // 8: node offset + // 12: node offset + // 16: node depth, inner length, rfu + // 20: rfu + // 24: rfu + // 28: rfu + // 32: salt + // 36: salt + // 40: salt + // 44: salt + // 48: personal + // 52: personal + // 56: personal + // 60: personal + + // init internal state + this.S = { + b: new Uint8Array(BLOCKBYTES), + h: new Uint32Array(OUTBYTES_MAX / 4), + t0: new Uint32Array(2), // input counter `t`, lower 64-bits only + c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES` + outlen // output length in bytes + }; -Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); - return this; -}; + // init parameter block + params[0] = outlen; + if (key) params[1] = key.length; + params[2] = 1; // fanout + params[3] = 1; // depth + if (salt) params.set(salt, 32); + if (personal) params.set(personal, 48); + const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT); -Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); -}; + // initialize hash state + for (let i = 0; i < 16; i++) { + this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i]; + } -var hash_1 = createCommonjsModule(function (module, exports) { -var hash = exports; - -hash.utils = utils; -hash.common = common; -hash.sha = sha; -hash.ripemd = ripemd; -hash.hmac = hmac; - -// Proxy hash functions to the main object -hash.sha1 = hash.sha.sha1; -hash.sha256 = hash.sha.sha256; -hash.sha224 = hash.sha.sha224; -hash.sha384 = hash.sha.sha384; -hash.sha512 = hash.sha.sha512; -hash.ripemd160 = hash.ripemd.ripemd160; -}); + // key the hash, if applicable + if (key) { + const block = new Uint8Array(BLOCKBYTES); + block.set(key); + this.update(block); + } + } -var secp256k1 = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] + // Updates a BLAKE2b streaming hash + // Requires Uint8Array (byte array) + update(input) { + if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer') + // for (let i = 0; i < input.length; i++) { + // if (this.S.c === BLOCKBYTES) { // buffer full + // INC64(this.S.t0, this.S.c) // add counters + // compress(this.S, false) + // this.S.c = 0 // empty buffer + // } + // this.S.b[this.S.c++] = input[i] + // } + let i = 0; + while(i < input.length) { + if (this.S.c === BLOCKBYTES) { // buffer full + INC64(this.S.t0, this.S.c); // add counters + compress(this.S, false); + this.S.c = 0; // empty buffer + } + let left = BLOCKBYTES - this.S.c; + this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds + const fill = Math.min(left, input.length - i); + this.S.c += fill; + i += fill; + } + return this } -}; -var curves_1 = createCommonjsModule(function (module, exports) { + /** + * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one + * @param {Uint8Array} [prealloc] - optional preallocated buffer + * @returns {ArrayBuffer} message digest + */ + digest(prealloc) { + INC64(this.S.t0, this.S.c); // mark last block offset + + // final block, padded + this.S.b.fill(0, this.S.c); + this.S.c = BLOCKBYTES; + compress(this.S, true); + + const out = prealloc || new Uint8Array(this.S.outlen); + for (let i = 0; i < this.S.outlen; i++) { + // must be loaded individually since default Uint32 endianness is platform dependant + out[i] = this.S.h[i >> 2] >> (8 * (i & 3)); + } + this.S.h = null; // prevent calling `update` after `digest` + return out.buffer; + } +} -var curves = exports; +function createHash(outlen, key, salt, personal) { + if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`) + return new Blake2b(outlen, key, salt, personal) +} +const OUTBYTES_MAX = 64; +const BLOCKBYTES = 128; +const TYPE = 2; // Argon2id +const VERSION = 0x13; +const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1; +const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; +const SALTBYTES_MIN = 8; +const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const passwordBYTES_MIN = 8; +const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1; +const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional) +const SECRETBYTES_MAX = 32; // key (optional) -var assert = utils_1$1.assert; +const ARGON2_BLOCK_SIZE = 1024; +const ARGON2_PREHASH_DIGEST_LENGTH = 64; -function PresetCurve(options) { - if (options.type === 'short') - this.curve = new curve_1.short(options); - else if (options.type === 'edwards') - this.curve = new curve_1.edwards(options); - else if (options.type === 'mont') - this.curve = new curve_1.mont(options); - else throw new Error('Unknown curve type.'); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; +const isLittleEndian = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd; - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, n*G != O'); +// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3]) +function LE32(buf, n, i) { + buf[i+0] = n; + buf[i+1] = n >> 8; + buf[i+2] = n >> 16; + buf[i+3] = n >> 24; + return buf; } -curves.PresetCurve = PresetCurve; -function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } - }); +/** + * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7]) + * @param {Uint8Array} buf + * @param {Number} n + * @param {Number} i + */ +function LE64(buf, n, i) { + if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported"); + // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations + // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps) + // so we manually extract each byte + let remainder = n; + for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER + buf[offset] = remainder; // implicit & 0xff + remainder = (remainder - buf[offset]) / 256; + } + return buf; } -defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash_1.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] -}); +/** + * Variable-Length Hash Function H' + * @param {Number} outlen - T + * @param {Uint8Array} X - value to hash + * @param {Uint8Array} res - output buffer, of length `outlength` or larger + */ +function H_(outlen, X, res) { + const V = new Uint8Array(64); // no need to keep around all V_i -defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash_1.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] -}); + const V1_in = new Uint8Array(4 + X.length); + LE32(V1_in, outlen, 0); + V1_in.set(X, 4); + if (outlen <= 64) { + // H'^T(A) = H^T(LE32(T)||A) + createHash(outlen).update(V1_in).digest(res); + return res + } -defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash_1.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] -}); + const r = Math.ceil(outlen / 32) - 2; -defineCurve('p384', { - type: 'short', - prime: null, - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 ffffffff', - a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'fffffffe ffffffff 00000000 00000000 fffffffc', - b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' + - '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef', - n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' + - 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973', - hash: hash_1.sha384, - gRed: false, - g: [ - 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' + - '5502f25d bf55296c 3a545e38 72760ab7', - '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' + - '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f' - ] -}); + // Let V_i be a 64-byte block and W_i be its first 32 bytes. + // V_1 = H^(64)(LE32(T)||A) + // V_2 = H^(64)(V_1) + // ... + // V_r = H^(64)(V_{r-1}) + // V_{r+1} = H^(T-32*r)(V_{r}) + // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1} + for (let i = 0; i < r; i++) { + createHash(64).update(i === 0 ? V1_in : V).digest(V); + // store W_i in result buffer already + res.set(V.subarray(0, 32), i*32); + } + // V_{r+1} + const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest()); + res.set(V_r1, r*32); -defineCurve('p521', { - type: 'short', - prime: null, - p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff', - a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff ffffffff ffffffff fffffffc', - b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' + - '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' + - '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00', - n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' + - 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' + - 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409', - hash: hash_1.sha512, - gRed: false, - g: [ - '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' + - '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' + - 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66', - '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' + - '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' + - '3fad0761 353c7086 a272c240 88be9476 9fd16650' - ] -}); + return res; +} -// https://tools.ietf.org/html/rfc7748#section-4.1 -defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '1', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '9' - ] -}); +// compute buf = xs ^ ys +function XOR(wasmContext, buf, xs, ys) { + wasmContext.fn.XOR( + buf.byteOffset, + xs.byteOffset, + ys.byteOffset, + ); + return buf +} -defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - cofactor: '8', - hash: hash_1.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] -}); +/** + * @param {Uint8Array} X (read-only) + * @param {Uint8Array} Y (read-only) + * @param {Uint8Array} R - output buffer + * @returns + */ +function G(wasmContext, X, Y, R) { + wasmContext.fn.G( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} -// https://tools.ietf.org/html/rfc5639#section-3.4 -defineCurve('brainpoolP256r1', { - type: 'short', - prime: null, - p: 'A9FB57DB A1EEA9BC 3E660A90 9D838D72 6E3BF623 D5262028 2013481D 1F6E5377', - a: '7D5A0975 FC2C3057 EEF67530 417AFFE7 FB8055C1 26DC5C6C E94A4B44 F330B5D9', - b: '26DC5C6C E94A4B44 F330B5D9 BBD77CBF 95841629 5CF7E1CE 6BCCDC18 FF8C07B6', - n: 'A9FB57DB A1EEA9BC 3E660A90 9D838D71 8C397AA3 B561A6F7 901E0E82 974856A7', - hash: hash_1.sha256, // or 384, or 512 - gRed: false, - g: [ - '8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262', - '547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997' - ] -}); +function G2(wasmContext, X, Y, R) { + wasmContext.fn.G2( + X.byteOffset, + Y.byteOffset, + R.byteOffset, + wasmContext.refs.gZ.byteOffset + ); + return R; +} + +// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values. +function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) { + // For each segment, we do the following. First, we compute the value Z as: + // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) ) + wasmContext.refs.prngTmp.fill(0); + const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8); + LE64(Z, pass, 0); + LE64(Z, lane, 8); + LE64(Z, slice, 16); + LE64(Z, m_, 24); + LE64(Z, totalPasses, 32); + LE64(Z, TYPE, 40); + + // Then we compute q/(128*SL) 1024-byte values + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ), + // ..., + // G( ZERO(1024), + // G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )), + for(let i = 1; i <= segmentLength; i++) { + // tmp.set(Z); // no need to re-copy + LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed + const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR ); + + // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2 + // NB: the first generated pair must be used for the first block of the segment, and so on. + // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset. + for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) { + yield g2.subarray(k, k+8); + } + } + return []; +} + +function validateParams({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) { + const assertLength = (name, value, min, max) => { + if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); } + }; -// https://tools.ietf.org/html/rfc5639#section-3.6 -defineCurve('brainpoolP384r1', { - type: 'short', - prime: null, - p: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B4 12B1DA19 7FB71123' + - 'ACD3A729 901D1A71 87470013 3107EC53', - a: '7BC382C6 3D8C150C 3C72080A CE05AFA0 C2BEA28E 4FB22787 139165EF BA91F90F' + - '8AA5814A 503AD4EB 04A8C7DD 22CE2826', - b: '04A8C7DD 22CE2826 8B39B554 16F0447C 2FB77DE1 07DCD2A6 2E880EA5 3EEB62D5' + - '7CB43902 95DBC994 3AB78696 FA504C11', - n: '8CB91E82 A3386D28 0F5D6F7E 50E641DF 152F7109 ED5456B3 1F166E6C AC0425A7' + - 'CF3AB6AF 6B7FC310 3B883202 E9046565', - hash: hash_1.sha384, // or 512 - gRed: false, - g: [ - '1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10' + - 'E8E826E03436D646AAEF87B2E247D4AF1E', - '8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129' + - '280E4646217791811142820341263C5315' - ] -}); + if (type !== TYPE || version !== VERSION) throw new Error('Unsupported type or version'); + assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX); + assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX); + assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX); + assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX); + // optional fields + ad && assertLength('associated data', ad, 0, ADBYTES_MAX); + secret && assertLength('secret', secret, 0, SECRETBYTES_MAX); -// https://tools.ietf.org/html/rfc5639#section-3.7 -defineCurve('brainpoolP512r1', { - type: 'short', - prime: null, - p: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330871' + - '7D4D9B00 9BC66842 AECDA12A E6A380E6 2881FF2F 2D82C685 28AA6056 583A48F3', - a: '7830A331 8B603B89 E2327145 AC234CC5 94CBDD8D 3DF91610 A83441CA EA9863BC' + - '2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7 2BF2C7B9 E7C1AC4D 77FC94CA', - b: '3DF91610 A83441CA EA9863BC 2DED5D5A A8253AA1 0A2EF1C9 8B9AC8B5 7F1117A7' + - '2BF2C7B9 E7C1AC4D 77FC94CA DC083E67 984050B7 5EBAE5DD 2809BD63 8016F723', - n: 'AADD9DB8 DBE9C48B 3FD4E6AE 33C9FC07 CB308DB3 B3C9D20E D6639CCA 70330870' + - '553E5C41 4CA92619 41866119 7FAC1047 1DB1D381 085DDADD B5879682 9CA90069', - hash: hash_1.sha512, - gRed: false, - g: [ - '81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009' + - '8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822', - '7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81' + - '11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892' - ] -}); + return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes }; +} -// https://en.bitcoin.it/wiki/Secp256k1 -var pre; -try { - pre = secp256k1; -} catch (e) { - pre = undefined; -} - -defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash_1.sha256, - - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' - } - ], +const KB = 1024; +const WASM_PAGE_SIZE = 64 * KB; - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] -}); -}); +function argon2id(params, { memory, instance: wasmInstance }) { + if (!isLittleEndian) throw new Error('BigEndian system not supported'); // optmisations assume LE system -function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; + const ctx = validateParams({ type: TYPE, version: VERSION, ...params }); - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; + const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports; + const wasmRefs = {}; + const wasmFn = {}; + wasmFn.G = wasmG; + wasmFn.G2 = wasmG2; + wasmFn.XOR = wasmXOR; - this._reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; + // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p. + const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes)); + const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references + if (memory.buffer.byteLength < requiredMemory) { + const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE); + // If enough memory is available, the `memory.buffer` is internally detached and the reference updated. + // Otherwise, the operation fails, and the original memory can still be used. + memory.grow(missing); + } - var entropy = utils_1.toArray(options.entropy, options.entropyEnc || 'hex'); - var nonce = utils_1.toArray(options.nonce, options.nonceEnc || 'hex'); - var pers = utils_1.toArray(options.pers, options.persEnc || 'hex'); - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); -} -var hmacDrbg = HmacDRBG; + let offset = 0; + // Init wasm memory needed in other functions + wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length; + wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length; + wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length; + wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length; + // Init wasm memory needed locally + const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT; + const wasmContext = { fn: wasmFn, refs: wasmRefs }; + const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length; + const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE); + const allocatedMemory = new Uint8Array(memory.buffer, 0, offset); + + // 1. Establish H_0 + const H0 = getH0(ctx); + + // 2. Allocate the memory as m' 1024-byte blocks + // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns. + const q = m_ / ctx.lanes; + const B = new Array(ctx.lanes).fill(null).map(() => new Array(q)); + const initBlock = (i, j) => { + B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE); + return B[i][j]; + }; -HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); + for (let i = 0; i < ctx.lanes; i++) { + // const LEi = LE0; // since p = 1 for us + const tmp = new Uint8Array(H0.length + 8); + // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p + // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i)) + tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0)); + // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p + // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i)) + LE32(tmp, 1, H0.length); + H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1)); + } + + // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2 + // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes + // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc. + const SL = 4; // vertical slices + const segmentLength = q / SL; + for (let pass = 0; pass < ctx.passes; pass++) { + // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel + for (let sl = 0; sl < SL; sl++) { + const isDataIndependent = pass === 0 && sl <= 1; + for (let i = 0; i < ctx.lanes; i++) { // lane + // On the first slice of the first pass, blocks 0 and 1 are already filled + let segmentOffset = sl === 0 && pass === 0 ? 2 : 0; + // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory) + const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null; + for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) { + const j = sl * segmentLength + segmentOffset; + const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q] + + // we can assume the PRNG is never done + const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength); + const l = lz[0]; const z = lz[1]; + // for (let i = 0; i < p; i++ ) + // B[i][j] = G(B[i][j-1], B[l][z]) + // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id. + if (pass === 0) initBlock(i, j); + G(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]); + + // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one + if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]); + } + } + } + } + + // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column: + // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1] + const C = B[0][q-1]; + for(let i = 1; i < ctx.lanes; i++) { + XOR(wasmContext, C, C, B[i][q-1]); + } + + const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength)); + // clear memory since the module might be cached + allocatedMemory.fill(0); // clear sensitive contents + memory.grow(0); // allow deallocation + // 8. The output tag is computed as H'^T(C). + return tag; + +} + +function getH0(ctx) { + const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH); + const ZERO32 = new Uint8Array(4); + const params = new Uint8Array(24); + LE32(params, ctx.lanes, 0); + LE32(params, ctx.tagLength, 4); + LE32(params, ctx.memorySize, 8); + LE32(params, ctx.passes, 12); + LE32(params, ctx.version, 16); + LE32(params, ctx.type, 20); + + const toHash = [params]; + if (ctx.password) { + toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0)); + toHash.push(ctx.password); + } else { + toHash.push(ZERO32); // context.password.length + } - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; + if (ctx.salt) { + toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0)); + toHash.push(ctx.salt); + } else { + toHash.push(ZERO32); // context.salt.length } - this._update(seed); - this._reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 -}; + if (ctx.secret) { + toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0)); + toHash.push(ctx.secret); + // todo clear secret? + } else { + toHash.push(ZERO32); // context.secret.length + } -HmacDRBG.prototype._hmac = function hmac() { - return new hash_1.hmac(this.hash, this.K); -}; + if (ctx.ad) { + toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0)); + toHash.push(ctx.ad); + } else { + toHash.push(ZERO32); // context.ad.length + } + H.update(concatArrays(toHash)); -HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; + const outputBuffer = H.digest(); + return new Uint8Array(outputBuffer); +} - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); -}; +function concatArrays(arrays) { + if (arrays.length === 1) return arrays[0]; -HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; + let totalLength = 0; + for (let i = 0; i < arrays.length; i++) { + if (!(arrays[i] instanceof Uint8Array)) { + throw new Error('concatArrays: Data must be in the form of a Uint8Array'); + } + + totalLength += arrays[i].length; } - entropy = utils_1.toArray(entropy, entropyEnc); - add = utils_1.toArray(add, addEnc); + const result = new Uint8Array(totalLength); + let pos = 0; + arrays.forEach((element) => { + result.set(element, pos); + pos += element.length; + }); + + return result; +} + +let isSIMDSupported; +async function wasmLoader(memory, getSIMD, getNonSIMD) { + const importObject = { env: { memory } }; + if (isSIMDSupported === undefined) { + try { + const loaded = await getSIMD(importObject); + isSIMDSupported = true; + return loaded; + } catch(e) { + isSIMDSupported = false; + } + } - minimalisticAssert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); + const loader = isSIMDSupported ? getSIMD : getNonSIMD; + return loader(importObject); +} - this._update(entropy.concat(add || [])); - this._reseed = 1; -}; +async function setupWasm(getSIMD, getNonSIMD) { + const memory = new WebAssembly.Memory({ + // in pages of 64KiB each + // these values need to be compatible with those declared when building in `build-wasm` + initial: 1040, // 65MB + maximum: 65536, // 4GB + }); + const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD); -HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this._reseed > this.reseedInterval) - throw new Error('Reseed is required'); + /** + * Argon2id hash function + * @callback computeHash + * @param {Object} params + * @param {Uint8Array} params.password - password + * @param {Uint8Array} params.salt - salt + * @param {Integer} params.parallelism + * @param {Integer} params.passes + * @param {Integer} params.memorySize - in kibibytes + * @param {Integer} params.tagLength - output tag length + * @param {Uint8Array} [params.ad] - associated data (optional) + * @param {Uint8Array} [params.secret] - secret data (optional) + * @return {Uint8Array} argon2id hash + */ + const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory }); - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; - } + return computeHash; +} - // Optional additional data - if (add) { - add = utils_1.toArray(add, addEnc || 'hex'); - this._update(add); - } +function _loadWasmModule (sync, filepath, src, imports) { + function _instantiateOrCompile(source, imports, stream) { + var instantiateFunc = WebAssembly.instantiate; + var compileFunc = WebAssembly.compile; - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); + if (imports) { + return instantiateFunc(source, imports) + } else { + return compileFunc(source) + } } - var res = temp.slice(0, len); - this._update(add); - this._reseed++; - return utils_1.encode(res, enc); -}; + +var buf = null; + + +var raw = globalThis.atob(src); +var rawLength = raw.length; +buf = new Uint8Array(new ArrayBuffer(rawLength)); +for(var i = 0; i < rawLength; i++) { + buf[i] = raw.charCodeAt(i); +} -var assert$5 = utils_1$1.assert; -function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); + { + return _instantiateOrCompile(buf, imports) + } } -var key = KeyPair; -KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; +function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)} - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); -}; +function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)} -KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; +const loadWasm = async () => setupWasm( + (instanceObject) => wasmSIMD(instanceObject), + (instanceObject) => wasmNonSIMD(instanceObject), +); - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); -}; +var index$1 = /*#__PURE__*/Object.freeze({ + __proto__: null, + default: loadWasm +}); -// TODO: should not validate for X25519 -KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); +/* +node-bzip - a pure-javascript Node.JS module for decoding bzip2 data - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; +Copyright (C) 2012 Eli Skeggs - return { result: true, reason: null }; -}; +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. -KeyPair.prototype.getPublic = function getPublic(enc, compact) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. - if (!enc) - return this.pub; +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html - return this.pub.encode(enc, compact); -}; +Adapted from bzip2.js, copyright 2011 antimatter15 (antimatter15@gmail.com). -KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; -}; +Based on micro-bunzip by Rob Landley (rob@landley.net). -KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // For Curve25519/Curve448 we have a specific procedure. - // TODO Curve448 - if (this.ec.curve.type === 'mont') { - var one = this.ec.curve.one; - var mask = one.ushln(255 - 3).sub(one).ushln(3); - this.priv = this.priv.or(one.ushln(255 - 1)); - this.priv = this.priv.and(mask); - } else - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.umod(this.ec.curve.n); -}; +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ -KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - // Montgomery points only have an `x` coordinate. - // Weierstrass/Edwards points on the other hand have both `x` and - // `y` coordinates. - if (this.ec.curve.type === 'mont') { - assert$5(key.x, 'Need x coordinate'); - } else if (this.ec.curve.type === 'short' || - this.ec.curve.type === 'edwards') { - assert$5(key.x && key.y, 'Need both x and y coordinate'); - } - this.pub = this.ec.curve.point(key.x, key.y); - return; - } - this.pub = this.ec.curve.decodePoint(key, enc); -}; +var BITMASK = [0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F, 0xFF]; -// ECDH -KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); +// offset in bytes +var BitReader$1 = function(stream) { + this.stream = stream; + this.bitOffset = 0; + this.curByte = 0; + this.hasByte = false; }; -// ECDSA -KeyPair.prototype.sign = function sign(msg, enc, options) { - return this.ec.sign(msg, this, enc, options); +BitReader$1.prototype._ensureByte = function() { + if (!this.hasByte) { + this.curByte = this.stream.readByte(); + this.hasByte = true; + } }; -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); +// reads bits from the buffer +BitReader$1.prototype.read = function(bits) { + var result = 0; + while (bits > 0) { + this._ensureByte(); + var remaining = 8 - this.bitOffset; + // if we're in a byte + if (bits >= remaining) { + result <<= remaining; + result |= BITMASK[remaining] & this.curByte; + this.hasByte = false; + this.bitOffset = 0; + bits -= remaining; + } else { + result <<= bits; + var shift = remaining - bits; + result |= (this.curByte & (BITMASK[bits] << shift)) >> shift; + this.bitOffset += bits; + bits = 0; + } + } + return result; }; -KeyPair.prototype.inspect = function inspect() { - return ''; +// seek to an arbitrary point in the buffer (expressed in bits) +BitReader$1.prototype.seek = function(pos) { + var n_bit = pos % 8; + var n_byte = (pos - n_bit) / 8; + this.bitOffset = n_bit; + this.stream.seek(n_byte); + this.hasByte = false; }; -var assert$6 = utils_1$1.assert; - -function Signature$1(options, enc) { - if (options instanceof Signature$1) - return options; - - if (this._importDER(options, enc)) - return; +// reads 6 bytes worth of data using the read method +BitReader$1.prototype.pi = function() { + var buf = new Uint8Array(6), i; + for (i = 0; i < buf.length; i++) { + buf[i] = this.read(8); + } + return bufToHex(buf); +}; - assert$6(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); - if (options.recoveryParam === undefined) - this.recoveryParam = null; - else - this.recoveryParam = options.recoveryParam; +function bufToHex(buf) { + return Array.prototype.map.call(buf, x => ('00' + x.toString(16)).slice(-2)).join(''); } -var signature$1 = Signature$1; -function Position() { - this.place = 0; -} +var bitreader = BitReader$1; -function getLength(buf, p) { - var initial = buf[p.place++]; - if (!(initial & 0x80)) { - return initial; - } - var octetLen = initial & 0xf; - var val = 0; - for (var i = 0, off = p.place; i < octetLen; i++, off++) { - val <<= 8; - val |= buf[off]; - } - p.place = off; - return val; -} +/* very simple input/output stream interface */ -function rmPadding(buf) { - var i = 0; - var len = buf.length - 1; - while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) { - i++; - } - if (i === 0) { - return buf; - } - return buf.slice(i); -} +var Stream$1 = function() { +}; -Signature$1.prototype._importDER = function _importDER(data, enc) { - data = utils_1$1.toArray(data, enc); - var p = new Position(); - if (data[p.place++] !== 0x30) { - return false; - } - var len = getLength(data, p); - if ((len + p.place) !== data.length) { - return false; - } - if (data[p.place++] !== 0x02) { - return false; - } - var rlen = getLength(data, p); - var r = data.slice(p.place, rlen + p.place); - p.place += rlen; - if (data[p.place++] !== 0x02) { - return false; - } - var slen = getLength(data, p); - if (data.length !== slen + p.place) { - return false; - } - var s = data.slice(p.place, slen + p.place); - if (r[0] === 0 && (r[1] & 0x80)) { - r = r.slice(1); - } - if (s[0] === 0 && (s[1] & 0x80)) { - s = s.slice(1); +// input streams ////////////// +/** Returns the next byte, or -1 for EOF. */ +Stream$1.prototype.readByte = function() { + throw new Error("abstract method readByte() not implemented"); +}; +/** Attempts to fill the buffer; returns number of bytes read, or + * -1 for EOF. */ +Stream$1.prototype.read = function(buffer, bufOffset, length) { + var bytesRead = 0; + while (bytesRead < length) { + var c = this.readByte(); + if (c < 0) { // EOF + return (bytesRead===0) ? -1 : bytesRead; + } + buffer[bufOffset++] = c; + bytesRead++; } - - this.r = new bn(r); - this.s = new bn(s); - this.recoveryParam = null; - - return true; + return bytesRead; +}; +Stream$1.prototype.seek = function(new_pos) { + throw new Error("abstract method seek() not implemented"); }; -function constructLength(arr, len) { - if (len < 0x80) { - arr.push(len); - return; +// output streams /////////// +Stream$1.prototype.writeByte = function(_byte) { + throw new Error("abstract method readByte() not implemented"); +}; +Stream$1.prototype.write = function(buffer, bufOffset, length) { + var i; + for (i=0; i>> 3); - arr.push(octets | 0x80); - while (--octets) { - arr.push((len >>> (octets << 3)) & 0xff); - } - arr.push(len); -} - -Signature$1.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); - - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); - - r = rmPadding(r); - s = rmPadding(s); - - while (!s[0] && !(s[1] & 0x80)) { - s = s.slice(1); - } - var arr = [ 0x02 ]; - constructLength(arr, r.length); - arr = arr.concat(r); - arr.push(0x02); - constructLength(arr, s.length); - var backHalf = arr.concat(s); - var res = [ 0x30 ]; - constructLength(res, backHalf.length); - res = res.concat(backHalf); - return utils_1$1.encode(res, enc); + return length; +}; +Stream$1.prototype.flush = function() { }; -var assert$7 = utils_1$1.assert; +var stream = Stream$1; +/* CRC32, used in Bzip2 implementation. + * This is a port of CRC32.java from the jbzip2 implementation at + * https://code.google.com/p/jbzip2 + * which is: + * Copyright (c) 2011 Matthew Francis + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * This JavaScript implementation is: + * Copyright (c) 2013 C. Scott Ananian + * with the same licensing terms as Matthew Francis' original implementation. + */ +var crc32 = (function() { + /** + * A static CRC lookup table + */ + var crc32Lookup = new Uint32Array([ + 0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005, + 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61, 0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, + 0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75, + 0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd, + 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039, 0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, + 0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d, + 0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95, + 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1, 0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, + 0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072, + 0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca, + 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde, 0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, + 0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba, + 0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692, + 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6, 0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, + 0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2, + 0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a, + 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637, 0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, + 0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53, + 0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b, + 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff, 0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, + 0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b, + 0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3, + 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7, 0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, + 0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3, + 0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c, + 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8, 0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, + 0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec, + 0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654, + 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0, 0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, + 0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4, + 0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c, + 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668, 0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4 + ]); -function EC(options) { - if (!(this instanceof EC)) - return new EC(options); + var CRC32 = function() { + /** + * The current CRC + */ + var crc = 0xffffffff; - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert$7(curves_1.hasOwnProperty(options), 'Unknown curve ' + options); + /** + * @return The current CRC + */ + this.getCRC = function() { + return (~crc) >>> 0; // return an unsigned value + }; - options = curves_1[options]; - } + /** + * Update the CRC with a single byte + * @param value The value to update the CRC with + */ + this.updateCRC = function(value) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + }; - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof curves_1.PresetCurve) - options = { curve: options }; + /** + * Update the CRC with a sequence of identical bytes + * @param value The value to update the CRC with + * @param count The number of bytes + */ + this.updateCRCRun = function(value, count) { + while (count-- > 0) { + crc = (crc << 8) ^ crc32Lookup[((crc >>> 24) ^ value) & 0xff]; + } + }; + }; + return CRC32; +})(); - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.ushrn(1); - this.g = this.curve.g; +/* +seek-bzip - a pure-javascript module for seeking within bzip2 data - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); +Copyright (C) 2013 C. Scott Ananian +Copyright (C) 2012 Eli Skeggs +Copyright (C) 2011 Kevin Kwok - // Hash function for DRBG - this.hash = options.hash || options.curve.hash; -} -var ec = EC; +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. -EC.prototype.keyPair = function keyPair(options) { - return new key(this, options); -}; +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. -EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return key.fromPrivate(this, priv, enc); -}; +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, see +http://www.gnu.org/licenses/lgpl-2.1.html -EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return key.fromPublic(this, pub, enc); -}; +Adapted from node-bzip, copyright 2012 Eli Skeggs. +Adapted from bzip2.js, copyright 2011 Kevin Kwok (antimatter15@gmail.com). -EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.n.toArray() - }); +Based on micro-bunzip by Rob Landley (rob@landley.net). - // Key generation for curve25519 is simpler - if (this.curve.type === 'mont') { - var priv = new bn(drbg.generate(32)); - return this.keyFromPrivate(priv); - } +Based on bzip2 decompression code by Julian R Seward (jseward@acm.org), +which also acknowledges contributions by Mike Burrows, David Wheeler, +Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten, +Robert Sedgewick, and Jon L. Bentley. +*/ - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; +var BitReader = bitreader; +var Stream = stream; +var CRC32 = crc32; - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); -}; +var MAX_HUFCODE_BITS = 20; +var MAX_SYMBOLS = 258; +var SYMBOL_RUNA = 0; +var SYMBOL_RUNB = 1; +var MIN_GROUPS = 2; +var MAX_GROUPS = 6; +var GROUP_SIZE = 50; -EC.prototype._truncateToN = function truncateToN(msg, truncOnly, bitSize) { - bitSize = bitSize || msg.byteLength() * 8; - var delta = bitSize - this.n.bitLength(); - if (delta > 0) - msg = msg.ushrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; -}; +var WHOLEPI = "314159265359"; +var SQRTPI = "177245385090"; -EC.prototype.truncateMsg = function truncateMSG(msg) { - // Bit size is only determined correctly for Uint8Arrays and hex strings - var bitSize; - if (msg instanceof Uint8Array) { - bitSize = msg.byteLength * 8; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else if (typeof msg === 'string') { - bitSize = msg.length * 4; - msg = this._truncateToN(new bn(msg, 16), false, bitSize); - } else { - msg = this._truncateToN(new bn(msg, 16)); +var mtf = function(array, index) { + var src = array[index], i; + for (i = index; i > 0; i--) { + array[i] = array[i-1]; } - return msg; + array[0] = src; + return src; }; -EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this.truncateMsg(msg); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray('be', bytes); - - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray('be', bytes); - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - entropy: bkey, - nonce: nonce, - pers: options.pers, - persEnc: options.persEnc || 'utf8' - }); - - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); +var Err = { + OK: 0, + LAST_BLOCK: -1, + NOT_BZIP_DATA: -2, + UNEXPECTED_INPUT_EOF: -3, + UNEXPECTED_OUTPUT_EOF: -4, + DATA_ERROR: -5, + OUT_OF_MEMORY: -6, + OBSOLETE_INPUT: -7, + END_OF_BLOCK: -8 +}; +var ErrorMessages = {}; +ErrorMessages[Err.LAST_BLOCK] = "Bad file checksum"; +ErrorMessages[Err.NOT_BZIP_DATA] = "Not bzip data"; +ErrorMessages[Err.UNEXPECTED_INPUT_EOF] = "Unexpected input EOF"; +ErrorMessages[Err.UNEXPECTED_OUTPUT_EOF] = "Unexpected output EOF"; +ErrorMessages[Err.DATA_ERROR] = "Data error"; +ErrorMessages[Err.OUT_OF_MEMORY] = "Out of memory"; +ErrorMessages[Err.OBSOLETE_INPUT] = "Obsolete (pre 0.9.5) bzip format not supported."; - for (var iter = 0; true; iter++) { - var k = options.k ? - options.k(iter) : - new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; +var _throw = function(status, optDetail) { + var msg = ErrorMessages[status] || 'unknown error'; + if (optDetail) { msg += ': '+optDetail; } + var e = new TypeError(msg); + e.errorCode = status; + throw e; +}; - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; +var Bunzip = function(inputStream, outputStream) { + this.writePos = this.writeCurrent = this.writeCount = 0; - var kpX = kp.getX(); - var r = kpX.umod(this.n); - if (r.cmpn(0) === 0) - continue; + this._start_bunzip(inputStream, outputStream); +}; +Bunzip.prototype._init_block = function() { + var moreBlocks = this._get_next_block(); + if ( !moreBlocks ) { + this.writeCount = -1; + return false; /* no more blocks */ + } + this.blockCRC = new CRC32(); + return true; +}; +/* XXX micro-bunzip uses (inputStream, inputBuffer, len) as arguments */ +Bunzip.prototype._start_bunzip = function(inputStream, outputStream) { + /* Ensure that file starts with "BZh['1'-'9']." */ + var buf = new Uint8Array(4); + if (inputStream.read(buf, 0, 4) !== 4 || + String.fromCharCode(buf[0], buf[1], buf[2]) !== 'BZh') + _throw(Err.NOT_BZIP_DATA, 'bad magic'); - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); - s = s.umod(this.n); - if (s.cmpn(0) === 0) - continue; + var level = buf[3] - 0x30; + if (level < 1 || level > 9) + _throw(Err.NOT_BZIP_DATA, 'level out of range'); - var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | - (kpX.cmp(r) !== 0 ? 2 : 0); + this.reader = new BitReader(inputStream); - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) { - s = this.n.sub(s); - recoveryParam ^= 1; + /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of + uncompressed data. Allocate intermediate buffer for block. */ + this.dbufSize = 100000 * level; + this.nextoutput = 0; + this.outputStream = outputStream; + this.streamCRC = 0; +}; +Bunzip.prototype._get_next_block = function() { + var i, j, k; + var reader = this.reader; + // this is get_next_block() function from micro-bunzip: + /* Read in header signature and CRC, then validate signature. + (last block signature means CRC is for whole file, return now) */ + var h = reader.pi(); + if (h === SQRTPI) { // last block + return false; /* no more blocks */ + } + if (h !== WHOLEPI) + _throw(Err.NOT_BZIP_DATA); + this.targetBlockCRC = reader.read(32) >>> 0; // (convert to unsigned) + this.streamCRC = (this.targetBlockCRC ^ + ((this.streamCRC << 1) | (this.streamCRC>>>31))) >>> 0; + /* We can add support for blockRandomised if anybody complains. There was + some code for this in busybox 1.0.0-pre3, but nobody ever noticed that + it didn't actually work. */ + if (reader.read(1)) + _throw(Err.OBSOLETE_INPUT); + var origPointer = reader.read(24); + if (origPointer > this.dbufSize) + _throw(Err.DATA_ERROR, 'initial position out of bounds'); + /* mapping table: if some byte values are never used (encoding things + like ascii text), the compression code removes the gaps to have fewer + symbols to deal with, and writes a sparse bitfield indicating which + values were present. We make a translation table to convert the symbols + back to the corresponding bytes. */ + var t = reader.read(16); + var symToByte = new Uint8Array(256), symTotal = 0; + for (i = 0; i < 16; i++) { + if (t & (1 << (0xF - i))) { + var o = i * 16; + k = reader.read(16); + for (j = 0; j < 16; j++) + if (k & (1 << (0xF - j))) + symToByte[symTotal++] = o + j; } - - return new signature$1({ r: r, s: s, recoveryParam: recoveryParam }); } -}; - -EC.prototype.verify = function verify(msg, signature, key, enc) { - key = this.keyFromPublic(key, enc); - signature = new signature$1(signature, 'hex'); - // Fallback to the old code - var ret = this._verify(this.truncateMsg(msg), signature, key) || - this._verify(this._truncateToN(new bn(msg, 16)), signature, key); - return ret; -}; -EC.prototype._verify = function _verify(msg, signature, key) { - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; + /* How many different huffman coding groups does this block use? */ + var groupCount = reader.read(3); + if (groupCount < MIN_GROUPS || groupCount > MAX_GROUPS) + _throw(Err.DATA_ERROR); + /* nSelectors: Every GROUP_SIZE many symbols we select a new huffman coding + group. Read in the group selector list, which is stored as MTF encoded + bit runs. (MTF=Move To Front, as each value is used it's moved to the + start of the list.) */ + var nSelectors = reader.read(15); + if (nSelectors === 0) + _throw(Err.DATA_ERROR); - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).umod(this.n); - var u2 = sinv.mul(r).umod(this.n); + var mtfSymbol = new Uint8Array(256); + for (i = 0; i < groupCount; i++) + mtfSymbol[i] = i; - if (!this.curve._maxwellTrick) { - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; + var selectors = new Uint8Array(nSelectors); // was 32768... - return p.getX().umod(this.n).cmp(r) === 0; + for (i = 0; i < nSelectors; i++) { + /* Get next value */ + for (j = 0; reader.read(1); j++) + if (j >= groupCount) _throw(Err.DATA_ERROR); + /* Decode MTF to get the next selector */ + selectors[i] = mtf(mtfSymbol, j); } - // NOTE: Greg Maxwell's trick, inspired by: - // https://git.io/vad3K - - var p = this.g.jmulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; - - // Compare `p.x` of Jacobian point with `r`, - // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the - // inverse of `p.z^2` - return p.eqXToP(r); -}; + /* Read the huffman coding tables for each group, which code for symTotal + literal symbols, plus two run symbols (RUNA, RUNB) */ + var symCount = symTotal + 2; + var groups = [], hufGroup; + for (j = 0; j < groupCount; j++) { + var length = new Uint8Array(symCount), temp = new Uint16Array(MAX_HUFCODE_BITS + 1); + /* Read huffman code lengths for each symbol. They're stored in + a way similar to mtf; record a starting value for the first symbol, + and an offset from the previous value for everys symbol after that. */ + t = reader.read(5); // lengths + for (i = 0; i < symCount; i++) { + for (;;) { + if (t < 1 || t > MAX_HUFCODE_BITS) _throw(Err.DATA_ERROR); + /* If first bit is 0, stop. Else second bit indicates whether + to increment or decrement the value. */ + if(!reader.read(1)) + break; + if(!reader.read(1)) + t++; + else + t--; + } + length[i] = t; + } -EC.prototype.recoverPubKey = function(msg, signature, j, enc) { - assert$7((3 & j) === j, 'The recovery param is more than two bits'); - signature = new signature$1(signature, enc); - - var n = this.n; - var e = new bn(msg); - var r = signature.r; - var s = signature.s; - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = j & 1; - var isSecondKey = j >> 1; - if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) - throw new Error('Unable to find sencond key candinate'); - - // 1.1. Let x = r + jn. - if (isSecondKey) - r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); - else - r = this.curve.pointFromX(r, isYOdd); - - var rInv = signature.r.invm(n); - var s1 = n.sub(e).mul(rInv).umod(n); - var s2 = s.mul(rInv).umod(n); - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - return this.g.mulAdd(s1, r, s2); -}; + /* Find largest and smallest lengths in this group */ + var minLen, maxLen; + minLen = maxLen = length[0]; + for (i = 1; i < symCount; i++) { + if (length[i] > maxLen) + maxLen = length[i]; + else if (length[i] < minLen) + minLen = length[i]; + } -EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) { - signature = new signature$1(signature, enc); - if (signature.recoveryParam !== null) - return signature.recoveryParam; + /* Calculate permute[], base[], and limit[] tables from length[]. + * + * permute[] is the lookup table for converting huffman coded symbols + * into decoded symbols. base[] is the amount to subtract from the + * value of a huffman symbol of a given length when using permute[]. + * + * limit[] indicates the largest numerical value a symbol with a given + * number of bits can have. This is how the huffman codes can vary in + * length: each code with a value>limit[length] needs another bit. + */ + hufGroup = {}; + groups.push(hufGroup); + hufGroup.permute = new Uint16Array(MAX_SYMBOLS); + hufGroup.limit = new Uint32Array(MAX_HUFCODE_BITS + 2); + hufGroup.base = new Uint32Array(MAX_HUFCODE_BITS + 1); + hufGroup.minLen = minLen; + hufGroup.maxLen = maxLen; + /* Calculate permute[]. Concurently, initialize temp[] and limit[]. */ + var pp = 0; + for (i = minLen; i <= maxLen; i++) { + temp[i] = hufGroup.limit[i] = 0; + for (t = 0; t < symCount; t++) + if (length[t] === i) + hufGroup.permute[pp++] = t; + } + /* Count symbols coded for at each bit length */ + for (i = 0; i < symCount; i++) + temp[length[i]]++; + /* Calculate limit[] (the largest symbol-coding value at each bit + * length, which is (previous limit<<1)+symbols at this level), and + * base[] (number of symbols to ignore at each bit length, which is + * limit minus the cumulative count of symbols coded for already). */ + pp = t = 0; + for (i = minLen; i < maxLen; i++) { + pp += temp[i]; + /* We read the largest possible symbol size and then unget bits + after determining how many we need, and those extra bits could + be set to anything. (They're noise from future symbols.) At + each level we're really only interested in the first few bits, + so here we set all the trailing to-be-ignored bits to 1 so they + don't affect the value>limit[length] comparison. */ + hufGroup.limit[i] = pp - 1; + pp <<= 1; + t += temp[i]; + hufGroup.base[i + 1] = pp - t; + } + hufGroup.limit[maxLen + 1] = Number.MAX_VALUE; /* Sentinal value for reading next sym. */ + hufGroup.limit[maxLen] = pp + temp[maxLen] - 1; + hufGroup.base[minLen] = 0; + } + /* We've finished reading and digesting the block header. Now read this + block's huffman coded symbols from the file and undo the huffman coding + and run length encoding, saving the result into dbuf[dbufCount++]=uc */ - for (var i = 0; i < 4; i++) { - var Qprime; - try { - Qprime = this.recoverPubKey(e, signature, i); - } catch (e) { + /* Initialize symbol occurrence counters and symbol Move To Front table */ + var byteCount = new Uint32Array(256); + for (i = 0; i < 256; i++) + mtfSymbol[i] = i; + /* Loop through compressed symbols. */ + var runPos = 0, dbufCount = 0, selector = 0, uc; + var dbuf = this.dbuf = new Uint32Array(this.dbufSize); + symCount = 0; + for (;;) { + /* Determine which huffman coding group to use. */ + if (!(symCount--)) { + symCount = GROUP_SIZE - 1; + if (selector >= nSelectors) { _throw(Err.DATA_ERROR); } + hufGroup = groups[selectors[selector++]]; + } + /* Read next huffman-coded symbol. */ + i = hufGroup.minLen; + j = reader.read(i); + for (;;i++) { + if (i > hufGroup.maxLen) { _throw(Err.DATA_ERROR); } + if (j <= hufGroup.limit[i]) + break; + j = (j << 1) | reader.read(1); + } + /* Huffman decode value to get nextSym (with bounds checking) */ + j -= hufGroup.base[i]; + if (j < 0 || j >= MAX_SYMBOLS) { _throw(Err.DATA_ERROR); } + var nextSym = hufGroup.permute[j]; + /* We have now decoded the symbol, which indicates either a new literal + byte, or a repeated run of the most recent literal byte. First, + check if nextSym indicates a repeated run, and if so loop collecting + how many times to repeat the last literal. */ + if (nextSym === SYMBOL_RUNA || nextSym === SYMBOL_RUNB) { + /* If this is the start of a new run, zero out counter */ + if (!runPos){ + runPos = 1; + t = 0; + } + /* Neat trick that saves 1 symbol: instead of or-ing 0 or 1 at + each bit position, add 1 or 2 instead. For example, + 1011 is 1<<0 + 1<<1 + 2<<2. 1010 is 2<<0 + 2<<1 + 1<<2. + You can make any bit pattern that way using 1 less symbol than + the basic or 0/1 method (except all bits 0, which would use no + symbols, but a run of length 0 doesn't mean anything in this + context). Thus space is saved. */ + if (nextSym === SYMBOL_RUNA) + t += runPos; + else + t += 2 * runPos; + runPos <<= 1; continue; } - - if (Qprime.eq(Q)) - return i; + /* When we hit the first non-run symbol after a run, we now know + how many times to repeat the last literal, so append that many + copies to our buffer of decoded symbols (dbuf) now. (The last + literal used is the one at the head of the mtfSymbol array.) */ + if (runPos){ + runPos = 0; + if (dbufCount + t > this.dbufSize) { _throw(Err.DATA_ERROR); } + uc = symToByte[mtfSymbol[0]]; + byteCount[uc] += t; + while (t--) + dbuf[dbufCount++] = uc; + } + /* Is this the terminating symbol? */ + if (nextSym > symTotal) + break; + /* At this point, nextSym indicates a new literal character. Subtract + one to get the position in the MTF array at which this literal is + currently to be found. (Note that the result can't be -1 or 0, + because 0 and 1 are RUNA and RUNB. But another instance of the + first symbol in the mtf array, position 0, would have been handled + as part of a run above. Therefore 1 unused mtf position minus + 2 non-literal nextSym values equals -1.) */ + if (dbufCount >= this.dbufSize) { _throw(Err.DATA_ERROR); } + i = nextSym - 1; + uc = mtf(mtfSymbol, i); + uc = symToByte[uc]; + /* We have our literal byte. Save it into dbuf. */ + byteCount[uc]++; + dbuf[dbufCount++] = uc; } - throw new Error('Unable to find valid recovery factor'); -}; - -var assert$8 = utils_1$1.assert; -var parseBytes = utils_1$1.parseBytes; -var cachedProperty = utils_1$1.cachedProperty; - -/** -* @param {EDDSA} eddsa - instance -* @param {Object} params - public/private key parameters -* -* @param {Array} [params.secret] - secret seed bytes -* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms) -* @param {Array} [params.pub] - public key point encoded as bytes -* -*/ -function KeyPair$1(eddsa, params) { - this.eddsa = eddsa; - if (params.hasOwnProperty('secret')) - this._secret = parseBytes(params.secret); - if (eddsa.isPoint(params.pub)) - this._pub = params.pub; - else { - this._pubBytes = parseBytes(params.pub); - if (this._pubBytes && this._pubBytes.length === 33 && - this._pubBytes[0] === 0x40) - this._pubBytes = this._pubBytes.slice(1, 33); - if (this._pubBytes && this._pubBytes.length !== 32) - throw new Error('Unknown point compression format'); - } -} - -KeyPair$1.fromPublic = function fromPublic(eddsa, pub) { - if (pub instanceof KeyPair$1) - return pub; - return new KeyPair$1(eddsa, { pub: pub }); -}; - -KeyPair$1.fromSecret = function fromSecret(eddsa, secret) { - if (secret instanceof KeyPair$1) - return secret; - return new KeyPair$1(eddsa, { secret: secret }); -}; - -KeyPair$1.prototype.secret = function secret() { - return this._secret; -}; - -cachedProperty(KeyPair$1, 'pubBytes', function pubBytes() { - return this.eddsa.encodePoint(this.pub()); -}); - -cachedProperty(KeyPair$1, 'pub', function pub() { - if (this._pubBytes) - return this.eddsa.decodePoint(this._pubBytes); - return this.eddsa.g.mul(this.priv()); -}); - -cachedProperty(KeyPair$1, 'privBytes', function privBytes() { - var eddsa = this.eddsa; - var hash = this.hash(); - var lastIx = eddsa.encodingLength - 1; - - // https://tools.ietf.org/html/rfc8032#section-5.1.5 - var a = hash.slice(0, eddsa.encodingLength); - a[0] &= 248; - a[lastIx] &= 127; - a[lastIx] |= 64; - - return a; -}); - -cachedProperty(KeyPair$1, 'priv', function priv() { - return this.eddsa.decodeInt(this.privBytes()); -}); - -cachedProperty(KeyPair$1, 'hash', function hash() { - return this.eddsa.hash().update(this.secret()).digest(); -}); - -cachedProperty(KeyPair$1, 'messagePrefix', function messagePrefix() { - return this.hash().slice(this.eddsa.encodingLength); -}); - -KeyPair$1.prototype.sign = function sign(message) { - assert$8(this._secret, 'KeyPair can only verify'); - return this.eddsa.sign(message, this); -}; - -KeyPair$1.prototype.verify = function verify(message, sig) { - return this.eddsa.verify(message, sig, this); -}; - -KeyPair$1.prototype.getSecret = function getSecret(enc) { - assert$8(this._secret, 'KeyPair is public only'); - return utils_1$1.encode(this.secret(), enc); -}; - -KeyPair$1.prototype.getPublic = function getPublic(enc, compact) { - return utils_1$1.encode((compact ? [ 0x40 ] : []).concat(this.pubBytes()), enc); -}; - -var key$1 = KeyPair$1; - -var assert$9 = utils_1$1.assert; -var cachedProperty$1 = utils_1$1.cachedProperty; -var parseBytes$1 = utils_1$1.parseBytes; - -/** -* @param {EDDSA} eddsa - eddsa instance -* @param {Array|Object} sig - -* @param {Array|Point} [sig.R] - R point as Point or bytes -* @param {Array|bn} [sig.S] - S scalar as bn or bytes -* @param {Array} [sig.Rencoded] - R point encoded -* @param {Array} [sig.Sencoded] - S scalar encoded -*/ -function Signature$2(eddsa, sig) { - this.eddsa = eddsa; - - if (typeof sig !== 'object') - sig = parseBytes$1(sig); - - if (Array.isArray(sig)) { - sig = { - R: sig.slice(0, eddsa.encodingLength), - S: sig.slice(eddsa.encodingLength) - }; + /* At this point, we've read all the huffman-coded symbols (and repeated + runs) for this block from the input stream, and decoded them into the + intermediate buffer. There are dbufCount many decoded bytes in dbuf[]. + Now undo the Burrows-Wheeler transform on dbuf. + See http://dogma.net/markn/articles/bwt/bwt.htm + */ + if (origPointer < 0 || origPointer >= dbufCount) { _throw(Err.DATA_ERROR); } + /* Turn byteCount into cumulative occurrence counts of 0 to n-1. */ + j = 0; + for (i = 0; i < 256; i++) { + k = j + byteCount[i]; + byteCount[i] = j; + j = k; } + /* Figure out what order dbuf would be in if we sorted it. */ + for (i = 0; i < dbufCount; i++) { + uc = dbuf[i] & 0xff; + dbuf[byteCount[uc]] |= (i << 8); + byteCount[uc]++; + } + /* Decode first byte by hand to initialize "previous" byte. Note that it + doesn't get output, and if the first three characters are identical + it doesn't qualify as a run (hence writeRunCountdown=5). */ + var pos = 0, current = 0, run = 0; + if (dbufCount) { + pos = dbuf[origPointer]; + current = (pos & 0xff); + pos >>= 8; + run = -1; + } + this.writePos = pos; + this.writeCurrent = current; + this.writeCount = dbufCount; + this.writeRun = run; - assert$9(sig.R && sig.S, 'Signature without R or S'); - - if (eddsa.isPoint(sig.R)) - this._R = sig.R; - if (sig.S instanceof bn) - this._S = sig.S; - - this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded; - this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded; -} - -cachedProperty$1(Signature$2, 'S', function S() { - return this.eddsa.decodeInt(this.Sencoded()); -}); - -cachedProperty$1(Signature$2, 'R', function R() { - return this.eddsa.decodePoint(this.Rencoded()); -}); - -cachedProperty$1(Signature$2, 'Rencoded', function Rencoded() { - return this.eddsa.encodePoint(this.R()); -}); - -cachedProperty$1(Signature$2, 'Sencoded', function Sencoded() { - return this.eddsa.encodeInt(this.S()); -}); - -Signature$2.prototype.toBytes = function toBytes() { - return this.Rencoded().concat(this.Sencoded()); -}; - -Signature$2.prototype.toHex = function toHex() { - return utils_1$1.encode(this.toBytes(), 'hex').toUpperCase(); -}; - -var signature$2 = Signature$2; - -var assert$a = utils_1$1.assert; -var parseBytes$2 = utils_1$1.parseBytes; - - - -function EDDSA(curve) { - assert$a(curve === 'ed25519', 'only tested with ed25519 so far'); - - if (!(this instanceof EDDSA)) - return new EDDSA(curve); - - var curve = curves_1[curve].curve; - this.curve = curve; - this.g = curve.g; - this.g.precompute(curve.n.bitLength() + 1); - - this.pointClass = curve.point().constructor; - this.encodingLength = Math.ceil(curve.n.bitLength() / 8); - this.hash = hash_1.sha512; -} - -var eddsa$1 = EDDSA; - -/** -* @param {Array|String} message - message bytes -* @param {Array|String|KeyPair} secret - secret bytes or a keypair -* @returns {Signature} - signature -*/ -EDDSA.prototype.sign = function sign(message, secret) { - message = parseBytes$2(message); - var key = this.keyFromSecret(secret); - var r = this.hashInt(key.messagePrefix(), message); - var R = this.g.mul(r); - var Rencoded = this.encodePoint(R); - var s_ = this.hashInt(Rencoded, key.pubBytes(), message) - .mul(key.priv()); - var S = r.add(s_).umod(this.curve.n); - return this.makeSignature({ R: R, S: S, Rencoded: Rencoded }); + return true; /* more blocks to come */ }; - -/** -* @param {Array} message - message bytes -* @param {Array|String|Signature} sig - sig bytes -* @param {Array|String|Point|KeyPair} pub - public key -* @returns {Boolean} - true if public key matches sig of message +/* Undo burrows-wheeler transform on intermediate buffer to produce output. + If start_bunzip was initialized with out_fd=-1, then up to len bytes of + data are written to outbuf. Return value is number of bytes written or + error (all errors are negative numbers). If out_fd!=-1, outbuf and len + are ignored, data is written to out_fd and return is RETVAL_OK or error. */ -EDDSA.prototype.verify = function verify(message, sig, pub) { - message = parseBytes$2(message); - sig = this.makeSignature(sig); - var key = this.keyFromPublic(pub); - var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message); - var SG = this.g.mul(sig.S()); - var RplusAh = sig.R().add(key.pub().mul(h)); - return RplusAh.eq(SG); -}; - -EDDSA.prototype.hashInt = function hashInt() { - var hash = this.hash(); - for (var i = 0; i < arguments.length; i++) - hash.update(arguments[i]); - return utils_1$1.intFromLE(hash.digest()).umod(this.curve.n); -}; +Bunzip.prototype._read_bunzip = function(outputBuffer, len) { + var copies, previous, outbyte; + /* james@jamestaylor.org: writeCount goes to -1 when the buffer is fully + decoded, which results in this returning RETVAL_LAST_BLOCK, also + equal to -1... Confusing, I'm returning 0 here to indicate no + bytes written into the buffer */ + if (this.writeCount < 0) { return 0; } + var dbuf = this.dbuf, pos = this.writePos, current = this.writeCurrent; + var dbufCount = this.writeCount; this.outputsize; + var run = this.writeRun; -EDDSA.prototype.keyPair = function keyPair(options) { - return new key$1(this, options); + while (dbufCount) { + dbufCount--; + previous = current; + pos = dbuf[pos]; + current = pos & 0xff; + pos >>= 8; + if (run++ === 3){ + copies = current; + outbyte = previous; + current = -1; + } else { + copies = 1; + outbyte = current; + } + this.blockCRC.updateCRCRun(outbyte, copies); + while (copies--) { + this.outputStream.writeByte(outbyte); + this.nextoutput++; + } + if (current != previous) + run = 0; + } + this.writeCount = dbufCount; + // check CRC + if (this.blockCRC.getCRC() !== this.targetBlockCRC) { + _throw(Err.DATA_ERROR, "Bad block CRC "+ + "(got "+this.blockCRC.getCRC().toString(16)+ + " expected "+this.targetBlockCRC.toString(16)+")"); + } + return this.nextoutput; }; -EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) { - return key$1.fromPublic(this, pub); +var coerceInputStream = function(input) { + if ('readByte' in input) { return input; } + var inputStream = new Stream(); + inputStream.pos = 0; + inputStream.readByte = function() { return input[this.pos++]; }; + inputStream.seek = function(pos) { this.pos = pos; }; + inputStream.eof = function() { return this.pos >= input.length; }; + return inputStream; }; - -EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) { - return key$1.fromSecret(this, secret); +var coerceOutputStream = function(output) { + var outputStream = new Stream(); + var resizeOk = true; + if (output) { + if (typeof(output)==='number') { + outputStream.buffer = new Uint8Array(output); + resizeOk = false; + } else if ('writeByte' in output) { + return output; + } else { + outputStream.buffer = output; + resizeOk = false; + } + } else { + outputStream.buffer = new Uint8Array(16384); + } + outputStream.pos = 0; + outputStream.writeByte = function(_byte) { + if (resizeOk && this.pos >= this.buffer.length) { + var newBuffer = new Uint8Array(this.buffer.length*2); + newBuffer.set(this.buffer); + this.buffer = newBuffer; + } + this.buffer[this.pos++] = _byte; + }; + outputStream.getBuffer = function() { + // trim buffer + if (this.pos !== this.buffer.length) { + if (!resizeOk) + throw new TypeError('outputsize does not match decoded input'); + var newBuffer = new Uint8Array(this.pos); + newBuffer.set(this.buffer.subarray(0, this.pos)); + this.buffer = newBuffer; + } + return this.buffer; + }; + outputStream._coerced = true; + return outputStream; }; -EDDSA.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; - - // Instantiate Hmac_DRBG - var drbg = new hmacDrbg({ - hash: this.hash, - pers: options.pers, - persEnc: options.persEnc || 'utf8', - entropy: options.entropy || brorand(this.hash.hmacStrength), - entropyEnc: options.entropy && options.entropyEnc || 'utf8', - nonce: this.curve.n.toArray() - }); +/* Static helper functions */ +// 'input' can be a stream or a buffer +// 'output' can be a stream or a buffer or a number (buffer size) +const decode = function(input, output, multistream) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); - return this.keyFromSecret(drbg.generate(32)); + var bz = new Bunzip(inputStream, outputStream); + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; + if (bz._init_block()) { + bz._read_bunzip(); + } else { + var targetStreamCRC = bz.reader.read(32) >>> 0; // (convert to unsigned) + if (targetStreamCRC !== bz.streamCRC) { + _throw(Err.DATA_ERROR, "Bad stream CRC "+ + "(got "+bz.streamCRC.toString(16)+ + " expected "+targetStreamCRC.toString(16)+")"); + } + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + } else break; + } + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; +const decodeBlock = function(input, pos, output) { + // make a stream from a buffer, if necessary + var inputStream = coerceInputStream(input); + var outputStream = coerceOutputStream(output); + var bz = new Bunzip(inputStream, outputStream); + bz.reader.seek(pos); + /* Fill the decode buffer for the block */ + var moreBlocks = bz._get_next_block(); + if (moreBlocks) { + /* Init the CRC for writing */ + bz.blockCRC = new CRC32(); -EDDSA.prototype.makeSignature = function makeSignature(sig) { - if (sig instanceof signature$2) - return sig; - return new signature$2(this, sig); -}; + /* Zero this so the current byte from before the seek is not written */ + bz.writeCopies = 0; -/** -* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2 -* -* EDDSA defines methods for encoding and decoding points and integers. These are -* helper convenience methods, that pass along to utility functions implied -* parameters. -* -*/ -EDDSA.prototype.encodePoint = function encodePoint(point) { - var enc = point.getY().toArray('le', this.encodingLength); - enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0; - return enc; + /* Decompress the block and write to stdout */ + bz._read_bunzip(); + // XXX keep writing? + } + if ('getBuffer' in outputStream) + return outputStream.getBuffer(); }; +/* Reads bzip2 file from stream or buffer `input`, and invoke + * `callback(position, size)` once for each bzip2 block, + * where position gives the starting position (in *bits*) + * and size gives uncompressed size of the block (in *bytes*). */ +const table = function(input, callback, multistream) { + // make a stream from a buffer, if necessary + var inputStream = new Stream(); + inputStream.delegate = coerceInputStream(input); + inputStream.pos = 0; + inputStream.readByte = function() { + this.pos++; + return this.delegate.readByte(); + }; + if (inputStream.delegate.eof) { + inputStream.eof = inputStream.delegate.eof.bind(inputStream.delegate); + } + var outputStream = new Stream(); + outputStream.pos = 0; + outputStream.writeByte = function() { this.pos++; }; -EDDSA.prototype.decodePoint = function decodePoint(bytes) { - bytes = utils_1$1.parseBytes(bytes); - - var lastIx = bytes.length - 1; - var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80); - var xIsOdd = (bytes[lastIx] & 0x80) !== 0; - - var y = utils_1$1.intFromLE(normed); - return this.curve.pointFromY(y, xIsOdd); -}; + var bz = new Bunzip(inputStream, outputStream); + var blockSize = bz.dbufSize; + while (true) { + if ('eof' in inputStream && inputStream.eof()) break; -EDDSA.prototype.encodeInt = function encodeInt(num) { - return num.toArray('le', this.encodingLength); -}; + var position = inputStream.pos*8 + bz.reader.bitOffset; + if (bz.reader.hasByte) { position -= 8; } -EDDSA.prototype.decodeInt = function decodeInt(bytes) { - return utils_1$1.intFromLE(bytes); + if (bz._init_block()) { + var start = outputStream.pos; + bz._read_bunzip(); + callback(position, outputStream.pos - start); + } else { + bz.reader.read(32); // (but we ignore the crc) + if (multistream && + 'eof' in inputStream && + !inputStream.eof()) { + // note that start_bunzip will also resync the bit reader to next byte + bz._start_bunzip(inputStream, outputStream); + console.assert(bz.dbufSize === blockSize, + "shouldn't change block size within multistream file"); + } else break; + } + } }; -EDDSA.prototype.isPoint = function isPoint(val) { - return val instanceof this.pointClass; +var lib = { + Bunzip, + Stream, + Err, + decode, + decodeBlock, + table }; -var elliptic_1 = createCommonjsModule(function (module, exports) { - -var elliptic = exports; - -elliptic.utils = utils_1$1; -elliptic.rand = brorand; -elliptic.curve = curve_1; -elliptic.curves = curves_1; - -// Protocols -elliptic.ec = ec; -elliptic.eddsa = eddsa$1; -}); - -var elliptic$1 = /*#__PURE__*/Object.freeze({ - __proto__: null, - 'default': elliptic_1, - __moduleExports: elliptic_1 -}); +var index = /*#__PURE__*/_mergeNamespaces({ + __proto__: null +}, [lib]); -export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$5 as decrypt, decryptKey, decryptSessionKeys, encrypt$5 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$6 as sign, unarmor, verify$6 as verify }; +export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PaddingPacket, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt, decryptKey, decryptSessionKeys, encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign, unarmor, verify }; diff --git a/app/node_modules/openpgp/lightweight/package.json b/app/node_modules/openpgp/lightweight/package.json index 134e03c9c..c141a35d3 100644 --- a/app/node_modules/openpgp/lightweight/package.json +++ b/app/node_modules/openpgp/lightweight/package.json @@ -1,5 +1,5 @@ { "name": "openpgp-lightweight", - "main": "../dist/lightweight/openpgp.min.mjs", + "browser": "../dist/lightweight/openpgp.min.mjs", "types": "../openpgp.d.ts" } diff --git a/app/node_modules/openpgp/openpgp.d.ts b/app/node_modules/openpgp/openpgp.d.ts index 56175b269..b4d54b5b3 100644 --- a/app/node_modules/openpgp/openpgp.d.ts +++ b/app/node_modules/openpgp/openpgp.d.ts @@ -1,3 +1,5 @@ +/* eslint-disable max-lines, @typescript-eslint/indent */ + /** * Type definitions for OpenPGP.js http://openpgpjs.org/ * @@ -7,9 +9,19 @@ * - Errietta Kostala */ -import type { WebStream as GenericWebStream, NodeStream as GenericNodeStream } from '@openpgp/web-stream-tools'; +import type { WebStream as GenericWebStream, NodeWebStream as GenericNodeWebStream } from '@openpgp/web-stream-tools'; + +/* ############## STREAM #################### */ +type Data = Uint8Array | string; +// web-stream-tools might end up supporting additional data types, so we re-declare the types +// to enforce the type contraint that we need. +export type WebStream = GenericWebStream; +export type NodeWebStream = GenericNodeWebStream; +export type Stream = WebStream | NodeWebStream; +export type MaybeStream = T | Stream; +type MaybeArray = T | Array; -/* ############## v5 KEY #################### */ +/* ############## KEY #################### */ // The Key and PublicKey types can be used interchangably since TS cannot detect the difference, as they have the same class properties. // The declared readKey(s) return type is Key instead of a PublicKey since it seems more obvious that a Key can be cast to a PrivateKey. export function readKey(options: { armoredKey: string, config?: PartialConfig }): Promise; @@ -54,8 +66,8 @@ export abstract class Key { // NB: the order of the `update` declarations matters, since PublicKey includes PrivateKey public update(sourceKey: PrivateKey, date?: Date, config?: Config): Promise; public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise; - public signPrimaryUser(privateKeys: PrivateKey[], date?: Date, userID?: UserID, config?: Config): Promise - public signAllUsers(privateKeys: PrivateKey[], date?: Date, config?: Config): Promise + public signPrimaryUser(privateKeys: PrivateKey[], date?: Date, userID?: UserID, config?: Config): Promise; + public signAllUsers(privateKeys: PrivateKey[], date?: Date, config?: Config): Promise; public verifyPrimaryKey(date?: Date, userID?: UserID, config?: Config): Promise; // throws on error public verifyPrimaryUser(publicKeys: PublicKey[], date?: Date, userIDs?: UserID, config?: Config): Promise<{ keyID: KeyID, valid: boolean | null }[]>; public verifyAllUsers(publicKeys?: PublicKey[], date?: Date, config?: Config): Promise<{ userID: string, keyID: KeyID, valid: boolean | null }[]>; @@ -82,7 +94,7 @@ export class PrivateKey extends PublicKey { public revoke(reason?: ReasonForRevocation, date?: Date, config?: Config): Promise; public isDecrypted(): boolean; public addSubkey(options: SubkeyOptions): Promise; - public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise + public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise; } @@ -98,9 +110,9 @@ export class Subkey { public getCreationTime(): Date; public getAlgorithmInfo(): AlgorithmInfo; public getKeyID(): KeyID; - public getExpirationTime(date?: Date, config?: Config): Promise + public getExpirationTime(date?: Date, config?: Config): Promise; public isRevoked(signature: SignaturePacket, key: AnyKeyPacket, date?: Date, config?: Config): Promise; - public update(subKey: Subkey, date?: Date, config?: Config): Promise + public update(subKey: Subkey, date?: Date, config?: Config): Promise; public revoke(primaryKey: SecretKeyPacket, reasonForRevocation?: ReasonForRevocation, date?: Date, config?: Config): Promise; } @@ -118,13 +130,13 @@ export interface PrimaryUser { selfCertification: SignaturePacket; } -type AlgorithmInfo = { +export type AlgorithmInfo = { algorithm: enums.publicKeyNames; bits?: number; curve?: EllipticCurveName; }; -/* ############## v5 SIG #################### */ +/* ############## SIG #################### */ export function readSignature(options: { armoredSignature: string, config?: PartialConfig }): Promise; export function readSignature(options: { binarySignature: Uint8Array, config?: PartialConfig }): Promise; @@ -143,7 +155,7 @@ interface VerificationResult { signature: Promise; } -/* ############## v5 CLEARTEXT #################### */ +/* ############## CLEARTEXT #################### */ export function readCleartextMessage(options: { cleartextMessage: string, config?: PartialConfig }): Promise; @@ -176,12 +188,12 @@ export class CleartextMessage { verify(keys: PublicKey[], date?: Date, config?: Config): Promise; } -/* ############## v5 MSG #################### */ +/* ############## MSG #################### */ export function generateSessionKey(options: { encryptionKeys: MaybeArray, date?: Date, encryptionUserIDs?: MaybeArray, config?: PartialConfig }): Promise; export function encryptSessionKey(options: EncryptSessionKeyOptions & { format?: 'armored' }): Promise; export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'binary' }): Promise; export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'object' }): Promise>; -export function decryptSessionKeys>(options: { message: Message, decryptionKeys?: MaybeArray, passwords?: MaybeArray, date?: Date, config?: PartialConfig }): Promise; +export function decryptSessionKeys>(options: { message: Message, decryptionKeys?: MaybeArray, passwords?: MaybeArray, date?: Date, config?: PartialConfig }): Promise; export function readMessage>(options: { armoredMessage: T, config?: PartialConfig }): Promise>; export function readMessage>(options: { binaryMessage: T, config?: PartialConfig }): Promise>; @@ -190,25 +202,25 @@ export function createMessage>(options: { text: T, export function createMessage>(options: { binary: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise>; export function encrypt>(options: EncryptOptions & { message: Message, format?: 'armored' }): Promise< - T extends WebStream ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : string >; export function encrypt>(options: EncryptOptions & { message: Message, format: 'binary' }): Promise< - T extends WebStream ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : Uint8Array >; export function encrypt>(options: EncryptOptions & { message: Message, format: 'object' }): Promise>; export function sign>(options: SignOptions & { message: Message, format?: 'armored' }): Promise< - T extends WebStream ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : string >; export function sign>(options: SignOptions & { message: Message, format: 'binary' }): Promise< - T extends WebStream ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : Uint8Array >; export function sign>(options: SignOptions & { message: Message, format: 'object' }): Promise>; @@ -217,26 +229,26 @@ export function sign(options: SignOptions & { message: CleartextMessage, format: export function decrypt>(options: DecryptOptions & { message: Message, format: 'binary' }): Promise ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : Uint8Array }>; export function decrypt>(options: DecryptOptions & { message: Message }): Promise ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : string }>; export function verify(options: VerifyOptions & { message: CleartextMessage, format?: 'utf8' }): Promise>; export function verify>(options: VerifyOptions & { message: Message, format: 'binary' }): Promise ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : Uint8Array >>; export function verify>(options: VerifyOptions & { message: Message }): Promise ? WebStream : - T extends NodeStream ? NodeStream : + T extends WebStream ? WebStream : + T extends NodeWebStream ? NodeWebStream : string >>; @@ -263,7 +275,7 @@ export class Message> { /** Encrypt the message @param encryptionKeys array of public keys, used to encrypt the message */ - public encrypt(encryptionKeys?: PublicKey[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise>>; + public encrypt(encryptionKeys?: PublicKey[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise>>; /** Returns the key IDs of the keys to which the session key is encrypted */ @@ -305,7 +317,7 @@ export class Message> { } -/* ############## v5 CONFIG #################### */ +/* ############## CONFIG #################### */ interface Config { preferredHashAlgorithm: enums.hash; @@ -313,44 +325,44 @@ interface Config { preferredCompressionAlgorithm: enums.compression; showVersion: boolean; showComment: boolean; - deflateLevel: number; aeadProtect: boolean; allowUnauthenticatedMessages: boolean; allowUnauthenticatedStream: boolean; - checksumRequired: boolean; minRSABits: number; passwordCollisionCheck: boolean; - revocationsExpire: boolean; ignoreUnsupportedPackets: boolean; ignoreMalformedPackets: boolean; versionString: string; commentString: string; allowInsecureDecryptionWithSigningKeys: boolean; allowInsecureVerificationWithReformattedKeys: boolean; + allowMissingKeyFlags: boolean; constantTimePKCS1Decryption: boolean; constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: Set; - v5Keys: boolean; + v6Keys: boolean; + enableParsingV5Entities: boolean; preferredAEADAlgorithm: enums.aead; aeadChunkSizeByte: number; + s2kType: enums.s2k.iterated | enums.s2k.argon2; s2kIterationCountByte: number; - minBytesForWebCrypto: number; + s2kArgon2Params: { passes: number, parallelism: number; memoryExponent: number; }; maxUserIDLength: number; knownNotations: string[]; - useIndutnyElliptic: boolean; + useEllipticFallback: boolean; rejectHashAlgorithms: Set; rejectMessageHashAlgorithms: Set; rejectPublicKeyAlgorithms: Set; rejectCurves: Set; } -export var config: Config; +export const config: Config; // PartialConfig has the same properties as Config, but declared as optional. // This interface is relevant for top-level functions, which accept a subset of configuration options -interface PartialConfig extends Partial {} +export interface PartialConfig extends Partial {} -/* ############## v5 PACKET #################### */ +/* ############## PACKET #################### */ -declare abstract class BasePacket { +export declare abstract class BasePacket { static readonly tag: enums.packet; public read(bytes: Uint8Array): void; public write(): Uint8Array; @@ -423,7 +435,7 @@ export class AEADEncryptedDataPacket extends BasePacket { static readonly tag: enums.packet.aeadEncryptedData; private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void; private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void; - private crypt(fn: Function, sessionKey: Uint8Array, data: MaybeStream): MaybeStream + private crypt(fn: Function, sessionKey: Uint8Array, data: MaybeStream): MaybeStream; } export class PublicKeyEncryptedSessionKeyPacket extends BasePacket { @@ -486,7 +498,8 @@ export class SignaturePacket extends BasePacket { public hashAlgorithm: enums.hash | null; public publicKeyAlgorithm: enums.publicKey | null; public signatureData: null | Uint8Array; - public unhashedSubpackets: null | Uint8Array; + public unhashedSubpackets: RawSubpacket[]; + public unknownSubpackets: RawSubpacket[]; public signedHashValue: null | Uint8Array; public created: Date | null; public signatureExpirationTime: null | number; @@ -530,6 +543,12 @@ export class SignaturePacket extends BasePacket { public getExpirationTime(): Date | typeof Infinity; } +export interface RawSubpacket { + type: number; + critical: boolean; + body: Uint8Array; +} + export interface RawNotation { name: string; value: Uint8Array; @@ -560,16 +579,7 @@ export class PacketList extends Array { public findPacket(tag: enums.packet): T | undefined; } -/* ############## v5 STREAM #################### */ - -type Data = Uint8Array | string; -export interface WebStream extends GenericWebStream {} -export interface NodeStream extends GenericNodeStream {} -export type Stream = WebStream | NodeStream; -export type MaybeStream = T | Stream; - -/* ############## v5 GENERAL #################### */ -type MaybeArray = T | Array; +/* ############## GENERAL #################### */ export interface UserID { name?: string; email?: string; comment?: string; } export interface SessionKey { @@ -578,9 +588,14 @@ export interface SessionKey { aeadAlgorithm?: enums.aeadNames; } +export interface DecryptedSessionKey { + data: Uint8Array; + algorithm: enums.symmetricNames | null; // `null` if the session key is associated with a SEIPDv2 packet +} + export interface ReasonForRevocation { flag?: enums.reasonForRevocation, string?: string } -interface EncryptOptions { +export interface EncryptOptions { /** message to be encrypted as created by createMessage */ message: Message>; /** (optional) array of keys or single key, used to encrypt the message */ @@ -612,7 +627,7 @@ interface EncryptOptions { config?: PartialConfig; } -interface DecryptOptions { +export interface DecryptOptions { /** the message object with the encrypted data */ message: Message>; /** (optional) private keys with decrypted secret key data or session key */ @@ -634,7 +649,7 @@ interface DecryptOptions { config?: PartialConfig; } -interface SignOptions { +export interface SignOptions { message: CleartextMessage | Message>; signingKeys: MaybeArray; format?: 'armored' | 'binary' | 'object'; @@ -646,7 +661,7 @@ interface SignOptions { config?: PartialConfig; } -interface VerifyOptions { +export interface VerifyOptions { /** (cleartext) message object with signatures */ message: CleartextMessage | Message>; /** array of publicKeys or single key, to verify signatures */ @@ -662,7 +677,7 @@ interface VerifyOptions { config?: PartialConfig; } -interface EncryptSessionKeyOptions extends SessionKey { +export interface EncryptSessionKeyOptions extends SessionKey { encryptionKeys?: MaybeArray, passwords?: MaybeArray, format?: 'armored' | 'binary' | 'object', @@ -673,7 +688,7 @@ interface EncryptSessionKeyOptions extends SessionKey { config?: PartialConfig } -interface SerializedKeyPair { +interface SerializedKeyPair { privateKey: T; publicKey: T; } @@ -682,7 +697,7 @@ interface KeyPair { publicKey: PublicKey; } -export type EllipticCurveName = 'ed25519' | 'curve25519' | 'p256' | 'p384' | 'p521' | 'secp256k1' | 'brainpoolP256r1' | 'brainpoolP384r1' | 'brainpoolP512r1'; +export type EllipticCurveName = 'ed25519Legacy' | 'curve25519Legacy' | 'nistP256' | 'nistP384' | 'nistP521' | 'secp256k1' | 'brainpoolP256r1' | 'brainpoolP384r1' | 'brainpoolP512r1'; interface GenerateKeyOptions { userIDs: MaybeArray; @@ -698,7 +713,7 @@ interface GenerateKeyOptions { } export type KeyOptions = GenerateKeyOptions; -interface SubkeyOptions { +export interface SubkeyOptions { type?: 'ecc' | 'rsa'; curve?: EllipticCurveName; rsaBits?: number; @@ -708,20 +723,20 @@ interface SubkeyOptions { config?: PartialConfig; } -declare class KeyID { +export declare class KeyID { bytes: string; equals(keyID: KeyID, matchWildcard?: boolean): boolean; toHex(): string; static fromID(hex: string): KeyID; } -interface DecryptMessageResult { +export interface DecryptMessageResult { data: MaybeStream; signatures: VerificationResult[]; filename: string; } -interface VerifyMessageResult = MaybeStream> { +export interface VerifyMessageResult = MaybeStream> { data: T; signatures: VerificationResult[]; } @@ -730,7 +745,7 @@ interface VerifyMessageResult = MaybeStream> { /** * Armor an OpenPGP binary packet block */ -export function armor(messagetype: enums.armor, body: object, partindex?: number, parttotal?: number, customComment?: string, config?: Config): string; +export function armor(messagetype: enums.armor, body: object, partindex?: number, parttotal?: number, customComment?: string, emitChecksum?: boolean, config?: Config): string; /** * DeArmor an OpenPGP armored message; verify the checksum and return the encoded bytes @@ -740,44 +755,44 @@ export function unarmor(input: string, config?: Config): Promise<{ text: string, /* ############## v5 ENUMS #################### */ export namespace enums { - function read(type: typeof armor, e: armor): armorNames; - function read(type: typeof compression, e: compression): compressionNames; - function read(type: typeof hash, e: hash): hashNames; - function read(type: typeof packet, e: packet): packetNames; - function read(type: typeof publicKey, e: publicKey): publicKeyNames; - function read(type: typeof symmetric, e: symmetric): symmetricNames; - function read(type: typeof keyStatus, e: keyStatus): keyStatusNames; - function read(type: typeof keyFlags, e: keyFlags): keyFlagsNames; + export function read(type: typeof armor, e: armor): armorNames; + export function read(type: typeof compression, e: compression): compressionNames; + export function read(type: typeof hash, e: hash): hashNames; + export function read(type: typeof packet, e: packet): packetNames; + export function read(type: typeof publicKey, e: publicKey): publicKeyNames; + export function read(type: typeof symmetric, e: symmetric): symmetricNames; + export function read(type: typeof keyStatus, e: keyStatus): keyStatusNames; + export function read(type: typeof keyFlags, e: keyFlags): keyFlagsNames; export type armorNames = 'multipartSection' | 'multipartLast' | 'signed' | 'message' | 'publicKey' | 'privateKey'; - enum armor { + export enum armor { multipartSection = 0, multipartLast = 1, signed = 2, message = 3, publicKey = 4, privateKey = 5, - signature = 6, + signature = 6 } - enum reasonForRevocation { + export enum reasonForRevocation { noReason = 0, // No reason specified (key revocations or cert revocations) keySuperseded = 1, // Key is superseded (key revocations) keyCompromised = 2, // Key material has been compromised (key revocations) keyRetired = 3, // Key is retired and no longer used (key revocations) - userIDInvalid = 32, // User ID information is no longer valid (cert revocations) + userIDInvalid = 32 // User ID information is no longer valid (cert revocations) } export type compressionNames = 'uncompressed' | 'zip' | 'zlib' | 'bzip2'; - enum compression { + export enum compression { uncompressed = 0, zip = 1, zlib = 2, - bzip2 = 3, + bzip2 = 3 } - export type hashNames = 'md5' | 'sha1' | 'ripemd' | 'sha256' | 'sha384' | 'sha512' | 'sha224'; - enum hash { + export type hashNames = 'md5' | 'sha1' | 'ripemd' | 'sha256' | 'sha384' | 'sha512' | 'sha224' | 'sha3_256' | 'sha3_512'; + export enum hash { md5 = 1, sha1 = 2, ripemd = 3, @@ -785,12 +800,14 @@ export namespace enums { sha384 = 9, sha512 = 10, sha224 = 11, + sha3_256 = 12, + sha3_512 = 14 } - export type packetNames = 'publicKeyEncryptedSessionKey' | 'signature' | 'symEncryptedSessionKey' | 'onePassSignature' | 'secretKey' | 'publicKey' - | 'secretSubkey' | 'compressed' | 'symmetricallyEncrypted' | 'marker' | 'literal' | 'trust' | 'userID' | 'publicSubkey' | 'userAttribute' - | 'symEncryptedIntegrityProtected' | 'modificationDetectionCode' | 'AEADEncryptedDataPacket'; - enum packet { + export type packetNames = 'publicKeyEncryptedSessionKey' | 'signature' | 'symEncryptedSessionKey' | 'onePassSignature' | 'secretKey' | 'publicKey' | + 'secretSubkey' | 'compressed' | 'symmetricallyEncrypted' | 'marker' | 'literal' | 'trust' | 'userID' | 'publicSubkey' | 'userAttribute' | + 'symEncryptedIntegrityProtected' | 'modificationDetectionCode' | 'AEADEncryptedDataPacket'; + export enum packet { publicKeyEncryptedSessionKey = 1, signature = 2, symEncryptedSessionKey = 3, @@ -808,11 +825,11 @@ export namespace enums { userAttribute = 17, symEncryptedIntegrityProtectedData = 18, modificationDetectionCode = 19, - aeadEncryptedData = 20, + aeadEncryptedData = 20 } - export type publicKeyNames = 'rsaEncryptSign' | 'rsaEncrypt' | 'rsaSign' | 'elgamal' | 'dsa' | 'ecdh' | 'ecdsa' | 'eddsa' | 'aedh' | 'aedsa'; - enum publicKey { + export type publicKeyNames = 'rsaEncryptSign' | 'rsaEncrypt' | 'rsaSign' | 'elgamal' | 'dsa' | 'ecdh' | 'ecdsa' | 'eddsaLegacy' | 'aedh' | 'aedsa' | 'ed25519' | 'x25519' | 'ed448' | 'x448'; + export enum publicKey { rsaEncryptSign = 1, rsaEncrypt = 2, rsaSign = 3, @@ -820,32 +837,39 @@ export namespace enums { dsa = 17, ecdh = 18, ecdsa = 19, - /** @deprecated use `eddsaLegacy` instead */ - eddsa = 22, eddsaLegacy = 22, aedh = 23, aedsa = 24, + x25519 = 25, + x448 = 26, + ed25519 = 27, + ed448 = 28 } - enum curve { - p256 = 'p256', - p384 = 'p384', - p521 = 'p521', + export enum curve { + /** @deprecated use `nistP256` instead */ + p256 = 'nistP256', + nistP256 = 'nistP256', + /** @deprecated use `nistP384` instead */ + p384 = 'nistP384', + nistP384 = 'nistP384', + /** @deprecated use `nistP521` instead */ + p521 = 'nistP521', + nistP521 = 'nistP521', /** @deprecated use `ed25519Legacy` instead */ - ed25519 = 'ed25519', - ed25519Legacy = 'ed25519', + ed25519 = 'ed25519Legacy', + ed25519Legacy = 'ed25519Legacy', /** @deprecated use `curve25519Legacy` instead */ - curve25519 = 'curve25519', - curve25519Legacy = 'curve25519', + curve25519 = 'curve25519Legacy', + curve25519Legacy = 'curve25519Legacy', secp256k1 = 'secp256k1', brainpoolP256r1 = 'brainpoolP256r1', brainpoolP384r1 = 'brainpoolP384r1', brainpoolP512r1 = 'brainpoolP512r1' } - export type symmetricNames = 'plaintext' | 'idea' | 'tripledes' | 'cast5' | 'blowfish' | 'aes128' | 'aes192' | 'aes256' | 'twofish'; - enum symmetric { - plaintext = 0, + export type symmetricNames = 'idea' | 'tripledes' | 'cast5' | 'blowfish' | 'aes128' | 'aes192' | 'aes256' | 'twofish'; + export enum symmetric { idea = 1, tripledes = 2, cast5 = 3, @@ -853,31 +877,30 @@ export namespace enums { aes128 = 7, aes192 = 8, aes256 = 9, - twofish = 10, + twofish = 10 } export type keyStatusNames = 'invalid' | 'expired' | 'revoked' | 'valid' | 'noSelfCert'; - enum keyStatus { + export enum keyStatus { invalid = 0, expired = 1, revoked = 2, valid = 3, - noSelfCert = 4, + noSelfCert = 4 } - export type keyFlagsNames = 'certifyKeys' | 'signData' | 'encryptCommunication' | 'encryptStorage' | 'splitPrivateKey' | 'authentication' - | 'sharedPrivateKey'; - enum keyFlags { + export type keyFlagsNames = 'certifyKeys' | 'signData' | 'encryptCommunication' | 'encryptStorage' | 'splitPrivateKey' | 'authentication' | 'sharedPrivateKey'; + export enum keyFlags { certifyKeys = 1, signData = 2, encryptCommunication = 4, encryptStorage = 8, splitPrivateKey = 16, authentication = 32, - sharedPrivateKey = 128, + sharedPrivateKey = 128 } - enum signature { + export enum signature { binary = 0, text = 1, standalone = 2, @@ -896,17 +919,25 @@ export namespace enums { } export type aeadNames = 'eax' | 'ocb' | 'gcm'; - enum aead { + export enum aead { eax = 1, ocb = 2, experimentalGCM = 100 // Private algorithm } - export type literalFormatNames = 'utf8' | 'binary' | 'text' | 'mime' - enum literal { + export type literalFormatNames = 'utf8' | 'binary' | 'text' | 'mime'; + export enum literal { binary = 98, text = 116, utf8 = 117, mime = 109 } + + export enum s2k { + simple = 0, + salted = 1, + iterated = 3, + argon2 = 4, + gnu = 101 + } } diff --git a/app/node_modules/openpgp/package.json b/app/node_modules/openpgp/package.json index d66004dca..d2a21b578 100644 --- a/app/node_modules/openpgp/package.json +++ b/app/node_modules/openpgp/package.json @@ -1,11 +1,11 @@ { "name": "openpgp", "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.", - "version": "5.11.2", + "version": "6.0.0", "license": "LGPL-3.0+", "homepage": "https://openpgpjs.org/", "engines": { - "node": ">= 8.0.0" + "node": ">= 18.0.0" }, "keywords": [ "crypto", @@ -13,13 +13,26 @@ "gpg", "openpgp" ], - "main": "dist/node/openpgp.min.js", + "main": "dist/node/openpgp.min.cjs", "module": "dist/node/openpgp.min.mjs", "browser": { - "./dist/node/openpgp.min.js": "./dist/openpgp.min.js", + "./dist/node/openpgp.min.cjs": "./dist/openpgp.min.js", "./dist/node/openpgp.min.mjs": "./dist/openpgp.min.mjs" }, + "exports": { + ".": { + "types": "./openpgp.d.ts", + "import": "./dist/node/openpgp.mjs", + "require": "./dist/node/openpgp.min.cjs", + "browser": "./dist/openpgp.min.mjs" + }, + "./lightweight": { + "types": "./openpgp.d.ts", + "browser": "./dist/lightweight/openpgp.min.mjs" + } + }, "types": "openpgp.d.ts", + "type": "module", "directories": { "lib": "src" }, @@ -28,74 +41,76 @@ "lightweight/", "openpgp.d.ts" ], - "esm": { - "cjs": { - "dedefault": true - } - }, "scripts": { "build": "rollup --config", "build-test": "npm run build --build-only=test", "prepare": "npm run build", - "test": "mocha --require esm --timeout 120000 test/unittests.js", - "test-type-definitions": "tsc test/typescript/definitions.ts && node test/typescript/definitions.js", + "test": "mocha --timeout 120000 test/unittests.js", + "test-type-definitions": "tsx test/typescript/definitions.ts", "benchmark-time": "node test/benchmarks/time.js", - "benchmark-memory-usage": "node --require esm test/benchmarks/memory_usage.js", - "start": "http-server", + "benchmark-memory-usage": "node test/benchmarks/memory_usage.js", "prebrowsertest": "npm run build-test", - "browsertest": "npm start -- -o test/unittests.html", - "test-browser": "karma start test/karma.conf.js", - "test-browserstack": "karma start test/karma.conf.js --browsers bs_safari_latest,bs_ios_14,bs_safari_13_1", - "coverage": "nyc npm test", + "browsertest": "web-test-runner --config test/web-test-runner.config.js --group local --manual --open", + "test-browser": "web-test-runner --config test/web-test-runner.config.js --group local --playwright --browsers chromium firefox webkit", + "test-browser:ci": "web-test-runner --config test/web-test-runner.config.js --group headless:ci", + "test-browserstack": "web-test-runner --config test/web-test-runner.browserstack.config.js", + "coverage": "c8 npm test", "lint": "eslint .", - "docs": "jsdoc --configure .jsdocrc.js --destination docs --recurse README.md src && printf '%s' 'docs.openpgpjs.org' > docs/CNAME", + "docs": "jsdoc --configure .jsdocrc.cjs --destination docs --recurse README.md src && printf '%s' 'docs.openpgpjs.org' > docs/CNAME", "preversion": "rm -rf dist docs node_modules && npm ci && npm test", "version": "npm run docs && git add -A docs", "postversion": "git push && git push --tags && npm publish" }, "devDependencies": { - "@openpgp/asmcrypto.js": "^2.3.2", - "@openpgp/elliptic": "^6.5.1", - "@openpgp/jsdoc": "^3.6.4", - "@openpgp/pako": "^1.0.12", + "@noble/ciphers": "^1.0.0", + "@noble/curves": "^1.6.0", + "@noble/hashes": "^1.5.0", + "@openpgp/jsdoc": "^3.6.11", "@openpgp/seek-bzip": "^1.0.5-git", - "@openpgp/tweetnacl": "^1.0.3", - "@openpgp/web-stream-tools": "0.0.11-patch-1", - "@rollup/plugin-commonjs": "^11.1.0", - "@rollup/plugin-node-resolve": "^7.1.3", - "@rollup/plugin-replace": "^2.3.2", - "@types/chai": "^4.2.14", + "@openpgp/tweetnacl": "^1.0.4-1", + "@openpgp/web-stream-tools": "~0.1.3", + "@rollup/plugin-alias": "^5.1.1", + "@rollup/plugin-commonjs": "^25.0.8", + "@rollup/plugin-node-resolve": "^15.3.0", + "@rollup/plugin-replace": "^5.0.7", + "@rollup/plugin-terser": "^0.4.4", + "@rollup/plugin-typescript": "^11.1.6", + "@rollup/plugin-wasm": "^6.2.2", + "@types/chai": "^4.3.19", + "@types/sinon": "^17.0.3", + "@typescript-eslint/parser": "^7.18.0", + "@web/test-runner": "^0.19.0", + "@web/test-runner-browserstack": "^0.7.2", + "@web/test-runner-mocha": "^0.9.0", + "@web/test-runner-playwright": "^0.11.0", + "argon2id": "^1.0.1", "benchmark": "^2.1.4", - "bn.js": "^4.11.8", - "chai": "^4.3.6", - "chai-as-promised": "^7.1.1", - "email-addresses": "3.1.0", - "eslint": "^8.34.0", + "bn.js": "^5.2.1", + "c8": "^8.0.1", + "chai": "^4.4.1", + "chai-as-promised": "^7.1.2", + "eckey-utils": "^0.7.14", + "eslint": "^8.57.1", "eslint-config-airbnb": "^19.0.4", "eslint-config-airbnb-base": "^15.0.0", - "eslint-plugin-chai-friendly": "^0.7.2", - "eslint-plugin-import": "^2.27.5", - "esm": "^3.2.25", - "hash.js": "^1.1.3", - "http-server": "^14.1.1", - "karma": "^6.4.0", - "karma-browserstack-launcher": "^1.6.0", - "karma-chrome-launcher": "^3.1.1", - "karma-firefox-launcher": "^2.1.2", - "karma-mocha": "^2.0.1", - "karma-mocha-reporter": "^2.2.5", - "karma-webkit-launcher": "^2.1.0", - "mocha": "^8.4.0", - "nyc": "^14.1.1", - "playwright": "^1.30.0", - "rollup": "^2.38.5", - "rollup-plugin-terser": "^7.0.2", - "sinon": "^4.3.0", - "typescript": "^4.1.2", - "web-streams-polyfill": "^3.2.0" + "eslint-config-airbnb-typescript": "^18.0.0", + "eslint-import-resolver-typescript": "^3.6.3", + "eslint-plugin-chai-friendly": "^0.7.4", + "eslint-plugin-import": "^2.31.0", + "eslint-plugin-unicorn": "^48.0.1", + "fflate": "^0.7.4", + "mocha": "^10.7.3", + "playwright": "^1.48.2", + "rollup": "^4.24.2", + "sinon": "^18.0.1", + "ts-node": "^10.9.2", + "tslib": "^2.8.0", + "tsx": "^4.19.2", + "typescript": "^5.6.3", + "web-streams-polyfill": "^4.0.0" }, - "dependencies": { - "asn1.js": "^5.0.0" + "overrides": { + "@web/dev-server-core": "npm:@openpgp/wtr-dev-server-core@0.7.3-patch.1" }, "repository": { "type": "git", diff --git a/app/node_modules/safer-buffer/LICENSE b/app/node_modules/safer-buffer/LICENSE deleted file mode 100644 index 4fe9e6f10..000000000 --- a/app/node_modules/safer-buffer/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2018 Nikita Skovoroda - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/app/node_modules/safer-buffer/Porting-Buffer.md b/app/node_modules/safer-buffer/Porting-Buffer.md deleted file mode 100644 index 68d86bab0..000000000 --- a/app/node_modules/safer-buffer/Porting-Buffer.md +++ /dev/null @@ -1,268 +0,0 @@ -# Porting to the Buffer.from/Buffer.alloc API - - -## Overview - -- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*) -- [Variant 2: Use a polyfill](#variant-2) -- [Variant 3: manual detection, with safeguards](#variant-3) - -### Finding problematic bits of code using grep - -Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`. - -It will find all the potentially unsafe places in your own code (with some considerably unlikely -exceptions). - -### Finding problematic bits of code using Node.js 8 - -If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code: - -- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js. -- `--trace-deprecation` does the same thing, but only for deprecation warnings. -- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8. - -You can set these flags using an environment variable: - -```console -$ export NODE_OPTIONS='--trace-warnings --pending-deprecation' -$ cat example.js -'use strict'; -const foo = new Buffer('foo'); -$ node example.js -(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead. - at showFlaggedDeprecation (buffer.js:127:13) - at new Buffer (buffer.js:148:3) - at Object. (/path/to/example.js:2:13) - [... more stack trace lines ...] -``` - -### Finding problematic bits of code using linters - -Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor) -or -[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md) -also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets. - -There is a drawback, though, that it doesn't always -[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is -overriden e.g. with a polyfill, so recommended is a combination of this and some other method -described above. - - -## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x. - -This is the recommended solution nowadays that would imply only minimal overhead. - -The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible. - -What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way: - -- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`. -- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`). -- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`. - -Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than -`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling. - -Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor) -or -[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md) -is recommended to avoid accidential unsafe Buffer API usage. - -There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005) -for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`. -Note that it currently only works with cases where the arguments are literals or where the -constructor is invoked with two arguments. - -_If you currently support those older Node.js versions and dropping them would be a semver-major change -for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2) -or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive -the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and -your users will not observe a runtime deprecation warning when running your code on Node.js 10._ - - -## Variant 2: Use a polyfill - -Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older -Node.js versions. - -You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill -`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api. - -Make sure that you do not use old `new Buffer` API — in any files where the line above is added, -using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though. - -Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or -[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) — -those are great, the only downsides being 4 deps in the tree and slightly more code changes to -migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only -`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies. - -_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also -provides a polyfill, but takes a different approach which has -[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you -to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as -it is problematic, can cause issues in your code, and will start emitting runtime deprecation -warnings starting with Node.js 10._ - -Note that in either case, it is important that you also remove all calls to the old Buffer -API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides -a polyfill for the new API. I have seen people doing that mistake. - -Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor) -or -[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md) -is recommended. - -_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._ - - -## Variant 3 — manual detection, with safeguards - -This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own -wrapper around them. - -### Buffer(0) - -This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which -returns the same result all the way down to Node.js 0.8.x. - -### Buffer(notNumber) - -Before: - -```js -var buf = new Buffer(notNumber, encoding); -``` - -After: - -```js -var buf; -if (Buffer.from && Buffer.from !== Uint8Array.from) { - buf = Buffer.from(notNumber, encoding); -} else { - if (typeof notNumber === 'number') - throw new Error('The "size" argument must be of type number.'); - buf = new Buffer(notNumber, encoding); -} -``` - -`encoding` is optional. - -Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not -hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the -Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous -security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create -problems ranging from DoS to leaking sensitive information to the attacker from the process memory. - -When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can -be omitted. - -Also note that using TypeScript does not fix this problem for you — when libs written in -`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as -all type checks are translation-time only and are not present in the actual JS code which TS -compiles to. - -### Buffer(number) - -For Node.js 0.10.x (and below) support: - -```js -var buf; -if (Buffer.alloc) { - buf = Buffer.alloc(number); -} else { - buf = new Buffer(number); - buf.fill(0); -} -``` - -Otherwise (Node.js ≥ 0.12.x): - -```js -const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0); -``` - -## Regarding Buffer.allocUnsafe - -Be extra cautious when using `Buffer.allocUnsafe`: - * Don't use it if you don't have a good reason to - * e.g. you probably won't ever see a performance difference for small buffers, in fact, those - might be even faster with `Buffer.alloc()`, - * if your code is not in the hot code path — you also probably won't notice a difference, - * keep in mind that zero-filling minimizes the potential risks. - * If you use it, make sure that you never return the buffer in a partially-filled state, - * if you are writing to it sequentially — always truncate it to the actuall written length - -Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues, -ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs) -leaking to the remote attacker. - -_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js -version (and lacking type checks also adds DoS to the list of potential problems)._ - - -## FAQ - - -### What is wrong with the `Buffer` constructor? - -The `Buffer` constructor could be used to create a buffer in many different ways: - -- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained - *arbitrary memory* for performance reasons, which could include anything ranging from - program source code to passwords and encryption keys. -- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of - the string `'abc'`. A second argument could specify another encoding: For example, - `new Buffer(string, 'base64')` could be used to convert a Base64 string into the original - sequence of bytes that it represents. -- There are several other combinations of arguments. - -This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell -what exactly the contents of the generated buffer are* without knowing the type of `foo`. - -Sometimes, the value of `foo` comes from an external source. For example, this function -could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form: - -``` -function stringToBase64(req, res) { - // The request body should have the format of `{ string: 'foobar' }` - const rawBytes = new Buffer(req.body.string) - const encoded = rawBytes.toString('base64') - res.end({ encoded: encoded }) -} -``` - -Note that this code does *not* validate the type of `req.body.string`: - -- `req.body.string` is expected to be a string. If this is the case, all goes well. -- `req.body.string` is controlled by the client that sends the request. -- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes: - - Before Node.js 8, the content would be uninitialized - - After Node.js 8, the content would be `50` bytes with the value `0` - -Because of the missing type check, an attacker could intentionally send a number -as part of the request. Using this, they can either: - -- Read uninitialized memory. This **will** leak passwords, encryption keys and other - kinds of sensitive information. (Information leak) -- Force the program to allocate a large amount of memory. For example, when specifying - `500000000` as the input value, each request will allocate 500MB of memory. - This can be used to either exhaust the memory available of a program completely - and make it crash, or slow it down significantly. (Denial of Service) - -Both of these scenarios are considered serious security issues in a real-world -web server context. - -when using `Buffer.from(req.body.string)` instead, passing a number will always -throw an exception instead, giving a controlled behaviour that can always be -handled by the program. - - -### The `Buffer()` constructor has been deprecated for a while. Is this really an issue? - -Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still -widely used. This includes new code, and overall usage of such code has actually been -*increasing*. diff --git a/app/node_modules/safer-buffer/Readme.md b/app/node_modules/safer-buffer/Readme.md deleted file mode 100644 index 14b082290..000000000 --- a/app/node_modules/safer-buffer/Readme.md +++ /dev/null @@ -1,156 +0,0 @@ -# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url] - -[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master -[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer -[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg -[npm-url]: https://npmjs.org/package/safer-buffer -[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg -[standard-url]: https://standardjs.com -[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg -[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md - -Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current. - -## How to use? - -First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API. - -Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use -`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new -Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._ - -Also, see the -[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide. - -## Do I need it? - -Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that -is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()` -though. - -See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) -for a better description. - -## Why not [safe-buffer](https://npmjs.com/safe-buffer)? - -_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and -itself contains footguns._ - -`safe-buffer` could be used safely to get the new API while still keeping support for older -Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API -I found out that `safe-buffer` is itself causing problems in some cases. - -For example, consider the following snippet: - -```console -$ cat example.unsafe.js -console.log(Buffer(20)) -$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js - -$ standard example.unsafe.js -standard: Use JavaScript Standard Style (https://standardjs.com) - /home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead. -``` - -This is allocates and writes to console an uninitialized chunk of memory. -[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people -to avoid using unsafe API. - -Let's now throw in `safe-buffer`! - -```console -$ cat example.safe-buffer.js -const Buffer = require('safe-buffer').Buffer -console.log(Buffer(20)) -$ standard example.safe-buffer.js -$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js - -``` - -See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior -remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out -chunks of uninitialized memory. -_And this code will still emit runtime warnings on Node.js 10.x and above._ - -That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or -emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some -discussion, it was decided to move my approach into a separate package, and _this is that separate -package_. - -This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing, -«fixing» the lint warning by blindly including `safe-buffer` without any actual changes. - -Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request -can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go -unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even -pass CI. _I also observed that being done in popular packages._ - -Some examples: - * [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31) - (a module with 548 759 downloads/month), - * [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61) - (218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)), - * [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c) - (113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)), - * [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec) - (3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)), - * [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1) - (5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)). - * And there are a lot more over the ecosystem. - -I filed a PR at -[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to -partially fix that (for cases when that lint rule is used), but it is a semver-major change for -linter rules and presets, so it would take significant time for that to reach actual setups. -_It also hasn't been released yet (2018-03-20)._ - -Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake. -It still supports it with an explicit concern barier, by placing it under -`require('safer-buffer/dangereous')`. - -## But isn't throwing bad? - -Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like -unguarded `new Buffer()` calls that end up receiving user input can do. - -This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so -it is really simple to keep track of things and make sure that you don't mix old API usage with that. -Also, CI should hint anything that you might have missed. - -New commits, if tested, won't land new usage of unsafe Buffer API this way. -_Node.js 10.x also deals with that by printing a runtime depecation warning._ - -### Would it affect third-party modules? - -No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`. -Don't do that. - -### But I don't want throwing… - -That is also fine! - -Also, it could be better in some cases when you don't comprehensive enough test coverage. - -In that case — just don't override `Buffer` and use -`var SaferBuffer = require('safer-buffer').Buffer` instead. - -That way, everything using `Buffer` natively would still work, but there would be two drawbacks: - -* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and - `SaferBuffer.alloc` instead. -* You are still open to accidentally using the insecure deprecated API — use a linter to catch that. - -Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly -recommended. `Buffer` is not overriden in this usecase, so linters won't get confused. - -## «Without footguns»? - -Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property -on older versions and duping things from there. You shouldn't do that in your code, probabably. - -The intention is to remove the most significant footguns that affect lots of packages in the -ecosystem, and to do it in the proper way. - -Also, this package doesn't protect against security issues affecting some Node.js versions, so for -usage in your own production code, it is still recommended to update to a Node.js version -[supported by upstream](https://github.com/nodejs/release#release-schedule). diff --git a/app/node_modules/safer-buffer/dangerous.js b/app/node_modules/safer-buffer/dangerous.js deleted file mode 100644 index ca41fdc54..000000000 --- a/app/node_modules/safer-buffer/dangerous.js +++ /dev/null @@ -1,58 +0,0 @@ -/* eslint-disable node/no-deprecated-api */ - -'use strict' - -var buffer = require('buffer') -var Buffer = buffer.Buffer -var safer = require('./safer.js') -var Safer = safer.Buffer - -var dangerous = {} - -var key - -for (key in safer) { - if (!safer.hasOwnProperty(key)) continue - dangerous[key] = safer[key] -} - -var Dangereous = dangerous.Buffer = {} - -// Copy Safer API -for (key in Safer) { - if (!Safer.hasOwnProperty(key)) continue - Dangereous[key] = Safer[key] -} - -// Copy those missing unsafe methods, if they are present -for (key in Buffer) { - if (!Buffer.hasOwnProperty(key)) continue - if (Dangereous.hasOwnProperty(key)) continue - Dangereous[key] = Buffer[key] -} - -if (!Dangereous.allocUnsafe) { - Dangereous.allocUnsafe = function (size) { - if (typeof size !== 'number') { - throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size) - } - if (size < 0 || size >= 2 * (1 << 30)) { - throw new RangeError('The value "' + size + '" is invalid for option "size"') - } - return Buffer(size) - } -} - -if (!Dangereous.allocUnsafeSlow) { - Dangereous.allocUnsafeSlow = function (size) { - if (typeof size !== 'number') { - throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size) - } - if (size < 0 || size >= 2 * (1 << 30)) { - throw new RangeError('The value "' + size + '" is invalid for option "size"') - } - return buffer.SlowBuffer(size) - } -} - -module.exports = dangerous diff --git a/app/node_modules/safer-buffer/package.json b/app/node_modules/safer-buffer/package.json deleted file mode 100644 index d452b04ae..000000000 --- a/app/node_modules/safer-buffer/package.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "safer-buffer", - "version": "2.1.2", - "description": "Modern Buffer API polyfill without footguns", - "main": "safer.js", - "scripts": { - "browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js", - "test": "standard && tape tests.js" - }, - "author": { - "name": "Nikita Skovoroda", - "email": "chalkerx@gmail.com", - "url": "https://github.com/ChALkeR" - }, - "license": "MIT", - "repository": { - "type": "git", - "url": "git+https://github.com/ChALkeR/safer-buffer.git" - }, - "bugs": { - "url": "https://github.com/ChALkeR/safer-buffer/issues" - }, - "devDependencies": { - "standard": "^11.0.1", - "tape": "^4.9.0" - }, - "files": [ - "Porting-Buffer.md", - "Readme.md", - "tests.js", - "dangerous.js", - "safer.js" - ] -} diff --git a/app/node_modules/safer-buffer/safer.js b/app/node_modules/safer-buffer/safer.js deleted file mode 100644 index 37c7e1aa6..000000000 --- a/app/node_modules/safer-buffer/safer.js +++ /dev/null @@ -1,77 +0,0 @@ -/* eslint-disable node/no-deprecated-api */ - -'use strict' - -var buffer = require('buffer') -var Buffer = buffer.Buffer - -var safer = {} - -var key - -for (key in buffer) { - if (!buffer.hasOwnProperty(key)) continue - if (key === 'SlowBuffer' || key === 'Buffer') continue - safer[key] = buffer[key] -} - -var Safer = safer.Buffer = {} -for (key in Buffer) { - if (!Buffer.hasOwnProperty(key)) continue - if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue - Safer[key] = Buffer[key] -} - -safer.Buffer.prototype = Buffer.prototype - -if (!Safer.from || Safer.from === Uint8Array.from) { - Safer.from = function (value, encodingOrOffset, length) { - if (typeof value === 'number') { - throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value) - } - if (value && typeof value.length === 'undefined') { - throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value) - } - return Buffer(value, encodingOrOffset, length) - } -} - -if (!Safer.alloc) { - Safer.alloc = function (size, fill, encoding) { - if (typeof size !== 'number') { - throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size) - } - if (size < 0 || size >= 2 * (1 << 30)) { - throw new RangeError('The value "' + size + '" is invalid for option "size"') - } - var buf = Buffer(size) - if (!fill || fill.length === 0) { - buf.fill(0) - } else if (typeof encoding === 'string') { - buf.fill(fill, encoding) - } else { - buf.fill(fill) - } - return buf - } -} - -if (!safer.kStringMaxLength) { - try { - safer.kStringMaxLength = process.binding('buffer').kStringMaxLength - } catch (e) { - // we can't determine kStringMaxLength in environments where process.binding - // is unsupported, so let's not set it - } -} - -if (!safer.constants) { - safer.constants = { - MAX_LENGTH: safer.kMaxLength - } - if (safer.kStringMaxLength) { - safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength - } -} - -module.exports = safer diff --git a/app/node_modules/safer-buffer/tests.js b/app/node_modules/safer-buffer/tests.js deleted file mode 100644 index 7ed2777c9..000000000 --- a/app/node_modules/safer-buffer/tests.js +++ /dev/null @@ -1,406 +0,0 @@ -/* eslint-disable node/no-deprecated-api */ - -'use strict' - -var test = require('tape') - -var buffer = require('buffer') - -var index = require('./') -var safer = require('./safer') -var dangerous = require('./dangerous') - -/* Inheritance tests */ - -test('Default is Safer', function (t) { - t.equal(index, safer) - t.notEqual(safer, dangerous) - t.notEqual(index, dangerous) - t.end() -}) - -test('Is not a function', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(typeof impl, 'object') - t.equal(typeof impl.Buffer, 'object') - }); - [buffer].forEach(function (impl) { - t.equal(typeof impl, 'object') - t.equal(typeof impl.Buffer, 'function') - }) - t.end() -}) - -test('Constructor throws', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.throws(function () { impl.Buffer() }) - t.throws(function () { impl.Buffer(0) }) - t.throws(function () { impl.Buffer('a') }) - t.throws(function () { impl.Buffer('a', 'utf-8') }) - t.throws(function () { return new impl.Buffer() }) - t.throws(function () { return new impl.Buffer(0) }) - t.throws(function () { return new impl.Buffer('a') }) - t.throws(function () { return new impl.Buffer('a', 'utf-8') }) - }) - t.end() -}) - -test('Safe methods exist', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(typeof impl.Buffer.alloc, 'function', 'alloc') - t.equal(typeof impl.Buffer.from, 'function', 'from') - }) - t.end() -}) - -test('Unsafe methods exist only in Dangerous', function (t) { - [index, safer].forEach(function (impl) { - t.equal(typeof impl.Buffer.allocUnsafe, 'undefined') - t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined') - }); - [dangerous].forEach(function (impl) { - t.equal(typeof impl.Buffer.allocUnsafe, 'function') - t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function') - }) - t.end() -}) - -test('Generic methods/properties are defined and equal', function (t) { - ['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer[method], buffer.Buffer[method], method) - t.notEqual(typeof impl.Buffer[method], 'undefined', method) - }) - }) - t.end() -}) - -test('Built-in buffer static methods/properties are inherited', function (t) { - Object.keys(buffer).forEach(function (method) { - if (method === 'SlowBuffer' || method === 'Buffer') return; - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl[method], buffer[method], method) - t.notEqual(typeof impl[method], 'undefined', method) - }) - }) - t.end() -}) - -test('Built-in Buffer static methods/properties are inherited', function (t) { - Object.keys(buffer.Buffer).forEach(function (method) { - if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return; - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer[method], buffer.Buffer[method], method) - t.notEqual(typeof impl.Buffer[method], 'undefined', method) - }) - }) - t.end() -}) - -test('.prototype property of Buffer is inherited', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype') - t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype') - }) - t.end() -}) - -test('All Safer methods are present in Dangerous', function (t) { - Object.keys(safer).forEach(function (method) { - if (method === 'Buffer') return; - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl[method], safer[method], method) - if (method !== 'kStringMaxLength') { - t.notEqual(typeof impl[method], 'undefined', method) - } - }) - }) - Object.keys(safer.Buffer).forEach(function (method) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer[method], safer.Buffer[method], method) - t.notEqual(typeof impl.Buffer[method], 'undefined', method) - }) - }) - t.end() -}) - -test('Safe methods from Dangerous methods are present in Safer', function (t) { - Object.keys(dangerous).forEach(function (method) { - if (method === 'Buffer') return; - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl[method], dangerous[method], method) - if (method !== 'kStringMaxLength') { - t.notEqual(typeof impl[method], 'undefined', method) - } - }) - }) - Object.keys(dangerous.Buffer).forEach(function (method) { - if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return; - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer[method], dangerous.Buffer[method], method) - t.notEqual(typeof impl.Buffer[method], 'undefined', method) - }) - }) - t.end() -}) - -/* Behaviour tests */ - -test('Methods return Buffers', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(''))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3]))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3])))) - t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([]))) - }); - ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) { - t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0))) - t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10))) - }) - t.end() -}) - -test('Constructor is buffer.Buffer', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer) - t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer) - t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer) - t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer) - t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer) - t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer) - t.equal(impl.Buffer.from('').constructor, buffer.Buffer) - t.equal(impl.Buffer.from('string').constructor, buffer.Buffer) - t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer) - t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer) - t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer) - t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer) - t.equal(impl.Buffer.from([]).constructor, buffer.Buffer) - }); - [0, 10, 100].forEach(function (arg) { - t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer) - t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor) - }) - t.end() -}) - -test('Invalid calls throw', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.throws(function () { impl.Buffer.from(0) }) - t.throws(function () { impl.Buffer.from(10) }) - t.throws(function () { impl.Buffer.from(10, 'utf-8') }) - t.throws(function () { impl.Buffer.from('string', 'invalid encoding') }) - t.throws(function () { impl.Buffer.from(-10) }) - t.throws(function () { impl.Buffer.from(1e90) }) - t.throws(function () { impl.Buffer.from(Infinity) }) - t.throws(function () { impl.Buffer.from(-Infinity) }) - t.throws(function () { impl.Buffer.from(NaN) }) - t.throws(function () { impl.Buffer.from(null) }) - t.throws(function () { impl.Buffer.from(undefined) }) - t.throws(function () { impl.Buffer.from() }) - t.throws(function () { impl.Buffer.from({}) }) - t.throws(function () { impl.Buffer.alloc('') }) - t.throws(function () { impl.Buffer.alloc('string') }) - t.throws(function () { impl.Buffer.alloc('string', 'utf-8') }) - t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') }) - t.throws(function () { impl.Buffer.alloc(-10) }) - t.throws(function () { impl.Buffer.alloc(1e90) }) - t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) }) - t.throws(function () { impl.Buffer.alloc(Infinity) }) - t.throws(function () { impl.Buffer.alloc(-Infinity) }) - t.throws(function () { impl.Buffer.alloc(null) }) - t.throws(function () { impl.Buffer.alloc(undefined) }) - t.throws(function () { impl.Buffer.alloc() }) - t.throws(function () { impl.Buffer.alloc([]) }) - t.throws(function () { impl.Buffer.alloc([0, 42, 3]) }) - t.throws(function () { impl.Buffer.alloc({}) }) - }); - ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) { - t.throws(function () { dangerous.Buffer[method]('') }) - t.throws(function () { dangerous.Buffer[method]('string') }) - t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') }) - t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) }) - t.throws(function () { dangerous.Buffer[method](Infinity) }) - if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) { - t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0') - } else { - t.throws(function () { dangerous.Buffer[method](-10) }) - t.throws(function () { dangerous.Buffer[method](-1e90) }) - t.throws(function () { dangerous.Buffer[method](-Infinity) }) - } - t.throws(function () { dangerous.Buffer[method](null) }) - t.throws(function () { dangerous.Buffer[method](undefined) }) - t.throws(function () { dangerous.Buffer[method]() }) - t.throws(function () { dangerous.Buffer[method]([]) }) - t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) }) - t.throws(function () { dangerous.Buffer[method]({}) }) - }) - t.end() -}) - -test('Buffers have appropriate lengths', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.equal(impl.Buffer.alloc(0).length, 0) - t.equal(impl.Buffer.alloc(10).length, 10) - t.equal(impl.Buffer.from('').length, 0) - t.equal(impl.Buffer.from('string').length, 6) - t.equal(impl.Buffer.from('string', 'utf-8').length, 6) - t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11) - t.equal(impl.Buffer.from([0, 42, 3]).length, 3) - t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3) - t.equal(impl.Buffer.from([]).length, 0) - }); - ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) { - t.equal(dangerous.Buffer[method](0).length, 0) - t.equal(dangerous.Buffer[method](10).length, 10) - }) - t.end() -}) - -test('Buffers have appropriate lengths (2)', function (t) { - t.equal(index.Buffer.alloc, safer.Buffer.alloc) - t.equal(index.Buffer.alloc, dangerous.Buffer.alloc) - var ok = true; - [ safer.Buffer.alloc, - dangerous.Buffer.allocUnsafe, - dangerous.Buffer.allocUnsafeSlow - ].forEach(function (method) { - for (var i = 0; i < 1e2; i++) { - var length = Math.round(Math.random() * 1e5) - var buf = method(length) - if (!buffer.Buffer.isBuffer(buf)) ok = false - if (buf.length !== length) ok = false - } - }) - t.ok(ok) - t.end() -}) - -test('.alloc(size) is zero-filled and has correct length', function (t) { - t.equal(index.Buffer.alloc, safer.Buffer.alloc) - t.equal(index.Buffer.alloc, dangerous.Buffer.alloc) - var ok = true - for (var i = 0; i < 1e2; i++) { - var length = Math.round(Math.random() * 2e6) - var buf = index.Buffer.alloc(length) - if (!buffer.Buffer.isBuffer(buf)) ok = false - if (buf.length !== length) ok = false - var j - for (j = 0; j < length; j++) { - if (buf[j] !== 0) ok = false - } - buf.fill(1) - for (j = 0; j < length; j++) { - if (buf[j] !== 1) ok = false - } - } - t.ok(ok) - t.end() -}) - -test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) { - ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) { - var ok = true - for (var i = 0; i < 1e2; i++) { - var length = Math.round(Math.random() * 2e6) - var buf = dangerous.Buffer[method](length) - if (!buffer.Buffer.isBuffer(buf)) ok = false - if (buf.length !== length) ok = false - buf.fill(0, 0, length) - var j - for (j = 0; j < length; j++) { - if (buf[j] !== 0) ok = false - } - buf.fill(1, 0, length) - for (j = 0; j < length; j++) { - if (buf[j] !== 1) ok = false - } - } - t.ok(ok, method) - }) - t.end() -}) - -test('.alloc(size, fill) is `fill`-filled', function (t) { - t.equal(index.Buffer.alloc, safer.Buffer.alloc) - t.equal(index.Buffer.alloc, dangerous.Buffer.alloc) - var ok = true - for (var i = 0; i < 1e2; i++) { - var length = Math.round(Math.random() * 2e6) - var fill = Math.round(Math.random() * 255) - var buf = index.Buffer.alloc(length, fill) - if (!buffer.Buffer.isBuffer(buf)) ok = false - if (buf.length !== length) ok = false - for (var j = 0; j < length; j++) { - if (buf[j] !== fill) ok = false - } - } - t.ok(ok) - t.end() -}) - -test('.alloc(size, fill) is `fill`-filled', function (t) { - t.equal(index.Buffer.alloc, safer.Buffer.alloc) - t.equal(index.Buffer.alloc, dangerous.Buffer.alloc) - var ok = true - for (var i = 0; i < 1e2; i++) { - var length = Math.round(Math.random() * 2e6) - var fill = Math.round(Math.random() * 255) - var buf = index.Buffer.alloc(length, fill) - if (!buffer.Buffer.isBuffer(buf)) ok = false - if (buf.length !== length) ok = false - for (var j = 0; j < length; j++) { - if (buf[j] !== fill) ok = false - } - } - t.ok(ok) - t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97)) - t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98)) - - var tmp = new buffer.Buffer(2) - tmp.fill('ok') - if (tmp[1] === tmp[0]) { - // Outdated Node.js - t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo')) - } else { - t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko')) - } - t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok')) - - t.end() -}) - -test('safer.Buffer.from returns results same as Buffer constructor', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.deepEqual(impl.Buffer.from(''), new buffer.Buffer('')) - t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string')) - t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8')) - t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64')) - t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3])) - t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3]))) - t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([])) - }) - t.end() -}) - -test('safer.Buffer.from returns consistent results', function (t) { - [index, safer, dangerous].forEach(function (impl) { - t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0)) - t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0)) - t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0)) - t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string')) - t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103])) - t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string'))) - t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree')) - t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree')) - }) - t.end() -}) diff --git a/app/package-lock.json b/app/package-lock.json index a617f1048..8738ed8f2 100644 --- a/app/package-lock.json +++ b/app/package-lock.json @@ -1,67 +1,29 @@ { - "name": "site", + "name": "app", + "version": "1.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "dependencies": { "humbleicons": "^1.9.0", - "openpgp": "^5.11.2" + "openpgp": "^6.0.0" } }, - "node_modules/asn1.js": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", - "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", - "license": "MIT", - "dependencies": { - "bn.js": "^4.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" - } - }, - "node_modules/bn.js": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", - "license": "MIT" - }, "node_modules/humbleicons": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/humbleicons/-/humbleicons-1.10.0.tgz", "integrity": "sha512-+9kIQEa5+aJz+0Aw5gm2hShu59ov9gzT1+x0MZGsDdSlsMeabZ91VBav/zogHA6DywvUDUvXRLn0FOeTnfHyeQ==", "license": "MIT" }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "license": "ISC" - }, - "node_modules/minimalistic-assert": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", - "license": "ISC" - }, "node_modules/openpgp": { - "version": "5.11.2", - "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.11.2.tgz", - "integrity": "sha512-f8dJFVLwdkvPvW3VPFs6q9Vs2+HNhdvwls7a/MIFcQUB+XiQzRe7alfa3RtwfGJU7oUDDMAWPZ0nYsHa23Az+A==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-6.0.0.tgz", + "integrity": "sha512-8YMuhOV6bP8+J4bCHltvRwol1sBJhxAcJXvwEKpcK65lKpQ0VUbymQR/EuGrzxYnatNSyMyrMgip4j/F0vhZvg==", "license": "LGPL-3.0+", - "dependencies": { - "asn1.js": "^5.0.0" - }, "engines": { - "node": ">= 8.0.0" + "node": ">= 18.0.0" } - }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "license": "MIT" } } } diff --git a/app/package.json b/app/package.json index e44067ec6..1c591019a 100644 --- a/app/package.json +++ b/app/package.json @@ -1,6 +1,6 @@ { "dependencies": { "humbleicons": "^1.9.0", - "openpgp": "^5.11.2" + "openpgp": "^6.0.0" } }